Zurück   Trojaner-Board > Malware entfernen > Plagegeister aller Art und deren Bekämpfung
Virus ! http://imgs-facebook.com/photo_id.php

Virus ! http://imgs-facebook.com/photo_id.php


Plagegeister aller Art und deren Bekämpfung: Virus ! http://imgs-facebook.com/photo_id.php

Windows 7 Wenn Du nicht sicher bist, ob Du dir Malware oder Trojaner eingefangen hast, erstelle hier ein Thema. Ein Experte wird sich mit weiteren Anweisungen melden und Dir helfen die Malware zu entfernen oder Unerwünschte Software zu deinstallieren bzw. zu löschen. Bitte schildere dein Problem so genau wie möglich. Sollte es ein Trojaner oder Viren Problem sein wird ein Experte Dir bei der Beseitigug der Infektion helfen.

 
Vorheriger Beitrag Vorheriger Beitrag   Nächster Beitrag Nächster Beitrag
Alt 12.09.2010, 17:11   #1
DoMaR
 
Virus ! http://imgs-facebook.com/photo_id.php - Unglücklich

Virus ! http://imgs-facebook.com/photo_id.php


Hallo ich bin neu hir und es ist mein erster "großer" Virus,
mir wurde vor ca 2 std in skype von einem guten freund eine nachricht geschickt

Foto
h**p://imgs-facebook.com/photo_id.php

dort kann ich dan eine exe. downloaden dummer weiße habe ich es gemacht
weil nix von einme foto zu sehen wa und mir das mit der exe sowieso komich vorkamm habe ich infach mal in google h**p://imgs-facebook.com/photo_id.php
eingegeben und direkt die ersten seiten ACHTUNG VIRUS ect
nun habe mir auch einige foren durchgelsen aber konnte damit reichlich wenig anfangen. =(

Der virus tut meins erachtens noch nicht viel er öffnet alle 10-20 minuten das programm : Windows Live Messanger, anderes ist mir noch nicht aufgefallen


habe Antivir 1x drchlaufen lassen 0 funde

MaleWare hat 3 Viren gefunden

Worm.Pelevo D:/Downloads/P18943431.JPG-www.facebook.exe
Malware.Trace C:/Windows/wintybrd.png
Malware.Tracc C:/Windows/wintybrdf.jpg

OTL Logfile:
Code:
ATTFilter
OTL Extras logfile created on: 12.09.2010 17:48:51 - Run 1
OTL by OldTimer - Version 3.2.12.0     Folder = D:\Downloads
64bit- Ultimate Edition  (Version = 6.1.7600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.7600.16385)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
 
3,00 Gb Total Physical Memory | 2,00 Gb Available Physical Memory | 57,00% Memory free
7,00 Gb Paging File | 5,00 Gb Available in Paging File | 76,00% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 195,31 Gb Total Space | 90,23 Gb Free Space | 46,20% Space Free | Partition Type: NTFS
Drive D: | 250,92 Gb Total Space | 173,30 Gb Free Space | 69,07% Space Free | Partition Type: NTFS
Drive E: | 19,53 Gb Total Space | 19,44 Gb Free Space | 99,55% Space Free | Partition Type: NTFS
F: Drive not present or media not loaded
Drive G: | 2,59 Gb Total Space | 0,00 Gb Free Space | 0,00% Space Free | Partition Type: UDF
H: Drive not present or media not loaded
I: Drive not present or media not loaded
 
Computer Name: MARVIN-PC
Current User Name: Marvin-PC
Logged in as Administrator.
 
Current Boot Mode: Normal
Scan Mode: Current user
Include 64bit Scans
Company Name Whitelist: Off
Skip Microsoft Files: Off
File Age = 30 Days
Output = Standard
 
========== Extra Registry (SafeList) ==========
 
 
========== File Associations ==========
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- C:\Windows\SysWow64\control.exe (Microsoft Corporation)
 
[HKEY_CURRENT_USER\SOFTWARE\Classes\<extension>]
.html [@ = FirefoxHTML] -- C:\Program Files (x86)\Mozilla Firefox\firefox.exe (Mozilla Corporation)
 
========== Shell Spawning ==========
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %* File not found
cmdfile [open] -- "%1" %* File not found
comfile [open] -- "%1" %* File not found
exefile [open] -- "%1" %* File not found
helpfile [open] -- Reg Error: Key error.
htmlfile [edit] -- Reg Error: Key error.
htmlfile [print] -- rundll32.exe %windir%\system32\mshtml.dll,PrintHTML "%1" File not found
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
InternetShortcut [print] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\mshtml.dll",PrintHTML "%1" (Microsoft Corporation)
piffile [open] -- "%1" %* File not found
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1" File not found
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l (Microsoft Corporation)
scrfile [open] -- "%1" /S File not found
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1 File not found
Directory [Browse with &IrfanView] -- "C:\Program Files (x86)\IrfanView\i_view32.exe" "%1 /thumbs" (Irfan Skiljan)
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [Winamp.Bookmark] -- "D:\Program Files (x86)\Winamp\winamp.exe" /BOOKMARK "%1" (Nullsoft)
Directory [Winamp.Enqueue] -- "D:\Program Files (x86)\Winamp\winamp.exe" /ADD "%1" (Nullsoft)
Directory [Winamp.Play] -- "D:\Program Files (x86)\Winamp\winamp.exe" "%1" (Nullsoft)
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
htmlfile [edit] -- Reg Error: Key error.
htmlfile [print] -- rundll32.exe %windir%\system32\mshtml.dll,PrintHTML "%1"
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
InternetShortcut [print] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\mshtml.dll",PrintHTML "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l (Microsoft Corporation)
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [Browse with &IrfanView] -- "C:\Program Files (x86)\IrfanView\i_view32.exe" "%1 /thumbs" (Irfan Skiljan)
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [Winamp.Bookmark] -- "D:\Program Files (x86)\Winamp\winamp.exe" /BOOKMARK "%1" (Nullsoft)
Directory [Winamp.Enqueue] -- "D:\Program Files (x86)\Winamp\winamp.exe" /ADD "%1" (Nullsoft)
Directory [Winamp.Play] -- "D:\Program Files (x86)\Winamp\winamp.exe" "%1" (Nullsoft)
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
 
========== Security Center Settings ==========
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 0
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"VistaSp1" = 28 4D B2 76 41 04 CA 01  [binary data]
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
 
========== Firewall Settings ==========
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"DisableNotifications" = 0
"EnableFirewall" = 0
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"DisableNotifications" = 0
"EnableFirewall" = 0
 
========== Authorized Applications List ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
"D:\Downloads\P18943431.JPG-www.facebook.exe" = C:\Windows\nvsvc32.exe:*:Enabled:NVIDIA driver monitor -- ()
"D:\Downloads\P18943431.JPG-www.facebook.exe" = C:\Windows\nvsvc32.exe:*:Enabled:NVIDIA driver monitor -- ()
 
