|
Plagegeister aller Art und deren Bekämpfung: Spyware während der Pay-Pal Anmeldung!Windows 7 Wenn Du nicht sicher bist, ob Du dir Malware oder Trojaner eingefangen hast, erstelle hier ein Thema. Ein Experte wird sich mit weiteren Anweisungen melden und Dir helfen die Malware zu entfernen oder Unerwünschte Software zu deinstallieren bzw. zu löschen. Bitte schildere dein Problem so genau wie möglich. Sollte es ein Trojaner oder Viren Problem sein wird ein Experte Dir bei der Beseitigug der Infektion helfen. |
23.11.2010, 13:23 | #1 |
| Spyware während der Pay-Pal Anmeldung! Hi, ich habe ein Problem. Als ich mich neulich bei Pay-Pal anmelden wollte, kam in diesem Moment die Virus-Warnung von Avira: Erkennungs-Muster des Droppers DR Spy/ZBot.arzj Hört sich für mich nicht gut an, dass in dem Moment, wo ich mich bei Pay-Pal anmelden will, von wo man auf mein Geld zugreifen kann, ein "Virus" aktiv wird, wo was von Spy im Namen steht. Ich habe Angst, bitte helft mir. Also habe ich mal Ad-Aware runtergeladen und auf Anhieb 5 Funde gehabt. Allerdings bin ich mir sicher, dass der Carspawner und der sacam_loader.exe keine Trojaner sind. Sie hacken sich lediglich in ein Computer-Spiel ein und werden deshalb wohl fälschlicherweise als Trojaner erkannt. Das Programm icetea dürfte auch kein Trojaner sein, das habe ich 1 Jahr und Avira hatte mich nicht gewahrnt, Anti-Malware auch nicht, aber jetzt auf einmal halt schon: Code:
ATTFilter Logfile created: 19.11.2010 21:20:23 Ad-Aware version: 8.3.5 Extended engine: 3 Extended engine version: 3.1.2770 User performing scan: Fabian *********************** Definitions database information *********************** Lavasoft definition file: 150.167 Genotype definition file version: 2010/11/18 15:56:06 Extended engine definition file: 7350.0 ******************************** Scan results: ********************************* Scan profile name: Vollständiger Scan (ID: full) Objects scanned: 313180 Objects detected: 5 Type Detected ========================== Processes.......: 0 Registry entries: 0 Hostfile entries: 0 Files...........: 5 Folders.........: 0 LSPs............: 0 Cookies.........: 0 Browser hijacks.: 0 MRU objects.....: 0 Quarantined items: Description: c:\users\fabian\appdata\roaming\desktopicon\ebayshortcuts.exe Family Name: Trojan.Win32.Adware Engine: 3 Clean status: Success Item ID: 1 Family ID: 0 MD5: a7cb09be9c921040735388b599209dbf Description: c:\users\fabian\mein zeug\psp\psp\12556_icetea1.3_win\icetea1.3_win\icetea.exe Family Name: Win32.Hoax.Agent Engine: 1 Clean status: Success Item ID: 0 Family ID: 3723 MD5: 523f0447ad0cc94b734839f1ea7c433f Description: c:\users\fabian\mein zeug\san andreas\san andreas-programmme\carspawner.exe Family Name: Trojan-Dropper.Win32.Agent Engine: 3 Clean status: Success Item ID: 2 Family ID: 0 MD5: 09b0c858845400df5110352bcb28a3cf Description: c:\users\fabian\mein zeug\san andreas\san andreas-programmme\samp_cam_hack_vista\sampcamhack\sacam_loader.exe Family Name: Trojan.Win32.Generic!BT Engine: 3 Clean status: Success Item ID: 3 Family ID: 0 MD5: da6e13d9187ae7af22035730b25c4569 Description: c:\program files\aws\minibug.exe Family Name: Trojan.Win32.Generic!BT Engine: 3 Clean status: Success Item ID: 3 Family ID: 0 MD5: 8a9ff2d074d6325e0bc8a0230ad282ff Scan and cleaning complete: Stopped by request after 8603 seconds *********************************** Settings *********************************** Scan profile: ID: full, enabled:1, value: Vollständiger Scan ID: folderstoscan, enabled:1, value: C:\ ID: useantivirus, enabled:1, value: true ID: sections, enabled:1 ID: scancriticalareas, enabled:1, value: true ID: scanrunningapps, enabled:1, value: true ID: scanregistry, enabled:1, value: true ID: scanlsp, enabled:1, value: true ID: scanads, enabled:1, value: true ID: scanhostsfile, enabled:1, value: true ID: scanmru, enabled:1, value: true ID: scanbrowserhijacks, enabled:1, value: true ID: scantrackingcookies, enabled:1, value: true ID: closebrowsers, enabled:1, value: false ID: filescanningoptions, enabled:1 ID: archives, enabled:1, value: true ID: onlyexecutables, enabled:1, value: false ID: skiplargerthan, enabled:1, value: 20480 ID: scanrootkits, enabled:1, value: true ID: rootkitlevel, enabled:1, value: mild, domain: medium,mild,strict ID: usespywareheuristics, enabled:1, value: true Scan global: ID: global, enabled:1 ID: addtocontextmenu, enabled:1, value: true ID: playsoundoninfection, enabled:1, value: false ID: soundfile, enabled:0, value: N/A Scheduled scan settings: <Empty> Update settings: ID: updates, enabled:1 ID: launchthreatworksafterscan, enabled:1, value: off, domain: normal,off,silently ID: deffiles, enabled:1, value: downloadandinstall, domain: dontcheck,downloadandinstall ID: licenseandinfo, enabled:1, value: downloadandinstall, domain: dontcheck,downloadandinstall ID: schedules, enabled:1, value: true ID: updatedaily1, enabled:1, value: Daily 1 ID: time, enabled:1, value: Fri Nov 19 21:14:00 2010 ID: frequency, enabled:1, value: daily, domain: daily,monthly,once,systemstart,weekly ID: weekdays, enabled:1 ID: monday, enabled:1, value: false ID: tuesday, enabled:1, value: false ID: wednesday, enabled:1, value: false ID: thursday, enabled:1, value: false ID: friday, enabled:1, value: false ID: saturday, enabled:1, value: false ID: sunday, enabled:1, value: false ID: monthly, enabled:1, value: 1, minvalue: 1, maxvalue: 31 ID: scanprofile, enabled:1, value: ID: auto_deal_with_infections, enabled:1, value: false ID: updatedaily2, enabled:1, value: Daily 2 ID: time, enabled:1, value: Fri Nov 19 03:14:00 2010 ID: frequency, enabled:1, value: daily, domain: daily,monthly,once,systemstart,weekly ID: weekdays, enabled:1 ID: monday, enabled:1, value: false ID: tuesday, enabled:1, value: false ID: wednesday, enabled:1, value: false ID: thursday, enabled:1, value: false ID: friday, enabled:1, value: false ID: saturday, enabled:1, value: false ID: sunday, enabled:1, value: false ID: monthly, enabled:1, value: 1, minvalue: 1, maxvalue: 31 ID: scanprofile, enabled:1, value: ID: auto_deal_with_infections, enabled:1, value: false ID: updatedaily3, enabled:1, value: Daily 3 ID: time, enabled:1, value: Fri Nov 19 09:14:00 2010 ID: frequency, enabled:1, value: daily, domain: daily,monthly,once,systemstart,weekly ID: weekdays, enabled:1 ID: monday, enabled:1, value: false ID: tuesday, enabled:1, value: false ID: wednesday, enabled:1, value: false ID: thursday, enabled:1, value: false ID: friday, enabled:1, value: false ID: saturday, enabled:1, value: false ID: sunday, enabled:1, value: false ID: monthly, enabled:1, value: 1, minvalue: 1, maxvalue: 31 ID: scanprofile, enabled:1, value: ID: auto_deal_with_infections, enabled:1, value: false ID: updatedaily4, enabled:1, value: Daily 4 ID: time, enabled:1, value: Fri Nov 19 15:14:00 2010 ID: frequency, enabled:1, value: daily, domain: daily,monthly,once,systemstart,weekly ID: weekdays, enabled:1 ID: monday, enabled:1, value: false ID: tuesday, enabled:1, value: false ID: wednesday, enabled:1, value: false ID: thursday, enabled:1, value: false ID: friday, enabled:1, value: false ID: saturday, enabled:1, value: false ID: sunday, enabled:1, value: false ID: monthly, enabled:1, value: 1, minvalue: 1, maxvalue: 31 ID: scanprofile, enabled:1, value: ID: auto_deal_with_infections, enabled:1, value: false ID: updateweekly1, enabled:1, value: Weekly ID: time, enabled:1, value: Fri Nov 19 21:14:00 2010 ID: frequency, enabled:1, value: weekly, domain: daily,monthly,once,systemstart,weekly ID: weekdays, enabled:1 ID: monday, enabled:1, value: true ID: tuesday, enabled:1, value: false ID: wednesday, enabled:1, value: false ID: thursday, enabled:1, value: false ID: friday, enabled:1, value: true ID: saturday, enabled:1, value: false ID: sunday, enabled:1, value: false ID: monthly, enabled:1, value: 1, minvalue: 1, maxvalue: 31 ID: scanprofile, enabled:1, value: ID: auto_deal_with_infections, enabled:1, value: false Appearance settings: ID: appearance, enabled:1 ID: skin, enabled:1, value: default.egl, reglocation: HKEY_LOCAL_MACHINE\SOFTWARE\Lavasoft\Ad-Aware\Resource ID: showtrayicon, enabled:1, value: true ID: autoentertainmentmode, enabled:1, value: true ID: guimode, enabled:1, value: mode_simple, domain: mode_advanced,mode_simple ID: language, enabled:1, value: de, reglocation: HKEY_LOCAL_MACHINE\SOFTWARE\Lavasoft\Ad-Aware\Language Realtime protection settings: ID: realtime, enabled:1 ID: layers, enabled:1 ID: useantivirus, enabled:1, value: true ID: usespywareheuristics, enabled:1, value: true ID: infomessages, enabled:1, value: onlyimportant, domain: display,dontnotify,onlyimportant ID: modules, enabled:1 ID: processprotection, enabled:1, value: true ID: onaccessprotection, enabled:1, value: false ID: registryprotection, enabled:1, value: true ID: networkprotection, enabled:1, value: true ****************************** System information ****************************** Computer name: FABIAN-PC Processor name: Intel(R) Core(TM)2 CPU 6600 @ 2.40GHz Processor identifier: x86 Family 6 Model 15 Stepping 6 Processor speed: ~2405MHZ Raw info: processorarchitecture 0, processortype 586, processorlevel 6, processor revision 3846, number of processors 2, processor features: [MMX,SSE,SSE2,SSE3] Physical memory available: 1099677696 bytes Physical memory total: 2145710080 bytes Virtual memory available: 1838669824 bytes Virtual memory total: 2147352576 bytes Memory load: 48% Microsoft Windows Vista Home Premium Edition, 32-bit Service Pack 1 (build 6001) Windows startup mode: Running processes: PID: 488 name: C:\Windows\System32\smss.exe owner: SYSTEM domain: NT-AUTORITÄT PID: 604 name: C:\Windows\System32\csrss.exe owner: SYSTEM domain: NT-AUTORITÄT PID: 656 name: C:\Windows\System32\wininit.exe owner: SYSTEM domain: NT-AUTORITÄT PID: 668 name: C:\Windows\System32\csrss.exe owner: SYSTEM domain: NT-AUTORITÄT PID: 700 name: C:\Windows\System32\services.exe owner: SYSTEM domain: NT-AUTORITÄT PID: 712 name: C:\Windows\System32\lsass.exe owner: SYSTEM domain: NT-AUTORITÄT PID: 724 name: C:\Windows\System32\lsm.exe owner: SYSTEM domain: NT-AUTORITÄT PID: 888 name: C:\Windows\System32\winlogon.exe owner: SYSTEM domain: NT-AUTORITÄT PID: 912 name: C:\Windows\System32\svchost.exe owner: SYSTEM domain: NT-AUTORITÄT PID: 976 name: C:\Windows\System32\nvvsvc.exe owner: SYSTEM domain: NT-AUTORITÄT PID: 1004 name: C:\Windows\System32\svchost.exe owner: NETZWERKDIENST domain: NT-AUTORITÄT PID: 1044 name: C:\Windows\System32\svchost.exe owner: SYSTEM domain: NT-AUTORITÄT PID: 1096 name: C:\Windows\System32\svchost.exe owner: LOKALER DIENST domain: NT-AUTORITÄT PID: 1132 name: C:\Windows\System32\svchost.exe owner: SYSTEM domain: NT-AUTORITÄT PID: 1168 name: C:\Windows\System32\svchost.exe owner: SYSTEM domain: NT-AUTORITÄT PID: 1336 name: C:\Windows\System32\svchost.exe owner: SYSTEM domain: NT-AUTORITÄT PID: 1360 name: C:\Windows\System32\SLsvc.exe owner: NETZWERKDIENST domain: NT-AUTORITÄT PID: 1392 name: C:\Windows\System32\svchost.exe owner: LOKALER DIENST domain: NT-AUTORITÄT PID: 1484 name: C:\Windows\System32\rundll32.exe owner: SYSTEM domain: NT-AUTORITÄT PID: 1628 name: C:\Windows\System32\svchost.exe owner: NETZWERKDIENST domain: