| |
| |||||||
Plagegeister aller Art und deren Bekämpfung: Mehrere Trojaner +koobface gefundenWindows 7 Wenn Du nicht sicher bist, ob Du dir Malware oder Trojaner eingefangen hast, erstelle hier ein Thema. Ein Experte wird sich mit weiteren Anweisungen melden und Dir helfen die Malware zu entfernen oder Unerwünschte Software zu deinstallieren bzw. zu löschen. Bitte schildere dein Problem so genau wie möglich. Sollte es ein Trojaner oder Viren Problem sein wird ein Experte Dir bei der Beseitigug der Infektion helfen. |
 |
10.11.2010, 21:11
| #1 |
 |  Mehrere Trojaner +koobface gefunden Hal-l-o habe l-eider mehrere trojaner und koobface gefunden a-l--s ich einen l-ink aufgemacht habe von einer email habe ich mir den koobface eingefangen obwohl-- antivir und microsoft sofort al-arm geschla-gen haben es steht aber da das er entfernt wurde nur l-eider "spinnt " mein l------äppi seitdem und auch wenn ich schreibe wie eben jetzt kommen immer diese zeichen oder er sc-hreibt nicht richtig ich weiss mir keinen rat mehr,habe auch schon antimal----------------------------------------------vare unt otl- gemacht sol-- ich das poste?? Danke schon mal-  |
|
10.11.2010, 23:14
| #2 |
| /// Winkelfunktion /// TB-Süch-Tiger™   | Mehrere Trojaner +koobface gefunden J-a bitt-e alle Log-s pos-----ten
__________________ 
__________________ |
|
11.11.2010, 20:09
| #3 |
| | Mehrere Trojaner +koobface gefunden l-ool--- la-ch mich nur aus Heul-l-l-l---
__________________ |
|
11.11.2010, 20:11
| #4 |
| | Mehrere Trojaner +koobface gefunden Malwarebytes' Anti-Malware 1.46 Malwarebytes Datenbank Version: 5089 Windows 6.1.7600 Internet Explorer 8.0.7600.16385 10.11.2010 20:43:24 mbam-log-2010-11-10 (20-43-24).txt Art des Suchlaufs: Quick-Scan Durchsuchte Objekte: 164430 Laufzeit: 31 Minute(n), 9 Sekunde(n) Infizierte Speicherprozesse: 0 Infizierte Speichermodule: 0 Infizierte Registrierungsschlüssel: 17 Infizierte Registrierungswerte: 0 Infizierte Dateiobjekte der Registrierung: 0 Infizierte Verzeichnisse: 16 Infizierte Dateien: 27 Infizierte Speicherprozesse: (Keine bösartigen Objekte gefunden) Infizierte Speichermodule: (Keine bösartigen Objekte gefunden) Infizierte Registrierungsschlüssel: HKEY_CLASSES_ROOT\Interface\{2e9937fc-cf2f-4f56-af54-5a6a3dd375cc} (Adware.MyWebSearch) -> Quarantined and deleted successfully. HKEY_CLASSES_ROOT\Interface\{741de825-a6f0-4497-9aa6-8023cf9b0fff} (Adware.MyWebSearch) -> Quarantined and deleted successfully. HKEY_CLASSES_ROOT\Interface\{cf54be1c-9359-4395-8533-1657cf209cfe} (Adware.MyWebSearch) -> Quarantined and deleted successfully. HKEY_CLASSES_ROOT\CLSID\{147a976f-eee1-4377-8ea7-4716e4cdd239} (Adware.MyWebSearch) -> Quarantined and deleted successfully. HKEY_CLASSES_ROOT\Typelib\{d518921a-4a03-425e-9873-b9a71756821e} (Adware.MyWebSearch) -> Quarantined and deleted successfully. HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{56256a51-b582-467e-b8d4-7786eda79ae0} (Trojan.Vundo) -> Quarantined and deleted successfully. HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Settings\{00a6faf1-072e-44cf-8957-5838f569a31d} (Adware.MyWebSearch) -> Quarantined and deleted successfully. HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Settings\{07b18ea1-a523-4961-b6bb-170de4475cca} (Adware.MyWebSearch) -> Quarantined and deleted successfully. HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Settings\{07b18ea9-a523-4961-b6bb-170de4475cca} (Adware.MyWebSearch) -> Quarantined and deleted successfully. HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{00a6faf1-072e-44cf-8957-5838f569a31d} (Adware.MyWebSearch) -> Quarantined and deleted successfully. HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{00a6faf6-072e-44cf-8957-5838f569a31d} (Adware.MyWebSearch) -> Quarantined and deleted successfully. HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{07b18ea1-a523-4961-b6bb-170de4475cca} (Adware.MyWebSearch) -> Quarantined and deleted successfully. HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{07b18ea9-a523-4961-b6bb-170de4475cca} (Adware.MyWebSearch) -> Quarantined and deleted successfully. HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{07b18eab-a523-4961-b6bb-170de4475cca} (Adware.MyWebSearch) -> Quarantined and deleted successfully. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{56256a51-b582-467e-b8d4-7786eda79ae0} (Trojan.Vundo) -> Quarantined and deleted successfully. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Low Rights\RunDll32Policy\f3ScrCtr.dll (Adware.MyWebSearch) -> Quarantined and deleted successfully. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Multimedia\WMPlayer\Schemes\f3pss (Adware.MyWebSearch) -> Quarantined and deleted successfully. Infizierte Registrierungswerte: (Keine bösartigen Objekte gefunden) Infizierte Dateiobjekte der Registrierung: (Keine bösartigen Objekte gefunden) Infizierte Verzeichnisse: C:\Program Files\FunWebProducts (Adware.MyWebSearch) -> Quarantined and deleted successfully. C:\Program Files\FunWebProducts\ScreenSaver (Adware.MyWebSearch) -> Quarantined and deleted successfully. C:\Program Files\FunWebProducts\ScreenSaver\Images (Adware.MyWebSearch) -> Quarantined and deleted successfully. C:\Program Files\MyWebSearch (Adware.MyWebSearch) -> Quarantined and deleted successfully. C:\Program Files\MyWebSearch\bar (Adware.MyWebSearch) -> Quarantined and deleted successfully. C:\Program Files\MyWebSearch\bar\1.bin (Adware.MyWebSearch) -> Quarantined and deleted successfully. C:\Program Files\MyWebSearch\bar\1.bin\chrome (Adware.MyWebSearch) -> Quarantined and deleted successfully. C:\Program Files\MyWebSearch\bar\2.bin (Adware.MyWebSearch) -> Quarantined and deleted successfully. C:\Program Files\MyWebSearch\bar\2.bin\chrome (Adware.MyWebSearch) -> Quarantined and deleted successfully. C:\Program Files\MyWebSearch\bar\Avatar (Adware.MyWebSearch) -> Quarantined and deleted successfully. C:\Program Files\MyWebSearch\bar\Game (Adware.MyWebSearch) -> Quarantined and deleted successfully. C:\Program Files\MyWebSearch\bar\History (Adware.MyWebSearch) -> Quarantined and deleted successfully. C:\Program Files\MyWebSearch\bar\Message (Adware.MyWebSearch) -> Quarantined and deleted successfully. C:\Program Files\MyWebSearch\bar\Notifier (Adware.MyWebSearch) -> Quarantined and deleted successfully. C:\Program Files\MyWebSearch\bar\Overlay (Adware.MyWebSearch) -> Quarantined and deleted successfully. C:\Program Files\MyWebSearch\bar\Settings (Adware.MyWebSearch) -> Quarantined and deleted successfully. Infizierte Dateien: C:\Users\Tanja\AppData\Local\Temp\RarSFX0\files\Report\report.exe (Trojan.Downloader) -> Quarantined and deleted successfully. C:\Users\Tanja\AppData\Local\Temp\RarSFX3\files\Report\report.exe (Trojan.Downloader) -> Quarantined and deleted successfully. C:\Program Files\MyWebSearch\bar\1.bin\chrome\M3FFXTBR.JAR (Adware.MyWebSearch) -> Quarantined and deleted successfully. C:\Program Files\MyWebSearch\bar\2.bin\F3BKGERR.JPG (Adware.MyWebSearch) -> Quarantined and deleted successfully. C:\Program Files\MyWebSearch\bar\2.bin\F3SPACER.WMV (Adware.MyWebSearch) -> Quarantined and deleted successfully. C:\Program Files\MyWebSearch\bar\2.bin\F3WALLPP.DAT (Adware.MyWebSearch) -> Quarantined and deleted successfully. C:\Program Files\MyWebSearch\bar\2.bin\FWPBUDDY.PNG (Adware.MyWebSearch) -> Quarantined and deleted successfully. C:\Program Files\MyWebSearch\bar\2.bin\INSTALL.RDF (Adware.MyWebSearch) -> Quarantined and deleted successfully. C:\Program Files\MyWebSearch\bar\2.bin\chrome\M3FFXTBR.JAR (Adware.MyWebSearch) -> Quarantined and deleted successfully. C:\Program Files\MyWebSearch\bar\Avatar\COMMON.F3S (Adware.MyWebSearch) -> Quarantined and deleted successfully. C:\Program Files\MyWebSearch\bar\Game\CHECKERS.F3S (Adware.MyWebSearch) -> Quarantined and deleted successfully. C:\Program Files\MyWebSearch\bar\Game\CHESS.F3S (Adware.MyWebSearch) -> Quarantined and deleted successfully. C:\Program Files\MyWebSearch\bar\Game\REVERSI.F3S (Adware.MyWebSearch) -> Quarantined and deleted successfully. C:\Program Files\MyWebSearch\bar\Message\COMMON.F3S (Adware.MyWebSearch) -> Quarantined and deleted successfully. C:\Program Files\MyWebSearch\bar\Notifier\COMMON.F3S (Adware.MyWebSearch) -> Quarantined and deleted successfully. C:\Program Files\MyWebSearch\bar\Notifier\DOG.F3S (Adware.MyWebSearch) -> Quarantined and deleted successfully. C:\Program Files\MyWebSearch\bar\Notifier\FISH.F3S (Adware.MyWebSearch) -> Quarantined and deleted successfully. C:\Program Files\MyWebSearch\bar\Notifier\KUNGFU.F3S (Adware.MyWebSearch) -> Quarantined and deleted successfully. C:\Program Files\MyWebSearch\bar\Notifier\LIFEGARD.F3S (Adware.MyWebSearch) -> Quarantined and deleted successfully. C:\Program Files\MyWebSearch\bar\Notifier\MAID.F3S (Adware.MyWebSearch) -> Quarantined and deleted successfully. C:\Program Files\MyWebSearch\bar\Notifier\MAILBOX.F3S (Adware.MyWebSearch) -> Quarantined and deleted successfully. C:\Program Files\MyWebSearch\bar\Notifier\OPERA.F3S (Adware.MyWebSearch) -> Quarantined and deleted successfully. C:\Program Files\MyWebSearch\bar\Notifier\ROBOT.F3S (Adware.MyWebSearch) -> Quarantined and deleted successfully. C:\Program Files\MyWebSearch\bar\Notifier\SEDUCT.F3S (Adware.MyWebSearch) -> Quarantined and deleted successfully. C:\Program Files\MyWebSearch\bar\Notifier\SURFER.F3S (Adware.MyWebSearch) -> Quarantined and deleted successfully. C:\Program Files\MyWebSearch\bar\Overlay\COMMON.F3S (Adware.MyWebSearch) -> Quarantined and deleted successfully. C:\Program Files\MyWebSearch\bar\Settings\s_pid.dat (Adware.MyWebSearch) -> Quarantined and deleted successfully. |
|
11.11.2010, 20:12
| #5 |
| | Mehrere Trojaner +koobface gefunden OTL Logfile: Code:
ATTFilter OTL logfile created on: 10.11.2010 20:50:36 - Run 1 OTL by OldTimer - Version 3.2.17.3 Folder = C:\Users\Tanja\Downloads Ultimate Edition (Version = 6.1.7600) - Type = NTWorkstation Internet Explorer (Version = 8.0.7600.16385) Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy 3,00 Gb Total Physical Memory | 1,00 Gb Available Physical Memory | 41,00% Memory free 6,00 Gb Paging File | 3,00 Gb Available in Paging File | 53,00% Paging File free Paging file location(s): ?:\pagefile.sys [binary data] %SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files Drive C: | 440,37 Gb Total Space | 236,87 Gb Free Space | 53,79% Space Free | Partition Type: NTFS Drive D: | 25,37 Gb Total Space | 0,00 Gb Free Space | 0,00% Space Free | Partition Type: FAT32 Computer Name: TANJA-PC | User Name: Tanja | Logged in as Administrator. Boot Mode: Normal | Scan Mode: Current user Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: Off | File Age = 30 Days ========== Processes (SafeList) ========== PRC - [2010.11.10 20:46:07 | 000,575,488 | ---- | M] (OldTimer Tools) -- C:\Users\Tanja\Downloads\OTL.exe PRC - [2010.11.02 21:29:28 | 000,135,336 | ---- | M] (Avira GmbH) -- C:\Programme\Avira\AntiVir Desktop\sched.exe PRC - [2010.11.02 21:29:27 | 000,281,768 | ---- | M] (Avira GmbH) -- C:\Programme\Avira\AntiVir Desktop\avgnt.exe PRC - [2010.11.02 21:29:27 | 000,267,944 | ---- | M] (Avira GmbH) -- C:\Programme\Avira\AntiVir Desktop\avguard.exe PRC - [2010.11.02 21:29:27 | 000,224,936 | ---- | M] (Avira GmbH) -- C:\Programme\Avira\AntiVir Desktop\avnotify.exe PRC - [2010.11.01 22:36:03 | 000,974,904 | ---- | M] (Google Inc.) -- C:\Users\Tanja\AppData\Local\Google\Chrome\Application\chrome.exe PRC - [2010.09.22 11:03:38 | 000,249,136 | ---- | M] (Microsoft Corporation) -- C:\Programme\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe PRC - [2010.09.21 13:03:14 | 001,710,464 | ---- | M] (Microsoft Corp.) -- C:\Programme\Common Files\microsoft shared\Windows Live\WLIDSVC.EXE PRC - [2010.09.21 13:03:14 | 000,193,408 | ---- | M] (Microsoft Corp.) -- C:\Programme\Common Files\microsoft shared\Windows Live\WLIDSVCM.EXE PRC - [2010.09.15 03:34:02 | 001,094,224 | ---- | M] (Microsoft Corporation) -- C:\Programme\Microsoft Security Essentials\msseces.exe PRC - [2010.08.25 10:27:44 | 000,309,824 | ---- | M] (ArcSoft Inc.) -- C:\Programme\Common Files\ArcSoft\Connection Service\Bin\ArcCon.ac PRC - [2010.07.21 15:51:42 | 001,797,008 | ---- | M] (Microsoft Corporation) -- C:\Programme\Microsoft IntelliPoint\ipoint.exe PRC - [2010.04.29 12:19:18 | 001,090,952 | ---- | M] (Malwarebytes Corporation) -- C:\Programme\Malwarebytes' Anti-Malware\mbam.exe PRC - [2010.04.16 08:18:34 | 000,173,352 | ---- | M] (TeamViewer GmbH) -- C:\Programme\TeamViewer\Version5\TeamViewer_Service.exe PRC - [2010.03.29 19:26:00 | 000,227,712 | ---- | M] (Microsoft Corporation) -- C:\Programme\Microsoft Office\Office14\ONENOTEM.EXE PRC - [2010.03.25 20:40:44 | 000,017,904 | ---- | M] (Microsoft Corporation) -- c:\Programme\Microsoft Security Essentials\MsMpEng.exe PRC - [2010.03.25 20:40:42 | 000,203,312 | ---- | M] (Microsoft Corporation) -- c:\Programme\Microsoft Security Essentials\MpCmdRun.exe PRC - [2010.03.18 10:19:26 | 000,207,360 | ---- | M] (ArcSoft Inc.) -- C:\Programme\Common Files\ArcSoft\Connection Service\Bin\ACDaemon.exe PRC - [2010.03.18 10:19:26 | 000,113,152 | ---- | M] (ArcSoft Inc.) -- C:\Programme\Common Files\ArcSoft\Connection Service\Bin\ACService.exe PRC - [2010.03.16 01:58:36 | 000,718,208 | ---- | M] (Microsoft Corporation) -- C:\Programme\Microsoft Office\Office14\MSOSYNC.EXE PRC - [2010.02.24 10:34:36 | 000,220,944 | ---- | M] (PCTV Systems S.à r.l.) -- C:\Programme\Common Files\PCTV Systems\RemoTerm\remoterm.exe PRC - [2010.02.18 20:48:36 | 000,043,520 | ---- | M] () -- C:\Programme\FVD Suite\fvdbox.exe PRC - [2010.01.14 21:10:53 | 000,076,968 | ---- | M] (Avira GmbH) -- C:\Programme\Avira\AntiVir Desktop\avshadow.exe PRC - [2009.10.31 06:45:39 | 002,614,272 | ---- | M] (Microsoft Corporation) -- C:\Windows\explorer.exe PRC - [2009.07.20 10:51:52 | 000,935,208 | ---- | M] (Nero AG) -- C:\Programme\Common Files\Nero\Nero BackItUp 4\NBService.exe PRC - [2009.07.14 02:14:47 | 001,121,280 | ---- | M] (Microsoft Corporation) -- C:\Programme\Windows Media Player\wmpnetwk.exe PRC - [2009.07.14 02:14:42 | 000,049,152 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\taskhost.exe PRC - [2009.07.14 02:14:38 | 001,173,504 | ---- | M] (Microsoft Corporation) -- C:\Programme\Windows Sidebar\sidebar.exe PRC - [2009.07.14 02:14:15 | 000,271,360 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\conhost.exe PRC - [2008.10.31 13:06:18 | 006,609,440 | ---- | M] (Realtek Semiconductor) -- C:\Programme\Realtek\Audio\HDA\RtHDVCpl.exe PRC - [2008.10.29 16:20:34 | 000,070,656 | ---- | M] () -- C:\Programme\Realtek Semiconductor Corp\Realtek USB 2.0 Card Reader\reset.exe PRC - [2008.08.28 15:03:22 | 000,233,472 | ---- | M] () -- C:\Windows\tsnp2uvc.exe PRC - [2008.02.28 18:07:58 | 001,828,136 | ---- | M] (Nero AG) -- C:\Programme\Common Files\Nero\Lib\NMIndexStoreSvr.exe PRC - [2007.12.17 18:12:40 | 000,258,048 | ---- | M] (ArcSoft, Inc.) -- C:\Programme\MSI\TotalMedia 3.5\TMMonitor.exe PRC - [2007.06.14 16:22:06 | 001,552,384 | ---- | M] () -- C:\Programme\HP Wireless Printer Adapter\ConnectMgr.exe PRC - [2007.06.05 13:20:32 | 000,177,704 | ---- | M] () -- C:\Windows\System32\PSIService.exe PRC - [2007.05.15 09:06:44 | 000,733,184 | ---- | M] () -- C:\Programme\HP Wireless Adapter\HPWLan.exe PRC - [2006.09.11 04:40:32 | 000,218,032 | ---- | M] (Macrovision Corporation) -- C:\Programme\Common Files\InstallShield\UpdateService\ISUSPM.exe ========== Modules (SafeList) ========== MOD - [2010.11.10 20:46:07 | 000,575,488 | ---- | M] (OldTimer Tools) -- C:\Users\Tanja\Downloads\OTL.exe MOD - [2010.08.21 06:21:32 | 001,680,896 | ---- | M] (Microsoft Corporation) -- C:\Windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7600.16661_none_420fe3fa2b8113bd\comctl32.dll MOD - [2009.07.14 02:16:15 | 000,099,840 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\sspicli.dll MOD - [2009.07.14 02:16:13 | 000,092,160 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\sechost.dll MOD - [2009.07.14 02:16:13 | 000,050,688 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\samcli.dll MOD - [2009.07.14 02:16:12 | 000,031,744 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\profapi.dll MOD - [2009.07.14 02:16:03 | 000,022,016 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\netutils.dll MOD - [2009.07.14 02:15:35 | 000,288,256 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\KernelBase.dll MOD - [2009.07.14 02:15:13 | 000,067,072 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\dwmapi.dll MOD - [2009.07.14 02:15:11 | 000,064,512 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\devobj.dll MOD - [2009.07.14 02:15:07 | 000,036,864 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\cryptbase.dll MOD - [2009.07.14 02:15:02 | 000,145,920 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\cfgmgr32.dll ========== Win32 Services (SafeList) ========== SRV - [2010.11.02 21:29:28 | 000,135,336 | ---- | M] (Avira GmbH) [Auto | Running] -- C:\Program Files\Avira\AntiVir Desktop\sched.exe -- (AntiVirSchedulerService) SRV - [2010.11.02 21:29:27 | 000,267,944 | ---- | M] (Avira GmbH) [Auto | Running] -- C:\Program Files\Avira\AntiVir Desktop\avguard.exe -- (AntiVirService) SRV - [2010.09.22 23:21:24 | 001,493,352 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Program Files\Windows Live\Family Safety\fsssvc.exe -- (fsssvc) SRV - [2010.09.22 15:33:04 | 000,051,040 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Program Files\Windows Live\Mesh\wlcrasvc.exe -- (wlcrasvc) SRV - [2010.09.22 11:03:38 | 000,249,136 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe -- (SeaPort) SRV - [2010.04.16 08:18:34 | 000,173,352 | ---- | M] (TeamViewer GmbH) [Auto | Running] -- C:\Program Files\TeamViewer\Version5\TeamViewer_Service.exe -- (TeamViewer5) SRV - [2010.03.25 20:40:44 | 000,017,904 | ---- | M] (Microsoft Corporation) [Auto | Running] -- c:\Program Files\Microsoft Security Essentials\MsMpEng.exe -- (MsMpSvc) SRV - [2010.03.25 09:25:22 | 030,969,208 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Program Files\Microsoft Office\Office14\GROOVE.EXE -- (Microsoft SharePoint Workspace Audit Service) SRV - [2010.03.18 12:16:28 | 000,130,384 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -- (clr_optimization_v4.0.30319_32) SRV - [2010.03.18 10:19:26 | 000,113,152 | ---- | M] (ArcSoft Inc.) [Auto | Running] -- C:\Programme\Common Files\ArcSoft\Connection Service\Bin\ACService.exe -- (ACDaemon) SRV - [2009.07.20 10:51:52 | 000,935,208 | ---- | M] (Nero AG) [Auto | Running] -- C:\Programme\Common Files\Nero\Nero BackItUp 4\NBService.exe -- (Nero BackItUp Scheduler 4.0) SRV - [2009.07.14 02:16:21 | 000,185,856 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\wwansvc.dll -- (WwanSvc) SRV - [2009.07.14 02:16:17 | 000,151,552 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\wbiosrvc.dll -- (WbioSrvc) SRV - [2009.07.14 02:16:17 | 000,119,808 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\System32\umpo.dll -- (Power) SRV - [2009.07.14 02:16:16 | 000,037,376 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\System32\themeservice.dll -- (Themes) SRV - [2009.07.14 02:16:15 | 000,053,760 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\sppuinotify.dll -- (sppuinotify) SRV - [2009.07.14 02:16:13 | 000,043,520 | ---- | M] (Microsoft Corporation) [Unknown | Running] -- C:\Windows\System32\RpcEpMap.dll -- (RpcEptMapper) SRV - [2009.07.14 02:16:13 | 000,025,088 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\sensrsvc.dll -- (SensrSvc) SRV - [2009.07.14 02:16:12 | 001,004,544 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\PeerDistSvc.dll -- (PeerDistSvc) SRV - [2009.07.14 02:16:12 | 000,269,824 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\pnrpsvc.dll -- (PNRPsvc) SRV - [2009.07.14 02:16:12 | 000,269,824 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\pnrpsvc.dll -- (p2pimsvc) SRV - [2009.07.14 02:16:12 | 000,165,376 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\provsvc.dll -- (HomeGroupProvider) SRV - [2009.07.14 02:16:12 | 000,020,480 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\pnrpauto.dll -- (PNRPAutoReg) SRV - [2009.07.14 02:15:41 | 000,680,960 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Programme\Windows Defender\MpSvc.dll -- (WinDefend) SRV - [2009.07.14 02:15:36 | 000,194,560 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\ListSvc.dll -- (HomeGroupListener) SRV - [2009.07.14 02:15:21 | 000,797,696 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Windows\System32\FntCache.dll -- (FontCache) SRV - [2009.07.14 02:15:11 | 000,253,440 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\System32\dhcpcore.dll -- (Dhcp) SRV - [2009.07.14 02:15:10 | 000,218,624 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\defragsvc.dll -- (defragsvc) SRV - [2009.07.14 02:14:59 | 000,076,800 | ---- | M] (Microsoft Corporation) [Unknown | Stopped] -- C:\Windows\System32\bdesvc.dll -- (BDESVC) SRV - [2009.07.14 02:14:58 | 000,088,064 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\AxInstSv.dll -- (AxInstSV) ActiveX-Installer (AxInstSV) SRV - [2009.07.14 02:14:53 | 000,027,648 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\appidsvc.dll -- (AppIDSvc) SRV - [2009.07.14 02:14:29 | 003,179,520 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\System32\sppsvc.exe -- (sppsvc) SRV - [2008.10.29 16:20:34 | 000,070,656 | ---- | M] () [Auto | Running] -- C:\Program Files\Realtek Semiconductor Corp\Realtek USB 2.0 Card Reader\reset.exe -- (resetWinService) SRV - [2007.06.05 13:20:32 | 000,177,704 | ---- | M] () [Auto | Running] -- C:\Windows\System32\PSIService.exe -- (ProtexisLicensing) SRV - [2003.04.18 18:06:26 | 000,008,192 | ---- | M] () [Auto | Stopped] -- C:\Windows\System32\srvany.exe -- (KMService) ========== Driver Services (SafeList) ========== DRV - [2010.11.02 21:29:28 | 000,126,856 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\Windows\System32\drivers\avipbb.sys -- (avipbb) DRV - [2010.11.02 21:29:28 | 000,060,936 | ---- | M] (Avira GmbH) [File_System | Auto | Running] -- C:\Windows\System32\drivers\avgntflt.sys -- (avgntflt) DRV - [2010.09.22 23:21:24 | 000,039,272 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\fssfltr.sys -- (fssfltr) DRV - [2010.07.01 16:52:18 | 000,044,432 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\dc3d.sys -- (dc3d) DRV - [2010.06.23 08:10:54 | 000,275,048 | ---- | M] (Realtek ) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\Rt86win7.sys -- (RTL8167) DRV - [2010.04.29 12:19:24 | 000,038,224 | ---- | M] (Malwarebytes Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\mbamswissarmy.sys -- (MBAMSwissArmy) DRV - [2010.03.25 20:30:22 | 000,042,368 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Running] -- C:\Windows\System32\drivers\MpNWMon.sys -- (MpNWMon) DRV - [2009.12.11 08:44:02 | 000,133,720 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Running] -- C:\Windows\System32\Drivers\ksecpkg.sys -- (KSecPkg) DRV - [2009.08.24 08:14:30 | 000,044,544 | ---- | M] (AzureWave Technologies, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\azvusb.sys -- (azvusb) DRV - [2009.08.13 19:07:23 | 000,025,280 | ---- | M] (LogMeIn, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\hamachi.sys -- (hamachi) DRV - [2009.07.14 02:26:21 | 000,015,952 | ---- | M] (CMD Technology, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\cmdide.sys -- (cmdide) DRV - [2009.07.14 02:26:17 | 000,297,552 | ---- | M] (Adaptec, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\adpahci.sys -- (adpahci) DRV - [2009.07.14 02:26:15 | 000,422,976 | ---- | M] (Adaptec, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\adp94xx.sys -- (adp94xx) DRV - [2009.07.14 02:26:15 | 000,159,312 | ---- | M] (AMD Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\amdsbs.sys -- (amdsbs) DRV - [2009.07.14 02:26:15 | 000,146,512 | ---- | M] (Adaptec, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\adpu320.sys -- (adpu320) DRV - [2009.07.14 02:26:15 | 000,086,608 | ---- | M] (Adaptec, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\arcsas.sys -- (arcsas) DRV - [2009.07.14 02:26:15 | 000,079,952 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\amdsata.sys -- (amdsata) DRV - [2009.07.14 02:26:15 | 000,076,368 | ---- | M] (Adaptec, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\arc.sys -- (arc) DRV - [2009.07.14 02:26:15 | 000,023,616 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Running] -- C:\Windows\system32\DRIVERS\amdxata.sys -- (amdxata) DRV - [2009.07.14 02:26:15 | 000,014,400 | ---- | M] (Acer Laboratories Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\aliide.sys -- (aliide) DRV - [2009.07.14 02:20:44 | 000,142,416 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\nvstor.sys -- (nvstor) DRV - [2009.07.14 02:20:44 | 000,117,312 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\nvraid.sys -- (nvraid) DRV - [2009.07.14 02:20:44 | 000,044,624 | ---- | M] (IBM Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\nfrd960.sys -- (nfrd960) DRV - [2009.07.14 02:20:37 | 000,089,168 | ---- | M] (LSI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\lsi_sas.sys -- (LSI_SAS) DRV - [2009.07.14 02:20:36 | 000,332,352 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\iaStorV.sys -- (iaStorV) DRV - [2009.07.14 02:20:36 | 000,235,584 | ---- | M] (LSI Corporation, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\MegaSR.sys -- (MegaSR) DRV - [2009.07.14 02:20:36 | 000,096,848 | ---- | M] (LSI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\lsi_scsi.sys -- (LSI_SCSI) DRV - [2009.07.14 02:20:36 | 000,095,824 | ---- | M] (LSI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\lsi_fc.sys -- (LSI_FC) DRV - [2009.07.14 02:20:36 | 000,054,864 | ---- | M] (LSI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\lsi_sas2.sys -- (LSI_SAS2) DRV - [2009.07.14 02:20:36 | 000,041,040 | ---- | M] (Intel Corp./ICP vortex GmbH) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\iirsp.sys -- (iirsp) DRV - [2009.07.14 02:20:36 | 000,030,800 | ---- | M] (LSI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\megasas.sys -- (megasas) DRV - [2009.07.14 02:20:36 | 000,013,904 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Running] -- C:\Windows\System32\drivers\hwpolicy.sys -- (hwpolicy) DRV - [2009.07.14 02:20:28 | 000,453,712 | ---- | M] (Emulex) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\elxstor.sys -- (elxstor) DRV - [2009.07.14 02:20:28 | 000,070,720 | ---- | M] (Adaptec, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\djsvs.sys -- (aic78xx) DRV - [2009.07.14 02:20:28 | 000,067,152 | ---- | M] (Hewlett-Packard Company) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\HpSAMD.sys -- (HpSAMD) DRV - [2009.07.14 02:20:28 | 000,046,160 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\System32\drivers\fsdepends.sys -- (FsDepends) DRV - [2009.07.14 02:19:11 | 000,141,904 | ---- | M] (VIA Technologies Inc.,Ltd) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\vsmraid.sys -- (vsmraid) DRV - [2009.07.14 02:19:10 | 000,175,824 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\vmbus.sys -- (vmbus) DRV - [2009.07.14 02:19:10 | 000,159,824 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\vhdmp.sys -- (vhdmp) DRV - [2009.07.14 02:19:10 | 000,040,896 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Running] -- C:\Windows\system32\DRIVERS\vmstorfl.sys -- (storflt) DRV - [2009.07.14 02:19:10 | 000,032,832 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Running] -- C:\Windows\system32\DRIVERS\vdrvroot.sys -- (vdrvroot) DRV - [2009.07.14 02:19:10 | 000,028,224 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\storvsc.sys -- (storvsc) DRV - [2009.07.14 02:19:10 | 000,019,008 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\System32\drivers\wimmount.sys -- (WIMMount) DRV - [2009.07.14 02:19:10 | 000,016,976 | ---- | M] (VIA Technologies, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\viaide.sys -- (viaide) DRV - [2009.07.14 02:19:04 | 001,383,488 | ---- | M] (QLogic Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\ql2300.sys -- (ql2300) DRV - [2009.07.14 02:19:04 | 000,173,648 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Running] -- C:\Windows\System32\drivers\rdyboost.sys -- (rdyboost) DRV - [2009.07.14 02:19:04 | 000,106,064 | ---- | M] (QLogic Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\ql40xx.sys -- (ql40xx) DRV - [2009.07.14 02:19:04 | 000,077,888 | ---- | M] (Silicon Integrated Systems) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\sisraid4.sys -- (SiSRaid4) DRV - [2009.07.14 02:19:04 | 000,043,088 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Running] -- C:\Windows\System32\drivers\pcw.sys -- (pcw) DRV - [2009.07.14 02:19:04 | 000,040,016 | ---- | M] (Silicon Integrated Systems Corp.) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\SiSRaid2.sys -- (SiSRaid2) DRV - [2009.07.14 02:19:04 | 000,021,072 | ---- | M] (Promise Technology) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\stexstor.sys -- (stexstor) DRV - [2009.07.14 02:17:54 | 000,369,568 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Running] -- C:\Windows\System32\Drivers\cng.sys -- (CNG) DRV - [2009.07.14 01:57:25 | 000,272,128 | ---- | M] (Brother Industries Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\Drivers\Brserid.sys -- (Brserid) Brother MFC Serial Port Interface Driver (WDM) DRV - [2009.07.14 01:02:41 | 000,018,944 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\rdpbus.sys -- (rdpbus) DRV - [2009.07.14 01:01:41 | 000,007,168 | ---- | M] (Microsoft Corporation) [Kernel | System | Running] -- C:\Windows\System32\drivers\RDPREFMP.sys -- (RDPREFMP) DRV - [2009.07.14 00:55:00 | 000,049,152 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\agilevpn.sys -- (RasAgileVpn) WAN Miniport (IKEv2) DRV - [2009.07.14 00:53:51 | 000,009,728 | ---- | M] (Microsoft Corporation) [Kernel | System | Running] -- C:\Windows\System32\drivers\wfplwf.sys -- (WfpLwf) DRV - [2009.07.14 00:52:44 | 000,027,136 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\ndiscap.sys -- (NdisCap) DRV - [2009.07.14 00:52:02 | 000,019,968 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\vwifibus.sys -- (vwifibus) DRV - [2009.07.14 00:52:00 | 000,163,328 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\1394ohci.sys -- (1394ohci) DRV - [2009.07.14 00:51:35 | 000,008,192 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\umpass.sys -- (UmPass) DRV - [2009.07.14 00:51:11 | 000,034,944 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\winusb.sys -- (WinUsb) DRV - [2009.07.14 00:51:08 | 000,004,096 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\mshidkmdf.sys -- (mshidkmdf) DRV - [2009.07.14 00:46:55 | 000,012,288 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\MTConfig.sys -- (MTConfig) DRV - [2009.07.14 00:45:26 | 000,031,232 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\CompositeBus.sys -- (CompositeBus) DRV - [2009.07.14 00:36:52 | 000,050,176 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\drivers\appid.sys -- (AppID) DRV - [2009.07.14 00:33:50 | 000,026,624 | ---- | M] (Microsoft Corporation) [Kernel | Unknown | Stopped] -- C:\Windows\System32\drivers\scfilter.sys -- (scfilter) DRV - [2009.07.14 00:28:47 | 000,005,632 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\vms3cap.sys -- (s3cap) DRV - [2009.07.14 00:28:45 | 000,017,920 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\VMBusHID.sys -- (VMBusHID) DRV - [2009.07.14 00:24:05 | 000,032,256 | ---- | M] (Microsoft Corporation) [Kernel | System | Running] -- C:\Windows\System32\drivers\discache.sys -- (discache) DRV - [2009.07.14 00:16:36 | 000,009,728 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\acpipmi.sys -- (AcpiPmi) DRV - [2009.07.14 00:11:04 | 000,052,736 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\amdppm.sys -- (AmdPPM) DRV - [2009.07.13 23:54:14 | 000,026,624 | ---- | M] (Hauppauge Computer Works, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\drivers\hcw85cir.sys -- (hcw85cir) DRV - [2009.07.13 23:53:33 | 000,012,160 | ---- | M] (Brother Industries Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\Drivers\BrUsbMdm.sys -- (BrUsbMdm) DRV - [2009.07.13 23:53:33 | 000,011,904 | ---- | M] (Brother Industries Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\Drivers\BrUsbSer.sys -- (BrUsbSer) DRV - [2009.07.13 23:53:32 | 000,062,336 | ---- | M] (Brother Industries Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\Drivers\BrSerWdm.sys -- (BrSerWdm) DRV - [2009.07.13 23:53:28 | 000,013,568 | ---- | M] (Brother Industries, Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\BrFiltLo.sys -- (BrFiltLo) DRV - [2009.07.13 23:53:28 | 000,005,248 | ---- | M] (Brother Industries, Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\BrFiltUp.sys -- (BrFiltUp) DRV - [2009.07.13 23:02:51 | 004,231,168 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\netw5v32.sys -- (netw5v32) Intel(R) DRV - [2009.07.13 23:02:49 | 000,229,888 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\b57nd60x.sys -- (b57nd60x) DRV - [2009.07.13 23:02:48 | 003,100,160 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\evbdx.sys -- (ebdrv) DRV - [2009.07.13 23:02:48 | 000,430,080 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\bxvbdx.sys -- (b06bdrv) DRV - [2009.06.26 21:55:12 | 000,066,080 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\nvhda32v.sys -- (NVHDA) DRV - [2009.05.11 09:12:49 | 000,028,520 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\Windows\System32\drivers\ssmdrv.sys -- (ssmdrv) DRV - [2009.03.26 07:00:02 | 000,064,000 | ---- | M] (Realtek Semiconductor Corp.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\RTSTOR.sys -- (RTSTOR) DRV - [2009.02.27 13:24:10 | 000,205,232 | ---- | M] (Synaptics Incorporated) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\SynTP.sys -- (SynTP) DRV - [2009.02.10 06:38:00 | 007,547,360 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\nvlddmkm.sys -- (nvlddmkm) DRV - [2008.12.29 18:06:54 | 001,799,808 | ---- | M] () [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\snp2uvc.sys -- (SNP2UVC) USB2.0 PC Camera (SNP2UVC) DRV - [2008.10.31 11:43:30 | 002,231,456 | ---- | M] (Realtek Semiconductor Corp.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\RTKVHDA.sys -- (IntcAzAudAddService) Service for Realtek HD Audio (WDM) DRV - [2008.10.04 01:17:24 | 000,133,120 | ---- | M] (Realtek Corporation ) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\Rtlh86.sys -- (RTL8169) DRV - [2008.06.26 12:43:06 | 000,819,072 | ---- | M] (DiBcom SA) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\mod7700.sys -- (mod7700) DRV - [2008.02.21 10:11:12 | 000,041,216 | ---- | M] (Service & Quality Technology.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\Capt9052.sys -- (SQTECH9052) DRV - [2007.10.19 12:22:04 | 000,013,824 | ---- | M] (DiBcom S.A.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\modrc.sys -- (MODRC) DRV - [2007.05.03 11:21:08 | 000,029,056 | ---- | M] (Service & Quality Technology.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\Capt905c.sys -- (SQTECH905C) DRV - [2007.03.26 22:04:52 | 000,219,648 | ---- | M] (Realtek Semiconductor Corporation ) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\hpl8187.sys -- (RTL8187) DRV - [2007.01.04 11:15:08 | 000,009,336 | ---- | M] (Internals.com - The best online resource for system programmers) [Kernel | On_Demand | Running] -- C:\Windows\System32\WinIo.sys -- (WINIO) DRV - [2006.12.01 13:53:32 | 000,015,360 | R--- | M] (Windows (R) Codename Longhorn DDK provider) [Kernel | System | Running] -- C:\Windows\System32\drivers\RtlProt.sys -- (RtlProt) DRV - [2006.11.28 20:46:24 | 000,028,224 | ---- | M] (Printing Communications Assoc., Inc. (PCAUSA)) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\PCAMp50.sys -- (PCAMp50) DRV - [2006.11.28 20:46:22 | 000,027,072 | ---- | M] (Printing Communications Assoc., Inc. (PCAUSA)) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\PCASp50.sys -- (PCASp50) DRV - [2006.11.10 15:05:00 | 000,018,688 | ---- | M] (Arcsoft, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\afc.sys -- (Afc) ========== Standard Registry (SafeList) ========== ========== Internet Explorer ========== IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = Welcome to ALDI IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = Welcome to ALDI IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = Search IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,StartPageCache = 1 IE - HKCU\..\URLSearchHook: {c2db4fe6-8409-45ce-8010-189a7b5cce86} - Reg Error: Key error. File not found IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 ========== FireFox ========== FF - prefs.js..browser.search.defaultthis.engineName: "NCH Customized Web Search" FF - prefs.js..browser.search.defaulturl: "hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT2117678&SearchSource=3&q={searchTerms}" FF - prefs.js..browser.search.selectedEngine: "NCH Customized Web Search" FF - prefs.js..browser.search.useDBForOrder: true FF - prefs.js..browser.startup.homepage: "hxxp://www.google.de" FF - prefs.js..extensions.enabledItems: {b9db16a4-6edc-47ec-a1f4-b86292ed211d}:4.8.1 FF - prefs.js..extensions.enabledItems: smarterwiki@wikiatic.com:4.1.7 FF - prefs.js..extensions.enabledItems: {ef4e370e-d9f0-4e00-b93e-a4f274cfdd5a}:1.3 FF - prefs.js..extensions.enabledItems: googletube@googletube.com:2.0.2 FF - prefs.js..extensions.enabledItems: videosurf_enhanced@videosurf.com:0.76 FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA}:6.0.21 FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}:6.0.22 FF - prefs.js..keyword.URL: "hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT2304564&SearchSource=2&q=" FF - prefs.js..network.proxy.no_proxies_on: "*.local" FF - HKLM\software\mozilla\Firefox\Extensions\\{fa46cb24-1d5b-4048-911a-2857a0944395}: C:\Program Files\FVD Suite\addons\Firefox [2010.05.25 00:32:17 | 000,000,000 | ---D | M] FF - HKLM\software\mozilla\Mozilla Firefox 3.6.10\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2010.10.24 20:51:05 | 000,000,000 | ---D | M] FF - HKLM\software\mozilla\Mozilla Firefox 3.6.10\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2010.10.24 20:51:05 | 000,000,000 | ---D | M] [2009.11.11 20:23:59 | 000,000,000 | ---D | M] -- C:\Users\Tanja\AppData\Roaming\mozilla\Extensions [2010.10.24 21:32:37 | 000,000,000 | ---D | M] -- C:\Users\Tanja\AppData\Roaming\mozilla\Firefox\Profiles\bbkadabm.default\extensions [2010.05.20 23:05:23 | 000,000,000 | ---D | M] (Microsoft .NET Framework Assistant) -- C:\Users\Tanja\AppData\Roaming\mozilla\Firefox\Profiles\bbkadabm.default\extensions\{20a82645-c095-46ed-80e3-08825760534b} [2010.10.24 20:44:01 | 000,000,000 | ---D | M] (DownloadHelper) -- C:\Users\Tanja\AppData\Roaming\mozilla\Firefox\Profiles\bbkadabm.default\extensions\{b9db16a4-6edc-47ec-a1f4-b86292ed211d} [2010.01.25 18:44:29 | 000,000,000 | ---D | M] (FoxTab) -- C:\Users\Tanja\AppData\Roaming\mozilla\Firefox\Profiles\bbkadabm.default\extensions\{ef4e370e-d9f0-4e00-b93e-a4f274cfdd5a} [2010.04.09 21:20:27 | 000,000,000 | ---D | M] -- C:\Users\Tanja\AppData\Roaming\mozilla\Firefox\Profiles\bbkadabm.default\extensions\googletube@googletube.com [2010.09.12 08:01:26 | 000,000,000 | ---D | M] -- C:\Users\Tanja\AppData\Roaming\mozilla\Firefox\Profiles\bbkadabm.default\extensions\smarterwiki@wikiatic.com [2010.10.24 20:44:11 | 000,000,000 | ---D | M] -- C:\Users\Tanja\AppData\Roaming\mozilla\Firefox\Profiles\bbkadabm.default\extensions\videosurf_enhanced@videosurf.com [2010.09.22 09:42:42 | 000,000,909 | ---- | M] () -- C:\Users\Tanja\AppData\Roaming\Mozilla\FireFox\Profiles\bbkadabm.default\searchplugins\conduit.xml [2010.07.08 19:24:40 | 000,003,915 | ---- | M] () -- C:\Users\Tanja\AppData\Roaming\Mozilla\FireFox\Profiles\bbkadabm.default\searchplugins\sweetim.xml [2010.10.14 22:30:40 | 000,000,000 | ---D | M] -- C:\Programme\Mozilla Firefox\extensions [2010.08.06 23:40:09 | 000,000,000 | ---D | M] (Java Console) -- C:\Programme\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA} [2010.10.14 22:30:41 | 000,000,000 | ---D | M] (Java Console) -- C:\Programme\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA} [2010.09.15 03:50:38 | 000,472,808 | ---- | M] (Sun Microsystems, Inc.) -- C:\Programme\Mozilla Firefox\plugins\npdeployJava1.dll [2009.09.21 09:59:40 | 001,275,296 | ---- | M] (1 mal 1 Software GmbH) -- C:\Programme\Mozilla Firefox\plugins\NpFv501.dll [2009.10.26 15:53:52 | 000,102,400 | ---- | M] (Zylom) -- C:\Programme\Mozilla Firefox\plugins\npzylomgamesplayer.dll [2010.09.10 22:42:38 | 000,001,392 | ---- | M] () -- C:\Programme\Mozilla Firefox\searchplugins\amazondotcom-de.xml [2010.09.10 22:42:38 | 000,002,344 | ---- | M] () -- C:\Programme\Mozilla Firefox\searchplugins\eBay-de.xml [2010.09.10 22:42:38 | 000,006,805 | ---- | M] () -- C:\Programme\Mozilla Firefox\searchplugins\leo_ende_de.xml [2010.09.10 22:42:39 | 000,001,178 | ---- | M] () -- C:\Programme\Mozilla Firefox\searchplugins\wikipedia-de.xml [2010.09.10 22:42:39 | 000,001,105 | ---- | M] () -- C:\Programme\Mozilla Firefox\searchplugins\yahoo-de.xml O1 HOSTS File: ([2006.09.18 22:41:30 | 000,000,761 | ---- | M]) - C:\Windows\System32\drivers\etc\hosts O1 - Hosts: 127.0.0.1 localhost O1 - Hosts: ::1 localhost O2 - BHO: (Conduit Engine) - {30F9B915-B755-4826-820B-08FBA6BD249D} - C:\Programme\ConduitEngine\ConduitEngine.dll (Conduit Ltd.) O2 - BHO: (Search Helper) - {6EBF7485-159F-4bff-A14F-B9E3AAC4465B} - C:\Programme\Microsoft\Search Enhancement Pack\Search Helper\SEPsearchhelperie.dll (Microsoft Corporation) O2 - BHO: (Groove GFS Browser Helper) - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Programme\Microsoft Office\Office14\GROOVEEX.DLL (Microsoft Corporation) O2 - BHO: (Windows Live ID Sign-in Helper) - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Programme\Common Files\microsoft shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.) O2 - BHO: (Windows Live Messenger Companion Helper) - {9FDDE16B-836F-4806-AB1F-1455CBEFF289} - C:\Programme\Windows Live\Companion\companioncore.dll (Microsoft Corporation) O2 - BHO: (Google Toolbar Helper) - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Programme\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.) O2 - BHO: (Google Toolbar Notifier BHO) - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Programme\Google\GoogleToolbarNotifier\5.6.5805.1910\swg.dll (Google Inc.) O2 - BHO: (Office Document Cache Handler) - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Programme\Microsoft Office\Office14\URLREDIR.DLL (Microsoft Corporation) O3 - HKLM\..\Toolbar: (Google Toolbar) - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Programme\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.) O3 - HKLM\..\Toolbar: (Conduit Engine) - {30F9B915-B755-4826-820B-08FBA6BD249D} - C:\Programme\ConduitEngine\ConduitEngine.dll (Conduit Ltd.) O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {21FA44EF-376D-4D53-9B0F-8A89D3229068} - No CLSID value found. O3 - HKCU\..\Toolbar\WebBrowser: (Google Toolbar) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - C:\Programme\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.) O4 - HKLM..\Run: [ArcSoft Connection Service] C:\Programme\Common Files\ArcSoft\Connection Service\Bin\ACDaemon.exe (ArcSoft Inc.) O4 - HKLM..\Run: [avgnt] C:\Program Files\Avira\AntiVir Desktop\avgnt.exe (Avira GmbH) O4 - HKLM..\Run: [BCSSync] C:\Program Files\Microsoft Office\Office14\BCSSync.exe (Microsoft Corporation) O4 - HKLM..\Run: [HPWireless] C:\Program Files\HP Wireless Adapter\HPWLAN.exe () O4 - HKLM..\Run: [ Malwarebytes Anti-Malware (reboot)] C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe (Malwarebytes Corporation) O4 - HKLM..\Run: [MDS_Menu] C:\Program Files\HomeCinema\MediaShow4\MUITransfer\MUIStartMenu.exe (CyberLink Corp.) O4 - HKLM..\Run: [MSSE] c:\Program Files\Microsoft Security Essentials\msseces.exe (Microsoft Corporation) O4 - HKLM..\Run: [NvCplDaemon] C:\Windows\System32\NvCpl.DLL (NVIDIA Corporation) O4 - HKLM..\Run: [NvMediaCenter] C:\Windows\System32\NvMcTray.DLL (NVIDIA Corporation) O4 - HKLM..\Run: [PDVD8LanguageShortcut] C:\Program Files\HomeCinema\PowerDVD8\Language\Language.exe () O4 - HKLM..\Run: [RtHDVCpl] C:\Programme\Realtek\Audio\HDA\RtHDVCpl.exe (Realtek Semiconductor) O4 - HKLM..