|
Log-Analyse und Auswertung: Falsche Internetseiten werden aufgerufen!Windows 7 Wenn Du Dir einen Trojaner eingefangen hast oder ständig Viren Warnungen bekommst, kannst Du hier die Logs unserer Diagnose Tools zwecks Auswertung durch unsere Experten posten. Um Viren und Trojaner entfernen zu können, muss das infizierte System zuerst untersucht werden: Erste Schritte zur Hilfe. Beachte dass ein infiziertes System nicht vertrauenswürdig ist und bis zur vollständigen Entfernung der Malware nicht verwendet werden sollte.XML. |
31.10.2010, 16:42 | #1 |
| Falsche Internetseiten werden aufgerufen! Hallo zusammen, ich hoffe mal das mir hier jemand helfen kann. Es kommt immer öfter vor, dass mein Browser eine kompklett andere Interentseite aufruft wie angefordert. Ich will z.b. auf mobile.de und es kommt beispieltsweise die Seite Ask.com Wenn ich die infizierten daten shell.exe und svchost.exe bei AntiMaleware lösche, komme ich nicht mehr ins Internet! Also musste ich sie wieder aus der Quarantäte herstellen. Vielen Dank im Vorraus für Ihre Hilfe! Hier ist meine Hijackthis-log Dirk Code:
ATTFilter Logfile of Trend Micro HijackThis v2.0.4 Scan saved at 16:35:15, on 31.10.2010 Platform: Windows 7 (WinNT 6.00.3504) MSIE: Internet Explorer v8.00 (8.00.7600.16671) Boot mode: Normal Running processes: C:\Windows\system32\Dwm.exe C:\Windows\system32\taskhost.exe C:\Windows\Explorer.EXE C:\Users\Wennto\AppData\Roaming\Microsoft\Windows\shell.exe C:\Windows\system32\taskeng.exe C:\Users\Wennto\AppData\Local\Temp\dwm.exe C:\Program Files\Avira\AntiVir Desktop\avgnt.exe C:\Program Files\Fraps\fraps.exe C:\Users\Wennto\AppData\Roaming\Microsoft\svchost.exe C:\Program Files\Windows Sidebar\sidebar.exe C:\Program Files\RocketDock\RocketDock.exe C:\Program Files\DAEMON Tools Lite\daemon.exe C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\plugin-container.exe C:\Windows\explorer.exe D:\DOWNLOADS\HiJackThis204.exe R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://go.microsoft.com/fwlink/?LinkId=54896 R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://google.de/ R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://go.microsoft.com/fwlink/?LinkId=69157 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = hxxp://go.microsoft.com/fwlink/?LinkId=54896 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://go.microsoft.com/fwlink/?LinkId=54896 R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://go.microsoft.com/fwlink/?LinkId=69157 R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch = R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = http=127.0.0.1:50370 R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = R3 - URLSearchHook: (no name) - - (no file) F3 - REG:win.ini: load=C:\Users\Wennto\AppData\Local\Temp\dwm.exe O2 - BHO: Adobe PDF Reader - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll O2 - BHO: Windows Live Anmelde-Hilfsprogramm - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll O2 - BHO: Bandoo IE Plugin - {EB5CEE80-030A-4ED8-8E20-454E9C68380F} - C:\Program Files\Bandoo\Plugins\IE\ieplugin.dll O4 - HKLM\..\Run: [amd_dc_opt] C:\Program Files\AMD\Dual-Core Optimizer\amd_dc_opt.exe O4 - HKLM\..\Run: [avgnt] "C:\Program Files\Avira\AntiVir Desktop\avgnt.exe" /min O4 - HKLM\..\Run: [ Malwarebytes Anti-Malware (reboot)] "C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe" /runcleanupscript O4 - HKLM\..\Run: [svchost] C:\Users\Wennto\AppData\Roaming\Microsoft\svchost.exe O4 - HKCU\..\Run: [Sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun O4 - HKCU\..\Run: [RocketDock] "C:\Program Files\RocketDock\RocketDock.exe" O4 - HKCU\..\Run: [RegistryBooster] "C:\Program Files\RegistryBooster\launcher.exe" delay 20000 O4 - HKCU\..\Run: [DAEMON Tools Lite] "C:\Program Files\DAEMON Tools Lite\daemon.exe" -autorun O4 - HKCU\..\Run: [svchost] C:\Users\Wennto\AppData\Roaming\Microsoft\svchost.exe O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun (User 'LOKALER DIENST') O4 - HKUS\S-1-5-19\..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (User 'LOKALER DIENST') O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun (User 'NETZWERKDIENST') O4 - HKUS\S-1-5-20\..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (User 'NETZWERKDIENST') O8 - Extra context menu item: Nach Microsoft E&xel exportieren - res://C:\PROGRA~2\MIF5BA~1\Office12\EXCEL.EXE/3000 O9 - Extra button: ICQ7.2 - {72EFBFE4-C74F-4187-AEFD-73EA3BE968D6} - C:\Program Files\ICQ7.2\ICQ.exe O9 - Extra 'Tools' menuitem: ICQ7.2 - {72EFBFE4-C74F-4187-AEFD-73EA3BE968D6} - C:\Program Files\ICQ7.2\ICQ.exe O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~2\MIF5BA~1\Office12\REFIEBAR.DLL O20 - AppInit_DLLs: c:\progra~2\wia6eb~1\datamngr\datamngr.dll c:\progra~2\bandoo\bndhook.dll O23 - Service: AMD External Events Utility - AMD - C:\Windows\system32\atiesrxx.exe O23 - Service: Avira AntiVir Planer (AntiVirSchedulerService) - Avira GmbH - C:\Program Files\Avira\AntiVir Desktop\sched.exe O23 - Service: Avira AntiVir Guard (AntiVirService) - Avira GmbH - C:\Program Files\Avira\AntiVir Desktop\avguard.exe O23 - Service: Nalpeiron Licensing Service (ASTSRV) - Nalpeiron Ltd. - C:\Windows\system32\ASTSRV.EXE O23 - Service: Bandoo Coordinator - Discordia Limited - C:\PROGRA~2\Bandoo\Bandoo.exe O23 - Service: ##Id_String1.6844F930_1628_4223_B5CC_5BB94B879762## (Bonjour Service) - Apple Computer, Inc. - C:\Program Files\Bonjour\mDNSResponder.exe O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe O23 - Service: O&O Defrag - O&O Software GmbH - C:\Program Files\OO Software\Defrag\oodag.exe O23 - Service: SwitchBoard - Adobe Systems Incorporated - C:\Program Files\Common Files\Adobe\SwitchBoard\SwitchBoard.exe O23 - Service: @C:\Program Files\TuneUp Utilities 2010\TuneUpDefragService.exe,-1 (TuneUp.Defrag) - TuneUp Software - C:\Program Files\TuneUp Utilities 2010\TuneUpDefragService.exe O23 - Service: TuneUp Utilities Service (TuneUp.UtilitiesSvc) - TuneUp Software - C:\Program Files\TuneUp Utilities 2010\TuneUpUtilitiesService32.exe O23 - Service: WTGService - Unknown owner - C:\Program Files\Verbindungsassistent\WTGService.exe -- End of file - 5980 bytes |
31.10.2010, 16:45 | #2 |
/// Malware-holic | Falsche Internetseiten werden aufgerufen! ootl:
__________________Systemscan mit OTL download otl: http://filepony.de/download-otl/ Doppelklick auf die OTL.exe (user von Windows 7 und Vista: Rechtsklick als Administrator ausführen) 1. Oben findest Du ein Kästchen mit Output. Wähle bitte Minimal Output 2. Hake an "scan all users" 3. Unter "Extra Registry wähle: "Use Safelist" "LOP Check" "Purity Check" 4. Kopiere in die Textbox: netsvcs msconfig safebootminimal safebootnetwork activex drivers32 %ALLUSERSPROFILE%\Application Data\*. %ALLUSERSPROFILE%\Application Data\*.exe /s %APPDATA%\*. %APPDATA%\*.exe /s %SYSTEMDRIVE%\*.exe /md5start userinit.exe eventlog.dll scecli.dll netlogon.dll cngaudit.dll ws2ifsl.sys sceclt.dll ntelogon.dll winlogon.exe logevent.dll user32.DLL explorer.exe iaStor.sys nvstor.sys atapi.sys IdeChnDr.sys viasraid.sys AGP440.sys vaxscsi.sys nvatabus.sys viamraid.sys nvata.sys nvgts.sys iastorv.sys ViPrt.sys eNetHook.dll ahcix86.sys KR10N.sys nvstor32.sys ahcix86s.sys /md5stop %systemroot%\system32\drivers\*.sys /lockedfiles %systemroot%\System32\config\*.sav %systemroot%\*. /mp /s %systemroot%\system32\*.dll /lockedfiles CREATERESTOREPOINT 5. Klicke "Scan" 6. 2 reporte werden erstellt: OTL.Txt Extras.Txt beide posten. + das Malwarebytes logfile |
31.10.2010, 16:47 | #3 |
/// Helfer-Team | Falsche Internetseiten werden aufgerufen! *Edit* MarkusG war schneller, klinke mich wieder aus.*
__________________ |
31.10.2010, 18:06 | #4 |
| Falsche Internetseiten werden aufgerufen! Ok, danke! Hier die 3 Logs...Allerdings sind die infizierten Einträge bei Maleware nicht von mir entfernt worden, da ich sonst nicht mehr ins Internet kann. Code:
ATTFilter Malwarebytes' Anti-Malware 1.46 www.malwarebytes.org Datenbank Version: 5006 Windows 6.1.7600 Internet Explorer 8.0.7600.16385 31.10.2010 16:54:15 mbam-log-2010-10-31 (16-54-15).txt Art des Suchlaufs: Quick-Scan Durchsuchte Objekte: 139314 Laufzeit: 3 Minute(n), 21 Sekunde(n) Infizierte Speicherprozesse: 2 Infizierte Speichermodule: 0 Infizierte Registrierungsschlüssel: 0 Infizierte Registrierungswerte: 3 Infizierte Dateiobjekte der Registrierung: 1 Infizierte Verzeichnisse: 0 Infizierte Dateien: 3 Infizierte Speicherprozesse: C:\Users\Wennto\AppData\Roaming\Microsoft\svchost.exe (Trojan.Agent) -> No action taken. C:\Users\Wennto\AppData\Roaming\Microsoft\Windows\shell.exe (Trojan.Shell) -> No action taken. Infizierte Speichermodule: (Keine bösartigen Objekte gefunden) Infizierte Registrierungsschlüssel: (Keine bösartigen Objekte gefunden) Infizierte Registrierungswerte: HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\svchost (Trojan.Agent) -> No action taken. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\svchost (Trojan.Agent) -> No action taken. HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows\load (Trojan.Agent) -> No action taken. Infizierte Dateiobjekte der Registrierung: HKEY_CURRENT_USER\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Shell (Hijack.Shell) -> Bad: (explorer.exe,C:\Users\Wennto\AppData\Roaming\Microsoft\Windows\shell.exe) Good: (Explorer.exe) -> No action taken. Infizierte Verzeichnisse: (Keine bösartigen Objekte gefunden) Infizierte Dateien: C:\Users\Wennto\AppData\Roaming\Microsoft\svchost.exe (Trojan.Agent) -> No action taken. C:\$Recycle.Bin\S-1-5-21-4066490547-1557199109-2218371550-1000\$R17HK2R.exe (Trojan.Agent) -> No action taken. C:\Users\Wennto\AppData\Roaming\Microsoft\Windows\shell.exe (Trojan.Shell) -> No action taken. Code:
ATTFilter OTL logfile created on: 31.10.2010 16:56:54 - Run 3 OTL by OldTimer - Version 3.2.17.1 Folder = C:\Users\Public\Desktop\MFtools Ultimate Edition (Version = 6.1.7600) - Type = NTWorkstation Internet Explorer (Version = 8.0.7600.16385) Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy 3,00 Gb Total Physical Memory | 2,00 Gb Available Physical Memory | 71,00% Memory free 6,00 Gb Paging File | 5,00 Gb Available in Paging File | 79,00% Paging File free Paging file location(s): ?:\pagefile.sys [binary data] %SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files Drive C: | 197,38 Gb Total Space | 17,04 Gb Free Space | 8,63% Space Free | Partition Type: NTFS Drive D: | 35,51 Gb Total Space | 17,82 Gb Free Space | 50,19% Space Free | Partition Type: NTFS Drive E: | 698,63 Gb Total Space | 25,43 Gb Free Space | 3,64% Space Free | Partition Type: NTFS Computer Name: WENNTO-PC | User Name: Wennto | Logged in as Administrator. Boot Mode: Normal | Scan Mode: All users Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days ========== Processes (SafeList) ========== PRC - C:\Users\Wennto\AppData\Roaming\Microsoft\Windows\shell.exe () PRC - C:\Users\Wennto\AppData\Roaming\Microsoft\svchost.exe () PRC - C:\Users\Wennto\AppData\Local\Temp\dwm.exe () PRC - C:\Users\Public\Desktop\MFtools\OTL.exe (OldTimer Tools) PRC - C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation) PRC - C:\Program Files\Mozilla Firefox\plugin-container.exe (Mozilla Corporation) PRC - C:\Windows\System32\atieclxx.exe (AMD) PRC - C:\Windows\System32\atiesrxx.exe (AMD) PRC - C:\PROGRA~2\Bandoo\Bandoo.exe (Discordia Limited) PRC - C:\Program Files\Avira\AntiVir Desktop\avguard.exe (Avira GmbH) PRC - C:\Program Files\Fraps\fraps.exe (Beepa P/L) PRC - C:\Program Files\Avira\AntiVir Desktop\avgnt.exe (Avira GmbH) PRC - C:\Program Files\Avira\AntiVir Desktop\sched.exe (Avira GmbH) PRC - C:\Program Files\Avira\AntiVir Desktop\avshadow.exe (Avira GmbH) PRC - C:\Windows\explorer.exe (Microsoft Corporation) PRC - C:\Program Files\OO Software\Defrag\oodag.exe (O&O Software GmbH) PRC - C:\Windows\System32\taskhost.exe (Microsoft Corporation) PRC - C:\Windows\System32\conhost.exe (Microsoft Corporation) PRC - C:\Program Files\DAEMON Tools Lite\daemon.exe (DT Soft Ltd) PRC - C:\Program Files\Verbindungsassistent\WTGService.exe () PRC - C:\Windows\System32\ASTSRV.EXE (Nalpeiron Ltd.) PRC - C:\Program Files\RocketDock\RocketDock.exe () ========== Modules (SafeList) ========== MOD - C:\Users\Public\Desktop\MFtools\OTL.exe (OldTimer Tools) MOD - C:\Windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7600.16661_none_420fe3fa2b8113bd\comctl32.dll (Microsoft Corporation) MOD - C:\Program Files\Fraps\FRAPS32.DLL (Beepa P/L) MOD - C:\Windows\System32\sspicli.dll (Microsoft Corporation) MOD - C:\Windows\System32\sechost.dll (Microsoft Corporation) MOD - C:\Windows\System32\samcli.dll (Microsoft Corporation) MOD - C:\Windows\System32\profapi.dll (Microsoft Corporation) MOD - C:\Windows\System32\netutils.dll (Microsoft Corporation) MOD - C:\Windows\System32\KernelBase.dll (Microsoft Corporation) MOD - C:\Windows\System32\dwmapi.dll (Microsoft Corporation) MOD - C:\Windows\System32\devobj.dll (Microsoft Corporation) MOD - C:\Windows\System32\cryptbase.dll (Microsoft Corporation) MOD - C:\Windows\System32\cfgmgr32.dll (Microsoft Corporation) ========== Win32 Services (SafeList) ========== SRV - (FLEXnet Licensing Service) -- C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe (Macrovision Europe Ltd.) SRV - (TuneUp.Defrag) -- C:\Program Files\TuneUp Utilities 2010\TuneUpDefragService.exe (TuneUp Software) SRV - (AMD External Events Utility) -- C:\Windows\System32\atiesrxx.exe (AMD) SRV - (TuneUp.UtilitiesSvc) -- C:\Program Files\TuneUp Utilities 2010\TuneUpUtilitiesService32.exe (TuneUp Software) SRV - (UxTuneUp) -- C:\Windows\System32\uxtuneup.dll (TuneUp Software) SRV - (Bandoo Coordinator) -- C:\PROGRA~2\Bandoo\Bandoo.exe (Discordia Limited) SRV - (AntiVirService) -- C:\Program Files\Avira\AntiVir Desktop\avguard.exe (Avira GmbH) SRV - (clr_optimization_v4.0.30319_32) -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe (Microsoft Corporation) SRV - (AntiVirSchedulerService) -- C:\Program Files\Avira\AntiVir Desktop\sched.exe (Avira GmbH) SRV - (SwitchBoard) -- C:\Program Files\Common Files\Adobe\SwitchBoard\SwitchBoard.exe (Adobe Systems Incorporated) SRV - (O&O Defrag) -- C:\Program Files\OO Software\Defrag\oodag.exe (O&O Software GmbH) SRV - (WwanSvc) -- C:\Windows\System32\wwansvc.dll (Microsoft Corporation) SRV - (WbioSrvc) -- C:\Windows\System32\wbiosrvc.dll (Microsoft Corporation) SRV - (Power) -- C:\Windows\System32\umpo.dll (Microsoft Corporation) SRV - (Themes) -- C:\Windows\System32\themeservice.dll (Microsoft Corporation) SRV - (sppuinotify) -- C:\Windows\System32\sppuinotify.dll (Microsoft Corporation) SRV - (RpcEptMapper) -- C:\Windows\System32\RpcEpMap.dll (Microsoft Corporation) SRV - (SensrSvc) -- C:\Windows\System32\sensrsvc.dll (Microsoft Corporation) SRV - (PeerDistSvc) -- C:\Windows\System32\PeerDistSvc.dll (Microsoft Corporation) SRV - (PNRPsvc) -- C:\Windows\System32\pnrpsvc.dll (Microsoft Corporation) SRV - (p2pimsvc) -- C:\Windows\System32\pnrpsvc.dll (Microsoft Corporation) SRV - (HomeGroupProvider) -- C:\Windows\System32\provsvc.dll (Microsoft Corporation) SRV - (PNRPAutoReg) -- C:\Windows\System32\pnrpauto.dll (Microsoft Corporation) SRV - (WinDefend) -- C:\Program Files\Windows Defender\mpsvc.dll (Microsoft Corporation) SRV - (HomeGroupListener) -- C:\Windows\System32\ListSvc.dll (Microsoft Corporation) SRV - (FontCache) -- C:\Windows\System32\FntCache.dll (Microsoft Corporation) SRV - (Dhcp) -- C:\Windows\System32\dhcpcore.dll (Microsoft Corporation) SRV - (defragsvc) -- C:\Windows\System32\defragsvc.dll (Microsoft Corporation) SRV - (BDESVC) -- C:\Windows\System32\bdesvc.dll (Microsoft Corporation) SRV - (AxInstSV) ActiveX-Installer (AxInstSV) -- C:\Windows\System32\AxInstSv.dll (Microsoft Corporation) SRV - (AppIDSvc) -- C:\Windows\System32\appidsvc.dll (Microsoft Corporation) SRV - (sppsvc) -- C:\Windows\System32\sppsvc.exe (Microsoft Corporation) SRV - (WTGService) -- C:\Program Files\Verbindungsassistent\WTGService.exe () SRV - (ASTSRV) -- C:\Windows\System32\ASTSRV.EXE (Nalpeiron Ltd.) ========== Driver Services (SafeList) ========== DRV - (UIUSys) -- C:\Windows\System32\DRIVERS\UIUSYS.SYS File not found DRV - (cpuz130) -- C:\Users\Wennto\AppData\Local\Temp\cpuz130\cpuz_x32.sys File not found DRV - (amdiox86) -- C:\Windows\System32\DRIVERS\amdiox86.sys File not found DRV - (snapman) -- C:\Windows\system32\DRIVERS\snapman.sys (Acronis) DRV - (atksgt) -- C:\Windows\System32\drivers\atksgt.sys () DRV - (lirsgt) -- C:\Windows\System32\drivers\lirsgt.sys () DRV - (ctgame) -- C:\Windows\System32\drivers\ctgame.sys (Creative Technology Ltd.) DRV - (msgame) -- C:\Windows\System32\drivers\msgame.sys (Microsoft Corporation) DRV - (atikmdag) -- C:\Windows\System32\drivers\atikmdag.sys (ATI Technologies Inc.) DRV - (amdkmdag) -- C:\Windows\System32\drivers\atikmdag.sys (ATI Technologies Inc.) DRV - (amdkmdap) -- C:\Windows\System32\drivers\atikmpag.sys (Advanced Micro Devices, Inc.) DRV - (sptd) -- C:\Windows\System32\Drivers\sptd.sys () DRV - (AtiHDAudioService) -- C:\Windows\System32\drivers\AtihdW73.sys (ATI Technologies, Inc.) DRV - (IntcAzAudAddService) Service for Realtek HD Audio (WDM) -- C:\Windows\System32\drivers\RTKVHDA.sys (Realtek Semiconductor Corp.) DRV - (pwdrvio) -- C:\Windows\System32\pwdrvio.sys () DRV - (pwdspio) -- C:\Windows\System32\pwdspio.sys () DRV - (LUsbFilt) -- C:\Windows\System32\drivers\LUsbFilt.sys (Logitech, Inc.) DRV - (LMouFilt) -- C:\Windows\System32\drivers\LMouFilt.Sys (Logitech, Inc.) DRV - (LHidFilt) -- C:\Windows\System32\drivers\LHidFilt.Sys (Logitech, Inc.) DRV - (AtiHdmiService) -- C:\Windows\System32\drivers\AtiHdmi.sys (ATI Technologies, Inc.) DRV - (avipbb) -- C:\Windows\System32\drivers\avipbb.sys (Avira GmbH) DRV - (TuneUpUtilitiesDrv) -- C:\Program Files\TuneUp Utilities 2010\TuneUpUtilitiesDriver32.sys (TuneUp Software) DRV - (avgntflt) -- C:\Windows\System32\drivers\avgntflt.sys (Avira GmbH) DRV - (KSecPkg) -- C:\Windows\System32\Drivers\ksecpkg.sys (Microsoft Corporation) DRV - (cmdide) -- C:\Windows\system32\DRIVERS\cmdide.sys (CMD Technology, Inc.) DRV - (adpahci) -- C:\Windows\system32\DRIVERS\adpahci.sys (Adaptec, Inc.) DRV - (adp94xx) -- C:\Windows\system32\DRIVERS\adp94xx.sys (Adaptec, Inc.) DRV - (amdsbs) -- C:\Windows\system32\DRIVERS\amdsbs.sys (AMD Technologies Inc.) DRV - (adpu320) -- C:\Windows\system32\DRIVERS\adpu320.sys (Adaptec, Inc.) DRV - (arcsas) -- C:\Windows\system32\DRIVERS\arcsas.sys (Adaptec, Inc.) DRV - (amdsata) -- C:\Windows\system32\DRIVERS\amdsata.sys (Advanced Micro Devices) DRV - (arc) -- C:\Windows\system32\DRIVERS\arc.sys (Adaptec, Inc.) DRV - (amdxata) -- C:\Windows\system32\DRIVERS\amdxata.sys (Advanced Micro Devices) DRV - (aliide) -- C:\Windows\system32\DRIVERS\aliide.sys (Acer Laboratories Inc.) DRV - (nvstor) -- C:\Windows\system32\DRIVERS\nvstor.sys (NVIDIA Corporation) DRV - (nvraid) -- C:\Windows\system32\DRIVERS\nvraid.sys (NVIDIA Corporation) DRV - (nfrd960) -- C:\Windows\system32\DRIVERS\nfrd960.sys (IBM Corporation) DRV - (LSI_SAS) -- C:\Windows\system32\DRIVERS\lsi_sas.sys (LSI Corporation) DRV - (iaStorV) -- C:\Windows\system32\DRIVERS\iaStorV.sys (Intel Corporation) DRV - (MegaSR) -- C:\Windows\system32\DRIVERS\MegaSR.sys (LSI Corporation, Inc.) DRV - (LSI_SCSI) -- C:\Windows\system32\DRIVERS\lsi_scsi.sys (LSI Corporation) DRV - (LSI_FC) -- C:\Windows\system32\DRIVERS\lsi_fc.sys (LSI Corporation) DRV - (LSI_SAS2) -- C:\Windows\system32\DRIVERS\lsi_sas2.sys (LSI Corporation) DRV - (iirsp) -- C:\Windows\system32\DRIVERS\iirsp.sys (Intel Corp./ICP vortex GmbH) DRV - (megasas) -- C:\Windows\system32\DRIVERS\megasas.sys (LSI Corporation) DRV - (hwpolicy) -- C:\Windows\System32\drivers\hwpolicy.sys (Microsoft Corporation) DRV - (elxstor) -- C:\Windows\system32\DRIVERS\elxstor.sys (Emulex) DRV - (aic78xx) -- C:\Windows\system32\DRIVERS\djsvs.sys (Adaptec, Inc.) DRV - (HpSAMD) -- C:\Windows\system32\DRIVERS\HpSAMD.sys (Hewlett-Packard Company) DRV - (FsDepends) -- C:\Windows\System32\drivers\fsdepends.sys (Microsoft Corporation) DRV - (vsmraid) -- C:\Windows\system32\DRIVERS\vsmraid.sys (VIA Technologies Inc.,Ltd) DRV - (vmbus) -- C:\Windows\system32\DRIVERS\vmbus.sys (Microsoft Corporation) DRV - (vhdmp) -- C:\Windows\system32\DRIVERS\vhdmp.sys (Microsoft Corporation) DRV - (storflt) -- C:\Windows\system32\DRIVERS\vmstorfl.sys (Microsoft Corporation) DRV - (vdrvroot) -- C:\Windows\system32\DRIVERS\vdrvroot.sys (Microsoft Corporation) DRV - (storvsc) -- C:\Windows\system32\DRIVERS\storvsc.sys (Microsoft Corporation) DRV - (WIMMount) -- C:\Windows\System32\drivers\wimmount.sys (Microsoft Corporation) DRV - (viaide) -- C:\Windows\system32\DRIVERS\viaide.sys (VIA Technologies, Inc.) DRV - (ql2300) -- C:\Windows\system32\DRIVERS\ql2300.sys (QLogic Corporation) DRV - (rdyboost) -- C:\Windows\System32\drivers\rdyboost.sys (Microsoft Corporation) DRV - (ql40xx) -- C:\Windows\system32\DRIVERS\ql40xx.sys (QLogic Corporation) DRV - (SiSRaid4) -- C:\Windows\system32\DRIVERS\sisraid4.sys (Silicon Integrated Systems) DRV - (pcw) -- C:\Windows\System32\drivers\pcw.sys (Microsoft Corporation) DRV - (SiSRaid2) -- C:\Windows\system32\DRIVERS\SiSRaid2.sys (Silicon Integrated Systems Corp.) DRV - (stexstor) -- C:\Windows\system32\DRIVERS\stexstor.sys (Promise Technology) DRV - (CNG) -- C:\Windows\System32\Drivers\cng.sys (Microsoft Corporation) DRV - (Brserid) Brother MFC Serial Port Interface Driver (WDM) -- C:\Windows\System32\Drivers\Brserid.sys (Brother Industries Ltd.) DRV - (rdpbus) -- C:\Windows\System32\drivers\rdpbus.sys (Microsoft Corporation) DRV - (RDPREFMP) -- C:\Windows\System32\drivers\RDPREFMP.sys (Microsoft Corporation) DRV - (RasAgileVpn) WAN Miniport (IKEv2) -- C:\Windows\System32\drivers\agilevpn.sys (Microsoft Corporation) DRV - (WfpLwf) -- C:\Windows\System32\drivers\wfplwf.sys (Microsoft Corporation) DRV - (NdisCap) -- C:\Windows\System32\drivers\ndiscap.sys (Microsoft Corporation) DRV - (vwififlt) -- C:\Windows\System32\drivers\vwififlt.sys (Microsoft Corporation) DRV - (vwifibus) -- C:\Windows\System32\drivers\vwifibus.sys (Microsoft Corporation) DRV - (1394ohci) -- C:\Windows\system32\DRIVERS\1394ohci.sys (Microsoft Corporation) DRV - (UmPass) -- C:\Windows\system32\DRIVERS\umpass.sys (Microsoft Corporation) DRV - (usbaudio) USB-Audiotreiber (WDM) -- C:\Windows\System32\drivers\USBAUDIO.sys (Microsoft Corporation) DRV - (mshidkmdf) -- C:\Windows\System32\drivers\mshidkmdf.sys (Microsoft Corporation) DRV - (MTConfig) -- C:\Windows\system32\DRIVERS\MTConfig.sys (Microsoft Corporation) DRV - (CompositeBus) -- C:\Windows\System32\drivers\CompositeBus.sys (Microsoft Corporation) DRV - (AppID) -- C:\Windows\system32\drivers\appid.sys (Microsoft Corporation) DRV - (scfilter) -- C:\Windows\System32\drivers\scfilter.sys (Microsoft Corporation) DRV - (s3cap) -- C:\Windows\system32\DRIVERS\vms3cap.sys (Microsoft Corporation) DRV - (VMBusHID) -- C:\Windows\system32\DRIVERS\VMBusHID.sys (Microsoft Corporation) DRV - (discache) -- C:\Windows\System32\drivers\discache.sys (Microsoft Corporation) DRV - (AcpiPmi) -- C:\Windows\system32\DRIVERS\acpipmi.sys (Microsoft Corporation) DRV - (AmdPPM) -- C:\Windows\system32\DRIVERS\amdppm.sys (Microsoft Corporation) DRV - (Ph3xIB32) -- C:\Windows\System32\drivers\Ph3xIB32.sys (NXP Semiconductors) DRV - (hcw85cir) -- C:\Windows\system32\drivers\hcw85cir.sys (Hauppauge Computer Works, Inc.) DRV - (BrUsbMdm) -- C:\Windows\System32\Drivers\BrUsbMdm.sys (Brother Industries Ltd.) DRV - (BrUsbSer) -- C:\Windows\System32\Drivers\BrUsbSer.sys (Brother Industries Ltd.) DRV - (BrSerWdm) -- C:\Windows\System32\Drivers\BrSerWdm.sys (Brother Industries Ltd.) DRV - (BrFiltLo) -- C:\Windows\system32\DRIVERS\BrFiltLo.sys (Brother Industries, Ltd.) DRV - (BrFiltUp) -- C:\Windows\system32\DRIVERS\BrFiltUp.sys (Brother Industries, Ltd.) DRV - (netr73) -- C:\Windows\System32\drivers\netr73.sys (Ralink Technology, Corp.) DRV - (NVENETFD) -- C:\Windows\System32\drivers\nvm62x32.sys (NVIDIA Corporation) DRV - (b57nd60x) -- C:\Windows\System32\drivers\b57nd60x.sys (Broadcom Corporation) DRV - (ebdrv) -- C:\Windows\system32\DRIVERS\evbdx.sys (Broadcom Corporation) DRV - (b06bdrv) -- C:\Windows\system32\DRIVERS\bxvbdx.sys (Broadcom Corporation) DRV - (ssmdrv) -- C:\Windows\System32\drivers\ssmdrv.sys (Avira GmbH) DRV - (hwdatacard) -- C:\Windows\System32\drivers\ewusbmdm.sys (Huawei Technologies Co., Ltd.) DRV - (AmdLLD) -- C:\Windows\System32\drivers\AmdLLD.sys (AMD, Inc.) DRV - (cdrblock) -- C:\Windows\System32\drivers\cdrblock.sys (Canopus Co,. Ltd.) ========== Standard Registry (SafeList) ========== ========== Internet Explorer ========== IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 IE - HKU\S-1-5-21-4066490547-1557199109-2218371550-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://google.de/ IE - HKU\S-1-5-21-4066490547-1557199109-2218371550-1000\..