| |
| |||||||
Plagegeister aller Art und deren Bekämpfung: Malware gefunden seltsame MeldungenWindows 7 Wenn Du nicht sicher bist, ob Du dir Malware oder Trojaner eingefangen hast, erstelle hier ein Thema. Ein Experte wird sich mit weiteren Anweisungen melden und Dir helfen die Malware zu entfernen oder Unerwünschte Software zu deinstallieren bzw. zu löschen. Bitte schildere dein Problem so genau wie möglich. Sollte es ein Trojaner oder Viren Problem sein wird ein Experte Dir bei der Beseitigug der Infektion helfen. |
 |
09.07.2010, 09:06
| #1 | |||||||
 |  Malware gefunden seltsame Meldungen Hallo zusammen, Ich wende mich mit einem kleinen Problemchen an euch. ICh mache mir nähmlich große Sorgen um meinem PC bzw meine Daten. Heute früh hab ich die Kiste angeschmissen und bekam gleich mal eine Meldung "Windows wird in einer Minute runtergefahren) nach ca. 60 Sek. dann ein Neustart ohne dass ich das gewollt hätte. während dieses Fenster aufging kam gleich mal ne Antivir Meldung. Zitat:
Nach dem Neustart hab ich ein bisl gegoogelt und aber nicht wirklich was gefunden was mir hilft. Momentan lass ich dieses "Anti Malware Malewarebytes" drüber laufen und während dessen bekamm ich noch 6 mal kurz hintereinander Meldung von Antivir. Zitat:
Zitat:
Zitat:
Zitat:
Zitat:
Zitat:
hmm klingt auf jeden Fall nach einem größeren Problem und da ich keine Ahnung von sowas habe hoffe ich auf eure Hilfe. Weiß jemand was die Ursache ist? wie ich alles loswerde? wie ich meine Daten rette? seid so gut und helft einem Noob!  ps: Mein Pc läuft über Windows 7. mfg Tobi |
|
09.07.2010, 10:03
| #2 | |
| |  Malware gefunden seltsame Meldungen sry 4 doppelpost. finde die editier funktion nicht.
__________________Anti Malware Malewarebytes hat etwas gefunden. Hab ich natürlich gleich entfernt. Dann nen Neustart gemacht und eine Fehlermeldung bekommen irgentwas vom adope genau von dem Ding wo Anti Malware etwas gelöscht hat. Zitat:
wars das etwas schon oder kopiert sich das ding? und wie bekomm ich die Fehlermeldung jetzt weg? mfg Tobi |
|
09.07.2010, 11:20
| #3 |
| /// Malware-holic   | Malware gefunden seltsame Meldungen ootl:
__________________Systemscan mit OTL download otl: http://filepony.de/download-otl/ Doppelklick auf die OTL.exe (user von Windows 7 und Vista: Rechtsklick als Administrator ausführen) 1. Oben findest Du ein Kästchen mit Output. Wähle bitte Minimal Output 2. Hake an "scan all users" 3. Unter "Extra Registry wähle: "Use Safelist" "LOP Check" "Purity Check" 4. Kopiere in die Textbox: netsvcs msconfig safebootminimal safebootnetwork activex drivers32 %ALLUSERSPROFILE%\Application Data\*. %ALLUSERSPROFILE%\Application Data\*.exe /s %APPDATA%\*. %APPDATA%\*.exe /s %SYSTEMDRIVE%\*.exe /md5start userinit.exe eventlog.dll scecli.dll netlogon.dll cngaudit.dll ws2ifsl.sys sceclt.dll ntelogon.dll logevent.dll iaStor.sys nvstor.sys atapi.sys IdeChnDr.sys viasraid.sys AGP440.sys vaxscsi.sys nvatabus.sys viamraid.sys nvata.sys nvgts.sys iastorv.sys ViPrt.sys eNetHook.dll ahcix86.sys KR10N.sys nvstor32.sys ahcix86s.sys /md5stop %systemroot%\system32\drivers\*.sys /lockedfiles %systemroot%\System32\config\*.sav %systemroot%\*. /mp /s %systemroot%\system32\*.dll /lockedfiles CREATERESTOREPOINT 5. Klicke "Scan" 6. 2 reporte werden erstellt: OTL.Txt Extras.Txt poste beide. |
|
09.07.2010, 11:37
| #4 |
| | Malware gefunden seltsame Meldungen Hey danke erstmal für deine Antwort. so einmal OTL.txt: Code:
ATTFilter OTL logfile created on: 09.07.2010 12:27:24 - Run 1 OTL by OldTimer - Version 3.2.8.1 Folder = C:\Users\Tobi\Desktop Home Premium Edition (Version = 6.1.7600) - Type = NTWorkstation Internet Explorer (Version = 8.0.7600.16385) Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy 2,00 Gb Total Physical Memory | 1,00 Gb Available Physical Memory | 56,00% Memory free 4,00 Gb Paging File | 3,00 Gb Available in Paging File | 73,00% Paging File free Paging file location(s): ?:\pagefile.sys [binary data] %SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files Drive C: | 465,75 Gb Total Space | 267,06 Gb Free Space | 57,34% Space Free | Partition Type: NTFS Drive D: | 5,40 Gb Total Space | 0,00 Gb Free Space | 0,00% Space Free | Partition Type: CDFS E: Drive not present or media not loaded F: Drive not present or media not loaded G: Drive not present or media not loaded H: Drive not present or media not loaded I: Drive not present or media not loaded Computer Name: TOBI-PC Current User Name: Tobi Logged in as Administrator. Current Boot Mode: Normal Scan Mode: All users Company Name Whitelist: Off Skip Microsoft Files: Off File Age = 30 Days Output = Minimal ========== Processes (SafeList) ========== PRC - C:\Users\Tobi\Desktop\OTL.exe (OldTimer Tools) PRC - C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation) PRC - C:\Program Files\Mozilla Firefox\plugin-container.exe (Mozilla Corporation) PRC - C:\Program Files\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe (NVIDIA Corporation) PRC - C:\Program Files\Avira\AntiVir Desktop\avguard.exe (Avira GmbH) PRC - C:\Program Files\Avira\AntiVir Desktop\avgnt.exe (Avira GmbH) PRC - C:\Program Files\Avira\AntiVir Desktop\sched.exe (Avira GmbH) PRC - C:\Program Files\Logitech\GamePanel Software\LCD Manager\LCDMon.exe (Logitech Inc.) PRC - C:\Program Files\Logitech\GamePanel Software\Applets\LCDClock.exe (Logitech Inc.) PRC - C:\Program Files\Avira\AntiVir Desktop\avshadow.exe (Avira GmbH) PRC - C:\Windows\explorer.exe (Microsoft Corporation) PRC - C:\Program Files\Windows Media Player\wmplayer.exe (Microsoft Corporation) PRC - C:\Program Files\Windows Media Player\WMPSideShowGadget.exe (Microsoft Corporation) PRC - C:\Windows\System32\taskhost.exe (Microsoft Corporation) PRC - C:\Windows\System32\conhost.exe (Microsoft Corporation) PRC - C:\Windows\System32\PSIService.exe () ========== Modules (SafeList) ========== MOD - C:\Users\Tobi\Desktop\OTL.exe (OldTimer Tools) MOD - C:\Windows\System32\sspicli.dll (Microsoft Corporation) MOD - C:\Windows\System32\sechost.dll (Microsoft Corporation) MOD - C:\Windows\System32\samcli.dll (Microsoft Corporation) MOD - C:\Windows\System32\profapi.dll (Microsoft Corporation) MOD - C:\Windows\System32\netutils.dll (Microsoft Corporation) MOD - C:\Windows\System32\KernelBase.dll (Microsoft Corporation) MOD - C:\Windows\System32\dwmapi.dll (Microsoft Corporation) MOD - C:\Windows\System32\devobj.dll (Microsoft Corporation) MOD - C:\Windows\System32\cryptbase.dll (Microsoft Corporation) MOD - C:\Windows\System32\cfgmgr32.dll (Microsoft Corporation) MOD - C:\Windows\System32\msscript.ocx (Microsoft Corporation) MOD - C:\Windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7600.16385_none_421189da2b7fabfc\comctl32.dll (Microsoft Corporation) ========== Win32 Services (SafeList) ========== SRV - (FLEXnet Licensing Service) -- C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe (Acresso Software Inc.) SRV - (LBTServ) -- C:\Program Files\Common Files\LogiShrd\Bluetooth\LBTServ.exe (Logitech, Inc.) SRV - (Stereo Service) -- C:\Program Files\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe (NVIDIA Corporation) SRV - (AntiVirService) -- C:\Program Files\Avira\AntiVir Desktop\avguard.exe (Avira GmbH) SRV - (clr_optimization_v4.0.30319_32) -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe (Microsoft Corporation) SRV - (AntiVirSchedulerService) -- C:\Program Files\Avira\AntiVir Desktop\sched.exe (Avira GmbH) SRV - (WwanSvc) -- C:\Windows\System32\wwansvc.dll (Microsoft Corporation) SRV - (WbioSrvc) -- C:\Windows\System32\wbiosrvc.dll (Microsoft Corporation) SRV - (Power) -- C:\Windows\System32\umpo.dll (Microsoft Corporation) SRV - (Themes) -- C:\Windows\System32\themeservice.dll (Microsoft Corporation) SRV - (sppuinotify) -- C:\Windows\System32\sppuinotify.dll (Microsoft Corporation) SRV - (RpcEptMapper) -- C:\Windows\System32\RpcEpMap.dll (Microsoft Corporation) SRV - (SensrSvc) -- C:\Windows\System32\sensrsvc.dll (Microsoft Corporation) SRV - (PNRPsvc) -- C:\Windows\System32\pnrpsvc.dll (Microsoft Corporation) SRV - (p2pimsvc) -- C:\Windows\System32\pnrpsvc.dll (Microsoft Corporation) SRV - (HomeGroupProvider) -- C:\Windows\System32\provsvc.dll (Microsoft Corporation) SRV - (PNRPAutoReg) -- C:\Windows\System32\pnrpauto.dll (Microsoft Corporation) SRV - (WinDefend) -- C:\Program Files\Windows Defender\MpSvc.dll (Microsoft Corporation) SRV - (HomeGroupListener) -- C:\Windows\System32\ListSvc.dll (Microsoft Corporation) SRV - (FontCache) -- C:\Windows\System32\FntCache.dll (Microsoft Corporation) SRV - (Dhcp) -- C:\Windows\System32\dhcpcore.dll (Microsoft Corporation) SRV - (defragsvc) -- C:\Windows\System32\defragsvc.dll (Microsoft Corporation) SRV - (BDESVC) -- C:\Windows\System32\bdesvc.dll (Microsoft Corporation) SRV - (AxInstSV) ActiveX-Installer (AxInstSV) -- C:\Windows\System32\AxInstSv.dll (Microsoft Corporation) SRV - (AppIDSvc) -- C:\Windows\System32\appidsvc.dll (Microsoft Corporation) SRV - (sppsvc) -- C:\Windows\System32\sppsvc.exe (Microsoft Corporation) SRV - (ProtexisLicensing) -- C:\Windows\System32\PSIService.exe () ========== Driver Services (SafeList) ========== DRV - (SANDRA) -- C:\Program Files\SiSoftware\SiSoftware Sandra Lite 2010.SP1d\WNt500x86\Sandra.sys File not found DRV - (hamachi) -- C:\Windows\System32\drivers\hamachi.sys (LogMeIn, Inc.) DRV - (nvlddmkm) -- C:\Windows\System32\drivers\nvlddmkm.sys (NVIDIA Corporation) DRV - (LMouKE) -- C:\Windows\System32\drivers\LMouKE.Sys (Logitech, Inc.) DRV - (LMouFilt) -- C:\Windows\System32\drivers\LMouFilt.Sys (Logitech, Inc.) DRV - (LHidFilt) -- C:\Windows\System32\drivers\LHidFilt.Sys (Logitech, Inc.) DRV - (L8042mou) -- C:\Windows\System32\drivers\L8042mou.Sys (Logitech, Inc.) DRV - (avipbb) -- C:\Windows\System32\drivers\avipbb.sys (Avira GmbH) DRV - (avgntflt) -- C:\Windows\System32\drivers\avgntflt.sys (Avira GmbH) DRV - (ElbyCDIO) -- C:\Windows\System32\drivers\ElbyCDIO.sys (Elaborate Bytes AG) DRV - (KSecPkg) -- C:\Windows\System32\Drivers\ksecpkg.sys (Microsoft Corporation) DRV - (LGVirHid) -- C:\Windows\System32\drivers\LGVirHid.sys (Logitech Inc.) DRV - (LGBusEnum) -- C:\Windows\System32\drivers\LGBusEnum.sys (Logitech Inc.) DRV - (VClone) -- C:\Windows\System32\drivers\VClone.sys (Elaborate Bytes AG) DRV - (cmdide) -- C:\Windows\system32\DRIVERS\cmdide.sys (CMD Technology, Inc.) DRV - (adpahci) -- C:\Windows\system32\DRIVERS\adpahci.sys (Adaptec, Inc.) DRV - (adp94xx) -- C:\Windows\system32\DRIVERS\adp94xx.sys (Adaptec, Inc.) DRV - (amdsbs) -- C:\Windows\system32\DRIVERS\amdsbs.sys (AMD Technologies Inc.) DRV - (adpu320) -- C:\Windows\system32\DRIVERS\adpu320.sys (Adaptec, Inc.) DRV - (arcsas) -- C:\Windows\system32\DRIVERS\arcsas.sys (Adaptec, Inc.) DRV - (amdsata) -- C:\Windows\system32\DRIVERS\amdsata.sys (Advanced Micro Devices) DRV - (arc) -- C:\Windows\system32\DRIVERS\arc.sys (Adaptec, Inc.) DRV - (amdxata) -- C:\Windows\system32\DRIVERS\amdxata.sys (Advanced Micro Devices) DRV - (aliide) -- C:\Windows\system32\DRIVERS\aliide.sys (Acer Laboratories Inc.) DRV - (nvstor) -- C:\Windows\system32\DRIVERS\nvstor.sys (NVIDIA Corporation) DRV - (nvraid) -- C:\Windows\system32\DRIVERS\nvraid.sys (NVIDIA Corporation) DRV - (nfrd960) -- C:\Windows\system32\DRIVERS\nfrd960.sys (IBM Corporation) DRV - (LSI_SAS) -- C:\Windows\system32\DRIVERS\lsi_sas.sys (LSI Corporation) DRV - (iaStorV) -- C:\Windows\system32\DRIVERS\iaStorV.sys (Intel Corporation) DRV - (MegaSR) -- C:\Windows\system32\DRIVERS\MegaSR.sys (LSI Corporation, Inc.) DRV - (LSI_SCSI) -- C:\Windows\system32\DRIVERS\lsi_scsi.sys (LSI Corporation) DRV - (LSI_FC) -- C:\Windows\system32\DRIVERS\lsi_fc.sys (LSI Corporation) DRV - (LSI_SAS2) -- C:\Windows\system32\DRIVERS\lsi_sas2.sys (LSI Corporation) DRV - (iirsp) -- C:\Windows\system32\DRIVERS\iirsp.sys (Intel Corp./ICP vortex GmbH) DRV - (megasas) -- C:\Windows\system32\DRIVERS\megasas.sys (LSI Corporation) DRV - (hwpolicy) -- C:\Windows\System32\drivers\hwpolicy.sys (Microsoft Corporation) DRV - (elxstor) -- C:\Windows\system32\DRIVERS\elxstor.sys (Emulex) DRV - (aic78xx) -- C:\Windows\system32\DRIVERS\djsvs.sys (Adaptec, Inc.) DRV - (HpSAMD) -- C:\Windows\system32\DRIVERS\HpSAMD.sys (Hewlett-Packard Company) DRV - (FsDepends) -- C:\Windows\System32\drivers\fsdepends.sys (Microsoft Corporation) DRV - (vsmraid) -- C:\Windows\system32\DRIVERS\vsmraid.sys (VIA Technologies Inc.,Ltd) DRV - (vhdmp) -- C:\Windows\system32\DRIVERS\vhdmp.sys (Microsoft Corporation) DRV - (vdrvroot) -- C:\Windows\system32\DRIVERS\vdrvroot.sys (Microsoft Corporation) DRV - (WIMMount) -- C:\Windows\System32\drivers\wimmount.sys (Microsoft Corporation) DRV - (viaide) -- C:\Windows\system32\DRIVERS\viaide.sys (VIA Technologies, Inc.) DRV - (ql2300) -- C:\Windows\system32\DRIVERS\ql2300.sys (QLogic Corporation) DRV - (rdyboost) -- C:\Windows\System32\drivers\rdyboost.sys (Microsoft Corporation) DRV - (ql40xx) -- C:\Windows\system32\DRIVERS\ql40xx.sys (QLogic Corporation) DRV - (SiSRaid4) -- C:\Windows\system32\DRIVERS\sisraid4.sys (Silicon Integrated Systems) DRV - (pcw) -- C:\Windows\System32\drivers\pcw.sys (Microsoft Corporation) DRV - (SiSRaid2) -- C:\Windows\system32\DRIVERS\SiSRaid2.sys (Silicon Integrated Systems Corp.) DRV - (stexstor) -- C:\Windows\system32\DRIVERS\stexstor.sys (Promise Technology) DRV - (CNG) -- C:\Windows\System32\Drivers\cng.sys (Microsoft Corporation) DRV - (Brserid) Brother MFC Serial Port Interface Driver (WDM) -- C:\Windows\System32\Drivers\Brserid.sys (Brother Industries Ltd.) DRV - (rdpbus) -- C:\Windows\system32\DRIVERS\rdpbus.sys (Microsoft Corporation) DRV - (RDPREFMP) -- C:\Windows\System32\drivers\RDPREFMP.sys (Microsoft Corporation) DRV - (RasAgileVpn) WAN Miniport (IKEv2) -- C:\Windows\System32\drivers\agilevpn.sys (Microsoft Corporation) DRV - (WfpLwf) -- C:\Windows\System32\drivers\wfplwf.sys (Microsoft Corporation) DRV - (NdisCap) -- C:\Windows\System32\drivers\ndiscap.sys (Microsoft Corporation) DRV - (vwifibus) -- C:\Windows\System32\drivers\vwifibus.sys (Microsoft Corporation) DRV - (1394ohci) -- C:\Windows\System32\drivers\1394ohci.sys (Microsoft Corporation) DRV - (UmPass) -- C:\Windows\system32\DRIVERS\umpass.sys (Microsoft Corporation) DRV - (mshidkmdf) -- C:\Windows\System32\drivers\mshidkmdf.sys (Microsoft Corporation) DRV - (MTConfig) -- C:\Windows\system32\DRIVERS\MTConfig.sys (Microsoft Corporation) DRV - (CompositeBus) -- C:\Windows\System32\drivers\CompositeBus.sys (Microsoft Corporation) DRV - (AppID) -- C:\Windows\system32\drivers\appid.sys (Microsoft Corporation) DRV - (scfilter) -- C:\Windows\System32\drivers\scfilter.sys (Microsoft Corporation) DRV - (discache) -- C:\Windows\System32\drivers\discache.sys (Microsoft Corporation) DRV - (HidBatt) -- C:\Windows\system32\DRIVERS\HidBatt.sys (Microsoft Corporation) DRV - (AcpiPmi) -- C:\Windows\system32\DRIVERS\acpipmi.sys (Microsoft Corporation) DRV - (AmdPPM) -- C:\Windows\system32\DRIVERS\amdppm.sys (Microsoft Corporation) DRV - (hcw85cir) -- C:\Windows\system32\drivers\hcw85cir.sys (Hauppauge Computer Works, Inc.) DRV - (BrUsbMdm) -- C:\Windows\System32\Drivers\BrUsbMdm.sys (Brother Industries Ltd.) DRV - (BrUsbSer) -- C:\Windows\System32\Drivers\BrUsbSer.sys (Brother Industries Ltd.) DRV - (BrSerWdm) -- C:\Windows\System32\Drivers\BrSerWdm.sys (Brother Industries Ltd.) DRV - (BrFiltLo) -- C:\Windows\system32\DRIVERS\BrFiltLo.sys (Brother Industries, Ltd.) DRV - (BrFiltUp) -- C:\Windows\system32\DRIVERS\BrFiltUp.sys (Brother Industries, Ltd.) DRV - (RTL8167) -- C:\Windows\System32\drivers\Rt86win7.sys (Realtek Corporation ) DRV - (b57nd60x) -- C:\Windows\System32\drivers\b57nd60x.sys (Broadcom Corporation) DRV - (ebdrv) -- C:\Windows\system32\DRIVERS\evbdx.sys (Broadcom Corporation) DRV - (b06bdrv) -- C:\Windows\system32\DRIVERS\bxvbdx.sys (Broadcom Corporation) DRV - (ssmdrv) -- C:\Windows\System32\drivers\ssmdrv.sys (Avira GmbH) DRV - (adfs) -- C:\Windows\System32\drivers\adfs.sys (Adobe Systems, Inc.) ========== Standard Registry (SafeList) ========== ========== Internet Explorer ========== IE - HKU\S-1-5-21-1922945757-944008615-1236141011-1001\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = hxxp://de.msn.com/?ocid=iehp IE - HKU\S-1-5-21-1922945757-944008615-1236141011-1001\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = de IE - HKU\S-1-5-21-1922945757-944008615-1236141011-1001\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 2A E8 F2 A1 81 1C CB 01 [binary data] IE - HKU\S-1-5-21-1922945757-944008615-1236141011-1001\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 ========== FireFox ========== FF - prefs.js..browser.search.defaultenginename: "ICQ Search" FF - prefs.js..browser.search.selectedEngine: "ICQ Search" FF - prefs.js..browser.startup.homepage: "http://www.trojaner-board.de/87947-m...4&feature=sub" FF - prefs.js..extensions.enabledItems: {E2883E8F-472F-4fb0-9522-AC9BF37916A7}:1.6.2.60 FF - prefs.js..extensions.enabledItems: {b9db16a4-6edc-47ec-a1f4-b86292ed211d}:4.7 FF - prefs.js..extensions.enabledItems: smxtra5@smileyxtra.co.uk:5.0.2 FF - prefs.js..extensions.enabledItems: {e968fc70-8f95-4ab9-9e79-304de2a71ee1}:0.7.2 FF - prefs.js..extensions.enabledItems: jqs@sun.com:1.0 FF - prefs.js..keyword.URL: "hxxp://search.icq.com/search/afe_results.php?ch_id=afex&tb_ver=2.0.0.1&q=" FF - HKLM\software\mozilla\Mozilla Firefox 3.6.6\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2010.07.08 07:48:12 | 000,000,000 | ---D | M] FF - HKLM\software\mozilla\Mozilla Firefox 3.6.6\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2010.07.08 07:48:12 | 000,000,000 | ---D | M] [2010.05.12 11:24:07 | 000,000,000 | ---D | M] -- C:\Users\Tobi\AppData\Roaming\mozilla\Extensions [2010.07.08 17:46:10 | 000,000,000 | ---D | M] -- C:\Users\Tobi\AppData\Roaming\mozilla\Firefox\Profiles\n8ws2sy2.default\extensions [2010.05.12 12:32:00 | 000,000,000 | ---D | M] (Microsoft .NET Framework Assistant) -- C:\Users\Tobi\AppData\Roaming\mozilla\Firefox\Profiles\n8ws2sy2.default\extensions\{20a82645-c095-46ed-80e3-08825760534b} [2010.05.18 15:57:07 | 000,000,000 | ---D | M] (DownloadHelper) -- C:\Users\Tobi\AppData\Roaming\mozilla\Firefox\Profiles\n8ws2sy2.default\extensions\{b9db16a4-6edc-47ec-a1f4-b86292ed211d} [2010.05.13 13:58:14 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Tobi\AppData\Roaming\mozilla\Firefox\Profiles\n8ws2sy2.default\extensions\{E2883E8F-472F-4fb0-9522-AC9BF37916A7} [2010.05.12 12:16:54 | 000,000,000 | ---D | M] (User Agent Switcher) -- C:\Users\Tobi\AppData\Roaming\mozilla\Firefox\Profiles\n8ws2sy2.default\extensions\{e968fc70-8f95-4ab9-9e79-304de2a71ee1} [2010.06.03 16:06:56 | 000,000,000 | ---D | M] -- C:\Users\Tobi\AppData\Roaming\mozilla\Firefox\Profiles\n8ws2sy2.default\extensions\DeviceDetection@logitech.com [2010.05.12 12:16:53 | 000,000,000 | ---D | M] -- C:\Users\Tobi\AppData\Roaming\mozilla\Firefox\Profiles\n8ws2sy2.default\extensions\smxtra5@smileyxtra.co.uk [2010.06.03 16:06:56 | 000,000,000 | ---D | M] -- C:\Users\Tobi\AppData\Roaming\mozilla\Firefox\Profiles\n8ws2sy2.default\extensions\staged-xpis [2010.07.04 07:21:39 | 000,000,947 | ---- | M] () -- C:\Users\Tobi\AppData\Roaming\Mozilla\FireFox\Profiles\n8ws2sy2.default\searchplugins\icqplugin.xml [2010.07.08 17:46:10 | 000,000,000 | ---D | M] -- C:\Program Files\Mozilla Firefox\extensions [2010.01.12 22:03:50 | 000,063,488 | ---- | M] (Nullsoft, Inc.) -- C:\Program Files\Mozilla Firefox\plugins\npwachk.dll [2010.04.01 18:54:38 | 000,001,392 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\amazondotcom-de.xml [2010.04.01 18:54:38 | 000,002,344 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\eBay-de.xml [2010.04.01 18:54:38 | 000,006,805 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\leo_ende_de.xml [2010.04.01 18:54:38 | 000,001,178 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\wikipedia-de.xml [2010.04.01 18:54:38 | 000,001,105 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\yahoo-de.xml O1 HOSTS File: ([2010.05.14 09:51:13 | 000,001,379 | ---- | M]) - C:\Windows\System32\drivers\etc\hosts O1 - Hosts: 127.0.0.1 activate.adobe.com O1 - Hosts: 127.0.0.1 adobeereg.com O1 - Hosts: 127.0.0.1 www.adobeereg.com O1 - Hosts: 127.0.0.1 activate.adobe.com O1 - Hosts: 127.0.0.1 activate-sea.adobe.com O1 - Hosts: 127.0.0.1 activate-sjc0.adobe.com O1 - Hosts: 127.0.0.1 wwis-dubc1-vip60.adobe.com O1 - Hosts: 127.0.0.1 192.150.18.108 O1 - Hosts: 127.0.0.1 adobeereg.com O1 - Hosts: 127.0.0.1 www.adobeereg.com O1 - Hosts: 127.0.0.1 activate.adobe.com O1 - Hosts: 127.0.0.1 activate-sea.adobe.com O1 - Hosts: 127.0.0.1 activate-sjc0.adobe.com O1 - Hosts: 127.0.0.1 wwis-dubc1-vip60.adobe.com O1 - Hosts: 127.0.0.1 192.150.18.108 O2 - BHO: (Groove GFS Browser Helper) - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll (Microsoft Corporation) O4 - HKLM..\Run: [avgnt] C:\Program Files\Avira\AntiVir Desktop\avgnt.exe (Avira GmbH) O4 - HKU\S-1-5-19..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (Microsoft Corporation) O4 - HKU\S-1-5-20..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (Microsoft Corporation) O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 0 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableLUA = 0 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: PromptOnSecureDesktop = 0 O7 - HKU\S-1-5-21-1922945757-944008615-1236141011-1001\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145 O7 - HKU\S-1-5-21-1922945757-944008615-1236141011-1001\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutorun = 0 O8 - Extra context menu item: Nach Microsoft E&xel exportieren - C:\Program Files\Microsoft Office\Office12\EXCEL.EXE (Microsoft Corporation) O9 - Extra Button: An OneNote senden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files\Microsoft Office\Office12\ONBttnIE.dll (Microsoft Corporation) O9 - Extra 'Tools' menuitem : An OneNote s&enden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files\Microsoft Office\Office12\ONBttnIE.dll (Microsoft Corporation) O9 - Extra Button: ICQ7.1 - {71BFC818-0CED-42D6-9C87-5142918957EE} - C:\Program Files\ICQ7.1\ICQ.exe (ICQ, LLC.) O9 - Extra 'Tools' menuitem : ICQ7.1 - {71BFC818-0CED-42D6-9C87-5142918957EE} - C:\Program Files\ICQ7.1\ICQ.exe (ICQ, LLC.) O9 - Extra Button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\Program Files\Microsoft Office\Office12\REFIEBAR.DLL (Microsoft Corporation) O13 - gopher Prefix: missing O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_15-windows-i586.cab (Java Plug-in 1.6.0_15) O16 - DPF: {CAFEEFAC-0016-0000-0015-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_15-windows-i586.cab (Java Plug-in 1.6.0_15) O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_15-windows-i586.cab (Java Plug-in 1.6.0_15) O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} hxxp://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab (Shockwave Flash Object) O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.2.1 O18 - Protocol\Handler\grooveLocalGWS {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\Program Files\Microsoft Office\Office12\GrooveSystemServices.dll (Microsoft Corporation) O18 - Protocol\Handler\ms-help {314111c7-a502-11d2-bbca-00c04f8ec294} - C:\Program Files\Common Files\microsoft shared\Help\hxds.dll (Microsoft Corporation) O18 - Protocol\Filter\text/xml {807563E5-5146-11D5-A672-00B0D022E945} - C:\Program Files\Common Files\microsoft shared\OFFICE12\MSOXMLMF.DLL (Microsoft Corporation) O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation) O20 - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\Windows\System32\SystemPropertiesPerformance.exe (Microsoft Corporation) O20 - HKLM Winlogon: VMApplet - (/pagefile) - File not found O20 - Winlogon\Notify\LBTWlgn: DllName - c:\program files\common files\logishrd\bluetooth\LBTWlgn.dll - c:\Program Files\Common Files\LogiShrd\Bluetooth\LBTWLgn.dll (Logitech, Inc.) O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - CLSID or File not found. O28 - HKLM ShellExecuteHooks: {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll (Microsoft Corporation) O30 - LSA: Security Packages - (pku2u) - C:\Windows\System32\pku2u.dll (Microsoft Corporation) O32 - HKLM CDRom: AutoRun - 1 O32 - AutoRun File - [2009.06.10 23:42:20 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ] O32 - AutoRun File - [2010.02.10 03:55:59 | 000,423,304 | R--- | M] (Electronic Arts) - D:\AutoRun.exe -- [ CDFS ] O32 - AutoRun File - [2010.02.10 08:21:09 | 000,000,000 | ---D | M] - D:\Autorun -- [ CDFS ] O32 - AutoRun File - [2010.01.31 10:21:13 | 000,367,686 | R--- | M] () - D:\Autorun.ico -- [ CDFS ] O32 - AutoRun File - [2010.02.10 04:55:03 | 009,965,568 | R--- | M] () - D:\autorun.dat -- [ CDFS ] O32 - AutoRun File - [2010.02.10 04:54:55 | 000,000,155 | R--- | M] () - D:\autorun.inf -- [ CDFS ] O33 - MountPoints2\{19898b3a-5da5-11df-8d12-001d92f42d63}\Shell - "" = AutoRun O33 - MountPoints2\{19898b3a-5da5-11df-8d12-001d92f42d63}\Shell\AutoRun\command - "" = E:\autorun.exe -- File not found O33 - MountPoints2\{860532dc-5da3-11df-b53b-806e6f6e6963}\Shell - "" = AutoRun O33 - MountPoints2\{860532dc-5da3-11df-b53b-806e6f6e6963}\Shell\AutoRun\command - "" = D:\AutoRun.exe -- [2010.02.10 03:55:59 | 000,423,304 | R--- | M] (Electronic Arts) O34 - HKLM BootExecute: (autocheck autochk *) - File not found O35 - HKLM\..comfile [open] -- "%1" %* O35 - HKLM\..exefile [open] -- "%1" %* O37 - HKLM\...com [@ = comfile] -- "%1" %* O37 - HKLM\...exe [@ = exefile] -- "%1" %* NetSvcs: FastUserSwitchingCompatibility - File not found NetSvcs: Ias - File not found NetSvcs: Nla - File not found NetSvcs: Ntmssvc - File not found NetSvcs: NWCWorkstation - File not found NetSvcs: Nwsapagent - File not found NetSvcs: SRService - File not found NetSvcs: Wmi - C:\Windows\System32\wmi.dll (Microsoft Corporation) NetSvcs: WmdmPmSp - File not found NetSvcs: LogonHours - File not found NetSvcs: PCAudit - File not found NetSvcs: helpsvc - File not found NetSvcs: uploadmgr - File not found NetSvcs: Themes - C:\Windows\System32\themeservice.dll (Microsoft Corporation) NetSvcs: BDESVC - C:\Windows\System32\bdesvc.dll (Microsoft Corporation) MsConfig - StartUpFolder: C:^Users^Tobi^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^Logitech . Produktregistrierung.lnk - C:\Program Files\Common Files\LogiShrd\eReg\SetPoint\eReg.exe - (Leader Technologies/Logitech) MsConfig - StartUpReg: Adobe ARM - hkey= - key= - C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe (Adobe Systems Incorporated) MsConfig - StartUpReg: Adobe Reader Speed Launcher - hkey= - key= - C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe (Adobe Systems Incorporated) MsConfig - StartUpReg: AdobeCS4ServiceManager - hkey= - key= - C:\Program Files\Common Files\Adobe\CS4ServiceManager\CS4ServiceManager.exe (Adobe Systems Incorporated) MsConfig - StartUpReg: DivXUpdate - hkey= - key= - C:\Program Files\DivX\DivX Update\DivXUpdate.exe () MsConfig - StartUpReg: EvtMgr6 - hkey= - key= - C:\Program Files\SetPointP\SetPoint.exe (Logitech, Inc.) MsConfig - StartUpReg: ICQ - hkey= - key= - C:\Program Files\ICQ7.1\ICQ.exe (ICQ, LLC.) MsConfig - StartUpReg: iTunesHelper - hkey= - key= - C:\Program Files\iTunes\iTunesHelper.exe (Apple Inc.) MsConfig - StartUpReg: Launch LCDMon - hkey= - key= - C:\Program Files\Logitech\GamePanel Software\LCD Manager\LCDMon.exe (Logitech Inc.) MsConfig - StartUpReg: Launch LGDCore - hkey= - key= - C:\Program Files\Logitech\GamePanel Software\G-series Software\LGDCore.exe (Logitech Inc.) MsConfig - StartUpReg: Launch LgDeviceAgent - hkey= - key= - C:\Program Files\Logitech\GamePanel Software\LgDevAgt.exe (Logitech Inc.) MsConfig - StartUpReg: Orb - hkey= - key= - C:\Program Files\Winamp Remote\bin\OrbTray.exe (Orb Networks) MsConfig - StartUpReg: QuickTime Task - hkey= - key= - C:\Program Files\QuickTime\QTTask.exe (Apple Inc.) MsConfig - StartUpReg: TrayServer - hkey= - key= - C:\Program Files\MAGIX\Video_deluxe_16_Plus_Download-Version\Trayserver.exe (MAGIX AG) MsConfig - StartUpReg: Ulead AutoDetector v2 - hkey= - key= - C:\Program Files\Common Files\Ulead Systems\AutoDetector\Monitor.exe (Ulead Systems, Inc.) MsConfig - StartUpReg: VirtualCloneDrive - hkey= - key= - C:\Program Files\Elaborate Bytes\VirtualCloneDrive\VCDDaemon.exe (Elaborate Bytes AG) SafeBootMin: AppMgmt - Service SafeBootMin: Base - Driver Group SafeBootMin: Boot Bus Extender - Driver Group SafeBootMin: Boot file system - Driver Group SafeBootMin: File system - Driver Group SafeBootMin: Filter - Driver Group SafeBootMin: HelpSvc - Service SafeBootMin: NTDS - File not found SafeBootMin: PCI Configuration - Driver Group SafeBootMin: PNP Filter - Driver Group SafeBootMin: Power - C:\Windows\System32\umpo.dll (Microsoft Corporation) SafeBootMin: Primary disk - Driver Group SafeBootMin: RpcEptMapper - C:\Windows\System32\RpcEpMap.dll (Microsoft Corporation) SafeBootMin: sacsvr - Service SafeBootMin: SCSI Class - Driver Group SafeBootMin: System Bus Extender - Driver Group SafeBootMin: vmms - Service SafeBootMin: WinDefend - C:\Program Files\Windows Defender\MpSvc.dll (Microsoft Corporation) SafeBootMin: {36FC9E60-C465-11CF-8056-444553540000} - Universal Serial Bus controllers SafeBootMin: {4D36E965-E325-11CE-BFC1-08002BE10318} - CD-ROM Drive SafeBootMin: {4D36E967-E325-11CE-BFC1-08002BE10318} - DiskDrive SafeBootMin: {4D36E969-E325-11CE-BFC1-08002BE10318} - Standard floppy disk controller SafeBootMin: {4D36E96A-E325-11CE-BFC1-08002BE10318} - Hdc SafeBootMin: {4D36E96B-E325-11CE-BFC1-08002BE10318} - Keyboard SafeBootMin: {4D36E96F-E325-11CE-BFC1-08002BE10318} - Mouse SafeBootMin: {4D36E977-E325-11CE-BFC1-08002BE10318} - PCMCIA Adapters SafeBootMin: {4D36E97B-E325-11CE-BFC1-08002BE10318} - SCSIAdapter SafeBootMin: {4D36E97D-E325-11CE-BFC1-08002BE10318} - System SafeBootMin: {4D36E980-E325-11CE-BFC1-08002BE10318} - Floppy disk drive SafeBootMin: {533C5B84-EC70-11D2-9505-00C04F79DEAF} - Volume shadow copy SafeBootMin: {6BDD1FC1-810F-11D0-BEC7-08002BE2092F} - IEEE 1394 Bus host controllers SafeBootMin: {71A27CDD-812A-11D0-BEC7-08002BE2092F} - Volume SafeBootMin: {745A17A0-74D3-11D0-B6FE-00A0C90F57DA} - Human Interface Devices SafeBootMin: {D48179BE-EC20-11D1-B6B8-00C04FA372A7} - SBP2 IEEE 1394 Devices SafeBootMin: {D94EE5D8-D189-4994-83D2-F68D7D41B0E6} - SecurityDevices SafeBootNet: AppMgmt - Service SafeBootNet: Base - Driver Group SafeBootNet: Boot Bus Extender - Driver Group SafeBootNet: Boot file system - Driver Group SafeBootNet: Dhcp - C:\Windows\System32\dhcpcore.dll (Microsoft Corporation) SafeBootNet: File system - Driver Group SafeBootNet: Filter - Driver Group SafeBootNet: HelpSvc - Service SafeBootNet: Messenger - Service SafeBootNet: NDIS Wrapper - Driver Group SafeBootNet: ndiscap - C:\Windows\System32\drivers\ndiscap.sys (Microsoft Corporation) SafeBootNet: NetBIOSGroup - Driver Group SafeBootNet: NetDDEGroup - Driver Group SafeBootNet: Network - Driver Group SafeBootNet: NetworkProvider - Driver Group SafeBootNet: NTDS - File not found SafeBootNet: PCI Configuration - Driver Group SafeBootNet: PNP Filter - Driver Group SafeBootNet: PNP_TDI - Driver Group SafeBootNet: Power - C:\Windows\System32\umpo.dll (Microsoft Corporation) SafeBootNet: Primary disk - Driver Group SafeBootNet: rdsessmgr - Service SafeBootNet: RpcEptMapper - C:\Windows\System32\RpcEpMap.dll (Microsoft Corporation) SafeBootNet: sacsvr - Service SafeBootNet: SCSI Class - Driver Group SafeBootNet: Streams Drivers - Driver Group SafeBootNet: System Bus Extender - Driver Group SafeBootNet: TDI - Driver Group SafeBootNet: vmms - Service SafeBootNet: WinDefend - C:\Program Files\Windows Defender\MpSvc.dll (Microsoft Corporation) SafeBootNet: WudfUsbccidDriver - Driver SafeBootNet: {36FC9E60-C465-11CF-8056-444553540000} - Universal Serial Bus controllers SafeBootNet: {4D36E965-E325-11CE-BFC1-08002BE10318} - CD-ROM Drive SafeBootNet: {4D36E967-E325-11CE-BFC1-08002BE10318} - DiskDrive SafeBootNet: {4D36E969-E325-11CE-BFC1-08002BE10318} - Standard floppy disk controller SafeBootNet: {4D36E96A-E325-11CE-BFC1-08002BE10318} - Hdc SafeBootNet: {4D36E96B-E325-11CE-BFC1-08002BE10318} - Keyboard SafeBootNet: {4D36E96F-E325-11CE-BFC1-08002BE10318} - Mouse SafeBootNet: {4D36E972-E325-11CE-BFC1-08002BE10318} - Net SafeBootNet: {4D36E973-E325-11CE-BFC1-08002BE10318} - NetClient SafeBootNet: {4D36E974-E325-11CE-BFC1-08002BE10318} - NetService SafeBootNet: {4D36E975-E325-11CE-BFC1-08002BE10318} - NetTrans SafeBootNet: {4D36E977-E325-11CE-BFC1-08002BE10318} - PCMCIA Adapters SafeBootNet: {4D36E97B-E325-11CE-BFC1-08002BE10318} - SCSIAdapter SafeBootNet: {4D36E97D-E325-11CE-BFC1-08002BE10318} - System SafeBootNet: {4D36E980-E325-11CE-BFC1-08002BE10318} - Floppy disk drive SafeBootNet: {50DD5230-BA8A-11D1-BF5D-0000F805F530} - Smart card readers SafeBootNet: {533C5B84-EC70-11D2-9505-00C04F79DEAF} - Volume shadow copy SafeBootNet: {6BDD1FC1-810F-11D0-BEC7-08002BE2092F} - IEEE 1394 Bus host controllers SafeBootNet: {71A27CDD-812A-11D0-BEC7-08002BE2092F} - Volume SafeBootNet: {745A17A0-74D3-11D0-B6FE-00A0C90F57DA} - Human Interface Devices SafeBootNet: {D48179BE-EC20-11D1-B6B8-00C04FA372A7} - SBP2 IEEE 1394 Devices SafeBootNet: {D94EE5D8-D189-4994-83D2-F68D7D41B0E6} - SecurityDevices ActiveX: {08B0E5C0-4FCB-11CF-AAA5-00401C608500} - Java (Sun) ActiveX: {22d6f312-b0f6-11d0-94ab-0080c74c7e95} - Microsoft Windows Media Player 12.0 ActiveX: {25FFAAD0-F4A3-4164-95FF-4461E9F35D51} - .NET Framework ActiveX: {2B4C1887-740C-F6C9-1479-82F97CB9AFA0} - Microsoft Windows Media Player 12.0 ActiveX: {2C7339CF-2B09-4501-B3F3-F3508C9228ED} - %SystemRoot%\system32\regsvr32.exe /s /n /i:/UserInstall %SystemRoot%\system32\themeui.dll ActiveX: {3af36230-a269-11d1-b5bf-0000f8051515} - Offline Browsing Pack ActiveX: {3C3901C5-3455-3E0A-A214-0B093A5070A6} - .NET Framework ActiveX: {44BBA840-CC51-11CF-AAFA-00AA00B6015C} - "%ProgramFiles%\Windows Mail\WinMail.exe" OCInstallUserConfigOE ActiveX: {44BBA855-CC51-11CF-AAFA-00AA00B6015F} - DirectDrawEx ActiveX: {45ea75a0-a269-11d1-b5bf-0000f8051515} - Internet Explorer Help ActiveX: {4f645220-306d-11d2-995d-00c04f98bbc9} - Microsoft Windows Script 5.6 ActiveX: {5fd399c0-a70a-11d1-9948-00c04f98bbc9} - Internet Explorer Setup Tools ActiveX: {630b1da0-b465-11d1-9948-00c04f98bbc9} - Browsing Enhancements ActiveX: {6BF52A52-394A-11d3-B153-00C04F79FAA6} - Microsoft Windows Media Player ActiveX: {6fab99d0-bab8-11d1-994a-00c04f98bbc9} - MSN Site Access ActiveX: {7790769C-0471-11d2-AF11-00C04FA35D02} - Address Book 7 ActiveX: {7C028AF8-F614-47B3-82DA-BA94E41B1089} - .NET Framework ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4340} - regsvr32.exe /s /n /i:U shell32.dll ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4383} - C:\Windows\System32\ie4uinit.exe -BaseSettings ActiveX: {89B4C1CD-B018-4511-B0A1-5476DBF70820} - C:\Windows\system32\Rundll32.exe C:\Windows\system32\mscories.dll,Install ActiveX: {9381D8F2-0288-11D0-9501-00AA00B911A5} - Dynamic HTML Data Binding ActiveX: {C9E9A340-D1F1-11D0-821E-444553540600} - Internet Explorer Core Fonts ActiveX: {CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1} - .NET Framework ActiveX: {D27CDB6E-AE6D-11CF-96B8-444553540000} - Adobe Flash Player ActiveX: {de5aed00-a4bf-11d1-9948-00c04f98bbc9} - HTML Help ActiveX: {E92B03AB-B707-11d2-9CBD-0000F87A369E} - Active Directory Service Interface ActiveX: {EE8D9C99-122E-5D5A-8AE9-11A926D8E7F9} - Browser Customizations ActiveX: >{22d6f312-b0f6-11d0-94ab-0080c74c7e95} - %SystemRoot%\system32\unregmp2.exe /ShowWMP ActiveX: >{26923b43-4d38-484f-9b9e-de460746276c} - C:\Windows\System32\ie4uinit.exe -UserIconConfig ActiveX: >{60B49E34-C7CC-11D0-8953-00A0C90347FF} - "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\iedkcs32.dll",BrandIEActiveSetup SIGNUP Drivers32: msacm.l3acm - C:\Windows\System32\l3codeca.acm (Fraunhofer Institut Integrierte Schaltungen IIS) Drivers32: msacm.lhacm - C:\Windows\System32\lhacm.acm (Microsoft Corporation) Drivers32: vidc.cvid - C:\Windows\System32\iccvid.dll (Radius Inc.) Drivers32: vidc.DIVX - C:\Windows\System32\DivX.dll (DivX, Inc.) Drivers32: VIDC.FPS1 - C:\Windows\System32\frapsvid.dll (Beepa P/L) Drivers32: vidc.yv12 - C:\Windows\System32\DivX.dll (DivX, Inc.) ========== Files/Folders - Created Within 30 Days ========== [2010.07.09 12:25:43 | 000,574,976 | ---- | C] (OldTimer Tools) -- C:\Users\Tobi\Desktop\OTL.exe [2010.07.09 09:44:51 | 000,000,000 | ---D | C] -- C:\Users\Tobi\AppData\Roaming\Malwarebytes [2010.07.09 09:44:44 | 000,038,224 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbamswissarmy.sys [2010.07.09 09:44:43 | 000,020,952 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbam.sys [2010.07.09 09:44:43 | 000,000,000 | ---D | C] -- C:\Program Files\Malwarebytes' Anti-Malware [2010.07.09 09:44:43 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes [2010.07.08 11:44:45 | 000,000,000 | ---D | C] -- C:\Program Files\Winterberg Configurator [2010.07.08 09:34:02 | 000,016,400 | ---- | C] (Logitech, Inc.) -- C:\Windows\System32\drivers\LNonPnP.sys [2010.07.08 07:49:28 | 000,007,680 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\CIRCoInst.dll [2010.07.08 07:48:37 | 000,000,000 | ---D | C] -- C:\ProgramData\Windows Genuine Advantage [2010.07.07 21:18:21 | 000,000,000 | ---D | C] -- C:\Users\Tobi\Desktop\Neuer Ordner (2) [2010.07.07 13:52:32 | 000,000,000 | ---D | C] -- C:\Users\Tobi\AppData\Local\Winterberg-Modifkation_fü [2010.07.07 11:06:11 | 000,000,000 | ---D | C] -- C:\Users\Tobi\Desktop\GodMode.