|
Plagegeister aller Art und deren Bekämpfung: Avira Antivir meldet BDS\Papras.QN in C:\WINDOWS\cidamapi.dllWindows 7 Wenn Du nicht sicher bist, ob Du dir Malware oder Trojaner eingefangen hast, erstelle hier ein Thema. Ein Experte wird sich mit weiteren Anweisungen melden und Dir helfen die Malware zu entfernen oder Unerwünschte Software zu deinstallieren bzw. zu löschen. Bitte schildere dein Problem so genau wie möglich. Sollte es ein Trojaner oder Viren Problem sein wird ein Experte Dir bei der Beseitigug der Infektion helfen. |
14.09.2010, 19:03 | #1 |
| Avira Antivir meldet BDS\Papras.QN in C:\WINDOWS\cidamapi.dll 'C:\WINDOWS\cidamapi.dll' Enthält ein Erkennungsmuster des (gefährlichen) Backdoorprogrammes 'BDS\Papras.QN' Ausgeführte Aktion: Zugriff verweigern Ich habe seit 2 Tagen immer wieder Meldungen dieser Art durch AVir. Anbei logfiles Malwarebyte und OTL-Dateien. Was ist zu tun? Desinfizierung durch Antimalware? Malwarebytes' Anti-Malware 1.46 www.malwarebytes.org Datenbank Version: 4610 Windows 5.1.2600 Service Pack 3 Internet Explorer 6.0.2900.5512 14.09.2010 00:36:57 mbam-log-2010-09-14 (00-36-57) Art des Suchlaufs: Vollständiger Suchlauf (C:\|D:\|) Durchsuchte Objekte: 331283 Laufzeit: 1 Stunde(n), 20 Minute(n), 15 Sekunde(n) Infizierte Speicherprozesse: 0 Infizierte Speichermodule: 0 Infizierte Registrierungsschlüssel: 147 Infizierte Registrierungswerte: 6 Infizierte Dateiobjekte der Registrierung: 0 Infizierte Verzeichnisse: 20 Infizierte Dateien: 72 Infizierte Speicherprozesse: (Keine bösartigen Objekte gefunden) Infizierte Speichermodule: (Keine bösartigen Objekte gefunden) Infizierte Registrierungsschlüssel: HKEY_CLASSES_ROOT\funwebproducts.browseroverlaybarbutton (Adware.MyWebSearch) -> No action taken. HKEY_CLASSES_ROOT\funwebproducts.browseroverlaybarbutton.1 (Adware.MyWebSearch) -> No action taken. HKEY_CLASSES_ROOT\funwebproducts.browseroverlayembed (Adware.MyWebSearch) -> No action taken. HKEY_CLASSES_ROOT\funwebproducts.browseroverlayembed.1 (Adware.MyWebSearch) -> No action taken. HKEY_CLASSES_ROOT\funwebproducts.datacontrol (Adware.MyWebSearch) -> No action taken. HKEY_CLASSES_ROOT\funwebproducts.datacontrol.1 (Adware.MyWebSearch) -> No action taken. HKEY_CLASSES_ROOT\funwebproducts.historykillerscheduler (Adware.MyWebSearch) -> No action taken. HKEY_CLASSES_ROOT\funwebproducts.historykillerscheduler.1 (Adware.MyWebSearch) -> No action taken. HKEY_CLASSES_ROOT\funwebproducts.historyswattercontrolbar (Adware.MyWebSearch) -> No action taken. HKEY_CLASSES_ROOT\funwebproducts.historyswattercontrolbar.1 (Adware.MyWebSearch) -> No action taken. HKEY_CLASSES_ROOT\funwebproducts.htmlmenu (Adware.MyWebSearch) -> No action taken. HKEY_CLASSES_ROOT\funwebproducts.htmlmenu.1 (Adware.MyWebSearch) -> No action taken. HKEY_CLASSES_ROOT\funwebproducts.htmlmenu.2 (Adware.MyWebSearch) -> No action taken. HKEY_CLASSES_ROOT\funwebproducts.iecookiesmanager (Adware.MyWebSearch) -> No action taken. HKEY_CLASSES_ROOT\funwebproducts.iecookiesmanager.1 (Adware.MyWebSearch) -> No action taken. HKEY_CLASSES_ROOT\funwebproducts.killerobjmanager (Adware.MyWebSearch) -> No action taken. HKEY_CLASSES_ROOT\funwebproducts.killerobjmanager.1 (Adware.MyWebSearch) -> No action taken. HKEY_CLASSES_ROOT\funwebproducts.popswatterbarbutton (Adware.MyWebSearch) -> No action taken. HKEY_CLASSES_ROOT\TypeLib\{8e6f1830-9607-4440-8530-13be7c4b1d14} (Adware.MyWebSearch) -> No action taken. HKEY_CLASSES_ROOT\Interface\{63d0ed2b-b45b-4458-8b3b-60c69bbbd83c} (Adware.MyWebSearch) -> No action taken. HKEY_CLASSES_ROOT\Interface\{63d0ed2d-b45b-4458-8b3b-60c69bbbd83c} (Adware.MyWebSearch) -> No action taken. HKEY_CLASSES_ROOT\CLSID\{63d0ed2c-b45b-4458-8b3b-60c69bbbd83c} (Adware.MyWebSearch) -> No action taken. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{63d0ed2c-b45b-4458-8b3b-60c69bbbd83c} (Adware.MyWebSearch) -> No action taken. HKEY_CLASSES_ROOT\CLSID\{8e6f1832-9607-4440-8530-13be7c4b1d14} (Adware.MyWebSearch) -> No action taken. HKEY_CLASSES_ROOT\CLSID\{a9571378-68a1-443d-b082-284f960c6d17} (Adware.MyWebSearch) -> No action taken. HKEY_CLASSES_ROOT\funwebproducts.popswatterbarbutton.1 (Adware.MyWebSearch) -> No action taken. HKEY_CLASSES_ROOT\funwebproducts.popswattersettingscontrol (Adware.MyWebSearch) -> No action taken. HKEY_CLASSES_ROOT\funwebproducts.popswattersettingscontrol.1 (Adware.MyWebSearch) -> No action taken. HKEY_CLASSES_ROOT\funwebproducts.shellviewcontrol (Adware.MyWebSearch) -> No action taken. HKEY_CLASSES_ROOT\TypeLib\{621feacd-8857-43a6-ae26-451d670d5370} (Adware.MyWebSearch) -> No action taken. HKEY_CLASSES_ROOT\Interface\{2763e333-b168-41a0-a112-d35f96f410c0} (Adware.MyWebSearch) -> No action taken. HKEY_CLASSES_ROOT\CLSID\{2eff3cf7-99c1-4c29-bc2b-68e057e22340} (Adware.MyWebSearch) -> No action taken. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{2eff3cf7-99c1-4c29-bc2b-68e057e22340} (Adware.MyWebSearch) -> No action taken. HKEY_CLASSES_ROOT\funwebproducts.shellviewcontrol.1 (Adware.MyWebSearch) -> No action taken. HKEY_CLASSES_ROOT\mywebsearch.chatsessionplugin (Adware.MyWebSearch) -> No action taken. HKEY_CLASSES_ROOT\TypeLib\{e79dfbc0-5697-4fbd-94e5-5b2a9c7c1612} (Adware.MyWebSearch) -> No action taken. HKEY_CLASSES_ROOT\Interface\{72ee7f04-15bd-4845-a005-d6711144d86a} (Adware.MyWebSearch) -> No action taken. HKEY_CLASSES_ROOT\Interface\{e79dfbc9-5697-4fbd-94e5-5b2a9c7c1612} (Adware.MyWebSearch) -> No action taken. HKEY_CLASSES_ROOT\Interface\{e79dfbcb-5697-4fbd-94e5-5b2a9c7c1612} (Adware.MyWebSearch) -> No action taken. HKEY_CLASSES_ROOT\CLSID\{e79dfbca-5697-4fbd-94e5-5b2a9c7c1612} (Adware.MyWebSearch) -> No action taken. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{e79dfbca-5697-4fbd-94e5-5b2a9c7c1612} (Adware.MyWebSearch) -> No action taken. HKEY_CLASSES_ROOT\mywebsearch.chatsessionplugin.1 (Adware.MyWebSearch) -> No action taken. HKEY_CLASSES_ROOT\mywebsearch.htmlpanel (Adware.MyWebSearch) -> No action taken. HKEY_CLASSES_ROOT\TypeLib\{3e720450-b472-4954-b7aa-33069eb53906} (Adware.MyWebSearch) -> No action taken. HKEY_CLASSES_ROOT\Interface\{3e720451-b472-4954-b7aa-33069eb53906} (Adware.MyWebSearch) -> No action taken. HKEY_CLASSES_ROOT\Interface\{3e720453-b472-4954-b7aa-33069eb53906} (Adware.MyWebSearch) -> No action taken. HKEY_CLASSES_ROOT\CLSID\{3e720452-b472-4954-b7aa-33069eb53906} (Adware.MyWebSearch) -> No action taken. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{3e720452-b472-4954-b7aa-33069eb53906} (Adware.MyWebSearch) -> No action taken. HKEY_CLASSES_ROOT\mywebsearch.htmlpanel.1 (Adware.MyWebSearch) -> No action taken. HKEY_CLASSES_ROOT\mywebsearch.outlookaddin (Adware.MyWebSearch) -> No action taken. HKEY_CLASSES_ROOT\mywebsearch.outlookaddin.1 (Adware.MyWebSearch) -> No action taken. HKEY_CLASSES_ROOT\mywebsearch.pseudotransparentplugin (Adware.MyWebSearch) -> No action taken. HKEY_CLASSES_ROOT\TypeLib\{7473d290-b7bb-4f24-ae82-7e2ce94bb6a9} (Adware.MyWebSearch) -> No action taken. HKEY_CLASSES_ROOT\Interface\{7473d291-b7bb-4f24-ae82-7e2ce94bb6a9} (Adware.MyWebSearch) -> No action taken. HKEY_CLASSES_ROOT\Interface\{7473d293-b7bb-4f24-ae82-7e2ce94bb6a9} (Adware.MyWebSearch) -> No action taken. HKEY_CLASSES_ROOT\Interface\{7473d295-b7bb-4f24-ae82-7e2ce94bb6a9} (Adware.MyWebSearch) -> No action taken. HKEY_CLASSES_ROOT\Interface\{7473d297-b7bb-4f24-ae82-7e2ce94bb6a9} (Adware.MyWebSearch) -> No action taken. HKEY_CLASSES_ROOT\CLSID\{7473d292-b7bb-4f24-ae82-7e2ce94bb6a9} (Adware.MyWebSearch) -> No action taken. HKEY_CLASSES_ROOT\CLSID\{7473d294-b7bb-4f24-ae82-7e2ce94bb6a9} (Adware.MyWebSearch) -> No action taken. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{7473d294-b7bb-4f24-ae82-7e2ce94bb6a9} (Adware.MyWebSearch) -> No action taken. HKEY_CLASSES_ROOT\CLSID\{7473d296-b7bb-4f24-ae82-7e2ce94bb6a9} (Adware.MyWebSearch) -> No action taken. HKEY_CLASSES_ROOT\mywebsearch.pseudotransparentplugin.1 (Adware.MyWebSearch) -> No action taken. HKEY_CLASSES_ROOT\mywebsearchtoolbar.settingsplugin (Adware.MyWebSearch) -> No action taken. HKEY_CLASSES_ROOT\mywebsearchtoolbar.settingsplugin.1 (Adware.MyWebSearch) -> No action taken. HKEY_CLASSES_ROOT\mywebsearchtoolbar.toolbarplugin (Adware.MyWebSearch) -> No action taken. HKEY_CLASSES_ROOT\mywebsearchtoolbar.toolbarplugin.1 (Adware.MyWebSearch) -> No action taken. HKEY_CLASSES_ROOT\screensavercontrol.screensaverinstaller (Adware.MyWebSearch) -> No action taken. HKEY_CLASSES_ROOT\screensavercontrol.screensaverinstaller.1 (Adware.MyWebSearch) -> No action taken. HKEY_CLASSES_ROOT\Interface\{07b18eaa-a523-4961-b6bb-170de4475cca} (Adware.MyWebSearch) -> No action taken. HKEY_CLASSES_ROOT\Interface\{07b18eac-a523-4961-b6bb-170de4475cca} (Adware.MyWebSearch) -> No action taken. HKEY_CLASSES_ROOT\Interface\{1093995a-ba37-41d2-836e-091067c4ad17} (Adware.MyWebSearch) -> No action taken. HKEY_CLASSES_ROOT\Interface\{120927bf-1700-43bc-810f-fab92549b390} (Adware.MyWebSearch) -> No action taken. HKEY_CLASSES_ROOT\Interface\{17de5e5e-bfe3-4e83-8e1f-8755795359ec} (Adware.MyWebSearch) -> No action taken. HKEY_CLASSES_ROOT\Interface\{1f52a5fa-a705-4415-b975-88503b291728} (Adware.MyWebSearch) -> No action taken. HKEY_CLASSES_ROOT\Interface\{247a115f-06c2-4fb3-967d-2d62d3cf4f0a} (Adware.MyWebSearch) -> No action taken. HKEY_CLASSES_ROOT\Interface\{2e3537fc-cf2f-4f56-af54-5a6a3dd375cc} (Adware.MyWebSearch) -> No action taken. HKEY_CLASSES_ROOT\Interface\{2e9937fc-cf2f-4f56-af54-5a6a3dd375cc} (Adware.MyWebSearch) -> No action taken. HKEY_CLASSES_ROOT\Interface\{38a7c9da-8db7-4d0f-a7b1-c4b1a305bddb} (Adware.MyWebSearch) -> No action taken. HKEY_CLASSES_ROOT\Interface\{3e1656ed-f60e-4597-b6aa-b6a58e171495} (Adware.MyWebSearch) -> No action taken. HKEY_CLASSES_ROOT\Interface\{3e53e2cb-86db-4a4a-8bd9-ffeb7a64df82} (Adware.MyWebSearch) -> No action taken. HKEY_CLASSES_ROOT\Interface\{6e74766c-4d93-4cc0-96d1-47b8e07ff9ca} (Adware.MyWebSearch) -> No action taken. HKEY_CLASSES_ROOT\Interface\{741de825-a6f0-4497-9aa6-8023cf9b0fff} (Adware.MyWebSearch) -> No action taken. HKEY_CLASSES_ROOT\Interface\{8d292ec0-6792-4a38-82ed-73a087e41ba6} (Adware.MyWebSearch) -> No action taken. HKEY_CLASSES_ROOT\Interface\{90449521-d834-4703-bb4e-d3aa44042ff8} (Adware.MyWebSearch) -> No action taken. HKEY_CLASSES_ROOT\Interface\{991aac62-b100-47ce-8b75-253965244f69} (Adware.MyWebSearch) -> No action taken. HKEY_CLASSES_ROOT\Interface\{a626cdbd-3d13-4f78-b819-440a28d7e8fc} (Adware.MyWebSearch) -> No action taken. HKEY_CLASSES_ROOT\Interface\{bbabdc90-f3d5-4801-863a-ee6ae529862d} (Adware.MyWebSearch) -> No action taken. HKEY_CLASSES_ROOT\Interface\{d6ff3684-ad3b-48eb-bbb4-b9e6c5a355c1} (Adware.MyWebSearch) -> No action taken. HKEY_CLASSES_ROOT\Interface\{de38c398-b328-4f4c-a3ad-1b5e4ed93477} (Adware.MyWebSearch) -> No action taken. HKEY_CLASSES_ROOT\Interface\{e342af55-b78a-4cd0-a2bb-da7f52d9d25e} (Adware.MyWebSearch) -> No action taken. HKEY_CLASSES_ROOT\Interface\{e342af55-b78a-4cd0-a2bb-da7f52d9d25f} (Adware.MyWebSearch) -> No action taken. HKEY_CLASSES_ROOT\Interface\{eb9e5c1c-b1f9-4c2b-be8a-27d6446fdaf8} (Adware.MyWebSearch) -> No action taken. HKEY_CLASSES_ROOT\Interface\{f87d7fb5-9dc5-4c8c-b998-d8dfe02e2978} (Adware.MyWebSearch) -> No action taken. HKEY_CLASSES_ROOT\CLSID\{00a6faf1-072e-44cf-8957-5838f569a31d} (Adware.MyWebSearch) -> No action taken. HKEY_CLASSES_ROOT\CLSID\{00a6faf6-072e-44cf-8957-5838f569a31d} (Adware.MyWebSearch) -> No action taken. HKEY_CLASSES_ROOT\CLSID\{07b18ea1-a523-4961-b6bb-170de4475cca} (Adware.MyWebSearch) -> No action taken. HKEY_CLASSES_ROOT\CLSID\{07b18ea9-a523-4961-b6bb-170de4475cca} (Adware.MyWebSearch) -> No action taken. HKEY_CLASSES_ROOT\CLSID\{07b18eab-a523-4961-b6bb-170de4475cca} (Adware.MyWebSearch) -> No action taken. HKEY_CLASSES_ROOT\CLSID\{0f8ecf4f-3646-4c3a-8881-8e138ffcaf70} (Adware.MyWebSearch) -> No action taken. HKEY_CLASSES_ROOT\CLSID\{147a976f-eee1-4377-8ea7-4716e4cdd239} (Adware.MyWebSearch) -> No action taken. HKEY_CLASSES_ROOT\CLSID\{1e0de227-5ce4-4ea3-ab0c-8b03e1aa76bc} (Adware.MyWebSearch) -> No action taken. HKEY_CLASSES_ROOT\CLSID\{25560540-9571-4d7b-9389-0f166788785a} (Adware.MyWebSearch) -> No action taken. HKEY_CLASSES_ROOT\CLSID\{3dc201fb-e9c9-499c-a11f-23c360d7c3f8} (Adware.MyWebSearch) -> No action taken. HKEY_CLASSES_ROOT\CLSID\{53ced2d0-5e9a-4761-9005-648404e6f7e5} (Adware.MyWebSearch) -> No action taken. HKEY_CLASSES_ROOT\CLSID\{84da4fdf-a1cf-4195-8688-3e961f505983} (Adware.MyWebSearch) -> No action taken. HKEY_CLASSES_ROOT\CLSID\{938aa51a-996c-4884-98ce-80dd16a5c9da} (Adware.MyWebSearch) -> No action taken. HKEY_CLASSES_ROOT\CLSID\{98d9753d-d73b-42d5-8c85-4469cda897ab} (Adware.MyWebSearch) -> No action taken. HKEY_CLASSES_ROOT\CLSID\{9ff05104-b030-46fc-94b8-81276e4e27df} (Adware.MyWebSearch) -> No action taken. HKEY_CLASSES_ROOT\CLSID\{a6573479-9075-4a65-98a6-19fd29cf7374} (Adware.MyWebSearch) -> No action taken. HKEY_CLASSES_ROOT\CLSID\{adb01e81-3c79-4272-a0f1-7b2be7a782dc} (Adware.MyWebSearch) -> No action taken. HKEY_CLASSES_ROOT\CLSID\{b813095c-81c0-4e40-aa14-67520372b987} (Adware.MyWebSearch) -> No action taken. HKEY_CLASSES_ROOT\CLSID\{c9d7be3e-141a-4c85-8cd6-32461f3df2c7} (Adware.MyWebSearch) -> No action taken. HKEY_CLASSES_ROOT\CLSID\{cff4ce82-3aa2-451f-9b77-7165605fb835} (Adware.MyWebSearch) -> No action taken. HKEY_CLASSES_ROOT\CLSID\{d778513b-1c40-4819-b0c5-49e40b39afd0} (Adware.MyWebSearch) -> No action taken. HKEY_CLASSES_ROOT\CLSID\{d9fffb27-d62a-4d64-8cec-1ff006528805} (Adware.MyWebSearch) -> No action taken. HKEY_CLASSES_ROOT\Typelib\{07b18ea0-a523-4961-b6bb-170de4475cca} (Adware.MyWebSearch) -> No action taken. HKEY_CLASSES_ROOT\Typelib\{0d26bc71-a633-4e71-ad31-eadc3a1b6a3a} (Adware.MyWebSearch) -> No action taken. HKEY_CLASSES_ROOT\Typelib\{29d67d3c-509a-4544-903f-c8c1b8236554} (Adware.MyWebSearch) -> No action taken. HKEY_CLASSES_ROOT\Typelib\{8ca01f0e-987c-49c3-b852-2f1ac4a7094c} (Adware.MyWebSearch) -> No action taken. HKEY_CLASSES_ROOT\Typelib\{98635087-3f5d-418f-990c-b1efe0797a3b} (Adware.MyWebSearch) -> No action taken. HKEY_CLASSES_ROOT\Typelib\{c8cecde3-1ae1-4c4a-ad82-6d5b00212144} (Adware.MyWebSearch) -> No action taken. HKEY_CLASSES_ROOT\Typelib\{e47caee0-deea-464a-9326-3f2801535a4d} (Adware.MyWebSearch) -> No action taken. HKEY_CLASSES_ROOT\Typelib\{f42228fb-e84e-479e-b922-fbbd096e792c} (Adware.MyWebSearch) -> No action taken. HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{56256a51-b582-467e-b8d4-7786eda79ae0} (Trojan.Vundo) -> No action taken. HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{00a6faf1-072e-44cf-8957-5838f569a31d} (Adware.MyWebSearch) -> No action taken. HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{07b18ea1-a523-4961-b6bb-170de4475cca} (Adware.MyWebSearch) -> No action taken. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{56256a51-b582-467e-b8d4-7786eda79ae0} (Trojan.Vundo) -> No action taken. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{00a6faf1-072e-44cf-8957-5838f569a31d} (Adware.MyWebSearch) -> No action taken. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{07b18ea1-a523-4961-b6bb-170de4475cca} (Adware.MyWebSearch) -> No action taken. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{07b18eab-a523-4961-b6bb-170de4475cca} (Adware.MyWebSearch) -> No action taken. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{25560540-9571-4d7b-9389-0f166788785a} (Adware.MyWebSearch) -> No action taken. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{3dc201fb-e9c9-499c-a11f-23c360d7c3f8} (Adware.MyWebSearch) -> No action taken. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{98d9753d-d73b-42d5-8c85-4469cda897ab} (Adware.MyWebSearch) -> No action taken. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{9ff05104-b030-46fc-94b8-81276e4e27df} (Adware.MyWebSearch) -> No action taken. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{a6573479-9075-4a65-98a6-19fd29cf7374} (Adware.MyWebSearch) -> No action taken. HKEY_CURRENT_USER\SOFTWARE\Fun Web Products (Adware.MyWebSearch) -> No action taken. HKEY_CURRENT_USER\SOFTWARE\MyWebSearch (Adware.MyWebSearch) -> No action taken. HKEY_LOCAL_MACHINE\SOFTWARE\FocusInteractive (Adware.MyWebSearch) -> No action taken. HKEY_LOCAL_MACHINE\SOFTWARE\Fun Web Products (Adware.MyWebSearch) -> No action taken. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Multimedia\WMPlayer\Schemes\f3pss (Adware.MyWebSearch) -> No action taken. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Office\Outlook\Addins\MyWebSearch.OutlookAddin (Adware.MyWebSearch) -> No action taken. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Office\Word\Addins\MyWebSearch.OutlookAddin (Adware.MyWebSearch) -> No action taken. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\MyWebSearch bar Uninstall (Adware.MyWebSearch) -> No action taken. HKEY_LOCAL_MACHINE\SOFTWARE\MyWebSearch (Adware.MyWebSearch) -> No action taken. HKEY_LOCAL_MACHINE\SOFTWARE\winantivirus pro 2006 (Rogue.WinAntiVirus) -> No action taken. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{055fd26d-3a88-4e15-963d-dc8493744b1d} (Trojan.BHO) -> No action taken. HKEY_CLASSES_ROOT\CLSID\{055fd26d-3a88-4e15-963d-dc8493744b1d} (Trojan.BHO) -> No action taken. Infizierte Registrierungswerte: HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\URLSearchHooks\{00a6faf6-072e-44cf-8957-5838f569a31d} (Adware.MyWebSearch) -> No action taken. HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\MenuExt\&Search\(default) (Adware.Hotbar) -> No action taken. HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\mywebsearch email plugin (Adware.MyWebSearch) -> No action taken. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows Media\WMSDK\Sources\f3popularscreensavers (Adware.MyWebSearch) -> No action taken. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\User Agent\Post Platform\funwebproducts (Adware.MyWebSearch) -> No action taken. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\my web search bar (Adware.MyWebSearch) -> No action taken. Infizierte Dateiobjekte der Registrierung: (Keine bösartigen Objekte gefunden) Infizierte Verzeichnisse: C:\Dokumente und Einstellungen\Ulrike\Anwendungsdaten\FunWebProducts (Adware.MyWebSearch) -> No action taken. C:\Dokumente und Einstellungen\Ulrike\Anwendungsdaten\FunWebProducts\Data (Adware.MyWebSearch) -> No action taken. C:\Dokumente und Einstellungen\Ulrike\Anwendungsdaten\FunWebProducts\Data\Ulrike (Adware.MyWebSearch) -> No action taken. C:\Programme\FunWebProducts (Adware.MyWebSearch) -> No action taken. C:\Programme\FunWebProducts\Shared (Adware.MyWebSearch) -> No action taken. C:\Programme\FunWebProducts\Shared\Cache (Adware.MyWebSearch) -> No action taken. C:\Programme\MyWebSearch (Adware.MyWebSearch) -> No action taken. C:\Programme\MyWebSearch\bar (Adware.MyWebSearch) -> No action taken. C:\Programme\MyWebSearch\bar\1.bin (Adware.MyWebSearch) -> No action taken. C:\Programme\MyWebSearch\bar\2.bin (Adware.MyWebSearch) -> No action taken. C:\Programme\MyWebSearch\bar\Avatar (Adware.MyWebSearch) -> No action taken. C:\Programme\MyWebSearch\bar\Cache (Adware.MyWebSearch) -> No action taken. C:\Programme\MyWebSearch\bar\Game (Adware.MyWebSearch) -> No action taken. C:\Programme\MyWebSearch\bar\History (Adware.MyWebSearch) -> No action taken. C:\Programme\MyWebSearch\bar\icons (Adware.MyWebSearch) -> No action taken. C:\Programme\MyWebSearch\bar\Message (Adware.MyWebSearch) -> No action taken. C:\Programme\MyWebSearch\bar\Notifier (Adware.MyWebSearch) -> No action taken. C:\Programme\MyWebSearch\bar\Settings (Adware.MyWebSearch) -> No action taken. C:\Programme\MyWebSearch\SrchAstt (Adware.MyWebSearch) -> No action taken. C:\Programme\MyWebSearch\SrchAstt\2.bin (Adware.MyWebSearch) -> No action taken. Infizierte Dateien: C:\Programme\MyWebSearch\bar\2.bin\F3POPSWT.DLL (Adware.MyWebSearch) -> No action taken. C:\Programme\MyWebSearch\bar\2.bin\F3SHLLVW.DLL (Adware.MyWebSearch) -> No action taken. C:\Programme\MyWebSearch\bar\2.bin\M3MSG.DLL (Adware.MyWebSearch) -> No action taken. C:\Programme\MyWebSearch\bar\2.bin\M3HTML.DLL (Adware.MyWebSearch) -> No action taken. C:\Programme\MyWebSearch\bar\2.bin\M3SKIN.DLL (Adware.MyWebSearch) -> No action taken. C:\Programme\MyWebSearch\bar\2.bin\F3CJPEG.DLL (Adware.MyWebSearch) -> No action taken. C:\Dokumente und Einstellungen\Ulrike\Eigene Dateien\Eigene Dateien\shoot.EXE (Joke.Winshoot) -> No action taken. C:\Programme\MyWebSearch\bar\1.bin\M3HTML.DLL (Adware.MyWebSearch) -> No action taken. C:\Programme\MyWebSearch\bar\1.bin\MWSBAR.DLL (Adware.MyWebSearch) -> No action taken. C:\Programme\MyWebSearch\bar\1.bin\MWSOEMON.EXE (Adware.MyWebSearch) -> No action taken. C:\Programme\MyWebSearch\bar\1.bin\MWSOESTB.DLL (Adware.MyWebSearch) -> No action taken. C:\Programme\MyWebSearch\bar\2.bin\M3IDLE.DLL (Adware.MyWebSearch) -> No action taken. C:\Programme\MyWebSearch\bar\2.bin\M3IMPIPE.EXE (Adware.MyWebSearch) -> No action taken. C:\Programme\MyWebSearch\bar\2.bin\M3PLUGIN.DLL (Adware.MyWebSearch) -> No action taken. C:\Programme\MyWebSearch\bar\2.bin\M3SLSRCH.EXE (Adware.MyWebSearch) -> No action taken. C:\Programme\FunWebProducts\Shared\Cache\AvatarSmallBtn.html (Adware.MyWebSearch) -> No action taken. C:\Programme\FunWebProducts\Shared\Cache\CursorManiaBtn.html (Adware.MyWebSearch) -> No action taken. C:\Programme\FunWebProducts\Shared\Cache\MailStampBtn.html (Adware.MyWebSearch) -> No action taken. C:\Programme\FunWebProducts\Shared\Cache\MyFunCardsIMBtn.html (Adware.MyWebSearch) -> No action taken. C:\Programme\FunWebProducts\Shared\Cache\MyStationeryBtn.html (Adware.MyWebSearch) -> No action taken. C:\Programme\FunWebProducts\Shared\Cache\SmileyCentralBtn.html (Adware.MyWebSearch) -> No action taken. C:\Programme\MyWebSearch\bar\1.bin\F3REPROX.DLL (Adware.MyWebSearch) -> No action taken. C:\Programme\MyWebSearch\bar\2.bin\F3BKGERR.JPG (Adware.MyWebSearch) -> No action taken. C:\Programme\MyWebSearch\bar\2.bin\F3IMSTUB.DLL (Adware.MyWebSearch) -> No action taken. C:\Programme\MyWebSearch\bar\2.bin\F3REPROX.DLL (Adware.MyWebSearch) -> No action taken. C:\Programme\MyWebSearch\bar\2.bin\F3SPACER.WMV (Adware.MyWebSearch) -> No action taken. C:\Programme\MyWebSearch\bar\2.bin\F3WALLPP.DAT (Adware.MyWebSearch) -> No action taken. C:\Programme\MyWebSearch\bar\2.bin\F3WPHOOK.DLL (Adware.MyWebSearch) -> No action taken. C:\Programme\MyWebSearch\bar\2.bin\M3FFXTBR.JAR (Adware.MyWebSearch) -> No action taken. C:\Programme\MyWebSearch\bar\2.bin\M3FFXTBR.MANIFEST (Adware.MyWebSearch) -> No action taken. C:\Programme\MyWebSearch\bar\2.bin\M3NTSTBR.JAR (Adware.MyWebSearch) -> No action taken. C:\Programme\MyWebSearch\bar\2.bin\M3NTSTBR.MANIFEST (Adware.MyWebSearch) -> No action taken. C:\Programme\MyWebSearch\bar\Avatar\COMMON.F3S (Adware.MyWebSearch) -> No action taken. C:\Programme\MyWebSearch\bar\Cache\00023C15 (Adware.MyWebSearch) -> No action taken. C:\Programme\MyWebSearch\bar\Cache\000C0F95 (Adware.MyWebSearch) -> No action taken. C:\Programme\MyWebSearch\bar\Cache\0012867E (Adware.MyWebSearch) -> No action taken. C:\Programme\MyWebSearch\bar\Cache\00128A66.bin (Adware.MyWebSearch) -> No action taken. C:\Programme\MyWebSearch\bar\Cache\0012AE3A.bin (Adware.MyWebSearch) -> No action taken. C:\Programme\MyWebSearch\bar\Cache\0012AFDF.bin (Adware.MyWebSearch) -> No action taken. C:\Programme\MyWebSearch\bar\Cache\0012B166.bin (Adware.MyWebSearch) -> No action taken. C:\Programme\MyWebSearch\bar\Cache\0013378E.bin (Adware.MyWebSearch) -> No action taken. C:\Programme\MyWebSearch\bar\Cache\00133982.bin (Adware.MyWebSearch) -> No action taken. C:\Programme\MyWebSearch\bar\Cache\00133BF3.bin (Adware.MyWebSearch) -> No action taken. C:\Programme\MyWebSearch\bar\Cache\00133DF6.bin (Adware.MyWebSearch) -> No action taken. C:\Programme\MyWebSearch\bar\Cache\0019FC09.bin (Adware.MyWebSearch) -> No action taken. C:\Programme\MyWebSearch\bar\Cache\0019FDEE.bin (Adware.MyWebSearch) -> No action taken. C:\Programme\MyWebSearch\bar\Cache\0019FF36.bin (Adware.MyWebSearch) -> No action taken. C:\Programme\MyWebSearch\bar\Cache\files.ini (Adware.MyWebSearch) -> No action taken. C:\Programme\MyWebSearch\bar\Game\CHECKERS.F3S (Adware.MyWebSearch) -> No action taken. C:\Programme\MyWebSearch\bar\Game\CHESS.F3S (Adware.MyWebSearch) -> No action taken. C:\Programme\MyWebSearch\bar\Game\REVERSI.F3S (Adware.MyWebSearch) -> No action taken. C:\Programme\MyWebSearch\bar\History\search2 (Adware.MyWebSearch) -> No action taken. C:\Programme\MyWebSearch\bar\icons\CM.ICO (Adware.MyWebSearch) -> No action taken. C:\Programme\MyWebSearch\bar\icons\MFC.ICO (Adware.MyWebSearch) -> No action taken. C:\Programme\MyWebSearch\bar\icons\PSS.ICO (Adware.MyWebSearch) -> No action taken. C:\Programme\MyWebSearch\bar\icons\SMILEY.ICO (Adware.MyWebSearch) -> No action taken. C:\Programme\MyWebSearch\bar\icons\WB.ICO (Adware.MyWebSearch) -> No action taken. C:\Programme\MyWebSearch\bar\icons\ZWINKY.ICO (Adware.MyWebSearch) -> No action taken. C:\Programme\MyWebSearch\bar\Message\COMMON.F3S (Adware.MyWebSearch) -> No action taken. C:\Programme\MyWebSearch\bar\Notifier\COMMON.F3S (Adware.MyWebSearch) -> No action taken. C:\Programme\MyWebSearch\bar\Notifier\DOG.F3S (Adware.MyWebSearch) -> No action taken. C:\Programme\MyWebSearch\bar\Notifier\FISH.F3S (Adware.MyWebSearch) -> No action taken. C:\Programme\MyWebSearch\bar\Notifier\KUNGFU.F3S (Adware.MyWebSearch) -> No action taken. C:\Programme\MyWebSearch\bar\Notifier\LIFEGARD.F3S (Adware.MyWebSearch) -> No action taken. C:\Programme\MyWebSearch\bar\Notifier\MAID.F3S (Adware.MyWebSearch) -> No action taken. C:\Programme\MyWebSearch\bar\Notifier\MAILBOX.F3S (Adware.MyWebSearch) -> No action taken. C:\Programme\MyWebSearch\bar\Notifier\OPERA.F3S (Adware.MyWebSearch) -> No action taken. C:\Programme\MyWebSearch\bar\Notifier\ROBOT.F3S (Adware.MyWebSearch) -> No action taken. C:\Programme\MyWebSearch\bar\Notifier\SEDUCT.F3S (Adware.MyWebSearch) -> No action taken. C:\Programme\MyWebSearch\bar\Notifier\SURFER.F3S (Adware.MyWebSearch) -> No action taken. C:\Programme\MyWebSearch\bar\Settings\prevcfg2.htm (Adware.MyWebSearch) -> No action taken. C:\Programme\MyWebSearch\bar\Settings\s_pid.dat (Adware.MyWebSearch) -> No action taken. OTL Logfile: Code:
ATTFilter OTL logfile created on: 13.09.2010 22:20:57 - Run 1 OTL by OldTimer - Version 3.2.12.0 Folder = C:\Dokumente und Einstellungen\****\Eigene Dateien\Downloads Windows XP Home Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation Internet Explorer (Version = 6.0.2900.5512) Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy 2,00 Gb Total Physical Memory | 1,00 Gb Available Physical Memory | 60,00% Memory free 4,00 Gb Paging File | 3,00 Gb Available in Paging File | 83,00% Paging File free Paging file location(s): C:\pagefile.sys 2046 4092 [binary data] %SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Programme Drive C: | 151,37 Gb Total Space | 30,97 Gb Free Space | 20,46% Space Free | Partition Type: NTFS Drive D: | 146,71 Gb Total Space | 95,44 Gb Free Space | 65,05% Space Free | Partition Type: NTFS E: Drive not present or media not loaded F: Drive not present or media not loaded G: Drive not present or media not loaded H: Drive not present or media not loaded I: Drive not present or media not loaded Computer Name: **** Current User Name: **** Logged in as Administrator. Current Boot Mode: Normal Scan Mode: Current user Company Name Whitelist: Off Skip Microsoft Files: Off File Age = 30 Days Output = Minimal ========== Processes (SafeList) ========== PRC - C:\Dokumente und Einstellungen\****\Eigene Dateien\Downloads\OTL.exe (OldTimer Tools) PRC - C:\Programme\Malwarebytes' Anti-Malware\mbam.exe (Malwarebytes Corporation) PRC - C:\Programme\OpenOffice.org 3\program\soffice.bin (OpenOffice.org) PRC - C:\Programme\OpenOffice.org 3\program\soffice.exe (OpenOffice.org) PRC - C:\Programme\Gemeinsame Dateien\Java\Java Update\jucheck.exe (Sun Microsystems, Inc.) PRC - C:\Programme\Gemeinsame Dateien\Java\Java Update\jusched.exe (Sun Microsystems, Inc.) PRC - D:\Programme\Avira\AntiVir Desktop\avguard.exe (Avira GmbH) PRC - D:\Programme\Avira\AntiVir Desktop\sched.exe (Avira GmbH) PRC - C:\Programme\QIP Infium\infium.exe (QIP) PRC - D:\Programme\Avira\AntiVir Desktop\avgnt.exe (Avira GmbH) PRC - C:\WINDOWS\explorer.exe (Microsoft Corporation) PRC - C:\WINDOWS\soundman.exe (Realtek Semiconductor Corp.) PRC - C:\Programme\Mozilla Firefox\plugin-container.exe (Mozilla Corporation) PRC - C:\Programme\Mozilla Firefox\firefox.exe (Mozilla Corporation) PRC - C:\Programme\Steam\steam.exe (Valve Corporation) PRC - C:\Programme\Gemeinsame Dateien\Microsoft Shared\VS7DEBUG\MDM.EXE (Microsoft Corporation) ========== Modules (SafeList) ========== MOD - C:\Dokumente und Einstellungen\****\Eigene Dateien\Downloads\OTL.exe (OldTimer Tools) MOD - C:\WINDOWS\system32\msscript.ocx (Microsoft Corporation) ========== Win32 Services (SafeList) ========== SRV - (lxdu_device) -- C:\WINDOWS\System32\lxducoms.exe File not found SRV - (AppMgmt) -- C:\WINDOWS\System32\appmgmts.dll File not found SRV - (Akamai) -- c:\Programme\Gemeinsame Dateien\Akamai\rswin_3746.dll () SRV - (npggsvc) -- C:\WINDOWS\System32\GameMon.des (INCA Internet Co., Ltd.) SRV - (AntiVirService) -- D:\Programme\Avira\AntiVir Desktop\avguard.exe (Avira GmbH) SRV - (AntiVirSchedulerService) -- D:\Programme\Avira\AntiVir Desktop\sched.exe (Avira GmbH) SRV - (ACS) -- C:\WINDOWS\system32\acs.exe () SRV - (ose) -- C:\Programme\Gemeinsame Dateien\Microsoft Shared\Source Engine\OSE.EXE (Microsoft Corporation) SRV - (MDM) -- C:\Programme\Gemeinsame Dateien\Microsoft Shared\VS7DEBUG\MDM.EXE (Microsoft Corporation) ========== Driver Services (SafeList) ========== DRV - (zlportio) -- C:\Dokumente und Einstellungen\****\Desktop\ultrastar\zlportio.sys File not found DRV - (IntcAzAudAddService) Service for Realtek HD Audio (WDM) -- C:\WINDOWS\System32\drivers\RtkHDAud.sys File not found DRV - (EagleNT) -- C:\WINDOWS\System32\drivers\EagleNT.sys File not found DRV - (MBAMSwissArmy) -- C:\WINDOWS\system32\drivers\mbamswissarmy.sys (Malwarebytes Corporation) DRV - (nv) -- C:\WINDOWS\system32\drivers\nv4_mini.sys (NVIDIA Corporation) DRV - (avgntflt) -- C:\WINDOWS\system32\drivers\avgntflt.sys (Avira GmbH) DRV - (tbhsd) -- C:\WINDOWS\system32\drivers\tbhsd.sys (RapidSolution Software AG) DRV - (RRNetCapMP) -- C:\WINDOWS\system32\drivers\rrnetcap.sys (RapidSolution Software AG) DRV - (RRNetCap) -- C:\WINDOWS\system32\drivers\rrnetcap.sys (RapidSolution Software AG) DRV - (hamachi) -- C:\WINDOWS\system32\drivers\hamachi.sys (LogMeIn, Inc.) DRV - (ssmdrv) -- C:\WINDOWS\system32\drivers\ssmdrv.sys (Avira GmbH) DRV - (avipbb) -- C:\WINDOWS\system32\drivers\avipbb.sys (Avira GmbH) DRV - (avgio) -- D:\Programme\Avira\AntiVir Desktop\avgio.sys (Avira GmbH) DRV - (NPF_devolo) NetGroup Packet Filter Driver (devolo) -- C:\WINDOWS\system32\drivers\npf_devolo.sys (CACE Technologies) DRV - (usbaudio) USB-Audiotreiber (WDM) -- C:\WINDOWS\system32\drivers\usbaudio.sys (Microsoft Corporation) DRV - (HDAudBus) -- C:\WINDOWS\system32\drivers\hdaudbus.sys (Windows (R) Server 2003 DDK provider) DRV - (hwdatacard) -- C:\WINDOWS\system32\drivers\ewusbmdm.sys (Huawei Technologies Co., Ltd.) DRV - (ALCXWDM) Service for Realtek AC97 Audio (WDM) -- C:\WINDOWS\system32\drivers\alcxwdm.sys (Realtek Semiconductor Corp.) DRV - (AmdK8) -- C:\WINDOWS\system32\drivers\AmdK8.sys (Advanced Micro Devices) DRV - (nvnetbus) -- C:\WINDOWS\system32\drivers\nvnetbus.sys (NVIDIA Corporation) DRV - (NVENETFD) -- C:\WINDOWS\system32\drivers\NVENETFD.sys (NVIDIA Corporation) DRV - (nvata) -- C:\WINDOWS\system32\DRIVERS\nvata.sys (NVIDIA Corporation) DRV - (AVMUNET) -- C:\WINDOWS\system32\drivers\avmunet.sys (AVM GmbH) DRV - (ATHFMWDL) -- C:\WINDOWS\system32\drivers\Athfmwdl.sys (Windows (R) 2000 DDK provider) DRV - (AR5523) -- C:\WINDOWS\system32\drivers\ar5523.sys (Atheros Communications, Inc.) DRV - (PCASp50) -- C:\WINDOWS\system32\drivers\PCASp50.sys (Printing Communications Assoc., Inc. (PCAUSA)) DRV - (MTsensor) -- C:\WINDOWS\system32\drivers\ASACPI.sys () ========== Standard Registry (SafeList) ========== ========== Internet Explorer ========== IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = %SystemRoot%\system32\blank.htm IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = hxxp://google.icq.com IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.yodl.de/ IE - HKCU\..\URLSearchHook: {00A6FAF6-072E-44cf-8957-5838F569A31D} - C:\Programme\MyWebSearch\SrchAstt\2.bin\MWSSRCAS.DLL File not found IE - HKCU\..