| |
| |||||||
Plagegeister aller Art und deren Bekämpfung: Unbekannte MeldungWindows 7 Wenn Du nicht sicher bist, ob Du dir Malware oder Trojaner eingefangen hast, erstelle hier ein Thema. Ein Experte wird sich mit weiteren Anweisungen melden und Dir helfen die Malware zu entfernen oder Unerwünschte Software zu deinstallieren bzw. zu löschen. Bitte schildere dein Problem so genau wie möglich. Sollte es ein Trojaner oder Viren Problem sein wird ein Experte Dir bei der Beseitigug der Infektion helfen. |
 |
05.09.2010, 20:00
| #1 |
 |  Unbekannte Meldung Hi zusammen ! Bekomme nach dem Starten von Windows 7 folgende Meldung auf dem Desktop: Probleme beim Starten von winfir32.rom. Das angegebene Modul wurde nicht gefunden. Kennt jemand diese Meldung und was kann ich dagegen unternehmen? Danke im Voraus  |
|
05.09.2010, 21:44
| #2 |
| /// Winkelfunktion /// TB-Süch-Tiger™   | Unbekannte Meldung Hallo und
__________________ Eine Bereinigung ist mitunter mit viel Arbeit für Dich verbunden.
Hinweis: Ich kann Dir niemals eine Garantie geben, dass ich auch alles finde. Eine Formatierung ist meist der Schnellere und immer der sicherste Weg. Solltest Du Dich für eine Bereinigung entscheiden, arbeite solange mit, bis dir jemand vom Team sagt, dass Du clean bist. Vista und Win7 User Alle Tools mit Rechtsklick "als Administrator ausführen" starten. Bitte routinemäßig einen Vollscan mit Malwarebytes machen und Log posten. Denk daran, dass Malwarebytes vor jedem Scan manuell aktualisiert werden muss! Danach OTL: Systemscan mit OTL Lade Dir bitte OTL von Oldtimer herunter und speichere es auf Deinem Desktop
__________________ |
|
06.09.2010, 19:13
| #3 |
| | Unbekannte Meldung Hier die Postes:
__________________1. OTL.txtOTL Logfile: Code:
ATTFilter OTL logfile created on: 06.09.2010 20:00:34 - Run 1 OTL by OldTimer - Version 3.2.11.0 Folder = C:\Users\Peter Wichtel\Downloads An unknown product (Version = 6.1.7600) - Type = NTWorkstation Internet Explorer (Version = 8.0.7600.16385) Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy 3,00 Gb Total Physical Memory | 2,00 Gb Available Physical Memory | 73,00% Memory free 6,00 Gb Paging File | 5,00 Gb Available in Paging File | 82,00% Paging File free Paging file location(s): ?:\pagefile.sys [binary data] %SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files Drive C: | 249,60 Gb Total Space | 167,93 Gb Free Space | 67,28% Space Free | Partition Type: NTFS Drive D: | 449,04 Gb Total Space | 400,96 Gb Free Space | 89,29% Space Free | Partition Type: NTFS Drive E: | 666,67 Gb Total Space | 633,28 Gb Free Space | 94,99% Space Free | Partition Type: NTFS Drive F: | 264,84 Gb Total Space | 230,99 Gb Free Space | 87,22% Space Free | Partition Type: NTFS Drive G: | 931,28 Gb Total Space | 673,38 Gb Free Space | 72,31% Space Free | Partition Type: FAT32 H: Drive not present or media not loaded Drive I: | 2,83 Gb Total Space | 0,00 Gb Free Space | 0,00% Space Free | Partition Type: UDF Computer Name: BENGELCHEN-1 Current User Name: Peter Wichtel Logged in as Administrator. Current Boot Mode: Normal Scan Mode: Current user Company Name Whitelist: Off Skip Microsoft Files: Off File Age = 30 Days Output = Minimal ========== Processes (SafeList) ========== PRC - C:\Users\Peter Wichtel\Downloads\OTL.exe (OldTimer Tools) PRC - C:\Programme\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe (Macrovision Europe Ltd.) PRC - D:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation) PRC - C:\Windows\System32\atieclxx.exe (AMD) PRC - C:\Windows\System32\atiesrxx.exe (AMD) PRC - D:\Program Files\Winamp\winampa.exe (Nullsoft, Inc.) PRC - D:\Avira\AntiVir Desktop\avwebgrd.exe (Avira GmbH) PRC - D:\Avira\AntiVir Desktop\avguard.exe (Avira GmbH) PRC - D:\Avira\AntiVir Desktop\avmailc.exe (Avira GmbH) PRC - C:\Programme\Nero\Update\NASvc.exe (Nero AG) PRC - C:\Programme\Common Files\ArcSoft\Connection Service\Bin\ACService.exe (ArcSoft Inc.) PRC - D:\Avira\AntiVir Desktop\avgnt.exe (Avira GmbH) PRC - D:\Avira\AntiVir Desktop\sched.exe (Avira GmbH) PRC - D:\Avira\AntiVir Desktop\avshadow.exe (Avira GmbH) PRC - C:\Programme\Application Updater\ApplicationUpdater.exe (Spigot, Inc.) PRC - C:\Windows\explorer.exe (Microsoft Corporation) PRC - D:\Program Files\TuneUp Utilities 2010\TuneUpUtilitiesApp32.exe (TuneUp Software) PRC - D:\Program Files\TuneUp Utilities 2010\TuneUpUtilitiesService32.exe (TuneUp Software) PRC - C:\Programme\Logitech\Logitech WebCam Software\LWS.exe () PRC - C:\Programme\Common Files\logishrd\LQCVFX\COCIManager.exe () PRC - C:\Programme\Common Files\logishrd\LVMVFM\LVPrcSrv.exe (Logitech Inc.) PRC - C:\Programme\Windows Media Player\wmpnetwk.exe (Microsoft Corporation) PRC - C:\Windows\System32\taskhost.exe (Microsoft Corporation) PRC - c:\Programme\Windows Defender\MpCmdRun.exe (Microsoft Corporation) PRC - C:\Windows\System32\conhost.exe (Microsoft Corporation) PRC - C:\Programme\Cyberlink\Shared Files\brs.exe (cyberlink) PRC - D:\Program Files\CyberLink\PowerDVD9\PowerDVD9\PDVD9Serv.exe (CyberLink Corp.) PRC - D:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe (Microsoft Corporation) PRC - C:\Programme\Pinnacle\Shared Files\Programs\USBTip\USBTip.exe (Pinnacle Systems GmbH) PRC - C:\Programme\Common Files\microsoft shared\VS7DEBUG\mdm.exe (Microsoft Corporation) PRC - C:\Programme\Adobe\Acrobat 8.0\Acrobat\acrotray.exe (Adobe Systems Inc.) ========== Modules (SafeList) ========== MOD - C:\Users\Peter Wichtel\Downloads\OTL.exe (OldTimer Tools) MOD - C:\Windows\System32\sspicli.dll (Microsoft Corporation) MOD - C:\Windows\System32\sechost.dll (Microsoft Corporation) MOD - C:\Windows\System32\samcli.dll (Microsoft Corporation) MOD - C:\Windows\System32\profapi.dll (Microsoft Corporation) MOD - C:\Windows\System32\netutils.dll (Microsoft Corporation) MOD - C:\Windows\System32\KernelBase.dll (Microsoft Corporation) MOD - C:\Windows\System32\dwmapi.dll (Microsoft Corporation) MOD - C:\Windows\System32\devobj.dll (Microsoft Corporation) MOD - C:\Windows\System32\cryptbase.dll (Microsoft Corporation) MOD - C:\Windows\System32\cfgmgr32.dll (Microsoft Corporation) MOD - C:\Windows\System32\msscript.ocx (Microsoft Corporation) MOD - C:\Windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7600.16385_none_421189da2b7fabfc\comctl32.dll (Microsoft Corporation) ========== Win32 Services (SafeList) ========== SRV - (TuneUp.Defrag) -- D:\Program Files\TuneUp Utilities 2010\TuneUpDefragService.exe (TuneUp Software) SRV - (FLEXnet Licensing Service) -- C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe (Macrovision Europe Ltd.) SRV - (AMD External Events Utility) -- C:\Windows\System32\atiesrxx.exe (AMD) SRV - (AntiVirWebService) -- D:\Avira\AntiVir Desktop\AVWEBGRD.EXE (Avira GmbH) SRV - (AntiVirService) -- D:\Avira\AntiVir Desktop\avguard.exe (Avira GmbH) SRV - (AntiVirMailService) -- D:\Avira\AntiVir Desktop\avmailc.exe (Avira GmbH) SRV - (NAUpdate) -- C:\Program Files\Nero\Update\NASvc.exe (Nero AG) SRV - (ACDaemon) -- C:\Programme\Common Files\ArcSoft\Connection Service\Bin\ACService.exe (ArcSoft Inc.) SRV - (AntiVirSchedulerService) -- D:\Avira\AntiVir Desktop\sched.exe (Avira GmbH) SRV - (Application Updater) -- C:\Program Files\Application Updater\ApplicationUpdater.exe (Spigot, Inc.) SRV - (TuneUp.UtilitiesSvc) -- D:\Program Files\TuneUp Utilities 2010\TuneUpUtilitiesService32.exe (TuneUp Software) SRV - (UxTuneUp) -- C:\Windows\System32\uxtuneup.dll (TuneUp Software) SRV - (LVPrcSrv) -- C:\Program Files\Common Files\LogiShrd\LVMVFM\LVPrcSrv.exe (Logitech Inc.) SRV - (WwanSvc) -- C:\Windows\System32\wwansvc.dll (Microsoft Corporation) SRV - (WbioSrvc) -- C:\Windows\System32\wbiosrvc.dll (Microsoft Corporation) SRV - (Power) -- C:\Windows\System32\umpo.dll (Microsoft Corporation) SRV - (Themes) -- C:\Windows\System32\themeservice.dll (Microsoft Corporation) SRV - (sppuinotify) -- C:\Windows\System32\sppuinotify.dll (Microsoft Corporation) SRV - (StorSvc) -- C:\Windows\System32\StorSvc.dll (Microsoft Corporation) SRV - (RpcEptMapper) -- C:\Windows\System32\RpcEpMap.dll (Microsoft Corporation) SRV - (SensrSvc) -- C:\Windows\System32\sensrsvc.dll (Microsoft Corporation) SRV - (PeerDistSvc) -- C:\Windows\System32\PeerDistSvc.dll (Microsoft Corporation) SRV - (PNRPsvc) -- C:\Windows\System32\pnrpsvc.dll (Microsoft Corporation) SRV - (p2pimsvc) -- C:\Windows\System32\pnrpsvc.dll (Microsoft Corporation) SRV - (HomeGroupProvider) -- C:\Windows\System32\provsvc.dll (Microsoft Corporation) SRV - (PNRPAutoReg) -- C:\Windows\System32\pnrpauto.dll (Microsoft Corporation) SRV - (WinDefend) -- C:\Programme\Windows Defender\MpSvc.dll (Microsoft Corporation) SRV - (HomeGroupListener) -- C:\Windows\System32\ListSvc.dll (Microsoft Corporation) SRV - (FontCache) -- C:\Windows\System32\FntCache.dll (Microsoft Corporation) SRV - (Dhcp) -- C:\Windows\System32\dhcpcore.dll (Microsoft Corporation) SRV - (defragsvc) -- C:\Windows\System32\defragsvc.dll (Microsoft Corporation) SRV - (BDESVC) -- C:\Windows\System32\bdesvc.dll (Microsoft Corporation) SRV - (AxInstSV) ActiveX-Installer (AxInstSV) -- C:\Windows\System32\AxInstSv.dll (Microsoft Corporation) SRV - (AppIDSvc) -- C:\Windows\System32\appidsvc.dll (Microsoft Corporation) SRV - (sppsvc) -- C:\Windows\System32\sppsvc.exe (Microsoft Corporation) SRV - (Microsoft Office Groove Audit Service) -- D:\Program Files\Microsoft Office\Office12\GrooveAuditService.exe (Microsoft Corporation) ========== Driver Services (SafeList) ========== DRV - (atikmdag) -- C:\Windows\System32\drivers\atikmdag.sys (ATI Technologies Inc.) DRV - (amdkmdag) -- C:\Windows\System32\drivers\atikmdag.sys (ATI Technologies Inc.) DRV - (amdkmdap) -- C:\Windows\System32\drivers\atikmpag.sys (Advanced Micro Devices, Inc.) DRV - (AtiHdmiService) -- C:\Windows\System32\drivers\AtiHdmi.sys (ATI Technologies, Inc.) DRV - (RTL8167) -- C:\Windows\System32\drivers\Rt86win7.sys (Realtek ) DRV - (avipbb) -- C:\Windows\System32\drivers\avipbb.sys (Avira GmbH) DRV - (avgntflt) -- C:\Windows\System32\drivers\avgntflt.sys (Avira GmbH) DRV - (KSecPkg) -- C:\Windows\System32\Drivers\ksecpkg.sys (Microsoft Corporation) DRV - (mod7700) -- C:\Windows\System32\drivers\dvb7700all.sys (DiBcom) DRV - (TuneUpUtilitiesDrv) -- D:\Program Files\TuneUp Utilities 2010\TuneUpUtilitiesDriver32.sys (TuneUp Software) DRV - (LVPr2Mon) -- C:\Windows\System32\drivers\LVPr2Mon.sys () DRV - (cmdide) -- C:\Windows\system32\DRIVERS\cmdide.sys (CMD Technology, Inc.) DRV - (adpahci) -- C:\Windows\system32\DRIVERS\adpahci.sys (Adaptec, Inc.) DRV - (adp94xx) -- C:\Windows\system32\DRIVERS\adp94xx.sys (Adaptec, Inc.) DRV - (amdsbs) -- C:\Windows\system32\DRIVERS\amdsbs.sys (AMD Technologies Inc.) DRV - (adpu320) -- C:\Windows\system32\DRIVERS\adpu320.sys (Adaptec, Inc.) DRV - (arcsas) -- C:\Windows\system32\DRIVERS\arcsas.sys (Adaptec, Inc.) DRV - (amdsata) -- C:\Windows\system32\DRIVERS\amdsata.sys (Advanced Micro Devices) DRV - (arc) -- C:\Windows\system32\DRIVERS\arc.sys (Adaptec, Inc.) DRV - (amdxata) -- C:\Windows\system32\DRIVERS\amdxata.sys (Advanced Micro Devices) DRV - (aliide) -- C:\Windows\system32\DRIVERS\aliide.sys (Acer Laboratories Inc.) DRV - (nvstor) -- C:\Windows\system32\DRIVERS\nvstor.sys (NVIDIA Corporation) DRV - (nvraid) -- C:\Windows\system32\DRIVERS\nvraid.sys (NVIDIA Corporation) DRV - (nfrd960) -- C:\Windows\system32\DRIVERS\nfrd960.sys (IBM Corporation) DRV - (LSI_SAS) -- C:\Windows\system32\DRIVERS\lsi_sas.sys (LSI Corporation) DRV - (iaStorV) -- C:\Windows\system32\DRIVERS\iaStorV.sys (Intel Corporation) DRV - (MegaSR) -- C:\Windows\system32\DRIVERS\MegaSR.sys (LSI Corporation, Inc.) DRV - (LSI_SCSI) -- C:\Windows\system32\DRIVERS\lsi_scsi.sys (LSI Corporation) DRV - (LSI_FC) -- C:\Windows\system32\DRIVERS\lsi_fc.sys (LSI Corporation) DRV - (LSI_SAS2) -- C:\Windows\system32\DRIVERS\lsi_sas2.sys (LSI Corporation) DRV - (iirsp) -- C:\Windows\system32\DRIVERS\iirsp.sys (Intel Corp./ICP vortex GmbH) DRV - (megasas) -- C:\Windows\system32\DRIVERS\megasas.sys (LSI Corporation) DRV - (hwpolicy) -- C:\Windows\System32\drivers\hwpolicy.sys (Microsoft Corporation) DRV - (elxstor) -- C:\Windows\system32\DRIVERS\elxstor.sys (Emulex) DRV - (aic78xx) -- C:\Windows\system32\DRIVERS\djsvs.sys (Adaptec, Inc.) DRV - (HpSAMD) -- C:\Windows\system32\DRIVERS\HpSAMD.sys (Hewlett-Packard Company) DRV - (FsDepends) -- C:\Windows\System32\drivers\fsdepends.sys (Microsoft Corporation) DRV - (vsmraid) -- C:\Windows\system32\DRIVERS\vsmraid.sys (VIA Technologies Inc.,Ltd) DRV - (vmbus) -- C:\Windows\system32\DRIVERS\vmbus.sys (Microsoft Corporation) DRV - (vhdmp) -- C:\Windows\system32\DRIVERS\vhdmp.sys (Microsoft Corporation) DRV - (storflt) -- C:\Windows\system32\DRIVERS\vmstorfl.sys (Microsoft Corporation) DRV - (vdrvroot) -- C:\Windows\system32\DRIVERS\vdrvroot.sys (Microsoft Corporation) DRV - (storvsc) -- C:\Windows\system32\DRIVERS\storvsc.sys (Microsoft Corporation) DRV - (WIMMount) -- C:\Windows\System32\drivers\wimmount.sys (Microsoft Corporation) DRV - (viaide) -- C:\Windows\system32\DRIVERS\viaide.sys (VIA Technologies, Inc.) DRV - (ql2300) -- C:\Windows\system32\DRIVERS\ql2300.sys (QLogic Corporation) DRV - (rdyboost) -- C:\Windows\System32\drivers\rdyboost.sys (Microsoft Corporation) DRV - (ql40xx) -- C:\Windows\system32\DRIVERS\ql40xx.sys (QLogic Corporation) DRV - (SiSRaid4) -- C:\Windows\system32\DRIVERS\sisraid4.sys (Silicon Integrated Systems) DRV - (pcw) -- C:\Windows\System32\drivers\pcw.sys (Microsoft Corporation) DRV - (SiSRaid2) -- C:\Windows\system32\DRIVERS\SiSRaid2.sys (Silicon Integrated Systems Corp.) DRV - (stexstor) -- C:\Windows\system32\DRIVERS\stexstor.sys (Promise Technology) DRV - (CNG) -- C:\Windows\System32\Drivers\cng.sys (Microsoft Corporation) DRV - (Brserid) Brother MFC Serial Port Interface Driver (WDM) -- C:\Windows\System32\Drivers\Brserid.sys (Brother Industries Ltd.) DRV - (rdpbus) -- C:\Windows\System32\drivers\rdpbus.sys (Microsoft Corporation) DRV - (RDPREFMP) -- C:\Windows\System32\drivers\RDPREFMP.sys (Microsoft Corporation) DRV - (RasAgileVpn) WAN Miniport (IKEv2) -- C:\Windows\System32\drivers\agilevpn.sys (Microsoft Corporation) DRV - (WfpLwf) -- C:\Windows\System32\drivers\wfplwf.sys (Microsoft Corporation) DRV - (NdisCap) -- C:\Windows\System32\drivers\ndiscap.sys (Microsoft Corporation) DRV - (vwifibus) -- C:\Windows\System32\drivers\vwifibus.sys (Microsoft Corporation) DRV - (1394ohci) -- C:\Windows\System32\drivers\1394ohci.sys (Microsoft Corporation) DRV - (UmPass) -- C:\Windows\system32\DRIVERS\umpass.sys (Microsoft Corporation) DRV - (usbaudio) USB-Audiotreiber (WDM) -- C:\Windows\System32\drivers\USBAUDIO.sys (Microsoft Corporation) DRV - (WinUsb) -- C:\Windows\System32\drivers\winusb.sys (Microsoft Corporation) DRV - (mshidkmdf) -- C:\Windows\System32\drivers\mshidkmdf.sys (Microsoft Corporation) DRV - (MTConfig) -- C:\Windows\system32\DRIVERS\MTConfig.sys (Microsoft Corporation) DRV - (CompositeBus) -- C:\Windows\System32\drivers\CompositeBus.sys (Microsoft Corporation) DRV - (AppID) -- C:\Windows\system32\drivers\appid.sys (Microsoft Corporation) DRV - (scfilter) -- C:\Windows\System32\drivers\scfilter.sys (Microsoft Corporation) DRV - (s3cap) -- C:\Windows\system32\DRIVERS\vms3cap.sys (Microsoft Corporation) DRV - (VMBusHID) -- C:\Windows\system32\DRIVERS\VMBusHID.sys (Microsoft Corporation) DRV - (discache) -- C:\Windows\System32\drivers\discache.sys (Microsoft Corporation) DRV - (HidBatt) -- C:\Windows\system32\DRIVERS\HidBatt.sys (Microsoft Corporation) DRV - (AcpiPmi) -- C:\Windows\system32\DRIVERS\acpipmi.sys (Microsoft Corporation) DRV - (AmdPPM) -- C:\Windows\System32\drivers\amdppm.sys (Microsoft Corporation) DRV - (hcw85cir) -- C:\Windows\system32\drivers\hcw85cir.sys (Hauppauge Computer Works, Inc.) DRV - (BrUsbMdm) -- C:\Windows\System32\Drivers\BrUsbMdm.sys (Brother Industries Ltd.) DRV - (BrUsbSer) -- C:\Windows\System32\Drivers\BrUsbSer.sys (Brother Industries Ltd.) DRV - (BrSerWdm) -- C:\Windows\System32\Drivers\BrSerWdm.sys (Brother Industries Ltd.) DRV - (BrFiltLo) -- C:\Windows\system32\DRIVERS\BrFiltLo.sys (Brother Industries, Ltd.) DRV - (BrFiltUp) -- C:\Windows\system32\DRIVERS\BrFiltUp.sys (Brother Industries, Ltd.) DRV - (b57nd60x) -- C:\Windows\System32\drivers\b57nd60x.sys (Broadcom Corporation) DRV - (ebdrv) -- C:\Windows\system32\DRIVERS\evbdx.sys (Broadcom Corporation) DRV - (b06bdrv) -- C:\Windows\system32\DRIVERS\bxvbdx.sys (Broadcom Corporation) DRV - (ssmdrv) -- C:\Windows\System32\drivers\ssmdrv.sys (Avira GmbH) DRV - (AtiPcie) AMD PCI Express (3GIO) -- C:\Windows\system32\DRIVERS\AtiPcie.sys (Advanced Micro Devices Inc.) DRV - (usbfilter) -- C:\Windows\System32\drivers\usbfilter.sys (Advanced Micro Devices) DRV - ({B154377D-700F-42cc-9474-23858FBDF4BD}) -- d:\Program Files\CyberLink\PowerDVD9\PowerDVD9\000.fcl (CyberLink Corp.) DRV - (LVUSBSta) -- C:\Windows\System32\drivers\LVUSBSta.sys (Logitech Inc.) DRV - (LVRS) -- C:\Windows\System32\drivers\lvrs.sys (Logitech Inc.) DRV - (PID_PEPI) Logitech QuickCam IM(PID_PEPI) -- C:\Windows\System32\drivers\LV302V32.SYS (Logitech Inc.) DRV - (pepifilter) -- C:\Windows\System32\drivers\lv302af.sys (Logitech Inc.) DRV - (PinnacleMarvinAVS) -- C:\Windows\System32\drivers\MarvinAVS.sys (Pinnacle a division of Avid Technology, Inc.) DRV - (MarvinBus) -- C:\Windows\System32\drivers\MarvinBus.sys (Pinnacle Systems GmbH) ========== Standard Registry (SafeList) ========== ========== Internet Explorer ========== IE - HKLM\..\URLSearchHook: {57BCA5FA-5DBB-45a2-B558-1755C3F6253B} - C:\Programme\Winamp Toolbar\winamptb.dll (AOL LLC.) IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = hxxp://de.msn.com/?ocid=iehp IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = de IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = BB D8 02 03 90 34 begin_of_the_skype_highlighting**************02 03 90 34******end_of_the_skype_highlighting CB 01 [binary data] IE - HKCU\..\URLSearchHook: {57BCA5FA-5DBB-45a2-B558-1755C3F6253B} - C:\Programme\Winamp Toolbar\winamptb.dll (AOL LLC.) IE - HKCU\..\URLSearchHook: {E312764E-7706-43F1-8DAB-FCDD2B1E416D} - C:\Programme\Search Settings\SearchSettings.dll (Spigot, Inc.) IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 ========== FireFox ========== FF - prefs.js..browser.search.defaultenginename: "Winamp Search" FF - prefs.js..browser.search.defaultthis.engineName: "IsoBuster Web Search" FF - prefs.js..browser.search.defaulturl: "hxxp://slirsredirect.search.aol.com/slirs_http/sredir?sredir=2685&invocationType=tb50ffwinampie7&query=" FF - prefs.js..browser.search.param.yahoo-fr: "chr-greentree_ff&type=867034" FF - prefs.js..browser.search.selectedEngine: "Winamp Search" FF - prefs.js..browser.search.useDBForOrder: true FF - prefs.js..browser.startup.homepage: "hxxp://www.google.de/webhp?rls=ig&cplp=1283073759557" FF - prefs.js..extensions.enabledItems: {b9db16a4-6edc-47ec-a1f4-b86292ed211d}:4.8 FF - prefs.js..extensions.enabledItems: {d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}:1.2.2 FF - prefs.js..extensions.enabledItems: {AB2CE124-6272-4b12-94A9-7303C7397BD1}:4.2.0.5198 FF - prefs.js..extensions.enabledItems: {B728AB94-9BC7-49b7-B76A-422BB31B2FD0}:2.0.0.8 FF - prefs.js..extensions.enabledItems: searchsettings@spigot.com:1.2.3 FF - prefs.js..extensions.enabledItems: {ACAA314B-EEBA-48e4-AD47-84E31C44796C}:1.0.1 FF - prefs.js..extensions.enabledItems: {872b5b88-9db5-4310-bdd0-ac189557e5f5}:2.7.2.0 FF - prefs.js..extensions.enabledItems: pdfforge@mybrowserbar.com:1.1.2 FF - prefs.js..extensions.enabledItems: {0b38152b-1b20-484d-a11f-5e04a9b0661f}:5.6.12.1 FF - prefs.js..extensions.enabledItems: dealio@mybrowserbar.com:4.0.2 FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA}:6.0.21 FF - prefs.js..keyword.URL: "hxxp://slirsredirect.search.aol.com/slirs_http/sredir?sredir=2685&invocationType=tb50ffwinampab&query=" FF - HKLM\software\mozilla\Firefox\Extensions\\{B728AB94-9BC7-49b7-B76A-422BB31B2FD0}: d:\Program Files\ArcSoft\Media Converter for Philips\Internet Video Downloader\Plugin_FireFox [2010.08.05 23:51:40 | 000,000,000 | ---D | M] FF - HKLM\software\mozilla\Mozilla Firefox 3.6.8\extensions\\Components: d:\Program Files\Mozilla Firefox\components [2010.08.05 13:23:06 | 000,000,000 | ---D | M] FF - HKLM\software\mozilla\Mozilla Firefox 3.6.8\extensions\\Plugins: d:\Program Files\Mozilla Firefox\plugins [2010.09.05 12:38:08 | 000,000,000 | ---D | M] [2010.08.05 13:23:19 | 000,000,000 | ---D | M] -- C:\Users\Peter Wichtel\AppData\Roaming\mozilla\Extensions [2010.08.22 22:35:13 | 000,000,000 | ---D | M] -- C:\Users\Peter Wichtel\AppData\Roaming\mozilla\Firefox\Profiles\5wao64zs.default\extensions [2010.08.22 22:35:13 | 000,000,000 | ---D | M] (DVDVideoSoftTB Toolbar) -- C:\Users\Peter Wichtel\AppData\Roaming\mozilla\Firefox\Profiles\5wao64zs.default\extensions\{872b5b88-9db5-4310-bdd0-ac189557e5f5} [2010.08.22 22:23:06 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Peter Wichtel\AppData\Roaming\mozilla\Firefox\Profiles\5wao64zs.default\extensions\{ACAA314B-EEBA-48e4-AD47-84E31C44796C} [2010.08.05 13:29:21 | 000,000,000 | ---D | M] (DownloadHelper) -- C:\Users\Peter Wichtel\AppData\Roaming\mozilla\Firefox\Profiles\5wao64zs.default\extensions\{b9db16a4-6edc-47ec-a1f4-b86292ed211d} [2010.08.05 13:27:14 | 000,000,000 | ---D | M] (Adblock Plus) -- C:\Users\Peter Wichtel\AppData\Roaming\mozilla\Firefox\Profiles\5wao64zs.default\extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d} [2010.09.06 19:37:07 | 000,000,000 | ---D | M] -- C:\Users\Peter Wichtel\AppData\Roaming\mozilla\Firefox\Profiles\7ns36sz1.default\extensions [2010.08.28 21:25:53 | 000,000,000 | ---D | M] (Winamp Toolbar) -- C:\Users\Peter Wichtel\AppData\Roaming\mozilla\Firefox\Profiles\7ns36sz1.default\extensions\{0b38152b-1b20-484d-a11f-5e04a9b0661f} [2010.08.24 20:39:18 | 000,000,000 | ---D | M] (DVDVideoSoftTB Toolbar) -- C:\Users\Peter Wichtel\AppData\Roaming\mozilla\Firefox\Profiles\7ns36sz1.default\extensions\{872b5b88-9db5-4310-bdd0-ac189557e5f5} [2010.08.22 22:23:06 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Peter Wichtel\AppData\Roaming\mozilla\Firefox\Profiles\7ns36sz1.default\extensions\{ACAA314B-EEBA-48e4-AD47-84E31C44796C} [2010.08.05 13:43:53 | 000,000,000 | ---D | M] (DownloadHelper) -- C:\Users\Peter Wichtel\AppData\Roaming\mozilla\Firefox\Profiles\7ns36sz1.default\extensions\{b9db16a4-6edc-47ec-a1f4-b86292ed211d} [2010.08.20 21:32:04 | 000,000,000 | ---D | M] (Adblock Plus) -- C:\Users\Peter Wichtel\AppData\Roaming\mozilla\Firefox\Profiles\7ns36sz1.default\extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d} [2010.07.29 21:49:10 | 000,000,901 | ---- | M] () -- C:\Users\Peter Wichtel\AppData\Roaming\Mozilla\FireFox\Profiles\7ns36sz1.default\searchplugins\conduit.xml [2010.08.28 21:27:06 | 000,001,196 | ---- | M] () -- C:\Users\Peter Wichtel\AppData\Roaming\Mozilla\FireFox\Profiles\7ns36sz1.default\searchplugins\winamp-search.xml O1 HOSTS File: ([2009.06.10 23:39:37 | 000,000,824 | ---- | M]) - C:\Windows\System32\drivers\etc\hosts O2 - BHO: (Dealio Toolbar) - {01398B87-61AF-4FFB-9AB5-1A1C5FB39A9C} - C:\Programme\Dealio Toolbar\IE\4.0.2\dealioToolbarIE.dll (Spigot, Inc.) O2 - BHO: (IEPlugin Class) - {11222041-111B-46E3-BD29-EFB2449479B1} - d:\Program Files\ArcSoft\Media Converter for Philips\Internet Video Downloader\ArcURLRecord.dll (ArcSoft, Inc.) O2 - BHO: (Winamp Toolbar Loader) - {25CEE8EC-5730-41bc-8B58-22DDC8AB8C20} - C:\Programme\Winamp Toolbar\winamptb.dll (AOL LLC.) O2 - BHO: (Groove GFS Browser Helper) - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - D:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll (Microsoft Corporation) O2 - BHO: (Windows Live Anmelde-Hilfsprogramm) - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Programme\Common Files\microsoft shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corporation) O2 - BHO: (Adobe PDF Conversion Toolbar Helper) - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Programme\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated) O2 - BHO: (pdfforge Toolbar) - {B922D405-6D13-4A2B-AE89-08A030DA4402} - C:\Programme\pdfforge Toolbar\IE\1.1.2\pdfforgeToolbarIE.dll (Spigot, Inc.) O2 - BHO: (SearchSettings Class) - {E312764E-7706-43F1-8DAB-FCDD2B1E416D} - C:\Programme\Search Settings\SearchSettings.dll (Spigot, Inc.) O3 - HKLM\..\Toolbar: (Dealio Toolbar) - {01398B87-61AF-4FFB-9AB5-1A1C5FB39A9C} - C:\Programme\Dealio Toolbar\IE\4.0.2\dealioToolbarIE.dll (Spigot, Inc.) O3 - HKLM\..\Toolbar: (Adobe PDF) - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Programme\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated) O3 - HKLM\..\Toolbar: (pdfforge Toolbar) - {B922D405-6D13-4A2B-AE89-08A030DA4402} - C:\Programme\pdfforge Toolbar\IE\1.1.2\pdfforgeToolbarIE.dll (Spigot, Inc.) O3 - HKLM\..\Toolbar: (Winamp Toolbar) - {EBF2BA02-9094-4c5a-858B-BB198F3D8DE2} - C:\Programme\Winamp Toolbar\winamptb.dll (AOL LLC.) O3 - HKCU\..\Toolbar\WebBrowser: (Adobe PDF) - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Programme\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated) O4 - HKLM..\Run: [] File not found O4 - HKLM..\Run: [Acrobat Assistant 8.0] C:\Program Files\Adobe\Acrobat 8.0\Acrobat\Acrotray.exe (Adobe Systems Inc.) O4 - HKLM..\Run: [avgnt] D:\Avira\AntiVir Desktop\avgnt.exe (Avira GmbH) O4 - HKLM..\Run: [BDRegion] C:\Programme\Cyberlink\Shared Files\brs.exe (cyberlink) O4 - HKLM..\Run: [GrooveMonitor] D:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe (Microsoft Corporation) O4 - HKLM..\Run: [LogitechQuickCamRibbon] C:\Program Files\Logitech\Logitech WebCam Software\LWS.exe () O4 - HKLM..\Run: [ Malwarebytes Anti-Malware (reboot)] C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe (Malwarebytes Corporation) O4 - HKLM..\Run: [PDVD9LanguageShortcut] d:\Program Files\CyberLink\PowerDVD9\PowerDVD9\Language\Language.exe (CyberLink Corp.) O4 - HKLM..\Run: [RemoteControl9] d:\Program Files\CyberLink\PowerDVD9\PowerDVD9\PDVD9Serv.exe (CyberLink Corp.) O4 - HKLM..\Run: [SearchSettings] C:\Programme\Search Settings\SearchSettings.exe (Spigot, Inc.) O4 - HKLM..\Run: [StartCCC] d:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe (Advanced Micro Devices, Inc.) O4 - HKLM..\Run: [USB2Check] C:\Windows\System32\PCLECoInst.DLL (Pinnacle Systems) O4 - HKLM..\Run: [USBToolTip] C:\Programme\Pinnacle\Shared Files\Programs\USBTip\USBTip.exe (Pinnacle Systems GmbH) O4 - HKLM..