| |
| |||||||
Plagegeister aller Art und deren Bekämpfung: BKA-Virus eingefangenWindows 7 Wenn Du nicht sicher bist, ob Du dir Malware oder Trojaner eingefangen hast, erstelle hier ein Thema. Ein Experte wird sich mit weiteren Anweisungen melden und Dir helfen die Malware zu entfernen oder Unerwünschte Software zu deinstallieren bzw. zu löschen. Bitte schildere dein Problem so genau wie möglich. Sollte es ein Trojaner oder Viren Problem sein wird ein Experte Dir bei der Beseitigug der Infektion helfen. |
 |
04.01.2012, 17:55
| #16 | |
| /// Winkelfunktion /// TB-Süch-Tiger™   |  BKA-Virus eingefangenZitat:
Wieso wird der abgesicherte Modus mit Netzwerktreibern nicht aufgelistet? Kann ich so nicht nachvollziehen
__________________ Logfiles bitte immer in CODE-Tags posten  |
|
05.01.2012, 18:52
| #17 |
 | BKA-Virus eingefangen jetzt hat es doch geklappt
__________________Code:
ATTFilter OTL logfile created on: 05.01.2012 18:05:57 - Run 3 OTL by OldTimer - Version 3.2.31.0 Folder = G:\ Windows Vista Home Premium Edition Service Pack 1 (Version = 6.0.6001) - Type = NTWorkstation Internet Explorer (Version = 8.0.6001.19088) Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy 3,00 Gb Total Physical Memory | 2,52 Gb Available Physical Memory | 83,93% Memory free 6,19 Gb Paging File | 5,88 Gb Available in Paging File | 95,01% Paging File free Paging file location(s): ?:\pagefile.sys [binary data] %SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files Drive C: | 111,44 Gb Total Space | 4,08 Gb Free Space | 3,66% Space Free | Partition Type: NTFS Drive D: | 106,40 Gb Total Space | 31,07 Gb Free Space | 29,20% Space Free | Partition Type: NTFS Drive G: | 477,13 Mb Total Space | 413,70 Mb Free Space | 86,70% Space Free | Partition Type: FAT Computer Name: USER-PC | User Name: Max | Logged in as Administrator. Boot Mode: SafeMode with Networking | Scan Mode: Current user | Quick Scan Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days ========== Processes (SafeList) ========== PRC - G:\OTL.exe (OldTimer Tools) PRC - C:\Windows\explorer.exe (Microsoft Corporation) ========== Modules (No Company Name) ========== ========== Win32 Services (SafeList) ========== SRV - (NitroReaderDriverReadSpool2) -- C:\Program Files\NitroPDFReaderDriverService2.exe (Nitro PDF Software) SRV - (AntiVirService) -- C:\Program Files\Avira\AntiVir Desktop\avguard.exe (Avira GmbH) SRV - (AntiVirSchedulerService) -- C:\Program Files\Avira\AntiVir Desktop\sched.exe (Avira GmbH) SRV - (sftvsa) -- C:\Program Files\Microsoft Application Virtualization Client\sftvsa.exe (Microsoft Corporation) SRV - (sftlist) -- C:\Program Files\Microsoft Application Virtualization Client\sftlist.exe (Microsoft Corporation) SRV - (vfsFPService) -- C:\Windows\System32\vfsFPService.exe (Validity Sensors, Inc.) SRV - (ETService) -- C:\Program Files\Acer\Empowering Technology\Service\ETService.exe () SRV - (eDataSecurity Service) -- C:\Program Files\Acer\Empowering Technology\eDataSecurity\x86\eDSService.exe (Egis Incorporated) SRV - (WinDefend) -- C:\Program Files\Windows Defender\MpSvc.dll (Microsoft Corporation) SRV - (CLHNService) -- C:\Program Files\Acer Arcade Deluxe\HomeMedia\Kernel\DMP\CLHNService.exe () SRV - (RS_Service) -- C:\Program Files\Acer\Acer VCM\RS_Service.exe (Acer Incorporated) SRV - (MobilityService) -- C:\Acer\Mobility Center\MobilityService.exe () SRV - (IAANTMON) Intel(R) -- C:\Program Files\Intel\Intel Matrix Storage Manager\IAANTmon.exe (Intel Corporation) SRV - (AgereModemAudio) -- C:\Windows\System32\agrsmsvc.exe (Agere Systems) ========== Driver Services (SafeList) ========== DRV - (sptd) -- C:\Windows\System32\Drivers\sptd.sys (Duplex Secure Ltd.) DRV - (avipbb) -- C:\Windows\System32\drivers\avipbb.sys (Avira GmbH) DRV - (avgntflt) -- C:\Windows\System32\drivers\avgntflt.sys (Avira GmbH) DRV - (Sftvol) -- C:\Windows\System32\drivers\Sftvollh.sys (Microsoft Corporation) DRV - (Sftredir) -- C:\Windows\System32\drivers\Sftredirlh.sys (Microsoft Corporation) DRV - (Sftplay) -- C:\Windows\System32\drivers\Sftplaylh.sys (Microsoft Corporation) DRV - (Sftfs) -- C:\Windows\System32\drivers\Sftfslh.sys (Microsoft Corporation) DRV - (hamachi) -- C:\Windows\System32\drivers\hamachi.sys (LogMeIn, Inc.) DRV - (ssmdrv) -- C:\Windows\System32\drivers\ssmdrv.sys (Avira GmbH) DRV - (avgio) -- C:\Program Files\Avira\AntiVir Desktop\avgio.sys (Avira GmbH) DRV - (wip0204) -- C:\Windows\System32\drivers\wip0204.sys (Wippien Software) DRV - (AlfaFF) -- C:\Windows\system32\Drivers\AlfaFF.sys (Alfa Corporation) DRV - (JMCR) -- C:\Windows\System32\drivers\jmcr.sys (JMicron Technology Corp.) DRV - (L1E) -- C:\Windows\System32\drivers\L1E60x86.sys (Atheros Communications, Inc.) DRV - (vfs101x) -- C:\Windows\System32\drivers\vfs101x.sys (Validity Sensors, Inc.) DRV - (nvlddmkm) -- C:\Windows\System32\drivers\nvlddmkm.sys (NVIDIA Corporation) DRV - ({49DE1C67-83F8-4102-99E0-C16DCC7EEC796}) -- C:\Program Files\Acer Arcade Deluxe\PlayMovie\000.fcl (Cyberlink Corp.) DRV - (NTIPPKernel) -- C:\Program Files\Acer Arcade Deluxe\HomeMedia\Kernel\DMP\NTIPPKernel.sys (Cyberlink Corp.) DRV - (NETw4v32) Intel(R) -- C:\Windows\System32\drivers\NETw4v32.sys (Intel Corporation) DRV - (itecir) -- C:\Windows\System32\drivers\itecir.sys (ITE Tech. Inc. ) DRV - (AgereSoftModem) -- C:\Windows\System32\drivers\AGRSM.sys (Agere Systems) DRV - (int15) -- C:\Windows\System32\drivers\int15.sys () DRV - (DritekPortIO) -- C:\Program Files\Launch Manager\DPortIO.sys (Dritek System Inc.) DRV - (sfvfs02) StarForce Protection VFS Driver (version 2.x) -- C:\Windows\System32\drivers\sfvfs02.sys (Protection Technology) DRV - (sfdrv01) StarForce Protection Environment Driver (version 1.x) -- C:\Windows\System32\drivers\sfdrv01.sys (Protection Technology) DRV - (sfhlp02) StarForce Protection Helper Driver (version 2.x) -- C:\Windows\System32\drivers\sfhlp02.sys (Protection Technology) DRV - (sfsync02) StarForce Protection Synchronization Driver (version 2.x) -- C:\Windows\System32\drivers\sfsync02.sys (Protection Technology) ========== Standard Registry (SafeList) ========== ========== Internet Explorer ========== IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://de.intl.acer.yahoo.com IE - HKLM\..\URLSearchHook: - No CLSID value found IE - HKLM\..\URLSearchHook: {855F3B16-6D32-4fe6-8A56-BBB695989046} - No CLSID value found IE - HKLM\..\URLSearchHook: {872b5b88-9db5-4310-bdd0-ac189557e5f5} - C:\Program Files\DVDVideoSoftTB\prxtbDVDV.dll (Conduit Ltd.) IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Secondary_Page_URL = hxxp://global.acer.com [binary data] IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Secondary Start Pages = hxxp://global.acer.com [binary data] IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://search.conduit.com?SearchSource=10&ctid=CT2269050 IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,StartPageCache = 1 IE - HKCU\..\URLSearchHook: - No CLSID value found IE - HKCU\..\URLSearchHook: {855F3B16-6D32-4fe6-8A56-BBB695989046} - No CLSID value found IE - HKCU\..\URLSearchHook: {872b5b88-9db5-4310-bdd0-ac189557e5f5} - C:\Program Files\DVDVideoSoftTB\prxtbDVDV.dll (Conduit Ltd.) IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 ========== FireFox ========== FF - prefs.js..browser.search.defaultenginename: "ICQ Search" FF - prefs.js..browser.search.defaultthis.engineName: "Search" FF - prefs.js..browser.search.defaulturl: "hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT2269050&SearchSource=3&q={searchTerms}" FF - prefs.js..browser.search.selectedEngine: "Google" FF - prefs.js..browser.startup.homepage: "hxxp://www.google.de/firefox?client=firefox-a&rls=org.mozilla:de:official" FF - prefs.js..extensions.enabledItems: {800b5000-a755-47e1-992b-48a1c1357f07}:2 FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}:6.0.20 FF - prefs.js..extensions.enabledItems: {d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}:1.3.3 FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA}:6.0.21 FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}:6.0.22 FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA}:6.0.23 FF - prefs.js..extensions.enabledItems: {872b5b88-9db5-4310-bdd0-ac189557e5f5}:2.7.2.0 FF - prefs.js..extensions.enabledItems: {ACAA314B-EEBA-48e4-AD47-84E31C44796C}:1.0.1 FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA}:6.0.24 FF - prefs.js..keyword.URL: "hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT2269050&q=" FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF32.dll () FF - HKLM\Software\MozillaPlugins\@adobe.com/ShockwavePlayer: C:\Windows\system32\Adobe\Director\np32dsw.dll (Adobe Systems, Inc.) FF - HKLM\Software\MozillaPlugins\@bittorrent.com/BitTorrentDNA: C:\Program Files\DNA\plugins\npbtdna.dll (BitTorrent, Inc.) FF - HKLM\Software\MozillaPlugins\@canon.com/EPPEX: C:\Program Files\Canon\Easy-PhotoPrint EX\NPEZFFPI.DLL (CANON INC.) FF - HKLM\Software\MozillaPlugins\@divx.com/DivX Browser Plugin,version=1.0.0: C:\Program Files\DivX\DivX Plus Web Player\npdivx32.dll (DivX,Inc.) FF - HKLM\Software\MozillaPlugins\@divx.com/DivX Player Plugin,version=1.0.0: C:\Program Files\DivX\DivX Player\npDivxPlayerPlugin.dll File not found FF - HKLM\Software\MozillaPlugins\@Google.com/GoogleEarthPlugin: C:\Program Files\Google\Google Earth\plugin\npgeplugin.dll (Google) FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files\Java\jre6\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.) FF - HKLM\Software\MozillaPlugins\@microsoft.com/SharePoint,version=14.0: C:\PROGRA~1\MICROS~4\Office14\NPSPWRAP.DLL (Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: C:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files\Google\Update\1.3.21.79\npGoogleUpdate3.dll (Google Inc.) FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files\Google\Update\1.3.21.79\npGoogleUpdate3.dll (Google Inc.) FF - HKLM\Software\MozillaPlugins\@veetle.com/veetleCorePlugin,version=0.9.18: C:\Program Files\Veetle\plugins\npVeetle.dll (Veetle Inc) FF - HKLM\Software\MozillaPlugins\@veetle.com/veetlePlayerPlugin,version=0.9.18: C:\Program Files\Veetle\Player\npvlc.dll (Veetle Inc) FF - HKLM\Software\MozillaPlugins\@veoh.com/VeohPlayer: C:\Program Files\Veoh Networks\Veoh\Plugins\noreg\NPVeohVersion.dll (Veoh Networks Inc) FF - HKLM\Software\MozillaPlugins\@videolan.org/vlc,version=0.9.4: C:\Users\UseR\Downloads\VLC\npvlc.dll File not found FF - HKCU\Software\MozillaPlugins\@movenetworks.com/Quantum Media Player: File not found FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 8.0\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2011.11.11 01:24:13 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 8.0\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2011.05.01 18:34:16 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Thunderbird 8.0\extensions\\Components: C:\Program Files\Mozilla Thunderbird\components [2011.08.25 21:10:36 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Thunderbird 8.0\extensions\\Plugins: C:\Program Files\Mozilla Thunderbird\plugins [2010.06.29 12:27:42 | 000,000,000 | ---D | M] [2010.09.01 16:52:48 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Max.UseR-PC\AppData\Roaming\mozilla\Extensions [2010.09.01 16:52:48 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Max.UseR-PC\AppData\Roaming\mozilla\Extensions\{3550f703-e582-4d05-9a08-453d09bdfdc6} [2012.01.01 09:14:23 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Max.UseR-PC\AppData\Roaming\mozilla\Firefox\Profiles\wu1g1l4l.default\extensions [2010.04.27 20:37:47 | 000,000,000 | ---D | M] (Microsoft .NET Framework Assistant) -- C:\Users\Max.UseR-PC\AppData\Roaming\mozilla\Firefox\Profiles\wu1g1l4l.default\extensions\{20a82645-c095-46ed-80e3-08825760534b} [2011.12.06 14:44:51 | 000,000,000 | ---D | M] (DVDVideoSoftTB Community