\URLSearchHook: {855F3B16-6D32-4fe6-8A56-BBB695989046} - C:\Programme\ICQToolbar\toolbaru.dll File not found IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = fritz.box ========== FireFox ========== FF - prefs.js..browser.search.defaultenginename: "Google" FF - prefs.js..browser.search.defaulturl: "hxxp://www.google.com/search?lr=&ie=UTF-8&oe=UTF-8&q=" FF - prefs.js..browser.search.selectedEngine: "Google" FF - prefs.js..browser.startup.homepage: "hxxp://de.wikipedia.org/wiki/Wikipedia:Hauptseite|hxxp://www.metallicamp.de/|hxxp://www.schülervz.de/|hxxp://eschweger-ruderverein.de/|hxxp://www.gmx.net/" FF - prefs.js..extensions.enabledItems: jqs@sun.com:1.0 FF - prefs.js..extensions.enabledItems: moveplayer@movenetworks.com:1.0.0.071303000004 FF - prefs.js..extensions.enabledItems: {B13721C7-F507-4982-B2E5-502A71474FED}:2.2.0.102 FF - HKLM\software\mozilla\Mozilla Firefox 3.6.9\extensions\\Components: C:\Programme\Mozilla Firefox\components [2006.01.01 00:06:46 | 000,000,000 | ---D | M] FF - HKLM\software\mozilla\Mozilla Firefox 3.6.9\extensions\\Plugins: C:\Programme\Mozilla Firefox\plugins [2010.09.09 19:24:46 | 000,000,000 | ---D | M] [2008.07.21 23:17:10 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\****\Anwendungsdaten\Mozilla\Extensions [2010.09.13 15:57:29 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\****\Anwendungsdaten\Mozilla\Firefox\Profiles\pg396of6.default\extensions [2009.09.03 20:13:52 | 000,000,000 | ---D | M] (Microsoft .NET Framework Assistant) -- C:\Dokumente und Einstellungen\****\Anwendungsdaten\Mozilla\Firefox\Profiles\pg396of6.default\extensions\{20a82645-c095-46ed-80e3-08825760534b} [2010.09.02 22:15:31 | 000,000,000 | ---D | M] (Google Toolbar for Firefox) -- C:\Dokumente und Einstellungen\****\Anwendungsdaten\Mozilla\Firefox\Profiles\pg396of6.default\extensions\{3112ca9c-de6d-4884-a869-9855de68056c} [2008.07.03 23:15:32 | 000,000,000 | ---D | M] (Stylish) -- C:\Dokumente und Einstellungen\****\Anwendungsdaten\Mozilla\Firefox\Profiles\pg396of6.default\extensions\{46551EC9-40F0-4e47-8E18-8E5CF550CFB8} [2009.11.06 22:33:49 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\****\Anwendungsdaten\Mozilla\Firefox\Profiles\pg396of6.default\extensions\moveplayer@movenetworks.com [2010.09.13 22:18:08 | 000,000,000 | ---D | M] -- C:\Programme\Mozilla Firefox\extensions [2007.06.29 14:41:40 | 000,000,000 | ---D | M] (Google Toolbar for Firefox) -- C:\Programme\Mozilla Firefox\extensions\{3112ca9c-de6d-4884-a869-9855de68056c} [2009.04.08 04:06:28 | 000,122,880 | ---- | M] (AB) -- C:\Programme\Mozilla Firefox\plugins\NPOP7PlugIn.dll [2006.01.01 00:41:08 | 000,001,392 | ---- | M] () -- C:\Programme\Mozilla Firefox\searchplugins\amazondotcom-de.xml [2008.07.29 20:37:20 | 000,001,674 | ---- | M] () -- C:\Programme\Mozilla Firefox\searchplugins\clipfish.xml [2008.07.29 20:37:20 | 000,000,908 | ---- | M] () -- C:\Programme\Mozilla Firefox\searchplugins\conrad.xml [2008.07.29 20:37:20 | 000,002,382 | ---- | M] () -- C:\Programme\Mozilla Firefox\searchplugins\discount24.xml [2006.01.01 00:41:08 | 000,002,344 | ---- | M] () -- C:\Programme\Mozilla Firefox\searchplugins\eBay-de.xml [2006.01.01 00:41:08 | 000,006,805 | ---- | M] () -- C:\Programme\Mozilla Firefox\searchplugins\leo_ende_de.xml [2008.07.29 20:37:20 | 000,000,942 | ---- | M] () -- C:\Programme\Mozilla Firefox\searchplugins\musicload.xml [2008.07.29 20:37:20 | 000,002,015 | ---- | M] () -- C:\Programme\Mozilla Firefox\searchplugins\myvideo.xml [2008.07.29 20:37:20 | 000,001,918 | ---- | M] () -- C:\Programme\Mozilla Firefox\searchplugins\otto.xml [2008.07.29 20:37:20 | 000,000,653 | ---- | M] () -- C:\Programme\Mozilla Firefox\searchplugins\quelle.xml [2008.07.29 20:37:20 | 000,001,224 | ---- | M] () -- C:\Programme\Mozilla Firefox\searchplugins\telefonbuch-de.xml [2008.07.29 20:37:20 | 000,002,440 | ---- | M] () -- C:\Programme\Mozilla Firefox\searchplugins\webnews.xml [2006.01.01 00:41:08 | 000,001,178 | ---- | M] () -- C:\Programme\Mozilla Firefox\searchplugins\wikipedia-de.xml [2006.01.01 00:41:08 | 000,001,105 | ---- | M] () -- C:\Programme\Mozilla Firefox\searchplugins\yahoo-de.xml O1 HOSTS File: ([2004.08.04 14:00:00 | 000,000,820 | ---- | M]) - C:\WINDOWS\system32\drivers\etc\hosts O1 - Hosts: 127.0.0.1 localhost O2 - BHO: (MyWebSearch Search Assistant BHO) - {00A6FAF1-072E-44cf-8957-5838F569A31D} - C:\Programme\MyWebSearch\SrchAstt\2.bin\MWSSRCAS.DLL File not found O2 - BHO: (XTTBPos00 Class) - {055FD26D-3A88-4e15-963D-DC8493744B1D} - C:\Programme\ICQToolbar\toolbaru.dll File not found O2 - BHO: (mwsBar BHO) - {07B18EA1-A523-4961-B6BB-170DE4475CCA} - C:\Programme\MyWebSearch\bar\2.bin\MWSBAR.DLL File not found O2 - BHO: (Adobe PDF Link Helper) - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Programme\Gemeinsame Dateien\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll (Adobe Systems Incorporated) O2 - BHO: (Google Toolbar Notifier BHO) - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Programme\Google\GoogleToolbarNotifier\4.1.805.4472\swg.dll (Google Inc.) O3 - HKLM\..\Toolbar: (ICQ Toolbar) - {855F3B16-6D32-4fe6-8A56-BBB695989046} - C:\Programme\ICQToolbar\toolbaru.dll File not found O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {1017A80C-6F09-4548-A84D-EDD6AC9525F0} - No CLSID value found. O3 - HKCU\..\Toolbar\WebBrowser: (ICQ Toolbar) - {855F3B16-6D32-4FE6-8A56-BBB695989046} - C:\Programme\ICQToolbar\toolbaru.dll File not found O4 - HKLM..\Run: [Adobe ARM] C:\Programme\Gemeinsame Dateien\Adobe\ARM\1.0\AdobeARM.exe (Adobe Systems Incorporated) O4 - HKLM..\Run: [Alcmtr] File not found O4 - HKLM..\Run: [avgnt] D:\Programme\Avira\AntiVir Desktop\avgnt.exe (Avira GmbH) O4 - HKLM..\Run: [My Web Search Bar] C:\PROGRA~1\MYWEBS~1\bar\2.bin\MWSBAR.DLL File not found O4 - HKLM..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe (Nero AG) O4 - HKLM..\Run: [NI.UWA6PU_0001_N91M2107] C:\Dokumente und Einstellungen\****\Desktop\Downloads\WinAntiVirusPro2006FreeInstall_de.exe File not found O4 - HKLM..\Run: [NvCplDaemon] C:\WINDOWS\System32\NvCpl.DLL (NVIDIA Corporation) O4 - HKLM..\Run: [NvMediaCenter] C:\WINDOWS\System32\NvMcTray.DLL (NVIDIA Corporation) O4 - HKLM..\Run: [nwiz] File not found O4 - HKLM..\Run: [RegistryMechanic] File not found O4 - HKLM..\Run: [RTHDCPL] File not found O4 - HKLM..\Run: [SkyTel] File not found O4 - HKLM..\Run: [SoundMan] C:\WINDOWS\soundman.exe (Realtek Semiconductor Corp.) O4 - HKLM..\Run: [SunJavaUpdateSched] C:\Programme\Gemeinsame Dateien\Java\Java Update\jusched.exe (Sun Microsystems, Inc.) O4 - HKCU..\Run: [Infium] C:\Programme\QIP Infium\infium.exe (QIP) O4 - HKCU..\Run: [MyWebSearch Email Plugin] C:\PROGRA~1\MYWEBS~1\bar\2.bin\mwsoemon.exe File not found O4 - HKCU..\Run: [Steam] c:\programme\steam\steam.exe (Valve Corporation) O4 - HKLM..\RunOnce: [Malwarebytes' Anti-Malware] C:\Programme\Malwarebytes' Anti-Malware\mbamgui.exe (Malwarebytes Corporation) O4 - Startup: C:\Dokumente und Einstellungen\All Users\Startmenü\Programme\Autostart\802.11g Wireless Client Utility.lnk = C:\Programme\TRENDware\TEW444UB\WLACU.exe () O4 - Startup: C:\Dokumente und Einstellungen\All Users\Startmenü\Programme\Autostart\TEW-444UB Wireless Client Utility.lnk = C:\Programme\TRENDnet\TEW-444UB Wireless Client Utility\UMCCfg.exe () O4 - Startup: C:\Dokumente und Einstellungen\****\Startmenü\Programme\Autostart\OpenOffice.org 3.2.lnk = C:\Programme\OpenOffice.org 3\program\quickstart.exe () O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1 O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145 O9 - Extra Button: ICQ Lite - {B863453A-26C3-4e1f-A54D-A2CD196348E9} - C:\Programme\ICQLite\ICQLite.exe File not found O9 - Extra 'Tools' menuitem : ICQ Lite - {B863453A-26C3-4e1f-A54D-A2CD196348E9} - C:\Programme\ICQLite\ICQLite.exe File not found O9 - Extra Button: ICQ6 - {E59EB121-F339-4851-A3BA-FE49C35617C2} - C:\Programme\ICQ6.5\ICQ.exe (ICQ, LLC.) O9 - Extra 'Tools' menuitem : ICQ6 - {E59EB121-F339-4851-A3BA-FE49C35617C2} - C:\Programme\ICQ6.5\ICQ.exe (ICQ, LLC.) O9 - Extra Button: PokerStars.net - {FA9B9510-9FCB-4ca0-818C-5D0987B47C4D} - C:\Programme\PokerStars.NET\PokerStarsUpdate.exe (PokerStars) O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_18-windows-i586.cab (Java Plug-in 1.6.0_18) O16 - DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} hxxp://fpdownload.macromedia.com/get/flashplayer/current/ultrashim.cab (Reg Error: Key error.) O16 - DPF: {CAFEEFAC-0016-0000-0001-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_01-windows-i586.cab (Java Plug-in 1.6.0_01) O16 - DPF: {CAFEEFAC-0016-0000-0018-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_18-windows-i586.cab (Java Plug-in 1.6.0_18) O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_18-windows-i586.cab (Java Plug-in 1.6.0_18) O16 - DPF: {D0C0F75C-683A-4390-A791-1ACFD5599AB8} hxxp://icq.oberon-media.com/Gameshell/GameHost/1.0/OberonGameHost.cab (Oberon Flash Game Host) O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} hxxp://fpdownload.macromedia.com/pub/shockwave/cabs/flash/swflash.cab (Shockwave Flash Object) O18 - Protocol\Handler\http\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Gemeinsame Dateien\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation) O18 - Protocol\Handler\http\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Gemeinsame Dateien\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation) O18 - Protocol\Handler\https\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Gemeinsame Dateien\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation) O18 - Protocol\Handler\https\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Gemeinsame Dateien\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation) O18 - Protocol\Handler\ipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Gemeinsame Dateien\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation) O18 - Protocol\Handler\msdaipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Gemeinsame Dateien\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation) O18 - Protocol\Handler\msdaipp\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Gemeinsame Dateien\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation) O18 - Protocol\Handler\ms-itss {0A9007C0-4076-11D3-8789-0000F8105754} - C:\Programme\Gemeinsame Dateien\Microsoft Shared\Information Retrieval\MSITSS.DLL (Microsoft Corporation) O18 - Protocol\Handler\mso-offdap11 {32505114-5902-49B2-880A-1F7738E5A384} - C:\Programme\Gemeinsame Dateien\Microsoft Shared\Web Components\11\OWC11.DLL (Microsoft Corporation) O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Programme\Gemeinsame Dateien\Skype\Skype4COM.dll (Skype Technologies) O18 - Protocol\Filter\text/xml {807553E5-5146-11D5-A672-00B0D022E945} - C:\Programme\Gemeinsame Dateien\Microsoft Shared\OFFICE11\MSOXMLMF.DLL (Microsoft Corporation) O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation) O24 - Desktop Components:0 (Die derzeitige Homepage) - About:Home O24 - Desktop WallPaper: C:\Dokumente und Einstellungen\****\Lokale Einstellungen\Anwendungsdaten\Microsoft\Wallpaper1.bmp O24 - Desktop BackupWallPaper: C:\Dokumente und Einstellungen\****\Lokale Einstellungen\Anwendungsdaten\Microsoft\Wallpaper1.bmp O32 - HKLM CDRom: AutoRun - 1 O32 - AutoRun File - [2007.06.20 14:25:51 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ] O33 - MountPoints2\{545fbfa0-aa7c-11dc-bf3d-0014d1c1cb85}\Shell - "" = AutoRun O33 - MountPoints2\{545fbfa0-aa7c-11dc-bf3d-0014d1c1cb85}\Shell\AutoRun - "" = Auto&Play O33 - MountPoints2\{545fbfa0-aa7c-11dc-bf3d-0014d1c1cb85}\Shell\AutoRun\command - "" = J:\AutoRun.exe -- File not found O33 - MountPoints2\{545fbfa2-aa7c-11dc-bf3d-0014d1c1cb85}\Shell - "" = AutoRun O33 - MountPoints2\{545fbfa2-aa7c-11dc-bf3d-0014d1c1cb85}\Shell\AutoRun - "" = Auto&Play O33 - MountPoints2\{545fbfa2-aa7c-11dc-bf3d-0014d1c1cb85}\Shell\AutoRun\command - "" = J:\AutoRun.exe -- File not found O33 - MountPoints2\{688c0d76-30d7-11dd-bfeb-0014d1c1cb85}\Shell - "" = AutoRun O33 - MountPoints2\{688c0d76-30d7-11dd-bfeb-0014d1c1cb85}\Shell\AutoRun - "" = Auto&Play O33 - MountPoints2\{688c0d76-30d7-11dd-bfeb-0014d1c1cb85}\Shell\AutoRun\command - "" = J:\preinst.exe -- File not found O33 - MountPoints2\{7882c6c1-1f30-11dc-8ae2-806d6172696f}\Shell - "" = AutoRun O33 - MountPoints2\{7882c6c1-1f30-11dc-8ae2-806d6172696f}\Shell\AutoRun - "" = Auto&Play O33 - MountPoints2\{7882c6c1-1f30-11dc-8ae2-806d6172696f}\Shell\AutoRun\command - "" = E:\Setup.exe -- File not found O33 - MountPoints2\{acc91ba6-2308-11dc-98bf-806d6172696f}\Shell - "" = AutoRun O33 - MountPoints2\{acc91ba6-2308-11dc-98bf-806d6172696f}\Shell\AutoRun - "" = Auto&Play O33 - MountPoints2\{acc91ba6-2308-11dc-98bf-806d6172696f}\Shell\AutoRun\command - "" = E:\ASUSACPI.exe -- File not found O34 - HKLM BootExecute: (autocheck autochk *) - File not found O35 - HKLM\..comfile [open] -- "%1" %* O35 - HKLM\..exefile [open] -- "%1" %* O36 - AppCertDlls: arpsmss - (C:\WINDOWS\cidamapi.dll) - C:\WINDOWS\cidamapi.dll () O37 - HKLM\...com [@ = comfile] -- "%1" %* O37 - HKLM\...exe [@ = exefile] -- "%1" %* ========== Files/Folders - Created Within 30 Days ========== [2010.09.13 22:14:00 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\****\Anwendungsdaten\Malwarebytes [2010.09.13 22:13:54 | 000,038,224 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbamswissarmy.sys [2010.09.13 22:13:52 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Malwarebytes [2010.09.13 22:13:51 | 000,020,952 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbam.sys [2010.09.13 22:13:51 | 000,000,000 | ---D | C] -- C:\Programme\Malwarebytes' Anti-Malware [2010.09.09 19:23:58 | 000,000,000 | ---D | C] -- C:\Programme\Adobe [2010.08.31 18:38:59 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\****\Lokale Einstellungen\Anwendungsdaten\cache [2010.08.31 18:34:46 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\****\Lokale Einstellungen\Anwendungsdaten\FullTiltPoker [2010.08.31 18:34:22 | 000,000,000 | ---D | C] -- C:\Programme\Full Tilt Poker [6 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ] [4 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ] ========== Files - Modified Within 30 Days ========== [2010.09.13 22:13:57 | 000,000,676 | ---- | M] () -- C:\Dokumente und Einstellungen\All Users\Desktop\Malwarebytes' Anti-Malware.lnk [2010.09.12 22:50:34 | 014,680,064 | -H-- | M] () -- C:\Dokumente und Einstellungen\****\NTUSER.DAT [2010.09.12 22:50:34 | 000,000,300 | -HS- | M] () -- C:\Dokumente und Einstellungen\****\ntuser.ini [2010.09.09 22:15:12 | 000,023,552 | ---- | M] () -- C:\Dokumente und Einstellungen\****\Eigene Dateien\blasenschwäche monsters.doc [2010.09.09 19:24:46 | 000,001,709 | ---- | M] () -- C:\Dokumente und Einstellungen\All Users\Desktop\Adobe Reader 9.lnk [2010.09.09 19:03:51 | 000,000,202 | ---- | M] () -- C:\WINDOWS\NeroDigital.ini [2010.09.09 19:01:05 | 000,046,592 | ---- | M] () -- C:\WINDOWS\cidamapi.dll [2010.09.06 21:19:12 | 000,060,416 | ---- | M] (Realtek Semiconductor Corp.) -- C:\WINDOWS\ALCFDRTM.VER [2010.09.03 17:47:08 | 000,036,864 | ---- | M] () -- C:\Dokumente und Einstellungen\****\Eigene Dateien\Skiurlaub.doc [2010.09.02 22:05:00 | 003,979,664 | ---- | M] () -- C:\Dokumente und Einstellungen\****\Eigene Dateien\D_B21u.pdf [2010.08.31 18:34:38 | 000,000,768 | ---- | M] () -- C:\Dokumente und Einstellungen\All Users\Desktop\Full Tilt Poker.lnk [2010.08.23 23:02:19 | 000,038,400 | ---- | M] () -- C:\Dokumente und Einstellungen\****\Desktop\eragon leseprobe.doc [6 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ] [4 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ] ========== Files Created - No Company Name ========== [2010.09.13 22:13:57 | 000,000,676 | ---- | C] () -- C:\Dokumente und Einstellungen\All Users\Desktop\Malwarebytes' Anti-Malware.lnk [2010.09.09 19:24:46 | 000,001,709 | ---- | C] () -- C:\Dokumente und Einstellungen\All Users\Desktop\Adobe Reader 9.lnk [2010.09.09 19:01:05 | 000,046,592 | ---- | C] () -- C:\WINDOWS\cidamapi.dll [2010.09.03 17:47:07 | 000,036,864 | ---- | C] () -- C:\Dokumente und Einstellungen\****\Eigene Dateien\Skiurlaub.doc [2010.09.02 22:05:00 | 003,979,664 | ---- | C] () -- C:\Dokumente und Einstellungen\****\Eigene Dateien\D_B21u.pdf [2010.09.01 22:36:21 | 000,023,552 | ---- | C] () -- C:\Dokumente und Einstellungen\****\Eigene Dateien\blasenschwäche monsters.doc [2010.08.31 18:34:38 | 000,000,768 | ---- | C] () -- C:\Dokumente und Einstellungen\All Users\Desktop\Full Tilt Poker.lnk [2010.01.23 02:37:01 | 000,000,279 | ---- | C] () -- C:\WINDOWS\game.ini [2009.12.05 23:13:21 | 000,000,118 | ---- | C] () -- C:\WINDOWS\Podcasts.INI [2009.11.07 18:18:13 | 000,000,000 | ---- | C] () -- C:\WINDOWS\iPlayer.INI [2009.09.26 00:20:28 | 000,041,872 | ---- | C] () -- C:\WINDOWS\System32\xfcodec.dll [2009.09.17 21:23:02 | 000,000,558 | ---- | C] () -- C:\WINDOWS\kaillera.ini [2009.05.23 11:38:50 | 000,022,328 | ---- | C] () -- C:\WINDOWS\System32\drivers\PnkBstrK.sys [2009.05.23 11:38:50 | 000,022,328 | ---- | C] () -- C:\Dokumente und Einstellungen\****\Anwendungsdaten\PnkBstrK.sys [2009.03.02 12:33:32 | 000,067,584 | ---- | C] () -- C:\WINDOWS\System32\ff_vfw.dll [2009.03.02 12:33:32 | 000,000,547 | ---- | C] () -- C:\WINDOWS\System32\ff_vfw.dll.manifest [2008.03.01 18:38:07 | 000,043,520 | ---- | C] () -- C:\WINDOWS\System32\CmdLineExt03.dll [2007.08.06 01:45:11 | 000,000,202 | ---- | C] () -- C:\WINDOWS\NeroDigital.ini [2007.08.06 01:45:10 | 000,033,280 | ---- | C] () -- C:\Dokumente und Einstellungen\****\Lokale Einstellungen\Anwendungsdaten\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini [2007.07.21 18:37:33 | 000,000,164 | ---- | C] () -- C:\WINDOWS\SIERRA.INI [2007.07.02 16:02:27 | 000,000,400 | ---- | C] () -- C:\WINDOWS\ODBC.INI [2007.06.29 16:49:01 | 000,040,960 | R--- | C] () -- C:\WINDOWS\System32\psfind.dll [2007.06.29 16:37:27 | 000,000,305 | ---- | C] () -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\addr_file.html [2007.06.25 12:56:20 | 000,143,360 | R--- | C] () -- C:\WINDOWS\System32\RtlCPAPI.dll [2007.06.25 12:51:04 | 000,020,771 | ---- | C] () -- C:\WINDOWS\Ascd_tmp.ini [2007.06.25 12:51:04 | 000,005,810 | R--- | C] () -- C:\WINDOWS\System32\drivers\ASACPI.sys [2007.06.25 12:50:57 | 000,005,824 | ---- | C] () -- C:\WINDOWS\System32\drivers\ASUSHWIO.SYS [2007.06.20 15:21:44 | 000,088,096 | ---- | C] () -- C:\WINDOWS\System32\drivers\CAUSB.SYS [2007.06.20 15:12:08 | 000,131,072 | ---- | C] () -- C:\WINDOWS\SNVerifyDLL.dll [2006.11.16 17:16:00 | 000,581,632 | ---- | C] () -- C:\WINDOWS\System32\nvhwvid.dll [2006.11.16 17:16:00 | 000,286,720 | ---- | C] () -- C:\WINDOWS\System32\nvnt4cpl.dll [2003.02.20 17:53:42 | 000,005,702 | ---- | C] () -- C:\WINDOWS\System32\OUTLPERF.INI [2002.03.21 12:51:52 | 000,503,808 | R--- | C] () -- C:\WINDOWS\System32\lt_xtrans.dll [2002.03.21 12:51:52 | 000,286,720 | R--- | C] () -- C:\WINDOWS\System32\MrSIDD.dll [2002.03.21 12:51:52 | 000,163,840 | R--- | C] () -- C:\WINDOWS\System32\lt_common.dll [2002.03.21 12:51:52 | 000,126,976 | R--- | C] () -- C:\WINDOWS\System32\lt_trans.dll [2002.03.21 12:51:52 | 000,069,632 | R--- | C] () -- C:\WINDOWS\System32\lt_meta.dll [2002.03.21 12:51:52 | 000,053,248 | R--- | C] () -- C:\WINDOWS\System32\lt_encrypt.dll [2002.03.21 12:51:52 | 000,020,480 | R--- | C] () -- C:\WINDOWS\System32\lt_messagetext.dll [2002.03.20 21:01:06 | 000,006,688 | R--- | C] () -- C:\WINDOWS\System32\Digita.sys [2002.03.20 21:00:20 | 000,049,152 | R--- | C] () -- C:\WINDOWS\System32\TransportUSB.dll [2002.03.20 21:00:20 | 000,049,152 | R--- | C] () -- C:\WINDOWS\System32\TransportSerial.dll [2002.03.20 21:00:20 | 000,049,152 | R--- | C] () -- C:\WINDOWS\System32\TransportIrDA.dll [2002.03.20 21:00:20 | 000,049,152 | R--- | C] () -- C:\WINDOWS\System32\TransportIrCOMM.dll ========== LOP Check ========== [2009.03.15 20:15:06 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\5600-6600 Series [2007.06.20 15:11:31 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\ACD Systems [2009.05.23 11:38:30 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\id Software [2009.12.05 22:31:46 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\RapidSolution [2010.06.29 22:58:23 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\TrackMania [2009.03.15 20:22:26 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\****\Anwendungsdaten\5600-6600 Series [2007.06.20 15:17:44 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\****\Anwendungsdaten\ACD Systems [2007.12.31 16:12:55 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\****\Anwendungsdaten\FunWebProducts [2010.05.24 18:02:59 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\****\Anwendungsdaten\GNU Solfege [2008.11.21 23:02:30 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\****\Anwendungsdaten\ICQ [2008.07.29 19:50:05 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\****\Anwendungsdaten\ICQ Toolbar [2007.06.29 16:45:50 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\****\Anwendungsdaten\ICQLite [2009.05.23 11:46:28 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\****\Anwendungsdaten\id Software [2009.03.16 18:20:15 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\****\Anwendungsdaten\Lexmark Productivity Studio [2010.03.02 18:38:22 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\****\Anwendungsdaten\OpenOffice.org [2008.11.05 17:57:42 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\****\Anwendungsdaten\QIP [2008.07.07 20:54:44 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\****\Anwendungsdaten\REAPER [2009.05.18 20:55:37 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\****\Anwendungsdaten\Recorder [2010.01.23 11:52:06 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\****\Anwendungsdaten\SPORE [2008.11.11 23:05:27 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\****\Anwendungsdaten\TeamViewer [2010.05.27 17:28:52 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\****\Anwendungsdaten\Teeworlds [2008.08.15 17:17:24 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\****\Anwendungsdaten\Warsow ========== Purity Check ========== < End of report > OTL Logfile: Code:
ATTFilter OTL Extras logfile created on: 13.09.2010 22:31:30 - Run 1 OTL by OldTimer - Version 3.2.12.0 Folder = C:\Dokumente und Einstellungen\***\Eigene Dateien\Downloads Windows XP Home Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation Internet Explorer (Version = 6.0.2900.5512) Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy 2,00 Gb Total Physical Memory | 1,00 Gb Available Physical Memory | 56,00% Memory free 4,00 Gb Paging File | 3,00 Gb Available in Paging File | 80,00% Paging File free Paging file location(s): C:\pagefile.sys 2046 4092 [binary data] %SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Programme Drive C: | 151,37 Gb Total Space | 30,96 Gb Free Space | 20,46% Space Free | Partition Type: NTFS Drive D: | 146,71 Gb Total Space | 95,44 Gb Free Space | 65,05% Space Free | Partition Type: NTFS E: Drive not present or media not loaded F: Drive not present or media not loaded G: Drive not present or media not loaded H: Drive not present or media not loaded I: Drive not present or media not loaded Computer Name: *** Current User Name: *** Logged in as Administrator. Current Boot Mode: Normal Scan Mode: Current user Company Name Whitelist: Off Skip Microsoft Files: Off File Age = 30 Days Output = Minimal ========== Extra Registry (SafeList) ========== ========== File Associations ========== [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>] .html [@ = FirefoxHTML] -- C:\Programme\Mozilla Firefox\firefox.exe (Mozilla Corporation) ========== Shell Spawning ========== [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command] batfile [open] -- "%1" %* cmdfile [open] -- "%1" %* comfile [open] -- "%1" %* exefile [open] -- "%1" %* htmlfile [edit] -- Reg Error: Key error. htmlfile [open] -- "C:\Programme\Mozilla Firefox\firefox.exe" (Mozilla Corporation) htmlfile [opennew] -- "C:\Programme\Mozilla Firefox\firefox.exe" (Mozilla Corporation) http [open] -- "C:\Programme\Mozilla Firefox\firefox.exe" -requestPending -osint -url "%1" (Mozilla Corporation) https [open] -- "C:\Programme\Mozilla Firefox\firefox.exe" -requestPending -osint -url "%1" (Mozilla Corporation) piffile [open] -- "%1" %* regfile [merge] -- Reg Error: Key error. scrfile [config] -- "%1" scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l (Microsoft Corporation) scrfile [open] -- "%1" /S txtfile [edit] -- Reg Error: Key error. Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1 Directory [AddToPlaylistVLC] -- C:\Programme\VideoLAN\VLC\vlc.exe --started-from-file --playlist-enqueue "%1" () Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation) Directory [PlayWithVLC] -- C:\Programme\VideoLAN\VLC\vlc.exe --started-from-file --no-playlist-enqueue "%1" () Folder [open] -- %SystemRoot%\Explorer.exe /idlist,%I,%L (Microsoft Corporation) Folder [explore] -- %SystemRoot%\Explorer.exe /e,/idlist,%I,%L (Microsoft Corporation) Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation) ========== Security Center Settings ========== [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center] "FirstRunDisabled" = 1 "AntiVirusDisableNotify" = 0 "FirewallDisableNotify" = 0 "UpdatesDisableNotify" = 0 "AntiVirusOverride" = 0 "FirewallOverride" = 0 [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\AhnlabAntiVirus] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ComputerAssociatesAntiVirus] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\KasperskyAntiVirus] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeAntiVirus] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeFirewall] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaAntiVirus] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaFirewall] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SophosAntiVirus] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TinyFirewall] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendAntiVirus] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendFirewall] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ZoneLabsFirewall] ========== Firewall Settings ========== [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile] [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\GloballyOpenPorts\List] "139:TCP" = 139:TCP:*:Enabled:@xpsp2res.dll,-22004 "445:TCP" = 445:TCP:*:Enabled:@xpsp2res.dll,-22005 "137:UDP" = 137:UDP:*:Enabled:@xpsp2res.dll,-22001 "138:UDP" = 138:UDP:*:Enabled:@xpsp2res.dll,-22002 "1900:UDP" = 1900:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22007 "2869:TCP" = 2869:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22008 [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile] "EnableFirewall" = 1 "DoNotAllowExceptions" = 0 "DisableNotifications" = 0 [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List] "1900:UDP" = 1900:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22007 "2869:TCP" = 2869:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22008 "139:TCP" = 139:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22004 "445:TCP" = 445:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22005 "137:UDP" = 137:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22001 "138:UDP" = 138:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22002 "58327:TCP" = 58327:TCP:*:Disabled:Skat-Online TCP "43319:UDP" = 43319:UDP:*:Disabled:Skat-Online UDP "1038:TCP" = 1038:TCP:*:Enabled:Akamai NetSession Interface "5000:UDP" = 5000:UDP:*:Enabled:Akamai NetSession Interface ========== Authorized Applications List ========== [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List] [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List] "C:\Programme\ICQLite\ICQLite.exe" = C:\Programme\ICQLite\ICQLite.exe:*:Enabled:ICQ Lite -- File not found "C:\Programme\Steam\Steam.exe" = C:\Programme\Steam\Steam.exe:*:Enabled:Steam Client -- (Valve Corporation) "C:\Programme\THQ\Titan Quest\Titan Quest.exe" = C:\Programme\THQ\Titan Quest\Titan Quest.exe:*:Enabled:Titan Quest -- () "C:\Programme\Xfire\Xfire.exe" = C:\Programme\Xfire\Xfire.exe:*:Enabled:Xfire -- (Xfire Inc.) "C:\Programme\Microsoft Games\Age of Mythology\aomx.exe" = C:\Programme\Microsoft Games\Age of Mythology\aomx.exe:*:Enabled:Age of Mythology - The Titans Expansion -- (Ensemble Studios) "C:\BlueByte\BBGC\BBGChan.exe" = C:\BlueByte\BBGC\BBGChan.exe:*:Enabled:BBGChan -- () "C:\Programme\THQ\Titan Quest Immortal Throne\Tqit.exe" = C:\Programme\THQ\Titan Quest Immortal Throne\Tqit.exe:*:Enabled:Tqit -- () "C:\Programme\Metin2_Germany\metin2.bin" = C:\Programme\Metin2_Germany\metin2.bin:*:Enabled:metin2 -- File not found "C:\Dokumente und Einstellungen\***\Desktop\Metin2_Germany\metin2.bin" = C:\Dokumente und Einstellungen\***\Desktop\Metin2_Germany\metin2.bin:*:Enabled:metin2 -- () "C:\Programme\Mozilla Firefox\firefox.exe" = C:\Programme\Mozilla Firefox\firefox.exe:*:Enabled:Firefox -- (Mozilla Corporation) "C:\Programme\Steam\steamapps\dark_ares_from_hell\condition zero\hl.exe" = C:\Programme\Steam\steamapps\dark_ares_from_hell\condition zero\hl.exe:*:Enabled:Half-Life Launcher -- (Valve) "C:\Programme\ICQ6\ICQ.exe" = C:\Programme\ICQ6\ICQ.exe:*:Enabled:ICQ6 -- File not found "C:\Programme\QIP\qip.exe" = C:\Programme\QIP\qip.exe:*:Enabled:Quiet Internet Pager -- (The Author of QIP) "C:\Dokumente und Einstellungen\***\Desktop\Downloads\SRO_NEW_Full-Client_Downloader.exe" = C:\Dokumente und Einstellungen\***\Desktop\Downloads\SRO_NEW_Full-Client_Downloader.exe:*:Enabled:Full-Client Downloader -- (Joymax) "C:\Dokumente und Einstellungen\***\temp\TeamViewer3\TeamViewer.exe" = C:\Dokumente und Einstellungen\***\temp\TeamViewer3\TeamViewer.exe:*:Enabled:TeamViewer Remote Control Application -- (TeamViewer GmbH) "C:\Dokumente und Einstellungen\***\Eigene Dateien\Meine Alben\teeworlds-0.4.2-win32\teeworlds_srv.exe" = C:\Dokumente und Einstellungen\***\Eigene Dateien\Meine Alben\teeworlds-0.4.2-win32\teeworlds_srv.exe:*:Enabled:teeworlds_srv -- File not found "C:\Dokumente und Einstellungen\***\Eigene Dateien\Eigene Dateien\UT2004\System\UT2004.exe" = C:\Dokumente und Einstellungen\***\Eigene Dateien\Eigene Dateien\UT2004\System\UT2004.exe:*:Enabled:UT2004 -- () "C:\Programme\QIP Infium\infium.exe" = C:\Programme\QIP Infium\infium.exe:*:Enabled:QIP Infium -- (QIP) "C:\Dokumente und Einstellungen\***\Anwendungsdaten\Macromedia\Flash Player\www.macromedia.com\bin\octoshape\octoshape.exe" = C:\Dokumente und Einstellungen\***\Anwendungsdaten\Macromedia\Flash Player\www.macromedia.com\bin\octoshape\octoshape.exe:*:Enabled:Octoshape add-in for Adobe Flash Player -- (Octoshape ApS) "C:\Programme\Lexmark 5600-6600 Series\lxduamon.exe" = C:\Programme\Lexmark 5600-6600 Series\lxduamon.exe:*:Enabled:Lexmark Device Monitor -- File not found "C:\Programme\Lexmark 5600-6600 Series\frun.exe" = C:\Programme\Lexmark 5600-6600 Series\frun.exe:*:Enabled:Lexmark Productivity Studio -- File not found "C:\Programme\Abbyy FineReader 6.0 Sprint\Scan\ScanMan6.exe" = C:\Programme\Abbyy FineReader 6.0 Sprint\Scan\ScanMan6.exe:*:Enabled:ABBYY FineReader -- (ABBYY (BIT Software)) "C:\Programme\Lexmark 5600-6600 Series\lxdufax.exe" = C:\Programme\Lexmark 5600-6600 Series\lxdufax.exe:*:Enabled:Fax software -- File not found "C:\Programme\Java\jre6\bin\java.exe" = C:\Programme\Java\jre6\bin\java.exe:*:Enabled:Java(TM) Platform SE binary -- (Sun Microsystems, Inc.) "C:\Programme\Steam\steamapps\dark_ares_from_hell\condition zero deleted scenes\hl.exe" = C:\Programme\Steam\steamapps\dark_ares_from_hell\condition zero deleted scenes\hl.exe:*:Enabled:Half-Life Launcher -- (Valve) "C:\Programme\mIRC\mirc.exe" = C:\Programme\mIRC\mirc.exe:*:Enabled:mIRC -- File not found "C:\Programme\TmNationsForever\TmForever.exe" = C:\Programme\TmNationsForever\TmForever.exe:*:Enabled:TmForever -- () "C:\maxga\SnowBoundOnline\Run.exe" = C:\maxga\SnowBoundOnline\Run.exe:*:Enabled:SnowBound Online -- File not found "C:\Programme\ICQ6.5\ICQ.exe" = C:\Programme\ICQ6.5\ICQ.exe:*:Enabled:ICQ6 -- (ICQ, LLC.) "C:\Programme\devolo\informer\devinf.exe" = C:\Programme\devolo\informer\devinf.exe:*:Enabled:devolo Informer -- (devolo AG) "C:\Programme\maxga\SnowBoundOnline\Run.exe" = C:\Programme\maxga\SnowBoundOnline\Run.exe:*:Enabled:SnowBound Online -- () "C:\Programme\metinspeed\Longju3 & Tunamt2\1_Longju3 & Tunamt2.exe" = C:\Programme\metinspeed\Longju3 & Tunamt2\1_Longju3 & Tunamt2.exe:*:Enabled:1_Longju3 & Tunamt2 -- File not found "C:\WINDOWS\system32\dpvsetup.exe" = C:\WINDOWS\system32\dpvsetup.exe:*:Enabled:Microsoft DirectPlay Voice Test -- (Microsoft Corporation) "C:\Programme\metinspeed\Longju3 & Tunamt2\longju3_and_tunamt2.exe" = C:\Programme\metinspeed\Longju3 & Tunamt2\longju3_and_tunamt2.exe:*:Enabled:longju3_and_tunamt2 -- () "C:\Dokumente und