| |
| |||||||
Plagegeister aller Art und deren Bekämpfung: TR/Crypt.ZPACK.Gen und quick defragWindows 7 Wenn Du nicht sicher bist, ob Du dir Malware oder Trojaner eingefangen hast, erstelle hier ein Thema. Ein Experte wird sich mit weiteren Anweisungen melden und Dir helfen die Malware zu entfernen oder Unerwünschte Software zu deinstallieren bzw. zu löschen. Bitte schildere dein Problem so genau wie möglich. Sollte es ein Trojaner oder Viren Problem sein wird ein Experte Dir bei der Beseitigug der Infektion helfen. |
 |
03.01.2011, 00:17
| #1 |
| |  TR/Crypt.ZPACK.Gen und quick defrag Hi, mein antivirus programm (avira antivir) hat folgendes angezeigt: In der Datei 'C:\ProgramData\GajMyxwfyHoxLFp.dll' wurde ein Virus oder unerwünschtes Programm 'TR/Crypt.ZPACK.Gen' [trojan] gefunden. Ausgeführte Aktion: Zugriff verweigern dann meldete sich plötzlich das programm quick defrag. ich hab nach dem programm gegoogelt und herausgefunden, dass das eine badware ist. wie kann ich die entfernen? Anti-Malware-log Code:
ATTFilter Malwarebytes' Anti-Malware 1.50.1.1100
www.malwarebytes.org
Datenbank Version: 5445
Windows 6.0.6001 Service Pack 1
Internet Explorer 8.0.6001.18828
02.01.2011 23:36:25
mbam-log-2011-01-02 (23-36-25).txt
Art des Suchlaufs: Quick-Scan
Durchsuchte Objekte: 145435
Laufzeit: 13 Minute(n), 21 Sekunde(n)
Infizierte Speicherprozesse: 2
Infizierte Speichermodule: 0
Infizierte Registrierungsschlüssel: 8
Infizierte Registrierungswerte: 5
Infizierte Dateiobjekte der Registrierung: 0
Infizierte Verzeichnisse: 0
Infizierte Dateien: 8
Infizierte Speicherprozesse:
c:\programdata\vwbxjbyjeijhqdh.exe (Trojan.Agent) -> 3516 -> Unloaded process successfully.
c:\programdata\mWCIqGgo.exe (Rogue.FakeHDD) -> 3524 -> Unloaded process successfully.
Infizierte Speichermodule:
(Keine bösartigen Objekte gefunden)
Infizierte Registrierungsschlüssel:
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Settings\{25F97EB4-1C02-45BA-BA0C-E67AACE64D4A} (Adware.ToolBar) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{25F97EB4-1C02-45BA-BA0C-E67AACE64D4A} (Adware.ToolBar) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{055FD26D-3A88-4e15-963D-DC8493744B1D} (Trojan.BHO) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{055FD26D-3A88-4e15-963D-DC8493744B1D} (Trojan.BHO) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\TypeLib\{77D6DDFA-7834-4541-B2B3-A8B0FB0E3924} (Trojan.BHO) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\XTTB00001.XTTB00001Toolbar (Trojan.BHO) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Settings\{055FD26D-3A88-4E15-963D-DC8493744B1D} (Trojan.BHO) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{055FD26D-3A88-4E15-963D-DC8493744B1D} (Trojan.BHO) -> Quarantined and deleted successfully.
Infizierte Registrierungswerte:
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\vWbXjBYJEiJHQDH.exe (Trojan.Agent) -> Value: vWbXjBYJEiJHQDH.exe -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\mWCIqGgo (Rogue.FakeHDD) -> Value: mWCIqGgo -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\VGctT06XJjB35bDE (Rogue.FakeHDD) -> Value: VGctT06XJjB35bDE -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Toolbar\WebBrowser\{25F97EB4-1C02-45BA-BA0C-E67AACE64D4A} (Adware.ToolBar) -> Value: {25F97EB4-1C02-45BA-BA0C-E67AACE64D4A} -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Toolbar\WebBrowser\{25F97EB4-1C02-45BA-BA0C-E67AACE64D4A} (Adware.ToolBar) -> Value: {25F97EB4-1C02-45BA-BA0C-E67AACE64D4A} -> Quarantined and deleted successfully.
Infizierte Dateiobjekte der Registrierung:
(Keine bösartigen Objekte gefunden)
Infizierte Verzeichnisse:
(Keine bösartigen Objekte gefunden)
Infizierte Dateien:
c:\programdata\vwbxjbyjeijhqdh.exe (Trojan.Agent) -> Quarantined and deleted successfully.
c:\programdata\mWCIqGgo.exe (Rogue.FakeHDD) -> Quarantined and deleted successfully.
c:\programdata\vgctt06xjjb35bde.exe (Rogue.FakeHDD) -> Quarantined and deleted successfully.
c:\programdata\gajmyxwfyhoxlfp.dll (Rogue.HDDDoctor) -> Quarantined and deleted successfully.
c:\Users\Marcin\AppData\Local\Temp\tmp173F.tmp (Trojan.Agent) -> Quarantined and deleted successfully.
c:\programdata\sysreserve.ini (Malware.Trace) -> Quarantined and deleted successfully.
c:\Windows\System32\taskkill.com (Worm.P2P) -> Quarantined and deleted successfully.
c:\program files\icqtoolbar\toolbaru.dll (Trojan.BHO) -> Quarantined and deleted successfully.
Code:
ATTFilter OTL Extras logfile created on: 03.01.2011 00:01:27 - Run 1
OTL by OldTimer - Version 3.2.20.1 Folder = C:\Users\Marcin\Desktop
Windows Vista Home Basic Edition Service Pack 1 (Version = 6.0.6001) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18828)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
894,00 Mb Total Physical Memory | 201,00 Mb Available Physical Memory | 22,00% Memory free
2,00 Gb Paging File | 1,00 Gb Available in Paging File | 55,00% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 144,19 Gb Total Space | 22,66 Gb Free Space | 15,72% Space Free | Partition Type: NTFS
Drive D: | 4,86 Gb Total Space | 0,88 Gb Free Space | 18,20% Space Free | Partition Type: NTFS
Computer Name: MARCIN-PC | User Name: Marcin | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
========== Extra Registry (SafeList) ==========
========== File Associations ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- C:\Windows\System32\control.exe (Microsoft Corporation)
.hlp [@ = hlpfile] -- C:\Windows\winhlp32.exe (Microsoft Corporation)
[HKEY_CURRENT_USER\SOFTWARE\Classes\<extension>]
.html [@ = FirefoxHTML] -- Reg Error: Key error. File not found
========== Shell Spawning ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
hlpfile [open] -- %SystemRoot%\winhlp32.exe %1 (Microsoft Corporation)
http [open] -- "C:\Program Files\Mozilla Firefox\firefox.exe" -requestPending -osint -url "%1" (Mozilla Corporation)
https [open] -- "C:\Program Files\Mozilla Firefox\firefox.exe" -requestPending -osint -url "%1" (Mozilla Corporation)
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l (Microsoft Corporation)
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [Winamp.Bookmark] -- "C:\Program Files\Winamp\winamp.exe" /BOOKMARK "%1" (Nullsoft)
Directory [Winamp.Enqueue] -- "C:\Program Files\Winamp\winamp.exe" /ADD "%1" (Nullsoft)
Directory [Winamp.Play] -- "C:\Program Files\Winamp\winamp.exe" "%1" (Nullsoft)
Folder [open] -- %SystemRoot%\Explorer.exe /separate,/idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /separate,/e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
========== Security Center Settings ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1
"UacDisableNotify" = 1
"InternetSettingsDisableNotify" = 1
"AutoUpdateDisableNotify" = 1
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
"DisableMonitoring" = 1
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus]
"DisableMonitoring" = 1
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall]
"DisableMonitoring" = 1
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"AntiVirusOverride" = 1
"AntiSpywareOverride" = 1
"FirewallOverride" = 0
"VistaSp1" = Reg Error: Unknown registry data type -- File not found
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]
========== Firewall Settings ==========
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
========== Authorized Applications List ==========
========== Vista Active Open Ports Exception List ==========
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{0AB35400-0667-4C87-82BA-0947294C44FB}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{0E3437C0-FB89-4EBD-A984-A6C0EB17F8AA}" = rport=2869 | protocol=6 | dir=out | app=system |
"{1566B96E-7068-4CCA-97AF-8EEBCFD166D3}" = lport=53 | protocol=17 | dir=in | svc=sharedaccess | app=%systemroot%\system32\svchost.exe |
"{247A3798-BFEC-41A0-9C75-4FA6CA288828}" = lport=10243 | protocol=6 | dir=in | app=system |
"{3A4DFE30-DC6C-4D7B-B9A1-723EAEC9AA4B}" = lport=2177 | protocol=6 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{41F302DB-2475-4D5E-8E47-E824F2A0E141}" = rport=2177 | protocol=17 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{48D704D3-27EE-41F7-8FFD-B024D3FF621A}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{4E35B9C7-59C2-4936-B4F6-EDA1EE7CA079}" = lport=15199 | protocol=6 | dir=in | name=bitcomet 15199 tcp |
"{51F69F89-C529-4214-B896-34934EB6BC93}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{65FE68EE-0963-4F71-8DA7-80FFB6686349}" = lport=68 | protocol=17 | dir=in | svc=sharedaccess | app=%systemroot%\system32\svchost.exe |
"{81DBF587-7E18-4712-AEC6-A3D81D812D0B}" = lport=67 | protocol=17 | dir=in | svc=sharedaccess | app=%systemroot%\system32\svchost.exe |
"{830C91C0-2B7D-4620-80FD-12F1F6B3A951}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{8F81D03C-3F6C-40E3-99A3-4E80B5D34FEF}" = lport=2869 | protocol=6 | dir=in | app=system |
"{9E10D9B4-5F21-410C-8A15-B9FE0A18F998}" = rport=2177 | protocol=6 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{AA6262A8-C0F8-4EF4-92C7-8A5F094519EE}" = lport=2177 | protocol=17 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{AAAC84A2-9AE1-4B75-BFDC-A6EC9E6F8568}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=svchost.exe |
"{AC6E7649-128E-48EB-B6AC-2D380B71CEB0}" = lport=15199 | protocol=17 | dir=in | name=bitcomet 15199 udp |
"{BFF741DE-1488-425B-B161-17C3D03288A7}" = lport=2869 | protocol=6 | dir=in | app=system |