Toolbar) -- C:\Users\Max.UseR-PC\AppData\Roaming\mozilla\Firefox\Profiles\wu1g1l4l.default\extensions\{872b5b88-9db5-4310-bdd0-ac189557e5f5} [2011.03.29 17:11:16 | 000,000,000 | ---D | M] ("Free YouTube Download (Free Studio) Menu") -- C:\Users\Max.UseR-PC\AppData\Roaming\mozilla\Firefox\Profiles\wu1g1l4l.default\extensions\{ACAA314B-EEBA-48e4-AD47-84E31C44796C} [2011.05.07 10:48:03 | 000,000,000 | ---D | M] (Conduit Engine) -- C:\Users\Max.UseR-PC\AppData\Roaming\mozilla\Firefox\Profiles\wu1g1l4l.default\extensions\engine@conduit.com [2009.02.11 20:18:08 | 000,000,000 | ---D | M] (Move Media Player) -- C:\Users\Max.UseR-PC\AppData\Roaming\mozilla\Firefox\Profiles\wu1g1l4l.default\extensions\moveplayer@movenetworks.com [2011.03.30 12:34:16 | 000,000,873 | ---- | M] () -- C:\Users\Max.UseR-PC\AppData\Roaming\Mozilla\Firefox\Profiles\wu1g1l4l.default\searchplugins\conduit.xml [2011.12.27 12:32:40 | 000,000,950 | ---- | M] () -- C:\Users\Max.UseR-PC\AppData\Roaming\Mozilla\Firefox\Profiles\wu1g1l4l.default\searchplugins\icqplugin-1.xml [2010.10.24 17:54:49 | 000,000,950 | ---- | M] () -- C:\Users\Max.UseR-PC\AppData\Roaming\Mozilla\Firefox\Profiles\wu1g1l4l.default\searchplugins\icqplugin-10.xml [2010.11.06 11:46:48 | 000,000,950 | ---- | M] () -- C:\Users\Max.UseR-PC\AppData\Roaming\Mozilla\Firefox\Profiles\wu1g1l4l.default\searchplugins\icqplugin-11.xml [2010.12.13 17:27:17 | 000,000,950 | ---- | M] () -- C:\Users\Max.UseR-PC\AppData\Roaming\Mozilla\Firefox\Profiles\wu1g1l4l.default\searchplugins\icqplugin-12.xml [2011.03.03 15:45:30 | 000,000,950 | ---- | M] () -- C:\Users\Max.UseR-PC\AppData\Roaming\Mozilla\Firefox\Profiles\wu1g1l4l.default\searchplugins\icqplugin-13.xml [2011.03.06 17:22:15 | 000,000,950 | ---- | M] () -- C:\Users\Max.UseR-PC\AppData\Roaming\Mozilla\Firefox\Profiles\wu1g1l4l.default\searchplugins\icqplugin-14.xml [2011.03.06 22:36:59 | 000,000,950 | ---- | M] () -- C:\Users\Max.UseR-PC\AppData\Roaming\Mozilla\Firefox\Profiles\wu1g1l4l.default\searchplugins\icqplugin-15.xml [2011.03.26 14:36:37 | 000,000,950 | ---- | M] () -- C:\Users\Max.UseR-PC\AppData\Roaming\Mozilla\Firefox\Profiles\wu1g1l4l.default\searchplugins\icqplugin-16.xml [2011.03.30 12:39:55 | 000,000,950 | ---- | M] () -- C:\Users\Max.UseR-PC\AppData\Roaming\Mozilla\Firefox\Profiles\wu1g1l4l.default\searchplugins\icqplugin-17.xml [2010.03.24 14:52:04 | 000,000,950 | ---- | M] () -- C:\Users\Max.UseR-PC\AppData\Roaming\Mozilla\Firefox\Profiles\wu1g1l4l.default\searchplugins\icqplugin-2.xml [2010.04.02 19:31:32 | 000,000,950 | ---- | M] () -- C:\Users\Max.UseR-PC\AppData\Roaming\Mozilla\Firefox\Profiles\wu1g1l4l.default\searchplugins\icqplugin-3.xml [2010.06.23 20:04:31 | 000,000,950 | ---- | M] () -- C:\Users\Max.UseR-PC\AppData\Roaming\Mozilla\Firefox\Profiles\wu1g1l4l.default\searchplugins\icqplugin-4.xml [2010.06.28 12:55:30 | 000,000,950 | ---- | M] () -- C:\Users\Max.UseR-PC\AppData\Roaming\Mozilla\Firefox\Profiles\wu1g1l4l.default\searchplugins\icqplugin-5.xml [2010.07.22 21:21:00 | 000,000,950 | ---- | M] () -- C:\Users\Max.UseR-PC\AppData\Roaming\Mozilla\Firefox\Profiles\wu1g1l4l.default\searchplugins\icqplugin-6.xml [2010.07.24 12:56:08 | 000,000,950 | ---- | M] () -- C:\Users\Max.UseR-PC\AppData\Roaming\Mozilla\Firefox\Profiles\wu1g1l4l.default\searchplugins\icqplugin-7.xml [2010.08.21 23:59:20 | 000,000,950 | ---- | M] () -- C:\Users\Max.UseR-PC\AppData\Roaming\Mozilla\Firefox\Profiles\wu1g1l4l.default\searchplugins\icqplugin-8.xml [2010.10.18 21:44:02 | 000,000,950 | ---- | M] () -- C:\Users\Max.UseR-PC\AppData\Roaming\Mozilla\Firefox\Profiles\wu1g1l4l.default\searchplugins\icqplugin-9.xml [2010.03.08 14:52:57 | 000,000,955 | ---- | M] () -- C:\Users\Max.UseR-PC\AppData\Roaming\Mozilla\Firefox\Profiles\wu1g1l4l.default\searchplugins\icqplugin.xml [2011.11.11 01:24:24 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\extensions [2010.01.23 21:13:54 | 000,000,000 | ---D | M] ("ICQ Toolbar") -- C:\Program Files\Mozilla Firefox\extensions\{800b5000-a755-47e1-992b-48a1c1357f07} () (No name found) -- C:\USERS\MAX.USER-PC\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\WU1G1L4L.DEFAULT\EXTENSIONS\{D10D0BF8-F5B5-C8B4-A8B2-2B9879E08C5D}.XPI [2011.11.11 01:24:12 | 000,134,104 | ---- | M] (Mozilla Foundation) -- C:\Program Files\mozilla firefox\components\browsercomps.dll [2011.05.04 03:52:23 | 000,476,904 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\mozilla firefox\plugins\npdeployJava1.dll [2010.06.29 12:27:27 | 000,072,960 | ---- | M] (Foxit Software Company) -- C:\Program Files\mozilla firefox\plugins\npFoxitReaderPlugin.dll [2010.05.25 17:09:48 | 000,063,488 | ---- | M] (Nullsoft, Inc.) -- C:\Program Files\mozilla firefox\plugins\npwachk.dll [2010.01.01 09:00:00 | 000,001,392 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\amazondotcom-de.xml [2010.01.01 09:00:00 | 000,002,252 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\bing.xml [2010.01.01 09:00:00 | 000,001,153 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\eBay-de.xml [2010.01.01 09:00:00 | 000,006,805 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\leo_ende_de.xml [2010.01.01 09:00:00 | 000,001,178 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\wikipedia-de.xml [2010.01.01 09:00:00 | 000,001,105 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\yahoo-de.xml O1 HOSTS File: ([2010.06.24 21:24:59 | 000,000,027 | ---- | M]) - C:\Windows\System32\drivers\etc\hosts O2 - BHO: (Conduit Engine) - {30F9B915-B755-4826-820B-08FBA6BD249D} - C:\Program Files\ConduitEngine\prxConduitEngine.dll (Conduit Ltd.) O2 - BHO: (ShowBarObj Class) - {83A2F9B1-01A2-4AA5-87D1-45B6B8505E96} - C:\Program Files\Acer\Empowering Technology\eDataSecurity\x86\ActiveToolBand.dll (Egis) O2 - BHO: (DVDVideoSoftTB Toolbar) - {872b5b88-9db5-4310-bdd0-ac189557e5f5} - C:\Program Files\DVDVideoSoftTB\prxtbDVDV.dll (Conduit Ltd.) O3 - HKLM\..\Toolbar: (Conduit Engine) - {30F9B915-B755-4826-820B-08FBA6BD249D} - C:\Program Files\ConduitEngine\prxConduitEngine.dll (Conduit Ltd.) O3 - HKLM\..\Toolbar: (Acer eDataSecurity Management) - {5CBE3B7C-1E47-477e-A7DD-396DB0476E29} - C:\Program Files\Acer\Empowering Technology\eDataSecurity\x86\eDStoolbar.dll (Egis Incorporated.) O3 - HKLM\..\Toolbar: (no name) - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - No CLSID value found. O3 - HKLM\..\Toolbar: (DVDVideoSoftTB Toolbar) - {872b5b88-9db5-4310-bdd0-ac189557e5f5} - C:\Program Files\DVDVideoSoftTB\prxtbDVDV.dll (Conduit Ltd.) O3 - HKLM\..\Toolbar: (Veoh Browser Plug-in) - {D0943516-5076-4020-A3B5-AEFAF26AB263} - C:\Program Files\Veoh Networks\Veoh\Plugins\reg\VeohToolbar.dll (Veoh Networks Inc) O3 - HKCU\..\Toolbar\WebBrowser: (DVDVideoSoftTB Toolbar) - {872B5B88-9DB5-4310-BDD0-AC189557E5F5} - C:\Program Files\DVDVideoSoftTB\prxtbDVDV.dll (Conduit Ltd.) O4 - HKLM..\Run: [avgnt] C:\Program Files\Avira\AntiVir Desktop\avgnt.exe (Avira GmbH) O4 - HKLM..\Run: [CanonMyPrinter] C:\Program Files\Canon\MyPrinter\BJMyPrt.exe (CANON INC.) O4 - HKLM..\Run: [CanonSolutionMenu] C:\Program Files\Canon\SolutionMenu\CNSLMAIN.exe (CANON INC.) O4 - HKLM..\Run: [eAudio] C:\Program Files\Acer\Empowering Technology\eAudio\eAudio.exe (Acer Incorporated) O4 - HKLM..\Run: [eDataSecurity Loader] C:\Program Files\Acer\Empowering Technology\eDataSecurity\x86\eDSLoader.exe (Egis Incorporated) O4 - HKLM..\Run: [IAAnotif] C:\Program Files\Intel\Intel Matrix Storage Manager\IAAnotif.exe (Intel Corporation) O4 - HKLM..\Run: [LManager] C:\Program Files\Launch Manager\LManager.exe (Dritek System Inc.) O4 - HKLM..\Run: [NvCplDaemon] C:\Windows\System32\NvCpl.dll (NVIDIA Corporation) O4 - HKLM..\Run: [NvSvc] C:\Windows\System32\nvsvc.dll (NVIDIA Corporation) O4 - HKLM..\Run: [PLFSetI] C:\Windows\PLFSetI.exe () O4 - HKLM..\Run: [RtHDVCpl] C:\Windows\RtHDVCpl.exe (Realtek Semiconductor) O4 - HKLM..\Run: [Windows Defender] C:\Program Files\Windows Defender\MSASCui.exe (Microsoft Corporation) O4 - HKLM..\Run: [ZPdtWzdVitaKey MC3000] C:\Program Files\Acer\Acer Bio Protection\PdtWzd.exe (Arachnoid Biometrics Identification Group Corp.) O4 - HKCU..\Run: [ICQ] C:\Program Files\ICQ7.0\ICQ.exe (ICQ, LLC.) O4 - HKCU..\RunOnce: [] C:\Windows\System32\osk.exe (Microsoft Corporation) O4 - Startup: C:\Users\Max.UseR-PC\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OpenOffice.org 2.4.lnk = File not found O4 - Startup: C:\Users\Max.UseR-PC\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OpenOffice.org 3.1.lnk = C:\Program Files\OpenOffice.org 3\program\quickstart.exe () O4 - Startup: C:\Users\Max.UseR-PC\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OpenOffice.org 3.3.lnk = File not found O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0 O8 - Extra context menu item: Bild an &Bluetooth-Gerät senden... - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm () O8 - Extra context menu item: Free YouTube Download - C:\Users\Max.UseR-PC\AppData\Roaming\DVDVideoSoftIEHelpers\freeyoutubedownload.htm () O8 - Extra context menu item: Free YouTube to MP3 Converter - C:\Users\Max.UseR-PC\AppData\Roaming\DVDVideoSoftIEHelpers\freeyoutubetomp3converter.htm () O8 - Extra context menu item: Nach Microsoft E&xel exportieren - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000 File not found O8 - Extra context menu item: Seite an &Bluetooth-Gerät senden... - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm () O9 - Extra Button: Quick-Launching Area - {10954C80-4F0F-11d3-B17C-00C0DFE39736} - C:\Program Files\Acer\Acer Bio Protection\PwdBank.exe () O9 - Extra 'Tools' menuitem : Quick-Launching Area - {10954C80-4F0F-11d3-B17C-00C0DFE39736} - C:\Program Files\Acer\Acer Bio Protection\PwdBank.exe () O9 - Extra Button: ICQ7.6 - {7644E42D-B096-457F-8B5B-901238FC81AE} - C:\Program Files\ICQ7.6\ICQ.exe (ICQ, LLC.) O9 - Extra 'Tools' menuitem : ICQ7.6 - {7644E42D-B096-457F-8B5B-901238FC81AE} - C:\Program Files\ICQ7.6\ICQ.exe (ICQ, LLC.) O9 - Extra Button: @btrez.dll,-4015 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm () O9 - Extra 'Tools' menuitem : @btrez.dll,-12650 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm () O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_26-windows-i586.cab (Java Plug-in 1.6.0_26) O16 - DPF: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab (Java Plug-in 1.6.0_22) O16 - DPF: {CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_26-windows-i586.cab (Java Plug-in 1.6.0_26) O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_26-windows-i586.cab (Java Plug-in 1.6.0_26) O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.178.1 O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{62D63F80-07DE-42D6-88C3-EF7713BD9AB9}: DhcpNameServer = 192.168.178.1 O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{9F4CB8F4-2B33-4E61-99FE-E3D789B06B17}: DhcpNameServer = 192.168.178.1 O20 - HKLM Winlogon: Shell - (Explorer.exe) -C:\Windows\explorer.exe (Microsoft Corporation) O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) -C:\Windows\System32\userinit.exe (Microsoft Corporation) O20 - Winlogon\Notify\AWinNotifyVitaKey MC3000: DllName - (C:\Program Files\Acer\Acer Bio Protection\WinNotify.dll) - C:\Program Files\Acer\Acer Bio Protection\WinNotify.dll (Arachnoid Biometrics Identification Group Corp.) O21 - SSODL: IconPackager Repair - {1799460C-0BC8-4865-B9DF-4A36CD703FF0} - No CLSID value found. O24 - Desktop WallPaper: C:\Users\Max.UseR-PC\Desktop\Fürth - Bilder\rathaus!.jpg O24 - Desktop BackupWallPaper: C:\Users\Max.UseR-PC\Desktop\Fürth - Bilder\rathaus!.jpg O28 - HKLM ShellExecuteHooks: {AEB6717E-7E19-11d0-97EE-00C04FD91972} - No CLSID value found. O32 - HKLM CDRom: AutoRun - 1 O32 - AutoRun File - [2006.09.18 22:43:36 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ] O33 - MountPoints2\{04dad287-db1b-11dd-94a4-001e4cd61bea}\Shell - "" = AutoRun O33 - MountPoints2\{04dad287-db1b-11dd-94a4-001e4cd61bea}\Shell\AutoRun\command - "" = F:\S3\Autorun.exe O33 - MountPoints2\{8426f62e-05c2-11df-9363-913c67c5ad42}\Shell\AutoRun\command - "" = G:\Menu.exe O34 - HKLM BootExecute: (autocheck autochk *) O35 - HKLM\..comfile [open] -- "%1" %* O35 - HKLM\..exefile [open] -- "%1" %* O37 - HKLM\...com [@ = ComFile] -- "%1" %* O37 - HKLM\...exe [@ = exefile] -- "%1" %* NetSvcs: FastUserSwitchingCompatibility - File not found NetSvcs: Ias - C:\Windows\System32\ias.dll (Microsoft Corporation) NetSvcs: Nla - File not found NetSvcs: Ntmssvc - File not found NetSvcs: NWCWorkstation - File not found NetSvcs: Nwsapagent - File not found NetSvcs: SRService - File not found NetSvcs: WmdmPmSp - File not found NetSvcs: LogonHours - File not found NetSvcs: PCAudit - File not found NetSvcs: helpsvc - File not found NetSvcs: uploadmgr - File not found MsConfig - State: "startup" - 2 SafeBootMin: AppMgmt - File not found SafeBootMin: Base - Driver Group SafeBootMin: Boot Bus Extender - Driver Group SafeBootMin: Boot file system - Driver Group SafeBootMin: File system - Driver Group SafeBootMin: Filter - Driver Group SafeBootMin: HelpSvc - Service SafeBootMin: NTDS - File not found SafeBootMin: PCI Configuration - Driver Group SafeBootMin: PNP Filter - Driver Group SafeBootMin: Primary disk - Driver Group SafeBootMin: sacsvr - Service SafeBootMin: SCSI Class - Driver Group SafeBootMin: System Bus Extender - Driver Group SafeBootMin: WinDefend - C:\Program Files\Windows Defender\MpSvc.dll (Microsoft Corporation) SafeBootMin: {36FC9E60-C465-11CF-8056-444553540000} - Universal Serial Bus controllers SafeBootMin: {4D36E965-E325-11CE-BFC1-08002BE10318} - CD-ROM Drive SafeBootMin: {4D36E967-E325-11CE-BFC1-08002BE10318} - DiskDrive SafeBootMin: {4D36E969-E325-11CE-BFC1-08002BE10318} - Standard floppy disk controller SafeBootMin: {4D36E96A-E325-11CE-BFC1-08002BE10318} - Hdc SafeBootMin: {4D36E96B-E325-11CE-BFC1-08002BE10318} - Keyboard SafeBootMin: {4D36E96F-E325-11CE-BFC1-08002BE10318} - Mouse SafeBootMin: {4D36E977-E325-11CE-BFC1-08002BE10318} - PCMCIA Adapters SafeBootMin: {4D36E97B-E325-11CE-BFC1-08002BE10318} - SCSIAdapter SafeBootMin: {4D36E97D-E325-11CE-BFC1-08002BE10318} - System SafeBootMin: {4D36E980-E325-11CE-BFC1-08002BE10318} - Floppy disk drive SafeBootMin: {533C5B84-EC70-11D2-9505-00C04F79DEAF} - Volume shadow copy SafeBootMin: {6BDD1FC1-810F-11D0-BEC7-08002BE2092F} - IEEE 1394 Bus host controllers SafeBootMin: {71A27CDD-812A-11D0-BEC7-08002BE2092F} - Volume SafeBootMin: {745A17A0-74D3-11D0-B6FE-00A0C90F57DA} - Human Interface Devices SafeBootMin: {D48179BE-EC20-11D1-B6B8-00C04FA372A7} - SBP2 IEEE 1394 Devices SafeBootMin: {D94EE5D8-D189-4994-83D2-F68D7D41B0E6} - SecurityDevices SafeBootNet: AppMgmt - File not found SafeBootNet: Base - Driver Group SafeBootNet: Boot Bus Extender - Driver Group SafeBootNet: Boot file system - Driver Group SafeBootNet: File system - Driver Group SafeBootNet: Filter - Driver Group SafeBootNet: HelpSvc - Service SafeBootNet: Messenger - Service SafeBootNet: NDIS Wrapper - Driver Group SafeBootNet: NetBIOSGroup - Driver Group SafeBootNet: NetDDEGroup - Driver Group SafeBootNet: Network - Driver Group SafeBootNet: NetworkProvider - Driver Group SafeBootNet: NTDS - File not found SafeBootNet: PCI Configuration - Driver Group SafeBootNet: PNP Filter - Driver Group SafeBootNet: PNP_TDI - Driver Group SafeBootNet: Primary disk - Driver Group SafeBootNet: rdsessmgr - Service SafeBootNet: sacsvr - Service SafeBootNet: SCSI Class - Driver Group SafeBootNet: Streams Drivers - Driver Group SafeBootNet: System Bus Extender - Driver Group SafeBootNet: TDI - Driver Group SafeBootNet: WinDefend - C:\Program Files\Windows Defender\MpSvc.dll (Microsoft Corporation) SafeBootNet: {36FC9E60-C465-11CF-8056-444553540000} - Universal Serial Bus controllers SafeBootNet: {4D36E965-E325-11CE-BFC1-08002BE10318} - CD-ROM Drive SafeBootNet: {4D36E967-E325-11CE-BFC1-08002BE10318} - DiskDrive SafeBootNet: {4D36E969-E325-11CE-BFC1-08002BE10318} - Standard floppy disk controller SafeBootNet: {4D36E96A-E325-11CE-BFC1-08002BE10318} - Hdc SafeBootNet: {4D36E96B-E325-11CE-BFC1-08002BE10318} - Keyboard SafeBootNet: {4D36E96F-E325-11CE-BFC1-08002BE10318} - Mouse SafeBootNet: {4D36E972-E325-11CE-BFC1-08002BE10318} - Net SafeBootNet: {4D36E973-E325-11CE-BFC1-08002BE10318} - NetClient SafeBootNet: {4D36E974-E325-11CE-BFC1-08002BE10318} - NetService SafeBootNet: {4D36E975-E325-11CE-BFC1-08002BE10318} - NetTrans SafeBootNet: {4D36E977-E325-11CE-BFC1-08002BE10318} - PCMCIA Adapters SafeBootNet: {4D36E97B-E325-11CE-BFC1-08002BE10318} - SCSIAdapter SafeBootNet: {4D36E97D-E325-11CE-BFC1-08002BE10318} - System SafeBootNet: {4D36E980-E325-11CE-BFC1-08002BE10318} - Floppy disk drive SafeBootNet: {50DD5230-BA8A-11D1-BF5D-0000F805F530} - Smart card readers SafeBootNet: {533C5B84-EC70-11D2-9505-00C04F79DEAF} - Volume shadow copy SafeBootNet: {6BDD1FC1-810F-11D0-BEC7-08002BE2092F} - IEEE 1394 Bus host controllers SafeBootNet: {71A27CDD-812A-11D0-BEC7-08002BE2092F} - Volume SafeBootNet: {745A17A0-74D3-11D0-B6FE-00A0C90F57DA} - Human Interface Devices SafeBootNet: {D48179BE-EC20-11D1-B6B8-00C04FA372A7} - SBP2 IEEE 1394 Devices SafeBootNet: {D94EE5D8-D189-4994-83D2-F68D7D41B0E6} - SecurityDevices ActiveX: {08B0E5C0-4FCB-11CF-AAA5-00401C608500} - Java (Sun) ActiveX: {2179C5D3-EBFF-11CF-B6FD-00AA00B4E220} - NetShow ActiveX: {22d6f312-b0f6-11d0-94ab-0080c74c7e95} - Windows Media Player 5.2 ActiveX: {233C1507-6A77-46A4-9443-F871F945D258} - Adobe Shockwave Director 10.2 ActiveX: {25FFAAD0-F4A3-4164-95FF-4461E9F35D51} - .NET Framework ActiveX: {2A202491-F00D-11cf-87CC-0020AFEECF20} - Adobe Shockwave Director 10.2 ActiveX: {2C7339CF-2B09-4501-B3F3-F3508C9228ED} - %SystemRoot%\system32\regsvr32.exe /s /n /i:/UserInstall %SystemRoot%\system32\themeui.dll ActiveX: {3af36230-a269-11d1-b5bf-0000f8051515} - Offline Browsing Pack ActiveX: {3C3901C5-3455-3E0A-A214-0B093A5070A6} - .NET Framework ActiveX: {44BBA840-CC51-11CF-AAFA-00AA00B6015C} - "%ProgramFiles%\Windows Mail\WinMail.exe" OCInstallUserConfigOE ActiveX: {44BBA848-CC51-11CF-AAFA-00AA00B6015C} - DirectShow ActiveX: {44BBA855-CC51-11CF-AAFA-00AA00B6015F} - DirectDrawEx ActiveX: {45ea75a0-a269-11d1-b5bf-0000f8051515} - Internet Explorer Help ActiveX: {4f645220-306d-11d2-995d-00c04f98bbc9} - Microsoft Windows Script 5.7 ActiveX: {5fd399c0-a70a-11d1-9948-00c04f98bbc9} - Internet Explorer Setup Tools ActiveX: {630b1da0-b465-11d1-9948-00c04f98bbc9} - Browsing Enhancements ActiveX: {6BF52A52-394A-11d3-B153-00C04F79FAA6} - Microsoft Windows Media Player ActiveX: {6fab99d0-bab8-11d1-994a-00c04f98bbc9} - MSN Site Access ActiveX: {7790769C-0471-11d2-AF11-00C04FA35D02} - Address Book 7 ActiveX: {7C028AF8-F614-47B3-82DA-BA94E41B1089} - .NET Framework ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4340} - regsvr32.exe /s /n /i:U shell32.dll ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4383} - C:\Windows\system32\ie4uinit.exe -BaseSettings ActiveX: {89B4C1CD-B018-4511-B0A1-5476DBF70820} - C:\Windows\system32\Rundll32.exe C:\Windows\system32\mscories.dll,Install ActiveX: {9381D8F2-0288-11D0-9501-00AA00B911A5} - Dynamic HTML Data Binding ActiveX: {C9E9A340-D1F1-11D0-821E-444553540600} - Internet Explorer Core Fonts ActiveX: {CDD7975E-60F8-41d5-8149-19E51D6F71D0} - Windows Movie Maker v2.1 ActiveX: {D27CDB6E-AE6D-11CF-96B8-444553540000} - Adobe Flash Player ActiveX: {de5aed00-a4bf-11d1-9948-00c04f98bbc9} - HTML Help ActiveX: {E92B03AB-B707-11d2-9CBD-0000F87A369E} - Active Directory Service Interface ActiveX: >{22d6f312-b0f6-11d0-94ab-0080c74c7e95} - C:\Windows\system32\unregmp2.exe /ShowWMP ActiveX: >{26923b43-4d38-484f-9b9e-de460746276c} - C:\Windows\system32\ie4uinit.exe -UserIconConfig ActiveX: >{60B49E34-C7CC-11D0-8953-00A0C90347FF} - "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\iedkcs32.dll",BrandIEActiveSetup SIGNUP Drivers32: msacm.l3acm - C:\Windows\System32\l3codeca.acm (Fraunhofer Institut Integrierte Schaltungen IIS) Drivers32: msacm.lhacm - C:\Windows\System32\lhacm.acm (Microsoft Corporation) Drivers32: MSVideo8 - C:\Windows\System32\vfwwdm32.dll (Microsoft Corporation) Drivers32: vidc.cvid - C:\Windows\System32\iccvid.dll (Radius Inc.) Drivers32: vidc.DIVX - C:\Windows\System32\DivX.dll (DivX, Inc.) Drivers32: vidc.i420 - C:\Windows\System32\i420vfw.dll (www.helixcommunity.org) Drivers32: vidc.iv31 - C:\Windows\System32\ir32_32.dll (Intel(R) Corporation) Drivers32: vidc.iv32 - C:\Windows\System32\ir32_32.dll (Intel(R) Corporation) Drivers32: vidc.XVID - C:\Windows\System32\xvidvfw.dll () Drivers32: vidc.yv12 - C:\Windows\System32\DivX.dll (DivX, Inc.) CREATERESTOREPOINT Error creating restore point. ========== Files/Folders - Created Within 30 Days ========== [2012.01.03 05:26:13 | 000,000,000 | -HSD | C] -- C:\found.004 [2011.12.30 19:25:57 | 000,000,000 | ---D | C] -- C:\Program Files\ESET [2011.12.30 17:07:58 | 000,000,000 | ---D | C] -- C:\Users\Max.UseR-PC\AppData\Roaming\Malwarebytes [2011.12.27 14:29:30 | 000,000,000 | ---D | C] -- C:\Users\Max.UseR-PC\AppData\Roaming\Avira [2011.12.25 22:31:38 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Graffiti Studio 2.0 [2011.12.25 22:31:33 | 000,000,000 | ---D | C] -- C:\Program Files\Graffiti Studio 2.0 [2011.12.15 22:17:05 | 000,000,000 | ---D | C] -- C:\Users\Max.UseR-PC\Desktop\Fürth - Bilder [2011.12.14 18:11:49 | 000,000,000 | ---D | C] -- C:\Users\Max.UseR-PC\Desktop\CRO - Meine Musik [2011.12.11 21:54:43 | 000,000,000 | ---D | C] -- C:\Users\Max.UseR-PC\Desktop\CRO - Easy [2011.12.08 13:10:28 | 000,000,000 | -HSD | C] -- C:\found.003 [2011.10.10 07:47:34 | 001,012,016 | ---- | C] (Nitro PDF Software) -- C:\Program Files\SolidCore.dll [2011.10.10 07:47:32 | 000,151,856 | ---- | C] (Nitro PDF Software) -- C:\Program Files\SecurePdfSDK.dll [2011.10.10 07:47:30 | 004,800,816 | ---- | C] (Nitro PDF Software) -- C:\Program Files\PDFLibTool.dll [2011.10.10 07:47:28 | 000,373,040 | ---- | C] (Nitro PDF Software) -- C:\Program Files\ocr.dll [2011.10.10 07:47:26 | 005,202,224 | ---- | C] (Nitro PDF) -- C:\Program Files\npdf.dll [2011.10.10 07:47:22 | 000,086,320 | ---- | C] (Nitro PDF) -- C:\Program Files\Nitro_PIPAssistant.exe [2011.10.10 07:47:18 | 000,018,224 | ---- | C] (Nitro PDF Software) -- C:\Program Files\NitroPrinterInstaller.exe [2011.10.10 07:47:12 | 000,233,776 | ---- | C] (Nitro PDF Software) -- C:\Program Files\NitroPDFReaderSupportTools.exe [2011.10.10 07:47:04 | 000,196,912 | ---- | C] (Nitro PDF Software) -- C:\Program Files\NitroPDFReaderDriverService2.exe [2011.10.10 07:47:00 | 006,943,024 | ---- | C] (Nitro PDF Software) -- C:\Program Files\NitroPDFReaderDriver2.dll [2011.10.10 07:46:56 | 000,459,056 | ---- | C] (Nitro PDF Software) -- C:\Program Files\NitroPDFReaderDriver.exe [2011.10.10 07:46:54 | 003,371,312 | ---- | C] (Nitro PDF) -- C:\Program Files\NitroPDFReader.exe [2011.10.10 07:46:50 | 001,380,656 | ---- | C] (Nitro PDF) -- C:\Program Files\NitroPDFActiveX.ocx [2011.10.10 07:46:48 | 000,885,040 | ---- | C] (VoyagerSoft, LLC) -- C:\Program Files\ImageTool7.dll [2011.10.10 07:46:46 | 000,676,144 | ---- | C] (Nitro PDF Software) -- C:\Program Files\Framework7.dll [2011.10.10 07:46:44 | 000,078,640 | ---- | C] (DeskMetrics) -- C:\Program Files\DeskMetrics.dll [2011.10.10 07:46:42 | 000,990,512 | ---- | C] (Microsoft Corporation) -- C:\Program Files\dbghelp.dll [2011.10.10 07:46:40 | 000,147,760 | ---- | C] (Nitro PDF Software) -- C:\Program Files\dbCore.dll [2011.10.10 07:46:38 | 000,450,864 | ---- | C] (Nitro PDF Software) -- C:\Program Files\ConverterCore.dll [2011.10.10 07:46:38 | 000,074,032 | ---- | C] (Nitro PDF) -- C:\Program Files\BugSplatRc.dll [2011.10.10 07:46:36 | 000,231,216 | ---- | C] (BugSplat, LLC) -- C:\Program Files\BugSplat.dll [2011.10.10 07:46:30 | 000,758,064 | ---- | C] (BCGSoft Co Ltd) -- C:\Program Files\BCGPStyle2010White1510.dll [2011.10.10 07:46:28 | 000,762,160 | ---- | C] (BCGSoft Co Ltd) -- C:\Program Files\BCGPStyle2010Blue1510.dll [2011.10.10 07:46:26 | 000,725,296 | ---- | C] (BCGSoft Co Ltd) -- C:\Program Files\BCGPStyle2010Black1510.dll [2011.10.10 07:46:16 | 006,263,088 | ---- | C] (BCGSoft Ltd) -- C:\Program Files\BCGCBPRO1510u80.dll [2011.10.10 07:46:16 | 000,426,288 | ---- | C] (BCGSoft Ltd) -- C:\Program Files\BCGCBProResDEU.dll [2011.10.10 07:46:00 | 000,065,840 | ---- | C] ( ) -- C:\Program Files\npnitromozilla.dll [2011.10.10 07:45:58 | 000,078,128 | ---- | C] (Nitro PDF) -- C:\Program Files\npnitroie.ocx [2011.10.10 07:45:22 | 000,273,920 | ---- | C] (BugSplat, LLC) -- C:\Program Files\BsSndRpt.exe [2011.09.24 01:33:06 | 001,323,008 | ---- | C] (Nitro PDF Software) -- C:\Program Files\PdfFlt.flt [2011.09.24 01:30:38 | 000,090,112 | ---- | C] (Nitro PDF Software) -- C:\Program Files\txtFlt.flt [3 C:\Users\Max.UseR-PC\AppData\Local\*.tmp files -> C:\Users\Max.UseR-PC\AppData\Local\*.tmp -> ] ========== Files - Modified Within 30 Days ========== [2012.01.05 18:02:07 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat [2012.01.05 14:06:41 | 000,003,168 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0 [2012.01.05 14:06:40 | 000,003,168 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0 [2012.01.03 22:23:12 | 252,037,995 | ---- | M] () -- C:\Windows\MEMORY.DMP [2012.01.03 02:37:25 | 000,001,090 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job [2012.01.02 18:02:57 | 000,595,830 | ---- | M] () -- C:\Windows\System32\perfh009.dat [2012.01.02 18:02:56 | 000,628,200 | ---- | M] () -- C:\Windows\System32\perfh007.dat [2012.01.02 18:02:56 | 000,125,862 | ---- | M] () -- C:\Windows\System32\perfc007.dat [2012.01.02 18:02:56 | 000,103,646 | ---- | M] () -- C:\Windows\System32\perfc009.dat [2012.01.02 15:59:19 | 000,000,012 | ---- | M] () -- C:\Windows\bthservsdp.dat [2012.01.02 15:56:45 | 000,000,000 | ---- | M] () -- C:\Windows\System32\LogConfigTemp.xml [2012.01.02 00:07:00 | 000,001,094 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job [2012.01.01 09:17:34 | 000,054,156 | -H-- | M] () -- C:\Windows\QTFont.qfn [2012.01.01 08:59:14 | 000,048,825 | ---- | M] () -- C:\Users\Max.UseR-PC\AppData\Roaming\nvModes.001 [2011.12.31 16:24:33 | 000,059,392 | ---- | M] () -- C:\Users\Max.UseR-PC\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini [2011.12.28 14:03:13 | 000,000,020 | ---- | M] () -- C:\Users\Max.UseR-PC\defogger_reenable [2011.12.27 18:18:44 | 000,000,000 | ---- | M] () -- C:\Users\Max.UseR-PC\AppData\Local\{24889A8A-BAC6-433C-8E9D-0CCAD0F94245} [2011.12.27 15:29:04 | 000,001,871 | ---- | M] () -- C:\Users\Max.UseR-PC\Desktop\Entfernen des Avira DE-Cleaners.lnk [2011.12.27 15:29:04 | 000,001,800 | ---- | M] () -- C:\Users\Max.UseR-PC\Desktop\Avira DE-Cleaner.lnk [2011.12.27 13:14:18 | 000,048,825 | ---- | M] () -- C:\Users\Max.UseR-PC\AppData\Roaming\nvModes.dat [2011.12.23 23:44:47 | 000,009,308 | ---- | M] () -- C:\Users\Max.UseR-PC\.recently-used.xbel [2011.12.23 19:44:05 | 000,000,000 | ---- | M] () -- C:\Users\Max.UseR-PC\AppData\Local\{8C9EB9CD-2F1F-45DA-B357-AE7D0FF98E5D} [2011.12.16 15:15:56 | 000,154,742 | ---- | M] () -- C:\Users\Max.UseR-PC\Desktop\bild.odt [2011.12.10 15:24:06 | 000,020,464 | ---- | M] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbam.sys [2011.12.07 20:39:16 | 000,657,362 | ---- | M] () -- C:\Users\Max.UseR-PC\Desktop\nord-pas-de-calais.odt [3 C:\Users\Max.UseR-PC\AppData\Local\*.tmp files -> C:\Users\Max.UseR-PC\AppData\Local\*.tmp -> ] ========== Files Created - No Company Name ========== [2012.01.03 22:22:51 | 252,037,995 | ---- | C] () -- C:\Windows\MEMORY.DMP [2011.12.28 14:01:30 | 000,000,020 | ---- | C] () -- C:\Users\Max.UseR-PC\defogger_reenable [2011.12.27 18:18:44 | 000,000,000 | ---- | C] () -- C:\Users\Max.UseR-PC\AppData\Local\{24889A8A-BAC6-433C-8E9D-0CCAD0F94245} [2011.12.27 15:11:07 | 000,001,871 | ---- | C] () -- C:\Users\Max.UseR-PC\Desktop\Entfernen des Avira DE-Cleaners.lnk [2011.12.27 15:11:07 | 000,001,800 | ---- | C] () -- C:\Users\Max.UseR-PC\Desktop\Avira DE-Cleaner.lnk [2011.12.23 23:44:47 | 000,009,308 | ---- | C] () -- C:\Users\Max.UseR-PC\.recently-used.xbel [2011.12.23 19:43:38 | 000,000,000 | ---- | C] () -- C:\Users\Max.UseR-PC\AppData\Local\{8C9EB9CD-2F1F-45DA-B357-AE7D0FF98E5D} [2011.12.16 15:15:53 | 000,154,742 | ---- | C] () -- C:\Users\Max.UseR-PC\Desktop\bild.odt [2011.12.07 19:17:23 | 000,657,362 | ---- | C] () -- C:\Users\Max.UseR-PC\Desktop\nord-pas-de-calais.odt [2011.10.10 07:47:44 | 000,512,304 | ---- | C] () -- C:\Program Files\wxmsw28u_xrc_vc_pro7.dll [2011.10.10 07:47:42 | 000,467,248 | ---- | C] () -- C:\Program Files\wxmsw28u_html_vc_pro7.dll [2011.10.10 07:47:40 | 002,683,184 | ---- | C] () -- C:\Program Files\wxmsw28u_core_vc_pro7.dll [2011.10.10 07:47:38 | 000,708,912 | ---- | C] () -- C:\Program Files\wxmsw28u_adv_vc_pro7.dll [2011.10.10 07:47:38 | 000,135,472 | ---- | C] () -- C:\Program Files\wxbase28u_xml_vc_pro7.dll [2011.10.10 07:47:36 | 001,204,528 | ---- | C] () -- C:\Program Files\wxbase28u_vc_pro7.dll [2011.10.10 07:46:52 | 001,171,760 | ---- | C] () -- C:\Program Files\NitroPDFPreviewHandler.dll [2011.10.08 10:01:42 | 000,000,000 | ---- | C] () -- C:\Users\Max.UseR-PC\AppData\Local\{42573745-5159-4AE2-B394-212DDE78F079} [2011.09.23 20:51:56 | 000,000,000 | ---- | C] () -- C:\Users\Max.UseR-PC\AppData\Local\{8F653507-A225-430B-8F65-F8E50C14E1C6} [2011.06.21 12:25:12 | 000,071,710 | ---- | C] () -- C:\Program Files\Welcome.pdf [2011.05.01 19:37:39 | 000,819,200 | ---- | C] () -- C:\Windows\System32\xvidcore.dll [2011.05.01 19:37:39 | 000,180,224 | ---- | C] () -- C:\Windows\System32\xvidvfw.dll [2011.03.09 13:21:28 | 000,001,809 | ---- | C] () -- C:\Program Files\wxOptionsDlg.xrc [2010.09.22 10:54:30 | 007,351,267 | ---- | C] () -- C:\Program Files\Nitro_PDF_User_Guide.chm [2010.06.24 20:56:35 | 000,256,512 | ---- | C] () -- C:\Windows\PEV.exe [2010.06.24 20:56:35 | 000,098,816 | ---- | C] () -- C:\Windows\sed.exe [2010.06.24 20:56:35 | 000,080,412 | ---- | C] () -- C:\Windows\grep.exe [2010.06.24 20:56:35 | 000,077,312 | ---- | C] () -- C:\Windows\MBR.exe [2010.06.24 20:56:35 | 000,068,096 | ---- | C] () -- C:\Windows\zip.exe [2010.06.19 20:32:44 | 000,000,256 | ---- | C] () -- C:\Windows\wininit.ini [2010.01.20 15:05:44 | 000,000,032 | ---- | C] () -- C:\Windows\Menu.INI [2009.09.17 20:30:29 | 000,000,000 | ---- | C] () -- C:\Users\Max.UseR-PC\AppData\Roaming\wklnhst.dat [2009.06.05 12:40:58 | 000,000,245 | ---- | C] () -- C:\Program Files\help.ini [2009.05.05 16:07:45 | 000,010,240 | ---- | C] () -- C:\Windows\System32\vidx16.dll [2009.04.22 16:31:50 | 000,000,001 | ---- | C] () -- C:\Program Files\config.dat [2009.02.06 15:15:34 | 000,059,392 | ---- | C] () -- C:\Users\Max.UseR-PC\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini [2009.01.26 16:20:19 | 000,000,680 | ---- | C] () -- C:\Users\Max.UseR-PC\AppData\Local\d3d9caps.dat [2009.01.21 16:08:11 | 000,000,479 | ---- | C] () -- C:\Windows\eReg.dat [2009.01.20 15:52:25 | 000,048,825 | ---- | C] () -- C:\Users\Max.UseR-PC\AppData\Roaming\nvModes.001 [2009.01.20 15:52:18 | 000,048,825 | ---- | C] () -- C:\Users\Max.UseR-PC\AppData\Roaming\nvModes.dat [2008.10.10 14:03:45 | 000,000,056 | -H-- | C] () -- C:\ProgramData\ezsidmv.dat [2008.09.24 14:22:33 | 000,000,044 | ---- | C] () -- C:\Windows\odbcddp.ini [2008.09.24 13:45:05 | 000,001,511 | ---- | C] () -- C:\Windows\ODBC.INI [2008.09.24 13:45:05 | 000,000,892 | ---- | C] () -- C:\Windows\ODBCINST.INI [2008.09.24 13:44:25 | 000,000,145 | ---- | C] () -- C:\Windows\KLETT.INI [2008.09.24 13:43:38 | 000,247,296 | ---- | C] () -- C:\Windows\UN160407.EXE [2008.09.17 15:34:57 | 000,106,605 | ---- | C] () -- C:\Windows\System32\StructuredQuerySchema.bin [2008.09.17 15:34:57 | 000,018,904 | ---- | C] () -- C:\Windows\System32\StructuredQuerySchemaTrivial.bin [2008.07.28 13:00:37 | 000,502,784 | ---- | C] () -- C:\Windows\x2.64.exe [2008.07.28 13:00:37 | 000,240,128 | ---- | C] () -- C:\Windows\System32\x.264.exe [2008.07.28 13:00:37 | 000,217,073 | ---- | C] () -- C:\Windows\meta4.exe [2008.07.28 13:00:37 | 000,066,560 | ---- | C] () -- C:\Windows\MOTA113.exe [2008.07.28 13:00:37 | 000,027,648 | ---- | C] () -- C:\Windows\System32\AVSredirect.dll [2008.07.08 15:54:19 | 000,000,306 | RHS- | C] () -- C:\ProgramData\ntuser.pol [2008.06.21 10:51:27 | 000,045,568 | ---- | C] () -- C:\Windows\UniFish3.exe [2008.06.17 16:49:04 | 000,192,512 | ---- | C] () -- C:\Windows\System32\srkey.exe [2008.06.17 16:14:40 | 000,000,675 | ---- | C] () -- C:\Windows\HAMMER.INI [2008.06.09 19:48:43 | 000,000,035 | ---- | C] () -- C:\Windows\WorldBuilder.INI [2008.05.17 13:22:29 | 000,000,550 | ---- | C] () -- C:\Windows\mozver.dat [2008.05.17 12:47:54 | 000,000,000 | ---- | C] () -- C:\Windows\nsreg.dat [2008.05.13 17:39:21 | 000,000,012 | ---- | C] () -- C:\Windows\bthservsdp.dat [2008.04.30 17:19:07 | 000,626,688 | ---- | C] () -- C:\Windows\Image.dll [2008.04.30 17:19:07 | 000,200,704 | ---- | C] () -- C:\Windows\PLFSetI.exe [2008.04.30 17:19:07 | 000,000,036 | ---- | C] () -- C:\Windows\PidList.ini [2008.04.30 17:14:52 | 001,548,099 | ---- | C] () -- C:\Windows\System32\VMC3KAPI.dll [2008.03.02 01:52:50 | 000,001,024 | RH-- | C] () -- C:\Windows\System32\NTIOFM4.dll [2008.03.02 01:52:50 | 000,001,024 | RH-- | C] () -- C:\Windows\System32\NTIBUN5.dll [2008.03.02 01:07:47 | 000,487,424 | ---- | C] () -- C:\Windows\System32\INT15.dll [2008.03.02 01:02:44 | 000,001,694 | ---- | C] () -- C:\Windows\RtDefLvl.ini [2008.03.02 01:02:44 | 000,000,520 | ---- | C] () -- C:\Windows\System32\drivers\RTEQEX0.dat [2008.03.02 01:00:57 | 000,000,008 | ---- | C] () -- C:\Windows\System32\drivers\RtkHDAud.dat [2008.03.01 16:37:33 | 001,060,424 | ---- | C] () -- C:\Windows\System32\WdfCoInstaller01000.dll [2007.11.20 15:24:52 | 000,159,744 | ---- | C] () -- C:\Windows\gdf.dll [2007.11.14 14:17:34 | 000,204,800 | ---- | C] () -- C:\Windows\System32\CogentBioSDK.dll [2007.04.24 17:32:56 | 000,389,120 | ---- | C] () -- C:\Windows\System32\btwhidcs.dll [2007.01.26 07:32:18 | 000,069,632 | ---- | C] () -- C:\Windows\System32\drivers\int15.sys [2006.11.02 16:33:31 | 000,628,200 | ---- | C] () -- C:\Windows\System32\perfh007.dat [2006.11.02 16:33:31 | 000,290,748 | ---- | C] () -- C:\Windows\System32\perfi007.dat [2006.11.02 16:33:31 | 000,125,862 | ---- | C] () -- C:\Windows\System32\perfc007.dat [2006.11.02 16:33:31 | 000,036,916 | ---- | C] () -- C:\Windows\System32\perfd007.dat [2006.11.02 13:57:28 | 000,067,584 | --S- | C] () -- C:\Windows\bootstat.dat [2006.11.02 13:47:37 | 000,325,368 | ---- | C] () -- C:\Windows\System32\FNTCACHE.DAT [2006.11.02 13:35:32 | 000,005,632 | ---- | C] () -- C:\Windows\System32\sysprepMCE.dll [2006.11.02 11:33:01 | 000,595,830 | ---- | C] () -- C:\Windows\System32\perfh009.dat [2006.11.02 11:33:01 | 000,287,440 | ---- | C] () -- C:\Windows\System32\perfi009.dat [2006.11.02 11:33:01 | 000,103,646 | ---- | C] () -- C:\Windows\System32\perfc009.dat [2006.11.02 11:33:01 | 000,030,674 | ---- | C] () -- C:\Windows\System32\perfd009.dat [2006.11.02 11:23:21 | 000,215,943 | ---- | C] () -- C:\Windows\System32\dssec.dat [2006.11.02 09:58:30 | 000,043,131 | ---- | C] () -- C:\Windows\mib.bin [2006.11.02 09:19:00 | 000,000,741 | ---- | C] () -- C:\Windows\System32\NOISE.DAT [2006.11.02 08:40:29 | 000,013,750 | ---- | C] () -- C:\Windows\System32\pacerprf.ini [2006.11.02 08:25:31 | 000,673,088 | ---- | C] () -- C:\Windows\System32\mlang.dat [2001.12.26 16:12:30 | 000,065,536 | ---- | C] () -- C:\Windows\System32\multiplex_vcd.dll [2001.11.14 12:56:00 | 001,802,240 | ---- | C] () -- C:\Windows\System32\lcppn21.dll [2001.09.03 23:46:38 | 000,110,592 | ---- | C] () -- C:\Windows\System32\Hmpg12.dll [2001.07.30 16:33:56 | 000,118,784 | ---- | C] () -- C:\Windows\System32\HMPV2_ENC.dll [2001.07.23 22:04:36 | 000,118,784 | ---- | C] () -- C:\Windows\System32\HMPV2_ENC_MMX.dll ========== LOP Check ========== [2009.03.17 23:57:20 | 000,000,000 | ---D | M] -- C:\Users\Max.UseR-PC\AppData\Roaming\BitTorrent [2010.03.13 23:56:19 | 000,000,000 | ---D | M] -- C:\Users\Max.UseR-PC\AppData\Roaming\Canneverbe_Limited [2011.01.08 12:56:05 | 000,000,000 | ---D | M] -- C:\Users\Max.UseR-PC\AppData\Roaming\Canon [2009.02.03 16:20:26 | 000,000,000 | ---D | M] -- C:\Users\Max.UseR-PC\AppData\Roaming\DAEMON Tools [2011.10.23 15:52:08 | 000,000,000 | ---D | M] -- C:\Users\Max.UseR-PC\AppData\Roaming\Downloaded Installations [2011.09.22 20:55:40 | 000,000,000 | ---D | M] -- C:\Users\Max.UseR-PC\AppData\Roaming\DVDVideoSoft [2011.03.29 17:11:15 | 000,000,000 | ---D | M] -- C:\Users\Max.UseR-PC\AppData\Roaming\DVDVideoSoftIEHelpers [2011.09.24 11:54:46 | 000,000,000 | ---D | M] -- C:\Users\Max.UseR-PC\AppData\Roaming\GetRightToGo [2011.08.02 17:11:43 | 000,000,000 | ---D | M] -- C:\Users\Max.UseR-PC\AppData\Roaming\go [2011.12.16 14:14:41 | 000,000,000 | ---D | M] -- C:\Users\Max.UseR-PC\AppData\Roaming\gtk-2.0 [2011.12.23 23:49:34 | 000,000,000 | ---D | M] -- C:\Users\Max.UseR-PC\AppData\Roaming\ICQ [2010.06.07 18:49:40 | 000,000,000 | ---D | M] -- C:\Users\Max.UseR-PC\AppData\Roaming\IrfanView [2011.02.26 08:43:08 | 000,000,000 | ---D | M] -- C:\Users\Max.UseR-PC\AppData\Roaming\Meine Die Schlacht um Mittelerde-Dateien [2009.04.11 13:52:15 | 000,000,000 | ---D | M] -- C:\Users\Max.UseR-PC\AppData\Roaming\Meine Die Schlacht um Mittelerde™ II-Dateien [2009.06.22 21:36:59 | 000,000,000 | ---D | M] -- C:\Users\Max.UseR-PC\AppData\Roaming\Miranda [2011.10.23 16:38:04 | 000,000,000 | ---D | M] -- C:\Users\Max.UseR-PC\AppData\Roaming\Nitro PDF [2010.01.13 15:03:03 | 000,000,000 | ---D | M] -- C:\Users\Max.UseR-PC\AppData\Roaming\OpenOffice.org [2010.07.09 19:38:59 | 000,000,000 | ---D | M] -- C:\Users\Max.UseR-PC\AppData\Roaming\pokerth [2011.10.09 20:37:08 | 000,000,000 | ---D | M] -- C:\Users\Max.UseR-PC\AppData\Roaming\temp [2009.09.17 20:30:30 | 000,000,000 | ---D | M] -- C:\Users\Max.UseR-PC\AppData\Roaming\Template [2010.09.01 16:52:47 | 000,000,000 | ---D | M] -- C:\Users\Max.UseR-PC\AppData\Roaming\Thunderbird [2010.09.02 13:03:41 | 000,000,000 | ---D | M] -- C:\Users\Max.UseR-PC\AppData\Roaming\Trillian [2011.10.09 11:28:26 | 000,000,000 | ---D | M] -- C:\Users\Max.UseR-PC\AppData\Roaming\UDC Profiles [2009.01.19 20:02:01 | 000,000,000 | ---D | M] -- C:\Users\Max.UseR-PC\AppData\Roaming\Validity [2009.07.17 17:35:12 | 000,000,000 | ---D | M] -- C:\Users\Max.UseR-PC\AppData\Roaming\Wippien [2012.01.05 14:07:32 | 000,032,630 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT [2010.07.12 12:39:41 | 000,000,416 | -H-- | M] () -- C:\Windows\Tasks\User_Feed_Synchronization-{4CB0668D-0C3B-4AA0-9AF4-ADEA5698541B}.job ========== Purity Check ========== ========== Custom Scans ========== < %ALLUSERSPROFILE%\Application Data\*. > < %ALLUSERSPROFILE%\Application Data\*.exe /s > < %APPDATA%\*. > [2009.03.17 23:10:24 | 000,000,000 | ---D | M] -- C:\Users\Max.UseR-PC\AppData\Roaming\Adobe [2011.12.27 14:29:30 | 000,000,000 | ---D | M] -- C:\Users\Max.UseR-PC\AppData\Roaming\Avira [2009.03.17 23:57:20 | 000,000,000 | ---D | M] -- C:\Users\Max.UseR-PC\AppData\Roaming\BitTorrent [2010.03.13 23:56:19 | 000,000,000 | ---D | M] -- C:\Users\Max.UseR-PC\AppData\Roaming\Canneverbe_Limited [2011.01.08 12:56:05 | 000,000,000 | ---D | M] -- C:\Users\Max.UseR-PC\AppData\Roaming\Canon [2009.08.03 14:01:05 | 000,000,000 | ---D | M] -- C:\Users\Max.UseR-PC\AppData\Roaming\CyberLink [2009.02.03 16:20:26 | 000,000,000 | ---D | M] -- C:\Users\Max.UseR-PC\AppData\Roaming\DAEMON Tools [2009.04.17 13:20:36 | 000,000,000 | ---D | M] -- C:\Users\Max.UseR-PC\AppData\Roaming\DivX [2011.10.23 15:52:08 | 000,000,000 | ---D | M] -- C:\Users\Max.UseR-PC\AppData\Roaming\Downloaded Installations [2011.12.26 23:14:38 | 000,000,000 | ---D | M] -- C:\Users\Max.UseR-PC\AppData\Roaming\dvdcss [2011.09.22 20:55:40 | 000,000,000 | ---D | M] -- C:\Users\Max.UseR-PC\AppData\Roaming\DVDVideoSoft [2011.03.29 17:11:15 | 000,000,000 | ---D | M] -- C:\Users\Max.UseR-PC\AppData\Roaming\DVDVideoSoftIEHelpers [2011.09.24 11:54:46 | 000,000,000 | ---D | M] -- C:\Users\Max.UseR-PC\AppData\Roaming\GetRightToGo [2011.08.02 17:11:43 | 000,000,000 | ---D | M] -- C:\Users\Max.UseR-PC\AppData\Roaming\go [2011.12.16 14:14:41 | 000,000,000 | ---D | M] -- C:\Users\Max.UseR-PC\AppData\Roaming\gtk-2.0 [2009.07.17 15:33:46 | 000,000,000 | ---D | M] -- C:\Users\Max.UseR-PC\AppData\Roaming\Hamachi [2011.12.23 23:49:34 | 000,000,000 | ---D | M] -- C:\Users\Max.UseR-PC\AppData\Roaming\ICQ [2009.01.19 20:01:44 | 000,000,000 | ---D | M] -- C:\Users\Max.UseR-PC\AppData\Roaming\Identities [2010.06.07 18:49:40 | 000,000,000 | ---D | M] -- C:\Users\Max.UseR-PC\AppData\Roaming\IrfanView [2009.01.19 20:14:21 | 000,000,000 | ---D | M] -- C:\Users\Max.UseR-PC\AppData\Roaming\Macromedia [2011.12.30 17:07:58 | 000,000,000 | ---D | M] -- C:\Users\Max.UseR-PC\AppData\Roaming\Malwarebytes [2006.11.02 13:37:34 | 000,000,000 | ---D | M] -- C:\Users\Max.UseR-PC\AppData\Roaming\Media Center Programs [2011.02.26 08:43:08 | 000,000,000 | ---D | M] -- C:\Users\Max.UseR-PC\AppData\Roaming\Meine Die Schlacht um Mittelerde-Dateien [2009.04.11 13:52:15 | 000,000,000 | ---D | M] -- C:\Users\Max.UseR-PC\AppData\Roaming\Meine Die Schlacht um Mittelerde™ II-Dateien [2009.11.07 21:28:08 | 000,000,000 | --SD | M] -- C:\Users\Max.UseR-PC\AppData\Roaming\Microsoft [2009.02.06 16:39:48 | 000,000,000 | ---D | M] -- C:\Users\Max.UseR-PC\AppData\Roaming\Microsoft Game Studios [2009.06.22 21:36:59 | 000,000,000 | ---D | M] -- C:\Users\Max.UseR-PC\AppData\Roaming\Miranda [2009.03.30 15:35:19 | 000,000,000 | ---D | M] -- C:\Users\Max.UseR-PC\AppData\Roaming\mIRC [2009.01.20 15:33:34 | 000,000,000 | ---D | M] -- C:\Users\Max.UseR-PC\AppData\Roaming\Mozilla [2011.10.23 16:38:04 | 000,000,000 | ---D | M] -- C:\Users\Max.UseR-PC\AppData\Roaming\Nitro PDF [2010.01.13 15:03:03 | 000,000,000 | ---D | M] -- C:\Users\Max.UseR-PC\AppData\Roaming\OpenOffice.org [2010.01.03 19:40:53 | 000,000,000 | ---D | M] -- C:\Users\Max.UseR-PC\AppData\Roaming\OpenOffice.org2 [2010.07.09 19:38:59 | 000,000,000 | ---D | M] -- C:\Users\Max.UseR-PC\AppData\Roaming\pokerth [2009.03.28 19:47:18 | 000,000,000 | RH-D | M] -- C:\Users\Max.UseR-PC\AppData\Roaming\SecuROM [2011.11.17 01:43:57 | 000,000,000 | ---D | M] -- C:\Users\Max.UseR-PC\AppData\Roaming\Skype [2011.11.16 16:50:08 | 000,000,000 | ---D | M] -- C:\Users\Max.UseR-PC\AppData\Roaming\skypePM [2009.04.30 21:36:23 | 000,000,000 | ---D | M] -- C:\Users\Max.UseR-PC\AppData\Roaming\teamspeak2 [2011.10.09 20:37:08 | 000,000,000 | ---D | M] -- C:\Users\Max.UseR-PC\AppData\Roaming\temp [2009.09.17 20:30:30 | 000,000,000 | ---D | M] -- C:\Users\Max.UseR-PC\AppData\Roaming\Template [2010.09.01 16:52:47 | 000,000,000 | ---D | M] -- C:\Users\Max.UseR-PC\AppData\Roaming\Thunderbird [2010.09.02 13:03:41 | 000,000,000 | ---D | M] -- C:\Users\Max.UseR-PC\AppData\Roaming\Trillian [2011.10.09 11:28:26 | 000,000,000 | ---D | M] -- C:\Users\Max.UseR-PC\AppData\Roaming\UDC Profiles [2009.01.19 20:02:01 | 000,000,000 | ---D | M] -- C:\Users\Max.UseR-PC\AppData\Roaming\Validity [2009.05.24 16:13:50 | 000,000,000 | ---D | M] -- C:\Users\Max.UseR-PC\AppData\Roaming\vlc [2010.12.22 13:52:44 | 000,000,000 | ---D | M] -- C:\Users\Max.UseR-PC\AppData\Roaming\Winamp [2010.07.10 12:35:16 | 000,000,000 | ---D | M] -- C:\Users\Max.UseR-PC\AppData\Roaming\WinRAR [2009.07.17 17:35:12 | 000,000,000 | ---D | M] -- C:\Users\Max.UseR-PC\AppData\Roaming\Wippien < %APPDATA%\*.exe /s > [2009.01.31 00:21:22 | 000,011,502 | R--- | M] () -- C:\Users\Max.UseR-PC\AppData\Roaming\Microsoft\Installer\{7E641E46-81DB-4D1D-906A-48342523051C}\ARPPRODUCTICON.exe [2009.01.31 00:21:23 | 000,053,248 | R--- | M] (InstallShield Software Corp.) -- C:\Users\Max.UseR-PC\AppData\Roaming\Microsoft\Installer\{7E641E46-81DB-4D1D-906A-48342523051C}\FlatOut2.exe1_C884B05AF5D94AE49D84E6BD9F6E7890.exe [2009.01.31 00:21:22 | 000,053,248 | R--- | M] (InstallShield Software Corp.) -- C:\Users\Max.UseR-PC\AppData\Roaming\Microsoft\Installer\{7E641E46-81DB-4D1D-906A-48342523051C}\FlatOut2.exe_C884B05AF5D94AE49D84E6BD9F6E7890.exe [2009.01.31 00:21:23 | 000,015,086 | R--- | M] () -- C:\Users\Max.UseR-PC\AppData\Roaming\Microsoft\Installer\{7E641E46-81DB-4D1D-906A-48342523051C}\NewShortcut5_C884B05AF5D94AE49D84E6BD9F6E7890.exe [2009.01.31 00:21:23 | 000,008,854 | R--- | M] () -- C:\Users\Max.UseR-PC\AppData\Roaming\Microsoft\Installer\{7E641E46-81DB-4D1D-906A-48342523051C}\Uninstall_FlatOut2_C884B05AF5D94AE49D84E6BD9F6E7890.exe < %SYSTEMDRIVE%\*.exe > < MD5 for: AGP440.SYS > [2008.01.19 08:42:25 | 000,056,376 | ---- | M] (Microsoft Corporation) MD5=13F9E33747E6B41A3FF305C37DB0D360 -- C:\Windows\System32\DriverStore\FileRepository\machine.inf_f750e484\AGP440.sys [2008.01.19 08:42:25 | 000,056,376 | ---- | M] (Microsoft Corporation) MD5=13F9E33747E6B41A3FF305C37DB0D360 -- C:\Windows\winsxs\x86_machine.inf_31bf3856ad364e35_6.0.6001.18000_none_ba12ed3bbeb0d97a\AGP440.sys [2008.01.19 08:42:25 | 000,056,376 | ---- | M] (Microsoft Corporation) MD5=13F9E33747E6B41A3FF305C37DB0D360 -- C:\Windows\winsxs\x86_machine.inf_31bf3856ad364e35_6.0.6002.18005_none_bbfe6647bbd2a4c6\AGP440.sys [2006.11.02 10:49:52 | 000,053,864 | ---- | M] (Microsoft Corporation) MD5=EF23439CDD587F64C2C1B8825CEAD7D8 -- C:\Windows\ERDNT\cache\AGP440.sys [2006.11.02 10:49:52 | 000,053,864 | ---- | M] (Microsoft Corporation) MD5=EF23439CDD587F64C2C1B8825CEAD7D8 -- C:\Windows\System32\drivers\AGP440.sys [2006.11.02 10:49:52 | 000,053,864 | ---- | M] (Microsoft Corporation) MD5=EF23439CDD587F64C2C1B8825CEAD7D8 -- C:\Windows\System32\DriverStore\FileRepository\machine.inf_920a2c1f\AGP440.sys < MD5 for: ATAPI.SYS > [2009.04.11 07:32:26 | 000,019,944 | ---- | M] (Microsoft Corporation) MD5=1F05B78AB91C9075565A9D8A4B880BC4 -- C:\Windows\winsxs\x86_mshdc.inf_31bf3856ad364e35_6.0.6002.18005_none_df23a1261eab99e8\atapi.sys [2008.01.19 08:41:30 | 000,021,560 | ---- | M] (Microsoft Corporation) MD5=2D9C903DC76A66813D350A562DE40ED9 -- C:\Windows\ERDNT\cache\atapi.sys [2008.01.19 08:41:30 | 000,021,560 | ---- | M] (Microsoft Corporation) MD5=2D9C903DC76A66813D350A562DE40ED9 -- C:\Windows\System32\drivers\atapi.sys [2008.01.19 08:41:30 | 000,021,560 | ---- | M] (Microsoft Corporation) MD5=2D9C903DC76A66813D350A562DE40ED9 -- C:\Windows\System32\DriverStore\FileRepository\mshdc.inf_cc18792d\atapi.sys [2008.01.19 08:41:30 | 000,021,560 | ---- | M] (Microsoft Corporation) MD5=2D9C903DC76A66813D350A562DE40ED9 -- C:\Windows\winsxs\x86_mshdc.inf_31bf3856ad364e35_6.0.6001.18000_none_dd38281a2189ce9c\atapi.sys [2006.11.02 10:49:36 | 000,019,048 | ---- | M] (Microsoft Corporation) MD5=4F4FCB8B6EA06784FB6D475B7EC7300F -- C:\Windows\System32\DriverStore\FileRepository\mshdc.inf_c6c2e699\atapi.sys [2008.05.19 11:21:55 | 000,021,560 | ---- | M] (Microsoft Corporation) MD5=B35CFCEF838382AB6490B321C87EDF17 -- C:\Windows\System32\DriverStore\FileRepository\mshdc.inf_7de13c21\atapi.sys [2008.05.19 11:21:55 | 000,021,560 | ---- | M] (Microsoft Corporation) MD5=B35CFCEF838382AB6490B321C87EDF17 -- C:\Windows\winsxs\x86_mshdc.inf_31bf3856ad364e35_6.0.6000.16632_none_db337a442479c42c\atapi.sys [2008.05.19 11:21:55 | 000,021,560 | ---- | M] (Microsoft Corporation) MD5=E03E8C99D15D0381E02743C36AFC7C6F -- C:\Windows\winsxs\x86_mshdc.inf_31bf3856ad364e35_6.0.6000.20757_none_dbac78a93da31a8b\atapi.sys < MD5 for: CNGAUDIT.DLL > [2006.11.02 10:46:03 | 000,011,776 | ---- | M] (Microsoft Corporation) MD5=7F15B4953378C8B5161D65C26D5FED4D -- C:\Windows\ERDNT\cache\cngaudit.dll [2006.11.02 10:46:03 | 000,011,776 | ---- | M] (Microsoft