Einstellungen\***\Desktop\worms\wwp.exe" = C:\Dokumente und Einstellungen\***\Desktop\worms\wwp.exe:*:Enabled:Worms World Party -- File not found "C:\Dokumente und Einstellungen\***\Desktop\quake\quake3.exe" = C:\Dokumente und Einstellungen\***\Desktop\quake\quake3.exe:*:Enabled:quake3 -- File not found "D:\Programme\COD 4\game\iw3mp.exe" = D:\Programme\COD 4\game\iw3mp.exe:*:Enabled:Call of Duty(R) 4 - Modern Warfare(TM) -- () "D:\Programme\quake\quake3.exe" = D:\Programme\quake\quake3.exe:*:Enabled:quake3 -- () "D:\Programme\wc3\Warcraft III.exe" = D:\Programme\wc3\Warcraft III.exe:*:Enabled:Warcraft III -- (Blizzard Entertainment) "C:\Dokumente und Einstellungen\***\Desktop\Metin2_Germany\metin2client.bin" = C:\Dokumente und Einstellungen\***\Desktop\Metin2_Germany\metin2client.bin:*:Enabled:metin2client -- () "C:\Programme\Steam\steamapps\dark_ares_from_hell\counter-strike\hl.exe" = C:\Programme\Steam\steamapps\dark_ares_from_hell\counter-strike\hl.exe:*:Enabled:Counter-Strike -- (Valve) ========== HKEY_LOCAL_MACHINE Uninstall List ========== [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall] "{01501EBA-EC35-4F9F-8889-3BE346E5DA13}" = MSXML4 Parser "{048298C9-A4D3-490B-9FF9-AB023A9238F3}" = Steam "{13F3917B56CD4C25848BDC69916971BB}" = DivX Converter "{1632FD86-1BA4-4FC4-8B25-A8C655D63F68}" = Sid Meier's Pirates! "{18D10072035C4515918F7E37EAFAACFC}" = AutoUpdate "{192A107E-C6B9-41B9-BDBF-38E3AA226054}" = OpenOffice.org 3.2 "{1A0B8239-664B-434A-99D8-C50793513249}" = Audials TV "{1D14373E-7970-4F2F-A467-ACA4F0EA21E3}" = Google Earth "{1E66C7FF-F827-4AEF-A998-932EA824998B}" = Aqua Real "{24508D50-EB8F-4FE6-B69D-B4935D8745EF}_is1" = Warsow 0.42 "{26A24AE4-039D-4CA4-87B4-2F83216018FF}" = Java(TM) 6 Update 18 "{2B54B4B6-5834-494D-81E6-79AC3955EEE5}_is1" = SnowBound Online v2.0 "{2CEA7E55-D41E-4D58-91FB-E14F1FD690AE}" = And Yet It Moves "{3248F0A8-6813-11D6-A77B-00B0D0160010}" = Java(TM) SE Runtime Environment 6 Update 1 "{32A3A4F4-B792-11D6-A78A-00B0D0160010}" = Java(TM) SE Development Kit 6 Update 1 "{350C97B3-3D7C-4EE8-BAA9-00BCB3D54227}" = WebFldrs XP "{3EAAC5FD-E209-4856-8C49-D4EA40F85032}" = o2 Surf Box mini "{3FC7CBBC4C1E11DCA1A752EA55D89593}" = DivX Version Checker "{412B69AF-C352-4F6F-A318-B92B3CB9ACC6}" = Titan Quest "{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater "{5C82DAE5-6EB0-4374-9254-BE3319BA4E82}" = Skype™ 3.8 "{60DE4033-9503-48D1-A483-7846BD217CA9}" = ICQ6.5 "{6811CAA0-BF12-11D4-9EA1-0050BAE317E1}" = PowerDVD "{6E7DD182-9FC6-4651-0095-2E666CC6AF35}" = Die Sims 2 "{767CC44C-9BBC-438D-BAD3-FD4595DD148B}" = VC80CRTRedist - 8.0.50727.762 "{7B63B2922B174135AFC0E1377DD81EC2}" = DivX Codec "{80C7431E-CB45-40F4-AB4E-090E8AD4706D}" = AudialsOne "{837b34e3-7c30-493c-8f6a-2b0f04e2912c}" = Microsoft Visual C++ 2005 Redistributable "{8795CBED-55E2-4693-9F14-84EC446935BE}" = SpeechRedist "{8ADFC4160D694100B5B8A22DE9DCABD9}" = DivX Player "{8EC3DC60-AD23-4DB6-866A-9D59FC75C3A2}" = 802.11g Driver and Client Applications "{91120407-6000-11D3-8CFE-0150048383C9}" = Microsoft Office Standard Edition 2003 "{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 "{9C450606-ED24-4958-92BA-B8940C99D441}" = PixiePack Codec Pack "{9DF0196F-B6B8-4C3A-8790-DE42AA530101}" = SPORE™ "{A3051CD0-2F64-3813-A88D-B8DCCDE8F8C7}" = Microsoft .NET Framework 3.0 Service Pack 2 "{A7AAB3EA-BF72-494E-BCF4-8BA9A068982A}" = TEW-444UB Wireless Client Utility "{A96E97134CA649888820BCDE5E300BBD}" = H.264 Decoder "{AAC389499AEF40428987B3D30CFC76C9}" = MKV Splitter "{AC76BA86-7AD7-1031-7B44-A93000000001}" = Adobe Reader 9.3.4 - Deutsch "{ACF60000-22B9-4CE9-98D6-2CCF359BAC07}" = ABBYY FineReader 6.0 Sprint "{AEF9DC35ADDF4825B049ACBFD1C6EB37}" = AAC Decoder "{AF5E8D43-49AD-4BE7-A941-2BB0A8CACA62}" = ACDSee 5.0 Standard "{B13A7C41581B411290FBC0395694E2A9}" = DivX Converter "{B5C5C17E-FEF6-4062-8151-A427AE8AF9D7}" = Titan Quest Immortal Throne "{B7050CBDB2504B34BC2A9CA0A692CC29}" = DivX Web Player "{C09FB3CD-3D0C-3F2D-899A-6A1D67F2073F}" = Microsoft .NET Framework 2.0 Service Pack 2 "{CBE5272C-CE7D-42D0-B531-D386F6E11774}" = Crazy Machines - Neue Herausforderungen Demo "{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1 "{D4C9692E-4EFA-4DA0-8B7F-9439466D9E31}" = Full Tilt Poker "{D96021A9-B290-4783-B019-0E4000DA84CE}" = S4 League_EU "{DEA314C4-0929-4250-BC92-98E4C105F28D}" = NVIDIA PhysX "{E48469CC-635E-4FD5-A122-1497C286D217}" = Call of Duty(R) 4 - Modern Warfare(TM) "{F2DD7B9B-4384-4131-A79C-804D6E0564BD}" = USB Mass Storage Reader "{F5C521B6-1AF2-432C-A061-E79E2141A32F}" = Quake Live Mozilla Plugin "{FB08F381-6533-4108-B7DD-039E11FBC27E}" = Realtek AC'97 Audio "Adobe Flash Player ActiveX" = Adobe Flash Player ActiveX "Adobe Flash Player Plugin" = Adobe Flash Player 10 Plugin "Adobe Shockwave Player" = Adobe Shockwave Player "Age of Mythology Expansion Pack 1.0" = Age of Mythology Gold "Akamai" = Akamai NetSession Interface "ASIO4ALL" = ASIO4ALL "AudioRecorder" = AudioRecorder "Avira AntiVir Desktop" = Avira AntiVir Personal - Free Antivirus "B707EEAE-DCAF-448F-8A9D-05FADD5236B4" = Prof. Genius Logiktrainer "Blue Byte Game Channel" = Blue Byte Game Channel "CFF5FD902CAD8828AC62E155C542E69D5439C37A" = Windows-Treiberpaket - Advanced Micro Devices (AmdK8) Processor (04/28/2006 1.3.1.0) "Custom Mod : Lilith v0.98_is1" = Custom Mod : Lilith v0.98 "Diablo II" = Diablo II "DivX Plus DirectShow Filters" = DivX Plus DirectShow Filters "dlanconf" = devolo dLAN-Konfigurationsassistent "dslmon" = devolo Informer "Eets" = Eets "Free M4a to MP3 Converter_is1" = Free M4a to MP3 Converter 5.9 "Genius Move" = Genius Move "GNU Solfege_is1" = GNU Solfege 3.14.11 "Google Updater" = Google Updater "Guild Wars" = GUILD WARS "Guitar Pro 5_is1" = Guitar Pro 5.0 "Hamachi" = Hamachi 1.0.3.0 "HyperCam 2" = HyperCam 2 "InstallShield_{1632FD86-1BA4-4FC4-8B25-A8C655D63F68}" = Sid Meier's Pirates! "InstallShield_{E48469CC-635E-4FD5-A122-1497C286D217}" = Call of Duty(R) 4 - Modern Warfare(TM) "InterActual Player" = InterActual Player "Lilith The Will of Demon : Battles of Jalavia Ma~52337B8F_is1" = Lilith The Will of Demon : Battles of Jalavia Masteries Edition "Lilith The Will of Demon : Difficulty Changer_is1" = Lilith The Will of Demon : Difficulty Changer v1.1 "Malwarebytes' Anti-Malware_is1" = Malwarebytes' Anti-Malware "Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1 "Mozilla Firefox (3.6.9)" = Mozilla Firefox (3.6.9) "MSCompPackV1" = Microsoft Compression Client Pack 1.0 for Windows XP "MyWebSearch bar Uninstall" = My Web Search (Smiley Central) "Nero - Burning Rom!UninstallKey" = Nero 6 "NVIDIA Display Control Panel" = NVIDIA Display Control Panel "NVIDIA Drivers" = NVIDIA Drivers "NVIDIA nView Desktop Manager" = NVIDIA nView Desktop Manager "OPERATION7" = OPERATION7 "PokerStars.net" = PokerStars.net "PunkBusterSvc" = PunkBuster Services "QIP 8070_neu Jeak Edition" = QIP 8070_neu Jeak Edition "QIP2005" = QIP 2005 Uninstall "REAPER" = REAPER "Registry Mechanic_is1" = Registry Mechanic 7.0 "S4Uninst" = Die Siedler IV "ShockwaveFlash" = Adobe Flash Player 9 ActiveX "Silkroad" = Silkroad "ST6UNST #1" = Recorder "Steam App 10" = Counter-Strike "Steam App 100" = Condition Zero Deleted Scenes "Steam App 400" = Portal "Teamspeak 2 RC2_is1" = TeamSpeak 2 RC2 "Titan Quest Screensaver" = Titan Quest Screensaver "TmNationsForever_is1" = TmNationsForever "TQVault_is1" = TQVault 2.11 "UT2004" = Unreal Tournament 2004 "VLC media player" = VideoLAN VLC media player 0.8.6b "WIC" = Windows Imaging Component "Windows Media Format Runtime" = Windows Media Format 11 runtime "Windows Media Player" = Windows Media Player 11 "Windows XP Service Pack" = Windows XP Service Pack 3 "WinRAR archiver" = WinRAR Archivierer "WMFDist11" = Windows Media Format 11 runtime "wmp11" = Windows Media Player 11 "Wudf01000" = Microsoft User-Mode Driver Framework Feature Pack 1.0 "Xfire" = Xfire (remove only) "XTTB00001.XTTB00001Toolbar" = ICQ Toolbar ========== HKEY_CURRENT_USER Uninstall List ========== [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall] "Octoshape add-in for Adobe Flash Player" = Octoshape add-in for Adobe Flash Player "QIP Infium" = QIP Infium 2.0.9030 RC4 "sc09-ORF_MAIN" = ORF-Ski Challenge 2009 "Skat-Online V7" = Skat-Online V7 "Steam App 10" = Counter-Strike "World of Warcraft Trial" = Probeversion von World of Warcraft ========== Last 10 Event Log Errors ========== [ Application Events ] Error - 31.12.2005 18:03:51 | Computer Name = *** | Source = crypt32 | ID = 131083 Description = Die Extrahierung der Drittanbieterstammlisten aus der automatischen Aktualisierungs-CAB-Datei bei <hxxp://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cab> ist fehlgeschlagen mit dem Fehler: Ein erforderliches Zertifikat befindet sich nicht im Gültigkeitszeitraum gemessen an der aktuellen Systemzeit oder dem Zeitstempel in der signierten Datei. . Error - 31.12.2005 18:03:51 | Computer Name = *** | Source = crypt32 | ID = 131083 Description = Die Extrahierung der Drittanbieterstammlisten aus der automatischen Aktualisierungs-CAB-Datei bei <hxxp://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cab> ist fehlgeschlagen mit dem Fehler: Ein erforderliches Zertifikat befindet sich nicht im Gültigkeitszeitraum gemessen an der aktuellen Systemzeit oder dem Zeitstempel in der signierten Datei. . Error - 31.12.2005 18:03:51 | Computer Name = *** | Source = crypt32 | ID = 131083 Description = Die Extrahierung der Drittanbieterstammlisten aus der automatischen Aktualisierungs-CAB-Datei bei <hxxp://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cab> ist fehlgeschlagen mit dem Fehler: Ein erforderliches Zertifikat befindet sich nicht im Gültigkeitszeitraum gemessen an der aktuellen Systemzeit oder dem Zeitstempel in der signierten Datei. . Error - 31.12.2005 18:01:51 | Computer Name = *** | Source = crypt32 | ID = 131083 Description = Die Extrahierung der Drittanbieterstammlisten aus der automatischen Aktualisierungs-CAB-Datei bei <hxxp://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cab> ist fehlgeschlagen mit dem Fehler: Ein erforderliches Zertifikat befindet sich nicht im Gültigkeitszeitraum gemessen an der aktuellen Systemzeit oder dem Zeitstempel in der signierten Datei. . Error - 31.12.2005 18:01:51 | Computer Name = *** | Source = crypt32 | ID = 131083 Description = Die Extrahierung der Drittanbieterstammlisten aus der automatischen Aktualisierungs-CAB-Datei bei <hxxp://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cab> ist fehlgeschlagen mit dem Fehler: Ein erforderliches Zertifikat befindet sich nicht im Gültigkeitszeitraum gemessen an der aktuellen Systemzeit oder dem Zeitstempel in der signierten Datei. . Error - 31.12.2005 18:01:52 | Computer Name = *** | Source = crypt32 | ID = 131083 Description = Die Extrahierung der Drittanbieterstammlisten aus der automatischen Aktualisierungs-CAB-Datei bei <hxxp://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cab> ist fehlgeschlagen mit dem Fehler: Ein erforderliches Zertifikat befindet sich nicht im Gültigkeitszeitraum gemessen an der aktuellen Systemzeit oder dem Zeitstempel in der signierten Datei. . Error - 31.12.2005 18:02:35 | Computer Name = *** | Source = crypt32 | ID = 131083 Description = Die Extrahierung der Drittanbieterstammlisten aus der automatischen Aktualisierungs-CAB-Datei bei <hxxp://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cab> ist fehlgeschlagen mit dem Fehler: Ein erforderliches Zertifikat befindet sich nicht im Gültigkeitszeitraum gemessen an der aktuellen Systemzeit oder dem Zeitstempel in der signierten Datei. . Error - 31.12.2005 18:02:35 | Computer Name = *** | Source = crypt32 | ID = 131083 Description = Die Extrahierung der Drittanbieterstammlisten aus der automatischen Aktualisierungs-CAB-Datei bei <hxxp://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cab> ist fehlgeschlagen mit dem Fehler: Ein erforderliches Zertifikat befindet sich nicht im Gültigkeitszeitraum gemessen an der aktuellen Systemzeit oder dem Zeitstempel in der signierten Datei. . Error - 31.12.2005 18:02:35 | Computer Name = *** | Source = crypt32 | ID = 131083 Description = Die Extrahierung der Drittanbieterstammlisten aus der automatischen Aktualisierungs-CAB-Datei bei <hxxp://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cab> ist fehlgeschlagen mit dem Fehler: Ein erforderliches Zertifikat befindet sich nicht im Gültigkeitszeitraum gemessen an der aktuellen Systemzeit oder dem Zeitstempel in der signierten Datei. . Error - 13.09.2010 15:27:18 | Computer Name = *** | Source = Application Error | ID = 1000 Description = Fehlgeschlagene Anwendung teamspeak.exe, Version 2.0.32.60, fehlgeschlagenes Modul kernel32.dll, Version 5.1.2600.5781, Fehleradresse 0x00012afb. [ System Events ] Error - 31.12.2005 18:01:23 | Computer Name = *** | Source = Service Control Manager | ID = 7000 Description = Der Dienst "lxdu_device" wurde aufgrund folgenden Fehlers nicht gestartet: %%2 Error - 31.12.2005 18:01:38 | Computer Name = *** | Source = W32Time | ID = 39452706 Description = Der Zeitdienst hat festgestellt, dass die Systemzeit um +148158752 Sekunden geändert werden muss. Die Systemzeit kann durch den Zeitdienst um maximal +54000 Sekunden geändert werden. Stellen Sie sicher, dass die Uhrzeit und Zeitzone korrekt sind und dass die Zeitquelle time.windows.com (ntp.m|0x1|192.168.220.108:123->207.46.197.32:123) funktionsfähig ist. Error - 11.09.2010 13:15:04 | Computer Name = *** | Source = Windows Update Agent | ID = 16 Description = Verbindung nicht möglich: Es konnte keine Verbindung mit dem Dienst "Automatische Updates" hergestellt werden, daher können Updates nicht nach dem angegebenen Zeitplan heruntergeladen und installiert werden. Es wird weiterhin versucht, eine Verbindung herzustellen. Error - 11.09.2010 13:15:41 | Computer Name = *** | Source = Dhcp | ID = 1000 Description = Die Lease dieses Computers zu der IP-Adresse 192.168.220.108 über die Netzwerkkarte mit der Netzwerkadresse 0017315ED6AE ist verloren gegangen. Error - 11.09.2010 13:15:41 | Computer Name = *** | Source = Dhcp | ID = 1000 Description = Die Lease dieses Computers zu der IP-Adresse 5.169.84.195 über die Netzwerkkarte mit der Netzwerkadresse 7A7905A954C3 ist verloren gegangen. Error - 12.09.2010 08:23:25 | Computer Name = *** | Source = Service Control Manager | ID = 7000 Description = Der Dienst "lxdu_device" wurde aufgrund folgenden Fehlers nicht gestartet: %%2 Error - 31.12.2005 18:02:02 | Computer Name = *** | Source = Service Control Manager | ID = 7000 Description = Der Dienst "lxdu_device" wurde aufgrund folgenden Fehlers nicht gestartet: %%2 Error - 13.09.2010 09:45:25 | Computer Name = *** | Source = Dhcp | ID = 1000 Description = Die Lease dieses Computers zu der IP-Adresse 192.168.220.108 über die Netzwerkkarte mit der Netzwerkadresse 0017315ED6AE ist verloren gegangen. Error - 13.09.2010 09:45:25 | Computer Name = *** | Source = Dhcp | ID = 1000 Description = Die Lease dieses Computers zu der IP-Adresse 5.169.84.195 über die Netzwerkkarte mit der Netzwerkadresse 7A7905A954C3 ist verloren gegangen. Error - 13.09.2010 09:45:59 | Computer Name = *** | Source = Windows Update Agent | ID = 16 Description = Verbindung nicht möglich: Es konnte keine Verbindung mit dem Dienst "Automatische Updates" hergestellt werden, daher können Updates nicht nach dem angegebenen Zeitplan heruntergeladen und installiert werden. Es wird weiterhin versucht, eine Verbindung herzustellen. < End of report > Vorab schon Vielen Dank für eure Hilfe, saccharid |
14.09.2010, 20:40 | #2 | ||
/// Helfer-Team | Avira Antivir meldet BDS\Papras.QN in C:\WINDOWS\cidamapi.dll Hallo und Herzlich Willkommen!
__________________Bevor wir unsere Zusammenarbeit beginnen, [Bitte Vollständig lesen]: Zitat:
- Lade dir RSIT - 2. Bitte Versteckte - und Systemdateien sichtbar machen den Link hier anklicken: System-Dateien und -Ordner unter XP und Vista sichtbar machen Am Ende unserer Arbeit, kannst wieder rückgängig machen! 3. → Lade Dir HJTscanlist.zip herunter → entpacke die Datei auf deinem Desktop → Bei WindowsXP Home musst vor dem Scan zusätzlich tasklist.zip installieren → per Doppelklick starten → Wähle dein Betriebsystem aus - Vista → Wenn Du gefragt wirst, die Option "Einstellung" (1) - scanlist" wählen → Nach kurzer Zeit sollte sich Dein Editor öffnen und die Datei hjtscanlist.txt präsentieren → Bitte kopiere den Inhalt hier in Deinen Thread. 4. Ich würde gerne noch all deine installierten Programme sehen: Lade dir das Tool "Ccleaner" herunter installieren (Software-Lizenzvereinbarung lesen, falls angeboten wird "Füge CCleaner Yahoo! Toolbar hinzu" abwählen)→ starten→ falls nötig - unter Options settings-> "german" einstellen dann klick auf "Extra (um die installierten Programme auch anzuzeigen)→ weiter auf "Als Textdatei speichern..." wird eine Textdatei (*.txt) erstellt, kopiere dazu den Inhalt und füge ihn da ein 5. läuft unter XP, Vista mit (32Bit) und Windows 7 (32Bit) Achtung!: WENN GMER NICHT AUSGEFÜHRT WERDEN KANN ODER PROBMLEME VERURSACHT, fahre mit dem nächsten Punkt fort!- Es ist NICHT sinnvoll einen zweiten Versuch zu starten! Um einen tieferen Einblick in dein System, um eine mögliche Infektion mit einem Rootkit/Info v.wikipedia.org) aufzuspüren, werden wir ein Tool - Gmer - einsetzen :
** keine Verbindung zu einem Netzwerk und Internet - WLAN nicht vergessen Wenn der Scan beendet ist, bitte alle Programme und Tools wieder aktivieren! 6. läuft unter XP, Vista mit (32Bit) und Windows 7 (32Bit) Lade und installiere das Tool RootRepeal herunter
Zitat:
** Möglichst nicht ins internet gehen, kein Online-Banking, File-sharing, Chatprogramme usw grußCoverflow |
15.09.2010, 20:31 | #3 |
| Avira Antivir meldet BDS\Papras.QN in C:\WINDOWS\cidamapi.dll Hallo, danke für deine Unterstützung,
__________________Schon vor deinem Posting habe ich mit Malwarebytes Anti-Malware gefundene Infizierungen in Quarantäne übernommen. Problem besteht jedoch weiterhin. Hier die log datei von malwarebytes: Code:
ATTFilter Malwarebytes' Anti-Malware 1.46 www.malwarebytes.org Datenbank Version: 4615 Windows 5.1.2600 Service Pack 3 Internet Explorer 6.0.2900.5512 14.09.2010 21:48:44 mbam-log-2010-09-14 (21-48-44).txt Art des Suchlaufs: Vollständiger Suchlauf (C:\|D:\|) Durchsuchte Objekte: 331617 Laufzeit: 1 Stunde(n), 52 Minute(n), 43 Sekunde(n) Infizierte Speicherprozesse: 0 Infizierte Speichermodule: 0 Infizierte Registrierungsschlüssel: 147 Infizierte Registrierungswerte: 6 Infizierte Dateiobjekte der Registrierung: 0 Infizierte Verzeichnisse: 20 Infizierte Dateien: 73 Infizierte Speicherprozesse: (Keine bösartigen Objekte gefunden) Infizierte Speichermodule: (Keine bösartigen Objekte gefunden) Infizierte Registrierungsschlüssel: HKEY_CLASSES_ROOT\funwebproducts.browseroverlaybarbutton (Adware.MyWebSearch) -> Quarantined and deleted successfully. HKEY_CLASSES_ROOT\funwebproducts.browseroverlaybarbutton.1 (Adware.MyWebSearch) -> Quarantined and deleted successfully. HKEY_CLASSES_ROOT\funwebproducts.browseroverlayembed (Adware.MyWebSearch) -> Quarantined and deleted successfully. HKEY_CLASSES_ROOT\funwebproducts.browseroverlayembed.1 (Adware.MyWebSearch) -> Quarantined and deleted successfully. HKEY_CLASSES_ROOT\funwebproducts.datacontrol (Adware.MyWebSearch) -> Quarantined and deleted successfully. HKEY_CLASSES_ROOT\funwebproducts.datacontrol.1 (Adware.MyWebSearch) -> Quarantined and deleted successfully. HKEY_CLASSES_ROOT\funwebproducts.historykillerscheduler (Adware.MyWebSearch) -> Quarantined and deleted successfully. HKEY_CLASSES_ROOT\funwebproducts.historykillerscheduler.1 (Adware.MyWebSearch) -> Quarantined and deleted successfully. HKEY_CLASSES_ROOT\funwebproducts.historyswattercontrolbar (Adware.MyWebSearch) -> Quarantined and deleted successfully. HKEY_CLASSES_ROOT\funwebproducts.historyswattercontrolbar.1 (Adware.MyWebSearch) -> Quarantined and deleted successfully. HKEY_CLASSES_ROOT\funwebproducts.htmlmenu (Adware.MyWebSearch) -> Quarantined and deleted successfully. HKEY_CLASSES_ROOT\funwebproducts.htmlmenu.1 (Adware.MyWebSearch) -> Quarantined and deleted successfully. HKEY_CLASSES_ROOT\funwebproducts.htmlmenu.2 (Adware.MyWebSearch) -> Quarantined and deleted successfully. HKEY_CLASSES_ROOT\funwebproducts.iecookiesmanager (Adware.MyWebSearch) -> Quarantined and deleted successfully. HKEY_CLASSES_ROOT\funwebproducts.iecookiesmanager.1 (Adware.MyWebSearch) -> Quarantined and deleted successfully. HKEY_CLASSES_ROOT\funwebproducts.killerobjmanager (Adware.MyWebSearch) -> Quarantined and deleted successfully. HKEY_CLASSES_ROOT\funwebproducts.killerobjmanager.1 (Adware.MyWebSearch) -> Quarantined and deleted successfully. HKEY_CLASSES_ROOT\funwebproducts.popswatterbarbutton (Adware.MyWebSearch) -> Quarantined and deleted successfully. HKEY_CLASSES_ROOT\TypeLib\{8e6f1830-9607-4440-8530-13be7c4b1d14} (Adware.MyWebSearch) -> Quarantined and deleted successfully. HKEY_CLASSES_ROOT\Interface\{63d0ed2b-b45b-4458-8b3b-60c69bbbd83c} (Adware.MyWebSearch) -> Quarantined and deleted successfully. HKEY_CLASSES_ROOT\Interface\{63d0ed2d-b45b-4458-8b3b-60c69bbbd83c} (Adware.MyWebSearch) -> Quarantined and deleted successfully. HKEY_CLASSES_ROOT\CLSID\{63d0ed2c-b45b-4458-8b3b-60c69bbbd83c} (Adware.MyWebSearch) -> Quarantined and deleted successfully. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{63d0ed2c-b45b-4458-8b3b-60c69bbbd83c} (Adware.MyWebSearch) -> Quarantined and deleted successfully. HKEY_CLASSES_ROOT\CLSID\{8e6f1832-9607-4440-8530-13be7c4b1d14} (Adware.MyWebSearch) -> Quarantined and deleted successfully. HKEY_CLASSES_ROOT\CLSID\{a9571378-68a1-443d-b082-284f960c6d17} (Adware.MyWebSearch) -> Quarantined and deleted successfully. HKEY_CLASSES_ROOT\funwebproducts.popswatterbarbutton.1 (Adware.MyWebSearch) -> Quarantined and deleted successfully. HKEY_CLASSES_ROOT\funwebproducts.popswattersettingscontrol (Adware.MyWebSearch) -> Quarantined and deleted successfully. HKEY_CLASSES_ROOT\funwebproducts.popswattersettingscontrol.1 (Adware.MyWebSearch) -> Quarantined and deleted successfully. HKEY_CLASSES_ROOT\funwebproducts.shellviewcontrol (Adware.MyWebSearch) -> Quarantined and deleted successfully. HKEY_CLASSES_ROOT\TypeLib\{621feacd-8857-43a6-ae26-451d670d5370} (Adware.MyWebSearch) -> Quarantined and deleted successfully. HKEY_CLASSES_ROOT\Interface\{2763e333-b168-41a0-a112-d35f96f410c0} (Adware.MyWebSearch) -> Quarantined and deleted successfully. HKEY_CLASSES_ROOT\CLSID\{2eff3cf7-99c1-4c29-bc2b-68e057e22340} (Adware.MyWebSearch) -> Quarantined and deleted successfully. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{2eff3cf7-99c1-4c29-bc2b-68e057e22340} (Adware.MyWebSearch) -> Quarantined and deleted successfully. HKEY_CLASSES_ROOT\funwebproducts.shellviewcontrol.1 (Adware.MyWebSearch) -> Quarantined and deleted successfully. HKEY_CLASSES_ROOT\mywebsearch.chatsessionplugin (Adware.MyWebSearch) -> Quarantined and deleted successfully. HKEY_CLASSES_ROOT\TypeLib\{e79dfbc0-5697-4fbd-94e5-5b2a9c7c1612} (Adware.MyWebSearch) -> Quarantined and deleted successfully. HKEY_CLASSES_ROOT\Interface\{72ee7f04-15bd-4845-a005-d6711144d86a} (Adware.MyWebSearch) -> Quarantined and deleted successfully. HKEY_CLASSES_ROOT\Interface\{e79dfbc9-5697-4fbd-94e5-5b2a9c7c1612} (Adware.MyWebSearch) -> Quarantined and deleted successfully. HKEY_CLASSES_ROOT\Interface\{e79dfbcb-5697-4fbd-94e5-5b2a9c7c1612} (Adware.MyWebSearch) -> Quarantined and deleted successfully. HKEY_CLASSES_ROOT\CLSID\{e79dfbca-5697-4fbd-94e5-5b2a9c7c1612} (Adware.MyWebSearch) -> Quarantined and deleted successfully. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{e79dfbca-5697-4fbd-94e5-5b2a9c7c1612} (Adware.MyWebSearch) -> Quarantined and deleted successfully. HKEY_CLASSES_ROOT\mywebsearch.chatsessionplugin.1 (Adware.MyWebSearch) -> Quarantined and deleted successfully. HKEY_CLASSES_ROOT\mywebsearch.htmlpanel (Adware.MyWebSearch) -> Quarantined and deleted successfully. HKEY_CLASSES_ROOT\TypeLib\{3e720450-b472-4954-b7aa-33069eb53906} (Adware.MyWebSearch) -> Quarantined and deleted successfully. HKEY_CLASSES_ROOT\Interface\{3e720451-b472-4954-b7aa-33069eb53906} (Adware.MyWebSearch) -> Quarantined and deleted successfully. HKEY_CLASSES_ROOT\Interface\{3e720453-b472-4954-b7aa-33069eb53906} (Adware.MyWebSearch) -> Quarantined and deleted successfully. HKEY_CLASSES_ROOT\CLSID\{3e720452-b472-4954-b7aa-33069eb53906} (Adware.MyWebSearch) -> Quarantined and deleted successfully. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{3e720452-b472-4954-b7aa-33069eb53906} (Adware.MyWebSearch) -> Quarantined and deleted successfully. HKEY_CLASSES_ROOT\mywebsearch.htmlpanel.1 (Adware.MyWebSearch) -> Quarantined and deleted successfully. HKEY_CLASSES_ROOT\mywebsearch.outlookaddin (Adware.MyWebSearch) -> Quarantined and deleted successfully. HKEY_CLASSES_ROOT\mywebsearch.outlookaddin.1 (Adware.MyWebSearch) -> Quarantined and deleted successfully. HKEY_CLASSES_ROOT\mywebsearch.pseudotransparentplugin (Adware.MyWebSearch) -> Quarantined and deleted successfully. HKEY_CLASSES_ROOT\TypeLib\{7473d290-b7bb-4f24-ae82-7e2ce94bb6a9} (Adware.MyWebSearch) -> Quarantined and deleted successfully. HKEY_CLASSES_ROOT\Interface\{7473d291-b7bb-4f24-ae82-7e2ce94bb6a9} (Adware.MyWebSearch) -> Quarantined and deleted successfully. HKEY_CLASSES_ROOT\Interface\{7473d293-b7bb-4f24-ae82-7e2ce94bb6a9} (Adware.MyWebSearch) -> Quarantined and deleted successfully. HKEY_CLASSES_ROOT\Interface\{7473d295-b7bb-4f24-ae82-7e2ce94bb6a9} (Adware.MyWebSearch) -> Quarantined and deleted successfully. HKEY_CLASSES_ROOT\Interface\{7473d297-b7bb-4f24-ae82-7e2ce94bb6a9} (Adware.MyWebSearch) -> Quarantined and deleted successfully. HKEY_CLASSES_ROOT\CLSID\{7473d292-b7bb-4f24-ae82-7e2ce94bb6a9} (Adware.MyWebSearch) -> Quarantined and deleted successfully. HKEY_CLASSES_ROOT\CLSID\{7473d294-b7bb-4f24-ae82-7e2ce94bb6a9} (Adware.MyWebSearch) -> Quarantined and deleted successfully. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{7473d294-b7bb-4f24-ae82-7e2ce94bb6a9} (Adware.MyWebSearch) -> Quarantined and deleted successfully. HKEY_CLASSES_ROOT\CLSID\{7473d296-b7bb-4f24-ae82-7e2ce94bb6a9} (Adware.MyWebSearch) -> Quarantined and deleted successfully. HKEY_CLASSES_ROOT\mywebsearch.pseudotransparentplugin.1 (Adware.MyWebSearch) -> Quarantined and deleted successfully. HKEY_CLASSES_ROOT\mywebsearchtoolbar.settingsplugin (Adware.MyWebSearch) -> Quarantined and deleted successfully. HKEY_CLASSES_ROOT\mywebsearchtoolbar.settingsplugin.1 (Adware.MyWebSearch) -> Quarantined and deleted successfully. HKEY_CLASSES_ROOT\mywebsearchtoolbar.toolbarplugin (Adware.MyWebSearch) -> Quarantined and deleted successfully. HKEY_CLASSES_ROOT\mywebsearchtoolbar.toolbarplugin.1 (Adware.MyWebSearch) -> Quarantined and deleted successfully. HKEY_CLASSES_ROOT\screensavercontrol.screensaverinstaller (Adware.MyWebSearch) -> Quarantined and deleted successfully. HKEY_CLASSES_ROOT\screensavercontrol.screensaverinstaller.1 (Adware.MyWebSearch) -> Quarantined and deleted successfully. HKEY_CLASSES_ROOT\Interface\{07b18eaa-a523-4961-b6bb-170de4475cca} (Adware.MyWebSearch) -> Quarantined and deleted successfully. HKEY_CLASSES_ROOT\Interface\{07b18eac-a523-4961-b6bb-170de4475cca} (Adware.MyWebSearch) -> Quarantined and deleted successfully. HKEY_CLASSES_ROOT\Interface\{1093995a-ba37-41d2-836e-091067c4ad17} (Adware.MyWebSearch) -> Quarantined and deleted successfully. HKEY_CLASSES_ROOT\Interface\{120927bf-1700-43bc-810f-fab92549b390} (Adware.MyWebSearch) -> Quarantined and deleted successfully. HKEY_CLASSES_ROOT\Interface\{17de5e5e-bfe3-4e83-8e1f-8755795359ec} (Adware.MyWebSearch) -> Quarantined and deleted successfully. HKEY_CLASSES_ROOT\Interface\{1f52a5fa-a705-4415-b975-88503b291728} (Adware.MyWebSearch) -> Quarantined and deleted successfully. HKEY_CLASSES_ROOT\Interface\{247a115f-06c2-4fb3-967d-2d62d3cf4f0a} (Adware.MyWebSearch) -> Quarantined and deleted successfully. HKEY_CLASSES_ROOT\Interface\{2e3537fc-cf2f-4f56-af54-5a6a3dd375cc} (Adware.MyWebSearch) -> Quarantined and deleted successfully. HKEY_CLASSES_ROOT\Interface\{2e9937fc-cf2f-4f56-af54-5a6a3dd375cc} (Adware.MyWebSearch) -> Quarantined and deleted successfully. HKEY_CLASSES_ROOT\Interface\{38a7c9da-8db7-4d0f-a7b1-c4b1a305bddb} (Adware.MyWebSearch) -> Quarantined and deleted successfully. HKEY_CLASSES_ROOT\Interface\{3e1656ed-f60e-4597-b6aa-b6a58e171495} (Adware.MyWebSearch) -> Quarantined and deleted successfully. HKEY_CLASSES_ROOT\Interface\{3e53e2cb-86db-4a4a-8bd9-ffeb7a64df82} (Adware.MyWebSearch) -> Quarantined and deleted successfully. HKEY_CLASSES_ROOT\Interface\{6e74766c-4d93-4cc0-96d1-47b8e07ff9ca} (Adware.MyWebSearch) -> Quarantined and deleted successfully. HKEY_CLASSES_ROOT\Interface\{741de825-a6f0-4497-9aa6-8023cf9b0fff} (Adware.MyWebSearch) -> Quarantined and deleted successfully. HKEY_CLASSES_ROOT\Interface\{8d292ec0-6792-4a38-82ed-73a087e41ba6} (Adware.MyWebSearch) -> Quarantined and deleted successfully. HKEY_CLASSES_ROOT\Interface\{90449521-d834-4703-bb4e-d3aa44042ff8} (Adware.MyWebSearch) -> Quarantined and deleted successfully. HKEY_CLASSES_ROOT\Interface\{991aac62-b100-47ce-8b75-253965244f69} (Adware.MyWebSearch) -> Quarantined and deleted successfully. HKEY_CLASSES_ROOT\Interface\{a626cdbd-3d13-4f78-b819-440a28d7e8fc} (Adware.MyWebSearch) -> Quarantined and deleted successfully. HKEY_CLASSES_ROOT\Interface\{bbabdc90-f3d5-4801-863a-ee6ae529862d} (Adware.MyWebSearch) -> Quarantined and deleted successfully. HKEY_CLASSES_ROOT\Interface\{d6ff3684-ad3b-48eb-bbb4-b9e6c5a355c1} (Adware.MyWebSearch) -> Quarantined and deleted successfully. HKEY_CLASSES_ROOT\Interface\{de38c398-b328-4f4c-a3ad-1b5e4ed93477} (Adware.MyWebSearch) -> Quarantined and deleted successfully. HKEY_CLASSES_ROOT\Interface\{e342af55-b78a-4cd0-a2bb-da7f52d9d25e} (Adware.MyWebSearch) -> Quarantined and deleted successfully. HKEY_CLASSES_ROOT\Interface\{e342af55-b78a-4cd0-a2bb-da7f52d9d25f} (Adware.MyWebSearch) -> Quarantined and deleted successfully. HKEY_CLASSES_ROOT\Interface\{eb9e5c1c-b1f9-4c2b-be8a-27d6446fdaf8} (Adware.MyWebSearch) -> Quarantined and deleted successfully. HKEY_CLASSES_ROOT\Interface\{f87d7fb5-9dc5-4c8c-b998-d8dfe02e2978} (Adware.MyWebSearch) -> Quarantined and deleted successfully. HKEY_CLASSES_ROOT\CLSID\{00a6faf1-072e-44cf-8957-5838f569a31d} (Adware.MyWebSearch) -> Quarantined and deleted successfully. HKEY_CLASSES_ROOT\CLSID\{00a6faf6-072e-44cf-8957-5838f569a31d} (Adware.MyWebSearch) -> Quarantined and deleted successfully. HKEY_CLASSES_ROOT\CLSID\{07b18ea1-a523-4961-b6bb-170de4475cca} (Adware.MyWebSearch) -> Quarantined and deleted successfully. HKEY_CLASSES_ROOT\CLSID\{07b18ea9-a523-4961-b6bb-170de4475cca} (Adware.MyWebSearch) -> Quarantined and deleted successfully. HKEY_CLASSES_ROOT\CLSID\{07b18eab-a523-4961-b6bb-170de4475cca} (Adware.MyWebSearch) -> Quarantined and deleted successfully. HKEY_CLASSES_ROOT\CLSID\{0f8ecf4f-3646-4c3a-8881-8e138ffcaf70} (Adware.MyWebSearch) -> Quarantined and deleted successfully. HKEY_CLASSES_ROOT\CLSID\{147a976f-eee1-4377-8ea7-4716e4cdd239} (Adware.MyWebSearch) -> Quarantined and deleted successfully. HKEY_CLASSES_ROOT\CLSID\{1e0de227-5ce4-4ea3-ab0c-8b03e1aa76bc} (Adware.MyWebSearch) -> Quarantined and deleted successfully. HKEY_CLASSES_ROOT\CLSID\{25560540-9571-4d7b-9389-0f166788785a} (Adware.MyWebSearch) -> Quarantined and deleted successfully. HKEY_CLASSES_ROOT\CLSID\{3dc201fb-e9c9-499c-a11f-23c360d7c3f8} (Adware.MyWebSearch) -> Quarantined and deleted successfully. HKEY_CLASSES_ROOT\CLSID\{53ced2d0-5e9a-4761-9005-648404e6f7e5} (Adware.MyWebSearch) -> Quarantined and deleted successfully. HKEY_CLASSES_ROOT\CLSID\{84da4fdf-a1cf-4195-8688-3e961f505983} (Adware.MyWebSearch) -> Quarantined and deleted successfully. HKEY_CLASSES_ROOT\CLSID\{938aa51a-996c-4884-98ce-80dd16a5c9da} (Adware.MyWebSearch) -> Quarantined and deleted successfully. HKEY_CLASSES_ROOT\CLSID\{98d9753d-d73b-42d5-8c85-4469cda897ab} (Adware.MyWebSearch) -> Quarantined and deleted successfully. HKEY_CLASSES_ROOT\CLSID\{9ff05104-b030-46fc-94b8-81276e4e27df} (Adware.MyWebSearch) -> Quarantined and deleted successfully. HKEY_CLASSES_ROOT\CLSID\{a6573479-9075-4a65-98a6-19fd29cf7374} (Adware.MyWebSearch) -> Quarantined and deleted successfully. HKEY_CLASSES_ROOT\CLSID\{adb01e81-3c79-4272-a0f1-7b2be7a782dc} (Adware.MyWebSearch) -> Quarantined and deleted successfully. HKEY_CLASSES_ROOT\CLSID\{b813095c-81c0-4e40-aa14-67520372b987} (Adware.MyWebSearch) -> Quarantined and deleted successfully. HKEY_CLASSES_ROOT\CLSID\{c9d7be3e-141a-4c85-8cd6-32461f3df2c7} (Adware.MyWebSearch) -> Quarantined and deleted successfully. HKEY_CLASSES_ROOT\CLSID\{cff4ce82-3aa2-451f-9b77-7165605fb835} (Adware.MyWebSearch) -> Quarantined and deleted successfully. HKEY_CLASSES_ROOT\CLSID\{d778513b-1c40-4819-b0c5-49e40b39afd0} (Adware.MyWebSearch) -> Quarantined and deleted successfully. HKEY_CLASSES_ROOT\CLSID\{d9fffb27-d62a-4d64-8cec-1ff006528805} (Adware.MyWebSearch) -> Quarantined and deleted successfully. HKEY_CLASSES_ROOT\Typelib\{07b18ea0-a523-4961-b6bb-170de4475cca} (Adware.MyWebSearch) -> Quarantined and deleted successfully. HKEY_CLASSES_ROOT\Typelib\{0d26bc71-a633-4e71-ad31-eadc3a1b6a3a} (Adware.MyWebSearch) -> Quarantined and deleted successfully. HKEY_CLASSES_ROOT\Typelib\{29d67d3c-509a-4544-903f-c8c1b8236554} (Adware.MyWebSearch) -> Quarantined and deleted successfully. HKEY_CLASSES_ROOT\Typelib\{8ca01f0e-987c-49c3-b852-2f1ac4a7094c} (Adware.MyWebSearch) -> Quarantined and deleted successfully. HKEY_CLASSES_ROOT\Typelib\{98635087-3f5d-418f-990c-b1efe0797a3b} (Adware.MyWebSearch) -> Quarantined and deleted successfully. HKEY_CLASSES_ROOT\Typelib\{c8cecde3-1ae1-4c4a-ad82-6d5b00212144} (Adware.MyWebSearch) -> Quarantined and deleted successfully. HKEY_CLASSES_ROOT\Typelib\{e47caee0-deea-464a-9326-3f2801535a4d} (Adware.MyWebSearch) -> Quarantined and deleted successfully. HKEY_CLASSES_ROOT\Typelib\{f42228fb-e84e-479e-b922-fbbd096e792c} (Adware.MyWebSearch) -> Quarantined and deleted successfully. HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{56256a51-b582-467e-b8d4-7786eda79ae0} (Trojan.Vundo) -> Quarantined and deleted successfully. HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{00a6faf1-072e-44cf-8957-5838f569a31d} (Adware.MyWebSearch) -> Quarantined and deleted successfully. HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{07b18ea1-a523-4961-b6bb-170de4475cca} (Adware.MyWebSearch) -> Quarantined and deleted successfully. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{56256a51-b582-467e-b8d4-7786eda79ae0} (Trojan.Vundo) -> Quarantined and deleted successfully. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{00a6faf1-072e-44cf-8957-5838f569a31d} (Adware.MyWebSearch) -> Quarantined and deleted successfully. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{07b18ea1-a523-4961-b6bb-170de4475cca} (Adware.MyWebSearch) -> Quarantined and deleted successfully. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{07b18eab-a523-4961-b6bb-170de4475cca} (Adware.MyWebSearch) -> Quarantined and deleted successfully. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{25560540-9571-4d7b-9389-0f166788785a} (Adware.MyWebSearch) -> Quarantined and deleted successfully. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{3dc201fb-e9c9-499c-a11f-23c360d7c3f8} (Adware.MyWebSearch) -> Quarantined and deleted successfully. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{98d9753d-d73b-42d5-8c85-4469cda897ab} (Adware.MyWebSearch) -> Quarantined and deleted successfully. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{9ff05104-b030-46fc-94b8-81276e4e27df} (Adware.MyWebSearch) -> Quarantined and deleted successfully. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{a6573479-9075-4a65-98a6-19fd29cf7374} (Adware.MyWebSearch) -> Quarantined and deleted successfully. HKEY_CURRENT_USER\SOFTWARE\Fun Web Products (Adware.MyWebSearch) -> Quarantined and deleted successfully. HKEY_CURRENT_USER\SOFTWARE\MyWebSearch (Adware.MyWebSearch) -> Quarantined and deleted successfully. HKEY_LOCAL_MACHINE\SOFTWARE\FocusInteractive (Adware.MyWebSearch) -> Quarantined and deleted successfully. HKEY_LOCAL_MACHINE\SOFTWARE\Fun Web Products (Adware.MyWebSearch) -> Quarantined and deleted successfully. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Multimedia\WMPlayer\Schemes\f3pss (Adware.MyWebSearch) -> Quarantined and deleted successfully. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Office\Outlook\Addins\MyWebSearch.OutlookAddin (Adware.MyWebSearch) -> Quarantined and deleted successfully. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Office\Word\Addins\MyWebSearch.OutlookAddin (Adware.MyWebSearch) -> Quarantined and deleted successfully. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\MyWebSearch bar Uninstall (Adware.MyWebSearch) -> Quarantined and deleted successfully. HKEY_LOCAL_MACHINE\SOFTWARE\MyWebSearch (Adware.MyWebSearch) -> Quarantined and deleted successfully. HKEY_LOCAL_MACHINE\SOFTWARE\winantivirus pro 2006 (Rogue.WinAntiVirus) -> Quarantined and deleted successfully. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{055fd26d-3a88-4e15-963d-dc8493744b1d} (Trojan.BHO) -> Quarantined and deleted successfully. HKEY_CLASSES_ROOT\CLSID\{055fd26d-3a88-4e15-963d-dc8493744b1d} (Trojan.BHO) -> Quarantined and deleted successfully. Infizierte Registrierungswerte: HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\URLSearchHooks\{00a6faf6-072e-44cf-8957-5838f569a31d} (Adware.MyWebSearch) -> Quarantined and deleted successfully. HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\MenuExt\&Search\(default) (Adware.Hotbar) -> Quarantined and deleted successfully. HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\mywebsearch email plugin (Adware.MyWebSearch) -> Quarantined and deleted successfully. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows Media\WMSDK\Sources\f3popu***creensavers (Adware.MyWebSearch) -> Quarantined and deleted successfully. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\User Agent\Post Platform\funwebproducts (Adware.MyWebSearch) -> Quarantined and deleted successfully. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\my web search bar (Adware.MyWebSearch) -> Quarantined and deleted successfully. Infizierte Dateiobjekte der Registrierung: (Keine bösartigen Objekte gefunden) Infizierte Verzeichnisse: C:\Dokumente und Einstellungen\***\Anwendungsdaten\FunWebProducts (Adware.MyWebSearch) -> Quarantined and deleted successfully. C:\Dokumente und Einstellungen\***\Anwendungsdaten\FunWebProducts\Data (Adware.MyWebSearch) -> Quarantined and deleted successfully. C:\Dokumente und Einstellungen\***\Anwendungsdaten\FunWebProducts\Data\*** (Adware.MyWebSearch) -> Quarantined and deleted successfully. C:\Programme\FunWebProducts (Adware.MyWebSearch) -> Quarantined and deleted successfully. C:\Programme\FunWebProducts\Shared (Adware.MyWebSearch) -> Quarantined and deleted successfully. C:\Programme\FunWebProducts\Shared\Cache (Adware.MyWebSearch) -> Quarantined and deleted successfully. C:\Programme\MyWebSearch (Adware.MyWebSearch) -> Quarantined and deleted successfully. C:\Programme\MyWebSearch\bar (Adware.MyWebSearch) -> Quarantined and deleted successfully. C:\Programme\MyWebSearch\bar\1.bin (Adware.MyWebSearch) -> Quarantined and deleted successfully. C:\Programme\MyWebSearch\bar\2.bin (Adware.MyWebSearch) -> Quarantined and deleted successfully. C:\Programme\MyWebSearch\bar\Avatar (Adware.MyWebSearch) -> Quarantined and deleted successfully. C:\Programme\MyWebSearch\bar\Cache (Adware.MyWebSearch) -> Quarantined and deleted successfully. C:\Programme\MyWebSearch\bar\Game (Adware.MyWebSearch) -> Quarantined and deleted successfully. C:\Programme\MyWebSearch\bar\History (Adware.MyWebSearch) -> Quarantined and deleted successfully. C:\Programme\MyWebSearch\bar\icons (Adware.MyWebSearch) -> Quarantined and deleted successfully. C:\Programme\MyWebSearch\bar\Message (Adware.MyWebSearch) -> Quarantined and deleted successfully. C:\Programme\MyWebSearch\bar\Notifier (Adware.MyWebSearch) -> Quarantined and deleted successfully. C:\Programme\MyWebSearch\bar\Settings (Adware.MyWebSearch) -> Quarantined and deleted successfully. C:\Programme\MyWebSearch\SrchAstt (Adware.MyWebSearch) -> Quarantined and deleted successfully. C:\Programme\MyWebSearch\SrchAstt\2.bin (Adware.MyWebSearch) -> Quarantined and deleted successfully. Infizierte Dateien: C:\Programme\MyWebSearch\bar\2.bin\F3POPSWT.DLL (Adware.MyWebSearch) -> Quarantined and deleted successfully. C:\Programme\MyWebSearch\bar\2.bin\F3SHLLVW.DLL (Adware.MyWebSearch) -> Quarantined and deleted successfully. C:\Programme\MyWebSearch\bar\2.bin\M3MSG.DLL (Adware.MyWebSearch) -> Quarantined and deleted successfully. C:\Programme\MyWebSearch\bar\2.bin\M3HTML.DLL (Adware.MyWebSearch) -> Quarantined and deleted successfully. C:\Programme\MyWebSearch\bar\2.bin\M3SKIN.DLL (Adware.MyWebSearch) -> Quarantined and deleted successfully. C:\Programme\MyWebSearch\bar\2.bin\F3CJPEG.DLL (Adware.MyWebSearch) -> Quarantined and deleted successfully. C:\Dokumente und Einstellungen\***\Eigene Dateien\Eigene Dateien\shoot.EXE (Joke.Winshoot) -> Quarantined and deleted successfully. C:\Programme\MyWebSearch\bar\1.bin\M3HTML.DLL (Adware.MyWebSearch) -> Quarantined and deleted successfully. C:\Programme\MyWebSearch\bar\1.bin\MWSBAR.DLL (Adware.MyWebSearch) -> Quarantined and deleted successfully. C:\Programme\MyWebSearch\bar\1.bin\MWSOEMON.EXE (Adware.MyWebSearch) -> Quarantined and deleted successfully. C:\Programme\MyWebSearch\bar\1.bin\MWSOESTB.DLL (Adware.MyWebSearch) -> Quarantined and deleted successfully. C:\Programme\MyWebSearch\bar\2.bin\M3IDLE.DLL (Adware.MyWebSearch) -> Quarantined and deleted successfully. C:\Programme\MyWebSearch\bar\2.bin\M3IMPIPE.EXE (Adware.MyWebSearch) -> Quarantined and deleted successfully. C:\Programme\MyWebSearch\bar\2.bin\M3PLUGIN.DLL (Adware.MyWebSearch) -> Quarantined and deleted successfully. C:\Programme\MyWebSearch\bar\2.bin\M3SLSRCH.EXE (Adware.MyWebSearch) -> Quarantined and deleted successfully. C:\Programme\FunWebProducts\Shared\Cache\AvatarSmallBtn.html (Adware.MyWebSearch) -> Quarantined and deleted successfully. C:\Programme\FunWebProducts\Shared\Cache\CursorManiaBtn.html (Adware.MyWebSearch) -> Quarantined and deleted successfully. C:\Programme\FunWebProducts\Shared\Cache\MailStampBtn.html (Adware.MyWebSearch) -> Quarantined and deleted successfully. C:\Programme\FunWebProducts\Shared\Cache\MyFunCardsIMBtn.html (Adware.MyWebSearch) -> Quarantined and deleted successfully. C:\Programme\FunWebProducts\Shared\Cache\MyStationeryBtn.html (Adware.MyWebSearch) -> Quarantined and deleted successfully. C:\Programme\FunWebProducts\Shared\Cache\SmileyCentralBtn.html (Adware.MyWebSearch) -> Quarantined and deleted successfully. C:\Programme\MyWebSearch\bar\1.bin\F3REPROX.DLL (Adware.MyWebSearch) -> Quarantined and deleted successfully. C:\Programme\MyWebSearch\bar\2.bin\F3BKGERR.JPG (Adware.MyWebSearch) -> Quarantined and deleted successfully. C:\Programme\MyWebSearch\bar\2.bin\F3IMSTUB.DLL (Adware.MyWebSearch) -> Quarantined and deleted successfully. C:\Programme\MyWebSearch\bar\2.bin\F3REPROX.DLL (Adware.MyWebSearch) -> Quarantined and deleted successfully. C:\Programme\MyWebSearch\bar\2.bin\F3SPACER.WMV (Adware.MyWebSearch) -> Quarantined and deleted successfully. C:\Programme\MyWebSearch\bar\2.bin\F3WALLPP.DAT (Adware.MyWebSearch) -> Quarantined and deleted successfully. C:\Programme\MyWebSearch\bar\2.bin\F3WPHOOK.DLL (Adware.MyWebSearch) -> Quarantined and deleted successfully. C:\Programme\MyWebSearch\bar\2.bin\M3FFXTBR.JAR (Adware.MyWebSearch) -> Quarantined and deleted successfully. C:\Programme\MyWebSearch\bar\2.bin\M3FFXTBR.MANIFEST (Adware.MyWebSearch) -> Quarantined and deleted successfully. C:\Programme\MyWebSearch\bar\2.bin\M3NTSTBR.JAR (Adware.MyWebSearch) -> Quarantined and deleted successfully. C:\Programme\MyWebSearch\bar\2.bin\M3NTSTBR.MANIFEST (Adware.MyWebSearch) -> Quarantined and deleted successfully. C:\Programme\MyWebSearch\bar\Avatar\COMMON.F3S (Adware.MyWebSearch) -> Quarantined and deleted successfully. C:\Programme\MyWebSearch\bar\Cache\00023C15 (Adware.MyWebSearch) -> Quarantined and deleted successfully. C:\Programme\MyWebSearch\bar\Cache\000C0F95 (Adware.MyWebSearch) -> Quarantined and deleted successfully. C:\Programme\MyWebSearch\bar\Cache\0012867E (Adware.MyWebSearch) -> Quarantined and deleted successfully. C:\Programme\MyWebSearch\bar\Cache\00128A66.bin (Adware.MyWebSearch) -> Quarantined and deleted successfully. C:\Programme\MyWebSearch\bar\Cache\0012AE3A.bin (Adware.MyWebSearch) -> Quarantined and deleted successfully. C:\Programme\MyWebSearch\bar\Cache\0012AFDF.bin (Adware.MyWebSearch) -> Quarantined and deleted successfully. C:\Programme\MyWebSearch\bar\Cache\0012B166.bin (Adware.MyWebSearch) -> Quarantined and deleted successfully. C:\Programme\MyWebSearch\bar\Cache\0013378E.bin (Adware.MyWebSearch) -> Quarantined and deleted successfully. C:\Programme\MyWebSearch\bar\Cache\00133982.bin (Adware.MyWebSearch) -> Quarantined and deleted successfully. C:\Programme\MyWebSearch\bar\Cache\00133BF3.bin (Adware.MyWebSearch) -> Quarantined and deleted successfully. C:\Programme\MyWebSearch\bar\Cache\00133DF6.bin (Adware.MyWebSearch) -> Quarantined and deleted successfully. C:\Programme\MyWebSearch\bar\Cache\0019FC09.bin (Adware.MyWebSearch) -> Quarantined and deleted successfully. C:\Programme\MyWebSearch\bar\Cache\0019FDEE.bin (Adware.MyWebSearch) -> Quarantined and deleted successfully. C:\Programme\MyWebSearch\bar\Cache\0019FF36.bin (Adware.MyWebSearch) -> Quarantined and deleted successfully. C:\Programme\MyWebSearch\bar\Cache\files.ini (Adware.MyWebSearch) -> Quarantined and deleted successfully. C:\Programme\MyWebSearch\bar\Game\CHECKERS.F3S (Adware.MyWebSearch) -> Quarantined and deleted successfully. C:\Programme\MyWebSearch\bar\Game\CHESS.F3S (Adware.MyWebSearch) -> Quarantined and deleted successfully. C:\Programme\MyWebSearch\bar\Game\REVERSI.F3S (Adware.MyWebSearch) -> Quarantined and deleted successfully. C:\Programme\MyWebSearch\bar\History\search2 (Adware.MyWebSearch) -> Quarantined and deleted successfully. C:\Programme\MyWebSearch\bar\icons\CM.ICO (Adware.MyWebSearch) -> Quarantined and deleted successfully. C:\Programme\MyWebSearch\bar\icons\MFC.ICO (Adware.MyWebSearch) -> Quarantined and deleted successfully. C:\Programme\MyWebSearch\bar\icons\PSS.ICO (Adware.MyWebSearch) -> Quarantined and deleted successfully. C:\Programme\MyWebSearch\bar\icons\SMILEY.ICO (Adware.MyWebSearch) -> Quarantined and deleted successfully. C:\Programme\MyWebSearch\bar\icons\Thumbs.db (Adware.MyWebSearch) -> Quarantined and deleted successfully. C:\Programme\MyWebSearch\bar\icons\WB.ICO (Adware.MyWebSearch) -> Quarantined and deleted successfully. C:\Programme\MyWebSearch\bar\icons\ZWINKY.ICO (Adware.MyWebSearch) -> Quarantined and deleted successfully. C:\Programme\MyWebSearch\bar\Message\COMMON.F3S (Adware.MyWebSearch) -> Quarantined and deleted successfully. C:\Programme\MyWebSearch\bar\Notifier\COMMON.F3S (Adware.MyWebSearch) -> Quarantined and deleted successfully. C:\Programme\MyWebSearch\bar\Notifier\DOG.F3S (Adware.MyWebSearch) -> Quarantined and deleted successfully. C:\Programme\MyWebSearch\bar\Notifier\FISH.F3S (Adware.MyWebSearch) -> Quarantined and deleted successfully. C:\Programme\MyWebSearch\bar\Notifier\KUNGFU.F3S (Adware.MyWebSearch) -> Quarantined and deleted successfully. C:\Programme\MyWebSearch\bar\Notifier\LIFEGARD.F3S (Adware.MyWebSearch) -> Quarantined and deleted successfully. C:\Programme\MyWebSearch\bar\Notifier\MAID.F3S (Adware.MyWebSearch) -> Quarantined and deleted successfully. C:\Programme\MyWebSearch\bar\Notifier\MAILBOX.F3S (Adware.MyWebSearch) -> Quarantined and deleted successfully. C:\Programme\MyWebSearch\bar\Notifier\OPERA.F3S (Adware.MyWebSearch) -> Quarantined and deleted successfully. C:\Programme\MyWebSearch\bar\Notifier\ROBOT.F3S (Adware.MyWebSearch) -> Quarantined and deleted successfully. C:\Programme\MyWebSearch\bar\Notifier\SEDUCT.F3S (Adware.MyWebSearch) -> Quarantined and deleted successfully. C:\Programme\MyWebSearch\bar\Notifier\SURFER.F3S (Adware.MyWebSearch) -> Quarantined and deleted successfully. C:\Programme\MyWebSearch\bar\Settings\prevcfg2.htm (Adware.MyWebSearch) -> Quarantined and deleted successfully. C:\Programme\MyWebSearch\bar\Settings\s_pid.dat (Adware.MyWebSearch) -> Quarantined and deleted successfully. log.txt [code] RSIT Logfile: Code:
ATTFilter Logfile of random's system information tool 1.08 (written by random/random) Run by admin at 2010-09-14 22:38:11 Microsoft Windows XP Home Edition Service Pack 3 System drive C: has 32 GB (20%) free of 155 GB Total RAM: 2046 MB (75% free) Logfile of Trend Micro HijackThis v2.0.4 Scan saved at 22:38:16, on 14.09.2010 Platform: Windows XP SP3 (WinNT 5.01.2600) MSIE: Internet Explorer v6.00 SP3 (6.00.2900.5512) Boot mode: Normal Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\system32\spoolsv.exe D:\Programme\Avira\AntiVir Desktop\sched.exe C:\WINDOWS\Explorer.EXE C:\WINDOWS\SOUNDMAN.EXE D:\Programme\Avira\AntiVir Desktop\avgnt.exe C:\Programme\Gemeinsame Dateien\Java\Java Update\jusched.exe C:\WINDOWS\system32\RUNDLL32.EXE C:\WINDOWS\system32\ctfmon.exe C:\WINDOWS\System32\svchost.exe D:\Programme\Avira\AntiVir Desktop\avguard.exe C:\Programme\Java\jre6\bin\jqs.exe C:\Programme\Gemeinsame Dateien\Microsoft Shared\VS7DEBUG\MDM.EXE C:\WINDOWS\system32\PnkBstrA.exe C:\WINDOWS\system32\PnkBstrB.exe C:\WINDOWS\system32\svchost.exe C:\Programme\Mozilla Firefox\firefox.exe C:\Dokumente und Einstellungen\admin\Eigene Dateien\ccleaner\RSIT.exe C:\Programme\trend micro\admin.exe O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Programme\Gemeinsame Dateien\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Programme\Google\GoogleToolbarNotifier\4.1.805.4472\swg.dll O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Programme\Java\jre6\bin\jp2ssv.dll O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Programme\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll O3 - Toolbar: (no name) - {855F3B16-6D32-4fe6-8A56-BBB695989046} - (no file) O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE O4 - HKLM\..\Run: [avgnt] "D:\Programme\Avira\AntiVir Desktop\avgnt.exe" /min O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Programme\Gemeinsame Dateien\Java\Java Update\jusched.exe" O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Programme\Adobe\Reader 9.0\Reader\Reader_sl.exe" O4 - HKLM\..\Run: [Adobe ARM] "C:\Programme\Gemeinsame Dateien\Adobe\ARM\1.0\AdobeARM.exe" O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'LOKALER DIENST') O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'NETZWERKDIENST') O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM') O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user') O4 - Global Startup: 802.11g Wireless Client Utility.lnk = ? O4 - Global Startup: TEW-444UB Wireless Client Utility.lnk = ? O9 - Extra button: Recherchieren - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL O9 - Extra button: ICQ Lite - {B863453A-26C3-4e1f-A54D-A2CD196348E9} - C:\Programme\ICQLite\ICQLite.exe (file missing) O9 - Extra 'Tools' menuitem: ICQ Lite - {B863453A-26C3-4e1f-A54D-A2CD196348E9} - C:\Programme\ICQLite\ICQLite.exe (file missing) O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe O9 - Extra button: ICQ6 - {E59EB121-F339-4851-A3BA-FE49C35617C2} - C:\Programme\ICQ6.5\ICQ.exe O9 - Extra 'Tools' menuitem: ICQ6 - {E59EB121-F339-4851-A3BA-FE49C35617C2} - C:\Programme\ICQ6.5\ICQ.exe O9 - Extra button: PokerStars.net - {FA9B9510-9FCB-4ca0-818C-5D0987B47C4D} - C:\Programme\PokerStars.NET\PokerStarsUpdate.exe O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programme\Messenger\msmsgs.exe O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programme\Messenger\msmsgs.exe O16 - DPF: {D0C0F75C-683A-4390-A791-1ACFD5599AB8} (Oberon Flash Game Host) - hxxp://icq.oberon-media.com/Gameshell/GameHost/1.0/OberonGameHost.cab O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\GEMEIN~1\Skype\SKYPE4~1.DLL O22 - SharedTaskScheduler: Browseui preloader - {438755C2-A8BA-11D1-B96B-00A0C90312E1} - C:\WINDOWS\system32\browseui.dll O22 - SharedTaskScheduler: Component Categories cache daemon - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\WINDOWS\system32\browseui.dll O23 - Service: Atheros Configuration Service (ACS) - Unknown owner - C:\WINDOWS\system32\acs.exe O23 - Service: Avira AntiVir Planer (AntiVirSchedulerService) - Avira GmbH - D:\Programme\Avira\AntiVir Desktop\sched.exe O23 - Service: Avira AntiVir Guard (AntiVirService) - Avira GmbH - D:\Programme\Avira\AntiVir Desktop\avguard.exe O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Programme\Java\jre6\bin\jqs.exe O23 - Service: nProtect GameGuard Service (npggsvc) - Unknown owner - C:\WINDOWS\system32\GameMon.des.exe (file missing) O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe O23 - Service: PnkBstrA - Unknown owner - C:\WINDOWS\system32\PnkBstrA.exe O23 - Service: PnkBstrB - Unknown owner - C:\WINDOWS\system32\PnkBstrB.exe -- End of file - 5588 bytes ======Scheduled tasks folder====== C:\WINDOWS\tasks\GlaryInitialize.job ======Registry dump====== [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{18DF081C-E8AD-4283-A596-FA578C2EBDC3}] Adobe PDF Link Helper - C:\Programme\Gemeinsame Dateien\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll [2010-06-19 75200] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{AF69DE43-7D58-4638-B6FA-CE66B5AD205D}] Google Toolbar Notifier BHO - C:\Programme\Google\GoogleToolbarNotifier\4.1.805.4472\swg.dll [2008-10-08 652784] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{DBC80044-A445-435b-BC74-9C25C1C588A9}] Java(tm) Plug-In 2 SSV Helper - C:\Programme\Java\jre6\bin\jp2ssv.dll [2010-03-02 41760] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{E7E6F031-17CE-4C07-BC86-EABFE594F69C}] JQSIEStartDetectorImpl Class - C:\Programme\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll [2010-03-02 79648] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar] {855F3B16-6D32-4fe6-8A56-BBB695989046} [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run] "NeroFilterCheck"=C:\WINDOWS\system32\NeroCheck.exe [2006-01-12 155648] "SoundMan"=C:\WINDOWS\SOUNDMAN.EXE [2006-06-20 577536] "avgnt"=D:\Programme\Avira\AntiVir Desktop\avgnt.exe [2009-03-02 209153] "SunJavaUpdateSched"=C:\Programme\Gemeinsame Dateien\Java\Java Update\jusched.exe [2010-01-11 246504] "NvCplDaemon"=C:\WINDOWS\system32\NvCpl.dll [2010-04-03 13670504] "NvMediaCenter"=C:\WINDOWS\system32\NvMcTray.dll [2010-04-03 110696] "Adobe Reader Speed Launcher"=C:\Programme\Adobe\Reader 9.0\Reader\Reader_sl.exe [2010-06-20 35760] "Adobe ARM"=C:\Programme\Gemeinsame Dateien\Adobe\ARM\1.0\AdobeARM.exe [2010-06-09 976832] [HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run] "CTFMON.EXE"=C:\WINDOWS\system32\ctfmon.exe [2008-04-14 15360] C:\Dokumente und Einstellungen\All Users\Startmenü\Programme\Autostart 802.11g Wireless Client Utility.lnk - C:\Programme\TRENDware\TEW444UB\WLACU.exe TEW-444UB Wireless Client Utility.lnk - C:\Programme\TRENDnet\TEW-444UB Wireless Client Utility\UMCCfg.exe [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\WgaLogon] C:\WINDOWS\system32\WgaLogon.dll [2007-03-15 236928] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad] WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll [2006-10-18 133632] UPnPMonitor - {e57ce738-33e8-4c51-8354-bb4de9d215d1} - C:\WINDOWS\system32\upnpui.dll [2008-04-14 239616] [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\PEVSystemStart] [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\procexp90.Sys] [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\PEVSystemStart] [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\procexp90.Sys] [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\{1a3e09be-1e45-494b-9174-d7385b45bbf5}] [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System] "dontdisplaylastusername"=0 "legalnoticecaption"= "legalnoticetext"= "shutdownwithoutlogon"=1 "undockwithoutlogon"=1 [HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\explorer] "NoDriveTypeAutoRun"=145 [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\explorer] "HonorAutoRunSetting"=1 [HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list] "%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019" "C:\Programme\ICQLite\ICQLite.exe"="C:\Programme\ICQLite\ICQLite.exe:*:Enabled:ICQ Lite" "C:\Programme\Steam\Steam.exe"="C:\Programme\Steam\Steam.exe:*:Enabled:Steam Client" "C:\Programme\THQ\Titan Quest\Titan Quest.exe"="C:\Programme\THQ\Titan Quest\Titan Quest.exe:*:Enabled:Titan Quest" "C:\Programme\Xfire\Xfire.exe"="C:\Programme\Xfire\Xfire.exe:*:Enabled:Xfire" "C:\Programme\Microsoft Games\Age of Mythology\aomx.exe"="C:\Programme\Microsoft Games\Age of Mythology\aomx.exe:*:Enabled:Age of Mythology - The Titans Expansion" "C:\BlueByte\BBGC\BBGChan.exe"="C:\BlueByte\BBGC\BBGChan.exe:*:Enabled:BBGChan" "C:\Programme\THQ\Titan Quest Immortal Throne\Tqit.exe"="C:\Programme\THQ\Titan Quest Immortal Throne\Tqit.exe:*:Enabled:Tqit" "C:\Programme\Metin2_Germany\metin2.bin"="C:\Programme\Metin2_Germany\metin2.bin:*:Enabled:metin2" "C:\Dokumente und Einstellungen\***\Desktop\Metin2_Germany\metin2.bin"="C:\Dokumente und Einstellungen\***\Desktop\Metin2_Germany\metin2.bin:*:Enabled:metin2" "C:\Programme\Mozilla Firefox\firefox.exe"="C:\Programme\Mozilla Firefox\firefox.exe:*:Enabled:Firefox" "C:\Programme\Steam\steamapps\dark_ares_from_hell\condition zero\hl.exe"="C:\Programme\Steam\steamapps\dark_ares_from_hell\condition zero\hl.exe:*:Enabled:Half-Life Launcher" "C:\Programme\ICQ6\ICQ.exe"="C:\Programme\ICQ6\ICQ.exe:*:Enabled:ICQ6" "C:\Programme\QIP\qip.exe"="C:\Programme\QIP\qip.exe:*:Enabled:Quiet Internet Pager" "C:\Dokumente und Einstellungen\***\Desktop\Downloads\SRO_NEW_Full-Client_Downloader.exe"="C:\Dokumente und Einstellungen\***\Desktop\Downloads\SRO_NEW_Full-Client_Downloader.exe:*:Enabled:Full-Client Downloader" "C:\Dokumente und Einstellungen\***\temp\TeamViewer3\TeamViewer.exe"="C:\Dokumente und Einstellungen\***\temp\TeamViewer3\TeamViewer.exe:*:Enabled:TeamViewer Remote Control Application" "C:\Dokumente und Einstellungen\***\Eigene Dateien\Meine Alben\teeworlds-0.4.2-win32\teeworlds_srv.exe"="C:\Dokumente und Einstellungen\***\Eigene Dateien\Meine Alben\teeworlds-0.4.2-win32\teeworlds_srv.exe:*:Enabled:teeworlds_srv" "C:\Dokumente und Einstellungen\***\Eigene Dateien\Eigene Dateien\UT2004\System\UT2004.exe"="C:\Dokumente und Einstellungen\***\Eigene Dateien\Eigene Dateien\UT2004\System\UT2004.exe:*:Enabled:UT2004" "C:\Programme\QIP Infium\infium.exe"="C:\Programme\QIP Infium\infium.exe:*:Enabled:QIP Infium" "C:\Dokumente und Einstellungen\***\Anwendungsdaten\Macromedia\Flash Player\www.macromedia.com\bin\octoshape\octoshape.exe"="C:\Dokumente und Einstellungen\***\Anwendungsdaten\Macromedia\Flash Player\www.macromedia.com\bin\octoshape\octoshape.exe:*:Enabled:Octoshape add-in for Adobe Flash Player" "C:\Programme\Lexmark 5600-6600 Series\lxduamon.exe"="C:\Programme\Lexmark 5600-6600 Series\lxduamon.exe:*:Enabled:Lexmark Device Monitor" "C:\Programme\Lexmark 5600-6600 Series\frun.exe"="C:\Programme\Lexmark 5600-6600 Series\frun.exe:*:Enabled:Lexmark Productivity Studio" "C:\Programme\Abbyy FineReader 6.0 Sprint\Scan\ScanMan6.exe"="C:\Programme\Abbyy FineReader 6.0 Sprint\Scan\ScanMan6.exe:*:Enabled:ABBYY FineReader" "C:\Programme\Lexmark 5600-6600 Series\lxdufax.exe"="C:\Programme\Lexmark 5600-6600 Series\lxdufax.exe:*:Enabled:Fax software" "C:\Programme\Internet Explorer\IEXPLORE.EXE"="C:\Programme\Internet Explorer\IEXPLORE.EXE:*:Disabled:Internet Explorer" "C:\Programme\Java\jre6\bin\java.exe"="C:\Programme\Java\jre6\bin\java.exe:*:Enabled:Java(TM) Platform SE binary" "C:\Programme\Steam\steamapps\dark_ares_from_hell\condition zero deleted scenes\hl.exe"="C:\Programme\Steam\steamapps\dark_ares_from_hell\condition zero deleted scenes\hl.exe:*:Enabled:Half-Life Launcher" "C:\Programme\mIRC\mirc.exe"="C:\Programme\mIRC\mirc.exe:*:Enabled:mIRC" "C:\Programme\TmNationsForever\TmForever.exe"="C:\Programme\TmNationsForever\TmForever.exe:*:Enabled:TmForever" "C:\WINDOWS\system32\PnkBstrA.exe"="C:\WINDOWS\system32\PnkBstrA.exe:*:Enabled:PnkBstrA" "C:\WINDOWS\system32\PnkBstrB.exe"="C:\WINDOWS\system32\PnkBstrB.exe:*:Enabled:PnkBstrB" "C:\maxga\SnowBoundOnline\Run.exe"="C:\maxga\SnowBoundOnline\Run.exe:*:Enabled:SnowBound Online" "C:\Programme\ICQ6.5\ICQ.exe"="C:\Programme\ICQ6.5\ICQ.exe:*:Enabled:ICQ6" "C:\Programme\devolo\informer\devinf.exe"="C:\Programme\devolo\informer\devinf.exe:*:Enabled:devolo Informer" "C:\Programme\maxga\SnowBoundOnline\Run.exe"="C:\Programme\maxga\SnowBoundOnline\Run.exe:*:Enabled:SnowBound Online" "C:\Programme\metinspeed\Longju3 & Tunamt2\1_Longju3 & Tunamt2.exe"="C:\Programme\metinspeed\Longju3 & Tunamt2\1_Longju3 & Tunamt2.exe:*:Enabled:1_Longju3 & Tunamt2" "C:\WINDOWS\system32\dpvsetup.exe"="C:\WINDOWS\system32\dpvsetup.exe:*:Enabled:Microsoft DirectPlay Voice Test" "C:\Programme\Skype\Phone\Skype.exe"="C:\Programme\Skype\Phone\Skype.exe:*:Enabled:Skype" "C:\Programme\metinspeed\Longju3 & Tunamt2\longju3_and_tunamt2.exe"="C:\Programme\metinspeed\Longju3 & Tunamt2\longju3_and_tunamt2.exe:*:Enabled:longju3_and_tunamt2" "C:\Dokumente und Einstellungen\***\Desktop\worms\wwp.exe"="C:\Dokumente und Einstellungen\***\Desktop\worms\wwp.exe:*:Enabled:Worms World Party" "C:\Dokumente und Einstellungen\***\Desktop\quake\quake3.exe"="C:\Dokumente und Einstellungen\***\Desktop\quake\quake3.exe:*:Enabled:quake3" "D:\Programme\COD 4\game\iw3mp.exe"="D:\Programme\COD 4\game\iw3mp.exe:*:Enabled:Call of Duty(R) 4 - Modern Warfare(TM)" "D:\Programme\quake\quake3.exe"="D:\Programme\quake\quake3.exe:*:Enabled:quake3" "D:\Programme\wc3\Warcraft III.exe"="D:\Programme\wc3\Warcraft III.exe:*:Enabled:Warcraft III" "%windir%\Network Diagnostic\xpnetdiag.exe"="%windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000" "C:\Dokumente und Einstellungen\***\Desktop\Metin2_Germany\metin2client.bin"="C:\Dokumente und Einstellungen\***\Desktop\Metin2_Germany\metin2client.bin:*:Enabled:metin2client" "C:\Programme\Steam\steamapps\dark_ares_from_hell\counter-strike\hl.exe"="C:\Programme\Steam\steamapps\dark_ares_from_hell\counter-strike\hl.exe:*:Enabled:Counter-Strike" [HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list] "%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019" "%windir%\Network Diagnostic\xpnetdiag.exe"="%windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000" ======List of files/folders created in the last 1 months====== 2010-09-14 22:38:11 ----D---- C:\rsit 2010-09-14 22:38:11 ----D---- C:\Programme\trend micro 2010-09-14 22:24:53 ----RD---- C:\32788R22FWJFW 2010-09-14 22:15:40 ----A---- C:\TDSSKiller.2.4.2.1_14.09.2010_22.15.40_log.txt 2010-09-14 21:58:43 ----D---- C:\Programme\CCleaner 2010-09-14 21:58:19 ----HDC---- C:\WINDOWS\$NtUninstallKB2347290$ 2010-09-14 21:58:16 ----HDC---- C:\WINDOWS\$NtUninstallKB2121546$ 2010-09-14 21:58:11 ----HDC---- C:\WINDOWS\$NtUninstallKB982802$ 2010-09-14 21:58:07 ----HDC---- C:\WINDOWS\$NtUninstallKB975558_WM8$ 2010-09-14 21:58:04 ----HDC---- C:\WINDOWS\$NtUninstallKB981322$ 2010-09-14 21:58:00 ----HDC---- C:\WINDOWS\$NtUninstallKB2259922$ 2010-09-14 21:57:53 ----HDC---- C:\WINDOWS\$NtUninstallKB2141007$ 2010-09-14 21:56:21 ----D---- C:\Dokumente und Einstellungen\admin\Anwendungsdaten\GlarySoft 2010-09-14 21:54:41 ----D---- C:\Programme\Glary Utilities 2010-09-14 21:53:14 ----D---- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\McAfee 2010-09-14 21:51:10 ----D---- C:\Dokumente und Einstellungen\admin\Anwendungsdaten\Malwarebytes 2010-09-13 22:13:54 ----A---- C:\WINDOWS\system32\drivers\mbamswissarmy.sys 2010-09-13 22:13:52 ----D---- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Malwarebytes 2010-09-13 22:13:51 ----D---- C:\Programme\Malwarebytes' Anti-Malware 2010-09-13 22:13:51 ----A---- C:\WINDOWS\system32\drivers\mbam.sys 2010-09-09 19:23:58 ----D---- C:\Programme\Adobe 2010-09-09 19:01:05 ----A---- C:\WINDOWS\cidamapi.dll 2010-08-31 18:34:22 ----D---- C:\Programme\Full Tilt Poker ======List of files/folders modified in the last 1 months====== 2010-09-14 22:38:11 ----RD---- C:\Programme 2010-09-14 22:30:11 ----D---- C:\Programme\Gemeinsame Dateien\Akamai 2010-09-14 22:30:01 ----D---- C:\WINDOWS\Temp 2010-09-14 22:30:01 ----D---- C:\WINDOWS\system32\CatRoot2 2010-09-14 22:15:40 ----D---- C:\WINDOWS\system32\drivers 2010-09-14 22:03:39 ----D---- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Adobe 2010-09-14 22:03:25 ----D---- C:\WINDOWS\system32 2010-09-14 22:03:25 ----D---- C:\Dokumente und Einstellungen\admin\Anwendungsdaten\Adobe 2010-09-14 22:03:25 ----A---- C:\WINDOWS\system32\PerfStringBackup.INI 2010-09-14 22:03:07 ----D---- C:\WINDOWS 2010-09-14 22:01:30 ----A---- C:\WINDOWS\SchedLgU.Txt 2010-09-14 21:58:55 ----D---- C:\WINDOWS\Minidump 2010-09-14 21:58:55 ----D---- C:\WINDOWS\Debug 2010-09-14 21:58:32 ----D---- C:\WINDOWS\Prefetch 2010-09-14 21:58:26 ----A---- C:\WINDOWS\system32\MRT.exe 2010-09-14 21:58:21 ----RSHDC---- C:\WINDOWS\system32\dllcache 2010-09-14 21:58:21 ----D---- C:\WINDOWS\inf 2010-09-14 21:58:00 ----HD---- C:\WINDOWS\$hf_mig$ 2010-09-14 21:54:45 ----SD---- C:\WINDOWS\Tasks 2010-09-14 21:49:44 ----HDC---- C:\WINDOWS\$NtUninstallKB901214$ 2010-09-14 19:47:37 ----D---- C:\Programme\Steam 2010-09-09 19:25:10 ----SHD---- C:\WINDOWS\Installer 2010-09-09 19:25:05 ----SHD---- C:\Config.Msi 2010-09-09 19:24:36 ----D---- C:\Programme\Gemeinsame Dateien\Adobe 2010-09-09 19:23:51 ----D---- C:\WINDOWS\WinSxS 2010-09-09 19:03:51 ----A---- C:\WINDOWS\NeroDigital.ini 2010-09-01 21:38:42 ----D---- C:\Programme\PokerStars.NET 2010-08-17 15:17:06 ----A---- C:\WINDOWS\system32\spoolsv.exe ======List of drivers (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)====== R0 nvata;nvata; C:\WINDOWS\system32\DRIVERS\nvata.sys [2005-08-18 93568] R0 ohci1394;VIA OHCI-konformer IEEE 1394-Hostcontroller; C:\WINDOWS\system32\DRIVERS\ohci1394.sys [2008-04-13 61696] R0 PxHelp20;PxHelp20; C:\WINDOWS\System32\Drivers\PxHelp20.sys [2009-05-01 43528] R1 AmdK8;AMD-Prozessortreiber; C:\WINDOWS\system32\DRIVERS\AmdK8.sys [2006-05-10 43520] R1 avgio;avgio; \??