\Run: [WinampAgent] d:\Program Files\Winamp\winampa.exe (Nullsoft, Inc.) O4 - Startup: C:\Users\Peter Wichtel\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OneNote 2007 Bildschirmausschnitt- und Startprogramm.lnk = D:\Program Files\Microsoft Office\Office12\ONENOTEM.EXE (Microsoft Corporation) O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableLinkedConnections = 1 O8 - Extra context menu item: &Winamp Search - C:\ProgramData\Winamp Toolbar\ieToolbar\resources\en-US\local\search.html () O8 - Extra context menu item: An vorhandenes PDF anfügen - C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated) O8 - Extra context menu item: Ausgewählte Verknüpfungen in Adobe PDF konvertieren - C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated) O8 - Extra context menu item: Ausgewählte Verknüpfungen in vorhandene PDF-Datei konvertieren - C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated) O8 - Extra context menu item: Auswahl in Adobe PDF konvertieren - C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated) O8 - Extra context menu item: Auswahl in vorhandene PDF-Datei konvertieren - C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated) O8 - Extra context menu item: In Adobe PDF konvertieren - C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated) O8 - Extra context menu item: Verknüpfungsziel in Adobe PDF konvertieren - C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated) O8 - Extra context menu item: Verknüpfungsziel in vorhandene PDF-Datei konvertieren - C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated) O9 - Extra Button: An OneNote senden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - D:\Program Files\Microsoft Office\Office12\ONBttnIE.dll (Microsoft Corporation) O9 - Extra 'Tools' menuitem : An OneNote s&enden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - D:\Program Files\Microsoft Office\Office12\ONBttnIE.dll (Microsoft Corporation) O9 - Extra Button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - D:\Program Files\Microsoft Office\Office12\REFIEBAR.DLL (Microsoft Corporation) O10 - Protocol_Catalog9\Catalog_Entries\000000000001 - D:\Avira\AntiVir Desktop\avsda.dll (Avira GmbH) O10 - Protocol_Catalog9\Catalog_Entries\000000000002 - D:\Avira\AntiVir Desktop\avsda.dll (Avira GmbH) O10 - Protocol_Catalog9\Catalog_Entries\000000000021 - D:\Avira\AntiVir Desktop\avsda.dll (Avira GmbH) O13 - gopher Prefix: missing O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_21-windows-i586.cab (Java Plug-in 1.6.0_21) O16 - DPF: {CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_21-windows-i586.cab (Java Plug-in 1.6.0_21) O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_21-windows-i586.cab (Java Plug-in 1.6.0_21) O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.178.1 O18 - Protocol\Handler\grooveLocalGWS {88FED34C-F0CA-4636-A375-3CB6248B04CD} - D:\Program Files\Microsoft Office\Office12\GrooveSystemServices.dll (Microsoft Corporation) O18 - Protocol\Handler\livecall {828030A1-22C1-4009-854F-8E305202313F} - C:\Programme\Windows Live\Messenger\msgrapp.14.0.8117.0416.dll (Microsoft Corporation) O18 - Protocol\Handler\ms-help {314111c7-a502-11d2-bbca-00c04f8ec294} - C:\Programme\Common Files\microsoft shared\Help\hxds.dll (Microsoft Corporation) O18 - Protocol\Handler\msnim {828030A1-22C1-4009-854F-8E305202313F} - C:\Programme\Windows Live\Messenger\msgrapp.14.0.8117.0416.dll (Microsoft Corporation) O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Programme\Common Files\Skype\Skype4COM.dll (Skype Technologies) O18 - Protocol\Handler\wlmailhtml {03C514A3-1EFB-4856-9F99-10D7BE1653C0} - C:\Programme\Windows Live\Mail\mailcomm.dll (Microsoft Corporation) O18 - Protocol\Filter\text/xml {807563E5-5146-11D5-A672-00B0D022E945} - C:\Programme\Common Files\microsoft shared\OFFICE12\MSOXMLMF.DLL (Microsoft Corporation) O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation) O20 - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\Windows\System32\SystemPropertiesPerformance.exe (Microsoft Corporation) O20 - HKLM Winlogon: VMApplet - (/pagefile) - File not found O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - CLSID or File not found. O28 - HKLM ShellExecuteHooks: {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - D:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll (Microsoft Corporation) O30 - LSA: Security Packages - (pku2u) - C:\Windows\System32\pku2u.dll (Microsoft Corporation) O32 - HKLM CDRom: AutoRun - 1 O32 - AutoRun File - [2009.06.10 23:42:20 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ] O34 - HKLM BootExecute: (autocheck autochk *) - File not found O35 - HKLM\..comfile [open] -- "%1" %* O35 - HKLM\..exefile [open] -- "%1" %* O37 - HKLM\...com [@ = comfile] -- "%1" %* O37 - HKLM\...exe [@ = exefile] -- "%1" %* ========== Files/Folders - Created Within 30 Days ========== [2010.09.06 19:31:11 | 000,000,000 | ---D | C] -- C:\Users\Peter Wichtel\AppData\Roaming\Malwarebytes [2010.09.06 19:30:34 | 000,038,224 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbamswissarmy.sys [2010.09.06 19:30:32 | 000,020,952 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbam.sys [2010.09.06 19:30:32 | 000,000,000 | ---D | C] -- C:\Programme\Malwarebytes' Anti-Malware [2010.09.06 19:30:32 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes [2010.09.05 12:38:20 | 000,000,000 | ---D | C] -- C:\ProgramData\Sun [2010.09.05 12:38:20 | 000,000,000 | ---D | C] -- C:\Programme\Common Files\Java [2010.09.05 12:38:08 | 000,423,656 | ---- | C] (Sun Microsystems, Inc.) -- C:\Windows\System32\deployJava1.dll [2010.09.05 12:38:08 | 000,153,376 | ---- | C] (Sun Microsystems, Inc.) -- C:\Windows\System32\javaws.exe [2010.09.05 12:38:08 | 000,145,184 | ---- | C] (Sun Microsystems, Inc.) -- C:\Windows\System32\javaw.exe [2010.09.05 12:38:08 | 000,145,184 | ---- | C] (Sun Microsystems, Inc.) -- C:\Windows\System32\java.exe [2010.09.05 12:38:00 | 000,000,000 | ---D | C] -- C:\Programme\Java [2010.08.28 21:51:37 | 000,000,000 | ---D | C] -- C:\Programme\Dealio Toolbar [2010.08.28 21:38:15 | 000,000,000 | ---D | C] -- C:\Windows\System32\appmgmt [2010.08.28 21:25:51 | 000,000,000 | ---D | C] -- C:\Programme\Winamp Toolbar [2010.08.28 21:25:51 | 000,000,000 | ---D | C] -- C:\ProgramData\Winamp Toolbar [2010.08.28 21:25:44 | 000,000,000 | ---D | C] -- C:\Programme\Common Files\PX Storage Engine [2010.08.28 21:25:43 | 000,000,000 | ---D | C] -- C:\Users\Peter Wichtel\AppData\Roaming\Winamp [2010.08.25 23:06:59 | 000,000,000 | ---D | C] -- C:\Users\Peter Wichtel\Documents\OJOsoft Corporation [2010.08.25 20:18:45 | 000,000,000 | ---D | C] -- C:\Programme\pdfforge Toolbar [2010.08.25 20:18:26 | 000,662,288 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\MSCOMCT2.OCX [2010.08.25 20:18:26 | 000,158,208 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\MSCMCDE.DLL [2010.08.25 20:18:26 | 000,137,000 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\MSMAPI32.OCX [2010.08.25 20:18:26 | 000,125,712 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\VB6DE.DLL [2010.08.25 20:18:25 | 000,064,512 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\MSCC2DE.DLL [2010.08.25 20:18:25 | 000,023,552 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\MSMPIDE.DLL [2010.08.25 20:18:25 | 000,000,000 | ---D | C] -- C:\Programme\PDFCreator [2010.08.23 23:26:10 | 000,000,000 | ---D | C] -- C:\Users\Peter Wichtel\AppData\Roaming\Media Player Classic [2010.08.22 22:23:06 | 000,000,000 | ---D | C] -- C:\Users\Peter Wichtel\AppData\Roaming\DVDVideoSoftIEHelpers [2010.08.22 22:23:03 | 000,000,000 | ---D | C] -- C:\Users\Peter Wichtel\Documents\DVDVideoSoft [2010.08.22 22:22:57 | 000,000,000 | ---D | C] -- C:\Programme\DVDVideoSoft [2010.08.22 22:22:57 | 000,000,000 | ---D | C] -- C:\Programme\Common Files\DVDVideoSoft [2010.08.22 22:20:01 | 000,000,000 | ---D | C] -- C:\output media [2010.08.22 22:19:27 | 000,000,000 | ---D | C] -- C:\Programme\Free Convert Youtube FLV to Audio MP3 Converter [2010.08.20 22:52:33 | 000,000,000 | ---D | C] -- C:\ProgramData\vsosdk [2010.08.20 21:22:55 | 000,197,632 | ---- | C] (Intel(R) Corporation) -- C:\Windows\System32\ir32_32.dll [2010.08.20 21:22:55 | 000,082,944 | ---- | C] (Radius Inc.) -- C:\Windows\System32\iccvid.dll [2010.08.20 21:22:54 | 000,037,376 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\rtutils.dll [2010.08.20 21:22:52 | 003,955,080 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ntkrnlpa.exe [2010.08.20 21:22:52 | 003,899,784 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ntoskrnl.exe [2010.08.20 21:22:47 | 001,638,912 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mshtml.tlb [2010.08.20 21:22:47 | 000,606,208 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mstime.dll [2010.08.20 21:22:47 | 000,381,440 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\iedkcs32.dll [2010.08.20 21:22:47 | 000,185,856 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\iepeers.dll [2010.08.20 21:22:47 | 000,176,640 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ieui.dll [2010.08.20 21:22:47 | 000,064,512 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msfeedsbs.dll [2010.08.20 21:22:47 | 000,048,128 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\jsproxy.dll [2010.08.20 21:22:47 | 000,012,800 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msfeedssync.exe [2010.08.20 21:22:35 | 002,326,016 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\win32k.sys [2010.08.05 13:39:37 | 000,047,360 | ---- | C] (VSO Software) -- C:\Users\Peter Wichtel\AppData\Roaming\pcouffin.sys ========== Files - Modified Within 30 Days ========== [2010.09.06 20:01:36 | 002,097,152 | -HS- | M] () -- C:\Users\Peter Wichtel\NTUSER.DAT [2010.09.06 19:47:57 | 000,014,640 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0 [2010.09.06 19:47:57 | 000,014,640 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0 [2010.09.06 19:44:59 | 001,472,002 | ---- | M] () -- C:\Windows\System32\PerfStringBackup.INI [2010.09.06 19:44:59 | 000,643,628 | ---- | M] () -- C:\Windows\System32\perfh007.dat [2010.09.06 19:44:59 | 000,606,992 | ---- | M] () -- C:\Windows\System32\perfh009.dat [2010.09.06 19:44:59 | 000,126,188 | ---- | M] () -- C:\Windows\System32\perfc007.dat [2010.09.06 19:44:59 | 000,103,370 | ---- | M] () -- C:\Windows\System32\perfc009.dat [2010.09.06 19:40:40 | 000,000,006 | -H-- | M] () -- C:\Windows\tasks\SA.DAT [2010.09.06 19:40:38 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat [2010.09.06 19:40:34 | 2616,057,856 | -HS- | M] () -- C:\hiberfil.sys [2010.09.06 19:38:40 | 004,563,031 | -H-- | M] () -- C:\Users\Peter Wichtel\AppData\Local\IconCache.db [2010.09.05 14:20:53 | 000,028,160 | ---- | M] () -- C:\Users\Peter Wichtel\Documents\becker und kries - hausgeld.doc [2010.09.05 12:38:01 | 000,423,656 | ---- | M] (Sun Microsystems, Inc.) -- C:\Windows\System32\deployJava1.dll [2010.09.05 12:38:01 | 000,153,376 | ---- | M] (Sun Microsystems, Inc.) -- C:\Windows\System32\javaws.exe [2010.09.05 12:38:01 | 000,145,184 | ---- | M] (Sun Microsystems, Inc.) -- C:\Windows\System32\javaw.exe [2010.09.05 12:38:01 | 000,145,184 | ---- | M] (Sun Microsystems, Inc.) -- C:\Windows\System32\java.exe [2010.09.04 20:56:54 | 000,021,504 | ---- | M] () -- C:\Users\Peter Wichtel\Documents\Arbeitszeit.xls [2010.09.04 10:28:32 | 000,062,976 | ---- | M] () -- C:\Users\Peter Wichtel\Documents\öffnungszeiten bürgerämter.doc [2010.08.31 20:51:23 | 000,031,744 | ---- | M] () -- C:\Users\Peter Wichtel\Documents\kündigung deutsche wohnen.doc [2010.08.31 18:46:26 | 000,040,448 | ---- | M] () -- C:\Users\Peter Wichtel\Documents\otto.doc [2010.08.28 21:56:08 | 005,470,282 | ---- | M] () -- C:\Status Quo - Anniversary Waltz Part 1.mp3 [2010.08.28 21:55:55 | 005,322,325 | ---- | M] () -- C:\Status Quo - Anniversary Waltz (part 2)-1.mp3 [2010.08.28 21:55:44 | 008,283,148 | ---- | M] () -- C:\7594551.mp3 [2010.08.28 21:54:16 | 003,645,473 | ---- | M] () -- C:\7634837.mp3 [2010.08.26 22:49:29 | 000,029,696 | ---- | M] () -- C:\Users\Peter Wichtel\Documents\Die einheitliche Behördenrufnummer.doc [2010.08.25 19:26:27 | 000,002,067 | ---- | M] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Adobe Reader Synchronizer.lnk [2010.08.25 19:26:26 | 000,002,459 | ---- | M] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Adobe Acrobat - Schnellstart.lnk [2010.08.24 22:22:44 | 000,028,160 | ---- | M] () -- C:\Users\Peter Wichtel\Documents\finanzamt - auszug.doc [2010.08.24 21:53:20 | 000,028,672 | ---- | M] () -- C:\Users\Peter Wichtel\Documents\brucker-kündigung.doc [2010.08.22 22:19:34 | 000,000,034 | -H-- | M] () -- C:\Windows\System32\Converter_sysquict.dat [2010.08.21 10:47:59 | 000,484,304 | ---- | M] () -- C:\Windows\System32\FNTCACHE.DAT [2010.08.20 06:03:43 | 000,000,164 | ---- | M] () -- C:\Users\Peter Wichtel\AppData\Roaming\default.rss [2010.08.11 23:50:28 | 000,307,200 | ---- | M] (Koyote Soft - hxxp://www.koyotesoft.com) -- C:\Windows\System32\TubeFinder.exe [2010.08.11 23:37:19 | 000,000,000 | -H-- | M] () -- C:\Windows\System32\drivers\Msft_User_WpdMtpDr_01_09_00.Wdf [2010.08.09 16:39:37 | 000,000,425 | ---- | M] () -- C:\Windows\BRWMARK.INI [2010.08.09 16:39:37 | 000,000,027 | ---- | M] () -- C:\Windows\BRPP2KA.INI ========== Files Created - No Company Name ========== [2010.09.05 14:20:53 | 000,028,160 | ---- | C] () -- C:\Users\Peter Wichtel\Documents\becker und kries - hausgeld.doc [2010.08.31 19:39:45 | 000,031,744 | ---- | C] () -- C:\Users\Peter Wichtel\Documents\kündigung deutsche wohnen.doc [2010.08.31 18:46:26 | 000,040,448 | ---- | C] () -- C:\Users\Peter Wichtel\Documents\otto.doc [2010.08.28 21:55:55 | 005,470,282 | ---- | C] () -- C:\Status Quo - Anniversary Waltz Part 1.mp3 [2010.08.28 21:55:44 | 005,322,325 | ---- | C] () -- C:\Status Quo - Anniversary Waltz (part 2)-1.mp3 [2010.08.28 21:55:27 | 008,283,148 | ---- | C] () -- C:\7594551.mp3 [2010.08.28 21:54:08 | 003,645,473 | ---- | C] () -- C:\7634837.mp3 [2010.08.26 22:49:28 | 000,029,696 | ---- | C] () -- C:\Users\Peter Wichtel\Documents\Die einheitliche Behördenrufnummer.doc [2010.08.25 20:18:26 | 000,116,224 | ---- | C] () -- C:\Windows\System32\pdfcmnnt.dll [2010.08.24 22:22:02 | 000,028,160 | ---- | C] () -- C:\Users\Peter Wichtel\Documents\finanzamt - auszug.doc [2010.08.24 21:53:19 | 000,028,672 | ---- | C] () -- C:\Users\Peter Wichtel\Documents\brucker-kündigung.doc [2010.08.22 22:19:34 | 000,000,034 | -H-- | C] () -- C:\Windows\System32\Converter_sysquict.dat [2010.08.11 23:37:19 | 000,000,000 | -H-- | C] () -- C:\Windows\System32\drivers\Msft_User_WpdMtpDr_01_09_00.Wdf [2010.08.06 22:08:21 | 000,000,055 | ---- | C] () -- C:\Windows\maedn.ini [2010.08.05 23:01:53 | 000,000,056 | -H-- | C] () -- C:\ProgramData\ezsidmv.dat [2010.08.05 20:45:04 | 000,080,416 | ---- | C] () -- C:\Windows\System32\RtNicProp32.dll [2010.08.05 16:25:59 | 000,000,229 | ---- | C] () -- C:\Windows\Brpfx04a.ini [2010.08.05 16:25:59 | 000,000,093 | ---- | C] () -- C:\Windows\brpcfx.ini [2010.08.05 16:25:41 | 000,000,425 | ---- | C] () -- C:\Windows\BRWMARK.INI [2010.08.05 16:25:41 | 000,000,027 | ---- | C] () -- C:\Windows\BRPP2KA.INI [2010.08.05 13:39:37 | 000,087,608 | ---- | C] () -- C:\Users\Peter Wichtel\AppData\Roaming\inst.exe [2010.08.05 13:39:37 | 000,007,887 | ---- | C] () -- C:\Users\Peter Wichtel\AppData\Roaming\pcouffin.cat [2010.08.05 13:39:37 | 000,001,144 | ---- | C] () -- C:\Users\Peter Wichtel\AppData\Roaming\pcouffin.inf [2010.08.05 13:39:37 | 000,000,033 | ---- | C] () -- C:\Users\Peter Wichtel\AppData\Roaming\pcouffin.log [2010.08.05 13:39:37 | 000,000,000 | ---- | C] () -- C:\Users\Peter Wichtel\AppData\Roaming\downloads.m3u [2010.08.05 13:39:36 | 000,000,164 | ---- | C] () -- C:\Users\Peter Wichtel\AppData\Roaming\default.rss [2010.08.05 13:39:10 | 039,694,645 | -H-- | C] () -- C:\Users\Peter Wichtel\AppData\Local\IconCache (2).db [2010.08.05 13:39:10 | 000,160,816 | ---- | C] () -- C:\Users\Peter Wichtel\AppData\Local\GDIPFONTCACHEV1 (2).DAT [2010.08.05 13:39:10 | 000,013,312 | ---- | C] () -- C:\Users\Peter Wichtel\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini [2010.08.05 13:39:10 | 000,013,312 | ---- | C] () -- C:\Users\Peter Wichtel\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF (2).ini [2010.08.05 13:39:10 | 000,000,108 | ---- | C] () -- C:\Users\Peter Wichtel\AppData\Local\Config_946EE51E.dat [2010.08.05 13:39:10 | 000,000,108 | ---- | C] () -- C:\Users\Peter Wichtel\AppData\Local\Config_946EE51E (2).dat [2010.08.05 13:39:10 | 000,000,038 | ---- | C] () -- C:\Users\Peter Wichtel\AppData\Local\Index_946EE51E.dat [2010.08.05 13:39:10 | 000,000,038 | ---- | C] () -- C:\Users\Peter Wichtel\AppData\Local\Index_946EE51E (2).dat [2009.10.07 01:46:36 | 000,025,752 | ---- | C] () -- C:\Windows\System32\drivers\LVPr2Mon.sys [2009.10.07 01:23:08 | 000,013,584 | ---- | C] () -- C:\Windows\System32\drivers\iKeyLFT2.dll [2009.07.14 01:51:43 | 000,073,728 | ---- | C] () -- C:\Windows\System32\BthpanContextHandler.dll [2009.07.14 01:42:10 | 000,064,000 | ---- | C] () -- C:\Windows\System32\BWContextHandler.dll [2008.07.26 14:42:52 | 000,066,482 | ---- | C] () -- C:\Windows\System32\lvcoinst.ini ========== Alternate Data Streams ========== @Alternate Data Stream - 143 bytes -> C:\Users\Peter Wichtel\AppData\Roaming\default.rss:OECustomProperty < End of report > 2. Extras.txtOTL Logfile: Code:
ATTFilter OTL Extras logfile created on: 06.09.2010 20:00:34 - Run 1
OTL by OldTimer - Version 3.2.11.0 Folder = C:\Users\Peter Wichtel\Downloads
An unknown product (Version = 6.1.7600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.7600.16385)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
3,00 Gb Total Physical Memory | 2,00 Gb Available Physical Memory | 73,00% Memory free
6,00 Gb Paging File | 5,00 Gb Available in Paging File | 82,00% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 249,60 Gb Total Space | 167,93 Gb Free Space | 67,28% Space Free | Partition Type: NTFS
Drive D: | 449,04 Gb Total Space | 400,96 Gb Free Space | 89,29% Space Free | Partition Type: NTFS
Drive E: | 666,67 Gb Total Space | 633,28 Gb Free Space | 94,99% Space Free | Partition Type: NTFS
Drive F: | 264,84 Gb Total Space | 230,99 Gb Free Space | 87,22% Space Free | Partition Type: NTFS
Drive G: | 931,28 Gb Total Space | 673,38 Gb Free Space | 72,31% Space Free | Partition Type: FAT32
H: Drive not present or media not loaded
Drive I: | 2,83 Gb Total Space | 0,00 Gb Free Space | 0,00% Space Free | Partition Type: UDF
Computer Name: BENGELCHEN-1
Current User Name: Peter Wichtel
Logged in as Administrator.
Current Boot Mode: Normal
Scan Mode: Current user
Company Name Whitelist: Off
Skip Microsoft Files: Off
File Age = 30 Days
Output = Minimal
========== Extra Registry (SafeList) ==========
========== File Associations ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- C:\Windows\System32\control.exe (Microsoft Corporation)
.hlp [@ = hlpfile] -- C:\Windows\winhlp32.exe (Microsoft Corporation)
[HKEY_CURRENT_USER\SOFTWARE\Classes\<extension>]
.html [@ = FirefoxHTML] -- d:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation)
========== Shell Spawning ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
hlpfile [open] -- %SystemRoot%\winhlp32.exe %1 (Microsoft Corporation)
htmlfile [edit] -- "D:\Program Files\Microsoft Office\Office12\msohtmed.exe" %1 (Microsoft Corporation)
htmlfile [print] -- "D:\Program Files\Microsoft Office\Office12\msohtmed.exe" /p %1 (Microsoft Corporation)
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l (Microsoft Corporation)
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [OneNote.Open] -- D:\PROGRA~2\MICROS~1\Office12\ONENOTE.EXE "%L" (Microsoft Corporation)
Directory [Winamp.Bookmark] -- "d:\Program Files\Winamp\winamp.exe" /BOOKMARK "%1" (Nullsoft, Inc.)
Directory [Winamp.Enqueue] -- "d:\Program Files\Winamp\winamp.exe" /ADD "%1" (Nullsoft, Inc.)
Directory [Winamp.Play] -- "d:\Program Files\Winamp\winamp.exe" "%1" (Nullsoft, Inc.)
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
========== Security Center Settings ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"VistaSp1" = Reg Error: Unknown registry data type -- File not found
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
========== Authorized Applications List ==========
========== HKEY_LOCAL_MACHINE Uninstall List ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{0001B4FD-9EA3-4D90-A79E-FD14BA3AB01D}" = PDFCreator
"{08C8666B-C502-4AB3-B4CB-D74AC42D14FE}" = Nero BackItUp 10 Help (CHM)
"{0FEA9A38-B993-0969-3A78-4D5CDDACEFEE}" = ATI Catalyst Install Manager
"{11083C7A-D0D6-4DA4-8C3A-74B8389EC07B}" = ATI Catalyst Registration
"{16987E99-C95C-4513-9239-7B44A0A71DB5}" = Nero SoundTrax 10 Help (CHM)
"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
"{1F7FB68F-52F6-46A3-B42F-38CE46295AE5}" = Nero MediaHub 10
"{205C6BDD-7B73-42DE-8505-9A093F35A238}" = Windows Live-Uploadtool
"{22B775E7-6C42-4FC5-8E10-9A5E3257BD94}" = MSVCRT
"{237CCB62-8454-43E3-B158-3ACD0134852E}" = High-Definition Video Playback 10
"{2436F2A8-4B7E-4B6C-AE4E-604C84AA6A4F}" = Nero Core Components 10
"{26A24AE4-039D-4CA4-87B4-2F83216021FF}" = Java(TM) 6 Update 21
"{277C1559-4CF7-44FF-8D07-98AA9C13AABD}" = Nero Multimedia Suite 10
"{3175E049-F9A9-4A3D-8F19-AC9FB04514D1}" = Windows Live Communications Platform
"{31ECA0DA-4EE0-8C1E-484A-C304BAA9179A}" = Catalyst Control Center Graphics Previews Common
"{329411A0-19F3-4740-874F-17400B126F27}" = Nero Vision 10 Help (CHM)
"{33643918-7957-4839-92C7-EA96CB621A98}" = Nero Express 10 Help (CHM)
"{34490F4E-48D0-492E-8249-B48BECF0537C}" = Nero DiscSpeed 10
"{3878A9A3-2448-7607-01EA-0DB9E31B7242}" = Catalyst Control Center Graphics Previews Vista
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{4FBCEA31-5D18-4212-9231-DE7CF1BE7DBB}" = Logitech Vid
"{523B2B1B-D8DB-4B41-90FF-C4D799E2758A}" = Nero ControlCenter 10 Help (CHM)
"{52B97218-98CB-4B8B-9283-D213C85E1AA4}" = Windows Live Anmelde-Assistent
"{555868C6-49FB-484F-BB43-8980651A1B00}" = Nero BurnRights 10 Help (CHM)
"{5791B7D3-8B34-4218-9750-6A8E45D0AD32}" = pdfforge Toolbar v1.1.2
"{5F05C28D-DEA9-4AD6-A73A-064175988EAB}" = Search Settings v1.2.3
"{5F548A02-80BC-404D-BAE6-F05F9BF6B449}" = Nero DiscCopyGadget 10 Help (CHM)
"{6294CE03-1A16-4610-891E-FDAF9A585A54}" = SA52xx Device Manager
"{63AA3EAB-23BB-48B2-9AD0-44F878075604}" = Nero 10 Menu TemplatePack Basic
"{65173BC2-60E7-4DE8-A61D-A81FCB96EE93}" = Pinnacle Studio Ultimate Plugins
"{65BB0407-4CC8-4DC7-952E-3EEFDF05602A}" = Nero Update
"{66049135-9659-4AAD-9169-9CCA269EBB3E}" = Nero InfoTool 10 Help (CHM)
"{68AB6930-5BFF-4FF6-923B-516A91984FE6}" = Nero BackItUp 10
"{6DE721A5-5E89-4D74-994C-652BB3C0672E}" = Pinnacle Video Treiber
"{6DFB899F-17A2-48F0-A533-ED8D6866CF38}" = Nero Control Center 10
"{70550193-1C22-445C-8FA4-564E155DB1A7}" = Nero Express 10
"{71D5559C-85E5-5206-3B1C-A8A9DDDE4AC9}" = AMD Drag and Drop Transcoding
"{7299052b-02a4-4627-81f2-1818da5d550d}" = Microsoft Visual C++ 2005 Redistributable
"{75670A63-A18E-5066-0A78-93F6865BA3AA}" = ccc-core-static
"{7A295D8F-484B-4FFB-89AB-C1FD497591FE}" = Nero WaveEditor 10 Help (CHM)
"{7A5D731D-B4B3-490E-B339-75685712BAAB}" = Nero Burning ROM 10
"{7EE873AF-46BB-4B5D-BA6F-CFE4B0566E22}" = TuneUp Utilities Language Pack (de-DE)
"{82809116-D1EE-443C-AE31-F19E709DDF7A}" = AMD USB Filter Driver
"{837b34e3-7c30-493c-8f6a-2b0f04e2912c}" = Microsoft Visual C++ 2005 Redistributable
"{845FDC75-F31E-A75A-4300-593CAB195847}" = ccc-utility
"{87323561-58BA-4D5B-BADA-A791B69D1705}" = Catalyst Control Center - Branding
"{8833FFB6-5B0C-4764-81AA-06DFEED9A476}" = Realtek Ethernet Controller Driver For Windows 7
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{8E5233E1-7495-44FB-8DEB-4BE906D59619}" = Junk Mail filter update
"{8ECEC853-5C3D-4B10-B5C7-FF11FF724807}" = Nero Recode 10
"{90120000-0015-0407-0000-0000000FF1CE}" = Microsoft Office Access MUI (German) 2007
"{90120000-0015-0407-0000-0000000FF1CE}_ENTERPRISE_{9BD40163-B95D-4B07-8991-0AB775B6D88B}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0016-0407-0000-0000000FF1CE}" = Microsoft Office Excel MUI (German) 2007
"{90120000-0016-0407-0000-0000000FF1CE}_ENTERPRISE_{9BD40163-B95D-4B07-8991-0AB775B6D88B}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0018-0407-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (German) 2007
"{90120000-0018-0407-0000-0000000FF1CE}_ENTERPRISE_{9BD40163-B95D-4B07-8991-0AB775B6D88B}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0019-0407-0000-0000000FF1CE}" = Microsoft Office Publisher MUI (German) 2007
"{90120000-0019-0407-0000-0000000FF1CE}_ENTERPRISE_{9BD40163-B95D-4B07-8991-0AB775B6D88B}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-001A-0407-0000-0000000FF1CE}" = Microsoft Office Outlook MUI (German) 2007
"{90120000-001A-0407-0000-0000000FF1CE}_ENTERPRISE_{9BD40163-B95D-4B07-8991-0AB775B6D88B}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-001B-0407-0000-0000000FF1CE}" = Microsoft Office Word MUI (German) 2007
"{90120000-001B-0407-0000-0000000FF1CE}_ENTERPRISE_{9BD40163-B95D-4B07-8991-0AB775B6D88B}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-001F-0407-0000-0000000FF1CE}" = Microsoft Office Proof (German) 2007
"{90120000-001F-0407-0000-0000000FF1CE}_ENTERPRISE_{A0516415-ED61-419A-981D-93596DA74165}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2007
"{90120000-001F-0409-0000-0000000FF1CE}_ENTERPRISE_{ABDDE972-355B-4AF1-89A8-DA50B7B5C045}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2007
"{90120000-001F-040C-0000-0000000FF1CE}_ENTERPRISE_{F580DDD5-8D37-4998-968E-EBB76BB86787}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-001F-0410-0000-0000000FF1CE}" = Microsoft Office Proof (Italian) 2007
"{90120000-001F-0410-0000-0000000FF1CE}_ENTERPRISE_{322296D4-1EAE-4030-9FBC-D2787EB25FA2}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-002C-0407-0000-0000000FF1CE}" = Microsoft Office Proofing (German) 2007
"{90120000-0030-0000-0000-0000000FF1CE}" = Microsoft Office Enterprise 2007
"{90120000-0030-0000-0000-0000000FF1CE}_ENTERPRISE_{0B36C6D6-F5D8-4EAF-BF94-4376A230AD5B}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0030-0000-0000-0000000FF1CE}_ENTERPRISE_{3D019598-7B59-447A-80AE-815B703B84FF}" = Security Update for Microsoft Office system 2007 (972581)
"{90120000-0044-0407-0000-0000000FF1CE}" = Microsoft Office InfoPath MUI (German) 2007
"{90120000-0044-0407-0000-0000000FF1CE}_ENTERPRISE_{9BD40163-B95D-4B07-8991-0AB775B6D88B}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-006E-0407-0000-0000000FF1CE}" = Microsoft Office Shared MUI (German) 2007
"{90120000-006E-0407-0000-0000000FF1CE}_ENTERPRISE_{26454C26-D259-4543-AA60-3189E09C5F76}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-00A1-0407-0000-0000000FF1CE}" = Microsoft Office OneNote MUI (German) 2007
"{90120000-00A1-0407-0000-0000000FF1CE}_ENTERPRISE_{9BD40163-B95D-4B07-8991-0AB775B6D88B}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-00BA-0407-0000-0000000FF1CE}" = Microsoft Office Groove MUI (German) 2007
"{90120000-00BA-0407-0000-0000000FF1CE}_ENTERPRISE_{9BD40163-B95D-4B07-8991-0AB775B6D88B}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{92E25238-61A3-4ACD-A407-3C480EEF47A7}" = Nero RescueAgent 10 Help (CHM)
"{92EC1A84-7FFC-42DF-A8F6-79C21C4765A5}" = Nero DiscCopy Gadget 10
"{943CFD7D-5336-47AF-9418-E02473A5A517}" = Nero BurnRights 10
"{94FB5B63-A65F-7E5D-560D-A79FB29EA52F}" = Catalyst Control Center InstallProxy
"{95120000-00B9-0409-0000-0000000FF1CE}" = Microsoft Application Error Reporting
"{9699C9AA-8990-904D-FD1B-D931E437434D}" = CCC Help English
"{981029E0-7FC9-4CF3-AB39-6F133621921A}" = Skype Toolbars
"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
"{9A4297F3-2A51-4ED9-92CA-4BCB8380947E}" = Nero Vision 10
"{9B6B24BE-80E7-46C4-9FA5-B167D5E0F345}" = Nero BurningROM 10 Help (CHM)
"{A8516AC9-AAF1-47F9-9766-03E2D4CDBCF8}" = CyberLink PowerDVD 9
"{AADD1C8F-D59F-4D55-A726-768C71A205A8}" = Pinnacle Studio 14
"{AC76BA86-1033-F400-7760-000000000003}" = Adobe Acrobat 8 Professional - English, Français, Deutsch
"{AC76BA86-7AD7-1031-7B44-A91000000001}" = Adobe Reader 9.1 - Deutsch
"{AED2DD42-9853-407E-A6BC-8A1D6B715909}" = Windows Live Messenger
"{B6A24D2D-1ADB-4553-87FD-38F3FAADC18E}_is1" = The Book of Unwritten Tales 1.0.0.0
"{C18A0418-442A-4186-AF98-D08F5054A2FC}" = Nero DiscSpeed 10 Help (CHM)
"{C27BC2A2-30DD-4014-B22E-63EB0DB572F9}" = Logitech Webcam Software
"{C3273C55-E1E4-41FF-8D69-0158090DB8D8}" = Nero CoverDesigner 10 Help (CHM)
"{C3580AC4-C827-4332-B935-9A282ED5BB97}" = Nero Dolby Files 10
"{C4D738F7-996A-4C81-B8FA-C4E26D767E41}" = Windows Live Mail
"{C878CD69-85DB-426B-81A3-E71175AAEB91}" = Dealio Toolbar v4.0.2
"{CAFA57E8-8927-4912-AFCF-B0AA3837E989}" = Windows Live Essentials
"{CCA5EAAD-92F4-4B7A-B5EE-14294C66AB61}" = PlayReady PC Runtime x86
"{D103C4BA-F905-437A-8049-DB24763BBE36}" = Skype™ 4.2
"{D2041A37-5FEC-49F0-AE5C-3F2FFDFAA4F4}" = Windows Live Call
"{D24DB8B9-BB6C-4334-9619-BA1C650E13D3}" = Microsoft Primary Interoperability Assemblies 2005
"{D3742F82-1C1A-4DCC-ABBD-0E7C3C0185CC}" = TuneUp Utilities
"{DB7C1D4A-08BA-4C7E-A8AA-B7F9BB372DCF}" = Nero Recode 10 Help (CHM)
"{E1EE5339-5D32-458F-BAAB-B19F6301BCE2}" = Nero SoundTrax 10
"{E337E787-CF61-4B7B-B84F-509202A54023}" = Nero RescueAgent 10
"{E623BB3F-F7ED-4148-BEB5-A0D1DB28B4DE}" = Media Converter for Philips
"{EDCDFAD5-DF80-4600-A493-E9DAD6810230}" = Nero WaveEditor 10
"{F0E12BBA-AD66-4022-A453-A1C8A0C4D570}" = Microsoft Choice Guard
"{F412B4AF-388C-4FF5-9B2F-33DB1C536953}" = Nero InfoTool 10
"{F467862A-D9CA-47ED-8D81-B4B3C9399272}" = Nero MediaHub 10 Help (CHM)
"{F5CB822F-B365-43D1-BCC0-4FDA1A2017A7}" = Nero 10 Movie ThemePack Basic
"{F6117F9C-ADB5-4590-9BE4-12C7BEC28702}" = Nero StartSmart 10 Help (CHM)
"{F61D489E-6C44-49AC-AD02-7DA8ACA73A65}" = Nero StartSmart 10
"{FCF00A6E-FB58-477A-ABE9-232907105521}" = Nero CoverDesigner 10
"Adobe Acrobat 8 Professional - English, Français, Deutsch" = Adobe Acrobat 8 Professional - English, Français, Deutsch
"Adobe Flash Player Plugin" = Adobe Flash Player 10 Plugin
"Applian FLV Player2.0.24" = Applian FLV Player
"Avira AntiVir Desktop" = Avira AntiVir Premium
"Deutschlands Brettspiele Deluxe" = Deutschlands Brettspiele Deluxe 1.0
"eMusic Promotion" = 50 FREE MP3s +1 Free Audiobook!
