| |
| |||||||
Plagegeister aller Art und deren Bekämpfung: MSN.DE / XING /HOTMAIL NICHT ERREICHBAR; MBAM meldet trojan.amberWindows 7 Wenn Du nicht sicher bist, ob Du dir Malware oder Trojaner eingefangen hast, erstelle hier ein Thema. Ein Experte wird sich mit weiteren Anweisungen melden und Dir helfen die Malware zu entfernen oder Unerwünschte Software zu deinstallieren bzw. zu löschen. Bitte schildere dein Problem so genau wie möglich. Sollte es ein Trojaner oder Viren Problem sein wird ein Experte Dir bei der Beseitigug der Infektion helfen. |
 |
25.10.2010, 21:54
| #1 |
 |  MSN.DE / XING /HOTMAIL NICHT ERREICHBAR; MBAM meldet trojan.amber Hallo, ich habe bisher weder bei Google-Suche noch in diesem Board was dazu gefunden, sorry, falls ich es übersehen habe. Seit einigen Wochen sind die oben genannten Webseiten nich mehr erreichbar, das heisst, der Ladebalken bleibt hängen, Firefox zeigt endlos an "Laden", aber nichts passiert. Auch das laden der aktuellen adobe flash version hängt. Ich kenne mich mit den Zusammenhängen leider gar nicht aus, hatte aber vermutet, daß ich irgendwie auf eine Sperrliste geraten bin. Deshalb habe ich die ersten Schritte eurer Anleitung unternommen. MBAM meldete bzw. löschte einen "trojan.amber", einen "password.stealer" und "malware.trace" Eintrag. Leider stürzt der PC mit Bluescreen bei Start des Programms "GMER" ab, drum habe ich nur die anderen Logdateien zur verfügung. Wer kann mir weiterhelfen, vieleicht auch noch mal erklären, in welcher Form ich die Logdateien liefern soll ? Vielen Dank im voraus |
|
28.10.2010, 14:47
| #2 |
| /// Malware-holic   | MSN.DE / XING /HOTMAIL NICHT ERREICHBAR; MBAM meldet trojan.amber ootl:
__________________Systemscan mit OTL download otl: http://filepony.de/download-otl/ Doppelklick auf die OTL.exe (user von Windows 7 und Vista: Rechtsklick als Administrator ausführen) 1. Oben findest Du ein Kästchen mit Output. Wähle bitte Minimal Output 2. Hake an "scan all users" 3. Unter "Extra Registry wähle: "Use Safelist" "LOP Check" "Purity Check" 4. Kopiere in die Textbox: netsvcs msconfig safebootminimal safebootnetwork activex drivers32 %ALLUSERSPROFILE%\Application Data\*. %ALLUSERSPROFILE%\Application Data\*.exe /s %APPDATA%\*. %APPDATA%\*.exe /s %SYSTEMDRIVE%\*.exe /md5start userinit.exe eventlog.dll scecli.dll netlogon.dll cngaudit.dll ws2ifsl.sys sceclt.dll ntelogon.dll winlogon.exe logevent.dll user32.DLL explorer.exe iaStor.sys nvstor.sys atapi.sys IdeChnDr.sys viasraid.sys AGP440.sys vaxscsi.sys nvatabus.sys viamraid.sys nvata.sys nvgts.sys iastorv.sys ViPrt.sys eNetHook.dll ahcix86.sys KR10N.sys nvstor32.sys ahcix86s.sys /md5stop %systemroot%\system32\drivers\*.sys /lockedfiles %systemroot%\System32\config\*.sav %systemroot%\*. /mp /s %systemroot%\system32\*.dll /lockedfiles CREATERESTOREPOINT 5. Klicke "Scan" 6. 2 reporte werden erstellt: OTL.Txt Extras.Txt beide posten |
|
28.10.2010, 20:15
| #3 |
| | MSN.DE / XING /HOTMAIL NICHT ERREICHBAR; MBAM meldet trojan.amber Hallo,
__________________vielen Dank schon mal für die Antwort. Hier die Extras.txt:OTL Logfile: Code:
ATTFilter OTL Extras logfile created on: 28.10.2010 20:41:12 - Run 2
OTL by OldTimer - Version 3.2.17.1 Folder = C:\Dokumente und Einstellungen\yyyyyyyy xxxxxxxx\Eigene Dateien\Downloads
Windows XP Home Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
1.014,00 Mb Total Physical Memory | 431,00 Mb Available Physical Memory | 42,00% Memory free
2,00 Gb Paging File | 2,00 Gb Available in Paging File | 77,00% Paging File free
Paging file location(s): C:\pagefile.sys 1524 3048 [binary data]
%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Programme
Drive C: | 100,04 Gb Total Space | 75,57 Gb Free Space | 75,54% Space Free | Partition Type: NTFS
Drive D: | 43,00 Gb Total Space | 32,07 Gb Free Space | 74,59% Space Free | Partition Type: NTFS
Computer Name: NAME-3197F9A02F | User Name: yyyyyyyy xxxxxxxx | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
========== Extra Registry (SafeList) ==========
========== File Associations ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
[HKEY_USERS\S-1-5-21-3492014923-2679367495-2594747567-1005\SOFTWARE\Classes\<extension>]
.html [@ = FirefoxHTML] -- C:\Programme\Mozilla Firefox\firefox.exe (Mozilla Corporation)
========== Shell Spawning ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
exefile [open] -- "%1" %*
htmlfile [edit] -- "C:\Programme\Microsoft Office\Office\msohtmed.exe" %1 (Microsoft Corporation)
htmlfile [print] -- "C:\Programme\Microsoft Office\Office\msohtmed.exe" /p %1 (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l (Microsoft Corporation)
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [Bridge] -- C:\Programme\Adobe\Adobe Bridge CS5\Bridge.exe "%L" (Adobe Systems, Inc.)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe /idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
========== Security Center Settings ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"FirstRunDisabled" = 1
"AntiVirusDisableNotify" = 0
"FirewallDisableNotify" = 0
"UpdatesDisableNotify" = 0
"AntiVirusOverride" = 0
"FirewallOverride" = 0
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\AhnlabAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ComputerAssociatesAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\KasperskyAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeFirewall]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaFirewall]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SophosAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TinyFirewall]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendFirewall]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ZoneLabsFirewall]
========== System Restore Settings ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows NT\SystemRestore]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRestore]
"DisableSR" = 0
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Sr]
"Start" = 0
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SrService]
"Start" = 2
========== Firewall Settings ==========
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0
"DoNotAllowExceptions" = 0
========== Authorized Applications List ==========
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
"C:\WINDOWS\system32\dpvsetup.exe" = C:\WINDOWS\system32\dpvsetup.exe:*:Disabled:Microsoft DirectPlay Voice Test -- (Microsoft Corporation)
"C:\Programme\fotobuch.de AG\Designer 2.0\Designer.exe" = C:\Programme\fotobuch.de AG\Designer 2.0\Designer.exe:*:Designer.exe -- File not found
"E:\fsetup.exe" = E:\fsetup.exe:*:Enabled:AVM FSetup Application -- File not found
"C:\Programme\FRITZ!DSL\IGDCTRL.EXE" = C:\Programme\FRITZ!DSL\IGDCTRL.EXE:*:Enabled:AVM FRITZ!DSL - igdctrl.exe -- (AVM Berlin)
"C:\Programme\FRITZ!DSL\FBOXUPD.EXE" = C:\Programme\FRITZ!DSL\FBOXUPD.EXE:*:Enabled:AVM FRITZ!DSL - fboxupd.exe -- (AVM Berlin)
"C:\Programme\FRITZ!DSL\WebwaIgd.exe" = C:\Programme\FRITZ!DSL\WebwaIgd.exe:*:Enabled:AVM FRITZ!DSL - webwaigd.exe -- (AVM Berlin)
========== HKEY_LOCAL_MACHINE Uninstall List ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{00000407-78E1-11D2-B60F-006097C998E7}" = Microsoft Office 2000 Premium
"{0001B4FD-9EA3-4D90-A79E-FD14BA3AB01D}" = PDFCreator
"{033E378E-6AD3-4AD5-BDEB-CBD69B31046C}" = Microsoft_VC90_ATL_x86
"{04AF207D-9A77-465A-8B76-991F6AB66245}" = Adobe Help Viewer CS3
"{06391FB0-B995-46DE-ADD2-3EE057BFA9DA}" = StarMoney 7.0 S-Edition
"{08B32819-6EEF-4057-AEDA-5AB681A36A23}" = Adobe Bridge Start Meeting
"{08D2E121-7F6A-43EB-97FD-629B44903403}" = Microsoft_VC90_CRT_x86
"{0C826C5B-B131-423A-A229-C71B3CACCD6A}" = CDDRV_Installer
"{0F3647F8-E51D-4FCC-8862-9A8D0C5ACF25}" = Microsoft_VC80_ATL_x86
"{145DE957-0679-4A2A-BB5C-1D3E9808FAB2}" = Samsung Recovery Solution III
"{15FEDA5F-141C-4127-8D7E-B962D1742728}" = Adobe Photoshop CS5
"{17283B95-21A8-4996-97DA-547A48DB266F}" = Easy Display Manager
"{18455581-E099-4BA8-BC6B-F34B2F06600C}" = Google Toolbar for Internet Explorer
"{184CE391-7E0E-4C63-9935-D7A10EDFD3C6}" = Adobe WinSoft Linguistics Plugin
"{1C63DD23-6554-4A1F-8D0D-B5A6B49D8015}" = Corel Graphics Suite 11
"{1CB92574-96F2-467B-B793-5CEB35C40C29}" = Image Resizer Powertoy for Windows XP
"{2227E1FA-01F5-483C-AB0E-2A308E900B3D}" = InterVideo FilterSDK for Hauppauge
"{2318C2B1-4965-11d4-9B18-009027A5CD4F}" = Google Toolbar for Internet Explorer
"{24D7346D-D4B4-45E8-98EA-75EC14B42DD8}" = Adobe ExtendScript Toolkit 2
"{26A24AE4-039D-4CA4-87B4-2F83216020FF}" = Java(TM) 6 Update 21
"{29E5EA97-5F74-4A57-B8B2-D4F169117183}" = Adobe Stock Photos CS3
"{3101CB58-3482-4D21-AF1A-7057FC935355}" = KhalInstallWrapper
"{3248F0A8-6813-11D6-A77B-00B0D0150000}" = J2SE Runtime Environment 5.0
"{32D6A58F-9659-446C-BBFC-E6F2B41F24DC}" = Samsung Magic Doctor
"{350C97B3-3D7C-4EE8-BAA9-00BCB3D54227}" = WebFldrs XP
"{3EE9BCAE-E9A9-45E5-9B1C-83A4D357E05C}" = erLT
"{411E0CC3-587A-468C-B461-95FAFD05E4DE}" = Adobe InDesign CS3
"{4286E640-B5FB-11DF-AC4B-005056C00008}" = Google Earth
"{45FCADDB-0B29-457E-83A1-D245C62A716C}" = OLYMPUS Master 2
"{4658e798-942d-408a-b0be-767163b88e99}" = Nero BackItUp 4 Essentials
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{50C78780-1A54-4A5C-B3A7-FF828C62C5C2}" = Steinberg Cubase LE 5
"{54793AA1-5001-42F4-ABB6-C364617C6078}" = Adobe Linguistics CS3
"{5B6455A4-E812-479B-A762-C2356244CF97}" = EZ Grabber
"{5CBB720F-08E6-4043-B83F-76C277AF6DE7}" = Samsung Wallpaper
"{635FED5B-2C6D-49BE-87E6-7A6FCD22BC5A}" = Microsoft_VC90_MFC_x86
"{64C1FA9A-FA94-4B6E-B3E4-8573738E4AD1}" = Adobe Setup
"{65883ddf-2152-4cb7-8e13-b99194b13498}" = Nero BackItUp
"{6ABE0BEE-D572-4FE8-B434-9E72A289431B}" = Adobe Fonts All
"{6AFCA4E1-9B78-3640-8F72-A7BF33448200}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729
"{6D4AC5A4-4CF9-4F90-8111-B9B53CE257BF}" = Adobe Color Common Settings
"{6F730513-8688-4C3C-90A3-6B9792CE2EF3}" = Samsung Battery Manager
"{6FF5DD7A-FE28-4439-B8CF-1E9AF4EA0A61}" = Adobe Asset Services CS3
"{716E0306-8318-4364-8B8F-0CC4E9376BAC}" = MSXML 4.0 SP2 Parser and SDK
"{71A51B59-E7D3-11DB-A386-005056C00008}" = Namuga 1.3M Webcam
"{7299052b-02a4-4627-81f2-1818da5d550d}" = Microsoft Visual C++ 2005 Redistributable
"{73B5D990-04EA-4751-B10F-5534770B91F2}" = Adobe Color EU Recommended Settings
"{74A929E2-FBD8-4736-A84E-2ABBB2ABADF2}" = AVM FRITZ!DSL
"{75c53f52-398b-4d66-b28a-f9ef170b3b34}" = Nero BackItUp
"{7B46F9CF-CF60-492E-816E-95EB1A9D1BB4}" = Play Camera
"{7E84FAC8-C518-40F9-9807-7455301D6D25}" = SamsungConnectivityCableDriver
"{802771A9-A856-4A41-ACF7-1450E523C923}" = Adobe XMP Panels CS3
"{837b34e3-7c30-493c-8f6a-2b0f04e2912c}" = Microsoft Visual C++ 2005 Redistributable
"{837E620D-B93E-4D84-A753-BE1DBEB716B1}" = StarMoney
"{86F4B795-EA3D-48BD-ADFA-DA44B39059F9}" = StarMoney
"{8E106A57-A17E-431D-B48F-175E42EB9F74}" = imagine digital freedom - Samsung
"{8E6808E2-613D-4FCD-81A2-6C8FA8E03312}" = Adobe Type Support
"{90176341-0A8B-4CCC-A78D-F862228A6B95}" = Adobe Anchor Service CS3
"{92D58719-BBC1-4CC3-A08B-56C9E884CC2C}" = Microsoft_VC80_CRT_x86
"{981029E0-7FC9-4CF3-AB39-6F133621921A}" = Skype Toolbars
"{9C9824D9-9000-4373-A6A5-D0E5D4831394}" = Adobe Bridge CS3
"{A2B242BD-FF8D-4840-9DAA-9170EABEC59C}" = Adobe CMaps
"{A3051CD0-2F64-3813-A88D-B8DCCDE8F8C7}" = Microsoft .NET Framework 3.0 Service Pack 2
"{A49F249F-0C91-497F-86DF-B2585E8E76B7}" = Microsoft Visual C++ 2005 Redistributable
"{A78FE97A-C0C8-49CE-89D0-EDD524A17392}" = PDF Settings CS5
"{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper
"{ABB14904-A11B-4F42-996C-80FD608A0F17}" = Samsung EDS
"{AC599724-5755-48C1-ABE7-ABB857652930}" = PC Connectivity Solution
"{AC5B0C19-D851-42F4-BDA0-410ECF7F70A5}" = PDF Settings
"{AC76BA86-7AD7-1031-7B44-A82000000003}" = Adobe Reader 8.2.5 - Deutsch
"{AE585DDE-7230-4B57-926B-428C94AA5850}" = Adobe Setup
"{AF7E85DC-317C-47F5-810E-B82EE093A612}" = Samsung New PC Studio USB Driver Installer
"{B194272D-1F92-46DF-99EB-8D5CE91CB4EC}" = Adobe AIR
"{b2ec4a38-b545-4a00-8214-13fe0e915e6d}" = Advertising Center
"{B3276CB1-20B6-4AF9-AAEC-E72C83816495}" = IKEA Home Planner
"{B3BF6689-A81D-40D8-9A86-4AC4ACD9FC1C}" = Adobe Camera Raw 4.0
"{B3C02EC1-A7B0-4987-9A43-8789426AAA7D}" = Adobe Setup
"{B671CBFD-4109-4D35-9252-3062D3CCB7B2}" = Adobe SING CS3
"{B9B35331-B7E4-4E5C-BF4C-7BC87856124D}" = Adobe Default Language CS3
"{BAE68339-B0F6-4D33-9554-5A3DB2DFF5DA}" = User Guide
"{bd5ca0da-71ad-43da-b19e-6eee0c9adc9a}" = Nero ControlCenter
"{BD723E53-A42C-4702-AA04-1D74A0311590}" = Magic Keyboard
"{C04D5974-F528-4347-A494-EAF56124CC1A}" = Steinberg HALionOne Essential Set
"{C09FB3CD-3D0C-3F2D-899A-6A1D67F2073F}" = Microsoft .NET Framework 2.0 Service Pack 2
"{C1E544E5-EF3C-4103-A57B-3A499FD91031}" = Nero 7 Essentials
"{C6FF65DB-B18E-4F0E-948F-E058E67BAF48}" = VstPlayer
"{CCEB53A5-A252-4CF3-8602-429AB06BF0AE}" = Terragen
"{CDDCBBF1-2703-46BC-938B-BCC81A1EEAAA}" = SUPERAntiSpyware
"{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1
"{D0795B21-0CDA-4a92-AB9E-6E92D8111E44}" = SAMSUNG USB Driver for Mobile Phones
"{D0DFF92A-492E-4C40-B862-A74A173C25C5}" = Adobe Version Cue CS3 Client
"{D103C4BA-F905-437A-8049-DB24763BBE36}" = Skype™ 4.2
"{D1A19B02-817E-4296-A45B-07853FD74D57}" = Microsoft_VC80_MFC_x86
"{D2559B88-CC9D-4B48-81BB-F492BAA9C48C}" = Adobe PDF Library Files
"{D8CE69B0-9274-4b8c-BA49-0FF6A20A3C65}" = SAMSUNG SYMBIAN USB Download Driver
"{D92BBB52-82FF-42ED-8A3C-4E062F944AB7}" = Microsoft_VC80_MFCLOC_x86
"{DA71A94B-3617-4935-8BBE-1566B2174C95}" = Drv
"{DD7DB3C5-6FA3-4FA3-8A71-C2F2940EB029}" = Adobe Color JA Extra Settings
"{DE3A9DC5-9A5D-6485-9662-347162C7E4CA}" = Adobe Media Player
"{DEA48EFD-22C1-4CD6-B887-EB2E6B2E4735}" = Samsung Network Manager 2.0
"{E1180142-3B31-4DCC-9D27-7AC2D37662BF}" = LightScribe 1.4.124.1
"{E69AE897-9E0B-485C-8552-7841F48D42D8}" = Adobe Update Manager CS3
"{E70E7159-93B1-470D-9FBD-D8E9EF34B538}" = Steinberg HALionOne
"{e8a80433-302b-4ff1-815d-fcc8eac482ff}" = Nero Installer
"{EA7B3CC4-366D-4CF6-8350-FD7A7034116E}" = Adobe InDesign CS3 Icon Handler
"{EE531675-A09C-51DD-F356-ECA9D6857039}" = Adobe Community Help
"{F07B861C-72B9-40A4-8B1A-AAED4C06A7E8}" = QuickTime
"{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver
"{F193FC0E-9E18-40FC-A974-509A1BDD240A}" = Samsung New PC Studio
"{F29B21BD-CAA6-445F-8EF7-A7E2B9D8B14E}" = Logitech SetPoint
"{f4041dce-3fe1-4e18-8a9e-9de65231ee36}" = Nero ControlCenter
"{F4F41D14-E0DD-4FB4-AA09-A14225C769BD}" = Atheros WLAN Client
"{FF29A7E2-FF40-4D07-B7E4-2093DE59E10A}" = Adobe Color NA Extra Settings
"3A5DEFA413DDE699DBA6EBE0A63534ACA524D30F" = Windows-Treiberpaket - Nokia pccsmcfd (10/12/2007 6.85.4.0)
"7-Zip" = 7-Zip 4.65
"Adobe AIR" = Adobe AIR
"Adobe Photoshop 6.0" = Adobe Photoshop 6.0
"Adobe SVG Viewer" = Adobe SVG Viewer
"Adobe_3e054d2218e7aa282c2369d939e58ff" = Adobe ExtendScript Toolkit 2
"Adobe_6c8e2cb4fd241c55406016127a6ab2e" = Adobe Color Common Settings
"Adobe_8fbf74eb27c84640370f87306e8981b" = Adobe InDesign CS3
"ASIO4ALL" = ASIO4ALL
"AVG9Uninstall" = AVG Free 9.0
"AVMFBox" = AVM FRITZ!Box Dokumentation
"AVMFBoxPrinter" = AVM FRITZ!Box Druckeranschluss
"Bryce" = Bryce 5.5c
"Bryce 5" = Bryce(R) 5
"chc.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1" = Adobe Community Help
"com.adobe.amp.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1" = Adobe Media Player
"DAZ|Studio" = DAZ|Studio 1.5.1.0
"eLicenser Control" = eLicenser Control
"ERUNT_is1" = ERUNT 1.1j
"Google Updater" = Google Updater
"Hauppauge German Help Files and Resources" = Hauppauge German Help Files and Resources
"Hauppauge WinTV" = Hauppauge WinTV
"Hauppauge WinTV DVB-T EPG Service" = Hauppauge WinTV DVB-T EPG Service
"Hauppauge WinTV Scheduler" = Hauppauge WinTV Scheduler
"Hauppauge WinTV TV Services" = Hauppauge WinTV TV Services
"HDMI" = Intel(R) Graphics Media Accelerator Driver
"IDNMitigationAPIs" = Microsoft Internationalized Domain Names Mitigation APIs
"ie7" = Windows Internet Explorer 7
"ie8" = Windows Internet Explorer 8
"InstallShield_{1C63DD23-6554-4A1F-8D0D-B5A6B49D8015}" = CorelDRAW Graphics Suite 11
"InstallShield_{5B6455A4-E812-479B-A762-C2356244CF97}" = EZ Grabber
"InstallShield_{7B46F9CF-CF60-492E-816E-95EB1A9D1BB4}" = Play Camera
"InstallShield_{AF7E85DC-317C-47F5-810E-B82EE093A612}" = Samsung New PC Studio USB Driver Installer
"InstallShield_{DEA48EFD-22C1-4CD6-B887-EB2E6B2E4735}" = Samsung Network Manager 2.0
"InstallShield_{F193FC0E-9E18-40FC-A974-509A1BDD240A}" = Samsung New PC Studio
"IrfanView" = IrfanView (remove only)
"Malwarebytes' Anti-Malware_is1" = Malwarebytes' Anti-Malware
"Marvell Miniport Driver" = Marvell Miniport Driver
"Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1
"MotionBLITZ" = MotionBLITZ
"Mozilla Firefox (3.6.11)" = Mozilla Firefox (3.6.11)
"MSCompPackV1" = Microsoft Compression Client Pack 1.0 for Windows XP
"MSNINST" = MSN
"NLSDownlevelMapping" = Microsoft National Language Support Downlevel APIs
"RedEye" = RedEye (remove only)
"Rossmann Fotoservice_is1" = Rossmann Fotoservice 2.6
"STANLY Track EDDM" = STANLY Track EDDM
"SynTPDeinstKey" = Synaptics Pointing Device Driver
"USB_AUDIO_DEusb-audio.deBehringer2902" = BEHRINGER USB AUDIO DRIVER
"VLC media player" = VLC media player 0.9.8a
"VTPlus32 für WinTV (German)" = VTPlus32 für WinTV (German)
"Wdf01005" = Microsoft Kernel-Mode Driver Framework Feature Pack 1.5
"Windows Media Format Runtime" = Windows Media Format 11 runtime
"Windows Media Player" = Windows Media Player 11
"WinRAR archiver" = WinRAR
"WMFDist11" = Windows Media Format 11 runtime
"wmp11" = Windows Media Player 11
"Wudf01000" = Microsoft User-Mode Driver Framework Feature Pack 1.0
"Xenu_is1" = Xenu's Link Sleuth
"XMedia Recode" = XMedia Recode 2.1.1.1
========== HKEY_USERS Uninstall List ==========
[HKEY_USERS\S-1-5-21-3492014923-2679367495-2594747567-1005\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"STANLY Track EDDM" = STANLY Track EDDM
========== Last 10 Event Log Errors ==========
[ Application Events ]
Error - 13.10.2010 16:12:47 | Computer Name = NAME-3197F9A02F | Source = Application Hang | ID = 1002
Description = Stillstehende Anwendung SDUpdate.exe, Version 1.6.0.12, Stillstandmodul
hungapp, Version 0.0.0.0, Stillstandadresse 0x00000000.
Error - 16.10.2010 09:52:44 | Computer Name = NAME-3197F9A02F | Source = Application Hang | ID = 1002
Description = Stillstehende Anwendung SpybotSD.exe, Version 1.6.2.46, Stillstandmodul
hungapp, Version 0.0.0.0, Stillstandadresse 0x00000000.
Error - 22.10.2010 14:37:39 | Computer Name = NAME-3197F9A02F | Source = Application Hang | ID = 1002
Description = Stillstehende Anwendung firefox.exe, Version 1.9.2.3937, Stillstandmodul
hungapp, Version 0.0.0.0, Stillstandadresse 0x00000000.
Error - 22.10.2010 14:37:59 | Computer Name = NAME-3197F9A02F | Source = Application Error | ID = 1000
Description = Fehlgeschlagene Anwendung plugin-container.exe, Version 1.9.2.3937,
fehlgeschlagenes Modul ntdll.dll, Version 5.1.2600.5755, Fehleradresse 0x0000100b.
Error - 23.10.2010 15:10:40 | Computer Name = NAME-3197F9A02F | Source = crypt32 | ID = 131083
Description = Die Extrahierung der Drittanbieterstammlisten aus der automatischen
Aktualisierungs-CAB-Datei bei <hxxp://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cab>
ist fehlgeschlagen mit dem Fehler: Ein erforderliches Zertifikat befindet sich
nicht im Gültigkeitszeitraum gemessen an der aktuellen Systemzeit oder dem Zeitstempel
in der signierten Datei. .
Error - 23.10.2010 15:10:40 | Computer Name = NAME-3197F9A02F | Source = crypt32 | ID = 131083
Description = Die Extrahierung der Drittanbieterstammlisten aus der automatischen
Aktualisierungs-CAB-Datei bei <hxxp://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cab>
ist fehlgeschlagen mit dem Fehler: Ein erforderliches Zertifikat befindet sich
nicht im Gültigkeitszeitraum gemessen an der aktuellen Systemzeit oder dem Zeitstempel
in der signierten Datei. .
Error - 25.10.2010 15:57:24 | Computer Name = NAME-3197F9A02F | Source = Application Hang | ID = 1002
Description = Stillstehende Anwendung msimn.exe, Version 6.0.2900.5512, Stillstandmodul
hungapp, Version 0.0.0.0, Stillstandadresse 0x00000000.
Error - 27.10.2010 14:45:15 | Computer Name = NAME-3197F9A02F | Source = Application Hang | ID = 1002
Description = Stillstehende Anwendung firefox.exe, Version 1.9.2.3937, Stillstandmodul
hungapp, Version 0.0.0.0, Stillstandadresse 0x00000000.
Error - 27.10.2010 14:45:16 | Computer Name = NAME-3197F9A02F | Source = Application Hang | ID = 1002
Description = Stillstehende Anwendung firefox.exe, Version 1.9.2.3937, Stillstandmodul
hungapp, Version 0.0.0.0, Stillstandadresse 0x00000000.
Error - 27.10.2010 14:45:26 | Computer Name = NAME-3197F9A02F | Source = Application Hang | ID = 1002
Description = Stillstehende Anwendung firefox.exe, Version 1.9.2.3937, Stillstandmodul
hungapp, Version 0.0.0.0, Stillstandadresse 0x00000000.
[ System Events ]
Error - 24.10.2010 14:34:27 | Computer Name = NAME-3197F9A02F | Source = Service Control Manager | ID = 7034
Description = Dienst "LightScribeService Direct Disc Labeling Service" wurde unerwartet
beendet. Dies ist bereits 1 Mal passiert.
Error - 24.10.2010 14:34:27 | Computer Name = NAME-3197F9A02F | Source = Service Control Manager | ID = 7034
Description = Dienst "Java Quick Starter" wurde unerwartet beendet. Dies ist bereits
1 Mal passiert.
Error - 24.10.2010 14:34:28 | Computer Name = NAME-3197F9A02F | Source = Service Control Manager | ID = 7031
Description = Der Dienst "Nero BackItUp Scheduler 4.0" wurde unerwartet beendet.
Dies ist bereits 1 Mal vorgekommen. Folgende Korrekturmaßnahmen werden in 500 Millisekunden
durchgeführt: Starten Sie den Dienst neu..
Error - 24.10.2010 14:34:28 | Computer Name = NAME-3197F9A02F | Source = Service Control Manager | ID = 7034
Description = Dienst "PLFlash DeviceIoControl Service" wurde unerwartet beendet.
Dies ist bereits 1 Mal passiert.
Error - 24.10.2010 14:34:28 | Computer Name = NAME-3197F9A02F | Source = Service Control Manager | ID = 7034
Description = Dienst "SNM WLAN Service" wurde unerwartet beendet. Dies ist bereits
1 Mal passiert.
Error - 24.10.2010 14:34:30 | Computer Name = NAME-3197F9A02F | Source = Service Control Manager | ID = 7034
Description = Dienst "StarMoney 7.0 OnlineUpdate" wurde unerwartet beendet. Dies
ist bereits 1 Mal passiert.
Error - 25.10.2010 15:57:15 | Computer Name = NAME-3197F9A02F | Source = System Error | ID = 1003
Description = Fehlercode 00000019, 1. Parameter 00000020, 2. Parameter 859b2498,
3. Parameter 859b2cc0, 4. Parameter 1b05003b.
Error - 25.10.2010 16:02:14 | Computer Name = NAME-3197F9A02F | Source = System Error | ID = 1003
Description = Fehlercode 00000019, 1. Parameter 00000020, 2. Parameter 85801000,
3. Parameter 85801828, 4. Parameter 1b050000.
Error - 27.10.2010 15:30:51 | Computer Name = NAME-3197F9A02F | Source = System Error | ID = 1003
Description = Fehlercode 00000019, 1. Parameter 00000020, 2. Parameter 85113000,
3. Parameter 85113828, 4. Parameter 1b050000.
Error - 28.10.2010 00:45:22 | Computer Name = NAME-3197F9A02F | Source = Service Control Manager | ID = 7011
Description = Zeitüberschreitung (30000 ms) beim Warten auf eine Transaktionsrückmeldung
von Dienst SNM WLAN Service.