\D:\Programme\Avira\AntiVir Desktop\avgio.sys [] R1 avipbb;avipbb; C:\WINDOWS\system32\DRIVERS\avipbb.sys [2009-04-27 96104] R1 ssmdrv;ssmdrv; C:\WINDOWS\system32\DRIVERS\ssmdrv.sys [2009-06-10 28520] R2 AegisP;AEGIS Protocol (IEEE 802.1x) v3.2.0.3; C:\WINDOWS\system32\DRIVERS\AegisP.sys [2007-06-28 17801] R2 avgntflt;avgntflt; C:\WINDOWS\system32\DRIVERS\avgntflt.sys [2009-12-07 56816] R2 NPF_devolo;NetGroup Packet Filter Driver (devolo); C:\WINDOWS\system32\drivers\npf_devolo.sys [2008-11-28 35840] R3 ALCXWDM;Service for Realtek AC97 Audio (WDM); C:\WINDOWS\system32\drivers\ALCXWDM.SYS [2006-06-27 3972672] R3 hamachi;Hamachi Network Interface; C:\WINDOWS\system32\DRIVERS\hamachi.sys [2009-09-03 25280] R3 HidUsb;Microsoft HID Class-Treiber; C:\WINDOWS\system32\DRIVERS\hidusb.sys [2008-04-13 10368] R3 mouhid;Maus-HID-Treiber; C:\WINDOWS\system32\DRIVERS\mouhid.sys [2001-08-18 12288] R3 MTsensor;ATK0110 ACPI UTILITY; C:\WINDOWS\system32\DRIVERS\ASACPI.sys [2004-08-13 5810] R3 nv;nv; C:\WINDOWS\system32\DRIVERS\nv4_mini.sys [2010-04-04 10232128] R3 NVENETFD;NVIDIA nForce Networking Controller Driver; C:\WINDOWS\system32\DRIVERS\NVENETFD.sys [2005-09-30 34048] R3 nvnetbus;NVIDIA Network Bus Enumerator; C:\WINDOWS\system32\DRIVERS\nvnetbus.sys [2005-09-30 13056] R3 RRNetCapMP;RRNetCapMP; C:\WINDOWS\system32\DRIVERS\rrnetcap.sys [2009-11-16 27168] R3 tbhsd;Tunebite High-Speed Dubbing; C:\WINDOWS\system32\drivers\tbhsd.sys [2009-11-16 37920] R3 usbstor;USB-Massenspeichertreiber; C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS [2008-04-13 26368] S3 AR5523;802.11 Wireless Network Adapter Service; C:\WINDOWS\system32\DRIVERS\ar5523.sys [2005-02-24 285568] S3 Arp1394;1394-ARP-Clientprotokoll; C:\WINDOWS\system32\DRIVERS\arp1394.sys [2008-04-13 60800] S3 ATHFMWDL;802.11 USB Wireless Adapter Bootloader driver; C:\WINDOWS\System32\Drivers\ATHFMWDL.sys [2005-02-24 43392] S3 AVMUNET;AVM FRITZ!Box; C:\WINDOWS\system32\DRIVERS\avmunet.sys [2005-04-18 15104] S3 EagleNT;EagleNT; \??\C:\WINDOWS\system32\drivers\EagleNT.sys [] S3 HDAudBus;Microsoft UAA Bus Driver for High Definition Audio; C:\WINDOWS\system32\DRIVERS\HDAudBus.sys [2008-04-13 144384] S3 hwdatacard;Huawei DataCard USB Modem and USB Serial; C:\WINDOWS\system32\DRIVERS\ewusbmdm.sys [2007-06-29 88960] S3 IntcAzAudAddService;Service for Realtek HD Audio (WDM); C:\WINDOWS\system32\drivers\RtkHDAud.sys [] S3 NIC1394;1394-Netzwerktreiber; C:\WINDOWS\system32\DRIVERS\nic1394.sys [2008-04-13 61824] S3 PCASp50;PCASp50 NDIS Protocol Driver; C:\WINDOWS\System32\Drivers\PCASp50.sys [2004-10-25 34048] S3 RRNetCap;RRNetCap Service; C:\WINDOWS\system32\DRIVERS\rrnetcap.sys [2009-11-16 27168] S3 usbaudio;USB-Audiotreiber (WDM); C:\WINDOWS\system32\drivers\usbaudio.sys [2008-04-13 60032] S3 usbccgp;Microsoft Standard-USB-Haupttreiber; C:\WINDOWS\system32\DRIVERS\usbccgp.sys [2008-04-13 32128] S3 usbscan;USB-Scannertreiber; C:\WINDOWS\system32\DRIVERS\usbscan.sys [2008-04-13 15104] S3 WudfPf;Windows Driver Foundation - User-mode Driver Framework Platform Driver; C:\WINDOWS\system32\DRIVERS\WudfPf.sys [2006-09-28 77568] S3 WudfRd;Windows Driver Foundation - User-mode Driver Framework Reflector; C:\WINDOWS\system32\DRIVERS\wudfrd.sys [2006-09-28 82944] ======List of services (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)====== R2 Akamai;Akamai NetSession Interface; C:\WINDOWS\System32\svchost.exe [2008-04-14 14336] R2 AntiVirSchedulerService;Avira AntiVir Planer; D:\Programme\Avira\AntiVir Desktop\sched.exe [2009-06-10 108289] R2 AntiVirService;Avira AntiVir Guard; D:\Programme\Avira\AntiVir Desktop\avguard.exe [2009-08-05 185089] R2 JavaQuickStarterService;Java Quick Starter; C:\Programme\Java\jre6\bin\jqs.exe [2010-03-02 153376] R2 MDM;Machine Debug Manager; C:\Programme\Gemeinsame Dateien\Microsoft Shared\VS7DEBUG\MDM.EXE [2003-06-19 322120] R2 PnkBstrA;PnkBstrA; C:\WINDOWS\system32\PnkBstrA.exe [2009-05-23 66872] R2 PnkBstrB;PnkBstrB; C:\WINDOWS\system32\PnkBstrB.exe [2009-05-23 107832] S2 ACS;Atheros Configuration Service; C:\WINDOWS\system32\acs.exe [2005-08-19 36864] S3 aspnet_state;ASP.NET State Service; C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe [2008-07-25 34312] S3 clr_optimization_v2.0.50727_32;.NET Runtime Optimization Service v2.0.50727_X86; C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe [2008-07-25 69632] S3 FontCache3.0.0.0;Windows Presentation Foundation Font Cache 3.0.0.0; C:\WINDOWS\Microsoft.NET\Framework\v3.0\WPF\PresentationFontCache.exe [2008-07-29 46104] S3 idsvc;Windows CardSpace; C:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe [2008-07-29 881664] S3 npggsvc;nProtect GameGuard Service; C:\WINDOWS\system32\GameMon.des [2010-02-10 3458548] S3 NVSvc;NVIDIA Display Driver Service; C:\WINDOWS\system32\nvsvc32.exe [2010-04-03 154216] S3 ose;Office Source Engine; C:\Programme\Gemeinsame Dateien\Microsoft Shared\Source Engine\OSE.EXE [2003-07-28 89136] S3 usprserv;User Privilege Service; C:\WINDOWS\System32\svchost.exe [2008-04-14 14336] S3 WMPNetworkSvc;Windows Media Player-Netzwerkfreigabedienst; C:\Programme\Windows Media Player\WMPNetwk.exe [2006-11-03 920576] S3 WudfSvc;Windows Driver Foundation - User-mode Driver Framework; C:\WINDOWS\system32\svchost.exe [2008-04-14 14336] S4 NetTcpPortSharing;Net.Tcp Port Sharing Service; C:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMSvcHost.exe [2008-07-29 132096] -----------------EOF----------------- info.txt [code] info.txtRSIT Logfile: Code:
ATTFilter logfile of random's system information tool 1.08 2010-09-14 22:38:17 ======Uninstall list====== -->C:\Programme\DivX\DivXConverterUninstall.exe /CONVERTER -->MsiExec /X{DEA314C4-0929-4250-BC92-98E4C105F28D} -->rundll32.exe setupapi.dll,InstallHinfSection DefaultUninstall 132 C:\WINDOWS\INF\PCHealth.inf 802.11g Driver and Client Applications-->RunDll32 C:\PROGRA~1\GEMEIN~1\INSTAL~1\PROFES~1\RunTime\10\00\Intel32\Ctor.dll,LaunchSetup "C:\Programme\InstallShield Installation Information\{8EC3DC60-AD23-4DB6-866A-9D59FC75C3A2}\Setup.exe" -l0x9 -removeonly ABBYY FineReader 6.0 Sprint-->MsiExec.exe /X{ACF60000-22B9-4CE9-98D6-2CCF359BAC07} ACDSee 5.0 Standard-->MsiExec.exe /I{AF5E8D43-49AD-4BE7-A941-2BB0A8CACA62} Adobe Flash Player 10 Plugin-->C:\WINDOWS\system32\Macromed\Flash\FlashUtil10i_Plugin.exe -maintain plugin Adobe Flash Player ActiveX-->C:\WINDOWS\system32\Macromed\Flash\uninstall_activeX.exe Adobe Reader 9.3.4 - Deutsch-->MsiExec.exe /I{AC76BA86-7AD7-1031-7B44-A93000000001} Adobe Shockwave Player-->C:\WINDOWS\system32\Adobe\SHOCKW~1\UNWISE.EXE C:\WINDOWS\system32\Adobe\SHOCKW~1\Install.log Age of Mythology Gold-->"C:\Programme\Microsoft Games\Age of Mythology\UNINSTAL.EXE" /runtemp /uninstall Akamai NetSession Interface-->C:\Programme\Gemeinsame Dateien\Akamai\uninstall.exe And Yet It Moves-->MsiExec.exe /X{2CEA7E55-D41E-4D58-91FB-E14F1FD690AE} Aqua Real-->RunDll32 C:\PROGRA~1\GEMEIN~1\INSTAL~1\PROFES~1\RunTime\0700\Intel32\Ctor.dll,LaunchSetup "C:\Programme\InstallShield Installation Information\{1E66C7FF-F827-4AEF-A998-932EA824998B}\setup.exe" -l0x9 ASIO4ALL-->C:\Programme\ASIO4ALL v2\uninstall.exe Audials TV-->MsiExec.exe /I{1A0B8239-664B-434A-99D8-C50793513249} AudialsOne-->MsiExec.exe /X{80C7431E-CB45-40F4-AB4E-090E8AD4706D} AudioRecorder-->C:\AudioSuite\AudioRecorder\UninstalAR.exe Avira AntiVir Personal - Free Antivirus-->D:\Programme\Avira\AntiVir Desktop\setup.exe /REMOVE Blue Byte Game Channel-->C:\WINDOWS\system32\rundll32.exe C:\BlueByte\BBGC\uninst.dll,Uninstall "Blue Byte Game Channel" Call of Duty(R) 4 - Modern Warfare(TM)-->C:\Programme\InstallShield Installation Information\{E48469CC-635E-4FD5-A122-1497C286D217}\setup.exe -runfromtemp -l0x0407 CCleaner-->"C:\Programme\CCleaner\uninst.exe" Condition Zero Deleted Scenes-->"C:\Programme\Steam\steam.exe" steam://uninstall/100 Counter-Strike-->"C:\Programme\Steam\steam.exe" steam://uninstall/10 Crazy Machines - Neue Herausforderungen Demo-->MsiExec.exe /X{CBE5272C-CE7D-42D0-B531-D386F6E11774} Custom Mod : Lilith v0.98-->"C:\WINDOWS\unins000.exe" devolo dLAN-Konfigurationsassistent-->C:\Programme\devolo\setup.exe /remove:dlanconf devolo Informer-->C:\Programme\devolo\setup.exe /remove:dslmon Diablo II-->C:\Programme\Gemeinsame Dateien\Blizzard Entertainment\Diablo II\Uninstall.exe Die Siedler IV-->C:\WINDOWS\IsUn0407.exe -f"C:\BlueByte\Die Siedler IV\uninst.isu" -c"C:\BlueByte\Die Siedler IV\BBINST.DLL" Die Sims 2-->C:\Programme\EA GAMES\Die Sims 2\EAUninstall.exe DivX Codec-->C:\Programme\DivX\DivXCodecUninstall.exe /CODEC DivX Converter-->C:\Programme\DivX\DivXConverterUninstall.exe /CONVERTER DivX Player-->C:\Programme\DivX\DivXPlayerUninstall.exe /PLAYER DivX Plus DirectShow Filters-->C:\Programme\DivX\DivXDSFiltersUninstall.exe /DSFILTERS DivX Web Player-->C:\Programme\DivX\DivXWebPlayerUninstall.exe /PLUGIN Eets-->C:\Programme\Klei Entertainment\Eets\uninst.exe Free M4a to MP3 Converter 5.9-->"C:\Programme\Free M4a to MP3 Converter\unins000.exe" Full Tilt Poker-->C:\Programme\Full Tilt Poker\uninstall.exe Genius Move-->C:\WINDOWS\genius-uninst.exe C:\Programme\Genius Move Glary Utilities 2.28.0.1011-->"C:\Programme\Glary Utilities\unins000.exe" GNU Solfege 3.14.11-->"C:\Programme\GNU Solfege\unins000.exe" Google Earth-->MsiExec.exe /I{1D14373E-7970-4F2F-A467-ACA4F0EA21E3} Google Updater-->"C:\Programme\Google\Google Updater\GoogleUpdater.exe" -uninstall GUILD WARS-->"C:\Programme\GUILD WARS\Gw.exe" -uninstall Guitar Pro 5.0-->"C:\Programme\Guitar Pro 5\unins000.exe" Hamachi 1.0.3.0-->C:\Programme\Hamachi\uninstall.exe Hotfix for Microsoft .NET Framework 3.5 SP1 (KB953595)-->C:\WINDOWS\system32\msiexec.exe /package {CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9} /uninstall /qb+ REBOOTPROMPT="" Hotfix for Microsoft .NET Framework 3.5 SP1 (KB958484)-->C:\WINDOWS\system32\msiexec.exe /package {CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9} /uninstall {A7EEA2F2-BFCD-4A54-A575-7B81A786E658} /qb+ REBOOTPROMPT="" Hotfix for Windows Media Format 11 SDK (KB929399)-->"C:\WINDOWS\$NtUninstallKB929399$\spuninst\spuninst.exe" Hotfix für Windows Media Player 11 (KB939683)-->"C:\WINDOWS\$NtUninstallKB939683$\spuninst\spuninst.exe" Hotfix für Windows XP (KB952287)-->"C:\WINDOWS\$NtUninstallKB952287$\spuninst\spuninst.exe" Hotfix für Windows XP (KB961118)-->"C:\WINDOWS\$NtUninstallKB961118$\spuninst\spuninst.exe" Hotfix für Windows XP (KB970653-v3)-->"C:\WINDOWS\$NtUninstallKB970653-v3$\spuninst\spuninst.exe" Hotfix für Windows XP (KB976098-v2)-->"C:\WINDOWS\$NtUninstallKB976098-v2$\spuninst\spuninst.exe" Hotfix für Windows XP (KB979306)-->"C:\WINDOWS\$NtUninstallKB979306$\spuninst\spuninst.exe" Hotfix für Windows XP (KB981793)-->"C:\WINDOWS\$NtUninstallKB981793$\spuninst\spuninst.exe" HyperCam 2-->C:\Programme\HyCam2\UnHyCam2.exe ICQ Toolbar-->regsvr32 /u /s "C:\Programme\ICQToolbar\toolbaru.dll" ICQ6.5-->"C:\Programme\InstallShield Installation Information\{60DE4033-9503-48D1-A483-7846BD217CA9}\setup.exe" -runfromtemp -l0x0009 -removeonly InterActual Player-->C:\Program Files\InterActual\InterActual Player\inuninst.exe Java(TM) 6 Update 18-->MsiExec.exe /X{26A24AE4-039D-4CA4-87B4-2F83216018FF} Java(TM) SE Development Kit 6 Update 1-->MsiExec.exe /I{32A3A4F4-B792-11D6-A78A-00B0D0160010} Java(TM) SE Runtime Environment 6 Update 1-->MsiExec.exe /I{3248F0A8-6813-11D6-A77B-00B0D0160010} Lilith The Will of Demon : Battles of Jalavia Masteries Edition-->"C:\WINDOWS\unins001.exe" Lilith The Will of Demon : Difficulty Changer v1.1-->"C:\WINDOWS\unins002.exe" Malwarebytes' Anti-Malware-->"C:\Programme\Malwarebytes' Anti-Malware\unins000.exe" Microsoft .NET Framework 2.0 Service Pack 2-->MsiExec.exe /I{C09FB3CD-3D0C-3F2D-899A-6A1D67F2073F} Microsoft .NET Framework 3.0 Service Pack 2-->MsiExec.exe /I{A3051CD0-2F64-3813-A88D-B8DCCDE8F8C7} Microsoft .NET Framework 3.5 SP1-->C:\WINDOWS\Microsoft.NET\Framework\v3.5\Microsoft .NET Framework 3.5 SP1\setup.exe Microsoft .NET Framework 3.5 SP1-->MsiExec.exe /I{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9} Microsoft Compression Client Pack 1.0 for Windows XP-->"C:\WINDOWS\$NtUninstallMSCompPackV1$\spuninst\spuninst.exe" Microsoft Office Standard Edition 2003-->MsiExec.exe /I{91120407-6000-11D3-8CFE-0150048383C9} Microsoft User-Mode Driver Framework Feature Pack 1.0-->"C:\WINDOWS\$NtUninstallWudf01000$\spuninst\spuninst.exe" Microsoft Visual C++ 2005 Redistributable-->MsiExec.exe /X{837b34e3-7c30-493c-8f6a-2b0f04e2912c} Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17-->MsiExec.exe /X{9A25302D-30C0-39D9-BD6F-21E6EC160475} Mozilla Firefox (3.6.9)-->C:\Programme\Mozilla Firefox\uninstall\helper.exe MSXML 4.0 SP2 (KB927978)-->MsiExec.exe /I{37477865-A3F1-4772-AD43-AAFC6BCFF99F} MSXML 4.0 SP2 (KB936181)-->MsiExec.exe /I{C04E32E0-0416-434D-AFB9-6969D703A9EF} MSXML 4.0 SP2 (KB954430)-->MsiExec.exe /I{86493ADD-824D-4B8E-BD72-8C5DCDC52A71} MSXML 4.0 SP2 (KB973688)-->MsiExec.exe /I{F662A8E6-F4DC-41A2-901E-8C11F044BDEC} MSXML 6 Service Pack 2 (KB973686)-->MsiExec.exe /I{56EA8BC0-3751-4B93-BC9D-6651CC36E5AA} MSXML4 Parser-->MsiExec.exe /I{01501EBA-EC35-4F9F-8889-3BE346E5DA13} Nero 6-->C:\Programme\Ahead\nero\uninstall\UNNERO.exe /UNINSTALL NVIDIA Drivers-->C:\WINDOWS\system32\nvuninst.exe UninstallGUI NVIDIA nView Desktop Manager-->C:\Programme\NVIDIA Corporation\nView\nViewSetup.exe -uninstall NVIDIA PhysX-->MsiExec.exe /X{DEA314C4-0929-4250-BC92-98E4C105F28D} o2 Surf Box mini-->RunDll32 C:\PROGRA~1\GEMEIN~1\INSTAL~1\PROFES~1\RunTime\10\50\Intel32\Ctor.dll,LaunchSetup "C:\Programme\InstallShield Installation Information\{3EAAC5FD-E209-4856-8C49-D4EA40F85032}\setup.exe" -l0x7 -removeonly OpenOffice.org 3.2-->MsiExec.exe /I{192A107E-C6B9-41B9-BDBF-38E3AA226054} OPERATION7-->"D:\Programme\operation7\uninstall.exe" PixiePack Codec Pack-->MsiExec.exe /I{9C450606-ED24-4958-92BA-B8940C99D441} PokerStars.net-->"C:\Programme\PokerStars.NET\PokerStarsUninstall.exe" /u:PokerStars.net Portal-->"C:\programme\steam\steam.exe" steam://uninstall/400 PowerDVD-->RunDll32 C:\PROGRA~1\GEMEIN~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Programme\InstallShield Installation Information\{6811CAA0-BF12-11D4-9EA1-0050BAE317E1}\setup.exe" -uninstall PunkBuster Services-->C:\WINDOWS\system32\pbsvc.exe -u QIP 2005 Uninstall-->"C:\Programme\QIP\unqip.exe" QIP 8070_neu Jeak Edition-->C:\Programme\QIP\uninstall.exe Quake Live Mozilla Plugin-->MsiExec.exe /I{F5C521B6-1AF2-432C-A061-E79E2141A32F} Realtek AC'97 Audio-->RunDll32 C:\PROGRA~1\GEMEIN~1\INSTAL~1\PROFES~1\RunTime\11\50\Intel32\Ctor.dll,LaunchSetup "C:\Programme\InstallShield Installation Information\{FB08F381-6533-4108-B7DD-039E11FBC27E}\setup.exe" -l0x7 -removeonly REAPER-->"C:\Programme\REAPER\Uninstall.exe" Recorder-->C:\WINDOWS\st6unst.exe -n "C:\Programme\Recorder\ST6UNST.LOG" Registry Mechanic 7.0-->"C:\Programme\Registry Mechanic\unins000.exe" S4 League_EU-->RunDll32 C:\PROGRA~1\GEMEIN~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup "C:\Programme\InstallShield Installation Information\{D96021A9-B290-4783-B019-0E4000DA84CE}\setup.exe" -l0x9 Sicherheitsupdate für Windows Media Player (KB952069)-->"C:\WINDOWS\$NtUninstallKB952069_WM9$\spuninst\spuninst.exe" Sicherheitsupdate für Windows Media Player (KB954155)-->"C:\WINDOWS\$NtUninstallKB954155_WM9$\spuninst\spuninst.exe" Sicherheitsupdate für Windows Media Player (KB968816)-->"C:\WINDOWS\$NtUninstallKB968816_WM9$\spuninst\spuninst.exe" Sicherheitsupdate für Windows Media Player (KB973540)-->"C:\WINDOWS\$NtUninstallKB973540_WM9L$\spuninst\spuninst.exe" Sicherheitsupdate für Windows Media Player (KB975558)-->"C:\WINDOWS\$NtUninstallKB975558_WM8$\spuninst\spuninst.exe" Sicherheitsupdate für Windows Media Player (KB978695)-->"C:\WINDOWS\$NtUninstallKB978695_WM9$\spuninst\spuninst.exe" Sicherheitsupdate für Windows Media Player 11 (KB936782)-->"C:\WINDOWS\$NtUninstallKB936782_WMP11$\spuninst\spuninst.exe" Sicherheitsupdate für Windows Media Player 11 (KB954154)-->"C:\WINDOWS\$NtUninstallKB954154_WM11$\spuninst\spuninst.exe" Sicherheitsupdate für Windows Media Player 9 (KB917734)-->"C:\WINDOWS\$NtUninstallKB917734_WMP9$\spuninst\spuninst.exe" Sicherheitsupdate für Windows XP (KB2079403)-->"C:\WINDOWS\$NtUninstallKB2079403$\spuninst\spuninst.exe" Sicherheitsupdate für Windows XP (KB2115168)-->"C:\WINDOWS\$NtUninstallKB2115168$\spuninst\spuninst.exe" Sicherheitsupdate für Windows XP (KB2121546)-->"C:\WINDOWS\$NtUninstallKB2121546$\spuninst\spuninst.exe" Sicherheitsupdate für Windows XP (KB2160329)-->"C:\WINDOWS\$NtUninstallKB2160329$\spuninst\spuninst.exe" Sicherheitsupdate für Windows XP (KB2183461)-->"C:\WINDOWS\$NtUninstallKB2183461$\spuninst\spuninst.exe" Sicherheitsupdate für Windows XP (KB2229593)-->"C:\WINDOWS\$NtUninstallKB2229593$\spuninst\spuninst.exe" Sicherheitsupdate für Windows XP (KB2259922)-->"C:\WINDOWS\$NtUninstallKB2259922$\spuninst\spuninst.exe" Sicherheitsupdate für Windows XP (KB2286198)-->"C:\WINDOWS\$NtUninstallKB2286198$\spuninst\spuninst.exe" Sicherheitsupdate für Windows XP (KB2347290)-->"C:\WINDOWS\$NtUninstallKB2347290$\spuninst\spuninst.exe" Sicherheitsupdate für Windows XP (KB923561)-->"C:\WINDOWS\$NtUninstallKB923561$\spuninst\spuninst.exe" Sicherheitsupdate für Windows XP (KB923789)-->C:\WINDOWS\system32\MacroMed\Flash\genuinst.exe C:\WINDOWS\system32\MacroMed\Flash\KB923789.inf Sicherheitsupdate für Windows XP (KB938464)-->"C:\WINDOWS\$NtUninstallKB938464$\spuninst\spuninst.exe" Sicherheitsupdate für Windows XP (KB941569)-->"C:\WINDOWS\$NtUninstallKB941569$\spuninst\spuninst.exe" Sicherheitsupdate für Windows XP (KB946648)-->"C:\WINDOWS\$NtUninstallKB946648$\spuninst\spuninst.exe" Sicherheitsupdate für Windows XP (KB950759)-->"C:\WINDOWS\$NtUninstallKB950759$\spuninst\spuninst.exe" Sicherheitsupdate für Windows XP (KB950760)-->"C:\WINDOWS\$NtUninstallKB950760$\spuninst\spuninst.exe" Sicherheitsupdate für Windows XP (KB950762)-->"C:\WINDOWS\$NtUninstallKB950762$\spuninst\spuninst.exe" Sicherheitsupdate für Windows XP (KB950974)-->"C:\WINDOWS\$NtUninstallKB950974$\spuninst\spuninst.exe" Sicherheitsupdate für Windows XP (KB951066)-->"C:\WINDOWS\$NtUninstallKB951066$\spuninst\spuninst.exe" Sicherheitsupdate für Windows XP (KB951376)-->"C:\WINDOWS\$NtUninstallKB951376$\spuninst\spuninst.exe" Sicherheitsupdate für Windows XP (KB951376-v2)-->"C:\WINDOWS\$NtUninstallKB951376-v2$\spuninst\spuninst.exe" Sicherheitsupdate für Windows XP (KB951698)-->"C:\WINDOWS\$NtUninstallKB951698$\spuninst\spuninst.exe" Sicherheitsupdate für Windows XP (KB951748)-->"C:\WINDOWS\$NtUninstallKB951748$\spuninst\spuninst.exe" Sicherheitsupdate für Windows XP (KB952004)-->"C:\WINDOWS\$NtUninstallKB952004$\spuninst\spuninst.exe" Sicherheitsupdate für Windows XP (KB952954)-->"C:\WINDOWS\$NtUninstallKB952954$\spuninst\spuninst.exe" Sicherheitsupdate für Windows XP (KB953838)-->"C:\WINDOWS\$NtUninstallKB953838$\spuninst\spuninst.exe" Sicherheitsupdate für Windows XP (KB953839)-->"C:\WINDOWS\$NtUninstallKB953839$\spuninst\spuninst.exe" Sicherheitsupdate für Windows XP (KB954211)-->"C:\WINDOWS\$NtUninstallKB954211$\spuninst\spuninst.exe" Sicherheitsupdate für Windows XP (KB954600)-->"C:\WINDOWS\$NtUninstallKB954600$\spuninst\spuninst.exe" Sicherheitsupdate für Windows XP (KB955069)-->"C:\WINDOWS\$NtUninstallKB955069$\spuninst\spuninst.exe" Sicherheitsupdate für Windows XP (KB956390)-->"C:\WINDOWS\$NtUninstallKB956390$\spuninst\spuninst.exe" Sicherheitsupdate für Windows XP (KB956391)-->"C:\WINDOWS\$NtUninstallKB956391$\spuninst\spuninst.exe" Sicherheitsupdate für Windows XP (KB956572)-->"C:\WINDOWS\$NtUninstallKB956572$\spuninst\spuninst.exe" Sicherheitsupdate für Windows XP (KB956744)-->"C:\WINDOWS\$NtUninstallKB956744$\spuninst\spuninst.exe" Sicherheitsupdate für Windows XP (KB956802)-->"C:\WINDOWS\$NtUninstallKB956802$\spuninst\spuninst.exe" Sicherheitsupdate für Windows XP (KB956803)-->"C:\WINDOWS\$NtUninstallKB956803$\spuninst\spuninst.exe" Sicherheitsupdate für Windows XP (KB956841)-->"C:\WINDOWS\$NtUninstallKB956841$\spuninst\spuninst.exe" Sicherheitsupdate für Windows XP (KB956844)-->"C:\WINDOWS\$NtUninstallKB956844$\spuninst\spuninst.exe" Sicherheitsupdate für Windows XP (KB957095)-->"C:\WINDOWS\$NtUninstallKB957095$\spuninst\spuninst.exe" Sicherheitsupdate für Windows XP (KB957097)-->"C:\WINDOWS\$NtUninstallKB957097$\spuninst\spuninst.exe" Sicherheitsupdate für Windows XP (KB958215)-->"C:\WINDOWS\$NtUninstallKB958215$\spuninst\spuninst.exe" Sicherheitsupdate für Windows XP (KB958644)-->"C:\WINDOWS\$NtUninstallKB958644$\spuninst\spuninst.exe" Sicherheitsupdate für Windows XP (KB958687)-->"C:\WINDOWS\$NtUninstallKB958687$\spuninst\spuninst.exe" Sicherheitsupdate für Windows XP (KB958690)-->"C:\WINDOWS\$NtUninstallKB958690$\spuninst\spuninst.exe" Sicherheitsupdate für Windows XP (KB958869)-->"C:\WINDOWS\$NtUninstallKB958869$\spuninst\spuninst.exe" Sicherheitsupdate für Windows XP (KB959426)-->"C:\WINDOWS\$NtUninstallKB959426$\spuninst\spuninst.exe" Sicherheitsupdate für Windows XP (KB960225)-->"C:\WINDOWS\$NtUninstallKB960225$\spuninst\spuninst.exe" Sicherheitsupdate für Windows XP (KB960714)-->"C:\WINDOWS\$NtUninstallKB960714$\spuninst\spuninst.exe" Sicherheitsupdate für Windows XP (KB960715)-->"C:\WINDOWS\$NtUninstallKB960715$\spuninst\spuninst.exe" Sicherheitsupdate für Windows XP (KB960803)-->"C:\WINDOWS\$NtUninstallKB960803$\spuninst\spuninst.exe" Sicherheitsupdate für Windows XP (KB960859)-->"C:\WINDOWS\$NtUninstallKB960859$\spuninst\spuninst.exe" Sicherheitsupdate für Windows XP (KB961371)-->"C:\WINDOWS\$NtUninstallKB961371$\spuninst\spuninst.exe" Sicherheitsupdate für Windows XP (KB961373)-->"C:\WINDOWS\$NtUninstallKB961373$\spuninst\spuninst.exe" Sicherheitsupdate für Windows XP (KB961501)-->"C:\WINDOWS\$NtUninstallKB961501$\spuninst\spuninst.exe" Sicherheitsupdate für Windows XP (KB963027)-->"C:\WINDOWS\$NtUninstallKB963027$\spuninst\spuninst.exe" Sicherheitsupdate für Windows XP (KB968537)-->"C:\WINDOWS\$NtUninstallKB968537$\spuninst\spuninst.exe" Sicherheitsupdate für Windows XP (KB969059)-->"C:\WINDOWS\$NtUninstallKB969059$\spuninst\spuninst.exe" Sicherheitsupdate für Windows XP (KB969897)-->"C:\WINDOWS\$NtUninstallKB969897$\spuninst\spuninst.exe" Sicherheitsupdate für Windows XP (KB969898)-->"C:\WINDOWS\$NtUninstallKB969898$\spuninst\spuninst.exe" Sicherheitsupdate für Windows XP (KB969947)-->"C:\WINDOWS\$NtUninstallKB969947$\spuninst\spuninst.exe" Sicherheitsupdate für Windows XP (KB970238)-->"C:\WINDOWS\$NtUninstallKB970238$\spuninst\spuninst.exe" Sicherheitsupdate für Windows XP (KB970430)-->"C:\WINDOWS\$NtUninstallKB970430$\spuninst\spuninst.exe" Sicherheitsupdate für Windows XP (KB971468)-->"C:\WINDOWS\$NtUninstallKB971468$\spuninst\spuninst.exe" Sicherheitsupdate für Windows XP (KB971486)-->"C:\WINDOWS\$NtUninstallKB971486$\spuninst\spuninst.exe" Sicherheitsupdate für Windows XP (KB971557)-->"C:\WINDOWS\$NtUninstallKB971557$\spuninst\spuninst.exe" Sicherheitsupdate für Windows XP (KB971633)-->"C:\WINDOWS\$NtUninstallKB971633$\spuninst\spuninst.exe" Sicherheitsupdate für Windows XP (KB971657)-->"C:\WINDOWS\$NtUninstallKB971657$\spuninst\spuninst.exe" Sicherheitsupdate für Windows XP (KB971961)-->"C:\WINDOWS\$NtUninstallKB971961$\spuninst\spuninst.exe" Sicherheitsupdate für Windows XP (KB972260)-->"C:\WINDOWS\$NtUninstallKB972260$\spuninst\spuninst.exe" Sicherheitsupdate für Windows XP (KB972270)-->"C:\WINDOWS\$NtUninstallKB972270$\spuninst\spuninst.exe" Sicherheitsupdate für Windows XP (KB973346)-->"C:\WINDOWS\$NtUninstallKB973346$\spuninst\spuninst.exe" Sicherheitsupdate für Windows XP (KB973354)-->"C:\WINDOWS\$NtUninstallKB973354$\spuninst\spuninst.exe" Sicherheitsupdate für Windows XP (KB973507)-->"C:\WINDOWS\$NtUninstallKB973507$\spuninst\spuninst.exe" Sicherheitsupdate für Windows XP (KB973525)-->"C:\WINDOWS\$NtUninstallKB973525$\spuninst\spuninst.exe" Sicherheitsupdate für Windows XP (KB973869)-->"C:\WINDOWS\$NtUninstallKB973869$\spuninst\spuninst.exe" Sicherheitsupdate für Windows XP (KB973904)-->"C:\WINDOWS\$NtUninstallKB973904$\spuninst\spuninst.exe" Sicherheitsupdate für Windows XP (KB974112)-->"C:\WINDOWS\$NtUninstallKB974112$\spuninst\spuninst.exe" Sicherheitsupdate für Windows XP (KB974318)-->"C:\WINDOWS\$NtUninstallKB974318$\spuninst\spuninst.exe" Sicherheitsupdate für Windows XP (KB974392)-->"C:\WINDOWS\$NtUninstallKB974392$\spuninst\spuninst.exe" Sicherheitsupdate für Windows XP (KB974455)-->"C:\WINDOWS\$NtUninstallKB974455$\spuninst\spuninst.exe" Sicherheitsupdate für Windows XP (KB974571)-->"C:\WINDOWS\$NtUninstallKB974571$\spuninst\spuninst.exe" Sicherheitsupdate für Windows XP (KB975025)-->"C:\WINDOWS\$NtUninstallKB975025$\spuninst\spuninst.exe" Sicherheitsupdate für Windows XP (KB975467)-->"C:\WINDOWS\$NtUninstallKB975467$\spuninst\spuninst.exe" Sicherheitsupdate für Windows XP (KB975560)-->"C:\WINDOWS\$NtUninstallKB975560$\spuninst\spuninst.exe" Sicherheitsupdate für Windows XP (KB975561)-->"C:\WINDOWS\$NtUninstallKB975561$\spuninst\spuninst.exe" Sicherheitsupdate für Windows XP (KB975562)-->"C:\WINDOWS\$NtUninstallKB975562$\spuninst\spuninst.exe" Sicherheitsupdate für Windows XP (KB975713)-->"C:\WINDOWS\$NtUninstallKB975713$\spuninst\spuninst.exe" Sicherheitsupdate für Windows XP (KB976325)-->"C:\WINDOWS\$NtUninstallKB976325$\spuninst\spuninst.exe" Sicherheitsupdate für Windows XP (KB977165)-->"C:\WINDOWS\$NtUninstallKB977165$\spuninst\spuninst.exe" Sicherheitsupdate für Windows XP (KB977816)-->"C:\WINDOWS\$NtUninstallKB977816$\spuninst\spuninst.exe" Sicherheitsupdate für Windows XP (KB977914)-->"C:\WINDOWS\$NtUninstallKB977914$\spuninst\spuninst.exe" Sicherheitsupdate für Windows XP (KB978037)-->"C:\WINDOWS\$NtUninstallKB978037$\spuninst\spuninst.exe" Sicherheitsupdate für Windows XP (KB978251)-->"C:\WINDOWS\$NtUninstallKB978251$\spuninst\spuninst.exe" Sicherheitsupdate für Windows XP (KB978262)-->"C:\WINDOWS\$NtUninstallKB978262$\spuninst\spuninst.exe" Sicherheitsupdate für Windows XP (KB978338)-->"C:\WINDOWS\$NtUninstallKB978338$\spuninst\spuninst.exe" Sicherheitsupdate für Windows XP (KB978542)-->"C:\WINDOWS\$NtUninstallKB978542$\spuninst\spuninst.exe" Sicherheitsupdate für Windows XP (KB978601)-->"C:\WINDOWS\$NtUninstallKB978601$\spuninst\spuninst.exe" Sicherheitsupdate für Windows XP (KB978706)-->"C:\WINDOWS\$NtUninstallKB978706$\spuninst\spuninst.exe" Sicherheitsupdate für Windows XP (KB979309)-->"C:\WINDOWS\$NtUninstallKB979309$\spuninst\spuninst.exe" Sicherheitsupdate für Windows XP (KB979482)-->"C:\WINDOWS\$NtUninstallKB979482$\spuninst\spuninst.exe" Sicherheitsupdate für Windows XP (KB979559)-->"C:\WINDOWS\$NtUninstallKB979559$\spuninst\spuninst.exe" Sicherheitsupdate für Windows XP (KB979683)-->"C:\WINDOWS\$NtUninstallKB979683$\spuninst\spuninst.exe" Sicherheitsupdate für Windows XP (KB980195)-->"C:\WINDOWS\$NtUninstallKB980195$\spuninst\spuninst.exe" Sicherheitsupdate für Windows XP (KB980218)-->"C:\WINDOWS\$NtUninstallKB980218$\spuninst\spuninst.exe" Sicherheitsupdate für Windows XP (KB980232)-->"C:\WINDOWS\$NtUninstallKB980232$\spuninst\spuninst.exe" Sicherheitsupdate für Windows XP (KB980436)-->"C:\WINDOWS\$NtUninstallKB980436$\spuninst\spuninst.exe" Sicherheitsupdate für Windows XP (KB981322)-->"C:\WINDOWS\$NtUninstallKB981322$\spuninst\spuninst.exe" Sicherheitsupdate für Windows XP (KB981349)-->"C:\WINDOWS\$NtUninstallKB981349$\spuninst\spuninst.exe" Sicherheitsupdate für Windows XP (KB981852)-->"C:\WINDOWS\$NtUninstallKB981852$\spuninst\spuninst.exe" Sicherheitsupdate für Windows XP (KB981997)-->"C:\WINDOWS\$NtUninstallKB981997$\spuninst\spuninst.exe" Sicherheitsupdate für Windows XP (KB982214)-->"C:\WINDOWS\$NtUninstallKB982214$\spuninst\spuninst.exe" Sicherheitsupdate für Windows XP (KB982381)-->"C:\WINDOWS\$NtUninstallKB982381$\spuninst\spuninst.exe" Sicherheitsupdate für Windows XP (KB982665)-->"C:\WINDOWS\$NtUninstallKB982665$\spuninst\spuninst.exe" Sicherheitsupdate für Windows XP (KB982802)-->"C:\WINDOWS\$NtUninstallKB982802$\spuninst\spuninst.exe" Sid Meier's Pirates!