| |
| |||||||
Plagegeister aller Art und deren Bekämpfung: Virus Alureon.H entdeckt durch Microsoft Essentials; wieder da nach NeustartWindows 7 Wenn Du nicht sicher bist, ob Du dir Malware oder Trojaner eingefangen hast, erstelle hier ein Thema. Ein Experte wird sich mit weiteren Anweisungen melden und Dir helfen die Malware zu entfernen oder Unerwünschte Software zu deinstallieren bzw. zu löschen. Bitte schildere dein Problem so genau wie möglich. Sollte es ein Trojaner oder Viren Problem sein wird ein Experte Dir bei der Beseitigug der Infektion helfen. |
 |
06.05.2010, 21:35
| #1 |
| |  Virus Alureon.H entdeckt durch Microsoft Essentials; wieder da nach Neustart Hallo, ich kann seit Tagen Microsoft Essentials nicht mehr updaten. Nach einem manuellen Update wurde der Virus Alureon.H gefunden und desinfiziert. Nach dem Neustart wird er aber wieder gefunden. Was kann ich tun? Danke |
|
07.05.2010, 23:32
| #2 |
| /// Winkelfunktion /// TB-Süch-Tiger™   | Virus Alureon.H entdeckt durch Microsoft Essentials; wieder da nach Neustart Hallo und
__________________ bitte nen Vollscan mit Malwarebytes machen und Log posten. Danach OTL: Systemscan mit OTL Lade Dir bitte OTL von Oldtimer herunter und speichere es auf Deinem Desktop
__________________ |
|
08.05.2010, 19:50
| #3 |
| | Virus Alureon.H entdeckt durch Microsoft Essentials; wieder da nach Neustart Hallo, danke für die Hilfe.
__________________Hier erstmal der Log von Malwarebytes! Datenbank Version: 4063 Windows 6.1.7600 Internet Explorer 8.0.7600.16385 08.05.2010 20:46:48 mbam-log-2010-05-08 (20-46-48).txt Art des Suchlaufs: Vollständiger Suchlauf (C:\|G:\|J:\|) Durchsuchte Objekte: 383231 Laufzeit: 1 Stunde(n), 57 Minute(n), 49 Sekunde(n) Infizierte Speicherprozesse: 0 Infizierte Speichermodule: 0 Infizierte Registrierungsschlüssel: 1 Infizierte Registrierungswerte: 0 Infizierte Dateiobjekte der Registrierung: 0 Infizierte Verzeichnisse: 0 Infizierte Dateien: 0 Infizierte Speicherprozesse: (Keine bösartigen Objekte gefunden) Infizierte Speichermodule: (Keine bösartigen Objekte gefunden) Infizierte Registrierungsschlüssel: HKEY_LOCAL_MACHINE\SOFTWARE\QUAD Registry Cleaner v2 (Adware.QUADRegClean) -> No action taken. Infizierte Registrierungswerte: (Keine bösartigen Objekte gefunden) Infizierte Dateiobjekte der Registrierung: (Keine bösartigen Objekte gefunden) Infizierte Verzeichnisse: (Keine bösartigen Objekte gefunden) Infizierte Dateien: (Keine bösartigen Objekte gefunden) |
|
08.05.2010, 20:13
| #4 |
| | Virus Alureon.H entdeckt durch Microsoft Essentials; wieder da nach Neustart Der Virus wird nicht mehr gefunden und Security essentials. Vielleicht hab ich ihn doch entfernen können! Hier die Log-Datei von OTL: OTL logfile created on: 08.05.2010 20:53:50 - Run 1 OTL by OldTimer - Version 3.2.4.1 Folder = C:\Users\genzly\Desktop Ultimate Edition (Version = 6.1.7600) - Type = NTWorkstation Internet Explorer (Version = 8.0.7600.16385) Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy 2,00 Gb Total Physical Memory | 0,00 Gb Available Physical Memory | 27,00% Memory free 4,00 Gb Paging File | 2,00 Gb Available in Paging File | 49,00% Paging File free Paging file location(s): ?:\pagefile.sys [binary data] %SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files Drive C: | 148,95 Gb Total Space | 101,31 Gb Free Space | 68,02% Space Free | Partition Type: NTFS D: Drive not present or media not loaded E: Drive not present or media not loaded F: Drive not present or media not loaded Drive G: | 372,61 Gb Total Space | 164,58 Gb Free Space | 44,17% Space Free | Partition Type: NTFS H: Drive not present or media not loaded I: Drive not present or media not loaded Drive J: | 931,51 Gb Total Space | 859,73 Gb Free Space | 92,29% Space Free | Partition Type: NTFS Computer Name: GENZLY-PC Current User Name: genzly Logged in as Administrator. Current Boot Mode: Normal Scan Mode: Current user Company Name Whitelist: Off Skip Microsoft Files: Off File Age = 30 Days Output = Minimal ========== Processes (SafeList) ========== PRC - C:\Users\genzly\Desktop\OTL.exe (OldTimer Tools) PRC - C:\Programme\QUAD Utilities\QUAD Registry Cleaner\QUAD Registry Cleaner.exe (Interactive Brands Inc.) PRC - C:\Programme\Malwarebytes' Anti-Malware\mbam.exe (Malwarebytes Corporation) PRC - C:\Programme\Opera\opera.exe (Opera Software) PRC - C:\Programme\Uniblue\RegistryBooster\registrybooster.exe (Uniblue Systems Limited) PRC - C:\Programme\StarMoney 7.0\ouservice\StarMoneyOnlineUpdate.exe (Star Finanz - Software Entwicklung und Vertriebs GmbH) PRC - C:\Programme\Mozilla Firefox\firefox.exe (Mozilla Corporation) PRC - C:\Programme\TuneUp Utilities 2010\TuneUpUtilitiesApp32.exe (TuneUp Software) PRC - C:\Programme\TuneUp Utilities 2010\TuneUpUtilitiesService32.exe (TuneUp Software) PRC - C:\Programme\Mozilla Thunderbird\thunderbird.exe (Mozilla Messaging) PRC - C:\Programme\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe (Apple Inc.) PRC - C:\Programme\TeamViewer\Version5\TeamViewer_Service.exe (TeamViewer GmbH) PRC - C:\Programme\Unlocker\UnlockerAssistant.exe () PRC - C:\Programme\Microsoft Security Essentials\msseces.exe (Microsoft Corporation) PRC - C:\Programme\Andasa\AdiCash.exe (Andasa GmbH) PRC - c:\Programme\Microsoft Security Essentials\MsMpEng.exe (Microsoft Corporation) PRC - C:\Programme\BoD easyPrint\BoDeasyPrint.exe (Books on Demand) PRC - C:\Programme\BoD easyPrint\BoDeasyPrint_Monitor.exe (Books on Demand) PRC - C:\Windows\explorer.exe (Microsoft Corporation) PRC - C:\Programme\Common Files\Acronis\CDP\afcdpsrv.exe (Acronis) PRC - C:\Programme\Common Files\ABBYY\FineReader\10.00\Licensing\PE\NetworkLicenseServer.exe (ABBYY) PRC - C:\Programme\Panda Security\Panda Global Protection 2010\ApVxdWin.exe (Panda Security, S.L.) PRC - C:\Programme\Common Files\Nero\Nero BackItUp 4\NBService.exe (Nero AG) PRC - C:\Programme\Panda Security\Panda Global Protection 2010\pavsrvx86.exe (Panda Security, S.L.) PRC - C:\Programme\Common Files\Acronis\Schedule2\schedhlp.exe (Acronis) PRC - C:\Programme\Common Files\Acronis\Schedule2\schedul2.exe (Acronis) PRC - C:\Programme\Acronis\TrueImageHome\TrueImageMonitor.exe (Acronis) PRC - C:\Programme\Common Files\Protexis\License Service\PsiService_2.exe (Protexis Inc.) PRC - C:\Programme\Panda Security\Panda Global Protection 2010\AVENGINE.EXE (Panda Security, S.L.) PRC - C:\Programme\CDBurnerXP\NMSAccessU.exe () PRC - C:\Programme\Panda Security\Panda Global Protection 2010\psksvc.exe (Panda Security, S.L.) PRC - C:\Programme\Secunia\PSI\psi.exe (Secunia) PRC - C:\Programme\Panda Security\Panda Global Protection 2010\PsCtrlS.exe (Panda Security, S.L.) PRC - C:\Programme\Panda Security\Panda Global Protection 2010\PavFnSvr.exe (Panda Security, S.L.) PRC - C:\Programme\Panda Security\Panda Global Protection 2010\PavBckPT.exe (Panda Security, S.L.) PRC - C:\Windows\System32\brss01a.exe (brother Industries Ltd) PRC - C:\Programme\Windows Media Player\wmpnetwk.exe (Microsoft Corporation) PRC - C:\Windows\System32\taskhost.exe (Microsoft Corporation) PRC - C:\Programme\Windows Sidebar\sidebar.exe (Microsoft Corporation) PRC - C:\Programme\Brother\Brmfcmon\BrMfcWnd.exe (Brother Industries, Ltd.) PRC - C:\Programme\Panda Security\Panda Global Protection 2010\WebProxy.exe (Panda Security, S.L.) PRC - C:\Programme\Panda Security\Panda Global Protection 2010\TPSrv.exe (Panda Security, S.L.) PRC - c:\Programme\Panda Security\Panda Global Protection 2010\FIREWALL\PSHost.exe (Panda Security International) PRC - C:\Programme\Brother\Brmfcmon\BrMfcMon.exe (Brother Industries, Ltd.) PRC - C:\Programme\Brother\ControlCenter3\BrccMCtl.exe (Brother Industries, Ltd.) PRC - C:\Programme\Panda Security\Panda Global Protection 2010\SrvLoad.exe (Panda Security, S.L.) PRC - C:\Programme\Panda Security\Panda Global Protection 2010\PsImSvc.exe (Panda Security S.L.) PRC - C:\Programme\Panda Security\Panda Global Protection 2010\avciman.exe (Panda Security S.L.) PRC - C:\Programme\Common Files\Panda Security\PavShld\PavPrSrv.exe (Panda Security, S.L.) PRC - C:\Windows\PixArt\Pac207\Monitor.exe (PixArt Imaging Incorporation) PRC - C:\Windows\System32\brsvc01a.exe (brother Industries Ltd) ========== Modules (SafeList) ========== MOD - C:\Users\genzly\Desktop\OTL.exe (OldTimer Tools) MOD - C:\Programme\Panda Security\Panda Global Protection 2010\PavOEpl.dll (Panda Security, S.L.) MOD - C:\Windows\System32\sspicli.dll (Microsoft Corporation) MOD - C:\Windows\System32\sechost.dll (Microsoft Corporation) MOD - C:\Windows\System32\samcli.dll (Microsoft Corporation) MOD - C:\Windows\System32\profapi.dll (Microsoft Corporation) MOD - C:\Windows\System32\netutils.dll (Microsoft Corporation) MOD - C:\Windows\System32\KernelBase.dll (Microsoft Corporation) MOD - C:\Windows\System32\dwmapi.dll (Microsoft Corporation) MOD - C:\Windows\System32\devobj.dll (Microsoft Corporation) MOD - C:\Windows\System32\cryptbase.dll (Microsoft Corporation) MOD - C:\Windows\System32\cfgmgr32.dll (Microsoft Corporation) MOD - C:\Windows\System32\msscript.ocx (Microsoft Corporation) MOD - C:\Windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7600.16385_none_421189da2b7fabfc\comctl32.dll (Microsoft Corporation) MOD - C:\Windows\System32\PavSHook.dll (Panda Security, S.L.) MOD - C:\Windows\System32\msvcp71.dll (Microsoft Corporation) MOD - C:\Windows\System32\msvcr71.dll (Microsoft Corporation) MOD - C:\Windows\System32\SYSTOOLS.DLL (Panda Software) ========== Win32 Services (SafeList) ========== SRV - (Ati External Event Utility) -- File not found SRV - (Akamai) -- c:\Programme\Common Files\Akamai\rswin_3697.dll () SRV - (StarMoney 7.0 OnlineUpdate) -- C:\Programme\StarMoney 7.0\ouservice\StarMoneyOnlineUpdate.exe (Star Finanz - Software Entwicklung und Vertriebs GmbH) SRV - (TuneUp.Defrag) -- C:\Programme\TuneUp Utilities 2010\TuneUpDefragService.exe (TuneUp Software) SRV - (TuneUp.UtilitiesSvc) -- C:\Program Files\TuneUp Utilities 2010\TuneUpUtilitiesService32.exe (TuneUp Software) SRV - (UxTuneUp) -- C:\Windows\System32\uxtuneup.dll (TuneUp Software) SRV - (Apple Mobile Device) -- C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe (Apple Inc.) SRV - (TeamViewer5) -- C:\Program Files\TeamViewer\Version5\TeamViewer_Service.exe (TeamViewer GmbH) SRV - (MsMpSvc) -- c:\Program Files\Microsoft Security Essentials\MsMpEng.exe (Microsoft Corporation) SRV - (afcdpsrv) -- C:\Programme\Common Files\Acronis\CDP\afcdpsrv.exe (Acronis) SRV - (ABBYY.Licensing.FineReader.Professional.10.0) -- C:\Program Files\Common Files\ABBYY\FineReader\10.00\Licensing\PE\NetworkLicenseServer.exe (ABBYY) SRV - (osppsvc) -- C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE (Microsoft Corporation) SRV - (Nero BackItUp Scheduler 4.0) -- C:\Programme\Common Files\Nero\Nero BackItUp 4\NBService.exe (Nero AG) SRV - (PAVSRV) -- C:\Program Files\Panda Security\Panda Global Protection 2010\pavsrvx86.exe (Panda Security, S.L.) SRV - (AcrSch2Svc) -- C:\Program Files\Common Files\Acronis\Schedule2\schedul2.exe (Acronis) SRV - (PSI_SVC_2) -- C:\Program Files\Common Files\Protexis\License Service\PsiService_2.exe (Protexis Inc.) SRV - (NMSAccessU) -- C:\Programme\CDBurnerXP\NMSAccessU.exe () SRV - (PskSvcRetail) -- C:\Program Files\Panda Security\Panda Global Protection 2010\PskSvc.exe (Panda Security, S.L.) SRV - (Panda Software Controller) -- C:\Program Files\Panda Security\Panda Global Protection 2010\PsCtrls.exe (Panda Security, S.L.) SRV - (PAVFNSVR) -- C:\Program Files\Panda Security\Panda Global Protection 2010\PavFnSvr.exe (Panda Security, S.L.) SRV - (WwanSvc) -- C:\Windows\System32\wwansvc.dll (Microsoft Corporation) SRV - (WbioSrvc) -- C:\Windows\System32\wbiosrvc.dll (Microsoft Corporation) SRV - (Power) -- C:\Windows\System32\umpo.dll (Microsoft Corporation) SRV - (Themes) -- C:\Windows\System32\themeservice.dll (Microsoft Corporation) SRV - (sppuinotify) -- C:\Windows\System32\sppuinotify.dll (Microsoft Corporation) SRV - (RpcEptMapper) -- C:\Windows\System32\RpcEpMap.dll (Microsoft Corporation) SRV - (SensrSvc) -- C:\Windows\System32\sensrsvc.dll (Microsoft Corporation) SRV - (PeerDistSvc) -- C:\Windows\System32\PeerDistSvc.dll (Microsoft Corporation) SRV - (PNRPsvc) -- C:\Windows\System32\pnrpsvc.dll (Microsoft Corporation) SRV - (p2pimsvc) -- C:\Windows\System32\pnrpsvc.dll (Microsoft Corporation) SRV - (HomeGroupProvider) -- C:\Windows\System32\provsvc.dll (Microsoft Corporation) SRV - (PNRPAutoReg) -- C:\Windows\System32\pnrpauto.dll (Microsoft Corporation) SRV - (WinDefend) -- C:\Programme\Windows Defender\MpSvc.dll (Microsoft Corporation) SRV - (HomeGroupListener) -- C:\Windows\System32\ListSvc.dll (Microsoft Corporation) SRV - (FontCache) -- C:\Windows\System32\FntCache.dll (Microsoft Corporation) SRV - (Dhcp) -- C:\Windows\System32\dhcpcore.dll (Microsoft Corporation) SRV - (defragsvc) -- C:\Windows\System32\defragsvc.dll (Microsoft Corporation) SRV - (BDESVC) -- C:\Windows\System32\bdesvc.dll (Microsoft Corporation) SRV - (AxInstSV) ActiveX-Installer (AxInstSV) -- C:\Windows\System32\AxInstSv.dll (Microsoft Corporation) SRV - (AppIDSvc) -- C:\Windows\System32\appidsvc.dll (Microsoft Corporation) SRV - (sppsvc) -- C:\Windows\System32\sppsvc.exe (Microsoft Corporation) SRV - (TPSrv) -- C:\Program Files\Panda Security\Panda Global Protection 2010\TPSrv.exe (Panda Security, S.L.) SRV - (PSHost) -- c:\program files\panda security\panda global protection 2010\firewall\PSHOST.EXE (Panda Security International) SRV - (Gwmsrv) -- C:\Programme\Panda Security\Panda Global Protection 2010\GWMsrv.dll (Panda Security, S.L.) SRV - (PSIMSVC) -- C:\Program Files\Panda Security\Panda Global Protection 2010\PsImSvc.exe (Panda Security S.L.) SRV - (PavPrSrv) -- C:\Program Files\Common Files\Panda Security\PavShld\pavprsrv.exe (Panda Security, S.L.) SRV - (Brother XP spl Service) -- C:\Windows\System32\brsvc01a.exe (brother Industries Ltd) ========== Driver Services (SafeList) ========== DRV - (PavTPK.sys) -- File not found DRV - (PavSRK.sys) -- File not found DRV - (AvFlt) -- File not found DRV - (CSC) -- C:\Windows\System32\drivers\csc.sys () DRV - (ComFiltr) -- C:\Windows\System32\drivers\COMFiltr.sys () DRV - (MBAMSwissArmy) -- C:\Windows\System32\drivers\mbamswissarmy.sys (Malwarebytes Corporation) DRV - (AnyDVD) -- C:\Windows\System32\drivers\AnyDVD.sys (SlySoft, Inc.) DRV - (ElbyCDIO) -- C:\Windows\System32\drivers\ElbyCDIO.sys (Elaborate Bytes AG) DRV - (KSecPkg) -- C:\Windows\System32\Drivers\ksecpkg.sys (Microsoft Corporation) DRV - (MpFilter) -- C:\Windows\System32\drivers\MpFilter.sys (Microsoft Corporation) DRV - (MpNWMon) -- C:\Windows\System32\drivers\MpNWMon.sys (Microsoft Corporation) DRV - (NinjaUSB) -- C:\Windows\System32\drivers\NinjaUSB.sys () DRV - (StarOpen) -- C:\Windows\System32\drivers\StarOpen.sys () DRV - (sptd) -- C:\Windows\System32\drivers\sptd.sys (Duplex Secure Ltd.) DRV - (afcdp) -- C:\Windows\System32\drivers\afcdp.sys (Acronis) DRV - (tdrpman251) Acronis Try&Decide and Restore Points filter (build 251) -- C:\Windows\system32\DRIVERS\tdrpm251.sys (Acronis) DRV - (timounter) -- C:\Windows\system32\DRIVERS\timntr.sys (Acronis) DRV - (snapman) -- C:\Windows\system32\DRIVERS\snapman.sys (Acronis) DRV - (TuneUpUtilitiesDrv) -- C:\Programme\TuneUp Utilities 2010\TuneUpUtilitiesDriver32.sys (TuneUp Software) DRV - (AtcL001) -- C:\Windows\System32\drivers\l160x86.sys (Atheros Communications, Inc.) DRV - (NETIMFLT01060039) -- C:\Windows\System32\drivers\neti1639.sys (Panda Security, S.L.) DRV - (AmFSM) -- C:\Windows\System32\drivers\amm8660.sys (Panda Security, S.L.) DRV - (vpcvmm) -- C:\Windows\System32\drivers\vpcvmm.sys (Microsoft Corporation) DRV - (vpcnfltr) -- C:\Windows\System32\drivers\vpcnfltr.sys (Microsoft Corporation) DRV - (vpcusb) -- C:\Windows\System32\drivers\vpcusb.sys (Microsoft Corporation) DRV - (vpcbus) -- C:\Windows\System32\drivers\vpchbus.sys (Microsoft Corporation) DRV - (cmdide) -- C:\Windows\system32\DRIVERS\cmdide.sys (CMD Technology, Inc.) DRV - (adpahci) -- C:\Windows\system32\DRIVERS\adpahci.sys (Adaptec, Inc.) DRV - (adp94xx) -- C:\Windows\system32\DRIVERS\adp94xx.sys (Adaptec, Inc.) DRV - (amdsbs) -- C:\Windows\system32\DRIVERS\amdsbs.sys (AMD Technologies Inc.) DRV - (adpu320) -- C:\Windows\system32\DRIVERS\adpu320.sys (Adaptec, Inc.) DRV - (arcsas) -- C:\Windows\system32\DRIVERS\arcsas.sys (Adaptec, Inc.) DRV - (amdsata) -- C:\Windows\system32\DRIVERS\amdsata.sys (Advanced Micro Devices) DRV - (arc) -- C:\Windows\system32\DRIVERS\arc.sys (Adaptec, Inc.) DRV - (amdxata) -- C:\Windows\system32\DRIVERS\amdxata.sys (Advanced Micro Devices) DRV - (aliide) -- C:\Windows\system32\DRIVERS\aliide.sys (Acer Laboratories Inc.) DRV - (nvstor) -- C:\Windows\system32\DRIVERS\nvstor.sys (NVIDIA Corporation) DRV - (nvraid) -- C:\Windows\system32\DRIVERS\nvraid.sys (NVIDIA Corporation) DRV - (nfrd960) -- C:\Windows\system32\DRIVERS\nfrd960.sys (IBM Corporation) DRV - (LSI_SAS) -- C:\Windows\system32\DRIVERS\lsi_sas.sys (LSI Corporation) DRV - (iaStorV) -- C:\Windows\system32\DRIVERS\iaStorV.sys (Intel Corporation) DRV - (MegaSR) -- C:\Windows\system32\DRIVERS\MegaSR.sys (LSI Corporation, Inc.) DRV - (LSI_SCSI) -- C:\Windows\system32\DRIVERS\lsi_scsi.sys (LSI Corporation) DRV - (LSI_FC) -- C:\Windows\system32\DRIVERS\lsi_fc.sys (LSI Corporation) DRV - (LSI_SAS2) -- C:\Windows\system32\DRIVERS\lsi_sas2.sys (LSI Corporation) DRV - (iirsp) -- C:\Windows\system32\DRIVERS\iirsp.sys (Intel Corp./ICP vortex GmbH) DRV - (megasas) -- C:\Windows\system32\DRIVERS\megasas.sys (LSI Corporation) DRV - (hwpolicy) -- C:\Windows\System32\drivers\hwpolicy.sys (Microsoft Corporation) DRV - (elxstor) -- C:\Windows\system32\DRIVERS\elxstor.sys (Emulex) DRV - (aic78xx) -- C:\Windows\system32\DRIVERS\djsvs.sys (Adaptec, Inc.) DRV - (HpSAMD) -- C:\Windows\system32\DRIVERS\HpSAMD.sys (Hewlett-Packard Company) DRV - (FsDepends) -- C:\Windows\System32\drivers\fsdepends.sys (Microsoft Corporation) DRV - (vsmraid) -- C:\Windows\system32\DRIVERS\vsmraid.sys (VIA Technologies Inc.,Ltd) DRV - (vmbus) -- C:\Windows\system32\DRIVERS\vmbus.sys (Microsoft Corporation) DRV - (vhdmp) -- C:\Windows\system32\DRIVERS\vhdmp.sys (Microsoft Corporation) DRV - (storflt) -- C:\Windows\system32\DRIVERS\vmstorfl.sys (Microsoft Corporation) DRV - (vdrvroot) -- C:\Windows\system32\DRIVERS\vdrvroot.sys (Microsoft Corporation) DRV - (storvsc) -- C:\Windows\system32\DRIVERS\storvsc.sys (Microsoft Corporation) DRV - (WIMMount) -- C:\Windows\System32\drivers\wimmount.sys (Microsoft Corporation) DRV - (viaide) -- C:\Windows\system32\DRIVERS\viaide.sys (VIA Technologies, Inc.) DRV - (ql2300) -- C:\Windows\system32\DRIVERS\ql2300.sys (QLogic Corporation) DRV - (rdyboost) -- C:\Windows\System32\drivers\rdyboost.sys (Microsoft Corporation) DRV - (ql40xx) -- C:\Windows\system32\DRIVERS\ql40xx.sys (QLogic Corporation) DRV - (SiSRaid4) -- C:\Windows\system32\DRIVERS\sisraid4.sys (Silicon Integrated Systems) DRV - (pcw) -- C:\Windows\System32\drivers\pcw.sys (Microsoft Corporation) DRV - (SiSRaid2) -- C:\Windows\system32\DRIVERS\SiSRaid2.sys (Silicon Integrated Systems Corp.) DRV - (stexstor) -- C:\Windows\system32\DRIVERS\stexstor.sys (Promise Technology) DRV - (CNG) -- C:\Windows\System32\Drivers\cng.sys (Microsoft Corporation) DRV - (Brserid) Brother MFC Serial Port Interface Driver (WDM) -- C:\Windows\System32\Drivers\Brserid.sys (Brother Industries