|
Plagegeister aller Art und deren Bekämpfung: 18 Infizierte dateien/viren, löschen gefährlich? (Logfile dabei)Windows 7 Wenn Du nicht sicher bist, ob Du dir Malware oder Trojaner eingefangen hast, erstelle hier ein Thema. Ein Experte wird sich mit weiteren Anweisungen melden und Dir helfen die Malware zu entfernen oder Unerwünschte Software zu deinstallieren bzw. zu löschen. Bitte schildere dein Problem so genau wie möglich. Sollte es ein Trojaner oder Viren Problem sein wird ein Experte Dir bei der Beseitigug der Infektion helfen. |
22.08.2010, 00:43 | #1 |
| 18 Infizierte dateien/viren, löschen gefährlich? (Logfile dabei) Hallo Zusammen, da ich seid mehr als 1 jahr kein Virus Prog benutze, habe ich heute aus Interesse ein programm heruntergeladen - ausgeführt (Malwarebytes' Anti Malware) das Ergebnis: 18 Infizierte Dateien bzw Viren meine frage: kann ich die betreffende dateien einfach Entfernen, ohne angst haben zu müssen das mein pc formatiert werden muss bzw. schäden nimmt? Logdatei ________________________________________ Malwarebytes' Anti-Malware 1.46 Datenbank Version: 4459 Windows 6.1.7600 Internet Explorer 8.0.7600.16385 22.08.2010 00:47:30 mbam-log-2010-08-22 (00-47-30).txt Art des Suchlaufs: Quick-Scan Durchsuchte Objekte: 141410 Laufzeit: 37 Minute(n), 39 Sekunde(n) Infizierte Speicherprozesse: 0 Infizierte Speichermodule: 0 Infizierte Registrierungsschlüssel: 4 Infizierte Registrierungswerte: 4 Infizierte Dateiobjekte der Registrierung: 1 Infizierte Verzeichnisse: 1 Infizierte Dateien: 8 Infizierte Speicherprozesse: (Keine bösartigen Objekte gefunden) Infizierte Speichermodule: (Keine bösartigen Objekte gefunden) Infizierte Registrierungsschlüssel: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{08b0e5jf-4fcb-11cf-aaa5-00401c6xx500} (Generic.Bot.H) -> No action taken. HKEY_CURRENT_USER\SOFTWARE\F5JMWNZTHI (Trojan.FakeAlert) -> No action taken. HKEY_CURRENT_USER\SOFTWARE\ROUA3O12PW (Trojan.FakeAlert) -> No action taken. HKEY_CURRENT_USER\SOFTWARE\XML (Trojan.FakeAlert) -> No action taken. Infizierte Registrierungswerte: HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\hkcu (Heuristics.Shuriken) -> No action taken. HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run\policies (Heuristics.Shuriken) -> No action taken. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\hklm (Heuristics.Shuriken) -> No action taken. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run\policies (Heuristics.Shuriken) -> No action taken. Infizierte Dateiobjekte der Registrierung: HKEY_CLASSES_ROOT\regfile\shell\open\command\(default) (Broken.OpenCommand) -> Bad: ("regedit.exe" "%1") Good: (regedit.exe "%1") -> No action taken. Infizierte Verzeichnisse: C:\Windows\System32\spynet (Trojan.Backdoor) -> No action taken. Infizierte Dateien: C:\Windows\System32\spynet\server.exe (Generic.Bot.H) -> No action taken. C:\Users\Benutzername\AppData\Local\Temp\file2.exe (Heuristics.Shuriken) -> No action taken. C:\Users\Benutzername\AppData\Roaming\logs.dat (Bifrose.Trace) -> No action taken. C:\Users\Benutzername\AppData\Roaming\smss.exe (Trojan.Delf) -> No action taken. C:\Users\Benutzername\AppData\Local\Temp\MSN.abc (Malware.Trace) -> No action taken. C:\Users\Benutzername\AppData\Local\Temp\UuU.uUu (Malware.Trace) -> No action taken. C:\Users\Benutzername\AppData\Local\Temp\XxX.xXx (Malware.Trace) -> No action taken. C:\Users\Benutzername\AppData\Local\Temp\xxxyyyzzz.dat (Malware.Trace) -> No action taken. ich denke das war alles was man braucht. Also, ich Bedanke mich im Vorraus an ALLE die sich die zeit für mein problem nehmen. (ich weis das zu schätzen=)) Geändert von .SpLAx. (22.08.2010 um 01:38 Uhr) Grund: frage verbessert |
23.08.2010, 14:18 | #2 |
/// Winkelfunktion /// TB-Süch-Tiger™ | 18 Infizierte dateien/viren, löschen gefährlich? (Logfile dabei) Hallo und
__________________Eine Bereinigung ist mitunter mit viel Arbeit für Dich verbunden.
Hinweis: Ich kann Dir niemals eine Garantie geben, dass ich auch alles finde. Eine Formatierung ist meist der Schnellere und immer der sicherste Weg. Solltest Du Dich für eine Bereinigung entscheiden, arbeite solange mit, bis dir jemand vom Team sagt, dass Du clean bist. Vista und Win7 User Alle Tools mit Rechtsklick "als Administrator ausführen" starten. Bitte routinemäßig einen Vollscan mit Malwarebytes machen und Log posten. Denk daran, dass Malwarebytes vor jedem Scan manuell aktualisiert werden muss! Danach OTL: Systemscan mit OTL Lade Dir bitte OTL von Oldtimer herunter und speichere es auf Deinem Desktop
__________________ |
23.08.2010, 15:16 | #3 |
| 18 Infizierte dateien/viren, löschen gefährlich? (Logfile dabei) Hallo Cosinus,
__________________ich habe Malwarebytes Manuel Aktualisiert und einen Vollscan Ausgeführt, Leider hängt sich das Prog. nach 3min auf (Keine Rückmeldung). hoffe wir können diesen schritt fürs erste Überspringen. hier die Log Files von OTL --- OTL.TxtOTL Logfile: Code:
ATTFilter OTL logfile created on: 23.08.2010 15:59:08 - Run 1 OTL by OldTimer - Version 3.2.10.0 Folder = C:\Users\Besnik\Desktop Ultimate Edition (Version = 6.1.7600) - Type = NTWorkstation Internet Explorer (Version = 8.0.7600.16385) Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy 2,00 Gb Total Physical Memory | 1,00 Gb Available Physical Memory | 75,00% Memory free 4,00 Gb Paging File | 3,00 Gb Available in Paging File | 78,00% Paging File free Paging file location(s): ?:\pagefile.sys [binary data] %SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files Drive C: | 286,09 Gb Total Space | 6,15 Gb Free Space | 2,15% Space Free | Partition Type: NTFS D: Drive not present or media not loaded Drive E: | 127,99 Gb Total Space | 53,28 Gb Free Space | 41,63% Space Free | Partition Type: NTFS F: Drive not present or media not loaded G: Drive not present or media not loaded H: Drive not present or media not loaded I: Drive not present or media not loaded Computer Name: ***** Current User Name: Besnik Logged in as Administrator. Current Boot Mode: Normal Scan Mode: Current user Company Name Whitelist: Off Skip Microsoft Files: Off File Age = 30 Days Output = Minimal ========== Processes (SafeList) ========== PRC - C:\Users\Besnik\Desktop\OTL.exe (OldTimer Tools) PRC - C:\Programme\Safari\Safari.exe (Apple Inc.) PRC - C:\Programme\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe (NVIDIA Corporation) PRC - C:\Windows\explorer.exe (Microsoft Corporation) PRC - C:\Programme\Internet Explorer\iexplore.exe (Microsoft Corporation) PRC - C:\Programme\Windows Media Player\wmpnetwk.exe (Microsoft Corporation) PRC - C:\Windows\System32\taskhost.exe (Microsoft Corporation) PRC - C:\Programme\Sony Ericsson\Sony Ericsson PC Suite\SupServ.exe () PRC - C:\Windows\System32\PAStiSvc.exe () ========== Modules (SafeList) ========== MOD - C:\Users\Besnik\Desktop\OTL.exe (OldTimer Tools) MOD - C:\Windows\System32\sspicli.dll (Microsoft Corporation) MOD - C:\Windows\System32\sechost.dll (Microsoft Corporation) MOD - C:\Windows\System32\samcli.dll (Microsoft Corporation) MOD - C:\Windows\System32\profapi.dll (Microsoft Corporation) MOD - C:\Windows\System32\netutils.dll (Microsoft Corporation) MOD - C:\Windows\System32\KernelBase.dll (Microsoft Corporation) MOD - C:\Windows\System32\dwmapi.dll (Microsoft Corporation) MOD - C:\Windows\System32\devobj.dll (Microsoft Corporation) MOD - C:\Windows\System32\cryptbase.dll (Microsoft Corporation) MOD - C:\Windows\System32\cfgmgr32.dll (Microsoft Corporation) MOD - C:\Windows\System32\msscript.ocx (Microsoft Corporation) MOD - C:\Windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7600.16385_none_421189da2b7fabfc\comctl32.dll (Microsoft Corporation) ========== Win32 Services (SafeList) ========== SRV - (Steam Client Service) -- C:\Program Files\Common Files\Steam\SteamService.exe (Valve Corporation) SRV - (Stereo Service) -- C:\Programme\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe (NVIDIA Corporation) SRV - (ServiceLayer) -- C:\Program Files\PC Connectivity Solution\ServiceLayer.exe (Nokia) SRV - (Themes) -- C:\Windows\System32\themeservice.dll (Microsoft Corporation) SRV - (clr_optimization_v4.0.30319_32) -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe (Microsoft Corporation) SRV - (SwitchBoard) -- C:\Program Files\Common Files\Adobe\SwitchBoard\SwitchBoard.exe (Adobe Systems Incorporated) SRV - (osppsvc) -- C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE (Microsoft Corporation) SRV - (WwanSvc) -- C:\Windows\System32\wwansvc.dll (Microsoft Corporation) SRV - (WbioSrvc) -- C:\Windows\System32\wbiosrvc.dll (Microsoft Corporation) SRV - (Power) -- C:\Windows\System32\umpo.dll (Microsoft Corporation) SRV - (sppuinotify) -- C:\Windows\System32\sppuinotify.dll (Microsoft Corporation) SRV - (RpcEptMapper) -- C:\Windows\System32\RpcEpMap.dll (Microsoft Corporation) SRV - (SensrSvc) -- C:\Windows\System32\sensrsvc.dll (Microsoft Corporation) SRV - (PeerDistSvc) -- C:\Windows\System32\PeerDistSvc.dll (Microsoft Corporation) SRV - (PNRPsvc) -- C:\Windows\System32\pnrpsvc.dll (Microsoft Corporation) SRV - (p2pimsvc) -- C:\Windows\System32\pnrpsvc.dll (Microsoft Corporation) SRV - (HomeGroupProvider) -- C:\Windows\System32\provsvc.dll (Microsoft Corporation) SRV - (PNRPAutoReg) -- C:\Windows\System32\pnrpauto.dll (Microsoft Corporation) SRV - (WinDefend) -- C:\Programme\Windows Defender\MpSvc.dll (Microsoft Corporation) SRV - (HomeGroupListener) -- C:\Windows\System32\ListSvc.dll (Microsoft Corporation) SRV - (FontCache) -- C:\Windows\System32\FntCache.dll (Microsoft Corporation) SRV - (Dhcp) -- C:\Windows\System32\dhcpcore.dll (Microsoft Corporation) SRV - (defragsvc) -- C:\Windows\System32\defragsvc.dll (Microsoft Corporation) SRV - (BDESVC) -- C:\Windows\System32\bdesvc.dll (Microsoft Corporation) SRV - (AxInstSV) ActiveX-Installer (AxInstSV) -- C:\Windows\System32\AxInstSv.dll (Microsoft Corporation) SRV - (AppIDSvc) -- C:\Windows\System32\appidsvc.dll (Microsoft Corporation) SRV - (sppsvc) -- C:\Windows\System32\sppsvc.exe (Microsoft Corporation) SRV - (OMSI download service) -- C:\Programme\Sony Ericsson\Sony Ericsson PC Suite\SupServ.exe () SRV - (WcesComm) -- C:\Windows\WindowsMobile\wcescomm.dll (Microsoft Corporation) SRV - (RapiMgr) -- C:\Windows\WindowsMobile\rapimgr.dll (Microsoft Corporation) SRV - (STI Simulator) -- C:\Windows\System32\PAStiSvc.exe () ========== Driver Services (SafeList) ========== DRV - (cpuz132) -- C:\Users\Besnik\AppData\Local\Temp\cpuz132\cpuz132_x32.sys File not found DRV - (nvlddmkm) -- C:\Windows\System32\drivers\nvlddmkm.sys (NVIDIA Corporation) DRV - (sptd) -- C:\Windows\System32\Drivers\sptd.sys (Duplex Secure Ltd.) DRV - (MBAMSwissArmy) -- C:\Windows\System32\drivers\mbamswissarmy.sys (Malwarebytes Corporation) DRV - (RTL8167) -- C:\Windows\System32\drivers\Rt86win7.sys (Realtek ) DRV - (UsbserFilt) -- C:\Windows\System32\drivers\usbser_lowerfltj.sys (Nokia) DRV - (upperdev) -- C:\Windows\System32\drivers\usbser_lowerflt.sys (Nokia) DRV - (nmwcdc) -- C:\Windows\System32\drivers\ccdcmbo.sys (Nokia) DRV - (nmwcd) -- C:\Windows\System32\drivers\ccdcmb.sys (Nokia) DRV - (nmwcdnsu) -- C:\Windows\System32\drivers\nmwcdnsu.sys (Nokia) DRV - (nmwcdnsuc) -- C:\Windows\System32\drivers\nmwcdnsuc.sys (Nokia) DRV - (ESLvnic1) -- C:\Windows\System32\drivers\ESLvnic.sys (Turtle Entertainment GmbH) DRV - (lirsgt) -- C:\Windows\System32\drivers\lirsgt.sys () DRV - (KSecPkg) -- C:\Windows\System32\Drivers\ksecpkg.sys (Microsoft Corporation) DRV - (hamachi) -- C:\Windows\System32\drivers\hamachi.sys (LogMeIn, Inc.) DRV - (xusb21) -- C:\Windows\System32\drivers\xusb21.sys (Microsoft Corporation) DRV - (cmdide) -- C:\Windows\system32\DRIVERS\cmdide.sys (CMD Technology, Inc.) DRV - (adpahci) -- C:\Windows\system32\DRIVERS\adpahci.sys (Adaptec, Inc.) DRV - (adp94xx) -- C:\Windows\system32\DRIVERS\adp94xx.sys (Adaptec, Inc.) DRV - (amdsbs) -- C:\Windows\system32\DRIVERS\amdsbs.sys (AMD Technologies Inc.) DRV - (adpu320) -- C:\Windows\system32\DRIVERS\adpu320.sys (Adaptec, Inc.) DRV - (arcsas) -- C:\Windows\system32\DRIVERS\arcsas.sys (Adaptec, Inc.) DRV - (amdsata) -- C:\Windows\system32\DRIVERS\amdsata.sys (Advanced Micro Devices) DRV - (arc) -- C:\Windows\system32\DRIVERS\arc.sys (Adaptec, Inc.) DRV - (amdxata) -- C:\Windows\system32\DRIVERS\amdxata.sys (Advanced Micro Devices) DRV - (aliide) -- C:\Windows\system32\DRIVERS\aliide.sys (Acer Laboratories Inc.) DRV - (nvstor) -- C:\Windows\system32\DRIVERS\nvstor.sys (NVIDIA Corporation) DRV - (nvraid) -- C:\Windows\system32\DRIVERS\nvraid.sys (NVIDIA Corporation) DRV - (nfrd960) -- C:\Windows\system32\DRIVERS\nfrd960.sys (IBM Corporation) DRV - (LSI_SAS) -- C:\Windows\system32\DRIVERS\lsi_sas.sys (LSI Corporation) DRV - (iaStorV) -- C:\Windows\system32\DRIVERS\iaStorV.sys (Intel Corporation) DRV - (MegaSR) -- C:\Windows\system32\DRIVERS\MegaSR.sys (LSI Corporation, Inc.) DRV - (LSI_SCSI) -- C:\Windows\system32\DRIVERS\lsi_scsi.sys (LSI Corporation) DRV - (LSI_FC) -- C:\Windows\system32\DRIVERS\lsi_fc.sys (LSI Corporation) DRV - (LSI_SAS2) -- C:\Windows\system32\DRIVERS\lsi_sas2.sys (LSI Corporation) DRV - (iirsp) -- C:\Windows\system32\DRIVERS\iirsp.sys (Intel Corp./ICP vortex GmbH) DRV - (megasas) -- C:\Windows\system32\DRIVERS\megasas.sys (LSI Corporation) DRV - (hwpolicy) -- C:\Windows\System32\drivers\hwpolicy.sys (Microsoft Corporation) DRV - (elxstor) -- C:\Windows\system32\DRIVERS\elxstor.sys (Emulex) DRV - (aic78xx) -- C:\Windows\system32\DRIVERS\djsvs.sys (Adaptec, Inc.) DRV - (HpSAMD) -- C:\Windows\system32\DRIVERS\HpSAMD.sys (Hewlett-Packard Company) DRV - (FsDepends) -- C:\Windows\System32\drivers\fsdepends.sys (Microsoft Corporation) DRV - (vsmraid) -- C:\Windows\system32\DRIVERS\vsmraid.sys (VIA Technologies Inc.,Ltd) DRV - (vmbus) -- C:\Windows\system32\DRIVERS\vmbus.sys (Microsoft Corporation) DRV - (vhdmp) -- C:\Windows\system32\DRIVERS\vhdmp.sys (Microsoft Corporation) DRV - (storflt) -- C:\Windows\system32\DRIVERS\vmstorfl.sys (Microsoft Corporation) DRV - (vdrvroot) -- C:\Windows\system32\DRIVERS\vdrvroot.sys (Microsoft Corporation) DRV - (storvsc) -- C:\Windows\system32\DRIVERS\storvsc.sys (Microsoft Corporation) DRV - (WIMMount) -- C:\Windows\System32\drivers\wimmount.sys (Microsoft Corporation) DRV - (viaide) -- C:\Windows\system32\DRIVERS\viaide.sys (VIA Technologies, Inc.) DRV - (ql2300) -- C:\Windows\system32\DRIVERS\ql2300.sys (QLogic Corporation) DRV - (rdyboost) -- C:\Windows\System32\drivers\rdyboost.sys (Microsoft Corporation) DRV - (ql40xx) -- C:\Windows\system32\DRIVERS\ql40xx.sys (QLogic Corporation) DRV - (SiSRaid4) -- C:\Windows\system32\DRIVERS\sisraid4.sys (Silicon Integrated Systems) DRV - (pcw) -- C:\Windows\System32\drivers\pcw.sys (Microsoft Corporation) DRV - (SiSRaid2) -- C:\Windows\system32\DRIVERS\SiSRaid2.sys (Silicon Integrated Systems Corp.) DRV - (stexstor) -- C:\Windows\system32\DRIVERS\stexstor.sys (Promise Technology) DRV - (CNG) -- C:\Windows\System32\Drivers\cng.sys (Microsoft Corporation) DRV - (Brserid) Brother MFC Serial Port Interface Driver (WDM) -- C:\Windows\System32\Drivers\Brserid.sys (Brother Industries Ltd.) DRV - (rdpbus) -- C:\Windows\System32\drivers\rdpbus.sys (Microsoft Corporation) DRV - (RDPREFMP) -- C:\Windows\System32\drivers\RDPREFMP.sys (Microsoft Corporation) DRV - (RasAgileVpn) WAN Miniport (IKEv2) -- C:\Windows\System32\drivers\agilevpn.sys (Microsoft Corporation) DRV - (WfpLwf) -- C:\Windows\System32\drivers\wfplwf.sys (Microsoft Corporation) DRV - (NdisCap) -- C:\Windows\System32\drivers\ndiscap.sys (Microsoft Corporation) DRV - (vwifibus) -- C:\Windows\System32\drivers\vwifibus.sys (Microsoft Corporation) DRV - (1394ohci) -- C:\Windows\system32\DRIVERS\1394ohci.sys (Microsoft Corporation) DRV - (UmPass) -- C:\Windows\system32\DRIVERS\umpass.sys (Microsoft Corporation) DRV - (usbaudio) USB-Audiotreiber (WDM) -- C:\Windows\System32\drivers\USBAUDIO.sys (Microsoft Corporation) DRV - (WinUsb) -- C:\Windows\System32\drivers\winusb.sys (Microsoft Corporation) DRV - (mshidkmdf) -- C:\Windows\System32\drivers\mshidkmdf.sys (Microsoft Corporation) DRV - (MTConfig) -- C:\Windows\system32\DRIVERS\MTConfig.sys (Microsoft Corporation) DRV - (CompositeBus) -- C:\Windows\System32\drivers\CompositeBus.sys (Microsoft Corporation) DRV - (AppID) -- C:\Windows\system32\drivers\appid.sys (Microsoft Corporation) DRV - (scfilter) -- C:\Windows\System32\drivers\scfilter.sys (Microsoft Corporation) DRV - (s3cap) -- C:\Windows\system32\DRIVERS\vms3cap.sys (Microsoft Corporation) DRV - (VMBusHID) -- C:\Windows\system32\DRIVERS\VMBusHID.sys (Microsoft Corporation) DRV - (discache) -- C:\Windows\System32\drivers\discache.sys (Microsoft Corporation) DRV - (HidBatt) -- C:\Windows\system32\DRIVERS\HidBatt.sys (Microsoft Corporation) DRV - (AcpiPmi) -- C:\Windows\system32\DRIVERS\acpipmi.sys (Microsoft Corporation) DRV - (AmdPPM) -- C:\Windows\system32\DRIVERS\amdppm.sys (Microsoft Corporation) DRV - (hcw85cir) -- C:\Windows\system32\drivers\hcw85cir.sys (Hauppauge Computer Works, Inc.) DRV - (BrUsbMdm) -- C:\Windows\System32\Drivers\BrUsbMdm.sys (Brother Industries Ltd.) DRV - (BrUsbSer) -- C:\Windows\System32\Drivers\BrUsbSer.sys (Brother Industries Ltd.) DRV - (BrSerWdm) -- C:\Windows\System32\Drivers\BrSerWdm.sys (Brother Industries Ltd.) DRV - (BrFiltLo) -- C:\Windows\system32\DRIVERS\BrFiltLo.sys (Brother Industries, Ltd.) DRV - (BrFiltUp) -- C:\Windows\system32\DRIVERS\BrFiltUp.sys (Brother Industries, Ltd.) DRV - (b57nd60x) -- C:\Windows\System32\drivers\b57nd60x.sys (Broadcom Corporation) DRV - (ebdrv) -- C:\Windows\system32\DRIVERS\evbdx.sys (Broadcom Corporation) DRV - (b06bdrv) -- C:\Windows\system32\DRIVERS\bxvbdx.sys (Broadcom Corporation) DRV - (s0017mdm) -- C:\Windows\System32\drivers\s0017mdm.sys (MCCI Corporation) DRV - (s0017unic) Sony Ericsson Device 0017 USB Ethernet Emulation SEMC0017 (WDM) -- C:\Windows\System32\drivers\s0017unic.sys (MCCI Corporation) DRV - (s0017mgmt) Sony Ericsson Device 0017 USB WMC Device Management Drivers (WDM) -- C:\Windows\System32\drivers\s0017mgmt.sys (MCCI Corporation) DRV - (s0017obex) -- C:\Windows\System32\drivers\s0017obex.sys (MCCI Corporation) DRV - (s0017bus) Sony Ericsson Device 0017 driver (WDM) -- C:\Windows\System32\drivers\s0017bus.sys (MCCI Corporation) DRV - (s0017nd5) Sony Ericsson Device 0017 USB Ethernet Emulation SEMC0017 (NDIS) -- C:\Windows\System32\drivers\s0017nd5.sys (MCCI Corporation) DRV - (s0017mdfl) -- C:\Windows\System32\drivers\s0017mdfl.sys (MCCI Corporation) DRV - (pccsmcfd) -- C:\Windows\System32\drivers\pccsmcfd.sys (Nokia) DRV - (AmdLLD) -- C:\Windows\System32\drivers\AmdLLD.sys (AMD, Inc.) DRV - (vmm) -- C:\Windows\System32\drivers\VMM.sys (Microsoft Corporation) DRV - (RTLWUSB) -- C:\Windows\System32\drivers\wg111v2.sys (NETGEAR Inc.) DRV - (PAC207) -- C:\Windows\System32\drivers\pfc027.sys () ========== Standard Registry (SafeList) ========== ========== Internet Explorer ========== IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = about:blank IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Search_URL = about:blank IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,First Home Page = about:blank IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = about:blank IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = about:blank IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = about:blank IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = Google IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = MSN, Messenger und Hotmail sowie Nachrichten, Unterhaltung, Video, Sport, Lifestyle, Finanzen, Auto uvm. bei MSN IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = de IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 50 91 31 28 9A 8B CA 01 [binary data] IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 ========== FireFox ========== FF - prefs.js..browser.search.selectedEngine: "DAEMON Search" FF - prefs.js..extensions.enabledItems: {A27F3FEF-1113-4cfb-A032-8E12D7D8EE70}:7.3.2.26 FF - prefs.js..extensions.enabledItems: piclens@cooliris.com:1.11.6 FF - prefs.js..extensions.enabledItems: firebug@software.joehewitt.com:1.5.4 FF - prefs.js..extensions.enabledItems: {81BF1D23-5F17-408D-AC6B-BD6DF7CAF670}:6.7.0.1 FF - HKLM\software\mozilla\Firefox\Extensions\\{A27F3FEF-1113-4cfb-A032-8E12D7D8EE70}: C:\Program Files\Nokia\Nokia Ovi Suite\Connectors\Bookmarks Connector\FirefoxExtension\ [2010.05.21 14:02:04 | 000,000,000 | ---D | M] FF - HKLM\software\mozilla\Mozilla Firefox 3.6.6\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2010.07.04 18:57:49 | 000,000,000 | ---D | M] FF - HKLM\software\mozilla\Mozilla Firefox 3.6.6\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2010.07.09 21:26:23 | 000,000,000 | ---D | M] FF - HKLM\software\mozilla\Thunderbird\Extensions\\{CCB7D94B-CA92-4E3F-B79D-ADE0F07ADC74}: C:\Program Files\Nokia\Nokia Ovi Suite\Connectors\Thunderbird Connector\ThunderbirdExtension\ [2010.05.21 14:02:04 | 000,000,000 | ---D | M] [2010.05.29 17:41:56 | 000,000,000 | ---D | M] -- C:\Users\Besnik\AppData\Roaming\mozilla\Extensions [2010.08.02 15:39:01 | 000,000,000 | ---D | M] -- C:\Users\Besnik\AppData\Roaming\mozilla\Firefox\Profiles\55fh7zvd.default\extensions [2010.07.04 19:01:06 | 000,000,000 | ---D | M] (iMacros for Firefox) -- C:\Users\Besnik\AppData\Roaming\mozilla\Firefox\Profiles\55fh7zvd.default\extensions\{81BF1D23-5F17-408D-AC6B-BD6DF7CAF670} [2010.05.30 15:46:29 | 000,000,000 | ---D | M] -- C:\Users\Besnik\AppData\Roaming\mozilla\Firefox\Profiles\55fh7zvd.default\extensions\firebug@software.joehewitt.com [2010.05.29 20:58:35 | 000,000,000 | ---D | M] -- C:\Users\Besnik\AppData\Roaming\mozilla\Firefox\Profiles\55fh7zvd.default\extensions\piclens@cooliris.com [2010.07.04 18:57:48 | 000,000,000 | ---D | M] -- C:\Programme\Mozilla Firefox\extensions [2010.06.26 10:03:55 | 000,001,392 | ---- | M] () -- C:\Programme\Mozilla Firefox\searchplugins\amazondotcom-de.xml [2010.06.26 10:03:55 | 000,002,344 | ---- | M] () -- C:\Programme\Mozilla Firefox\searchplugins\eBay-de.xml [2010.06.26 10:03:55 | 000,006,805 | ---- | M] () -- C:\Programme\Mozilla Firefox\searchplugins\leo_ende_de.xml [2010.06.26 10:03:55 | 000,001,178 | ---- | M] () -- C:\Programme\Mozilla Firefox\searchplugins\wikipedia-de.xml [2010.06.26 10:03:55 | 000,001,105 | ---- | M] () -- C:\Programme\Mozilla Firefox\searchplugins\yahoo-de.xml O1 HOSTS File: ([2010.05.09 07:10:55 | 000,000,855 | ---- | M]) - C:\Windows\System32\drivers\etc\hosts O1 - Hosts: 127.0.0.1 activate.adobe.com O2 - BHO: (RadioBar Toolbar) - {5B291E6C-9A74-4034-971B-A4B007A0B315} - C:\Program Files\RadioBar\toolbar.ni.dll File not found O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - No CLSID value found. O2 - BHO: (Windows Live Anmelde-Hilfsprogramm) - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Programme\Common Files\microsoft shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corporation) O2 - BHO: (Office Document Cache Handler) - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Programme\Microsoft Office\Office14\URLREDIR.DLL (Microsoft Corporation) O3 - HKLM\..\Toolbar: (RadioBar Toolbar) - {5B291E6C-9A74-4034-971B-A4B007A0B315} - C:\Program Files\RadioBar\toolbar.ni.dll File not found O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {32099AAC-C132-4136-9E9A-4E364A424E17} - No CLSID value found. O3 - HKCU\..\Toolbar\WebBrowser: (RadioBar Toolbar) - {5B291E6C-9A74-4034-971B-A4B007A0B315} - C:\Program Files\RadioBar\toolbar.ni.dll File not found O4 - HKLM..\Run: [AdobeAAMUpdater-1.0] C:\Program Files\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe (Adobe Systems Incorporated) O4 - HKLM..\Run: [AdobeCS5ServiceManager] C:\Program Files\Common Files\Adobe\CS5ServiceManager\CS5ServiceManager.exe (Adobe Systems Incorporated) O4 - HKLM..\Run: [amd_dc_opt] C:\Programme\AMD\Dual-Core Optimizer\amd_dc_opt.exe (AMD) O4 - HKLM..\Run: [BCSSync] C:\Program Files\Microsoft Office\Office14\BCSSync.exe (Microsoft Corporation) O4 - HKLM..\Run: [DivXUpdate] C:\Program Files\DivX\DivX Update\DivXUpdate.exe () O4 - HKLM..\Run: [HKLM] C:\Windows\System32\spynet\server.exe (sdfuje5ktzdf) O4 - HKLM..\Run: [NokiaMServer] C:\Program Files\Common Files\Nokia\MPlatform\NokiaMServer.exe (Nokia) O4 - HKLM..\Run: [Start WingMan Profiler] C:\Program Files\Logitech\Gaming Software\LWEMon.exe (Logitech Inc.) O4 - HKLM..\Run: [SwitchBoard] C:\Programme\Common Files\Adobe\SwitchBoard\SwitchBoard.exe (Adobe Systems Incorporated) O4 - HKLM..\Run: [WinampAgent] C:\Program Files\Winamp\winampa.exe File not found O4 - HKCU..\Run: [] File not found O4 - HKCU..