| |
| |||||||
Plagegeister aller Art und deren Bekämpfung: Ungewolltes automatisches Herunterfahren in Windows 7Windows 7 Wenn Du nicht sicher bist, ob Du dir Malware oder Trojaner eingefangen hast, erstelle hier ein Thema. Ein Experte wird sich mit weiteren Anweisungen melden und Dir helfen die Malware zu entfernen oder Unerwünschte Software zu deinstallieren bzw. zu löschen. Bitte schildere dein Problem so genau wie möglich. Sollte es ein Trojaner oder Viren Problem sein wird ein Experte Dir bei der Beseitigug der Infektion helfen. |
 |
19.09.2010, 13:17
| #1 |
 |  Ungewolltes automatisches Herunterfahren in Windows 7 Hallo! Ich habe seit einiger Zeit das Problem, dass sich mein Windows mit der Meldung "Windows wird in einer Minute heruntergefahren [...]" neustartet. Das passiert aus meiner Sicht relativ zufällig, jedenfalls nicht reproduzierbar. Das ganze ließ sich zwar nach Recherche durch "shutdown -a" abbrechen, aber es muss ja trotzdem irgendwas faul sein im System. Darum habe ich zunächst mal den Quickscan von Malwarebytes' Anti-Malware laufen lassen, mit folgendem Ergebnis: Code:
ATTFilter Malwarebytes' Anti-Malware 1.46
www.malwarebytes.org
Datenbank Version: 4650
Windows 6.1.7600
Internet Explorer 8.0.7600.16385
19.09.2010 13:24:39
mbam-log-2010-09-19 (13-24-39).txt
Art des Suchlaufs: Quick-Scan
Durchsuchte Objekte: 150058
Laufzeit: 11 Minute(n), 12 Sekunde(n)
Infizierte Speicherprozesse: 0
Infizierte Speichermodule: 0
Infizierte Registrierungsschlüssel: 0
Infizierte Registrierungswerte: 0
Infizierte Dateiobjekte der Registrierung: 0
Infizierte Verzeichnisse: 0
Infizierte Dateien: 1
Infizierte Speicherprozesse:
(Keine bösartigen Objekte gefunden)
Infizierte Speichermodule:
(Keine bösartigen Objekte gefunden)
Infizierte Registrierungsschlüssel:
(Keine bösartigen Objekte gefunden)
Infizierte Registrierungswerte:
(Keine bösartigen Objekte gefunden)
Infizierte Dateiobjekte der Registrierung:
(Keine bösartigen Objekte gefunden)
Infizierte Verzeichnisse:
(Keine bösartigen Objekte gefunden)
Infizierte Dateien:
C:\Users\***\AppData\Roaming\Adobe\Update\flacor.dat (Trojan.Agent) -> Quarantined and deleted successfully.
Es wäre toll, wen jemand von euch da mal drüber schauen könnte und seine Meinung posten könnte, ob das Problem beseitigt ist oder ob ich weitere Schritte unternehmen muss. Bisher trat der Fehler nicht mehr auf, aber mehr als einmal pro Tag habe tut er das auch meistens nicht. Das Ergebnis des Scans sah dann so aus: Erstmal die OTL.txt, OTL Logfile: Code:
ATTFilter OTL logfile created on: 19.09.2010 13:30:20 - Run 2 OTL by OldTimer - Version 3.2.12.1 Folder = C:\Users\***\Desktop An unknown product (Version = 6.1.7600) - Type = NTWorkstation Internet Explorer (Version = 8.0.7600.16385) Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy 2,00 Gb Total Physical Memory | 2,00 Gb Available Physical Memory | 61,00% Memory free 5,00 Gb Paging File | 4,00 Gb Available in Paging File | 78,00% Paging File free Paging file location(s): ?:\pagefile.sys [binary data] %SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files Drive C: | 75,88 Gb Total Space | 15,72 Gb Free Space | 20,71% Space Free | Partition Type: NTFS D: Drive not present or media not loaded Drive E: | 3,42 Gb Total Space | 1,70 Gb Free Space | 49,74% Space Free | Partition Type: NTFS F: Drive not present or media not loaded Drive G: | 465,76 Gb Total Space | 128,85 Gb Free Space | 27,67% Space Free | Partition Type: NTFS H: Drive not present or media not loaded I: Drive not present or media not loaded Computer Name: *** Current User Name: *** Logged in as Administrator. Current Boot Mode: Normal Scan Mode: Current user Company Name Whitelist: Off Skip Microsoft Files: Off File Age = 30 Days Output = Minimal ========== Processes (SafeList) ========== PRC - C:\Users\***\Desktop\OTL.exe (OldTimer Tools) PRC - C:\Programme\Mozilla Firefox\firefox.exe (Mozilla Corporation) PRC - C:\Programme\Logitech\Gaming Software\LWEMon.exe (Logitech Inc.) PRC - C:\Windows\explorer.exe (Microsoft Corporation) PRC - C:\Programme\Analog Devices\Core\smax4pnp.exe (Analog Devices, Inc.) PRC - C:\Programme\Avira\AntiVir Desktop\avguard.exe (Avira GmbH) PRC - C:\Programme\Windows Media Player\wmpnetwk.exe (Microsoft Corporation) PRC - C:\Windows\System32\taskhost.exe (Microsoft Corporation) PRC - C:\Windows\System32\StikyNot.exe (Microsoft Corporation) PRC - C:\Programme\Windows Sidebar\sidebar.exe (Microsoft Corporation) PRC - C:\Windows\System32\sppsvc.exe (Microsoft Corporation) PRC - C:\Programme\Avira\AntiVir Desktop\sched.exe (Avira GmbH) PRC - C:\Programme\Avira\AntiVir Desktop\avgnt.exe (Avira GmbH) PRC - C:\Windows\vsnpstd3.exe () PRC - C:\Programme\SAMSUNG\MagicKBD\MagicKBD.exe (SAMSUNG Electronics Co., Ltd.) ========== Modules (SafeList) ========== MOD - C:\Users\***\Desktop\OTL.exe (OldTimer Tools) MOD - C:\Windows\System32\sspicli.dll (Microsoft Corporation) MOD - C:\Windows\System32\shfolder.dll (Microsoft Corporation) MOD - C:\Windows\System32\sechost.dll (Microsoft Corporation) MOD - C:\Windows\System32\samcli.dll (Microsoft Corporation) MOD - C:\Windows\System32\profapi.dll (Microsoft Corporation) MOD - C:\Windows\System32\netutils.dll (Microsoft Corporation) MOD - C:\Windows\System32\KernelBase.dll (Microsoft Corporation) MOD - C:\Windows\System32\dwmapi.dll (Microsoft Corporation) MOD - C:\Windows\System32\devobj.dll (Microsoft Corporation) MOD - C:\Windows\System32\cryptbase.dll (Microsoft Corporation) MOD - C:\Windows\System32\cfgmgr32.dll (Microsoft Corporation) MOD - C:\Windows\System32\msscript.ocx (Microsoft Corporation) MOD - C:\Windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7600.16385_none_421189da2b7fabfc\comctl32.dll (Microsoft Corporation) MOD - C:\Windows\winsxs\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7600.16385_none_72fc7cbf861225ca\GdiPlus.dll (Microsoft Corporation) ========== Win32 Services (SafeList) ========== SRV - (Akamai) -- c:\Programme\Common Files\Akamai\rswin_3746.dll () SRV - (clr_optimization_v4.0.30319_32) -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe (Microsoft Corporation) SRV - (AntiVirService) -- C:\Program Files\Avira\AntiVir Desktop\avguard.exe (Avira GmbH) SRV - (WwanSvc) -- C:\Windows\System32\wwansvc.dll (Microsoft Corporation) SRV - (WbioSrvc) -- C:\Windows\System32\wbiosrvc.dll (Microsoft Corporation) SRV - (Power) -- C:\Windows\System32\umpo.dll (Microsoft Corporation) SRV - (Themes) -- C:\Windows\System32\themeservice.dll (Microsoft Corporation) SRV - (sppuinotify) -- C:\Windows\System32\sppuinotify.dll (Microsoft Corporation) SRV - (StorSvc) -- C:\Windows\System32\StorSvc.dll (Microsoft Corporation) SRV - (RpcEptMapper) -- C:\Windows\System32\RpcEpMap.dll (Microsoft Corporation) SRV - (SensrSvc) -- C:\Windows\System32\sensrsvc.dll (Microsoft Corporation) SRV - (PeerDistSvc) -- C:\Windows\System32\PeerDistSvc.dll (Microsoft Corporation) SRV - (PNRPsvc) -- C:\Windows\System32\pnrpsvc.dll (Microsoft Corporation) SRV - (p2pimsvc) -- C:\Windows\System32\pnrpsvc.dll (Microsoft Corporation) SRV - (HomeGroupProvider) -- C:\Windows\System32\provsvc.dll (Microsoft Corporation) SRV - (PNRPAutoReg) -- C:\Windows\System32\pnrpauto.dll (Microsoft Corporation) SRV - (WinDefend) -- C:\Programme\Windows Defender\MpSvc.dll (Microsoft Corporation) SRV - (HomeGroupListener) -- C:\Windows\System32\ListSvc.dll (Microsoft Corporation) SRV - (FontCache) -- C:\Windows\System32\FntCache.dll (Microsoft Corporation) SRV - (Dhcp) -- C:\Windows\System32\dhcpcore.dll (Microsoft Corporation) SRV - (defragsvc) -- C:\Windows\System32\defragsvc.dll (Microsoft Corporation) SRV - (BDESVC) -- C:\Windows\System32\bdesvc.dll (Microsoft Corporation) SRV - (AxInstSV) ActiveX-Installer (AxInstSV) -- C:\Windows\System32\AxInstSv.dll (Microsoft Corporation) SRV - (AppIDSvc) -- C:\Windows\System32\appidsvc.dll (Microsoft Corporation) SRV - (sppsvc) -- C:\Windows\System32\sppsvc.exe (Microsoft Corporation) SRV - (AntiVirSchedulerService) -- C:\Program Files\Avira\AntiVir Desktop\sched.exe (Avira GmbH) ========== Driver Services (SafeList) ========== DRV - (zlportio) -- C:\Program Files\UltraStar Deluxe\zlportio.sys File not found DRV - (cusbohcn) -- C:\Users\***\AppData\Local\Temp\cusbohcn.sys File not found DRV - (WmXlCore) -- C:\Windows\System32\drivers\WmXlCore.sys (Logitech Inc.) DRV - (WmVirHid) -- C:\Windows\System32\drivers\WmVirHid.sys (Logitech Inc.) DRV - (WmHidLo) -- C:\Windows\System32\drivers\WmHidLo.sys (Logitech Inc.) DRV - (WmBEnum) -- C:\Windows\System32\drivers\WmBEnum.sys (Logitech Inc.) DRV - (WmFilter) -- C:\Windows\System32\drivers\WmFilter.sys (Logitech Inc.) DRV - (KSecPkg) -- C:\Windows\System32\Drivers\ksecpkg.sys (Microsoft Corporation) DRV - (avgntflt) -- C:\Windows\System32\drivers\avgntflt.sys (Avira GmbH) DRV - (ADIHdAudAddService) -- C:\Windows\System32\drivers\ADIHdAud.sys (Analog Devices, Inc.) DRV - (cmdide) -- C:\Windows\system32\DRIVERS\cmdide.sys (CMD Technology, Inc.) DRV - (adpahci) -- C:\Windows\system32\DRIVERS\adpahci.sys (Adaptec, Inc.) DRV - (adp94xx) -- C:\Windows\system32\DRIVERS\adp94xx.sys (Adaptec, Inc.) DRV - (amdsbs) -- C:\Windows\system32\DRIVERS\amdsbs.sys (AMD Technologies Inc.) DRV - (adpu320) -- C:\Windows\system32\DRIVERS\adpu320.sys (Adaptec, Inc.) DRV - (arcsas) -- C:\Windows\system32\DRIVERS\arcsas.sys (Adaptec, Inc.) DRV - (amdsata) -- C:\Windows\system32\DRIVERS\amdsata.sys (Advanced Micro Devices) DRV - (arc) -- C:\Windows\system32\DRIVERS\arc.sys (Adaptec, Inc.) DRV - (amdxata) -- C:\Windows\system32\DRIVERS\amdxata.sys (Advanced Micro Devices) DRV - (aliide) -- C:\Windows\system32\DRIVERS\aliide.sys (Acer Laboratories Inc.) DRV - (nvstor) -- C:\Windows\system32\DRIVERS\nvstor.sys (NVIDIA Corporation) DRV - (nvraid) -- C:\Windows\system32\DRIVERS\nvraid.sys (NVIDIA Corporation) DRV - (nfrd960) -- C:\Windows\system32\DRIVERS\nfrd960.sys (IBM Corporation) DRV - (LSI_SAS) -- C:\Windows\system32\DRIVERS\lsi_sas.sys (LSI Corporation) DRV - (iaStorV) -- C:\Windows\system32\DRIVERS\iaStorV.sys (Intel Corporation) DRV - (MegaSR) -- C:\Windows\system32\DRIVERS\MegaSR.sys (LSI Corporation, Inc.) DRV - (LSI_SCSI) -- C:\Windows\system32\DRIVERS\lsi_scsi.sys (LSI Corporation) DRV - (LSI_FC) -- C:\Windows\system32\DRIVERS\lsi_fc.sys (LSI Corporation) DRV - (LSI_SAS2) -- C:\Windows\system32\DRIVERS\lsi_sas2.sys (LSI Corporation) DRV - (iirsp) -- C:\Windows\system32\DRIVERS\iirsp.sys (Intel Corp./ICP vortex GmbH) DRV - (megasas) -- C:\Windows\system32\DRIVERS\megasas.sys (LSI Corporation) DRV - (hwpolicy) -- C:\Windows\System32\drivers\hwpolicy.sys (Microsoft Corporation) DRV - (elxstor) -- C:\Windows\system32\DRIVERS\elxstor.sys (Emulex) DRV - (aic78xx) -- C:\Windows\system32\DRIVERS\djsvs.sys (Adaptec, Inc.) DRV - (HpSAMD) -- C:\Windows\system32\DRIVERS\HpSAMD.sys (Hewlett-Packard Company) DRV - (FsDepends) -- C:\Windows\System32\drivers\fsdepends.sys (Microsoft Corporation) DRV - (vsmraid) -- C:\Windows\system32\DRIVERS\vsmraid.sys (VIA Technologies Inc.,Ltd) DRV - (vmbus) -- C:\Windows\system32\DRIVERS\vmbus.sys (Microsoft Corporation) DRV - (vhdmp) -- C:\Windows\system32\DRIVERS\vhdmp.sys (Microsoft Corporation) DRV - (storflt) -- C:\Windows\system32\DRIVERS\vmstorfl.sys (Microsoft Corporation) DRV - (vdrvroot) -- C:\Windows\system32\DRIVERS\vdrvroot.sys (Microsoft Corporation) DRV - (storvsc) -- C:\Windows\system32\DRIVERS\storvsc.sys (Microsoft Corporation) DRV - (WIMMount) -- C:\Windows\System32\drivers\wimmount.sys (Microsoft Corporation) DRV - (viaide) -- C:\Windows\system32\DRIVERS\viaide.sys (VIA Technologies, Inc.) DRV - (ql2300) -- C:\Windows\system32\DRIVERS\ql2300.sys (QLogic Corporation) DRV - (rdyboost) -- C:\Windows\System32\drivers\rdyboost.sys (Microsoft Corporation) DRV - (ql40xx) -- C:\Windows\system32\DRIVERS\ql40xx.sys (QLogic Corporation) DRV - (SiSRaid4) -- C:\Windows\system32\DRIVERS\sisraid4.sys (Silicon Integrated Systems) DRV - (pcw) -- C:\Windows\System32\drivers\pcw.sys (Microsoft Corporation) DRV - (SiSRaid2) -- C:\Windows\system32\DRIVERS\SiSRaid2.sys (Silicon Integrated Systems Corp.) DRV - (stexstor) -- C:\Windows\system32\DRIVERS\stexstor.sys (Promise Technology) DRV - (CNG) -- C:\Windows\System32\Drivers\cng.sys (Microsoft Corporation) DRV - (Brserid) Brother MFC Serial Port Interface Driver (WDM) -- C:\Windows\System32\Drivers\Brserid.sys (Brother Industries Ltd.) DRV - (rdpbus) -- C:\Windows\System32\drivers\rdpbus.sys (Microsoft Corporation) DRV - (RDPREFMP) -- C:\Windows\System32\drivers\RDPREFMP.sys (Microsoft Corporation) DRV - (RasAgileVpn) WAN Miniport (IKEv2) -- C:\Windows\System32\drivers\agilevpn.sys (Microsoft Corporation) DRV - (WfpLwf) -- C:\Windows\System32\drivers\wfplwf.sys (Microsoft Corporation) DRV - (NdisCap) -- C:\Windows\System32\drivers\ndiscap.sys (Microsoft Corporation) DRV - (vwifibus) -- C:\Windows\System32\drivers\vwifibus.sys (Microsoft Corporation) DRV - (1394ohci) -- C:\Windows\System32\drivers\1394ohci.sys (Microsoft Corporation) DRV - (UmPass) -- C:\Windows\system32\DRIVERS\umpass.sys (Microsoft Corporation) DRV - (usbaudio) USB-Audiotreiber (WDM) -- C:\Windows\System32\drivers\USBAUDIO.sys (Microsoft Corporation) DRV - (WinUsb) -- C:\Windows\System32\drivers\winusb.sys (Microsoft Corporation) DRV - (mshidkmdf) -- C:\Windows\System32\drivers\mshidkmdf.sys (Microsoft Corporation) DRV - (MTConfig) -- C:\Windows\system32\DRIVERS\MTConfig.sys (Microsoft Corporation) DRV - (CompositeBus) -- C:\Windows\System32\drivers\CompositeBus.sys (Microsoft Corporation) DRV - (AppID) -- C:\Windows\system32\drivers\appid.sys (Microsoft Corporation) DRV - (scfilter) -- C:\Windows\System32\drivers\scfilter.sys (Microsoft Corporation) DRV - (s3cap) -- C:\Windows\system32\DRIVERS\vms3cap.sys (Microsoft Corporation) DRV - (VMBusHID) -- C:\Windows\system32\DRIVERS\VMBusHID.sys (Microsoft Corporation) DRV - (discache) -- C:\Windows\System32\drivers\discache.sys (Microsoft Corporation) DRV - (HidBatt) -- C:\Windows\system32\DRIVERS\HidBatt.sys (Microsoft Corporation) DRV - (AcpiPmi) -- C:\Windows\system32\DRIVERS\acpipmi.sys (Microsoft Corporation) DRV - (AmdPPM) -- C:\Windows\system32\DRIVERS\amdppm.sys (Microsoft Corporation) DRV - (hcw85cir) -- C:\Windows\system32\drivers\hcw85cir.sys (Hauppauge Computer Works, Inc.) DRV - (BrUsbMdm) -- C:\Windows\System32\Drivers\BrUsbMdm.sys (Brother Industries Ltd.) DRV - (BrUsbSer) -- C:\Windows\System32\Drivers\BrUsbSer.sys (Brother Industries Ltd.) DRV - (BrSerWdm) -- C:\Windows\System32\Drivers\BrSerWdm.sys (Brother Industries Ltd.) DRV - (BrFiltLo) -- C:\Windows\system32\DRIVERS\BrFiltLo.sys (Brother Industries, Ltd.) DRV - (BrFiltUp) -- C:\Windows\system32\DRIVERS\BrFiltUp.sys (Brother Industries, Ltd.) DRV - (AgereSoftModem) -- C:\Windows\System32\drivers\AGRSM.sys (LSI Corp) DRV - (netw5v32) Intel(R) -- C:\Windows\System32\drivers\netw5v32.sys (Intel Corporation) DRV - (b57nd60x) -- C:\Windows\System32\drivers\b57nd60x.sys (Broadcom Corporation) DRV - (bcm4sbxp) -- C:\Windows\System32\drivers\bcm4sbxp.sys (Broadcom Corporation) DRV - (ebdrv) -- C:\Windows\system32\DRIVERS\evbdx.sys (Broadcom Corporation) DRV - (b06bdrv) -- C:\Windows\system32\DRIVERS\bxvbdx.sys (Broadcom Corporation) DRV - (ssmdrv) -- C:\Windows\System32\drivers\ssmdrv.sys (Avira GmbH) DRV - (avipbb) -- C:\Windows\System32\drivers\avipbb.sys (Avira GmbH) DRV - (avgio) -- C:\Programme\Avira\AntiVir Desktop\avgio.sys (Avira GmbH) DRV - (sfdrv01) StarForce Protection Environment Driver (version 1.x) -- C:\Windows\System32\drivers\sfdrv01.sys (Protection Technology (StarForce)) DRV - (nvlddmkm) -- C:\Windows\System32\drivers\nvlddmkm.sys (NVIDIA Corporation) DRV - (LUsbFilt) -- C:\Windows\System32\drivers\LUsbFilt.sys (Logitech, Inc.) DRV - (sscdmdm) -- C:\Windows\System32\drivers\sscdmdm.sys (MCCI Corporation) DRV - (sscdmdfl) -- C:\Windows\System32\drivers\sscdmdfl.sys (MCCI Corporation) DRV - (sscdbus) SAMSUNG USB Composite Device driver (WDM) -- C:\Windows\System32\drivers\sscdbus.sys (MCCI Corporation) DRV - (SNPSTD3) USB PC Camera (SNPSTD3) -- C:\Windows\System32\drivers\snpstd3.sys (Sonix Co. Ltd.) DRV - (emAudio) -- C:\Windows\System32\drivers\emAudio.sys (Pinnacle Systems GmbH) DRV - (rismxdp) -- C:\Windows\System32\drivers\rixdptsk.sys (REDC) DRV - (StarOpen) -- C:\Windows\System32\drivers\StarOpen.sys () DRV - (sfhlp02) StarForce Protection Helper Driver (version 2.x) -- C:\Windows\System32\drivers\sfhlp02.sys (Protection Technology (StarForce)) DRV - (rimsptsk) -- C:\Windows\System32\drivers\rimsptsk.sys (REDC) DRV - (DCamUSBEMPIA) -- C:\Windows\System32\drivers\emDevice.sys (eMPIA Technology, Inc.) DRV - (FiltUSBEMPIA) -- C:\Windows\System32\drivers\emFilter.sys (eMPIA Technology, Inc.) DRV - (ScanUSBEMPIA) -- C:\Windows\System32\drivers\emScan.sys (eMPIA Technology, Inc.) DRV - (rimmptsk) -- C:\Windows\System32\drivers\rimmptsk.sys (REDC) DRV - (MarvinBus) -- C:\Windows\System32\drivers\MarvinBus.sys (Pinnacle Systems GmbH) DRV - (RTCore32) -- C:\Programme\rmclock_235_bin\RTCore32.sys () DRV - (DOSMEMIO) -- C:\Windows\System32\MEMIO.SYS () ========== Standard Registry (SafeList) ========== ========== Internet Explorer ========== IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = hxxp://de.msn.com/?ocid=iehp IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = de IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = EE 7C CB 64 7E 46 CB 01 [binary data] IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyServer" = localhost:8080 FF - HKLM\software\mozilla\Mozilla Firefox 3.6.10\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2010.09.17 11:22:50 | 000,000,000 | ---D | M] FF - HKLM\software\mozilla\Mozilla Firefox 3.6.10\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2010.09.19 13:01:45 | 000,000,000 | ---D | M] FF - HKLM\software\mozilla\Mozilla Thunderbird 3.1.4\extensions\\Components: C:\Program Files\Mozilla Thunderbird\components [2010.09.18 22:28:14 | 000,000,000 | ---D | M] FF - HKLM\software\mozilla\Mozilla Thunderbird 3.1.4\extensions\\Plugins: C:\Program Files\Mozilla Thunderbird\plugins [2010.09.19 13:01:45 | 000,000,000 | ---D | M] [2010.08.22 16:35:00 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\mozilla\Extensions [2010.08.22 16:35:00 | 000,000,000 | ---D | M] (No name found) -- C:\Users\***\AppData\Roaming\mozilla\Extensions\{3550f703-e582-4d05-9a08-453d09bdfdc6} [2010.09.19 13:29:20 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\mozilla\Firefox\Profiles\htu48s4n.test\extensions [2010.08.12 23:10:55 | 000,000,000 | ---D | M] (Speed Dial) -- C:\Users\***\AppData\Roaming\mozilla\Firefox\Profiles\htu48s4n.test\extensions\{64161300-e22b-11db-8314-0800200c9a66} [2009.10.01 11:42:46 | 000,000,000 | ---D | M] (BugMeNot) -- C:\Users\***\AppData\Roaming\mozilla\Firefox\Profiles\htu48s4n.test\extensions\{987311C6-B504-4aa2-90BF-60CC49808D42} [2009.11.21 11:53:41 | 000,000,000 | ---D | M] (No name found) -- C:\Users\***\AppData\Roaming\mozilla\Firefox\Profiles\htu48s4n.test\extensions\{b9db16a4-6edc-47ec-a1f4-b86292ed211d} [2010.08.18 11:33:35 | 000,000,000 | ---D | M] (Adblock Plus) -- C:\Users\***\AppData\Roaming\mozilla\Firefox\Profiles\htu48s4n.test\extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d} [2010.09.17 11:23:55 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\mozilla\Firefox\Profiles\htu48s4n.test\extensions\autopager@mozilla.org [2010.09.17 11:23:59 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\mozilla\Firefox\Profiles\htu48s4n.test\extensions\firefox@red-cog.com [2009.11.18 13:35:24 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\mozilla\Firefox\Profiles\htu48s4n.test\extensions\firefox@tvunetworks.com [2010.09.03 11:33:40 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\mozilla\Firefox\Profiles\htu48s4n.test\extensions\foxyproxy@eric.h.jung [2010.06.19 01:09:43 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\mozilla\Firefox\Profiles\htu48s4n.test\extensions\piclens@cooliris.com [2010.09.19 12:56:04 | 000,000,000 | ---D | M] -- C:\Programme\Mozilla Firefox\extensions [2010.08.12 19:26:56 | 000,001,392 | ---- | M] () -- C:\Programme\Mozilla Firefox\searchplugins\amazondotcom-de.xml [2010.08.12 19:26:56 | 000,002,344 | ---- | M] () -- C:\Programme\Mozilla Firefox\searchplugins\eBay-de.xml [2010.08.12 19:26:56 | 000,006,805 | ---- | M] () -- C:\Programme\Mozilla Firefox\searchplugins\leo_ende_de.xml [2010.08.12 19:26:56 | 000,001,178 | ---- | M] () -- C:\Programme\Mozilla Firefox\searchplugins\wikipedia-de.xml [2010.08.12 19:26:56 | 000,001,105 | ---- | M] () -- C:\Programme\Mozilla Firefox\searchplugins\yahoo-de.xml O1 HOSTS File: ([2009.06.10 23:39:37 | 000,000,824 | ---- | M]) - C:\Windows\System32\drivers\etc\hosts O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - No CLSID value found. O2 - BHO: (Windows Live Anmelde-Hilfsprogramm) - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Programme\Common Files\microsoft shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corporation) O4 - HKLM..\Run: [avgnt] C:\Program Files\Avira\AntiVir Desktop\avgnt.exe (Avira GmbH) O4 - HKLM..\Run: [MagicKeyboard] C:\Programme\SAMSUNG\MagicKBD\PreMKbd.exe () O4 - HKLM..\Run: [NvCplDaemon] C:\Windows\System32\NvCpl.DLL (NVIDIA Corporation) O4 - HKLM..\Run: [NvMediaCenter] C:\Windows\System32\NvMcTray.DLL (NVIDIA Corporation) O4 - HKLM..\Run: [snpstd3] C:\Windows\vsnpstd3.exe () O4 - HKLM..\Run: [SoundMAXPnP] C:\Programme\Analog Devices\Core\smax4pnp.exe (Analog Devices, Inc.) O4 - HKLM..\Run: [Start WingMan Profiler] C:\Program Files\Logitech\Gaming Software\LWEMon.exe (Logitech Inc.) O4 - HKLM..\Run: [USB2Check] C:\Windows\System32\PCLECoInst.DLL (Pinnacle Systems) O4 - HKCU..\Run: [Getdo] File not found O4 - HKCU..\Run: [Power2GoExpress] File not found O4 - HKCU..\Run: [RESTART_STICKY_NOTES] C:\Windows\System32\StikyNot.exe (Microsoft Corporation) O4 - HKCU..\Run: [Winicm] C:\Users\***\AppData\Roaming\Adobe\Update\widbe.exe () O4 - Startup: C:\Users\***\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\RMClock.lnk = C:\Programme\rmclock_235_bin\RMClockLauncher.exe (NGO Science Center "RightMark") O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 0 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableLUA = 0 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: PromptOnSecureDesktop = 0 O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145 O13 - gopher Prefix: missing O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.123.254 O18 - Protocol\Handler\livecall {828030A1-22C1-4009-854F-8E305202313F} - C:\Programme\Windows Live\Messenger\msgrapp.14.0.8089.0726.dll (Microsoft Corporation) O18 - Protocol\Handler\msnim {828030A1-22C1-4009-854F-8E305202313F} - C:\Programme\Windows Live\Messenger\msgrapp.14.0.8089.0726.dll (Microsoft Corporation) O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Programme\Common Files\Skype\Skype4COM.dll (Skype Technologies) O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation) O20 - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\Windows\System32\SystemPropertiesPerformance.exe (Microsoft Corporation) O20 - HKLM Winlogon: VMApplet - (/pagefile) - File not found O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - CLSID or File not found. O30 - LSA: Security Packages - (pku2u) - C:\Windows\System32\pku2u.dll (Microsoft Corporation) O32 - HKLM CDRom: AutoRun - 1 O32 - AutoRun File - [2009.06.10 23:42:20 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ] O33 - MountPoints2\{5a437182-7b7a-11df-935c-932c83daad53}\Shell - "" = AutoRun O33 - MountPoints2\{5a437182-7b7a-11df-935c-932c83daad53}\Shell\AutoRun\command - "" = F:\WD SmartWare.exe -- File not found O34 - HKLM BootExecute: (autocheck autochk *) - File not found O35 - HKLM\..comfile [open] -- "%1" %* O35 - HKLM\..exefile [open] -- "%1" %* O37 - HKLM\...com [@ = comfile] -- "%1" %* O37 - HKLM\...exe [@ = exefile] -- "%1" %* ========== Files/Folders - Created Within 30 Days ========== [2010.09.19 13:12:06 | 000,000,000 | ---D | C] -- C:\Users\***\AppData\Roaming\Malwarebytes [2010.09.19 13:11:52 | 000,038,224 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbamswissarmy.sys [2010.09.19 13:11:49 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes [2010.09.19 13:11:48 | 000,020,952 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbam.sys [2010.09.19 13:11:48 | 000,000,000 | ---D | C] -- C:\Programme\Malwarebytes' Anti-Malware [2010.09.19 13:09:00 | 006,153,648 | ---- | C] (Malwarebytes Corporation ) -- C:\Users\***\Desktop\mbam-setup.exe [2010.09.19 13:02:09 | 000,575,488 | ---- | C] (OldTimer Tools) -- C:\Users\***\Desktop\OTL.exe [2010.09.19 12:59:22 | 000,000,000 | -HSD | C] -- C:\Config.Msi [2010.09.15 09:22:26 | 000,000,000 | ---D | C] -- C:\Users\***\Desktop\LocaleMetaData [2010.09.14 09:22:59 | 000,000,000 | ---D | C] -- C:\Programme\Microsoft.NET [2010.09.12 23:33:23 | 000,000,000 | ---D | C] -- C:\Programme\Veetle [2010.09.11 17:58:52 | 000,000,000 | ---D | C] -- C:\Users\***\Desktop\Reeperbahn Festival [2007.03.12 11:41:52 | 000,061,440 | ---- | C] ( ) -- C:\Windows\System32\vsnpstd3.dll [2005.11.23 12:55:32 | 000,053,248 | ---- | C] ( ) -- C:\Windows\System32\csnpstd3.dll ========== Files - Modified Within 30 Days ========== [2010.09.19 13:30:08 | 000,013,248 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0 [2010.09.19 13:30:08 | 000,013,248 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0 [2010.09.19 13:27:56 | 000,000,006 | -H-- | M] () -- C:\Windows\tasks\SA.DAT [2010.09.19 13:27:40 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat [2010.09.19 13:27:31 | 2011,832,320 | -HS- | M] () -- C:\hiberfil.sys [2010.09.19 13:26:47 | 005,505,024 | -HS- | M] () -- C:\Users\***\NTUSER.DAT [2010.09.19 13:26:08 | 006,291,456 | -H-- | M] () -- C:\Users\***\AppData\Local\IconCache.db [2010.09.19 13:26:02 | 000,000,860 | ---- | M] () -- C:\Users\***\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\RMClock.lnk [2010.09.19 13:11:56 | 000,000,989 | ---- | M] () -- C:\Users\Public\Desktop\Malwarebytes' Anti-Malware.lnk [2010.09.19 13:09:34 | 006,153,648 | ---- | M] (Malwarebytes Corporation ) -- C:\Users\***\Desktop\mbam-setup.exe [2010.09.19 13:02:22 | 000,575,488 | ---- | M] (OldTimer Tools) -- C:\Users\***\Desktop\OTL.exe [2010.09.17 20:05:11 | 001,498,506 | ---- | M] () -- C:\Windows\System32\PerfStringBackup.INI [2010.09.17 20:05:11 | 000,654,166 | ---- | M] () -- C:\Windows\System32\perfh007.dat [2010.09.17 20:05:11 | 000,616,008 | ---- | M] () -- C:\Windows\System32\perfh009.dat [2010.09.17 20:05:11 | 000,130,006 | ---- | M] () -- C:\Windows\System32\perfc007.dat [2010.09.17 20:05:11 | 000,106,388 | ---- | M] () -- C:\Windows\System32\perfc009.dat [2010.09.16 16:37:38 | 000,002,728 | ---- | M] () -- C:\Users\***\Documents\thw-brief.tex [2010.09.16 16:15:46 | 000,002,728 | ---- | M] () -- C:\Users\***\Documents\brief.tex [2010.09.16 15:53:45 | 002,280,051 | ---- | M] () -- C:\Users\***\Desktop\miranda-im-v0.9.3-unicode.exe [2010.09.15 09:22:25 | 000,069,632 | ---- | M] () -- C:\Users\***\Desktop\windows herunterfahren.evtx [2010.09.14 23:05:02 | 000,012,072 | ---- | M] () -- C:\Users\***\Documents\thw-dienste.ods [2010.09.06 13:11:53 | 000,000,918 | ---- | M] () -- C:\Windows\cpvas.INI [2010.08.21 12:44:28 | 000,011,409 | ---- | M] () -- C:\Users\***\.recently-used.xbel [2010.08.21 12:44:28 | 000,004,504 | ---- | M] () -- C:\Users\***\Desktop\neu.jpg ========== Files Created - No Company Name ========== [2010.09.19 13:11:56 | 000,000,989 | ---- | C] () -- C:\Users\Public\Desktop\Malwarebytes' Anti-Malware.lnk [2010.09.16 16:37:38 | 000,002,728 | ---- | C] () -- C:\Users\***\Documents\thw-brief.tex [2010.09.16 15:53:33 | 002,280,051 | ---- | C] () -- C:\Users\***\Desktop\miranda-im-v0.9.3-unicode.exe [2010.09.15 09:22:16 | 000,069,632 | ---- | C] () -- C:\Users\***\Desktop\windows herunterfahren.evtx [2010.08.21 12:44:28 | 000,011,409 | ---- | C] () -- C:\Users\***\.recently-used.xbel [2010.08.21 12:44:28 | 000,004,504 | ---- | C] () -- C:\Users\***\Desktop\neu.jpg [2010.05.15 16:04:38 | 000,000,043 | ---- | C] () -- C:\Windows\gswin32.ini [2010.03.14 15:18:13 | 000,000,918 | ---- | C] () -- C:\Windows\cpvas.INI [2010.02.26 18:40:52 | 000,000,000 | ---- | C] () -- C:\ProgramData\LauncherAccess.dt [2010.02.26 18:33:19 | 000,005,632 | ---- | C] () -- C:\Windows\System32\drivers\StarOpen.sys [2010.01.23 15:44:07 | 000,000,027 | ---- | C] () -- C:\Windows\entpack.ini [2010.01.06 10:31:51 | 000,001,520 | ---- | C] () -- C:\Windows\System32\MagicKBD.INI [2010.01.06 10:31:49 | 000,004,300 | ---- | C] () -- C:\Windows\System32\MEMIO.SYS [2010.01.06 10:31:48 | 000,003,425 | ---- | C] () -- C:\Windows\System32\KBDR.INI [2010.01.06 10:31:48 | 000,002,741 | ---- | C] () -- C:\Windows\System32\KBDD.INI [2010.01.06 10:31:48 | 000,002,699 | ---- | C] () -- C:\Windows\System32\KBDO.INI [2010.01.06 10:31:48 | 000,002,699 | ---- | C] () -- C:\Windows\System32\KBDC.INI [2010.01.06 10:31:48 | 000,002,606 | ---- | C] () -- C:\Windows\System32\KBDB.INI [2010.01.06 10:31:48 | 000,002,236 | ---- | C] () -- C:\Windows\System32\KBDQ.INI [2010.01.06 10:31:48 | 000,001,956 | ---- | C] () -- C:\Windows\System32\KBDE.INI [2010.01.06 10:31:48 | 000,001,885 | ---- | C] () -- C:\Windows\System32\KBDP.INI [2010.01.06 10:31:48 | 000,001,835 | ---- | C] () -- C:\Windows\System32\KBDG.INI [2010.01.06 10:31:48 | 000,001,835 | ---- | C] () -- C:\Windows\System32\KBDA.INI [2010.01.06 10:31:48 | 000,001,834 | ---- | C] () -- C:\Windows\System32\KBDU.INI [2010.01.06 10:31:48 | 000,001,819 | ---- | C] () -- C:\Windows\System32\KBDN.INI [2010.01.06 10:31:48 | 000,001,699 | ---- | C] () -- C:\Windows\System32\KBDT.INI [2010.01.06 10:31:48 | 000,001,697 | ---- | C] () -- C:\Windows\System32\KBDV.INI [2010.01.06 10:31:48 | 000,001,522 | ---- | C] () -- C:\Windows\System32\KBDS.INI [2010.01.06 10:31:48 | 000,001,476 | ---- | C] () -- C:\Windows\System32\KBDF.INI [2009.12.21 18:02:41 | 000,012,607 | ---- | C] () -- C:\Windows\cdplayer.ini [2009.11.07 21:15:31 | 000,007,615 | ---- | C] () -- C:\Users\***\AppData\Local\Resmon.ResmonCfg [2009.10.14 17:57:38 | 000,000,600 | ---- | C] () -- C:\Users\***\AppData\Local\PUTTY.RND [2009.10.10 13:12:14 | 000,116,224 | ---- | C] () -- C:\Windows\System32\redmonnt.dll [2009.09.30 18:31:01 | 000,009,216 | ---- | C] () -- C:\Users\***\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini [2009.07.14 01:51:43 | 000,073,728 | ---- | C] () -- C:\Windows\System32\BthpanContextHandler.dll [2009.07.14 01:42:10 | 000,064,000 | ---- | C] () -- C:\Windows\System32\BWContextHandler.dll [2008.10.07 10:13:30 | 000,197,912 | ---- | C] () -- C:\Windows\System32\physxcudart_20.dll [2008.10.07 10:13:22 | 000,058,648 | ---- | C] () -- C:\Windows\System32\AgCPanelTraditionalChinese.dll [2008.10.07 10:13:20 | 000,058,648 | ---- | C] () -- C:\Windows\System32\AgCPanelSwedish.dll [2008.10.07 10:13:20 | 000,058,648 | ---- | C] () -- C:\Windows\System32\AgCPanelSpanish.dll [2008.10.07 10:13:20 | 000,058,648 | ---- | C] () -- C:\Windows\System32\AgCPanelSimplifiedChinese.dll [2008.10.07 10:13:20 | 000,058,648 | ---- | C] () -- C:\Windows\System32\AgCPanelPortugese.dll [2008.10.07 10:13:20 | 000,058,648 | ---- | C] () -- C:\Windows\System32\AgCPanelKorean.dll [2008.10.07 10:13:20 | 000,058,648 | ---- | C] () -- C:\Windows\System32\AgCPanelJapanese.dll [2008.10.07 10:13:20 | 000,058,648 | ---- | C] () -- C:\Windows\System32\AgCPanelGerman.dll [2008.10.07 10:13:20 | 000,058,648 | ---- | C] () -- C:\Windows\System32\AgCPanelFrench.dll [2005.05.06 19:06:00 | 000,016,480 | ---- | C] () -- C:\Windows\System32\rixdicon.dll [2004.02.27 16:36:18 | 000,015,498 | ---- | C] () -- C:\Windows\snpstd3.ini [2004.01.26 17:15:29 | 000,233,472 | R--- | C] () -- C:\Users\***\AppData\Roaming\MafiaSetup.exe ========== LOP Check ========== [2010.03.14 19:50:48 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\Cuttermaran [2009.12.31 16:23:16 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\DeepBurner [2009.10.30 17:55:21 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\fretsonfire [2010.08.21 12:44:28 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\gtk-2.0 [2010.08.27 17:59:29 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\Miranda [2010.01.10 17:47:04 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\NASA [2009.10.05 14:04:28 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\OpenOffice.org [2009.11.21 00:03:35 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\Opera [2010.05.14 10:55:16 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\ParaView [2010.02.26 17:03:13 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\PC Suite [2010.06.26 11:59:00 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\performous [2010.03.01 16:35:10 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\PhoneRemoteControl [2010.02.26 17:05:07 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\Samsung [2009.09.30 16:08:34 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\StreamTorrent [2010.08.22 16:34:58 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\Thunderbird [2010.04.22 17:44:00 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\Xilisoft [2010.06.25 23:07:03 | 000,032,640 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT ========== Purity Check ========== < End of report > und auch noch die Extras.txt: OTL Logfile: Code:
ATTFilter OTL Extras logfile created on: 19.09.2010 13:30:20 - Run 2
OTL by OldTimer - Version 3.2.12.1 Folder = C:\Users\***\Desktop
An unknown product (Version = 6.1.7600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.7600.16385)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
2,00 Gb Total Physical Memory | 2,00 Gb Available Physical Memory | 61,00% Memory free
5,00 Gb Paging File | 4,00 Gb Available in Paging File | 78,00% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 75,88 Gb Total Space | 15,72 Gb Free Space | 20,71% Space Free | Partition Type: NTFS
D: Drive not present or media not loaded
Drive E: | 3,42 Gb Total Space | 1,70 Gb Free Space | 49,74% Space Free | Partition Type: NTFS
F: Drive not present or media not loaded
Drive G: | 465,76 Gb Total Space | 128,85 Gb Free Space | 27,67% Space Free | Partition Type: NTFS
H: Drive not present or media not loaded
I: Drive not present or media not loaded
Computer Name: ***
Current User Name: ***
Logged in as Administrator.
