| |
| |||||||
Plagegeister aller Art und deren Bekämpfung: Spyware während der Pay-Pal Anmeldung!Windows 7 Wenn Du nicht sicher bist, ob Du dir Malware oder Trojaner eingefangen hast, erstelle hier ein Thema. Ein Experte wird sich mit weiteren Anweisungen melden und Dir helfen die Malware zu entfernen oder Unerwünschte Software zu deinstallieren bzw. zu löschen. Bitte schildere dein Problem so genau wie möglich. Sollte es ein Trojaner oder Viren Problem sein wird ein Experte Dir bei der Beseitigug der Infektion helfen. |
 |
23.11.2010, 13:23
| #1 |
| |  Spyware während der Pay-Pal Anmeldung! Hi, ich habe ein Problem. Als ich mich neulich bei Pay-Pal anmelden wollte, kam in diesem Moment die Virus-Warnung von Avira: Erkennungs-Muster des Droppers DR Spy/ZBot.arzj Hört sich für mich nicht gut an, dass in dem Moment, wo ich mich bei Pay-Pal anmelden will, von wo man auf mein Geld zugreifen kann, ein "Virus" aktiv wird, wo was von Spy im Namen steht.  Ich habe Angst, bitte helft mir. Also habe ich mal Ad-Aware runtergeladen und auf Anhieb 5 Funde gehabt. Allerdings bin ich mir sicher, dass der Carspawner und der sacam_loader.exe keine Trojaner sind. Sie hacken sich lediglich in ein Computer-Spiel ein und werden deshalb wohl fälschlicherweise als Trojaner erkannt. Das Programm icetea dürfte auch kein Trojaner sein, das habe ich 1 Jahr und Avira hatte mich nicht gewahrnt, Anti-Malware auch nicht, aber jetzt auf einmal halt schon: Code:
ATTFilter Logfile created: 19.11.2010 21:20:23
Ad-Aware version: 8.3.5
Extended engine: 3
Extended engine version: 3.1.2770
User performing scan: Fabian
*********************** Definitions database information ***********************
Lavasoft definition file: 150.167
Genotype definition file version: 2010/11/18 15:56:06
Extended engine definition file: 7350.0
******************************** Scan results: *********************************
Scan profile name: Vollständiger Scan (ID: full)
Objects scanned: 313180
Objects detected: 5
Type Detected
==========================
Processes.......: 0
Registry entries: 0
Hostfile entries: 0
Files...........: 5
Folders.........: 0
LSPs............: 0
Cookies.........: 0
Browser hijacks.: 0
MRU objects.....: 0
Quarantined items:
Description: c:\users\fabian\appdata\roaming\desktopicon\ebayshortcuts.exe Family Name: Trojan.Win32.Adware Engine: 3 Clean status: Success Item ID: 1 Family ID: 0 MD5: a7cb09be9c921040735388b599209dbf
Description: c:\users\fabian\mein zeug\psp\psp\12556_icetea1.3_win\icetea1.3_win\icetea.exe Family Name: Win32.Hoax.Agent Engine: 1 Clean status: Success Item ID: 0 Family ID: 3723 MD5: 523f0447ad0cc94b734839f1ea7c433f
Description: c:\users\fabian\mein zeug\san andreas\san andreas-programmme\carspawner.exe Family Name: Trojan-Dropper.Win32.Agent Engine: 3 Clean status: Success Item ID: 2 Family ID: 0 MD5: 09b0c858845400df5110352bcb28a3cf
Description: c:\users\fabian\mein zeug\san andreas\san andreas-programmme\samp_cam_hack_vista\sampcamhack\sacam_loader.exe Family Name: Trojan.Win32.Generic!BT Engine: 3 Clean status: Success Item ID: 3 Family ID: 0 MD5: da6e13d9187ae7af22035730b25c4569
Description: c:\program files\aws\minibug.exe Family Name: Trojan.Win32.Generic!BT Engine: 3 Clean status: Success Item ID: 3 Family ID: 0 MD5: 8a9ff2d074d6325e0bc8a0230ad282ff
Scan and cleaning complete: Stopped by request after 8603 seconds
*********************************** Settings ***********************************
Scan profile:
ID: full, enabled:1, value: Vollständiger Scan
ID: folderstoscan, enabled:1, value: C:\
ID: useantivirus, enabled:1, value: true
ID: sections, enabled:1
ID: scancriticalareas, enabled:1, value: true
ID: scanrunningapps, enabled:1, value: true
ID: scanregistry, enabled:1, value: true
ID: scanlsp, enabled:1, value: true
ID: scanads, enabled:1, value: true
ID: scanhostsfile, enabled:1, value: true
ID: scanmru, enabled:1, value: true
ID: scanbrowserhijacks, enabled:1, value: true
ID: scantrackingcookies, enabled:1, value: true
ID: closebrowsers, enabled:1, value: false
ID: filescanningoptions, enabled:1
ID: archives, enabled:1, value: true
ID: onlyexecutables, enabled:1, value: false
ID: skiplargerthan, enabled:1, value: 20480
ID: scanrootkits, enabled:1, value: true
ID: rootkitlevel, enabled:1, value: mild, domain: medium,mild,strict
ID: usespywareheuristics, enabled:1, value: true
Scan global:
ID: global, enabled:1
ID: addtocontextmenu, enabled:1, value: true
ID: playsoundoninfection, enabled:1, value: false
ID: soundfile, enabled:0, value: N/A
Scheduled scan settings:
<Empty>
Update settings:
ID: updates, enabled:1
ID: launchthreatworksafterscan, enabled:1, value: off, domain: normal,off,silently
ID: deffiles, enabled:1, value: downloadandinstall, domain: dontcheck,downloadandinstall
ID: licenseandinfo, enabled:1, value: downloadandinstall, domain: dontcheck,downloadandinstall
ID: schedules, enabled:1, value: true
ID: updatedaily1, enabled:1, value: Daily 1
ID: time, enabled:1, value: Fri Nov 19 21:14:00 2010
ID: frequency, enabled:1, value: daily, domain: daily,monthly,once,systemstart,weekly
ID: weekdays, enabled:1
ID: monday, enabled:1, value: false
ID: tuesday, enabled:1, value: false
ID: wednesday, enabled:1, value: false
ID: thursday, enabled:1, value: false
ID: friday, enabled:1, value: false
ID: saturday, enabled:1, value: false
ID: sunday, enabled:1, value: false
ID: monthly, enabled:1, value: 1, minvalue: 1, maxvalue: 31
ID: scanprofile, enabled:1, value:
ID: auto_deal_with_infections, enabled:1, value: false
ID: updatedaily2, enabled:1, value: Daily 2
ID: time, enabled:1, value: Fri Nov 19 03:14:00 2010
ID: frequency, enabled:1, value: daily, domain: daily,monthly,once,systemstart,weekly
ID: weekdays, enabled:1
ID: monday, enabled:1, value: false
ID: tuesday, enabled:1, value: false
ID: wednesday, enabled:1, value: false
ID: thursday, enabled:1, value: false
ID: friday, enabled:1, value: false
ID: saturday, enabled:1, value: false
ID: sunday, enabled:1, value: false
ID: monthly, enabled:1, value: 1, minvalue: 1, maxvalue: 31
ID: scanprofile, enabled:1, value:
ID: auto_deal_with_infections, enabled:1, value: false
ID: updatedaily3, enabled:1, value: Daily 3
ID: time, enabled:1, value: Fri Nov 19 09:14:00 2010
ID: frequency, enabled:1, value: daily, domain: daily,monthly,once,systemstart,weekly
ID: weekdays, enabled:1
ID: monday, enabled:1, value: false
ID: tuesday, enabled:1, value: false
ID: wednesday, enabled:1, value: false
ID: thursday, enabled:1, value: false
ID: friday, enabled:1, value: false
ID: saturday, enabled:1, value: false
ID: sunday, enabled:1, value: false
ID: monthly, enabled:1, value: 1, minvalue: 1, maxvalue: 31
ID: scanprofile, enabled:1, value:
ID: auto_deal_with_infections, enabled:1, value: false
ID: updatedaily4, enabled:1, value: Daily 4
ID: time, enabled:1, value: Fri Nov 19 15:14:00 2010
ID: frequency, enabled:1, value: daily, domain: daily,monthly,once,systemstart,weekly
ID: weekdays, enabled:1
ID: monday, enabled:1, value: false
ID: tuesday, enabled:1, value: false
ID: wednesday, enabled:1, value: false
ID: thursday, enabled:1, value: false
ID: friday, enabled:1, value: false
ID: saturday, enabled:1, value: false
ID: sunday, enabled:1, value: false
ID: monthly, enabled:1, value: 1, minvalue: 1, maxvalue: 31
ID: scanprofile, enabled:1, value:
ID: auto_deal_with_infections, enabled:1, value: false
ID: updateweekly1, enabled:1, value: Weekly
ID: time, enabled:1, value: Fri Nov 19 21:14:00 2010
ID: frequency, enabled:1, value: weekly, domain: daily,monthly,once,systemstart,weekly
ID: weekdays, enabled:1
ID: monday, enabled:1, value: true
ID: tuesday, enabled:1, value: false
ID: wednesday, enabled:1, value: false
ID: thursday, enabled:1, value: false
ID: friday, enabled:1, value: true
ID: saturday, enabled:1, value: false
ID: sunday, enabled:1, value: false
ID: monthly, enabled:1, value: 1, minvalue: 1, maxvalue: 31
ID: scanprofile, enabled:1, value:
ID: auto_deal_with_infections, enabled:1, value: false
Appearance settings:
ID: appearance, enabled:1
ID: skin, enabled:1, value: default.egl, reglocation: HKEY_LOCAL_MACHINE\SOFTWARE\Lavasoft\Ad-Aware\Resource
ID: showtrayicon, enabled:1, value: true
ID: autoentertainmentmode, enabled:1, value: true
ID: guimode, enabled:1, value: mode_simple, domain: mode_advanced,mode_simple
ID: language, enabled:1, value: de, reglocation: HKEY_LOCAL_MACHINE\SOFTWARE\Lavasoft\Ad-Aware\Language
Realtime protection settings:
ID: realtime, enabled:1
ID: layers, enabled:1
ID: useantivirus, enabled:1, value: true
ID: usespywareheuristics, enabled:1, value: true
ID: infomessages, enabled:1, value: onlyimportant, domain: display,dontnotify,onlyimportant
ID: modules, enabled:1
ID: processprotection, enabled:1, value: true
ID: onaccessprotection, enabled:1, value: false
ID: registryprotection, enabled:1, value: true
ID: networkprotection, enabled:1, value: true
****************************** System information ******************************
Computer name: FABIAN-PC
Processor name: Intel(R) Core(TM)2 CPU 6600 @ 2.40GHz
Processor identifier: x86 Family 6 Model 15 Stepping 6
Processor speed: ~2405MHZ
Raw info: processorarchitecture 0, processortype 586, processorlevel 6, processor revision 3846, number of processors 2, processor features: [MMX,SSE,SSE2,SSE3]
Physical memory available: 1099677696 bytes
Physical memory total: 2145710080 bytes
Virtual memory available: 1838669824 bytes
Virtual memory total: 2147352576 bytes
Memory load: 48%
Microsoft Windows Vista Home Premium Edition, 32-bit Service Pack 1 (build 6001)
Windows startup mode:
Running processes:
PID: 488 name: C:\Windows\System32\smss.exe owner: SYSTEM domain: NT-AUTORITÄT
PID: 604 name: C:\Windows\System32\csrss.exe owner: SYSTEM domain: NT-AUTORITÄT
PID: 656 name: C:\Windows\System32\wininit.exe owner: SYSTEM domain: NT-AUTORITÄT
PID: 668 name: C:\Windows\System32\csrss.exe owner: SYSTEM domain: NT-AUTORITÄT
PID: 700 name: C:\Windows\System32\services.exe owner: SYSTEM domain: NT-AUTORITÄT
PID: 712 name: C:\Windows\System32\lsass.exe owner: SYSTEM domain: NT-AUTORITÄT
PID: 724 name: C:\Windows\System32\lsm.exe owner: SYSTEM domain: NT-AUTORITÄT
PID: 888 name: C:\Windows\System32\winlogon.exe owner: SYSTEM domain: NT-AUTORITÄT
PID: 912 name: C:\Windows\System32\svchost.exe owner: SYSTEM domain: NT-AUTORITÄT
PID: 976 name: C:\Windows\System32\nvvsvc.exe owner: SYSTEM domain: NT-AUTORITÄT
PID: 1004 name: C:\Windows\System32\svchost.exe owner: NETZWERKDIENST domain: NT-AUTORITÄT
PID: 1044 name: C:\Windows\System32\svchost.exe owner: SYSTEM domain: NT-AUTORITÄT
PID: 1096 name: C:\Windows\System32\svchost.exe owner: LOKALER DIENST domain: NT-AUTORITÄT
PID: 1132 name: C:\Windows\System32\svchost.exe owner: SYSTEM domain: NT-AUTORITÄT
PID: 1168 name: C:\Windows\System32\svchost.exe owner: SYSTEM domain: NT-AUTORITÄT
PID: 1336 name: C:\Windows\System32\svchost.exe owner: SYSTEM domain: NT-AUTORITÄT
PID: 1360 name: C:\Windows\System32\SLsvc.exe owner: NETZWERKDIENST domain: NT-AUTORITÄT
PID: 1392 name: C:\Windows\System32\svchost.exe owner: LOKALER DIENST domain: NT-AUTORITÄT
PID: 1484 name: C:\Windows\System32\rundll32.exe owner: SYSTEM domain: NT-AUTORITÄT
PID: 1628 name: C:\Windows\System32\svchost.exe owner: NETZWERKDIENST domain: NT-AUTORITÄT