\Run: [AdobeBridge] File not found O4 - HKCU..\Run: [GameTracker] C:\Program Files\GameTracker\GTLite.exe File not found O4 - HKCU..\Run: [HKCU] C:\Windows\System32\spynet\server.exe (sdfuje5ktzdf) O4 - HKCU..\Run: [Windows Media Center] File not found O4 - Startup: C:\Users\Besnik\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OneNote 2010 Screen Clipper and Launcher.lnk = C:\Programme\Microsoft Office\Office14\ONENOTEM.EXE (Microsoft Corporation) O4 - Startup: C:\Users\Besnik\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Zotac FireStorm.lnk = C:\Programme\ZOTAC FireStorm\Firestorm.exe (ZOTAC Ltd.) O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\Run: Policies = C:\Windows\system32\spynet\server.exe (sdfuje5ktzdf) O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: PromptOnSecureDesktop = 0 O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\Run: Policies = C:\Windows\system32\spynet\server.exe (sdfuje5ktzdf) O8 - Extra context menu item: E&xport to Microsoft Excel - C:\Programme\Microsoft Office\Office14\EXCEL.EXE (Microsoft Corporation) O8 - Extra context menu item: Se&nd to OneNote - C:\Programme\Microsoft Office\Office14\ONBttnIE.dll (Microsoft Corporation) O9 - Extra Button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Programme\Microsoft Office\Office14\ONBttnIE.dll (Microsoft Corporation) O9 - Extra 'Tools' menuitem : Se&nd to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Programme\Microsoft Office\Office14\ONBttnIE.dll (Microsoft Corporation) O9 - Extra Button: @C:\Windows\WindowsMobile\INetRepl.dll,-222 - {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - C:\Windows\WindowsMobile\INetRepl.dll (Microsoft Corporation) O9 - Extra 'Tools' menuitem : @C:\Windows\WindowsMobile\INetRepl.dll,-223 - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\Windows\WindowsMobile\INetRepl.dll (Microsoft Corporation) O9 - Extra Button: OneNote Lin&ked Notes - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Programme\Microsoft Office\Office14\ONBttnIELinkedNotes.dll (Microsoft Corporation) O9 - Extra 'Tools' menuitem : OneNote Lin&ked Notes - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Programme\Microsoft Office\Office14\ONBttnIELinkedNotes.dll (Microsoft Corporation) O13 - gopher Prefix: missing O16 - DPF: {5D6F45B3-9043-443D-A792-115447494D24} hxxp://messenger.zone.msn.com/MessengerGamesContent/GameContent/de/uno1/GAME_UNO1.cab (UnoCtrl Class) O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_15-windows-i586.cab (Java Plug-in 1.6.0_15) O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} hxxp://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab56907.cab (MessengerStatsClient Class) O16 - DPF: {CAFEEFAC-0016-0000-0015-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_15-windows-i586.cab (Java Plug-in 1.6.0_15) O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_15-windows-i586.cab (Java Plug-in 1.6.0_15) O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab (Reg Error: Key error.) O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.1 62.53.220.114 193.189.244.205 O18 - Protocol\Handler\livecall {828030A1-22C1-4009-854F-8E305202313F} - C:\Programme\Windows Live\Messenger\msgrapp.14.0.8117.0416.dll (Microsoft Corporation) O18 - Protocol\Handler\ms-help {314111c7-a502-11d2-bbca-00c04f8ec294} - C:\Programme\Common Files\microsoft shared\Help\hxds.dll (Microsoft Corporation) O18 - Protocol\Handler\msnim {828030A1-22C1-4009-854F-8E305202313F} - C:\Programme\Windows Live\Messenger\msgrapp.14.0.8117.0416.dll (Microsoft Corporation) O18 - Protocol\Handler\toolbarchrome {718733BC-AD64-4e5f-AC18-A85FBD75D54D} - C:\Program Files\RadioBar\toolbar.ni.dll File not found O18 - Protocol\Filter\text/xml {807573E5-5146-11D5-A672-00B0D022E945} - C:\Programme\Common Files\microsoft shared\OFFICE14\MSOXMLMF.DLL (Microsoft Corporation) O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation) O20 - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\Windows\System32\SystemPropertiesPerformance.exe (Microsoft Corporation) O20 - HKLM Winlogon: VMApplet - (/pagefile) - File not found O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - CLSID or File not found. O22 - SharedTaskScheduler: {1984DD45-52CF-49cd-AB77-18F378FEA264} - FencesShellExt - C:\Programme\Stardock\Fences\FencesMenu.dll (Stardock) O30 - LSA: Security Packages - (pku2u) - C:\Windows\System32\pku2u.dll (Microsoft Corporation) O32 - HKLM CDRom: AutoRun - 1 O32 - AutoRun File - [2009.06.10 23:42:20 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ] O33 - MountPoints2\{399795d0-eef4-11de-b7cb-002197303f51}\Shell - "" = AutoRun O33 - MountPoints2\{399795d0-eef4-11de-b7cb-002197303f51}\Shell\AutoRun\command - "" = E:\LaunchU3.exe -- File not found O33 - MountPoints2\E\Shell - "" = AutoRun O33 - MountPoints2\E\Shell\AutoRun\command - "" = E:\LaunchU3.exe -- File not found O34 - HKLM BootExecute: (autocheck autochk /k:C *) - File not found O35 - HKLM\..comfile [open] -- "%1" %* O35 - HKLM\..exefile [open] -- "%1" %* O37 - HKLM\...com [@ = comfile] -- "%1" %* O37 - HKLM\...exe [@ = exefile] -- "%1" %* ========== Files/Folders - Created Within 30 Days ========== [2010.08.23 15:55:53 | 000,575,488 | ---- | C] (OldTimer Tools) -- C:\Users\Besnik\Desktop\OTL.exe [2010.08.21 23:23:29 | 000,000,000 | ---D | C] -- C:\Users\Besnik\AppData\Roaming\Malwarebytes [2010.08.21 23:23:12 | 000,038,224 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbamswissarmy.sys [2010.08.21 23:23:11 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes [2010.08.21 23:23:10 | 000,020,952 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbam.sys [2010.08.21 23:23:10 | 000,000,000 | ---D | C] -- C:\Programme\Malwarebytes' Anti-Malware [2010.08.20 03:15:07 | 002,010,578 | ---- | C] (The Best Free Trainers in the World) -- C:\Users\Besnik\Desktop\Assassin's Creed II v1.0 + 4 Trainer.exe [2010.08.19 14:49:48 | 000,000,000 | ---D | C] -- C:\Users\Besnik\AppData\Local\119614890735248628 [2010.08.19 14:49:43 | 000,000,000 | ---D | C] -- C:\Users\Besnik\AppData\Local\119611678099711220 [2010.08.19 14:18:00 | 000,000,000 | ---D | C] -- C:\Users\Besnik\AppData\Local\Wheelman [2010.08.19 14:18:00 | 000,000,000 | ---D | C] -- C:\Users\Besnik\AppData\Local\PC [2010.08.19 14:03:19 | 000,000,000 | ---D | C] -- C:\Programme\Ubisoft Entertainment [2010.08.19 05:40:48 | 000,000,000 | ---D | C] -- C:\Users\Besnik\AppData\Local\119614890734200052 [2010.08.19 05:40:42 | 000,000,000 | ---D | C] -- C:\Users\Besnik\AppData\Local\119611678098662644 [2010.08.18 14:24:55 | 000,056,936 | ---- | C] (Khronos Group) -- C:\Windows\System32\OpenCL.dll [2010.08.18 14:24:54 | 014,092,904 | ---- | C] (NVIDIA Corporation) -- C:\Windows\System32\nvoglv32.dll [2010.08.18 14:24:54 | 011,008,040 | ---- | C] (NVIDIA Corporation) -- C:\Windows\System32\drivers\nvlddmkm.sys [2010.08.18 14:24:53 | 010,267,240 | ---- | C] (NVIDIA Corporation) -- C:\Windows\System32\nvcompiler.dll [2010.08.18 14:24:53 | 009,818,728 | ---- | C] (NVIDIA Corporation) -- C:\Windows\System32\nvd3dum.dll [2010.08.18 14:24:53 | 004,553,832 | ---- | C] (NVIDIA Corporation) -- C:\Windows\System32\nvcuda.dll [2010.08.18 14:24:53 | 002,892,904 | ---- | C] (NVIDIA Corporation) -- C:\Windows\System32\nvcuvid.dll [2010.08.18 14:24:53 | 002,506,344 | ---- | C] (NVIDIA Corporation) -- C:\Windows\System32\nvcuvenc.dll [2010.08.18 14:24:53 | 000,314,984 | ---- | C] (NVIDIA Corporation) -- C:\Windows\System32\nvdecodemft.dll [2010.08.18 14:24:53 | 000,236,136 | ---- | C] (NVIDIA Corporation) -- C:\Windows\System32\nvcod1922.dll [2010.08.18 14:24:53 | 000,236,136 | ---- | C] (NVIDIA Corporation) -- C:\Windows\System32\nvcod.dll [2010.08.18 14:24:53 | 000,010,920 | ---- | C] (NVIDIA Corporation) -- C:\Windows\System32\drivers\nvBridge.kmd [2010.08.18 04:42:16 | 000,000,000 | ---D | C] -- C:\Users\Besnik\AppData\Roaming\NVIDIA 3D Vision Video Player [2010.08.18 00:32:10 | 000,000,000 | ---D | C] -- C:\Programme\ZOTAC FireStorm [2010.08.17 21:22:49 | 000,000,000 | ---D | C] -- C:\Users\Besnik\AppData\Roaming\NVIDIA [2010.08.17 20:42:41 | 000,604,776 | ---- | C] (NVIDIA Corporation) -- C:\Windows\System32\nvudisp.exe [2010.08.12 21:14:22 | 000,197,632 | ---- | C] (Intel(R) Corporation) -- C:\Windows\System32\ir32_32.dll [2010.08.12 21:14:22 | 000,082,944 | ---- | C] (Radius Inc.) -- C:\Windows\System32\iccvid.dll [2010.08.12 21:14:21 | 000,037,376 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\rtutils.dll [2010.08.12 21:14:18 | 003,955,080 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ntkrnlpa.exe [2010.08.12 21:14:18 | 003,899,784 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ntoskrnl.exe [2010.08.12 21:14:09 | 001,638,912 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mshtml.tlb [2010.08.12 21:14:09 | 000,606,208 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mstime.dll [2010.08.12 21:14:09 | 000,381,440 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\iedkcs32.dll [2010.08.12 21:14:09 | 000,185,856 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\iepeers.dll [2010.08.12 21:14:09 | 000,176,640 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ieui.dll [2010.08.12 21:14:09 | 000,064,512 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msfeedsbs.dll [2010.08.12 21:14:09 | 000,048,128 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\jsproxy.dll [2010.08.12 21:14:09 | 000,012,800 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msfeedssync.exe [2010.08.12 21:13:59 | 002,326,016 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\win32k.sys [2010.08.12 14:29:43 | 000,000,000 | ---D | C] -- C:\Users\Besnik\AppData\Roaming\vlc [2010.08.12 13:40:30 | 000,000,000 | ---D | C] -- C:\Programme\7-Zip [2010.08.11 23:40:27 | 000,000,000 | ---D | C] -- C:\Users\Besnik\Desktop\kAKA [2010.08.11 23:38:48 | 005,651,533 | ---- | C] (Smart Projects) -- C:\Users\Besnik\Desktop\IsoBuster.exe [2010.08.10 02:47:04 | 000,000,000 | ---D | C] -- C:\Users\Besnik\Documents\MAGIX Downloads [2010.08.10 02:47:03 | 000,000,000 | ---D | C] -- C:\Users\Besnik\AppData\Roaming\MAGIX [2010.08.10 02:45:41 | 000,044,544 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msxml4a.dll [2010.08.10 02:45:23 | 000,667,648 | ---- | C] (MAGIX AG) -- C:\Windows\System32\mgxoschk.dll [2010.08.10 02:45:16 | 000,516,096 | ---- | C] (PoINT Software & Systems GmbH) -- C:\Windows\System32\DLLAV32.dll [2010.08.10 02:45:16 | 000,430,080 | ---- | C] (MAGIX AG) -- C:\Windows\System32\MXRestore.exe [2010.08.10 02:45:16 | 000,192,512 | ---- | C] (PoINT Software & Systems GmbH) -- C:\Windows\System32\DLLRES32.dll [2010.08.10 02:45:16 | 000,167,936 | ---- | C] (PoINT Software & Systems GmbH) -- C:\Windows\System32\DLLDEV32.dll [2010.08.10 02:45:16 | 000,151,552 | ---- | C] (PoINT Software & Systems GmbH) -- C:\Windows\System32\DLLDRV32.dll [2010.08.10 02:45:16 | 000,114,688 | ---- | C] (PoINT Software & Systems GmbH) -- C:\Windows\System32\DLLCDA32.dll [2010.08.10 02:45:16 | 000,098,304 | ---- | C] (PoINT Software & Systems GmbH) -- C:\Windows\System32\DLLCPY32.dll [2010.08.10 02:45:16 | 000,065,536 | ---- | C] (PoINT Software & Systems GmbH) -- C:\Windows\System32\DLLPTL32.dll [2010.08.10 02:45:16 | 000,061,440 | ---- | C] (PoINT Software & Systems GmbH) -- C:\Windows\System32\DLLCDF32.dll [2010.08.10 02:45:16 | 000,057,344 | ---- | C] (PoINT Software & Systems GmbH) -- C:\Windows\System32\DLLTPO32.dll [2010.08.10 02:45:16 | 000,053,248 | ---- | C] (PoINT Software & Systems GmbH) -- C:\Windows\System32\DLLPRJ32.dll [2010.08.10 02:45:16 | 000,053,248 | ---- | C] (PoINT Software & Systems GmbH) -- C:\Windows\System32\DLLIO32.dll [2010.08.10 02:45:16 | 000,049,152 | ---- | C] (PoINT Software & Systems GmbH) -- C:\Windows\System32\DLLPRF32.dll [2010.08.10 02:45:16 | 000,045,056 | ---- | C] (PoINT Software & Systems GmbH) -- C:\Windows\System32\DLLIMG32.dll [2010.08.10 02:45:16 | 000,040,960 | ---- | C] (PoINT Software & Systems GmbH) -- C:\Windows\System32\DLLRD32.dll [2010.08.10 02:45:16 | 000,036,864 | ---- | C] (PoINT Software & Systems GmbH) -- C:\Windows\System32\DLLPNT32.dll [2010.08.10 02:45:16 | 000,032,768 | ---- | C] (PoINT Software & Systems GmbH) -- C:\Windows\System32\STRING32.dll [2010.08.10 02:45:16 | 000,032,768 | ---- | C] (PoINT Software & Systems GmbH) -- C:\Windows\System32\DLLMSC32.dll [2010.08.10 02:45:16 | 000,032,768 | ---- | C] (PoINT Software & Systems GmbH) -- C:\Windows\System32\DLLISO32.dll [2010.08.10 02:45:16 | 000,032,768 | ---- | C] (PoINT Software & Systems GmbH) -- C:\Windows\System32\DLLDIR32.dll [2010.08.10 02:45:16 | 000,024,576 | ---- | C] (PoINT Software & Systems GmbH) -- C:\Windows\System32\TTIC32.dll [2010.08.10 02:45:16 | 000,024,576 | ---- | C] (PoINT Software & Systems GmbH) -- C:\Windows\System32\TTI32.dll [2010.08.10 02:45:16 | 000,024,576 | ---- | C] (PoINT Software & Systems GmbH) -- C:\Windows\System32\DLLIX.dll [2010.08.10 02:44:58 | 000,000,000 | ---D | C] -- C:\Users\Besnik\Documents\MAGIX_MusicMakerTechnoEdition2 [2010.08.10 02:44:34 | 000,000,000 | ---D | C] -- C:\ProgramData\MAGIX [2010.08.10 02:44:26 | 000,000,000 | ---D | C] -- C:\Programme\MAGIX [2010.08.10 02:44:12 | 000,000,000 | ---D | C] -- C:\Windows\System32\MAGIX [2010.04.23 17:48:54 | 000,148,736 | ---- | C] (Avanquest Software) -- C:\ProgramData\hpe66BE.dll [6 C:\Windows\System32\*.tmp files -> C:\Windows\System32\*.tmp -> ] [5 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ] [1 C:\Users\Besnik\AppData\Roaming\*.tmp files -> C:\Users\Besnik\AppData\Roaming\*.tmp -> ] ========== Files - Modified Within 30 Days ========== [2010.08.23 16:03:07 | 006,553,600 | -HS- | M] () -- C:\Users\Besnik\NTUSER.DAT [2010.08.23 16:01:04 | 008,008,670 | -H-- | M] () -- C:\Users\Besnik\AppData\Roaming\logs.dat [2010.08.23 15:41:27 | 000,001,096 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job [2010.08.23 15:34:46 | 000,575,488 | ---- | M] (OldTimer Tools) -- C:\Users\Besnik\Desktop\OTL.exe [2010.08.23 10:00:04 | 000,014,016 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0 [2010.08.23 10:00:04 | 000,014,016 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0 [2010.08.23 09:55:25 | 000,001,092 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job [2010.08.23 09:54:55 | 000,000,006 | -H-- | M] () -- C:\Windows\tasks\SA.DAT [2010.08.23 09:54:51 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat [2010.08.23 09:54:37 | 1610,010,624 | -HS- | M] () -- C:\hiberfil.sys [2010.08.22 05:08:36 | 005,410,381 | -H-- | M] () -- C:\Users\Besnik\AppData\Local\IconCache.db [2010.08.21 23:23:15 | 000,001,026 | ---- | M] () -- C:\Users\Public\Desktop\Malwarebytes' Anti-Malware.lnk [2010.08.21 10:56:12 | 001,506,334 | ---- | M] () -- C:\Windows\System32\PerfStringBackup.INI [2010.08.21 10:56:12 | 000,658,508 | ---- | M] () -- C:\Windows\System32\perfh007.dat [2010.08.21 10:56:12 | 000,619,388 | ---- | M] () -- C:\Windows\System32\perfh009.dat [2010.08.21 10:56:12 | 000,131,360 | ---- | M] () -- C:\Windows\System32\perfc007.dat [2010.08.21 10:56:12 | 000,107,708 | ---- | M] () -- C:\Windows\System32\perfc009.dat [2010.08.20 19:22:14 | 000,001,108 | ---- | M] () -- C:\Users\Besnik\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Zotac FireStorm.lnk [2010.08.20 13:59:22 | 001,880,402 | ---- | M] () -- C:\Users\Besnik\Desktop\shirt skull.psd [2010.08.19 14:49:05 | 000,001,096 | ---- | M] () -- C:\Users\Besnik\Desktop\Kane & Lynch - Dog Days.lnk [2010.08.19 14:17:57 | 000,001,415 | ---- | M] () -- C:\Users\Besnik\Desktop\Wheelman.lnk [2010.08.19 05:03:33 | 000,109,080 | ---- | M] (Portions (C) Creative Labs Inc. and NVIDIA Corp.) -- C:\Windows\System32\OpenAL32.dll [2010.08.18 14:03:27 | 000,001,606 | ---- | M] () -- C:\Users\Besnik\Desktop\Assassin's Creed II.lnk [2010.08.18 04:41:34 | 000,002,749 | ---- | M] () -- C:\Users\Public\Desktop\NVIDIA 3D Vision Video Player.lnk [2010.08.18 00:32:10 | 000,001,984 | ---- | M] () -- C:\Users\Besnik\Desktop\ZOTAC FireStorm.lnk [2010.08.17 04:31:28 | 000,212,245 | ---- | M] () -- C:\Users\Besnik\Desktop\New_Forum.jpg [2010.08.13 00:27:50 | 003,870,496 | ---- | M] () -- C:\Windows\System32\FNTCACHE.DAT [2010.08.12 18:30:34 | 003,292,682 | ---- | M] () -- C:\Users\Besnik\Desktop\UffuFF v2.MP3 [2010.08.11 23:35:42 | 000,001,093 | ---- | M] () -- C:\Users\Besnik\Desktop\FileZilla.lnk [2010.08.10 18:25:59 | 000,418,368 | ---- | M] () -- C:\Users\Besnik\Desktop\bg.jpg [2010.08.10 15:02:34 | 000,369,367 | ---- | M] () -- C:\Users\Besnik\Desktop\Unbenannt-1.jpg [2010.08.10 02:54:02 | 000,158,144 | ---- | M] () -- C:\Users\Besnik\AppData\Local\GDIPFONTCACHEV1.DAT [2010.08.10 02:45:24 | 000,006,768 | ---- | M] () -- C:\Windows\mgxoschk.ini [2010.08.10 02:45:12 | 000,001,245 | ---- | M] () -- C:\Users\Public\Desktop\MAGIX Music Maker Techno Edition 2.lnk [2010.08.06 19:10:54 | 003,109,681 | ---- | M] () -- C:\Users\Besnik\Desktop\SAM_0147.JPG [2010.08.06 19:10:28 | 003,055,787 | ---- | M] () -- C:\Users\Besnik\Desktop\SAM_0146.JPG [2010.08.06 00:30:56 | 000,000,132 | ---- | M] () -- C:\Users\Besnik\AppData\Roaming\Adobe Targa Format CS5 Prefs [2010.08.05 22:52:11 | 000,373,952 | ---- | M] () -- C:\Users\Besnik\Desktop\Unbenannt.png [2010.08.03 05:06:27 | 000,158,858 | ---- | M] () -- C:\Users\Besnik\Desktop\wallspace1.jpg [2010.08.02 21:32:01 | 000,058,380 | ---- | M] () -- C:\Users\Besnik\Desktop\logonew.jpg [2010.08.02 17:44:11 | 000,325,040 | ---- | M] () -- C:\Users\Besnik\Desktop\lul.jpg [2010.08.02 01:24:59 | 000,000,132 | ---- | M] () -- C:\Users\Besnik\AppData\Roaming\Adobe PNG Format CS5 Prefs [2010.07.29 08:30:49 | 000,197,632 | ---- | M] (Intel(R) Corporation) -- C:\Windows\System32\ir32_32.dll [2010.07.29 08:30:34 | 000,082,944 | ---- | M] (Radius Inc.) -- C:\Windows\System32\iccvid.dll [2010.07.28 10:49:02 | 037,306,428 | ---- | M] () -- C:\Users\Besnik\Desktop\Demo.psd [2010.07.27 15:18:25 | 000,009,728 | ---- | M] () -- C:\Users\Besnik\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini [2010.07.26 21:59:56 | 000,007,653 | ---- | M] () -- C:\Users\Besnik\AppData\Local\resmon.resmoncfg [2010.07.26 21:56:07 | 000,194,916 | -H-- | M] () -- C:\Windows\System32\mlfcache.dat [6 C:\Windows\System32\*.tmp files -> C:\Windows\System32\*.tmp -> ] [5 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ] [1 C:\Users\Besnik\AppData\Roaming\*.tmp files -> C:\Users\Besnik\AppData\Roaming\*.tmp -> ] ========== Files Created - No Company Name ========== [2010.08.21 23:23:15 | 000,001,026 | ---- | C] () -- C:\Users\Public\Desktop\Malwarebytes' Anti-Malware.lnk [2010.08.20 19:22:13 | 000,001,108 | ---- | C] () -- C:\Users\Besnik\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Zotac FireStorm.lnk [2010.08.20 03:15:07 | 000,034,308 | ---- | C] () -- C:\Users\Besnik\Desktop\Sicheats.dll [2010.08.19 14:49:07 | 000,001,096 | ---- | C] () -- C:\Users\Besnik\Desktop\Kane & Lynch - Dog Days.lnk [2010.08.19 14:17:57 | 000,001,415 | ---- | C] () -- C:\Users\Besnik\Desktop\Wheelman.lnk [2010.08.19 05:36:40 | 000,001,984 | ---- | C] () -- C:\Users\Besnik\Desktop\ZOTAC FireStorm.lnk [2010.08.18 19:23:08 | 000,001,057 | ---- | C] () -- C:\Users\Besnik\Desktop\METRO 2033.lnk [2010.08.18 14:03:06 | 000,001,606 | ---- | C] () -- C:\Users\Besnik\Desktop\Assassin's Creed II.lnk [2010.08.18 04:41:34 | 000,002,749 | ---- | C] () -- C:\Users\Public\Desktop\NVIDIA 3D Vision Video Player.lnk [2010.08.17 04:12:47 | 000,212,245 | ---- | C] () -- C:\Users\Besnik\Desktop\New_Forum.jpg [2010.08.15 13:50:12 | 001,880,402 | ---- | C] () -- C:\Users\Besnik\Desktop\shirt skull.psd [2010.08.12 01:46:11 | 003,292,682 | ---- | C] () -- C:\Users\Besnik\Desktop\UffuFF v2.MP3 [2010.08.11 23:35:42 | 000,001,093 | ---- | C] () -- C:\Users\Besnik\Desktop\FileZilla.lnk [2010.08.10 18:25:57 | 000,418,368 | ---- | C] () -- C:\Users\Besnik\Desktop\bg.jpg [2010.08.10 14:56:56 | 000,369,367 | ---- | C] () -- C:\Users\Besnik\Desktop\Unbenannt-1.jpg [2010.08.10 02:45:16 | 000,049,152 | ---- | C] () -- C:\Windows\System32\mgxasio2.dll [2010.08.10 02:45:16 | 000,014,182 | ---- | C] () -- C:\Windows\System32\DLLAV32.lib [2010.08.10 02:45:12 | 000,001,245 | ---- | C] () -- C:\Users\Public\Desktop\MAGIX Music Maker Techno Edition 2.lnk [2010.08.10 02:44:26 | 000,120,200 | ---- | C] () -- C:\Windows\System32\DLLDEV32i.dll [2010.08.10 02:44:12 | 000,006,768 | ---- | C] () -- C:\Windows\mgxoschk.ini [2010.08.06 19:10:33 | 003,109,681 | ---- | C] () -- C:\Users\Besnik\Desktop\SAM_0147.JPG [2010.08.06 19:10:05 | 003,055,787 | ---- | C] () -- C:\Users\Besnik\Desktop\SAM_0146.JPG [2010.08.05 22:52:10 | 000,373,952 | ---- | C] () -- C:\Users\Besnik\Desktop\Unbenannt.png [2010.08.02 21:24:38 | 000,058,380 | ---- | C] () -- C:\Users\Besnik\Desktop\logonew.jpg [2010.08.02 17:44:09 | 000,325,040 | ---- | C] () -- C:\Users\Besnik\Desktop\lul.jpg [2010.08.02 01:49:34 | 000,158,858 | ---- | C] () -- C:\Users\Besnik\Desktop\wallspace1.jpg [2010.07.27 16:05:16 | 037,306,428 | ---- | C] () -- C:\Users\Besnik\Desktop\Demo.psd [2010.06.29 18:18:03 | 000,017,841 | ---- | C] () -- C:\Users\Besnik\AppData\Roaming\UserTile.png [2010.06.28 11:58:44 | 001,970,176 | ---- | C] () -- C:\Windows\System32\d3dx9.dll [2010.06.23 23:28:24 | 000,007,653 | ---- | C] () -- C:\Users\Besnik\AppData\Local\resmon.resmoncfg [2010.06.21 22:44:14 | 000,000,003 | ---- | C] () -- C:\Windows\treeskp.sys [2010.06.07 16:21:02 | 000,000,038 | ---- | C] () -- C:\Windows\avisplitter.ini [2010.06.07 16:21:01 | 000,881,664 | ---- | C] () -- C:\Windows\System32\xvidcore.dll [2010.06.07 16:21:01 | 000,205,824 | ---- | C] () -- C:\Windows\System32\xvidvfw.dll [2010.06.07 16:21:01 | 000,108,032 | ---- | C] () -- C:\Windows\System32\ff_vfw.dll [2010.06.07 16:21:01 | 000,000,547 | ---- | C] () -- C:\Windows\System32\ff_vfw.dll.manifest [2010.06.07 15:26:56 | 000,000,088 | ---- | C] () -- C:\Windows\StyleBuilder.INI [2010.06.07 13:39:15 | 000,000,051 | ---- | C] () -- C:\Windows\mix-fx.ini [2010.05.31 03:37:35 | 000,053,760 | ---- | C] () -- C:\Windows\System32\gac.dll [2010.05.31 03:37:35 | 000,003,584 | ---- | C] () -- C:\Windows\System32\klipxm32.dll [2010.05.17 23:11:49 | 000,110,080 | ---- | C] () -- C:\Users\Besnik\AppData\Roaming\smss.exe [2010.05.12 20:51:31 | 000,001,456 | ---- | C] () -- C:\Users\Besnik\AppData\Local\Adobe Für Web speichern 12.0 Prefs [2010.05.12 00:12:06 | 000,000,132 | ---- | C] () -- C:\Users\Besnik\AppData\Roaming\Adobe Targa Format CS5 Prefs [2010.05.11 17:20:46 | 000,000,132 | ---- | C] () -- C:\Users\Besnik\AppData\Roaming\Adobe PNG Format CS5 Prefs [2010.05.01 02:02:09 | 000,009,728 | ---- | C] () -- C:\Users\Besnik\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini [2010.04.14 17:01:07 | 000,000,000 | ---- | C] () -- C:\Users\Besnik\AppData\Roaming\Stardockfences_debug_snapshot.dat [2010.04.02 17:17:34 | 000,179,091 | ---- | C] () -- C:\Windows\System32\xlive.dll.cat [2010.03.07 19:49:16 | 000,000,120 | ---- | C] () -- C:\Windows\disney.ini [2010.01.30 19:37:44 | 000,278,984 | ---- | C] () -- C:\Windows\System32\drivers\atksgt.sys [2010.01.30 19:37:43 | 000,025,888 | ---- | C] () -- C:\Windows\System32\drivers\lirsgt.sys [2010.01.16 04:32:03 | 000,165,376 | ---- | C] () -- C:\Windows\System32\unrar.dll [2010.01.04 00:08:16 | 000,138,184 | ---- | C] () -- C:\Windows\System32\drivers\PnkBstrK.sys [2009.12.03 09:27:28 | 000,080,416 | ---- | C] () -- C:\Windows\System32\RtNicProp32.dll [2009.07.14 01:51:43 | 000,073,728 | ---- | C] () -- C:\Windows\System32\BthpanContextHandler.dll [2009.07.14 01:42:10 | 000,064,000 | ---- | C] () -- C:\Windows\System32\BWContextHandler.dll [2009.04.03 14:10:04 | 007,262,208 | ---- | C] () -- C:\Windows\System32\tliadjust32.dll [2006.05.09 10:46:04 | 008,008,670 | -H-- | C] () -- C:\Users\Besnik\AppData\Roaming\logs.dat [2005.04.08 11:46:18 | 000,162,176 | ---- | C] () -- C:\Windows\System32\drivers\pfc027.sys [2005.01.25 16:15:42 | 000,010,240 | ---- | C] () -- C:\Windows\System32\PA207Usd.dll < End of report > ---------------- Extras.Txt OTL Logfile: Code:
ATTFilter OTL Extras logfile created on: 23.08.2010 15:59:08 - Run 1 OTL by OldTimer - Version 3.2.10.0 Folder = C:\Users\Besnik\Desktop Ultimate Edition (Version = 6.1.7600) - Type = NTWorkstation Internet Explorer (Version = 8.0.7600.16385) Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy 2,00 Gb Total Physical Memory | 1,00 Gb Available Physical Memory | 75,00% Memory free 4,00 Gb Paging File | 3,00 Gb Available in Paging File | 78,00% Paging File free Paging file location(s): ?:\pagefile.sys [binary data] %SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files Drive C: | 286,09 Gb Total Space | 6,15 Gb Free Space | 2,15% Space Free | Partition Type: NTFS D: Drive not present or media not loaded Drive E: | 127,99 Gb Total Space | 53,28 Gb Free Space | 41,63% Space Free | Partition Type: NTFS F: Drive not present or media not loaded G: Drive not present or media not loaded H: Drive not present or media not loaded I: Drive not present or media not loaded Computer Name: SPLAX Current User Name: Besnik Logged in as Administrator. Current Boot Mode: Normal Scan Mode: Current user Company Name Whitelist: Off Skip Microsoft Files: Off File Age = 30 Days Output = Minimal ========== Extra Registry (SafeList) ========== ========== File Associations ========== [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>] .cpl [@ = cplfile] -- C:\Windows\System32\control.exe (Microsoft Corporation) .hlp [@ = hlpfile] -- C:\Windows\winhlp32.exe (Microsoft Corporation) ========== Shell Spawning ========== [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command] batfile [open] -- "%1" %* cmdfile [open] -- "%1" %* comfile [open] -- "%1" %* cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation) exefile [open] -- "%1" %* helpfile [open] -- Reg Error: Key error. hlpfile [open] -- %SystemRoot%\winhlp32.exe %1 (Microsoft Corporation) htmlfile [edit] -- "C:\Program Files\Microsoft Office\Office14\msohtmed.exe" %1 (Microsoft Corporation) inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation) piffile [open] -- "%1" %* regfile [merge] -- Reg Error: Key error. scrfile [config] -- "%1" scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l (Microsoft Corporation) scrfile [open] -- "%1" /S txtfile [edit] -- Reg Error: Key error. Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1 Directory [AddToPlaylistVLC] -- "C:\Program Files\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" () Directory [Bridge] -- C:\Program Files\Adobe\Adobe Bridge CS5\Bridge.exe "%L" (Adobe Systems, Inc.) Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation) Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation) Directory [PlayWithVLC] -- "C:\Program Files\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" () Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation) Folder [explore] -- Reg Error: Value error. Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation) ========== Security Center Settings ========== [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center] "cval" = 1 [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc] "VistaSp1" = Reg Error: Unknown registry data type -- File not found "AntiVirusOverride" = 0 "AntiSpywareOverride" = 0 "FirewallOverride" = 0 [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol] [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile] "DisableNotifications" = 0 "EnableFirewall" = 1 "DefaultInboundAction" = 1 "DefaultOutboundAction" = 0 "DisableUnicastResponsesToMulticastBroadcast" = 0 [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile] "DisableNotifications" = 0 "EnableFirewall" = 1 "DefaultInboundAction" = 1 "DefaultOutboundAction" = 0 ========== Authorized Applications List ========== ========== HKEY_LOCAL_MACHINE Uninstall List ========== [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall] "{002D9D5E-29BA-3E6D-9BC4-3D7D6DBC735C}" = Microsoft Visual C++ 2008 ATL Update kb973924 - x86 9.0.30729.4148 "{033E378E-6AD3-4AD5-BDEB-CBD69B31046C}" = Microsoft_VC90_ATL_x86 "{038A524F-58DB-438A-8391-8F7F0CA14B9E}" = Microsoft® Winter Fun Pack 2004 for Windows® XP "{048298C9-A4D3-490B-9FF9-AB023A9238F3}" = Steam(TM) "{0777E8B0-0BC4-4802-A6AA-0992716C78FD}" = Topaz Adjust 4 "{088B7BF8-AC95-4348-B77B-619AEB3A74A5}" = VideoCAM GF112 "{08D2E121-7F6A-43EB-97FD-629B44903403}" = Microsoft_VC90_CRT_x86 "{09C468CA-2940-466A-AAE8-DCC0C6E9323C}" = Nokia Software Updater "{0F3647F8-E51D-4FCC-8862-9A8D0C5ACF25}" = Microsoft_VC80_ATL_x86 "{10CD364B-FFCC-48BE-B469-B9622A033075}" = Fences "{11202615-E557-4ECF-9B86-F59C81E52909}" = FIFA 10 "{1B9B5B3B-28E7-4E59-A80D-D670AA984514}" = Nokia Connectivity Cable Driver "{1BBD8D70-721A-41AD-AC8F-7308A0C8FA92}" = Adobe Creative Suite 5 Master Collection "{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 "{20140000-0015-0409-0000-0000000FF1CE}" = Microsoft Office Access MUI (English) 2010 (Beta) "{20140000-0016-0409-0000-0000000FF1CE}" = Microsoft Office Excel MUI (English) 2010 (Beta) "{20140000-0018-0409-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (English) 2010 (Beta) "{20140000-0019-0409-0000-0000000FF1CE}" = Microsoft Office Publisher MUI (English) 2010 (Beta) "{20140000-001A-0409-0000-0000000FF1CE}" = Microsoft Office Outlook MUI (English) 2010 (Beta) "{20140000-001B-0409-0000-0000000FF1CE}" = Microsoft Office Word MUI (English) 2010 (Beta) "{20140000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2010 (Beta) "{20140000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2010 (Beta) "{20140000-001F-0C0A-0000-0000000FF1CE}" = Microsoft Office Proof (Spanish) 2010 (Beta) "{20140000-002C-0409-0000-0000000FF1CE}" = Microsoft Office Proofing (English) 2010 (Beta) "{20140000-003D-0000-0000-0000000FF1CE}" = Microsoft Office Single Image 2010 (Beta) "{20140000-006E-0409-0000-0000000FF1CE}" = Microsoft Office Shared MUI (English) 2010 (Beta) "{20140000-00A1-0409-0000-0000000FF1CE}" = Microsoft Office OneNote MUI (English) 2010 (Beta) "{20140000-0115-0409-0000-0000000FF1CE}" = Microsoft Office Shared Setup Metadata MUI (English) 2010 (Beta) "{20140000-0117-0409-0000-0000000FF1CE}" = Microsoft Office Access Setup Metadata MUI (English) 2010 (Beta) "{205C6BDD-7B73-42DE-8505-9A093F35A238}" = Windows Live-Uploadtool "{22B775E7-6C42-4FC5-8E10-9A5E3257BD94}" = MSVCRT "{25140000-0048-0409-0000-0000000FF1CE}" = Microsoft Outlook Hotmail Connector 32-bit (Beta) "{26A24AE4-039D-4CA4-87B4-2F83216015FF}" = Java(TM) 6 Update 15 "{28526951-55EF-4901-A0CA-B9AC966D1DD1}" = Split/Second "{2C14901F-ED9D-40B5-8FE5-1BAF3D31F73B}" = ColdFear "{2D0B560E-493A-47EE-9132-6A47A44A437F}" = DARK VOID "{2FFE93F0-BB72-4E52-8761-354D1AAA9387}" = Sony Ericsson PC Suite 6.011.00 "{3175E049-F9A9-4A3D-8F19-AC9FB04514D1}" = Windows Live Communications Platform "{33BC9D7E-E790-495E-A4EA-CFB160C17A91}" = Logitech Gaming Software 5.08 "{3604BFF4-6EC8-44D6-B147-92C2D642FEDE}" = Wheelman "{39F6E2B4-CFE8-C30A-66E8-489651F0F34C}" = Adobe Media Player "{3AC8457C-0385-4BEA-A959-E095F05D6D67}" = Battlefield: Bad Company™ 2 "{3C3901C5-3455-3E0A-A214-0B093A5070A6}" = Microsoft .NET Framework 4 Client Profile "{3D3E663D-4E7E-4577-A560-7ECDDD45548A}" = PVSonyDll "{406FB8A4-F539-48A9-809C-F94706F9C9F6}_is1" = S.T.A.L.K.E.R. - Call of Pripyat [v1.6.02] "{47609E69-4C5E-48B1-A889-24C6B82B5C04}" = Vista Shortcut Manager "{4E1CD3D5-D4EE-4246-AE24-F0FD5A60390D}" = OviMPlatform "{4FFD1AB4-54F0-4069-88D9-3A55B38F874B}" = Nokia Ovi Suite Software Updater "{52B97218-98CB-4B8B-9283-D213C85E1AA4}" = Windows Live Anmelde-Assistent "{52D1D62C-FEAB-4580-849E-1DB624BADBBD}" = DiRT2 "{5396FBD8-8BD7-47F9-92AE-F62F13D5A11D}" = NETGEAR WG111v3 wireless USB 2.0 adapter "{586509F0-350D-48B5-B763-9CC2F8D96C4C}" = Windows Live Sync "{59359B3D-ABE7-46BF-AB55-43B67A64DC68}" = Nokia MTP driver "{594F6A23-9FF2-4D03-8761-97483E55CE79}" = NVIDIA 3D Vision Video Player "{59ABBDF0-E1E5-48AF-85FB-F523A08C3490}" = STREET FIGHTER IV "{5A0B7BA5-4682-4273-81C2-69B17E649103}" = GRID "{5E684419-44E3-46EE-A43C-A60082CBF4EC}" = Topaz Adjust 3 "{5EE7D259-D137-4438-9A5F-42F432EC0421}" = VC80CRTRedist - 8.0.50727.4053 "{60DED9C2-22BF-47A3-B6C8-6B141BA31DFD}" = Ovi Desktop Sync Engine "{635FED5B-2C6D-49BE-87E6-7A6FCD22BC5A}" = Microsoft_VC90_MFC_x86 "{6956856F-B6B3-4BE0-BA0B-8F495BE32033}" = Apple Software Update "{6D3245B1-8DB8-4A23-9CD2-2C90F40ABAF6}" = MSVC80_x86_v2 "{6D8DDB4A-C263-40DE-BA16-AFDAD159D59A}" = Tom Clancy's Splinter Cell Conviction "{6E9EF98E-259E-416D-B5F8-0ABDB99942CE}" = Adobe Flash Player 10 ActiveX "{7299052b-02a4-4627-81f2-1818da5d550d}" = Microsoft Visual C++ 2005 Redistributable "{770657D0-A123-3C07-8E44-1C83EC895118}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053 "{7B63B2922B174135AFC0E1377DD81EC2}" = "{7E19B002-4CA3-4C9F-BA92-91D101B97219}" = James Cameron's AVATAR(tm): DAS SPIEL "{837b34e3-7c30-493c-8f6a-2b0f04e2912c}" = Microsoft Visual C++ 2005 Redistributable "{850C7BD3-9F3F-46AD-9396-E7985B38C55E}" = Windows Live Fotogalerie "{8570BEE8-0CA3-4977-9AB1-80ED93F0513C}" = Assassin's Creed II "{888F1505-C2B3-4FDE-835D-36353EBD4754}" = Ubisoft Game Launcher "{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight "{8A7CAA24-7B23-410B-A7C3-F994B0944160}" = Microsoft Virtual PC 2007 "{8A809006-C25A-4A3A-9DAB-94659BCDB107}" = NVIDIA PhysX "{8FB1B528-E260-451E-9B55-E9152F94B80B}" = Microsoft Games for Windows - LIVE Redistributable "{904CCF62-818D-4675-BC76-D37EB399F917}" = Windows Mobile-Gerätecenter "{92D58719-BBC1-4CC3-A08B-56C9E884CC2C}" = Microsoft_VC80_CRT_x86 "{9322A850-9091-4D0E-B252-3E82EDA3D94A}" = Prototype(TM) "{95120000-00B9-0409-0000-0000000FF1CE}" = Microsoft Application Error Reporting "{9580813D-94B1-4C28-9426-A441E2BB29A5}" = Counter-Strike: Source "{96E94E18-54D6-42C1-8FC4-24DACEDC3395}" = Nokia NSeries System Utilities "{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 "{9E1BAB75-EB78-440D-94C0-A3857BE2E733}" = System Requirements Lab "{9FD6F1A8-5550-46AF-8509-271DF0E768B5}" = Dual-Core Optimizer "{9FDC7042-CB9F-4336-A14C-DF10F53762E2}" = Topaz Adjust 4 "{A2BCA9F1-566C-4805-97D1-7FDC93386723}" = Adobe AIR "{A7496F46-78AE-4DB2-BCF5-95F210FA6F96}" = Windows Live Movie Maker "{A78FE97A-C0C8-49CE-89D0-EDD524A17392}" = PDF Settings CS5 "{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper "{A93944F2-D2D4-4750-BFE7-9A288FEAF2CF}" = Apple Application Support "{AC76BA86-7AD7-1031-7B44-A93000000001}" = Adobe Reader 9.3.3 - Deutsch "{AED2DD42-9853-407E-A6BC-8A1D6B715909}" = Windows Live Messenger "{AEDBD563-24BB-4EE3-8366-A654DAC2D988}" = Mirror's Edge™ "{AF111648-99A1-453E-81DD-80DBBF6DAD0D}" = MSVC90_x86 "{AFDF950D-3814-4F98-B66F-8C286A69F405}" = Windows Style Builder "{B3783869-5D14-4838-A042-910DF816D070}" = Xara3D6 "{C05D8CDB-417D-4335-A38C-A0659EDFD6B8}" = Die*Sims™*3 "{CAFA57E8-8927-4912-AFCF-B0AA3837E989}" = Windows Live Essentials "{D1A19B02-817E-4296-A45B-07853FD74D57}" = Microsoft_VC80_MFC_x86 "{D2041A37-5FEC-49F0-AE5C-3F2FFDFAA4F4}" = Windows Live Call "{D92BBB52-82FF-42ED-8A3C-4E062F944AB7}" = Microsoft_VC80_MFCLOC_x86 "{DCD22647-6D31-479D-8F97-16D0AA934D9E}" = PC Connectivity Solution "{DEE1E2E5-B553-4F88-9DE7-23CBEA5D739C}" = Nokia Ovi Suite "{E3E71D07-CD27-46CB-8448-16D4FB29AA13}" = Microsoft WSE 3.0 Runtime "{E47DD6CF-B409-4F00-9D14-6B145F678C13}" = Revemu 0.95 "{E6D22FE1-AB5F-42CA-9480-6F70B96DDD88}" = Need for Speed™ Undercover "{EAEAAF8C-8E86-4CAC-AC08-1A33EDCA34AC}" = Prince of Persia The Forgotten Sands™ "{EAFEF30E-3789-49C7-A6D9-77C12E005BAC}" = Safari "{EB9D4747-99A9-422C-AEEF-5240F4AE4ABF}" = MFB-MyspaceFriendBomber "{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}" = Microsoft SQL Server 2005 Compact Edition [ENU] "{F0E12BBA-AD66-4022-A453-A1C8A0C4D570}" = Microsoft Choice Guard "{F750C986-5310-3A5A-95F8-4EC71C8AC01C}" = Microsoft .NET Framework 4 Client Profile DEU Language Pack "{F779EC8D-6703-4C4A-817C-37B07898E647}" = Nokia NSeries Content Copier "{F97E3841-CA9D-4964-9D64-26066241D26F}" = Microsoft Games for Windows - LIVE "{FD349381-D79C-4E5C-8980-015DFFB962D5}" = Nokia NSeries Application Installer "{FF66E9F6-83E7-3A3E-AF14-8DE9A809A6A4}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022 "504244733D18C8F63FF584AEB290E3904E791693" = Windows-Treiberpaket - Nokia pccsmcfd (08/22/2008 7.0.0.0) "7-Zip" = 7-Zip 9.15 beta "Adobe AIR" = Adobe AIR "Adobe Flash Player Plugin" = Adobe Flash Player 10 Plugin "Adobe Shockwave Player" = Adobe Shockwave Player 11.5 "Akamai" = Akamai NetSession Interface "Antares Autotune VST RTAS TDM_is1" = Antares Autotune VST RTAS TDM v5.08 "ASIO4ALL" = ASIO4ALL "BitComet" = BitComet 1.20 "Cheat Engine 5.6_is1" = Cheat Engine 5.6 "Collab" = Collab "com.adobe.amp.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1" = Adobe Media Player "DivX Plus DirectShow Filters" = DivX Plus DirectShow Filters "DivX Setup.divx.com" = DivX-Setup "Driver Genius Professional Edition_is1" = Driver Genius Professional Edition "Driving Simulator 2009_is1" = Driving Simulator 2009 Version 1.12 "Eye Candy 4000" = Eye Candy 4000 "Fences" = Fences "FL Studio 8" = FL Studio 8 "FUSSBALL MANAGER 10" = FUSSBALL MANAGER 10 "IL Download Manager" = IL Download Manager "InstallShield_{088B7BF8-AC95-4348-B77B-619AEB3A74A5}" = VideoCAM GF112 "InstallShield_{5396FBD8-8BD7-47F9-92AE-F62F13D5A11D}" = NETGEAR WG111v3 wireless USB 2.0 adapter "InstallShield_{9322A850-9091-4D0E-B252-3E82EDA3D94A}" = Prototype(TM) "JDownloader" = JDownloader "Just Cause 2_is1" = Just Cause 2 "KLiteCodecPack_is1" = K-Lite Codec Pack 6.0.0 (Full) "MAGIX Music Maker Techno Edition 2 D" = MAGIX Music Maker Techno Edition 2 4.0.0.10 (D) "Malwarebytes' Anti-Malware_is1" = Malwarebytes' Anti-Malware "Messenger Plus! Live" = Messenger Plus! Live "Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile "Microsoft .NET Framework 4 Client Profile DEU Language Pack" = Microsoft .NET Framework 4 Client Profile DEU Language Pack "Mozilla Firefox (3.6.6)" = Mozilla Firefox (3.6.6) "Nokia Ovi Suite" = Nokia Ovi Suite "NVIDIA Display Control Panel" = NVIDIA Display Control Panel "NVIDIA Drivers" = NVIDIA Drivers "NVIDIAStereo" = NVIDIA Stereoscopic 3D Driver "Office14.SingleImage" = Microsoft Office Professional 2010 "OpenAL" = OpenAL "pcsx2-r3113" = PCSX2 - Playstation 2 Emulator "PlaidMaker Plus" = PlaidMaker Plus "PoiZone" = PoiZone "Source Violence Patch 1.5 BETA v2_is1" = Source Violence Patch 1.5 BETA "Steam App 10190" = Call of Duty: Modern Warfare 2 - Multiplayer "Steam App 211" = Source SDK "Steam App 260" = Counter-Strike: Source Beta "Steam App 440" = Team Fortress 2 "Steam App 50280" = Mafia II - Demo "Steamless Left4Dead2 Pack" = Steamless Left4Dead2 Pack "Toxic Biohazard" = Toxic Biohazard "VLC media player" = VLC media player 1.1.2 "WinLiveSuite_Wave3" = Windows Live Essentials "WinRAR archiver" = WinRAR "Wubi" = Ubuntu "ZDFmediathek_is1" = ZDFmediathek Version 2.1.5 "ZOTAC FireStorm" = ZOTAC FireStorm ========== HKEY_CURRENT_USER Uninstall List ========== [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall] "Facebook Plug-In" = Facebook Plug-In "FileZilla Client" = FileZilla Client 3.3.2 ========== Last 10 Event Log Errors ========== Error reading Event Logs: The Event Service is not operating properly or the Event Logs are corrupt! < End of report > --- Hoffe ich habe alles richtig gemacht :S |
23.08.2010, 17:13 | #4 |
/// Winkelfunktion /// TB-Süch-Tiger™ | 18 Infizierte dateien/viren, löschen gefährlich? (Logfile dabei) Ok, ich würd folgendes vorschlagen: 1.) Malwarebytes deinstallieren 2.) Setupdatei von Malwarebytes mit zufälligem Namen herunterladen und installieren 3.) Update der Signaturen (Datenbank) machen 4.) Vollscan nochmal probieren
__________________ Logfiles bitte immer in CODE-Tags posten |
23.08.2010, 18:25 | #5 |
| 18 Infizierte dateien/viren, löschen gefährlich? (Logfile dabei) habe es deinstalliert danach neugestartet, und mit zufälligem Namen Installiert + Update... es bleibt immer hängen wen er das durchsucht: C:\$WINDOWS.~Q\DATA\Besnik\AppData\Local\WebpageIcons.db Für mich ein komischer Pfad:S |
23.08.2010, 19:24 | #6 |
/// Winkelfunktion /// TB-Süch-Tiger™ | 18 Infizierte dateien/viren, löschen gefährlich? (Logfile dabei) Hast Du mal Windows aus einer bestehenden Installation aktualisiert? Also sowas wie Upgrade von XP auf Vista ohne format c:? Scheint so. => What Are the $INPLACE.~TR and $WINDOWS.~Q Folders and Can I Delete Them? - How-To Geek Mach mal ne Datenträgerbereinigung und lösche die Ordner, die beim Upgrade angelegt wurden.
__________________ --> 18 Infizierte dateien/viren, löschen gefährlich? (Logfile dabei) |
Themen zu 18 Infizierte dateien/viren, löschen gefährlich? (Logfile dabei) |
anti, anti-malware, appdata, bifrose.trace, components, dateien, entfernen, ergebnis, explorer, frage, gefährlich, gefährlich?, generic.bot.h, heuristics.shuriken, infizierte, infizierte dateien, local\temp, logdatei, löschen, malwarebytelog, malwarebytes, microsoft, problem, programm, roaming, server.exe, setup, software, system, system32, temp, trojan.backdoor, trojan.delf, trojan.fakealert, virus |