| |
| |||||||
Plagegeister aller Art und deren Bekämpfung: "YOUR PROTECTION" und "TDSS" volkommen gelöscht?Windows 7 Wenn Du nicht sicher bist, ob Du dir Malware oder Trojaner eingefangen hast, erstelle hier ein Thema. Ein Experte wird sich mit weiteren Anweisungen melden und Dir helfen die Malware zu entfernen oder Unerwünschte Software zu deinstallieren bzw. zu löschen. Bitte schildere dein Problem so genau wie möglich. Sollte es ein Trojaner oder Viren Problem sein wird ein Experte Dir bei der Beseitigug der Infektion helfen. |
 |
08.04.2010, 21:21
| #1 |
| |  "YOUR PROTECTION" und "TDSS" volkommen gelöscht? Hallo zusammen Ich hab gestern bekanntschaft mit "YOUR PROTECTION" gemacht. Ich habe eine vermeintlich neue Version eines Flashplayers insatllieren wollen als plötzlich die Wahrnung von Avira Antivir kam. Eine installations anfrage eines weitern Programms habe ich verweigert, was es war weiß ich nicht mehr aber da es ja nicht installiert worden ist denk ich ist es auch nicht so wichtig. Habe dann zunächst Ad-Aware installiert und das Prograamm Scannen lassen. Kam folgendes bei rum: Code:
ATTFilter Logfile created: 07.04.2010 21:04:28
Ad-Aware version: 8.2.2
User performing scan: Martin
*********************** Definitions database information ***********************
Lavasoft definition file: 149.198
Genotype definition file version: 2010/04/06 15:06:27
******************************** Scan results: *********************************
Scan profile name: Vollständiger Scan (ID: full)
Objects scanned: 211413
Objects detected: 22
Type Detected
==========================
Processes.......: 1
Registry entries: 4
Hostfile entries: 0
Files...........: 2
Folders.........: 2
LSPs............: 0
Cookies.........: 13
Browser hijacks.: 0
MRU objects.....: 0
Removed items:
Description: *doubleclick* Family Name: Cookies Engine: 1 Clean status: Success Item ID: 408875 Family ID: 0
Description: *ivwbox* Family Name: Cookies Engine: 1 Clean status: Success Item ID: 409247 Family ID: 0
Description: *adfarm1.adition* Family Name: Cookies Engine: 1 Clean status: Success Item ID: 409171 Family ID: 0
Description: *adtech* Family Name: Cookies Engine: 1 Clean status: Success Item ID: 409018 Family ID: 0
Description: *atdmt* Family Name: Cookies Engine: 1 Clean status: Success Item ID: 408910 Family ID: 0
Description: *doubleclick* Family Name: Cookies Engine: 1 Clean status: Success Item ID: 408875 Family ID: 0
Description: *ivwbox* Family Name: Cookies Engine: 1 Clean status: Success Item ID: 409247 Family ID: 0
Description: *2o7* Family Name: Cookies Engine: 1 Clean status: Success Item ID: 408943 Family ID: 0
Description: *wunderloop* Family Name: Cookies Engine: 1 Clean status: Success Item ID: 599639 Family ID: 0
Description: *tradedoubler* Family Name: Cookies Engine: 1 Clean status: Success Item ID: 408964 Family ID: 0
Description: *wunderloop* Family Name: Cookies Engine: 1 Clean status: Success Item ID: 599639 Family ID: 0
Description: *doubleclick* Family Name: Cookies Engine: 1 Clean status: Success Item ID: 408875 Family ID: 0
Description: *ivwbox* Family Name: Cookies Engine: 1 Clean status: Success Item ID: 409247 Family ID: 0
Description: c:\program files (x86)\your protection Family Name: Win32.FraudTool.PaladinAntivirus Engine: 1 Clean status: Success Item ID: 3429948 Family ID: 2494514
Description: c:\users\martin\appdata\roaming\microsoft\windows\start menu\programs\your protection Family Name: Win32.FraudTool.PaladinAntivirus Engine: 1 Clean status: Success Item ID: 3429954 Family ID: 2494514
Quarantined items:
Description: c:\users\***\appdata\local\temp\mplay32xe.exe Family Name: Win32.FraudTool.PaladinAntivirus/B Engine: 1 Clean status: Reboot required Item ID: 0 Family ID: 0
Description: HKLM:SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Your Protection: Family Name: Win32.FraudTool.PaladinAntivirus Engine: 1 Clean status: Success Item ID: 3429941 Family ID: 2494514
Description: HKLM:SOFTWARE\Your Protection: Family Name: Win32.FraudTool.PaladinAntivirus Engine: 1 Clean status: Success Item ID: 3429942 Family ID: 2494514
Description: HKU:S-1-5-21-3031591490-684083384-409637594-1001\Software\Microsoft\Windows\CurrentVersion\Run:mplay32xe.exe Family Name: Win32.FraudTool.PaladinAntivirus Engine: 1 Clean status: Success Item ID: 3429943 Family ID: 2494514
Description: HKLM:SOFTWARE\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved:{5E2121EE-0300-11D4-8D3B-444553540000} Family Name: Win32.FraudTool.PaladinAntivirus Engine: 1 Clean status: Success Item ID: 3429946 Family ID: 2494514
Description: c:\users\***\desktop\your protection.lnk Family Name: Win32.FraudTool.PaladinAntivirus Engine: 1 Clean status: Success Item ID: 3429949 Family ID: 2494514 MD5: 385b14effe06f249b8a7a19e4a0766d6
Description: c:\users\***\desktop\your protection support.lnk Family Name: Win32.FraudTool.PaladinAntivirus Engine: 1 Clean status: Success Item ID: 3429950 Family ID: 2494514 MD5: 0b5a8aeeb006fc93628584b6a72034c0
Scan and cleaning complete: Finished correctly after 2186 seconds
*********************************** Settings ***********************************
Scan profile:
ID: full, enabled:1, value: Vollständiger Scan
ID: folderstoscan, enabled:1, value: C:\,D:\,E:\,F:\
ID: useantivirus, enabled:1, value: true
ID: sections, enabled:1
ID: scancriticalareas, enabled:1, value: true
ID: scanrunningapps, enabled:1, value: true
ID: scanregistry, enabled:1, value: true
ID: scanlsp, enabled:1, value: true
ID: scanads, enabled:1, value: true
ID: scanhostsfile, enabled:1, value: true
ID: scanmru, enabled:1, value: true
ID: scanbrowserhijacks, enabled:1, value: true
ID: scantrackingcookies, enabled:1, value: true
ID: closebrowsers, enabled:1, value: false
ID: filescanningoptions, enabled:1
ID: archives, enabled:1, value: true
ID: onlyexecutables, enabled:1, value: false
ID: skiplargerthan, enabled:1, value: 20480
ID: scanrootkits, enabled:1, value: true
ID: rootkitlevel, enabled:1, value: mild, domain: medium,mild,strict
ID: usespywareheuristics, enabled:1, value: true
Scan global:
ID: global, enabled:1
ID: addtocontextmenu, enabled:1, value: true
ID: playsoundoninfection, enabled:1, value: false
ID: soundfile, enabled:0, value: *to be filled in automatically*\alert.wav
Scheduled scan settings:
<Empty>
Update settings:
ID: updates, enabled:1
ID: launchthreatworksafterscan, enabled:1, value: off, domain: normal,off,silently
ID: deffiles, enabled:1, value: downloadandinstall, domain: dontcheck,downloadandinstall
ID: licenseandinfo, enabled:1, value: downloadandinstall, domain: dontcheck,downloadandinstall
ID: schedules, enabled:1, value: true
ID: updatedaily1, enabled:1, value: Daily 1
ID: time, enabled:1, value: Wed Apr 07 21:01:00 2010
ID: frequency, enabled:1, value: daily, domain: daily,monthly,once,systemstart,weekly
ID: weekdays, enabled:1
ID: monday, enabled:1, value: false
ID: tuesday, enabled:1, value: false
ID: wednesday, enabled:1, value: false
ID: thursday, enabled:1, value: false
ID: friday, enabled:1, value: false
ID: saturday, enabled:1, value: false
ID: sunday, enabled:1, value: false
ID: monthly, enabled:1, value: 1, minvalue: 1, maxvalue: 31
ID: scanprofile, enabled:1, value:
ID: auto_deal_with_infections, enabled:1, value: false
ID: updatedaily2, enabled:1, value: Daily 2
ID: time, enabled:1, value: Wed Apr 07 03:01:00 2010
ID: frequency, enabled:1, value: daily, domain: daily,monthly,once,systemstart,weekly
ID: weekdays, enabled:1
ID: monday, enabled:1, value: false
ID: tuesday, enabled:1, value: false
ID: wednesday, enabled:1, value: false
ID: thursday, enabled:1, value: false
ID: friday, enabled:1, value: false
ID: saturday, enabled:1, value: false
ID: sunday, enabled:1, value: false
ID: monthly, enabled:1, value: 1, minvalue: 1, maxvalue: 31
ID: scanprofile, enabled:1, value:
ID: auto_deal_with_infections, enabled:1, value: false
ID: updatedaily3, enabled:1, value: Daily 3
ID: time, enabled:1, value: Wed Apr 07 09:01:00 2010
ID: frequency, enabled:1, value: daily, domain: daily,monthly,once,systemstart,weekly
ID: weekdays, enabled:1
ID: monday, enabled:1, value: false
ID: tuesday, enabled:1, value: false
ID: wednesday, enabled:1, value: false
ID: thursday, enabled:1, value: false
ID: friday, enabled:1, value: false
ID: saturday, enabled:1, value: false
ID: sunday, enabled:1, value: false
ID: monthly, enabled:1, value: 1, minvalue: 1, maxvalue: 31
ID: scanprofile, enabled:1, value:
ID: auto_deal_with_infections, enabled:1, value: false
ID: updatedaily4, enabled:1, value: Daily 4
ID: time, enabled:1, value: Wed Apr 07 15:01:00 2010
ID: frequency, enabled:1, value: daily, domain: daily,monthly,once,systemstart,weekly
ID: weekdays, enabled:1
ID: monday, enabled:1, value: false
ID: tuesday, enabled:1, value: false
ID: wednesday, enabled:1, value: false
ID: thursday, enabled:1, value: false
ID: friday, enabled:1, value: false
ID: saturday, enabled:1, value: false
ID: sunday, enabled:1, value: false
ID: monthly, enabled:1, value: 1, minvalue: 1, maxvalue: 31
ID: scanprofile, enabled:1, value:
ID: auto_deal_with_infections, enabled:1, value: false
ID: updateweekly1, enabled:1, value: Weekly
ID: time, enabled:1, value: Wed Apr 07 21:01:00 2010
ID: frequency, enabled:1, value: weekly, domain: daily,monthly,once,systemstart,weekly
ID: weekdays, enabled:1
ID: monday, enabled:1, value: false
ID: tuesday, enabled:1, value: false
ID: wednesday, enabled:1, value: true
ID: thursday, enabled:1, value: false
ID: friday, enabled:1, value: false
ID: saturday, enabled:1, value: true
ID: sunday, enabled:1, value: false
ID: monthly, enabled:1, value: 1, minvalue: 1, maxvalue: 31
ID: scanprofile, enabled:1, value:
ID: auto_deal_with_infections, enabled:1, value: false
Appearance settings:
ID: appearance, enabled:1
ID: skin, enabled:1, value: default.egl, reglocation: HKEY_LOCAL_MACHINE\SOFTWARE\Lavasoft\Ad-Aware\Resource
ID: showtrayicon, enabled:1, value: true
ID: autoentertainmentmode, enabled:1, value: true
ID: guimode, enabled:1, value: mode_simple, domain: mode_advanced,mode_simple
ID: language, enabled:1, value: de, reglocation: HKEY_LOCAL_MACHINE\SOFTWARE\Lavasoft\Ad-Aware\Language
Realtime protection settings:
ID: realtime, enabled:1
ID: layers, enabled:1
ID: useantivirus, enabled:1, value: true
ID: usespywareheuristics, enabled:1, value: true
ID: infomessages, enabled:1, value: onlyimportant, domain: display,dontnotify,onlyimportant
ID: modules, enabled:1
ID: processprotection, enabled:1, value: true
ID: onaccessprotection, enabled:1, value: true
ID: registryprotection, enabled:1, value: true
ID: networkprotection, enabled:1, value: true
****************************** System information ******************************
Computer name: ***-PC
Processor name: Intel(R) Core(TM) i5 CPU M 520 @ 2.40GHz
Processor identifier: Intel64 Family 6 Model 37 Stepping 2
Processor speed: ~2394MHZ
Raw info: processorarchitecture 9, processortype 8664, processorlevel 6, processor revision 9474, number of processors 4, processor features: [MMX,SSE,SSE2,SSE3]
Physical memory available: 2858827776 bytes
Physical memory total: 4218281984 bytes
Virtual memory available: 1671823360 bytes
Virtual memory total: 2147352576 bytes
Memory load: 32%
Microsoft (build 7600)
Windows startup mode:
Running processes:
PID: 328 name: C:\Windows\System32\smss.exe owner: SYSTEM domain: NT-AUTORITÄT
PID: 476 name: C:\Windows\System32\csrss.exe owner: SYSTEM domain: NT-AUTORITÄT
PID: 540 name: C:\Windows\System32\wininit.exe owner: SYSTEM domain: NT-AUTORITÄT
PID: 568 name: C:\Windows\System32\csrss.exe owner: SYSTEM domain: NT-AUTORITÄT
PID: 608 name: C:\Windows\System32\services.exe owner: SYSTEM domain: NT-AUTORITÄT
PID: 624 name: C:\Windows\System32\lsass.exe owner: SYSTEM domain: NT-AUTORITÄT
PID: 632 name: C:\Windows\System32\lsm.exe owner: SYSTEM domain: NT-AUTORITÄT
PID: 728 name: C:\Windows\System32\winlogon.exe owner: SYSTEM domain: NT-AUTORITÄT
PID: 796 name: C:\Windows\System32\svchost.exe owner: SYSTEM domain: NT-AUTORITÄT
PID: 892 name: C:\Windows\System32\nvvsvc.exe owner: SYSTEM domain: NT-AUTORITÄT
PID: 932 name: C:\Windows\System32\svchost.exe owner: NETZWERKDIENST domain: NT-AUTORITÄT
PID: 1020 name: C:\Windows\System32\svchost.exe owner: LOKALER DIENST domain: NT-AUTORITÄT
PID: 408 name: C:\Windows\System32\svchost.exe owner: SYSTEM domain: NT-AUTORITÄT
PID: 480 name: C:\Windows\System32\svchost.exe owner: SYSTEM domain: NT-AUTORITÄT
PID: 704 name: C:\Windows\System32\DriverStore\FileRepository\stwrt64.inf_amd64_neutral_d15ed671de43d681\stacsv64.exe owner: SYSTEM domain: NT-AUTORITÄT
PID: 1288 name: C:\Windows\System32\svchost.exe owner: LOKALER DIENST domain: NT-AUTORITÄT
PID: 1336 name: C:\Windows\System32\hpservice.exe owner: SYSTEM domain: NT-AUTORITÄT
PID: 1396 name: C:\Windows\System32\svchost.exe owner: NETZWERKDIENST domain: NT-AUTORITÄT
PID: 1472 name: C:\Windows\System32\nvvsvc.exe owner: SYSTEM domain: NT-AUTORITÄT
PID: 1520 name: C:\Windows\System32\wlanext.exe owner: SYSTEM domain: NT-AUTORITÄT
PID: 1528 name: C:\Windows\System32\conhost.exe owner: SYSTEM domain: NT-AUTORITÄT
PID: 1584 name: C:\Program Files (x86)\Lavasoft\Ad-Aware\AAWService.exe owner: SYSTEM domain: NT-AUTORITÄT
PID: 1664 name: C:\Windows\System32\spoolsv.exe owner: SYSTEM domain: NT-AUTORITÄT
PID: 1696 name: C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe owner: SYSTEM domain: NT-AUTORITÄT
PID: 1716 name: C:\Windows\System32\svchost.exe owner: LOKALER DIENST domain: NT-AUTORITÄT
PID: 1828 name: C:\Windows\System32\DriverStore\FileRepository\stwrt64.inf_amd64_neutral_d15ed671de43d681\AESTSr64.exe owner: SYSTEM domain: NT-AUTORITÄT
PID: 1848 name: C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe owner: SYSTEM domain: NT-AUTORITÄT
PID: 1892 name: C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe owner: SYSTEM domain: NT-AUTORITÄT
PID: 1912 name: C:\Program Files (x86)\Bonjour\mDNSResponder.exe owner: SYSTEM domain: NT-AUTORITÄT
PID: 1956 name: C:\Windows\SysWOW64\svchost.exe owner: SYSTEM domain: NT-AUTORITÄT
PID: 2004 name: C:\Windows\System32\svchost.exe owner: LOKALER DIENST domain: NT-AUTORITÄT
PID: 2040 name: C:\Program Files (x86)\ICQ6Toolbar\ICQ Service.exe owner: SYSTEM domain: NT-AUTORITÄT
PID: 1036 name: C:\Program Files (x86)\Avira\AntiVir Desktop\avshadow.exe owner: SYSTEM domain: NT-AUTORITÄT
PID: 1192 name: C:\Windows\System32\conhost.exe owner: SYSTEM domain: NT-AUTORITÄT
PID: 1368 name: C:\Program Files (x86)\Common Files\LightScribe\LSSrvc.exe owner: SYSTEM domain: NT-AUTORITÄT
PID: 1740 name: C:\Program Files (x86)\Common Files\Protexis\License Service\PsiService_2.exe owner: SYSTEM domain: NT-AUTORITÄT
PID: 2084 name: C:\Program Files (x86)\CyberLink\Shared files\RichVideo.exe owner: SYSTEM domain: NT-AUTORITÄT
PID: 2116 name: C:\Program Files (x86)\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe owner: SYSTEM domain: NT-AUTORITÄT
PID: 2432 name: C:\Windows\System32\wbem\unsecapp.exe owner: SYSTEM domain: NT-AUTORITÄT
PID: 2504 name: C:\Windows\System32\wbem\WmiPrvSE.exe owner: SYSTEM domain: NT-AUTORITÄT
PID: 2732 name: C:\Windows\System32\taskhost.exe owner: *** domain: ***-PC
PID: 2812 name: C:\Windows\System32\dwm.exe owner: *** domain: ***-PC
PID: 2840 name: C:\Windows\explorer.exe owner: *** domain: ***-PC
PID: 3024 name: C:\Program Files\Synaptics\SynTP\SynTPEnh.exe owner: *** domain: ***-PC
PID: 3032 name: C:\Program Files\IDT\WDM\sttray64.exe owner: *** domain: ***-PC
PID: 3040 name: C:\Program Files\Java\jre6\bin\jusched.exe owner: *** domain: ***-PC
PID: 3048 name: C:\Program Files\Windows Sidebar\sidebar.exe owner: *** domain: ***-PC
PID: 2584 name: C:\Users\***\AppData\Local\Temp\mplay32xe.exe owner: *** domain: ***-PC
PID: 2828 name: C:\Program Files (x86)\Microsoft Office\Office12\ONENOTEM.EXE owner: *** domain: ***-PC
PID: 2960 name: C:\Program Files (x86)\Lavasoft\Ad-Aware\Ad-Aware.exe owner: *** domain: ***-PC
PID: 2672 name: C:\Windows\System32\SearchIndexer.exe owner: SYSTEM domain: NT-AUTORITÄT
PID: 3252 name: C:\Program Files\Synaptics\SynTP\SynTPHelper.exe owner: *** domain: ***-PC
PID: 3300 name: C:\Program Files\Windows Media Player\wmpnetwk.exe owner: NETZWERKDIENST domain: NT-AUTORITÄT
PID: 3708 name: C:\Program Files (x86)\Corel\Corel Paint Shop Pro Photo X2\CorelIOMonitor.exe owner: *** domain: ***-PC
PID: 3944 name: C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch Buttons\QLBCtrl.exe owner: *** domain: ***-PC
PID: 3952 name: C:\Program Files (x86)\Adobe\Reader 9.0\Reader\reader_sl.exe owner: *** domain: ***-PC
PID: 3972 name: C:\Windows\System32\taskeng.exe owner: *** domain: ***-PC
PID: 3980 name: C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe owner: *** domain: ***-PC
PID: 4068 name: C:\Program Files (x86)\Hp\HP Software Update\hpwuschd2.exe owner: *** domain: ***-PC
PID: 3172 name: C:\Program Files (x86)\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe owner: *** domain: ***-PC
PID: 3176 name: C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe owner: *** domain: ***-PC
PID: 3424 name: C:\Program Files (x86)\Hewlett-Packard\TouchSmart\Media\Kernel\CLML\CLMLSvc.exe owner: *** domain: ***-PC
PID: 3196 name: C:\Program Files (x86)\iTunes\iTunesHelper.exe owner: *** domain: ***-PC
PID: 3220 name: C:\Program Files (x86)\Hewlett-Packard\Shared\hpqWmiEx.exe owner: SYSTEM domain: NT-AUTORITÄT
PID: 3272 name: C:\Program Files (x86)\Razer\Diamondback 3G\razerhid.exe owner: *** domain: ***-PC
PID: 3264 name: C:\Windows\System32\SearchProtocolHost.exe owner: SYSTEM domain: NT-AUTORITÄT
PID: 3640 name: C:\Windows\System32\SearchFilterHost.exe owner: SYSTEM domain: NT-AUTORITÄT
PID: 164 name: C:\Windows\System32\svchost.exe owner: LOKALER DIENST domain: NT-AUTORITÄT
PID: 2352 name: C:\Program Files (x86)\Razer\Diamondback 3G\razertra.exe owner: *** domain: ***-PC
PID: 336 name: C:\Program Files (x86)\Razer\Diamondback 3G\razerofa.exe owner: *** domain: ***-PC
PID: 1216 name: C:\Program Files (x86)\Hewlett-Packard\Shared\HpqToaster.exe owner: *** domain: ***-PC
PID: 2208 name: C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch Buttons\Com4QLBEx.exe owner: SYSTEM domain: NT-AUTORITÄT
PID: 4192 name: C:\Program Files\iPod\bin\iPodService.exe owner: SYSTEM domain: NT-AUTORITÄT
PID: 4212 name: C:\Program Files (x86)\Lavasoft\Ad-Aware\AAWWSC.exe owner: SYSTEM domain: NT-AUTORITÄT
PID: 4412 name: C:\Program Files (x86)\Lavasoft\Ad-Aware\AAWTray.exe owner: Martin domain: Martin-PC
PID: 4444 name: C:\Program Files (x86)\Lavasoft\Ad-Aware\AAWWSC.exe owner: SYSTEM domain: NT-AUTORITÄT
Startup items:
Name: WebCheck
imagepath: {E6FB5E20-DE35-11CF-9C87-00AA005127ED}
Name: Corel File Shell Monitor
imagepath: C:\Program Files (x86)\Corel\Corel Paint Shop Pro Photo X2\CorelIOMonitor.exe
Name:
imagepath: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\desktop.ini
Bootexecute items:
Name:
imagepath: autocheck autochk *
Running services:
Name: AeLookupSvc
displayname: Anwendungserfahrung
Name: AESTFilters
displayname: Andrea ST Filters Service
Name: AntiVirSchedulerService
displayname: Avira AntiVir Planer
Name: AntiVirService
displayname: Avira AntiVir Guard
Name: Appinfo
displayname: Anwendungsinformationen
Name: Apple Mobile Device
displayname: Apple Mobile Device
Name: AudioEndpointBuilder
displayname: Windows-Audio-Endpunkterstellung
Name: AudioSrv
displayname: Windows-Audio
Name: BFE
displayname: Basisfiltermodul
Name: Bonjour Service
displayname: Dienst "Bonjour"
Name: Browser
displayname: Computerbrowser
Name: Com4QLBEx
displayname: Com4QLBEx
Name: CryptSvc
displayname: Kryptografiedienste
Name: DcomLaunch
displayname: DCOM-Server-Prozessstart
Name: Dhcp
displayname: DHCP-Client
Name: Dnscache
displayname: DNS-Client
Name: DPS
displayname: Diagnoserichtliniendienst
Name: EapHost
displayname: Extensible Authentication-Protokoll
Name: eventlog
displayname: Windows-Ereignisprotokoll
Name: EventSystem
displayname: COM+-Ereignissystem
Name: ezSharedSvc
displayname: Easybits Shared Services for Windows
Name: fdPHost
displayname: Funktionssuchanbieter-Host
Name: FDResPub
displayname: Funktionssuche-Ressourcenveröffentlichung
Name: gpsvc
displayname: Gruppenrichtlinienclient
Name: hidserv
displayname: Zugriff auf Eingabegeräte
Name: HomeGroupListener
displayname: Heimnetzgruppen-Listener
Name: HomeGroupProvider
displayname: Heimnetzgruppen-Anbieter
Name: hpqwmiex
displayname: hpqwmiex
Name: hpsrv
displayname: HP Service
Name: ICQ Service
displayname: ICQ Service
Name: iphlpsvc
displayname: IP-Hilfsdienst
Name: iPod Service
displayname: iPod-Dienst
Name: KeyIso
displayname: CNG-Schlüsselisolation
Name: LanmanServer
displayname: Server
Name: LanmanWorkstation
displayname: Arbeitsstationsdienst
Name: Lavasoft Ad-Aware Service
displayname: Lavasoft Ad-Aware Service
Name: LightScribeService
displayname: LightScribeService Direct Disc Labeling Service
Name: lmhosts
displayname: TCP/IP-NetBIOS-Hilfsdienst
Name: MMCSS
displayname: Multimediaklassenplaner
Name: MpsSvc
displayname: Windows-Firewall
Name: Netman
displayname: Netzwerkverbindungen
Name: netprofm
displayname: Netzwerklistendienst
Name: NlaSvc
displayname: NLA (Network Location Awareness)
Name: nsi
displayname: Netzwerkspeicher-Schnittstellendienst
Name: nvsvc
displayname: NVIDIA Display Driver Service
Name: p2pimsvc
displayname: Peernetzwerkidentitäts-Manager
Name: p2psvc
displayname: Peernetzwerk-Gruppenzuordnung
Name: PcaSvc
displayname: Programmkompatibilitäts-Assistent-Dienst
Name: PlugPlay
displayname: Plug & Play
Name: PNRPsvc
displayname: Peer Name Resolution-Protokoll
Name: Power
displayname: Stromversorgung
Name: ProfSvc
displayname: Benutzerprofildienst
Name: PSI_SVC_2
displayname: Protexis Licensing V2
Name: RichVideo
displayname: Cyberlink RichVideo Service(CRVS)
Name: RpcEptMapper
displayname: RPC-Endpunktzuordnung
Name: RpcSs
displayname: Remoteprozeduraufruf (RPC)
Name: SamSs
displayname: Sicherheitskonto-Manager
Name: Schedule
displayname: Aufgabenplanung
Name: SeaPort
displayname: SeaPort
Name: SENS
displayname: Benachrichtigungsdienst für Systemereignisse
Name: ShellHWDetection
displayname: Shellhardwareerkennung
Name: Spooler
displayname: Druckwarteschlange
Name: SSDPSRV
displayname: SSDP-Suche
Name: STacSV
displayname: Audio Service
Name: SysMain
displayname: Superfetch
Name: Themes
displayname: Designs
Name: TrkWks
displayname: Überwachung verteilter Verknüpfungen (Client)
Name: upnphost
displayname: UPnP-Gerätehost
Name: UxSms
displayname: Sitzungs-Manager für Desktopfenster-Manager
Name: WdiServiceHost
displayname: Diagnosediensthost
Name: WdiSystemHost
displayname: Diagnosesystemhost
Name: WinHttpAutoProxySvc
displayname: WinHTTP-Web Proxy Auto-Discovery-Dienst
Name: Winmgmt
displayname: Windows-Verwaltungsinstrumentation
Name: Wlansvc
displayname: Automatische WLAN-Konfiguration
Name: WMPNetworkSvc
displayname: Windows Media Player-Netzwerkfreigabedienst
Name: WPDBusEnum
displayname: Enumeratordienst für tragbare Geräte
Name: WSearch
displayname: Windows Search
Name: wudfsvc
displayname: Windows Driver Foundation - Benutzermodus-Treiberframework
Mit "rkill.com" Malware-Prozesse gestoppt und ohne Probleme Malwarebytes installiert und scannen lassen. Code:
ATTFilter Malwarebytes' Anti-Malware 1.45
www.malwarebytes.org
Datenbank Version: 3966
Windows 6.1.7600
Internet Explorer 8.0.7600.16385
07.04.2010 22:46:46
mbam-log-2010-04-07 (22-46-46).txt
Art des Suchlaufs: Vollständiger Suchlauf (C:\|D:\|E:\|F:\|)
Durchsuchte Objekte: 287343
Laufzeit: 28 Minute(n), 17 Sekunde(n)
Infizierte Speicherprozesse: 0
Infizierte Speichermodule: 0
Infizierte Registrierungsschlüssel: 0
Infizierte Registrierungswerte: 0
Infizierte Dateiobjekte der Registrierung: 1
Infizierte Verzeichnisse: 1
Infizierte Dateien: 7
Infizierte Speicherprozesse:
(Keine bösartigen Objekte gefunden)
Infizierte Speichermodule:
(Keine bösartigen Objekte gefunden)
Infizierte Registrierungsschlüssel:
(Keine bösartigen Objekte gefunden)
Infizierte Registrierungswerte:
(Keine bösartigen Objekte gefunden)
Infizierte Dateiobjekte der Registrierung:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\DisableTaskMgr (Hijack.TaskManager) -> Bad: (1) Good: (0) -> Quarantined and deleted successfully.