NT-AUTORITÄT PID: 1756 name: C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe owner: SYSTEM domain: NT-AUTORITÄT PID: 1848 name: C:\Windows\System32\spoolsv.exe owner: SYSTEM domain: NT-AUTORITÄT PID: 1872 name: C:\Program Files\Avira\AntiVir Desktop\sched.exe owner: SYSTEM domain: NT-AUTORITÄT PID: 1884 name: C:\Windows\System32\svchost.exe owner: LOKALER DIENST domain: NT-AUTORITÄT PID: 336 name: C:\Program Files\Avira\AntiVir Desktop\avguard.exe owner: SYSTEM domain: NT-AUTORITÄT PID: 396 name: C:\Program Files\Common Files\Nero\Nero BackItUp 4\NBService.exe owner: SYSTEM domain: NT-AUTORITÄT PID: 1416 name: C:\Program Files\OO Software\Defrag\oodag.exe owner: SYSTEM domain: NT-AUTORITÄT PID: 1468 name: C:\Windows\System32\PnkBstrA.exe owner: SYSTEM domain: NT-AUTORITÄT PID: 2008 name: C:\Windows\System32\svchost.exe owner: NETZWERKDIENST domain: NT-AUTORITÄT PID: 648 name: C:\Program Files\CyberLink\Shared Files\RichVideo.exe owner: SYSTEM domain: NT-AUTORITÄT PID: 2052 name: C:\Users\Fabian\AppData\Roaming\OCS\SM\SearchAnonymizerHelper.exe owner: SYSTEM domain: NT-AUTORITÄT PID: 2104 name: C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindServiceAE.exe owner: SYSTEM domain: NT-AUTORITÄT PID: 2120 name: C:\Windows\System32\svchost.exe owner: LOKALER DIENST domain: NT-AUTORITÄT PID: 2148 name: C:\Windows\System32\svchost.exe owner: SYSTEM domain: NT-AUTORITÄT PID: 2188 name: C:\Windows\System32\SearchIndexer.exe owner: SYSTEM domain: NT-AUTORITÄT PID: 2216 name: C:\Program Files\Vodafone\Vodafone Mobile Connect\Bin\VMCService.exe owner: SYSTEM domain: NT-AUTORITÄT PID: 2348 name: C:\Program Files\Spybot - Search & Destroy\SDWinSec.exe owner: SYSTEM domain: NT-AUTORITÄT PID: 2488 name: C:\Windows\System32\wbem\WmiPrvSE.exe owner: NETZWERKDIENST domain: NT-AUTORITÄT PID: 2696 name: C:\Windows\System32\WUDFHost.exe owner: LOKALER DIENST domain: NT-AUTORITÄT PID: 2932 name: C:\Windows\System32\wbem\unsecapp.exe owner: SYSTEM domain: NT-AUTORITÄT PID: 2992 name: C:\Windows\System32\wbem\WmiPrvSE.exe owner: SYSTEM domain: NT-AUTORITÄT PID: 3292 name: C:\Windows\System32\dwm.exe owner: Fabian domain: Fabian-PC PID: 3344 name: C:\Windows\explorer.exe owner: Fabian domain: Fabian-PC PID: 3372 name: C:\Windows\System32\taskeng.exe owner: Fabian domain: Fabian-PC PID: 3724 name: C:\Windows\System32\Narrator.exe owner: Fabian domain: Fabian-PC PID: 3804 name: C:\Windows\System32\rundll32.exe owner: Fabian domain: Fabian-PC PID: 3848 name: C:\Program Files\Razer\Salmosa\razerhid.exe owner: Fabian domain: Fabian-PC PID: 3940 name: C:\Program Files\Logitech\Gaming Software\LWEMon.exe owner: Fabian domain: Fabian-PC PID: 3952 name: C:\Program Files\Razer\Salmosa\razertra.exe owner: Fabian domain: Fabian-PC PID: 3980 name: C:\Program Files\Razer\Salmosa\razerofa.exe owner: Fabian domain: Fabian-PC PID: 4000 name: C:\Program Files\Java\jre6\bin\jusched.exe owner: Fabian domain: Fabian-PC PID: 4044 name: C:\Program Files\Avira\AntiVir Desktop\avgnt.exe owner: Fabian domain: Fabian-PC PID: 4056 name: C:\Program Files\QuickTime\QTTask.exe owner: Fabian domain: Fabian-PC PID: 4064 name: C:\Windows\ehome\ehtray.exe owner: Fabian domain: Fabian-PC PID: 2100 name: C:\Program Files\Windows Media Player\wmpnscfg.exe owner: Fabian domain: Fabian-PC PID: 1732 name: C:\Program Files\Lavasoft\Ad-Aware\Ad-Aware.exe owner: Fabian domain: Fabian-PC PID: 832 name: C:\Windows\ehome\ehmsas.exe owner: Fabian domain: Fabian-PC PID: 1588 name: C:\Windows\ehome\ehsched.exe owner: NETZWERKDIENST domain: NT-AUTORITÄT PID: 3640 name: C:\Program Files\Windows Media Player\wmpnetwk.exe owner: NETZWERKDIENST domain: NT-AUTORITÄT PID: 1544 name: C:\Windows\ehome\ehrecvr.exe owner: NETZWERKDIENST domain: NT-AUTORITÄT PID: 2260 name: C:\Windows\System32\taskeng.exe owner: SYSTEM domain: NT-AUTORITÄT PID: 3044 name: C:\Windows\System32\SearchProtocolHost.exe owner: SYSTEM domain: NT-AUTORITÄT PID: 3760 name: C:\Program Files\Lavasoft\Ad-Aware\AAWTray.exe owner: Fabian domain: Fabian-PC PID: 2940 name: C:\Windows\System32\SearchFilterHost.exe owner: SYSTEM domain: NT-AUTORITÄT Startup items: Name: {8C7461EF-2B13-11d2-BE35-3078302C2030} imagepath: Component Categories cache daemon Name: NvCplDaemon imagepath: RUNDLL32.EXE C:\Windows\system32\NvCpl.dll,NvStartup Name: NvMediaCenter imagepath: RUNDLL32.EXE C:\Windows\system32\NvMcTray.dll,NvTaskbarInit Name: Salmosa imagepath: C:\Program Files\Razer\Salmosa\razerhid.exe Name: Start WingMan Profiler imagepath: C:\Program Files\Logitech\Gaming Software\LWEMon.exe /noui Name: SunJavaUpdateSched imagepath: "C:\Program Files\Java\jre6\bin\jusched.exe" Name: Ocs_SM imagepath: C:\Users\Fabian\AppData\Roaming\OCS\SM\SearchAnonymizer.exe Name: Malwarebytes Anti-Malware (reboot) imagepath: "C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe" /runcleanupscript Name: avgnt imagepath: "C:\Program Files\Avira\AntiVir Desktop\avgnt.exe" /min Name: QuickTime Task imagepath: "C:\Program Files\QuickTime\QTTask.exe" -atboottime Name: WebCheck imagepath: {E6FB5E20-DE35-11CF-9C87-00AA005127ED} Name: imagepath: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\desktop.ini Name: imagepath: C:\Windows\System32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\desktop.ini Bootexecute items: Name: imagepath: autocheck autochk * Name: imagepath: OODBS Running services: Name: AeLookupSvc displayname: Anwendungserfahrung Name: AntiVirSchedulerService displayname: Avira AntiVir Planer Name: AntiVirService displayname: Avira AntiVir Guard Name: Appinfo displayname: Anwendungsinformationen Name: AudioEndpointBuilder displayname: Windows-Audio-Endpunkterstellung Name: Audiosrv displayname: Windows-Audio Name: BFE displayname: Basisfiltermodul Name: BITS displayname: Intelligenter Hintergrundübertragungsdienst Name: Browser displayname: Computerbrowser Name: CryptSvc displayname: Kryptografiedienste Name: DcomLaunch displayname: DCOM-Server-Prozessstart Name: Dhcp displayname: DHCP-Client Name: Dnscache displayname: DNS-Client Name: DPS displayname: Diagnoserichtliniendienst Name: EapHost displayname: Extensible Authentication-Protokoll Name: ehRecvr displayname: Windows Media Center-Empfängerdienst Name: ehSched displayname: Windows Media Center-Planerdienst Name: EMDMgmt displayname: ReadyBoost Name: Eventlog displayname: Windows-Ereignisprotokoll Name: EventSystem displayname: COM+-Ereignissystem Name: fdPHost displayname: Funktionssuchanbieter-Host Name: FDResPub displayname: Funktionssuche-Ressourcenveröffentlichung Name: gpsvc displayname: Gruppenrichtlinienclient Name: hidserv displayname: Zugriff auf Eingabegeräte Name: IKEEXT displayname: IKE- und AuthIP IPsec-Schlüsselerstellungsmodule Name: iphlpsvc displayname: IP-Hilfsdienst Name: KeyIso displayname: CNG-Schlüsselisolation Name: KtmRm displayname: KtmRm für Distributed Transaction Coordinator Name: LanmanServer displayname: Server Name: LanmanWorkstation displayname: Arbeitsstationsdienst Name: Lavasoft Ad-Aware Service displayname: Lavasoft Ad-Aware Service Name: lmhosts displayname: TCP/IP-NetBIOS-Hilfsdienst Name: MMCSS displayname: Multimediaklassenplaner Name: MpsSvc displayname: Windows-Firewall Name: Nero BackItUp Scheduler 4.0 displayname: Nero BackItUp Scheduler 4.0 Name: Netman displayname: Netzwerkverbindungen Name: netprofm displayname: Netzwerklistendienst Name: NlaSvc displayname: NLA (Network Location Awareness) Name: nsi displayname: Netzwerkspeicher-Schnittstellendienst Name: nvsvc displayname: NVIDIA Display Driver Service Name: OODefragAgent displayname: O&O Defrag Name: PcaSvc displayname: Programmkompatibilitäts-Assistent-Dienst Name: PlugPlay displayname: Plug & Play Name: PnkBstrA displayname: PnkBstrA Name: PolicyAgent displayname: IPsec-Richtlinien-Agent Name: ProfSvc displayname: Benutzerprofildienst Name: RasMan displayname: RAS-Verbindungsverwaltung Name: RichVideo displayname: Cyberlink RichVideo Service(CRVS) Name: RpcSs displayname: Remoteprozeduraufruf (RPC) Name: SamSs displayname: Sicherheitskonto-Manager Name: SBSDWSCService displayname: SBSD Security Center Service Name: Schedule displayname: Aufgabenplanung Name: SearchAnonymizer displayname: SearchAnonymizer Name: seclogon displayname: Sekundäre Anmeldung Name: SENS displayname: Benachrichtigungsdienst für Systemereignisse Name: ShellHWDetection displayname: Shellhardwareerkennung Name: slsvc displayname: Softwarelizenzierung Name: Spooler displayname: Druckwarteschlange Name: SSDPSRV displayname: SSDP-Suche Name: SstpSvc displayname: SSTP-Dienst Name: StarWindServiceAE displayname: StarWind AE Service Name: stisvc displayname: Windows-Bilderfassung Name: SysMain displayname: Superfetch Name: TabletInputService displayname: Tablet PC-Eingabedienst Name: TapiSrv displayname: Telefonie Name: TermService displayname: Terminaldienste Name: Themes displayname: Designs Name: TrkWks displayname: Überwachung verteilter Verknüpfungen (Client) Name: upnphost displayname: UPnP-Gerätehost Name: UxSms displayname: Sitzungs-Manager für Desktopfenster-Manager Name: UxTuneUp displayname: TuneUp Designerweiterung Name: VMCService displayname: Vodafone Mobile Connect Service Name: W32Time displayname: Windows-Zeitgeber Name: WdiSystemHost displayname: Diagnosesystemhost Name: WebClient displayname: WebClient Name: WerSvc displayname: Windows-Fehlerberichterstattungsdienst Name: WinDefend displayname: Windows-Defender Name: WinHttpAutoProxySvc displayname: WinHTTP-Web Proxy Auto-Discovery-Dienst Name: Winmgmt displayname: Windows-Verwaltungsinstrumentation Name: Wlansvc displayname: Automatische WLAN-Konfiguration Name: WMPNetworkSvc displayname: Windows Media Player-Netzwerkfreigabedienst Name: WPDBusEnum displayname: Enumeratordienst für tragbare Geräte Name: wscsvc displayname: Sicherheitscenter Name: WSearch displayname: Windows Search Name: wuauserv displayname: Windows Update Name: wudfsvc displayname: Windows Driver Foundation - Benutzermodus-Treiberframework Hier mal die OTL-Logfile. Ist es normal, dass während das Programm läuft 100 mal diese Fehlermeldung kommt?: Exception Processing Message 0xc0000013 Parameters 0x754E92A0 0x0000004 ox754E92A0 0x754E92A0 Wenn nicht, ist die Log-File denke ich mal aussagelos, aber hier: OTL.Txt Code:
ATTFilter OTL logfile created on: 23.11.2010 12:46:31 - Run 1 OTL by OldTimer - Version 3.2.17.3 Folder = C:\Users\Fabian\Desktop Windows Vista Home Premium Edition Service Pack 1 (Version = 6.0.6001) - Type = NTWorkstation Internet Explorer (Version = 8.0.6001.18783) Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy 2,00 Gb Total Physical Memory | 1,00 Gb Available Physical Memory | 43,00% Memory free 4,00 Gb Paging File | 3,00 Gb Available in Paging File | 64,00% Paging File free Paging file location(s): ?:\pagefile.sys [binary data] %SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files Drive C: | 465,76 Gb Total Space | 27,49 Gb Free Space | 5,90% Space Free | Partition Type: NTFS Drive E: | 59,31 Mb Total Space | 0,00 Mb Free Space | 0,00% Space Free | Partition Type: CDFS Drive H: | 999,63 Mb Total Space | 803,11 Mb Free Space | 80,34% Space Free | Partition Type: FAT Computer Name: FABIAN-PC | User Name: Fabian | Logged in as Administrator. Boot Mode: Normal | Scan Mode: Current user Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days ========== Processes (SafeList) ========== PRC - C:\Users\Fabian\Desktop\OTL.exe (OldTimer Tools) PRC - C:\Programme\Lavasoft\Ad-Aware\AAWTray.exe (Lavasoft) PRC - C:\Programme\Lavasoft\Ad-Aware\AAWService.exe (Lavasoft) PRC - C:\Programme\Mozilla Firefox\plugin-container.exe (Mozilla Corporation) PRC - C:\Programme\Mozilla Firefox\firefox.exe (Mozilla Corporation) PRC - C:\Programme\OO Software\Defrag\oodag.exe (O&O Software GmbH) PRC - C:\Programme\Vodafone\Vodafone Mobile Connect\Bin\MobileConnect.exe (Vodafone) PRC - C:\Programme\Vodafone\Vodafone Mobile Connect\Bin\VMCService.exe (Vodafone) PRC - C:\Users\Fabian\AppData\Roaming\OCS\SM\SearchAnonymizerHelper.exe () PRC - C:\Programme\Avira\AntiVir Desktop\avguard.exe (Avira GmbH) PRC - C:\Programme\Common Files\Nero\Nero BackItUp 4\NBService.exe (Nero AG) PRC - C:\Programme\Avira\AntiVir Desktop\sched.exe (Avira GmbH) PRC - C:\Programme\Internet Explorer\ielowutil.exe (Microsoft Corporation) PRC - C:\Programme\Avira\AntiVir Desktop\avgnt.exe (Avira GmbH) PRC - C:\Programme\Spybot - Search & Destroy\SpybotSD.exe (Safer Networking Limited) PRC - C:\Programme\Spybot - Search & Destroy\SDWinSec.exe (Safer Networking Ltd.) PRC - C:\Windows\explorer.exe (Microsoft Corporation) PRC - C:\Programme\Razer\Salmosa\razertra.exe () PRC - C:\Programme\Razer\Salmosa\razerhid.exe () PRC - C:\Programme\Razer\Salmosa\razerofa.exe (Razer Inc.) PRC - C:\Programme\Logitech\Gaming Software\LWEMon.exe (Logitech Inc.) PRC - C:\Programme\Windows Media Player\wmpnetwk.exe (Microsoft Corporation) PRC - C:\Programme\Windows Media Player\wmpnscfg.exe (Microsoft Corporation) PRC - C:\Windows\System32\conime.exe (Microsoft Corporation) PRC - C:\Programme\Alcohol Soft\Alcohol 120\StarWind\StarWindServiceAE.exe (Rocket Division Software) ========== Modules (SafeList) ========== MOD - C:\Users\Fabian\Desktop\OTL.exe (OldTimer Tools) MOD - C:\Windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.6001.18000_none_5cdbaa5a083979cc\comctl32.dll (Microsoft Corporation) ========== Win32 Services (SafeList) ========== SRV - (Lavasoft Ad-Aware Service) -- C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe (Lavasoft) SRV - (OODefragAgent) -- C:\Program Files\OO Software\Defrag\oodag.exe (O&O Software GmbH) SRV - (VMCService) -- C:\Program Files\Vodafone\Vodafone Mobile Connect\Bin\VMCService.exe (Vodafone) SRV - (McComponentHostService) -- C:\Program Files\McAfee Security Scan\2.0.181\McCHSvc.exe (McAfee, Inc.) SRV - (SearchAnonymizer) -- C:\Users\Fabian\AppData\Roaming\OCS\SM\SearchAnonymizerHelper.exe () SRV - (AntiVirService) -- C:\Program Files\Avira\AntiVir Desktop\avguard.exe (Avira GmbH) SRV - (Nero BackItUp Scheduler 4.0) -- C:\Programme\Common Files\Nero\Nero BackItUp 4\NBService.exe (Nero AG) SRV - (TuneUp.Defrag) -- C:\Windows\System32\TuneUpDefragService.exe (TuneUp Software GmbH) SRV - (AntiVirSchedulerService) -- C:\Program Files\Avira\AntiVir Desktop\sched.exe (Avira GmbH) SRV - (SBSDWSCService) -- C:\Programme\Spybot - Search & Destroy\SDWinSec.exe (Safer Networking Ltd.) SRV - (WinDefend) -- C:\Programme\Windows Defender\MpSvc.dll (Microsoft Corporation) SRV - (UxTuneUp) -- C:\Windows\System32\uxtuneup.dll (TuneUp Software GmbH) SRV - (StarWindServiceAE) -- C:\Programme\Alcohol Soft\Alcohol 120\StarWind\StarWindServiceAE.exe (Rocket Division Software) ========== Driver Services (SafeList) ========== DRV - (wanatw) WAN Miniport (ATW) -- C:\Windows\System32\DRIVERS\wanatw4.sys File not found DRV - (PCASp50) -- C:\Windows\System32\Drivers\PCASp50.sys File not found DRV - (NwlnkFwd) -- C:\Windows\System32\DRIVERS\nwlnkfwd.sys File not found DRV - (NwlnkFlt) -- C:\Windows\System32\DRIVERS\nwlnkflt.sys File not found DRV - (IpInIp) -- C:\Windows\System32\DRIVERS\ipinip.sys File not found DRV - (IntcAzAudAddService) Service for Realtek HD Audio (WDM) -- C:\Windows\System32\drivers\RTKVHDA.sys File not found DRV - (blbdrive) -- C:\Windows\System32\drivers\blbdrive.sys File not found DRV - (Lavasoft Kernexplorer) -- C:\Programme\Lavasoft\Ad-Aware\kernexplorer.sys () DRV - (Lbd) -- C:\Windows\system32\DRIVERS\Lbd.sys (Lavasoft AB) DRV - (cpuz133) -- C:\Windows\System32\drivers\cpuz133_x32.sys (Windows (R) Win 7 DDK provider) DRV - (vodafone_K3805-z_dc_enum) -- C:\Windows\System32\drivers\vodafone_K3805-z_dc_enum.sys (Vodafone) DRV - (sptd) -- C:\Windows\System32\Drivers\sptd.sys () DRV - (RRNetCapMP) -- C:\Windows\System32\drivers\rrnetcap.sys (RapidSolution Software AG) DRV - (RRNetCap) -- C:\Windows\System32\drivers\rrnetcap.sys (RapidSolution Software AG) DRV - (avgntflt) -- C:\Windows\System32\drivers\avgntflt.sys (Avira GmbH) DRV - (ssmdrv) -- C:\Windows\System32\drivers\ssmdrv.sys (Avira GmbH) DRV - (SNP2UVC) -- C:\Windows\System32\drivers\snp2uvc.sys () DRV - (avipbb) -- C:\Windows\System32\drivers\avipbb.sys (Avira GmbH) DRV - (nvlddmkm) -- C:\Windows\System32\drivers\nvlddmkm.sys (NVIDIA Corporation) DRV - (avgio) -- C:\Programme\Avira\AntiVir Desktop\avgio.sys (Avira GmbH) DRV - (hxctlflt) -- C:\Windows\System32\drivers\hxctlflt.sys (Guillemot Corporation) DRV - (athr) -- C:\Windows\System32\drivers\athr.sys (Atheros Communications, Inc.) DRV - (acedrv11) -- C:\Windows\System32\drivers\acedrv11.sys (Protect Software GmbH) DRV - (L1E) -- C:\Windows\System32\drivers\L1E60x86.sys (Atheros Communications, Inc.) DRV - (Salmosa03) -- C:\Windows\System32\drivers\Salmosa.sys (Razer (Asia-Pacific) Pte Ltd) DRV - (hwdatacard) -- C:\Windows\System32\drivers\ewusbmdm.sys (Huawei Technologies Co., Ltd.) DRV - (WmXlCore) -- C:\Windows\System32\drivers\WmXlCore.sys (Logitech Inc.) DRV - (WmVirHid) -- C:\Windows\System32\drivers\WmVirHid.sys (Logitech Inc.) DRV - (WmFilter) -- C:\Windows\System32\drivers\WmFilter.sys (Logitech Inc.) DRV - (WmBEnum) -- C:\Windows\System32\drivers\WmBEnum.sys (Logitech Inc.) DRV - (usbaudio) USB-Audiotreiber (WDM) -- C:\Windows\System32\drivers\USBAUDIO.sys (Microsoft Corporation) DRV - (NPF) WinPcap Packet Driver (NPF) -- C:\Windows\System32\drivers\npf.sys (CACE Technologies) DRV - (SLEE_16_DRIVER) -- C:\Windows\System32\drivers\sleen16.sys (Softwareentwicklung Remus - ArchiCrypt ) DRV - (atksgt) -- C:\Windows\System32\drivers\atksgt.sys () DRV - (lirsgt) -- C:\Windows\System32\drivers\lirsgt.sys () DRV - (TBPanel) -- C:\Windows\System32\drivers\TBPanel.sys (Windows (R) 2000 DDK provider) DRV - (RTL8187) -- C:\Windows\System32\drivers\rtl8187.sys (Realtek Semiconductor Corporation ) DRV - (RtlProt) -- C:\Windows\System32\drivers\RtlProt.sys (Windows (R) Codename Longhorn DDK provider) DRV - (HCW88TSE) -- C:\Windows\System32\drivers\hcw88tse.sys (Hauppauge Computer Works, Inc) DRV - (hcw88rc5) -- C:\Windows\System32\drivers\hcw88rc5.sys (Hauppauge Computer Works, Inc.) DRV - (HCW88BDA) -- C:\Windows\System32\drivers\hcw88bda.sys (Hauppauge Computer Works, Inc) DRV - (HCW88AUD) -- C:\Windows\System32\drivers\hcw88aud.sys (Hauppauge Computer Works, Inc) DRV - (sfvfs02) StarForce Protection VFS Driver (version 2.x) -- C:\Windows\System32\drivers\sfvfs02.sys (Protection Technology (StarForce)) DRV - (ql2300) -- C:\Windows\system32\drivers\ql2300.sys (QLogic Corporation) DRV - (adp94xx) -- C:\Windows\system32\drivers\adp94xx.sys (Adaptec, Inc.) DRV - (elxstor) -- C:\Windows\system32\drivers\elxstor.sys (Emulex) DRV - (adpahci) -- C:\Windows\system32\drivers\adpahci.sys (Adaptec, Inc.) DRV - (uliahci) -- C:\Windows\system32\drivers\uliahci.sys (ULi Electronics Inc.) DRV - (iaStorV) -- C:\Windows\system32\drivers\iastorv.sys (Intel Corporation) DRV - (adpu320) -- C:\Windows\system32\drivers\adpu320.sys (Adaptec, Inc.) DRV - (ulsata2) -- C:\Windows\system32\drivers\ulsata2.sys (Promise Technology, Inc.) DRV - (vsmraid) -- C:\Windows\system32\drivers\vsmraid.sys (VIA Technologies Inc.,Ltd) DRV - (ql40xx) -- C:\Windows\system32\drivers\ql40xx.sys (QLogic Corporation) DRV - (UlSata) -- C:\Windows\system32\drivers\ulsata.sys (Promise Technology, Inc.) DRV - (adpu160m) -- C:\Windows\system32\drivers\adpu160m.sys (Adaptec, Inc.) DRV - (nvraid) -- C:\Windows\system32\drivers\nvraid.sys (NVIDIA Corporation) DRV - (nfrd960) -- C:\Windows\system32\drivers\nfrd960.sys (IBM Corporation) DRV - (iirsp) -- C:\Windows\system32\drivers\iirsp.sys (Intel Corp./ICP vortex GmbH) DRV - (SiSRaid4) -- C:\Windows\system32\drivers\sisraid4.sys (Silicon Integrated Systems) DRV - (nvstor) -- C:\Windows\system32\drivers\nvstor.sys (NVIDIA Corporation) DRV - (aic78xx) -- C:\Windows\system32\drivers\djsvs.sys (Adaptec, Inc.) DRV - (arcsas) -- C:\Windows\system32\drivers\arcsas.sys (Adaptec, Inc.) DRV - (LSI_SCSI) -- C:\Windows\system32\drivers\lsi_scsi.sys (LSI Logic) DRV - (SiSRaid2) -- C:\Windows\system32\drivers\sisraid2.sys (Silicon Integrated Systems Corp.) DRV - (HpCISSs) -- C:\Windows\system32\drivers\hpcisss.sys (Hewlett-Packard Company) DRV - (arc) -- C:\Windows\system32\drivers\arc.sys (Adaptec, Inc.) DRV - (iteraid) -- C:\Windows\system32\drivers\iteraid.sys (Integrated Technology Express, Inc.) DRV - (iteatapi) -- C:\Windows\system32\drivers\iteatapi.sys (Integrated Technology Express, Inc.) DRV - (LSI_SAS) -- C:\Windows\system32\drivers\lsi_sas.sys (LSI Logic) DRV - (Symc8xx) -- C:\Windows\system32\drivers\symc8xx.sys (LSI Logic) DRV - (LSI_FC) -- C:\Windows\system32\drivers\lsi_fc.sys (LSI Logic) DRV - (Sym_u3) -- C:\Windows\system32\drivers\sym_u3.sys (LSI Logic) DRV - (Mraid35x) -- C:\Windows\system32\drivers\mraid35x.sys (LSI Logic Corporation) DRV - (Sym_hi) -- C:\Windows\system32\drivers\sym_hi.sys (LSI Logic) DRV - (megasas) -- C:\Windows\system32\drivers\megasas.sys (LSI Logic Corporation) DRV - (viaide) -- C:\Windows\system32\drivers\viaide.sys (VIA Technologies, Inc.) DRV - (cmdide) -- C:\Windows\system32\drivers\cmdide.sys (CMD Technology, Inc.) DRV - (aliide) -- C:\Windows\system32\drivers\aliide.sys (Acer Laboratories Inc.) DRV - (Brserid) Brother MFC Serial Port Interface Driver (WDM) -- C:\Windows\system32\drivers\brserid.sys (Brother Industries Ltd.) DRV - (BrUsbSer) -- C:\Windows\system32\drivers\brusbser.sys (Brother Industries Ltd.) DRV - (BrFiltUp) -- C:\Windows\system32\drivers\brfiltup.sys (Brother Industries, Ltd.) DRV - (BrFiltLo) -- C:\Windows\system32\drivers\brfiltlo.sys (Brother Industries, Ltd.) DRV - (BrSerWdm) -- C:\Windows\system32\drivers\brserwdm.sys (Brother Industries Ltd.) DRV - (BrUsbMdm) -- C:\Windows\system32\drivers\brusbmdm.sys (Brother Industries Ltd.) DRV - (ntrigdigi) -- C:\Windows\system32\drivers\ntrigdigi.sys (N-trig Innovative Technologies) DRV - (yukonwlh) -- C:\Windows\System32\drivers\yk60x86.sys (Marvell) DRV - (E1G60) Intel(R) -- C:\Windows\System32\drivers\E1G60I32.sys (Intel Corporation) DRV - (AsIO) -- C:\Windows\System32\drivers\AsIO.sys () DRV - (MTsensor) -- C:\Windows\System32\drivers\ASACPI.sys () DRV - (speedfan) -- C:\Windows\system32\speedfan.sys (Windows (R) 2000 DDK provider) DRV - (sfsync02) StarForce Protection Synchronization Driver (version 2.x) -- C:\Windows\System32\drivers\sfsync02.sys (Protection Technology) DRV - (sfdrv01a) StarForce Protection Environment Driver (version 1.x.a) -- C:\Windows\System32\drivers\sfdrv01a.sys (Protection Technology (StarForce)) DRV - (sfhlp02) StarForce Protection Helper Driver (version 2.x) -- C:\Windows\System32\drivers\sfhlp02.sys (Protection Technology (StarForce)) DRV - (giveio) -- C:\Windows\system32\giveio.sys () ========== Standard Registry (SafeList) ========== ========== Internet Explorer ========== IE - HKLM\..