Current Boot Mode: Normal
Scan Mode: Current user
Company Name Whitelist: Off
Skip Microsoft Files: Off
File Age = 30 Days
Output = Minimal
========== Extra Registry (SafeList) ==========
========== File Associations ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- C:\Windows\System32\control.exe (Microsoft Corporation)
.hlp [@ = hlpfile] -- C:\Windows\winhlp32.exe (Microsoft Corporation)
[HKEY_CURRENT_USER\SOFTWARE\Classes\<extension>]
.html [@ = FirefoxHTML] -- C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation)
========== Shell Spawning ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
hlpfile [open] -- %SystemRoot%\winhlp32.exe %1 (Microsoft Corporation)
htmlfile [edit] -- Reg Error: Key error.
htmlfile [print] -- rundll32.exe %windir%\system32\mshtml.dll,PrintHTML "%1"
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l (Microsoft Corporation)
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
========== Security Center Settings ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"VistaSp1" = Reg Error: Unknown registry data type -- File not found
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]
========== Firewall Settings ==========
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
========== Authorized Applications List ==========
========== HKEY_LOCAL_MACHINE Uninstall List ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{002D9D5E-29BA-3E6D-9BC4-3D7D6DBC735C}" = Microsoft Visual C++ 2008 ATL Update kb973924 - x86 9.0.30729.4148
"{09801D34-8DE8-406A-BFD7-747AF74F5E6E}" = WhiteBoardMeeting
"{13F3917B56CD4C25848BDC69916971BB}" = DivX Converter
"{18D10072035C4515918F7E37EAFAACFC}" = AutoUpdate
"{18E65799-76BD-46EF-9E53-972FE5A40736}" = Opera 10.62
"{1ADE23D7-7A1E-4AEC-BA5D-EB8A01BED943}" = DeepBurner v1.8.0.224
"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
"{205C6BDD-7B73-42DE-8505-9A093F35A238}" = Windows Live-Uploadtool
"{22B775E7-6C42-4FC5-8E10-9A5E3257BD94}" = MSVCRT
"{26A24AE4-039D-4CA4-87B4-2F83216015FF}" = Java(TM) 6 Update 15
"{2BA722D1-48D1-406E-9123-8AE5431D63EF}" = Windows Live Fotogalerie
"{3248F0A8-6813-11D6-A77B-00B0D0160070}" = Java(TM) 6 Update 7
"{3C3901C5-3455-3E0A-A214-0B093A5070A6}" = Microsoft .NET Framework 4 Client Profile
"{3EFEF049-23D4-4B46-8903-4592FEA51018}" = Windows Live Movie Maker
"{3FC7CBBC4C1E11DCA1A752EA55D89593}" = DivX Version Checker
"{40BF1E83-20EB-11D8-97C5-0009C5020658}" = Power2Go 4.0
"{41E654A9-26D0-4EAC-854B-0FA824FFFABB}" = Windows Live Messenger
"{4EDD761B-5253-4CD1-A309-9DFEE960E344}" = Logitech Gaming Software 5.09
"{52B97218-98CB-4B8B-9283-D213C85E1AA4}" = Windows Live Anmelde-Assistent
"{541DEAC0-5F3D-45E6-B7CB-94ECF3B96748}" = Skype web features
"{5EE7D259-D137-4438-9A5F-42F432EC0421}" = VC80CRTRedist - 8.0.50727.4053
"{5F499D33-546A-442B-B0F9-4C58F3B5B6E3}" = Cuttermaran 1.70
"{5FC68772-6D56-41C6-9DF1-24E868198AE6}" = Windows Live Call
"{6811CAA0-BF12-11D4-9EA1-0050BAE317E1}" = PowerDVD
"{69FDFBB6-351D-4B8C-89D8-867DC9D0A2A4}" = Windows Media Player Firefox Plugin
"{76618402-179D-4699-A66B-D351C59436BC}" = Windows Live Sync
"{770657D0-A123-3C07-8E44-1C83EC895118}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
"{7B63B2922B174135AFC0E1377DD81EC2}" = DivX Codec
"{7B9CC60A-9B81-46A3-A953-76B6BF9EEC97}" = Age of Empires III
"{7EC19307-7C22-47A8-922B-3FA965291260}" = OpenOffice.org 3.0
"{837b34e3-7c30-493c-8f6a-2b0f04e2912c}" = Microsoft Visual C++ 2005 Redistributable
"{888F1505-C2B3-4FDE-835D-36353EBD4754}" = Ubisoft Game Launcher
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{8AAB4176-A747-493A-A42C-B63CFADFD8E3}" = NVIDIA PhysX
"{8ADFC4160D694100B5B8A22DE9DCABD9}" = DivX Player
"{8D273DE5-ABFA-4BD0-A9D7-EE9C971438C4}_is1" = PDF-Viewer
"{95120000-00B9-0409-0000-0000000FF1CE}" = Microsoft Application Error Reporting
"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
"{A96E97134CA649888820BCDE5E300BBD}" = H.264 Decoder
"{A99968BE-C155-474C-0089-33239DEE1CE2}" = Need For Speed Underground
"{AAC389499AEF40428987B3D30CFC76C9}" = MKV Splitter
"{AC76BA86-7AD7-1031-7B44-A93000000001}" = Adobe Reader 9.3.4 - Deutsch
"{AEF9DC35ADDF4825B049ACBFD1C6EB37}" = AAC Decoder
"{B13A7C41581B411290FBC0395694E2A9}" = DivX Converter
"{B1E9B7ED-8187-433a-9EAE-20DF1A8968B1}" = Synology Download Redirector
"{B7050CBDB2504B34BC2A9CA0A692CC29}" = DivX Web Player
"{BD723E53-A42C-4702-AA04-1D74A0311590}" = Magic Keyboard
"{C4A4722E-79F9-417C-BD72-8D359A090C97}" = Samsung PC Studio 3
"{CB099890-1D5F-11D5-9EA9-0050BAE317E1}" = PowerDirector
"{D103C4BA-F905-437A-8049-DB24763BBE36}" = Skype™ 4.1
"{D36DD326-7280-11D8-97C8-000129760CBE}" = PhotoNow! 1.0
"{D3EC9E5A-27BA-4834-828E-5D7A77CDE964}" = Samsung PC Studio 3
"{ED00D08A-3C5F-488D-93A0-A04F21F23956}" = Windows Live Communications Platform
"{F0A37341-D692-11D4-A984-009027EC0A9C}" = SoundMAX
"{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}" = Microsoft SQL Server 2005 Compact Edition [ENU]
"{F0E12BBA-AD66-4022-A453-A1C8A0C4D570}" = Microsoft Choice Guard
"{F750C986-5310-3A5A-95F8-4EC71C8AC01C}" = Microsoft .NET Framework 4 Client Profile DEU Language Pack
"{F8FF18EE-264A-43FD-B2F6-5EAD40798C2F}" = Windows Live Essentials
"{FF66E9F6-83E7-3A3E-AF14-8DE9A809A6A4}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022
"Activision_i82UninstallKey" = Interstate '82
"Adobe Flash Player ActiveX" = Adobe Flash Player 10 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 10 Plugin
"Akamai" = Akamai NetSession Interface
"Audiograbber" = Audiograbber 1.83 SE
"Audiograbber-Lame" = Audiograbber Lame-MP3-Plugin
"Avira AntiVir Desktop" = Avira AntiVir Personal - Free Antivirus
"DivX Plus DirectShow Filters" = DivX Plus DirectShow Filters
"EAX Unified" = EAX Unified
"Free Audio CD Burner_is1" = Free Audio CD Burner version 1.2
"Free YouTube to MP3 Converter_is1" = Free YouTube to MP3 Converter version 3.2
"FreePDF_XP" = FreePDF XP (Remove only)
"Frets on Fire" = Frets On Fire
"GPL Ghostscript 8.60" = GPL Ghostscript 8.60
"GPL Ghostscript Fonts" = GPL Ghostscript Fonts
"HijackThis" = HijackThis 1.99.1
"InstallShield_{7B9CC60A-9B81-46A3-A953-76B6BF9EEC97}" = Age of Empires III
"JDownloader" = JDownloader
"Mafia" = Mafia
"Malwarebytes' Anti-Malware_is1" = Malwarebytes' Anti-Malware
"MatlabR2008b" = MATLAB R2008b
"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile
"Microsoft .NET Framework 4 Client Profile DEU Language Pack" = Microsoft .NET Framework 4 Client Profile DEU Language Pack
"MiKTeX 2.6" = MiKTeX 2.6
"Miranda IM" = Miranda IM 0.9.2
"MozBackup_is1" = MozBackup 1.4.6
"Mozilla Firefox (3.6.10)" = Mozilla Firefox (3.6.10)
"Mozilla Thunderbird (3.1.4)" = Mozilla Thunderbird (3.1.4)
"NASA World Wind 1.4" = NASA World Wind 1.4
"NVIDIA Drivers" = NVIDIA Drivers
"ParaView" = ParaView-3.8.0-RC2 a cross-platform, open-source visualization system
"PVRpilot" = PVRpilot
"RealAlt_is1" = Real Alternative 2.0.2 Lite
"Redirection Port Monitor" = RedMon - Redirection Port Monitor
"SAMSUNG Mobile Composite Device" = SAMSUNG Mobile Composite Device Software
"SAMSUNG Mobile Modem" = SAMSUNG Mobile Modem Driver Set
"Samsung Mobile phone USB driver Drive" = Samsung Mobile phone USB driver Drive Software
"SAMSUNG Mobile USB Modem" = SAMSUNG Mobile USB Modem Software
"SAMSUNG Mobile USB Modem 1.0" = SAMSUNG Mobile USB Modem 1.0 Software
"SopCast" = SopCast 3.2.4
"StreamTorrent 1.0" = StreamTorrent 1.0
"SystemRequirementsLab" = System Requirements Lab
"TeXnicCenter_is1" = TeXnicCenter Version 1.0 Stable RC1
"TmNationsForever_is1" = TmNationsForever Update 2010-03-15
"TVAnts 1.0" = TVAnts 1.0
"TVUPlayer" = TVUPlayer 2.4.7.2
"UltraStar Deluxe" = UltraStar Deluxe
"Uninstall_is1" = Uninstall 1.0.0.1
"Veetle TV" = Veetle TV 0.9.17
"VLC media player" = VideoLAN VLC media player 0.8.6b
"WinGimp-2.0_is1" = GIMP 2.6.7
"WinLiveSuite_Wave3" = Windows Live Essentials
"WinRAR archiver" = WinRAR
"YDKJG" = YOU DON'T KNOW JACK®
"Zattoo" = Zattoo 3.3.4 Beta
========== Last 10 Event Log Errors ==========
[ Application Events ]
Error - 15.09.2010 03:51:43 | Computer Name = *** | Source = Microsoft-Windows-CAPI2 | ID = 4107
Description = Fehler beim Extrahieren der Drittanbieterstammliste aus der automatischen
Aktualisierungs-CAB-Datei bei <hxxp://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cab>.
Fehler: Ein erforderliches Zertifikat befindet sich nicht im Gültigkeitszeitraum
gemessen an der aktuellen Systemzeit oder dem Zeitstempel in der signierten Datei.
.
Error - 15.09.2010 03:51:43 | Computer Name = *** | Source = Microsoft-Windows-CAPI2 | ID = 4107
Description = Fehler beim Extrahieren der Drittanbieterstammliste aus der automatischen
Aktualisierungs-CAB-Datei bei <hxxp://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cab>.
Fehler: Ein erforderliches Zertifikat befindet sich nicht im Gültigkeitszeitraum
gemessen an der aktuellen Systemzeit oder dem Zeitstempel in der signierten Datei.
.
Error - 15.09.2010 03:57:27 | Computer Name = *** | Source = Microsoft-Windows-CAPI2 | ID = 4107
Description = Fehler beim Extrahieren der Drittanbieterstammliste aus der automatischen
Aktualisierungs-CAB-Datei bei <hxxp://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cab>.
Fehler: Ein erforderliches Zertifikat befindet sich nicht im Gültigkeitszeitraum
gemessen an der aktuellen Systemzeit oder dem Zeitstempel in der signierten Datei.
.
Error - 15.09.2010 03:58:13 | Computer Name = *** | Source = Microsoft-Windows-CAPI2 | ID = 4107
Description = Fehler beim Extrahieren der Drittanbieterstammliste aus der automatischen
Aktualisierungs-CAB-Datei bei <hxxp://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cab>.
Fehler: Ein erforderliches Zertifikat befindet sich nicht im Gültigkeitszeitraum
gemessen an der aktuellen Systemzeit oder dem Zeitstempel in der signierten Datei.
.
Error - 15.09.2010 03:58:16 | Computer Name = *** | Source = Microsoft-Windows-CAPI2 | ID = 4107
Description = Fehler beim Extrahieren der Drittanbieterstammliste aus der automatischen
Aktualisierungs-CAB-Datei bei <hxxp://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cab>.
Fehler: Ein erforderliches Zertifikat befindet sich nicht im Gültigkeitszeitraum
gemessen an der aktuellen Systemzeit oder dem Zeitstempel in der signierten Datei.
.
Error - 15.09.2010 03:58:21 | Computer Name = *** | Source = Microsoft-Windows-CAPI2 | ID = 4107
Description = Fehler beim Extrahieren der Drittanbieterstammliste aus der automatischen
Aktualisierungs-CAB-Datei bei <hxxp://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cab>.
Fehler: Ein erforderliches Zertifikat befindet sich nicht im Gültigkeitszeitraum
gemessen an der aktuellen Systemzeit oder dem Zeitstempel in der signierten Datei.
.
Error - 15.09.2010 03:58:43 | Computer Name = *** | Source = Microsoft-Windows-CAPI2 | ID = 4107
Description = Fehler beim Extrahieren der Drittanbieterstammliste aus der automatischen
Aktualisierungs-CAB-Datei bei <hxxp://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cab>.
Fehler: Ein erforderliches Zertifikat befindet sich nicht im Gültigkeitszeitraum
gemessen an der aktuellen Systemzeit oder dem Zeitstempel in der signierten Datei.
.
Error - 19.09.2010 06:56:21 | Computer Name = *** | Source = Microsoft-Windows-CAPI2 | ID = 4107
Description = Fehler beim Extrahieren der Drittanbieterstammliste aus der automatischen
Aktualisierungs-CAB-Datei bei <hxxp://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cab>.
Fehler: Ein erforderliches Zertifikat befindet sich nicht im Gültigkeitszeitraum
gemessen an der aktuellen Systemzeit oder dem Zeitstempel in der signierten Datei.
.
Error - 19.09.2010 07:28:02 | Computer Name = *** | Source = Microsoft-Windows-CAPI2 | ID = 4107
Description = Fehler beim Extrahieren der Drittanbieterstammliste aus der automatischen
Aktualisierungs-CAB-Datei bei <hxxp://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cab>.
Fehler: Ein erforderliches Zertifikat befindet sich nicht im Gültigkeitszeitraum
gemessen an der aktuellen Systemzeit oder dem Zeitstempel in der signierten Datei.
.
Error - 19.09.2010 07:28:02 | Computer Name = *** | Source = Microsoft-Windows-CAPI2 | ID = 4107
Description = Fehler beim Extrahieren der Drittanbieterstammliste aus der automatischen
Aktualisierungs-CAB-Datei bei <hxxp://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cab>.
Fehler: Ein erforderliches Zertifikat befindet sich nicht im Gültigkeitszeitraum
gemessen an der aktuellen Systemzeit oder dem Zeitstempel in der signierten Datei.
.
[ Media Center Events ]
Error - 15.10.2009 08:04:42 | Computer Name = *** | Source = MCUpdate | ID = 0
Description = 14:04:41 - Fehler beim Herstellen der Internetverbindung. 14:04:41
- Serververbindung konnte nicht hergestellt werden..
Error - 19.01.2010 06:54:44 | Computer Name = *** | Source = MCUpdate | ID = 0
Description = 11:54:39 - Fehler beim Herstellen der Internetverbindung. 11:54:44
- Serververbindung konnte nicht hergestellt werden..
