| |
| |||||||
Plagegeister aller Art und deren Bekämpfung: JAVA/Dldr.Cethry.EWindows 7 Wenn Du nicht sicher bist, ob Du dir Malware oder Trojaner eingefangen hast, erstelle hier ein Thema. Ein Experte wird sich mit weiteren Anweisungen melden und Dir helfen die Malware zu entfernen oder Unerwünschte Software zu deinstallieren bzw. zu löschen. Bitte schildere dein Problem so genau wie möglich. Sollte es ein Trojaner oder Viren Problem sein wird ein Experte Dir bei der Beseitigug der Infektion helfen. |
 |
14.02.2011, 00:47
| #1 |
 |  JAVA/Dldr.Cethry.E Hallo, als ich meinen Pc mit Antivir überprüft habe, kam die Meldung das ein Java-Virus mit dem Namen "JAVA/Dldr.Cethry.E" gefunden wurde. Über Google konnte ich dazu nichts finden und Avira hatte das auch nicht in der Datenbank. Nun weiß ich nicht ob es wieder ein Fehlalarm ist oder doch ein Virus. Vor ein paar Tagen habe ich auch mein Java aktualisiert, könnte das vll damit zusammenhängen? Antivir Code:
ATTFilter Avira AntiVir Personal
Erstellungsdatum der Reportdatei: Sonntag, 13. Februar 2011 20:25
Es wird nach 2396735 Virenstämmen gesucht.
Das Programm läuft als uneingeschränkte Vollversion.
Online-Dienste stehen zur Verfügung.
Lizenznehmer : Avira AntiVir Personal - FREE Antivirus
Seriennummer : 0000149996-ADJIE-0000001
Plattform : Windows Vista
Windowsversion : (Service Pack 2) [6.0.6002]
Boot Modus : Normal gebootet
Benutzername : SYSTEM
Computername : ******
Versionsinformationen:
BUILD.DAT : 10.0.0.611 31824 Bytes 14.01.2011 13:28:00
AVSCAN.EXE : 10.0.3.5 435368 Bytes 08.12.2010 17:32:48
AVSCAN.DLL : 10.0.3.0 56168 Bytes 30.03.2010 11:42:16
LUKE.DLL : 10.0.3.2 104296 Bytes 08.12.2010 17:32:49
LUKERES.DLL : 10.0.0.0 13672 Bytes 14.01.2010 11:59:47
VBASE000.VDF : 7.10.0.0 19875328 Bytes 06.11.2009 14:50:55
VBASE001.VDF : 7.11.0.0 13342208 Bytes 14.12.2010 18:54:35
VBASE002.VDF : 7.11.3.0 1950720 Bytes 09.02.2011 19:15:47
VBASE003.VDF : 7.11.3.1 2048 Bytes 09.02.2011 19:15:47
VBASE004.VDF : 7.11.3.2 2048 Bytes 09.02.2011 19:15:47
VBASE005.VDF : 7.11.3.3 2048 Bytes 09.02.2011 19:15:47
VBASE006.VDF : 7.11.3.4 2048 Bytes 09.02.2011 19:15:47
VBASE007.VDF : 7.11.3.5 2048 Bytes 09.02.2011 19:15:47
VBASE008.VDF : 7.11.3.6 2048 Bytes 09.02.2011 19:15:47
VBASE009.VDF : 7.11.3.7 2048 Bytes 09.02.2011 19:15:47
VBASE010.VDF : 7.11.3.8 2048 Bytes 09.02.2011 19:15:47
VBASE011.VDF : 7.11.3.9 2048 Bytes 09.02.2011 19:15:47
VBASE012.VDF : 7.11.3.10 2048 Bytes 09.02.2011 19:15:47
VBASE013.VDF : 7.11.3.11 2048 Bytes 09.02.2011 19:15:47
VBASE014.VDF : 7.11.3.12 2048 Bytes 09.02.2011 19:15:47
VBASE015.VDF : 7.11.3.13 2048 Bytes 09.02.2011 19:15:47
VBASE016.VDF : 7.11.3.14 2048 Bytes 09.02.2011 19:15:47
VBASE017.VDF : 7.11.3.15 2048 Bytes 09.02.2011 19:15:47
VBASE018.VDF : 7.11.3.16 2048 Bytes 09.02.2011 19:15:47
VBASE019.VDF : 7.11.3.17 2048 Bytes 09.02.2011 19:15:47
VBASE020.VDF : 7.11.3.18 2048 Bytes 09.02.2011 19:15:47
VBASE021.VDF : 7.11.3.19 2048 Bytes 09.02.2011 19:15:47
VBASE022.VDF : 7.11.3.20 2048 Bytes 09.02.2011 19:15:47
VBASE023.VDF : 7.11.3.21 2048 Bytes 09.02.2011 19:15:47
VBASE024.VDF : 7.11.3.22 2048 Bytes 09.02.2011 19:15:47
VBASE025.VDF : 7.11.3.23 2048 Bytes 09.02.2011 19:15:47
VBASE026.VDF : 7.11.3.24 2048 Bytes 09.02.2011 19:15:47
VBASE027.VDF : 7.11.3.25 2048 Bytes 09.02.2011 19:15:48
VBASE028.VDF : 7.11.3.26 2048 Bytes 09.02.2011 19:15:48
VBASE029.VDF : 7.11.3.27 2048 Bytes 09.02.2011 19:15:48
VBASE030.VDF : 7.11.3.28 2048 Bytes 09.02.2011 19:15:48
VBASE031.VDF : 7.11.3.52 116224 Bytes 12.02.2011 12:33:26
Engineversion : 8.2.4.166
AEVDF.DLL : 8.1.2.1 106868 Bytes 04.11.2010 15:24:33
AESCRIPT.DLL : 8.1.3.53 1282427 Bytes 01.02.2011 17:43:25
AESCN.DLL : 8.1.7.2 127349 Bytes 22.11.2010 15:56:05
AESBX.DLL : 8.1.3.2 254324 Bytes 22.11.2010 15:56:15
AERDL.DLL : 8.1.9.2 635252 Bytes 04.11.2010 15:24:33
AEPACK.DLL : 8.2.4.9 512374 Bytes 01.02.2011 17:43:25
AEOFFICE.DLL : 8.1.1.16 205179 Bytes 01.02.2011 17:43:25
AEHEUR.DLL : 8.1.2.76 3273078 Bytes 13.02.2011 12:33:27
AEHELP.DLL : 8.1.16.1 246134 Bytes 04.02.2011 15:20:51
AEGEN.DLL : 8.1.5.2 397683 Bytes 21.01.2011 13:30:58
AEEMU.DLL : 8.1.3.0 393589 Bytes 22.11.2010 15:55:26
AECORE.DLL : 8.1.19.2 196983 Bytes 21.01.2011 13:30:57
AEBB.DLL : 8.1.1.0 53618 Bytes 04.11.2010 15:24:33
AVWINLL.DLL : 10.0.0.0 19304 Bytes 14.01.2010 11:59:10
AVPREF.DLL : 10.0.0.0 44904 Bytes 14.01.2010 11:59:07
AVREP.DLL : 10.0.0.8 62209 Bytes 18.02.2010 16:47:40
AVREG.DLL : 10.0.3.2 53096 Bytes 04.11.2010 15:24:33
AVSCPLR.DLL : 10.0.3.2 84328 Bytes 08.12.2010 17:32:48
AVARKT.DLL : 10.0.22.6 231784 Bytes 08.12.2010 17:32:47
AVEVTLOG.DLL : 10.0.0.8 203112 Bytes 26.01.2010 09:53:25
SQLITE3.DLL : 3.6.19.0 355688 Bytes 28.01.2010 12:57:53