 
========== HKEY_LOCAL_MACHINE Uninstall List ==========
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{071c9b48-7c32-4621-a0ac-3f809523288f}" = Microsoft Visual C++ 2005 Redistributable (x64)
"{6E8E85E8-CE4B-4FF5-91F7-04999C9FAE6A}" = Microsoft Visual C++ 2005 Redistributable (x64)
"{95120000-00B9-0409-1000-0000000FF1CE}" = Microsoft Application Error Reporting
"{9FE56B2C-D31D-1A40-BBEA-1B47AD04E1B5}" = ATI Catalyst Install Manager
"C-Media PCI Audio Driver" = C-Media PCI Audio Device
"SpeedCommander 13 (x64)" = SpeedCommander 13 (x64)
"WinRAR archiver" = WinRAR archiver
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{086BADF8-9B1F-4E89-B207-2EDA520972D6}" = Grand Theft Auto San Andreas
"{11E894DE-AF44-4626-87D5-076C1818C2E6}" = Moovida
"{13F3917B56CD4C25848BDC69916971BB}" = DivX Converter
"{205C6BDD-7B73-42DE-8505-9A093F35A238}" = Windows Live-Uploadtool
"{22B775E7-6C42-4FC5-8E10-9A5E3257BD94}" = MSVCRT
"{26A24AE4-039D-4CA4-87B4-2F83216015FF}" = Java(TM) 6 Update 15
"{2E97F7E8-ABDE-4E0D-B0AD-B6B4BAD89E24}" = Rome - Total War
"{378BA9B5-DB6C-41DB-BE93-86CD198A8A9E}" = Guild 2 King's Edition
"{3FC7CBBC4C1E11DCA1A752EA55D89593}" = DivX Version Checker
"{41E654A9-26D0-4EAC-854B-0FA824FFFABB}" = Windows Live Messenger
"{501451DE-5808-4599-B544-8BD0915B6B24}_is1" = FreeRIP v3.2
"{52B97218-98CB-4B8B-9283-D213C85E1AA4}" = Windows Live Anmelde-Assistent
"{5EE7D259-D137-4438-9A5F-42F432EC0421}" = VC80CRTRedist - 8.0.50727.4053
"{5FC68772-6D56-41C6-9DF1-24E868198AE6}" = Windows Live Call
"{6084C211-01A1-464E-97A0-09772E122B50}" = Moovida
"{628C3D50-F524-4C49-A958-672CE7953756}" = Der Herr der Ringe® - Die Eroberung™
"{6D8DDB4A-C263-40DE-BA16-AFDAD159D59A}" = Tom Clancy's Splinter Cell Conviction
"{6E298B0A-558C-4138-0096-740677B382CD}" = HdR Die Rückkehr des Königs tm
"{7299052b-02a4-4627-81f2-1818da5d550d}" = Microsoft Visual C++ 2005 Redistributable
"{74224F8D-4A17-4816-9EDB-7BB854DE532C}" = NVIDIA PhysX v8.04.25
"{7B63B2922B174135AFC0E1377DD81EC2}" = 
"{888DD888-82BE-4D85-BCB2-2E042CD3E844}" = Tom Clancy's Splinter Cell Chaos Theory
"{888F1505-C2B3-4FDE-835D-36353EBD4754}" = Ubisoft Game Launcher
"{8ADFC4160D694100B5B8A22DE9DCABD9}" = DivX Player
"{980A182F-E0A2-4A40-94C1-AE0C1235902E}" = Pando Media Booster
"{981029E0-7FC9-4CF3-AB39-6F133621921A}" = Skype Toolbars
"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
"{A2F166A0-F031-4E27-A057-C69733219434}_is1" = Runes of Magic
"{A8CF5C37-8EC5-4C33-BB4A-87F468B77D45}" = Age of Empires III
"{AC76BA86-7AD7-1031-7646-A00000000001}" = Adobe Reader 6.0.1 - Deutsch
"{B13A7C41581B411290FBC0395694E2A9}" = DivX Converter
"{C2E5BF6B-2DB2-4D18-BB27-75C20CC35A96}" = Die Siedler 7 DEMO
"{C7E9FB5B-626B-49D9-A99C-7BFA63C222D3}" = Railroad Tycoon II - Platinum
"{D103C4BA-F905-437A-8049-DB24763BBE36}" = Skype™ 4.2
"{D1BA65A8-0F0E-4ACA-9B4D-2A080C561D35}" = ROCCAT Valo Keyboard Driver
"{D3F80A98-05AB-4D8C-9272-766CCFA6A48D}" = DIE SIEDLER - Aufstieg eines Königreichs
"{DE29025A-091F-4998-AD2D-24C84421190F}" = Railroad Tycoon 3
"{E2883E8F-472F-4fb0-9522-AC9BF37916A7}" = Adobe Download Manager
"{ED00D08A-3C5F-488D-93A0-A04F21F23956}" = Windows Live Communications Platform
"{F09EF8F2-0976-42C1-8D9D-8DF78337C6E3}" = Sony Ericsson PC Companion 1.50.52
"{F0E12BBA-AD66-4022-A453-A1C8A0C4D570}" = Microsoft Choice Guard
"{F1CBC6F7-D82D-4DC5-B81C-9A14F418593A}_is1" = WC3Banlist
"{F8FF18EE-264A-43FD-B2F6-5EAD40798C2F}" = Windows Live Essentials
"{FF66E9F6-83E7-3A3E-AF14-8DE9A809A6A4}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022
"ABC Amber Audio Converter" = ABC Amber Audio Converter
"Adobe Flash Player Plugin" = Adobe Flash Player 10 Plugin
"Alt WAV MP3 WMA OGG Converter 7.3_is1" = Alt WAV MP3 WMA OGG Converter 7.3
"Avira AntiVir Desktop" = Avira AntiVir Personal - Free Antivirus
"Borderlands Gold_is1" = Borderlands Gold
"CCleaner" = CCleaner
"ClassicPro" = ClassicPro© v1.14
"DivX Plus DirectShow Filters" = DivX Plus DirectShow Filters
"DivX Setup.divx.com" = DivX-Setup
"Drakensang_is1" = Drakensang
"ExpressRip" = Express Rip
"Fiesta Online(EU_German)" = Fiesta Online(EU_German) 1.02.026
"Free Audio CD Burner_is1" = Free Audio CD Burner version 1.3
"Free YouTube to MP3 Converter_is1" = Free YouTube to MP3 Converter version 3.5
"GAMEFORGE Nostale(DE)_is1" = Nostale Online DE (Remove)
"HyperCam 2" = HyperCam 2
"HypreCam Toolbar" = HypreCam Toolbar
"InstallShield_{A8CF5C37-8EC5-4C33-BB4A-87F468B77D45}" = Age of Empires III
"IrfanView" = IrfanView (remove only)
"JDownloader" = JDownloader
"Malwarebytes' Anti-Malware_is1" = Malwarebytes' Anti-Malware
"MegaTrainer eXperience_is1" = MegaTrainer eXperience V1.0.0.5
"Metin2_is1" = Metin2
"Modelleisenbahn Simulator " = Modelleisenbahn Simulator 
"Mount&Blade Warband" = Mount&Blade Warband
"Mozilla Firefox (3.6)" = Mozilla Firefox (3.6)
"Mozilla Firefox (3.6.9)" = Mozilla Firefox (3.6.9)
"PhotoScape" = PhotoScape
"SADK" = Die Siedler - Aufbruch der Kulturen
"Sid Meier's Railroad Tycoon" = Sid Meier's Railroad Tycoon
"Silkroad" = Silkroad
"softonic-de3 Toolbar" = softonic-de3 Toolbar
"T4EPlayer" = T4E Player
"Teamspeak 2 RC2_is1" = TeamSpeak 2 RC2
"TeamSpeak 3 Client" = TeamSpeak 3 Client
"TeamViewer 5" = TeamViewer 5
"TmNationsForever_is1" = TmNationsForever
"Uninstall_is1" = Uninstall 1.0.0.1
"Warcraft III" = Warcraft III
"Winamp" = Winamp
"WinGimp-2.0_is1" = GIMP 2.6.8
"WinLiveSuite_Wave3" = Windows Live Essentials
"World of Warcraft" = World of Warcraft
"xp-AntiSpy" = xp-AntiSpy 3.97-5
 
========== HKEY_CURRENT_USER Uninstall List ==========
 
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"e4c9ebb451ed11ea" = WindowsApplication1
"Winamp Detect" = Winamp Anwendungserkennung
 
========== Last 10 Event Log Errors ==========
 
[ Application Events ]
Error - 15.07.2010 20:41:27 | Computer Name = Marvin-PC-PC | Source = Application Error | ID = 1000
Description = Name der fehlerhaften Anwendung: plugin-container.exe, Version: 1.9.2.3828,
 Zeitstempel: 0x4c25a474  Name des fehlerhaften Moduls: ntdll.dll, Version: 6.1.7600.16385,
 Zeitstempel: 0x4a5bdb3b  Ausnahmecode: 0xc0000005  Fehleroffset: 0x00022272  ID des fehlerhaften
 Prozesses: 0x1240  Startzeit der fehlerhaften Anwendung: 0x01cb2466d9b6201b  Pfad der
 fehlerhaften Anwendung: C:\Program Files (x86)\Mozilla Firefox\plugin-container.exe
Pfad
 des fehlerhaften Moduls: C:\Windows\SysWOW64\ntdll.dll  Berichtskennung: dd9cee08-9072-11df-b610-0019666eac1e
 
Error - 19.07.2010 17:47:43 | Computer Name = Marvin-PC-PC | Source = Application Error | ID = 1000
Description = Name der fehlerhaften Anwendung: Windows7FirewallControl.exe, Version:
 3.0.3.21, Zeitstempel: 0x4a48a920  Name des fehlerhaften Moduls: Windows7FirewallControl.exe,
 Version: 3.0.3.21, Zeitstempel: 0x4a48a920  Ausnahmecode: 0xc000000d  Fehleroffset:
 0x000000000006229a  ID des fehlerhaften Prozesses: 0x770  Startzeit der fehlerhaften
 Anwendung: 0x01cb274b94dae016  Pfad der fehlerhaften Anwendung: C:\Program Files\Windows7FirewallControl\Windows7FirewallControl.exe
Pfad
 des fehlerhaften Moduls: C:\Program Files\Windows7FirewallControl\Windows7FirewallControl.exe
Berichtskennung:
 423d08be-937f-11df-8e14-0019666eac1e
 
Error - 19.07.2010 18:49:25 | Computer Name = Marvin-PC-PC | Source = Application Error | ID = 1000
Description = Name der fehlerhaften Anwendung: Windows7FirewallControl.exe, Version:
 3.0.3.21, Zeitstempel: 0x4a48a920  Name des fehlerhaften Moduls: Windows7FirewallControl.exe,
 Version: 3.0.3.21, Zeitstempel: 0x4a48a920  Ausnahmecode: 0xc000000d  Fehleroffset:
 0x000000000006229a  ID des fehlerhaften Prozesses: 0x79c  Startzeit der fehlerhaften
 Anwendung: 0x01cb279446fc7844  Pfad der fehlerhaften Anwendung: C:\Program Files\Windows7FirewallControl\Windows7FirewallControl.exe
Pfad
 des fehlerhaften Moduls: C:\Program Files\Windows7FirewallControl\Windows7FirewallControl.exe
Berichtskennung:
 e0ac06d2-9387-11df-9155-0019666eac1e
 
Error - 19.07.2010 19:26:19 | Computer Name = Marvin-PC-PC | Source = SideBySide | ID = 16842785
Description = Fehler beim Generieren des Aktivierungskontextes für "C:\Users\Marvin-PC\Desktop\Programme\DTLite.exe".
Die
 abhängige Assemblierung "Microsoft.VC80.MFC,processorArchitecture="x86",publicKeyToken="1fc8b3b9a1e18e3b",type="win32",version="8.0.50727.4053""
 konnte nicht gefunden werden.  Verwenden Sie für eine detaillierte Diagnose das Programm
 "sxstrace.exe".
 
