| |
| |||||||
Plagegeister aller Art und deren Bekämpfung: AntiMalwareDoctor - Auch ich habe ihnWindows 7 Wenn Du nicht sicher bist, ob Du dir Malware oder Trojaner eingefangen hast, erstelle hier ein Thema. Ein Experte wird sich mit weiteren Anweisungen melden und Dir helfen die Malware zu entfernen oder Unerwünschte Software zu deinstallieren bzw. zu löschen. Bitte schildere dein Problem so genau wie möglich. Sollte es ein Trojaner oder Viren Problem sein wird ein Experte Dir bei der Beseitigug der Infektion helfen. |
 |
31.08.2010, 13:14
| #1 | |||
| Administrator |  AntiMalwareDoctor - Auch ich habe ihn Hallo Forum, zunächst einmal sorry für dieses Thema, der o.g. Schädling scheint weit verbreitet zu sein... Ich habe Win7 und befinde mich im Abgesicherten Modus. Im "Normalen" Modus erhalte ich nach ca 5 Sekunden Popups vom Schädling und kann meinen Rechner nur noch via Netzschalter runterfahren. Bisher habe ich SUPERAntiSpyware (drei Stunden lang) laufen lassen, hier das Log file: Zitat:
Danke schon mal & Gruß greg So, ich habe jetzt mal "load.exe" nach der Anleitung laufen lassen. Hier das Ergebnis mit drei Files: Log vom MBAM: Zitat:
OTL Logfile: Code:
ATTFilter OTL logfile created on: 31.08.2010 14:49:16 - Run 1 OTL by OldTimer - Version 3.2.11.0 Folder = C:\Users\***\Desktop\MFTools 64bit- Home Premium Edition (Version = 6.1.7600) - Type = NTWorkstation Internet Explorer (Version = 8.0.7600.16385) Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy 6,00 Gb Total Physical Memory | 5,00 Gb Available Physical Memory | 87,00% Memory free 12,00 Gb Paging File | 11,00 Gb Available in Paging File | 94,00% Paging File free Paging file location(s): ?:\pagefile.sys [binary data] %SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86) Drive C: | 457,95 Gb Total Space | 366,17 Gb Free Space | 79,96% Space Free | Partition Type: NTFS Drive D: | 458,46 Gb Total Space | 281,13 Gb Free Space | 61,32% Space Free | Partition Type: NTFS E: Drive not present or media not loaded F: Drive not present or media not loaded G: Drive not present or media not loaded H: Drive not present or media not loaded I: Drive not present or media not loaded Computer Name: PB Current User Name: *** Logged in as Administrator. Current Boot Mode: SafeMode Scan Mode: Current user Include 64bit Scans Company Name Whitelist: On Skip Microsoft Files: On File Age = 90 Days Output = Standard Quick Scan ========== Processes (SafeList) ========== PRC - [2010.08.31 14:20:22 | 000,574,976 | ---- | M] (OldTimer Tools) -- C:\Users\***\Desktop\MFTools\OTL.exe PRC - [2009.11.10 10:45:32 | 000,057,616 | ---- | M] (Ipswitch) -- C:\Programme\WS_FTP\WsftpCOMHelper.exe ========== Modules (SafeList) ========== MOD - [2010.08.31 14:20:22 | 000,574,976 | ---- | M] (OldTimer Tools) -- C:\Users\***\Desktop\MFTools\OTL.exe MOD - [2009.07.14 03:14:10 | 000,095,232 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWOW64\msscript.ocx MOD - [2009.07.14 03:03:50 | 001,680,896 | ---- | M] (Microsoft Corporation) -- C:\Windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7600.16385_none_421189da2b7fabfc\comctl32.dll ========== Win32 Services (SafeList) ========== SRV:64bit: - [2010.06.29 19:49:27 | 000,128,752 | ---- | M] (SUPERAntiSpyware.com) [Auto | Running] -- C:\Program Files\SUPERAntiSpyware\SASCORE64.EXE -- (!SASCORE) SRV:64bit: - [2010.01.29 15:56:11 | 001,038,088 | ---- | M] (Acresso Software Inc.) [On_Demand | Stopped] -- C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService64.exe -- (FLEXnet Licensing Service 64) SRV:64bit: - [2009.02.09 15:46:18 | 000,264,704 | ---- | M] () [Auto | Stopped] -- C:\Windows\SysNative\U2VSvr.exe -- (U2VSvr) SRV - [2010.08.24 06:43:29 | 002,854,488 | ---- | M] () [Auto | Stopped] -- c:\program files (x86)\common files\akamai\rswin_3745.dll -- (Akamai) SRV - [2010.07.28 13:47:00 | 000,030,192 | ---- | M] (Google) [On_Demand | Stopped] -- C:\Program Files (x86)\Google\Google Desktop Search\GoogleDesktop.exe -- (GoogleDesktopManager-051210-111108) SRV - [2010.06.10 21:03:08 | 000,144,176 | ---- | M] (Apple Inc.) [Auto | Stopped] -- C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe -- (Apple Mobile Device) SRV - [2010.03.18 14:27:14 | 000,138,576 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe -- (clr_optimization_v4.0.30319_64) SRV - [2010.03.18 13:16:28 | 000,130,384 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -- (clr_optimization_v4.0.30319_32) SRV - [2010.01.29 15:54:16 | 000,655,624 | ---- | M] (Acresso Software Inc.) [On_Demand | Stopped] -- C:\Program Files (x86)\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe -- (FLEXnet Licensing Service) SRV - [2010.01.08 01:51:02 | 000,380,928 | ---- | M] (Spigot, Inc.) [Auto | Stopped] -- C:\Program Files (x86)\Application Updater\ApplicationUpdater.exe -- (Application Updater) SRV - [2009.09.29 17:18:42 | 000,809,736 | ---- | M] (ABBYY) [Auto | Stopped] -- C:\Program Files (x86)\Common Files\ABBYY\FineReader\10.00\Licensing\PE\NetworkLicenseServer.exe -- (ABBYY.Licensing.FineReader.Professional.10.0) SRV - [2009.07.21 14:34:28 | 000,185,089 | ---- | M] (Avira GmbH) [Auto | Stopped] -- C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe -- (AntiVirService) SRV - [2009.07.04 03:47:12 | 000,240,160 | ---- | M] (Acer) [Auto | Stopped] -- C:\Programme\Packard Bell\Packard Bell Updater\UpdaterService.exe -- (Updater Service) SRV - [2009.06.04 22:48:00 | 000,935,208 | ---- | M] (Nero AG) [Auto | Stopped] -- C:\Program Files (x86)\Common Files\Nero\Nero BackItUp 4\NBService.exe -- (Nero BackItUp Scheduler 4.0) SRV - [2009.06.04 15:04:50 | 001,150,496 | ---- | M] (Acer Incorporated) [Auto | Stopped] -- C:\Program Files (x86)\Packard Bell\Registration\GregHSRW.exe -- (Greg_Service) SRV - [2009.05.13 16:48:18 | 000,108,289 | ---- | M] (Avira GmbH) [Auto | Stopped] -- C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe -- (AntiVirSchedulerService) SRV - [2009.02.03 23:53:00 | 001,155,072 | ---- | M] (MAGIX AG) [Unknown | Stopped] -- C:\Program Files (x86)\Common Files\MAGIX Services\Database\bin\FABS.exe -- (Fabs) SRV - [2008.12.08 15:16:56 | 000,169,312 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- c:\Program Files (x86)\Adobe\Photoshop Elements 7.0\PhotoshopElementsFileAgent.exe -- (AdobeActiveFileMonitor7.0) SRV - [2008.08.15 06:46:20 | 000,284,016 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\Program Files (x86)\Common Files\Adobe\Adobe Version Cue CS4\Server\bin\VersionCueCS4.exe -- (Adobe Version Cue CS4) SRV - [2008.08.07 19:10:02 | 003,276,800 | ---- | M] (MAGIX®) [On_Demand | Stopped] -- C:\Program Files (x86)\Common Files\MAGIX Services\Database\bin\fbserver.exe -- (FirebirdServerMAGIXInstance) SRV - [2007.05.31 17:11:54 | 000,443,784 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\WindowsMobile\wcescomm.dll -- (WcesComm) SRV - [2007.05.31 17:11:46 | 000,225,672 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\WindowsMobile\rapimgr.dll -- (RapiMgr) SRV - [2003.06.20 00:25:00 | 000,322,120 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Program Files (x86)\Common Files\Microsoft Shared\VS7Debug\mdm.exe -- (MDM) ========== Driver Services (SafeList) ========== DRV:64bit: - [2010.06.10 01:01:10 | 000,055,856 | ---- | M] (Sonic Solutions) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\PxHlpa64.sys -- (PxHlpa64) DRV:64bit: - [2010.04.19 20:47:42 | 000,050,688 | ---- | M] (Apple, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\usbaapl64.sys -- (USBAAPL64) DRV:64bit: - [2009.11.25 12:19:02 | 000,074,880 | ---- | M] (Avira GmbH) [File_System | Auto | Stopped] -- C:\Windows\SysNative\drivers\avgntflt.sys -- (avgntflt) DRV:64bit: - [2009.11.12 06:14:28 | 000,084,584 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\nvhda64v.sys -- (NVHDA) DRV:64bit: - [2009.07.14 18:46:48 | 001,708,800 | ---- | M] (Hauppauge Computer Works) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\HCW85BDA.sys -- (HCW85BDA) DRV:64bit: - [2009.07.14 03:52:21 | 000,106,576 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\amdsata.sys -- (amdsata) DRV:64bit: - [2009.07.14 03:52:21 | 000,028,752 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\amdxata.sys -- (amdxata) DRV:64bit: - [2009.07.14 03:52:20 | 000,194,128 | ---- | M] (AMD Technologies Inc.) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\amdsbs.sys -- (amdsbs) DRV:64bit: - [2009.07.14 03:48:04 | 000,065,600 | ---- | M] (LSI Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\lsi_sas2.sys -- (LSI_SAS2) DRV:64bit: - [2009.07.14 03:47:48 | 000,077,888 | ---- | M] (Hewlett-Packard Company) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\HpSAMD.sys -- (HpSAMD) DRV:64bit: - [2009.07.14 03:45:55 | 000,024,656 | ---- | M] (Promise Technology) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\stexstor.sys -- (stexstor) DRV:64bit: - [2009.07.14 02:09:50 | 000,019,968 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\usb8023x.sys -- (usb_rndisx) DRV:64bit: - [2009.06.22 05:05:58 | 000,273,072 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\e1k62x64.sys -- (e1kexpress) Intel(R) DRV:64bit: - [2009.06.10 22:38:56 | 000,000,308 | ---- | M] () [File_System | On_Demand | Running] -- C:\Windows\SysNative\wbem\ntfs.mof -- (Ntfs) DRV:64bit: - [2009.06.10 22:34:33 | 003,286,016 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\evbda.sys -- (ebdrv) DRV:64bit: - [2009.06.10 22:34:28 | 000,468,480 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\bxvbda.sys -- (b06bdrv) DRV:64bit: - [2009.06.10 22:34:23 | 000,270,848 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\b57nd60a.sys -- (b57nd60a) DRV:64bit: - [2009.06.10 22:31:59 | 000,031,232 | ---- | M] (Hauppauge Computer Works, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\hcw85cir.sys -- (hcw85cir) DRV:64bit: - [2009.05.18 15:17:08 | 000,034,152 | ---- | M] (GEAR Software Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\GEARAspiWDM.sys -- (GearAspiWDM) DRV:64bit: - [2009.05.12 18:42:30 | 000,023,040 | ---- | M] (Magic Control Technology Corp.