| |
| |||||||
Plagegeister aller Art und deren Bekämpfung: winlogon.exe nicht in Windows/System 32Windows 7 Wenn Du nicht sicher bist, ob Du dir Malware oder Trojaner eingefangen hast, erstelle hier ein Thema. Ein Experte wird sich mit weiteren Anweisungen melden und Dir helfen die Malware zu entfernen oder Unerwünschte Software zu deinstallieren bzw. zu löschen. Bitte schildere dein Problem so genau wie möglich. Sollte es ein Trojaner oder Viren Problem sein wird ein Experte Dir bei der Beseitigug der Infektion helfen. |
 |
06.10.2010, 15:51
| #1 |
| |  winlogon.exe nicht in Windows/System 32 Hallo euch allen das Thema gibt es schon aber da ich dort keine Berechtigung habe mache ich ein neues auf. Ich hab die Winlogon.EXE In C:\Dokumente und Einstellungen\Anwendungsdaten. Bitte routinemäßig einen Vollscan mit Malwarebytes machen und Log posten. Denk daran, dass Malwarebytes vor jedem Scan manuell aktualisiert werden muss! Danach OTL: Systemscan mit OTL Lade Dir bitte OTL von Oldtimer herunter und speichere es auf Deinem Desktop * Doppelklick auf die OTL.exe * Vista User: Rechtsklick auf die OTL.exe und "als Administrator ausführen" wählen * Oben findest Du ein Kästchen mit Output. Wähle bitte Minimal Output * Unter Extra Registry, wähle bitte Use SafeList * Klicke nun auf Run Scan links oben * Wenn der Scan beendet wurde werden 2 Logfiles erstellt * Poste die Logfiles hier in den Thread. ______________________________________________________________________________________________________________________________________________________ ______________________________________ Dies habe ich durchgeführt bzw bin noch dabei Ergebnisee folgen. So hier das Log File von Malwarebytes Malwarebytes' Anti-Malware 1.46 Malwarebytes Datenbank Version: 4754 Windows 6.1.7601 Service Pack 1, v.178 Internet Explorer 9.0.7930.16406 06.10.2010 16:54:25 mbam-log-2010-10-06 (16-54-25).txt Art des Suchlaufs: Quick-Scan Durchsuchte Objekte: 146984 Laufzeit: 4 Minute(n), 1 Sekunde(n) Infizierte Speicherprozesse: 0 Infizierte Speichermodule: 0 Infizierte Registrierungsschlüssel: 2 Infizierte Registrierungswerte: 4 Infizierte Dateiobjekte der Registrierung: 0 Infizierte Verzeichnisse: 0 Infizierte Dateien: 1 Infizierte Speicherprozesse: (Keine bösartigen Objekte gefunden) Infizierte Speichermodule: (Keine bösartigen Objekte gefunden) Infizierte Registrierungsschlüssel: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{son4l6k8-3f67-h8k6-o0n8-ki77rutf17p6} (Generic.Bot.H) -> Quarantined and deleted successfully. HKEY_CURRENT_USER\SOFTWARE\Cerberus (Backdoor.Trace) -> Quarantined and deleted successfully. Infizierte Registrierungswerte: HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\cerberus (Trojan.Agent) -> Quarantined and deleted successfully. HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run\cerberus (Trojan.Agent) -> Quarantined and deleted successfully. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\cerberus (Trojan.Agent) -> Quarantined and deleted successfully. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run\cerberus (Trojan.Agent) -> Quarantined and deleted successfully. Infizierte Dateiobjekte der Registrierung: (Keine bösartigen Objekte gefunden) Infizierte Verzeichnisse: (Keine bösartigen Objekte gefunden) Infizierte Dateien: C:\Users\Administrator\AppData\Roaming\WinLogon.exe (Generic.Bot.H) -> Quarantined and deleted successfully. ______________________________________________________________________________________________________________________________________________________ _________________________________________ Rest vom OTL folgt sofort. So hier 1 Logfile von OTL EXTRASOTL Logfile: Code:
ATTFilter OTL Extras logfile created on: 06.10.2010 17:01:39 - Run 2
OTL by OldTimer - Version 3.2.14.1 Folder = C:\Users\Administrator\Desktop
64bit- Ultimate Edition Service Pack 1, v.178 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.0.7930.16406)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
8,00 Gb Total Physical Memory | 7,00 Gb Available Physical Memory | 82,00% Memory free
16,00 Gb Paging File | 14,00 Gb Available in Paging File | 90,00% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 100,59 Gb Total Space | 42,00 Gb Free Space | 41,75% Space Free | Partition Type: NTFS
Drive D: | 298,09 Gb Total Space | 78,55 Gb Free Space | 26,35% Space Free | Partition Type: NTFS
Drive E: | 100,59 Gb Total Space | 95,57 Gb Free Space | 95,01% Space Free | Partition Type: NTFS
Drive F: | 100,59 Gb Total Space | 47,91 Gb Free Space | 47,63% Space Free | Partition Type: NTFS
Drive G: | 629,75 Gb Total Space | 531,18 Gb Free Space | 84,35% Space Free | Partition Type: NTFS
H: Drive not present or media not loaded
Drive I: | 5,96 Gb Total Space | 0,00 Gb Free Space | 0,00% Space Free | Partition Type: UDF
Computer Name: PRIVAT-PC
Current User Name: Administrator
Logged in as Administrator.
Current Boot Mode: Normal
Scan Mode: Current user
Include 64bit Scans
Company Name Whitelist: Off
Skip Microsoft Files: Off
File Age = 30 Days
Output = Minimal
========== Extra Registry (SafeList) ==========
========== File Associations ==========
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- C:\Windows\SysWow64\control.exe (Microsoft Corporation)
[HKEY_CURRENT_USER\SOFTWARE\Classes\<extension>]
.html [@ = FirefoxHTML] -- C:\Program Files (x86)\Mozilla Firefox\firefox.exe (Mozilla Corporation)
========== Shell Spawning ==========
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %* File not found
cmdfile [open] -- "%1" %* File not found
comfile [open] -- "%1" %* File not found
exefile [open] -- "%1" %* File not found
helpfile [open] -- Reg Error: Key error.
htmlfile [edit] -- "C:\Program Files\Microsoft Office\Office14\msohtmed.exe" %1 (Microsoft Corporation)
htmlfile [print] -- "C:\Program Files\Microsoft Office\Office14\msohtmed.exe" /p %1 (Microsoft Corporation)
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
InternetShortcut [print] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\mshtml.dll",PrintHTML "%1" (Microsoft Corporation)
piffile [open] -- "%1" %* File not found
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1" File not found
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l (Microsoft Corporation)
scrfile [open] -- "%1" /S File not found
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1 File not found
Directory [AddToPlaylistVLC] -- "e:\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" ()
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [PlayWithVLC] -- "e:\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" ()
Directory [Winamp.Bookmark] -- "C:\Program Files (x86)\Winamp\winamp.exe" /BOOKMARK "%1" (Nullsoft, Inc.)
Directory [Winamp.Enqueue] -- "C:\Program Files (x86)\Winamp\winamp.exe" /ADD "%1" (Nullsoft, Inc.)
Directory [Winamp.Play] -- "C:\Program Files (x86)\Winamp\winamp.exe" "%1" (Nullsoft, Inc.)
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
htmlfile [edit] -- "C:\Program Files\Microsoft Office\Office14\msohtmed.exe" %1 (Microsoft Corporation)
htmlfile [print] -- "C:\Program Files\Microsoft Office\Office14\msohtmed.exe" /p %1 (Microsoft Corporation)
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
InternetShortcut [print] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\mshtml.dll",PrintHTML "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l (Microsoft Corporation)
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [AddToPlaylistVLC] -- "e:\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" ()
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [PlayWithVLC] -- "e:\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" ()
Directory [Winamp.Bookmark] -- "C:\Program Files (x86)\Winamp\winamp.exe" /BOOKMARK "%1" (Nullsoft, Inc.)
Directory [Winamp.Enqueue] -- "C:\Program Files (x86)\Winamp\winamp.exe" /ADD "%1" (Nullsoft, Inc.)
Directory [Winamp.Play] -- "C:\Program Files (x86)\Winamp\winamp.exe" "%1" (Nullsoft, Inc.)
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
========== Security Center Settings ==========
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"VistaSp1" = 28 4D B2 76 41 04 CA 01 [binary data]
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
========== Firewall Settings ==========
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"DisableNotifications" = 0
"EnableFirewall" = 0
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"DisableNotifications" = 0
"EnableFirewall" = 0
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"DisableNotifications" = 0
"EnableFirewall" = 0
========== Authorized Applications List ==========
========== HKEY_LOCAL_MACHINE Uninstall List ==========
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{071c9b48-7c32-4621-a0ac-3f809523288f}" = Microsoft Visual C++ 2005 Redistributable (x64)
"{0E3DAF3D-FF69-345A-A99E-1FED304CA083}" = Microsoft .NET Framework 4 Client Profile DEU Language Pack
"{104FB32A-7CE3-4C4B-B2AA-70C613FF9DFA}" = iTunes
"{1199FAD5-9546-44f3-81CF-FFDB8040B7BF}_CNQ2412" = CanoScan LiDE 90
"{1444D2EE-C7AD-44A8-844F-2634B49353D1}" = Logitech Gaming Software 5.10
"{23170F69-40C1-2702-0465-000001000000}" = 7-Zip 4.65 (x64 edition)
"{33EB1061-ABF1-4470-A540-32E97A610536}" = Apple Mobile Device Support
"{3D3E663D-4E7E-4577-A560-7ECDDD45548A}" = PVSonyDll
"{41BF0DE4-5BAE-4B88-AFD3-86A30B222186}" = Bonjour
"{6ce5bae9-d3ca-4b99-891a-1dc6c118a5fc}" = Microsoft Visual C++ 2005 Redistributable (x64)
"{8220EEFE-38CD-377E-8595-13398D740ACE}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17
"{90140000-0011-0000-1000-0000000FF1CE}" = Microsoft Office Professional Plus 2010
"{90140000-0015-0407-1000-0000000FF1CE}" = Microsoft Office Access MUI (German) 2010
"{90140000-0016-0407-1000-0000000FF1CE}" = Microsoft Office Excel MUI (German) 2010
"{90140000-0018-0407-1000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (German) 2010
"{90140000-0019-0407-1000-0000000FF1CE}" = Microsoft Office Publisher MUI (German) 2010
"{90140000-001A-0407-1000-0000000FF1CE}" = Microsoft Office Outlook MUI (German) 2010
"{90140000-001B-0407-1000-0000000FF1CE}" = Microsoft Office Word MUI (German) 2010
"{90140000-001F-0407-1000-0000000FF1CE}" = Microsoft Office Proof (German) 2010
"{90140000-001F-0409-1000-0000000FF1CE}" = Microsoft Office Proof (English) 2010
"{90140000-001F-040C-1000-0000000FF1CE}" = Microsoft Office Proof (French) 2010
"{90140000-001F-0410-1000-0000000FF1CE}" = Microsoft Office Proof (Italian) 2010
"{90140000-002C-0407-1000-0000000FF1CE}" = Microsoft Office Proofing (German) 2010
"{90140000-0043-0000-1000-0000000FF1CE}" = Microsoft Office Office 32-bit Components 2010
"{90140000-0043-0407-1000-0000000FF1CE}" = Microsoft Office Shared 32-bit MUI (German) 2010
"{90140000-0044-0407-1000-0000000FF1CE}" = Microsoft Office InfoPath MUI (German) 2010
"{90140000-006E-0407-1000-0000000FF1CE}" = Microsoft Office Shared MUI (German) 2010
"{90140000-00A1-0407-1000-0000000FF1CE}" = Microsoft Office OneNote MUI (German) 2010
"{90140000-00BA-0407-1000-0000000FF1CE}" = Microsoft Office Groove MUI (German) 2010
"{95120000-00B9-0409-1000-0000000FF1CE}" = Microsoft Application Error Reporting
"{A1E85B9A-AFAD-4D38-AF01-6B020DD5213A}" = Logitech GamePanel Software 3.06.109
"{B6E3757B-5E77-3915-866A-CCFC4B8D194C}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x64 8.0.50727.4053
"{D0795B21-0CDA-4a92-AB9E-6E92D8111E44}" = SAMSUNG USB Driver for Mobile Phones
"{D285FC5F-3021-32E9-9C59-24CA325BDC5C}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729