PID: 1756 name: C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe owner: SYSTEM domain: NT-AUTORITÄT
PID: 1848 name: C:\Windows\System32\spoolsv.exe owner: SYSTEM domain: NT-AUTORITÄT
PID: 1872 name: C:\Program Files\Avira\AntiVir Desktop\sched.exe owner: SYSTEM domain: NT-AUTORITÄT
PID: 1884 name: C:\Windows\System32\svchost.exe owner: LOKALER DIENST domain: NT-AUTORITÄT
PID: 336 name: C:\Program Files\Avira\AntiVir Desktop\avguard.exe owner: SYSTEM domain: NT-AUTORITÄT
PID: 396 name: C:\Program Files\Common Files\Nero\Nero BackItUp 4\NBService.exe owner: SYSTEM domain: NT-AUTORITÄT
PID: 1416 name: C:\Program Files\OO Software\Defrag\oodag.exe owner: SYSTEM domain: NT-AUTORITÄT
PID: 1468 name: C:\Windows\System32\PnkBstrA.exe owner: SYSTEM domain: NT-AUTORITÄT
PID: 2008 name: C:\Windows\System32\svchost.exe owner: NETZWERKDIENST domain: NT-AUTORITÄT
PID: 648 name: C:\Program Files\CyberLink\Shared Files\RichVideo.exe owner: SYSTEM domain: NT-AUTORITÄT
PID: 2052 name: C:\Users\Fabian\AppData\Roaming\OCS\SM\SearchAnonymizerHelper.exe owner: SYSTEM domain: NT-AUTORITÄT
PID: 2104 name: C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindServiceAE.exe owner: SYSTEM domain: NT-AUTORITÄT
PID: 2120 name: C:\Windows\System32\svchost.exe owner: LOKALER DIENST domain: NT-AUTORITÄT
PID: 2148 name: C:\Windows\System32\svchost.exe owner: SYSTEM domain: NT-AUTORITÄT
PID: 2188 name: C:\Windows\System32\SearchIndexer.exe owner: SYSTEM domain: NT-AUTORITÄT
PID: 2216 name: C:\Program Files\Vodafone\Vodafone Mobile Connect\Bin\VMCService.exe owner: SYSTEM domain: NT-AUTORITÄT
PID: 2348 name: C:\Program Files\Spybot - Search & Destroy\SDWinSec.exe owner: SYSTEM domain: NT-AUTORITÄT
PID: 2488 name: C:\Windows\System32\wbem\WmiPrvSE.exe owner: NETZWERKDIENST domain: NT-AUTORITÄT
PID: 2696 name: C:\Windows\System32\WUDFHost.exe owner: LOKALER DIENST domain: NT-AUTORITÄT
PID: 2932 name: C:\Windows\System32\wbem\unsecapp.exe owner: SYSTEM domain: NT-AUTORITÄT
PID: 2992 name: C:\Windows\System32\wbem\WmiPrvSE.exe owner: SYSTEM domain: NT-AUTORITÄT
PID: 3292 name: C:\Windows\System32\dwm.exe owner: Fabian domain: Fabian-PC
PID: 3344 name: C:\Windows\explorer.exe owner: Fabian domain: Fabian-PC
PID: 3372 name: C:\Windows\System32\taskeng.exe owner: Fabian domain: Fabian-PC
PID: 3724 name: C:\Windows\System32\Narrator.exe owner: Fabian domain: Fabian-PC
PID: 3804 name: C:\Windows\System32\rundll32.exe owner: Fabian domain: Fabian-PC
PID: 3848 name: C:\Program Files\Razer\Salmosa\razerhid.exe owner: Fabian domain: Fabian-PC
PID: 3940 name: C:\Program Files\Logitech\Gaming Software\LWEMon.exe owner: Fabian domain: Fabian-PC
PID: 3952 name: C:\Program Files\Razer\Salmosa\razertra.exe owner: Fabian domain: Fabian-PC
PID: 3980 name: C:\Program Files\Razer\Salmosa\razerofa.exe owner: Fabian domain: Fabian-PC
PID: 4000 name: C:\Program Files\Java\jre6\bin\jusched.exe owner: Fabian domain: Fabian-PC
PID: 4044 name: C:\Program Files\Avira\AntiVir Desktop\avgnt.exe owner: Fabian domain: Fabian-PC
PID: 4056 name: C:\Program Files\QuickTime\QTTask.exe owner: Fabian domain: Fabian-PC
PID: 4064 name: C:\Windows\ehome\ehtray.exe owner: Fabian domain: Fabian-PC
PID: 2100 name: C:\Program Files\Windows Media Player\wmpnscfg.exe owner: Fabian domain: Fabian-PC
PID: 1732 name: C:\Program Files\Lavasoft\Ad-Aware\Ad-Aware.exe owner: Fabian domain: Fabian-PC
PID: 832 name: C:\Windows\ehome\ehmsas.exe owner: Fabian domain: Fabian-PC
PID: 1588 name: C:\Windows\ehome\ehsched.exe owner: NETZWERKDIENST domain: NT-AUTORITÄT
PID: 3640 name: C:\Program Files\Windows Media Player\wmpnetwk.exe owner: NETZWERKDIENST domain: NT-AUTORITÄT
PID: 1544 name: C:\Windows\ehome\ehrecvr.exe owner: NETZWERKDIENST domain: NT-AUTORITÄT
PID: 2260 name: C:\Windows\System32\taskeng.exe owner: SYSTEM domain: NT-AUTORITÄT
PID: 3044 name: C:\Windows\System32\SearchProtocolHost.exe owner: SYSTEM domain: NT-AUTORITÄT
PID: 3760 name: C:\Program Files\Lavasoft\Ad-Aware\AAWTray.exe owner: Fabian domain: Fabian-PC
PID: 2940 name: C:\Windows\System32\SearchFilterHost.exe owner: SYSTEM domain: NT-AUTORITÄT
Startup items:
Name: {8C7461EF-2B13-11d2-BE35-3078302C2030}
imagepath: Component Categories cache daemon
Name: NvCplDaemon
imagepath: RUNDLL32.EXE C:\Windows\system32\NvCpl.dll,NvStartup
Name: NvMediaCenter
imagepath: RUNDLL32.EXE C:\Windows\system32\NvMcTray.dll,NvTaskbarInit
Name: Salmosa
imagepath: C:\Program Files\Razer\Salmosa\razerhid.exe
Name: Start WingMan Profiler
imagepath: C:\Program Files\Logitech\Gaming Software\LWEMon.exe /noui
Name: SunJavaUpdateSched
imagepath: "C:\Program Files\Java\jre6\bin\jusched.exe"
Name: Ocs_SM
imagepath: C:\Users\Fabian\AppData\Roaming\OCS\SM\SearchAnonymizer.exe
Name: Malwarebytes Anti-Malware (reboot)
imagepath: "C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe" /runcleanupscript
Name: avgnt
imagepath: "C:\Program Files\Avira\AntiVir Desktop\avgnt.exe" /min
Name: QuickTime Task
imagepath: "C:\Program Files\QuickTime\QTTask.exe" -atboottime
Name: WebCheck
imagepath: {E6FB5E20-DE35-11CF-9C87-00AA005127ED}
Name:
imagepath: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\desktop.ini
Name:
imagepath: C:\Windows\System32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\desktop.ini
Bootexecute items:
Name:
imagepath: autocheck autochk *
Name:
imagepath: OODBS
Running services:
Name: AeLookupSvc
displayname: Anwendungserfahrung
Name: AntiVirSchedulerService
displayname: Avira AntiVir Planer
Name: AntiVirService
displayname: Avira AntiVir Guard
Name: Appinfo
displayname: Anwendungsinformationen
Name: AudioEndpointBuilder
displayname: Windows-Audio-Endpunkterstellung
Name: Audiosrv
displayname: Windows-Audio
Name: BFE
displayname: Basisfiltermodul
Name: BITS
displayname: Intelligenter Hintergrundübertragungsdienst
Name: Browser
displayname: Computerbrowser
Name: CryptSvc
displayname: Kryptografiedienste
Name: DcomLaunch
displayname: DCOM-Server-Prozessstart
Name: Dhcp
displayname: DHCP-Client
Name: Dnscache
displayname: DNS-Client
Name: DPS
displayname: Diagnoserichtliniendienst
Name: EapHost
displayname: Extensible Authentication-Protokoll
Name: ehRecvr
displayname: Windows Media Center-Empfängerdienst
Name: ehSched
displayname: Windows Media Center-Planerdienst
Name: EMDMgmt
displayname: ReadyBoost
Name: Eventlog
displayname: Windows-Ereignisprotokoll
Name: EventSystem
displayname: COM+-Ereignissystem
Name: fdPHost
displayname: Funktionssuchanbieter-Host
Name: FDResPub
displayname: Funktionssuche-Ressourcenveröffentlichung
Name: gpsvc
displayname: Gruppenrichtlinienclient
Name: hidserv
displayname: Zugriff auf Eingabegeräte
Name: IKEEXT
displayname: IKE- und AuthIP IPsec-Schlüsselerstellungsmodule
Name: iphlpsvc
displayname: IP-Hilfsdienst
Name: KeyIso
displayname: CNG-Schlüsselisolation
Name: KtmRm
displayname: KtmRm für Distributed Transaction Coordinator
Name: LanmanServer
displayname: Server
Name: LanmanWorkstation
displayname: Arbeitsstationsdienst
Name: Lavasoft Ad-Aware Service
displayname: Lavasoft Ad-Aware Service
Name: lmhosts
displayname: TCP/IP-NetBIOS-Hilfsdienst
Name: MMCSS
displayname: Multimediaklassenplaner
Name: MpsSvc
displayname: Windows-Firewall
Name: Nero BackItUp Scheduler 4.0
displayname: Nero BackItUp Scheduler 4.0
Name: Netman
displayname: Netzwerkverbindungen
Name: netprofm
displayname: Netzwerklistendienst
Name: NlaSvc
displayname: NLA (Network Location Awareness)
Name: nsi
displayname: Netzwerkspeicher-Schnittstellendienst
Name: nvsvc
displayname: NVIDIA Display Driver Service
Name: OODefragAgent
displayname: O&O Defrag
Name: PcaSvc
displayname: Programmkompatibilitäts-Assistent-Dienst
Name: PlugPlay
displayname: Plug & Play
Name: PnkBstrA
displayname: PnkBstrA
Name: PolicyAgent
displayname: IPsec-Richtlinien-Agent
Name: ProfSvc
displayname: Benutzerprofildienst
Name: RasMan
displayname: RAS-Verbindungsverwaltung
Name: RichVideo
displayname: Cyberlink RichVideo Service(CRVS)
Name: RpcSs
displayname: Remoteprozeduraufruf (RPC)
Name: SamSs
displayname: Sicherheitskonto-Manager
Name: SBSDWSCService
displayname: SBSD Security Center Service
Name: Schedule
displayname: Aufgabenplanung
Name: SearchAnonymizer
displayname: SearchAnonymizer
Name: seclogon
displayname: Sekundäre Anmeldung
Name: SENS
displayname: Benachrichtigungsdienst für Systemereignisse
Name: ShellHWDetection
displayname: Shellhardwareerkennung
Name: slsvc
displayname: Softwarelizenzierung
Name: Spooler
displayname: Druckwarteschlange
Name: SSDPSRV
displayname: SSDP-Suche
Name: SstpSvc
displayname: SSTP-Dienst
Name: StarWindServiceAE
displayname: StarWind AE Service
Name: stisvc
displayname: Windows-Bilderfassung
Name: SysMain
displayname: Superfetch
Name: TabletInputService
displayname: Tablet PC-Eingabedienst
Name: TapiSrv
displayname: Telefonie
Name: TermService
displayname: Terminaldienste
Name: Themes
displayname: Designs
Name: TrkWks
displayname: Überwachung verteilter Verknüpfungen (Client)
Name: upnphost
displayname: UPnP-Gerätehost
Name: UxSms
displayname: Sitzungs-Manager für Desktopfenster-Manager
Name: UxTuneUp
displayname: TuneUp Designerweiterung
Name: VMCService
displayname: Vodafone Mobile Connect Service
Name: W32Time
displayname: Windows-Zeitgeber
Name: WdiSystemHost
displayname: Diagnosesystemhost
Name: WebClient
displayname: WebClient
Name: WerSvc
displayname: Windows-Fehlerberichterstattungsdienst
Name: WinDefend
displayname: Windows-Defender
Name: WinHttpAutoProxySvc
displayname: WinHTTP-Web Proxy Auto-Discovery-Dienst
Name: Winmgmt
displayname: Windows-Verwaltungsinstrumentation
Name: Wlansvc
displayname: Automatische WLAN-Konfiguration
Name: WMPNetworkSvc
displayname: Windows Media Player-Netzwerkfreigabedienst
Name: WPDBusEnum
displayname: Enumeratordienst für tragbare Geräte
Name: wscsvc
displayname: Sicherheitscenter
Name: WSearch
displayname: Windows Search
Name: wuauserv
displayname: Windows Update
Name: wudfsvc
displayname: Windows Driver Foundation - Benutzermodus-Treiberframework
 Hier mal die OTL-Logfile. Ist es normal, dass während das Programm läuft 100 mal diese Fehlermeldung kommt?: Exception Processing Message 0xc0000013 Parameters 0x754E92A0 0x0000004 ox754E92A0 0x754E92A0 Wenn nicht, ist die Log-File denke ich mal aussagelos, aber hier: OTL.Txt Code:
ATTFilter OTL logfile created on: 23.11.2010 12:46:31 - Run 1 OTL by OldTimer - Version 3.2.17.3 Folder = C:\Users\Fabian\Desktop Windows Vista Home Premium Edition Service Pack 1 (Version = 6.0.6001) - Type = NTWorkstation Internet Explorer (Version = 8.0.6001.18783) Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy 2,00 Gb Total Physical Memory | 1,00 Gb Available Physical Memory | 43,00% Memory free 4,00 Gb Paging File | 3,00 Gb Available in Paging File | 64,00% Paging File free Paging file location(s): ?:\pagefile.sys [binary data] %SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files Drive C: | 465,76 Gb Total Space | 27,49 Gb Free Space | 5,90% Space Free | Partition Type: NTFS Drive E: | 59,31 Mb Total Space | 0,00 Mb Free Space | 0,00% Space Free | Partition Type: CDFS Drive H: | 999,63 Mb Total Space | 803,11 Mb Free Space | 80,34% Space Free | Partition Type: FAT Computer Name: FABIAN-PC | User Name: Fabian | Logged in as Administrator. Boot Mode: Normal | Scan Mode: Current user Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days ========== Processes (SafeList) ========== PRC - C:\Users\Fabian\Desktop\OTL.exe (OldTimer Tools) PRC - C:\Programme\Lavasoft\Ad-Aware\AAWTray.exe (Lavasoft) PRC - C:\Programme\Lavasoft\Ad-Aware\AAWService.exe (Lavasoft) PRC - C:\Programme\Mozilla Firefox\plugin-container.exe (Mozilla Corporation) PRC - C:\Programme\Mozilla Firefox\firefox.exe (Mozilla Corporation) PRC - C:\Programme\OO Software\Defrag\oodag.exe (O&O Software GmbH) PRC - C:\Programme\Vodafone\Vodafone Mobile Connect\Bin\MobileConnect.exe (Vodafone) PRC - C:\Programme\Vodafone\Vodafone Mobile Connect\Bin\VMCService.exe (Vodafone) PRC - C:\Users\Fabian\AppData\Roaming\OCS\SM\SearchAnonymizerHelper.exe () PRC - C:\Programme\Avira\AntiVir Desktop\avguard.exe (Avira GmbH) PRC - C:\Programme\Common Files\Nero\Nero BackItUp 4\NBService.exe (Nero AG) PRC - C:\Programme\Avira\AntiVir Desktop\sched.exe (Avira GmbH) PRC - C:\Programme\Internet Explorer\ielowutil.exe (Microsoft Corporation) PRC - C:\Programme\Avira\AntiVir Desktop\avgnt.exe (Avira GmbH) PRC - C:\Programme\Spybot - Search & Destroy\SpybotSD.exe (Safer Networking Limited) PRC - C:\Programme\Spybot - Search & Destroy\SDWinSec.exe (Safer Networking Ltd.) PRC - C:\Windows\explorer.exe (Microsoft Corporation) PRC - C:\Programme\Razer\Salmosa\razertra.exe () PRC - C:\Programme\Razer\Salmosa\razerhid.exe () PRC - C:\Programme\Razer\Salmosa\razerofa.exe (Razer Inc.) PRC - C:\Programme\Logitech\Gaming Software\LWEMon.exe (Logitech Inc.) PRC - C:\Programme\Windows Media Player\wmpnetwk.exe (Microsoft Corporation) PRC - C:\Programme\Windows Media Player\wmpnscfg.exe (Microsoft Corporation) PRC - C:\Windows\System32\conime.exe (Microsoft Corporation) PRC - C:\Programme\Alcohol Soft\Alcohol 120\StarWind\StarWindServiceAE.exe (Rocket Division Software) ========== Modules (SafeList) ========== MOD - C:\Users\Fabian\Desktop\OTL.exe (OldTimer Tools) MOD - C:\Windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.6001.18000_none_5cdbaa5a083979cc\comctl32.dll (Microsoft Corporation) ========== Win32 Services (SafeList) ========== SRV - (Lavasoft Ad-Aware Service) -- C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe (Lavasoft) SRV - (OODefragAgent) -- C:\Program Files\OO Software\Defrag\oodag.exe (O&O Software GmbH) SRV - (VMCService) -- C:\Program Files\Vodafone\Vodafone Mobile Connect\Bin\VMCService.exe (Vodafone) SRV - (McComponentHostService) -- C:\Program Files\McAfee Security Scan\2.0.181\McCHSvc.exe (McAfee, Inc.) SRV - (SearchAnonymizer) -- C:\Users\Fabian\AppData\Roaming\OCS\SM\SearchAnonymizerHelper.exe () SRV - (AntiVirService) -- C:\Program Files\Avira\AntiVir Desktop\avguard.exe (Avira GmbH) SRV - (Nero BackItUp Scheduler 4.0) -- C:\Programme\Common Files\Nero\Nero BackItUp 4\NBService.exe (Nero AG) SRV - (TuneUp.Defrag) -- C:\Windows\System32\TuneUpDefragService.exe (TuneUp Software GmbH) SRV - (AntiVirSchedulerService) -- C:\Program Files\Avira\AntiVir Desktop\sched.exe (Avira GmbH) SRV - (SBSDWSCService) -- C:\Programme\Spybot - Search & Destroy\SDWinSec.exe (Safer Networking Ltd.) SRV - (WinDefend) -- C:\Programme\Windows Defender\MpSvc.dll (Microsoft Corporation) SRV - (UxTuneUp) -- C:\Windows\System32\uxtuneup.dll (TuneUp Software GmbH) SRV - (StarWindServiceAE) -- C:\Programme\Alcohol Soft\Alcohol 120\StarWind\StarWindServiceAE.exe (Rocket Division Software) ========== Driver Services (SafeList) ========== DRV - (wanatw) WAN Miniport (ATW) -- C:\Windows\System32\DRIVERS\wanatw4.sys File not found DRV - (PCASp50) -- C:\Windows\System32\Drivers\PCASp50.sys File not found DRV - (NwlnkFwd) -- C:\Windows\System32\DRIVERS\nwlnkfwd.sys File not found DRV - (NwlnkFlt) -- C:\Windows\System32\DRIVERS\nwlnkflt.sys File not found DRV - (IpInIp) -- C:\Windows\System32\DRIVERS\ipinip.sys File not found DRV - (IntcAzAudAddService) Service for Realtek HD Audio (WDM) -- C:\Windows\System32\drivers\RTKVHDA.sys File not found DRV - (blbdrive) -- C:\Windows\System32\drivers\blbdrive.sys File not found DRV - (Lavasoft Kernexplorer) -- C:\Programme\Lavasoft\Ad-Aware\kernexplorer.sys () DRV - (Lbd) -- C:\Windows\system32\DRIVERS\Lbd.sys (Lavasoft AB) DRV - (cpuz133) -- C:\Windows\System32\drivers\cpuz133_x32.sys (Windows (R) Win 7 DDK provider) DRV - (vodafone_K3805-z_dc_enum) -- C:\Windows\System32\drivers\vodafone_K3805-z_dc_enum.sys (Vodafone) DRV - (sptd) -- C:\Windows\System32\Drivers\sptd.sys () DRV - (RRNetCapMP) -- C:\Windows\System32\drivers\rrnetcap.sys (RapidSolution Software AG) DRV - (RRNetCap) -- C:\Windows\System32\drivers\rrnetcap.sys (RapidSolution Software AG) DRV - (avgntflt) -- C:\Windows\System32\drivers\avgntflt.sys (Avira GmbH) DRV - (ssmdrv) -- C:\Windows\System32\drivers\ssmdrv.sys (Avira GmbH) DRV - (SNP2UVC) -- C:\Windows\System32\drivers\snp2uvc.sys () DRV - (avipbb) -- C:\Windows\System32\drivers\avipbb.sys (Avira GmbH) DRV - (nvlddmkm) -- C:\Windows\System32\drivers\nvlddmkm.sys (NVIDIA Corporation) DRV - (avgio) -- C:\Programme\Avira\AntiVir Desktop\avgio.sys (Avira GmbH) DRV - (hxctlflt) -- C:\Windows\System32\drivers\hxctlflt.sys (Guillemot Corporation) DRV - (athr) -- C:\Windows\System32\drivers\athr.sys (Atheros Communications, Inc.) DRV - (acedrv11) -- C:\Windows\System32\drivers\acedrv11.sys (Protect Software GmbH) DRV - (L1E) -- C:\Windows\System32\drivers\L1E60x86.sys (Atheros Communications, Inc.) DRV - (Salmosa03) -- C:\Windows\System32\drivers\Salmosa.sys (Razer (Asia-Pacific) Pte Ltd) DRV - (hwdatacard) -- C:\Windows\System32\drivers\ewusbmdm.sys (Huawei Technologies Co., Ltd.) DRV - (WmXlCore) -- C:\Windows\System32\drivers\WmXlCore.sys (Logitech Inc.) DRV - (WmVirHid) -- C:\Windows\System32\drivers\WmVirHid.sys (Logitech Inc.) DRV - (WmFilter) -- C:\Windows\System32\drivers\WmFilter.sys (Logitech Inc.) DRV - (WmBEnum) -- C:\Windows\System32\drivers\WmBEnum.sys (Logitech Inc.) DRV - (usbaudio) USB-Audiotreiber (WDM) -- C:\Windows\System32\drivers\USBAUDIO.sys (Microsoft Corporation) DRV - (NPF) WinPcap Packet Driver (NPF) -- C:\Windows\System32\drivers\npf.sys (CACE Technologies) DRV - (SLEE_16_DRIVER) -- C:\Windows\System32\drivers\sleen16.sys (Softwareentwicklung Remus - ArchiCrypt ) DRV - (atksgt) -- C:\Windows\System32\drivers\atksgt.sys () DRV - (lirsgt) -- C:\Windows\System32\drivers\lirsgt.sys () DRV - (TBPanel) -- C:\Windows\System32\drivers\TBPanel.sys (Windows (R) 2000 DDK provider) DRV - (RTL8187) -- C:\Windows\System32\drivers\rtl8187.sys (Realtek Semiconductor Corporation ) DRV - (RtlProt) -- C:\Windows\System32\drivers\RtlProt.sys (Windows (R) Codename Longhorn DDK provider) DRV - (HCW88TSE) -- C:\Windows\System32\drivers\hcw88tse.sys (Hauppauge Computer Works, Inc) DRV - (hcw88rc5) -- C:\Windows\System32\drivers\hcw88rc5.sys (Hauppauge Computer Works, Inc.) DRV - (HCW88BDA) -- C:\Windows\System32\drivers\hcw88bda.sys (Hauppauge Computer Works, Inc) DRV - (HCW88AUD) -- C:\Windows\System32\drivers\hcw88aud.sys (Hauppauge Computer Works, Inc) DRV - (sfvfs02) StarForce Protection VFS Driver (version 2.x) -- C:\Windows\System32\drivers\sfvfs02.sys (Protection Technology (StarForce)) DRV - (ql2300) -- C:\Windows\system32\drivers\ql2300.sys (QLogic Corporation) DRV - (adp94xx) -- C:\Windows\system32\drivers\adp94xx.sys (Adaptec, Inc.) DRV - (elxstor) -- C:\Windows\system32\drivers\elxstor.sys (Emulex) DRV - (adpahci) -- C:\Windows\system32\drivers\adpahci.sys (Adaptec, Inc.) DRV - (uliahci) -- C:\Windows\system32\drivers\uliahci.sys (ULi Electronics Inc.) DRV - (iaStorV) -- C:\Windows\system32\drivers\iastorv.sys (Intel Corporation) DRV - (adpu320) -- C:\Windows\system32\drivers\adpu320.sys (Adaptec, Inc.) DRV - (ulsata2) -- C:\Windows\system32\drivers\ulsata2.sys (Promise Technology, Inc.) DRV - (vsmraid) -- C:\Windows\system32\drivers\vsmraid.sys (VIA Technologies Inc.,Ltd) DRV - (ql40xx) -- C:\Windows\system32\drivers\ql40xx.sys (QLogic Corporation) DRV - (UlSata) -- C:\Windows\system32\drivers\ulsata.sys (Promise Technology, Inc.) DRV - (adpu160m) -- C:\Windows\system32\drivers\adpu160m.sys (Adaptec, Inc.) DRV - (nvraid) -- C:\Windows\system32\drivers\nvraid.sys (NVIDIA Corporation) DRV - (nfrd960) -- C:\Windows\system32\drivers\nfrd960.sys (IBM Corporation) DRV - (iirsp) -- C:\Windows\system32\drivers\iirsp.sys (Intel Corp./ICP vortex GmbH) DRV - (SiSRaid4) -- C:\Windows\system32\drivers\sisraid4.sys (Silicon Integrated Systems) DRV - (nvstor) -- C:\Windows\system32\drivers\nvstor.sys (NVIDIA Corporation) DRV - (aic78xx) -- C:\Windows\system32\drivers\djsvs.sys (Adaptec, Inc.) DRV - (arcsas) -- C:\Windows\system32\drivers\arcsas.sys (Adaptec, Inc.) DRV - (LSI_SCSI) -- C:\Windows\system32\drivers\lsi_scsi.sys (LSI Logic) DRV - (SiSRaid2) -- C:\Windows\system32\drivers\sisraid2.sys (Silicon Integrated Systems Corp.) DRV - (HpCISSs) -- C:\Windows\system32\drivers\hpcisss.sys (Hewlett-Packard Company) DRV - (arc) -- C:\Windows\system32\drivers\arc.sys (Adaptec, Inc.) DRV - (iteraid) -- C:\Windows\system32\drivers\iteraid.sys (Integrated Technology Express, Inc.) DRV - (iteatapi) -- C:\Windows\system32\drivers\iteatapi.sys (Integrated Technology Express, Inc.) DRV - (LSI_SAS) -- C:\Windows\system32\drivers\lsi_sas.sys (LSI Logic) DRV - (Symc8xx) -- C:\Windows\system32\drivers\symc8xx.sys (LSI Logic) DRV - (LSI_FC) -- C:\Windows\system32\drivers\lsi_fc.sys (LSI Logic) DRV - (Sym_u3) -- C:\Windows\system32\drivers\sym_u3.sys (LSI Logic) DRV - (Mraid35x) -- C:\Windows\system32\drivers\mraid35x.sys (LSI Logic Corporation) DRV - (Sym_hi) -- C:\Windows\system32\drivers\sym_hi.sys (LSI Logic) DRV - (megasas) -- C:\Windows\system32\drivers\megasas.sys (LSI Logic Corporation) DRV - (viaide) -- C:\Windows\system32\drivers\viaide.sys (VIA Technologies, Inc.) DRV - (cmdide) -- C:\Windows\system32\drivers\cmdide.sys (CMD Technology, Inc.) DRV - (aliide) -- C:\Windows\system32\drivers\aliide.sys (Acer Laboratories Inc.) DRV - (Brserid) Brother MFC Serial Port Interface Driver (WDM) -- C:\Windows\system32\drivers\brserid.sys (Brother Industries Ltd.) DRV - (BrUsbSer) -- C:\Windows\system32\drivers\brusbser.sys (Brother Industries Ltd.) DRV - (BrFiltUp) -- C:\Windows\system32\drivers\brfiltup.sys (Brother Industries, Ltd.) DRV - (BrFiltLo) -- C:\Windows\system32\drivers\brfiltlo.sys (Brother Industries, Ltd.) DRV - (BrSerWdm) -- C:\Windows\system32\drivers\brserwdm.sys (Brother Industries Ltd.) DRV - (BrUsbMdm) -- C:\Windows\system32\drivers\brusbmdm.sys (Brother Industries Ltd.) DRV - (ntrigdigi) -- C:\Windows\system32\drivers\ntrigdigi.sys (N-trig Innovative Technologies) DRV - (yukonwlh) -- C:\Windows\System32\drivers\yk60x86.sys (Marvell) DRV - (E1G60) Intel(R) -- C:\Windows\System32\drivers\E1G60I32.sys (Intel Corporation) DRV - (AsIO) -- C:\Windows\System32\drivers\AsIO.sys () DRV - (MTsensor) -- C:\Windows\System32\drivers\ASACPI.sys () DRV - (speedfan) -- C:\Windows\system32\speedfan.sys (Windows (R) 2000 DDK provider) DRV - (sfsync02) StarForce Protection Synchronization Driver (version 2.x) -- C:\Windows\System32\drivers\sfsync02.sys (Protection Technology) DRV - (sfdrv01a) StarForce Protection Environment Driver (version 1.x.a) -- C:\Windows\System32\drivers\sfdrv01a.sys (Protection Technology (StarForce)) DRV - (sfhlp02) StarForce Protection Helper Driver (version 2.x) -- C:\Windows\System32\drivers\sfhlp02.sys (Protection Technology (StarForce)) DRV - (giveio) -- C:\Windows\system32\giveio.sys () ========== Standard Registry (SafeList) ========== ========== Internet Explorer ========== IE - HKLM\..