Infizierte Verzeichnisse:
C:\Users\***\AppData\Roaming\Your Protection (Rogue.YourProtection) -> Quarantined and deleted successfully.
Infizierte Dateien:
C:\Users\***\AppData\Local\Temp\593A.exe (Rootkit.TDSS) -> Quarantined and deleted successfully.
C:\Users\***\AppData\Local\Temp\asd7416.tmp.exe (Malware.Packer.Gen) -> Quarantined and deleted successfully.
C:\Users\***\AppData\Local\Temp\dhdhtrdhdrtr5y (Malware.Packer.Gen) -> Quarantined and deleted successfully.
C:\Users\***\AppData\Local\Temp\TMP592B.tmp (Malware.Packer.Gen) -> Quarantined and deleted successfully.
C:\Users\***\AppData\Local\Temp\_VOID6a69.tmp (Rootkit.TDSS) -> Quarantined and deleted successfully.
C:\Users\***\Favorites\_favdata.dat (Malware.Trace) -> Quarantined and deleted successfully.
C:\Users\***\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Your Protection.lnk (Rogue.YourProtection) -> Quarantined and deleted successfully.
(http://www.trojaner-board.de/82358-t...entfernen.html) Ich hab dann nach den dort stehenden dateien gesucht sie aber nicht gefunden. Heißt das jetzt mein PC ist sauber oder könnten da jetzt durchaus noch unerwünschtes zu finden sein? CCleaner habe ich durchlaufen lassen. Benötigt ihr infos über diesen vorgang eine Logdatei oder den Reg.-eintrag den ich gespeichert habe? RSIT läuft leider nicht (AutoIT Error Line -1: Error: Variable used without being declared.) Könnt ihr mir auch ohne die Logdatei des RSIT helfen? Ich werd aufjedenfall nochmal versuchen das zum laufen zu bekommen! Gruß, Martinius! |
|
09.04.2010, 12:55
| #2 | |
| /// Winkelfunktion /// TB-Süch-Tiger™   | "YOUR PROTECTION" und "TDSS" volkommen gelöscht? Hallo und
__________________ Zitat:
__________________ |
|
09.04.2010, 15:57
| #3 |
| | "YOUR PROTECTION" und "TDSS" volkommen gelöscht? Danke
__________________ Hier die Log-Datei: Code:
ATTFilter Logfile of random's system information tool 1.06 (written by random/random) Run by Martin at 2010-04-09 16:41:05 Microsoft Windows 7 Home Premium Service Pack 3 System drive C: has 372 GB (81%) free of 460 GB Total RAM: 4023 MB (68% free) Logfile of Trend Micro HijackThis v2.0.2 Scan saved at 16:41:06, on 09.04.2010 Platform: Unknown Windows (WinNT 6.01.3504) MSIE: Internet Explorer v8.00 (8.00.7600.16385) Boot mode: Normal Running processes: C:\Program Files (x86)\Microsoft Office\Office12\ONENOTEM.EXE C:\Program Files (x86)\Corel\Corel Paint Shop Pro Photo X2\CorelIOMonitor.exe C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch Buttons\QLBCtrl.exe C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe C:\Program Files (x86)\Hp\HP Software Update\hpwuschd2.exe C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe C:\Program Files (x86)\iTunes\iTunesHelper.exe C:\Program Files (x86)\Razer\Diamondback 3G\razerhid.exe C:\Program Files (x86)\Razer\Diamondback 3G\razertra.exe C:\Program Files (x86)\Razer\Diamondback 3G\razerofa.exe C:\Program Files (x86)\Hewlett-Packard\Shared\hpqToaster.exe c:\Program Files (x86)\Hewlett-Packard\TouchSmart\Media\Kernel\CLML\CLMLSvc.exe C:\Program Files (x86)\Lavasoft\Ad-Aware\AAWTray.exe C:\Users\Martin\Desktop\RSIT.exe C:\Program Files (x86)\trend micro\Martin.exe R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://g.uk.msn.com/HPNOT/4 R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://go.microsoft.com/fwlink/?LinkId=54896 R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://start.icq.com/ R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://g.uk.msn.com/HPNOT/4 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = hxxp://go.microsoft.com/fwlink/?LinkId=54896 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://go.microsoft.com/fwlink/?LinkId=54896 R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://g.uk.msn.com/HPNOT/4 R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch = R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = R3 - URLSearchHook: ICQToolBar - {855F3B16-6D32-4fe6-8A56-BBB695989046} - C:\Program Files (x86)\ICQ6Toolbar\ICQToolBar.dll R3 - URLSearchHook: (no name) - - (no file) F2 - REG:system.ini: UserInit=C:\Windows\system32\userinit.exe O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - (no file) O2 - BHO: Search Helper - {6EBF7485-159F-4bff-A14F-B9E3AAC4465B} - C:\Program Files (x86)\Microsoft\Search Enhancement Pack\Search Helper\SEPsearchhelperie.dll O2 - BHO: Windows Live Anmelde-Hilfsprogramm - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll O2 - BHO: Windows Live Toolbar Helper - {E15A8DC0-8516-42A1-81EA-DC94EC1ACF10} - C:\Program Files (x86)\Windows Live\Toolbar\wltcore.dll O3 - Toolbar: &Windows Live Toolbar - {21FA44EF-376D-4D53-9B0F-8A89D3229068} - C:\Program Files (x86)\Windows Live\Toolbar\wltcore.dll O3 - Toolbar: ICQToolBar - {855F3B16-6D32-4FE6-8A56-BBB695989046} - C:\Program Files (x86)\ICQ6Toolbar\ICQToolBar.dll O4 - HKLM\..\Run: [Corel File Shell Monitor] C:\Program Files (x86)\Corel\Corel Paint Shop Pro Photo X2\CorelIOMonitor.exe O4 - HKLM\..\Run: [HPCam_Menu] "c:\Program Files (x86)\Hewlett-Packard\Media\Webcam\MUITransfer\MUIStartMenu.exe" "c:\Program Files (x86)\Hewlett-Packard\Media\Webcam" UpdateWithCreateOnce "Software\Hewlett-Packard\Media\Webcam" O4 - HKLM\..\Run: [QlbCtrl.exe] C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch Buttons\QlbCtrl.exe /Start O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe" O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe" O4 - HKLM\..\Run: [HP Software Update] C:\Program Files (x86)\Hp\HP Software Update\HPWuSchd2.exe O4 - HKLM\..\Run: [WirelessAssistant] C:\Program Files (x86)\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe O4 - HKLM\..\Run: [avgnt] "C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe" /min O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files (x86)\iTunes\iTunesHelper.exe" O4 - HKLM\..\Run: [Diamondback] C:\Program Files (x86)\Razer\Diamondback 3G\razerhid.exe O4 - HKCU\..\Run: [Sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun (User 'LOKALER DIENST') O4 - HKUS\S-1-5-19\..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (User 'LOKALER DIENST') O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun (User 'NETZWERKDIENST') O4 - HKUS\S-1-5-20\..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (User 'NETZWERKDIENST') O4 - Startup: OneNote 2007 Bildschirmausschnitt- und Startprogramm.lnk = C:\Program Files (x86)\Microsoft Office\Office12\ONENOTEM.EXE O8 - Extra context menu item: Nach Microsoft E&xel exportieren - res://C:\PROGRA~2\MICROS~4\Office12\EXCEL.EXE/3000 O9 - Extra button: In Blog veröffentlichen - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll O9 - Extra 'Tools' menuitem: In Windows Live Writer in Blog veröffentliche&n - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll O9 - Extra button: An OneNote senden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~2\MICROS~4\Office12\ONBttnIE.dll O9 - Extra 'Tools' menuitem: An OneNote s&enden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~2\MICROS~4\Office12\ONBttnIE.dll O9 - Extra button: ICQ7.1 - {71BFC818-0CED-42D6-9C87-5142918957EE} - C:\Program Files (x86)\ICQ7.1\ICQ.exe O9 - Extra 'Tools' menuitem: ICQ7.1 - {71BFC818-0CED-42D6-9C87-5142918957EE} - C:\Program Files (x86)\ICQ7.1\ICQ.exe O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~2\MICROS~4\Office12\REFIEBAR.DLL O13 - Gopher Prefix: O23 - Service: Andrea ST Filters Service (AESTFilters) - Andrea Electronics Corporation - C:\Windows\System32\DriverStore\FileRepository\stwrt64.inf_amd64_neutral_d15ed671de43d681\AESTSr64.exe O23 - Service: @%SystemRoot%\system32\Alg.exe,-112 (ALG) - Unknown owner - C:\Windows\System32\alg.exe (file missing) O23 - Service: Avira AntiVir Planer (AntiVirSchedulerService) - Avira GmbH - C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe O23 - Service: Avira AntiVir Guard (AntiVirService) - Avira GmbH - C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe O23 - Service: Dienst "Bonjour" (Bonjour Service) - Apple Inc. - C:\Program Files (x86)\Bonjour\mDNSResponder.exe O23 - Service: Com4QLBEx - Hewlett-Packard Development Company, L.P. - C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch Buttons\Com4QLBEx.exe O23 - Service: @%SystemRoot%\system32\efssvc.dll,-100 (EFS) - Unknown owner - C:\Windows\System32\lsass.exe (file missing) O23 - Service: @%systemroot%\system32\fxsresm.dll,-118 (Fax) - Unknown owner - C:\Windows\system32\fxssvc.exe (file missing) O23 - Service: HP Health Check Service - Hewlett-Packard - C:\Program Files (x86)\Hewlett-Packard\HP Health Check\hphc_service.exe O23 - Service: hpqwmiex - Hewlett-Packard Development Company, L.P. - C:\Program Files (x86)\Hewlett-Packard\Shared\hpqwmiex.exe O23 - Service: HP Service (hpsrv) - Unknown owner - C:\Windows\system32\Hpservice.exe (file missing) O23 - Service: ICQ Service - Unknown owner - C:\Program Files (x86)\ICQ6Toolbar\ICQ Service.exe O23 - Service: iPod-Dienst (iPod Service) - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe O23 - Service: @keyiso.dll,-100 (KeyIso) - Unknown owner - C:\Windows\system32\lsass.exe (file missing) O23 - Service: Lavasoft Ad-Aware Service - Lavasoft - C:\Program Files (x86)\Lavasoft\Ad-Aware\AAWService.exe O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files (x86)\Common Files\LightScribe\LSSrvc.exe O23 - Service: @comres.dll,-2797 (MSDTC) - Unknown owner - C:\Windows\System32\msdtc.exe (file missing) O23 - Service: @%SystemRoot%\System32\netlogon.dll,-102 (Netlogon) - Unknown owner - C:\Windows\system32\lsass.exe (file missing) O23 - Service: NVIDIA Display Driver Service (nvsvc) - Unknown owner - C:\Windows\system32\nvvsvc.exe (file missing) O23 - Service: @%systemroot%\system32\psbase.dll,-300 (ProtectedStorage) - Unknown owner - C:\Windows\system32\lsass.exe (file missing) O23 - Service: Protexis Licensing V2 (PSI_SVC_2) - Protexis Inc. - C:\Program Files (x86)\Common Files\Protexis\License Service\PsiService_2.exe O23 - Service: Cyberlink RichVideo Service(CRVS) (RichVideo) - Unknown owner - C:\Program Files (x86)\CyberLink\Shared files\RichVideo.exe O23 - Service: @%systemroot%\system32\Locator.exe,-2 (RpcLocator) - Unknown owner - C:\Windows\system32\locator.exe (file missing) O23 - Service: @%SystemRoot%\system32\samsrv.dll,-1 (SamSs) - Unknown owner - C:\Windows\system32\lsass.exe (file missing) O23 - Service: @%SystemRoot%\system32\snmptrap.exe,-3 (SNMPTRAP) - Unknown owner - C:\Windows\System32\snmptrap.exe (file missing) O23 - Service: @%systemroot%\system32\spoolsv.exe,-1 (Spooler) - Unknown owner - C:\Windows\System32\spoolsv.exe (file missing) O23 - Service: @%SystemRoot%\system32\sppsvc.exe,-101 (sppsvc) - Unknown owner - C:\Windows\system32\sppsvc.exe (file missing) O23 - Service: Audio Service (STacSV) - IDT, Inc. - C:\Windows\System32\DriverStore\FileRepository\stwrt64.inf_amd64_neutral_d15ed671de43d681\STacSV64.exe O23 - Service: Steam Client Service - Valve Corporation - C:\Program Files (x86)\Common Files\Steam\SteamService.exe O23 - Service: @%SystemRoot%\system32\ui0detect.exe,-101 (UI0Detect) - Unknown owner - C:\Windows\system32\UI0Detect.exe (file missing) O23 - Service: @%SystemRoot%\system32\vaultsvc.dll,-1003 (VaultSvc) - Unknown owner - C:\Windows\system32\lsass.exe (file missing) O23 - Service: @%SystemRoot%\system32\vds.exe,-100 (vds) - Unknown owner - C:\Windows\System32\vds.exe (file missing) O23 - Service: @%systemroot%\system32\vssvc.exe,-102 (VSS) - Unknown owner - C:\Windows\system32\vssvc.exe (file missing) O23 - Service: @%systemroot%\system32\wbengine.exe,-104 (wbengine) - Unknown owner - C:\Windows\system32\wbengine.exe (file missing) O23 - Service: @%Systemroot%\system32\wbem\wmiapsrv.exe,-110 (wmiApSrv) - Unknown owner - C:\Windows\system32\wbem\WmiApSrv.exe (file missing) O23 - Service: @%PROGRAMFILES%\Windows Media Player\wmpnetwk.exe,-101 (WMPNetworkSvc) - Unknown owner - C:\Program Files (x86)\Windows Media Player\wmpnetwk.exe (file missing) -- End of file - 11346 bytes ======Scheduled tasks folder====== C:\Windows\tasks\HPCeeScheduleForMartin.job ======Registry dump====== [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{18DF081C-E8AD-4283-A596-FA578C2EBDC3}] Adobe PDF Link Helper - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll [2009-02-27 75128] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{5C255C8A-E604-49b4-9D64-90988571CECB}] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{6EBF7485-159F-4bff-A14F-B9E3AAC4465B}] Search Helper - C:\Program Files (x86)\Microsoft\Search Enhancement Pack\Search Helper\SEPsearchhelperie.dll [2009-05-19 137600] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{9030D464-4C02-4ABF-8ECC-5164760863C6}] Windows Live Anmelde-Hilfsprogramm - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll [2009-01-22 408448] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{DBC80044-A445-435b-BC74-9C25C1C588A9}] Java(tm) Plug-In 2 SSV Helper - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll [2010-03-09 41760] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{E15A8DC0-8516-42A1-81EA-DC94EC1ACF10}] Windows Live Toolbar Helper - C:\Program Files (x86)\Windows Live\Toolbar\wltcore.dll [2009-02-06 1068904] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar] {21FA44EF-376D-4D53-9B0F-8A89D3229068} - &Windows Live Toolbar - C:\Program Files (x86)\Windows Live\Toolbar\wltcore.dll [2009-02-06 1068904] {855F3B16-6D32-4FE6-8A56-BBB695989046} - ICQToolBar - C:\Program Files (x86)\ICQ6Toolbar\ICQToolBar.dll [2010-01-03 1019128] [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run] "Corel File Shell Monitor"=C:\Program Files (x86)\Corel\Corel Paint Shop Pro Photo X2\CorelIOMonitor.exe [2009-08-25 15544] "HPCam_Menu"=c:\Program Files (x86)\Hewlett-Packard\Media\Webcam\MUITransfer\MUIStartMenu.exe [2009-05-19 222504] "QlbCtrl.exe"=C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch Buttons\QlbCtrl.exe [2009-08-20 322104] "Adobe Reader Speed Launcher"=C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe [2009-02-27 35696] "SunJavaUpdateSched"=C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [2010-02-18 248040] "HP Software Update"=C:\Program Files (x86)\Hp\HP Software Update\HPWuSchd2.exe [2008-12-08 54576] ""= [] "WirelessAssistant"=C:\Program Files (x86)\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe [2009-07-23 498744] "avgnt"=C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe [2010-03-02 282792] "iTunesHelper"=C:\Program Files (x86)\iTunes\iTunesHelper.exe [2010-03-26 142120] "Diamondback"=C:\Program Files (x86)\Razer\Diamondback 3G\razerhid.exe [2009-10-12 226816] [HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run] "Sidebar"=C:\Program Files\Windows Sidebar\sidebar.exe [2009-07-14 1475072] C:\Users\Martin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup OneNote 2007 Bildschirmausschnitt- und Startprogramm.lnk - C:\Program Files (x86)\Microsoft Office\Office12\ONENOTEM.EXE [HKEY_LOCAL_MACHINE\system\currentcontrolset\control\securityproviders] "SecurityProviders"=credssp.dll [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\AppInfo] [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\EFS] [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\KeyIso] [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Lavasoft Ad-Aware Service] [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\NTDS] [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Power] [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\ProfSvc] [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\RpcEptMapper] [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\sacsvr] [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\SWPRV] [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\TabletInputService] [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\TBS] [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\TrustedInstaller] [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\vmms] [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\volmgr.sys] [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\volmgrx.sys] [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys] [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WinDefend] [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WudfPf] [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WudfRd] [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WudfSvc] [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\{6BDD1FC1-810F-11D0-BEC7-08002BE2092F}] [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\{D48179BE-EC20-11D1-B6B8-00C04FA372A7}] [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\{D94EE5D8-D189-4994-83D2-F68D7D41B0E6}] [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\AppInfo] [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\BFE] [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\bowser] [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\dfsc] [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\Dot3Svc] [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\Eaphost] [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\EFS] [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\IKEEXT] [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\KeyIso] [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\Lavasoft Ad-Aware Service] [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\MPSDrv] [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\MPSSvc] [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\mrxsmb] [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\mrxsmb10] [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\mrxsmb20] [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\NativeWifiP] [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\ndiscap] [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\netprofm] [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\NlaSvc] [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\Nsi] [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\nsiproxy.sys] [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\NTDS] [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\PolicyAgent] [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\Power] [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\ProfSvc] [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\rdbss] [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\rdpencdd.sys] [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\RpcEptMapper] [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\sacsvr] [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\SCardSvr] [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\SWPRV] [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\TabletInputService] [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\TBS] [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\TrustedInstaller] [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\VaultSvc] [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\VDS] [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\vmms] [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\volmgr.sys] [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\volmgrx.sys] [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\Wdf01000.sys] [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\WinDefend] [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\Wlansvc] [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\WudfPf] [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\WudfRd] [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\WudfSvc] [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\WudfUsbccidDriver] [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\{50DD5230-BA8A-11D1-BF5D-0000F805F530}] [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\{533C5B84-EC70-11D2-9505-00C04F79DEAF}] [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\{6BDD1FC1-810F-11D0-BEC7-08002BE2092F}] [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\{D48179BE-EC20-11D1-B6B8-00C04FA372A7}] [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\{D94EE5D8-D189-4994-83D2-F68D7D41B0E6}] [HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\System] "DisableLockWorkstation"=0 "DisableChangePassword"=0 [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System] "ConsentPromptBehaviorAdmin"=5 "ConsentPromptBehaviorUser"=3 "EnableUIADesktopToggle"=0 "dontdisplaylastusername"=0 "legalnoticecaption"= "legalnoticetext"= "shutdownwithoutlogon"=1 "undockwithoutlogon"=1 "HideFastUserSwitching"=0 "DisableTaskMgr"=0 [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\explorer] "NoActiveDesktop"= "ForceActiveDesktopOn"= [HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list] [HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list] [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{8a378636-3c24-11df-8b76-806e6f6e6963}] shell\AutoRun\command - G:\Autorun.exe ======File associations====== .js - edit - C:\Windows\System32\Notepad.exe %1 .js - open - C:\Windows\System32\WScript.exe "%1" %* ======List of files/folders created in the last 1 months====== 2010-04-08 19:47:52 ----D---- C:\rsit 2010-04-08 19:47:52 ----D---- C:\Program Files (x86)\trend micro 2010-04-08 19:38:37 ----D---- C:\Program Files (x86)\CCleaner 2010-04-08 17:22:09 ----A---- C:\TDSSKiller.2.2.8.1_08.04.2010_17.22.09_log.txt 2010-04-08 17:21:45 ----A---- C:\TDSSKiller.2.2.8.1_08.04.2010_17.21.45_log.txt 2010-04-07 22:09:17 ----D---- C:\Users\***\AppData\Roaming\Malwarebytes 2010-04-07 22:09:07 ----D---- C:\ProgramData\Malwarebytes 2010-04-07 22:09:06 ----D---- C:\Program Files (x86)\Malwarebytes' Anti-Malware 2010-04-07 20:57:59 ----HDC---- C:\ProgramData\{74D08EB8-01D1-4BAE-91E3-F30C1B031AC6} 2010-04-07 20:57:55 ----D---- C:\ProgramData\Lavasoft 2010-04-07 20:57:55 ----D---- C:\Program Files (x86)\Lavasoft 2010-04-07 16:47:17 ----D---- C:\ProgramData\{657095DF-DBDB-4B17-8245-B38845C97069} 2010-04-05 00:02:59 ----D---- C:\Program Files (x86)\DVDVideoSoft 2010-04-05 00:02:59 ----D---- C:\Program Files (x86)\Common Files\DVDVideoSoft 2010-04-03 18:38:53 ----D---- C:\Program Files (x86)\Common Files\Steam 2010-04-03 18:38:50 ----D---- C:\Program Files (x86)\Steam 2010-04-03 18:38:15 ----A---- C:\Windows\system32\XAudio2_5.dll 2010-04-03 18:38:14 ----A---- C:\Windows\system32\xactengine3_5.dll 2010-04-03 18:38:14 ----A---- C:\Windows\system32\D3DCompiler_42.dll 2010-04-03 18:38:13 ----A---- C:\Windows\system32\D3DX9_42.dll 2010-04-03 18:38:13 ----A---- C:\Windows\system32\d3dx11_42.dll 2010-04-03 18:38:13 ----A---- C:\Windows\system32\d3dx10_42.dll 2010-04-03 18:38:13 ----A---- C:\Windows\system32\d3dx10_41.dll 2010-04-03 18:38:13 ----A---- C:\Windows\system32\d3dcsx_42.dll 2010-04-03 18:38:13 ----A---- C:\Windows\system32\D3DCompiler_41.dll 2010-04-03 18:38:12 ----A---- C:\Windows\system32\XAudio2_4.dll 2010-04-03 18:38:12 ----A---- C:\Windows\system32\XAPOFX1_3.dll 2010-04-03 18:38:12 ----A---- C:\Windows\system32\D3DX9_41.dll 2010-04-03 18:38:11 ----A---- C:\Windows\system32\xactengine3_4.dll 2010-04-03 18:38:11 ----A---- C:\Windows\system32\X3DAudio1_6.dll 2010-04-03 18:38:11 ----A---- C:\Windows\system32\d3dx10_40.dll 2010-04-03 18:38:11 ----A---- C:\Windows\system32\D3DCompiler_40.dll 2010-04-03 18:38:10 ----A---- C:\Windows\system32\XAudio2_3.dll 2010-04-03 18:38:10 ----A---- C:\Windows\system32\XAudio2_2.dll 2010-04-03 18:38:10 ----A---- C:\Windows\system32\XAPOFX1_2.dll 2010-04-03 18:38:10 ----A---- C:\Windows\system32\XAPOFX1_1.dll 2010-04-03 18:38:10 ----A---- C:\Windows\system32\xactengine3_3.dll 2010-04-03 18:38:10 ----A---- C:\Windows\system32\X3DAudio1_5.dll 2010-04-03 18:38:10 ----A---- C:\Windows\system32\D3DX9_40.dll 2010-04-03 18:38:09 ----A---- C:\Windows\system32\XAudio2_1.dll 2010-04-03 18:38:09 ----A---- C:\Windows\system32\XAPOFX1_0.dll 2010-04-03 18:38:09 ----A---- C:\Windows\system32\xactengine3_2.dll 2010-04-03 18:38:09 ----A---- C:\Windows\system32\D3DX9_39.dll 2010-04-03 18:38:09 ----A---- C:\Windows\system32\d3dx10_39.dll 2010-04-03 18:38:09 ----A---- C:\Windows\system32\D3DCompiler_39.dll 2010-04-03 18:38:08 ----A---- C:\Windows\system32\XAudio2_0.dll 2010-04-03 18:38:08 ----A---- C:\Windows\system32\xactengine3_1.dll 2010-04-03 18:38:08 ----A---- C:\Windows\system32\X3DAudio1_4.dll 2010-04-03 18:38:08 ----A---- C:\Windows\system32\D3DX9_38.dll 2010-04-03 18:38:08 ----A---- C:\Windows\system32\d3dx10_38.dll 2010-04-03 18:38:08 ----A---- C:\Windows\system32\D3DCompiler_38.dll 2010-04-03 18:38:07 ----A---- C:\Windows\system32\xactengine3_0.dll 2010-04-03 18:38:07 ----A---- C:\Windows\system32\X3DAudio1_3.dll 2010-04-03 18:38:07 ----A---- C:\Windows\system32\D3DX9_37.dll 2010-04-03 18:38:07 ----A---- C:\Windows\system32\d3dx10_37.dll 2010-04-03 18:38:07 ----A---- C:\Windows\system32\D3DCompiler_37.dll 2010-04-02 21:40:32 ----D---- C:\Users\***\AppData\Roaming\Avira 2010-04-02 17:54:08 ----D---- C:\Program Files (x86)\Razer 2010-04-02 17:53:40 ----D---- C:\Users\***\AppData\Roaming\InstallShield 2010-04-02 16:47:13 ----D---- C:\Program Files (x86)\Electronic Arts 2010-04-02 11:04:21 ----D---- C:\ProgramData\Sun 2010-04-02 11:04:21 ----D---- C:\Program Files (x86)\Common Files\Java 2010-04-02 11:04:11 ----A---- C:\Windows\system32\javaws.exe 2010-04-02 11:04:11 ----A---- C:\Windows\system32\javaw.exe 2010-04-02 11:04:11 ----A---- C:\Windows\system32\java.exe 2010-04-01 23:42:13 ----D---- C:\Users\***\AppData\Roaming\vlc 2010-04-01 23:41:52 ----D---- C:\Program Files (x86)\VideoLAN 2010-04-01 22:08:26 ----D---- C:\ProgramData\Last.fm 2010-04-01 22:07:24 ----D---- C:\Program Files (x86)\Last.fm 2010-04-01 20:46:54 ----D---- C:\Program Files (x86)\ICQ-Banner-Remover 2010-04-01 20:17:45 ----D---- C:\Program Files (x86)\ICQ6Toolbar 2010-04-01 20:17:43 ----D---- C:\ProgramData\ICQ 2010-04-01 20:16:39 ----D---- C:\Users\***\AppData\Roaming\ICQ 2010-04-01 20:16:36 ----D---- C:\Program Files (x86)\ICQ7.1 2010-04-01 19:34:38 ----D---- C:\Users\***\AppData\Roaming\Apple Computer 2010-04-01 19:34:29 ----A---- C:\Windows\system32\GEARAspi.dll 2010-04-01 19:34:12 ----D---- C:\ProgramData\{93E26451-CD9A-43A5-A2FA-C42392EA4001} 2010-04-01 19:34:12 ----D---- C:\Program Files (x86)\iTunes 2010-04-01 19:32:33 ----D---- C:\ProgramData\Apple Computer 2010-04-01 19:32:33 ----D---- C:\Program Files (x86)\QuickTime 2010-04-01 19:31:47 ----D---- C:\Program Files (x86)\Apple Software Update 2010-04-01 19:31:24 ----D---- C:\Program Files (x86)\Bonjour 2010-04-01 19:31:18 ----D---- C:\ProgramData\Apple 2010-04-01 19:31:18 ----D---- C:\Program Files (x86)\Common Files\Apple 2010-04-01 19:10:27 ----D---- C:\Users\***\AppData\Roaming\Mozilla 2010-04-01 19:10:14 ----D---- C:\Program Files (x86)\Mozilla Firefox 2010-04-01 17:31:50 ----A---- C:\Windows\system32\win_utilman.exe 2010-04-01 17:31:47 ----D---- C:\Users\***\AppData\Roaming\_MDLogs 2010-03-31 21:53:19 ----A---- C:\Windows\system32\msv1_0.dll 2010-03-31 21:51:04 ----D---- C:\Program Files (x86)\MSXML 4.0 2010-03-31 17:32:21 ----D---- C:\Users\***\AppData\Roaming\HP Support Assistant 2010-03-31 17:25:38 ----D---- C:\Users\***\AppData\Roaming\CyberLink 2010-03-31 17:08:08 ----A---- C:\Windows\system32\wmp.dll 2010-03-31 17:08:08 ----A---- C:\Windows\system32\CertEnroll.dll 2010-03-31 17:08:07 ----A---- C:\Windows\system32\wmploc.DLL 2010-03-31 17:07:59 ----A---- C:\Windows\system32\secproc_isv.dll 2010-03-31 17:07:59 ----A---- C:\Windows\system32\secproc.dll 2010-03-31 17:07:58 ----A---- C:\Windows\system32\secproc_ssp_isv.dll 2010-03-31 17:07:58 ----A---- C:\Windows\system32\secproc_ssp.dll 2010-03-31 17:07:58 ----A---- C:\Windows\system32\RMActivate_ssp_isv.exe 2010-03-31 17:07:58 ----A---- C:\Windows\system32\RMActivate_ssp.exe 2010-03-31 17:07:58 ----A---- C:\Windows\system32\RMActivate_isv.exe 2010-03-31 17:07:58 ----A---- C:\Windows\system32\RMActivate.exe 2010-03-31 17:07:57 ----A---- C:\Windows\system32\t2embed.dll 2010-03-31 17:07:57 ----A---- C:\Windows\system32\fontsub.dll 2010-03-31 17:07:57 ----A---- C:\Windows\system32\explorer.exe 2010-03-31 17:07:57 ----A---- C:\Windows\system32\atmfd.dll 2010-03-31 17:07:57 ----A---- C:\Windows\explorer.exe 2010-03-31 17:07:56 ----A---- C:\Windows\system32\wow32.dll 2010-03-31 17:07:56 ----A---- C:\Windows\system32\user.exe 2010-03-31 17:07:56 ----A---- C:\Windows\system32\setup16.exe 2010-03-31 17:07:56 ----A---- C:\Windows\system32\ntvdm64.dll 2010-03-31 17:07:56 ----A---- C:\Windows\system32\instnm.exe 2010-03-31 17:07:54 ----A---- C:\Windows\system32\mshtml.dll 2010-03-31 17:07:53 ----A---- C:\Windows\system32\ieframe.dll 2010-03-31 17:07:52 ----A---- C:\Windows\system32\wininet.dll 2010-03-31 17:07:52 ----A---- C:\Windows\system32\urlmon.dll 2010-03-31 17:07:52 ----A---- C:\Windows\system32\mstime.dll 2010-03-31 17:07:52 ----A---- C:\Windows\system32\msfeedsbs.dll 2010-03-31 17:07:52 ----A---- C:\Windows\system32\iedkcs32.dll 2010-03-31 17:07:46 ----A---- C:\Windows\system32\tzres.dll 2010-03-31 17:07:40 ----A---- C:\Windows\system32\quartz.dll 2010-03-31 17:07:39 ----A---- C:\Windows\system32\tsbyuv.dll 2010-03-31 17:07:39 ----A---- C:\Windows\system32\msyuv.dll 2010-03-31 17:07:39 ----A---- C:\Windows\system32\msvidc32.dll 2010-03-31 17:07:39 ----A---- C:\Windows\system32\msrle32.dll 2010-03-31 17:07:39 ----A---- C:\Windows\system32\mciavi32.dll 2010-03-31 17:07:39 ----A---- C:\Windows\system32\jscript.dll 2010-03-31 17:07:39 ----A---- C:\Windows\system32\iyuv_32.dll 2010-03-31 17:07:39 ----A---- C:\Windows\system32\avifil32.dll 2010-03-31 17:07:38 ----A---- C:\Windows\system32\CPFilters.dll 2010-03-31 17:07:37 ----A---- C:\Windows\system32\psisdecd.dll 2010-03-31 17:07:35 ----A---- C:\Windows\system32\msasn1.dll 2010-03-30 21:33:37 ----D---- C:\ProgramData\Recovery 2010-03-30 21:29:41 ----D---- C:\ProgramData\Avira 2010-03-30 21:29:41 ----D---- C:\Program Files (x86)\Avira 2010-03-30 21:26:38 ----D---- C:\Users\***\AppData\Roaming\HpUpdate 2010-03-30 21:20:25 ----D---- C:\Users\***\AppData\Roaming\hpqLog 2010-03-30 21:16:09 ----D---- C:\Users\***\AppData\Roaming\Macromedia 2010-03-30 21:16:07 ----D---- C:\Users\***\AppData\Roaming\Adobe 2010-03-30 21:15:25 ----A---- C:\ProgramData\HPWALog.txt 2010-03-30 21:14:58 ----D---- C:\Users\***\AppData\Roaming\Identities 2010-03-30 21:00:48 ----D---- C:\Users\***\AppData\Roaming\Hewlett-Packard 2010-03-30 20:59:21 ----SD---- C:\Users\***\AppData\Roaming\Microsoft 2010-03-30 20:59:21 ----D---- C:\Users\***\AppData\Roaming\Media Center Programs 2010-03-30 20:59:12 ----SHD---- C:\Programme 2010-03-30 20:59:12 ----SHD---- C:\ProgramData\Vorlagen 2010-03-30 20:59:12 ----SHD---- C:\ProgramData\Startmenü 2010-03-30 20:59:12 ----SHD---- C:\ProgramData\Favoriten 2010-03-30 20:59:12 ----SHD---- C:\ProgramData\Dokumente 2010-03-30 20:59:12 ----SHD---- C:\ProgramData\Anwendungsdaten 2010-03-30 20:59:12 ----SHD---- C:\Dokumente und Einstellungen ======List of files/folders modified in the last 1 months====== 2010-04-09 16:41:06 ----D---- C:\Windows\Temp 2010-04-09 16:32:59 ----HD---- C:\ProgramData 2010-04-09 16:31:14 ----D---- C:\Windows 2010-04-08 21:33:09 ----D---- C:\Windows\debug 2010-04-08 19:47:52 ----D---- C:\Program Files (x86) 2010-04-08 17:13:07 ----D---- C:\Windows\Tasks 2010-04-08 16:12:59 ----SHD---- C:\System Volume Information 2010-04-07 23:21:34 ----D---- C:\Windows\winsxs 2010-04-07 23:21:34 ----D---- C:\Windows\System32 2010-04-07 22:09:08 ----D---- C:\Windows\system32\drivers 2010-04-07 20:58:03 ----SHD---- C:\Windows\Installer 2010-04-07 16:50:29 ----D---- C:\Windows\SysWOW64 2010-04-07 16:49:42 ----HD---- C:\Program Files (x86)\InstallShield Installation Information 2010-04-07 16:49:27 ----D---- C:\Windows\Help 2010-04-07 16:48:13 ----RSD---- C:\Windows\assembly 2010-04-07 16:48:05 ----D---- C:\Program Files (x86)\Hewlett-Packard 2010-04-07 16:47:58 ----RD---- C:\Users 2010-04-07 16:46:48 ----D---- C:\SwSetup 2010-04-07 16:45:19 ----D---- C:\ProgramData\Hewlett-Packard 2010-04-06 22:51:43 ----D---- C:\Windows\inf 2010-04-05 13:59:16 ----SHD---- C:\$Recycle.Bin 2010-04-05 12:51:20 ----D---- C:\Windows\Prefetch 2010-04-05 00:02:59 ----D---- C:\Program Files (x86)\Common Files 2010-04-03 18:36:45 ----D---- C:\Windows\Logs 2010-04-02 19:04:27 ----D---- C:\Windows\rescache 2010-04-02 11:03:58 ----D---- C:\Program Files (x86)\Java 2010-04-02 01:43:16 ----D---- C:\ProgramData\Microsoft Help 2010-04-02 01:24:16 ----RD---- C:\Program Files 2010-04-01 22:21:13 ----SD---- C:\ProgramData\Microsoft 2010-04-01 18:04:00 ----D---- C:\Program Files (x86)\HP Games 2010-04-01 18:03:54 ----D---- C:\ProgramData\WildTangent 2010-03-31 22:22:38 ----D---- C:\Windows\Microsoft.NET 2010-03-31 22:05:42 ----D---- C:\Program Files (x86)\Microsoft Silverlight 2010-03-31 22:05:01 ----D---- C:\Program Files (x86)\Internet Explorer 2010-03-31 22:05:00 ----D---- C:\Program Files (x86)\Windows Media Player 2010-03-31 22:04:59 ----D---- C:\Windows\AppPatch 2010-03-31 22:04:58 ----D---- C:\Windows\system32\de-DE 2010-03-31 22:04:58 ----D---- C:\Windows\ehome 2010-03-31 21:54:15 ----D---- C:\Program Files (x86)\Microsoft Works 2010-03-31 21:49:09 ----RSD---- C:\Windows\Fonts 2010-03-31 21:49:02 ----D---- C:\Program Files (x86)\Common Files\microsoft shared 2010-03-31 21:47:43 ----D---- C:\Windows\SoftwareDistribution 2010-03-31 17:34:59 ----D---- C:\Windows\Hewlett-Packard 2010-03-30 21:40:45 ----A---- C:\Windows\system32\ezsvc7x.dll 2010-03-30 21:38:58 ----D---- C:\ProgramData\Norton 2010-03-30 21:00:45 ----RD---- C:\Program Files (x86)\Online Services 2010-03-30 21:00:45 ----D---- C:\Program Files (x86)\Windows Sidebar 2010-03-30 21:00:22 ----HD---- C:\SYSTEM.SAV 2010-03-30 21:00:19 ----SHD---- C:\Recovery 2010-03-30 19:49:59 ----D---- C:\Windows\Panther ======List of drivers (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)====== R1 avipbb;avipbb; C:\Windows\system32\DRIVERS\avipbb.sys [] R1 blbdrive;blbdrive; C:\Windows\system32\DRIVERS\blbdrive.sys [] R1 DfsC;@%systemroot%\system32\drivers\dfsc.sys,-101; C:\Windows\System32\Drivers\dfsc.sys [] R1 discache;@%systemroot%\system32\drivers\discache.sys,-102; C:\Windows\System32\drivers\discache.sys [] R1 nsiproxy;@%SystemRoot%\system32\drivers\nsiproxy.sys,-2; C:\Windows\system32\drivers\nsiproxy.sys [] R1 RDPENCDD;@%systemroot%\system32\drivers\RDPENCDD.sys,-101; C:\Windows\system32\drivers\rdpencdd.sys [] R1 RDPREFMP;@%systemroot%\system32\drivers\RdpRefMp.sys,-101; C:\Windows\system32\drivers\rdprefmp.sys [] R1 tdx;@%SystemRoot%\system32\tcpipcfg.dll,-50004; C:\Windows\system32\DRIVERS\tdx.sys [] R1 vwififlt;Virtual WiFi Filter Driver; C:\Windows\system32\DRIVERS\vwififlt.sys [] R1 Wanarpv6;@%systemroot%\system32\rascfg.dll,-32012; C:\Windows\system32\DRIVERS\wanarp.sys [] R1 WfpLwf;WFP Lightweight Filter; C:\Windows\system32\DRIVERS\wfplwf.sys [] R2 avgntflt;avgntflt; C:\Windows\system32\DRIVERS\avgntflt.sys [] R2 lltdio;Link-Layer Topology Discovery Mapper I/O Driver; C:\Windows\system32\DRIVERS\lltdio.sys [] R2 luafv;@%systemroot%\system32\drivers\luafv.sys,-100; C:\Windows\system32\drivers\luafv.sys [] R2 PEAUTH;PEAUTH; C:\Windows\system32\drivers\peauth.sys [] R2 rspndr;Link-Layer Topology Discovery Responder; C:\Windows\system32\DRIVERS\rspndr.sys [] R2 tcpipreg;TCP/IP Registry Compatibility; C:\Windows\System32\drivers\tcpipreg.sys [] R3 Accelerometer;HP Accelerometer; C:\Windows\system32\DRIVERS\Accelerometer.sys [] R3 BCM43XX;Treiber für Broadcom 802.11-Netzwerkadapter; C:\Windows\system32\DRIVERS\bcmwl664.sys [] R3 bowser;@%systemroot%\system32\browser.dll,-102; C:\Windows\system32\DRIVERS\bowser.sys [] R3 circlass;Anwenderinfrarotgeräte; C:\Windows\system32\DRIVERS\circlass.sys [] R3 CmBatt;Treiber für Microsoft-ACPI-Kontrollmethodenkompatiblen Akku; C:\Windows\system32\DRIVERS\CmBatt.sys [] R3 CompositeBus;Busenumeratortreiber für Verbundgeräte; C:\Windows\system32\DRIVERS\CompositeBus.sys [] R3 DXGKrnl;LDDM Graphics Subsystem; C:\Windows\System32\drivers\dxgkrnl.sys [] R3 enecir;ENE CIR Receiver; C:\Windows\system32\DRIVERS\enecir.sys [] R3 GEARAspiWDM;GEAR ASPI Filter Driver; C:\Windows\system32\DRIVERS\GEARAspiWDM.sys [] R3 HDAudBus;Microsoft-UAA-Bustreiber für High Definition Audio; C:\Windows\system32\DRIVERS\HDAudBus.sys [] R3 HidIr;Microsoft Infrarot-HID-Treiber; C:\Windows\system32\DRIVERS\hidir.sys [] R3 HidUsb;Microsoft HID Class-Treiber; C:\Windows\system32\DRIVERS\hidusb.sys [] R3 HpqKbFiltr;HpqKbFilter Driver; C:\Windows\system32\DRIVERS\HpqKbFiltr.sys [] R3 Impcd;Impcd; C:\Windows\system32\DRIVERS\Impcd.sys [] R3 intelppm;Intel-Prozessortreiber; C:\Windows\system32\DRIVERS\intelppm.sys [] R3 kbdhid;Tastatur-HID-Treiber; C:\Windows\system32\DRIVERS\kbdhid.sys [] R3 ksthunk;Kernel Streaming Thunks; C:\Windows\system32\drivers\ksthunk.sys [] R3 monitor;Microsoft Monitor-Klassenfunktionstreiber-Dienst; C:\Windows\system32\DRIVERS\monitor.sys [] R3 mouhid;Maus-HID-Treiber; C:\Windows\system32\DRIVERS\mouhid.sys [] R3 mpsdrv;@%SystemRoot%\system32\FirewallAPI.dll,-23092; C:\Windows\System32\drivers\mpsdrv.sys [] R3 mrxsmb10;@%systemroot%\system32\wkssvc.dll,-1004; C:\Windows\system32\DRIVERS\mrxsmb10.sys [] R3 mrxsmb20;@%systemroot%\system32\wkssvc.dll,-1006; C:\Windows\system32\DRIVERS\mrxsmb20.sys [] R3 NativeWifiP;NativeWiFi Filter; C:\Windows\system32\DRIVERS\nwifi.sys [] R3 NVHDA;Service for NVIDIA High Definition Audio Driver; C:\Windows\system32\drivers\nvhda64v.sys [] R3 nvlddmkm;nvlddmkm; C:\Windows\system32\DRIVERS\nvlddmkm.sys [] R3 RasAgileVpn;WAN Miniport (IKEv2); C:\Windows\system32\DRIVERS\AgileVpn.sys [] R3 RasSstp;@%systemroot%\system32\sstpsvc.dll,-202; C:\Windows\system32\DRIVERS\rassstp.sys [] R3 Razerlow;Razer Pro|Solutions; C:\Windows\system32\drivers\DB3G.sys [] R3 srv2;@%systemroot%\system32\srvsvc.dll,-104; C:\Windows\System32\DRIVERS\srv2.sys [] R3 srvnet;srvnet; C:\Windows\System32\DRIVERS\srvnet.sys [] R3 STHDA;IDT High Definition Audio CODEC; C:\Windows\system32\DRIVERS\stwrt64.sys [] R3 SynTP;Synaptics TouchPad Driver; C:\Windows\system32\DRIVERS\SynTP.sys [] R3 tunnel;Microsoft-Tunnelminiport-Adaptertreiber; C:\Windows\system32\DRIVERS\tunnel.sys [] R3 umbus;UMBusenumerator-Treiber; C:\Windows\system32\DRIVERS\umbus.sys [] R3 usbccgp;Microsoft Standard-USB-Haupttreiber; C:\Windows\system32\DRIVERS\usbccgp.sys [] R3 usbehci;Miniporttreiber für erweiterten Microsoft USB 2.0-Hostcontroller; C:\Windows\system32\DRIVERS\usbehci.sys [] R3 usbhub;Microsoft USB-Standardhubtreiber; C:\Windows\system32\DRIVERS\usbhub.sys [] R3 usbvideo;USB-Videogerät (WDM); C:\Windows\System32\Drivers\usbvideo.sys [] R3 vwifibus;Virtueller WiFi-Bustreiber; C:\Windows\system32\DRIVERS\vwifibus.sys [] R3 WmiAcpi;Microsoft Windows Management Interface for ACPI; C:\Windows\system32\DRIVERS\wmiacpi.sys [] R3 WudfPf;User Mode Driver Frameworks Platform Driver; C:\Windows\system32\drivers\WudfPf.sys [] S3 1394ohci;OHCI-konformer 1394-Hostcontroller; C:\Windows\system32\DRIVERS\1394ohci.sys [] S3 AcpiPmi;ACPI-Energieanzeigetreiber; C:\Windows\system32\DRIVERS\acpipmi.sys [] S3 agp440;Intel AGP-Bus-Filter; C:\Windows\system32\DRIVERS\agp440.sys [] S3 AmdK8;AMD K8-Prozessortreiber; C:\Windows\system32\DRIVERS\amdk8.sys [] S3 AmdPPM;AMD-Prozessortreiber; C:\Windows\system32\DRIVERS\amdppm.sys [] S3 AppID;@%systemroot%\system32\appidsvc.dll,-102; C:\Windows\system32\drivers\appid.sys [] S3 b06bdrv;Broadcom NetXtreme II VBD; C:\Windows\system32\DRIVERS\bxvbda.sys [] S3 b57nd60a;Broadcom NetXtreme Gigabit Ethernet - NDIS 6.0; C:\Windows\system32\DRIVERS\b57nd60a.sys [] S3 BrFiltLo;Brother USB-Massenspeichertreiber für unteren Filter; C:\Windows\system32\DRIVERS\BrFiltLo.sys [] S3 BrFiltUp;Brother USB-Massenspeichertreiber für oberen Filter; C:\Windows\system32\DRIVERS\BrFiltUp.sys [] S3 Brserid;Brother MFC-Seriellschnittstellentreiber (WDM); C:\Windows\System32\Drivers\Brserid.sys [] S3 BrSerWdm;Brother WDM-Treiber (seriell); C:\Windows\System32\Drivers\BrSerWdm.sys [] S3 BrUsbMdm;Brother MFC-nur-Fax-Modem (USB); C:\Windows\System32\Drivers\BrUsbMdm.sys [] S3 BrUsbSer;Brother MFC-WDM-Treiber (USB,seriell); C:\Windows\System32\Drivers\BrUsbSer.sys [] S3 BTHMODEM;Serieller Kommunikationstreiber für Bluetooth; C:\Windows\system32\DRIVERS\bthmodem.sys [] S3 ebdrv;Broadcom NetXtreme II 10 GigE VBD; C:\Windows\system32\DRIVERS\evbda.sys [] S3 ErrDev;Microsoft-Hardwarefehler-Gerätetreiber; C:\Windows\system32\DRIVERS\errdev.sys [] S3 exfat;exFAT File System Driver; C:\Windows\system32\drivers\exfat.sys [] S3 Filetrace;@%SystemRoot%\system32\drivers\filetrace.sys,-10001; C:\Windows\system32\drivers\filetrace.sys [] S3 FsDepends;@%SystemRoot%\system32\drivers\fsdepends.sys,-10001; C:\Windows\System32\drivers\FsDepends.sys [] S3 gagp30kx;Microsoft Allgemeiner AGPv3.0-Filter für K8-Prozessorplattformen; C:\Windows\system32\DRIVERS\gagp30kx.sys [] S3 hcw85cir;Hauppauge Consumer Infrared Receiver; C:\Windows\system32\drivers\hcw85cir.sys [] S3 HdAudAddService;Microsoft 1.1 UAA-Funktionstreiber für High Definition Audio-Dienst; C:\Windows\system32\drivers\HdAudio.sys [] S3 HidBatt;HID-USV-Akkutreiber; C:\Windows\system32\DRIVERS\HidBatt.sys [] S3 HidBth;Microsoft Bluetooth-HID-Miniport; C:\Windows\system32\DRIVERS\hidbth.sys [] S3 igfx;igfx; C:\Windows\system32\DRIVERS\igdkmd64.sys [] S3 IPMIDRV;IPMIDRV; C:\Windows\system32\DRIVERS\IPMIDrv.sys [] S3 iScsiPrt;iScsiPort-Treiber; C:\Windows\system32\DRIVERS\msiscsi.sys [] S3 JMCR;JMCR; C:\Windows\system32\DRIVERS\jmcr.sys [] S3 mshidkmdf;@%SystemRoot%\system32\drivers\mshidkmdf.sys,-100; C:\Windows\System32\drivers\mshidkmdf.sys [] S3 MsRPC;MsRPC; C:\Windows\system32\drivers\MsRPC.sys [] S3 MSTEE;Microsoft Streaming Tee/Sink-to-Sink-Konvertierung; C:\Windows\system32\drivers\MSTEE.sys [] S3 MTConfig;Microsoft Input Configuration Driver; C:\Windows\system32\DRIVERS\MTConfig.sys [] S3 