Error - 19.01.2010 07:57:11 | Computer Name = *** | Source = MCUpdate | ID = 0
Description = 12:57:11 - Fehler beim Herstellen der Internetverbindung. 12:57:11
- Serververbindung konnte nicht hergestellt werden..
Error - 19.01.2010 08:59:38 | Computer Name = *** | Source = MCUpdate | ID = 0
Description = 13:59:38 - Fehler beim Herstellen der Internetverbindung. 13:59:38
- Serververbindung konnte nicht hergestellt werden..
Error - 29.01.2010 00:45:11 | Computer Name = *** | Source = MCUpdate | ID = 0
Description = 05:45:11 - Fehler beim Herstellen der Internetverbindung. 05:45:11
- Serververbindung konnte nicht hergestellt werden..
Error - 29.01.2010 15:26:28 | Computer Name = *** | Source = MCUpdate | ID = 0
Description = 20:26:27 - Fehler beim Herstellen der Internetverbindung. 20:26:27
- Serververbindung konnte nicht hergestellt werden..
Error - 29.01.2010 16:27:54 | Computer Name = *** | Source = MCUpdate | ID = 0
Description = 21:27:54 - Fehler beim Herstellen der Internetverbindung. 21:27:54
- Serververbindung konnte nicht hergestellt werden..
Error - 29.01.2010 17:28:02 | Computer Name = *** | Source = MCUpdate | ID = 0
Description = 22:28:01 - Fehler beim Herstellen der Internetverbindung. 22:28:01
- Serververbindung konnte nicht hergestellt werden..
Error - 03.02.2010 00:25:43 | Computer Name = *** | Source = MCUpdate | ID = 0
Description = 05:25:42 - Fehler beim Herstellen der Internetverbindung. 05:25:42
- Serververbindung konnte nicht hergestellt werden..
Error - 20.02.2010 19:21:56 | Computer Name = *** | Source = MCUpdate | ID = 0
Description = 00:21:50 - MCEClientUX konnte nicht abgerufen werden (Fehler: Die
zugrunde liegende Verbindung wurde geschlossen: Für den geschützten SSL/TLS-Kanal
konnte keine Vertrauensstellung hergestellt werden..)
[ System Events ]
Error - 18.09.2010 07:06:47 | Computer Name = *** | Source = volsnap | ID = 393245
Description = Die Schattenkopien von Volume "G:" wurde während der Ermittlung abgebrochen.
Error - 18.09.2010 07:06:47 | Computer Name = *** | Source = Ntfs | ID = 262281
Description = Auf dem Volume "G:" konnte der Transaktionsressourcen-Manager aufgrund
eines nicht wiederholbaren Fehlers nicht gestartet werden. Der Fehlercode ist in
den Daten enthalten.
Error - 18.09.2010 11:48:46 | Computer Name = *** | Source = cdrom | ID = 262159
Description = Das Gerät \Device\CdRom0 ist für den Zugriff noch nicht bereit.
Error - 18.09.2010 11:49:17 | Computer Name = *** | Source = cdrom | ID = 262159
Description = Das Gerät \Device\CdRom0 ist für den Zugriff noch nicht bereit.
Error - 18.09.2010 11:49:17 | Computer Name = *** | Source = cdrom | ID = 262159
Description = Das Gerät \Device\CdRom0 ist für den Zugriff noch nicht bereit.
Error - 18.09.2010 11:49:18 | Computer Name = *** | Source = cdrom | ID = 262159
Description = Das Gerät \Device\CdRom0 ist für den Zugriff noch nicht bereit.
Error - 18.09.2010 11:49:19 | Computer Name = *** | Source = cdrom | ID = 262159
Description = Das Gerät \Device\CdRom0 ist für den Zugriff noch nicht bereit.
Error - 18.09.2010 11:49:20 | Computer Name = *** | Source = atapi | ID = 262155
Description = Der Treiber hat einen Controllerfehler auf \Device\Ide\IdePort0 gefunden.
Error - 18.09.2010 11:49:20 | Computer Name = *** | Source = cdrom | ID = 262159
Description = Das Gerät \Device\CdRom0 ist für den Zugriff noch nicht bereit.
Error - 19.09.2010 07:27:56 | Computer Name = *** | Source = Service Control Manager | ID = 7000
Description = Der Dienst "adfs" wurde aufgrund folgenden Fehlers nicht gestartet:
%%2
< End of report >
(Achso, dass das CD-Laufwerk "nicht bereit" ist, weiß ich schon, das Problem lässt sich aber immer durch einen Neustart beheben. Vllt kennt da aber auch einer eine bessere Methode.) Vielen Dank schonmal! Geändert von moddin (19.09.2010 um 13:31 Uhr) |
|
20.09.2010, 09:37
| #2 | |
| /// Winkelfunktion /// TB-Süch-Tiger™   | Ungewolltes automatisches Herunterfahren in Windows 7Zitat:
__________________ |
|
20.09.2010, 14:58
| #3 |
| | Ungewolltes automatisches Herunterfahren in Windows 7 So, das erste Mal hat er noch zwei Sachen gefunden, einmal einen "Trojan.Bancos" und ein "Malware.Tool" jeweils in exe-Dateien, die konnten gelöscht werden. Beim nächsten Scan war dann alles sauber, und das eigentliche Problem scheint auch beseitigt, bisher hat sich der Rechner noch nicht von selbst neugestartet. Hoffe, dass es so bleibt! Scheint also wohl die Datei im Adobe Update-Ordner gewesen zu sein. Die hatte sich aber zum Glück nicht in den Autostart oder in die Registry geschrieben, wie das bei anderen passiert ist, deren Fälle ich gerade beim kurzen googlen gefunden habe.
__________________Danke erstmal, ich hoffe, damit ist das Thema hier gelöst! |
|
20.09.2010, 15:17
| #4 | |
| /// Winkelfunktion /// TB-Süch-Tiger™ | Ungewolltes automatisches Herunterfahren in Windows 7Zitat:
__________________ Logfiles bitte immer in CODE-Tags posten  |
|
20.09.2010, 22:00
| #5 |
| | Ungewolltes automatisches Herunterfahren in Windows 7 Oh, sorry, ganz vergessen, war so glücklich, dass es geklappt zu haben schien. Leider ist der Fehler gerade wieder aufgetreten... Mist!! Nagut, hier also der Log. Code:
ATTFilter Malwarebytes' Anti-Malware 1.46
www.malwarebytes.org
Datenbank Version: 4650
Windows 6.1.7600
Internet Explorer 8.0.7600.16385
20.09.2010 13:42:43
mbam-log-2010-09-20 (13-42-43).txt
Art des Suchlaufs: Vollständiger Suchlauf (C:\|E:\|)
Durchsuchte Objekte: 378284
Laufzeit: 1 Stunde(n), 51 Minute(n), 47 Sekunde(n)
Infizierte Speicherprozesse: 0
Infizierte Speichermodule: 0
Infizierte Registrierungsschlüssel: 0
Infizierte Registrierungswerte: 0
Infizierte Dateiobjekte der Registrierung: 0
Infizierte Verzeichnisse: 0
Infizierte Dateien: 2
Infizierte Speicherprozesse:
(Keine bösartigen Objekte gefunden)
Infizierte Speichermodule:
(Keine bösartigen Objekte gefunden)
Infizierte Registrierungsschlüssel:
(Keine bösartigen Objekte gefunden)
Infizierte Registrierungswerte:
(Keine bösartigen Objekte gefunden)
Infizierte Dateiobjekte der Registrierung:
(Keine bösartigen Objekte gefunden)
Infizierte Verzeichnisse:
(Keine bösartigen Objekte gefunden)
Infizierte Dateien:
C:\Z_Setup\Spiele\BG2v2.0.22956.exe (Trojan.Bancos) -> Quarantined and deleted successfully.
C:\Z_Setup\Sicherung XP\WINDOWS\system32\cmdow.exe (Malware.Tool) -> Quarantined and deleted successfully.
|
|
21.09.2010, 10:31
| #6 | |
| /// Winkelfunktion /// TB-Süch-Tiger™ | Ungewolltes automatisches Herunterfahren in Windows 7Zitat:
__________________ --> Ungewolltes automatisches Herunterfahren in Windows 7 |
|
21.09.2010, 17:45
| #7 |
| | Ungewolltes automatisches Herunterfahren in Windows 7 Ich glaub, die war fürs Multiplayerspielen irgendwie wichtig, aber oft benutzt kann ich die nicht haben und lange her ist das auch, erinnern kann ich mich jedenfalls nicht, die jemals überhaupt benutzt zu haben, war wie gesagt noch auf einem anderen System. Das Problem liegt auch glaub ich woanders, die Datei gabs ja schon länger an der Stelle, das Problem hab ich aber erst seit kurzem. Eben kam noch ein Fehler über eine abgestürzte Datei, vllt hilft der ja weiter: Name der fehlerhaften Anwendung: 6615f428409d544c.exe, Version: 0.0.0.0, Zeitstempel: 0x4c97aaa9 Name des fehlerhaften Moduls: unknown, Version: 0.0.0.0, Zeitstempel: 0x00000000 Ausnahmecode: 0xc0000005 Fehleroffset: 0x00000000 ID des fehlerhaften Prozesses: 0xab0 Startzeit der fehlerhaften Anwendung: 0x01cb59a5d11fd2ec Pfad der fehlerhaften Anwendung: C:\Users\***\AppData\Local\Temp\6615f428409d544c.exe Pfad des fehlerhaften Moduls: unknown Berichtskennung: 1440d6d8-c599-11df-aa53-a3760f91bc60 Ansonsten hätte ich noch die Ereignisanzeigenausgabe von direkt vor den Neustarts anzubieten, hilft die vllt weiter? |
|
21.09.2010, 20:51
| #8 |
| /// Winkelfunktion /// TB-Süch-Tiger™ | Ungewolltes automatisches Herunterfahren in Windows 7 Beende alle Programme, starte OTL und kopiere folgenden Text in die "Custom Scan/Fixes" Box (unten in OTL): (das ":OTL" muss mitkopiert werden!!!) Hinweis: Falls Du Deinen Benutzernamen unkenntlich gemacht hast, musst Du das Ausgesternte in Deinen richtigen Benutzernamen wieder verwandeln, sonst funktioniert das Script nicht!! Code:
ATTFilter :OTL
DRV - (cusbohcn) -- C:\Users\***\AppData\Local\Temp\cusbohcn.sys File not found
O4 - HKCU..\Run: [Getdo] File not found
O4 - HKCU..\Run: [Winicm] C:\Users\***\AppData\Roaming\Adobe\Update\widbe.exe ()
:Commands
[purity]
[resethosts]
[emptytemp]
Das Logfile müsste geöffnet werden, wenn Du nach dem Fixen auf ok klickst, poste das bitte. Evtl. wird der Rechner neu gestartet.
__________________ Logfiles bitte immer in CODE-Tags posten |
|
22.09.2010, 16:46
| #9 |
| | Ungewolltes automatisches Herunterfahren in Windows 7 So, ich hab zwar beim ersten Mal vergessen, die Sternchen zu ersetzen, habs dann aber nochmal laufen lassen mit ersetzten Sternchen und dem gleichen Text, hier die Logs vom ersten und zweiten Durchlauf: Code:
ATTFilter All processes killed
========== OTL ==========
Service cusbohcn stopped successfully!
Service cusbohcn deleted successfully!
File C:\Users\***\AppData\Local\Temp\cusbohcn.sys File not found not found.
Registry value HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run\\Getdo deleted successfully.
Registry value HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run\\Winicm deleted successfully.
File C:\Users\***\AppData\Roaming\Adobe\Update\widbe.exe not found.
========== COMMANDS ==========
C:\Windows\System32\drivers\etc\Hosts moved successfully.
HOSTS file reset successfully
[EMPTYTEMP]
User: ***
User: ***
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 33170 bytes
User: ***
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
User: ***
->Temp folder emptied: 57826 bytes
->Temporary Internet Files folder emptied: 5609990 bytes
->Opera cache emptied: 3872819 bytes
->Flash cache emptied: 574 bytes
User: ***
->Temp folder emptied: 29568117 bytes
->Temporary Internet Files folder emptied: 208283209 bytes
->Java cache emptied: 28981305 bytes
->FireFox cache emptied: 106112622 bytes
->Opera cache emptied: 820651 bytes
->Flash cache emptied: 129130 bytes
User: ***
User: ***
%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 0 bytes
%systemroot%\System32 .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 5846466 bytes
RecycleBin emptied: 0 bytes
Total Files Cleaned = 371,00 mb
OTL by OldTimer - Version 3.2.12.1 log created on 09222010_173503
Files\Folders moved on Reboot...
Registry entries deleted on Reboot...
Code:
ATTFilter ========== OTL ==========
Error: No service named cusbohcn was found to stop!
Service\Driver key cusbohcn not found.
File C:\Users\***\AppData\Local\Temp\cusbohcn.sys File not found not found.
Registry value HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run\\Getdo not found.
Registry value HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run\\Winicm not found.
C:\Users\***\AppData\Roaming\Adobe\Update\widbe.exe moved successfully.
========== COMMANDS ==========
C:\Windows\System32\drivers\etc\Hosts moved successfully.
HOSTS file reset successfully
OTL by OldTimer - Version 3.2.12.1 log created on 09222010_174044
|
|
22.09.2010, 20:32
| #10 |
| /// Winkelfunktion /// TB-Süch-Tiger™ | Ungewolltes automatisches Herunterfahren in Windows 7 Dann bitte jetzt CF ausführen: ComboFix Ein Leitfaden und Tutorium zur Nutzung von ComboFix
Combofix darf ausschließlich ausgeführt werden, wenn ein Kompetenzler dies ausdrücklich empfohlen hat!
__________________ Logfiles bitte immer in CODE-Tags posten |
|
22.09.2010, 21:31
| #11 |
| | Ungewolltes automatisches Herunterfahren in Windows 7 So, hat alles funktioniert, hier der Log von Combofix: Code:
ATTFilter ComboFix 10-09-22.02 - *** 22.09.2010 22:16:47.1.2 - x86
Microsoft Windows 7 Professional 6.1.7600.0.1252.49.1031.18.2558.1695 [GMT 2:00]
ausgeführt von:: c:\users\***\Desktop\cofi.exe
.
(((((((((((((((((((((((((((((((((((( Weitere Löschungen ))))))))))))))))))))))))))))))))))))))))))))))))
.
c:\users\***\AppData\Roaming\Qievq
c:\users\***\AppData\Roaming\Qievq\kumy.exe
c:\windows\system32\PCLECoInst.dll
.
((((((((((((((((((((((( Dateien erstellt von 2010-08-22 bis 2010-09-22 ))))))))))))))))))))))))))))))
.
2010-09-22 20:24 . 2010-09-22 20:24 -------- d-----w- c:\users\***\AppData\Local\temp
2010-09-22 19:58 . 2010-09-22 19:58 -------- d-----w- c:\program files\CCleaner
2010-09-22 15:35 . 2010-09-22 15:35 -------- d-----w- C:\_OTL
2010-09-19 15:44 . 2010-09-19 15:45 5642000 ----a-w- c:\users\***\AppData\Roaming\TVU Networks\AutoUpgrade\TVUPlayer2.5.3.1.exe
2010-09-19 11:12 . 2010-09-19 11:12 -------- d-----w- c:\users\***\AppData\Roaming\Malwarebytes
2010-09-19 11:11 . 2010-04-29 10:19 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2010-09-19 11:11 . 2010-09-19 11:11 -------- d-----w- c:\programdata\Malwarebytes
2010-09-19 11:11 . 2010-09-19 11:11 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2010-09-19 11:11 . 2010-04-29 10:19 20952 ----a-w- c:\windows\system32\drivers\mbam.sys
2010-09-15 07:21 . 2010-08-21 05:32 316928 ----a-w- c:\windows\system32\spoolsv.exe
2010-09-14 07:22 . 2010-09-14 07:22 -------- d-----w- c:\program files\Microsoft.NET
2010-09-14 07:20 . 2010-03-24 06:37 1286456 ----a-w- c:\windows\system32\ntdll.dll
2010-09-12 21:33 . 2010-09-12 21:33 -------- d-----w- c:\program files\Veetle
2010-08-31 06:17 . 2010-08-31 06:17 -------- d-----w- c:\users\Gast\AppData\Local\Opera
2010-08-30 21:22 . 2010-08-30 21:30 -------- d-----w- c:\users\Gast\AppData\Roaming\DeepBurner
2010-08-30 20:07 . 2010-08-30 20:07 -------- d-----w- c:\users\Gast\AppData\Roaming\vlc
2010-08-30 16:16 . 2010-08-30 16:16 -------- d-----w- c:\users\Gast\AppData\Roaming\DivX
2010-08-30 16:06 . 2010-08-30 16:06 86480 ----a-w- c:\users\Gast\AppData\Local\GDIPFONTCACHEV1.DAT
2010-08-27 13:50 . 2010-04-07 07:10 571904 ----a-w- c:\windows\system32\oleaut32.dll
.
(((((((((((((((((((((((((((((((((((( Find3M Bericht ))))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-09-22 20:01 . 2010-01-06 08:52 -------- d-----w- c:\users\***\AppData\Roaming\Media Player Classic
2010-09-22 19:43 . 2010-01-09 18:37 -------- d-----w- c:\program files\Common Files\Akamai
2010-09-22 18:08 . 2010-03-11 15:39 -------- d-----w- c:\users\***\AppData\Roaming\Nini
2010-09-19 11:01 . 2009-09-30 13:38 -------- d-----w- c:\program files\Common Files\Adobe
2010-09-18 20:28 . 2009-09-30 13:16 -------- d-----w- c:\program files\Mozilla Thunderbird
2010-09-17 18:05 . 2009-07-14 08:47 654166 ----a-w- c:\windows\system32\perfh007.dat
2010-09-17 18:05 . 2009-07-14 08:47 130006 ----a-w- c:\windows\system32\perfc007.dat
2010-09-16 17:28 . 2009-10-05 12:05 1 ----a-w- c:\users\***\AppData\Roaming\OpenOffice.org\3\user\uno_packages\cache\stamp.sys
2010-09-15 07:50 . 2009-09-30 13:47 -------- d-----w- c:\users\***\AppData\Roaming\Skype
2010-09-15 07:37 . 2009-09-30 13:48 -------- d-----w- c:\users\***\AppData\Roaming\skypePM
2010-09-14 07:09 . 2010-02-20 23:22 -------- d-----w- c:\program files\Microsoft Silverlight
2010-09-12 12:58 . 2009-11-20 22:03 -------- d-----w- c:\program files\Opera
2010-08-27 15:59 . 2010-05-13 13:52 -------- d-----w- c:\users\***\AppData\Roaming\Miranda
2010-08-23 11:37 . 2009-10-04 14:35 -------- d-----w- c:\users\***\AppData\Roaming\dvdcss
2010-08-22 14:34 . 2009-09-30 13:27 -------- d-----w- c:\users\***\AppData\Roaming\Thunderbird
2010-08-21 10:44 . 2009-10-03 08:21 -------- d-----w- c:\users\***\AppData\Roaming\gtk-2.0
2010-08-18 07:09 . 2010-04-17 09:22 -------- d-----w- c:\program files\JDownloader
2010-07-29 06:30 . 2010-08-12 06:35 197632 ----a-w- c:\windows\system32\ir32_32.dll
2010-07-29 06:30 . 2010-08-12 06:35 82944 ----a-w- c:\windows\system32\iccvid.dll
2010-07-27 18:43 . 2010-07-27 18:43 -------- d-----w- c:\program files\Common Files\Logitech
2010-07-27 18:43 . 2010-07-27 18:43 -------- d-----w- c:\program files\Logitech
2010-07-25 10:56 . 2010-07-25 10:51 -------- d-----w- c:\program files\WWP
2010-06-30 06:25 . 2010-08-12 06:35 978432 ----a-w- c:\windows\system32\wininet.dll
2009-09-25 16:41 . 2009-09-25 16:41 1044480 ----a-w- c:\program files\mozilla firefox\plugins\libdivx.dll
2009-09-25 16:41 . 2009-09-25 16:41 200704 ----a-w- c:\program files\mozilla firefox\plugins\ssldivx.dll
2009-06-10 21:26 . 2009-07-14 02:04 9633792 --sha-r- c:\windows\Fonts\StaticCache.dat
2009-07-14 01:14 . 2009-07-13 23:42 396800 --sha-w- c:\windows\winsxs\x86_microsoft-windows-mail-app_31bf3856ad364e35_6.1.7600.16385_none_f12e83abb108c86c\WinMail.exe
.
