| |
| |||||||
Plagegeister aller Art und deren Bekämpfung: Google verlinkt auf Malware VirusWindows 7 Wenn Du nicht sicher bist, ob Du dir Malware oder Trojaner eingefangen hast, erstelle hier ein Thema. Ein Experte wird sich mit weiteren Anweisungen melden und Dir helfen die Malware zu entfernen oder Unerwünschte Software zu deinstallieren bzw. zu löschen. Bitte schildere dein Problem so genau wie möglich. Sollte es ein Trojaner oder Viren Problem sein wird ein Experte Dir bei der Beseitigug der Infektion helfen. |
 |
08.07.2010, 12:41
| #16 |
| /// Winkelfunktion /// TB-Süch-Tiger™   |  Google verlinkt auf Malware Virus Nicht so wirklich bzw. bin mir nicht sicher. Du suchst was bei Google, klickst da einen Ergebnislink an und nur darüber kommst Du zur "Virus-Seite" ? Bist Du sicher, dass der Link identisch mit dem manuell eingegebenen ist?
__________________ Logfiles bitte immer in CODE-Tags posten  |
|
08.07.2010, 13:00
| #17 |
 | Google verlinkt auf Malware Virus Ja, 1000% sicher. Deshalb war ich ja so verwirrt.
__________________Hast Du das nicht versucht wie ich es gestern beschrieben hatte mit den Links, es war bei allen so die ich informiert hatte. Das selbe Symptom. |
|
08.07.2010, 13:20
| #18 |
| /// Winkelfunktion /// TB-Süch-Tiger™ | Google verlinkt auf Malware Virus Erstell bitte mal ein neues OTL-Log. Im ersten scheinen einige Abschnitte zu fehlen.
__________________
__________________ |
|
08.07.2010, 13:36
| #19 |
| | Google verlinkt auf Malware Virus OTL EXTRAS Logfile: Code:
ATTFilter OTL Extras logfile created on: 08.07.2010 14:27:50 - Run 4
OTL by OldTimer - Version 3.2.7.1 Folder = C:\Users\pcdualcore\Desktop
Windows Vista Home Premium Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18928)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
2,00 Gb Total Physical Memory | 1,00 Gb Available Physical Memory | 48,00% Memory free
2,00 Gb Paging File | 1,00 Gb Available in Paging File | 38,00% Paging File free
Paging file location(s): [binary data]
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 445,74 Gb Total Space | 300,90 Gb Free Space | 67,51% Space Free | Partition Type: NTFS
Drive D: | 20,01 Gb Total Space | 16,64 Gb Free Space | 83,17% Space Free | Partition Type: FAT32
E: Drive not present or media not loaded
Drive F: | 4,33 Gb Total Space | 0,00 Gb Free Space | 0,00% Space Free | Partition Type: UDF
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded
Drive K: | 298,09 Gb Total Space | 10,22 Gb Free Space | 3,43% Space Free | Partition Type: NTFS
Computer Name: PCDUALCORE-PC
Current User Name: pcdualcore
Logged in as Administrator.
Current Boot Mode: Normal
Scan Mode: Current user
Company Name Whitelist: Off
Skip Microsoft Files: Off
File Age = 30 Days
Output = Minimal
========== Extra Registry (SafeList) ==========
========== File Associations ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- C:\Windows\System32\control.exe (Microsoft Corporation)
.hlp [@ = hlpfile] -- C:\Windows\winhlp32.exe (Microsoft Corporation)
.html [@ = FirefoxHTML] --
.ini [@ = UltraEdit.ini] -- C:\Program Files\UltraEdit\UEDIT32.EXE (IDM Computer Solutions, Inc.)
.js [@ = UltraEdit.js] -- Reg Error: Key error. File not found
.txt [@ = UltraEdit.txt] -- C:\Program Files\UltraEdit\UEDIT32.EXE (IDM Computer Solutions, Inc.)
[HKEY_CURRENT_USER\SOFTWARE\Classes\<extension>]
.html [@ = UltraEdit.html] -- C:\Program Files\IDM Computer Solutions\UltraEdit\Uedit32.exe (IDM Computer Solutions, Inc.)
.ini [@ = UltraEdit.ini] -- C:\Program Files\IDM Computer Solutions\UltraEdit\Uedit32.exe (IDM Computer Solutions, Inc.)
.js [@ = UltraEdit.js] -- C:\Program Files\IDM Computer Solutions\UltraEdit\Uedit32.exe (IDM Computer Solutions, Inc.)
.txt [@ = UltraEdit.txt] -- C:\Program Files\IDM Computer Solutions\UltraEdit\Uedit32.exe (IDM Computer Solutions, Inc.)
========== Shell Spawning ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
hlpfile [open] -- %SystemRoot%\winhlp32.exe %1 (Microsoft Corporation)
htmlfile [edit] -- "C:\Program Files\Microsoft Office\Office\msohtmed.exe" %1 (Microsoft Corporation)
http [open] -- "C:\Program Files\Mozilla Firefox\firefox.exe" -requestPending -osint -url "%1" (Mozilla Corporation)
https [open] -- "C:\Program Files\Mozilla Firefox\firefox.exe" -requestPending -osint -url "%1" (Mozilla Corporation)
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l (Microsoft Corporation)
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [AddToPlaylistVLC] -- "C:\Program Files\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" ()
Directory [Browse with &IrfanView] -- "C:\Program Files\IrfanView\i_view32.exe" "%1 /thumbs" (Irfan Skiljan)
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [PlayWithVLC] -- "C:\Program Files\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" ()
Folder [open] -- %SystemRoot%\Explorer.exe /separate,/idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /separate,/e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
========== Security Center Settings ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0
"VistaSp1" = Reg Error: Unknown registry data type -- File not found
"VistaSp2" = Reg Error: Unknown registry data type -- File not found
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
========== Authorized Applications List ==========
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
"C:\Program Files\Orbitdownloader\orbitdm.exe" = C:\Program Files\Orbitdownloader\orbitdm.exe:*:Enabled:Orbit -- (Orbitdownloader.com)
"C:\Program Files\Orbitdownloader\orbitnet.exe" = C:\Program Files\Orbitdownloader\orbitnet.exe:*:Enabled:Orbit -- (Orbitdownloader.com)
"C:\Program Files\FlashGet Network\FlashGet universal\FlashGet.exe" = C:\Program Files\FlashGet Network\FlashGet universal\FlashGet.exe:*:Enabled:Flashget2 -- File not found
"C:\Program Files\FlashGet Network\FlashGet universal\LiveUpdate.exe" = C:\Program Files\FlashGet Network\FlashGet universal\LiveUpdate.exe:*:Enabled:FGLiveUpdate -- File not found
"C:\Program Files\FlashGet Network\FlashGet universal\LiveUpdateEx.exe" = C:\Program Files\FlashGet Network\FlashGet universal\LiveUpdateEx.exe:*:Enabled:FGLiveUpdateEx -- File not found
========== Vista Active Open Ports Exception List ==========
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{A48D6A39-855C-408D-8959-68216A3C5EF3}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=svchost.exe |
"{D30EA1DB-81D9-45EF-B0EB-B9BAB8CAF437}" = lport=2869 | protocol=6 | dir=in | app=system |
========== Vista Active Application Exception List ==========
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{089E5337-47BC-4B6A-8B43-DDAE453F7B12}" = protocol=6 | dir=in | app=c:\program files\common files\aol\loader\aolload.exe |
"{0D717F2E-C1C1-4790-81B0-0709EF052B14}" = protocol=17 | dir=in | app=c:\program files\common files\aol\system information\sinf.exe |
"{0E06A794-F227-4722-B527-C67A1751FD07}" = dir=in | app=c:\program files\msn messenger\msnmsgr.exe |
"{1A1A2873-9069-4A2C-8F92-12C76EB06C35}" = protocol=17 | dir=in | app=c:\program files\yahoo!\messenger\yserver.exe |
"{1FAC9C13-117F-4AAA-A4EF-919FF1703CF3}" = protocol=6 | dir=in | app=c:\program files\common files\aol\acs\aolacsd.exe |
"{20807AE6-892E-4BC6-94A9-D0693C1BAE79}" = protocol=17 | dir=in | app=c:\program files\aol 9.0 vr\waol.exe |
"{3CC7C789-DC73-466B-BEA3-46317E27FFDD}" = protocol=17 | dir=in | app=c:\program files\common files\aol\acs\aoldial.exe |
"{5794D5CD-BBAB-4605-B9CE-03CA75325739}" = dir=in | app=c:\program files\msn messenger\livecall.exe |
"{5E823107-BA60-4D3A-A163-C4CE2B1D5107}" = protocol=6 | dir=in | app=c:\program files\aol 9.0 vr\waol.exe |
"{624A370C-A29E-4566-A747-0CEB86E82F15}" = protocol=6 | dir=in | app=c:\program files\common files\aol\system information\sinf.exe |
"{7B1535AF-C31D-4B98-8CC0-9F428EAE7218}" = protocol=17 | dir=in | app=c:\program files\starmoney 7.0 s-edition\app\starmoney.exe |
"{7DFB76A2-5A23-4375-9832-8E8CD15AA82E}" = protocol=6 | dir=in | app=c:\program files\common files\aol\acs\aoldial.exe |
"{848679EB-AF72-4898-8D2D-2ADB3C631C5F}" = protocol=17 | dir=in | app=c:\program files\yahoo!\messenger\yahoomessenger.exe |
"{8E8DEA03-D7BE-49AE-8EC2-3264B10085BE}" = protocol=17 | dir=in | app=c:\program files\starmoney 7.0 s-edition\ouservice\starmoneyonlineupdate.exe |
"{A3FF239E-AC54-418C-9408-EADE96A2A194}" = protocol=6 | dir=in | app=c:\program files\starmoney 7.0 s-edition\app\starmoney.exe |
"{B0171002-4BB6-43D9-A2D7-42E7B2A1A16C}" = protocol=17 | dir=in | app=c:\program files\common files\aol\topspeed\3.0\aoltpsd3.exe |
"{B07FD5F3-BA0C-42A8-9F10-FD9F35BBB93E}" = protocol=6 | dir=in | app=c:\program files\starmoney 7.0 s-edition\ouservice\starmoneyonlineupdate.exe |
"{C0C4DEB1-195C-4946-A02B-E7E60EDBC148}" = protocol=6 | dir=in | app=c:\program files\yahoo!\messenger\yserver.exe |
"{C9066973-D91B-467B-85F7-BD877402F757}" = protocol=6 | dir=in | app=c:\program files\yahoo!\messenger\yahoomessenger.exe |
"{EC75A8C1-641E-4CF2-8B3E-BD7BE6217A53}" = protocol=17 | dir=in | app=c:\program files\common files\aol\loader\aolload.exe |
"{F28AE6C6-0C65-4262-845F-00EF167A0790}" = protocol=17 | dir=in | app=c:\program files\common files\aol\acs\aolacsd.exe |
"{FDDD50AB-D691-43C4-8F2E-9FC25A567824}" = protocol=6 | dir=in | app=c:\program files\common files\aol\topspeed\3.0\aoltpsd3.exe |