NdisCap;NDIS Capture LightWeight Filter; C:\Windows\system32\DRIVERS\ndiscap.sys [] S3 netw5v64;Intel(R) Wireless WiFi Link 5000 Series Adapter Driver for Windows Vista 64 Bit; C:\Windows\system32\DRIVERS\netw5v64.sys [] S3 nv_agp;NVIDIA nForce AGP-Busfilter; C:\Windows\system32\DRIVERS\nv_agp.sys [] S3 ohci1394;OHCI-konformer 1394-Hostcontroller (alt); C:\Windows\system32\DRIVERS\ohci1394.sys [] S3 QWAVEdrv;@%SystemRoot%\system32\drivers\qwavedrv.sys,-1; C:\Windows\system32\drivers\qwavedrv.sys [] S3 rdpbus;Remote Desktop Device Redirector Bus Driver; C:\Windows\system32\DRIVERS\rdpbus.sys [] S3 RTL8167;Realtek 8167 NT Driver; C:\Windows\system32\DRIVERS\Rt64win7.sys [] S3 scfilter;@%SystemRoot%\System32\drivers\scfilter.sys,-11; C:\Windows\System32\DRIVERS\scfilter.sys [] S3 sdbus;sdbus; C:\Windows\system32\DRIVERS\sdbus.sys [] S3 sermouse;Serieller Maustreiber; C:\Windows\system32\DRIVERS\sermouse.sys [] S3 sffdisk;SFF-Speicherklassentreiber; C:\Windows\system32\DRIVERS\sffdisk.sys [] S3 sffp_mmc;SFF-Speicherprotokolltreiber für MMC; C:\Windows\system32\DRIVERS\sffp_mmc.sys [] S3 sffp_sd;SFF-Speicherprotokolltreiber für SDBus; C:\Windows\system32\DRIVERS\sffp_sd.sys [] S3 Smb;@%SystemRoot%\system32\tcpipcfg.dll,-50005; C:\Windows\system32\DRIVERS\smb.sys [] S3 SrvHsfHDA;SrvHsfHDA; C:\Windows\system32\DRIVERS\VSTAZL6.SYS [] S3 SrvHsfV92;SrvHsfV92; C:\Windows\system32\DRIVERS\VSTDPV6.SYS [] S3 SrvHsfWinac;SrvHsfWinac; C:\Windows\system32\DRIVERS\VSTCNXT6.SYS [] S3 TCPIP6;Microsoft IPv6 Protocol Driver; C:\Windows\system32\DRIVERS\tcpip.sys [] S3 tssecsrv;@%SystemRoot%\System32\DRIVERS\tssecsrv.sys,-101; C:\Windows\System32\DRIVERS\tssecsrv.sys [] S3 uagp35;Microsoft AGPv3.5-Filter; C:\Windows\system32\DRIVERS\uagp35.sys [] S3 uliagpkx;Uli AGP-Bus-Filter; C:\Windows\system32\DRIVERS\uliagpkx.sys [] S3 UmPass;Microsoft-UMPass-Treiber; C:\Windows\system32\DRIVERS\umpass.sys [] S3 USBAAPL64;Apple Mobile USB Driver; C:\Windows\System32\Drivers\usbaapl64.sys [] S3 usbcir;eHome-Infrarotempfänger (USBCIR); C:\Windows\system32\DRIVERS\usbcir.sys [] S3 usbohci;Miniporttreiber für Microsoft USB Open Host-Controller; C:\Windows\system32\DRIVERS\usbohci.sys [] S3 usbprint;Microsoft USB-Druckerklasse; C:\Windows\system32\DRIVERS\usbprint.sys [] S3 USBSTOR;USB-Massenspeichertreiber; C:\Windows\system32\DRIVERS\USBSTOR.SYS [] S3 usbuhci;Miniporttreiber für universellen Microsoft USB-Hostcontroller; C:\Windows\system32\DRIVERS\usbuhci.sys [] S3 vga;vga; C:\Windows\system32\DRIVERS\vgapnp.sys [] S3 vhdmp;vhdmp; C:\Windows\system32\DRIVERS\vhdmp.sys [] S3 WacomPen;Wacom HID-Treiber für seriellen Stift; C:\Windows\system32\DRIVERS\wacompen.sys [] S3 WIMMount;WIMMount; C:\Windows\system32\drivers\wimmount.sys [2009-07-14 19008] S3 WUDFRd;WUDFRd; C:\Windows\system32\DRIVERS\WUDFRd.sys [] S3 xusb21;Xbox 360 Wireless Receiver Driver Service 21; C:\Windows\system32\DRIVERS\xusb21.sys [] S3 yukonw7;NDIS6.2 Miniport Driver for Marvell Yukon Ethernet Controller; C:\Windows\system32\DRIVERS\yk62x64.sys [] S4 crcdisk;Crcdisk-Filtertreiber; C:\Windows\system32\DRIVERS\crcdisk.sys [] S4 ws2ifsl;@%systemroot%\System32\drivers\ws2ifsl.sys,-1000; C:\Windows\system32\drivers\ws2ifsl.sys [] ======List of services (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)====== R2 AESTFilters;Andrea ST Filters Service; C:\Windows\System32\DriverStore\FileRepository\stwrt64.inf_amd64_neutral_d15ed671de43d681\AESTSr64.exe [2009-03-03 89600] R2 AntiVirSchedulerService;Avira AntiVir Planer; C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe [2010-02-24 135336] R2 AntiVirService;Avira AntiVir Guard; C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe [2010-03-16 267432] R2 Apple Mobile Device;Apple Mobile Device; C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe [2010-03-19 144672] R2 AudioEndpointBuilder;@%SystemRoot%\system32\audiosrv.dll,-204; C:\Windows\System32\svchost.exe [2009-07-14 20992] R2 BFE;@%SystemRoot%\system32\bfe.dll,-1001; C:\Windows\system32\svchost.exe [2009-07-14 20992] R2 Bonjour Service;Dienst "Bonjour"; C:\Program Files (x86)\Bonjour\mDNSResponder.exe [2010-02-12 345376] R2 DPS;@%systemroot%\system32\dps.dll,-500; C:\Windows\System32\svchost.exe [2009-07-14 20992] R2 ezSharedSvc;Easybits Shared Services for Windows; C:\Windows\system32\svchost.exe [2009-07-14 20992] R2 FDResPub;@%systemroot%\system32\fdrespub.dll,-100; C:\Windows\system32\svchost.exe [2009-07-14 20992] R2 gpsvc;@gpapi.dll,-112; C:\Windows\system32\svchost.exe [2009-07-14 20992] R2 HP Health Check Service;HP Health Check Service; C:\Program Files (x86)\Hewlett-Packard\HP Health Check\hphc_service.exe [2009-10-15 120832] R2 hpsrv;HP Service; C:\Windows\system32\Hpservice.exe [] R2 ICQ Service;ICQ Service; C:\Program Files (x86)\ICQ6Toolbar\ICQ Service.exe [2010-01-03 246520] R2 iphlpsvc;@%SystemRoot%\system32\iphlpsvc.dll,-500; C:\Windows\System32\svchost.exe [2009-07-14 20992] R2 Lavasoft Ad-Aware Service;Lavasoft Ad-Aware Service; C:\Program Files (x86)\Lavasoft\Ad-Aware\AAWService.exe [2010-04-07 1265264] R2 LightScribeService;LightScribeService Direct Disc Labeling Service; C:\Program Files (x86)\Common Files\LightScribe\LSSrvc.exe [2009-08-20 73728] R2 MMCSS;@%systemroot%\system32\mmcss.dll,-100; C:\Windows\system32\svchost.exe [2009-07-14 20992] R2 MpsSvc;@%SystemRoot%\system32\FirewallAPI.dll,-23090; C:\Windows\system32\svchost.exe [2009-07-14 20992] R2 NlaSvc;@%SystemRoot%\System32\nlasvc.dll,-1; C:\Windows\System32\svchost.exe [2009-07-14 20992] R2 nsi;@%SystemRoot%\system32\nsisvc.dll,-200; C:\Windows\system32\svchost.exe [2009-07-14 20992] R2 nvsvc;NVIDIA Display Driver Service; C:\Windows\system32\nvvsvc.exe [] R2 PcaSvc;@%SystemRoot%\system32\pcasvc.dll,-1; C:\Windows\system32\svchost.exe [2009-07-14 20992] R2 Power;@%SystemRoot%\system32\umpo.dll,-100; C:\Windows\system32\svchost.exe [2009-07-14 20992] R2 ProfSvc;@%systemroot%\system32\profsvc.dll,-300; C:\Windows\system32\svchost.exe [2009-07-14 20992] R2 PSI_SVC_2;Protexis Licensing V2; C:\Program Files (x86)\Common Files\Protexis\License Service\PsiService_2.exe [2007-07-24 185632] R2 RichVideo;Cyberlink RichVideo Service(CRVS); C:\Program Files (x86)\CyberLink\Shared files\RichVideo.exe [2009-07-06 247152] R2 RpcEptMapper;@%windir%\system32\RpcEpMap.dll,-1001; C:\Windows\system32\svchost.exe [2009-07-14 20992] R2 SeaPort;SeaPort; C:\Program Files (x86)\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe [2009-05-19 240512] R2 STacSV;Audio Service; C:\Windows\System32\DriverStore\FileRepository\stwrt64.inf_amd64_neutral_d15ed671de43d681\STacSV64.exe [2009-10-21 240640] R2 SysMain;@%SystemRoot%\system32\sysmain.dll,-1000; C:\Windows\system32\svchost.exe [2009-07-14 20992] R2 UxSms;@%SystemRoot%\system32\dwm.exe,-2000; C:\Windows\System32\svchost.exe [2009-07-14 20992] R2 WinDefend;@%ProgramFiles%\Windows Defender\MsMpRes.dll,-103; C:\Windows\System32\svchost.exe [2009-07-14 20992] R2 Wlansvc;@%SystemRoot%\System32\wlansvc.dll,-257; C:\Windows\system32\svchost.exe [2009-07-14 20992] R2 WMPNetworkSvc;@%PROGRAMFILES%\Windows Media Player\wmpnetwk.exe,-101; C:\Program Files (x86)\Windows Media Player\wmpnetwk.exe [] R2 WSearch;@%systemroot%\system32\SearchIndexer.exe,-103; C:\Windows\system32\SearchIndexer.exe [2009-07-14 428032] R2 wudfsvc;@%SystemRoot%\system32\wudfsvc.dll,-1000; C:\Windows\system32\svchost.exe [2009-07-14 20992] R3 AeLookupSvc;@%SystemRoot%\system32\aelupsvc.dll,-1; C:\Windows\system32\svchost.exe [2009-07-14 20992] R3 Appinfo;@%systemroot%\system32\appinfo.dll,-100; C:\Windows\system32\svchost.exe [2009-07-14 20992] R3 Com4QLBEx;Com4QLBEx; C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch Buttons\Com4QLBEx.exe [2009-05-05 228408] R3 fdPHost;@%systemroot%\system32\fdPHost.dll,-100; C:\Windows\system32\svchost.exe [2009-07-14 20992] R3 HomeGroupListener;@%SystemRoot%\System32\ListSvc.dll,-100; C:\Windows\System32\svchost.exe [2009-07-14 20992] R3 HomeGroupProvider;@%SystemRoot%\System32\provsvc.dll,-100; C:\Windows\System32\svchost.exe [2009-07-14 20992] R3 hpqwmiex;hpqwmiex; C:\Program Files (x86)\Hewlett-Packard\Shared\hpqwmiex.exe [2009-04-30 229944] R3 iPod Service;iPod-Dienst; C:\Program Files\iPod\bin\iPodService.exe [2010-03-26 660256] R3 KeyIso;@keyiso.dll,-100; C:\Windows\system32\lsass.exe [] R3 netprofm;@%SystemRoot%\system32\netprofm.dll,-202; C:\Windows\System32\svchost.exe [2009-07-14 20992] R3 p2pimsvc;@%SystemRoot%\system32\pnrpsvc.dll,-8004; C:\Windows\System32\svchost.exe [2009-07-14 20992] R3 p2psvc;@%SystemRoot%\system32\p2psvc.dll,-8006; C:\Windows\System32\svchost.exe [2009-07-14 20992] R3 PNRPsvc;@%SystemRoot%\system32\pnrpsvc.dll,-8000; C:\Windows\System32\svchost.exe [2009-07-14 20992] R3 SDRSVC;@%SystemRoot%\system32\sdrsvc.dll,-107; C:\Windows\system32\svchost.exe [2009-07-14 20992] R3 TrustedInstaller;@%SystemRoot%\servicing\TrustedInstaller.exe,-100; C:\Windows\servicing\TrustedInstaller.exe [2009-07-14 194048] R3 WdiServiceHost;@%systemroot%\system32\wdi.dll,-502; C:\Windows\System32\svchost.exe [2009-07-14 20992] R3 WdiSystemHost;@%systemroot%\system32\wdi.dll,-500; C:\Windows\System32\svchost.exe [2009-07-14 20992] R3 WinHttpAutoProxySvc;@%SystemRoot%\system32\winhttp.dll,-100; C:\Windows\system32\svchost.exe [2009-07-14 20992] S2 sppsvc;@%SystemRoot%\system32\sppsvc.exe,-101; C:\Windows\system32\sppsvc.exe [] S3 AppIDSvc;@%systemroot%\system32\appidsvc.dll,-100; C:\Windows\system32\svchost.exe [2009-07-14 20992] S3 AxInstSV;@%SystemRoot%\system32\AxInstSV.dll,-103; C:\Windows\system32\svchost.exe [2009-07-14 20992] S3 BDESVC;@%SystemRoot%\system32\bdesvc.dll,-100; C:\Windows\System32\svchost.exe [2009-07-14 20992] S3 bthserv;@%SystemRoot%\System32\bthserv.dll,-101; C:\Windows\system32\svchost.exe [2009-07-14 20992] S3 CertPropSvc;@%SystemRoot%\System32\certprop.dll,-11; C:\Windows\system32\svchost.exe [2009-07-14 20992] S3 clr_optimization_v2.0.50727_32;Microsoft .NET Framework NGEN v2.0.50727_X86; C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe [2009-06-10 66384] S3 clr_optimization_v2.0.50727_64;Microsoft .NET Framework NGEN v2.0.50727_X64; C:\Windows\Microsoft.NET\Framework64\v2.0.50727\mscorsvw.exe [2009-06-10 89920] S3 defragsvc;@%SystemRoot%\system32\defragsvc.dll,-101; C:\Windows\system32\svchost.exe [2009-07-14 20992] S3 EFS;@%SystemRoot%\system32\efssvc.dll,-100; C:\Windows\System32\lsass.exe [] S3 ehRecvr;@%SystemRoot%\ehome\ehrecvr.exe,-101; C:\Windows\ehome\ehRecvr.exe [2009-07-14 696832] S3 ehSched;@%SystemRoot%\ehome\ehsched.exe,-101; C:\Windows\ehome\ehsched.exe [2009-07-14 127488] S3 Fax;@%systemroot%\system32\fxsresm.dll,-118; C:\Windows\system32\fxssvc.exe [] S3 FontCache;@%systemroot%\system32\FntCache.dll,-100; C:\Windows\system32\svchost.exe [2009-07-14 20992] S3 FontCache3.0.0.0;@%SystemRoot%\system32\PresentationHost.exe,-3309; C:\Windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe [2009-06-10 42840] S3 idsvc;@%systemroot%\Microsoft.NET\Framework64\v3.0\Windows Communication Foundation\ServiceModelInstallRC.dll,-8193; C:\Windows\Microsoft.NET\Framework64\v3.0\Windows Communication Foundation\infocard.exe [2009-06-10 856384] S3 IKEEXT;@%SystemRoot%\system32\ikeext.dll,-501; C:\Windows\system32\svchost.exe [2009-07-14 20992] S3 IPBusEnum;@%systemroot%\system32\IPBusEnum.dll,-102; C:\Windows\system32\svchost.exe [2009-07-14 20992] S3 KtmRm;@comres.dll,-2946; C:\Windows\System32\svchost.exe [2009-07-14 20992] S3 lltdsvc;@%SystemRoot%\system32\lltdres.dll,-1; C:\Windows\System32\svchost.exe [2009-07-14 20992] S3 MSiSCSI;@%SystemRoot%\system32\iscsidsc.dll,-5000; C:\Windows\system32\svchost.exe [2009-07-14 20992] S3 odserv;Microsoft Office Diagnostics Service; C:\Program Files (x86)\Common Files\Microsoft Shared\OFFICE12\ODSERV.EXE [2008-11-04 441712] S3 ose;Office Source Engine; C:\Program Files (x86)\Common Files\Microsoft Shared\Source Engine\OSE.EXE [2006-10-26 145184] S3 PerfHost;@%systemroot%\sysWow64\perfhost.exe,-2; C:\Windows\SysWow64\perfhost.exe [2009-07-14 20992] S3 pla;@%systemroot%\system32\pla.dll,-500; C:\Windows\System32\svchost.exe [2009-07-14 20992] S3 PNRPAutoReg;@%SystemRoot%\system32\pnrpauto.dll,-8002; C:\Windows\System32\svchost.exe [2009-07-14 20992] S3 QWAVE;@%SystemRoot%\system32\qwave.dll,-1; C:\Windows\system32\svchost.exe [2009-07-14 20992] S3 SCPolicySvc;@%SystemRoot%\System32\certprop.dll,-13; C:\Windows\system32\svchost.exe [2009-07-14 20992] S3 SensrSvc;@%SystemRoot%\System32\sensrsvc.dll,-1000; C:\Windows\system32\svchost.exe [2009-07-14 20992] S3 SessionEnv;@%SystemRoot%\System32\SessEnv.dll,-1026; C:\Windows\System32\svchost.exe [2009-07-14 20992] S3 SNMPTRAP;@%SystemRoot%\system32\snmptrap.exe,-3; C:\Windows\System32\snmptrap.exe [] S3 sppuinotify;@%SystemRoot%\system32\sppuinotify.dll,-103; C:\Windows\system32\svchost.exe [2009-07-14 20992] S3 SstpSvc;@%SystemRoot%\system32\sstpsvc.dll,-200; C:\Windows\system32\svchost.exe [2009-07-14 20992] S3 Steam Client Service;Steam Client Service; C:\Program Files (x86)\Common Files\Steam\SteamService.exe [2010-04-03 332720] S3 TabletInputService;@%SystemRoot%\system32\TabSvc.dll,-100; C:\Windows\System32\svchost.exe [2009-07-14 20992] S3 TBS;@%SystemRoot%\system32\tbssvc.dll,-100; C:\Windows\System32\svchost.exe [2009-07-14 20992] S3 THREADORDER;@%systemroot%\system32\mmcss.dll,-102; C:\Windows\system32\svchost.exe [2009-07-14 20992] S3 UI0Detect;@%SystemRoot%\system32\ui0detect.exe,-101; C:\Windows\system32\UI0Detect.exe [] S3 VaultSvc;@%SystemRoot%\system32\vaultsvc.dll,-1003; C:\Windows\system32\lsass.exe [] S3 vds;@%SystemRoot%\system32\vds.exe,-100; C:\Windows\System32\vds.exe [] S3 wbengine;@%systemroot%\system32\wbengine.exe,-104; C:\Windows\system32\wbengine.exe [] S3 WbioSrvc;@%systemroot%\system32\wbiosrvc.dll,-100; C:\Windows\system32\svchost.exe [2009-07-14 20992] S3 wcncsvc;@%SystemRoot%\system32\wcncsvc.dll,-3; C:\Windows\System32\svchost.exe [2009-07-14 20992] S3 WcsPlugInService;@%SystemRoot%\system32\WcsPlugInService.dll,-200; C:\Windows\system32\svchost.exe [2009-07-14 20992] S3 Wecsvc;@%SystemRoot%\system32\wecsvc.dll,-200; C:\Windows\system32\svchost.exe [2009-07-14 20992] S3 wercplsupport;@%SystemRoot%\System32\wercplsupport.dll,-101; C:\Windows\System32\svchost.exe [2009-07-14 20992] S3 WerSvc;@%SystemRoot%\System32\wersvc.dll,-100; C:\Windows\System32\svchost.exe [2009-07-14 20992] S3 WinRM;@%Systemroot%\system32\wsmsvc.dll,-101; C:\Windows\System32\svchost.exe [2009-07-14 20992] S3 WPCSvc;@%SystemRoot%\system32\wpcsvc.dll,-100; C:\Windows\system32\svchost.exe [2009-07-14 20992] S3 WPDBusEnum;@%SystemRoot%\system32\wpdbusenum.dll,-100; C:\Windows\system32\svchost.exe [2009-07-14 20992] S3 WwanSvc;@%SystemRoot%\System32\wwansvc.dll,-257; C:\Windows\system32\svchost.exe [2009-07-14 20992] S4 Mcx2Svc;@%SystemRoot%\ehome\ehres.dll,-15501; C:\Windows\system32\svchost.exe [2009-07-14 20992] S4 NetTcpPortSharing;@%systemroot%\Microsoft.NET\Framework64\v3.0\Windows Communication Foundation\ServiceModelInstallRC.dll,-8201; C:\Windows\Microsoft.NET\Framework64\v3.0\Windows Communication Foundation\SMSvcHost.exe [2009-06-10 116560] -----------------EOF----------------- |
|
14.04.2010, 18:42
| #4 |
| | "YOUR PROTECTION" und "TDSS" volkommen gelöscht? Wie ich sehe hat noch keiner Zeit gefunden mal drüber zu schauen  So wie es aussieht hat parallel zu mir einer das selbe Problem (...-board.de/84799-your-protection-entfernen-klappt-nicht-ganz.html) Mein System läuft soweit ganz normal und der Scan mit Antivir läuft auch glatt durch falls das was aussagen sollte. Aber ob jetzt alles was gelöscht sein sollte auch gelöscht ist kann ich leider nicht beurteilen. Da bin ich dann leider auf fremde Hilfe angewiesen. Gruß, Martinius |
|
14.04.2010, 18:53
| #5 |
| /// Winkelfunktion /// TB-Süch-Tiger™ | "YOUR PROTECTION" und "TDSS" volkommen gelöscht? Sry, hab Deinen Strang übersehen, bin hier voll ausgelastet  Lass uns bitte tiefer graben, dann können wir uns sicher sein wenn da auch nichts ist; poste dazu bitte OSAM und OTL Logs: Systemscan mit OTL Lade Dir bitte OTL von Oldtimer herunter und speichere es auf Deinem Desktop
__________________ Logfiles bitte immer in CODE-Tags posten |
|
15.04.2010, 18:31
| #6 |
| | "YOUR PROTECTION" und "TDSS" volkommen gelöscht? Na wenn das so ist nicht überarbeiten will hier ja auch keinen hetzen1. Log von OTL Code:
ATTFilter OTL logfile created on: 15.04.2010 18:15:22 - Run 1 OTL by OldTimer - Version 3.2.1.1 Folder = C:\Users\***\Desktop\Neuer Ordner (3) 64bit- Home Premium Edition (Version = 6.1.7600) - Type = NTWorkstation Internet Explorer (Version = 8.0.7600.16385) Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy 4,00 Gb Total Physical Memory | 3,00 Gb Available Physical Memory | 67,00% Memory free 8,00 Gb Paging File | 6,00 Gb Available in Paging File | 80,00% Paging File free Paging file location(s): ?:\pagefile.sys [binary data] %SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86) Drive C: | 448,77 Gb Total Space | 367,22 Gb Free Space | 81,83% Space Free | Partition Type: NTFS Drive D: | 465,76 Gb Total Space | 374,54 Gb Free Space | 80,41% Space Free | Partition Type: NTFS Drive E: | 16,69 Gb Total Space | 2,72 Gb Free Space | 16,30% Space Free | Partition Type: NTFS Drive F: | 99,02 Mb Total Space | 96,46 Mb Free Space | 97,41% Space Free | Partition Type: FAT32 Drive G: | 3,28 Gb Total Space | 0,00 Gb Free Space | 0,00% Space Free | Partition Type: UDF H: Drive not present or media not loaded I: Drive not present or media not loaded Computer Name: ***-PC Current User Name: *** Logged in as Administrator. Current Boot Mode: Normal Scan Mode: Current user Include 64bit Scans Company Name Whitelist: Off Skip Microsoft Files: Off File Age = 30 Days Output = Minimal ========== Processes (SafeList) ========== PRC - C:\Users\***\Desktop\Neuer Ordner (3)\OTL.exe (OldTimer Tools) PRC - C:\Program Files (x86)\Lavasoft\Ad-Aware\AAWTray.exe (Lavasoft) PRC - C:\Program Files (x86)\Lavasoft\Ad-Aware\AAWService.exe (Lavasoft) PRC - C:\Program Files (x86)\Mozilla Firefox\firefox.exe (Mozilla Corporation) PRC - C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe (Apple Inc.) PRC - C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe (Avira GmbH) PRC - C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe (Avira GmbH) PRC - C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe (Avira GmbH) PRC - C:\Program Files (x86)\ICQ6Toolbar\ICQ Service.exe () PRC - C:\Program Files (x86)\Razer\Diamondback 3G\razerhid.exe () PRC - C:\Program Files (x86)\Razer\Diamondback 3G\razertra.exe () PRC - c:\Program Files (x86)\Hewlett-Packard\TouchSmart\Media\Kernel\CLML\CLMLSvc.exe (CyberLink) PRC - C:\Program Files (x86)\Corel\Corel Paint Shop Pro Photo X2\CorelIOMonitor.exe () PRC - C:\Program Files (x86)\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe (Microsoft Corporation) PRC - C:\Program Files (x86)\Microsoft Office\Office12\ONENOTEM.EXE (Microsoft Corporation) PRC - C:\Program Files (x86)\Common Files\Protexis\License Service\PsiService_2.exe (Protexis Inc.) PRC - C:\Program Files (x86)\Razer\Diamondback 3G\razerofa.exe (Razer Inc.) ========== Modules (SafeList) ========== MOD - C:\Users\***\Desktop\Neuer Ordner (3)\OTL.exe (OldTimer Tools) MOD - C:\Windows\SysWOW64\comdlg32.dll (Microsoft Corporation) MOD - C:\Windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7600.16385_none_421189da2b7fabfc\comctl32.dll (Microsoft Corporation) ========== Win32 Services (SafeList) ========== SRV:64bit: - (STacSV) -- C:\Windows\SysNative\DriverStore\FileRepository\stwrt64.inf_amd64_neutral_d15ed671de43d681\stacsv64.exe (IDT, Inc.) SRV:64bit: - (WwanSvc) -- C:\Windows\SysNative\wwansvc.dll (Microsoft Corporation) SRV:64bit: - (WbioSrvc) -- C:\Windows\SysNative\wbiosrvc.dll (Microsoft Corporation) SRV:64bit: - (Power) -- C:\Windows\SysNative\umpo.dll (Microsoft Corporation) SRV:64bit: - (Themes) -- C:\Windows\SysNative\themeservice.dll (Microsoft Corporation) SRV:64bit: - (sppuinotify) -- C:\Windows\SysNative\sppuinotify.dll (Microsoft Corporation) SRV:64bit: - (SensrSvc) -- C:\Windows\SysNative\sensrsvc.dll (Microsoft Corporation) SRV:64bit: - (PNRPsvc) -- C:\Windows\SysNative\pnrpsvc.dll (Microsoft Corporation) SRV:64bit: - (p2pimsvc) -- C:\Windows\SysNative\pnrpsvc.dll (Microsoft Corporation) SRV:64bit: - (HomeGroupProvider) -- C:\Windows\SysNative\provsvc.dll (Microsoft Corporation) SRV:64bit: - (RpcEptMapper) -- C:\Windows\SysNative\RpcEpMap.dll (Microsoft Corporation) SRV:64bit: - (PNRPAutoReg) -- C:\Windows\SysNative\pnrpauto.dll (Microsoft Corporation) SRV:64bit: - (HomeGroupListener) -- C:\Windows\SysNative\ListSvc.dll (Microsoft Corporation) SRV:64bit: - (FontCache) -- C:\Windows\SysNative\FntCache.dll (Microsoft Corporation) SRV:64bit: - (Dhcp) -- C:\Windows\SysNative\dhcpcore.dll (Microsoft Corporation) SRV:64bit: - (defragsvc) -- C:\Windows\SysNative\defragsvc.dll (Microsoft