\URLSearchHook: - Reg Error: Key error. File not found IE - HKU\S-1-5-21-4066490547-1557199109-2218371550-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 1 IE - HKU\S-1-5-21-4066490547-1557199109-2218371550-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local IE - HKU\S-1-5-21-4066490547-1557199109-2218371550-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyServer" = http=127.0.0.1:50370 ========== FireFox ========== FF - prefs.js..browser.search.defaultenginename: "ICQ Search" FF - prefs.js..browser.search.defaulturl: "hxxp://search.sweetim.com/search.asp?src=2&q=" FF - prefs.js..browser.search.order.1: "foxsearch" FF - prefs.js..browser.search.selectedEngine: "ICQ Search" FF - prefs.js..browser.startup.homepage: "hxxp://start.icq.com/" FF - prefs.js..extensions.enabledItems: firefox@bandoo.com:5.0 FF - prefs.js..extensions.enabledItems: {b9db16a4-6edc-47ec-a1f4-b86292ed211d}:4.7.4 FF - prefs.js..extensions.enabledItems: fdm_ffext@freedownloadmanager.org:1.3.4 FF - prefs.js..extensions.enabledItems: jqs@sun.com:1.0 FF - prefs.js..extensions.enabledItems: {7FF99715-3016-4381-84CE-E4E4C9673020}:1.0 FF - prefs.js..extensions.enabledItems: {EEE6C361-6118-11DC-9C72-001320C79847}:1.0.0.10 FF - prefs.js..extensions.enabledItems: {635abd67-4fe9-1b23-4f01-e679fa7484c1}:2.1.1.20091029021655 FF - prefs.js..extensions.enabledItems: {07b2a769-ed19-4483-87ce-c643914c81bb}:3.0.0.91 FF - prefs.js..keyword.URL: "hxxp://www.finduny.com?client=mozilla-firefox&cd=UTF-8&search=1&q=" FF - prefs.js..sweetim.toolbar.previous.browser.search.defaultenginename: "SweetIM Search" FF - prefs.js..sweetim.toolbar.previous.browser.search.defaulturl: "hxxp://search.sweetim.com/search.asp?src=2&q=" FF - prefs.js..sweetim.toolbar.previous.browser.search.selectedEngine: "SweetIM Search" FF - prefs.js..browser.startup.homepage: "hxxp://www.google.de/" FF - prefs.js..sweetim.toolbar.previous.keyword.URL: "chrome://browser-region/locale/region.properties" FF - user.js..browser.search.selectedEngine: "foxsearch" FF - user.js..browser.search.order.1: "foxsearch" FF - user.js..browser.search.defaultenginename: "foxsearch" FF - user.js..keyword.URL: "hxxp://www.finduny.com?client=mozilla-firefox&cd=UTF-8&search=1&q=" FF - HKLM\software\mozilla\Mozilla Firefox 3.6.12\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2010.10.29 00:37:40 | 000,000,000 | ---D | M] FF - HKLM\software\mozilla\Mozilla Firefox 3.6.12\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2010.10.29 00:37:40 | 000,000,000 | ---D | M] FF - HKLM\software\mozilla\Mozilla Thunderbird 3.1.5\extensions\\Components: C:\Program Files\Mozilla Thunderbird\components [2010.10.22 16:07:59 | 000,000,000 | ---D | M] [2010.07.31 15:40:05 | 000,000,000 | ---D | M] -- C:\Users\Wennto\AppData\Roaming\mozilla\Extensions [2010.07.31 15:40:05 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Wennto\AppData\Roaming\mozilla\Extensions\{3550f703-e582-4d05-9a08-453d09bdfdc6} [2010.10.31 00:04:26 | 000,000,000 | ---D | M] -- C:\Users\Wennto\AppData\Roaming\mozilla\Firefox\Profiles\al3cmo4r.default\extensions [2010.09.24 14:51:46 | 000,000,000 | ---D | M] (Modern Modoki) -- C:\Users\Wennto\AppData\Roaming\mozilla\Firefox\Profiles\al3cmo4r.default\extensions\{7a94a9a7-be7f-4d51-afe9-06063380ca94} [2010.07.30 21:32:37 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Wennto\AppData\Roaming\mozilla\Firefox\Profiles\al3cmo4r.default\extensions\{800b5000-a755-47e1-992b-48a1c1357f07} [2010.10.14 14:26:57 | 000,000,000 | ---D | M] (DownloadHelper) -- C:\Users\Wennto\AppData\Roaming\mozilla\Firefox\Profiles\al3cmo4r.default\extensions\{b9db16a4-6edc-47ec-a1f4-b86292ed211d} [2010.09.24 14:02:34 | 000,000,000 | ---D | M] (Adblock Plus) -- C:\Users\Wennto\AppData\Roaming\mozilla\Firefox\Profiles\al3cmo4r.default\extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d} [2010.09.19 16:44:20 | 000,000,000 | ---D | M] -- C:\Users\Wennto\AppData\Roaming\mozilla\Firefox\Profiles\al3cmo4r.default\extensions\vshare@toolbar [2010.08.03 16:47:27 | 000,000,000 | ---D | M] -- C:\Users\Wennto\AppData\Roaming\mozilla\Firefox\Profiles\q3koc7fq.default\extensions [2010.07.30 18:43:50 | 000,000,000 | ---D | M] (Vista-aero) -- C:\Users\Wennto\AppData\Roaming\mozilla\Firefox\Profiles\q3koc7fq.default\extensions\{07b2a769-ed19-4483-87ce-c643914c81bb} [2010.07.30 18:43:53 | 000,000,000 | ---D | M] (Yahoo! Toolbar) -- C:\Users\Wennto\AppData\Roaming\mozilla\Firefox\Profiles\q3koc7fq.default\extensions\{635abd67-4fe9-1b23-4f01-e679fa7484c1} [2010.07.30 18:43:56 | 000,000,000 | ---D | M] (Searchqu Toolbar) -- C:\Users\Wennto\AppData\Roaming\mozilla\Firefox\Profiles\q3koc7fq.default\extensions\{7FF99715-3016-4381-84CE-E4E4C9673020} [2010.07.30 21:32:43 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Wennto\AppData\Roaming\mozilla\Firefox\Profiles\q3koc7fq.default\extensions\{800b5000-a755-47e1-992b-48a1c1357f07} [2010.07.30 18:43:56 | 000,000,000 | ---D | M] (Past Modern) -- C:\Users\Wennto\AppData\Roaming\mozilla\Firefox\Profiles\q3koc7fq.default\extensions\{81514210-E22A-4e69-93D5-E1EFD45B4620} [2010.07.30 18:43:57 | 000,000,000 | ---D | M] (DownloadHelper) -- C:\Users\Wennto\AppData\Roaming\mozilla\Firefox\Profiles\q3koc7fq.default\extensions\{b9db16a4-6edc-47ec-a1f4-b86292ed211d} [2010.07.30 18:43:57 | 000,000,000 | ---D | M] (SweetIM Toolbar for Firefox) -- C:\Users\Wennto\AppData\Roaming\mozilla\Firefox\Profiles\q3koc7fq.default\extensions\{EEE6C361-6118-11DC-9C72-001320C79847} [2010.08.03 16:47:27 | 000,000,000 | ---D | M] -- C:\Users\Wennto\AppData\Roaming\mozilla\Firefox\Profiles\q3koc7fq.default\extensions\finder@meingutscheincode.de [2010.07.30 18:43:50 | 000,000,000 | ---D | M] -- C:\Users\Wennto\AppData\Roaming\mozilla\Firefox\Profiles\q3koc7fq.default\extensions\firefox@bandoo.com [2010.07.30 18:43:53 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Wennto\AppData\Roaming\mozilla\Firefox\Profiles\q3koc7fq.default\extensions\{07b2a769-ed19-4483-87ce-c643914c81bb}\chrome\mozapps\extensions [2010.05.12 17:40:06 | 000,001,042 | ---- | M] () -- C:\Users\Wennto\AppData\Roaming\Mozilla\FireFox\Profiles\q3koc7fq.default\searchplugins\icqplugin.xml [2010.04.12 13:01:50 | 000,005,495 | ---- | M] () -- C:\Users\Wennto\AppData\Roaming\Mozilla\FireFox\Profiles\q3koc7fq.default\searchplugins\SearchquWebSearch.xml [2010.05.31 16:30:31 | 000,003,915 | ---- | M] () -- C:\Users\Wennto\AppData\Roaming\Mozilla\FireFox\Profiles\q3koc7fq.default\searchplugins\sweetim.xml [2010.09.24 14:02:38 | 000,000,000 | ---D | M] -- C:\Program Files\mozilla firefox\extensions [2010.07.31 13:33:04 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA} [2010.07.31 13:32:56 | 000,423,656 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\mozilla firefox\plugins\npdeployJava1.dll [2006.03.22 03:27:56 | 000,098,304 | ---- | M] (Zylom) -- C:\Program Files\mozilla firefox\plugins\npzylomgamesplayer.dll [2010.10.12 11:42:01 | 000,001,392 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\amazondotcom-de.xml [2010.10.12 11:42:01 | 000,002,344 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\eBay-de.xml [2010.10.12 11:42:01 | 000,006,805 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\leo_ende_de.xml [2010.07.22 10:00:18 | 000,000,832 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\WebSearch.xml [2010.10.12 11:42:01 | 000,001,178 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\wikipedia-de.xml [2010.10.12 11:42:01 | 000,001,105 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\yahoo-de.xml O1 HOSTS File: ([2009.06.10 22:39:37 | 000,000,824 | ---- | M]) - C:\Windows\System32\drivers\etc\hosts O2 - BHO: (Adobe PDF Reader) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll (Adobe Systems Incorporated) O2 - BHO: (BandooIEPlugin Class) - {EB5CEE80-030A-4ED8-8E20-454E9C68380F} - C:\Program Files\Bandoo\Plugins\IE\ieplugin.dll (Discordia Limited) O4 - HKLM..\Run: [amd_dc_opt] C:\Program Files\AMD\Dual-Core Optimizer\amd_dc_opt.exe (AMD) O4 - HKLM..\Run: [avgnt] C:\Program Files\Avira\AntiVir Desktop\avgnt.exe (Avira GmbH) O4 - HKLM..\Run: [ Malwarebytes Anti-Malware (reboot)] C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe (Malwarebytes Corporation) O4 - HKLM..\Run: [svchost] C:\Users\Wennto\AppData\Roaming\Microsoft\svchost.exe () O4 - HKU\S-1-5-21-4066490547-1557199109-2218371550-1000..\Run: [DAEMON Tools Lite] C:\Program Files\DAEMON Tools Lite\daemon.exe (DT Soft Ltd) O4 - HKU\S-1-5-21-4066490547-1557199109-2218371550-1000..\Run: [RegistryBooster] C:\Program Files\RegistryBooster\launcher.exe File not found O4 - HKU\S-1-5-21-4066490547-1557199109-2218371550-1000..\Run: [RocketDock] C:\Program Files\RocketDock\RocketDock.exe () O4 - HKU\S-1-5-21-4066490547-1557199109-2218371550-1000..\Run: [svchost] C:\Users\Wennto\AppData\Roaming\Microsoft\svchost.exe () O4 - HKU\S-1-5-19..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (Microsoft Corporation) O4 - HKU\S-1-5-20..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (Microsoft Corporation) F3 - HKU\S-1-5-21-4066490547-1557199109-2218371550-1000 WinNT: Load - (C:\Users\Wennto\AppData\Local\Temp\dwm.exe) - C:\Users\Wennto\AppData\Local\Temp\dwm.exe () O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3 O9 - Extra Button: ICQ7.2 - {72EFBFE4-C74F-4187-AEFD-73EA3BE968D6} - C:\Program Files\ICQ7.2\ICQ.exe (ICQ, LLC.) O9 - Extra 'Tools' menuitem : ICQ7.2 - {72EFBFE4-C74F-4187-AEFD-73EA3BE968D6} - C:\Program Files\ICQ7.2\ICQ.exe (ICQ, LLC.) O9 - Extra Button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~2\MIF5BA~1\Office12\REFIEBAR.DLL (Microsoft Corporation) O10 - NameSpace_Catalog5\Catalog_Entries\000000000007 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Computer, Inc.) O13 - gopher Prefix: missing O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_21-windows-i586.cab (Java Plug-in 1.6.0_21) O16 - DPF: {CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_21-windows-i586.cab (Java Plug-in 1.6.0_21) O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_21-windows-i586.cab (Java Plug-in 1.6.0_21) O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.0.1 O18 - Protocol\Filter\text/xml {807563E5-5146-11D5-A672-00B0D022E945} - C:\PROGRA~2\COMMON~1\MICROS~1\OFFICE12\MSOXMLMF.DLL (Microsoft Corporation) O20 - AppInit_DLLs: (c:\progra~2\wia6eb~1\datamngr\datamngr.dll) - c:\progra~2\wia6eb~1\datamngr\datamngr.dll (iMesh, Inc) O20 - AppInit_DLLs: (c:\progra~2\bandoo\bndhook.dll) - c:\progra~2\bandoo\bndhook.dll (Discordia Limited) O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation) O20 - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\Windows\System32\SystemPropertiesPerformance.exe (Microsoft Corporation) O20 - HKLM Winlogon: VMApplet - (/pagefile) - File not found O20 - HKU\S-1-5-21-4066490547-1557199109-2218371550-1000 Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation) O20 - HKU\S-1-5-21-4066490547-1557199109-2218371550-1000 Winlogon: Shell - (C:\Users\Wennto\AppData\Roaming\Microsoft\Windows\shell.exe) - C:\Users\Wennto\AppData\Roaming\Microsoft\Windows\shell.exe () O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - CLSID or File not found. O30 - LSA: Security Packages - (pku2u) - C:\Windows\System32\pku2u.dll (Microsoft Corporation) O32 - HKLM CDRom: AutoRun - 0 O32 - AutoRun File - [2009.06.10 22:42:20 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ] O33 - MountPoints2\{0b08f887-a14e-11df-9b96-e316ecdbdb53}\Shell - "" = AutoRun O33 - MountPoints2\{0b08f887-a14e-11df-9b96-e316ecdbdb53}\Shell\AutoRun\command - "" = G:\AutoRun.exe -- File not found O33 - MountPoints2\{0b08f88a-a14e-11df-9b96-e316ecdbdb53}\Shell - "" = AutoRun O33 - MountPoints2\{0b08f88a-a14e-11df-9b96-e316ecdbdb53}\Shell\AutoRun\command - "" = G:\AutoRun.exe -- File not found O33 - MountPoints2\{3ea36db0-9bee-11df-955b-806e6f6e6963}\Shell - "" = AutoRun O33 - MountPoints2\{3ea36db0-9bee-11df-955b-806e6f6e6963}\Shell\AutoRun\command - "" = G:\AutoRun.exe -- File not found O33 - MountPoints2\{41dc6280-9bf7-11df-a89f-c14e2485bbfc}\Shell - "" = AutoRun O33 - MountPoints2\{41dc6280-9bf7-11df-a89f-c14e2485bbfc}\Shell\AutoRun\command - "" = I:\OblivionLauncher.exe -- File not found O33 - MountPoints2\{49051d15-a14c-11df-b4aa-d58dac5aad6d}\Shell - "" = AutoRun O33 - MountPoints2\{49051d15-a14c-11df-b4aa-d58dac5aad6d}\Shell\AutoRun\command - "" = G:\AutoRun.exe -- File not found O33 - MountPoints2\{8aa1df00-a296-11df-800f-806e6f6e6963}\Shell - "" = AutoRun O33 - MountPoints2\{8aa1df00-a296-11df-800f-806e6f6e6963}\Shell\AutoRun\command - "" = G:\AutoRun.exe -- File not found O33 - MountPoints2\{fffe9a21-a146-11df-b6e4-f23e4b93c27f}\Shell - "" = AutoRun O33 - MountPoints2\{fffe9a21-a146-11df-b6e4-f23e4b93c27f}\Shell\AutoRun\command - "" = G:\AutoRun.exe -- File not found O33 - MountPoints2\G\Shell - "" = AutoRun O33 - MountPoints2\G\Shell\AutoRun\command - "" = G:\AutoRun.exe -- File not found O34 - HKLM BootExecute: (autocheck autochk *) - File not found O34 - HKLM BootExecute: (OODBS) - C:\Windows\System32\OODBS.exe (O&O Software GmbH) O35 - HKLM\..comfile [open] -- "%1" %* O35 - HKLM\..exefile [open] -- "%1" %* O37 - HKLM\...com [@ = comfile] -- "%1" %* O37 - HKLM\...exe [@ = exefile] -- "%1" %* NetSvcs: FastUserSwitchingCompatibility - File not found NetSvcs: Ias - File not found NetSvcs: Nla - File not found NetSvcs: Ntmssvc - File not found NetSvcs: NWCWorkstation - File not found NetSvcs: Nwsapagent - File not found NetSvcs: SRService - File not found NetSvcs: UxTuneUp - C:\Windows\System32\uxtuneup.dll (TuneUp Software) NetSvcs: WmdmPmSp - File not found NetSvcs: LogonHours - File not found NetSvcs: PCAudit - File not found NetSvcs: helpsvc - File not found NetSvcs: uploadmgr - File not found NetSvcs: Themes - C:\Windows\System32\themeservice.dll (Microsoft Corporation) NetSvcs: BDESVC - C:\Windows\System32\bdesvc.dll (Microsoft Corporation) MsConfig - StartUpFolder: C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^Adobe Reader - Schnellstart.lnk - C:\PROGRA~2\Adobe\READER~1.0\Reader\READER~1.EXE - (Adobe Systems Incorporated) MsConfig - StartUpFolder: C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^Adobe Reader Synchronizer.lnk - C:\PROGRA~2\Adobe\READER~1.0\Reader\ADOBEC~1.EXE - () MsConfig - StartUpReg: AdobeAAMUpdater-1.0 - hkey= - key= - C:\Program Files\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe (Adobe Systems Incorporated) MsConfig - StartUpReg: AdobeCS4ServiceManager - hkey= - key= - C:\Program Files\Common Files\Adobe\CS4ServiceManager\CS4ServiceManager.exe File not found MsConfig - StartUpReg: AdobeCS5ServiceManager - hkey= - key= - C:\Program Files\Common Files\Adobe\CS5ServiceManager\CS5ServiceManager.exe (Adobe Systems Incorporated) MsConfig - StartUpReg: ICQ - hkey= - key= - C:\Program Files\ICQ7.2\ICQ.exe (ICQ, LLC.) MsConfig - StartUpReg: Messenger (Yahoo!) - hkey= - key= - C:\Programme\Yahoo!