< End of report >
und hier die OTL.txt:OTL Logfile: Code:
ATTFilter OTL logfile created on: 28.10.2010 20:41:12 - Run 2 OTL by OldTimer - Version 3.2.17.1 Folder = C:\Dokumente und Einstellungen\yyyyyyyy xxxxxxxx\Eigene Dateien\Downloads Windows XP Home Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation Internet Explorer (Version = 8.0.6001.18702) Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy 1.014,00 Mb Total Physical Memory | 431,00 Mb Available Physical Memory | 42,00% Memory free 2,00 Gb Paging File | 2,00 Gb Available in Paging File | 77,00% Paging File free Paging file location(s): C:\pagefile.sys 1524 3048 [binary data] %SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Programme Drive C: | 100,04 Gb Total Space | 75,57 Gb Free Space | 75,54% Space Free | Partition Type: NTFS Drive D: | 43,00 Gb Total Space | 32,07 Gb Free Space | 74,59% Space Free | Partition Type: NTFS Computer Name: NAME-3197F9A02F | User Name: yyyyyyyy xxxxxxxx | Logged in as Administrator. Boot Mode: Normal | Scan Mode: All users Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days ========== Processes (SafeList) ========== PRC - C:\Dokumente und Einstellungen\yyyyyyyy xxxxxxxx\Eigene Dateien\Downloads\OTL.exe (OldTimer Tools) PRC - C:\Programme\SUPERAntiSpyware\SUPERAntiSpyware.exe (SUPERAntiSpyware.com) PRC - C:\Programme\AVG\AVG9\avgtray.exe (AVG Technologies CZ, s.r.o.) PRC - C:\Programme\AVG\AVG9\avgnsx.exe (AVG Technologies CZ, s.r.o.) PRC - C:\Programme\Gemeinsame Dateien\Adobe\ARM\1.0\AdobeARM.exe (Adobe Systems Incorporated) PRC - C:\Programme\AVG\AVG9\avgrsx.exe (AVG Technologies CZ, s.r.o.) PRC - C:\Programme\AVG\AVG9\avgwdsvc.exe (AVG Technologies CZ, s.r.o.) PRC - C:\Programme\AVG\AVG9\avgcsrvx.exe (AVG Technologies CZ, s.r.o.) PRC - C:\Programme\AVG\AVG9\avgchsvx.exe (AVG Technologies CZ, s.r.o.) PRC - C:\Programme\Gemeinsame Dateien\Java\Java Update\jucheck.exe (Sun Microsystems, Inc.) PRC - C:\Programme\Gemeinsame Dateien\Java\Java Update\jusched.exe (Sun Microsystems, Inc.) PRC - C:\Programme\StarMoney 7.0 S-Edition\ouservice\StarMoneyOnlineUpdate.exe (Star Finanz - Software Entwicklung und Vertriebs GmbH) PRC - C:\Programme\Samsung\Samsung New PC Studio\NPSAgent.exe (Samsung Electronics Co., Ltd.) PRC - C:\WINDOWS\system32\FsUsbExService.Exe (Teruten) PRC - C:\Programme\FRITZ!DSL\IGDCTRL.EXE (AVM Berlin) PRC - C:\Programme\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe (Google Inc.) PRC - C:\Programme\Samsung\Samsung Battery Manager\BatteryManager.exe () PRC - C:\Programme\Samsung\Easy Display Manager\dmhkcore.exe (SAMSUNG Electronics) PRC - C:\Programme\Gemeinsame Dateien\Nero\Nero BackItUp 4\NBService.exe (Nero AG) PRC - C:\Programme\Nero\Nero BackItUp 4\IoctlSvc.exe (Prolific Technology Inc.) PRC - C:\Programme\Samsung\MagicKBD\PerformanceManager.exe (Samsung Electronics Co., Ltd.) PRC - C:\Programme\Samsung\MagicKBD\MagicKBD.exe (SAMSUNG Electronics Co., Ltd.) PRC - C:\Programme\Logitech\SetPoint\SetPoint.exe (Logitech, Inc.) PRC - C:\Programme\Gemeinsame Dateien\Logishrd\KHAL2\KHALMNPR.exe (Logitech, Inc.) PRC - C:\WINDOWS\explorer.exe (Microsoft Corporation) PRC - C:\WINDOWS\system32\igfxext.exe (Intel Corporation) PRC - C:\Programme\Samsung\Samsung EDS\EDSAgent.exe (Samsung Electronics,.LTD) PRC - C:\Programme\WinTV\EPG Services\System\EPGService.exe (Hauppauge Computer Works) PRC - C:\Programme\Gemeinsame Dateien\Ahead\Lib\NMBgMonitor.exe (Nero AG) PRC - C:\Programme\Gemeinsame Dateien\Ahead\Lib\NMIndexStoreSvr.exe (Nero AG) PRC - C:\Programme\Samsung\Samsung Network Manager\SNMWLANService.exe () PRC - C:\Programme\Gemeinsame Dateien\LightScribe\LSSrvc.exe (Hewlett-Packard Company) ========== Modules (SafeList) ========== MOD - C:\Dokumente und Einstellungen\yyyyyyyy xxxxxxxx\Eigene Dateien\Downloads\OTL.exe (OldTimer Tools) MOD - C:\WINDOWS\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.2600.6028_x-ww_61e65202\comctl32.dll (Microsoft Corporation) MOD - C:\WINDOWS\WinSxS\x86_Microsoft.VC80.CRT_1fc8b3b9a1e18e3b_8.0.50727.4053_x-ww_e6967989\msvcr80.dll (Microsoft Corporation) MOD - C:\Programme\Logitech\SetPoint\lgscroll.dll (Logitech, Inc.) ========== Win32 Services (SafeList) ========== SRV - (AppMgmt) -- C:\WINDOWS\System32\appmgmts.dll File not found SRV - (AVG Security Toolbar Service) -- C:\Programme\AVG\AVG9\Toolbar\ToolbarBroker.exe () SRV - (avg9wd) -- C:\Programme\AVG\AVG9\avgwdsvc.exe (AVG Technologies CZ, s.r.o.) SRV - (StarMoney 7.0 OnlineUpdate) -- C:\Programme\StarMoney 7.0 S-Edition\ouservice\StarMoneyOnlineUpdate.exe (Star Finanz - Software Entwicklung und Vertriebs GmbH) SRV - (FsUsbExService) -- C:\WINDOWS\system32\FsUsbExService.Exe (Teruten) SRV - (SwitchBoard) -- C:\Programme\Gemeinsame Dateien\Adobe\SwitchBoard\SwitchBoard.exe (Adobe Systems Incorporated) SRV - (IGDCTRL) -- C:\Programme\FRITZ!DSL\IGDCTRL.EXE (AVM Berlin) SRV - (FLEXnet Licensing Service) -- C:\Programme\Gemeinsame Dateien\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe (Macrovision Europe Ltd.) SRV - (Nero BackItUp Scheduler 4.0) -- C:\Programme\Gemeinsame Dateien\Nero\Nero BackItUp 4\NBService.exe (Nero AG) SRV - (PLFlash DeviceIoControl Service) -- C:\Programme\Nero\Nero BackItUp 4\IoctlSvc.exe (Prolific Technology Inc.) SRV - (LBTServ) -- C:\Programme\Gemeinsame Dateien\Logishrd\Bluetooth\LBTServ.exe (Logitech, Inc.) SRV - (ServiceLayer) -- C:\Programme\PC Connectivity Solution\ServiceLayer.exe (Nokia.) SRV - (HauppaugeTVServer) -- C:\Programme\WinTV\HCWTVServer.exe (Hauppauge Computer Works) SRV - (EPGService) -- C:\Programme\WinTV\EPG Services\System\EPGService.exe (Hauppauge Computer Works) SRV - (SNM WLAN Service) -- C:\Programme\samsung\Samsung Network Manager\SNMWLANService.exe () SRV - (LightScribeService) -- C:\Programme\Gemeinsame Dateien\LightScribe\LSSrvc.exe (Hewlett-Packard Company) ========== Driver Services (SafeList) ========== DRV - (AvgTdiX) -- C:\WINDOWS\system32\drivers\avgtdix.sys (AVG Technologies CZ, s.r.o.) DRV - (AvgLdx86) -- C:\WINDOWS\system32\drivers\avgldx86.sys (AVG Technologies CZ, s.r.o.) DRV - (AvgMfx86) -- C:\WINDOWS\system32\drivers\avgmfx86.sys (AVG Technologies CZ, s.r.o.) DRV - (SASKUTIL) -- C:\Programme\SUPERAntiSpyware\SASKUTIL.SYS (SUPERAdBlocker.com and SUPERAntiSpyware.com) DRV - (FsUsbExDisk) -- C:\WINDOWS\system32\FsUsbExDisk.Sys () DRV - (sscdmdm) -- C:\WINDOWS\system32\drivers\sscdmdm.sys (MCCI Corporation) DRV - (sscdbus) SAMSUNG USB Composite Device driver (WDM) -- C:\WINDOWS\system32\drivers\sscdbus.sys (MCCI Corporation) DRV - (sscdmdfl) -- C:\WINDOWS\system32\drivers\sscdmdfl.sys (MCCI Corporation) DRV - (SASDIFSV) -- C:\Programme\SUPERAntiSpyware\sasdifsv.sys (SUPERAdBlocker.com and SUPERAntiSpyware.com) DRV - (BEHRINGER_2902) -- C:\WINDOWS\system32\drivers\BUSB2902.sys (BEHRINGER) DRV - (BUSB_AUDIO_WDM) -- C:\WINDOWS\system32\drivers\busbwdm.sys (BEHRINGER) DRV - (AR5416) -- C:\WINDOWS\system32\drivers\athw.sys (Atheros Communications, Inc.) DRV - (VMC326) -- C:\WINDOWS\system32\drivers\VMC326.sys (Vimicro Corporation) DRV - (SynTP) -- C:\WINDOWS\system32\drivers\SynTP.sys (Synaptics, Inc.) DRV - (IntcAzAudAddService) Service for Realtek HD Audio (WDM) -- C:\WINDOWS\system32\drivers\RtkHDAud.sys (Realtek Semiconductor Corp.) DRV - (yukonwxp) -- C:\WINDOWS\system32\drivers\yk51x86.sys (Marvell) DRV - (HDAudBus) -- C:\WINDOWS\system32\drivers\hdaudbus.sys (Windows (R) Server 2003 DDK provider) DRV - (MPE) -- C:\WINDOWS\system32\drivers\MPE.sys (Microsoft Corporation) DRV - (usbaudio) USB-Audiotreiber (WDM) -- C:\WINDOWS\system32\drivers\USBAUDIO.sys (Microsoft Corporation) DRV - (LMouFilt) -- C:\WINDOWS\system32\drivers\LMouFilt.Sys (Logitech, Inc.) DRV - (LHidFilt) -- C:\WINDOWS\system32\drivers\LHidFilt.Sys (Logitech, Inc.) DRV - (ialm) -- C:\WINDOWS\system32\drivers\igxpmp32.sys (Intel Corporation) DRV - (DNSeFilter) -- C:\WINDOWS\system32\drivers\SamsungEDS.SYS (Samsung Electronics,.LTD) DRV - (hcw95rc) -- C:\WINDOWS\system32\drivers\hcw95rc.sys (Hauppauge Computer Works, Inc.) DRV - (hcw95bda) -- C:\WINDOWS\system32\drivers\hcw95bda.sys (Hauppauge Computer Works, Inc.) DRV - (pccsmcfd) -- C:\WINDOWS\system32\drivers\pccsmcfd.sys (Nokia) DRV - (U6000ALL) U6000 TV Box(ALL) -- C:\WINDOWS\system32\drivers\U6000ALL.sys () DRV - (BTWUSB) -- C:\WINDOWS\system32\drivers\btwusb.sys (Broadcom Corporation.) DRV - (SUEPD) -- C:\WINDOWS\system32\drivers\SUE_PD.sys (Samsung) DRV - (DOSMEMIO) -- C:\WINDOWS\system32\MEMIO.SYS () ========== Standard Registry (SafeList) ========== ========== Internet Explorer ========== IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,Default_Search_URL = Google Toolbar IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = Google Toolbar IE - HKU\.DEFAULT\..\URLSearchHook: {A3BC75A2-1F87-4686-AA43-5347D756017C} - C:\Programme\AVG\AVG9\Toolbar\IEToolbar.dll () IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local IE - HKU\S-1-5-18\..\URLSearchHook: {A3BC75A2-1F87-4686-AA43-5347D756017C} - C:\Programme\AVG\AVG9\Toolbar\IEToolbar.dll () IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local IE - HKU\S-1-5-21-3492014923-2679367495-2594747567-1005\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = Google IE - HKU\S-1-5-21-3492014923-2679367495-2594747567-1005\SOFTWARE\Microsoft\Internet Explorer\Main,SearchMigratedDefaultName = Google IE - HKU\S-1-5-21-3492014923-2679367495-2594747567-1005\SOFTWARE\Microsoft\Internet Explorer\Main,SearchMigratedDefaultURL = hxxp://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:en-US&ie=utf8&oe=utf8 IE - HKU\S-1-5-21-3492014923-2679367495-2594747567-1005\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = Google IE - HKU\S-1-5-21-3492014923-2679367495-2594747567-1005\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = Google Toolbar IE - HKU\S-1-5-21-3492014923-2679367495-2594747567-1005\..\URLSearchHook: {A3BC75A2-1F87-4686-AA43-5347D756017C} - C:\Programme\AVG\AVG9\Toolbar\IEToolbar.dll () IE - HKU\S-1-5-21-3492014923-2679367495-2594747567-1005\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 IE - HKU\S-1-5-21-3492014923-2679367495-2594747567-1005\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local ========== FireFox ========== FF - prefs.js..browser.startup.homepage: "hxxp://news.google.de/nwshp?hl=de&tab=wn" FF - prefs.js..extensions.enabledItems: jqs@sun.com:1.0 FF - prefs.js..extensions.enabledItems: {c45c406e-ab73-11d8-be73-000a95be3b12}:1.1.8 FF - prefs.js..extensions.enabledItems: {3f963a5b-e555-4543-90e2-c3908898db71}:9.0.0.863 FF - prefs.js..extensions.enabledItems: avg@igeared:6.010.006.004 FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}:6.0.20 FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA}:6.0.21 FF - prefs.js..extensions.enabledItems: {d40f5e7b-d2cf-4856-b441-cc613eeffbe3}:1.48.3 FF - HKLM\software\mozilla\Firefox\extensions\\{3f963a5b-e555-4543-90e2-c3908898db71}: C:\Programme\AVG\AVG9\Firefox [2010.10.26 10:31:58 | 000,000,000 | ---D | M] FF - HKLM\software\mozilla\Firefox\extensions\\avg@igeared: C:\Programme\AVG\AVG9\Toolbar\Firefox\avg@igeared [2010.10.26 10:30:16 | 000,000,000 | ---D | M] FF - HKLM\software\mozilla\Mozilla Firefox 3.6.11\extensions\\Components: C:\Programme\Mozilla Firefox\components [2010.10.24 10:09:15 | 000,000,000 | ---D | M] FF - HKLM\software\mozilla\Mozilla Firefox 3.6.11\extensions\\Plugins: C:\Programme\Mozilla Firefox\plugins [2010.10.22 20:20:57 | 000,000,000 | ---D | M] [2009.01.18 21:57:07 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\yyyyyyyy xxxxxxxx\Anwendungsdaten\Mozilla\Extensions [2010.10.27 21:30:46 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\yyyyyyyy xxxxxxxx\Anwendungsdaten\Mozilla\Firefox\Profiles\qyp9pp4c.default\extensions [2010.07.23 21:09:46 | 000,000,000 | ---D | M] (Microsoft .NET Framework Assistant) -- C:\Dokumente und Einstellungen\yyyyyyyy xxxxxxxx\Anwendungsdaten\Mozilla\Firefox\Profiles\qyp9pp4c.default\extensions\{20a82645-c095-46ed-80e3-08825760534b} [2010.01.12 23:16:03 | 000,000,000 | ---D | M] (Web Developer) -- C:\Dokumente und Einstellungen\yyyyyyyy xxxxxxxx\Anwendungsdaten\Mozilla\Firefox\Profiles\qyp9pp4c.default\extensions\{c45c406e-ab73-11d8-be73-000a95be3b12} [2010.10.27 20:57:33 | 000,000,000 | ---D | M] (No name found) -- C:\Dokumente und Einstellungen\yyyyyyyy xxxxxxxx\Anwendungsdaten\Mozilla\Firefox\Profiles\qyp9pp4c.default\extensions\{d40f5e7b-d2cf-4856-b441-cc613eeffbe3} [2010.10.27 21:08:47 | 000,000,000 | ---D | M] -- C:\Programme\Mozilla Firefox\extensions [2010.05.05 18:41:55 | 000,000,000 | ---D | M] (Java Console) -- C:\Programme\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA} [2010.09.05 21:07:42 | 000,000,000 | ---D | M] (Java Console) -- C:\Programme\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA} [2010.07.17 05:00:04 | 000,423,656 | ---- | M] (Sun Microsystems, Inc.) -- C:\Programme\Mozilla Firefox\plugins\npdeployJava1.dll [2010.07.28 19:19:28 | 000,001,392 | ---- | M] () -- C:\Programme\Mozilla Firefox\searchplugins\amazondotcom-de.xml [2010.07.28 19:19:29 | 000,002,344 | ---- | M] () -- C:\Programme\Mozilla Firefox\searchplugins\eBay-de.xml [2010.07.28 19:19:29 | 000,006,805 | ---- | M] () -- C:\Programme\Mozilla Firefox\searchplugins\leo_ende_de.xml [2010.07.28 19:19:29 | 000,001,178 | ---- | M] () -- C:\Programme\Mozilla Firefox\searchplugins\wikipedia-de.xml [2010.07.28 19:19:29 | 000,001,105 | ---- | M] () -- C:\Programme\Mozilla Firefox\searchplugins\yahoo-de.xml O1 HOSTS File: ([2010.08.14 23:17:34 | 000,416,705 | R--- | M]) - C:\WINDOWS\system32\drivers\etc\hosts O1 - Hosts: 127.0.0.1 localhost O1 - Hosts: 127.0.0.1 007guard.com - 007guard and Free Antivirus O1 - Hosts: 127.0.0.1 007guard.com O1 - Hosts: 127.0.0.1 008i.com O1 - Hosts: 127.0.0.1 008k.com O1 - Hosts: 127.0.0.1 008k.com O1 - Hosts: 127.0.0.1 00hq.com O1 - Hosts: 127.0.0.1 00hq.com O1 - Hosts: 127.0.0.1 010402.com O1 - Hosts: 127.0.0.1 www.032439.com O1 - Hosts: 127.0.0.1 032439.com O1 - Hosts: 127.0.0.1 0scan.com O1 - Hosts: 127.0.0.1 0scan.com O1 - Hosts: 127.0.0.1 1000gratisproben.com O1 - Hosts: 127.0.0.1 www.1000gratisproben.com O1 - Hosts: 127.0.0.1 1001namen.com O1 - Hosts: 127.0.0.1 1001namen.com O1 - Hosts: 127.0.0.1 100888290cs.com O1 - Hosts: 127.0.0.1 www.100888290cs.com O1 - Hosts: 127.0.0.1 100sexlinks.com O1 - Hosts: 127.0.0.1 100sexlinks.com O1 - Hosts: 127.0.0.1 10sek.com O1 - Hosts: 127.0.0.1 10sek.com O1 - Hosts: 127.0.0.1 www.1-2005-search.com O1 - Hosts: 127.0.0.1 1-2005-search.com O1 - Hosts: 14381 more lines... O2 - BHO: (AVG Safe Search) - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Programme\AVG\AVG9\avgssie.dll (AVG Technologies CZ, s.r.o.) O2 - BHO: (AVG Security Toolbar BHO) - {A3BC75A2-1F87-4686-AA43-5347D756017C} - C:\Programme\AVG\AVG9\Toolbar\IEToolbar.dll () O2 - BHO: (Google Toolbar Helper) - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Programme\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.) O2 - BHO: (Skype add-on for Internet Explorer) - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Programme\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.) O2 - BHO: (Google Toolbar Notifier BHO) - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Programme\Google\GoogleToolbarNotifier\5.6.5612.1312\swg.dll (Google Inc.) O3 - HKLM\..\Toolbar: (Google Toolbar) - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Programme\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.) O3 - HKLM\..\Toolbar: (AVG Security Toolbar) - {CCC7A320-B3CA-4199-B1A6-9F516DD69829} - C:\Programme\AVG\AVG9\Toolbar\IEToolbar.dll () O3 - HKU\S-1-5-21-3492014923-2679367495-2594747567-1005\..\Toolbar\WebBrowser: (Google Toolbar) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - C:\Programme\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.) O3 - HKU\S-1-5-21-3492014923-2679367495-2594747567-1005\..\Toolbar\WebBrowser: (AVG Security Toolbar) - {CCC7A320-B3CA-4199-B1A6-9F516DD69829} - C:\Programme\AVG\AVG9\Toolbar\IEToolbar.dll () O4 - HKLM..\Run: [] File not found O4 - HKLM..\Run: [Adobe ARM] C:\Programme\Gemeinsame Dateien\Adobe\ARM\1.0\AdobeARM.exe (Adobe Systems Incorporated) O4 - HKLM..\Run: [Adobe Reader Speed Launcher] C:\Programme\Adobe\Reader 8.0\Reader\Reader_sl.exe (Adobe Systems Incorporated) O4 - HKLM..\Run: [AdobeAAMUpdater-1.0] C:\Programme\Gemeinsame Dateien\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe (Adobe Systems Incorporated) O4 - HKLM..\Run: [AdobeCS5ServiceManager] C:\Programme\Gemeinsame Dateien\Adobe\CS5ServiceManager\CS5ServiceManager.exe (Adobe Systems Incorporated) O4 - HKLM..\Run: [Alcmtr] C:\WINDOWS\ALCMTR.EXE (Realtek Semiconductor Corp.) O4 - HKLM..\Run: [AVG9_TRAY] C:\Programme\AVG\AVG9\avgtray.exe (AVG Technologies CZ, s.r.o.) O4 - HKLM..\Run: [BatteryManager] C:\Programme\Samsung\Samsung Battery Manager\BatteryManager.exe () O4 - HKLM..\Run: [DMHotKey] C:\Programme\Samsung\Easy Display Manager\DMLoader.exe (SAMSUNG Electronics) O4 - HKLM..\Run: [EDS] C:\Programme\Samsung\Samsung EDS\EDSAgent.exe (Samsung Electronics,.LTD) O4 - HKLM..\Run: [Google Quick Search Box] C:\Programme\Google\Quick Search Box\GoogleQuickSearchBox.exe (Google Inc.) O4 - HKLM..\Run: [Kernel and Hardware Abstraction Layer] C:\WINDOWS\KHALMNPR.Exe (Logitech, Inc.) O4 - HKLM..\Run: [MagicKeyboard] C:\Programme\Samsung\MagicKBD\PreMKbd.exe () O4 - HKLM..\Run: [NBKeyScan] C:\Programme\Nero\Nero BackItUp 4\NBKeyScan.exe (Nero AG) O4 - HKLM..\Run: [NeroFilterCheck] C:\Programme\Gemeinsame Dateien\Ahead\Lib\NeroCheck.exe (Nero AG) O4 - HKLM..\Run: [NPSStartup] File not found O4 - HKLM..\Run: [SunJavaUpdateSched] C:\Programme\Gemeinsame Dateien\Java\Java Update\jusched.exe (Sun Microsystems, Inc.) O4 - HKLM..\Run: [SwitchBoard] C:\Programme\Gemeinsame Dateien\Adobe\SwitchBoard\SwitchBoard.exe (Adobe Systems Incorporated) O4 - HKU\.DEFAULT..\Run: [FRITZ!protect] File not found O4 - HKU\S-1-5-18..\Run: [FRITZ!protect] File not found O4 - HKU\S-1-5-21-3492014923-2679367495-2594747567-1005..\Run: [AdobeBridge] File not found O4 - HKU\S-1-5-21-3492014923-2679367495-2594747567-1005..\Run: [AutoStartNPSAgent] C:\Programme\Samsung\Samsung New PC Studio\NPSAgent.exe (Samsung Electronics Co., Ltd.) O4 - HKU\S-1-5-21-3492014923-2679367495-2594747567-1005..\Run: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] C:\Programme\Gemeinsame Dateien\Ahead\Lib\NMBgMonitor.exe (Nero AG) O4 - HKU\S-1-5-21-3492014923-2679367495-2594747567-1005..\Run: [OM2_Monitor] C:\Programme\OLYMPUS\OLYMPUS Master 2\MMonitor.exe (OLYMPUS IMAGING CORP.) O4 - HKU\S-1-5-21-3492014923-2679367495-2594747567-1005..\Run: [SUPERAntiSpyware] C:\Programme\SUPERAntiSpyware\SUPERAntiSpyware.exe (SUPERAntiSpyware.com) O4 - HKU\S-1-5-21-3492014923-2679367495-2594747567-1005..\Run: [swg] C:\Programme\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe (Google Inc.) O4 - Startup: C:\Dokumente und Einstellungen\All Users\Startmenü\Programme\Autostart\Logitech SetPoint.lnk = C:\Programme\Logitech\SetPoint\SetPoint.exe (Logitech, Inc.) O4 - Startup: C:\Dokumente und Einstellungen\yyyyyyyy xxxxxxxx\Startmenü\Programme\Autostart\ERUNT AutoBackup.lnk = C:\Programme\ERUNT\AUTOBACK.EXE () O4 - Startup: C:\Dokumente und Einstellungen\yyyyyyyy xxxxxxxx\Startmenü\Programme\Autostart\Mozilla Firefox (2).lnk = C:\Programme\Mozilla Firefox\firefox.exe (Mozilla Corporation) O4 - Startup: C:\Dokumente und Einstellungen\yyyyyyyy xxxxxxxx\Startmenü\Programme\Autostart\Outlook Express.lnk = C:\Programme\Outlook Express\msimn.exe (Microsoft Corporation) O4 - Startup: C:\Dokumente und Einstellungen\yyyyyyyy xxxxxxxx\Startmenü\Programme\Autostart\Skype.lnk = C:\WINDOWS\Installer\{24D753CA-6AE9-4E30-8F5F-EFC93E08BF3D}\SkypeIcon.exe File not found O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1 O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145 O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145 O7 - HKU\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145 O7 - HKU\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145 O7 - HKU\S-1-5-21-3492014923-2679367495-2594747567-1005\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145 O8 - Extra context menu item: Google Sidewiki... - C:\Programme\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_89D8574934B26AC4.dll (Google Inc.) O9 - Extra Button: Skype add-on for Internet Explorer - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Programme\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.) O9 - Extra 'Tools' menuitem : Skype add-on for Internet Explorer - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Programme\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.) O10 - NameSpace_Catalog5\Catalog_Entries\000000000004 [] - C:\Programme\Bonjour\mdnsNSP.dll (Apple Computer, Inc.) O15 - HKU\S-1-5-21-3492014923-2679367495-2594747567-1005\..Trusted Domains: fritz.box ([]* in Lokales Intranet) O15 - HKU\S-1-5-21-3492014923-2679367495-2594747567-1005\..Trusted Ranges: Range1 ([*] in Lokales Intranet) O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_21-windows-i586.cab (Java Plug-in 1.6.0_21) O16 - DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} hxxp://fpdownload.macromedia.com/get/flashplayer/current/polarbear/ultrashim.cab (Reg Error: Key error.) O16 - DPF: {CAFEEFAC-0015-0000-0000-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.5.0/jinstall-1_5_0-windows-i586.cab (Reg Error: Key error.) O16 - DPF: {CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_21-windows-i586.cab (Java Plug-in 1.6.0_21) O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_21-windows-i586.cab (Java Plug-in 1.6.0_21) O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.178.1 O18 - Protocol\Handler\avgsecuritytoolbar {F2DDE6B2-9684-4A55-86D4-E255E237B77C} - C:\Programme\AVG\AVG9\Toolbar\IEToolbar.dll () O18 - Protocol\Handler\http\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Gemeinsame Dateien\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation) O18 - Protocol\Handler\http\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Gemeinsame Dateien\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation) O18 - Protocol\Handler\https\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Gemeinsame Dateien\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation) O18 - Protocol\Handler\https\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Gemeinsame Dateien\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation) O18 - Protocol\Handler\ipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Gemeinsame Dateien\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation) O18 - Protocol\Handler\linkscanner {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Programme\AVG\AVG9\avgpp.dll (AVG Technologies CZ, s.r.o.) O18 - Protocol\Handler\msdaipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Gemeinsame Dateien\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation) O18 - Protocol\Handler\msdaipp\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Gemeinsame Dateien\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation) O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Programme\Gemeinsame Dateien\Skype\Skype4COM.dll (Skype Technologies) O18 - Protocol\Handler\skype-ie-addon-data {91774881-D725-4E58-B298-07617B9B86A8} - C:\Programme\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.) O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation) O20 - Winlogon\Notify\!SASWinLogon: DllName - C:\Programme\SUPERAntiSpyware\SASWINLO.DLL - C:\Programme\SUPERAntiSpyware\SASWINLO.DLL (SUPERAntiSpyware.com) O20 - Winlogon\Notify\avgrsstarter: DllName - avgrsstx.dll - C:\WINDOWS\System32\avgrsstx.dll (AVG Technologies CZ, s.r.o.) O20 - Winlogon\Notify\igfxcui: DllName - igfxdev.dll - C:\WINDOWS\System32\igfxdev.dll (Intel Corporation) O20 - Winlogon\Notify\LBTWlgn: DllName - c:\programme\gemeinsame dateien\logishrd\bluetooth\LBTWlgn.dll - c:\Programme\Gemeinsame Dateien\Logishrd\Bluetooth\LBTWLgn.dll (Logitech, Inc.) O24 - Desktop Components:0 (Die derzeitige Homepage) - About:Home O24 - Desktop WallPaper: C:\WINDOWS\Web\Wallpaper\Grüne Idylle.bmp O24 - Desktop BackupWallPaper: C:\WINDOWS\Web\Wallpaper\Grüne Idylle.bmp O28 - HKLM ShellExecuteHooks: {5AE067D3-9AFB-48E0-853A-EBB7F4A000DA} - C:\Programme\SUPERAntiSpyware\SASSEH.DLL (SuperAdBlocker.com) O32 - HKLM CDRom: AutoRun - 1 O32 - AutoRun File - [2008.11.03 15:41:30 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ] O33 - MountPoints2\{67e0f2db-7f3f-11de-95df-001377b33947}\Shell - "" = AutoRun O33 - MountPoints2\{67e0f2db-7f3f-11de-95df-001377b33947}\Shell\AutoRun - "" = Auto&Play O33 - MountPoints2\{67e0f2db-7f3f-11de-95df-001377b33947}\Shell\AutoRun\command - "" = F:\LaunchU3.exe -- File not found O33 - MountPoints2\{bcbb6be3-e49e-11dd-93df-001377b33947}\Shell - "" = AutoRun O33 - MountPoints2\{bcbb6be3-e49e-11dd-93df-001377b33947}\Shell\AutoRun - "" = Auto&Play O33 - MountPoints2\{bcbb6be3-e49e-11dd-93df-001377b33947}\Shell\AutoRun\command - "" = E:\LaunchU3.exe -- File not found O34 - HKLM BootExecute: (autocheck autochk *) - File not found O35 - HKLM\..comfile [open] -- "%1" %* O35 - HKLM\..exefile [open] -- "%1" %* O37 - HKLM\...com [@ = comfile] -- "%1" %* O37 - HKLM\...exe [@ = exefile] -- "%1" %* NetSvcs: 6to4 - File not found NetSvcs: AppMgmt - C:\WINDOWS\System32\appmgmts.dll File not found NetSvcs: Ias - File not found NetSvcs: Iprip - File not found NetSvcs: Irmon - File not found NetSvcs: NWCWorkstation - File not found NetSvcs: Nwsapagent - File not found NetSvcs: WmdmPmSp - File not found SafeBootMin: AppMgmt - C:\WINDOWS\System32\appmgmts.dll File not found SafeBootMin: Base - Driver Group SafeBootMin: Boot Bus Extender - Driver Group SafeBootMin: Boot file system - Driver Group SafeBootMin: File system - Driver Group SafeBootMin: Filter - Driver Group SafeBootMin: PCI Configuration - Driver Group SafeBootMin: PNP Filter - Driver Group SafeBootMin: Primary disk - Driver Group SafeBootMin: SCSI Class - Driver Group SafeBootMin: sermouse.sys - Driver SafeBootMin: System Bus Extender - Driver Group SafeBootMin: vga.sys - Driver SafeBootMin: WdfLoadGroup - SafeBootMin: {36FC9E60-C465-11CF-8056-444553540000} - Universal Serial Bus controllers SafeBootMin: {4D36E965-E325-11CE-BFC1-08002BE10318} - CD-ROM Drive SafeBootMin: {4D36E967-E325-11CE-BFC1-08002BE10318} - DiskDrive SafeBootMin: {4D36E969-E325-11CE-BFC1-08002BE10318} - Standard floppy disk controller SafeBootMin: {4D36E96A-E325-11CE-BFC1-08002BE10318} - Hdc SafeBootMin: {4D36E96B-E325-11CE-BFC1-08002BE10318} - Keyboard SafeBootMin: {4D36E96F-E325-11CE-BFC1-08002BE10318} - Mouse SafeBootMin: {4D36E977-E325-11CE-BFC1-08002BE10318} - PCMCIA Adapters SafeBootMin: {4D36E97B-E325-11CE-BFC1-08002BE10318} - SCSIAdapter SafeBootMin: {4D36E97D-E325-11CE-BFC1-08002BE10318} - System SafeBootMin: {4D36E980-E325-11CE-BFC1-08002BE10318} - Floppy disk drive SafeBootMin: {71A27CDD-812A-11D0-BEC7-08002BE2092F} - Volume SafeBootMin: {745A17A0-74D3-11D0-B6FE-00A0C90F57DA} - Human Interface Devices SafeBootNet: AppMgmt - C:\WINDOWS\System32\appmgmts.dll File not found SafeBootNet: Base - Driver Group SafeBootNet: Boot Bus Extender - Driver Group SafeBootNet: Boot file system - Driver Group SafeBootNet: File system - Driver Group SafeBootNet: Filter - Driver Group SafeBootNet: NDIS Wrapper - Driver Group SafeBootNet: NetBIOSGroup - Driver Group SafeBootNet: NetDDEGroup - Driver Group SafeBootNet: Network - Driver Group SafeBootNet: NetworkProvider - Driver Group SafeBootNet: PCI Configuration - Driver Group SafeBootNet: PNP Filter - Driver Group SafeBootNet: PNP_TDI - Driver Group SafeBootNet: Primary disk - Driver Group SafeBootNet: SCSI Class - Driver Group SafeBootNet: sermouse.sys - Driver SafeBootNet: Streams Drivers - Driver Group SafeBootNet: System Bus Extender - Driver Group SafeBootNet: TDI - Driver Group SafeBootNet: vga.sys - Driver SafeBootNet: WdfLoadGroup - SafeBootNet: {36FC9E60-C465-11CF-8056-444553540000} - Universal Serial Bus controllers SafeBootNet: {4D36E965-E325-11CE-BFC1-08002BE10318} - CD-ROM Drive SafeBootNet: {4D36E967-E325-11CE-BFC1-08002BE10318} - DiskDrive SafeBootNet: {4D36E969-E325-11CE-BFC1-08002BE10318} - Standard floppy disk controller SafeBootNet: {4D36E96A-E325-11CE-BFC1-08002BE10318} - Hdc SafeBootNet: {4D36E96B-E325-11CE-BFC1-08002BE10318} - Keyboard SafeBootNet: {4D36E96F-E325-11CE-BFC1-08002BE10318} - Mouse SafeBootNet: {4D36E972-E325-11CE-BFC1-08002BE10318} - Net SafeBootNet: {4D36E973-E325-11CE-BFC1-08002BE10318} - NetClient SafeBootNet: {4D36E974-E325-11CE-BFC1-08002BE10318} - NetService SafeBootNet: {4D36E975-E325-11CE-BFC1-08002BE10318} - NetTrans SafeBootNet: {4D36E977-E325-11CE-BFC1-08002BE10318} - PCMCIA Adapters SafeBootNet: {4D36E97B-E325-11CE-BFC1-08002BE10318} - SCSIAdapter SafeBootNet: {4D36E97D-E325-11CE-BFC1-08002BE10318} - System SafeBootNet: {4D36E980-E325-11CE-BFC1-08002BE10318} - Floppy disk drive SafeBootNet: {71A27CDD-812A-11D0-BEC7-08002BE2092F} - Volume SafeBootNet: {745A17A0-74D3-11D0-B6FE-00A0C90F57DA} - Human Interface Devices ActiveX: {08B0E5C0-4FCB-11CF-AAA5-00401C608500} - Microsoft VM ActiveX: {10072CEC-8CC1-11D1-986E-00A0C955B42F} - Vektorgrafik-Rendering (VML) ActiveX: {2179C5D3-EBFF-11CF-B6FD-00AA00B4E220} - NetShow ActiveX: {22d6f312-b0f6-11d0-94ab-0080c74c7e95} - Microsoft Windows Media Player 6.4 ActiveX: {283807B5-2C60-11D0-A31D-00AA00B92C03} - DirectAnimation ActiveX: {2C7339CF-2B09-4501-B3F3-F3508C9228ED} - %SystemRoot%\system32\regsvr32.exe /s /n /i:/UserInstall %SystemRoot%\system32\themeui.dll ActiveX: {2D2427CF-28FB-4E40-B655-7D62FA8B1CDA} - DirectAnimation ActiveX: {36f8ec70-c29a-11d1-b5c7-0000f8051515} - Dynamic HTML-Datenbindung für Java ActiveX: {3af36230-a269-11d1-b5bf-0000f8051515} - Offline Browsing Pack ActiveX: {3bf42070-b3b1-11d1-b5c5-0000f8051515} - Uniscribe ActiveX: {4278c270-a269-11d1-b5bf-0000f8051515} - Erweitertes Authoring ActiveX: {44BBA840-CC51-11CF-AAFA-00AA00B6015C} - "%ProgramFiles%\Outlook Express\setup50.exe" /APP:OE /CALLER:WINNT /user /install ActiveX: {44BBA842-CC51-11CF-AAFA-00AA00B6015B} - rundll32.exe advpack.dll,LaunchINFSection C:\WINDOWS\INF\msnetmtg.inf,NetMtg.Install.PerUser.NT ActiveX: {44BBA848-CC51-11CF-AAFA-00AA00B6015C} - DirectShow ActiveX: {44BBA855-CC51-11CF-AAFA-00AA00B6015F} - DirectDrawEx ActiveX: {45ea75a0-a269-11d1-b5bf-0000f8051515} - Internet Explorer Help ActiveX: {4f216970-c90c-11d1-b5c7-0000f8051515} - DirectAnimation Java Classes ActiveX: {4f645220-306d-11d2-995d-00c04f98bbc9} - Microsoft Windows Script 5.7 ActiveX: {5945c046-1e7d-11d1-bc44-00c04fd912be} - rundll32.exe advpack.dll,LaunchINFSection C:\WINDOWS\INF\msmsgs.inf,BLC.QuietInstall.PerUser ActiveX: {5A8D6EE0-3E18-11D0-821E-444553540000} - ICW ActiveX: {5fd399c0-a70a-11d1-9948-00c04f98bbc9} - Internet Explorer Setup Tools ActiveX: {630b1da0-b465-11d1-9948-00c04f98bbc9} - Browsing Enhancements ActiveX: {6BF52A52-394A-11d3-B153-00C04F79FAA6} - Microsoft Windows Media Player ActiveX: {6fab99d0-bab8-11d1-994a-00c04f98bbc9} - MSN Site Access ActiveX: {7131646D-CD3C-40F4-97B9-CD9E4E6262EF} - .NET Framework ActiveX: {7790769C-0471-11d2-AF11-00C04FA35D02} - "%ProgramFiles%\Outlook Express\setup50.exe" /APP:WAB /CALLER:WINNT /user /install ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4340} - regsvr32.exe /s /n /i:U shell32.dll ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4383} - C:\WINDOWS\system32\ie4uinit.exe -BaseSettings ActiveX: {89B4C1CD-B018-4511-B0A1-5476DBF70820} - c:\WINDOWS\system32\Rundll32.exe c:\WINDOWS\system32\mscories.dll,Install ActiveX: {9381D8F2-0288-11D0-9501-00AA00B911A5} - Dynamic HTML Data Binding ActiveX: {ACC563BC-4266-43f0-B6ED-9D38C4202C7E} - ActiveX: {C09FB3CD-3D0C-3F2D-899A-6A1D67F2073F} - .NET Framework ActiveX: {C9E9A340-D1F1-11D0-821E-444553540600} - Internet Explorer Core Fonts ActiveX: {CC2A9BA0-3BDD-11D0-821E-444553540000} - Taskplaner ActiveX: {CDD7975E-60F8-41d5-8149-19E51D6F71D0} - Windows Movie Maker v2.1 ActiveX: {D27CDB6E-AE6D-11cf-96B8-444553540000} - Adobe Flash Player ActiveX: {de5aed00-a4bf-11d1-9948-00c04f98bbc9} - HTML Help ActiveX: {E92B03AB-B707-11d2-9CBD-0000F87A369E} - Active Directory Service Interface ActiveX: <{12d0ed0d-0ee0-4f90-8827-78cefb8f4988} - C:\WINDOWS\system32\ieudinit.exe ActiveX: >{22d6f312-b0f6-11d0-94ab-0080c74c7e95} - C:\WINDOWS\inf\unregmp2.exe /ShowWMP ActiveX: >{26923b43-4d38-484f-9b9e-de460746276c} - C:\WINDOWS\system32\ie4uinit.exe -UserIconConfig ActiveX: >{60B49E34-C7CC-11D0-8953-00A0C90347FF} - "C:\WINDOWS\system32\rundll32.exe" "C:\WINDOWS\system32\iedkcs32.dll",BrandIEActiveSetup SIGNUP ActiveX: >{881dd1c5-3dcf-431b-b061-f3f88e8be88a} - %systemroot%\system32\shmgrate.exe OCInstallUserConfigOE Drivers32: msacm.ac3acm - C:\WINDOWS\System32\AC3ACM.acm (fccHandler) Drivers32: msacm.alf2cd - C:\WINDOWS\System32\alf2cd.acm (NCT Company) Drivers32: msacm.iac2 - C:\WINDOWS\system32\iac25_32.ax (Intel Corporation) Drivers32: msacm.l3acm - C:\WINDOWS\system32\l3codeca.acm (Fraunhofer Institut Integrierte Schaltungen IIS) Drivers32: msacm.scg726 - C:\WINDOWS\System32\Scg726.acm (SHARP Corporation) Drivers32: msacm.sl_anet - C:\WINDOWS\System32\sl_anet.acm (Sipro Lab Telecom Inc.) Drivers32: msacm.trspch - C:\WINDOWS\System32\tssoft32.acm (DSP GROUP, INC.) Drivers32: msacm.voxacm160 - C:\WINDOWS\System32\vct3216.acm (Voxware, Inc.) Drivers32: MSVideo8 - C:\WINDOWS\System32\vfwwdm32.dll (Microsoft Corporation) Drivers32: vidc.cvid - C:\WINDOWS\System32\iccvid.dll (Radius Inc.) Drivers32: vidc.DIVX - C:\WINDOWS\System32\divx.dll (DivXNetworks, Inc.) Drivers32: vidc.dvsd - C:\WINDOWS\System32\mcdvd_32.dll (MainConcept) Drivers32: vidc.iv31 - C:\WINDOWS\System32\ir32_32.dll () Drivers32: vidc.iv32 - C:\WINDOWS\System32\ir32_32.dll () Drivers32: vidc.iv41 - C:\WINDOWS\System32\ir41_32.ax (Intel Corporation) Drivers32: vidc.iv50 - C:\WINDOWS\System32\ir50_32.dll (Intel Corporation) Drivers32: vidc.xvid - C:\WINDOWS\System32\xvidvfw.dll () CREATERESTOREPOINT Restore point Set: OTL Restore Point (16902053519425536) ========== Files/Folders - Created Within 30 Days ========== [2010.10.27 21:49:10 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\yyyyyyyy xxxxxxxx\Anwendungsdaten\SUPERAntiSpyware.com [2010.10.27 21:49:10 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\SUPERAntiSpyware.com [2010.10.27 21:49:00 | 000,000,000 | ---D | C] -- C:\Programme\SUPERAntiSpyware [2010.10.25 21:55:24 | 000,000,000 | ---D | C] -- C:\WINDOWS\Minidump [2010.10.25 21:47:23 | 000,000,000 | ---D | C] -- C:\WINDOWS\ERDNT [2010.10.25 21:46:44 | 000,000,000 | ---D | C] -- C:\Programme\ERUNT [2010.10.24 20:32:49 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\yyyyyyyy xxxxxxxx\Anwendungsdaten\Malwarebytes [2010.10.24 20:32:31 | 000,038,224 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbamswissarmy.sys [2010.10.24 20:32:30 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Malwarebytes [2010.10.24 20:32:27 | 000,020,952 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbam.sys [2010.10.24 20:32:26 | 000,000,000 | ---D | C] -- C:\Programme\Malwarebytes' Anti-Malware [2010.10.24 20:30:46 | 000,000,000 | ---D | C] -- C:\Programme\7-Zip [2010.10.24 20:29:01 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\All Users\Desktop\MFtools [2010.10.23 21:11:58 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\LocalService\Anwendungsdaten\McAfee [2010.10.08 20:46:14 | 000,000,000 | ---D | C] -- C:\Programme\IrfanView [2010.10.08 18:47:06 | 000,000,000 | -HSD | C] -- C:\Config.Msi [2010.10.01 20:39:50 | 000,000,000 | R--D | C] -- C:\Dokumente und Einstellungen\yyyyyyyy xxxxxxxx\Eigene Dateien\Eigene Videos [2010.10.01 20:37:58 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\yyyyyyyy xxxxxxxx\Anwendungsdaten\AVSMedia [2010.10.01 20:37:40 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\AVS4YOU [2010.10.01 20:36:09 | 000,000,000 | ---D | C] -- C:\Programme\Gemeinsame Dateien\AVSMedia [2010.10.01 20:35:59 | 001,700,352 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\GdiPlus.dll [2010.10.01 20:35:59 | 000,638,976 | ---- | C] (DivXNetworks, Inc.) -- C:\WINDOWS\System32\divx.dll [2010.10.01 20:35:59 | 000,221,215 | ---- | C] (DivXNetworks, Inc.) -- C:\WINDOWS\System32\divxdec.ax [2010.10.01 20:35:59 | 000,024,576 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\msxml3a.dll [2010.10.01 20:35:58 | 000,261,632 | ---- | C] (MainConcept) -- C:\WINDOWS\System32\mcdvd_32.dll [2010.10.01 20:35:58 | 000,082,944 | ---- | C] (Voxware, Inc.) -- C:\WINDOWS\System32\vct3216.acm [2010.10.01 20:35:58 | 000,081,920 | ---- | C] (fccHandler) -- C:\WINDOWS\System32\AC3ACM.acm [2010.10.01 20:35:58 | 000,038,912 | ---- | C] (NCT Company) -- C:\WINDOWS\System32\alf2cd.acm [2010.10.01 20:35:58 | 000,013,239 | ---- | C] (SHARP Corporation) -- C:\WINDOWS\System32\Scg726.acm ========== Files - Modified Within 30 Days ========== [2010.10.28 20:29:01 | 000,001,088 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineUA.job [2010.10.28 20:08:34 | 000,001,044 | ---- | M] () -- C:\WINDOWS\tasks\Google Software Updater.job [2010.10.28 19:34:03 | 000,001,084 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineCore.job [2010.10.28 19:33:50 | 066,927,822 | ---- | M] () -- C:\WINDOWS\System32\drivers\Avg\incavi.avm [2010.10.28 19:28:59 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat [2010.10.28 19:28:56 | 1063,702,528 | -HS- | M] () -- C:\hiberfil.sys [2010.10.27 21:49:04 | 000,001,642 | ---- | M] () -- C:\Dokumente und Einstellungen\All Users\Desktop\SUPERAntiSpyware Free Edition.lnk [2010.10.27 19:54:34 | 000,001,158 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl [2010.10.25 21:47:07 | 000,000,747 | ---- | M] () -- C:\Dokumente und Einstellungen\yyyyyyyy xxxxxxxx\Startmenü\Programme\Autostart\ERUNT AutoBackup.lnk [2010.10.25 21:46:52 | 000,000,591 | ---- | M] () -- C:\Dokumente und Einstellungen\yyyyyyyy xxxxxxxx\Desktop\NTREGOPT.lnk [2010.10.25 21:46:52 | 000,000,572 | ---- | M] () -- C:\Dokumente und Einstellungen\yyyyyyyy xxxxxxxx\Desktop\ERUNT.lnk [2010.10.25 21:38:52 | 000,000,000 | ---- | M] () -- C:\Dokumente und Einstellungen\yyyyyyyy xxxxxxxx\defogger_reenable [2010.10.24 20:32:34 | 000,000,676 | ---- | M] () -- C:\Dokumente und Einstellungen\All Users\Desktop\Malwarebytes' Anti-Malware.lnk [2010.10.24 20:29:20 | 000,050,477 | ---- | M] () -- C:\Dokumente und Einstellungen\yyyyyyyy xxxxxxxx\Desktop\defogger.exe [2010.10.24 20:29:19 | 000,286,404 | ---- | M] () -- C:\Dokumente und Einstellungen\yyyyyyyy xxxxxxxx\Desktop\Gmer.zip [2010.10.24 19:56:38 | 000,020,480 | ---- | M] () -- C:\Dokumente und Einstellungen\yyyyyyyy xxxxxxxx\Eigene Dateien\Antrag xyxysysy.doc [2010.10.19 16:00:00 | 000,294,912 | ---- | M] () -- C:\Dokumente und Einstellungen\yyyyyyyy xxxxxxxx\Desktop\gmer.exe [2010.10.18 15:56:00 | 000,023,040 | ---- | M] () -- C:\Dokumente und Einstellungen\yyyyyyyy xxxxxxxx\Desktop\Gartenaktion Liebe Bären.doc [2010.10.16 12:40:26 | 000,054,156 | -H-- | M] () -- C:\WINDOWS\QTFont.qfn [2010.10.14 20:43:07 | 003,734,304 | ---- | M] () -- C:\WINDOWS\System32\FNTCACHE.DAT [2010.10.14 19:55:15 | 000,001,393 | ---- | M] () -- C:\WINDOWS\imsins.BAK [2010.10.11 15:33:21 | 000,000,116 | ---- | M] () -- C:\WINDOWS\NeroDigital.ini [2010.10.08 20:46:19 | 000,001,537 | ---- | M] () -- C:\Dokumente und Einstellungen\yyyyyyyy xxxxxxxx\Desktop\IrfanView Thumbnails.lnk [2010.10.08 20:46:19 | 000,000,665 | ---- | M] () -- C:\Dokumente und Einstellungen\yyyyyyyy xxxxxxxx\Desktop\IrfanView.lnk [2010.10.08 20:12:04 | 002,107,349 | ---- | M] () -- C:\Dokumente und Einstellungen\yyyyyyyy xxxxxxxx\Eigene Dateien\zzzzzzzzz_Entwicklungsbericht_Nr3_geaendert-2.jpg [2010.10.08 20:10:48 | 003,944,282 | ---- | M] () -- C:\Dokumente und Einstellungen\yyyyyyyy xxxxxxxx\Eigene Dateien\zzzzzzzzz_Entwicklungsbericht_Nr3_geaendert-1.jpg [2010.10.08 20:08:10 | 001,147,302 | ---- | M] () -- C:\Dokumente und Einstellungen\yyyyyyyy xxxxxxxx\Eigene Dateien\zzzzzzzzz_Entwicklungsbericht_Nr3_geaendert.pdf [2010.10.08 19:56:24 | 001,454,080 | ---- | M] () -- C:\Dokumente und Einstellungen\yyyyyyyy xxxxxxxx\Eigene Dateien\zzzzzzzzz_Entwicklungsbericht_Nr3_geaendert.doc [2010.10.08 18:48:00 | 000,001,709 | ---- | M] () -- C:\Dokumente und Einstellungen\All Users\Desktop\Adobe Reader 8.lnk [2010.10.06 17:46:06 | 000,449,044 | ---- | M] () -- C:\WINDOWS\System32\perfh007.dat [2010.10.06 17:46:06 | 000,432,690 | ---- | M] () -- C:\WINDOWS\System32\perfh009.dat [2010.10.06 17:46:06 | 000,080,306 | ---- | M] () -- C:\WINDOWS\System32\perfc007.dat [2010.10.06 17:46:06 | 000,067,646 | ---- | M] () -- C:\WINDOWS\System32\perfc009.dat [2010.10.05 20:48:19 | 000,092,160 | ---- | M] () -- C:\Dokumente und Einstellungen\yyyyyyyy xxxxxxxx\Lokale Einstellungen\Anwendungsdaten\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini [2010.10.01 20:47:03 | 002,940,932 | ---- | M] () -- C:\Dokumente und Einstellungen\yyyyyyyy xxxxxxxx\Eigene Dateien\Video0020_NEW.mpg [2010.09.28 21:23:37 | 000,001,887 | ---- | M] () -- C:\Dokumente und Einstellungen\All Users\Desktop\Google Earth.lnk ========== Files Created - No Company Name ========== [2010.10.27 21:49:04 | 000,001,642 | ---- | C] () -- C:\Dokumente und Einstellungen\All Users\Desktop\SUPERAntiSpyware Free Edition.lnk [2010.10.25 21:49:46 | 000,294,912 | ---- | C] () -- C:\Dokumente und Einstellungen\yyyyyyyy xxxxxxxx\Desktop\gmer.exe [2010.10.25 21:47:07 | 000,000,747 | ---- | C] () -- C:\Dokumente und Einstellungen\yyyyyyyy xxxxxxxx\Startmenü\Programme\Autostart\ERUNT AutoBackup.lnk [2010.10.25 21:46:52 | 000,000,591 | ---- | C] () -- C:\Dokumente und Einstellungen\yyyyyyyy xxxxxxxx\Desktop\NTREGOPT.lnk [2010.10.25 21:46:52 | 000,000,572 | ---- | C] () -- C:\Dokumente und Einstellungen\yyyyyyyy xxxxxxxx\Desktop\ERUNT.lnk [2010.10.25 21:38:52 | 000,000,000 | ---- | C] () -- C:\Dokumente und Einstellungen\yyyyyyyy xxxxxxxx\defogger_reenable [2010.10.24 20:32:34 | 000,000,676 | ---- | C] () -- C:\Dokumente und Einstellungen\All Users\Desktop\Malwarebytes' Anti-Malware.lnk [2010.10.24 20:29:20 | 000,050,477 | ---- | C] () -- C:\Dokumente und Einstellungen\yyyyyyyy xxxxxxxx\Desktop\defogger.exe [2010.10.24 20:29:15 | 000,286,404 | ---- | C] () -- C:\Dokumente und Einstellungen\yyyyyyyy xxxxxxxx\Desktop\Gmer.zip [2010.10.24 19:56:38 | 000,020,480 | ---- | C] () -- C:\Dokumente und Einstellungen\yyyyyyyy xxxxxxxx\Eigene Dateien\Antrag Adoptionsanerkennung.doc [2010.10.12 14:34:54 | 000,023,040 | ---- | C] () -- C:\Dokumente und Einstellungen\yyyyyyyy xxxxxxxx\Desktop\Gartenaktion Liebe Bären.doc [2010.10.08 20:46:19 | 000,001,537 | ---- | C] () -- C:\Dokumente und Einstellungen\yyyyyyyy xxxxxxxx\Desktop\IrfanView Thumbnails.lnk [2010.10.08 20:46:19 | 000,000,665 | ---- | C] () -- C:\Dokumente und Einstellungen\yyyyyyyy xxxxxxxx\Desktop\IrfanView.lnk [2010.10.08 20:11:57 | 002,107,349 | ---- | C] () -- C:\Dokumente und Einstellungen\yyyyyyyy xxxxxxxx\Eigene Dateien\zzzzzzzzz_Entwicklungsbericht_Nr3_geaendert-2.jpg [2010.10.08 20:10:38 | 003,944,282 | ---- | C] () -- C:\Dokumente und Einstellungen\yyyyyyyy xxxxxxxx\Eigene Dateien\zzzzzzzzz_Entwicklungsbericht_Nr3_geaendert-1.jpg [2010.10.08 20:08:04 | 001,147,302 | ---- | C] () -- C:\Dokumente und Einstellungen\yyyyyyyy xxxxxxxx\Eigene Dateien\zzzzzzzzz_Entwicklungsbericht_Nr3_geaendert.pdf [2010.10.08 19:55:10 | 001,454,080 | ---- | C] () -- C:\Dokumente und Einstellungen\yyyyyyyy xxxxxxxx\Eigene Dateien\zzzzzzzzz_Entwicklungsbericht_Nr3_geaendert.doc [2010.10.01 20:46:45 | 002,940,932 | ---- | C] () -- C:\Dokumente und Einstellungen\yyyyyyyy xxxxxxxx\Eigene Dateien\Video0020_NEW.mpg [2010.10.01 20:35:59 | 000,156,910 | ---- | C] () -- C:\WINDOWS\WMSysPr8.prx [2010.10.01 20:35:59 | 000,139,264 | ---- | C] () -- C:\WINDOWS\System32\xvidvfw.dll [2010.10.01 20:35:59 | 000,053,248 | ---- | C] () -- C:\WINDOWS\System32\xvid.ax [2010.10.01 20:35:58 | 000,524,288 | ---- | C] () -- C:\WINDOWS\System32\xvidcore.dll [2010.09.28 21:23:37 | 000,001,887 | ---- | C] () -- C:\Dokumente und Einstellungen\All Users\Desktop\Google Earth.lnk [2010.07.03 20:36:07 | 000,000,760 | ---- | C] () -- C:\Dokumente und Einstellungen\yyyyyyyy xxxxxxxx\Anwendungsdaten\setup_ldm.iss [2010.05.13 13:01:01 | 000,002,892 | ---- | C] () -- C:\WINDOWS\System32\audcon.sys [2010.04.08 23:13:33 | 000,037,223 | ---- | C] () -- C:\Dokumente und Einstellungen\yyyyyyyy xxxxxxxx\Anwendungsdaten\dBase.ADR [2010.04.08 22:50:38 | 000,037,249 | ---- | C] () -- C:\Dokumente und Einstellungen\yyyyyyyy xxxxxxxx\Anwendungsdaten\Kommagetrennte Werte (Windows).ADR [2010.04.08 21:46:23 | 000,022,836 | ---- | C] () -- C:\Dokumente und Einstellungen\yyyyyyyy xxxxxxxx\Anwendungsdaten\Microsoft Access.ADR [2010.04.07 21:15:01 | 000,110,592 | ---- | C] () -- C:\WINDOWS\System32\FsUsbExDevice.Dll [2010.04.07 21:15:01 | 000,036,640 | ---- | C] () -- C:\WINDOWS\System32\FsUsbExDisk.Sys [2010.04.07 21:14:41 | 000,002,528 | ---- | C] () -- C:\Dokumente und Einstellungen\yyyyyyyy xxxxxxxx\Anwendungsdaten\$_hpcst$.hpc [2009.08.24 14:03:38 | 000,368,015 | ---- | C] () -- C:\Dokumente und Einstellungen\yyyyyyyy xxxxxxxx\Anwendungsdaten\mdbu.bin [2009.07.14 21:07:18 | 000,000,118 | ---- | C] () -- C:\WINDOWS\System32\MRT.INI [2009.04.26 22:15:23 | 000,000,116 | ---- | C] () -- C:\WINDOWS\NeroDigital.ini [2009.04.26 19:50:33 | 000,001,747 | ---- | C] () -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\QTSBandwidthCache [2009.04.11 20:07:32 | 000,000,045 | ---- | C] () -- C:\WINDOWS\mfggbCameras.ini [2009.04.09 21:04:00 | 000,000,000 | ---- | C] () -- C:\WINDOWS\PROTOCOL.INI [2009.02.01 22:20:54 | 000,230,784 | R--- | C] () -- C:\WINDOWS\System32\drivers\U6000ALL.sys [2009.01.20 23:12:29 | 000,001,081 | ---- | C] () -- C:\WINDOWS\vtplus32.ini [2009.01.20 23:12:25 | 000,000,030 | ---- | C] () -- C:\WINDOWS\System32\UNWISE.INI [2009.01.20 23:11:37 | 000,065,536 | ---- | C] () -- C:\WINDOWS\System32\dmcrypto.dll [2009.01.20 23:11:02 | 000,159,744 | ---- | C] () -- C:\WINDOWS\System32\hcwChDB.dll [2009.01.20 23:10:24 | 000,006,391 | ---- | C] () -- C:\WINDOWS\HCWPNP.INI [2009.01.20 23:02:10 | 000,000,000 | ---- | C] () -- C:\WINDOWS\graphedt.INI [2009.01.20 22:59:02 | 000,363,520 | ---- | C] () -- C:\WINDOWS\System32\PsisDecd.dll [2009.01.18 21:19:28 | 000,092,160 | ---- | C] () -- C:\Dokumente und Einstellungen\yyyyyyyy xxxxxxxx\Lokale Einstellungen\Anwendungsdaten\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini [2009.01.18 15:42:22 | 000,000,510 | ---- | C] () -- C:\WINDOWS\ODBC.INI [2009.01.17 22:30:36 | 000,001,520 | ---- | C] () -- C:\WINDOWS\System32\yyyyyyyy xxxxxxxx_KBD.ini [2008.12.18 17:13:02 | 000,000,061 | ---- | C] () -- C:\WINDOWS\smscfg.ini [2008.11.03 23:21:17 | 000,000,416 | ---- | C] () -- C:\WINDOWS\System32\oeminfo.ini [2008.11.03 23:20:53 | 000,016,961 | ---- | C] () -- C:\WINDOWS\Resdux.dll [2008.11.03 15:54:04 | 000,001,522 | ---- | C] () -- C:\WINDOWS\System32\MagicKBD.INI [2008.11.03 15:54:04 | 000,001,520 | ---- | C] () -- C:\WINDOWS\System32\Besitzer_KBD.ini [2008.11.03 15:54:02 | 000,001,857 | ---- | C] () -- C:\WINDOWS\System32\KBDUU.INI [2008.11.03 15:54:02 | 000,001,835 | ---- | C] () -- C:\WINDOWS\System32\KBDA.INI [2008.11.03 15:54:02 | 000,001,697 | ---- | C] () -- C:\WINDOWS\System32\KBDV.INI [2008.11.03 15:54:01 | 000,003,425 | ---- | C] () -- C:\WINDOWS\System32\KBDR.INI [2008.11.03 15:54:01 | 000,002,741 | ---- | C] () -- C:\WINDOWS\System32\KBDD.INI [2008.11.03 15:54:01 | 000,002,699 | ---- | C] () -- C:\WINDOWS\System32\KBDO.INI [2008.11.03 15:54:01 | 000,002,699 | ---- | C] () -- C:\WINDOWS\System32\KBDC.INI [2008.11.03 15:54:01 | 000,002,606 | ---- | C] () -- C:\WINDOWS\System32\KBDB.INI [2008.11.03 15:54:01 | 000,002,236 | ---- | C] () -- C:\WINDOWS\System32\KBDQ.INI [2008.11.03 15:54:01 | 000,001,956 | ---- | C] () -- C:\WINDOWS\System32\KBDE.INI [2008.11.03 15:54:01 | 000,001,885 | ---- | C] () -- C:\WINDOWS\System32\KBDP.INI [2008.11.03 15:54:01 | 000,001,835 | ---- | C] () -- C:\WINDOWS\System32\KBDG.INI [2008.11.03 15:54:01 | 000,001,834 | ---- | C] () -- C:\WINDOWS\System32\KBDU.INI [2008.11.03 15:54:01 | 000,001,819 | ---- | C] () -- C:\WINDOWS\System32\KBDN.INI [2008.11.03 15:54:01 | 000,001,699 | ---- | C] () -- C:\WINDOWS\System32\KBDT.INI [2008.11.03 15:54:01 | 000,001,522 | ---- | C] () -- C:\WINDOWS\System32\KBDS.INI [2008.11.03 15:54:01 | 000,001,476 | ---- | C] () -- C:\WINDOWS\System32\KBDF.INI [2008.11.03 15:51:47 | 000,000,135 | R--- | C] () -- C:\WINDOWS\System32\lngEng.ini [2008.11.03 15:51:47 | 000,000,117 | ---- | C] () -- C:\WINDOWS\System32\lngKor.ini [2008.11.03 15:48:26 | 000,147,456 | ---- | C] () -- C:\WINDOWS\System32\igfxCoIn_v4926.dll [2008.11.03 15:45:46 | 000,004,300 | ---- | C] () -- C:\WINDOWS\System32\MEMIO.SYS [2008.11.03 15:34:04 | 000,004,161 | ---- | C] () -- C:\WINDOWS\ODBCINST.INI [2007.10.25 17:26:10 | 000,005,632 | ---- | C] () -- C:\WINDOWS\System32\drivers\StarOpen.sys [2007.08.16 15:17:50 | 000,143,360 | ---- | C] () -- C:\WINDOWS\System32\nsldap32v50.dll [2007.06.08 20:12:12 | 000,262,144 | ---- | C] () -- C:\WINDOWS\System32\GTTunerCard.dll [2007.04.03 12:59:54 | 006,148,096 | ---- | C] () -- C:\WINDOWS\System32\dzcore.dll [2006.12.05 17:07:16 | 000,032,256 | ---- | C] () -- C:\WINDOWS\System32\dzbryce6.dll [2006.12.05 17:00:56 | 000,180,224 | ---- | C] () -- C:\WINDOWS\System32\dzwrapper.dll [2006.11.20 18:25:16 | 001,343,488 | ---- | C] () -- C:\WINDOWS\System32\daz-qsa.dll [2006.11.20 18:25:02 | 004,984,832 | ---- | C] () -- C:\WINDOWS\System32\daz-qt-mt.dll [2005.12.21 16:57:04 | 000,024,576 | ---- | C] () -- C:\WINDOWS\System32\nsldappr32v50.dll [2005.12.21 16:54:34 | 000,040,960 | ---- | C] () -- C:\WINDOWS\System32\nsldapssl32v50.dll [2004.07.29 03:19:46 | 000,175,104 | ---- | C] () -- C:\WINDOWS\System32\lame_enc.dll [2003.06.28 15:34:20 | 000,069,707 | ---- | C] () -- C:\WINDOWS\System32\DISP_OPT1.dll [2002.06.06 02:01:58 | 000,029,696 | ---- | C] () -- C:\WINDOWS\System32\asutl8.dll [2001.10.28 17:42:30 | 000,116,224 | ---- | C] () -- C:\WINDOWS\System32\pdfcmnnt.dll [1999.04.30 01:00:00 | 000,065,536 | ---- | C] () -- C:\WINDOWS\System32\MSRTEDIT.DLL ========== LOP Check ========== [2010.04.18 21:08:53 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\AVG Security Toolbar [2010.04.18 21:05:17 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\avg9 [2010.05.13 12:54:51 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\eLicenser [2009.08.12 22:33:45 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\fotobuch.de AG [2009.11.06 23:47:34 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\OptiTex [2010.04.07 21:25:06 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\PC Suite [2010.09.01 22:39:50 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\regid.1986-12.com.adobe [2009.03.03 20:52:17 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Roni Music [2009.08.24 13:46:08 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Rossmann Fotoservice [2010.04.09 21:54:57 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Samsung [2010.03.30 20:56:46 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\StarMoney 7.0 [2010.05.13 13:01:52 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Steinberg [2010.05.13 13:01:02 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Syncrosoft [2010.05.06 21:49:01 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Topten Software [2008.11.03 15:49:09 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\WLAN [2010.04.23 21:33:34 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\yyyyyyyy xxxxxxxx\Anwendungsdaten\Anvil Studio [2010.10.01 20:42:54 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\yyyyyyyy xxxxxxxx\Anwendungsdaten\AVSMedia [2010.08.13 23:12:08 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\yyyyyyyy xxxxxxxx\Anwendungsdaten\chc.