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\T1PExGrp64.sys -- (T1PExGrp64) DRV:64bit: - [2009.05.12 18:42:12 | 000,024,576 | ---- | M] (Magic Control Technology Corp.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\T1PMrGrp64.sys -- (T1PMrGrp64) DRV:64bit: - [2009.05.12 18:41:44 | 000,103,168 | ---- | M] (Magic Control Technology Corp.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\t1pusb64.sys -- (t1pusb64) DRV:64bit: - [2009.02.03 17:37:50 | 000,075,384 | ---- | M] (Protection Technology (StarForce)) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\sfdrv01.sys -- (sfdrv01) StarForce Protection Environment Driver (version 1.x) DRV:64bit: - [2007.02.08 19:47:24 | 000,107,384 | ---- | M] (Protection Technology (StarForce)) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\sfvfs02.sys -- (sfvfs02) StarForce Protection VFS Driver (version 2.x) DRV:64bit: - [2006.06.14 16:58:10 | 000,014,192 | ---- | M] (Protection Technology (StarForce)) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\sfhlp02.sys -- (sfhlp02) StarForce Protection Helper Driver (version 2.x) DRV - [2009.04.09 16:45:24 | 000,103,168 | ---- | M] (Magic Control Technology Corp.) [Kernel | On_Demand | Running] -- C:\Windows\SysWOW64\drivers\T1PUsb64.sys -- (t1pusb64) DRV - [2009.04.09 16:45:14 | 000,022,528 | ---- | M] (Magic Control Technology Corp.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysWOW64\drivers\T1PExGrp64.sys -- (T1PExGrp64) DRV - [2009.04.09 16:45:04 | 000,024,576 | ---- | M] (Magic Control Technology Corp.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysWOW64\drivers\T1PMrGrp64.sys -- (T1PMrGrp64) DRV - [2008.08.14 08:57:42 | 000,074,720 | ---- | M] (Adobe Systems, Inc.) [Kernel | Auto | Stopped] -- C:\Windows\SysWow64\drivers\adfs.sys -- (adfs) ========== Standard Registry (SafeList) ========== ========== Internet Explorer ========== IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://homepage.packardbell.com/rdr.aspx?b=ACPW&l=0407&m=ixtreme_m5740&r=173601102206p0305v1j5y48n3024s IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = %SystemRoot%\system32\blank.htm IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://homepage.packardbell.com/rdr.aspx?b=ACPW&l=0407&m=ixtreme_m5740&r=173601102206p0305v1j5y48n3024s IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://homepage.packardbell.com/rdr.aspx?b=ACPW&l=0407&m=ixtreme_m5740&r=173601102206p0305v1j5y48n3024s IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://homepage.packardbell.com/rdr.aspx?b=ACPW&l=0407&m=ixtreme_m5740&r=173601102206p0305v1j5y48n3024s IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Secondary Start Pages = hxxp://www.dingers.de/ [binary data] IE - HKCU\..\URLSearchHook: {E312764E-7706-43F1-8DAB-FCDD2B1E416D} - C:\Program Files (x86)\pdfforge Toolbar\SearchSettings.dll (Spigot, Inc.) IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = <local> IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyServer" = http=127.0.0.1:6522 ========== FireFox ========== FF - prefs.js..browser.search.param.yahoo-fr: "chr-greentree_ff&type=302398" FF - prefs.js..browser.search.useDBForOrder: true FF - prefs.js..browser.startup.homepage: "hxxp://www.google.de/" FF - prefs.js..extensions.enabledItems: piclens@cooliris.com:1.12.0.36949 FF - prefs.js..extensions.enabledItems: {2f17f610-5e97-4fed-828f-9940b7b577a4}:1.5.1 FF - HKLM\software\mozilla\Mozilla Firefox 3.6.8\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2010.08.25 15:12:39 | 000,000,000 | ---D | M] FF - HKLM\software\mozilla\Mozilla Firefox 3.6.8\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins [2010.07.27 08:39:06 | 000,000,000 | ---D | M] [2010.01.06 13:38:49 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\mozilla\Extensions [2010.08.31 14:16:41 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\mozilla\Firefox\Profiles\vyejjjez.default\extensions [2010.06.24 11:48:35 | 000,000,000 | ---D | M] (TV-Fox) -- C:\Users\***\AppData\Roaming\mozilla\Firefox\Profiles\vyejjjez.default\extensions\{2f17f610-5e97-4fed-828f-9940b7b577a4} [2010.06.24 11:48:35 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\mozilla\Firefox\Profiles\vyejjjez.default\extensions\piclens@cooliris.com [2010.05.01 12:38:15 | 000,001,820 | ---- | M] () -- C:\Users\***\AppData\Roaming\Mozilla\FireFox\Profiles\vyejjjez.default\searchplugins\bing.xml [2010.08.31 14:16:41 | 000,000,000 | ---D | M] -- C:\Program Files (x86)\mozilla firefox\extensions [2010.02.12 12:41:14 | 000,000,000 | ---D | M] (Skype extension for Firefox) -- C:\Program Files (x86)\mozilla firefox\extensions\{AB2CE124-6272-4b12-94A9-7303C7397BD1} [2010.03.14 13:19:52 | 000,001,392 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\amazondotcom-de.xml [2010.03.14 13:19:52 | 000,002,344 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\eBay-de.xml [2010.03.14 13:19:52 | 000,006,805 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\leo_ende_de.xml [2010.03.14 13:19:52 | 000,001,178 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\wikipedia-de.xml [2010.03.14 13:19:52 | 000,001,105 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\yahoo-de.xml O1 HOSTS File: ([2010.08.31 10:11:52 | 000,000,885 | ---- | M]) - C:\Windows\SysNative\drivers\etc\hosts O1 - Hosts: 188.93.8.95 reuterbau.de O1 - Hosts: 188.93.8.95 muster.reuterbau.de O2:64bit: - BHO: (Google Toolbar Helper) - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.) O2:64bit: - BHO: (Google Toolbar Notifier BHO) - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Programme\Google\GoogleToolbarNotifier\5.4.4525.1752\swg64.dll (Google Inc.) O2 - BHO: (ContributeBHO Class) - {074C1DC5-9320-4A9A-947D-C042949C6216} - C:\Program Files (x86)\Adobe\/Adobe Contribute CS4/contributeieplugin.dll () O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - No CLSID value found. O2 - BHO: (Google Toolbar Helper) - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.) O2 - BHO: (Skype add-on for Internet Explorer) - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.) O2 - BHO: (Google Toolbar Notifier BHO) - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files (x86)\Google\GoogleToolbarNotifier\5.4.4525.1752\swg.dll (Google Inc.) O2 - BHO: (pdfforge Toolbar) - {B922D405-6D13-4A2B-AE89-08A030DA4402} - C:\Program Files (x86)\pdfforge Toolbar\IE\1.1.2\pdfforgeToolbarIE.dll (Spigot, Inc.) O2 - BHO: (no name) - {E312764E-7706-43F1-8DAB-FCDD2B1E416D} - C:\Program Files (x86)\pdfforge Toolbar\SearchSettings.dll (Spigot, Inc.) O3:64bit: - HKLM\..\Toolbar: (Google Toolbar) - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.) O3:64bit: - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found. O3 - HKLM\..\Toolbar: (Google Toolbar) - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.) O3 - HKLM\..\Toolbar: (Contribute Toolbar) - {517BDDE4-E3A7-4570-B21E-2B52B6139FC7} - C:\Program Files (x86)\Adobe\/Adobe Contribute CS4/contributeieplugin.dll () O3 - HKLM\..\Toolbar: (pdfforge Toolbar) - {B922D405-6D13-4A2B-AE89-08A030DA4402} - C:\Program Files (x86)\pdfforge Toolbar\IE\1.1.2\pdfforgeToolbarIE.dll (Spigot, Inc.) O3 - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found. O3:64bit: - HKCU\..\Toolbar\WebBrowser: (Google Toolbar) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.) O3 - HKCU\..\Toolbar\WebBrowser: (Google Toolbar) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.) O4:64bit: - HKLM..\Run: [RtHDVCpl] C:\Programme\Realtek\Audio\HDA\RAVCpl64.exe (Realtek Semiconductor) O4:64bit: - HKLM..\Run: [Skytel] C:\Programme\Realtek\Audio\HDA\SkyTel.exe (Realtek Semiconductor Corp.) O4:64bit: - HKLM..\Run: [Util] C:\Windows\SysNative\Util.exe () O4:64bit: - HKLM..\Run: [Windows Mobile Device Center] C:\Windows\WindowsMobile\wmdc.exe (Microsoft Corporation) O4 - HKLM..\Run: [Adobe_ID0ENQBO] C:\PROGRA~2\COMMON~1\Adobe\ADOBEV~1\Server\bin\VERSIO~2.EXE (Adobe Systems Incorporated) O4 - HKLM..\Run: [AdobeCS4ServiceManager] C:\Program Files (x86)\Common Files\Adobe\CS4ServiceManager\CS4ServiceManager.exe (Adobe Systems Incorporated) O4 - HKLM..\Run: [AppleSyncNotifier] C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleSyncNotifier.exe (Apple Inc.) O4 - HKLM..\Run: [avgnt] C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe (Avira GmbH) O4 - HKLM..\Run: [Bonus.SSR.FR10] C:\Program Files (x86)\ABBYY FineReader 10\Bonus.ScreenshotReader.exe (ABBYY.) O4 - HKLM..\Run: [DivXUpdate] C:\Program Files (x86)\DivX\DivX Update\DivXUpdate.exe () O4 - HKLM..\Run: [FreePDF Assistant] C:\Program Files (x86)\FreePDF_XP\fpassist.exe (shbox.de) O4 - HKLM..\Run: [Google Desktop Search] C:\Program Files (x86)\Google\Google Desktop Search\GoogleDesktop.exe (Google) O4 - HKLM..\Run: [NortonOnlineBackupReminder] C:\Program Files (x86)\Symantec\Norton Online Backup\Activation\NobuActivation.exe (Symantec Corporation) O4 - HKLM..\Run: [Packard Bell Photo Frame] C:\Program Files (x86)\Packard Bell Photo Frame\ButtonMonitor.exe (IOI) O4 - HKLM..\Run: [ScreenManager Pro for LCD] C:\Program Files (x86)\EIZO\ScreenManager Pro for LCD\Lcdctrl.exe (EIZO NANAO CORPORATION) O4 - HKLM..\Run: [SearchSettings] C:\Program Files (x86)\pdfforge Toolbar\SearchSettings.exe (Spigot, Inc.) O4 - HKCU..\Run: [SparVoip] C:\Program Files (x86)\SparVoip.de\SparVoip\SparVoip.exe File not found O4 - HKCU..\Run: [SUPERAntiSpyware] C:\Programme\SUPERAntiSpyware\SUPERAntiSpyware.exe (SUPERAntiSpyware.com) O4 - HKCU..\Run: [swg] C:\Program Files (x86)\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe (Google Inc.) O4 - HKLM..