{ED7BA470-8E54-465E-825C-99712043E01C} [2010.07.07 09:36:33 | 000,000,000 | ---D | C] -- C:\Users\Tobi\AppData\Local\Logitech [2010.07.07 09:36:14 | 000,000,000 | ---D | C] -- C:\ProgramData\Logitech [2010.07.07 09:36:13 | 000,000,000 | ---D | C] -- C:\Program Files\Logitech [2010.07.07 09:24:51 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Wise Installation Wizard [2010.07.07 09:20:12 | 000,000,000 | ---D | C] -- C:\Program Files\SetPointG [2010.07.07 09:20:06 | 000,000,000 | ---D | C] -- C:\Program Files\SetPointP [2010.07.05 20:29:01 | 000,318,904 | ---- | C] (Microsoft Corporation) -- C:\Users\Tobi\Desktop\wmpfirefoxplugin.exe [2010.07.05 19:23:52 | 000,000,000 | ---D | C] -- C:\Users\Tobi\Desktop\Neuer Ordner [2010.07.05 10:48:14 | 000,000,000 | ---D | C] -- C:\Windows\pss [2010.07.05 10:33:16 | 000,000,000 | ---D | C] -- C:\Program Files\CamStudio [2010.07.04 08:15:06 | 000,000,000 | ---D | C] -- C:\Users\Tobi\Documents\RCT3 [2010.07.04 08:15:06 | 000,000,000 | ---D | C] -- C:\Users\Tobi\AppData\Roaming\Atari [2010.07.04 08:14:55 | 000,098,304 | ---- | C] (Sony DADC Austria AG.) -- C:\Windows\System32\CmdLineExt.dll [2010.07.04 07:51:44 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\PocketSoft [2010.07.04 07:48:28 | 000,000,000 | ---D | C] -- C:\Program Files\Atari [2010.07.04 07:47:10 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\InstallShield [2010.07.04 07:45:49 | 000,000,000 | ---D | C] -- C:\Users\Tobi\RCT3_Soaked_German [2010.07.02 16:43:12 | 000,000,000 | ---D | C] -- C:\Users\Tobi\Desktop\Schatz Schule [2010.07.01 12:32:45 | 000,000,000 | ---D | C] -- C:\Users\Tobi\AppData\Local\ElevatedDiagnostics [2010.06.29 10:32:02 | 000,000,000 | ---D | C] -- C:\ProgramData\Electronic Arts [2010.06.29 10:32:00 | 000,000,000 | ---D | C] -- C:\Users\Tobi\Documents\FIFA 10 [2010.06.29 10:01:26 | 000,000,000 | ---D | C] -- C:\Program Files\EA Sports [2010.06.29 07:55:30 | 000,000,000 | ---D | C] -- C:\Program Files\Blur [2010.06.29 07:53:45 | 000,000,000 | ---D | C] -- C:\Users\Tobi\AppData\Roaming\bizarre creations [2010.06.29 07:30:05 | 000,000,000 | ---D | C] -- C:\Program Files (x86) [2010.06.27 08:01:47 | 000,000,000 | ---D | C] -- C:\Users\Tobi\Documents\FIFA 10 - Demo [2010.06.26 15:08:59 | 000,295,264 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\PresentationHost.exe [2010.06.26 15:08:59 | 000,099,176 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\PresentationHostProxy.dll [2010.06.26 15:08:59 | 000,049,472 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\netfxperf.dll [2010.06.26 14:03:04 | 000,000,000 | ---D | C] -- C:\Users\Tobi\Documents\KONAMI [2010.06.26 09:35:03 | 000,000,000 | ---D | C] -- C:\Users\Tobi\AppData\Local\Downloaded Installations [2010.06.26 07:43:05 | 000,000,000 | ---D | C] -- C:\Program Files\iPod [2010.06.26 07:43:04 | 000,000,000 | ---D | C] -- C:\Program Files\iTunes [2010.06.26 07:07:52 | 000,641,536 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\CPFilters.dll [2010.06.26 07:07:51 | 000,417,792 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msdri.dll [2010.06.26 07:07:51 | 000,204,288 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\MSNP.ax [2010.06.26 07:07:51 | 000,199,680 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mpg2splt.ax [2010.06.19 18:38:50 | 000,000,000 | ---D | C] -- C:\Users\Tobi\muscke [2010.06.19 18:36:56 | 000,000,000 | ---D | C] -- C:\Program Files\7-Zip [2010.06.12 19:24:13 | 000,000,000 | ---D | C] -- C:\ProgramData\NVIDIA [2010.06.12 19:22:39 | 015,227,496 | ---- | C] (NVIDIA Corporation) -- C:\Windows\System32\nvoglv32.dll [2010.06.12 19:22:39 | 011,573,800 | ---- | C] (NVIDIA Corporation) -- C:\Windows\System32\drivers\nvlddmkm.sys [2010.06.12 19:22:39 | 000,795,104 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\dpinst.exe [2010.06.12 19:22:39 | 000,056,424 | ---- | C] (Khronos Group) -- C:\Windows\System32\OpenCL.dll [2010.06.12 19:22:39 | 000,010,920 | ---- | C] (NVIDIA Corporation) -- C:\Windows\System32\drivers\nvBridge.kmd [2010.06.12 19:22:37 | 011,647,592 | ---- | C] (NVIDIA Corporation) -- C:\Windows\System32\nvcompiler.dll [2010.06.12 19:22:37 | 009,386,600 | ---- | C] (NVIDIA Corporation) -- C:\Windows\System32\nvd3dum.dll [2010.06.12 19:22:37 | 004,029,544 | ---- | C] (NVIDIA Corporation) -- C:\Windows\System32\nvcuda.dll [2010.06.12 19:22:37 | 002,907,752 | ---- | C] (NVIDIA Corporation) -- C:\Windows\System32\nvencodemft.dll [2010.06.12 19:22:37 | 002,646,632 | ---- | C] (NVIDIA Corporation) -- C:\Windows\System32\nvcuvenc.dll [2010.06.12 19:22:37 | 002,009,704 | ---- | C] (NVIDIA Corporation) -- C:\Windows\System32\nvcuvid.dll [2010.06.12 19:22:37 | 000,316,008 | ---- | C] (NVIDIA Corporation) -- C:\Windows\System32\nvdecodemft.dll [2010.06.12 19:22:37 | 000,227,944 | ---- | C] (NVIDIA Corporation) -- C:\Windows\System32\nvcod1914.dll [2010.06.12 19:22:37 | 000,227,944 | ---- | C] (NVIDIA Corporation) -- C:\Windows\System32\nvcod.dll [2010.06.12 19:22:35 | 001,296,488 | ---- | C] (NVIDIA Corporation) -- C:\Windows\System32\nvapi.dll [2010.06.12 19:22:31 | 000,000,000 | ---D | C] -- C:\NVIDIA [2010.06.12 18:10:17 | 000,000,000 | ---D | C] -- C:\Users\Tobi\AppData\Local\PunkBuster [2010.06.12 18:10:14 | 000,000,000 | ---D | C] -- C:\Users\Tobi\Documents\BFBC2 [2010.06.12 17:41:51 | 000,000,000 | ---D | C] -- C:\Program Files\Electronic Arts [2010.06.11 14:05:31 | 002,326,528 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\win32k.sys [2010.06.11 14:05:30 | 000,067,584 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\asycfilt.dll [2010.06.11 14:05:27 | 000,606,208 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mstime.dll [2010.06.11 14:05:27 | 000,381,440 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\iedkcs32.dll [2010.06.11 14:05:27 | 000,064,512 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msfeedsbs.dll [2010.06.11 14:05:27 | 000,048,128 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\jsproxy.dll [2010.06.11 14:05:25 | 000,293,888 | ---- | C] (Adobe Systems Incorporated) -- C:\Windows\System32\atmfd.dll [2010.06.11 14:05:25 | 000,034,304 | ---- | C] (Adobe Systems) -- C:\Windows\System32\atmlib.dll [3 C:\ProgramData\*.tmp files -> C:\ProgramData\*.tmp -> ] [3 C:\ProgramData\*.tmp files -> C:\ProgramData\*.tmp -> ] [1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ] ========== Files - Modified Within 30 Days ========== [2010.07.09 12:28:47 | 002,359,296 | -HS- | M] () -- C:\Users\Tobi\NTUSER.DAT [2010.07.09 12:25:44 | 000,574,976 | ---- | M] (OldTimer Tools) -- C:\Users\Tobi\Desktop\OTL.exe [2010.07.09 10:58:48 | 000,014,800 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0 [2010.07.09 10:58:48 | 000,014,800 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0 [2010.07.09 10:56:32 | 001,527,504 | ---- | M] () -- C:\Windows\System32\PerfStringBackup.INI [2010.07.09 10:56:32 | 000,664,396 | ---- | M] () -- C:\Windows\System32\perfh007.dat [2010.07.09 10:56:32 | 000,624,578 | ---- | M] () -- C:\Windows\System32\perfh009.dat [2010.07.09 10:56:32 | 000,134,564 | ---- | M] () -- C:\Windows\System32\perfc007.dat [2010.07.09 10:56:32 | 000,110,216 | ---- | M] () -- C:\Windows\System32\perfc009.dat [2010.07.09 10:51:35 | 000,000,006 | -H-- | M] () -- C:\Windows\tasks\SA.DAT [2010.07.09 10:51:32 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat [2010.07.09 10:51:29 | 1609,949,184 | -HS- | M] () -- C:\hiberfil.sys [2010.07.09 10:50:22 | 002,979,020 | -H-- | M] () -- C:\Users\Tobi\AppData\Local\IconCache.db [2010.07.09 09:44:46 | 000,000,974 | ---- | M] () -- C:\Users\Public\Desktop\Malwarebytes' Anti-Malware.lnk [2010.07.08 23:40:56 | 000,218,808 | ---- | M] () -- C:\Windows\System32\PnkBstrB.xtr [2010.07.08 22:58:49 | 000,137,256 | ---- | M] () -- C:\Windows\System32\drivers\PnkBstrK.sys [2010.07.08 17:54:14 | 000,030,208 | ---- | M] () -- C:\Users\Tobi\Desktop\Ü-Natur.doc [2010.07.08 11:44:46 | 000,001,048 | ---- | M] () -- C:\Users\Public\Desktop\Winterberg Configurator.lnk [2010.07.08 11:20:56 | 000,556,772 | ---- | M] () -- C:\Users\Tobi\Desktop\WinterbergUpdater.exe [2010.07.08 09:34:02 | 000,016,400 | ---- | M] (Logitech, Inc.) -- C:\Windows\System32\drivers\LNonPnP.sys [2010.07.07 18:51:16 | 000,003,390 | ---- | M] () -- C:\Users\Tobi\Desktop\Ü-Natur.rtf [2010.07.07 09:44:10 | 000,043,520 | ---- | M] () -- C:\Windows\System32\CmdLineExt03.dll [2010.07.07 09:36:37 | 000,002,098 | ---- | M] () -- C:\Users\Tobi\Desktop\Logitech G-series Key Profiler.lnk [2010.07.07 09:36:32 | 000,000,000 | -H-- | M] () -- C:\Windows\System32\drivers\Msft_User_lgSSBW_01_00_00.Wdf [2010.07.07 09:36:28 | 000,000,000 | -H-- | M] () -- C:\Windows\System32\drivers\Msft_User_lgSSQVGA_01_00_00.Wdf [2010.07.07 09:36:26 | 000,002,081 | ---- | M] () -- C:\Users\Tobi\Desktop\Logitech LCD Manager.lnk [2010.07.07 09:20:11 | 000,001,779 | ---- | M] () -- C:\Users\Tobi\Desktop\Maus- und Tastatureinstellungen.lnk [2010.07.05 20:29:01 | 000,318,904 | ---- | M] (Microsoft Corporation) -- C:\Users\Tobi\Desktop\wmpfirefoxplugin.exe [2010.07.05 19:34:33 | 000,004,176 | ---- | M] () -- C:\Users\Tobi\Desktop\hilfeguru intro_mp4.AVD [2010.07.05 19:23:39 | 000,002,268 | ---- | M] () -- C:\Users\Tobi\Desktop\tutorial_ccleaner_avi.HDP [2010.07.05 16:40:14 | 000,400,472 | ---- | M] () -- C:\Users\Tobi\Desktop\Unbenannt.png [2010.07.05 13:28:59 | 000,230,657 | ---- | M] () -- C:\Users\Tobi\Desktop\kaka.png [2010.07.05 13:28:46 | 000,230,657 | ---- | M] () -- C:\Users\Tobi\Desktop\jgs_galerie_bild.php [2010.07.05 12:41:22 | 000,002,268 | ---- | M] () -- C:\Users\Tobi\Desktop\channelerklärung_avi.HDP [2010.07.05 12:37:04 | 001,514,549 | ---- | M] () -- C:\Users\Tobi\Desktop\hilfeguru intro.mp4 [2010.07.05 12:07:07 | 001,820,257 | ---- | M] () -- C:\Users\Tobi\Desktop\Phantom_FX_-_Mystic_Voices_www.rappers.in.mp3 [2010.07.05 12:05:10 | 006,420,761 | ---- | M] () -- C:\Users\Tobi\Desktop\AKZ-Beatz_-_Desques_www.rappers.in.mp3 [2010.07.05 11:46:25 | 000,003,633 | ---- | M] () -- C:\Users\Tobi\Desktop\fragezeichen.gif [2010.07.05 11:44:40 | 003,179,192 | ---- | M] () -- C:\Users\Tobi\Desktop\logo ohne fragezeichen.psd [2010.07.05 11:44:26 | 000,369,354 | ---- | M] () -- C:\Users\Tobi\Desktop\logo ohne fragezeichen.png [2010.07.05 11:43:53 | 000,377,773 | ---- | M] () -- C:\Users\Tobi\Desktop\logo full.png [2010.07.05 10:47:29 | 000,002,284 | ---- | M] () -- C:\Users\Tobi\Desktop\cc_20100705_104717.reg [2010.07.05 10:27:42 | 000,025,414 | ---- | M] () -- C:\Users\Tobi\avatar.png [2010.07.05 10:13:52 | 000,172,876 | ---- | M] () -- C:\Users\Tobi\kakaktest.jpg [2010.07.04 08:14:55 | 000,098,304 | ---- | M] (Sony DADC Austria AG.) -- C:\Windows\System32\CmdLineExt.dll [2010.06.29 09:58:17 | 000,239,104 | ---- | M] () -- C:\Users\Tobi\AppData\Local\GDIPFONTCACHEV1.DAT [2010.06.29 09:56:12 | 002,669,312 | ---- | M] () -- C:\Windows\System32\FNTCACHE.DAT [2010.06.29 07:27:14 | 000,000,330 | ---- | M] () -- C:\Windows\ULEAD32.INI [2010.06.12 17:55:08 | 000,138,056 | ---- | M] () -- C:\Users\Tobi\AppData\Roaming\PnkBstrK.sys [2010.06.12 17:54:33 | 002,434,856 | ---- | M] () -- C:\Windows\System32\pbsvc_bc2.exe [3 C:\ProgramData\*.tmp files -> C:\ProgramData\*.tmp -> ] [3 C:\ProgramData\*.tmp files -> C:\ProgramData\*.tmp -> ] [1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ] ========== Files Created - No Company Name ========== [2010.07.09 09:44:46 | 000,000,974 | ---- | C] () -- C:\Users\Public\Desktop\Malwarebytes' Anti-Malware.lnk [2010.07.08 17:54:13 | 000,030,208 | ---- | C] () -- C:\Users\Tobi\Desktop\Ü-Natur.doc [2010.07.08 11:44:46 | 000,001,048 | ---- | C] () -- C:\Users\Public\Desktop\Winterberg Configurator.lnk [2010.07.08 11:20:56 | 000,556,772 | ---- | C] () -- C:\Users\Tobi\Desktop\WinterbergUpdater.exe [2010.07.07 18:53:56 | 000,003,390 | ---- | C] () -- C:\Users\Tobi\Desktop\Ü-Natur.rtf [2010.07.07 09:36:37 | 000,002,098 | ---- | C] () -- C:\Users\Tobi\Desktop\Logitech G-series Key Profiler.lnk [2010.07.07 09:36:32 | 000,000,000 | -H-- | C] () -- C:\Windows\System32\drivers\Msft_User_lgSSBW_01_00_00.Wdf [2010.07.07 09:36:28 | 000,000,000 | -H-- | C] () -- C:\Windows\System32\drivers\Msft_User_lgSSQVGA_01_00_00.Wdf [2010.07.07 09:36:26 | 000,002,081 | ---- | C] () -- C:\Users\Tobi\Desktop\Logitech LCD Manager.lnk [2010.07.07 09:20:11 | 000,001,779 | ---- | C] () -- C:\Users\Tobi\Desktop\Maus- und Tastatureinstellungen.lnk [2010.07.05 19:34:28 | 000,004,176 | ---- | C] () -- C:\Users\Tobi\Desktop\hilfeguru intro_mp4.AVD [2010.07.05 16:40:13 | 000,400,472 | ---- | C] () -- C:\Users\Tobi\Desktop\Unbenannt.png [2010.07.05 13:28:58 | 000,230,657 | ---- | C] () -- C:\Users\Tobi\Desktop\kaka.png [2010.07.05 13:26:26 | 000,230,657 | ---- | C] () -- C:\Users\Tobi\Desktop\jgs_galerie_bild.php [2010.07.05 12:41:22 | 000,002,268 | ---- | C] () -- C:\Users\Tobi\Desktop\channelerklärung_avi.HDP [2010.07.05 12:36:37 | 001,514,549 | ---- | C] () -- C:\Users\Tobi\Desktop\hilfeguru intro.mp4 [2010.07.05 12:07:06 | 001,820,257 | ---- | C] () -- C:\Users\Tobi\Desktop\Phantom_FX_-_Mystic_Voices_www.rappers.in.mp3 [2010.07.05 12:05:03 | 006,420,761 | ---- | C] () -- C:\Users\Tobi\Desktop\AKZ-Beatz_-_Desques_www.rappers.in.mp3 [2010.07.05 11:47:10 | 000,002,268 | ---- | C] () -- C:\Users\Tobi\Desktop\tutorial_ccleaner_avi.HDP [2010.07.05 11:46:18 | 000,003,633 | ---- | C] () -- C:\Users\Tobi\Desktop\fragezeichen.gif [2010.07.05 11:44:20 | 000,369,354 | ---- | C] () -- C:\Users\Tobi\Desktop\logo ohne fragezeichen.png [2010.07.05 11:44:08 | 003,179,192 | ---- | C] () -- C:\Users\Tobi\Desktop\logo ohne fragezeichen.psd [2010.07.05 11:43:47 | 000,377,773 | ---- | C] () -- C:\Users\Tobi\Desktop\logo full.png [2010.07.05 10:47:21 | 000,002,284 | ---- | C] () -- C:\Users\Tobi\Desktop\cc_20100705_104717.reg [2010.07.05 10:27:41 | 000,025,414 | ---- | C] () -- C:\Users\Tobi\avatar.png [2010.07.05 10:13:52 | 000,172,876 | ---- | C] () -- C:\Users\Tobi\kakaktest.jpg [2010.07.04 09:43:57 | 000,043,520 | ---- | C] () -- C:\Windows\System32\CmdLineExt03.dll [2010.07.04 07:51:45 | 000,197,120 | ---- | C] () -- C:\Windows\patchw32.dll [2010.06.12 