Corporation) MD5=7F15B4953378C8B5161D65C26D5FED4D -- C:\Windows\System32\cngaudit.dll [2006.11.02 10:46:03 | 000,011,776 | ---- | M] (Microsoft Corporation) MD5=7F15B4953378C8B5161D65C26D5FED4D -- C:\Windows\winsxs\x86_microsoft-windows-cngaudit-dll_31bf3856ad364e35_6.0.6000.16386_none_e62d292932a96ce6\cngaudit.dll < MD5 for: IASTOR.SYS > [2007.09.29 16:03:32 | 000,384,024 | ---- | M] (Intel Corporation) MD5=16A4671255CFB842225F0FDB6DBDB414 -- C:\ACER\Preload\Autorun\DRV\Intel Robson Robson\Winall\Driver64\IaStor.sys [2007.09.29 16:03:32 | 000,384,024 | ---- | M] (Intel Corporation) MD5=16A4671255CFB842225F0FDB6DBDB414 -- C:\Program Files\Intel\Intel Matrix Storage Manager\driver64\IaStor.sys [2007.09.29 16:03:12 | 000,308,248 | ---- | M] (Intel Corporation) MD5=E5A0034847537EAEE3C00349D5C34C5F -- C:\ACER\Preload\Autorun\DRV\Intel Robson Robson\Winall\Driver\IaStor.sys [2007.09.29 16:03:12 | 000,308,248 | ---- | M] (Intel Corporation) MD5=E5A0034847537EAEE3C00349D5C34C5F -- C:\Program Files\Intel\Intel Matrix Storage Manager\driver\IaStor.sys [2007.09.29 16:03:12 | 000,308,248 | ---- | M] (Intel Corporation) MD5=E5A0034847537EAEE3C00349D5C34C5F -- C:\Windows\System32\drivers\iaStor.sys [2007.09.29 16:03:12 | 000,308,248 | ---- | M] (Intel Corporation) MD5=E5A0034847537EAEE3C00349D5C34C5F -- C:\Windows\System32\DriverStore\FileRepository\iaahci.inf_7baf6192\iaStor.sys < MD5 for: IASTORV.SYS > [2008.01.19 08:42:51 | 000,235,064 | ---- | M] (Intel Corporation) MD5=54155EA1B0DF185878E0FC9EC3AC3A14 -- C:\Windows\System32\DriverStore\FileRepository\iastorv.inf_c9df7691\iaStorV.sys [2008.01.19 08:42:51 | 000,235,064 | ---- | M] (Intel Corporation) MD5=54155EA1B0DF185878E0FC9EC3AC3A14 -- C:\Windows\winsxs\x86_iastorv.inf_31bf3856ad364e35_6.0.6001.18000_none_af11527887c7fa8f\iaStorV.sys [2006.11.02 10:51:25 | 000,232,040 | ---- | M] (Intel Corporation) MD5=C957BF4B5D80B46C5017BF0101E6C906 -- C:\Windows\System32\drivers\iaStorV.sys [2006.11.02 10:51:25 | 000,232,040 | ---- | M] (Intel Corporation) MD5=C957BF4B5D80B46C5017BF0101E6C906 -- C:\Windows\System32\DriverStore\FileRepository\iastorv.inf_37cdafa4\iaStorV.sys < MD5 for: NETLOGON.DLL > [2009.04.11 07:28:23 | 000,592,896 | ---- | M] (Microsoft Corporation) MD5=95DAECF0FB120A7B5DA679CC54E37DDE -- C:\Windows\winsxs\x86_microsoft-windows-security-netlogon_31bf3856ad364e35_6.0.6002.18005_none_ffa3304f351bb3a3\netlogon.dll [2008.01.19 08:35:36 | 000,592,384 | ---- | M] (Microsoft Corporation) MD5=A8EFC0B6E75B789F7FD3BA5025D4E37F -- C:\Windows\ERDNT\cache\netlogon.dll [2008.01.19 08:35:36 | 000,592,384 | ---- | M] (Microsoft Corporation) MD5=A8EFC0B6E75B789F7FD3BA5025D4E37F -- C:\Windows\System32\netlogon.dll [2008.01.19 08:35:36 | 000,592,384 | ---- | M] (Microsoft Corporation) MD5=A8EFC0B6E75B789F7FD3BA5025D4E37F -- C:\Windows\winsxs\x86_microsoft-windows-security-netlogon_31bf3856ad364e35_6.0.6001.18000_none_fdb7b74337f9e857\netlogon.dll < MD5 for: NVSTOR.SYS > [2006.11.02 10:50:13 | 000,040,040 | ---- | M] (NVIDIA Corporation) MD5=9E0BA19A28C498A6D323D065DB76DFFC -- C:\Windows\System32\drivers\nvstor.sys [2006.11.02 10:50:13 | 000,040,040 | ---- | M] (NVIDIA Corporation) MD5=9E0BA19A28C498A6D323D065DB76DFFC -- C:\Windows\System32\DriverStore\FileRepository\nvraid.inf_733654ff\nvstor.sys [2008.01.19 08:42:09 | 000,045,112 | ---- | M] (NVIDIA Corporation) MD5=ABED0C09758D1D97DB0042DBB2688177 -- C:\Windows\System32\DriverStore\FileRepository\nvraid.inf_31c3d71d\nvstor.sys [2008.01.19 08:42:09 | 000,045,112 | ---- | M] (NVIDIA Corporation) MD5=ABED0C09758D1D97DB0042DBB2688177 -- C:\Windows\winsxs\x86_nvraid.inf_31bf3856ad364e35_6.0.6001.18000_none_39dac327befea467\nvstor.sys < MD5 for: SCECLI.DLL > [2008.01.19 08:36:19 | 000,177,152 | ---- | M] (Microsoft Corporation) MD5=28B84EB538F7E8A0FE8B9299D591E0B9 -- C:\Windows\ERDNT\cache\scecli.dll [2008.01.19 08:36:19 | 000,177,152 | ---- | M] (Microsoft Corporation) MD5=28B84EB538F7E8A0FE8B9299D591E0B9 -- C:\Windows\System32\scecli.dll [2008.01.19 08:36:19 | 000,177,152 | ---- | M] (Microsoft Corporation) MD5=28B84EB538F7E8A0FE8B9299D591E0B9 -- C:\Windows\winsxs\x86_microsoft-windows-s..urationengineclient_31bf3856ad364e35_6.0.6001.18000_none_380de25bd91b6f12\scecli.dll [2009.04.11 07:28:24 | 000,177,152 | ---- | M] (Microsoft Corporation) MD5=8FC182167381E9915651267044105EE1 -- C:\Windows\winsxs\x86_microsoft-windows-s..urationengineclient_31bf3856ad364e35_6.0.6002.18005_none_39f95b67d63d3a5e\scecli.dll < MD5 for: USER32.DLL > [2008.03.02 00:09:36 | 000,633,856 | ---- | M] (Microsoft Corporation) MD5=63B4F59D7C89B1BF5277F1FFEFD491CD -- C:\Windows\winsxs\x86_microsoft-windows-user32_31bf3856ad364e35_6.0.6000.16438_none_cb39bc5b7047127e\user32.dll [2009.04.11 07:28:25 | 000,627,712 | ---- | M] (Microsoft Corporation) MD5=75510147B94598407666F4802797C75A -- C:\Windows\winsxs\x86_microsoft-windows-user32_31bf3856ad364e35_6.0.6002.18005_none_cf23e54d6a7e4a7e\user32.dll [2008.03.02 00:09:36 | 000,633,856 | ---- | M] (Microsoft Corporation) MD5=9D9F061EDA75425FC67F0365E3467C86 -- C:\Windows\winsxs\x86_microsoft-windows-user32_31bf3856ad364e35_6.0.6000.20537_none_cbc258dc896598f1\user32.dll [2008.01.19 08:36:46 | 000,627,200 | ---- | M] (Microsoft Corporation) MD5=B974D9F06DC7D1908E825DC201681269 -- C:\Windows\ERDNT\cache\user32.dll [2008.01.19 08:36:46 | 000,627,200 | ---- | M] (Microsoft Corporation) MD5=B974D9F06DC7D1908E825DC201681269 -- C:\Windows\System32\user32.dll [2008.01.19 08:36:46 | 000,627,200 | ---- | M] (Microsoft Corporation) MD5=B974D9F06DC7D1908E825DC201681269 -- C:\Windows\winsxs\x86_microsoft-windows-user32_31bf3856ad364e35_6.0.6001.18000_none_cd386c416d5c7f32\user32.dll < MD5 for: USERINIT.EXE > [2008.01.19 08:33:33 | 000,025,088 | ---- | M] (Microsoft Corporation) MD5=0E135526E9785D085BCD9AEDE6FBCBF9 -- C:\Windows\ERDNT\cache\userinit.exe [2008.01.19 08:33:33 | 000,025,088 | ---- | M] (Microsoft Corporation) MD5=0E135526E9785D085BCD9AEDE6FBCBF9 -- C:\Windows\System32\userinit.exe [2008.01.19 08:33:33 | 000,025,088 | ---- | M] (Microsoft Corporation) MD5=0E135526E9785D085BCD9AEDE6FBCBF9 -- C:\Windows\winsxs\x86_microsoft-windows-userinit_31bf3856ad364e35_6.0.6001.18000_none_dc28ba15d1aff80b\userinit.exe < MD5 for: WININIT.EXE > [2008.01.19 08:33:37 | 000,096,768 | ---- | M] (Microsoft Corporation) MD5=101BA3EA053480BB5D957EF37C06B5ED -- C:\Windows\System32\wininit.exe [2008.01.19 08:33:37 | 000,096,768 | ---- | M] (Microsoft Corporation) MD5=101BA3EA053480BB5D957EF37C06B5ED -- C:\Windows\winsxs\x86_microsoft-windows-wininit_31bf3856ad364e35_6.0.6001.18000_none_30f2b8cf0450a6a2\wininit.exe < MD5 for: WINLOGON.EXE > [2009.04.11 07:28:13 | 000,314,368 | ---- | M] (Microsoft Corporation) MD5=898E7C06A350D4A1A64A9EA264D55452 -- C:\Windows\winsxs\x86_microsoft-windows-winlogon_31bf3856ad364e35_6.0.6002.18005_none_71ae7a22d2134741\winlogon.exe [2011.12.24 17:50:20 | 000,182,856 | ---- | M] () MD5=B382935AB01B27D0E14F267DBF288896 -- C:\Program Files\Malwarebytes' Anti-Malware\Chameleon\winlogon.exe [2008.01.19 08:33:37 | 000,314,880 | ---- | M] (Microsoft Corporation) MD5=C2610B6BDBEFC053BBDAB4F1B965CB24 -- C:\Windows\ERDNT\cache\winlogon.exe [2008.01.19 08:33:37 | 000,314,880 | ---- | M] (Microsoft Corporation) MD5=C2610B6BDBEFC053BBDAB4F1B965CB24 -- C:\Windows\System32\winlogon.exe [2008.01.19 08:33:37 | 000,314,880 | ---- | M] (Microsoft Corporation) MD5=C2610B6BDBEFC053BBDAB4F1B965CB24 -- C:\Windows\winsxs\x86_microsoft-windows-winlogon_31bf3856ad364e35_6.0.6001.18000_none_6fc30116d4f17bf5\winlogon.exe < MD5 for: WS2IFSL.SYS > [2008.01.19 06:56:49 | 000,015,872 | ---- | M] (Microsoft Corporation) MD5=E3A3CB253C0EC2494D4A61F5E43A389C -- C:\Windows\System32\drivers\ws2ifsl.sys [2008.01.19 06:56:49 | 000,015,872 | ---- | M] (Microsoft Corporation) MD5=E3A3CB253C0EC2494D4A61F5E43A389C -- C:\Windows\winsxs\x86_microsoft-windows-w..rastructure-ws2ifsl_31bf3856ad364e35_6.0.6001.18000_none_4f86a0d4c7cda641\ws2ifsl.sys < %systemroot%\system32\drivers\*.sys /lockedfiles > < %systemroot%\System32\config\*.sav > [2006.11.02 11:34:05 | 000,008,192 | ---- | M] () -- C:\Windows\System32\config\COMPONENTS.SAV [2006.11.02 11:34:05 | 000,020,480 | ---- | M] () -- C:\Windows\System32\config\DEFAULT.SAV [2006.11.02 11:34:05 | 000,008,192 | ---- | M] () -- C:\Windows\System32\config\SECURITY.SAV [2006.11.02 11:34:08 | 010,133,504 | ---- | M] () -- C:\Windows\System32\config\SOFTWARE.SAV [2006.11.02 11:34:08 | 001,826,816 | ---- | M] () -- C:\Windows\System32\config\SYSTEM.SAV < %systemroot%\*. /mp /s > < %systemroot%\system32\*.dll /lockedfiles > ========== Alternate Data Streams ========== @Alternate Data Stream - 99 bytes -> C:\ProgramData\TEMP:FEBEC560 < End of report > |
|
05.01.2012, 21:44
| #18 |
| /// Winkelfunktion /// TB-Süch-Tiger™ | BKA-Virus eingefangen Leider lässt dir immer etwas Zeit zwischen den Postings...
__________________Mach mal in diesem abgesicherten Modus erstmal einen neuen Vollscan mit Malwarebytes, vorher aktualisieren versteht sich
__________________ |
|
06.01.2012, 15:02
| #19 |
| | BKA-Virus eingefangenCode:
ATTFilter Malwarebytes Anti-Malware 1.60.0.1800 www.malwarebytes.org Datenbank Version: v2012.01.06.02 Windows Vista Service Pack 1 x86 NTFS (Abgesichertenmodus/Netzwerkfähig) Internet Explorer 8.0.6001.19088 Max :: USER-PC [Administrator] 06.01.2012 12:39:45 mbam-log-2012-01-06 (12-39-45).txt Art des Suchlaufs: Vollständiger Suchlauf Aktivierte Suchlaufeinstellungen: Speicher | Autostart | Registrierung | Dateisystem | Heuristiks/Extra | HeuristiKs/Shuriken | PUP | PUM Deaktivierte Suchlaufeinstellungen: P2P Durchsuchte Objekte: 458674 Laufzeit: 1 Stunde(n), 24 Minute(n), 11 Sekunde(n) Infizierte Speicherprozesse: 0 (Keine bösartigen Objekte gefunden) Infizierte Speichermodule: 0 (Keine bösartigen Objekte gefunden) Infizierte Registrierungsschlüssel: 0 (Keine bösartigen Objekte gefunden) Infizierte Registrierungswerte: 0 (Keine bösartigen Objekte gefunden) Infizierte Dateiobjekte der Registrierung: 0 (Keine bösartigen Objekte gefunden) Infizierte Verzeichnisse: 0 (Keine bösartigen Objekte gefunden) Infizierte Dateien: 0 (Keine bösartigen Objekte gefunden) (Ende) |
|
06.01.2012, 15:36
| #20 | |
| /// Winkelfunktion /// TB-Süch-Tiger™ | BKA-Virus eingefangenZitat:
__________________ Logfiles bitte immer in CODE-Tags posten |
|
06.01.2012, 17:54
| #21 |
| | BKA-Virus eingefangen bisher konnte der laptop im normalen modus nicht gestartet werden. außerdem braucht der laptop zum hochfahren immer sehr lange |
|
06.01.2012, 19:25
| #22 |
| /// Winkelfunktion /// TB-Süch-Tiger™ | BKA-Virus eingefangen Mach einen OTL-Fix, beende alle evtl. geöffneten Programme, auch Virenscanner deaktivieren (!), starte OTL und kopiere folgenden Text in die "Custom Scan/Fixes" Box (unten in OTL): (das ":OTL" muss mitkopiert werden!!!) Code:
ATTFilter :OTL
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://de.intl.acer.yahoo.com
IE - HKLM\..\URLSearchHook: - No CLSID value found
IE - HKLM\..\URLSearchHook: {855F3B16-6D32-4fe6-8A56-BBB695989046} - No CLSID value found
IE - HKLM\..\URLSearchHook: {872b5b88-9db5-4310-bdd0-ac189557e5f5} - C:\Program Files\DVDVideoSoftTB\prxtbDVDV.dll (Conduit Ltd.)
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Secondary_Page_URL = http://global.acer.com [binary data]
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Secondary Start Pages = http://global.acer.com [binary data]
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://search.conduit.com?SearchSource=10&ctid=CT2269050
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,StartPageCache = 1
IE - HKCU\..\URLSearchHook: - No CLSID value found
IE - HKCU\..\URLSearchHook: {855F3B16-6D32-4fe6-8A56-BBB695989046} - No CLSID value found
IE - HKCU\..\URLSearchHook: {872b5b88-9db5-4310-bdd0-ac189557e5f5} - C:\Program Files\DVDVideoSoftTB\prxtbDVDV.dll (Conduit Ltd.)