Ltd.) DRV - (rdpbus) -- C:\Windows\System32\drivers\rdpbus.sys (Microsoft Corporation) DRV - (RDPREFMP) -- C:\Windows\System32\drivers\RDPREFMP.sys (Microsoft Corporation) DRV - (RasAgileVpn) WAN Miniport (IKEv2) -- C:\Windows\System32\drivers\agilevpn.sys (Microsoft Corporation) DRV - (WfpLwf) -- C:\Windows\System32\drivers\wfplwf.sys (Microsoft Corporation) DRV - (NdisCap) -- C:\Windows\System32\drivers\ndiscap.sys (Microsoft Corporation) DRV - (vwifibus) -- C:\Windows\System32\drivers\vwifibus.sys (Microsoft Corporation) DRV - (1394ohci) -- C:\Windows\system32\DRIVERS\1394ohci.sys (Microsoft Corporation) DRV - (UmPass) -- C:\Windows\system32\DRIVERS\umpass.sys (Microsoft Corporation) DRV - (usbaudio) USB-Audiotreiber (WDM) -- C:\Windows\System32\drivers\USBAUDIO.sys (Microsoft Corporation) DRV - (WinUsb) -- C:\Windows\System32\drivers\winusb.sys (Microsoft Corporation) DRV - (mshidkmdf) -- C:\Windows\System32\drivers\mshidkmdf.sys (Microsoft Corporation) DRV - (MTConfig) -- C:\Windows\system32\DRIVERS\MTConfig.sys (Microsoft Corporation) DRV - (CompositeBus) -- C:\Windows\System32\drivers\CompositeBus.sys (Microsoft Corporation) DRV - (AppID) -- C:\Windows\system32\drivers\appid.sys (Microsoft Corporation) DRV - (scfilter) -- C:\Windows\System32\drivers\scfilter.sys (Microsoft Corporation) DRV - (s3cap) -- C:\Windows\system32\DRIVERS\vms3cap.sys (Microsoft Corporation) DRV - (VMBusHID) -- C:\Windows\system32\DRIVERS\VMBusHID.sys (Microsoft Corporation) DRV - (discache) -- C:\Windows\System32\drivers\discache.sys (Microsoft Corporation) DRV - (HidBatt) -- C:\Windows\system32\DRIVERS\HidBatt.sys (Microsoft Corporation) DRV - (AcpiPmi) -- C:\Windows\system32\DRIVERS\acpipmi.sys (Microsoft Corporation) DRV - (AmdPPM) -- C:\Windows\system32\DRIVERS\amdppm.sys (Microsoft Corporation) DRV - (hcw85cir) -- C:\Windows\system32\drivers\hcw85cir.sys (Hauppauge Computer Works, Inc.) DRV - (BrUsbMdm) -- C:\Windows\System32\Drivers\BrUsbMdm.sys (Brother Industries Ltd.) DRV - (BrUsbSer) -- C:\Windows\System32\Drivers\BrUsbSer.sys (Brother Industries Ltd.) DRV - (BrSerWdm) -- C:\Windows\System32\Drivers\BrSerWdm.sys (Brother Industries Ltd.) DRV - (BrFiltLo) -- C:\Windows\system32\DRIVERS\BrFiltLo.sys (Brother Industries, Ltd.) DRV - (BrFiltUp) -- C:\Windows\system32\DRIVERS\BrFiltUp.sys (Brother Industries, Ltd.) DRV - (atikmdag) -- C:\Windows\System32\drivers\atikmdag.sys (ATI Technologies Inc.) DRV - (b57nd60x) -- C:\Windows\System32\drivers\b57nd60x.sys (Broadcom Corporation) DRV - (ebdrv) -- C:\Windows\system32\DRIVERS\evbdx.sys (Broadcom Corporation) DRV - (b06bdrv) -- C:\Windows\system32\DRIVERS\bxvbdx.sys (Broadcom Corporation) DRV - (PavProc) -- C:\Windows\System32\drivers\PavProc.sys (Panda Security, S.L.) DRV - (pavboot) -- C:\Windows\system32\Drivers\pavboot.sys (Panda Security, S.L.) DRV - (PSI) -- C:\Windows\System32\drivers\psi_mf.sys (Secunia) DRV - (NETFLTDI) -- C:\Windows\System32\drivers\NETFLTDI.SYS (Panda Security, S.L.) DRV - (AtiPcie) AMD PCI Express (3GIO) -- C:\Windows\system32\DRIVERS\AtiPcie.sys (Advanced Micro Devices Inc.) DRV - (usbfilter) -- C:\Windows\System32\drivers\usbfilter.sys (Advanced Micro Devices) DRV - (ShldDrv) -- C:\Windows\System32\drivers\ShlDrv51.sys (Panda Security, S.L.) DRV - (emAudio) -- C:\Windows\System32\drivers\emAudio.sys (eMPIA Technology, Inc.) DRV - (USB28xxOEM) -- C:\Windows\System32\drivers\emOEM.sys (eMPIA Technology, Inc.) DRV - (PAC207) -- C:\Windows\System32\drivers\PFC027.SYS (PixArt Imaging Inc.) DRV - (878BDA) -- C:\Windows\System32\drivers\878BDA.sys (DVB-TV Provide) DRV - (DtvAudio) -- C:\Windows\System32\drivers\DtvAudio.sys (TwinHan Provide) DRV - (DtvVideo) -- C:\Windows\System32\drivers\DtvVideo.sys (TwinHan Provide) ========== Standard Registry (SafeList) ========== ========== Internet Explorer ========== IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.musikkapelle-pfaffenhausen.com/ IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = hxxp://de.msn.com/?ocid=iehp IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = de IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 3C C9 2E 1A DB 9A CA 01 [binary data] IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 ========== FireFox ========== FF - prefs.js..browser.search.defaultenginename: "Search" FF - prefs.js..browser.search.defaulturl: "hxxp://flvdirect.iamwired.net/websearch.php?src=tops&search=" FF - prefs.js..browser.search.selectedEngine: "Google" FF - prefs.js..browser.search.update: false FF - prefs.js..browser.startup.homepage: "hxxp://www.musikkapelle-pfaffenhausen.com/" FF - prefs.js..extensions.enabledItems: {d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}:1.2 FF - prefs.js..extensions.enabledItems: {22119944-ED35-4ab1-910B-E619EA06A115}:6.9.98 FF - prefs.js..extensions.enabledItems: {d49175b3-3fd8-43b8-b28e-da5d47f3c398}:1.0.27 FF - prefs.js..extensions.enabledItems: {b8cbd8e0-e642-11dd-ba2f-0800200c9a66}:1.6 FF - prefs.js..extensions.enabledItems: firefoxhelper@mozilla.org:1.0 FF - prefs.js..extensions.enabledItems: {0b457cAA-602d-484a-8fe7-c1d894a011ba}:0.80 FF - prefs.js..extensions.enabledItems: {9fb7d178-155a-4318-9173-1a8eaaea7fe4}:2.1.8 FF - prefs.js..extensions.enabledItems: {888d99e7-e8b5-46a3-851e-1ec45da1e644}:3.6.3 FF - prefs.js..extensions.enabledItems: sparweltgutscheine@sparwelt.de:1.0 FF - prefs.js..extensions.enabledItems: {4776510a-a1f4-41f3-a3c8-35b474ecef23}:1.0.8 FF - prefs.js..extensions.enabledItems: sammelfreund@webmiles.de:1.12 FF - prefs.js..extensions.enabledItems: {579fcdb8-929b-11dc-8314-0800200c9a66}:1.1.7.0 FF - prefs.js..extensions.enabledItems: firebug@software.joehewitt.com:1.5.4 FF - prefs.js..extensions.enabledItems: beta@linkdiagnosis.com:2.1.43 FF - prefs.js..extensions.enabledItems: {AB2CE124-6272-4b12-94A9-7303C7397BD1}:4.2.0.5198 FF - prefs.js..extensions.enabledItems: {5885ebb3-9cff-5702-c897-ff65099f1049}:4.6.6.6 FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}:6.0.20 FF - prefs.js..keyword.URL: "hxxp://flvdirect.iamwired.net/websearch.php?src=tops&search=" FF - prefs.js..network.proxy.http: "81.189.215.181" FF - prefs.js..network.proxy.http_port: 3127 FF - HKLM\software\mozilla\Firefox\Extensions\\{22119944-ED35-4ab1-910B-E619EA06A115}: C:\Program Files\Siber Systems\AI RoboForm\Firefox [2009.11.16 16:00:05 | 000,000,000 | ---D | M] FF - HKLM\software\mozilla\Mozilla Firefox 3.6.3\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2010.04.02 23:13:09 | 000,000,000 | ---D | M] FF - HKLM\software\mozilla\Mozilla Firefox 3.6.3\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2010.05.04 22:20:33 | 000,000,000 | ---D | M] FF - HKLM\software\mozilla\Mozilla Thunderbird 3.0.4\extensions\\Components: C:\Program Files\Mozilla Thunderbird\components [2010.05.02 22:53:45 | 000,000,000 | ---D | M] FF - HKLM\software\mozilla\Mozilla Thunderbird 3.0.4\extensions\\Plugins: C:\Program Files\Mozilla Thunderbird\plugins [2010.05.04 22:20:32 | 000,000,000 | ---D | M] [2009.12.22 16:15:20 | 000,000,000 | ---D | M] -- C:\Users\genzly\AppData\Roaming\mozilla\Extensions [2009.12.22 16:15:20 | 000,000,000 | ---D | M] (No name found) -- C:\Users\genzly\AppData\Roaming\mozilla\Extensions\{3550f703-e582-4d05-9a08-453d09bdfdc6} [2010.05.08 17:40:19 | 000,000,000 | ---D | M] -- C:\Users\genzly\AppData\Roaming\mozilla\Firefox\Profiles\wdtnl8y3.default\extensions [2010.02.01 16:57:40 | 000,000,000 | ---D | M] (FireShot) -- C:\Users\genzly\AppData\Roaming\mozilla\Firefox\Profiles\wdtnl8y3.default\extensions\{0b457cAA-602d-484a-8fe7-c1d894a011ba} [2010.01.27 23:26:41 | 000,000,000 | ---D | M] (Stealther) -- C:\Users\genzly\AppData\Roaming\mozilla\Firefox\Profiles\wdtnl8y3.default\extensions\{4776510a-a1f4-41f3-a3c8-35b474ecef23} [2010.02.01 15:33:21 | 000,000,000 | ---D | M] (Andasa Toolbar) -- C:\Users\genzly\AppData\Roaming\mozilla\Firefox\Profiles\wdtnl8y3.default\extensions\{579fcdb8-929b-11dc-8314-0800200c9a66} [2010.04.17 14:32:44 | 000,000,000 | ---D | M] (ReloadEvery) -- C:\Users\genzly\AppData\Roaming\mozilla\Firefox\Profiles\wdtnl8y3.default\extensions\{888d99e7-e8b5-46a3-851e-1ec45da1e644} [2010.01.17 23:22:23 | 000,000,000 | ---D | M] (No name found) -- C:\Users\genzly\AppData\Roaming\mozilla\Firefox\Profiles\wdtnl8y3.default\extensions\{9fb7d178-155a-4318-9173-1a8eaaea7fe4} [2010.02.07 21:40:43 | 000,000,000 | ---D | M] (No name found) -- C:\Users\genzly\AppData\Roaming\mozilla\Firefox\Profiles\wdtnl8y3.default\extensions\{b8cbd8e0-e642-11dd-ba2f-0800200c9a66} [2010.05.02 22:53:58 | 000,000,000 | ---D | M] (Adblock Plus) -- C:\Users\genzly\AppData\Roaming\mozilla\Firefox\Profiles\wdtnl8y3.default\extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d} [2010.03.23 00:34:19 | 000,000,000 | ---D | M] (COMPUTERBILD-Abzockschutz) -- C:\Users\genzly\AppData\Roaming\mozilla\Firefox\Profiles\wdtnl8y3.default\extensions\{d49175b3-3fd8-43b8-b28e-da5d47f3c398} [2010.03.10 15:31:07 | 000,000,000 | ---D | M] -- C:\Users\genzly\AppData\Roaming\mozilla\Firefox\Profiles\wdtnl8y3.default\extensions\beta@linkdiagnosis.com [2010.05.08 17:40:16 | 000,000,000 | ---D | M] -- C:\Users\genzly\AppData\Roaming\mozilla\Firefox\Profiles\wdtnl8y3.default\extensions\firebug@software.joehewitt.com [2010.02.07 20:56:12 | 000,000,000 | ---D | M] -- C:\Users\genzly\AppData\Roaming\mozilla\Firefox\Profiles\wdtnl8y3.default\extensions\sammelfreund@webmiles.de [2009.11.29 00:47:59 | 000,000,000 | ---D | M] -- C:\Users\genzly\AppData\Roaming\mozilla\Firefox\Profiles\wdtnl8y3.default\extensions\sparweltgutscheine@sparwelt.de [2010.04.28 17:43:36 | 000,000,266 | ---- | M] () -- C:\Users\genzly\AppData\Roaming\Mozilla\FireFox\Profiles\wdtnl8y3.default\searchplugins\Search.xml [2010.05.02 21:43:49 | 000,000,000 | ---D | M] -- C:\Programme\Mozilla Firefox\extensions [2010.05.02 22:53:45 | 000,000,000 | ---D | M] (LoudMo Contextual Ad Assistant) -- C:\Programme\Mozilla Firefox\extensions\{5885ebb3-9cff-5702-c897-ff65099f1049} [2010.04.12 20:42:50 | 000,000,000 | ---D | M] (Skype extension for Firefox) -- C:\Programme\Mozilla Firefox\extensions\{AB2CE124-6272-4b12-94A9-7303C7397BD1} [2010.05.02 21:13:30 | 000,000,000 | ---D | M] (Java Console) -- C:\Programme\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA} [2008.06.27 20:40:48 | 000,000,000 | ---D | M] (No name found) -- C:\Programme\Mozilla Firefox\extensions\{ec8030f7-c20a-464f-9b0e-13a3a9e97384} [2009.10.16 18:19:10 | 000,000,000 | ---D | M] -- C:\Programme\Mozilla Firefox\extensions\defaults [2009.10.17 16:22:39 | 000,000,000 | ---D | M] -- C:\Programme\Mozilla Firefox\extensions\extensions [2009.10.15 22:01:30 | 000,000,000 | ---D | M] -- C:\Programme\Mozilla Firefox\extensions\firefoxhelper@mozilla.org [2009.10.17 16:11:42 | 000,000,000 | ---D | M] -- C:\Programme\Mozilla Firefox\defaults\extensions [2009.10.17 16:11:35 | 000,000,000 | ---D | M] (Forecastfox) -- C:\Programme\Mozilla Firefox\defaults\extensions\{0538E3E3-7E9B-4d49-8831-A227C80A7AD3} [2009.10.17 16:11:39 | 000,000,000 | ---D | M] (FireShot) -- C:\Programme\Mozilla Firefox\defaults\extensions\{0b457cAA-602d-484a-8fe7-c1d894a011ba} [2009.10.17 16:11:39 | 000,000,000 | ---D | M] (No name found) -- C:\Programme\Mozilla Firefox\defaults\extensions\{0E776007-9038-4eb9-AB46-9A0F50D97D02} [2009.10.17 16:11:41 | 000,000,000 | ---D | M] (Google Toolbar for Firefox) -- C:\Programme\Mozilla Firefox\defaults\extensions\{3112ca9c-de6d-4884-a869-9855de68056c} [2009.10.17 16:11:41 | 000,000,000 | ---D | M] (Stealther) -- C:\Programme\Mozilla Firefox\defaults\extensions\{4776510a-a1f4-41f3-a3c8-35b474ecef23} [2009.10.17 16:11:41 | 000,000,000 | ---D | M] (NoScript) -- C:\Programme\Mozilla Firefox\defaults\extensions\{73a6fe31-595d-460b-a920-fcc0f8843232} [2009.10.17 16:11:41 | 000,000,000 | ---D | M] (ReloadEvery) -- C:\Programme\Mozilla Firefox\defaults\extensions\{888d99e7-e8b5-46a3-851e-1ec45da1e644} [2009.10.17 16:11:41 | 000,000,000 | ---D | M] (Update Notifier) -- C:\Programme\Mozilla Firefox\defaults\extensions\{95f24680-9e31-11da-a746-0800200c9a66} [2009.10.17 16:11:41 | 000,000,000 | ---D | M] (No name found) -- C:\Programme\Mozilla Firefox\defaults\extensions\{9fb7d178-155a-4318-9173-1a8eaaea7fe4} [2009.10.17 16:11:42 | 000,000,000 | ---D | M] (WOT) -- C:\Programme\Mozilla Firefox\defaults\extensions\{a0d7ccb3-214d-498b-b4aa-0e8fda9a7bf7} [2009.10.17 16:11:42 | 000,000,000 | ---D | M] (No name found) -- C:\Programme\Mozilla Firefox\defaults\extensions\{b8cbd8e0-e642-11dd-ba2f-0800200c9a66} [2009.10.17 16:11:42 | 000,000,000 | ---D | M] (Adblock Plus) -- C:\Programme\Mozilla Firefox\defaults\extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d} [2009.10.17 16:11:43 | 000,000,000 | ---D | M] (DriverAgent Plugin for Firefox and Opera) -- C:\Programme\Mozilla Firefox\defaults\extensions\{F8CC37C3-CBEB-4A00-8CBF-26A88693F0C5} [2009.10.17 16:11:32 | 000,000,000 | ---D | M] -- C:\Programme\Mozilla Firefox\defaults\extensions\de-DE@dictionaries.addons.mozilla.org [2009.10.17 16:11:32 | 000,000,000 | ---D | M] -- C:\Programme\Mozilla Firefox\defaults\extensions\firefox@tvunetworks.com [2009.10.17 16:11:35 | 000,000,000 | ---D | M] -- C:\Programme\Mozilla Firefox\defaults\extensions\sammelfreund@webmiles.de [2009.10.17 16:11:35 | 000,000,000 | ---D | M] -- C:\Programme\Mozilla Firefox\defaults\extensions\speedtest@gotomyhelp.com [2009.10.17 16:22:39 | 000,000,000 | ---D | M] -- C:\Programme\Mozilla Firefox\defaults\profile\extensions [2009.10.17 16:13:43 | 000,000,000 | ---D | M] (Forecastfox) -- C:\Programme\Mozilla Firefox\defaults\profile\extensions\{0538E3E3-7E9B-4d49-8831-A227C80A7AD3} [2009.10.17 16:13:44 | 000,000,000 | ---D | M] (FireShot) -- C:\Programme\Mozilla Firefox\defaults\profile\extensions\{0b457cAA-602d-484a-8fe7-c1d894a011ba} [2009.10.17 16:13:44 | 000,000,000 | ---D | M] (No name found) -- C:\Programme\Mozilla Firefox\defaults\profile\extensions\{0E776007-9038-4eb9-AB46-9A0F50D97D02} [2009.10.17 16:22:38 | 000,000,000 | ---D | M] (Google Toolbar for Firefox) -- C:\Programme\Mozilla Firefox\defaults\profile\extensions\{3112ca9c-de6d-4884-a869-9855de68056c} [2009.10.17 16:13:45 | 000,000,000 | ---D | M] (Stealther) -- C:\Programme\Mozilla Firefox\defaults\profile\extensions\{4776510a-a1f4-41f3-a3c8-35b474ecef23} [2009.10.17 16:13:45 | 000,000,000 | ---D | M] (NoScript) -- C:\Programme\Mozilla Firefox\defaults\profile\extensions\{73a6fe31-595d-460b-a920-fcc0f8843232} [2009.10.17 16:13:45 | 000,000,000 | ---D | M] (ReloadEvery) -- C:\Programme\Mozilla Firefox\defaults\profile\extensions\{888d99e7-e8b5-46a3-851e-1ec45da1e644} [2009.10.17 16:13:45 | 000,000,000 | ---D | M] (Update Notifier) -- C:\Programme\Mozilla Firefox\defaults\profile\extensions\{95f24680-9e31-11da-a746-0800200c9a66} [2009.10.17 16:13:45 | 000,000,000 | ---D | M] (No name found) -- C:\Programme\Mozilla Firefox\defaults\profile\extensions\{9fb7d178-155a-4318-9173-1a8eaaea7fe4} [2009.10.17 16:13:45 | 000,000,000 | ---D | M] (WOT) -- C:\Programme\Mozilla Firefox\defaults\profile\extensions\{a0d7ccb3-214d-498b-b4aa-0e8fda9a7bf7} [2009.10.17 16:13:46 | 000,000,000 | ---D | M] (No name found) -- C:\Programme\Mozilla Firefox\defaults\profile\extensions\{b8cbd8e0-e642-11dd-ba2f-0800200c9a66} [2009.10.17 16:13:46 | 000,000,000 | ---D | M] (Adblock Plus) -- C:\Programme\Mozilla Firefox\defaults\profile\extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d} [2009.10.17 16:13:46 | 000,000,000 | ---D | M] (DriverAgent Plugin for Firefox and Opera) -- C:\Programme\Mozilla Firefox\defaults\profile\extensions\{F8CC37C3-CBEB-4A00-8CBF-26A88693F0C5} [2009.10.17 16:13:43 | 000,000,000 | ---D | M] -- C:\Programme\Mozilla Firefox\defaults\profile\extensions\de-DE@dictionaries.addons.mozilla.org [2009.10.17 16:13:43 | 000,000,000 | ---D | M] -- C:\Programme\Mozilla Firefox\defaults\profile\extensions\firefox@tvunetworks.com [2009.10.17 16:13:43 | 000,000,000 | ---D | M] -- C:\Programme\Mozilla Firefox\defaults\profile\extensions\sammelfreund@webmiles.de [2009.10.17 16:13:43 | 000,000,000 | ---D | M] -- C:\Programme\Mozilla Firefox\defaults\profile\extensions\speedtest@gotomyhelp.com [2009.10.17 16:22:38 | 000,000,000 | ---D | M] (No name found) -- C:\Programme\Mozilla Firefox\extensions\extensions\{3112ca9c-de6d-4884-a869-9855de68056c} [2009.10.16 18:19:20 | 000,000,000 | ---D | M] (Java Console) -- C:\Programme\Mozilla Firefox\extensions\extensions\{CAFEEFAC-0016-0000-0011-ABCDEFFEDCBA} [2009.10.16 18:19:21 | 000,000,000 | ---D | M] (Java Console) -- C:\Programme\Mozilla Firefox\extensions\extensions\{CAFEEFAC-0016-0000-0013-ABCDEFFEDCBA} [2009.10.16 18:19:21 | 000,000,000 | ---D | M] (Java Console) -- C:\Programme\Mozilla Firefox\extensions\extensions\{CAFEEFAC-0016-0000-0015-ABCDEFFEDCBA} [2008.06.27 20:40:48 | 000,000,000 | ---D | M] (No name found) -- C:\Programme\Mozilla Firefox\extensions\extensions\{ec8030f7-c20a-464f-9b0e-13a3a9e97384} [2010.05.02 21:13:09 | 000,411,368 | ---- | M] (Sun Microsystems, Inc.) -- C:\Programme\Mozilla Firefox\plugins\npdeployJava1.dll [2010.04.12 20:43:45 | 000,075,208 | ---- | M] (Foxit Software Company) -- C:\Programme\Mozilla Firefox\plugins\npFoxitReaderPlugin.dll [2007.03.10 01:16:44 | 000,189,496 | ---- | M] (Yahoo! Inc.) -- C:\Programme\Mozilla Firefox\plugins\npyaxmpb.dll [2009.11.24 14:14:50 | 010,437,264 | ---- | M] (PDFTron Systems Inc.) -- C:\Programme\Mozilla Firefox\plugins\PDFNetC.dll [2009.11.28 13:10:18 | 000,107,760 | ---- | M] () -- C:\Programme\Mozilla Firefox\plugins\ScorchPDFWrapper.dll [2010.01.25 17:11:28 | 000,001,392 | ---- | M] () -- C:\Programme\Mozilla Firefox\searchplugins\amazondotcom-de.xml [2010.01.25 17:11:28 | 000,002,344 | ---- | M] () -- C:\Programme\Mozilla Firefox\searchplugins\eBay-de.xml [2010.01.25 17:11:28 | 000,006,805 | ---- | M] () -- C:\Programme\Mozilla Firefox\searchplugins\leo_ende_de.xml [2010.01.25 17:11:28 | 000,001,178 | ---- | M] () -- C:\Programme\Mozilla Firefox\searchplugins\wikipedia-de.xml [2010.01.25 17:11:28 | 000,001,105 | ---- | M] () -- C:\Programme\Mozilla Firefox\searchplugins\yahoo-de.xml O1 HOSTS File: ([2009.06.10 23:39:37 | 000,000,824 | ---- | M]) - C:\Windows\System32\drivers\etc\hosts O2 - BHO: (AskBar BHO) - {201f27d4-3704-41d6-89c1-aa35e39143ed} - C:\Programme\AskBarDis\bar\bin\askBar.dll (Ask.com) O2 - BHO: (no name) - {724d43a9-0d85-11d4-9908-00400523e39a} - C:\Programme\Siber Systems\AI RoboForm\roboform.dll (Siber Systems Inc.) O2 - BHO: (AdiCash Toolbar) - {85223548-4D57-4A3B-896B-145985F681C6} - C:\Programme\Andasa\Toolbar.dll (Andasa GmbH) O2 - BHO: (Windows Live Anmelde-Hilfsprogramm) - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Programme\Common Files\microsoft shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corporation) O2 - BHO: (Office Document Cache Handler) - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Programme\Microsoft Office\Office14\URLREDIR.DLL (Microsoft Corporation) O2 - BHO: (AdiCash Toolbar) - {BB9540F0-94B9-4fe8-A2E1-DE3A506ECD4B} - C:\Programme\Andasa\Toolbar.dll (Andasa GmbH) O3 - HKLM\..\Toolbar: (Foxit Toolbar) - {3041d03e-fd4b-44e0-b742-2d9b88305f98} - C:\Programme\AskBarDis\bar\bin\askBar.dll (Ask.com) O3 - HKLM\..\Toolbar: (AdiCash Toolbar) - {6AA99CB6-74AF-4136-A6C6-C64C95333249} - C:\Programme\Andasa\Toolbar.dll (Andasa GmbH) O3 - HKLM\..