Corporation) SRV:64bit: - (bthserv) -- C:\Windows\SysNative\bthserv.dll (Microsoft Corporation) SRV:64bit: - (BDESVC) -- C:\Windows\SysNative\bdesvc.dll (Microsoft Corporation) SRV:64bit: - (AxInstSV) -- C:\Windows\SysNative\AxInstSv.dll (Microsoft Corporation) SRV:64bit: - (AppIDSvc) -- C:\Windows\SysNative\appidsvc.dll (Microsoft Corporation) SRV:64bit: - (wbengine) -- C:\Windows\SysNative\wbengine.exe (Microsoft Corporation) SRV:64bit: - (ezSharedSvc) -- C:\Windows\SysNative\svchost.exe (Microsoft Corporation) SRV:64bit: - (sppsvc) -- C:\Windows\SysNative\sppsvc.exe (Microsoft Corporation) SRV:64bit: - (Fax) -- C:\Windows\SysNative\FXSSVC.exe (Microsoft Corporation) SRV:64bit: - (hpsrv) -- C:\Windows\SysNative\hpservice.exe (Hewlett-Packard) SRV:64bit: - (AESTFilters) -- C:\Windows\SysNative\DriverStore\FileRepository\stwrt64.inf_amd64_neutral_d15ed671de43d681\AESTSr64.exe (Andrea Electronics Corporation) SRV - (Lavasoft Ad-Aware Service) -- C:\Program Files (x86)\Lavasoft\Ad-Aware\AAWService.exe (Lavasoft) SRV - (Steam Client Service) -- C:\Program Files (x86)\Common Files\Steam\SteamService.exe (Valve Corporation) SRV - (Apple Mobile Device) -- C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe (Apple Inc.) SRV - (AntiVirService) -- C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe (Avira GmbH) SRV - (AntiVirSchedulerService) -- C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe (Avira GmbH) SRV - (ICQ Service) -- C:\Program Files (x86)\ICQ6Toolbar\ICQ Service.exe () SRV - (VSS) -- C:\Windows\Vss [2009.07.14 05:20:14 | 000,000,000 | ---D | M] SRV - (MSDTC) -- C:\Windows\SysWOW64\Msdtc [2009.07.14 05:20:14 | 000,000,000 | ---D | M] SRV - (HomeGroupProvider) -- C:\Windows\SysWOW64\provsvc.dll (Microsoft Corporation) SRV - (Dhcp) -- C:\Windows\SysWOW64\dhcpcore.dll (Microsoft Corporation) SRV - (vds) -- C:\Windows\SysWOW64\wbem\vds.mof () SRV - (clr_optimization_v2.0.50727_64) -- C:\Windows\Microsoft.NET\Framework64\v2.0.50727\mscorsvw.exe (Microsoft Corporation) SRV - (SeaPort) -- C:\Program Files (x86)\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe (Microsoft Corporation) SRV - (ezSharedSvc) -- C:\Windows\SysWOW64\ezsvc7.dll (EasyBits Sofware AS) SRV - (PSI_SVC_2) -- C:\Program Files (x86)\Common Files\Protexis\License Service\PsiService_2.exe (Protexis Inc.) ========== Driver Services (SafeList) ========== DRV:64bit: - (avipbb) -- C:\Windows\SysNative\drivers\avipbb.sys (Avira GmbH) DRV:64bit: - (BCM43XX) -- C:\Windows\SysNative\drivers\BCMWL664.SYS (Broadcom Corporation) DRV:64bit: - (avgntflt) -- C:\Windows\SysNative\drivers\avgntflt.sys (Avira GmbH) DRV:64bit: - (Lbd) -- C:\Windows\SysNative\drivers\Lbd.sys (Lavasoft AB) DRV:64bit: - (STHDA) -- C:\Windows\SysNative\drivers\stwrt64.sys (IDT, Inc.) DRV:64bit: - (USBAAPL64) -- C:\Windows\SysNative\drivers\usbaapl64.sys (Apple, Inc.) DRV:64bit: - (Impcd) -- C:\Windows\SysNative\drivers\Impcd.sys (Intel Corporation) DRV:64bit: - (RTL8167) -- C:\Windows\SysNative\drivers\Rt64win7.sys (Realtek ) DRV:64bit: - (NVHDA) -- C:\Windows\SysNative\drivers\nvhda64v.sys (NVIDIA Corporation) DRV:64bit: - (SynTP) -- C:\Windows\SysNative\drivers\SynTP.sys (Synaptics Incorporated) DRV:64bit: - (xusb21) -- C:\Windows\SysNative\drivers\xusb21.sys (Microsoft Corporation) DRV:64bit: - (iaStor) -- C:\Windows\SysNative\drivers\iaStor.sys (Intel Corporation) DRV:64bit: - (JMCR) -- C:\Windows\SysNative\drivers\jmcr.sys (JMicron Technology Corporation) DRV:64bit: - (amdsata) -- C:\Windows\SysNative\drivers\amdsata.sys (Advanced Micro Devices) DRV:64bit: - (amdxata) -- C:\Windows\SysNative\drivers\amdxata.sys (Advanced Micro Devices) DRV:64bit: - (amdsbs) -- C:\Windows\SysNative\drivers\amdsbs.sys (AMD Technologies Inc.) DRV:64bit: - (KSecPkg) -- C:\Windows\SysNative\drivers\ksecpkg.sys (Microsoft Corporation) DRV:64bit: - (LSI_SAS2) -- C:\Windows\SysNative\drivers\lsi_sas2.sys (LSI Corporation) DRV:64bit: - (hwpolicy) -- C:\Windows\SysNative\drivers\hwpolicy.sys (Microsoft Corporation) DRV:64bit: - (FsDepends) -- C:\Windows\SysNative\drivers\fsdepends.sys (Microsoft Corporation) DRV:64bit: - (HpSAMD) -- C:\Windows\SysNative\drivers\HpSAMD.sys (Hewlett-Packard Company) DRV:64bit: - (WIMMount) -- C:\Windows\SysNative\drivers\wimmount.sys (Microsoft Corporation) DRV:64bit: - (vhdmp) -- C:\Windows\SysNative\drivers\vhdmp.sys (Microsoft Corporation) DRV:64bit: - (vdrvroot) -- C:\Windows\SysNative\drivers\vdrvroot.sys (Microsoft Corporation) DRV:64bit: - (stexstor) -- C:\Windows\SysNative\drivers\stexstor.sys (Promise Technology) DRV:64bit: - (rdyboost) -- C:\Windows\SysNative\drivers\rdyboost.sys (Microsoft Corporation) DRV:64bit: - (pcw) -- C:\Windows\SysNative\drivers\pcw.sys (Microsoft Corporation) DRV:64bit: - (CNG) -- C:\Windows\SysNative\drivers\cng.sys (Microsoft Corporation) DRV:64bit: - (fvevol) -- C:\Windows\SysNative\drivers\fvevol.sys (Microsoft Corporation) DRV:64bit: - (rdpbus) -- C:\Windows\SysNative\drivers\rdpbus.sys (Microsoft Corporation) DRV:64bit: - (RDPREFMP) -- C:\Windows\SysNative\drivers\RDPREFMP.sys (Microsoft Corporation) DRV:64bit: - (RasAgileVpn) WAN Miniport (IKEv2) -- C:\Windows\SysNative\drivers\agilevpn.sys (Microsoft Corporation) DRV:64bit: - (WfpLwf) -- C:\Windows\SysNative\drivers\wfplwf.sys (Microsoft Corporation) DRV:64bit: - (NdisCap) -- C:\Windows\SysNative\drivers\ndiscap.sys (Microsoft Corporation) DRV:64bit: - (vwififlt) -- C:\Windows\SysNative\drivers\vwififlt.sys (Microsoft Corporation) DRV:64bit: - (vwifibus) -- C:\Windows\SysNative\drivers\vwifibus.sys (Microsoft Corporation) DRV:64bit: - (1394ohci) -- C:\Windows\SysNative\drivers\1394ohci.sys (Microsoft Corporation) DRV:64bit: - (HdAudAddService) -- C:\Windows\SysNative\drivers\HdAudio.sys (Microsoft Corporation) DRV:64bit: - (usbvideo) USB-Videogerät (WDM) -- C:\Windows\SysNative\drivers\usbvideo.sys (Microsoft Corporation) DRV:64bit: - (UmPass) -- C:\Windows\SysNative\drivers\umpass.sys (Microsoft Corporation) DRV:64bit: - (mshidkmdf) -- C:\Windows\SysNative\drivers\mshidkmdf.sys (Microsoft Corporation) DRV:64bit: - (WudfPf) -- C:\Windows\SysNative\drivers\WUDFPf.sys (Microsoft Corporation) DRV:64bit: - (MTConfig) -- C:\Windows\SysNative\drivers\MTConfig.sys (Microsoft Corporation) DRV:64bit: - (CompositeBus) -- C:\Windows\SysNative\drivers\CompositeBus.sys (Microsoft Corporation) DRV:64bit: - (Beep) -- C:\Windows\SysNative\drivers\beep.sys (Microsoft Corporation) DRV:64bit: - (AppID) -- C:\Windows\SysNative\drivers\appid.sys (Microsoft Corporation) DRV:64bit: - (scfilter) -- C:\Windows\SysNative\drivers\scfilter.sys (Microsoft Corporation) DRV:64bit: - (discache) -- C:\Windows\SysNative\drivers\discache.sys (Microsoft Corporation) DRV:64bit: - (sdbus) -- C:\Windows\SysNative\drivers\sdbus.sys (Microsoft Corporation) DRV:64bit: - (HidBatt) -- C:\Windows\SysNative\drivers\hidbatt.sys (Microsoft Corporation) DRV:64bit: - (CmBatt) -- C:\Windows\SysNative\drivers\CmBatt.sys (Microsoft Corporation) DRV:64bit: - (AcpiPmi) -- C:\Windows\SysNative\drivers\acpipmi.sys (Microsoft Corporation) DRV:64bit: - (AmdPPM) -- C:\Windows\SysNative\drivers\amdppm.sys (Microsoft Corporation) DRV:64bit: - (hpdskflt) -- C:\Windows\SysNative\drivers\hpdskflt.sys (Hewlett-Packard) DRV:64bit: - (Accelerometer) -- C:\Windows\SysNative\drivers\Accelerometer.sys (Hewlett-Packard) DRV:64bit: - (enecir) -- C:\Windows\SysNative\drivers\enecir.sys (ENE TECHNOLOGY INC.) DRV:64bit: - (SrvHsfV92) -- C:\Windows\SysNative\drivers\VSTDPV6.SYS (Conexant Systems, Inc.) DRV:64bit: - (SrvHsfWinac) -- C:\Windows\SysNative\drivers\VSTCNXT6.SYS (Conexant Systems, Inc.) DRV:64bit: - (SrvHsfHDA) -- C:\Windows\SysNative\drivers\VSTAZL6.SYS (Conexant Systems, Inc.) DRV:64bit: - (igfx) -- C:\Windows\SysNative\drivers\igdkmd64.sys (Intel Corporation) DRV:64bit: - (yukonw7) -- C:\Windows\SysNative\drivers\yk62x64.sys (Marvell) DRV:64bit: - (netw5v64) Intel(R) -- C:\Windows\SysNative\drivers\netw5v64.sys (Intel Corporation) DRV:64bit: - (ebdrv) -- C:\Windows\SysNative\drivers\evbda.sys (Broadcom Corporation) DRV:64bit: - (b06bdrv) -- C:\Windows\SysNative\drivers\bxvbda.sys (Broadcom Corporation) DRV:64bit: - (b57nd60a) -- C:\Windows\SysNative\drivers\b57nd60a.sys (Broadcom Corporation) DRV:64bit: - (hcw85cir) -- C:\Windows\SysNative\drivers\hcw85cir.sys (Hauppauge Computer Works, Inc.) DRV:64bit: - (GEARAspiWDM) -- C:\Windows\SysNative\drivers\GEARAspiWDM.sys (GEAR Software Inc.) DRV:64bit: - (HpqKbFiltr) -- C:\Windows\SysNative\drivers\HpqKbFiltr.sys (Hewlett-Packard Development Company, L.P.) DRV:64bit: - (Razerlow) -- C:\Windows\SysNative\drivers\DB3G.sys (Razer (Asia-Pacific) Pte Ltd) DRV - (BCM43XX) -- C:\Programme\Broadcom\Broadcom 802.11\Driver\BCM43XX.CAT () DRV - (WIMMount) -- C:\Windows\SysWOW64\drivers\wimmount.sys (Microsoft Corporation) DRV - (NetBIOS) -- C:\Windows\SysWOW64\netbios.dll (Microsoft Corporation) DRV - (mpsdrv) -- C:\Windows\SysWOW64\wbem\mpsdrv.mof () DRV - (Tcpip) -- C:\Windows\SysWOW64\wbem\tcpip.mof () ========== Standard Registry (SafeList) ========== ========== Internet Explorer ========== IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://g.uk.msn.com/HPNOT/4 IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://g.uk.msn.com/HPNOT/4 IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://g.uk.msn.com/HPNOT/4 IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://g.uk.msn.com/HPNOT/4 IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://g.uk.msn.com/HPNOT/4 IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://start.icq.com/ IE - HKCU\..\URLSearchHook: - Reg Error: Key error. File not found IE - HKCU\..\URLSearchHook: {855F3B16-6D32-4fe6-8A56-BBB695989046} - C:\Program Files (x86)\ICQ6Toolbar\ICQToolBar.dll (ICQ) IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local ========== FireFox ========== FF - prefs.js..browser.startup.homepage: "hxxp://www.google.de" FF - prefs.js..browser.search.defaulturl: "hxxp://www.google.de/search?q=" FF - prefs.js..keyword.URL: "hxxp://www.google.de/search?q=" FF - HKLM\software\mozilla\Mozilla Firefox 3.6.3\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2010.04.03 13:26:52 | 000,000,000 | ---D | M] FF - HKLM\software\mozilla\Mozilla Firefox 3.6.3\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins [2010.04.03 13:26:52 | 000,000,000 | ---D | M] [2010.04.01 19:10:32 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\mozilla\Extensions [2010.04.14 23:28:14 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\mozilla\Firefox\Profiles\2wxcj5sp.default\extensions [2010.04.01 22:22:22 | 000,000,000 | ---D | M] (Screengrab) -- C:\Users\Martin\AppData\Roaming\mozilla\Firefox\Profiles\2wxcj5sp.default\extensions\{02450954-cdd9-410f-b1da-db804e18c671} [2010.04.01 21:48:18 | 000,000,000 | ---D | M] (Microsoft .NET Framework Assistant) -- C:\Users\Martin\AppData\Roaming\mozilla\Firefox\Profiles\2wxcj5sp.default\extensions\{20a82645-c095-46ed-80e3-08825760534b} [2010.04.14 23:28:14 | 000,000,000 | ---D | M] (Download Statusbar) -- C:\Users\Martin\AppData\Roaming\mozilla\Firefox\Profiles\2wxcj5sp.default\extensions\{D4DD63FA-01E4-46a7-B6B1-EDAB7D6AD389} [2010.04.01 21:48:15 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\mozilla\Firefox\Profiles\2wxcj5sp.default\extensions\moveplayer@movenetworks.com [2010.04.01 20:18:13 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\mozilla\Firefox\Profiles\6isj9okv.default\extensions [2010.04.01 20:18:11 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Martin\AppData\Roaming\mozilla\Firefox\Profiles\6isj9okv.default\extensions\{800b5000-a755-47e1-992b-48a1c1357f07} [2010.04.01 20:18:11 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Martin\AppData\Roaming\mozilla\Firefox\Profiles\6isj9okv.default\extensions\{800b5000-a755-47e1-992b-48a1c1357f07}-trash [2010.04.01 21:48:51 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\mozilla\Firefox\Profiles\a840qdch.default\extensions [2010.04.01 21:48:51 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\mozilla\Firefox\Profiles\a840qdch.default\extensions\searchrecs@veoh.com [2010.04.02 11:04:11 | 000,000,000 | ---D | M] -- C:\Program Files (x86)\Mozilla Firefox\extensions [2010.03.16 20:28:04 | 000,001,392 | ---- | M] () -- C:\Program Files (x86)\Mozilla Firefox\searchplugins\amazondotcom-de.xml [2010.03.16 20:28:04 | 000,002,344 | ---- | M] () -- C:\Program Files (x86)\Mozilla Firefox\searchplugins\eBay-de.xml [2010.03.16 20:28:04 | 000,006,805 | ---- | M] () -- C:\Program Files (x86)\Mozilla Firefox\searchplugins\leo_ende_de.xml [2010.03.16 20:28:04 | 000,001,178 | ---- | M] () -- C:\Program Files (x86)\Mozilla Firefox\searchplugins\wikipedia-de.xml [2010.03.16 20:28:04 | 000,001,105 | ---- | M] () -- C:\Program Files (x86)\Mozilla Firefox\searchplugins\yahoo-de.xml O1 HOSTS File: ([2010.04.01 20:47:30 | 000,000,842 | ---- | M]) - C:\Windows\SysNative\drivers\etc\hosts O1 - Hosts: 127.0.0.1 71i.de O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - No CLSID value found. O2 - BHO: (Search Helper) - {6EBF7485-159F-4bff-A14F-B9E3AAC4465B} - C:\Program Files (x86)\Microsoft\Search Enhancement Pack\Search Helper\SEPsearchhelperie.dll (Microsoft Corporation) O2 - BHO: (Windows Live Anmelde-Hilfsprogramm) - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\microsoft shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corporation) O2 - BHO: (Windows Live Toolbar Helper) - {E15A8DC0-8516-42A1-81EA-DC94EC1ACF10} - C:\Program Files (x86)\Windows Live\Toolbar\wltcore.dll (Microsoft Corporation) O3 - HKLM\..\Toolbar: (&Windows Live Toolbar) - {21FA44EF-376D-4D53-9B0F-8A89D3229068} - C:\Program Files (x86)\Windows Live\Toolbar\wltcore.dll (Microsoft Corporation) O3 - HKLM\..\Toolbar: (ICQToolBar) - {855F3B16-6D32-4FE6-8A56-BBB695989046} - C:\Program Files (x86)\ICQ6Toolbar\ICQToolBar.dll (ICQ) O3 - HKCU\..\Toolbar\WebBrowser: (&Windows Live Toolbar) - {21FA44EF-376D-4D53-9B0F-8A89D3229068} - C:\Program Files (x86)\Windows Live\Toolbar\wltcore.dll (Microsoft Corporation) O4:64bit: - HKLM..\Run: [NvCplDaemon] C:\Windows\SysNative\NvCpl.DLL (NVIDIA Corporation) O4:64bit: - HKLM..\Run: [SysTrayApp] C:\Programme\IDT\WDM\sttray64.exe (IDT, Inc.) O4 - HKLM..\Run: [] File not found O4 - HKLM..\Run: [avgnt] C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe (Avira GmbH) O4 - HKLM..\Run: [Corel File Shell Monitor] C:\Program Files (x86)\Corel\Corel Paint Shop Pro Photo X2\CorelIOMonitor.exe () O4 - HKLM..\Run: [Diamondback] C:\Program Files (x86)\Razer\Diamondback 3G\razerhid.exe () O4 - HKLM..\Run: [HPCam_Menu] c:\Program Files (x86)\Hewlett-Packard\Media\Webcam\MUITransfer\MUIStartMenu.exe (CyberLink Corp.) O4 - Startup: C:\Users\Martin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OneNote 2007 Bildschirmausschnitt- und Startprogramm.lnk = C:\Program Files (x86)\Microsoft Office\Office12\ONENOTEM.EXE (Microsoft Corporation) O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: HideFastUserSwitching = 0 O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: DisableLockWorkstation = 0 O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: DisableChangePassword = 0 O9 - Extra Button: In Blog veröffentlichen - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll (Microsoft Corporation) O9 - Extra 'Tools' menuitem : In Windows Live Writer in Blog veröffentliche&n - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll (Microsoft Corporation) O9 - Extra Button: An OneNote senden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files (x86)\Microsoft Office\Office12\ONBttnIE.dll (Microsoft Corporation) O9 - Extra 'Tools' menuitem : An OneNote s&enden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files (x86)\Microsoft Office\Office12\ONBttnIE.dll (Microsoft Corporation) O9 - Extra Button: ICQ7.1 - {71BFC818-0CED-42D6-9C87-5142918957EE} - C:\Program Files (x86)\ICQ7.1\ICQ.exe (ICQ, LLC.) O9 - Extra 'Tools' menuitem : ICQ7.1 - {71BFC818-0CED-42D6-9C87-5142918957EE} - C:\Program Files (x86)\ICQ7.1\ICQ.exe (ICQ, LLC.) O10:64bit: - NameSpace_Catalog5\Catalog_Entries\000000000007 [] - C:\Program Files (x86)\Bonjour\mdnsNSP.dll (Apple Inc.) O10 - NameSpace_Catalog5\Catalog_Entries\000000000007 [] - C:\Program Files (x86)\Bonjour\mdnsNSP.dll (Apple Inc.) O13 - gopher Prefix: missing O13 - gopher Prefix: missing O16 - DPF: {CAFEEFAC-0016-0000-0015-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_15-windows-i586.cab (Java Plug-in 1.6.0_15) O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_15-windows-i586.cab (Reg Error: Key error.) O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_19-windows-i586.cab (Java Plug-in 1.6.0_19) O16 - DPF: {CAFEEFAC-0016-0000-0019-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_19-windows-i586.cab (Java Plug-in 1.6.0_19) O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_19-windows-i586.cab (Java Plug-in 1.6.0_19) O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.2.1 O18:64bit: - Protocol\Handler\livecall {828030A1-22C1-4009-854F-8E305202313F} - Reg Error: Key error. File not found O18:64bit: - Protocol\Handler\ms-help {314111c7-a502-11d2-bbca-00c04f8ec294} - Reg Error: Key error. File not found O18:64bit: - Protocol\Handler\ms-itss {0A9007C0-4076-11D3-8789-0000F8105754} - Reg Error: Key error. File not found O18:64bit: - Protocol\Handler\msnim {828030A1-22C1-4009-854F-8E305202313F} - Reg Error: Key error. File not found O18:64bit: - Protocol\Handler\wlmailhtml {03C514A3-1EFB-4856-9F99-10D7BE1653C0} - Reg Error: Key error. File not found O18 - Protocol\Handler\livecall {828030A1-22C1-4009-854F-8E305202313F} - C:\Program Files (x86)\Windows Live\Messenger\msgrapp.14.0.8089.0726.dll (Microsoft Corporation) O18 - Protocol\Handler\msnim {828030A1-22C1-4009-854F-8E305202313F} - C:\Program Files (x86)\Windows Live\Messenger\msgrapp.14.0.8089.0726.dll (Microsoft Corporation) O18 - Protocol\Handler\wlmailhtml {03C514A3-1EFB-4856-9F99-10D7BE1653C0} - C:\Program Files (x86)\Windows Live\Mail\mailcomm.dll (Microsoft Corporation) O18:64bit: - Protocol\Filter\text/xml {807563E5-5146-11D5-A672-00B0D022E945} - C:\Programme\Common Files\Microsoft Shared\OFFICE12\MSOXMLMF.DLL (Microsoft Corporation) O20:64bit: - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation) O20:64bit: - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\Windows\SysNative\SystemPropertiesPerformance.exe (Microsoft Corporation) O20:64bit: - HKLM Winlogon: VMApplet - (/pagefile) - File not found O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation) O20 - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\Windows\SysWow64\SystemPropertiesPerformance.exe (Microsoft Corporation) O20 - HKLM Winlogon: VMApplet - (/pagefile) - File not found O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - CLSID or File not found. O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - CLSID or File not found. O30:64bit: - LSA: Security Packages - (pku2u) - C:\Windows\SysNative\pku2u.dll (Microsoft Corporation) O30 - LSA: Security Packages - (pku2u) - C:\Windows\SysWow64\pku2u.dll (Microsoft Corporation) O32 - HKLM CDRom: AutoRun - 1 O32 - AutoRun File - [2006.09.25 17:50:52 | 000,000,000 | R--D | M] - G:\autorun -- [ UDF ] O32 - AutoRun File - [2006.09.25 18:01:39 | 004,386,816 | R--- | M] () - G:\Autorun.exe -- [ UDF ] O32 - AutoRun File - [2006.09.25 18:01:39 | 000,000,046 | R--- | M] () - G:\Autorun.inf -- [ UDF ] O33 - MountPoints2\{8a378636-3c24-11df-8b76-806e6f6e6963}\Shell - "" = AutoRun O33 - MountPoints2\{8a378636-3c24-11df-8b76-806e6f6e6963}\Shell\AutoRun\command - "" = G:\Autorun.exe -- [2006.09.25 18:01:39 | 004,386,816 | R--- | M] () O34 - HKLM BootExecute: (autocheck autochk *) - File not found O34 - HKLM BootExecute: (lsdelete) - File not found O35:64bit: - HKLM\..comfile [open] -- "%1" %* O35:64bit: - HKLM\..exefile [open] -- "%1" %* O35 - HKLM\..comfile [open] -- "%1" %* O35 - HKLM\..exefile [open] -- "%1" %* O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %* O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %* O37 - HKLM\...com [@ = comfile] -- "%1" %* O37 - HKLM\...exe [@ = exefile] -- "%1" %* ========== Files/Folders - Created Within 30 Days ========== [2010.04.15 18:12:15 | 000,000,000 | ---D | C] -- C:\Users\***\Desktop\Neuer Ordner (3) [2010.04.15 17:48:52 | 000,000,000 | ---D | C] -- C:\Users\***\Desktop\Neuer Ordner (2) [2010.04.14 16:39:09 | 000,220,672 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\wintrust.dll [2010.04.14 16:39:09 | 000,172,032 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\wintrust.dll [2010.04.14 16:39:09 | 000,139,264 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\cabview.dll [2010.04.14 16:39:09 | 000,132,608 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\cabview.dll [2010.04.11 00:28:56 | 000,000,000 | ---D | C] -- C:\Users\***\Documents\BFBC2Beta [2010.04.08 19:49:21 | 000,000,000 | ---D | C] -- C:\Users\***\Desktop\Neuer Ordner [2010.04.08 