"{CE8CCC47-5E8D-44F8-9585-4354AD5219DE}" = lport=2869 | protocol=6 | dir=in | app=system |
"{DABCCEBB-5CC7-4579-A84D-6C18ACEB50A6}" = lport=547 | protocol=17 | dir=in | svc=sharedaccess | app=%systemroot%\system32\svchost.exe |
"{F151B90C-744D-4677-A66E-B440BC05F305}" = rport=10243 | protocol=6 | dir=out | app=system |
========== Vista Active Application Exception List ==========
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{0FBCF7A5-5F91-46D8-B2DC-C92D333933D5}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{37D8D660-8E7B-4D4C-952A-9D8C5F59082A}" = protocol=17 | dir=in | app=c:\program files\windows live\messenger\msnmsgr.exe |
"{479BFF69-FA9E-4367-8E5B-AD1B8ABD3370}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{554A51C8-CF11-49D5-8A15-CF64DEAC19B0}" = protocol=17 | dir=in | app=c:\program files\skype\phone\skype.exe |
"{6610D03B-154E-490D-B71F-A5E20D8FF48C}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe |
"{6C254EA9-067E-4F8F-BB66-251927F6F807}" = protocol=58 | dir=in | name=@hnetcfg.dll,-148 |
"{801BAD5C-8888-430C-B425-1AAFDFE5D1DD}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{883860EF-4892-498C-8C19-40ED2AF1E6DF}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe |
"{8C88F4CD-0A5B-449E-8232-3DAFEEAE3D8E}" = dir=out | svc=sharedaccess | app=%systemroot%\system32\svchost.exe |
"{A66F066C-86B8-4D93-805F-FA680D018326}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe |
"{A840455C-4CD8-4E35-B1D3-A098460C194E}" = protocol=6 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe |
"{B26D73AE-A46D-49EE-9F0C-15F79F10AA69}" = dir=in | app=c:\program files\hp\dvdplay\dpservice.exe |
"{BA7CDF12-6151-4613-B1E9-C0213F9973BB}" = protocol=6 | dir=out | svc=upnphost | app=%systemroot%\system32\svchost.exe |
"{BD9EF272-F0E9-4B00-98F4-E6BF1DC766A8}" = dir=in | app=c:\program files\windows live\messenger\msnmsgr.exe |
"{C253B55F-489A-490B-830F-521A5FFEC126}" = dir=in | app=c:\program files\hp\dvdplay\dvdplay.exe |
"{C43565E5-1D51-43ED-B3A6-146B40233F2A}" = dir=in | app=c:\program files\windows live\messenger\wlcsdk.exe |
"{C8ADAA30-C67F-40CC-AF9A-DA5106CE5090}" = protocol=6 | dir=in | app=c:\program files\windows live\messenger\msnmsgr.exe |
"{CE89AED8-F20C-4E58-8BC0-6629EE3883F7}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe |
"{D0031AC1-1FC1-4ACA-8C0C-6C53246E1233}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe |
"{E9C731B8-C688-4F17-AF0D-46177B706382}" = protocol=6 | dir=out | app=system |
"{FD770D3E-DA0F-4E9A-B87C-36874B532428}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{FFAC7086-F2B3-46D6-A0CA-8E64D5D8C5C6}" = protocol=6 | dir=out | svc=upnphost | app=%systemroot%\system32\svchost.exe |
"TCP Query User{1EF6B11D-0E2C-484B-9302-5263ADFAFAC1}C:\program files\winamp remote\bin\orbtray.exe" = protocol=6 | dir=in | app=c:\program files\winamp remote\bin\orbtray.exe |
"TCP Query User{2839A6BF-688E-416F-B73F-C4211437062A}C:\program files\mozilla firefox\firefox.exe" = protocol=6 | dir=in | app=c:\program files\mozilla firefox\firefox.exe |
"TCP Query User{381ACD72-F147-4AD8-896A-6C71E41131D6}C:\program files\ubisoft\heroes of might and magic v\bin\h5_game.exe" = protocol=6 | dir=in | app=c:\program files\ubisoft\heroes of might and magic v\bin\h5_game.exe |
"TCP Query User{551ECC10-29D2-4AE1-97A9-B0EF61468FA2}C:\program files\internet explorer\iexplore.exe" = protocol=6 | dir=in | app=c:\program files\internet explorer\iexplore.exe |
"TCP Query User{58AE92C7-CE23-4406-8D68-D688BA4CCC06}C:\program files\electronic arts\eadm\core.exe" = protocol=6 | dir=in | app=c:\program files\electronic arts\eadm\core.exe |
"TCP Query User{8C09273D-1CC2-4047-A917-6F544E1D3F85}C:\program files\icq6.5\icq.exe" = protocol=6 | dir=in | app=c:\program files\icq6.5\icq.exe |
"TCP Query User{8E7F136B-CA63-4936-A6B6-8E71CAFC6320}E:\setup.exe" = protocol=6 | dir=in | app=e:\setup.exe |
"TCP Query User{C53C7BEE-3E53-4E05-9D49-6E44B21C9145}C:\program files\bitcomet\bitcomet.exe" = protocol=6 | dir=in | app=c:\program files\bitcomet\bitcomet.exe |
"TCP Query User{D99D1DC9-888E-483E-AE29-BE339BAC532E}C:\program files\java\jre6\launch4j-tmp\vmload.exe" = protocol=6 | dir=in | app=c:\program files\java\jre6\launch4j-tmp\vmload.exe |
"TCP Query User{DC6B02E2-4C1C-4C3A-BA18-94E9FACD3A67}C:\vgigant\vgigant.exe" = protocol=6 | dir=in | app=c:\vgigant\vgigant.exe |
"UDP Query User{24CF11E1-56FF-4167-A48B-CF48121D0C1A}C:\program files\icq6.5\icq.exe" = protocol=17 | dir=in | app=c:\program files\icq6.5\icq.exe |
"UDP Query User{393596E7-8E54-4343-82BF-86B0DEDEBEF3}C:\program files\ubisoft\heroes of might and magic v\bin\h5_game.exe" = protocol=17 | dir=in | app=c:\program files\ubisoft\heroes of might and magic v\bin\h5_game.exe |
"UDP Query User{3BF1146B-4A82-404D-A25C-0C62B5334DB7}C:\program files\winamp remote\bin\orbtray.exe" = protocol=17 | dir=in | app=c:\program files\winamp remote\bin\orbtray.exe |
"UDP Query User{3F3C2ABC-3637-4AB4-B968-9CB16F280701}E:\setup.exe" = protocol=17 | dir=in | app=e:\setup.exe |
"UDP Query User{4400BAA2-A89E-4A6F-80DF-4C39F578E22A}C:\vgigant\vgigant.exe" = protocol=17 | dir=in | app=c:\vgigant\vgigant.exe |
"UDP Query User{625CEC3D-ECEC-43E2-860D-4E511D943B54}C:\program files\internet explorer\iexplore.exe" = protocol=17 | dir=in | app=c:\program files\internet explorer\iexplore.exe |
"UDP Query User{772BF5DE-65EB-4FA9-A0B8-8ABC6EA0F1C0}C:\program files\java\jre6\launch4j-tmp\vmload.exe" = protocol=17 | dir=in | app=c:\program files\java\jre6\launch4j-tmp\vmload.exe |
"UDP Query User{7A37D640-B821-42C8-AA99-102E32CAD960}C:\program files\bitcomet\bitcomet.exe" = protocol=17 | dir=in | app=c:\program files\bitcomet\bitcomet.exe |
"UDP Query User{ABBC3F98-0E3E-4ACF-B85F-275ED710BD80}C:\program files\mozilla firefox\firefox.exe" = protocol=17 | dir=in | app=c:\program files\mozilla firefox\firefox.exe |
"UDP Query User{BC8A5D7D-34C0-4302-849A-E93869CF2057}C:\program files\electronic arts\eadm\core.exe" = protocol=17 | dir=in | app=c:\program files\electronic arts\eadm\core.exe |
========== HKEY_LOCAL_MACHINE Uninstall List ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{002D9D5E-29BA-3E6D-9BC4-3D7D6DBC735C}" = Microsoft Visual C++ 2008 ATL Update kb973924 - x86 9.0.30729.4148
"{00C5F4F4-62F9-40D7-8000-AD8A9CD0C669}" = Microsoft Games for Windows - LIVE Redistributable
"{01501EBA-EC35-4F9F-8889-3BE346E5DA13}" = MSXML4 Parser
"{01521746-02A6-4A72-00BD-A285DF6B80C6}" = Die Sims 2: Wilde Campus-Jahre
"{0394CDC8-FABD-4ed8-B104-03393876DFDF}" = Roxio Creator Tools
"{052FDD78-A6EA-3187-8386-C82F4CA3A929}" = Microsoft .NET Framework 3.5 Language Pack SP1 - deu
"{0D397393-9B50-4c52-84D5-77E344289F87}" = Roxio Creator Data
"{10E1E87C-656C-4D08-86D6-5443D28583BE}" = TrayApp
"{11F93B4B-48F0-4A4E-AE77-DFA96A99664B}" = Roxio Creator EasyArchive
"{13F00518-807A-4B3A-83B0-A7CD90F3A398}" = MarketResearch
"{14DCD95A-EBA3-4BF0-B7EF-533852E99BE6}" = LG PC Suite II
"{1753255A-0AEB-4220-8C75-607B73F0C133}" = Copy
"{1A655D51-1423-48A3-B748-8F5A0BE294C8}" = Microsoft Visual J# .NET Redistributable Package 1.1
"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
"{205C6BDD-7B73-42DE-8505-9A093F35A238}" = Windows Live-Uploadtool
"{22466889-7642-488d-AA0E-F619704CF7AB}" = DeviceDiscovery
"{22B775E7-6C42-4FC5-8E10-9A5E3257BD94}" = MSVCRT
"{2637C347-9DAD-11D6-9EA2-00055D0CA761}" = PowerCinema
"{26A24AE4-039D-4CA4-87B4-2F83216020FF}" = Java(TM) 6 Update 21
"{295C31E5-3F91-498E-9623-DA24D2FA2B6A}" = T-Online WLAN-Access Finder
"{29FA38B4-0AE4-4D0D-8A51-6165BB990BB0}" = WebReg
"{2ADE2157-7A5E-122C-B51D-EB8A01B15943}" = DeepBurner v1.9.0.228
"{2C9EE786-1DDB-4C98-8FA4-B1B9B5A66B77}" = Microsoft Games for Windows - LIVE
"{2EA870FA-585F-4187-903D-CB9FFD21E2E0}" = DHTML Editing Component
"{2F28B3C9-2C89-4206-8B33-8ADC9577C49B}" = Scan
"{3248F0A8-6813-11D6-A77B-00B0D0150100}" = J2SE Runtime Environment 5.0 Update 10
"{3248F0A8-6813-11D6-A77B-00B0D0160010}" = Java(TM) SE Runtime Environment 6 Update 1
"{3248F0A8-6813-11D6-A77B-00B0D0160020}" = Java(TM) 6 Update 2
"{3248F0A8-6813-11D6-A77B-00B0D0160030}" = Java(TM) 6 Update 3
"{3248F0A8-6813-11D6-A77B-00B0D0160050}" = Java(TM) 6 Update 5
"{36FDBE6E-6684-462B-AE98-9A39A1B200CC}" = HP Product Assistant
"{3B4E636E-9D65-4D67-BA61-189800823F52}" = Windows Live Communications Platform
"{40F7AED3-0C7D-4582-99F6-484A515C73F2}" = HP Easy Setup - Frontend
"{41E654A9-26D0-4EAC-854B-0FA824FFFABB}" = Windows Live Messenger
"{45D707E9-F3C4-11D9-A373-0050BAE317E1}" = DVD Play
"{487B0B9B-DCD4-440D-89A0-A6EDE1A545A3}" = HPSSupply
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{4C391BD8-87F8-4FCF-A08E-2351F3E69EC4}" = Die Gilde 2
"{4CA55DA7-300F-4195-ACCE-DFCC31D8F251}" = Axe Snakepeel
"{4EA2F95F-A537-4d17-9E7F-6B3FF8D9BBE3}" = Microsoft Works
"{52B97218-98CB-4B8B-9283-D213C85E1AA4}" = Windows Live Anmelde-Assistent
"{543E938C-BDC4-4933-A612-01293996845F}" = UnloadSupport
"{55979C41-7D6A-49CC-B591-64AC1BBE2C8B}" = HP Picasso Media Center Add-In
"{5C82DAE5-6EB0-4374-9254-BE3319BA4E82}" = Skype™ 3.8
"{5FC68772-6D56-41C6-9DF1-24E868198AE6}" = Windows Live Call
"{60DE4033-9503-48D1-A483-7846BD217CA9}" = ICQ6.5
"{619CDD8A-14B6-43a1-AB6C-0F4EE48CE048}" = Roxio Creator Copy
"{6675CA7F-E51B-4F6A-99D4-F8F0124C6EAA}" = Roxio Express Labeler 3
"{66E6CE0C-5A1E-430C-B40A-0C90FF1804A8}" = eSupportQFolder
"{68D2A2E2-6B64-4433-8073-0605EB306C1B}" = Gothic 3 Gold
"{6956856F-B6B3-4BE0-BA0B-8F495BE32033}" = Apple Software Update
"{69FDFBB6-351D-4B8C-89D8-867DC9D0A2A4}" = Windows Media Player Firefox Plugin