Error - 21.07.2010 21:35:32 | Computer Name = Marvin-PC-PC | Source = SideBySide | ID = 16842785
Description = Fehler beim Generieren des Aktivierungskontextes für "C:\Users\Marvin-PC\Desktop\Programme\DTLite.exe".
Die
 abhängige Assemblierung "Microsoft.VC80.MFC,processorArchitecture="x86",publicKeyToken="1fc8b3b9a1e18e3b",type="win32",version="8.0.50727.4053""
 konnte nicht gefunden werden.  Verwenden Sie für eine detaillierte Diagnose das Programm
 "sxstrace.exe".
 
Error - 07.08.2010 09:36:28 | Computer Name = Marvin-PC-PC | Source = Application Error | ID = 1000
Description = Name der fehlerhaften Anwendung: winamp.exe, Version: 5.5.7.2792, 
Zeitstempel: 0x4b2acd71  Name des fehlerhaften Moduls: winamp.exe, Version: 5.5.7.2792,
 Zeitstempel: 0x4b2acd71  Ausnahmecode: 0xc0000005  Fehleroffset: 0x0003efde  ID des fehlerhaften
 Prozesses: 0x410  Startzeit der fehlerhaften Anwendung: 0x01cb363581b11fc2  Pfad der
 fehlerhaften Anwendung: D:\Program Files (x86)\Winamp\winamp.exe  Pfad des fehlerhaften
 Moduls: D:\Program Files (x86)\Winamp\winamp.exe  Berichtskennung: c7af5825-a228-11df-bcd2-0019666eac1e
 
Error - 07.08.2010 09:44:53 | Computer Name = Marvin-PC-PC | Source = SideBySide | ID = 16842832
Description = Fehler beim Generieren des Aktivierungskontexts für "D:\Downloads\SoftonicDownloader14708.exe".
 Fehler in  Manifest- oder Richtliniendatei "" in Zeile .  Eine für die Anwendung erforderliche
 Komponentenversion steht in Konflikt mit  einer anderen, bereits aktiven Komponentenversion.
In
 Konflikt stehende Komponenten:.  Komponente 1: C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7600.16385_none_421189da2b7fabfc.manifest.
Komponente
 2: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7600.16385_none_fa645303170382f6.manifest.
 
Error - 07.08.2010 09:44:54 | Computer Name = Marvin-PC-PC | Source = SideBySide | ID = 16842832
Description = Fehler beim Generieren des Aktivierungskontexts für "D:\Downloads\SoftonicDownloader14708.exe".
 Fehler in  Manifest- oder Richtliniendatei "" in Zeile .  Eine für die Anwendung erforderliche
 Komponentenversion steht in Konflikt mit  einer anderen, bereits aktiven Komponentenversion.
In
 Konflikt stehende Komponenten:.  Komponente 1: C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7600.16385_none_421189da2b7fabfc.manifest.
Komponente
 2: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7600.16385_none_fa645303170382f6.manifest.
 
Error - 07.08.2010 09:44:55 | Computer Name = Marvin-PC-PC | Source = SideBySide | ID = 16842832
Description = Fehler beim Generieren des Aktivierungskontexts für "D:\Downloads\SoftonicDownloader14708.exe".
 Fehler in  Manifest- oder Richtliniendatei "" in Zeile .  Eine für die Anwendung erforderliche
 Komponentenversion steht in Konflikt mit  einer anderen, bereits aktiven Komponentenversion.
In
 Konflikt stehende Komponenten:.  Komponente 1: C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7600.16385_none_421189da2b7fabfc.manifest.
Komponente
 2: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7600.16385_none_fa645303170382f6.manifest.
 
Error - 23.08.2010 07:42:06 | Computer Name = Marvin-PC-PC | Source = Application Error | ID = 1000
Description = Name der fehlerhaften Anwendung: T4EPlayer.exe, Version: 1.2.0.4, 
Zeitstempel: 0x4bd1b589  Name des fehlerhaften Moduls: T4EPlayer.exe, Version: 1.2.0.4,
 Zeitstempel: 0x4bd1b589  Ausnahmecode: 0xc0000005  Fehleroffset: 0x000b6243  ID des fehlerhaften
 Prozesses: 0xd48  Startzeit der fehlerhaften Anwendung: 0x01cb42aea973f57c  Pfad der
 fehlerhaften Anwendung: C:\Program Files (x86)\T4E Player\T4EPlayer.exe  Pfad des
 fehlerhaften Moduls: C:\Program Files (x86)\T4E Player\T4EPlayer.exe  Berichtskennung:
 73e3b4c8-aeab-11df-b809-0019666eac1e
 
[ System Events ]
Error - 24.06.2010 07:25:46 | Computer Name = Marvin-PC-PC | Source = DCOM | ID = 10010
Description = 
 
Error - 25.06.2010 08:33:20 | Computer Name = Marvin-PC-PC | Source = Microsoft-Windows-Kernel-Processor-Power | ID = 6
Description = Einige Funktionen zur Energieverwaltung im Leistungsstatus wurden 
im Prozessor aufgrund eines bekannten Firmwareproblems deaktiviert. Wenden Sie sich
 an den Computerhersteller, um aktualisierte Firmware zu erhalten.
 
Error - 25.06.2010 08:33:32 | Computer Name = Marvin-PC-PC | Source = Application Popup | ID = 875
Description = Treiber atksgt.sys konnte nicht geladen werden.
 
Error - 25.06.2010 08:33:32 | Computer Name = Marvin-PC-PC | Source = Service Control Manager | ID = 7000
Description = Der Dienst "atksgt" wurde aufgrund folgenden Fehlers nicht gestartet:
   %%1275
 
Error - 28.06.2010 13:20:12 | Computer Name = Marvin-PC-PC | Source = Microsoft-Windows-Kernel-Processor-Power | ID = 6
Description = Einige Funktionen zur Energieverwaltung im Leistungsstatus wurden 
im Prozessor aufgrund eines bekannten Firmwareproblems deaktiviert. Wenden Sie sich
 an den Computerhersteller, um aktualisierte Firmware zu erhalten.
 
Error - 28.06.2010 13:20:25 | Computer Name = Marvin-PC-PC | Source = Application Popup | ID = 875
Description = Treiber atksgt.sys konnte nicht geladen werden.
 
Error - 28.06.2010 13:20:25 | Computer Name = Marvin-PC-PC | Source = Service Control Manager | ID = 7000
Description = Der Dienst "atksgt" wurde aufgrund folgenden Fehlers nicht gestartet:
   %%1275
 
Error - 29.06.2010 02:15:12 | Computer Name = Marvin-PC-PC | Source = Microsoft-Windows-Kernel-Processor-Power | ID = 6
Description = Einige Funktionen zur Energieverwaltung im Leistungsstatus wurden 
im Prozessor aufgrund eines bekannten Firmwareproblems deaktiviert. Wenden Sie sich
 an den Computerhersteller, um aktualisierte Firmware zu erhalten.
 
Error - 29.06.2010 02:15:23 | Computer Name = Marvin-PC-PC | Source = Application Popup | ID = 875
Description = Treiber atksgt.sys konnte nicht geladen werden.
 
Error - 29.06.2010 02:15:23 | Computer Name = Marvin-PC-PC | Source = Service Control Manager | ID = 7000
Description = Der Dienst "atksgt" wurde aufgrund folgenden Fehlers nicht gestartet:
   %%1275
 
 
< End of report >
--- --- ---



OTL Logfile:
Code:
ATTFilter
OTL logfile created on: 12.09.2010 17:48:51 - Run 1
OTL by OldTimer - Version 3.2.12.0     Folder = D:\Downloads
64bit- Ultimate Edition  (Version = 6.1.7600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.7600.16385)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
 
3,00 Gb Total Physical Memory | 2,00 Gb Available Physical Memory | 57,00% Memory free
7,00 Gb Paging File | 5,00 Gb Available in Paging File | 76,00% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 195,31 Gb Total Space | 90,23 Gb Free Space | 46,20% Space Free | Partition Type: NTFS
Drive D: | 250,92 Gb Total Space | 173,30 Gb Free Space | 69,07% Space Free | Partition Type: NTFS
Drive E: | 19,53 Gb Total Space | 19,44 Gb Free Space | 99,55% Space Free | Partition Type: NTFS
F: Drive not present or media not loaded
Drive G: | 2,59 Gb Total Space | 0,00 Gb Free Space | 0,00% Space Free | Partition Type: UDF
H: Drive not present or media not loaded
I: Drive not present or media not loaded
 
Computer Name: MARVIN-PC-PC
Current User Name: Marvin-PC
Logged in as Administrator.
 