\Toolbar: (&RoboForm) - {724d43a0-0d85-11d4-9908-00400523e39a} - C:\Programme\Siber Systems\AI RoboForm\roboform.dll (Siber Systems Inc.) O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - No CLSID value found. O3 - HKCU\..\Toolbar\WebBrowser: (&RoboForm) - {724D43A0-0D85-11D4-9908-00400523E39A} - C:\Programme\Siber Systems\AI RoboForm\roboform.dll (Siber Systems Inc.) O4 - HKLM..\Run: [Acronis Scheduler2 Service] C:\Program Files\Common Files\Acronis\Schedule2\schedhlp.exe (Acronis) O4 - HKLM..\Run: [APVXDWIN] C:\Program Files\Panda Security\Panda Global Protection 2010\APVXDWIN.EXE (Panda Security, S.L.) O4 - HKLM..\Run: [BCSSync] C:\Program Files\Microsoft Office\Office14\BCSSync.exe (Microsoft Corporation) O4 - HKLM..\Run: [BoD easyPrint Printing Device] C:\Program Files\BoD easyPrint\BoDeasyPrint_Monitor.exe (Books on Demand) O4 - HKLM..\Run: [Bonus.SSR.FR10] C:\Program Files\ABBYY FineReader 10\Bonus.ScreenshotReader.exe (ABBYY.) O4 - HKLM..\Run: [BrMfcWnd] C:\Program Files\Brother\Brmfcmon\BrMfcWnd.exe (Brother Industries, Ltd.) O4 - HKLM..\Run: [ControlCenter3] C:\Program Files\Brother\ControlCenter3\brctrcen.exe (Brother Industries, Ltd.) O4 - HKLM..\Run: [ Malwarebytes Anti-Malware (reboot)] C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe (Malwarebytes Corporation) O4 - HKLM..\Run: [Monitor] C:\Windows\PixArt\Pac207\Monitor.exe (PixArt Imaging Incorporation) O4 - HKLM..\Run: [MSSE] c:\Program Files\Microsoft Security Essentials\msseces.exe (Microsoft Corporation) O4 - HKLM..\Run: [SCANINICIO] C:\Program Files\Panda Security\Panda Global Protection 2010\Inicio.exe (Panda Security, S.L.) O4 - HKLM..\Run: [Sparwelt Schnäppchen Alarm] C:\Programme\Sparwelt.de\Sparwelt.de Schnäppchen-Alarm\Sparwelt Schnäppchen Alarm.exe (Sparwelt.de) O4 - HKLM..\Run: [TrueImageMonitor.exe] C:\Programme\Acronis\TrueImageHome\TrueImageMonitor.exe (Acronis) O4 - HKLM..\Run: [UnlockerAssistant] C:\Program Files\Unlocker\UnlockerAssistant.exe () O4 - HKCU..\Run: [QUAD Scheduler] C:\Programme\QUAD Utilities\QUAD Registry Cleaner\QUAD Scheduler.exe () O4 - HKCU..\Run: [QUAD Windows service] C:\Program Files\QUAD Utilities\QUAD Registry Cleaner\QUAD Registry Cleaner.exe (Interactive Brands Inc.) O4 - HKCU..\RunOnce: [UniblueRegistryBooster] C:\Program Files\Uniblue\RegistryBooster\launcher.exe (Uniblue Systems Limited) O4 - HKLM..\RunOnceEx: [Flags] Reg Error: Invalid data type. File not found O4 - HKLM..\RunOnceEx: [Title] File not found O4 - Startup: C:\Users\genzly\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Secunia PSI.lnk = C:\Programme\Secunia\PSI\psi.exe (Secunia) O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 0 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: PromptOnSecureDesktop = 0 O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutorun = 0 O8 - Extra context menu item: Nach Microsoft &Excel exportieren - C:\Programme\Microsoft Office\OFFICE11\EXCEL.EXE (Microsoft Corporation) O8 - Extra context menu item: Nach Microsoft E&xel exportieren - C:\Programme\Microsoft Office\Office14\EXCEL.EXE (Microsoft Corporation) O8 - Extra context menu item: RF - Formular ausfüllen - C:\Program Files\Siber Systems\AI RoboForm\RoboFormComFillForms.html () O8 - Extra context menu item: RF - Formular speichern - C:\Program Files\Siber Systems\AI RoboForm\RoboFormComSavePass.html () O8 - Extra context menu item: RF - Menü anpassen - C:\Program Files\Siber Systems\AI RoboForm\RoboFormComCustomizeIEMenu.html () O8 - Extra context menu item: RF - RoboForm-Leiste ein/aus - C:\Program Files\Siber Systems\AI RoboForm\RoboFormComShowToolbar.html () O9 - Extra Button: Ausfüllen - {320AF880-6646-11D3-ABEE-C5DBF3571F46} - C:\Program Files\Siber Systems\AI RoboForm\RoboFormComFillForms.html () O9 - Extra 'Tools' menuitem : RF - Formular ausfüllen - {320AF880-6646-11D3-ABEE-C5DBF3571F46} - C:\Program Files\Siber Systems\AI RoboForm\RoboFormComFillForms.html () O9 - Extra Button: Speichern - {320AF880-6646-11D3-ABEE-C5DBF3571F49} - C:\Program Files\Siber Systems\AI RoboForm\RoboFormComSavePass.html () O9 - Extra 'Tools' menuitem : RF - Formular speichern - {320AF880-6646-11D3-ABEE-C5DBF3571F49} - C:\Program Files\Siber Systems\AI RoboForm\RoboFormComSavePass.html () O9 - Extra Button: RoboForm - {724d43aa-0d85-11d4-9908-00400523e39a} - C:\Program Files\Siber Systems\AI RoboForm\RoboFormComShowToolbar.html () O9 - Extra 'Tools' menuitem : RF - RoboForm-Leiste ein/aus - {724d43aa-0d85-11d4-9908-00400523e39a} - C:\Program Files\Siber Systems\AI RoboForm\RoboFormComShowToolbar.html () O9 - Extra Button: Verknüpfte &OneNote-Notizen - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - Reg Error: Value error. File not found O9 - Extra 'Tools' menuitem : Verknüpfte &OneNote-Notizen - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - Reg Error: Value error. File not found O9 - Extra Button: Recherchieren - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\Programme\Microsoft Office\OFFICE11\REFIEBAR.DLL (Microsoft Corporation) O13 - gopher Prefix: missing O15 - HKCU\..Trusted Domains: microsoft.com ([update] http in Vertrauenswürdige Sites) O15 - HKCU\..Trusted Domains: microsoft.com ([windowsupdate] http in Vertrauenswürdige Sites) O15 - HKCU\..Trusted Domains: msn.com ([de] http in Vertrauenswürdige Sites) O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_20-windows-i586.cab (Java Plug-in 1.6.0_20) O16 - DPF: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_20-windows-i586.cab (Java Plug-in 1.6.0_20) O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_20-windows-i586.cab (Java Plug-in 1.6.0_20) O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.0.1 O18 - Protocol\Handler\http\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation) O18 - Protocol\Handler\http\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation) O18 - Protocol\Handler\https\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation) O18 - Protocol\Handler\https\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation) O18 - Protocol\Handler\msdaipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation) O18 - Protocol\Handler\msdaipp\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation) O18 - Protocol\Handler\ms-help {314111c7-a502-11d2-bbca-00c04f8ec294} - C:\Programme\Common Files\microsoft shared\Help\hxds.dll (Microsoft Corporation) O18 - Protocol\Handler\mso-offdap11 {32505114-5902-49B2-880A-1F7738E5A384} - C:\Programme\Common Files\microsoft shared\Web Components\11\OWC11.DLL (Microsoft Corporation) O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Programme\Common Files\Skype\Skype4COM.dll (Skype Technologies) O18 - Protocol\Filter\text/xml {807573E5-5146-11D5-A672-00B0D022E945} - C:\Programme\Common Files\microsoft shared\OFFICE14\MSOXMLMF.DLL (Microsoft Corporation) O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation) O20 - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\Windows\System32\SystemPropertiesPerformance.exe (Microsoft Corporation) O20 - HKLM Winlogon: VMApplet - (/pagefile) - File not found O20 - Winlogon\Notify\avldr: DllName - avldr.dll - C:\Windows\System32\avldr.dll (Panda Security, S.L.) O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - CLSID or File not found. O30 - LSA: Security Packages - (pku2u) - C:\Windows\System32\pku2u.dll (Microsoft Corporation) O32 - HKLM CDRom: AutoRun - 1 O32 - AutoRun File - [2009.06.10 23:42:20 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ] O34 - HKLM BootExecute: (autocheck autochk *) - File not found O34 - HKLM BootExecute: (MACHINE BootExecut) - File not found O35 - HKLM\..comfile [open] -- "%1" %* O35 - HKLM\..exefile [open] -- "%1" %* O37 - HKLM\...com [@ = comfile] -- "%1" %* O37 - HKLM\...exe [@ = exefile] -- "%1" %* ========== Files/Folders - Created Within 30 Days ========== [2010.05.08 08:40:45 | 000,570,880 | ---- | C] (OldTimer Tools) -- C:\Users\genzly\Desktop\OTL.exe [2010.05.06 22:55:53 | 000,046,728 | ---- | C] (Panda Security, S.L.) -- C:\Windows\System32\drivers\wnmflt.sys [2010.05.06 22:55:52 | 000,193,800 | ---- | C] (Panda Security, S.L.) -- C:\Windows\System32\drivers\idsflt.sys [2010.05.06 22:55:52 | 000,053,128 | ---- | C] (Panda Security, S.L.) -- C:\Windows\System32\drivers\dsaflt.sys [2010.05.06 22:55:24 | 000,159,112 | ---- | C] (Panda Security, S.L.) -- C:\Windows\System32\drivers\NETFLTDI.SYS [2010.05.06 22:55:24 | 000,075,016 | ---- | C] (Panda Security, S.L.) -- C:\Windows\System32\drivers\APPFLT.SYS [2010.05.06 22:55:24 | 000,022,072 | ---- | C] (Panda Security, S.L.) -- C:\Windows\System32\drivers\fnetmon.sys [2010.05.06 22:54:59 | 000,054,832 | ---- | C] (Panda Software) -- C:\Windows\System32\pavcpl.cpl [2010.05.06 22:54:50 | 000,446,464 | ---- | C] (eHelp Corporation.) -- C:\Windows\System32\HHActiveX.dll [2010.05.06 22:54:44 | 000,193,792 | ---- | C] (Panda Security, S.L.) -- C:\Windows\System32\TpUtil.dll [2010.05.06 22:54:44 | 000,107,568 | ---- | C] (Panda Software) -- C:\Windows\System32\SYSTOOLS.DLL [2010.05.06 22:54:44 | 000,087,296 | ---- | C] (Panda Security, S.L.) -- C:\Windows\System32\PavLspHook.dll [2010.05.06 22:54:44 | 000,055,552 | ---- | C] (Panda Security, S.L.) -- C:\Windows\System32\pavipc.dll [2010.05.06 22:54:42 | 000,518,400 | ---- | C] (Panda Security, S.L.) -- C:\Windows\System32\PavSHook.dll [2010.05.06 22:54:40 | 000,199,432 | ---- | C] (Panda Security, S.L.) -- C:\Windows\System32\drivers\neti1639.sys [2010.05.06 22:54:37 | 000,049,160 | ---- | C] (Panda Security, S.L.) -- C:\Windows\System32\drivers\amm8660.sys [2010.05.06 22:51:13 | 000,028,552 | ---- | C] (Panda Security, S.L.) -- C:\Windows\System32\drivers\pavboot.sys [2010.05.06 22:50:49 | 000,163,336 | ---- | C] (Panda Security, S.L.) -- C:\Windows\System32\drivers\PavProc.sys [2010.05.06 22:50:49 | 000,041,144 | ---- | C] (Panda Security, S.L.) -- C:\Windows\System32\drivers\ShlDrv51.sys [2010.05.06 21:53:06 | 000,387,584 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\drivers\btpotssg.sys [2010.05.06 20:38:43 | 000,387,584 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\drivers\aiyksqud.sys [2010.05.04 22:49:14 | 000,027,320 | ---- | C] (Advanced Micro Devices) -- C:\Windows\System32\drivers\usbfilter.sys [2010.05.04 22:49:14 | 000,000,000 | ---D | C] -- C:\Programme\AMD [2010.05.04 21:14:18 | 000,284,160 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\drivers\usbport.sys [2010.05.04 18:53:22 | 000,387,584 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\drivers\bbpjotqr.sys [2010.05.04 18:25:59 | 000,000,000 | ---D | C] -- C:\Programme\Microsoft Security Essentials [2010.05.04 15:25:50 | 000,000,000 | ---D | C] -- C:\Users\genzly\AppData\Roaming\QUAD Backups [2010.05.04 15:12:19 | 000,000,000 | ---D | C] -- C:\Programme\QUAD Utilities [2010.05.03 22:16:08 | 000,000,000 | ---D | C] -- C:\Programme\CCleaner [2010.05.03 21:44:31 | 000,000,000 | ---D | C] -- C:\Programme\Uniblue [2010.05.03 19:11:47 | 000,000,000 | ---D | C] -- C:\Programme\Unlocker [2010.05.03 18:39:08 | 000,000,000 | ---D | C] -- C:\Windows 7 Loader [2010.05.03 14:44:24 | 000,014,392 | ---- | C] (Advanced Micro Devices Inc.) -- C:\Windows\System32\drivers\AtiPcie.sys [2010.05.03 08:55:14 | 000,387,584 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\drivers\cqtopexs.sys [2010.05.03 00:08:05 | 000,000,000 | ---D | C] -- C:\ProgramData\Driver Whiz [2010.05.02 21:41:11 | 000,000,000 | ---D | C] -- C:\Users\genzly\AppData\Local\PC_Drivers_Headquarters [2010.05.02 21:37:53 | 000,000,000 | ---D | C] -- C:\Programme\PC Drivers HeadQuarters [2010.05.02 21:37:53 | 000,000,000 | ---D | C] -- C:\ProgramData\PC Drivers HeadQuarters [2010.05.02 21:17:52 | 000,000,000 | ---D | C] -- C:\Programme\Common Files\Java [2010.05.02 21:13:25 | 000,411,368 | ---- | C] (Sun Microsystems, Inc.) -- C:\Windows\System32\deployJava1.dll [2010.05.02 21:13:25 | 000,153,376 | ---- | C] (Sun Microsystems, Inc.) -- C:\Windows\System32\javaws.exe [2010.05.02 21:13:25 | 000,145,184 | ---- | C] (Sun Microsystems, Inc.) -- C:\Windows\System32\javaw.exe [2010.05.02 21:13:25 | 000,145,184 | ---- | C] (Sun Microsystems, Inc.) -- C:\Windows\System32\java.exe [2010.05.02 18:36:49 | 000,000,000 | ---D | C] -- C:\Windows\System32\Tools [2010.05.01 16:30:21 | 000,000,000 | ---D | C] -- C:\Users\genzly\AppData\Local\Panda Security [2010.05.01 16:29:00 | 000,000,000 | ---D | C] -- C:\ProgramData\Backup [2010.05.01 16:28:17 | 000,058,672 | ---- | C] (Panda Security, S.L.) -- C:\Windows\System32\avldr.dll [2010.05.01 16:28:17 | 000,000,000 | ---D | C] -- C:\Windows\System32\PAV [2010.05.01 16:28:15 | 000,000,000 | ---D | C] -- C:\Users\genzly\AppData\Roaming\Panda Security [2010.05.01 16:28:15 | 000,000,000 | ---D | C] -- C:\ProgramData\Panda Security [2010.05.01 16:25:04 | 000,000,000 | ---D | C] -- C:\Programme\Common Files\Panda Security [2010.05.01 09:08:50 | 000,000,000 | ---D | C] -- C:\Programme\Panda Security [2010.04.30 22:22:08 | 000,000,000 | ---D | C] -- C:\Programme\Driver Checker [2010.04.30 14:57:27 | 000,000,000 | ---D | C] -- C:\Programme\Carambis [2010.04.28 21:41:26 | 000,000,000 | ---D | C] -- C:\_AcroTemp [2010.04.28 04:20:25 | 001,037,312 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\lsasrv.dll [2010.04.28 04:20:24 | 000,133,720 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\drivers\ksecpkg.sys [2010.04.27 20:28:51 | 000,000,000 | ---D | C] -- C:\Programme\DIFX [2010.04.25 22:02:54 | 000,000,000 | ---D | C] -- C:\Programme\Screenshot Studio [2010.04.18 22:05:07 | 000,000,000 | ---D | C] -- C:\Users\genzly\AppData\Roaming\dvdcss [2010.04.14 17:03:26 | 000,000,000 | ---D | C] -- C:\Users\genzly\Documents\DVDVideoSoft [2010.04.14 17:02:49 | 000,000,000 | ---D | C] -- C:\Programme\Common Files\DVDVideoSoft [2010.04.14 17:02:47 | 000,000,000 | ---D | C] -- C:\Programme\DVDVideoSoft [2010.04.14 17:01:59 | 017,227,469 | ---- | C] (DVDVideoSoft Limited. ) -- C:\Users\genzly\Desktop\FreeYouTubeToMp3Converter_3.8.exe [2010.04.14 16:50:13 | 000,000,000 | ---D | C] -- C:\Programme\Crystal Software [2010.04.14 04:29:48 | 003,954,568 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ntkrnlpa.exe [2010.04.14 04:29:48 | 003,899,280 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ntoskrnl.exe [2010.04.14 04:29:44 | 000,427,520 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\vbscript.dll [2010.04.12 20:41:41 | 000,000,000 | ---D | C] -- C:\Programme\Common Files\Skype [2010.04.12 17:19:04 | 000,000,000 | ---D | C] -- C:\Users\genzly\Desktop\Convar [2010.04.12 15:28:14 | 000,089,360 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\VB5DB.DLL [2010.04.12 15:28:12 | 000,516,784 | R--- | C] (Xceed Software Inc (450) 442-2626 support@xceedsoft.com www.xceedsoft.com) -- C:\Windows\System32\XceedCry.dll [2010.04.12 15:28:12 | 000,217,088 | ---- | C] (Dart Communications) -- C:\Windows\System32\DartSock.dll [2010.04.12 15:28:12 | 000,118,784 | ---- | C] (Dart Communications) -- C:\Windows\System32\DartWeb.dll [2010.04.12 15:28:12 | 000,000,000 | ---D | C] -- C:\Programme\Convar [2010.04.12 12:27:07 | 000,000,000 | ---D | C] -- C:\Programme\PhotoRescue PC v3.1.8.11543 [2010.04.11 22:36:41 | 000,000,000 | ---D | C] -- C:\Users\genzly\Desktop\Recovered [2010.04.11 22:10:59 | 000,000,000 | ---D | C] -- C:\Programme\ZAR [2010.04.11 09:21:42 | 000,000,000 | ---D | C] -- C:\Programme\PC Inspector File Recovery ========== Files - Modified Within 30 Days ========== [2054.12.17 21:04:38 | 031,357,535 | ---- | M] () -- C:\Users\genzly\Documents\CLIP0004.MP4 [2054.12.17 20:59:14 | 139,458,149 | ---- | M] () -- C:\Users\genzly\Documents\CLIP0003.MP4 [2054.12.17 19:20:50 | 001,857,652 | ---- | M] () -- C:\Users\genzly\Documents\CLIP0002.MP4 [2054.12.17 19:20:44 | 1265,718,270 | ---- | M] () -- C:\Users\genzly\Documents\CLIP0001.MP4 [2010.05.08 21:07:06 | 005,242,880 | -HS- | M] () -- C:\Users\genzly\ntuser.dat [2010.05.08 20:36:00 | 000,001,096 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job [2010.05.08 17:59:44 | 000,000,068 | ---- | M] () -- C:\Windows\System32\drivers\etc\NetFlt.cfg.bck [2010.05.08 17:59:44 | 000,000,068 | ---- | M] () -- C:\Windows\System32\drivers\etc\NetFlt.cfg [2010.05.08 17:57:23 | 000,017,136 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0 [2010.05.08 17:57:23 | 000,017,136 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0 [2010.05.08 17:50:21 | 000,000,064 | ---- | M] () -- C:\Windows\System32\drivers\etc\NetAR.wlt.bck [2010.05.08 17:50:21 | 000,000,064 | ---- | M] () -- C:\Windows\System32\drivers\etc\NetAR.wlt [2010.05.08 17:50:20 | 000,001,092 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job [2010.05.08 17:50:02 | 000,000,120 | ---- | M] () -- C:\Windows\System32\drivers\etc\NetAdapt.cfg.bck [2010.05.08 17:50:02 | 000,000,120 | ---- | M] () -- C:\Windows\System32\drivers\etc\NetAdapt.cfg [2010.05.08 17:49:33 | 000,000,006 | -H-- | M] () -- C:\Windows\tasks\SA.DAT [2010.05.08 17:49:17 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat [2010.05.08 17:49:11 | 1509,400,576 | -HS- | M] () -- C:\hiberfil.sys [2010.05.08 17:46:02 | 002,183,423 | -H-- | M] () -- C:\Users\genzly\AppData\Local\IconCache.db [2010.05.08 17:43:56 | 000,000,529 | ---- | M] () -- C:\Users\genzly\Desktop\Musikverein.lnk [2010.05.08 09:58:35 | 000,000,649 | ---- | M] () -- C:\Users\genzly\Desktop\Schule.lnk [2010.05.08 09:57:20 | 000,000,649 | ---- | M] () -- C:\Users\genzly\Desktop\Steuer.lnk [2010.05.08 08:41:24 | 000,570,880 | ---- | M] (OldTimer Tools) -- C:\Users\genzly\Desktop\OTL.exe [2010.05.07 07:07:00 | 000,387,584 | ---- | M] () -- C:\Windows\System32\drivers\csc.sys [2010.05.06 23:04:30 | 000,000,496 | ---- | M] () -- C:\Windows\tasks\Grundlegende Bereinigung1.job [2010.05.06 23:04:30 | 000,000,496 | ---- | M] () -- C:\Windows\tasks\Grundlegende Bereinigung.job [2010.05.06 22:57:06 | 000,000,803 | ---- | M] () -- C:\Windows\win.ini [2010.05.06 22:56:30 | 000,013,880 | ---- | M] () -- C:\Windows\System32\drivers\COMFiltr.sys [2010.05.06 22:56:10 | 000,000,262 | ---- | M] () -- C:\Windows\System32\PavCPL.dat [2010.05.06 21:53:06 | 000,387,584 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\drivers\btpotssg.sys [2010.05.06 20:38:43 | 000,387,584 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\drivers\aiyksqud.sys [2010.05.06 10:36:38 | 000,221,568 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\MpSigStub.exe [2010.05.05 00:40:13 | 001,479,652 | ---- | M] () -- C:\Windows\System32\PerfStringBackup.INI [2010.05.05 00:40:13 | 000,648,406 | ---- | M] () -- C:\Windows\System32\perfh007.dat [2010.05.05 00:40:13 | 000,610,434 | ---- | M] () -- C:\Windows\System32\perfh009.dat [2010.05.05 00:40:13 | 000,127,666 | ---- | M] () -- C:\Windows\System32\perfc007.dat [2010.05.05 00:40:13 | 000,104,752 | ---- | M] () -- C:\Windows\System32\perfc009.dat [2010.05.05 00:39:38 | 000,000,468 | ---- | M] () -- C:\Windows\BRWMARK.INI [2010.05.05 00:39:38 | 000,000,027 | ---- | M] () -- C:\Windows\BRPP2KA.INI [2010.05.04 23:59:37 | 000,455,520 | ---- | M] () -- C:\Windows\System32\FNTCACHE.DAT [2010.05.04 23:04:09 | 000,000,928 | ---- | M] () -- C:\Users\genzly\Desktop\Unterrichtsmaterial.lnk [2010.05.04 22:30:09 | 000,135,328 | ---- | M] () -- C:\Users\genzly\AppData\Local\GDIPFONTCACHEV1.DAT [2010.05.04 21:14:19 | 000,284,160 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\drivers\usbport.sys [2010.05.04 18:53:22 | 000,387,584 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\drivers\bbpjotqr.sys [2010.05.04 18:25:59 | 000,001,053 | ---- | M] () -- C:\Users\Public\Desktop\Microsoft Security Essentials.lnk [2010.05.04 15:12:20 | 000,002,168 | ---- | M] () -- C:\Users\genzly\Desktop\QUAD RegistryCleaner.lnk [2010.05.03 22:16:13 | 000,001,835 | ---- | M] () -- C:\Users\genzly\Desktop\CCleaner.lnk [2010.05.03 08:55:14 | 000,387,584 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\drivers\cqtopexs.sys [2010.05.03 00:28:39 | 000,000,807 | ---- | M] () -- C:\Users\Public\Desktop\Opera.lnk [2010.05.03 00:19:13 | 000,524,288 | -HS- | M] () -- C:\Users\genzly\ntuser.dat{48ac209e-5629-11df-82a3-002197ed0b20}.TMContainer00000000000000000002.regtrans-ms [2010.05.03 00:19:13 | 000,524,288 | -HS- | M] () -- C:\Users\genzly\ntuser.dat{48ac209e-5629-11df-82a3-002197ed0b20}.TMContainer00000000000000000001.regtrans-ms [2010.05.03 00:19:13 | 000,065,536 | -HS- | M] () -- C:\Users\genzly\ntuser.dat{48ac209e-5629-11df-82a3-002197ed0b20}.TM.blf [2010.05.02 22:44:02 | 000,524,288 | -HS- | M] () -- C:\Users\genzly\ntuser.dat{1c3ed81e-561e-11df-b51d-002197ed0b20}.TMContainer00000000000000000002.regtrans-ms [2010.05.02 22:44:02 | 000,524,288 | -HS- | M] () -- C:\Users\genzly\ntuser.dat{1c3ed81e-561e-11df-b51d-002197ed0b20}.TMContainer00000000000000000001.regtrans-ms [2010.05.02 22:44:02 | 000,065,536 | -HS- | M] () -- C:\Users\genzly\ntuser.dat{1c3ed81e-561e-11df-b51d-002197ed0b20}.TM.blf [2010.05.02 21:13:08 | 000,153,376 | ---- | M] (Sun Microsystems, Inc.) -- C:\Windows\System32\javaws.exe [2010.05.02 21:13:08 | 000,145,184 | ---- | M] (Sun Microsystems, Inc.) -- C:\Windows\System32\javaw.exe [2010.05.02 21:13:07 | 000,145,184 | ---- | M] (Sun Microsystems, Inc.) -- C:\Windows\System32\java.exe [2010.05.02 21:13:06 | 000,411,368 | ---- | M] (Sun Microsystems, Inc.) -- C:\Windows\System32\deployJava1.dll [2010.05.02 18:02:44 | 000,007,158 | ---- | M] () -- C:\Users\genzly\Desktop\scroller_nscroller.js [2010.05.01 00:36:52 | 000,000,036 | ---- | M] () -- C:\Users\genzly\AppData\Local\housecall.guid.cache [2010.04.30 16:26:09 | 000,524,288 | -HS- | M] () -- C:\Users\genzly\ntuser.dat{5280290b-545b-11df-adb1-002197ed0b20}.TMContainer00000000000000000002.regtrans-ms [2010.04.30 16:26:09 | 000,524,288 | -HS- | M] () -- C:\Users\genzly\ntuser.dat{5280290b-545b-11df-adb1-002197ed0b20}.TMContainer00000000000000000001.regtrans-ms [2010.04.30 16:26:09 | 000,065,536 | -HS- | M] () -- C:\Users\genzly\ntuser.dat{5280290b-545b-11df-adb1-002197ed0b20}.TM.blf [2010.04.30 14:58:17 | 000,004,872 | ---- | M] () -- C:\ProgramData\mtbjfghn.xbe [2010.04.29 15:39:38 | 000,038,224 | ---- | M] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbamswissarmy.sys [2010.04.29 15:39:26 | 000,020,952 | ---- | M] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbam.sys [2010.04.28 17:42:49 | 000,001,063 | ---- | M] () -- C:\Users\Public\Desktop\AnyDVD.lnk [2010.04.27 19:20:07 | 000,001,899 | ---- | M] () -- C:\Users\Public\Desktop\CDBurnerXP.lnk [2010.04.26 16:34:44 | 000,002,516 | -HS- | M] () -- C:\ProgramData\KGyGaAvL.sys [2010.04.23 22:40:59 | 000,000,118 | -H-- | M] () -- C:\Users\genzly\Desktop\.~lock.Geburtstage.xlsx# [2010.04.22 21:54:04 | 000,000,000 | -H-- | M] () -- C:\Windows\System32\drivers\Msft_User_WpdMtpDr_01_09_00.Wdf [2010.04.20 14:44:55 | 000,000,000 | ---- | M] () -- C:\Users\genzly\Documents\FOXIT_PDF [2010.04.15 20:20:38 | 000,043,086 | ---- | M] () -- C:\Users\genzly\Desktop\Gründungsfest.cedprj [2010.04.15 07:00:34 | 000,009,144 | ---- | M] () -- C:\Users\genzly\Desktop\Mein Film.wlmp [2010.04.14 17:02:22 | 017,227,469 | ---- | M] (DVDVideoSoft Limited. ) -- C:\Users\genzly\Desktop\FreeYouTubeToMp3Converter_3.8.exe [2010.04.14 16:59:36 | 000,000,591 | ---- | M] () -- C:\Windows\videotoaudio.ini [2010.04.14 16:59:36 | 000,000,005 | ---- | M] () -- C:\Windows\System32\SySatm.dat [2010.04.12 20:44:00 | 000,001,192 | ---- | M] () -- C:\Users\Public\Desktop\Foxit Reader.lnk [2010.04.12 20:41:42 | 000,002,505 | ---- | M] () -- C:\Users\Public\Desktop\Skype.lnk [2010.04.12 16:35:05 | 000,042,235 | ---- | M] () -- C:\Users\genzly\Desktop\Zölibat.pdf [2010.04.12 15:28:14 | 000,001,088 | ---- | M] () -- C:\Users\Public\Desktop\PC Inspector smart recovery.lnk [2010.04.12 12:23:18 | 000,001,977 | ---- | M] () -- C:\Users\genzly\photorec.cfg [2010.04.11 01:38:15 | 000,002,174 | ---- | M] () -- C:\Users\Public\Desktop\Google Earth.lnk ========== Files Created - No Company Name ========== [2010.05.08 17:43:56 | 000,000,529 | ---- | C] () -- C:\Users\genzly\Desktop\Musikverein.lnk [2010.05.08 09:58:35 | 000,000,649 | ---- | C] () -- C:\Users\genzly\Desktop\Schule.lnk [2010.05.08 09:57:20 | 000,000,649 | ---- | C] () -- C:\Users\genzly\Desktop\Steuer.lnk [2010.05.06 22:56:30 | 000,013,880 | ---- | C] () -- C:\Windows\System32\drivers\COMFiltr.sys [2010.05.06 22:56:09 | 000,000,262 | ---- | C] () -- C:\Windows\System32\PavCPL.dat [2010.05.06 22:55:21 | 000,000,496 | ---- | C] () -- C:\Windows\tasks\Grundlegende Bereinigung1.job [2010.05.06 22:55:20 | 000,000,496 | ---- | C] () -- C:\Windows\tasks\Grundlegende Bereinigung.job [2010.05.04 23:04:13 | 000,000,928 | ---- | C] () -- C:\Users\genzly\Desktop\Unterrichtsmaterial.lnk [2010.05.04 18:25:59 | 000,001,053 | ---- | C] () -- C:\Users\Public\Desktop\Microsoft Security Essentials.lnk [2010.05.04 15:12:20 | 000,002,168 | ---- | C] () -- C:\Users\genzly\Desktop\QUAD RegistryCleaner.lnk [2010.05.03 22:16:13 | 000,001,835 | ---- | C] () -- C:\Users\genzly\Desktop\CCleaner.lnk [2010.05.02 22:57:21 | 000,524,288 | -HS- | C] () -- C:\Users\genzly\ntuser.dat{48ac209e-5629-11df-82a3-002197ed0b20}.TMContainer00000000000000000002.regtrans-ms [2010.05.02 22:57:20 | 000,524,288 | -HS- | C] () -- C:\Users\genzly\ntuser.dat{48ac209e-5629-11df-82a3-002197ed0b20}.TMContainer00000000000000000001.regtrans-ms [2010.05.02 22:57:19 | 000,065,536 | -HS- | C] () -- C:\Users\genzly\ntuser.dat{48ac209e-5629-11df-82a3-002197ed0b20}.TM.blf [2010.05.02 22:29:06 | 000,524,288 | -HS- | C] () -- C:\Users\genzly\ntuser.dat{1c3ed81e-561e-11df-b51d-002197ed0b20}.TMContainer00000000000000000002.regtrans-ms [2010.05.02 22:29:06 | 000,524,288 | -HS- | C] () -- C:\Users\genzly\ntuser.dat{1c3ed81e-561e-11df-b51d-002197ed0b20}.TMContainer00000000000000000001.regtrans-ms [2010.05.02 22:29:06 | 000,065,536 | -HS- | C] () -- C:\Users\genzly\ntuser.dat{1c3ed81e-561e-11df-b51d-002197ed0b20}.TM.blf [2010.05.01 00:36:52 | 000,000,036 | ---- | C] () -- C:\Users\genzly\AppData\Local\housecall.guid.cache [2010.04.30 15:35:32 | 000,524,288 | -HS- | C] () -- C:\Users\genzly\ntuser.dat{5280290b-545b-11df-adb1-002197ed0b20}.TMContainer00000000000000000002.regtrans-ms [2010.04.30 15:35:32 | 000,524,288 | -HS- | C] () -- C:\Users\genzly\ntuser.dat{5280290b-545b-11df-adb1-002197ed0b20}.TMContainer00000000000000000001.regtrans-ms [2010.04.30 15:35:32 | 000,065,536 | -HS- | C] () -- C:\Users\genzly\ntuser.dat{5280290b-545b-11df-adb1-002197ed0b20}.TM.blf [2010.04.30 14:58:17 | 000,004,872 | ---- | C] () -- C:\ProgramData\mtbjfghn.xbe [2010.04.28 17:42:49 | 000,001,063 | ---- | C] () -- C:\Users\Public\Desktop\AnyDVD.lnk [2010.04.23 22:40:59 | 000,000,118 | -H-- | C] () -- C:\Users\genzly\Desktop\.~lock.Geburtstage.xlsx# [2010.04.22 21:54:04 | 000,000,000 | -H-- | C] () -- C:\Windows\System32\drivers\Msft_User_WpdMtpDr_01_09_00.Wdf [2010.04.15 20:20:38 | 000,043,086 | ---- | C] () -- C:\Users\genzly\Desktop\Gründungsfest.cedprj [2010.04.15 07:00:34 | 000,009,144 | ---- | C] () -- C:\Users\genzly\Desktop\Mein Film.wlmp [2010.04.14 16:52:46 | 000,000,591 | ---- | C] () -- C:\Windows\videotoaudio.ini [2010.04.14 16:50:25 | 000,000,005 | ---- | C] () -- C:\Windows\System32\SySatm.dat [2010.04.12 20:41:42 | 000,002,505 | ---- | C] () -- C:\Users\Public\Desktop\Skype.lnk [2010.04.12 15:28:12 | 000,028,672 | ---- | C] () -- C:\Windows\System32\DartWeb.oca [2010.04.12 15:28:12 | 000,001,088 | ---- | C] () -- C:\Users\Public\Desktop\PC Inspector smart recovery.lnk [2010.04.12 12:22:58 | 000,001,977 | ---- | C] () -- C:\Users\genzly\photorec.cfg [2010.04.11 09:21:45 | 000,006,200 | ---- | C] () -- C:\Windows\System32\INT13EXT.VXD [2010.04.11 01:38:15 | 000,002,174 | ---- | C] () -- C:\Users\Public\Desktop\Google Earth.lnk [2010.02.28 17:34:30 | 000,214,056 | ---- | C] () -- C:\Windows\System32\xvidcore.dll [2010.02.28 17:34:30 | 000,078,376 | ---- | C] () -- C:\Windows\System32\xvidvfw.dll [2010.02.28 17:26:25 | 000,214,056 | ---- | C] () -- C:\Windows\System32\vcore.dll [2010.02.28 17:26:25 | 000,096,768 | ---- | C] () -- C:\Windows\System32\LPng.dll [2010.02.28 17:26:25 | 000,061,440 | ---- | C] () -- C:\Windows\System32\AudioCodec.dll [2010.02.28 17:26:25 | 000,020,480 | ---- | C] () -- C:\Windows\System32\AviWriter.dll [2010.02.28 17:26:24 | 000,072,704 | ---- | C] () -- C:\Windows\System32\vvfw.dll [2010.02.16 22:46:58 | 000,237,646 | ---- | C] () -- C:\Windows\System32\Snap_device.dll [2010.02.16 22:46:58 | 000,237,568 | ---- | C] () -- C:\Windows\System32\GTTunerCard.dll [2010.02.16 22:46:57 | 000,069,707 | ---- | C] () -- C:\Windows\System32\DISP_OPT1.dll [2010.02.11 07:30:38 | 000,159,744 | ---- | C] () -- C:\Windows\System32\atitmmxx.dll [2010.01.05 18:31:38 | 000,120,200 | ---- | C] () -- C:\Windows\System32\DLLDEV32i.dll [2009.12.18 21:57:31 | 000,044,544 | ---- | C] () -- C:\Windows\System32\GIF89.DLL [2009.12.18 21:57:25 | 000,175,104 | ---- | C] () -- C:\Windows\System32\lame_enc.dll [2009.11.28 17:26:48 | 000,024,704 | ---- | C] () -- C:\Windows\System32\drivers\NinjaUSB.sys [2009.11.07 13:26:51 | 000,000,000 | ---- | C] () -- C:\Windows\graphedit.INI [2009.10.25 21:09:50 | 000,000,468 | ---- | C] () -- C:\Windows\BRWMARK.INI [2009.10.25 21:09:50 | 000,000,030 | ---- | C] () -- C:\Windows\System32\brss01a.ini [2009.10.25 21:09:50 | 000,000,027 | ---- | C] () -- C:\Windows\BRPP2KA.INI [2009.10.24 19:59:41 | 000,000,400 | ---- | C] () -- C:\Windows\ODBC.INI [2009.10.19 19:17:55 | 000,027,019 | ---- | C] () -- C:\Windows\maxlink.ini [2009.10.15 23:32:51 | 000,663,552 | ---- | C] () -- C:\Windows\System32\Tx12.dll [2009.10.15 23:32:51 | 000,000,530 | ---- | C] () -- C:\Windows\System32\tx12_ic.ini [2009.10.15 22:01:18 | 000,007,168 | ---- | C] () -- C:\Windows\System32\drivers\StarOpen.sys [2009.09.24 01:46:04 | 000,085,504 | ---- | C] () -- C:\Windows\System32\ff_vfw.dll [2009.07.14 01:51:43 | 000,073,728 | ---- | C] () -- C:\Windows\System32\BthpanContextHandler.dll [2009.07.14 01:42:10 | 000,064,000 | ---- | C] () -- C:\Windows\System32\BWContextHandler.dll [2009.07.14 01:15:13 | 000,387,584 | ---- | C] () -- C:\Windows\System32\drivers\csc.sys [2007.09.04 13:56:10 | 000,164,352 | ---- | C] () -- C:\Windows\System32\unrar.dll [2007.08.16 16:17:50 | 000,143,360 | ---- | C] () -- C:\Windows\System32\nsldap32v50.dll [2007.02.05 21:05:26 | 000,000,038 | ---- | C] () -- C:\Windows\AviSplitter.INI [2007.01.26 02:04:12 | 000,138,752 | ---- | C] () -- C:\Windows\System32\mase32.dll [2007.01.26 02:04:12 | 000,027,648 | ---- | C] () -- C:\Windows\System32\ma32.dll [2006.11.02 09:27:46 | 000,000,518 | ---- | C] () -- C:\Windows\System32\SP207.INI [2005.12.21 17:57:04 | 000,024,576 | ---- | C] () -- C:\Windows\System32\nsldappr32v50.dll [2005.12.21 17:54:34 | 000,040,960 | ---- | C] () -- C:\Windows\System32\nsldapssl32v50.dll [2002.03.04 10:16:34 | 000,110,592 | R--- | C] () -- C:\Windows\System32\Jpeg32.dll [1997.09.17 14:10:56 | 001,029,120 | ---- | C] () -- C:\Windows\System32\H5KRNL32.DLL [1997.09.01 13:42:34 | 000,114,176 | ---- | C] () -- C:\Windows\System32\H5DLG32.DLL [1997.08.27 16:19:28 | 000,188,928 | ---- | C] () -- C:\Windows\System32\H5ICON32.DLL [1997.08.27 16:11:52 | 000,175,104 | ---- | C] () -- C:\Windows\System32\H5MENU32.DLL [1997.08.25 14:42:44 | 000,050,688 | ---- | C] () -- C:\Windows\System32\H5TOOL32.DLL [1997.08.25 14:42:02 | 000,083,456 | ---- | C] () -- C:\Windows\System32\H5RTF32.DLL ========== Alternate Data Streams ========== @Alternate Data Stream - 64 bytes -> C:\Users\genzly\Desktop\20100216-231347.MPG:TOC.WMV @Alternate Data Stream - 179 bytes -> C:\ProgramData\TEMP:FB1B13D8 @Alternate Data Stream - 112 bytes -> C:\ProgramData\TEMP:C895616B < End of report > |
|
08.05.2010, 20:17
| #5 |
| | Virus Alureon.H entdeckt durch Microsoft Essentials; wieder da nach Neustart Hier das 2. Logfile: OTL Extras logfile created on: 08.05.2010 20:53:50 - Run 1 OTL by OldTimer - Version 3.2.4.1 Folder = C:\Users\genzly\Desktop Ultimate Edition (Version = 6.1.7600) - Type = NTWorkstation Internet Explorer (Version = 8.0.7600.16385) Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy 2,00 Gb Total Physical Memory | 0,00 Gb Available Physical Memory | 27,00% Memory free 4,00 Gb Paging File | 2,00 Gb Available in Paging File | 49,00% Paging File free Paging file location(s): ?:\pagefile.sys [binary data] %SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files Drive C: | 148,95 Gb Total Space | 101,31 Gb Free Space | 68,02% Space Free | Partition Type: NTFS D: Drive not present or media not loaded E: Drive not present or media not loaded F: Drive not present or media not loaded Drive G: | 372,61 Gb Total Space | 164,58 Gb Free Space | 44,17% Space Free | Partition Type: NTFS H: Drive not present or media not loaded I: Drive not present or media not loaded Drive J: | 931,51 Gb Total Space | 859,73 Gb Free Space | 92,29% Space Free | Partition Type: NTFS Computer Name: GENZLY-PC Current User Name: genzly Logged in as Administrator. Current Boot Mode: Normal Scan Mode: Current user Company Name Whitelist: Off Skip Microsoft Files: Off File Age = 30 Days Output = Minimal ========== Extra Registry (SafeList) ========== ========== File Associations ========== [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>] .cpl [@ = cplfile] -- C:\Windows\System32\control.exe (Microsoft Corporation) .hlp [@ = hlpfile] -- C:\Windows\winhlp32.exe (Microsoft Corporation) .js [@ = JSFile] -- C:\Programme\Panda Security\Panda Global Protection 2010\PAVSCRIP.EXE (Panda Security, S.L.) .jse [@ = JSEFile] -- C:\Programme\Panda Security\Panda Global Protection 2010\PAVSCRIP.EXE (Panda Security, S.L.) .vbe [@ = VBEFile] -- C:\Programme\Panda Security\Panda Global Protection 2010\PAVSCRIP.EXE (Panda Security, S.L.) .vbs [@ = VBSFile] -- C:\Programme\Panda Security\Panda Global Protection 2010\PAVSCRIP.EXE (Panda Security, S.L.) .wsf [@ = WSFFile] -- C:\Programme\Panda Security\Panda Global Protection 2010\PAVSCRIP.EXE (Panda Security, S.L.) .wsh [@ = WSHFile] -- C:\Programme\Panda Security\Panda Global Protection 2010\PAVSCRIP.EXE (Panda Security, S.L.) [HKEY_CURRENT_USER\SOFTWARE\Classes\<extension>] .html [@ = FirefoxHTML] -- C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation) ========== Shell Spawning ========== [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command] batfile [open] -- "%1" %* cmdfile [open] -- "%1" %* comfile [open] -- "%1" %* cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation) exefile [open] -- "%1" %* helpfile [open] -- Reg Error: Key error. hlpfile [open] -- %SystemRoot%\winhlp32.exe %1 (Microsoft Corporation) htmlfile [edit] -- "C:\Program Files\Microsoft Office\Office14\msohtmed.exe" %1 (Microsoft Corporation) htmlfile [print] -- "C:\Program Files\Microsoft Office\Office14\msohtmed.exe" /p %1 (Microsoft Corporation) inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation) jsfile [open] -- C:\PROGRA~1\PANDAS~1\PANDAG~1\PavScrip.exe "%1" %* (Panda Security, S.L.) jsefile [open] -- C:\PROGRA~1\PANDAS~1\PANDAG~1\PavScrip.exe "%1" %* (Panda Security, S.L.) piffile [open] -- "%1" %* regfile [merge] -- Reg Error: Key error. scrfile [config] -- "%1" scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l (Microsoft Corporation) scrfile [open] -- "%1" /S txtfile [edit] -- Reg Error: Key error. vbefile [open] -- C:\PROGRA~1\PANDAS~1\PANDAG~1\PavScrip.exe "%1" %* (Panda Security, S.L.) vbsfile [open] -- C:\PROGRA~1\PANDAS~1\PANDAG~1\PavScrip.exe "%1" %* (Panda Security, S.L.) wsffile [open] -- C:\PROGRA~1\PANDAS~1\PANDAG~1\PavScrip.exe "%1" %* (Panda Security, S.L.) wshfile [open] -- C:\PROGRA~1\PANDAS~1\PANDAG~1\PavScrip.exe "%1" %* (Panda Security, S.L.) Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1 Directory [AddToPlaylistVLC] -- "C:\Program Files\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" () Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation) Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation) Directory [PlayWithVLC] -- "C:\Program Files\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" () Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation) Folder [explore] -- Reg Error: Value error. Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation) ========== Security Center Settings ========== [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center] "cval" = 1 [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc] "VistaSp1" = Reg Error: Unknown registry data type -- File not found "AntiVirusOverride" = 0 "AntiSpywareOverride" = 0 "FirewallOverride" = 0 [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol] [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile] "DisableNotifications" = 0 "EnableFirewall" = 1 [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile] "DisableNotifications" = 0 "EnableFirewall" = 0 ========== Authorized Applications List ========== ========== HKEY_LOCAL_MACHINE Uninstall List ========== [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall] "{08C0729E-3E50-11DF-9D81-005056806466}" = Google Earth "{0A142996-AF95-4FFF-8097-83997ADF8A20}" = StarMoney 7.0 "{1374CC63-B520-4f3f-98E8-E9020BF01CFF}" = Windows XP Mode "{1A0D2EFC-C4FC-446A-8BC3-57A54CE5EADD}" = Opera 10.53 "{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 "{20140000-0015-0407-0000-0000000FF1CE}" = Microsoft Office Access MUI (German) 2010 (Beta) "{20140000-0016-0407-0000-0000000FF1CE}" = Microsoft Office Excel MUI (German) 2010 (Beta) "{20140000-0018-0407-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (German) 2010 (Beta) "{20140000-0019-0407-0000-0000000FF1CE}" = Microsoft Office Publisher MUI (German) 2010 (Beta) "{20140000-001A-0407-0000-0000000FF1CE}" = Microsoft Office Outlook MUI (German) 2010 (Beta) "{20140000-001B-0407-0000-0000000FF1CE}" = Microsoft Office Word MUI (German) 2010 (Beta) "{20140000-001F-0407-0000-0000000FF1CE}" = Microsoft Office Proof (German) 2010 (Beta) "{20140000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2010 (Beta) "{20140000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2010 (Beta) "{20140000-001F-0410-0000-0000000FF1CE}" = Microsoft Office Proof (Italian) 2010 (Beta) "{20140000-002C-0407-0000-0000000FF1CE}" = Microsoft Office Proofing (German) 2010 (Beta) "{20140000-003D-0000-0000-0000000FF1CE}" = Microsoft Office Single Image 2010 (Beta) "{20140000-006E-0407-0000-0000000FF1CE}" = Microsoft Office Shared MUI (German) 2010 (Beta) "{20140000-00A1-0407-0000-0000000FF1CE}" = Microsoft Office OneNote MUI (German) 2010 (Beta) "{205C6BDD-7B73-42DE-8505-9A093F35A238}" = Windows Live-Uploadtool "{22B775E7-6C42-4FC5-8E10-9A5E3257BD94}" = MSVCRT "{26A24AE4-039D-4CA4-87B4-2F83216020FF}" = Java(TM) 6 Update 20 "{28BE306E-5DA6-4F9C-BDB0-DBA3C8C6FFFD}" = QuickTime "{2BA722D1-48D1-406E-9123-8AE5431D63EF}" = Windows Live Fotogalerie "{2EA870FA-585F-4187-903D-CB9FFD21E2E0}" = DHTML Editing Component "{32A3A4F4-B792-11D6-A78A-00B0D0160160}" = Java(TM) SE Development Kit 6 Update 16 "{33ED6288-90A4-42BE-A192-C6812B4B945A}" = Andasa Toolbar "{346945DD-0FD9-4A47-A11D-BDA8496F3390}_is1" = Sanmaxi PowerPoint File Repair Trial Vresion 5.0.1 "{359CFC0A-BEB1-440D-95BA-CF63A86DA34F}" = Nero Recode "{3B4E636E-9D65-4D67-BA61-189800823F52}" = Windows Live Communications Platform "{3EFEF049-23D4-4B46-8903-4592FEA51018}" = Windows Live Movie Maker "{43E39830-1826-415D-8BAE-86845787B54B}" = Nero Vision "{4448ABF6-786D-4C3D-A49D-7BB237E6DD17}" = Foxit PDF IFilter "{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater "{51643C70-C686-463C-83E0-664D6B5B3332}" = QUAD RegistryCleaner "{52B97218-98CB-4B8B-9283-D213C85E1AA4}" = Windows Live Anmelde-Assistent "{553255F3-78FD-40F1-A6F8-6882140265FE}" = Apple Application Support "{56C049BE-79E9-4502-BEA7-9754A3E60F9B}" = neroxml "{5721A8EA-A30F-4F66-9046-3F40C43AE1DC}" = Driver Detective "{595A3116-40BB-4E0F-A2E8-D7951DA56270}" = NeroExpress "{62AC81F6-BDD3-4110-9D36-3E9EAAB40999}" = Nero CoverDesigner "{64E72FB1-2343-4977-B4A8-262CD53D0BD3}" = Corel Paint Shop Pro Photo X2 "{672D0014-71A9-45EF-B10E-DEF7426961A6}" = Sibelius Scorch (Firefox, Opera, Netscape only) "{69FDFBB6-351D-4B8C-89D8-867DC9D0A2A4}" = Windows Media Player Firefox Plugin "{6E19F210-3813-4002-B561-94D66AA182B6}" = Atheros Communications Inc.