\URLSearchHook: {872b5b88-9db5-4310-bdd0-ac189557e5f5} - C:\Programme\DVDVideoSoftTB\tbDVDV.dll (Conduit Ltd.) IE - HKLM\..\URLSearchHook: {e9911ec6-1bcc-40b0-9993-e0eea7f6953f} - C:\Programme\DVDVideoSoft\tbDVDV.dll (Conduit Ltd.) IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Prev Search Page = hxxp://www.google.com IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = hxxp://google.icq.com IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://de.ask.com?o=15506&l=dis IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = hxxp://de.msn.com/?ocid=iehp IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = de IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 0E 43 C9 81 10 F8 C9 01 [binary data] IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,StartPageCache = 1 IE - HKCU\..\URLSearchHook: {872b5b88-9db5-4310-bdd0-ac189557e5f5} - C:\Programme\DVDVideoSoftTB\tbDVDV.dll (Conduit Ltd.) IE - HKCU\..\URLSearchHook: {e9911ec6-1bcc-40b0-9993-e0eea7f6953f} - C:\Programme\DVDVideoSoft\tbDVDV.dll (Conduit Ltd.) IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 ========== FireFox ========== FF - prefs.js..browser.search.defaultengine: "Ask.com" FF - prefs.js..browser.search.defaultenginename: "Ask.com" FF - prefs.js..browser.search.defaultthis.engineName: "Search" FF - prefs.js..browser.search.defaulturl: "hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT2269050&SearchSource=3&q={searchTerms}" FF - prefs.js..browser.search.order.1: "Ask.com" FF - prefs.js..browser.search.selectedEngine: "Ask.com" FF - prefs.js..browser.search.useDBForOrder: true FF - prefs.js..browser.startup.homepage: "hxxp://de.ask.com?o=15506&l=dis" FF - prefs.js..extensions.enabledItems: linky@gemal.dk:3.0.0 FF - prefs.js..extensions.enabledItems: {FFA36170-80B1-4535-B0E3-A4569E497DD0}:3.0.0 FF - prefs.js..extensions.enabledItems: {888d99e7-e8b5-46a3-851e-1ec45da1e644}:4.0.0 FF - prefs.js..extensions.enabledItems: text2voice@vik.josh:1.04 FF - prefs.js..extensions.enabledItems: {872b5b88-9db5-4310-bdd0-ac189557e5f5}:2.7.2.0 FF - prefs.js..extensions.enabledItems: {ACAA314B-EEBA-48e4-AD47-84E31C44796C}:1.0.1 FF - prefs.js..extensions.enabledItems: firefox@tvunetworks.com:2 FF - prefs.js..extensions.enabledItems: 5 FF - prefs.js..extensions.enabledItems: 3 FF - prefs.js..extensions.enabledItems: 1 FF - prefs.js..keyword.URL: "hxxp://websearch.ask.com/redirect?client=ff&src=kw&tb=PTF&o=15503&locale=de_DE&apn_uid=11CD7CE0-0802-4096-9918-2B79D823DDB1&apn_ptnrs=LH&apn_sauid=57F84CA6-02ED-4AF7-AF74-0E3E54CEB7FC&apn_dtid=YYYYYYYYDE&q=" FF - HKLM\software\mozilla\3B\Extensions\\Plugins: C:\Program Files\3B\3B Browser\plugins FF - HKLM\software\mozilla\3B\Extensions\\Components: C:\Program Files\3B\3B Browser\components FF - HKLM\software\mozilla\Mozilla Firefox 3.6.12\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2010.11.17 18:07:00 | 000,000,000 | ---D | M] FF - HKLM\software\mozilla\Mozilla Firefox 3.6.12\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2010.11.17 18:07:00 | 000,000,000 | ---D | M] [2009.05.28 17:40:55 | 000,000,000 | ---D | M] -- C:\Users\Fabian\AppData\Roaming\mozilla\Extensions [2009.05.28 17:40:55 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Fabian\AppData\Roaming\mozilla\Extensions\{a463f10c-3994-11da-9945-000d60ca027b} [2010.11.22 20:17:36 | 000,000,000 | ---D | M] -- C:\Users\Fabian\AppData\Roaming\mozilla\Firefox\Profiles\b87ycbqn.default\extensions [2010.10.13 10:23:34 | 000,000,000 | ---D | M] (DVDVideoSoftTB Toolbar) -- C:\Users\Fabian\AppData\Roaming\mozilla\Firefox\Profiles\b87ycbqn.default\extensions\{872b5b88-9db5-4310-bdd0-ac189557e5f5} [2010.07.25 13:37:28 | 000,000,000 | ---D | M] (ReloadEvery) -- C:\Users\Fabian\AppData\Roaming\mozilla\Firefox\Profiles\b87ycbqn.default\extensions\{888d99e7-e8b5-46a3-851e-1ec45da1e644} [2010.07.30 13:32:46 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Fabian\AppData\Roaming\mozilla\Firefox\Profiles\b87ycbqn.default\extensions\{ACAA314B-EEBA-48e4-AD47-84E31C44796C} [2009.11.01 21:00:22 | 000,000,000 | ---D | M] (Mouse Gestures Redox) -- C:\Users\Fabian\AppData\Roaming\mozilla\Firefox\Profiles\b87ycbqn.default\extensions\{FFA36170-80B1-4535-B0E3-A4569E497DD0} [2010.10.15 21:11:52 | 000,000,000 | ---D | M] -- C:\Users\Fabian\AppData\Roaming\mozilla\Firefox\Profiles\b87ycbqn.default\extensions\firefox@tvunetworks.com [2010.02.25 21:53:55 | 000,000,000 | ---D | M] -- C:\Users\Fabian\AppData\Roaming\mozilla\Firefox\Profiles\b87ycbqn.default\extensions\linky@gemal.dk [2010.07.25 13:37:28 | 000,000,000 | ---D | M] -- C:\Users\Fabian\AppData\Roaming\mozilla\Firefox\Profiles\b87ycbqn.default\extensions\text2voice@vik.josh [2009.05.28 18:26:47 | 000,000,000 | ---D | M] -- C:\Users\Fabian\AppData\Roaming\mozilla\Webview\Profiles\5lew9xis.default\extensions [2010.11.01 20:56:43 | 000,002,393 | ---- | M] () -- C:\Users\Fabian\AppData\Roaming\Mozilla\FireFox\Profiles\b87ycbqn.default\searchplugins\askcom.xml [2010.02.12 20:44:49 | 000,000,881 | ---- | M] () -- C:\Users\Fabian\AppData\Roaming\Mozilla\FireFox\Profiles\b87ycbqn.default\searchplugins\conduit.xml [2010.01.08 23:36:25 | 000,001,067 | ---- | M] () -- C:\Users\Fabian\AppData\Roaming\Mozilla\FireFox\Profiles\b87ycbqn.default\searchplugins\icqplugin-1.xml [2010.01.08 23:36:25 | 000,001,067 | ---- | M] () -- C:\Users\Fabian\AppData\Roaming\Mozilla\FireFox\Profiles\b87ycbqn.default\searchplugins\icqplugin-2.xml [2010.01.08 23:36:25 | 000,001,067 | ---- | M] () -- C:\Users\Fabian\AppData\Roaming\Mozilla\FireFox\Profiles\b87ycbqn.default\searchplugins\icqplugin-3.xml [2010.01.08 23:36:25 | 000,001,067 | ---- | M] () -- C:\Users\Fabian\AppData\Roaming\Mozilla\FireFox\Profiles\b87ycbqn.default\searchplugins\icqplugin-4.xml [2010.01.08 23:36:25 | 000,001,067 | ---- | M] () -- C:\Users\Fabian\AppData\Roaming\Mozilla\FireFox\Profiles\b87ycbqn.default\searchplugins\icqplugin-5.xml [2010.01.08 23:36:25 | 000,001,067 | ---- | M] () -- C:\Users\Fabian\AppData\Roaming\Mozilla\FireFox\Profiles\b87ycbqn.default\searchplugins\icqplugin-6.xml [2010.01.08 23:36:25 | 000,001,067 | ---- | M] () -- C:\Users\Fabian\AppData\Roaming\Mozilla\FireFox\Profiles\b87ycbqn.default\searchplugins\icqplugin-7.xml [2010.01.08 23:36:25 | 000,001,067 | ---- | M] () -- C:\Users\Fabian\AppData\Roaming\Mozilla\FireFox\Profiles\b87ycbqn.default\searchplugins\icqplugin-8.xml [2009.03.01 13:02:44 | 000,000,944 | ---- | M] () -- C:\Users\Fabian\AppData\Roaming\Mozilla\FireFox\Profiles\b87ycbqn.default\searchplugins\icqplugin.xml [2010.01.08 23:36:25 | 000,001,990 | ---- | M] () -- C:\Users\Fabian\AppData\Roaming\Mozilla\FireFox\Profiles\b87ycbqn.default\searchplugins\live-search.xml [2010.01.08 23:36:25 | 000,002,152 | ---- | M] () -- C:\Users\Fabian\AppData\Roaming\Mozilla\FireFox\Profiles\b87ycbqn.default\searchplugins\{16D7952D-520A-443C-A9BB-076AD285EC24}.xml [2010.01.08 23:36:25 | 000,002,041 | ---- | M] () -- C:\Users\Fabian\AppData\Roaming\Mozilla\FireFox\Profiles\b87ycbqn.default\searchplugins\{D40089CC-F1EC-4A72-8AC0-DF5721AE9DC7}.xml [2010.01.08 23:36:25 | 000,002,486 | ---- | M] () -- C:\Users\Fabian\AppData\Roaming\Mozilla\FireFox\Profiles\b87ycbqn.default\searchplugins\{E01D02BC-4AD7-45DE-B6B5-8044C43F0042}.xml [2010.01.08 23:36:25 | 000,001,834 | ---- | M] () -- C:\Users\Fabian\AppData\Roaming\Mozilla\FireFox\Profiles\b87ycbqn.default\searchplugins\{F53BF450-400E-4A03-A9DE-735D1BE6B555}.xml [2010.03.17 17:15:06 | 000,000,000 | ---D | M] -- C:\Programme\Mozilla Firefox\extensions [2010.01.10 16:10:55 | 000,000,000 | ---D | M] (No name found) -- C:\Programme\Mozilla Firefox\extensions\{800b5000-a755-47e1-992b-48a1c1357f07} [2008.11.11 08:38:54 | 000,663,552 | ---- | M] (BitComet) -- C:\Programme\Mozilla Firefox\plugins\npBitCometAgent.dll [2010.11.17 18:06:57 | 000,001,392 | ---- | M] () -- C:\Programme\Mozilla Firefox\searchplugins\amazondotcom-de.xml [2010.11.17 18:06:57 | 000,002,344 | ---- | M] () -- C:\Programme\Mozilla Firefox\searchplugins\eBay-de.xml [2010.11.17 18:06:57 | 000,006,805 | ---- | M] () -- C:\Programme\Mozilla Firefox\searchplugins\leo_ende_de.xml [2010.11.17 18:06:57 | 000,001,178 | ---- | M] () -- C:\Programme\Mozilla Firefox\searchplugins\wikipedia-de.xml [2010.11.17 18:06:57 | 000,001,105 | ---- | M] () -- C:\Programme\Mozilla Firefox\searchplugins\yahoo-de.xml O1 HOSTS File: ([2006.09.18 22:41:30 | 000,000,761 | ---- | M]) - C:\Windows\System32\drivers\etc\hosts O1 - Hosts: 127.0.0.1 localhost O1 - Hosts: ::1 localhost O2 - BHO: (Spybot-S&D IE Protection) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Programme\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited) O2 - BHO: (Groove GFS Browser Helper) - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Programme\Microsoft Office\Office12\GrooveShellExtensions.dll (Microsoft Corporation) O2 - BHO: (DVDVideoSoftTB Toolbar) - {872b5b88-9db5-4310-bdd0-ac189557e5f5} - C:\Programme\DVDVideoSoftTB\tbDVDV.dll (Conduit Ltd.) O2 - BHO: (Windows Live Anmelde-Hilfsprogramm) - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Programme\Common Files\microsoft shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corporation) O2 - BHO: (TBSB03968 Class) - {AA61DE26-FA67-4575-9033-918671094293} - C:\Users\Fabian\AppData\Roaming\Toolbars\Toolbar fuer eBay\ebay.dll () O2 - BHO: (MSN Toolbar Helper) - {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - C:\Programme\MSN\Toolbar\3.0.0744.0\msneshellx.dll (Microsoft Corp.) O2 - BHO: (DVDVideoSoft Toolbar) - {e9911ec6-1bcc-40b0-9993-e0eea7f6953f} - C:\Programme\DVDVideoSoft\tbDVDV.dll (Conduit Ltd.) O3 - HKLM\..\Toolbar: (Toolbar fuer eBay) - {000E148C-F7A7-445A-9044-93BF6CE09ECB} - C:\Users\Fabian\AppData\Roaming\Toolbars\Toolbar fuer eBay\ebay.dll () O3 - HKLM\..\Toolbar: (MSN Toolbar) - {1E61ED7C-7CB8-49d6-B9E9-AB4C880C8414} - C:\Programme\MSN\Toolbar\3.0.0744.0\msneshellx.dll (Microsoft Corp.) O3 - HKLM\..\Toolbar: (DVDVideoSoftTB Toolbar) - {872b5b88-9db5-4310-bdd0-ac189557e5f5} - C:\Programme\DVDVideoSoftTB\tbDVDV.dll (Conduit Ltd.) O3 - HKLM\..\Toolbar: (no name) - {D4027C7F-154A-4066-A1AD-4243D8127440} - No CLSID value found. O3 - HKLM\..\Toolbar: (DVDVideoSoft Toolbar) - {e9911ec6-1bcc-40b0-9993-e0eea7f6953f} - C:\Programme\DVDVideoSoft\tbDVDV.dll (Conduit Ltd.) O3 - HKCU\..\Toolbar\WebBrowser: (Toolbar fuer eBay) - {000E148C-F7A7-445A-9044-93BF6CE09ECB} - C:\Users\Fabian\AppData\Roaming\Toolbars\Toolbar fuer eBay\ebay.dll () O3 - HKCU\..\Toolbar\WebBrowser: (DVDVideoSoftTB Toolbar) - {872B5B88-9DB5-4310-BDD0-AC189557E5F5} - C:\Programme\DVDVideoSoftTB\tbDVDV.dll (Conduit Ltd.) O3 - HKCU\..\Toolbar\WebBrowser: (DVDVideoSoft Toolbar) - {E9911EC6-1BCC-40B0-9993-E0EEA7F6953F} - C:\Programme\DVDVideoSoft\tbDVDV.dll (Conduit Ltd.) O4 - HKLM..\Run: [avgnt] C:\Program Files\Avira\AntiVir Desktop\avgnt.exe (Avira GmbH) O4 - HKLM..