\RunOnce: [Malwarebytes' Anti-Malware] C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe (Malwarebytes Corporation) O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktopChanges = 1 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoControlPanel = 0 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 0 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableLUA = 0 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: PromptOnSecureDesktop = 0 O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\Restrictions present O8:64bit: - Extra context menu item: Google Sidewiki... - C:\Program Files (x86)\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_60D6097707281E79.dll (Google Inc.) O8 - Extra context menu item: Google Sidewiki... - C:\Program Files (x86)\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_60D6097707281E79.dll (Google Inc.) O9 - Extra Button: In Blog veröffentlichen - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll (Microsoft Corporation) O9 - Extra 'Tools' menuitem : In Windows Live Writer in Blog veröffentliche&n - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll (Microsoft Corporation) O9 - Extra Button: @C:\Windows\WindowsMobile\INetRepl.dll,-222 - {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - C:\Windows\WindowsMobile\INetRepl.dll (Microsoft Corporation) O9 - Extra 'Tools' menuitem : @C:\Windows\WindowsMobile\INetRepl.dll,-223 - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\Windows\WindowsMobile\INetRepl.dll (Microsoft Corporation) O9 - Extra Button: ICQ7 - {88EB38EF-4D2C-436D-ABD3-56B232674062} - C:\Program Files (x86)\ICQ7.0\ICQ.exe (ICQ, Inc.) O9 - Extra 'Tools' menuitem : ICQ7 - {88EB38EF-4D2C-436D-ABD3-56B232674062} - C:\Program Files (x86)\ICQ7.0\ICQ.exe (ICQ, Inc.) O9 - Extra Button: Skype add-on for Internet Explorer - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.) O9 - Extra 'Tools' menuitem : Skype add-on for Internet Explorer - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.) O9 - Extra Button: Recherchieren - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~2\MICROS~1\OFFICE11\REFIEBAR.DLL (Microsoft Corporation) O13 - gopher Prefix: missing O13 - gopher Prefix: missing O15 - HKCU\..Trusted Domains: localhost ([]http in Lokales Intranet) O15 - HKCU\..Trusted Ranges: GD ([http] in Lokales Intranet) O16 - DPF: {02BF25D5-8C17-4B23-BC80-D3488ABDDC6B} hxxp://appldnld.apple.com.edgesuite.net/content.info.apple.com/QuickTime/qtactivex/qtplugin.cab (Reg Error: Key error.) O16 - DPF: {31B7EB4E-8B4B-11D1-A789-00A0CC6651A8} hxxp://host.cycore.net/plugins/windows/ie/Cult3D_IE_5.3.0.228.cab (Cult3D ActiveX Player) O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_18-windows-i586.cab (Java Plug-in 1.6.0_18) O16 - DPF: {CAFEEFAC-0016-0000-0018-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_18-windows-i586.cab (Java Plug-in 1.6.0_18) O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_18-windows-i586.cab (Java Plug-in 1.6.0_18) O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.2.1 O18:64bit: - Protocol\Handler\http\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - Reg Error: Key error. File not found O18:64bit: - Protocol\Handler\http\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - Reg Error: Key error. File not found O18:64bit: - Protocol\Handler\https\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - Reg Error: Key error. File not found O18:64bit: - Protocol\Handler\https\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - Reg Error: Key error. File not found O18:64bit: - Protocol\Handler\livecall {828030A1-22C1-4009-854F-8E305202313F} - Reg Error: Key error. File not found O18:64bit: - Protocol\Handler\msdaipp - No CLSID value found O18:64bit: - Protocol\Handler\msdaipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - Reg Error: Key error. File not found O18:64bit: - Protocol\Handler\msdaipp\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - Reg Error: Key error. File not found O18:64bit: - Protocol\Handler\ms-itss {0A9007C0-4076-11D3-8789-0000F8105754} - Reg Error: Key error. File not found O18:64bit: - Protocol\Handler\msnim {828030A1-22C1-4009-854F-8E305202313F} - Reg Error: Key error. File not found O18:64bit: - Protocol\Handler\mso-offdap {3D9F03FA-7A94-11D3-BE81-0050048385D1} - Reg Error: Key error. File not found O18:64bit: - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - Reg Error: Key error. File not found O18:64bit: - Protocol\Handler\skype-ie-addon-data {91774881-D725-4E58-B298-07617B9B86A8} - Reg Error: Key error. File not found O18:64bit: - Protocol\Handler\wlmailhtml {03C514A3-1EFB-4856-9F99-10D7BE1653C0} - Reg Error: Key error. File not found O18 - Protocol\Handler\http\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\SYSTEM\Ole DB\msdaipp.dll (Microsoft Corporation) O18 - Protocol\Handler\http\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\SYSTEM\Ole DB\msdaipp.dll (Microsoft Corporation) O18 - Protocol\Handler\https\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\SYSTEM\Ole DB\msdaipp.dll (Microsoft Corporation) O18 - Protocol\Handler\https\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\SYSTEM\Ole DB\msdaipp.dll (Microsoft Corporation) O18 - Protocol\Handler\livecall {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~2\WIC4A1~1\MESSEN~1\MSGRAP~1.DLL (Microsoft Corporation) O18 - Protocol\Handler\msdaipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\SYSTEM\Ole DB\msdaipp.dll (Microsoft Corporation) O18 - Protocol\Handler\msdaipp\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\SYSTEM\Ole DB\msdaipp.dll (Microsoft Corporation) O18 - Protocol\Handler\msnim {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~2\WIC4A1~1\MESSEN~1\MSGRAP~1.DLL (Microsoft Corporation) O18 - Protocol\Handler\mso-offdap {3D9F03FA-7A94-11D3-BE81-0050048385D1} - C:\PROGRA~2\COMMON~1\MICROS~1\WEBCOM~1\10\OWC10.DLL (Microsoft Corporation) O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~2\COMMON~1\Skype\SKYPE4~1.DLL (Skype Technologies) O18 - Protocol\Handler\skype-ie-addon-data {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.) O18:64bit: - Protocol\Filter\text/xml {807553E5-5146-11D5-A672-00B0D022E945} - Reg Error: Key error. File not found O18 - Protocol\Filter\text/xml {807553E5-5146-11D5-A672-00B0D022E945} - C:\Program Files (x86)\Common Files\Microsoft Shared\OFFICE11\MSOXMLMF.DLL (Microsoft Corporation) O20 - AppInit_DLLs: (C:\PROGRA~2\Google\GOOGLE~3\GO36F4~1.DLL) - C:\PROGRA~2\Google\GOOGLE~3\GO36F4~1.DLL (Google) O20:64bit: - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation) O20:64bit: - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\Windows\SysNative\SystemPropertiesPerformance.exe (Microsoft Corporation) O20:64bit: - HKLM Winlogon: VMApplet - (/pagefile) - File not found O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation) O20 - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\Windows\SysWow64\SystemPropertiesPerformance.exe (Microsoft Corporation) O20 - HKLM Winlogon: VMApplet - (/pagefile) - File not found O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - CLSID or File not found. O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - CLSID or File not found. O32 - HKLM CDRom: AutoRun - 1 O33 - MountPoints2\{a8c57709-fc1a-11de-925f-00016c6f6615}\Shell - "" = AutoRun O33 - MountPoints2\{a8c57709-fc1a-11de-925f-00016c6f6615}\Shell\AutoRun\command - "" = L:\LaunchU3.exe -- File not found O33 - MountPoints2\L\Shell - "" = AutoRun O33 - MountPoints2\L\Shell\AutoRun\command - "" = L:\LaunchU3.exe -- File not found O34 - HKLM BootExecute: (autocheck autochk *) - File not found O35:64bit: - HKLM\..comfile [open] -- "%1" %* O35:64bit: - HKLM\..exefile [open] -- "%1" %* O35 - HKLM\..comfile [open] -- "%1" %* O35 - HKLM\..exefile [open] -- "%1" %* O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %* O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %* O37 - HKLM\...com [@ = comfile] -- "%1" %* O37 - HKLM\...exe [@ = exefile] -- "%1" %* Drivers32:64bit: aux - wdmaud.drv (Microsoft Corporation) Drivers32:64bit: aux1 - wdmaud.drv (Microsoft Corporation) Drivers32:64bit: aux2 - wdmaud.drv (Microsoft Corporation) Drivers32:64bit: midi - wdmaud.drv (Microsoft Corporation) Drivers32:64bit: midi1 - wdmaud.drv (Microsoft Corporation) Drivers32:64bit: midi2 - wdmaud.drv (Microsoft Corporation) Drivers32:64bit: midi3 - wdmaud.drv (Microsoft Corporation) Drivers32:64bit: midi4 - wdmaud.drv (Microsoft Corporation) Drivers32:64bit: midi5 - wdmaud.drv (Microsoft Corporation) Drivers32:64bit: midi6 - wdmaud.drv (Microsoft Corporation) Drivers32:64bit: midimapper - midimap.dll (Microsoft Corporation) Drivers32:64bit: mixer - wdmaud.drv (Microsoft Corporation) Drivers32:64bit: mixer1 - wdmaud.drv (Microsoft Corporation) Drivers32:64bit: mixer2 - wdmaud.drv (Microsoft Corporation) Drivers32:64bit: mixer3 - wdmaud.drv (Microsoft Corporation) Drivers32:64bit: mixer4 - wdmaud.drv (Microsoft Corporation) Drivers32:64bit: mixer5 - wdmaud.drv (Microsoft Corporation) Drivers32:64bit: mixer6 - wdmaud.drv (Microsoft Corporation) Drivers32:64bit: msacm.imaadpcm - imaadp32.acm (Microsoft Corporation) Drivers32:64bit: msacm.l3acm - C:\Windows\System32\l3codeca.acm (Fraunhofer Institut Integrierte Schaltungen IIS) Drivers32:64bit: msacm.msadpcm - msadp32.acm (Microsoft Corporation) Drivers32:64bit: msacm.msg711 - msg711.acm (Microsoft Corporation) Drivers32:64bit: msacm.msgsm610 - msgsm32.acm (Microsoft Corporation) Drivers32:64bit: MSVideo8 - VfWWDM32.dll (Microsoft Corporation) Drivers32:64bit: vidc.i420 - iyuv_32.dll (Microsoft Corporation) Drivers32:64bit: VIDC.IYUV - iyuv_32.dll (Microsoft Corporation) Drivers32:64bit: vidc.mrle - msrle32.dll (Microsoft Corporation) Drivers32:64bit: vidc.msvc - msvidc32.dll (Microsoft Corporation) Drivers32:64bit: VIDC.UYVY - msyuv.dll (Microsoft Corporation) Drivers32:64bit: VIDC.YUY2 - msyuv.dll (Microsoft Corporation) Drivers32:64bit: VIDC.YVU9 - tsbyuv.dll (Microsoft Corporation) Drivers32:64bit: VIDC.YVYU - msyuv.dll (Microsoft Corporation) Drivers32:64bit: wave - wdmaud.drv (Microsoft Corporation) Drivers32:64bit: wave1 - wdmaud.drv (Microsoft Corporation) Drivers32:64bit: wave2 - wdmaud.drv (Microsoft Corporation) Drivers32:64bit: wave3 - wdmaud.drv (Microsoft Corporation) Drivers32:64bit: wave4 - wdmaud.drv (Microsoft Corporation) Drivers32:64bit: wave5 - wdmaud.drv (Microsoft Corporation) Drivers32:64bit: wave6 - wdmaud.drv (Microsoft Corporation) Drivers32:64bit: wavemapper - msacm32.drv (Microsoft Corporation) Drivers32: aux - C:\Windows\SysWow64\wdmaud.drv (Microsoft Corporation) Drivers32: aux1 - C:\Windows\SysWow64\wdmaud.drv (Microsoft Corporation) Drivers32: aux2 - C:\Windows\SysWow64\wdmaud.drv (Microsoft Corporation) Drivers32: midi - C:\Windows\SysWow64\wdmaud.drv (Microsoft Corporation) Drivers32: midi1 - C:\Windows\SysWow64\wdmaud.drv (Microsoft Corporation) Drivers32: midi2 - C:\Windows\SysWow64\wdmaud.drv (Microsoft Corporation) Drivers32: midi3 - C:\Windows\SysWow64\wdmaud.drv (Microsoft Corporation) Drivers32: midi4 - C:\Windows\SysWow64\wdmaud.drv (Microsoft Corporation) Drivers32: midi5 - C:\Windows\SysWow64\wdmaud.drv (Microsoft Corporation) Drivers32: midi6 - C:\Windows\SysWow64\wdmaud.drv (Microsoft Corporation) Drivers32: midimapper - C:\Windows\SysWow64\midimap.dll (Microsoft Corporation) Drivers32: mixer - C:\Windows\SysWow64\wdmaud.drv (Microsoft Corporation) Drivers32: mixer1 - C:\Windows\SysWow64\wdmaud.drv (Microsoft Corporation) Drivers32: mixer2 - C:\Windows\SysWow64\wdmaud.drv (Microsoft Corporation) Drivers32: mixer3 - C:\Windows\SysWow64\wdmaud.drv (Microsoft Corporation) Drivers32: mixer4 - C:\Windows\SysWow64\wdmaud.drv (Microsoft Corporation) Drivers32: mixer5 - C:\Windows\SysWow64\wdmaud.drv (Microsoft Corporation) Drivers32: mixer6 - C:\Windows\SysWow64\wdmaud.drv (Microsoft Corporation) Drivers32: msacm.imaadpcm - C:\Windows\SysWow64\imaadp32.acm (Microsoft Corporation) Drivers32: msacm.l3acm - C:\Windows\SysWOW64\l3codeca.acm (Fraunhofer Institut Integrierte Schaltungen IIS) Drivers32: msacm.lhacm - C:\Windows\SysWow64\lhacm.acm (Microsoft Corporation) Drivers32: msacm.msadpcm - C:\Windows\SysWow64\msadp32.acm (Microsoft Corporation) Drivers32: msacm.msaudio1 - C:\Windows\SysWow64\MSAUD32.ACM (Microsoft Corporation) Drivers32: msacm.msg711 - C:\Windows\SysWow64\msg711.acm (Microsoft Corporation) Drivers32: msacm.msgsm610 - C:\Windows\SysWow64\msgsm32.acm (Microsoft Corporation) Drivers32: msacm.siren - C:\Windows\SysWow64\sirenacm.dll (Microsoft Corporation) Drivers32: msacm.sl_anet - C:\Windows\SysWow64\SL_ANET.ACM (Sipro Lab Telecom Inc.) Drivers32: vidc.cvid - C:\Windows\SysWow64\iccvid.dll (Radius Inc.) Drivers32: vidc.DIVX - C:\Windows\SysWow64\DivX.dll (DivX, Inc.) Drivers32: vidc.i420 - C:\Windows\SysWow64\iyuv_32.dll (Microsoft Corporation) Drivers32: vidc.iyuv - C:\Windows\SysWow64\iyuv_32.dll (Microsoft Corporation) Drivers32: VIDC.MP42 - C:\Windows\SysWow64\MPG4C32.DLL (Microsoft Corporation) Drivers32: VIDC.MPG4 - C:\Windows\SysWow64\MPG4C32.DLL (Microsoft Corporation) Drivers32: vidc.mrle - C:\Windows\SysWow64\msrle32.dll (Microsoft Corporation) Drivers32: vidc.msvc - C:\Windows\SysWow64\msvidc32.dll (Microsoft Corporation) Drivers32: vidc.uyvy - C:\Windows\SysWow64\msyuv.dll (Microsoft Corporation) Drivers32: vidc.yuy2 - C:\Windows\SysWow64\msyuv.dll (Microsoft Corporation) Drivers32: vidc.yv12 - C:\Windows\SysWow64\DivX.dll (DivX, Inc.) Drivers32: vidc.yvu9 - C:\Windows\SysWow64\tsbyuv.dll (Microsoft Corporation) Drivers32: vidc.yvyu - C:\Windows\SysWow64\msyuv.dll (Microsoft Corporation) Drivers32: wave - C:\Windows\SysWow64\wdmaud.drv (Microsoft Corporation) Drivers32: wave1 - C:\Windows\SysWow64\wdmaud.drv (Microsoft Corporation) Drivers32: wave2 - C:\Windows\SysWow64\wdmaud.drv (Microsoft Corporation) Drivers32: wave3 - C:\Windows\SysWow64\wdmaud.drv (Microsoft Corporation) Drivers32: wave4 - C:\Windows\SysWow64\wdmaud.drv (Microsoft Corporation) Drivers32: wave5 - C:\Windows\SysWow64\wdmaud.drv (Microsoft Corporation) Drivers32: wave6 - C:\Windows\SysWow64\wdmaud.drv (Microsoft Corporation) Drivers32: wavemapper - C:\Windows\SysWow64\msacm32.drv (Microsoft Corporation) CREATERESTOREPOINT Error creating restore point. ========== Files/Folders - Created Within 90 Days ========== [2010.08.31 14:39:19 | 000,000,000 | ---D | C] -- C:\Windows\ERDNT [2010.08.31 14:38:37 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\ERUNT [2010.08.31 14:23:03 | 000,000,000 | ---D | C] -- C:\Users\***\AppData\Roaming\Malwarebytes [2010.08.31 14:22:56 | 000,038,224 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\SysWow64\drivers\mbamswissarmy.sys [2010.08.31 14:22:56 | 000,024,664 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\SysNative\drivers\mbam.sys [2010.08.31 14:22:56 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes [2010.08.31 14:22:55 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Malwarebytes' Anti-Malware [2010.08.31 14:20:09 | 000,000,000 | ---D | C] -- C:\Users\***\Desktop\MFTools [2010.08.31 11:33:32 | 000,000,000 | ---D | C] -- C:\Users\***\Desktop\antispy [2010.08.31 10:23:32 | 000,000,000 | ---D | C] -- C:\Users\***\AppData\Roaming\SUPERAntiSpyware.com [2010.08.30 18:54:39 | 000,000,000 | ---D | C] -- C:\ProgramData\SUPERAntiSpyware.com [2010.08.30 18:54:34 | 000,000,000 | ---D | C] -- C:\ProgramData\!SASCORE [2010.08.30 18:54:32 | 000,000,000 | ---D | C] -- C:\Programme\SUPERAntiSpyware [2010.08.30 16:07:46 | 000,000,000 | ---D | C] -- C:\Users\***\AppData\Local\uheyurkml [2010.08.30 16:07:45 | 000,000,000 | ---D | C] -- C:\Users\***\AppData\Local\wuiyuawux [2010.08.30 16:07:35 | 000,000,000 | ---D | C] -- C:\Users\***\AppData\Local\Windows Server [2010.08.15 01:23:05 | 000,000,000 | ---D | C] -- C:\Users\***\Desktop\wsftp [2010.08.11 12:42:37 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\fabFORCE [2010.08.11 12:42:35 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\fabFORCE [2010.08.02 15:56:51 | 000,000,000 | ---D | C] -- C:\Users\***\AppData\Local\assembly [2010.08.02 15:55:45 | 000,000,000 | ---D | C] -- C:\Users\***\AppData\Local\IsolatedStorage [2010.08.02 15:55:15 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Virtual Earth 3D [2010.08.01 14:07:33 | 000,000,000 | ---D | C] -- C:\Users\***\AppData\Roaming\Need for Speed World [2010.08.01 13:12:13 | 000,000,000 | ---D | C] -- C:\Users\***\AppData\Local\Electronic_Arts_Inc [2010.08.01 13:11:53 | 000,000,000 | ---D | C] -- C:\Windows\SysWow64\directx [2010.07.29 22:30:44 | 000,000,000 | ---D | C] -- C:\Users\***\Documents\ICQ [2010.07.27 01:10:07 | 000,000,000 | ---D | C] -- C:\Users\***\Desktop\hohlspiegel [2010.07.23 09:08:43 | 000,000,000 | ---D | C] -- C:\Programme\iPod [2010.07.23 09:08:42 | 000,000,000 | ---D | C] -- C:\Programme\iTunes [2010.07.18 13:40:29 | 000,000,000 | ---D | C] -- C:\Users\***\Desktop\DCIM [2010.07.13 17:23:39 | 000,000,000 | ---D | C] -- C:\Users\***\AppData\Roaming\DivX [2010.07.13 17:23:26 | 000,000,000 | ---D | C] -- C:\Programme\DivX [2010.07.13 17:23:07 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\DivX Shared [2010.07.13 17:22:05 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\DivX [2010.07.13 17:21:49 | 000,000,000 | ---D | C] -- C:\ProgramData\DivX [2010.07.02 09:02:02 | 000,000,000 | ---D | C] -- C:\Users\***\Desktop\back_sd_karten [2010.06.24 11:28:23 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\iTunes [2010.06.24 11:26:43 | 000,000,000 | ---D | C] -- C:\Programme\Bonjour [2010.06.24 11:26:43 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Bonjour [2010.06.19 18:46:28 | 000,000,000 | ---D | C] -- C:\Windows\WindowsMobile [2010.06.19 18:25:14 | 000,000,000 | ---D | C] -- C:\Users\***\android_omap850 [2010.06.19 18:13:47 | 000,000,000 | ---D | C] -- C:\Users\***\Neuer Ordner [2009.09.03 16:13:01 | 000,036,136 | ---- | C] (Oberon Media) -- C:\ProgramData\FullRemove.exe ========== Files - Modified Within 90 Days ========== [2010.08.31 14:49:11 | 003,932,160 | -HS- | M] () -- C:\Users\***\NTUSER.DAT [2010.08.31 14:40:06 | 000,000,940 | ---- | M] () -- C:\Users\***\Desktop\NTREGOPT.lnk [2010.08.31 14:40:06 | 000,000,921 | ---- | M] () -- C:\Users\***\Desktop\ERUNT.lnk [2010.08.31 14:37:15 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat [2010.08.31 14:36:47 | 529,879,039 | -HS- | M] () -- C:\hiberfil.sys [2010.08.31 14:22:59 | 000,001,025 | ---- | M] () -- C:\Users\Public\Desktop\Malwarebytes' Anti-Malware.lnk [2010.08.31 10:23:30 | 000,001,820 | ---- | M] () -- C:\Users\Public\Desktop\SUPERAntiSpyware Professional.lnk [2010.08.31 10:11:37 | 000,001,611 | ---- | M] () -- C:\Windows\SysNative\MTri1+.ini [2010.08.31 10:11:33 | 000,001,096 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job [2010.08.31 10:11:22 | 000,000,006 | -H-- | M] () -- C:\Windows\tasks\SA.DAT [2010.08.30 22:18:00 | 000,001,100 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job [2010.08.30 21:41:04 | 000,009,696 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0 [2010.08.30 21:41:04 | 000,009,696 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0 [2010.08.30 21:35:00 | 000,001,106 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-2676677060-1717363677-2495245445-1000UA.job [2010.08.30 18:24:16 | 001,507,104 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI [2010.08.30 18:24:16 | 000,657,428 | ---- | M] () -- C:\Windows\SysNative\perfh007.dat [2010.08.30 18:24:16 | 000,618,714 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat [2010.08.30 18:24:16 | 000,130,818 | ---- | M] () -- C:\Windows\SysNative\perfc007.dat [2010.08.30 18:24:16 | 000,107,034 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat [2010.08.30 16:28:41 | 000,002,105 | ---- | M] () -- C:\Windows\lsrslt.ini [2010.08.27 13:00:28 | 005,927,893 | ---- | M] () -- C:\Users\***\Desktop\Weihnachtsbaum_ausbinden.flv [2010.08.27 13:00:28 | 000,001,518 | ---- | M] () -- C:\Users\***\Desktop\IMG1731.html [2010.08.26 20:35:00 | 000,001,054 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-2676677060-1717363677-2495245445-1000Core.job [2010.08.24 22:01:30 | 000,227,129 | ---- | M] () -- C:\Users\***\Desktop\platten.jpg [2010.08.24 07:35:36 | 000,002,392 | ---- | M] () -- C:\Users\***\Desktop\Google Chrome.lnk [2010.08.23 21:27:14 | 000,002,300 | ---- | M] () -- C:\Users\Public\Desktop\Google Earth.lnk [2010.08.12 08:16:28 | 004,160,096 | ---- | M] () -- C:\Windows\SysNative\FNTCACHE.DAT [2010.08.11 12:42:37 | 000,001,090 | ---- | M] () -- C:\Users\***\Desktop\DBDesigner 4.lnk [2010.08.09 10:57:16 | 000,329,653 | ---- | M] () -- C:\Users\***\Desktop\maddin-001.jpg [2010.08.09 10:57:00 | 000,339,257 | ---- | M] () -- C:\Users\***\Desktop\maddin-002.jpg [2010.08.05 14:56:46 | 000,001,791 | ---- | M] () -- C:\Users\***\Desktop\googleearth.exe - Verknüpfung.lnk [2010.08.02 15:55:40 | 000,002,062 | ---- | M] () -- C:\Users\Public\Desktop\Bing Maps 3D.lnk [2010.07.26 20:03:52 | 000,002,429 | ---- | M] () -- C:\Users\Public\Desktop\iTunes.lnk [2010.07.21 22:38:57 | 000,013,389 | ---- | M] () -- C:\Users\***\Desktop\pxw_logo_web_schrift.jpg [2010.07.16 09:25:16 | 000,093,950 | ---- | M] () -- C:\Users\***\Desktop\BP.jpg [2010.07.13 17:23:52 | 000,001,616 | ---- | M] () -- C:\Users\***\Desktop\DivX Movies.lnk [2010.07.13 17:23:35 | 000,001,128 | ---- | M] () -- C:\Users\Public\Desktop\DivX Plus Player.lnk [2010.07.13 17:23:25 | 000,001,168 | ---- | M] () -- C:\Users\Public\Desktop\DivX Plus Converter.lnk [2010.07.12 20:19:23 | 000,270,812 | ---- | M] () -- C:\Users\***\Desktop\erbsen_detail.jpg [2010.07.12 20:14:41 | 000,573,369 | ---- | M] () -- C:\Users\***\Desktop\erbsen.jpg [2010.07.08 10:03:09 | 000,003,480 | ---- | M] () -- C:\bootsqm.dat [2010.07.07 14:51:27 | 000,222,587 | ---- | M] () -- C:\Users\***\Desktop\rosi_uwe.jpg [2010.07.04 18:57:48 | 296,742,976 | ---- | M] () -- C:\Users\***\Desktop\MVI_1287.AVI [2010.07.01 10:47:50 | 000,042,829 | ---- | M] () -- C:\Users\***\Desktop\opptischetaeeuschungen.jpg [2010.06.30 16:20:59 | 000,002,004 | -H-- | M] () -- C:\Users\***\Documents\Default.rdp [2010.06.29 20:33:18 | 000,069,872 | ---- | M] () -- C:\Users\***\Desktop\0_soylpw8a.jpg [2010.06.29 20:32:03 | 000,184,514 | ---- | M] () -- C:\Users\***\Desktop\0_big.jpg [2010.06.25 11:02:42 | 092,497,196 | ---- | M] () -- C:\Users\***\Desktop\03Clave.flv [2010.06.25 11:02:42 | 000,001,518 | ---- | M] () -- C:\Users\***\Desktop\03Clave.html [2010.06.19 19:01:53 | 000,000,000 | -H-- | M] () -- C:\Windows\SysNative\drivers\Msft_User_WpdRapi2_01_00_00.Wdf [2010.06.19 18:10:50 | 040,419,158 | ---- | M] () -- C:\Users\***\wing-linux-0.4.2.zip [2010.06.16 13:22:54 | 000,002,491 | ---- | M] () -- C:\Users\Public\Desktop\Safari.lnk [2010.06.14 14:46:23 | 000,035,328 | ---- | M] () -- C:\Users\***\Desktop\rechnung_100056_220410_cpff.doc [2010.06.09 21:15:12 | 000,066,529 | ---- | M] () -- C:\Users\***\Desktop\http___www.united-virtual.c....pdf [2010.06.09 18:55:47 | 000,103,108 | ---- | M] () -- C:\Users\***\Desktop\__www.cpff.de_beta_en_imprint.pdf ========== Files Created - No Company Name ========== [2010.08.31 14:38:37 | 000,000,940 | ---- | C] () -- C:\Users\***\Desktop\NTREGOPT.lnk [2010.08.31 14:38:37 | 000,000,921 | ---- | C] () -- C:\Users\***\Desktop\ERUNT.lnk [2010.08.31 14:22:59 | 000,001,025 | ---- | C] () -- C:\Users\Public\Desktop\Malwarebytes' Anti-Malware.lnk [2010.08.31 10:23:30 | 000,001,820 | ---- | C] () -- C:\Users\Public\Desktop\SUPERAntiSpyware Professional.lnk [2010.08.30 16:28:41 | 000,002,105 | ---- | C] () -- C:\Windows\lsrslt.ini [2010.08.27 13:00:28 | 000,001,518 | ---- | C] () -- C:\Users\***\Desktop\IMG1731.html [2010.08.27 13:00:15 | 005,927,893 | ---- | C] () -- C:\Users\***\Desktop\Weihnachtsbaum_ausbinden.flv [2010.08.24 22:01:30 | 000,227,129 | ---- | C] () -- C:\Users\***\Desktop\platten.jpg [2010.08.23 21:27:14 | 000,002,300 | ---- | C] () -- C:\Users\Public\Desktop\Google Earth.lnk [2010.08.11 12:42:37 | 000,001,090 | ---- | C] () -- C:\Users\***\Desktop\DBDesigner 4.lnk [2010.08.09 10:57:16 | 000,329,653 | ---- | C] () -- C:\Users\***\Desktop\maddin-001.jpg [2010.08.09 10:57:00 | 000,339,257 | ---- | C] () -- C:\Users\***\Desktop\maddin-002.jpg [2010.08.05 14:56:46 | 000,001,791 | ---- | C] () -- C:\Users\***\Desktop\googleearth.exe - Verknüpfung.lnk [2010.08.02 15:55:40 | 000,002,062 | ---- | C] () -- C:\Users\Public\Desktop\Bing Maps 3D.lnk [2010.07.29 23:51:52 | 296,742,976 | ---- | C] () -- C:\Users\***\Desktop\MVI_1287.AVI [2010.07.23 09:08:59 | 000,002,429 | ---- | C] () -- C:\Users\Public\Desktop\iTunes.lnk [2010.07.21 22:38:57 | 000,013,389 | ---- | C] () -- C:\Users\***\Desktop\pxw_logo_web_schrift.jpg [2010.07.16 09:25:15 | 000,093,950 | ---- | C] () -- C:\Users\***\Desktop\BP.jpg [2010.07.13 17:23:52 | 000,001,616 | ---- | C] () -- C:\Users\***\Desktop\DivX Movies.lnk [2010.07.13 17:23:35 | 000,001,128 | ---- | C] () -- C:\Users\Public\Desktop\DivX Plus Player.lnk [2010.07.13 17:23:25 | 000,001,168 | ---- | C] () -- C:\Users\Public\Desktop\DivX Plus Converter.lnk [2010.07.12 20:19:23 | 000,270,812 | ---- | C] () -- C:\Users\***\Desktop\erbsen_detail.jpg [2010.07.12 20:14:41 | 000,573,369 | ---- | C] () -- C:\Users\***\Desktop\erbsen.jpg [2010.07.08 10:03:09 | 000,003,480 | ---- | C] () -- C:\bootsqm.dat [2010.07.07 14:51:27 | 000,222,587 | ---- | C] () -- C:\Users\***\Desktop\rosi_uwe.jpg [2010.07.01 10:47:49 | 000,042,829 | ---- | C] () -- C:\Users\***\Desktop\opptischetaeeuschungen.jpg [2010.06.29 20:33:18 | 000,069,872 | ---- | C] () -- C:\Users\***\Desktop\0_soylpw8a.jpg [2010.06.29 20:32:02 | 000,184,514 | ---- | C] () -- C:\Users\***\Desktop\0_big.jpg [2010.06.25 11:02:42 | 000,001,518 | ---- | C] () -- C:\Users\***\Desktop\03Clave.html [2010.06.25 10:58:49 | 092,497,196 | ---- | C] () -- C:\Users\***\Desktop\03Clave.flv [2010.06.19 19:01:53 | 000,000,000 | -H-- | C] () -- C:\Windows\SysNative\drivers\Msft_User_WpdRapi2_01_00_00.Wdf [2010.06.19 18:14:00 | 040,680,997 | ---- | C] () -- C:\Users\***\wing-linux-0.4.2-rootfs.cab [2010.06.19 18:14:00 | 000,017,992 | ---- | C] () -- C:\Users\***\LICENSE [2010.06.19 18:14:00 | 000,015,662 | ---- | C] () -- C:\Users\***\ChangeLog [2010.06.19 18:14:00 | 000,004,359 | ---- | C] () -- C:\Users\***\INSTALL [2010.06.19 18:14:00 | 000,001,595 | ---- | C] () -- C:\Users\***\wing-linux-0.4.2-herald.cab [2010.06.19 18:14:00 | 000,001,595 | ---- | C] () -- C:\Users\***\wing-linux-0.4.2-excalibur.cab [2010.06.19 18:14:00 | 000,001,576 | ---- | C] () -- C:\Users\***\wing-linux-0.4.2-wizard.cab [2010.06.19 18:14:00 | 000,001,561 | ---- | C] () -- C:\Users\***\wing-linux-0.4.2-startrek.cab [2010.06.19 18:14:00 | 000,001,561 | ---- | C] () -- C:\Users\***\wing-linux-0.4.2-prophet.cab [2010.06.19 18:14:00 | 000,001,561 | ---- | C] () -- C:\Users\***\wing-linux-0.4.2-pharos.cab [2010.06.19 18:14:00 | 000,001,561 | ---- | C] () -- C:\Users\***\wing-linux-0.4.2-opal.cab [2010.06.19 18:14:00 | 000,001,561 | ---- | C] () -- C:\Users\***\wing-linux-0.4.2-gene.cab [2010.06.19 18:14:00 | 000,001,561 | ---- | C] () -- C:\Users\***\wing-linux-0.4.2-elf.cab [2010.06.19 18:14:00 | 000,001,561 | ---- | C] () -- C:\Users\***\wing-linux-0.4.2-artemis.cab [2010.06.19 18:14:00 | 000,000,549 | ---- | C] () -- C:\Users\***\UPGRADE [2010.06.19 18:11:17 | 040,419,158 | ---- | C] () -- C:\Users\***\wing-linux-0.4.2.zip [2010.06.14 14:46:23 | 000,035,328 | ---- | C] () -- C:\Users\***\Desktop\rechnung_100056_220410_cpff.doc [2010.06.09 21:15:12 | 000,066,529 | ---- | C] () -- C:\Users\***\Desktop\http___www.united-virtual.c....pdf [2010.06.09 18:55:46 | 000,103,108 | ---- | C] () -- C:\Users\***\Desktop\__www.cpff.de_beta_en_imprint.pdf [2010.04.14 22:00:48 | 000,040,960 | ---- | C] () -- C:\Windows\SysWow64\wh2robo.dll [2010.04.14 15:32:11 | 000,000,035 | ---- | C] () -- C:\Windows\A6W.INI [2010.01.25 09:11:03 | 000,000,144 | ---- | C] () -- C:\Windows\BitmapToIcon.ini [2010.01.25 09:07:59 | 000,000,080 | RHS- | C] () -- C:\Windows\SysWow64\D611727BFE.dll [2010.01.16 19:05:46 | 000,430,080 | ---- | C] () -- C:\Windows\SysWow64\UDLL.dll [2010.01.16 19:05:46 | 000,204,800 | ---- | C] () -- C:\Windows\SysWow64\t1psvr.dll [2010.01.04 22:00:25 | 001,499,556 | ---- | C] () -- C:\Windows\SysWow64\PerfStringBackup.INI [2010.01.04 19:42:26 | 000,000,017 | ---- | C] () -- C:\Users\***\AppData\Local\resmon.resmoncfg [2010.01.04 19:07:28 | 000,000,400 | ---- | C] () -- C:\Windows\ODBC.INI [2010.01.04 17:35:19 | 000,491,520 | ---- | C] () -- C:\Windows\SysWow64\cfvalidator.dll [2010.01.04 17:35:19 | 000,442,368 | ---- | C] () -- C:\Windows\SysWow64\cfssvradmin.dll [2010.01.04 17:35:19 | 000,270,336 | ---- | C] () -- C:\Windows\SysWow64\CfShellFtpRds.dll [2010.01.04 17:35:19 | 000,147,456 | ---- | C] () -- C:\Windows\SysWow64\CFFileProxy.dll [2010.01.04 17:35:18 | 000,114,688 | ---- | C] () -- C:\Windows\SysWow64\CfRds.dll [2010.01.04 17:35:18 | 000,069,632 | ---- | C] () -- C:\Windows\SysWow64\CFFtp.dll [2010.01.04 17:34:59 | 000,777,728 | ---- | C] () -- C:\Windows\SysWow64\SSLSVC.DLL [2010.01.04 17:34:59 | 000,069,632 | ---- | C] () -- C:\Windows\SysWow64\xmltok.dll [2010.01.04 17:34:59 | 000,040,960 | ---- | C] () -- C:\Windows\SysWow64\cfmsg.dll [2010.01.04 17:34:59 | 000,036,864 | ---- | C] () -- C:\Windows\SysWow64\xmlparse.dll [2010.01.04 17:34:56 | 000,114,688 | ---- | C] () -- C:\Windows\SysWow64\lang_cfml.dll [2010.01.04 17:34:56 | 000,028,672 | ---- | C] () -- C:\Windows\SysWow64\xml_datagrove.dll [2010.01.04 17:27:48 | 000,373,248 | ---- | C] () -- C:\Windows\EyeCand3.INI [2009.09.03 16:19:59 | 000,120,200 | ---- | C] () -- C:\Windows\SysWow64\DLLDEV32i.dll [2009.09.03 16:12:41 | 000,776,614 | ---- | C] () -- C:\Program Files (x86)\Common Files\packardbell.ico [2009.07.14 01:42:10 | 000,064,000 | ---- | C] () -- C:\Windows\SysWow64\BWContextHandler.dll [2009.07.13 23:03:59 | 000,364,544 | ---- | C] () -- C:\Windows\SysWow64\msjetoledb40.dll [2008.11.01 02:40:18 | 001,019,904 | ---- | C] () -- C:\Windows\SysWow64\HDX4MediaConverter2.dll [2008.10.20 00:28:04 | 000,272,896 | ---- | C] () -- C:\Windows\SysWow64\EMRegSys.dll [2003.02.20 18:53:42 | 000,005,702 | ---- | C] () -- C:\Windows\SysWow64\OUTLPERF.INI ========== LOP Check ========== [2010.01.08 09:33:20 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\FileZilla [2010.03.26 17:14:00 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\FreeFLVConverter [2010.08.09 11:14:11 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\ICQ [2010.01.27 19:23:54 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\MAGIX [2010.03.08 09:53:43 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\Miranda [2010.08.01 14:07:33 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\Need for Speed World [2010.01.22 09:22:18 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\Opera [2010.01.04 17:22:15 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\OPHK [2010.01.04 16:04:43 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\Packard Bell [2010.05.12 11:50:09 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\Serif [2010.03.12 11:23:43 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\SparVoip [2010.03.12 15:38:28 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\TeamViewer [2010.01.08 10:29:43 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\VOWSoft [2010.01.08 10:21:48 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\WindSolutions [2010.07.11 17:59:00 | 000,032,640 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT ========== Purity Check ========== ========== Custom Scans ========== < %SYSTEMDRIVE%\*.