"TCP Query User{0EAF377A-A8C0-4D2C-B55B-2DC32381D2C5}C:\program files\mozilla firefox\firefox.exe" = protocol=6 | dir=in | app=c:\program files\mozilla firefox\firefox.exe |
"TCP Query User{1B9C1893-2455-4D35-9ECF-0CE9464B4B27}C:\program files\msn messenger\msnmsgr.exe" = protocol=6 | dir=in | app=c:\program files\msn messenger\msnmsgr.exe |
"TCP Query User{1C7A0415-9ABE-41FB-BE14-DE4F1B0C2DA8}K:\downloads\filezilla_3.0.3_win32\filezilla-3.0.3\filezilla.exe" = protocol=6 | dir=in | app=k:\downloads\filezilla_3.0.3_win32\filezilla-3.0.3\filezilla.exe |
"TCP Query User{2C971C0F-5C59-45A0-9801-1788DEA21376}C:\program files\fritz!box monitor\fritzboxmonitor.exe" = protocol=6 | dir=in | app=c:\program files\fritz!box monitor\fritzboxmonitor.exe |
"TCP Query User{2EDA2B5C-312D-40E5-949A-DEC4B069A8E3}C:\program files\ws_ftp-firma\ws_ftp95.exe" = protocol=6 | dir=in | app=c:\program files\ws_ftp-firma\ws_ftp95.exe |
"TCP Query User{437D4259-A3C3-432A-A8B0-D75B598F65E2}C:\program files\orbitdownloader\orbitnet.exe" = protocol=6 | dir=in | app=c:\program files\orbitdownloader\orbitnet.exe |
"TCP Query User{440A3F39-DB8E-4B4D-8D78-8D9BD8616875}C:\program files\icq6.5\icq.exe" = protocol=6 | dir=in | app=c:\program files\icq6.5\icq.exe |
"TCP Query User{453E249D-B967-4988-86ED-70EF2F8E15EA}C:\program files\hercules\hercules dualpix hd webcam\controlui.exe" = protocol=6 | dir=in | app=c:\program files\hercules\hercules dualpix hd webcam\controlui.exe |
"TCP Query User{52C91CA7-A298-4401-8E9E-170E3E9AF0E3}K:\xampp\apache\bin\apache.exe" = protocol=6 | dir=in | app=k:\xampp\apache\bin\apache.exe |
"TCP Query User{5729B9F3-F35C-449C-8215-BF12DCB6BA41}L:\ws_ftp\ws_ftp95.exe" = protocol=6 | dir=in | app=l:\ws_ftp\ws_ftp95.exe |
"TCP Query User{59F0F9CB-47E1-42AA-9B54-E1F82E01B1AC}C:\users\pcdualcore\appdata\local\temp\_istmp1.dir\_ins5576._mp" = protocol=6 | dir=in | app=c:\users\pcdualcore\appdata\local\temp\_istmp1.dir\_ins5576._mp |
"TCP Query User{5D8E814C-EE63-44C6-91E7-3A1F92C6A2CD}C:\program files\flashget\flashget.exe" = protocol=6 | dir=in | app=c:\program files\flashget\flashget.exe |
"TCP Query User{5F090FAF-E83B-4477-88DD-C46CC608B245}C:\program files\flashget network\flashget universal\flashget.exe" = protocol=6 | dir=in | app=c:\program files\flashget network\flashget universal\flashget.exe |
"TCP Query User{6EDC3076-8CE9-47B3-9247-4FEFFA425172}C:\program files\skype\phone\skype.exe" = protocol=6 | dir=in | app=c:\program files\skype\phone\skype.exe |
"TCP Query User{7026E33A-15D9-4E4F-9717-9E591ED59506}C:\xampp\apache\bin\apache.exe" = protocol=6 | dir=in | app=c:\xampp\apache\bin\apache.exe |
"TCP Query User{956936F5-CADA-453F-A076-5B6C45810BCC}C:\program files\icqlite\icqlite.exe" = protocol=6 | dir=in | app=c:\program files\icqlite\icqlite.exe |
"TCP Query User{9F7E42F9-5835-4F12-9345-55D8E82491B0}C:\program files\filezilla ftp client\filezilla.exe" = protocol=6 | dir=in | app=c:\program files\filezilla ftp client\filezilla.exe |
"TCP Query User{AC10F331-66B7-45C4-86A0-0D15A7FB9BF4}C:\users\pcdualcore\appdata\local\temp\_istmp1.dir\_istmp0.dir\igd_finder.exe" = protocol=6 | dir=in | app=c:\users\pcdualcore\appdata\local\temp\_istmp1.dir\_istmp0.dir\igd_finder.exe |
"TCP Query User{AE80A5D3-3AD8-42F9-85DC-7B3CE046C1F7}C:\program files\hercules\hercules dualpix hd webcam\station2.exe" = protocol=6 | dir=in | app=c:\program files\hercules\hercules dualpix hd webcam\station2.exe |
"TCP Query User{AFAC01F1-420E-4EEC-BB83-81DAB06B42E1}C:\xampp\mysql\bin\mysqld.exe" = protocol=6 | dir=in | app=c:\xampp\mysql\bin\mysqld.exe |
"TCP Query User{B93A6A33-ED63-44D0-A2BB-0ECDC1BD5F06}C:\program files\webeye\webeye.exe" = protocol=6 | dir=in | app=c:\program files\webeye\webeye.exe |
"TCP Query User{C2CC7EE1-A1F4-4728-95AD-91132CB8C5A7}C:\program files\flashget\flashget.exe" = protocol=6 | dir=in | app=c:\program files\flashget\flashget.exe |
"TCP Query User{C84890B0-E1E3-45E5-BC8E-5487B0A6F13E}C:\program files\java\jre6\bin\java.exe" = protocol=6 | dir=in | app=c:\program files\java\jre6\bin\java.exe |
"TCP Query User{DD65BFFF-21AD-4A45-B75D-A2B8CDBD8DD7}C:\program files\real\realplayer\realplay.exe" = protocol=6 | dir=in | app=c:\program files\real\realplayer\realplay.exe |
"TCP Query User{E0572BEC-AEA4-40A6-9CE7-775B4F0D59E5}C:\program files\ws_ftp\ws_ftp95.exe" = protocol=6 | dir=in | app=c:\program files\ws_ftp\ws_ftp95.exe |
"TCP Query User{E17BD3B4-F8F9-4538-840F-26A63265765E}C:\program files\msn messenger\msnmsgr.exe" = protocol=6 | dir=in | app=c:\program files\msn messenger\msnmsgr.exe |
"TCP Query User{E90AD9BF-89DC-424A-B3EB-74574F27BD9A}C:\program files\pandion\pandion.exe" = protocol=6 | dir=in | app=c:\program files\pandion\pandion.exe |
"TCP Query User{F1B7908F-0BA4-4190-8099-53F6769FCC84}C:\program files\fritz!fax\igd_finder.exe" = protocol=6 | dir=in | app=c:\program files\fritz!fax\igd_finder.exe |
"TCP Query User{F4938B8E-8612-4FA4-BFA1-3121554CBB1A}C:\program files\fritz!box monitor\fritzboxmonitor.exe" = protocol=6 | dir=in | app=c:\program files\fritz!box monitor\fritzboxmonitor.exe |
"TCP Query User{FB606BF4-8D4A-41DB-90FD-1C52E856846A}C:\program files\icq6\icq.exe" = protocol=6 | dir=in | app=c:\program files\icq6\icq.exe |
"TCP Query User{FE482738-2C6A-4109-BB8E-C81D3A477AA2}C:\program files\videolan\vlc\vlc.exe" = protocol=6 | dir=in | app=c:\program files\videolan\vlc\vlc.exe |
"UDP Query User{077E69A6-E611-4A1A-9C07-ABA966AC5C8E}L:\ws_ftp\ws_ftp95.exe" = protocol=17 | dir=in | app=l:\ws_ftp\ws_ftp95.exe |
"UDP Query User{0785AAAC-9688-46C3-8C04-634B30D329B8}K:\xampp\apache\bin\apache.exe" = protocol=17 | dir=in | app=k:\xampp\apache\bin\apache.exe |
"UDP Query User{0E168AAB-C071-462B-BC2E-6E358FC22208}C:\program files\flashget network\flashget universal\flashget.exe" = protocol=17 | dir=in | app=c:\program files\flashget network\flashget universal\flashget.exe |
"UDP Query User{0F2D7ABD-93F9-4E1F-A331-09C8A2F90956}C:\program files\ws_ftp\ws_ftp95.exe" = protocol=17 | dir=in | app=c:\program files\ws_ftp\ws_ftp95.exe |
"UDP Query User{17EB8FAB-74C5-45DB-BAD4-BA3DDF705174}C:\program files\icq6.5\icq.exe" = protocol=17 | dir=in | app=c:\program files\icq6.5\icq.exe |
"UDP Query User{1F665C4B-B673-4F12-8F20-0AC1F6E5FBA5}K:\downloads\filezilla_3.0.3_win32\filezilla-3.0.3\filezilla.exe" = protocol=17 | dir=in | app=k:\downloads\filezilla_3.0.3_win32\filezilla-3.0.3\filezilla.exe |
"UDP Query User{21BF3C66-6B6E-4568-A124-D296B84FB6BC}C:\program files\pandion\pandion.exe" = protocol=17 | dir=in | app=c:\program files\pandion\pandion.exe |
"UDP Query User{37977934-9AD7-4EE3-8FD1-21CB54A3E82F}C:\xampp\apache\bin\apache.exe" = protocol=17 | dir=in | app=c:\xampp\apache\bin\apache.exe |
"UDP Query User{3820388D-5215-4A33-B522-0047863BB666}C:\program files\videolan\vlc\vlc.exe" = protocol=17 | dir=in | app=c:\program files\videolan\vlc\vlc.exe |
"UDP Query User{39AE2869-82AA-4284-AED0-B0A471DC6B63}C:\program files\hercules\hercules dualpix hd webcam\controlui.exe" = protocol=17 | dir=in | app=c:\program files\hercules\hercules dualpix hd webcam\controlui.exe |
"UDP Query User{6A9DC14F-52BE-4B3B-AF63-3C4B53AFF32F}C:\program files\filezilla ftp client\filezilla.exe" = protocol=17 | dir=in | app=c:\program files\filezilla ftp client\filezilla.exe |
"UDP Query User{6F9AC110-8BE9-4A4F-BAAC-7C72543E6C20}C:\program files\msn messenger\msnmsgr.exe" = protocol=17 | dir=in | app=c:\program files\msn messenger\msnmsgr.exe |
"UDP Query User{72EE4EA1-4C75-4A92-BE6E-0D4400964543}C:\users\pcdualcore\appdata\local\temp\_istmp1.dir\_istmp0.dir\igd_finder.exe" = protocol=17 | dir=in | app=c:\users\pcdualcore\appdata\local\temp\_istmp1.dir\_istmp0.dir\igd_finder.exe |
"UDP Query User{767E2943-CA56-46C6-931C-16A26A6B5D8A}C:\program files\skype\phone\skype.exe" = protocol=17 | dir=in | app=c:\program files\skype\phone\skype.exe |
"UDP Query User{7A5809E9-A599-4D11-BB17-6C85D4B3F889}C:\program files\hercules\hercules dualpix hd webcam\station2.exe" = protocol=17 | dir=in | app=c:\program files\hercules\hercules dualpix hd webcam\station2.exe |
"UDP Query User{84CE04D9-54B1-4AA8-B97E-52CF42A8BF1B}C:\program files\webeye\webeye.exe" = protocol=17 | dir=in | app=c:\program files\webeye\webeye.exe |
"UDP Query User{A512EDBE-8ED1-4E5D-8C28-F31FAFF1AABD}C:\program files\flashget\flashget.exe" = protocol=17 | dir=in | app=c:\program files\flashget\flashget.exe |
"UDP Query User{AF726BAC-9BA8-4D84-BDD7-94BD050CA52A}C:\program files\icq6\icq.exe" = protocol=17 | dir=in | app=c:\program files\icq6\icq.exe |
"UDP Query User{B213E3F0-B43E-41F9-BFDC-96C26271D695}C:\program files\mozilla firefox\firefox.exe" = protocol=17 | dir=in | app=c:\program files\mozilla firefox\firefox.exe |
"UDP Query User{B375777D-50E3-41F1-B76A-1C15A86DD080}C:\users\pcdualcore\appdata\local\temp\_istmp1.dir\_ins5576._mp" = protocol=17 | dir=in | app=c:\users\pcdualcore\appdata\local\temp\_istmp1.dir\_ins5576._mp |
"UDP Query User{B83D99B7-5295-414A-9B8D-EAAD475BD20F}C:\program files\fritz!fax\igd_finder.exe" = protocol=17 | dir=in | app=c:\program files\fritz!fax\igd_finder.exe |
"UDP Query User{B8D21D4C-6ABA-42F1-B631-BDC09AD6B906}C:\program files\flashget\flashget.exe" = protocol=17 | dir=in | app=c:\program files\flashget\flashget.exe |