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1 [2009.05.06 20:47:06 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\yyyyyyyy xxxxxxxx\Anwendungsdaten\CoSoSys [2010.05.01 13:21:00 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\yyyyyyyy xxxxxxxx\Anwendungsdaten\DarkWave Studio [2009.11.06 23:37:01 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\yyyyyyyy xxxxxxxx\Anwendungsdaten\DAZ 3D [2009.08.12 22:33:41 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\yyyyyyyy xxxxxxxx\Anwendungsdaten\fotobuch.de AG [2010.09.18 21:18:35 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\yyyyyyyy xxxxxxxx\Anwendungsdaten\FRITZ! [2009.01.23 22:14:45 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\yyyyyyyy xxxxxxxx\Anwendungsdaten\ImageMatics [2010.07.03 20:36:21 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\yyyyyyyy xxxxxxxx\Anwendungsdaten\Leadertech [2009.01.18 22:22:44 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\yyyyyyyy xxxxxxxx\Anwendungsdaten\MSNInstaller [2010.04.07 21:24:55 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\yyyyyyyy xxxxxxxx\Anwendungsdaten\PC Suite [2009.03.03 20:48:37 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\yyyyyyyy xxxxxxxx\Anwendungsdaten\Roni Music [2010.04.09 21:54:09 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\yyyyyyyy xxxxxxxx\Anwendungsdaten\Samsung [2010.08.16 23:54:32 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\yyyyyyyy xxxxxxxx\Anwendungsdaten\StageManager.BD092818F67280F4B42B04877600987F0111B594.1 [2010.05.13 13:13:04 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\yyyyyyyy xxxxxxxx\Anwendungsdaten\Steinberg [2010.05.28 21:33:02 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\yyyyyyyy xxxxxxxx\Anwendungsdaten\SynthFont [2010.04.28 22:29:49 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\yyyyyyyy xxxxxxxx\Anwendungsdaten\Topten Software [2010.02.13 22:41:06 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\yyyyyyyy xxxxxxxx\Anwendungsdaten\uk.co.planetside [2010.05.13 13:13:04 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\yyyyyyyy xxxxxxxx\Anwendungsdaten\VST3 Presets ========== Purity Check ========== ========== Custom Scans ========== < %ALLUSERSPROFILE%\Application Data\*. > < %ALLUSERSPROFILE%\Application Data\*.exe /s > < %APPDATA%\*. > [2010.08.14 23:09:35 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\yyyyyyyy xxxxxxxx\Anwendungsdaten\Adobe [2010.08.16 23:54:32 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\yyyyyyyy xxxxxxxx\Anwendungsdaten\Adobe Mini Bridge CS5 [2009.04.19 21:47:20 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\yyyyyyyy xxxxxxxx\Anwendungsdaten\Ahead [2010.04.23 21:33:34 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\yyyyyyyy xxxxxxxx\Anwendungsdaten\Anvil Studio [2009.04.26 19:50:39 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\yyyyyyyy xxxxxxxx\Anwendungsdaten\Apple Computer [2010.10.01 20:42:54 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\yyyyyyyy xxxxxxxx\Anwendungsdaten\AVSMedia [2010.08.13 23:12:08 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\yyyyyyyy xxxxxxxx\Anwendungsdaten\chc.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1 [2009.01.21 22:46:12 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\yyyyyyyy xxxxxxxx\Anwendungsdaten\Corel [2009.05.06 20:47:06 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\yyyyyyyy xxxxxxxx\Anwendungsdaten\CoSoSys [2010.05.01 13:21:00 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\yyyyyyyy xxxxxxxx\Anwendungsdaten\DarkWave Studio [2009.11.06 23:37:01 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\yyyyyyyy xxxxxxxx\Anwendungsdaten\DAZ 3D [2009.04.05 21:20:35 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\yyyyyyyy xxxxxxxx\Anwendungsdaten\dvdcss [2009.08.12 22:33:41 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\yyyyyyyy xxxxxxxx\Anwendungsdaten\fotobuch.de AG [2010.09.18 21:18:35 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\yyyyyyyy xxxxxxxx\Anwendungsdaten\FRITZ! [2009.01.17 16:06:59 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\yyyyyyyy xxxxxxxx\Anwendungsdaten\Google [2010.04.24 23:31:34 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\yyyyyyyy xxxxxxxx\Anwendungsdaten\Help [2008.11.03 15:41:36 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\yyyyyyyy xxxxxxxx\Anwendungsdaten\Identities [2009.01.23 22:14:45 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\yyyyyyyy xxxxxxxx\Anwendungsdaten\ImageMatics [2008.11.03 15:49:44 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\yyyyyyyy xxxxxxxx\Anwendungsdaten\InstallShield [2010.07.03 20:36:21 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\yyyyyyyy xxxxxxxx\Anwendungsdaten\Leadertech [2010.07.03 20:36:36 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\yyyyyyyy xxxxxxxx\Anwendungsdaten\Logitech [2010.10.27 21:26:44 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\yyyyyyyy xxxxxxxx\Anwendungsdaten\Macromedia [2010.10.24 20:32:49 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\yyyyyyyy xxxxxxxx\Anwendungsdaten\Malwarebytes [2010.02.18 20:43:38 | 000,000,000 | --SD | M] -- C:\Dokumente und Einstellungen\yyyyyyyy xxxxxxxx\Anwendungsdaten\Microsoft [2009.01.18 15:36:12 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\yyyyyyyy xxxxxxxx\Anwendungsdaten\Microsoft Web Folders [2009.01.18 21:57:07 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\yyyyyyyy xxxxxxxx\Anwendungsdaten\Mozilla [2009.01.18 22:22:44 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\yyyyyyyy xxxxxxxx\Anwendungsdaten\MSNInstaller [2010.09.22 21:06:25 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\yyyyyyyy xxxxxxxx\Anwendungsdaten\Nero [2010.04.07 21:24:55 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\yyyyyyyy xxxxxxxx\Anwendungsdaten\PC Suite [2009.03.03 20:48:37 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\yyyyyyyy xxxxxxxx\Anwendungsdaten\Roni Music [2010.04.09 21:54:09 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\yyyyyyyy xxxxxxxx\Anwendungsdaten\Samsung [2010.10.27 21:25:12 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\yyyyyyyy xxxxxxxx\Anwendungsdaten\Skype [2010.04.01 23:17:20 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\yyyyyyyy xxxxxxxx\Anwendungsdaten\skypePM [2010.08.16 23:54:32 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\yyyyyyyy xxxxxxxx\Anwendungsdaten\StageManager.BD092818F67280F4B42B04877600987F0111B594.1 [2010.05.13 13:13:04 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\yyyyyyyy xxxxxxxx\Anwendungsdaten\Steinberg [2009.01.26 20:59:17 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\yyyyyyyy xxxxxxxx\Anwendungsdaten\Sun [2010.10.27 21:49:10 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\yyyyyyyy xxxxxxxx\Anwendungsdaten\SUPERAntiSpyware.com [2010.05.28 21:33:02 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\yyyyyyyy xxxxxxxx\Anwendungsdaten\SynthFont [2010.04.28 22:29:49 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\yyyyyyyy xxxxxxxx\Anwendungsdaten\Topten Software [2010.10.24 21:19:03 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\yyyyyyyy xxxxxxxx\Anwendungsdaten\U3 [2010.02.13 22:41:06 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\yyyyyyyy xxxxxxxx\Anwendungsdaten\uk.co.planetside [2009.01.18 23:25:34 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\yyyyyyyy xxxxxxxx\Anwendungsdaten\vlc [2010.05.13 13:13:04 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\yyyyyyyy xxxxxxxx\Anwendungsdaten\VST3 Presets [2010.05.03 22:11:03 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\yyyyyyyy xxxxxxxx\Anwendungsdaten\WinRAR < %APPDATA%\*.exe /s > [2010.07.03 20:36:13 | 000,053,248 | R--- | M] (Acresso Software Inc.) -- C:\Dokumente und Einstellungen\yyyyyyyy xxxxxxxx\Anwendungsdaten\Microsoft\Installer\{3EE9BCAE-E9A9-45E5-9B1C-83A4D357E05C}\ARPPRODUCTICON.exe [2010.02.13 22:26:08 | 000,004,710 | R--- | M] () -- C:\Dokumente und Einstellungen\yyyyyyyy xxxxxxxx\Anwendungsdaten\Microsoft\Installer\{CCEB53A5-A252-4CF3-8602-429AB06BF0AE}\_18be6784.exe [2010.02.13 22:26:08 | 000,004,710 | R--- | M] () -- C:\Dokumente und Einstellungen\yyyyyyyy xxxxxxxx\Anwendungsdaten\Microsoft\Installer\{CCEB53A5-A252-4CF3-8602-429AB06BF0AE}\_294823.exe [2009.01.18 22:22:53 | 000,827,368 | ---- | M] (Microsoft Corporation) -- C:\Dokumente und Einstellungen\yyyyyyyy xxxxxxxx\Anwendungsdaten\MSNInstaller\msnauins.exe [2006.09.01 15:53:32 | 000,110,592 | ---- | M] () -- C:\Dokumente und Einstellungen\yyyyyyyy xxxxxxxx\Anwendungsdaten\U3\temp\cleanup.exe [2006.10.04 14:21:22 | 003,072,000 | -H-- | M] (SanDisk Corporation) -- C:\Dokumente und Einstellungen\yyyyyyyy xxxxxxxx\Anwendungsdaten\U3\temp\Launchpad Removal.exe < %SYSTEMDRIVE%\*.exe > < MD5 for: AGP440.SYS > [2008.04.14 14:00:00 | 020,108,202 | ---- | M] () .cab file -- C:\WINDOWS\Driver Cache\i386\sp3.cab:AGP440.sys [2008.04.14 14:00:00 | 020,108,202 | ---- | M] () .cab file -- C:\WINDOWS\I386\sp3.cab:AGP440.sys < MD5 for: ATAPI.SYS > [2008.04.14 14:00:00 | 020,108,202 | ---- | M] () .cab file -- C:\WINDOWS\Driver Cache\i386\sp3.cab:atapi.sys [2008.04.14 14:00:00 | 020,108,202 | ---- | M] () .cab file -- C:\WINDOWS\I386\sp3.cab:atapi.sys [2008.04.14 01:10:32 | 000,096,512 | ---- | M] (Microsoft Corporation) MD5=9F3A2F5AA6875C72BF062C712CFA2674 -- C:\WINDOWS\system32\dllcache\atapi.sys [2008.04.14 01:10:32 | 000,096,512 | ---- | M] (Microsoft Corporation) MD5=9F3A2F5AA6875C72BF062C712CFA2674 -- C:\WINDOWS\system32\drivers\atapi.sys [2008.04.14 14:00:00 | 000,096,512 | ---- | M] (Microsoft Corporation) MD5=9F3A2F5AA6875C72BF062C712CFA2674 -- C:\WINDOWS\system32\ReinstallBackups\0003\DriverFiles\i386\atapi.sys < MD5 for: EVENTLOG.DLL > [2008.04.14 14:00:00 | 000,056,320 | ---- | M] (Microsoft Corporation) MD5=04955AA695448C181B367D964AF158AA -- C:\WINDOWS\system32\dllcache\eventlog.dll [2008.04.14 14:00:00 | 000,056,320 | ---- | M] (Microsoft Corporation) MD5=04955AA695448C181B367D964AF158AA -- C:\WINDOWS\system32\eventlog.dll < MD5 for: EXPLORER.EXE > [2008.04.14 14:00:00 | 001,036,800 | ---- | M] (Microsoft Corporation) MD5=418045A93CD87A352098AB7DABE1B53E -- C:\WINDOWS\explorer.exe [2008.04.14 14:00:00 | 001,036,800 | ---- | M] (Microsoft Corporation) MD5=418045A93CD87A352098AB7DABE1B53E -- C:\WINDOWS\system32\dllcache\explorer.exe < MD5 for: NETLOGON.DLL > [2008.04.14 14:00:00 | 000,407,040 | ---- | M] (Microsoft Corporation) MD5=0098D35F91DEAB9C127360A877F2CF84 -- C:\WINDOWS\system32\dllcache\netlogon.dll [2008.04.14 14:00:00 | 000,407,040 | ---- | M] (Microsoft Corporation) MD5=0098D35F91DEAB9C127360A877F2CF84 -- C:\WINDOWS\system32\netlogon.dll < MD5 for: SCECLI.DLL > [2008.04.14 14:00:00 | 000,187,904 | ---- | M] (Microsoft Corporation) MD5=5132443DF6FC3771A17AB4AE55DCBC28 -- C:\WINDOWS\system32\dllcache\scecli.dll [2008.04.14 14:00:00 | 000,187,904 | ---- | M] (Microsoft Corporation) MD5=5132443DF6FC3771A17AB4AE55DCBC28 -- C:\WINDOWS\system32\scecli.dll < MD5 for: USER32.DLL > [2008.04.14 14:00:00 | 000,580,096 | ---- | M] (Microsoft Corporation) MD5=B0050CC5340E3A0760DD8B417FF7AEBD -- C:\WINDOWS\system32\dllcache\user32.dll [2008.04.14 14:00:00 | 000,580,096 | ---- | M] (Microsoft Corporation) MD5=B0050CC5340E3A0760DD8B417FF7AEBD -- C:\WINDOWS\system32\user32.dll < MD5 for: USERINIT.EXE > [2008.04.14 14:00:00 | 000,026,624 | ---- | M] (Microsoft Corporation) MD5=788F95312E26389D596C0FA55834E106 -- C:\WINDOWS\system32\dllcache\userinit.exe [2008.04.14 14:00:00 | 000,026,624 | ---- | M] (Microsoft Corporation) MD5=788F95312E26389D596C0FA55834E106 -- C:\WINDOWS\system32\userinit.exe < MD5 for: WINLOGON.EXE > [2008.04.14 14:00:00 | 000,513,024 | ---- | M] (Microsoft Corporation) MD5=F09A527B422E25C478E38CAA0E44417A -- C:\WINDOWS\system32\dllcache\winlogon.exe [2008.04.14 14:00:00 | 000,513,024 | ---- | M] (Microsoft Corporation) MD5=F09A527B422E25C478E38CAA0E44417A -- C:\WINDOWS\system32\winlogon.exe < MD5 for: WS2IFSL.SYS > [2008.04.14 14:00:00 | 000,012,032 | ---- | M] (Microsoft Corporation) MD5=6ABE6E225ADB5A751622A9CC3BC19CE8 -- C:\WINDOWS\system32\dllcache\ws2ifsl.sys [2008.04.14 14:00:00 | 000,012,032 | ---- | M] (Microsoft Corporation) MD5=6ABE6E225ADB5A751622A9CC3BC19CE8 -- C:\WINDOWS\system32\drivers\ws2ifsl.sys < %systemroot%\system32\drivers\*.sys /lockedfiles > < %systemroot%\System32\config\*.sav > [2008.11.03 16:32:46 | 000,094,208 | ---- | M] () -- C:\WINDOWS\system32\config\default.sav [2008.11.03 16:32:46 | 001,069,056 | ---- | M] () -- C:\WINDOWS\system32\config\software.sav [2008.11.03 16:32:45 | 000,438,272 | ---- | M] () -- C:\WINDOWS\system32\config\system.sav < %systemroot%\*. /mp /s > < %systemroot%\system32\*.dll /lockedfiles > < End of report > |
|
28.10.2010, 20:16
| #4 |
| | MSN.DE / XING /HOTMAIL NICHT ERREICHBAR; MBAM meldet trojan.amber Hallo, vielen Dank schon mal für die Antwort. Hier die Extras.txt:OTL Logfile: Code:
ATTFilter OTL Extras logfile created on: 28.10.2010 20:41:12 - Run 2
OTL by OldTimer - Version 3.2.17.1 Folder = C:\Dokumente und Einstellungen\yyyyyyyy xxxxxxxx\Eigene Dateien\Downloads
Windows XP Home Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
1.014,00 Mb Total Physical Memory | 431,00 Mb Available Physical Memory | 42,00% Memory free
2,00 Gb Paging File | 2,00 Gb Available in Paging File | 77,00% Paging File free
Paging file location(s): C:\pagefile.sys 1524 3048 [binary data]
%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Programme
Drive C: | 100,04 Gb Total Space | 75,57 Gb Free Space | 75,54% Space Free | Partition Type: NTFS
Drive D: | 43,00 Gb Total Space | 32,07 Gb Free Space | 74,59% Space Free | Partition Type: NTFS
Computer Name: NAME-3197F9A02F | User Name: yyyyyyyy xxxxxxxx | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
========== Extra Registry (SafeList) ==========
========== File Associations ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
[HKEY_USERS\S-1-5-21-3492014923-2679367495-2594747567-1005\SOFTWARE\Classes\<extension>]
.html [@ = FirefoxHTML] -- C:\Programme\Mozilla Firefox\firefox.exe (Mozilla Corporation)
========== Shell Spawning ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
exefile [open] -- "%1" %*
htmlfile [edit] -- "C:\Programme\Microsoft Office\Office\msohtmed.exe" %1 (Microsoft Corporation)
htmlfile [print] -- "C:\Programme\Microsoft Office\Office\msohtmed.exe" /p %1 (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l (Microsoft Corporation)
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [Bridge] -- C:\Programme\Adobe\Adobe Bridge CS5\Bridge.exe "%L" (Adobe Systems, Inc.)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe /idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
========== Security Center Settings ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"FirstRunDisabled" = 1
"AntiVirusDisableNotify" = 0
"FirewallDisableNotify" = 0
"UpdatesDisableNotify" = 0
"AntiVirusOverride" = 0
"FirewallOverride" = 0
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\AhnlabAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ComputerAssociatesAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\KasperskyAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeFirewall]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaFirewall]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SophosAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TinyFirewall]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendFirewall]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ZoneLabsFirewall]
========== System Restore Settings ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows NT\SystemRestore]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRestore]
"DisableSR" = 0
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Sr]
"Start" = 0
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SrService]
"Start" = 2
========== Firewall Settings ==========
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0
"DoNotAllowExceptions" = 0
========== Authorized Applications List ==========
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
"C:\WINDOWS\system32\dpvsetup.exe" = C:\WINDOWS\system32\dpvsetup.exe:*:Disabled:Microsoft DirectPlay Voice Test -- (Microsoft Corporation)
"C:\Programme\fotobuch.de AG\Designer 2.0\Designer.exe" = C:\Programme\fotobuch.de AG\Designer 2.0\Designer.exe:*:Designer.exe -- File not found
"E:\fsetup.exe" = E:\fsetup.exe:*:Enabled:AVM FSetup Application -- File not found
"C:\Programme\FRITZ!DSL\IGDCTRL.EXE" = C:\Programme\FRITZ!DSL\IGDCTRL.EXE:*:Enabled:AVM FRITZ!DSL - igdctrl.exe -- (AVM Berlin)
"C:\Programme\FRITZ!DSL\FBOXUPD.EXE" = C:\Programme\FRITZ!DSL\FBOXUPD.EXE:*:Enabled:AVM FRITZ!DSL - fboxupd.exe -- (AVM Berlin)
"C:\Programme\FRITZ!DSL\WebwaIgd.exe" = C:\Programme\FRITZ!DSL\WebwaIgd.exe:*:Enabled:AVM FRITZ!DSL - webwaigd.exe -- (AVM Berlin)
========== HKEY_LOCAL_MACHINE Uninstall List ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{00000407-78E1-11D2-B60F-006097C998E7}" = Microsoft Office 2000 Premium
"{0001B4FD-9EA3-4D90-A79E-FD14BA3AB01D}" = PDFCreator
"{033E378E-6AD3-4AD5-BDEB-CBD69B31046C}" = Microsoft_VC90_ATL_x86
"{04AF207D-9A77-465A-8B76-991F6AB66245}" = Adobe Help Viewer CS3
"{06391FB0-B995-46DE-ADD2-3EE057BFA9DA}" = StarMoney 7.0 S-Edition
"{08B32819-6EEF-4057-AEDA-5AB681A36A23}" = Adobe Bridge Start Meeting
"{08D2E121-7F6A-43EB-97FD-629B44903403}" = Microsoft_VC90_CRT_x86
"{0C826C5B-B131-423A-A229-C71B3CACCD6A}" = CDDRV_Installer
"{0F3647F8-E51D-4FCC-8862-9A8D0C5ACF25}" = Microsoft_VC80_ATL_x86
"{145DE957-0679-4A2A-BB5C-1D3E9808FAB2}" = Samsung Recovery Solution III
"{15FEDA5F-141C-4127-8D7E-B962D1742728}" = Adobe Photoshop CS5
"{17283B95-21A8-4996-97DA-547A48DB266F}" = Easy Display Manager
"{18455581-E099-4BA8-BC6B-F34B2F06600C}" = Google Toolbar for Internet Explorer
"{184CE391-7E0E-4C63-9935-D7A10EDFD3C6}" = Adobe WinSoft Linguistics Plugin
"{1C63DD23-6554-4A1F-8D0D-B5A6B49D8015}" = Corel Graphics Suite 11
"{1CB92574-96F2-467B-B793-5CEB35C40C29}" = Image Resizer Powertoy for Windows XP
"{2227E1FA-01F5-483C-AB0E-2A308E900B3D}" = InterVideo FilterSDK for Hauppauge
"{2318C2B1-4965-11d4-9B18-009027A5CD4F}" = Google Toolbar for Internet Explorer
"{24D7346D-D4B4-45E8-98EA-75EC14B42DD8}" = Adobe ExtendScript Toolkit 2
"{26A24AE4-039D-4CA4-87B4-2F83216020FF}" = Java(TM) 6 Update 21
"{29E5EA97-5F74-4A57-B8B2-D4F169117183}" = Adobe Stock Photos CS3
"{3101CB58-3482-4D21-AF1A-7057FC935355}" = KhalInstallWrapper
"{3248F0A8-6813-11D6-A77B-00B0D0150000}" = J2SE Runtime Environment 5.0
"{32D6A58F-9659-446C-BBFC-E6F2B41F24DC}" = Samsung Magic Doctor
"{350C97B3-3D7C-4EE8-BAA9-00BCB3D54227}" = WebFldrs XP
"{3EE9BCAE-E9A9-45E5-9B1C-83A4D357E05C}" = erLT
"{411E0CC3-587A-468C-B461-95FAFD05E4DE}" = Adobe InDesign CS3
"{4286E640-B5FB-11DF-AC4B-005056C00008}" = Google Earth
"{45FCADDB-0B29-457E-83A1-D245C62A716C}" = OLYMPUS Master 2
"{4658e798-942d-408a-b0be-767163b88e99}" = Nero BackItUp 4 Essentials
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{50C78780-1A54-4A5C-B3A7-FF828C62C5C2}" = Steinberg Cubase LE 5
"{54793AA1-5001-42F4-ABB6-C364617C6078}" = Adobe Linguistics CS3
"{5B6455A4-E812-479B-A762-C2356244CF97}" = EZ Grabber
"{5CBB720F-08E6-4043-B83F-76C277AF6DE7}" = Samsung Wallpaper
"{635FED5B-2C6D-49BE-87E6-7A6FCD22BC5A}" = Microsoft_VC90_MFC_x86
"{64C1FA9A-FA94-4B6E-B3E4-8573738E4AD1}" = Adobe Setup
"{65883ddf-2152-4cb7-8e13-b99194b13498}" = Nero BackItUp
"{6ABE0BEE-D572-4FE8-B434-9E72A289431B}" = Adobe Fonts All
"{6AFCA4E1-9B78-3640-8F72-A7BF33448200}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729
"{6D4AC5A4-4CF9-4F90-8111-B9B53CE257BF}" = Adobe Color Common Settings
"{6F730513-8688-4C3C-90A3-6B9792CE2EF3}" = Samsung Battery Manager
"{6FF5DD7A-FE28-4439-B8CF-1E9AF4EA0A61}" = Adobe Asset Services CS3
"{716E0306-8318-4364-8B8F-0CC4E9376BAC}" = MSXML 4.0 SP2 Parser and SDK
"{71A51B59-E7D3-11DB-A386-005056C00008}" = Namuga 1.3M Webcam
"{7299052b-02a4-4627-81f2-1818da5d550d}" = Microsoft Visual C++ 2005 Redistributable
"{73B5D990-04EA-4751-B10F-5534770B91F2}" = Adobe Color EU Recommended Settings
"{74A929E2-FBD8-4736-A84E-2ABBB2ABADF2}" = AVM FRITZ!DSL
"{75c53f52-398b-4d66-b28a-f9ef170b3b34}" = Nero BackItUp
"{7B46F9CF-CF60-492E-816E-95EB1A9D1BB4}" = Play Camera
"{7E84FAC8-C518-40F9-9807-7455301D6D25}" = SamsungConnectivityCableDriver
"{802771A9-A856-4A41-ACF7-1450E523C923}" = Adobe XMP Panels CS3
"{837b34e3-7c30-493c-8f6a-2b0f04e2912c}" = Microsoft Visual C++ 2005 Redistributable
"{837E620D-B93E-4D84-A753-BE1DBEB716B1}" = StarMoney
"{86F4B795-EA3D-48BD-ADFA-DA44B39059F9}" = StarMoney
"{8E106A57-A17E-431D-B48F-175E42EB9F74}" = imagine digital freedom - Samsung
"{8E6808E2-613D-4FCD-81A2-6C8FA8E03312}" = Adobe Type Support
"{90176341-0A8B-4CCC-A78D-F862228A6B95}" = Adobe Anchor Service CS3
"{92D58719-BBC1-4CC3-A08B-56C9E884CC2C}" = Microsoft_VC80_CRT_x86
"{981029E0-7FC9-4CF3-AB39-6F133621921A}" = Skype Toolbars
"{9C9824D9-9000-4373-A6A5-D0E5D4831394}" = Adobe Bridge CS3
"{A2B242BD-FF8D-4840-9DAA-9170EABEC59C}" = Adobe CMaps
"{A3051CD0-2F64-3813-A88D-B8DCCDE8F8C7}" = Microsoft .NET Framework 3.0 Service Pack 2
"{A49F249F-0C91-497F-86DF-B2585E8E76B7}" = Microsoft Visual C++ 2005 Redistributable
"{A78FE97A-C0C8-49CE-89D0-EDD524A17392}" = PDF Settings CS5
"{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper
"{ABB14904-A11B-4F42-996C-80FD608A0F17}" = Samsung EDS
"{AC599724-5755-48C1-ABE7-ABB857652930}" = PC Connectivity Solution
"{AC5B0C19-D851-42F4-BDA0-410ECF7F70A5}" = PDF Settings
"{AC76BA86-7AD7-1031-7B44-A82000000003}" = Adobe Reader 8.2.5 - Deutsch
"{AE585DDE-7230-4B57-926B-428C94AA5850}" = Adobe Setup
"{AF7E85DC-317C-47F5-810E-B82EE093A612}" = Samsung New PC Studio USB Driver Installer
"{B194272D-1F92-46DF-99EB-8D5CE91CB4EC}" = Adobe AIR
"{b2ec4a38-b545-4a00-8214-13fe0e915e6d}" = Advertising Center
"{B3276CB1-20B6-4AF9-AAEC-E72C83816495}" = IKEA Home Planner
"{B3BF6689-A81D-40D8-9A86-4AC4ACD9FC1C}" = Adobe Camera Raw 4.0
"{B3C02EC1-A7B0-4987-9A43-8789426AAA7D}" = Adobe Setup
"{B671CBFD-4109-4D35-9252-3062D3CCB7B2}" = Adobe SING CS3
"{B9B35331-B7E4-4E5C-BF4C-7BC87856124D}" = Adobe Default Language CS3
"{BAE68339-B0F6-4D33-9554-5A3DB2DFF5DA}" = User Guide
"{bd5ca0da-71ad-43da-b19e-6eee0c9adc9a}" = Nero ControlCenter
"{BD723E53-A42C-4702-AA04-1D74A0311590}" = Magic Keyboard
"{C04D5974-F528-4347-A494-EAF56124CC1A}" = Steinberg HALionOne Essential Set
"{C09FB3CD-3D0C-3F2D-899A-6A1D67F2073F}" = Microsoft .NET Framework 2.0 Service Pack 2
"{C1E544E5-EF3C-4103-A57B-3A499FD91031}" = Nero 7 Essentials
"{C6FF65DB-B18E-4F0E-948F-E058E67BAF48}" = VstPlayer
"{CCEB53A5-A252-4CF3-8602-429AB06BF0AE}" = Terragen
"{CDDCBBF1-2703-46BC-938B-BCC81A1EEAAA}" = SUPERAntiSpyware
"{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1
"{D0795B21-0CDA-4a92-AB9E-6E92D8111E44}" = SAMSUNG USB Driver for Mobile Phones
"{D0DFF92A-492E-4C40-B862-A74A173C25C5}" = Adobe Version Cue CS3 Client
"{D103C4BA-F905-437A-8049-DB24763BBE36}" = Skype™ 4.2
"{D1A19B02-817E-4296-A45B-07853FD74D57}" = Microsoft_VC80_MFC_x86
"{D2559B88-CC9D-4B48-81BB-F492BAA9C48C}" = Adobe PDF Library Files
"{D8CE69B0-9274-4b8c-BA49-0FF6A20A3C65}" = SAMSUNG SYMBIAN USB Download Driver
"{D92BBB52-82FF-42ED-8A3C-4E062F944AB7}" = Microsoft_VC80_MFCLOC_x86
"{DA71A94B-3617-4935-8BBE-1566B2174C95}" = Drv
"{DD7DB3C5-6FA3-4FA3-8A71-C2F2940EB029}" = Adobe Color JA Extra Settings
"{DE3A9DC5-9A5D-6485-9662-347162C7E4CA}" = Adobe Media Player
"{DEA48EFD-22C1-4CD6-B887-EB2E6B2E4735}" = Samsung Network Manager 2.0
"{E1180142-3B31-4DCC-9D27-7AC2D37662BF}" = LightScribe 1.4.124.1
"{E69AE897-9E0B-485C-8552-7841F48D42D8}" = Adobe Update Manager CS3
"{E70E7159-93B1-470D-9FBD-D8E9EF34B538}" = Steinberg HALionOne
"{e8a80433-302b-4ff1-815d-fcc8eac482ff}" = Nero Installer
"{EA7B3CC4-366D-4CF6-8350-FD7A7034116E}" = Adobe InDesign CS3 Icon Handler
"{EE531675-A09C-51DD-F356-ECA9D6857039}" = Adobe Community Help
"{F07B861C-72B9-40A4-8B1A-AAED4C06A7E8}" = QuickTime
"{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver
"{F193FC0E-9E18-40FC-A974-509A1BDD240A}" = Samsung New PC Studio
"{F29B21BD-CAA6-445F-8EF7-A7E2B9D8B14E}" = Logitech SetPoint
"{f4041dce-3fe1-4e18-8a9e-9de65231ee36}" = Nero ControlCenter
"{F4F41D14-E0DD-4FB4-AA09-A14225C769BD}" = Atheros WLAN Client
"{FF29A7E2-FF40-4D07-B7E4-2093DE59E10A}" = Adobe Color NA Extra Settings
"3A5DEFA413DDE699DBA6EBE0A63534ACA524D30F" = Windows-Treiberpaket - Nokia pccsmcfd (10/12/2007 6.85.4.0)
"7-Zip" = 7-Zip 4.65
"Adobe AIR" = Adobe AIR
"Adobe Photoshop 6.0" = Adobe Photoshop 6.0
"Adobe SVG Viewer" = Adobe SVG Viewer
"Adobe_3e054d2218e7aa282c2369d939e58ff" = Adobe ExtendScript Toolkit 2
"Adobe_6c8e2cb4fd241c55406016127a6ab2e" = Adobe Color Common Settings
"Adobe_8fbf74eb27c84640370f87306e8981b" = Adobe InDesign CS3
"ASIO4ALL" = ASIO4ALL
"AVG9Uninstall" = AVG Free 9.0
"AVMFBox" = AVM FRITZ!Box Dokumentation
"AVMFBoxPrinter" = AVM FRITZ!Box Druckeranschluss
"Bryce" = Bryce 5.5c
"Bryce 5" = Bryce(R) 5
"chc.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1" = Adobe Community Help
"com.adobe.amp.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1" = Adobe Media Player
"DAZ|Studio" = DAZ|Studio 1.5.1.0
"eLicenser Control" = eLicenser Control
"ERUNT_is1" = ERUNT 1.1j
"Google Updater" = Google Updater
"Hauppauge German Help Files and Resources" = Hauppauge German Help Files and Resources
"Hauppauge WinTV" = Hauppauge WinTV
"Hauppauge WinTV DVB-T EPG Service" = Hauppauge WinTV DVB-T EPG Service
"Hauppauge WinTV Scheduler" = Hauppauge WinTV Scheduler
"Hauppauge WinTV TV Services" = Hauppauge WinTV TV Services
"HDMI" = Intel(R) Graphics Media Accelerator Driver
"IDNMitigationAPIs" = Microsoft Internationalized Domain Names Mitigation APIs
"ie7" = Windows Internet Explorer 7
"ie8" = Windows Internet Explorer 8
"InstallShield_{1C63DD23-6554-4A1F-8D0D-B5A6B49D8015}" = CorelDRAW Graphics Suite 11
"InstallShield_{5B6455A4-E812-479B-A762-C2356244CF97}" = EZ Grabber
"InstallShield_{7B46F9CF-CF60-492E-816E-95EB1A9D1BB4}" = Play Camera
"InstallShield_{AF7E85DC-317C-47F5-810E-B82EE093A612}" = Samsung New PC Studio USB Driver Installer
"InstallShield_{DEA48EFD-22C1-4CD6-B887-EB2E6B2E4735}" = Samsung Network Manager 2.0
"InstallShield_{F193FC0E-9E18-40FC-A974-509A1BDD240A}" = Samsung New PC Studio
"IrfanView" = IrfanView (remove only)
"Malwarebytes' Anti-Malware_is1" = Malwarebytes' Anti-Malware
"Marvell Miniport Driver" = Marvell Miniport Driver
"Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1
"MotionBLITZ" = MotionBLITZ
"Mozilla Firefox (3.6.11)" = Mozilla Firefox (3.6.11)
"MSCompPackV1" = Microsoft Compression Client Pack 1.0 for Windows XP
"MSNINST" = MSN
"NLSDownlevelMapping" = Microsoft National Language Support Downlevel APIs
"RedEye" = RedEye (remove only)
"Rossmann Fotoservice_is1" = Rossmann Fotoservice 2.6
"STANLY Track EDDM" = STANLY Track EDDM
"SynTPDeinstKey" = Synaptics Pointing Device Driver
"USB_AUDIO_DEusb-audio.deBehringer2902" = BEHRINGER USB AUDIO DRIVER
"VLC media player" = VLC media player 0.9.8a
"VTPlus32 für WinTV (German)" = VTPlus32 für WinTV (German)
"Wdf01005" = Microsoft Kernel-Mode Driver Framework Feature Pack 1.5
"Windows Media Format Runtime" = Windows Media Format 11 runtime
"Windows Media Player" = Windows Media Player 11
"WinRAR archiver" = WinRAR
"WMFDist11" = Windows Media Format 11 runtime
"wmp11" = Windows Media Player 11
"Wudf01000" = Microsoft User-Mode Driver Framework Feature Pack 1.0
"Xenu_is1" = Xenu's Link Sleuth
"XMedia Recode" = XMedia Recode 2.1.1.1
========== HKEY_USERS Uninstall List ==========
[HKEY_USERS\S-1-5-21-3492014923-2679367495-2594747567-1005\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"STANLY Track EDDM" = STANLY Track EDDM
========== Last 10 Event Log Errors ==========
[ Application Events ]
Error - 13.10.2010 16:12:47 | Computer Name = NAME-3197F9A02F | Source = Application Hang | ID = 1002
Description = Stillstehende Anwendung SDUpdate.exe, Version 1.6.0.12, Stillstandmodul
hungapp, Version 0.0.0.0, Stillstandadresse 0x00000000.