* > [2009.09.03 16:53:55 | 000,008,192 | RHS- | M] () -- C:\BOOTSECT.BAK [2010.07.08 10:03:09 | 000,003,480 | ---- | M] () -- C:\bootsqm.dat [2010.08.30 08:55:51 | 000,006,960 | ---- | M] () -- C:\fpRedmon.log [2010.08.31 14:36:47 | 529,879,039 | -HS- | M] () -- C:\hiberfil.sys [2010.01.09 12:30:28 | 002,344,293 | ---- | M] () -- C:\ituneslib.itl [2010.08.31 14:36:47 | 2138,161,151 | -HS- | M] () -- C:\pagefile.sys [2009.10.15 05:17:57 | 000,002,022 | ---- | M] () -- C:\RHDSetup.log < %systemroot%\system32\*.wt > < %systemroot%\system32\*.ruy > < %systemroot%\Fonts\*.com > [2009.07.14 07:32:31 | 000,026,040 | ---- | M] () -- C:\Windows\Fonts\GlobalMonospace.CompositeFont [2009.07.14 07:32:31 | 000,026,489 | ---- | M] () -- C:\Windows\Fonts\GlobalSansSerif.CompositeFont [2009.07.14 07:32:31 | 000,029,779 | ---- | M] () -- C:\Windows\Fonts\GlobalSerif.CompositeFont [2009.07.14 07:32:31 | 000,043,318 | ---- | M] () -- C:\Windows\Fonts\GlobalUserInterface.CompositeFont < %systemroot%\Fonts\*.dll > < %systemroot%\Fonts\*.ini > [2009.06.10 22:49:50 | 000,000,065 | ---- | M] () -- C:\Windows\Fonts\desktop.ini < %systemroot%\Fonts\*.ini2 > < %systemroot%\system32\spool\prtprocs\w32x86\*.* > < %systemroot%\REPAIR\*.bak1 > < %systemroot%\REPAIR\*.ini > < %systemroot%\system32\*.jpg > < %systemroot%\*.scr > [2009.02.06 19:46:50 | 000,308,600 | ---- | M] (Microsoft Corporation) -- C:\Windows\WLXPGSS.SCR < %systemroot%\*._sy > < %APPDATA%\Adobe\Update\*.* > < %ALLUSERSPROFILE%\Favorites\*.* > < %APPDATA%\Microsoft\*.* > < %PROGRAMFILES%\*.* > [2009.07.14 06:54:24 | 000,000,174 | -HS- | M] () -- C:\Program Files (x86)\desktop.ini < %APPDATA%\Update\*.* > < %systemroot%\*. /mp /s > < %systemroot%\system32\*.dll /lockedfiles > < %systemroot%\Tasks\*.job /lockedfiles > < %systemroot%\System32\config\*.sav > < %systemroot%\system32\user32.dll /md5 > [2009.07.14 03:11:24 | 000,833,024 | ---- | M] (Microsoft Corporation) MD5=E8B0FFC209E504CB7E79FC24E6C085F0 -- C:\Windows\SysWOW64\user32.dll < %systemroot%\system32\ws2_32.dll /md5 > [2009.07.14 03:16:20 | 000,206,336 | ---- | M] (Microsoft Corporation) MD5=DAAE8A9B8C0ACC7F858454132553C30D -- C:\Windows\SysWOW64\ws2_32.dll < %systemroot%\system32\ws2help.dll /md5 > [2009.07.14 03:11:26 | 000,004,608 | ---- | M] (Microsoft Corporation) MD5=808AABDF9337312195CAFF76D1804786 -- C:\Windows\SysWOW64\ws2help.dll < HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\WindowsUpdate\AU > < HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WindowsUpdate\Auto Update\Results\Install|LastSuccessTime /rs > ========== Alternate Data Streams ========== @Alternate Data Stream - 151 bytes -> C:\ProgramData\TEMP:4D066AD2 @Alternate Data Stream - 128 bytes -> C:\ProgramData\TEMP:5D7E5A8F < End of report > [/QUOTE] Extras.txt: OTL Logfile: Code:
ATTFilter OTL Extras logfile created on: 31.08.2010 14:49:16 - Run 1
OTL by OldTimer - Version 3.2.11.0 Folder = C:\Users\***\Desktop\MFTools
64bit- Home Premium Edition (Version = 6.1.7600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.7600.16385)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
6,00 Gb Total Physical Memory | 5,00 Gb Available Physical Memory | 87,00% Memory free
12,00 Gb Paging File | 11,00 Gb Available in Paging File | 94,00% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 457,95 Gb Total Space | 366,17 Gb Free Space | 79,96% Space Free | Partition Type: NTFS
Drive D: | 458,46 Gb Total Space | 281,13 Gb Free Space | 61,32% Space Free | Partition Type: NTFS
E: Drive not present or media not loaded
F: Drive not present or media not loaded
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded
Computer Name: PB
Current User Name: ***
Logged in as Administrator.
Current Boot Mode: SafeMode
Scan Mode: Current user
Include 64bit Scans
Company Name Whitelist: On
Skip Microsoft Files: On
File Age = 90 Days
Output = Standard
Quick Scan
========== Extra Registry (SafeList) ==========
========== File Associations ==========
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- C:\Windows\SysWow64\control.exe (Microsoft Corporation)
[HKEY_CURRENT_USER\SOFTWARE\Classes\<extension>]
.html [@ = FirefoxHTML] -- C:\Program Files (x86)\Mozilla Firefox\firefox.exe (Mozilla Corporation)
========== Shell Spawning ==========
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %* File not found
cmdfile [open] -- "%1" %* File not found
comfile [open] -- "%1" %* File not found
exefile [open] -- "%1" %* File not found
helpfile [open] -- Reg Error: Key error.
htmlfile [edit] -- "C:\Program Files (x86)\Microsoft Office\Office10\msohtmed.exe" %1 (Microsoft Corporation)
htmlfile [print] -- "C:\Program Files (x86)\Microsoft Office\Office10\msohtmed.exe" /p %1 (Microsoft Corporation)
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
InternetShortcut [print] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\mshtml.dll",PrintHTML "%1" (Microsoft Corporation)
piffile [open] -- "%1" %* File not found
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1" File not found
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l (Microsoft Corporation)
scrfile [open] -- "%1" /S File not found
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1 File not found
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
htmlfile [edit] -- "C:\Program Files (x86)\Microsoft Office\Office10\msohtmed.exe" %1 (Microsoft Corporation)
htmlfile [print] -- "C:\Program Files (x86)\Microsoft Office\Office10\msohtmed.exe" /p %1 (Microsoft Corporation)
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
InternetShortcut [print] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\mshtml.dll",PrintHTML "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l (Microsoft Corporation)
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
========== Security Center Settings ==========
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 0
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"VistaSp1" = 28 4D B2 76 41 04 CA 01 [binary data]
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
========== Authorized Applications List ==========
========== HKEY_LOCAL_MACHINE Uninstall List ==========
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{0E3DAF3D-FF69-345A-A99E-1FED304CA083}" = Microsoft .NET Framework 4 Client Profile DEU Language Pack
"{23170F69-40C1-2702-0465-000001000000}" = 7-Zip 4.65 (x64 edition)
"{23B45E10-0CA5-43E9-BD6D-C2BD6CBE11AC}" = iTunes
"{295CFB7C-A57E-4313-93E7-68E7CE1D0332}" = Adobe WinSoft Linguistics Plugin x64
"{2D74E972-5A85-44DC-9193-8A302BA8C181}" = Photoshop Camera Raw_x64
"{328CC232-CFDC-468B-A214-2E21300E4CB5}" = Apple Mobile Device Support
"{350AA351-21FA-3270-8B7A-835434E766AD}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.21022
"{3D3E663D-4E7E-4577-A560-7ECDDD45548A}" = PVSonyDll
"{55E76113-3899-4A63-A308-71A9BD3491EE}" = MobileMe Control Panel
"{626672CD-BFCF-49A9-AEFE-AB0FED3BFC5B}" = Windows Mobile-Gerätecenter
"{6631325A-9B1B-4EE7-8E64-8CC4A6F10643}" = Adobe Fonts All x64
"{6ACE7F46-FACE-4125-AE86-672F4F2A6A28}" = Bing Maps 3D
"{8220EEFE-38CD-377E-8595-13398D740ACE}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17
"{8875A1C0-6308-4790-8CF6-D34E89880052}" = Adobe Linguistics CS4 x64
"{887797BF-37A5-4199-B0C9-0D38D6196E9A}" = Adobe Anchor Service x64 CS4
"{8C8D673B-20FB-43E6-BCB7-9B3F78F2E762}" = Adobe Type Support x64 CS4
"{8DAA31EB-6830-4006-A99F-4DF8AB24714F}" = Adobe CSI CS4 x64
"{90BA8112-80B3-4617-A3C1-BD2771B60F74}" = Adobe CMaps x64 CS4
"{95120000-00B9-0409-1000-0000000FF1CE}" = Microsoft Application Error Reporting
"{A3454894-144A-4D80-B605-C128FE0D7329}" = Adobe Drive CS4 x64
"{B37A99DD-88E2-4ED0-80B4-1E054AB354BF}" = Adobe InDesign CS4 Icon Handler x64
"{B91110FB-33B4-468B-90C2-4D5E8AE3FAE1}" = Bonjour
"{BCA9334F-B6C9-4F65-9A73-AC5A329A4D04}" = PlayReady PC Runtime amd64
"{CDDCBBF1-2703-46BC-938B-BCC81A1EEAAA}" = SUPERAntiSpyware
"{D40172D6-CE2D-4B72-BF5F-26A04A900B7B}" = Adobe Photoshop CS4 (64 Bit)
"{DFFABE78-8173-4E97-9C5C-22FB26192FC5}" = Adobe PDF Library Files x64 CS4
"{EE936C7A-EA40-31D5-9B65-8E3E089C3828}" = Microsoft Visual C++ 2008 ATL Update kb973924 - x64 9.0.30729.4148
"{F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4}" = Microsoft .NET Framework 4 Client Profile
"A35BD68D4A1B3E191138E3C9AA417190A9468F7E" = Windows-Treiberpaket - Leaf Imaging Ltd. Image (02/11/2010 )
"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile
"Microsoft .NET Framework 4 Client Profile DEU Language Pack" = Microsoft .NET Framework 4 Client Profile DEU Language Pack
"NVIDIA Display Control Panel" = NVIDIA Display Control Panel
"NVIDIA Drivers" = NVIDIA Drivers
"Redirection Port Monitor" = RedMon - Redirection Port Monitor
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{0001B4FD-9EA3-4D90-A79E-FD14BA3AB01D}" = PDFCreator