"ENTERPRISE" = Microsoft Office Enterprise 2007
"Free Audio CD Burner_is1" = Free Audio CD Burner version 1.4
"Free FLV Converter_is1" = Free FLV Converter V 6.92.0
"Free PDF to Word Doc Converter_is1" = Free PDF to Word Doc Converter v1.1
"InstallShield_{A8516AC9-AAF1-47F9-9766-03E2D4CDBCF8}" = CyberLink PowerDVD 9
"Malwarebytes' Anti-Malware_is1" = Malwarebytes' Anti-Malware
"Metin2_is1" = Metin2
"Moraff's_Maximum_Mahjongg_1.0" = Moraff's Maximum MahJongg 1.0
"Mozilla Firefox (3.6.8)" = Mozilla Firefox (3.6.8)
"OpenAL" = OpenAL
"Red Giant ToonIt Studio" = Red Giant ToonIt Studio
"SolSuite_is1" = SolSuite 2010 v10.4
"TuneUp Utilities" = TuneUp Utilities
"Uninstall_is1" = Uninstall 1.0.0.1
"Winamp" = Winamp
"Winamp Toolbar" = Winamp Toolbar
"WinLiveSuite_Wave3" = Windows Live Essentials
========== HKEY_CURRENT_USER Uninstall List ==========
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"Monopoly Deluxe" = Monopoly Deluxe
"Winamp Detect" = Winamp Erkennungs-Plug-in
========== Last 10 Event Log Errors ==========
Error reading Event Logs: The Event Service is not operating properly or the Event Logs are corrupt!
< End of report >
3. mbam-log-2010-09-06 (19-38-33).txt Malwarebytes' Anti-Malware 1.46 www.malwarebytes.org Datenbank Version: 4556 Windows 6.1.7600 Internet Explorer 8.0.7600.16385 06.09.2010 19:38:33 mbam-log-2010-09-06 (19-38-33).txt Art des Suchlaufs: Quick-Scan Durchsuchte Objekte: 142533 Laufzeit: 4 Minute(n), 54 Sekunde(n) Infizierte Speicherprozesse: 0 Infizierte Speichermodule: 2 Infizierte Registrierungsschlüssel: 0 Infizierte Registrierungswerte: 3 Infizierte Dateiobjekte der Registrierung: 0 Infizierte Verzeichnisse: 0 Infizierte Dateien: 2 Infizierte Speicherprozesse: (Keine bösartigen Objekte gefunden) Infizierte Speichermodule: C:\Program Files\pdfforge Toolbar\FF\components\pdfforgeToolbarFF.dll (Adware.WidgiToolbar) -> Delete on reboot. C:\Program Files\Dealio Toolbar\FF\components\dealioToolbarFF.dll (Adware.WidgiToolbar) -> Delete on reboot. Infizierte Registrierungsschlüssel: (Keine bösartigen Objekte gefunden) Infizierte Registrierungswerte: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\SharedDLLs\C:\Program Files\pdfforge Toolbar\FF\components\pdfforgeToolbarFF.dll (Adware.WidgiToolbar) -> Quarantined and deleted successfully. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\SharedDLLs\C:\Program Files\Dealio Toolbar\FF\components\dealioToolbarFF.dll (Adware.WidgiToolbar) -> Quarantined and deleted successfully. HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\mssmsgs (Backdoor.Bot) -> Quarantined and deleted successfully. Infizierte Dateiobjekte der Registrierung: (Keine bösartigen Objekte gefunden) Infizierte Verzeichnisse: (Keine bösartigen Objekte gefunden) Infizierte Dateien: C:\Program Files\pdfforge Toolbar\FF\components\pdfforgeToolbarFF.dll (Adware.WidgiToolbar) -> Delete on reboot. C:\Program Files\Dealio Toolbar\FF\components\dealioToolbarFF.dll (Adware.WidgiToolbar) -> Delete on reboot. |
|
06.09.2010, 19:15
| #4 |
| | Unbekannte Meldung Zusatz: Nach dem Durchlauf von Malwarebytes hat sich die Meldung auf dem Desktop verabschiedet. Schon mal tausend Dank !!! |
|
06.09.2010, 19:53
| #5 |
| /// Winkelfunktion /// TB-Süch-Tiger™ | Unbekannte Meldung Dann bitte jetzt CF ausführen: ComboFix Ein Leitfaden und Tutorium zur Nutzung von ComboFix
Combofix darf ausschließlich ausgeführt werden, wenn ein Kompetenzler dies ausdrücklich empfohlen hat!
__________________ Logfiles bitte immer in CODE-Tags posten  |
|
06.09.2010, 20:45
| #6 |
| | Unbekannte Meldung Hier das logfile von cofi.exe: Combofix Logfile: Code:
ATTFilter ComboFix 10-09-06.02 - Peter Wichtel 06.09.2010 21:34:14.1.4 - x86
Microsoft Windows 7 Professional 6.1.7600.0.1252.49.1031.18.3326.2115 [GMT 2:00]
ausgeführt von:: c:\users\Peter Wichtel\Desktop\cofi.exe
.
(((((((((((((((((((((((((((((((((((( Weitere Löschungen ))))))))))))))))))))))))))))))))))))))))))))))))
.
c:\program files\Search Settings
c:\program files\Search Settings\FF\chrome.manifest
c:\program files\Search Settings\FF\chrome\content\plugin.js
c:\program files\Search Settings\FF\chrome\content\plugin.xul
c:\program files\Search Settings\FF\chrome\content\protection.js
c:\program files\Search Settings\FF\chrome\content\utils.js
c:\program files\Search Settings\FF\chrome\locale\en-US\searchsettingsplugin.dtd
c:\program files\Search Settings\FF\chrome\locale\en-US\searchsettingsplugin.properties
c:\program files\Search Settings\FF\components\IFBHOSearch.xpt
c:\program files\Search Settings\FF\components\IFBHOSearchHelperEngine.xpt
c:\program files\Search Settings\FF\components\IFHelperPreferences.xpt
c:\program files\Search Settings\FF\components\SearchSettingsFF.dll
c:\program files\Search Settings\FF\install.rdf
c:\program files\Search Settings\SeARchsettings.dll
c:\program files\Search Settings\SearchSettings.exe
c:\program files\Search Settings\SearchSettingsRes409.dll
c:\users\Peter Wichtel\AppData\Roaming\inst.exe
c:\users\Peter Wichtel\AppData\Roaming\Microsoft\Windows\Recent\desktop_79819816.ico
c:\windows\TEMP\logishrd\LVPrcInj01.dll
.
((((((((((((((((((((((( Dateien erstellt von 2010-08-06 bis 2010-09-06 ))))))))))))))))))))))))))))))
.
2010-09-06 19:37 . 2010-09-06 19:40 -------- d-----w- c:\users\Peter Wichtel\AppData\Local\temp
2010-09-06 19:37 . 2010-09-06 19:37 -------- d-----w- c:\users\Default\AppData\Local\temp
2010-09-06 19:25 . 2010-09-06 19:25 -------- d-----w- c:\program files\CCleaner
2010-09-06 17:31 . 2010-09-06 17:31 -------- d-----w- c:\users\Peter Wichtel\AppData\Roaming\Malwarebytes
2010-09-06 17:30 . 2010-04-29 10:19 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2010-09-06 17:30 . 2010-09-06 17:30 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2010-09-06 17:30 . 2010-09-06 17:30 -------- d-----w- c:\programdata\Malwarebytes
2010-09-06 17:30 . 2010-04-29 10:19 20952 ----a-w- c:\windows\system32\drivers\mbam.sys
2010-09-05 10:38 . 2010-09-05 10:38 -------- d-----w- c:\program files\Common Files\Java
2010-09-05 10:38 . 2010-09-05 10:38 423656 ----a-w- c:\windows\system32\deployJava1.dll
2010-09-05 10:38 . 2010-09-05 10:38 -------- d-----w- c:\program files\Java
2010-08-28 19:25 . 2010-08-28 19:25 -------- d-----w- c:\programdata\Winamp Toolbar
2010-08-28 19:25 . 2010-08-28 19:25 -------- d-----w- c:\program files\Winamp Toolbar
2010-08-28 19:25 . 2010-08-28 19:25 -------- d-----w- c:\program files\Common Files\PX Storage Engine
2010-08-28 19:25 . 2010-09-06 18:37 -------- d-----w- c:\users\Peter Wichtel\AppData\Roaming\Winamp
2010-08-25 18:18 . 2001-10-28 15:42 116224 ----a-w- c:\windows\system32\pdfcmnnt.dll
2010-08-25 18:18 . 1998-07-06 16:56 125712 ----a-w- c:\windows\system32\VB6DE.DLL
2010-08-25 18:18 . 1998-07-06 16:55 158208 ----a-w- c:\windows\system32\MSCMCDE.DLL
2010-08-25 18:18 . 2010-08-25 18:18 -------- d-----w- c:\program files\PDFCreator
2010-08-25 18:18 . 1998-07-06 16:55 64512 ----a-w- c:\windows\system32\MSCC2DE.DLL
2010-08-25 18:18 . 1998-07-05 23:00 23552 ----a-w- c:\windows\system32\MSMPIDE.DLL
2010-08-25 05:53 . 2010-04-07 07:10 571904 ----a-w- c:\windows\system32\oleaut32.dll
2010-08-24 18:39 . 2010-08-18 15:12 52224 ----a-w- c:\users\Peter Wichtel\AppData\Roaming\Mozilla\Firefox\Profiles\7ns36sz1.default\extensions\{872b5b88-9db5-4310-bdd0-ac189557e5f5}\components\FFExternalAlert.dll
2010-08-24 18:39 . 2010-08-18 15:12 101376 ----a-w- c:\users\Peter Wichtel\AppData\Roaming\Mozilla\Firefox\Profiles\7ns36sz1.default\extensions\{872b5b88-9db5-4310-bdd0-ac189557e5f5}\components\RadioWMPCore.dll
2010-08-23 21:26 . 2010-08-23 21:26 -------- d-----w- c:\users\Peter Wichtel\AppData\Roaming\Media Player Classic
2010-08-22 20:35 . 2010-08-22 20:35 52224 ----a-w- c:\users\Peter Wichtel\AppData\Roaming\Mozilla\Firefox\Profiles\5wao64zs.default\extensions\{872b5b88-9db5-4310-bdd0-ac189557e5f5}\components\FFExternalAlert.dll
2010-08-22 20:35 . 2010-08-22 20:35 101376 ----a-w- c:\users\Peter Wichtel\AppData\Roaming\Mozilla\Firefox\Profiles\5wao64zs.default\extensions\{872b5b88-9db5-4310-bdd0-ac189557e5f5}\components\RadioWMPCore.dll
2010-08-22 20:23 . 2010-08-22 20:23 -------- d-----w- c:\users\Peter Wichtel\AppData\Roaming\DVDVideoSoftIEHelpers
2010-08-22 20:22 . 2010-08-28 19:37 -------- d-----w- c:\program files\DVDVideoSoft
2010-08-22 20:22 . 2010-08-28 19:37 -------- d-----w- c:\program files\Common Files\DVDVideoSoft
2010-08-22 20:20 . 2010-08-22 20:36 -------- d-----w- C:\output media
2010-08-22 20:19 . 2010-08-22 20:19 34 ---ha-w- c:\windows\system32\Converter_sysquict.dat
2010-08-22 20:19 . 2010-08-22 20:22 -------- d-----w- c:\program files\Free Convert Youtube FLV to Audio MP3 Converter
2010-08-20 20:52 . 2010-08-20 20:52 -------- d-----w- c:\programdata\vsosdk
2010-08-20 19:24 . 2010-08-20 19:24 2300696 ----a-w- c:\programdata\Microsoft\eHome\Packages\MCEClientUX\UpdateableMarkup-2\markup.dll
2010-08-20 19:24 . 2010-08-20 19:24 42776 ----a-w- c:\programdata\Microsoft\eHome\Packages\MCEClientUX\dSM-2\StartResources.dll
2010-08-20 19:24 . 2010-08-20 19:24 1127240 ----a-w- c:\programdata\Microsoft\eHome\Packages\MCESpotlight\MCESpotlight-2\SpotlightResources.dll
2010-08-20 19:23 . 2010-06-14 06:12 1286016 ----a-w- c:\windows\system32\drivers\tcpip.sys
.