(R) L1 Gigabit Ethernet Driver "{7299052b-02a4-4627-81f2-1818da5d550d}" = Microsoft Visual C++ 2005 Redistributable "{76618402-179D-4699-A66B-D351C59436BC}" = Windows Live Sync "{770657D0-A123-3C07-8E44-1C83EC895118}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053 "{7748AC8C-18E3-43BB-959B-088FAEA16FB2}" = Nero StartSmart "{77C1BF19-57B5-8FBB-6F38-E37847212555}" = ATI Catalyst Install Manager "{7829DB6F-A066-4E40-8912-CB07887C20BB}" = Nero BurnRights "{7E265513-8CDA-4631-B696-F40D983F3B07}_is1" = CDBurnerXP "{7EE873AF-46BB-4B5D-BA6F-CFE4B0566E22}" = TuneUp Utilities Language Pack (de-DE) "{8107F97E-39AE-456C-939F-A4711E9A26D9}" = Sparwelt.de Schnäppchen-Alarm "{81A25967-DB85-4B48-A8A7-D25AC191DEE4}" = Panda Global Protection 2010 "{82809116-D1EE-443C-AE31-F19E709DDF7A}" = AMD USB Filter Driver "{837b34e3-7c30-493c-8f6a-2b0f04e2912c}" = Microsoft Visual C++ 2005 Redistributable "{837E620D-B93E-4D84-A753-BE1DBEB716B1}" = StarMoney "{84ED5482-CFB0-4DD9-BF18-489FFDACD18A}" = Microsoft Antimalware Service DE-DE Language Pack "{86F4B795-EA3D-48BD-ADFA-DA44B39059F9}" = StarMoney "{88645D03-45B0-4366-A24E-D88530719FCC}" = Web-Passport "{896B238F-7CFE-4952-82EB-96E63E8E67B6}" = COMPUTERBILD-Abzockschutz "{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight "{8BD970EF-2149-4775-B0A1-69B06945868D}" = Panda Global Protection 2010 "{8C0CAA7A-3272-4991-A808-2C7559DE3409}" = Win7codecs "{8F0AACD2-28EB-45F9-8F31-A60D83A416BF}" = honestech VHS to DVD 4.0 Trial "{90110407-6000-11D3-8CFE-0150048383C9}" = Microsoft Office Professional Edition 2003 "{90120000-0020-0407-0000-0000000FF1CE}" = Compatibility Pack für 2007 Office System "{90120000-0020-0409-0000-0000000FF1CE}" = Compatibility Pack for the 2007 Office system "{90850407-6000-11D3-8CFE-0150048383C9}" = Microsoft Office Word Viewer 2003 "{926C96FB-9D0A-4504-8000-C6D3A4A3118E}" = Java DB 10.4.2.1 "{93099B48-E36A-46C9-A03F-C85201D9B1C1}" = Foxit PDF IFilter "{95120000-00AF-0407-0000-0000000FF1CE}" = Microsoft Office PowerPoint Viewer 2007 (German) "{95120000-00B9-0409-0000-0000000FF1CE}" = Microsoft Application Error Reporting "{981029E0-7FC9-4CF3-AB39-6F133621921A}" = Skype Toolbars "{996A2FAA-7514-4628-9D12-A8FC34A0016E}" = iTunes "{A17EABB6-D0C6-44E5-820C-72DC7F495064}" = PaperPort "{A8F2089B-1F79-4BF6-B385-A2C2B0B9A74D}" = ImagXpress "{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper "{AAA30010-8E01-11D8-BBDA-0002B308455F}" = BoD easyPrint DE "{ABBD6E05-5B7F-4234-8566-E44DA0EA40D8}" = Recovery for PowerPoint "{AC76BA86-7AD7-1033-7B44-A93000000001}" = Adobe Reader 9.3.2 "{AC76BA86-7AD7-5464-3428-900000000004}" = Spelling Dictionaries Support For Adobe Reader 9 "{AF72E557-0647-4DE5-ACDA-ECFB38D5D732}" = Licensing Service Install "{B1ADF008-E898-4FE2-8A1F-690D9A06ACAF}" = DolbyFiles "{B26B00DA-2E5D-4CF2-83C5-911198C0F009}" = GoodSync "{B2EC4A38-B545-4A00-8214-13FE0E915E6D}" = Advertising Center "{B388231D-672A-4169-A3DF-BD80266252AB}" = StarMoney "{B5C3B892-0849-476C-9F46-B12F84819D57}" = Apple Mobile Device Support "{B953E109-B31A-4243-9596-EFAB9C7E257B}" = QuickImmobilie Deluxe 2009 "{BA84775E-C53D-41F4-A0C9-B9000D1BF95B}" = honestech VHS to DVD 4.0 Trial "{BB9AC6BF-71B6-42A4-9689-C17D9F44E79A}" = Brother MFL-Pro Suite DCP-115C "{BD5CA0DA-71AD-43DA-B19E-6EEE0C9ADC9A}" = Nero ControlCenter "{C2F1F96A-057E-5819-B52E-FEA1D1D2933B}" = Acronis*True*Image*Home "{C41300B9-185D-475E-BFEC-39EF732F19B1}" = Apple Software Update "{C6E52B1B-9905-469A-B8CD-399FDFA98873}" = MIT MathML Fonts 1.0 "{C81A2FE0-3574-00A9-CED4-BDAA334CBE8E}" = Nero Online Upgrade "{CD95F661-A5C4-44F5-A6AA-ECDD91C240B8}" = WinZip 12.1 "{D025A639-B9C9-417D-8531-208859000AF8}" = NeroBurningROM "{D103C4BA-F905-437A-8049-DB24763BBE36}" = Skype™ 4.2 "{D3742F82-1C1A-4DCC-ABBD-0E7C3C0185CC}" = TuneUp Utilities "{E498385E-1C51-459A-B45F-1721E37AA1A0}" = Movie Templates - Starter Kit "{E590FD1C-E8C6-4D2E-8CA9-77B403F7EE01}" = Microsoft Antimalware "{E63E34A7-E552-412B-9E40-FD6FC5227ABA}_is1" = Uniblue RegistryBooster "{E8A80433-302B-4FF1-815D-FCC8EAC482FF}" = Nero Installer "{E9ACF7F7-DB80-49B4-A1BC-63DB90913E67}_is1" = CamGuard Security System (Home Edition) 5.1.14.269 "{EC0E0E6C-CAC1-4304-AEBE-783E06FC967F}" = Kabel Deutschland widget "{EF98A02A-1748-4762-9B7D-5ED1600520D5}" = Microsoft Security Essentials "{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}" = Microsoft SQL Server 2005 Compact Edition [ENU] "{F0E12BBA-AD66-4022-A453-A1C8A0C4D570}" = Microsoft Choice Guard "{F1000000-0001-0000-0000-074957833700}" = ABBYY FineReader 10 Professional Edition "{F8FF18EE-264A-43FD-B2F6-5EAD40798C2F}" = Windows Live Essentials "{FEB15887-0932-4D2D-BB85-6AC03FBF1AA8}" = Pinnacle VideoSpin "1-2-3PDFConverter" = 1-2-3PDFConverter "7-Zip" = 7-Zip 4.65 "Able2Extract v6.0" = Able2Extract v6.0 "Adobe Flash Player ActiveX" = Adobe Flash Player 10 ActiveX "Adobe Flash Player Plugin" = Adobe Flash Player 10 Plugin "Adobe Shockwave Player" = Adobe Shockwave Player 11.5 "AI RoboForm" = AI RoboForm (All Users) "Akamai" = Akamai NetSession Interface "AMCap" = AMCap "Andasa Toolbar" = Andasa Toolbar "Any DVD Converter Professional_is1" = Any DVD Converter Professional 4.0.3 "Any Video Converter_is1" = Any Video Converter 3.0.1 "AnyDVD" = AnyDVD "Ashampoo Burning Studio 2010_is1" = Ashampoo Burning Studio 2010 "Ask Toolbar_is1" = Foxit Toolbar "Audacity 1.3 Beta (Unicode)_is1" = Audacity 1.3.9 (Unicode) "AVI To MP3 Converter_is1" = AVI To MP3 Converter 1.00 "Avidemux 2.5" = Avidemux 2.5 "BackupTool für Outlook Express (Testversion)_is1" = BackupTool für Outlook Express 3 (Testversion) "CCleaner" = CCleaner "CoffeeCup HTML Editor" = CoffeeCup HTML Editor "Driver Genius Professional Edition_is1" = Driver Genius Professional Edition "DVB Dream_is1" = DVB Dream version 1.4i "ElsterFormular ***unknown variable buildnummer***" = ElsterFormular "EVEREST Home Edition_is1" = EVEREST Home Edition v2.20 "FLV to AVI MPEG WMV 3GP MP4 iPod Converter_is1" = FLV to AVI MPEG WMV 3GP MP4 iPod Converter 5.2.0603 "Foxit PDF Editor" = Foxit PDF Editor "Foxit Reader" = Foxit Reader "Free Audio CD Burner_is1" = Free Audio CD Burner version 1.2 "Free Easy Burner_is1" = Free Easy Burner V 4.0 "Free FLV Converter_is1" = Free FLV Converter V 6.7.6 "Free Video to MP3 Converter_is1" = Free Video to MP3 Converter version 3.3 "Free YouTube to MP3 Converter_is1" = Free YouTube to MP3 Converter version 3.3 "Google Chrome" = Google Chrome "Greatis Reanimator_is1" = RegRun Reanimator "HD Tach_is1" = HD Tach version 3 "HD Tune_is1" = HD Tune 2.55 "IBP11_is1" = IBP 11.7.1 "IsoBuster_is1" = IsoBuster 2.6 "LAME for Audacity_is1" = LAME v3.98.2 for Audacity "MAGIX Speed burnR US" = MAGIX Speed burnR "Malwarebytes' Anti-Malware_is1" = Malwarebytes' Anti-Malware "Microsoft Security Essentials" = Microsoft Security Essentials "Mozilla Firefox (3.6.3)" = Mozilla Firefox (3.6.3) "Mozilla Thunderbird (3.0.4)" = Mozilla Thunderbird (3.0.4) "Mp3_File_Editor_5" = Mp3 File Editor 5.11 (standard) "News Scroller Wizard" = News Scroller Wizard 2.3 "NotenBox7_is1" = AWIN NotenBox 7 "Nucleus Kernel Powerpoint Recovery - Evaluation Version_is1" = Nucleus Kernel Powerpoint Recovery Evaluation Version 4.05.01 "Office14.SingleImage" = Microsoft Office Professional 2010 "PhotoRescue PC_is1" = PhotoRescue PC v3.1.8.11543 "QUAD Registry Cleaner" = QUAD Registry Cleaner v.1.5.69 "QuickImmobilie Deluxe 2009" = QuickImmobilie Deluxe 2009 "RealAlt_is1" = Real Alternative 2.0.1 "Secunia PSI" = Secunia PSI "Sound Normalizer_is1" = Sound Normalizer 2.77 "TeamViewer 5" = TeamViewer 5 "Tilgungsrechner_is1" = Datamatec Tilgungsrechner 4.13 "TuneUp Utilities" = TuneUp Utilities "Uninstall_is1" = Uninstall 1.0.0.1 "Unlocker" = Unlocker 1.8.9 "VLC media player" = VLC media player 1.0.5 "VSO DivxToDVD_is1" = DivxToDVD 0.5.2 "Wave Editor_is1" = Wave Editor 3.0.3.0 "WinLiveSuite_Wave3" = Windows Live Essentials "WinRAR archiver" = WinRAR "WINZD_is1" = WINZD 2009-08 "WYSIWYG_Web_Builder_6" = WYSIWYG Web Builder 6 "xvid" = XviD MPEG-4 Video Codec "XviD_is1" = XviD MPEG-4 Video Codec "Yahoo! Widget Engine" = Yahoo! Widgets "Zero Assumption Recovery_is1" = Zero Assumption Recovery Version 8.4 ========== Last 10 Event Log Errors ========== [ Application Events ] Error - 07.05.2010 11:55:24 | Computer Name = genzly-PC | Source = Microsoft-Windows-CAPI2 | ID = 513 Description = Fehler beim Kryptografiedienst während der Verarbeitung des "OnIdentity()"-Aufrufobjekts "System Writer". Details: AddCoreCsiFiles : GetNextFileMapContent() failed. System Error: Falscher Parameter. . Error - 07.05.2010 11:55:25 | Computer Name = genzly-PC | Source = Microsoft-Windows-CAPI2 | ID = 513 Description = Fehler beim Kryptografiedienst während der Verarbeitung des "OnIdentity()"-Aufrufobjekts "System Writer". Details: AddCoreCsiFiles : GetNextFileMapContent() failed. System Error: Falscher Parameter. . Error - 08.05.2010 02:59:47 | Computer Name = genzly-PC | Source = Application Hang | ID = 1002 Description = Programm OTL.exe, Version 3.2.4.1 kann nicht mehr unter Windows ausgeführt werden und wurde beendet. Überprüfen Sie den Problemverlauf in der Wartungscenter-Systemsteuerung, um nach weiteren Informationen zum Problem zu suchen. Prozess-ID: f78 Startzeit: 01caee79b525b432 Endzeit: 31 Anwendungspfad: C:\Users\genzly\Desktop\OTL.exe Berichts-ID: 3a3445d5-5a6f-11df-881a-002197ed0b20 Error - 08.05.2010 08:54:08 | Computer Name = genzly-PC | Source = Brother BrLog | ID = 1001 Description = CTLCN BrtCTLCN: [2010/05/08 14:54:08.544]: [00003016]: brccFCtl.dll: ### ERROR ### LoadLibrary Functions failed. m_fpIsAvailable-Return = FALSE Error - 08.05.2010 08:54:08 | Computer Name = genzly-PC | Source = Brother BrLog | ID = 1001 Description = CTLCN BrtCTLCN: [2010/05/08 14:54:08.591]: [00003016]: brccFCtl.dll: ### ERROR ### Get OmniPage Language-ID Failed. unO32Result = 7 Error - 08.05.2010 08:54:08 | Computer Name = genzly-PC | Source = Brother BrLog | ID = 1001 Description = CTLCN BrtCTLCN: [2010/05/08 14:54:08.591]: [00003016]: brccFCtl.dll: ### ERROR ### Get OmniPage Language-ID Failed Error - 08.05.2010 08:54:16 | Computer Name = genzly-PC | Source = Application Error | ID = 1000 Description = Name der fehlerhaften Anwendung: TuneUpUtilitiesService32.exe, Version: 9.0.4100.12, Zeitstempel: 0x4bb49c2b Name des fehlerhaften Moduls: ntdll.dll, Version: 6.1.7600.16385, Zeitstempel: 0x4a5bdadb Ausnahmecode: 0xc0000005 Fehleroffset: 0x0005716d ID des fehlerhaften Prozesses: 0xe58 Startzeit der fehlerhaften Anwendung: 0x01caeead86faa942 Pfad der fehlerhaften Anwendung: C:\Program Files\TuneUp Utilities 2010\TuneUpUtilitiesService32.exe Pfad des fehlerhaften Moduls: C:\Windows\SYSTEM32\ntdll.dll Berichtskennung: cebde929-5aa0-11df-88e1-002197ed0b20 Error - 08.05.2010 11:50:53 | Computer Name = genzly-PC | Source = Brother BrLog | ID = 1001 Description = CTLCN BrtCTLCN: [2010/05/08 17:50:53.764]: [00002376]: brccFCtl.dll: ### ERROR ### LoadLibrary Functions failed. m_fpIsAvailable-Return = FALSE Error - 08.05.2010 11:50:53 | Computer Name = genzly-PC | Source = Brother BrLog | ID = 1001 Description = CTLCN BrtCTLCN: [2010/05/08 17:50:53.842]: [00002376]: brccFCtl.dll: ### ERROR ### Get OmniPage Language-ID Failed. unO32Result = 7 Error - 08.05.2010 11:50:53 | Computer Name = genzly-PC | Source = Brother BrLog | ID = 1001 Description = CTLCN BrtCTLCN: [2010/05/08 17:50:53.858]: [00002376]: brccFCtl.dll: ### ERROR ### Get OmniPage Language-ID Failed [ Media Center Events ] Error - 25.04.2010 13:17:53 | Computer Name = genzly-PC | Source = MCUpdate | ID = 0 Description = 19:17:49 - Broadband konnte nicht abgerufen werden (Fehler: Die zugrunde liegende Verbindung wurde geschlossen: Für den geschützten SSL/TLS-Kanal konnte keine Vertrauensstellung hergestellt werden..) Error - 07.05.2010 13:15:48 | Computer Name = genzly-PC | Source = MCUpdate | ID = 0 Description = 19:15:47 - Fehler beim Herstellen der Internetverbindung. 19:15:48 - Serververbindung konnte nicht hergestellt werden.. Error - 07.05.2010 13:15:58 | Computer Name = genzly-PC | Source = MCUpdate | ID = 0 Description = 19:15:53 - Fehler beim Herstellen der Internetverbindung. 19:15:53 - Serververbindung konnte nicht hergestellt werden.. [ System Events ] Error - 07.05.2010 01:09:59 | Computer Name = genzly-PC | Source = volmgr | ID = 262190 Description = Die Initialisierung des Speicherabbildes ist fehlgeschlagen. Error - 07.05.2010 01:10:03 | Computer Name = genzly-PC | Source = Service Control Manager | ID = 7000 Description = Der Dienst "Ati External Event Utility" wurde aufgrund folgenden Fehlers nicht gestartet: %%3 Error - 08.05.2010 08:49:19 | Computer Name = genzly-PC | Source = DCOM | ID = 10010 Description = Error - 08.05.2010 08:52:34 | Computer Name = genzly-PC | Source = volmgr | ID = 262190 Description = Die Initialisierung des Speicherabbildes ist fehlgeschlagen. Error - 08.05.2010 08:53:30 | Computer Name = genzly-PC | Source = volmgr | ID = 262190 Description = Die Initialisierung des Speicherabbildes ist fehlgeschlagen. Error - 08.05.2010 08:53:33 | Computer Name = genzly-PC | Source = Service Control Manager | ID = 7000 Description = Der Dienst "Ati External Event Utility" wurde aufgrund folgenden Fehlers nicht gestartet: %%3 Error - 08.05.2010 08:55:00 | Computer Name = genzly-PC | Source = Service Control Manager | ID = 7034 Description = Dienst "TuneUp Utilities Service" wurde unerwartet beendet. Dies ist bereits 1 Mal passiert. Error - 08.05.2010 11:49:09 | Computer Name = genzly-PC | Source = volmgr | ID = 262190 Description = Die Initialisierung des Speicherabbildes ist fehlgeschlagen. Error - 08.05.2010 11:49:14 | Computer Name = genzly-PC | Source = volmgr | ID = 262190 Description = Die Initialisierung des Speicherabbildes ist fehlgeschlagen. Error - 08.05.2010 11:49:20 | Computer Name = genzly-PC | Source = Service Control Manager | ID = 7000 Description = Der Dienst "Ati External Event Utility" wurde aufgrund folgenden Fehlers nicht gestartet: %%3 < End of report > |
|
09.05.2010, 16:43
| #6 | |
| /// Winkelfunktion /// TB-Süch-Tiger™ | Virus Alureon.H entdeckt durch Microsoft Essentials; wieder da nach NeustartZitat:
__________________ --> Virus Alureon.H entdeckt durch Microsoft Essentials; wieder da nach Neustart |
|
09.05.2010, 21:21
| #7 |
| | Virus Alureon.H entdeckt durch Microsoft Essentials; wieder da nach Neustart Sorry, hatte ich vergessen. Nun die neue Log-Datei: Malwarebytes' Anti-Malware 1.46 www.malwarebytes.org Datenbank Version: 4083 Windows 6.1.7600 Internet Explorer 8.0.7600.16385 09.05.2010 22:19:36 mbam-log-2010-05-09 (22-19-36).txt Art des Suchlaufs: Vollständiger Suchlauf (C:\|G:\|J:\|) Durchsuchte Objekte: 384531 Laufzeit: 1 Stunde(n), 52 Minute(n), 26 Sekunde(n) Infizierte Speicherprozesse: 0 Infizierte Speichermodule: 0 Infizierte Registrierungsschlüssel: 1 Infizierte Registrierungswerte: 0 Infizierte Dateiobjekte der Registrierung: 0 Infizierte Verzeichnisse: 0 Infizierte Dateien: 0 Infizierte Speicherprozesse: (Keine bösartigen Objekte gefunden) Infizierte Speichermodule: (Keine bösartigen Objekte gefunden) Infizierte Registrierungsschlüssel: HKEY_LOCAL_MACHINE\SOFTWARE\QUAD Registry Cleaner v2 (Adware.QUADRegClean) -> Quarantined and deleted successfully. Infizierte Registrierungswerte: (Keine bösartigen Objekte gefunden) Infizierte Dateiobjekte der Registrierung: (Keine bösartigen Objekte gefunden) Infizierte Verzeichnisse: (Keine bösartigen Objekte gefunden) Infizierte Dateien: (Keine bösartigen Objekte gefunden) |
|
10.05.2010, 08:42
| #8 |
| /// Winkelfunktion /// TB-Süch-Tiger™ | Virus Alureon.H entdeckt durch Microsoft Essentials; wieder da nach Neustart Bitte mal den Avenger anwenden: 1.) Lade Dir von hier Avenger: Swandog46's Public Anti-Malware Tools (Download, linksseitig) 2.) Entpack das zip-Archiv, führe die Datei "avenger.exe" aus (unter Vista per Rechtsklick => als Administrator ausführen). Die Haken unten wie abgebildet setzen:  3.) Kopiere Dir exakt die Zeilen aus dem folgenden Code-Feld: Code:
ATTFilter files to delete:
c:\Programme\Common Files\Akamai\rswin_3697.dll
C:\Windows\System32\drivers\cqtopexs.sys
C:\Windows\System32\drivers\csc.sys
C:\Windows\System32\drivers\bbpjotqr.sys
C:\ProgramData\mtbjfghn.xbe
5.) Der Code-Text hier aus meinem Beitrag müsste nun unter "Input Script here" in "The Avenger" zu sehen sein. 6.) Falls dem so ist, klick unten rechts auf "Execute". Bestätige die nächste Abfrage mit "Ja", die Frage zu "Reboot now" (Neustart des Systems) ebenso. 7.) Nach dem Neustart erhältst Du ein LogFile von Avenger eingeblendet. Kopiere dessen Inhalt und poste ihn hier. 8.) Die Datei c:\avenger\backup.zip bei file-upload.net hochladen und hier verlinken
__________________ Logfiles bitte immer in CODE-Tags posten  |
|
10.05.2010, 14:00
| #9 |
| | Virus Alureon.H entdeckt durch Microsoft Essentials; wieder da nach Neustart Hier der Log von Avenger und der Link von der backup hxxp://www.file-upload.net/download-2505002/backup.zip.html : Logfile of The Avenger Version 2.0, (c) by Swandog46 hxxp://swandog46.geekstogo.com Platform: Windows Vista ******************* Script file opened successfully. Script file read successfully. Backups directory opened successfully at C:\Avenger ******************* Beginning to process script file: Rootkit scan active. No rootkits found! File "c:\Programme\Common Files\Akamai\rswin_3697.dll" deleted successfully. File "C:\Windows\System32\drivers\cqtopexs.sys" deleted successfully. File "C:\Windows\System32\drivers\csc.sys" deleted successfully. File "C:\Windows\System32\drivers\bbpjotqr.sys" deleted successfully. File "C:\ProgramData\mtbjfghn.xbe" deleted successfully. Completed script processing. ******************* Finished! Terminate. |
|
10.05.2010, 14:16
| #10 |
| /// Winkelfunktion /// TB-Süch-Tiger™ | Virus Alureon.H entdeckt durch Microsoft Essentials; wieder da nach Neustart Ok. Dann bitte jetzt CF anwenden: ComboFix Ein Leitfaden und Tutorium zur Nutzung von ComboFix
Combofix darf ausschließlich ausgeführt werden, wenn ein Kompetenzler dies ausdrücklich empfohlen hat!