(((((((((((((((((((((((((((( Autostartpunkte der Registrierung ))))))))))))))))))))))))))))))))))))))))
.
.
*Hinweis* leere Einträge & legitime Standardeinträge werden nicht angezeigt.
REGEDIT4
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Power2GoExpress"="NA" [X]
"Sidebar"="c:\program files\Windows Sidebar\sidebar.exe" [2009-07-14 1173504]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"avgnt"="c:\program files\Avira\AntiVir Desktop\avgnt.exe" [2009-03-02 209153]
"SoundMAXPnP"="c:\program files\Analog Devices\Core\smax4pnp.exe" [2009-10-05 1167360]
"MagicKeyboard"="c:\programme\SAMSUNG\MagicKBD\PreMKBD.exe" [2005-04-11 151552]
"RemoteControl"="c:\programme\CyberLink\PowerDVD\PDVDServ.exe" [2004-11-02 32768]
"snpstd3"="c:\windows\vsnpstd3.exe" [2006-09-19 827392]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2009-01-30 13605408]
"NvMediaCenter"="c:\windows\system32\NvMcTray.dll" [2009-01-30 92704]
"Start WingMan Profiler"="c:\program files\Logitech\Gaming Software\LWEMon.exe" [2010-05-05 153672]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2010-06-20 35760]
"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2010-06-09 976832]
c:\users\***\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
RMClock.lnk - c:\program files\rmclock_235_bin\RMClockLauncher.exe [2010-3-13 61440]
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 0 (0x0)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableLUA"= 0 (0x0)
"EnableUIADesktopToggle"= 0 (0x0)
"PromptOnSecureDesktop"= 0 (0x0)
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
"RequireSignedAppInit_DLLs"=1 (0x1)
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\FreePDF Assistant]
2007-06-26 18:27 312320 ----a-w- c:\program files\FreePDF_XP\fpassist.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched]
2009-09-30 16:09 149280 ----a-w- c:\program files\Java\jre6\bin\jusched.exe
R2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384]
R3 zlportio;zlportio;c:\program files\UltraStar Deluxe\zlportio.sys [x]
S2 Akamai;Akamai NetSession Interface;c:\windows\System32\svchost.exe [2009-07-14 20992]
S2 AntiVirSchedulerService;Avira AntiVir Planer;c:\program files\Avira\AntiVir Desktop\sched.exe [2009-05-13 108289]
S2 DOSMEMIO;MEMIO;c:\windows\system32\MEMIO.SYS [2000-08-24 4300]
S3 netw5v32;Intel(R) Wireless WiFi Link 5000-Serie - Adaptertreiber für Windows Vista 32 Bit;c:\windows\system32\DRIVERS\netw5v32.sys [2009-07-13 4231168]
--- Andere Dienste/Treiber im Speicher ---
*Deregistered* - RTCore32
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
Akamai REG_MULTI_SZ Akamai
.
.
------- Zusätzlicher Suchlauf -------
.
uInternet Settings,ProxyServer = localhost:8080
FF - ProfilePath - c:\users\***\AppData\Roaming\Mozilla\Firefox\Profiles\htu48s4n.test\
FF - prefs.js: browser.startup.homepage - hxxp://www.sueddeutsche.de/
FF - component: c:\users\***\AppData\Roaming\Mozilla\Firefox\Profiles\htu48s4n.test\extensions\piclens@cooliris.com\components\coolirisstub.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\np-mswmp.dll
FF - plugin: c:\program files\Opera\program\plugins\nppl3260.dll
FF - plugin: c:\program files\Opera\program\plugins\nppl3260.dll
FF - plugin: c:\program files\Opera\program\plugins\nprpjplug.dll
FF - plugin: c:\program files\Opera\program\plugins\nprpjplug.dll
FF - plugin: c:\program files\Veetle\Player\npvlc.dll
FF - plugin: c:\program files\Veetle\plugins\npVeetle.dll
FF - plugin: c:\program files\Veetle\VLCBroadcast\npvbp.dll
FF - plugin: c:\program files\Windows Live\Photo Gallery\NPWLPG.dll
FF - plugin: c:\users\***\AppData\Roaming\Mozilla\Firefox\Profiles\htu48s4n.test\extensions\piclens@cooliris.com\plugins\npcoolirisplugin.dll
---- FIREFOX Richtlinien ----
FF - user.js: network.cookie.cookieBehavior - 0
FF - user.js: privacy.clearOnShutdown.cookies - false
FF - user.js: security.warn_viewing_mixed - false
FF - user.js: security.warn_viewing_mixed.show_once - false
FF - user.js: security.warn_submit_insecure - false
FF - user.js: security.warn_submit_insecure.show_once - false
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgbaam7a8h", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgberp4a5d4ar", true);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled", false);
.
- - - - Entfernte verwaiste Registrierungseinträge - - - -
HKCU-Run-{EB31E8EB-2A84-7984-E0CB-B9A575D30B4E} - c:\users\***\AppData\Roaming\Qievq\kumy.exe
HKLM-Run-USB2Check - c:\windows\system32\PCLECoInst.dll
MSConfigStartUp-Adobe Reader Speed Launcher - c:\program files\Adobe\Reader 8.0\Reader\Reader_sl.exe
.
--------------------- Gesperrte Registrierungsschluessel ---------------------
[HKEY_USERS\S-1-5-21-3475587674-3369065116-2635668132-1000\Software\SecuROM\!CAUTION! NEVER A OR CHANGE ANY KEY*]
"??"=hex:c5,88,1c,df,d7,02,ca,cc,19,6a,49,b8,f0,f5,95,f1,89,9d,c6,eb,32,cc,53,
2c,bb,31,ad,4d,54,5a,62,39,0a,bf,51,fc,ab,93,1b,db,79,13,70,df,20,42,00,08,\
"??"=hex:36,d0,30,fc,82,1f,e9,19,8f,0d,23,9d,ad,f6,db,62
[HKEY_USERS\S-1-5-21-3475587674-3369065116-2635668132-1000\Software\SecuROM\License information*]
"datasecu"=hex:af,d7,f9,bf,f6,ef,15,0f,88,1b,9f,ec,d1,3d,2e,07,33,1a,80,cd,82,
62,2a,4e,ba,6c,21,c4,84,73,4b,c1,4f,c9,e9,b5,1d,5f,62,ed,ab,6c,26,c8,94,05,\
"rkeysecu"=hex:12,77,f9,0e,ed,2a,56,d9,2c,ce,87,2a,c9,83,01,38
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
"MSCurrentCountry"=dword:000000b5
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0001\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0002\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0003\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0004\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0005\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
Zeit der Fertigstellung: 2010-09-22 22:26:52
ComboFix-quarantined-files.txt 2010-09-22 20:26
Vor Suchlauf: 10 Verzeichnis(se), 17.531.678.720 Bytes frei
Nach Suchlauf: 15 Verzeichnis(se), 17.435.639.808 Bytes frei
- - End Of File - - 126E1C4876496E4FBF2EA5BC1B4ECDF0
|
|
22.09.2010, 21:36
| #12 |
| /// Winkelfunktion /// TB-Süch-Tiger™ | Ungewolltes automatisches Herunterfahren in Windows 7 Combofix - Scripten 1. Starte das Notepad (Start / Ausführen / notepad[Enter]) 2. Jetzt füge mit copy/paste den ganzen Inhalt der untenstehenden Codebox in das Notepad Fenster ein. Code:
ATTFilter Filelook::
c:\windows\system32\ntdll.dll
Dirlook::
c:\program files\Veetle
4. Deaktivere den Guard Deines Antivirenprogramms und eine eventuell vorhandene Software Firewall. (Auch Guards von Ad-, Spyware Programmen und den Tea Timer (wenn vorhanden) !) 5. Dann ziehe die CFScript.txt auf die cofi.exe, so wie es im unteren Bild zu sehen ist. Damit wird Combofix neu gestartet.  6. Nach dem Neustart (es wird gefragt ob Du neustarten willst), poste bitte die folgenden Log Dateien: Combofix.txt Hinweis: Das obige Script ist nur für diesen einen User in dieser Situtation erstellt worden. Es ist auf keinen anderen Rechner portierbar und darf nicht anderweitig verwandt werden, da es das System nachhaltig schädigen kann!
__________________ Logfiles bitte immer in CODE-Tags posten |
|
22.09.2010, 22:18
| #13 |
| | Ungewolltes automatisches Herunterfahren in Windows 7 Es wurde zwar nicht gefragt, ob ich neustarten will, aber hier der Log. Komisch, dass die kumy.exe wieder da war, die wurde doch vorhin von Comboscript angeblich schonmal gelöscht... Code:
ATTFilter ComboFix 10-09-22.02 - *** 22.09.2010 23:07:15.2.2 - x86
Microsoft Windows 7 Professional 6.1.7600.0.1252.49.1031.18.2558.1626 [GMT 2:00]
ausgeführt von:: c:\users\***\Desktop\cofi.exe
Benutzte Befehlsschalter :: c:\users\***\Desktop\CFScript.txt
.
(((((((((((((((((((((((((((((((((((( Weitere Löschungen ))))))))))))))))))))))))))))))))))))))))))))))))
.
c:\users\***\AppData\Roaming\Qievq\kumy.exe
.
((((((((((((((((((((((( Dateien erstellt von 2010-08-22 bis 2010-09-22 ))))))))))))))))))))))))))))))
.
2010-09-22 21:13 . 2010-09-22 21:13 -------- d-----w- c:\users\***\AppData\Local\temp
2010-09-22 21:13 . 2010-09-22 21:13 -------- d-----w- c:\users\SnS\AppData\Local\temp
2010-09-22 21:13 . 2010-09-22 21:13 -------- d-----w- c:\users\Public\AppData\Local\temp
2010-09-22 21:13 . 2010-09-22 21:13 -------- d-----w- c:\users\Gast\AppData\Local\temp
2010-09-22 21:13 . 2010-09-22 21:13 -------- d-----w- c:\users\Default\AppData\Local\temp
2010-09-22 19:58 . 2010-09-22 19:58 -------- d-----w- c:\program files\CCleaner
2010-09-22 15:35 . 2010-09-22 15:35 -------- d-----w- C:\_OTL
2010-09-19 15:44 . 2010-09-19 15:45 5642000 ----a-w- c:\users\***\AppData\Roaming\TVU Networks\AutoUpgrade\TVUPlayer2.5.3.1.exe
2010-09-19 11:12 . 2010-09-19 11:12 -------- d-----w- c:\users\***\AppData\Roaming\Malwarebytes
2010-09-19 11:11 . 2010-04-29 10:19 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2010-09-19 11:11 . 2010-09-19 11:11 -------- d-----w- c:\programdata\Malwarebytes
2010-09-19 11:11 . 2010-09-19 11:11 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2010-09-19 11:11 . 2010-04-29 10:19 20952 ----a-w- c:\windows\system32\drivers\mbam.sys
2010-09-15 07:21 . 2010-08-21 05:32 316928 ----a-w- c:\windows\system32\spoolsv.exe
2010-09-14 07:22 . 2010-09-14 07:22 -------- d-----w- c:\program files\Microsoft.NET
2010-09-14 07:20 . 2010-03-24 06:37 1286456 ----a-w- c:\windows\system32\ntdll.dll
2010-09-12 21:33 . 2010-09-12 21:33 -------- d-----w- c:\program files\Veetle
2010-08-31 06:17 . 2010-08-31 06:17 -------- d-----w- c:\users\Gast\AppData\Local\Opera
2010-08-30 21:22 . 2010-08-30 21:30 -------- d-----w- c:\users\Gast\AppData\Roaming\DeepBurner
2010-08-30 20:07 . 2010-08-30 20:07 -------- d-----w- c:\users\Gast\AppData\Roaming\vlc
2010-08-30 16:16 . 2010-08-30 16:16 -------- d-----w- c:\users\Gast\AppData\Roaming\DivX
2010-08-30 16:06 . 2010-08-30 16:06 86480 ----a-w- c:\users\Gast\AppData\Local\GDIPFONTCACHEV1.DAT
2010-08-27 13:50 . 2010-04-07 07:10 571904 ----a-w- c:\windows\system32\oleaut32.dll
.
(((((((((((((((((((((((((((((((((((( Find3M Bericht ))))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-09-22 20:43 . 2010-01-09 18:37 -------- d-----w- c:\program files\Common Files\Akamai
2010-09-22 20:01 . 2010-01-06 08:52 -------- d-----w- c:\users\***\AppData\Roaming\Media Player Classic
2010-09-22 18:08 . 2010-03-11 15:39 -------- d-----w- c:\users\***\AppData\Roaming\Nini
2010-09-19 11:01 . 2009-09-30 13:38 -------- d-----w- c:\program files\Common Files\Adobe
2010-09-18 20:28 . 2009-09-30 13:16 -------- d-----w- c:\program files\Mozilla Thunderbird
2010-09-17 18:05 . 2009-07-14 08:47 654166 ----a-w- c:\windows\system32\perfh007.dat
2010-09-17 18:05 . 2009-07-14 08:47 130006 ----a-w- c:\windows\system32\perfc007.dat
2010-09-16 17:28 . 2009-10-05 12:05 1 ----a-w- c:\users\***\AppData\Roaming\OpenOffice.org\3\user\uno_packages\cache\stamp.sys
2010-09-15 07:50 . 2009-09-30 13:47 -------- d-----w- c:\users\***\AppData\Roaming\Skype
2010-09-15 07:37 . 2009-09-30 13:48 -------- d-----w- c:\users\***\AppData\Roaming\skypePM
2010-09-14 07:09 . 2010-02-20 23:22 -------- d-----w- c:\program files\Microsoft Silverlight
2010-09-12 12:58 . 2009-11-20 22:03 -------- d-----w- c:\program files\Opera
2010-08-27 15:59 . 2010-05-13 13:52 -------- d-----w- c:\users\***\AppData\Roaming\Miranda
2010-08-23 11:37 . 2009-10-04 14:35 -------- d-----w- c:\users\***\AppData\Roaming\dvdcss
2010-08-22 14:34 . 2009-09-30 13:27 -------- d-----w- c:\users\***\AppData\Roaming\Thunderbird
2010-08-21 10:44 . 2009-10-03 08:21 -------- d-----w- c:\users\***\AppData\Roaming\gtk-2.0
2010-08-18 07:09 . 2010-04-17 09:22 -------- d-----w- c:\program files\JDownloader
2010-07-29 06:30 . 2010-08-12 06:35 197632 ----a-w- c:\windows\system32\ir32_32.dll
2010-07-29 06:30 . 2010-08-12 06:35 82944 ----a-w- c:\windows\system32\iccvid.dll
2010-07-27 18:43 . 2010-07-27 18:43 -------- d-----w- c:\program files\Common Files\Logitech
2010-07-27 18:43 . 2010-07-27 18:43 -------- d-----w- c:\program files\Logitech
2010-07-25 10:56 . 2010-07-25 10:51 -------- d-----w- c:\program files\WWP
2010-06-30 06:25 . 2010-08-12 06:35 978432 ----a-w- c:\windows\system32\wininet.dll
2009-09-25 16:41 . 2009-09-25 16:41 1044480 ----a-w- c:\program files\mozilla firefox\plugins\libdivx.dll
2009-09-25 16:41 . 2009-09-25 16:41 200704 ----a-w- c:\program files\mozilla firefox\plugins\ssldivx.dll
2009-06-10 21:26 . 2009-07-14 02:04 9633792 --sha-r- c:\windows\Fonts\StaticCache.dat
2009-07-14 01:14 . 2009-07-13 23:42 396800 --sha-w- c:\windows\winsxs\x86_microsoft-windows-mail-app_31bf3856ad364e35_6.1.7600.16385_none_f12e83abb108c86c\WinMail.exe
.
(((((((((((((((((((((((((((((((((((((((((((( Look )))))))))))))))))))))))))))))))))))))))))))))))))))))))))
.
--- c:\windows\system32\ntdll.dll ---
Company: Microsoft Corporation
File Description: DLL für NT-Layer
File Version: 6.1.7600.16385 (win7_rtm.090713-1255)
Product Name: Betriebssystem Microsoft® Windows®
Copyright: © Microsoft Corporation. Alle Rechte vorbehalten.