\Run: [Skytel] C:\Programme\Realtek\Audio\HDA\SkyTel.exe (Realtek Semiconductor Corp.) O4 - HKLM..\Run: [tsnp2uvc] C:\Windows\tsnp2uvc.exe () O4 - HKLM..\Run: [UCam_Menu] C:\Program Files\HomeCinema\YouCam\MUITransfer\MUIStartMenu.exe (CyberLink Corp.) O4 - HKCU..\Run: [Corel Photo Downloader] C:\Program Files\Common Files\Corel\Corel PhotoDownloader\Corel Photo Downloader.exe File not found O4 - HKCU..\Run: [FVDSuite] C:\Program Files\FVD Suite\fvdbox.exe () O4 - HKCU..\Run: [IndxStoreSvr_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] C:\Program Files\Common Files\Nero\Lib\NMIndexStoreSvr.exe (Nero AG) O4 - HKCU..\Run: [ISUSPM] C:\Program Files\Common Files\InstallShield\UpdateService\ISUSPM.exe (Macrovision Corporation) O4 - HKCU..\Run: [OfficeSyncProcess] C:\Program Files\Microsoft Office\Office14\MSOSYNC.EXE (Microsoft Corporation) O4 - HKCU..\Run: [RemoTerm.exe] C:\Programme\Common Files\PCTV Systems\RemoTerm\remoterm.exe (PCTV Systems S.à r.l.) O4 - HKCU..\Run: [swg] C:\Programme\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe (Google Inc.) O4 - HKLM..\RunOnce: [Malwarebytes' Anti-Malware] C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe (Malwarebytes Corporation) O4 - Startup: C:\Users\Tanja\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OneNote 2010 Bildschirmausschnitt- und Startprogramm.lnk = C:\Programme\Microsoft Office\Office14\ONENOTEM.EXE (Microsoft Corporation) O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 28 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3 O8 - Extra context menu item: An OneNote s&enden - C:\Programme\Microsoft Office\Office14\ONBttnIE.dll (Microsoft Corporation) O8 - Extra context menu item: Nach Microsoft E&xcel exportieren - C:\Programme\Microsoft Office\Office14\EXCEL.EXE (Microsoft Corporation) O9 - Extra Button: @C:\Program Files\Windows Live\Companion\companionlang.dll,-600 - {0000036B-C524-4050-81A0-243669A86B9F} - C:\Programme\Windows Live\Companion\companioncore.dll (Microsoft Corporation) O9 - Extra Button: eBay - Der weltweite Online-Marktplatz - {0B65DCC9-1740-43dc-B19C-4F309FB6A6CA} - File not found O9 - Extra 'Tools' menuitem : eBay - {0B65DCC9-1740-43dc-B19C-4F309FB6A6CA} - File not found O9 - Extra Button: @C:\Program Files\Windows Live\Writer\WindowsLiveWriterShortcuts.dll,-1004 - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Programme\Windows Live\Writer\WriterBrowserExtension.dll (Microsoft Corporation) O9 - Extra 'Tools' menuitem : @C:\Program Files\Windows Live\Writer\WindowsLiveWriterShortcuts.dll,-1003 - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Programme\Windows Live\Writer\WriterBrowserExtension.dll (Microsoft Corporation) O9 - Extra Button: An OneNote senden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Programme\Microsoft Office\Office14\ONBttnIE.dll (Microsoft Corporation) O9 - Extra 'Tools' menuitem : An OneNote s&enden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Programme\Microsoft Office\Office14\ONBttnIE.dll (Microsoft Corporation) O9 - Extra Button: Verknüpfte &OneNote-Notizen - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Programme\Microsoft Office\Office14\ONBttnIELinkedNotes.dll (Microsoft Corporation) O9 - Extra 'Tools' menuitem : Verknüpfte &OneNote-Notizen - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Programme\Microsoft Office\Office14\ONBttnIELinkedNotes.dll (Microsoft Corporation) O10 - NameSpace_Catalog5\Catalog_Entries\000000000007 [] - C:\Programme\Common Files\microsoft shared\Windows Live\WLIDNSP.DLL (Microsoft Corp.) O10 - NameSpace_Catalog5\Catalog_Entries\000000000008 [] - C:\Programme\Common Files\microsoft shared\Windows Live\WLIDNSP.DLL (Microsoft Corp.) O13 - gopher Prefix: missing O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab (Java Plug-in 1.6.0_22) O16 - DPF: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab (Java Plug-in 1.6.0_22) O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab (Java Plug-in 1.6.0_22) O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab (Reg Error: Key error.) O16 - DPF: CabBuilder hxxp://kiw.imgag.com/imgag/kiw/toolbar/download/InstallerControl.cab (Reg Error: Key error.) O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.0.1 O18 - Protocol\Handler\livecall {828030A1-22C1-4009-854F-8E305202313F} - C:\Programme\Windows Live\Messenger\msgrapp.dll (Microsoft Corporation) O18 - Protocol\Handler\ms-help {314111c7-a502-11d2-bbca-00c04f8ec294} - C:\Programme\Common Files\microsoft shared\Help\hxds.dll (Microsoft Corporation) O18 - Protocol\Handler\ms-itss {0A9007C0-4076-11D3-8789-0000F8105754} - C:\Programme\Common Files\microsoft shared\Information Retrieval\msitss.dll (Microsoft Corporation) O18 - Protocol\Handler\msnim {828030A1-22C1-4009-854F-8E305202313F} - C:\Programme\Windows Live\Messenger\msgrapp.dll (Microsoft Corporation) O18 - Protocol\Handler\wlmailhtml {03C514A3-1EFB-4856-9F99-10D7BE1653C0} - C:\Programme\Windows Live\Mail\mailcomm.dll (Microsoft Corporation) O18 - Protocol\Handler\wlpg {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - C:\Programme\Windows Live\Photo Gallery\AlbumDownloadProtocolHandler.dll (Microsoft Corporation) O18 - Protocol\Filter\text/xml {807573E5-5146-11D5-A672-00B0D022E945} - C:\Programme\Common Files\microsoft shared\OFFICE14\MSOXMLMF.DLL (Microsoft Corporation) O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation) O20 - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\Windows\System32\SystemPropertiesPerformance.exe (Microsoft Corporation) O20 - HKLM Winlogon: VMApplet - (/pagefile) - File not found O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - CLSID or File not found. O24 - Desktop WallPaper: C:\Windows\Web\Wallpaper\img17.jpg O24 - Desktop BackupWallPaper: C:\Windows\Web\Wallpaper\img17.jpg O28 - HKLM ShellExecuteHooks: {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - C:\Programme\Microsoft Office\Office14\GROOVEEX.DLL (Microsoft Corporation) O30 - LSA: Security Packages - (pku2u) - C:\Windows\System32\pku2u.dll (Microsoft Corporation) O30 - LSA: Security Packages - (livessp) - C:\Windows\System32\livessp.dll (Microsoft Corp.) O32 - HKLM CDRom: AutoRun - 1 O32 - AutoRun File - [2009.06.10 22:42:20 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ] O34 - HKLM BootExecute: (autocheck autochk *) - File not found O35 - HKLM\..comfile [open] -- "%1" %* O35 - HKLM\..exefile [open] -- "%1" %* O37 - HKLM\...com [@ = comfile] -- "%1" %* O37 - HKLM\...exe [@ = exefile] -- "%1" %* ========== Files/Folders - Created Within 30 Days ========== [2010.11.10 20:04:03 | 000,000,000 | ---D | C] -- C:\Users\Tanja\AppData\Roaming\Malwarebytes [2010.11.10 20:03:16 | 000,038,224 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbamswissarmy.sys [2010.11.10 20:03:12 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes [2010.11.10 20:03:11 | 000,020,952 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbam.sys [2010.11.10 20:03:11 | 000,000,000 | ---D | C] -- C:\Programme\Malwarebytes' Anti-Malware [2010.11.07 22:08:01 | 000,000,000 | ---D | C] -- C:\3deba8a28df77001249338e30aff [2010.10.26 19:48:06 | 000,641,536 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\CPFilters.dll [2010.10.26 19:48:06 | 000,417,792 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msdri.dll [2010.10.26 19:48:05 | 000,204,288 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\MSNP.ax [2010.10.26 19:48:05 | 000,199,680 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mpg2splt.ax [2010.10.26 19:47:11 | 000,026,504 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\drivers\Diskdump.sys [2010.10.24 22:05:40 | 000,000,000 | ---D | C] -- C:\Programme\ProgDVB [2010.10.14 22:30:32 | 000,153,376 | ---- | C] (Sun Microsystems, Inc.) -- C:\Windows\System32\javaws.exe [2010.10.14 22:30:32 | 000,145,184 | ---- | C] (Sun Microsystems, Inc.) -- C:\Windows\System32\javaw.exe [2010.10.14 22:30:32 | 000,145,184 | ---- | C] (Sun Microsystems, Inc.) -- C:\Windows\System32\java.exe [2010.10.14 22:23:26 | 000,599,040 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msfeeds.dll [2010.10.14 22:23:25 | 000,044,544 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\licmgr10.dll [2010.10.14 22:23:24 | 000,606,208 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mstime.dll [2010.10.14 22:23:24 | 000,381,440 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\iedkcs32.dll [2010.10.14 22:23:24 | 000,185,856 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\iepeers.dll [2010.10.14 22:23:24 | 000,176,640 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ieui.dll [2010.10.14 22:23:23 | 000,386,048 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\html.iec [2010.10.14 22:23:23 | 000,064,512 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msfeedsbs.dll [2010.10.14 22:23:23 | 000,048,128 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\jsproxy.dll [2010.10.14 22:23:23 | 000,012,800 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msfeedssync.exe [2010.10.14 22:23:22 | 001,638,912 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mshtml.tlb [2010.10.14 22:21:37 | 012,625,408 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\wmploc.DLL [2010.10.14 22:21:25 | 002,327,552 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\win32k.sys [2010.10.14 22:21:21 | 000,109,056 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\t2embed.dll [2010.10.14 22:21:16 | 000,954,752 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mfc40.dll [2010.10.14 22:21:16 | 000,954,288 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mfc40u.dll [2010.10.14 22:20:31 | 000,738,816 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\wmpmde.dll [2010.10.14 22:19:14 | 000,363,520 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\StructuredQuery.dll [2010.10.11 21:28:12 | 000,000,000 | ---D | C] -- C:\Users\Public\Documents\Bibi Blocksberg Musical [2009.02.27 18:17:28 | 000,225,280 | ---- | C] ( ) -- C:\Windows\System32\rsnp2uvc.dll [2009.02.27 18:17:27 | 000,176,128 | ---- | C] ( ) -- C:\Windows\System32\csnp2uvc.dll [1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ] ========== Files - Modified Within 30 Days ========== [2010.11.10 20:53:36 | 004,456,448 | -HS- | M] () -- C:\Users\Tanja\ntuser.dat [2010.11.10 20:48:31 | 000,054,016 | ---- | M] () -- C:\Windows\System32\drivers\yxnjbs.sys [2010.11.10 20:04:00 | 000,001,096 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job [2010.11.10 20:03:20 | 000,000,983 | ---- | M] () -- C:\Users\Public\Desktop\Malwarebytes' Anti-Malware.lnk [2010.11.10 19:55:00 | 000,001,118 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-1525923240-875606291-1102414602-1000UA.job [2010.11.10 12:55:11 | 000,000,868 | ---- | M] () -- C:\Windows\tasks\Google Software Updater.job [2010.11.10 04:16:11 | 000,001,066 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-1525923240-875606291-1102414602-1000Core.job [2010.11.10 04:13:30 | 000,001,092 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job [2010.11.10 04:06:11 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat [2010.11.09 20:15:04 | 000,013,232 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0 [2010.11.09 20:15:04 | 000,013,232 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0 [2010.11.09 20:09:05 | 000,524,288 | -HS- | M] () -- C:\Users\Tanja\ntuser.dat{bdb0c006-ec34-11df-8315-001f1617af5a}.TMContainer00000000000000000002.regtrans-ms [2010.11.09 20:09:05 | 000,524,288 | -HS- | M] () -- C:\Users\Tanja\ntuser.dat{bdb0c006-ec34-11df-8315-001f1617af5a}.TMContainer00000000000000000001.regtrans-ms [2010.11.09 20:09:05 | 000,065,536 | -HS- | M] () -- C:\Users\Tanja\ntuser.dat{bdb0c006-ec34-11df-8315-001f1617af5a}.TM.blf [2010.11.09 20:09:05 | 000,000,006 | -H-- | M] () -- C:\Windows\tasks\SA.DAT [2010.11.09 20:08:39 | 2411,888,640 | -HS- | M] () -- C:\hiberfil.sys [2010.11.08 05:28:19 | 003,008,575 | -H-- | M] () -- C:\Users\Tanja\AppData\Local\IconCache.db [2010.11.07 21:47:59 | 838,871,532 | ---- | M] () -- C:\Users\Tanja\Documents\Image.nrg [2010.11.07 21:36:53 | 838,871,532 | ---- | M] () -- C:\Users\Tanja\Documents\------------------------------------------------------------------------------------------------------------.nrg [2010.11.07 21:30:38 | 838,871,532 | ---- | M] () -- C:\Users\Tanja\Documents\wimmel-bil-da.nrg [2010.11.07 21:11:33 | 838,871,532 | ---- | M] () -- C:\Users\Tanja\Documents\wimmel----------------------------------------.nrg [2010.11.02 21:29:28 | 000,126,856 | ---- | M] (Avira GmbH) -- C:\Windows\System32\drivers\avipbb.sys [2010.11.02 21:29:28 | 000,060,936 | ---- | M] (Avira GmbH) -- C:\Windows\System32\drivers\avgntflt.sys [2010.11.01 05:19:08 | 000,679,342 | ---- | M] () -- C:\Windows\System32\prfh0816.dat [2010.11.01 05:19:08 | 000,663,804 | ---- | M] () -- C:\Windows\System32\prfh0416.dat [2010.11.01 05:19:08 | 000,610,202 | ---- | M] () -- C:\Windows\System32\perfh01F.dat [2010.11.01 05:19:08 | 000,377,870 | ---- | M] () -- C:\Windows\System32\prfh0404.dat [2010.11.01 05:19:08 | 000,361,768 | ---- | M] () -- C:\Windows\System32\prfh0804.dat [2010.11.01 05:19:08 | 000,133,752 | ---- | M] () -- C:\Windows\System32\prfc0816.dat [2010.11.01 05:19:08 | 000,128,094 | ---- | M] () -- C:\Windows\System32\prfc0416.dat [2010.11.01 05:19:08 | 000,121,526 | ---- | M] () -- C:\Windows\System32\perfc01F.dat [2010.11.01 05:19:08 | 000,104,248 | ---- | M] () -- C:\Windows\System32\prfc0804.dat [2010.11.01 05:19:08 | 000,099,334 | ---- | M] () -- C:\Windows\System32\prfc0404.dat [2010.11.01 05:19:07 | 000,694,430 | ---- | M] () -- C:\Windows\System32\perfh00C.dat [2010.11.01 05:19:07 | 000,693,454 | ---- | M] () -- C:\Windows\System32\perfh00A.dat [2010.11.01 05:19:07 | 000,691,192 | ---- | M] () -- C:\Windows\System32\perfh013.dat [2010.11.01 05:19:07 | 000,689,726 | ---- | M] () -- C:\Windows\System32\perfh015.dat [2010.11.01 05:19:07 | 000,689,108 | ---- | M] () -- C:\Windows\System32\perfh010.dat [2010.11.01 05:19:07 | 000,675,958 | ---- | M] () -- C:\Windows\System32\perfh019.dat [2010.11.01 05:19:07 | 000,632,180 | ---- | M] () -- C:\Windows\System32\perfh00E.dat [2010.11.01 05:19:07 | 000,617,568 | ---- | M] () -- C:\Windows\System32\perfh01D.dat [2010.11.01 05:19:07 | 000,616,008 | ---- | M] () -- C:\Windows\System32\perfh009.dat [2010.11.01 05:19:07 | 000,448,586 | ---- | M] () -- C:\Windows\System32\perfh014.dat [2010.11.01 05:19:07 | 000,433,388 | ---- | M] () -- C:\Windows\System32\perfh00B.dat [2010.11.01 05:19:07 | 000,399,736 | ---- | M] () -- C:\Windows\System32\perfh012.dat [2010.11.01 05:19:07 | 000,388,518 | ---- | M] () -- C:\Windows\System32\perfh011.dat [2010.11.01 05:19:07 | 000,353,522 | ---- | M] () -- C:\Windows\System32\perfh00D.dat [2010.11.01 05:19:07 | 000,148,310 | ---- | M] () -- C:\Windows\System32\perfc00E.dat [2010.11.01 05:19:07 | 000,137,062 | ---- | M] () -- C:\Windows\System32\perfc00A.dat [2010.11.01 05:19:07 | 000,134,840 | ---- | M] () -- C:\Windows\System32\perfc015.dat [2010.11.01 05:19:07 | 000,132,940 | ---- | M] () -- C:\Windows\System32\perfc013.dat [2010.11.01 05:19:07 | 000,132,516 | ---- | M] () -- C:\Windows\System32\perfc019.dat [2010.11.01 05:19:07 | 000,130,140 | ---- | M] () -- C:\Windows\System32\perfc00C.dat [2010.11.01 05:19:07 | 000,127,144 | ---- | M] () -- C:\Windows\System32\perfc010.dat [2010.11.01 05:19:07 | 000,123,740 | ---- | M] () -- C:\Windows\System32\perfc01D.dat [2010.11.01 05:19:07 | 000,106,388 | ---- | M] () -- C:\Windows\System32\perfc011.dat [2010.11.01 05:19:07 | 000,104,676 | ---- | M] () -- C:\Windows\System32\perfc012.dat [2010.11.01 05:19:07 | 000,082,148 | ---- | M] () -- C:\Windows\System32\perfc00B.dat [2010.11.01 05:19:07 | 000,077,096 | ---- | M] () -- C:\Windows\System32\perfc014.dat [2010.11.01 05:19:07 | 000,069,094 | ---- | M] () -- C:\Windows\System32\perfc00D.dat [2010.11.01 05:19:06 | 016,093,662 | ---- | M] () -- C:\Windows\System32\PerfStringBackup.INI [2010.11.01 05:19:06 | 000,654,166 | ---- | M] () -- C:\Windows\System32\perfh007.dat [2010.11.01 05:19:06 | 000,623,144 | ---- | M] () -- C:\Windows\System32\perfh005.dat [2010.11.01 05:19:06 | 000,551,770 | ---- | M] () -- C:\Windows\System32\perfh008.dat [2010.11.01 05:19:06 | 000,462,172 | ---- | M] () -- C:\Windows\System32\perfh006.dat [2010.11.01 05:19:06 | 000,434,486 | ---- | M] () -- C:\Windows\System32\perfh001.dat [2010.11.01 05:19:06 | 000,130,006 | ---- | M] () -- C:\Windows\System32\perfc007.dat [2010.11.01 05:19:06 | 000,121,788 | ---- | M] () -- C:\Windows\System32\perfc005.dat [2010.11.01 05:19:06 | 000,106,388 | ---- | M] () -- C:\Windows\System32\perfc009.dat [2010.11.01 05:19:06 | 000,089,436 | ---- | M] () -- C:\Windows\System32\perfc008.dat [2010.11.01 05:19:06 | 000,079,804 | ---- | M] () -- C:\Windows\System32\perfc006.dat [2010.11.01 05:19:06 | 000,078,984 | ---- | M] () -- C:\Windows\System32\perfc001.dat [2010.10.24 20:53:39 | 000,002,560 | ---- | M] () -- C:\Windows\_MSRSTRT.EXE [2010.10.21 19:56:36 | 000,028,568 | ---- | M] () -- C:\Users\Tanja\Desktop\Microsoft Office PowerPoint 2007-Präsentation (neu).pptx [2010.10.21 19:48:12 | 000,001,002 | ---- | M] () -- C:\Users\Tanja\Desktop\PCTV 2001e - Verknüpfung.lnk [2010.10.21 19:00:46 | 000,000,349 | ---- | M] () -- C:\Users\Public\Documents\PCLECHAL.INI [2010.10.19 21:51:33 | 000,222,080 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\MpSigStub.exe [2010.10.17 01:15:37 | 000,500,792 | ---- | M] () -- C:\Windows\System32\FNTCACHE.DAT [2010.10.17 00:34:36 | 000,001,033 | ---- | M] () -- C:\Users\Public\Desktop\Microsoft Security Essentials.lnk [1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ] ========== Files Created - No Company Name ========== [2010.11.10 20:48:31 | 000,054,016 | ---- | C] () -- C:\Windows\System32\drivers\yxnjbs.sys [2010.11.10 20:03:20 | 000,000,983 | ---- | C] () -- C:\Users\Public\Desktop\Malwarebytes' Anti-Malware.lnk [2010.11.09 20:09:05 | 000,524,288 | -HS- | C] () -- C:\Users\Tanja\ntuser.dat{bdb0c006-ec34-11df-8315-001f1617af5a}.TMContainer00000000000000000002.regtrans-ms [2010.11.09 20:09:05 | 000,524,288 | -HS- | C] () -- C:\Users\Tanja\ntuser.dat{bdb0c006-ec34-11df-8315-001f1617af5a}.TMContainer00000000000000000001.regtrans-ms [2010.11.09 20:09:05 | 000,065,536 | -HS- | C] () -- C:\Users\Tanja\ntuser.dat{bdb0c006-ec34-11df-8315-001f1617af5a}.TM.blf [2010.11.07 21:45:36 | 838,871,532 | ---- | C] () -- C:\Users\Tanja\Documents\Image.nrg [2010.11.07 21:34:25 | 838,871,532 | ---- | C] () -- C:\Users\Tanja\Documents\------------------------------------------------------------------------------------------------------------.nrg [2010.11.07 21:28:55 | 838,871,532 | ---- | C] () -- C:\Users\Tanja\Documents\wimmel-bil-da.nrg [2010.11.07 21:08:40 | 838,871,532 | ---- | C] () -- C:\Users\Tanja\Documents\wimmel----------------------------------------.nrg [2010.10.24 20:53:37 | 000,002,560 | ---- | C] () -- C:\Windows\_MSRSTRT.EXE [2010.10.21 19:56:35 | 000,028,568 | ---- | C] () -- C:\Users\Tanja\Desktop\Microsoft Office PowerPoint 2007-Präsentation (neu).pptx [2010.10.21 19:48:12 | 000,001,002 | ---- | C] () -- C:\Users\Tanja\Desktop\PCTV 2001e - Verknüpfung.lnk [2010.04.17 20:15:27 | 000,000,233 | ---- | C] () -- C:\Windows\Caligari.ini [2010.03.09 23:05:32 | 000,000,088 | RHS- | C] () -- C:\Windows\System32\3E9870E545.sys [2010.01.29 17:59:06 | 000,000,088 | RHS- | C] () -- C:\ProgramData\3E9870E545.sys [2010.01.29 17:59:05 | 000,002,828 | -HS- | C] () -- C:\ProgramData\KGyGaAvL.sys [2010.01.18 12:42:06 | 000,034,666 | ---- | C] () -- C:\Windows\Irremote.ini [2010.01.02 18:40:41 | 000,000,026 | ---- | C] () -- C:\Windows\neosetup.INI [2009.12.03 08:27:30 | 000,080,416 | ---- | C] () -- C:\Windows\System32\RtNicProp32.dll [2009.11.27 23:43:24 | 000,000,069 | ---- | C] () -- C:\Windows\NeroDigital.ini [2009.11.21 16:01:48 | 000,011,264 | ---- | C] () -- C:\Users\Tanja\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini [2009.11.17 20:11:03 | 000,002,130 | ---- | C] () -- C:\ProgramData\hpzinstall.log [2009.10.24 14:37:29 | 003,008,575 | -H-- | C] () -- C:\Users\Tanja\AppData\Local\IconCache.db [2009.10.23 19:25:30 | 000,142,320 | ---- | C] () -- C:\Users\Tanja\AppData\Local\GDIPFONTCACHEV1.DAT [2009.10.23 19:22:13 | 016,093,662 | ---- | C] () -- C:\Windows\System32\PerfStringBackup.INI [2009.09.16 20:35:45 | 002,614,482 | ---- | C] () -- C:\Users\Tanja\AppData\Roaming\install.txt [2009.08.12 17:09:08 | 000,117,248 | ---- | C] () -- C:\Windows\System32\EhStorAuthn.dll [2009.08.12 15:49:44 | 000,339,968 | ---- | C] () -- C:\Windows\System32\pythoncom25.dll [2009.08.12 15:49:44 | 000,114,688 | ---- | C] () -- C:\Windows\System32\pywintypes25.dll [2009.08.03 14:07:42 | 000,403,816 | ---- | C] () -- C:\Windows\System32\OGACheckControl.dll [2009.07.14 05:41:57 | 000,000,174 | -HS- | C] () -- C:\Programme\desktop.ini [2009.07.14 03:04:57 | 000,001,405 | ---- | C] () -- C:\Windows\msdfmap.ini [2009.07.14 03:04:23 | 000,000,219 | ---- | C] () -- C:\Windows\system.ini [2009.07.14 00:51:43 | 000,073,728 | ---- | C] () -- C:\Windows\System32\BthpanContextHandler.dll [2009.07.14 00:42:10 | 000,064,000 | ---- | C] () -- C:\Windows\System32\BWContextHandler.dll [2009.07.13 22:40:44 | 000,027,097 | ---- | C] () -- C:\Windows\System32\country.sys [2009.07.13 22:40:43 | 000,042,809 | ---- | C] () -- C:\Windows\System32\KEY01.SYS [2009.07.13 22:40:43 | 000,042,537 | ---- | C] () -- C:\Windows\System32\KEYBOARD.SYS [2009.07.13 22:40:41 | 000,009,029 | ---- | C] () -- C:\Windows\System32\ANSI.SYS [2009.07.13 22:40:40 | 000,004,768 | ---- | C] () -- C:\Windows\System32\HIMEM.SYS [2009.07.13 22:40:39 | 000,029,274 | ---- | C] () -- C:\Windows\System32\NTDOS412.SYS [2009.07.13 22:40:35 | 000,029,370 | ---- | C] () -- C:\Windows\System32\NTDOS411.SYS [2009.07.13 22:40:31 | 000,029,146 | ---- | C] () -- C:\Windows\System32\NTDOS404.SYS [2009.07.13 22:40:27 | 000,029,146 | ---- | C] () -- C:\Windows\System32\NTDOS804.SYS [2009.07.13 22:40:23 | 000,027,866 | ---- | C] () -- C:\Windows\System32\NTDOS.SYS [2009.07.13 22:40:19 | 000,035,536 | ---- | C] () -- C:\Windows\System32\NTIO412.SYS [2009.07.13 22:40:17 | 000,035,776 | ---- | C] () -- C:\Windows\System32\NTIO411.SYS [2009.07.13 22:40:15 | 000,034,672 | ---- | C] () -- C:\Windows\System32\NTIO404.SYS [2009.07.13 