\URLSearchHook: {872b5b88-9db5-4310-bdd0-ac189557e5f5} - C:\Programme\DVDVideoSoftTB\tbDVDV.dll (Conduit Ltd.) IE - HKLM\..\URLSearchHook: {e9911ec6-1bcc-40b0-9993-e0eea7f6953f} - C:\Programme\DVDVideoSoft\tbDVDV.dll (Conduit Ltd.) IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Prev Search Page = hxxp://www.google.com IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = hxxp://google.icq.com IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://de.ask.com?o=15506&l=dis IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = hxxp://de.msn.com/?ocid=iehp IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = de IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 0E 43 C9 81 10 F8 C9 01 [binary data] IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,StartPageCache = 1 IE - HKCU\..\URLSearchHook: {872b5b88-9db5-4310-bdd0-ac189557e5f5} - C:\Programme\DVDVideoSoftTB\tbDVDV.dll (Conduit Ltd.) IE - HKCU\..\URLSearchHook: {e9911ec6-1bcc-40b0-9993-e0eea7f6953f} - C:\Programme\DVDVideoSoft\tbDVDV.dll (Conduit Ltd.) IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 ========== FireFox ========== FF - prefs.js..browser.search.defaultengine: "Ask.com" FF - prefs.js..browser.search.defaultenginename: "Ask.com" FF - prefs.js..browser.search.defaultthis.engineName: "Search" FF - prefs.js..browser.search.defaulturl: "hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT2269050&SearchSource=3&q={searchTerms}" FF - prefs.js..browser.search.order.1: "Ask.com" FF - prefs.js..browser.search.selectedEngine: "Ask.com" FF - prefs.js..browser.search.useDBForOrder: true FF - prefs.js..browser.startup.homepage: "hxxp://de.ask.com?o=15506&l=dis" FF - prefs.js..extensions.enabledItems: linky@gemal.dk:3.0.0 FF - prefs.js..extensions.enabledItems: {FFA36170-80B1-4535-B0E3-A4569E497DD0}:3.0.0 FF - prefs.js..extensions.enabledItems: {888d99e7-e8b5-46a3-851e-1ec45da1e644}:4.0.0 FF - prefs.js..extensions.enabledItems: text2voice@vik.josh:1.04 FF - prefs.js..extensions.enabledItems: {872b5b88-9db5-4310-bdd0-ac189557e5f5}:2.7.2.0 FF - prefs.js..extensions.enabledItems: {ACAA314B-EEBA-48e4-AD47-84E31C44796C}:1.0.1 FF - prefs.js..extensions.enabledItems: firefox@tvunetworks.com:2 FF - prefs.js..extensions.enabledItems: 5 FF - prefs.js..extensions.enabledItems: 3 FF - prefs.js..extensions.enabledItems: 1 FF - prefs.js..keyword.URL: "hxxp://websearch.ask.com/redirect?client=ff&src=kw&tb=PTF&o=15503&locale=de_DE&apn_uid=11CD7CE0-0802-4096-9918-2B79D823DDB1&apn_ptnrs=LH&apn_sauid=57F84CA6-02ED-4AF7-AF74-0E3E54CEB7FC&apn_dtid=YYYYYYYYDE&q=" FF - HKLM\software\mozilla\3B\Extensions\\Plugins: C:\Program Files\3B\3B Browser\plugins FF - HKLM\software\mozilla\3B\Extensions\\Components: C:\Program Files\3B\3B Browser\components FF - HKLM\software\mozilla\Mozilla Firefox 3.6.12\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2010.11.17 18:07:00 | 000,000,000 | ---D | M] FF - HKLM\software\mozilla\Mozilla Firefox 3.6.12\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2010.11.17 18:07:00 | 000,000,000 | ---D | M] [2009.05.28 17:40:55 | 000,000,000 | ---D | M] -- C:\Users\Fabian\AppData\Roaming\mozilla\Extensions [2009.05.28 17:40:55 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Fabian\AppData\Roaming\mozilla\Extensions\{a463f10c-3994-11da-9945-000d60ca027b} [2010.11.22 20:17:36 | 000,000,000 | ---D | M] -- C:\Users\Fabian\AppData\Roaming\mozilla\Firefox\Profiles\b87ycbqn.default\extensions [2010.10.13 10:23:34 | 000,000,000 | ---D | M] (DVDVideoSoftTB Toolbar) -- C:\Users\Fabian\AppData\Roaming\mozilla\Firefox\Profiles\b87ycbqn.default\extensions\{872b5b88-9db5-4310-bdd0-ac189557e5f5} [2010.07.25 13:37:28 | 000,000,000 | ---D | M] (ReloadEvery) -- C:\Users\Fabian\AppData\Roaming\mozilla\Firefox\Profiles\b87ycbqn.default\extensions\{888d99e7-e8b5-46a3-851e-1ec45da1e644} [2010.07.30 13:32:46 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Fabian\AppData\Roaming\mozilla\Firefox\Profiles\b87ycbqn.default\extensions\{ACAA314B-EEBA-48e4-AD47-84E31C44796C} [2009.11.01 21:00:22 | 000,000,000 | ---D | M] (Mouse Gestures Redox) -- C:\Users\Fabian\AppData\Roaming\mozilla\Firefox\Profiles\b87ycbqn.default\extensions\{FFA36170-80B1-4535-B0E3-A4569E497DD0} [2010.10.15 21:11:52 | 000,000,000 | ---D | M] -- C:\Users\Fabian\AppData\Roaming\mozilla\Firefox\Profiles\b87ycbqn.default\extensions\firefox@tvunetworks.com [2010.02.25 21:53:55 | 000,000,000 | ---D | M] -- C:\Users\Fabian\AppData\Roaming\mozilla\Firefox\Profiles\b87ycbqn.default\extensions\linky@gemal.dk [2010.07.25 13:37:28 | 000,000,000 | ---D | M] -- C:\Users\Fabian\AppData\Roaming\mozilla\Firefox\Profiles\b87ycbqn.default\extensions\text2voice@vik.josh [2009.05.28 18:26:47 | 000,000,000 | ---D | M] -- C:\Users\Fabian\AppData\Roaming\mozilla\Webview\Profiles\5lew9xis.default\extensions [2010.11.01 20:56:43 | 000,002,393 | ---- | M] () -- C:\Users\Fabian\AppData\Roaming\Mozilla\FireFox\Profiles\b87ycbqn.default\searchplugins\askcom.xml [2010.02.12 20:44:49 | 000,000,881 | ---- | M] () -- C:\Users\Fabian\AppData\Roaming\Mozilla\FireFox\Profiles\b87ycbqn.default\searchplugins\conduit.xml [2010.01.08 23:36:25 | 000,001,067 | ---- | M] () -- C:\Users\Fabian\AppData\Roaming\Mozilla\FireFox\Profiles\b87ycbqn.default\searchplugins\icqplugin-1.xml [2010.01.08 23:36:25 | 000,001,067 | ---- | M] () -- C:\Users\Fabian\AppData\Roaming\Mozilla\FireFox\Profiles\b87ycbqn.default\searchplugins\icqplugin-2.xml [2010.01.08 23:36:25 | 000,001,067 | ---- | M] () -- C:\Users\Fabian\AppData\Roaming\Mozilla\FireFox\Profiles\b87ycbqn.default\searchplugins\icqplugin-3.xml [2010.01.08 23:36:25 | 000,001,067 | ---- | M] () -- C:\Users\Fabian\AppData\Roaming\Mozilla\FireFox\Profiles\b87ycbqn.default\searchplugins\icqplugin-4.xml [2010.01.08 23:36:25 | 000,001,067 | ---- | M] () -- C:\Users\Fabian\AppData\Roaming\Mozilla\FireFox\Profiles\b87ycbqn.default\searchplugins\icqplugin-5.xml [2010.01.08 23:36:25 | 000,001,067 | ---- | M] () -- C:\Users\Fabian\AppData\Roaming\Mozilla\FireFox\Profiles\b87ycbqn.default\searchplugins\icqplugin-6.xml [2010.01.08 23:36:25 | 000,001,067 | ---- | M] () -- C:\Users\Fabian\AppData\Roaming\Mozilla\FireFox\Profiles\b87ycbqn.default\searchplugins\icqplugin-7.xml [2010.01.08 23:36:25 | 000,001,067 | ---- | M] () -- C:\Users\Fabian\AppData\Roaming\Mozilla\FireFox\Profiles\b87ycbqn.default\searchplugins\icqplugin-8.xml [2009.03.01 13:02:44 | 000,000,944 | ---- | M] () -- C:\Users\Fabian\AppData\Roaming\Mozilla\FireFox\Profiles\b87ycbqn.default\searchplugins\icqplugin.xml [2010.01.08 23:36:25 | 000,001,990 | ---- | M] () -- C:\Users\Fabian\AppData\Roaming\Mozilla\FireFox\Profiles\b87ycbqn.default\searchplugins\live-search.xml [2010.01.08 23:36:25 | 000,002,152 | ---- | M] () -- C:\Users\Fabian\AppData\Roaming\Mozilla\FireFox\Profiles\b87ycbqn.default\searchplugins\{16D7952D-520A-443C-A9BB-076AD285EC24}.xml [2010.01.08 23:36:25 | 000,002,041 | ---- | M] () -- C:\Users\Fabian\AppData\Roaming\Mozilla\FireFox\Profiles\b87ycbqn.default\searchplugins\{D40089CC-F1EC-4A72-8AC0-DF5721AE9DC7}.xml [2010.01.08 23:36:25 | 000,002,486 | ---- | M] () -- C:\Users\Fabian\AppData\Roaming\Mozilla\FireFox\Profiles\b87ycbqn.default\searchplugins\{E01D02BC-4AD7-45DE-B6B5-8044C43F0042}.xml [2010.01.08 23:36:25 | 000,001,834 | ---- | M] () -- C:\Users\Fabian\AppData\Roaming\Mozilla\FireFox\Profiles\b87ycbqn.default\searchplugins\{F53BF450-400E-4A03-A9DE-735D1BE6B555}.xml [2010.03.17 17:15:06 | 000,000,000 | ---D | M] -- C:\Programme\Mozilla Firefox\extensions [2010.01.10 16:10:55 | 000,000,000 | ---D | M] (No name found) -- C:\Programme\Mozilla Firefox\extensions\{800b5000-a755-47e1-992b-48a1c1357f07} [2008.11.11 08:38:54 | 000,663,552 | ---- | M] (BitComet) -- C:\Programme\Mozilla Firefox\plugins\npBitCometAgent.dll [2010.11.17 18:06:57 | 000,001,392 | ---- | M] () -- C:\Programme\Mozilla Firefox\searchplugins\amazondotcom-de.xml [2010.11.17 18:06:57 | 000,002,344 | ---- | M] () -- C:\Programme\Mozilla Firefox\searchplugins\eBay-de.xml [2010.11.17 18:06:57 | 000,006,805 | ---- | M] () -- C:\Programme\Mozilla Firefox\searchplugins\leo_ende_de.xml [2010.11.17 18:06:57 | 000,001,178 | ---- | M] () -- C:\Programme\Mozilla Firefox\searchplugins\wikipedia-de.xml [2010.11.17 18:06:57 | 000,001,105 | ---- | M] () -- C:\Programme\Mozilla Firefox\searchplugins\yahoo-de.xml O1 HOSTS File: ([2006.09.18 22:41:30 | 000,000,761 | ---- | M]) - C:\Windows\System32\drivers\etc\hosts O1 - Hosts: 127.0.0.1 localhost O1 - Hosts: ::1 localhost O2 - BHO: (Spybot-S&D IE Protection) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Programme\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited) O2 - BHO: (Groove GFS Browser Helper) - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Programme\Microsoft Office\Office12\GrooveShellExtensions.dll (Microsoft Corporation) O2 - BHO: (DVDVideoSoftTB Toolbar) - {872b5b88-9db5-4310-bdd0-ac189557e5f5} - C:\Programme\DVDVideoSoftTB\tbDVDV.dll (Conduit Ltd.) O2 - BHO: (Windows Live Anmelde-Hilfsprogramm) - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Programme\Common Files\microsoft shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corporation) O2 - BHO: (TBSB03968 Class) - {AA61DE26-FA67-4575-9033-918671094293} - C:\Users\Fabian\AppData\Roaming\Toolbars\Toolbar fuer eBay\ebay.dll () O2 - BHO: (MSN Toolbar Helper) - {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - C:\Programme\MSN\Toolbar\3.0.0744.0\msneshellx.dll (Microsoft Corp.) O2 - BHO: (DVDVideoSoft Toolbar) - {e9911ec6-1bcc-40b0-9993-e0eea7f6953f} - C:\Programme\DVDVideoSoft\tbDVDV.dll (Conduit Ltd.) O3 - HKLM\..\Toolbar: (Toolbar fuer eBay) - {000E148C-F7A7-445A-9044-93BF6CE09ECB} - C:\Users\Fabian\AppData\Roaming\Toolbars\Toolbar fuer eBay\ebay.dll () O3 - HKLM\..\Toolbar: (MSN Toolbar) - {1E61ED7C-7CB8-49d6-B9E9-AB4C880C8414} - C:\Programme\MSN\Toolbar\3.0.0744.0\msneshellx.dll (Microsoft Corp.) O3 - HKLM\..\Toolbar: (DVDVideoSoftTB Toolbar) - {872b5b88-9db5-4310-bdd0-ac189557e5f5} - C:\Programme\DVDVideoSoftTB\tbDVDV.dll (Conduit Ltd.) O3 - HKLM\..\Toolbar: (no name) - {D4027C7F-154A-4066-A1AD-4243D8127440} - No CLSID value found. O3 - HKLM\..\Toolbar: (DVDVideoSoft Toolbar) - {e9911ec6-1bcc-40b0-9993-e0eea7f6953f} - C:\Programme\DVDVideoSoft\tbDVDV.dll (Conduit Ltd.) O3 - HKCU\..\Toolbar\WebBrowser: (Toolbar fuer eBay) - {000E148C-F7A7-445A-9044-93BF6CE09ECB} - C:\Users\Fabian\AppData\Roaming\Toolbars\Toolbar fuer eBay\ebay.dll () O3 - HKCU\..\Toolbar\WebBrowser: (DVDVideoSoftTB Toolbar) - {872B5B88-9DB5-4310-BDD0-AC189557E5F5} - C:\Programme\DVDVideoSoftTB\tbDVDV.dll (Conduit Ltd.) O3 - HKCU\..\Toolbar\WebBrowser: (DVDVideoSoft Toolbar) - {E9911EC6-1BCC-40B0-9993-E0EEA7F6953F} - C:\Programme\DVDVideoSoft\tbDVDV.dll (Conduit Ltd.) O4 - HKLM..\Run: [avgnt] C:\Program Files\Avira\AntiVir Desktop\avgnt.exe (Avira GmbH) O4 - HKLM..