"UDP Query User{C385E412-42D0-4CCC-BD29-044FD08F0CC9}C:\xampp\mysql\bin\mysqld.exe" = protocol=17 | dir=in | app=c:\xampp\mysql\bin\mysqld.exe |
"UDP Query User{C5B2AC32-DCC1-4A8F-8F72-C3C50EC69FC6}C:\program files\real\realplayer\realplay.exe" = protocol=17 | dir=in | app=c:\program files\real\realplayer\realplay.exe |
"UDP Query User{C875DD2E-A49A-4EB9-B74C-2E5A8067D746}C:\program files\icqlite\icqlite.exe" = protocol=17 | dir=in | app=c:\program files\icqlite\icqlite.exe |
"UDP Query User{C942E4E5-4D8B-4C83-AA91-2D2DA60CB254}C:\program files\java\jre6\bin\java.exe" = protocol=17 | dir=in | app=c:\program files\java\jre6\bin\java.exe |
"UDP Query User{CB20A0A7-8A37-4365-B203-3D65441347E4}C:\program files\ws_ftp-firma\ws_ftp95.exe" = protocol=17 | dir=in | app=c:\program files\ws_ftp-firma\ws_ftp95.exe |
"UDP Query User{CCAD264D-65FC-40DB-99AF-AA1C5D06C7B4}C:\program files\fritz!box monitor\fritzboxmonitor.exe" = protocol=17 | dir=in | app=c:\program files\fritz!box monitor\fritzboxmonitor.exe |
"UDP Query User{F25BF45D-9B74-4539-841F-155924799E08}C:\program files\msn messenger\msnmsgr.exe" = protocol=17 | dir=in | app=c:\program files\msn messenger\msnmsgr.exe |
"UDP Query User{F81B4B8C-7EC3-4CB0-9783-52033FD2BAF3}C:\program files\fritz!box monitor\fritzboxmonitor.exe" = protocol=17 | dir=in | app=c:\program files\fritz!box monitor\fritzboxmonitor.exe |
"UDP Query User{FEF844F5-2227-4BC0-A5AA-8DEACAA9DA7E}C:\program files\orbitdownloader\orbitnet.exe" = protocol=17 | dir=in | app=c:\program files\orbitdownloader\orbitnet.exe |
========== HKEY_LOCAL_MACHINE Uninstall List ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{00000407-78E1-11D2-B60F-006097C998E7}" = Microsoft Office 2000 Premium
"{04830D0F-F980-4EC0-89F1-594F2FD2A1B5}" = ElsterFormular 2008/2009
"{052FDD78-A6EA-3187-8386-C82F4CA3A929}" = Microsoft .NET Framework 3.5 Language Pack SP1 - deu
"{0D25F7CC-B99C-44ee-9945-B14532B2BB7B}" = Canon MP830
"{0DD140D3-9563-481E-AA75-BA457CBDAEF2}" = PC Inspector File Recovery
"{1199FAD5-9546-44f3-81CF-FFDB8040B7BF}_Canon_MX700_series" = Canon MX700 series
"{172423F9-522A-483A-AD65-03600CE4CA4F}" = Microsoft Works 6-9 Converter
"{18D10072035C4515918F7E37EAFAACFC}" = AutoUpdate
"{1A15507A-8551-4626-915D-3D5FA095CC1B}" = Corel Paint Shop Pro X
"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
"{20D4A895-748C-4D88-871C-FDB1695B0169}" = Platform
"{26A24AE4-039D-4CA4-87B4-2F83216020FF}" = Java(TM) 6 Update 20
"{279DB581-239C-4E13-97F8-0F48E40BE75C}" = Windows Live Messenger
"{2CAD9C1F-4A40-4F93-83B7-62CCF8309223}" = MFC8.0 Runtime Setup
"{30988956-A604-4974-9333-10B63252522D}" = UltraCompare v7.10
"{35846BA4-5A5A-433B-B65E-41C324AEFFA4}" = Pandion
"{3C3901C5-3455-3E0A-A214-0B093A5070A6}" = Microsoft .NET Framework 4 Client Profile
"{44CDBD1B-89FB-4E02-8319-2A4C550F664A}" = RTC Client API v1.2
"{47879FA7-BC8F-4D7F-8057-86D0416579FA}" = StarMoney
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{56A990F9-C188-42ED-B4E1-754169BCA305}_is1" = TV Logos for DVBViewer Pro 1.0
"{5B09BD67-4C99-46A1-8161-B7208CE18121}" = QuickTime
"{60DE4033-9503-48D1-A483-7846BD217CA9}" = ICQ6.5
"{63C98752-1B7D-4C8F-8C70-0B0A29D5ECBF}" = ArcSoft MediaConverter 2.5
"{6545C384-6D88-4352-A409-CB61AD51CE3C}" = UltraCompare v6.40
"{69FDFBB6-351D-4B8C-89D8-867DC9D0A2A4}" = Windows Media Player Firefox Plugin
"{6C32ACBF-B9CA-4d53-BB71-C4FA97582286}_is1" = Sothink DHTML Menu 9
"{6E157E09-AA2E-4090-8EC6-6B9F5FFFB287}" = UltraEdit 16.10
"{6FDCF790-49AF-4E3B-8EB2-C07E2DBA55EA}" = StarMoney 5.0 S-Edition
"{7B63B2922B174135AFC0E1377DD81EC2}" = DivX Codec
"{81AB1374-098A-43CB-BE57-31CEB5EB1031}" = Nero 7 Essentials
"{837b34e3-7c30-493c-8f6a-2b0f04e2912c}" = Microsoft Visual C++ 2005 Redistributable
"{8ADFC4160D694100B5B8A22DE9DCABD9}" = DivX Player
"{90120000-0020-0407-0000-0000000FF1CE}" = Compatibility Pack für 2007 Office System
"{90AF0407-6000-11D3-8CFE-0150048383C9}" = Microsoft Office PowerPoint Viewer 2003
"{90C67C7D-E918-402C-9856-7B13999E1786}" = StarMoney
"{92633C0F-C9BE-41E3-B439-0B508F859DB5}" = StarMoney
"{95120000-00AF-0407-0000-0000000FF1CE}" = Microsoft Office PowerPoint Viewer 2007 (German)
"{99E862CC-6F69-4D39-99AA-DBF71BF3B585}" = OpenOffice.org 3.1
"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
"{9A778A36-63FC-4B14-BA1B-0458407D62FF}" = StarMoney 7.0 S-Edition
"{A2BCA9F1-566C-4805-97D1-7FDC93386723}" = Adobe AIR
"{A5BA14E0-7384-11D4-BAE7-00409631A2C8}" = Macromedia Extension Manager
"{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper
"{AC76BA86-7AD7-1031-7B44-A82000000003}" = Adobe Reader 8.2.3 - Deutsch
"{AC76BA86-7AD7-5464-3428-800000000003}" = Spelling Dictionaries Support For Adobe Reader 8
"{B13A7C41581B411290FBC0395694E2A9}" = DivX Converter
"{B480BD2A-F1BA-4FE6-8C8E-34C6111B72C9}" = ElsterFormular 2007/2008
"{B7050CBDB2504B34BC2A9CA0A692CC29}" = DivX Web Player
"{BF50AFB3-5FE9-45BE-9701-9A90993441AB}" = StarMoney 6.0 S-Edition
"{C7340571-7773-4A8C-9EBC-4E4243B38C76}" = Microsoft XML Parser
"{CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}" = Microsoft .NET Framework 1.1
"{CBBCBE04-EA5E-4201-A924-E7ED3E8686AE}" = ElsterFormular 2006/2007
"{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1
"{D050D7362D214723AD585B541FFB6C11}" = DivX Content Uploader
"{D6DE02C7-1F47-11D4-9515-00105AE4B89A}" = Paint Shop Pro 7
"{DEE88727-779B-47A9-ACEF-F87CA5F92A65}" = ScanSoft OmniPage SE 4
"{E1180142-3B31-4DCC-9D27-7AC2D37662BF}" = LightScribe 1.4.124.1
"{E782A239-BB9C-419A-A515-368BBEF789C5}" = StarMoney
"{E78BFA60-5393-4C38-82AB-E8019E464EB4}" = Microsoft .NET Framework 1.1 German Language Pack
"{F0CFDC72-63D2-4086-A54F-1514494394A0}" = Hercules DualPix HD Webcam
"{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver
"{F30F4040-D69D-4055-81AD-D08BF8138FD0}_is1" = DVBViewer Recording Properties
"{F750C986-5310-3A5A-95F8-4EC71C8AC01C}" = Microsoft .NET Framework 4 Client Profile DEU Language Pack
"{F7B0939E-58DF-11DF-B3A6-005056806466}" = Google Earth
"{FF66E9F6-83E7-3A3E-AF14-8DE9A809A6A4}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022
"0-360 UnWrapper 3.2_is1" = 0-360 UnWrapper 3.2
"0-360 UnWrapper_is1" = 0-360 UnWrapper
"7-Zip" = 7-Zip 4.65
"AC3Filter" = AC3Filter (remove only)
"Adobe AIR" = Adobe AIR
"Adobe Flash Player ActiveX" = Adobe Flash Player 10 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 10 Plugin
"AFPL Ghostscript 8.50" = AFPL Ghostscript 8.50
"AFPL Ghostscript Fonts" = AFPL Ghostscript Fonts
"Arles Image Web Page Creator_is1" = Arles Image Web Page Creator 7.4.3
"Audacity_is1" = Audacity 1.2.6
"AutoGK" = Auto Gordian Knot 2.40
"Avira AntiVir Desktop" = Avira AntiVir Personal - Free Antivirus
"AVMFBox" = FRITZ!Box
"AVMFBoxMonitor" = AVM FRITZ!Box Monitor
"Bildschutz_is1" = Bildschutz Pro
"Canon MX700 series Benutzerregistrierung" = Canon MX700 series Benutzerregistrierung
"CanonMyPrinter" = Canon My Printer
"CCleaner" = CCleaner
"DebugBar" = DebugBar v5.3 for Internet Explorer (remove only)
"DVBViewer Pro_is1" = DVBViewer Pro
"DVDFab 7_is1" = DVDFab 7.0.3.0 (26/03/2010)
"Easypano Panorama2Flash_is1" = Panorama2Flash
"Easy-PhotoPrint" = Canon Utilities Easy-PhotoPrint
"Easy-PhotoPrint EX" = Canon Utilities Easy-PhotoPrint EX
"FileZilla" = FileZilla (remove only)
"FileZilla Client" = FileZilla Client 3.3.1
"Firebird SQL Server D" = Firebird SQL Server - MAGIX Edition (D)
"Flare" = Flare 0.6
"Flv Grabber_is1" = FlvGrabber
"FMS" = FMS
"foobar2000" = foobar2000 v1.0.3
"Free Download Manager_is1" = Free Download Manager 3.0
"Free FLV Converter_is1" = Free FLV Converter V 6.7.8
"Free Studio_is1" = Free Studio version 4.6
"Free Video Converter_is1" = Free Video Converter V 2.5
"FRITZ!DSL" = AVM FRITZ!DSL
"Google Desktop" = Google Desktop
"IETester" = IETester v0.4 (remove only)
"InstallShield_{20D4A895-748C-4D88-871C-FDB1695B0169}" = VIA Plattform-Geräte-Manager
"IrfanView" = IrfanView (remove only)
"LameACM" = Lame ACM MP3 Codec
"Macromedia Dreamweaver 3 De" = Macromedia Dreamweaver 3 De
"MAGIX Foto Clinic 5.5 D" = MAGIX Foto Clinic 5.5 (D)
"MAGIX Video deluxe 2007 PLUS D" = MAGIX Video deluxe 2007 PLUS (D)
"MailList Controller_is1" = MailList Controller 7.2 R3 Free
"Malwarebytes' Anti-Malware_is1" = Malwarebytes' Anti-Malware
"MedionVFD" = Medion Info Display (MCE)
"MeGUI" = MeGUI (remove only)
"Microsoft .NET Framework 1.1 (1033)" = Microsoft .NET Framework 1.1
"Microsoft .NET Framework 3.5 Language Pack SP1 - deu" = Microsoft .NET Framework 3.5 Language Pack SP1 - DEU
"Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1
"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile
"Microsoft .NET Framework 4 Client Profile DEU Language Pack" = Microsoft .NET Framework 4 Client Profile DEU Language Pack
"Mozilla Firefox (3.6.6)" = Mozilla Firefox (3.6.6)
"Mozilla Thunderbird (3.1)" = Mozilla Thunderbird (3.1)
"MP Navigator 2.2" = Canon MP Navigator 2.2
"MP Navigator EX 1.0" = Canon MP Navigator EX 1.0
"MPE" = MyPhoneExplorer
"mtt12" = Mp3 Tag Tools v1.2
"NVIDIA Drivers" = NVIDIA Drivers
"oggcodecs" = oggcodecs 0.71.0946
"Pandion" = Pandion
"Personal Backup_is1" = Personal Backup 4.5
"PhotomatixPro3x32_is1" = Photomatix Pro version 3.2.6
"Pop-Up Menu Creator4.8.0" = Pop-Up Menu Creator
"QuickPar" = QuickPar 0.9
"Redirection Port Monitor" = RedMon - Redirection Port Monitor
"Rename-It!" = Rename-It!