-->C:\Programme\Gemeinsame Dateien\InstallShield\Driver\8\Intel 32\IDriver.exe /M{1632FD86-1BA4-4FC4-8B25-A8C655D63F68} /l1031 Silkroad-->C:\Programme\Silkroad\Remove.Exe Skype™ 3.8-->MsiExec.exe /X{5C82DAE5-6EB0-4374-9254-BE3319BA4E82} SnowBound Online v2.0-->"C:\Programme\maxga\SnowBoundOnline\unins000.exe" SpeechRedist-->MsiExec.exe /X{8795CBED-55E2-4693-9F14-84EC446935BE} SPORE™-->"C:\Programme\InstallShield Installation Information\{9DF0196F-B6B8-4C3A-8790-DE42AA530101}\SPORESetup.exe" -runfromtemp -l0x0007 -removeonly Steam-->MsiExec.exe /X{048298C9-A4D3-490B-9FF9-AB023A9238F3} TeamSpeak 2 RC2-->C:\Programme\Teamspeak2_RC2\unins000.exe TEW-444UB Wireless Client Utility-->RunDll32 C:\PROGRA~1\GEMEIN~1\INSTAL~1\PROFES~1\RunTime\10\00\Intel32\Ctor.dll,LaunchSetup "C:\Programme\InstallShield Installation Information\{A7AAB3EA-BF72-494E-BCF4-8BA9A068982A}\Setup.exe" -l0x9 -removeonly Titan Quest Immortal Throne-->RunDll32 C:\PROGRA~1\GEMEIN~1\INSTAL~1\PROFES~1\RunTime\11\50\Intel32\Ctor.dll,LaunchSetup "C:\Programme\InstallShield Installation Information\{B5C5C17E-FEF6-4062-8151-A427AE8AF9D7}\setup.exe" -l0x7 -removeonly Titan Quest Screensaver-->C:\Programme\Titan Quest Screensaver\Uninstall.exe Titan Quest-->RunDll32 C:\PROGRA~1\GEMEIN~1\INSTAL~1\PROFES~1\RunTime\11\50\Intel32\Ctor.dll,LaunchSetup "C:\Programme\InstallShield Installation Information\{412B69AF-C352-4F6F-A318-B92B3CB9ACC6}\setup.exe" -l0x7 -removeonly TmNationsForever-->"C:\Programme\TmNationsForever\unins000.exe" Unreal Tournament 2004-->C:\UT2004\System\Setup.exe uninstall "UT2004" Update for Microsoft .NET Framework 3.5 SP1 (KB963707)-->C:\WINDOWS\system32\msiexec.exe /package {CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9} /uninstall {B2AE9C82-DC7B-3641-BFC8-87275C4F3607} /qb+ REBOOTPROMPT="" Update für Microsoft Windows (KB971513)-->"C:\WINDOWS\$NtUninstallKB971513$\spuninst\spuninst.exe" Update für Windows XP (KB2141007)-->"C:\WINDOWS\$NtUninstallKB2141007$\spuninst\spuninst.exe" Update für Windows XP (KB951072-v2)-->"C:\WINDOWS\$NtUninstallKB951072-v2$\spuninst\spuninst.exe" Update für Windows XP (KB951978)-->"C:\WINDOWS\$NtUninstallKB951978$\spuninst\spuninst.exe" Update für Windows XP (KB955759)-->"C:\WINDOWS\$NtUninstallKB955759$\spuninst\spuninst.exe" Update für Windows XP (KB955839)-->"C:\WINDOWS\$NtUninstallKB955839$\spuninst\spuninst.exe" Update für Windows XP (KB967715)-->"C:\WINDOWS\$NtUninstallKB967715$\spuninst\spuninst.exe" Update für Windows XP (KB968389)-->"C:\WINDOWS\$NtUninstallKB968389$\spuninst\spuninst.exe" Update für Windows XP (KB971737)-->"C:\WINDOWS\$NtUninstallKB971737$\spuninst\spuninst.exe" Update für Windows XP (KB973687)-->"C:\WINDOWS\$NtUninstallKB973687$\spuninst\spuninst.exe" Update für Windows XP (KB973815)-->"C:\WINDOWS\$NtUninstallKB973815$\spuninst\spuninst.exe" Update für Windows XP (KB976749)-->"C:\WINDOWS\$NtUninstallKB976749$\spuninst\spuninst.exe" Update für Windows XP (KB978207)-->"C:\WINDOWS\$NtUninstallKB978207$\spuninst\spuninst.exe" Update für Windows XP (KB980182)-->"C:\WINDOWS\$NtUninstallKB980182$\spuninst\spuninst.exe" USB Mass Storage Reader-->RunDll32 C:\PROGRA~1\GEMEIN~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Programme\InstallShield Installation Information\{F2DD7B9B-4384-4131-A79C-804D6E0564BD}\Setup.exe" VC80CRTRedist - 8.0.50727.762-->MsiExec.exe /I{767CC44C-9BBC-438D-BAD3-FD4595DD148B} VideoLAN VLC media player 0.8.6b-->C:\Programme\VideoLAN\VLC\uninstall.exe Warsow 0.42-->"C:\Programme\Warsow\unins000.exe" Wichtiges Update für Windows Media Player 11 (KB959772)-->"C:\WINDOWS\$NtUninstallKB959772_WM11$\spuninst\spuninst.exe" Windows Imaging Component-->"C:\WINDOWS\$NtUninstallWIC$\spuninst\spuninst.exe" Windows Media Format 11 runtime-->"C:\Programme\Windows Media Player\wmsetsdk.exe" /UninstallAll Windows Media Format 11 runtime-->"C:\WINDOWS\$NtUninstallWMFDist11$\spuninst\spuninst.exe" Windows Media Player 11-->"C:\Programme\Windows Media Player\Setup_wm.exe" /Uninstall Windows Media Player 11-->"C:\WINDOWS\$NtUninstallwmp11$\spuninst\spuninst.exe" Windows XP Service Pack 3-->"C:\WINDOWS\$NtServicePackUninstall$\spuninst\spuninst.exe" Windows-Treiberpaket - Advanced Micro Devices (AmdK8) Processor (04/28/2006 1.3.1.0)-->C:\PROGRA~1\DIFX\7B44739871F4D539FA473F57A832EA4B6A59EF06\DPInst.exe /d /u C:\WINDOWS\system32\DRVSTORE\amdk8_46A23DA005A38EDACA9A5DA30EC2FEBF00D83D18\amdk8.inf WinRAR Archivierer-->C:\Programme\WinRAR\uninstall.exe Xfire (remove only)-->"C:\Programme\Xfire\uninst.exe" ======Security center information====== AV: AntiVir Desktop ======System event log====== Computer Name: *** Event Code: 18 Message: Installationsbereit: Die folgenden Updates wurden heruntergeladen und können installiert werden. Diese Updates sollen laut Zeitplan am Freitag, 13. August 2010 um 03:00 auf diesem Computer installiert werden: - Sicherheitsupdate für Windows XP (KB982665) - Sicherheitsupdate für Windows XP (KB981997) - Windows-Tool zum Entfernen bösartiger Software - August 2010 (KB890830) - Sicherheitsupdate für Windows XP (KB980436) - Sicherheitsupdate für Windows XP (KB2160329) - Sicherheitsupdate für .NET Framework 2.0 SP2 und 3.5 SP1 unter Windows Server 2003 und Windows XP x86 (KB983583) - Sicherheitsupdate für Windows XP (KB2079403) - Sicherheitsupdate für Windows XP (KB981852) - Sicherheitsupdate für Windows XP (KB2115168) - Sicherheitsupdate für Windows XP (KB982214) - Kumulatives Sicherheitsupdate für Internet Explorer 6 unter Windows XP (KB2183461) Record Number: 55892 Source Name: Windows Update Agent Time Written: 20100812133722.000000+120 Event Type: Informationen User: Computer Name: *** Event Code: 18 Message: Installationsbereit: Die folgenden Updates wurden heruntergeladen und können installiert werden. Diese Updates sollen laut Zeitplan am Freitag, 13. August 2010 um 03:00 auf diesem Computer installiert werden: - Sicherheitsupdate für Windows XP (KB981997) - Windows-Tool zum Entfernen bösartiger Software - August 2010 (KB890830) - Sicherheitsupdate für Windows XP (KB980436) - Sicherheitsupdate für Windows XP (KB2160329) - Sicherheitsupdate für .NET Framework 2.0 SP2 und 3.5 SP1 unter Windows Server 2003 und Windows XP x86 (KB983583) - Sicherheitsupdate für Windows XP (KB2079403) - Sicherheitsupdate für Windows XP (KB981852) - Sicherheitsupdate für Windows XP (KB2115168) - Sicherheitsupdate für Windows XP (KB982214) - Kumulatives Sicherheitsupdate für Internet Explorer 6 unter Windows XP (KB2183461) Record Number: 55891 Source Name: Windows Update Agent Time Written: 20100812133717.000000+120 Event Type: Informationen User: Computer Name: *** Event Code: 18 Message: Installationsbereit: Die folgenden Updates wurden heruntergeladen und können installiert werden. Diese Updates sollen laut Zeitplan am Freitag, 13. August 2010 um 03:00 auf diesem Computer installiert werden: - Sicherheitsupdate für Windows XP (KB981997) - Windows-Tool zum Entfernen bösartiger Software - August 2010 (KB890830) - Sicherheitsupdate für Windows XP (KB980436) - Sicherheitsupdate für Windows XP (KB2160329) - Sicherheitsupdate für .NET Framework 2.0 SP2 und 3.5 SP1 unter Windows Server 2003 und Windows XP x86 (KB983583) - Sicherheitsupdate für Windows XP (KB2079403) - Sicherheitsupdate für Windows XP (KB981852) - Sicherheitsupdate für Windows XP (KB2115168) - Sicherheitsupdate für Windows XP (KB982214) Record Number: 55890 Source Name: Windows Update Agent Time Written: 20100812133717.000000+120 Event Type: Informationen User: Computer Name: *** Event Code: 18 Message: Installationsbereit: Die folgenden Updates wurden heruntergeladen und können installiert werden. Diese Updates sollen laut Zeitplan am Freitag, 13. August 2010 um 03:00 auf diesem Computer installiert werden: - Sicherheitsupdate für Windows XP (KB981997) - Windows-Tool zum Entfernen bösartiger Software - August 2010 (KB890830) - Sicherheitsupdate für Windows XP (KB980436) - Sicherheitsupdate für Windows XP (KB2160329) - Sicherheitsupdate für .NET Framework 2.0 SP2 und 3.5 SP1 unter Windows Server 2003 und Windows XP x86 (KB983583) - Sicherheitsupdate für Windows XP (KB2079403) - Sicherheitsupdate für Windows XP (KB981852) - Sicherheitsupdate für Windows XP (KB982214) Record Number: 55889 Source Name: Windows Update Agent Time Written: 20100812133712.000000+120 Event Type: Informationen User: Computer Name: *** Event Code: 18 Message: Installationsbereit: Die folgenden Updates wurden heruntergeladen und können installiert werden. Diese Updates sollen laut Zeitplan am Freitag, 13. August 2010 um 03:00 auf diesem Computer installiert werden: - Sicherheitsupdate für Windows XP (KB981997) - Windows-Tool zum Entfernen bösartiger Software - August 2010 (KB890830) - Sicherheitsupdate für Windows XP (KB980436) - Sicherheitsupdate für Windows XP (KB2160329) - Sicherheitsupdate für .NET Framework 2.0 SP2 und 3.5 SP1 unter Windows Server 2003 und Windows XP x86 (KB983583) - Sicherheitsupdate für Windows XP (KB981852) - Sicherheitsupdate für Windows XP (KB982214) Record Number: 55888 Source Name: Windows Update Agent Time Written: 20100812133712.000000+120 Event Type: Informationen User: =====Application event log===== Computer Name: *** Event Code: 4096 Message: Der AntiVir Dienst wurde erfolgreich gestartet! Record Number: 3235 Source Name: Avira AntiVir Time Written: 20090318152657.000000+060 Event Type: Informationen User: NT-AUTORITÄT\SYSTEM Computer Name: *** Event Code: 1517 Message: Die Registrierung des Benutzers "***\***" wurde gespeichert, obwohl eine Anwendung oder ein Dienst auf die Registrierung während der Abmeldung zugegriffen hat. Der von der Registrierung des Benutzers verwendete Speicher wurde nicht freigegeben. Der Upload der Registrierung wird durchgeführt, wenn diese nicht mehr verwendet wird. Dies wird oft durch Dienste verursacht, die unter einem Benutzerkonto ausgeführt werden. Versuchen Sie diese so zu Konfigurieren, dass sie unter den Konten "Lokaler Dienst" oder "Netzwerkdienst" ausgeführt werden. Record Number: 3234 Source Name: Userenv Time Written: 20090318152531.000000+060 Event Type: Warnung User: NT-AUTORITÄT\SYSTEM Computer Name: *** Event Code: 1524 Message: Die Klassenregistrierungsdatei kann nicht entladen werden, da sie weiterhin von anderen Anwendungen bzw. Diensten verwendet wird. Die Datei wird entladen, wenn sie nicht mehr verwendet wird. Record Number: 3233 Source Name: Userenv Time Written: 20090318152510.000000+060 Event Type: Warnung User: ***\*** Computer Name: *** Event Code: 1002 Message: Stillstehende Anwendung steam.exe, Version 1.0.0.0, Stillstandmodul hungapp, Version 0.0.0.0, Stillstandadresse 0x00000000. Record Number: 3232 Source Name: Application Hang Time Written: 20090318151936.000000+060 Event Type: Fehler User: Computer Name: *** Event Code: 1002 Message: Stillstehende Anwendung lxdudiag.exe, Version 1.65.0.0, Stillstandmodul hungapp, Version 0.0.0.0, Stillstandadresse 0x00000000. Record Number: 3231 Source Name: Application Hang Time Written: 20090318151512.000000+060 Event Type: Fehler User: ======Environment variables====== "ComSpec"=%SystemRoot%\system32\cmd.exe "Path"=c:\Programme\NVIDIA Corporation\PhysX\Common;%SystemRoot%\system32;%SystemRoot%;%SystemRoot%\System32\Wbem;C:\Programme\Gemeinsame Dateien\DivX Shared\ "windir"=%SystemRoot% "FP_NO_HOST_CHECK"=NO "OS"=Windows_NT "PROCESSOR_ARCHITECTURE"=x86 "PROCESSOR_LEVEL"=15 "PROCESSOR_IDENTIFIER"=x86 Family 15 Model 67 Stepping 2, AuthenticAMD "PROCESSOR_REVISION"=4302 "NUMBER_OF_PROCESSORS"=2 "PATHEXT"=.COM;.EXE;.BAT;.CMD;.VBS;.VBE;.JS;.JSE;.WSF;.WSH "TEMP"=%SystemRoot%\TEMP "TMP"=%SystemRoot%\TEMP -----------------EOF----------------- |
15.09.2010, 20:31 | #4 |
| Avira Antivir meldet BDS\Papras.QN in C:\WINDOWS\cidamapi.dll 3. hjtscanlist.txt Code:
ATTFilter $$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$ º º hjtscanlist v2.0 º º $$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$ Microsoft Windows XP [Version 5.1.2600] C: 14.09.2010 22:42 C:\rsit --------- 0 14.09.2010 22:38 C:\Programme --------- 0 C:\pagefile.sys --------- 14.09.2010 22:26 C:\32788R22FWJFW --------- 0 14.09.2010 22:15 C:\TDSSKiller.2.4.2.1_14.09.2010_22.15.40_log.txt --------- 35588 14.09.2010 22:03 C:\WINDOWS --------- 0 09.09.2010 19:25 C:\Config.Msi --------- 0 22.05.2010 15:09 C:\Temp --------- 0 16.05.2010 16:46 C:\NVIDIA --------- 0 19.04.2010 17:10 C:\ntldr --------- 251712 23.03.2010 20:37 C:\RECYCLER --------- 0 23.03.2010 20:36 C:\Dokumente und Einstellungen --------- 0 07.11.2009 16:10 C:\Program Files --------- 0 06.11.2009 22:15 C:\AudioSuite --------- 0 05.06.2009 19:38 C:\Fiaa --------- 0 27.03.2009 22:02 C:\BnetLog.txt --------- 1091 15.03.2009 20:16 C:\logs --------- 0 03.02.2009 21:46 C:\Games --------- 0 03.02.2009 21:43 C:\SIERRA --------- 0 22.12.2008 00:04 C:\CrashReport --------- 0 26.02.2008 18:30 C:\UT2004 --------- 0 17.07.2007 21:18 C:\BlueByte --------- 0 28.06.2007 09:58 C:\W-lan Traiber --------- 0 25.06.2007 12:59 C:\boot.ini --------- 223 20.06.2007 14:29 C:\System Volume Information --------- 0 20.06.2007 14:25 C:\MSDOS.SYS --------- 0 20.06.2007 14:25 C:\CONFIG.SYS --------- 0 20.06.2007 14:25 C:\IO.SYS --------- 0 20.06.2007 14:25 C:\AUTOEXEC.BAT --------- 0 04.08.2004 14:00 C:\bootfont.bin --------- 4952 04.08.2004 14:00 C:\NTDETECT.COM --------- 47564 ---------------------------------------- C:\WINDOWS 14.09.2010 22:30 C:\WINDOWS\WindowsUpdate.log --------- 1422746 14.09.2010 22:29 C:\WINDOWS\0.log --------- 0 14.09.2010 22:29 C:\WINDOWS\wiadebug.log --------- 159 14.09.2010 22:29 C:\WINDOWS\wiaservc.log --------- 50 14.09.2010 22:29 C:\WINDOWS\bootstat.dat --------- 2048 14.09.2010 22:01 C:\WINDOWS\SchedLgU.Txt --------- 32622 09.09.2010 19:03 C:\WINDOWS\NeroDigital.ini --------- 202 09.09.2010 19:01 C:\WINDOWS\cidamapi.dll --------- 46592 06.09.2010 21:19 C:\WINDOWS\ALCFDRTM.VER --------- 60416 09.02.2010 18:45 C:\WINDOWS\popcinfot.dat --------- 39 23.01.2010 02:37 C:\WINDOWS\game.ini --------- 279 19.01.2010 23:36 C:\WINDOWS\Podcasts.INI --------- 118 07.11.2009 18:18 C:\WINDOWS\iPlayer.INI --------- 0 31.10.2009 22:29 C:\WINDOWS\system.ini --------- 231 17.09.2009 21:39 C:\WINDOWS\kaillera.ini --------- 558 06.07.2009 14:37 C:\WINDOWS\unins002.dat --------- 1173 06.07.2009 14:37 C:\WINDOWS\unins002.exe --------- 695578 18.05.2009 20:54 C:\WINDOWS\Setup1.exe --------- 249856 18.05.2009 20:54 C:\WINDOWS\ST6UNST.EXE --------- 73216 03.02.2009 21:43 C:\WINDOWS\SIERRA.INI --------- 164 26.12.2008 23:04 C:\WINDOWS\unins001.dat --------- 3202 26.12.2008 23:02 C:\WINDOWS\unins001.exe --------- 697862 30.10.2008 22:33 C:\WINDOWS\setupapi.log.0.old --------- 1028339 25.10.2008 13:46 C:\WINDOWS\ModemLog_HUAWEI Mobile Connect - 3G Modem.txt --------- 12900 14.04.2008 04:23 C:\WINDOWS\winhlp32.exe --------- 288768 14.04.2008 04:23 C:\WINDOWS\slrundll.exe --------- 32866 14.04.2008 04:22 C:\WINDOWS\regedit.exe --------- 153600 14.04.2008 04:22 C:\WINDOWS\notepad.exe --------- 70144 14.04.2008 04:22 C:\WINDOWS\hh.exe --------- 10752 14.04.2008 04:22 C:\WINDOWS\explorer.exe --------- 1036800 14.04.2008 04:22 C:\WINDOWS\twain_32.dll --------- 50688 28.12.2007 20:59 C:\WINDOWS\unins000.dat --------- 1774 28.12.2007 20:59 C:\WINDOWS\unins000.exe --------- 684476 17.08.2007 13:06 C:\WINDOWS\mozver.dat --------- 1274 21.07.2007 23:26 C:\WINDOWS\Titan Quest Screensaver.scr --------- 1312249 08.07.2007 17:00 C:\WINDOWS\genius-uninst.exe --------- 192512 02.07.2007 16:02 C:\WINDOWS\ODBC.INI --------- 400 02.07.2007 16:02 C:\WINDOWS\win.ini --------- 603 30.06.2007 19:07 C:\WINDOWS\ALCFDRTM.EXE --------- 60416 30.06.2007 14:20 C:\WINDOWS\WMSysPr9.prx --------- 316640 29.06.2007 14:41 C:\WINDOWS\nsreg.dat --------- 0 25.06.2007 13:01 C:\WINDOWS\AS_Debug.txt --------- 0 25.06.2007 13:01 C:\WINDOWS\Ascd_tmp.ini --------- 20771 20.06.2007 15:19 C:\WINDOWS\Sti_Trace.log --------- 0 20.06.2007 14:27 C:\WINDOWS\REGLOCS.OLD --------- 8192 20.06.2007 14:25 C:\WINDOWS\control.ini --------- 0 20.06.2007 14:25 C:\WINDOWS\ODBCINST.INI --------- 4161 20.06.2007 14:25 C:\WINDOWS\WindowsShell.Manifest --------- 749 20.06.2007 14:23 C:\WINDOWS\vb.ini --------- 36 20.06.2007 14:23 C:\WINDOWS\vbaddin.ini --------- 37 28.12.2006 21:01 C:\WINDOWS\002968_.tmp --------- 19569 20.06.2006 23:42 C:\WINDOWS\soundman.exe --------- 577536 20.03.2006 05:48 C:\WINDOWS\alcupd.exe --------- 315392 18.11.2005 05:20 C:\WINDOWS\Alcrmv.exe --------- 217088 04.08.2004 14:00 C:\WINDOWS\winnt.bmp --------- 48680 04.08.2004 14:00 C:\WINDOWS\SET3.tmp --------- 1014663 04.08.2004 14:00 C:\WINDOWS\Seifenblase.bmp --------- 65978 04.08.2004 14:00 C:\WINDOWS\SET4.tmp --------- 1086058 04.08.2004 14:00 C:\WINDOWS\SET8.tmp --------- 14043 04.08.2004 14:00 C:\WINDOWS\TASKMAN.EXE --------- 15872 04.08.2004 14:00 C:\WINDOWS\Rhododendron.bmp --------- 17362 04.08.2004 14:00 C:\WINDOWS\twain.dll --------- 94800 04.08.2004 14:00 C:\WINDOWS\Pr„riewind.bmp --------- 65954 04.08.2004 14:00 C:\WINDOWS\twunk_16.exe --------- 49680 04.08.2004 14:00 C:\WINDOWS\twunk_32.exe --------- 25600 04.08.2004 14:00 C:\WINDOWS\msdfmap.ini --------- 1405 04.08.2004 14:00 C:\WINDOWS\Kaffeetasse.bmp --------- 17062 04.08.2004 14:00 C:\WINDOWS\wmprfDEU.prx --------- 34818 04.08.2004 14:00 C:\WINDOWS\Granit.bmp --------- 26582 04.08.2004 14:00 C:\WINDOWS\F„cher.bmp --------- 26680 04.08.2004 14:00 C:\WINDOWS\Feder.bmp --------- 16730 04.08.2004 14:00 C:\WINDOWS\explorer.scf --------- 80 04.08.2004 14:00 C:\WINDOWS\winhelp.exe --------- 257568 04.08.2004 14:00 C:\WINDOWS\desktop.ini --------- 2 04.08.2004 14:00 C:\WINDOWS\clock.avi --------- 82944 04.08.2004 14:00 C:\WINDOWS\vmmreg32.dll --------- 18944 04.08.2004 14:00 C:\WINDOWS\winnt256.bmp --------- 48680 04.08.2004 14:00 C:\WINDOWS\Blaue Spitzen 16.bmp --------- 1272 04.08.2004 14:00 C:\WINDOWS\Zapotek.bmp --------- 9522 04.08.2004 14:00 C:\WINDOWS\Santa Fe-Stuck.bmp --------- 65832 04.08.2004 14:00 C:\WINDOWS\Angler.bmp --------- 17336 04.08.2004 14:00 C:\WINDOWS\_default.pif --------- 707 25.11.2002 15:57 C:\WINDOWS\AquaReal.scr --------- 811008 15.11.2002 17:56 C:\WINDOWS\SNVerifyDLL.dll --------- 131072 05.03.2002 12:30 C:\WINDOWS\Delvid.exe --------- 90149 04.03.2002 09:29 C:\WINDOWS\shutdownaware.exe --------- 69632 21.10.1998 18:43 C:\WINDOWS\IsUn0407.exe --------- 328704 06.11.1996 13:05 C:\WINDOWS\unin0407.exe --------- 302592 05.11.1996 17:13 C:\WINDOWS\uninst.exe --------- 299008 ---------------------------------------- C:\WINDOWS\System 14.04.2008 04:23 C:\WINDOWS\System\winspool.drv --------- 146944 04.08.2004 14:00 C:\WINDOWS\System\AVIFILE.DLL --------- 109504 04.08.2004 14:00 C:\WINDOWS\System\COMMDLG.DLL --------- 33744 04.08.2004 14:00 C:\WINDOWS\System\KEYBOARD.DRV --------- 2000 04.08.2004 14:00 C:\WINDOWS\System\LZEXPAND.DLL --------- 9936 04.08.2004 14:00 C:\WINDOWS\System\MCIAVI.DRV --------- 73760 04.08.2004 14:00 C:\WINDOWS\System\MCISEQ.DRV --------- 25296 04.08.2004 14:00 C:\WINDOWS\System\MCIWAVE.DRV --------- 28160 04.08.2004 14:00 C:\WINDOWS\System\MMSYSTEM.DLL --------- 69632 04.08.2004 14:00 C:\WINDOWS\System\MMTASK.TSK --------- 1152 04.08.2004 14:00 C:\WINDOWS\System\MOUSE.DRV --------- 2032 04.08.2004 14:00 C:\WINDOWS\System\AVICAP.DLL --------- 70368 04.08.2004 14:00 C:\WINDOWS\System\OLECLI.DLL --------- 82944 04.08.2004 14:00 C:\WINDOWS\System\OLESVR.DLL --------- 24064 04.08.2004 14:00 C:\WINDOWS\System\setup.inf --------- 59167 04.08.2004 14:00 C:\WINDOWS\System\SHELL.DLL --------- 5120 04.08.2004 14:00 C:\WINDOWS\System\SOUND.DRV --------- 1744 04.08.2004 14:00 C:\WINDOWS\System\stdole.tlb --------- 5532 04.08.2004 14:00 C:\WINDOWS\System\SYSTEM.DRV --------- 3360 04.08.2004 14:00 C:\WINDOWS\System\TAPI.DLL --------- 19200 04.08.2004 14:00 C:\WINDOWS\System\TIMER.DRV --------- 4048 04.08.2004 14:00 C:\WINDOWS\System\VER.DLL --------- 9200 04.08.2004 14:00 C:\WINDOWS\System\VGA.DRV --------- 2176 04.08.2004 14:00 C:\WINDOWS\System\WFWNET.DRV --------- 13600 04.08.2004 14:00 C:\WINDOWS\System\MSVIDEO.DLL --------- 127104 ---------------------------------------- C:\WINDOWS\System32 14.09.2010 22:30 C:\WINDOWS\system32\wpa.dbl --------- 13646 14.09.2010 22:30 C:\WINDOWS\system32\CatRoot2 --------- 0 14.09.2010 22:29 C:\WINDOWS\system32\NvApps.xml --------- 276202 14.09.2010 22:15 C:\WINDOWS\system32\drivers --------- 0 14.09.2010 22:03 C:\WINDOWS\system32\perfh009.dat --------- 435568 14.09.2010 22:03 C:\WINDOWS\system32\perfh007.dat --------- 452278 14.09.2010 22:03 C:\WINDOWS\system32\perfc009.dat --------- 68464 14.09.2010 22:03 C:\WINDOWS\system32\perfc007.dat --------- 81236 14.09.2010 22:03 C:\WINDOWS\system32\PerfStringBackup.INI --------- 1051876 14.09.2010 21:58 C:\WINDOWS\system32\MRT.exe --------- 35552200 14.09.2010 21:58 C:\WINDOWS\system32\dllcache --------- 0 14.09.2010 19:44 C:\WINDOWS\system32\FNTCACHE.DAT --------- 146016 17.08.2010 15:17 C:\WINDOWS\system32\spoolsv.exe --------- 58880 27.07.2010 08:29 C:\WINDOWS\system32\shell32.dll --------- 8503296 22.07.2010 17:48 C:\WINDOWS\system32\rpcrt4.dll --------- 590848 22.07.2010 08:19 C:\WINDOWS\system32\xpsp4res.dll --------- 5632 30.06.2010 14:28 C:\WINDOWS\system32\schannel.dll --------- 149504 24.06.2010 14:10 C:\WINDOWS\system32\wininet.dll --------- 672768 24.06.2010 14:10 C:\WINDOWS\system32\urlmon.dll --------- 628736 24.06.2010 14:10 C:\WINDOWS\system32\tdc.ocx --------- 61952 24.06.2010 14:10 C:\WINDOWS\system32\shdocvw.dll --------- 1509888 24.06.2010 14:10 C:\WINDOWS\system32\mshtml.dll --------- 3094016 24.06.2010 14:10 C:\WINDOWS\system32\iepeers.dll --------- 251904 24.06.2010 14:10 C:\WINDOWS\system32\ieencode.dll --------- 81920 24.06.2010 14:10 C:\WINDOWS\system32\browseui.dll --------- 1025024 24.06.2010 12:37 C:\WINDOWS\system32\html.iec --------- 371200 24.06.2010 11:02 C:\WINDOWS\system32\win32k.sys --------- 1852032 18.06.2010 19:44 C:\WINDOWS\system32\winsrv.dll --------- 293888 17.06.2010 16:03 C:\WINDOWS\system32\iccvid.dll --------- 80384 15.06.2010 18:16 C:\WINDOWS\system32\l3codecx.ax --------- 143422 14.06.2010 09:41 C:\WINDOWS\system32\msxml3.dll --------- 1172480 09.06.2010 09:43 C:\WINDOWS\system32\inetcomm.dll --------- 692736 27.05.2010 00:29 C:\WINDOWS\system32\TZLog.log --------- 850738 22.05.2010 15:04 C:\WINDOWS\system32\CatRoot --------- 0 16.05.2010 16:47 C:\WINDOWS\system32\ReinstallBackups --------- 0 28.04.2010 07:41 C:\WINDOWS\system32\ntoskrnl.exe --------- 2148864 28.04.2010 07:41 C:\WINDOWS\system32\ntkrnlpa.exe --------- 2027008 21.04.2010 15:28 C:\WINDOWS\system32\tzchange.exe --------- 46080 20.04.2010 07:29 C:\WINDOWS\system32\atmfd.dll --------- 285696 19.04.2010 21:27 C:\WINDOWS\system32\spupdwxp.log --------- 247 19.04.2010 21:26 C:\WINDOWS\system32\Setup --------- 0 19.04.2010 21:26 C:\WINDOWS\system32\wbem --------- 0 19.04.2010 17:14 C:\WINDOWS\system32\de-de --------- 0 19.04.2010 17:14 C:\WINDOWS\system32\usmt --------- 0 19.04.2010 17:14 C:\WINDOWS\system32\de --------- 0 19.04.2010 17:14 C:\WINDOWS\system32\bits --------- 0 19.04.2010 17:12 C:\WINDOWS\system32\Restore --------- 0 19.04.2010 17:12 C:\WINDOWS\system32\npp --------- 0 19.04.2010 17:12 C:\WINDOWS\system32\Com --------- 0 19.04.2010 17:11 C:\WINDOWS\system32\oobe --------- 0 16.04.2010 17:36 C:\WINDOWS\system32\usp10.dll --------- 406016 06.04.2010 04:52 C:\WINDOWS\system32\WMVCore.dll --------- 2462720 04.04.2010 00:55 C:\WINDOWS\system32\OpenCL.dll --------- 61440 04.04.2010 00:55 C:\WINDOWS\system32\nvcompiler.dll --------- 11647592 04.04.2010 00:55 C:\WINDOWS\system32\nvcuda.dll --------- 4075520 04.04.2010 00:55 C:\WINDOWS\system32\nvcodins.dll --------- 227944 04.04.2010 00:55 C:\WINDOWS\system32\nvcod.dll --------- 227944 04.04.2010 00:55 C:\WINDOWS\system32\nvudisp.exe --------- 600680 04.04.2010 00:55 C:\WINDOWS\system32\nvcuvenc.dll --------- 2646632 04.04.2010 00:55 C:\WINDOWS\system32\nvcuvid.dll --------- 2030184 04.04.2010 00:55 C:\WINDOWS\system32\nv4_disp.dll --------- 6432128 04.04.2010 00:55 C:\WINDOWS\system32\nvoglnt.dll --------- 14757888 04.04.2010 00:55 C:\WINDOWS\system32\nvdata.bin --------- 2183470 04.04.2010 00:55 C:\WINDOWS\system32\nvdisp.nvu --------- 25755 04.04.2010 00:55 C:\WINDOWS\system32\nvapi.dll --------- 1097728 04.04.2010 00:55 C:\WINDOWS\system32\nvinfo.pb --------- 9046 03.04.2010 19:23 C:\WINDOWS\system32\nvmccs.dll --------- 278120 03.04.2010 19:23 C:\WINDOWS\system32\nvmctray.dll --------- 110696 03.04.2010 19:23 C:\WINDOWS\system32\nvcolor.exe --------- 145000 03.04.2010 19:23 C:\WINDOWS\system32\nvsvc32.exe --------- 154216 03.04.2010 19:23 C:\WINDOWS\system32\nvcpl.dll --------- 13670504 03.04.2010 19:23 C:\WINDOWS\system32\nvrszht.dll --------- 126976 03.04.2010 19:23 C:\WINDOWS\system32\nvrszhc.dll --------- 229376 03.04.2010 19:22 C:\WINDOWS\system32\nvrsru.dll --------- 270336 03.04.2010 19:22 C:\WINDOWS\system32\nvrspl.dll --------- 258048 03.04.2010 19:22 C:\WINDOWS\system32\nvrsno.dll --------- 253952 03.04.2010 19:22 C:\WINDOWS\system32\nvrsnl.dll --------- 274432 03.04.2010 19:22 C:\WINDOWS\system32\nvrssv.dll --------- 253952 03.04.2010 19:22 C:\WINDOWS\system32\nvrsth.dll --------- 253952 03.04.2010 19:22 C:\WINDOWS\system32\nvrstr.dll --------- 258048 03.04.2010 19:22 C:\WINDOWS\system32\nvrspt.dll --------- 274432 03.04.2010 19:22 C:\WINDOWS\system32\nvrssk.dll --------- 258048 03.04.2010 19:22 C:\WINDOWS\system32\nvrssl.dll --------- 258048 03.04.2010 19:22 C:\WINDOWS\system32\nvrsptb.dll --------- 270336 03.04.2010 19:22 C:\WINDOWS\system32\nvrsit.dll --------- 282624 03.04.2010 19:22 C:\WINDOWS\system32\nvrsja.dll --------- 274432 03.04.2010 19:22 C:\WINDOWS\system32\nvrshe.dll --------- 335872 03.04.2010 19:22 C:\WINDOWS\system32\nvrsfr.dll --------- 286720 03.04.2010 19:22 C:\WINDOWS\system32\nvrsfi.dll --------- 249856 03.04.2010 19:22 C:\WINDOWS\system32\nvrsko.dll --------- 266240 03.04.2010 19:22 C:\WINDOWS\system32\nvrsesm.dll --------- 274432 03.04.2010 19:22 C:\WINDOWS\system32\nvrses.dll --------- 282624 03.04.2010 19:22 C:\WINDOWS\system32\nvrseng.dll --------- 249856 03.04.2010 19:22 C:\WINDOWS\system32\nvrsel.dll --------- 282624 03.04.2010 19:22 C:\WINDOWS\system32\nvrsde.dll --------- 278528 03.04.2010 19:22 C:\WINDOWS\system32\nvrshu.dll --------- 262144 03.04.2010 19:22 C:\WINDOWS\system32\nvrscs.dll --------- 249856 03.04.2010 19:22 C:\WINDOWS\system32\nvwddi.dll --------- 81920 03.04.2010 19:22 C:\WINDOWS\system32\nvrsda.dll --------- 253952 03.04.2010 19:22 C:\WINDOWS\system32\nvrsar.dll --------- 335872 ---------------------------------------- C:\WINDOWS\Prefetch 14.09.2010 22:44 C:\WINDOWS\Prefetch\CMD.EXE-087B4001.pf --------- 12026 14.09.2010 22:43 C:\WINDOWS\Prefetch\EXPLORER.EXE-082F38A9.pf --------- 60202 14.09.2010 22:41 C:\WINDOWS\Prefetch\NOTEPAD.EXE-336351A9.pf --------- 16484 14.09.2010 22:40 C:\WINDOWS\Prefetch\AVWSC.EXE-1742FD55.pf --------- 34984 14.09.2010 22:39 C:\WINDOWS\Prefetch\VERCLSID.EXE-3667BD89.pf --------- 16258 14.09.2010 22:38 C:\WINDOWS\Prefetch\WMIPRVSE.EXE-28F301A9.pf --------- 69480 14.09.2010 22:31 C:\WINDOWS\Prefetch\AVSCAN.EXE-068A2CAC.pf --------- 82944 14.09.2010 22:31 C:\WINDOWS\Prefetch\INTEGRATOR.EXE-0419CCEF.pf --------- 59362 14.09.2010 22:30 C:\WINDOWS\Prefetch\AVCENTER.EXE-377C5668.pf --------- 78914 14.09.2010 22:30 C:\WINDOWS\Prefetch\JQSNOTIFY.EXE-1E60A522.pf --------- 17852 14.09.2010 22:30 C:\WINDOWS\Prefetch\FIREFOX.EXE-1D57670A.pf --------- 94416 14.09.2010 22:30 C:\WINDOWS\Prefetch\WGATRAY.EXE-0ED38BED.pf --------- 71306 14.09.2010 22:30 C:\WINDOWS\Prefetch\ALG.EXE-0F138680.pf --------- 15528 14.09.2010 22:30 C:\WINDOWS\Prefetch\WMIAPSRV.EXE-1E2270A5.pf --------- 64586 14.09.2010 22:30 C:\WINDOWS\Prefetch\NTOSBOOT-B00DFAAD.pf --------- 1834914 14.09.2010 22:17 C:\WINDOWS\Prefetch\PLUGIN-CONTAINER.EXE-170C935C.pf --------- 138342 14.09.2010 22:14 C:\WINDOWS\Prefetch\GUARDGUI.EXE-1FA25B88.pf --------- 52872 14.09.2010 22:04 C:\WINDOWS\Prefetch\REGSVR32.EXE-25EEFE2F.pf --------- 30748 14.09.2010 22:04 C:\WINDOWS\Prefetch\MBAM.EXE-11D8BBD8.pf --------- 74656 14.09.2010 22:03 C:\WINDOWS\Prefetch\ADOBEARM.EXE-237273D1.pf --------- 40192 14.09.2010 21:58 C:\WINDOWS\Prefetch\WINDOWS-KB890830-V3.11-DELTA.-155B39EF.pf --------- 33310 14.09.2010 21:58 C:\WINDOWS\Prefetch\MRT.EXE-1B4A8D49.pf --------- 54374 14.09.2010 21:58 C:\WINDOWS\Prefetch\MRTSTUB.EXE-2F4A18B0.pf --------- 50788 14.09.2010 21:58 C:\WINDOWS\Prefetch\UPDATE.EXE-0041C606.pf --------- 52534 14.09.2010 21:58 C:\WINDOWS\Prefetch\UPDATE.EXE-12128BFE.pf --------- 57404 14.09.2010 21:58 C:\WINDOWS\Prefetch\UPDATE.EXE-17E68E63.pf --------- 62596 14.09.2010 21:58 C:\WINDOWS\Prefetch\UPDATE.EXE-3689DD23.pf --------- 65766 14.09.2010 21:58 C:\WINDOWS\Prefetch\UPDATE.EXE-2EB5B28E.pf --------- 62342 14.09.2010 21:58 C:\WINDOWS\Prefetch\UPDATE.EXE-3494EEFF.pf --------- 57474 14.09.2010 21:57 C:\WINDOWS\Prefetch\UPDATE.EXE-0CCE61A3.pf --------- 52552 14.09.2010 21:57 C:\WINDOWS\Prefetch\WUAUCLT.EXE-399A8E72.pf --------- 61256 14.09.2010 21:57 C:\WINDOWS\Prefetch\UPDATE.EXE-2542C29A.pf --------- 52888 14.09.2010 21:57 C:\WINDOWS\Prefetch\UPDATE.EXE-04FF49F9.pf --------- 53146 14.09.2010 21:57 C:\WINDOWS\Prefetch\UPDATE.EXE-31952853.pf --------- 55432 14.09.2010 21:57 C:\WINDOWS\Prefetch\UPDATE.EXE-0948B548.pf --------- 53258 14.09.2010 21:57 C:\WINDOWS\Prefetch\UPDATE.EXE-12DF9C36.pf --------- 61198 14.09.2010 21:57 C:\WINDOWS\Prefetch\AU_.EXE-2EF87DA3.pf --------- 14800 14.09.2010 21:57 C:\WINDOWS\Prefetch\MCCHSVC.EXE-15056CB3.pf --------- 60278 14.09.2010 21:57 C:\WINDOWS\Prefetch\UNINSTALL.EXE-083F13F7.pf --------- 15712 14.09.2010 21:56 C:\WINDOWS\Prefetch\MCUICNT.EXE-38ACF00B.pf --------- 55362 14.09.2010 21:56 C:\WINDOWS\Prefetch\SSSCHEDULER.EXE-04E2AAB1.pf --------- 11744 14.09.2010 21:56 C:\WINDOWS\Prefetch\JUCHECK.EXE-219F257F.pf --------- 56206 14.09.2010 21:56 C:\WINDOWS\Prefetch\SECURITYSCAN_RELEASE.EXE-37391F9F.pf --------- 28962 14.09.2010 21:56 C:\WINDOWS\Prefetch\CONTENTDATS.EXE-1CB41E09.pf --------- 13264 14.09.2010 21:56 C:\WINDOWS\Prefetch\JAVA.EXE-2167859B.pf --------- 58646 14.09.2010 21:55 C:\WINDOWS\Prefetch\IEXPLORE.EXE-2CA9778D.pf --------- 93040 14.09.2010 21:55 C:\WINDOWS\Prefetch\WMIADAP.EXE-2DF425B2.pf --------- 16498 14.09.2010 21:54 C:\WINDOWS\Prefetch\INSTALL_FLASH_PLAYER.EXE-3379A4A8.pf --------- 14644 14.09.2010 21:54 C:\WINDOWS\Prefetch\INITIALIZE.EXE-0B721C76.pf --------- 28122 14.09.2010 21:54 C:\WINDOWS\Prefetch\IS-UN73L.TMP-07AD2707.pf --------- 26098 14.09.2010 21:54 C:\WINDOWS\Prefetch\GUSETUP.EXE-2EAE992F.pf --------- 15238 14.09.2010 21:54 C:\WINDOWS\Prefetch\ASKINSTALLCHECKER.EXE-203ECA0E.pf --------- 26474 14.09.2010 21:53 C:\WINDOWS\Prefetch\GETPLUSPLUS_ADOBE.EXE-20139700.pf --------- 69114 14.09.2010 21:53 C:\WINDOWS\Prefetch\SECURITYSCAN_RELEASE.EXE-022EA9CA.pf --------- 28462 14.09.2010 21:53 C:\WINDOWS\Prefetch\SVCHOST.EXE-3530F672.pf --------- 43416 14.09.2010 21:52 C:\WINDOWS\Prefetch\GETPLUSPLUS_ADOBE_REG.EXE-2D5B3FEA.pf --------- 26648 14.09.2010 21:52 C:\WINDOWS\Prefetch\AVNOTIFY.EXE-22D2A6A0.pf --------- 96170 14.09.2010 21:52 C:\WINDOWS\Prefetch\UPDATE.EXE-33FE454B.pf --------- 50144 14.09.2010 21:49 C:\WINDOWS\Prefetch\LOGONUI.EXE-0AF22957.pf --------- 17382 14.09.2010 21:48 C:\WINDOWS\Prefetch\REGEDIT.EXE-1B606482.pf --------- 15270 14.09.2010 21:42 C:\WINDOWS\Prefetch\GP5.EXE-27A0382F.pf --------- 162240 14.09.2010 21:11 C:\WINDOWS\Prefetch\HELPSVC.EXE-2878DDA2.pf --------- 156092 14.09.2010 21:10 C:\WINDOWS\Prefetch\DFRGNTFS.EXE-269967DF.pf --------- 78820 14.09.2010 21:10 C:\WINDOWS\Prefetch\DEFRAG.EXE-273F131E.pf --------- 48384 14.09.2010 21:09 C:\WINDOWS\Prefetch\Layout.ini --------- 570250 14.09.2010 19:58 C:\WINDOWS\Prefetch\TEAMSPEAK.EXE-1C1FA5B1.pf --------- 55770 14.09.2010 19:58 C:\WINDOWS\Prefetch\RUNDLL32.EXE-3EA39160.pf --------- 34704 14.09.2010 19:47 C:\WINDOWS\Prefetch\ACU.EXE-0C2F8293.pf --------- 3278 14.09.2010 19:47 C:\WINDOWS\Prefetch\PDVDSERV.EXE-15757141.pf --------- 97038 14.09.2010 19:47 C:\WINDOWS\Prefetch\WLACU.EXE-02CB5678.pf --------- 45340 14.09.2010 19:47 C:\WINDOWS\Prefetch\RUNDLL32.EXE-1340EF7F.pf --------- 38970 14.09.2010 19:47 C:\WINDOWS\Prefetch\READER_SL.EXE-2FAFE67A.pf --------- 10542 14.09.2010 19:47 C:\WINDOWS\Prefetch\JUSCHED.EXE-0137DEC5.pf --------- 10730 14.09.2010 19:47 C:\WINDOWS\Prefetch\SOFFICE.BIN-1E52E616.pf --------- 57596 14.09.2010 19:47 C:\WINDOWS\Prefetch\SOUNDMAN.EXE-19745A34.pf --------- 57260 14.09.2010 19:47 C:\WINDOWS\Prefetch\AVGNT.EXE-0B50EBC8.pf --------- 50288 14.09.2010 19:47 C:\WINDOWS\Prefetch\QUICKSTART.EXE-00894D92.pf --------- 11260 14.09.2010 19:47 C:\WINDOWS\Prefetch\STEAM.EXE-25824B4E.pf --------- 58042 14.09.2010 19:47 C:\WINDOWS\Prefetch\RUNDLL32.EXE-415F88EC.pf --------- 43106 14.09.2010 19:47 C:\WINDOWS\Prefetch\NEROCHECK.EXE-092C6DFA.pf --------- 7482 14.09.2010 19:47 C:\WINDOWS\Prefetch\MBAMGUI.EXE-1E06AB95.pf --------- 7976 14.09.2010 19:47 C:\WINDOWS\Prefetch\USERINIT.EXE-30B18140.pf --------- 16828 13.09.2010 22:34 C:\WINDOWS\Prefetch\NOTEPAD.EXE-189578DA.pf --------- 88526 13.09.2010 22:30 C:\WINDOWS\Prefetch\ACRORD32INFO.EXE-19B1D743.pf --------- 58650 13.09.2010 22:19 C:\WINDOWS\Prefetch\OTL.EXE-1341C255.pf --------- 18216 13.09.2010 22:15 C:\WINDOWS\Prefetch\TASKMGR.EXE-20256C55.pf --------- 15898 13.09.2010 22:13 C:\WINDOWS\Prefetch\MBAM-SETUP-1.46.TMP-091B065D.pf --------- 27586 13.09.2010 22:13 C:\WINDOWS\Prefetch\MBAM-SETUP-1.46.EXE-32EAA9C3.pf --------- 15426 13.09.2010 21:30 C:\WINDOWS\Prefetch\FULLTILTPOKER.EXE-38442184.pf --------- 120064 13.09.2010 21:27 C:\WINDOWS\Prefetch\DWWIN.EXE-30875ADC.pf --------- 26250 13.09.2010 15:52 C:\WINDOWS\Prefetch\JAVAWS.EXE-1714DD62.pf --------- 16178 13.09.2010 15:52 C:\WINDOWS\Prefetch\JAVAW.EXE-0159D575.pf --------- 68928 13.09.2010 15:52 C:\WINDOWS\Prefetch\JAUCHECK.EXE-2D8C9795.pf --------- 29564 13.09.2010 15:45 C:\WINDOWS\Prefetch\INFIUM.EXE-2C8CB9E6.pf --------- 91104 12.09.2010 16:43 C:\WINDOWS\Prefetch\WMPLAYER.EXE-09969333.pf --------- 95868 12.09.2010 14:29 C:\WINDOWS\Prefetch\JRE-6U21-WINDOWS-I586-IFTW-RV-31F3F9AC.pf --------- 27670 12.09.2010 14:24 C:\WINDOWS\Prefetch\UMCCFG.EXE-079C1329.pf --------- 16684 12.09.2010 14:24 C:\WINDOWS\Prefetch\SOFFICE.EXE-26427B3D.pf --------- 10668 09.09.2010 22:22 C:\WINDOWS\Prefetch\WINWORD.EXE-3395695A.pf --------- 65988 09.09.2010 22:02 C:\WINDOWS\Prefetch\SETUP_WM.EXE-19AC5A9B.pf --------- 26040 09.09.2010 20:57 C:\WINDOWS\Prefetch\SYSTRAY.EXE-345DCC1C.pf --------- 10678 09.09.2010 20:57 C:\WINDOWS\Prefetch\SNDVOL32.EXE-383480B7.pf --------- 19076 09.09.2010 20:56 C:\WINDOWS\Prefetch\RUNDLL32.EXE-24DBE541.pf --------- 57394 09.09.2010 19:23 C:\WINDOWS\Prefetch\ADOBEUPDATER.EXE-370FC314.pf --------- 22274 09.09.2010 19:23 C:\WINDOWS\Prefetch\MSIEXEC.EXE-2F8A8CAE.pf --------- 105808 09.09.2010 19:19 C:\WINDOWS\Prefetch\SETUP.EXE-2A101827.pf --------- 56704 09.09.2010 19:18 C:\WINDOWS\Prefetch\SETUP.EXE-2EAA4C67.pf --------- 55330 09.09.2010 19:16 C:\WINDOWS\Prefetch\ADBERDR934_DE_DE.EXE-2F5B8B5F.pf --------- 48450 09.09.2010 19:12 C:\WINDOWS\Prefetch\ACRORD32.EXE-153330F0.pf --------- 86404 09.09.2010 19:12 C:\WINDOWS\Prefetch\ACRORD32INFO.EXE-19D979CC.pf --------- 83930 09.09.2010 19:02 C:\WINDOWS\Prefetch\IMAPI.EXE-0BF740A4.pf --------- 40776 09.09.2010 19:02 C:\WINDOWS\Prefetch\DUMPREP.EXE-1B46F901.pf --------- 13168 09.09.2010 19:00 C:\WINDOWS\Prefetch\UPDATE[1].EXE-22D3FEC7.pf --------- 42564 09.09.2010 19:00 C:\WINDOWS\Prefetch\ATTRIB.EXE-39EAFB02.pf --------- 11036 09.09.2010 19:00 C:\WINDOWS\Prefetch\WMPLAYER.EXE-09969332.pf --------- 42300 09.09.2010 19:00 C:\WINDOWS\Prefetch\0.8583093331507152.EXE-243549C8.pf --------- 20462 08.09.2010 22:15 C:\WINDOWS\Prefetch\GOOGLEEARTH.EXE-0978F2AD.pf --------- 57504 08.09.2010 20:45 C:\WINDOWS\Prefetch\ICQ.EXE-15A4C655.pf --------- 85964 06.09.2010 21:19 C:\WINDOWS\Prefetch\ALCFDRTM.EXE-1A22C94E.pf --------- 58374 06.09.2010 21:19 C:\WINDOWS\Prefetch\RTLCPL.EXE-08F51F45.pf --------- 68702 06.09.2010 21:18 C:\WINDOWS\Prefetch\READER_SL.EXE-1EA4C8B2.pf --------- 10732 06.09.2010 21:18 C:\WINDOWS\Prefetch\RUNDLL32.EXE-2F491662.pf --------- 51300 06.09.2010 20:54 C:\WINDOWS\Prefetch\LOGON.SCR-151EFAEA.pf --------- 6222 05.09.2010 18:41 C:\WINDOWS\Prefetch\WINWORD.EXE-1EAA55E3.pf --------- 46228 05.09.2010 18:41 C:\WINDOWS\Prefetch\OSA.EXE-000C604A.pf --------- 33044 05.09.2010 18:38 C:\WINDOWS\Prefetch\SNDREC32.EXE-309776A8.pf --------- 26966 04.09.2010 15:07 C:\WINDOWS\Prefetch\SETUP_ICMTRAINERLIGHT.EXE-1C062294.pf --------- 13314 01.01.2006 00:11 C:\WINDOWS\Prefetch\RUNDLL32.EXE-12E27DD0.pf --------- 83234 01.01.2006 