"{E520EB70-A071-4A1A-9BD2-B28CC6D9DB22}" = O&O CleverCache
"{EE936C7A-EA40-31D5-9B65-8E3E089C3828}" = Microsoft Visual C++ 2008 ATL Update kb973924 - x64 9.0.30729.4148
"{F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4}" = Microsoft .NET Framework 4 Client Profile
"CANONIJINBOXADDON100" = Canon Inkjet Printer Driver Add-On Module
"cFosSpeed" = cFosSpeed v6.02
"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile
"Microsoft .NET Framework 4 Client Profile DEU Language Pack" = Microsoft .NET Framework 4 Client Profile DEU Language Pack
"NVIDIA Display Control Panel" = NVIDIA Display Control Panel
"NVIDIA Drivers" = NVIDIA Drivers
"Office14.PROPLUS" = Microsoft Office Professional Plus 2010
"WinRAR archiver" = WinRAR
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{08C8666B-C502-4AB3-B4CB-D74AC42D14FE}" = Nero BackItUp 10 Help (CHM)
"{090B5A39-32DD-431D-A978-3163C950AF6E}" = PROMT Professional 9.0 German Giant Trial
"{1148E85C-E1AF-48E0-A29C-68DACE07E054}" = Pro Evolution Soccer 2011
"{16987E99-C95C-4513-9239-7B44A0A71DB5}" = Nero SoundTrax 10 Help (CHM)
"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
"{1F7FB68F-52F6-46A3-B42F-38CE46295AE5}" = Nero MediaHub 10
"{205C6BDD-7B73-42DE-8505-9A093F35A238}" = Windows Live-Uploadtool
"{22B775E7-6C42-4FC5-8E10-9A5E3257BD94}" = MSVCRT
"{237CCB62-8454-43E3-B158-3ACD0134852E}" = High-Definition Video Playback 10
"{2436F2A8-4B7E-4B6C-AE4E-604C84AA6A4F}" = Nero Core Components 10
"{277C1559-4CF7-44FF-8D07-98AA9C13AABD}" = Nero Multimedia Suite 10
"{283FFB23-8751-4B08-ACB8-5E0F8BCF7727}" = Pro Evolution Soccer 2010
"{28A8E12A-D73B-4580-84CC-51B6DDBD8C21}" = Aion
"{2E1A71D5-7897-4F3F-B0E3-B412C86A646D}" = Need for Speed™ ProStreet
"{3175E049-F9A9-4A3D-8F19-AC9FB04514D1}" = Windows Live Communications Platform
"{329411A0-19F3-4740-874F-17400B126F27}" = Nero Vision 10 Help (CHM)
"{33643918-7957-4839-92C7-EA96CB621A98}" = Nero Express 10 Help (CHM)
"{34490F4E-48D0-492E-8249-B48BECF0537C}" = Nero DiscSpeed 10
"{388E4B09-3E71-4649-8921-F44A3A2954A7}" = Microsoft Visual Studio 2005 Tools for Office Runtime
"{434D0831-3E0C-4D03-A5D4-5E1000008400}" = F1 2010
"{4EA2F95F-A537-4d17-9E7F-6B3FF8D9BBE3}" = Microsoft Works
"{523B2B1B-D8DB-4B41-90FF-C4D799E2758A}" = Nero ControlCenter 10 Help (CHM)
"{52B97218-98CB-4B8B-9283-D213C85E1AA4}" = Windows Live Anmelde-Assistent
"{54FC6F76-AF49-40D4-A74F-83DF45DE9629}" = Winamp Pro
"{555868C6-49FB-484F-BB43-8980651A1B00}" = Nero BurnRights 10 Help (CHM)
"{5B4383F2-37EE-4E97-AD81-F5FF76F286DA}" = OutlookAddInNet3Setup
"{63AA3EAB-23BB-48B2-9AD0-44F878075604}" = Nero 10 Menu TemplatePack Basic
"{65BB0407-4CC8-4DC7-952E-3EEFDF05602A}" = Nero Update
"{66049135-9659-4AAD-9169-9CCA269EBB3E}" = Nero InfoTool 10 Help (CHM)
"{68AB6930-5BFF-4FF6-923B-516A91984FE6}" = Nero BackItUp 10
"{6956856F-B6B3-4BE0-BA0B-8F495BE32033}" = Apple Software Update
"{6AFCA4E1-9B78-3640-8F72-A7BF33448200}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729
"{6DFB899F-17A2-48F0-A533-ED8D6866CF38}" = Nero Control Center 10
"{70550193-1C22-445C-8FA4-564E155DB1A7}" = Nero Express 10
"{7299052b-02a4-4627-81f2-1818da5d550d}" = Microsoft Visual C++ 2005 Redistributable
"{7A295D8F-484B-4FFB-89AB-C1FD497591FE}" = Nero WaveEditor 10 Help (CHM)
"{7A5D731D-B4B3-490E-B339-75685712BAAB}" = Nero Burning ROM 10
"{837b34e3-7c30-493c-8f6a-2b0f04e2912c}" = Microsoft Visual C++ 2005 Redistributable
"{8833FFB6-5B0C-4764-81AA-06DFEED9A476}" = Realtek Ethernet Controller Driver For Windows 7
"{8A809006-C25A-4A3A-9DAB-94659BCDB107}" = NVIDIA PhysX
"{8EA79DBF-D637-448A-89D6-410A087A4493}" = Samsung_MonSetup
"{8ECEC853-5C3D-4B10-B5C7-FF11FF724807}" = Nero Recode 10
"{8FB1B528-E260-451E-9B55-E9152F94B80B}" = Microsoft Games for Windows - LIVE Redistributable
"{90024193-9F13-4877-89D5-A1CDF0CBBF28}" = Feedback Tool
"{92E25238-61A3-4ACD-A407-3C480EEF47A7}" = Nero RescueAgent 10 Help (CHM)
"{943CFD7D-5336-47AF-9418-E02473A5A517}" = Nero BurnRights 10
"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
"{9A4297F3-2A51-4ED9-92CA-4BCB8380947E}" = Nero Vision 10
"{9B6B24BE-80E7-46C4-9FA5-B167D5E0F345}" = Nero BurningROM 10 Help (CHM)
"{A49F249F-0C91-497F-86DF-B2585E8E76B7}" = Microsoft Visual C++ 2005 Redistributable
"{AC76BA86-1033-F400-7760-000000000003}" = Adobe Acrobat 8 Professional - English, Français, Deutsch
"{AED2DD42-9853-407E-A6BC-8A1D6B715909}" = Windows Live Messenger
"{B99CB207-4704-4C51-9309-0FA90AA26DD4}" = ROCCAT Kone[+] Mouse Driver
"{BEE64C14-BEF1-4610-8A68-A16EAA47B882}" = Futuremark SystemInfo
"{C18A0418-442A-4186-AF98-D08F5054A2FC}" = Nero DiscSpeed 10 Help (CHM)
"{C3273C55-E1E4-41FF-8D69-0158090DB8D8}" = Nero CoverDesigner 10 Help (CHM)
"{C3580AC4-C827-4332-B935-9A282ED5BB97}" = Nero Dolby Files 10
"{C40C3C3D-97CF-44B5-836C-766E374464B3}" = 3DMark Vantage
"{C9FB868B-2086-4EE2-BD4F-BFBA36B131F4}" = NCsoft Launcher
"{CAFA57E8-8927-4912-AFCF-B0AA3837E989}" = Windows Live Essentials
"{CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}" = Microsoft .NET Framework 1.1
"{D2041A37-5FEC-49F0-AE5C-3F2FFDFAA4F4}" = Windows Live Call
"{D24DB8B9-BB6C-4334-9619-BA1C650E13D3}" = Microsoft Primary Interoperability Assemblies 2005
"{D2FCA41E-AC01-4DCD-B3A7-DC9E32363065}}_is1" = Rapture3D 2.4.4 Game
"{D6CD26FD-CD7F-4C86-96A3-EEBFABE5FE47}" = Kies
"{DAEAFD68-BB4A-4507-A241-C8804D2EA66D}" = Apple Application Support
"{DB7C1D4A-08BA-4C7E-A8AA-B7F9BB372DCF}" = Nero Recode 10 Help (CHM)
"{E1EE5339-5D32-458F-BAAB-B19F6301BCE2}" = Nero SoundTrax 10
"{E337E787-CF61-4B7B-B84F-509202A54023}" = Nero RescueAgent 10
"{E63E34A7-E552-412B-9E40-FD6FC5227ABA}_is1" = Uniblue RegistryBooster
"{E7004147-2CCA-431C-AA05-2AB166B9785D}" = QuickTime
"{E871FF1A-D7A0-420D-9A47-B78AFD8B16AA}" = PES 2010 Editor
"{EDCDFAD5-DF80-4600-A493-E9DAD6810230}" = Nero WaveEditor 10
"{F0E12BBA-AD66-4022-A453-A1C8A0C4D570}" = Microsoft Choice Guard
"{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver
"{F412B4AF-388C-4FF5-9B2F-33DB1C536953}" = Nero InfoTool 10
"{F467862A-D9CA-47ED-8D81-B4B3C9399272}" = Nero MediaHub 10 Help (CHM)
"{F5CB822F-B365-43D1-BCC0-4FDA1A2017A7}" = Nero 10 Movie ThemePack Basic
"{F6117F9C-ADB5-4590-9BE4-12C7BEC28702}" = Nero StartSmart 10 Help (CHM)
"{F61D489E-6C44-49AC-AD02-7DA8ACA73A65}" = Nero StartSmart 10
"{F97E3841-CA9D-4964-9D64-26066241D26F}" = Microsoft Games for Windows - LIVE
"{FCF00A6E-FB58-477A-ABE9-232907105521}" = Nero CoverDesigner 10
"4f6dcc3b-179d-4b1b-80f0-b6083a0b3ce6_is1" = DER HERR DER RINGE ONLINE: Die Minen Von Moria v02.01.03.4020
"Adobe Acrobat 8 Professional - English, Français, Deutsch" = Adobe Acrobat 8.1.3 Professional
"Adobe Flash Player ActiveX" = Adobe Flash Player 10 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 10 Plugin
"Akamai" = Akamai NetSession Interface
"Browser Defender_is1" = Browser Defender 3.0
"Collectorz.com Movie Collector" = Collectorz.com Movie Collector
"DVDFab 7_is1" = DVDFab 7.0.9.0 (30/07/2010)
"GFWL_{434D0831-3E0C-4D03-A5D4-5E1000008400}" = F1 2010
"HijackThis" = HijackThis 2.0.2
"InstallShield_{149464D9-B06F-4505-9968-FD1206F67AD3}" = Call of Duty(R) - World at War(TM) 1.3 Patch
"InstallShield_{20962D9D-D7B9-4AEE-B72B-5C9A45A1B402}" = Call of Duty(R) - World at War(TM) 1.6 Patch
"InstallShield_{2BF0AE92-C3BC-4112-9066-1546342B1FAE}" = Call of Duty(R) - World at War(TM) 1.2 Patch
"InstallShield_{3521F7CF-9343-4C1F-AE5E-0D2A57A18D2B}" = Call of Duty(R) - World at War(TM) 1.5 Patch
"InstallShield_{97EE1BAC-C04F-4935-8110-B1BBAB99D09D}" = Call of Duty(R) - World at War(TM) 1.4.1 Patch
"InstallShield_{CC862A04-B2B0-4A79-ADD2-4B76D6CF4DCD}" = Call of Duty(R) - World at War(TM) 1.4 Patch
"InstallShield_{D6CD26FD-CD7F-4C86-96A3-EEBFABE5FE47}" = Kies
"InstallShield_{E237FA24-CFB3-431F-B356-DF8FB116DE4B}" = Call of Duty(R) - World at War(TM) 1.7 Patch
"LHTTSFRF" = L&H TTS3000 Français
"LHTTSGED" = L&H TTS3000 Deutsch
"LHTTSRUR" = L&H TTS3000 Russian
"LHTTSSPE" = L&H TTS3000 Español
"Malwarebytes' Anti-Malware_is1" = Malwarebytes' Anti-Malware
"Microsoft .NET Framework 1.1 (1033)" = Microsoft .NET Framework 1.1
"Microsoft Visual Studio 2005 Tools for Office Runtime" = Visual Studio 2005 Tools for Office Second Edition Runtime
"Mozilla Firefox (3.6.10)" = Mozilla Firefox (3.6.10)
"MP Navigator EX 1.0" = Canon MP Navigator EX 1.0
"mv61xxDriver" = marvell 61xx
"NAVIGON Fresh" = NAVIGON Fresh 3.2.0
"NVIDIAStereo" = NVIDIA Stereoscopic 3D Driver
"OpenAL" = OpenAL
"Spyware Doctor" = PC Tools Internet Security 8.0
"StarCraft II" = StarCraft II
"tv_enua" = Lernout & Hauspie TruVoice American English TTS Engine
"UltraISO_is1" = UltraISO Premium V9.36
"VLC media player" = VLC media player 1.1.3
"WinLiveSuite_Wave3" = Windows Live Essentials
========== HKEY_CURRENT_USER Uninstall List ==========
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"BitTorrent DNA" = DNA
"Winamp Detect" = Winamp Erkennungs-Plug-in
========== Last 10 Event Log Errors ==========
[ Application Events ]
Error - 02.10.2010 11:52:04 | Computer Name = Privat-PC | Source = SideBySide | ID = 16842824
Description = Fehler beim Generieren des Aktivierungskontextes für "E:\PRMT9\SMARTOOLX\SmartoolX.PowerPointAddin.dll.Manifest".
Fehler in Manifest- oder Richtliniendatei "E:\PRMT9\SMARTOOLX\SmartoolX.PowerPointAddin.dll.Manifest"
in Zeile 4. Das asmv2:clrClassInvocation-Element wird als untergeordnetes Element
des urn:schemas-microsoft-com:asm.v1^entryPoint-Elements angezeigt, das von dieser
Windows-Version nicht unterstützt wird.
Error - 03.10.2010 11:36:15 | Computer Name = Privat-PC | Source = SideBySide | ID = 16842824
Description = Fehler beim Generieren des Aktivierungskontextes für "E:\PRMT9\SMARTOOLX\SmartoolX.OutlookAddin.dll.Manifest".
Fehler in Manifest- oder Richtliniendatei "E:\PRMT9\SMARTOOLX\SmartoolX.OutlookAddin.dll.Manifest"
in Zeile 4. Das asmv2:clrClassInvocation-Element wird als untergeordnetes Element
des urn:schemas-microsoft-com:asm.v1^entryPoint-Elements angezeigt, das von dieser
Windows-Version nicht unterstützt wird.
Error - 03.10.2010 11:36:24 | Computer Name = Privat-PC | Source = SideBySide | ID = 16842824
Description = Fehler beim Generieren des Aktivierungskontextes für "E:\PRMT9\SMARTOOLX\SmartoolX.WordAddin.dll.Manifest".
Fehler in Manifest- oder Richtliniendatei "E:\PRMT9\SMARTOOLX\SmartoolX.WordAddin.dll.Manifest"
in Zeile 4. Das asmv2:clrClassInvocation-Element wird als untergeordnetes Element
des urn:schemas-microsoft-com:asm.v1^entryPoint-Elements angezeigt, das von dieser
Windows-Version nicht unterstützt wird.
Error - 03.10.2010 11:36:34 | Computer Name = Privat-PC | Source = SideBySide | ID = 16842824
Description = Fehler beim Generieren des Aktivierungskontextes für "E:\PRMT9\SMARTOOLX\SmartoolX.ExcelAddin.dll.Manifest".
Fehler in Manifest- oder Richtliniendatei "E:\PRMT9\SMARTOOLX\SmartoolX.ExcelAddin.dll.Manifest"
in Zeile 4. Das asmv2:clrClassInvocation-Element wird als untergeordnetes Element
des urn:schemas-microsoft-com:asm.v1^entryPoint-Elements angezeigt, das von dieser
Windows-Version nicht unterstützt wird.
Error - 03.10.2010 11:36:58 | Computer Name = Privat-PC | Source = SideBySide | ID = 16842824
Description = Fehler beim Generieren des Aktivierungskontextes für "E:\PRMT9\SMARTOOLX\SmartoolX.PowerPointAddin.dll.Manifest".
Fehler in Manifest- oder Richtliniendatei "E:\PRMT9\SMARTOOLX\SmartoolX.PowerPointAddin.dll.Manifest"
in Zeile 4. Das asmv2:clrClassInvocation-Element wird als untergeordnetes Element
des urn:schemas-microsoft-com:asm.v1^entryPoint-Elements angezeigt, das von dieser
Windows-Version nicht unterstützt wird.