__________________ Logfiles bitte immer in CODE-Tags posten |
|
10.05.2010, 15:09
| #11 |
| | Virus Alureon.H entdeckt durch Microsoft Essentials; wieder da nach Neustart So, ich hoffe ich habe alles so gemacht wie in der anleitung beschrieben. Hier der Log: ComboFix 10-05-09.06 - genzly 10.05.2010 15:44:36.1.2 - x86 Microsoft Windows 7 Ultimate 6.1.7600.0.1252.49.1031.18.1919.737 [GMT 2:00] ausgeführt von:: c:\users\genzly\Desktop\cofi.exe * Neuer Wiederherstellungspunkt wurde erstellt . (((((((((((((((((((((((((((((((((((( Weitere Löschungen )))))))))))))))))))))))))))))))))))))))))))))))) . c:\program files\Andasa\Toolbar.dll c:\program files\QUAD Utilities c:\program files\QUAD Utilities\QUAD Registry Cleaner\merge this one after patch.reg c:\program files\QUAD Utilities\QUAD Registry Cleaner\optimize.bin c:\program files\QUAD Utilities\QUAD Registry Cleaner\program.log c:\program files\QUAD Utilities\QUAD Registry Cleaner\QUAD Registry Cleaner website.url c:\program files\QUAD Utilities\QUAD Registry Cleaner\QUAD Registry Cleaner.exe c:\program files\QUAD Utilities\QUAD Registry Cleaner\QUAD Registry Cleaner.exe.BAK c:\program files\QUAD Utilities\QUAD Registry Cleaner\QUAD Scheduler.exe c:\program files\QUAD Utilities\QUAD Registry Cleaner\Styles\Vista.cjstyles c:\program files\QUAD Utilities\QUAD Registry Cleaner\uninst.exe c:\program files\QUAD Utilities\QUAD Registry Cleaner\Vista Scheduler.dll c:\program files\QUAD Utilities\QUAD RegistryCleaner\program.log c:\program files\QUAD Utilities\QUAD RegistryCleaner\QUAD RegistryCleaner.exe c:\program files\QUAD Utilities\QUAD RegistryCleaner\Scheduler.dll c:\program files\QUAD Utilities\QUAD RegistryCleaner\Styles\Vista.cjstyles c:\users\genzly\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\QUAD Utilities c:\users\genzly\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\QUAD Utilities\QUAD Registry Cleaner\QUAD Registry Cleaner website.lnk c:\users\genzly\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\QUAD Utilities\QUAD Registry Cleaner\QUAD Registry Cleaner.lnk c:\users\genzly\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\QUAD Utilities\QUAD Registry Cleaner\Uninstall QUAD Registry Cleaner.lnk c:\users\genzly\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\QUAD Utilities\QUAD RegistryCleaner\QUAD RegistryCleaner.lnk c:\users\genzly\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\QUAD Utilities\QUAD RegistryCleaner\Uninstall QUAD RegistryCleaner.lnk c:\users\genzly\AppData\Roaming\QUAD Backups c:\users\genzly\AppData\Roaming\QUAD Backups\05.04.2010,15-30-21\Automatic.reg c:\users\genzly\AppData\Roaming\QUAD Backups\05.04.2010,15-31-32\Automatic.reg c:\users\genzly\AppData\Roaming\QUAD Backups\05.04.2010,17-56-18\Automatic.reg c:\users\genzly\AppData\Roaming\QUAD Backups\05.04.2010,17-58-50\Automatic.reg c:\users\genzly\AppData\Roaming\QUAD Backups\05.06.2010,16-30-34\Automatic.reg c:\windows\system32\Vb40032.dll . ((((((((((((((((((((((( Dateien erstellt von 2010-04-10 bis 2010-05-10 )))))))))))))))))))))))))))))) . 2010-05-10 13:53 . 2010-05-10 13:53 -------- d-----w- c:\users\Default\AppData\Local\temp 2010-05-06 20:56 . 2010-05-06 20:56 13880 ----a-w- c:\windows\system32\drivers\COMFiltr.sys 2010-05-06 20:56 . 2010-05-06 20:56 262 ----a-w- c:\windows\system32\PavCPL.dat 2010-05-06 20:55 . 2009-06-16 11:33 46728 ----a-w- c:\windows\system32\drivers\wnmflt.sys 2010-05-06 20:55 . 2009-06-16 11:32 53128 ----a-w- c:\windows\system32\drivers\dsaflt.sys 2010-05-06 20:55 . 2009-06-16 11:32 193800 ----a-w- c:\windows\system32\drivers\idsflt.sys 2010-05-06 20:55 . 2009-09-30 21:07 75016 ----a-w- c:\windows\system32\drivers\APPFLT.SYS 2010-05-06 20:55 . 2009-06-16 11:33 159112 ----a-w- c:\windows\system32\drivers\NETFLTDI.SYS 2010-05-06 20:55 . 2008-03-28 09:25 22072 ----a-w- c:\windows\system32\drivers\fnetmon.sys 2010-05-06 20:54 . 2003-10-22 16:23 446464 ----a-w- c:\windows\system32\HHActiveX.dll 2010-05-06 20:54 . 2009-03-30 16:23 193792 ----a-w- c:\windows\system32\TpUtil.dll 2010-05-06 20:54 . 2009-03-30 16:22 87296 ----a-w- c:\windows\system32\PavLspHook.dll 2010-05-06 20:54 . 2009-03-30 16:22 55552 ----a-w- c:\windows\system32\pavipc.dll 2010-05-06 20:54 . 2007-02-08 08:53 107568 ----a-w- c:\windows\system32\SYSTOOLS.DLL 2010-05-06 20:54 . 2009-03-30 16:22 518400 ----a-w- c:\windows\system32\PavSHook.dll 2010-05-06 20:54 . 2009-09-09 08:29 199432 ----a-w- c:\windows\system32\drivers\neti1639.sys 2010-05-06 20:54 . 2009-08-06 10:29 49160 ----a-w- c:\windows\system32\drivers\amm8660.sys 2010-05-06 20:51 . 2009-06-30 08:37 28552 ----a-w- c:\windows\system32\drivers\pavboot.sys 2010-05-06 20:50 . 2009-06-30 15:17 163336 ----a-w- c:\windows\system32\drivers\PavProc.sys 2010-05-06 20:50 . 2008-03-04 13:59 41144 ----a-w- c:\windows\system32\drivers\ShlDrv51.sys 2010-05-06 19:53 . 2010-05-06 19:53 387584 ----a-w- c:\windows\system32\drivers\btpotssg.sys 2010-05-06 18:38 . 2010-05-06 18:38 387584 ----a-w- c:\windows\system32\drivers\aiyksqud.sys 2010-05-04 20:49 . 2010-05-04 20:49 -------- d-----w- c:\program files\AMD 2010-05-04 20:49 . 2009-04-03 04:39 27320 ----a-w- c:\windows\system32\drivers\usbfilter.sys 2010-05-04 19:14 . 2010-05-04 19:14 284160 ----a-w- c:\windows\system32\drivers\usbport.sys 2010-05-04 19:13 . 2010-05-04 19:13 20480 ----a-w- c:\windows\system32\drivers\usbohci.sys 2010-05-04 19:13 . 2010-05-04 19:13 258560 ----a-w- c:\windows\system32\drivers\usbhub.sys 2010-05-04 19:13 . 2010-05-04 19:13 41472 ----a-w- c:\windows\system32\drivers\usbehci.sys 2010-05-04 16:25 . 2010-05-04 16:26 -------- d-----w- c:\program files\Microsoft Security Essentials 2010-05-03 20:16 . 2010-05-10 13:28 -------- d-----w- c:\program files\CCleaner 2010-05-03 19:44 . 2010-05-03 19:44 -------- d-----w- c:\program files\Uniblue 2010-05-03 17:11 . 2010-05-03 17:11 -------- d-----w- c:\program files\Unlocker 2010-05-03 16:39 . 2010-02-19 09:27 -------- d---a-w- C:\Windows 7 Loader 2010-05-03 12:44 . 2009-05-04 22:30 14392 ----a-w- c:\windows\system32\drivers\AtiPcie.sys 2010-05-02 22:18 . 2009-10-10 02:57 12800 ----a-w- c:\windows\system32\drivers\sffp_sd.sys 2010-05-02 22:08 . 2010-05-02 22:08 -------- d-----w- c:\programdata\Driver Whiz 2010-05-02 19:41 . 2010-05-02 19:41 -------- d-----w- c:\users\genzly\AppData\Local\PC_Drivers_Headquarters 2010-05-02 19:37 . 2010-05-02 19:37 -------- d-----w- c:\programdata\PC Drivers HeadQuarters 2010-05-02 19:37 . 2010-05-02 19:37 -------- d-----w- c:\program files\PC Drivers HeadQuarters 2010-05-02 19:17 . 2010-05-02 19:17 -------- d-----w- c:\program files\Common Files\Java 2010-05-02 19:13 . 2010-05-02 19:13 411368 ----a-w- c:\windows\system32\deployJava1.dll 2010-05-02 16:36 . 2010-05-02 20:22 -------- d-----w- c:\windows\system32\Tools 2010-05-01 14:30 . 2010-05-01 14:30 -------- d-----w- c:\users\genzly\AppData\Local\Panda Security 2010-05-01 14:29 . 2010-05-01 14:29 -------- d-----w- c:\programdata\Backup 2010-05-01 14:28 . 2010-05-01 14:28 -------- d-----w- c:\windows\system32\PAV 2010-05-01 14:28 . 2008-03-18 14:58 58672 ----a-w- c:\windows\system32\avldr.dll 2010-05-01 14:28 . 2010-05-01 14:28 -------- d-----w- c:\users\genzly\AppData\Roaming\Panda Security 2010-05-01 14:28 . 2010-05-01 14:28 -------- d-----w- c:\programdata\Panda Security 2010-05-01 14:25 . 2010-05-01 14:25 -------- d-----w- c:\program files\Common Files\Panda Security 2010-05-01 07:08 . 2010-05-06 20:54 -------- d-----w- c:\program files\Panda Security 2010-04-30 20:22 . 2010-05-02 20:23 -------- d-----w- c:\program files\Driver Checker 2010-04-30 12:57 . 2010-04-30 12:57 -------- d-----w- c:\program files\Carambis 2010-04-28 19:41 . 2010-05-02 20:53 -------- d-----w- C:\_AcroTemp 2010-04-28 02:20 . 2009-09-26 05:58 194488 ----a-w- c:\windows\system32\drivers\fvevol.sys 2010-04-28 02:20 . 2009-12-11 07:38 1037312 ----a-w- c:\windows\system32\lsasrv.dll 2010-04-28 02:20 . 2009-12-11 07:44 133720 ----a-w- c:\windows\system32\drivers\ksecpkg.sys 2010-04-27 18:28 . 2010-05-04 20:49 -------- d-----w- c:\program files\DIFX 2010-04-25 20:02 . 2010-05-02 20:05 -------- d-----w- c:\program files\Screenshot Studio 2010-04-23 20:40 . 2010-04-23 20:41 -------- d-----w- c:\temp\sv187.tmp 2010-04-18 20:05 . 2010-04-18 20:05 -------- d-----w- c:\users\genzly\AppData\Roaming\dvdcss 2010-04-14 15:02 . 2010-04-14 15:13 -------- d-----w- c:\program files\Common Files\DVDVideoSoft 2010-04-14 15:02 . 2010-04-14 15:13 -------- d-----w- c:\program files\DVDVideoSoft 2010-04-14 14:50 . 2010-04-14 14:59 5 ----a-w- c:\windows\system32\SySatm.dat 2010-04-14 14:50 . 2010-04-14 14:50 -------- d-----w- c:\program files\Crystal Software 2010-04-14 02:29 . 2010-02-27 12:07 3954568 ----a-w- c:\windows\system32\ntkrnlpa.exe 2010-04-14 02:29 . 2010-02-27 12:07 3899280 ----a-w- c:\windows\system32\ntoskrnl.exe 2010-04-14 02:29 . 2010-03-08 21:33 427520 ----a-w- c:\windows\system32\vbscript.dll 2010-04-14 02:29 . 2010-02-27 07:32 221696 ----a-w- c:\windows\system32\drivers\mrxsmb10.sys 2010-04-14 02:29 . 2010-02-27 07:32 95744 ----a-w- c:\windows\system32\drivers\mrxsmb20.sys 2010-04-14 02:29 . 2010-02-27 07:32 123392 ----a-w- c:\windows\system32\drivers\mrxsmb.sys 2010-04-14 02:29 . 2009-12-29 06:55 172032 ----a-w- c:\windows\system32\wintrust.dll 2010-04-14 02:29 . 2010-01-09 06:52 132608 ----a-w- c:\windows\system32\cabview.dll 2010-04-12 18:41 . 2010-05-02 20:53 -------- d-----w- c:\program files\Common Files\Skype 2010-04-12 13:28 . 1998-06-17 22:00 89360 ----a-w- c:\windows\system32\VB5DB.DLL 2010-04-12 13:28 . 2010-04-12 13:28 -------- d-----w- c:\program files\Convar 2010-04-12 13:28 . 2003-07-18 11:58 516784 ----a-r- c:\windows\system32\XceedCry.dll 2010-04-12 13:28 . 2002-02-28 07:46 217088 ----a-w- c:\windows\system32\DartSock.dll 2010-04-12 13:28 . 2002-02-21 08:12 118784 ----a-w- c:\windows\system32\DartWeb.dll 2010-04-12 10:27 . 2010-04-12 10:30 -------- d-----w- c:\program files\PhotoRescue PC v3.1.8.11543 2010-04-11 20:10 . 2010-04-11 20:39 -------- d-----w- c:\program files\ZAR 2010-04-11 07:21 . 2010-04-11 07:21 -------- d-----w- c:\program files\PC Inspector File Recovery . (((((((((((((((((((((((((((((((((((( Find3M Bericht )))))))))))))))))))))))))))))))))))))))))))))))))))))) . 2010-05-10 13:53 . 2010-02-01 13:33 -------- d-----w- c:\program files\Andasa 2010-05-10 12:51 . 2009-12-21 18:45 -------- d-----w- c:\program files\Common Files\Akamai 2010-05-10 12:39 . 2009-10-16 18:49 -------- d-----w- c:\program files\TuneUp Utilities 2010 2010-05-10 09:50 . 2009-10-15 19:59 -------- d-----w- c:\users\genzly\AppData\Roaming\Skype 2010-05-10 08:25 . 2009-10-25 20:07 -------- d-----w- c:\program files\StarMoney 7.0 2010-05-10 06:06 . 2009-10-15 20:05 -------- d-----w- c:\users\genzly\AppData\Roaming\skypePM 2010-05-08 20:51 . 2009-10-16 22:30 2516 --sha-w- c:\programdata\KGyGaAvL.sys 2010-05-08 20:51 . 2009-10-16 22:30 2516 --sha-w- c:\programdata\KGyGaAvL.sys 2010-05-07 18:16 . 2010-05-07 18:16 48648 ----a-w- c:\programdata\Microsoft\eHome\Packages\MCEClientUX\UpdateableMarkup-2\Markup.dll 2010-05-07 14:40 . 2009-12-11 19:56 30536 ----a-w- c:\windows\system32\TURegOpt.exe 2010-05-07 14:34 . 2009-12-11 19:56 21320 ----a-w- c:\windows\system32\authuitu.dll 2010-05-07 14:34 . 2009-12-11 19:56 30024 ----a-w- c:\windows\system32\uxtuneup.dll 2010-05-06 08:36 . 2009-10-15 19:53 221568 ------w- c:\windows\system32\MpSigStub.exe 2010-05-04 22:40 . 2009-07-14 08:47 648406 ----a-w- c:\windows\system32\perfh007.dat 2010-05-04 22:40 . 2009-07-14 08:47 127666 ----a-w- c:\windows\system32\perfc007.dat 2010-05-04 20:30 . 2009-10-15 20:01 135328 ----a-w- c:\users\genzly\AppData\Local\GDIPFONTCACHEV1.DAT 2010-05-03 19:44 . 2010-03-21 10:49 -------- d-----w- c:\users\genzly\AppData\Roaming\Uniblue 2010-05-03 17:51 . 2010-03-27 19:34 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware 2010-05-03 12:37 . 2009-10-19 10:53 -------- d-----w- c:\program files\ATI Technologies 2010-05-02 22:28 . 2009-11-28 18:37 -------- d-----w- c:\program files\Opera 2010-05-02 21:00 . 2009-10-23 17:17 -------- d-----w- c:\users\genzly\AppData\Roaming\COMPUTERBILD-Abzockschutz 2010-05-02 19:35 . 2009-10-19 10:35 -------- d-----w- c:\program files\DriverGenius 2010-04-29 13:39 . 2010-03-27 19:34 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys 2010-04-29 13:39 . 2010-03-27 19:34 20952 ----a-w- c:\windows\system32\drivers\mbam.sys 2010-04-27 18:26 . 2010-03-21 11:32 -------- d--h--w- c:\program files\Temp 2010-04-27 17:20 . 2009-10-15 20:01 -------- d-----w- c:\program files\CDBurnerXP 2010-04-27 17:19 . 2010-02-17 22:21 -------- d-----w- c:\users\genzly\AppData\Roaming\vlc 2010-04-25 20:03 . 2009-10-30 17:21 -------- d-sh--w- c:\programdata\System Restore 2010-04-22 19:54 . 2010-04-22 19:54 0 ---ha-w- c:\windows\system32\drivers\Msft_User_WpdMtpDr_01_09_00.Wdf 2010-04-19 19:52 . 2010-04-06 19:15 -------- d-----w- c:\programdata\aewc 2010-04-14 14:27 . 2009-11-09 13:54 -------- d-----w- c:\users\genzly\AppData\Roaming\FreeFLVConverter 2010-04-14 14:24 . 2009-11-09 13:54 -------- d-----w- c:\program files\Free FLV Converter 2010-04-12 18:41 . 2009-10-15 19:58 -------- d-----w- c:\programdata\Skype 2010-04-12 13:28 . 2009-10-15 20:08 -------- d--h--w- c:\program files\InstallShield Installation Information 2010-04-10 23:38 . 2009-10-15 21:13 -------- d-----w- c:\program files\Google 2010-04-08 18:52 . 2009-11-09 13:54 311296 ----a-w- c:\windows\system32\TubeFinder.exe 2010-04-07 14:28 . 2010-04-07 14:28 104768 ----a-w- c:\windows\system32\drivers\AnyDVD.sys 2010-04-06 19:15 . 2010-04-06 19:15 -------- d-----w- c:\program files\BoD easyPrint 2010-04-06 17:08 . 2009-10-16 19:39 -------- d-----w- c:\program files\QIMMO2009 2010-04-05 20:07 . 2009-10-15 20:05 737280 ----a-w- c:\windows\iun6002.exe 2010-04-05 11:10 . 2010-01-05 16:31 -------- d-----w- c:\program files\MAGIX 2010-04-05 11:09 . 2010-01-05 16:31 -------- d-----w- c:\programdata\MAGIX 2010-04-04 14:08 . 2010-02-09 16:47 -------- d-----w- c:\program files\Mp3 File Editor 2010-04-04 14:08 . 2010-02-09 16:47 286720 ----a-w- c:\windows\iun506.exe 2010-04-04 11:15 . 2010-02-26 19:28 -------- d-----w- c:\program files\ABBYY FineReader 10 2010-04-04 11:10 . 2010-04-04 11:10 -------- d-----w- c:\program files\Investintech.com Inc 2010-04-04 11:08 . 2010-04-04 10:25 -------- d--h--w- c:\programdata\OCRTemp 2010-04-04 11:07 . 2010-04-04 10:25 -------- d-----w- c:\program files\123PDFConverter 2010-04-03 22:14 . 2009-10-15 20:35 -------- d-----w- c:\program files\TeamViewer 2010-04-03 19:39 . 2010-04-03 19:39 -------- d-----w- c:\program files\honestech VHS to DVD 4.0 Trial 2010-04-03 19:34 . 2010-02-16 20:28 -------- d-----w- c:\program files\honestech VHS to DVD 2.5 SE 2010-04-02 21:20 . 2010-04-02 21:19 -------- d-----w- c:\programdata\{429CAD59-35B1-4DBC-BB6D-1DB246563521} 2010-04-02 21:20 . 2010-04-02 21:19 -------- d-----w- c:\program files\iTunes 2010-04-02 21:19 . 2010-04-02 21:19 -------- d-----w- c:\program files\iPod 2010-04-02 21:19 . 2009-12-14 14:20 -------- d-----w- c:\program files\Common Files\Apple 2010-04-02 21:19 . 2009-12-14 14:21 -------- d-----w- c:\programdata\Apple Computer 2010-04-02 21:17 . 2010-04-02 21:17 -------- d-----w- c:\program files\Apple Software Update 2010-04-02 21:13 . 2010-04-02 21:12 -------- d-----w- c:\program files\QuickTime 2010-04-02 20:45 . 2010-04-02 20:45 -------- d-----w- c:\program files\Webcam 1200 2010-04-01 07:41 . 2009-10-15 22:04 -------- d-----w- c:\program files\Mozilla Thunderbird 2010-03-31 21:37 . 2009-10-16 15:52 -------- d-----w- c:\program files\ElsterFormular 2010-03-31 16:30 . 2010-03-31 16:30 -------- d-----w- c:\program files\Tilgungsrechner 2010-03-29 22:52 . 2010-03-29 22:50 -------- d-----w- c:\users\genzly\AppData\Roaming\Kabel Deutschland Widget 2010-03-29 22:49 . 2010-03-29 22:49 13686 ----a-r- c:\users\genzly\AppData\Roaming\Microsoft\Installer\{EC0E0E6C-CAC1-4304-AEBE-783E06FC967F}\_6FEFF9B68218417F98F549.exe 2010-03-29 22:49 . 2010-03-29 22:49 13686 ----a-r- c:\users\genzly\AppData\Roaming\Microsoft\Installer\{EC0E0E6C-CAC1-4304-AEBE-783E06FC967F}\_02A8AA8D5B189FA124B3BC.exe 2010-03-29 22:49 . 2010-03-29 22:49 -------- d-----w- c:\program files\Kabel Deutschland 2010-03-29 14:57 . 2010-03-29 14:57 -------- d-----w- c:\program files\HD Tune 2010-03-29 14:48 . 2010-03-29 14:48 -------- d-----w- c:\program files\Simpli Software 2010-03-27 19:34 . 2010-03-27 19:34 -------- d-----w- c:\users\genzly\AppData\Roaming\Malwarebytes 2010-03-27 19:34 . 2010-03-27 19:34 -------- d-----w- c:\programdata\Malwarebytes 2010-03-25 23:48 . 2010-03-25 23:48 73000 ----a-w- c:\programdata\Apple Computer\Installer Cache\iTunes 9.1.0.79\SetupAdmin.exe 2010-03-24 18:17 . 2010-03-24 08:04 952768 ----a-w- c:\programdata\Adobe\Acrobat\9.3\ARM\12570\AdobeARM.exe 2010-03-24 18:17 . 2010-03-24 08:04 70584 ----a-w- c:\programdata\Adobe\Acrobat\9.3\ARM\12570\AdobeExtractFiles.dll 2010-03-24 18:17 . 2010-03-24 08:04 326056 ----a-w- c:\programdata\Adobe\Acrobat\9.3\ARM\12570\ReaderUpdater.exe 2010-03-24 18:17 . 2010-03-24 08:04 326056 ----a-w- c:\programdata\Adobe\Acrobat\9.3\ARM\12570\AcrobatUpdater.exe 2010-03-22 22:34 . 2010-03-22 22:34 -------- d-----w- c:\program files\COMPUTERBILD-Abzockschutz 2010-03-21 11:37 . 2010-03-21 11:37 -------- d-----w- c:\program files\Realtek 2010-03-21 11:36 . 2010-03-21 11:36 -------- d-----w- c:\users\genzly\AppData\Roaming\ATI 2010-03-21 10:49 . 2010-03-21 10:49 -------- d-----w- c:\programdata\Uniblue 2010-03-21 10:32 . 2010-03-21 09:54 -------- d-----w- c:\users\genzly\AppData\Roaming\Ashampoo 2010-03-21 09:51 . 2010-03-21 09:51 -------- d-----w- c:\programdata\ashampoo 2010-03-21 09:50 . 2010-03-21 09:50 -------- d-----w- c:\program files\Ashampoo 2010-03-19 13:31 . 2010-03-19 13:31 89256 ----a-w- c:\windows\system32\ElbyCDIO.dll 2010-03-12 17:16 . 2009-10-17 18:32 -------- d-----w- c:\programdata\Microsoft Help 2010-02-26 19:16 . 2010-02-26 19:16 2560 ----a-w- c:\windows\_MSRSTRT.EXE 2010-02-23 07:56 . 2010-03-31 16:07 977920 ----a-w- c:\windows\system32\wininet.dll 2010-02-18 17:43 . 2009-10-20 08:48 1170240 ----a-w- c:\programdata\Microsoft\eHome\Packages\MCESpotlight\MCESpotlight-2\SpotlightResources.dll 2010-02-11 07:10 . 2010-03-12 02:39 293376 ----a-w- c:\windows\system32\browserchoice.exe 2010-02-11 05:32 . 2010-02-11 05:32 442368 ----a-w- c:\windows\system32\ATIDEMGX.dll 2010-02-11 05:30 . 