\Run: [ Malwarebytes Anti-Malware (reboot)] C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe (Malwarebytes Corporation) O4 - HKLM..\Run: [NvCplDaemon] C:\Windows\System32\NvCpl.DLL (NVIDIA Corporation) O4 - HKLM..\Run: [NvMediaCenter] C:\Windows\System32\NvMcTray.DLL (NVIDIA Corporation) O4 - HKLM..\Run: [Ocs_SM] C:\Users\Fabian\AppData\Roaming\OCS\SM\SearchAnonymizer.exe () O4 - HKLM..\Run: [Salmosa] C:\Programme\Razer\Salmosa\razerhid.exe () O4 - HKLM..\Run: [Start WingMan Profiler] C:\Program Files\Logitech\Gaming Software\LWEMon.exe (Logitech Inc.) O4 - HKCU..\Run: [WMPNSCFG] C:\Programme\Windows Media Player\wmpnscfg.exe (Microsoft Corporation) O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 149 O8 - Extra context menu item: Nach Microsoft E&xel exportieren - C:\Programme\Microsoft Office\Office12\EXCEL.EXE (Microsoft Corporation) O9 - Extra Button: In Blog veröffentlichen - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Programme\Windows Live\Writer\WriterBrowserExtension.dll (Microsoft Corporation) O9 - Extra 'Tools' menuitem : In Windows Live Writer in Blog veröffentliche&n - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Programme\Windows Live\Writer\WriterBrowserExtension.dll (Microsoft Corporation) O9 - Extra Button: An OneNote senden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Programme\Microsoft Office\Office12\ONBttnIE.dll (Microsoft Corporation) O9 - Extra 'Tools' menuitem : An OneNote s&enden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Programme\Microsoft Office\Office12\ONBttnIE.dll (Microsoft Corporation) O9 - Extra Button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\Programme\Microsoft Office\Office12\REFIEBAR.DLL (Microsoft Corporation) O9 - Extra Button: ICQ Lite - {B863453A-26C3-4e1f-A54D-A2CD196348E9} - C:\Program Files\ICQLite\ICQLite.exe File not found O9 - Extra 'Tools' menuitem : ICQ Lite - {B863453A-26C3-4e1f-A54D-A2CD196348E9} - C:\Program Files\ICQLite\ICQLite.exe File not found O9 - Extra 'Tools' menuitem : Spybot - Search && Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Programme\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited) O9 - Extra Button: ICQ6 - {E59EB121-F339-4851-A3BA-FE49C35617C2} - C:\Programme\ICQ6.5\ICQ.exe (ICQ, LLC.) O9 - Extra 'Tools' menuitem : ICQ6 - {E59EB121-F339-4851-A3BA-FE49C35617C2} - C:\Programme\ICQ6.5\ICQ.exe (ICQ, LLC.) O13 - gopher Prefix: missing O16 - DPF: {5D6F45B3-9043-443D-A792-115447494D24} hxxp://messenger.zone.msn.com/DE-DE/a-UNO1/GAME_UNO1.cab (UnoCtrl Class) O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_17-windows-i586.cab (Java Plug-in 1.6.0_17) O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} hxxp://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab56907.cab (MessengerStatsClient Class) O16 - DPF: {CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_07-windows-i586.cab (Java Plug-in 1.6.0_07) O16 - DPF: {CAFEEFAC-0016-0000-0017-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_17-windows-i586.cab (Java Plug-in 1.6.0_17) O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_17-windows-i586.cab (Java Plug-in 1.6.0_17) O16 - DPF: {D0C0F75C-683A-4390-A791-1ACFD5599AB8} hxxp://icq.oberon-media.com/Gameshell/GameHost/1.0/OberonGameHost.cab (Oberon Flash Game Host) O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} hxxp://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab (Shockwave Flash Object) O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab (Reg Error: Key error.) O18 - Protocol\Handler\grooveLocalGWS {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\Programme\Microsoft Office\Office12\GrooveSystemServices.dll (Microsoft Corporation) O18 - Protocol\Handler\http\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation) O18 - Protocol\Handler\http\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation) O18 - Protocol\Handler\https\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation) O18 - Protocol\Handler\https\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation) O18 - Protocol\Handler\livecall {828030A1-22C1-4009-854F-8E305202313F} - C:\Programme\Windows Live\Messenger\msgrapp.14.0.8089.0726.dll (Microsoft Corporation) O18 - Protocol\Handler\msdaipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation) O18 - Protocol\Handler\msdaipp\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation) O18 - Protocol\Handler\ms-help {314111c7-a502-11d2-bbca-00c04f8ec294} - C:\Programme\Common Files\microsoft shared\Help\hxds.dll (Microsoft Corporation) O18 - Protocol\Handler\ms-itss {0A9007C0-4076-11D3-8789-0000F8105754} - C:\Programme\Common Files\microsoft shared\Information Retrieval\msitss.dll (Microsoft Corporation) O18 - Protocol\Handler\msnim {828030A1-22C1-4009-854F-8E305202313F} - C:\Programme\Windows Live\Messenger\msgrapp.14.0.8089.0726.dll (Microsoft Corporation) O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Programme\Common Files\Skype\Skype4COM.dll (Skype Technologies) O18 - Protocol\Handler\wlmailhtml {03C514A3-1EFB-4856-9F99-10D7BE1653C0} - C:\Programme\Windows Live\Mail\mailcomm.dll (Microsoft Corporation) O18 - Protocol\Filter\text/xml {807563E5-5146-11D5-A672-00B0D022E945} - C:\Programme\Common Files\microsoft shared\OFFICE12\MSOXMLMF.DLL (Microsoft Corporation) O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation) O24 - Desktop WallPaper: C:\Users\Fabian\Pictures\Opel\astra_opc_07.jpg O24 - Desktop BackupWallPaper: C:\Users\Fabian\Pictures\Opel\astra_opc_07.jpg O28 - HKLM ShellExecuteHooks: {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - C:\Programme\Microsoft Office\Office12\GrooveShellExtensions.dll (Microsoft Corporation) O32 - HKLM CDRom: AutoRun - 1 O32 - AutoRun File - [2006.09.18 22:43:36 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ] O32 - AutoRun File - [2008.03.13 21:39:50 | 000,000,070 | R--- | M] () - E:\Autorun.inf -- [ CDFS ] O33 - MountPoints2\{36bd1806-9d03-11dd-9b6b-0015af0f71e4}\Shell - "" = AutoRun O33 - MountPoints2\{36bd1806-9d03-11dd-9b6b-0015af0f71e4}\Shell\AutoRun\command - "" = E:\setup.exe -- [2008.03.13 19:33:06 | 000,323,584 | R--- | M] (Vodafone) O33 - MountPoints2\{437a1e9b-1821-11dc-86fa-0015af0f71e4}\Shell - "" = AutoRun O33 - MountPoints2\{437a1e9b-1821-11dc-86fa-0015af0f71e4}\Shell\AutoRun\command - "" = F:\autorun.exe -- File not found O33 - MountPoints2\{5242290c-ddb7-11dd-b17f-806e6f6e6963}\Shell - "" = AutoRun O33 - MountPoints2\{5242290c-ddb7-11dd-b17f-806e6f6e6963}\Shell\AutoRun\command - "" = E:\setup.exe -- [2008.03.13 19:33:06 | 000,323,584 | R--- | M] (Vodafone) O33 - MountPoints2\{717be4ed-fdf1-11de-9557-806e6f6e6963}\Shell - "" = AutoRun O33 - MountPoints2\{717be4ed-fdf1-11de-9557-806e6f6e6963}\Shell\AutoRun\command - "" = G:\setup.exe -- File not found O33 - MountPoints2\{74df503e-58cf-11de-b5f1-002215817f78}\Shell - "" = AutoRun O33 - MountPoints2\{74df503e-58cf-11de-b5f1-002215817f78}\Shell\AutoRun\command - "" = F:\setup.exe -- File not found O33 - MountPoints2\{74df503f-58cf-11de-b5f1-002215817f78}\Shell - "" = AutoRun O33 - MountPoints2\{74df503f-58cf-11de-b5f1-002215817f78}\Shell\AutoRun\command - "" = E:\setup.exe -- [2008.03.13 19:33:06 | 000,323,584 | R--- | M] (Vodafone) O33 - MountPoints2\{76221c49-1a42-11de-8110-0022156ea7d8}\Shell\Open\command - "" = resycled\ntldr.com g: O33 - MountPoints2\{81506faf-008e-11d6-b7d2-af3a5cb6d4fa}\Shell - "" = AutoRun O33 - MountPoints2\{81506faf-008e-11d6-b7d2-af3a5cb6d4fa}\Shell\AutoRun\command - "" = F:\setup.exe -- File not found O33 - MountPoints2\{81506fb0-008e-11d6-b7d2-af3a5cb6d4fa}\Shell - "" = AutoRun O33 - MountPoints2\{81506fb0-008e-11d6-b7d2-af3a5cb6d4fa}\Shell\AutoRun\command - "" = F:\setup.exe -- File not found O33 - MountPoints2\{82fa176f-62c9-11dc-9cf2-806e6f6e6963}\Shell - "" = AutoRun O33 - MountPoints2\{82fa176f-62c9-11dc-9cf2-806e6f6e6963}\Shell\AutoRun\command - "" = D:\autorun.exe -- File not found O33 - MountPoints2\{9cdc8d64-4655-11df-a7f2-a435c0b612f3}\Shell - "" = AutoRun O33 - MountPoints2\{9cdc8d64-4655-11df-a7f2-a435c0b612f3}\Shell\AutoRun\command - "" = E:\setup.exe -- [2008.03.13 19:33:06 | 000,323,584 | R--- | M] (Vodafone) O33 - MountPoints2\{9cdc8d66-4655-11df-a7f2-a435c0b612f3}\Shell - "" = AutoRun O33 - MountPoints2\{9cdc8d66-4655-11df-a7f2-a435c0b612f3}\Shell\AutoRun\command - "" = E:\setup.exe -- [2008.03.13 19:33:06 | 000,323,584 | R--- | M] (Vodafone) O33 - MountPoints2\{af13677f-a8cf-11dd-83f2-0015af0f71e4}\Shell - "" = AutoRun O33 - MountPoints2\{af13677f-a8cf-11dd-83f2-0015af0f71e4}\Shell\AutoRun\command - "" = F:\setup.exe -- File not found O33 - MountPoints2\{af1367d7-a8cf-11dd-83f2-0015af0f71e4}\Shell - "" = AutoRun O33 - MountPoints2\{af1367d7-a8cf-11dd-83f2-0015af0f71e4}\Shell\AutoRun\command - "" = F:\setup.exe -- File not found O33 - MountPoints2\{aff9b0a2-24b0-11dc-a864-001a929e05cc}\Shell\AutoRun\command - "" = F:\.\Recycled\Driveinfo.exe -- File not found O33 - MountPoints2\{aff9b0a2-24b0-11dc-a864-001a929e05cc}\Shell\Open\Command - "" = F:\.\Recycled\Driveinfo.exe -- File not found O33 - MountPoints2\{eaefd989-fe44-11d5-a49b-002215817f78}\Shell - "" = AutoRun O33 - MountPoints2\{eaefd989-fe44-11d5-a49b-002215817f78}\Shell\AutoRun\command - "" = E:\setup.exe -- [2008.03.13 19:33:06 | 000,323,584 | R--- | M] (Vodafone) O33 - MountPoints2\{fad34269-a452-11de-b2c3-002215817f78}\Shell - "" = AutoRun O33 - MountPoints2\{fad34269-a452-11de-b2c3-002215817f78}\Shell\AutoRun\command - "" = E:\setup.exe -- [2008.03.13 19:33:06 | 000,323,584 | R--- | M] (Vodafone) O33 - MountPoints2\E\Shell - "" = AutoRun O33 - MountPoints2\E\Shell\AutoRun\command - "" = E:\setup.exe -- [2008.03.13 19:33:06 | 000,323,584 | R--- | M] (Vodafone) O33 - MountPoints2\F\Shell - "" = AutoRun O33 - MountPoints2\F\Shell\AutoRun\command - "" = F:\setup.exe -- File not found O33 - MountPoints2\G\Shell - "" = AutoRun O33 - MountPoints2\G\Shell\AutoRun\command - "" = G:\setup.exe -- File not found O34 - HKLM BootExecute: (autocheck autochk *) - File not found O34 - HKLM BootExecute: (OODBS) - C:\Windows\System32\OODBS.exe (O&O Software GmbH) O34 - HKLM BootExecute: (lsdelete) - C:\Windows\System32\lsdelete.exe () O35 - HKLM\..comfile [open] -- "%1" %* O35 - HKLM\..exefile [open] -- "%1" %* O37 - HKLM\...com [@ = comfile] -- "%1" %* O37 - HKLM\...exe [@ = exefile] -- "%1" %* ========== Files/Folders - Created Within 30 Days ========== [2010.11.23 12:34:27 | 000,575,488 | ---- | C] (OldTimer Tools) -- C:\Users\Fabian\Desktop\OTL.exe [2010.11.23 12:21:44 | 000,388,608 | ---- | C] (Trend Micro Inc.) -- C:\Users\Fabian\Desktop\HiJackThis204.exe [2010.11.22 20:33:21 | 000,000,000 | ---D | C] -- C:\Users\Fabian\Desktop\Musik [2010.11.20 00:55:43 | 000,038,224 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbamswissarmy.sys [2010.11.20 00:55:42 | 000,020,952 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbam.sys [2010.11.20 00:54:05 | 006,153,352 | ---- | C] (Malwarebytes Corporation ) -- C:\Users\Fabian\Desktop\mbam146-setup.exe [2010.11.19 21:14:30 | 000,064,288 | ---- | C] (Lavasoft AB) -- C:\Windows\System32\drivers\Lbd.sys [2010.11.19 21:14:27 | 000,098,392 | ---- | C] (Sunbelt Software) -- C:\Windows\System32\drivers\SBREDrv.sys [2010.11.19 21:08:59 | 000,000,000 | ---D | C] -- C:\Users\Fabian\AppData\Local\Sunbelt Software [2010.11.19 20:59:21 | 000,000,000 | -H-D | C] -- C:\ProgramData\{E961CE1B-C3EA-4882-9F67-F859B555D097} [2010.11.19 20:58:57 | 000,000,000 | ---D | C] -- C:\Programme\Lavasoft [2010.11.19 20:58:57 | 000,000,000 | ---D | C] -- C:\ProgramData\Lavasoft [2010.11.19 20:53:05 | 133,432,520 | ---- | C] (Lavasoft ) -- C:\Users\Fabian\Desktop\Ad-AwareInstall-833.exe [2010.11.19 17:24:06 | 016,409,960 | ---- | C] (Safer Networking Limited ) -- C:\Users\Fabian\Desktop\spybotsd162.exe [2010.11.18 22:50:55 | 000,000,000 | ---D | C] -- C:\Users\Fabian\Desktop\1224146592hqlm2 [2010.11.18 22:49:14 | 000,000,000 | ---D | C] -- C:\Users\Fabian\Desktop\1167043196_71_amc_matador_taxi [2010.11.18 22:42:37 | 000,000,000 | ---D | C] -- C:\Users\Fabian\Desktop\1250783604_SA_1994_Ford_Crown_Victoria_Taxi_by_BR [2010.11.18 22:42:14 | 000,000,000 | ---D | C] -- C:\Users\Fabian\Desktop\BackUp [2010.11.18 20:30:33 | 000,000,000 | ---D | C] -- C:\Users\Fabian\Desktop\Mods [2010.11.18 20:26:26 | 000,224,016 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\TabCtl32.ocx [2010.11.18 20:22:55 | 000,000,000 | ---D | C] -- C:\Users\Fabian\Desktop\San_Andreas_Control_Center_v211 [2010.11.17 18:54:55 | 000,000,000 | ---D | C] -- C:\Users\Fabian\Desktop\SAStreamMemFix v.3 [2010.11.17 18:39:30 | 000,000,000 | ---D | C] -- C:\Users\Fabian\Desktop\asiloader [2010.11.17 18:30:33 | 000,000,000 | ---D | C] -- C:\Users\Fabian\AppData\Local\Mato_Technologies [2010.11.17 18:26:47 | 000,000,000 | ---D | C] -- C:\Users\Fabian\Desktop\IMG-Manager-V.1.5 [2010.11.17 18:21:48 | 000,000,000 | ---D | C] -- C:\Programme\SRT3 V1.7 [2010.11.16 22:41:06 | 660,927,285 | ---- | C] (BLITZ ARCADE ) -- C:\Users\Fabian\Desktop\2010_03_22_SRT3_MOD.exe [2010.10.29 16:13:47 | 000,000,000 | ---D | C] -- C:\Users\Fabian\Tracing [2010.10.28 23:23:34 | 000,000,000 | ---D | C] -- C:\Users\Fabian\Desktop\Foto [2010.10.28 22:04:54 | 000,000,000 | ---D | C] -- C:\Users\Fabian\Desktop\Papa Stick [2010.10.28 21:07:50 | 000,000,000 | ---D | C] -- C:\Users\Fabian\Desktop\Kunst [2010.10.28 20:59:21 | 000,000,000 | ---D | C] -- C:\Users\Fabian\AppData\Roaming\PhotoFiltre [2010.10.28 20:58:54 | 000,000,000 | ---D | C] -- C:\Programme\PhotoFiltre [2010.10.28 18:25:51 | 000,000,000 | ---D | C] -- C:\Users\Fabian\Desktop\Neuer Ordner [2010.10.28 18:25:42 | 000,000,000 | ---D | C] -- C:\Users\Fabian\Desktop\Fabi [2010.10.28 18:15:43 | 000,000,000 | -HSD | C] -- C:\Users\Fabian\AppData\Roaming\jh87uhnoe3 [2010.06.22 17:37:07 | 000,072,224 | ---- | C] (Martin Pesch) -- C:\Programme\mp3DirectCut.exe [2010.01.09 13:48:43 | 000,184,320 | ---- | C] ( ) -- C:\Windows\System32\rsnp2uvc.dll [2010.01.09 13:48:43 | 000,176,128 | ---- | C] ( ) -- C:\Windows\System32\csnp2uvc.dll [2008.12.09 15:04:28 | 027,580,296 | ---- | C] ( ) -- C:\Programme\AdbeRdr90_de_DE.exe [2007.08.13 17:46:00 | 000,102,912 | ---- | C] (Albert L Faber) -- C:\Users\Fabian\AppData\Local\CDRip.dll [2007.01.18 21:09:54 | 000,623,616 | ---- | C] (Ivan Bischof ©2003 - 2005) -- C:\Users\Fabian\AppData\Local\No23 Recorder.exe [2006.12.11 19:13:14 | 000,013,872 | ---- | C] (Un4seen Developments) -- C:\Users\Fabian\AppData\Local\basscd.dll [2006.12.11 19:13:12 | 000,097,336 | ---- | C] (Un4seen Developments) -- C:\Users\Fabian\AppData\Local\bass.dll [2 C:\Windows\System32\*.tmp files -> C:\Windows\System32\*.tmp -> ] ========== Files - Modified Within 30 Days ========== [2010.11.23 13:04:24 | 003,757,489 | ---- | M] () -- C:\Users\Fabian\Desktop\PB230066.JPG [2010.11.23 12:45:15 | 000,000,420 | -H-- | M] () -- C:\Windows\tasks\User_Feed_Synchronization-{96A16510-0F25-41F6-A1C5-B3B8D56AE797}.job [2010.11.23 12:44:59 | 000,000,394 | -H-- | M] () -- C:\Windows\tasks\User_Feed_Synchronization-{60E70999-78D0-41AB-8805-04CC34877BB3}.job [2010.11.23 12:34:28 | 000,575,488 | ---- | M] (OldTimer Tools) -- C:\Users\Fabian\Desktop\OTL.exe [2010.11.23 12:26:01 | 000,001,122 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-600222665-2756014500-3235698655-1001UA.job [2010.11.23 12:21:46 | 000,388,608 | ---- | M] (Trend Micro Inc.) -- C:\Users\Fabian\Desktop\HiJackThis204.exe [2010.11.23 12:00:36 | 000,376,692 | ---- | M] () -- C:\Windows\System32\perfh009.dat [2010.11.23 12:00:36 | 000,264,200 | ---- | M] () -- C:\Windows\System32\perfh007.dat [2010.11.23 12:00:36 | 000,079,724 | ---- | M] () -- C:\Windows\System32\perfc007.dat [2010.11.23 12:00:36 | 000,061,200 | ---- | M] () -- C:\Windows\System32\perfc009.dat [2010.11.23 11:55:15 | 000,000,250 | ---- | M] () -- C:\Windows\tasks\RtlVistaStart.job [2010.11.23 11:55:05 | 000,000,370 | ---- | M] () -- C:\Windows\tasks\Ad-Aware Update (Weekly).job [2010.11.23 11:54:50 | 000,004,432 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0 [2010.11.23 11:54:50 | 000,004,432 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0 [2010.11.23 11:54:38 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat [2010.11.23 11:54:35 | 2146,484,224 | -HS- | M] () -- C:\hiberfil.sys [2010.11.23 11:54:34 | 000,127,600 | ---- | M] () -- C:\Windows\System32\oodbs.lor [2010.11.22 20:26:00 | 000,001,070 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-600222665-2756014500-3235698655-1001Core.job [2010.11.21 18:21:49 | 000,010,758 | ---- | M] () -- C:\Users\Fabian\Desktop\GELD!!!.xlsx [2010.11.20 01:12:51 | 000,062,831 | ---- | M] () -- C:\Users\Fabian\Desktop\Aufzeichnen.JPG [2010.11.20 00:55:46 | 000,000,818 | ---- | M] () -- C:\Users\Public\Desktop\Malwarebytes' Anti-Malware.lnk [2010.11.20 00:54:16 | 006,153,352 | ---- | M] (Malwarebytes Corporation ) -- C:\Users\Fabian\Desktop\mbam146-setup.exe [2010.11.19 21:14:27 | 000,098,392 | ---- | M] (Sunbelt Software) -- C:\Windows\System32\drivers\SBREDrv.sys [2010.11.19 21:10:50 | 004,309,540 | ---- | M] () -- C:\Users\Fabian\Desktop\STEG USRMAN 2CH.pdf [2010.11.19 20:59:18 | 000,001,015 | ---- | M] () -- C:\Users\Public\Desktop\Ad-Aware.lnk [2010.11.19 20:57:47 | 133,432,520 | ---- | M] (Lavasoft ) -- C:\Users\Fabian\Desktop\Ad-AwareInstall-833.exe [2010.11.19 17:30:52 | 005,535,216 | ---- | M] () -- C:\Users\Fabian\Desktop\San_Andreas_Control_Center_v211.zip [2010.11.19 17:29:50 | 000,293,184 | ---- | M] () -- C:\Users\Fabian\Desktop\SoftonicDownloader_fuer_ad-aware-free-internet-security.exe [2010.11.19 17:29:20 | 000,001,055 | ---- | M] () -- C:\Users\Fabian\Desktop\Spybot - Search & Destroy.lnk [2010.11.19 17:24:58 | 016,409,960 | ---- | M] (Safer Networking Limited ) -- C:\Users\Fabian\Desktop\spybotsd162.exe [2010.11.19 17:17:16 | 000,000,392 | ---- | M] () -- C:\Windows\tasks\1-Klick-Wartung.job [2010.11.19 00:11:09 | 000,079,684 | ---- | M] () -- C:\Users\Fabian\Desktop\Postident_Basic_Hitmeister.pdf [2010.11.19 00:00:28 | 000,000,372 | ---- | M] () -- C:\Windows\tasks\NeroLiveEpgUpdate-Fabian-PC_Fabian.job [2010.11.18 22:50:48 | 001,315,898 | ---- | M] () -- C:\Users\Fabian\Desktop\1224146592hqlm2.rar [2010.11.18 22:47:06 | 000,914,787 | ---- | M] () -- C:\Users\Fabian\Desktop\1196595824_SA_AMC_Matador71Final.rar [2010.11.18 22:46:18 | 002,006,443 | ---- | M] () -- C:\Users\Fabian\Desktop\1167043196_71_amc_matador_taxi.rar [2010.11.18 22:42:03 | 001,883,346 | ---- | M] () -- C:\Users\Fabian\Desktop\1250783604_SA_1994_Ford_Crown_Victoria_Taxi_by_BR.rar [2010.11.18 22:07:51 | 000,012,052 | ---- | M] () -- C:\Users\Fabian\Desktop\23rjpsy.jpg [2010.11.17 21:28:27 | 000,051,200 | ---- | M] () -- C:\Users\Fabian\Desktop\Inhaltsangabe 3.0.doc [2010.11.17 18:53:53 | 004,819,921 | ---- | M] () -- C:\Users\Fabian\Desktop\SAStreamMemFix v.3.rar [2010.11.17 18:39:15 | 000,039,768 | ---- | M] () -- C:\Users\Fabian\Desktop\asiloader.rar [2010.11.17 18:25:11 | 000,483,670 | ---- | M] () -- C:\Users\Fabian\Desktop\IMG-Manager-V.1.5.rar [2010.11.16 23:15:10 | 660,927,285 | ---- | M] (BLITZ ARCADE ) -- C:\Users\Fabian\Desktop\2010_03_22_SRT3_MOD.exe [2010.11.16 22:39:13 | 152,698,058 | ---- | M] () -- C:\Users\Fabian\Desktop\2010_03_22_SRT3_MOD[gta-worldmods.de].rar [2010.11.15 20:29:33 | 000,231,936 | ---- | M] () -- C:\Users\Fabian\Desktop\Verhältnissen in Deutschland zwischen 1898 1.0.doc [2010.11.15 20:29:17 | 000,070,144 | ---- | M] () -- C:\Users\Fabian\Desktop\Inhaltsangabe 2.0.doc [2010.11.15 18:45:34 | 000,000,162 | -H-- | M] () -- C:\Users\Fabian\Desktop\~$r gute Mensch.docx [2010.11.15 18:31:38 | 000,069,632 | ---- | M] () -- C:\Users\Fabian\Desktop\Inhaltsangabe 1.1.doc [2010.11.15 18:03:00 | 000,050,688 | ---- | M] () -- C:\Users\Fabian\Desktop\Inhaltsangabe.doc [2010.11.14 21:18:41 | 000,032,545 | ---- | M] () -- C:\Users\Fabian\Desktop\Der gute Mensch.docx [2010.11.10 20:55:20 | 000,062,232 | ---- | M] () -- C:\Users\Fabian\Desktop\janno.JPG [2010.11.09 21:04:30 | 003,156,480 | ---- | M] () -- C:\Users\Fabian\Desktop\sadasdfsdgdfhzugkyddfgudfhgfhbhghhthjk.doc [2010.11.07 21:15:19 | 000,009,893 | ---- | M] () -- C:\Users\Fabian\Desktop\Musikerkennung.docx [2010.11.07 20:05:05 | 000,111,328 | ---- | M] () -- C:\Users\Fabian\Desktop\Fktuntesuch. bei realen Prozessen.pdf [2010.11.07 20:04:41 | 000,045,489 | ---- | M] () -- C:\Users\Fabian\Desktop\Extremwertaufgaben.pdf [2010.11.06 00:32:34 | 000,010,842 | ---- | M] () -- C:\Users\Fabian\Documents\Hi.docx [2010.11.04 20:45:17 | 000,023,552 | ---- | M] () -- C:\Users\Fabian\Desktop\Khanh.doc [2010.10.31 18:47:29 | 000,022,755 | ---- | M] () -- C:\Users\Fabian\Desktop\Raveland.JPG [2010.10.29 18:28:12 | 000,171,838 | ---- | M] () -- C:\Users\Fabian\Desktop\FUN.jpg [2010.10.29 18:26:59 | 000,031,295 | ---- | M] () -- C:\Users\Fabian\Desktop\aroute.JPG [2010.10.29 18:24:32 | 000,166,656 | ---- | M] () -- C:\Users\Fabian\Desktop\richtige karte.JPG [2010.10.29 17:05:54 | 000,089,740 | ---- | M] () -- C:\Users\Fabian\Desktop\bfsnj.jpg [2010.10.28 22:43:20 | 000,179,200 | ---- | M] () -- C:\Users\Fabian\Desktop\Dok1.doc [2010.10.28 20:58:55 | 000,000,840 | ---- | M] () -- C:\Users\Fabian\Desktop\PhotoFiltre.lnk [2010.10.28 20:58:13 | 004,118,294 | ---- | M] () -- C:\Users\Fabian\Desktop\pf-setup-en.exe [2010.10.28 20:54:09 | 002,880,162 | ---- | M] () -- C:\Users\Fabian\Desktop\PA280145.JPG [2010.10.28 20:53:22 | 003,104,142 | ---- | M] () -- C:\Users\Fabian\Desktop\PA280142.JPG [2010.10.28 19:59:10 | 000,679,424 | ---- | M] () -- C:\Users\Fabian\Desktop\Collage.doc [2010.10.28 19:53:26 | 000,008,158 | ---- | M] () -- C:\Users\Fabian\Desktop\studio-kugel-geschaeftsmann_~jl_012150_6924.jpg [2010.10.28 18:28:35 | 000,002,430 | ---- | M] () -- C:\Users\Fabian\Desktop\raus.jpg [2010.10.24 15:47:41 | 000,053,658 | ---- | M] () -- C:\Users\Fabian\Desktop\Steg K2.01.JPG [2 C:\Windows\System32\*.tmp files -> C:\Windows\System32\*.tmp -> ] ========== Files Created - No Company Name ========== [2010.11.23 13:04:24 | 003,757,489 | ---- | C] () -- C:\Users\Fabian\Desktop\PB230066.JPG [2010.11.23 11:55:05 | 000,000,370 | ---- | C] () -- C:\Windows\tasks\Ad-Aware Update (Weekly).job [2010.11.20 01:12:47 | 000,062,831 | ---- | C] () -- C:\Users\Fabian\Desktop\Aufzeichnen.JPG [2010.11.20 00:55:46 | 000,000,818 | ---- | C] () -- C:\Users\Public\Desktop\Malwarebytes' Anti-Malware.lnk [2010.11.19 23:43:50 | 000,015,880 | ---- | C] () -- C:\Windows\System32\lsdelete.exe [2010.11.19 21:10:30 | 004,309,540 | ---- | C] () -- C:\Users\Fabian\Desktop\STEG