19:47:52 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\trend micro [2010.04.08 19:47:52 | 000,000,000 | ---D | C] -- C:\rsit [2010.04.08 19:38:37 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\CCleaner [2010.04.07 23:21:29 | 000,294,912 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\browserchoice.exe [2010.04.07 22:09:17 | 000,000,000 | ---D | C] -- C:\Users\Martin\AppData\Roaming\Malwarebytes [2010.04.07 22:09:08 | 000,038,224 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\SysWow64\drivers\mbamswissarmy.sys [2010.04.07 22:09:07 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes [2010.04.07 22:09:06 | 000,024,664 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\SysNative\drivers\mbam.sys [2010.04.07 22:09:06 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Malwarebytes' Anti-Malware [2010.04.07 21:01:42 | 000,069,152 | ---- | C] (Lavasoft AB) -- C:\Windows\SysNative\drivers\Lbd.sys [2010.04.07 21:01:40 | 000,095,024 | ---- | C] (Sunbelt Software) -- C:\Windows\SysNative\drivers\SBREDrv.sys [2010.04.07 20:57:59 | 000,000,000 | -H-D | C] -- C:\ProgramData\{74D08EB8-01D1-4BAE-91E3-F30C1B031AC6} [2010.04.07 20:57:55 | 000,000,000 | ---D | C] -- C:\ProgramData\Lavasoft [2010.04.07 20:57:55 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Lavasoft [2010.04.07 16:47:17 | 000,000,000 | ---D | C] -- C:\ProgramData\{657095DF-DBDB-4B17-8245-B38845C97069} [2010.04.06 19:08:49 | 000,000,000 | ---D | C] -- C:\Users\***\AppData\Local\PunkBuster [2010.04.05 00:03:07 | 000,000,000 | ---D | C] -- C:\Users\***\Documents\DVDVideoSoft [2010.04.05 00:02:59 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\DVDVideoSoft [2010.04.05 00:02:59 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\DVDVideoSoft [2010.04.04 21:48:39 | 000,000,000 | ---D | C] -- C:\Users\***\Documents\OneNote-Notizbücher [2010.04.03 18:38:53 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Steam [2010.04.03 18:38:50 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Steam [2010.04.03 18:38:15 | 000,517,960 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\XAudio2_5.dll [2010.04.03 18:38:15 | 000,515,416 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\XAudio2_5.dll [2010.04.03 18:38:14 | 002,582,888 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\D3DCompiler_42.dll [2010.04.03 18:38:14 | 001,974,616 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\D3DCompiler_42.dll [2010.04.03 18:38:14 | 000,238,936 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\xactengine3_5.dll [2010.04.03 18:38:14 | 000,176,968 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\xactengine3_5.dll [2010.04.03 18:38:13 | 005,554,512 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\d3dcsx_42.dll [2010.04.03 18:38:13 | 005,501,792 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\d3dcsx_42.dll [2010.04.03 18:38:13 | 002,475,352 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\D3DX9_42.dll [2010.04.03 18:38:13 | 002,430,312 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\D3DCompiler_41.dll [2010.04.03 18:38:13 | 001,892,184 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\D3DX9_42.dll [2010.04.03 18:38:13 | 001,846,632 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\D3DCompiler_41.dll [2010.04.03 18:38:13 | 000,523,088 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\d3dx10_42.dll [2010.04.03 18:38:13 | 000,520,544 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\d3dx10_41.dll [2010.04.03 18:38:13 | 000,453,456 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\d3dx10_42.dll [2010.04.03 18:38:13 | 000,453,456 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\d3dx10_41.dll [2010.04.03 18:38:13 | 000,285,024 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\d3dx11_42.dll [2010.04.03 18:38:13 | 000,235,344 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\d3dx11_42.dll [2010.04.03 18:38:12 | 005,425,496 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\D3DX9_41.dll [2010.04.03 18:38:12 | 004,178,264 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\D3DX9_41.dll [2010.04.03 18:38:12 | 000,521,560 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\XAudio2_4.dll [2010.04.03 18:38:12 | 000,517,448 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\XAudio2_4.dll [2010.04.03 18:38:12 | 000,073,544 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\XAPOFX1_3.dll [2010.04.03 18:38:12 | 000,069,464 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\XAPOFX1_3.dll [2010.04.03 18:38:11 | 002,605,920 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\D3DCompiler_40.dll [2010.04.03 18:38:11 | 002,036,576 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\D3DCompiler_40.dll [2010.04.03 18:38:11 | 000,519,000 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\d3dx10_40.dll [2010.04.03 18:38:11 | 000,452,440 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\d3dx10_40.dll [2010.04.03 18:38:11 | 000,235,352 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\xactengine3_4.dll [2010.04.03 18:38:11 | 000,174,936 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\xactengine3_4.dll [2010.04.03 18:38:11 | 000,024,920 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\X3DAudio1_6.dll [2010.04.03 18:38:11 | 000,022,360 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\X3DAudio1_6.dll [2010.04.03 18:38:10 | 005,631,312 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\D3DX9_40.dll [2010.04.03 18:38:10 | 004,379,984 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\D3DX9_40.dll [2010.04.03 18:38:10 | 000,518,480 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\XAudio2_3.dll [2010.04.03 18:38:10 | 000,514,384 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\XAudio2_3.dll [2010.04.03 18:38:10 | 000,513,544 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\XAudio2_2.dll [2010.04.03 18:38:10 | 000,509,448 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\XAudio2_2.dll [2010.04.03 18:38:10 | 000,235,856 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\xactengine3_3.dll [2010.04.03 18:38:10 | 000,175,440 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\xactengine3_3.dll [2010.04.03 18:38:10 | 000,074,576 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\XAPOFX1_2.dll [2010.04.03 18:38:10 | 000,072,200 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\XAPOFX1_1.dll [2010.04.03 18:38:10 | 000,070,992 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\XAPOFX1_2.dll [2010.04.03 18:38:10 | 000,068,616 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\XAPOFX1_1.dll [2010.04.03 18:38:10 | 000,025,936 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\X3DAudio1_5.dll [2010.04.03 18:38:10 | 000,023,376 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\X3DAudio1_5.dll [2010.04.03 18:38:09 | 004,992,520 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\D3DX9_39.dll [2010.04.03 18:38:09 | 003,851,784 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\D3DX9_39.dll [2010.04.03 18:38:09 | 001,942,552 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\D3DCompiler_39.dll [2010.04.03 18:38:09 | 001,493,528 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\D3DCompiler_39.dll [2010.04.03 18:38:09 | 000,540,688 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\d3dx10_39.dll [2010.04.03 18:38:09 | 000,511,496 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\XAudio2_1.dll [2010.04.03 18:38:09 | 000,507,400 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\XAudio2_1.dll [2010.04.03 18:38:09 | 000,467,984 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\d3dx10_39.dll [2010.04.03 18:38:09 | 000,238,088 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\xactengine3_2.dll [2010.04.03 18:38:09 | 000,177,672 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\xactengine3_2.dll [2010.04.03 18:38:09 | 000,068,104 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\XAPOFX1_0.dll [2010.04.03 18:38:09 | 000,065,032 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\XAPOFX1_0.dll [2010.04.03 18:38:08 | 004,991,496 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\D3DX9_38.dll [2010.04.03 18:38:08 | 003,850,760 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\D3DX9_38.dll [2010.04.03 18:38:08 | 001,941,528 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\D3DCompiler_38.dll [2010.04.03 18:38:08 | 001,491,992 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\D3DCompiler_38.dll [2010.04.03 18:38:08 | 000,540,688 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\d3dx10_38.dll [2010.04.03 18:38:08 | 000,489,480 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\XAudio2_0.dll [2010.04.03 18:38:08 | 000,479,752 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\XAudio2_0.dll [2010.04.03 18:38:08 | 000,467,984 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\d3dx10_38.dll [2010.04.03 18:38:08 | 000,238,088 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\xactengine3_1.dll [2010.04.03 18:38:08 | 000,177,672 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\xactengine3_1.dll [2010.04.03 18:38:08 | 000,028,168 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\X3DAudio1_4.dll [2010.04.03 18:38:08 | 000,025,608 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\X3DAudio1_4.dll [2010.04.03 18:38:07 | 004,910,088 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\D3DX9_37.dll [2010.04.03 18:38:07 | 003,786,760 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\D3DX9_37.dll [2010.04.03 18:38:07 | 001,860,120 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\D3DCompiler_37.dll [2010.04.03 18:38:07 | 001,420,824 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\D3DCompiler_37.dll [2010.04.03 18:38:07 | 000,529,424 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\d3dx10_37.dll [2010.04.03 18:38:07 | 000,462,864 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\d3dx10_37.dll [2010.04.03 18:38:07 | 000,238,088 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\xactengine3_0.dll [2010.04.03 18:38:07 | 000,177,672 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\xactengine3_0.dll [2010.04.03 18:38:07 | 000,028,168 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\X3DAudio1_3.dll [2010.04.03 18:38:07 | 000,025,608 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\X3DAudio1_3.dll [2010.04.02 21:40:32 | 000,000,000 | ---D | C] -- C:\Users\***\AppData\Roaming\Avira [2010.04.02 17:54:14 | 000,085,504 | ---- | C] (Razer Inc.) -- C:\Windows\SysWow64\diamondback.cpl [2010.04.02 17:54:12 | 000,021,120 | ---- | C] (Razer (Asia-Pacific) Pte Ltd) -- C:\Windows\SysNative\drivers\DB3G.sys [2010.04.02 17:54:08 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Razer [2010.04.02 17:53:40 | 000,000,000 | ---D | C] -- C:\Users\***\AppData\Roaming\InstallShield [2010.04.02 16:56:10 | 000,000,000 | ---D | C] -- C:\Users\***\Documents\Battlefield 2142 [2010.04.02 16:54:47 | 000,000,000 | R--D | C] -- C:\Users\***\Desktop\Spiele [2010.04.02 16:47:13 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Electronic Arts [2010.04.02 11:04:21 | 000,000,000 | ---D | C] -- C:\ProgramData\Sun [2010.04.02 11:04:21 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Java [2010.04.02 11:04:11 | 000,153,376 | ---- | C] (Sun Microsystems, Inc.) -- C:\Windows\SysWow64\javaws.exe [2010.04.02 11:04:11 | 000,145,184 | ---- | C] (Sun Microsystems, Inc.) -- C:\Windows\SysWow64\javaw.exe [2010.04.02 11:04:11 | 000,145,184 | ---- | C] (Sun Microsystems, Inc.) -- C:\Windows\SysWow64\java.exe [2010.04.02 01:24:16 | 000,000,000 | ---D | C] -- C:\Programme\7-Zip [2010.04.01 23:45:48 | 000,000,000 | ---D | C] -- C:\Users\***\Documents\Webcam [2010.04.01 23:42:13 | 000,000,000 | ---D | C] -- C:\Users\***\AppData\Roaming\vlc [2010.04.01 23:41:52 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\VideoLAN [2010.04.01 23:31:49 | 000,000,000 | ---D | C] -- C:\Users\***\Desktop\Tagesberichte [2010.04.01 22:08:26 | 000,000,000 | ---D | C] -- C:\ProgramData\Last.fm [2010.04.01 22:07:29 | 000,000,000 | ---D | C] -- C:\Users\Martin\AppData\Local\Last.fm [2010.04.01 22:07:24 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Last.fm [2010.04.01 20:46:54 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\ICQ-Banner-Remover [2010.04.01 20:17:45 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\ICQ6Toolbar [2010.04.01 20:17:43 | 000,000,000 | ---D | C] -- C:\ProgramData\ICQ [2010.04.01 20:16:39 | 000,000,000 | ---D | C] -- C:\Users\***\AppData\Roaming\ICQ [2010.04.01 20:16:38 | 000,000,000 | ---D | C] -- C:\Users\***\AppData\Local\AOL [2010.04.01 20:16:36 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\ICQ7.1 [2010.04.01 19:34:38 | 000,000,000 | ---D | C] -- C:\Users\***\AppData\Roaming\Apple Computer [2010.04.01 19:34:38 | 000,000,000 | ---D | C] -- C:\Users\***\AppData\Local\Apple Computer [2010.04.01 19:34:29 | 000,126,312 | ---- | C] (GEAR Software Inc.) -- C:\Windows\SysNative\GEARAspi64.dll [2010.04.01 19:34:29 | 000,107,368 | ---- | C] (GEAR Software Inc.) -- C:\Windows\SysWow64\GEARAspi.dll [2010.04.01 19:34:29 | 000,034,152 | ---- | C] (GEAR Software Inc.) -- C:\Windows\SysNative\drivers\GEARAspiWDM.sys [2010.04.01 19:34:29 | 000,000,000 | ---D | C] -- C:\Windows\SysNative\DRVSTORE [2010.04.01 19:34:13 | 000,000,000 | ---D | C] -- C:\Programme\iPod [2010.04.01 19:34:12 | 000,000,000 | ---D | C] -- C:\Programme\iTunes [2010.04.01 19:34:12 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\iTunes [2010.04.01 19:34:12 | 000,000,000 | ---D | C] -- C:\ProgramData\{93E26451-CD9A-43A5-A2FA-C42392EA4001} [2010.04.01 19:32:33 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\QuickTime [2010.04.01 19:32:33 | 000,000,000 | ---D | C] -- C:\ProgramData\Apple Computer [2010.04.01 19:31:49 | 000,000,000 | ---D | C] -- C:\Users\***\AppData\Local\Apple [2010.04.01 19:31:47 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Apple Software Update [2010.04.01 19:31:37 | 000,000,000 | ---D | C] -- C:\Programme\Common Files\Apple [2010.04.01 19:31:24 | 000,000,000 | ---D | C] -- C:\Programme\Bonjour [2010.04.01 19:31:24 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Bonjour [2010.04.01 19:31:18 | 000,000,000 | ---D | C] -- C:\ProgramData\Apple [2010.04.01 19:31:18 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Apple [2010.04.01 19:17:51 | 000,000,000 | ---D | C] -- C:\Users\***\AppData\Local\Microsoft Games [2010.04.01 19:10:27 | 000,000,000 | ---D | C] -- C:\Users\***\AppData\Roaming\Mozilla [2010.04.01 19:10:14 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Mozilla Firefox [2010.04.01 17:31:50 | 001,397,248 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\win_utilman.exe [2010.04.01 17:31:47 | 000,000,000 | ---D | C] -- C:\Users\Martin\AppData\Roaming\_MDLogs [2010.03.31 21:51:04 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\MSXML 4.0 [2010.03.31 21:49:26 | 000,000,000 | ---D | C] -- C:\Users\***\AppData\Local\Microsoft Help [2010.03.31 17:32:21 | 000,000,000 | ---D | C] -- C:\Users\***\AppData\Roaming\HP Support Assistant [2010.03.31 17:25:38 | 000,000,000 | ---D | C] -- C:\Users\***\AppData\Roaming\CyberLink [2010.03.31 17:25:38 | 000,000,000 | ---D | C] -- C:\Users\***\AppData\Local\CyberLink [2010.03.31 17:25:37 | 000,000,000 | ---D | C] -- C:\Users\***\AppData\Local\PowerCinema [2010.03.31 17:08:09 | 014,629,376 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\wmp.dll [2010.03.31 17:08:08 | 011,406,336 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\wmp.dll [2010.03.31 17:08:08 | 001,975,296 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\CertEnroll.dll [2010.03.31 17:08:08 | 001,320,960 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\CertEnroll.dll [2010.03.31 17:08:07 | 012,625,920 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\wmploc.DLL [2010.03.31 17:08:07 | 012,625,408 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\wmploc.DLL [2010.03.31 17:07:59 | 000,424,960 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\secproc.dll [2010.03.31 17:07:59 | 000,422,912 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\secproc_isv.dll [2010.03.31 17:07:59 | 000,369,152 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\secproc.dll [2010.03.31 17:07:59 | 000,365,568 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\secproc_isv.dll [2010.03.31 17:07:59 | 000,357,888 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\RMActivate_isv.exe [2010.03.31 17:07:59 | 000,356,352 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\RMActivate.exe [2010.03.31 17:07:59 | 000,306,688 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\RMActivate_ssp.exe [2010.03.31 17:07:59 | 000,305,152 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\RMActivate_ssp_isv.exe [2010.03.31 17:07:58 | 000,324,608 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\RMActivate_isv.exe [2010.03.31 17:07:58 | 000,320,512 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\RMActivate.exe [2010.03.31 17:07:58 | 000,280,064 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\RMActivate_ssp.exe [2010.03.31 17:07:58 | 000,277,504 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\RMActivate_ssp_isv.exe [2010.03.31 17:07:58 | 000,121,856 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\secproc_ssp_isv.dll [2010.03.31 17:07:58 | 000,121,856 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\secproc_ssp.dll [2010.03.31 17:07:58 | 000,085,504 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\secproc_ssp_isv.dll [2010.03.31 17:07:58 | 000,085,504 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\secproc_ssp.dll [2010.03.31 17:07:57 | 002,870,272 | ---- | C] (Microsoft Corporation) -- C:\Windows\explorer.exe [2010.03.31 17:07:57 | 002,614,272 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\explorer.exe [2010.03.31 17:07:57 | 000,389,632 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\winlogon.exe [2010.03.31 17:07:57 | 000,366,080 | ---- | C] (Adobe Systems Incorporated) -- C:\Windows\SysNative\atmfd.dll [2010.03.31 17:07:57 | 000,293,888 | ---- | C] (Adobe Systems Incorporated) -- C:\Windows\SysWow64\atmfd.dll [2010.03.31 17:07:57 | 000,148,480 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\t2embed.dll [2010.03.31 17:07:57 | 000,108,544 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\t2embed.dll [2010.03.31 17:07:57 | 000,100,864 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\fontsub.dll [2010.03.31 17:07:57 | 000,070,656 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\fontsub.dll [2010.03.31 17:07:56 | 000,243,200 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\wow64.dll [2010.03.31 17:07:56 | 000,025,600 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\setup16.exe [2010.03.31 17:07:56 | 000,014,336 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ntvdm64.dll [2010.03.31 17:07:56 | 000,007,680 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\instnm.exe [2010.03.31 17:07:56 | 000,005,120 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\wow32.dll [2010.03.31 17:07:56 | 000,002,048 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\user.exe [2010.03.31 17:07:53 | 001,026,048 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\mstime.dll [2010.03.31 17:07:52 | 001,192,960 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\wininet.dll [2010.03.31 17:07:52 | 000,977,920 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\wininet.dll [2010.03.31 17:07:52 | 000,606,208 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\mstime.dll [2010.03.31 17:07:52 | 000,445,952 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\iedkcs32.dll [2010.03.31 17:07:52 | 000,381,440 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\iedkcs32.dll [2010.03.31 17:07:52 | 000,082,944 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\msfeedsbs.dll [2010.03.31 17:07:52 | 000,064,512 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\msfeedsbs.dll [2010.03.31 17:07:40 | 001,572,352 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\quartz.dll [2010.03.31 17:07:40 | 001,328,640 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\quartz.dll [2010.03.31 17:07:39 | 000,852,480 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\jscript.dll [2010.03.31 17:07:39 | 000,716,800 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\jscript.dll [2010.03.31 17:07:39 | 000,091,648 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\avifil32.dll [2010.03.31 17:07:39 | 000,084,480 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\mciavi32.dll [2010.03.31 17:07:39 | 000,054,272 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\iyuv_32.dll [2010.03.31 17:07:39 | 000,038,912 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\msvidc32.dll [2010.03.31 17:07:39 | 000,025,088 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\msyuv.dll [2010.03.31 