(((((((((((((((((((((((((((((((((((( Find3M Bericht ))))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-09-06 17:44 . 2009-07-14 08:47 643628 ----a-w- c:\windows\system32\perfh007.dat
2010-09-06 17:44 . 2009-07-14 08:47 126188 ----a-w- c:\windows\system32\perfc007.dat
2010-09-03 05:16 . 2010-08-05 11:39 -------- d-----w- c:\users\Peter Wichtel\AppData\Roaming\Skype
2010-09-03 05:09 . 2010-08-05 11:39 -------- d-----w- c:\users\Peter Wichtel\AppData\Roaming\skypePM
2010-08-28 19:54 . 2010-08-06 16:08 -------- d-----w- c:\program files\Application Updater
2010-08-26 15:58 . 2010-08-05 20:32 1113408 ----a-w- c:\programdata\Microsoft\eHome\Packages\MCESpotlight\MCESpotlight\SpotlightResources.dll
2010-08-22 20:13 . 2010-08-05 21:51 -------- d--h--w- c:\programdata\ArcSoft
2010-08-20 21:12 . 2010-08-05 12:03 -------- d-----w- c:\programdata\Microsoft Help
2010-08-20 04:04 . 2010-08-05 11:39 -------- d-----w- c:\users\Peter Wichtel\AppData\Roaming\SolSuite
2010-08-11 21:50 . 2010-08-06 16:08 307200 ----a-w- c:\windows\system32\TubeFinder.exe
2010-08-11 21:37 . 2010-08-11 21:37 0 ---ha-w- c:\windows\system32\drivers\Msft_User_WpdMtpDr_01_09_00.Wdf
2010-08-09 14:36 . 2010-08-05 14:25 -------- d-----w- c:\program files\Brother
2010-08-09 14:36 . 2010-08-05 14:25 -------- d--h--w- c:\program files\InstallShield Installation Information
2010-08-06 22:02 . 2010-08-06 22:02 -------- d-----w- c:\program files\MSXML 4.0
2010-08-06 20:32 . 2010-08-06 20:32 413696 ----a-w- c:\windows\system32\wrap_oal.dll
2010-08-06 20:32 . 2010-08-06 20:32 110592 ----a-w- c:\windows\system32\OpenAL32.dll
2010-08-06 20:32 . 2010-08-06 20:32 -------- d-----w- c:\program files\OpenAL
2010-08-06 18:55 . 2010-08-06 18:55 -------- d-----w- c:\programdata\McAfee
2010-08-06 18:23 . 2010-08-06 18:23 286720 ----a-w- c:\windows\iun506.exe
2010-08-06 17:56 . 2010-08-06 17:56 -------- d-----w- c:\program files\Microsoft Silverlight
2010-08-06 15:56 . 2010-08-05 10:57 -------- d-----w- c:\programdata\LogiShrd
2010-08-06 13:55 . 2010-08-06 12:43 -------- d-----w- c:\programdata\CyberLink
2010-08-06 12:55 . 2010-08-06 12:55 -------- d-----w- c:\program files\Cyberlink
2010-08-06 12:54 . 2010-08-06 12:42 29480 ----a-w- c:\windows\system32\msxml3a.dll
2010-08-06 12:54 . 2010-08-06 12:39 53319 ----a-w- c:\programdata\Temp\{A8516AC9-AAF1-47F9-9766-03E2D4CDBCF8}\PostBuild.exe
2010-08-06 12:45 . 2010-08-06 12:44 -------- d-----w- c:\users\Peter Wichtel\AppData\Roaming\CyberLink
2010-08-06 12:43 . 2010-08-06 12:43 -------- d-----w- c:\program files\Common Files\CyberLink
2010-08-06 09:46 . 2010-08-05 21:47 -------- d-----w- c:\program files\Windows Live
2010-08-06 09:45 . 2010-08-06 09:45 -------- d-----w- c:\program files\Microsoft
2010-08-06 09:45 . 2010-08-06 09:45 -------- d-----w- c:\program files\Windows Live SkyDrive
2010-08-06 09:40 . 2010-08-06 09:40 -------- d-----w- c:\program files\Common Files\Windows Live
2010-08-06 09:37 . 2010-08-05 11:39 140976 ----a-w- c:\users\Peter Wichtel\AppData\Local\GDIPFONTCACHEV1.DAT
2010-08-06 09:34 . 2009-07-14 02:37 -------- d-----w- c:\program files\Windows Mail
2010-08-06 06:41 . 2010-08-06 06:41 -------- d-----w- c:\program files\Microsoft CAPICOM 2.1.0.2
2010-08-06 06:39 . 2010-08-05 15:21 -------- d-----w- c:\program files\Microsoft Works
2010-08-05 22:51 . 2010-08-05 11:39 -------- d-----w- c:\users\Peter Wichtel\AppData\Roaming\Downloaded Installations
2010-08-05 21:52 . 2010-08-05 21:52 2485883 ----a-w- c:\programdata\ArcSoft\Global Deploy\CheckUpdate\ArcConnect.exe
2010-08-05 21:51 . 2010-08-05 21:51 -------- d-----w- c:\program files\Common Files\ArcSoft
2010-08-05 21:51 . 2010-08-05 21:51 -------- d-----w- c:\program files\Common Files\InstallShield
2010-08-05 21:48 . 2010-08-05 21:47 -------- dcsh--w- c:\program files\Common Files\WindowsLiveInstaller
2010-08-05 21:46 . 2010-08-05 21:46 -------- d-----w- c:\programdata\WLInstaller
2010-08-05 21:02 . 2010-08-05 21:02 -------- d-----w- c:\program files\Common Files\Skype
2010-08-05 21:01 . 2010-08-05 21:01 56 ---ha-w- c:\programdata\ezsidmv.dat
2010-08-05 21:00 . 2010-08-05 21:00 -------- d-----r- c:\program files\Skype
2010-08-05 21:00 . 2010-08-05 21:00 -------- d-----w- c:\programdata\Skype
2010-08-05 20:33 . 2010-08-05 20:33 2300696 ----a-w- c:\programdata\Microsoft\eHome\Packages\MCEClientUX\UpdateableMarkup\markup.dll
2010-08-05 20:32 . 2010-08-05 20:32 -------- d-----w- c:\program files\PlayReady
2010-08-05 20:32 . 2010-08-05 20:32 42776 ----a-w- c:\programdata\Microsoft\eHome\Packages\MCEClientUX\dSM\StartResources.dll
2010-08-05 20:19 . 2010-08-05 11:39 -------- d-----w- c:\users\Peter Wichtel\AppData\Roaming\Vso
2010-08-05 20:19 . 2010-08-05 11:39 47360 ----a-w- c:\users\Peter Wichtel\AppData\Roaming\pcouffin.sys
2010-08-05 20:19 . 2010-08-05 11:39 47360 ----a-w- c:\users\Peter Wichtel\AppData\Roaming\pcouffin.sys
2010-08-05 19:45 . 2010-08-05 19:39 -------- d-----w- c:\program files\Pinnacle
2010-08-05 19:44 . 2010-08-05 19:44 -------- d-----w- c:\program files\Common Files\Pinnacle
2010-08-05 19:44 . 2010-08-05 11:39 29926 ----a-r- c:\users\Peter Wichtel\AppData\Roaming\Microsoft\Installer\{6DE721A5-5E89-4D74-994C-652BB3C0672E}\ARPPRODUCTICON.exe
2010-08-05 19:43 . 2010-08-05 19:43 -------- d-----w- c:\programdata\Pinnacle Studio Ultimate
2010-08-05 19:42 . 2010-08-05 19:36 -------- d-----w- c:\programdata\Pinnacle
2010-08-05 19:39 . 2010-08-05 19:39 -------- d-----w- c:\program files\Common Files\Pegasus Imaging
2010-08-05 19:39 . 2010-08-05 19:39 -------- d-----w- c:\programdata\Studio 14
2010-08-05 19:39 . 2010-08-05 19:39 -------- d-----w- c:\programdata\Pinnacle Studio Plus
2010-08-05 19:39 . 2010-08-05 19:39 -------- d-----w- c:\program files\Common Files\Yahoo!
2010-08-05 19:28 . 2010-08-05 11:39 47360 ----a-w- c:\windows\system32\drivers\pcouffin.sys
2010-08-05 19:17 . 2010-08-05 19:17 -------- d-----w- c:\programdata\Avira
2010-08-05 18:53 . 2010-08-05 18:53 -------- d-----w- c:\programdata\TuneUp Software
2010-08-05 18:53 . 2010-08-05 18:53 -------- d-sh--w- c:\programdata\{D3742F82-1C1A-4DCC-ABBD-0E7C3C0185CC}
2010-08-05 18:51 . 2010-08-05 18:51 -------- d-----w- c:\programdata\ATI
2010-08-05 18:48 . 2010-08-05 18:48 -------- d-----w- c:\program files\Common Files\ATI Technologies
2010-08-05 18:48 . 2010-08-05 18:39 -------- d-----w- c:\program files\ATI
2010-08-05 18:45 . 2010-08-05 18:45 -------- d-----w- c:\program files\Realtek
2010-08-05 18:41 . 2010-08-05 18:41 -------- d-----w- c:\program files\DIFX
2010-08-05 18:41 . 2010-08-05 18:41 -------- d-----w- c:\program files\AMD
2010-08-05 17:44 . 2010-08-05 17:44 -------- d-----w- c:\programdata\TreeCardGames
2010-08-05 17:27 . 2010-08-05 14:39 -------- d-----w- c:\program files\Common Files\Adobe
2010-08-05 17:27 . 2010-08-05 17:27 -------- d-----w- c:\program files\Common Files\Macrovision Shared
2010-08-05 16:59 . 2010-08-05 16:59 -------- d-----w- c:\programdata\FLEXnet
2010-08-05 15:47 . 2010-08-05 15:43 -------- d-----w- c:\programdata\Nero
2010-08-05 15:47 . 2010-08-05 15:47 -------- d-----w- c:\program files\Nero
2010-08-05 15:43 . 2010-08-05 15:42 -------- d-----w- c:\program files\Common Files\Nero
2010-08-05 15:21 . 2009-07-14 04:52 -------- d-----w- c:\program files\MSBuild
2010-08-05 15:19 . 2010-08-05 15:19 -------- d-----w- c:\program files\Microsoft Visual Studio 8
2010-08-05 14:25 . 2010-08-05 14:25 50 ----a-w- c:\windows\system32\bridf06a.dat
2010-08-05 14:24 . 2010-08-05 14:24 -------- d-----w- c:\programdata\Brother
2010-08-05 14:12 . 2010-08-05 14:12 -------- d-----w- c:\program files\Microsoft.NET
2010-08-05 10:57 . 2010-08-05 10:57 -------- d-----w- c:\program files\Logitech
2010-08-05 10:57 . 2010-08-05 10:57 -------- d-----w- c:\users\Peter Wichtel\AppData\Roaming\Leadertech
2010-08-05 10:57 . 2010-08-05 10:54 -------- d-----w- c:\program files\Common Files\logishrd
2010-08-05 10:55 . 2010-08-05 10:55 -------- d-sh--we c:\programdata\Vorlagen
2010-08-05 10:55 . 2010-08-05 10:55 -------- d-sh--we c:\programdata\Startmenü
2010-08-05 10:55 . 2010-08-05 10:55 -------- d-sh--we c:\programdata\Favoriten
2010-08-05 10:55 . 2010-08-05 10:55 -------- d-sh--we c:\programdata\Dokumente
2010-08-05 10:55 . 2010-08-05 10:55 -------- d-sh--we c:\programdata\Anwendungsdaten
2010-08-05 10:55 . 2010-08-05 10:55 -------- d-sh--we c:\program files\Gemeinsame Dateien
2010-08-05 10:47 . 2010-08-05 10:47 0 ----a-w- c:\windows\ativpsrm.bin
2010-08-05 10:46 . 2010-08-05 10:46 0 ---ha-w- c:\windows\system32\drivers\Msft_User_WpdFs_01_09_00.Wdf
2010-07-29 06:30 . 2010-08-20 19:22 197632 ----a-w- c:\windows\system32\ir32_32.dll
2010-07-29 06:30 . 2010-08-20 19:22 82944 ----a-w- c:\windows\system32\iccvid.dll
2010-07-28 15:36 . 2010-07-28 15:36 180224 ----a-w- c:\programdata\Winamp Toolbar\ieToolbar\resources\en-US\winamptbres.dll
2010-07-17 09:20 . 2010-08-05 11:39 -------- d-----w- c:\users\Peter Wichtel\AppData\Roaming\Dream Dale score lib
2010-07-16 20:03 . 2010-08-05 11:39 160816 ----a-w- c:\users\Peter Wichtel\AppData\Local\GDIPFONTCACHEV1 (2).DAT
2010-07-07 22:17 . 2010-08-05 11:39 38 ----a-w- c:\users\Peter Wichtel\AppData\Local\Index_946EE51E.dat
2010-07-07 22:17 . 2010-08-05 11:39 38 ----a-w- c:\users\Peter Wichtel\AppData\Local\Index_946EE51E (2).dat
2009-06-10 21:26 . 2009-07-14 02:04 9633792 --sha-r- c:\windows\Fonts\StaticCache.dat
2009-07-14 01:14 . 2009-07-13 23:42 396800 --sha-w- c:\windows\winsxs\x86_microsoft-windows-mail-app_31bf3856ad364e35_6.1.7600.16385_none_f12e83abb108c86c\WinMail.exe
.
(((((((((((((((((((((((((((( Autostartpunkte der Registrierung ))))))))))))))))))))))))))))))))))))))))
.
.
*Hinweis* leere Einträge & legitime Standardeinträge werden nicht angezeigt.
REGEDIT4
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\URLSearchHooks]
"{57BCA5FA-5DBB-45a2-B558-1755C3F6253B}"= "c:\program files\Winamp Toolbar\winamptb.dll" [2010-07-28 1267024]
[HKEY_CLASSES_ROOT\clsid\{57bca5fa-5dbb-45a2-b558-1755c3f6253b}]
[HKEY_CLASSES_ROOT\WINAMPTB.AOLTBSearch.1]
[HKEY_CLASSES_ROOT\TypeLib\{538CD77C-BFDD-49b0-9562-77419CAB89D1}]
[HKEY_CLASSES_ROOT\WINAMPTB.AOLTBSearch]
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Skype"="c:\program files\Skype\\Phone\Skype.exe" [2010-05-13 26192168]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"LogitechQuickCamRibbon"="c:\program files\Logitech\Logitech WebCam Software\LWS.exe" [2009-10-14 2793304]
"GrooveMonitor"="d:\program files\Microsoft Office\Office12\GrooveMonitor.exe" [2008-10-25 31072]
"Acrobat Assistant 8.0"="c:\program files\Adobe\Acrobat 8.0\Acrobat\Acrotray.exe" [2006-10-22 620152]
"StartCCC"="d:\program files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2010-07-06 98304]
"avgnt"="d:\avira\AntiVir Desktop\avgnt.exe" [2010-03-02 282792]
"USBToolTip"="c:\progra~1\Pinnacle\SHARED~1\Programs\USBTip\USBTip.exe" [2007-02-20 199752]
"USB2Check"="c:\windows\system32\PCLECoInst.dll" [2007-02-20 81920]
"RemoteControl9"="d:\program files\CyberLink\PowerDVD9\PowerDVD9\PDVD9Serv.exe" [2009-02-16 87336]
"PDVD9LanguageShortcut"="d:\program files\CyberLink\PowerDVD9\PowerDVD9\Language\Language.exe" [2008-10-13 50472]
"BDRegion"="c:\program files\Cyberlink\Shared Files\brs.exe" [2009-02-28 75048]
"WinampAgent"="d:\program files\Winamp\winampa.exe" [2010-05-19 37888]
"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2010-05-14 248552]
" Malwarebytes Anti-Malware (reboot)"="c:\program files\Malwarebytes' Anti-Malware\mbam.exe" [2010-04-29 1090952]
c:\users\Peter Wichtel\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
OneNote 2007 Bildschirmausschnitt- und Startprogramm.lnk - d:\program files\Microsoft Office\Office12\ONENOTEM.EXE [2009-2-26 97680]
c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
Adobe Acrobat - Schnellstart.lnk - c:\windows\Installer\{AC76BA86-1033-F400-7760-000000000003}\_SC_Acrobat.exe [2010-8-5 295606]
Adobe Reader Synchronizer.lnk - c:\program files\Adobe\Acrobat 8.0\Acrobat\AdobeCollabSync.exe [2006-10-23 734872]
Philips SA52XX Device Manager.lnk - c:\philips\SA52xx Device Manager\SA52xx_DeviceManager.exe [2010-8-5 1384448]
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 5 (0x5)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)
"EnableLinkedConnections"= 1 (0x1)
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run-]
"ArcSoft Connection Service"=c:\program files\Common Files\ArcSoft\Connection Service\Bin\ACDaemon.exe
R3 PinnacleMarvinAVS;Pinnacle AVStream Service for MovieBox Deluxe, 500-USB and 700-USB;c:\windows\system32\DRIVERS\MarvinAVS.sys [2007-05-09 434176]
S2 {B154377D-700F-42cc-9474-23858FBDF4BD};Power Control [2010/08/06 14:55];d:\program files\CyberLink\PowerDVD9\PowerDVD9\000.fcl [2009-02-28 17:40 87536]
S2 AMD External Events Utility;AMD External Events Utility;c:\windows\system32\atiesrxx.exe [2010-07-07 176128]
S2 AntiVirMailService;Avira AntiVir MailGuard;d:\avira\AntiVir Desktop\avmailc.exe [2010-03-30 337064]
S2 AntiVirSchedulerService;Avira AntiVir Planer;d:\avira\AntiVir Desktop\sched.exe [2010-02-24 135336]
S2 AntiVirWebService;Avira AntiVir WebGuard;d:\avira\AntiVir Desktop\AVWEBGRD.EXE [2010-04-01 405672]
S2 Application Updater;Application Updater;c:\program files\Application Updater\ApplicationUpdater.exe [2010-01-07 380928]
S2 NAUpdate;Nero Update;c:\program files\Nero\Update\NASvc.exe [2010-03-25 490280]
S2 TuneUp.UtilitiesSvc;TuneUp Utilities Service;d:\program files\TuneUp Utilities 2010\TuneUpUtilitiesService32.exe [2009-10-30 1021256]
S3 amdkmdag;amdkmdag;c:\windows\system32\DRIVERS\atikmdag.sys [2010-07-07 5882368]
S3 amdkmdap;amdkmdap;c:\windows\system32\DRIVERS\atikmpag.sys [2010-07-07 210944]
S3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\DRIVERS\Rt86win7.sys [2010-03-22 278560]
S3 TuneUpUtilitiesDrv;TuneUpUtilitiesDrv;d:\program files\TuneUp Utilities 2010\TuneUpUtilitiesDriver32.sys [2009-10-14 10064]
S3 usbfilter;AMD USB Filter Driver;c:\windows\system32\DRIVERS\usbfilter.sys [2009-04-03 27320]
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost - NetSvcs
UxTuneUp
.