AVSMTP.DLL : 10.0.0.17 63848 Bytes 16.03.2010 15:38:54
NETNT.DLL : 10.0.0.0 11624 Bytes 19.02.2010 14:40:55
RCIMAGE.DLL : 10.0.0.26 2550120 Bytes 28.01.2010 13:10:08
RCTEXT.DLL : 10.0.58.0 98152 Bytes 04.11.2010 15:24:32
Konfiguration für den aktuellen Suchlauf:
Job Name..............................: Vollständige Systemprüfung
Konfigurationsdatei...................: C:\program files\avira\antivir desktop\sysscan.avp
Protokollierung.......................: niedrig
Primäre Aktion........................: interaktiv
Sekundäre Aktion......................: ignorieren
Durchsuche Masterbootsektoren.........: ein
Durchsuche Bootsektoren...............: ein
Bootsektoren..........................: C:, D:, E:, G:, H:, I:,
Durchsuche aktive Programme...........: ein
Laufende Programme erweitert..........: ein
Durchsuche Registrierung..............: ein
Suche nach Rootkits...................: ein
Integritätsprüfung von Systemdateien..: aus
Datei Suchmodus.......................: Alle Dateien
Durchsuche Archive....................: ein
Rekursionstiefe einschränken..........: 20
Archiv Smart Extensions...............: ein
Makrovirenheuristik...................: ein
Dateiheuristik........................: mittel
Abweichende Gefahrenkategorien........: +SPR,
Beginn des Suchlaufs: Sonntag, 13. Februar 2011 20:25
Der Suchlauf nach versteckten Objekten wird begonnen.
HKEY_USERS\S-1-5-21-265132421-3806334842-1491770889-1000\Software\SecuROM\License information\datasecu
[HINWEIS] Der Registrierungseintrag ist nicht sichtbar.
HKEY_USERS\S-1-5-21-265132421-3806334842-1491770889-1000\Software\SecuROM\License information\rkeysecu
[HINWEIS] Der Registrierungseintrag ist nicht sichtbar.
c:\program files\hotspot shield\bin\hsstrayservice.exe
c:\program files\hotspot shield\bin\hsstrayservice.exe
[HINWEIS] Der Prozess ist nicht sichtbar.
c:\program files\hotspot shield\bin\hsstrayservice.exe
c:\program files\hotspot shield\bin\hsstrayservice.exe
c:\program files\hotspot shield\bin\hsstrayservice.exe
c:\program files\hotspot shield\bin\hsstrayservice.exe
c:\program files\hotspot shield\bin\hsstrayservice.exe
c:\program files\hotspot shield\bin\hsstrayservice.exe
c:\program files\hotspot shield\bin\hsstrayservice.exe
c:\program files\hotspot shield\bin\hsstrayservice.exe
c:\program files\hotspot shield\bin\hsstrayservice.exe
c:\program files\hotspot shield\bin\hsstrayservice.exe
c:\program files\hotspot shield\bin\hsstrayservice.exe
c:\program files\hotspot shield\bin\hsstrayservice.exe
c:\program files\hotspot shield\bin\hsstrayservice.exe
c:\program files\hotspot shield\bin\hsstrayservice.exe
Der Suchlauf über gestartete Prozesse wird begonnen:
Durchsuche Prozess 'SearchFilterHost.exe' - '32' Modul(e) wurden durchsucht
Durchsuche Prozess 'SearchProtocolHost.exe' - '42' Modul(e) wurden durchsucht
Durchsuche Prozess 'svchost.exe' - '30' Modul(e) wurden durchsucht
Durchsuche Prozess 'vssvc.exe' - '49' Modul(e) wurden durchsucht
Durchsuche Prozess 'avscan.exe' - '81' Modul(e) wurden durchsucht
Durchsuche Prozess 'avscan.exe' - '29' Modul(e) wurden durchsucht
Durchsuche Prozess 'avcenter.exe' - '66' Modul(e) wurden durchsucht
Durchsuche Prozess 'OSE.EXE' - '43' Modul(e) wurden durchsucht
Durchsuche Prozess 'plugin-container.exe' - '90' Modul(e) wurden durchsucht
Durchsuche Prozess 'mobsync.exe' - '35' Modul(e) wurden durchsucht
Durchsuche Prozess 'firefox.exe' - '130' Modul(e) wurden durchsucht
Durchsuche Prozess 'svchost.exe' - '21' Modul(e) wurden durchsucht
Durchsuche Prozess 'openvpntray.exe' - '52' Modul(e) wurden durchsucht
Durchsuche Prozess 'iPodService.exe' - '30' Modul(e) wurden durchsucht
Durchsuche Prozess 'WLIDSvcM.exe' - '16' Modul(e) wurden durchsucht
Durchsuche Prozess 'WUDFHost.exe' - '33' Modul(e) wurden durchsucht
Durchsuche Prozess 'SearchIndexer.exe' - '66' Modul(e) wurden durchsucht
Durchsuche Prozess 'WLIDSVC.EXE' - '52' Modul(e) wurden durchsucht
Durchsuche Prozess 'svchost.exe' - '31' Modul(e) wurden durchsucht
Durchsuche Prozess 'ULCDRSvr.exe' - '5' Modul(e) wurden durchsucht
Durchsuche Prozess 'TUProgSt.exe' - '26' Modul(e) wurden durchsucht
Durchsuche Prozess 'svchost.exe' - '53' Modul(e) wurden durchsucht
Durchsuche Prozess 'SeaPort.exe' - '56' Modul(e) wurden durchsucht
Durchsuche Prozess 'svchost.exe' - '42' Modul(e) wurden durchsucht
Durchsuche Prozess 'PnkBstrA.exe' - '27' Modul(e) wurden durchsucht
Durchsuche Prozess 'ICQ Service.exe' - '37' Modul(e) wurden durchsucht
Durchsuche Prozess 'hsswd.exe' - '37' Modul(e) wurden durchsucht
Durchsuche Prozess 'hsssrv.exe' - '35' Modul(e) wurden durchsucht
Durchsuche Prozess 'avshadow.exe' - '33' Modul(e) wurden durchsucht