"{6E7DD182-9FC6-4651-0095-2E666CC6AF35}" = Die Sims 2
"{6F5E2F4A-377D-4700-B0E3-8F7F7507EA15}" = CustomerResearchQFolder
"{7299052b-02a4-4627-81f2-1818da5d550d}" = Microsoft Visual C++ 2005 Redistributable
"{73FD7424-15CA-489F-B586-117D34FCBB18}" = World Poker Championship 2
"{74224F8D-4A17-4816-9EDB-7BB854DE532C}" = NVIDIA PhysX v8.04.25
"{75E71ADD-042C-4F30-BFAC-A9EC42351313}" = Python 2.4.3
"{767CC44C-9BBC-438D-BAD3-FD4595DD148B}" = VC80CRTRedist - 8.0.50727.762
"{770657D0-A123-3C07-8E44-1C83EC895118}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
"{7B3577F5-1D82-4C9B-008B-69D026FD8BCA}" = Die Sims 2: Open For Business
"{7B3F0113-E63C-4D6D-AF19-111A3165CCA2}" = Text-To-Speech-Runtime
"{7B63B2922B174135AFC0E1377DD81EC2}" = DivX Codec
"{824D3839-DAA1-4315-A822-7AE3E620E528}" = VideoToolkit01
"{8389382B-53BA-4A87-8854-91E3D80A5AC7}" = HP Photosmart Essential2.01
"{83FFCFC7-88C6-41c6-8752-958A45325C82}" = Roxio Creator Audio
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{8ADFC4160D694100B5B8A22DE9DCABD9}" = DivX Player
"{8FA7E81D-6D99-4788-8BE4-D898B346AB2E}" = IndustrieGigant 2
"{90120000-0020-0409-0000-0000000FF1CE}" = Compatibility Pack for the 2007 Office system
"{91110407-6000-11D3-8CFE-0150048383C9}" = Microsoft Office Professional Edition 2003
"{91244C78-951F-457C-B7E5-1447A3F79238}_is1" = ANSTOSS 4 Edition 03-04 1.7
"{95120000-00B9-0409-0000-0000000FF1CE}" = Microsoft Application Error Reporting
"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
"{A49F249F-0C91-497F-86DF-B2585E8E76B7}" = Microsoft Visual C++ 2005 Redistributable
"{A6B90148-02C5-4fd3-8D7A-EF2386835CB9}" = F4100_Help
"{A6C265BE-E2C1-483e-843D-6B4C1E912AE0}" = F4100
"{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper
"{A99968BE-C155-474C-0089-33239DEE1CE2}" = NFS Underground
"{AB5D51AE-EBC3-438D-872C-705C7C2084B0}" = DeviceManagementQFolder
"{AB5E289E-76BF-4251-9F3F-9B763F681AE0}" = HP Customer Experience Enhancements
"{AC76BA86-7AD7-1031-7B44-A81300000003}" = Adobe Reader 8.1.5 - Deutsch
"{AEA07F97-9088-497c-8821-0F36BD5DC251}" = HPProductAssistant
"{AF7FC1CA-79DF-43c3-90A3-33EFEB9294CE}" = AIO_Scan
"{B13A7C41581B411290FBC0395694E2A9}" = DivX Converter
"{B194272D-1F92-46DF-99EB-8D5CE91CB4EC}" = Adobe AIR
"{B4509BCE-7BAD-4a8c-B1AE-4D0CE7467C42}" = F4100_doccd
"{B4F35A00-24FD-4fb3-BF5E-413D5423434D}" = DJ_AIO_Software_min
"{B6F5B704-06D3-4687-90F3-6195304AD755}" = Die Sims™ 2 Apartment-Leben
"{B7050CBDB2504B34BC2A9CA0A692CC29}" = DivX Web Player
"{BAC3B914-9A96-4097-A5C7-7BF0CAD679D3}" = TransportGigant
"{BCD6CD1A-0DBE-412E-9F25-3B500D1E6BA1}" = SolutionCenter
"{C3ABE126-2BB2-4246-BFE1-6797679B3579}" = LG USB Modem driver
"{C3DC29BC-A8CF-4578-9DFC-37F049C44771}" = OcxSetup
"{C4D738F7-996A-4C81-B8FA-C4E26D767E41}" = Windows Live Mail
"{C7340571-7773-4A8C-9EBC-4E4243B38C76}" = Microsoft XML Parser
"{C79A37F3-C076-48BE-B290-F4C8676ABD74}" = Samsung PC Studio 3
"{C7D27207-0F86-4B6F-859C-21800A2C592E}" = Grand Prix 4
"{C8B0680B-CDAE-4809-9F91-387B6DE00F7C}" = Roxio Creator Basic v9
"{C8BB4912-12D9-42AE-B571-E580D8CD1B5B}" = TuneUp Utilities 2007
"{C978F5A7-5E75-4DBD-BFD7-A0488E8EFF9E}" = FileMaker Pro 8.5 Advanced
"{CA50045C-5119-48e7-9BA7-6B317379857A}" = DJ_AIO_Software
"{CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}" = Microsoft .NET Framework 1.1
"{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1
"{D0E39A1D-0CEE-4D85-B4A2-E3BE990D075E}" = Destination Component
"{D3D54FD6-ABA0-4AE3-BAC4-0D89ACA83CC7}_is1" = DFS_Media_Tool 2.1.2
"{E0A4805D-280A-4DD7-9E74-3A5F85E302A1}" = Windows Live Writer
"{E1180142-3B31-4DCC-9D27-7AC2D37662BF}" = LightScribe 1.4.124.1
"{E2662C24-B31E-4349-A084-32EB76E8B760}" = BufferChm
"{E2DFE069-083E-4631-9B6C-43C48E991DE5}" = Junk Mail filter update
"{E548726E-F4E8-459f-BAB8-45551BC071E9}" = DJ_AIO_ProductContext
"{E78BFA60-5393-4C38-82AB-E8019E464EB4}" = Microsoft .NET Framework 1.1 German Language Pack
"{E9C18EBD-85BE-47D0-AA73-3FEDCC976B04}" = Toolbox
"{EC4455AB-F155-4CC1-A4C5-88F3777F9886}" = Apple Mobile Device Support
"{EF5B1E83-1403-4F0E-A8E6-C169DF0CCE8C}" = LG PC Suite II
"{F0E12BBA-AD66-4022-A453-A1C8A0C4D570}" = Microsoft Choice Guard
"{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver
"{F1E63043-54FC-429B-AB2C-31AF9FBA4BC7}" = 32 Bit HP CIO Components Installer
"{F72E2DDC-3DB8-4190-A21D-63883D955FE7}" = PSSWCORE
"{F7529650-B9DB-481B-0089-A2AC3C2821C1}" = Die Sims 2: Nightlife
"{F804CEB4-747E-46D5-B8AB-C56E3BAF27D9}_is1" = Das Fussball Studio 7.9.1
"{F8FF18EE-264A-43FD-B2F6-5EAD40798C2F}" = Windows Live Essentials
"{F94234DB-FD06-42C3-B88D-6FC4DC9F988C}" = HP Easy Setup - Core
"{FA8A44D7-3E8A-4034-9C4F-088FA6B72BC4}" = HP Deskjet All-In-One Software 9.0
"{FD8D8B04-BEAD-4A55-AA1D-62D2373E7DEA}" = Status
"{FE57DE70-95DE-4B64-9266-84DA811053DB}" = HP Update
"Adobe AIR" = Adobe AIR
"Adobe Flash Player ActiveX" = Adobe Flash Player ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 10 Plugin
"Adobe Shockwave Player" = Adobe Shockwave Player
"Airline Tycoon - Deluxe" = Airline Tycoon - Deluxe
"Avira AntiVir Desktop" = Avira AntiVir Personal - Free Antivirus
"Berlin Subway" = Berlin Subway
"Bink and Smacker" = Bink and Smacker
"CEP - Colour Enable Packages_is1" = CEP (Color Enable Package) v.9.2 (beta)
"Der VerkehrsGigant-Gold Edition" = Der VerkehrsGigant-Gold Edition
"DivX Plus DirectShow Filters" = DivX Plus DirectShow Filters
"EADM" = EA Download Manager
"EAX Unified" = EAX Unified
"FM Gate | Mega Autofile" = FM Gate | Mega Autofile
"FM-Gate Häuserfile" = FM-Gate Häuserfile
"Free Audio CD Burner_is1" = Free Audio CD Burner version 1.4
"Free YouTube Download_is1" = Free YouTube Download 2.6
"Free YouTube to MP3 Converter_is1" = Free YouTube to MP3 Converter version 3.8
"FUSSBALL MANAGER 10" = FUSSBALL MANAGER 10
"Google Updater" = Google Updater
"GPxPatch" = GPxPatch (remove only)
"HP Imaging Device Functions" = HP Imaging Device Functions 9.0
"HP Photosmart Essential" = HP Photosmart Essential 2.01
"HP Solution Center & Imaging Support Tools" = HP Solution Center 9.0
"HPExtendedCapabilities" = HP Customer Participation Program 9.0
"HyperCam 2" = HyperCam 2
"IsoBuster_is1" = IsoBuster 2.4
"LiveUpdate" = LiveUpdate 3.2 (Symantec Corporation)
"LMMS 0.4.8" = Linux MultiMedia Studio (LMMS)
"Mafia" = Mafia
"Malwarebytes' Anti-Malware_is1" = Malwarebytes' Anti-Malware
"MegaTrainer eXperience_is1" = MegaTrainer eXperience V1.0.0.8
"Messenger Plus! Live" = Messenger Plus! Live
"Microsoft .NET Framework 1.1 (1033)" = Microsoft .NET Framework 1.1
"Microsoft .NET Framework 3.5 Language Pack SP1 - deu" = Microsoft .NET Framework 3.5 Language Pack SP1 - DEU
"Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1
"MIKSOFT Mobile AMR converter_is1" = MIKSOFT Mobile AMR converter
"Mozilla Firefox (3.6.13)" = Mozilla Firefox (3.6.13)
"Net2Day - Angeln 1.0" = Net2Day - Angeln 1.0
"Notepad++" = Notepad++
"NVIDIA Drivers" = NVIDIA Drivers
"OpenAL" = OpenAL
"p.i.c.s. Spielesammlung" = p.i.c.s. Spielesammlung
"PC-Doctor 5 for Windows" = Hardware Diagnose Tools
"ProtectDisc Driver 10" = ProtectDisc Helper Driver 10
"ProtectDisc Driver 11" = ProtectDisc Driver, Version 11
"ProTrain 18 Hamburg-Berlin 1.0" = ProTrain 18 Hamburg-Berlin 1.0
"ProTrain 18 Raildriver 1.0" = ProTrain 18 Raildriver 1.0
"ProTrain 8 Hannover-Berlin 1.0" = ProTrain 8 Hannover-Berlin 1.0
"ProTrain Berlin-Dresden 1.0" = ProTrain Berlin-Dresden 1.0
"ProTrain Berlin-Dresden Raildriver 1.0" = ProTrain Berlin-Dresden Raildriver 1.0
"QuickTime" = QuickTime
"RealPlayer 6.0" = RealPlayer
"SAMSUNG Mobile Modem" = SAMSUNG Mobile Modem Driver Set
"Samsung Mobile phone USB driver" = Samsung Mobile phone USB driver Software
"SAMSUNG Mobile USB Modem" = SAMSUNG Mobile USB Modem Software
"SAMSUNG Mobile USB Modem 1.0" = SAMSUNG Mobile USB Modem 1.0 Software
"SimPE_is1" = SimPE 0.68 (alpha)
"ST6UNST #1" = BlueShot 1.1.0
"SyncroSoft Emu" = SyncroSoft Emu (Remove only)
"Syncrosoft's License Control" = Syncrosofts Lizenz Kontrolle
"Train Simulator 1.0" = Microsoft Train Simulator
"TV Sponsoren" = TV Sponsoren
"Uninstall_is1" = Uninstall 1.0.0.1
"ViewpointMediaPlayer" = Viewpoint Media Player
"Virtual DJ - Atomix Productions" = Virtual DJ - Atomix Productions
"VLC media player" = VideoLAN VLC media player 0.8.6f
"VMLoad" = VMLoad
"WallPaperChanger 1.3_is1" = DeltaVision WallPaperChanger 1.3
"Winamp" = Winamp
"Winamp Toolbar" = Winamp Toolbar
"WinLiveSuite_Wave3" = Windows Live Essentials
"Winload Toolbar" = Winload Toolbar
"WinRAR archiver" = WinRAR Archivierer
"XviD" = XviD MPEG-4 Codec
========== HKEY_CURRENT_USER Uninstall List ==========
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"Managerfrauen Part 1" = Managerfrauen Part 1
"Managerfrauen Part 2" = Managerfrauen Part 2
"Managerfrauen Part 3" = Managerfrauen Part 3
========== Last 10 Event Log Errors ==========
[ Application Events ]
Error - 02.01.2011 10:15:25 | Computer Name = Marcin-PC | Source = Microsoft-Windows-CAPI2 | ID = 131083
Description =
Error - 02.01.2011 10:15:34 | Computer Name = Marcin-PC | Source = Microsoft-Windows-CAPI2 | ID = 131083
Description =
Error - 02.01.2011 17:55:26 | Computer Name = Marcin-PC | Source = Microsoft-Windows-CAPI2 | ID = 131083
Description =
Error - 02.01.2011 17:55:26 | Computer Name = Marcin-PC | Source = Microsoft-Windows-CAPI2 | ID = 131083
Description =
Error - 02.01.2011 17:55:30 | Computer Name = Marcin-PC | Source = Microsoft-Windows-CAPI2 | ID = 131083
Description =