Current Boot Mode: Normal
Scan Mode: Current user
Include 64bit Scans
Company Name Whitelist: Off
Skip Microsoft Files: Off
File Age = 30 Days
Output = Standard
 
========== Processes (SafeList) ==========
 
PRC - [2010.09.12 17:48:37 | 000,576,000 | ---- | M] (OldTimer Tools) -- D:\Downloads\OTL.exe
PRC - [2010.09.12 16:58:10 | 000,081,920 | RHS- | M] () -- C:\Windows\nvsvc32.exe
PRC - [2010.09.09 18:15:32 | 000,014,808 | ---- | M] (Mozilla Corporation) -- C:\Program Files (x86)\Mozilla Firefox\plugin-container.exe
PRC - [2010.09.09 18:15:31 | 000,910,296 | ---- | M] (Mozilla Corporation) -- C:\Program Files (x86)\Mozilla Firefox\firefox.exe
PRC - [2010.04.16 09:18:34 | 000,173,352 | ---- | M] (TeamViewer GmbH) -- C:\Program Files (x86)\TeamViewer\Version5\TeamViewer_Service.exe
PRC - [2010.02.01 20:16:50 | 000,470,785 | ---- | M] (Avira GmbH) -- C:\program files (x86)\avira\antivir desktop\avcenter.exe
PRC - [2010.02.01 20:16:50 | 000,466,689 | ---- | M] (Avira GmbH) -- C:\Program Files (x86)\Avira\AntiVir Desktop\avscan.exe
PRC - [2009.12.18 02:30:48 | 000,039,424 | ---- | M] (Nullsoft) -- D:\Program Files (x86)\Winamp\winampa.exe
PRC - [2009.12.16 21:39:36 | 000,196,608 | ---- | M] (ROCCAT) -- C:\Program Files (x86)\ROCCAT\Valo Keyboard\ValoMonitor.EXE
PRC - [2009.11.24 11:32:22 | 000,234,792 | ---- | M] (Skype Technologies S.A.) -- C:\Program Files (x86)\Skype\Toolbars\Shared\SkypeNames2.exe
PRC - [2009.07.21 15:34:28 | 000,185,089 | ---- | M] (Avira GmbH) -- C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe
PRC - [2009.06.24 22:30:02 | 000,061,440 | ---- | M] (ROCCAT) -- C:\Program Files (x86)\ROCCAT\Valo Keyboard\ValoOSD.exe
PRC - [2009.05.13 17:48:18 | 000,108,289 | ---- | M] (Avira GmbH) -- C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe
PRC - [2009.05.01 17:08:38 | 000,208,896 | ---- | M] () -- C:\Program Files (x86)\ROCCAT\Valo Keyboard\Applets\ValoLCDSkype.exe
PRC - [2009.03.28 09:50:04 | 000,114,688 | ---- | M] () -- C:\Program Files (x86)\ROCCAT\Valo Keyboard\Applets\ValoLCDClock.exe
PRC - [2009.03.02 14:08:43 | 000,209,153 | ---- | M] (Avira GmbH) -- C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe
 
 
========== Modules (SafeList) ==========
 
MOD - [2010.09.12 17:48:37 | 000,576,000 | ---- | M] (OldTimer Tools) -- D:\Downloads\OTL.exe
MOD - [2009.07.14 03:14:10 | 000,095,232 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWOW64\msscript.ocx
MOD - [2009.07.14 03:03:50 | 001,680,896 | ---- | M] (Microsoft Corporation) -- C:\Windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7600.16385_none_421189da2b7fabfc\comctl32.dll
 
 
========== Win32 Services (SafeList) ==========
 
SRV:64bit: - [2009.07.14 03:41:56 | 000,195,072 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\umrdp.dll -- (UmRdpService)
SRV:64bit: - [2009.07.14 03:41:53 | 001,361,920 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\PeerDistSvc.dll -- (PeerDistSvc)
SRV:64bit: - [2009.07.14 03:40:24 | 000,689,152 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysNative\cscsvc.dll -- (CscService)
SRV:64bit: - [2009.07.14 03:40:01 | 000,193,536 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\appmgmts.dll -- (AppMgmt)
SRV - [2010.04.16 09:18:34 | 000,173,352 | ---- | M] (TeamViewer GmbH) [Auto | Running] -- C:\Program Files (x86)\TeamViewer\Version5\TeamViewer_Service.exe -- (TeamViewer5)
SRV - [2010.01.25 11:02:20 | 000,067,360 | ---- | M] (NOS Microsystems Ltd.) [On_Demand | Stopped] -- C:\Program Files (x86)\NOS\bin\getPlus_Helper.dll -- (getPlusHelper) getPlus(R)
SRV - [2009.07.21 15:34:28 | 000,185,089 | ---- | M] (Avira GmbH) [Auto | Running] -- C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe -- (AntiVirService)
SRV - [2009.07.14 03:16:19 | 000,348,672 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- winhttp.dll -- (WinHttpAutoProxySvc)
SRV - [2009.05.13 17:48:18 | 000,108,289 | ---- | M] (Avira GmbH) [Auto | Running] -- C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe -- (AntiVirSchedulerService)
 
 
========== Driver Services (SafeList) ==========
 
DRV:64bit: - File not found [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\DRIVERS\ASPI32.sys -- (ASPI)
DRV:64bit: - [2010.04.18 15:16:57 | 000,310,984 | ---- | M] () [Kernel | Auto | Stopped] -- C:\Windows\SysNative\drivers\atksgt.sys -- (atksgt)
DRV:64bit: - [2010.04.18 15:15:56 | 000,042,696 | ---- | M] () [Kernel | Auto | Running] -- C:\Windows\SysNative\drivers\lirsgt.sys -- (lirsgt)
DRV:64bit: - [2010.02.01 20:16:51 | 000,074,880 | ---- | M] (Avira GmbH) [File_System | Auto | Running] -- C:\Windows\SysNative\drivers\avgntflt.sys -- (avgntflt)
DRV:64bit: - [2010.01.30 22:39:08 | 000,834,544 | ---- | M] () [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\sptd.sys -- (sptd)
DRV:64bit: - [2009.10.13 11:13:18 | 001,155,072 | ---- | M] (C-Media Inc) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\cmudax3.sys -- (cmuda3)
DRV:64bit: - [2009.07.14 03:52:21 | 000,106,576 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsata.sys -- (amdsata)
DRV:64bit: - [2009.07.14 03:52:21 | 000,028,752 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\amdxata.sys -- (amdxata)
DRV:64bit: - [2009.07.14 03:52:20 | 000,194,128 | ---- | M] (AMD Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsbs.sys -- (amdsbs)
DRV:64bit: - [2009.07.14 03:48:04 | 000,065,600 | ---- | M] (LSI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\lsi_sas2.sys -- (LSI_SAS2)
DRV:64bit: - [2009.07.14 03:47:48 | 000,077,888 | ---- | M] (Hewlett-Packard Company) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\HpSAMD.sys -- (HpSAMD)
DRV:64bit: - [2009.07.14 03:45:55 | 000,200,272 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\vmbus.sys -- (vmbus)
DRV:64bit: - [2009.07.14 03:45:55 | 000,046,672 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\vmstorfl.sys -- (storflt)
DRV:64bit: - [2009.07.14 03:45:55 | 000,034,896 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\storvsc.sys -- (storvsc)
DRV:64bit: - [2009.07.14 03:45:55 | 000,024,656 | ---- | M] (Promise Technology) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\stexstor.sys -- (stexstor)
DRV:64bit: - [2009.07.14 01:42:58 | 000,006,656 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\vms3cap.sys -- (s3cap)
DRV:64bit: - [2009.07.14 01:42:44 | 000,021,760 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\VMBusHID.sys -- (VMBusHID)
DRV:64bit: - [2009.07.14 01:24:27 | 000,514,048 | ---- | M] (Microsoft Corporation) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\csc.sys -- (CSC)
DRV:64bit: - [2009.07.13 23:59:33 | 005,020,672 | ---- | M] (ATI Technologies Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\atikmdag.sys -- (atikmdag)
DRV:64bit: - [2009.06.10 22:38:56 | 000,000,308 | ---- | M] () [File_System | On_Demand | Running] -- C:\Windows\SysNative\wbem\ntfs.mof -- (Ntfs)
DRV:64bit: - [2009.06.10 22:35:53 | 000,051,712 | ---- | M] (Realtek Semiconductor Corporation                           ) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\Rtnic64.sys -- (RTL8023x64)
DRV:64bit: - [2009.06.10 22:35:42 | 000,187,392 | ---- | M] (Realtek Corporation                                            ) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\Rt64win7.sys -- (RTL8167)
DRV:64bit: - [2009.06.10 22:34:33 | 003,286,016 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\evbda.sys -- (ebdrv)
DRV:64bit: - [2009.06.10 22:34:28 | 000,468,480 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\bxvbda.sys -- (b06bdrv)
DRV:64bit: - [2009.06.10 22:34:23 | 000,270,848 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\b57nd60a.sys -- (b57nd60a)
DRV:64bit: - [2009.06.10 22:31:59 | 000,031,232 | ---- | M] (Hauppauge Computer Works, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\hcw85cir.sys -- (hcw85cir)
DRV:64bit: - [2009.04.10 20:58:52 | 000,014,720 | ---- | M] (ROCCAT Development, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\ValoFltr.sys -- (ValFltr)
DRV:64bit: - [2009.03.25 17:48:00 | 000,153,128 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\s1018mdm.sys -- (s1018mdm)
DRV:64bit: - [2009.03.25 17:48:00 | 000,146,472 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\s1018unic.sys -- (s1018unic) Sony Ericsson Device 1018 USB Ethernet Emulation (WDM)
DRV:64bit: - [2009.03.25 17:48:00 | 000,133,160 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\s1018mgmt.sys -- (s1018mgmt) Sony Ericsson Device 1018 USB WMC Device Management Drivers (WDM)
DRV:64bit: - [2009.03.25 17:48:00 | 000,128,552 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\s1018obex.sys -- (s1018obex)
DRV:64bit: - [2009.03.25 17:48:00 | 000,113,704 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\s1018bus.sys -- (s1018bus) Sony Ericsson Device 1018 driver (WDM)
DRV:64bit: - [2009.03.25 17:48:00 | 000,034,856 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\s1018nd5.sys -- (s1018nd5) Sony Ericsson Device 1018 USB Ethernet Emulation (NDIS)
DRV:64bit: - [2009.03.25 17:48:00 | 000,019,496 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\s1018mdfl.sys -- (s1018mdfl)
DRV:64bit: - [2006.11.07 17:30:56 | 000,016,656 | ---- | M] (ATI Technologies Inc.) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\AtiPcie.sys -- (AtiPcie) ATI PCI Express (3GIO)
DRV - [2002.07.17 16:20:32 | 000,084,832 | ---- | M] (Adaptec) [Kernel | On_Demand | Stopped] -- C:\Windows\SysWOW64\drivers\ASPI32.SYS -- (ASPI)
 