\Messenger\YahooMessenger.exe File not found MsConfig - StartUpReg: QuickTime Task - hkey= - key= - C:\Program Files\QuickTime\QTTask.exe (Apple Inc.) MsConfig - StartUpReg: RGSC - hkey= - key= - E:\spiele\Rockstar Games\Rockstar Games Social Club\RGSCLauncher.exe File not found MsConfig - StartUpReg: Standby - hkey= - key= - c:\Program Files\Common Files\Corel\Standby\Standby.exe File not found MsConfig - StartUpReg: Steam - hkey= - key= - C:\Program Files\Steam\Steam.exe File not found MsConfig - StartUpReg: SunJavaUpdateSched - hkey= - key= - C:\Program Files\Common Files\Java\Java Update\jusched.exe (Sun Microsystems, Inc.) MsConfig - StartUpReg: SwitchBoard - hkey= - key= - C:\Program Files\Common Files\Adobe\SwitchBoard\SwitchBoard.exe (Adobe Systems Incorporated) MsConfig - State: "startup" - 2 MsConfig - State: "bootini" - 2 SafeBootMin: Base - Driver Group SafeBootMin: Boot Bus Extender - Driver Group SafeBootMin: Boot file system - Driver Group SafeBootMin: File system - Driver Group SafeBootMin: Filter - Driver Group SafeBootMin: HelpSvc - Service SafeBootMin: NTDS - File not found SafeBootMin: PCI Configuration - Driver Group SafeBootMin: PNP Filter - Driver Group SafeBootMin: Power - C:\Windows\System32\umpo.dll (Microsoft Corporation) SafeBootMin: Primary disk - Driver Group SafeBootMin: RpcEptMapper - C:\Windows\System32\RpcEpMap.dll (Microsoft Corporation) SafeBootMin: sacsvr - Service SafeBootMin: SCSI Class - Driver Group SafeBootMin: System Bus Extender - Driver Group SafeBootMin: vmms - Service SafeBootMin: WinDefend - C:\Program Files\Windows Defender\mpsvc.dll (Microsoft Corporation) SafeBootMin: {36FC9E60-C465-11CF-8056-444553540000} - Universal Serial Bus controllers SafeBootMin: {4D36E965-E325-11CE-BFC1-08002BE10318} - CD-ROM Drive SafeBootMin: {4D36E967-E325-11CE-BFC1-08002BE10318} - DiskDrive SafeBootMin: {4D36E969-E325-11CE-BFC1-08002BE10318} - Standard floppy disk controller SafeBootMin: {4D36E96A-E325-11CE-BFC1-08002BE10318} - Hdc SafeBootMin: {4D36E96B-E325-11CE-BFC1-08002BE10318} - Keyboard SafeBootMin: {4D36E96F-E325-11CE-BFC1-08002BE10318} - Mouse SafeBootMin: {4D36E977-E325-11CE-BFC1-08002BE10318} - PCMCIA Adapters SafeBootMin: {4D36E97B-E325-11CE-BFC1-08002BE10318} - SCSIAdapter SafeBootMin: {4D36E97D-E325-11CE-BFC1-08002BE10318} - System SafeBootMin: {4D36E980-E325-11CE-BFC1-08002BE10318} - Floppy disk drive SafeBootMin: {533C5B84-EC70-11D2-9505-00C04F79DEAF} - Volume shadow copy SafeBootMin: {6BDD1FC1-810F-11D0-BEC7-08002BE2092F} - IEEE 1394 Bus host controllers SafeBootMin: {71A27CDD-812A-11D0-BEC7-08002BE2092F} - Volume SafeBootMin: {745A17A0-74D3-11D0-B6FE-00A0C90F57DA} - Human Interface Devices SafeBootMin: {D48179BE-EC20-11D1-B6B8-00C04FA372A7} - SBP2 IEEE 1394 Devices SafeBootMin: {D94EE5D8-D189-4994-83D2-F68D7D41B0E6} - SecurityDevices SafeBootNet: Base - Driver Group SafeBootNet: Boot Bus Extender - Driver Group SafeBootNet: Boot file system - Driver Group SafeBootNet: Dhcp - C:\Windows\System32\dhcpcore.dll (Microsoft Corporation) SafeBootNet: File system - Driver Group SafeBootNet: Filter - Driver Group SafeBootNet: HelpSvc - Service SafeBootNet: Messenger - Service SafeBootNet: NDIS Wrapper - Driver Group SafeBootNet: ndiscap - C:\Windows\System32\drivers\ndiscap.sys (Microsoft Corporation) SafeBootNet: NetBIOSGroup - Driver Group SafeBootNet: NetDDEGroup - Driver Group SafeBootNet: Network - Driver Group SafeBootNet: NetworkProvider - Driver Group SafeBootNet: NTDS - File not found SafeBootNet: PCI Configuration - Driver Group SafeBootNet: PNP Filter - Driver Group SafeBootNet: PNP_TDI - Driver Group SafeBootNet: Power - C:\Windows\System32\umpo.dll (Microsoft Corporation) SafeBootNet: Primary disk - Driver Group SafeBootNet: rdsessmgr - Service SafeBootNet: RpcEptMapper - C:\Windows\System32\RpcEpMap.dll (Microsoft Corporation) SafeBootNet: sacsvr - Service SafeBootNet: SCSI Class - Driver Group SafeBootNet: Streams Drivers - Driver Group SafeBootNet: System Bus Extender - Driver Group SafeBootNet: TDI - Driver Group SafeBootNet: vmms - Service SafeBootNet: WinDefend - C:\Program Files\Windows Defender\mpsvc.dll (Microsoft Corporation) SafeBootNet: WudfUsbccidDriver - Driver SafeBootNet: {36FC9E60-C465-11CF-8056-444553540000} - Universal Serial Bus controllers SafeBootNet: {4D36E965-E325-11CE-BFC1-08002BE10318} - CD-ROM Drive SafeBootNet: {4D36E967-E325-11CE-BFC1-08002BE10318} - DiskDrive SafeBootNet: {4D36E969-E325-11CE-BFC1-08002BE10318} - Standard floppy disk controller SafeBootNet: {4D36E96A-E325-11CE-BFC1-08002BE10318} - Hdc SafeBootNet: {4D36E96B-E325-11CE-BFC1-08002BE10318} - Keyboard SafeBootNet: {4D36E96F-E325-11CE-BFC1-08002BE10318} - Mouse SafeBootNet: {4D36E972-E325-11CE-BFC1-08002BE10318} - Net SafeBootNet: {4D36E973-E325-11CE-BFC1-08002BE10318} - NetClient SafeBootNet: {4D36E974-E325-11CE-BFC1-08002BE10318} - NetService SafeBootNet: {4D36E975-E325-11CE-BFC1-08002BE10318} - NetTrans SafeBootNet: {4D36E977-E325-11CE-BFC1-08002BE10318} - PCMCIA Adapters SafeBootNet: {4D36E97B-E325-11CE-BFC1-08002BE10318} - SCSIAdapter SafeBootNet: {4D36E97D-E325-11CE-BFC1-08002BE10318} - System SafeBootNet: {4D36E980-E325-11CE-BFC1-08002BE10318} - Floppy disk drive SafeBootNet: {50DD5230-BA8A-11D1-BF5D-0000F805F530} - Smart card readers SafeBootNet: {533C5B84-EC70-11D2-9505-00C04F79DEAF} - Volume shadow copy SafeBootNet: {6BDD1FC1-810F-11D0-BEC7-08002BE2092F} - IEEE 1394 Bus host controllers SafeBootNet: {71A27CDD-812A-11D0-BEC7-08002BE2092F} - Volume SafeBootNet: {745A17A0-74D3-11D0-B6FE-00A0C90F57DA} - Human Interface Devices SafeBootNet: {D48179BE-EC20-11D1-B6B8-00C04FA372A7} - SBP2 IEEE 1394 Devices SafeBootNet: {D94EE5D8-D189-4994-83D2-F68D7D41B0E6} - SecurityDevices ActiveX: {08B0E5C0-4FCB-11CF-AAA5-00401C608500} - Java (Sun) ActiveX: {22d6f312-b0f6-11d0-94ab-0080c74c7e95} - Microsoft Windows Media Player 12.0 ActiveX: {25FFAAD0-F4A3-4164-95FF-4461E9F35D51} - .NET Framework ActiveX: {2C7339CF-2B09-4501-B3F3-F3508C9228ED} - %SystemRoot%\system32\regsvr32.exe /s /n /i:/UserInstall %SystemRoot%\system32\themeui.dll ActiveX: {3af36230-a269-11d1-b5bf-0000f8051515} - Offline Browsing Pack ActiveX: {3C3901C5-3455-3E0A-A214-0B093A5070A6} - .NET Framework ActiveX: {44BBA840-CC51-11CF-AAFA-00AA00B6015C} - "%ProgramFiles%\Windows Mail\WinMail.exe" OCInstallUserConfigOE ActiveX: {44BBA855-CC51-11CF-AAFA-00AA00B6015F} - DirectDrawEx ActiveX: {45ea75a0-a269-11d1-b5bf-0000f8051515} - Internet Explorer Help ActiveX: {4F12F805-9B17-EB21-4517-868CB5E01A17} - Internet Explorer ActiveX: {4f645220-306d-11d2-995d-00c04f98bbc9} - Microsoft Windows Script 5.6 ActiveX: {5fd399c0-a70a-11d1-9948-00c04f98bbc9} - Internet Explorer Setup Tools ActiveX: {630b1da0-b465-11d1-9948-00c04f98bbc9} - Browsing Enhancements ActiveX: {6BF52A52-394A-11d3-B153-00C04F79FAA6} - Microsoft Windows Media Player ActiveX: {6fab99d0-bab8-11d1-994a-00c04f98bbc9} - MSN Site Access ActiveX: {7790769C-0471-11d2-AF11-00C04FA35D02} - Address Book 7 ActiveX: {7C028AF8-F614-47B3-82DA-BA94E41B1089} - .NET Framework ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4340} - regsvr32.exe /s /n /i:U shell32.dll ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4383} - C:\Windows\System32\ie4uinit.exe -BaseSettings ActiveX: {89B4C1CD-B018-4511-B0A1-5476DBF70820} - C:\Windows\system32\Rundll32.exe C:\Windows\system32\mscories.dll,Install ActiveX: {9381D8F2-0288-11D0-9501-00AA00B911A5} - Dynamic HTML Data Binding ActiveX: {96F0458E-6676-4F8C-4C89-5178C72DC3E7} - Java (Sun) ActiveX: {C9E9A340-D1F1-11D0-821E-444553540600} - Internet Explorer Core Fonts ActiveX: {D27CDB6E-AE6D-11CF-96B8-444553540000} - Macromedia Shockwave Flash ActiveX: {de5aed00-a4bf-11d1-9948-00c04f98bbc9} - HTML Help ActiveX: {E5D12C4E-7B4F-11D3-B5C9-0050045C3C96} - Reg Error: Value error. ActiveX: {E92B03AB-B707-11d2-9CBD-0000F87A369E} - Active Directory Service Interface ActiveX: >{22d6f312-b0f6-11d0-94ab-0080c74c7e95} - %SystemRoot%\system32\unregmp2.exe /ShowWMP ActiveX: >{26923b43-4d38-484f-9b9e-de460746276c} - C:\Windows\System32\ie4uinit.exe -UserIconConfig ActiveX: >{60B49E34-C7CC-11D0-8953-00A0C90347FF} - "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\iedkcs32.dll",BrandIEActiveSetup SIGNUP Drivers32: msacm.ac3acm - C:\Windows\System32\ac3acm.acm (fccHandler) Drivers32: msacm.l3acm - C:\Windows\System32\l3codeca.acm (Fraunhofer Institut Integrierte Schaltungen IIS) Drivers32: msacm.lameacm - C:\Windows\System32\lameACM.acm (hxxp://www.mp3dev.org/) Drivers32: MSVideo8 - C:\Windows\System32\vfwwdm32.dll (Microsoft Corporation) Drivers32: vidc.cvid - C:\Windows\System32\iccvid.dll (Radius Inc.) Drivers32: VIDC.DIVX - C:\Windows\System32\divx.dll (DivX, Inc.) Drivers32: VIDC.FFDS - C:\Windows\System32\ff_vfw.dll () Drivers32: VIDC.FPS1 - C:\Windows\System32\frapsvid.dll (Beepa P/L) Drivers32: vidc.iv31 - C:\Windows\System32\ir32_32.dll (Intel(R) Corporation) Drivers32: vidc.iv32 - C:\Windows\System32\ir32_32.dll (Intel(R) Corporation) Drivers32: VIDC.XVID - C:\Windows\System32\xvidvfw.dll () Drivers32: VIDC.YV12 - C:\Windows\System32\yv12vfw.dll (www.helixcommunity.org) Drivers32: VIDC.YVU9 - C:\Windows\System32\Iyvu9_32.dll () ========== Files/Folders - Created Within 30 Days ========== [2010.10.31 15:00:57 | 000,000,000 | ---D | C] -- C:\31.10.2010 [2010.10.31 15:00:26 | 000,000,000 | ---D | C] -- C:\Program Files\ERUNT [2010.10.31 14:51:28 | 000,000,000 | ---D | C] -- C:\Users\Public\Desktop\MFtools [2010.10.31 14:36:40 | 000,000,000 | ---D | C] -- C:\Users\Wennto\AppData\Roaming\Uniblue [2010.10.31 00:01:46 | 000,000,000 | ---D | C] -- C:\Users\Wennto\AppData\Roaming\Malwarebytes [2010.10.31 00:01:35 | 000,038,224 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbamswissarmy.sys [2010.10.31 00:01:34 | 000,020,952 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbam.sys [2010.10.31 00:01:34 | 000,000,000 | ---D | C] -- C:\Program Files\Malwarebytes' Anti-Malware [2010.10.31 00:01:34 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes [2010.10.30 14:32:46 | 000,000,000 | ---D | C] -- C:\OBLIVION CLEAN [2010.10.30 12:40:13 | 000,000,000 | ---D | C] -- C:\Users\Wennto\Documents\FXpansion [2010.10.30 01:36:35 | 000,000,000 | ---D | C] -- C:\Program Files\FXpansion [2010.10.28 16:32:16 | 000,097,248 | ---- | C] (Acronis) -- C:\Windows\System32\drivers\snapman.sys [2010.10.27 09:14:59 | 000,641,536 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\CPFilters.dll [2010.10.27 09:14:59 | 000,417,792 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msdri.dll [2010.10.27 09:14:59 | 000,204,288 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\MSNP.ax [2010.10.27 09:14:59 | 000,199,680 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mpg2splt.ax [2010.10.27 09:14:58 | 000,026,504 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\drivers\Diskdump.sys [2010.10.26 12:02:27 | 000,000,000 | ---D | C] -- C:\Users\Public\Documents\iwin [2010.10.26 12:01:06 | 000,000,000 | ---D | C] -- C:\Users\Public\Documents\JewelQuestHeritage [2010.10.22 21:31:34 | 000,000,000 | -HSD | C] -- C:\found.000 [2010.10.21 17:08:25 | 000,000,000 | ---D | C] -- C:\Users\Wennto\AppData\Local\oblivion [2010.10.21 14:24:58 | 000,000,000 | ---D | C] -- C:\Users\Wennto\AppData\Local\FalloutNV [2010.10.20 14:42:27 | 000,000,000 | ---D | C] -- C:\ProgramData\TEMP [2010.10.20 14:42:27 | 000,000,000 | ---D | C] -- C:\Users\Wennto\AppData\Roaming\ERS G-Studio [2010.10.20 00:08:27 | 000,000,000 | ---D | C] -- C:\Program Files\ABC Amber Audio Converter [2010.10.20 00:05:28 | 000,000,000 | ---D | C] -- C:\Program Files\Mp3 File Editor [2010.10.18 13:47:06 | 000,000,000 | ---D | C] -- C:\Users\Wennto\Documents\ArcaniA - Gothic 4 [2010.10.18 00:21:34 | 000,000,000 | ---D | C] -- C:\Users\Wennto\dwhelper [2010.10.16 22:11:19 | 000,000,000 | ---D | C] -- C:\ProgramData\Google [2010.10.16 15:06:04 | 000,000,000 | ---D | C] -- C:\Users\Wennto\AppData\Local\Google [2010.10.16 15:06:03 | 000,000,000 | ---D | C] -- C:\Program Files\Google [2010.10.16 12:45:24 | 000,000,000 | ---D | C] -- C:\ProgramData\Playrix Entertainment [2010.10.16 12:41:47 | 000,000,000 | ---D | C] -- C:\Users\Wennto\AppData\Roaming\URSE Games [2010.10.16 12:39:26 | 000,000,000 | ---D | C] -- C:\Users\Wennto\AppData\Roaming\SecretsOfOlympus [2010.10.15 15:44:37 | 000,000,000 | ---D | C] -- C:\Users\Wennto\AppData\Roaming\GAMEON [2010.10.15 15:42:08 | 000,000,000 | ---D | C] -- C:\ProgramData\Zylom [2010.10.13 15:00:48 | 000,000,000 | ---D | C] -- C:\ProgramData\MumboJumbo [2010.10.13 11:31:28 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\ATI Technologies [2010.10.13 11:30:55 | 000,000,000 | ---D | C] -- C:\Program Files\ATI Technologies [2010.10.13 11:30:51 | 000,000,000 | ---D | C] -- C:\Program Files\ATI [2010.10.13 10:08:17 | 002,327,552 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\win32k.sys [2010.10.13 10:08:16 | 000,109,056 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\t2embed.dll [2010.10.13 10:08:13 | 001,638,912 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mshtml.tlb [2010.10.13 10:08:13 | 000,606,208 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mstime.dll [2010.10.13 10:08:13 | 000,599,040 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msfeeds.dll [2010.10.13 10:08:13 | 000,386,048 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\html.iec [2010.10.13 10:08:13 | 000,381,440 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\iedkcs32.dll [2010.10.13 10:08:13 | 000,185,856 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\iepeers.dll [2010.10.13 10:08:13 | 000,176,640 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ieui.dll [2010.10.13 10:08:13 | 000,064,512 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msfeedsbs.dll [2010.10.13 10:08:13 | 000,048,128 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\jsproxy.dll [2010.10.13 10:08:13 | 000,044,544 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\licmgr10.dll [2010.10.13 10:08:13 | 000,012,800 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msfeedssync.exe [2010.10.13 10:08:10 | 012,625,408 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\wmploc.DLL [2010.10.13 10:08:04 | 000,954,752 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mfc40.dll [2010.10.13 10:08:04 | 000,954,288 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mfc40u.dll [2010.10.13 10:08:03 | 000,738,816 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\wmpmde.dll [2010.10.13 10:07:11 | 000,363,520 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\StructuredQuery.dll [2010.10.12 14:13:23 | 000,000,000 | ---D | C] -- C:\Users\Wennto\AppData\Local\STARGAZE_IMAGE_CACHE [2010.10.12 14:13:23 | 000,000,000 | ---D | C] -- C:\ProgramData\Alawar Stargaze [2010.10.12 14:12:45 | 000,000,000 | ---D | C] -- C:\Program Files\Alawar [2010.10.12 11:13:21 | 000,000,000 | ---D | C] -- C:\Program Files\SystemRequirementsLab [2010.10.12 00:41:57 | 000,000,000 | ---D | C] -- C:\Users\Wennto\AppData\Roaming\The Creative Assembly [2010.10.11 21:32:58 | 000,000,000 | ---D | C] -- C:\Users\Wennto\AppData\Local\Zylom Games [2010.10.11 21:25:48 | 000,000,000 | ---D | C] -- C:\ProgramData\PopCap Games [2010.10.11 21:25:16 | 000,000,000 | ---D | C] -- C:\Users\Wennto\AppData\Roaming\Zylom [2010.10.10 10:30:23 | 000,000,000 | ---D | C] -- C:\Users\Wennto\AppData\Local\Risen [2010.10.07 15:08:11 | 000,000,000 | ---D | C] -- C:\Users\Wennto\AppData\Local\EA Games [2010.10.07 15:05:48 | 000,000,000 | ---D | C] -- C:\Users\Wennto\Documents\EA Games [2010.10.07 14:41:48 | 000,000,000 | ---D | C] -- C:\Program Files\NVIDIA Corporation [2010.10.05 16:15:14 | 000,000,000 | ---D | C] -- C:\Users\Wennto\Documents\gothic3 [2010.10.04 16:09:33 | 000,016,400 | ---- | C] (Logitech, Inc.) -- C:\Windows\System32\drivers\LNonPnP.sys [2010.10.04 16:08:53 | 000,000,000 | ---D | C] -- C:\Users\Public\Documents\LogiShrd [2010.10.04 16:08:41 | 000,000,000 | ---D | C] -- C:\ProgramData\Logishrd [2010.10.04 16:08:30 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\LogiShrd [2010.10.04 16:08:22 | 000,000,000 | ---D | C] -- C:\Users\Wennto\AppData\Roaming\Logitech [2010.10.04 16:08:22 | 000,000,000 | ---D | C] -- C:\Users\Wennto\AppData\Roaming\Logishrd [2010.10.02 19:14:14 | 000,000,000 | ---D | C] -- C:\Windows\System32\oodag [2010.10.02 19:09:16 | 000,000,000 | ---D | C] -- C:\Users\Wennto\AppData\Local\O&O [2010.10.02 19:08:49 | 000,000,000 | ---D | C] -- C:\Program Files\OO Software [2010.10.02 10:57:03 | 000,000,000 | ---D | C] -- C:\Users\Wennto\Documents\My Drivers [2010.10.02 10:57:03 | 000,000,000 | ---D | C] -- C:\Users\Wennto\AppData\Local\Innovative Solutions [2010.10.02 10:57:03 | 000,000,000 | ---D | C] -- C:\ProgramData\Innovative Solutions [2010.10.02 10:47:41 | 000,000,000 | ---D | C] -- C:\Users\Wennto\Documents\DriverGenius [2010.10.02 09:32:46 | 000,000,000 | ---D | C] -- C:\ProgramData\SEGA Corporation [1 C:\Users\Wennto\AppData\Local\*.tmp files -> C:\Users\Wennto\AppData\Local\*.tmp -> ] ========== Files - Modified Within 30 Days ========== [2010.10.31 16:33:35 | 000,653,928 | ---- | M] () -- C:\Windows\System32\perfh007.dat [2010.10.31 16:33:35 | 000,615,810 | ---- | M] () -- C:\Windows\System32\perfh009.dat [2010.10.31 16:33:35 | 000,129,800 | ---- | M] () -- C:\Windows\System32\perfc007.dat [2010.10.31 16:33:35 | 000,106,190 | ---- | M] () -- C:\Windows\System32\perfc009.dat [2010.10.31 16:32:21 | 000,014,016 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0 [2010.10.31 16:32:21 | 000,014,016 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0 [2010.10.31 16:27:17 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat [2010.10.31 16:27:14 | 000,065,352 | ---- | M] () -- C:\Windows\System32\oodbs.lor [2010.10.31 01:08:12 | 000,000,023 | ---- | M] () -- C:\Windows\BlendSettings.ini [2010.10.31 00:01:38 | 000,000,983 | ---- | M] () -- C:\Users\Public\Desktop\Malwarebytes' Anti-Malware.lnk [2010.10.28 16:32:16 | 000,097,248 | ---- | M] (Acronis) -- C:\Windows\System32\drivers\snapman.sys [2010.10.21 03:32:32 | 000,000,666 | ---- | M] () -- C:\Users\Wennto\Desktop\DOWNLOADS - Verknüpfung.lnk [2010.10.20 00:08:28 | 000,001,044 | ---- | M] () -- C:\Users\Wennto\Desktop\ABC Amber Audio Converter.lnk [2010.10.19 22:28:52 | 000,109,080 | ---- | M] (Portions (C) Creative Labs Inc. and NVIDIA Corp.) -- C:\Windows\System32\OpenAL32.dll [2010.10.19 10:41:44 | 000,222,080 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\MpSigStub.exe [2010.10.17 00:42:14 | 000,004,096 | ---- | M] () -- C:\Windows\d3dx.dat [2010.10.15 22:00:15 | 000,007,604 | ---- | M] () -- C:\Users\Wennto\AppData\Local\Resmon.ResmonCfg [2010.10.13 11:29:00 | 002,567,032 | ---- | M] () -- C:\Windows\System32\FNTCACHE.DAT [2010.10.04 16:09:33 | 000,016,400 | ---- | M] (Logitech, Inc.) -- C:\Windows\System32\drivers\LNonPnP.sys [2010.10.02 17:33:58 | 000,000,109 | ---- | M] () -- C:\Windows\disney.ini [1 C:\Users\Wennto\AppData\Local\*.tmp files -> C:\Users\Wennto\AppData\Local\*.tmp -> ] ========== Files Created - No Company Name ========== [2010.10.31 00:01:38 | 000,000,983 | ---- | C] () -- C:\Users\Public\Desktop\Malwarebytes' Anti-Malware.lnk [2010.10.29 12:20:49 | 000,000,023 | ---- | C] () -- C:\Windows\BlendSettings.ini [2010.10.21 03:32:32 | 000,000,666 | ---- | C] () -- C:\Users\Wennto\Desktop\DOWNLOADS - Verknüpfung.lnk [2010.10.20 00:08:28 | 000,001,044 | ---- | C] () -- C:\Users\Wennto\Desktop\ABC Amber Audio Converter.lnk [2010.10.17 00:42:14 | 000,004,096 | ---- | C] () -- C:\Windows\d3dx.dat [2010.10.06 15:57:51 | 000,040,960 | R--- | C] () -- C:\Windows\System32\psfind.dll [2010.10.03 11:43:02 | 000,065,352 | ---- | C] () -- C:\Windows\System32\oodbs.lor [2010.10.01 19:27:32 | 000,000,109 | ---- | C] () -- C:\Windows\disney.ini [2010.09.29 08:10:59 | 000,000,000 | ---- | C] () -- C:\Users\Wennto\AppData\Roaming\chrtmp [2010.09.24 11:09:06 | 000,000,004 | ---- | C] () -- C:\ProgramData\sysid100.dat [2010.09.12 14:49:43 | 000,281,760 | ---- | C] () -- C:\Windows\System32\drivers\atksgt.sys [2010.09.12 14:49:42 | 000,025,888 | ---- | C] () -- C:\Windows\System32\drivers\lirsgt.sys [2010.08.06 16:08:56 | 000,178,176 | ---- | C] () -- C:\Windows\System32\unrar.dll [2010.08.06 16:08:55 | 000,000,038 | ---- | C] () -- C:\Windows\avisplitter.ini [2010.08.06 16:08:54 | 003,596,288 | ---- | C] () -- C:\Windows\System32\qt-dx331.dll [2010.08.06 16:08:54 | 000,881,664 | ---- | C] () -- C:\Windows\System32\xvidcore.dll [2010.08.06 16:08:54 | 000,205,824 | ---- | C] () -- C:\Windows\System32\xvidvfw.dll [2010.08.06 16:08:53 | 000,085,504 | ---- | C] () -- C:\Windows\System32\ff_vfw.dll [2010.08.04 14:21:52 | 000,000,088 | RHS- | C] () -- C:\ProgramData\1D916D85EC.sys [2010.08.04 14:21:51 | 000,005,642 | -HS- | C] () -- C:\ProgramData\KGyGaAvL.sys [2010.08.03 16:34:23 | 000,000,103 | ---- | C] () -- C:\Windows\canopus.ini [2010.08.03 15:21:15 | 000,056,832 | ---- | C] () -- C:\Windows\System32\Iyvu9_32.dll [2010.08.03 15:12:19 | 000,000,022 | ---- | C] () -- C:\Windows\ULEAD32.INI [2010.08.03 15:12:19 | 000,000,014 | ---- | C] () -- C:\Windows\dswplug.ini [2010.08.02 15:51:30 | 000,007,604 | ---- | C] () -- C:\Users\Wennto\AppData\Local\Resmon.ResmonCfg [2010.08.02 13:49:44 | 000,002,961 | ---- | C] () -- C:\Program Files\INSTALL.LOG [2010.08.02 13:49:42 | 000,890,953 | ---- | C] () -- C:\Windows\HSC_sq4.ini [2010.08.01 12:45:49 | 000,016,472 | ---- | C] () -- C:\Windows\System32\pwdrvio.sys [2010.08.01 12:45:49 | 000,011,104 | ---- | C] () -- C:\Windows\System32\pwdspio.sys [2010.07.31 16:59:54 | 000,002,892 | ---- | C] () -- C:\Windows\System32\audcon.sys [2010.07.30 17:26:00 | 000,721,904 | ---- | C] () -- C:\Windows\System32\drivers\sptd.sys [2010.06.20 16:00:00 | 002,761,119 | ---- | C] () -- C:\Windows\System32\Melodyne editor.dll [2010.04.02 16:17:34 | 000,179,091 | ---- | C] () -- C:\Windows\System32\xlive.dll.cat [2009.07.14 00:51:43 | 000,073,728 | ---- | C] () -- C:\Windows\System32\BthpanContextHandler.dll [2009.07.14 00:42:10 | 000,064,000 | ---- | C] () -- C:\Windows\System32\BWContextHandler.dll ========== LOP Check ========== [2010.08.02 21:15:02 | 000,000,000 | ---D | M] -- C:\Users\Wennto\AppData\Roaming\Alien Skin [2010.07.30 23:26:28 | 000,000,000 | ---D | M] -- C:\Users\Wennto\AppData\Roaming\ASK Video [2010.07.30 23:33:47 | 000,000,000 | ---D | M] -- C:\Users\Wennto\AppData\Roaming\Bandoo [2010.10.20 00:48:43 | 000,000,000 | ---D | M] -- C:\Users\Wennto\AppData\Roaming\Celemony Software GmbH [2010.07.30 17:29:10 | 000,000,000 | ---D | M] -- C:\Users\Wennto\AppData\Roaming\DAEMON Tools Lite [2010.07.30 17:25:18 | 000,000,000 | ---D | M] -- C:\Users\Wennto\AppData\Roaming\DAEMON Tools Pro [2010.10.20 14:42:27 | 000,000,000 | ---D | M] -- C:\Users\Wennto\AppData\Roaming\ERS G-Studio [2010.08.01 15:12:59 | 000,000,000 | ---D | M] -- C:\Users\Wennto\AppData\Roaming\FXpansion [2010.10.15 15:44:37 | 000,000,000 | ---D | M] -- C:\Users\Wennto\AppData\Roaming\GAMEON [2010.09.13 17:54:14 | 000,000,000 | ---D | M] -- C:\Users\Wennto\AppData\Roaming\GHISLER [2010.10.27 16:30:31 | 000,000,000 | ---D | M] -- C:\Users\Wennto\AppData\Roaming\ICQ [2010.08.02 03:19:21 | 000,000,000 | ---D | M] -- C:\Users\Wennto\AppData\Roaming\Imagenomic [2010.09.23 11:13:03 | 000,000,000 | ---D | M] -- C:\Users\Wennto\AppData\Roaming\iZotope [2010.09.12 14:03:47 | 000,000,000 | ---D | M] -- C:\Users\Wennto\AppData\Roaming\Leadertech [2010.09.12 17:35:21 | 000,000,000 | ---D | M] -- C:\Users\Wennto\AppData\Roaming\MCMPEGEnc [2010.09.25 12:35:07 | 000,000,000 | ---D | M] -- C:\Users\Wennto\AppData\Roaming\MP3Find [2010.07.31 12:30:12 | 000,000,000 | ---D | M] -- C:\Users\Wennto\AppData\Roaming\Mp3tag [2010.08.02 21:12:55 | 000,000,000 | ---D | M] -- C:\Users\Wennto\AppData\Roaming\Nik Software [2010.08.02 13:34:09 | 000,000,000 | ---D | M] -- C:\Users\Wennto\AppData\Roaming\onOne Software [2010.09.17 13:54:56 | 000,000,000 | ---D | M] -- C:\Users\Wennto\AppData\Roaming\runic games [2010.10.16 12:39:43 | 000,000,000 | ---D | M] -- C:\Users\Wennto\AppData\Roaming\SecretsOfOlympus [2010.07.31 16:56:15 | 000,000,000 | ---D | M] -- C:\Users\Wennto\AppData\Roaming\Steinberg [2010.10.12 00:41:57 | 000,000,000 | ---D | M] -- C:\Users\Wennto\AppData\Roaming\The Creative Assembly [2010.07.31 15:40:04 | 000,000,000 | ---D | M] -- C:\Users\Wennto\AppData\Roaming\Thunderbird [2010.08.02 20:11:20 | 000,000,000 | ---D | M] -- C:\Users\Wennto\AppData\Roaming\Tropico 3 [2010.09.07 21:01:47 | 000,000,000 | ---D | M] -- C:\Users\Wennto\AppData\Roaming\TuneUp Software [2010.10.30 12:28:01 | 000,000,000 | ---D | M] -- C:\Users\Wennto\AppData\Roaming\TV-Browser [2010.09.13 09:29:56 | 000,000,000 | ---D | M] -- C:\Users\Wennto\AppData\Roaming\Ubisoft [2010.09.24 23:29:31 | 000,000,000 | ---D | M] -- C:\Users\Wennto\AppData\Roaming\Ulead Systems [2010.10.31 14:36:40 | 000,000,000 | ---D | M] -- C:\Users\Wennto\AppData\Roaming\Uniblue [2010.10.16 12:41:47 | 000,000,000 | ---D | M] -- C:\Users\Wennto\AppData\Roaming\URSE Games [2010.08.06 12:35:11 | 000,000,000 | ---D | M] -- C:\Users\Wennto\AppData\Roaming\Verbindungsassistent [2010.07.31 17:00:55 | 000,000,000 | ---D | M] -- C:\Users\Wennto\AppData\Roaming\Waldorf [2010.08.01 13:59:08 | 000,000,000 | ---D | M] -- C:\Users\Wennto\AppData\Roaming\Waves Audio [2010.08.01 14:04:59 | 000,000,000 | ---D | M] -- C:\Users\Wennto\AppData\Roaming\Waves Preferences [2010.08.06 13:03:24 | 000,000,000 | ---D | M] -- C:\Users\Wennto\AppData\Roaming\XWindows Dock [2010.10.15 15:48:34 | 000,000,000 | ---D | M] -- C:\Users\Wennto\AppData\Roaming\Zylom [2010.10.31 14:53:25 | 000,032,630 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT ========== Purity Check ========== ========== Custom Scans ========== < %ALLUSERSPROFILE%\Application Data\*. > < %ALLUSERSPROFILE%\Application Data\*.exe /s > < %APPDATA%\*. > [2010.09.09 14:44:28 | 000,000,000 | ---D | M] -- C:\Users\Wennto\AppData\Roaming\Adobe [2010.08.02 21:15:02 | 000,000,000 | ---D | M] -- C:\Users\Wennto\AppData\Roaming\Alien Skin [2010.07.30 23:26:28 | 000,000,000 | ---D | M] -- C:\Users\Wennto\AppData\Roaming\ASK Video [2010.09.12 18:15:44 | 000,000,000 | ---D | M] -- C:\Users\Wennto\AppData\Roaming\ATI [2010.08.06 11:34:42 | 000,000,000 | ---D | M] -- C:\Users\Wennto\AppData\Roaming\Avira [2010.07.30 23:33:47 | 000,000,000 | ---D | M] -- C:\Users\Wennto\AppData\Roaming\Bandoo [2010.10.20 00:48:43 | 000,000,000 | ---D | M] -- C:\Users\Wennto\AppData\Roaming\Celemony Software GmbH [2010.09.24 23:29:16 | 000,000,000 | ---D | M] -- C:\Users\Wennto\AppData\Roaming\Corel [2010.07.30 17:29:10 | 000,000,000 | ---D | M] -- C:\Users\Wennto\AppData\Roaming\DAEMON Tools Lite [2010.07.30 17:25:18 | 000,000,000 | ---D | M] -- C:\Users\Wennto\AppData\Roaming\DAEMON Tools Pro [2010.10.27 17:01:01 | 000,000,000 | ---D | M] -- C:\Users\Wennto\AppData\Roaming\dvdcss [2010.10.20 14:42:27 | 000,000,000 | ---D | M] -- C:\Users\Wennto\AppData\Roaming\ERS G-Studio [2010.08.01 15:12:59 | 000,000,000 | ---D | M] -- C:\Users\Wennto\AppData\Roaming\FXpansion [2010.10.15 15:44:37 | 000,000,000 | ---D | M] -- C:\Users\Wennto\AppData\Roaming\GAMEON [2010.09.13 17:54:14 | 000,000,000 | ---D | M] -- C:\Users\Wennto\AppData\Roaming\GHISLER [2010.10.27 16:30:31 | 000,000,000 | ---D | M] -- C:\Users\Wennto\AppData\Roaming\ICQ [2010.10.15 15:48:34 | 000,000,000 | ---D | M] -- C:\Users\Wennto\AppData\Roaming\Identities [2010.08.02 03:19:21 | 000,000,000 | ---D | M] -- C:\Users\Wennto\AppData\Roaming\Imagenomic [2010.08.01 15:05:04 | 000,000,000 | ---D | M] -- C:\Users\Wennto\AppData\Roaming\InstallShield [2010.09.21 09:48:17 | 000,000,000 | ---D | M] -- C:\Users\Wennto\AppData\Roaming\InstallShield Installation Information [2010.09.23 11:13:03 | 000,000,000 | ---D | M] -- C:\Users\Wennto\AppData\Roaming\iZotope [2010.09.12 14:03:47 | 000,000,000 | ---D | M] -- C:\Users\Wennto\AppData\Roaming\Leadertech [2010.10.04 16:08:30 | 000,000,000 | ---D | M] -- C:\Users\Wennto\AppData\Roaming\Logishrd [2010.10.04 16:09:54 | 000,000,000 | ---D | M] -- C:\Users\Wennto\AppData\Roaming\Logitech [2010.07.30 17:05:37 | 000,000,000 | ---D | M] -- C:\Users\Wennto\AppData\Roaming\Macromedia [2010.10.31 00:01:46 | 000,000,000 | ---D | M] -- C:\Users\Wennto\AppData\Roaming\Malwarebytes [2010.09.12 17:35:21 | 000,000,000 | ---D | M] -- C:\Users\Wennto\AppData\Roaming\MCMPEGEnc [2009.07.14 09:56:41 | 000,000,000 | ---D | M] -- C:\Users\Wennto\AppData\Roaming\Media Center Programs [2010.10.31 15:39:20 | 000,000,000 | --SD | M] -- C:\Users\Wennto\AppData\Roaming\Microsoft [2010.07.30 23:34:21 | 000,000,000 | ---D | M] -- C:\Users\Wennto\AppData\Roaming\Mozilla [2010.09.25 12:35:07 | 000,000,000 | ---D | M] -- C:\Users\Wennto\AppData\Roaming\MP3Find [2010.07.31 12:30:12 | 000,000,000 | ---D | M] -- C:\Users\Wennto\AppData\Roaming\Mp3tag [2010.08.02 21:12:55 | 000,000,000 | ---D | M] -- C:\Users\Wennto\AppData\Roaming\Nik Software [2010.08.02 13:34:09 | 000,000,000 | ---D | M] -- C:\Users\Wennto\AppData\Roaming\onOne Software [2010.09.17 13:54:56 | 000,000,000 | ---D | M] -- C:\Users\Wennto\AppData\Roaming\runic games [2010.10.16 12:39:43 | 000,000,000 | ---D | M] -- C:\Users\Wennto\AppData\Roaming\SecretsOfOlympus [2010.09.07 19:11:54 | 000,000,000 | R--D | M] -- C:\Users\Wennto\AppData\Roaming\SecuROM [2010.07.31 16:56:15 | 000,000,000 | ---D | M] -- C:\Users\Wennto\AppData\Roaming\Steinberg [2010.10.12 00:41:57 | 000,000,000 | ---D | M] -- C:\Users\Wennto\AppData\Roaming\The Creative Assembly [2010.07.31 15:40:04 | 000,000,000 | ---D | M] -- C:\Users\Wennto\AppData\Roaming\Thunderbird [2010.08.02 20:11:20 | 000,000,000 | ---D | M] -- C:\Users\Wennto\AppData\Roaming\Tropico 3 [2010.09.07 21:01:47 | 000,000,000 | ---D | M] -- C:\Users\Wennto\AppData\Roaming\TuneUp Software [2010.10.30 12:28:01 | 000,000,000 | ---D | M] -- C:\Users\Wennto\AppData\Roaming\TV-Browser [2010.09.13 09:29:56 | 000,000,000 | ---D | M] -- C:\Users\Wennto\AppData\Roaming\Ubisoft [2010.09.24 23:29:31 | 000,000,000 | ---D | M] -- C:\Users\Wennto\AppData\Roaming\Ulead Systems [2010.10.31 14:36:40 | 000,000,000 | ---D | M] -- C:\Users\Wennto\AppData\Roaming\Uniblue [2010.10.16 12:41:47 | 000,000,000 | ---D | M] -- C:\Users\Wennto\AppData\Roaming\URSE Games [2010.08.06 12:35:11 | 000,000,000 | ---D | M] -- C:\Users\Wennto\AppData\Roaming\Verbindungsassistent [2010.10.30 16:42:03 | 000,000,000 | ---D | M] -- C:\Users\Wennto\AppData\Roaming\vlc [2010.07.31 17:00:55 | 000,000,000 | ---D | M] -- C:\Users\Wennto\AppData\Roaming\Waldorf [2010.08.01 13:59:08 | 000,000,000 | ---D | M] -- C:\Users\Wennto\AppData\Roaming\Waves Audio [2010.08.01 14:04:59 | 000,000,000 | ---D | M] -- C:\Users\Wennto\AppData\Roaming\Waves Preferences [2010.07.30 19:36:50 | 000,000,000 | ---D | M] -- C:\Users\Wennto\AppData\Roaming\WinRAR [2010.08.06 13:03:24 | 000,000,000 | ---D | M] -- C:\Users\Wennto\AppData\Roaming\XWindows Dock [2010.07.30 22:05:52 | 000,000,000 | ---D | M] -- C:\Users\Wennto\AppData\Roaming\Yahoo! [2010.10.15 15:48:34 | 000,000,000 | ---D | M] -- C:\Users\Wennto\AppData\Roaming\Zylom < %APPDATA%\*.exe /s > [2010.09.21 09:44:05 | 000,331,776 | ---- | M] (Epic Games ) -- C:\Users\Wennto\AppData\Roaming\InstallShield Installation Information\{6530FDAA-5B1F-4830-95BB-650E9804D239}\setup.exe [2010.10.31 15:39:20 | 000,093,696 | ---- | M] () -- C:\Users\Wennto\AppData\Roaming\Microsoft\svchost.exe [2010.10.04 16:09:48 | 000,053,248 | R--- | M] (Acresso Software Inc.) -- C:\Users\Wennto\AppData\Roaming\Microsoft\Installer\{3EE9BCAE-E9A9-45E5-9B1C-83A4D357E05C}\ARPPRODUCTICON.exe [2010.07.30 17:36:28 | 000,010,134 | R--- | M] () -- C:\Users\Wennto\AppData\Roaming\Microsoft\Installer\{9FD6F1A8-5550-46AF-8509-271DF0E768B5}\ARPPRODUCTICON.exe [2010.10.31 16:25:46 | 000,118,272 | ---- | M] () -- C:\Users\Wennto\AppData\Roaming\Microsoft\Windows\shell.exe < %SYSTEMDRIVE%\*.exe > < MD5 for: AGP440.SYS > [2009.07.14 02:26:15 | 000,053,312 | ---- | M] (Microsoft Corporation) MD5=507812C3054C21CEF746B6EE3D04DD6E -- C:\Windows\System32\drivers\AGP440.sys [2009.07.14 02:26:15 | 000,053,312 | ---- | M] (Microsoft Corporation) MD5=507812C3054C21CEF746B6EE3D04DD6E -- C:\Windows\System32\DriverStore\FileRepository\machine.inf_x86_neutral_65848c2d7375a720\AGP440.sys [2009.07.14 02:26:15 | 000,053,312 | ---- | M] (Microsoft Corporation) MD5=507812C3054C21CEF746B6EE3D04DD6E -- C:\Windows\winsxs\x86_machine.inf_31bf3856ad364e35_6.1.7600.16385_none_b9e9435f20046eeb\AGP440.sys < MD5 for: ATAPI.SYS > [2009.07.14 02:26:15 | 000,021,584 | ---- | M] (Microsoft Corporation) MD5=338C86357871C167A96AB976519BF59E -- C:\Windows\System32\drivers\atapi.sys [2009.07.14 02:26:15 | 000,021,584 | ---- | M] (Microsoft Corporation) MD5=338C86357871C167A96AB976519BF59E -- C:\Windows\System32\DriverStore\FileRepository\mshdc.inf_x86_neutral_f64b9c35a3a5be81\atapi.sys [2009.07.14 02:26:15 | 000,021,584 | ---- | M] (Microsoft Corporation) MD5=338C86357871C167A96AB976519BF59E -- C:\Windows\winsxs\x86_mshdc.inf_31bf3856ad364e35_6.1.7600.16385_none_dd0e7e3d82dd640d\atapi.sys < MD5 for: CNGAUDIT.DLL > [2009.07.14 02:15:06 | 000,012,288 | ---- | M] (Microsoft Corporation) MD5=50BA656134F78AF64E4DD3C8B6FEFD7E -- C:\Windows\System32\cngaudit.dll [2009.07.14 02:15:06 | 000,012,288 | ---- | M] (Microsoft Corporation) MD5=50BA656134F78AF64E4DD3C8B6FEFD7E -- C:\Windows\winsxs\x86_microsoft-windows-cngaudit-dll_31bf3856ad364e35_6.1.7600.16385_none_e83a414890e8132b\cngaudit.dll < MD5 for: EXPLORER.EXE > [2009.07.14 02:14:20 | 002,613,248 | ---- | M] (Microsoft Corporation) MD5=15BC38A7492BEFE831966ADB477CF76F -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16385_none_518afd35db100430\explorer.exe [2009.10.31 06:45:39 | 002,614,272 | ---- | M] (Microsoft Corporation) MD5=2626FC9755BE22F805D3CFA0CE3EE727 -- C:\Windows\explorer.exe [2009.10.31 06:45:39 | 002,614,272 | ---- | M] (Microsoft Corporation) MD5=2626FC9755BE22F805D3CFA0CE3EE727 -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16450_none_51a66d6ddafc2ed1\explorer.exe [2009.08.03 06:49:47 | 002,613,248 | ---- | M] (Microsoft Corporation) MD5=9FF6C4C91A3711C0A3B18F87B08B518D -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.20500_none_526619d4f3f142e6\explorer.exe [2009.08.03 06:35:50 | 002,613,248 | ---- | M] (Microsoft Corporation) MD5=B95EEB0F4E5EFBF1038A35B3351CF047 -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16404_none_51e07e31dad00878\explorer.exe [2009.10.31 07:00:51 | 002,614,272 | ---- | M] (Microsoft Corporation) MD5=C76153C7ECA00FA852BB0C193378F917 -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.20563_none_52283b2af41f3691\explorer.exe < MD5 for: IASTORV.SYS > [2009.07.14 02:20:36 | 000,332,352 | ---- | M] (Intel Corporation) MD5=934AF4D7C5F457B9F0743F4299B77B67 -- C:\Windows\System32\drivers\iaStorV.sys [2009.07.14 02:20:36 | 000,332,352 | ---- | M] (Intel Corporation) MD5=934AF4D7C5F457B9F0743F4299B77B67 -- C:\Windows\System32\DriverStore\FileRepository\iastorv.inf_x86_neutral_18cccb83b34e1453\iaStorV.sys [2009.07.14 02:20:36 | 000,332,352 | ---- | M] (Intel Corporation) MD5=934AF4D7C5F457B9F0743F4299B77B67 -- C:\Windows\winsxs\x86_iastorv.inf_31bf3856ad364e35_6.1.7600.16385_none_aee7a89be91b9000\iaStorV.sys < MD5 for: NETLOGON.DLL > [2009.07.14 02:16:02 | 000,563,712 | ---- | M] (Microsoft Corporation) MD5=EAA75D9000B71F10EEC04D2AE6C60E81 -- C:\Windows\System32\netlogon.dll [2009.07.14 02:16:02 | 000,563,712 | ---- | M] (Microsoft Corporation) MD5=EAA75D9000B71F10EEC04D2AE6C60E81 -- C:\Windows\winsxs\x86_microsoft-windows-security-netlogon_31bf3856ad364e35_6.1.7600.16385_none_fd8e0d66994d7dc8\netlogon.dll < MD5 for: NVSTOR.SYS > [2009.07.14 02:20:44 | 000,142,416 | ---- | M] (NVIDIA Corporation) MD5=C99F251A5DE63C6F129CF71933ACED0F -- C:\Windows\System32\drivers\nvstor.sys [2009.07.14 02:20:44 | 000,142,416 | ---- | M] (NVIDIA Corporation) MD5=C99F251A5DE63C6F129CF71933ACED0F -- C:\Windows\System32\DriverStore\FileRepository\nvraid.inf_x86_neutral_5bde3fe2945bce9e\nvstor.sys [2009.07.14 02:20:44 | 000,142,416 | ---- | M] (NVIDIA Corporation) MD5=C99F251A5DE63C6F129CF71933ACED0F -- C:\Windows\winsxs\x86_nvraid.inf_31bf3856ad364e35_6.1.7600.16385_none_39b1194b205239d8\nvstor.sys < MD5 for: SCECLI.DLL > [2009.07.14 02:16:13 | 000,175,616 | ---- | M] (Microsoft Corporation) MD5=26073302DAEA83CC5B944C546D6B47D2 -- C:\Windows\System32\scecli.dll [2009.07.14 02:16:13 | 000,175,616 | ---- | M] (Microsoft Corporation) MD5=26073302DAEA83CC5B944C546D6B47D2 -- C:\Windows\winsxs\x86_microsoft-windows-s..urationengineclient_31bf3856ad364e35_6.1.7600.16385_none_37e4387f3a6f0483\scecli.dll < MD5 for: USER32.DLL > [2009.07.14 02:16:17 | 000,811,520 | ---- | M] (Microsoft Corporation) MD5=34B7E222E81FAFA885F0C5F2CFA56861 -- C:\Windows\System32\user32.dll [2009.07.14 02:16:17 | 000,811,520 | ---- | M] (Microsoft Corporation) MD5=34B7E222E81FAFA885F0C5F2CFA56861 -- C:\Windows\winsxs\x86_microsoft-windows-user32_31bf3856ad364e35_6.1.7600.16385_none_cd0ec264ceb014a3\user32.dll < MD5 for: USERINIT.EXE > [2009.07.14 02:14:43 | 000,026,112 | ---- | M] (Microsoft Corporation) MD5=6DE80F60D7DE9CE6B8C2DDFDF79EF175 -- C:\Windows\System32\userinit.exe [2009.07.14 02:14:43 | 000,026,112 | ---- | M] (Microsoft Corporation) MD5=6DE80F60D7DE9CE6B8C2DDFDF79EF175 -- C:\Windows\winsxs\x86_microsoft-windows-userinit_31bf3856ad364e35_6.1.7600.16385_none_dbff103933038d7c\userinit.exe < MD5 for: WINLOGON.EXE > [2009.10.28 07:17:59 | 000,285,696 | ---- | M] (Microsoft Corporation) MD5=37CDB7E72EB66BA85A87CBE37E7F03FD -- C:\Windows\System32\winlogon.exe [2009.10.28 07:17:59 | 000,285,696 | ---- | M] (Microsoft Corporation) MD5=37CDB7E72EB66BA85A87CBE37E7F03FD -- C:\Windows\winsxs\x86_microsoft-windows-winlogon_31bf3856ad364e35_6.1.7600.16447_none_6fc699643622d177\winlogon.exe [2009.10.28 06:52:08 | 000,285,696 | ---- | M] (Microsoft Corporation) MD5=3BABE6767C78FBF5FB8435FEED187F30 -- C:\Windows\winsxs\x86_microsoft-windows-winlogon_31bf3856ad364e35_6.1.7600.20560_none_703394514f56f7c2\winlogon.exe [2009.07.14 02:14:45 | 000,285,696 | ---- | M] (Microsoft Corporation) MD5=8EC6A4AB12B8F3759E21F8E3A388F2CF -- C:\Windows\winsxs\x86_microsoft-windows-winlogon_31bf3856ad364e35_6.1.7600.16385_none_6f99573a36451166\winlogon.exe < MD5 for: WS2IFSL.SYS > [2009.07.14 00:55:02 | 000,016,384 | ---- | M] (Microsoft Corporation) MD5=6DB3276587B853BF886B69528FDB048C -- C:\Windows\System32\drivers\ws2ifsl.sys [2009.07.14 00:55:02 | 000,016,384 | ---- | M] (Microsoft Corporation) MD5=6DB3276587B853BF886B69528FDB048C -- C:\Windows\winsxs\x86_microsoft-windows-w..rastructure-ws2ifsl_31bf3856ad364e35_6.1.7600.16385_none_4f5cf6f829213bb2\ws2ifsl.sys < %systemroot%\system32\drivers\*.sys /lockedfiles > [2010.07.30 17:26:00 | 000,721,904 | ---- | M] () Unable to obtain MD5 -- C:\Windows\System32\drivers\sptd.sys < %systemroot%\System32\config\*.sav > < %systemroot%\*. /mp /s > < %systemroot%\system32\*.dll /lockedfiles > ========== Alternate Data Streams ========== @Alternate Data Stream - 140 bytes -> C:\ProgramData\TEMP:4EE323A4 < End of report > Code:
ATTFilter OTL Extras logfile created on: 31.10.2010 16:56:54 - Run 3 OTL by OldTimer - Version 3.2.17.1 Folder = C:\Users\Public\Desktop\MFtools Ultimate Edition (Version = 6.1.7600) - Type = NTWorkstation Internet Explorer (Version = 8.0.7600.16385) Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy 3,00 Gb Total Physical Memory | 2,00 Gb Available Physical Memory | 71,00% Memory free 6,00 Gb Paging File | 5,00 Gb Available in Paging File | 79,00% Paging File free Paging file location(s): ?:\pagefile.sys [binary data] %SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files Drive C: | 197,38 Gb Total Space | 17,04 Gb Free Space | 8,63% Space Free | Partition Type: NTFS Drive D: | 35,51 Gb Total Space | 17,82 Gb Free Space | 50,19% Space Free | Partition Type: NTFS Drive E: | 698,63 Gb Total Space | 25,43 Gb Free Space | 3,64% Space Free | Partition Type: NTFS Computer Name: WENNTO-PC | User Name: Wennto | Logged in as Administrator. Boot Mode: Normal | Scan Mode: All users Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days ========== Extra Registry (SafeList) ========== ========== File Associations ========== [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>] .cpl [@ = cplfile] -- C:\Windows\System32\control.exe (Microsoft Corporation) .hlp [@ = hlpfile] -- C:\Windows\winhlp32.exe (Microsoft Corporation) [HKEY_USERS\S-1-5-21-4066490547-1557199109-2218371550-1000\SOFTWARE\Classes\<extension>] .html [@ = FirefoxHTML] -- C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation) ========== Shell Spawning ========== [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command] batfile [open] -- "%1" %* cmdfile [open] -- "%1" %* comfile [open] -- "%1" %* cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation) exefile [open] -- "%1" %* helpfile [open] -- Reg Error: Key error. hlpfile [open] -- %SystemRoot%\winhlp32.exe %1 (Microsoft Corporation) inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation) piffile [open] -- "%1" %* regfile [merge] -- Reg Error: Key error. scrfile [config] -- "%1" scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l (Microsoft Corporation) scrfile [open] -- "%1" /S txtfile [edit] -- Reg Error: Key error. Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1 Directory [AddToPlaylistVLC] -- "C:\Program Files\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" () Directory [Bridge] -- C:\Program Files\Adobe\Adobe Bridge CS5\Bridge.exe "%L" (Adobe Systems, Inc.) Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation) Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation) Directory [MediaMonkey.1Play] -- "C:\Program Files\MediaMonkey\MediaMonkey.exe" "%1" (Ventis Media Inc.) Directory [MediaMonkey.2PlayNext] -- "C:\Program Files\MediaMonkey\MediaMonkey.exe" /NEXT "%1" (Ventis Media Inc.) Directory [MediaMonkey.3Enqueue] -- "C:\Program Files\MediaMonkey\MediaMonkey.exe" /ADD "%1" (Ventis Media Inc.) Directory [PlayWithVLC] -- "C:\Program Files\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" () Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation) Folder [explore] -- Reg Error: Value error. Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation) ========== Security Center Settings ========== [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center] "cval" = 1 [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc] "VistaSp1" = Reg Error: Unknown registry data type -- File not found "AntiVirusOverride" = 0 "AntiSpywareOverride" = 0 "FirewallOverride" = 0 [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol] ========== Firewall Settings ========== [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile] "DisableNotifications" = 0 "EnableFirewall" = 1 [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile] "DisableNotifications" = 0 "EnableFirewall" = 1 [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile] "DisableNotifications" = 0 "EnableFirewall" = 1 ========== Authorized Applications List ========== ========== HKEY_LOCAL_MACHINE Uninstall List ========== [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall] "{0224CACC-994D-45F8-B973-D65056EA9C2F}" = Adobe XMP DVA Panels CS3 "{033E378E-6AD3-4AD5-BDEB-CBD69B31046C}" = Microsoft_VC90_ATL_x86 "{04AF207D-9A77-465A-8B76-991F6AB66245}" = Adobe Help Viewer CS3 "{0513EE35-E0FB-4166-B663-BD1AE3A803DE}" = Anno 1404 "{08B32819-6EEF-4057-AEDA-5AB681A36A23}" = Adobe Bridge Start Meeting "{08D2E121-7F6A-43EB-97FD-629B44903403}" = Microsoft_VC90_CRT_x86 "{0D2DBE8A-43D0-7830-7AE7-CA6C99A832E7}" = Adobe Community Help "{0F3647F8-E51D-4FCC-8862-9A8D0C5ACF25}" = Microsoft_VC80_ATL_x86 "{1023383E-D9F6-478C-A965-23A4657B3C9A}" = Sacred 2 "{1235083F-52F9-44CC-9DF5-F9B7802BB9B7}" = ISO Recorder "{14C87AA7-08E6-419F-A165-998EBE5023D7}" = Oblivion - Knights of the Nine "{155F4A0E-76ED-45A2-91FB-FF2A2133C31A}" = Risen "{15FEDA5F-141C-4127-8D7E-B962D1742728}" = Adobe Photoshop CS5 "{16D919E6-F019-4E15-BFBE-4A85EF19DA57}" = Oblivion - Spell Tomes "{196BB40D-1578-3D01-B289-BEFC77A11A1E}" = Microsoft Visual C++ 2010 x86 Redistributable - 10.0.30319 "{19910E33-E495-42F9-84FF-7569931CC021}_is1" = Mafia 2 "{1BBD8D70-721A-41AD-AC8F-7308A0C8FA92}" = Adobe Creative Suite 5 Master Collection "{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 "{205C6BDD-7B73-42DE-8505-9A093F35A238}" = Windows Live-Uploadtool "{22B775E7-6C42-4FC5-8E10-9A5E3257BD94}" = MSVCRT "{26A24AE4-039D-4CA4-87B4-2F83216021FF}" = Java(TM) 6 Update 21 "{2F2E3D62-8B8C-448F-8900-451325E50948}" = Oblivion - Wizard's Tower "{3175E049-F9A9-4A3D-8F19-AC9FB04514D1}" = Windows Live Communications Platform "{35CB6715-41F8-4F99-8881-6FC75BF054B0}" = Oblivion "{3ABEBD00-299D-4DCA-967F-B912163AB5EA}" = Oblivion - Horse Armor Pack "{3C3901C5-3455-3E0A-A214-0B093A5070A6}" = Microsoft .NET Framework 4 Client Profile "{3D9CF3CA-3AB0-4A82-9853-D7C43FD1D775}" = ANNO 1404 "{3EE9BCAE-E9A9-45E5-9B1C-83A4D357E05C}" = eReg "{3F5C371F-8EA2-4F25-9D3D-D0B4526E3AEA}" = NVIDIA PhysX "{3FEA6CD1-EA13-4CE7-A74E-A74A4A0A7B5C}" = FIFA 11 "{412B69AF-C352-4F6F-A318-B92B3CB9ACC6}" = Titan Quest "{485ACF57-F364-440A-8496-E1E81C8FA1AA}" = Adobe Premiere Pro CS3 Third Party Content "{490BF87E-1F75-4453-BF55-9F540543A3CA}" = Steinberg Drum Loop Expansion 01 "{4999B2F1-3E74-409A-B8B5-E94448AA9EA6}" = Hama Black Force Pad "{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater "{4A19D6AC-ADE0-4A07-80FF-9C9812C45557}" = Steinberg Cubase 5 "{4D454CF8-12FD-464D-B57B-B46FE27B78BB}" = Steinberg LoopMash Content "{4D87DC92-C328-46EC-A7B4-9C88129DC696}" = Dead Space™ "{4F64A46D-67F7-4497-AEA2-313D4305A5F6}" = Torchlight "{50F102CA-4BE2-41A9-9810-5BB05EB91B9A}" = Adobe Premiere Pro CS3 Functional Content "{520F4B09-3A51-47A2-82B0-9FF1DC2D20FA}" = Oblivion - Vile Lair "{52B97218-98CB-4B8B-9283-D213C85E1AA4}" = Windows Live Anmelde-Assistent "{532B917B-8235-4FA5-BE36-643A8BB053A5}" = Steinberg REVerence Content 01 "{54793AA1-5001-42F4-ABB6-C364617C6078}" = Adobe Linguistics CS3 "{586509F0-350D-48B5-B763-9CC2F8D96C4C}" = Windows Live Sync "{58DCEEE5-532E-44F4-B1D7-A146EF9E9FDA}" = Adobe Premiere Pro CS3 "{5AE3D9F1-9E9E-4015-8787-E22705AA32C5}" = msxml4 "{5AEF871D-FBAB-4AEF-8AEB-6A8E668A7D3C}" = MP3Find pro v4.87 "{5F073685-ADDB-4D5A-98E9-0F795989A57F}" = PhotoFrame Pro 3.1 "{635FED5B-2C6D-49BE-87E6-7A6FCD22BC5A}" = Microsoft_VC90_MFC_x86 "{648C1BFD-6A70-46D8-B855-F84D95C2DC34}" = CSR "{6530FDAA-5B1F-4830-95BB-650E9804D239}" = UE3Redist "{6ABE0BEE-D572-4FE8-B434-9E72A289431B}" = Adobe Fonts All "{6AFCA4E1-9B78-3640-8F72-A7BF33448200}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729 "{6D8DDB4A-C263-40DE-BA16-AFDAD159D59A}" = Tom Clancy's Splinter Cell Conviction "{6FF5DD7A-FE28-4439-B8CF-1E9AF4EA0A61}" = Adobe Asset Services CS3 "{7299052b-02a4-4627-81f2-1818da5d550d}" = Microsoft Visual C++ 2005 Redistributable "{72EFBFE4-C74F-4187-AEFD-73EA3BE968D6}" = ICQ7.2 "{7EE873AF-46BB-4B5D-BA6F-CFE4B0566E22}" = TuneUp Utilities Language Pack (de-DE) "{837b34e3-7c30-493c-8f6a-2b0f04e2912c}" = Microsoft Visual C++ 2005 Redistributable "{850C7BD3-9F3F-46AD-9396-E7985B38C55E}" = Windows Live Fotogalerie "{865D9ED1-EAC2-436D-AFA7-0B750EB5AAAB}" = Steinberg HALionOne Studio Drum Set "{86EDEF11-EFE4-46CB-8B08-9CBD4A936B1F}" = Stranglehold "{888F1505-C2B3-4FDE-835D-36353EBD4754}" = Ubisoft Game Launcher "{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight "{8ACC73AA-6511-7C55-B1A9-8E5D1DEAFAA3}" = The Lord of the Rings FREE Trial "{8D2BA474-F406-4710-9AE4-D4F22D21F0DD}" = Adobe Device Central CS3 "{8E6808E2-613D-4FCD-81A2-6C8FA8E03312}" = Adobe Type Support "{8FB1B528-E260-451E-9B55-E9152F94B80B}" = Microsoft Games for Windows - LIVE Redistributable "{90120000-0015-0407-0000-0000000FF1CE}" = Microsoft Office Access MUI (German) 2007 "{90120000-0015-0407-0000-0000000FF1CE}_ENTERPRISE_{9BD40163-B95D-4B07-8991-0AB775B6D88B}" = Microsoft Office 2007 Service Pack 2 (SP2) "{90120000-0016-0407-0000-0000000FF1CE}" = Microsoft Office Excel MUI (German) 2007 "{90120000-0016-0407-0000-0000000FF1CE}_ENTERPRISE_{9BD40163-B95D-4B07-8991-0AB775B6D88B}" = Microsoft Office 2007 Service Pack 2 (SP2) "{90120000-0018-0407-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (German) 2007 "{90120000-0018-0407-0000-0000000FF1CE}_ENTERPRISE_{9BD40163-B95D-4B07-8991-0AB775B6D88B}" = Microsoft Office 2007 Service Pack 2 (SP2) "{90120000-0019-0407-0000-0000000FF1CE}" = Microsoft Office Publisher MUI (German) 2007 "{90120000-0019-0407-0000-0000000FF1CE}_ENTERPRISE_{9BD40163-B95D-4B07-8991-0AB775B6D88B}" = Microsoft Office 2007 Service Pack 2 (SP2) "{90120000-001A-0407-0000-0000000FF1CE}" = Microsoft Office Outlook MUI (German) 2007 "{90120000-001A-0407-0000-0000000FF1CE}_ENTERPRISE_{9BD40163-B95D-4B07-8991-0AB775B6D88B}" = Microsoft Office 2007 Service Pack 2 (SP2) "{90120000-001B-0407-0000-0000000FF1CE}" = Microsoft Office Word MUI (German) 2007 "{90120000-001B-0407-0000-0000000FF1CE}_ENTERPRISE_{9BD40163-B95D-4B07-8991-0AB775B6D88B}" = Microsoft Office 2007 Service Pack 2 (SP2) "{90120000-001F-0407-0000-0000000FF1CE}" = Microsoft Office Proof (German) 2007 "{90120000-001F-0407-0000-0000000FF1CE}_ENTERPRISE_{A0516415-ED61-419A-981D-93596DA74165}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2) "{90120000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2007 "{90120000-001F-0409-0000-0000000FF1CE}_ENTERPRISE_{ABDDE972-355B-4AF1-89A8-DA50B7B5C045}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2) "{90120000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2007 "{90120000-001F-040C-0000-0000000FF1CE}_ENTERPRISE_{F580DDD5-8D37-4998-968E-EBB76BB86787}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2) "{90120000-001F-0410-0000-0000000FF1CE}" = Microsoft Office Proof (Italian) 2007 "{90120000-001F-0410-0000-0000000FF1CE}_ENTERPRISE_{322296D4-1EAE-4030-9FBC-D2787EB25FA2}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2) "{90120000-002C-0407-0000-0000000FF1CE}" = Microsoft Office Proofing (German) 2007 "{90120000-0030-0000-0000-0000000FF1CE}" = Microsoft Office Enterprise 2007 "{90120000-0030-0000-0000-0000000FF1CE}_ENTERPRISE_{0B36C6D6-F5D8-4EAF-BF94-4376A230AD5B}" = Microsoft Office 2007 Service Pack 2 (SP2) "{90120000-0030-0000-0000-0000000FF1CE}_ENTERPRISE_{3D019598-7B59-447A-80AE-815B703B84FF}" = Security Update for Microsoft Office system 2007 (972581) "{90120000-0044-0407-0000-0000000FF1CE}" = Microsoft Office InfoPath MUI (German) 2007 "{90120000-0044-0407-0000-0000000FF1CE}_ENTERPRISE_{9BD40163-B95D-4B07-8991-0AB775B6D88B}" = Microsoft Office 2007 Service Pack 2 (SP2) "{90120000-006E-0407-0000-0000000FF1CE}" = Microsoft Office Shared MUI (German) 2007 "{90120000-006E-0407-0000-0000000FF1CE}_ENTERPRISE_{26454C26-D259-4543-AA60-3189E09C5F76}" = Microsoft Office 2007 Service Pack 2 (SP2) "{90120000-00A1-0407-0000-0000000FF1CE}" = Microsoft Office OneNote MUI (German) 2007 "{90120000-00A1-0407-0000-0000000FF1CE}_ENTERPRISE_{9BD40163-B95D-4B07-8991-0AB775B6D88B}" = Microsoft Office 2007 Service Pack 2 (SP2) "{90120000-00BA-0407-0000-0000000FF1CE}" = Microsoft Office Groove MUI (German) 2007 "{90120000-00BA-0407-0000-0000000FF1CE}_ENTERPRISE_{9BD40163-B95D-4B07-8991-0AB775B6D88B}" = Microsoft Office 2007 Service Pack 2 (SP2) "{90176341-0A8B-4CCC-A78D-F862228A6B95}" = Adobe Anchor Service CS3 "{92D58719-BBC1-4CC3-A08B-56C9E884CC2C}" = Microsoft_VC80_CRT_x86 "{95120000-00B9-0409-0000-0000000FF1CE}" = Microsoft Application Error Reporting "{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 "{9A996B6A-846E-4A89-B9C4-17546B7BE49F}" = Burnout(TM) Paradise The Ultimate Box "{9C9824D9-9000-4373-A6A5-D0E5D4831394}" = Adobe Bridge CS3 "{9FD6F1A8-5550-46AF-8509-271DF0E768B5}" = Dual-Core Optimizer "{A07B2C21-863B-47AB-AE7E-20BB00BD7D33}" = ANNO 1404 - Venedig "{A1416622-0DDE-45B5-B06C-DFC3ED94C53B}" = Der Pate® II "{A2B242BD-FF8D-4840-9DAA-9170EABEC59C}" = Adobe CMaps "{A2BCA9F1-566C-4805-97D1-7FDC93386723}" = Adobe AIR "{A357EF4C-2B6F-4980-ACA9-B1E42A74D7F3}" = Red Faction Guerrilla "{A49F249F-0C91-497F-86DF-B2585E8E76B7}" = Microsoft Visual C++ 2005 Redistributable "{A6834535-4E7D-C07A-2CAA-E2B73C82EC60}" = AMD Drag and Drop Transcoding "{A7496F46-78AE-4DB2-BCF5-95F210FA6F96}" = Windows Live Movie Maker "{A78FE97A-C0C8-49CE-89D0-EDD524A17392}" = PDF Settings CS5 "{AA468551-1794-42FE-B504-C41D75EEBDF2}_is1" = Partition Wizard Home Edition 5.0 "{AB49B509-8FCA-45E6-9FB9-9E4AEEB8F148}" = System Requirements Lab CYRI "{AC76BA86-7AD7-1031-7B44-A80000000002}" = Adobe Reader 8 - Deutsch "{AC997F93-0757-4ED4-A701-F40C2D654D09}" = Steinberg HALionOne GM Drum Set "{B01DD5B7-9862-43D7-BCA3-7882A17E4328}" = PhotoTools 1.0 Professional Edition "{B3BF6689-A81D-40D8-9A86-4AC4ACD9FC1C}" = Adobe Camera Raw 4.0 "{B3D87264-EAC9-4DE8-8D0E-E758CA1413A0}_is1" = Disciples III "{B5C5C17E-FEF6-4062-8151-A427AE8AF9D7}" = Titan Quest Immortal Throne "{B8A2869E-30CA-40C5-9CF8-BD7354E57EF8}" = SmartSound Common Data "{B9B35331-B7E4-4E5C-BF4C-7BC87856124D}" = Adobe Default Language CS3 "{BB81360F-041C-4CF7-B15E-71380D154244}" = Adobe Setup "{BD86F1AC-B594-46E4-85DC-1258AC9E2232}" = Steinberg Groove Agent ONE Content "{C2D69781-F392-4118-A5A7-C7E9C38DBFC2}" = Adobe ExtendScript Toolkit 2 "{C78EAC6F-7A73-452E-8134-DBB2165C5A68}" = QuickTime "{C95AACD4-9507-4F5C-9D53-22B1ACCFECD1}" = AmpliTube2 "{CAFA57E8-8927-4912-AFCF-B0AA3837E989}" = Windows Live Essentials "{CCA5EAAD-92F4-4B7A-B5EE-14294C66AB61}" = PlayReady PC Runtime x86 "{D0DFF92A-492E-4C40-B862-A74A173C25C5}" = Adobe Version Cue CS3 Client "{D1A19B02-817E-4296-A45B-07853FD74D57}" = Microsoft_VC80_MFC_x86 "{D23CBFDA-C46B-4920-BA70-FC7878A3F05A}" = Steinberg HALionOne Studio Set "{D2559B88-CC9D-4B48-81BB-F492BAA9C48C}" = Adobe PDF Library Files "{D2FCA41E-AC01-4DCD-B3A7-DC9E32363065}}_is1" = Rapture3D 2.4.4 Game "{D3742F82-1C1A-4DCC-ABBD-0E7C3C0185CC}" = TuneUp Utilities "{D5A31AB1-345D-47C7-A87B-036A669F6DF1}" = Adobe XMP Panels CS3 "{D75814C1-5AA5-4198-BFF6-093A226D9F0D}" = O&O Defrag Professional "{D82CDA0D-C182-42C8-8FF2-5649C98D6003}" = Steinberg HALionOne Pro Set "{D92BBB52-82FF-42ED-8A3C-4E062F944AB7}" = Microsoft_VC80_MFCLOC_x86 "{DADD7B8A-BCB0-44F5-967A-ECB6B4F2ECD9}" = Adobe Color Common Settings "{E1071C00-B001-4633-B9C3-164C856D5730}" = Bionic Commando "{E22AD5D3-EB60-4A8F-835C-6C10E369DCE2}" = Steinberg HALionOne Expression Set "{E38C00D0-A68B-4318-A8A6-F7D4B5B1DF0E}" = Windows Media Encoder 9-Reihe "{E426CEC1-35C5-42BF-913E-6EF8F1211D01}" = Overlord II "{E69AE897-9E0B-485C-8552-7841F48D42D8}" = Adobe Update Manager CS3 "{E70E7159-93B1-470D-9FBD-D8E9EF34B538}" = Steinberg HALionOne "{EC425CFC-EE78-4A91-AA25-3BFA65B75364}" = Oblivion - Orrery "{EE91E474-9298-47B8-817F-8E0042408998}" = Risen Hotfix 1.01 "{EF295F5C-7B57-47AA-8889-6B3E8E214E89}" = Oblivion - Mehrunes Razor "{F057965A-D974-4C64-ADB1-4381CD4B8956}" = Steinberg HALionOne GM Set "{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}" = Microsoft SQL Server 2005 Compact Edition [ENU] "{F0E12BBA-AD66-4022-A453-A1C8A0C4D570}" = Microsoft Choice Guard "{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver "{F138762F-5A1F-4CF0-A5E1-1588EF6088A4}" = The Witcher Enhanced Edition "{F34D6DAE-7777-5C40-E143-8A0D6A048F75}" = ATI Catalyst Install Manager "{F3AFD063-8BAD-485E-B641-E7F5A2C5AE71}" = Steinberg HALionOne Additional Content Set 01 "{F750C986-5310-3A5A-95F8-4EC71C8AC01C}" = Microsoft .NET Framework 4 Client Profile DEU Language Pack "{F97E3841-CA9D-4964-9D64-26066241D26F}" = Microsoft Games for Windows - LIVE "{FF66E9F6-83E7-3A3E-AF14-8DE9A809A6A4}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022 "{FFFFFD17-B460-41EB-93F1-C48ABAD63828}" = Oblivion - Thieves Den "7-Zip" = 7-Zip 4.65 "ABC Amber Audio Converter" = ABC Amber Audio Converter "Adobe AIR" = Adobe AIR "Adobe Flash Player ActiveX" = Adobe Flash Player 10 ActiveX "Adobe Flash Player Plugin" = Adobe Flash Player 10 Plugin "Adobe_32fdd767b4383606e8168e834af5d90" = Adobe Premiere Pro CS3 "Alcatech BPM Studio Professional v4.9.1" = Alcatech BPM Studio Professional v4.9.1 "ASIO4ALL" = ASIO4ALL "Avira AntiVir Desktop" = Avira AntiVir Personal - Free Antivirus "Bandoo" = Bandoo "Blow Up" = Alien Skin Blow Up "Bokeh" = Alien Skin Bokeh "Borderlands Gold_is1" = Borderlands Gold "broomstickbass-1.0.0" = Broomstick Bass 1.0.0 "Brothers in Arms - Hell's Highway" = Brothers in Arms: Hell's Highway "chc.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1" = Adobe Community Help "Color Efex Pro 3.0 Complete" = Color Efex Pro 3.0 Complete "Dfine 2.0" = Dfine 2.0 "discoDSP Discovery VSTi_is1" = discoDSP Discovery VSTi v2.9 "Divinity II - Ego Draconis_is1" = Divinity II - Ego Draconis "Dragon Age Origins GotYE_is1" = Dragon Age Origins GotYE "eLicenser Control" = eLicenser Control "ENTERPRISE" = Microsoft Office Enterprise 2007 "ERUNT_is1" = ERUNT 1.1j "Exposure" = Alien Skin Exposure "EyeCandy5Impact" = Alien Skin Eye Candy 5 Impact "EyeCandy5Nature" = Alien Skin Eye Candy 5 Nature "EyeCandy5Textures" = Alien Skin Eye Candy 5 Textures "Fallout New Vegas_is1" = Fallout New Vegas "Fraps" = Fraps (remove only) "GFORCE_SOFTWARE_MINIMONSTA_RTAS_VSTi_v1.06-PLZ" = GFORCE_SOFTWARE_MINIMONSTA_RTAS_VSTi_v1.06-PLZ "ImagenomicPortraiturePlugin" = Imagenomic Portraiture 2.3 Plug-in (build 2308) "Indeo® software" = Indeo® software "InstallShield_{A357EF4C-2B6F-4980-ACA9-B1E42A74D7F3}" = Red Faction Guerrilla "InstallShield_{B8A2869E-30CA-40C5-9CF8-BD7354E57EF8}" = SmartSound Common Data "iZotope iDrum Factory Content_is1" = iZotope iDrum Factory Content "iZotope iDrum_is1" = iZotope iDrum "iZotope Ozone 4_is1" = iZotope Ozone 4 "JDownloader" = JDownloader "KLiteCodecPack_is1" = K-Lite Mega Codec Pack 5.1.0 "Lara Croft and the Guardian of Light_is1" = Lara Croft and the Guardian of Light "Mafia II_is1" = Mafia II "Malwarebytes' Anti-Malware_is1" = Malwarebytes' Anti-Malware "MediaMonkey_is1" = MediaMonkey 3.1 "Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile "Microsoft .NET Framework 4 Client Profile DEU Language Pack" = Microsoft .NET Framework 4 Client Profile DEU Language Pack "Mozilla Firefox (3.6.12)" = Mozilla Firefox (3.6.12) "Mozilla Thunderbird (3.1.5)" = Mozilla Thunderbird (3.1.5) "Mp3tag" = Mp3tag v2.46a "Native Instruments Battery 3" = Native Instruments Battery 3 "Nehrim - Am Rande des Schicksals_is1" = NehrimUninstaller "OpenAL" = OpenAL "OpenLibraries" = OpenLibraries "PixPlant2_is1" = PixPlant for Photoshop 2.0.43 "Power Retouche Pro" = Power Retouche Pro "rgcAudio z3ta Plus v1.40" = rgcAudio z3ta Plus v1.40 "RocketDock_is1" = RocketDock 1.3.5 "Runic Games Torchlight" = Torchlight "Sharpener Pro 3.0" = Sharpener Pro 3.0 "Silver Efex Pro" = Silver Efex Pro "StarCraft II" = StarCraft II "The Last Remnant_is1" = The Last Remnant "Totalcmd" = Total Commander (Remove or Repair) "TruePianos: Amber Module_is1" = TruePianos: Amber Module 1.4.0 "TruePianos: Diamond Module_is1" = TruePianos: Diamond Module 1.4.0 "TruePianos: Emerald Module_is1" = TruePianos: Emerald Module 1.4.0 "TruePianos: Sapphire Module (Pedal sounds included)_is1" = TruePianos: Sapphire Module 1.4.0 "TruePianos: Sapphire Module_is1" = TruePianos: Sapphire Module 1.4.0 "TruePianos_is1" = TruePianos 1.4.1 "TuneUp Utilities" = TuneUp Utilities "tvbrowser" = TV-Browser 3.0-beta2 "Two Worlds" = Two Worlds "Veetle TV" = Veetle TV 0.9.18 "Verbindungsassistent" = Verbindungsassistent "Virtual DJ - Atomix Productions" = Virtual DJ - Atomix Productions "Virtual DJ Pro Full - Atomix Productions" = Virtual DJ Pro Full - Atomix Productions "VLC media player" = VLC media player 1.0.3 "Waldorf Largo" = Waldorf Largo "Waves Mercury Bundle" = Waves Mercury Bundle "WinAVIVideoConverter_is1" = WinAVIVideoConverter "Windows Media Encoder 9" = Windows Media Encoder 9-Reihe "WinLiveSuite_Wave3" = Windows Live Essentials "WinRAR archiver" = WinRAR "Yahoo! Messenger" = Yahoo! Messenger ========== HKEY_USERS Uninstall List ========== [HKEY_USERS\S-1-5-21-4066490547-1557199109-2218371550-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall] "InstallShield_{6530FDAA-5B1F-4830-95BB-650E9804D239}" = UE3Redist ========== Last 10 Event Log Errors ========== Error reading Event Logs: The Event Service is not operating properly or the Event Logs are corrupt! < End of report > |
31.10.2010, 18:18 | #5 |
/// Malware-holic | Falsche Internetseiten werden aufgerufen! • Starte bitte die OTL.exe • Kopiere nun das Folgende in die Textbox. :OTL PRC - C:\Users\Wennto\AppData\Roaming\Microsoft\svchost.exe () PRC - C:\Users\Wennto\AppData\Local\Temp\dwm.exe () O4 - HKLM..\Run: [svchost] C:\Users\Wennto\AppData\Roaming\Microsoft\svchost.exe () O4 - HKU\S-1-5-21-4066490547-1557199109-2218371550-1000..\Run: [svchost] C:\Users\Wennto\AppData\Roaming\Microsoft\svchost.exe () F3 - HKU\S-1-5-21-4066490547-1557199109-2218371550-1000 WinNT: Load - (C:\Users\Wennto\AppData\Local\Temp\dwm.exe) - C:\Users\Wennto\AppData\Local\Temp\dwm.exe () O20 - HKU\S-1-5-21-4066490547-1557199109-2218371550-1000 Winlogon: Shell - (C:\Users\Wennto\AppData\Roaming\Microsoft\Windows\shell.exe) - C:\Users\Wennto\AppData\Roaming\Microsoft\Windows\shell.exe () [2010.10.31 16:25:46 | 000,118,272 | ---- | M] () -- C:\Users\Wennto\AppData\Roaming\Microsoft\Windows\shell.exe :FILES :Commands [purity] [EMPTYFLASH] [emptytemp] [Reboot] • Schliesse bitte nun alle Programme. • Klicke nun bitte auf den Fix Button. • OTL kann gegebenfalls einen Neustart verlangen. Bitte dies zulassen. • Nach dem Neustart findest Du ein Textdokument dieses posten wenn es irgendwelche probleme geben sollte, nutze die systemwiederherstellung, aber sag mir bescheid :-) |
31.10.2010, 18:52 | #6 |
| Falsche Internetseiten werden aufgerufen! Oh Mann... Also hab es so gemacht.OTL wollte neustarten.Nach dem neustart stand ein TXT auf dem Dektop.Welchen ich wegklickte.Ich dachte sie wäre im OTL Ordner.ist er aber nicht.Wo finde ich die?Irgendwo muss sie ja gespeichert sein, da keine Meldung von wegen "speichern" kam als ich sie weg X-te Nach dem Fixen kann ich nun keine Interntseite mehr aufrufen. Ist der gleiche Effekt, als wenn ich die Infizierten Daten in die Maleware Quarantäne schiebe.Nur da kann ich sie zurückholen.Jetzt nicht mehr. Wiederherrstellungspunke können auch nicht mehr wiederhergestellt werden.Immer Fehlermeldungen nach dem neubooten!Keiner! Musste nun auf den Rechner meiner Frau ausweichen! |
31.10.2010, 18:56 | #7 |
/// Malware-holic | Falsche Internetseiten werden aufgerufen! öffne mal den internet explorer. dort auf extras internetoptionen, verbindungen, laneinstellungen, haken bei proxy server raus nehmen. dann übernehmen, ok und versuchen obs klappt. |
31.10.2010, 19:01 | #8 |
| Falsche Internetseiten werden aufgerufen! Ja...das ging mit dem Proxy-Tip komm wieder Online...Und die TXT von OTL nach dem fixen hab ich auch gefunden.Hier ist sie! Code:
ATTFilter All processes killed ========== OTL ========== Process svchost.exe killed successfully! No active process named dwm.exe was found! Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\\svchost deleted successfully. C:\Users\Wennto\AppData\Roaming\Microsoft\svchost.exe moved successfully. Registry value HKEY_USERS\S-1-5-21-4066490547-1557199109-2218371550-1000\Software\Microsoft\Windows\CurrentVersion\Run\\svchost deleted successfully. File C:\Users\Wennto\AppData\Roaming\Microsoft\svchost.exe not found. C:\Users\Wennto\AppData\Local\Temp\dwm.exe moved successfully. Registry value HKEY_USERS\S-1-5-21-4066490547-1557199109-2218371550-1000\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows\\Load:C:\Users\Wennto\AppData\Local\Temp\dwm.exe deleted successfully. Registry value HKEY_USERS\S-1-5-21-4066490547-1557199109-2218371550-1000\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\\Shell:C:\Users\Wennto\AppData\Roaming\Microsoft\Windows\shell.exe deleted successfully. C:\Users\Wennto\AppData\Roaming\Microsoft\Windows\shell.exe moved successfully. File C:\Users\Wennto\AppData\Roaming\Microsoft\Windows\shell.exe not found. ========== FILES ========== ========== COMMANDS ========== [EMPTYFLASH] User: Administrator User: All Users User: Default ->Flash cache emptied: 0 bytes User: Default User ->Flash cache emptied: 0 bytes User: Public User: Wennto ->Flash cache emptied: 456 bytes Total Flash Files Cleaned = 0,00 mb [EMPTYTEMP] User: Administrator User: All Users User: Default ->Temp folder emptied: 0 bytes ->Temporary Internet Files folder emptied: 0 bytes ->Flash cache emptied: 0 bytes User: Default User ->Temp folder emptied: 0 bytes ->Temporary Internet Files folder emptied: 0 bytes ->Flash cache emptied: 0 bytes User: Public User: Wennto ->Temp folder emptied: 293925 bytes ->Temporary Internet Files folder emptied: 33170 bytes ->Java cache emptied: 0 bytes ->FireFox cache emptied: 73581786 bytes ->Flash cache emptied: 0 bytes %systemdrive% .tmp files removed: 0 bytes %systemroot% .tmp files removed: 0 bytes %systemroot%\System32 .tmp files removed: 0 bytes %systemroot%\System32\drivers .tmp files removed: 0 bytes Windows Temp folder emptied: 0 bytes RecycleBin emptied: 0 bytes Total Files Cleaned = 70,00 mb OTL by OldTimer - Version 3.2.17.1 log created on 10312010_182535 Files\Folders moved on Reboot... Registry entries deleted on Reboot... |
31.10.2010, 19:07 | #9 |
/// Malware-holic | Falsche Internetseiten werden aufgerufen! öffne arbeitzplatz, dann c: rechtsklick auf _OTL und zu _OTL.rar oder zip hinzufügen. archiv zu uns hochladen. http://www.trojaner-board.de/54791-a...ner-board.html |
31.10.2010, 19:20 | #10 |
| Falsche Internetseiten werden aufgerufen! Das habe ich nun gemacht! Schonmal herzlichen Dank für das schnelle Annhemen und "am Ball bleiben" meiner Probleme! Hätt ich nicht mit gerechent! Ist mein PC schlimm "befallen" ? |
31.10.2010, 19:20 | #11 |
/// Malware-holic | Falsche Internetseiten werden aufgerufen! ok hat geklappt. bitte erstelle und poste ein combofix log. Ein Leitfaden und Tutorium zur Nutzung von ComboFix |
31.10.2010, 20:23 | #12 |
| Falsche Internetseiten werden aufgerufen! da kann ich machen was ich will combofix läuft nicht...PC freirt ein! Kann die Maus noch bewegen, aber das wars.Muss Reseten. Habs 20 mal probiert und den Leitfaden gewissenhaft gelesen, alle Programme sind (Scanner, Firewall ect.) deaktiviert. |
31.10.2010, 20:25 | #13 |
| Falsche Internetseiten werden aufgerufen! combo fix läuft nicht.hab den leitfaden gewissenhaft geslesen und alles befolgt...Mauszeiger lässt sich nach dem Start von Combofix zwar bewegen aber das wars.!!! CPU -auslastung 0 %.Dennoch kann ich nix machen und muss reseten...Habs 20 mal versucht.... Alle Antivir und Fierewalls sind aus! |
31.10.2010, 20:28 | #14 |
/// Malware-holic | Falsche Internetseiten werden aufgerufen! 2 versuche hättens auch getan :-) starte den pc mal neu. dann sofort nach pc start die f8-taste betätigen, dort wähle abgesicherter modus, nicht den mit netzwerk. dort anmelden und combofix starten. |
31.10.2010, 20:53 | #15 |
| Falsche Internetseiten werden aufgerufen! Leider lässt sich das Programm dort auch nicht starten...Genau das selbe wie im Standardmodus. |
Themen zu Falsche Internetseiten werden aufgerufen! |
adobe, antivir, antivir guard, avg, avira, bandoo, bho, bonjour, browser, computer, datamngr, datamngr.dll, desktop, explorer, firefox, hijack, infizierte, internet, internet explorer, logfile, mozilla, plug-in, seiten, software, svchost.exe, system, temp, windows |