\Run: [ Malwarebytes Anti-Malware (reboot)] C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe (Malwarebytes Corporation) O4 - HKLM..\Run: [NvCplDaemon] C:\Windows\System32\NvCpl.DLL (NVIDIA Corporation) O4 - HKLM..\Run: [NvMediaCenter] C:\Windows\System32\NvMcTray.DLL (NVIDIA Corporation) O4 - HKLM..\Run: [Ocs_SM] C:\Users\Fabian\AppData\Roaming\OCS\SM\SearchAnonymizer.exe () O4 - HKLM..\Run: [Salmosa] C:\Programme\Razer\Salmosa\razerhid.exe () O4 - HKLM..\Run: [Start WingMan Profiler] C:\Program Files\Logitech\Gaming Software\LWEMon.exe (Logitech Inc.) O4 - HKCU..\Run: [WMPNSCFG] C:\Programme\Windows Media Player\wmpnscfg.exe (Microsoft Corporation) O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 149 O8 - Extra context menu item: Nach Microsoft E&xel exportieren - C:\Programme\Microsoft Office\Office12\EXCEL.EXE (Microsoft Corporation) O9 - Extra Button: In Blog veröffentlichen - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Programme\Windows Live\Writer\WriterBrowserExtension.dll (Microsoft Corporation) O9 - Extra 'Tools' menuitem : In Windows Live Writer in Blog veröffentliche&n - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Programme\Windows Live\Writer\WriterBrowserExtension.dll (Microsoft Corporation) O9 - Extra Button: An OneNote senden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Programme\Microsoft Office\Office12\ONBttnIE.dll (Microsoft Corporation) O9 - Extra 'Tools' menuitem : An OneNote s&enden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Programme\Microsoft Office\Office12\ONBttnIE.dll (Microsoft Corporation) O9 - Extra Button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\Programme\Microsoft Office\Office12\REFIEBAR.DLL (Microsoft Corporation) O9 - Extra Button: ICQ Lite - {B863453A-26C3-4e1f-A54D-A2CD196348E9} - C:\Program Files\ICQLite\ICQLite.exe File not found O9 - Extra 'Tools' menuitem : ICQ Lite - {B863453A-26C3-4e1f-A54D-A2CD196348E9} - C:\Program Files\ICQLite\ICQLite.exe File not found O9 - Extra 'Tools' menuitem : Spybot - Search && Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Programme\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited) O9 - Extra Button: ICQ6 - {E59EB121-F339-4851-A3BA-FE49C35617C2} - C:\Programme\ICQ6.5\ICQ.exe (ICQ, LLC.) O9 - Extra 'Tools' menuitem : ICQ6 - {E59EB121-F339-4851-A3BA-FE49C35617C2} - C:\Programme\ICQ6.5\ICQ.exe (ICQ, LLC.) O13 - gopher Prefix: missing O16 - DPF: {5D6F45B3-9043-443D-A792-115447494D24} hxxp://messenger.zone.msn.com/DE-DE/a-UNO1/GAME_UNO1.cab (UnoCtrl Class) O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_17-windows-i586.cab (Java Plug-in 1.6.0_17) O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} hxxp://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab56907.cab (MessengerStatsClient Class) O16 - DPF: {CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_07-windows-i586.cab (Java Plug-in 1.6.0_07) O16 - DPF: {CAFEEFAC-0016-0000-0017-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_17-windows-i586.cab (Java Plug-in 1.6.0_17) O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_17-windows-i586.cab (Java Plug-in 1.6.0_17) O16 - DPF: {D0C0F75C-683A-4390-A791-1ACFD5599AB8} hxxp://icq.oberon-media.com/Gameshell/GameHost/1.0/OberonGameHost.cab (Oberon Flash Game Host) O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} hxxp://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab (Shockwave Flash Object) O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab (Reg Error: Key error.) O18 - Protocol\Handler\grooveLocalGWS {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\Programme\Microsoft Office\Office12\GrooveSystemServices.dll (Microsoft Corporation) O18 - Protocol\Handler\http\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation) O18 - Protocol\Handler\http\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation) O18 - Protocol\Handler\https\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation) O18 - Protocol\Handler\https\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation) O18 - Protocol\Handler\livecall {828030A1-22C1-4009-854F-8E305202313F} - C:\Programme\Windows Live\Messenger\msgrapp.14.0.8089.0726.dll (Microsoft Corporation) O18 - Protocol\Handler\msdaipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation) O18 - Protocol\Handler\msdaipp\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation) O18 - Protocol\Handler\ms-help {314111c7-a502-11d2-bbca-00c04f8ec294} - C:\Programme\Common Files\microsoft shared\Help\hxds.dll (Microsoft Corporation) O18 - Protocol\Handler\ms-itss {0A9007C0-4076-11D3-8789-0000F8105754} - C:\Programme\Common Files\microsoft shared\Information Retrieval\msitss.dll (Microsoft Corporation) O18 - Protocol\Handler\msnim {828030A1-22C1-4009-854F-8E305202313F} - C:\Programme\Windows Live\Messenger\msgrapp.14.0.8089.0726.dll (Microsoft Corporation) O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Programme\Common Files\Skype\Skype4COM.dll (Skype Technologies) O18 - Protocol\Handler\wlmailhtml {03C514A3-1EFB-4856-9F99-10D7BE1653C0} - C:\Programme\Windows Live\Mail\mailcomm.dll (Microsoft Corporation) O18 - Protocol\Filter\text/xml {807563E5-5146-11D5-A672-00B0D022E945} - C:\Programme\Common Files\microsoft shared\OFFICE12\MSOXMLMF.DLL (Microsoft Corporation) O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation) O24 - Desktop WallPaper: C:\Users\Fabian\Pictures\Opel\astra_opc_07.jpg O24 - Desktop BackupWallPaper: C:\Users\Fabian\Pictures\Opel\astra_opc_07.jpg O28 - HKLM ShellExecuteHooks: {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - C:\Programme\Microsoft Office\Office12\GrooveShellExtensions.dll (Microsoft Corporation) O32 - HKLM CDRom: AutoRun - 1 O32 - AutoRun File - [2006.09.18 22:43:36 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ] O32 - AutoRun File - [2008.03.13 21:39:50 | 000,000,070 | R--- | M] () - E:\Autorun.inf -- [ CDFS ] O33 - MountPoints2\{36bd1806-9d03-11dd-9b6b-0015af0f71e4}\Shell - "" = AutoRun O33 - MountPoints2\{36bd1806-9d03-11dd-9b6b-0015af0f71e4}\Shell\AutoRun\command - "" = E:\setup.exe -- [2008.03.13 19:33:06 | 000,323,584 | R--- | M] (Vodafone) O33 - MountPoints2\{437a1e9b-1821-11dc-86fa-0015af0f71e4}\Shell - "" = AutoRun O33 - MountPoints2\{437a1e9b-1821-11dc-86fa-0015af0f71e4}\Shell\AutoRun\command - "" = F:\autorun.exe -- File not found O33 - MountPoints2\{5242290c-ddb7-11dd-b17f-806e6f6e6963}\Shell - "" = AutoRun O33 - MountPoints2\{5242290c-ddb7-11dd-b17f-806e6f6e6963}\Shell\AutoRun\command - "" = E:\setup.exe -- [2008.03.13 19:33:06 | 000,323,584 | R--- | M] (Vodafone) O33 - MountPoints2\{717be4ed-fdf1-11de-9557-806e6f6e6963}\Shell - "" = AutoRun O33 - MountPoints2\{717be4ed-fdf1-11de-9557-806e6f6e6963}\Shell\AutoRun\command - "" = G:\setup.exe -- File not found O33 - MountPoints2\{74df503e-58cf-11de-b5f1-002215817f78}\Shell - "" = AutoRun O33 - MountPoints2\{74df503e-58cf-11de-b5f1-002215817f78}\Shell\AutoRun\command - "" = F:\setup.exe -- File not found O33 - MountPoints2\{74df503f-58cf-11de-b5f1-002215817f78}\Shell - "" = AutoRun O33 - MountPoints2\{74df503f-58cf-11de-b5f1-002215817f78}\Shell\AutoRun\command - "" = E:\setup.exe -- [2008.03.13 19:33:06 | 000,323,584 | R--- | M] (Vodafone) O33 - MountPoints2\{76221c49-1a42-11de-8110-0022156ea7d8}\Shell\Open\command - "" = resycled\ntldr.com g: O33 - MountPoints2\{81506faf-008e-11d6-b7d2-af3a5cb6d4fa}\Shell - "" = AutoRun O33 - MountPoints2\{81506faf-008e-11d6-b7d2-af3a5cb6d4fa}\Shell\AutoRun\command - "" = F:\setup.exe -- File not found O33 - MountPoints2\{81506fb0-008e-11d6-b7d2-af3a5cb6d4fa}\Shell - "" = AutoRun O33 - MountPoints2\{81506fb0-008e-11d6-b7d2-af3a5cb6d4fa}\Shell\AutoRun\command - "" = F:\setup.exe -- File not found O33 - MountPoints2\{82fa176f-62c9-11dc-9cf2-806e6f6e6963}\Shell - "" = AutoRun O33 - MountPoints2\{82fa176f-62c9-11dc-9cf2-806e6f6e6963}\Shell\AutoRun\command - "" = D:\autorun.exe -- File not found O33 - MountPoints2\{9cdc8d64-4655-11df-a7f2-a435c0b612f3}\Shell - "" = AutoRun O33 - MountPoints2\{9cdc8d64-4655-11df-a7f2-a435c0b612f3}\Shell\AutoRun\command - "" = E:\setup.exe -- [2008.03.13 19:33:06 | 000,323,584 | R--- | M] (Vodafone) O33 - MountPoints2\{9cdc8d66-4655-11df-a7f2-a435c0b612f3}\Shell - "" = AutoRun O33 - MountPoints2\{9cdc8d66-4655-11df-a7f2-a435c0b612f3}\Shell\AutoRun\command - "" = E:\setup.exe -- [2008.03.13 19:33:06 | 000,323,584 | R--- | M] (Vodafone) O33 - MountPoints2\{af13677f-a8cf-11dd-83f2-0015af0f71e4}\Shell - "" = AutoRun O33 - MountPoints2\{af13677f-a8cf-11dd-83f2-0015af0f71e4}\Shell\AutoRun\command - "" = F:\setup.exe -- File not found O33 - MountPoints2\{af1367d7-a8cf-11dd-83f2-0015af0f71e4}\Shell - "" = AutoRun O33 - MountPoints2\{af1367d7-a8cf-11dd-83f2-0015af0f71e4}\Shell\AutoRun\command - "" = F:\setup.exe -- File not found O33 - MountPoints2\{aff9b0a2-24b0-11dc-a864-001a929e05cc}\Shell\AutoRun\command - "" = F:\.\Recycled\Driveinfo.exe -- File not found O33 - MountPoints2\{aff9b0a2-24b0-11dc-a864-001a929e05cc}\Shell\Open\Command - "" = F:\.\Recycled\Driveinfo.exe -- File not found O33 - MountPoints2\{eaefd989-fe44-11d5-a49b-002215817f78}\Shell - "" = AutoRun O33 - MountPoints2\{eaefd989-fe44-11d5-a49b-002215817f78}\Shell\AutoRun\command - "" = E:\setup.exe -- [2008.03.13 19:33:06 | 000,323,584 | R--- | M] (Vodafone) O33 - MountPoints2\{fad34269-a452-11de-b2c3-002215817f78}\Shell - "" = AutoRun O33 - MountPoints2\{fad34269-a452-11de-b2c3-002215817f78}\Shell\AutoRun\command - "" = E:\setup.exe -- [2008.03.13 19:33:06 | 000,323,584 | R--- | M] (Vodafone) O33 - MountPoints2\E\Shell - "" = AutoRun O33 - MountPoints2\E\Shell\AutoRun\command - "" = E:\setup.exe -- [2008.03.13 19:33:06 | 000,323,584 | R--- | M] (Vodafone) O33 - MountPoints2\F\Shell - "" = AutoRun O33 - MountPoints2\F\Shell\AutoRun\command - "" = F:\setup.exe -- File not found O33 - MountPoints2\G\Shell - "" = AutoRun O33 - MountPoints2\G\Shell\AutoRun\command - "" = G:\setup.exe -- File not found O34 - HKLM BootExecute: (autocheck autochk *) - File not found O34 - HKLM BootExecute: (OODBS) - C:\Windows\System32\OODBS.exe (O&O Software GmbH) O34 - HKLM BootExecute: (lsdelete) - C:\Windows\System32\lsdelete.exe () O35 - HKLM\..comfile [open] -- "%1" %* O35 - HKLM\..exefile [open] -- "%1" %* O37 - HKLM\...com [@ = comfile] -- "%1" %* O37 - HKLM\...exe [@ = exefile] -- "%1" %* ========== Files/Folders - Created Within 30 Days ========== [2010.11.23 12:34:27 | 000,575,488 | ---- | C] (OldTimer Tools) -- C:\Users\Fabian\Desktop\OTL.exe [2010.11.23 12:21:44 | 000,388,608 | ---- | C] (Trend Micro Inc.) -- C:\Users\Fabian\Desktop\HiJackThis204.exe [2010.11.22 20:33:21 | 000,000,000 | ---D | C] -- C:\Users\Fabian\Desktop\Musik [2010.11.20 00:55:43 | 000,038,224 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbamswissarmy.sys [2010.11.20 00:55:42 | 000,020,952 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbam.sys [2010.11.20 00:54:05 | 006,153,352 | ---- | C] (Malwarebytes Corporation ) -- C:\Users\Fabian\Desktop\mbam146-setup.exe [2010.11.19 21:14:30 | 000,064,288 | ---- | C] (Lavasoft AB) -- C:\Windows\System32\drivers\Lbd.sys [2010.11.19 21:14:27 | 000,098,392 | ---- | C] (Sunbelt Software) -- C:\Windows\System32\drivers\SBREDrv.sys [2010.11.19 21:08:59 | 000,000,000 | ---D | C] -- C:\Users\Fabian\AppData\Local\Sunbelt Software [2010.11.19 