"RiadaHeadline" = RiadaHeadline
"SetFileDate_is1" = SetFileDate 2.0
"SWiSH Max2" = SWiSH Max2
"SWiSH Video3" = SWiSH Video3
"SWiSHmax" = SWiSHmax
"SWiSHvideo2" = SWiSHvideo2
"SystemRequirementsLab" = System Requirements Lab
"TrueCrypt" = TrueCrypt
"UltraEdit-32" = UltraEdit-32 Uninstall
"Uninstall_is1" = Uninstall 1.0.0.1
"VLC media player" = VLC media player 1.1.0
"WinHTTrack Website Copier_is1" = WinHTTrack Website Copier 3.43-9C
"Winmail Opener" = Winmail Opener 1.4
"WinPcapInst" = WinPcap 4.0.2
"WinRAR archiver" = WinRAR Archivierer
"WordToPDF_is1" = WordToPDF 2.4
"xampp" = XAMPP 1.6.4
"XMedia Recode" = XMedia Recode 2.0.9.3
"XviD MPEG4 Video Codec" = XviD MPEG4 Video Codec (remove only)
"Yahoo! Messenger" = Yahoo! Messenger
"Yahoo! Software Update" = Yahoo! Software Update
========== HKEY_CURRENT_USER Uninstall List ==========
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"eXpress TimeStamp Toucher" = eXpress TimeStamp Toucher
"pdfsam" = pdfsam
========== Last 10 Event Log Errors ==========
[ Application Events ]
Error - 10.08.2009 16:24:20 | Computer Name = pcdualcore-PC | Source = Windows Search Service | ID = 3013
Description =
Error - 10.08.2009 16:24:20 | Computer Name = pcdualcore-PC | Source = Windows Search Service | ID = 3013
Description =
Error - 10.08.2009 16:24:20 | Computer Name = pcdualcore-PC | Source = Windows Search Service | ID = 3013
Description =
Error - 10.08.2009 16:24:20 | Computer Name = pcdualcore-PC | Source = Windows Search Service | ID = 3013
Description =
Error - 10.08.2009 16:24:22 | Computer Name = pcdualcore-PC | Source = Windows Search Service | ID = 3013
Description =
Error - 10.08.2009 16:24:23 | Computer Name = pcdualcore-PC | Source = Windows Search Service | ID = 3013
Description =
Error - 10.08.2009 16:24:23 | Computer Name = pcdualcore-PC | Source = Windows Search Service | ID = 3013
Description =
Error - 10.08.2009 16:24:32 | Computer Name = pcdualcore-PC | Source = Windows Search Service | ID = 3013
Description =
Error - 10.08.2009 16:24:32 | Computer Name = pcdualcore-PC | Source = Windows Search Service | ID = 3013
Description =
Error - 10.08.2009 16:24:33 | Computer Name = pcdualcore-PC | Source = Windows Search Service | ID = 3013
Description =
[ System Events ]
Error - 04.07.2010 07:57:28 | Computer Name = pcdualcore-PC | Source = Service Control Manager | ID = 7026
Description =
Error - 05.07.2010 02:14:58 | Computer Name = pcdualcore-PC | Source = Service Control Manager | ID = 7026
Description =
Error - 05.07.2010 06:25:02 | Computer Name = pcdualcore-PC | Source = Service Control Manager | ID = 7030
Description =
Error - 05.07.2010 15:25:41 | Computer Name = pcdualcore-PC | Source = Service Control Manager | ID = 7026
Description =
Error - 06.07.2010 02:52:31 | Computer Name = pcdualcore-PC | Source = Service Control Manager | ID = 7026
Description =
Error - 07.07.2010 03:03:33 | Computer Name = pcdualcore-PC | Source = Service Control Manager | ID = 7026
Description =
Error - 07.07.2010 03:16:35 | Computer Name = pcdualcore-PC | Source = Ntfs | ID = 262281
Description = Der Transaktionsressourcen-Manager auf Volume "Q:" konnte aufgrund
eines nicht wiederholbaren Fehlers nicht gestartet werden. Der Fehlercode ist in
den Daten enthalten.
Error - 07.07.2010 04:18:51 | Computer Name = pcdualcore-PC | Source = Service Control Manager | ID = 7026
Description =
Error - 07.07.2010 06:59:42 | Computer Name = pcdualcore-PC | Source = Service Control Manager | ID = 7026
Description =
Error - 08.07.2010 02:47:44 | Computer Name = pcdualcore-PC | Source = Service Control Manager | ID = 7026
Description =
< End of report >
|
|
08.07.2010, 14:39
| #20 |
| /// Winkelfunktion /// TB-Süch-Tiger™ | Google verlinkt auf Malware Virus Und das andere Log brauch ich. Extras weniger. 
__________________ Logfiles bitte immer in CODE-Tags posten |
|
08.07.2010, 14:46
| #21 |
| | Google verlinkt auf Malware Virus OTL Logfile: Code:
ATTFilter OTL logfile created on: 08.07.2010 15:41:34 - Run 5 OTL by OldTimer - Version 3.2.7.1 Folder = C:\Users\pcdualcore\Desktop Windows Vista Home Premium Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation Internet Explorer (Version = 8.0.6001.18928) Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy 2,00 Gb Total Physical Memory | 0,00 Gb Available Physical Memory | 23,00% Memory free 2,00 Gb Paging File | 0,00 Gb Available in Paging File | 10,00% Paging File free Paging file location(s): [binary data] %SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files Drive C: | 445,74 Gb Total Space | 300,84 Gb Free Space | 67,49% Space Free | Partition Type: NTFS Drive D: | 20,01 Gb Total Space | 16,64 Gb Free Space | 83,17% Space Free | Partition Type: FAT32 E: Drive not present or media not loaded Drive F: | 4,33 Gb Total Space | 0,00 Gb Free Space | 0,00% Space Free | Partition Type: UDF G: Drive not present or media not loaded H: Drive not present or media not loaded I: Drive not present or media not loaded Drive K: | 298,09 Gb Total Space | 10,16 Gb Free Space | 3,41% Space Free | Partition Type: NTFS Computer Name: PCDUALCORE-PC Current User Name: pcdualcore Logged in as Administrator. Current Boot Mode: Normal Scan Mode: Current user Company Name Whitelist: Off Skip Microsoft Files: Off File Age = 30 Days Output = Minimal ========== Processes (SafeList) ========== PRC - C:\Users\pcdualcore\Desktop\OTL.exe (OldTimer Tools) PRC - C:\Program Files\Mozilla Firefox\plugin-container.exe (Mozilla Corporation) PRC - C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation) PRC - C:\Program Files\Mozilla Thunderbird\thunderbird.exe (Mozilla Messaging) PRC - C:\Program Files\VideoLAN\VLC\vlc.exe () PRC - C:\Program Files\DVBViewer\dvbviewer.exe (CM&V Hackbart) PRC - C:\Program Files\StarMoney 7.0 S-Edition\ouservice\StarMoneyOnlineUpdate.exe (Star Finanz - Software Entwicklung und Vertriebs GmbH) PRC - C:\Program Files\Avira\AntiVir Desktop\avguard.exe (Avira GmbH) PRC - C:\Users\pcdualcore\AppData\Local\Pandion\Application\pandion.exe (Pandion) PRC - C:\Program Files\Avira\AntiVir Desktop\avgnt.exe (Avira GmbH) PRC - C:\Program Files\Avira\AntiVir Desktop\sched.exe (Avira GmbH) PRC - C:\Program Files\Avira\AntiVir Desktop\avshadow.exe (Avira GmbH) PRC - C:\Program Files\FileZilla FTP Client\filezilla.exe (FileZilla Project) PRC - C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe (Google) PRC - C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe (Yahoo! Inc.) PRC - C:\Program Files\Free Download Manager\fdm.exe (FreeDownloadManager.ORG) PRC - C:\Windows\explorer.exe (Microsoft Corporation) PRC - C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ACService.exe (ArcSoft Inc.) PRC - C:\Program Files\Yahoo!\SoftwareUpdate\YahooAUService.exe (Yahoo! Inc.) PRC - C:\Program Files\Windows Defender\MSASCui.exe (Microsoft Corporation) PRC - K:\xampp\apache\bin\apache.exe (Apache Software Foundation) PRC - K:\xampp\mysql\bin\mysqld-nt.exe () PRC - C:\Program Files\FRITZ!Box Monitor\FRITZBoxMonitor.exe (AVM Berlin) PRC - C:\Windows\RtHDVCpl.exe (Realtek Semiconductor) PRC - C:\Windows\System32\PSIService.exe () PRC - C:\Program Files\FRITZ!DSL\IGDCTRL.EXE (AVM Berlin) PRC - C:\Windows\System32\PAStiSvc.exe () PRC - C:\Program Files\Jasc Software Inc\Paint Shop Pro 7\PSP.EXE (Jasc Software, Inc.) ========== Modules (SafeList) ========== MOD - C:\Users\pcdualcore\Desktop\OTL.exe (OldTimer Tools) MOD - C:\Windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.6002.18005_none_5cb72f96088b0de0\comctl32.dll (Microsoft Corporation) MOD - C:\Windows\System32\msscript.ocx (Microsoft Corporation) ========== Win32 Services (SafeList) ========== SRV - (StarMoney 7.0 OnlineUpdate) -- C:\Program Files\StarMoney 7.0 S-Edition\ouservice\StarMoneyOnlineUpdate.exe (Star Finanz - Software Entwicklung und Vertriebs GmbH) SRV - (AntiVirService) -- C:\Program Files\Avira\AntiVir Desktop\avguard.exe (Avira GmbH) SRV - (WPFFontCache_v0400) -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe (Microsoft Corporation) SRV - (clr_optimization_v4.0.30319_32) -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe (Microsoft Corporation) SRV - (AntiVirSchedulerService) -- C:\Program Files\Avira\AntiVir Desktop\sched.exe (Avira GmbH) SRV - (GoogleDesktopManager-110309-193829) -- C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe (Google) SRV - (FontCache) -- C:\Windows\System32\FntCache.dll (Microsoft Corporation) SRV - (MailList Controller) -- c:\Program Files\Arclab\MailList Controller\amlcSVC.exe (Arclab Software Technologies) SRV - (ACDaemon) -- C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ACService.exe (ArcSoft Inc.) SRV - (YahooAUService) -- C:\Program Files\Yahoo!