FF - prefs.js..browser.search.defaultenginename: "ICQ Search"
FF - prefs.js..browser.search.defaultthis.engineName: "Search"
FF - prefs.js..browser.search.defaulturl: "http://search.conduit.com/ResultsExt.aspx?ctid=CT2269050&SearchSource=3&q={searchTerms}"
FF - prefs.js..keyword.URL: "http://search.conduit.com/ResultsExt.aspx?ctid=CT2269050&q="
[2010.04.27 20:37:47 | 000,000,000 | ---D | M] (Microsoft .NET Framework Assistant) -- C:\Users\Max.UseR-PC\AppData\Roaming\mozilla\Firefox\Profiles\wu1g1l4l.default\extensions\{20a82645-c095-46ed-80e3-08825760534b}
[2011.12.06 14:44:51 | 000,000,000 | ---D | M] (DVDVideoSoftTB Community Toolbar) -- C:\Users\Max.UseR-PC\AppData\Roaming\mozilla\Firefox\Profiles\wu1g1l4l.default\extensions\{872b5b88-9db5-4310-bdd0-ac189557e5f5}
[2011.03.29 17:11:16 | 000,000,000 | ---D | M] ("Free YouTube Download (Free Studio) Menu") -- C:\Users\Max.UseR-PC\AppData\Roaming\mozilla\Firefox\Profiles\wu1g1l4l.default\extensions\{ACAA314B-EEBA-48e4-AD47-84E31C44796C}
[2011.05.07 10:48:03 | 000,000,000 | ---D | M] (Conduit Engine) -- C:\Users\Max.UseR-PC\AppData\Roaming\mozilla\Firefox\Profiles\wu1g1l4l.default\extensions\engine@conduit.com
[2011.03.30 12:34:16 | 000,000,873 | ---- | M] () -- C:\Users\Max.UseR-PC\AppData\Roaming\Mozilla\Firefox\Profiles\wu1g1l4l.default\searchplugins\conduit.xml
[2011.12.27 12:32:40 | 000,000,950 | ---- | M] () -- C:\Users\Max.UseR-PC\AppData\Roaming\Mozilla\Firefox\Profiles\wu1g1l4l.default\searchplugins\icqplugin-1.xml
[2010.10.24 17:54:49 | 000,000,950 | ---- | M] () -- C:\Users\Max.UseR-PC\AppData\Roaming\Mozilla\Firefox\Profiles\wu1g1l4l.default\searchplugins\icqplugin-10.xml
[2010.11.06 11:46:48 | 000,000,950 | ---- | M] () -- C:\Users\Max.UseR-PC\AppData\Roaming\Mozilla\Firefox\Profiles\wu1g1l4l.default\searchplugins\icqplugin-11.xml
[2010.12.13 17:27:17 | 000,000,950 | ---- | M] () -- C:\Users\Max.UseR-PC\AppData\Roaming\Mozilla\Firefox\Profiles\wu1g1l4l.default\searchplugins\icqplugin-12.xml
[2011.03.03 15:45:30 | 000,000,950 | ---- | M] () -- C:\Users\Max.UseR-PC\AppData\Roaming\Mozilla\Firefox\Profiles\wu1g1l4l.default\searchplugins\icqplugin-13.xml
[2011.03.06 17:22:15 | 000,000,950 | ---- | M] () -- C:\Users\Max.UseR-PC\AppData\Roaming\Mozilla\Firefox\Profiles\wu1g1l4l.default\searchplugins\icqplugin-14.xml
[2011.03.06 22:36:59 | 000,000,950 | ---- | M] () -- C:\Users\Max.UseR-PC\AppData\Roaming\Mozilla\Firefox\Profiles\wu1g1l4l.default\searchplugins\icqplugin-15.xml
[2011.03.26 14:36:37 | 000,000,950 | ---- | M] () -- C:\Users\Max.UseR-PC\AppData\Roaming\Mozilla\Firefox\Profiles\wu1g1l4l.default\searchplugins\icqplugin-16.xml
[2011.03.30 12:39:55 | 000,000,950 | ---- | M] () -- C:\Users\Max.UseR-PC\AppData\Roaming\Mozilla\Firefox\Profiles\wu1g1l4l.default\searchplugins\icqplugin-17.xml
[2010.03.24 14:52:04 | 000,000,950 | ---- | M] () -- C:\Users\Max.UseR-PC\AppData\Roaming\Mozilla\Firefox\Profiles\wu1g1l4l.default\searchplugins\icqplugin-2.xml
[2010.04.02 19:31:32 | 000,000,950 | ---- | M] () -- C:\Users\Max.UseR-PC\AppData\Roaming\Mozilla\Firefox\Profiles\wu1g1l4l.default\searchplugins\icqplugin-3.xml
[2010.06.23 20:04:31 | 000,000,950 | ---- | M] () -- C:\Users\Max.UseR-PC\AppData\Roaming\Mozilla\Firefox\Profiles\wu1g1l4l.default\searchplugins\icqplugin-4.xml
[2010.06.28 12:55:30 | 000,000,950 | ---- | M] () -- C:\Users\Max.UseR-PC\AppData\Roaming\Mozilla\Firefox\Profiles\wu1g1l4l.default\searchplugins\icqplugin-5.xml
[2010.07.22 21:21:00 | 000,000,950 | ---- | M] () -- C:\Users\Max.UseR-PC\AppData\Roaming\Mozilla\Firefox\Profiles\wu1g1l4l.default\searchplugins\icqplugin-6.xml
[2010.07.24 12:56:08 | 000,000,950 | ---- | M] () -- C:\Users\Max.UseR-PC\AppData\Roaming\Mozilla\Firefox\Profiles\wu1g1l4l.default\searchplugins\icqplugin-7.xml
[2010.08.21 23:59:20 | 000,000,950 | ---- | M] () -- C:\Users\Max.UseR-PC\AppData\Roaming\Mozilla\Firefox\Profiles\wu1g1l4l.default\searchplugins\icqplugin-8.xml
[2010.10.18 21:44:02 | 000,000,950 | ---- | M] () -- C:\Users\Max.UseR-PC\AppData\Roaming\Mozilla\Firefox\Profiles\wu1g1l4l.default\searchplugins\icqplugin-9.xml
[2010.03.08 14:52:57 | 000,000,955 | ---- | M] () -- C:\Users\Max.UseR-PC\AppData\Roaming\Mozilla\Firefox\Profiles\wu1g1l4l.default\searchplugins\icqplugin.xml
[2010.01.23 21:13:54 | 000,000,000 | ---D | M] ("ICQ Toolbar") -- C:\Program Files\Mozilla Firefox\extensions\{800b5000-a755-47e1-992b-48a1c1357f07}
O2 - BHO: (Conduit Engine) - {30F9B915-B755-4826-820B-08FBA6BD249D} - C:\Program Files\ConduitEngine\prxConduitEngine.dll (Conduit Ltd.)
O2 - BHO: (ShowBarObj Class) - {83A2F9B1-01A2-4AA5-87D1-45B6B8505E96} - C:\Program Files\Acer\Empowering Technology\eDataSecurity\x86\ActiveToolBand.dll (Egis)
O2 - BHO: (DVDVideoSoftTB Toolbar) - {872b5b88-9db5-4310-bdd0-ac189557e5f5} - C:\Program Files\DVDVideoSoftTB\prxtbDVDV.dll (Conduit Ltd.)
O3 - HKLM\..\Toolbar: (Conduit Engine) - {30F9B915-B755-4826-820B-08FBA6BD249D} - C:\Program Files\ConduitEngine\prxConduitEngine.dll (Conduit Ltd.)
O3 - HKLM\..\Toolbar: (Acer eDataSecurity Management) - {5CBE3B7C-1E47-477e-A7DD-396DB0476E29} - C:\Program Files\Acer\Empowering Technology\eDataSecurity\x86\eDStoolbar.dll (Egis Incorporated.)
O3 - HKLM\..\Toolbar: (no name) - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - No CLSID value found.
O3 - HKLM\..\Toolbar: (DVDVideoSoftTB Toolbar) - {872b5b88-9db5-4310-bdd0-ac189557e5f5} - C:\Program Files\DVDVideoSoftTB\prxtbDVDV.dll (Conduit Ltd.)
O3 - HKLM\..\Toolbar: (Veoh Browser Plug-in) - {D0943516-5076-4020-A3B5-AEFAF26AB263} - C:\Program Files\Veoh Networks\Veoh\Plugins\reg\VeohToolbar.dll (Veoh Networks Inc)
O3 - HKCU\..\Toolbar\WebBrowser: (DVDVideoSoftTB Toolbar) - {872B5B88-9DB5-4310-BDD0-AC189557E5F5} - C:\Program Files\DVDVideoSoftTB\prxtbDVDV.dll (Conduit Ltd.)
O4 - HKCU..\RunOnce: [] C:\Windows\System32\osk.exe (Microsoft Corporation)
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2006.09.18 22:43:36 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]
O33 - MountPoints2\{04dad287-db1b-11dd-94a4-001e4cd61bea}\Shell - "" = AutoRun
O33 - MountPoints2\{04dad287-db1b-11dd-94a4-001e4cd61bea}\Shell\AutoRun\command - "" = F:\S3\Autorun.exe
O33 - MountPoints2\{8426f62e-05c2-11df-9363-913c67c5ad42}\Shell\AutoRun\command - "" = G:\Menu.exe
@Alternate Data Stream - 99 bytes -> C:\ProgramData\TEMP:FEBEC560
:Files
C:\found.*
:Commands
[emptytemp]
[resethosts]
Das Logfile müsste geöffnet werden, wenn Du nach dem Fixen auf ok klickst, poste das bitte. Evtl. wird der Rechner neu gestartet. Die mit diesem Script gefixten Einträge, Dateien und Ordner werden zur Sicherheit nicht vollständig gelöscht, es wird eine Sicherheitskopie auf der Systempartition im Ordner "_OTL" erstellt. Hinweis: Das obige Script ist nur für diesen einen User in dieser Situtation erstellt worden. Es ist auf keinen anderen Rechner portierbar und darf nicht anderweitig verwandt werden, da es das System nachhaltig schädigen kann!
__________________ Logfiles bitte immer in CODE-Tags posten |
|
07.01.2012, 15:06
| #23 |
| | BKA-Virus eingefangenCode:
ATTFilter All processes killed
========== OTL ==========
HKLM\SOFTWARE\Microsoft\Internet Explorer\Main\\Start Page| /E : value set successfully!
Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\URLSearchHooks\\ deleted successfully.
Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\URLSearchHooks\\{855F3B16-6D32-4fe6-8A56-BBB695989046} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{855F3B16-6D32-4fe6-8A56-BBB695989046}\ not found.
Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\URLSearchHooks\\{872b5b88-9db5-4310-bdd0-ac189557e5f5} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{872b5b88-9db5-4310-bdd0-ac189557e5f5}\ deleted successfully.
C:\Program Files\DVDVideoSoftTB\prxtbDVDV.dll moved successfully.
HKCU\SOFTWARE\Microsoft\Internet Explorer\Main\\Default_Secondary_Page_URL| /E : value set successfully!
HKCU\SOFTWARE\Microsoft\Internet Explorer\Main\\Secondary Start Pages| /E : value set successfully!
HKCU\SOFTWARE\Microsoft\Internet Explorer\Main\\Start Page| /E : value set successfully!
HKCU\SOFTWARE\Microsoft\Internet Explorer\Main\\StartPageCache| /E : value set successfully!
Registry value HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\URLSearchHooks\\ deleted successfully.
Registry value HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\URLSearchHooks\\{855F3B16-6D32-4fe6-8A56-BBB695989046} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{855F3B16-6D32-4fe6-8A56-BBB695989046}\ not found.
Registry value HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\URLSearchHooks\\{872b5b88-9db5-4310-bdd0-ac189557e5f5} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{872b5b88-9db5-4310-bdd0-ac189557e5f5}\ not found.
File C:\Program Files\DVDVideoSoftTB\prxtbDVDV.dll not found.
Prefs.js: "ICQ Search" removed from browser.search.defaultenginename
Prefs.js: "Search" removed from browser.search.defaultthis.engineName
Prefs.js: "hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT2269050&SearchSource=3&q={searchTerms}" removed from browser.search.defaulturl
Prefs.js: "hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT2269050&q=" removed from keyword.URL
C:\Users\Max.UseR-PC\AppData\Roaming\mozilla\Firefox\Profiles\wu1g1l4l.default\extensions\{20a82645-c095-46ed-80e3-08825760534b}\defaults\preferences folder moved successfully.
C:\Users\Max.UseR-PC\AppData\Roaming\mozilla\Firefox\Profiles\wu1g1l4l.default\extensions\{20a82645-c095-46ed-80e3-08825760534b}\defaults folder moved successfully.
C:\Users\Max.UseR-PC\AppData\Roaming\mozilla\Firefox\Profiles\wu1g1l4l.default\extensions\{20a82645-c095-46ed-80e3-08825760534b}\chrome folder moved successfully.
C:\Users\Max.UseR-PC\AppData\Roaming\mozilla\Firefox\Profiles\wu1g1l4l.default\extensions\{20a82645-c095-46ed-80e3-08825760534b} folder moved successfully.
C:\Users\Max.UseR-PC\AppData\Roaming\mozilla\Firefox\Profiles\wu1g1l4l.default\extensions\{872b5b88-9db5-4310-bdd0-ac189557e5f5}\searchplugin folder moved successfully.
C:\Users\Max.UseR-PC\AppData\Roaming\mozilla\Firefox\Profiles\wu1g1l4l.default\extensions\{872b5b88-9db5-4310-bdd0-ac189557e5f5}\modules folder moved successfully.
C:\Users\Max.UseR-PC\AppData\Roaming\mozilla\Firefox\Profiles\wu1g1l4l.default\extensions\{872b5b88-9db5-4310-bdd0-ac189557e5f5}\META-INF folder moved successfully.
C:\Users\Max.UseR-PC\AppData\Roaming\mozilla\Firefox\Profiles\wu1g1l4l.default\extensions\{872b5b88-9db5-4310-bdd0-ac189557e5f5}\defaults folder moved successfully.
C:\Users\Max.UseR-PC\AppData\Roaming\mozilla\Firefox\Profiles\wu1g1l4l.default\extensions\{872b5b88-9db5-4310-bdd0-ac189557e5f5}\components folder moved successfully.
C:\Users\Max.UseR-PC\AppData\Roaming\mozilla\Firefox\Profiles\wu1g1l4l.default\extensions\{872b5b88-9db5-4310-bdd0-ac189557e5f5}\chrome folder moved successfully.
C:\Users\Max.UseR-PC\AppData\Roaming\mozilla\Firefox\Profiles\wu1g1l4l.default\extensions\{872b5b88-9db5-4310-bdd0-ac189557e5f5} folder moved successfully.
C:\Users\Max.UseR-PC\AppData\Roaming\mozilla\Firefox\Profiles\wu1g1l4l.default\extensions\{ACAA314B-EEBA-48e4-AD47-84E31C44796C}\chrome folder moved successfully.
C:\Users\Max.UseR-PC\AppData\Roaming\mozilla\Firefox\Profiles\wu1g1l4l.default\extensions\{ACAA314B-EEBA-48e4-AD47-84E31C44796C} folder moved successfully.
C:\Users\Max.UseR-PC\AppData\Roaming\mozilla\Firefox\Profiles\wu1g1l4l.default\extensions\engine@conduit.com\searchplugin folder moved successfully.
C:\Users\Max.UseR-PC\AppData\Roaming\mozilla\Firefox\Profiles\wu1g1l4l.default\extensions\engine@conduit.com\META-INF folder moved successfully.
C:\Users\Max.UseR-PC\AppData\Roaming\mozilla\Firefox\Profiles\wu1g1l4l.default\extensions\engine@conduit.com\lib folder moved successfully.
C:\Users\Max.UseR-PC\AppData\Roaming\mozilla\Firefox\Profiles\wu1g1l4l.default\extensions\engine@conduit.com\DualPackage folder moved successfully.
C:\Users\Max.UseR-PC\AppData\Roaming\mozilla\Firefox\Profiles\wu1g1l4l.default\extensions\engine@conduit.com\defaults folder moved successfully.
C:\Users\Max.UseR-PC\AppData\Roaming\mozilla\Firefox\Profiles\wu1g1l4l.default\extensions\engine@conduit.com\components folder moved successfully.
C:\Users\Max.UseR-PC\AppData\Roaming\mozilla\Firefox\Profiles\wu1g1l4l.default\extensions\engine@conduit.com\chrome folder moved successfully.
C:\Users\Max.UseR-PC\AppData\Roaming\mozilla\Firefox\Profiles\wu1g1l4l.default\extensions\engine@conduit.com folder moved successfully.
C:\Users\Max.UseR-PC\AppData\Roaming\Mozilla\Firefox\Profiles\wu1g1l4l.default\searchplugins\conduit.xml moved successfully.
C:\Users\Max.UseR-PC\AppData\Roaming\Mozilla\Firefox\Profiles\wu1g1l4l.default\searchplugins\icqplugin-1.xml moved successfully.
C:\Users\Max.UseR-PC\AppData\Roaming\Mozilla\Firefox\Profiles\wu1g1l4l.default\searchplugins\icqplugin-10.xml moved successfully.
C:\Users\Max.UseR-PC\AppData\Roaming\Mozilla\Firefox\Profiles\wu1g1l4l.default\searchplugins\icqplugin-11.xml moved successfully.
C:\Users\Max.UseR-PC\AppData\Roaming\Mozilla\Firefox\Profiles\wu1g1l4l.default\searchplugins\icqplugin-12.xml moved successfully.
C:\Users\Max.UseR-PC\AppData\Roaming\Mozilla\Firefox\Profiles\wu1g1l4l.default\searchplugins\icqplugin-13.xml moved successfully.
C:\Users\Max.UseR-PC\AppData\Roaming\Mozilla\Firefox\Profiles\wu1g1l4l.default\searchplugins\icqplugin-14.xml moved successfully.
C:\Users\Max.UseR-PC\AppData\Roaming\Mozilla\Firefox\Profiles\wu1g1l4l.default\searchplugins\icqplugin-15.xml moved successfully.
C:\Users\Max.UseR-PC\AppData\Roaming\Mozilla\Firefox\Profiles\wu1g1l4l.default\searchplugins\icqplugin-16.xml moved successfully.
C:\Users\Max.UseR-PC\AppData\Roaming\Mozilla\Firefox\Profiles\wu1g1l4l.default\searchplugins\icqplugin-17.xml moved successfully.
C:\Users\Max.UseR-PC\AppData\Roaming\Mozilla\Firefox\Profiles\wu1g1l4l.default\searchplugins\icqplugin-2.xml moved successfully.
C:\Users\Max.UseR-PC\AppData\Roaming\Mozilla\Firefox\Profiles\wu1g1l4l.default\searchplugins\icqplugin-3.xml moved successfully.
C:\Users\Max.UseR-PC\AppData\Roaming\Mozilla\Firefox\Profiles\wu1g1l4l.default\searchplugins\icqplugin-4.xml moved successfully.
C:\Users\Max.UseR-PC\AppData\Roaming\Mozilla\Firefox\Profiles\wu1g1l4l.default\searchplugins\icqplugin-5.xml moved successfully.
C:\Users\Max.UseR-PC\AppData\Roaming\Mozilla\Firefox\Profiles\wu1g1l4l.default\searchplugins\icqplugin-6.xml moved successfully.
C:\Users\Max.UseR-PC\AppData\Roaming\Mozilla\Firefox\Profiles\wu1g1l4l.default\searchplugins\icqplugin-7.xml moved successfully.
C:\Users\Max.UseR-PC\AppData\Roaming\Mozilla\Firefox\Profiles\wu1g1l4l.default\searchplugins\icqplugin-8.xml moved successfully.
C:\Users\Max.UseR-PC\AppData\Roaming\Mozilla\Firefox\Profiles\wu1g1l4l.default\searchplugins\icqplugin-9.xml moved successfully.