.
------- Zusätzlicher Suchlauf -------
.
IE: &Winamp Search - c:\programdata\Winamp Toolbar\ieToolbar\resources\en-US\local\search.html
IE: An vorhandenes PDF anfügen - c:\program files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
IE: Ausgewählte Verknüpfungen in Adobe PDF konvertieren - c:\program files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
IE: Ausgewählte Verknüpfungen in vorhandene PDF-Datei konvertieren - c:\program files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
IE: Auswahl in Adobe PDF konvertieren - c:\program files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
IE: Auswahl in vorhandene PDF-Datei konvertieren - c:\program files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
IE: In Adobe PDF konvertieren - c:\program files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
IE: Nach Microsoft E&xel exportieren - c:\progra~1\MICROS~1\Office12\EXCEL.EXE/3000
IE: Verknüpfungsziel in Adobe PDF konvertieren - c:\program files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
IE: Verknüpfungsziel in vorhandene PDF-Datei konvertieren - c:\program files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
LSP: d:\avira\AntiVir Desktop\avsda.dll
FF - ProfilePath - c:\users\Peter Wichtel\AppData\Roaming\Mozilla\Firefox\Profiles\7ns36sz1.default\
FF - prefs.js: browser.search.defaulturl - hxxp://slirsredirect.search.aol.com/slirs_http/sredir?sredir=2685&invocationType=tb50ffwinampie7&query=
FF - prefs.js: browser.search.selectedEngine - Winamp Search
FF - prefs.js: browser.startup.homepage - hxxp://www.google.de/webhp?rls=ig&cplp=1283073759557
FF - prefs.js: keyword.URL - hxxp://slirsredirect.search.aol.com/slirs_http/sredir?sredir=2685&invocationType=tb50ffwinampab&query=
FF - component: c:\users\Peter Wichtel\AppData\Roaming\Mozilla\Firefox\Profiles\7ns36sz1.default\extensions\{0b38152b-1b20-484d-a11f-5e04a9b0661f}\components\WinampTBPlayer.dll
FF - component: c:\users\Peter Wichtel\AppData\Roaming\Mozilla\Firefox\Profiles\7ns36sz1.default\extensions\{872b5b88-9db5-4310-bdd0-ac189557e5f5}\components\FFExternalAlert.dll
FF - component: c:\users\Peter Wichtel\AppData\Roaming\Mozilla\Firefox\Profiles\7ns36sz1.default\extensions\{872b5b88-9db5-4310-bdd0-ac189557e5f5}\components\RadioWMPCore.dll
FF - component: d:\program files\ArcSoft\Media Converter for Philips\Internet Video Downloader\Plugin_FireFox\components\nsURLRecordEx.dll
FF - component: d:\program files\Mozilla Firefox\extensions\{AB2CE124-6272-4b12-94A9-7303C7397BD1}\components\SkypeFfComponent.dll
FF - plugin: c:\program files\Java\jre6\bin\new_plugin\npdeployJava1.dll
FF - plugin: d:\program files\Adobe\Reader 9.0\Reader\browser\nppdf32.dll
FF - plugin: d:\program files\Mozilla Firefox\plugins\npwachk.dll
---- FIREFOX Richtlinien ----
d:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgbaam7a8h", true);
d:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgberp4a5d4ar", true);
d:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled", false);
.
- - - - Entfernte verwaiste Registrierungseinträge - - - -
BHO-{01398B87-61AF-4FFB-9AB5-1A1C5FB39A9C} - (no file)
Toolbar-{01398B87-61AF-4FFB-9AB5-1A1C5FB39A9C} - (no file)
HKLM-Run-SearchSettings - c:\program files\Search Settings\SearchSettings.exe
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\{B154377D-700F-42cc-9474-23858FBDF4BD}]
"ImagePath"="\??\d:\program files\CyberLink\PowerDVD9\PowerDVD9\000.fcl"
.
--------------------- Gesperrte Registrierungsschluessel ---------------------
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
------------------------ Weitere laufende Prozesse ------------------------
.
c:\windows\system32\atieclxx.exe
c:\program files\Common Files\ArcSoft\Connection Service\Bin\ACService.exe
d:\avira\AntiVir Desktop\avguard.exe
c:\windows\system32\taskhost.exe
d:\avira\AntiVir Desktop\avshadow.exe
c:\windows\system32\conhost.exe
c:\program files\Common Files\LogiShrd\LVMVFM\LVPrcSrv.exe
c:\program files\Common Files\Microsoft Shared\VS7DEBUG\mdm.exe
d:\program files\TuneUp Utilities 2010\TuneUpUtilitiesApp32.exe
c:\windows\system32\WUDFHost.exe
c:\windows\system32\conhost.exe
c:\program files\Pinnacle\Shared Files\Programs\USBTip\USBTip.exe
c:\program files\Common Files\Logishrd\LQCVFX\COCIManager.exe
d:\program files\ATI Technologies\ATI.ACE\Core-Static\MOM.exe
d:\program files\ATI Technologies\ATI.ACE\Core-Static\CCC.exe
c:\program files\Adobe\Acrobat 8.0\Acrobat\acrobat_sl.exe
c:\program files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
c:\program files\Windows Media Player\wmpnetwk.exe
c:\windows\system32\sppsvc.exe
.
**************************************************************************
.
Zeit der Fertigstellung: 2010-09-06 21:43:17 - PC wurde neu gestartet
ComboFix-quarantined-files.txt 2010-09-06 19:43
Vor Suchlauf: 7 Verzeichnis(se), 185.335.873.536 Bytes frei
Nach Suchlauf: 12 Verzeichnis(se), 184.954.372.096 Bytes frei
- - End Of File - - 05190ADBECF951EB5BE724DD0A3FA810
|
|
06.09.2010, 20:51
| #7 |
| /// Winkelfunktion /// TB-Süch-Tiger™ | Unbekannte Meldung Ok. Bitte nun Logs mit GMER und OSAM erstellen und posten. GMER stürzt häufiger ab, wenn das Tool auch beim 2. Mal nicht will, lass es einfach weg und führ nur OSAM aus Anschließend den bootkit_remover herunterladen. Entpacke das Tool in einen eigenen Ordner auf dem Desktop und führe in diesem Ordner die Datei remove.exe aus. Wenn Du Windows Vista oder Windows 7 verwendest, musst Du die remover.exe über ein Rechtsklick => als Administrator ausführen Ein schwarzes Fenster wird sich öffnen und automatisch nach bösartigen Veränderungen im MBR suchen. Poste dann bitte, ob es Veränderungen gibt und wenn ja in welchem device. Am besten alles posten was die remover.exe ausgibt.
__________________ Logfiles bitte immer in CODE-Tags posten |
|
06.09.2010, 22:13
| #8 |
| | Unbekannte Meldung Hier das OSAM-Log OSAM Logfile: Code:
ATTFilter Report of OSAM: Autorun Manager v5.0.11926.0 hxxp://www.online-solutions.ru/en/ Saved at 23:10:39 on 06.09.2010 OS: Windows 7 (Build 7600), 32-bit Default Browser: Mozilla Corporation Firefox 3.6.8 Scanner Settings [x] Rootkits detection (hidden registry) [x] Rootkits detection (hidden files) [x] Retrieve files information [x] Check Microsoft signatures Filters [ ] Trusted entries [ ] Empty entries [x] Hidden registry entries (rootkit activity) [x] Exclusively opened files [x] Not found files [x] Files without detailed information [x] Existing files [ ] Non-startable services [ ] Non-startable drivers [x] Active entries [x] Disabled entries [Control Panel Objects] -----( HKLM\Software\Microsoft\Windows\CurrentVersion\Control Panel\Cpls )----- "mlcfg32.cpl" - "Microsoft Corporation" - D:\PROGRA~2\MICROS~1\Office12\MLCFG32.CPL "Nero BurnRights 10" - "Nero AG" - D:\Program Files\Nero\Nero 10\Nero BurnRights\NeroBurnRights_10.cpl [Drivers] -----( HKLM\SYSTEM\CurrentControlSet\Services )----- "avgntflt" (avgntflt) - "Avira GmbH" - C:\Windows\System32\DRIVERS\avgntflt.sys "avipbb" (avipbb) - "Avira GmbH" - C:\Windows\System32\DRIVERS\avipbb.sys "catchme" (catchme) - ? - C:\Users\PETERW~1\AppData\Local\Temp\catchme.sys (File not found) "Power Control [2010/08/06 14:55:52]" ({B154377D-700F-42cc-9474-23858FBDF4BD}) - ? - d:\Program Files\CyberLink\PowerDVD9\PowerDVD9\000.fcl "ssmdrv" (ssmdrv) - "Avira GmbH" - C:\Windows\System32\DRIVERS\ssmdrv.sys "TuneUpUtilitiesDrv" (TuneUpUtilitiesDrv) - "TuneUp Software" - D:\Program Files\TuneUp Utilities 2010\TuneUpUtilitiesDriver32.sys [Explorer] -----( HKLM\Software\Classes\Folder\shellex\ColumnHandlers )----- {F9DB5320-233E-11D1-9F84-707F02C10627} "PDF Shell Extension" - "Adobe Systems, Inc." - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\PDFShell.dll -----( HKLM\Software\Classes\Protocols\Filter )----- {807563E5-5146-11D5-A672-00B0D022E945} "Microsoft Office InfoPath XML Mime Filter" - "Microsoft Corporation" - C:\PROGRA~1\COMMON~1\MICROS~1\OFFICE12\MSOXMLMF.DLL -----( HKLM\Software\Classes\Protocols\Handler )----- {314111c7-a502-11d2-bbca-00c04f8ec294} "HxProtocol Class" - "Microsoft Corporation" - C:\Program Files\Common Files\Microsoft Shared\Help\hxds.dll {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} "IEProtocolHandler Class" - "Skype Technologies" - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL {828030A1-22C1-4009-854F-8E305202313F} "livecall" - "Microsoft Corporation" - C:\PROGRA~1\WIC4A1~1\MESSEN~1\MSGRAP~1.DLL {88FED34C-F0CA-4636-A375-3CB6248B04CD} "Local Groove Web Services Protocol" - "Microsoft Corporation" - D:\Program Files\Microsoft Office\Office12\GrooveSystemServices.dll {828030A1-22C1-4009-854F-8E305202313F} "msnim" - "Microsoft Corporation" - C:\PROGRA~1\WIC4A1~1\MESSEN~1\MSGRAP~1.DLL {03C514A3-1EFB-4856-9F99-10D7BE1653C0} "Windows Live Mail HTML Asynchronous Pluggable Protocol Handler" - "Microsoft Corporation" - C:\Program Files\Windows Live\Mail\mailcomm.dll -----( HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks )----- {B5A7F190-DDA6-4420-B3BA-52453494E6CD} "Groove GFS Stub Execution Hook" - "Microsoft Corporation" - D:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll {AEB6717E-7E19-11d0-97EE-00C04FD91972} "{AEB6717E-7E19-11d0-97EE-00C04FD91972}" - ? - (File not found | COM-object registry key not found) -----( HKLM\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved )----- {79BC0345-1015-11D2-A299-006008312725} "///FAST project settings" - ? - D:\Program Files\Pinnacle\Studio 14\Programs\BlueShellExt.dll (File found, but it contains no detailed information) {D25B2CAB-8A9A-4517-A9B2-CB5F68A5A802} "Acrobat Elements Context Menu" - "Adobe Systems Inc." - C:\Program Files\Adobe\Acrobat 8.0\Acrobat Elements\ContextMenu.dll {0563DB41-F538-4B37-A92D-4659049B7766} "CLSID_WLMCMimeFilter" - "Microsoft Corporation" - C:\Program Files\Windows Live\Mail\mailcomm.dll {872A9397-E0D6-4e28-B64D-52B8D0A7EA35} "DisplayCplExt Class" - "Advanced Micro Devices, Inc." - d:\Program Files\ATI Technologies\ATI.ACE\Core-Static\atiamaxx.dll {99FD978C-D287-4F50-827F-B2C658EDA8E7} "Groove Explorer Icon Overlay 1 (GFS Unread Stub)" - "Microsoft Corporation" - D:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll {AB5C5600-7E6E-4B06-9197-9ECEF74D31CC} "Groove Explorer Icon Overlay 2 (GFS Stub)" - "Microsoft Corporation" - D:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll {920E6DB1-9907-4370-B3A0-BAFC03D81399} "Groove Explorer Icon Overlay 2.5 (GFS Unread Folder)" - "Microsoft Corporation" - D:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll {16F3DD56-1AF5-4347-846D-7C10C4192619} "Groove Explorer Icon Overlay 3 (GFS Folder)" - "Microsoft Corporation" - D:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll {2916C86E-86A6-43FE-8112-43ABE6BF8DCC} "Groove Explorer Icon Overlay 4 (GFS Unread Mark)" - "Microsoft Corporation" - D:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll {2A541AE1-5BF6-4665-A8A3-CFA9672E4291} "Groove Folder Synchronization" - "Microsoft Corporation" - D:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll {72853161-30C5-4D22-B7F9-0BBC1D38A37E} "Groove GFS Browser Helper" - "Microsoft Corporation" - D:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll {6C467336-8281-4E60-8204-430CED96822D} "Groove GFS Context Menu Handler" - "Microsoft Corporation" - D:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll {B5A7F190-DDA6-4420-B3BA-52453494E6CD} "Groove GFS Stub Execution Hook" - "Microsoft Corporation" - D:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll {A449600E-1DC6-4232-B948-9BD794D62056} "Groove GFS Stub Icon Handler" - "Microsoft Corporation" - D:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll {387E725D-DC16-4D76-B310-2C93ED4752A0} "Groove XML Icon Handler" - "Microsoft Corporation" - D:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll {42042206-2D85-11D3-8CFF-005004838597} "Microsoft Office HTML Icon Handler" - "Microsoft Corporation" - D:\Program Files\Microsoft Office\Office12\msohevi.dll {993BE281-6695-4BA5-8A2A-7AACBFAAB69E} "Microsoft Office Metadata Handler" - "Microsoft Corporation" - C:\PROGRA~1\COMMON~1\MICROS~1\OFFICE12\msoshext.dll {5858A72C-C2B4-4dd7-B2BF-B76DB1BD9F6C} "Microsoft Office OneNote Namespace Extension for Windows Desktop Search" - "Microsoft Corporation" - D:\PROGRA~2\MICROS~1\Office12\ONFILTER.DLL {00020D75-0000-0000-C000-000000000046} "Microsoft Office Outlook" - "Microsoft Corporation" - D:\PROGRA~2\MICROS~1\Office12\MLSHEXT.DLL {C41662BB-1FA0-4CE0-8DC5-9B7F8279FF97} "Microsoft Office Thumbnail Handler" - "Microsoft Corporation" - C:\PROGRA~1\COMMON~1\MICROS~1\OFFICE12\msoshext.dll {F764812A-132C-4013-9960-5CBBEB408A0E} "NeroShellExt Class" - "Nero AG" - C:\Program Files\Common Files\Nero\NeroShellExt\NeroShellExt.dll {0006F045-0000-0000-C000-000000000046} "Outlook File Icon Extension" - "Microsoft Corporation" - D:\PROGRA~2\MICROS~1\Office12\OLKFSTUB.DLL {45AC2688-0253-4ED8-97DE-B5370FA7D48A} "Shell Extension for Malware scanning" - "Avira GmbH" - D:\Avira\AntiVir Desktop\shlext.dll {5E2121EE-0300-11D4-8D3B-444553540000} "SimpleShlExt Class" - "Advanced Micro Devices, Inc." - d:\Program Files\ATI Technologies\ATI.ACE\Core-Static\atiacmxx.dll {4838CD50-7E5D-4811-9B17-C47A85539F28} "TuneUp Disk Space Explorer Shell Extension" - "TuneUp Software" - D:\Program Files\TuneUp Utilities 2010\DseShExt-x86.dll {4858E7D9-8E12-45a3-B6A3-1CD128C9D403} "TuneUp Shredder Shell Extension" - "TuneUp Software" - D:\Program Files\TuneUp Utilities 2010\SDShelEx-win32.dll {B41DB860-8EE4-11D2-9906-E49FADC173CA} "WinRAR" - "Alexander Roshal" - D:\Program Files\WinRAR\rarext.dll [Internet Explorer] -----( HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser )----- <binary data> "Adobe PDF" - "Adobe Systems