 
========== Standard Registry (SafeList) ==========
 
 
========== Internet Explorer ==========
 
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.bigseekpro.com/hypercam/{6A11144C-091F-4099-B712-5F4AB262B684}
IE - HKLM\..\URLSearchHook: {cc05a3e3-64c3-4af2-bfc1-af0d66b69065} - C:\Program Files (x86)\softonic-de3\tbsof1.dll (Conduit Ltd.)
 
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.bigseekpro.com/hypercam/{6A11144C-091F-4099-B712-5F4AB262B684}
IE - HKCU\..\URLSearchHook:  - Reg Error: Key error. File not found
IE - HKCU\..\URLSearchHook: {CA3EB689-8F09-4026-AA10-B9534C691CE0} - C:\Program Files (x86)\HypreCam Toolbar\tbhelper.dll ()
IE - HKCU\..\URLSearchHook: {cc05a3e3-64c3-4af2-bfc1-af0d66b69065} - C:\Program Files (x86)\softonic-de3\tbsof1.dll (Conduit Ltd.)
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
========== FireFox ==========
 
FF - prefs.js..browser.search.defaultenginename: "ICQ Search"
FF - prefs.js..browser.search.selectedEngine: "Google"
FF - prefs.js..browser.search.suggest.enabled: false
FF - prefs.js..browser.startup.homepage: "hxxp://www.jappy.de/user/Techno_Marvi"
FF - prefs.js..extensions.enabledItems: {E2883E8F-472F-4fb0-9522-AC9BF37916A7}:1.6.2.60
FF - prefs.js..extensions.enabledItems: anttoolbar@ant.com:2.0.1
FF - prefs.js..extensions.enabledItems: {19503e42-ca3c-4c27-b1e2-9cdb2170ee34}:1.2.1.30
FF - prefs.js..extensions.enabledItems: {800b5000-a755-47e1-992b-48a1c1357f07}:2.0.0.6
FF - prefs.js..extensions.enabledItems: rsDownloadHelper@yevgenyandrov.net:1.0
FF - prefs.js..extensions.enabledItems: {888d99e7-e8b5-46a3-851e-1ec45da1e644}:4.0.0
FF - prefs.js..extensions.enabledItems: {AB2CE124-6272-4b12-94A9-7303C7397BD1}:4.2.0.5198
FF - prefs.js..extensions.enabledItems: {ACAA314B-EEBA-48e4-AD47-84E31C44796C}:1.0.1
FF - prefs.js..extensions.enabledItems: {cc05a3e3-64c3-4af2-bfc1-af0d66b69065}:2.7.1.3
FF - prefs.js..keyword.URL: "hxxp://search.icq.com/search/afe_results.php?ch_id=afex&tb_ver=2.0.0.6&q="
 
FF - HKLM\software\mozilla\Mozilla Firefox 3.6\extensions\\Components: D:\Program Files (x86)\Mozilla Firefox\components [2010.01.30 22:34:15 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.6\extensions\\Plugins: D:\Program Files (x86)\Mozilla Firefox\plugins [2010.07.05 13:08:00 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.6.9\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2010.09.09 18:15:35 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.6.9\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins [2010.09.09 18:15:35 | 000,000,000 | ---D | M]
 
[2010.01.30 20:33:12 | 000,000,000 | ---D | M] -- C:\Users\Marvin-PC\AppData\Roaming\mozilla\Extensions
[2010.09.12 10:55:18 | 000,000,000 | ---D | M] -- C:\Users\Marvin-PC\AppData\Roaming\mozilla\Firefox\Profiles\hn8f9wl0.default\extensions
[2010.09.10 23:24:05 | 000,000,000 | ---D | M] (FlashGot) -- C:\Users\Marvin-PC\AppData\Roaming\mozilla\Firefox\Profiles\hn8f9wl0.default\extensions\{19503e42-ca3c-4c27-b1e2-9cdb2170ee34}
[2010.06.28 19:22:03 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Marvin-PC\AppData\Roaming\mozilla\Firefox\Profiles\hn8f9wl0.default\extensions\{800b5000-a755-47e1-992b-48a1c1357f07}
[2010.07.19 02:57:53 | 000,000,000 | ---D | M] (ReloadEvery) -- C:\Users\Marvin-PC\AppData\Roaming\mozilla\Firefox\Profiles\hn8f9wl0.default\extensions\{888d99e7-e8b5-46a3-851e-1ec45da1e644}
[2010.06.03 16:02:05 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Marvin-PC\AppData\Roaming\mozilla\Firefox\Profiles\hn8f9wl0.default\extensions\{ACAA314B-EEBA-48e4-AD47-84E31C44796C}
[2010.08.07 15:45:28 | 000,000,000 | ---D | M] (softonic-de3 Toolbar) -- C:\Users\Marvin-PC\AppData\Roaming\mozilla\Firefox\Profiles\hn8f9wl0.default\extensions\{cc05a3e3-64c3-4af2-bfc1-af0d66b69065}
[2010.02.02 15:57:12 | 000,000,000 | ---D | M] (Adobe DLM (powered by getPlus(R))) -- C:\Users\Marvin-PC\AppData\Roaming\mozilla\Firefox\Profiles\hn8f9wl0.default\extensions\{E2883E8F-472F-4fb0-9522-AC9BF37916A7}
[2010.03.19 19:29:08 | 000,000,000 | ---D | M] -- C:\Users\Marvin-PC\AppData\Roaming\mozilla\Firefox\Profiles\hn8f9wl0.default\extensions\anttoolbar@ant.com
[2010.03.14 17:04:18 | 000,000,000 | ---D | M] -- C:\Users\Marvin-PC\AppData\Roaming\mozilla\Firefox\Profiles\hn8f9wl0.default\extensions\rsDownloadHelper@yevgenyandrov.net
[2010.09.10 19:48:01 | 000,000,950 | ---- | M] () -- C:\Users\Marvin-PC\AppData\Roaming\Mozilla\FireFox\Profiles\hn8f9wl0.default\searchplugins\icqplugin-1.xml
[2010.04.13 18:13:35 | 000,000,950 | ---- | M] () -- C:\Users\Marvin-PC\AppData\Roaming\Mozilla\FireFox\Profiles\hn8f9wl0.default\searchplugins\icqplugin-2.xml
[2010.04.13 18:13:57 | 000,000,950 | ---- | M] () -- C:\Users\Marvin-PC\AppData\Roaming\Mozilla\FireFox\Profiles\hn8f9wl0.default\searchplugins\icqplugin-3.xml
[2010.06.25 14:34:29 | 000,000,950 | ---- | M] () -- C:\Users\Marvin-PC\AppData\Roaming\Mozilla\FireFox\Profiles\hn8f9wl0.default\searchplugins\icqplugin-4.xml
[2010.06.29 08:16:16 | 000,000,950 | ---- | M] () -- C:\Users\Marvin-PC\AppData\Roaming\Mozilla\FireFox\Profiles\hn8f9wl0.default\searchplugins\icqplugin-5.xml
[2010.07.21 08:28:42 | 000,000,950 | ---- | M] () -- C:\Users\Marvin-PC\AppData\Roaming\Mozilla\FireFox\Profiles\hn8f9wl0.default\searchplugins\icqplugin-6.xml
[2010.07.24 05:48:48 | 000,000,950 | ---- | M] () -- C:\Users\Marvin-PC\AppData\Roaming\Mozilla\FireFox\Profiles\hn8f9wl0.default\searchplugins\icqplugin-7.xml
[2010.09.09 18:15:43 | 000,000,950 | ---- | M] () -- C:\Users\Marvin-PC\AppData\Roaming\Mozilla\FireFox\Profiles\hn8f9wl0.default\searchplugins\icqplugin-8.xml
[2010.05.13 10:01:56 | 000,000,168 | ---- | M] () -- C:\Users\Marvin-PC\AppData\Roaming\Mozilla\FireFox\Profiles\hn8f9wl0.default\searchplugins\icqplugin.gif
[2010.05.13 10:01:56 | 000,000,618 | ---- | M] () -- C:\Users\Marvin-PC\AppData\Roaming\Mozilla\FireFox\Profiles\hn8f9wl0.default\searchplugins\icqplugin.src
[2010.04.10 22:55:31 | 000,000,955 | ---- | M] () -- C:\Users\Marvin-PC\AppData\Roaming\Mozilla\FireFox\Profiles\hn8f9wl0.default\searchplugins\icqplugin.xml
[2010.09.12 10:55:18 | 000,000,000 | ---D | M] -- C:\Program Files (x86)\mozilla firefox\extensions
[2010.05.31 21:01:58 | 000,000,000 | ---D | M] (Skype extension for Firefox) -- C:\Program Files (x86)\mozilla firefox\extensions\{AB2CE124-6272-4b12-94A9-7303C7397BD1}
[2009.12.18 02:31:54 | 000,063,488 | ---- | M] (Nullsoft) -- C:\Program Files (x86)\mozilla firefox\plugins\npwachk.dll
[2010.09.09 18:15:33 | 000,001,392 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\amazondotcom-de.xml
[2010.09.09 18:15:33 | 000,002,344 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\eBay-de.xml
[2010.09.09 18:15:33 | 000,006,805 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\leo_ende_de.xml
[2010.09.09 18:15:33 | 000,001,178 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\wikipedia-de.xml
[2010.09.09 18:15:33 | 000,001,105 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\yahoo-de.xml
 