Error - 16.10.2010 09:52:44 | Computer Name = NAME-3197F9A02F | Source = Application Hang | ID = 1002
Description = Stillstehende Anwendung SpybotSD.exe, Version 1.6.2.46, Stillstandmodul
hungapp, Version 0.0.0.0, Stillstandadresse 0x00000000.
Error - 22.10.2010 14:37:39 | Computer Name = NAME-3197F9A02F | Source = Application Hang | ID = 1002
Description = Stillstehende Anwendung firefox.exe, Version 1.9.2.3937, Stillstandmodul
hungapp, Version 0.0.0.0, Stillstandadresse 0x00000000.
Error - 22.10.2010 14:37:59 | Computer Name = NAME-3197F9A02F | Source = Application Error | ID = 1000
Description = Fehlgeschlagene Anwendung plugin-container.exe, Version 1.9.2.3937,
fehlgeschlagenes Modul ntdll.dll, Version 5.1.2600.5755, Fehleradresse 0x0000100b.
Error - 23.10.2010 15:10:40 | Computer Name = NAME-3197F9A02F | Source = crypt32 | ID = 131083
Description = Die Extrahierung der Drittanbieterstammlisten aus der automatischen
Aktualisierungs-CAB-Datei bei <hxxp://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cab>
ist fehlgeschlagen mit dem Fehler: Ein erforderliches Zertifikat befindet sich
nicht im Gültigkeitszeitraum gemessen an der aktuellen Systemzeit oder dem Zeitstempel
in der signierten Datei. .
Error - 23.10.2010 15:10:40 | Computer Name = NAME-3197F9A02F | Source = crypt32 | ID = 131083
Description = Die Extrahierung der Drittanbieterstammlisten aus der automatischen
Aktualisierungs-CAB-Datei bei <hxxp://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cab>
ist fehlgeschlagen mit dem Fehler: Ein erforderliches Zertifikat befindet sich
nicht im Gültigkeitszeitraum gemessen an der aktuellen Systemzeit oder dem Zeitstempel
in der signierten Datei. .
Error - 25.10.2010 15:57:24 | Computer Name = NAME-3197F9A02F | Source = Application Hang | ID = 1002
Description = Stillstehende Anwendung msimn.exe, Version 6.0.2900.5512, Stillstandmodul
hungapp, Version 0.0.0.0, Stillstandadresse 0x00000000.
Error - 27.10.2010 14:45:15 | Computer Name = NAME-3197F9A02F | Source = Application Hang | ID = 1002
Description = Stillstehende Anwendung firefox.exe, Version 1.9.2.3937, Stillstandmodul
hungapp, Version 0.0.0.0, Stillstandadresse 0x00000000.
Error - 27.10.2010 14:45:16 | Computer Name = NAME-3197F9A02F | Source = Application Hang | ID = 1002
Description = Stillstehende Anwendung firefox.exe, Version 1.9.2.3937, Stillstandmodul
hungapp, Version 0.0.0.0, Stillstandadresse 0x00000000.
Error - 27.10.2010 14:45:26 | Computer Name = NAME-3197F9A02F | Source = Application Hang | ID = 1002
Description = Stillstehende Anwendung firefox.exe, Version 1.9.2.3937, Stillstandmodul
hungapp, Version 0.0.0.0, Stillstandadresse 0x00000000.
[ System Events ]
Error - 24.10.2010 14:34:27 | Computer Name = NAME-3197F9A02F | Source = Service Control Manager | ID = 7034
Description = Dienst "LightScribeService Direct Disc Labeling Service" wurde unerwartet
beendet. Dies ist bereits 1 Mal passiert.
Error - 24.10.2010 14:34:27 | Computer Name = NAME-3197F9A02F | Source = Service Control Manager | ID = 7034
Description = Dienst "Java Quick Starter" wurde unerwartet beendet. Dies ist bereits
1 Mal passiert.
Error - 24.10.2010 14:34:28 | Computer Name = NAME-3197F9A02F | Source = Service Control Manager | ID = 7031
Description = Der Dienst "Nero BackItUp Scheduler 4.0" wurde unerwartet beendet.
Dies ist bereits 1 Mal vorgekommen. Folgende Korrekturmaßnahmen werden in 500 Millisekunden
durchgeführt: Starten Sie den Dienst neu..
Error - 24.10.2010 14:34:28 | Computer Name = NAME-3197F9A02F | Source = Service Control Manager | ID = 7034
Description = Dienst "PLFlash DeviceIoControl Service" wurde unerwartet beendet.
Dies ist bereits 1 Mal passiert.
Error - 24.10.2010 14:34:28 | Computer Name = NAME-3197F9A02F | Source = Service Control Manager | ID = 7034
Description = Dienst "SNM WLAN Service" wurde unerwartet beendet. Dies ist bereits
1 Mal passiert.
Error - 24.10.2010 14:34:30 | Computer Name = NAME-3197F9A02F | Source = Service Control Manager | ID = 7034
Description = Dienst "StarMoney 7.0 OnlineUpdate" wurde unerwartet beendet. Dies
ist bereits 1 Mal passiert.
Error - 25.10.2010 15:57:15 | Computer Name = NAME-3197F9A02F | Source = System Error | ID = 1003
Description = Fehlercode 00000019, 1. Parameter 00000020, 2. Parameter 859b2498,
3. Parameter 859b2cc0, 4. Parameter 1b05003b.
Error - 25.10.2010 16:02:14 | Computer Name = NAME-3197F9A02F | Source = System Error | ID = 1003
Description = Fehlercode 00000019, 1. Parameter 00000020, 2. Parameter 85801000,
3. Parameter 85801828, 4. Parameter 1b050000.
Error - 27.10.2010 15:30:51 | Computer Name = NAME-3197F9A02F | Source = System Error | ID = 1003
Description = Fehlercode 00000019, 1. Parameter 00000020, 2. Parameter 85113000,
3. Parameter 85113828, 4. Parameter 1b050000.
Error - 28.10.2010 00:45:22 | Computer Name = NAME-3197F9A02F | Source = Service Control Manager | ID = 7011
Description = Zeitüberschreitung (30000 ms) beim Warten auf eine Transaktionsrückmeldung
von Dienst SNM WLAN Service.
< End of report >
und hier die OTL.txt:OTL Logfile: Code:
ATTFilter OTL logfile created on: 28.10.2010 20:41:12 - Run 2 OTL by OldTimer - Version 3.2.17.1 Folder = C:\Dokumente und Einstellungen\yyyyyyyy xxxxxxxx\Eigene Dateien\Downloads Windows XP Home Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation Internet Explorer (Version = 8.0.6001.18702) Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy 1.014,00 Mb Total Physical Memory | 431,00 Mb Available Physical Memory | 42,00% Memory free 2,00 Gb Paging File | 2,00 Gb Available in Paging File | 77,00% Paging File free Paging file location(s): C:\pagefile.sys 1524 3048 [binary data] %SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Programme Drive C: | 100,04 Gb Total Space | 75,57 Gb Free Space | 75,54% Space Free | Partition Type: NTFS Drive D: | 43,00 Gb Total Space | 32,07 Gb Free Space | 74,59% Space Free | Partition Type: NTFS Computer Name: NAME-3197F9A02F | User Name: yyyyyyyy xxxxxxxx | Logged in as Administrator. Boot Mode: Normal | Scan Mode: All users Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days ========== Processes (SafeList) ========== PRC - C:\Dokumente und Einstellungen\yyyyyyyy xxxxxxxx\Eigene Dateien\Downloads\OTL.exe (OldTimer Tools) PRC - C:\Programme\SUPERAntiSpyware\SUPERAntiSpyware.exe (SUPERAntiSpyware.com) PRC - C:\Programme\AVG\AVG9\avgtray.exe (AVG Technologies CZ, s.r.o.) PRC - C:\Programme\AVG\AVG9\avgnsx.exe (AVG Technologies CZ, s.r.o.) PRC - C:\Programme\Gemeinsame Dateien\Adobe\ARM\1.0\AdobeARM.exe (Adobe Systems Incorporated) PRC - C:\Programme\AVG\AVG9\avgrsx.exe (AVG Technologies CZ, s.r.o.) PRC - C:\Programme\AVG\AVG9\avgwdsvc.exe (AVG Technologies CZ, s.r.o.) PRC - C:\Programme\AVG\AVG9\avgcsrvx.exe (AVG Technologies CZ, s.r.o.) PRC - C:\Programme\AVG\AVG9\avgchsvx.exe (AVG Technologies CZ, s.r.o.) PRC - C:\Programme\Gemeinsame Dateien\Java\Java Update\jucheck.exe (Sun Microsystems, Inc.) PRC - C:\Programme\Gemeinsame Dateien\Java\Java Update\jusched.exe (Sun Microsystems, Inc.) PRC - C:\Programme\StarMoney 7.0 S-Edition\ouservice\StarMoneyOnlineUpdate.exe (Star Finanz - Software Entwicklung und Vertriebs GmbH) PRC - C:\Programme\Samsung\Samsung New PC Studio\NPSAgent.exe (Samsung Electronics Co., Ltd.) PRC - C:\WINDOWS\system32\FsUsbExService.Exe (Teruten) PRC - C:\Programme\FRITZ!DSL\IGDCTRL.EXE (AVM Berlin) PRC - C:\Programme\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe (Google Inc.) PRC - C:\Programme\Samsung\Samsung Battery Manager\BatteryManager.exe () PRC - C:\Programme\Samsung\Easy Display Manager\dmhkcore.exe (SAMSUNG Electronics) PRC - C:\Programme\Gemeinsame Dateien\Nero\Nero BackItUp 4\NBService.exe (Nero AG) PRC - C:\Programme\Nero\Nero BackItUp 4\IoctlSvc.exe (Prolific Technology Inc.) PRC - C:\Programme\Samsung\MagicKBD\PerformanceManager.exe (Samsung Electronics Co., Ltd.) PRC - C:\Programme\Samsung\MagicKBD\MagicKBD.exe (SAMSUNG Electronics Co., Ltd.) PRC - C:\Programme\Logitech\SetPoint\SetPoint.exe (Logitech, Inc.) PRC - C:\Programme\Gemeinsame Dateien\Logishrd\KHAL2\KHALMNPR.exe (Logitech, Inc.) PRC - C:\WINDOWS\explorer.exe (Microsoft Corporation) PRC - C:\WINDOWS\system32\igfxext.exe (Intel Corporation) PRC - C:\Programme\Samsung\Samsung EDS\EDSAgent.exe (Samsung Electronics,.LTD) PRC - C:\Programme\WinTV\EPG Services\System\EPGService.exe (Hauppauge Computer Works) PRC - C:\Programme\Gemeinsame Dateien\Ahead\Lib\NMBgMonitor.exe (Nero AG) PRC - C:\Programme\Gemeinsame Dateien\Ahead\Lib\NMIndexStoreSvr.exe (Nero AG) PRC - C:\Programme\Samsung\Samsung Network Manager\SNMWLANService.exe () PRC - C:\Programme\Gemeinsame Dateien\LightScribe\LSSrvc.exe (Hewlett-Packard Company) ========== Modules (SafeList) ========== MOD - C:\Dokumente und Einstellungen\yyyyyyyy xxxxxxxx\Eigene Dateien\Downloads\OTL.exe (OldTimer Tools) MOD - C:\WINDOWS\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.2600.6028_x-ww_61e65202\comctl32.dll (Microsoft Corporation) MOD - C:\WINDOWS\WinSxS\x86_Microsoft.VC80.CRT_1fc8b3b9a1e18e3b_8.0.50727.4053_x-ww_e6967989\msvcr80.dll (Microsoft Corporation) MOD - C:\Programme\Logitech\SetPoint\lgscroll.dll (Logitech, Inc.) ========== Win32 Services (SafeList) ========== SRV - (AppMgmt) -- C:\WINDOWS\System32\appmgmts.dll File not found SRV - (AVG Security Toolbar Service) -- C:\Programme\AVG\AVG9\Toolbar\ToolbarBroker.exe () SRV - (avg9wd) -- C:\Programme\AVG\AVG9\avgwdsvc.exe (AVG Technologies CZ, s.r.o.) SRV - (StarMoney 7.0 OnlineUpdate) -- C:\Programme\StarMoney 7.0 S-Edition\ouservice\StarMoneyOnlineUpdate.exe (Star Finanz - Software Entwicklung und Vertriebs GmbH) SRV - (FsUsbExService) -- C:\WINDOWS\system32\FsUsbExService.Exe (Teruten) SRV - (SwitchBoard) -- C:\Programme\Gemeinsame Dateien\Adobe\SwitchBoard\SwitchBoard.exe (Adobe Systems Incorporated) SRV - (IGDCTRL) -- C:\Programme\FRITZ!DSL\IGDCTRL.EXE (AVM Berlin) SRV - (FLEXnet Licensing Service) -- C:\Programme\Gemeinsame Dateien\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe (Macrovision Europe Ltd.) SRV - (Nero BackItUp Scheduler 4.0) -- C:\Programme\Gemeinsame Dateien\Nero\Nero BackItUp 4\NBService.exe (Nero AG) SRV - (PLFlash DeviceIoControl Service) -- C:\Programme\Nero\Nero BackItUp 4\IoctlSvc.exe (Prolific Technology Inc.) SRV - (LBTServ) -- C:\Programme\Gemeinsame Dateien\Logishrd\Bluetooth\LBTServ.exe (Logitech, Inc.) SRV - (ServiceLayer) -- C:\Programme\PC Connectivity Solution\ServiceLayer.exe (Nokia.) SRV - (HauppaugeTVServer) -- C:\Programme\WinTV\HCWTVServer.exe (Hauppauge Computer Works) SRV - (EPGService) -- C:\Programme\WinTV\EPG Services\System\EPGService.exe (Hauppauge Computer Works) SRV - (SNM WLAN Service) -- C:\Programme\samsung\Samsung Network Manager\SNMWLANService.exe () SRV - (LightScribeService) -- C:\Programme\Gemeinsame Dateien\LightScribe\LSSrvc.exe (Hewlett-Packard Company) ========== Driver Services (SafeList) ========== DRV - (AvgTdiX) -- C:\WINDOWS\system32\drivers\avgtdix.sys (AVG Technologies CZ, s.r.o.) DRV - (AvgLdx86) -- C:\WINDOWS\system32\drivers\avgldx86.sys (AVG Technologies CZ, s.r.o.) DRV - (AvgMfx86) -- C:\WINDOWS\system32\drivers\avgmfx86.sys (AVG Technologies CZ, s.r.o.) DRV - (SASKUTIL) -- C:\Programme\SUPERAntiSpyware\SASKUTIL.SYS (SUPERAdBlocker.com and SUPERAntiSpyware.com) DRV - (FsUsbExDisk) -- C:\WINDOWS\system32\FsUsbExDisk.Sys () DRV - (sscdmdm) -- C:\WINDOWS\system32\drivers\sscdmdm.sys (MCCI Corporation) DRV - (sscdbus) SAMSUNG USB Composite Device driver (WDM) -- C:\WINDOWS\system32\drivers\sscdbus.sys (MCCI Corporation) DRV - (sscdmdfl) -- C:\WINDOWS\system32\drivers\sscdmdfl.sys (MCCI Corporation) DRV - (SASDIFSV) -- C:\Programme\SUPERAntiSpyware\sasdifsv.sys (SUPERAdBlocker.com and SUPERAntiSpyware.com) DRV - (BEHRINGER_2902) -- C:\WINDOWS\system32\drivers\BUSB2902.sys (BEHRINGER) DRV - (BUSB_AUDIO_WDM) -- C:\WINDOWS\system32\drivers\busbwdm.sys (BEHRINGER) DRV - (AR5416) -- C:\WINDOWS\system32\drivers\athw.sys (Atheros Communications, Inc.) DRV - (VMC326) -- C:\WINDOWS\system32\drivers\VMC326.sys (Vimicro Corporation) DRV - (SynTP) -- C:\WINDOWS\system32\drivers\SynTP.sys (Synaptics, Inc.) DRV - (IntcAzAudAddService) Service for Realtek HD Audio (WDM) -- C:\WINDOWS\system32\drivers\RtkHDAud.sys (Realtek Semiconductor Corp.) DRV - (yukonwxp) -- C:\WINDOWS\system32\drivers\yk51x86.sys (Marvell) DRV - (HDAudBus) -- C:\WINDOWS\system32\drivers\hdaudbus.sys (Windows (R) Server 2003 DDK provider) DRV - (MPE) -- C:\WINDOWS\system32\drivers\MPE.sys (Microsoft Corporation) DRV - (usbaudio) USB-Audiotreiber (WDM) -- C:\WINDOWS\system32\drivers\USBAUDIO.sys (Microsoft Corporation) DRV - (LMouFilt) -- C:\WINDOWS\system32\drivers\LMouFilt.Sys (Logitech, Inc.) DRV - (LHidFilt) -- C:\WINDOWS\system32\drivers\LHidFilt.Sys (Logitech, Inc.) DRV - (ialm) -- C:\WINDOWS\system32\drivers\igxpmp32.sys (Intel Corporation) DRV - (DNSeFilter) -- C:\WINDOWS\system32\drivers\SamsungEDS.SYS (Samsung Electronics,.LTD) DRV - (hcw95rc) -- C:\WINDOWS\system32\drivers\hcw95rc.sys (Hauppauge Computer Works, Inc.) DRV - (hcw95bda) -- C:\WINDOWS\system32\drivers\hcw95bda.sys (Hauppauge Computer Works, Inc.) DRV - (pccsmcfd) -- C:\WINDOWS\system32\drivers\pccsmcfd.sys (Nokia) DRV - (U6000ALL) U6000 TV Box(ALL) -- C:\WINDOWS\system32\drivers\U6000ALL.sys () DRV - (BTWUSB) -- C:\WINDOWS\system32\drivers\btwusb.sys (Broadcom Corporation.) DRV - (SUEPD) -- C:\WINDOWS\system32\drivers\SUE_PD.sys (Samsung) DRV - (DOSMEMIO) -- C:\WINDOWS\system32\MEMIO.SYS () ========== Standard Registry (SafeList) ========== ========== Internet Explorer ========== IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,Default_Search_URL = Google Toolbar IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = Google Toolbar IE - HKU\.DEFAULT\..\URLSearchHook: {A3BC75A2-1F87-4686-AA43-5347D756017C} - C:\Programme\AVG\AVG9\Toolbar\IEToolbar.dll () IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local IE - HKU\S-1-5-18\..\URLSearchHook: {A3BC75A2-1F87-4686-AA43-5347D756017C} - C:\Programme\AVG\AVG9\Toolbar\IEToolbar.dll () IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local IE - HKU\S-1-5-21-3492014923-2679367495-2594747567-1005\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = Google IE - HKU\S-1-5-21-3492014923-2679367495-2594747567-1005\SOFTWARE\Microsoft\Internet Explorer\Main,SearchMigratedDefaultName = Google IE - HKU\S-1-5-21-3492014923-2679367495-2594747567-1005\SOFTWARE\Microsoft\Internet Explorer\Main,SearchMigratedDefaultURL = hxxp://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:en-US&ie=utf8&oe=utf8 IE - HKU\S-1-5-21-3492014923-2679367495-2594747567-1005\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = Google IE - HKU\S-1-5-21-3492014923-2679367495-2594747567-1005\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = Google Toolbar IE - HKU\S-1-5-21-3492014923-2679367495-2594747567-1005\..\URLSearchHook: {A3BC75A2-1F87-4686-AA43-5347D756017C} - C:\Programme\AVG\AVG9\Toolbar\IEToolbar.dll () IE - HKU\S-1-5-21-3492014923-2679367495-2594747567-1005\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 IE - HKU\S-1-5-21-3492014923-2679367495-2594747567-1005\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local ========== FireFox ========== FF - prefs.js..browser.startup.homepage: "hxxp://news.google.de/nwshp?hl=de&tab=wn" FF - prefs.js..extensions.enabledItems: jqs@sun.com:1.0 FF - prefs.js..extensions.enabledItems: {c45c406e-ab73-11d8-be73-000a95be3b12}:1.1.8 FF - prefs.js..extensions.enabledItems: {3f963a5b-e555-4543-90e2-c3908898db71}:9.0.0.863 FF - prefs.js..extensions.enabledItems: avg@igeared:6.010.006.004 FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}:6.0.20 FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA}:6.0.21 FF - prefs.js..extensions.enabledItems: {d40f5e7b-d2cf-4856-b441-cc613eeffbe3}:1.48.3 FF - HKLM\software\mozilla\Firefox\extensions\\{3f963a5b-e555-4543-90e2-c3908898db71}: C:\Programme\AVG\AVG9\Firefox [2010.10.26 10:31:58 | 000,000,000 | ---D | M] FF - HKLM\software\mozilla\Firefox\extensions\\avg@igeared: C:\Programme\AVG\AVG9\Toolbar\Firefox\avg@igeared [2010.10.26 10:30:16 | 000,000,000 | ---D | M] FF - HKLM\software\mozilla\Mozilla Firefox 3.6.11\extensions\\Components: C:\Programme\Mozilla Firefox\components [2010.10.24 10:09:15 | 000,000,000 | ---D | M] FF - HKLM\software\mozilla\Mozilla Firefox 3.6.11\extensions\\Plugins: C:\Programme\Mozilla Firefox\plugins [2010.10.22 20:20:57 | 000,000,000 | ---D | M] [2009.01.18 21:57:07 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\yyyyyyyy xxxxxxxx\Anwendungsdaten\Mozilla\Extensions [2010.10.27 21:30:46 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\yyyyyyyy xxxxxxxx\Anwendungsdaten\Mozilla\Firefox\Profiles\qyp9pp4c.default\extensions [2010.07.23 21:09:46 | 000,000,000 | ---D | M] (Microsoft .NET Framework Assistant) -- C:\Dokumente und Einstellungen\yyyyyyyy xxxxxxxx\Anwendungsdaten\Mozilla\Firefox\Profiles\qyp9pp4c.default\extensions\{20a82645-c095-46ed-80e3-08825760534b} [2010.01.12 23:16:03 | 000,000,000 | ---D | M] (Web Developer) -- C:\Dokumente und Einstellungen\yyyyyyyy xxxxxxxx\Anwendungsdaten\Mozilla\Firefox\Profiles\qyp9pp4c.default\extensions\{c45c406e-ab73-11d8-be73-000a95be3b12} [2010.10.27 20:57:33 | 000,000,000 | ---D | M] (No name found) -- C:\Dokumente und Einstellungen\yyyyyyyy xxxxxxxx\Anwendungsdaten\Mozilla\Firefox\Profiles\qyp9pp4c.default\extensions\{d40f5e7b-d2cf-4856-b441-cc613eeffbe3} [2010.10.27 21:08:47 | 000,000,000 | ---D | M] -- C:\Programme\Mozilla Firefox\extensions [2010.05.05 18:41:55 | 000,000,000 | ---D | M] (Java Console) -- C:\Programme\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA} [2010.09.05 21:07:42 | 000,000,000 | ---D | M] (Java Console) -- C:\Programme\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA} [2010.07.17 05:00:04 | 000,423,656 | ---- | M] (Sun Microsystems, Inc.) -- C:\Programme\Mozilla Firefox\plugins\npdeployJava1.dll [2010.07.28 19:19:28 | 000,001,392 | ---- | M] () -- C:\Programme\Mozilla Firefox\searchplugins\amazondotcom-de.xml [2010.07.28 19:19:29 | 000,002,344 | ---- | M] () -- C:\Programme\Mozilla Firefox\searchplugins\eBay-de.xml [2010.07.28 19:19:29 | 000,006,805 | ---- | M] () -- C:\Programme\Mozilla Firefox\searchplugins\leo_ende_de.xml [2010.07.28 19:19:29 | 000,001,178 | ---- | M] () -- C:\Programme\Mozilla Firefox\searchplugins\wikipedia-de.xml [2010.07.28 19:19:29 | 000,001,105 | ---- | M] () -- C:\Programme\Mozilla Firefox\searchplugins\yahoo-de.xml O1 HOSTS File: ([2010.08.14 23:17:34 | 000,416,705 | R--- | M]) - C:\WINDOWS\system32\drivers\etc\hosts O1 - Hosts: 127.0.0.1 localhost O1 - Hosts: 127.0.0.1 007guard.com - 007guard and Free Antivirus O1 - Hosts: 127.0.0.1 007guard.com O1 - Hosts: 127.0.0.1 008i.com O1 - Hosts: 127.0.0.1 008k.com O1 - Hosts: 127.0.0.1 008k.com O1 - Hosts: 127.0.0.1 00hq.com O1 - Hosts: 127.0.0.1 00hq.com O1 - Hosts: 127.0.0.1 010402.com O1 - Hosts: 127.0.0.1 www.032439.com O1 - Hosts: 127.0.0.1 032439.com O1 - Hosts: 127.0.0.1 0scan.com O1 - Hosts: 127.0.0.1 0scan.com O1 - Hosts: 127.0.0.1 1000gratisproben.com O1 - Hosts: 127.0.0.1 www.1000gratisproben.com O1 - Hosts: 127.0.0.1 1001namen.com O1 - Hosts: 127.0.0.1 1001namen.com O1 - Hosts: 127.0.0.1 100888290cs.com O1 - Hosts: 127.0.0.1 www.100888290cs.com O1 - Hosts: 127.0.0.1 100sexlinks.com O1 - Hosts: 127.0.0.1 100sexlinks.com O1 - Hosts: 127.0.0.1 10sek.com O1 - Hosts: 127.0.0.1 10sek.com O1 - Hosts: 127.0.0.1 www.1-2005-search.com O1 - Hosts: 127.0.0.1 1-2005-search.com O1 - Hosts: 14381 more lines... O2 - BHO: (AVG Safe Search) - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Programme\AVG\AVG9\avgssie.dll (AVG Technologies CZ, s.r.o.) O2 - BHO: (AVG Security Toolbar BHO) - {A3BC75A2-1F87-4686-AA43-5347D756017C} - C:\Programme\AVG\AVG9\Toolbar\IEToolbar.dll () O2 - BHO: (Google Toolbar Helper) - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Programme\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.) O2 - BHO: (Skype add-on for Internet Explorer) - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Programme\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.) O2 - BHO: (Google Toolbar Notifier BHO) - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Programme\Google\GoogleToolbarNotifier\5.6.5612.1312\swg.dll (Google Inc.) O3 - HKLM\..\Toolbar: (Google Toolbar) - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Programme\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.) O3 - HKLM\..\Toolbar: (AVG Security Toolbar) - {CCC7A320-B3CA-4199-B1A6-9F516DD69829} - C:\Programme\AVG\AVG9\Toolbar\IEToolbar.dll () O3 - HKU\S-1-5-21-3492014923-2679367495-2594747567-1005\..\Toolbar\WebBrowser: (Google Toolbar) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - C:\Programme\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.) O3 - HKU\S-1-5-21-3492014923-2679367495-2594747567-1005\..\Toolbar\WebBrowser: (AVG Security Toolbar) - {CCC7A320-B3CA-4199-B1A6-9F516DD69829} - C:\Programme\AVG\AVG9\Toolbar\IEToolbar.dll () O4 - HKLM..\Run: [] File not found O4 - HKLM..\Run: [Adobe ARM] C:\Programme\Gemeinsame Dateien\Adobe\ARM\1.0\AdobeARM.exe (Adobe Systems Incorporated) O4 - HKLM..\Run: [Adobe Reader Speed Launcher] C:\Programme\Adobe\Reader 8.0\Reader\Reader_sl.exe (Adobe Systems Incorporated) O4 - HKLM..\Run: [AdobeAAMUpdater-1.0] C:\Programme\Gemeinsame Dateien\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe (Adobe Systems Incorporated) O4 - HKLM..\Run: [AdobeCS5ServiceManager] C:\Programme\Gemeinsame Dateien\Adobe\CS5ServiceManager\CS5ServiceManager.exe (Adobe Systems Incorporated) O4 - HKLM..\Run: [Alcmtr] C:\WINDOWS\ALCMTR.EXE (Realtek Semiconductor Corp.) O4 - HKLM..\Run: [AVG9_TRAY] C:\Programme\AVG\AVG9\avgtray.exe (AVG Technologies CZ, s.r.o.) O4 - HKLM..\Run: [BatteryManager] C:\Programme\Samsung\Samsung Battery Manager\BatteryManager.exe () O4 - HKLM..\Run: [DMHotKey] C:\Programme\Samsung\Easy Display Manager\DMLoader.exe (SAMSUNG Electronics) O4 - HKLM..\Run: [EDS] C:\Programme\Samsung\Samsung EDS\EDSAgent.exe (Samsung Electronics,.LTD) O4 - HKLM..\Run: [Google Quick Search Box] C:\Programme\Google\Quick Search Box\GoogleQuickSearchBox.exe (Google Inc.) O4 - HKLM..\Run: [Kernel and Hardware Abstraction Layer] C:\WINDOWS\KHALMNPR.Exe (Logitech, Inc.) O4 - HKLM..\Run: [MagicKeyboard] C:\Programme\Samsung\MagicKBD\PreMKbd.exe () O4 - HKLM..\Run: [NBKeyScan] C:\Programme\Nero\Nero BackItUp 4\NBKeyScan.exe (Nero AG) O4 - HKLM..\Run: [NeroFilterCheck] C:\Programme\Gemeinsame Dateien\Ahead\Lib\NeroCheck.exe (Nero AG) O4 - HKLM..\Run: [NPSStartup] File not found O4 - HKLM..\Run: [SunJavaUpdateSched] C:\Programme\Gemeinsame Dateien\Java\Java Update\jusched.exe (Sun Microsystems, Inc.) O4 - HKLM..\Run: [SwitchBoard] C:\Programme\Gemeinsame Dateien\Adobe\SwitchBoard\SwitchBoard.exe (Adobe Systems Incorporated) O4 - HKU\.DEFAULT..\Run: [FRITZ!protect] File not found O4 - HKU\S-1-5-18..\Run: [FRITZ!protect] File not found O4 - HKU\S-1-5-21-3492014923-2679367495-2594747567-1005..\Run: [AdobeBridge] File not found O4 - HKU\S-1-5-21-3492014923-2679367495-2594747567-1005..