19:22:39 | 000,007,772 | ---- | C] () -- C:\Windows\System32\nvinfo.pb [2010.06.12 18:14:22 | 000,218,808 | ---- | C] () -- C:\Windows\System32\PnkBstrB.xtr [2010.06.12 17:54:33 | 002,434,856 | ---- | C] () -- C:\Windows\System32\pbsvc_bc2.exe [2010.05.30 15:55:37 | 000,137,256 | ---- | C] () -- C:\Windows\System32\drivers\PnkBstrK.sys [2010.05.21 13:40:17 | 000,000,330 | ---- | C] () -- C:\Windows\ULEAD32.INI [2010.05.18 07:37:24 | 000,007,256 | ---- | C] () -- C:\Windows\mgxoschk.ini [2010.05.14 08:25:34 | 000,120,200 | ---- | C] () -- C:\Windows\System32\DLLDEV32i.dll [2010.04.02 17:17:34 | 000,179,091 | ---- | C] () -- C:\Windows\System32\xlive.dll.cat [2009.07.14 01:51:43 | 000,073,728 | ---- | C] () -- C:\Windows\System32\BthpanContextHandler.dll [2009.07.14 01:42:10 | 000,064,000 | ---- | C] () -- C:\Windows\System32\BWContextHandler.dll [2005.02.05 21:46:00 | 000,004,608 | ---- | C] () -- C:\Windows\fgexec.dll ========== LOP Check ========== [2010.07.04 08:15:06 | 000,000,000 | ---D | M] -- C:\Users\Tobi\AppData\Roaming\Atari [2010.06.29 07:53:45 | 000,000,000 | ---D | M] -- C:\Users\Tobi\AppData\Roaming\bizarre creations [2010.07.06 17:28:21 | 000,000,000 | ---D | M] -- C:\Users\Tobi\AppData\Roaming\ICQ [2010.05.22 10:17:08 | 000,000,000 | ---D | M] -- C:\Users\Tobi\AppData\Roaming\Laconic Software [2010.06.01 21:24:54 | 000,000,000 | ---D | M] -- C:\Users\Tobi\AppData\Roaming\Leadertech [2010.05.14 08:31:32 | 000,000,000 | ---D | M] -- C:\Users\Tobi\AppData\Roaming\MAGIX [2010.07.06 23:02:07 | 000,000,000 | ---D | M] -- C:\Users\Tobi\AppData\Roaming\SA-MP Audio Plugin [2010.05.14 10:36:58 | 000,000,000 | ---D | M] -- C:\Users\Tobi\AppData\Roaming\Ulead Systems [2010.06.06 08:59:30 | 000,000,000 | ---D | M] -- C:\Users\Tobi\AppData\Roaming\WindSolutions [2010.06.05 19:20:57 | 000,000,000 | ---D | M] -- C:\Users\Tobi\AppData\Roaming\XnView [2009.07.14 06:53:46 | 000,030,868 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT ========== Purity Check ========== ========== Custom Scans ========== < %ALLUSERSPROFILE%\Application Data\*. > < %ALLUSERSPROFILE%\Application Data\*.exe /s > < %APPDATA%\*. > [2010.07.08 11:04:41 | 000,000,000 | ---D | M] -- C:\Users\Tobi\AppData\Roaming\Adobe [2010.06.06 10:03:18 | 000,000,000 | ---D | M] -- C:\Users\Tobi\AppData\Roaming\Apple Computer [2010.07.04 08:15:06 | 000,000,000 | ---D | M] -- C:\Users\Tobi\AppData\Roaming\Atari [2010.05.12 11:22:11 | 000,000,000 | ---D | M] -- C:\Users\Tobi\AppData\Roaming\Avira [2010.06.29 07:53:45 | 000,000,000 | ---D | M] -- C:\Users\Tobi\AppData\Roaming\bizarre creations [2010.07.05 11:18:01 | 000,000,000 | ---D | M] -- C:\Users\Tobi\AppData\Roaming\DivX [2010.05.30 17:16:48 | 000,000,000 | ---D | M] -- C:\Users\Tobi\AppData\Roaming\Hamachi [2010.07.06 17:28:21 | 000,000,000 | ---D | M] -- C:\Users\Tobi\AppData\Roaming\ICQ [2010.05.12 10:59:08 | 000,000,000 | ---D | M] -- C:\Users\Tobi\AppData\Roaming\Identities [2010.05.22 10:17:08 | 000,000,000 | ---D | M] -- C:\Users\Tobi\AppData\Roaming\Laconic Software [2010.06.01 21:24:54 | 000,000,000 | ---D | M] -- C:\Users\Tobi\AppData\Roaming\Leadertech [2010.06.01 21:23:09 | 000,000,000 | ---D | M] -- C:\Users\Tobi\AppData\Roaming\Logishrd [2010.06.01 21:24:57 | 000,000,000 | ---D | M] -- C:\Users\Tobi\AppData\Roaming\Logitech [2010.05.12 11:15:41 | 000,000,000 | ---D | M] -- C:\Users\Tobi\AppData\Roaming\Macromedia [2010.05.14 08:31:32 | 000,000,000 | ---D | M] -- C:\Users\Tobi\AppData\Roaming\MAGIX [2010.07.09 09:44:51 | 000,000,000 | ---D | M] -- C:\Users\Tobi\AppData\Roaming\Malwarebytes [2009.07.14 10:56:41 | 000,000,000 | ---D | M] -- C:\Users\Tobi\AppData\Roaming\Media Center Programs [2010.07.07 09:21:00 | 000,000,000 | --SD | M] -- C:\Users\Tobi\AppData\Roaming\Microsoft [2010.05.20 06:18:00 | 000,000,000 | ---D | M] -- C:\Users\Tobi\AppData\Roaming\Mozilla [2010.07.06 23:02:07 | 000,000,000 | ---D | M] -- C:\Users\Tobi\AppData\Roaming\SA-MP Audio Plugin [2010.05.23 10:20:04 | 000,000,000 | RH-D | M] -- C:\Users\Tobi\AppData\Roaming\SecuROM [2010.05.13 16:57:30 | 000,000,000 | ---D | M] -- C:\Users\Tobi\AppData\Roaming\teamspeak2 [2010.05.14 10:36:58 | 000,000,000 | ---D | M] -- C:\Users\Tobi\AppData\Roaming\Ulead Systems [2010.07.07 21:16:57 | 000,000,000 | ---D | M] -- C:\Users\Tobi\AppData\Roaming\vlc [2010.05.21 18:27:22 | 000,000,000 | ---D | M] -- C:\Users\Tobi\AppData\Roaming\Winamp [2010.06.06 08:59:30 | 000,000,000 | ---D | M] -- C:\Users\Tobi\AppData\Roaming\WindSolutions [2010.05.12 12:25:25 | 000,000,000 | ---D | M] -- C:\Users\Tobi\AppData\Roaming\WinRAR [2010.06.05 19:20:57 | 000,000,000 | ---D | M] -- C:\Users\Tobi\AppData\Roaming\XnView < %APPDATA%\*.exe /s > [2010.06.30 06:11:22 | 000,038,784 | ---- | M] () -- C:\Users\Tobi\AppData\Roaming\Macromedia\Flash Player\www.macromedia.com\bin\airappinstaller\airappinstaller.exe [2010.07.07 09:21:00 | 000,053,248 | R--- | M] (Acresso Software Inc.) -- C:\Users\Tobi\AppData\Roaming\Microsoft\Installer\{3EE9BCAE-E9A9-45E5-9B1C-83A4D357E05C}\ARPPRODUCTICON.exe < %SYSTEMDRIVE%\*.exe > < MD5 for: AGP440.SYS > [2010.04.13 20:24:48 | 017,814,872 | ---- | M] () .cab file -- C:\WINXP\Driver Cache\i386\sp3.cab:AGP440.sys [2009.07.14 03:26:15 | 000,053,312 | ---- | M] (Microsoft Corporation) MD5=507812C3054C21CEF746B6EE3D04DD6E -- C:\Windows\System32\drivers\AGP440.sys [2009.07.14 03:26:15 | 000,053,312 | ---- | M] (Microsoft Corporation) MD5=507812C3054C21CEF746B6EE3D04DD6E -- C:\Windows\System32\DriverStore\FileRepository\machine.inf_x86_neutral_65848c2d7375a720\AGP440.sys [2009.07.14 03:26:15 | 000,053,312 | ---- | M] (Microsoft Corporation) MD5=507812C3054C21CEF746B6EE3D04DD6E -- C:\Windows\winsxs\x86_machine.inf_31bf3856ad364e35_6.1.7600.16385_none_b9e9435f20046eeb\AGP440.sys < MD5 for: ATAPI.SYS > [2010.04.13 20:24:48 | 017,814,872 | ---- | M] () .cab file -- C:\WINXP\Driver Cache\i386\sp3.cab:atapi.sys [2009.07.14 03:26:15 | 000,021,584 | ---- | M] (Microsoft Corporation) MD5=338C86357871C167A96AB976519BF59E -- C:\Windows\System32\drivers\atapi.sys [2009.07.14 03:26:15 | 000,021,584 | ---- | M] (Microsoft Corporation) MD5=338C86357871C167A96AB976519BF59E -- C:\Windows\System32\DriverStore\FileRepository\mshdc.inf_x86_neutral_f64b9c35a3a5be81\atapi.sys [2009.07.14 03:26:15 | 000,021,584 | ---- | M] (Microsoft Corporation) MD5=338C86357871C167A96AB976519BF59E -- C:\Windows\winsxs\x86_mshdc.inf_31bf3856ad364e35_6.1.7600.16385_none_dd0e7e3d82dd640d\atapi.sys [2008.04.13 22:10:32 | 000,096,512 | ---- | M] (Microsoft Corporation) MD5=9F3A2F5AA6875C72BF062C712CFA2674 -- C:\WINXP\system32\dllcache\atapi.sys [2008.04.13 22:10:32 | 000,096,512 | ---- | M] (Microsoft Corporation) MD5=9F3A2F5AA6875C72BF062C712CFA2674 -- C:\WINXP\system32\drivers\atapi.sys [2008.04.14 11:00:00 | 000,096,512 | ---- | M] (Microsoft Corporation) MD5=9F3A2F5AA6875C72BF062C712CFA2674 -- C:\WINXP\system32\ReinstallBackups\0005\DriverFiles\i386\atapi.sys [2008.04.13 22:10:32 | 000,096,512 | ---- | M] (Microsoft Corporation) MD5=9F3A2F5AA6875C72BF062C712CFA2674 -- C:\WINXP\system32\ReinstallBackups\0006\DriverFiles\i386\atapi.sys < MD5 for: CNGAUDIT.DLL > [2009.07.14 03:15:06 | 000,012,288 | ---- | M] (Microsoft Corporation) MD5=50BA656134F78AF64E4DD3C8B6FEFD7E -- C:\Windows\System32\cngaudit.dll [2009.07.14 03:15:06 | 000,012,288 | ---- | M] (Microsoft Corporation) MD5=50BA656134F78AF64E4DD3C8B6FEFD7E -- C:\Windows\winsxs\x86_microsoft-windows-cngaudit-dll_31bf3856ad364e35_6.1.7600.16385_none_e83a414890e8132b\cngaudit.dll < MD5 for: EVENTLOG.DLL > [2008.04.14 11:00:00 | 000,056,320 | ---- | M] (Microsoft Corporation) MD5=04955AA695448C181B367D964AF158AA -- C:\WINXP\system32\dllcache\eventlog.dll [2008.04.14 11:00:00 | 000,056,320 | ---- | M] (Microsoft Corporation) MD5=04955AA695448C181B367D964AF158AA -- C:\WINXP\system32\eventlog.dll < MD5 for: IASTORV.SYS > [2009.07.14 03:20:36 | 000,332,352 | ---- | M] (Intel Corporation) MD5=934AF4D7C5F457B9F0743F4299B77B67 -- C:\Windows\System32\drivers\iaStorV.sys [2009.07.14 03:20:36 | 000,332,352 | ---- | M] (Intel Corporation) MD5=934AF4D7C5F457B9F0743F4299B77B67 -- C:\Windows\System32\DriverStore\FileRepository\iastorv.inf_x86_neutral_18cccb83b34e1453\iaStorV.sys [2009.07.14 03:20:36 | 000,332,352 | ---- | M] (Intel Corporation) MD5=934AF4D7C5F457B9F0743F4299B77B67 -- C:\Windows\winsxs\x86_iastorv.inf_31bf3856ad364e35_6.1.7600.16385_none_aee7a89be91b9000\iaStorV.sys < MD5 for: NETLOGON.DLL > [2008.04.14 11:00:00 | 000,407,040 | ---- | M] (Microsoft Corporation) MD5=0098D35F91DEAB9C127360A877F2CF84 -- C:\WINXP\system32\dllcache\netlogon.dll [2008.04.14 11:00:00 | 000,407,040 | ---- | M] (Microsoft Corporation) MD5=0098D35F91DEAB9C127360A877F2CF84 -- C:\WINXP\system32\netlogon.dll [2009.07.14 03:16:02 | 000,563,712 | ---- | M] (Microsoft Corporation) MD5=EAA75D9000B71F10EEC04D2AE6C60E81 -- C:\Windows\System32\netlogon.dll [2009.07.14 03:16:02 | 000,563,712 | ---- | M] (Microsoft Corporation) MD5=EAA75D9000B71F10EEC04D2AE6C60E81 -- C:\Windows\winsxs\x86_microsoft-windows-security-netlogon_31bf3856ad364e35_6.1.7600.16385_none_fd8e0d66994d7dc8\netlogon.dll < MD5 for: NVSTOR.SYS > [2009.07.14 03:20:44 | 000,142,416 | ---- | M] (NVIDIA Corporation) MD5=C99F251A5DE63C6F129CF71933ACED0F -- C:\Windows\System32\drivers\nvstor.sys [2009.07.14 03:20:44 | 000,142,416 | ---- | M] (NVIDIA Corporation) MD5=C99F251A5DE63C6F129CF71933ACED0F -- C:\Windows\System32\DriverStore\FileRepository\nvraid.inf_x86_neutral_5bde3fe2945bce9e\nvstor.sys [2009.07.14 03:20:44 | 000,142,416 | ---- | M] (NVIDIA Corporation) MD5=C99F251A5DE63C6F129CF71933ACED0F -- C:\Windows\winsxs\x86_nvraid.inf_31bf3856ad364e35_6.1.7600.16385_none_39b1194b205239d8\nvstor.sys < MD5 for: SCECLI.DLL > [2009.07.14 03:16:13 | 000,175,616 | ---- | M] (Microsoft Corporation) MD5=26073302DAEA83CC5B944C546D6B47D2 -- C:\Windows\System32\scecli.dll [2009.07.14 03:16:13 | 000,175,616 | ---- | M] (Microsoft Corporation) MD5=26073302DAEA83CC5B944C546D6B47D2 -- C:\Windows\winsxs\x86_microsoft-windows-s..urationengineclient_31bf3856ad364e35_6.1.7600.16385_none_37e4387f3a6f0483\scecli.dll [2008.04.14 11:00:00 | 000,187,904 | ---- | M] (Microsoft Corporation) MD5=5132443DF6FC3771A17AB4AE55DCBC28 -- C:\WINXP\system32\dllcache\scecli.dll [2008.04.14 11:00:00 | 000,187,904 | ---- | M] (Microsoft Corporation) MD5=5132443DF6FC3771A17AB4AE55DCBC28 -- C:\WINXP\system32\scecli.dll < MD5 for: USERINIT.EXE > [2009.07.14 03:14:43 | 000,026,112 | ---- | M] (Microsoft Corporation) MD5=6DE80F60D7DE9CE6B8C2DDFDF79EF175 -- C:\Windows\System32\userinit.exe [2009.07.14 03:14:43 | 000,026,112 | ---- | M] (Microsoft Corporation) MD5=6DE80F60D7DE9CE6B8C2DDFDF79EF175 -- C:\Windows\winsxs\x86_microsoft-windows-userinit_31bf3856ad364e35_6.1.7600.16385_none_dbff103933038d7c\userinit.exe [2008.04.14 11:00:00 | 000,026,624 | ---- | M] (Microsoft Corporation) MD5=788F95312E26389D596C0FA55834E106 -- C:\WINXP\system32\dllcache\userinit.exe [2008.04.14 11:00:00 | 000,026,624 | ---- | M] (Microsoft Corporation) MD5=788F95312E26389D596C0FA55834E106 -- C:\WINXP\system32\userinit.exe < MD5 for: WS2IFSL.SYS > [2008.04.14 11:00:00 | 000,012,032 | ---- | M] (Microsoft Corporation) MD5=6ABE6E225ADB5A751622A9CC3BC19CE8 -- C:\WINXP\system32\dllcache\ws2ifsl.sys [2008.04.14 11:00:00 | 000,012,032 | ---- | M] (Microsoft Corporation) MD5=6ABE6E225ADB5A751622A9CC3BC19CE8 -- C:\WINXP\system32\drivers\ws2ifsl.sys [2009.07.14 01:55:02 | 000,016,384 | ---- | M] (Microsoft Corporation) MD5=6DB3276587B853BF886B69528FDB048C -- C:\Windows\System32\drivers\ws2ifsl.sys [2009.07.14 01:55:02 | 000,016,384 | ---- | M] (Microsoft Corporation) MD5=6DB3276587B853BF886B69528FDB048C -- C:\Windows\winsxs\x86_microsoft-windows-w..rastructure-ws2ifsl_31bf3856ad364e35_6.1.7600.16385_none_4f5cf6f829213bb2\ws2ifsl.sys < %systemroot%\system32\drivers\*.sys /lockedfiles > < %systemroot%\System32\config\*.sav > < %systemroot%\*. /mp /s > < %systemroot%\system32\*.dll /lockedfiles > < End of report > und hier das Extras.txt: Code:
ATTFilter OTL Extras logfile created on: 09.07.2010 12:27:24 - Run 1
OTL by OldTimer - Version 3.2.8.1 Folder = C:\Users\Tobi\Desktop
Home Premium Edition (Version = 6.1.7600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.7600.16385)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
2,00 Gb Total Physical Memory | 1,00 Gb Available Physical Memory | 56,00% Memory free
4,00 Gb Paging File | 3,00 Gb Available in Paging File | 73,00% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 465,75 Gb Total Space | 267,06 Gb Free Space | 57,34% Space Free | Partition Type: NTFS
Drive D: | 5,40 Gb Total Space | 0,00 Gb Free Space | 0,00% Space Free | Partition Type: CDFS
E: Drive not present or media not loaded
F: Drive not present or media not loaded
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded
Computer Name: TOBI-PC
Current User Name: Tobi
Logged in as Administrator.