17:07:39 | 000,016,384 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\msrle32.dll [2010.03.31 17:07:39 | 000,014,848 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\tsbyuv.dll [2010.03.31 17:07:38 | 000,960,512 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\CPFilters.dll [2010.03.31 17:07:38 | 000,641,536 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\CPFilters.dll [2010.03.31 17:07:38 | 000,288,256 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\MSNP.ax [2010.03.31 17:07:37 | 000,613,888 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\psisdecd.dll [2010.03.31 17:07:37 | 000,552,960 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\msdri.dll [2010.03.31 17:07:37 | 000,465,408 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\psisdecd.dll [2010.03.31 17:07:37 | 000,204,288 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\MSNP.ax [2010.03.31 17:07:35 | 000,046,592 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\msasn1.dll [2010.03.30 21:53:01 | 000,000,000 | ---D | C] -- C:\Users\***\AppData\Local\IsolatedStorage [2010.03.30 21:50:41 | 000,000,000 | ---D | C] -- C:\Users\***\AppData\Local\Mozilla [2010.03.30 21:33:37 | 000,000,000 | ---D | C] -- C:\ProgramData\Recovery [2010.03.30 21:29:42 | 000,116,568 | ---- | C] (Avira GmbH) -- C:\Windows\SysNative\drivers\avipbb.sys [2010.03.30 21:29:42 | 000,081,072 | ---- | C] (Avira GmbH) -- C:\Windows\SysNative\drivers\avgntflt.sys [2010.03.30 21:29:42 | 000,051,992 | ---- | C] (AVIRA GmbH) -- C:\Windows\SysWow64\drivers\avgntdd.sys [2010.03.30 21:29:42 | 000,017,016 | ---- | C] (AVIRA GmbH) -- C:\Windows\SysWow64\drivers\avgntmgr.sys [2010.03.30 21:29:41 | 000,000,000 | ---D | C] -- C:\ProgramData\Avira [2010.03.30 21:29:41 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Avira [2010.03.30 21:26:38 | 000,000,000 | ---D | C] -- C:\Users\***\AppData\Roaming\HpUpdate [2010.03.30 21:20:25 | 000,000,000 | ---D | C] -- C:\Users\***\AppData\Roaming\hpqLog [2010.03.30 21:16:09 | 000,000,000 | ---D | C] -- C:\Users\***\AppData\Roaming\Macromedia [2010.03.30 21:16:07 | 000,000,000 | ---D | C] -- C:\Users\***\AppData\Roaming\Adobe [2010.03.30 21:15:05 | 000,000,000 | R--D | C] -- C:\Users\***\Searches [2010.03.30 21:14:58 | 000,000,000 | ---D | C] -- C:\Users\***\AppData\Roaming\Identities [2010.03.30 21:14:57 | 000,000,000 | R--D | C] -- C:\Users\***\Contacts [2010.03.30 21:14:56 | 000,000,000 | ---D | C] -- C:\Users\***\AppData\Local\VirtualStore [2010.03.30 21:03:57 | 000,000,000 | ---D | C] -- C:\Users\***\AppData\Local\Hewlett-Packard [2010.03.30 21:00:48 | 000,000,000 | ---D | C] -- C:\Users\***\AppData\Roaming\Hewlett-Packard [2010.03.30 20:59:21 | 000,000,000 | --SD | C] -- C:\Users\***\AppData\Roaming\Microsoft [2010.03.30 20:59:21 | 000,000,000 | R--D | C] -- C:\Users\***\Videos [2010.03.30 20:59:21 | 000,000,000 | R--D | C] -- C:\Users\***\Saved Games [2010.03.30 20:59:21 | 000,000,000 | R--D | C] -- C:\Users\***\Pictures [2010.03.30 20:59:21 | 000,000,000 | R--D | C] -- C:\Users\***\Music [2010.03.30 20:59:21 | 000,000,000 | R--D | C] -- C:\Users\***\Links [2010.03.30 20:59:21 | 000,000,000 | R--D | C] -- C:\Users\***\Favorites [2010.03.30 20:59:21 | 000,000,000 | R--D | C] -- C:\Users\***\Downloads [2010.03.30 20:59:21 | 000,000,000 | R--D | C] -- C:\Users\***\Documents [2010.03.30 20:59:21 | 000,000,000 | R--D | C] -- C:\Users\***\Desktop [2010.03.30 20:59:21 | 000,000,000 | -HSD | C] -- C:\Users\***\Vorlagen [2010.03.30 20:59:21 | 000,000,000 | -HSD | C] -- C:\Users\***\AppData\Local\Verlauf [2010.03.30 20:59:21 | 000,000,000 | -HSD | C] -- C:\Users\***\AppData\Local\Temporary Internet Files [2010.03.30 20:59:21 | 000,000,000 | -HSD | C] -- C:\Users\***\Startmenü [2010.03.30 20:59:21 | 000,000,000 | -HSD | C] -- C:\Users\***\SendTo [2010.03.30 20:59:21 | 000,000,000 | -HSD | C] -- C:\Users\***\Recent [2010.03.30 20:59:21 | 000,000,000 | -HSD | C] -- C:\Users\***\Netzwerkumgebung [2010.03.30 20:59:21 | 000,000,000 | -HSD | C] -- C:\Users\***\Lokale Einstellungen [2010.03.30 20:59:21 | 000,000,000 | -HSD | C] -- C:\Users\***\Documents\Eigene Videos [2010.03.30 20:59:21 | 000,000,000 | -HSD | C] -- C:\Users\***\Documents\Eigene Musik [2010.03.30 20:59:21 | 000,000,000 | -HSD | C] -- C:\Users\***\Eigene Dateien [2010.03.30 20:59:21 | 000,000,000 | -HSD | C] -- C:\Users\***\Documents\Eigene Bilder [2010.03.30 20:59:21 | 000,000,000 | -HSD | C] -- C:\Users\***\Druckumgebung [2010.03.30 20:59:21 | 000,000,000 | -HSD | C] -- C:\Users\***\Cookies [2010.03.30 20:59:21 | 000,000,000 | -HSD | C] -- C:\Users\***\AppData\Local\Anwendungsdaten [2010.03.30 20:59:21 | 000,000,000 | -HSD | C] -- C:\Users\***\Anwendungsdaten [2010.03.30 20:59:21 | 000,000,000 | -H-D | C] -- C:\Users\***\AppData [2010.03.30 20:59:21 | 000,000,000 | ---D | C] -- C:\Users\***\AppData\Local\Temp [2010.03.30 20:59:21 | 000,000,000 | ---D | C] -- C:\Users\***\AppData\Local\Microsoft [2010.03.30 20:59:21 | 000,000,000 | ---D | C] -- C:\Users\***\AppData\Roaming\Media Center Programs [2010.03.30 20:59:12 | 000,000,000 | -HSD | C] -- C:\ProgramData\Vorlagen [2010.03.30 20:59:12 | 000,000,000 | -HSD | C] -- C:\ProgramData\Startmenü [2010.03.30 20:59:12 | 000,000,000 | -HSD | C] -- C:\Programme [2010.03.30 20:59:12 | 000,000,000 | -HSD | C] -- C:\Programme\Gemeinsame Dateien [2010.03.30 20:59:12 | 000,000,000 | -HSD | C] -- C:\ProgramData\Favoriten [2010.03.30 20:59:12 | 000,000,000 | -HSD | C] -- C:\Users\Public\Documents\Eigene Videos [2010.03.30 20:59:12 | 000,000,000 | -HSD | C] -- C:\Users\Public\Documents\Eigene Musik [2010.03.30 20:59:12 | 000,000,000 | -HSD | C] -- C:\Users\Public\Documents\Eigene Bilder [2010.03.30 20:59:12 | 000,000,000 | -HSD | C] -- C:\Dokumente und Einstellungen [2010.03.30 20:59:12 | 000,000,000 | -HSD | C] -- C:\ProgramData\Dokumente [2010.03.30 20:59:12 | 000,000,000 | -HSD | C] -- C:\ProgramData\Anwendungsdaten [2010.03.17 21:53:42 | 000,094,208 | ---- | C] (Apple Inc.) -- C:\Windows\SysWow64\QuickTimeVR.qtx [2010.03.17 21:53:42 | 000,069,632 | ---- | C] (Apple Inc.) -- C:\Windows\SysWow64\QuickTime.qts [2 C:\*.tmp files -> C:\*.tmp -> ] [1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ] ========== Files - Modified Within 30 Days ========== [2010.04.15 18:16:37 | 001,310,720 | -HS- | M] () -- C:\Users\Martin\NTUSER.DAT [2010.04.15 17:42:46 | 000,023,024 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0 [2010.04.15 17:42:46 | 000,023,024 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0 [2010.04.15 17:40:17 | 001,472,002 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI [2010.04.15 17:40:17 | 000,643,866 | ---- | M] () -- C:\Windows\SysNative\perfh007.dat [2010.04.15 17:40:17 | 000,607,190 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat [2010.04.15 17:40:17 | 000,126,394 | ---- | M] () -- C:\Windows\SysNative\perfc007.dat [2010.04.15 17:40:17 | 000,103,568 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat [2010.04.15 17:35:31 | 000,000,006 | -H-- | M] () -- C:\Windows\tasks\SA.DAT [2010.04.15 17:35:28 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat [2010.04.15 17:35:27 | 3163,709,440 | -HS- | M] () -- C:\hiberfil.sys [2010.04.14 23:32:10 | 004,286,782 | -H-- | M] () -- C:\Users\***\AppData\Local\IconCache.db [2010.04.09 16:33:00 | 000,096,000 | ---- | M] () -- C:\Users\***\AppData\Local\GDIPFONTCACHEV1.DAT [2010.04.09 16:31:17 | 000,370,280 | ---- | M] () -- C:\Windows\SysNative\FNTCACHE.DAT [2010.04.08 21:34:49 | 000,006,302 | ---- | M] () -- C:\Users\***\Documents\cc_20100408_213446.reg [2010.04.08 21:34:34 | 000,092,598 | ---- | M] () -- C:\Users\***\Documents\cc_20100408_213427.reg [2010.04.08 20:54:38 | 000,001,217 | ---- | M] () -- C:\Users\***\Desktop\Downloads - Verknüpfung.lnk [2010.04.08 19:47:06 | 000,781,909 | ---- | M] () -- C:\Users\***\Desktop\RSIT.exe [2010.04.08 18:50:46 | 000,034,457 | ---- | M] () -- C:\Users\***\Desktop\Dokument.rtf [2010.04.07 22:09:11 | 000,000,971 | ---- | M] () -- C:\Users\Public\Desktop\Malwarebytes' Anti-Malware.lnk [2010.04.07 21:01:39 | 000,095,024 | ---- | M] (Sunbelt Software) -- C:\Windows\SysNative\drivers\SBREDrv.sys [2010.04.07 21:01:31 | 000,015,880 | ---- | M] () -- C:\Windows\SysNative\lsdelete.exe [2010.04.07 20:57:59 | 000,001,112 | ---- | M] () -- C:\Users\Public\Desktop\Ad-Aware.lnk [2010.04.04 21:48:39 | 000,001,314 | ---- | M] () -- C:\Users\***\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OneNote 2007 Bildschirmausschnitt- und Startprogramm.lnk [2010.04.04 19:31:18 | 000,000,000 | -H-- | M] () -- C:\Windows\SysNative\drivers\Msft_Kernel_xusb21_01009.Wdf [2010.04.01 22:21:13 | 000,000,000 | -H-- | M] () -- C:\Windows\SysNative\drivers\Msft_User_WpdFs_01_09_00.Wdf [2010.04.01 19:34:34 | 000,002,429 | ---- | M] () -- C:\Users\Public\Desktop\iTunes.lnk [2010.04.01 19:10:18 | 000,001,901 | ---- | M] () -- C:\Users\Public\Desktop\Mozilla Firefox.lnk [2010.04.01 18:55:17 | 000,000,017 | ---- | M] () -- C:\Users\***\AppData\Local\resmon.resmoncfg [2010.04.01 17:31:53 | 000,000,048 | -H-- | M] () -- C:\Windows\SysWow64\ezsidmv.dat [2010.03.31 22:10:03 | 000,285,477 | ---- | M] () -- C:\Users\***\AppData\Local\tmpDATENTRÄGERVERWALTUNG.JPG [2010.03.30 21:40:45 | 000,588,472 | ---- | M] (EasyBits Software AS) -- C:\Windows\SysWow64\ezsvc7x.dll [2010.03.30 21:38:24 | 000,524,288 | -HS- | M] () -- C:\Users\***\NTUSER.DAT{016888bd-6c6f-11de-8d1d-001e0bcde3ec}.TMContainer00000000000000000002.regtrans-ms [2010.03.30 21:38:24 | 000,524,288 | -HS- | M] () -- C:\Users\***\NTUSER.DAT{016888bd-6c6f-11de-8d1d-001e0bcde3ec}.TMContainer00000000000000000001.regtrans-ms [2010.03.30 21:38:24 | 000,065,536 | -HS- | M] () -- C:\Users\***\NTUSER.DAT{016888bd-6c6f-11de-8d1d-001e0bcde3ec}.TM.blf [2010.03.30 21:29:48 | 000,002,068 | ---- | M] () -- C:\Users\Public\Desktop\Avira AntiVir Control Center.lnk [2010.03.30 20:59:31 | 000,000,000 | RHS- | M] () -- C:\Windows\SysWow64\drivers\103C_HP_cNB_Pavilion dv7 Notebook PC_Y5335KV_0U_QCNF00929Y2_E587925-043_4A_I365C_SHP_V32.24_F.17_T100206_WU3-0_L407_M4023_J500_7Intel_8652_92.40_#100302_N14E44357_(WK588EA#ABD)_XMOBILE_CN10_Z.MRK [2010.03.30 20:59:31 | 000,000,000 | RHS- | M] () -- C:\Windows\SysNative\drivers\103C_HP_cNB_Pavilion dv7 Notebook PC_Y5335KV_0U_QCNF00929Y2_E587925-043_4A_I365C_SHP_V32.24_F.17_T100206_WU3-0_L407_M4023_J500_7Intel_8652_92.40_#100302_N14E44357_(WK588EA#ABD)_XMOBILE_CN10_Z.MRK [2010.03.30 20:59:21 | 000,000,020 | -HS- | M] () -- C:\Users\Martin\ntuser.ini [2010.03.30 19:54:58 | 000,052,870 | ---- | M] () -- C:\Windows\SysWow64\license.rtf [2010.03.30 19:54:58 | 000,052,870 | ---- | M] () -- C:\Windows\SysNative\license.rtf [2010.03.30 00:46:30 | 000,038,224 | ---- | M] (Malwarebytes Corporation) -- C:\Windows\SysWow64\drivers\mbamswissarmy.sys [2010.03.30 00:45:56 | 000,024,664 | ---- | M] (Malwarebytes Corporation) -- C:\Windows\SysNative\drivers\mbam.sys [2010.03.17 21:53:42 | 000,094,208 | ---- | M] (Apple Inc.) -- C:\Windows\SysWow64\QuickTimeVR.qtx [2010.03.17 21:53:42 | 000,069,632 | ---- | M] (Apple Inc.) -- C:\Windows\SysWow64\QuickTime.qts [2 C:\*.tmp files -> C:\*.tmp -> ] [1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ] ========== Files Created - No Company Name ========== [2010.04.08 21:34:48 | 000,006,302 | ---- | C] () -- C:\Users\***\Documents\cc_20100408_213446.reg [2010.04.08 21:34:30 | 000,092,598 | ---- | C] () -- C:\Users\***\Documents\cc_20100408_213427.reg [2010.04.08 19:47:04 | 000,781,909 | ---- | C] () -- C:\Users\***\Desktop\RSIT.exe [2010.04.07 22:09:11 | 000,000,971 | ---- | C] () -- C:\Users\Public\Desktop\Malwarebytes' Anti-Malware.lnk [2010.04.07 21:41:00 | 000,015,880 | ---- | C] () -- C:\Windows\SysNative\lsdelete.exe [2010.04.07 20:57:59 | 000,001,112 | ---- | C] () -- C:\Users\Public\Desktop\Ad-Aware.lnk [2010.04.04 21:48:39 | 000,001,314 | ---- | C] () -- C:\Users\***\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OneNote 2007 Bildschirmausschnitt- und Startprogramm.lnk [2010.04.04 19:31:18 | 000,000,000 | -H-- | C] () -- C:\Windows\SysNative\drivers\Msft_Kernel_xusb21_01009.Wdf [2010.04.03 18:45:35 | 000,034,457 | ---- | C] () -- C:\Users\***\Desktop\Dokument.rtf [2010.04.01 22:21:13 | 000,000,000 | -H-- | C] () -- C:\Windows\SysNative\drivers\Msft_User_WpdFs_01_09_00.Wdf [2010.04.01 19:34:34 | 000,002,429 | ---- | C] () -- C:\Users\Public\Desktop\iTunes.lnk [2010.04.01 19:14:38 | 000,001,217 | ---- | C] () -- C:\Users\***\Desktop\Downloads - Verknüpfung.lnk [2010.04.01 19:10:18 | 000,001,901 | ---- | C] () -- C:\Users\Public\Desktop\Mozilla Firefox.lnk [2010.04.01 18:55:17 | 000,000,017 | ---- | C] () -- C:\Users\***\AppData\Local\resmon.resmoncfg [2010.04.01 17:31:53 | 000,000,048 | -H-- | C] () -- C:\Windows\SysWow64\ezsidmv.dat [2010.03.31 22:07:34 | 000,285,477 | ---- | C] () -- C:\Users\***\AppData\Local\tmpDATENTRÄGERVERWALTUNG.JPG [2010.03.30 21:29:48 | 000,002,068 | ---- | C] () -- C:\Users\Public\Desktop\Avira AntiVir Control Center.lnk [2010.03.30 21:15:27 | 000,000,000 | ---- | C] () -- C:\Users\***\AppData\Local\QSwitch.txt [2010.03.30 21:15:27 | 000,000,000 | ---- | C] () -- C:\Users\***\AppData\Local\DSwitch.txt [2010.03.30 21:15:27 | 000,000,000 | ---- | C] () -- C:\Users\***\AppData\Local\AtStart.txt [2010.03.30 21:15:25 | 000,000,188 | ---- | C] () -- C:\ProgramData\HPWALog.txt [2010.03.30 20:59:31 | 000,000,000 | RHS- | C] () -- C:\Windows\SysWow64\drivers\103C_HP_cNB_Pavilion dv7 Notebook PC_Y5335KV_0U_QCNF00929Y2_E587925-043_4A_I365C_SHP_V32.24_F.17_T100206_WU3-0_L407_M4023_J500_7Intel_8652_92.40_#100302_N14E44357_(WK588EA#ABD)_XMOBILE_CN10_Z.MRK [2010.03.30 20:59:31 | 000,000,000 | RHS- | C] () -- C:\Windows\SysNative\drivers\103C_HP_cNB_Pavilion dv7 Notebook PC_Y5335KV_0U_QCNF00929Y2_E587925-043_4A_I365C_SHP_V32.24_F.17_T100206_WU3-0_L407_M4023_J500_7Intel_8652_92.40_#100302_N14E44357_(WK588EA#ABD)_XMOBILE_CN10_Z.MRK [2010.03.30 20:59:21 | 001,310,720 | -HS- | C] () -- C:\Users\***\NTUSER.DAT [2010.03.30 20:59:21 | 000,524,288 | -HS- | C] () -- C:\Users\***\NTUSER.DAT{016888bd-6c6f-11de-8d1d-001e0bcde3ec}.TMContainer00000000000000000002.regtrans-ms [2010.03.30 20:59:21 | 000,524,288 | -HS- | C] () -- C:\Users\***\NTUSER.DAT{016888bd-6c6f-11de-8d1d-001e0bcde3ec}.TMContainer00000000000000000001.regtrans-ms [2010.03.30 20:59:21 | 000,262,144 | -HS- | C] () -- C:\Users\***\ntuser.dat.LOG1 [2010.03.30 20:59:21 | 000,065,536 | -HS- | C] () -- C:\Users\***\NTUSER.DAT{016888bd-6c6f-11de-8d1d-001e0bcde3ec}.TM.blf [2010.03.30 20:59:21 | 000,000,020 | -HS- | C] () -- C:\Users\***\ntuser.ini [2010.03.30 20:59:21 | 000,000,000 | -HS- | C] () -- C:\Users\***\ntuser.dat.LOG2 [2010.03.02 02:43:35 | 000,000,105 | ---- | C] () -- C:\ProgramData\{d36dd326-7280-11d8-97c8-000129760cbe}.log [2010.03.02 02:43:29 | 000,000,032 | ---- | C] () -- C:\ProgramData\{051B9612-4D82-42AC-8C63-CD2DCEDC1CB3}.log [2010.03.02 02:43:19 | 000,000,032 | ---- | C] () -- C:\ProgramData\{9867824A-C86D-4A83-8F3C-E7A86BE0AFD3}.log [2010.03.02 02:43:04 | 000,000,032 | ---- | C] () -- C:\ProgramData\{23F3DA62-2D9E-4A69-B8D5-BE8E9E148092}.log [2010.03.02 02:42:30 | 000,000,032 | ---- | C] () -- C:\ProgramData\{4FC670EB-5F02-4B07-90DB-022B86BFEFD0}.log [2010.03.02 02:40:39 | 000,209,040 | ---- | C] () -- C:\Windows\SysWow64\IVIresizeW7.dll [2010.03.02 02:40:39 | 000,204,944 | ---- | C] () -- C:\Windows\SysWow64\IVIresizeA6.dll [2010.03.02 02:40:39 | 000,196,752 | ---- | C] () -- C:\Windows\SysWow64\IVIresizeP6.dll [2010.03.02 02:40:39 | 000,196,752 | ---- | C] () -- C:\Windows\SysWow64\IVIresizeM6.dll [2010.03.02 02:40:39 | 000,192,656 | ---- | C] () -- C:\Windows\SysWow64\IVIresizePX.dll [2010.03.02 02:40:39 | 000,024,720 | ---- | C] () -- C:\Windows\SysWow64\IVIresize.dll [2010.03.02 02:16:11 | 000,000,283 | ---- | C] () -- C:\Windows\SysWow64\RStoneLog2.ini [2010.03.02 02:16:11 | 000,000,224 | ---- | C] () -- C:\Windows\SysWow64\RStoneLog.ini [2010.01.09 00:23:16 | 000,000,109 | ---- | C] () -- C:\ProgramData\{1FBF6C24-C1FD-4101-A42B-0C564F9E8E79}.log [2010.01.09 00:20:47 | 000,000,110 | ---- | C] () -- C:\ProgramData\{CB099890-1D5F-11D5-9EA9-0050BAE317E1}.log [2010.01.09 00:19:57 | 000,000,105 | ---- | C] () -- C:\ProgramData\{40BF1E83-20EB-11D8-97C5-0009C5020658}.log [2010.01.09 00:19:31 | 000,000,107 | ---- | C] () -- C:\ProgramData\{C59C179C-668D-49A9-B6EA-0121CCFC1243}.log [2009.09.29 16:25:16 | 000,013,312 | ---- | C] () -- C:\Windows\LPRES.DLL [2009.07.14 01:42:10 | 000,064,000 | ---- | C] () -- C:\Windows\SysWow64\BWContextHandler.dll [2009.07.13 23:03:59 | 000,364,544 | ---- | C] () -- C:\Windows\SysWow64\msjetoledb40.dll < End of report > Was mache ich wenn sich die Log-Datei von OSAM nicht speichern lässt? Ich klicke auf den "Save Log" Button aber nichts passiert! Ziemlich komisch  Habs als Admin ausgeführt wenn ich es nicht als Admin ausführe kommt die meldung das es nicht funktioniert. Gruß, Martinius |
|
15.04.2010, 18:32
| #7 |
| | "YOUR PROTECTION" und "TDSS" volkommen gelöscht? 2. OTL Log Code:
ATTFilter OTL Extras logfile created on: 15.04.2010 18:15:22 - Run 1
OTL by OldTimer - Version 3.2.1.1 Folder = C:\Users\***\Desktop\Neuer Ordner (3)
64bit- Home Premium Edition (Version = 6.1.7600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.7600.16385)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
4,00 Gb Total Physical Memory | 3,00 Gb Available Physical Memory | 67,00% Memory free
8,00 Gb Paging File | 6,00 Gb Available in Paging File | 80,00% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 448,77 Gb Total Space | 367,22 Gb Free Space | 81,83% Space Free | Partition Type: NTFS
Drive D: | 465,76 Gb Total Space | 374,54 Gb Free Space | 80,41% Space Free | Partition Type: NTFS
Drive E: | 16,69 Gb Total Space | 2,72 Gb Free Space | 16,30% Space Free | Partition Type: NTFS
Drive F: | 99,02 Mb Total Space | 96,46 Mb Free Space | 97,41% Space Free | Partition Type: FAT32
Drive G: | 3,28 Gb Total Space | 0,00 Gb Free Space | 0,00% Space Free | Partition Type: UDF
H: Drive not present or media not loaded
I: Drive not present or media not loaded
Computer Name: ***-PC
Current User Name: ***
Logged in as Administrator.
Current Boot Mode: Normal
Scan Mode: Current user
Include 64bit Scans
Company Name Whitelist: Off
Skip Microsoft Files: Off
File Age = 30 Days
Output = Minimal
========== Extra Registry (SafeList) ==========
========== File Associations ==========
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- C:\Windows\SysWow64\control.exe (Microsoft Corporation)
[HKEY_CURRENT_USER\SOFTWARE\Classes\<extension>]
.html [@ = FirefoxHTML] -- C:\Program Files (x86)\Mozilla Firefox\firefox.exe (Mozilla Corporation)
========== Shell Spawning ==========
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %* File not found
cmdfile [open] -- "%1" %* File not found
comfile [open] -- "%1" %* File not found
exefile [open] -- "%1" %* File not found
helpfile [open] -- Reg Error: Key error.
htmlfile [edit] -- "C:\Program Files (x86)\Microsoft Office\Office12\msohtmed.exe" %1 (Microsoft Corporation)
htmlfile [print] -- "C:\Program Files (x86)\Microsoft Office\Office12\msohtmed.exe" /p %1 (Microsoft Corporation)
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
InternetShortcut [print] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\mshtml.dll",PrintHTML "%1" (Microsoft Corporation)
piffile [open] -- "%1" %* File not found
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1" File not found
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l (Microsoft Corporation)
scrfile [open] -- "%1" /S File not found
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1 File not found
Directory [AddToPlaylistVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" ()
Directory [Browse with Corel Paint Shop Pro Photo X2] -- "C:\Program Files (x86)\Corel\Corel Paint Shop Pro Photo X2\Corel Paint Shop Pro Photo.exe" "%L" (Corel, Inc.)
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [OneNote.Open] -- C:\PROGRA~2\MICROS~4\Office12\ONENOTE.EXE "%L" (Microsoft Corporation)
Directory [PlayWithVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" ()
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
htmlfile [edit] -- "C:\Program Files (x86)\Microsoft Office\Office12\msohtmed.exe" %1 (Microsoft Corporation)
htmlfile [print] -- "C:\Program Files (x86)\Microsoft Office\Office12\msohtmed.exe" /p %1 (Microsoft Corporation)
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
InternetShortcut [print] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\mshtml.dll",PrintHTML "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l (Microsoft Corporation)
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [AddToPlaylistVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" ()
Directory [Browse with Corel Paint Shop Pro Photo X2] -- "C:\Program Files (x86)\Corel\Corel Paint Shop Pro Photo X2\Corel Paint Shop Pro Photo.exe" "%L" (Corel, Inc.)