Durchsuche Prozess 'openvpnas.exe' - '43' Modul(e) wurden durchsucht
Durchsuche Prozess 'mDNSResponder.exe' - '33' Modul(e) wurden durchsucht
Durchsuche Prozess 'AppleMobileDeviceService.exe' - '46' Modul(e) wurden durchsucht
Durchsuche Prozess 'avguard.exe' - '65' Modul(e) wurden durchsucht
Durchsuche Prozess 'DiskMonitorService.exe' - '26' Modul(e) wurden durchsucht
Durchsuche Prozess 'ObjectDock.exe' - '82' Modul(e) wurden durchsucht
Durchsuche Prozess 'SPUVolumeWatcher.exe' - '40' Modul(e) wurden durchsucht
Durchsuche Prozess 'SSScheduler.exe' - '24' Modul(e) wurden durchsucht
Durchsuche Prozess 'ICQ.exe' - '140' Modul(e) wurden durchsucht
Durchsuche Prozess 'sidebar.exe' - '72' Modul(e) wurden durchsucht
Durchsuche Prozess 'veohwebplayer.exe' - '95' Modul(e) wurden durchsucht
Durchsuche Prozess 'TeaTimer.exe' - '44' Modul(e) wurden durchsucht
Durchsuche Prozess 'iTunesHelper.exe' - '76' Modul(e) wurden durchsucht
Durchsuche Prozess 'jusched.exe' - '23' Modul(e) wurden durchsucht
Durchsuche Prozess 'RazerImperatorTray.exe' - '32' Modul(e) wurden durchsucht
Durchsuche Prozess 'SyTray.exe' - '37' Modul(e) wurden durchsucht
Durchsuche Prozess 'winampa.exe' - '18' Modul(e) wurden durchsucht
Durchsuche Prozess 'avgnt.exe' - '54' Modul(e) wurden durchsucht
Durchsuche Prozess 'RtHDVCpl.exe' - '45' Modul(e) wurden durchsucht
Durchsuche Prozess 'taskeng.exe' - '78' Modul(e) wurden durchsucht
Durchsuche Prozess 'RtWLan.exe' - '73' Modul(e) wurden durchsucht
Durchsuche Prozess 'taskeng.exe' - '25' Modul(e) wurden durchsucht
Durchsuche Prozess 'taskeng.exe' - '49' Modul(e) wurden durchsucht
Durchsuche Prozess 'Explorer.EXE' - '174' Modul(e) wurden durchsucht
Durchsuche Prozess 'Dwm.exe' - '34' Modul(e) wurden durchsucht
Durchsuche Prozess 'svchost.exe' - '60' Modul(e) wurden durchsucht
Durchsuche Prozess 'sched.exe' - '56' Modul(e) wurden durchsucht
Durchsuche Prozess 'spoolsv.exe' - '88' Modul(e) wurden durchsucht
Durchsuche Prozess 'aawservice.exe' - '33' Modul(e) wurden durchsucht
Durchsuche Prozess 'svchost.exe' - '103' Modul(e) wurden durchsucht
Durchsuche Prozess 'nvvsvc.exe' - '45' Modul(e) wurden durchsucht
Durchsuche Prozess 'svchost.exe' - '87' Modul(e) wurden durchsucht
Durchsuche Prozess 'SLsvc.exe' - '26' Modul(e) wurden durchsucht
Durchsuche Prozess 'svchost.exe' - '37' Modul(e) wurden durchsucht
Durchsuche Prozess 'svchost.exe' - '157' Modul(e) wurden durchsucht
Durchsuche Prozess 'svchost.exe' - '101' Modul(e) wurden durchsucht
Durchsuche Prozess 'svchost.exe' - '65' Modul(e) wurden durchsucht
Durchsuche Prozess 'svchost.exe' - '47' Modul(e) wurden durchsucht
Durchsuche Prozess 'svchost.exe' - '39' Modul(e) wurden durchsucht
Durchsuche Prozess 'nvvsvc.exe' - '33' Modul(e) wurden durchsucht
Durchsuche Prozess 'svchost.exe' - '40' Modul(e) wurden durchsucht
Durchsuche Prozess 'winlogon.exe' - '32' Modul(e) wurden durchsucht
Durchsuche Prozess 'lsm.exe' - '32' Modul(e) wurden durchsucht
Durchsuche Prozess 'lsass.exe' - '60' Modul(e) wurden durchsucht
Durchsuche Prozess 'services.exe' - '33' Modul(e) wurden durchsucht
Durchsuche Prozess 'csrss.exe' - '14' Modul(e) wurden durchsucht
Durchsuche Prozess 'wininit.exe' - '26' Modul(e) wurden durchsucht
Durchsuche Prozess 'csrss.exe' - '14' Modul(e) wurden durchsucht
Durchsuche Prozess 'smss.exe' - '2' Modul(e) wurden durchsucht
Der Suchlauf über die Masterbootsektoren wird begonnen:
Masterbootsektor HD0
[INFO] Es wurde kein Virus gefunden!
Masterbootsektor HD1
[INFO] Es wurde kein Virus gefunden!
Masterbootsektor HD2
[INFO] Es wurde kein Virus gefunden!
Der Suchlauf über die Bootsektoren wird begonnen:
Bootsektor 'C:\'
[INFO] Es wurde kein Virus gefunden!
Bootsektor 'D:\'
[INFO] Es wurde kein Virus gefunden!
Bootsektor 'E:\'
[INFO] Es wurde kein Virus gefunden!
Bootsektor 'G:\'
[INFO] Es wurde kein Virus gefunden!
Bootsektor 'H:\'
[INFO] Es wurde kein Virus gefunden!
Bootsektor 'I:\'
[INFO] Es wurde kein Virus gefunden!
Der Suchlauf auf Verweise zu ausführbaren Dateien (Registry) wird begonnen:
Die Registry wurde durchsucht ( '1664' Dateien ).
Der Suchlauf über die ausgewählten Dateien wird begonnen:
Beginne mit der Suche in 'C:\'
C:\Users\*****\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\45\3d43daad-5f0bef5e
[FUND] Enthält Erkennungsmuster des Java-Virus JAVA/Dldr.Cethry.E
Beginne mit der Suche in 'D:\'
Beginne mit der Suche in 'E:\'
Beginne mit der Suche in 'G:\' <Volume>
Beginne mit der Suche in 'H:\' <Volume>
Beginne mit der Suche in 'I:\' <Volume>
Beginne mit der Desinfektion:
C:\Users\*****\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\45\3d43daad-5f0bef5e
[FUND] Enthält Erkennungsmuster des Java-Virus JAVA/Dldr.Cethry.E
[HINWEIS] Die Datei wurde gelöscht.