Error - 02.01.2011 18:21:11 | Computer Name = Marcin-PC | Source = Microsoft-Windows-CAPI2 | ID = 131083
Description =
Error - 02.01.2011 18:21:11 | Computer Name = Marcin-PC | Source = Microsoft-Windows-CAPI2 | ID = 131083
Description =
Error - 02.01.2011 18:28:42 | Computer Name = Marcin-PC | Source = Application Hang | ID = 1002
Description = Programm mWCIqGgo.exe, Version 952.0.0.0 arbeitet nicht mehr mit Windows
zusammen und wurde beendet. Überprüfen Sie den Problemverlauf im Applet "Lösungen
für Probleme" in der Systemsteuerung, um nach weiteren Informationen über das Problem
zu suchen. Prozess-ID: dc4 Anfangszeit: 01cbaacb588cf415 Zeitpunkt der Beendigung:
29
Error - 02.01.2011 18:40:27 | Computer Name = Marcin-PC | Source = Microsoft-Windows-CAPI2 | ID = 131083
Description =
Error - 02.01.2011 18:40:28 | Computer Name = Marcin-PC | Source = Microsoft-Windows-CAPI2 | ID = 131083
Description =
[ System Events ]
Error - 02.01.2011 10:15:42 | Computer Name = Marcin-PC | Source = Service Control Manager | ID = 7000
Description =
Error - 02.01.2011 17:53:48 | Computer Name = Marcin-PC | Source = HTTP | ID = 15016
Description =
Error - 02.01.2011 17:54:27 | Computer Name = Marcin-PC | Source = LSM | ID = 1048
Description =
Error - 02.01.2011 17:55:25 | Computer Name = Marcin-PC | Source = Service Control Manager | ID = 7000
Description =
Error - 02.01.2011 18:19:43 | Computer Name = Marcin-PC | Source = HTTP | ID = 15016
Description =
Error - 02.01.2011 18:20:27 | Computer Name = Marcin-PC | Source = LSM | ID = 1048
Description =
Error - 02.01.2011 18:21:14 | Computer Name = Marcin-PC | Source = Service Control Manager | ID = 7000
Description =
Error - 02.01.2011 18:38:58 | Computer Name = Marcin-PC | Source = HTTP | ID = 15016
Description =
Error - 02.01.2011 18:39:36 | Computer Name = Marcin-PC | Source = LSM | ID = 1048
Description =
Error - 02.01.2011 18:40:18 | Computer Name = Marcin-PC | Source = Service Control Manager | ID = 7000
Description =
< End of report >
Code:
ATTFilter OTL logfile created on: 03.01.2011 00:01:27 - Run 1 OTL by OldTimer - Version 3.2.20.1 Folder = C:\Users\Marcin\Desktop Windows Vista Home Basic Edition Service Pack 1 (Version = 6.0.6001) - Type = NTWorkstation Internet Explorer (Version = 8.0.6001.18828) Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy 894,00 Mb Total Physical Memory | 201,00 Mb Available Physical Memory | 22,00% Memory free 2,00 Gb Paging File | 1,00 Gb Available in Paging File | 55,00% Paging File free Paging file location(s): ?:\pagefile.sys [binary data] %SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files Drive C: | 144,19 Gb Total Space | 22,66 Gb Free Space | 15,72% Space Free | Partition Type: NTFS Drive D: | 4,86 Gb Total Space | 0,88 Gb Free Space | 18,20% Space Free | Partition Type: NTFS Computer Name: MARCIN-PC | User Name: Marcin | Logged in as Administrator. Boot Mode: Normal | Scan Mode: Current user Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days ========== Processes (SafeList) ========== PRC - C:\Users\Marcin\Desktop\OTL.exe (OldTimer Tools) PRC - C:\Programme\Avira\AntiVir Desktop\avguard.exe (Avira GmbH) PRC - C:\Programme\Mozilla Firefox\plugin-container.exe (Mozilla Corporation) PRC - C:\Programme\Mozilla Firefox\firefox.exe (Mozilla Corporation) PRC - C:\Programme\Avira\AntiVir Desktop\sched.exe (Avira GmbH) PRC - C:\Programme\Avira\AntiVir Desktop\avgnt.exe (Avira GmbH) PRC - C:\Programme\Avira\AntiVir Desktop\avshadow.exe (Avira GmbH) PRC - C:\Programme\Windows Media Player\wmplayer.exe (Microsoft Corporation) PRC - C:\Programme\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe (Google Inc.) PRC - C:\Windows\explorer.exe (Microsoft Corporation) PRC - C:\Programme\Windows Defender\MSASCui.exe (Microsoft Corporation) PRC - C:\Programme\Windows Media Player\wmpnetwk.exe (Microsoft Corporation) PRC - C:\Programme\Windows Media Player\wmpnscfg.exe (Microsoft Corporation) PRC - C:\Windows\RtHDVCpl.exe (Realtek Semiconductor) PRC - C:\Programme\Symantec\LiveUpdate\AluSchedulerSvc.exe (Symantec Corporation) PRC - C:\hp\support\hpsysdrv.exe (Hewlett-Packard Company) PRC - C:\Programme\CyberLink\PowerCinema\Kernel\TV\CLSched.exe () PRC - C:\Programme\CyberLink\PowerCinema\Kernel\TV\CLCapSvc.exe () PRC - C:\Programme\CyberLink\PowerCinema\Kernel\CLML_NTService\CLMLServer.exe (Cyberlink) PRC - C:\Programme\Common Files\microsoft shared\VS7DEBUG\MDM.EXE (Microsoft Corporation) ========== Modules (SafeList) ========== MOD - C:\Users\Marcin\Desktop\OTL.exe (OldTimer Tools) MOD - C:\Windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.6001.18000_none_5cdbaa5a083979cc\comctl32.dll (Microsoft Corporation) ========== Win32 Services (SafeList) ========== SRV - (FirebirdServerMAGIXInstance) -- C:\MAGIX\Common\Database\bin\fbserver.exe File not found SRV - (CLTNetCnService) -- c:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe File not found SRV - (AntiVirService) -- C:\Program Files\Avira\AntiVir Desktop\avguard.exe (Avira GmbH) SRV - (AntiVirSchedulerService) -- C:\Program Files\Avira\AntiVir Desktop\sched.exe (Avira GmbH) SRV - (WinDefend) -- C:\Programme\Windows Defender\MpSvc.dll (Microsoft Corporation) SRV - (UxTuneUp) -- C:\Windows\System32\uxtuneup.dll (TuneUp Software GmbH) SRV - (Boonty Games) -- C:\Program Files\Common Files\BOONTY Shared\Service\Boonty.exe (BOONTY) SRV - (LiveUpdate) -- C:\Programme\Symantec\LiveUpdate\LuComServer_3_2.EXE (Symantec Corporation) SRV - (Automatisches LiveUpdate - Scheduler) -- C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe (Symantec Corporation) SRV - (UPnPService) -- C:\Programme\Common Files\MAGIX Shared\UPnPService\UPnPService.exe (Magix AG) SRV - (CLSched) CyberLink Task Scheduler (CTS) -- C:\Program Files\CyberLink\PowerCinema\Kernel\TV\CLSched.exe () SRV - (CLCapSvc) CyberLink Background Capture Service (CBCS) -- C:\Program Files\CyberLink\PowerCinema\Kernel\TV\CLCapSvc.exe () SRV - (CyberLink Media Library Service) -- C:\Program Files\CyberLink\PowerCinema\Kernel\CLML_NTService\CLMLServer.exe (Cyberlink) ========== Driver Services (SafeList) ========== DRV - (NwlnkFwd) -- C:\Windows\System32\DRIVERS\nwlnkfwd.sys File not found DRV - (NwlnkFlt) -- C:\Windows\System32\DRIVERS\nwlnkflt.sys File not found DRV - (IpInIp) -- C:\Windows\System32\DRIVERS\ipinip.sys File not found DRV - (GEARAspiWDM) -- C:\Windows\System32\Drivers\GEARAspiWDM.sys File not found DRV - (EagleNT) -- C:\Windows\System32\drivers\EagleNT.sys File not found DRV - (blbdrive) -- C:\Windows\System32\drivers\blbdrive.sys File not found DRV - (avipbb) -- C:\Windows\System32\drivers\avipbb.sys (Avira GmbH) DRV - (avgntflt) -- C:\Windows\System32\drivers\avgntflt.sys (Avira GmbH) DRV - (VClone) -- C:\Windows\System32\drivers\VClone.sys (Elaborate Bytes AG) DRV - (jnv4_mib) -- C:\Users\Marcin\AppData\Local\Temp\jnv4_mib.sys () DRV - (ssmdrv) -- C:\Windows\System32\drivers\ssmdrv.sys (Avira GmbH) DRV - (sptd) -- C:\Windows\System32\Drivers\sptd.sys () DRV - (avgio) -- C:\Programme\Avira\AntiVir Desktop\avgio.sys (Avira GmbH) DRV - (USBModem) -- C:\Windows\System32\drivers\lgusbmodem.sys (LG Electronics Inc.) DRV - (UsbDiag) -- C:\Windows\System32\drivers\lgusbdiag.sys (LG Electronics Inc.) DRV - (usbbus) -- C:\Windows\System32\drivers\lgusbbus.sys (LG Electronics Inc.) DRV - (ACEDRV08) -- C:\Windows\System32\drivers\ACEDRV08.sys (Protect Software GmbH) DRV - (nvlddmkm) -- C:\Windows\System32\drivers\nvlddmkm.sys (NVIDIA Corporation) DRV - (eeCtrl) -- C:\Programme\Common Files\Symantec Shared\EENGINE\eeCtrl.sys (Symantec Corporation) DRV - (acedrv11) -- C:\Windows\System32\drivers\ACEDRV11.sys (Protect Software GmbH) DRV - (IntcAzAudAddService) Service for Realtek HD Audio (WDM) -- C:\Windows\System32\drivers\RTKVHDA.sys (Realtek Semiconductor Corp.) DRV - (nvstor32) -- C:\Windows\system32\DRIVERS\nvstor32.sys (NVIDIA Corporation) DRV - (acehlp10) -- C:\Windows\System32\drivers\acehlp10.sys (Protect Software GmbH) DRV - (acedrv10) -- C:\Windows\System32\drivers\ACEDRV10.sys (Protect Software GmbH) DRV - (NVENETFD) -- C:\Windows\System32\drivers\nvmfdx32.sys (NVIDIA Corporation) DRV - (ss_mdm) -- C:\Windows\System32\drivers\ss_mdm.sys (MCCI Corporation) DRV - (ss_mdfl) -- C:\Windows\System32\drivers\ss_mdfl.sys (MCCI Corporation) DRV - (ss_bus) SAMSUNG Mobile USB Device 1.0 driver (WDM) -- C:\Windows\System32\drivers\ss_bus.sys (MCCI Corporation) DRV - (nvstor) -- C:\Windows\system32\DRIVERS\nvstor.sys (NVIDIA Corporation) DRV - (ql2300) -- C:\Windows\system32\drivers\ql2300.sys (QLogic Corporation) DRV - (adp94xx) -- C:\Windows\system32\drivers\adp94xx.sys (Adaptec, Inc.) DRV - (elxstor) -- C:\Windows\system32\drivers\elxstor.sys (Emulex) DRV - (adpahci) -- C:\Windows\system32\drivers\adpahci.sys (Adaptec, Inc.) DRV - (uliahci) -- C:\Windows\system32\drivers\uliahci.sys (ULi Electronics Inc.) DRV - (iaStorV) -- C:\Windows\system32\drivers\iastorv.sys (Intel Corporation) DRV - (adpu320) -- C:\Windows\system32\drivers\adpu320.sys (Adaptec, Inc.) DRV - (ulsata2) -- C:\Windows\system32\drivers\ulsata2.sys (Promise Technology, Inc.) DRV - (vsmraid) -- C:\Windows\system32\drivers\vsmraid.sys (VIA Technologies Inc.,Ltd) DRV - (ql40xx) -- C:\Windows\system32\drivers\ql40xx.sys (QLogic Corporation) DRV - (UlSata) -- C:\Windows\system32\drivers\ulsata.sys (Promise Technology, Inc.) DRV - (adpu160m) -- C:\Windows\system32\drivers\adpu160m.sys (Adaptec, Inc.) DRV - (nvraid) -- C:\Windows\system32\drivers\nvraid.sys (NVIDIA Corporation) DRV - (nfrd960) -- C:\Windows\system32\drivers\nfrd960.sys (IBM Corporation) DRV - (iirsp) -- C:\Windows\system32\drivers\iirsp.sys (Intel Corp./ICP vortex GmbH) DRV - (SiSRaid4) -- C:\Windows\system32\drivers\sisraid4.sys (Silicon Integrated Systems) DRV - (aic78xx) -- C:\Windows\system32\drivers\djsvs.sys (Adaptec, Inc.) DRV - (arcsas) -- C:\Windows\system32\drivers\arcsas.sys (Adaptec, Inc.) DRV - (LSI_SCSI) -- C:\Windows\system32\drivers\lsi_scsi.sys (LSI Logic) DRV - (SiSRaid2) -- C:\Windows\system32\drivers\sisraid2.sys (Silicon Integrated Systems Corp.) DRV - (HpCISSs) -- C:\Windows\system32\drivers\hpcisss.sys (Hewlett-Packard Company) DRV - (arc) -- C:\Windows\system32\drivers\arc.sys (Adaptec, Inc.) DRV - (iteraid) -- C:\Windows\system32\drivers\iteraid.sys (Integrated Technology Express, Inc.) DRV - (iteatapi) -- C:\Windows\system32\drivers\iteatapi.sys (Integrated Technology Express, Inc.) DRV - (LSI_SAS) -- C:\Windows\system32\drivers\lsi_sas.sys (LSI Logic) DRV - (Symc8xx) -- C:\Windows\system32\drivers\symc8xx.sys (LSI Logic) DRV - (LSI_FC) -- C:\Windows\system32\drivers\lsi_fc.sys (LSI Logic) DRV - (Sym_u3) -- C:\Windows\system32\drivers\sym_u3.sys (LSI Logic) DRV - (Mraid35x) -- C:\Windows\system32\drivers\mraid35x.sys (LSI Logic Corporation) DRV - (Sym_hi) -- C:\Windows\system32\drivers\sym_hi.sys (LSI Logic) DRV - (megasas) -- C:\Windows\system32\drivers\megasas.sys (LSI Logic Corporation) DRV - (viaide) -- C:\Windows\system32\drivers\viaide.sys (VIA Technologies, Inc.) DRV - (cmdide) -- C:\Windows\system32\drivers\cmdide.sys (CMD Technology, Inc.) DRV - (aliide) -- C:\Windows\system32\drivers\aliide.sys (Acer Laboratories Inc.) DRV - (Brserid) Brother MFC Serial Port Interface Driver (WDM) -- C:\Windows\system32\drivers\brserid.sys (Brother Industries Ltd.) DRV - (BrUsbSer) -- C:\Windows\system32\drivers\brusbser.sys (Brother Industries Ltd.) DRV - (BrFiltUp) -- C:\Windows\system32\drivers\brfiltup.sys (Brother Industries, Ltd.) DRV - (BrFiltLo) -- C:\Windows\system32\drivers\brfiltlo.sys (Brother Industries, Ltd.) DRV - (BrSerWdm) -- C:\Windows\system32\drivers\brserwdm.sys (Brother Industries Ltd.) DRV - (BrUsbMdm) -- C:\Windows\system32\drivers\brusbmdm.sys (Brother Industries Ltd.) DRV - (ntrigdigi) -- C:\Windows\system32\drivers\ntrigdigi.sys (N-trig Innovative Technologies) DRV - (E1G60) Intel(R) -- C:\Windows\System32\drivers\E1G60I32.sys (Intel Corporation) DRV - (StarOpen) -- C:\Windows\System32\drivers\StarOpen.sys () DRV - (Btcsrusb) -- C:\Windows\System32\drivers\btcusb.sys (IVT Corporation) DRV - (sfsync02) StarForce Protection Synchronization Driver (version 2.x) -- C:\Windows\System32\drivers\sfsync02.sys (Protection Technology) DRV - (sfdrv01) StarForce Protection Environment Driver (version 1.x) -- C:\Windows\System32\drivers\sfdrv01.sys (Protection Technology (StarForce)) DRV - (BlueletAudio) -- C:\Windows\System32\drivers\blueletaudio.sys (IVT Corporation) DRV - (sfhlp02) StarForce Protection Helper Driver (version 2.x) -- C:\Windows\System32\drivers\sfhlp02.sys (Protection Technology (StarForce)) DRV - (VcommMgr) -- C:\Windows\System32\drivers\VcommMgr.sys (IVT Corporation) DRV - (BT) -- C:\Windows\System32\drivers\BtNetDrv.sys (IVT Corporation) DRV - (Ps2) -- C:\Windows\System32\drivers\PS2.sys (Hewlett-Packard Company) DRV - (BlueletSCOAudio) -- C:\Windows\System32\drivers\BlueletSCOAudio.sys (IVT Corporation) DRV - (BTHidEnum) -- C:\Windows\System32\drivers\VBTEnum.sys () DRV - (CLEDX) -- C:\Windows\System32\drivers\cledx.sys (Team H2O) DRV - (BTHidMgr) -- C:\Windows\System32\Drivers\BTHidMgr.sys (IVT Corporation) DRV - (AN983) -- C:\Windows\System32\drivers\an983.sys (ADMtek Incorporated.) DRV - (VComm) -- C:\Windows\System32\drivers\VComm.sys (IVT Corporation) DRV - (sfhlp01) -- C:\Windows\System32\drivers\sfhlp01.sys (Protection Technology) DRV - (prohlp02) -- C:\Windows\System32\drivers\prohlp02.sys (Protection Technology) DRV - (prodrv06) -- C:\Windows\System32\drivers\prodrv06.sys (Protection Technology) ========== Standard Registry (SafeList) ========== ========== Internet Explorer ========== IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://www.t-online.de/service/redir/ie7_start.htm IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Secondary_Page_URL = [Binary data over 100 bytes] IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Secondary Start Pages = [Binary data over 100 bytes] IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.t-online.de/service/redir/ie7_start.htm IE - HKLM\..\URLSearchHook: {40c3cc16-7269-4b32-9531-17f2950fb06f} - C:\Programme\Winload\tbWinl.dll (Conduit Ltd.) IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://www.t-online.de/service/redir/ie7_start.htm IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Secondary_Page_URL = [Binary data over 100 bytes] IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,SearchDefaultBranded = 1 IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://search.conduit.com?SearchSource=10&ctid=CT2319825 IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,StartPageCache = 2 IE - HKCU\..\URLSearchHook: {40c3cc16-7269-4b32-9531-17f2950fb06f} - C:\Programme\Winload\tbWinl.dll (Conduit Ltd.) IE - HKCU\..\URLSearchHook: {855F3B16-6D32-4fe6-8A56-BBB695989046} - C:\PROGRA~1\ICQTOO~1\toolbaru.dll File not found IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local ========== FireFox ========== FF - prefs.js..browser.search.defaultenginename: "ICQ Search" FF - prefs.js..browser.search.selectedEngine: "Google" FF - prefs.js..browser.search.useDBForOrder: true FF - prefs.js..browser.startup.homepage: "hxxp://de.start2.mozilla.com/firefox?client=firefox-a&rls=org.mozilla:de:official" FF - prefs.js..extensions.enabledItems: {d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}:1.3.3 FF - prefs.js..extensions.enabledItems: {19503e42-ca3c-4c27-b1e2-9cdb2170ee34}:1.2.7 FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}:6.0.20 FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA}:6.0.21 FF - prefs.js..extensions.enabledItems: moveplayer@movenetworks.com:1.0.0.071303000004 FF - prefs.js..extensions.enabledItems: {888d99e7-e8b5-46a3-851e-1ec45da1e644}:4.0.1 FF - prefs.js..extensions.enabledItems: {5c8bfb7c-9a54-11dc-8314-0800200c9a66}:3.6.7 FF - prefs.js..keyword.URL: "hxxp://search.icq.com/search/afe_results.php?ch_id=afex&q=" FF - HKLM\software\mozilla\Mozilla Firefox 3.6.13\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2010.12.10 01:11:11 | 000,000,000 | ---D | M] FF - HKLM\software\mozilla\Mozilla Firefox 3.6.13\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2010.12.10 01:11:11 | 000,000,000 | ---D | M] [2008.06.20 13:51:09 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Marcin\AppData\Roaming\mozilla\Extensions [2011.01.02 16:31:51 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Marcin\AppData\Roaming\mozilla\Firefox\Profiles\98vh1hci.default\extensions [2010.12.24 12:48:59 | 000,000,000 | ---D | M] (FlashGot) -- C:\Users\Marcin\AppData\Roaming\mozilla\Firefox\Profiles\98vh1hci.default\extensions\{19503e42-ca3c-4c27-b1e2-9cdb2170ee34} [2010.05.01 16:42:34 | 000,000,000 | ---D | M] (Microsoft .NET Framework Assistant) -- C:\Users\Marcin\AppData\Roaming\mozilla\Firefox\Profiles\98vh1hci.default\extensions\{20a82645-c095-46ed-80e3-08825760534b} [2010.12.24 12:48:42 | 000,000,000 | ---D | M] (Aero Fox XL) -- C:\Users\Marcin\AppData\Roaming\mozilla\Firefox\Profiles\98vh1hci.default\extensions\{5c8bfb7c-9a54-11dc-8314-0800200c9a66} [2009.09.09 01:57:37 | 000,000,000 | ---D | M] (Phoenity Modern) -- C:\Users\Marcin\AppData\Roaming\mozilla\Firefox\Profiles\98vh1hci.default\extensions\{8181B740-5255-11D9-9FF6-0090995D2DCA} [2010.10.18 20:01:33 | 000,000,000 | ---D | M] (DVDVideoSoftTB Toolbar) -- C:\Users\Marcin\AppData\Roaming\mozilla\Firefox\Profiles\98vh1hci.default\extensions\{872b5b88-9db5-4310-bdd0-ac189557e5f5} [2010.12.24 12:48:59 | 000,000,000 | ---D | M] (ReloadEvery) -- C:\Users\Marcin\AppData\Roaming\mozilla\Firefox\Profiles\98vh1hci.default\extensions\{888d99e7-e8b5-46a3-851e-1ec45da1e644} [2010.05.16 23:34:15 | 000,000,000 | ---D | M] ("DVDVideoSoft Menu") -- C:\Users\Marcin\AppData\Roaming\mozilla\Firefox\Profiles\98vh1hci.default\extensions\{ACAA314B-EEBA-48e4-AD47-84E31C44796C} [2010.12.24 12:48:59 | 000,000,000 | ---D | M] (Adblock Plus) -- C:\Users\Marcin\AppData\Roaming\mozilla\Firefox\Profiles\98vh1hci.default\extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d} [2010.12.24 12:48:58 | 000,000,000 | ---D | M] (Virtus Search Opt-in) -- C:\Users\Marcin\AppData\Roaming\mozilla\Firefox\Profiles\98vh1hci.default\extensions\extension@virtusdesigns.com [2009.07.11 16:21:08 | 000,000,000 | ---D | M] (Move Media Player) -- C:\Users\Marcin\AppData\Roaming\mozilla\Firefox\Profiles\98vh1hci.default\extensions\moveplayer@movenetworks.com [2010.12.24 12:48:58 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Marcin\AppData\Roaming\mozilla\Firefox\Profiles\98vh1hci.default\extensions\extension@virtusdesigns.com\chrome [2010.12.24 12:48:42 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Marcin\AppData\Roaming\mozilla\Firefox\Profiles\98vh1hci.default\extensions\{5c8bfb7c-9a54-11dc-8314-0800200c9a66}\chrome\win\mozapps\extensions [2010.03.24 15:13:02 | 000,000,917 | ---- | M] () -- C:\Users\Marcin\AppData\Roaming\Mozilla\Firefox\Profiles\98vh1hci.default\searchplugins\conduit.xml [2008.08.04 13:30:01 | 000,000,523 | ---- | M] () -- C:\Users\Marcin\AppData\Roaming\Mozilla\Firefox\Profiles\98vh1hci.default\searchplugins\daemon-search.xml [2010.12.30 01:40:43 | 000,000,950 | ---- | M] () -- C:\Users\Marcin\AppData\Roaming\Mozilla\Firefox\Profiles\98vh1hci.default\searchplugins\icqplugin-1.xml [2009.07.06 16:42:48 | 000,000,950 | ---- | M] () -- C:\Users\Marcin\AppData\Roaming\Mozilla\Firefox\Profiles\98vh1hci.default\searchplugins\icqplugin-10.xml [2009.07.22 17:18:20 | 000,000,950 | ---- | M] () -- C:\Users\Marcin\AppData\Roaming\Mozilla\Firefox\Profiles\98vh1hci.default\searchplugins\icqplugin-11.xml [2009.08.04 04:08:28 | 000,000,950 | ---- | M] () -- C:\Users\Marcin\AppData\Roaming\Mozilla\Firefox\Profiles\98vh1hci.default\searchplugins\icqplugin-12.xml [2009.10.30 23:30:38 | 000,000,961 | ---- | M] () -- C:\Users\Marcin\AppData\Roaming\Mozilla\Firefox\Profiles\98vh1hci.default\searchplugins\icqplugin-13.xml [2009.11.06 17:54:09 | 000,000,961 | ---- | M] () -- C:\Users\Marcin\AppData\Roaming\Mozilla\Firefox\Profiles\98vh1hci.default\searchplugins\icqplugin-14.xml [2009.12.18 21:08:07 | 000,000,961 | ---- | M] () -- C:\Users\Marcin\AppData\Roaming\Mozilla\Firefox\Profiles\98vh1hci.default\searchplugins\icqplugin-15.xml [2010.01.06 14:12:57 | 000,000,961 | ---- | M] () -- C:\Users\Marcin\AppData\Roaming\Mozilla\Firefox\Profiles\98vh1hci.default\searchplugins\icqplugin-16.xml [2010.02.18 21:17:27 | 000,000,961 | ---- | M] () -- C:\Users\Marcin\AppData\Roaming\Mozilla\Firefox\Profiles\98vh1hci.default\searchplugins\icqplugin-17.xml [2010.03.31 13:52:43 | 000,000,961 | ---- | M] () -- C:\Users\Marcin\AppData\Roaming\Mozilla\Firefox\Profiles\98vh1hci.default\searchplugins\icqplugin-18.xml [2008.09.28 11:23:51 | 000,000,950 | ---- | M] () -- C:\Users\Marcin\AppData\Roaming\Mozilla\Firefox\Profiles\98vh1hci.default\searchplugins\icqplugin-2.xml [2008.11.13 15:36:44 | 000,000,950 | ---- | M] () -- C:\Users\Marcin\AppData\Roaming\Mozilla\Firefox\Profiles\98vh1hci.default\searchplugins\icqplugin-3.xml [2008.12.18 14:07:05 | 000,000,950 | ---- | M] () -- C:\Users\Marcin\AppData\Roaming\Mozilla\Firefox\Profiles\98vh1hci.default\searchplugins\icqplugin-4.xml [2009.02.06 19:15:06 | 000,000,950 | ---- | M] () -- C:\Users\Marcin\AppData\Roaming\Mozilla\Firefox\Profiles\98vh1hci.default\searchplugins\icqplugin-5.xml [2009.03.30 13:19:05 | 000,000,950 | ---- | M] () -- C:\Users\Marcin\AppData\Roaming\Mozilla\Firefox\Profiles\98vh1hci.default\searchplugins\icqplugin-6.xml [2009.04.23 19:13:36 | 000,000,950 | ---- | M] () -- C:\Users\Marcin\AppData\Roaming\Mozilla\Firefox\Profiles\98vh1hci.default\searchplugins\icqplugin-7.xml [2009.04.28 23:25:31 | 000,000,950 | ---- | M] () -- C:\Users\Marcin\AppData\Roaming\Mozilla\Firefox\Profiles\98vh1hci.default\searchplugins\icqplugin-8.xml [2009.06.12 23:32:46 | 000,000,950 | ---- | M] () -- C:\Users\Marcin\AppData\Roaming\Mozilla\Firefox\Profiles\98vh1hci.default\searchplugins\icqplugin-9.xml [2008.09.19 16:27:44 | 000,000,950 | ---- | M] () -- C:\Users\Marcin\AppData\Roaming\Mozilla\Firefox\Profiles\98vh1hci.default\searchplugins\icqplugin.xml [2010.08.23 14:16:23 | 000,000,000 | ---D | M] (No name found) -- C:\Programme\Mozilla Firefox\extensions [2010.08.21 00:30:13 | 000,000,000 | ---D | M] (VMLoad) -- C:\Programme\Mozilla Firefox\extensions\{464F169E-ACE1-4C5F-A778-A433A3DABBAE} [2010.04.28 23:29:02 | 000,000,000 | ---D | M] (Java Console) -- C:\Programme\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA} [2010.08.23 14:16:23 | 000,000,000 | ---D | M] (Java Console) -- C:\Programme\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA} [2008.06.20 14:26:24 | 000,000,000 | ---D | M] (T-Online Settings) -- C:\Programme\Mozilla Firefox\extensions\t-online@partners.mozilla.com [2007.07.22 19:53:49 | 000,000,000 | ---D | M] (Java Console) -- C:\PROGRAM FILES\MOZILLA FIREFOX\EXTENSIONS\{CAFEEFAC-0016-0000-0002-ABCDEFFEDCBA} [2007.10.22 22:41:16 | 000,000,000 | ---D | M] (Java Console) -- C:\PROGRAM FILES\MOZILLA FIREFOX\EXTENSIONS\{CAFEEFAC-0016-0000-0003-ABCDEFFEDCBA} [2008.03.23 21:00:38 | 000,000,000 | ---D | M] (Java Console) -- C:\PROGRAM FILES\MOZILLA FIREFOX\EXTENSIONS\{CAFEEFAC-0016-0000-0005-ABCDEFFEDCBA} [2010.04.28 23:29:02 | 000,000,000 | ---D | M] (Java Console) -- C:\PROGRAM FILES\MOZILLA FIREFOX\EXTENSIONS\{CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA} [2010.08.23 14:16:23 | 000,000,000 | ---D | M] (Java Console) -- C:\PROGRAM FILES\MOZILLA FIREFOX\EXTENSIONS\{CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA} [2010.07.17 04:00:04 | 000,423,656 | ---- | M] (Sun Microsystems, Inc.) -- C:\Programme\Mozilla Firefox\plugins\npdeployJava1.dll [2006.08.09 11:16:08 | 000,030,408 | ---- | M] ( ) -- C:\Programme\Mozilla Firefox\plugins\npWebLaunch.dll [2010.10.09 14:22:28 | 000,001,392 | ---- | M] () -- C:\Programme\Mozilla Firefox\searchplugins\amazondotcom-de.xml [2010.10.09 14:22:28 | 000,002,344 | ---- | M] () -- C:\Programme\Mozilla Firefox\searchplugins\eBay-de.xml [2010.10.09 14:22:28 | 000,006,805 | ---- | M] () -- C:\Programme\Mozilla Firefox\searchplugins\leo_ende_de.xml [2010.10.09 14:22:28 | 000,001,178 | ---- | M] () -- C:\Programme\Mozilla Firefox\searchplugins\wikipedia-de.xml [2010.10.09 14:22:29 | 000,001,105 | ---- | M] () -- C:\Programme\Mozilla Firefox\searchplugins\yahoo-de.xml O1 HOSTS File: ([2006.09.18 22:41:30 | 000,000,761 | ---- | M]) - C:\Windows\System32\drivers\etc\hosts O1 - Hosts: 127.0.0.1 localhost O1 - Hosts: ::1 localhost O2 - BHO: (Adobe PDF Reader) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Programme\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll (Adobe Systems Incorporated) O2 - BHO: (Winamp Toolbar BHO) - {25CEE8EC-5730-41bc-8B58-22DDC8AB8C20} - C:\Programme\Winamp Toolbar\winamptb.dll (AOL LLC) O2 - BHO: (Winload Toolbar) - {40c3cc16-7269-4b32-9531-17f2950fb06f} - C:\Programme\Winload\tbWinl.dll (Conduit Ltd.) O2 - BHO: (Windows Live Anmelde-Hilfsprogramm) - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Programme\Common Files\microsoft shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corporation) O2 - BHO: (Google Toolbar Notifier BHO) - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Programme\Google\GoogleToolbarNotifier\5.4.4525.1752\swg.dll (Google Inc.) O2 - BHO: (VMLoadHBO Class) - {C17C7688-31D1-46D7-8C9B-5D253E4F5D5E} - C:\Users\Marcin\AppData\Roaming\VMLoad\addin\VMLoad.dll (TODO: <Company name>) O3 - HKLM\..\Toolbar: (Winload Toolbar) - {40c3cc16-7269-4b32-9531-17f2950fb06f} - C:\Programme\Winload\tbWinl.dll (Conduit Ltd.) O3 - HKLM\..\Toolbar: (ICQ Toolbar) - {855F3B16-6D32-4fe6-8A56-BBB695989046} - C:\PROGRA~1\ICQTOO~1\toolbaru.dll File not found O3 - HKLM\..\Toolbar: (Winamp Toolbar) - {EBF2BA02-9094-4c5a-858B-BB198F3D8DE2} - C:\Programme\Winamp Toolbar\winamptb.dll (AOL LLC) O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {32099AAC-C132-4136-9E9A-4E364A424E17} - No CLSID value found. O3 - HKCU\..\Toolbar\WebBrowser: (Winload Toolbar) - {40C3CC16-7269-4B32-9531-17F2950FB06F} - C:\Programme\Winload\tbWinl.dll (Conduit Ltd.) O3 - HKCU\..\Toolbar\WebBrowser: (ICQ Toolbar) - {855F3B16-6D32-4FE6-8A56-BBB695989046} - C:\PROGRA~1\ICQTOO~1\toolbaru.dll File not found O3 - HKCU\..\Toolbar\WebBrowser: (Winamp Toolbar) - {EBF2BA02-9094-4C5A-858B-BB198F3D8DE2} - C:\Programme\Winamp Toolbar\winamptb.dll (AOL LLC) O4 - HKLM..\Run: [] File not found O4 - HKLM..\Run: [avgnt] C:\Program Files\Avira\AntiVir Desktop\avgnt.exe (Avira GmbH) O4 - HKLM..\Run: [hpsysdrv] c:\hp\support\hpsysdrv.exe (Hewlett-Packard Company) O4 - HKLM..\Run: [NvCplDaemon] C:\Windows\System32\NvCpl.DLL (NVIDIA Corporation) O4 - HKLM..\Run: [NvMediaCenter] C:\Windows\System32\NvMcTray.DLL (NVIDIA Corporation) O4 - HKLM..\Run: [RtHDVCpl] C:\Windows\RtHDVCpl.exe (Realtek Semiconductor) O4 - HKLM..\Run: [Windows Defender] C:\Program Files\Windows Defender\MSASCui.exe (Microsoft Corporation) O4 - HKCU..\Run: [dv_wpc] C:\Program Files\DeltaVision\wpc\dv_wpc.exe (DeltaVision) O4 - HKCU..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe (Google Inc.) O4 - HKCU..