Current Boot Mode: Normal
Scan Mode: All users
Company Name Whitelist: Off
Skip Microsoft Files: Off
File Age = 30 Days
Output = Minimal
========== Extra Registry (SafeList) ==========
========== File Associations ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- C:\Windows\System32\control.exe (Microsoft Corporation)
.hlp [@ = hlpfile] -- C:\Windows\winhlp32.exe (Microsoft Corporation)
[HKEY_USERS\S-1-5-21-1922945757-944008615-1236141011-1001\SOFTWARE\Classes\<extension>]
.html [@ = FirefoxHTML] -- C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation)
========== Shell Spawning ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
hlpfile [open] -- %SystemRoot%\winhlp32.exe %1 (Microsoft Corporation)
htmlfile [edit] -- "C:\Program Files\Microsoft Office\Office12\msohtmed.exe" %1 (Microsoft Corporation)
htmlfile [print] -- "C:\Program Files\Microsoft Office\Office12\msohtmed.exe" /p %1 (Microsoft Corporation)
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l (Microsoft Corporation)
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [AddToPlaylistVLC] -- "C:\Program Files\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" ()
Directory [Betrachten mit XnView] -- "C:\Program Files\XnView\xnview.exe" "%1" (XnView, hxxp://www.xnview.com)
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [OneNote.Open] -- C:\PROGRA~2\MICROS~2\Office12\ONENOTE.EXE "%L" (Microsoft Corporation)
Directory [PlayWithVLC] -- "C:\Program Files\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" ()
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
========== Security Center Settings ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"VistaSp1" = Reg Error: Unknown registry data type -- File not found
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
========== Authorized Applications List ==========
========== HKEY_LOCAL_MACHINE Uninstall List ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"_{0C180787-F8C8-42FD-A9D3-689BA44BEAAF}" = Corel Painter Essentials 3
"{05308C4E-7285-4066-BAE3-6B50DA6ED755}" = Adobe Update Manager CS4
"{054EFA56-2AC1-48F4-A883-0AB89874B972}" = Adobe Extension Manager CS4
"{098727E1-775A-4450-B573-3F441F1CA243}" = kuler
"{098A2A49-7CF3-4F08-A38D-FB879117152A}" = Adobe Color NA Extra Settings CS4
"{0C180787-F8C8-42FD-A9D3-689BA44BEAAF}" = Corel Painter Essentials 3
"{0D6013AB-A0C7-41DC-973C-E93129C9A29F}" = Adobe Color JA Extra Settings CS4
"{0D67A4E4-5BE0-4C9A-8AD8-AB552B433F23}" = Adobe Setup
"{0DC0E85F-36E4-463B-B3EA-4CD8ED2222A1}" = Adobe Color EU Recommended Settings CS4
"{0F723FC1-7606-4867-866C-CE80AD292DAF}" = Adobe CSI CS4
"{109945A8-D8D5-48B8-B4A5-195D3F99B56D}" = Logitech GamePanel Software 3.04.143
"{11202615-E557-4ECF-9B86-F59C81E52909}" = FIFA 10
"{15803703-25FA-4C01-A062-3F4A59937E87}" = Ulead PhotoImpact X3
"{1618734A-3957-4ADD-8199-F973763109A8}" = Adobe Anchor Service CS4
"{16E16F01-2E2D-4248-A42F-76261C147B6C}" = Adobe Drive CS4
"{16E6D2C1-7C90-4309-8EC4-D2212690AAA4}" = AdobeColorCommonSetRGB
"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
"{26A24AE4-039D-4CA4-87B4-2F83216015FF}" = Java(TM) 6 Update 15
"{28BE306E-5DA6-4F9C-BDB0-DBA3C8C6FFFD}" = QuickTime
"{2C9EE786-1DDB-4C98-8FA4-B1B9B5A66B77}" = Microsoft Games for Windows - LIVE
"{2EA870FA-585F-4187-903D-CB9FFD21E2E0}" = DHTML Editing Component
"{35D94F92-1D3A-43C5-8605-EA268B1A7BD9}" = PDF Settings CS4
"{3A4E8896-C2E7-4084-A4A4-B8FD1894E739}" = Adobe XMP Panels CS4
"{3AC8457C-0385-4BEA-A959-E095F05D6D67}" = Battlefield: Bad Company™ 2
"{3C3901C5-3455-3E0A-A214-0B093A5070A6}" = Microsoft .NET Framework 4 Client Profile
"{3D2C9DE6-9ADE-4252-A241-E43723B0CE02}" = Adobe Color - Photoshop Specific CS4
"{3DA8DF9A-044E-46C4-8531-DEDBB0EE37FF}" = Adobe WinSoft Linguistics Plugin
"{3EE9BCAE-E9A9-45E5-9B1C-83A4D357E05C}" = eReg
"{4943EFF5-229F-435D-BEA9-BE3CAEA783A7}" = Adobe Service Manager Extension
"{4AFE5366-6502-4760-9858-2C113578655B}_is1" = WEM Confi 7.12
"{4E902D60-0C4B-42DD-8914-B7FA1A034C93}_is1" = Blur
"{5454083B-1308-4485-BF17-111000028701}" = Grand Theft Auto: Episodes from Liberty City
"{5EE7D259-D137-4438-9A5F-42F432EC0421}" = VC80CRTRedist - 8.0.50727.4053
"{61B8B2F9-D8DA-4B24-89A9-DB09F38A4899}" = Grand Theft Auto: Episodes From Liberty City
"{63C24A08-70F3-4C8E-B9FB-9F21A903801D}" = Adobe Color Video Profiles CS CS4
"{63E5CDBF-8214-4F03-84F8-CD3CE48639AD}" = Adobe Photoshop CS4 Support
"{67F0E67A-8E93-4C2C-B29D-47C48262738A}" = Adobe Device Central CS4
"{68243FF8-83CA-466B-B2B8-9F99DA5479C4}" = AdobeColorCommonSetCMYK
"{69FDFBB6-351D-4B8C-89D8-867DC9D0A2A4}" = Windows Media Player Firefox Plugin
"{71BFC818-0CED-42D6-9C87-5142918957EE}" = ICQ7.1
"{7AB3A249-FB81-416B-917A-A2A10E74C503}" = iTunes
"{820D3F45-F6EE-4AAF-81EF-CE21FF21D230}" = Adobe Type Support CS4
"{837b34e3-7c30-493c-8f6a-2b0f04e2912c}" = Microsoft Visual C++ 2005 Redistributable
"{83877DB1-8B77-45BC-AB43-2BAC22E093E0}" = Adobe Bridge CS4
"{842B4B72-9E8F-4962-B3C1-1C422A5C4434}" = Suite Shared Configuration CS4
"{8AF3E926-ED59-11D4-A44B-0000E86D2305}" = Ulead GIF Animator 5 Test
"{8FB1B528-E260-451E-9B55-E9152F94B80B}" = Microsoft Games for Windows - LIVE Redistributable
"{90120000-0015-0407-0000-0000000FF1CE}" = Microsoft Office Access MUI (German) 2007
"{90120000-0016-0407-0000-0000000FF1CE}" = Microsoft Office Excel MUI (German) 2007
"{90120000-0018-0407-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (German) 2007
"{90120000-0019-0407-0000-0000000FF1CE}" = Microsoft Office Publisher MUI (German) 2007
"{90120000-001A-0407-0000-0000000FF1CE}" = Microsoft Office Outlook MUI (German) 2007
"{90120000-001B-0407-0000-0000000FF1CE}" = Microsoft Office Word MUI (German) 2007
"{90120000-001F-0407-0000-0000000FF1CE}" = Microsoft Office Proof (German) 2007
"{90120000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2007
"{90120000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2007
"{90120000-001F-0410-0000-0000000FF1CE}" = Microsoft Office Proof (Italian) 2007
"{90120000-002C-0407-0000-0000000FF1CE}" = Microsoft Office Proofing (German) 2007
"{90120000-0030-0000-0000-0000000FF1CE}" = Microsoft Office Enterprise 2007
"{90120000-0044-0407-0000-0000000FF1CE}" = Microsoft Office InfoPath MUI (German) 2007
"{90120000-006E-0407-0000-0000000FF1CE}" = Microsoft Office Shared MUI (German) 2007
"{90120000-00A1-0407-0000-0000000FF1CE}" = Microsoft Office OneNote MUI (German) 2007
"{90120000-00BA-0407-0000-0000000FF1CE}" = Microsoft Office Groove MUI (German) 2007
"{907B4640-266B-4A21-92FB-CD1A86CD0F63}" = RollerCoaster Tycoon 3
"{931AB7EA-3656-4BB7-864D-022B09E3DD67}" = Adobe Linguistics CS4
"{94D398EB-D2FD-4FD1-B8C4-592635E8A191}" = Adobe CMaps CS4
"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
"{A2BCA9F1-566C-4805-97D1-7FDC93386723}" = Adobe AIR
"{A49F249F-0C91-497F-86DF-B2585E8E76B7}" = Microsoft Visual C++ 2005 Redistributable
"{AC76BA86-7AD7-1031-7B44-A93000000001}" = Adobe Reader 9.3.3 - Deutsch
"{B29AD377-CC12-490A-A480-1452337C618D}" = Connect
"{B65BA85C-0A27-4BC0-A22D-A66F0E5B9494}" = Adobe Photoshop CS4
"{BB4E33EC-8181-4685-96F7-8554293DEC6A}" = Adobe Output Module
"{C41300B9-185D-475E-BFEC-39EF732F19B1}" = Apple Software Update
"{C52E3EC1-048C-45E1-8D53-10B0C6509683}" = Adobe Default Language CS4
"{CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}" = Microsoft .NET Framework 1.1
"{CC75AB5C-2110-4A7F-AF52-708680D22FE8}" = Photoshop Camera Raw
"{D5A9DA4B-E4F9-FB49-017D-769FC540F1F0}" = EA Download Manager UI
"{DEA314C4-0929-4250-BC92-98E4C105F28D}" = NVIDIA PhysX
"{E4848436-0345-47E2-B648-8B522FCDA623}" = Adobe Photoshop CS4
"{EA926717-CE5A-4CB4-AB21-9E6E9565A458}" = RCT3 Soaked
"{EDA12670-56B5-4459-BA21-D010F0E3EBA1}" = Emergency 4 Deluxe
"{F0E64E2E-3A60-40D8-A55D-92F6831875DA}" = Adobe Search for Help
"{F750C986-5310-3A5A-95F8-4EC71C8AC01C}" = Microsoft .NET Framework 4 Client Profile DEU Language Pack
"{F8EF2B3F-C345-4F20-8FE4-791A20333CD5}" = Adobe ExtendScript Toolkit CS4
"{F93C84A6-0DC6-42AF-89FA-776F7C377353}" = Adobe PDF Library Files CS4
"{FCDD51BB-CAD0-4BB1-B7DF-CE86D1032794}" = Adobe Fonts All
"7-Zip" = 7-Zip 4.65
"AC3Filter_is1" = AC3Filter 1.63b
"Adobe AIR" = Adobe AIR
"Adobe Flash Player ActiveX" = Adobe Flash Player 10 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 10 Plugin
"Adobe_faf656ef605427ee2f42989c3ad31b8" = Adobe Photoshop CS4
"Avira AntiVir Desktop" = Avira AntiVir Personal - Free Antivirus
"CamStudio" = CamStudio
"CCleaner" = CCleaner
"com.ea.Vault.919CACB699904AC5D41B606703500DD39747C02D.1" = EA Download Manager UI
"DivX Setup.divx.com" = DivX-Setup
"EA Download Manager" = EA Download Manager
"ENTERPRISE" = Microsoft Office Enterprise 2007
"Fraps" = Fraps (remove only)
"Free Fire Screensaver" = Free Fire Screensaver
"Free YouTube to MP3 Converter_is1" = Free YouTube to MP3 Converter version 3.3
"Game Booster_is1" = Game Booster
"HijackThis" = HijackThis 2.0.2
"InstallShield_{15803703-25FA-4C01-A062-3F4A59937E87}" = Ulead PhotoImpact X3
"JDownloader" = JDownloader
"Just Cause 2_is1" = Just Cause 2
"MAGIX 3D Maker D" = MAGIX 3D Maker (embeded)
"MAGIX Screenshare D" = MAGIX Screenshare
"MAGIX Video deluxe 16 Plus Download-Version D" = MAGIX Video deluxe 16 Plus Download-Version 9.0.0.55 (D)
"Malwarebytes' Anti-Malware_is1" = Malwarebytes' Anti-Malware
"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile
"Microsoft .NET Framework 4 Client Profile DEU Language Pack" = Microsoft .NET Framework 4 Client Profile DEU Language Pack
"Mozilla Firefox (3.6.6)" = Mozilla Firefox (3.6.6)
"NVIDIA Display Control Panel" = NVIDIA Display Control Panel
"NVIDIA Drivers" = NVIDIA Drivers
"NVIDIAStereo" = NVIDIA Stereoscopic 3D Driver
"Orb" = Winamp Remote
"PunkBusterSvc" = PunkBuster Services
"San Andreas Mod Installer1.1" = San Andreas Mod Installer
"SP6" = Logitech SetPoint 6.1
"Teamspeak 2 RC2_is1" = TeamSpeak 2 RC2
"Uninstall_is1" = Uninstall 1.0.0.1
"VirtualCloneDrive" = VirtualCloneDrive
"VLC media player" = VLC media player 1.0.5
"Winamp" = Winamp
"WinRAR archiver" = WinRAR
"XnView_is1" = XnView 1.97.4
========== HKEY_USERS Uninstall List ==========
[HKEY_USERS\S-1-5-21-1922945757-944008615-1236141011-1001\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"Winamp Detect" = Winamp Anwendungserkennung
========== Last 10 Event Log Errors ==========
[ Application Events ]
Error - 07.07.2010 08:42:16 | Computer Name = Tobi-PC | Source = Application Hang | ID = 1002
Description = Programm Em4Deluxe.exe, Version 0.0.0.0 kann nicht mehr unter Windows
ausgeführt werden und wurde beendet. Überprüfen Sie den Problemverlauf in der Wartungscenter-Systemsteuerung,
um nach weiteren Informationen zum Problem zu suchen. Prozess-ID: 16ec Startzeit:
01cb1dd141a5d93c Endzeit: 230 Anwendungspfad: C:\Program Files\sixteen tons entertainment\Emergency
4 Deluxe\Em4Deluxe.exe Berichts-ID:
Error - 07.07.2010 09:26:56 | Computer Name = Tobi-PC | Source = Application Hang | ID = 1002
Description = Programm Em4Deluxe.exe, Version 0.0.0.0 kann nicht mehr unter Windows
ausgeführt werden und wurde beendet. Überprüfen Sie den Problemverlauf in der Wartungscenter-Systemsteuerung,
um nach weiteren Informationen zum Problem zu suchen. Prozess-ID: 1724 Startzeit:
01cb1dd2413fbc87 Endzeit: 323 Anwendungspfad: C:\Program Files\sixteen tons entertainment\Emergency
4 Deluxe\Em4Deluxe.exe Berichts-ID: 3324bc10-89cb-11df-8810-001d92f42d63
Error - 07.07.2010 13:18:58 | Computer Name = Tobi-PC | Source = SideBySide | ID = 16842815
Description = Fehler beim Generieren des Aktivierungskontextes für "c:\Program Files\Common
Files\Adobe AIR\Versions\1.0\Adobe AIR.dll". Fehler in Manifest- oder Richtliniendatei
"c:\Program Files\Common Files\Adobe AIR\Versions\1.0\Adobe AIR.dll" in Zeile 3.
Der
Wert "MAJOR_VERSION.MINOR_VERSION.BUILD_NUMBER_MAJOR.BUILD_NUMBER_MINOR" des "version"-Attributs
im assemblyIdentity-Element ist ungültig.
Error - 07.07.2010 13:39:35 | Computer Name = Tobi-PC | Source = SideBySide | ID = 16842815
Description = Fehler beim Generieren des Aktivierungskontextes für "c:\Program Files\Common
Files\Adobe AIR\Versions\1.0\Adobe AIR.dll". Fehler in Manifest- oder Richtliniendatei
"c:\Program Files\Common Files\Adobe AIR\Versions\1.0\Adobe AIR.dll" in Zeile 3.
Der
Wert "MAJOR_VERSION.MINOR_VERSION.BUILD_NUMBER_MAJOR.BUILD_NUMBER_MINOR" des "version"-Attributs
im assemblyIdentity-Element ist ungültig.