Error - 05.10.2010 13:15:35 | Computer Name = Privat-PC | Source = Application Error | ID = 1000
Description = Name der fehlerhaften Anwendung: leecher.exe, Version: 5.1.1.150,
Zeitstempel: 0x4bb65475 Name des fehlerhaften Moduls: KERNELBASE.dll, Version: 6.1.7601.16562,
Zeitstempel: 0x4c08af4d Ausnahmecode: 0x0eedfade Fehleroffset: 0x0000b727 ID des fehlerhaften
Prozesses: 0xc5c Startzeit der fehlerhaften Anwendung: 0x01cb64b08add2b55 Pfad der
fehlerhaften Anwendung: G:\Loader\sft-loader_2010_alpha\leecher.exe Pfad des fehlerhaften
Moduls: C:\Windows\syswow64\KERNELBASE.dll Berichtskennung: 2a442423-d0a4-11df-95b8-00261800a901
Error - 05.10.2010 13:50:24 | Computer Name = Privat-PC | Source = Application Error | ID = 1000
Description = Name der fehlerhaften Anwendung: leecher.exe, Version: 4.4.5.108,
Zeitstempel: 0x2a425e19 Name des fehlerhaften Moduls: ntdll.dll, Version: 6.1.7601.16562,
Zeitstempel: 0x4c08aeac Ausnahmecode: 0xc0000028 Fehleroffset: 0x00090695 ID des fehlerhaften
Prozesses: 0x814 Startzeit der fehlerhaften Anwendung: 0x01cb64b4f971a9dd Pfad der
fehlerhaften Anwendung: C:\Users\Administrator\Downloads\sft-loader_2009_final\leecher.exe
Pfad
des fehlerhaften Moduls: C:\Windows\SysWOW64\ntdll.dll Berichtskennung: 0799d9a2-d0a9-11df-b230-00261800a901
Error - 06.10.2010 09:54:13 | Computer Name = Privat-PC | Source = Bonjour Service | ID = 100
Description = 676: ERROR: read_msg errno 10054 (Eine vorhandene Verbindung wurde
vom Remotehost geschlossen.)
Error - 06.10.2010 09:59:10 | Computer Name = Privat-PC | Source = Application Hang | ID = 1002
Description = Programm OTL.exe, Version 3.2.14.1 kann nicht mehr unter Windows ausgeführt
werden und wurde beendet. Überprüfen Sie den Problemverlauf in der Wartungscenter-Systemsteuerung,
um nach weiteren Informationen zum Problem zu suchen. Prozess-ID: 184c Startzeit:
01cb655e4dcb5e5d Endzeit: 3 Anwendungspfad: C:\Users\Administrator\Downloads\OTL.exe
Berichts-ID:
Error - 06.10.2010 10:32:34 | Computer Name = Privat-PC | Source = Application Error | ID = 1000
Description = Name der fehlerhaften Anwendung: pctsSvc.exe, Version: 7.0.0.131,
Zeitstempel: 0x4c7ac978 Name des fehlerhaften Moduls: KERNELBASE.dll, Version: 6.1.7601.16562,
Zeitstempel: 0x4c08af4d Ausnahmecode: 0xc0000005 Fehleroffset: 0x0002e86c ID des fehlerhaften
Prozesses: 0xba0 Startzeit der fehlerhaften Anwendung: 0x01cb6563423ffd6b Pfad der
fehlerhaften Anwendung: e:\PC Tools Security\pctsSvc.exe Pfad des fehlerhaften Moduls:
C:\Windows\syswow64\KERNELBASE.dll Berichtskennung: 8e73a544-d156-11df-a5d3-00261800a901
[ System Events ]
Error - 06.10.2010 09:41:52 | Computer Name = Privat-PC | Source = Service Control Manager | ID = 7026
Description = Das Laden folgender Boot- oder Systemstarttreiber ist fehlgeschlagen:
PxHelp20
Error - 06.10.2010 09:52:24 | Computer Name = Privat-PC | Source = Service Control Manager | ID = 7031
Description = Der Dienst "Apple Mobile Device" wurde unerwartet beendet. Dies ist
bereits 1 Mal vorgekommen. Folgende Korrekturmaßnahmen werden in 60000 Millisekunden
durchgeführt: Neustart des Diensts.
Error - 06.10.2010 10:32:08 | Computer Name = Privat-PC | Source = Service Control Manager | ID = 7000
Description = Der Dienst "KMService" wurde aufgrund folgenden Fehlers nicht gestartet:
%%3
Error - 06.10.2010 10:32:08 | Computer Name = Privat-PC | Source = Service Control Manager | ID = 7000
Description = Der Dienst "PnkBstrA" wurde aufgrund folgenden Fehlers nicht gestartet:
%%3
Error - 06.10.2010 10:32:09 | Computer Name = Privat-PC | Source = Service Control Manager | ID = 7023
Description = Der Dienst "Funktionssuche-Ressourcenveröffentlichung" wurde mit folgendem
Fehler beendet: %%-2147014847
Error - 06.10.2010 10:32:30 | Computer Name = Privat-PC | Source = Service Control Manager | ID = 7026
Description = Das Laden folgender Boot- oder Systemstarttreiber ist fehlgeschlagen:
PxHelp20
Error - 06.10.2010 10:33:49 | Computer Name = Privat-PC | Source = Service Control Manager | ID = 7034
Description = Dienst "PC Tools Security Service" wurde unerwartet beendet. Dies
ist bereits 1 Mal passiert.
Error - 06.10.2010 10:58:10 | Computer Name = Privat-PC | Source = Service Control Manager | ID = 7000
Description = Der Dienst "KMService" wurde aufgrund folgenden Fehlers nicht gestartet:
%%3
Error - 06.10.2010 10:58:10 | Computer Name = Privat-PC | Source = Service Control Manager | ID = 7000
Description = Der Dienst "PnkBstrA" wurde aufgrund folgenden Fehlers nicht gestartet:
%%3
Error - 06.10.2010 10:58:22 | Computer Name = Privat-PC | Source = Service Control Manager | ID = 7026
Description = Das Laden folgender Boot- oder Systemstarttreiber ist fehlgeschlagen:
PxHelp20
< End of report >
______________________________________________________________________________________________________________________________________________________ _________________________________________ 2 Logfile OTL OTL TXTOTL Logfile: Code:
ATTFilter OTL logfile created on: 06.10.2010 17:01:39 - Run 2 OTL by OldTimer - Version 3.2.14.1 Folder = C:\Users\Administrator\Desktop 64bit- Ultimate Edition Service Pack 1, v.178 (Version = 6.1.7601) - Type = NTWorkstation Internet Explorer (Version = 9.0.7930.16406) Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy 8,00 Gb Total Physical Memory | 7,00 Gb Available Physical Memory | 82,00% Memory free 16,00 Gb Paging File | 14,00 Gb Available in Paging File | 90,00% Paging File free Paging file location(s): ?:\pagefile.sys [binary data] %SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86) Drive C: | 100,59 Gb Total Space | 42,00 Gb Free Space | 41,75% Space Free | Partition Type: NTFS Drive D: | 298,09 Gb Total Space | 78,55 Gb Free Space | 26,35% Space Free | Partition Type: NTFS Drive E: | 100,59 Gb Total Space | 95,57 Gb Free Space | 95,01% Space Free | Partition Type: NTFS Drive F: | 100,59 Gb Total Space | 47,91 Gb Free Space | 47,63% Space Free | Partition Type: NTFS Drive G: | 629,75 Gb Total Space | 531,18 Gb Free Space | 84,35% Space Free | Partition Type: NTFS H: Drive not present or media not loaded Drive I: | 5,96 Gb Total Space | 0,00 Gb Free Space | 0,00% Space Free | Partition Type: UDF Computer Name: PRIVAT-PC Current User Name: Administrator Logged in as Administrator. Current Boot Mode: Normal Scan Mode: Current user Include 64bit Scans Company Name Whitelist: Off Skip Microsoft Files: Off File Age = 30 Days Output = Minimal ========== Processes (SafeList) ========== PRC - C:\Users\Administrator\Desktop\OTL.exe (OldTimer Tools) PRC - C:\Program Files (x86)\Mozilla Firefox\firefox.exe (Mozilla Corporation) PRC - C:\Program Files (x86)\Mozilla Firefox\plugin-container.exe (Mozilla Corporation) PRC - e:\PC Tools Security\BDT\BDTUpdateService.exe (Threat Expert Ltd.) PRC - E:\PC Tools Security\BDT\FGuard.exe (Threat Expert Ltd.) PRC - e:\RegistryBooster\rbmonitor.exe (Uniblue Systems Limited) PRC - C:\Program Files (x86)\ROCCAT\Kone[+] Mouse\Kone[+]Monitor.exe (ROCCAT GmbH) PRC - C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe (Apple Inc.) PRC - C:\Programme\Logitech\GamePanel Software\Applets\ColorOnly\LCDYT.exe (Logitech Inc.) PRC - C:\Programme\Logitech\GamePanel Software\Applets\ColorOnly\LCDWebCam.exe (Logitech Inc.) PRC - C:\Programme\Logitech\GamePanel Software\Applets\ColorOnly\LCDMovieViewer.exe (Logitech Inc.) PRC - C:\Programme\Logitech\GamePanel Software\Applets\LCDMedia.exe (Logitech Inc.) PRC - C:\Program Files (x86)\Windows Media Player\wmplayer.exe (Microsoft Corporation) PRC - e:\PC Tools Security\pctsAuxs.exe (PC Tools) PRC - E:\PRMT9\PrmtSvr.exe (PROMT Ltd.) PRC - e:\DAEMON Tools Pro\DTProShellHlp.exe (DT Soft Ltd) ========== Modules (SafeList) ========== MOD - C:\Users\Administrator\Desktop\OTL.exe (OldTimer Tools) MOD - C:\Windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.16562_none_41ebc47a2bd240fc\comctl32.dll (Microsoft Corporation) MOD - C:\Windows\SysWOW64\msscript.ocx (Microsoft Corporation) ========== Win32 Services (SafeList) ========== SRV:64bit: - (cFosSpeedS) -- C:\Program Files\cFosSpeed\spd.exe (cFos Software GmbH) SRV:64bit: - (dgdersvc) -- C:\Windows\SysNative\dgdersvc.exe (Devguru Co., Ltd.) SRV:64bit: - (UmRdpService) -- C:\Windows\SysNative\umrdp.dll (Microsoft Corporation) SRV:64bit: - (CscService) -- C:\Windows\SysNative\cscsvc.dll (Microsoft Corporation) SRV:64bit: - (Microsoft SharePoint Workspace Audit Service) -- C:\Program Files\Microsoft Office\Office14\GROOVE.EXE (Microsoft Corporation) SRV:64bit: - (ose64) -- C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE (Microsoft Corporation) SRV:64bit: - (PeerDistSvc) -- C:\Windows\SysNative\PeerDistSvc.dll (Microsoft Corporation) SRV:64bit: - (AppMgmt) -- C:\Windows\SysNative\appmgmts.dll (Microsoft Corporation) SRV - (Akamai) -- c:\program files (x86)\common files\akamai\netsession_win_062a651.dll () SRV - (dgdersvc) -- C:\Windows\SysWOW64\dgdersvc.exe (Devguru Co., Ltd.) SRV - (PnkBstrA) -- C:\Windows\SysWow64\PnkBstrA.exe () SRV - (Browser Defender Update Service) -- e:\PC Tools Security\BDT\BDTUpdateService.exe (Threat Expert Ltd.) SRV - (sdCoreService) -- e:\PC Tools Security\pctsSvc.exe (PC Tools) SRV - (ThreatFire) -- e:\PC Tools Security\TFEngine\TFService.exe (PC Tools) SRV - (Apple Mobile Device) -- C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe (Apple Inc.) SRV - (FLEXnet Licensing Service) -- C:\Program Files (x86)\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe (Macrovision Europe Ltd.) SRV - (Stereo Service) -- C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe (NVIDIA Corporation) SRV - (NAUpdate) -- C:\Program Files (x86)\Nero\Update\NASvc.exe (Nero AG) SRV - (clr_optimization_v4.0.30319_64) -- C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe (Microsoft Corporation) SRV - (clr_optimization_v4.0.30319_32) -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe (Microsoft Corporation) SRV - (sdAuxService) -- e:\PC Tools Security\pctsAuxs.exe (PC Tools) SRV - (O&O CleverCache) -- E:\CleverCache\ooccag.exe (O&O Software GmbH) SRV - (StarWindServiceAE) -- e:\Alcohol 120\StarWind\StarWindServiceAE.exe (Rocket Division Software) ========== Driver Services (SafeList) ========== DRV:64bit: - (VGPU) -- C:\Windows\SysNative\drivers\rdvgkmd.sys File not found DRV:64bit: - (tsusbhub) -- C:\Windows\SysNative\drivers\tsusbhub.sys File not found DRV:64bit: - (Synth3dVsc) -- C:\Windows\SysNative\drivers\synth3dvsc.sys File not found DRV:64bit: - (cFosSpeed) cFosSpeed for faster Internet connections (NDIS 6) -- C:\Windows\SysNative\drivers\cfosspeed6.sys (cFos Software GmbH) DRV:64bit: - (dgderdrv) -- C:\Windows\SysNative\drivers\dgderdrv.sys (Devguru Co., Ltd) DRV:64bit: - (TFsExDisk) -- C:\Windows\SysNative\drivers\TFsExDisk.sys (Teruten Inc) DRV:64bit: - (PCTFW-PacketFilter) -- C:\Windows\SysNative\drivers\pctNdis-PacketFilter64.sys (PC Tools) DRV:64bit: - (pctgntdi) -- C:\Windows\SysNative\drivers\pctgntdi64.sys (PC Tools) DRV:64bit: - (pctplfw) -- C:\Windows\SysNative\drivers\pctplfw64.sys (PC Tools) DRV:64bit: - (pctplsg) -- C:\Windows\SysNative\drivers\pctplsg64.sys (PC Tools) DRV:64bit: - (TfSysMon) -- C:\Windows\SysNative\drivers\TfSysMon.sys (PC Tools) DRV:64bit: - (TfFsMon) -- C:\Windows\SysNative\drivers\TfFsMon.sys (PC Tools) DRV:64bit: - (TfNetMon) -- C:\Windows\SysNative\drivers\TfNetMon.sys (PC Tools) DRV:64bit: - (PCTCore) -- C:\Windows\SysNative\drivers\PCTCore64.sys (PC Tools) DRV:64bit: - (pctNdisMP) -- C:\Windows\SysNative\drivers\pctNdis64.sys (PC Tools) DRV:64bit: - (pctNdis) -- C:\Windows\SysNative\drivers\pctNdis64.sys (PC Tools) DRV:64bit: - (pcouffin) -- C:\Windows\SysNative\drivers\pcouffin.sys (VSO Software) DRV:64bit: - (sptd) -- C:\Windows\SysNative\drivers\sptd.sys () DRV:64bit: - (pctEFA) -- C:\Windows\SysNative\drivers\pctEFA64.sys (PC Tools) DRV:64bit: - (pctDS) -- C:\Windows\SysNative\drivers\pctDS64.sys (PC Tools) DRV:64bit: - (vmbus) -- C:\Windows\SysNative\drivers\vmbus.sys (Microsoft Corporation) DRV:64bit: - (storflt) -- C:\Windows\SysNative\drivers\vmstorfl.sys (Microsoft Corporation) DRV:64bit: - (storvsc) -- C:\Windows\SysNative\drivers\storvsc.sys (Microsoft Corporation) DRV:64bit: - (amdsata) -- C:\Windows\SysNative\drivers\amdsata.sys (Advanced Micro Devices) DRV:64bit: - (amdxata) -- C:\Windows\SysNative\drivers\amdxata.sys (Advanced Micro Devices) DRV:64bit: - (TsUsbFlt) -- C:\Windows\SysNative\drivers\TsUsbFlt.sys (Microsoft Corporation) DRV:64bit: - (terminpt) -- C:\Windows\SysNative\drivers\terminpt.sys (Microsoft Corporation) DRV:64bit: - (RdpVideoMiniport) -- C:\Windows\SysNative\drivers\rdpvideominiport.sys (Microsoft Corporation) DRV:64bit: - (CSC) -- C:\Windows\SysNative\drivers\csc.sys (Microsoft Corporation) DRV:64bit: - (WmVirHid) -- C:\Windows\SysNative\drivers\WmVirHid.sys (Logitech Inc.) DRV:64bit: - (WmHidLo) -- C:\Windows\SysNative\drivers\WmHidLo.sys (Logitech Inc.) DRV:64bit: - (WmBEnum) -- C:\Windows\SysNative\drivers\WmBEnum.sys (Logitech Inc.) DRV:64bit: - (WmXlCore) -- C:\Windows\SysNative\drivers\WmXlCore.sys (Logitech Inc.) DRV:64bit: - (WmFilter) -- C:\Windows\SysNative\drivers\WmFilter.sys (Logitech Inc.) DRV:64bit: - (sscdmdm) -- C:\Windows\SysNative\drivers\sscdmdm.sys (MCCI Corporation) DRV:64bit: - (sscdbus) SAMSUNG USB Composite Device driver (WDM) -- C:\Windows\SysNative\drivers\sscdbus.sys (MCCI Corporation) DRV:64bit: - (sscdmdfl) -- C:\Windows\SysNative\drivers\sscdmdfl.sys (MCCI Corporation) DRV:64bit: - (USBAAPL64) -- C:\Windows\SysNative\drivers\usbaapl64.sys (Apple, Inc.) DRV:64bit: - (RTL8167) -- C:\Windows\SysNative\drivers\Rt64win7.sys (Realtek ) DRV:64bit: - (LGVirHid) -- C:\Windows\SysNative\drivers\LGVirHid.sys (Logitech Inc.) DRV:64bit: - (LGBusEnum) -- C:\Windows\SysNative\drivers\LGBusEnum.sys (Logitech Inc.) DRV:64bit: - (xusb21) -- C:\Windows\SysNative\drivers\xusb21.sys (Microsoft Corporation) DRV:64bit: - (amdsbs) -- C:\Windows\SysNative\drivers\amdsbs.sys (AMD Technologies Inc.) DRV:64bit: - (LSI_SAS2) -- C:\Windows\SysNative\drivers\lsi_sas2.sys (LSI Corporation) DRV:64bit: - (HpSAMD) -- C:\Windows\SysNative\drivers\HpSAMD.sys (Hewlett-Packard Company) DRV:64bit: - (stexstor) -- C:\Windows\SysNative\drivers\stexstor.sys (Promise Technology) DRV:64bit: - (usb_rndisx) -- C:\Windows\SysNative\drivers\usb8023x.sys (Microsoft Corporation) DRV:64bit: - (s3cap) -- C:\Windows\SysNative\drivers\vms3cap.sys (Microsoft Corporation) DRV:64bit: - (VMBusHID) -- C:\Windows\SysNative\drivers\VMBusHID.sys (Microsoft Corporation) DRV:64bit: - (LGPBTDD) -- C:\Windows\SysNative\drivers\LGPBTDD.sys (Logitech Inc.) DRV:64bit: - (Ntfs) -- C:\Windows\SysNative\wbem\ntfs.mof () DRV:64bit: - (ebdrv) -- C:\Windows\SysNative\drivers\evbda.sys (Broadcom Corporation) DRV:64bit: - (b06bdrv) -- C:\Windows\SysNative\drivers\bxvbda.sys (Broadcom Corporation) DRV:64bit: - (b57nd60a) -- C:\Windows\SysNative\drivers\b57nd60a.sys (Broadcom Corporation) DRV:64bit: - (hcw85cir) -- C:\Windows\SysNative\drivers\hcw85cir.sys (Hauppauge Computer Works, Inc.) DRV:64bit: - (GEARAspiWDM) -- C:\Windows\SysNative\drivers\GEARAspiWDM.sys (GEAR Software Inc.) DRV:64bit: - (mv61xx) -- C:\Windows\SysNative\drivers\mv61xx.sys (Marvell Semiconductor, Inc.) DRV:64bit: - (KoneFltr) -- C:\Windows\SysNative\drivers\Kone.sys (ROCCAT Ltd) DRV:64bit: - (ENTECH64) -- C:\Windows\SysNative\drivers\Entech64.sys (EnTech Taiwan) DRV:64bit: - (MTsensor) -- C:\Windows\SysNative\drivers\ASACPI.sys () DRV - (dgderdrv) -- C:\Windows\SysWOW64\drivers\dgderdrv.sys (Devguru Co., Ltd) DRV - (TFsExDisk) -- C:\Windows\SysWOW64\drivers\TFsExDisk.Sys (Teruten Inc) DRV - (ISODrive) -- e:\UltraISO\drivers\ISODrv64.sys (EZB Systems, Inc.) ========== Standard Registry (SafeList) ========== ========== Internet Explorer ========== IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = hxxp://de.msn.com/?ocid=iehp IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = de-DE IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = ED EE C2 F1 B9 64 CB 01 [binary data] IE - HKCU\..\URLSearchHook: {472734EA-242A-422b-ADF8-83D1E48CC825} - e:\PC Tools Security\BDT\PCTBrowserDefender.dll (Threat Expert Ltd.) IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local ========== FireFox ========== FF - prefs.js..browser.search.useDBForOrder: true FF - prefs.js..extensions.enabledItems: anycolor.pavlos256@gmail.com:0.3.3 FF - prefs.js..extensions.enabledItems: promtff9@promt9.ru:9.0 FF - prefs.js..extensions.enabledItems: fb_add_on@avm.de:1.5.5 FF - prefs.js..extensions.enabledItems: {cb84136f-9c44-433a-9048-c5cd9df1dc16}:2.0.6 FF - prefs.js..extensions.enabledItems: djziggy@gmail.com:1.2.0 FF - prefs.js..extensions.enabledItems: info@djzig.com:1.2.0 FF - prefs.js..extensions.enabledItems: {241aae70-0022-11de-87af-0800200c9a66}:3.6.30.01.10 FF - prefs.js..extensions.enabledItems: {de5809e0-2b07-11dd-bd0b-0800200c9a66}:1.2.0 FF - prefs.js..network.proxy.type: 0 FF - HKLM\software\mozilla\Firefox\Extensions\\{cb84136f-9c44-433a-9048-c5cd9df1dc16}: e:\PC Tools Security\BDT\Firefox\ [2010.10.05 20:46:39 | 000,000,000 | ---D | M] FF - HKLM\software\mozilla\Mozilla Firefox 3.6.10\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2010.10.05 19:36:38 | 000,000,000 | ---D | M] FF - HKLM\software\mozilla\Mozilla Firefox 3.6.10\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins [2010.09.22 19:04:50 | 000,000,000 | ---D | M] [2010.08.03 00:02:35 | 000,000,000 | ---D | M] -- C:\Users\Administrator\AppData\Roaming\mozilla\Extensions [2010.10.05 20:59:04 | 000,000,000 | ---D | M] -- C:\Users\Administrator\AppData\Roaming\mozilla\Firefox\Profiles\vntc22dp.default\extensions [2010.08.03 22:43:47 | 000,000,000 | ---D | M] (Microsoft .NET Framework Assistant) -- C:\Users\Administrator\AppData\Roaming\mozilla\Firefox\Profiles\vntc22dp.default\extensions\{20a82645-c095-46ed-80e3-08825760534b} [2010.08.03 00:04:03 | 000,000,000 | ---D | M] (Blue Fox) -- C:\Users\Administrator\AppData\Roaming\mozilla\Firefox\Profiles\vntc22dp.default\extensions\{241aae70-0022-11de-87af-0800200c9a66} [2010.08.03 00:04:03 | 000,000,000 | ---D | M] (Gradient iCool) -- C:\Users\Administrator\AppData\Roaming\mozilla\Firefox\Profiles\vntc22dp.default\extensions\{de5809e0-2b07-11dd-bd0b-0800200c9a66} [2010.08.21 18:44:46 | 000,000,000 | ---D | M] -- C:\Users\Administrator\AppData\Roaming\mozilla\Firefox\Profiles\vntc22dp.default\extensions\anycolor.pavlos256@gmail.com [2010.09.06 21:56:18 | 000,000,000 | ---D | M] -- C:\Users\Administrator\AppData\Roaming\mozilla\Firefox\Profiles\vntc22dp.default\extensions\djziggy@gmail.com [2010.10.05 19:34:25 | 000,000,000 | ---D | M] -- C:\Users\Administrator\AppData\Roaming\mozilla\Firefox\Profiles\vntc22dp.default\extensions\fb_add_on@avm.de [2010.09.06 21:56:21 | 000,000,000 | ---D | M] -- C:\Users\Administrator\AppData\Roaming\mozilla\Firefox\Profiles\vntc22dp.default\extensions\info@djzig.com [2010.10.05 20:09:25 | 000,002,689 | ---- | M] () -- C:\Users\Administrator\AppData\Roaming\Mozilla\FireFox\Profiles\vntc22dp.default\searchplugins\search-defender.xml [2010.10.05 20:59:04 | 000,000,000 | ---D | M] -- C:\Program Files (x86)\mozilla firefox\extensions [2010.08.03 00:02:13 | 000,000,000 | ---D | M] (Microsoft .NET Framework Assistant) -- C:\Program Files (x86)\mozilla firefox\extensions\{20a82645-c095-46ed-80e3-08825760534b} [2010.08.03 00:02:13 | 000,000,000 | ---D | M] (Blue Fox) -- C:\Program Files (x86)\mozilla firefox\extensions\{241aae70-0022-11de-87af-0800200c9a66} [2010.08.03 00:02:13 | 000,000,000 | ---D | M] (Gradient iCool) -- C:\Program Files (x86)\mozilla firefox\extensions\{de5809e0-2b07-11dd-bd0b-0800200c9a66} [2010.08.03 00:02:13 | 000,000,000 | ---D | M] -- C:\Program Files (x86)\mozilla firefox\extensions\anycolor.pavlos256@gmail.com [2010.08.03 00:02:13 | 000,000,000 | ---D | M] -- C:\Program Files (x86)\mozilla firefox\extensions\djziggy@gmail.com [2010.08.03 00:02:13 | 000,000,000 | ---D | M] -- C:\Program Files (x86)\mozilla firefox\extensions\info@djzig.com [2010.08.03 00:02:13 | 000,000,000 | ---D | M] -- C:\Program Files (x86)\mozilla firefox\extensions\djziggy@gmail.com\chrome\global\extensions [2010.08.03 00:02:13 | 000,000,000 | ---D | M] -- C:\Program Files (x86)\mozilla firefox\extensions\djziggy@gmail.com\chrome\global\extensions\chatzilla [2010.08.03 00:02:13 | 000,000,000 | ---D | M] -- C:\Program Files (x86)\mozilla firefox\extensions\djziggy@gmail.com\chrome\global\extensions\Console2 [2010.08.03 00:02:13 | 000,000,000 | ---D | M] -- C:\Program Files (x86)\mozilla firefox\extensions\djziggy@gmail.com\chrome\global\extensions\downthemall [2010.08.03 00:02:13 | 000,000,000 | ---D | M] -- C:\Program Files (x86)\mozilla firefox\extensions\djziggy@gmail.com\chrome\global\extensions\emusic [2010.08.03 00:02:13 | 000,000,000 | ---D | M] -- C:\Program Files (x86)\mozilla firefox\extensions\djziggy@gmail.com\chrome\global\extensions\fullerscreen [2010.08.03 00:02:13 | 000,000,000 | ---D | M] -- C:\Program Files (x86)\mozilla firefox\extensions\djziggy@gmail.com\chrome\global\extensions\sage [2010.08.03 00:02:13 | 000,000,000 | ---D | M] -- C:\Program Files (x86)\mozilla firefox\extensions\djziggy@gmail.com\chrome\global\extensions\toolkit [2010.08.03 00:02:13 | 000,000,000 | ---D | M] -- C:\Program Files (x86)\mozilla firefox\extensions\djziggy@gmail.com\chrome\global\extensions\webdeveloper [2010.08.03 00:02:13 | 000,000,000 | ---D | M] -- C:\Program Files (x86)\mozilla firefox\extensions\djziggy@gmail.com\chrome\mozapps\extensions [2010.08.03 00:02:13 | 000,000,000 | ---D | M] -- C:\Program Files (x86)\mozilla firefox\extensions\info@djzig.com\chrome\global\extensions [2010.08.03 00:02:13 | 000,000,000 | ---D | M] -- C:\Program Files (x86)\mozilla firefox\extensions\info@djzig.com\chrome\global\extensions\chatzilla [2010.08.03 00:02:13 | 000,000,000 | ---D | M] -- C:\Program Files (x86)\mozilla firefox\extensions\info@djzig.com\chrome\global\extensions\Console2 [2010.08.03 00:02:13 | 000,000,000 | ---D | M] -- C:\Program Files (x86)\mozilla firefox\extensions\info@djzig.com\chrome\global\extensions\downthemall [2010.08.03 00:02:13 | 000,000,000 | ---D | M] -- C:\Program Files (x86)\mozilla firefox\extensions\info@djzig.com\chrome\global\extensions\emusic [2010.08.03 00:02:13 | 000,000,000 | ---D | M] -- C:\Program Files (x86)\mozilla firefox\extensions\info@djzig.com\chrome\global\extensions\fullerscreen [2010.08.03 00:02:13 | 000,000,000 | ---D | M] -- C:\Program Files (x86)\mozilla firefox\extensions\info@djzig.com\chrome\global\extensions\sage [2010.08.03 00:02:13 | 000,000,000 | ---D | M] -- C:\Program Files (x86)\mozilla firefox\extensions\info@djzig.com\chrome\global\extensions\toolkit [2010.08.03 00:02:13 | 000,000,000 | ---D | M] -- C:\Program Files (x86)\mozilla firefox\extensions\info@djzig.com\chrome\global\extensions\webdeveloper [2010.08.03 00:02:13 | 000,000,000 | ---D | M] -- C:\Program Files (x86)\mozilla firefox\extensions\info@djzig.com\chrome\mozapps\extensions [2010.07.23 02:48:56 | 000,001,392 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\amazondotcom-de.xml [2010.07.23 02:48:56 | 000,002,344 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\eBay-de.xml [2010.07.23 02:48:56 | 000,006,805 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\leo_ende_de.xml [2010.07.23 02:48:56 | 000,001,178 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\wikipedia-de.xml [2010.07.23 02:48:56 | 000,001,105 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\yahoo-de.xml O1 HOSTS File: ([2009.06.10 23:00:26 | 000,000,824 | ---- | M]) - C:\Windows\SysNative\drivers\etc\hosts O2:64bit: - BHO: (Groove GFS Browser Helper) - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Programme\Microsoft Office\Office14\GROOVEEX.DLL (Microsoft Corporation) O2:64bit: - BHO: (Office Document Cache Handler) - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Programme\Microsoft Office\Office14\URLREDIR.DLL (Microsoft Corporation) O2 - BHO: (Adobe PDF Reader) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll (Adobe Systems Incorporated) O2 - BHO: (Promt IE Helper) - {1F13CE11-4FAC-49A9-8155-D4F3F0F91A33} - E:\PRMT9\PRMTIE\prmtie.dll (PROMT Ltd.) O2 - BHO: (PC Tools Browser Guard BHO) - {2A0F3D1B-0909-4FF4-B272-609CCE6054E7} - e:\PC Tools Security\BDT\PCTBrowserDefender.dll (Threat Expert Ltd.) O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - No CLSID value found. O2 - BHO: (Groove GFS Browser Helper) - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\PROGRA~2\MICROS~2\Office14\GROOVEEX.DLL (Microsoft Corporation) O2 - BHO: (Adobe PDF Conversion Toolbar Helper) - {AE7CD045-E861-484f-8273-0445EE161910} - E:\Acrobat 8.