Original Filename: ntdll.dll.mui
File size: 1286456
Created time: 2010-09-14 07:20
Modified time: 2010-03-24 06:37
MD5: D6807311485CD5B8003F00D386B63C78
SHA1: 38D662C1DF35DC96648533318746D59C68BD5531
---- Directory of c:\program files\Veetle ----
2010-09-12 21:33 . 2010-09-12 21:33 63523 ----a-w- c:\program files\Veetle\UninstallVeetleTV.exe
2010-03-22 23:40 . 2010-03-22 23:40 208408 ----a-w- c:\program files\Veetle\Player\axvlc.dll
2010-03-22 23:40 . 2010-03-22 23:40 123928 ----a-w- c:\program files\Veetle\Player\npvlc.dll
2010-03-22 23:40 . 2010-03-22 23:40 21528 ----a-w- c:\program files\Veetle\Player\player.exe
2010-03-22 23:40 . 2010-03-22 23:40 747032 ----a-w- c:\program files\Veetle\VLCBroadcast\axvbp.dll
2010-03-22 23:40 . 2010-03-22 23:40 678936 ----a-w- c:\program files\Veetle\VLCBroadcast\npvbp.dll
2010-03-22 23:40 . 2010-03-22 23:40 68632 ----a-w- c:\program files\Veetle\VLCBroadcast\plugins\libvrc_plugin.dll
2010-03-22 23:40 . 2010-03-22 23:40 1754136 ----a-w- c:\program files\Veetle\Player\libvlc.dll
2010-03-22 23:40 . 2010-03-22 23:40 57880 ----a-w- c:\program files\Veetle\Player\plugins\libvrc_plugin.dll
2010-03-22 23:39 . 2010-03-22 23:39 877 ----a-w- c:\program files\Veetle\Player\player.exe.manifest
2010-03-22 19:03 . 2010-03-22 19:03 109592 ----a-w- c:\program files\Veetle\Player\vtl_hfax.exe
2010-03-22 19:03 . 2010-03-22 19:03 12312 ----a-w- c:\program files\Veetle\Player\vtl_hfs.exe
2010-03-22 19:02 . 2010-03-22 19:02 220696 ----a-w- c:\program files\Veetle\VLCBroadcast\lbclient.exe
2010-03-22 19:02 . 2010-03-22 19:02 2736664 ----a-w- c:\program files\Veetle\VLCBroadcast\libvlc.dll
2010-03-22 19:02 . 2010-03-22 19:02 97816 ----a-w- c:\program files\Veetle\VLCBroadcast\vlc_encoder.exe
2010-03-17 23:35 . 2010-03-17 23:35 661528 ----a-w- c:\program files\Veetle\plugins\npVeetle.dll
2010-03-17 23:35 . 2010-03-17 23:35 886808 ----a-w- c:\program files\Veetle\plugins\Veetle.ocx
2010-01-08 02:41 . 2010-01-08 02:41 181272 ----a-w- c:\program files\Veetle\VLCBroadcast\plugins\libpng_plugin.dll
2010-01-08 02:41 . 2010-01-08 02:41 10776 ----a-w- c:\program files\Veetle\VLCBroadcast\plugins\libpodcast_plugin.dll
2010-01-08 02:41 . 2010-01-08 02:41 79384 ----a-w- c:\program files\Veetle\VLCBroadcast\plugins\libportaudio_plugin.dll
2010-01-08 02:41 . 2010-01-08 02:41 29208 ----a-w- c:\program files\Veetle\VLCBroadcast\plugins\libps_plugin.dll
2010-01-08 02:41 . 2010-01-08 02:41 14360 ----a-w- c:\program files\Veetle\VLCBroadcast\plugins\libpva_plugin.dll
2010-01-08 02:41 . 2010-01-08 02:41 12312 ----a-w- c:\program files\Veetle\VLCBroadcast\plugins\librawdv_plugin.dll
2010-01-08 02:41 . 2010-01-08 02:41 10776 ----a-w- c:\program files\Veetle\VLCBroadcast\plugins\librawvideo_plugin.dll
2010-01-08 02:41 . 2010-01-08 02:41 12312 ----a-w- c:\program files\Veetle\VLCBroadcast\plugins\librealaudio_plugin.dll
2010-01-08 02:41 . 2010-01-08 02:41 23576 ----a-w- c:\program files\Veetle\VLCBroadcast\plugins\libreal_plugin.dll
2010-01-08 02:41 . 2010-01-08 02:41 22040 ----a-w- c:\program files\Veetle\VLCBroadcast\plugins\librss_plugin.dll
2010-01-08 02:41 . 2010-01-08 02:41 9240 ----a-w- c:\program files\Veetle\VLCBroadcast\plugins\librv32_plugin.dll
2010-01-08 02:41 . 2010-01-08 02:41 9240 ----a-w- c:\program files\Veetle\VLCBroadcast\plugins\libs16tofixed32_plugin.dll
2010-01-08 02:41 . 2010-01-08 02:41 9752 ----a-w- c:\program files\Veetle\VLCBroadcast\plugins\libs16tofloat32swab_plugin.dll
2010-01-08 02:41 . 2010-01-08 02:41 9752 ----a-w- c:\program files\Veetle\VLCBroadcast\plugins\libs16tofloat32_plugin.dll
2010-01-08 02:41 . 2010-01-08 02:41 9240 ----a-w- c:\program files\Veetle\VLCBroadcast\plugins\libs8tofloat32_plugin.dll
2010-01-08 02:41 . 2010-01-08 02:41 54808 ----a-w- c:\program files\Veetle\VLCBroadcast\plugins\libsap_plugin.dll
2010-01-08 02:41 . 2010-01-08 02:41 9240 ----a-w- c:\program files\Veetle\VLCBroadcast\plugins\libscale_plugin.dll
2010-01-08 02:41 . 2010-01-08 02:41 12824 ----a-w- c:\program files\Veetle\VLCBroadcast\plugins\libscreen_plugin.dll
2010-01-08 02:41 . 2010-01-08 02:41 299544 ----a-w- c:\program files\Veetle\VLCBroadcast\plugins\libsdl_image_plugin.dll
2010-01-08 02:41 . 2010-01-08 02:41 12824 ----a-w- c:\program files\Veetle\VLCBroadcast\plugins\libsgimb_plugin.dll
2010-01-08 02:41 . 2010-01-08 02:41 11288 ----a-w- c:\program files\Veetle\VLCBroadcast\plugins\libshout_plugin.dll
2010-01-08 02:41 . 2010-01-08 02:41 10776 ----a-w- c:\program files\Veetle\VLCBroadcast\plugins\libshowintf_plugin.dll
2010-01-08 02:41 . 2010-01-08 02:41 9752 ----a-w- c:\program files\Veetle\VLCBroadcast\plugins\libsimple_channel_mixer_plugin.dll
2010-01-08 02:41 . 2010-01-08 02:41 1841688 ----a-w- c:\program files\Veetle\VLCBroadcast\plugins\libskins2_plugin.dll
2010-01-08 02:41 . 2010-01-08 02:41 8728 ----a-w- c:\program files\Veetle\VLCBroadcast\plugins\libspdif_mixer_plugin.dll
2010-01-08 02:41 . 2010-01-08 02:41 109080 ----a-w- c:\program files\Veetle\VLCBroadcast\plugins\libspeex_plugin.dll
2010-01-08 02:41 . 2010-01-08 02:41 15896 ----a-w- c:\program files\Veetle\VLCBroadcast\plugins\libspudec_plugin.dll
2010-01-08 02:41 . 2010-01-08 02:41 14872 ----a-w- c:\program files\Veetle\VLCBroadcast\plugins\libstream_out_bridge_plugin.dll
2010-01-08 02:41 . 2010-01-08 02:41 9752 ----a-w- c:\program files\Veetle\VLCBroadcast\plugins\libstream_out_description_plugin.dll
2010-01-08 02:41 . 2010-01-08 02:41 10264 ----a-w- c:\program files\Veetle\VLCBroadcast\plugins\libstream_out_display_plugin.dll
2010-01-08 02:41 . 2010-01-08 02:41 7704 ----a-w- c:\program files\Veetle\VLCBroadcast\plugins\libstream_out_dummy_plugin.dll
2010-01-08 02:41 . 2010-01-08 02:41 13336 ----a-w- c:\program files\Veetle\VLCBroadcast\plugins\libstream_out_duplicate_plugin.dll
2010-01-08 02:41 . 2010-01-08 02:41 12824 ----a-w- c:\program files\Veetle\VLCBroadcast\plugins\libstream_out_es_plugin.dll
2010-01-08 02:41 . 2010-01-08 02:41 10776 ----a-w- c:\program files\Veetle\VLCBroadcast\plugins\libstream_out_gather_plugin.dll
2010-01-08 02:41 . 2010-01-08 02:41 15896 ----a-w- c:\program files\Veetle\VLCBroadcast\plugins\libstream_out_mosaic_bridge_plugin.dll
2010-01-08 02:41 . 2010-01-08 02:41 51224 ----a-w- c:\program files\Veetle\VLCBroadcast\plugins\libstream_out_rtp_plugin.dll
2010-01-08 02:41 . 2010-01-08 02:41 15896 ----a-w- c:\program files\Veetle\VLCBroadcast\plugins\libstream_out_standard_plugin.dll
2010-01-08 02:41 . 2010-01-08 02:41 54296 ----a-w- c:\program files\Veetle\VLCBroadcast\plugins\libstream_out_transcode_plugin.dll
2010-01-08 02:41 . 2010-01-08 02:41 19480 ----a-w- c:\program files\Veetle\VLCBroadcast\plugins\libsubsdec_plugin.dll
2010-01-08 02:41 . 2010-01-08 02:41 22552 ----a-w- c:\program files\Veetle\VLCBroadcast\plugins\libsubtitle_plugin.dll
2010-01-08 02:41 . 2010-01-08 02:41 13336 ----a-w- c:\program files\Veetle\VLCBroadcast\plugins\libsvcdsub_plugin.dll
2010-01-08 02:41 . 2010-01-08 02:41 16408 ----a-w- c:\program files\Veetle\VLCBroadcast\plugins\libtelnet_plugin.dll
2010-01-08 02:41 . 2010-01-08 02:41 17432 ----a-w- c:\program files\Veetle\VLCBroadcast\plugins\libtelx_plugin.dll
2010-01-08 02:41 . 2010-01-08 02:41 196120 ----a-w- c:\program files\Veetle\VLCBroadcast\plugins\libtheora_plugin.dll
2010-01-08 02:41 . 2010-01-08 02:41 13336 ----a-w- c:\program files\Veetle\VLCBroadcast\plugins\libtime_plugin.dll
2010-01-08 02:41 . 2010-01-08 02:41 15384 ----a-w- c:\program files\Veetle\VLCBroadcast\plugins\libtransform_plugin.dll
2010-01-08 02:41 . 2010-01-08 02:41 10264 ----a-w- c:\program files\Veetle\VLCBroadcast\plugins\libtrivial_channel_mixer_plugin.dll
2010-01-08 02:41 . 2010-01-08 02:41 9240 ----a-w- c:\program files\Veetle\VLCBroadcast\plugins\libtrivial_mixer_plugin.dll
2010-01-08 02:41 . 2010-01-08 02:41 8728 ----a-w- c:\program files\Veetle\VLCBroadcast\plugins\libtrivial_resampler_plugin.dll
2010-01-08 02:41 . 2010-01-08 02:41 87576 ----a-w- c:\program files\Veetle\VLCBroadcast\plugins\libts_plugin.dll
2010-01-08 02:41 . 2010-01-08 02:41 12312 ----a-w- c:\program files\Veetle\VLCBroadcast\plugins\libtta_plugin.dll
2010-01-08 02:41 . 2010-01-08 02:41 115224 ----a-w- c:\program files\Veetle\VLCBroadcast\plugins\libtwolame_plugin.dll
2010-01-08 02:41 . 2010-01-08 02:41 19480 ----a-w- c:\program files\Veetle\VLCBroadcast\plugins\libty_plugin.dll
2010-01-08 02:41 . 2010-01-08 02:41 9240 ----a-w- c:\program files\Veetle\VLCBroadcast\plugins\libu8tofixed32_plugin.dll
2010-01-08 02:41 . 2010-01-08 02:41 9240 ----a-w- c:\program files\Veetle\VLCBroadcast\plugins\libu8tofloat32_plugin.dll
2010-01-08 02:41 . 2010-01-08 02:41 9240 ----a-w- c:\program files\Veetle\VLCBroadcast\plugins\libugly_resampler_plugin.dll
2010-01-08 02:41 . 2010-01-08 02:41 25112 ----a-w- c:\program files\Veetle\VLCBroadcast\plugins\libvcd_plugin.dll
2010-01-08 02:41 . 2010-01-08 02:41 30744 ----a-w- c:\program files\Veetle\VLCBroadcast\plugins\libvisual_plugin.dll
2010-01-08 02:41 . 2010-01-08 02:41 18456 ----a-w- c:\program files\Veetle\VLCBroadcast\plugins\libvobsub_plugin.dll
2010-01-08 02:41 . 2010-01-08 02:41 13848 ----a-w- c:\program files\Veetle\VLCBroadcast\plugins\libvoc_plugin.dll
2010-01-08 02:41 . 2010-01-08 02:41 30744 ----a-w- c:\program files\Veetle\VLCBroadcast\plugins\libvod_rtsp_plugin.dll
2010-01-08 02:41 . 2010-01-08 02:41 1173528 ----a-w- c:\program files\Veetle\VLCBroadcast\plugins\libvorbis_plugin.dll
2010-01-08 02:41 . 2010-01-08 02:41 43544 ----a-w- c:\program files\Veetle\VLCBroadcast\plugins\libvout_directx_plugin.dll
2010-01-08 02:41 . 2010-01-08 02:41 17944 ----a-w- c:\program files\Veetle\VLCBroadcast\plugins\libwall_plugin.dll
2010-01-08 02:41 . 2010-01-08 02:41 18456 ----a-w- c:\program files\Veetle\VLCBroadcast\plugins\libwaveout_plugin.dll
2010-01-08 02:41 . 2010-01-08 02:41 14872 ----a-w- c:\program files\Veetle\VLCBroadcast\plugins\libwav_plugin.dll
2010-01-08 02:41 . 2010-01-08 02:41 19480 ----a-w- c:\program files\Veetle\VLCBroadcast\plugins\libwingdi_plugin.dll
2010-01-08 02:41 . 2010-01-08 02:41 2770968 ----a-w- c:\program files\Veetle\VLCBroadcast\plugins\libwxwidgets_plugin.dll
2010-01-08 02:41 . 2010-01-08 02:41 513048 ----a-w- c:\program files\Veetle\VLCBroadcast\plugins\libx264_plugin.dll
2010-01-08 02:41 . 2010-01-08 02:41 10264 ----a-w- c:\program files\Veetle\VLCBroadcast\plugins\libxa_plugin.dll
2010-01-08 02:41 . 2010-01-08 02:41 1173016 ----a-w- c:\program files\Veetle\VLCBroadcast\plugins\libxml_plugin.dll
2010-01-08 02:41 . 2010-01-08 02:41 14872 ----a-w- c:\program files\Veetle\VLCBroadcast\plugins\libxtag_plugin.dll
2010-01-08 02:41 . 2010-01-08 02:41 15896 ----a-w- c:\program files\Veetle\VLCBroadcast\plugins\libcinepak_plugin.dll
2010-01-08 02:41 . 2010-01-08 02:41 13848 ----a-w- c:\program files\Veetle\VLCBroadcast\plugins\libclone_plugin.dll
2010-01-08 02:41 . 2010-01-08 02:41 27672 ----a-w- c:\program files\Veetle\VLCBroadcast\plugins\libcmml_plugin.dll
2010-01-08 02:41 . 2010-01-08 02:41 14872 ----a-w- c:\program files\Veetle\VLCBroadcast\plugins\libcrop_plugin.dll
2010-01-08 02:41 . 2010-01-08 02:41 13848 ----a-w- c:\program files\Veetle\VLCBroadcast\plugins\libcvdsub_plugin.dll
2010-01-08 02:41 . 2010-01-08 02:41 36376 ----a-w- c:\program files\Veetle\VLCBroadcast\plugins\libdeinterlace_plugin.dll
2010-01-08 02:41 . 2010-01-08 02:41 10264 ----a-w- c:\program files\Veetle\VLCBroadcast\plugins\libdemuxdump_plugin.dll
2010-01-08 02:41 . 2010-01-08 02:41 35352 ----a-w- c:\program files\Veetle\VLCBroadcast\plugins\libdirect3d_plugin.dll
2010-01-08 02:41 . 2010-01-08 02:41 26648 ----a-w- c:\program files\Veetle\VLCBroadcast\plugins\libdistort_plugin.dll
2010-01-08 02:41 . 2010-01-08 02:41 25624 ----a-w- c:\program files\Veetle\VLCBroadcast\plugins\libdmo_plugin.dll
2010-01-08 02:41 . 2010-01-08 02:41 12824 ----a-w- c:\program files\Veetle\VLCBroadcast\plugins\libdolby_surround_decoder_plugin.dll
2010-01-08 02:41 . 2010-01-08 02:41 120856 ----a-w- c:\program files\Veetle\VLCBroadcast\plugins\libdshow_plugin.dll
2010-01-08 02:41 . 2010-01-08 02:41 11288 ----a-w- c:\program files\Veetle\VLCBroadcast\plugins\libdtssys_plugin.dll
2010-01-08 02:41 . 2010-01-08 02:41 151064 ----a-w- c:\program files\Veetle\VLCBroadcast\plugins\libdtstofloat32_plugin.dll
2010-01-08 02:41 . 2010-01-08 02:41 9752 ----a-w- c:\program files\Veetle\VLCBroadcast\plugins\libdtstospdif_plugin.dll
2010-01-08 02:41 . 2010-01-08 02:41 14872 ----a-w- c:\program files\Veetle\VLCBroadcast\plugins\libdts_plugin.dll
2010-01-08 02:41 . 2010-01-08 02:41 18456 ----a-w- c:\program files\Veetle\VLCBroadcast\plugins\libdummy_plugin.dll
2010-01-08 02:41 . 2010-01-08 02:41 107544 ----a-w- c:\program files\Veetle\VLCBroadcast\plugins\libdvbsub_plugin.dll
2010-01-08 02:41 . 2010-01-08 02:41 207384 ----a-w- c:\program files\Veetle\VLCBroadcast\plugins\libdvdnav_plugin.dll
2010-01-08 02:41 . 2010-01-08 02:41 136728 ----a-w- c:\program files\Veetle\VLCBroadcast\plugins\libdvdread_plugin.dll
2010-01-08 02:41 . 2010-01-08 02:41 20504 ----a-w- c:\program files\Veetle\VLCBroadcast\plugins\libequalizer_plugin.dll
2010-01-08 02:41 . 2010-01-08 02:41 13848 ----a-w- c:\program files\Veetle\VLCBroadcast\plugins\libexport_plugin.dll
2010-01-08 02:41 . 2010-01-08 02:41 292888 ----a-w- c:\program files\Veetle\VLCBroadcast\plugins\libfaad_plugin.dll
2010-01-08 02:41 . 2010-01-08 02:41 12312 ----a-w- c:\program files\Veetle\VLCBroadcast\plugins\libfake_plugin.dll
2010-01-08 02:41 . 2010-01-08 02:41 4216344 ----a-w- c:\program files\Veetle\VLCBroadcast\plugins\libffmpeg_plugin.dll
2010-01-08 02:41 . 2010-01-08 02:41 9752 ----a-w- c:\program files\Veetle\VLCBroadcast\plugins\libfixed32tofloat32_plugin.dll
2010-01-08 02:41 . 2010-01-08 02:41 9240 ----a-w- c:\program files\Veetle\VLCBroadcast\plugins\libfixed32tos16_plugin.dll
2010-01-08 02:41 . 2010-01-08 02:41 207384 ----a-w- c:\program files\Veetle\VLCBroadcast\plugins\libflacdec_plugin.dll
2010-01-08 02:41 . 2010-01-08 02:41 11288 ----a-w- c:\program files\Veetle\VLCBroadcast\plugins\libflac_plugin.dll
2010-01-08 02:41 . 2010-01-08 02:41 9240 ----a-w- c:\program files\Veetle\VLCBroadcast\plugins\libfloat32tos16_plugin.dll
2010-01-08 02:41 . 2010-01-08 02:41 10264 ----a-w- c:\program files\Veetle\VLCBroadcast\plugins\libfloat32tos8_plugin.dll
2010-01-08 02:41 . 2010-01-08 02:41 10776 ----a-w- c:\program files\Veetle\VLCBroadcast\plugins\libfloat32tou16_plugin.dll
2010-01-08 02:41 . 2010-01-08 02:41 10264 ----a-w- c:\program files\Veetle\VLCBroadcast\plugins\libfloat32tou8_plugin.dll
2010-01-08 02:41 . 2010-01-08 02:41 10264 ----a-w- c:\program files\Veetle\VLCBroadcast\plugins\libfloat32_mixer_plugin.dll
2010-01-08 02:41 . 2010-01-08 02:41 482840 ----a-w- c:\program files\Veetle\VLCBroadcast\plugins\libfreetype_plugin.dll
2010-01-08 02:41 . 2010-01-08 02:41 11800 ----a-w- c:\program files\Veetle\VLCBroadcast\plugins\libgestures_plugin.dll
2010-01-08 02:41 . 2010-01-08 02:41 24600 ----a-w- c:\program files\Veetle\VLCBroadcast\plugins\libglwin32_plugin.dll
2010-01-08 02:41 . 2010-01-08 02:41 1059352 ----a-w- c:\program files\Veetle\VLCBroadcast\plugins\libgnutls_plugin.dll