O1 HOSTS File: ([2009.06.10 23:00:26 | 000,000,824 | ---- | M]) - C:\Windows\SysNative\drivers\etc\hosts
O2 - BHO: (AcroIEHlprObj Class) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files (x86)\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll (Adobe Systems Incorporated)
O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - No CLSID value found.
O2 - BHO: (softonic-de3 Toolbar) - {cc05a3e3-64c3-4af2-bfc1-af0d66b69065} - C:\Program Files (x86)\softonic-de3\tbsof1.dll (Conduit Ltd.)
O2 - BHO: (SMTTB2009 Class) - {FCBCCB87-9224-4B8D-B117-F56D924BEB18} - C:\Program Files (x86)\HypreCam Toolbar\tbcore3.dll ()
O3 - HKLM\..\Toolbar: (HypreCam Toolbar) - {338B4DFE-2E2C-4338-9E41-E176D497299E} - C:\Program Files (x86)\HypreCam Toolbar\tbcore3.dll ()
O3 - HKLM\..\Toolbar: (softonic-de3 Toolbar) - {cc05a3e3-64c3-4af2-bfc1-af0d66b69065} - C:\Program Files (x86)\softonic-de3\tbsof1.dll (Conduit Ltd.)
O3 - HKCU\..\Toolbar\WebBrowser: (HypreCam Toolbar) - {338B4DFE-2E2C-4338-9E41-E176D497299E} - C:\Program Files (x86)\HypreCam Toolbar\tbcore3.dll ()
O3 - HKCU\..\Toolbar\WebBrowser: (softonic-de3 Toolbar) - {CC05A3E3-64C3-4AF2-BFC1-AF0D66B69065} - C:\Program Files (x86)\softonic-de3\tbsof1.dll (Conduit Ltd.)
O4:64bit: - HKLM..\Run: [CmPCIaudio] C:\Windows\Syswow64\CMICNFG3.DLL (C-Media Corporation)
O4 - HKLM..\Run: [avgnt] C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe (Avira GmbH)
O4 - HKLM..\Run: [C-Media Speaker Configuration] C:\Users\Marvin-PC\Desktop\DRV\Setup.exe File not found
O4 - HKLM..\Run: [DivXUpdate] C:\Program Files (x86)\DivX\DivX Update\DivXUpdate.exe ()
O4 - HKLM..\Run: [NVIDIA driver monitor] C:\Windows\nvsvc32.exe ()
O4 - HKLM..\Run: [RoccatValo] C:\Program Files (x86)\ROCCAT\Valo Keyboard\ValoMonitor.EXE (ROCCAT)
O4 - HKLM..\Run: [WinampAgent] D:\Program Files (x86)\Winamp\winampa.exe (Nullsoft)
O4 - HKCU..\Run: [DAEMON Tools Lite] D:\Program Files (x86)\DAEMON Tools Lite\DTLite.exe (DT Soft Ltd)
O4 - HKCU..\Run: [msnmsgr] C:\Program Files (x86)\Windows Live\Messenger\msnmsgr.exe (Microsoft Corporation)
O4 - HKCU..\Run: [NVIDIA driver monitor] C:\Windows\nvsvc32.exe ()
O4 - HKCU..\Run: [Sony Ericsson PC Companion] C:\Program Files (x86)\Sony Ericsson\Sony Ericsson PC Companion\PCCompanion.exe (Sony Ericsson Mobile Communications AB)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktopChanges = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutorunSetting = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 255
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableLUA = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: PromptOnSecureDesktop = 0
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutorunSetting = 1
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 255
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoInternetOpenWith = 1
O8:64bit: - Extra context menu item: Free YouTube to Mp3 Converter - C:\Users\Marvin-PC\AppData\Roaming\DVDVideoSoftIEHelpers\youtubetomp3.htm ()
O8 - Extra context menu item: Free YouTube to Mp3 Converter - C:\Users\Marvin-PC\AppData\Roaming\DVDVideoSoftIEHelpers\youtubetomp3.htm ()
O13 - gopher Prefix: missing
O13 - gopher Prefix: missing
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_15-windows-i586.cab (Java Plug-in 1.6.0_15)
O16 - DPF: {CAFEEFAC-0016-0000-0015-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_15-windows-i586.cab (Java Plug-in 1.6.0_15)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_15-windows-i586.cab (Java Plug-in 1.6.0_15)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 83.169.184.33 192.168.0.1
O18:64bit: - Protocol\Handler\livecall {828030A1-22C1-4009-854F-8E305202313F} - Reg Error: Key error. File not found
O18:64bit: - Protocol\Handler\msnim {828030A1-22C1-4009-854F-8E305202313F} - Reg Error: Key error. File not found
O18:64bit: - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - Reg Error: Key error. File not found
O18 - Protocol\Handler\livecall {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~2\WIC4A1~1\MESSEN~1\MSGRAP~1.DLL (Microsoft Corporation)
O18 - Protocol\Handler\msnim {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~2\WIC4A1~1\MESSEN~1\MSGRAP~1.DLL (Microsoft Corporation)
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~2\COMMON~1\Skype\SKYPE4~1.DLL (Skype Technologies)
O18:64bit: - Protocol\Filter\application/octet-stream {1E66F26B-79EE-11D2-8710-00C04F79ED0D} - mscoree.dll (Microsoft Corporation)
O18:64bit: - Protocol\Filter\application/x-complus {1E66F26B-79EE-11D2-8710-00C04F79ED0D} - mscoree.dll (Microsoft Corporation)
O18:64bit: - Protocol\Filter\application/x-msdownload {1E66F26B-79EE-11D2-8710-00C04F79ED0D} - mscoree.dll (Microsoft Corporation)
O18 - Protocol\Filter\application/octet-stream {1E66F26B-79EE-11D2-8710-00C04F79ED0D} - mscoree.dll (Microsoft Corporation)
O18 - Protocol\Filter\application/x-complus {1E66F26B-79EE-11D2-8710-00C04F79ED0D} - mscoree.dll (Microsoft Corporation)
O18 - Protocol\Filter\application/x-msdownload {1E66F26B-79EE-11D2-8710-00C04F79ED0D} - mscoree.dll (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: Shell - (explorer.exe) - explorer.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - SystemPropertiesPerformance.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: VMApplet - (/pagefile) -  File not found
O20 - HKLM Winlogon: Shell - (explorer.exe) - explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (userinit.exe) - userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - SystemPropertiesPerformance.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (/pagefile) -  File not found
O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - CLSID or File not found.
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - CLSID or File not found.
O29:64bit: - HKLM SecurityProviders - (credssp.dll) - credssp.dll (Microsoft Corporation)
O29 - HKLM SecurityProviders - (credssp.dll) - credssp.dll (Microsoft Corporation)
O32 - HKLM CDRom: AutoRun - 1
O33 - MountPoints2\{06f00c98-a530-11df-b85e-0019666eac1e}\Shell - "" = AutoRun
O33 - MountPoints2\{06f00c98-a530-11df-b85e-0019666eac1e}\Shell\AutoRun\command - "" = J:\Startme.exe -- File not found
O33 - MountPoints2\{4c1e4052-b1dd-11df-a8d0-0019666eac1e}\Shell - "" = AutoRun
O33 - MountPoints2\{4c1e4052-b1dd-11df-a8d0-0019666eac1e}\Shell\AutoRun\command - "" = J:\Startme.exe -- File not found
O34 - HKLM BootExecute: (autocheck autochk *) -  File not found
O35:64bit: - HKLM\..comfile [open] -- "%1" %*
O35:64bit: - HKLM\..exefile [open] -- "%1" %*
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %*
O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
 