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated) O2 - BHO: (Office Document Cache Handler) - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\PROGRA~2\MICROS~2\Office14\URLREDIR.DLL (Microsoft Corporation) O3 - HKLM\..\Toolbar: (PC Tools Browser Guard) - {472734EA-242A-422B-ADF8-83D1E48CC825} - e:\PC Tools Security\BDT\PCTBrowserDefender.dll (Threat Expert Ltd.) O3 - HKLM\..\Toolbar: (Adobe PDF) - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - E:\Acrobat 8.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated) O3 - HKLM\..\Toolbar: (PROMT-Übersetzer) - {C7DDDD27-F303-42A5-B979-51559F7DC0F0} - E:\PRMT9\PRMTIE\prmtie.dll (PROMT Ltd.) O3 - HKCU\..\Toolbar\WebBrowser: (Adobe PDF) - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - E:\Acrobat 8.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated) O4:64bit: - HKLM..\Run: [cFosSpeed] C:\Programme\cFosSpeed\cfosspeed.exe (cFos Software GmbH) O4:64bit: - HKLM..\Run: [Launch LCDMon] C:\Program Files\Logitech\GamePanel Software\LCD Manager\LCDMon.exe (Logitech Inc.) O4:64bit: - HKLM..\Run: [Launch LGDCore] C:\Program Files\Logitech\GamePanel Software\G-series Software\LGDCore.exe (Logitech Inc.) O4:64bit: - HKLM..\Run: [Launch LgDeviceAgent] C:\Program Files\Logitech\GamePanel Software\LgDevAgt.exe (Logitech Inc.) O4:64bit: - HKLM..\Run: [ooccctrl.exe] E:\CleverCache\ooccctrl.exe (O&O Software GmbH) O4:64bit: - HKLM..\Run: [RtHDVCpl] C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe (Realtek Semiconductor) O4:64bit: - HKLM..\Run: [Start WingMan Profiler] C:\Program Files\Logitech\Gaming Software\LWEMon.exe (Logitech Inc.) O4 - HKLM..\Run: [] File not found O4 - HKLM..\Run: [ISTray] e:\PC Tools Security\pctsGui.exe (PC Tools) O4 - HKLM..\Run: [PCTools FGuard] e:\PC Tools Security\BDT\FGuard.exe (Threat Expert Ltd.) O4 - HKLM..\Run: [RoccatKone+] C:\Program Files (x86)\ROCCAT\Kone[+] Mouse\Kone[+]Monitor.EXE (ROCCAT GmbH) O4 - HKCU..\Run: [KiesTrayAgent] File not found O4 - HKCU..\Run: [PlayNC Launcher] File not found O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktopChanges = 1 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableLinkedConnections = 1 O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145 O8:64bit: - Extra context menu item: An OneNote s&enden - C:\Programme\Microsoft Office\Office14\ONBttnIE.dll (Microsoft Corporation) O8:64bit: - Extra context menu item: An vorhandenes PDF anfügen - E:\Acrobat 8.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated) O8:64bit: - Extra context menu item: Ausgewählte Verknüpfungen in Adobe PDF konvertieren - E:\Acrobat 8.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated) O8:64bit: - Extra context menu item: Ausgewählte Verknüpfungen in vorhandene PDF-Datei konvertieren - E:\Acrobat 8.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated) O8:64bit: - Extra context menu item: Auswahl in Adobe PDF konvertieren - E:\Acrobat 8.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated) O8:64bit: - Extra context menu item: Auswahl in vorhandene PDF-Datei konvertieren - E:\Acrobat 8.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated) O8:64bit: - Extra context menu item: Ganze Seite übersetzen - E:\PRMT9\PRMTIE\page.HTM () O8:64bit: - Extra context menu item: In Adobe PDF konvertieren - E:\Acrobat 8.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated) O8:64bit: - Extra context menu item: Markierung ubersetzen - E:\PRMT9\PRMTIE\translat.HTM () O8:64bit: - Extra context menu item: Nach Microsoft E&xcel exportieren - C:\Programme\Microsoft Office\Office14\EXCEL.EXE (Microsoft Corporation) O8:64bit: - Extra context menu item: Suchanfrage ubersetzen - E:\PRMT9\PRMTIE\search.HTM () O8:64bit: - Extra context menu item: Thema automatisch bestimmen - E:\PRMT9\PRMTIE\aot.htm () O8:64bit: - Extra context menu item: Übersetzungsoptionen anpassen - E:\PRMT9\PRMTIE\options.HTM () O8:64bit: - Extra context menu item: Verknüpfungsziel in Adobe PDF konvertieren - E:\Acrobat 8.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated) O8:64bit: - Extra context menu item: Verknüpfungsziel in vorhandene PDF-Datei konvertieren - E:\Acrobat 8.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated) O8 - Extra context menu item: An OneNote s&enden - C:\Programme\Microsoft Office\Office14\ONBttnIE.dll (Microsoft Corporation) O8 - Extra context menu item: An vorhandenes PDF anfügen - E:\Acrobat 8.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated) O8 - Extra context menu item: Ausgewählte Verknüpfungen in Adobe PDF konvertieren - E:\Acrobat 8.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated) O8 - Extra context menu item: Ausgewählte Verknüpfungen in vorhandene PDF-Datei konvertieren - E:\Acrobat 8.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated) O8 - Extra context menu item: Auswahl in Adobe PDF konvertieren - E:\Acrobat 8.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated) O8 - Extra context menu item: Auswahl in vorhandene PDF-Datei konvertieren - E:\Acrobat 8.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated) O8 - Extra context menu item: Ganze Seite übersetzen - E:\PRMT9\PRMTIE\page.HTM () O8 - Extra context menu item: In Adobe PDF konvertieren - E:\Acrobat 8.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated) O8 - Extra context menu item: Markierung ubersetzen - E:\PRMT9\PRMTIE\translat.HTM () O8 - Extra context menu item: Nach Microsoft E&xcel exportieren - C:\Programme\Microsoft Office\Office14\EXCEL.EXE (Microsoft Corporation) O8 - Extra context menu item: Suchanfrage ubersetzen - E:\PRMT9\PRMTIE\search.HTM () O8 - Extra context menu item: Thema automatisch bestimmen - E:\PRMT9\PRMTIE\aot.htm () O8 - Extra context menu item: Übersetzungsoptionen anpassen - E:\PRMT9\PRMTIE\options.HTM () O8 - Extra context menu item: Verknüpfungsziel in Adobe PDF konvertieren - E:\Acrobat 8.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated) O8 - Extra context menu item: Verknüpfungsziel in vorhandene PDF-Datei konvertieren - E:\Acrobat 8.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated) O9:64bit: - Extra Button: An OneNote senden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Programme\Microsoft Office\Office14\ONBttnIE.dll (Microsoft Corporation) O9:64bit: - Extra 'Tools' menuitem : An OneNote s&enden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Programme\Microsoft Office\Office14\ONBttnIE.dll (Microsoft Corporation) O9:64bit: - Extra Button: Verknüpfte &OneNote-Notizen - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Programme\Microsoft Office\Office14\ONBttnIELinkedNotes.dll (Microsoft Corporation) O9:64bit: - Extra 'Tools' menuitem : Verknüpfte &OneNote-Notizen - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Programme\Microsoft Office\Office14\ONBttnIELinkedNotes.dll (Microsoft Corporation) O9 - Extra Button: An OneNote senden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIE.dll (Microsoft Corporation) O9 - Extra 'Tools' menuitem : An OneNote s&enden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIE.dll (Microsoft Corporation) O9 - Extra Button: Verknüpfte &OneNote-Notizen - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIELinkedNotes.dll (Microsoft Corporation) O9 - Extra 'Tools' menuitem : Verknüpfte &OneNote-Notizen - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIELinkedNotes.dll (Microsoft Corporation) O10:64bit: - NameSpace_Catalog5\Catalog_Entries\000000000007 [] - C:\Program Files (x86)\Bonjour\mdnsNSP.dll (Apple Inc.) O10:64bit: - Protocol_Catalog9\Catalog_Entries\000000000001 - C:\Program Files (x86)\Common Files\PC Tools\Lsp\PCTLsp.dll (PC Tools Research Pty Ltd.) O10:64bit: - Protocol_Catalog9\Catalog_Entries\000000000002 - C:\Program Files (x86)\Common Files\PC Tools\Lsp\PCTLsp.dll (PC Tools Research Pty Ltd.) O10:64bit: - Protocol_Catalog9\Catalog_Entries\000000000003 - C:\Program Files (x86)\Common Files\PC Tools\Lsp\PCTLsp.dll (PC Tools Research Pty Ltd.) O10:64bit: - Protocol_Catalog9\Catalog_Entries\000000000004 - C:\Program Files (x86)\Common Files\PC Tools\Lsp\PCTLsp.dll (PC Tools Research Pty Ltd.) O10:64bit: - Protocol_Catalog9\Catalog_Entries\000000000005 - C:\Program Files (x86)\Common Files\PC Tools\Lsp\PCTLsp.dll (PC Tools Research Pty Ltd.) O10:64bit: - Protocol_Catalog9\Catalog_Entries\000000000006 - C:\Program Files (x86)\Common Files\PC Tools\Lsp\PCTLsp.dll (PC Tools Research Pty Ltd.) O10:64bit: - Protocol_Catalog9\Catalog_Entries\000000000017 - C:\Program Files (x86)\Common Files\PC Tools\Lsp\PCTLsp.dll (PC Tools Research Pty Ltd.) O10 - NameSpace_Catalog5\Catalog_Entries\000000000007 [] - C:\Program Files (x86)\Bonjour\mdnsNSP.dll (Apple Inc.) O10 - Protocol_Catalog9\Catalog_Entries\000000000001 - C:\Program Files (x86)\Common Files\PC Tools\Lsp\PCTLsp.dll (PC Tools Research Pty Ltd.) O10 - Protocol_Catalog9\Catalog_Entries\000000000002 - C:\Program Files (x86)\Common Files\PC Tools\Lsp\PCTLsp.dll (PC Tools Research Pty Ltd.) O10 - Protocol_Catalog9\Catalog_Entries\000000000003 - C:\Program Files (x86)\Common Files\PC Tools\Lsp\PCTLsp.dll (PC Tools Research Pty Ltd.) O10 - Protocol_Catalog9\Catalog_Entries\000000000004 - C:\Program Files (x86)\Common Files\PC Tools\Lsp\PCTLsp.dll (PC Tools Research Pty Ltd.) O10 - Protocol_Catalog9\Catalog_Entries\000000000005 - C:\Program Files (x86)\Common Files\PC Tools\Lsp\PCTLsp.dll (PC Tools Research Pty Ltd.) O10 - Protocol_Catalog9\Catalog_Entries\000000000006 - C:\Program Files (x86)\Common Files\PC Tools\Lsp\PCTLsp.dll (PC Tools Research Pty Ltd.) O10 - Protocol_Catalog9\Catalog_Entries\000000000017 - C:\Program Files (x86)\Common Files\PC Tools\Lsp\PCTLsp.dll (PC Tools Research Pty Ltd.) O13 - gopher Prefix: missing O13 - gopher Prefix: missing O16 - DPF: {4871A87A-BFDD-4106-8153-FFDE2BAC2967} hxxp://dlm.tools.akamai.com/dlmanager/versions/activex/dlm-activex-2.2.5.7.cab (DLM Control) O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.178.1 O18:64bit: - Protocol\Handler\livecall {828030A1-22C1-4009-854F-8E305202313F} - Reg Error: Key error. File not found O18:64bit: - Protocol\Handler\ms-help {314111c7-a502-11d2-bbca-00c04f8ec294} - C:\Programme\Common Files\Microsoft Shared\Help\hxds.dll (Microsoft Corporation) O18:64bit: - Protocol\Handler\ms-itss {0A9007C0-4076-11D3-8789-0000F8105754} - Reg Error: Key error. File not found O18:64bit: - Protocol\Handler\msnim {828030A1-22C1-4009-854F-8E305202313F} - Reg Error: Key error. File not found O18:64bit: - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - Reg Error: Key error. File not found O18 - Protocol\Handler\livecall {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~2\WIC4A1~1\MESSEN~1\MSGRAP~1.DLL (Microsoft Corporation) O18 - Protocol\Handler\ms-help {314111c7-a502-11d2-bbca-00c04f8ec294} - Reg Error: Key error. File not found O18 - Protocol\Handler\msnim {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~2\WIC4A1~1\MESSEN~1\MSGRAP~1.DLL (Microsoft Corporation) O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~2\COMMON~1\Skype\SKYPE4~1.DLL (Skype Technologies) O18:64bit: - Protocol\Filter\text/xml {807573E5-5146-11D5-A672-00B0D022E945} - C:\Programme\Common Files\Microsoft Shared\OFFICE14\MSOXMLMF.DLL (Microsoft Corporation) O18 - Protocol\Filter\text/xml {807573E5-5146-11D5-A672-00B0D022E945} - C:\Program Files (x86)\Common Files\Microsoft Shared\OFFICE14\MSOXMLMF.DLL (Microsoft Corporation) O20:64bit: - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation) O20:64bit: - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\Windows\SysNative\SystemPropertiesPerformance.exe (Microsoft Corporation) O20:64bit: - HKLM Winlogon: VMApplet - (/pagefile) - File not found O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation) O20 - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\Windows\SysWow64\SystemPropertiesPerformance.exe (Microsoft Corporation) O20 - HKLM Winlogon: VMApplet - (/pagefile) - File not found O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - CLSID or File not found. O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - CLSID or File not found. O28:64bit: - HKLM ShellExecuteHooks: {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - C:\Programme\Microsoft Office\Office14\GROOVEEX.DLL (Microsoft Corporation) O28 - HKLM ShellExecuteHooks: {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - C:\PROGRA~2\MICROS~2\Office14\GROOVEEX.DLL (Microsoft Corporation) O32 - HKLM CDRom: AutoRun - 1 O32 - AutoRun File - [2010.08.17 06:32:29 | 000,335,752 | R--- | M] (Konami Digital Entertainment Co., Ltd.) - I:\autorun.exe -- [ UDF ] O32 - AutoRun File - [2010.08.17 06:32:29 | 000,000,047 | R--- | M] () - I:\Autorun.inf -- [ UDF ] O33 - MountPoints2\{446b7806-9e86-11df-a7dc-806e6f6e6963}\Shell - "" = AutoRun O33 - MountPoints2\{446b7806-9e86-11df-a7dc-806e6f6e6963}\Shell\AutoRun\command - "" = H:\ACRONIS.EXE -- File not found O33 - MountPoints2\{464829d5-9f37-11df-b868-00261800a901}\Shell - "" = AutoRun O33 - MountPoints2\{464829d5-9f37-11df-b868-00261800a901}\Shell\AutoRun\command - "" = K:\AionLauncher.exe -- File not found O33 - MountPoints2\{efc735a8-9e7b-11df-abb6-806e6f6e6963}\Shell - "" = AutoRun O33 - MountPoints2\{efc735a8-9e7b-11df-abb6-806e6f6e6963}\Shell\AutoRun\command - "" = I:\autorun.exe -- [2010.08.17 06:32:29 | 000,335,752 | R--- | M] (Konami Digital Entertainment Co., Ltd.) O34 - HKLM BootExecute: (autocheck autochk *) - File not found O35:64bit: - HKLM\..comfile [open] -- "%1" %* O35:64bit: - HKLM\..exefile [open] -- "%1" %* O35 - HKLM\..comfile [open] -- "%1" %* O35 - HKLM\..exefile [open] -- "%1" %* O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %* O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %* O37 - HKLM\...com [@ = comfile] -- "%1" %* O37 - HKLM\...exe [@ = exefile] -- "%1" %* ========== Files/Folders - Created Within 30 Days ========== [2010.10.06 16:45:19 | 000,038,224 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\SysWow64\drivers\mbamswissarmy.sys [2010.10.06 16:45:18 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes [2010.10.06 16:18:44 | 000,000,000 | ---D | C] -- C:\Users\Administrator\AppData\Roaming\Malwarebytes [2010.10.06 16:18:19 | 000,024,664 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\SysNative\drivers\mbam.sys [2010.10.06 16:17:46 | 006,153,648 | ---- | C] (Malwarebytes Corporation ) -- C:\Users\Administrator\Desktop\mbam-setup.exe [2010.10.06 15:55:55 | 000,576,512 | ---- | C] (OldTimer Tools) -- C:\Users\Administrator\Desktop\OTL.exe [2010.10.06 15:53:16 | 000,000,000 | ---D | C] -- C:\Programme\iTunes [2010.10.06 15:53:16 | 000,000,000 | ---D | C] -- C:\Programme\iPod [2010.10.06 15:52:17 | 000,000,000 | ---D | C] -- C:\Programme\Bonjour [2010.10.06 15:52:17 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Bonjour [2010.10.06 15:52:14 | 000,000,000 | -HSD | C] -- C:\Config.Msi [2010.10.05 21:06:50 | 000,000,000 | ---D | C] -- C:\Users\Administrator\Desktop\Erste Seite Bestellung [2010.10.05 20:46:39 | 001,865,680 | ---- | C] (Threat Expert Ltd.) -- C:\Windows\PCTBDCore.dll [2010.10.05 20:46:39 | 000,739,280 | ---- | C] (Threat Expert Ltd.) -- C:\Windows\PCTBDRes.dll [2010.10.05 20:46:39 | 000,149,456 | ---- | C] (PC Tools) -- C:\Windows\SGDetectionTool.dll [2010.10.05 20:45:39 | 000,816,016 | ---- | C] (PC Tools) -- C:\Windows\SysNative\drivers\pctEFA64.sys [2010.10.05 20:45:39 | 000,452,872 | ---- | C] (PC Tools) -- C:\Windows\SysNative\drivers\pctDS64.sys [2010.10.05 20:45:38 | 000,329,320 | ---- | C] (PC Tools) -- C:\Windows\SysNative\drivers\pctgntdi64.sys [2010.10.05 20:45:38 | 000,136,168 | ---- | C] (PC Tools) -- C:\Windows\SysNative\drivers\pctwfpfilter64.sys [2010.10.05 20:45:37 | 000,254,624 | ---- | C] (PC Tools) -- C:\Windows\SysNative\drivers\PCTCore64.sys [2010.10.05 20:44:42 | 000,074,312 | ---- | C] (PC Tools) -- C:\Windows\SysNative\drivers\TfSysMon.sys [2010.10.05 20:44:42 | 000,041,888 | ---- | C] (PC Tools) -- C:\Windows\SysNative\drivers\TfNetMon.sys [2010.10.05 20:44:39 | 000,065,072 | ---- | C] (PC Tools) -- C:\Windows\SysNative\drivers\TfFsMon.sys [2010.10.05 20:44:38 | 000,116,616 | ---- | C] (PC Tools) -- C:\Windows\SysNative\drivers\pctNdis-PacketFilter64.sys [2010.10.05 20:44:38 | 000,042,968 | ---- | C] (PC Tools) -- C:\Windows\SysNative\drivers\pctNdis-DNS64.sys [2010.10.05 20:44:37 | 000,177,904 | ---- | C] (PC Tools) -- C:\Windows\SysNative\drivers\pctplfw64.sys [2010.10.05 20:44:37 | 000,092,896 | ---- | C] (PC Tools) -- C:\Windows\SysNative\drivers\pctplsg64.sys [2010.10.05 20:44:37 | 000,077,784 | ---- | C] (PC Tools) -- C:\Windows\SysNative\drivers\pctNdis64.sys [2010.10.05 20:44:32 | 000,000,000 | ---D | C] -- C:\Users\Administrator\AppData\Roaming\PC Tools [2010.10.05 20:44:32 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\PC Tools [2010.10.05 19:50:37 | 000,000,000 | ---D | C] -- C:\Users\Administrator\AppData\Roaming\Spam Monitor [2010.10.05 19:50:37 | 000,000,000 | ---D | C] -- C:\Users\Administrator\AppData\Roaming\PCToolsFirewallPlus [2010.10.05 19:45:39 | 000,000,000 | ---D | C] -- C:\ProgramData\TEMP [2010.10.05 19:43:59 | 000,000,000 | ---D | C] -- C:\ProgramData\PC Tools [2010.10.05 19:43:38 | 000,000,000 | ---D | C] -- C:\Users\Administrator\AppData\Local\FRITZ! [2010.10.05 19:39:27 | 000,000,000 | ---D | C] -- C:\Users\Administrator\AppData\Roaming\FRITZ! [2010.10.05 19:36:04 | 000,000,000 | ---D | C] -- C:\Programme\FRITZ!DSL [2010.10.02 22:36:52 | 000,000,000 | ---D | C] -- C:\Users\Administrator\Documents\EA Games [2010.10.01 23:23:56 | 132,218,216 | ---- | C] (Samsung Electronics Co., Ltd.) -- C:\Users\Administrator\Desktop\kies_win.exe [2010.09.30 23:07:42 | 000,000,000 | ---D | C] -- C:\Users\Administrator\Desktop\AFSExplorer_3_7 [2010.09.30 21:25:36 | 000,000,000 | ---D | C] -- C:\Users\Administrator\Desktop\Zubehör PES 2011 [2010.09.30 21:13:33 | 000,000,000 | ---D | C] -- C:\Users\Administrator\Documents\My ISO Files [2010.09.30 21:13:33 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\EZB Systems [2010.09.30 20:46:41 | 000,000,000 | ---D | C] -- C:\Users\Public\Documents\DAEMON Tools Images [2010.09.29 21:28:59 | 017,276,616 | ---- | C] (Logitech ) -- C:\Users\Administrator\Desktop\lgs510_x64.exe [2010.09.29 21:14:52 | 000,000,000 | ---D | C] -- C:\ProgramData\Logitech [2010.09.29 21:14:52 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Logitech [2010.09.27 22:08:04 | 000,000,000 | ---D | C] -- C:\ProgramData\Codemasters [2010.09.27 22:07:59 | 000,000,000 | ---D | C] -- C:\Users\Administrator\Documents\My Games [2010.09.27 22:01:50 | 017,686,528 | ---- | C] (Intel Corporation / Blue Ripple Sound Limited) -- C:\Windows\SysWow64\mkl_blueripple.dll [2010.09.27 22:01:50 | 001,380,352 | ---- | C] (Blue Ripple Sound Limited) -- C:\Windows\SysWow64\rapture3d_oal.dll [2010.09.27 22:01:50 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\BRS [2010.09.27 22:01:40 | 000,466,520 | ---- | C] (Creative Labs) -- C:\Windows\SysNative\wrap_oal.dll [2010.09.27 22:01:40 | 000,445,016 | ---- | C] (Creative Labs) -- C:\Windows\SysWow64\wrap_oal.dll [2010.09.27 22:01:40 | 000,122,968 | ---- | C] (Portions (C) Creative Labs Inc. and NVIDIA Corp.) -- C:\Windows\SysNative\OpenAL32.dll [2010.09.27 22:01:40 | 000,109,144 | ---- | C] (Portions (C) Creative Labs Inc. and NVIDIA Corp.) -- C:\Windows\SysWow64\OpenAL32.dll [2010.09.27 22:01:40 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\OpenAL [2010.09.27 21:59:36 | 000,000,000 | ---D | C] -- C:\Windows\SysWow64\xlive [2010.09.27 21:59:35 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Microsoft Games for Windows - LIVE [2010.09.25 16:52:44 | 000,000,000 | ---D | C] -- C:\ProgramData\ROCCAT [2010.09.25 16:52:25 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\ROCCAT [2010.09.23 18:45:11 | 000,000,000 | ---D | C] -- C:\Users\Administrator\AppData\Roaming\Canon [2010.09.22 21:29:49 | 001,501,912 | ---- | C] (cFos Software GmbH) -- C:\Windows\SysNative\drivers\cfosspeed6.sys [2010.09.22 19:04:38 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\QuickTime [2010.09.21 18:14:03 | 001,633,280 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\jscript9.dll [2010.09.21 18:14:03 | 001,502,208 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\inetcpl.cpl [2010.09.21 18:14:03 | 001,448,448 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\inetcpl.cpl [2010.09.21 18:14:03 | 001,355,264 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\jscript9.dll [2010.09.21 18:14:03 | 000,819,712 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\jscript.dll [2010.09.21 18:14:03 | 000,719,360 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\jscript.dll [2010.09.21 18:14:03 | 000,690,176 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\msfeeds.dll [2010.09.21 18:14:03 | 000,596,480 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\msfeeds.dll [2010.09.21 18:14:03 | 000,242,688 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ieui.dll [2010.09.21 18:14:03 | 000,176,640 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ieui.dll [2010.09.21 18:14:03 | 000,173,056 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ieUnatt.exe [2010.09.21 18:14:03 | 000,165,888 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\iexpress.exe [2010.09.21 18:14:03 | 000,150,016 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\iexpress.exe [2010.09.21 18:14:03 | 000,142,848 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ieUnatt.exe [2010.09.21 18:14:03 | 000,136,704 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\iesysprep.dll [2010.09.21 18:14:03 | 000,114,176 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\iesysprep.dll [2010.09.21 18:14:03 | 000,102,400 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\inseng.dll [2010.09.21 18:14:03 | 000,080,384 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\inseng.dll [2010.09.21 18:14:03 | 000,049,664 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\imgutil.dll [2010.09.21 18:14:03 | 000,033,280 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\imgutil.dll [2010.09.21 18:14:03 | 000,012,288 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\mshta.exe [2010.09.21 18:14:02 | 003,695,400 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ieapfltr.dat [2010.09.21 18:14:02 | 003,695,400 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ieapfltr.dat [2010.09.21 18:14:02 | 002,431,488 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\iertutil.dll [2010.09.21 18:14:02 | 000,545,792 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ieapfltr.dll [2010.09.21 18:14:02 | 000,532,480 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\dxtmsft.dll [2010.09.21 18:14:02 | 000,448,512 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\html.iec [2010.09.21 18:14:02 | 000,441,856 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ieapfltr.dll [2010.09.21 18:14:02 | 000,367,104 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\html.iec [2010.09.21 18:14:02 | 000,353,280 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\dxtmsft.dll [2010.09.21 18:14:02 | 000,313,344 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\dxtrans.dll [2010.09.21 18:14:02 | 000,263,168 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ieaksie.dll [2010.09.21 18:14:02 | 000,227,840 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ieaksie.dll [2010.09.21 18:14:02 | 000,223,232 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\dxtrans.dll [2010.09.21 18:14:02 | 000,193,024 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ie4uinit.exe [2010.09.21 18:14:02 | 000,163,840 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ieakui.dll [2010.09.21 18:14:02 | 000,163,840 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ieakui.dll [2010.09.21 18:14:02 | 000,157,696 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ieakeng.dll [2010.09.21 18:14:02 | 000,147,456 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\iepeers.dll [2010.09.21 18:14:02 | 000,133,632 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\IEAdvpack.dll [2010.09.21 18:14:02 | 000,130,560 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ieakeng.dll [2010.09.21 18:14:02 | 000,111,104 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\iepeers.dll [2010.09.21 18:14:02 | 000,110,592 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\IEAdvpack.dll [2010.09.21 18:14:02 | 000,093,696 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ie4uinit.exe [2010.09.21 18:14:02 | 000,085,504 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\iesetup.dll [2010.09.21 18:14:02 | 000,081,920 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\icardie.dll [2010.09.21 18:14:02 | 000,075,264 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\iesetup.dll [2010.09.21 18:14:02 | 000,060,416 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\admparse.dll [2010.09.21 18:14:02 | 000,059,392 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\icardie.dll [2010.09.21 18:14:02 | 000,051,200 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\admparse.dll [2010.09.21 18:14:02 | 000,039,424 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\iernonce.dll [2010.09.21 18:14:02 | 000,032,768 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\iernonce.dll [2010.09.21 18:14:02 | 000,027,136 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\licmgr10.dll [2010.09.21 18:14:02 | 000,023,552 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\licmgr10.dll [2010.09.21 18:14:02 | 000,010,752 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\msfeedssync.exe [2010.09.21 18:14:02 | 000,010,240 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\msfeedssync.exe [2010.09.21 18:14:01 | 000,601,088 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\vbscript.dll [2010.09.21 18:14:01 | 000,424,960 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\vbscript.dll [2010.09.21 18:14:01 | 000,215,552 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\msls31.dll [2010.09.21 18:14:01 | 000,197,120 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\msrating.dll [2010.09.21 18:14:01 | 000,166,400 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\msrating.dll [2010.09.21 18:14:01 | 000,160,768 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\msls31.dll [2010.09.21 18:14:01 | 000,159,232 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\wextract.exe [2010.09.21 18:14:01 | 000,149,504 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\wextract.exe [2010.09.21 18:14:01 | 000,147,968 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\occache.dll [2010.09.21 18:14:01 | 000,128,000 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\occache.dll [2010.09.21 18:14:01 | 000,112,128 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\url.dll [2010.09.21 18:14:01 | 000,109,568 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\url.dll [2010.09.21 18:14:01 | 000,097,792 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\mshtmled.dll [2010.09.21 18:14:01 | 000,093,184 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\SetIEInstalledDate.exe [2010.09.21 18:14:01 | 000,090,624 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\RegisterIEPKEYs.exe [2010.09.21 18:14:01 | 000,076,800 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\tdc.ocx [2010.09.21 18:14:01 | 000,076,800 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\SetIEInstalledDate.exe [2010.09.21 18:14:01 | 000,074,752 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\RegisterIEPKEYs.exe [2010.09.21 18:14:01 | 000,067,072 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\mshtmled.dll [2010.09.21 18:14:01 | 000,065,024 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\pngfilt.dll [2010.09.21 18:14:01 | 000,063,488 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\tdc.ocx [2010.09.21 18:14:01 | 000,049,664 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\pngfilt.dll [2010.09.21 18:14:01 | 000,048,640 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\mshtmler.dll [2010.09.21 18:14:01 | 000,048,640 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\mshtmler.dll [2010.09.21 18:13:42 | 001,866,240 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ExplorerFrame.dll [2010.09.21 18:13:42 | 001,493,504 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ExplorerFrame.dll [2010.09.21 18:13:42 | 000,958,976 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\actxprxy.dll [2010.09.21 18:13:42 | 000,309,760 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\actxprxy.dll [2010.09.21 18:13:01 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Feedback Tool [2010.09.20 19:36:11 | 000,172,104 | ---- | C] (MCCI Corporation) -- C:\Windows\SysNative\drivers\sscdmdm.sys [2010.09.20 19:36:11 | 000,136,264 | ---- | C] (MCCI Corporation) -- C:\Windows\SysNative\drivers\sscdbus.sys [2010.09.20 19:36:11 | 000,019,016 | ---- | C] (MCCI Corporation) -- C:\Windows\SysNative\drivers\sscdmdfl.sys [2010.09.20 19:36:11 | 000,015,944 | ---- | C] (MCCI Corporation) -- C:\Windows\SysNative\drivers\sscdwhnt.sys [2010.09.20 19:36:11 | 000,015,944 | ---- | C] (MCCI Corporation) -- C:\Windows\SysNative\drivers\sscdwh.sys [2010.09.20 19:36:11 | 000,015,432 | ---- | C] (MCCI Corporation) -- C:\Windows\SysNative\drivers\sscdcmnt.sys [2010.09.20 19:36:11 | 000,015,432 | ---- | C] (MCCI Corporation) -- C:\Windows\SysNative\drivers\sscdcm.sys [2010.09.18 17:50:58 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Akamai [2010.09.16 10:12:34 | 000,000,000 | ---D | C] -- C:\Users\Administrator\AppData\Roaming\nHancer [2010.09.16 10:12:22 | 000,000,000 | ---D | C] -- C:\ProgramData\Caphyon [2010.09.16 10:12:19 | 000,000,000 | ---D | C] -- C:\ProgramData\nHancer [2010.09.15 10:41:54 | 000,569,344 | ---- | C] ((c) MusicCity) -- C:\Windows\SysWow64\muzdecode.ax [2010.09.15 10:41:54 | 000,491,520 | ---- | C] (Musiccity Co.Ltd.) -- C:\Windows\SysWow64\muzapp.dll [2010.09.15 10:41:54 | 000,352,256 | ---- | C] (Sample Corporation) -- C:\Windows\SysWow64\MSLUR71.dll [2010.09.15 10:41:54 | 000,258,048 | ---- | C] ((c) PeeringPortal) -- C:\Windows\SysWow64\muzoggsp.ax [2010.09.15 10:41:54 | 000,245,760 | ---- | C] (Teruten Inc.) -- C:\Windows\SysWow64\MSCLib.dll [2010.09.15 10:41:54 | 000,243,576 | ---- | C] ((주)마크애니) -- C:\Windows\SysWow64\MASetupCaller.dll [2010.09.15 10:41:54 | 000,200,704 | ---- | C] ( (c) MusicCity) -- C:\Windows\SysWow64\muzwmts.dll [2010.09.15 10:41:54 | 000,172,032 | ---- | C] (Musiccity Co.Ltd.) -- C:\Windows\SysWow64\muzapp.exe [2010.09.15 10:41:54 | 000,155,648 | ---- | C] (Teruten Inc.) -- C:\Windows\SysWow64\MSFLib.dll [2010.09.15 10:41:54 | 000,135,168 | ---- | C] (Musiccity Co.Ltd.) -- C:\Windows\SysWow64\muzaf1.dll [2010.09.15 10:41:54 | 000,131,072 | ---- | C] ((c) MusicCity) -- C:\Windows\SysWow64\muzmpgsp.ax [2010.09.15 10:41:54 | 000,122,880 | ---- | C] ((c) MUSICCITY) -- C:\Windows\SysWow64\muzeffect.ax [2010.09.15 10:41:54 | 000,118,784 | ---- | C] ((주)마크애니) -- C:\Windows\SysWow64\MaDRM.dll [2010.09.15 10:41:54 | 000,110,592 | ---- | C] ((c) MusicCity) -- C:\Windows\SysWow64\muzmp4sp.ax [2010.09.15 10:41:54 | 000,057,344 | ---- | C] (Marktek) -- C:\Windows\SysWow64\MK_Lyric.dll [2010.09.15 10:41:54 | 000,057,344 | ---- | C] (Marktek Inc.) -- C:\Windows\SysWow64\MTXSYNCICON.dll [2010.09.15 10:41:54 | 000,049,152 | ---- | C] ((주) 마크애니) -- C:\Windows\SysWow64\MaJGUILib.dll [2010.09.15 10:41:54 | 000,045,056 | ---- | C] ((주) 마크애니) -- C:\Windows\SysWow64\MaXMLProto.dll [2010.09.15 10:41:54 | 000,045,056 | ---- | C] ((주) 마크애니) -- C:\Windows\SysWow64\MACXMLProto.dll [2010.09.15 10:41:54 | 000,040,960 | ---- | C] (마크애니연구소) -- C:\Windows\SysWow64\MAMACExtract.dll [2010.09.15 10:41:54 | 000,040,960 | ---- | C] (Telechips Inc.,) -- C:\Windows\SysWow64\MTTELECHIP.dll [2010.09.15 10:41:54 | 000,024,576 | ---- | C] ((주)마크애니) -- C:\Windows\SysWow64\MASetupCleaner.exe [2010.09.15 10:41:08 | 000,511,328 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\Synchronization2.dll [2010.09.15 10:41:08 | 000,288,608 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\Microsoft.Synchronization.dll [2010.09.15 10:41:08 | 000,253,280 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\MetaStore2.dll [2010.09.15 10:37:40 | 000,763,216 | ---- | C] (Devguru Co., Ltd.) -- C:\Windows\SysWow64\dgderapi.dll [2010.09.15 10:37:40 | 000,095,568 | ---- | C] (Devguru Co., Ltd.) -- C:\Windows\SysWow64\dgdersvc.exe [2010.09.15 10:37:40 | 000,018,120 | ---- | C] (Devguru Co., Ltd) -- C:\Windows\SysWow64\drivers\dgderdrv.sys [2010.09.08 11:17:46 | 000,094,208 | ---- | C] (Apple Inc.) -- C:\Windows\SysWow64\QuickTimeVR.qtx [2010.09.08 11:17:46 | 000,069,632 | ---- | C] (Apple Inc.) -- C:\Windows\SysWow64\QuickTime.qts [2010.09.06 22:19:45 | 000,000,000 | ---D | C] -- C:\Windows\SysWow64\System32 [2010.08.03 23:07:42 | 000,082,816 | ---- | C] (VSO Software) -- C:\Users\Administrator\AppData\Roaming\pcouffin.sys [2 C:\Windows\SysWow64\*.tmp files -> C:\Windows\SysWow64\*.tmp -> ] [1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ] ========== Files - Modified Within 30 Days ========== [2010.10.06 16:58:07 | 000,000,304 | ---- | M] () -- C:\Windows\tasks\RegistryBooster.job [2010.10.06 16:58:04 | 000,000,006 | -H-- | M] () -- C:\Windows\tasks\SA.DAT [2010.10.06 16:58:00 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat [2010.10.06 16:57:55 | 2146,729,983 | -HS- | M] () -- C:\hiberfil.sys [2010.10.06 16:56:53 | 003,145,728 | -HS- | M] () -- C:\Users\Administrator\NTUSER.DAT [2010.10.06 16:56:52 | 005,441,090 | -H-- | M] () -- C:\Users\Administrator\AppData\Local\IconCache.db [2010.10.06 16:45:21 | 000,000,567 | ---- | M] () -- C:\Users\Public\Desktop\Malwarebytes' Anti-Malware.lnk [2010.10.06 16:39:35 | 000,014,192 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0 [2010.10.06 16:39:35 | 000,014,192 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0 [2010.10.06 16:37:07 | 001,527,504 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI [2010.10.06 16:37:07 | 000,664,396 | ---- | M] () -- C:\Windows\SysNative\perfh007.dat [2010.10.06 16:37:07 | 000,624,578 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat [2010.10.06 16:37:07 | 000,134,564 | ---- | M] () -- C:\Windows\SysNative\perfc007.dat [2010.10.06 16:37:07 | 000,110,216 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat [2010.10.06 16:17:49 | 006,153,648 | ---- | M] (Malwarebytes Corporation ) -- C:\Users\Administrator\Desktop\mbam-setup.exe [2010.10.06 16:13:55 | 000,307,694 | ---- | M] () -- C:\Users\Administrator\Desktop\PES2011_Camera_Settings_1.3.rar [2010.10.06 15:55:56 | 000,576,512 | ---- | M] (OldTimer Tools) -- C:\Users\Administrator\Desktop\OTL.exe [2010.10.05 20:47:29 | 000,000,000 | ---- | M] () -- C:\Windows\SysWow64\SM.lock [2010.10.05 20:38:45 | 000,026,189 | ---- | M] () -- C:\Users\Administrator\Desktop\billing_349202775_4cab7092742ac.pdf [2010.10.05 20:13:54 | 000,406,650 | ---- | M] () -- C:\Users\Administrator\Desktop\Zweite Seite der Bestellung.png [2010.10.05 19:50:16 | 001,337,458 | ---- | M] () -- C:\Windows\SysNative\drivers\Cat.DB [2010.10.04 19:59:17 | 902,445,056 | ---- | M] () -- C:\Users\Administrator\Desktop\dt07.img [2010.10.03 22:30:08 | 000,016,769 | ---- | M] () -- C:\Users\Administrator\Desktop\Setups F1 2010.docx [2010.10.01 23:28:14 | 000,002,006 | ---- | M] () -- C:\aqua_bitmap.cpp [2010.10.01 23:25:28 | 132,218,216 | ---- | M] (Samsung Electronics Co., Ltd.) -- C:\Users\Administrator\Desktop\kies_win.exe [2010.09.29 21:29:04 | 017,276,616 | ---- | M] (Logitech ) -- C:\Users\Administrator\Desktop\lgs510_x64.exe [2010.09.27 22:01:40 | 000,466,520 | ---- | M] (Creative Labs) -- C:\Windows\SysNative\wrap_oal.dll [2010.09.27 22:01:40 | 000,445,016 | ---- | M] (Creative Labs) -- C:\Windows\SysWow64\wrap_oal.dll [2010.09.27 22:01:40 | 000,122,968 | ---- | M] (Portions (C) Creative Labs Inc. and NVIDIA Corp.) -- C:\Windows\SysNative\OpenAL32.dll [2010.09.27 22:01:40 | 