22:40:13 | 000,034,672 | ---- | C] () -- C:\Windows\System32\NTIO804.SYS [2009.07.13 22:40:11 | 000,033,952 | ---- | C] () -- C:\Windows\System32\NTIO.SYS [2009.07.13 22:03:59 | 000,364,544 | ---- | C] () -- C:\Windows\System32\msjetoledb40.dll [2009.07.13 21:29:46 | 000,013,312 | ---- | C] () -- C:\Windows\System32\win87em.dll [2009.06.10 22:39:59 | 000,060,124 | ---- | C] () -- C:\Windows\System32\tcpmon.ini [2009.06.02 17:11:16 | 000,085,504 | ---- | C] () -- C:\Windows\System32\ff_vfw.dll [2009.05.29 15:52:26 | 000,180,224 | ---- | C] () -- C:\Windows\System32\xvidvfw.dll [2009.05.29 15:47:06 | 000,765,952 | ---- | C] () -- C:\Windows\System32\xvidcore.dll [2009.02.27 18:17:28 | 001,799,808 | ---- | C] () -- C:\Windows\System32\drivers\snp2uvc.sys [2009.02.27 18:17:28 | 000,028,544 | ---- | C] () -- C:\Windows\System32\drivers\sncduvc.sys [2009.02.27 18:17:28 | 000,015,497 | ---- | C] () -- C:\Windows\snp2uvc.ini [2009.02.26 21:09:31 | 000,002,828 | -HS- | C] () -- C:\Windows\System32\KGyGaAvL.sys [2009.02.26 21:09:31 | 000,000,008 | RHS- | C] () -- C:\Windows\System32\F928A0FA17.sys [2008.09.12 15:21:02 | 000,000,547 | ---- | C] () -- C:\Windows\System32\ff_vfw.dll.manifest [2007.09.04 11:56:10 | 000,164,352 | ---- | C] () -- C:\Windows\System32\unrar.dll [2007.02.05 19:05:26 | 000,000,038 | ---- | C] () -- C:\Windows\AviSplitter.INI [2006.11.02 11:23:31 | 000,000,335 | ---- | C] () -- C:\Windows\win.ini ========== LOP Check ========== [2009.11.02 05:22:24 | 000,000,000 | ---D | M] -- C:\Users\Tanja\AppData\Roaming\Advertisement Consulting International Ltd [2009.10.23 18:47:59 | 000,000,000 | ---D | M] -- C:\Users\Tanja\AppData\Roaming\Aisle 5 Games, Inc [2009.10.23 18:48:00 | 000,000,000 | ---D | M] -- C:\Users\Tanja\AppData\Roaming\AntiBrowserSpy 2009 [2009.11.01 23:10:50 | 000,000,000 | ---D | M] -- C:\Users\Tanja\AppData\Roaming\ASCON Installer [2010.06.07 03:42:52 | 000,000,000 | ---D | M] -- C:\Users\Tanja\AppData\Roaming\Azureus [2009.10.23 18:48:14 | 000,000,000 | ---D | M] -- C:\Users\Tanja\AppData\Roaming\F-Secure [2010.06.29 19:15:25 | 000,000,000 | ---D | M] -- C:\Users\Tanja\AppData\Roaming\Flatcast [2010.02.17 13:02:35 | 000,000,000 | ---D | M] -- C:\Users\Tanja\AppData\Roaming\Flood Light Games [2010.05.25 00:32:21 | 000,000,000 | ---D | M] -- C:\Users\Tanja\AppData\Roaming\FVDToolbar [2009.10.23 18:48:14 | 000,000,000 | ---D | M] -- C:\Users\Tanja\AppData\Roaming\GHISLER [2010.01.06 17:08:12 | 000,000,000 | ---D | M] -- C:\Users\Tanja\AppData\Roaming\Gogii Games [2010.02.06 19:51:32 | 000,000,000 | ---D | M] -- C:\Users\Tanja\AppData\Roaming\Magic Academy [2010.01.02 19:49:41 | 000,000,000 | ---D | M] -- C:\Users\Tanja\AppData\Roaming\Meridian93 [2010.09.02 22:40:10 | 000,000,000 | ---D | M] -- C:\Users\Tanja\AppData\Roaming\NCH Swift Sound [2009.10.23 18:48:27 | 000,000,000 | ---D | M] -- C:\Users\Tanja\AppData\Roaming\OpenOffice.org [2010.05.25 00:11:03 | 000,000,000 | ---D | M] -- C:\Users\Tanja\AppData\Roaming\Opera [2010.02.19 17:29:53 | 000,000,000 | ---D | M] -- C:\Users\Tanja\AppData\Roaming\PoBros [2010.07.19 20:05:30 | 000,000,000 | ---D | M] -- C:\Users\Tanja\AppData\Roaming\PopCapv1002 [2010.02.27 15:10:11 | 000,000,000 | ---D | M] -- C:\Users\Tanja\AppData\Roaming\SecondLife [2010.02.06 18:38:50 | 000,000,000 | ---D | M] -- C:\Users\Tanja\AppData\Roaming\Skip-Bo [2009.10.23 18:48:28 | 000,000,000 | ---D | M] -- C:\Users\Tanja\AppData\Roaming\TeamViewer [2009.10.23 18:48:28 | 000,000,000 | ---D | M] -- C:\Users\Tanja\AppData\Roaming\VistaCodecs [2009.10.23 18:48:28 | 000,000,000 | ---D | M] -- C:\Users\Tanja\AppData\Roaming\Walea GmbH [2010.07.11 23:30:51 | 000,000,000 | ---D | M] -- C:\Users\Tanja\AppData\Roaming\Zylom [2010.11.06 08:15:41 | 000,032,640 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT ========== Purity Check ========== ========== Alternate Data Streams ========== @Alternate Data Stream - 112 bytes -> C:\ProgramData\Temp:B606BA34 < End of report > |
|
11.11.2010, 20:13
| #6 |
| | Mehrere Trojaner +koobface gefunden OTL Logfile: Code:
ATTFilter OTL logfile created on: 10.11.2010 20:50:36 - Run 1 OTL by OldTimer - Version 3.2.17.3 Folder = C:\Users\Tanja\Downloads Ultimate Edition (Version = 6.1.7600) - Type = NTWorkstation Internet Explorer (Version = 8.0.7600.16385) Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy 3,00 Gb Total Physical Memory | 1,00 Gb Available Physical Memory | 41,00% Memory free 6,00 Gb Paging File | 3,00 Gb Available in Paging File | 53,00% Paging File free Paging file location(s): ?:\pagefile.sys [binary data] %SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files Drive C: | 440,37 Gb Total Space | 236,87 Gb Free Space | 53,79% Space Free | Partition Type: NTFS Drive D: | 25,37 Gb Total Space | 0,00 Gb Free Space | 0,00% Space Free | Partition Type: FAT32 Computer Name: TANJA-PC | User Name: Tanja | Logged in as Administrator. Boot Mode: Normal | Scan Mode: Current user Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: Off | File Age = 30 Days ========== Processes (SafeList) ========== PRC - [2010.11.10 20:46:07 | 000,575,488 | ---- | M] (OldTimer Tools) -- C:\Users\Tanja\Downloads\OTL.exe PRC - [2010.11.02 21:29:28 | 000,135,336 | ---- | M] (Avira GmbH) -- C:\Programme\Avira\AntiVir Desktop\sched.exe PRC - [2010.11.02 21:29:27 | 000,281,768 | ---- | M] (Avira GmbH) -- C:\Programme\Avira\AntiVir Desktop\avgnt.exe PRC - [2010.11.02 21:29:27 | 000,267,944 | ---- | M] (Avira GmbH) -- C:\Programme\Avira\AntiVir Desktop\avguard.exe PRC - [2010.11.02 21:29:27 | 000,224,936 | ---- | M] (Avira GmbH) -- C:\Programme\Avira\AntiVir Desktop\avnotify.exe PRC - [2010.11.01 22:36:03 | 000,974,904 | ---- | M] (Google Inc.) -- C:\Users\Tanja\AppData\Local\Google\Chrome\Application\chrome.exe PRC - [2010.09.22 11:03:38 | 000,249,136 | ---- | M] (Microsoft Corporation) -- C:\Programme\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe PRC - [2010.09.21 13:03:14 | 001,710,464 | ---- | M] (Microsoft Corp.) -- C:\Programme\Common Files\microsoft shared\Windows Live\WLIDSVC.EXE PRC - [2010.09.21 13:03:14 | 000,193,408 | ---- | M] (Microsoft Corp.) -- C:\Programme\Common Files\microsoft shared\Windows Live\WLIDSVCM.EXE PRC - [2010.09.15 03:34:02 | 001,094,224 | ---- | M] (Microsoft Corporation) -- C:\Programme\Microsoft Security Essentials\msseces.exe PRC - [2010.08.25 10:27:44 | 000,309,824 | ---- | M] (ArcSoft Inc.) -- C:\Programme\Common Files\ArcSoft\Connection Service\Bin\ArcCon.ac PRC - [2010.07.21 15:51:42 | 001,797,008 | ---- | M] (Microsoft Corporation) -- C:\Programme\Microsoft IntelliPoint\ipoint.exe PRC - [2010.04.29 12:19:18 | 001,090,952 | ---- | M] (Malwarebytes Corporation) -- C:\Programme\Malwarebytes' Anti-Malware\mbam.exe PRC - [2010.04.16 08:18:34 | 000,173,352 | ---- | M] (TeamViewer GmbH) -- C:\Programme\TeamViewer\Version5\TeamViewer_Service.exe PRC - [2010.03.29 19:26:00 | 000,227,712 | ---- | M] (Microsoft Corporation) -- C:\Programme\Microsoft Office\Office14\ONENOTEM.EXE PRC - [2010.03.25 20:40:44 | 000,017,904 | ---- | M] (Microsoft Corporation) -- c:\Programme\Microsoft Security Essentials\MsMpEng.exe PRC - [2010.03.25 20:40:42 | 000,203,312 | ---- | M] (Microsoft Corporation) -- c:\Programme\Microsoft Security Essentials\MpCmdRun.exe PRC - [2010.03.18 10:19:26 | 000,207,360 | ---- | M] (ArcSoft Inc.) -- C:\Programme\Common Files\ArcSoft\Connection Service\Bin\ACDaemon.exe PRC - [2010.03.18 10:19:26 | 000,113,152 | ---- | M] (ArcSoft Inc.) -- C:\Programme\Common Files\ArcSoft\Connection Service\Bin\ACService.exe PRC - [2010.03.16 01:58:36 | 000,718,208 | ---- | M] (Microsoft Corporation) -- C:\Programme\Microsoft Office\Office14\MSOSYNC.EXE PRC - [2010.02.24 10:34:36 | 000,220,944 | ---- | M] (PCTV Systems S.à r.l.) -- C:\Programme\Common Files\PCTV Systems\RemoTerm\remoterm.exe PRC - [2010.02.18 20:48:36 | 000,043,520 | ---- | M] () -- C:\Programme\FVD Suite\fvdbox.exe PRC - [2010.01.14 21:10:53 | 000,076,968 | ---- | M] (Avira GmbH) -- C:\Programme\Avira\AntiVir Desktop\avshadow.exe PRC - [2009.10.31 06:45:39 | 002,614,272 | ---- | M] (Microsoft Corporation) -- C:\Windows\explorer.exe PRC - [2009.07.20 10:51:52 | 000,935,208 | ---- | M] (Nero AG) -- C:\Programme\Common Files\Nero\Nero BackItUp 4\NBService.exe PRC - [2009.07.14 02:14:47 | 001,121,280 | ---- | M] (Microsoft Corporation) -- C:\Programme\Windows Media Player\wmpnetwk.exe PRC - [2009.07.14 02:14:42 | 000,049,152 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\taskhost.exe PRC - [2009.07.14 02:14:38 | 001,173,504 | ---- | M] (Microsoft Corporation) -- C:\Programme\Windows Sidebar\sidebar.exe PRC - [2009.07.14 02:14:15 | 000,271,360 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\conhost.exe PRC - [2008.10.31 13:06:18 | 006,609,440 | ---- | M] (Realtek Semiconductor) -- C:\Programme\Realtek\Audio\HDA\RtHDVCpl.exe PRC - [2008.10.29 16:20:34 | 000,070,656 | ---- | M] () -- C:\Programme\Realtek Semiconductor Corp\Realtek USB 2.0 Card Reader\reset.exe PRC - [2008.08.28 15:03:22 | 000,233,472 | ---- | M] () -- C:\Windows\tsnp2uvc.exe PRC - [2008.02.28 18:07:58 | 001,828,136 | ---- | M] (Nero AG) -- C:\Programme\Common Files\Nero\Lib\NMIndexStoreSvr.exe PRC - [2007.12.17 18:12:40 | 000,258,048 | ---- | M] (ArcSoft, Inc.) -- C:\Programme\MSI\TotalMedia 3.5\TMMonitor.exe PRC - [2007.06.14 16:22:06 | 001,552,384 | ---- | M] () -- C:\Programme\HP Wireless Printer Adapter\ConnectMgr.exe PRC - [2007.06.05 13:20:32 | 000,177,704 | ---- | M] () -- C:\Windows\System32\PSIService.exe PRC - [2007.05.15 09:06:44 | 000,733,184 | ---- | M] () -- C:\Programme\HP Wireless Adapter\HPWLan.exe PRC - [2006.09.11 04:40:32 | 000,218,032 | ---- | M] (Macrovision Corporation) -- C:\Programme\Common Files\InstallShield\UpdateService\ISUSPM.exe ========== Modules (SafeList) ========== MOD - [2010.11.10 20:46:07 | 000,575,488 | ---- | M] (OldTimer Tools) -- C:\Users\Tanja\Downloads\OTL.exe MOD - [2010.08.21 06:21:32 | 001,680,896 | ---- | M] (Microsoft Corporation) -- C:\Windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7600.16661_none_420fe3fa2b8113bd\comctl32.dll MOD - [2009.07.14 02:16:15 | 000,099,840 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\sspicli.dll MOD - [2009.07.14 02:16:13 | 000,092,160 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\sechost.dll MOD - [2009.07.14 02:16:13 | 000,050,688 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\samcli.dll MOD - [2009.07.14 02:16:12 | 000,031,744 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\profapi.dll MOD - [2009.07.14 02:16:03 | 000,022,016 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\netutils.dll MOD - [2009.07.14 02:15:35 | 000,288,256 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\KernelBase.dll MOD - [2009.07.14 02:15:13 | 000,067,072 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\dwmapi.dll MOD - [2009.07.14 02:15:11 | 000,064,512 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\devobj.dll MOD - [2009.07.14 02:15:07 | 000,036,864 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\cryptbase.dll MOD - [2009.07.14 02:15:02 | 000,145,920 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\cfgmgr32.dll ========== Win32 Services (SafeList) ========== SRV - [2010.11.02 21:29:28 | 000,135,336 | ---- | M] (Avira GmbH) [Auto | Running] -- C:\Program Files\Avira\AntiVir Desktop\sched.exe -- (AntiVirSchedulerService) SRV - [2010.11.02 21:29:27 | 000,267,944 | ---- | M] (Avira GmbH) [Auto | Running] -- C:\Program Files\Avira\AntiVir Desktop\avguard.exe -- (AntiVirService) SRV - [2010.09.22 23:21:24 | 001,493,352 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Program Files\Windows Live\Family Safety\fsssvc.exe -- (fsssvc) SRV - [2010.09.22 15:33:04 | 000,051,040 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Program Files\Windows Live\Mesh\wlcrasvc.exe -- (wlcrasvc) SRV - [2010.09.22 11:03:38 | 000,249,136 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe -- (SeaPort) SRV - [2010.04.16 08:18:34 | 000,173,352 | ---- | M] (TeamViewer GmbH) [Auto | Running] -- C:\Program Files\TeamViewer\Version5\TeamViewer_Service.exe -- (TeamViewer5) SRV - [2010.03.25 20:40:44 | 000,017,904 | ---- | M] (Microsoft Corporation) [Auto | Running] -- c:\Program Files\Microsoft Security Essentials\MsMpEng.exe -- (MsMpSvc) SRV - [2010.03.25 09:25:22 | 030,969,208 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Program Files\Microsoft Office\Office14\GROOVE.EXE -- (Microsoft SharePoint Workspace Audit Service) SRV - [2010.03.18 12:16:28 | 000,130,384 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -- (clr_optimization_v4.0.30319_32) SRV - [2010.03.18 10:19:26 | 000,113,152 | ---- | M] (ArcSoft Inc.) [Auto | Running] -- C:\Programme\Common Files\ArcSoft\Connection Service\Bin\ACService.exe -- (ACDaemon) SRV - [2009.07.20 10:51:52 | 000,935,208 | ---- | M] (Nero AG) [Auto | Running] -- C:\Programme\Common Files\Nero\Nero BackItUp 4\NBService.exe -- (Nero BackItUp Scheduler 4.0) SRV - [2009.07.14 02:16:21 | 000,185,856 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\wwansvc.dll -- (WwanSvc) SRV - [2009.07.14 02:16:17 | 000,151,552 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\wbiosrvc.dll -- (WbioSrvc) SRV - [2009.07.14 02:16:17 | 000,119,808 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\System32\umpo.dll -- (Power) SRV - [2009.07.14 02:16:16 | 000,037,376 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\System32\themeservice.dll -- (Themes) SRV - [2009.07.14 02:16:15 | 000,053,760 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\sppuinotify.dll -- (sppuinotify) SRV - [2009.07.14 02:16:13 | 000,043,520 | ---- | M] (Microsoft Corporation) [Unknown | Running] -- C:\Windows\System32\RpcEpMap.dll -- (RpcEptMapper) SRV - [2009.07.14 02:16:13 | 000,025,088 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\sensrsvc.dll -- (SensrSvc) SRV - [2009.07.14 02:16:12 | 001,004,544 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\PeerDistSvc.dll -- (PeerDistSvc) SRV - [2009.07.14 02:16:12 | 000,269,824 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\pnrpsvc.dll -- (PNRPsvc) SRV - [2009.07.14 02:16:12 | 000,269,824 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\pnrpsvc.dll -- (p2pimsvc) SRV - [2009.07.14 02:16:12 | 000,165,376 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\provsvc.dll -- (HomeGroupProvider) SRV - [2009.07.14 02:16:12 | 000,020,480 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\pnrpauto.dll -- (PNRPAutoReg) SRV - [2009.07.14 02:15:41 | 000,680,960 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Programme\Windows Defender\MpSvc.dll -- (WinDefend) SRV - [2009.07.14 02:15:36 | 000,194,560 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\ListSvc.dll -- (HomeGroupListener) SRV - [2009.07.14 02:15:21 | 000,797,696 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Windows\System32\FntCache.dll -- (FontCache) SRV - [2009.07.14 02:15:11 | 000,253,440 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\System32\dhcpcore.dll -- (Dhcp) SRV - [2009.07.14 02:15:10 | 000,218,624 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\defragsvc.dll -- (defragsvc) SRV - [2009.07.14 02:14:59 | 000,076,800 | ---- | M] (Microsoft Corporation) [Unknown | Stopped] -- C:\Windows\System32\bdesvc.dll -- (BDESVC) SRV - [2009.07.14 02:14:58 | 000,088,064 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\AxInstSv.dll -- (AxInstSV) ActiveX-Installer (AxInstSV) SRV - [2009.07.14 02:14:53 | 000,027,648 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\appidsvc.dll -- (AppIDSvc) SRV - [2009.07.14 02:14:29 | 003,179,520 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\System32\sppsvc.exe -- (sppsvc) SRV - [2008.10.29 16:20:34 | 000,070,656 | ---- | M] () [Auto | Running] -- C:\Program Files\Realtek Semiconductor Corp\Realtek USB 2.0 Card Reader\reset.exe -- (resetWinService) SRV - [2007.06.05 13:20:32 | 000,177,704 | ---- | M] () [Auto | Running] -- C:\Windows\System32\PSIService.exe -- (ProtexisLicensing) SRV - [2003.04.18 18:06:26 | 000,008,192 | ---- | M] () [Auto | Stopped] -- C:\Windows\System32\srvany.exe -- (KMService) ========== Driver Services (SafeList) ========== DRV - [2010.11.02 21:29:28 | 000,126,856 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\Windows\System32\drivers\avipbb.sys -- (avipbb) DRV - [2010.11.02 21:29:28 | 000,060,936 | ---- | M] (Avira GmbH) [File_System | Auto | Running] -- C:\Windows\System32\drivers\avgntflt.sys -- (avgntflt) DRV - [2010.09.22 23:21:24 | 000,039,272 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\fssfltr.sys -- (fssfltr) DRV - [2010.07.01 16:52:18 | 000,044,432 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\dc3d.sys -- (dc3d) DRV - [2010.06.23 08:10:54 | 000,275,048 | ---- | M] (Realtek ) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\Rt86win7.sys -- (RTL8167) DRV - [2010.04.29 12:19:24 | 000,038,224 | ---- | M] (Malwarebytes Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\mbamswissarmy.sys -- (MBAMSwissArmy) DRV - [2010.03.25 20:30:22 | 000,042,368 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Running] -- C:\Windows\System32\drivers\MpNWMon.sys -- (MpNWMon) DRV - [2009.12.11 08:44:02 | 000,133,720 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Running] -- C:\Windows\System32\Drivers\ksecpkg.sys -- (KSecPkg) DRV - [2009.08.24 08:14:30 | 000,044,544 | ---- | M] (AzureWave Technologies, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\azvusb.sys -- (azvusb) DRV - [2009.08.13 19:07:23 | 000,025,280 | ---- | M] (LogMeIn, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\hamachi.sys -- (hamachi) DRV - [2009.07.14 02:26:21 | 000,015,952 | ---- | M] (CMD Technology, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\cmdide.sys -- (cmdide) DRV - [2009.07.14 02:26:17 | 000,297,552 | ---- | M] (Adaptec, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\adpahci.sys -- (adpahci) DRV - [2009.07.14 02:26:15 | 000,422,976 | ---- | M] (Adaptec, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\adp94xx.sys -- (adp94xx) DRV - [2009.07.14 02:26:15 | 000,159,312 | ---- | M] (AMD Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\amdsbs.sys -- (amdsbs) DRV - [2009.07.14 02:26:15 | 000,146,512 | ---- | M] (Adaptec, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\adpu320.sys -- (adpu320) DRV - [2009.07.14 02:26:15 | 000,086,608 | ---- | M] (Adaptec, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\arcsas.sys -- (arcsas) DRV - [2009.07.14 02:26:15 | 000,079,952 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\amdsata.sys -- (amdsata) DRV - [2009.07.14 02:26:15 | 000,076,368 | ---- | M] (Adaptec, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\arc.sys -- (arc) DRV - [2009.07.14 02:26:15 | 000,023,616 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Running] -- C:\Windows\system32\DRIVERS\amdxata.sys -- (amdxata) DRV - [2009.07.14 02:26:15 | 000,014,400 | ---- | M] (Acer Laboratories Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\aliide.sys -- (aliide) DRV - [2009.07.14 02:20:44 | 000,142,416 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\nvstor.sys -- (nvstor) DRV - [2009.07.14 02:20:44 | 000,117,312 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\nvraid.sys -- (nvraid) DRV - [2009.07.14 02:20:44 | 000,044,624 | ---- | M] (IBM Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\nfrd960.sys -- (nfrd960) DRV - [2009.07.14 02:20:37 | 000,089,168 | ---- | M] (LSI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\lsi_sas.sys -- (LSI_SAS) DRV - [2009.07.14 02:20:36 | 000,332,352 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\iaStorV.sys -- (iaStorV) DRV - [2009.07.14 02:20:36 | 000,235,584 | ---- | M] (LSI Corporation, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\MegaSR.sys -- (MegaSR) DRV - [2009.07.14 02:20:36 | 000,096,848 | ---- | M] (LSI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\lsi_scsi.sys -- (LSI_SCSI) DRV - [2009.07.14 02:20:36 | 000,095,824 | ---- | M] (LSI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\lsi_fc.sys -- (LSI_FC) DRV - [2009.07.14 02:20:36 | 000,054,864 | ---- | M] (LSI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\lsi_sas2.sys -- (LSI_SAS2) DRV - [2009.07.14 02:20:36 | 000,041,040 | ---- | M] (Intel Corp./ICP vortex GmbH) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\iirsp.sys -- (iirsp) DRV - [2009.07.14 02:20:36 | 000,030,800 | ---- | M] (LSI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\megasas.sys -- (megasas) DRV - [2009.07.14 02:20:36 | 000,013,904 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Running] -- C:\Windows\System32\drivers\hwpolicy.sys -- (hwpolicy) DRV - [2009.07.14 02:20:28 | 000,453,712 | ---- | M] (Emulex) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\elxstor.sys -- (elxstor) DRV - [2009.07.14 02:20:28 | 000,070,720 | ---- | M] (Adaptec, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\djsvs.sys -- (aic78xx) DRV - [2009.07.14 02:20:28 | 000,067,152 | ---- | M] (Hewlett-Packard Company) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\HpSAMD.sys -- (HpSAMD) DRV - [2009.07.14 02:20:28 | 000,046,160 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\System32\drivers\fsdepends.sys -- (FsDepends) DRV - [2009.07.14 02:19:11 | 000,141,904 | ---- | M] (VIA Technologies Inc.,Ltd) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\vsmraid.sys -- (vsmraid) DRV - [2009.07.14 02:19:10 | 000,175,824 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\vmbus.sys -- (vmbus) DRV - [2009.07.14 02:19:10 | 000,159,824 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\vhdmp.sys -- (vhdmp) DRV - [2009.07.14 02:19:10 | 000,040,896 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Running] -- C:\Windows\system32\DRIVERS\vmstorfl.sys -- (storflt) DRV - [2009.07.14 02:19:10 | 000,032,832 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Running] -- C:\Windows\system32\DRIVERS\vdrvroot.sys -- (vdrvroot) DRV - [2009.07.14 02:19:10 | 000,028,224 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\storvsc.sys -- (storvsc) DRV - [2009.07.14 02:19:10 | 000,019,008 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\System32\drivers\wimmount.sys -- (WIMMount) DRV - [2009.07.14 02:19:10 | 000,016,976 | ---- | M] (VIA Technologies, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\viaide.sys -- (viaide) DRV - [2009.07.14 02:19:04 | 001,383,488 | ---- | M] (QLogic Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\ql2300.sys -- (ql2300) DRV - [2009.07.14 02:19:04 | 000,173,648 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Running] -- C:\Windows\System32\drivers\rdyboost.sys -- (rdyboost) DRV - [2009.07.14 02:19:04 | 000,106,064 | ---- | M] (QLogic Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\ql40xx.sys -- (ql40xx) DRV - [2009.07.14 02:19:04 | 000,077,888 | ---- | M] (Silicon Integrated Systems) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\sisraid4.sys -- (SiSRaid4) DRV - [2009.07.14 02:19:04 | 000,043,088 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Running] -- C:\Windows\System32\drivers\pcw.sys -- (pcw) DRV - [2009.07.14 02:19:04 | 000,040,016 | ---- | M] (Silicon Integrated Systems Corp.) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\SiSRaid2.sys -- (SiSRaid2) DRV - [2009.07.14 02:19:04 | 000,021,072 | ---- | M] (Promise Technology) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\stexstor.sys -- (stexstor) DRV - [2009.07.14 02:17:54 | 000,369,568 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Running] -- C:\Windows\System32\Drivers\cng.sys -- (CNG) DRV - [2009.07.14 01:57:25 | 000,272,128 | ---- | M] (Brother Industries Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\Drivers\Brserid.sys -- (Brserid) Brother MFC Serial Port Interface Driver (WDM) DRV - [2009.07.14 01:02:41 | 000,018,944 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\rdpbus.sys -- (rdpbus) DRV - [2009.07.14 01:01:41 | 000,007,168 | ---- | M] (Microsoft Corporation) [Kernel | System | Running] -- C:\Windows\System32\drivers\RDPREFMP.sys -- (RDPREFMP) DRV - [2009.07.14 00:55:00 | 000,049,152 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\agilevpn.sys -- (RasAgileVpn) WAN Miniport (IKEv2) DRV - [2009.07.14 00:53:51 | 000,009,728 | ---- | M] (Microsoft Corporation) [Kernel | System | Running] -- C:\Windows\System32\drivers\wfplwf.sys -- (WfpLwf) DRV - [2009.07.14 00:52:44 | 000,027,136 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\ndiscap.sys -- (NdisCap) DRV - [2009.07.14 00:52:02 | 000,019,968 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\vwifibus.sys -- (vwifibus) DRV - [2009.07.14 00:52:00 | 000,163,328 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\1394ohci.sys -- (1394ohci) DRV - [2009.07.14 00:51:35 | 000,008,192 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\umpass.sys -- (UmPass) DRV - [2009.07.14 00:51:11 | 000,034,944 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\winusb.sys -- (WinUsb) DRV - [2009.07.14 00:51:08 | 000,004,096 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\mshidkmdf.sys -- (mshidkmdf) DRV - [2009.07.14 00:46:55 | 000,012,288 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\MTConfig.sys -- (MTConfig) DRV - [2009.07.14 00:45:26 | 000,031,232 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\CompositeBus.sys -- (CompositeBus) DRV - [2009.07.14 00:36:52 | 000,050,176 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\drivers\appid.sys -- (AppID) DRV - [2009.07.14 00:33:50 | 000,026,624 | ---- | M] (Microsoft Corporation) [Kernel | Unknown | Stopped] -- C:\Windows\System32\drivers\scfilter.sys -- (scfilter) DRV - [2009.07.14 00:28:47 | 000,005,632 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\vms3cap.sys -- (s3cap) DRV - [2009.07.14 00:28:45 | 000,017,920 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\VMBusHID.sys -- (VMBusHID) DRV - [2009.07.14 00:24:05 | 000,032,256 | ---- | M] (Microsoft Corporation) [Kernel | System | Running] -- C:\Windows\System32\drivers\discache.sys -- (discache) DRV - [2009.07.14 00:16:36 | 000,009,728 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\acpipmi.sys -- (AcpiPmi) DRV - [2009.07.14 00:11:04 | 000,052,736 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\amdppm.sys -- (AmdPPM) DRV - [2009.07.13 23:54:14 | 000,026,624 | ---- | M] (Hauppauge Computer Works, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\drivers\hcw85cir.sys -- (hcw85cir) DRV - [2009.07.13 23:53:33 | 000,012,160 | ---- | M] (Brother Industries Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\Drivers\BrUsbMdm.sys -- (BrUsbMdm) DRV - [2009.07.13 23:53:33 | 000,011,904 | ---- | M] (Brother Industries Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\Drivers\BrUsbSer.sys -- (BrUsbSer) DRV - [2009.07.13 23:53:32 | 000,062,336 | ---- | M] (Brother Industries Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\Drivers\BrSerWdm.sys -- (BrSerWdm) DRV - [2009.07.13 23:53:28 | 000,013,568 | ---- | M] (Brother Industries, Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\BrFiltLo.sys -- (BrFiltLo) DRV - [2009.07.13 23:53:28 | 000,005,248 | ---- | M] (Brother Industries, Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\BrFiltUp.sys -- (BrFiltUp) DRV - [2009.07.13 23:02:51 | 004,231,168 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\netw5v32.sys -- (netw5v32) Intel(R) DRV - [2009.07.13 23:02:49 | 000,229,888 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\b57nd60x.sys -- (b57nd60x) DRV - [2009.07.13 23:02:48 | 003,100,160 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\evbdx.sys -- (ebdrv) DRV - [2009.07.13 23:02:48 | 000,430,080 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\bxvbdx.sys -- (b06bdrv) DRV - [2009.06.26 21:55:12 | 000,066,080 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\nvhda32v.sys -- (NVHDA) DRV - [2009.05.11 09:12:49 | 000,028,520 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\Windows\System32\drivers\ssmdrv.sys -- (ssmdrv) DRV - [2009.03.26 07:00:02 | 000,064,000 | ---- | M] (Realtek Semiconductor Corp.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\RTSTOR.sys -- (RTSTOR) DRV - [2009.02.27 13:24:10 | 000,205,232 | ---- | M] (Synaptics Incorporated) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\SynTP.sys -- (SynTP) DRV - [2009.02.10 06:38:00 | 007,547,360 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\nvlddmkm.sys -- (nvlddmkm) DRV - [2008.12.29 18:06:54 | 001,799,808 | ---- | M] () [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\snp2uvc.sys -- (SNP2UVC) USB2.0 PC Camera (SNP2UVC) DRV - [2008.10.31 11:43:30 | 002,231,456 | ---- | M] (Realtek Semiconductor Corp.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\RTKVHDA.sys -- (IntcAzAudAddService) Service for Realtek HD Audio (WDM) DRV - [2008.10.04 01:17:24 | 000,133,120 | ---- | M] (Realtek Corporation ) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\Rtlh86.sys -- (RTL8169) DRV - [2008.06.26 12:43:06 | 000,819,072 | ---- | M] (DiBcom SA) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\mod7700.sys -- (mod7700) DRV - [2008.02.21 10:11:12 | 000,041,216 | ---- | M] (Service & Quality Technology.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\Capt9052.sys -- (SQTECH9052) DRV - [2007.10.19 12:22:04 | 000,013,824 | ---- | M] (DiBcom S.A.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\modrc.sys -- (MODRC) DRV - [2007.05.03 11:21:08 | 000,029,056 | ---- | M] (Service & Quality Technology.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\Capt905c.sys -- (SQTECH905C) DRV - [2007.03.26 22:04:52 | 000,219,648 | ---- | M] (Realtek Semiconductor Corporation ) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\hpl8187.sys -- (RTL8187) DRV - [2007.01.04 11:15:08 | 000,009,336 | ---- | M] (Internals.com - The best online resource for system programmers) [Kernel | On_Demand | Running] -- C:\Windows\System32\WinIo.sys -- (WINIO) DRV - [2006.12.01 13:53:32 | 000,015,360 | R--- | M] (Windows (R) Codename Longhorn DDK provider) [Kernel | System | Running] -- C:\Windows\System32\drivers\RtlProt.sys -- (RtlProt) DRV - [2006.11.28 20:46:24 | 000,028,224 | ---- | M] (Printing Communications Assoc., Inc. (PCAUSA)) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\PCAMp50.sys -- (PCAMp50) DRV - [2006.11.28 20:46:22 | 000,027,072 | ---- | M] (Printing Communications Assoc., Inc. (PCAUSA)) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\PCASp50.sys -- (PCASp50) DRV - [2006.11.10 15:05:00 | 000,018,688 | ---- | M] (Arcsoft, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\afc.sys -- (Afc) ========== Standard Registry (SafeList) ========== ========== Internet Explorer ========== IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = Welcome to ALDI IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = Welcome to ALDI IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = Search IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,StartPageCache = 1 IE - HKCU\..\URLSearchHook: {c2db4fe6-8409-45ce-8010-189a7b5cce86} - Reg Error: Key error. File not found IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 ========== FireFox ========== FF - prefs.js..browser.search.defaultthis.engineName: "NCH Customized Web Search" FF - prefs.js..browser.search.defaulturl: "hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT2117678&SearchSource=3&q={searchTerms}" FF - prefs.js..browser.search.selectedEngine: "NCH Customized Web Search" FF - prefs.js..browser.search.useDBForOrder: true FF - prefs.js..browser.startup.homepage: "hxxp://www.google.de" FF - prefs.js..extensions.enabledItems: {b9db16a4-6edc-47ec-a1f4-b86292ed211d}:4.8.1 FF - prefs.js..extensions.enabledItems: smarterwiki@wikiatic.com:4.1.7 FF - prefs.js..extensions.enabledItems: {ef4e370e-d9f0-4e00-b93e-a4f274cfdd5a}:1.3 FF - prefs.js..extensions.enabledItems: googletube@googletube.com:2.0.2 FF - prefs.js..extensions.enabledItems: videosurf_enhanced@videosurf.com:0.76 FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA}:6.0.21 FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}:6.0.22 FF - prefs.js..keyword.URL: "hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT2304564&SearchSource=2&q=" FF - prefs.js..network.proxy.no_proxies_on: "*.local" FF - HKLM\software\mozilla\Firefox\Extensions\\{fa46cb24-1d5b-4048-911a-2857a0944395}: C:\Program Files\FVD Suite\addons\Firefox [2010.05.25 00:32:17 | 000,000,000 | ---D | M] FF - HKLM\software\mozilla\Mozilla Firefox 3.6.10\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2010.10.24 20:51:05 | 000,000,000 | ---D | M] FF - HKLM\software\mozilla\Mozilla Firefox 3.6.10\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2010.10.24 20:51:05 | 000,000,000 | ---D | M] [2009.11.11 20:23:59 | 000,000,000 | ---D | M] -- C:\Users\Tanja\AppData\Roaming\mozilla\Extensions [2010.10.24 21:32:37 | 000,000,000 | ---D | M] -- C:\Users\Tanja\AppData\Roaming\mozilla\Firefox\Profiles\bbkadabm.default\extensions [2010.05.20 23:05:23 | 000,000,000 | ---D | M] (Microsoft .NET Framework Assistant) -- C:\Users\Tanja\AppData\Roaming\mozilla\Firefox\Profiles\bbkadabm.default\extensions\{20a82645-c095-46ed-80e3-08825760534b} [2010.10.24 20:44:01 | 000,000,000 | ---D | M] (DownloadHelper) -- C:\Users\Tanja\AppData\Roaming\mozilla\Firefox\Profiles\bbkadabm.default\extensions\{b9db16a4-6edc-47ec-a1f4-b86292ed211d} [2010.01.25 18:44:29 | 000,000,000 | ---D | M] (FoxTab) -- C:\Users\Tanja\AppData\Roaming\mozilla\Firefox\Profiles\bbkadabm.default\extensions\{ef4e370e-d9f0-4e00-b93e-a4f274cfdd5a} [2010.04.09 21:20:27 | 000,000,000 | ---D | M] -- C:\Users\Tanja\AppData\Roaming\mozilla\Firefox\Profiles\bbkadabm.default\extensions\googletube@googletube.com [2010.09.12 08:01:26 | 000,000,000 | ---D | M] -- C:\Users\Tanja\AppData\Roaming\mozilla\Firefox\Profiles\bbkadabm.default\extensions\smarterwiki@wikiatic.com [2010.10.24 20:44:11 | 000,000,000 | ---D | M] -- C:\Users\Tanja\AppData\Roaming\mozilla\Firefox\Profiles\bbkadabm.default\extensions\videosurf_enhanced@videosurf.com [2010.09.22 09:42:42 | 000,000,909 | ---- | M] () -- C:\Users\Tanja\AppData\Roaming\Mozilla\FireFox\Profiles\bbkadabm.default\searchplugins\conduit.xml [2010.07.08 19:24:40 | 000,003,915 | ---- | M] () -- C:\Users\Tanja\AppData\Roaming\Mozilla\FireFox\Profiles\bbkadabm.default\searchplugins\sweetim.xml [2010.10.14 22:30:40 | 000,000,000 | ---D | M] -- C:\Programme\Mozilla Firefox\extensions [2010.08.06 23:40:09 | 000,000,000 | ---D | M] (Java Console) -- C:\Programme\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA} [2010.10.14 22:30:41 | 000,000,000 | ---D | M] (Java Console) -- C:\Programme\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA} [2010.09.15 03:50:38 | 000,472,808 | ---- | M] (Sun Microsystems, Inc.) -- C:\Programme\Mozilla Firefox\plugins\npdeployJava1.dll [2009.09.21 09:59:40 | 001,275,296 | ---- | M] (1 mal 1 Software GmbH) -- C:\Programme\Mozilla Firefox\plugins\NpFv501.dll [2009.10.26 15:53:52 | 000,102,400 | ---- | M] (Zylom) -- C:\Programme\Mozilla Firefox\plugins\npzylomgamesplayer.dll [2010.09.10 22:42:38 | 000,001,392 | ---- | M] () -- C:\Programme\Mozilla Firefox\searchplugins\amazondotcom-de.xml [2010.09.10 22:42:38 | 000,002,344 | ---- | M] () -- C:\Programme\Mozilla Firefox\searchplugins\eBay-de.xml [2010.09.10 22:42:38 | 000,006,805 | ---- | M] () -- C:\Programme\Mozilla Firefox\searchplugins\leo_ende_de.xml [2010.09.10 22:42:39 | 000,001,178 | ---- | M] () -- C:\Programme\Mozilla Firefox\searchplugins\wikipedia-de.xml [2010.09.10 22:42:39 | 000,001,105 | ---- | M] () -- C:\Programme\Mozilla Firefox\searchplugins\yahoo-de.xml O1 HOSTS File: ([2006.09.18 22:41:30 | 000,000,761 | ---- | M]) - C:\Windows\System32\drivers\etc\hosts O1 - Hosts: 127.0.0.1 localhost O1 - Hosts: ::1 localhost O2 - BHO: (Conduit Engine) - {30F9B915-B755-4826-820B-08FBA6BD249D} - C:\Programme\ConduitEngine\ConduitEngine.dll (Conduit Ltd.) O2 - BHO: (Search Helper) - {6EBF7485-159F-4bff-A14F-B9E3AAC4465B} - C:\Programme\Microsoft\Search Enhancement Pack\Search Helper\SEPsearchhelperie.dll (Microsoft Corporation) O2 - BHO: (Groove GFS Browser Helper) - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Programme\Microsoft Office\Office14\GROOVEEX.DLL (Microsoft Corporation) O2 - BHO: (Windows Live ID Sign-in Helper) - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Programme\Common Files\microsoft shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.) O2 - BHO: (Windows Live Messenger Companion Helper) - {9FDDE16B-836F-4806-AB1F-1455CBEFF289} - C:\Programme\Windows Live\Companion\companioncore.dll (Microsoft Corporation) O2 - BHO: (Google Toolbar Helper) - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Programme\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.) O2 - BHO: (Google Toolbar Notifier BHO) - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Programme\Google\GoogleToolbarNotifier\5.6.5805.1910\swg.dll (Google Inc.) O2 - BHO: (Office Document Cache Handler) - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Programme\Microsoft Office\Office14\URLREDIR.DLL (Microsoft Corporation) O3 - HKLM\..\Toolbar: (Google Toolbar) - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Programme\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.) O3 - HKLM\..\Toolbar: (Conduit Engine) - {30F9B915-B755-4826-820B-08FBA6BD249D} - C:\Programme\ConduitEngine\ConduitEngine.dll (Conduit Ltd.) O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {21FA44EF-376D-4D53-9B0F-8A89D3229068} - No CLSID value found. O3 - HKCU\..\Toolbar\WebBrowser: (Google Toolbar) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - C:\Programme\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.) O4 - HKLM..\Run: [ArcSoft Connection Service] C:\Programme\Common Files\ArcSoft\Connection Service\Bin\ACDaemon.exe (ArcSoft Inc.) O4 - HKLM..\Run: [avgnt] C:\Program Files\Avira\AntiVir Desktop\avgnt.exe (Avira GmbH) O4 - HKLM..\Run: [BCSSync] C:\Program Files\Microsoft Office\Office14\BCSSync.exe (Microsoft Corporation) O4 - HKLM..\Run: [HPWireless] C:\Program Files\HP Wireless Adapter\HPWLAN.exe () O4 - HKLM..\Run: [ Malwarebytes Anti-Malware (reboot)] C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe (Malwarebytes Corporation) O4 - HKLM..\Run: [MDS_Menu] C:\Program Files\HomeCinema\MediaShow4\MUITransfer\MUIStartMenu.exe (CyberLink Corp.) O4 - HKLM..\Run: [MSSE] c:\Program Files\Microsoft Security Essentials\msseces.exe (Microsoft Corporation) O4 - HKLM..\Run: [NvCplDaemon] C:\Windows\System32\NvCpl.DLL (NVIDIA Corporation) O4 - HKLM..\Run: [NvMediaCenter] C:\Windows\System32\NvMcTray.DLL (NVIDIA Corporation) O4 - HKLM..\Run: [PDVD8LanguageShortcut] C:\Program Files\HomeCinema\PowerDVD8\Language\Language.exe () O4 - HKLM..\Run: [RtHDVCpl] C:\Programme\Realtek\Audio\HDA\RtHDVCpl.exe (Realtek Semiconductor) O4 - HKLM..\Run: [Skytel] C:\Programme\Realtek\Audio\HDA\SkyTel.exe (Realtek Semiconductor Corp.) O4 - HKLM..\Run: [tsnp2uvc] C:\Windows\tsnp2uvc.exe () O4 - HKLM..\Run: [UCam_Menu] C:\Program Files\HomeCinema\YouCam\MUITransfer\MUIStartMenu.exe (CyberLink Corp.) O4 - HKCU..\Run: [Corel Photo Downloader] C:\Program Files\Common Files\Corel\Corel PhotoDownloader\Corel Photo Downloader.exe File not found O4 - HKCU..\Run: [FVDSuite] C:\Program Files\FVD Suite\fvdbox.exe () O4 - HKCU..\Run: [IndxStoreSvr_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] C:\Program Files\Common Files\Nero\Lib\NMIndexStoreSvr.exe (Nero AG) O4 - HKCU..\Run: [ISUSPM] C:\Program Files\Common Files\InstallShield\UpdateService\ISUSPM.exe (Macrovision Corporation) O4 - HKCU..\Run: [OfficeSyncProcess] C:\Program Files\Microsoft Office\Office14\MSOSYNC.EXE (Microsoft Corporation) O4 - HKCU..\Run: [RemoTerm.exe] C:\Programme\Common Files\PCTV Systems\RemoTerm\remoterm.exe (PCTV Systems S.à r.l.) O4 - HKCU..\Run: [swg] C:\Programme\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe (Google Inc.) O4 - HKLM..\RunOnce: [Malwarebytes' Anti-Malware] C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe (Malwarebytes Corporation) O4 - Startup: C:\Users\Tanja\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OneNote 2010 Bildschirmausschnitt- und Startprogramm.lnk = C:\Programme\Microsoft Office\Office14\ONENOTEM.EXE (Microsoft Corporation) O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 28 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3 O8 - Extra context menu item: An OneNote s&enden - C:\Programme\Microsoft Office\Office14\ONBttnIE.dll (Microsoft Corporation) O8 - Extra context menu item: Nach Microsoft E&xcel exportieren - C:\Programme\Microsoft Office\Office14\EXCEL.EXE (Microsoft Corporation) O9 - Extra Button: @C:\Program Files\Windows Live\Companion\companionlang.dll,-600 - {0000036B-C524-4050-81A0-243669A86B9F} - C:\Programme\Windows Live\Companion\companioncore.dll (Microsoft Corporation) O9 - Extra Button: eBay - Der weltweite Online-Marktplatz - {0B65DCC9-1740-43dc-B19C-4F309FB6A6CA} - File not found O9 - Extra 'Tools' menuitem : eBay - {0B65DCC9-1740-43dc-B19C-4F309FB6A6CA} - File not found O9 - Extra Button: @C:\Program Files\Windows Live\Writer\WindowsLiveWriterShortcuts.dll,-1004 - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Programme\Windows Live\Writer\WriterBrowserExtension.dll (Microsoft Corporation) O9 - Extra 'Tools' menuitem : @C:\Program Files\Windows Live\Writer\WindowsLiveWriterShortcuts.dll,-1003 - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Programme\Windows Live\Writer\WriterBrowserExtension.dll (Microsoft Corporation) O9 - Extra Button: An OneNote senden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Programme\Microsoft Office\Office14\ONBttnIE.dll (Microsoft Corporation) O9 - Extra 'Tools' menuitem : An OneNote s&enden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Programme\Microsoft Office\Office14\ONBttnIE.dll (Microsoft Corporation) O9 - Extra Button: Verknüpfte &OneNote-Notizen - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Programme\Microsoft Office\Office14\ONBttnIELinkedNotes.dll (Microsoft Corporation) O9 - Extra 'Tools' menuitem : Verknüpfte &OneNote-Notizen - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Programme\Microsoft Office\Office14\ONBttnIELinkedNotes.dll (Microsoft Corporation) O10 - NameSpace_Catalog5\Catalog_Entries\000000000007 [] - C:\Programme\Common Files\microsoft shared\Windows Live\WLIDNSP.DLL (Microsoft Corp.) O10 - NameSpace_Catalog5\Catalog_Entries\000000000008 [] - C:\Programme\Common Files\microsoft shared\Windows Live\WLIDNSP.DLL (Microsoft Corp.) O13 - gopher Prefix: missing O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab (Java Plug-in 1.6.0_22) O16 - DPF: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab (Java Plug-in 1.6.0_22) O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab (Java Plug-in 1.6.0_22) O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab (Reg Error: Key error.) O16 - DPF: CabBuilder hxxp://kiw.imgag.com/imgag/kiw/toolbar/download/InstallerControl.cab (Reg Error: Key error.) O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.0.1 O18 - Protocol\Handler\livecall {828030A1-22C1-4009-854F-8E305202313F} - C:\Programme\Windows Live\Messenger\msgrapp.dll (Microsoft Corporation) O18 - Protocol\Handler\ms-help {314111c7-a502-11d2-bbca-00c04f8ec294} - C:\Programme\Common Files\microsoft shared\Help\hxds.dll (Microsoft Corporation) O18 - Protocol\Handler\ms-itss {0A9007C0-4076-11D3-8789-0000F8105754} - C:\Programme\Common Files\microsoft shared\Information Retrieval\msitss.dll (Microsoft Corporation) O18 - Protocol\Handler\msnim {828030A1-22C1-4009-854F-8E305202313F} - C:\Programme\Windows Live\Messenger\msgrapp.dll (Microsoft Corporation) O18 - Protocol\Handler\wlmailhtml {03C514A3-1EFB-4856-9F99-10D7BE1653C0} - C:\Programme\Windows Live\Mail\mailcomm.dll (Microsoft Corporation) O18 - Protocol\Handler\wlpg {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - C:\Programme\Windows Live\Photo Gallery\AlbumDownloadProtocolHandler.dll (Microsoft Corporation) O18 - Protocol\Filter\text/xml {807573E5-5146-11D5-A672-00B0D022E945} - C:\Programme\Common Files\microsoft shared\OFFICE14\MSOXMLMF.DLL (Microsoft Corporation) O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation) O20 - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\Windows\System32\SystemPropertiesPerformance.exe (Microsoft Corporation) O20 - HKLM Winlogon: VMApplet - (/pagefile) - File not found O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - CLSID or File not found. O24 - Desktop WallPaper: C:\Windows\Web\Wallpaper\img17.jpg