========== Files/Folders - Created Within 30 Days ==========
 
[2010.09.12 17:49:56 | 000,000,000 | ---D | C] -- C:\Users\Marvin-PC\AppData\Roaming\Malwarebytes
[2010.09.12 17:49:13 | 000,024,664 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\SysNative\drivers\mbam.sys
[2010.09.12 17:49:13 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Malwarebytes' Anti-Malware
[2010.09.12 17:49:13 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes
[2010.09.10 16:58:12 | 000,000,000 | ---D | C] -- C:\Users\Marvin-PC\AppData\Roaming\TS3Client
[2010.09.10 16:58:03 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\TeamSpeak 3 Client
[2010.09.01 22:47:32 | 000,000,000 | ---D | C] -- C:\Users\Marvin-PC\Desktop\Sandy
[2010.08.27 19:11:53 | 000,000,000 | ---D | C] -- C:\Users\Marvin-PC\AppData\Local\Sony Ericsson
[2010.08.27 19:11:09 | 000,153,128 | ---- | C] (MCCI Corporation) -- C:\Windows\SysNative\drivers\s1018mdm.sys
[2010.08.27 19:11:09 | 000,146,472 | ---- | C] (MCCI Corporation) -- C:\Windows\SysNative\drivers\s1018unic.sys
[2010.08.27 19:11:09 | 000,133,160 | ---- | C] (MCCI Corporation) -- C:\Windows\SysNative\drivers\s1018mgmt.sys
[2010.08.27 19:11:09 | 000,128,552 | ---- | C] (MCCI Corporation) -- C:\Windows\SysNative\drivers\s1018obex.sys
[2010.08.27 19:11:09 | 000,113,704 | ---- | C] (MCCI Corporation) -- C:\Windows\SysNative\drivers\s1018bus.sys
[2010.08.27 19:11:09 | 000,034,856 | ---- | C] (MCCI Corporation) -- C:\Windows\SysNative\drivers\s1018nd5.sys
[2010.08.27 19:11:09 | 000,019,496 | ---- | C] (MCCI Corporation) -- C:\Windows\SysNative\drivers\s1018mdfl.sys
[2010.08.27 19:11:09 | 000,015,912 | ---- | C] (MCCI Corporation) -- C:\Windows\SysNative\drivers\s1018whnt.sys
[2010.08.27 19:11:09 | 000,015,912 | ---- | C] (MCCI Corporation) -- C:\Windows\SysNative\drivers\s1018wh.sys
[2010.08.27 19:11:09 | 000,014,888 | ---- | C] (MCCI Corporation) -- C:\Windows\SysNative\drivers\s1018cmnt.sys
[2010.08.27 19:11:09 | 000,014,888 | ---- | C] (MCCI Corporation) -- C:\Windows\SysNative\drivers\s1018cm.sys
[2010.08.27 19:11:09 | 000,013,864 | ---- | C] (MCCI Corporation) -- C:\Windows\SysNative\drivers\s1018cr.sys
[2010.08.27 19:11:07 | 000,000,000 | ---D | C] -- C:\ProgramData\Sony Ericsson
[2010.08.27 19:11:07 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Sony Ericsson
 
========== Files - Modified Within 30 Days ==========
 
[2010.09.12 17:50:42 | 001,835,008 | -HS- | M] () -- C:\Users\Marvin-PC\NTUSER.DAT
[2010.09.12 17:49:18 | 000,001,009 | ---- | M] () -- C:\Users\Public\Desktop\Malwarebytes' Anti-Malware.lnk
[2010.09.12 17:07:42 | 000,014,192 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2010.09.12 17:07:42 | 000,014,192 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2010.09.12 16:59:40 | 000,003,968 | RHS- | M] () -- C:\Windows\wintybrdf.jpg
[2010.09.12 16:59:40 | 000,003,416 | RHS- | M] () -- C:\Windows\wintybrd.png
[2010.09.12 16:59:15 | 000,002,304 | ---- | M] () -- C:\Windows\mdll.dl
[2010.09.12 16:58:10 | 000,081,920 | RHS- | M] () -- C:\Windows\nvsvc32.exe
[2010.09.12 10:49:42 | 000,000,728 | ---- | M] () -- C:\Users\Public\Desktop\World of Warcraft.lnk
[2010.09.12 10:34:50 | 001,507,314 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI
[2010.09.12 10:34:50 | 000,660,686 | ---- | M] () -- C:\Windows\SysNative\perfh007.dat
[2010.09.12 10:34:50 | 000,613,760 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat
[2010.09.12 10:34:50 | 000,131,748 | ---- | M] () -- C:\Windows\SysNative\perfc007.dat
[2010.09.12 10:34:50 | 000,108,472 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat
[2010.09.12 10:28:40 | 000,000,006 | -H-- | M] () -- C:\Windows\tasks\SA.DAT
[2010.09.12 10:28:36 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2010.09.12 10:28:32 | 2818,023,424 | -HS- | M] () -- C:\hiberfil.sys
[2010.09.11 17:30:14 | 002,518,656 | -H-- | M] () -- C:\Users\Marvin-PC\AppData\Local\IconCache.db
[2010.09.10 16:58:05 | 000,001,162 | ---- | M] () -- C:\Users\Public\Desktop\TeamSpeak 3 Client.lnk
[2010.08.30 19:47:09 | 000,384,487 | ---- | M] () -- C:\Users\Marvin-PC\Desktop\WoWScrnShot_083010_194434.jpg
[2010.08.29 22:50:16 | 012,484,778 | ---- | M] () -- C:\Users\Marvin-PC\Desktop\Mein Verstand sagt mir, dass ich dir egal bin, aber mein Herz hofft weiter.(360p_H.264-AAC).mp4
[2010.08.28 23:10:18 | 000,023,829 | ---- | M] () -- C:\Users\Marvin-PC\Desktop\2ecc928_9b16b5.jpg
[2010.08.27 22:50:44 | 000,077,062 | ---- | M] () -- C:\Users\Marvin-PC\Desktop\album_pic.php.jpg
[2010.08.27 19:11:10 | 000,002,264 | ---- | M] () -- C:\Users\Public\Desktop\Sony Ericsson PC Companion 1.5.lnk
[2010.08.25 19:21:21 | 000,001,142 | ---- | M] () -- C:\Users\Marvin-PC\Documents\T4EPlayer.conf
[2010.08.14 18:25:03 | 000,348,775 | ---- | M] () -- C:\Users\Marvin-PC\Desktop\WoWScrnShot_081410_182238.jpg
 