\SoftwareUpdate\YahooAUService.exe (Yahoo! Inc.) SRV - (WinDefend) -- C:\Program Files\Windows Defender\MpSvc.dll (Microsoft Corporation) SRV - (rpcapd) Remote Packet Capture Protocol v.0 (experimental) -- C:\Program Files\WinPcap\rpcapd.exe (CACE Technologies) SRV - (Apache2.2) -- K:\xampp\apache\bin\apache.exe (Apache Software Foundation) SRV - (mysql) -- K:\xampp\mysql\bin\mysqld-nt.exe () SRV - (FileZilla Server) -- K:\xampp\FileZillaFTP\FileZillaServer.exe (FileZilla Project) SRV - (usnjsvc) -- C:\Program Files\MSN Messenger\usnsvc.exe (Microsoft Corporation) SRV - (ProtexisLicensing) -- C:\Windows\System32\PSIService.exe () SRV - (AVM IGD CTRL Service) -- C:\Program Files\FRITZ!DSL\IGDCTRL.EXE (AVM Berlin) SRV - (de_serv) -- C:\Program Files\Common Files\AVM\De_serv.exe (AVM Berlin) SRV - (FirebirdServerMAGIXInstance) -- C:\MAGIX\Common\Database\bin\fbserver.exe (MAGIX®) SRV - (STI Simulator) -- C:\Windows\System32\PAStiSvc.exe () ========== Driver Services (SafeList) ========== DRV - (NwlnkFwd) -- C:\Windows\System32\DRIVERS\nwlnkfwd.sys File not found DRV - (NwlnkFlt) -- C:\Windows\System32\DRIVERS\nwlnkflt.sys File not found DRV - (IpInIp) -- C:\Windows\System32\DRIVERS\ipinip.sys File not found DRV - (camfilt) -- C:\Windows\System32\Drivers\camfilt.sys File not found DRV - (blbdrive) -- C:\Windows\System32\drivers\blbdrive.sys File not found DRV - (ACEDRV07) -- C:\Windows\System32\drivers\ACEDRV07.sys File not found DRV - (avipbb) -- C:\Windows\System32\drivers\avipbb.sys (Avira GmbH) DRV - (avgntflt) -- C:\Windows\System32\drivers\avgntflt.sys (Avira GmbH) DRV - (ssmdrv) -- C:\Windows\System32\drivers\ssmdrv.sys (Avira GmbH) DRV - (usbaudio) USB-Audiotreiber (WDM) -- C:\Windows\System32\drivers\USBAUDIO.sys (Microsoft Corporation) DRV - (avgio) -- C:\Program Files\Avira\AntiVir Desktop\avgio.sys (Avira GmbH) DRV - (truecrypt) -- C:\Windows\System32\drivers\truecrypt.sys (TrueCrypt Foundation) DRV - (camfilt2) -- C:\Windows\System32\drivers\camfilt2.sys (Guillemot Corporation) DRV - (61883) -- C:\Windows\System32\drivers\61883.sys (Microsoft Corporation) DRV - (Avc) -- C:\Windows\System32\drivers\avc.sys (Microsoft Corporation) DRV - (MSDV) -- C:\Windows\System32\drivers\msdv.sys (Microsoft Corporation) DRV - (NPF) -- C:\Windows\System32\drivers\npf.sys (CACE Technologies) DRV - (nvlddmkm) -- C:\Windows\System32\drivers\nvlddmkm.sys (NVIDIA Corporation) DRV - (TTUSB2BDA) -- C:\Windows\System32\drivers\ttusb2bda.sys (TechnoTrend AG) DRV - (APL531) -- C:\Windows\System32\drivers\hdvidv.sys (Akkord Corporation) DRV - (Tosrfusb) -- C:\Windows\System32\drivers\tosrfusb.sys (TOSHIBA CORPORATION) DRV - (Tosrfhid) -- C:\Windows\System32\drivers\Tosrfhid.sys (TOSHIBA Corporation.) DRV - (TosRfSnd) -- C:\Windows\System32\drivers\TosRfSnd.sys (TOSHIBA Corporation) DRV - (tosrfbd) -- C:\Windows\System32\drivers\tosrfbd.sys (TOSHIBA CORPORATION) DRV - (IntcAzAudAddService) Service for Realtek HD Audio (WDM) -- C:\Windows\System32\drivers\RTKVHDA.sys (Realtek Semiconductor Corp.) DRV - (tosrfbnp) -- C:\Windows\System32\drivers\tosrfbnp.sys (TOSHIBA Corporation) DRV - (AVMUNET) -- C:\Windows\System32\drivers\avmunet.sys (AVM GmbH) DRV - (ql2300) -- C:\Windows\system32\drivers\ql2300.sys (QLogic Corporation) DRV - (adp94xx) -- C:\Windows\system32\drivers\adp94xx.sys (Adaptec, Inc.) DRV - (elxstor) -- C:\Windows\system32\drivers\elxstor.sys (Emulex) DRV - (adpahci) -- C:\Windows\system32\drivers\adpahci.sys (Adaptec, Inc.) DRV - (uliahci) -- C:\Windows\system32\drivers\uliahci.sys (ULi Electronics Inc.) DRV - (iaStorV) -- C:\Windows\system32\drivers\iastorv.sys (Intel Corporation) DRV - (adpu320) -- C:\Windows\system32\drivers\adpu320.sys (Adaptec, Inc.) DRV - (ulsata2) -- C:\Windows\system32\drivers\ulsata2.sys (Promise Technology, Inc.) DRV - (vsmraid) -- C:\Windows\system32\drivers\vsmraid.sys (VIA Technologies Inc.,Ltd) DRV - (ql40xx) -- C:\Windows\system32\drivers\ql40xx.sys (QLogic Corporation) DRV - (UlSata) -- C:\Windows\system32\drivers\ulsata.sys (Promise Technology, Inc.) DRV - (adpu160m) -- C:\Windows\system32\drivers\adpu160m.sys (Adaptec, Inc.) DRV - (nvraid) -- C:\Windows\system32\drivers\nvraid.sys (NVIDIA Corporation) DRV - (nfrd960) -- C:\Windows\system32\drivers\nfrd960.sys (IBM Corporation) DRV - (iirsp) -- C:\Windows\system32\drivers\iirsp.sys (Intel Corp./ICP vortex GmbH) DRV - (SiSRaid4) -- C:\Windows\system32\drivers\sisraid4.sys (Silicon Integrated Systems) DRV - (nvstor) -- C:\Windows\system32\drivers\nvstor.sys (NVIDIA Corporation) DRV - (aic78xx) -- C:\Windows\system32\drivers\djsvs.sys (Adaptec, Inc.) DRV - (arcsas) -- C:\Windows\system32\drivers\arcsas.sys (Adaptec, Inc.) DRV - (LSI_SCSI) -- C:\Windows\system32\drivers\lsi_scsi.sys (LSI Logic) DRV - (SiSRaid2) -- C:\Windows\system32\drivers\sisraid2.sys (Silicon Integrated Systems Corp.) DRV - (HpCISSs) -- C:\Windows\system32\drivers\hpcisss.sys (Hewlett-Packard Company) DRV - (arc) -- C:\Windows\system32\drivers\arc.sys (Adaptec, Inc.) DRV - (iteraid) -- C:\Windows\system32\drivers\iteraid.sys (Integrated Technology Express, Inc.) DRV - (iteatapi) -- C:\Windows\system32\drivers\iteatapi.sys (Integrated Technology Express, Inc.) DRV - (LSI_SAS) -- C:\Windows\system32\drivers\lsi_sas.sys (LSI Logic) DRV - (Symc8xx) -- C:\Windows\system32\drivers\symc8xx.sys (LSI Logic) DRV - (LSI_FC) -- C:\Windows\system32\drivers\lsi_fc.sys (LSI Logic) DRV - (Sym_u3) -- C:\Windows\system32\drivers\sym_u3.sys (LSI Logic) DRV - (Mraid35x) -- C:\Windows\system32\drivers\mraid35x.sys (LSI Logic Corporation) DRV - (Sym_hi) -- C:\Windows\system32\drivers\sym_hi.sys (LSI Logic) DRV - (megasas) -- C:\Windows\system32\drivers\megasas.sys (LSI Logic Corporation) DRV - (viaide) -- C:\Windows\system32\drivers\viaide.sys (VIA Technologies, Inc.) DRV - (cmdide) -- C:\Windows\system32\drivers\cmdide.sys (CMD Technology, Inc.) DRV - (aliide) -- C:\Windows\system32\drivers\aliide.sys (Acer Laboratories Inc.) DRV - (Brserid) Brother MFC Serial Port Interface Driver (WDM) -- C:\Windows\system32\drivers\brserid.sys (Brother Industries Ltd.) DRV - (BrUsbSer) -- C:\Windows\system32\drivers\brusbser.sys (Brother Industries Ltd.) DRV - (BrFiltUp) -- C:\Windows\system32\drivers\brfiltup.sys (Brother Industries, Ltd.) DRV - (BrFiltLo) -- C:\Windows\system32\drivers\brfiltlo.sys (Brother Industries, Ltd.) DRV - (BrSerWdm) -- C:\Windows\system32\drivers\brserwdm.sys (Brother Industries Ltd.) DRV - (BrUsbMdm) -- C:\Windows\system32\drivers\brusbmdm.sys (Brother Industries Ltd.) DRV - (ntrigdigi) -- C:\Windows\system32\drivers\ntrigdigi.sys (N-trig Innovative Technologies) DRV - (R300) -- C:\Windows\System32\drivers\atikmdag.sys (ATI Technologies Inc.) DRV - (E1G60) Intel(R) -- C:\Windows\System32\drivers\E1G60I32.sys (Intel Corporation) DRV - (wanatw) WAN Miniport (ATW) -- C:\Windows\System32\drivers\wanatw4.sys (America Online, Inc.) DRV - (xfilt) -- C:\Windows\system32\DRIVERS\xfilt.sys (VIA Technologies,Inc) DRV - (videX32) -- C:\Windows\system32\DRIVERS\videX32.sys (VIA Technologies, Inc.) DRV - (tosporte) -- C:\Windows\System32\drivers\tosporte.sys (TOSHIBA Corporation) DRV - (w810obex) -- C:\Windows\System32\drivers\w810obex.sys (MCCI) DRV - (w810mgmt) Sony Ericsson W810 USB WMC Device Management Drivers (WDM) -- C:\Windows\System32\drivers\w810mgmt.sys (MCCI) DRV - (w810mdm) -- C:\Windows\System32\drivers\w810mdm.sys (MCCI) DRV - (w810mdfl) -- C:\Windows\System32\drivers\w810mdfl.sys (MCCI) DRV - (w810bus) Sony Ericsson W810 Driver driver (WDM) -- C:\Windows\System32\drivers\w810bus.sys (MCCI) DRV - (PAC7311) -- C:\Windows\System32\drivers\PA707UCM.SYS (PixArt Imaging Inc.) DRV - (Tosrfcom) -- C:\Windows\System32\drivers\tosrfcom.sys (TOSHIBA Corporation) DRV - (tosrfnds) -- C:\Windows\System32\drivers\tosrfnds.sys (TOSHIBA Corporation.) ========== Standard Registry (SafeList) ========== ========== Internet Explorer ========== IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://www.medion.com/ IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.google.com IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = file:///K:/xampp/htdocs/start.htm IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,StartPageCache = 1 IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 ========== FireFox ========== FF - prefs.js..browser.search.defaultengine: "engine://C%3A%5CProgramme%5Cmozilla.org%5CSeaMonkey%5Csearchplugins%5Cdegoogle.src" FF - prefs.js..browser.search.opensidebarsearchpanel: false FF - prefs.js..browser.search.param.yahoo-fr: "chrf-ytbm" FF - prefs.js..browser.search.param.yahoo-fr-cjkt: "chrf-ytbm" FF - prefs.js..browser.search.param.yahoo-type: "${8}" FF - prefs.js..browser.search.selectedEngine: "Google Deutschland" FF - prefs.js..browser.search.useDBForOrder: true FF - prefs.js..browser.startup.homepage: "file:///K:/xampp/htdocs/start.htm" FF - prefs.js..extensions.enabledItems: {d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}:1.2 FF - prefs.js..extensions.enabledItems: firebug@software.joehewitt.com:1.5.4 FF - prefs.js..extensions.enabledItems: {1018e4d6-728f-4b20-ad56-37578a4de76b}:4.0.7 FF - prefs.js..extensions.enabledItems: {73a6fe31-595d-460b-a920-fcc0f8843232}:1.9.9.99 FF - prefs.js..extensions.enabledItems: de-AT@dictionaries.addons.mozilla.org:2.0.1 FF - prefs.js..extensions.enabledItems: {d40f5e7b-d2cf-4856-b441-cc613eeffbe3}:1.47.4 FF - prefs.js..extensions.enabledItems: {ACAA314B-EEBA-48e4-AD47-84E31C44796C}:1.0.1 FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}:6.0.20 FF - HKLM\software\mozilla\Mozilla Firefox 3.6.6\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2010.06.28 20:43:11 | 000,000,000 | ---D | M] FF - HKLM\software\mozilla\Mozilla Firefox 3.6.6\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2010.07.02 13:10:06 | 000,000,000 | ---D | M] FF - HKLM\software\mozilla\Mozilla Thunderbird 3.1\extensions\\Components: C:\Program Files\Mozilla Thunderbird\components [2010.06.28 11:41:55 | 000,000,000 | ---D | M] FF - HKLM\software\mozilla\Mozilla Thunderbird 3.1\extensions\\Plugins: C:\Program Files\Mozilla Thunderbird\plugins [2010.07.02 13:10:06 | 000,000,000 | ---D | M] [2010.02.01 11:10:36 | 000,000,000 | ---D | M] -- C:\Users\pcdualcore\AppData\Roaming\mozilla\Extensions [2010.02.01 11:10:36 | 000,000,000 | ---D | M] (No name found) -- C:\Users\pcdualcore\AppData\Roaming\mozilla\Extensions\{3550f703-e582-4d05-9a08-453d09bdfdc6} [2010.07.08 14:42:42 | 000,000,000 | ---D | M] -- C:\Users\pcdualcore\AppData\Roaming\mozilla\Firefox\Profiles\i7g3iavr.default\extensions [2010.07.06 20:39:03 | 000,000,000 | ---D | M] (Flagfox) -- C:\Users\pcdualcore\AppData\Roaming\mozilla\Firefox\Profiles\i7g3iavr.default\extensions\{1018e4d6-728f-4b20-ad56-37578a4de76b} [2010.07.07 15:28:39 | 000,000,000 | ---D | M] (NoScript) -- C:\Users\pcdualcore\AppData\Roaming\mozilla\Firefox\Profiles\i7g3iavr.default\extensions\{73a6fe31-595d-460b-a920-fcc0f8843232} [2010.05.15 11:35:34 | 000,000,000 | ---D | M] (No name found) -- C:\Users\pcdualcore\AppData\Roaming\mozilla\Firefox\Profiles\i7g3iavr.default\extensions\{ACAA314B-EEBA-48e4-AD47-84E31C44796C} [2010.05.01 07:50:28 | 000,000,000 | ---D | M] (Adblock Plus) -- C:\Users\pcdualcore\AppData\Roaming\mozilla\Firefox\Profiles\i7g3iavr.default\extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d} [2010.05.06 21:29:33 | 000,000,000 | ---D | M] (No name found) -- C:\Users\pcdualcore\AppData\Roaming\mozilla\Firefox\Profiles\i7g3iavr.default\extensions\{d40f5e7b-d2cf-4856-b441-cc613eeffbe3} [2010.02.14 10:38:42 | 000,000,000 | ---D | M] -- C:\Users\pcdualcore\AppData\Roaming\mozilla\Firefox\Profiles\i7g3iavr.default\extensions\de-AT@dictionaries.addons.mozilla.org [2010.05.07 14:00:13 | 000,000,000 | ---D | M] -- C:\Users\pcdualcore\AppData\Roaming\mozilla\Firefox\Profiles\i7g3iavr.default\extensions\firebug@software.joehewitt.com [2010.02.21 20:00:44 | 000,003,224 | ---- | M] () -- C:\Users\pcdualcore\AppData\Roaming\Mozilla\FireFox\Profiles\i7g3iavr.default\searchplugins\ebay-usa.xml [2010.07.08 08:59:33 | 000,002,261 | ---- | M] () -- C:\Users\pcdualcore\AppData\Roaming\Mozilla\FireFox\Profiles\i7g3iavr.default\searchplugins\google-deutschland.xml [2010.06.04 15:21:24 | 000,000,000 | ---D | M] -- C:\Program Files\Mozilla Firefox\extensions [2010.01.09 13:55:36 | 000,000,000 | ---D | M] (flashget Extension) -- C:\Program Files\Mozilla Firefox\extensions\{5EB37AE4-DA0A-41ab-8037-BDEDDCC70669} [2010.06.04 15:21:25 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA} [2008.07.25 10:31:48 | 000,028,672 | ---- | M] (flashget) -- C:\Program Files\Mozilla Firefox\components\flashgetXpi.dll [2010.06.04 15:21:08 | 000,411,368 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\Mozilla Firefox\plugins\npdeployJava1.dll [2010.01.24 10:39:45 | 000,001,392 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\amazondotcom-de.xml [2010.01.24 10:39:45 | 000,002,344 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\eBay-de.xml [2010.01.24 10:39:45 | 000,006,805 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\leo_ende_de.xml [2010.01.24 10:39:45 | 000,001,178 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\wikipedia-de.xml [2010.01.24 10:39:45 | 000,001,105 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\yahoo-de.xml O1 HOSTS File: ([2008.02.11 09:31:42 | 000,000,819 | ---- | M]) - C:\Windows\System32\drivers\etc\hosts O1 - Hosts: 127.0.0.1 localhost O1 - Hosts: ::1 localhost O2 - BHO: (Octh Class) - {000123B4-9B42-4900-B3F7-F4B073EFC214} - C:\Program Files\Orbitdownloader\orbitcth.dll (Orbitdownloader.com) O2 - BHO: (no name) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - No CLSID value found. O2 - BHO: (Adobe PDF Reader) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll (Adobe Systems Incorporated) O2 - BHO: (DebugBar BHO) - {69FC0024-10EB-480A-BBF2-3BF4E78E17B1} - C:\Program Files\Core Services\DebugBar\DebugInfoBar.dll (Core Services) O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - No CLSID value found. O2 - BHO: (FDMIECookiesBHO Class) - {CC59E0F9-7E43-44FA-9FAA-8377850BF205} - C:\Program Files\Free Download Manager\iefdm2.dll () O3 - HKLM\..\Toolbar: (DebugBar) - {3E1201F4-1707-409F-BB45-A5F192381DA0} - C:\Program Files\Core Services\DebugBar\DebugToolBar.dll (Core Services) O4 - HKLM..\Run: [Adobe Reader Speed Launcher] C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe (Adobe Systems Incorporated) O4 - HKLM..\Run: [avgnt] C:\Program Files\Avira\AntiVir Desktop\avgnt.exe (Avira GmbH) O4 - HKLM..\Run: [AVMFBoxMonitor] C:\Program Files\FRITZ!Box Monitor\FRITZBoxMonitor.exe (AVM Berlin) O4 - HKLM..\Run: [Google Desktop Search] C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe (Google) O4 - HKLM..\Run: [NvCplDaemon] C:\Windows\System32\NvCpl.DLL (NVIDIA Corporation) O4 - HKLM..\Run: [NvMediaCenter] C:\Windows\System32\NvMcTray.DLL (NVIDIA Corporation) O4 - HKLM..\Run: [NvSvc] C:\Windows\System32\nvsvc.DLL (NVIDIA Corporation) O4 - HKLM..\Run: [RtHDVCpl] C:\Windows\RtHDVCpl.exe (Realtek Semiconductor) O4 - HKLM..\Run: [Windows Defender] C:\Program Files\Windows Defender\MSASCui.exe (Microsoft Corporation) O4 - HKCU..\Run: [Free Download Manager] C:\Program Files\Free Download Manager\fdm.exe (FreeDownloadManager.ORG) O4 - HKCU..\Run: [Messenger (Yahoo!)] C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe (Yahoo! Inc.) O4 - Startup: C:\Users\pcdualcore\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\DVBViewer.lnk = C:\Program Files\DVBViewer\dvbviewer.exe (CM&V Hackbart) O4 - Startup: C:\Users\pcdualcore\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Mail.lnk = C:\Program Files\Mozilla Thunderbird\thunderbird.exe (Mozilla Messaging) O4 - Startup: C:\Users\pcdualcore\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Mozilla Firefox.lnk = C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation) O4 - Startup: C:\Users\pcdualcore\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Pandion.lnk = C:\Users\pcdualcore\AppData\Local\Pandion\Application\pandion.exe (Pandion) O4 - Startup: C:\Users\pcdualcore\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Persbackup.lnk = C:\Program Files\Personal Backup 4\Persbackup.exe (J. Rathlev, IEAP, Uni-Kiel) O8 - Extra context menu item: &Download by Orbit - C:\Program Files\Orbitdownloader\orbitmxt.dll (Orbitdownloader.com) O8 - Extra context menu item: &Grab video by Orbit - C:\Program Files\Orbitdownloader\orbitmxt.dll (Orbitdownloader.com) O8 - Extra context menu item: Alles mit FDM herunterladen - C:\Program Files\Free Download Manager\dlall.htm () O8 - Extra context menu item: Auswahl mit FDM herunterladen - C:\Program Files\Free Download Manager\dlselected.htm () O8 - Extra context menu item: Datei mit FDM herunterladen - C:\Program Files\Free Download Manager\dllink.htm () O8 - Extra context menu item: Do&wnload selected by Orbit - C:\Program Files\Orbitdownloader\orbitmxt.dll (Orbitdownloader.com) O8 - Extra context menu item: Down&load all by Orbit - C:\Program Files\Orbitdownloader\orbitmxt.dll (Orbitdownloader.com) O8 - Extra context menu item: Free YouTube Download - C:\Users\pcdualcore\AppData\Roaming\DVDVideoSoftIEHelpers\youtubedownload.htm () O8 - Extra context menu item: Free YouTube to Mp3 Converter - C:\Users\pcdualcore\AppData\Roaming\DVDVideoSoftIEHelpers\youtubetomp3.htm () O8 - Extra context menu item: Videos mit FDM herunterladen - C:\Program Files\Free Download Manager\dlfvideo.htm () O9 - Extra Button: Run WinHTTrack - {36ECAF82-3300-8F84-092E-AFF36D6C7040} - C:\Program Files\WinHTTrack\WinHTTrackIEBar.dll () O9 - Extra 'Tools' menuitem : Launch WinHTTrack - {36ECAF82-3300-8F84-092E-AFF36D6C7040} - C:\Program Files\WinHTTrack\WinHTTrackIEBar.dll () O9 - Extra Button: ICQ Lite - {B863453A-26C3-4e1f-A54D-A2CD196348E9} - C:\Program Files\ICQLite\ICQLite.exe File not found O9 - Extra 'Tools' menuitem : ICQ Lite - {B863453A-26C3-4e1f-A54D-A2CD196348E9} - C:\Program Files\ICQLite\ICQLite.exe File not found O9 - Extra Button: ICQ6 - {E59EB121-F339-4851-A3BA-FE49C35617C2} - C:\Program Files\ICQ6.5\ICQ.exe (ICQ, LLC.) O9 - Extra 'Tools' menuitem : ICQ6 - {E59EB121-F339-4851-A3BA-FE49C35617C2} - C:\Program Files\ICQ6.5\ICQ.exe (ICQ, LLC.) O13 - gopher Prefix: missing O15 - HKCU\..Trusted Domains: fritz.box ([]* in Local intranet) O15 - HKCU\..Trusted Domains: localhost ([]http in Local intranet) O15 - HKCU\..Trusted Ranges: GD ([http] in Local intranet) O15 - HKCU\..Trusted Ranges: Range1 ([*] in Local intranet) O16 - DPF: {1E54D648-B804-468d-BC78-4AFFED8E262F} hxxp://www.nvidia.com/content/DriverDownload/srl/3.0.0.4/srl_bin/sysreqlab_nvd.cab (System Requirements Lab Class) O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_20-windows-i586.cab (Java Plug-in 1.6.0_20) O16 - DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} hxxp://fpdownload.macromedia.com/get/flashplayer/current/ultrashim.cab (Reg Error: Key error.) O16 - DPF: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_20-windows-i586.cab (Java Plug-in 1.6.0_20) O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_20-windows-i586.cab (Java Plug-in 1.6.0_20) O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} hxxp://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab (Shockwave Flash Object) O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab (Reg Error: Key error.) O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.178.1 O18 - Protocol\Handler\livecall {828030A1-22C1-4009-854F-8E305202313F} - C:\Program Files\MSN Messenger\msgrapp.8.1.0178.00.dll (Microsoft Corporation) O18 - Protocol\Handler\msnim {828030A1-22C1-4009-854F-8E305202313F} - C:\Program Files\MSN Messenger\msgrapp.8.1.0178.00.dll (Microsoft Corporation) O20 - AppInit_DLLs: (C:\PROGRA~1\Google\GOOGLE~1\GOEC62~1.DLL) - C:\Program Files\Google\Google Desktop Search\GoogleDesktopNetwork3.dll (Google) O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation) O24 - Desktop WallPaper: K:\daten\private-bilder-neu\2010\IMG_1594.JPG O24 - Desktop BackupWallPaper: K:\daten\private-bilder-neu\2010\IMG_1594.JPG O32 - HKLM CDRom: AutoRun - 1 O32 - AutoRun File - [2006.09.18 23:43:36 