Ende des Suchlaufs: Sonntag, 13. Februar 2011 22:33
Benötigte Zeit: 2:07:00 Stunde(n)
Der Suchlauf wurde vollständig durchgeführt.
43692 Verzeichnisse wurden überprüft
1405051 Dateien wurden geprüft
1 Viren bzw. unerwünschte Programme wurden gefunden
0 Dateien wurden als verdächtig eingestuft
1 Dateien wurden gelöscht
0 Viren bzw. unerwünschte Programme wurden repariert
0 Dateien wurden in die Quarantäne verschoben
0 Dateien wurden umbenannt
0 Dateien konnten nicht durchsucht werden
1405050 Dateien ohne Befall
7151 Archive wurden durchsucht
0 Warnungen
1 Hinweise
874610 Objekte wurden beim Rootkitscan durchsucht
17 Versteckte Objekte wurden gefunden
Malwarebytes Code:
ATTFilter Malwarebytes' Anti-Malware 1.50.1.1100
www.malwarebytes.org
Datenbank Version: 5755
Windows 6.0.6002 Service Pack 2
Internet Explorer 8.0.6001.19019
14.02.2011 00:11:27
mbam-log-2011-02-14 (00-11-27).txt
Art des Suchlaufs: Vollständiger Suchlauf (C:\|D:\|E:\|G:\|H:\|I:\|)
Durchsuchte Objekte: 473457
Laufzeit: 1 Stunde(n), 31 Minute(n), 20 Sekunde(n)
Infizierte Speicherprozesse: 0
Infizierte Speichermodule: 0
Infizierte Registrierungsschlüssel: 1
Infizierte Registrierungswerte: 0
Infizierte Dateiobjekte der Registrierung: 0
Infizierte Verzeichnisse: 0
Infizierte Dateien: 0
Infizierte Speicherprozesse:
(Keine bösartigen Objekte gefunden)
Infizierte Speichermodule:
(Keine bösartigen Objekte gefunden)
Infizierte Registrierungsschlüssel:
HKEY_CLASSES_ROOT\AppID\activex.DLL (Adware.180Solutions) -> Quarantined and deleted successfully.
Infizierte Registrierungswerte:
(Keine bösartigen Objekte gefunden)
Infizierte Dateiobjekte der Registrierung:
(Keine bösartigen Objekte gefunden)
Infizierte Verzeichnisse:
(Keine bösartigen Objekte gefunden)
Infizierte Dateien:
(Keine bösartigen Objekte gefunden)
OTL Code:
ATTFilter OTL logfile created on: 14.02.2011 00:14:41 - Run 1 OTL by OldTimer - Version 3.2.20.6 Folder = C:\Users\*****\Downloads Windows Vista Home Premium Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation Internet Explorer (Version = 8.0.6001.19019) Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy 3,00 Gb Total Physical Memory | 1,00 Gb Available Physical Memory | 34,00% Memory free 6,00 Gb Paging File | 4,00 Gb Available in Paging File | 62,00% Paging File free Paging file location(s): ?:\pagefile.sys %SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files Drive C: | 263,67 Gb Total Space | 83,24 Gb Free Space | 31,57% Space Free | Partition Type: NTFS Drive D: | 28,32 Gb Total Space | 27,05 Gb Free Space | 95,50% Space Free | Partition Type: NTFS Drive E: | 6,10 Gb Total Space | 6,04 Gb Free Space | 99,05% Space Free | Partition Type: NTFS Drive F: | 4,39 Gb Total Space | 0,00 Gb Free Space | 0,00% Space Free | Partition Type: UDF Drive G: | 195,31 Gb Total Space | 48,95 Gb Free Space | 25,06% Space Free | Partition Type: NTFS Drive H: | 146,48 Gb Total Space | 146,39 Gb Free Space | 99,94% Space Free | Partition Type: NTFS Drive I: | 123,96 Gb Total Space | 123,87 Gb Free Space | 99,93% Space Free | Partition Type: NTFS Computer Name: ****** | User Name: ***** | Logged in as Administrator. Boot Mode: Normal | Scan Mode: Current user Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 60 Days ========== Processes (SafeList) ========== PRC - C:\Users\*****\Downloads\OTL.exe (OldTimer Tools) PRC - C:\Programme\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe (Apple Inc.) PRC - C:\Programme\ICQ7.2\ICQ.exe (ICQ, LLC.) PRC - C:\Users\Georg\Security\Malwarebytes' Anti-Malware\mbam.exe (Malwarebytes Corporation) PRC - C:\Programme\Mozilla Firefox\firefox.exe (Mozilla Corporation) PRC - C:\Programme\Avira\AntiVir Desktop\avscan.exe (Avira GmbH) PRC - C:\Programme\Avira\AntiVir Desktop\avguard.exe (Avira GmbH) PRC - C:\Programme\Avira\AntiVir Desktop\sched.exe (Avira GmbH) PRC - C:\Programme\Avira\AntiVir Desktop\avcenter.exe (Avira GmbH) PRC - C:\Programme\Avira\AntiVir Desktop\avgnt.exe (Avira GmbH) PRC - C:\Programme\Hotspot Shield\HssWPR\hsssrv.exe (AnchorFree Inc.) PRC - C:\Programme\Hotspot Shield\bin\openvpntray.exe () PRC - C:\Programme\Hotspot Shield\bin\openvpnas.exe () PRC - C:\Programme\Hotspot Shield\bin\hsswd.exe () PRC - C:\Programme\ICQ6Toolbar\ICQ Service.exe () PRC - C:\Programme\Microsoft Office\Office12\EXCEL.EXE (Microsoft Corporation) PRC - C:\Programme\Veoh Networks\VeohWebPlayer\veohwebplayer.exe (Veoh Networks) PRC - C:\Programme\Microsoft\Office Live\OfficeLiveSignIn.exe (Microsoft Corp.) PRC - C:\Programme\Razer\Imperator\RazerImperatorTray.exe (Razer USA Ltd) PRC - C:\Programme\McAfee Security Scan\2.0.181\SSScheduler.exe (McAfee, Inc.) PRC - C:\Programme\Avira\AntiVir Desktop\avshadow.exe (Avira GmbH) PRC - C:\Programme\LSoft Technologies Inc\Active@ Hard Disk Monitor\DiskMonitorService.exe (LSoft Technologies Inc) PRC - C:\Programme\Common Files\microsoft shared\Windows Live\WLIDSVC.EXE (Microsoft Corporation) PRC - C:\Programme\Common Files\microsoft shared\Windows Live\WLIDSVCM.EXE (Microsoft Corporation) PRC - C:\Programme\Winamp\winampa.exe () PRC - C:\Programme\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe (Microsoft Corporation) PRC - C:\Programme\Windows Sidebar\sidebar.exe (Microsoft Corporation) PRC - C:\Windows\explorer.exe (Microsoft Corporation) PRC - C:\Programme\Internet Explorer\ielowutil.exe (Microsoft Corporation) PRC - C:\Windows\System32\TUProgSt.exe (TuneUp Software) PRC - C:\Users\*****\Eigene Programme\ADAWRE\aawservice.exe (Lavasoft) PRC - C:\Users\*****\Eigene Programme\SPYBOT\Spybot - Search & Destroy\TeaTimer.exe (Safer Networking Limited) PRC - C:\Users\*****\Eigene Programme\Star Docks\ObjectDock\ObjectDock.exe (Stardock) PRC - C:\Programme\ASUS WiFi-AP Solo\RtWLan.exe (AzureWave.com) PRC - C:\Programme\Sony\Sony Picture Utility\VolumeWatcher\SPUVolumeWatcher.exe (Sony Corporation) PRC - C:\Windows\RtHDVCpl.exe (Realtek Semiconductor) PRC - C:\Programme\KYE\ErgoMedia\SyTray.exe () PRC - C:\Programme\Common Files\Ulead Systems\DVD\ULCDRSvr.exe (Ulead Systems, Inc.) ========== Modules (SafeList) ========== MOD - C:\Users\*****\Downloads\OTL.exe (OldTimer Tools) MOD - C:\Windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.6002.18305_none_5cb72f2a088b0ed3\comctl32.dll (Microsoft Corporation) ========== Win32 Services (SafeList) ========== SRV - (DAUpdaterSvc) -- File not found SRV - (FontCache) -- C:\Windows\System32\FntCache.dll (Microsoft Corporation) SRV - (Steam Client Service) -- C:\Program Files\Common Files\Steam\SteamService.exe (Valve Corporation) SRV - (Apple Mobile Device) -- C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe (Apple Inc.) SRV - (AntiVirService) -- C:\Program Files\Avira\AntiVir Desktop\avguard.exe (Avira GmbH) SRV - (AntiVirSchedulerService) -- C:\Program Files\Avira\AntiVir Desktop\sched.exe (Avira GmbH) SRV - (HssSrv) -- C:\Programme\Hotspot Shield\HssWPR\hsssrv.exe (AnchorFree Inc.) SRV - (HssTrayService) -- C:\Programme\Hotspot Shield\bin\HssTrayService.exe () SRV - (HotspotShieldService) -- C:\Programme\Hotspot Shield\bin\openvpnas.exe () SRV - (HssWd) -- C:\Program Files\Hotspot Shield\bin\hsswd.exe () SRV - (ICQ Service) -- C:\Programme\ICQ6Toolbar\ICQ Service.exe () SRV - (WPFFontCache_v0400) -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe (Microsoft Corporation) SRV - (clr_optimization_v4.0.30319_32) -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe (Microsoft Corporation) SRV - (FLEXnet Licensing Service) -- C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe (Acresso Software Inc.) SRV - (McComponentHostService) -- C:\Program Files\McAfee Security Scan\2.0.181\McCHSvc.exe (McAfee, Inc.) SRV - (Active@ Disk Monitor) -- C:\Programme\LSoft Technologies Inc\Active@ Hard Disk Monitor\DiskMonitorService.exe (LSoft Technologies Inc) SRV - (SeaPort) -- C:\Program Files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe (Microsoft Corporation) SRV - (TuneUp.ProgramStatisticsSvc) -- C:\Windows\System32\TUProgSt.exe (TuneUp Software) SRV - (TuneUp.Defrag) -- C:\Windows\System32\TuneUpDefragService.exe (TuneUp Software) SRV - (UxTuneUp) -- C:\Windows\System32\uxtuneup.dll (TuneUp Software) SRV - (aawservice) -- C:\Users\*****\Eigene Programme\ADAWRE\aawservice.exe (Lavasoft) SRV - (WinDefend) -- C:\Programme\Windows Defender\MpSvc.dll (Microsoft Corporation) SRV - (UleadBurningHelper) -- C:\Programme\Common Files\Ulead Systems\DVD\ULCDRSvr.exe (Ulead Systems, Inc.) ========== Driver Services (SafeList) ========== DRV - (avipbb) -- C:\Windows\System32\drivers\avipbb.sys (Avira GmbH) DRV - (avgntflt) -- C:\Windows\System32\drivers\avgntflt.sys (Avira GmbH) DRV - (HssDrv) -- C:\Windows\System32\drivers\HssDrv.sys (AnchorFree Inc.) DRV - (taphss) -- C:\Windows\System32\drivers\taphss.sys (AnchorFree Inc) DRV - (nvlddmkm) -- C:\Windows\System32\drivers\nvlddmkm.sys (NVIDIA Corporation) DRV - (cpuz133) -- C:\Windows\System32\drivers\cpuz133_x32.sys (Windows (R) Win 7 DDK provider) DRV - (ssmdrv) -- C:\Windows\System32\drivers\ssmdrv.sys (Avira GmbH) DRV - (avgio) -- C:\Programme\Avira\AntiVir Desktop\avgio.sys (Avira GmbH) DRV - (hamachi) -- C:\Windows\System32\drivers\hamachi.sys (LogMeIn, Inc.) DRV - (atjsgt) -- C:\Windows\System32\drivers\atjsgt.sys () DRV - (linsgt) -- C:\Windows\System32\drivers\linsgt.sys () DRV - (TBPanel) -- C:\Windows\System32\drivers\TBPanel.sys (Windows (R) 2000 DDK provider) DRV - (RTL8187) -- C:\Windows\System32\drivers\rtl8187.sys (Realtek Semiconductor Corporation ) DRV - (RtlProt) -- C:\Windows\System32\drivers\RtlProt.sys (Windows (R) Codename Longhorn DDK provider) DRV - (IntcAzAudAddService) Service for Realtek HD Audio (WDM) -- C:\Windows\System32\drivers\RTKVHDA.sys (Realtek Semiconductor Corp.) DRV - (ql2300) -- C:\Windows\system32\drivers\ql2300.sys (QLogic Corporation) DRV - (adp94xx) -- C:\Windows\system32\drivers\adp94xx.sys (Adaptec, Inc.) DRV - (elxstor) -- C:\Windows\system32\drivers\elxstor.sys (Emulex) DRV - (adpahci) -- C:\Windows\system32\drivers\adpahci.sys (Adaptec, Inc.) DRV - (uliahci) -- C:\Windows\system32\drivers\uliahci.sys (ULi Electronics Inc.) DRV - (iaStorV) -- C:\Windows\system32\drivers\iastorv.sys (Intel Corporation) DRV - (adpu320) -- C:\Windows\system32\drivers\adpu320.sys (Adaptec, Inc.) DRV - (ulsata2) -- C:\Windows\system32\drivers\ulsata2.sys (Promise Technology, Inc.) DRV - (vsmraid) -- C:\Windows\system32\drivers\vsmraid.sys (VIA Technologies Inc.,Ltd) DRV - (ql40xx) -- C:\Windows\system32\drivers\ql40xx.sys (QLogic Corporation) DRV - (UlSata) -- C:\Windows\system32\drivers\ulsata.sys (Promise Technology, Inc.) DRV - (adpu160m) -- C:\Windows\system32\drivers\adpu160m.sys (Adaptec, Inc.) DRV - (nvraid) -- C:\Windows\system32\drivers\nvraid.sys (NVIDIA Corporation) DRV - (nfrd960) -- C:\Windows\system32\drivers\nfrd960.sys (IBM Corporation) DRV - (iirsp) -- C:\Windows\system32\drivers\iirsp.sys (Intel Corp./ICP vortex GmbH) DRV - (SiSRaid4) -- C:\Windows\system32\drivers\sisraid4.sys (Silicon Integrated Systems) DRV - (nvstor) -- C:\Windows\system32\drivers\nvstor.sys (NVIDIA Corporation) DRV - (aic78xx) -- C:\Windows\system32\drivers\djsvs.sys (Adaptec, Inc.) DRV - (arcsas) -- C:\Windows\system32\drivers\arcsas.sys (Adaptec, Inc.) DRV - (LSI_SCSI) -- C:\Windows\system32\drivers\lsi_scsi.sys (LSI Logic) DRV - (SiSRaid2) -- C:\Windows\system32\drivers\sisraid2.sys (Silicon Integrated Systems Corp.) DRV - (HpCISSs) -- C:\Windows\system32\drivers\hpcisss.sys (Hewlett-Packard Company) DRV - (arc) -- C:\Windows\system32\drivers\arc.sys (Adaptec, Inc.) DRV - (iteraid) -- C:\Windows\system32\drivers\iteraid.sys (Integrated Technology Express, Inc.) DRV - (iteatapi) -- C:\Windows\system32\drivers\iteatapi.sys (Integrated Technology Express, Inc.) DRV - (LSI_SAS) -- C:\Windows\system32\drivers\lsi_sas.sys (LSI Logic) DRV - (Symc8xx) -- C:\Windows\system32\drivers\symc8xx.sys (LSI Logic) DRV - (LSI_FC) -- C:\Windows\system32\drivers\lsi_fc.sys (LSI Logic) DRV - (Sym_u3) -- C:\Windows\system32\drivers\sym_u3.sys (LSI Logic) DRV - (Mraid35x) -- C:\Windows\system32\drivers\mraid35x.sys (LSI Logic Corporation) DRV - (Sym_hi) -- C:\Windows\system32\drivers\sym_hi.sys (LSI Logic) DRV - (megasas) -- C:\Windows\system32\drivers\megasas.sys (LSI Logic Corporation) DRV - (viaide) -- C:\Windows\system32\drivers\viaide.sys (VIA Technologies, Inc.) DRV - (cmdide) -- C:\Windows\system32\drivers\cmdide.sys (CMD Technology, Inc.) DRV - (aliide) -- C:\Windows\system32\drivers\aliide.sys (Acer Laboratories Inc.) DRV - (Brserid) Brother MFC Serial Port Interface Driver (WDM) -- C:\Windows\system32\drivers\brserid.sys (Brother Industries Ltd.) DRV - (BrFiltUp) -- C:\Windows\system32\drivers\brfiltup.sys (Brother Industries, Ltd.) DRV - (BrFiltLo) -- C:\Windows\system32\drivers\brfiltlo.sys (Brother Industries, Ltd.) DRV - (BrSerWdm) -- C:\Windows\system32\drivers\brserwdm.sys (Brother Industries Ltd.) DRV - (BrUsbMdm) -- C:\Windows\system32\drivers\brusbmdm.sys (Brother Industries Ltd.) DRV - (ntrigdigi) -- C:\Windows\system32\drivers\ntrigdigi.sys (N-trig Innovative Technologies) DRV - (yukonwlh) -- C:\Windows\System32\drivers\yk60x86.sys (Marvell) DRV - (E1G60) Intel(R) -- C:\Windows\System32\drivers\E1G60I32.sys (Intel Corporation) DRV - (AsIO) -- C:\Windows\System32\drivers\AsIO.sys () DRV - (MTsensor) -- C:\Windows\System32\drivers\ASACPI.sys () DRV - (BrUsbSer) -- C:\Windows\System32\drivers\BrUsbSer.sys (Brother Industries Ltd.) DRV - (BrSerIf) -- C:\Windows\System32\drivers\BrSerIf.sys (Brother Industries Ltd.) DRV - (M9207) -- C:\Windows\System32\drivers\M9207BDA.sys (Animation Technologies Inc.) DRV - (ivicd) -- C:\Windows\system32\drivers\ivicd.sys (InterVideo) DRV - (Iviaspi) -- C:\Windows\System32\drivers\iviaspi.sys (InterVideo, Inc.) DRV - (tandpl) -- C:\Windows\System32\drivers\tandpl.sys () DRV - (enodpl) -- C:\Windows\System32\drivers\enodpl.sys () ========== Standard Registry (SafeList) ========== ========== Internet Explorer ========== IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://de.yahoo.com IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://de.yahoo.com IE - HKLM\..\URLSearchHook: - Reg Error: Key error. File not found IE - HKLM\..\URLSearchHook: {0002ee26-8c11-49eb-9cdf-56eeffef664f} - C:\Programme\HotSpot_International\tbHotS.dll (Conduit Ltd.) IE - HKLM\..\URLSearchHook: {57BCA5FA-5DBB-45a2-B558-1755C3F6253B} - C:\Programme\Winamp Toolbar\winamptb.dll (AOL LLC.) IE - HKLM\..\URLSearchHook: {855F3B16-6D32-4fe6-8A56-BBB695989046} - C:\Programme\ICQ6Toolbar\ICQToolBar.dll (ICQ) IE - HKLM\..\URLSearchHook: {8dbb6d8e-e4a6-4e3b-9753-af78b226441c} - C:\Programme\Softonic_Deutsch\tbSoft.dll (Conduit Ltd.) IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Prev Search Page = hxxp://www.google.com IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = hxxp://google.icq.com IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://search.conduit.com?SearchSource=10&ctid=CT2604146 IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = hxxp://de.msn.com/?ocid=iehp IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = de IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 21 C3 D6 09 D5 6A CA 01 [binary data] IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,StartPageCache = 1 IE - HKCU\..