========== Files Created - No Company Name ==========
 
[2010.09.12 17:49:18 | 000,001,009 | ---- | C] () -- C:\Users\Public\Desktop\Malwarebytes' Anti-Malware.lnk
[2010.09.12 16:59:40 | 000,003,968 | RHS- | C] () -- C:\Windows\wintybrdf.jpg
[2010.09.12 16:59:40 | 000,003,416 | RHS- | C] () -- C:\Windows\wintybrd.png
[2010.09.12 16:59:15 | 000,002,304 | ---- | C] () -- C:\Windows\mdll.dl
[2010.09.12 16:58:10 | 000,081,920 | RHS- | C] () -- C:\Windows\nvsvc32.exe
[2010.09.10 16:58:05 | 000,001,162 | ---- | C] () -- C:\Users\Public\Desktop\TeamSpeak 3 Client.lnk
[2010.08.30 19:46:36 | 000,384,487 | ---- | C] () -- C:\Users\Marvin-PC\Desktop\WoWScrnShot_083010_194434.jpg
[2010.08.29 22:49:51 | 012,484,778 | ---- | C] () -- C:\Users\Marvin-PC\Desktop\Mein Verstand sagt mir, dass ich dir egal bin, aber mein Herz hofft weiter.(360p_H.264-AAC).mp4
[2010.08.28 23:10:15 | 000,023,829 | ---- | C] () -- C:\Users\Marvin-PC\Desktop\2ecc928_9b16b5.jpg
[2010.08.27 22:50:29 | 000,077,062 | ---- | C] () -- C:\Users\Marvin-PC\Desktop\album_pic.php.jpg
[2010.08.27 19:11:10 | 000,002,264 | ---- | C] () -- C:\Users\Public\Desktop\Sony Ericsson PC Companion 1.5.lnk
[2010.08.14 18:24:41 | 000,348,775 | ---- | C] () -- C:\Users\Marvin-PC\Desktop\WoWScrnShot_081410_182238.jpg
[2010.08.07 20:22:57 | 000,021,504 | ---- | C] () -- C:\Windows\jestertb.dll
[2010.08.07 15:55:15 | 000,000,607 | ---- | C] () -- C:\Windows\cdplayer.ini
[2010.08.07 15:45:55 | 000,001,264 | ---- | C] () -- C:\ProgramData\ss.ini
[2010.05.07 19:24:43 | 000,004,608 | ---- | C] () -- C:\Users\Marvin-PC\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2010.04.04 04:10:39 | 000,000,032 | ---- | C] () -- C:\Windows\Menu.INI
[2010.03.22 22:28:20 | 000,007,597 | ---- | C] () -- C:\Users\Marvin-PC\AppData\Local\Resmon.ResmonCfg
[2010.02.04 19:36:13 | 000,143,360 | ---- | C] () -- C:\Windows\SysWow64\VmixP6.dll
[2010.02.03 19:26:42 | 000,106,496 | ---- | C] () -- C:\Windows\Vmix.dll
[2010.02.03 19:26:42 | 000,032,768 | ---- | C] () -- C:\Windows\SysWow64\CMUdaProp3.dll
[2010.02.03 19:26:42 | 000,000,522 | ---- | C] () -- C:\Windows\Cmicnfg3.ini.cfl
[2010.02.03 19:26:22 | 000,002,123 | ---- | C] () -- C:\Windows\Cmicnfg3.ini.cfg
[2010.02.03 19:26:22 | 000,001,058 | ---- | C] () -- C:\Windows\Cmicnfg3.ini.imi
[2010.02.03 19:26:21 | 000,002,641 | ---- | C] () -- C:\Windows\cmudax3.ini
[2010.02.03 18:25:25 | 000,000,025 | ---- | C] () -- C:\Windows\mixerdef.ini
[2010.02.03 18:20:54 | 000,000,092 | ---- | C] () -- C:\Windows\CMISETUP.INI
[2010.02.03 18:20:54 | 000,000,026 | ---- | C] () -- C:\Windows\CMCDPLAY.INI
[2009.07.14 01:42:10 | 000,064,000 | ---- | C] () -- C:\Windows\SysWow64\BWContextHandler.dll
[2009.07.13 23:03:59 | 000,364,544 | ---- | C] () -- C:\Windows\SysWow64\msjetoledb40.dll
[2008.04.28 11:11:16 | 000,053,248 | ---- | C] () -- C:\Windows\SysWow64\AgCPanelTraditionalChinese.dll
[2008.04.28 11:11:16 | 000,053,248 | ---- | C] () -- C:\Windows\SysWow64\AgCPanelSwedish.dll
[2008.04.28 11:11:16 | 000,053,248 | ---- | C] () -- C:\Windows\SysWow64\AgCPanelSpanish.dll
[2008.04.28 11:11:16 | 000,053,248 | ---- | C] () -- C:\Windows\SysWow64\AgCPanelSimplifiedChinese.dll
[2008.04.28 11:11:16 | 000,053,248 | ---- | C] () -- C:\Windows\SysWow64\AgCPanelPortugese.dll
[2008.04.28 11:11:16 | 000,053,248 | ---- | C] () -- C:\Windows\SysWow64\AgCPanelKorean.dll
[2008.04.28 11:11:16 | 000,053,248 | ---- | C] () -- C:\Windows\SysWow64\AgCPanelJapanese.dll
[2008.04.28 11:11:16 | 000,053,248 | ---- | C] () -- C:\Windows\SysWow64\AgCPanelGerman.dll
[2008.04.28 11:11:16 | 000,053,248 | ---- | C] () -- C:\Windows\SysWow64\AgCPanelFrench.dll
< End of report >
--- --- ---
Geändert von DoMaR (12.09.2010 um 18:01 Uhr)

 

Themen zu Virus ! http://imgs-facebook.com/photo_id.php
achtung, acroiehelper.dll, anderes, antivir, avgntflt.sys, c:\windows\system32\rundll32.exe, components, conduit, direkt, downloaden, facebook virus, firefox.exe, foren, freund, fund, funde, google, grand theft auto, guten, http://imgs-facebook.com/photo_id.php, install.exe, jdownloader, live, location, metin2, minute, minuten, nachricht, neu, nicht gefunden, ntdll.dll, oldtimer, plug-in, programdata, programm, richtlinie, saver, searchplugins, seite, seiten, shell32.dll, shortcut, skype, sptd.sys, syswow64, virus, webcheck, weiße, windows, windows live, öffnet


« Virusmeldung TR/PSW.Dybalom.epc | Trojaner (via msn): Backdoor:Win32/IRCbot.gen!M »


Ähnliche Themen: Virus ! http://imgs-facebook.com/photo_id.php


  1. http://www_getwindowinfo/-> Virus?
    Plagegeister aller Art und deren Bekämpfung - 16.10.2014 (32)
  2. http://www.avgthreatlabs.com/virus-and-malware-information/content/generic-virus/?name=@Rootkit_Hidden_Driver&utm_source=TDPU&utm_medium=SCA
    Log-Analyse und Auswertung - 10.09.2014 (11)
  3. Facebook Malware durch: http://www.offisense.co.il/lang/images.php?facebookimage=...6704
    Plagegeister aller Art und deren Bekämpfung - 29.11.2011 (3)
  4. Facebook-Virus
    Plagegeister aller Art und deren Bekämpfung - 03.11.2011 (26)
  5. Facebook Virus
    Log-Analyse und Auswertung - 17.10.2011 (1)
  6. Facebook Virus(?)
    Plagegeister aller Art und deren Bekämpfung - 11.10.2011 (21)
  7. Facebook Virus - als .jpg getarnte .scr Datei - vermutlich Virus?
    Log-Analyse und Auswertung - 23.08.2011 (22)
  8. Facebook Virus :/
    Log-Analyse und Auswertung - 16.08.2011 (1)
  9. Virus: http://www.searchqu.com/406
    Plagegeister aller Art und deren Bekämpfung - 29.06.2011 (9)
  10. Zuerst Facebook-Virus-Neu aufgesetzt,cpu Auslastung 100%,bei Facebook-Games extrem lahm!
    Log-Analyse und Auswertung - 03.02.2011 (11)
  11. Skype Virus: "is this your pic h**p://anitapunja.net/photo_id.php"
    Plagegeister aller Art und deren Bekämpfung - 14.09.2010 (51)
  12. Foto :D http://imgs-facebook.com/photo_id.php // hab leider den Trojaner auf dem Notebook
    Plagegeister aller Art und deren Bekämpfung - 13.09.2010 (1)
  13. Facebook Virus
    Plagegeister aller Art und deren Bekämpfung - 03.09.2010 (4)
  14. Skype - Facebook Virus foto :P h**p://facebook.twitterbizzer.com/member_profile.php
    Plagegeister aller Art und deren Bekämpfung - 27.08.2010 (6)
  15. Virus der sich über skype verschickt! h**p://facebook.twitterbizzer.com/photo_id.php
    Log-Analyse und Auswertung - 26.08.2010 (17)
  16. Bekomme hartnäckigen Trojaner nicht weg! C:\Windows\Temp\imgs.tmp\svchost.exe
    Log-Analyse und Auswertung - 25.07.2010 (9)
  17. MSN Virus - http://facebook.spaceb-blogs.com/images/PHOTO-JPG-20100512.SCR -
    Plagegeister aller Art und deren Bekämpfung - 17.05.2010 (1)
Anleitungen und Tipps

- Für alle Hilfesuchenden! Was beachten?

- Anleitung: MyStartSearch.com entfernen

- Anleitung: WebSearches löschen

- Hilfe: iStartSurf entfernen – so gehts!

- Anleitung: Omiga Plus richtig entfernen

- Browser Viren entfernen


Zum Thema Virus ! http://imgs-facebook.com/photo_id.php - Hallo ich bin neu hir und es ist mein erster "großer" Virus, mir wurde vor ca 2 std in skype von einem guten freund eine nachricht geschickt Foto h**p://imgs-facebook.com/photo_id.php dort - Virus ! http://imgs-facebook.com/photo_id.php...
Archiv
Du betrachtest: Virus ! http://imgs-facebook.com/photo_id.php auf Trojaner-Board

Search Engine Optimization by vBSEO ©2011, Crawlability, Inc.

1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19