O24 - Desktop BackupWallPaper: C:\Windows\Web\Wallpaper\img17.jpg O28 - HKLM ShellExecuteHooks: {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - C:\Programme\Microsoft Office\Office14\GROOVEEX.DLL (Microsoft Corporation) O30 - LSA: Security Packages - (pku2u) - C:\Windows\System32\pku2u.dll (Microsoft Corporation) O30 - LSA: Security Packages - (livessp) - C:\Windows\System32\livessp.dll (Microsoft Corp.) O32 - HKLM CDRom: AutoRun - 1 O32 - AutoRun File - [2009.06.10 22:42:20 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ] O34 - HKLM BootExecute: (autocheck autochk *) - File not found O35 - HKLM\..comfile [open] -- "%1" %* O35 - HKLM\..exefile [open] -- "%1" %* O37 - HKLM\...com [@ = comfile] -- "%1" %* O37 - HKLM\...exe [@ = exefile] -- "%1" %* ========== Files/Folders - Created Within 30 Days ========== [2010.11.10 20:04:03 | 000,000,000 | ---D | C] -- C:\Users\Tanja\AppData\Roaming\Malwarebytes [2010.11.10 20:03:16 | 000,038,224 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbamswissarmy.sys [2010.11.10 20:03:12 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes [2010.11.10 20:03:11 | 000,020,952 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbam.sys [2010.11.10 20:03:11 | 000,000,000 | ---D | C] -- C:\Programme\Malwarebytes' Anti-Malware [2010.11.07 22:08:01 | 000,000,000 | ---D | C] -- C:\3deba8a28df77001249338e30aff [2010.10.26 19:48:06 | 000,641,536 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\CPFilters.dll [2010.10.26 19:48:06 | 000,417,792 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msdri.dll [2010.10.26 19:48:05 | 000,204,288 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\MSNP.ax [2010.10.26 19:48:05 | 000,199,680 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mpg2splt.ax [2010.10.26 19:47:11 | 000,026,504 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\drivers\Diskdump.sys [2010.10.24 22:05:40 | 000,000,000 | ---D | C] -- C:\Programme\ProgDVB [2010.10.14 22:30:32 | 000,153,376 | ---- | C] (Sun Microsystems, Inc.) -- C:\Windows\System32\javaws.exe [2010.10.14 22:30:32 | 000,145,184 | ---- | C] (Sun Microsystems, Inc.) -- C:\Windows\System32\javaw.exe [2010.10.14 22:30:32 | 000,145,184 | ---- | C] (Sun Microsystems, Inc.) -- C:\Windows\System32\java.exe [2010.10.14 22:23:26 | 000,599,040 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msfeeds.dll [2010.10.14 22:23:25 | 000,044,544 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\licmgr10.dll [2010.10.14 22:23:24 | 000,606,208 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mstime.dll [2010.10.14 22:23:24 | 000,381,440 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\iedkcs32.dll [2010.10.14 22:23:24 | 000,185,856 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\iepeers.dll [2010.10.14 22:23:24 | 000,176,640 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ieui.dll [2010.10.14 22:23:23 | 000,386,048 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\html.iec [2010.10.14 22:23:23 | 000,064,512 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msfeedsbs.dll [2010.10.14 22:23:23 | 000,048,128 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\jsproxy.dll [2010.10.14 22:23:23 | 000,012,800 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msfeedssync.exe [2010.10.14 22:23:22 | 001,638,912 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mshtml.tlb [2010.10.14 22:21:37 | 012,625,408 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\wmploc.DLL [2010.10.14 22:21:25 | 002,327,552 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\win32k.sys [2010.10.14 22:21:21 | 000,109,056 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\t2embed.dll [2010.10.14 22:21:16 | 000,954,752 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mfc40.dll [2010.10.14 22:21:16 | 000,954,288 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mfc40u.dll [2010.10.14 22:20:31 | 000,738,816 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\wmpmde.dll [2010.10.14 22:19:14 | 000,363,520 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\StructuredQuery.dll [2010.10.11 21:28:12 | 000,000,000 | ---D | C] -- C:\Users\Public\Documents\Bibi Blocksberg Musical [2009.02.27 18:17:28 | 000,225,280 | ---- | C] ( ) -- C:\Windows\System32\rsnp2uvc.dll [2009.02.27 18:17:27 | 000,176,128 | ---- | C] ( ) -- C:\Windows\System32\csnp2uvc.dll [1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ] ========== Files - Modified Within 30 Days ========== [2010.11.10 20:53:36 | 004,456,448 | -HS- | M] () -- C:\Users\Tanja\ntuser.dat [2010.11.10 20:48:31 | 000,054,016 | ---- | M] () -- C:\Windows\System32\drivers\yxnjbs.sys [2010.11.10 20:04:00 | 000,001,096 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job [2010.11.10 20:03:20 | 000,000,983 | ---- | M] () -- C:\Users\Public\Desktop\Malwarebytes' Anti-Malware.lnk [2010.11.10 19:55:00 | 000,001,118 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-1525923240-875606291-1102414602-1000UA.job [2010.11.10 12:55:11 | 000,000,868 | ---- | M] () -- C:\Windows\tasks\Google Software Updater.job [2010.11.10 04:16:11 | 000,001,066 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-1525923240-875606291-1102414602-1000Core.job [2010.11.10 04:13:30 | 000,001,092 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job [2010.11.10 04:06:11 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat [2010.11.09 20:15:04 | 000,013,232 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0 [2010.11.09 20:15:04 | 000,013,232 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0 [2010.11.09 20:09:05 | 000,524,288 | -HS- | M] () -- C:\Users\Tanja\ntuser.dat{bdb0c006-ec34-11df-8315-001f1617af5a}.TMContainer00000000000000000002.regtrans-ms [2010.11.09 20:09:05 | 000,524,288 | -HS- | M] () -- C:\Users\Tanja\ntuser.dat{bdb0c006-ec34-11df-8315-001f1617af5a}.TMContainer00000000000000000001.regtrans-ms [2010.11.09 20:09:05 | 000,065,536 | -HS- | M] () -- C:\Users\Tanja\ntuser.dat{bdb0c006-ec34-11df-8315-001f1617af5a}.TM.blf [2010.11.09 20:09:05 | 000,000,006 | -H-- | M] () -- C:\Windows\tasks\SA.DAT [2010.11.09 20:08:39 | 2411,888,640 | -HS- | M] () -- C:\hiberfil.sys [2010.11.08 05:28:19 | 003,008,575 | -H-- | M] () -- C:\Users\Tanja\AppData\Local\IconCache.db [2010.11.07 21:47:59 | 838,871,532 | ---- | M] () -- C:\Users\Tanja\Documents\Image.nrg [2010.11.07 21:36:53 | 838,871,532 | ---- | M] () -- C:\Users\Tanja\Documents\------------------------------------------------------------------------------------------------------------.nrg [2010.11.07 21:30:38 | 838,871,532 | ---- | M] () -- C:\Users\Tanja\Documents\wimmel-bil-da.nrg [2010.11.07 21:11:33 | 838,871,532 | ---- | M] () -- C:\Users\Tanja\Documents\wimmel----------------------------------------.nrg [2010.11.02 21:29:28 | 000,126,856 | ---- | M] (Avira GmbH) -- C:\Windows\System32\drivers\avipbb.sys [2010.11.02 21:29:28 | 000,060,936 | ---- | M] (Avira GmbH) -- C:\Windows\System32\drivers\avgntflt.sys [2010.11.01 05:19:08 | 000,679,342 | ---- | M] () -- C:\Windows\System32\prfh0816.dat [2010.11.01 05:19:08 | 000,663,804 | ---- | M] () -- C:\Windows\System32\prfh0416.dat [2010.11.01 05:19:08 | 000,610,202 | ---- | M] () -- C:\Windows\System32\perfh01F.dat [2010.11.01 05:19:08 | 000,377,870 | ---- | M] () -- C:\Windows\System32\prfh0404.dat [2010.11.01 05:19:08 | 000,361,768 | ---- | M] () -- C:\Windows\System32\prfh0804.dat [2010.11.01 05:19:08 | 000,133,752 | ---- | M] () -- C:\Windows\System32\prfc0816.dat [2010.11.01 05:19:08 | 000,128,094 | ---- | M] () -- C:\Windows\System32\prfc0416.dat [2010.11.01 05:19:08 | 000,121,526 | ---- | M] () -- C:\Windows\System32\perfc01F.dat [2010.11.01 05:19:08 | 000,104,248 | ---- | M] () -- C:\Windows\System32\prfc0804.dat [2010.11.01 05:19:08 | 000,099,334 | ---- | M] () -- C:\Windows\System32\prfc0404.dat [2010.11.01 05:19:07 | 000,694,430 | ---- | M] () -- C:\Windows\System32\perfh00C.dat [2010.11.01 05:19:07 | 000,693,454 | ---- | M] () -- C:\Windows\System32\perfh00A.dat [2010.11.01 05:19:07 | 000,691,192 | ---- | M] () -- C:\Windows\System32\perfh013.dat [2010.11.01 05:19:07 | 000,689,726 | ---- | M] () -- C:\Windows\System32\perfh015.dat [2010.11.01 05:19:07 | 000,689,108 | ---- | M] () -- C:\Windows\System32\perfh010.dat [2010.11.01 05:19:07 | 000,675,958 | ---- | M] () -- C:\Windows\System32\perfh019.dat [2010.11.01 05:19:07 | 000,632,180 | ---- | M] () -- C:\Windows\System32\perfh00E.dat [2010.11.01 05:19:07 | 000,617,568 | ---- | M] () -- C:\Windows\System32\perfh01D.dat [2010.11.01 05:19:07 | 000,616,008 | ---- | M] () -- C:\Windows\System32\perfh009.dat [2010.11.01 05:19:07 | 000,448,586 | ---- | M] () -- C:\Windows\System32\perfh014.dat [2010.11.01 05:19:07 | 000,433,388 | ---- | M] () -- C:\Windows\System32\perfh00B.dat [2010.11.01 05:19:07 | 000,399,736 | ---- | M] () -- C:\Windows\System32\perfh012.dat [2010.11.01 05:19:07 | 000,388,518 | ---- | M] () -- C:\Windows\System32\perfh011.dat [2010.11.01 05:19:07 | 000,353,522 | ---- | M] () -- C:\Windows\System32\perfh00D.dat [2010.11.01 05:19:07 | 000,148,310 | ---- | M] () -- C:\Windows\System32\perfc00E.dat [2010.11.01 05:19:07 | 000,137,062 | ---- | M] () -- C:\Windows\System32\perfc00A.dat [2010.11.01 05:19:07 | 000,134,840 | ---- | M] () -- C:\Windows\System32\perfc015.dat [2010.11.01 05:19:07 | 000,132,940 | ---- | M] () -- C:\Windows\System32\perfc013.dat [2010.11.01 05:19:07 | 000,132,516 | ---- | M] () -- C:\Windows\System32\perfc019.dat [2010.11.01 05:19:07 | 000,130,140 | ---- | M] () -- C:\Windows\System32\perfc00C.dat [2010.11.01 05:19:07 | 000,127,144 | ---- | M] () -- C:\Windows\System32\perfc010.dat [2010.11.01 05:19:07 | 000,123,740 | ---- | M] () -- C:\Windows\System32\perfc01D.dat [2010.11.01 05:19:07 | 000,106,388 | ---- | M] () -- C:\Windows\System32\perfc011.dat [2010.11.01 05:19:07 | 000,104,676 | ---- | M] () -- C:\Windows\System32\perfc012.dat [2010.11.01 05:19:07 | 000,082,148 | ---- | M] () -- C:\Windows\System32\perfc00B.dat [2010.11.01 05:19:07 | 000,077,096 | ---- | M] () -- C:\Windows\System32\perfc014.dat [2010.11.01 05:19:07 | 000,069,094 | ---- | M] () -- C:\Windows\System32\perfc00D.dat [2010.11.01 05:19:06 | 016,093,662 | ---- | M] () -- C:\Windows\System32\PerfStringBackup.INI [2010.11.01 05:19:06 | 000,654,166 | ---- | M] () -- C:\Windows\System32\perfh007.dat [2010.11.01 05:19:06 | 000,623,144 | ---- | M] () -- C:\Windows\System32\perfh005.dat [2010.11.01 05:19:06 | 000,551,770 | ---- | M] () -- C:\Windows\System32\perfh008.dat [2010.11.01 05:19:06 | 000,462,172 | ---- | M] () -- C:\Windows\System32\perfh006.dat [2010.11.01 05:19:06 | 000,434,486 | ---- | M] () -- C:\Windows\System32\perfh001.dat [2010.11.01 05:19:06 | 000,130,006 | ---- | M] () -- C:\Windows\System32\perfc007.dat [2010.11.01 05:19:06 | 000,121,788 | ---- | M] () -- C:\Windows\System32\perfc005.dat [2010.11.01 05:19:06 | 000,106,388 | ---- | M] () -- C:\Windows\System32\perfc009.dat [2010.11.01 05:19:06 | 000,089,436 | ---- | M] () -- C:\Windows\System32\perfc008.dat [2010.11.01 05:19:06 | 000,079,804 | ---- | M] () -- C:\Windows\System32\perfc006.dat [2010.11.01 05:19:06 | 000,078,984 | ---- | M] () -- C:\Windows\System32\perfc001.dat [2010.10.24 20:53:39 | 000,002,560 | ---- | M] () -- C:\Windows\_MSRSTRT.EXE [2010.10.21 19:56:36 | 000,028,568 | ---- | M] () -- C:\Users\Tanja\Desktop\Microsoft Office PowerPoint 2007-Präsentation (neu).pptx [2010.10.21 19:48:12 | 000,001,002 | ---- | M] () -- C:\Users\Tanja\Desktop\PCTV 2001e - Verknüpfung.lnk [2010.10.21 19:00:46 | 000,000,349 | ---- | M] () -- C:\Users\Public\Documents\PCLECHAL.INI [2010.10.19 21:51:33 | 000,222,080 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\MpSigStub.exe [2010.10.17 01:15:37 | 000,500,792 | ---- | M] () -- C:\Windows\System32\FNTCACHE.DAT [2010.10.17 00:34:36 | 000,001,033 | ---- | M] () -- C:\Users\Public\Desktop\Microsoft Security Essentials.lnk [1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ] ========== Files Created - No Company Name ========== [2010.11.10 20:48:31 | 000,054,016 | ---- | C] () -- C:\Windows\System32\drivers\yxnjbs.sys [2010.11.10 20:03:20 | 000,000,983 | ---- | C] () -- C:\Users\Public\Desktop\Malwarebytes' Anti-Malware.lnk [2010.11.09 20:09:05 | 000,524,288 | -HS- | C] () -- C:\Users\Tanja\ntuser.dat{bdb0c006-ec34-11df-8315-001f1617af5a}.TMContainer00000000000000000002.regtrans-ms [2010.11.09 20:09:05 | 000,524,288 | -HS- | C] () -- C:\Users\Tanja\ntuser.dat{bdb0c006-ec34-11df-8315-001f1617af5a}.TMContainer00000000000000000001.regtrans-ms [2010.11.09 20:09:05 | 000,065,536 | -HS- | C] () -- C:\Users\Tanja\ntuser.dat{bdb0c006-ec34-11df-8315-001f1617af5a}.TM.blf [2010.11.07 21:45:36 | 838,871,532 | ---- | C] () -- C:\Users\Tanja\Documents\Image.nrg [2010.11.07 21:34:25 | 838,871,532 | ---- | C] () -- C:\Users\Tanja\Documents\------------------------------------------------------------------------------------------------------------.nrg [2010.11.07 21:28:55 | 838,871,532 | ---- | C] () -- C:\Users\Tanja\Documents\wimmel-bil-da.nrg [2010.11.07 21:08:40 | 838,871,532 | ---- | C] () -- C:\Users\Tanja\Documents\wimmel----------------------------------------.nrg [2010.10.24 20:53:37 | 000,002,560 | ---- | C] () -- C:\Windows\_MSRSTRT.EXE [2010.10.21 19:56:35 | 000,028,568 | ---- | C] () -- C:\Users\Tanja\Desktop\Microsoft Office PowerPoint 2007-Präsentation (neu).pptx [2010.10.21 19:48:12 | 000,001,002 | ---- | C] () -- C:\Users\Tanja\Desktop\PCTV 2001e - Verknüpfung.lnk [2010.04.17 20:15:27 | 000,000,233 | ---- | C] () -- C:\Windows\Caligari.ini [2010.03.09 23:05:32 | 000,000,088 | RHS- | C] () -- C:\Windows\System32\3E9870E545.sys [2010.01.29 17:59:06 | 000,000,088 | RHS- | C] () -- C:\ProgramData\3E9870E545.sys [2010.01.29 17:59:05 | 000,002,828 | -HS- | C] () -- C:\ProgramData\KGyGaAvL.sys [2010.01.18 12:42:06 | 000,034,666 | ---- | C] () -- C:\Windows\Irremote.ini [2010.01.02 18:40:41 | 000,000,026 | ---- | C] () -- C:\Windows\neosetup.INI [2009.12.03 08:27:30 | 000,080,416 | ---- | C] () -- C:\Windows\System32\RtNicProp32.dll [2009.11.27 23:43:24 | 000,000,069 | ---- | C] () -- C:\Windows\NeroDigital.ini [2009.11.21 16:01:48 | 000,011,264 | ---- | C] () -- C:\Users\Tanja\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini [2009.11.17 20:11:03 | 000,002,130 | ---- | C] () -- C:\ProgramData\hpzinstall.log [2009.10.24 14:37:29 | 003,008,575 | -H-- | C] () -- C:\Users\Tanja\AppData\Local\IconCache.db [2009.10.23 19:25:30 | 000,142,320 | ---- | C] () -- C:\Users\Tanja\AppData\Local\GDIPFONTCACHEV1.DAT [2009.10.23 19:22:13 | 016,093,662 | ---- | C] () -- C:\Windows\System32\PerfStringBackup.INI [2009.09.16 20:35:45 | 002,614,482 | ---- | C] () -- C:\Users\Tanja\AppData\Roaming\install.txt [2009.08.12 17:09:08 | 000,117,248 | ---- | C] () -- C:\Windows\System32\EhStorAuthn.dll [2009.08.12 15:49:44 | 000,339,968 | ---- | C] () -- C:\Windows\System32\pythoncom25.dll [2009.08.12 15:49:44 | 000,114,688 | ---- | C] () -- C:\Windows\System32\pywintypes25.dll [2009.08.03 14:07:42 | 000,403,816 | ---- | C] () -- C:\Windows\System32\OGACheckControl.dll [2009.07.14 05:41:57 | 000,000,174 | -HS- | C] () -- C:\Programme\desktop.ini [2009.07.14 03:04:57 | 000,001,405 | ---- | C] () -- C:\Windows\msdfmap.ini [2009.07.14 03:04:23 | 000,000,219 | ---- | C] () -- C:\Windows\system.ini [2009.07.14 00:51:43 | 000,073,728 | ---- | C] () -- C:\Windows\System32\BthpanContextHandler.dll [2009.07.14 00:42:10 | 000,064,000 | ---- | C] () -- C:\Windows\System32\BWContextHandler.dll [2009.07.13 22:40:44 | 000,027,097 | ---- | C] () -- C:\Windows\System32\country.sys [2009.07.13 22:40:43 | 000,042,809 | ---- | C] () -- C:\Windows\System32\KEY01.SYS [2009.07.13 22:40:43 | 000,042,537 | ---- | C] () -- C:\Windows\System32\KEYBOARD.SYS [2009.07.13 22:40:41 | 000,009,029 | ---- | C] () -- C:\Windows\System32\ANSI.SYS [2009.07.13 22:40:40 | 000,004,768 | ---- | C] () -- C:\Windows\System32\HIMEM.SYS [2009.07.13 22:40:39 | 000,029,274 | ---- | C] () -- C:\Windows\System32\NTDOS412.SYS [2009.07.13 22:40:35 | 000,029,370 | ---- | C] () -- C:\Windows\System32\NTDOS411.SYS [2009.07.13 22:40:31 | 000,029,146 | ---- | C] () -- C:\Windows\System32\NTDOS404.SYS [2009.07.13 22:40:27 | 000,029,146 | ---- | C] () -- C:\Windows\System32\NTDOS804.SYS [2009.07.13 22:40:23 | 000,027,866 | ---- | C] () -- C:\Windows\System32\NTDOS.SYS [2009.07.13 22:40:19 | 000,035,536 | ---- | C] () -- C:\Windows\System32\NTIO412.SYS [2009.07.13 22:40:17 | 000,035,776 | ---- | C] () -- C:\Windows\System32\NTIO411.SYS [2009.07.13 22:40:15 | 000,034,672 | ---- | C] () -- C:\Windows\System32\NTIO404.SYS [2009.07.13 22:40:13 | 000,034,672 | ---- | C] () -- C:\Windows\System32\NTIO804.SYS [2009.07.13 22:40:11 | 000,033,952 | ---- | C] () -- C:\Windows\System32\NTIO.SYS [2009.07.13 22:03:59 | 000,364,544 | ---- | C] () -- C:\Windows\System32\msjetoledb40.dll [2009.07.13 21:29:46 | 000,013,312 | ---- | C] () -- C:\Windows\System32\win87em.dll [2009.06.10 22:39:59 | 000,060,124 | ---- | C] () -- C:\Windows\System32\tcpmon.ini [2009.06.02 17:11:16 | 000,085,504 | ---- | C] () -- C:\Windows\System32\ff_vfw.dll [2009.05.29 15:52:26 | 000,180,224 | ---- | C] () -- C:\Windows\System32\xvidvfw.dll [2009.05.29 15:47:06 | 000,765,952 | ---- | C] () -- C:\Windows\System32\xvidcore.dll [2009.02.27 18:17:28 | 001,799,808 | ---- | C] () -- C:\Windows\System32\drivers\snp2uvc.sys [2009.02.27 18:17:28 | 000,028,544 | ---- | C] () -- C:\Windows\System32\drivers\sncduvc.sys [2009.02.27 18:17:28 | 000,015,497 | ---- | C] () -- C:\Windows\snp2uvc.ini [2009.02.26 21:09:31 | 000,002,828 | -HS- | C] () -- C:\Windows\System32\KGyGaAvL.sys [2009.02.26 21:09:31 | 000,000,008 | RHS- | C] () -- C:\Windows\System32\F928A0FA17.sys [2008.09.12 15:21:02 | 000,000,547 | ---- | C] () -- C:\Windows\System32\ff_vfw.dll.manifest [2007.09.04 11:56:10 | 000,164,352 | ---- | C] () -- C:\Windows\System32\unrar.dll [2007.02.05 19:05:26 | 000,000,038 | ---- | C] () -- C:\Windows\AviSplitter.INI [2006.11.02 11:23:31 | 000,000,335 | ---- | C] () -- C:\Windows\win.ini ========== LOP Check ========== [2009.11.02 05:22:24 | 000,000,000 | ---D | M] -- C:\Users\Tanja\AppData\Roaming\Advertisement Consulting International Ltd [2009.10.23 18:47:59 | 000,000,000 | ---D | M] -- C:\Users\Tanja\AppData\Roaming\Aisle 5 Games, Inc [2009.10.23 18:48:00 | 000,000,000 | ---D | M] -- C:\Users\Tanja\AppData\Roaming\AntiBrowserSpy 2009 [2009.11.01 23:10:50 | 000,000,000 | ---D | M] -- C:\Users\Tanja\AppData\Roaming\ASCON Installer [2010.06.07 03:42:52 | 000,000,000 | ---D | M] -- C:\Users\Tanja\AppData\Roaming\Azureus [2009.10.23 18:48:14 | 000,000,000 | ---D | M] -- C:\Users\Tanja\AppData\Roaming\F-Secure [2010.06.29 19:15:25 | 000,000,000 | ---D | M] -- C:\Users\Tanja\AppData\Roaming\Flatcast [2010.02.17 13:02:35 | 000,000,000 | ---D | M] -- C:\Users\Tanja\AppData\Roaming\Flood Light Games [2010.05.25 00:32:21 | 000,000,000 | ---D | M] -- C:\Users\Tanja\AppData\Roaming\FVDToolbar [2009.10.23 18:48:14 | 000,000,000 | ---D | M] -- C:\Users\Tanja\AppData\Roaming\GHISLER [2010.01.06 17:08:12 | 000,000,000 | ---D | M] -- C:\Users\Tanja\AppData\Roaming\Gogii Games [2010.02.06 19:51:32 | 000,000,000 | ---D | M] -- C:\Users\Tanja\AppData\Roaming\Magic Academy [2010.01.02 19:49:41 | 000,000,000 | ---D | M] -- C:\Users\Tanja\AppData\Roaming\Meridian93 [2010.09.02 22:40:10 | 000,000,000 | ---D | M] -- C:\Users\Tanja\AppData\Roaming\NCH Swift Sound [2009.10.23 18:48:27 | 000,000,000 | ---D | M] -- C:\Users\Tanja\AppData\Roaming\OpenOffice.org [2010.05.25 00:11:03 | 000,000,000 | ---D | M] -- C:\Users\Tanja\AppData\Roaming\Opera [2010.02.19 17:29:53 | 000,000,000 | ---D | M] -- C:\Users\Tanja\AppData\Roaming\PoBros [2010.07.19 20:05:30 | 000,000,000 | ---D | M] -- C:\Users\Tanja\AppData\Roaming\PopCapv1002 [2010.02.27 15:10:11 | 000,000,000 | ---D | M] -- C:\Users\Tanja\AppData\Roaming\SecondLife [2010.02.06 18:38:50 | 000,000,000 | ---D | M] -- C:\Users\Tanja\AppData\Roaming\Skip-Bo [2009.10.23 18:48:28 | 000,000,000 | ---D | M] -- C:\Users\Tanja\AppData\Roaming\TeamViewer [2009.10.23 18:48:28 | 000,000,000 | ---D | M] -- C:\Users\Tanja\AppData\Roaming\VistaCodecs [2009.10.23 18:48:28 | 000,000,000 | ---D | M] -- C:\Users\Tanja\AppData\Roaming\Walea GmbH [2010.07.11 23:30:51 | 000,000,000 | ---D | M] -- C:\Users\Tanja\AppData\Roaming\Zylom [2010.11.06 08:15:41 | 000,032,640 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT ========== Purity Check ========== ========== Alternate Data Streams ========== @Alternate Data Stream - 112 bytes -> C:\ProgramData\Temp:B606BA34 < End of report > |
|
11.11.2010, 20:15
| #7 |
| | Mehrere Trojaner +koobface gefunden OTL EXTRAS Logfile: Code:
ATTFilter OTL Extras logfile created on: 10.11.2010 20:50:36 - Run 1
OTL by OldTimer - Version 3.2.17.3 Folder = C:\Users\Tanja\Downloads
Ultimate Edition (Version = 6.1.7600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.7600.16385)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
3,00 Gb Total Physical Memory | 1,00 Gb Available Physical Memory | 41,00% Memory free
6,00 Gb Paging File | 3,00 Gb Available in Paging File | 53,00% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 440,37 Gb Total Space | 236,87 Gb Free Space | 53,79% Space Free | Partition Type: NTFS
Drive D: | 25,37 Gb Total Space | 0,00 Gb Free Space | 0,00% Space Free | Partition Type: FAT32
Computer Name: TANJA-PC | User Name: Tanja | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: Off | File Age = 30 Days
========== Extra Registry (SafeList) ==========
========== File Associations ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- C:\Windows\System32\control.exe (Microsoft Corporation)
.hlp [@ = hlpfile] -- C:\Windows\winhlp32.exe (Microsoft Corporation)
.js [@ = JSFile] -- C:\Windows\System32\CScript.exe (Microsoft Corporation)
.jse [@ = JSEFile] -- C:\Windows\System32\CScript.exe (Microsoft Corporation)
.vbe [@ = VBEFile] -- C:\Windows\System32\CScript.exe (Microsoft Corporation)
.vbs [@ = VBSFile] -- C:\Windows\System32\CScript.exe (Microsoft Corporation)
.wsf [@ = WSFFile] -- C:\Windows\System32\CScript.exe (Microsoft Corporation)
[HKEY_CURRENT_USER\SOFTWARE\Classes\<extension>]
.html [@ = ChromeHTML] -- C:\Users\Tanja\AppData\Local\Google\Chrome\Application\chrome.exe (Google Inc.)