2010-01-08 02:41 . 2010-01-08 02:41 210456 ----a-w- c:\program files\Veetle\VLCBroadcast\plugins\libgoom_plugin.dll
2010-01-08 02:41 . 2010-01-08 02:41 12312 ----a-w- c:\program files\Veetle\VLCBroadcast\plugins\libgrowl_plugin.dll
2010-01-08 02:41 . 2010-01-08 02:41 11288 ----a-w- c:\program files\Veetle\VLCBroadcast\plugins\libh264_plugin.dll
2010-01-08 02:41 . 2010-01-08 02:41 13848 ----a-w- c:\program files\Veetle\VLCBroadcast\plugins\libheadphone_channel_mixer_plugin.dll
2010-01-08 02:41 . 2010-01-08 02:41 22552 ----a-w- c:\program files\Veetle\VLCBroadcast\plugins\libhotkeys_plugin.dll
2010-01-08 02:41 . 2010-01-08 02:41 87064 ----a-w- c:\program files\Veetle\VLCBroadcast\plugins\libhttp_plugin.dll
2010-01-08 02:41 . 2010-01-08 02:41 30744 ----a-w- c:\program files\Veetle\VLCBroadcast\plugins\libi420_rgb_plugin.dll
2010-01-08 02:41 . 2010-01-08 02:41 8216 ----a-w- c:\program files\Veetle\VLCBroadcast\plugins\libi420_ymga_plugin.dll
2010-01-08 02:41 . 2010-01-08 02:41 11288 ----a-w- c:\program files\Veetle\VLCBroadcast\plugins\libi420_yuy2_plugin.dll
2010-01-08 02:41 . 2010-01-08 02:41 10264 ----a-w- c:\program files\Veetle\VLCBroadcast\plugins\libi422_yuy2_plugin.dll
2010-01-08 02:41 . 2010-01-08 02:41 116760 ----a-w- c:\program files\Veetle\VLCBroadcast\plugins\libid3tag_plugin.dll
2010-01-08 02:41 . 2010-01-08 02:41 12824 ----a-w- c:\program files\Veetle\VLCBroadcast\plugins\libimage_plugin.dll
2010-01-08 02:41 . 2010-01-08 02:41 11800 ----a-w- c:\program files\Veetle\VLCBroadcast\plugins\libinvert_plugin.dll
2010-01-08 02:41 . 2010-01-08 02:41 14360 ----a-w- c:\program files\Veetle\VLCBroadcast\plugins\libipv4_plugin.dll
2010-01-08 02:41 . 2010-01-08 02:41 12312 ----a-w- c:\program files\Veetle\VLCBroadcast\plugins\libipv6_plugin.dll
2010-01-08 02:41 . 2010-01-08 02:41 113688 ----a-w- c:\program files\Veetle\VLCBroadcast\plugins\liblibmpeg2_plugin.dll
2010-01-08 02:41 . 2010-01-08 02:41 11800 ----a-w- c:\program files\Veetle\VLCBroadcast\plugins\liblinear_resampler_plugin.dll
2010-01-08 02:41 . 2010-01-08 02:41 14872 ----a-w- c:\program files\Veetle\VLCBroadcast\plugins\liblogger_plugin.dll
2010-01-08 02:41 . 2010-01-08 02:41 22552 ----a-w- c:\program files\Veetle\VLCBroadcast\plugins\liblogo_plugin.dll
2010-01-08 02:41 . 2010-01-08 02:41 10776 ----a-w- c:\program files\Veetle\VLCBroadcast\plugins\liblpcm_plugin.dll
2010-01-08 02:41 . 2010-01-08 02:41 14872 ----a-w- c:\program files\Veetle\VLCBroadcast\plugins\libm3u_plugin.dll
2010-01-08 02:41 . 2010-01-08 02:41 10264 ----a-w- c:\program files\Veetle\VLCBroadcast\plugins\libm4a_plugin.dll
2010-01-08 02:41 . 2010-01-08 02:41 10264 ----a-w- c:\program files\Veetle\VLCBroadcast\plugins\libm4v_plugin.dll
2010-01-08 02:41 . 2010-01-08 02:41 20504 ----a-w- c:\program files\Veetle\VLCBroadcast\plugins\libmagnify_plugin.dll
2010-01-08 02:41 . 2010-01-08 02:41 14360 ----a-w- c:\program files\Veetle\VLCBroadcast\plugins\libmarq_plugin.dll
2010-01-08 02:41 . 2010-01-08 02:41 8728 ----a-w- c:\program files\Veetle\VLCBroadcast\plugins\libmemcpy_plugin.dll
2010-01-08 02:41 . 2010-01-08 02:41 13848 ----a-w- c:\program files\Veetle\VLCBroadcast\plugins\libmjpeg_plugin.dll
2010-01-08 02:41 . 2010-01-08 02:41 941080 ----a-w- c:\program files\Veetle\VLCBroadcast\plugins\libmkv_plugin.dll
2010-01-08 02:41 . 2010-01-08 02:41 258072 ----a-w- c:\program files\Veetle\VLCBroadcast\plugins\libmod_plugin.dll
2010-01-08 02:41 . 2010-01-08 02:41 34840 ----a-w- c:\program files\Veetle\VLCBroadcast\plugins\libmosaic_plugin.dll
2010-01-08 02:41 . 2010-01-08 02:41 15384 ----a-w- c:\program files\Veetle\VLCBroadcast\plugins\libmotionblur_plugin.dll
2010-01-08 02:41 . 2010-01-08 02:41 14360 ----a-w- c:\program files\Veetle\VLCBroadcast\plugins\libmotiondetect_plugin.dll
2010-01-08 02:41 . 2010-01-08 02:41 142872 ----a-w- c:\program files\Veetle\VLCBroadcast\plugins\libmp4_plugin.dll
2010-01-08 02:41 . 2010-01-08 02:41 60952 ----a-w- c:\program files\Veetle\VLCBroadcast\plugins\libmpc_plugin.dll
2010-01-08 02:41 . 2010-01-08 02:41 14872 ----a-w- c:\program files\Veetle\VLCBroadcast\plugins\libmpeg_audio_plugin.dll
2010-01-08 02:41 . 2010-01-08 02:41 94232 ----a-w- c:\program files\Veetle\VLCBroadcast\plugins\libmpgatofixed32_plugin.dll
2010-01-08 02:41 . 2010-01-08 02:41 13848 ----a-w- c:\program files\Veetle\VLCBroadcast\plugins\libmpga_plugin.dll
2010-01-08 02:41 . 2010-01-08 02:41 10264 ----a-w- c:\program files\Veetle\VLCBroadcast\plugins\libmpgv_plugin.dll
2010-01-08 02:41 . 2010-01-08 02:41 11800 ----a-w- c:\program files\Veetle\VLCBroadcast\plugins\libmsn_plugin.dll
2010-01-08 02:41 . 2010-01-08 02:41 31768 ----a-w- c:\program files\Veetle\VLCBroadcast\plugins\libmux_asf_plugin.dll
2010-01-08 02:41 . 2010-01-08 02:41 24088 ----a-w- c:\program files\Veetle\VLCBroadcast\plugins\libmux_avi_plugin.dll
2010-01-08 02:41 . 2010-01-08 02:41 9752 ----a-w- c:\program files\Veetle\VLCBroadcast\plugins\libmux_dummy_plugin.dll
2010-01-08 02:41 . 2010-01-08 02:41 56856 ----a-w- c:\program files\Veetle\VLCBroadcast\plugins\libmux_mp4_plugin.dll
2010-01-08 02:41 . 2010-01-08 02:41 10776 ----a-w- c:\program files\Veetle\VLCBroadcast\plugins\libmux_mpjpeg_plugin.dll
2010-01-08 02:41 . 2010-01-08 02:41 27672 ----a-w- c:\program files\Veetle\VLCBroadcast\plugins\libmux_ogg_plugin.dll
2010-01-08 02:41 . 2010-01-08 02:41 64024 ----a-w- c:\program files\Veetle\VLCBroadcast\plugins\libmux_ps_plugin.dll
2010-01-08 02:41 . 2010-01-08 02:41 11288 ----a-w- c:\program files\Veetle\VLCBroadcast\plugins\libmux_wav_plugin.dll
2010-01-08 02:41 . 2010-01-08 02:41 12312 ----a-w- c:\program files\Veetle\VLCBroadcast\plugins\libnetsync_plugin.dll
2010-01-08 02:41 . 2010-01-08 02:41 11800 ----a-w- c:\program files\Veetle\VLCBroadcast\plugins\libnormvol_plugin.dll
2010-01-08 02:41 . 2010-01-08 02:41 12312 ----a-w- c:\program files\Veetle\VLCBroadcast\plugins\libnsc_plugin.dll
2010-01-08 02:41 . 2010-01-08 02:41 15384 ----a-w- c:\program files\Veetle\VLCBroadcast\plugins\libnsv_plugin.dll
2010-01-08 02:41 . 2010-01-08 02:41 13336 ----a-w- c:\program files\Veetle\VLCBroadcast\plugins\libntservice_plugin.dll
2010-01-08 02:41 . 2010-01-08 02:41 17944 ----a-w- c:\program files\Veetle\VLCBroadcast\plugins\libnuv_plugin.dll
2010-01-08 02:41 . 2010-01-08 02:41 39960 ----a-w- c:\program files\Veetle\VLCBroadcast\plugins\libogg_plugin.dll
2010-01-08 02:41 . 2010-01-08 02:41 16408 ----a-w- c:\program files\Veetle\VLCBroadcast\plugins\libopengl_plugin.dll
2010-01-08 02:41 . 2010-01-08 02:41 13848 ----a-w- c:\program files\Veetle\VLCBroadcast\plugins\libosdmenu_plugin.dll
2010-01-08 02:41 . 2010-01-08 02:41 10776 ----a-w- c:\program files\Veetle\VLCBroadcast\plugins\libpacketizer_copy_plugin.dll
2010-01-08 02:41 . 2010-01-08 02:41 24088 ----a-w- c:\program files\Veetle\VLCBroadcast\plugins\libpacketizer_h264_plugin.dll
2010-01-08 02:41 . 2010-01-08 02:41 27160 ----a-w- c:\program files\Veetle\VLCBroadcast\plugins\libpacketizer_mpeg4audio_plugin.dll
2010-01-08 02:41 . 2010-01-08 02:41 17432 ----a-w- c:\program files\Veetle\VLCBroadcast\plugins\libpacketizer_mpeg4video_plugin.dll
2010-01-08 02:41 . 2010-01-08 02:41 14872 ----a-w- c:\program files\Veetle\VLCBroadcast\plugins\libpacketizer_mpegvideo_plugin.dll
2010-01-08 02:41 . 2010-01-08 02:41 13848 ----a-w- c:\program files\Veetle\VLCBroadcast\plugins\libparam_eq_plugin.dll
2010-01-08 02:41 . 2010-01-08 02:41 48152 ----a-w- c:\program files\Veetle\VLCBroadcast\plugins\libplaylist_plugin.dll
2010-01-08 02:41 . 2010-01-08 02:41 10776 ----a-w- c:\program files\Veetle\VLCBroadcast\plugins\liba52sys_plugin.dll
2010-01-08 02:41 . 2010-01-08 02:41 42520 ----a-w- c:\program files\Veetle\VLCBroadcast\plugins\liba52tofloat32_plugin.dll
2010-01-08 02:41 . 2010-01-08 02:41 8728 ----a-w- c:\program files\Veetle\VLCBroadcast\plugins\liba52tospdif_plugin.dll
2010-01-08 02:41 . 2010-01-08 02:41 12824 ----a-w- c:\program files\Veetle\VLCBroadcast\plugins\liba52_plugin.dll
2010-01-08 02:41 . 2010-01-08 02:41 15384 ----a-w- c:\program files\Veetle\VLCBroadcast\plugins\libaccess_directory_plugin.dll
2010-01-08 02:41 . 2010-01-08 02:41 11288 ----a-w- c:\program files\Veetle\VLCBroadcast\plugins\libaccess_fake_plugin.dll
2010-01-08 02:41 . 2010-01-08 02:41 14360 ----a-w- c:\program files\Veetle\VLCBroadcast\plugins\libaccess_file_plugin.dll
2010-01-08 02:41 . 2010-01-08 02:41 12824 ----a-w- c:\program files\Veetle\VLCBroadcast\plugins\libaccess_filter_dump_plugin.dll
2010-01-08 02:41 . 2010-01-08 02:41 13336 ----a-w- c:\program files\Veetle\VLCBroadcast\plugins\libaccess_filter_record_plugin.dll
2010-01-08 02:41 . 2010-01-08 02:41 14360 ----a-w- c:\program files\Veetle\VLCBroadcast\plugins\libaccess_filter_timeshift_plugin.dll
2010-01-08 02:41 . 2010-01-08 02:41 17432 ----a-w- c:\program files\Veetle\VLCBroadcast\plugins\libaccess_ftp_plugin.dll
2010-01-08 02:41 . 2010-01-08 02:41 29208 ----a-w- c:\program files\Veetle\VLCBroadcast\plugins\libaccess_http_plugin.dll
2010-01-08 02:41 . 2010-01-08 02:41 47640 ----a-w- c:\program files\Veetle\VLCBroadcast\plugins\libaccess_mms_plugin.dll
2010-01-08 02:41 . 2010-01-08 02:41 8728 ----a-w- c:\program files\Veetle\VLCBroadcast\plugins\libaccess_output_dummy_plugin.dll
2010-01-08 02:41 . 2010-01-08 02:41 11800 ----a-w- c:\program files\Veetle\VLCBroadcast\plugins\libaccess_output_file_plugin.dll
2010-01-08 02:41 . 2010-01-08 02:41 12824 ----a-w- c:\program files\Veetle\VLCBroadcast\plugins\libaccess_output_http_plugin.dll
2010-01-08 02:41 . 2010-01-08 02:41 474648 ----a-w- c:\program files\Veetle\VLCBroadcast\plugins\libaccess_output_shout_plugin.dll
2010-01-08 02:41 . 2010-01-08 02:41 16408 ----a-w- c:\program files\Veetle\VLCBroadcast\plugins\libaccess_output_udp_plugin.dll
2010-01-08 02:41 . 2010-01-08 02:41 47640 ----a-w- c:\program files\Veetle\VLCBroadcast\plugins\libaccess_realrtsp_plugin.dll
2010-01-08 02:41 . 2010-01-08 02:41 12312 ----a-w- c:\program files\Veetle\VLCBroadcast\plugins\libaccess_smb_plugin.dll
2010-01-08 02:41 . 2010-01-08 02:41 9752 ----a-w- c:\program files\Veetle\VLCBroadcast\plugins\libaccess_tcp_plugin.dll
2010-01-08 02:41 . 2010-01-08 02:41 14872 ----a-w- c:\program files\Veetle\VLCBroadcast\plugins\libaccess_udp_plugin.dll
2010-01-08 02:41 . 2010-01-08 02:41 19992 ----a-w- c:\program files\Veetle\VLCBroadcast\plugins\libadjust_plugin.dll
2010-01-08 02:41 . 2010-01-08 02:41 18968 ----a-w- c:\program files\Veetle\VLCBroadcast\plugins\libadpcm_plugin.dll
2010-01-08 02:41 . 2010-01-08 02:41 12824 ----a-w- c:\program files\Veetle\VLCBroadcast\plugins\libaiff_plugin.dll
2010-01-08 02:41 . 2010-01-08 02:41 20504 ----a-w- c:\program files\Veetle\VLCBroadcast\plugins\libaout_directx_plugin.dll
2010-01-08 02:41 . 2010-01-08 02:41 12312 ----a-w- c:\program files\Veetle\VLCBroadcast\plugins\libaout_file_plugin.dll
2010-01-08 02:41 . 2010-01-08 02:41 23576 ----a-w- c:\program files\Veetle\VLCBroadcast\plugins\libaraw_plugin.dll
2010-01-08 02:41 . 2010-01-08 02:41 52760 ----a-w- c:\program files\Veetle\VLCBroadcast\plugins\libasf_plugin.dll
2010-01-08 02:41 . 2010-01-08 02:41 38424 ----a-w- c:\program files\Veetle\VLCBroadcast\plugins\libaudio_format_plugin.dll
2010-01-08 02:41 . 2010-01-08 02:41 10776 ----a-w- c:\program files\Veetle\VLCBroadcast\plugins\libau_plugin.dll
2010-01-08 02:41 . 2010-01-08 02:41 61464 ----a-w- c:\program files\Veetle\VLCBroadcast\plugins\libavi_plugin.dll
2010-01-08 02:41 . 2010-01-08 02:41 25112 ----a-w- c:\program files\Veetle\VLCBroadcast\plugins\libbandlimited_resampler_plugin.dll
2010-01-08 02:41 . 2010-01-08 02:41 21016 ----a-w- c:\program files\Veetle\VLCBroadcast\plugins\libblend_plugin.dll
2010-01-08 02:41 . 2010-01-08 02:41 23576 ----a-w- c:\program files\Veetle\VLCBroadcast\plugins\libcaca_plugin.dll
2010-01-08 02:41 . 2010-01-08 02:41 26648 ----a-w- c:\program files\Veetle\VLCBroadcast\plugins\libcdda_plugin.dll
2010-01-08 02:41 . 2010-01-08 02:41 14360 ----a-w- c:\program files\Veetle\Player\plugins\libmpga_plugin.dll
2010-01-08 02:41 . 2010-01-08 02:41 10264 ----a-w- c:\program files\Veetle\Player\plugins\libmpgv_plugin.dll
2010-01-08 02:41 . 2010-01-08 02:41 11800 ----a-w- c:\program files\Veetle\Player\plugins\libnormvol_plugin.dll
2010-01-08 02:41 . 2010-01-08 02:41 12312 ----a-w- c:\program files\Veetle\Player\plugins\libnsc_plugin.dll
2010-01-08 02:41 . 2010-01-08 02:41 13848 ----a-w- c:\program files\Veetle\Player\plugins\libparam_eq_plugin.dll
2010-01-08 02:41 . 2010-01-08 02:41 47640 ----a-w- c:\program files\Veetle\Player\plugins\libplaylist_plugin.dll
2010-01-08 02:41 . 2010-01-08 02:41 10776 ----a-w- c:\program files\Veetle\Player\plugins\librawvideo_plugin.dll
2010-01-08 02:41 . 2010-01-08 02:41 47640 ----a-w- c:\program files\Veetle\Player\plugins\librc_plugin.dll
2010-01-08 02:41 . 2010-01-08 02:41 9240 ----a-w- c:\program files\Veetle\Player\plugins\librv32_plugin.dll
2010-01-08 02:41 . 2010-01-08 02:41 9240 ----a-w- c:\program files\Veetle\Player\plugins\libs16tofixed32_plugin.dll
2010-01-08 02:41 . 2010-01-08 02:41 9752 ----a-w- c:\program files\Veetle\Player\plugins\libs16tofloat32swab_plugin.dll
2010-01-08 02:41 . 2010-01-08 02:41 9752 ----a-w- c:\program files\Veetle\Player\plugins\libs16tofloat32_plugin.dll
2010-01-08 02:41 . 2010-01-08 02:41 9240 ----a-w- c:\program files\Veetle\Player\plugins\libs8tofloat32_plugin.dll
2010-01-08 02:41 . 2010-01-08 02:41 9240 ----a-w- c:\program files\Veetle\Player\plugins\libscale_plugin.dll
2010-01-08 02:41 . 2010-01-08 02:41 12824 ----a-w- c:\program files\Veetle\Player\plugins\libsgimb_plugin.dll
2010-01-08 02:41 . 2010-01-08 02:41 9752 ----a-w- c:\program files\Veetle\Player\plugins\libsimple_channel_mixer_plugin.dll
2010-01-08 02:41 . 2010-01-08 02:41 8728 ----a-w- c:\program files\Veetle\Player\plugins\libspdif_mixer_plugin.dll
2010-01-08 02:41 . 2010-01-08 02:41 15896 ----a-w- c:\program files\Veetle\Player\plugins\libspudec_plugin.dll
2010-01-08 02:41 . 2010-01-08 02:41 19480 ----a-w- c:\program files\Veetle\Player\plugins\libsubsdec_plugin.dll
2010-01-08 02:41 . 2010-01-08 02:41 22552 ----a-w- c:\program files\Veetle\Player\plugins\libsubtitle_plugin.dll
2010-01-08 02:41 . 2010-01-08 02:41 10264 ----a-w- c:\program files\Veetle\Player\plugins\libtrivial_channel_mixer_plugin.dll
2010-01-08 02:41 . 2010-01-08 02:41 9240 ----a-w- c:\program files\Veetle\Player\plugins\libtrivial_mixer_plugin.dll
2010-01-08 02:41 . 2010-01-08 02:41 9240 ----a-w- c:\program files\Veetle\Player\plugins\libtrivial_resampler_plugin.dll
2010-01-08 02:41 . 2010-01-08 02:41 9240 ----a-w- c:\program files\Veetle\Player\plugins\libu8tofixed32_plugin.dll
2010-01-08 02:41 . 2010-01-08 02:41 9240 ----a-w- c:\program files\Veetle\Player\plugins\libu8tofloat32_plugin.dll
2010-01-08 02:41 . 2010-01-08 02:41 9240 ----a-w- c:\program files\Veetle\Player\plugins\libugly_resampler_plugin.dll
2010-01-08 02:41 . 2010-01-08 02:41 43544 ----a-w- c:\program files\Veetle\Player\plugins\libvout_directx_plugin.dll
2010-01-08 02:41 . 2010-01-08 02:41 18456 ----a-w- c:\program files\Veetle\Player\plugins\libwaveout_plugin.dll