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ] O33 - MountPoints2\{35a5a44b-f65d-11db-a3ee-00038a000015}\Shell - "" = AutoRun O33 - MountPoints2\{35a5a44b-f65d-11db-a3ee-00038a000015}\Shell\AutoRun\command - "" = H:\LaunchU3.exe -- File not found O34 - HKLM BootExecute: (autocheck autochk *) - File not found O35 - HKLM\..comfile [open] -- "%1" %* O35 - HKLM\..exefile [open] -- "%1" %* O37 - HKLM\...com [@ = comfile] -- "%1" %* O37 - HKLM\...exe [@ = exefile] -- "%1" %* ========== Files/Folders - Created Within 30 Days ========== [2010.07.07 12:52:15 | 000,000,000 | -HSD | C] -- C:\Config.Msi [2010.07.07 12:46:07 | 000,000,000 | -H-D | C] -- C:\Windows\autorec [2010.07.07 12:29:54 | 000,574,976 | ---- | C] (OldTimer Tools) -- C:\Users\pcdualcore\Desktop\OTL.exe [2010.07.07 12:25:43 | 000,000,000 | ---D | C] -- C:\Users\pcdualcore\AppData\Roaming\Malwarebytes [2010.07.07 12:25:33 | 000,038,224 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbamswissarmy.sys [2010.07.07 12:25:32 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes [2010.07.07 12:25:31 | 000,020,952 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbam.sys [2010.07.07 12:25:31 | 000,000,000 | ---D | C] -- C:\Program Files\Malwarebytes' Anti-Malware [2010.07.07 10:42:05 | 000,000,000 | ---D | C] -- C:\Program Files\WinHTTrack [2010.07.05 12:24:57 | 000,000,000 | ---D | C] -- C:\ProgramData\StarMoney 7.0 [2010.07.05 12:21:52 | 000,000,000 | ---D | C] -- C:\Program Files\Business Objects [2010.07.05 12:21:14 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\StarFinanz [2010.07.05 12:21:13 | 000,000,000 | ---D | C] -- C:\Program Files\StarMoney 7.0 S-Edition [2010.06.29 10:40:48 | 000,000,000 | ---D | C] -- C:\Users\pcdualcore\AppData\Roaming\foobar2000 [2010.06.29 10:40:41 | 000,000,000 | ---D | C] -- C:\Program Files\foobar2000 [2010.06.29 10:23:20 | 001,892,184 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\D3DX9_42.dll [2010.06.29 10:23:19 | 002,414,360 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\d3dx9_31.dll [2010.06.28 11:10:10 | 000,000,000 | ---D | C] -- C:\Users\pcdualcore\AppData\Roaming\vlc [2010.06.28 08:12:51 | 000,000,000 | ---D | C] -- C:\Program Files\Microsoft.NET [2010.06.25 09:52:48 | 000,000,000 | ---D | C] -- C:\Users\pcdualcore\AppData\Local\Deshaker [2010.06.24 03:00:43 | 000,295,264 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\PresentationHost.exe [2010.06.24 03:00:43 | 000,099,176 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\PresentationHostProxy.dll [2010.06.24 03:00:43 | 000,049,472 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\netfxperf.dll [2010.06.23 09:14:02 | 004,240,384 | ---- | C] (Microsoft) -- C:\Windows\System32\GameUXLegacyGDFs.dll [2010.06.23 09:14:02 | 000,028,672 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\Apphlpdm.dll [2010.06.11 08:23:20 | 000,067,072 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\asycfilt.dll [2010.06.11 08:23:18 | 000,289,792 | ---- | C] (Adobe Systems Incorporated) -- C:\Windows\System32\atmfd.dll [2010.06.11 08:23:18 | 000,034,304 | ---- | C] (Adobe Systems) -- C:\Windows\System32\atmlib.dll [2010.06.11 08:22:12 | 001,469,440 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\inetcpl.cpl [2010.06.11 08:22:12 | 000,611,840 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mstime.dll [2010.06.11 08:22:12 | 000,599,040 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msfeeds.dll [2010.06.11 08:22:12 | 000,387,584 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\iedkcs32.dll [2010.06.11 08:22:12 | 000,184,320 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\iepeers.dll [2010.06.11 08:22:12 | 000,164,352 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ieui.dll [2010.06.11 08:22:12 | 000,133,632 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ieUnatt.exe [2010.06.11 08:22:12 | 000,109,056 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\iesysprep.dll [2010.06.11 08:22:12 | 000,055,296 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msfeedsbs.dll [2010.06.11 08:22:12 | 000,025,600 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\jsproxy.dll [2010.06.11 08:22:11 | 001,638,912 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mshtml.tlb [2010.06.11 08:22:11 | 000,173,056 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ie4uinit.exe [2010.06.11 08:22:11 | 000,071,680 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\iesetup.dll [2010.06.11 08:22:11 | 000,055,808 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\iernonce.dll [2010.06.11 08:22:11 | 000,013,312 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msfeedssync.exe [2010.06.11 08:21:01 | 002,037,248 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\win32k.sys [1 C:\Windows\System32\*.tmp files -> C:\Windows\System32\*.tmp -> ] ========== Files - Modified Within 30 Days ========== [2010.07.08 15:43:32 | 004,718,592 | -HS- | M] () -- C:\Users\pcdualcore\ntuser.dat [2010.07.08 15:22:00 | 000,001,096 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job [2010.07.08 14:46:11 | 000,003,696 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0 [2010.07.08 14:46:11 | 000,003,696 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0 [2010.07.08 14:22:00 | 000,001,092 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job [2010.07.08 10:34:31 | 000,223,232 | ---- | M] () -- C:\Users\pcdualcore\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini [2010.07.08 08:45:58 | 000,000,006 | -H-- | M] () -- C:\Windows\tasks\SA.DAT [2010.07.08 08:45:55 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat [2010.07.08 08:45:51 | 2145,902,592 | -HS- | M] () -- C:\hiberfil.sys [2010.07.08 00:44:01 | 000,524,288 | -HS- | M] () -- C:\Users\pcdualcore\NTUSER.DAT{3a539871-6a70-11db-887c-d362bd253390}.TMContainer00000000000000000002.regtrans-ms [2010.07.08 00:44:01 | 000,065,536 | -HS- | M] () -- C:\Users\pcdualcore\NTUSER.DAT{3a539871-6a70-11db-887c-d362bd253390}.TM.blf [2010.07.08 00:43:51 | 003,272,372 | -H-- | M] () -- C:\Users\pcdualcore\AppData\Local\IconCache.db [2010.07.07 16:04:15 | 000,000,428 | -H-- | M] () -- C:\Windows\tasks\User_Feed_Synchronization-{1407C74E-F430-48FD-AC2B-B32A9CBFC111}.job [2010.07.07 13:15:25 | 000,000,768 | ---- | M] () -- C:\Users\pcdualcore\Desktop\CCleaner.lnk [2010.07.07 12:55:42 | 000,001,823 | ---- | M] () -- C:\Users\Public\Desktop\UltraCompare Professional.lnk [2010.07.07 12:52:23 | 000,001,835 | ---- | M] () -- C:\Users\Public\Desktop\UltraEdit.lnk [2010.07.07 12:51:30 | 000,010,692 | ---- | M] () -- C:\Windows\UEDIT32.INI [2010.07.07 12:34:18 | 000,001,921 | ---- | M] () -- C:\Windows\Editor-Ersatz.te1 [2010.07.07 12:34:18 | 000,000,000 | ---- | M] () -- C:\Windows\Programmierer.te1 [2010.07.07 12:34:18 | 000,000,000 | ---- | M] () -- C:\Windows\Power-Anwender.te1 [2010.07.07 12:34:17 | 000,024,304 | ---- | M] () -- C:\Windows\Fortgeschritten.mb1 [2010.07.07 12:34:17 | 000,024,088 | ---- | M] () -- C:\Windows\System-Administrator.mb1 [2010.07.07 12:34:17 | 000,024,087 | ---- | M] () -- C:\Windows\Web-Entwickler.mb1 [2010.07.07 12:34:17 | 000,024,087 | ---- | M] () -- C:\Windows\Technische Autoren.mb1 [2010.07.07 12:34:17 | 000,024,087 | ---- | M] () -- C:\Windows\Programmierer.mb1 [2010.07.07 12:34:17 | 000,023,558 | ---- | M] () -- C:\Windows\Power-Anwender.mb1 [2010.07.07 12:34:17 | 000,011,569 | ---- | M] () -- C:\Windows\System-Administrator.te1 [2010.07.07 12:34:17 | 000,007,656 | ---- | M] () -- C:\Windows\Web-Entwickler.pb1 [2010.07.07 12:34:17 | 000,007,656 | ---- | M] () -- C:\Windows\Technische Autoren.pb1 [2010.07.07 12:34:17 | 000,007,656 | ---- | M] () -- C:\Windows\System-Administrator.pb1 [2010.07.07 12:34:17 | 000,007,656 | ---- | M] () -- C:\Windows\Programmierer.pb1 [2010.07.07 12:34:17 | 000,007,656 | ---- | M] () -- C:\Windows\Power-Anwender.pb1 [2010.07.07 12:34:17 | 000,007,656 | ---- | M] () -- C:\Windows\Fortgeschritten.pb1 [2010.07.07 12:34:17 | 000,005,010 | ---- | M] () -- C:\Windows\Editor-Ersatz.mb1 [2010.07.07 12:34:17 | 000,004,091 | ---- | M] () -- C:\Windows\Editor-Ersatz.pb1 [2010.07.07 12:34:17 | 000,002,938 | ---- | M] () -- C:\Windows\System-Administrator.tb1 [2010.07.07 12:34:17 | 000,002,567 | ---- | M] () -- C:\Windows\Web-Entwickler.tb1 [2010.07.07 12:34:17 | 000,002,010 | ---- | M] () -- C:\Windows\Programmierer.tb1 [2010.07.07 12:34:17 | 000,001,917 | ---- | M] () -- C:\Windows\Web-Entwickler.te1 [2010.07.07 12:34:17 | 000,001,887 | ---- | M] () -- C:\Windows\Technische Autoren.tb1 [2010.07.07 12:34:17 | 000,001,887 | ---- | M] () -- C:\Windows\Power-Anwender.tb1 [2010.07.07 12:34:17 | 000,001,887 | ---- | M] () -- C:\Windows\Fortgeschritten.tb1 [2010.07.07 12:34:17 | 000,000,726 | ---- | M] () -- C:\Windows\Technische Autoren.te1 [2010.07.07 12:34:17 | 000,000,559 | ---- | M] () -- C:\Windows\Editor-Ersatz.tb1 [2010.07.07 12:34:16 | 000,011,707 | ---- | M] () -- C:\Windows\Web-Entwickler.in1 [2010.07.07 12:34:16 | 000,010,708 | ---- | M] () -- C:\Windows\System-Administrator.in1 [2010.07.07 12:34:16 | 000,009,442 | ---- | M] () -- C:\Windows\Programmierer.in1 [2010.07.07 12:34:16 | 000,009,410 | ---- | M] () -- C:\Windows\Technische Autoren.in1 [2010.07.07 12:34:16 | 000,008,618 | ---- | M] () -- C:\Windows\Power-Anwender.in1 [2010.07.07 12:34:16 | 000,007,100 | ---- | M] () -- C:\Windows\Editor-Ersatz.in1 [2010.07.07 12:29:26 | 000,574,976 | ---- | M] (OldTimer Tools) -- C:\Users\pcdualcore\Desktop\OTL.exe [2010.07.07 12:25:36 | 000,000,782 | ---- | M] () -- C:\Users\Public\Desktop\Malwarebytes' Anti-Malware.lnk [2010.07.07 10:42:10 | 000,000,736 | ---- | M] () -- C:\Users\pcdualcore\Desktop\HTTrack Website Copier.lnk [2010.07.07 09:18:26 | 001,472,290 | ---- | M] () -- C:\Windows\System32\PerfStringBackup.INI [2010.07.07 09:18:26 | 000,638,510 | ---- | M] () -- C:\Windows\System32\perfh007.dat [2010.07.07 09:18:26 | 000,604,126 | ---- | M] () -- C:\Windows\System32\perfh009.dat [2010.07.07 09:18:26 | 000,130,462 | ---- | M] () -- C:\Windows\System32\perfc007.dat [2010.07.07 09:18:26 | 000,107,562 | ---- | M] () -- C:\Windows\System32\perfc009.dat [2010.07.05 21:24:21 | 000,325,016 | ---- | M] () -- C:\Windows\System32\FNTCACHE.DAT [2010.07.05 12:34:28 | 000,079,024 | ---- | M] () -- C:\Users\pcdualcore\AppData\Local\GDIPFONTCACHEV1.DAT [2010.07.05 12:24:54 | 000,001,905 | ---- | M] () -- C:\Users\Public\Desktop\StarMoney 7.0 S-Edition.lnk [2010.07.02 13:10:06 | 000,001,851 | ---- | M] () -- C:\Users\Public\Desktop\Adobe Reader 8.lnk [2010.06.29 10:40:42 | 000,000,792 | ---- | M] () -- C:\Users\Public\Desktop\foobar2000.lnk [2010.06.29 00:17:40 | 000,524,288 | -HS- | M] () -- C:\Users\pcdualcore\NTUSER.DAT{3a539871-6a70-11db-887c-d362bd253390}.TMContainer00000000000000000001.regtrans-ms [2010.06.28 15:07:35 | 000,001,794 | ---- | M] () -- C:\Users\pcdualcore\Desktop\Mail Safe Mode.lnk [2010.06.28 11:09:52 | 000,000,823 | ---- | M] () -- C:\Users\Public\Desktop\VLC media player.lnk [2010.06.09 12:40:22 | 000,001,849 | ---- | M] () -- C:\Users\pcdualcore\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Persbackup.lnk [1 C:\Windows\System32\*.tmp files -> C:\Windows\System32\*.tmp -> ] ========== Files Created - No Company Name ========== [2010.07.07 12:55:42 | 000,001,823 | ---- | C] () -- C:\Users\Public\Desktop\UltraCompare Professional.lnk [2010.07.07 12:52:23 | 000,001,835 | ---- | C] () -- C:\Users\Public\Desktop\UltraEdit.lnk [2010.07.07 12:34:18 | 000,001,921 | ---- | C] () -- C:\Windows\Editor-Ersatz.te1 [2010.07.07 12:34:18 | 000,000,000 | ---- | C] () -- C:\Windows\Programmierer.te1 [2010.07.07 12:34:18 | 000,000,000 | ---- | C] () -- C:\Windows\Power-Anwender.te1 [2010.07.07 12:34:17 | 000,024,304 | ---- | C] () -- C:\Windows\Fortgeschritten.mb1 [2010.07.07 12:34:17 | 000,024,088 | ---- | C] () -- C:\Windows\System-Administrator.mb1 [2010.07.07 12:34:17 | 000,024,087 | ---- | C] () -- C:\Windows\Web-Entwickler.mb1 [2010.07.07 12:34:17 | 000,024,087 | ---- | C] () -- C:\Windows\Technische Autoren.mb1 [2010.07.07 12:34:17 | 000,024,087 | ---- | C] () -- C:\Windows\Programmierer.mb1 [2010.07.07 12:34:17 | 000,023,558 | ---- | C] () -- C:\Windows\Power-Anwender.mb1 [2010.07.07 12:34:17 | 000,011,569 | ---- | C] () -- C:\Windows\System-Administrator.te1 [2010.07.07 12:34:17 | 000,007,656 | ---- | C] () -- C:\Windows\Web-Entwickler.pb1 [2010.07.07 12:34:17 | 000,007,656 | ---- | C] () -- C:\Windows\Technische Autoren.pb1 [2010.07.07 12:34:17 | 000,007,656 | ---- | C] () -- C:\Windows\System-Administrator.pb1 [2010.07.07 12:34:17 | 000,007,656 | ---- | C] () -- C:\Windows\Programmierer.pb1 [2010.07.07 12:34:17 | 000,007,656 | ---- | C] () -- C:\Windows\Power-Anwender.pb1 [2010.07.07 12:34:17 | 000,007,656 | ---- | C] () -- C:\Windows\Fortgeschritten.pb1 [2010.07.07 12:34:17 | 000,005,010 | ---- | C] () -- C:\Windows\Editor-Ersatz.mb1 [2010.07.07 12:34:17 | 000,004,091 | ---- | C] () -- C:\Windows\Editor-Ersatz.pb1 [2010.07.07 12:34:17 | 000,002,938 | ---- | C] () -- C:\Windows\System-Administrator.tb1 [2010.07.07 12:34:17 | 000,002,567 | ---- | C] () -- C:\Windows\Web-Entwickler.tb1 [2010.07.07 12:34:17 | 000,002,010 | ---- | C] () -- C:\Windows\Programmierer.tb1 [2010.07.07 12:34:17 | 000,001,917 | ---- | C] () -- C:\Windows\Web-Entwickler.te1 [2010.07.07 12:34:17 | 000,001,887 | ---- | C] () -- C:\Windows\Technische Autoren.tb1 [2010.07.07 12:34:17 | 000,001,887 | ---- | C] () -- C:\Windows\Power-Anwender.tb1 [2010.07.07 12:34:17 | 000,001,887 | ---- | C] () -- C:\Windows\Fortgeschritten.tb1 [2010.07.07 12:34:17 | 000,000,726 | ---- | C] () -- C:\Windows\Technische Autoren.te1 [2010.07.07 12:34:17 | 000,000,559 | ---- | C] () -- C:\Windows\Editor-Ersatz.tb1 [2010.07.07 12:34:16 | 000,011,707 | ---- | C] () -- C:\Windows\Web-Entwickler.in1 [2010.07.07 12:34:16 | 000,010,708 | ---- | C] () -- C:\Windows\System-Administrator.in1 [2010.07.07 12:34:16 | 000,009,442 | ---- | C] () -- C:\Windows\Programmierer.in1 [2010.07.07 12:34:16 | 000,009,410 | ---- | C] () -- C:\Windows\Technische Autoren.in1 [2010.07.07 12:34:16 | 000,008,618 | ---- | C] () -- C:\Windows\Power-Anwender.in1 [2010.07.07 12:34:16 | 000,007,100 | ---- | C] () -- C:\Windows\Editor-Ersatz.in1 [2010.07.07 12:25:36 | 000,000,782 | ---- | C] () -- C:\Users\Public\Desktop\Malwarebytes' Anti-Malware.lnk [2010.07.07 10:42:10 | 000,000,736 | ---- | C] () -- C:\Users\pcdualcore\Desktop\HTTrack Website Copier.lnk [2010.07.05 12:24:54 | 000,001,905 | ---- | C] () -- C:\Users\Public\Desktop\StarMoney 7.0 S-Edition.lnk [2010.06.29 10:40:42 | 000,000,792 | ---- | C] () -- C:\Users\Public\Desktop\foobar2000.lnk [2010.06.28 15:03:49 | 000,001,794 | ---- | C] () -- C:\Users\pcdualcore\Desktop\Mail Safe Mode.lnk [2010.06.28 11:09:52 | 000,000,823 | ---- | C] () -- C:\Users\Public\Desktop\VLC media player.lnk [2010.03.19 10:38:27 | 000,116,224 | ---- | C] () -- C:\Windows\System32\redmonnt.dll [2009.12.16 17:44:06 | 000,290,816 | ---- | C] () -- C:\Windows\System32\decdll.dll [2009.11.05 18:22:37 | 000,040,960 | ---- | C] () -- C:\Windows\System32\p2fContextMenu.dll [2009.09.24 00:56:11 | 000,117,248 | ---- | C] () -- C:\Windows\System32\EhStorAuthn.dll [2009.09.16 13:30:35 | 000,020,992 | ---- | C] () -- C:\Windows\jestertb.dll [2009.07.17 08:24:06 | 000,000,848 | -HS- | C] () -- C:\Windows\System32\KGyGaAvL.sys [2009.04.14 08:06:18 | 000,000,412 | ---- | C] () -- C:\Windows\MAXLINK.INI [2009.04.14 07:46:38 | 000,003,584 | ---- | C] () -- C:\Windows\System32\CNCFLeNL.DLL [2008.05.06 19:39:03 | 000,010,752 | ---- | C] () -- C:\Windows\System32\BASSMOD.dll [2008.03.21 14:43:46 | 000,598,016 | ---- | C] () -- C:\Windows\System32\viscomqtde.dll [2008.03.21 14:43:46 | 000,262,144 | ---- | C] () -- C:\Windows\System32\lame_enc.dll [2008.01.18 10:58:59 | 000,000,301 | ---- | C] () -- C:\Windows\tm.ini [2007.11.06 22:19:28 | 000,053,299 | ---- | C] () -- C:\Windows\System32\pthreadVC.dll [2007.09.28 18:07:52 | 003,596,288 | ---- | C] () -- C:\Windows\System32\qt-dx331.dll [2007.09.28 18:05:50 | 000,000,416 | ---- | C] () -- C:\Windows\System32\dtu100.dll.manifest [2007.09.28 18:05:50 | 000,000,416 | ---- | C] () -- C:\Windows\System32\dpl100.dll.manifest [2007.09.28 18:05:08 | 000,012,288 | ---- | C] () -- C:\Windows\System32\DivXWMPExtType.dll [2007.09.16 12:13:34 | 000,394,240 | ---- | C] () -- C:\Windows\System32\Smab.dll [2007.09.16 12:13:34 | 000,027,648 | ---- | C] () -- C:\Windows\System32\AVSredirect.dll [2007.08.16 15:17:50 | 000,143,360 | ---- | C] () -- C:\Windows\System32\nsldap32v50.dll [2007.08.02 20:06:43 | 000,030,008 | ---- | C] () -- C:\Windows\unvpeye.ini [2007.04.30 21:08:53 | 000,000,000 | ---- | C] () -- C:\Windows\Videodeluxe.INI [2007.04.30 20:37:57 | 000,006,537 | ---- | C] () -- C:\Windows\mgxoschk.ini [2007.04.30 16:54:10 | 000,000,049 | ---- | C] () -- C:\Windows\NeroDigital.ini [2007.04.30 15:42:47 | 000,000,002 | ---- | C] () -- C:\Windows\msoffice.ini [2007.04.30 15:10:11 | 000,010,692 | ---- | C] () -- C:\Windows\UEDIT32.INI [2007.04.27 17:24:22 | 000,003,072 | ---- | C] () -- C:\Windows\System32\CNCFLbNL.DLL [2007.04.27 16:58:01 | 000,000,403 | ---- | C] () -- C:\Windows\ODBC.INI [2007.02.21 21:00:28 | 000,010,752 | ---- | C] () -- C:\Windows\System32\ff_vfw.dll [2006.12.10 23:32:16 | 000,000,547 | ---- | C] () -- C:\Windows\System32\ff_vfw.dll.manifest [2006.12.08 14:50:14 | 000,217,088 | ---- | C] () -- C:\Windows\System32\xvidvfw.dll [2006.12.08 14:47:54 | 001,159,168 | ---- | C] () -- C:\Windows\System32\xvidcore.dll [2006.11.02 14:35:32 | 000,005,632 | ---- | C] () -- C:\Windows\System32\sysprepMCE.dll [2006.11.02 12:25:44 | 000,159,744 | ---- | C] () -- C:\Windows\System32\atitmmxx.dll [2006.11.02 09:40:29 | 000,013,750 | ---- | C] () -- C:\Windows\System32\pacerprf.ini [2005.12.21 16:57:04 | 000,024,576 | ---- | C] () -- C:\Windows\System32\nsldappr32v50.dll [2005.12.21 16:54:34 | 000,040,960 | ---- | C] () -- C:\Windows\System32\nsldapssl32v50.dll [2002.05.28 03:52:36 | 000,106,496 | ---- | C] () -- C:\Windows\japi.dll [2001.06.24 11:32:44 | 000,172,032 | ---- | C] () -- C:\Windows\japi2.dll ========== Alternate Data Streams ========== @Alternate Data Stream - 191 bytes -> C:\ProgramData\TEMP:DCD39382 < End of report > |
|
09.07.2010, 12:35
| #22 |
| /// Winkelfunktion /// TB-Süch-Tiger™ | Google verlinkt auf Malware Virus Seh ich so leider keine Hinweise. Bitte den bootkit_remover herunterladen. Entpacke das Tool in einen eigenen Ordner auf dem Desktop und führe in diesem Ordner die Datei remove.exe aus. Wenn Du Windows Vista oder Windows 7 verwendest, musst Du die remover.exe über ein Rechtsklick => als Administrator ausführen Ein schwarzes Fenster wird sich öffnen und automatisch nach bösartigen Veränderungen im MBR suchen. Poste dann bitte, ob es Veränderungen gibt und wenn ja in welchem device. Am besten alles posten was die remover.exe ausgibt.
__________________ Logfiles bitte immer in CODE-Tags posten |
|
| Themen zu Google verlinkt auf Malware Virus |
| andere, anderen, browser, direkt, eingebe, eintrag, erhalte, folge, folgendes, gehackt, google, grübel, kleines, link, malware, seite, source, suchergebnis, suchfeld, verlinkt, virus, virusscan, virusscanner |
Linear-Darstellung