\Run: [WMPNSCFG] C:\Programme\Windows Media Player\wmpnscfg.exe (Microsoft Corporation) O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\InfoDelivery present O8 - Extra context menu item: &Winamp Toolbar Search - C:\ProgramData\Winamp Toolbar\ieToolbar\resources\en-US\local\search.html () O8 - Extra context menu item: Free YouTube Download - C:\Users\Marcin\AppData\Roaming\DVDVideoSoftIEHelpers\youtubedownload.htm () O8 - Extra context menu item: Free YouTube to Mp3 Converter - C:\Users\Marcin\AppData\Roaming\DVDVideoSoftIEHelpers\youtubetomp3.htm () O8 - Extra context menu item: Nach Microsoft &Excel exportieren - C:\Programme\Microsoft Office\OFFICE11\EXCEL.EXE (Microsoft Corporation) O9 - Extra Button: In Blog veröffentlichen - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Programme\Windows Live\Writer\WriterBrowserExtension.dll (Microsoft Corporation) O9 - Extra 'Tools' menuitem : In Windows Live Writer in Blog veröffentliche&n - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Programme\Windows Live\Writer\WriterBrowserExtension.dll (Microsoft Corporation) O9 - Extra Button: Recherchieren - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\Programme\Microsoft Office\OFFICE11\REFIEBAR.DLL (Microsoft Corporation) O9 - Extra Button: PartyPoker.com - {B7FE5D70-9AA2-40F1-9C6B-12A255F085E1} - C:\Program Files\PartyGaming\PartyPoker\RunApp.exe File not found O9 - Extra 'Tools' menuitem : PartyPoker.com - {B7FE5D70-9AA2-40F1-9C6B-12A255F085E1} - C:\Program Files\PartyGaming\PartyPoker\RunApp.exe File not found O9 - Extra Button: ICQ6 - {E59EB121-F339-4851-A3BA-FE49C35617C2} - C:\Programme\ICQ6.5\ICQ.exe (ICQ, LLC.) O9 - Extra 'Tools' menuitem : ICQ6 - {E59EB121-F339-4851-A3BA-FE49C35617C2} - C:\Programme\ICQ6.5\ICQ.exe (ICQ, LLC.) O13 - gopher Prefix: missing O15 - HKCU\..Trusted Domains: moove.com ([]* in Trusted sites) O16 - DPF: {166B1BCA-3F9C-11CF-8075-444553540000} hxxp://download.macromedia.com/pub/shockwave/cabs/director/sw.cab (Shockwave ActiveX Control) O16 - DPF: {5D6F45B3-9043-443D-A792-115447494D24} hxxp://messenger.zone.msn.com/DE-DE/a-UNO1/GAME_UNO1.cab (UnoCtrl Class) O16 - DPF: {861FDA2A-2B57-4BDA-8B8B-305C9D5D8604} hxxp://stream.pussyharem.com/stream/mmp2.cab (_Multimedia Player) O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_21-windows-i586.cab (Java Plug-in 1.6.0_21) O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} hxxp://messenger.zone.msn.com/binary/ZIntro.cab56649.cab (MSN Games - Installer) O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} hxxp://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab56907.cab (MessengerStatsClient Class) O16 - DPF: {CAFEEFAC-0015-0000-0010-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.5.0/jinstall-1_5_0_10-windows-i586.cab (Java Plug-in 1.5.0_10) O16 - DPF: {CAFEEFAC-0016-0000-0001-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_01-windows-i586.cab (Java Plug-in 1.6.0_01) O16 - DPF: {CAFEEFAC-0016-0000-0002-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_02-windows-i586.cab (Java Plug-in 1.6.0_02) O16 - DPF: {CAFEEFAC-0016-0000-0003-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_03-windows-i586.cab (Java Plug-in 1.6.0_03) O16 - DPF: {CAFEEFAC-0016-0000-0005-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_05-windows-i586.cab (Java Plug-in 1.6.0_05) O16 - DPF: {CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_21-windows-i586.cab (Java Plug-in 1.6.0_21) O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_21-windows-i586.cab (Java Plug-in 1.6.0_21) O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} hxxp://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab (Shockwave Flash Object) O16 - DPF: {F5A7706B-B9C0-4C89-A715-7A0C6B05DD48} hxxp://messenger.zone.msn.com/binary/MineSweeper.cab56986.cab (Minesweeper Flags Class) O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.0.1 O18 - Protocol\Handler\http\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation) O18 - Protocol\Handler\http\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation) O18 - Protocol\Handler\https\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation) O18 - Protocol\Handler\https\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation) O18 - Protocol\Handler\ipp\0x00000001 {E1D2BF42-A96B-11D1-9C6B-0000F875AC61} - C:\Programme\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation) O18 - Protocol\Handler\livecall {828030A1-22C1-4009-854F-8E305202313F} - C:\Programme\Windows Live\Messenger\msgrapp.14.0.8089.0726.dll (Microsoft Corporation) O18 - Protocol\Handler\msdaipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation) O18 - Protocol\Handler\msdaipp\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation) O18 - Protocol\Handler\ms-itss {0A9007C0-4076-11D3-8789-0000F8105754} - c:\Programme\Common Files\microsoft shared\Information Retrieval\msitss.dll (Microsoft Corporation) O18 - Protocol\Handler\msnim {828030A1-22C1-4009-854F-8E305202313F} - C:\Programme\Windows Live\Messenger\msgrapp.14.0.8089.0726.dll (Microsoft Corporation) O18 - Protocol\Handler\mso-offdap {3D9F03FA-7A94-11D3-BE81-0050048385D1} - C:\Programme\Common Files\microsoft shared\Web Components\10\OWC10.DLL (Microsoft Corporation) O18 - Protocol\Handler\mso-offdap11 {32505114-5902-49B2-880A-1F7738E5A384} - C:\Programme\Common Files\microsoft shared\Web Components\11\OWC11.DLL (Microsoft Corporation) O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Programme\Common Files\Skype\Skype4COM.dll (Skype Technologies) O18 - Protocol\Handler\wlmailhtml {03C514A3-1EFB-4856-9F99-10D7BE1653C0} - C:\Programme\Windows Live\Mail\mailcomm.dll (Microsoft Corporation) O18 - Protocol\Filter\text/xml {807553E5-5146-11D5-A672-00B0D022E945} - C:\Programme\Common Files\microsoft shared\OFFICE11\MSOXMLMF.DLL (Microsoft Corporation) O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation) O24 - Desktop WallPaper: C:\Users\Marcin\AppData\Roaming\DeltaVision\WPC\wpc.bmp O24 - Desktop BackupWallPaper: C:\Users\Marcin\AppData\Roaming\DeltaVision\WPC\wpc.bmp O32 - HKLM CDRom: AutoRun - 1 O32 - AutoRun File - [2006.09.18 22:43:36 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ] O33 - MountPoints2\{c257164e-6220-11dd-b914-00030d000001}\Shell - "" = AutoRun O33 - MountPoints2\{c257164e-6220-11dd-b914-00030d000001}\Shell\AutoRun\command - "" = J:\setup.exe -- File not found O34 - HKLM BootExecute: (autocheck autochk *) - File not found O35 - HKLM\..comfile [open] -- "%1" %* O35 - HKLM\..exefile [open] -- "%1" %* O37 - HKLM\...com [@ = comfile] -- "%1" %* O37 - HKLM\...exe [@ = exefile] -- "%1" %* ========== Files/Folders - Created Within 30 Days ========== [2011.01.02 23:12:52 | 000,000,000 | ---D | C] -- C:\Users\Marcin\AppData\Roaming\Malwarebytes [2011.01.02 23:12:41 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes' Anti-Malware [2011.01.02 23:12:40 | 000,038,224 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbamswissarmy.sys [2011.01.02 23:12:38 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes [2011.01.02 23:12:35 | 000,020,952 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbam.sys [2011.01.02 23:12:35 | 000,000,000 | ---D | C] -- C:\Programme\Malwarebytes' Anti-Malware [2011.01.02 23:11:46 | 000,602,112 | ---- | C] (OldTimer Tools) -- C:\Users\Marcin\Desktop\OTL.exe [2011.01.02 23:11:07 | 007,734,208 | ---- | C] (Malwarebytes Corporation ) -- C:\Users\Marcin\Desktop\mbam-setup.exe [2011.01.02 22:59:46 | 000,000,000 | ---D | C] -- C:\Users\Marcin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Quick Defrag [2010.12.31 00:49:02 | 000,000,000 | ---D | C] -- C:\Temp [2010.12.31 00:07:25 | 001,164,728 | ---- | C] (NuMedia Soft, Inc.) -- C:\Windows\System32\NMSDVDXU.dll [2010.12.31 00:07:25 | 000,419,240 | ---- | C] (VideoSoft) -- C:\Windows\System32\Vsflex7L.ocx [2010.12.31 00:07:24 | 000,630,784 | ---- | C] (ComponentOne) -- C:\Windows\System32\vsflex8u.ocx [2010.12.31 00:07:24 | 000,244,416 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\Msflxgrd.ocx [2010.12.31 00:07:06 | 000,000,000 | ---D | C] -- C:\Programme\LG PC Suite II [2010.12.31 00:06:59 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\LG PC Suite II [2010.12.31 00:05:58 | 000,000,000 | ---D | C] -- C:\Users\Marcin\AppData\Roaming\InstallShield [2010.12.27 18:39:22 | 000,000,000 | ---D | C] -- C:\Users\Marcin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\ASCARON Entertainment [2010.12.27 18:32:23 | 000,000,000 | ---D | C] -- C:\Programme\ASCARON Entertainment [2010.12.27 15:10:17 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\NVIDIA Corporation [2010.12.27 15:09:56 | 000,000,000 | ---D | C] -- C:\Windows\System32\AGEIA [2010.12.27 15:09:55 | 000,000,000 | ---D | C] -- C:\Programme\AGEIA Technologies [2010.12.27 14:20:11 | 000,000,000 | ---D | C] -- C:\Users\Marcin\AppData\Local\Reality Pump [2010.12.24 02:08:26 | 000,000,000 | --SD | C] -- C:\Users\Marcin\Documents\Eigene Datenquellen [3 C:\Windows\System32\*.tmp files -> C:\Windows\System32\*.tmp -> ] [1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ] ========== Files - Modified Within 30 Days ========== [2011.01.02 23:41:48 | 000,001,022 | ---- | M] () -- C:\Windows\tasks\Google Software Updater.job [2011.01.02 23:41:14 | 000,003,680 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0 [2011.01.02 23:41:14 | 000,003,680 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0 [2011.01.02 23:39:22 | 000,001,092 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job [2011.01.02 23:38:54 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat [2011.01.02 23:38:31 | 938,008,576 | -HS- | M] () -- C:\hiberfil.sys [2011.01.02 23:22:25 | 000,000,272 | ---- | M] () -- C:\ProgramData\~mWCIqGgo [2011.01.02 23:12:41 | 000,000,908 | ---- | M] () -- C:\Users\Public\Desktop\Malwarebytes' Anti-Malware.lnk [2011.01.02 23:12:05 | 000,001,096 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job [2011.01.02 23:11:48 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\Marcin\Desktop\OTL.exe [2011.01.02 23:11:21 | 007,734,208 | ---- | M] (Malwarebytes Corporation ) -- C:\Users\Marcin\Desktop\mbam-setup.exe [2011.01.02 22:59:47 | 000,000,152 | ---- | M] () -- C:\ProgramData\~mWCIqGgor [2011.01.02 22:59:46 | 000,000,577 | ---- | M] () -- C:\Users\Marcin\Desktop\Quick Defrag.lnk [2011.01.02 22:59:45 | 000,000,336 | ---- | M] () -- C:\ProgramData\mWCIqGgo [2011.01.02 20:40:25 | 177,573,888 | ---- | M] () -- C:\Users\Marcin\Desktop\dfs.vmd [2011.01.02 18:37:24 | 000,043,520 | ---- | M] () -- C:\Windows\System32\CmdLineExt03.dll [2011.01.02 16:56:32 | 000,000,420 | -H-- | M] () -- C:\Windows\tasks\User_Feed_Synchronization-{3D3F39E3-61CA-421E-AF0A-54D7F61D7149}.job [2010.12.31 00:08:02 | 000,001,541 | ---- | M] () -- C:\Users\Public\Desktop\LG PC Suite II.lnk [2010.12.27 18:39:22 | 000,001,129 | ---- | M] () -- C:\Users\Marcin\Desktop\ANSTOSS 4 Edition 03-04 starten.lnk [2010.12.24 02:07:58 | 000,002,665 | ---- | M] () -- C:\Users\Marcin\Desktop\Microsoft Office Excel 2003.lnk [2010.12.21 18:03:20 | 000,135,096 | ---- | M] (Avira GmbH) -- C:\Windows\System32\drivers\avipbb.sys [2010.12.20 18:09:00 | 000,038,224 | ---- | M] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbamswissarmy.sys [2010.12.20 18:08:40 | 000,020,952 | ---- | M] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbam.sys [2010.12.17 17:22:15 | 000,000,406 | ---- | M] () -- C:\Windows\tasks\1-Klick-Wartung.job [2010.12.17 17:20:14 | 000,000,000 | ---- | M] () -- C:\Windows\PROTOCOL.INI [2010.12.13 19:16:44 | 000,003,118 | ---- | M] () -- C:\Users\Marcin\Documents\Audio CD#2.dbr [2010.12.11 20:07:07 | 000,130,085 | ---- | M] () -- C:\Users\Marcin\Desktop\MDB74082-swt_geltungsbereich_dez09.pdf [3 C:\Windows\System32\*.tmp files -> C:\Windows\System32\*.tmp -> ] [1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ] ========== Files Created - No Company Name ========== [2011.01.02 23:12:41 | 000,000,908 | ---- | C] () -- C:\Users\Public\Desktop\Malwarebytes' Anti-Malware.lnk [2011.01.02 22:59:47 | 000,000,152 | ---- | C] () -- C:\ProgramData\~mWCIqGgor [2011.01.02 22:59:46 | 000,000,577 | ---- | C] () -- C:\Users\Marcin\Desktop\Quick Defrag.lnk [2011.01.02 22:59:46 | 000,000,272 | ---- | C] () -- C:\ProgramData\~mWCIqGgo [2011.01.02 22:59:45 | 000,000,336 | ---- | C] () -- C:\ProgramData\mWCIqGgo [2010.12.31 00:08:02 | 000,001,541 | ---- | C] () -- C:\Users\Public\Desktop\LG PC Suite II.lnk [2010.12.27 18:39:22 | 000,001,129 | ---- | C] () -- C:\Users\Marcin\Desktop\ANSTOSS 4 Edition 03-04 starten.lnk [2010.12.17 17:20:14 | 000,000,000 | ---- | C] () -- C:\Windows\PROTOCOL.INI [2010.12.13 19:16:44 | 000,003,118 | ---- | C] () -- C:\Users\Marcin\Documents\Audio CD#2.dbr [2010.12.11 20:07:07 | 000,130,085 | ---- | C] () -- C:\Users\Marcin\Desktop\MDB74082-swt_geltungsbereich_dez09.pdf [2010.11.27 21:43:55 | 000,043,520 | ---- | C] () -- C:\Windows\System32\CmdLineExt03.dll [2010.11.14 03:59:16 | 000,000,125 | ---- | C] () -- C:\Windows\WET.INI [2010.10.18 16:32:56 | 000,000,420 | ---- | C] () -- C:\Windows\Uninstall Spielesammlung.ini [2010.07.15 21:58:39 | 000,091,072 | ---- | C] () -- C:\Windows\System32\RoseCo2.dll [2010.05.30 20:59:31 | 000,000,041 | ---- | C] () -- C:\Windows\SIERRA.INI [2010.04.06 19:40:41 | 001,708,544 | ---- | C] () -- C:\Windows\System32\libqt4intf.dll [2009.12.09 21:41:16 | 000,022,016 | ---- | C] () -- C:\Windows\System32\prospeed_bmp2jpg.dll [2009.11.06 10:58:04 | 000,178,975 | ---- | C] () -- C:\Windows\System32\xlive.dll.cat [2009.08.28 23:06:32 | 000,076,407 | ---- | C] () -- C:\Users\Marcin\AppData\Roaming\Smiley.ico [2009.03.15 04:41:05 | 000,164,864 | ---- | C] () -- C:\Programme\UNWISE.EXE [2009.02.26 15:25:06 | 000,069,632 | R--- | C] () -- C:\Windows\System32\xmltok.dll [2009.02.26 15:25:06 | 000,036,864 | R--- | C] () -- C:\Windows\System32\xmlparse.dll [2009.02.08 04:35:19 | 000,120,200 | ---- | C] () -- C:\Windows\System32\DLLDEV32i.dll [2008.08.30 15:41:17 | 000,017,963 | ---- | C] () -- C:\ProgramData\hpzinstall.log [2008.08.28 20:01:45 | 000,000,056 | -H-- | C] () -- C:\ProgramData\ezsidmv.dat [2008.08.04 13:36:01 | 000,000,036 | ---- | C] () -- C:\Windows\DaemonPlugin.INI [2008.08.04 12:16:19 | 000,721,904 | ---- | C] () -- C:\Windows\System32\drivers\sptd.sys [2008.07.16 18:52:00 | 000,000,000 | ---- | C] () -- C:\ProgramData\LauncherAccess.dt [2008.06.17 18:22:37 | 000,005,632 | ---- | C] () -- C:\Windows\System32\drivers\StarOpen.sys [2008.06.06 15:09:02 | 000,000,094 | ---- | C] () -- C:\Users\Marcin\AppData\Local\fusioncache.dat [2008.05.01 12:47:58 | 000,000,319 | ---- | C] () -- C:\Windows\game.ini [2008.04.28 11:11:16 | 000,053,248 | ---- | C] () -- C:\Windows\System32\AgCPanelTraditionalChinese.dll [2008.04.28 11:11:16 | 000,053,248 | ---- | C] () -- C:\Windows\System32\AgCPanelSwedish.dll [2008.04.28 11:11:16 | 000,053,248 | ---- | C] () -- C:\Windows\System32\AgCPanelSpanish.dll [2008.04.28 11:11:16 | 000,053,248 | ---- | C] () -- C:\Windows\System32\AgCPanelSimplifiedChinese.dll [2008.04.28 11:11:16 | 000,053,248 | ---- | C] () -- C:\Windows\System32\AgCPanelPortugese.dll [2008.04.28 11:11:16 | 000,053,248 | ---- | C] () -- C:\Windows\System32\AgCPanelKorean.dll [2008.04.28 11:11:16 | 000,053,248 | ---- | C] () -- C:\Windows\System32\AgCPanelJapanese.dll [2008.04.28 11:11:16 | 000,053,248 | ---- | C] () -- C:\Windows\System32\AgCPanelGerman.dll [2008.04.28 11:11:16 | 000,053,248 | ---- | C] () -- C:\Windows\System32\AgCPanelFrench.dll [2008.02.05 14:59:12 | 000,000,092 | ---- | C] () -- C:\Windows\Lexstat.ini [2007.12.17 19:39:15 | 000,000,063 | ---- | C] () -- C:\Windows\WININIT.INI [2007.10.31 01:49:11 | 000,010,752 | ---- | C] () -- C:\Windows\System32\BASSMOD.dll [2007.10.14 23:49:11 | 000,000,000 | ---- | C] () -- C:\Windows\MusicMaker.INI [2007.10.14 23:39:26 | 000,000,410 | ---- | C] () -- C:\Windows\BeatBox.INI [2007.10.14 23:37:40 | 000,053,248 | ---- | C] () -- C:\Windows\System32\mgxasio2.dll [2007.07.19 00:36:50 | 000,000,018 | ---- | C] () -- C:\Users\Marcin\AppData\Roaming\sys386g1.dat [2007.07.19 00:29:02 | 000,000,010 | ---- | C] () -- C:\Users\Marcin\AppData\Roaming\axprot3 [2007.07.07 18:08:53 | 000,000,126 | -HS- | C] () -- C:\ProgramData\.zreglib [2007.05.28 00:30:07 | 000,038,912 | ---- | C] () -- C:\Windows\System32\mgxasio.dll [2007.05.28 00:29:09 | 000,007,119 | ---- | C] () -- C:\Windows\mgxoschk.ini [2007.04.30 22:59:02 | 000,000,131 | ---- | C] () -- C:\Windows\TENNIS.INI [2007.04.21 23:58:36 | 000,000,305 | ---- | C] () -- C:\ProgramData\addr_file.html [2007.03.27 18:43:36 | 000,008,260 | ---- | C] () -- C:\ProgramData\LUUnInstall.LiveUpdate [2007.02.18 15:21:20 | 000,000,407 | ---- | C] () -- C:\Windows\videoimp.ini [2007.02.18 15:21:07 | 000,010,240 | ---- | C] () -- C:\Windows\System32\vidx16.dll [2007.02.18 09:25:00 | 000,017,089 | ---- | C] () -- C:\Users\Marcin\AppData\Roaming\UserTile.png [2007.02.08 18:28:13 | 000,021,504 | ---- | C] () -- C:\Windows\jestertb.dll [2007.02.07 22:33:11 | 000,000,680 | ---- | C] () -- C:\Users\Marcin\AppData\Local\d3d9caps.dat [2007.02.07 18:58:12 | 000,039,899 | ---- | C] () -- C:\Windows\System32\rtsicis.ini [2007.02.05 23:07:33 | 000,000,400 | ---- | C] () -- C:\Windows\ODBC.INI [2007.02.05 23:07:32 | 000,001,471 | ---- | C] () -- C:\Windows\ODBCINST.INI [2007.02.05 22:48:23 | 000,148,992 | ---- | C] () -- C:\Users\Marcin\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini [2007.02.05 11:57:40 | 000,000,210 | ---- | C] () -- C:\Users\Marcin\AppData\Roaming\wklnhst.dat [2006.12.10 19:49:29 | 000,327,680 | ---- | C] () -- C:\Windows\System32\pythoncom24.dll [2006.12.10 19:49:29 | 000,102,400 | ---- | C] () -- C:\Windows\System32\pywintypes24.dll [2006.11.09 15:19:08 | 000,000,000 | ---- | C] () -- C:\Windows\System32\px.ini [2006.11.02 09:27:46 | 000,000,518 | ---- | C] () -- C:\Windows\System32\SP207.ini [2006.11.02 08:40:29 | 000,013,750 | ---- | C] () -- C:\Windows\System32\pacerprf.ini [2006.08.10 23:00:40 | 000,520,192 | ---- | C] () -- C:\Windows\System32\CddbPlaylist2Roxio.dll [2006.08.10 23:00:40 | 000,204,800 | ---- | C] () -- C:\Windows\System32\CddbFileTaggerRoxio.dll [2006.06.07 14:23:04 | 000,061,440 | ---- | C] () -- C:\Windows\System32\lxczcnv7.dll [2006.04.14 09:14:12 | 000,014,312 | ---- | C] () -- C:\Windows\System32\drivers\BTNetFilter.sys [2006.03.07 12:59:04 | 000,061,440 | ---- | C] () -- C:\Windows\System32\lxczcnv6.dll [2006.01.10 18:11:06 | 000,061,440 | ---- | C] () -- C:\Windows\System32\lxczcnv5.dll [2005.07.30 07:21:32 | 000,011,988 | ---- | C] () -- C:\Windows\System32\drivers\VBTEnum.sys [2004.12.14 12:04:48 | 000,266,240 | ---- | C] () -- C:\Windows\System32\xvidvfw.dll [2004.12.14 12:02:49 | 001,175,552 | ---- | C] () -- C:\Windows\System32\xvidcore.dll [2004.01.26 16:15:29 | 000,233,472 | R--- | C] () -- C:\Users\Marcin\AppData\Roaming\MafiaSetup.exe [2003.02.20 17:53:42 | 000,005,702 | ---- | C] () -- C:\Windows\System32\OUTLPERF.INI ========== Alternate Data Streams ========== @Alternate Data Stream - 353 bytes -> C:\ProgramData\TEMP:05EE1EEF < End of report > Geändert von marcin (03.01.2011 um 00:50 Uhr) |
|
03.01.2011, 14:03
| #2 | |
| /// Winkelfunktion /// TB-Süch-Tiger™   | TR/Crypt.ZPACK.Gen und quick defragZitat:
 Bitte routinemäßig einen Vollscan mit Malwarebytes machen und Log posten. Denk daran, dass Malwarebytes vor jedem Scan manuell aktualisiert werden muss! Falls Logs aus älteren Scans mit Malwarebytes vorhanden sind, bitte auch davon alle posten!
__________________ |
|
| Themen zu TR/Crypt.ZPACK.Gen und quick defrag |
| 0x00000001, 32 bit, adblock, adware.toolbar, alternate, antivirus, autorun, avgntflt.sys, avira, browser, conduit, corp./icp, entfernen, error, excel, excel.exe, firefox.exe, flash player, google, helper, home, iexplore.exe, install.exe, launch, location, logfile, media center, mozilla, mp3, nvlddmkm.sys, nvstor.sys, oldtimer, otl.exe, plug-in, programdata, programm, realtek, registry, saver, sched.exe, searchplugins, security, shell32.dll, skype.exe, software, sptd.sys, staropen, start menu, studio, svchost.exe, system, trojan, usb, vista, vlc media player, winload toolbar, worm.p2p |
Linear-Darstellung