20:59:21 | 000,000,000 | -H-D | C] -- C:\ProgramData\{E961CE1B-C3EA-4882-9F67-F859B555D097} [2010.11.19 20:58:57 | 000,000,000 | ---D | C] -- C:\Programme\Lavasoft [2010.11.19 20:58:57 | 000,000,000 | ---D | C] -- C:\ProgramData\Lavasoft [2010.11.19 20:53:05 | 133,432,520 | ---- | C] (Lavasoft ) -- C:\Users\Fabian\Desktop\Ad-AwareInstall-833.exe [2010.11.19 17:24:06 | 016,409,960 | ---- | C] (Safer Networking Limited ) -- C:\Users\Fabian\Desktop\spybotsd162.exe [2010.11.18 22:50:55 | 000,000,000 | ---D | C] -- C:\Users\Fabian\Desktop\1224146592hqlm2 [2010.11.18 22:49:14 | 000,000,000 | ---D | C] -- C:\Users\Fabian\Desktop\1167043196_71_amc_matador_taxi [2010.11.18 22:42:37 | 000,000,000 | ---D | C] -- C:\Users\Fabian\Desktop\1250783604_SA_1994_Ford_Crown_Victoria_Taxi_by_BR [2010.11.18 22:42:14 | 000,000,000 | ---D | C] -- C:\Users\Fabian\Desktop\BackUp [2010.11.18 20:30:33 | 000,000,000 | ---D | C] -- C:\Users\Fabian\Desktop\Mods [2010.11.18 20:26:26 | 000,224,016 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\TabCtl32.ocx [2010.11.18 20:22:55 | 000,000,000 | ---D | C] -- C:\Users\Fabian\Desktop\San_Andreas_Control_Center_v211 [2010.11.17 18:54:55 | 000,000,000 | ---D | C] -- C:\Users\Fabian\Desktop\SAStreamMemFix v.3 [2010.11.17 18:39:30 | 000,000,000 | ---D | C] -- C:\Users\Fabian\Desktop\asiloader [2010.11.17 18:30:33 | 000,000,000 | ---D | C] -- C:\Users\Fabian\AppData\Local\Mato_Technologies [2010.11.17 18:26:47 | 000,000,000 | ---D | C] -- C:\Users\Fabian\Desktop\IMG-Manager-V.1.5 [2010.11.17 18:21:48 | 000,000,000 | ---D | C] -- C:\Programme\SRT3 V1.7 [2010.11.16 22:41:06 | 660,927,285 | ---- | C] (BLITZ ARCADE ) -- C:\Users\Fabian\Desktop\2010_03_22_SRT3_MOD.exe [2010.10.29 16:13:47 | 000,000,000 | ---D | C] -- C:\Users\Fabian\Tracing [2010.10.28 23:23:34 | 000,000,000 | ---D | C] -- C:\Users\Fabian\Desktop\Foto [2010.10.28 22:04:54 | 000,000,000 | ---D | C] -- C:\Users\Fabian\Desktop\Papa Stick [2010.10.28 21:07:50 | 000,000,000 | ---D | C] -- C:\Users\Fabian\Desktop\Kunst [2010.10.28 20:59:21 | 000,000,000 | ---D | C] -- C:\Users\Fabian\AppData\Roaming\PhotoFiltre [2010.10.28 20:58:54 | 000,000,000 | ---D | C] -- C:\Programme\PhotoFiltre [2010.10.28 18:25:51 | 000,000,000 | ---D | C] -- C:\Users\Fabian\Desktop\Neuer Ordner [2010.10.28 18:25:42 | 000,000,000 | ---D | C] -- C:\Users\Fabian\Desktop\Fabi [2010.10.28 18:15:43 | 000,000,000 | -HSD | C] -- C:\Users\Fabian\AppData\Roaming\jh87uhnoe3 [2010.06.22 17:37:07 | 000,072,224 | ---- | C] (Martin Pesch) -- C:\Programme\mp3DirectCut.exe [2010.01.09 13:48:43 | 000,184,320 | ---- | C] ( ) -- C:\Windows\System32\rsnp2uvc.dll [2010.01.09 13:48:43 | 000,176,128 | ---- | C] ( ) -- C:\Windows\System32\csnp2uvc.dll [2008.12.09 15:04:28 | 027,580,296 | ---- | C] ( ) -- C:\Programme\AdbeRdr90_de_DE.exe [2007.08.13 17:46:00 | 000,102,912 | ---- | C] (Albert L Faber) -- C:\Users\Fabian\AppData\Local\CDRip.dll [2007.01.18 21:09:54 | 000,623,616 | ---- | C] (Ivan Bischof ©2003 - 2005) -- C:\Users\Fabian\AppData\Local\No23 Recorder.exe [2006.12.11 19:13:14 | 000,013,872 | ---- | C] (Un4seen Developments) -- C:\Users\Fabian\AppData\Local\basscd.dll [2006.12.11 19:13:12 | 000,097,336 | ---- | C] (Un4seen Developments) -- C:\Users\Fabian\AppData\Local\bass.dll [2 C:\Windows\System32\*.tmp files -> C:\Windows\System32\*.tmp -> ] ========== Files - Modified Within 30 Days ========== [2010.11.23 13:04:24 | 003,757,489 | ---- | M] () -- C:\Users\Fabian\Desktop\PB230066.JPG [2010.11.23 12:45:15 | 000,000,420 | -H-- | M] () -- C:\Windows\tasks\User_Feed_Synchronization-{96A16510-0F25-41F6-A1C5-B3B8D56AE797}.job [2010.11.23 12:44:59 | 000,000,394 | -H-- | M] () -- C:\Windows\tasks\User_Feed_Synchronization-{60E70999-78D0-41AB-8805-04CC34877BB3}.job [2010.11.23 12:34:28 | 000,575,488 | ---- | M] (OldTimer Tools) -- C:\Users\Fabian\Desktop\OTL.exe [2010.11.23 12:26:01 | 000,001,122 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-600222665-2756014500-3235698655-1001UA.job [2010.11.23 12:21:46 | 000,388,608 | ---- | M] (Trend Micro Inc.) -- C:\Users\Fabian\Desktop\HiJackThis204.exe [2010.11.23 12:00:36 | 000,376,692 | ---- | M] () -- C:\Windows\System32\perfh009.dat [2010.11.23 12:00:36 | 000,264,200 | ---- | M] () -- C:\Windows\System32\perfh007.dat [2010.11.23 12:00:36 | 000,079,724 | ---- | M] () -- C:\Windows\System32\perfc007.dat [2010.11.23 12:00:36 | 000,061,200 | ---- | M] () -- C:\Windows\System32\perfc009.dat [2010.11.23 11:55:15 | 000,000,250 | ---- | M] () -- C:\Windows\tasks\RtlVistaStart.job [2010.11.23 11:55:05 | 000,000,370 | ---- | M] () -- C:\Windows\tasks\Ad-Aware Update (Weekly).job [2010.11.23 11:54:50 | 000,004,432 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0 [2010.11.23 11:54:50 | 000,004,432 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0 [2010.11.23 11:54:38 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat [2010.11.23 11:54:35 | 2146,484,224 | -HS- | M] () -- C:\hiberfil.sys [2010.11.23 11:54:34 | 000,127,600 | ---- | M] () -- C:\Windows\System32\oodbs.lor [2010.11.22 20:26:00 | 000,001,070 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-600222665-2756014500-3235698655-1001Core.job [2010.11.21 18:21:49 | 000,010,758 | ---- | M] () -- C:\Users\Fabian\Desktop\GELD!!!.xlsx [2010.11.20 01:12:51 | 000,062,831 | ---- | M] () -- C:\Users\Fabian\Desktop\Aufzeichnen.JPG [2010.11.20 00:55:46 | 000,000,818 | ---- | M] () -- C:\Users\Public\Desktop\Malwarebytes' Anti-Malware.lnk [2010.11.20 00:54:16 | 006,153,352 | ---- | M] (Malwarebytes Corporation ) -- C:\Users\Fabian\Desktop\mbam146-setup.exe [2010.11.19 21:14:27 | 000,098,392 | ---- | M] (Sunbelt Software) -- C:\Windows\System32\drivers\SBREDrv.sys [2010.11.19 21:10:50 | 004,309,540 | ---- | M] () -- C:\Users\Fabian\Desktop\STEG USRMAN 2CH.pdf [2010.11.19 20:59:18 | 000,001,015 | ---- | M] () -- C:\Users\Public\Desktop\Ad-Aware.lnk [2010.11.19 20:57:47 | 133,432,520 | ---- | M] (Lavasoft ) -- C:\Users\Fabian\Desktop\Ad-AwareInstall-833.exe [2010.11.19 17:30:52 | 005,535,216 | ---- | M] () -- C:\Users\Fabian\Desktop\San_Andreas_Control_Center_v211.zip [2010.11.19 17:29:50 | 000,293,184 | ---- | M] () -- C:\Users\Fabian\Desktop\SoftonicDownloader_fuer_ad-aware-free-internet-security.exe [2010.11.19 17:29:20 | 000,001,055 | ---- | M] () -- C:\Users\Fabian\Desktop\Spybot - Search & Destroy.lnk [2010.11.19 17:24:58 | 016,409,960 | ---- | M] (Safer Networking Limited ) -- C:\Users\Fabian\Desktop\spybotsd162.exe [2010.11.19 17:17:16 | 000,000,392 | ---- | M] () -- C:\Windows\tasks\1-Klick-Wartung.job [2010.11.19 00:11:09 | 000,079,684 | ---- | M] () -- C:\Users\Fabian\Desktop\Postident_Basic_Hitmeister.pdf [2010.11.19 00:00:28 | 000,000,372 | ---- | M] () -- C:\Windows\tasks\NeroLiveEpgUpdate-Fabian-PC_Fabian.job [2010.11.18 22:50:48 | 001,315,898 | ---- | M] () -- C:\Users\Fabian\Desktop\1224146592hqlm2.rar [2010.11.18 22:47:06 | 000,914,787 | ---- | M] () -- C:\Users\Fabian\Desktop\1196595824_SA_AMC_Matador71Final.rar [2010.11.18 22:46:18 | 002,006,443 | ---- | M] () -- C:\Users\Fabian\Desktop\1167043196_71_amc_matador_taxi.rar [2010.11.18 22:42:03 | 001,883,346 | ---- | M] () -- C:\Users\Fabian\Desktop\1250783604_SA_1994_Ford_Crown_Victoria_Taxi_by_BR.rar [2010.11.18 22:07:51 | 000,012,052 | ---- | M] () -- C:\Users\Fabian\Desktop\23rjpsy.jpg [2010.11.17 21:28:27 | 000,051,200 | ---- | M] () -- C:\Users\Fabian\Desktop\Inhaltsangabe 3.0.doc [2010.11.17 18:53:53 | 004,819,921 | ---- | M] () -- C:\Users\Fabian\Desktop\SAStreamMemFix v.3.rar [2010.11.17 18:39:15 | 000,039,768 | ---- | M] () -- C:\Users\Fabian\Desktop\asiloader.rar [2010.11.17 18:25:11 | 000,483,670 | ---- | M] () -- C:\Users\Fabian\Desktop\IMG-Manager-V.1.5.rar [2010.11.16 23:15:10 | 660,927,285 | ---- | M] (BLITZ ARCADE ) -- C:\Users\Fabian\Desktop\2010_03_22_SRT3_MOD.exe [2010.11.16 22:39:13 | 152,698,058 | ---- | M] () -- C:\Users\Fabian\Desktop\2010_03_22_SRT3_MOD[gta-worldmods.de].rar [2010.11.15 20:29:33 | 000,231,936 | ---- | M] () -- C:\Users\Fabian\Desktop\Verhältnissen in Deutschland zwischen 1898 1.0.doc [2010.11.15 20:29:17 | 000,070,144 | ---- | M] () -- C:\Users\Fabian\Desktop\Inhaltsangabe 2.0.doc [2010.11.15 18:45:34 | 000,000,162 | -H-- | M] () -- C:\Users\Fabian\Desktop\~$r gute Mensch.docx [2010.11.15 18:31:38 | 000,069,632 | ---- | M] () -- C:\Users\Fabian\Desktop\Inhaltsangabe 1.1.doc [2010.11.15 18:03:00 | 000,050,688 | ---- | M] () -- C:\Users\Fabian\Desktop\Inhaltsangabe.doc [2010.11.14 21:18:41 | 000,032,545 | ---- | M] () -- C:\Users\Fabian\Desktop\Der gute Mensch.docx [2010.11.10 20:55:20 | 000,062,232 | ---- | M] () -- C:\Users\Fabian\Desktop\janno.JPG [2010.11.09 21:04:30 | 003,156,480 | ---- | M] () -- C:\Users\Fabian\Desktop\sadasdfsdgdfhzugkyddfgudfhgfhbhghhthjk.doc [2010.11.07 21:15:19 | 000,009,893 | ---- | M] () -- C:\Users\Fabian\Desktop\Musikerkennung.docx [2010.11.07 20:05:05 | 000,111,328 | ---- | M] () -- C:\Users\Fabian\Desktop\Fktuntesuch. bei realen Prozessen.pdf [2010.11.07 20:04:41 | 000,045,489 | ---- | M] () -- C:\Users\Fabian\Desktop\Extremwertaufgaben.pdf [2010.11.06 00:32:34 | 000,010,842 | ---- | M] () -- C:\Users\Fabian\Documents\Hi.docx [2010.11.04 20:45:17 | 000,023,552 | ---- | M] () -- C:\Users\Fabian\Desktop\Khanh.doc [2010.10.31 18:47:29 | 000,022,755 | ---- | M] () -- C:\Users\Fabian\Desktop\Raveland.JPG [2010.10.29 18:28:12 | 000,171,838 | ---- | M] () -- C:\Users\Fabian\Desktop\FUN.jpg [2010.10.29 18:26:59 | 000,031,295 | ---- | M] () -- C:\Users\Fabian\Desktop\aroute.JPG [2010.10.29 18:24:32 | 000,166,656 | ---- | M] () -- C:\Users\Fabian\Desktop\richtige karte.JPG [2010.10.29 17:05:54 | 000,089,740 | ---- | M] () -- C:\Users\Fabian\Desktop\bfsnj.jpg [2010.10.28 22:43:20 | 000,179,200 | ---- | M] () -- C:\Users\Fabian\Desktop\Dok1.doc [2010.10.28 20:58:55 | 000,000,840 | ---- | M] () -- C:\Users\Fabian\Desktop\PhotoFiltre.lnk [2010.10.28 20:58:13 | 004,118,294 | ---- | M] () -- C:\Users\Fabian\Desktop\pf-setup-en.exe [2010.10.28 20:54:09 | 002,880,162 | ---- | M] () -- C:\Users\Fabian\Desktop\PA280145.JPG [2010.10.28 20:53:22 | 003,104,142 | ---- | M] () -- C:\Users\Fabian\Desktop\PA280142.JPG [2010.10.28 19:59:10 | 000,679,424 | ---- | M] () -- C:\Users\Fabian\Desktop\Collage.doc [2010.10.28 19:53:26 | 000,008,158 | ---- | M] () -- C:\Users\Fabian\Desktop\studio-kugel-geschaeftsmann_~jl_012150_6924.jpg [2010.10.28 18:28:35 | 000,002,430 | ---- | M] () -- C:\Users\Fabian\Desktop\raus.jpg [2010.10.24 15:47:41 | 000,053,658 | ---- | M] () -- C:\Users\Fabian\Desktop\Steg K2.01.JPG [2 C:\Windows\System32\*.tmp files -> C:\Windows\System32\*.tmp -> ] ========== Files Created - No Company Name ========== [2010.11.23 13:04:24 | 003,757,489 | ---- | C] () -- C:\Users\Fabian\Desktop\PB230066.JPG [2010.11.23 11:55:05 | 000,000,370 | ---- | C] () -- C:\Windows\tasks\Ad-Aware Update (Weekly).job [2010.11.20 01:12:47 | 000,062,831 | ---- | C] () -- C:\Users\Fabian\Desktop\Aufzeichnen.JPG [2010.11.20 00:55:46 | 000,000,818 | ---- | C] () -- C:\Users\Public\Desktop\Malwarebytes' Anti-Malware.lnk [2010.11.19 23:43:50 | 000,015,880 | ---- | C] () -- C:\Windows\System32\lsdelete.exe [2010.11.19 21:10:30 | 004,309,540 | ---- | C] () -- C:\Users\Fabian\Desktop\STEG USRMAN 2CH.pdf [2010.11.19 20:59:18 | 000,001,015 | ---- | C] () -- C:\Users\Public\Desktop\Ad-Aware.lnk [2010.11.19 17:29:47 | 000,293,184 | ---- | C] () -- C:\Users\Fabian\Desktop\SoftonicDownloader_fuer_ad-aware-free-internet-security.exe [2010.11.19 17:29:20 | 000,001,055 | ---- | C] () -- C:\Users\Fabian\Desktop\Spybot - Search & Destroy.lnk [2010.11.19 00:11:09 | 000,079,684 | ---- | C] () -- C:\Users\Fabian\Desktop\Postident_Basic_Hitmeister.pdf [2010.11.18 22:50:44 | 001,315,898 | ---- | C] () -- C:\Users\Fabian\Desktop\1224146592hqlm2.rar [2010.11.18 22:47:05 | 000,914,787 | ---- | C] () -- C:\Users\Fabian\Desktop\1196595824_SA_AMC_Matador71Final.rar [2010.11.18 22:46:13 | 002,006,443 | ---- | C] () -- C:\Users\Fabian\Desktop\1167043196_71_amc_matador_taxi.rar [2010.11.18 22:41:58 | 001,883,346 | ---- | C] () -- C:\Users\Fabian\Desktop\1250783604_SA_1994_Ford_Crown_Victoria_Taxi_by_BR.rar [2010.11.18 22:07:50 | 000,012,052 | ---- | C] () -- C:\Users\Fabian\Desktop\23rjpsy.jpg [2010.11.18 20:22:33 | 005,535,216 | ---- | C] () -- C:\Users\Fabian\Desktop\San_Andreas_Control_Center_v211.zip [2010.11.17 21:28:25 | 000,051,200 | ---- | C] () -- C:\Users\Fabian\Desktop\Inhaltsangabe 3.0.doc [2010.11.17 18:53:25 | 004,819,921 | ---- | C] () -- C:\Users\Fabian\Desktop\SAStreamMemFix v.3.rar [2010.11.17 18:37:14 | 000,039,768 | ---- | C] () -- C:\Users\Fabian\Desktop\asiloader.rar [2010.11.17 18:23:50 | 000,483,670 | ---- | C] () -- C:\Users\Fabian\Desktop\IMG-Manager-V.1.5.rar [2010.11.16 22:28:13 | 152,698,058 | ---- | C] () -- C:\Users\Fabian\Desktop\2010_03_22_SRT3_MOD[gta-worldmods.de].rar [2010.11.15 20:29:32 | 000,231,936 | ---- | C] () -- C:\Users\Fabian\Desktop\Verhältnissen in Deutschland zwischen 1898 1.0.doc [2010.11.15 20:29:17 | 000,070,144 | ---- | C] () -- C:\Users\Fabian\Desktop\Inhaltsangabe 2.0.doc [2010.11.15 18:45:34 | 000,000,162 | -H-- | C] () -- C:\Users\Fabian\Desktop\~$r gute Mensch.docx [2010.11.15 18:31:06 | 000,069,632 | ---- | C] () -- C:\Users\Fabian\Desktop\Inhaltsangabe 1.1.doc [2010.11.15 18:03:00 | 000,050,688 | ---- | C] () -- C:\Users\Fabian\Desktop\Inhaltsangabe.doc [2010.11.14 21:18:40 | 000,032,545 | ---- | C] () -- C:\Users\Fabian\Desktop\Der gute Mensch.docx [2010.11.10 20:55:17 | 000,062,232 | ---- | C] () -- C:\Users\Fabian\Desktop\janno.JPG [2010.11.09 21:04:28 | 003,156,480 | ---- | C] () -- C:\Users\Fabian\Desktop\sadasdfsdgdfhzugkyddfgudfhgfhbhghhthjk.doc [2010.11.07 21:15:19 | 000,009,893 | ---- | C] () -- C:\Users\Fabian\Desktop\Musikerkennung.docx [2010.11.07 20:05:05 | 000,111,328 | ---- | C] () -- C:\Users\Fabian\Desktop\Fktuntesuch. bei realen Prozessen.pdf [2010.11.07 20:04:39 | 000,045,489 | ---- | C] () -- C:\Users\Fabian\Desktop\Extremwertaufgaben.pdf [2010.11.06 00:32:33 | 000,010,842 | ---- | C] () -- C:\Users\Fabian\Documents\Hi.docx [2010.11.04 20:45:15 | 000,023,552 | ---- | C] () -- C:\Users\Fabian\Desktop\Khanh.doc [2010.10.31 18:47:26 | 000,022,755 | ---- | C] () -- C:\Users\Fabian\Desktop\Raveland.JPG [2010.10.29 18:28:12 | 000,171,838 | ---- | C] () -- C:\Users\Fabian\Desktop\FUN.jpg [2010.10.29 18:26:57 | 000,031,295 | ---- | C] () -- C:\Users\Fabian\Desktop\aroute.JPG [2010.10.29 18:24:30 | 000,166,656 | ---- | C] () -- C:\Users\Fabian\Desktop\richtige karte.JPG [2010.10.29 17:05:47 | 000,089,740 | ---- | C] () -- C:\Users\Fabian\Desktop\bfsnj.jpg [2010.10.28 22:43:19 | 000,179,200 | ---- | C] () -- C:\Users\Fabian\Desktop\Dok1.doc [2010.10.28 20:58:55 | 000,000,840 | ---- | C] () -- C:\Users\Fabian\Desktop\PhotoFiltre.lnk [2010.10.28 20:56:32 | 004,118,294 | ---- | C] () -- C:\Users\Fabian\Desktop\pf-setup-en.exe [2010.10.28 20:50:57 | 002,880,162 | ---- | C] () -- C:\Users\Fabian\Desktop\PA280145.JPG [2010.10.28 20:50:48 | 003,104,142 | ---- | C] () -- C:\Users\Fabian\Desktop\PA280142.JPG [2010.10.28 19:59:09 | 000,679,424 | ---- | C] () -- C:\Users\Fabian\Desktop\Collage.doc [2010.10.28 19:53:25 | 000,008,158 | ---- | C] () -- C:\Users\Fabian\Desktop\studio-kugel-geschaeftsmann_~jl_012150_6924.jpg [2010.10.28 18:28:34 | 000,002,430 | ---- | C] () -- C:\Users\Fabian\Desktop\raus.jpg [2010.10.24 15:47:39 | 000,053,658 | ---- | C] () -- C:\Users\Fabian\Desktop\Steg K2.01.JPG [2010.10.13 19:14:41 | 000,000,042 | ---- | C] () -- C:\Windows\oodjobd.INI [2010.08.28 23:34:09 | 000,000,016 | ---- | C] () -- C:\Users\Fabian\AppData\Roaming\hngmfc.dat [2010.06.22 17:37:07 | 000,026,299 | ---- | C] () -- C:\Programme\Manual.htm [2010.06.22 17:37:07 | 000,013,887 | ---- | C] () -- C:\Programme\FAQ.htm [2010.06.22 17:37:07 | 000,002,933 | ---- | C] () -- C:\Programme\Version.txt [2010.06.22 17:37:07 | 000,001,672 | ---- | C] () -- C:\Programme\License.txt [2010.04.23 21:04:49 | 000,000,540 | ---- | C] () -- C:\Users\Fabian\AppData\Roaming\AutoGK.ini [2010.03.15 19:15:34 | 000,156,430 | R--- | C] () -- C:\ProgramData\DeviceManager.xml.rc4 [2010.02.26 18:51:45 | 000,722,416 | ---- | C] () -- C:\Windows\System32\drivers\sptd.sys [2010.02.22 15:21:46 | 000,000,091 | ---- | C] () -- C:\ProgramData\PS.log [2010.02.22 14:37:42 | 000,000,917 | ---- | C] () -- C:\Windows\System32\CLWatson.ini [2010.02.20 18:26:19 | 000,027,648 | ---- | C] () -- C:\Windows\System32\AVSredirect.dll [2010.02.18 16:16:09 | 000,001,472 | ---- | C] () -- C:\Users\Fabian\AppData\Local\RecConfig.xml [2010.01.10 18:19:31 | 000,000,056 | -H-- | C] () -- C:\ProgramData\ezsidmv.dat [2010.01.09 13:48:43 | 003,482,112 | ---- | C] () -- C:\Windows\System32\drivers\snp2uvc.sys [2010.01.09 13:48:43 | 000,027,264 | ---- | C] () -- C:\Windows\System32\drivers\sncduvc.sys [2010.01.09 13:48:43 | 000,015,497 | ---- | C] () -- C:\Windows\snp2uvc.ini [2010.01.02 13:45:28 | 000,197,120 | ---- | C] () -- C:\Windows\patchw32.dll [2009.10.22 17:29:34 | 000,053,299 | ---- | C] () -- C:\Windows\System32\pthreadVC.dll [2009.09.13 15:26:17 | 000,017,920 | ---- | C] () -- C:\Windows\System32\implode.dll [2009.09.13 15:26:16 | 000,009,136 | ---- | C] () -- C:\Windows\System32\INETWH16.DLL [2009.05.14 10:00:39 | 000,003,972 | ---- | C] () -- C:\Windows\System32\drivers\PciBus.sys [2009.04.09 15:47:02 | 000,013,824 | ---- | C] () -- C:\Windows\System32\CallSimReader.dll [2009.04.09 15:46:02 | 000,055,808 | ---- | C] () -- C:\Windows\System32\SimReader.dll [2009.03.02 11:33:32 | 000,067,584 | ---- | C] () -- C:\Windows\System32\ff_vfw.dll [2009.02.25 01:16:05 | 000,000,069 | ---- | C] () -- C:\Windows\NeroDigital.ini [2009.01.28 17:25:55 | 000,000,000 | ---- | C] () -- C:\Users\Fabian\AppData\Roaming\downloads.m3u [2009.01.28 17:24:50 | 000,000,174 | ---- | C] () -- C:\Users\Fabian\AppData\Roaming\default.rss [2009.01.27 21:24:08 | 000,004,767 | ---- | C] () -- C:\Windows\Irremote.ini [2009.01.25 22:10:48 | 000,179,200 | ---- | C] () -- C:\Windows\System32\xvidvfw.dll [2009.01.17 11:45:15 | 000,000,104 | ---- | C] () -- C:\Windows\Rumble2.ini [2009.01.09 00:01:22 | 000,629,760 | ---- | C] () -- C:\Windows\System32\xvidcore.dll [2008.12.31 12:55:47 | 000,000,094 | ---- | C] () -- C:\Users\Fabian\AppData\Local\fusioncache.dat [2008.12.14 14:52:15 | 000,000,840 | ---- | C] () -- C:\Users\Fabian\AppData\Roaming\EasyToolz.ini [2008.11.06 17:37:32 | 003,596,288 | ---- | C] () -- C:\Windows\System32\qt-dx331.dll [2008.11.06 17:33:02 | 000,012,288 | ---- | C] () -- C:\Windows\System32\DivXWMPExtType.dll [2008.10.07 09:13:22 | 000,058,648 | ---- | C] () -- C:\Windows\System32\AgCPanelTraditionalChinese.dll [2008.10.07 09:13:20 | 000,058,648 | ---- | C] () -- C:\Windows\System32\AgCPanelSwedish.dll [2008.10.07 09:13:20 | 000,058,648 | ---- | C] () -- C:\Windows\System32\AgCPanelSpanish.dll [2008.10.07 09:13:20 | 000,058,648 | ---- | C] () -- C:\Windows\System32\AgCPanelSimplifiedChinese.dll [2008.10.07 09:13:20 | 000,058,648 | ---- | C] () -- C:\Windows\System32\AgCPanelPortugese.dll [2008.10.07 09:13:20 | 000,058,648 | ---- | C] () -- C:\Windows\System32\AgCPanelKorean.dll [2008.10.07 09:13:20 | 000,058,648 | ---- | C] () -- C:\Windows\System32\AgCPanelJapanese.dll [2008.10.07 09:13:20 | 000,058,648 | ---- | C] () -- C:\Windows\System32\AgCPanelGerman.dll [2008.10.07 09:13:20 | 000,058,648 | ---- | C] () -- C:\Windows\System32\AgCPanelFrench.dll [2008.10.04 13:33:21 | 000,026,340 | ---- | C] () -- C:\Users\Fabian\AppData\Roaming\UserTile.png [2008.10.04 11:52:35 | 000,000,004 | ---- | C] () -- C:\Windows\msoffice.ini [2008.10.04 10:41:39 | 000,000,558 | ---- | C] () -- C:\Windows\DFC.INI [2008.10.04 10:23:29 | 000,000,025 | ---- | C] () -- C:\Windows\cdplayer.ini [2008.06.05 07:58:26 | 000,197,912 | ---- | C] () -- C:\Windows\System32\physxcudart_20.dll [2008.02.12 14:40:41 | 000,000,552 | ---- | C] () -- C:\Users\Fabian\AppData\Local\d3d8caps.dat [2008.01.27 14:12:27 | 000,022,328 | ---- | C] () -- C:\Windows\System32\drivers\PnkBstrK.sys [2008.01.14 19:50:44 | 000,049,152 | ---- | C] () -- C:\Windows\System32\ZSubTimer.dll [2007.11.22 11:23:19 | 000,000,000 | ---- | C] () -- C:\Windows\iplayer.INI [2007.10.28 21:51:35 | 000,014,018 | ---- | C] () -- C:\Users\Fabian\AppData\Roaming\wklnhst.dat [2007.10.28 21:33:53 | 000,000,400 | ---- | C] () -- C:\Windows\ODBC.INI [2007.09.15 16:44:59 | 000,000,301 | ---- | C] () -- C:\Windows\thug2.ini [2007.09.15 10:55:49 | 000,000,725 | ---- | C] () -- C:\Windows\EF2.INI [2007.08.13 17:46:00 | 000,155,136 | ---- | C] () -- C:\Users\Fabian\AppData\Local\lame_enc.dll [2007.07.10 13:38:29 | 000,000,403 | ---- | C] () -- C:\Windows\SIERRA.INI [2007.06.12 17:30:06 | 000,024,576 | R--- | C] () -- C:\Windows\System32\AsIO.dll [2007.06.12 17:30:06 | 000,012,664 | R--- | C] () -- C:\Windows\System32\drivers\AsIO.sys [2007.06.12 17:30:03 | 000,012,096 | ---- | C] () -- C:\Windows\System32\drivers\AsInsHelp64.sys [2007.06.12 17:30:03 | 000,010,304 | ---- | C] () -- C:\Windows\System32\drivers\AsInsHelp32.sys [2007.06.11 17:59:06 | 000,095,744 | ---- | C] () -- C:\Users\Fabian\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini [2007.06.11 15:35:02 | 000,271,360 | ---- | C] () -- C:\Windows\System32\drivers\atksgt.sys [2007.06.11 15:35:01 | 000,018,048 | ---- | C] () -- C:\Windows\System32\drivers\lirsgt.sys [2007.06.11 14:48:44 | 000,032,768 | ---- | C] () -- C:\Windows\TBPanelExt.dll [2007.06.11 14:48:44 | 000,012,285 | ---- | C] () -- C:\Windows\Cadx3.ini [2007.06.11 14:48:44 | 000,005,120 | ---- | C] () -- C:\Windows\TBManage.dll [2007.06.11 14:48:43 | 000,007,698 | ---- | C] () -- C:\Windows\cadx2.ini [2007.06.11 14:44:49 | 000,009,052 | ---- | C] () -- C:\Users\Fabian\AppData\Local\d3d9caps.dat [2007.06.06 15:02:35 | 000,022,903 | ---- | C] () -- C:\Windows\Ascd_tmp.ini [2007.06.06 15:02:35 | 000,007,680 | ---- | C] () -- C:\Windows\System32\drivers\ASACPI.sys [2007.06.06 15:02:28 | 000,010,288 | ---- | C] () -- C:\Windows\System32\drivers\ASUSHWIO.SYS [2007.06.06 14:54:56 | 000,001,970 | ---- | C] () -- C:\Windows\HCWPNP.INI [2007.06.01 07:47:56 | 000,040,960 | ---- | C] () -- C:\Windows\System32\hcwxds.dll [2007.04.13 21:40:03 | 000,143,360 | ---- | C] () -- C:\Windows\System32\USBaccess.dll [2006.11.17 23:04:17 | 000,235,520 | ---- | C] () -- C:\Windows\System32\jangraphics.dll [2006.11.02 13:35:32 | 000,005,632 | ---- | C] () -- C:\Windows\System32\sysprepMCE.dll [2006.11.02 08:40:29 | 000,013,750 | ---- | C] () -- C:\Windows\System32\pacerprf.ini [2006.10.26 01:06:48 | 000,064,000 | ---- | C] () -- C:\Users\Fabian\AppData\Local\vorbisenc.dll [2006.10.26 01:06:48 | 000,019,456 | ---- | C] () -- C:\Users\Fabian\AppData\Local\vorbisfile.dll [2006.10.26 01:06:46 | 000,143,872 | ---- | C] () -- C:\Users\Fabian\AppData\Local\vorbis.dll [2006.10.26 01:06:36 | 000,015,872 | ---- | C] () -- C:\Users\Fabian\AppData\Local\ogg.dll [2005.08.23 22:34:06 | 000,029,184 | ---- | C] () -- C:\Users\Fabian\AppData\Local\no23xwrapper.dll [2002.10.15 23:54:04 | 000,153,088 | ---- | C] () -- C:\Windows\System32\unrar.dll [1996.04.03 20:33:26 | 000,005,248 | ---- | C] () -- C:\Windows\System32\giveio.sys ========== LOP Check ========== [2010.10.12 11:35:26 | 000,000,000 | ---D | M] -- C:\Users\Fabian\AppData\Roaming\10 Finger BreakOut [2009.05.28 18:29:49 | 000,000,000 | ---D | M] -- C:\Users\Fabian\AppData\Roaming\3B [2010.08.12 23:11:31 | 000,000,000 | ---D | M] -- C:\Users\Fabian\AppData\Roaming\4C91EC9C9460DC2A1C65CD6AD75C1395 [2010.04.07 14:19:51 | 000,000,000 | ---D | M] -- C:\Users\Fabian\AppData\Roaming\Amazon [2008.12.23 11:34:51 | 000,000,000 | ---D | M] -- C:\Users\Fabian\AppData\Roaming\Ambient Design [2010.03.09 22:07:47 | 000,000,000 | ---D | M] -- C:\Users\Fabian\AppData\Roaming\AnvSoft [2010.01.30 11:26:12 | 000,000,000 | ---D | M] -- C:\Users\Fabian\AppData\Roaming\Ashampoo [2008.12.26 09:50:01 | 000,000,000 | ---D | M] -- C:\Users\Fabian\AppData\Roaming\astragon Software GmbH [2010.01.02 13:46:24 | 000,000,000 | ---D | M] -- C:\Users\Fabian\AppData\Roaming\Atari [2010.10.13 17:34:42 | 000,000,000 | ---D | M] -- C:\Users\Fabian\AppData\Roaming\AudioMoves [2010.10.12 16:13:38 | 000,000,000 | ---D | M] -- C:\Users\Fabian\AppData\Roaming\avidemux [2009.01.16 20:58:09 | 000,000,000 | ---D | M] -- C:\Users\Fabian\AppData\Roaming\Blender Foundation [2009.01.19 18:49:46 | 000,000,000 | ---D | M] -- C:\Users\Fabian\AppData\Roaming\Buhl Data Service [2010.04.24 13:38:22 | 000,000,000 | ---D | M] -- C:\Users\Fabian\AppData\Roaming\CadSoft [2010.01.25 17:40:57 | 000,000,000 | ---D | M] -- C:\Users\Fabian\AppData\Roaming\clickEXE [2010.11.19 23:43:50 | 000,000,000 | ---D | M] -- C:\Users\Fabian\AppData\Roaming\Desktopicon [2010.10.12 16:27:19 | 000,000,000 | ---D | M] -- C:\Users\Fabian\AppData\Roaming\Dr. DivX 2.0 OSS [2010.07.30 13:32:46 | 000,000,000 | ---D | M] -- C:\Users\Fabian\AppData\Roaming\DVDVideoSoftIEHelpers [2010.10.12 12:33:44 | 000,000,000 | ---D | M] -- C:\Users\Fabian\AppData\Roaming\Flock [2010.10.19 21:57:12 | 000,000,000 | ---D | M] -- C:\Users\Fabian\AppData\Roaming\gtk-2.0 [2010.10.18 23:26:48 | 000,000,000 | ---D | M] -- C:\Users\Fabian\AppData\Roaming\ICQ [2010.01.10 15:35:42 | 000,000,000 | ---D | M] -- C:\Users\Fabian\AppData\Roaming\ICQLite [2010.10.19 22:12:30 | 000,000,000 | ---D | M] -- C:\Users\Fabian\AppData\Roaming\IrfanView [2010.10.28 22:37:57 | 000,000,000 | -HSD | M] -- C:\Users\Fabian\AppData\Roaming\jh87uhnoe3 [2007.09.15 15:13:27 | 000,000,000 | ---D | M] -- C:\Users\Fabian\AppData\Roaming\Leadertech [2010.08.12 23:12:01 | 000,000,000 | ---D | M] -- C:\Users\Fabian\AppData\Roaming\lowsec [2009.05.23 17:30:14 | 000,000,000 | ---D | M] -- C:\Users\Fabian\AppData\Roaming\MiniDm [2010.06.23 17:22:45 | 000,000,000 | ---D | M] -- C:\Users\Fabian\AppData\Roaming\mp3DirectCut [2010.04.04 13:42:57 | 000,000,000 | ---D | M] -- C:\Users\Fabian\AppData\Roaming\Mp3tag [2010.01.08 23:36:06 | 000,000,000 | ---D | M] -- C:\Users\Fabian\AppData\Roaming\OCS [2008.12.24 11:14:04 | 000,000,000 | ---D | M] -- C:\Users\Fabian\AppData\Roaming\OpenOffice.org [2009.11.01 17:59:44 | 000,000,000 | ---D | M] -- C:\Users\Fabian\AppData\Roaming\Opera [2008.10.04 13:33:21 | 000,000,000 | ---D | M] -- C:\Users\Fabian\AppData\Roaming\PeerNetworking [2010.03.28 21:22:45 | 000,000,000 | ---D | M] -- C:\Users\Fabian\AppData\Roaming\Pegasys Inc [2010.10.28 20:59:24 | 000,000,000 | ---D | M] -- C:\Users\Fabian\AppData\Roaming\PhotoFiltre [2010.04.12 17:31:32 | 000,000,000 | ---D | M] -- C:\Users\Fabian\AppData\Roaming\PowerCinema [2009.04.03 19:33:17 | 000,000,000 | ---D | M] -- C:\Users\Fabian\AppData\Roaming\ProtectDisc [2010.02.20 17:49:05 | 000,000,000 | ---D | M] -- C:\Users\Fabian\AppData\Roaming\Red Kawa [2010.02.20 23:53:01 | 000,000,000 | ---D | M] -- C:\Users\Fabian\AppData\Roaming\Regensoft [2010.09.15 20:46:24 | 000,000,000 | ---D | M] -- C:\Users\Fabian\AppData\Roaming\Registry Mechanic [2009.01.19 18:22:16 | 000,000,000 | ---D | M] -- C:\Users\Fabian\AppData\Roaming\S.A.D [2007.08.12 14:16:44 | 000,000,000 | ---D | M] -- C:\Users\Fabian\AppData\Roaming\Sierra [2010.10.12 12:40:11 | 000,000,000 | ---D | M] -- C:\Users\Fabian\AppData\Roaming\SlimBrowser [2010.03.17 17:10:43 | 000,000,000 | ---D | M] -- C:\Users\Fabian\AppData\Roaming\soul.im [2010.10.13 18:51:46 | 000,000,000 | ---D | M] -- C:\Users\Fabian\AppData\Roaming\Steganos [2010.10.12 11:42:18 | 000,000,000 | ---D | M] -- C:\Users\Fabian\AppData\Roaming\Stellarium [2009.05.28 17:09:57 | 000,000,000 | ---D | M] -- C:\Users\Fabian\AppData\Roaming\T-Online [2010.10.19 21:43:47 | 000,000,000 | ---D | M] -- C:\Users\Fabian\AppData\Roaming\temp [2009.12.22 14:51:35 | 000,000,000 | ---D | M] -- C:\Users\Fabian\AppData\Roaming\Toolbars [2010.08.15 00:03:30 | 000,000,000 | ---D | M] -- C:\Users\Fabian\AppData\Roaming\Tracker Software [2010.05.25 20:06:54 | 000,000,000 | ---D | M] -- C:\Users\Fabian\AppData\Roaming\TS3Client [2009.05.24 14:14:00 | 000,000,000 | ---D | M] -- C:\Users\Fabian\AppData\Roaming\TuneUp Software [2010.10.12 11:31:55 | 000,000,000 | ---D | M] -- C:\Users\Fabian\AppData\Roaming\TVcentral-Core [2008.11.02 12:20:20 | 000,000,000 | ---D | M] -- C:\Users\Fabian\AppData\Roaming\Vodafone [2010.09.15 20:32:47 | 000,000,000 | ---D | M] -- C:\Users\Fabian\AppData\Roaming\VS Revo Group [2009.05.28 18:26:44 | 000,000,000 | ---D | M] -- C:\Users\Fabian\AppData\Roaming\Webview [2010.01.18 20:28:17 | 000,000,000 | ---D | M] -- C:\Users\Fabian\AppData\Roaming\WhatPulse [2010.11.19 17:17:16 | 000,000,392 | ---- | M] () -- C:\Windows\Tasks\1-Klick-Wartung.job [2010.11.23 11:55:05 | 000,000,370 | ---- | M] () -- C:\Windows\Tasks\Ad-Aware Update (Weekly).job [2010.11.23 11:55:15 | 000,000,250 | ---- | M] () -- C:\Windows\Tasks\RtlVistaStart.job [2010.11.22 23:33:45 | 000,032,562 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT [2010.11.23 12:44:59 | 000,000,394 | -H-- | M] () -- C:\Windows\Tasks\User_Feed_Synchronization-{60E70999-78D0-41AB-8805-04CC34877BB3}.job [2010.11.23 12:45:15 | 000,000,420 | -H-- | M] () -- C:\Windows\Tasks\User_Feed_Synchronization-{96A16510-0F25-41F6-A1C5-B3B8D56AE797}.job ========== Purity Check ========== ========== Alternate Data Streams ========== @Alternate Data Stream - 451 bytes -> C:\ProgramData\TEMP:05EE1EEF @Alternate Data Stream - 104 bytes -> C:\ProgramData\TEMP:D1B5B4F1 < End of report > Extras (2 Log-File von OTL) ist im Anhang: So Freunde, dann hatte ich vorgestern nochmal nen Scan mit Anti-Malware gemacht und was gefunden: Code:
ATTFilter Malwarebytes' Anti-Malware 1.46
www.malwarebytes.org
Datenbank Version: 5154
Windows 6.0.6001 Service Pack 1
Internet Explorer 8.0.6001.18783
20.11.2010 01:03:56
mbam-log-2010-11-20 (01-03-56).txt
Art des Suchlaufs: Quick-Scan
Durchsuchte Objekte: 163357
Laufzeit: 6 Minute(n), 22 Sekunde(n)
Infizierte Speicherprozesse: 0
Infizierte Speichermodule: 0
Infizierte Registrierungsschlüssel: 1
Infizierte Registrierungswerte: 0
Infizierte Dateiobjekte der Registrierung: 0
Infizierte Verzeichnisse: 0
Infizierte Dateien: 1
Infizierte Speicherprozesse:
(Keine bösartigen Objekte gefunden)
Infizierte Speichermodule:
(Keine bösartigen Objekte gefunden)
Infizierte Registrierungsschlüssel:
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\{19127ad2-394b-70f5-c650-b97867baa1f7} (Backdoor.Bot) -> Quarantined and deleted successfully.
Infizierte Registrierungswerte:
(Keine bösartigen Objekte gefunden)
Infizierte Dateiobjekte der Registrierung:
(Keine bösartigen Objekte gefunden)
Infizierte Verzeichnisse:
(Keine bösartigen Objekte gefunden)
Infizierte Dateien:
C:\Users\Fabian\AppData\Roaming\avdrn.dat (Malware.Trace) -> Quarantined and deleted successfully.
Code:
ATTFilter g-FMalwarebytes' Anti-Malware 1.46
www.malwarebytes.org
Datenbank Version: 5154
Windows 6.0.6001 Service Pack 1
Internet Explorer 8.0.6001.18783
23.11.2010 13:12:08
mbam-log-2010-11-23 (13-12-08).txt
Art des Suchlaufs: Quick-Scan
Durchsuchte Objekte: 162935
Laufzeit: 5 Minute(n), 13 Sekunde(n)
Infizierte Speicherprozesse: 0
Infizierte Speichermodule: 0
Infizierte Registrierungsschlüssel: 0
Infizierte Registrierungswerte: 0
Infizierte Dateiobjekte der Registrierung: 0
Infizierte Verzeichnisse: 0
Infizierte Dateien: 0
Infizierte Speicherprozesse:
(Keine bösartigen Objekte gefunden)
Infizierte Speichermodule:
(Keine bösartigen Objekte gefunden)
Infizierte Registrierungsschlüssel:
(Keine bösartigen Objekte gefunden)
Infizierte Registrierungswerte:
(Keine bösartigen Objekte gefunden)
Infizierte Dateiobjekte der Registrierung:
(Keine bösartigen Objekte gefunden)
Infizierte Verzeichnisse:
(Keine bösartigen Objekte gefunden)
Infizierte Dateien:
(Keine bösartigen Objekte gefunden)
Zum Schluß bleibt zu sagen, dass ich glaube auch mit Spybot was gefunden hatte, kann mich auch irren, denn ich kann mich 0 erinnern. So, ich habe alles ausführlich gemacht, wie es in der Anleitung steht. Ich hoffe, ihr könnt mir helfen, denn wenn ich sehe, wie lang so ne Log-File ist, kann ich mir nicht vorstellen, dass da jemand durchsieht!? Das wars erstmal, bin gespannt auf Antworten. Gruß Fabian |
|
23.11.2010, 20:42
| #2 |
| | Spyware während der Pay-Pal Anmeldung! So,
__________________jetzt habe ich nen risen Problem. Ich kann mich in keinem forum oder so mehr anmelden. Melde ich mich z.B. im trojaner-Board an, kommt diese Seite mit: "Danke, Nemesis36 für ihre Anmeldung" oder so und danach werde ich wieder zum Anmelde-Fenster weitergeleitet, ich bin also nie angemeldet. In anderen Foren ist es auch so, klicke ich auf anmelden, bin ich danach wieder auf der Anmelde-Seite. Es geht nur, wenn ich mit dme CCleaner alles lösche, aber nach kürzester Zeit ist es wieder so, dass ich mich nirgends anmelden kann. Außerdem bricht dauernd meine UMTS-Verbindung ständig ab, das hatte ich sonst nie. Bitte, helft mir.  |
|
| Themen zu Spyware während der Pay-Pal Anmeldung! |
| 0x00000001, 32-bit, ad-aware, alternate, avgntflt.sys, avira, awareness, benachrichtigungsdienst, bho, c:\windows\system32\rundll32.exe, c:\windows\system32\services.exe, conduit, corp./icp, cpu, dwm.exe, ebayshortcuts.exe, error, excel.exe, firefox, firefox.exe, geld, gruppe, hacken, hijackthis, home, home premium, jusched.exe, langs, launch, logfile, mozilla, nvlddmkm.sys, nvstor.sys, oldtimer, otl logfile, otl.exe, plug-in, programdata, programm, realtek, rundll, safer networking, scan, sched.exe, searchplugins, security, security scan, senden, service pack 1, software, sptd.sys, spyware, start menu, svchost.exe, tracker, trojan-dropper.win32.agent, trojan.win32.generic, trojan.win32.generic!bt, trojaner, updates, version., virus-warnung, vista, vodafone, windows, windows vista home, winpcap packet driver |
Linear-Darstellung