C:\Users\Max.UseR-PC\AppData\Roaming\Mozilla\Firefox\Profiles\wu1g1l4l.default\searchplugins\icqplugin.xml moved successfully.
C:\Program Files\Mozilla Firefox\extensions\{800b5000-a755-47e1-992b-48a1c1357f07}\sites folder moved successfully.
C:\Program Files\Mozilla Firefox\extensions\{800b5000-a755-47e1-992b-48a1c1357f07}\search_engine folder moved successfully.
C:\Program Files\Mozilla Firefox\extensions\{800b5000-a755-47e1-992b-48a1c1357f07}\META-INF folder moved successfully.
C:\Program Files\Mozilla Firefox\extensions\{800b5000-a755-47e1-992b-48a1c1357f07}\defaults\preferences folder moved successfully.
C:\Program Files\Mozilla Firefox\extensions\{800b5000-a755-47e1-992b-48a1c1357f07}\defaults folder moved successfully.
C:\Program Files\Mozilla Firefox\extensions\{800b5000-a755-47e1-992b-48a1c1357f07}\components folder moved successfully.
C:\Program Files\Mozilla Firefox\extensions\{800b5000-a755-47e1-992b-48a1c1357f07}\chrome\skin\favicon folder moved successfully.
C:\Program Files\Mozilla Firefox\extensions\{800b5000-a755-47e1-992b-48a1c1357f07}\chrome\skin folder moved successfully.
C:\Program Files\Mozilla Firefox\extensions\{800b5000-a755-47e1-992b-48a1c1357f07}\chrome\locale\tr folder moved successfully.
C:\Program Files\Mozilla Firefox\extensions\{800b5000-a755-47e1-992b-48a1c1357f07}\chrome\locale\sk folder moved successfully.
C:\Program Files\Mozilla Firefox\extensions\{800b5000-a755-47e1-992b-48a1c1357f07}\chrome\locale\ru folder moved successfully.
C:\Program Files\Mozilla Firefox\extensions\{800b5000-a755-47e1-992b-48a1c1357f07}\chrome\locale\it folder moved successfully.
C:\Program Files\Mozilla Firefox\extensions\{800b5000-a755-47e1-992b-48a1c1357f07}\chrome\locale\he folder moved successfully.
C:\Program Files\Mozilla Firefox\extensions\{800b5000-a755-47e1-992b-48a1c1357f07}\chrome\locale\fr folder moved successfully.
C:\Program Files\Mozilla Firefox\extensions\{800b5000-a755-47e1-992b-48a1c1357f07}\chrome\locale\es folder moved successfully.
C:\Program Files\Mozilla Firefox\extensions\{800b5000-a755-47e1-992b-48a1c1357f07}\chrome\locale\en-US folder moved successfully.
C:\Program Files\Mozilla Firefox\extensions\{800b5000-a755-47e1-992b-48a1c1357f07}\chrome\locale\de folder moved successfully.
C:\Program Files\Mozilla Firefox\extensions\{800b5000-a755-47e1-992b-48a1c1357f07}\chrome\locale\cs folder moved successfully.
C:\Program Files\Mozilla Firefox\extensions\{800b5000-a755-47e1-992b-48a1c1357f07}\chrome\locale\bg folder moved successfully.
C:\Program Files\Mozilla Firefox\extensions\{800b5000-a755-47e1-992b-48a1c1357f07}\chrome\locale folder moved successfully.
C:\Program Files\Mozilla Firefox\extensions\{800b5000-a755-47e1-992b-48a1c1357f07}\chrome\content\img folder moved successfully.
C:\Program Files\Mozilla Firefox\extensions\{800b5000-a755-47e1-992b-48a1c1357f07}\chrome\content folder moved successfully.
C:\Program Files\Mozilla Firefox\extensions\{800b5000-a755-47e1-992b-48a1c1357f07}\chrome folder moved successfully.
C:\Program Files\Mozilla Firefox\extensions\{800b5000-a755-47e1-992b-48a1c1357f07} folder moved successfully.
Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{30F9B915-B755-4826-820B-08FBA6BD249D}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{30F9B915-B755-4826-820B-08FBA6BD249D}\ deleted successfully.
C:\Program Files\ConduitEngine\prxConduitEngine.dll moved successfully.
Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{83A2F9B1-01A2-4AA5-87D1-45B6B8505E96}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{83A2F9B1-01A2-4AA5-87D1-45B6B8505E96}\ deleted successfully.
C:\Program Files\Acer\Empowering Technology\eDataSecurity\x86\ActiveToolBand.dll moved successfully.
Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{872b5b88-9db5-4310-bdd0-ac189557e5f5}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{872b5b88-9db5-4310-bdd0-ac189557e5f5}\ not found.
File C:\Program Files\DVDVideoSoftTB\prxtbDVDV.dll not found.
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Toolbar\\{30F9B915-B755-4826-820B-08FBA6BD249D} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{30F9B915-B755-4826-820B-08FBA6BD249D}\ not found.
File C:\Program Files\ConduitEngine\prxConduitEngine.dll not found.
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Toolbar\\{5CBE3B7C-1E47-477e-A7DD-396DB0476E29} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{5CBE3B7C-1E47-477e-A7DD-396DB0476E29}\ deleted successfully.
C:\Program Files\Acer\Empowering Technology\eDataSecurity\x86\eDStoolbar.dll moved successfully.
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Toolbar\\{7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA}\ not found.
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Toolbar\\{872b5b88-9db5-4310-bdd0-ac189557e5f5} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{872b5b88-9db5-4310-bdd0-ac189557e5f5}\ not found.
File C:\Program Files\DVDVideoSoftTB\prxtbDVDV.dll not found.
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Toolbar\\{D0943516-5076-4020-A3B5-AEFAF26AB263} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{D0943516-5076-4020-A3B5-AEFAF26AB263}\ deleted successfully.
C:\Program Files\Veoh Networks\Veoh\Plugins\reg\VeohToolbar.dll moved successfully.
Registry value HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{872B5B88-9DB5-4310-BDD0-AC189557E5F5} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{872B5B88-9DB5-4310-BDD0-AC189557E5F5}\ not found.
File C:\Program Files\DVDVideoSoftTB\prxtbDVDV.dll not found.
Registry value HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\RunOnce\\ deleted successfully.
File move failed. C:\Windows\System32\osk.exe scheduled to be moved on reboot.
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Cdrom\\AutoRun|DWORD:1 /E : value set successfully!
C:\autoexec.bat moved successfully.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{04dad287-db1b-11dd-94a4-001e4cd61bea}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{04dad287-db1b-11dd-94a4-001e4cd61bea}\ not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{04dad287-db1b-11dd-94a4-001e4cd61bea}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{04dad287-db1b-11dd-94a4-001e4cd61bea}\ not found.
File F:\S3\Autorun.exe not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{8426f62e-05c2-11df-9363-913c67c5ad42}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{8426f62e-05c2-11df-9363-913c67c5ad42}\ not found.
File G:\Menu.exe not found.
ADS C:\ProgramData\TEMP:FEBEC560 deleted successfully.
========== FILES ==========
C:\found.000\dir0011.chk folder moved successfully.
C:\found.000\dir0010.chk folder moved successfully.
C:\found.000\dir0009.chk folder moved successfully.
C:\found.000\dir0008.chk folder moved successfully.
C:\found.000\dir0007.chk folder moved successfully.
C:\found.000\dir0005.chk\B5 folder moved successfully.
C:\found.000\dir0005.chk\53 folder moved successfully.
C:\found.000\dir0005.chk folder moved successfully.
C:\found.000\dir0004.chk folder moved successfully.
C:\found.000\dir0003.chk\FE folder moved successfully.
C:\found.000\dir0003.chk\AA folder moved successfully.
C:\found.000\dir0003.chk folder moved successfully.
C:\found.000\dir0002.chk\5 folder moved successfully.
C:\found.000\dir0002.chk folder moved successfully.
C:\found.000\dir0001.chk folder moved successfully.
C:\found.000\dir0000.chk folder moved successfully.
C:\found.000 folder moved successfully.
C:\found.001\dir0000.chk\EF folder moved successfully.
C:\found.001\dir0000.chk\CB folder moved successfully.
C:\found.001\dir0000.chk\11 folder moved successfully.
C:\found.001\dir0000.chk folder moved successfully.
C:\found.001 folder moved successfully.
C:\found.002 folder moved successfully.
C:\found.003\dir0001.chk folder moved successfully.
C:\found.003\dir0000.chk folder moved successfully.
C:\found.003 folder moved successfully.
C:\found.004 folder moved successfully.
C:\found.005 folder moved successfully.
========== COMMANDS ==========
[EMPTYTEMP]
User: Default
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 33170 bytes
User: Gast
->Temp folder emptied: 27187353 bytes
->Temporary Internet Files folder emptied: 15979111 bytes
->Java cache emptied: 0 bytes
->FireFox cache emptied: 45264454 bytes
->Opera cache emptied: 0 bytes
->Flash cache emptied: 4123 bytes
User: Max.UseR-PC
->Temp folder emptied: 677058188 bytes
->Temporary Internet Files folder emptied: 81735220 bytes
->Java cache emptied: 953861 bytes
->FireFox cache emptied: 43756082 bytes
->Flash cache emptied: 216130 bytes
User: MAX~1~USE
->Temp folder emptied: 0 bytes
User: Public
->Temp folder emptied: 0 bytes
User: UseR
->Temp folder emptied: 738101 bytes
->Temporary Internet Files folder emptied: 2578694 bytes
->Java cache emptied: 3343693 bytes
->FireFox cache emptied: 49416149 bytes
->Google Chrome cache emptied: 0 bytes
->Opera cache emptied: 0 bytes
->Flash cache emptied: 990 bytes
%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 0 bytes
%systemroot%\System32 .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 28861333 bytes
RecycleBin emptied: 132666 bytes
Total Files Cleaned = 932,00 mb
C:\Windows\System32\drivers\etc\Hosts moved successfully.
HOSTS file reset successfully
OTL by OldTimer - Version 3.2.31.0 log created on 01072012_145141
|
|
07.01.2012, 16:21
| #24 |
| /// Winkelfunktion /// TB-Süch-Tiger™ | BKA-Virus eingefangen Bitte nun (im normalen Windows-Modus) dieses Tool von Kaspersky (TDSS-Killer) ausführen und das Log posten => http://www.trojaner-board.de/82358-t...entfernen.html Das Tool so einstellen wie unten im Bild angegeben - klick auf change parameters und setze die Haken wie im folgenden Screenshot abgebildet, Dann auf Start Scan klicken und wenn es durch ist auf den Button Report klicken um das Log anzuzeigen. Dieses bitte komplett posten. Wenn du das Log nicht findest oder den Inhalt kopieren und in dein Posting übertragen kannst, dann schau bitte direkt auf deiner Windows-Systempartition (meistens Laufwerk C nach, da speichert der TDSS-Killer seine Logs.Hinweis: Bitte nichts voreilig mit dem TDSS-Killer löschen! Falls Objekte vom TDSS-Killer bemängelt werden, alle mit der Aktion "skip" behandeln und hier nur das Log posten!  Falls du durch die Infektion auf deine Dokumente/Eigenen Dateien nicht zugreifen kannst, Verknüpfungen auf dem Desktop oder im Startmenü unter "alle Programme" fehlen, bitte unhide ausführen: Downloade dir bitte unhide.exe und speichere diese Datei auf deinem Desktop. Starte das Tool und es sollten alle Dateien und Ordner wieder sichtbar sein. ( Könnte eine Weile dauern )  Windows-Vista und Windows-7-User müssen das Tool per Rechtsklick als Administrator ausführen!
__________________ Logfiles bitte immer in CODE-Tags posten |
|
07.01.2012, 19:09
| #25 |
| | BKA-Virus eingefangen Jetzt lässt sich der Laptop wieder nicht mehr hochfahren... Es kam dann die "Starthilfe (empfohlen)", und dabei wurde eine Sache repariert. Dort stand: "Root cause found: System volume on disk is corrupt. Rapair action: File system repair (chkdsk) Result: completed successfully" Danach lies der Laptop sich jedoch auch weiterhin nicht mehr hochfahren (nicht normal, und auch nicht im abgesicherten modus mit netzwerkbetreibern) |
|
07.01.2012, 20:00
| #26 |
| /// Winkelfunktion /// TB-Süch-Tiger™ | BKA-Virus eingefangen Hm, dann befürich dass deine Platte im Sterben liegt oder zumindest dein Dateisystem einen weg. Sichere als erstes noch ungesicherte Daten. Zum Thema Datensicherung von infizierten Systemen; mach das über ne Live-CD wie Knoppix, Ubuntu (zweiter Link in meiner Signatur) oder über PartedMagic. Grund: Bei einem Live-System sind keine Schädlinge des infizierten Windows-Systems aktiv, damit ist dann auch eine negative Beeinflussung des Backups durch Schädlinge ausgeschlossen. Du brauchst natürlich auch ein Sicherungsmedium, am besten dürfte eine externe Platte sein. Sofern du nicht allzuviel sichern musst, kann auch ein USB-Stick ausreichen. Hier eine kurze Anleitung zu PartedMagic, funktioniert prinzipell so aber fast genauso mit allen anderen Live-Systemen auch. 1. Lade Dir das ISO-Image von PartedMagic herunter, müssten ca. 180 MB sein 2. Brenn es per Imagebrennfunktion auf CD, geht zB mit ImgBurn unter Windows 3. Boote von der gebrannten CD, im Bootmenü von Option 1 starten und warten bis der Linux-Desktop oben ist  4. Du müsstest ein Symbol "Mount Devices" finden, das doppelklicken 5. Mounte die Partitionen wo Windows installiert ist, meistens isses /dev/sda1 und natürlich noch etwaige andere Partitionen, wo noch Daten liegen und die gesichert werden müssen - natürlich auch die der externen Platte (du bekommmst nur Lese- und Schreibzugriffe auf die Dateisysteme, wenn diese gemountet sind) 6. Kopiere die Daten der internen Platte auf die externe Platte - kopiere nur persönliche Dateien, Musik, Videos, etc. auf die Backupplatte, KEINE ausführbaren Dateien wie Programme/Spiele/Setups!! 7. Wenn fertig, starte den Rechner neu, schalte die ext. Platte ab und boote von der Windows-DVD zur Neuinstallation (Anleitung beachten)
__________________ Logfiles bitte immer in CODE-Tags posten |
|
09.01.2012, 21:08
| #27 | |
| | BKA-Virus eingefangenZitat:
oder was ist damit gemeint? |
|
09.01.2012, 22:22
| #28 |
| /// Winkelfunktion /// TB-Süch-Tiger™ | BKA-Virus eingefangen Da hättest du mal aufmerksamer beim Lesen des handbuches sein müssen. Wenn der hersteller keine Recovery-Medien liefert - damit setzt du das Gerät in die Werkeinstellungen zurück - musst du dir diese selber Brennen. Das ist ein Gerät von Acer? Die haben AFAIK keine Recovery-CD/DVD im Lieferumfang, muss man selbst brennen....genaueres verrät dein Handbuch
__________________ Logfiles bitte immer in CODE-Tags posten |
|
13.01.2012, 14:26
| #29 |
| | BKA-Virus eingefangen Stimmt, hatte ich damals sogar gemacht. Nur leider sind die DVDs nicht mehr zu finden. Die Daten habe ich jetzt gesichert, bloß bei den Treibern bin ich mir nicht sicher...ich habe von hier Download alle Treiber und Anwendungen heruntergeladen...richtig? Da ja die Recovery-DVD fehlt, habe ich ein bisschen gegoogelt und dabei eine "Vista Recovery CD" gefunden, bereitgestellt von Microsoft. Jetzt zu meiner Frage: Ist es möglich, diese Recovery CD zu benutzen? |
|
13.01.2012, 14:28
| #30 | |
| | BKA-Virus eingefangen Stimmt, hatte ich damals sogar gemacht. Nur leider sind die DVDs nicht mehr zu finden. Die Daten habe ich jetzt gesichert, bloß bei den Treibern bin ich mir nicht sicher...ich habe von hier Zitat:
Da ja die Recovery-DVD fehlt, habe ich ein bisschen gegoogelt und dabei eine "Vista Recovery CD" gefunden, bereitgestellt von Microsoft. Jetzt zu meiner Frage: Ist es möglich, diese Recovery CD zu benutzen? |
|
| Themen zu BKA-Virus eingefangen |
| 100 euro zahlen, abend, abgesicherte, abgesicherten, abgesicherten modus, antivirusprogramm, antworten, avira, bekämpfen, bka-trojaner, bka-trojaner eingefangen, bka-virus, eingefangen, euro, gefangen, gefunde, gen, gestartet, guten, heute, modus, quarantäne, verschoben, viren, virus bekämpfen, worte, zahlen |
Linear-Darstellung