2010-02-11 05:30 159744 ----a-w- c:\windows\system32\atitmmxx.dll 2010-02-11 05:30 . 2010-02-11 05:30 348160 ----a-w- c:\windows\system32\atipdlxx.dll 2010-02-11 05:30 . 2010-02-11 05:30 274432 ----a-w- c:\windows\system32\Oemdspif.dll 2010-02-11 05:29 . 2010-02-11 05:29 12288 ----a-w- c:\windows\system32\atimuixx.dll 2010-02-11 05:29 . 2010-02-11 05:29 43520 ----a-w- c:\windows\system32\ati2edxx.dll 2010-02-11 04:58 . 2010-02-11 04:58 11513856 ----a-w- c:\windows\system32\atioglxx.dll 2010-02-11 04:48 . 2010-02-11 04:48 135168 ----a-w- c:\windows\system32\atiadlxx.dll 2010-02-11 04:43 . 2010-02-11 04:43 53248 ----a-w- c:\windows\system32\aticalrt.dll 2010-02-11 04:43 . 2010-02-11 04:43 53248 ----a-w- c:\windows\system32\aticalcl.dll 2010-02-11 04:42 . 2010-02-11 04:42 3235840 ----a-w- c:\windows\system32\aticaldd.dll 2010-02-11 04:34 . 2010-02-11 04:34 53248 ----a-w- c:\windows\system32\drivers\ati2erec.dll 2009-11-24 12:14 . 2009-11-24 12:14 10437264 ----a-w- c:\program files\mozilla firefox\plugins\PDFNetC.dll 2009-11-28 11:10 . 2009-11-28 11:10 107760 ----a-w- c:\program files\mozilla firefox\plugins\ScorchPDFWrapper.dll 2009-11-24 12:14 . 2009-11-24 12:14 10437264 ----a-w- c:\program files\opera\program\plugins\PDFNetC.dll 2009-11-28 11:10 . 2009-11-28 11:10 107760 ----a-w- c:\program files\opera\program\plugins\ScorchPDFWrapper.dll 2009-12-23 06:03 . 2009-10-17 21:26 2 --shatr- c:\windows\winstart.bat 2009-06-10 21:26 . 2009-07-14 02:04 9633792 --sha-r- c:\windows\Fonts\StaticCache.dat 2009-07-14 01:14 . 2009-07-13 23:42 396800 --sha-w- c:\windows\winsxs\x86_microsoft-windows-mail-app_31bf3856ad364e35_6.1.7600.16385_none_f12e83abb108c86c\WinMail.exe . (((((((((((((((((((((((((((( Autostartpunkte der Registrierung )))))))))))))))))))))))))))))))))))))))) . . *Hinweis* leere Einträge & legitime Standardeinträge werden nicht angezeigt. REGEDIT4 [HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{201f27d4-3704-41d6-89c1-aa35e39143ed}] 2008-11-18 10:58 333192 ----a-w- c:\program files\AskBarDis\bar\bin\askBar.dll [HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{B4F3A835-0E21-4959-BA22-42B3008E02FF}] 2009-11-03 20:12 556432 ----a-w- c:\progra~1\MICROS~4\Office14\URLREDIR.DLL [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar] "{3041d03e-fd4b-44e0-b742-2d9b88305f98}"= "c:\program files\AskBarDis\bar\bin\askBar.dll" [2008-11-18 333192] [HKEY_CLASSES_ROOT\clsid\{3041d03e-fd4b-44e0-b742-2d9b88305f98}] [HKEY_CLASSES_ROOT\TypeLib\{4b1c1e16-6b34-430e-b074-5928eca4c150}] [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "Sidebar"="c:\program files\Windows Sidebar\sidebar.exe" [2009-07-14 1173504] "Skype"="c:\program files\Skype\\Phone\Skype.exe" [2010-04-21 26192680] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "Monitor"="c:\windows\PixArt\PAC207\Monitor.exe" [2006-11-03 319488] "TrueImageMonitor.exe"="c:\program files\Acronis\TrueImageHome\TrueImageMonitor.exe" [2009-09-12 5082488] "Acronis Scheduler2 Service"="c:\program files\Common Files\Acronis\Schedule2\schedhlp.exe" [2009-09-12 357800] "Sparwelt Schnäppchen Alarm"="c:\program files\Sparwelt.de\Sparwelt.de Schnäppchen-Alarm\Sparwelt Schnäppchen Alarm.exe" [2009-02-24 77824] "BCSSync"="c:\program files\Microsoft Office\Office14\BCSSync.exe" [2009-09-26 83312] "BrMfcWnd"="c:\program files\Brother\Brmfcmon\BrMfcWnd.exe" [2009-05-26 1159168] "ControlCenter3"="c:\program files\Brother\ControlCenter3\brctrcen.exe" [2008-12-24 114688] "Bonus.SSR.FR10"="c:\program files\ABBYY FineReader 10\Bonus.ScreenshotReader.exe" [2009-10-07 939272] " Malwarebytes Anti-Malware (reboot)"="c:\program files\Malwarebytes' Anti-Malware\mbam.exe" [2010-04-29 1090952] "QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2010-03-17 421888] "BoD easyPrint Printing Device"="c:\program files\BoD easyPrint\BoDeasyPrint_Monitor.exe" [2009-11-25 28672] "UnlockerAssistant"="c:\program files\Unlocker\UnlockerAssistant.exe" [2010-03-09 15872] "MSSE"="c:\program files\Microsoft Security Essentials\msseces.exe" [2010-02-21 1093208] "APVXDWIN"="c:\program files\Panda Security\Panda Global Protection 2010\APVXDWIN.EXE" [2009-09-25 906496] "SCANINICIO"="c:\program files\Panda Security\Panda Global Protection 2010\Inicio.exe" [2009-08-12 56064] c:\users\genzly\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\ Secunia PSI.lnk - c:\program files\Secunia\PSI\psi.exe [2009-8-21 900816] [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system] "ConsentPromptBehaviorAdmin"= 0 (0x0) "ConsentPromptBehaviorUser"= 3 (0x3) "EnableUIADesktopToggle"= 0 (0x0) "PromptOnSecureDesktop"= 0 (0x0) [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\avldr] 2008-03-18 14:58 58672 ----a-w- c:\windows\System32\avldr.dll [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MsMpSvc] @="Service" [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\PskSvcRetail] @="Service" [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AnyDVD] 2010-04-09 14:15 3378112 ----a-w- c:\program files\SlySoft\AnyDVD\AnyDVDtray.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Corel Photo Downloader] 2008-08-18 14:53 532808 ----a-r- c:\program files\Common Files\Corel\Corel PhotoDownloader\Corel Photo Downloader.exe [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run-] "SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" "SSBkgdUpdate"="c:\program files\Common Files\Scansoft Shared\SSBkgdUpdate\SSBkgdupdate.exe" -Embedding -boot "Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" "iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" "Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" "Corel File Shell Monitor"=c:\program files\Corel\Corel Paint Shop Pro Photo X2\CorelIOMonitor.exe "PaperPort PTD"=c:\program files\ScanSoft\PaperPort\pptd40nt.exe "IndexSearch"=c:\program files\ScanSoft\PaperPort\IndexSearch.exe "QuickTime Task"="c:\program files\QuickTime\QTTask.exe" -atboottime "SCANINICIO"="c:\program files\Panda Security\Panda Global Protection 2010\Inicio.exe" "APVXDWIN"="c:\program files\Panda Security\Panda Global Protection 2010\APVXDWIN.EXE" /s R2 Akamai;Akamai NetSession Interface;c:\windows\System32\svchost.exe [2009-07-14 20992] R2 gupdate;Google Update Service (gupdate);c:\program files\Google\Update\GoogleUpdate.exe [2009-10-15 133104] R2 StarMoney 7.0 OnlineUpdate;StarMoney 7.0 OnlineUpdate;c:\program files\StarMoney 7.0\ouservice\StarMoneyOnlineUpdate.exe [2010-04-12 541192] R3 DtvAudio;DtvAudio;c:\windows\system32\DRIVERS\DtvAudio.sys [2004-06-20 10330] R3 DtvVideo;DtvVideo;c:\windows\system32\DRIVERS\DtvVideo.sys [2004-06-20 25600] R3 MpNWMon;Microsoft Malware Protection Network Driver;c:\windows\system32\DRIVERS\MpNWMon.sys [2009-12-02 42368] R3 NinjaUSB;Freecom Turbo USB 2.0;c:\windows\system32\drivers\NinjaUSB.sys [2009-11-28 24704] R3 osppsvc;Office Software Protection Platform;c:\program files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE [2009-09-26 4639136] R3 UCORESYS;UCORESYS; [x] R4 sptd;sptd;c:\windows\system32\Drivers\sptd.sys [2009-11-10 691696] S0 pavboot;Panda boot driver;c:\windows\system32\Drivers\pavboot.sys [2009-06-30 28552] S0 tdrpman251;Acronis Try&Decide and Restore Points filter (build 251);c:\windows\system32\DRIVERS\tdrpm251.sys [2009-10-15 902432] S1 ShldDrv;Panda File Shield Driver;c:\windows\system32\DRIVERS\ShlDrv51.sys [2008-03-04 41144] S2 878BDA;DVB-TV 878 BDA Driver;c:\windows\system32\Drivers\878BDA.sys [2006-04-04 86016] S2 ABBYY.Licensing.FineReader.Professional.10.0;ABBYY FineReader 10 PE Licensing Service;c:\program files\Common Files\ABBYY\FineReader\10.00\Licensing\PE\NetworkLicenseServer.exe [2009-09-29 809736] S2 afcdpsrv;Acronis Nonstop Backup service;c:\program files\Common Files\Acronis\CDP\afcdpsrv.exe [2009-10-15 2326920] S2 AmFSM;AmFSM;c:\windows\system32\DRIVERS\amm8660.sys [2009-08-06 49160] S2 ComFiltr;Panda Anti-Dialer;c:\windows\system32\DRIVERS\COMFiltr.sys [2010-05-06 13880] S2 Gwmsrv;Panda Goodware Cache Manager;c:\windows\system32\svchost [x] S2 NETFLTDI;Panda Net Driver [TDI Layer];c:\windows\system32\Drivers\NETFLTDI.SYS [2009-06-16 11:33 159112] S2 PavProc;Panda Process Protection Driver;c:\windows\system32\DRIVERS\PavProc.sys [2009-06-30 163336] S2 PskSvcRetail;Panda PSK service;c:\program files\Panda Security\Panda Global Protection 2010\PskSvc.exe [2009-08-25 28928] S2 TeamViewer5;TeamViewer 5;c:\program files\TeamViewer\Version5\TeamViewer_Service.exe [2010-03-18 172328] S2 TuneUp.UtilitiesSvc;TuneUp Utilities Service;c:\program files\TuneUp Utilities 2010\TuneUpUtilitiesService32.exe [2010-05-07 1051976] S3 afcdp;afcdp;c:\windows\system32\DRIVERS\afcdp.sys [2009-10-15 159168] S3 AtcL001;NDIS Miniport Driver for Atheros L1 Gigabit Ethernet Controller;c:\windows\system32\DRIVERS\l160x86.sys [2009-10-13 49152] S3 AvFlt;Antivirus Filter Driver;c:\windows\system32\drivers\av5flt.sys [x] S3 NETIMFLT01060039;PANDA NDIS IM Filter Miniport v1.6.0.39;c:\windows\system32\DRIVERS\neti1639.sys [2009-09-09 199432] S3 PAC207;SoC PC-Camera;c:\windows\system32\DRIVERS\PFC027.SYS [2006-12-05 507136] S3 PavSRK.sys;PavSRK.sys;c:\windows\system32\PavSRK.sys [x] S3 PavTPK.sys;PavTPK.sys;c:\windows\system32\PavTPK.sys [x] S3 PSI;PSI;c:\windows\system32\DRIVERS\psi_mf.sys [2009-06-17 12648] S3 TuneUpUtilitiesDrv;TuneUpUtilitiesDrv;c:\program files\TuneUp Utilities 2010\TuneUpUtilitiesDriver32.sys [2009-10-14 10064] S3 usbfilter;AMD USB Filter Driver;c:\windows\system32\DRIVERS\usbfilter.sys [2009-04-03 27320] [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost] Akamai REG_MULTI_SZ Akamai panda REG_MULTI_SZ Gwmsrv HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost - NetSvcs UxTuneUp . Inhalt des "geplante Tasks" Ordners 2010-05-10 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job - c:\program files\Google\Update\GoogleUpdate.exe [2009-10-15 21:15] 2010-05-10 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job - c:\program files\Google\Update\GoogleUpdate.exe [2009-10-15 21:15] 2010-05-06 c:\windows\Tasks\Grundlegende Bereinigung.job - c:\program files\Panda Security\Panda Global Protection 2010\PlaTasks.exe [2010-05-06 11:46] 2010-05-06 c:\windows\Tasks\Grundlegende Bereinigung1.job - c:\program files\Panda Security\Panda Global Protection 2010\PlaTasks.exe [2010-05-06 11:46] . . ------- Zusätzlicher Suchlauf ------- . uStart Page = hxxp://www.musikkapelle-pfaffenhausen.com/ IE: An vorhandene PDF-Datei anfügen - c:\program files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIEAppend.html IE: E&xportar para o Microsoft Excel - c:\progra~1\MICROS~4\Office12\EXCEL.EXE/3000 IE: Linkziel an vorhandene PDF-Datei anhängen - c:\program files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIEAppendSelLinks.html IE: Linkziel in Adobe PDF konvertieren - c:\program files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIECaptureSelLinks.html IE: Nach Microsoft &Excel exportieren - c:\progra~1\MICROS~4\OFFICE11\EXCEL.EXE/3000 IE: Nach Microsoft E&xel exportieren - c:\progra~1\MICROS~4\Office14\EXCEL.EXE/3000 IE: RF - Formular ausfüllen - file://c:\program files\Siber Systems\AI RoboForm\RoboFormComFillForms.html IE: RF - Formular speichern - file://c:\program files\Siber Systems\AI RoboForm\RoboFormComSavePass.html IE: RF - Menü anpassen - file://c:\program files\Siber Systems\AI RoboForm\RoboFormComCustomizeIEMenu.html IE: RF - RoboForm-Leiste ein/aus - file://c:\program files\Siber Systems\AI RoboForm\RoboFormComShowToolbar.html Trusted Zone: microsoft.com\update Trusted Zone: microsoft.com\windowsupdate Trusted Zone: msn.com\de Filter: text/xml - {807573E5-5146-11D5-A672-00B0D022E945} - c:\program files\Common Files\microsoft shared\OFFICE14\MSOXMLMF.DLL FF - ProfilePath - c:\users\genzly\AppData\Roaming\Mozilla\Firefox\Profiles\wdtnl8y3.default\ FF - prefs.js: browser.search.defaulturl - hxxp://flvdirect.iamwired.net/websearch.php?src=tops&search= FF - prefs.js: browser.search.selectedEngine - Google FF - prefs.js: browser.startup.homepage - hxxp://www.musikkapelle-pfaffenhausen.com/ FF - prefs.js: keyword.URL - hxxp://flvdirect.iamwired.net/websearch.php?src=tops&search= FF - component: c:\program files\Mozilla Firefox\extensions\{AB2CE124-6272-4b12-94A9-7303C7397BD1}\components\SkypeFfComponent.dll FF - component: c:\program files\Siber Systems\AI RoboForm\Firefox\components\rfproxy_31.dll FF - component: c:\users\genzly\AppData\Roaming\Mozilla\Firefox\Profiles\wdtnl8y3.default\extensions\{0b457cAA-602d-484a-8fe7-c1d894a011ba}\platform\WINNT_x86-msvc\components\SSSLauncher.dll FF - component: c:\users\genzly\AppData\Roaming\Mozilla\Firefox\Profiles\wdtnl8y3.default\extensions\{579fcdb8-929b-11dc-8314-0800200c9a66}\components\xpcwrapper.dll FF - plugin: c:\progra~1\MICROS~4\Office14\NPAUTHZ.DLL FF - plugin: c:\progra~1\MICROS~4\Office14\NPSPWRAP.DLL FF - plugin: c:\program files\Google\Google Earth\plugin\npgeplugin.dll FF - plugin: c:\program files\Google\Update\1.2.183.17\npGoogleOneClick8.dll FF - plugin: c:\program files\Java\jre6\bin\new_plugin\npdeployJava1.dll FF - plugin: c:\program files\Mozilla Firefox\plugins\np-mswmp.dll FF - plugin: c:\program files\Mozilla Firefox\plugins\npdeployJava1.dll FF - plugin: c:\program files\Mozilla Firefox\plugins\npFoxitReaderPlugin.dll FF - plugin: c:\program files\Mozilla Firefox\plugins\npyaxmpb.dll FF - plugin: c:\program files\Opera\program\plugins\nppl3260.dll FF - plugin: c:\program files\Opera\program\plugins\nprpjplug.dll FF - plugin: c:\program files\Opera\program\plugins\nprpjplug.dll FF - plugin: c:\program files\Opera\program\plugins\NPSibelius.dll FF - plugin: c:\program files\Windows Live\Photo Gallery\NPWLPG.dll ---- FIREFOX Richtlinien ---- FF - user.js: network.http.max-persistent-connections-per-server - 4 FF - user.js: nglayout.initialpaint.delay - 600 FF - user.js: content.notify.interval - 600000 FF - user.js: content.max.tokenizing.time - 1800000 FF - user.js: content.switch.threshold - 600000 c:\program files\Mozilla Firefox\greprefs\all.js - pref("ui.use_native_colors", true); c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.auth.force-generic-ntlm", false); c:\program files\Mozilla Firefox\greprefs\all.js - pref("svg.smil.enabled", false); c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.allow_unrestricted_renego_everywhere__temporarily_available_pref", true); c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.renego_unrestricted_hosts", ""); c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.treat_unsafe_negotiation_as_broken", false); c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.require_safe_negotiation", false); c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.name", "chrome://browser/locale/browser.properties"); c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.description", "chrome://browser/locale/browser.properties"); c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("plugins.update.notifyUser", false); . . ------- Dateityp-Verknüpfung ------- . JSEFile=c:\progra~1\PANDAS~1\PANDAG~1\PAVSCRIP.EXE "%1" %* VBEFile=c:\progra~1\PANDAS~1\PANDAG~1\PAVSCRIP.EXE "%1" %* VBSFile=c:\progra~1\PANDAS~1\PANDAG~1\PAVSCRIP.EXE "%1" %* . - - - - Entfernte verwaiste Registrierungseinträge - - - - BHO-{85223548-4D57-4A3B-896B-145985F681C6} - c:\program files\Andasa\Toolbar.dll BHO-{BB9540F0-94B9-4fe8-A2E1-DE3A506ECD4B} - c:\program files\Andasa\Toolbar.dll Toolbar-{6AA99CB6-74AF-4136-A6C6-C64C95333249} - c:\program files\Andasa\Toolbar.dll HKCU-Run-QUAD Windows service - c:\program files\QUAD Utilities\QUAD Registry Cleaner\QUAD Registry Cleaner.exe HKCU-Run-QUAD Scheduler - c:\program files\QUAD Utilities\QUAD Registry Cleaner\QUAD Scheduler.exe MSConfigStartUp-UnHackMe Monitor - c:\program files\UnHackMe\hackmon.exe . --------------------- Gesperrte Registrierungsschluessel --------------------- [HKEY_LOCAL_MACHINE\system\ControlSet001\Control\PCW\Security] @Denied: (Full) (Everyone) . --------------------- Durch laufende Prozesse gestartete DLLs --------------------- - - - - - - - > 'Explorer.exe'(5180) c:\program files\Panda Security\Panda Global Protection 2010\pavoepl.dll . ------------------------ Weitere laufende Prozesse ------------------------ . c:\program files\Microsoft Security Essentials\MsMpEng.exe c:\program files\Panda Security\Panda Global Protection 2010\TPSrv.exe c:\program files\PANDA SECURITY\PANDA GLOBAL PROTECTION 2010\WebProxy.exe c:\windows\system32\brsvc01a.exe c:\windows\system32\taskhost.exe c:\windows\system32\brss01a.exe c:\program files\Common Files\Acronis\Schedule2\schedul2.exe c:\program files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe c:\program files\Common Files\Nero\Nero BackItUp 4\NBService.exe c:\program files\CDBurnerXP\NMSAccessU.exe c:\program files\Panda Security\Panda Global Protection 2010\PsCtrls.exe c:\program files\Panda Security\Panda Global Protection 2010\PavFnSvr.exe c:\program files\Common Files\Panda Security\PavShld\pavprsrv.exe c:\program files\Panda Security\Panda Global Protection 2010\pavsrvx86.exe c:\program files\panda security\panda global protection 2010\firewall\PSHOST.EXE c:\program files\Panda Security\Panda Global Protection 2010\AVENGINE.EXE c:\program files\Panda Security\Panda Global Protection 2010\PsImSvc.exe c:\program files\Common Files\Protexis\License Service\PsiService_2.exe c:\program files\TuneUp Utilities 2010\TuneUpUtilitiesApp32.exe c:\windows\system32\UI0Detect.exe c:\windows\system32\WUDFHost.exe c:\windows\system32\conhost.exe c:\program files\Brother\ControlCenter3\brccMCtl.exe c:\program files\Brother\Brmfcmon\BrMfcmon.exe c:\program files\Windows Media Player\wmpnetwk.exe c:\program files\Panda Security\Panda Global Protection 2010\SRVLOAD.EXE c:\program files\Panda Security\Panda Global Protection 2010\PavBckPT.exe c:\windows\servicing\TrustedInstaller.exe . ************************************************************************** . Zeit der Fertigstellung: 2010-05-10 16:05:36 - PC wurde neu gestartet ComboFix-quarantined-files.txt 2010-05-10 14:05 Vor Suchlauf: 14 Verzeichnis(se), 108.198.686.720 Bytes frei Nach Suchlauf: 18 Verzeichnis(se), 108.173.959.168 Bytes frei - - End Of File - - AAE65EC77C615413FDA8555D421F71E0 |
|
10.05.2010, 15:41
| #12 |
| /// Winkelfunktion /// TB-Süch-Tiger™ | Virus Alureon.H entdeckt durch Microsoft Essentials; wieder da nach Neustart Ok. Lass uns noch etwas tiefer reinschauen mit GMER und OSAM Läuft der rechner eigentlich mittlerweile wieder normal`?