00:06 C:\WINDOWS\Prefetch\HELPER.EXE-244ABC1F.pf --------- 15440 01.01.2006 00:06 C:\WINDOWS\Prefetch\UPDATER.EXE-14EADE7B.pf --------- 46992 ---------------------------------------- C:\WINDOWS\Tasks 14.09.2010 22:29 C:\WINDOWS\Tasks\GlaryInitialize.job --------- 306 14.09.2010 22:29 C:\WINDOWS\Tasks\SA.DAT --------- 6 04.08.2004 14:00 C:\WINDOWS\Tasks\desktop.ini --------- 65 ---------------------------------------- C:\WINDOWS\Temp 14.09.2010 22:30 C:\WINDOWS\Temp\WGANotify.settings --------- 409 14.09.2010 22:29 C:\WINDOWS\Temp\Perflib_Perfdata_6e4.dat --------- 16384 14.09.2010 22:29 C:\WINDOWS\Temp\Perflib_Perfdata_764.dat --------- 16384 14.09.2010 22:29 C:\WINDOWS\Temp\WGAErrLog.txt --------- 255 14.09.2010 22:02 C:\WINDOWS\Temp\Perflib_Perfdata_1a0.dat --------- 16384 14.09.2010 22:02 C:\WINDOWS\Temp\Perflib_Perfdata_180.dat --------- 16384 13.09.2010 21:31 C:\WINDOWS\Temp\~DFF663.tmp --------- 16384 09.09.2010 19:13 C:\WINDOWS\Temp\Cookies --------- 0 13.07.2007 14:34 C:\WINDOWS\Temp\Verlauf --------- 0 13.07.2007 14:34 C:\WINDOWS\Temp\Temporary Internet Files --------- 0 27.06.2006 11:42 C:\WINDOWS\Temp\alcxwdm.sys --------- 3972672 23.06.2006 08:57 C:\WINDOWS\Temp\Alcxau17.inf --------- 25442 23.06.2006 08:57 C:\WINDOWS\Temp\Alcxau18.inf --------- 23276 23.06.2006 08:57 C:\WINDOWS\Temp\Alcxau19.inf --------- 26190 23.06.2006 08:57 C:\WINDOWS\Temp\Alcxau2.inf --------- 63417 23.06.2006 08:57 C:\WINDOWS\Temp\Alcxau20.inf --------- 29548 23.06.2006 08:57 C:\WINDOWS\Temp\Alcxau21.inf --------- 26376 23.06.2006 08:57 C:\WINDOWS\Temp\Alcxau22.inf --------- 43012 23.06.2006 08:57 C:\WINDOWS\Temp\Alcxau23.inf --------- 31843 23.06.2006 08:57 C:\WINDOWS\Temp\Alcxau24.inf --------- 34109 23.06.2006 08:57 C:\WINDOWS\Temp\Alcxau15.inf --------- 29859 23.06.2006 08:57 C:\WINDOWS\Temp\Alcxau26.inf --------- 41643 23.06.2006 08:57 C:\WINDOWS\Temp\Alcxau27.inf --------- 33221 23.06.2006 08:57 C:\WINDOWS\Temp\Alcxau28.inf --------- 23342 23.06.2006 08:57 C:\WINDOWS\Temp\Alcxau12.inf --------- 54768 23.06.2006 08:57 C:\WINDOWS\Temp\Alcxau4.inf --------- 50025 23.06.2006 08:57 C:\WINDOWS\Temp\Alcxau5.inf --------- 28546 23.06.2006 08:57 C:\WINDOWS\Temp\Alcxau6.inf --------- 31955 23.06.2006 08:57 C:\WINDOWS\Temp\Alcxau7.inf --------- 23999 23.06.2006 08:57 C:\WINDOWS\Temp\Alcxau8.inf --------- 31645 23.06.2006 08:57 C:\WINDOWS\Temp\Alcxau9.inf --------- 31533 23.06.2006 08:57 C:\WINDOWS\Temp\Alcxau14.inf --------- 30353 23.06.2006 08:57 C:\WINDOWS\Temp\Alcxau16.inf --------- 31046 23.06.2006 08:57 C:\WINDOWS\Temp\Alcxau25.inf --------- 31795 23.06.2006 08:57 C:\WINDOWS\Temp\Alcxau0.inf --------- 62573 23.06.2006 08:57 C:\WINDOWS\Temp\Alcxau1.inf --------- 61865 23.06.2006 08:57 C:\WINDOWS\Temp\Alcxau10.inf --------- 39829 23.06.2006 08:57 C:\WINDOWS\Temp\Alcxau13.inf --------- 51773 23.06.2006 08:57 C:\WINDOWS\Temp\Alcxau11.inf --------- 27117 23.06.2006 08:57 C:\WINDOWS\Temp\Alcxau3.inf --------- 28492 20.06.2006 23:42 C:\WINDOWS\Temp\soundman.exe --------- 577536 20.06.2006 23:40 C:\WINDOWS\Temp\alsndmgr.cpl --------- 18796544 20.06.2006 23:35 C:\WINDOWS\Temp\RTLCPL.exe --------- 10527744 08.06.2006 02:00 C:\WINDOWS\Temp\RtlCPAPI.dll --------- 143360 20.03.2006 05:48 C:\WINDOWS\Temp\alcupd.exe --------- 315392 18.11.2005 05:20 C:\WINDOWS\Temp\alcrmv.exe --------- 217088 15.07.2005 10:48 C:\WINDOWS\Temp\ChCfg.exe --------- 40960 31.01.2005 08:40 C:\WINDOWS\Temp\Alcxwdm0.cat --------- 522179 31.01.2005 08:40 C:\WINDOWS\Temp\alcxwdm.cat --------- 522179 05.02.2002 07:54 C:\WINDOWS\Temp\alsndmgr.wav --------- 141016 ---------------------------------------- C:\DOKUME~1\admin\LOKALE~1\Temp 14.09.2010 22:39 C:\DOKUME~1\admin\LOKALE~1\Temp\Rar$EX00.000 --------- 0 14.09.2010 22:34 C:\DOKUME~1\admin\LOKALE~1\Temp\jusched.log --------- 11736 14.09.2010 22:30 C:\DOKUME~1\admin\LOKALE~1\Temp\~gu-ver.dat --------- 590 14.09.2010 22:29 C:\DOKUME~1\admin\LOKALE~1\Temp\WPDNSE --------- 0 14.09.2010 22:29 C:\DOKUME~1\admin\LOKALE~1\Temp\AdobeARM.log --------- 3765 14.09.2010 21:56 C:\DOKUME~1\admin\LOKALE~1\Temp\contentDATs.exe --------- 502472 14.09.2010 21:56 C:\DOKUME~1\admin\LOKALE~1\Temp\SecurityScan_Release.exe --------- 3598224 ---------------------------------------- C:\Programme 14.09.2010 22:38 C:\Programme\trend micro --------- 0 14.09.2010 21:58 C:\Programme\CCleaner --------- 0 14.09.2010 21:54 C:\Programme\Glary Utilities --------- 0 14.09.2010 19:47 C:\Programme\Steam --------- 0 13.09.2010 22:13 C:\Programme\Malwarebytes' Anti-Malware --------- 0 13.09.2010 21:30 C:\Programme\Full Tilt Poker --------- 0 09.09.2010 19:23 C:\Programme\Adobe --------- 0 01.09.2010 21:38 C:\Programme\PokerStars.NET --------- 0 12.08.2010 19:19 C:\Programme\Movie Maker --------- 0 01.07.2010 19:21 C:\Programme\ICQ6.5 --------- 0 24.05.2010 17:49 C:\Programme\GNU Solfege --------- 0 22.05.2010 13:18 C:\Programme\REAPER --------- 0 16.05.2010 16:48 C:\Programme\NVIDIA Corporation --------- 0 12.05.2010 21:12 C:\Programme\ASIO4ALL v2 --------- 0 11.05.2010 22:30 C:\Programme\Outlook Express --------- 0 19.04.2010 17:15 C:\Programme\Messenger --------- 0 19.04.2010 17:14 C:\Programme\Internet Explorer --------- 0 19.04.2010 17:12 C:\Programme\NetMeeting --------- 0 19.04.2010 17:12 C:\Programme\Windows Media Player --------- 0 19.04.2010 17:11 C:\Programme\Windows NT --------- 0 02.03.2010 18:33 C:\Programme\JRE --------- 0 02.03.2010 18:33 C:\Programme\OpenOffice.org 3 --------- 0 02.03.2010 18:32 C:\Programme\Java --------- 0 23.01.2010 10:49 C:\Programme\Electronic Arts --------- 0 23.01.2010 10:47 C:\Programme\InstallShield Installation Information --------- 0 18.01.2010 20:31 C:\Programme\metinspeed --------- 0 22.12.2009 14:21 C:\Programme\Firaxis Games --------- 0 13.12.2009 21:12 C:\Programme\maxga --------- 0 05.12.2009 22:31 C:\Programme\PixiePack Codec Pack --------- 0 05.12.2009 22:31 C:\Programme\RapidSolution --------- 0 25.11.2009 23:01 C:\Programme\MSXML 4.0 --------- 0 08.11.2009 17:31 C:\Programme\alaplaya --------- 0 08.11.2009 16:08 C:\Programme\Gemeinsame Dateien --------- 0 06.11.2009 22:29 C:\Programme\HyCam2 --------- 0 31.10.2009 14:54 C:\Programme\Neuer Ordner --------- 0 31.10.2009 14:03 C:\Programme\Diablo II --------- 0 22.10.2009 14:30 C:\Programme\devolo --------- 0 19.10.2009 12:49 C:\Programme\Xfire --------- 0 16.09.2009 21:25 C:\Programme\QIP Infium --------- 0 03.09.2009 17:05 C:\Programme\Hamachi --------- 0 16.08.2009 02:16 C:\Programme\MSBuild --------- 0 16.08.2009 02:16 C:\Programme\Reference Assemblies --------- 0 16.08.2009 02:14 C:\Programme\MSXML 6.0 --------- 0 15.07.2009 17:25 C:\Programme\DivX --------- 0 15.07.2009 00:03 C:\Programme\ICQ6 --------- 0 28.06.2009 14:53 C:\Programme\ACD Systems --------- 0 02.06.2009 14:40 C:\Programme\Crazy Machines - Neue Herausforderungen Demo --------- 0 18.05.2009 20:59 C:\Programme\Recorder --------- 0 28.04.2009 17:38 C:\Programme\TmNationsForever --------- 0 28.04.2009 15:57 C:\Programme\Warsow --------- 0 28.04.2009 15:53 C:\Programme\Silkroad --------- 0 22.03.2009 14:50 C:\Programme\ICQToolbar --------- 0 18.03.2009 16:59 C:\Programme\World of Warcraft Trial --------- 0 18.03.2009 16:59 C:\Programme\Registry Mechanic --------- 0 18.03.2009 16:14 C:\Programme\Abbyy FineReader 6.0 Sprint --------- 0 03.02.2009 21:43 C:\Programme\Microsoft Games --------- 0 03.02.2009 21:42 C:\Programme\AlienChess --------- 0 14.01.2009 21:45 C:\Programme\Teamspeak2_RC2 --------- 0 19.11.2008 15:11 C:\Programme\POKEMON --------- 0 12.11.2008 18:43 C:\Programme\Peggle Deluxe --------- 0 08.10.2008 12:31 C:\Programme\EA GAMES --------- 0 31.07.2008 21:03 C:\Programme\Google --------- 0 29.07.2008 21:56 C:\Programme\QIP --------- 0 29.07.2008 19:31 C:\Programme\ICQLite_neu --------- 0 27.06.2008 12:17 C:\Programme\Skype --------- 0 01.06.2008 00:34 C:\Programme\GUILD WARS --------- 0 16.05.2008 18:19 C:\Programme\Free M4a to MP3 Converter --------- 0 22.02.2008 23:21 C:\Programme\Guitar Pro 5 --------- 0 14.12.2007 21:40 C:\Programme\o2 --------- 0 08.10.2007 16:29 C:\Programme\Cyanide --------- 0 08.10.2007 16:25 C:\Programme\And Yet It Moves --------- 0 30.07.2007 15:21 C:\Programme\THQ --------- 0 21.07.2007 23:26 C:\Programme\Titan Quest Screensaver --------- 0 21.07.2007 18:38 C:\Programme\Sierra On-Line --------- 0 09.07.2007 14:40 C:\Programme\Klei Entertainment --------- 0 08.07.2007 17:00 C:\Programme\Genius Move --------- 0 04.07.2007 16:41 C:\Programme\THQ- --------- 0 02.07.2007 16:01 C:\Programme\Microsoft Works --------- 0 02.07.2007 16:01 C:\Programme\Microsoft Office --------- 0 02.07.2007 16:01 C:\Programme\Microsoft Visual Studio --------- 0 30.06.2007 14:20 C:\Programme\Windows Media Connect 2 --------- 0 29.06.2007 14:36 C:\Programme\TRENDware --------- 0 28.06.2007 09:42 C:\Programme\TRENDnet --------- 0 25.06.2007 12:59 C:\Programme\DIFX --------- 0 25.06.2007 12:56 C:\Programme\Realtek AC97 --------- 0 20.06.2007 15:15 C:\Programme\CyberLink --------- 0 20.06.2007 15:13 C:\Programme\VideoLAN --------- 0 20.06.2007 15:13 C:\Programme\WinRAR --------- 0 20.06.2007 15:12 C:\Programme\Ahead --------- 0 20.06.2007 15:12 C:\Programme\Formosoft --------- 0 20.06.2007 14:25 C:\Programme\xerox --------- 0 20.06.2007 14:25 C:\Programme\microsoft frontpage --------- 0 20.06.2007 14:25 C:\Programme\Online-Dienste --------- 0 20.06.2007 14:23 C:\Programme\Online Services --------- 0 20.06.2007 14:23 C:\Programme\MSN Gaming Zone --------- 0 20.06.2007 14:22 C:\Programme\MSN --------- 0 01.01.2006 00:06 C:\Programme\Mozilla Firefox --------- 0 ---------------------------------------- C:\Dokumente und Einstellungen\All Users\.. admin LocalService *** All Users img Administrator *** oder *** NetworkService Default User ---------------------------------------- C:\WINDOWS\system32\drivers\etc\hosts 127.0.0.1 localhost ---------------------------------------- ***** Ende des Scans 14.09.2010 um 22:44:20,92 *** 4. Ccleaner Code:
ATTFilter 802.11g Driver and Client Applications TRENDware 1.00.0000 ABBYY FineReader 6.0 Sprint ABBYY Software House 6.00.2146.41621 ACDSee 5.0 Standard ACD Systems Ltd 5.0.0 Adobe Flash Player 10 Plugin Adobe Systems Incorporated 10.1.82.76 Adobe Flash Player ActiveX Adobe Systems Incorporated 9.0.124.0 Adobe Reader 9.3.4 - Deutsch Adobe Systems Incorporated 9.3.4 Adobe Shockwave Player Adobe Systems, Inc. 11 Age of Mythology Gold Microsoft 1.0 Akamai NetSession Interface Aqua Real 1.00.000 ASIO4ALL Audials TV RapidSolution Software AG 1.3.10800.0 AudialsOne RapidSolution Software AG 4.0.33916.1600 AudioRecorder Avira AntiVir Personal - Free Antivirus Avira GmbH Blue Byte Game Channel UbiSoft Call of Duty(R) 4 - Modern Warfare(TM) Activision 1.00.0000 CCleaner Piriform 2.35 Condition Zero Deleted Scenes Ritual Counter-Strike Valve Custom Mod : Lilith v0.98 Mostal devolo dLAN-Konfigurationsassistent devolo AG 17.0.0.0 devolo Informer devolo AG 26.0.0.0 Diablo II Blizzard Entertainment Die Siedler IV Die Sims 2 DivX Codec DivX, Inc. 6.8.5 DivX Converter DivX, Inc. 7.1.0 DivX Player DivX, Inc. 7.2.0 DivX Plus DirectShow Filters DivX, Inc. DivX Web Player DivX,Inc. 1.5.0 Eets Klei Entertainment Inc. Free M4a to MP3 Converter 5.9 ManiacTools.com Full Tilt Poker 4.30.0.WIN.FullTilt.COM Genius Move Glary Utilities 2.28.0.1011 Glarysoft Ltd 2.28.0.1011 GNU Solfege 3.14.11 Google Earth Google 4.3.7284.3916 Google Updater Google Inc. 2.4.1368.5602 GUILD WARS Guitar Pro 5.0 Arobas Music Hamachi 1.0.3.0 HyperCam 2 ICQ Toolbar ICQ6.5 ICQ 6.5 InterActual Player Java(TM) 6 Update 18 Sun Microsystems, Inc. 6.0.180 Java(TM) SE Development Kit 6 Update 1 Sun Microsystems, Inc. 1.6.0.10 Java(TM) SE Runtime Environment 6 Update 1 Sun Microsystems, Inc. 1.6.0.10 Lilith The Will of Demon : Battles of Jalavia Masteries Edition Mostal Lilith The Will of Demon : Difficulty Changer v1.1 Mostal Malwarebytes' Anti-Malware Malwarebytes Corporation Microsoft .NET Framework 2.0 Service Pack 2 Microsoft Corporation 2.2.30729 Microsoft .NET Framework 3.0 Service Pack 2 Microsoft Corporation 3.2.30729 Microsoft .NET Framework 3.5 SP1 Microsoft Corporation Microsoft Compression Client Pack 1.0 for Windows XP Microsoft Corporation 1 Microsoft Office Standard Edition 2003 Microsoft Corporation 11.0.5614.0 Microsoft User-Mode Driver Framework Feature Pack 1.0 Microsoft Corporation Microsoft Visual C++ 2005 Redistributable Microsoft Corporation 8.0.59193 Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 Microsoft Corporation 9.0.30729 Mozilla Firefox (3.6.9) Mozilla 3.6.9 (de) MSXML 4.0 SP2 (KB927978) Microsoft Corporation 4.20.9841.0 MSXML 4.0 SP2 (KB936181) Microsoft Corporation 4.20.9848.0 MSXML 4.0 SP2 (KB954430) Microsoft Corporation 4.20.9870.0 MSXML 4.0 SP2 (KB973688) Microsoft Corporation 4.20.9876.0 MSXML 6 Service Pack 2 (KB973686) Microsoft Corporation 6.20.2003.0 Nero 6 NVIDIA Drivers NVIDIA Corporation 1.10.59.37 NVIDIA nView Desktop Manager NVIDIA Corporation 6.14.10.12561 NVIDIA PhysX NVIDIA Corporation 9.10.0129 o2 Surf Box mini o2 1.00.0000 OpenOffice.org 3.2 OpenOffice.org 3.2.9483 OPERATION7 PixiePack Codec Pack None 1.1.400.0 PokerStars.net PokerStars.net Portal Valve PowerDVD PunkBuster Services Even Balance, Inc. 0.986 QIP 2005 Uninstall QIP 8070_neu Jeak Edition Jeak 8070_neu Quake Live Mozilla Plugin id Software 1.0.232 Realtek AC'97 Audio Realtek Semiconductor Corp. 5.24 REAPER Recorder Registry Mechanic 7.0 PC Tools 7.0 S4 League_EU 1.00.0000 Sid Meier's Pirates! Ihr Firmenname 1.00.0000 Silkroad Skype™ 3.8 Skype Technologies S.A. 3.8.188 SnowBound Online v2.0 maxga.com SPORE™ Electronic Arts 1.00.0000 Steam Valve 1.0.0.0 TeamSpeak 2 RC2 Dominating Bytes Design 2.0.32.60 TEW-444UB Wireless Client Utility TRENDnet 1.00.0000 Titan Quest Iron Lore 1.00.0000 Titan Quest Immortal Throne Iron Lore 1.00.0000 Titan Quest Screensaver TmNationsForever Nadeo Unreal Tournament 2004 USB Mass Storage Reader VideoLAN VLC media player 0.8.6b VideoLAN Team 0.8.6b Warsow 0.42 Warsow development team 0.42 Windows Genuine Advantage Validation Tool (KB892130) Microsoft Corporation Windows Media Format 11 runtime Windows Media Player 11 Windows XP Service Pack 3 Microsoft Corporation 20080414.031514 Windows-Treiberpaket - Advanced Micro Devices (AmdK8) Processor (04/28/2006 1.3.1.0) Advanced Micro Devices 04/28/2006 1.3.1.0 WinRAR Archivierer Xfire (remove only) 6. Rootrepeal Drivers und Stealth Objects Code:
ATTFilter ROOTREPEAL (c) AD, 2007-2009 ================================================== Scan Start Time: 2010/09/15 20:54 Program Version: Version 1.3.5.0 Windows Version: Windows XP SP3 ================================================== Drivers ------------------- Name: 1394BUS.SYS Image Path: C:\WINDOWS\system32\DRIVERS\1394BUS.SYS Address: 0xB80C8000 Size: 57344 File Visible: - Signed: - Status: - Name: ACPI.sys Image Path: ACPI.sys Address: 0xB7F78000 Size: 188800 File Visible: - Signed: - Status: - Name: ACPI_HAL Image Path: \Driver\ACPI_HAL Address: 0x804D7000 Size: 2154496 File Visible: - Signed: - Status: - Name: AegisP.sys Image Path: C:\WINDOWS\system32\DRIVERS\AegisP.sys Address: 0xB7DBC000 Size: 15968 File Visible: - Signed: - Status: - Name: afd.sys Image Path: C:\WINDOWS\System32\drivers\afd.sys Address: 0xA6AAD000 Size: 138496 File Visible: - Signed: - Status: - Name: ALCXWDM.SYS Image Path: C:\WINDOWS\system32\drivers\ALCXWDM.SYS Address: 0xB607C000 Size: 3972672 File Visible: - Signed: - Status: - Name: AmdK8.sys Image Path: C:\WINDOWS\system32\DRIVERS\AmdK8.sys Address: 0xB8308000 Size: 65536 File Visible: - Signed: - Status: - Name: ASACPI.sys Image Path: C:\WINDOWS\system32\DRIVERS\ASACPI.sys Address: 0xB8608000 Size: 5152 File Visible: - Signed: - Status: - Name: atapi.sys Image Path: atapi.sys Address: 0xB7F30000 Size: 96512 File Visible: - Signed: - Status: - Name: ATMFD.DLL Image Path: C:\WINDOWS\System32\ATMFD.DLL Address: 0xBFFA0000 Size: 286720 File Visible: - Signed: - Status: - Name: audstub.sys Image Path: C:\WINDOWS\system32\DRIVERS\audstub.sys Address: 0xB8777000 Size: 3072 File Visible: - Signed: - Status: - Name: avgio.sys Image Path: D:\Programme\Avira\AntiVir Desktop\avgio.sys Address: 0xB866A000 Size: 6144 File Visible: - Signed: - Status: - Name: avgntflt.sys Image Path: C:\WINDOWS\system32\DRIVERS\avgntflt.sys Address: 0x9F44B000 Size: 81920 File Visible: - Signed: - Status: - Name: avipbb.sys Image Path: C:\WINDOWS\system32\DRIVERS\avipbb.sys Address: 0xA69F6000 Size: 114688 File Visible: - Signed: - Status: - Name: Beep.SYS Image Path: C:\WINDOWS\System32\Drivers\Beep.SYS Address: 0xB85DA000 Size: 4224 File Visible: - Signed: - Status: - Name: BOOTVID.dll Image Path: C:\WINDOWS\system32\BOOTVID.dll Address: 0xB84B8000 Size: 12288 File Visible: - Signed: - Status: - Name: Cdfs.SYS Image Path: C:\WINDOWS\System32\Drivers\Cdfs.SYS Address: 0xA0047000 Size: 63744 File Visible: - Signed: - Status: - Name: cdrom.sys Image Path: C:\WINDOWS\system32\DRIVERS\cdrom.sys Address: 0xB7618000 Size: 62976 File Visible: - Signed: - Status: - Name: CLASSPNP.SYS Image Path: C:\WINDOWS\system32\DRIVERS\CLASSPNP.SYS Address: 0xB8108000 Size: 53248 File Visible: - Signed: - Status: - Name: disk.sys Image Path: disk.sys Address: 0xB80F8000 Size: 36352 File Visible: - Signed: - Status: - Name: drmk.sys Image Path: C:\WINDOWS\system32\drivers\drmk.sys Address: 0xB7638000 Size: 61440 File Visible: - Signed: - Status: - Name: dump_nvata.sys Image Path: C:\WINDOWS\System32\Drivers\dump_nvata.sys Address: 0x9F65F000 Size: 94208 File Visible: No Signed: - Status: - Name: dump_WMILIB.SYS Image Path: C:\WINDOWS\System32\Drivers\dump_WMILIB.SYS Address: 0xB866E000 Size: 8192 File Visible: No Signed: - Status: - Name: Dxapi.sys Image Path: C:\WINDOWS\System32\drivers\Dxapi.sys Address: 0xA0667000 Size: 12288 File Visible: - Signed: - Status: - Name: dxg.sys Image Path: C:\WINDOWS\System32\drivers\dxg.sys Address: 0xBD000000 Size: 73728 File Visible: - Signed: - Status: - Name: dxgthk.sys Image Path: C:\WINDOWS\System32\drivers\dxgthk.sys Address: 0xB87F5000 Size: 4096 File Visible: - Signed: - Status: - Name: fdc.sys Image Path: C:\WINDOWS\system32\DRIVERS\fdc.sys Address: 0xB8490000 Size: 27392 File Visible: - Signed: - Status: - Name: Fips.SYS Image Path: C:\WINDOWS\System32\Drivers\Fips.SYS Address: 0xA94ED000 Size: 44672 File Visible: - Signed: - Status: - Name: flpydisk.sys Image Path: C:\WINDOWS\system32\DRIVERS\flpydisk.sys Address: 0xA95AF000 Size: 20480 File Visible: - Signed: - Status: - Name: fltmgr.sys Image Path: fltmgr.sys Address: 0xB7EF9000 Size: 129792 File Visible: - Signed: - Status: - Name: Fs_Rec.SYS Image Path: C:\WINDOWS\System32\Drivers\Fs_Rec.SYS Address: 0xB85D8000 Size: 7936 File Visible: - Signed: - Status: - Name: ftdisk.sys Image Path: ftdisk.sys Address: 0xB7F48000 Size: 126336 File Visible: - Signed: - Status: - Name: hal.dll Image Path: C:\WINDOWS\system32\hal.dll Address: 0x806E5000 Size: 134400 File Visible: - Signed: - Status: - Name: hamachi.sys Image Path: C:\WINDOWS\system32\DRIVERS\hamachi.sys Address: 0xB8340000 Size: 18560 File Visible: - Signed: - Status: - Name: HIDCLASS.SYS Image Path: C:\WINDOWS\system32\DRIVERS\HIDCLASS.SYS Address: 0xA94DD000 Size: 36864 File Visible: - Signed: - Status: - Name: HIDPARSE.SYS Image Path: C:\WINDOWS\system32\DRIVERS\HIDPARSE.SYS Address: 0xA957F000 Size: 28672 File Visible: - Signed: - Status: - Name: hidusb.sys Image Path: C:\WINDOWS\system32\DRIVERS\hidusb.sys Address: 0xA9434000 Size: 10368 File Visible: - Signed: - Status: - Name: HTTP.sys Image Path: C:\WINDOWS\System32\Drivers\HTTP.sys Address: 0x9ED59000 Size: 265728 File Visible: - Signed: - Status: - Name: i8042prt.sys Image Path: C:\WINDOWS\system32\DRIVERS\i8042prt.sys Address: 0xB81C8000 Size: 52992 File Visible: - Signed: - Status: - Name: imapi.sys Image Path: C:\WINDOWS\system32\DRIVERS\imapi.sys Address: 0xB7628000 Size: 42112 File Visible: - Signed: - Status: - Name: ipnat.sys Image Path: C:\WINDOWS\system32\DRIVERS\ipnat.sys Address: 0xA6ACF000 Size: 152832 File Visible: - Signed: - Status: - Name: ipsec.sys Image Path: C:\WINDOWS\system32\DRIVERS\ipsec.sys Address: 0xA6B76000 Size: 75264 File Visible: - Signed: - Status: - Name: isapnp.sys Image Path: isapnp.sys Address: 0xB80A8000 Size: 37632 File Visible: - Signed: - Status: - Name: kbdclass.sys Image Path: C:\WINDOWS\system32\DRIVERS\kbdclass.sys Address: 0xB8498000 Size: 25216 File Visible: - Signed: - Status: - Name: KDCOM.DLL Image Path: C:\WINDOWS\system32\KDCOM.DLL Address: 0xB85A8000 Size: 8192 File Visible: - Signed: - Status: - Name: kmixer.sys Image Path: C:\WINDOWS\system32\drivers\kmixer.sys Address: 0x9E9F6000 Size: 172416 File Visible: - Signed: - Status: - Name: ks.sys Image Path: C:\WINDOWS\system32\drivers\ks.sys Address: 0xB6035000 Size: 143360 File Visible: - Signed: - Status: - Name: KSecDD.sys Image Path: KSecDD.sys Address: 0xB7ED0000 Size: 92928 File Visible: - Signed: - Status: - Name: mnmdd.SYS Image Path: C:\WINDOWS\System32\Drivers\mnmdd.SYS Address: 0xB85DC000 Size: 4224 File Visible: - Signed: - Status: - Name: mouclass.sys Image Path: C:\WINDOWS\system32\DRIVERS\mouclass.sys Address: 0xB8360000 Size: 23552 File Visible: - Signed: - Status: - Name: mouhid.sys Image Path: C:\WINDOWS\system32\DRIVERS\mouhid.sys Address: 0xA9430000 Size: 12288 File Visible: - Signed: - Status: - Name: MountMgr.sys Image Path: MountMgr.sys Address: 0xB80D8000 Size: 42368 File Visible: - Signed: - Status: - Name: mrxdav.sys Image Path: C:\WINDOWS\system32\DRIVERS\mrxdav.sys Address: 0x9F3F6000 Size: 180608 File Visible: - Signed: - Status: - Name: mrxsmb.sys Image Path: C:\WINDOWS\system32\DRIVERS\mrxsmb.sys Address: 0xA6A12000 Size: 455680 File Visible: - Signed: - Status: - Name: Msfs.SYS Image Path: C:\WINDOWS\System32\Drivers\Msfs.SYS Address: 0xA9597000 Size: 19072 File Visible: - Signed: - Status: - Name: msgpc.sys Image Path: C:\WINDOWS\system32\DRIVERS\msgpc.sys Address: 0xB8218000 Size: 35072 File Visible: - Signed: - Status: - Name: mssmbios.sys Image Path: C:\WINDOWS\system32\DRIVERS\mssmbios.sys Address: 0xB8550000 Size: 15488 File Visible: - Signed: - Status: - Name: Mup.sys Image Path: Mup.sys Address: 0xB7DFC000 Size: 105344 File Visible: - Signed: - Status: - Name: NDIS.sys Image Path: NDIS.sys Address: 0xB7E16000 Size: 182656 File Visible: - Signed: - Status: - Name: ndistapi.sys Image Path: C:\WINDOWS\system32\DRIVERS\ndistapi.sys Address: 0xB8544000 Size: 10112 File Visible: - Signed: - Status: - Name: ndisuio.sys Image Path: C:\WINDOWS\system32\DRIVERS\ndisuio.sys Address: 0xB7DB8000 Size: 14592 File Visible: - Signed: - Status: - Name: ndiswan.sys Image Path: C:\WINDOWS\system32\DRIVERS\ndiswan.sys Address: 0xB4758000 Size: 91520 File Visible: - Signed: - Status: - Name: NDProxy.SYS Image Path: C:\WINDOWS\System32\Drivers\NDProxy.SYS Address: 0xA99A2000 Size: 40576 File Visible: - Signed: - Status: - Name: netbios.sys Image Path: C:\WINDOWS\system32\DRIVERS\netbios.sys Address: 0xA951D000 Size: 34688 File Visible: - Signed: - Status: - Name: netbt.sys Image Path: C:\WINDOWS\system32\DRIVERS\netbt.sys Address: 0xA6AF5000 Size: 162816 File Visible: - Signed: - Status: - Name: npf_devolo.sys Image Path: C:\WINDOWS\system32\drivers\npf_devolo.sys Address: 0xB8158000 Size: 53248 File Visible: - Signed: - Status: - Name: Npfs.SYS Image Path: C:\WINDOWS\System32\Drivers\Npfs.SYS Address: 0xA958F000 Size: 30848 File Visible: - Signed: - Status: - Name: Ntfs.sys Image Path: Ntfs.sys Address: 0xB7E43000 Size: 574976 File Visible: - Signed: - Status: - Name: ntkrnlpa.exe Image Path: C:\WINDOWS\system32\ntkrnlpa.exe Address: 0x804D7000 Size: 2154496 File Visible: - Signed: - Status: - Name: Null.SYS Image Path: C:\WINDOWS\System32\Drivers\Null.SYS Address: 0xA9565000 Size: 2944 File Visible: - Signed: - Status: - Name: nv4_disp.dll Image Path: C:\WINDOWS\System32\nv4_disp.dll Address: 0xBD012000 Size: 6434816 File Visible: - Signed: - Status: - Name: nv4_mini.sys Image Path: C:\WINDOWS\system32\DRIVERS\nv4_mini.sys Address: 0xB55F1000 Size: 10232128 File Visible: - Signed: - Status: - Name: nvata.sys Image Path: nvata.sys Address: 0xB7F19000 Size: 93568 File Visible: - Signed: - Status: - Name: NVENETFD.sys Image Path: C:\WINDOWS\system32\DRIVERS\NVENETFD.sys Address: 0xA954D000 Size: 34048 File Visible: - Signed: - Status: - Name: nvnetbus.sys Image Path: C:\WINDOWS\system32\DRIVERS\nvnetbus.sys Address: 0xB77C1000 Size: 13056 File Visible: - Signed: - Status: - Name: NVNRM.SYS Image Path: C:\WINDOWS\system32\DRIVERS\NVNRM.SYS Address: 0xB5FEB000 Size: 303104 File Visible: - Signed: - Status: - Name: NVSNPU.SYS Image Path: C:\WINDOWS\system32\DRIVERS\NVSNPU.SYS Address: 0xB5FB4000 Size: 225280 File Visible: - Signed: - Status: - Name: ohci1394.sys Image Path: ohci1394.sys Address: 0xB80B8000 Size: 61696 File Visible: - Signed: - Status: - Name: parport.sys Image Path: C:\WINDOWS\system32\DRIVERS\parport.sys Address: 0xB480F000 Size: 80384 File Visible: - Signed: - Status: - Name: PartMgr.sys Image Path: PartMgr.sys Address: 0xB8330000 Size: 19712 File Visible: - Signed: - Status: - Name: ParVdm.SYS Image Path: C:\WINDOWS\System32\Drivers\ParVdm.SYS Address: 0x9F67E000 Size: 7040 File Visible: - Signed: - Status: - Name: pci.sys Image Path: pci.sys Address: 0xB7F67000 Size: 68224 File Visible: - Signed: - Status: - Name: pciide.sys Image Path: pciide.sys Address: 0xB8670000 Size: 3328 File Visible: - Signed: - Status: - Name: PCIIDEX.SYS Image Path: C:\WINDOWS\system32\DRIVERS\PCIIDEX.SYS Address: 0xB8328000 Size: 28672 File Visible: - Signed: - Status: - Name: PnpManager Image Path: \Driver\PnpManager Address: 0x804D7000 Size: 2154496 File Visible: - Signed: - Status: - Name: portcls.sys Image Path: C:\WINDOWS\system32\drivers\portcls.sys Address: 0xB6058000 Size: 147456 File Visible: - Signed: - Status: - Name: psched.sys Image Path: C:\WINDOWS\system32\DRIVERS\psched.sys Address: 0xB4747000 Size: 69120 File Visible: - Signed: - Status: - Name: ptilink.sys Image Path: C:\WINDOWS\system32\DRIVERS\ptilink.sys Address: 0xB84A8000 Size: 17792 File Visible: - Signed: - Status: - Name: PxHelp20.sys Image Path: PxHelp20.sys Address: 0xB8118000 Size: 35712 File Visible: - Signed: - Status: - Name: rasacd.sys Image Path: C:\WINDOWS\system32\DRIVERS\rasacd.sys Address: 0xA9DB2000 Size: 8832 File Visible: - Signed: - Status: - Name: rasl2tp.sys Image Path: C:\WINDOWS\system32\DRIVERS\rasl2tp.sys Address: 0xB81E8000 Size: 51328 File Visible: - Signed: - Status: - Name: raspppoe.sys Image Path: C:\WINDOWS\system32\DRIVERS\raspppoe.sys Address: 0xB81F8000 Size: 41472 File Visible: - Signed: - Status: - Name: raspptp.sys Image Path: C:\WINDOWS\system32\DRIVERS\raspptp.sys Address: 0xB8208000 Size: 48384 File Visible: - Signed: - Status: - Name: raspti.sys Image Path: C:\WINDOWS\system32\DRIVERS\raspti.sys Address: 0xB84B0000 Size: 16512 File Visible: - Signed: - Status: - Name: RAW Image Path: \FileSystem\RAW Address: 0x804D7000 Size: 2154496 File Visible: - Signed: - Status: - Name: rdbss.sys Image Path: C:\WINDOWS\system32\DRIVERS\rdbss.sys Address: 0xA6A82000 Size: 175744 File Visible: - Signed: - Status: - Name: RDPCDD.sys Image Path: C:\WINDOWS\System32\DRIVERS\RDPCDD.sys Address: 0xB85DE000 Size: 4224 File Visible: - Signed: - Status: - Name: redbook.sys Image Path: C:\WINDOWS\system32\DRIVERS\redbook.sys Address: 0xB7608000 Size: 57728 File Visible: - Signed: - Status: - Name: rootrepeal.sys Image Path: C:\WINDOWS\system32\drivers\rootrepeal.sys Address: 0x9EF52000 Size: 49152 File Visible: No Signed: - Status: - Name: rrnetcap.sys Image Path: C:\WINDOWS\system32\DRIVERS\rrnetcap.sys Address: 0xB8238000 Size: 40960 File Visible: - Signed: - Status: - Name: secdrv.sys Image Path: C:\WINDOWS\system32\DRIVERS\secdrv.sys Address: 0xA0017000 Size: 40960 File Visible: - Signed: - Status: - Name: serenum.sys Image Path: C:\WINDOWS\system32\DRIVERS\serenum.sys Address: 0xB8540000 Size: 15744 File Visible: - Signed: - Status: - Name: serial.sys Image Path: C:\WINDOWS\system32\DRIVERS\serial.sys Address: 0xB81B8000 Size: 65536 File Visible: - Signed: - Status: - Name: sr.sys Image Path: sr.sys Address: 0xB7EE7000 Size: 73472 File Visible: - Signed: - Status: - Name: srv.sys Image Path: C:\WINDOWS\system32\DRIVERS\srv.sys Address: 0x9F1AA000 Size: 354304 File Visible: - Signed: - Status: - Name: ssmdrv.sys Image Path: C:\WINDOWS\system32\DRIVERS\ssmdrv.sys Address: 0xA9587000 Size: 23040 File Visible: - Signed: - Status: - Name: swenum.sys Image Path: C:\WINDOWS\system32\DRIVERS\swenum.sys Address: 0xB860A000 Size: 4352 File Visible: - Signed: - Status: - Name: sysaudio.sys Image Path: C:\WINDOWS\system32\drivers\sysaudio.sys Address: 0xB64EA000 Size: 60800 File Visible: - Signed: - Status: - Name: tbhsd.sys Image Path: C:\WINDOWS\system32\drivers\tbhsd.sys Address: 0xB81D8000 Size: 49152 File Visible: - Signed: - Status: - Name: tcpip.sys Image Path: C:\WINDOWS\system32\DRIVERS\tcpip.sys Address: 0xA6B1D000 Size: 361600 File Visible: - Signed: - Status: - Name: TDI.SYS Image Path: C:\WINDOWS\system32\DRIVERS\TDI.SYS Address: 0xB84A0000 Size: 20480 File Visible: - Signed: - Status: - Name: termdd.sys Image Path: C:\WINDOWS\system32\DRIVERS\termdd.sys Address: 0xB8228000 Size: 40704 File Visible: - Signed: - Status: - Name: update.sys Image Path: C:\WINDOWS\system32\DRIVERS\update.sys Address: 0xB46E9000 Size: 384768 File Visible: - Signed: - Status: - Name: USBD.SYS Image Path: C:\WINDOWS\system32\DRIVERS\USBD.SYS Address: 0xB85D6000 Size: 8192 File Visible: - Signed: - Status: - Name: usbehci.sys Image Path: C:\WINDOWS\system32\DRIVERS\usbehci.sys Address: 0xB8448000 Size: 30208 File Visible: - Signed: - Status: - Name: usbhub.sys Image Path: C:\WINDOWS\system32\DRIVERS\usbhub.sys Address: 0xA9992000 Size: 59520 File Visible: - Signed: - Status: - Name: usbohci.sys Image Path: C:\WINDOWS\system32\DRIVERS\usbohci.sys Address: 0xB8440000 Size: 17152 File Visible: - Signed: - Status: - Name: USBPORT.SYS Image Path: C:\WINDOWS\system32\DRIVERS\USBPORT.SYS Address: 0xB6446000 Size: 147456 File Visible: - Signed: - Status: - Name: USBSTOR.SYS Image Path: C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS Address: 0xA9577000 Size: 26368 File Visible: - Signed: - Status: - Name: vga.sys Image Path: C:\WINDOWS\System32\drivers\vga.sys Address: 0xA959F000 Size: 20992 File Visible: - Signed: - Status: - Name: VIDEOPRT.SYS Image Path: C:\WINDOWS\system32\DRIVERS\VIDEOPRT.SYS Address: 0xB4823000 Size: 81920 File Visible: - Signed: - Status: - Name: VolSnap.sys Image Path: VolSnap.sys Address: 0xB80E8000 Size: 53760 File Visible: - Signed: - Status: - Name: wanarp.sys Image Path: C:\WINDOWS\system32\DRIVERS\wanarp.sys Address: 0xA950D000 Size: 34560 File Visible: - Signed: - Status: - Name: watchdog.sys Image Path: C:\WINDOWS\System32\watchdog.sys Address: 0xA0352000 Size: 20480 File Visible: - Signed: - Status: - Name: wdmaud.sys Image Path: C:\WINDOWS\system32\drivers\wdmaud.sys Address: 0x9F3B9000 Size: 83072 File Visible: - Signed: - Status: - Name: Win32k Image Path: \Driver\Win32k Address: 0xBF800000 Size: 1855488 File Visible: - Signed: - Status: - Name: win32k.sys Image Path: C:\WINDOWS\System32\win32k.sys Address: 0xBF800000 Size: 1855488 File Visible: - Signed: - Status: - Name: WMILIB.SYS Image Path: C:\WINDOWS\system32\DRIVERS\WMILIB.SYS Address: 0xB85AA000 Size: 8192 File Visible: - Signed: - Status: - Name: WMIxWDM Image Path: \Driver\WMIxWDM Address: 0x804D7000 Size: 2154496 File Visible: - Signed: - Status: - ROOTREPEAL (c) AD, 2007-2009 ================================================== Scan Start Time: 2010/09/15 20:55 Program Version: Version 1.3.5.0 Windows Version: Windows XP SP3 ================================================== Stealth Objects ------------------- gruß, saccharid |
15.09.2010, 21:44 | #5 |
/// Helfer-Team | Avira Antivir meldet BDS\Papras.QN in C:\WINDOWS\cidamapi.dll 1. Ergebnis von "C:\TDSSKiller" bitte posten! Prüfung und Reinigung: 2. Deine Javaversion ist nicht aktuell! Da aufgrund alter Sicherheitslücken ist Java sehr anfällig, deinstalliere zunächst alle vorhandenen Java-Versionen: → Systemsteuerung → Software → deinstallieren... → Rechner neu aufstarten → Downloade nun die Offline-Version von Java Version 6 Update 21 von Oracle herunter Achte darauf, eventuell angebotene Toolbars abwählen (den Haken bei der Toolbar entfernen)! 3. alle Anwendungen schließen → Ordner für temporäre Dateien bitte leeren **Der Temp Ordner,ist für temporäre Dateien,also der Inhalt kann man ohne weiteres löschen.- Dateien, die noch in Benutzung sind, nicht löschbar. **Lösche nur den Inhalt der Ordner, nicht die Ordner selbst!
4. reinige dein System mit Ccleaner:
5.