000,109,144 | ---- | M] (Portions (C) Creative Labs Inc. and NVIDIA Corp.) -- C:\Windows\SysWow64\OpenAL32.dll [2010.09.22 16:34:40 | 001,501,912 | ---- | M] (cFos Software GmbH) -- C:\Windows\SysNative\drivers\cfosspeed6.sys [2010.09.15 10:42:14 | 000,819,024 | ---- | M] (Devguru Co., Ltd.) -- C:\Windows\SysNative\dgderapi.dll [2010.09.15 10:42:12 | 000,119,632 | ---- | M] (Devguru Co., Ltd.) -- C:\Windows\SysNative\dgdersvc.exe [2010.09.15 10:42:12 | 000,020,552 | ---- | M] (Devguru Co., Ltd) -- C:\Windows\SysNative\drivers\dgderdrv.sys [2010.09.15 10:41:54 | 000,974,848 | ---- | M] () -- C:\Windows\SysWow64\cis-2.4.dll [2010.09.15 10:41:54 | 000,569,344 | ---- | M] ((c) MusicCity) -- C:\Windows\SysWow64\muzdecode.ax [2010.09.15 10:41:54 | 000,491,520 | ---- | M] (Musiccity Co.Ltd.) -- C:\Windows\SysWow64\muzapp.dll [2010.09.15 10:41:54 | 000,352,256 | ---- | M] (Sample Corporation) -- C:\Windows\SysWow64\MSLUR71.dll [2010.09.15 10:41:54 | 000,258,048 | ---- | M] ((c) PeeringPortal) -- C:\Windows\SysWow64\muzoggsp.ax [2010.09.15 10:41:54 | 000,245,760 | ---- | M] (Teruten Inc.) -- C:\Windows\SysWow64\MSCLib.dll [2010.09.15 10:41:54 | 000,243,576 | ---- | M] ((주)마크애니) -- C:\Windows\SysWow64\MASetupCaller.dll [2010.09.15 10:41:54 | 000,200,704 | ---- | M] ( (c) MusicCity) -- C:\Windows\SysWow64\muzwmts.dll [2010.09.15 10:41:54 | 000,172,032 | ---- | M] (Musiccity Co.Ltd.) -- C:\Windows\SysWow64\muzapp.exe [2010.09.15 10:41:54 | 000,155,648 | ---- | M] (Teruten Inc.) -- C:\Windows\SysWow64\MSFLib.dll [2010.09.15 10:41:54 | 000,135,168 | ---- | M] (Musiccity Co.Ltd.) -- C:\Windows\SysWow64\muzaf1.dll [2010.09.15 10:41:54 | 000,131,072 | ---- | M] ((c) MusicCity) -- C:\Windows\SysWow64\muzmpgsp.ax [2010.09.15 10:41:54 | 000,122,880 | ---- | M] ((c) MUSICCITY) -- C:\Windows\SysWow64\muzeffect.ax [2010.09.15 10:41:54 | 000,118,784 | ---- | M] ((주)마크애니) -- C:\Windows\SysWow64\MaDRM.dll [2010.09.15 10:41:54 | 000,110,592 | ---- | M] ((c) MusicCity) -- C:\Windows\SysWow64\muzmp4sp.ax [2010.09.15 10:41:54 | 000,081,920 | ---- | M] () -- C:\Windows\SysWow64\issacapi_bs-2.3.dll [2010.09.15 10:41:54 | 000,065,536 | ---- | M] () -- C:\Windows\SysWow64\issacapi_pe-2.3.dll [2010.09.15 10:41:54 | 000,057,344 | ---- | M] (Marktek) -- C:\Windows\SysWow64\MK_Lyric.dll [2010.09.15 10:41:54 | 000,057,344 | ---- | M] (Marktek Inc.) -- C:\Windows\SysWow64\MTXSYNCICON.dll [2010.09.15 10:41:54 | 000,057,344 | ---- | M] () -- C:\Windows\SysWow64\issacapi_se-2.3.dll [2010.09.15 10:41:54 | 000,049,152 | ---- | M] ((주) 마크애니) -- C:\Windows\SysWow64\MaJGUILib.dll [2010.09.15 10:41:54 | 000,045,056 | ---- | M] ((주) 마크애니) -- C:\Windows\SysWow64\MaXMLProto.dll [2010.09.15 10:41:54 | 000,045,056 | ---- | M] ((주) 마크애니) -- C:\Windows\SysWow64\MACXMLProto.dll [2010.09.15 10:41:54 | 000,040,960 | ---- | M] (마크애니연구소) -- C:\Windows\SysWow64\MAMACExtract.dll [2010.09.15 10:41:54 | 000,040,960 | ---- | M] (Telechips Inc.,) -- C:\Windows\SysWow64\MTTELECHIP.dll [2010.09.15 10:41:54 | 000,024,576 | ---- | M] ((주)마크애니) -- C:\Windows\SysWow64\MASetupCleaner.exe [2010.09.15 10:41:08 | 000,511,328 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\Synchronization2.dll [2010.09.15 10:41:08 | 000,288,608 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\Microsoft.Synchronization.dll [2010.09.15 10:41:08 | 000,253,280 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\MetaStore2.dll [2010.09.15 10:37:40 | 000,763,216 | ---- | M] (Devguru Co., Ltd.) -- C:\Windows\SysWow64\dgderapi.dll [2010.09.15 10:37:40 | 000,095,568 | ---- | M] (Devguru Co., Ltd.) -- C:\Windows\SysWow64\dgdersvc.exe [2010.09.15 10:37:40 | 000,018,120 | ---- | M] (Devguru Co., Ltd) -- C:\Windows\SysWow64\drivers\dgderdrv.sys [2010.09.15 10:33:32 | 000,020,480 | ---- | M] (Teruten Inc) -- C:\Windows\SysWow64\FsExService64.Exe [2010.09.15 10:33:32 | 000,016,392 | ---- | M] (Teruten Inc) -- C:\Windows\SysWow64\drivers\TFsExDisk.Sys [2010.09.15 10:33:32 | 000,016,392 | ---- | M] (Teruten Inc) -- C:\Windows\SysNative\drivers\TFsExDisk.sys [2010.09.08 11:17:46 | 000,094,208 | ---- | M] (Apple Inc.) -- C:\Windows\SysWow64\QuickTimeVR.qtx [2010.09.08 11:17:46 | 000,069,632 | ---- | M] (Apple Inc.) -- C:\Windows\SysWow64\QuickTime.qts [2 C:\Windows\SysWow64\*.tmp files -> C:\Windows\SysWow64\*.tmp -> ] [1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ] ========== Files Created - No Company Name ========== [2010.10.06 16:45:21 | 000,000,567 | ---- | C] () -- C:\Users\Public\Desktop\Malwarebytes' Anti-Malware.lnk [2010.10.06 16:13:55 | 000,307,694 | ---- | C] () -- C:\Users\Administrator\Desktop\PES2011_Camera_Settings_1.3.rar [2010.10.05 20:47:29 | 000,000,000 | ---- | C] () -- C:\Windows\SysWow64\SM.lock [2010.10.05 20:46:39 | 000,767,952 | ---- | C] () -- C:\Windows\BDTSupport.dll [2010.10.05 20:46:39 | 000,002,074 | ---- | C] () -- C:\Windows\UDB.zip [2010.10.05 20:46:39 | 000,000,882 | ---- | C] () -- C:\Windows\RegSDImport.xml [2010.10.05 20:46:39 | 000,000,879 | ---- | C] () -- C:\Windows\RegISSImport.xml [2010.10.05 20:46:39 | 000,000,131 | ---- | C] () -- C:\Windows\IDB.zip [2010.10.05 20:38:45 | 000,026,189 | ---- | C] () -- C:\Users\Administrator\Desktop\billing_349202775_4cab7092742ac.pdf [2010.10.05 20:13:54 | 000,406,650 | ---- | C] () -- C:\Users\Administrator\Desktop\Zweite Seite der Bestellung.png [2010.10.05 19:46:57 | 001,337,458 | ---- | C] () -- C:\Windows\SysNative\drivers\Cat.DB [2010.10.05 19:39:01 | 000,000,800 | ---- | C] () -- C:\Users\Administrator\DesktopStCenter.txt [2010.10.04 19:58:42 | 902,445,056 | ---- | C] () -- C:\Users\Administrator\Desktop\dt07.img [2010.09.28 21:47:20 | 000,016,769 | ---- | C] () -- C:\Users\Administrator\Desktop\Setups F1 2010.docx [2010.09.23 18:45:51 | 000,000,000 | ---- | C] () -- C:\Users\Administrator\Sti_Trace.log [2010.09.21 18:14:03 | 000,072,533 | ---- | C] () -- C:\Windows\SysWow64\ieuinit.inf [2010.09.21 18:14:03 | 000,072,533 | ---- | C] () -- C:\Windows\SysNative\ieuinit.inf [2010.09.15 10:41:54 | 000,974,848 | ---- | C] () -- C:\Windows\SysWow64\cis-2.4.dll [2010.09.15 10:41:54 | 000,081,920 | ---- | C] () -- C:\Windows\SysWow64\issacapi_bs-2.3.dll [2010.09.15 10:41:54 | 000,065,536 | ---- | C] () -- C:\Windows\SysWow64\issacapi_pe-2.3.dll [2010.09.15 10:41:54 | 000,057,344 | ---- | C] () -- C:\Windows\SysWow64\issacapi_se-2.3.dll [2010.09.14 21:38:00 | 000,000,304 | ---- | C] () -- C:\Windows\tasks\RegistryBooster.job [2010.08.04 00:05:29 | 000,000,101 | ---- | C] () -- C:\Users\Administrator\AppData\Local\fusioncache.dat [2010.08.04 00:04:38 | 001,526,730 | ---- | C] () -- C:\Windows\SysWow64\PerfStringBackup.INI [2010.08.03 23:07:55 | 000,000,034 | ---- | C] () -- C:\Users\Administrator\AppData\Roaming\pcouffin.log [2010.08.03 23:07:42 | 000,099,384 | ---- | C] () -- C:\Users\Administrator\AppData\Roaming\inst.exe [2010.08.03 23:07:42 | 000,007,859 | ---- | C] () -- C:\Users\Administrator\AppData\Roaming\pcouffin.cat [2010.08.03 23:07:42 | 000,001,167 | ---- | C] () -- C:\Users\Administrator\AppData\Roaming\pcouffin.inf [2010.08.03 22:05:12 | 000,000,000 | ---- | C] () -- C:\Users\Administrator\AppData\Roaming\wklnhst.dat [2010.08.03 21:49:17 | 000,001,769 | ---- | C] () -- C:\Windows\Language_trs.ini [2010.04.02 17:17:34 | 000,179,091 | ---- | C] () -- C:\Windows\SysWow64\xlive.dll.cat [2009.12.04 00:02:42 | 001,738,128 | ---- | C] () -- C:\Windows\SysWow64\BCGPStyle2007Luna.dll [2009.07.14 01:42:10 | 000,064,000 | ---- | C] () -- C:\Windows\SysWow64\BWContextHandler.dll [2009.07.13 23:03:59 | 000,364,544 | ---- | C] () -- C:\Windows\SysWow64\msjetoledb40.dll [2005.04.07 03:42:07 | 000,581,632 | RHS- | C] () -- C:\Users\Administrator\AppData\Roaming\plugin.dat ========== Alternate Data Streams ========== @Alternate Data Stream - 197 bytes -> C:\ProgramData\TEMP:DFC5A2B2 @Alternate Data Stream - 102 bytes -> C:\ProgramData\TEMP:430C6D84 < End of report > -------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------- So das ist bis jetzt Stand der Dinge Ich hoffe ich habe nichts Falsch gemacht und mir kann einer Helfen. Danke schon mal vorab. Geändert von Jenser0609 (06.10.2010 um 16:08 Uhr) |
|
06.10.2010, 21:15
| #2 | |
| /// Winkelfunktion /// TB-Süch-Tiger™   | winlogon.exe nicht in Windows/System 32Zitat:
__________________ |
|
07.10.2010, 07:18
| #3 |
| | winlogon.exe nicht in Windows/System 32 Hallo Arne
__________________Habe ich nachdem ist den ersten Einweisungen aus meinen obigen Post abgeschlossen hatte schon gemacht. Er findet nichts mehr im Quick Scan. Auch die Einträge unter msconfig sind nun weg. Hab ihm wohl durch eure Anweisungen oben welche ich in einem anderen Beitrag gelesen habe weg bekommen. Oder soll ich das Log File noch mal Posten? |
|
07.10.2010, 13:57
| #4 |
| /// Winkelfunktion /// TB-Süch-Tiger™ | winlogon.exe nicht in Windows/System 32 Wann hast Du den Vollscan gemacht? Ich seh nur Logs über einen Quickscan!
__________________ Logfiles bitte immer in CODE-Tags posten  |
|
07.10.2010, 19:15
| #5 | |
| | winlogon.exe nicht in Windows/System 32Zitat:
So jetzt ist der Vollscan durch Malwarebytes' Anti-Malware 1.46 www.malwarebytes.org Datenbank Version: 4770 Windows 6.1.7601 Service Pack 1, v.178 Internet Explorer 9.0.7930.16406 07.10.2010 20:35:18 mbam-log-2010-10-07 (20-35-18).txt Art des Suchlaufs: Vollständiger Suchlauf (C:\|D:\|E:\|F:\|G:\|) Durchsuchte Objekte: 302951 Laufzeit: 21 Minute(n), 34 Sekunde(n) Infizierte Speicherprozesse: 0 Infizierte Speichermodule: 0 Infizierte Registrierungsschlüssel: 0 Infizierte Registrierungswerte: 0 Infizierte Dateiobjekte der Registrierung: 0 Infizierte Verzeichnisse: 0 Infizierte Dateien: 1 Infizierte Speicherprozesse: (Keine bösartigen Objekte gefunden) Infizierte Speichermodule: (Keine bösartigen Objekte gefunden) Infizierte Registrierungsschlüssel: (Keine bösartigen Objekte gefunden) Infizierte Registrierungswerte: (Keine bösartigen Objekte gefunden) Infizierte Dateiobjekte der Registrierung: (Keine bösartigen Objekte gefunden) Infizierte Verzeichnisse: (Keine bösartigen Objekte gefunden) Infizierte Dateien: G:\Arbeit\VMwareWorkstation700B203739\VMwareWorkstation.7.0.0.Build203739\Keygen(EMBRACE)\keygen.exe (Trojan.Agent.CK) -> Quarantined and deleted successfully. Geändert von Jenser0609 (07.10.2010 um 19:35 Uhr) |
|
07.10.2010, 19:40
| #6 | |
| /// Winkelfunktion /// TB-Süch-Tiger™ | winlogon.exe nicht in Windows/System 32Zitat:
 Die (Be)nutzung von Cracks, Serials und Keygens ist illegal, somit gibt es im Trojaner-Board keinen weiteren Support mehr. Für Dich geht es hier weiter => Neuaufsetzen des Systems Bitte auch alle Passwörter abändern (für E-Mail-Konten, StudiVZ, Ebay...einfach alles!) da nicht selten in dieser dubiosen Software auch Keylogger und Backdoorfunktionen stecken. Danach nie wieder sowas anrühren!
__________________ --> winlogon.exe nicht in Windows/System 32 |
|
07.10.2010, 21:16
| #7 | |
| | winlogon.exe nicht in Windows/System 32Zitat:
Und zur Info selbst das von euch Empfohlene Malwarebytes wird von einigen als Virus erkannt. So blockt PC Tools Internet Security 2011 sofort die EXE. Aber das nur am Rande. Geändert von Jenser0609 (07.10.2010 um 21:25 Uhr) |
|
08.10.2010, 11:00
| #8 | |
| /// Winkelfunktion /// TB-Süch-Tiger™ | winlogon.exe nicht in Windows/System 32Zitat:
__________________ Logfiles bitte immer in CODE-Tags posten |
|
| Themen zu winlogon.exe nicht in Windows/System 32 |
| 32-bit, 7-zip, acroiehelper.dll, administrator, alternate, ausführen, backdoor.trace, beendet, browser guard, c:\windows\system32\rundll32.exe, call of duty, components, device driver, document, dokumente, doppelklick, durchgeführt, einstellungen, erstell, excel.exe, feedback, firefox.exe, folge, folgen, gen, generic.bot.h, herunter, install.exe, klicke, langs, links, location, logfiles, malwarebytes, manuell, microsoft office word, neues, ntdll.dll, oldtimer, poste, programdata, rechtsklick, registry, richtlinie, saver, searchplugins, service pack 1, shell32.dll, shortcut, sptd.sys, studio, syswow64, thema, usbaapl64, vista, visual studio, vlc media player, webcheck, winlogon.exe, world at war, wähle |
Linear-Darstellung