\Run: [AutoStartNPSAgent] C:\Programme\Samsung\Samsung New PC Studio\NPSAgent.exe (Samsung Electronics Co., Ltd.) O4 - HKU\S-1-5-21-3492014923-2679367495-2594747567-1005..\Run: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] C:\Programme\Gemeinsame Dateien\Ahead\Lib\NMBgMonitor.exe (Nero AG) O4 - HKU\S-1-5-21-3492014923-2679367495-2594747567-1005..\Run: [OM2_Monitor] C:\Programme\OLYMPUS\OLYMPUS Master 2\MMonitor.exe (OLYMPUS IMAGING CORP.) O4 - HKU\S-1-5-21-3492014923-2679367495-2594747567-1005..\Run: [SUPERAntiSpyware] C:\Programme\SUPERAntiSpyware\SUPERAntiSpyware.exe (SUPERAntiSpyware.com) O4 - HKU\S-1-5-21-3492014923-2679367495-2594747567-1005..\Run: [swg] C:\Programme\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe (Google Inc.) O4 - Startup: C:\Dokumente und Einstellungen\All Users\Startmenü\Programme\Autostart\Logitech SetPoint.lnk = C:\Programme\Logitech\SetPoint\SetPoint.exe (Logitech, Inc.) O4 - Startup: C:\Dokumente und Einstellungen\yyyyyyyy xxxxxxxx\Startmenü\Programme\Autostart\ERUNT AutoBackup.lnk = C:\Programme\ERUNT\AUTOBACK.EXE () O4 - Startup: C:\Dokumente und Einstellungen\yyyyyyyy xxxxxxxx\Startmenü\Programme\Autostart\Mozilla Firefox (2).lnk = C:\Programme\Mozilla Firefox\firefox.exe (Mozilla Corporation) O4 - Startup: C:\Dokumente und Einstellungen\yyyyyyyy xxxxxxxx\Startmenü\Programme\Autostart\Outlook Express.lnk = C:\Programme\Outlook Express\msimn.exe (Microsoft Corporation) O4 - Startup: C:\Dokumente und Einstellungen\yyyyyyyy xxxxxxxx\Startmenü\Programme\Autostart\Skype.lnk = C:\WINDOWS\Installer\{24D753CA-6AE9-4E30-8F5F-EFC93E08BF3D}\SkypeIcon.exe File not found O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1 O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145 O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145 O7 - HKU\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145 O7 - HKU\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145 O7 - HKU\S-1-5-21-3492014923-2679367495-2594747567-1005\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145 O8 - Extra context menu item: Google Sidewiki... - C:\Programme\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_89D8574934B26AC4.dll (Google Inc.) O9 - Extra Button: Skype add-on for Internet Explorer - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Programme\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.) O9 - Extra 'Tools' menuitem : Skype add-on for Internet Explorer - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Programme\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.) O10 - NameSpace_Catalog5\Catalog_Entries\000000000004 [] - C:\Programme\Bonjour\mdnsNSP.dll (Apple Computer, Inc.) O15 - HKU\S-1-5-21-3492014923-2679367495-2594747567-1005\..Trusted Domains: fritz.box ([]* in Lokales Intranet) O15 - HKU\S-1-5-21-3492014923-2679367495-2594747567-1005\..Trusted Ranges: Range1 ([*] in Lokales Intranet) O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_21-windows-i586.cab (Java Plug-in 1.6.0_21) O16 - DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} hxxp://fpdownload.macromedia.com/get/flashplayer/current/polarbear/ultrashim.cab (Reg Error: Key error.) O16 - DPF: {CAFEEFAC-0015-0000-0000-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.5.0/jinstall-1_5_0-windows-i586.cab (Reg Error: Key error.) O16 - DPF: {CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_21-windows-i586.cab (Java Plug-in 1.6.0_21) O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_21-windows-i586.cab (Java Plug-in 1.6.0_21) O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.178.1 O18 - Protocol\Handler\avgsecuritytoolbar {F2DDE6B2-9684-4A55-86D4-E255E237B77C} - C:\Programme\AVG\AVG9\Toolbar\IEToolbar.dll () O18 - Protocol\Handler\http\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Gemeinsame Dateien\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation) O18 - Protocol\Handler\http\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Gemeinsame Dateien\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation) O18 - Protocol\Handler\https\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Gemeinsame Dateien\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation) O18 - Protocol\Handler\https\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Gemeinsame Dateien\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation) O18 - Protocol\Handler\ipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Gemeinsame Dateien\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation) O18 - Protocol\Handler\linkscanner {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Programme\AVG\AVG9\avgpp.dll (AVG Technologies CZ, s.r.o.) O18 - Protocol\Handler\msdaipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Gemeinsame Dateien\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation) O18 - Protocol\Handler\msdaipp\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Gemeinsame Dateien\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation) O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Programme\Gemeinsame Dateien\Skype\Skype4COM.dll (Skype Technologies) O18 - Protocol\Handler\skype-ie-addon-data {91774881-D725-4E58-B298-07617B9B86A8} - C:\Programme\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.) O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation) O20 - Winlogon\Notify\!SASWinLogon: DllName - C:\Programme\SUPERAntiSpyware\SASWINLO.DLL - C:\Programme\SUPERAntiSpyware\SASWINLO.DLL (SUPERAntiSpyware.com) O20 - Winlogon\Notify\avgrsstarter: DllName - avgrsstx.dll - C:\WINDOWS\System32\avgrsstx.dll (AVG Technologies CZ, s.r.o.) O20 - Winlogon\Notify\igfxcui: DllName - igfxdev.dll - C:\WINDOWS\System32\igfxdev.dll (Intel Corporation) O20 - Winlogon\Notify\LBTWlgn: DllName - c:\programme\gemeinsame dateien\logishrd\bluetooth\LBTWlgn.dll - c:\Programme\Gemeinsame Dateien\Logishrd\Bluetooth\LBTWLgn.dll (Logitech, Inc.) O24 - Desktop Components:0 (Die derzeitige Homepage) - About:Home O24 - Desktop WallPaper: C:\WINDOWS\Web\Wallpaper\Grüne Idylle.bmp O24 - Desktop BackupWallPaper: C:\WINDOWS\Web\Wallpaper\Grüne Idylle.bmp O28 - HKLM ShellExecuteHooks: {5AE067D3-9AFB-48E0-853A-EBB7F4A000DA} - C:\Programme\SUPERAntiSpyware\SASSEH.DLL (SuperAdBlocker.com) O32 - HKLM CDRom: AutoRun - 1 O32 - AutoRun File - [2008.11.03 15:41:30 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ] O33 - MountPoints2\{67e0f2db-7f3f-11de-95df-001377b33947}\Shell - "" = AutoRun O33 - MountPoints2\{67e0f2db-7f3f-11de-95df-001377b33947}\Shell\AutoRun - "" = Auto&Play O33 - MountPoints2\{67e0f2db-7f3f-11de-95df-001377b33947}\Shell\AutoRun\command - "" = F:\LaunchU3.exe -- File not found O33 - MountPoints2\{bcbb6be3-e49e-11dd-93df-001377b33947}\Shell - "" = AutoRun O33 - MountPoints2\{bcbb6be3-e49e-11dd-93df-001377b33947}\Shell\AutoRun - "" = Auto&Play O33 - MountPoints2\{bcbb6be3-e49e-11dd-93df-001377b33947}\Shell\AutoRun\command - "" = E:\LaunchU3.exe -- File not found O34 - HKLM BootExecute: (autocheck autochk *) - File not found O35 - HKLM\..comfile [open] -- "%1" %* O35 - HKLM\..exefile [open] -- "%1" %* O37 - HKLM\...com [@ = comfile] -- "%1" %* O37 - HKLM\...exe [@ = exefile] -- "%1" %* NetSvcs: 6to4 - File not found NetSvcs: AppMgmt - C:\WINDOWS\System32\appmgmts.dll File not found NetSvcs: Ias - File not found NetSvcs: Iprip - File not found NetSvcs: Irmon - File not found NetSvcs: NWCWorkstation - File not found NetSvcs: Nwsapagent - File not found NetSvcs: WmdmPmSp - File not found SafeBootMin: AppMgmt - C:\WINDOWS\System32\appmgmts.dll File not found SafeBootMin: Base - Driver Group SafeBootMin: Boot Bus Extender - Driver Group SafeBootMin: Boot file system - Driver Group SafeBootMin: File system - Driver Group SafeBootMin: Filter - Driver Group SafeBootMin: PCI Configuration - Driver Group SafeBootMin: PNP Filter - Driver Group SafeBootMin: Primary disk - Driver Group SafeBootMin: SCSI Class - Driver Group SafeBootMin: sermouse.sys - Driver SafeBootMin: System Bus Extender - Driver Group SafeBootMin: vga.sys - Driver SafeBootMin: WdfLoadGroup - SafeBootMin: {36FC9E60-C465-11CF-8056-444553540000} - Universal Serial Bus controllers SafeBootMin: {4D36E965-E325-11CE-BFC1-08002BE10318} - CD-ROM Drive SafeBootMin: {4D36E967-E325-11CE-BFC1-08002BE10318} - DiskDrive SafeBootMin: {4D36E969-E325-11CE-BFC1-08002BE10318} - Standard floppy disk controller SafeBootMin: {4D36E96A-E325-11CE-BFC1-08002BE10318} - Hdc SafeBootMin: {4D36E96B-E325-11CE-BFC1-08002BE10318} - Keyboard SafeBootMin: {4D36E96F-E325-11CE-BFC1-08002BE10318} - Mouse SafeBootMin: {4D36E977-E325-11CE-BFC1-08002BE10318} - PCMCIA Adapters SafeBootMin: {4D36E97B-E325-11CE-BFC1-08002BE10318} - SCSIAdapter SafeBootMin: {4D36E97D-E325-11CE-BFC1-08002BE10318} - System SafeBootMin: {4D36E980-E325-11CE-BFC1-08002BE10318} - Floppy disk drive SafeBootMin: {71A27CDD-812A-11D0-BEC7-08002BE2092F} - Volume SafeBootMin: {745A17A0-74D3-11D0-B6FE-00A0C90F57DA} - Human Interface Devices SafeBootNet: AppMgmt - C:\WINDOWS\System32\appmgmts.dll File not found SafeBootNet: Base - Driver Group SafeBootNet: Boot Bus Extender - Driver Group SafeBootNet: Boot file system - Driver Group SafeBootNet: File system - Driver Group SafeBootNet: Filter - Driver Group SafeBootNet: NDIS Wrapper - Driver Group SafeBootNet: NetBIOSGroup - Driver Group SafeBootNet: NetDDEGroup - Driver Group SafeBootNet: Network - Driver Group SafeBootNet: NetworkProvider - Driver Group SafeBootNet: PCI Configuration - Driver Group SafeBootNet: PNP Filter - Driver Group SafeBootNet: PNP_TDI - Driver Group SafeBootNet: Primary disk - Driver Group SafeBootNet: SCSI Class - Driver Group SafeBootNet: sermouse.sys - Driver SafeBootNet: Streams Drivers - Driver Group SafeBootNet: System Bus Extender - Driver Group SafeBootNet: TDI - Driver Group SafeBootNet: vga.sys - Driver SafeBootNet: WdfLoadGroup - SafeBootNet: {36FC9E60-C465-11CF-8056-444553540000} - Universal Serial Bus controllers SafeBootNet: {4D36E965-E325-11CE-BFC1-08002BE10318} - CD-ROM Drive SafeBootNet: {4D36E967-E325-11CE-BFC1-08002BE10318} - DiskDrive SafeBootNet: {4D36E969-E325-11CE-BFC1-08002BE10318} - Standard floppy disk controller SafeBootNet: {4D36E96A-E325-11CE-BFC1-08002BE10318} - Hdc SafeBootNet: {4D36E96B-E325-11CE-BFC1-08002BE10318} - Keyboard SafeBootNet: {4D36E96F-E325-11CE-BFC1-08002BE10318} - Mouse SafeBootNet: {4D36E972-E325-11CE-BFC1-08002BE10318} - Net SafeBootNet: {4D36E973-E325-11CE-BFC1-08002BE10318} - NetClient SafeBootNet: {4D36E974-E325-11CE-BFC1-08002BE10318} - NetService SafeBootNet: {4D36E975-E325-11CE-BFC1-08002BE10318} - NetTrans SafeBootNet: {4D36E977-E325-11CE-BFC1-08002BE10318} - PCMCIA Adapters SafeBootNet: {4D36E97B-E325-11CE-BFC1-08002BE10318} - SCSIAdapter SafeBootNet: {4D36E97D-E325-11CE-BFC1-08002BE10318} - System SafeBootNet: {4D36E980-E325-11CE-BFC1-08002BE10318} - Floppy disk drive SafeBootNet: {71A27CDD-812A-11D0-BEC7-08002BE2092F} - Volume SafeBootNet: {745A17A0-74D3-11D0-B6FE-00A0C90F57DA} - Human Interface Devices ActiveX: {08B0E5C0-4FCB-11CF-AAA5-00401C608500} - Microsoft VM ActiveX: {10072CEC-8CC1-11D1-986E-00A0C955B42F} - Vektorgrafik-Rendering (VML) ActiveX: {2179C5D3-EBFF-11CF-B6FD-00AA00B4E220} - NetShow ActiveX: {22d6f312-b0f6-11d0-94ab-0080c74c7e95} - Microsoft Windows Media Player 6.4 ActiveX: {283807B5-2C60-11D0-A31D-00AA00B92C03} - DirectAnimation ActiveX: {2C7339CF-2B09-4501-B3F3-F3508C9228ED} - %SystemRoot%\system32\regsvr32.exe /s /n /i:/UserInstall %SystemRoot%\system32\themeui.dll ActiveX: {2D2427CF-28FB-4E40-B655-7D62FA8B1CDA} - DirectAnimation ActiveX: {36f8ec70-c29a-11d1-b5c7-0000f8051515} - Dynamic HTML-Datenbindung für Java ActiveX: {3af36230-a269-11d1-b5bf-0000f8051515} - Offline Browsing Pack ActiveX: {3bf42070-b3b1-11d1-b5c5-0000f8051515} - Uniscribe ActiveX: {4278c270-a269-11d1-b5bf-0000f8051515} - Erweitertes Authoring ActiveX: {44BBA840-CC51-11CF-AAFA-00AA00B6015C} - "%ProgramFiles%\Outlook Express\setup50.exe" /APP:OE /CALLER:WINNT /user /install ActiveX: {44BBA842-CC51-11CF-AAFA-00AA00B6015B} - rundll32.exe advpack.dll,LaunchINFSection C:\WINDOWS\INF\msnetmtg.inf,NetMtg.Install.PerUser.NT ActiveX: {44BBA848-CC51-11CF-AAFA-00AA00B6015C} - DirectShow ActiveX: {44BBA855-CC51-11CF-AAFA-00AA00B6015F} - DirectDrawEx ActiveX: {45ea75a0-a269-11d1-b5bf-0000f8051515} - Internet Explorer Help ActiveX: {4f216970-c90c-11d1-b5c7-0000f8051515} - DirectAnimation Java Classes ActiveX: {4f645220-306d-11d2-995d-00c04f98bbc9} - Microsoft Windows Script 5.7 ActiveX: {5945c046-1e7d-11d1-bc44-00c04fd912be} - rundll32.exe advpack.dll,LaunchINFSection C:\WINDOWS\INF\msmsgs.inf,BLC.QuietInstall.PerUser ActiveX: {5A8D6EE0-3E18-11D0-821E-444553540000} - ICW ActiveX: {5fd399c0-a70a-11d1-9948-00c04f98bbc9} - Internet Explorer Setup Tools ActiveX: {630b1da0-b465-11d1-9948-00c04f98bbc9} - Browsing Enhancements ActiveX: {6BF52A52-394A-11d3-B153-00C04F79FAA6} - Microsoft Windows Media Player ActiveX: {6fab99d0-bab8-11d1-994a-00c04f98bbc9} - MSN Site Access ActiveX: {7131646D-CD3C-40F4-97B9-CD9E4E6262EF} - .NET Framework ActiveX: {7790769C-0471-11d2-AF11-00C04FA35D02} - "%ProgramFiles%\Outlook Express\setup50.exe" /APP:WAB /CALLER:WINNT /user /install ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4340} - regsvr32.exe /s /n /i:U shell32.dll ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4383} - C:\WINDOWS\system32\ie4uinit.exe -BaseSettings ActiveX: {89B4C1CD-B018-4511-B0A1-5476DBF70820} - c:\WINDOWS\system32\Rundll32.exe c:\WINDOWS\system32\mscories.dll,Install ActiveX: {9381D8F2-0288-11D0-9501-00AA00B911A5} - Dynamic HTML Data Binding ActiveX: {ACC563BC-4266-43f0-B6ED-9D38C4202C7E} - ActiveX: {C09FB3CD-3D0C-3F2D-899A-6A1D67F2073F} - .NET Framework ActiveX: {C9E9A340-D1F1-11D0-821E-444553540600} - Internet Explorer Core Fonts ActiveX: {CC2A9BA0-3BDD-11D0-821E-444553540000} - Taskplaner ActiveX: {CDD7975E-60F8-41d5-8149-19E51D6F71D0} - Windows Movie Maker v2.1 ActiveX: {D27CDB6E-AE6D-11cf-96B8-444553540000} - Adobe Flash Player ActiveX: {de5aed00-a4bf-11d1-9948-00c04f98bbc9} - HTML Help ActiveX: {E92B03AB-B707-11d2-9CBD-0000F87A369E} - Active Directory Service Interface ActiveX: <{12d0ed0d-0ee0-4f90-8827-78cefb8f4988} - C:\WINDOWS\system32\ieudinit.exe ActiveX: >{22d6f312-b0f6-11d0-94ab-0080c74c7e95} - C:\WINDOWS\inf\unregmp2.exe /ShowWMP ActiveX: >{26923b43-4d38-484f-9b9e-de460746276c} - C:\WINDOWS\system32\ie4uinit.exe -UserIconConfig ActiveX: >{60B49E34-C7CC-11D0-8953-00A0C90347FF} - "C:\WINDOWS\system32\rundll32.exe" "C:\WINDOWS\system32\iedkcs32.dll",BrandIEActiveSetup SIGNUP ActiveX: >{881dd1c5-3dcf-431b-b061-f3f88e8be88a} - %systemroot%\system32\shmgrate.exe OCInstallUserConfigOE Drivers32: msacm.ac3acm - C:\WINDOWS\System32\AC3ACM.acm (fccHandler) Drivers32: msacm.alf2cd - C:\WINDOWS\System32\alf2cd.acm (NCT Company) Drivers32: msacm.iac2 - C:\WINDOWS\system32\iac25_32.ax (Intel Corporation) Drivers32: msacm.l3acm - C:\WINDOWS\system32\l3codeca.acm (Fraunhofer Institut Integrierte Schaltungen IIS) Drivers32: msacm.scg726 - C:\WINDOWS\System32\Scg726.acm (SHARP Corporation) Drivers32: msacm.sl_anet - C:\WINDOWS\System32\sl_anet.acm (Sipro Lab Telecom Inc.) Drivers32: msacm.trspch - C:\WINDOWS\System32\tssoft32.acm (DSP GROUP, INC.) Drivers32: msacm.voxacm160 - C:\WINDOWS\System32\vct3216.acm (Voxware, Inc.) Drivers32: MSVideo8 - C:\WINDOWS\System32\vfwwdm32.dll (Microsoft Corporation) Drivers32: vidc.cvid - C:\WINDOWS\System32\iccvid.dll (Radius Inc.) Drivers32: vidc.DIVX - C:\WINDOWS\System32\divx.dll (DivXNetworks, Inc.) Drivers32: vidc.dvsd - C:\WINDOWS\System32\mcdvd_32.dll (MainConcept) Drivers32: vidc.iv31 - C:\WINDOWS\System32\ir32_32.dll () Drivers32: vidc.iv32 - C:\WINDOWS\System32\ir32_32.dll () Drivers32: vidc.iv41 - C:\WINDOWS\System32\ir41_32.ax (Intel Corporation) Drivers32: vidc.iv50 - C:\WINDOWS\System32\ir50_32.dll (Intel Corporation) Drivers32: vidc.xvid - C:\WINDOWS\System32\xvidvfw.dll () CREATERESTOREPOINT Restore point Set: OTL Restore Point (16902053519425536) ========== Files/Folders - Created Within 30 Days ========== [2010.10.27 21:49:10 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\yyyyyyyy xxxxxxxx\Anwendungsdaten\SUPERAntiSpyware.com [2010.10.27 21:49:10 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\SUPERAntiSpyware.com [2010.10.27 21:49:00 | 000,000,000 | ---D | C] -- C:\Programme\SUPERAntiSpyware [2010.10.25 21:55:24 | 000,000,000 | ---D | C] -- C:\WINDOWS\Minidump [2010.10.25 21:47:23 | 000,000,000 | ---D | C] -- C:\WINDOWS\ERDNT [2010.10.25 21:46:44 | 000,000,000 | ---D | C] -- C:\Programme\ERUNT [2010.10.24 20:32:49 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\yyyyyyyy xxxxxxxx\Anwendungsdaten\Malwarebytes [2010.10.24 20:32:31 | 000,038,224 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbamswissarmy.sys [2010.10.24 20:32:30 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Malwarebytes [2010.10.24 20:32:27 | 000,020,952 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbam.sys [2010.10.24 20:32:26 | 000,000,000 | ---D | C] -- C:\Programme\Malwarebytes' Anti-Malware [2010.10.24 20:30:46 | 000,000,000 | ---D | C] -- C:\Programme\7-Zip [2010.10.24 20:29:01 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\All Users\Desktop\MFtools [2010.10.23 21:11:58 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\LocalService\Anwendungsdaten\McAfee [2010.10.08 20:46:14 | 000,000,000 | ---D | C] -- C:\Programme\IrfanView [2010.10.08 18:47:06 | 000,000,000 | -HSD | C] -- C:\Config.Msi [2010.10.01 20:39:50 | 000,000,000 | R--D | C] -- C:\Dokumente und Einstellungen\yyyyyyyy xxxxxxxx\Eigene Dateien\Eigene Videos [2010.10.01 20:37:58 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\yyyyyyyy xxxxxxxx\Anwendungsdaten\AVSMedia [2010.10.01 20:37:40 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\AVS4YOU [2010.10.01 20:36:09 | 000,000,000 | ---D | C] -- C:\Programme\Gemeinsame Dateien\AVSMedia [2010.10.01 20:35:59 | 001,700,352 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\GdiPlus.dll [2010.10.01 20:35:59 | 000,638,976 | ---- | C] (DivXNetworks, Inc.) -- C:\WINDOWS\System32\divx.dll [2010.10.01 20:35:59 | 000,221,215 | ---- | C] (DivXNetworks, Inc.) -- C:\WINDOWS\System32\divxdec.ax [2010.10.01 20:35:59 | 000,024,576 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\msxml3a.dll [2010.10.01 20:35:58 | 000,261,632 | ---- | C] (MainConcept) -- C:\WINDOWS\System32\mcdvd_32.dll [2010.10.01 20:35:58 | 000,082,944 | ---- | C] (Voxware, Inc.) -- C:\WINDOWS\System32\vct3216.acm [2010.10.01 20:35:58 | 000,081,920 | ---- | C] (fccHandler) -- C:\WINDOWS\System32\AC3ACM.acm [2010.10.01 20:35:58 | 000,038,912 | ---- | C] (NCT Company) -- C:\WINDOWS\System32\alf2cd.acm [2010.10.01 20:35:58 | 000,013,239 | ---- | C] (SHARP Corporation) -- C:\WINDOWS\System32\Scg726.acm ========== Files - Modified Within 30 Days ========== [2010.10.28 20:29:01 | 000,001,088 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineUA.job [2010.10.28 20:08:34 | 000,001,044 | ---- | M] () -- C:\WINDOWS\tasks\Google Software Updater.job [2010.10.28 19:34:03 | 000,001,084 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineCore.job [2010.10.28 19:33:50 | 066,927,822 | ---- | M] () -- C:\WINDOWS\System32\drivers\Avg\incavi.avm [2010.10.28 19:28:59 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat [2010.10.28 19:28:56 | 1063,702,528 | -HS- | M] () -- C:\hiberfil.sys [2010.10.27 21:49:04 | 000,001,642 | ---- | M] () -- C:\Dokumente und Einstellungen\All Users\Desktop\SUPERAntiSpyware Free Edition.lnk [2010.10.27 19:54:34 | 000,001,158 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl [2010.10.25 21:47:07 | 000,000,747 | ---- | M] () -- C:\Dokumente und Einstellungen\yyyyyyyy xxxxxxxx\Startmenü\Programme\Autostart\ERUNT AutoBackup.lnk [2010.10.25 21:46:52 | 000,000,591 | ---- | M] () -- C:\Dokumente und Einstellungen\yyyyyyyy xxxxxxxx\Desktop\NTREGOPT.lnk [2010.10.25 21:46:52 | 000,000,572 | ---- | M] () -- C:\Dokumente und Einstellungen\yyyyyyyy xxxxxxxx\Desktop\ERUNT.lnk [2010.10.25 21:38:52 | 000,000,000 | ---- | M] () -- C:\Dokumente und Einstellungen\yyyyyyyy xxxxxxxx\defogger_reenable [2010.10.24 20:32:34 | 000,000,676 | ---- | M] () -- C:\Dokumente und Einstellungen\All Users\Desktop\Malwarebytes' Anti-Malware.lnk [2010.10.24 20:29:20 | 000,050,477 | ---- | M] () -- C:\Dokumente und Einstellungen\yyyyyyyy xxxxxxxx\Desktop\defogger.exe [2010.10.24 20:29:19 | 000,286,404 | ---- | M] () -- C:\Dokumente und Einstellungen\yyyyyyyy xxxxxxxx\Desktop\Gmer.zip [2010.10.24 19:56:38 | 000,020,480 | ---- | M] () -- C:\Dokumente und Einstellungen\yyyyyyyy xxxxxxxx\Eigene Dateien\Antrag xyxysysy.doc [2010.10.19 16:00:00 | 000,294,912 | ---- | M] () -- C:\Dokumente und Einstellungen\yyyyyyyy xxxxxxxx\Desktop\gmer.exe [2010.10.18 15:56:00 | 000,023,040 | ---- | M] () -- C:\Dokumente und Einstellungen\yyyyyyyy xxxxxxxx\Desktop\Gartenaktion Liebe Bären.doc [2010.10.16 12:40:26 | 000,054,156 | -H-- | M] () -- C:\WINDOWS\QTFont.qfn [2010.10.14 20:43:07 | 003,734,304 | ---- | M] () -- C:\WINDOWS\System32\FNTCACHE.DAT [2010.10.14 19:55:15 | 000,001,393 | ---- | M] () -- C:\WINDOWS\imsins.BAK [2010.10.11 15:33:21 | 000,000,116 | ---- | M] () -- C:\WINDOWS\NeroDigital.ini [2010.10.08 20:46:19 | 000,001,537 | ---- | M] () -- C:\Dokumente und Einstellungen\yyyyyyyy xxxxxxxx\Desktop\IrfanView Thumbnails.lnk [2010.10.08 20:46:19 | 000,000,665 | ---- | M] () -- C:\Dokumente und Einstellungen\yyyyyyyy xxxxxxxx\Desktop\IrfanView.lnk [2010.10.08 20:12:04 | 002,107,349 | ---- | M] () -- C:\Dokumente und Einstellungen\yyyyyyyy xxxxxxxx\Eigene Dateien\zzzzzzzzz_Entwicklungsbericht_Nr3_geaendert-2.jpg [2010.10.08 20:10:48 | 003,944,282 | ---- | M] () -- C:\Dokumente und Einstellungen\yyyyyyyy xxxxxxxx\Eigene Dateien\zzzzzzzzz_Entwicklungsbericht_Nr3_geaendert-1.jpg [2010.10.08 20:08:10 | 001,147,302 | ---- | M] () -- C:\Dokumente und Einstellungen\yyyyyyyy xxxxxxxx\Eigene Dateien\zzzzzzzzz_Entwicklungsbericht_Nr3_geaendert.pdf [2010.10.08 19:56:24 | 001,454,080 | ---- | M] () -- C:\Dokumente und Einstellungen\yyyyyyyy xxxxxxxx\Eigene Dateien\zzzzzzzzz_Entwicklungsbericht_Nr3_geaendert.doc [2010.10.08 18:48:00 | 000,001,709 | ---- | M] () -- C:\Dokumente und Einstellungen\All Users\Desktop\Adobe Reader 8.lnk [2010.10.06 17:46:06 | 000,449,044 | ---- | M] () -- C:\WINDOWS\System32\perfh007.dat [2010.10.06 17:46:06 | 000,432,690 | ---- | M] () -- C:\WINDOWS\System32\perfh009.dat [2010.10.06 17:46:06 | 000,080,306 | ---- | M] () -- C:\WINDOWS\System32\perfc007.dat [2010.10.06 17:46:06 | 000,067,646 | ---- | M] () -- C:\WINDOWS\System32\perfc009.dat [2010.10.05 20:48:19 | 000,092,160 | ---- | M] () -- C:\Dokumente und Einstellungen\yyyyyyyy xxxxxxxx\Lokale Einstellungen\Anwendungsdaten\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini [2010.10.01 20:47:03 | 002,940,932 | ---- | M] () -- C:\Dokumente und Einstellungen\yyyyyyyy xxxxxxxx\Eigene Dateien\Video0020_NEW.mpg [2010.09.28 21:23:37 | 000,001,887 | ---- | M] () -- C:\Dokumente und Einstellungen\All Users\Desktop\Google Earth.lnk ========== Files Created - No Company Name ========== [2010.10.27 21:49:04 | 000,001,642 | ---- | C] () -- C:\Dokumente und Einstellungen\All Users\Desktop\SUPERAntiSpyware Free Edition.lnk [2010.10.25 21:49:46 | 000,294,912 | ---- | C] () -- C:\Dokumente und Einstellungen\yyyyyyyy xxxxxxxx\Desktop\gmer.exe [2010.10.25 21:47:07 | 000,000,747 | ---- | C] () -- C:\Dokumente und Einstellungen\yyyyyyyy xxxxxxxx\Startmenü\Programme\Autostart\ERUNT AutoBackup.lnk [2010.10.25 21:46:52 | 000,000,591 | ---- | C] () -- C:\Dokumente und Einstellungen\yyyyyyyy xxxxxxxx\Desktop\NTREGOPT.lnk [2010.10.25 21:46:52 | 000,000,572 | ---- | C] () -- C:\Dokumente und Einstellungen\yyyyyyyy xxxxxxxx\Desktop\ERUNT.lnk [2010.10.25 21:38:52 | 000,000,000 | ---- | C] () -- C:\Dokumente und Einstellungen\yyyyyyyy xxxxxxxx\defogger_reenable [2010.10.24 20:32:34 | 000,000,676 | ---- | C] () -- C:\Dokumente und Einstellungen\All Users\Desktop\Malwarebytes' Anti-Malware.lnk [2010.10.24 20:29:20 | 000,050,477 | ---- | C] () -- C:\Dokumente und Einstellungen\yyyyyyyy xxxxxxxx\Desktop\defogger.exe [2010.10.24 20:29:15 | 000,286,404 | ---- | C] () -- C:\Dokumente und Einstellungen\yyyyyyyy xxxxxxxx\Desktop\Gmer.zip [2010.10.24 19:56:38 | 000,020,480 | ---- | C] () -- C:\Dokumente und Einstellungen\yyyyyyyy xxxxxxxx\Eigene Dateien\Antrag Adoptionsanerkennung.doc [2010.10.12 14:34:54 | 000,023,040 | ---- | C] () -- C:\Dokumente und Einstellungen\yyyyyyyy xxxxxxxx\Desktop\Gartenaktion Liebe Bären.doc [2010.10.08 20:46:19 | 000,001,537 | ---- | C] () -- C:\Dokumente und Einstellungen\yyyyyyyy xxxxxxxx\Desktop\IrfanView Thumbnails.lnk [2010.10.08 20:46:19 | 000,000,665 | ---- | C] () -- C:\Dokumente und Einstellungen\yyyyyyyy xxxxxxxx\Desktop\IrfanView.lnk [2010.10.08 20:11:57 | 002,107,349 | ---- | C] () -- C:\Dokumente und Einstellungen\yyyyyyyy xxxxxxxx\Eigene Dateien\zzzzzzzzz_Entwicklungsbericht_Nr3_geaendert-2.jpg [2010.10.08 20:10:38 | 003,944,282 | ---- | C] () -- C:\Dokumente und Einstellungen\yyyyyyyy xxxxxxxx\Eigene Dateien\zzzzzzzzz_Entwicklungsbericht_Nr3_geaendert-1.jpg [2010.10.08 20:08:04 | 001,147,302 | ---- | C] () -- C:\Dokumente und Einstellungen\yyyyyyyy xxxxxxxx\Eigene Dateien\zzzzzzzzz_Entwicklungsbericht_Nr3_geaendert.pdf [2010.10.08 19:55:10 | 001,454,080 | ---- | C] () -- C:\Dokumente und Einstellungen\yyyyyyyy xxxxxxxx\Eigene Dateien\zzzzzzzzz_Entwicklungsbericht_Nr3_geaendert.doc [2010.10.01 20:46:45 | 002,940,932 | ---- | C] () -- C:\Dokumente und Einstellungen\yyyyyyyy xxxxxxxx\Eigene Dateien\Video0020_NEW.mpg [2010.10.01 20:35:59 | 000,156,910 | ---- | C] () -- C:\WINDOWS\WMSysPr8.prx [2010.10.01 20:35:59 | 000,139,264 | ---- | C] () -- C:\WINDOWS\System32\xvidvfw.dll [2010.10.01 20:35:59 | 000,053,248 | ---- | C] () -- C:\WINDOWS\System32\xvid.ax [2010.10.01 20:35:58 | 000,524,288 | ---- | C] () -- C:\WINDOWS\System32\xvidcore.dll [2010.09.28 21:23:37 | 000,001,887 | ---- | C] () -- C:\Dokumente und Einstellungen\All Users\Desktop\Google Earth.lnk [2010.07.03 20:36:07 | 000,000,760 | ---- | C] () -- C:\Dokumente und Einstellungen\yyyyyyyy xxxxxxxx\Anwendungsdaten\setup_ldm.iss [2010.05.13 13:01:01 | 000,002,892 | ---- | C] () -- C:\WINDOWS\System32\audcon.sys [2010.04.08 23:13:33 | 000,037,223 | ---- | C] () -- C:\Dokumente und Einstellungen\yyyyyyyy xxxxxxxx\Anwendungsdaten\dBase.ADR [2010.04.08 22:50:38 | 000,037,249 | ---- | C] () -- C:\Dokumente und Einstellungen\yyyyyyyy xxxxxxxx\Anwendungsdaten\Kommagetrennte Werte (Windows).ADR [2010.04.08 21:46:23 | 000,022,836 | ---- | C] () -- C:\Dokumente und Einstellungen\yyyyyyyy xxxxxxxx\Anwendungsdaten\Microsoft Access.ADR [2010.04.07 21:15:01 | 000,110,592 | ---- | C] () -- C:\WINDOWS\System32\FsUsbExDevice.Dll [2010.04.07 21:15:01 | 000,036,640 | ---- | C] () -- C:\WINDOWS\System32\FsUsbExDisk.Sys [2010.04.07 21:14:41 | 000,002,528 | ---- | C] () -- C:\Dokumente und Einstellungen\yyyyyyyy xxxxxxxx\Anwendungsdaten\$_hpcst$.hpc [2009.08.24 14:03:38 | 000,368,015 | ---- | C] () -- C:\Dokumente und Einstellungen\yyyyyyyy xxxxxxxx\Anwendungsdaten\mdbu.bin [2009.07.14 21:07:18 | 000,000,118 | ---- | C] () -- C:\WINDOWS\System32\MRT.INI [2009.04.26 22:15:23 | 000,000,116 | ---- | C] () -- C:\WINDOWS\NeroDigital.ini [2009.04.26 19:50:33 | 000,001,747 | ---- | C] () -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\QTSBandwidthCache [2009.04.11 20:07:32 | 000,000,045 | ---- | C] () -- C:\WINDOWS\mfggbCameras.ini [2009.04.09 21:04:00 | 000,000,000 | ---- | C] () -- C:\WINDOWS\PROTOCOL.INI [2009.02.01 22:20:54 | 000,230,784 | R--- | C] () -- C:\WINDOWS\System32\drivers\U6000ALL.sys [2009.01.20 23:12:29 | 000,001,081 | ---- | C] () -- C:\WINDOWS\vtplus32.ini [2009.01.20 23:12:25 | 000,000,030 | ---- | C] () -- C:\WINDOWS\System32\UNWISE.INI [2009.01.20 23:11:37 | 000,065,536 | ---- | C] () -- C:\WINDOWS\System32\dmcrypto.dll [2009.01.20 23:11:02 | 000,159,744 | ---- | C] () -- C:\WINDOWS\System32\hcwChDB.dll [2009.01.20 23:10:24 | 000,006,391 | ---- | C] () -- C:\WINDOWS\HCWPNP.INI [2009.01.20 23:02:10 | 000,000,000 | ---- | C] () -- C:\WINDOWS\graphedt.INI [2009.01.20 22:59:02 | 000,363,520 | ---- | C] () -- C:\WINDOWS\System32\PsisDecd.dll [2009.01.18 21:19:28 | 000,092,160 | ---- | C] () -- C:\Dokumente und Einstellungen\yyyyyyyy xxxxxxxx\Lokale Einstellungen\Anwendungsdaten\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini [2009.01.18 15:42:22 | 000,000,510 | ---- | C] () -- C:\WINDOWS\ODBC.INI [2009.01.17 22:30:36 | 000,001,520 | ---- | C] () -- C:\WINDOWS\System32\yyyyyyyy xxxxxxxx_KBD.ini [2008.12.18 17:13:02 | 000,000,061 | ---- | C] () -- C:\WINDOWS\smscfg.ini [2008.11.03 23:21:17 | 000,000,416 | ---- | C] () -- C:\WINDOWS\System32\oeminfo.ini [2008.11.03 23:20:53 | 000,016,961 | ---- | C] () -- C:\WINDOWS\Resdux.dll [2008.11.03 15:54:04 | 000,001,522 | ---- | C] () -- C:\WINDOWS\System32\MagicKBD.INI [2008.11.03 15:54:04 | 000,001,520 | ---- | C] () -- C:\WINDOWS\System32\Besitzer_KBD.ini [2008.11.03 15:54:02 | 000,001,857 | ---- | C] () -- C:\WINDOWS\System32\KBDUU.INI [2008.11.03 15:54:02 | 000,001,835 | ---- | C] () -- C:\WINDOWS\System32\KBDA.INI [2008.11.03 15:54:02 | 000,001,697 | ---- | C] () -- C:\WINDOWS\System32\KBDV.INI [2008.11.03 15:54:01 | 000,003,425 | ---- | C] () -- C:\WINDOWS\System32\KBDR.INI [2008.11.03 15:54:01 | 000,002,741 | ---- | C] () -- C:\WINDOWS\System32\KBDD.INI [2008.11.03 15:54:01 | 000,002,699 | ---- | C] () -- C:\WINDOWS\System32\KBDO.INI [2008.11.03 15:54:01 | 000,002,699 | ---- | C] () -- C:\WINDOWS\System32\KBDC.INI [2008.11.03 15:54:01 | 000,002,606 | ---- | C] () -- C:\WINDOWS\System32\KBDB.INI [2008.11.03 15:54:01 | 000,002,236 | ---- | C] () -- C:\WINDOWS\System32\KBDQ.INI [2008.11.03 15:54:01 | 000,001,956 | ---- | C] () -- C:\WINDOWS\System32\KBDE.INI [2008.11.03 15:54:01 | 000,001,885 | ---- | C] () -- C:\WINDOWS\System32\KBDP.INI [2008.11.03 15:54:01 | 000,001,835 | ---- | C] () -- C:\WINDOWS\System32\KBDG.INI [2008.11.03 15:54:01 | 000,001,834 | ---- | C] () -- C:\WINDOWS\System32\KBDU.INI [2008.11.03 15:54:01 | 000,001,819 | ---- | C] () -- C:\WINDOWS\System32\KBDN.INI [2008.11.03 15:54:01 | 000,001,699 | ---- | C] () -- C:\WINDOWS\System32\KBDT.INI [2008.11.03 15:54:01 | 000,001,522 | ---- | C] () -- C:\WINDOWS\System32\KBDS.INI [2008.11.03 15:54:01 | 000,001,476 | ---- | C] () -- C:\WINDOWS\System32\KBDF.INI [2008.11.03 15:51:47 | 000,000,135 | R--- | C] () -- C:\WINDOWS\System32\lngEng.ini [2008.11.03 15:51:47 | 000,000,117 | ---- | C] () -- C:\WINDOWS\System32\lngKor.ini [2008.11.03 15:48:26 | 000,147,456 | ---- | C] () -- C:\WINDOWS\System32\igfxCoIn_v4926.dll [2008.11.03 15:45:46 | 000,004,300 | ---- | C] () -- C:\WINDOWS\System32\MEMIO.SYS [2008.11.03 15:34:04 | 000,004,161 | ---- | C] () -- C:\WINDOWS\ODBCINST.INI [2007.10.25 17:26:10 | 000,005,632 | ---- | C] () -- C:\WINDOWS\System32\drivers\StarOpen.sys [2007.08.16 15:17:50 | 000,143,360 | ---- | C] () -- C:\WINDOWS\System32\nsldap32v50.dll [2007.06.08 20:12:12 | 000,262,144 | ---- | C] () -- C:\WINDOWS\System32\GTTunerCard.dll [2007.04.03 12:59:54 | 006,148,096 | ---- | C] () -- C:\WINDOWS\System32\dzcore.dll [2006.12.05 17:07:16 | 000,032,256 | ---- | C] () -- C:\WINDOWS\System32\dzbryce6.dll [2006.12.05 17:00:56 | 000,180,224 | ---- | C] () -- C:\WINDOWS\System32\dzwrapper.dll [2006.11.20 18:25:16 | 001,343,488 | ---- | C] () -- C:\WINDOWS\System32\daz-qsa.dll [2006.11.20 18:25:02 | 004,984,832 | ---- | C] () -- C:\WINDOWS\System32\daz-qt-mt.dll [2005.12.21 16:57:04 | 000,024,576 | ---- | C] () -- C:\WINDOWS\System32\nsldappr32v50.dll [2005.12.21 16:54:34 | 000,040,960 | ---- | C] () -- C:\WINDOWS\System32\nsldapssl32v50.dll [2004.07.29 03:19:46 | 000,175,104 | ---- | C] () -- C:\WINDOWS\System32\lame_enc.dll [2003.06.28 15:34:20 | 000,069,707 | ---- | C] () -- C:\WINDOWS\System32\DISP_OPT1.dll [2002.06.06 02:01:58 | 000,029,696 | ---- | C] () -- C:\WINDOWS\System32\asutl8.dll [2001.10.28 17:42:30 | 000,116,224 | ---- | C] () -- C:\WINDOWS\System32\pdfcmnnt.dll [1999.04.30 01:00:00 | 000,065,536 | ---- | C] () -- C:\WINDOWS\System32\MSRTEDIT.DLL ========== LOP Check ========== [2010.04.18 21:08:53 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\AVG Security Toolbar [2010.04.18 21:05:17 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\avg9 [2010.05.13 12:54:51 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\eLicenser [2009.08.12 22:33:45 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\fotobuch.de AG [2009.11.06 23:47:34 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\OptiTex [2010.04.07 21:25:06 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\PC Suite [2010.09.01 22:39:50 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\regid.1986-12.com.adobe [2009.03.03 20:52:17 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Roni Music [2009.08.24 13:46:08 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Rossmann Fotoservice [2010.04.09 21:54:57 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Samsung [2010.03.30 20:56:46 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\StarMoney 7.0 [2010.05.13 13:01:52 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Steinberg [2010.05.13 13:01:02 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Syncrosoft [2010.05.06 21:49:01 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Topten Software [2008.11.03 15:49:09 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\WLAN [2010.04.23 21:33:34 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\yyyyyyyy xxxxxxxx\Anwendungsdaten\Anvil Studio [2010.10.01 20:42:54 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\yyyyyyyy xxxxxxxx\Anwendungsdaten\AVSMedia [2010.08.13 23:12:08 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\yyyyyyyy xxxxxxxx\Anwendungsdaten\chc.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1 [2009.05.06 20:47:06 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\yyyyyyyy xxxxxxxx\Anwendungsdaten\CoSoSys [2010.05.01 13:21:00 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\yyyyyyyy xxxxxxxx\Anwendungsdaten\DarkWave Studio [2009.11.06 23:37:01 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\yyyyyyyy xxxxxxxx\Anwendungsdaten\DAZ 3D [2009.08.12 22:33:41 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\yyyyyyyy xxxxxxxx\Anwendungsdaten\fotobuch.de AG [2010.09.18 21:18:35 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\yyyyyyyy xxxxxxxx\Anwendungsdaten\FRITZ! [2009.01.23 22:14:45 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\yyyyyyyy xxxxxxxx\Anwendungsdaten\ImageMatics [2010.07.03 20:36:21 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\yyyyyyyy xxxxxxxx\Anwendungsdaten\Leadertech [2009.01.18 22:22:44 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\yyyyyyyy xxxxxxxx\Anwendungsdaten\MSNInstaller [2010.04.07 21:24:55 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\yyyyyyyy xxxxxxxx\Anwendungsdaten\PC Suite [2009.03.03 20:48:37 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\yyyyyyyy xxxxxxxx\Anwendungsdaten\Roni Music [2010.04.09 21:54:09 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\yyyyyyyy xxxxxxxx\Anwendungsdaten\Samsung [2010.08.16 23:54:32 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\yyyyyyyy xxxxxxxx\Anwendungsdaten\StageManager.BD092818F67280F4B42B04877600987F0111B594.1 [2010.05.13 13:13:04 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\yyyyyyyy xxxxxxxx\Anwendungsdaten\Steinberg [2010.05.28 21:33:02 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\yyyyyyyy xxxxxxxx\Anwendungsdaten\SynthFont [2010.04.28 22:29:49 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\yyyyyyyy xxxxxxxx\Anwendungsdaten\Topten Software [2010.02.13 22:41:06 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\yyyyyyyy xxxxxxxx\Anwendungsdaten\uk.co.planetside [2010.05.13 13:13:04 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\yyyyyyyy xxxxxxxx\Anwendungsdaten\VST3 Presets ========== Purity Check ========== ========== Custom Scans ========== < %ALLUSERSPROFILE%\Application Data\*. > < %ALLUSERSPROFILE%\Application Data\*.exe /s > < %APPDATA%\*. > [2010.08.14 23:09:35 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\yyyyyyyy xxxxxxxx\Anwendungsdaten\Adobe [2010.08.16 23:54:32 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\yyyyyyyy xxxxxxxx\Anwendungsdaten\Adobe Mini Bridge CS5 [2009.04.19 21:47:20 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\yyyyyyyy xxxxxxxx\Anwendungsdaten\Ahead [2010.04.23 21:33:34 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\yyyyyyyy xxxxxxxx\Anwendungsdaten\Anvil Studio [2009.04.26 19:50:39 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\yyyyyyyy xxxxxxxx\Anwendungsdaten\Apple Computer [2010.10.01 20:42:54 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\yyyyyyyy xxxxxxxx\Anwendungsdaten\AVSMedia [2010.08.13 23:12:08 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\yyyyyyyy xxxxxxxx\Anwendungsdaten\chc.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1 [2009.01.21 22:46:12 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\yyyyyyyy xxxxxxxx\Anwendungsdaten\Corel [2009.05.06 20:47:06 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\yyyyyyyy xxxxxxxx\Anwendungsdaten\CoSoSys [2010.05.01 13:21:00 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\yyyyyyyy xxxxxxxx\Anwendungsdaten\DarkWave Studio [2009.11.06 23:37:01 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\yyyyyyyy xxxxxxxx\Anwendungsdaten\DAZ 3D [2009.04.05 21:20:35 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\yyyyyyyy xxxxxxxx\Anwendungsdaten\dvdcss [2009.08.12 22:33:41 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\yyyyyyyy xxxxxxxx\Anwendungsdaten\fotobuch.de AG [2010.09.18 21:18:35 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\yyyyyyyy xxxxxxxx\Anwendungsdaten\FRITZ! [2009.01.17 16:06:59 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\yyyyyyyy xxxxxxxx\Anwendungsdaten\Google [2010.04.24 23:31:34 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\yyyyyyyy xxxxxxxx\Anwendungsdaten\Help [2008.11.03 15:41:36 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\yyyyyyyy xxxxxxxx\Anwendungsdaten\Identities [2009.01.23 22:14:45 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\yyyyyyyy xxxxxxxx\Anwendungsdaten\ImageMatics [2008.11.03 15:49:44 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\yyyyyyyy xxxxxxxx\Anwendungsdaten\InstallShield [2010.07.03 20:36:21 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\yyyyyyyy xxxxxxxx\Anwendungsdaten\Leadertech [2010.07.03 20:36:36 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\yyyyyyyy xxxxxxxx\Anwendungsdaten\Logitech [2010.10.27 21:26:44 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\yyyyyyyy xxxxxxxx\Anwendungsdaten\Macromedia [2010.10.24 20:32:49 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\yyyyyyyy xxxxxxxx\Anwendungsdaten\Malwarebytes [2010.02.18 20:43:38 | 000,000,000 | --SD | M] -- C:\Dokumente und Einstellungen\yyyyyyyy xxxxxxxx\Anwendungsdaten\Microsoft [2009.01.18 15:36:12 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\yyyyyyyy xxxxxxxx\Anwendungsdaten\Microsoft Web Folders [2009.01.18 21:57:07 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\yyyyyyyy xxxxxxxx\Anwendungsdaten\Mozilla [2009.01.18 22:22:44 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\yyyyyyyy xxxxxxxx\Anwendungsdaten\MSNInstaller [2010.09.22 21:06:25 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\yyyyyyyy xxxxxxxx\Anwendungsdaten\Nero [2010.04.07 21:24:55 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\yyyyyyyy xxxxxxxx\Anwendungsdaten\PC Suite [2009.03.03 20:48:37 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\yyyyyyyy xxxxxxxx\Anwendungsdaten\Roni Music [2010.04.09 21:54:09 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\yyyyyyyy xxxxxxxx\Anwendungsdaten\Samsung [2010.10.27 21:25:12 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\yyyyyyyy xxxxxxxx\Anwendungsdaten\Skype [2010.04.01 23:17:20 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\yyyyyyyy xxxxxxxx\Anwendungsdaten\skypePM [2010.08.16 23:54:32 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\yyyyyyyy xxxxxxxx\Anwendungsdaten\StageManager.BD092818F67280F4B42B04877600987F0111B594.1 [2010.05.13 13:13:04 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\yyyyyyyy xxxxxxxx\Anwendungsdaten\Steinberg [2009.01.26 20:59:17 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\yyyyyyyy xxxxxxxx\Anwendungsdaten\Sun [2010.10.27 21:49:10 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\yyyyyyyy xxxxxxxx\Anwendungsdaten\SUPERAntiSpyware.com [2010.05.28 21:33:02 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\yyyyyyyy xxxxxxxx\Anwendungsdaten\SynthFont [2010.04.28 22:29:49 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\yyyyyyyy xxxxxxxx\Anwendungsdaten\Topten Software [2010.10.24 21:19:03 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\yyyyyyyy xxxxxxxx\Anwendungsdaten\U3 [2010.02.13 22:41:06 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\yyyyyyyy xxxxxxxx\Anwendungsdaten\uk.co.planetside [2009.01.18 23:25:34 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\yyyyyyyy xxxxxxxx\Anwendungsdaten\vlc [2010.05.13 13:13:04 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\yyyyyyyy xxxxxxxx\Anwendungsdaten\VST3 Presets [2010.05.03 22:11:03 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\yyyyyyyy xxxxxxxx\Anwendungsdaten\WinRAR < %APPDATA%\*.exe /s > [2010.07.03 20:36:13 | 000,053,248 | R--- | M] (Acresso Software Inc.) -- C:\Dokumente und Einstellungen\yyyyyyyy xxxxxxxx\Anwendungsdaten\Microsoft\Installer\{3EE9BCAE-E9A9-45E5-9B1C-83A4D357E05C}\ARPPRODUCTICON.exe [2010.02.13 22:26:08 | 000,004,710 | R--- | M] () -- C:\Dokumente und Einstellungen\yyyyyyyy xxxxxxxx\Anwendungsdaten\Microsoft\Installer\{CCEB53A5-A252-4CF3-8602-429AB06BF0AE}\_18be6784.exe [2010.02.13 22:26:08 | 000,004,710 | R--- | M] () -- C:\Dokumente und Einstellungen\yyyyyyyy xxxxxxxx\Anwendungsdaten\Microsoft\Installer\{CCEB53A5-A252-4CF3-8602-429AB06BF0AE}\_294823.exe [2009.01.18 22:22:53 | 000,827,368 | ---- | M] (Microsoft Corporation) -- C:\Dokumente und Einstellungen\yyyyyyyy xxxxxxxx\Anwendungsdaten\MSNInstaller\msnauins.exe [2006.09.01 15:53:32 | 000,110,592 | ---- | M] () -- C:\Dokumente und Einstellungen\yyyyyyyy xxxxxxxx\Anwendungsdaten\U3\temp\cleanup.exe [2006.10.04 14:21:22 | 003,072,000 | -H-- | M] (SanDisk Corporation) -- C:\Dokumente und Einstellungen\yyyyyyyy xxxxxxxx\Anwendungsdaten\U3\temp\Launchpad Removal.exe < %SYSTEMDRIVE%\*.exe > < MD5 for: AGP440.SYS > [2008.04.14 14:00:00 | 020,108,202 | ---- | M] () .cab file -- C:\WINDOWS\Driver Cache\i386\sp3.cab:AGP440.sys [2008.04.14 14:00:00 | 020,108,202 | ---- | M] () .cab file -- C:\WINDOWS\I386\sp3.cab:AGP440.sys < MD5 for: ATAPI.SYS > [2008.04.14 14:00:00 | 020,108,202 | ---- | M] () .cab file -- C:\WINDOWS\Driver Cache\i386\sp3.cab:atapi.sys [2008.04.14 14:00:00 | 020,108,202 | ---- | M] () .cab file -- C:\WINDOWS\I386\sp3.cab:atapi.sys [2008.04.14 01:10:32 | 000,096,512 | ---- | M] (Microsoft Corporation) MD5=9F3A2F5AA6875C72BF062C712CFA2674 -- C:\WINDOWS\system32\dllcache\atapi.sys [2008.04.14 01:10:32 | 000,096,512 | ---- | M] (Microsoft Corporation) MD5=9F3A2F5AA6875C72BF062C712CFA2674 -- C:\WINDOWS\system32\drivers\atapi.sys [2008.04.14 14:00:00 | 000,096,512 | ---- | M] (Microsoft Corporation) MD5=9F3A2F5AA6875C72BF062C712CFA2674 -- C:\WINDOWS\system32\ReinstallBackups\0003\DriverFiles\i386\atapi.sys < MD5 for: EVENTLOG.DLL > [2008.04.14 14:00:00 | 000,056,320 | ---- | M] (Microsoft Corporation) MD5=04955AA695448C181B367D964AF158AA -- C:\WINDOWS\system32\dllcache\eventlog.dll [2008.04.14 14:00:00 | 000,056,320 | ---- | M] (Microsoft Corporation) MD5=04955AA695448C181B367D964AF158AA -- C:\WINDOWS\system32\eventlog.dll < MD5 for: EXPLORER.EXE > [2008.04.14 14:00:00 | 001,036,800 | ---- | M] (Microsoft Corporation) MD5=418045A93CD87A352098AB7DABE1B53E -- C:\WINDOWS\explorer.exe [2008.04.14 14:00:00 | 001,036,800 | ---- | M] (Microsoft Corporation) MD5=418045A93CD87A352098AB7DABE1B53E -- C:\WINDOWS\system32\dllcache\explorer.exe < MD5 for: NETLOGON.DLL > [2008.04.14 14:00:00 | 000,407,040 | ---- | M] (Microsoft Corporation) MD5=0098D35F91DEAB9C127360A877F2CF84 -- C:\WINDOWS\system32\dllcache\netlogon.dll [2008.04.14 14:00:00 | 000,407,040 | ---- | M] (Microsoft Corporation) MD5=0098D35F91DEAB9C127360A877F2CF84 -- C:\WINDOWS\system32\netlogon.dll < MD5 for: SCECLI.DLL > [2008.04.14 14:00:00 | 000,187,904 | ---- | M] (Microsoft Corporation) MD5=5132443DF6FC3771A17AB4AE55DCBC28 -- C:\WINDOWS\system32\dllcache\scecli.dll [2008.04.14 14:00:00 | 000,187,904 | ---- | M] (Microsoft Corporation) MD5=5132443DF6FC3771A17AB4AE55DCBC28 -- C:\WINDOWS\system32\scecli.dll < MD5 for: USER32.DLL > [2008.04.14 14:00:00 | 000,580,096 | ---- | M] (Microsoft Corporation) MD5=B0050CC5340E3A0760DD8B417FF7AEBD -- C:\WINDOWS\system32\dllcache\user32.dll [2008.04.14 14:00:00 | 000,580,096 | ---- | M] (Microsoft Corporation) MD5=B0050CC5340E3A0760DD8B417FF7AEBD -- C:\WINDOWS\system32\user32.dll < MD5 for: USERINIT.EXE > [2008.04.14 14:00:00 | 000,026,624 | ---- | M] (Microsoft Corporation) MD5=788F95312E26389D596C0FA55834E106 -- C:\WINDOWS\system32\dllcache\userinit.exe [2008.04.14 14:00:00 | 000,026,624 | ---- | M] (Microsoft Corporation) MD5=788F95312E26389D596C0FA55834E106 -- C:\WINDOWS\system32\userinit.exe < MD5 for: WINLOGON.EXE > [2008.04.14 14:00:00 | 000,513,024 | ---- | M] (Microsoft Corporation) MD5=F09A527B422E25C478E38CAA0E44417A -- C:\WINDOWS\system32\dllcache\winlogon.exe [2008.04.14 14:00:00 | 000,513,024 | ---- | M] (Microsoft Corporation) MD5=F09A527B422E25C478E38CAA0E44417A -- C:\WINDOWS\system32\winlogon.exe < MD5 for: WS2IFSL.SYS > [2008.04.14 14:00:00 | 000,012,032 | ---- | M] (Microsoft Corporation) MD5=6ABE6E225ADB5A751622A9CC3BC19CE8 -- C:\WINDOWS\system32\dllcache\ws2ifsl.sys [2008.04.14 14:00:00 | 000,012,032 | ---- | M] (Microsoft Corporation) MD5=6ABE6E225ADB5A751622A9CC3BC19CE8 -- C:\WINDOWS\system32\drivers\ws2ifsl.sys < %systemroot%\system32\drivers\*.sys /lockedfiles > < %systemroot%\System32\config\*.sav > [2008.11.03 16:32:46 | 000,094,208 | ---- | M] () -- C:\WINDOWS\system32\config\default.sav [2008.11.03 16:32:46 | 001,069,056 | ---- | M] () -- C:\WINDOWS\system32\config\software.sav [2008.11.03 16:32:45 | 000,438,272 | ---- | M] () -- C:\WINDOWS\system32\config\system.sav < %systemroot%\*. /mp /s > < %systemroot%\system32\*.dll /lockedfiles > < End of report > |