USRMAN 2CH.pdf [2010.11.19 20:59:18 | 000,001,015 | ---- | C] () -- C:\Users\Public\Desktop\Ad-Aware.lnk [2010.11.19 17:29:47 | 000,293,184 | ---- | C] () -- C:\Users\Fabian\Desktop\SoftonicDownloader_fuer_ad-aware-free-internet-security.exe [2010.11.19 17:29:20 | 000,001,055 | ---- | C] () -- C:\Users\Fabian\Desktop\Spybot - Search & Destroy.lnk [2010.11.19 00:11:09 | 000,079,684 | ---- | C] () -- C:\Users\Fabian\Desktop\Postident_Basic_Hitmeister.pdf [2010.11.18 22:50:44 | 001,315,898 | ---- | C] () -- C:\Users\Fabian\Desktop\1224146592hqlm2.rar [2010.11.18 22:47:05 | 000,914,787 | ---- | C] () -- C:\Users\Fabian\Desktop\1196595824_SA_AMC_Matador71Final.rar [2010.11.18 22:46:13 | 002,006,443 | ---- | C] () -- C:\Users\Fabian\Desktop\1167043196_71_amc_matador_taxi.rar [2010.11.18 22:41:58 | 001,883,346 | ---- | C] () -- C:\Users\Fabian\Desktop\1250783604_SA_1994_Ford_Crown_Victoria_Taxi_by_BR.rar [2010.11.18 22:07:50 | 000,012,052 | ---- | C] () -- C:\Users\Fabian\Desktop\23rjpsy.jpg [2010.11.18 20:22:33 | 005,535,216 | ---- | C] () -- C:\Users\Fabian\Desktop\San_Andreas_Control_Center_v211.zip [2010.11.17 21:28:25 | 000,051,200 | ---- | C] () -- C:\Users\Fabian\Desktop\Inhaltsangabe 3.0.doc [2010.11.17 18:53:25 | 004,819,921 | ---- | C] () -- C:\Users\Fabian\Desktop\SAStreamMemFix v.3.rar [2010.11.17 18:37:14 | 000,039,768 | ---- | C] () -- C:\Users\Fabian\Desktop\asiloader.rar [2010.11.17 18:23:50 | 000,483,670 | ---- | C] () -- C:\Users\Fabian\Desktop\IMG-Manager-V.1.5.rar [2010.11.16 22:28:13 | 152,698,058 | ---- | C] () -- C:\Users\Fabian\Desktop\2010_03_22_SRT3_MOD[gta-worldmods.de].rar [2010.11.15 20:29:32 | 000,231,936 | ---- | C] () -- C:\Users\Fabian\Desktop\Verhältnissen in Deutschland zwischen 1898 1.0.doc [2010.11.15 20:29:17 | 000,070,144 | ---- | C] () -- C:\Users\Fabian\Desktop\Inhaltsangabe 2.0.doc [2010.11.15 18:45:34 | 000,000,162 | -H-- | C] () -- C:\Users\Fabian\Desktop\~$r gute Mensch.docx [2010.11.15 18:31:06 | 000,069,632 | ---- | C] () -- C:\Users\Fabian\Desktop\Inhaltsangabe 1.1.doc [2010.11.15 18:03:00 | 000,050,688 | ---- | C] () -- C:\Users\Fabian\Desktop\Inhaltsangabe.doc [2010.11.14 21:18:40 | 000,032,545 | ---- | C] () -- C:\Users\Fabian\Desktop\Der gute Mensch.docx [2010.11.10 20:55:17 | 000,062,232 | ---- | C] () -- C:\Users\Fabian\Desktop\janno.JPG [2010.11.09 21:04:28 | 003,156,480 | ---- | C] () -- C:\Users\Fabian\Desktop\sadasdfsdgdfhzugkyddfgudfhgfhbhghhthjk.doc [2010.11.07 21:15:19 | 000,009,893 | ---- | C] () -- C:\Users\Fabian\Desktop\Musikerkennung.docx [2010.11.07 20:05:05 | 000,111,328 | ---- | C] () -- C:\Users\Fabian\Desktop\Fktuntesuch. bei realen Prozessen.pdf [2010.11.07 20:04:39 | 000,045,489 | ---- | C] () -- C:\Users\Fabian\Desktop\Extremwertaufgaben.pdf [2010.11.06 00:32:33 | 000,010,842 | ---- | C] () -- C:\Users\Fabian\Documents\Hi.docx [2010.11.04 20:45:15 | 000,023,552 | ---- | C] () -- C:\Users\Fabian\Desktop\Khanh.doc [2010.10.31 18:47:26 | 000,022,755 | ---- | C] () -- C:\Users\Fabian\Desktop\Raveland.JPG [2010.10.29 18:28:12 | 000,171,838 | ---- | C] () -- C:\Users\Fabian\Desktop\FUN.jpg [2010.10.29 18:26:57 | 000,031,295 | ---- | C] () -- C:\Users\Fabian\Desktop\aroute.JPG [2010.10.29 18:24:30 | 000,166,656 | ---- | C] () -- C:\Users\Fabian\Desktop\richtige karte.JPG [2010.10.29 17:05:47 | 000,089,740 | ---- | C] () -- C:\Users\Fabian\Desktop\bfsnj.jpg [2010.10.28 22:43:19 | 000,179,200 | ---- | C] () -- C:\Users\Fabian\Desktop\Dok1.doc [2010.10.28 20:58:55 | 000,000,840 | ---- | C] () -- C:\Users\Fabian\Desktop\PhotoFiltre.lnk [2010.10.28 20:56:32 | 004,118,294 | ---- | C] () -- C:\Users\Fabian\Desktop\pf-setup-en.exe [2010.10.28 20:50:57 | 002,880,162 | ---- | C] () -- C:\Users\Fabian\Desktop\PA280145.JPG [2010.10.28 20:50:48 | 003,104,142 | ---- | C] () -- C:\Users\Fabian\Desktop\PA280142.JPG [2010.10.28 19:59:09 | 000,679,424 | ---- | C] () -- C:\Users\Fabian\Desktop\Collage.doc [2010.10.28 19:53:25 | 000,008,158 | ---- | C] () -- C:\Users\Fabian\Desktop\studio-kugel-geschaeftsmann_~jl_012150_6924.jpg [2010.10.28 18:28:34 | 000,002,430 | ---- | C] () -- C:\Users\Fabian\Desktop\raus.jpg [2010.10.24 15:47:39 | 000,053,658 | ---- | C] () -- C:\Users\Fabian\Desktop\Steg K2.01.JPG [2010.10.13 19:14:41 | 000,000,042 | ---- | C] () -- C:\Windows\oodjobd.INI [2010.08.28 23:34:09 | 000,000,016 | ---- | C] () -- C:\Users\Fabian\AppData\Roaming\hngmfc.dat [2010.06.22 17:37:07 | 000,026,299 | ---- | C] () -- C:\Programme\Manual.htm [2010.06.22 17:37:07 | 000,013,887 | ---- | C] () -- C:\Programme\FAQ.htm [2010.06.22 17:37:07 | 000,002,933 | ---- | C] () -- C:\Programme\Version.txt [2010.06.22 17:37:07 | 000,001,672 | ---- | C] () -- C:\Programme\License.txt [2010.04.23 21:04:49 | 000,000,540 | ---- | C] () -- C:\Users\Fabian\AppData\Roaming\AutoGK.ini [2010.03.15 19:15:34 | 000,156,430 | R--- | C] () -- C:\ProgramData\DeviceManager.xml.rc4 [2010.02.26 18:51:45 | 000,722,416 | ---- | C] () -- C:\Windows\System32\drivers\sptd.sys [2010.02.22 15:21:46 | 000,000,091 | ---- | C] () -- C:\ProgramData\PS.log [2010.02.22 14:37:42 | 000,000,917 | ---- | C] () -- C:\Windows\System32\CLWatson.ini [2010.02.20 18:26:19 | 000,027,648 | ---- | C] () -- C:\Windows\System32\AVSredirect.dll [2010.02.18 16:16:09 | 000,001,472 | ---- | C] () -- C:\Users\Fabian\AppData\Local\RecConfig.xml [2010.01.10 18:19:31 | 000,000,056 | -H-- | C] () -- C:\ProgramData\ezsidmv.dat [2010.01.09 13:48:43 | 003,482,112 | ---- | C] () -- C:\Windows\System32\drivers\snp2uvc.sys [2010.01.09 13:48:43 | 000,027,264 | ---- | C] () -- C:\Windows\System32\drivers\sncduvc.sys [2010.01.09 13:48:43 | 000,015,497 | ---- | C] () -- C:\Windows\snp2uvc.ini [2010.01.02 13:45:28 | 000,197,120 | ---- | C] () -- C:\Windows\patchw32.dll [2009.10.22 17:29:34 | 000,053,299 | ---- | C] () -- C:\Windows\System32\pthreadVC.dll [2009.09.13 15:26:17 | 000,017,920 | ---- | C] () -- C:\Windows\System32\implode.dll [2009.09.13 15:26:16 | 000,009,136 | ---- | C] () -- C:\Windows\System32\INETWH16.DLL [2009.05.14 10:00:39 | 000,003,972 | ---- | C] () -- C:\Windows\System32\drivers\PciBus.sys [2009.04.09 15:47:02 | 000,013,824 | ---- | C] () -- C:\Windows\System32\CallSimReader.dll [2009.04.09 15:46:02 | 000,055,808 | ---- | C] () -- C:\Windows\System32\SimReader.dll [2009.03.02 11:33:32 | 000,067,584 | ---- | C] () -- C:\Windows\System32\ff_vfw.dll [2009.02.25 01:16:05 | 000,000,069 | ---- | C] () -- C:\Windows\NeroDigital.ini [2009.01.28 17:25:55 | 000,000,000 | ---- | C] () -- C:\Users\Fabian\AppData\Roaming\downloads.m3u [2009.01.28 17:24:50 | 000,000,174 | ---- | C] () -- C:\Users\Fabian\AppData\Roaming\default.rss [2009.01.27 21:24:08 | 000,004,767 | ---- | C] () -- C:\Windows\Irremote.ini [2009.01.25 22:10:48 | 000,179,200 | ---- | C] () -- C:\Windows\System32\xvidvfw.dll [2009.01.17 11:45:15 | 000,000,104 | ---- | C] () -- C:\Windows\Rumble2.ini [2009.01.09 00:01:22 | 000,629,760 | ---- | C] () -- C:\Windows\System32\xvidcore.dll [2008.12.31 12:55:47 | 000,000,094 | ---- | C] () -- C:\Users\Fabian\AppData\Local\fusioncache.dat [2008.12.14 14:52:15 | 000,000,840 | ---- | C] () -- C:\Users\Fabian\AppData\Roaming\EasyToolz.ini [2008.11.06 17:37:32 | 003,596,288 | ---- | C] () -- C:\Windows\System32\qt-dx331.dll [2008.11.06 17:33:02 | 000,012,288 | ---- | C] () -- C:\Windows\System32\DivXWMPExtType.dll [2008.10.07 09:13:22 | 000,058,648 | ---- | C] () -- C:\Windows\System32\AgCPanelTraditionalChinese.dll [2008.10.07 09:13:20 | 000,058,648 | ---- | C] () -- C:\Windows\System32\AgCPanelSwedish.dll [2008.10.07 09:13:20 | 000,058,648 | ---- | C] () -- C:\Windows\System32\AgCPanelSpanish.dll [2008.10.07 09:13:20 | 000,058,648 | ---- | C] () -- C:\Windows\System32\AgCPanelSimplifiedChinese.dll [2008.10.07 09:13:20 | 000,058,648 | ---- | C] () -- C:\Windows\System32\AgCPanelPortugese.dll [2008.10.07 09:13:20 | 000,058,648 | ---- | C] () -- C:\Windows\System32\AgCPanelKorean.dll [2008.10.07 09:13:20 | 000,058,648 | ---- | C] () -- C:\Windows\System32\AgCPanelJapanese.dll [2008.10.07 09:13:20 | 000,058,648 | ---- | C] () -- C:\Windows\System32\AgCPanelGerman.dll [2008.10.07 09:13:20 | 000,058,648 | ---- | C] () -- C:\Windows\System32\AgCPanelFrench.dll [2008.10.04 13:33:21 | 000,026,340 | ---- | C] () -- C:\Users\Fabian\AppData\Roaming\UserTile.png [2008.10.04 11:52:35 | 000,000,004 | ---- | C] () -- C:\Windows\msoffice.ini [2008.10.04 10:41:39 | 000,000,558 | ---- | C] () -- C:\Windows\DFC.INI [2008.10.04 10:23:29 | 000,000,025 | ---- | C] () -- C:\Windows\cdplayer.ini [2008.06.05 07:58:26 | 000,197,912 | ---- | C] () -- C:\Windows\System32\physxcudart_20.dll [2008.02.12 14:40:41 | 000,000,552 | ---- | C] () -- C:\Users\Fabian\AppData\Local\d3d8caps.dat [2008.01.27 14:12:27 | 000,022,328 | ---- | C] () -- C:\Windows\System32\drivers\PnkBstrK.sys [2008.01.14 19:50:44 | 000,049,152 | ---- | C] () -- C:\Windows\System32\ZSubTimer.dll [2007.11.22 11:23:19 | 000,000,000 | ---- | C] () -- C:\Windows\iplayer.INI [2007.10.28 21:51:35 | 000,014,018 | ---- | C] () -- C:\Users\Fabian\AppData\Roaming\wklnhst.dat [2007.10.28 21:33:53 | 000,000,400 | ---- | C] () -- C:\Windows\ODBC.INI [2007.09.15 16:44:59 | 000,000,301 | ---- | C] () -- C:\Windows\thug2.ini [2007.09.15 10:55:49 | 000,000,725 | ---- | C] () -- C:\Windows\EF2.INI [2007.08.13 17:46:00 | 000,155,136 | ---- | C] () -- C:\Users\Fabian\AppData\Local\lame_enc.dll [2007.07.10 13:38:29 | 000,000,403 | ---- | C] () -- C:\Windows\SIERRA.INI [2007.06.12 17:30:06 | 000,024,576 | R--- | C] () -- C:\Windows\System32\AsIO.dll [2007.06.12 17:30:06 | 000,012,664 | R--- | C] () -- C:\Windows\System32\drivers\AsIO.sys [2007.06.12 17:30:03 | 000,012,096 | ---- | C] () -- C:\Windows\System32\drivers\AsInsHelp64.sys [2007.06.12 17:30:03 | 000,010,304 | ---- | C] () -- C:\Windows\System32\drivers\AsInsHelp32.sys [2007.06.11 17:59:06 | 000,095,744 | ---- | C] () -- C:\Users\Fabian\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini [2007.06.11 15:35:02 | 000,271,360 | ---- | C] () -- C:\Windows\System32\drivers\atksgt.sys [2007.06.11 15:35:01 | 000,018,048 | ---- | C] () -- C:\Windows\System32\drivers\lirsgt.sys [2007.06.11 14:48:44 | 000,032,768 | ---- | C] () -- C:\Windows\TBPanelExt.dll [2007.06.11 14:48:44 | 000,012,285 | ---- | C] () -- C:\Windows\Cadx3.ini [2007.06.11 14:48:44 | 000,005,120 | ---- | C] () -- C:\Windows\TBManage.dll [2007.06.11 14:48:43 | 000,007,698 | ---- | C] () -- C:\Windows\cadx2.ini [2007.06.11 14:44:49 | 000,009,052 | ---- | C] () -- C:\Users\Fabian\AppData\Local\d3d9caps.dat [2007.06.06 15:02:35 | 000,022,903 | ---- | C] () -- C:\Windows\Ascd_tmp.ini [2007.06.06 15:02:35 | 000,007,680 | ---- | C] () -- C:\Windows\System32\drivers\ASACPI.sys [2007.06.06 15:02:28 | 000,010,288 | ---- | C] () -- C:\Windows\System32\drivers\ASUSHWIO.SYS [2007.06.06 14:54:56 | 000,001,970 | ---- | C] () -- C:\Windows\HCWPNP.INI [2007.06.01 07:47:56 | 000,040,960 | ---- | C] () -- C:\Windows\System32\hcwxds.dll [2007.04.13 21:40:03 | 000,143,360 | ---- | C] () -- C:\Windows\System32\USBaccess.dll [2006.11.17 23:04:17 | 000,235,520 | ---- | C] () -- C:\Windows\System32\jangraphics.dll [2006.11.02 13:35:32 | 000,005,632 | ---- | C] () -- C:\Windows\System32\sysprepMCE.dll [2006.11.02 08:40:29 | 000,013,750 | ---- | C] () -- C:\Windows\System32\pacerprf.ini [2006.10.26 01:06:48 | 000,064,000 | ---- | C] () -- C:\Users\Fabian\AppData\Local\vorbisenc.dll [2006.10.26 01:06:48 | 000,019,456 | ---- | C] () -- C:\Users\Fabian\AppData\Local\vorbisfile.dll [2006.10.26 01:06:46 | 000,143,872 | ---- | C] () -- C:\Users\Fabian\AppData\Local\vorbis.dll [2006.10.26 01:06:36 | 000,015,872 | ---- | C] () -- C:\Users\Fabian\AppData\Local\ogg.dll [2005.08.23 22:34:06 | 000,029,184 | ---- | C] () -- C:\Users\Fabian\AppData\Local\no23xwrapper.dll [2002.10.15 23:54:04 | 000,153,088 | ---- | C] () -- C:\Windows\System32\unrar.dll [1996.04.03 20:33:26 | 000,005,248 | ---- | C] () -- C:\Windows\System32\giveio.sys ========== LOP Check ========== [2010.10.12 11:35:26 | 000,000,000 | ---D | M] -- C:\Users\Fabian\AppData\Roaming\10 Finger BreakOut [2009.05.28 18:29:49 | 000,000,000 | ---D | M] -- C:\Users\Fabian\AppData\Roaming\3B [2010.08.12 23:11:31 | 000,000,000 | ---D | M] -- C:\Users\Fabian\AppData\Roaming\4C91EC9C9460DC2A1C65CD6AD75C1395 [2010.04.07 14:19:51 | 000,000,000 | ---D | M] -- C:\Users\Fabian\AppData\Roaming\Amazon [2008.12.23 11:34:51 | 000,000,000 | ---D | M] -- C:\Users\Fabian\AppData\Roaming\Ambient Design [2010.03.09 22:07:47 | 000,000,000 | ---D | M] -- C:\Users\Fabian\AppData\Roaming\AnvSoft [2010.01.30 11:26:12 | 000,000,000 | ---D | M] -- C:\Users\Fabian\AppData\Roaming\Ashampoo [2008.12.26 09:50:01 | 000,000,000 | ---D | M] -- C:\Users\Fabian\AppData\Roaming\astragon Software GmbH [2010.01.02 13:46:24 | 000,000,000 | ---D | M] -- C:\Users\Fabian\AppData\Roaming\Atari [2010.10.13 17:34:42 | 000,000,000 | ---D | M] -- C:\Users\Fabian\AppData\Roaming\AudioMoves [2010.10.12 16:13:38 | 000,000,000 | ---D | M] -- C:\Users\Fabian\AppData\Roaming\avidemux [2009.01.16 20:58:09 | 000,000,000 | ---D | M] -- C:\Users\Fabian\AppData\Roaming\Blender Foundation [2009.01.19 18:49:46 | 000,000,000 | ---D | M] -- C:\Users\Fabian\AppData\Roaming\Buhl Data Service [2010.04.24 13:38:22 | 000,000,000 | ---D | M] -- C:\Users\Fabian\AppData\Roaming\CadSoft [2010.01.25 17:40:57 | 000,000,000 | ---D | M] -- C:\Users\Fabian\AppData\Roaming\clickEXE [2010.11.19 23:43:50 | 000,000,000 | ---D | M] -- C:\Users\Fabian\AppData\Roaming\Desktopicon [2010.10.12 16:27:19 | 000,000,000 | ---D | M] -- C:\Users\Fabian\AppData\Roaming\Dr. DivX 2.0 OSS [2010.07.30 13:32:46 | 000,000,000 | ---D | M] -- C:\Users\Fabian\AppData\Roaming\DVDVideoSoftIEHelpers [2010.10.12 12:33:44 | 000,000,000 | ---D | M] -- C:\Users\Fabian\AppData\Roaming\Flock [2010.10.19 21:57:12 | 000,000,000 | ---D | M] -- C:\Users\Fabian\AppData\Roaming\gtk-2.0 [2010.10.18 23:26:48 | 000,000,000 | ---D | M] -- C:\Users\Fabian\AppData\Roaming\ICQ [2010.01.10 15:35:42 | 000,000,000 | ---D | M] -- C:\Users\Fabian\AppData\Roaming\ICQLite [2010.10.19 22:12:30 | 000,000,000 | ---D | M] -- C:\Users\Fabian\AppData\Roaming\IrfanView [2010.10.28 22:37:57 | 000,000,000 | -HSD | M] -- C:\Users\Fabian\AppData\Roaming\jh87uhnoe3 [2007.09.15 15:13:27 | 000,000,000 | ---D | M] -- C:\Users\Fabian\AppData\Roaming\Leadertech [2010.08.12 23:12:01 | 000,000,000 | ---D | M] -- C:\Users\Fabian\AppData\Roaming\lowsec [2009.05.23 17:30:14 | 000,000,000 | ---D | M] -- C:\Users\Fabian\AppData\Roaming\MiniDm [2010.06.23 17:22:45 | 000,000,000 | ---D | M] -- C:\Users\Fabian\AppData\Roaming\mp3DirectCut [2010.04.04 13:42:57 | 000,000,000 | ---D | M] -- C:\Users\Fabian\AppData\Roaming\Mp3tag [2010.01.08 23:36:06 | 000,000,000 | ---D | M] -- C:\Users\Fabian\AppData\Roaming\OCS [2008.12.24 11:14:04 | 000,000,000 | ---D | M] -- C:\Users\Fabian\AppData\Roaming\OpenOffice.org [2009.11.01 17:59:44 | 000,000,000 | ---D | M] -- C:\Users\Fabian\AppData\Roaming\Opera [2008.10.04 13:33:21 | 000,000,000 | ---D | M] -- C:\Users\Fabian\AppData\Roaming\PeerNetworking [2010.03.28 21:22:45 | 000,000,000 | ---D | M] -- C:\Users\Fabian\AppData\Roaming\Pegasys Inc [2010.10.28 20:59:24 | 000,000,000 | ---D | M] -- C:\Users\Fabian\AppData\Roaming\PhotoFiltre [2010.04.12 17:31:32 | 000,000,000 | ---D | M] -- C:\Users\Fabian\AppData\Roaming\PowerCinema [2009.04.03 19:33:17 | 000,000,000 | ---D | M] -- C:\Users\Fabian\AppData\Roaming\ProtectDisc [2010.02.20 17:49:05 | 000,000,000 | ---D | M] -- C:\Users\Fabian\AppData\Roaming\Red Kawa [2010.02.20 23:53:01 | 000,000,000 | ---D | M] -- C:\Users\Fabian\AppData\Roaming\Regensoft [2010.09.15 20:46:24 | 000,000,000 | ---D | M] -- C:\Users\Fabian\AppData\Roaming\Registry Mechanic [2009.01.19 18:22:16 | 000,000,000 | ---D | M] -- C:\Users\Fabian\AppData\Roaming\S.A.D [2007.08.12 14:16:44 | 000,000,000 | ---D | M] -- C:\Users\Fabian\AppData\Roaming\Sierra [2010.10.12 12:40:11 | 000,000,000 | ---D | M] -- C:\Users\Fabian\AppData\Roaming\SlimBrowser [2010.03.17 17:10:43 | 000,000,000 | ---D | M] -- C:\Users\Fabian\AppData\Roaming\soul.im [2010.10.13 18:51:46 | 000,000,000 | ---D | M] -- C:\Users\Fabian\AppData\Roaming\Steganos [2010.10.12 11:42:18 | 000,000,000 | ---D | M] -- C:\Users\Fabian\AppData\Roaming\Stellarium [2009.05.28 17:09:57 | 000,000,000 | ---D | M] -- C:\Users\Fabian\AppData\Roaming\T-Online [2010.10.19 21:43:47 | 000,000,000 | ---D | M] -- C:\Users\Fabian\AppData\Roaming\temp [2009.12.22 14:51:35 | 000,000,000 | ---D | M] -- C:\Users\Fabian\AppData\Roaming\Toolbars [2010.08.15 00:03:30 | 000,000,000 | ---D | M] -- C:\Users\Fabian\AppData\Roaming\Tracker Software [2010.05.25 20:06:54 | 000,000,000 | ---D | M] -- C:\Users\Fabian\AppData\Roaming\TS3Client [2009.05.24 14:14:00 | 000,000,000 | ---D | M] -- C:\Users\Fabian\AppData\Roaming\TuneUp Software [2010.10.12 11:31:55 | 000,000,000 | ---D | M] -- C:\Users\Fabian\AppData\Roaming\TVcentral-Core [2008.11.02 12:20:20 | 000,000,000 | ---D | M] -- C:\Users\Fabian\AppData\Roaming\Vodafone [2010.09.15 20:32:47 | 000,000,000 | ---D | M] -- C:\Users\Fabian\AppData\Roaming\VS Revo Group [2009.05.28 18:26:44 | 000,000,000 | ---D | M] -- C:\Users\Fabian\AppData\Roaming\Webview [2010.01.18 20:28:17 | 000,000,000 | ---D | M] -- C:\Users\Fabian\AppData\Roaming\WhatPulse [2010.11.19 17:17:16 | 000,000,392 | ---- | M] () -- C:\Windows\Tasks\1-Klick-Wartung.job [2010.11.23 11:55:05 | 000,000,370 | ---- | M] () -- C:\Windows\Tasks\Ad-Aware Update (Weekly).job [2010.11.23 11:55:15 | 000,000,250 | ---- | M] () -- C:\Windows\Tasks\RtlVistaStart.job [2010.11.22 23:33:45 | 000,032,562 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT [2010.11.23 12:44:59 | 000,000,394 | -H-- | M] () -- C:\Windows\Tasks\User_Feed_Synchronization-{60E70999-78D0-41AB-8805-04CC34877BB3}.job [2010.11.23 12:45:15 | 000,000,420 | -H-- | M] () -- C:\Windows\Tasks\User_Feed_Synchronization-{96A16510-0F25-41F6-A1C5-B3B8D56AE797}.job ========== Purity Check ========== ========== Alternate Data Streams ========== @Alternate Data Stream - 451 bytes -> C:\ProgramData\TEMP:05EE1EEF @Alternate Data Stream - 104 bytes -> C:\ProgramData\TEMP:D1B5B4F1 < End of report > Extras (2 Log-File von OTL) ist im Anhang: So Freunde, dann hatte ich vorgestern nochmal nen Scan mit Anti-Malware gemacht und was gefunden: Code:
ATTFilter Malwarebytes' Anti-Malware 1.46 www.malwarebytes.org Datenbank Version: 5154 Windows 6.0.6001 Service Pack 1 Internet Explorer 8.0.6001.18783 20.11.2010 01:03:56 mbam-log-2010-11-20 (01-03-56).txt Art des Suchlaufs: Quick-Scan Durchsuchte Objekte: 163357 Laufzeit: 6 Minute(n), 22 Sekunde(n) Infizierte Speicherprozesse: 0 Infizierte Speichermodule: 0 Infizierte Registrierungsschlüssel: 1 Infizierte Registrierungswerte: 0 Infizierte Dateiobjekte der Registrierung: 0 Infizierte Verzeichnisse: 0 Infizierte Dateien: 1 Infizierte Speicherprozesse: (Keine bösartigen Objekte gefunden) Infizierte Speichermodule: (Keine bösartigen Objekte gefunden) Infizierte Registrierungsschlüssel: HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\{19127ad2-394b-70f5-c650-b97867baa1f7} (Backdoor.Bot) -> Quarantined and deleted successfully. Infizierte Registrierungswerte: (Keine bösartigen Objekte gefunden) Infizierte Dateiobjekte der Registrierung: (Keine bösartigen Objekte gefunden) Infizierte Verzeichnisse: (Keine bösartigen Objekte gefunden) Infizierte Dateien: C:\Users\Fabian\AppData\Roaming\avdrn.dat (Malware.Trace) -> Quarantined and deleted successfully. Code:
ATTFilter g-FMalwarebytes' Anti-Malware 1.46 www.malwarebytes.org Datenbank Version: 5154 Windows 6.0.6001 Service Pack 1 Internet Explorer 8.0.6001.18783 23.11.2010 13:12:08 mbam-log-2010-11-23 (13-12-08).txt Art des Suchlaufs: Quick-Scan Durchsuchte Objekte: 162935 Laufzeit: 5 Minute(n), 13 Sekunde(n) Infizierte Speicherprozesse: 0 Infizierte Speichermodule: 0 Infizierte Registrierungsschlüssel: 0 Infizierte Registrierungswerte: 0 Infizierte Dateiobjekte der Registrierung: 0 Infizierte Verzeichnisse: 0 Infizierte Dateien: 0 Infizierte Speicherprozesse: (Keine bösartigen Objekte gefunden) Infizierte Speichermodule: (Keine bösartigen Objekte gefunden) Infizierte Registrierungsschlüssel: (Keine bösartigen Objekte gefunden) Infizierte Registrierungswerte: (Keine bösartigen Objekte gefunden) Infizierte Dateiobjekte der Registrierung: (Keine bösartigen Objekte gefunden) Infizierte Verzeichnisse: (Keine bösartigen Objekte gefunden) Infizierte Dateien: (Keine bösartigen Objekte gefunden) Zum Schluß bleibt zu sagen, dass ich glaube auch mit Spybot was gefunden hatte, kann mich auch irren, denn ich kann mich 0 erinnern. So, ich habe alles ausführlich gemacht, wie es in der Anleitung steht. Ich hoffe, ihr könnt mir helfen, denn wenn ich sehe, wie lang so ne Log-File ist, kann ich mir nicht vorstellen, dass da jemand durchsieht!? Das wars erstmal, bin gespannt auf Antworten. Gruß Fabian |
23.11.2010, 20:42 | #2 |
| Spyware während der Pay-Pal Anmeldung! So,
__________________jetzt habe ich nen risen Problem. Ich kann mich in keinem forum oder so mehr anmelden. Melde ich mich z.B. im trojaner-Board an, kommt diese Seite mit: "Danke, Nemesis36 für ihre Anmeldung" oder so und danach werde ich wieder zum Anmelde-Fenster weitergeleitet, ich bin also nie angemeldet. In anderen Foren ist es auch so, klicke ich auf anmelden, bin ich danach wieder auf der Anmelde-Seite. Es geht nur, wenn ich mit dme CCleaner alles lösche, aber nach kürzester Zeit ist es wieder so, dass ich mich nirgends anmelden kann. Außerdem bricht dauernd meine UMTS-Verbindung ständig ab, das hatte ich sonst nie. Bitte, helft mir. |
Themen zu Spyware während der Pay-Pal Anmeldung! |
0x00000001, 32-bit, ad-aware, alternate, avgntflt.sys, avira, awareness, benachrichtigungsdienst, bho, c:\windows\system32\rundll32.exe, c:\windows\system32\services.exe, conduit, corp./icp, cpu, dwm.exe, ebayshortcuts.exe, error, excel.exe, firefox, firefox.exe, geld, gruppe, hacken, hijackthis, home, home premium, jusched.exe, langs, launch, logfile, mozilla, nvlddmkm.sys, nvstor.sys, oldtimer, otl logfile, otl.exe, plug-in, programdata, programm, realtek, rundll, safer networking, scan, sched.exe, searchplugins, security, security scan, senden, service pack 1, software, sptd.sys, spyware, start menu, svchost.exe, tracker, trojan-dropper.win32.agent, trojan.win32.generic, trojan.win32.generic!bt, trojaner, updates, version., virus-warnung, vista, vodafone, windows, windows vista home, winpcap packet driver |