Incorporated" - C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll ITBar7Height "ITBar7Height" - ? - (File not found | COM-object registry key not found) <binary data> "ITBar7Layout" - ? - (File not found | COM-object registry key not found) -----( HKCU\Software\Microsoft\Internet Explorer\URLSearchHooks )----- {57BCA5FA-5DBB-45a2-B558-1755C3F6253B} "Winamp Search Class" - "AOL LLC." - C:\Program Files\Winamp Toolbar\winamptb.dll -----( HKLM\SOFTWARE\Microsoft\Code Store Database\Distribution Units )----- {8AD9C840-044E-11D1-B3E9-00805F499D93} "Java Plug-in 1.6.0_21" - "Sun Microsystems, Inc." - C:\Program Files\Java\jre6\bin\jp2iexp.dll / hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_21-windows-i586.cab {CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA} "Java Plug-in 1.6.0_21" - "Sun Microsystems, Inc." - C:\Program Files\Java\jre6\bin\jp2iexp.dll / hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_21-windows-i586.cab {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} "Java Plug-in 1.6.0_21" - "Sun Microsystems, Inc." - C:\Program Files\Java\jre6\bin\npjpi160_21.dll / hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_21-windows-i586.cab -----( HKLM\SOFTWARE\Microsoft\Internet Explorer\Extensions )----- {48E73304-E1D6-4330-914C-F5F514E3486C} "An OneNote senden" - "Microsoft Corporation" - D:\PROGRA~2\MICROS~1\Office12\ONBttnIE.dll {FF059E31-CC5A-4E2E-BF3B-96E929D65503} "Research" - "Microsoft Corporation" - D:\PROGRA~2\MICROS~1\Office12\REFIEBAR.DLL -----( HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar )----- <binary data> "Adobe PDF" - "Adobe Systems Incorporated" - C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll {EBF2BA02-9094-4c5a-858B-BB198F3D8DE2} "Winamp Toolbar" - "AOL LLC." - C:\Program Files\Winamp Toolbar\winamptb.dll -----( HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects )----- {AE7CD045-E861-484f-8273-0445EE161910} "Adobe PDF Conversion Toolbar Helper" - "Adobe Systems Incorporated" - C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll {18DF081C-E8AD-4283-A596-FA578C2EBDC3} "Adobe PDF Link Helper" - "Adobe Systems Incorporated" - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll {72853161-30C5-4D22-B7F9-0BBC1D38A37E} "Groove GFS Browser Helper" - "Microsoft Corporation" - D:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll {11222041-111B-46E3-BD29-EFB2449479B1} "IEPlugin Class" - "ArcSoft, Inc." - d:\PROGRA~2\ArcSoft\MEDIAC~1\INTERN~1\ARCURL~1.DLL {DBC80044-A445-435b-BC74-9C25C1C588A9} "Java(tm) Plug-In 2 SSV Helper" - "Sun Microsystems, Inc." - C:\Program Files\Java\jre6\bin\jp2ssv.dll {25CEE8EC-5730-41bc-8B58-22DDC8AB8C20} "Winamp Toolbar Loader" - "AOL LLC." - C:\Program Files\Winamp Toolbar\winamptb.dll {9030D464-4C02-4ABF-8ECC-5164760863C6} "Windows Live Anmelde-Hilfsprogramm" - "Microsoft Corporation" - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll [Logon] -----( %APPDATA%\Microsoft\Windows\Start Menu\Programs\Startup )----- "OneNote 2007 Bildschirmausschnitt- und Startprogramm.lnk" - "Microsoft Corporation" - D:\Program Files\Microsoft Office\Office12\ONENOTEM.EXE (Shortcut exists | File exists) "desktop.ini" - ? - C:\Users\Peter Wichtel\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\desktop.ini -----( %AllUsersProfile%\Microsoft\Windows\Start Menu\Programs\Startup )----- "Adobe Acrobat - Schnellstart.lnk" - "Adobe Systems Incorporated" - C:\Program Files\Adobe\Acrobat 8.0\Acrobat\acrobat_sl.exe (Shortcut exists | File exists) "Adobe Reader Synchronizer.lnk" - "Adobe Systems Incorporated" - C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AdobeCollabSync.exe (Shortcut exists | File exists) "desktop.ini" - ? - C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\desktop.ini "Philips SA52XX Device Manager.lnk" - "Philips" - C:\Philips\SA52xx Device Manager\SA52xx_DeviceManager.exe (Shortcut exists | File exists) -----( HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Run )----- "Skype" - "Skype Technologies S.A." - "C:\Program Files\Skype\\Phone\Skype.exe" /nosplash /minimized -----( HKLM\Software\Microsoft\Windows\CurrentVersion\Run )----- "Acrobat Assistant 8.0" - "Adobe Systems Inc." - "C:\Program Files\Adobe\Acrobat 8.0\Acrobat\Acrotray.exe" "avgnt" - "Avira GmbH" - "D:\Avira\AntiVir Desktop\avgnt.exe" /min "BDRegion" - "cyberlink" - C:\Program Files\Cyberlink\Shared Files\brs.exe "GrooveMonitor" - "Microsoft Corporation" - "D:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe" "LogitechQuickCamRibbon" - "Logitech Inc." - "C:\Program Files\Logitech\Logitech WebCam Software\LWS.exe" /hide " Malwarebytes Anti-Malware (reboot)" - "Malwarebytes Corporation" - "C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe" /runcleanupscript "PDVD9LanguageShortcut" - "CyberLink Corp." - "d:\Program Files\CyberLink\PowerDVD9\PowerDVD9\Language\Language.exe" "RemoteControl9" - "CyberLink Corp." - "d:\Program Files\CyberLink\PowerDVD9\PowerDVD9\PDVD9Serv.exe" "StartCCC" - "Advanced Micro Devices, Inc." - "d:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" MSRun "SunJavaUpdateSched" - "Sun Microsystems, Inc." - "C:\Program Files\Common Files\Java\Java Update\jusched.exe" "USBToolTip" - "Pinnacle Systems GmbH" - C:\PROGRA~1\Pinnacle\SHARED~1\Programs\USBTip\USBTip.exe "WinampAgent" - "Nullsoft, Inc." - "d:\Program Files\Winamp\winampa.exe" [Print Monitors] -----( HKLM\SYSTEM\CurrentControlSet\Control\Print\Monitors )----- "Microsoft Document Imaging Writer Monitor" - "Microsoft Corporation" - C:\Windows\system32\mdimon.dll "PDFCreator" - ? - C:\Windows\system32\pdfcmnnt.dll (File found, but it contains no detailed information) "Send To Microsoft OneNote Monitor" - "Microsoft Corporation" - C:\Windows\system32\msonpmon.dll [Services] -----( HKLM\SYSTEM\CurrentControlSet\Services )----- "@%SystemRoot%\System32\uxtuneup.dll,-4096" (UxTuneUp) - "TuneUp Software" - C:\Windows\System32\uxtuneup.dll "@C:\Program Files\Nero\Update\NASvc.exe,-200" (NAUpdate) - "Nero AG" - C:\Program Files\Nero\Update\NASvc.exe "@D:\Program Files\TuneUp Utilities 2010\TuneUpDefragService.exe,-1" (TuneUp.Defrag) - "TuneUp Software" - D:\Program Files\TuneUp Utilities 2010\TuneUpDefragService.exe "Application Updater" (Application Updater) - "Spigot, Inc." - C:\Program Files\Application Updater\ApplicationUpdater.exe "ArcSoft Connect Daemon" (ACDaemon) - "ArcSoft Inc." - C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ACService.exe "Avira AntiVir Guard" (AntiVirService) - "Avira GmbH" - D:\Avira\AntiVir Desktop\avguard.exe "Avira AntiVir MailGuard" (AntiVirMailService) - "Avira GmbH" - D:\Avira\AntiVir Desktop\avmailc.exe "Avira AntiVir Planer" (AntiVirSchedulerService) - "Avira GmbH" - D:\Avira\AntiVir Desktop\sched.exe "Avira AntiVir WebGuard" (AntiVirWebService) - "Avira GmbH" - D:\Avira\AntiVir Desktop\AVWEBGRD.EXE "FLEXnet Licensing Service" (FLEXnet Licensing Service) - "Macrovision Europe Ltd." - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe "Machine Debug Manager" (MDM) - "Microsoft Corporation" - C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\mdm.exe "Microsoft Office Diagnostics Service" (odserv) - "Microsoft Corporation" - C:\Program Files\Common Files\Microsoft Shared\OFFICE12\ODSERV.EXE "Microsoft Office Groove Audit Service" (Microsoft Office Groove Audit Service) - "Microsoft Corporation" - D:\Program Files\Microsoft Office\Office12\GrooveAuditService.exe "Office Source Engine" (ose) - "Microsoft Corporation" - C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE "Process Monitor" (LVPrcSrv) - "Logitech Inc." - C:\Program Files\Common Files\LogiShrd\LVMVFM\LVPrcSrv.exe "TuneUp Utilities Service" (TuneUp.UtilitiesSvc) - "TuneUp Software" - D:\Program Files\TuneUp Utilities 2010\TuneUpUtilitiesService32.exe [Winsock Providers] -----( HKLM\SYSTEM\CurrentControlSet\Services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries )----- "AVSDA" - "Avira GmbH" - D:\Avira\AntiVir Desktop\avsda.dll ===[ Logfile end ]=========================================[ Logfile end ]=== If You have questions or want to get some help, You can visit hxxp://forum.online-solutions.ru |
|
06.09.2010, 22:17
| #9 |
| | Unbekannte Meldung Meldung bootkit remover: PhysicalDrive 1 MBR-Status OK |
|
06.09.2010, 22:20
| #10 |
| | Unbekannte Meldung Hau mich aufs Ohr, bis morgen und vielen Dank bis dahin |
|
06.09.2010, 22:28
| #11 |
| /// Winkelfunktion /// TB-Süch-Tiger™ | Unbekannte Meldung Bitte die meldung komplett und nicht halbherzig posten!
__________________ Logfiles bitte immer in CODE-Tags posten |
|
07.09.2010, 21:46
| #12 |
| | Unbekannte Meldung Hier die Meldung von bootkit remover: Bootkit Remover (c) 2009 eSage Lab www.esagelab.com Program version: 1.2.0.0 OS Version: Microsoft Windows 7 (build 7600), 32-bit System volume is \\.\C: \\.\C: -> \\.\PhysicalDrive1 at offset 0x00000000`00007e00 Boot sector MD5 is: bb4f1627d8b9beda49ac0d010229f3ff Size Device Name MBR Status -------------------------------------------- 698 GB \\.\PhysicalDrive1 OK (DOS/Win32 Boot code found) Done; Press any key to quit... |
|
08.09.2010, 12:29
| #13 |
| /// Winkelfunktion /// TB-Süch-Tiger™ | Unbekannte Meldung Sieht ok aus. Mach bitte zur Kontrolle Vollscans mit Malwarebytes und SUPERAntiSpyware und poste die Logs. Denk dran beide Tools zu updaten vor dem Scan!!
__________________ Logfiles bitte immer in CODE-Tags posten |
|
08.09.2010, 20:37
| #14 |
| | Unbekannte Meldung Hier die beiden logs: Malwarebytes' Anti-Malware 1.46 www.malwarebytes.org Datenbank Version: 4572 Windows 6.1.7600 Internet Explorer 8.0.7600.16385 08.09.2010 20:11:40 mbam-log-2010-09-08 (20-11-40).txt Art des Suchlaufs: Quick-Scan Durchsuchte Objekte: 138959 Laufzeit: 3 Minute(n), 30 Sekunde(n) Infizierte Speicherprozesse: 0 Infizierte Speichermodule: 0 Infizierte Registrierungsschlüssel: 0 Infizierte Registrierungswerte: 0 Infizierte Dateiobjekte der Registrierung: 0 Infizierte Verzeichnisse: 0 Infizierte Dateien: 0 Infizierte Speicherprozesse: (Keine bösartigen Objekte gefunden) Infizierte Speichermodule: (Keine bösartigen Objekte gefunden) Infizierte Registrierungsschlüssel: (Keine bösartigen Objekte gefunden) Infizierte Registrierungswerte: (Keine bösartigen Objekte gefunden) Infizierte Dateiobjekte der Registrierung: (Keine bösartigen Objekte gefunden) Infizierte Verzeichnisse: (Keine bösartigen Objekte gefunden) Infizierte Dateien: (Keine bösartigen Objekte gefunden) SUPERAntiSpyware Scan Log hxxp://www.superantispyware.com Generated 09/08/2010 at 09:19 PM Application Version : 4.42.1000 Core Rules Database Version : 5472 Trace Rules Database Version: 3284 Scan type : Complete Scan Total Scan Time : 00:56:47 Memory items scanned : 889 Memory threats detected : 0 Registry items scanned : 10178 Registry threats detected : 0 File items scanned : 169033 File threats detected : 20 Adware.Tracking Cookie C:\Users\Peter Wichtel\AppData\Roaming\Microsoft\Windows\Cookies\peter_wichtel@atdmt[2].txt C:\Users\Peter Wichtel\AppData\Roaming\Microsoft\Windows\Cookies\peter_wichtel@content.yieldmanager[1].txt C:\Users\Peter Wichtel\AppData\Roaming\Microsoft\Windows\Cookies\peter_wichtel@ad.yieldmanager[2].txt cdn-www.pornhub.com [ F:\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\C8W58ZSU ] mediathek.daserste.de [ F:\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\C8W58ZSU ] naiadsystems.com [ F:\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\C8W58ZSU ] www.oneclicktube.com [ F:\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\C8W58ZSU ] wwwstatic.megaporn.com [ F:\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\C8W58ZSU ] Trojan.VXGame-Variant/D E:\SPIELE\ANNO\ANNO 1503\ANNO.1503.SETTING.OUT.FOR.A.NEW.WORLD.V10.GER.CHEATER98.NOCD\ANNO1503 1[1].0 GERMAN NOCD CRACK BY CHEATER98.EXE Unclassified.Unknown Origin E:\SPIELE\MAGIC BALL\MAGICBALL2CRACKAHTEAM\KEYGEN.NFO E:\SPIELE\MAGIC BALL\MAGICBALL2V1.0GERMANUNLOCKERTNT\KEYGEN.NFO F:\SOFTWARE\FONTTWISTERV1.2CRACKOSA\KEYGEN.NFO Trojan.Agent/Gen-Cryptor[Egun] F:\VISUAL BASIC\VISUAL BASIC\VBE\CODE\BEGINNING VISUAL BASIC 6 OBJECTS\BEGOBJ\CHAPTER5\PAGE158\EXESERVERTEST.EXE F:\VISUAL BASIC\VISUAL BASIC\VBE\CODE\BEGINNING VISUAL BASIC 6 OBJECTS\BEGOBJ\CHAPTER5\PAGE166\EXESERVERTEST.EXE F:\VISUAL BASIC\VISUAL BASIC\VBE\CODE\PROFESSIONAL VISUAL BASIC 6 MTS PROGRAMMING\WROX\CODE\CASE STUDY\SIMPLEORDER\SIMPLEORDER.EXE F:\VISUAL BASIC\VISUAL BASIC\VBE\CODE\PROFESSIONAL VISUAL BASIC 6 DATABASES\CHAPTER16\3-TIER SECURITY\CLIENT.EXE F:\VISUAL BASIC\VISUAL BASIC\VBE\CODE\PROFESSIONAL VISUAL BASIC 6 DATABASES\CHAPTER16\3-TIER SECURITY\MTSCODE\CLIENT.EXE F:\VISUAL BASIC\VISUAL BASIC\VBE\PROGRAMMING VB6\CODE\IV. ACTIVEX PROGRAMMING\CHAPTER16\CALLBACK\SERVER\PRINTSERVER.EXE F:\VISUAL BASIC\VISUAL BASIC\VBE\PROGRAMMING VB6\CODE\IV. ACTIVEX PROGRAMMING\CHAPTER16\CALLBACK\SERVER\PRINTSERVER_REF.EXE F:\VISUAL BASIC\VISUAL BASIC\VBE\PROGRAMMING VB6\CODE\V. INTERNET PROGRAMMING\CHAPTER19\DHTMLED\DHTMLED.EXE |
|
08.09.2010, 21:00
| #15 | |
| /// Winkelfunktion /// TB-Süch-Tiger™ | Unbekannte MeldungZitat:
  Die (Be)nutzung von Cracks, Serials und Keygens ist illegal, somit gibt es im Trojaner-Board keinen weiteren Support mehr. Für Dich geht es hier weiter => Neuaufsetzen des Systems Bitte auch alle Passwörter abändern (für E-Mail-Konten, StudiVZ, Ebay...einfach alles!) da nicht selten in dieser dubiosen Software auch Keylogger und Backdoorfunktionen stecken. Danach nie wieder sowas anrühren!
__________________ Logfiles bitte immer in CODE-Tags posten |
|
| Themen zu Unbekannte Meldung |
| arten, beim starten, bekannte, desktop, folge, folgende, gefunde, meldung, modul, probleme, probleme beim starten, starte, starten, unbekannte, unternehmen, windows, windows 7, zusammen |
Linear-Darstellung