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [OneNote.Open] -- C:\PROGRA~2\MICROS~4\Office12\ONENOTE.EXE "%L" (Microsoft Corporation)
Directory [PlayWithVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" ()
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
========== Security Center Settings ==========
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"VistaSp1" = 28 4D B2 76 41 04 CA 01 [binary data]
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
========== Authorized Applications List ==========
========== HKEY_LOCAL_MACHINE Uninstall List ==========
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{23170F69-40C1-2702-0465-000001000000}" = 7-Zip 4.65 (x64 edition)
"{26A24AE4-039D-4CA4-87B4-2F86416015FF}" = Java(TM) 6 Update 15 (64-bit)
"{4B6C7001-C7D6-3710-913E-5BC23FCE91E6}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148
"{4CE36E6A-300B-427C-BEC7-B261CC13814E}" = iTunes
"{64A3A4F4-B792-11D6-A78A-00B0D0160150}" = Java(TM) SE Development Kit 6 Update 15 (64-bit)
"{7FD7F421-39B2-4CAC-BC41-7D83DDBAB329}" = HP 3D DriveGuard
"{8220EEFE-38CD-377E-8595-13398D740ACE}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17
"{877924AA-E044-4266-B37D-E974CD799934}" = Bonjour
"{88E60521-1E4E-4785-B9F1-1798A4BD0C30}" = HP MediaSmart SmartMenu
"{90120000-002A-0000-1000-0000000FF1CE}" = Microsoft Office Office 64-bit Components 2007
"{90120000-002A-0407-1000-0000000FF1CE}" = Microsoft Office Shared 64-bit MUI (German) 2007
"{9068B2BE-D93A-4C0A-861C-5E35E2C0E09E}" = Intel® Matrix Storage Manager
"{95120000-00B9-0409-1000-0000000FF1CE}" = Microsoft Application Error Reporting
"{CA4AF936-3312-4AF4-A191-527531490DCD}" = Apple Mobile Device Support
"Broadcom 802.11 Wireless LAN Adapter" = Broadcom 802.11 Wireless LAN Adapter
"FFE7D41DF3C645075BB149E21988B63996C34187" = ENE CIR Receiver Driver
"NVIDIA Drivers" = NVIDIA Drivers
"SynTPDeinstKey" = Synaptics Pointing Device Driver
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{01FB4998-33C4-4431-85ED-079E3EEFE75D}" = HP MediaSmart Webcam
"{048298C9-A4D3-490B-9FF9-AB023A9238F3}" = Steam
"{07FA4960-B038-49EB-891B-9F95930AA544}" = HP Customer Experience Enhancements
"{0A35B15C-9CCD-4C0C-BD5B-34ABF8C95813}_is1" = ICQ 7.1 Build #2096 Banner Remover 1.0
"{17B4760F-334B-475D-829F-1A3E94A6A4E6}" = HP Setup
"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
"{1FBF6C24-C1FD-4101-A42B-0C564F9E8E79}" = CyberLink DVD Suite
"{205C6BDD-7B73-42DE-8505-9A093F35A238}" = Windows Live-Uploadtool
"{22B775E7-6C42-4FC5-8E10-9A5E3257BD94}" = MSVCRT
"{254C37AA-6B72-4300-84F6-98A82419187E}" = ActiveCheck component for HP Active Support Library
"{26604C7E-A313-4D12-867F-7C6E7820BE4C}" = JMicron Flash Media Controller Driver
"{26A24AE4-039D-4CA4-87B4-2F83216015FF}" = Java(TM) 6 Update 19
"{287ECFA4-719A-2143-A09B-D6A12DE54E40}" = Acrobat.com
"{28BE306E-5DA6-4F9C-BDB0-DBA3C8C6FFFD}" = QuickTime
"{2BA722D1-48D1-406E-9123-8AE5431D63EF}" = Windows Live Fotogalerie
"{2EBA8202-FBD5-4004-81EA-BDC38C054CE2}" = HP User Guides 0153
"{3023EBDA-BF1B-4831-B347-E5018555F26E}" = Movie Theme Pack for HP MediaSmart Video
"{338F08AB-C262-42C7-B000-34DE1A475273}" = Ad-Aware Email Scanner for Outlook
"{34D2AB40-150D-475D-AE32-BD23FB5EE355}" = HP Quick Launch Buttons
"{3877C901-7B90-4727-A639-B6ED2DD59D43}" = ESU for Microsoft Windows 7
"{39D0E034-1042-4905-BECB-5502909FCB7C}" = Microsoft Works
"{3B4E636E-9D65-4D67-BA61-189800823F52}" = Windows Live Communications Platform
"{40BF1E83-20EB-11D8-97C5-0009C5020658}" = Power2Go
"{40FB8D7C-6FF8-4AF2-BC8B-0B1DB32AF04B}" = HP Advisor
"{41E654A9-26D0-4EAC-854B-0FA824FFFABB}" = Windows Live Messenger
"{44B2A0AB-412E-4F8C-B058-D1E8AECCDFF5}" = Recovery Manager
"{495A8A3C-8FD0-4C46-9979-95C26181A1AB}" = HP Support Assistant
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{4CBA3D4C-8F51-4D60-B27E-F6B641C571E7}" = Microsoft Search Enhancement Pack
"{52B97218-98CB-4B8B-9283-D213C85E1AA4}" = Windows Live Anmelde-Assistent
"{54CC7901-804D-4155-B353-21F0CC9112AB}" = HP Wireless Assistant
"{553255F3-78FD-40F1-A6F8-6882140265FE}" = Apple Application Support
"{5FC68772-6D56-41C6-9DF1-24E868198AE6}" = Windows Live Call
"{64E72FB1-2343-4977-B4A8-262CD53D0BD3}" = Corel Paint Shop Pro Photo X2
"{669D4A35-146B-4314-89F1-1AC3D7B88367}" = HPAsset component for HP Active Support Library
"{67626E09-5366-4480-8F1E-93FADF50CA15}" = HP MediaSmart Live TV
"{70B7A167-0B88-445D-A3EA-97C73AA88CAC}" = Windows Live Toolbar
"{71BFC818-0CED-42D6-9C87-5142918957EE}" = ICQ7.1
"{76618402-179D-4699-A66B-D351C59436BC}" = Windows Live Sync
"{770657D0-A123-3C07-8E44-1C83EC895118}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
"{7E659C5C-4DF1-499B-B802-77BAE9ABE4D4}" = Razer Diamondback 3G
"{837b34e3-7c30-493c-8f6a-2b0f04e2912c}" = Microsoft Visual C++ 2005 Redistributable
"{8833FFB6-5B0C-4764-81AA-06DFEED9A476}" = Realtek Ethernet Controller Driver For Windows Vista and Later
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{8A74E887-8F0F-4017-AF53-CBA42211AAA5}" = Microsoft Sync Framework Runtime Native v1.0 (x86)
"{90120000-0016-0407-0000-0000000FF1CE}" = Microsoft Office Excel MUI (German) 2007
"{90120000-0016-0407-0000-0000000FF1CE}_HOMESTUDENTR_{9BD40163-B95D-4B07-8991-0AB775B6D88B}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0018-0407-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (German) 2007
"{90120000-0018-0407-0000-0000000FF1CE}_HOMESTUDENTR_{9BD40163-B95D-4B07-8991-0AB775B6D88B}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-001B-0407-0000-0000000FF1CE}" = Microsoft Office Word MUI (German) 2007
"{90120000-001B-0407-0000-0000000FF1CE}_HOMESTUDENTR_{9BD40163-B95D-4B07-8991-0AB775B6D88B}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-001F-0407-0000-0000000FF1CE}" = Microsoft Office Proof (German) 2007
"{90120000-001F-0407-0000-0000000FF1CE}_HOMESTUDENTR_{A0516415-ED61-419A-981D-93596DA74165}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2007
"{90120000-001F-0409-0000-0000000FF1CE}_HOMESTUDENTR_{ABDDE972-355B-4AF1-89A8-DA50B7B5C045}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2007
"{90120000-001F-040C-0000-0000000FF1CE}_HOMESTUDENTR_{F580DDD5-8D37-4998-968E-EBB76BB86787}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-001F-0410-0000-0000000FF1CE}" = Microsoft Office Proof (Italian) 2007
"{90120000-001F-0410-0000-0000000FF1CE}_HOMESTUDENTR_{322296D4-1EAE-4030-9FBC-D2787EB25FA2}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-0020-0407-0000-0000000FF1CE}" = Compatibility Pack für 2007 Office System
"{90120000-002A-0000-1000-0000000FF1CE}_HOMESTUDENTR_{E64BA721-2310-4B55-BE5A-2925F9706192}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-002A-0407-1000-0000000FF1CE}_HOMESTUDENTR_{26454C26-D259-4543-AA60-3189E09C5F76}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-002C-0407-0000-0000000FF1CE}" = Microsoft Office Proofing (German) 2007
"{90120000-006E-0407-0000-0000000FF1CE}" = Microsoft Office Shared MUI (German) 2007
"{90120000-006E-0407-0000-0000000FF1CE}_HOMESTUDENTR_{26454C26-D259-4543-AA60-3189E09C5F76}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-00A1-0407-0000-0000000FF1CE}" = Microsoft Office OneNote MUI (German) 2007
"{90120000-00A1-0407-0000-0000000FF1CE}_HOMESTUDENTR_{9BD40163-B95D-4B07-8991-0AB775B6D88B}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{91120000-002F-0000-0000-0000000FF1CE}" = Microsoft Office Home and Student 2007
"{91120000-002F-0000-0000-0000000FF1CE}_HOMESTUDENTR_{0B36C6D6-F5D8-4EAF-BF94-4376A230AD5B}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{91120000-002F-0000-0000-0000000FF1CE}_HOMESTUDENTR_{3D019598-7B59-447A-80AE-815B703B84FF}" = Security Update for Microsoft Office system 2007 (972581)
"{95120000-00AF-0407-0000-0000000FF1CE}" = Microsoft Office PowerPoint Viewer 2007 (German)
"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
"{A2BCA9F1-566C-4805-97D1-7FDC93386723}" = Adobe AIR
"{AC76BA86-7AD7-FFFF-7B44-A91000000001}" = Adobe Reader 9.1 MUI
"{B2EE25B9-5B00-4ACF-94F0-92433C28C39E}" = HP MediaSmart Music/Photo/Video
"{BD64AF4A-8C80-4152-AD77-FCDDF05208AB}" = Microsoft Sync Framework Services Native v1.0 (x86)
"{C41300B9-185D-475E-BFEC-39EF732F19B1}" = Apple Software Update
"{C4D738F7-996A-4C81-B8FA-C4E26D767E41}" = Windows Live Mail
"{C57BCDE1-7CB9-467D-B3BA-7E119916CDC1}" = Norton Online Backup
"{C59C179C-668D-49A9-B6EA-0121CCFC1243}" = LabelPrint
"{CB099890-1D5F-11D5-9EA9-0050BAE317E1}" = PowerDirector
"{CC8E94A2-55C7-4460-953C-2A790180578C}" = LightScribe System Software
"{D46D081B-F60E-467E-A7C4-117B70D76731}" = HP Update
"{D53A3D44-C983-4D21-ABF6-2AA2AB88FB28}" = Battlefield Bad Company 2 - BETA
"{D6C630BF-8DBB-4042-8562-DC9A52CB6E7E}" = Intel(R) Turbo Boost Technology Driver
"{D8DFA46A-39F7-4368-810D-18AFCFDDAEAF}" = Adobe Shockwave Player
"{DCCAD079-F92C-44DA-B258-624FC6517A5A}" = HP MediaSmart DVD
"{DED53B0B-B67C-4244-AE6A-D6FD3C28D1EF}" = Ad-Aware
"{E0A4805D-280A-4DD7-9E74-3A5F85E302A1}" = Windows Live Writer
"{E2DFE069-083E-4631-9B6C-43C48E991DE5}" = Junk Mail filter update
"{E38C00D0-A68B-4318-A8A6-F7D4B5B1DF0E}" = Windows Media Encoder 9 Series
"{E3A5A8AB-58F6-45FF-AFCB-C9AE18C05001}" = IDT Audio
"{E50AE784-FABE-46DA-A1F8-7B6B56DCB22E}" = Microsoft Office Suite Activation Assistant
"{E553760D-D7F7-48BF-BD8B-C7E23BA04CB5}" = HP MediaSmart Internet TV
"{ED50ECE9-EC54-4C05-B5ED-EE4741A9F2EC}" = Battlefield 2142
"{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}" = Microsoft SQL Server 2005 Compact Edition [ENU]
"{F0E12BBA-AD66-4022-A453-A1C8A0C4D570}" = Microsoft Choice Guard
"{F0FDF9C9-1DDC-401F-B638-36F1CAE8A875}" = VideoStudio
"{F1D7AC58-554A-4A58-B784-B61558B1449A}" = QLBCASL
"{F333A33D-125C-32A2-8DCE-5C5D14231E27}" = Visual C++ 2008 x86 Runtime - (v9.0.30729)
"{F333A33D-125C-32A2-8DCE-5C5D14231E27}.vc_x86runtime_30729_01" = Visual C++ 2008 x86 Runtime - v9.0.30729.01
"{F8FF18EE-264A-43FD-B2F6-5EAD40798C2F}" = Windows Live Essentials
"{FB4BB287-37F9-4E27-9C4D-2D3882E08EFF}" = DVD Menu Pack for HP MediaSmart Video
"Ad-Aware" = Ad-Aware
"Adobe AIR" = Adobe AIR
"Adobe Flash Player ActiveX" = Adobe Flash Player 10 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 10 Plugin
"Avira AntiVir Desktop" = Avira AntiVir Personal - Free Antivirus
"CCleaner" = CCleaner
"Free Audio CD Burner_is1" = Free Audio CD Burner version 1.2
"Free YouTube to MP3 Converter_is1" = Free YouTube to MP3 Converter version 3.2
"HijackThis" = HijackThis 2.0.2
"HOMESTUDENTR" = Microsoft Office Home and Student 2007
"ICQToolbar" = ICQ Toolbar
"InstallShield_{01FB4998-33C4-4431-85ED-079E3EEFE75D}" = HP MediaSmart Webcam
"InstallShield_{1FBF6C24-C1FD-4101-A42B-0C564F9E8E79}" = CyberLink DVD Suite
"InstallShield_{3023EBDA-BF1B-4831-B347-E5018555F26E}" = Movie Theme Pack for HP MediaSmart Video
"InstallShield_{40BF1E83-20EB-11D8-97C5-0009C5020658}" = Power2Go
"InstallShield_{67626E09-5366-4480-8F1E-93FADF50CA15}" = HP MediaSmart Live TV
"InstallShield_{B2EE25B9-5B00-4ACF-94F0-92433C28C39E}" = HP MediaSmart Music/Photo/Video
"InstallShield_{C59C179C-668D-49A9-B6EA-0121CCFC1243}" = LabelPrint
"InstallShield_{CB099890-1D5F-11D5-9EA9-0050BAE317E1}" = PowerDirector
"InstallShield_{DCCAD079-F92C-44DA-B258-624FC6517A5A}" = HP MediaSmart DVD
"InstallShield_{E553760D-D7F7-48BF-BD8B-C7E23BA04CB5}" = HP MediaSmart Internet TV
"InstallShield_{F0FDF9C9-1DDC-401F-B638-36F1CAE8A875}" = Corel VideoStudio 12
"InstallShield_{FB4BB287-37F9-4E27-9C4D-2D3882E08EFF}" = DVD Menu Pack for HP MediaSmart Video
"LastFM_is1" = Last.fm 1.5.4.24567
"Malwarebytes' Anti-Malware_is1" = Malwarebytes' Anti-Malware
"Mozilla Firefox (3.6.3)" = Mozilla Firefox (3.6.3)
"Steam App 10180" = Call of Duty: Modern Warfare 2
"Steam App 10190" = Call of Duty: Modern Warfare 2 - Multiplayer
"Uninstall_is1" = Uninstall 1.0.0.1
"VLC media player" = VLC media player 1.0.5
"Windows Media Encoder 9" = Windows Media Encoder 9 Series
"WinLiveSuite_Wave3" = Windows Live Essentials
========== Last 10 Event Log Errors ==========
[ Application Events ]
Error - 02.04.2010 10:30:41 | Computer Name = ***-PC | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: Continuously busy for more than a second
Error - 02.04.2010 10:30:41 | Computer Name = ***-PC | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: m->NextScheduledEvent 4103
Error - 02.04.2010 10:30:41 | Computer Name = ***-PC | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: m->NextScheduledSPRetry 4103
Error - 02.04.2010 10:31:29 | Computer Name = ***-PC | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: Continuously busy for more than a second
Error - 02.04.2010 10:31:30 | Computer Name = ***-PC | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: m->NextScheduledEvent 51652
Error - 02.04.2010 10:31:30 | Computer Name = ***-PC | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: m->NextScheduledSPRetry 51652
Error - 02.04.2010 11:21:22 | Computer Name = ***-PC | Source = Bonjour Service | ID = 100
Description = 224: ERROR: read_msg errno 10054 (Eine vorhandene Verbindung wurde
vom Remotehost geschlossen.)
Error - 02.04.2010 11:21:22 | Computer Name = ***-PC | Source = Bonjour Service | ID = 100
Description = 228: ERROR: read_msg errno 10054 (Eine vorhandene Verbindung wurde
vom Remotehost geschlossen.)
Error - 02.04.2010 11:21:22 | Computer Name = ***-PC | Source = Bonjour Service | ID = 100
Description = 492: ERROR: read_msg errno 10054 (Eine vorhandene Verbindung wurde
vom Remotehost geschlossen.)
Error - 02.04.2010 11:21:22 | Computer Name = ***-PC | Source = Bonjour Service | ID = 100
Description = 508: ERROR: read_msg errno 10054 (Eine vorhandene Verbindung wurde
vom Remotehost geschlossen.)
[ Hewlett-Packard Events ]
Error - 15.04.2010 11:45:48 | Computer Name = ***-PC | Source = Hewlett-Packard | ID = 0
Description = de-DE Die Datei "C:\Program Files (x86)\Hewlett-Packard\HP Support
Framework\Logs\SystemInfoAA.xml" konnte nicht gefunden werden. mscorlib bei System.IO.__Error.WinIOError(Int32
errorCode, String maybeFullPath) bei System.IO.FileStream.Init(String path, FileMode
mode, FileAccess access, Int32 rights, Boolean useRights, FileShare share, Int32
bufferSize, FileOptions options, SECURITY_ATTRIBUTES secAttrs, String msgPath,
Boolean bFromProxy) bei System.IO.FileStream..ctor(String path, FileMode mode,
FileAccess access, FileShare share, Int32 bufferSize, FileOptions options, String
msgPath, Boolean bFromProxy) bei System.IO.FileStream..ctor(String path, FileMode
mode, FileAccess access, FileShare share, Int32 bufferSize, FileOptions options)
bei System.IO.StreamReader..ctor(String path, Encoding encoding, Boolean detectEncodingFromByteOrderMarks,
Int32 bufferSize) bei System.IO.StreamReader..ctor(String path, Encoding encoding)
bei System.IO.File.ReadAllText(String path, Encoding encoding) bei n.a(Object
A_0, EventArgs A_1)
[ System Events ]
Error - 02.04.2010 10:31:28 | Computer Name = Martin-PC | Source = Service Control Manager | ID = 7011
Description = Das Zeitlimit (30000 ms) wurde beim Warten auf eine Transaktionsrückmeldung
von Dienst Netman erreicht.
Error - 03.04.2010 10:30:49 | Computer Name = Martin-PC | Source = Service Control Manager | ID = 7011
Description = Das Zeitlimit (30000 ms) wurde beim Warten auf eine Transaktionsrückmeldung
von Dienst ShellHWDetection erreicht.
Error - 03.04.2010 12:40:37 | Computer Name = ***-PC | Source = Service Control Manager | ID = 7009
Description = Das Zeitlimit (30000 ms) wurde beim Verbindungsversuch mit dem Dienst
Steam Client Service erreicht.
Error - 03.04.2010 12:40:37 | Computer Name = ***-PC | Source = Service Control Manager | ID = 7000
Description = Der Dienst "Steam Client Service" wurde aufgrund folgenden Fehlers
nicht gestartet: %%1053
Error - 03.04.2010 21:27:42 | Computer Name = ***-PC | Source = Service Control Manager | ID = 7023
Description = Der Dienst "Windows-Zeitgeber" wurde mit folgendem Fehler beendet:
%%1115
Error - 04.04.2010 08:00:12 | Computer Name = ***-PC | Source = Ntfs | ID = 262199
Description = Die Dateisystemstruktur auf dem Datenträger ist beschädigt und unbrauchbar.
Führen
Sie auf dem Volume "OS" den Befehl "chkdsk" aus.
Error - 04.04.2010 08:26:17 | Computer Name = ***-PC | Source = Ntfs | ID = 262199
Description = Die Dateisystemstruktur auf dem Datenträger ist beschädigt und unbrauchbar.
Führen
Sie auf dem Volume "OS" den Befehl "chkdsk" aus.
Error - 04.04.2010 12:19:59 | Computer Name = ***-PC | Source = Ntfs | ID = 262199
Description = Die Dateisystemstruktur auf dem Datenträger ist beschädigt und unbrauchbar.
Führen
Sie auf dem Volume "OS" den Befehl "chkdsk" aus.
Error - 06.04.2010 10:22:30 | Computer Name = ***-PC | Source = Ntfs | ID = 262199
Description = Die Dateisystemstruktur auf dem Datenträger ist beschädigt und unbrauchbar.
Führen
Sie auf dem Volume "OS" den Befehl "chkdsk" aus.
Error - 07.04.2010 14:58:14 | Computer Name = ***-PC | Source = Service Control Manager | ID = 7030
Description = Der Dienst "Lavasoft Ad-Aware Service" ist als interaktiver Dienst
gekennzeichnet. Das System wurde jedoch so konfiguriert, dass interaktive Dienste
nicht möglich sind. Der Dienst wird möglicherweise nicht richtig funktionieren.
< End of report >
|
|
15.04.2010, 18:40
| #8 |
| /// Winkelfunktion /// TB-Süch-Tiger™ | "YOUR PROTECTION" und "TDSS" volkommen gelöscht? Öffnet sich gar kein Log bei OSAM? Isses vllt im OSAM Ordner, den Du beim Entpacken angelegt hast? Starte OTL und kopiere folgenden Text in die "Custom Scan/Fixes" Box (unten in OTL): (das ":OTL" muss mitkopiert werden!!!) Code:
ATTFilter :OTL
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://g.uk.msn.com/HPNOT/4
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://start.icq.com/
IE - HKCU\..\URLSearchHook: - Reg Error: Key error. File not found
IE - HKCU\..\URLSearchHook: {855F3B16-6D32-4fe6-8A56-BBB695989046} - C:\Program Files (x86)\ICQ6Toolbar\ICQToolBar.dll (ICQ)
O4 - HKLM..\Run: [] File not found
O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - CLSID or File not found.
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - CLSID or File not found.
O34 - HKLM BootExecute: (autocheck autochk *) - File not found
O34 - HKLM BootExecute: (lsdelete) - File not found
:Commands
[emptytemp]
[resethosts]
Das Logfile müsste geöffnet werden, wenn Du nach dem Fixen auf ok klickst, poste das bitte.
__________________ Logfiles bitte immer in CODE-Tags posten |
|
15.04.2010, 19:37
| #9 |
| | "YOUR PROTECTION" und "TDSS" volkommen gelöscht? Die Dateien wurden einfach nur auf den Desktop kopiert nicht in einem Ordner "OSAM". Hab sie in einen Ordner kopiert macht ja denk ich mal keinen Unterschied. Ich bekomme am Ende des Scans lediglich eine file list zu sehen aber keine Log-Datei es ist auch keine gespeichert worden. Was mir wohl auffällt ist das kurz nach dem klicken des letzten "Next-Button" öffnet sich ein kleines Fenster was sich direkt wieder schließt kann in der kurzen Zeit auch nicht sehen was es sein könnte. Vllt. ne Idee oder evtl. ein anderes Programm das ich benutzen könnte? OTL Log nach fix: Code:
ATTFilter All processes killed
========== OTL ==========
HKCU\SOFTWARE\Microsoft\Internet Explorer\Main\\Default_Page_URL| /E : value set successfully!
HKCU\SOFTWARE\Microsoft\Internet Explorer\Main\\Start Page| /E : value set successfully!
Registry value HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\URLSearchHooks\\ deleted successfully.
Registry value HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\URLSearchHooks\\{855F3B16-6D32-4fe6-8A56-BBB695989046} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{855F3B16-6D32-4fe6-8A56-BBB695989046}\ deleted successfully.
C:\Program Files (x86)\ICQ6Toolbar\ICQToolBar.dll moved successfully.
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\\ deleted successfully.
Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad\\WebCheck deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{E6FB5E20-DE35-11CF-9C87-00AA005127ED}\ not found.
Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad\\WebCheck not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{E6FB5E20-DE35-11CF-9C87-00AA005127ED}\ not found.
Registry value HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Session manager\\BootExecute:autocheck autochk * deleted successfully.
Registry value HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Session manager\\BootExecute:lsdelete deleted successfully.
========== COMMANDS ==========
[EMPTYTEMP]
User: All Users
User: Default
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 33170 bytes
User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
User: ***
->Temp folder emptied: 1538843718 bytes
->Temporary Internet Files folder emptied: 4794626 bytes
->Java cache emptied: 12145015 bytes
->FireFox cache emptied: 103221276 bytes
->Flash cache emptied: 4525 bytes
User: Public
%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 0 bytes
%systemroot%\System32 .tmp files removed: 0 bytes
%systemroot%\System32 (64bit) .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 15922 bytes
%systemroot%\sysnative\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files folder emptied: 50300 bytes
RecycleBin emptied: 0 bytes
Total Files Cleaned = 1.582,00 mb
C:\Windows\System32\drivers\etc\Hosts moved successfully.
HOSTS file reset successfully
OTL by OldTimer - Version 3.2.1.1 log created on 04152010_201248
Files\Folders moved on Reboot...
C:\Users\***\AppData\Local\Temp\FXSAPIDebugLogFile.txt moved successfully.
Registry entries deleted on Reboot...
Gruß, Martinius Geändert von Martinius (15.04.2010 um 19:46 Uhr) |
|
15.04.2010, 19:45
| #10 | |
| /// Winkelfunktion /// TB-Süch-Tiger™ | "YOUR PROTECTION" und "TDSS" volkommen gelöscht?Zitat:
__________________ Logfiles bitte immer in CODE-Tags posten |
|
15.04.2010, 20:09
| #11 | |
| | "YOUR PROTECTION" und "TDSS" volkommen gelöscht?Zitat:
Das Problem ist das sich kein Fenster öffnet indem ich dem Programm sagen kann mit welchem Namen, wo und als was ich es speichern möchte. |
|
19.04.2010, 16:26
| #12 |
| | "YOUR PROTECTION" und "TDSS" volkommen gelöscht? Kann das sein das OSAM ne Macke hat? Ich habs mal im Kompatibiltäts-Modus gestartet allerdings blieb auch hier der Erfolg aus. Auch ein erneutes herunterladen der Datei brachte nichts. Auf der seite von Online Solution gibt es noch eine andere Version "Installation Package" aber auch hier wieder nichts. Mhhh.... Gruß, Martinius |
|
19.04.2010, 20:17
| #13 |
| /// Winkelfunktion /// TB-Süch-Tiger™ | "YOUR PROTECTION" und "TDSS" volkommen gelöscht? OSAM läuft eigentlich ganz gut. Aber mir fehlt ein wenig die Erfahrung mit den Eigenheiten von so manchem 64-Bit-Windows  vieles von "unseren" Spezialtools läuft da nämlich einfach nicht So kann Ich Dir nur noch Kontrollscans mit SUPERAntiSpyware und Malwarebytes vorschlagen. Beide Tools müssen wieder vorher aktualisiert werden. Und mit beiden einen Vollscan starten.
__________________ Logfiles bitte immer in CODE-Tags posten |
|
21.04.2010, 18:04
| #14 |
| | "YOUR PROTECTION" und "TDSS" volkommen gelöscht? Naja, muss ich dann wohl so hinnehmen. SASW und Malwarebytes fanden keine Schädlinge mehr . Logfiles sind dann denk ich mal überflüssig.Damit kann ich zufrieden sein! Danke für deine Hilfe  Gruß, Martinius |
|
| Themen zu "YOUR PROTECTION" und "TDSS" volkommen gelöscht? |
| ad-aware, adfarm, adobe, antivir, antivirus, avira, awareness, benachrichtigungsdienst, bonjour, c:\windows\system32\services.exe, conhost.exe, cpu, desktop, disabletaskmgr, dwm.exe, enfernen, entfernen, error, frage, gruppe, jusched.exe, kaspersky, launch, local\temp, logfile, malwarebytes' anti-malware, microsoft, neue version, nicht installiert, nvidia, programdata, required, rkill.com, scan, sched.exe, seaport.exe, services.exe, software, start menu, svchost.exe, syswow64, taskhost.exe, temp, updates, windows, winlogon.exe, wmp |
Linear-Darstellung