Error - 08.07.2010 01:25:26 | Computer Name = Tobi-PC | Source = Customer Experience Improvement Program | ID = 1008
Description =
Error - 08.07.2010 08:37:50 | Computer Name = Tobi-PC | Source = Application Hang | ID = 1002
Description = Programm Em4Deluxe.exe, Version 0.0.0.0 kann nicht mehr unter Windows
ausgeführt werden und wurde beendet. Überprüfen Sie den Problemverlauf in der Wartungscenter-Systemsteuerung,
um nach weiteren Informationen zum Problem zu suchen. Prozess-ID: 1734 Startzeit:
01cb1e8965c1542a Endzeit: 506 Anwendungspfad: C:\Program Files\sixteen tons entertainment\Emergency
4 Deluxe\Em4Deluxe.exe Berichts-ID: 77931130-8a8d-11df-978d-001d92f42d63
Error - 09.07.2010 03:32:01 | Computer Name = Tobi-PC | Source = Application Error | ID = 1000
Description = Name der fehlerhaften Anwendung: DllHost.exe, Version: 6.1.7600.16385,
Zeitstempel: 0x4a5bc6b7 Name des fehlerhaften Moduls: unknown, Version: 0.0.0.0,
Zeitstempel: 0x00000000 Ausnahmecode: 0xc0000005 Fehleroffset: 0x005d467b ID des fehlerhaften
Prozesses: 0xb88 Startzeit der fehlerhaften Anwendung: 0x01cb1f38cff04cc1 Pfad der
fehlerhaften Anwendung: C:\Windows\system32\DllHost.exe Pfad des fehlerhaften Moduls:
unknown Berichtskennung: 0fad491e-8b2c-11df-a5aa-001d92f42d63
Error - 09.07.2010 03:33:41 | Computer Name = Tobi-PC | Source = Application Error | ID = 1000
Description = Name der fehlerhaften Anwendung: DllHost.exe, Version: 6.1.7600.16385,
Zeitstempel: 0x4a5bc6b7 Name des fehlerhaften Moduls: unknown, Version: 0.0.0.0,
Zeitstempel: 0x00000000 Ausnahmecode: 0xc0000005 Fehleroffset: 0x005c441b ID des fehlerhaften
Prozesses: 0xb54 Startzeit der fehlerhaften Anwendung: 0x01cb1f390b73100e Pfad der
fehlerhaften Anwendung: C:\Windows\system32\DllHost.exe Pfad des fehlerhaften Moduls:
unknown Berichtskennung: 4b2dab0b-8b2c-11df-8554-001d92f42d63
Error - 09.07.2010 03:45:06 | Computer Name = Tobi-PC | Source = Application Error | ID = 1000
Description = Name der fehlerhaften Anwendung: mbam146-setup.tmp, Version: 51.52.0.0,
Zeitstempel: 0x2a425e19 Name des fehlerhaften Moduls: shfolder.dll_unloaded, Version:
0.0.0.0, Zeitstempel: 0x4a5bdb02 Ausnahmecode: 0xc0000005 Fehleroffset: 0x6e7513ac
ID
des fehlerhaften Prozesses: 0xf2c Startzeit der fehlerhaften Anwendung: 0x01cb1f3a91556a4c
Pfad
der fehlerhaften Anwendung: C:\Users\Tobi\AppData\Local\Temp\is-VSNPV.tmp\mbam146-setup.tmp
Pfad
des fehlerhaften Moduls: shfolder.dll Berichtskennung: e372b5a3-8b2d-11df-8554-001d92f42d63
Error - 09.07.2010 04:46:22 | Computer Name = Tobi-PC | Source = Application Error | ID = 1000
Description = Name der fehlerhaften Anwendung: NOTEPAD.EXE, Version: 6.1.7600.16385,
Zeitstempel: 0x4a5bc60f Name des fehlerhaften Moduls: unknown, Version: 0.0.0.0,
Zeitstempel: 0x00000000 Ausnahmecode: 0xc0000005 Fehleroffset: 0x10531ad0 ID des fehlerhaften
Prozesses: 0x9cc Startzeit der fehlerhaften Anwendung: 0x01cb1f43339603ce Pfad der
fehlerhaften Anwendung: C:\Windows\system32\NOTEPAD.EXE Pfad des fehlerhaften Moduls:
unknown Berichtskennung: 72abf7a2-8b36-11df-8554-001d92f42d63
[ System Events ]
Error - 09.07.2010 04:50:41 | Computer Name = Tobi-PC | Source = Service Control Manager | ID = 7016
Description = Der Dienst "NVIDIA Stereoscopic 3D Driver Service" hat einen ungültigen
aktuellen Status gemeldet: 0
Error - 09.07.2010 04:51:52 | Computer Name = Tobi-PC | Source = PNRPSvc | ID = 102
Description =
Error - 09.07.2010 04:51:52 | Computer Name = Tobi-PC | Source = Service Control Manager | ID = 7001
Description = Der Dienst "Peernetzwerk-Gruppenzuordnung" ist vom Dienst "Peer Name
Resolution-Protokoll" abhängig, der aufgrund folgenden Fehlers nicht gestartet
wurde: %%-2140993535
Error - 09.07.2010 04:51:52 | Computer Name = Tobi-PC | Source = Service Control Manager | ID = 7023
Description = Der Dienst "Peer Name Resolution-Protokoll" wurde mit folgendem Fehler
beendet: %%-2140993535
Error - 09.07.2010 04:52:02 | Computer Name = Tobi-PC | Source = PNRPSvc | ID = 102
Description =
Error - 09.07.2010 04:52:02 | Computer Name = Tobi-PC | Source = PNRPSvc | ID = 102
Description =
Error - 09.07.2010 04:52:02 | Computer Name = Tobi-PC | Source = Service Control Manager | ID = 7023
Description = Der Dienst "Peer Name Resolution-Protokoll" wurde mit folgendem Fehler
beendet: %%-2140993535
Error - 09.07.2010 04:52:02 | Computer Name = Tobi-PC | Source = Service Control Manager | ID = 7001
Description = Der Dienst "Peernetzwerk-Gruppenzuordnung" ist vom Dienst "Peer Name
Resolution-Protokoll" abhängig, der aufgrund folgenden Fehlers nicht gestartet
wurde: %%-2140993535
Error - 09.07.2010 04:52:02 | Computer Name = Tobi-PC | Source = Service Control Manager | ID = 7023
Description = Der Dienst "Peer Name Resolution-Protokoll" wurde mit folgendem Fehler
beendet: %%-2140993535
Error - 09.07.2010 04:52:02 | Computer Name = Tobi-PC | Source = Service Control Manager | ID = 7001
Description = Der Dienst "Peernetzwerk-Gruppenzuordnung" ist vom Dienst "Peer Name
Resolution-Protokoll" abhängig, der aufgrund folgenden Fehlers nicht gestartet
wurde: %%-2140993535
< End of report >
|
|
09.07.2010, 12:56
| #5 |
| /// Malware-holic | Malware gefunden seltsame Meldungen bitte erstelle und poste ein combofix log. Ein Leitfaden und Tutorium zur Nutzung von ComboFix |
|
09.07.2010, 13:14
| #6 |
| | Malware gefunden seltsame Meldungen Alles klar hier hasste das Log: Code:
ATTFilter ComboFix 10-07-08.02 - Tobi 09.07.2010 14:05:48.1.2 - x86
Microsoft Windows 7 Home Premium 6.1.7600.0.1252.49.1031.18.2047.1167 [GMT 2:00]
ausgeführt von:: c:\users\Tobi\Desktop\ComboFix.exe
.
(((((((((((((((((((((((((((((((((((( Weitere Löschungen ))))))))))))))))))))))))))))))))))))))))))))))))
.
c:\users\Tobi\MozBackup-1.4.9_DE.exe
.
((((((((((((((((((((((( Dateien erstellt von 2010-06-09 bis 2010-07-09 ))))))))))))))))))))))))))))))
.
2010-07-09 07:44 . 2010-07-09 07:44 -------- d-----w- c:\users\Tobi\AppData\Roaming\Malwarebytes
2010-07-09 07:44 . 2010-04-29 13:39 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2010-07-09 07:44 . 2010-07-09 07:44 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2010-07-09 07:44 . 2010-07-09 07:44 -------- d-----w- c:\programdata\Malwarebytes
2010-07-09 07:44 . 2010-04-29 13:39 20952 ----a-w- c:\windows\system32\drivers\mbam.sys
2010-07-08 09:44 . 2010-07-08 09:44 -------- d-----w- c:\program files\Winterberg Configurator
2010-07-08 07:34 . 2010-07-08 07:34 16400 ----a-w- c:\windows\system32\drivers\LNonPnP.sys
2010-07-08 05:49 . 2010-01-22 07:12 7680 ----a-w- c:\windows\system32\CIRCoInst.dll
2010-07-08 05:49 . 2010-01-22 04:23 86016 ----a-w- c:\windows\system32\drivers\usbcir.sys
2010-07-07 11:52 . 2010-07-07 11:52 -------- d-----w- c:\users\Tobi\AppData\Local\Winterberg-Modifkation_fü
2010-07-07 07:36 . 2010-07-07 07:36 -------- d-----w- c:\users\Tobi\AppData\Local\Logitech
2010-07-07 07:36 . 2010-07-07 07:36 -------- d-----w- c:\programdata\Logitech
2010-07-07 07:36 . 2010-07-07 07:36 -------- d-----w- c:\program files\Logitech
2010-07-07 07:24 . 2010-07-07 07:24 -------- d-----w- c:\program files\Common Files\Wise Installation Wizard
2010-07-07 07:21 . 2010-07-07 07:21 53248 ----a-r- c:\users\Tobi\AppData\Roaming\Microsoft\Installer\{3EE9BCAE-E9A9-45E5-9B1C-83A4D357E05C}\ARPPRODUCTICON.exe
2010-07-07 07:20 . 2010-07-07 07:20 -------- d-----w- c:\program files\SetPointG
2010-07-07 07:20 . 2010-07-07 07:20 -------- d-----w- c:\program files\SetPointP
2010-07-05 08:33 . 2010-07-05 08:38 -------- d-----w- c:\program files\CamStudio
2010-07-04 07:43 . 2010-07-07 07:44 43520 ----a-w- c:\windows\system32\CmdLineExt03.dll
2010-07-04 06:15 . 2010-07-04 06:15 -------- d-----w- c:\users\Tobi\AppData\Roaming\Atari
2010-07-04 06:14 . 2010-07-04 06:14 98304 ----a-w- c:\windows\system32\CmdLineExt.dll
2010-07-04 05:51 . 2002-02-27 16:50 197120 ----a-w- c:\windows\patchw32.dll
2010-07-04 05:51 . 2010-07-04 05:51 -------- d-----w- c:\program files\Common Files\PocketSoft
2010-07-04 05:48 . 2010-07-04 05:48 -------- d-----w- c:\program files\Atari
2010-07-04 05:47 . 2010-07-04 05:47 -------- d-----w- c:\program files\Common Files\InstallShield
2010-07-04 05:45 . 2006-12-25 21:38 -------- d-----w- c:\users\Tobi\RCT3_Soaked_German
2010-07-01 10:32 . 2010-07-01 10:32 -------- d-----w- c:\users\Tobi\AppData\Local\ElevatedDiagnostics
2010-06-29 08:32 . 2010-06-30 04:42 -------- d-----w- c:\programdata\Electronic Arts
2010-06-29 08:01 . 2010-06-29 08:01 -------- d-----w- c:\program files\EA Sports
2010-06-29 05:55 . 2010-06-29 06:07 -------- d-----w- c:\program files\Blur
2010-06-29 05:53 . 2010-06-29 05:53 -------- d-----w- c:\users\Tobi\AppData\Roaming\bizarre creations
2010-06-29 05:30 . 2010-06-29 05:30 -------- d-----w- C:\Program Files (x86)
2010-06-26 13:08 . 2009-11-25 10:47 99176 ----a-w- c:\windows\system32\PresentationHostProxy.dll
2010-06-26 13:08 . 2009-11-25 10:47 49472 ----a-w- c:\windows\system32\netfxperf.dll
2010-06-26 13:08 . 2009-11-25 10:47 297808 ----a-w- c:\windows\system32\mscoree.dll
2010-06-26 13:08 . 2009-11-25 10:47 295264 ----a-w- c:\windows\system32\PresentationHost.exe
2010-06-26 13:08 . 2009-11-25 10:47 1130824 ----a-w- c:\windows\system32\dfshim.dll
2010-06-26 07:35 . 2010-06-26 07:35 -------- d-----w- c:\users\Tobi\AppData\Local\Downloaded Installations
2010-06-26 05:43 . 2010-06-26 05:43 -------- d-----w- c:\program files\iPod
2010-06-26 05:43 . 2010-06-26 05:43 -------- d-----w- c:\program files\iTunes
2010-06-26 05:39 . 2010-06-26 05:39 72504 ----a-w- c:\programdata\Apple Computer\Installer Cache\iTunes 9.2.0.61\SetupAdmin.exe
2010-06-26 05:07 . 2010-03-24 06:37 1286456 ----a-w- c:\windows\system32\ntdll.dll
2010-06-26 05:07 . 2010-05-09 09:14 641536 ----a-w- c:\windows\system32\CPFilters.dll
2010-06-26 05:07 . 2010-05-09 09:14 417792 ----a-w- c:\windows\system32\msdri.dll
2010-06-19 16:38 . 2010-07-05 10:59 -------- d-----w- c:\users\Tobi\muscke
2010-06-19 16:36 . 2010-06-19 16:36 -------- d-----w- c:\program files\7-Zip
2010-06-12 17:24 . 2010-07-09 08:51 -------- d-----w- c:\programdata\NVIDIA
2010-06-12 16:10 . 2010-06-12 16:10 -------- d-----w- c:\users\Tobi\AppData\Local\PunkBuster
2010-06-12 15:54 . 2010-06-12 15:54 2434856 ----a-w- c:\windows\system32\pbsvc_bc2.exe
2010-06-12 15:41 . 2010-06-29 08:31 -------- d-----w- c:\program files\Electronic Arts
2010-06-11 12:05 . 2010-05-01 14:49 2326528 ----a-w- c:\windows\system32\win32k.sys
2010-06-11 12:05 . 2010-03-05 07:42 67584 ----a-w- c:\windows\system32\asycfilt.dll
2010-06-11 12:05 . 2010-05-21 05:18 977920 ----a-w- c:\windows\system32\wininet.dll
2010-06-11 12:05 . 2010-05-27 07:24 34304 ----a-w- c:\windows\system32\atmlib.dll
2010-06-11 12:05 . 2010-05-27 03:49 293888 ----a-w- c:\windows\system32\atmfd.dll
.