|
28.10.2010, 20:26
| #5 |
| /// Malware-holic | MSN.DE / XING /HOTMAIL NICHT ERREICHBAR; MBAM meldet trojan.amber bitte erstelle und poste ein combofix log. Ein Leitfaden und Tutorium zur Nutzung von ComboFix |
|
28.10.2010, 21:28
| #6 | |
| | MSN.DE / XING /HOTMAIL NICHT ERREICHBAR; MBAM meldet trojan.amberZitat:
ich habe combofix gerade laufen lassen. Problem: während der Anzeige der Fertigstellungsstufen (es war bei ca. Stufe 50), bin ich kurz weggegangen. Als ich wiederkam, war der Bildschirmschoner an. Nach neuanmeldung als Administrator kam die Windows-Fehlermeldung, ob ich einen Fehlerbericht an Microsoft senden will, combofix ist wie es aussieht abgestürzt. Was soll ich tun, nochmal neu aufrufen ? Vielen Dank im voraus für deine Mühe !!! |
|
29.10.2010, 11:11
| #7 |
| /// Malware-holic | MSN.DE / XING /HOTMAIL NICHT ERREICHBAR; MBAM meldet trojan.amber wie siehts aus wenn du im abgesicherten modus startest? sollte bei pc start mit f8 zu erreichen sein, nicht den abgesicherten mit netzwerk, sondern den ohne. dort combofix versuchen |
|
29.10.2010, 20:14
| #8 |
| | MSN.DE / XING /HOTMAIL NICHT ERREICHBAR; MBAM meldet trojan.amber Hallo markusg, das hat was gebracht, im abgesicherten modus ist es gegangen. Ich habe allerdings nach dem neu Hochfahren durch combofix eine Meldung zu meiner Finanzsoftware Starmoney erhalten, das Profilverzeichnis würde für Starmoney update fehlen. Ansonsten ist eine Combofix.txt entstanden: ComboFix 10-10-27.A3 - xxxxxxxxxxx xxxxxxxxxxx 29.10.2010 20:31:08.2.2 - x86 MINIMAL Microsoft Windows XP Home Edition 5.1.2600.3.1252.49.1031.18.1014.690 [GMT 2:00] ausgeführt von:: C:\Dokumente und Einstellungen\xxxxxxxxxxx xxxxxxxxxxx\Desktop\ComboFix.exe AV: AVG Anti-Virus Free *On-access scanning disabled* (Updated) {17DDD097-36FF-435F-9E1B-52D74245D6BF} . (((((((((((((((((((((((((((((((((((( Weitere Löschungen )))))))))))))))))))))))))))))))))))))))))))))))) . C:\WINDOWS\Resdux.dll C:\WINDOWS\SEC C:\WINDOWS\SEC\DelMt.cmd C:\WINDOWS\SEC\JRE150.exe C:\WINDOWS\SEC\Marker.exe C:\WINDOWS\SEC\MEMIO.sys C:\WINDOWS\SEC\MEMIO.vxd C:\WINDOWS\SEC\MP10GER.exe C:\WINDOWS\SEC\SECINSTALL.EXE C:\WINDOWS\SEC\SECINSTALL.INI C:\WINDOWS\SEC\StartMem.exe C:\WINDOWS\Serpop.exe C:\WINDOWS\system32\Thumbs.db . ((((((((((((((((((((((((((((((((((((((( Treiber/Dienste ))))))))))))))))))))))))))))))))))))))))))))))))) . -------\Legacy_ACPI32 -------\Legacy_NETSIK ((((((((((((((((((((((( Dateien erstellt von 2010-09-28 bis 2010-10-29 )))))))))))))))))))))))))))))) . 2010-10-29 18:20:06 . 2010-10-29 18:21:11 -------- d-----w- C:\Dokumente und Einstellungen\Administrator 2010-10-27 19:49:10 . 2010-10-27 19:49:10 -------- d-----w- C:\Dokumente und Einstellungen\xxxxxxxxxxx xxxxxxxxxxx\Anwendungsdaten\SUPERAntiSpyware.com 2010-10-27 19:49:10 . 2010-10-27 19:49:10 -------- d-----w- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\SUPERAntiSpyware.com 2010-10-27 19:49:00 . 2010-10-27 19:49:19 -------- d-----w- C:\Programme\SUPERAntiSpyware 2010-10-26 08:30:14 . 2010-10-26 08:30:14 -------- d-----w- C:\Dokumente und Einstellungen\LocalService\Startmenü 2010-10-25 19:46:44 . 2010-10-25 19:47:07 -------- d-----w- C:\Programme\ERUNT 2010-10-24 18:32:49 . 2010-10-24 18:32:49 -------- d-----w- C:\Dokumente und Einstellungen\xxxxxxxxxxx xxxxxxxxxxx\Anwendungsdaten\Malwarebytes 2010-10-24 18:32:31 . 2010-04-29 13:39:38 38224 ----a-w- C:\WINDOWS\system32\drivers\mbamswissarmy.sys 2010-10-24 18:32:30 . 2010-10-24 18:32:30 -------- d-----w- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Malwarebytes 2010-10-24 18:32:27 . 2010-04-29 13:39:26 20952 ----a-w- C:\WINDOWS\system32\drivers\mbam.sys 2010-10-24 18:32:26 . 2010-10-24 18:32:36 -------- d-----w- C:\Programme\Malwarebytes' Anti-Malware 2010-10-24 18:30:46 . 2010-10-24 18:30:47 -------- d-----w- C:\Programme\7-Zip 2010-10-23 19:11:58 . 2010-10-23 19:11:58 -------- d-----w- C:\Dokumente und Einstellungen\LocalService\Anwendungsdaten\McAfee 2010-10-08 18:46:14 . 2010-10-08 18:51:43 -------- d-----w- C:\Programme\IrfanView 2010-10-01 18:37:58 . 2010-10-01 18:42:54 -------- d-----w- C:\Dokumente und Einstellungen\xxxxxxxxxxx xxxxxxxxxxx\Anwendungsdaten\AVSMedia 2010-10-01 18:37:40 . 2010-10-01 18:37:40 -------- d-----w- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\AVS4YOU 2010-10-01 18:36:09 . 2010-10-24 17:59:57 -------- d-----w- C:\Programme\Gemeinsame Dateien\AVSMedia 2010-10-01 18:35:59 . 2007-02-27 17:36:14 1700352 ----a-w- C:\WINDOWS\system32\GdiPlus.dll 2010-10-01 18:35:59 . 2007-02-27 17:36:12 24576 ----a-w- C:\WINDOWS\system32\msxml3a.dll 2010-10-01 18:35:59 . 2007-02-27 17:36:08 638976 ----a-w- C:\WINDOWS\system32\divx.dll 2010-10-01 18:35:59 . 2007-02-27 17:36:08 53248 ----a-w- C:\WINDOWS\system32\xvid.ax 2010-10-01 18:35:59 . 2007-02-27 17:36:08 221215 ----a-w- C:\WINDOWS\system32\divxdec.ax 2010-10-01 18:35:59 . 2007-02-27 17:36:08 139264 ----a-w- C:\WINDOWS\system32\xvidvfw.dll 2010-10-01 18:35:58 . 2007-02-27 17:36:08 82944 ----a-w- C:\WINDOWS\system32\vct3216.acm 2010-10-01 18:35:58 . 2007-02-27 17:36:08 81920 ----a-w- C:\WINDOWS\system32\AC3ACM.acm 2010-10-01 18:35:58 . 2007-02-27 17:36:08 524288 ----a-w- C:\WINDOWS\system32\xvidcore.dll 2010-10-01 18:35:58 . 2007-02-27 17:36:08 38912 ----a-w- C:\WINDOWS\system32\alf2cd.acm 2010-10-01 18:35:58 . 2007-02-27 17:36:08 261632 ----a-w- C:\WINDOWS\system32\mcdvd_32.dll 2010-10-01 18:35:58 . 2007-02-27 17:36:08 13239 ----a-w- C:\WINDOWS\system32\Scg726.acm . (((((((((((((((((((((((((((((((((((( Find3M Bericht )))))))))))))))))))))))))))))))))))))))))))))))))))))) . 2010-09-18 10:22:58 . 2008-11-03 21:20:53 974848 ----a-w- C:\WINDOWS\system32\mfc42u.dll 2010-09-18 06:52:56 . 2008-11-03 21:20:53 974848 ------w- C:\WINDOWS\system32\mfc42.dll 2010-09-18 06:52:56 . 2008-11-03 21:20:53 954368 ----a-w- C:\WINDOWS\system32\mfc40.dll 2010-09-18 06:52:56 . 2008-11-03 21:20:53 953856 ----a-w- C:\WINDOWS\system32\mfc40u.dll 2010-09-10 05:47:58 . 2008-11-03 21:21:04 916480 ----a-w- C:\WINDOWS\system32\wininet.dll 2010-09-10 05:47:49 . 2008-11-03 21:20:52 43520 ----a-w- C:\WINDOWS\system32\licmgr10.dll 2010-09-10 05:47:49 . 2008-11-03 21:20:51 1469440 ------w- C:\WINDOWS\system32\inetcpl.cpl 2010-09-01 11:50:43 . 2008-11-03 21:20:44 285824 ----a-w- C:\WINDOWS\system32\atmfd.dll 2010-09-01 07:54:46 . 2008-11-03 21:21:04 1852928 ----a-w- C:\WINDOWS\system32\win32k.sys 2010-08-27 08:01:37 . 2008-11-03 21:21:03 119808 ----a-w- C:\WINDOWS\system32\t2embed.dll 2010-08-27 05:57:36 . 2008-11-03 21:21:02 99840 ----a-w- C:\WINDOWS\system32\srvsvc.dll 2010-08-27 01:43:50 . 2008-05-05 05:25:10 5632 ----a-w- C:\WINDOWS\system32\xpsp4res.dll 2010-08-26 13:39:50 . 2008-11-03 21:21:02 357248 ----a-w- C:\WINDOWS\system32\drivers\srv.sys 2010-08-23 16:11:49 . 2008-11-03 21:20:46 617472 ----a-w- C:\WINDOWS\system32\comctl32.dll 2010-08-17 13:17:06 . 2008-11-03 21:21:02 58880 ----a-w- C:\WINDOWS\system32\spoolsv.exe 2010-08-16 08:44:05 . 2008-11-03 21:20:57 590848 ----a-w- C:\WINDOWS\system32\rpcrt4.dll . (((((((((((((((((((((((((((( Autostartpunkte der Registrierung )))))))))))))))))))))))))))))))))))))))) . . *Hinweis* leere Einträge & legitime Standardeinträge werden nicht angezeigt. REGEDIT4 [HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\URLSearchHooks] "{A3BC75A2-1F87-4686-AA43-5347D756017C}"= "C:\Programme\AVG\AVG9\Toolbar\IEToolbar.dll" [2010-10-06 09:31:46 2475336] [HKEY_CLASSES_ROOT\clsid\{a3bc75a2-1f87-4686-aa43-5347d756017c}] [HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{A3BC75A2-1F87-4686-AA43-5347D756017C}] 2010-10-06 09:31:46 2475336 ----a-w- C:\Programme\AVG\AVG9\Toolbar\IEToolbar.dll [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar] "{CCC7A320-B3CA-4199-B1A6-9F516DD69829}"= "C:\Programme\AVG\AVG9\Toolbar\IEToolbar.dll" [2010-10-06 09:31:46 2475336] [HKEY_CLASSES_ROOT\clsid\{ccc7a320-b3ca-4199-b1a6-9f516dd69829}] [HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\Webbrowser] "{CCC7A320-B3CA-4199-B1A6-9F516DD69829}"= "C:\Programme\AVG\AVG9\Toolbar\IEToolbar.dll" [2010-10-06 09:31:46 2475336] [HKEY_CLASSES_ROOT\clsid\{ccc7a320-b3ca-4199-b1a6-9f516dd69829}] [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "OM2_Monitor"="C:\Programme\OLYMPUS\OLYMPUS Master 2\MMonitor.exe" [2007-09-04 12:52:08 95536] "swg"="C:\Programme\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2009-01-17 14:06:49 39408] "BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}"="C:\Programme\Gemeinsame Dateien\Ahead\Lib\NMBgMonitor.exe" [2006-11-16 17:04:20 139264] "AutoStartNPSAgent"="C:\Programme\Samsung\Samsung New PC Studio\NPSAgent.exe" [2010-03-31 13:46:06 95576] "SUPERAntiSpyware"="C:\Programme\SUPERAntiSpyware\SUPERAntiSpyware.exe" [2010-10-25 18:46:59 2424560] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "RTHDCPL"="RTHDCPL.EXE" [2008-08-26 20:51:00 16851456] "EDS"="C:\Programme\Samsung\Samsung EDS\EDSAgent.exe" [2007-12-20 19:40:30 659456] "IgfxTray"="C:\WINDOWS\system32\igfxtray.exe" [2008-02-28 22:00:20 141848] "HotKeysCmds"="C:\WINDOWS\system32\hkcmd.exe" [2008-02-28 22:00:04 166424] "Persistence"="C:\WINDOWS\system32\igfxpers.exe" [2008-02-28 22:00:14 137752] "SynTPEnh"="C:\Programme\Synaptics\SynTP\SynTPEnh.exe" [2008-08-28 18:34:52 1044480] "DMHotKey"="C:\Programme\Samsung\Easy Display Manager\DMLoader.exe" [2006-12-27 14:45:42 466944] "BatteryManager"="C:\Programme\Samsung\Samsung Battery Manager\BatteryManager.exe" [2008-10-20 09:32:54 2768896] "MagicKeyboard"="C:\Programme\SAMSUNG\MagicKBD\PreMKBD.exe" [2006-05-14 18:00:24 151552] "QuickTime Task"="C:\Programme\QuickTime\qttask.exe" [2006-09-01 13:57:48 282624] "Google Quick Search Box"="C:\Programme\Google\Quick Search Box\GoogleQuickSearchBox.exe" [2009-04-10 18:01:13 68592] "NeroFilterCheck"="C:\Programme\Gemeinsame Dateien\Ahead\Lib\NeroCheck.exe" [2006-01-12 13:40:44 155648] "AVG9_TRAY"="C:\PROGRA~1\AVG\AVG9\avgtray.exe" [2010-10-05 15:31:53 2067808] "Adobe Reader Speed Launcher"="C:\Programme\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2010-09-24 09:15:10 40368] "Adobe ARM"="C:\Programme\Gemeinsame Dateien\Adobe\ARM\1.0\AdobeARM.exe" [2010-09-21 18:37:40 932288] "Kernel and Hardware Abstraction Layer"="KHALMNPR.EXE" [2008-02-29 01:12:38 76304] "AdobeAAMUpdater-1.0"="C:\Programme\Gemeinsame Dateien\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe" [2010-03-06 01:44:40 500208] "SwitchBoard"="C:\Programme\Gemeinsame Dateien\Adobe\SwitchBoard\SwitchBoard.exe" [2010-02-19 11:37:14 517096] "AdobeCS5ServiceManager"="C:\Programme\Gemeinsame Dateien\Adobe\CS5ServiceManager\CS5ServiceManager.exe" [2010-07-22 20:10:47 402432] "SunJavaUpdateSched"="C:\Programme\Gemeinsame Dateien\Java\Java Update\jusched.exe" [2010-05-14 09:44:46 248552] "NBKeyScan"="C:\Programme\Nero\Nero BackItUp 4\NBKeyScan.exe" [2008-09-24 11:57:18 2254120] [HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run] "CTFMON.EXE"="C:\WINDOWS\system32\CTFMON.EXE" [2008-04-14 12:00:00 15360] C:\Dokumente und Einstellungen\xxxxxxxxxxx xxxxxxxxxxx\Startmen\Programme\Autostart\ ERUNT AutoBackup.lnk - C:\Programme\ERUNT\AUTOBACK.EXE [2005-10-20 38912] Mozilla Firefox (2).lnk - C:\Programme\Mozilla Firefox\firefox.exe [2009-1-18 912344] Outlook Express.lnk - C:\Programme\Outlook Express\msimn.exe [2008-11-3 60416] C:\Dokumente und Einstellungen\All Users\Startmen\Programme\Autostart\ Logitech SetPoint.lnk - C:\Programme\Logitech\SetPoint\SetPoint.exe [2010-7-3 805392] [hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks] "{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= "C:\Programme\SUPERAntiSpyware\SASSEH.DLL" [2008-05-13 17:13:36 77824] [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\!SASWinLogon] 2009-09-03 22:21:41 548352 ----a-w- C:\Programme\SUPERAntiSpyware\SASWINLO.DLL [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\avgrsstarter] 2010-07-15 18:29:03 12536 ----a-w- C:\WINDOWS\system32\avgrsstx.dll [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\LBTWlgn] 2008-05-02 00:42:30 72208 ----a-w- c:\Programme\Gemeinsame Dateien\Logishrd\Bluetooth\LBTWLgn.dll [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WdfLoadGroup] @="" [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run-] "OM2_Monitor"="C:\Programme\OLYMPUS\OLYMPUS Master 2\FirstStart.exe" /OM [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List] "C:\\WINDOWS\\system32\\dpvsetup.exe"= "C:\\WINDOWS\\system32\\sessmgr.exe"= "C:\\Programme\\Bonjour\\mDNSResponder.exe"= "C:\\WINDOWS\\Network Diagnostic\\xpnetdiag.exe"= "C:\\Programme\\FRITZ!DSL\\IGDCTRL.EXE"= "C:\\Programme\\FRITZ!DSL\\FBOXUPD.EXE"= "C:\\Programme\\FRITZ!DSL\\WebwaIgd.exe"= "C:\\Programme\\Messenger\\msmsgs.exe"= "C:\\Programme\\Skype\\Phone\\Skype.exe"= R1 AvgLdx86;AVG Free AVI Loader Driver x86;C:\WINDOWS\system32\drivers\avgldx86.sys [18.04.2010 21:06:03 216400] R1 AvgTdiX;AVG Free Network Redirector;C:\WINDOWS\system32\drivers\avgtdix.sys [18.04.2010 21:06:14 243024] R1 SASDIFSV;SASDIFSV;C:\Programme\SUPERAntiSpyware\sasdifsv.sys [17.02.2010 20:25:48 12872] R1 SASKUTIL;SASKUTIL;C:\Programme\SUPERAntiSpyware\SASKUTIL.SYS [10.05.2010 20:41:30 67656] R2 avg9wd;AVG Free WatchDog;C:\Programme\AVG\AVG9\avgwdsvc.exe [15.07.2010 20:28:51 308136] R2 DOSMEMIO;MEMIO;C:\WINDOWS\system32\MEMIO.SYS [03.11.2008 15:45:46 4300] R2 EPGService;EPGService;C:\PROGRA~1\WinTV\EPG Services\System\EPGService.exe [20.01.2009 23:12:24 431104] R2 FsUsbExService;FsUsbExService;C:\WINDOWS\system32\FsUsbExService.Exe [07.04.2010 21:15:01 222568] R2 IGDCTRL;AVM IGD CTRL Service;C:\Programme\FRITZ!DSL\IGDCTRL.EXE [28.07.2009 16:07:42 73528] R2 SNM WLAN Service;SNM WLAN Service;C:\Programme\Samsung\Samsung Network Manager\SNMWLANService.exe [30.10.2006 15:29:28 36864] R3 DNSeFilter;DNSeFilter;C:\WINDOWS\system32\drivers\SamsungEDS.SYS [14.01.2008 20:01:02 30208] R3 FsUsbExDisk;FsUsbExDisk;C:\WINDOWS\system32\FsUsbExDisk.Sys [07.04.2010 21:15:01 36640] R3 VMC326;Vimicro Camera Service VMC326;C:\WINDOWS\system32\drivers\VMC326.sys [03.11.2008 15:49:47 238464] S2 gupdate;Google Update Service (gupdate);C:\Programme\Google\Update\GoogleUpdate.exe [08.01.2010 16:59:41 135664] S2 StarMoney 7.0 OnlineUpdate;StarMoney 7.0 OnlineUpdate;C:\Programme\StarMoney 7.0 S-Edition\ouservice\StarMoneyOnlineUpdate.exe [27.05.2010 23:49:04 541192] S3 AVG Security Toolbar Service;AVG Security Toolbar Service;C:\Programme\AVG\AVG9\Toolbar\ToolbarBroker.exe [26.10.2010 10:30:15 517448] S3 BEHRINGER_2902;usb-audio.de driver for BEHRINGER USB AUDIO;C:\WINDOWS\system32\drivers\BUSB2902.sys [15.06.2010 22:59:40 384576] S3 BUSB_AUDIO_WDM;BEHRINGER USB WDM AUDIO;C:\WINDOWS\system32\drivers\busbwdm.sys [15.06.2010 23:00:08 39488] S3 HauppaugeTVServer;HauppaugeTVServer;C:\PROGRA~1\WinTV\HCWTVS~1.EXE [20.01.2009 23:11:25 815104] S3 hcw95bda;Hauppauge MOD7700 Tuner Driver;C:\WINDOWS\system32\drivers\hcw95bda.sys [20.01.2009 22:59:12 487424] S3 hcw95rc;Hauppauge MOD7700 IR Driver;C:\WINDOWS\system32\drivers\hcw95rc.sys [20.01.2009 22:59:12 15488] S3 SUEPD;SUE NDIS Protocol Driver;C:\WINDOWS\system32\drivers\SUE_PD.sys [30.10.2006 15:29:28 19840] S3 SwitchBoard;SwitchBoard;C:\Programme\Gemeinsame Dateien\Adobe\SwitchBoard\SwitchBoard.exe [19.02.2010 13:37:14 517096] S3 U6000ALL;U6000 TV Box(ALL);C:\WINDOWS\system32\drivers\U6000ALL.sys [01.02.2009 22:20:54 230784] . Inhalt des "geplante Tasks" Ordners 2010-10-29 C:\WINDOWS\Tasks\Google Software Updater.job - C:\Programme\Google\Common\Google Updater\GoogleUpdaterService.exe [2009-01-17 14:06:47 . 2009-03-22 19:05:46] 2010-10-29 C:\WINDOWS\Tasks\GoogleUpdateTaskMachineCore.job - C:\Programme\Google\Update\GoogleUpdate.exe [2010-01-08 14:59:41 . 2010-01-08 14:59:29] 2010-10-29 C:\WINDOWS\Tasks\GoogleUpdateTaskMachineUA.job - C:\Programme\Google\Update\GoogleUpdate.exe [2010-01-08 14:59:41 . 2010-01-08 14:59:29] . . ------- Zusätzlicher Suchlauf ------- . uStart Page = hxxp://www.google.de/webhp?sourceid=navclient&hl=de&ie=UTF-8 uSearchMigratedDefaultURL = hxxp://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:en-US&ie=utf8&oe=utf8 uInternet Settings,ProxyOverride = *.local uSearchAssistant = hxxp://www.google.com/ie uSearchURL,(Default) = hxxp://www.google.com/search?q=%s IE: Google Sidewiki... - C:\Programme\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_950DF09FAB501E03.dll/cmsidewiki.html Handler: avgsecuritytoolbar - {F2DDE6B2-9684-4A55-86D4-E255E237B77C} - C:\Programme\AVG\AVG9\Toolbar\IEToolbar.dll FF - ProfilePath - C:\Dokumente und Einstellungen\xxxxxxxxxxx xxxxxxxxxxx\Anwendungsdaten\Mozilla\Firefox\Profiles\qyp9pp4c.default\ FF - prefs.js: browser.startup.homepage - hxxp://news.google.de/nwshp?hl=de&tab=wn FF - component: C:\Programme\AVG\AVG9\Firefox\components\avgssff.dll FF - component: C:\Programme\AVG\AVG9\Toolbar\Firefox\avg@igeared\components\IGeared_tavgp_xputils2.dll FF - component: C:\Programme\AVG\AVG9\Toolbar\Firefox\avg@igeared\components\IGeared_tavgp_xputils3.dll FF - component: C:\Programme\AVG\AVG9\Toolbar\Firefox\avg@igeared\components\IGeared_tavgp_xputils35.dll FF - component: C:\Programme\AVG\AVG9\Toolbar\Firefox\avg@igeared\components\xpavgtbapi.dll FF - plugin: C:\Programme\Google\Google Earth\plugin\npgeplugin.dll FF - plugin: C:\Programme\Google\Google Updater\2.4.1536.6592\npCIDetect13.dll FF - plugin: C:\Programme\Google\Update\1.2.183.39\npGoogleOneClick8.dll FF - plugin: C:\Programme\Java\jre6\bin\new_plugin\npdeployJava1.dll FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\ ---- FIREFOX Richtlinien ---- C:\Programme\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgbaam7a8h", true); C:\Programme\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--fiqz9s", true); // Traditional C:\Programme\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--fiqs8s", true); // Simplified C:\Programme\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--j6w193g", true); C:\Programme\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgberp4a5d4ar", true); C:\Programme\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgberp4a5d4a87g", true); C:\Programme\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgbqly7c0a67fbc", true); C:\Programme\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgbqly7cvafr", true); C:\Programme\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--kpry57d", true); // Traditional C:\Programme\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--kprw13d", true); // Simplified C:\Programme\Mozilla Firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled", false); . - - - - Entfernte verwaiste Registrierungseinträge - - - - HKCU-Run-AdobeBridge - (no file) HKLM-Run-NPSStartup - (no file) HKU-Default-Run-FRITZ!protect - FwebProt.exe AddRemove-01_Simmental - C:\Programme\Samsung\USB Drivers\01_Simmental\Uninstall.exe AddRemove-02_Siberian - C:\Programme\Samsung\USB Drivers\02_Siberian\Uninstall.exe AddRemove-03_Swallowtail - C:\Programme\Samsung\USB Drivers\03_Swallowtail\Uninstall.exe AddRemove-04_semseyite - C:\Programme\Samsung\USB Drivers\04_semseyite\Uninstall.exe AddRemove-05_Sloan - C:\Programme\Samsung\USB Drivers\05_Sloan\Uninstall.exe AddRemove-06_Spencer - C:\Programme\Samsung\USB Drivers\06_Spencer\Uninstall.exe AddRemove-07_Schorl - C:\Programme\Samsung\USB Drivers\07_Schorl\Uninstall.exe AddRemove-08_EMPChipset - C:\Programme\Samsung\USB Drivers\08_EMPChipset\Uninstall.exe AddRemove-09_Hsp - C:\Programme\Samsung\USB Drivers\09_Hsp\Uninstall.exe AddRemove-11_HSP_Plus_Default - C:\Programme\Samsung\USB Drivers\11_HSP_Plus_Default\Uninstall.exe AddRemove-16_Shrewsbury - C:\Programme\Samsung\USB Drivers\16_Shrewsbury\Uninstall.exe AddRemove-17_EMP_Chipset2 - C:\Programme\Samsung\USB Drivers\17_EMP_Chipset2\Uninstall.exe AddRemove-18_Zinia_Serial_Driver - C:\Programme\Samsung\USB Drivers\18_Zinia_Serial_Driver\Uninstall.exe AddRemove-19_VIA_driver - C:\Programme\Samsung\USB Drivers\19_VIA_driver\Uninstall.exe AddRemove-20_NXP_Driver - C:\Programme\Samsung\USB Drivers\20_NXP_Driver\Uninstall.exe bis bald, Rinaldobachi |
|
29.10.2010, 20:32
| #9 |
| /// Malware-holic | MSN.DE / XING /HOTMAIL NICHT ERREICHBAR; MBAM meldet trojan.amber hi öffne den arbeitsplatz, dort c: dann rechtsklick auf qoobox, und zu qoobox.rar oder zip hinzufügen, das archiv hochladen. dateiupload: http://www.trojaner-board.de/54791-a...ner-board.html dann starte mal neu. öffne star money und prüfe ob es funktioniert, auch die update funktion. schaue auch ob du die inet seiten wieder aufrufen kannst. |
|
29.10.2010, 20:58
| #10 |
| | MSN.DE / XING /HOTMAIL NICHT ERREICHBAR; MBAM meldet trojan.amber Hallo, es kommt in der Statuszeile endlos "Senden der Anfrage an upload.trojaner-board.de", nichts tut sich :-( |
|
29.10.2010, 21:02
| #11 |
| | MSN.DE / XING /HOTMAIL NICHT ERREICHBAR; MBAM meldet trojan.amber Die finanzsoftware lässt sich trotz der Meldung über das fehlende Profilverzeichnis öffnen, aber AVG meldet nach beenden der Software 4oder 5 tracing-cookies wie z.B. Adtiger |
|
30.10.2010, 09:59
| #12 |
| /// Malware-holic | MSN.DE / XING /HOTMAIL NICHT ERREICHBAR; MBAM meldet trojan.amber ok dann lads hier hoch: File-Upload.net und sende mir den link. ok die update funtktion sollte aber schon funktionieren, evtl. die finanz software noch mal neu instalieren, vorher natürlich deinstalieren. weis nicht ob du da evtl. wichtige daten sichern musst vorher? |
|
30.10.2010, 20:01
| #13 |
| | MSN.DE / XING /HOTMAIL NICHT ERREICHBAR; MBAM meldet trojan.amber Ich habs heute nochmal probiert, beim upload tat sich nix, drum den File Hoster link von dir verwendet. Die Datei ist zu finden unter: File-Upload.net - Qoobox.7z viele Grüße |
|
30.10.2010, 20:03
| #14 |
| /// Malware-holic | MSN.DE / XING /HOTMAIL NICHT ERREICHBAR; MBAM meldet trojan.amber ne ich brauch schon den link. da gibts ja auch ne file nummer :-) also einfach den download link als private nachicht an mich! |
|
30.10.2010, 20:12
| #15 |
| | MSN.DE / XING /HOTMAIL NICHT ERREICHBAR; MBAM meldet trojan.amber hab dir grad eine private nachricht geschickt, bitte kurz bestätigen, ich hab den Eindruck, als würde mein PC grad nicht so rund laufen... Bei senden dieser Antwort schau ich nochmal, was unten in der Statuszeile angezeigt wird und was genau passiert. bis dann |
|
| Themen zu MSN.DE / XING /HOTMAIL NICHT ERREICHBAR; MBAM meldet trojan.amber |
| adobe, aktuelle, anderen, anleitung, blacklist, bleibt hängen, bluescreen, board, erreichbar, firefox, gmer, hängen, laden, logdateien, mail, mbam, melde, meldet, msn hotmail, nichts, password.stealer, sperrliste, start, version, webseite, webseiten, woche, wochen |
Linear-Darstellung