========== Shell Spawning ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
hlpfile [open] -- %SystemRoot%\winhlp32.exe %1 (Microsoft Corporation)
htmlfile [edit] -- "C:\Program Files\Microsoft Office\Office14\msohtmed.exe" %1 (Microsoft Corporation)
htmlfile [print] -- "C:\Program Files\Microsoft Office\Office14\msohtmed.exe" /p %1 (Microsoft Corporation)
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
jsfile [open] -- %SystemRoot%\System32\CScript.exe "%1" %* (Microsoft Corporation)
jsefile [open] -- %SystemRoot%\System32\CScript.exe "%1" %* (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l (Microsoft Corporation)
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
vbefile [open] -- %SystemRoot%\System32\CScript.exe "%1" %* (Microsoft Corporation)
vbsfile [open] -- %SystemRoot%\System32\CScript.exe "%1" %* (Microsoft Corporation)
wsffile [open] -- %SystemRoot%\System32\CScript.exe "%1" %* (Microsoft Corporation)
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [AddToPlaylistVLC] -- "C:\Program Files\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" ()
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [PlayWithVLC] -- "C:\Program Files\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" ()
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
========== Security Center Settings ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"VistaSp1" = Reg Error: Unknown registry data type -- File not found
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]
========== Firewall Settings ==========
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
========== Authorized Applications List ==========
========== HKEY_LOCAL_MACHINE Uninstall List ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{{598D99F7-B97C-424F-B899-69B339336411}}" = Disney Micro
"{001E7FB6-BB6B-4ED0-BEDC-B5404ED96D4E}" = DocProc
"{002D9D5E-29BA-3E6D-9BC4-3D7D6DBC735C}" = Microsoft Visual C++ 2008 ATL Update kb973924 - x86 9.0.30729.4148
"{00F93853-D9D3-4795-A89E-84CCBA0205C9}" = Microsoft IntelliPoint 8.0
"{01FB4998-33C4-4431-85ED-079E3EEFE75D}" = CyberLink YouCam
"{02602409-9189-4567-BC07-562605243B69}" = Windows Live Remote Client Resources
"{0289B35E-DC07-4c7a-9710-BBD686EA4B7D}" = Status
"{0481A2EA-DA1D-4D10-A7C3-F8237948F6B5}" = Messenger Companion
"{091DE262-A5F4-4D6A-97F0-0D6A93D6F4F7}" = RawPacketDriver
"{0B0F231F-CE6A-483D-AA23-77B364F75917}" = Windows Live Installer
"{0EDBEB2B-7C8D-42E6-8312-0F84394A3223}" = Windows Media Center Add-in for Silverlight
"{10A44844-4465-456E-8C97-80BDD4F68845}" = Windows Live ID-Anmelde-Assistent
"{13F00518-807A-4B3A-83B0-A7CD90F3A398}" = MarketResearch
"{13F3917B56CD4C25848BDC69916971BB}" = DivX Converter
"{1753255A-0AEB-4220-8C75-607B73F0C133}" = Copy
"{18455581-E099-4BA8-BC6B-F34B2F06600C}" = Google Toolbar for Internet Explorer
"{18D10072035C4515918F7E37EAFAACFC}" = AutoUpdate
"{192A107E-C6B9-41B9-BDBF-38E3AA226054}" = OpenOffice.org 3.2
"{19A4A990-5343-4FF7-B3B5-6F046C091EDF}" = Windows Live Remote Client
"{1DDB95A4-FD7B-4517-B3F1-2BCAA96879E6}" = Windows Live Writer Resources
"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
"{1F6AB0E7-8CDD-4B93-8A23-AA9EB2FEFCE4}" = Junk Mail filter update
"{200FEC62-3C34-4D60-9CE8-EC372E01C08F}" = Windows Live SOXE Definitions
"{20BB7EE4-9750-4EAC-B202-7A79B12B6382}" = Panda Internet Security 2010
"{227E8782-B2F4-4E97-B0EE-49DE9CC1C0C0}" = Windows Live Remote Service
"{2318C2B1-4965-11d4-9B18-009027A5CD4F}" = Google Toolbar for Internet Explorer
"{2614F54E-A828-49FA-93BA-45A3F756BFAA}" = 32 Bit HP CIO Components Installer
"{268CF0B8-CA38-4E20-9E99-514A07F7C1F1}" = ArcSoft TotalMedia 3.5
"{26A24AE4-039D-4CA4-87B4-2F83216013FF}" = Java(TM) 6 Update 22
"{29FA38B4-0AE4-4D0D-8A51-6165BB990BB0}" = WebReg
"{2B4E24A0-A06F-488D-87D8-16738E5E1104}" = Windows Live Family Safety
"{2BF2E31F-B8BB-40A7-B650-98D28E0F7D47}" = CyberLink PowerDVD 8
"{2F28B3C9-2C89-4206-8B33-8ADC9577C49B}" = Scan
"{3336F667-9049-4D46-98B6-4C743EEBC5B1}" = Windows Live Photo Gallery
"{36FDBE6E-6684-462B-AE98-9A39A1B200CC}" = HP Product Assistant
"{3921A67A-5AB1-4E48-9444-C71814CF3027}" = VCRedistSetup
"{399C37FB-08AF-493B-BFED-20FBD85EDF7F}" = USB Video Device
"{39D0E034-1042-4905-BECB-5502909FCB7C}" = Microsoft Works
"{3A65A74A-5B6E-451A-92D8-50F1182BBE9A}" = Windows Live Remote Service Resources
"{3C3901C5-3455-3E0A-A214-0B093A5070A6}" = Microsoft .NET Framework 4 Client Profile
"{3C8D3E94-9DFB-4A2F-9A74-35CB06697576}" = TV DIGITAL OnGuide
"{3FC7CBBC4C1E11DCA1A752EA55D89593}" = DivX Version Checker
"{47948554-90C6-4AAC-8CFA-D23CE11C1031}" = Nero 8 Essentials
"{487B0B9B-DCD4-440D-89A0-A6EDE1A545A3}" = HPSSupply
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{4CBABDFD-49F8-47FD-BE7D-ECDE7270525A}" = Windows Live PIMT Platform
"{4D43D635-6FDA-4fa5-AA9B-23CF73D058EA}" = Nero StartSmart OEM
"{543E938C-BDC4-4933-A612-01293996845F}" = UnloadSupport
"{56C049BE-79E9-4502-BEA7-9754A3E60F9B}" = neroxml
"{598D99F7-B97C-424F-B899-69B339336411}" = Disney Micro
"{5c817fef-94af-4c72-b246-49c2dacd8b77}" = Nero 9 Essentials
"{5E335FB1-87E8-41DF-AF8D-6B51E03A36AA}" = PCTV Package - Windows Media Center
"{5EE7D259-D137-4438-9A5F-42F432EC0421}" = VC80CRTRedist - 8.0.50727.4053
"{61AD15B2-50DB-4686-A739-14FE180D4429}" = Windows Live ID Sign-in Assistant
"{65DA2EC9-0642-47E9-AAE2-B5267AA14D75}" = Activation Assistant for the 2007 Microsoft Office suites
"{66E6CE0C-5A1E-430C-B40A-0C90FF1804A8}" = eSupportQFolder
"{682B3E4F-696A-42DE-A41C-4C07EA1678B4}" = Windows Live SOXE
"{69FDFBB6-351D-4B8C-89D8-867DC9D0A2A4}" = Windows Media Player Firefox Plugin
"{6F5E2F4A-377D-4700-B0E3-8F7F7507EA15}" = CustomerResearchQFolder
"{7299052b-02a4-4627-81f2-1818da5d550d}" = Microsoft Visual C++ 2005 Redistributable
"{7426D8C8-7323-4A3D-9F94-2465B95C26B5}" = TVCenter
"{76618402-179D-4699-A66B-D351C59436BC}" = Windows Live Sync
"{770657D0-A123-3C07-8E44-1C83EC895118}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
"{7748ac8c-18e3-43bb-959b-088faea16fb2}" = Nero StartSmart
"{78A96B4C-A643-4D0F-98C2-A8E16A6669F9}" = Windows Live Messenger Companion Core
"{7AE58266-B58D-44D8-A0CB-E83F01B67C6B}" = Disney Pix Micro Downloader
"{7B63B2922B174135AFC0E1377DD81EC2}" = DivX Codec
"{80E158EA-7181-40FE-A701-301CE6BE64AB}" = CyberLink MediaShow
"{80E4B2D6-BFF2-402C-96C4-3942DF24CABB}_is1" = FVD Suite 2.4.5
"{818ABC3C-635C-4651-8183-D0E9640B7DD1}" = HP Update
"{824D3839-DAA1-4315-A822-7AE3E620E528}" = VideoToolkit01
"{837b34e3-7c30-493c-8f6a-2b0f04e2912c}" = Microsoft Visual C++ 2005 Redistributable
"{8389382B-53BA-4A87-8854-91E3D80A5AC7}" = HP Photosmart Essential2.01
"{83d96ed0-98aa-4515-8ddc-816f3efdd104}" = DB CIF Cam
"{84ED5482-CFB0-4DD9-BF18-489FFDACD18A}" = Microsoft Antimalware Service DE-DE Language Pack
"{859D4022-B76D-40DE-96EF-C90CDA263F44}" = Windows Live Writer
"{873E4648-6F6E-47F6-A7B2-A6F8DFABDCE6}" = Windows Live Messenger
"{87E2B986-07E8-477a-93DC-AF0B6758B192}" = DocProcQFolder
"{8833FFB6-5B0C-4764-81AA-06DFEED9A476}" = Realtek 8169 8168 8101E 8102E Ethernet Driver
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{8ADFC4160D694100B5B8A22DE9DCABD9}" = DivX Player
"{8C6D6116-B724-4810-8F2D-D047E6B7D68E}" = Mesh Runtime
"{8DD46C6A-0056-4FEC-B70A-28BB16A1F11F}" = MSVCRT
"{90120000-0020-0407-0000-0000000FF1CE}" = Compatibility Pack für 2007 Office System
"{90140000-0011-0000-0000-0000000FF1CE}" = Microsoft Office Professional Plus 2010
"{90140000-0015-0407-0000-0000000FF1CE}" = Microsoft Office Access MUI (German) 2010
"{90140000-0016-0407-0000-0000000FF1CE}" = Microsoft Office Excel MUI (German) 2010
"{90140000-0018-0407-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (German) 2010
"{90140000-0019-0407-0000-0000000FF1CE}" = Microsoft Office Publisher MUI (German) 2010
"{90140000-001A-0407-0000-0000000FF1CE}" = Microsoft Office Outlook MUI (German) 2010
"{90140000-001B-0407-0000-0000000FF1CE}" = Microsoft Office Word MUI (German) 2010
"{90140000-001F-0407-0000-0000000FF1CE}" = Microsoft Office Proof (German) 2010
"{90140000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2010
"{90140000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2010
"{90140000-001F-0410-0000-0000000FF1CE}" = Microsoft Office Proof (Italian) 2010
"{90140000-002C-0407-0000-0000000FF1CE}" = Microsoft Office Proofing (German) 2010
"{90140000-0044-0407-0000-0000000FF1CE}" = Microsoft Office InfoPath MUI (German) 2010
"{90140000-006E-0407-0000-0000000FF1CE}" = Microsoft Office Shared MUI (German) 2010
"{90140000-00A1-0407-0000-0000000FF1CE}" = Microsoft Office OneNote MUI (German) 2010
"{90140000-00BA-0407-0000-0000000FF1CE}" = Microsoft Office Groove MUI (German) 2010
"{92EA4134-10D1-418A-91E1-5A0453131A38}" = Windows Live Movie Maker
"{95120000-00AF-0407-0000-0000000FF1CE}" = Microsoft Office PowerPoint Viewer 2007 (German)
"{95120000-00B9-0409-0000-0000000FF1CE}" = Microsoft Application Error Reporting
"{95140000-007A-0407-0000-0000000FF1CE}" = Microsoft Office Outlook Connector
"{95140000-007D-0409-0000-0000000FF1CE}" = Microsoft Outlook Social Connector Provider for Windows Live Messenger 32-bit
"{991C5595-5151-4D70-B6CC-90633AC69076}" = HP Wireless Printer Adapter
"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
"{9C2D4047-0E40-499a-AC7A-C4B9BB12FE03}" = TrayApp
"{9D318C86-AF4C-409F-A6AC-7183FF4CF424}" = Internet-TV für Windows Media Center
"{9D56775A-93F3-44A3-8092-840E3826DE30}" = Windows Live Mail
"{9E48FF52-082C-4CC2-BB67-6E10D09C0431}" = Windows Live UX Platform Language Pack
"{A726AE06-AAA3-43D1-87E3-70F510314F04}" = Windows Live Writer
"{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper
"{A94EFA5E-3595-404D-B279-75C93C141D9B}" = DistanTV Client
"{A96E97134CA649888820BCDE5E300BBD}" = H.264 Decoder
"{A9BDCA6B-3653-467B-AC83-94367DA3BFE3}" = Windows Live Photo Common
"{AAAFC670-569B-4A2F-82B4-42945E0DE3EF}" = Windows Live Writer
"{AAC389499AEF40428987B3D30CFC76C9}" = MKV Splitter
"{AB5D51AE-EBC3-438D-872C-705C7C2084B0}" = DeviceManagementQFolder
"{AC76BA86-7AD7-1031-7B44-A94000000001}" = Adobe Reader 9.4.0 - Deutsch
"{ACA85783-8EEA-4f0a-B2A3-A8173F30209F}" = C4200_doccd
"{ACFBE99B-6981-4513-B17E-A2683CEB9EE5}" = Windows Live Mesh
"{AE3CF174-872C-46C6-B9F6-C0593F3BC7B8}" = Microsoft Office Live Add-in 1.4
"{AEA07F97-9088-497c-8821-0F36BD5DC251}" = HPProductAssistant
"{AEF9DC35ADDF4825B049ACBFD1C6EB37}" = AAC Decoder
"{AF7FC1CA-79DF-43c3-90A3-33EFEB9294CE}" = AIO_Scan
"{AF844339-2F8A-4593-81B3-9F4C54038C4E}" = Windows Live MIME IFilter
"{B09BCBF6-87EE-4403-A336-3A9510856535}" = HP Photosmart All-In-One Software 9.0
"{B113D18C-67B0-4FB7-B329-E89B66194AE6}" = Windows Live Fotogalerie
"{B1239994-A850-44E2-BED8-E70A21124E16}" = Windows Live Mail
"{B13A7C41581B411290FBC0395694E2A9}" = DivX Converter
"{B2544A03-10D0-4E5E-BA69-0362FFC20D18}" = OGA Notifier 2.0.0048.0
"{b2ec4a38-b545-4a00-8214-13fe0e915e6d}" = Advertising Center
"{B7050CBDB2504B34BC2A9CA0A692CC29}" = DivX Plus Web Player
"{B7A0CE06-068E-11D6-97FD-0050BACBF861}" = CyberLink PowerProducer
"{BA9C8A3B-7A17-4A52-9F11-A6E823EE4305}" = Google SketchUp 7
"{BCD6CD1A-0DBE-412E-9F25-3B500D1E6BA1}" = SolutionCenter
"{bd5ca0da-71ad-43da-b19e-6eee0c9adc9a}" = Nero ControlCenter
"{BFDE4176-5DFE-4db9-AA00-8F30CB001BDA}" = c4200_Help
"{C2AB7DC4-489E-4BE9-887A-52262FBADBE0}" = Windows Live Photo Common
"{C39E671D-0528-4c5e-A034-8470C5BC393A}" = C4200
"{C5398A89-516C-4DAF-BA07-EE7949090E56}" = Windows Live Mesh ActiveX control for remote connections
"{CB099890-1D5F-11D5-9EA9-0050BAE317E1}" = CyberLink PowerDirector
"{CCA5EAAD-92F4-4B7A-B5EE-14294C66AB61}" = PlayReady PC Runtime x86
"{CE95A79E-E4FC-4FFF-8A75-29F04B942FF2}" = Windows Live UX Platform
"{CFF8B8E8-E086-4DE0-935F-FE22CAB54F80}" = Microsoft Search Enhancement Pack
"{D0E39A1D-0CEE-4D85-B4A2-E3BE990D075E}" = Destination Component
"{D1DDE912-03B9-4C1C-A7EB-C60693820E18}" = HP Wireless Adapter
"{D36DD326-7280-11D8-97C8-000129760CBE}" = CyberLink PhotoNow
"{D45240D3-B6B3-4FF9-B243-54ECE3E10066}" = Windows Live Communications Platform
"{D8B7A682-20DA-4797-8415-B1FB14D4D32B}" = PS_AIO_Software
"{dba84796-8503-4ff0-af57-1747dd9a166d}" = Nero Online Upgrade
"{DC24971E-1946-445D-8A82-CE685433FA7D}" = Realtek USB 2.0 Card Reader
"{DD1DDD99-D225-40CD-9433-44667C7ABD3F}" = Disney Pix 2.2
"{DECDCB7C-58CC-4865-91AF-627F9798FE48}" = Windows Live Mesh
"{E09C4DB7-630C-4F06-A631-8EA7239923AF}" = D3DX10
"{E2662C24-B31E-4349-A084-32EB76E8B760}" = BufferChm
"{E28750A2-45F2-4b63-99F7-9F81A94B1E2D}" = PS_AIO_Software_min
"{E38C00D0-A68B-4318-A8A6-F7D4B5B1DF0E}" = Windows Media Encoder 9 Series
"{E4E88B54-4777-4659-967A-2EED1E6AFD83}" = Windows Live Movie Maker
"{E503B4BF-F7BB-3D5F-8BC8-F694B1CFF942}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022.218
"{E62A1F01-07B7-4541-A835-EE5B0BF064C2}" = Microsoft Antimalware
"{e8a80433-302b-4ff1-815d-fcc8eac482ff}" = Nero Installer
"{E9C18EBD-85BE-47D0-AA73-3FEDCC976B04}" = Toolbox
"{EB4DF488-AAEF-406F-A341-CB2AAA315B90}" = Windows Live Messenger
"{EF1ADA5A-0B1A-4662-8C55-7475A61D8B65}" = DeviceDiscovery
"{EF98A02A-1748-4762-9B7D-5ED1600520D5}" = Microsoft Security Essentials
"{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}" = Microsoft SQL Server 2005 Compact Edition [ENU]
"{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver
"{F428D0FB-765D-40EB-BDD8-A1E7F5C597FA}" = Update Manager
"{F53D678E-238F-4A71-9742-08BB6774E9DC}" = Windows Live Family Safety
"{F72E2DDC-3DB8-4190-A21D-63883D955FE7}" = PSSWCORE
"{F750C986-5310-3A5A-95F8-4EC71C8AC01C}" = Microsoft .NET Framework 4 Client Profile DEU Language Pack
"{F95E4EE0-0C6E-4273-B6B9-91FD6F071D76}" = Windows Live Essentials
"{F9FD80CE-0448-4D4F-8BCD-77FC514C3F99}" = Vista Codec Package
"{FD7F242B-9AA0-40c3-941E-3A9821D19C09}" = PS_AIO_ProductContext
"{FE0646A7-19D0-41B4-A2BB-2C35D644270D}" = Windows Live OneCare safety scanner
"Activation Assistant for the 2007 Microsoft Office suites" = Activation Assistant for the 2007 Microsoft Office suites
"Adobe Flash Player ActiveX" = Adobe Flash Player 10 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 10 Plugin
"Adobe Shockwave Player" = Adobe Shockwave Player 11.5
"Avira AntiVir Desktop" = Avira AntiVir Personal - Free Antivirus
"conduitEngine" = Conduit Engine
"DivX Plus DirectShow Filters" = DivX Plus DirectShow Filters
"ExpressBurn" = Express Burn Disc Burning Software
"ExpressRip" = Express Rip
"Flatcast_is1" = Flatcast Viewer Plugin 5.0.356
"Free YouTube Download_is1" = Free YouTube Download 2.3
"Google Updater" = Google Updater
"HP Imaging Device Functions" = HP Imaging Device Functions 9.0
"HP Photosmart Essential" = HP Photosmart Essential 2.01
"HP Solution Center & Imaging Support Tools" = HP Solution Center 9.0
"HPExtendedCapabilities" = HP Customer Participation Program 9.0
"HPOCR" = HP OCR Software 9.0
"InstallShield_{01FB4998-33C4-4431-85ED-079E3EEFE75D}" = CyberLink YouCam
"InstallShield_{2BF2E31F-B8BB-40A7-B650-98D28E0F7D47}" = CyberLink PowerDVD 8
"InstallShield_{80E158EA-7181-40FE-A701-301CE6BE64AB}" = CyberLink MediaShow
"InstallShield_{B7A0CE06-068E-11D6-97FD-0050BACBF861}" = CyberLink PowerProducer
"InstallShield_{CB099890-1D5F-11D5-9EA9-0050BAE317E1}" = CyberLink PowerDirector
"InstallShield_{D36DD326-7280-11D8-97C8-000129760CBE}" = CyberLink PhotoNow
"Malwarebytes' Anti-Malware_is1" = Malwarebytes' Anti-Malware
"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile
"Microsoft .NET Framework 4 Client Profile DEU Language Pack" = Microsoft .NET Framework 4 Client Profile DEU Language Pack
"Microsoft Security Essentials" = Microsoft Security Essentials
"Mozilla Firefox (3.6.10)" = Mozilla Firefox (3.6.10)
"NVIDIA Drivers" = NVIDIA Drivers
"Office14.PROPLUS" = Microsoft Office Professional Plus 2010
"SynTPDeinstKey" = Synaptics Pointing Device Driver
"TeamViewer 5" = TeamViewer 5
"Uninstall_is1" = Uninstall 1.0.0.1
"VLC media player" = VLC media player 1.0.1
"WavePad" = WavePad Audiobearbeitungs-Software
"Windows Live OneCare safety scanner" = Windows Live OneCare safety scanner
"Windows Media Encoder 9" = Windows Media Encoder 9 Series
"WinLiveSuite" = Windows Live Essentials
"WinRAR archiver" = WinRAR
"XMedia Recode" = XMedia Recode 2.1.3.7
"Xvid_is1" = Xvid 1.1.3 final uninstall
"ZDFmediathek_is1" = ZDFmediathek Version 2.1.5
========== HKEY_CURRENT_USER Uninstall List ==========
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"Cooliris Widget" = Cooliris Widget
"eduMap" = eduMap
"Flash Video Downloader. Youtube Downloader" = Flash Video Downloader. Youtube Downloader
"Google Chrome" = Google Chrome
"GoogleToolBar" = GoogleToolBar
"Move Networks Player - IE" = Move Networks Media Player for Internet Explorer
"Spirograph" = Spirograph
"Video Downloader" = Video Downloader
========== Last 10 Event Log Errors ==========
Error reading Event Logs: The Event Service is not operating properly or the Event Logs are corrupt!