2010-01-08 02:41 . 2010-01-08 02:41 14872 ----a-w- c:\program files\Veetle\Player\plugins\libwav_plugin.dll
2010-01-08 02:41 . 2010-01-08 02:41 19480 ----a-w- c:\program files\Veetle\Player\plugins\libwingdi_plugin.dll
2010-01-08 02:41 . 2010-01-08 02:41 1131032 ----a-w- c:\program files\Veetle\Player\plugins\libxml_plugin.dll
2010-01-08 02:41 . 2010-01-08 02:41 15384 ----a-w- c:\program files\Veetle\Player\plugins\libaccess_directory_plugin.dll
2010-01-08 02:41 . 2010-01-08 02:41 14360 ----a-w- c:\program files\Veetle\Player\plugins\libaccess_file_plugin.dll
2010-01-08 02:41 . 2010-01-08 02:41 15896 ----a-w- c:\program files\Veetle\Player\plugins\libaccess_ftp_plugin.dll
2010-01-08 02:41 . 2010-01-08 02:41 29720 ----a-w- c:\program files\Veetle\Player\plugins\libaccess_http_plugin.dll
2010-01-08 02:41 . 2010-01-08 02:41 9752 ----a-w- c:\program files\Veetle\Player\plugins\libaccess_tcp_plugin.dll
2010-01-08 02:41 . 2010-01-08 02:41 15384 ----a-w- c:\program files\Veetle\Player\plugins\libaccess_udp_plugin.dll
2010-01-08 02:41 . 2010-01-08 02:41 18968 ----a-w- c:\program files\Veetle\Player\plugins\libadpcm_plugin.dll
2010-01-08 02:41 . 2010-01-08 02:41 20504 ----a-w- c:\program files\Veetle\Player\plugins\libaout_directx_plugin.dll
2010-01-08 02:41 . 2010-01-08 02:41 11800 ----a-w- c:\program files\Veetle\Player\plugins\libaraw_plugin.dll
2010-01-08 02:41 . 2010-01-08 02:41 52760 ----a-w- c:\program files\Veetle\Player\plugins\libasf_plugin.dll
2010-01-08 02:41 . 2010-01-08 02:41 38424 ----a-w- c:\program files\Veetle\Player\plugins\libaudio_format_plugin.dll
2010-01-08 02:41 . 2010-01-08 02:41 25112 ----a-w- c:\program files\Veetle\Player\plugins\libbandlimited_resampler_plugin.dll
2010-01-08 02:41 . 2010-01-08 02:41 21016 ----a-w- c:\program files\Veetle\Player\plugins\libblend_plugin.dll
2010-01-08 02:41 . 2010-01-08 02:41 13848 ----a-w- c:\program files\Veetle\Player\plugins\libclone_plugin.dll
2010-01-08 02:41 . 2010-01-08 02:41 15384 ----a-w- c:\program files\Veetle\Player\plugins\libcrop_plugin.dll
2010-01-08 02:41 . 2010-01-08 02:41 36376 ----a-w- c:\program files\Veetle\Player\plugins\libdeinterlace_plugin.dll
2010-01-08 02:41 . 2010-01-08 02:41 35352 ----a-w- c:\program files\Veetle\Player\plugins\libdirect3d_plugin.dll
2010-01-08 02:41 . 2010-01-08 02:41 18456 ----a-w- c:\program files\Veetle\Player\plugins\libdummy_plugin.dll
2010-01-08 02:41 . 2010-01-08 02:41 37400 ----a-w- c:\program files\Veetle\Player\plugins\libequalizer_plugin.dll
2010-01-08 02:41 . 2010-01-08 02:41 13336 ----a-w- c:\program files\Veetle\Player\plugins\libexport_plugin.dll
2010-01-08 02:41 . 2010-01-08 02:41 293912 ----a-w- c:\program files\Veetle\Player\plugins\libfaad_plugin.dll
2010-01-08 02:41 . 2010-01-08 02:41 4294168 ----a-w- c:\program files\Veetle\Player\plugins\libffmpeg_plugin.dll
2010-01-08 02:41 . 2010-01-08 02:41 9752 ----a-w- c:\program files\Veetle\Player\plugins\libfixed32tofloat32_plugin.dll
2010-01-08 02:41 . 2010-01-08 02:41 9240 ----a-w- c:\program files\Veetle\Player\plugins\libfixed32tos16_plugin.dll
2010-01-08 02:41 . 2010-01-08 02:41 9752 ----a-w- c:\program files\Veetle\Player\plugins\libfloat32tos16_plugin.dll
2010-01-08 02:41 . 2010-01-08 02:41 10264 ----a-w- c:\program files\Veetle\Player\plugins\libfloat32tos8_plugin.dll
2010-01-08 02:41 . 2010-01-08 02:41 10776 ----a-w- c:\program files\Veetle\Player\plugins\libfloat32tou16_plugin.dll
2010-01-08 02:41 . 2010-01-08 02:41 10776 ----a-w- c:\program files\Veetle\Player\plugins\libfloat32tou8_plugin.dll
2010-01-08 02:41 . 2010-01-08 02:41 10264 ----a-w- c:\program files\Veetle\Player\plugins\libfloat32_mixer_plugin.dll
2010-01-08 02:41 . 2010-01-08 02:41 482840 ----a-w- c:\program files\Veetle\Player\plugins\libfreetype_plugin.dll
2010-01-08 02:41 . 2010-01-08 02:41 25112 ----a-w- c:\program files\Veetle\Player\plugins\libglwin32_plugin.dll
2010-01-08 02:41 . 2010-01-08 02:41 10776 ----a-w- c:\program files\Veetle\Player\plugins\libh264_plugin.dll
2010-01-08 02:41 . 2010-01-08 02:41 13336 ----a-w- c:\program files\Veetle\Player\plugins\libheadphone_channel_mixer_plugin.dll
2010-01-08 02:41 . 2010-01-08 02:41 22552 ----a-w- c:\program files\Veetle\Player\plugins\libhotkeys_plugin.dll
2010-01-08 02:41 . 2010-01-08 02:41 30744 ----a-w- c:\program files\Veetle\Player\plugins\libi420_rgb_plugin.dll
2010-01-08 02:41 . 2010-01-08 02:41 8216 ----a-w- c:\program files\Veetle\Player\plugins\libi420_ymga_plugin.dll
2010-01-08 02:41 . 2010-01-08 02:41 11288 ----a-w- c:\program files\Veetle\Player\plugins\libi420_yuy2_plugin.dll
2010-01-08 02:41 . 2010-01-08 02:41 10264 ----a-w- c:\program files\Veetle\Player\plugins\libi422_yuy2_plugin.dll
2010-01-08 02:41 . 2010-01-08 02:41 12824 ----a-w- c:\program files\Veetle\Player\plugins\libimage_plugin.dll
2010-01-08 02:41 . 2010-01-08 02:41 13848 ----a-w- c:\program files\Veetle\Player\plugins\libipv4_plugin.dll
2010-01-08 02:41 . 2010-01-08 02:41 12312 ----a-w- c:\program files\Veetle\Player\plugins\libipv6_plugin.dll
2010-01-08 02:41 . 2010-01-08 02:41 12312 ----a-w- c:\program files\Veetle\Player\plugins\liblinear_resampler_plugin.dll
2010-01-08 02:41 . 2010-01-08 02:41 10776 ----a-w- c:\program files\Veetle\Player\plugins\liblpcm_plugin.dll
2010-01-08 02:41 . 2010-01-08 02:41 14872 ----a-w- c:\program files\Veetle\Player\plugins\libm3u_plugin.dll
2010-01-08 02:41 . 2010-01-08 02:41 10264 ----a-w- c:\program files\Veetle\Player\plugins\libm4a_plugin.dll
2010-01-08 02:41 . 2010-01-08 02:41 8728 ----a-w- c:\program files\Veetle\Player\plugins\libmemcpy_plugin.dll
2010-01-08 02:41 . 2010-01-08 02:41 140312 ----a-w- c:\program files\Veetle\Player\plugins\libmp4_plugin.dll
2010-01-08 02:41 . 2010-01-08 02:41 94232 ----a-w- c:\program files\Veetle\Player\plugins\libmpgatofixed32_plugin.dll
2010-01-08 02:00 . 2010-01-08 02:00 8069 ----a-w- c:\program files\Veetle\Player\AUTHORS.txt
2010-01-08 02:00 . 2010-01-08 02:00 18332 ----a-w- c:\program files\Veetle\Player\COPYING.txt
2010-01-08 02:00 . 2010-01-08 02:00 2736 ----a-w- c:\program files\Veetle\Player\MAINTAINERS.txt
2010-01-08 02:00 . 2010-01-08 02:00 11905 ----a-w- c:\program files\Veetle\Player\THANKS.txt
2009-07-08 00:16 . 2009-07-08 00:16 111 ----a-w- c:\program files\Veetle\Player\Veetle Website.url
2008-08-13 17:08 . 2008-08-13 17:08 606 ----a-w- c:\program files\Veetle\VLCBroadcast\vlc_encoder.exe.manifest
((((((((((((((((((((((((((((( SnapShot@2010-09-22_20.24.27 )))))))))))))))))))))))))))))))))))))))))
.
- 2009-10-02 12:12 . 2010-09-22 20:14 32768 c:\windows\ServiceProfiles\LocalService\AppData\Local\Temp\Temporary Internet Files\Content.IE5\index.dat
+ 2009-10-02 12:12 . 2010-09-22 21:09 32768 c:\windows\ServiceProfiles\LocalService\AppData\Local\Temp\Temporary Internet Files\Content.IE5\index.dat
- 2009-10-02 12:12 . 2010-09-22 20:14 16384 c:\windows\ServiceProfiles\LocalService\AppData\Local\Temp\History\History.IE5\index.dat
+ 2009-10-02 12:12 . 2010-09-22 21:09 16384 c:\windows\ServiceProfiles\LocalService\AppData\Local\Temp\History\History.IE5\index.dat
+ 2009-10-02 12:12 . 2010-09-22 21:09 16384 c:\windows\ServiceProfiles\LocalService\AppData\Local\Temp\Cookies\index.dat
- 2009-10-02 12:12 . 2010-09-22 20:14 16384 c:\windows\ServiceProfiles\LocalService\AppData\Local\Temp\Cookies\index.dat
+ 2009-09-30 11:26 . 2010-09-22 21:09 32768 c:\windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
- 2009-09-30 11:26 . 2010-09-22 20:14 32768 c:\windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
.
(((((((((((((((((((((((((((( Autostartpunkte der Registrierung ))))))))))))))))))))))))))))))))))))))))
.
.
*Hinweis* leere Einträge & legitime Standardeinträge werden nicht angezeigt.
REGEDIT4
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Power2GoExpress"="NA" [X]
"{EB31E8EB-2A84-7984-E0CB-B9A575D30B4E}"="c:\users\***\AppData\Roaming\Qievq\kumy.exe" [BU]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"avgnt"="c:\program files\Avira\AntiVir Desktop\avgnt.exe" [2009-03-02 209153]
"SoundMAXPnP"="c:\program files\Analog Devices\Core\smax4pnp.exe" [2009-10-05 1167360]
"MagicKeyboard"="c:\programme\SAMSUNG\MagicKBD\PreMKBD.exe" [2005-04-11 151552]
"RemoteControl"="c:\programme\CyberLink\PowerDVD\PDVDServ.exe" [2004-11-02 32768]
"snpstd3"="c:\windows\vsnpstd3.exe" [2006-09-19 827392]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2009-01-30 13605408]
"NvMediaCenter"="c:\windows\system32\NvMcTray.dll" [2009-01-30 92704]
"Start WingMan Profiler"="c:\program files\Logitech\Gaming Software\LWEMon.exe" [2010-05-05 153672]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2010-06-20 35760]
"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2010-06-09 976832]
c:\users\***\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
RMClock.lnk - c:\program files\rmclock_235_bin\RMClockLauncher.exe [2010-3-13 61440]
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 0 (0x0)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableLUA"= 0 (0x0)
"EnableUIADesktopToggle"= 0 (0x0)
"PromptOnSecureDesktop"= 0 (0x0)
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
"RequireSignedAppInit_DLLs"=1 (0x1)
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\FreePDF Assistant]
2007-06-26 18:27 312320 ----a-w- c:\program files\FreePDF_XP\fpassist.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched]
2009-09-30 16:09 149280 ----a-w- c:\program files\Java\jre6\bin\jusched.exe
R2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384]
R3 zlportio;zlportio;c:\program files\UltraStar Deluxe\zlportio.sys [x]
S2 Akamai;Akamai NetSession Interface;c:\windows\System32\svchost.exe [2009-07-14 20992]
S2 AntiVirSchedulerService;Avira AntiVir Planer;c:\program files\Avira\AntiVir Desktop\sched.exe [2009-05-13 108289]
S2 DOSMEMIO;MEMIO;c:\windows\system32\MEMIO.SYS [2000-08-24 4300]
S3 netw5v32;Intel(R) Wireless WiFi Link 5000-Serie - Adaptertreiber für Windows Vista 32 Bit;c:\windows\system32\DRIVERS\netw5v32.sys [2009-07-13 4231168]
--- Andere Dienste/Treiber im Speicher ---
*Deregistered* - RTCore32
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
Akamai REG_MULTI_SZ Akamai
.
.
------- Zusätzlicher Suchlauf -------
.
uInternet Settings,ProxyServer = localhost:8080
FF - ProfilePath - c:\users\***\AppData\Roaming\Mozilla\Firefox\Profiles\htu48s4n.test\
FF - prefs.js: browser.startup.homepage - hxxp://www.sueddeutsche.de/
FF - component: c:\users\***\AppData\Roaming\Mozilla\Firefox\Profiles\htu48s4n.test\extensions\piclens@cooliris.com\components\coolirisstub.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\np-mswmp.dll
FF - plugin: c:\program files\Opera\program\plugins\nppl3260.dll
FF - plugin: c:\program files\Opera\program\plugins\nprpjplug.dll
FF - plugin: c:\program files\Veetle\Player\npvlc.dll
FF - plugin: c:\program files\Veetle\plugins\npVeetle.dll
FF - plugin: c:\program files\Veetle\VLCBroadcast\npvbp.dll
FF - plugin: c:\program files\Windows Live\Photo Gallery\NPWLPG.dll
FF - plugin: c:\users\***\AppData\Roaming\Mozilla\Firefox\Profiles\htu48s4n.test\extensions\piclens@cooliris.com\plugins\npcoolirisplugin.dll
---- FIREFOX Richtlinien ----
FF - user.js: network.cookie.cookieBehavior - 0
FF - user.js: privacy.clearOnShutdown.cookies - false
FF - user.js: security.warn_viewing_mixed - false
FF - user.js: security.warn_viewing_mixed.show_once - false
FF - user.js: security.warn_submit_insecure - false
FF - user.js: security.warn_submit_insecure.show_once - false
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgbaam7a8h", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgberp4a5d4ar", true);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled", false);
.
.
--------------------- Gesperrte Registrierungsschluessel ---------------------
[HKEY_USERS\S-1-5-21-3475587674-3369065116-2635668132-1000\Software\SecuROM\!CAUTION! NEVER A OR CHANGE ANY KEY*]
"??"=hex:c5,88,1c,df,d7,02,ca,cc,19,6a,49,b8,f0,f5,95,f1,89,9d,c6,eb,32,cc,53,
2c,bb,31,ad,4d,54,5a,62,39,0a,bf,51,fc,ab,93,1b,db,79,13,70,df,20,42,00,08,\
"??"=hex:36,d0,30,fc,82,1f,e9,19,8f,0d,23,9d,ad,f6,db,62
[HKEY_USERS\S-1-5-21-3475587674-3369065116-2635668132-1000\Software\SecuROM\License information*]
"datasecu"=hex:af,d7,f9,bf,f6,ef,15,0f,88,1b,9f,ec,d1,3d,2e,07,33,1a,80,cd,82,
62,2a,4e,ba,6c,21,c4,84,73,4b,c1,4f,c9,e9,b5,1d,5f,62,ed,ab,6c,26,c8,94,05,\
"rkeysecu"=hex:12,77,f9,0e,ed,2a,56,d9,2c,ce,87,2a,c9,83,01,38
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
"MSCurrentCountry"=dword:000000b5
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0001\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0002\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0003\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0004\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0005\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
Zeit der Fertigstellung: 2010-09-22 23:16:15
ComboFix-quarantined-files.txt 2010-09-22 21:16
ComboFix2.txt 2010-09-22 20:26
Vor Suchlauf: 14 Verzeichnis(se), 17.242.677.248 Bytes frei
Nach Suchlauf: 15 Verzeichnis(se), 17.185.177.600 Bytes frei
- - End Of File - - 97D416ABA879F0C16BDFF82EA5FF0C68
|
|
22.09.2010, 22:39
| #14 |
| /// Winkelfunktion /// TB-Süch-Tiger™ | Ungewolltes automatisches Herunterfahren in Windows 7 Ok. Bitte nun Logs mit GMER und OSAM erstellen und posten. GMER stürzt häufiger ab, wenn das Tool auch beim 2. Mal nicht will, lass es einfach weg und führ nur OSAM aus Anschließend den bootkit_remover herunterladen. Entpacke das Tool in einen eigenen Ordner auf dem Desktop und führe in diesem Ordner die Datei remove.exe aus. Wenn Du Windows Vista oder Windows 7 verwendest, musst Du die remover.exe über ein Rechtsklick => als Administrator ausführen Ein schwarzes Fenster wird sich öffnen und automatisch nach bösartigen Veränderungen im MBR suchen. Poste dann bitte, ob es Veränderungen gibt und wenn ja in welchem device. Am besten alles posten was die remover.exe ausgibt.
__________________ Logfiles bitte immer in CODE-Tags posten |
|
22.09.2010, 23:01
| #15 |
| | Ungewolltes automatisches Herunterfahren in Windows 7 Du sagst, dass GMER "häufiger abstürzt". Ist damit ein BlueScreen gemeint oder nur ein Programmabsturz? Ich hatte grad einen Bluescreen während des Scans... Ich versuche es dann morgen nochmal. |
|
| Themen zu Ungewolltes automatisches Herunterfahren in Windows 7 |
| adblock, adobe, akamai, antivir, audiograbber, automatisch, avgntflt.sys, avira, bho, components, corp./icp, defender, device driver, down, error, explorer, extras.txt, fehler, firefox, firefox.exe, flash player, fontcache, format, helper, herunterfahren, hijack, hijackthis, install.exe, jdownloader, langs, local\temp, location, media center, mozilla, mozilla thunderbird, need for speed, nvlddmkm.sys, nvstor.sys, otl.exe, otl.txt, problem, programdata, registry, rundll, saver, schattenkopien, sched.exe, searchplugins, security, shell32.dll, software, staropen, start menu, studio, synology, taskhost.exe, temp, vlc media player, webcheck, windows, windows 7 |
Linear-Darstellung