"{002D9D5E-29BA-3E6D-9BC4-3D7D6DBC735C}" = Microsoft Visual C++ 2008 ATL Update kb973924 - x86 9.0.30729.4148
"{05308C4E-7285-4066-BAE3-6B50DA6ED755}" = Adobe Update Manager CS4
"{054EFA56-2AC1-48F4-A883-0AB89874B972}" = Adobe Extension Manager CS4
"{098727E1-775A-4450-B573-3F441F1CA243}" = kuler
"{098A2A49-7CF3-4F08-A38D-FB879117152A}" = Adobe Color NA Extra Settings CS4
"{0D6013AB-A0C7-41DC-973C-E93129C9A29F}" = Adobe Color JA Extra Settings CS4
"{0DC0E85F-36E4-463B-B3EA-4CD8ED2222A1}" = Adobe Color EU Recommended Settings CS4
"{0F723FC1-7606-4867-866C-CE80AD292DAF}" = Adobe CSI CS4
"{119B7481-0216-40D2-A5CC-C3E1F461ECC1}" = Windows Live Fotogalerie
"{14F70205-1940-4000-88C7-BE799A6B2CAD}" = Adobe Soundbooth CS4
"{15BF7AAF-846C-4A6D-80E1-5D1FC7FB461B}" = Adobe SGM CS4
"{1618734A-3957-4ADD-8199-F973763109A8}" = Adobe Anchor Service CS4
"{16E16F01-2E2D-4248-A42F-76261C147B6C}" = Adobe Drive CS4
"{16E6D2C1-7C90-4309-8EC4-D2212690AAA4}" = AdobeColorCommonSetRGB
"{18455581-E099-4BA8-BC6B-F34B2F06600C}" = Google Toolbar for Internet Explorer
"{1A0D2EFC-C4FC-446A-8BC3-57A54CE5EADD}" = Opera 10.53
"{1AF5BB67-5884-44E1-9C9C-922A069A350D}" = Live Search Web Service SDK
"{1B7C06E1-4888-47A6-992A-0990B9683486}" = Adobe Version Cue CS4 Server
"{1DCA3EAA-6EB5-4563-A970-EA14D75037BA}" = Adobe InDesign CS4
"{1E04CB54-AF4E-4AC3-B4B7-C0A160BE57F1}" = Adobe InDesign CS4 Icon Handler
"{200C1600-2C0A-11D4-8B9E-000021DAFD63}" = Linkbot Developer Edition
"{20400dbd-e6db-45b8-9b6b-1dd7033818ec}" = Nero InfoTool Help
"{205C6BDD-7B73-42DE-8505-9A093F35A238}" = Windows Live-Uploadtool
"{22B775E7-6C42-4FC5-8E10-9A5E3257BD94}" = MSVCRT
"{2318C2B1-4965-11d4-9B18-009027A5CD4F}" = Google Toolbar for Internet Explorer
"{2348b586-c9ae-46ce-936c-a68e9426e214}" = Nero StartSmart Help
"{248e4799-db04-4b1a-902c-194669f995ce}" = Nero Move it
"{26A24AE4-039D-4CA4-87B4-2F83216018FF}" = Java(TM) 6 Update 18
"{287ECFA4-719A-2143-A09B-D6A12DE54E40}" = Acrobat.com
"{28BE306E-5DA6-4F9C-BDB0-DBA3C8C6FFFD}" = QuickTime
"{297190A1-4B0D-4CD6-8B9F-3907F15C3FD8}" = Adobe CS4 American English Speech Analysis Models
"{2BAF2B96-7560-48B4-87D4-10178DDBE217}" = Adobe InDesign CS4 Application Feature Set Files (Roman)
"{30C8AA56-4088-426F-91D1-0EDFD3A25678}" = Adobe Dreamweaver CS4
"{33cf58f5-48d8-4575-83d6-96f574e4d83a}" = Nero DriveSpeed
"{35D94F92-1D3A-43C5-8605-EA268B1A7BD9}" = PDF Settings CS4
"{39F6E2B4-CFE8-C30A-66E8-489651F0F34C}" = Adobe Media Player
"{3A438F62-00EE-4422-906B-6D9E107FC33F}" = Serif DrawPlus X2
"{3A4E8896-C2E7-4084-A4A4-B8FD1894E739}" = Adobe XMP Panels CS4
"{3B4E636E-9D65-4D67-BA61-189800823F52}" = Windows Live Communications Platform
"{3D2C9DE6-9ADE-4252-A241-E43723B0CE02}" = Adobe Color - Photoshop Specific CS4
"{3DA8DF9A-044E-46C4-8531-DEDBB0EE37FF}" = Adobe WinSoft Linguistics Plugin
"{3E6F0CAD-EE38-42A5-9EEA-AE17A55BF2D4}" = Firebird SQL Server - MAGIX Edition
"{3f6c76b9-ad6f-4674-82f6-46e491b21791}" = Nero 9 Essentials
"{428FDF9F-E010-4C4C-A8BB-156960AFCA1C}" = Adobe Fireworks CS4
"{43509E18-076E-40FE-AF38-CA5ED400A5A9}" = Pixel Bender Toolkit
"{44E240EC-2224-4078-A88B-2CEE0D3016EF}" = Adobe After Effects CS4 Presets
"{45EC816C-0771-4C14-AE6D-72D1B578F4C8}" = Adobe After Effects CS4
"{47C6F987-685A-41AE-B092-E75B277AEE39}" = Adobe Flash CS4 Extension - Flash Lite STI others
"{4943EFF5-229F-435D-BEA9-BE3CAEA783A7}" = Adobe Service Manager Extension
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{4A52555C-032A-4083-BDD9-6A85ABFB39A8}" = Adobe SING CS4
"{4D43D635-6FDA-4fa5-AA9B-23CF73D058EA}" = Nero StartSmart OEM
"{4DE3E3D9-AE81-45DE-9195-3015F7B1DBF3}" = Junk Mail filter update
"{52B97218-98CB-4B8B-9283-D213C85E1AA4}" = Windows Live Anmelde-Assistent
"{5511C07D-A83C-45AD-92B6-42DF99729A3C}" = Adobe Photoshop Elements 7.0
"{56C049BE-79E9-4502-BEA7-9754A3E60F9B}" = neroxml
"{5791B7D3-8B34-4218-9750-6A8E45D0AD32}" = pdfforge Toolbar v1.1.2
"{595a3116-40bb-4e0f-a2e8-d7951da56270}" = NeroExpress
"{5A166C0B-9557-4364-A057-F946D674E6AC}" = Windows Live Mail
"{5EAD5443-7194-46CC-A055-428E6ABB1BAF}" = Adobe Encore CS4
"{5EE7D259-D137-4438-9A5F-42F432EC0421}" = VC80CRTRedist - 8.0.50727.4053
"{5FC68772-6D56-41C6-9DF1-24E868198AE6}" = Windows Live Call
"{60DB5894-B5A1-4B62-B0F3-669A22C0EE5D}" = Adobe Dynamiclink Support
"{61D6891E-E822-4448-9F9A-0AAAAEB6AF6C}" = Adobe Creative Suite 4 Master Collection
"{62F7DA7E-CCCB-439C-A760-00C3926E761F}" = Microsoft Works
"{63C24A08-70F3-4C8E-B9FB-9F21A903801D}" = Adobe Color Video Profiles CS CS4
"{63E5CDBF-8214-4F03-84F8-CD3CE48639AD}" = Adobe Photoshop CS4 Support
"{651CA61C-6803-4E74-8CA6-9DA721F1D24E}" = iDumpPod2iTunes
"{67F0E67A-8E93-4C2C-B29D-47C48262738A}" = Adobe Device Central CS4
"{68243FF8-83CA-466B-B2B8-9F99DA5479C4}" = AdobeColorCommonSetCMYK
"{68A35043-C55A-4237-88C9-37EE1C63ED71}" = Microsoft Visual J# 2.0 Redistributable Package
"{6956856F-B6B3-4BE0-BA0B-8F495BE32033}" = Apple Software Update
"{69FDFBB6-351D-4B8C-89D8-867DC9D0A2A4}" = Windows Media Player Firefox Plugin
"{6e345bf7-2af5-4adc-901c-72941b68258b}" = Nero Move it Essentials
"{7299052b-02a4-4627-81f2-1818da5d550d}" = Microsoft Visual C++ 2005 Redistributable
"{7406DF60-016D-476B-A2C7-55D997592047}" = Adobe OnLocation CS4
"{770657D0-A123-3C07-8E44-1C83EC895118}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
"{7748ac8c-18e3-43bb-959b-088faea16fb2}" = Nero StartSmart
"{7CC7BDD5-6F10-4724-96A1-EAC7D9F2831C}" = Adobe InDesign CS4 Common Base Files
"{7F811A54-5A09-4579-90E1-C93498E230D9}" = Packard Bell Recovery Management
"{81821BF8-DA20-4F8C-AA87-F70A274828D4}" = Windows Live Writer
"{81C5AD1D-C7C6-48AC-AC85-8F04293B1780}" = USB Display Device (Trigger 1+) 9.10.0526.0159
"{820D3F45-F6EE-4AAF-81EF-CE21FF21D230}" = Adobe Type Support CS4
"{82C36957-D2B8-4EF2-B88C-5FA03AA848C7-110209593}" = Chicken Invaders 2
"{82C36957-D2B8-4EF2-B88C-5FA03AA848C7-110551697}" = Granny In Paradise
"{82C36957-D2B8-4EF2-B88C-5FA03AA848C7-112662477}" = Merriam Websters Spell Jam
"{82C36957-D2B8-4EF2-B88C-5FA03AA848C7-11273477}" = Amazonia
"{82C36957-D2B8-4EF2-B88C-5FA03AA848C7-112920767}" = Alice Greenfingers
"{82C36957-D2B8-4EF2-B88C-5FA03AA848C7-113786380}" = Heroes of Hellas
"{82C36957-D2B8-4EF2-B88C-5FA03AA848C7-113832110}" = Dream Day First Home
"{82C36957-D2B8-4EF2-B88C-5FA03AA848C7-114803710}" = Star Defender 4
"{82C36957-D2B8-4EF2-B88C-5FA03AA848C7-115053100}" = Dairy Dash
"{82C36957-D2B8-4EF2-B88C-5FA03AA848C7-11531173}" = Farm Frenzy 2
"{83202942-84b3-4c50-8622-b8c0aa2d2885}" = Nero Express Help
"{837B6259-6FF5-4E66-87C1-A5A15ED36FF4}" = Windows Live Messenger
"{83877DB1-8B77-45BC-AB43-2BAC22E093E0}" = Adobe Bridge CS4
"{842B4B72-9E8F-4962-B3C1-1C422A5C4434}" = Suite Shared Configuration CS4
"{869200db-287a-4dc0-b02b-2b6787fbcd4c}" = Nero DiscSpeed
"{87532CAB-7932-4F84-8937-823337622807}" = Adobe Illustrator CS4
"{8829E394-87E1-41C0-BCED-9B47F7C6DCDD}" = Serif WebPlus X2
"{88EB38EF-4D2C-436D-ABD3-56B232674062}" = ICQ7
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{8D3562E7-C795-4B5D-A091-6DAA3FF0DF3B}" = Macromedia HomeSite+
"{8FFC5648-FAF8-43A3-BC8F-42BA1E275C4E}" = Choice Guard
"{90120000-0020-0407-0000-0000000FF1CE}" = Compatibility Pack für 2007 Office System
"{901A0407-6000-11D3-8CFE-0150048383C9}" = Microsoft Office Outlook 2003
"{91110407-6000-11D3-8CFE-0050048383C9}" = Microsoft Office XP Professional
"{91E04CA7-0B13-4F8C-AA4D-2A573AC96D19}" = Windows Live Essentials
"{9242564e-02e9-4ea8-9d2d-351f6f728e1c}_is1" = Packard Bell GameZone Console
"{931AB7EA-3656-4BB7-864D-022B09E3DD67}" = Adobe Linguistics CS4
"{94D398EB-D2FD-4FD1-B8C4-592635E8A191}" = Adobe CMaps CS4
"{981029E0-7FC9-4CF3-AB39-6F133621921A}" = Skype Toolbars
"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
"{9DCFC564-606E-424F-8A1C-56DD14908AF6}" = Serif PhotoPlus X2
"{A2BCA9F1-566C-4805-97D1-7FDC93386723}" = Adobe AIR
"{A6EC82A0-1414-475D-8AFD-469089F3080D}" = Adobe Contribute CS4
"{A8833100-1481-11D4-9731-00C04F8EEB39}" = Macromedia Fireworks 4
"{A8F2089B-1F79-4BF6-B385-A2C2B0B9A74D}" = ImagXpress
"{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper
"{AAF89271-2594-468D-B578-96B2E30C41C4}" = eBay Worldwide
"{AC76BA86-7AD7-FFFF-7B44-A91000000001}" = Adobe Reader 9.1 MUI
"{AD88355B-A4E0-4DA1-BAC3-EA4FEA930691}" = Ipswitch WS_FTP 12
"{AFAC914D-9E83-4A89-8ABE-427521C82CCF}" = Safari
"{B05DE7B7-0B40-4411-BD4B-222CAE2D8F15}" = Adobe MotionPicture Color Files CS4
"{B15381DD-FF97-4FCD-A881-ED4DB0975500}" = Adobe Color Video Profiles AE CS4
"{B169BC97-B8AA-4ACA-9CF2-9D0FF5BABDF7}" = Adobe Premiere Pro CS4 Functional Content
"{B29AD377-CC12-490A-A480-1452337C618D}" = Connect
"{B2D328BE-45AD-4D92-96F9-2151490A203E}" = Apple Application Support
"{b2ec4a38-b545-4a00-8214-13fe0e915e6d}" = Advertising Center
"{B65BA85C-0A27-4BC0-A22D-A66F0E5B9494}" = Adobe Photoshop CS4
"{B9F4561A-924D-4510-A85A-BB0960C338CB}" = Adobe Asset Services CS4
"{BB4E33EC-8181-4685-96F7-8554293DEC6A}" = Adobe Output Module
"{BD3374D3-C2E6-42B7-A80B-E850B6886246}" = Adobe Flash CS4 STI-other
"{bd5ca0da-71ad-43da-b19e-6eee0c9adc9a}" = Nero ControlCenter
"{BE9CEAAA-F069-4331-BF2F-8D350F6504F4}" = Adobe Media Encoder CS4 Additional Exporter
"{BF1EC9C0-9C10-11DF-BBC7-005056C00008}" = Google Earth
"{C52E3EC1-048C-45E1-8D53-10B0C6509683}" = Adobe Default Language CS4
"{C57BCDE1-7CB9-467D-B3BA-7E119916CDC1}" = Norton Online Backup
"{CB6075D9-F912-40AE-BEA6-E590DA24F16B}" = Adobe Photoshop Elements 7.0
"{cc019e3f-59d2-4486-8d4b-878105b62a71}" = Nero DiscSpeed Help
"{CC75AB5C-2110-4A7F-AF52-708680D22FE8}" = Photoshop Camera Raw
"{D103C4BA-F905-437A-8049-DB24763BBE36}" = Skype™ 4.1
"{D499F8DE-3F31-4900-9157-61061613704B}" = Adobe Premiere Pro CS4
"{DAB265AD-27B2-4651-B8D8-F4F3A8ECC705}" = ScreenManager Pro for LCD
"{dba84796-8503-4ff0-af57-1747dd9a166d}" = Nero Online Upgrade
"{DEB90B8E-0DCB-48CE-B90E-8842A2BD643E}" = Adobe Media Encoder CS4
"{defa5390-8533-47b5-81f7-3816916bdc6f}" = Nero Move it Help
"{E10DB5DA-E576-40EA-A7FC-1CB2A7B283A6}" = NVIDIA PhysX
"{e5c7d048-f9b4-4219-b323-8bdb01a2563d}" = Nero DriveSpeed Help
"{E8A602BF-C276-4DB2-A9FF-B4C30EA1CB7C}_is1" = iDump (Freeware) Build:31