(((((((((((((((((((((((((((((((((((( Find3M Bericht ))))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-07-09 11:25 . 2010-05-30 13:55 218808 ----a-w- c:\windows\system32\PnkBstrB.exe
2010-07-09 10:52 . 2010-05-30 13:55 137256 ----a-w- c:\windows\system32\drivers\PnkBstrK.sys
2010-07-09 08:56 . 2009-07-14 08:47 664396 ----a-w- c:\windows\system32\perfh007.dat
2010-07-09 08:56 . 2009-07-14 08:47 134564 ----a-w- c:\windows\system32\perfc007.dat
2010-07-07 19:16 . 2010-05-13 18:45 -------- d-----w- c:\users\Tobi\AppData\Roaming\vlc
2010-07-07 11:30 . 2010-05-12 09:53 -------- d--h--w- c:\program files\InstallShield Installation Information
2010-07-07 10:15 . 2010-05-12 09:56 -------- d-----w- c:\program files\JDownloader
2010-07-07 07:36 . 2010-07-07 07:36 0 ---ha-w- c:\windows\system32\drivers\Msft_User_lgSSBW_01_00_00.Wdf
2010-07-07 07:36 . 2010-07-07 07:36 0 ---ha-w- c:\windows\system32\drivers\Msft_User_lgSSQVGA_01_00_00.Wdf
2010-07-07 07:20 . 2010-06-01 19:23 -------- d-----w- c:\program files\Common Files\LogiShrd
2010-07-07 07:20 . 2010-06-01 19:23 -------- d-----w- c:\programdata\Logishrd
2010-07-06 21:02 . 2010-05-18 10:02 -------- d-----w- c:\users\Tobi\AppData\Roaming\SA-MP Audio Plugin
2010-07-06 15:28 . 2010-05-12 09:53 -------- d-----w- c:\users\Tobi\AppData\Roaming\ICQ
2010-07-05 09:18 . 2010-05-12 10:35 -------- d-----w- c:\users\Tobi\AppData\Roaming\DivX
2010-06-30 04:42 . 2010-05-14 07:42 -------- d-----w- c:\program files\Common Files\Adobe AIR
2010-06-30 04:11 . 2010-05-14 07:43 38784 ----a-w- c:\users\Tobi\AppData\Roaming\Macromedia\Flash Player\www.macromedia.com\bin\airappinstaller\airappinstaller.exe
2010-06-30 04:11 . 2010-05-14 07:43 38784 ----a-w- c:\users\Default\AppData\Roaming\Macromedia\Flash Player\www.macromedia.com\bin\airappinstaller\airappinstaller.exe
2010-06-29 07:58 . 2010-05-12 09:12 239104 ----a-w- c:\users\Tobi\AppData\Local\GDIPFONTCACHEV1.DAT
2010-06-29 05:38 . 2010-05-12 09:53 -------- d-----w- c:\program files\ICQ7.1
2010-06-29 05:26 . 2010-05-15 17:20 -------- d-----w- c:\program files\MTA San Andreas
2010-06-29 05:24 . 2010-06-06 06:59 -------- d-----w- c:\program files\Common Files\Apple
2010-06-26 13:09 . 2010-05-14 06:32 -------- d-----w- c:\program files\Microsoft.NET
2010-06-19 11:49 . 2010-05-13 14:09 1127240 ----a-w- c:\programdata\Microsoft\eHome\Packages\MCESpotlight\MCESpotlight\SpotlightResources.dll
2010-06-12 17:24 . 2010-05-22 08:19 -------- d-----w- c:\program files\NVIDIA Corporation
2010-06-12 16:10 . 2010-05-30 13:55 75064 ----a-w- c:\windows\system32\PnkBstrA.exe
2010-06-12 15:55 . 2010-05-30 13:55 138056 ----a-w- c:\users\Tobi\AppData\Roaming\PnkBstrK.sys
2010-06-12 15:55 . 2010-05-30 13:55 138056 ----a-w- c:\users\Tobi\AppData\Roaming\PnkBstrK.sys
2010-06-06 09:12 . 2010-06-06 09:12 -------- d-----w- c:\program files\AC3Filter
2010-06-06 08:03 . 2010-06-06 07:02 -------- d-----w- c:\users\Tobi\AppData\Roaming\Apple Computer
2010-06-06 07:02 . 2010-06-06 07:01 -------- d-----w- c:\programdata\{429CAD59-35B1-4DBC-BB6D-1DB246563521}
2010-06-06 07:01 . 2010-06-06 07:00 -------- d-----w- c:\programdata\Apple Computer
2010-06-06 07:00 . 2010-06-06 07:00 -------- d-----w- c:\program files\QuickTime
2010-06-06 07:00 . 2010-06-06 07:00 -------- d-----w- c:\program files\Apple Software Update
2010-06-06 06:59 . 2010-06-06 06:59 -------- d-----w- c:\programdata\Apple
2010-06-06 06:59 . 2010-06-06 06:56 -------- d-----w- c:\users\Tobi\AppData\Roaming\WindSolutions
2010-06-06 06:58 . 2010-06-06 06:56 -------- d-----w- c:\programdata\WindSolutions
2010-06-06 05:39 . 2010-06-06 05:39 -------- d-----w- c:\program files\Trend Micro
2010-06-05 17:20 . 2010-05-14 08:43 -------- d-----w- c:\users\Tobi\AppData\Roaming\XnView
2010-06-05 14:21 . 2010-06-05 14:21 -------- d-----w- c:\program files\sixteen tons entertainment
2010-06-03 19:20 . 2010-06-03 19:20 -------- d-----w- c:\program files\Intel
2010-06-03 18:34 . 2010-06-03 18:34 -------- d-----w- c:\program files\IObit
2010-06-03 16:51 . 2010-05-14 06:25 -------- d-----w- c:\program files\MAGIX
2010-06-03 16:51 . 2010-05-14 06:26 -------- d-----w- c:\programdata\MAGIX
2010-06-03 16:48 . 2010-05-12 16:13 -------- d-----w- c:\program files\DVDVideoSoft
2010-06-03 16:48 . 2010-05-12 16:13 -------- d-----w- c:\program files\Common Files\DVDVideoSoft
2010-06-03 15:30 . 2010-06-03 15:30 1629 ----a-w- c:\programdata\xml499F.tmp
2010-06-03 15:30 . 2010-06-03 15:30 13922 ----a-w- c:\programdata\xml4856.tmp
2010-06-03 15:30 . 2010-06-03 15:30 9521 ----a-w- c:\programdata\xml4662.tmp
2010-06-03 14:13 . 2010-05-12 16:10 2300696 ----a-w- c:\programdata\Microsoft\eHome\Packages\MCEClientUX\UpdateableMarkup\Markup.dll
2010-06-03 14:12 . 2010-06-03 14:12 42776 ----a-w- c:\programdata\Microsoft\eHome\Packages\MCEClientUX\dSM-2\StartResources.dll
2010-06-01 19:24 . 2010-06-01 19:23 -------- d-----w- c:\users\Tobi\AppData\Roaming\Logitech
2010-06-01 19:24 . 2010-06-01 19:24 -------- d-----w- c:\users\Tobi\AppData\Roaming\Leadertech
2010-06-01 19:23 . 2010-06-01 19:23 -------- d-----w- c:\users\Tobi\AppData\Roaming\Logishrd
2010-06-01 19:01 . 2010-06-01 19:01 1222464 ----a-w- c:\programdata\Microsoft\eHome\Packages\MCESpotlight\MCESpotlight-2\SpotlightResources.dll
2010-05-30 15:16 . 2010-05-30 14:25 -------- d-----w- c:\users\Tobi\AppData\Roaming\Hamachi
2010-05-30 14:24 . 2010-05-30 14:24 17480 ----a-w- c:\windows\system32\drivers\hamachi.sys
2010-05-30 13:55 . 2010-05-30 13:55 -------- d-----w- c:\programdata\Ubisoft
2010-05-30 13:55 . 2010-05-30 13:55 2337865 ----a-w- c:\windows\system32\pbsvc.exe
2010-05-30 13:46 . 2010-05-30 13:46 -------- d-----w- c:\program files\Ubisoft
2010-05-23 08:20 . 2010-05-23 08:20 -------- d--h--r- c:\users\Tobi\AppData\Roaming\SecuROM
2010-05-23 08:19 . 2010-05-23 08:19 -------- d-sh--w- c:\programdata\SecuROM
2010-05-23 08:05 . 2010-05-23 08:05 -------- d-----w- c:\program files\Microsoft Games for Windows - LIVE
2010-05-23 07:32 . 2010-05-13 15:05 -------- d-----w- c:\program files\Rockstar Games
2010-05-22 08:17 . 2010-05-22 08:17 -------- d-----w- c:\program files\Free Fire Screensaver
2010-05-22 08:17 . 2010-05-22 08:17 -------- d-----w- c:\users\Tobi\AppData\Roaming\Laconic Software
2010-05-21 16:27 . 2010-05-21 16:22 -------- d-----w- c:\users\Tobi\AppData\Roaming\Winamp
2010-05-21 16:23 . 2010-05-21 16:23 -------- d-----w- c:\programdata\OrbNetworks
2010-05-21 16:23 . 2010-05-21 16:22 -------- d-----w- c:\program files\Winamp
2010-05-21 16:23 . 2010-05-21 16:23 -------- d-----w- c:\program files\Winamp Detect
2010-05-21 16:23 . 2010-05-21 16:23 -------- d-----w- c:\program files\Winamp Remote
2010-05-21 11:40 . 2010-05-21 11:40 453 ---ha-w- C:\os466477.bin
2010-05-21 11:40 . 2010-05-21 11:40 -------- d-----w- c:\program files\Ulead Systems
2010-05-21 11:30 . 2010-05-21 11:30 -------- d-----w- c:\program files\CoffeeCup Software
2010-05-20 04:14 . 2010-05-20 04:14 0 ---ha-w- c:\windows\system32\drivers\Msft_User_WpdFs_01_09_00.Wdf
2010-05-19 14:59 . 2010-05-19 14:59 2300696 ----a-w- c:\programdata\Microsoft\eHome\Packages\MCEClientUX\UpdateableMarkup-2\markup.dll
2010-05-19 14:38 . 2010-05-19 14:38 42776 ----a-w- c:\programdata\Microsoft\eHome\Packages\MCEClientUX\dSM\StartResources.dll
2010-05-18 05:44 . 2010-05-14 06:29 -------- d-----w- c:\program files\Common Files\MAGIX Shared
2010-05-15 22:52 . 2010-05-15 22:52 -------- d-----w- c:\program files\MSXML 4.0
2010-05-15 20:23 . 2010-05-15 20:23 92 ----a-w- c:\users\Tobi\AppData\Local\fusioncache.dat
2010-05-15 17:53 . 2010-05-15 17:50 -------- d-----w- c:\program files\San Andreas Mod Installer
2010-05-14 08:43 . 2010-05-14 08:43 -------- d-----w- c:\program files\XnView
2010-05-14 08:36 . 2010-05-14 08:36 -------- d-----w- c:\users\Tobi\AppData\Roaming\Ulead Systems
2010-05-14 07:58 . 2010-05-14 07:58 -------- d-----w- c:\programdata\Corel
2010-05-14 07:58 . 2010-05-14 07:56 -------- d-----w- c:\program files\Corel
2010-05-14 07:58 . 2010-05-14 07:58 -------- d-----w- c:\program files\Common Files\Ulead Systems
2010-05-14 07:58 . 2010-05-14 07:56 -------- d-----w- c:\programdata\Ulead Systems
2010-05-14 07:50 . 2010-05-14 07:50 -------- d-----w- c:\programdata\FLEXnet
2010-05-14 07:47 . 2010-05-12 10:33 -------- d-----w- c:\program files\Common Files\Adobe
2010-05-14 07:44 . 2010-05-14 07:44 -------- d-----w- c:\program files\Common Files\Macrovision Shared
2010-05-14 06:33 . 2010-05-14 06:29 -------- d-----w- c:\programdata\Microsoft Help
2010-05-14 06:32 . 2010-05-14 06:32 -------- d-----w- c:\program files\Microsoft Works
2010-05-14 06:32 . 2009-07-14 04:52 -------- d-----w- c:\program files\MSBuild
2010-05-14 06:31 . 2010-05-14 06:31 -------- d-----w- c:\users\Tobi\AppData\Roaming\MAGIX
2010-05-14 06:30 . 2010-05-14 06:30 -------- d-----w- c:\program files\Microsoft Visual Studio 8
2010-05-14 06:29 . 2010-05-14 06:29 -------- d-----w- c:\program files\Common Files\xara
2010-05-14 06:25 . 2010-05-14 06:25 -------- d-----w- c:\program files\Common Files\MAGIX Services
2010-05-13 15:15 . 2009-07-14 02:37 -------- d-----w- c:\program files\Windows Mail
2010-05-13 14:57 . 2010-05-13 14:57 -------- d-----w- c:\users\Tobi\AppData\Roaming\teamspeak2
2010-05-13 14:57 . 2010-05-12 09:54 -------- d-----w- c:\program files\Teamspeak2_RC2
2010-05-12 16:14 . 2010-05-12 16:14 -------- d-----w- c:\program files\VideoLAN
2009-06-10 21:26 . 2009-07-14 02:04 9633792 --sha-r- c:\windows\Fonts\StaticCache.dat
2009-07-14 01:14 . 2009-07-13 23:42 396800 --sha-w- c:\windows\winsxs\x86_microsoft-windows-mail-app_31bf3856ad364e35_6.1.7600.16385_none_f12e83abb108c86c\WinMail.exe
.
(((((((((((((((((((((((((((( Autostartpunkte der Registrierung ))))))))))))))))))))))))))))))))))))))))
.
.
*Hinweis* leere Einträge & legitime Standardeinträge werden nicht angezeigt.
REGEDIT4
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"avgnt"="c:\program files\Avira\AntiVir Desktop\avgnt.exe" [2010-03-02 282792]
"GrooveMonitor"="c:\program files\Microsoft Office\Office12\GrooveMonitor.exe" [2006-10-26 31016]
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 0 (0x0)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableLUA"= 0 (0x0)
"EnableUIADesktopToggle"= 0 (0x0)
"PromptOnSecureDesktop"= 0 (0x0)
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\LBTWlgn]
2010-05-06 09:29 64592 ----a-w- c:\program files\Common Files\LogiShrd\Bluetooth\LBTWLgn.dll
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"aux"=wdmaud.drv
[HKLM\~\startupfolder\C:^Users^Tobi^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^Logitech . Produktregistrierung.lnk]
path=c:\users\Tobi\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Logitech . Produktregistrierung.lnk
backup=c:\windows\pss\Logitech . Produktregistrierung.lnk.Startup
backupExtension=.Startup
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe ARM]
2010-06-09 08:06 976832 ----a-w- c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Reader Speed Launcher]
2010-06-20 02:04 35760 ----a-w- c:\program files\Adobe\Reader 9.0\Reader\reader_sl.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AdobeCS4ServiceManager]
2008-08-14 05:58 611712 ----a-w- c:\program files\Common Files\Adobe\CS4ServiceManager\CS4ServiceManager.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DivXUpdate]
2010-04-12 22:46 1135912 ----a-w- c:\program files\DivX\DivX Update\DivXUpdate.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\EvtMgr6]
2010-05-18 20:41 1311312 ----a-w- c:\program files\SetPointP\SetPoint.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ICQ]
2010-06-08 11:39 133368 ----a-w- c:\program files\ICQ7.1\ICQ.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\iTunesHelper]
2010-06-15 14:33 141624 ----a-w- c:\program files\iTunes\iTunesHelper.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Launch LCDMon]
2010-02-18 10:24 1573448 ----a-w- c:\program files\Logitech\GamePanel Software\LCD Manager\LCDMon.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Launch LGDCore]
2010-02-18 10:47 3203144 ----a-w- c:\program files\Logitech\GamePanel Software\G-series Software\LGDCore.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Launch LgDeviceAgent]
2010-02-18 10:49 357448 ----a-w- c:\program files\Logitech\GamePanel Software\LGDevAgt.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Orb]
2008-04-01 01:54 507904 ----a-w- c:\program files\Winamp Remote\bin\OrbTray.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
2010-03-17 19:53 421888 ----a-w- c:\program files\QuickTime\QTTask.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\TrayServer]
2008-08-07 15:18 90112 ----a-w- c:\program files\MAGIX\Video_deluxe_16_Plus_Download-Version\Trayserver.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Ulead AutoDetector v2]
2007-08-02 19:08 95504 ----a-w- c:\program files\Common Files\Ulead Systems\AutoDetector\Monitor.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\VirtualCloneDrive]
2009-06-17 11:44 85160 ----a-w- c:\program files\Elaborate Bytes\VirtualCloneDrive\VCDDaemon.exe
R2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384]
R3 LGVirHid;Logitech Gamepanel Virtual HID Device Driver;c:\windows\system32\drivers\LGVirHid.sys [2009-11-23 14856]
S2 AntiVirSchedulerService;Avira AntiVir Planer;c:\program files\Avira\AntiVir Desktop\sched.exe [2010-02-24 135336]
S2 Stereo Service;NVIDIA Stereoscopic 3D Driver Service;c:\program files\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe [2010-04-03 240232]
S3 LGBusEnum;Logitech GamePanel Virtual Bus Enumerator Driver;c:\windows\system32\drivers\LGBusEnum.sys [2009-11-23 19720]
S3 RTL8167;Realtek 8167 NT-Treiber;c:\windows\system32\DRIVERS\Rt86win7.sys [2009-07-13 139776]
.
.
------- Zusätzlicher Suchlauf -------
.
IE: Nach Microsoft E&xel exportieren - c:\progra~2\MICROS~2\Office12\EXCEL.EXE/3000
IE: {{71BFC818-0CED-42D6-9C87-5142918957EE} - c:\program files\ICQ7.1\ICQ.exe
FF - ProfilePath - c:\users\Tobi\AppData\Roaming\Mozilla\Firefox\Profiles\n8ws2sy2.default\
FF - prefs.js: browser.search.selectedEngine - ICQ Search
FF - prefs.js: browser.startup.homepage - http://www.trojaner-board.de/87947-m...b4&feature=sub
FF - prefs.js: keyword.URL - hxxp://search.icq.com/search/afe_results.php?ch_id=afex&tb_ver=2.0.0.1&q=
FF - plugin: c:\program files\DivX\DivX Plus Web Player\npdivx32.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\np-mswmp.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\npwachk.dll
FF - plugin: c:\program files\NVIDIA Corporation\3D Vision\npnv3dv.dll
---- FIREFOX Richtlinien ----
FF - user.js: yahoo.homepage.dontask - truec:\program files\Mozilla Firefox\greprefs\all.js - pref("ui.use_native_colors", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.lu", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.nu", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.nz", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgberp4a5d4ar", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--p1ai", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgbayh7gpa", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.tel", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.auth.force-generic-ntlm", false);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.proxy.type", 5);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("dom.ipc.plugins.timeoutSecs", 45);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("svg.smil.enabled", false);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("accelerometer.enabled", true);
c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.allow_unrestricted_renego_everywhere__temporarily_available_pref", true);
c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.renego_unrestricted_hosts", "");
c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.treat_unsafe_negotiation_as_broken", false);
c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.require_safe_negotiation", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.name", "chrome://browser/locale/browser.properties");
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.description", "chrome://browser/locale/browser.properties");
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("plugins.update.notifyUser", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled.nptest.dll", true);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled.npswf32.dll", true);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled.npctrl.dll", true);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled.npqtplugin.dll", true);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled", false);
.
- - - - Entfernte verwaiste Registrierungseinträge - - - -
AddRemove-_{0C180787-F8C8-42FD-A9D3-689BA44BEAAF} - c:\program files\Corel\Corel Painter Essentials 3\MSILauncher {0C180787-F8C8-42FD-A9D3-689BA44BEAAF}
.
--------------------- Gesperrte Registrierungsschluessel ---------------------
[HKEY_USERS\S-1-5-21-1922945757-944008615-1236141011-1001\Software\SecuROM\License information*]
"datasecu"=hex:b5,61,87,94,bd,9c,47,11,a6,85,cb,aa,62,d8,45,42,5d,56,8e,91,45,
67,01,8f,ac,e8,e3,a1,32,3e,e8,30,85,26,43,7b,b7,68,93,e8,d8,10,51,23,db,60,\
"rkeysecu"=hex:74,b9,39,7c,5d,f1,01,19,e7,6f,6f,5a,c4,32,54,5a
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
Zeit der Fertigstellung: 2010-07-09 14:12:30
ComboFix-quarantined-files.txt 2010-07-09 12:12
Vor Suchlauf: 14 Verzeichnis(se), 286.448.812.032 Bytes frei
Nach Suchlauf: 19 Verzeichnis(se), 286.495.268.864 Bytes frei
- - End Of File - - 3860C041645E400131EBFBF076FA949C
|
|
09.07.2010, 13:25
| #7 |
| /// Malware-holic | Malware gefunden seltsame Meldungen avira avira so instalieren bzw. dann konfigurieren. wenn du die konfiguration übernommen hast, update das programm. klicke dann auf "lokaler schutz" "lokale laufwerke" eventuelle funde in quarantäne, log posten. |
|
09.07.2010, 14:22
| #8 |
| | Malware gefunden seltsame Meldungen okey hab ich gemacht... keine Funde.. nichtmal eine Warnung!  |
|
09.07.2010, 16:23
| #9 |
| /// Malware-holic | Malware gefunden seltsame Meldungen bitte klicke in avira auf berichte und poste den des scans, möchte sehen ob richtig konfiguriert wurde. gibts noch probleme? |
|
| Themen zu Malware gefunden seltsame Meldungen |
| antivir, appdata, datei, einstellungen, exploit, gen, hallo zusammen, internet, kis, kleine, local\temp, malware, malware gefunden, meldung, meldungen, namen, neustart, noob, pc läuft, programm, tan, temp, trojan, unerwünschtes programm, virus, web, windows, zugriff |
Linear-Darstellung