__________________ Logfiles bitte immer in CODE-Tags posten |
|
10.05.2010, 21:12
| #13 |
| | Virus Alureon.H entdeckt durch Microsoft Essentials; wieder da nach Neustart Jo, der Rechner läuft normal. auf C: wird kein Virus mehr gefunden.  Hier der Log von Gmer über alle Festplatten: hxxp://www.file-upload.net/download-2506538/LOG_Gmer.txt.html (Log ist lang!) |
|
10.05.2010, 21:34
| #14 |
| | Virus Alureon.H entdeckt durch Microsoft Essentials; wieder da nach Neustart Und hier noch der Log von osam: Report of OSAM: Autorun Manager v5.0.11926.0 hxxp://www.online-solutions.ru/en/ Saved at 22:31:46 on 10.05.2010 OS: Windows 7 Ultimate Edition (Build 7600), 32-bit Default Browser: Mozilla Corporation Firefox 3.6.3 Scanner Settings [x] Rootkits detection (hidden registry) [x] Rootkits detection (hidden files) [x] Retrieve files information [x] Check Microsoft signatures Filters [ ] Trusted entries [ ] Empty entries [x] Hidden registry entries (rootkit activity) [x] Exclusively opened files [x] Not found files [x] Files without detailed information [x] Existing files [ ] Non-startable services [ ] Non-startable drivers [x] Active entries [x] Disabled entries [Common] -----( %SystemRoot%\Tasks )----- "Grundlegende Bereinigung.job" - "Panda Security, S.L." - C:\Program Files\Panda Security\Panda Global Protection 2010\PlaTasks.exe "Grundlegende Bereinigung1.job" - "Panda Security, S.L." - C:\Program Files\Panda Security\Panda Global Protection 2010\PlaTasks.exe "GoogleUpdateTaskMachineCore.job" - "Google Inc." - C:\Program Files\Google\Update\GoogleUpdate.exe "GoogleUpdateTaskMachineUA.job" - "Google Inc." - C:\Program Files\Google\Update\GoogleUpdate.exe [Control Panel Objects] -----( %SystemRoot%\system32 )----- "BDEADMIN.CPL" - ? - C:\Windows\system32\BDEADMIN.CPL "pavcpl.cpl" - "Panda Software" - C:\Windows\system32\pavcpl.cpl -----( HKLM\Software\Microsoft\Windows\CurrentVersion\Control Panel\Cpls )----- "Nero BurnRights" - "Nero AG" - C:\Program Files\Nero\Nero 9\Nero BurnRights\NeroBurnRights_cpl.cpl "PavCPL" - "Panda Software" - C:\Windows\system32\pavcpl.cpl "QuickTime" - "Apple Inc." - C:\Program Files\QuickTime\QTSystem\QuickTime.cpl [Drivers] -----( HKLM\SYSTEM\CurrentControlSet\Services )----- "@%systemroot%\system32\cscsvc.dll,-202" (CSC) - ? - C:\Windows\System32\drivers\csc.sys (File not found) "Acronis Snapshots Manager" (snapman) - "Acronis" - C:\Windows\System32\DRIVERS\snapman.sys "Acronis Try&Decide and Restore Points filter (build 251)" (tdrpman251) - "Acronis" - C:\Windows\System32\DRIVERS\tdrpm251.sys "afcdp" (afcdp) - "Acronis" - C:\Windows\System32\DRIVERS\afcdp.sys "AmFSM" (AmFSM) - "Panda Security, S.L." - C:\Windows\System32\DRIVERS\amm8660.sys "Antivirus Filter Driver" (AvFlt) - ? - C:\Windows\system32\drivers\av5flt.sys (File not found) "AnyDVD" (AnyDVD) - "SlySoft, Inc." - C:\Windows\System32\Drivers\AnyDVD.sys "catchme" (catchme) - ? - C:\Users\genzly\AppData\Local\Temp\catchme.sys (File not found) "cpuz132" (cpuz132) - ? - C:\Windows\system32\drivers\cpuz132.sys (File not found) "DtvAudio" (DtvAudio) - "TwinHan Provide" - C:\Windows\System32\DRIVERS\DtvAudio.sys "DtvVideo" (DtvVideo) - "TwinHan Provide" - C:\Windows\System32\DRIVERS\DtvVideo.sys "ElbyCDIO Driver" (ElbyCDIO) - "Elaborate Bytes AG" - C:\Windows\System32\Drivers\ElbyCDIO.sys "Freecom Turbo USB 2.0" (NinjaUSB) - ? - C:\Windows\System32\drivers\NinjaUSB.sys "Panda Anti-Dialer" (ComFiltr) - ? - C:\Windows\system32\DRIVERS\COMFiltr.sys "Panda boot driver" (pavboot) - "Panda Security, S.L." - C:\Windows\System32\Drivers\pavboot.sys "Panda File Shield Driver" (ShldDrv) - "Panda Security, S.L." - C:\Windows\System32\DRIVERS\ShlDrv51.sys "Panda Net Driver [TDI Layer]" (NETFLTDI) - "Panda Security, S.L." - C:\Windows\system32\Drivers\NETFLTDI.SYS "Panda Process Protection Driver" (PavProc) - "Panda Security, S.L." - C:\Windows\system32\DRIVERS\PavProc.sys "PavSRK.sys" (PavSRK.sys) - ? - C:\Windows\system32\PavSRK.sys (File not found) "PavTPK.sys" (PavTPK.sys) - ? - C:\Windows\system32\PavTPK.sys (File not found) "PSI" (PSI) - "Secunia" - C:\Windows\System32\DRIVERS\psi_mf.sys "Service for HDMI" (RTHDMIAzAudService) - ? - C:\Windows\system32\drivers\RTHDMIAzAudService.sys (File not found) "StarOpen" (StarOpen) - ? - C:\Windows\system32\drivers\StarOpen.sys (File found, but it contains no detailed information) "TuneUpUtilitiesDrv" (TuneUpUtilitiesDrv) - "TuneUp Software" - C:\Program Files\TuneUp Utilities 2010\TuneUpUtilitiesDriver32.sys "UCORESYS" (UCORESYS) - ? - C:\Windows\system32\drivers\UCORESYS.sys (File not found) [Explorer] -----( HKLM\Software\Classes\Folder\shellex\ColumnHandlers )----- {F9DB5320-233E-11D1-9F84-707F02C10627} "PDF Shell Extension" - "Adobe Systems, Inc." - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\PDFShell.dll {0561EC90-CE54-4f0c-9C55-E226110A740C} "{0561EC90-CE54-4f0c-9C55-E226110A740C}" - ? - (File not found | COM-object registry key not found) -----( HKLM\Software\Classes\Protocols\Filter )----- {807573E5-5146-11D5-A672-00B0D022E945} "Microsoft Office InfoPath XML Mime Filter" - "Microsoft Corporation" - C:\Program Files\Common Files\Microsoft Shared\OFFICE14\MSOXMLMF.DLL -----( HKLM\Software\Classes\Protocols\Handler )----- {32505114-5902-49B2-880A-1F7738E5A384} "Data Page Plugable Protocal mso-offdap11 Handler" - "Microsoft Corporation" - C:\PROGRA~1\COMMON~1\MICROS~1\WEBCOM~1\11\OWC11.DLL {314111c7-a502-11d2-bbca-00c04f8ec294} "HxProtocol Class" - "Microsoft Corporation" - C:\Program Files\Common Files\Microsoft Shared\Help\hxds.dll {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} "IEProtocolHandler Class" - "Skype Technologies" - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL -----( HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks )----- {AEB6717E-7E19-11d0-97EE-00C04FD91972} "{AEB6717E-7E19-11d0-97EE-00C04FD91972}" - ? - (File not found | COM-object registry key not found) -----( HKLM\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved )----- {79BC0345-1015-11D2-A299-006008312725} "///FAST project settings" - ? - C:\Program Files\Pinnacle\VideoSpin\Programs\BlueShellExt.dll (File found, but it contains no detailed information) {23170F69-40C1-278A-1000-000100020000} "7-Zip Shell Extension" - "Igor Pavlov" - C:\Program Files\7-Zip\7-zip.dll {C539A15B-3AF9-4c92-B771-50CB78F5C751} "Acronis Secure Zone" - "Acronis" - C:\Program Files\Acronis\TrueImageHome\tishell.dll {C539A15A-3AF9-4c92-B771-50CB78F5C751} "Acronis True Image Shell Context Menu Extension" - "Acronis" - C:\Program Files\Acronis\TrueImageHome\tishell.dll {bc5e1455-02ca-4b30-8eed-91d52a38da75} "FineReader10.FRContextMenu.1" - "ABBYY." - C:\Program Files\ABBYY FineReader 10\FRIntegration.dll {327669A0-59A7-4be9-B99E-1C9F3A57611A} "Haali Matroska Thumbnail Exctractor" - ? - (File not found | COM-object registry key not found) {B9E1D2CB-CCFF-4AA6-9579-D7A4754030EF} "iTunes" - "Apple Inc." - C:\Program Files\iTunes\iTunesMiniPlayer.dll {42042206-2D85-11D3-8CFF-005004838597} "Microsoft Office HTML Icon Handler" - "Microsoft Corporation" - C:\Program Files\Microsoft Office\Office14\msohevi.dll {993BE281-6695-4BA5-8A2A-7AACBFAAB69E} "Microsoft Office Metadata Handler" - "Microsoft Corporation" - C:\PROGRA~1\COMMON~1\MICROS~1\OFFICE12\msoshext.dll {C41662BB-1FA0-4CE0-8DC5-9B7F8279FF97} "Microsoft Office Thumbnail Handler" - "Microsoft Corporation" - C:\PROGRA~1\COMMON~1\MICROS~1\OFFICE12\msoshext.dll {97F68CE3-7146-45FF-BE24-D9A7DD7CB8A2} "NeroCoverEdLiveIcons Class" - "Nero AG" - C:\Program Files\Nero\Nero 9\Nero CoverDesigner\CoverEdExtension.dll {65756541-C65C-11CD-0000-4B656E696100} "Panda Antivirus" - "Panda Security, S.L." - C:\Program Files\Panda Security\Panda Global Protection 2010\PavOLE.dll {4838CD50-7E5D-4811-9B17-C47A85539F28} "TuneUp Disk Space Explorer Shell Extension" - "TuneUp Software" - C:\Program Files\TuneUp Utilities 2010\DseShExt-x86.dll {4858E7D9-8E12-45a3-B6A3-1CD128C9D403} "TuneUp Shredder Shell Extension" - "TuneUp Software" - C:\Program Files\TuneUp Utilities 2010\SDShelEx-win32.dll {44440D00-FF19-4AFC-B765-9A0970567D97} "TuneUp Theme Extension" - "TuneUp Software" - C:\Windows\System32\uxtuneup.dll {DDE4BEEB-DDE6-48fd-8EB5-035C09923F83} "UnlockerShellExtension" - ? - C:\Program Files\Unlocker\UnlockerCOM.dll (File found, but it contains no detailed information) {BDEADF00-C265-11D0-BCED-00A0C90AB50F} "Webordner" - "Microsoft Corporation" - C:\PROGRA~1\COMMON~1\MICROS~1\WEBFOL~1\MSONSEXT.DLL {2BE99FD4-A181-4996-BFA9-58C5FFD11F6C} "Windows Live Photo Gallery Autoplay Drop Target" - "Microsoft Corporation" - C:\Program Files\Windows Live\Photo Gallery\WLXPhotoGallery.exe {00F30F64-AC33-42F5-8FD1-5DC2D3FDE06C} "Windows Live Photo Gallery Editor Drop Target" - "Microsoft Corporation" - C:\Program Files\Windows Live\Photo Gallery\WLXPhotoGallery.exe {00F3712A-CA79-45B4-9E4D-D7891E7F8B9D} "Windows Live Photo Gallery Editor Shim" - "Microsoft Corporation" - C:\Program Files\Windows Live\Photo Gallery\PhotoViewerShim.dll {00F30F90-3E96-453B-AFCD-D71989ECC2C7} "Windows Live Photo Gallery Viewer Autoplay Shim" - "Microsoft Corporation" - C:\Program Files\Windows Live\Photo Gallery\PhotoViewerShim.dll {00F33137-EE26-412F-8D71-F84E4C2C6625} "Windows Live Photo Gallery Viewer Autoplay Shim" - "Microsoft Corporation" - C:\Program Files\Windows Live\Photo Gallery\PhotoViewerShim.dll {00F374B7-B390-4884-B372-2FC349F2172B} "Windows Live Photo Gallery Viewer Drop Target" - "Microsoft Corporation" - C:\Program Files\Windows Live\Photo Gallery\WLXPhotoGallery.exe {00F346CB-35A4-465B-8B8F-65A29DBAB1F6} "Windows Live Photo Gallery Viewer Shim" - "Microsoft Corporation" - C:\Program Files\Windows Live\Photo Gallery\PhotoViewerShim.dll {B41DB860-8EE4-11D2-9906-E49FADC173CA} "WinRAR" - "Alexander Roshal" - C:\Program Files\WinRAR\rarext.dll {E0D79304-84BE-11CE-9641-444553540000} "WinZip" - "WinZip Computing, S.L." - C:\Program Files\WinZip\wzshlstb.dll {E0D79305-84BE-11CE-9641-444553540000} "WinZip" - "WinZip Computing, S.L." - C:\Program Files\WinZip\wzshlstb.dll {E0D79306-84BE-11CE-9641-444553540000} "WinZip" - "WinZip Computing, S.L." - C:\Program Files\WinZip\wzshlstb.dll {E0D79307-84BE-11CE-9641-444553540000} "WinZip" - "WinZip Computing, S.L." - C:\Program Files\WinZip\wzshlstb.dll {06A2568A-CED6-4187-BB20-400B8C02BE5A} "{06A2568A-CED6-4187-BB20-400B8C02BE5A}" - "Microsoft Corporation" - C:\Program Files\Windows Live\Photo Gallery\WLXPhotoAcquireWizard.exe [Internet Explorer] -----( HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser )----- <binary data> "&RoboForm" - "Siber Systems Inc." - C:\Program Files\Siber Systems\AI RoboForm\roboform.dll ITBar7Height "ITBar7Height" - ? - (File not found | COM-object registry key not found) <binary data> "ITBar7Layout" - ? - (File not found | COM-object registry key not found) <binary data> "{47833539-D0C5-4125-9FA8-0819E2EAAC93}" - ? - (File not found | COM-object registry key not found) -----( HKLM\SOFTWARE\Microsoft\Code Store Database\Distribution Units )----- {8AD9C840-044E-11D1-B3E9-00805F499D93} "Java Plug-in 1.6.0_20" - "Sun Microsystems, Inc." - C:\Program Files\Java\jre6\bin\jp2iexp.dll / hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_20-windows-i586.cab {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA} "Java Plug-in 1.6.0_20" - "Sun Microsystems, Inc." - C:\Program Files\Java\jre6\bin\jp2iexp.dll / hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_20-windows-i586.cab {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} "Java Plug-in 1.6.0_20" - "Sun Microsystems, Inc." - C:\Program Files\Java\jre6\bin\npjpi160_20.dll / hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_20-windows-i586.cab -----( HKLM\SOFTWARE\Microsoft\Internet Explorer\Extensions )----- "Ausfüllen" - ? - C:\Program Files\Siber Systems\AI RoboForm\RoboFormComFillForms.html {FF059E31-CC5A-4E2E-BF3B-96E929D65503} "Recherchieren" - "Microsoft Corporation" - C:\PROGRA~1\MICROS~4\OFFICE11\REFIEBAR.DLL "RoboForm" - ? - C:\Program Files\Siber Systems\AI RoboForm\RoboFormComShowToolbar.html "Speichern" - ? - C:\Program Files\Siber Systems\AI RoboForm\RoboFormComSavePass.html -----( HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar )----- <binary data> "&RoboForm" - "Siber Systems Inc." - C:\Program Files\Siber Systems\AI RoboForm\roboform.dll <binary data> "Foxit Toolbar" - "Ask.com" - C:\Program Files\AskBarDis\bar\bin\askBar.dll -----( HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects )----- {18DF081C-E8AD-4283-A596-FA578C2EBDC3} "Adobe PDF Link Helper" - "Adobe Systems Incorporated" - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll {201f27d4-3704-41d6-89c1-aa35e39143ed} "AskBar BHO" - "Ask.com" - C:\Program Files\AskBarDis\bar\bin\askBar.dll {DBC80044-A445-435b-BC74-9C25C1C588A9} "Java(tm) Plug-In 2 SSV Helper" - "Sun Microsystems, Inc." - C:\Program Files\Java\jre6\bin\jp2ssv.dll {B4F3A835-0E21-4959-BA22-42B3008E02FF} "Office Document Cache Handler" - "Microsoft Corporation" - C:\PROGRA~1\MICROS~4\Office14\URLREDIR.DLL {9030D464-4C02-4ABF-8ECC-5164760863C6} "Windows Live Anmelde-Hilfsprogramm" - "Microsoft Corporation" - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll {724d43a9-0d85-11d4-9908-00400523e39a} "{724d43a9-0d85-11d4-9908-00400523e39a}" - "Siber Systems Inc." - C:\Program Files\Siber Systems\AI RoboForm\roboform.dll [Logon] -----( %APPDATA%\Microsoft\Windows\Start Menu\Programs\Startup )----- "desktop.ini" - ? - C:\Users\genzly\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\desktop.ini -----( %AllUsersProfile%\Microsoft\Windows\Start Menu\Programs\Startup )----- "desktop.ini" - ? - C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\desktop.ini -----( HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Run )----- "Skype" - "Skype Technologies S.A." - "C:\Program Files\Skype\\Phone\Skype.exe" /nosplash /minimized -----( HKLM\Software\Microsoft\Windows\CurrentVersion\Run )----- "Acronis Scheduler2 Service" - "Acronis" - "C:\Program Files\Common Files\Acronis\Schedule2\schedhlp.exe" "APVXDWIN" - "Panda Security, S.L." - "C:\Program Files\Panda Security\Panda Global Protection 2010\APVXDWIN.EXE" /s "BCSSync" - "Microsoft Corporation" - "C:\Program Files\Microsoft Office\Office14\BCSSync.exe" /DelayServices "BoD easyPrint Printing Device" - "Books on Demand" - "C:\Program Files\BoD easyPrint\BoDeasyPrint_Monitor.exe" "Bonus.SSR.FR10" - "ABBYY." - "C:\Program Files\ABBYY FineReader 10\Bonus.ScreenshotReader.exe" /autorun "BrMfcWnd" - "Brother Industries, Ltd." - C:\Program Files\Brother\Brmfcmon\BrMfcWnd.exe /AUTORUN "ControlCenter3" - "Brother Industries, Ltd." - C:\Program Files\Brother\ControlCenter3\brctrcen.exe /autorun "MSSE" - "Microsoft Corporation" - "c:\Program Files\Microsoft Security Essentials\msseces.exe" -hide -runkey "QuickTime Task" - "Apple Inc." - "C:\Program Files\QuickTime\QTTask.exe" -atboottime "SCANINICIO" - "Panda Security, S.L." - "C:\Program Files\Panda Security\Panda Global Protection 2010\Inicio.exe" "Sparwelt Schnäppchen Alarm" - "Sparwelt.de" - C:\Program Files\Sparwelt.de\Sparwelt.de Schnäppchen-Alarm\Sparwelt Schnäppchen Alarm.exe "TrueImageMonitor.exe" - "Acronis" - C:\Program Files\Acronis\TrueImageHome\TrueImageMonitor.exe "UnlockerAssistant" - ? - "C:\Program Files\Unlocker\UnlockerAssistant.exe" (File found, but it contains no detailed information) [Print Monitors] -----( HKLM\SYSTEM\CurrentControlSet\Control\Print\Monitors )----- "Asura Direct Monitor" - "OneVision Software GmbH & Co. KG" - C:\Windows\system32\AsuraDirectMonitor.dll "Microsoft Document Imaging Writer Monitor" - "Microsoft Corporation" - C:\Windows\system32\mdimon.dll [Services] -----( HKLM\SYSTEM\CurrentControlSet\Services )----- "@%SystemRoot%\System32\uxtuneup.dll,-4096" (UxTuneUp) - "TuneUp Software" - C:\Windows\System32\uxtuneup.dll "@C:\Program Files\TuneUp Utilities 2010\TuneUpDefragService.exe,-1" (TuneUp.Defrag) - "TuneUp Software" - C:\Program Files\TuneUp Utilities 2010\TuneUpDefragService.exe "ABBYY FineReader 10 PE Licensing Service" (ABBYY.Licensing.FineReader.Professional.10.0) - "ABBYY" - C:\Program Files\Common Files\ABBYY\FineReader\10.00\Licensing\PE\NetworkLicenseServer.exe "Acronis Nonstop Backup service" (afcdpsrv) - "Acronis" - C:\Program Files\Common Files\Acronis\CDP\afcdpsrv.exe "Acronis Scheduler2 Service" (AcrSch2Svc) - "Acronis" - C:\Program Files\Common Files\Acronis\Schedule2\schedul2.exe "Akamai NetSession Interface" (Akamai) - ? - c:\program files\common files\akamai\rswin_3697.dll (File not found) "Apple Mobile Device" (Apple Mobile Device) - "Apple Inc." - C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe "Ati External Event Utility" (Ati External Event Utility) - ? - C:\Windows\system32\drivers\Ati External Event Utility.sys (File not found) "Google Update Service (gupdate)" (gupdate) - "Google Inc." - C:\Program Files\Google\Update\GoogleUpdate.exe "iPod-Dienst" (iPod Service) - "Apple Inc." - C:\Program Files\iPod\bin\iPodService.exe "Microsoft Antimalware Service" (MsMpSvc) - "Microsoft Corporation" - c:\Program Files\Microsoft Security Essentials\MsMpEng.exe "Nero BackItUp Scheduler 4.0" (Nero BackItUp Scheduler 4.0) - "Nero AG" - C:\Program Files\Common Files\Nero\Nero BackItUp 4\NBService.exe "NMSAccessU" (NMSAccessU) - ? - C:\Program Files\CDBurnerXP\NMSAccessU.exe (File found, but it contains no detailed information) "Office Source Engine" (ose) - "Microsoft Corporation" - C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE "Office Software Protection Platform" (osppsvc) - "Microsoft Corporation" - C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE "Panda Function Service" (PAVFNSVR) - "Panda Security, S.L." - C:\Program Files\Panda Security\Panda Global Protection 2010\PavFnSvr.exe "Panda Goodware Cache Manager" (Gwmsrv) - "Panda Security, S.L." - C:\Program Files\Panda Security\Panda Global Protection 2010\Gwmsrv.dll "Panda Host Service" (PSHost) - "Panda Security International" - c:\program files\panda security\panda global protection 2010\firewall\PSHOST.EXE "Panda IManager Service" (PSIMSVC) - "Panda Security S.L." - C:\Program Files\Panda Security\Panda Global Protection 2010\PsImSvc.exe "Panda On-Access Anti-Malware Service" (PAVSRV) - "Panda Security, S.L." - C:\Program Files\Panda Security\Panda Global Protection 2010\pavsrvx86.exe "Panda Process Protection Service" (PavPrSrv) - "Panda Security, S.L." - C:\Program Files\Common Files\Panda Security\PavShld\pavprsrv.exe "Panda PSK service" (PskSvcRetail) - "Panda Security, S.L." - C:\Program Files\Panda Security\Panda Global Protection 2010\PskSvc.exe "Panda Software Controller" (Panda Software Controller) - "Panda Security, S.L." - C:\Program Files\Panda Security\Panda Global Protection 2010\PsCtrls.exe "Panda TPSrv" (TPSrv) - "Panda Security, S.L." - C:\Program Files\Panda Security\Panda Global Protection 2010\TPSrv.exe "Protexis Licensing V2" (PSI_SVC_2) - "Protexis Inc." - C:\Program Files\Common Files\Protexis\License Service\PsiService_2.exe "StarMoney 7.0 OnlineUpdate" (StarMoney 7.0 OnlineUpdate) - "Star Finanz - Software Entwicklung und Vertriebs GmbH" - C:\Program Files\StarMoney 7.0\ouservice\StarMoneyOnlineUpdate.exe "TeamViewer 5" (TeamViewer5) - "TeamViewer GmbH" - C:\Program Files\TeamViewer\Version5\TeamViewer_Service.exe "TuneUp Utilities Service" (TuneUp.UtilitiesSvc) - "TuneUp Software" - C:\Program Files\TuneUp Utilities 2010\TuneUpUtilitiesService32.exe [Winlogon] -----( HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify )----- "avldr" - "Panda Security, S.L." - C:\Windows\system32\avldr.dll ===[ Logfile end ]=========================================[ Logfile end ]=== If You have questions or want to get some help, You can visit hxxp://forum.online-solutions.ru |
|
11.05.2010, 13:29
| #15 |
| /// Winkelfunktion /// TB-Süch-Tiger™ | Virus Alureon.H entdeckt durch Microsoft Essentials; wieder da nach Neustart Sieht alles gut aus, ich denke Dein Rechner ist wieder geheilt Prüf dann jetzt mal die Updates wenn wieder alles ok ist! Microsoftupdate Windows XP: Besuch mit dem IE die MS-Updateseite und lass Dir alle wichtigen Updates installieren. Windows Vista/7: Anleitung Windows-Update PDF-Reader aktualisieren Dein Adobe Reader ist nicht aktuell, was ein großes Sicherheitsrisiko darstellt. Du solltest daher besser die alte Version über Systemsteuerung => Software deinstallieren, indem Du dort auf "Adobe Reader x.0" klickst und das Programm entfernst. Ich empfehle einen alternativen PDF-Reader wie SumatraPDF oder Foxit PDF Reader, beide sind sehr viel schlanker und flotter als der AdobeReader. Bitte überprüf bei der Gelegenheit auch die Aktualität des Flashplayers, hier der direkte Downloadlink => http://filepony.de/?q=Flash+Player Java-Update Veraltete Java-Installationen sind ein Sicherheitsrisiko, daher solltest Du die alten Versionen löschen (falls vorhanden) und auf die neuste aktualisieren. Beende dazu alle Programme (v.a. die Browser), klick danach auf Start, Systemsteuerung, Software und deinstalliere darüber alle aufgelisteten Java-Versionen. Lad Dir danach von hier das aktuelle Java SE Runtime Environment (JRE) herunter und installiere es.
__________________ Logfiles bitte immer in CODE-Tags posten |
|
| Themen zu Virus Alureon.H entdeckt durch Microsoft Essentials; wieder da nach Neustart |
| alureon.h, entdeck, entdeckt, essen, essentials, gefunde, microsoft, microsoft essentials, neustart, nicht mehr, tagen, update, virus |
Linear-Darstellung