6. Auch auf USB-Sticks, selbstgebrannten Datenträgern, externen Festplatten und anderen Datenträgern können Viren transportiert werden. Man muss daher durch regelmäßige Prüfungen auf Schäden, die durch Malware verursacht worden sein können, überwacht werden. Hierfür sind ser gut geegnet und empfohlen, die auf dem Speichermedium gesicherten Daten, mit Hilfe des kostenlosen Online Scanners zu prüfen. → Also alle vorhandenen externen Laufwerke inkl. evtl. vorhandener USB-Sticks an den Rechner anschließen, aber dabei die Shift-Taste gedrückt halten, damit die Autorun-Funktion nicht ausgeführt wird. Außerdem kann man die Autostarteigenschaft auch ausschalten: → Windows-Sicherheit: Datenträger-Autorun deaktivieren- bebilderte Anleitung v.Leonidas/3dcenter.org → Autorun/Autoplay gezielt für Laufwerkstypen oder -buchstaben abschalten/wintotal.de → Diese Silly -Beschreibung stützt die Annahme, dass er über einen USB-Stick kam. Die Ursache ist durch formatieren des Sticks aus der Welt geschafft, Du solltest darauf achten, dass dort keine Datei autorun.inf wieder auftaucht und etwas wählerisch sein, wo Du deinen Stick reinsteckst. Achtung!: >>Du sollst das Programm nicht installieren, sondern dein System nur online scannen<< → Den kompletten Rechner (also das ganze System) zu überprüfen (Systemprüfung ohne Säuberung) mit Kaspersky Online Scanner/klicke hier → um mit dem Vorgang fortzufahren klicke auf "Accept" → dann wähle "My computer" aus - Es dauert einige Zeit, bis ein Komplett-Scan durch gelaufen ist, also bitte um Geduld! Es kann einige Zeit dauern, bis der Scan abgeschlossen ist - je nach Größe der Festplatte eine oder mehrere Stunden - also Geduld... → Report angezeigt, klicke auf "Save as" - den bitte kopieren und in deinem Thread hier einfügen Vor dem Scan Einstellungen im Internet Explorer: → "Extras→ Internetoptionen→ Sicherheit": → alles auf Standardstufe stellen → Active X erlauben - damit die neue Virendefinitionen installiert werden können |
16.09.2010, 19:23 | #6 |
| Avira Antivir meldet BDS\Papras.QN in C:\WINDOWS\cidamapi.dll Habe die Punkte wieder der Reihe nach abgearbeitet. 6. Der Kaspersky Online Scanner funktionierte jedoch nicht. Die Scan-schaltfäche ist grau unterlegt und lässt sich nicht wählen. TDSSKiller: Code:
ATTFilter 2010/09/14 22:15:40.0109 TDSS rootkit removing tool 2.4.2.1 Sep 7 2010 14:43:44 2010/09/14 22:15:40.0109 ================================================================================ 2010/09/14 22:15:40.0109 SystemInfo: 2010/09/14 22:15:40.0109 2010/09/14 22:15:40.0109 OS Version: 5.1.2600 ServicePack: 3.0 2010/09/14 22:15:40.0109 Product type: Workstation 2010/09/14 22:15:40.0109 ComputerName: LARS 2010/09/14 22:15:40.0109 UserName: admin 2010/09/14 22:15:40.0109 Windows directory: C:\WINDOWS 2010/09/14 22:15:40.0109 System windows directory: C:\WINDOWS 2010/09/14 22:15:40.0109 Processor architecture: Intel x86 2010/09/14 22:15:40.0109 Number of processors: 2 2010/09/14 22:15:40.0109 Page size: 0x1000 2010/09/14 22:15:40.0109 Boot type: Normal boot 2010/09/14 22:15:40.0109 ================================================================================ 2010/09/14 22:15:40.0359 Initialize success 2010/09/14 22:15:43.0546 ================================================================================ 2010/09/14 22:15:43.0546 Scan started 2010/09/14 22:15:43.0546 Mode: Manual; 2010/09/14 22:15:43.0546 ================================================================================ 2010/09/14 22:15:43.0937 ACPI (ac407f1a62c3a300b4f2b5a9f1d55b2c) C:\WINDOWS\system32\DRIVERS\ACPI.sys 2010/09/14 22:15:43.0984 ACPIEC (9e1ca3160dafb159ca14f83b1e317f75) C:\WINDOWS\system32\drivers\ACPIEC.sys 2010/09/14 22:15:44.0046 aec (8bed39e3c35d6a489438b8141717a557) C:\WINDOWS\system32\drivers\aec.sys 2010/09/14 22:15:44.0093 AegisP (2c5c22990156a1063e19ad162191dc1d) C:\WINDOWS\system32\DRIVERS\AegisP.sys 2010/09/14 22:15:44.0156 AFD (7e775010ef291da96ad17ca4b17137d7) C:\WINDOWS\System32\drivers\afd.sys 2010/09/14 22:15:44.0312 ALCXWDM (fcb505a7fa9dd4b8b98064792fd038a4) C:\WINDOWS\system32\drivers\ALCXWDM.SYS 2010/09/14 22:15:44.0437 AmdK8 (a96cc1761e4e6e997f3ca0021226c431) C:\WINDOWS\system32\DRIVERS\AmdK8.sys 2010/09/14 22:15:44.0515 AR5523 (2fe74d040a88d51f0498305f6abfa8af) C:\WINDOWS\system32\DRIVERS\ar5523.sys 2010/09/14 22:15:44.0546 Arp1394 (b5b8a80875c1dededa8b02765642c32f) C:\WINDOWS\system32\DRIVERS\arp1394.sys 2010/09/14 22:15:44.0625 AsyncMac (b153affac761e7f5fcfa822b9c4e97bc) C:\WINDOWS\system32\DRIVERS\asyncmac.sys 2010/09/14 22:15:44.0671 atapi (9f3a2f5aa6875c72bf062c712cfa2674) C:\WINDOWS\system32\DRIVERS\atapi.sys 2010/09/14 22:15:44.0734 ATHFMWDL (b41d44a4041d011e2a234829b8e2d90d) C:\WINDOWS\system32\Drivers\ATHFMWDL.sys 2010/09/14 22:15:44.0765 Atmarpc (9916c1225104ba14794209cfa8012159) C:\WINDOWS\system32\DRIVERS\atmarpc.sys 2010/09/14 22:15:44.0812 audstub (d9f724aa26c010a217c97606b160ed68) C:\WINDOWS\system32\DRIVERS\audstub.sys 2010/09/14 22:15:44.0890 avgio (0b497c79824f8e1bf22fa6aacd3de3a0) D:\Programme\Avira\AntiVir Desktop\avgio.sys 2010/09/14 22:15:44.0937 avgntflt (14fe36d8f2c6a2435275338d061a0b66) C:\WINDOWS\system32\DRIVERS\avgntflt.sys 2010/09/14 22:15:45.0031 avipbb (6d52060b59e7d79cd2a044b6add1f1ef) C:\WINDOWS\system32\DRIVERS\avipbb.sys 2010/09/14 22:15:45.0062 AVMUNET (077b3692f4376d1539755761feef659a) C:\WINDOWS\system32\DRIVERS\avmunet.sys 2010/09/14 22:15:45.0125 Beep (da1f27d85e0d1525f6621372e7b685e9) C:\WINDOWS\system32\drivers\Beep.sys 2010/09/14 22:15:45.0156 cbidf2k (90a673fc8e12a79afbed2576f6a7aaf9) C:\WINDOWS\system32\drivers\cbidf2k.sys 2010/09/14 22:15:45.0218 Cdaudio (c1b486a7658353d33a10cc15211a873b) C:\WINDOWS\system32\drivers\Cdaudio.sys 2010/09/14 22:15:45.0250 Cdfs (c885b02847f5d2fd45a24e219ed93b32) C:\WINDOWS\system32\drivers\Cdfs.sys 2010/09/14 22:15:45.0312 Cdrom (1f4260cc5b42272d71f79e570a27a4fe) C:\WINDOWS\system32\DRIVERS\cdrom.sys 2010/09/14 22:15:45.0421 Disk (044452051f3e02e7963599fc8f4f3e25) C:\WINDOWS\system32\DRIVERS\disk.sys 2010/09/14 22:15:45.0453 dmboot (0dcfc8395a99fecbb1ef771cec7fe4ea) C:\WINDOWS\system32\drivers\dmboot.sys 2010/09/14 22:15:45.0484 dmio (53720ab12b48719d00e327da470a619a) C:\WINDOWS\system32\drivers\dmio.sys 2010/09/14 22:15:45.0531 dmload (e9317282a63ca4d188c0df5e09c6ac5f) C:\WINDOWS\system32\drivers\dmload.sys 2010/09/14 22:15:45.0546 DMusic (8a208dfcf89792a484e76c40e5f50b45) C:\WINDOWS\system32\drivers\DMusic.sys 2010/09/14 22:15:45.0640 drmkaud (8f5fcff8e8848afac920905fbd9d33c8) C:\WINDOWS\system32\drivers\drmkaud.sys 2010/09/14 22:15:45.0687 Fastfat (38d332a6d56af32635675f132548343e) C:\WINDOWS\system32\drivers\Fastfat.sys 2010/09/14 22:15:45.0718 Fdc (92cdd60b6730b9f50f6a1a0c1f8cdc81) C:\WINDOWS\system32\DRIVERS\fdc.sys 2010/09/14 22:15:45.0718 Fips (b0678a548587c5f1967b0d70bacad6c1) C:\WINDOWS\system32\drivers\Fips.sys 2010/09/14 22:15:45.0734 Flpydisk (9d27e7b80bfcdf1cdd9b555862d5e7f0) C:\WINDOWS\system32\DRIVERS\flpydisk.sys 2010/09/14 22:15:45.0765 FltMgr (b2cf4b0786f8212cb92ed2b50c6db6b0) C:\WINDOWS\system32\drivers\fltmgr.sys 2010/09/14 22:15:45.0812 Fs_Rec (3e1e2bd4f39b0e2b7dc4f4d2bcc2779a) C:\WINDOWS\system32\drivers\Fs_Rec.sys 2010/09/14 22:15:45.0843 Ftdisk (8f1955ce42e1484714b542f341647778) C:\WINDOWS\system32\DRIVERS\ftdisk.sys 2010/09/14 22:15:45.0859 Gpc (0a02c63c8b144bd8c86b103dee7c86a2) C:\WINDOWS\system32\DRIVERS\msgpc.sys 2010/09/14 22:15:45.0875 hamachi (7929a161f9951d173ca9900fe7067391) C:\WINDOWS\system32\DRIVERS\hamachi.sys 2010/09/14 22:15:45.0953 HDAudBus (573c7d0a32852b48f3058cfd8026f511) C:\WINDOWS\system32\DRIVERS\HDAudBus.sys 2010/09/14 22:15:45.0984 HidUsb (ccf82c5ec8a7326c3066de870c06daf1) C:\WINDOWS\system32\DRIVERS\hidusb.sys 2010/09/14 22:15:46.0062 HTTP (f80a415ef82cd06ffaf0d971528ead38) C:\WINDOWS\system32\Drivers\HTTP.sys 2010/09/14 22:15:46.0109 hwdatacard (200ab8daf659c7324601fcc824d7f910) C:\WINDOWS\system32\DRIVERS\ewusbmdm.sys 2010/09/14 22:15:46.0250 i8042prt (e283b97cfbeb86c1d86baed5f7846a92) C:\WINDOWS\system32\DRIVERS\i8042prt.sys 2010/09/14 22:15:46.0281 Imapi (083a052659f5310dd8b6a6cb05edcf8e) C:\WINDOWS\system32\DRIVERS\imapi.sys 2010/09/14 22:15:46.0359 Ip6Fw (3bb22519a194418d5fec05d800a19ad0) C:\WINDOWS\system32\drivers\ip6fw.sys 2010/09/14 22:15:46.0390 IpFilterDriver (731f22ba402ee4b62748adaf6363c182) C:\WINDOWS\system32\DRIVERS\ipfltdrv.sys 2010/09/14 22:15:46.0406 IpInIp (b87ab476dcf76e72010632b5550955f5) C:\WINDOWS\system32\DRIVERS\ipinip.sys 2010/09/14 22:15:46.0453 IpNat (cc748ea12c6effde940ee98098bf96bb) C:\WINDOWS\system32\DRIVERS\ipnat.sys 2010/09/14 22:15:46.0484 IPSec (23c74d75e36e7158768dd63d92789a91) C:\WINDOWS\system32\DRIVERS\ipsec.sys 2010/09/14 22:15:46.0531 IRENUM (c93c9ff7b04d772627a3646d89f7bf89) C:\WINDOWS\system32\DRIVERS\irenum.sys 2010/09/14 22:15:46.0562 isapnp (6dfb88f64135c525433e87648bda30de) C:\WINDOWS\system32\DRIVERS\isapnp.sys 2010/09/14 22:15:46.0578 Kbdclass (1704d8c4c8807b889e43c649b478a452) C:\WINDOWS\system32\DRIVERS\kbdclass.sys 2010/09/14 22:15:46.0609 kmixer (692bcf44383d056aed41b045a323d378) C:\WINDOWS\system32\drivers\kmixer.sys 2010/09/14 22:15:46.0625 KSecDD (b467646c54cc746128904e1654c750c1) C:\WINDOWS\system32\drivers\KSecDD.sys 2010/09/14 22:15:46.0703 mnmdd (4ae068242760a1fb6e1a44bf4e16afa6) C:\WINDOWS\system32\drivers\mnmdd.sys 2010/09/14 22:15:46.0750 Modem (6fb74ebd4ec57a6f1781de3852cc3362) C:\WINDOWS\system32\drivers\Modem.sys 2010/09/14 22:15:46.0765 Mouclass (b24ce8005deab254c0251e15cb71d802) C:\WINDOWS\system32\DRIVERS\mouclass.sys 2010/09/14 22:15:46.0796 mouhid (66a6f73c74e1791464160a7065ce711a) C:\WINDOWS\system32\DRIVERS\mouhid.sys 2010/09/14 22:15:46.0906 MountMgr (a80b9a0bad1b73637dbcbba7df72d3fd) C:\WINDOWS\system32\drivers\MountMgr.sys 2010/09/14 22:15:46.0937 MRxDAV (11d42bb6206f33fbb3ba0288d3ef81bd) C:\WINDOWS\system32\DRIVERS\mrxdav.sys 2010/09/14 22:15:47.0015 MRxSmb (f3aefb11abc521122b67095044169e98) C:\WINDOWS\system32\DRIVERS\mrxsmb.sys 2010/09/14 22:15:47.0078 Msfs (c941ea2454ba8350021d774daf0f1027) C:\WINDOWS\system32\drivers\Msfs.sys 2010/09/14 22:15:47.0109 MSKSSRV (d1575e71568f4d9e14ca56b7b0453bf1) C:\WINDOWS\system32\drivers\MSKSSRV.sys 2010/09/14 22:15:47.0125 MSPCLOCK (325bb26842fc7ccc1fcce2c457317f3e) C:\WINDOWS\system32\drivers\MSPCLOCK.sys 2010/09/14 22:15:47.0140 MSPQM (bad59648ba099da4a17680b39730cb3d) C:\WINDOWS\system32\drivers\MSPQM.sys 2010/09/14 22:15:47.0203 mssmbios (af5f4f3f14a8ea2c26de30f7a1e17136) C:\WINDOWS\system32\DRIVERS\mssmbios.sys 2010/09/14 22:15:47.0265 MTsensor (d48659bb24c48345d926ecb45c1ebdf5) C:\WINDOWS\system32\DRIVERS\ASACPI.sys 2010/09/14 22:15:47.0265 Mup (2f625d11385b1a94360bfc70aaefdee1) C:\WINDOWS\system32\drivers\Mup.sys 2010/09/14 22:15:47.0296 NDIS (1df7f42665c94b825322fae71721130d) C:\WINDOWS\system32\drivers\NDIS.sys 2010/09/14 22:15:47.0312 NdisTapi (1ab3d00c991ab086e69db84b6c0ed78f) C:\WINDOWS\system32\DRIVERS\ndistapi.sys 2010/09/14 22:15:47.0328 Ndisuio (f927a4434c5028758a842943ef1a3849) C:\WINDOWS\system32\DRIVERS\ndisuio.sys 2010/09/14 22:15:47.0343 NdisWan (edc1531a49c80614b2cfda43ca8659ab) C:\WINDOWS\system32\DRIVERS\ndiswan.sys 2010/09/14 22:15:47.0375 NDProxy (6215023940cfd3702b46abc304e1d45a) C:\WINDOWS\system32\drivers\NDProxy.sys 2010/09/14 22:15:47.0406 NetBIOS (5d81cf9a2f1a3a756b66cf684911cdf0) C:\WINDOWS\system32\DRIVERS\netbios.sys 2010/09/14 22:15:47.0421 NetBT (74b2b2f5bea5e9a3dc021d685551bd3d) C:\WINDOWS\system32\DRIVERS\netbt.sys 2010/09/14 22:15:47.0515 NIC1394 (e9e47cfb2d461fa0fc75b7a74c6383ea) C:\WINDOWS\system32\DRIVERS\nic1394.sys 2010/09/14 22:15:47.0546 Npfs (3182d64ae053d6fb034f44b6def8034a) C:\WINDOWS\system32\drivers\Npfs.sys 2010/09/14 22:15:47.0593 NPF_devolo (75ac610a7481cb1f343dc971249bcb19) C:\WINDOWS\system32\drivers\npf_devolo.sys 2010/09/14 22:15:47.0625 Ntfs (78a08dd6a8d65e697c18e1db01c5cdca) C:\WINDOWS\system32\drivers\Ntfs.sys 2010/09/14 22:15:47.0687 Null (73c1e1f395918bc2c6dd67af7591a3ad) C:\WINDOWS\system32\drivers\Null.sys 2010/09/14 22:15:48.0000 nv (30913cbf518396912e54c2c9f1dd0f09) C:\WINDOWS\system32\DRIVERS\nv4_mini.sys 2010/09/14 22:15:48.0156 nvata (0344aa9113dc16eec379f4652020849d) C:\WINDOWS\system32\DRIVERS\nvata.sys 2010/09/14 22:15:48.0187 NVENETFD (a545df28f75bcb109a3aadbb07552b12) C:\WINDOWS\system32\DRIVERS\NVENETFD.sys 2010/09/14 22:15:48.0218 nvnetbus (ea41f641420f3d8271804d287c1ef461) C:\WINDOWS\system32\DRIVERS\nvnetbus.sys 2010/09/14 22:15:48.0265 NwlnkFlt (b305f3fad35083837ef46a0bbce2fc57) C:\WINDOWS\system32\DRIVERS\nwlnkflt.sys 2010/09/14 22:15:48.0265 NwlnkFwd (c99b3415198d1aab7227f2c88fd664b9) C:\WINDOWS\system32\DRIVERS\nwlnkfwd.sys 2010/09/14 22:15:48.0312 ohci1394 (ca33832df41afb202ee7aeb05145922f) C:\WINDOWS\system32\DRIVERS\ohci1394.sys 2010/09/14 22:15:48.0328 Parport (f84785660305b9b903fb3bca8ba29837) C:\WINDOWS\system32\DRIVERS\parport.sys 2010/09/14 22:15:48.0343 PartMgr (beb3ba25197665d82ec7065b724171c6) C:\WINDOWS\system32\drivers\PartMgr.sys 2010/09/14 22:15:48.0375 ParVdm (c2bf987829099a3eaa2ca6a0a90ecb4f) C:\WINDOWS\system32\drivers\ParVdm.sys 2010/09/14 22:15:48.0484 PCASp50 (7a15e748a513244f8cfbf8d4d72215c5) C:\WINDOWS\system32\Drivers\PCASp50.sys 2010/09/14 22:15:48.0500 PCI (387e8dedc343aa2d1efbc30580273acd) C:\WINDOWS\system32\DRIVERS\pci.sys 2010/09/14 22:15:48.0531 PCIIde (59ba86d9a61cbcf4df8e598c331f5b82) C:\WINDOWS\system32\DRIVERS\pciide.sys 2010/09/14 22:15:48.0562 Pcmcia (a2a966b77d61847d61a3051df87c8c97) C:\WINDOWS\system32\drivers\Pcmcia.sys 2010/09/14 22:15:48.0687 PptpMiniport (efeec01b1d3cf84f16ddd24d9d9d8f99) C:\WINDOWS\system32\DRIVERS\raspptp.sys 2010/09/14 22:15:48.0703 Processor (2cb55427c58679f49ad600fccba76360) C:\WINDOWS\system32\DRIVERS\processr.sys 2010/09/14 22:15:48.0718 PSched (09298ec810b07e5d582cb3a3f9255424) C:\WINDOWS\system32\DRIVERS\psched.sys 2010/09/14 22:15:48.0812 Ptilink (80d317bd1c3dbc5d4fe7b1678c60cadd) C:\WINDOWS\system32\DRIVERS\ptilink.sys 2010/09/14 22:15:48.0859 PxHelp20 (d86b4a68565e444d76457f14172c875a) C:\WINDOWS\system32\Drivers\PxHelp20.sys 2010/09/14 22:15:48.0937 RasAcd (fe0d99d6f31e4fad8159f690d68ded9c) C:\WINDOWS\system32\DRIVERS\rasacd.sys 2010/09/14 22:15:48.0953 Rasl2tp (11b4a627bc9614b885c4969bfa5ff8a6) C:\WINDOWS\system32\DRIVERS\rasl2tp.sys 2010/09/14 22:15:48.0984 RasPppoe (5bc962f2654137c9909c3d4603587dee) C:\WINDOWS\system32\DRIVERS\raspppoe.sys 2010/09/14 22:15:48.0984 Raspti (fdbb1d60066fcfbb7452fd8f9829b242) C:\WINDOWS\system32\DRIVERS\raspti.sys 2010/09/14 22:15:49.0015 Rdbss (7ad224ad1a1437fe28d89cf22b17780a) C:\WINDOWS\system32\DRIVERS\rdbss.sys 2010/09/14 22:15:49.0031 RDPCDD (4912d5b403614ce99c28420f75353332) C:\WINDOWS\system32\DRIVERS\RDPCDD.sys 2010/09/14 22:15:49.0062 RDPWD (6728e45b66f93c08f11de2e316fc70dd) C:\WINDOWS\system32\drivers\RDPWD.sys 2010/09/14 22:15:49.0140 redbook (ed761d453856f795a7fe056e42c36365) C:\WINDOWS\system32\DRIVERS\redbook.sys 2010/09/14 22:15:49.0171 RRNetCap (fceae318066198c162d2176ec2975ace) C:\WINDOWS\system32\DRIVERS\rrnetcap.sys 2010/09/14 22:15:49.0187 RRNetCapMP (fceae318066198c162d2176ec2975ace) C:\WINDOWS\system32\DRIVERS\rrnetcap.sys 2010/09/14 22:15:49.0250 Secdrv (90a3935d05b494a5a39d37e71f09a677) C:\WINDOWS\system32\DRIVERS\secdrv.sys 2010/09/14 22:15:49.0265 serenum (0f29512ccd6bead730039fb4bd2c85ce) C:\WINDOWS\system32\DRIVERS\serenum.sys 2010/09/14 22:15:49.0296 Serial (cf24eb4f0412c82bcd1f4f35a025e31d) C:\WINDOWS\system32\DRIVERS\serial.sys 2010/09/14 22:15:49.0343 Sfloppy (8e6b8c671615d126fdc553d1e2de5562) C:\WINDOWS\system32\DRIVERS\sfloppy.sys 2010/09/14 22:15:49.0406 splitter (ab8b92451ecb048a4d1de7c3ffcb4a9f) C:\WINDOWS\system32\drivers\splitter.sys 2010/09/14 22:15:49.0453 sr (50fa898f8c032796d3b1b9951bb5a90f) C:\WINDOWS\system32\DRIVERS\sr.sys 2010/09/14 22:15:49.0593 Srv (da852e3e0bf1cea75d756f9866241e57) C:\WINDOWS\system32\DRIVERS\srv.sys 2010/09/14 22:15:49.0656 ssmdrv (5ec550b8952882ee856b862cf648522d) C:\WINDOWS\system32\DRIVERS\ssmdrv.sys 2010/09/14 22:15:49.0703 swenum (3941d127aef12e93addf6fe6ee027e0f) C:\WINDOWS\system32\DRIVERS\swenum.sys 2010/09/14 22:15:49.0734 swmidi (8ce882bcc6cf8a62f2b2323d95cb3d01) C:\WINDOWS\system32\drivers\swmidi.sys 2010/09/14 22:15:49.0843 sysaudio (8b83f3ed0f1688b4958f77cd6d2bf290) C:\WINDOWS\system32\drivers\sysaudio.sys 2010/09/14 22:15:49.0890 tbhsd (4d46f63f7ddc2442941d63327c360b90) C:\WINDOWS\system32\drivers\tbhsd.sys 2010/09/14 22:15:49.0921 Tcpip (9aefa14bd6b182d61e3119fa5f436d3d) C:\WINDOWS\system32\DRIVERS\tcpip.sys 2010/09/14 22:15:50.0000 TDPIPE (6471a66807f5e104e4885f5b67349397) C:\WINDOWS\system32\drivers\TDPIPE.sys 2010/09/14 22:15:50.0015 TDTCP (c56b6d0402371cf3700eb322ef3aaf61) C:\WINDOWS\system32\drivers\TDTCP.sys 2010/09/14 22:15:50.0031 TermDD (88155247177638048422893737429d9e) C:\WINDOWS\system32\DRIVERS\termdd.sys 2010/09/14 22:15:50.0093 Udfs (5787b80c2e3c5e2f56c2a233d91fa2c9) C:\WINDOWS\system32\drivers\Udfs.sys 2010/09/14 22:15:50.0140 Update (402ddc88356b1bac0ee3dd1580c76a31) C:\WINDOWS\system32\DRIVERS\update.sys 2010/09/14 22:15:50.0171 usbaudio (e919708db44ed8543a7c017953148330) C:\WINDOWS\system32\drivers\usbaudio.sys 2010/09/14 22:15:50.0203 usbccgp (173f317ce0db8e21322e71b7e60a27e8) C:\WINDOWS\system32\DRIVERS\usbccgp.sys 2010/09/14 22:15:50.0250 usbehci (65dcf09d0e37d4c6b11b5b0b76d470a7) C:\WINDOWS\system32\DRIVERS\usbehci.sys 2010/09/14 22:15:50.0281 usbhub (1ab3cdde553b6e064d2e754efe20285c) C:\WINDOWS\system32\DRIVERS\usbhub.sys 2010/09/14 22:15:50.0296 usbohci (0daecce65366ea32b162f85f07c6753b) C:\WINDOWS\system32\DRIVERS\usbohci.sys 2010/09/14 22:15:50.0328 usbscan (a0b8cf9deb1184fbdd20784a58fa75d4) C:\WINDOWS\system32\DRIVERS\usbscan.sys 2010/09/14 22:15:50.0359 usbstor (a32426d9b14a089eaa1d922e0c5801a9) C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS 2010/09/14 22:15:50.0375 VgaSave (0d3a8fafceacd8b7625cd549757a7df1) C:\WINDOWS\System32\drivers\vga.sys 2010/09/14 22:15:50.0406 VolSnap (a5a712f4e880874a477af790b5186e1d) C:\WINDOWS\system32\drivers\VolSnap.sys 2010/09/14 22:15:50.0437 Wanarp (e20b95baedb550f32dd489265c1da1f6) C:\WINDOWS\system32\DRIVERS\wanarp.sys 2010/09/14 22:15:50.0468 wdmaud (6768acf64b18196494413695f0c3a00f) C:\WINDOWS\system32\drivers\wdmaud.sys 2010/09/14 22:15:50.0546 WudfPf (f15feafffbb3644ccc80c5da584e6311) C:\WINDOWS\system32\DRIVERS\WudfPf.sys 2010/09/14 22:15:50.0562 WudfRd (28b524262bce6de1f7ef9f510ba3985b) C:\WINDOWS\system32\DRIVERS\wudfrd.sys 2010/09/14 22:15:50.0609 ================================================================================ 2010/09/14 22:15:50.0609 Scan finished 2010/09/14 22:15:50.0609 ================================================================================ 2010/09/14 22:15:57.0921 Deinitialize success Code:
ATTFilter SUPERAntiSpyware Scan Log hxxp://www.superantispyware.com Generated 09/16/2010 at 07:37 PM Application Version : 4.43.1000 Core Rules Database Version : 5519 Trace Rules Database Version: 3331 Scan type : Complete Scan Total Scan Time : 00:31:32 Memory items scanned : 441 Memory threats detected : 0 Registry items scanned : 6798 Registry threats detected : 0 File items scanned : 23200 File threats detected : 60 Adware.Tracking Cookie 2mdn.net [ C:\Dokumente und Einstellungen\Ulrike\Anwendungsdaten\Macromedia\Flash Player\#SharedObjects\3BFFBW53 ] 79.memecounter.com [ C:\Dokumente und Einstellungen\Ulrike\Anwendungsdaten\Macromedia\Flash Player\#SharedObjects\3BFFBW53 ] acvs.mediaonenetwork.net [ C:\Dokumente und Einstellungen\Ulrike\Anwendungsdaten\Macromedia\Flash Player\#SharedObjects\3BFFBW53 ] banners.securedataimages.com [ C:\Dokumente und Einstellungen\Ulrike\Anwendungsdaten\Macromedia\Flash Player\#SharedObjects\3BFFBW53 ] bc.youporn.com [ C:\Dokumente und Einstellungen\Ulrike\Anwendungsdaten\Macromedia\Flash Player\#SharedObjects\3BFFBW53 ] broadcast.piximedia.fr [ C:\Dokumente und Einstellungen\Ulrike\Anwendungsdaten\Macromedia\Flash Player\#SharedObjects\3BFFBW53 ] cdn1.eyewonder.com [ C:\Dokumente und Einstellungen\Ulrike\Anwendungsdaten\Macromedia\Flash Player\#SharedObjects\3BFFBW53 ] cdn5.specificclick.net [ C:\Dokumente und Einstellungen\Ulrike\Anwendungsdaten\Macromedia\Flash Player\#SharedObjects\3BFFBW53 ] ds.serving-sys.com [ C:\Dokumente und Einstellungen\Ulrike\Anwendungsdaten\Macromedia\Flash Player\#SharedObjects\3BFFBW53 ] files.youporn.com [ C:\Dokumente und Einstellungen\Ulrike\Anwendungsdaten\Macromedia\Flash Player\#SharedObjects\3BFFBW53 ] flvplayer2.hardsextube.com [ C:\Dokumente und Einstellungen\Ulrike\Anwendungsdaten\Macromedia\Flash Player\#SharedObjects\3BFFBW53 ] googleads.g.doubleclick.net [ C:\Dokumente und Einstellungen\Ulrike\Anwendungsdaten\Macromedia\Flash Player\#SharedObjects\3BFFBW53 ] icq.oberon-media.com [ C:\Dokumente und Einstellungen\Ulrike\Anwendungsdaten\Macromedia\Flash Player\#SharedObjects\3BFFBW53 ] imagesrv.adition.com [ C:\Dokumente und Einstellungen\Ulrike\Anwendungsdaten\Macromedia\Flash Player\#SharedObjects\3BFFBW53 ] m.de.2mdn.net [ C:\Dokumente und Einstellungen\Ulrike\Anwendungsdaten\Macromedia\Flash Player\#SharedObjects\3BFFBW53 ] macromedia.com [ C:\Dokumente und Einstellungen\Ulrike\Anwendungsdaten\Macromedia\Flash Player\#SharedObjects\3BFFBW53 ] media.mtvnservices.com [ C:\Dokumente und Einstellungen\Ulrike\Anwendungsdaten\Macromedia\Flash Player\#SharedObjects\3BFFBW53 ] media.scanscout.com [ C:\Dokumente und Einstellungen\Ulrike\Anwendungsdaten\Macromedia\Flash Player\#SharedObjects\3BFFBW53 ] media01.kyte.tv [ C:\Dokumente und Einstellungen\Ulrike\Anwendungsdaten\Macromedia\Flash Player\#SharedObjects\3BFFBW53 ] memecounter.com [ C:\Dokumente und Einstellungen\Ulrike\Anwendungsdaten\Macromedia\Flash Player\#SharedObjects\3BFFBW53 ] naiadsystems.com [ C:\Dokumente und Einstellungen\Ulrike\Anwendungsdaten\Macromedia\Flash Player\#SharedObjects\3BFFBW53 ] objects.tremormedia.com [ C:\Dokumente und Einstellungen\Ulrike\Anwendungsdaten\Macromedia\Flash Player\#SharedObjects\3BFFBW53 ] oddcast.com [ C:\Dokumente und Einstellungen\Ulrike\Anwendungsdaten\Macromedia\Flash Player\#SharedObjects\3BFFBW53 ] pornme.com [ C:\Dokumente und Einstellungen\Ulrike\Anwendungsdaten\Macromedia\Flash Player\#SharedObjects\3BFFBW53 ] s0.2mdn.net [ C:\Dokumente und Einstellungen\Ulrike\Anwendungsdaten\Macromedia\Flash Player\#SharedObjects\3BFFBW53 ] static.xxxmatch.com [ C:\Dokumente und Einstellungen\Ulrike\Anwendungsdaten\Macromedia\Flash Player\#SharedObjects\3BFFBW53 ] static.youporn.com [ C:\Dokumente und Einstellungen\Ulrike\Anwendungsdaten\Macromedia\Flash Player\#SharedObjects\3BFFBW53 ] track.trackads.net [ C:\Dokumente und Einstellungen\Ulrike\Anwendungsdaten\Macromedia\Flash Player\#SharedObjects\3BFFBW53 ] track.webgains.com [ C:\Dokumente und Einstellungen\Ulrike\Anwendungsdaten\Macromedia\Flash Player\#SharedObjects\3BFFBW53 ] trackads.net [ C:\Dokumente und Einstellungen\Ulrike\Anwendungsdaten\Macromedia\Flash Player\#SharedObjects\3BFFBW53 ] www.ardmediathek.de [ C:\Dokumente und Einstellungen\Ulrike\Anwendungsdaten\Macromedia\Flash Player\#SharedObjects\3BFFBW53 ] www.gina-lisa-sex-video.com [ C:\Dokumente und Einstellungen\Ulrike\Anwendungsdaten\Macromedia\Flash Player\#SharedObjects\3BFFBW53 ] www.naiadsystems.com [ C:\Dokumente und Einstellungen\Ulrike\Anwendungsdaten\Macromedia\Flash Player\#SharedObjects\3BFFBW53 ] www.pornhub.com [ C:\Dokumente und Einstellungen\Ulrike\Anwendungsdaten\Macromedia\Flash Player\#SharedObjects\3BFFBW53 ] www.pornoprinzen.com [ C:\Dokumente und Einstellungen\Ulrike\Anwendungsdaten\Macromedia\Flash Player\#SharedObjects\3BFFBW53 ] www.porntube.com [ C:\Dokumente und Einstellungen\Ulrike\Anwendungsdaten\Macromedia\Flash Player\#SharedObjects\3BFFBW53 ] www.sextube.com [ C:\Dokumente und Einstellungen\Ulrike\Anwendungsdaten\Macromedia\Flash Player\#SharedObjects\3BFFBW53 ] www.sexyandfunny.com [ C:\Dokumente und Einstellungen\Ulrike\Anwendungsdaten\Macromedia\Flash Player\#SharedObjects\3BFFBW53 ] www.youngpornmovies.com [ C:\Dokumente und Einstellungen\Ulrike\Anwendungsdaten\Macromedia\Flash Player\#SharedObjects\3BFFBW53 ] wwwstatic.megaporn.com [ C:\Dokumente und Einstellungen\Ulrike\Anwendungsdaten\Macromedia\Flash Player\#SharedObjects\3BFFBW53 ] Adware.MyWebSearch/FunWebProducts C:\PROGRAMME\INTERNET EXPLORER\MSIMG32.DLL Trojan.Agent/Gen-Nullo[Short] C:\SYSTEM VOLUME INFORMATION\_RESTORE{67A00C07-4DD2-470F-8E3C-11D4F9304C0A}\RP539\A0088816.DLL C:\SYSTEM VOLUME INFORMATION\_RESTORE{67A00C07-4DD2-470F-8E3C-11D4F9304C0A}\RP539\A0088807.DLL C:\SYSTEM VOLUME INFORMATION\_RESTORE{67A00C07-4DD2-470F-8E3C-11D4F9304C0A}\RP539\A0088808.DLL C:\SYSTEM VOLUME INFORMATION\_RESTORE{67A00C07-4DD2-470F-8E3C-11D4F9304C0A}\RP539\A0088809.DLL C:\SYSTEM VOLUME INFORMATION\_RESTORE{67A00C07-4DD2-470F-8E3C-11D4F9304C0A}\RP539\A0088810.DLL C:\SYSTEM VOLUME INFORMATION\_RESTORE{67A00C07-4DD2-470F-8E3C-11D4F9304C0A}\RP539\A0088811.DLL C:\SYSTEM VOLUME INFORMATION\_RESTORE{67A00C07-4DD2-470F-8E3C-11D4F9304C0A}\RP539\A0088812.DLL C:\SYSTEM VOLUME INFORMATION\_RESTORE{67A00C07-4DD2-470F-8E3C-11D4F9304C0A}\RP539\A0088813.DLL C:\SYSTEM VOLUME INFORMATION\_RESTORE{67A00C07-4DD2-470F-8E3C-11D4F9304C0A}\RP539\A0088814.DLL C:\SYSTEM VOLUME INFORMATION\_RESTORE{67A00C07-4DD2-470F-8E3C-11D4F9304C0A}\RP539\A0088815.EXE C:\SYSTEM VOLUME INFORMATION\_RESTORE{67A00C07-4DD2-470F-8E3C-11D4F9304C0A}\RP539\A0088817.DLL C:\SYSTEM VOLUME INFORMATION\_RESTORE{67A00C07-4DD2-470F-8E3C-11D4F9304C0A}\RP539\A0088818.EXE C:\SYSTEM VOLUME INFORMATION\_RESTORE{67A00C07-4DD2-470F-8E3C-11D4F9304C0A}\RP539\A0088819.DLL C:\SYSTEM VOLUME INFORMATION\_RESTORE{67A00C07-4DD2-470F-8E3C-11D4F9304C0A}\RP539\A0088820.EXE C:\SYSTEM VOLUME INFORMATION\_RESTORE{67A00C07-4DD2-470F-8E3C-11D4F9304C0A}\RP539\A0088821.DLL C:\SYSTEM VOLUME INFORMATION\_RESTORE{67A00C07-4DD2-470F-8E3C-11D4F9304C0A}\RP539\A0088822.DLL C:\SYSTEM VOLUME INFORMATION\_RESTORE{67A00C07-4DD2-470F-8E3C-11D4F9304C0A}\RP539\A0088823.DLL C:\SYSTEM VOLUME INFORMATION\_RESTORE{67A00C07-4DD2-470F-8E3C-11D4F9304C0A}\RP539\A0088824.DLL Adware.Vundo Variant C:\WINDOWS\CIDAMAPI.DLL vielen dank und gruß, saccharid |
17.09.2010, 07:54 | #7 |
/// Helfer-Team | Avira Antivir meldet BDS\Papras.QN in C:\WINDOWS\cidamapi.dll vlt bringt mehr Erfolg: >>Du sollst das Programm nicht installieren, sondern dein System nur online scannen<< Schließe jetzt alle externe Datenträgeran (USB Sticks etc) Deinen Rechner an, dabei die Hochstell-Taste [Shift-Taste] gedrückt halten, damit die Autorun-Funktion nicht ausgeführt wird. (So verhindest Du die Ausführung der AUTORUN-Funktion) - Man kann die AUTORUN-Funktion aber auch generell abschalten.► [Sicherheit] Autorun Funktion für mehr Sicherheit auf allen Laufwerken deaktivieren /Avira Support Forum Führe dann einen Komplett-Systemcheck mit Nod32 durch - folgendes bitte anhaken > "Remove found threads" und "Scan archives" - die Scanergebnis als *.txt Dateien speichern) - meistens "C:\Programme\Eset\EsetOnlineScanner\log.txt" - (ESET Online Scanner Vor dem Scan Einstellungen im Internet Explorer: - "Extras→ Internetoptionen→ Sicherheit": - alles auf Standardstufe stellen - Active X erlauben |
19.09.2010, 20:39 | #8 |
| Avira Antivir meldet BDS\Papras.QN in C:\WINDOWS\cidamapi.dll Die Meldung von Avira tritt nichtmehr auf. Hier noch das ergebnis von Nod32: Code:
ATTFilter ESETSmartInstaller@High as CAB hook log: OnlineScanner.ocx - registred OK # version=7 # iexplore.exe=6.00.2900.5512 (xpsp.080413-2105) # OnlineScanner.ocx=1.0.0.6211 # api_version=3.0.2 # EOSSerial=e676f41fa18dc942a256a9966d1000af # end=finished # remove_checked=true # archives_checked=true # unwanted_checked=true # unsafe_checked=false # antistealth_checked=true # utc_time=2010-09-19 07:26:32 # local_time=2010-09-19 09:26:32 (+0100, Westeuropäische Sommerzeit) # country="Germany" # lang=1033 # osver=5.1.2600 NT Service Pack 3 # compatibility_mode=512 16777215 100 0 416059 416059 0 0 # compatibility_mode=1797 16775141 100 100 562 60428062 0 0 # compatibility_mode=2560 16777215 100 0 0 0 0 0 # compatibility_mode=8192 67108863 100 0 70 70 0 0 # scanned=167239 # found=2 # cleaned=2 # scan_time=11637 C:\Dokumente und Einstellungen\Ulrike\Desktop\Downloads\No_gba_2.6a.rar probably a variant of Win32/Agent.LMQTMMD trojan (deleted - quarantined) 00000000000000000000000000000000 C C:\Dokumente und Einstellungen\Ulrike\Eigene Dateien\Eigene Dateien\coladosenhalter.exe probably a variant of Win32/Agent.CBMFHTS trojan (cleaned by deleting - quarantined) 00000000000000000000000000000000 C |
22.09.2010, 21:10 | #9 |
/// Helfer-Team | Avira Antivir meldet BDS\Papras.QN in C:\WINDOWS\cidamapi.dll Läuft dein System stabil?Hast du sonst noch Probleme? |
24.09.2010, 14:49 | #10 |
| Avira Antivir meldet BDS\Papras.QN in C:\WINDOWS\cidamapi.dll Ne, sonst klappt nun wieder alles. Also nochmals vielen Dank für die Hilfe. Gefällt mir sehr gut euer Forum hier. Weiter so |
25.09.2010, 06:18 | #11 | |
/// Helfer-Team | Avira Antivir meldet BDS\Papras.QN in C:\WINDOWS\cidamapi.dll - Programme deinstallieren/entfernen, die wir verwendet haben und nicht brauchst, bis auf: Code:
ATTFilter HijackThis/Trend Micro filelist.bat CCleaner - Zum Schluss, führe den folgenden Schritt aus: 1. wenn alles gut verlaufen ist und dein System läuft stabil,mache folgendes: ** Rechten Maustaste auf den "Arbeitsplatz"→ auf "Eigenschaften"→ Registerkarte "Systemwiederherstellung"→ "Systemwiederherstellung deaktivieren"→ auf "OK"→ alles schließen→ Rechner neu starten→die Standardeinstellung wiederherzustellen(SWH wieder"aktivieren") Ändere deine Passworte und Zugangsdaten! - von einem sauberen System aus Lesestoff:
Zitat:
|
Themen zu Avira Antivir meldet BDS\Papras.QN in C:\WINDOWS\cidamapi.dll |
0x00000001, adware.hotbar, akamai, antivir, antivir meldet, antivirus, avgntflt.sys, avira, bds\papras.qn, call of duty, cidamapi.dll, components, desktop, email, error, fehler, firefox, firefox.exe, flash player, format, helper, home, ip-adresse, joke.winshoot, jusched.exe, location, metin2, mozilla, mp3, nicht möglich, oldtimer, otl logfile, otl.exe, pirates, plug-in, realtek, registry, remote control, rogue.winantivirus, rundll, searchplugins, searchscopes, security, sekunden, server, shell32.dll, software, teamspeak, user agent, vlc media player, windows |