"{e8a80433-302b-4ff1-815d-fcc8eac482ff}" = Nero Installer
"{E8EE9410-8AC4-4F43-A626-DDECA75C79F3}" = Adobe Setup
"{ED636101-1959-4360-8BF7-209436E7DEE4}" = Windows Live Sync
"{EE171732-BEB4-4576-887D-CB62727F01CA}" = Packard Bell Updater
"{EE353798-E875-42E0-B58D-7E6696182EA8}" = Adobe Media Encoder CS4 Dolby
"{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}" = Microsoft SQL Server 2005 Compact Edition [ENU]
"{F0E64E2E-3A60-40D8-A55D-92F6831875DA}" = Adobe Search for Help
"{F1000000-0001-0000-0000-074957833700}" = ABBYY FineReader 10 Professional Edition
"{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver
"{F187CE58-99E6-443C-0001-61F9EB731B1B}" = MyTube Internet Recorder
"{f4041dce-3fe1-4e18-8a9e-9de65231ee36}" = Nero ControlCenter
"{F6E99614-F042-4459-82B7-8B38B2601356}" = Adobe Flash CS4
"{F8EF2B3F-C345-4F20-8FE4-791A20333CD5}" = Adobe ExtendScript Toolkit CS4
"{F93C84A6-0DC6-42AF-89FA-776F7C377353}" = Adobe PDF Library Files CS4
"{fbcdfd61-7dcf-4e71-9226-873ba0053139}" = Nero InfoTool
"{FCDD51BB-CAD0-4BB1-B7DF-CE86D1032794}" = Adobe Fonts All
"{FF66E9F6-83E7-3A3E-AF14-8DE9A809A6A4}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022
"Adobe AIR" = Adobe AIR
"Adobe Flash Player ActiveX" = Adobe Flash Player 10 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 10 Plugin
"Adobe Photoshop 7.0" = Adobe Photoshop 7.0
"Adobe Photoshop Elements 7" = Adobe Photoshop Elements 7.0
"Adobe Shockwave Player" = Adobe Shockwave Player 11.5
"Adobe_b2d6abde968e6f277ddbfd501383e02" = Adobe Creative Suite 4 Master Collection
"Advanced Log Analyzer 2_is1" = Advanced Log Analyzer 2.1.1
"Akamai" = Akamai NetSession Interface
"Avira AntiVir Desktop" = Avira AntiVir Personal - Free Antivirus
"CaptureOne5_is1" = Capture One 5.1
"com.adobe.amp.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1" = Adobe Media Player
"Computer-Lernkartei" = Computer-Lernkartei
"CrossLoop_is1" = CrossLoop 2.70
"DivX Setup.divx.com" = DivX-Setup
"Email Grabber" = Email Grabber 2
"email grabber_is1" = onl!ne email grabber professional 2.1.7
"ERUNT_is1" = ERUNT 1.1j
"FileZilla Client" = FileZilla Client 3.3.1
"Free FLV Converter_is1" = Free FLV Converter V 6.7.5
"FreePDF_XP" = FreePDF (Remove only)
"FTP Commander" = FTP Commander
"Google Desktop" = Google Desktop
"GPL Ghostscript 8.71" = GPL Ghostscript 8.71
"Identity Card" = Identity Card
"Image Icon Converter_is1" = Image Icon Converter 1.3
"iPod to Computer Transfer" = iPod to Computer Transfer 4.8.3
"LeechFTP" = LeechFTP
"MAGIX Foto Manager 8 D" = MAGIX Foto Manager 8
"MAGIX Fotobuch" = MAGIX Fotobuch 3.6
"MAGIX Media Suite D" = MAGIX Media Suite
"MAGIX Online Druck Service D" = MAGIX Online Druck Service
"MAGIX Ringtone Maker SE D" = MAGIX Ringtone Maker SE
"Malwarebytes' Anti-Malware_is1" = Malwarebytes' Anti-Malware
"Metaboli" = Metaboli
"Microsoft Visual J# 2.0 Redistributable Package" = Microsoft Visual J# 2.0 Redistributable Package
"Miranda IM" = Miranda IM 0.8.16
"Mozilla Firefox (3.6.8)" = Mozilla Firefox (3.6.8)
"mufin player D" = mufin player
"Packard Bell InfoCentre" = Packard Bell InfoCentre
"Packard Bell Photo Frame" = Packard Bell Photo Frame 4.2.3.10
"Packard Bell Registration" = Packard Bell Registration
"Packard Bell Screensaver" = Packard Bell ScreenSaver
"Packard Bell Software Suite SE" = Packard Bell Software Suite SE
"Packard Bell Welcome Center" = Welcome Center
"QTam Bitmap to Icon_is1" = QTam Bitmap to Icon 3.5
"Teamspeak 2 RC2_is1" = TeamSpeak 2 RC2
"TmNations_is1" = TrackMania Nations ESWC 1.7.9
"TmUnitedForever_is1" = TmUnitedForever Update 2010-03-15
"TopStyle Lite (Version 2)" = TopStyle Lite (Version 2)
"WinLiveSuite_Wave3" = Windows Live Essentials
"Xilisoft iPod Manager" = Xilisoft iPod to PC Copy
========== HKEY_CURRENT_USER Uninstall List ==========
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"Google Chrome" = Google Chrome
"Progress Bar" = Progress Bar
"Progress Monitor Demo" = Progress Monitor Demo
"TeamSpeak 3 Client" = TeamSpeak 3 Client
========== Last 10 Event Log Errors ==========
[ Application Events ]
Error - 13.08.2010 04:03:26 | Computer Name = PB | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: m->NextScheduledSPRetry 2012
Error - 13.08.2010 04:03:27 | Computer Name = PB | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: Continuously busy for more than a second
Error - 13.08.2010 04:03:27 | Computer Name = PB | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: m->NextScheduledEvent 3010
Error - 13.08.2010 04:03:27 | Computer Name = PB | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: m->NextScheduledSPRetry 3010
Error - 13.08.2010 04:03:28 | Computer Name = PB | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: Continuously busy for more than a second
Error - 13.08.2010 04:03:28 | Computer Name = PB | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: m->NextScheduledEvent 4009
Error - 13.08.2010 04:03:28 | Computer Name = PB | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: m->NextScheduledSPRetry 4009
Error - 13.08.2010 04:03:29 | Computer Name = PB | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: Continuously busy for more than a second
Error - 13.08.2010 04:03:29 | Computer Name = PB | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: m->NextScheduledEvent 5007
Error - 13.08.2010 04:03:29 | Computer Name = PB | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: m->NextScheduledSPRetry 5007
[ Media Center Events ]
Error - 04.01.2010 10:10:32 | Computer Name = PB | Source = MCUpdate | ID = 0
Description = 15:10:32 - Fehler beim Herstellen der Internetverbindung. 15:10:32
- Serververbindung konnte nicht hergestellt werden..
[ System Events ]
Error - 22.06.2010 06:57:28 | Computer Name = PB | Source = Service Control Manager | ID = 7031
Description = Der Dienst "Netzwerkverbindungen" wurde unerwartet beendet. Dies ist
bereits 1 Mal vorgekommen. Folgende Korrekturmaßnahmen werden in 100 Millisekunden
durchgeführt: Neustart des Diensts.
Error - 22.06.2010 06:57:28 | Computer Name = PB | Source = Service Control Manager | ID = 7031
Description = Der Dienst "Programmkompatibilitäts-Assistent-Dienst" wurde unerwartet
beendet. Dies ist bereits 1 Mal vorgekommen. Folgende Korrekturmaßnahmen werden
in 60000 Millisekunden durchgeführt: Neustart des Diensts.
Error - 22.06.2010 06:57:28 | Computer Name = PB | Source = Service Control Manager | ID = 7031
Description = Der Dienst "Superfetch" wurde unerwartet beendet. Dies ist bereits
1 Mal vorgekommen. Folgende Korrekturmaßnahmen werden in 60000 Millisekunden durchgeführt:
Neustart des Diensts.
Error - 22.06.2010 06:57:28 | Computer Name = PB | Source = Service Control Manager | ID = 7031
Description = Der Dienst "Überwachung verteilter Verknüpfungen (Client)" wurde unerwartet
beendet. Dies ist bereits 1 Mal vorgekommen. Folgende Korrekturmaßnahmen werden
in 120000 Millisekunden durchgeführt: Neustart des Diensts.
Error - 22.06.2010 06:57:28 | Computer Name = PB | Source = Service Control Manager | ID = 7031
Description = Der Dienst "Sitzungs-Manager für Desktopfenster-Manager" wurde unerwartet
beendet. Dies ist bereits 1 Mal vorgekommen. Folgende Korrekturmaßnahmen werden
in 120000 Millisekunden durchgeführt: Neustart des Diensts.
Error - 22.06.2010 06:57:28 | Computer Name = PB | Source = Service Control Manager | ID = 7031
Description = Der Dienst "Enumeratordienst für tragbare Geräte" wurde unerwartet
beendet. Dies ist bereits 1 Mal vorgekommen. Folgende Korrekturmaßnahmen werden
in 120000 Millisekunden durchgeführt: Neustart des Diensts.
Error - 22.06.2010 06:57:28 | Computer Name = PB | Source = Service Control Manager | ID = 7031
Description = Der Dienst "Windows Driver Foundation - Benutzermodus-Treiberframework"
wurde unerwartet beendet. Dies ist bereits 1 Mal vorgekommen. Folgende Korrekturmaßnahmen
werden in 120000 Millisekunden durchgeführt: Neustart des Diensts.
Error - 24.06.2010 05:26:54 | Computer Name = PB | Source = Service Control Manager | ID = 7031
Description = Der Dienst "Apple Mobile Device" wurde unerwartet beendet. Dies ist
bereits 1 Mal vorgekommen. Folgende Korrekturmaßnahmen werden in 60000 Millisekunden
durchgeführt: Neustart des Diensts.
Error - 24.06.2010 05:27:06 | Computer Name = PB | Source = Service Control Manager | ID = 7031
Description = Der Dienst "Apple Mobile Device" wurde unerwartet beendet. Dies ist
bereits 2 Mal vorgekommen. Folgende Korrekturmaßnahmen werden in 60000 Millisekunden
durchgeführt: Neustart des Diensts.
Error - 24.06.2010 05:28:06 | Computer Name = PB | Source = Service Control Manager | ID = 7032
Description = Der Versuch des Dienststeuerungs-Managers, nach dem unerwarteten Beenden
des Dienstes "Apple Mobile Device" Korrekturmaßnahmen (Neustart des Diensts) durchzuführen,
ist fehlgeschlagen. Fehler: %%1056
< End of report >
[/QUOTE] okay, ich hatte, nachdem alles soweit bereinigt zu sein schien, einen Reboot im "Normalen" Modus gemacht. Nachdem dort nun einige Male die "explorer.exe" abgestürzt war, habe ich noch mal einen kompletten Scan mit MBAM gemacht - dort wurden jetzt Einträge mit "Adware.WidgiToolbar" gefunden: Log File: Zitat:
Kann mir jemand sagen, ob das ein Rest meines Trojaners ist? |
|
| Themen zu AntiMalwareDoctor - Auch ich habe ihn |
| 0x00000001, 7-zip, abgesicherten, adobe after effects, adware.widgitoolbar, alternate, analysis, anleitung, antimalwaredoctor, appdata, avgntflt.sys, c:\windows\system32\rundll32.exe, components, cs4/contributeieplugin.dll, detected, druck, erhalte, file, files, firefox.exe, forum, home premium, indesign, install.exe, internet, intranet, load.exe, local\temp, location, log, log file, media center, microsoft, monitor.exe, need for speed, oldtimer, packard bell, pdfforge toolbar, plug-in, popups, programdata, rechner, saver, scan, sched.exe, schädling, searchplugins, sekunden, shell32.dll, shortcut, spigot, superantispyware, syswow64, temporary, thema, verbreitet, version, webcheck, win, win7, windows |
Linear-Darstellung