< End of report >
|
|
11.11.2010, 20:16
| #8 |
| | Mehrere Trojaner +koobface gefunden ich hof--e das war das richtige wenn nicht mach ich es neu  danke schon mal- |
|
11.11.2010, 23:02
| #9 | |
| /// Winkelfunktion /// TB-Süch-Tiger™ | Mehrere Trojaner +koobface gefundenZitat:
Denk daran, dass Malwarebytes vor jedem Scan manuell aktualisiert werden muss! Falls Logs aus älteren Scans mit Malwarebytes vorhanden, bitte auch davon alle posten!
__________________ Logfiles bitte immer in CODE-Tags posten  |
|
12.11.2010, 16:03
| #10 |
| | Mehrere Trojaner +koobface gefunden ok dann l-ass ich es nochmal- durchla-ufen |
|
13.11.2010, 07:45
| #11 |
| | Mehrere Trojaner +koobface gefunden Malwarebytes' Anti-Malware 1.46 Malwarebytes Datenbank Version: 5100 Windows 6.1.7600 Internet Explorer 8.0.7600.16385 13.11.2010 00:08:13 mbam-log-2010-11-13 (00-08-13).txt Art des Suchlaufs: Vollständiger Suchlauf (C:\|D:\|) Durchsuchte Objekte: 569713 Laufzeit: 8 Stunde(n), 3 Minute(n), 12 Sekunde(n) Infizierte Speicherprozesse: 0 Infizierte Speichermodule: 0 Infizierte Registrierungsschlüssel: 0 Infizierte Registrierungswerte: 0 Infizierte Dateiobjekte der Registrierung: 0 Infizierte Verzeichnisse: 0 Infizierte Dateien: 0 Infizierte Speicherprozesse: (Keine bösartigen Objekte gefunden) Infizierte Speichermodule: (Keine bösartigen Objekte gefunden) Infizierte Registrierungsschlüssel: (Keine bösartigen Objekte gefunden) Infizierte Registrierungswerte: (Keine bösartigen Objekte gefunden) Infizierte Dateiobjekte der Registrierung: (Keine bösartigen Objekte gefunden) Infizierte Verzeichnisse: (Keine bösartigen Objekte gefunden) Infizierte Dateien: (Keine bösartigen Objekte gefunden) |
|
14.11.2010, 09:24
| #12 |
| /// Winkelfunktion /// TB-Süch-Tiger™ | Mehrere Trojaner +koobface gefunden Dann bitte jetzt CF ausführen: ComboFix Ein Leitfaden und Tutorium zur Nutzung von ComboFix
Combofix darf ausschließlich ausgeführt werden, wenn ein Kompetenzler dies ausdrücklich empfohlen hat!
__________________ Logfiles bitte immer in CODE-Tags posten |
|
15.11.2010, 16:28
| #13 |
| | Mehrere Trojaner +koobface gefunden ok mach ich |
|
15.11.2010, 17:50
| #14 |
| | Mehrere Trojaner +koobface gefunden Combofix Logfile: Code:
ATTFilter ComboFix 10-11-14.04 - Tanja 15.11.2010 17:15:56.2.2 - x86
Microsoft Windows 7 Ultimate 6.1.7600.0.1252.49.1031.18.3067.1464 [GMT 1:00]
ausgeführt von:: c:\users\Tanja\Downloads\cofi.exe.exe
.
((((((((((((((((((((((( Dateien erstellt von 2010-10-15 bis 2010-11-15 ))))))))))))))))))))))))))))))
.
2010-11-15 16:25 . 2010-11-15 16:25 -------- d-----w- c:\users\peter\AppData\Local\temp
2010-11-15 16:25 . 2010-11-15 16:25 -------- d-----w- c:\users\Default\AppData\Local\temp
2010-11-15 14:41 . 2010-11-15 14:41 -------- d-----w- c:\users\Tanja\AppData\Roaming\Canneverbe Limited
2010-11-15 14:41 . 2010-11-15 14:41 -------- d-----w- c:\programdata\Canneverbe Limited
2010-11-15 14:41 . 2010-11-15 14:41 -------- d-----w- c:\program files\CDBurnerXP
2010-11-14 20:56 . 2010-10-07 15:21 6146896 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{78A5447B-DD00-403A-A45B-8EC89205A071}\mpengine.dll
2010-11-14 11:43 . 2010-11-14 13:18 -------- d-----w- c:\program files\Ascentive
2010-11-10 19:04 . 2010-11-10 19:04 -------- d-----w- c:\users\Tanja\AppData\Roaming\Malwarebytes
2010-11-10 19:03 . 2010-04-29 11:19 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2010-11-10 19:03 . 2010-11-10 19:03 -------- d-----w- c:\programdata\Malwarebytes
2010-11-10 19:03 . 2010-11-10 19:41 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2010-11-10 19:03 . 2010-04-29 11:19 20952 ----a-w- c:\windows\system32\drivers\mbam.sys
2010-11-07 21:08 . 2010-11-07 21:16 -------- d-----w- C:\3deba8a28df77001249338e30aff
2010-10-26 18:48 . 2010-08-04 06:18 641536 ----a-w- c:\windows\system32\CPFilters.dll
2010-10-26 18:48 . 2010-08-04 06:17 417792 ----a-w- c:\windows\system32\msdri.dll
2010-10-26 18:48 . 2010-08-04 06:15 204288 ----a-w- c:\windows\system32\MSNP.ax
2010-10-26 18:48 . 2010-08-04 06:15 199680 ----a-w- c:\windows\system32\mpg2splt.ax
2010-10-26 18:47 . 2010-07-13 05:22 26504 ----a-w- c:\windows\system32\drivers\Diskdump.sys
2010-10-24 21:05 . 2010-10-24 21:45 -------- d-----w- c:\program files\ProgDVB
2010-10-24 19:53 . 2010-10-24 19:53 2560 ----a-w- c:\windows\_MSRSTRT.EXE
.
(((((((((((((((((((((((((((((((((((( Find3M Bericht ))))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-11-02 20:29 . 2010-05-02 21:29 60936 ----a-w- c:\windows\system32\drivers\avgntflt.sys
2010-11-02 20:29 . 2010-05-02 21:29 126856 ----a-w- c:\windows\system32\drivers\avipbb.sys
2010-10-27 18:58 . 2010-05-29 06:15 2300696 ----a-w- c:\programdata\Microsoft\eHome\Packages\MCEClientUX\UpdateableMarkup\markup.dll
2010-10-27 18:58 . 2010-05-29 06:15 42776 ----a-w- c:\programdata\Microsoft\eHome\Packages\MCEClientUX\dSM\StartResources.dll
2010-10-27 18:58 . 2010-05-29 06:15 1113408 ----a-w- c:\programdata\Microsoft\eHome\Packages\MCESpotlight\MCESpotlight-2\SpotlightResources.dll
2010-10-19 20:51 . 2009-09-29 19:11 222080 ------w- c:\windows\system32\MpSigStub.exe
2010-10-07 15:21 . 2009-09-30 19:27 6146896 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\Backup\mpengine.dll
2010-09-22 22:47 . 2010-09-22 22:47 49016 ----a-w- c:\windows\system32\sirenacm.dll
2010-09-22 22:32 . 2010-09-22 22:32 301936 ----a-w- c:\windows\WLXPGSS.SCR
2010-09-22 22:21 . 2010-10-01 18:50 39272 ----a-w- c:\windows\system32\drivers\fssfltr.sys
2010-09-21 12:03 . 2010-09-21 12:03 208768 ----a-w- c:\windows\system32\LIVESSP.DLL
2010-09-15 02:50 . 2010-08-06 22:40 472808 ----a-w- c:\windows\system32\deployJava1.dll
2010-09-08 04:30 . 2010-10-14 21:23 978432 ----a-w- c:\windows\system32\wininet.dll
2010-09-08 04:28 . 2010-10-14 21:23 44544 ----a-w- c:\windows\system32\licmgr10.dll
2010-09-08 03:22 . 2010-10-14 21:23 386048 ----a-w- c:\windows\system32\html.iec
2010-09-08 02:48 . 2010-10-14 21:23 1638912 ----a-w- c:\windows\system32\mshtml.tlb
2010-09-01 04:23 . 2010-10-14 21:21 12625408 ----a-w- c:\windows\system32\wmploc.DLL
2010-09-01 02:34 . 2010-10-14 21:21 2327552 ----a-w- c:\windows\system32\win32k.sys
2010-08-31 04:32 . 2010-10-14 21:21 954752 ----a-w- c:\windows\system32\mfc40.dll
2010-08-31 04:32 . 2010-10-14 21:21 954288 ----a-w- c:\windows\system32\mfc40u.dll
2010-08-27 05:46 . 2010-10-14 21:23 168448 ----a-w- c:\windows\system32\srvsvc.dll
2010-08-27 03:31 . 2010-10-14 21:23 310784 ----a-w- c:\windows\system32\drivers\srv.sys
2010-08-27 03:30 . 2010-10-14 21:23 308736 ----a-w- c:\windows\system32\drivers\srv2.sys
2010-08-27 03:30 . 2010-10-14 21:23 113664 ----a-w- c:\windows\system32\drivers\srvnet.sys
2010-08-26 04:39 . 2010-10-14 21:21 109056 ----a-w- c:\windows\system32\t2embed.dll
2010-08-21 05:36 . 2010-10-14 21:20 738816 ----a-w- c:\windows\system32\wmpmde.dll
2010-08-21 05:36 . 2010-10-14 21:21 224256 ----a-w- c:\windows\system32\schannel.dll
2010-08-21 05:33 . 2010-10-14 21:21 530432 ----a-w- c:\windows\system32\comctl32.dll
2010-08-21 05:32 . 2010-09-15 17:51 316928 ----a-w- c:\windows\system32\spoolsv.exe
.
(((((((((((((((((((((((((((( Autostartpunkte der Registrierung ))))))))))))))))))))))))))))))))))))))))
.
.
*Hinweis* leere Einträge & legitime Standardeinträge werden nicht angezeigt.
REGEDIT4
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{30F9B915-B755-4826-820B-08FBA6BD249D}]
2010-09-12 13:02 3863136 ----a-w- c:\program files\ConduitEngine\ConduitEngine.dll
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
"{30F9B915-B755-4826-820B-08FBA6BD249D}"= "c:\program files\ConduitEngine\ConduitEngine.dll" [2010-09-12 3863136]
[HKEY_CLASSES_ROOT\clsid\{30f9b915-b755-4826-820b-08fba6bd249d}]
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Sidebar"="c:\program files\Windows Sidebar\sidebar.exe" [2009-07-14 1173504]
"ehTray.exe"="c:\windows\ehome\ehTray.exe" [2009-07-14 144384]
"IndxStoreSvr_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}"="c:\program files\Common Files\Nero\Lib\NMIndexStoreSvr.exe" [2008-02-28 1828136]
"ISUSPM"="c:\program files\Common Files\InstallShield\UpdateService\ISUSPM.exe" [2006-09-11 218032]
"msnmsgr"="c:\program files\Windows Live\Messenger\msnmsgr.exe" [2010-09-22 4240760]
"swg"="c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2009-03-06 39408]
"Google Update"="c:\users\Tanja\AppData\Local\Google\Update\GoogleUpdate.exe" [2009-08-12 133104]
"OfficeSyncProcess"="c:\program files\Microsoft Office\Office14\MSOSYNC.EXE" [2010-03-16 718208]
"FVDSuite"="c:\program files\FVD Suite\fvdbox.exe" [2010-02-18 43520]
"RemoTerm.exe"="c:\program files\Common Files\PCTV Systems\RemoTerm\RemoTerm.exe" [2010-02-24 220944]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SynTPEnh"="c:\program files\Synaptics\SynTP\SynTPEnh.exe" [2009-02-27 1434920]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2009-02-10 13605408]
"NvMediaCenter"="c:\windows\system32\NvMcTray.dll" [2009-02-10 92704]
"RtHDVCpl"="c:\program files\Realtek\Audio\HDA\RtHDVCpl.exe" [2008-10-31 6609440]
"Skytel"="c:\program files\Realtek\Audio\HDA\Skytel.exe" [2008-10-31 1833504]
"HP Software Update"="c:\program files\HP\HP Software Update\HPWuSchd2.exe" [2007-03-11 49152]
"HPWireless"="c:\program files\HP Wireless Adapter\HPWLAN.exe" [2007-05-15 733184]
"MDS_Menu"="c:\program files\HomeCinema\MediaShow4\MUITransfer\MUIStartMenu.exe" [2008-12-03 218408]
"MSSE"="c:\program files\Microsoft Security Essentials\msseces.exe" [2010-09-15 1094224]
"PDVD8LanguageShortcut"="c:\program files\HomeCinema\PowerDVD8\Language\Language.exe" [2007-12-14 50472]
"tsnp2uvc"="c:\windows\tsnp2uvc.exe" [2008-08-28 233472]
"UCam_Menu"="c:\program files\HomeCinema\YouCam\MUITransfer\MUIStartMenu.exe" [2008-12-03 218408]
"ArcSoft Connection Service"="c:\program files\Common Files\ArcSoft\Connection Service\Bin\ACDaemon.exe" [2010-03-18 207360]
"avgnt"="c:\program files\Avira\AntiVir Desktop\avgnt.exe" [2010-11-02 281768]
"BCSSync"="c:\program files\Microsoft Office\Office14\BCSSync.exe" [2010-03-13 91520]
"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2010-05-14 248552]
"IntelliPoint"="c:\program files\Microsoft IntelliPoint\ipoint.exe" [2010-07-21 1797008]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2010-09-23 35760]
"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2010-09-20 932288]
" Malwarebytes Anti-Malware (reboot)"="c:\program files\Malwarebytes' Anti-Malware\mbam.exe" [2010-04-29 1090952]
"Performance Center"="c:\program files\Ascentive\Performance Center\ApcMain.exe" [2010-09-30 536576]
c:\users\Tanja\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
OneNote 2010 Bildschirmausschnitt- und Startprogramm.lnk - c:\program files\Microsoft Office\Office14\ONENOTEM.EXE [2010-3-29 227712]
c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
HP Digital Imaging Monitor.lnk - c:\program files\HP\Digital Imaging\bin\hpqtra08.exe [2008-3-25 214360]
Nach Updates suchen.lnk - c:\program files\Common Files\PCTV Systems\WebUpdater\WebUpdater.exe [2009-4-17 238864]
TMMonitor.lnk - c:\program files\MSI\TotalMedia 3.5\TMMonitor.exe [2010-1-26 258048]
Verbindungsmanager.lnk - c:\program files\HP Wireless Printer Adapter\ConnectMgr.exe [2009-8-17 1552384]
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 5 (0x5)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"aux"=wdmaud.drv
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
Security Packages REG_MULTI_SZ kerberos msv1_0 schannel wdigest tspkg pku2u livessp
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MsMpSvc]
@="Service"
R2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384]
R2 gupdate;Google Update Service (gupdate);c:\program files\Google\Update\GoogleUpdate.exe [2010-04-21 135664]
R2 KMService;KMService;c:\windows\system32\srvany.exe [2003-04-18 8192]
R2 resetWinService;Reset Reader;c:\program files\Realtek Semiconductor Corp\Realtek USB 2.0 Card Reader\reset.exe [2008-10-29 70656]
R3 Microsoft SharePoint Workspace Audit Service;Microsoft SharePoint Workspace Audit Service;c:\program files\Microsoft Office\Office14\GROOVE.EXE [2010-03-25 30969208]
R3 MODRC;DiBcom Infrared Receiver;c:\windows\system32\DRIVERS\modrc.sys [2007-10-19 13824]
R3 osppsvc;Office Software Protection Platform;c:\program files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE [2010-01-09 4640000]
R3 PCAMp50;PCAMp50 NDIS Protocol Driver;c:\windows\system32\Drivers\PCAMp50.sys [2006-11-28 28224]
R3 RTL8187;Wireless Adapter;c:\windows\system32\DRIVERS\hpl8187.sys [2007-03-26 219648]
R3 SQTECH9052;Disney Micro;c:\windows\system32\Drivers\Capt9052.sys [2008-02-21 41216]
R4 wlcrasvc;Windows Live Mesh remote connections service;c:\program files\Windows Live\Mesh\wlcrasvc.exe [2010-09-22 51040]
S1 RtlProt;Realtke RtlProt WLAN Utility Protocol Driver;c:\windows\system32\DRIVERS\rtlprot.sys [2006-12-01 15360]
S2 AntiVirSchedulerService;Avira AntiVir Planer;c:\program files\Avira\AntiVir Desktop\sched.exe [2010-11-02 135336]
S2 TeamViewer5;TeamViewer 5;c:\program files\TeamViewer\Version5\TeamViewer_Service.exe [2010-04-16 173352]
S3 azvusb;Virtual USB Hub;c:\windows\system32\DRIVERS\azvusb.sys [2009-08-24 44544]
S3 dc3d;Microsoft-Hardware – Geräteerkennungstreiber;c:\windows\system32\DRIVERS\dc3d.sys [2010-07-01 44432]
S3 MpNWMon;Microsoft Malware Protection Network Driver;c:\windows\system32\DRIVERS\MpNWMon.sys [2010-03-25 42368]
S3 netw5v32;Intel(R) Wireless WiFi Link 5000-Serie - Adaptertreiber für Windows Vista 32 Bit;c:\windows\system32\DRIVERS\netw5v32.sys [2009-07-13 4231168]
S3 NVHDA;Service for NVIDIA High Definition Audio Driver;c:\windows\system32\drivers\nvhda32v.sys [2009-06-26 66080]
S3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\DRIVERS\Rt86win7.sys [2010-06-23 275048]
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
hpdevmgmt REG_MULTI_SZ hpqcxs08 hpqddsvc
.
Inhalt des "geplante Tasks" Ordners
2010-11-15 c:\windows\Tasks\Google Software Updater.job
- c:\program files\Google\Common\Google Updater\GoogleUpdaterService.exe [2009-03-06 03:16]
2010-11-15 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2010-04-21 17:52]
2010-11-15 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2010-04-21 17:52]
2010-11-15 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1525923240-875606291-1102414602-1000Core.job
- c:\users\Tanja\AppData\Local\Google\Update\GoogleUpdate.exe [2009-08-12 14:18]
2010-11-15 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1525923240-875606291-1102414602-1000UA.job
- c:\users\Tanja\AppData\Local\Google\Update\GoogleUpdate.exe [2009-08-12 14:18]
.
.
------- Zusätzlicher Suchlauf -------
.
uStart Page = hxxp://search.conduit.com?SearchSource=10&ctid=CT2319505
IE: An OneNote s&enden - c:\progra~1\MICROS~4\Office14\ONBttnIE.dll/105
IE: Google Sidewiki... - c:\program files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_950DF09FAB501E03.dll/cmsidewiki.html
IE: Nach Microsoft E&xcel exportieren - c:\progra~1\MICROS~4\Office14\EXCEL.EXE/3000
IE: Nach Microsoft E&xel exportieren - c:\progra~1\MICROS~4\Office12\EXCEL.EXE/3000
IE: Save YouTube Video
IE: {{0B65DCC9-1740-43dc-B19C-4F309FB6A6CA} - eBay - eine der größten deutschen Shopping-Websites
Filter: text/xml - {807573E5-5146-11D5-A672-00B0D022E945} - c:\program files\Common Files\microsoft shared\OFFICE14\MSOXMLMF.DLL
DPF: CabBuilder - hxxp://kiw.imgag.com/imgag/kiw/toolbar/download/InstallerControl.cab
FF - ProfilePath - c:\users\Tanja\AppData\Roaming\Mozilla\Firefox\Profiles\bbkadabm.default\
FF - prefs.js: browser.search.defaulturl - hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT2117678&SearchSource=3&q={searchTerms}
FF - prefs.js: browser.search.selectedEngine - NCH Customized Web Search
FF - prefs.js: browser.startup.homepage - hxxp://www.google.de
FF - prefs.js: keyword.URL - hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT2304564&SearchSource=2&q=
FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\
---- FIREFOX Richtlinien ----
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgbaam7a8h", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgberp4a5d4ar", true);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled", false);
.
.
--------------------- Gesperrte Registrierungsschluessel ---------------------
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
Zeit der Fertigstellung: 2010-11-15 17:32:28
ComboFix-quarantined-files.txt 2010-11-15 16:32
ComboFix2.txt 2010-11-15 16:03
Vor Suchlauf: 24 Verzeichnis(se), 255.546.060.800 Bytes frei
Nach Suchlauf: 25 Verzeichnis(se), 255.490.093.056 Bytes frei
- - End Of File - - 13AF2CC9539944167A17B3868576B40F
|
|
15.11.2010, 18:06
| #15 |
| | Mehrere Trojaner +koobface gefunden ok das war vor cc jetzt noch mal- nach cc |
|
| Themen zu Mehrere Trojaner +koobface gefunden |
| antivir, eingefangen, email, entfern, entfernt, gefangen, gefunde, gen, koobface, mehrere trojaner, microsoft, poste, richtig, seitdem, sofort, spinn, spinnt, troja, trojaner, zeichen |
Linear-Darstellung