\URLSearchHook: - Reg Error: Key error. File not found IE - HKCU\..\URLSearchHook: {0002ee26-8c11-49eb-9cdf-56eeffef664f} - C:\Programme\HotSpot_International\tbHotS.dll (Conduit Ltd.) IE - HKCU\..\URLSearchHook: {57BCA5FA-5DBB-45a2-B558-1755C3F6253B} - C:\Programme\Winamp Toolbar\winamptb.dll (AOL LLC.) IE - HKCU\..\URLSearchHook: {855F3B16-6D32-4fe6-8A56-BBB695989046} - C:\Programme\ICQ6Toolbar\ICQToolBar.dll (ICQ) IE - HKCU\..\URLSearchHook: {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Programme\Yahoo!\Companion\Installs\cpn\yt.dll (Yahoo! Inc.) IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local ========== FireFox ========== FF - prefs.js..browser.search.defaultenginename: "ICQ Search" FF - prefs.js..browser.search.defaulturl: "hxxp://slirsredirect.search.aol.com/slirs_http/sredir?sredir=2685&invocationType=tb50ffwinampie7&query=" FF - prefs.js..browser.search.selectedEngine: "Wikipedia (de)" FF - prefs.js..browser.search.useDBForOrder: true FF - prefs.js..browser.startup.homepage: "hxxp://www.buffed.de/wow|hxxp://de.ign.com/" FF - prefs.js..extensions.enabledItems: {800b5000-a755-47e1-992b-48a1c1357f07}:1.1.7 FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}:6.0.20 FF - prefs.js..extensions.enabledItems: anycolor.pavlos256@gmail.com:0.3.3 FF - prefs.js..extensions.enabledItems: searchrecs@veoh.com:1.5.2 FF - prefs.js..extensions.enabledItems: smartbookmarksbar@remy.juteau:1.4.3 FF - prefs.js..extensions.enabledItems: {635abd67-4fe9-1b23-4f01-e679fa7484c1}:2.1.1.20091029021655 FF - prefs.js..extensions.enabledItems: {b9db16a4-6edc-47ec-a1f4-b86292ed211d}:4.8.3 FF - prefs.js..extensions.enabledItems: {d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}:1.3.3 FF - prefs.js..extensions.enabledItems: web@veoh.com:1.4 FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA}:6.0.21 FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}:6.0.22 FF - prefs.js..extensions.enabledItems: bug489729@alice0775:1.3 FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA}:6.0.23 FF - prefs.js..keyword.URL: "hxxp://search.icq.com/search/afe_results.php?ch_id=afex&tb_ver=1.1.7&q=" FF - HKLM\software\mozilla\Mozilla Firefox 3.6.13\extensions\\Components: C:\program files\Mozilla Firefox\components [2010.12.23 20:56:18 | 000,000,000 | ---D | M] FF - HKLM\software\mozilla\Mozilla Firefox 3.6.13\extensions\\Plugins: C:\program files\Mozilla Firefox\plugins [2010.12.23 20:56:18 | 000,000,000 | ---D | M] [2008.12.17 21:57:42 | 000,000,000 | ---D | M] (No name found) -- C:\Users\****\AppData\Roaming\mozilla\Extensions [2011.02.13 13:34:09 | 000,000,000 | ---D | M] (No name found) -- C:\Users\****\AppData\Roaming\mozilla\Firefox\Profiles\tbqrb68m.default\extensions [2010.11.12 17:44:36 | 000,000,000 | ---D | M] (No name found) -- C:\Users\****\AppData\Roaming\mozilla\Firefox\Profiles\tbqrb68m.default\extensions\{0002ee26-8c11-49eb-9cdf-56eeffef664f} [2010.05.13 09:44:43 | 000,000,000 | ---D | M] (Microsoft .NET Framework Assistant) -- C:\Users\****\AppData\Roaming\mozilla\Firefox\Profiles\tbqrb68m.default\extensions\{20a82645-c095-46ed-80e3-08825760534b} [2011.01.29 12:01:32 | 000,000,000 | ---D | M] (Google Toolbar for Firefox) -- C:\Users\****\AppData\Roaming\mozilla\Firefox\Profiles\tbqrb68m.default\extensions\{3112ca9c-de6d-4884-a869-9855de68056c} [2010.05.13 09:44:44 | 000,000,000 | ---D | M] (Yahoo! Toolbar) -- C:\Users\****\AppData\Roaming\mozilla\Firefox\Profiles\tbqrb68m.default\extensions\{635abd67-4fe9-1b23-4f01-e679fa7484c1} [2010.11.03 18:27:38 | 000,000,000 | ---D | M] ("ICQ Toolbar") -- C:\Users\****\AppData\Roaming\mozilla\Firefox\Profiles\tbqrb68m.default\extensions\{800b5000-a755-47e1-992b-48a1c1357f07} [2009.07.22 00:53:17 | 000,000,000 | ---D | M] (jDownFF) -- C:\Users\Georg\AppData\Roaming\mozilla\Firefox\Profiles\tbqrb68m.default\extensions\{a3b24d40-bac4-11dc-95ff-0800200c9a66} [2011.02.13 13:33:51 | 000,000,000 | ---D | M] (DownloadHelper) -- C:\Users\****\AppData\Roaming\mozilla\Firefox\Profiles\tbqrb68m.default\extensions\{b9db16a4-6edc-47ec-a1f4-b86292ed211d} [2010.12.24 13:02:13 | 000,000,000 | ---D | M] (Adblock Plus) -- C:\Users\****\AppData\Roaming\mozilla\Firefox\Profiles\tbqrb68m.default\extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d} [2010.09.16 21:26:33 | 000,000,000 | ---D | M] (No name found) -- C:\Users\****\AppData\Roaming\mozilla\Firefox\Profiles\tbqrb68m.default\extensions\{E2883E8F-472F-4fb0-9522-AC9BF37916A7} [2010.08.21 11:37:57 | 000,000,000 | ---D | M] (AnyColor) -- C:\Users\****\AppData\Roaming\mozilla\Firefox\Profiles\tbqrb68m.default\extensions\anycolor.pavlos256@gmail.com [2010.11.21 15:00:36 | 000,000,000 | ---D | M] ("bug489729") -- C:\Users\****\AppData\Roaming\mozilla\Firefox\Profiles\tbqrb68m.default\extensions\bug489729@alice0775 [2009.03.16 14:57:57 | 000,000,000 | ---D | M] (Microsoft Choice Guard) -- C:\Users\****\AppData\Roaming\mozilla\Firefox\Profiles\tbqrb68m.default\extensions\ChoiceGuard@Microsoft [2010.07.22 17:30:56 | 000,000,000 | ---D | M] (No name found) -- C:\Users\****\AppData\Roaming\mozilla\Firefox\Profiles\tbqrb68m.default\extensions\illimitux@illimitux.net [2010.04.29 16:29:47 | 000,000,000 | ---D | M] (Veoh Video Compass) -- C:\Users\****\AppData\Roaming\mozilla\Firefox\Profiles\tbqrb68m.default\extensions\searchrecs@veoh.com [2010.03.12 14:14:05 | 000,000,000 | ---D | M] (Smart Bookmarks Bar) -- C:\Users\****\AppData\Roaming\mozilla\Firefox\Profiles\tbqrb68m.default\extensions\smartbookmarksbar@remy.juteau [2011.02.13 13:33:51 | 000,000,000 | ---D | M] (No name found) -- C:\Users\****\AppData\Roaming\mozilla\Firefox\Profiles\tbqrb68m.default\extensions\staged-xpis [2011.02.11 17:31:18 | 000,000,950 | ---- | M] () -- C:\Users\****\AppData\Roaming\Mozilla\Firefox\Profiles\tbqrb68m.default\searchplugins\icqplugin-1.xml [2009.04.28 21:14:03 | 000,000,950 | ---- | M] () -- C:\Users\****\AppData\Roaming\Mozilla\Firefox\Profiles\tbqrb68m.default\searchplugins\icqplugin-10.xml [2009.06.13 17:39:20 | 000,000,950 | ---- | M] () -- C:\Users\****\AppData\Roaming\Mozilla\Firefox\Profiles\tbqrb68m.default\searchplugins\icqplugin-11.xml [2009.08.14 10:28:09 | 000,000,950 | ---- | M] () -- C:\Users\****\AppData\Roaming\Mozilla\Firefox\Profiles\tbqrb68m.default\searchplugins\icqplugin-12.xml [2009.09.11 23:55:16 | 000,000,950 | ---- | M] () -- C:\Users\****\AppData\Roaming\Mozilla\Firefox\Profiles\tbqrb68m.default\searchplugins\icqplugin-13.xml [2009.11.10 14:49:36 | 000,000,950 | ---- | M] () -- C:\Users\****\AppData\Roaming\Mozilla\Firefox\Profiles\tbqrb68m.default\searchplugins\icqplugin-14.xml [2009.12.17 14:47:01 | 000,000,950 | ---- | M] () -- C:\Users\****\AppData\Roaming\Mozilla\Firefox\Profiles\tbqrb68m.default\searchplugins\icqplugin-15.xml [2010.01.07 14:23:02 | 000,000,950 | ---- | M] () -- C:\Users\****\AppData\Roaming\Mozilla\Firefox\Profiles\tbqrb68m.default\searchplugins\icqplugin-16.xml [2010.02.18 17:27:26 | 000,000,961 | ---- | M] () -- C:\Users\****\AppData\Roaming\Mozilla\Firefox\Profiles\tbqrb68m.default\searchplugins\icqplugin-17.xml [2010.02.18 21:12:07 | 000,000,961 | ---- | M] () -- C:\Users\****\AppData\Roaming\Mozilla\Firefox\Profiles\tbqrb68m.default\searchplugins\icqplugin-18.xml [2010.02.19 13:46:57 | 000,000,666 | ---- | M] () -- C:\Users\****\AppData\Roaming\Mozilla\Firefox\Profiles\tbqrb68m.default\searchplugins\icqplugin-19.xml [2007.12.20 20:14:31 | 000,000,949 | ---- | M] () -- C:\Users\****\AppData\Roaming\Mozilla\Firefox\Profiles\tbqrb68m.default\searchplugins\icqplugin-2.xml [2010.03.24 18:47:46 | 000,000,950 | ---- | M] () -- C:\Users\****\AppData\Roaming\Mozilla\Firefox\Profiles\tbqrb68m.default\searchplugins\icqplugin-20.xml [2010.03.24 21:34:54 | 000,000,950 | ---- | M] () -- C:\Users\****\AppData\Roaming\Mozilla\Firefox\Profiles\tbqrb68m.default\searchplugins\icqplugin-21.xml [2010.06.24 09:23:32 | 000,000,950 | ---- | M] () -- C:\Users\****\AppData\Roaming\Mozilla\Firefox\Profiles\tbqrb68m.default\searchplugins\icqplugin-22.xml [2010.06.28 02:12:03 | 000,000,950 | ---- | M] () -- C:\Users\****\AppData\Roaming\Mozilla\Firefox\Profiles\tbqrb68m.default\searchplugins\icqplugin-23.xml [2010.07.22 12:23:30 | 000,000,950 | ---- | M] () -- C:\Users\****\AppData\Roaming\Mozilla\Firefox\Profiles\tbqrb68m.default\searchplugins\icqplugin-24.xml [2010.07.25 12:17:26 | 000,000,950 | ---- | M] () -- C:\Users\****\AppData\Roaming\Mozilla\Firefox\Profiles\tbqrb68m.default\searchplugins\icqplugin-25.xml [2010.08.03 16:46:16 | 000,000,950 | ---- | M] () -- C:\Users\****\AppData\Roaming\Mozilla\Firefox\Profiles\tbqrb68m.default\searchplugins\icqplugin-26.xml [2010.09.15 19:32:50 | 000,000,950 | ---- | M] () -- C:\Users\****\AppData\Roaming\Mozilla\Firefox\Profiles\tbqrb68m.default\searchplugins\icqplugin-27.xml [2010.09.23 13:46:50 | 000,000,950 | ---- | M] () -- C:\Users\****\AppData\Roaming\Mozilla\Firefox\Profiles\tbqrb68m.default\searchplugins\icqplugin-28.xml [2010.10.25 08:52:25 | 000,000,950 | ---- | M] () -- C:\Users\****\AppData\Roaming\Mozilla\Firefox\Profiles\tbqrb68m.default\searchplugins\icqplugin-29.xml [2008.07.07 20:17:05 | 000,000,950 | ---- | M] () -- C:\Users\****\AppData\Roaming\Mozilla\Firefox\Profiles\tbqrb68m.default\searchplugins\icqplugin-3.xml [2010.11.03 18:28:09 | 000,000,950 | ---- | M] () -- C:\Users\****\AppData\Roaming\Mozilla\Firefox\Profiles\tbqrb68m.default\searchplugins\icqplugin-30.xml [2010.12.19 02:29:12 | 000,000,950 | ---- | M] () -- C:\Users\****\AppData\Roaming\Mozilla\Firefox\Profiles\tbqrb68m.default\searchplugins\icqplugin-31.xml [2008.10.16 16:23:46 | 000,000,950 | ---- | M] () -- C:\Users\****\AppData\Roaming\Mozilla\Firefox\Profiles\tbqrb68m.default\searchplugins\icqplugin-4.xml [2008.12.17 21:58:01 | 000,000,950 | ---- | M] () -- C:\Users\****\AppData\Roaming\Mozilla\Firefox\Profiles\tbqrb68m.default\searchplugins\icqplugin-5.xml [2009.02.04 19:05:39 | 000,000,950 | ---- | M] () -- C:\Users\****\AppData\Roaming\Mozilla\Firefox\Profiles\tbqrb68m.default\searchplugins\icqplugin-6.xml [2009.03.05 14:42:14 | 000,000,950 | ---- | M] () -- C:\Users\****\AppData\Roaming\Mozilla\Firefox\Profiles\tbqrb68m.default\searchplugins\icqplugin-7.xml [2009.03.29 10:11:05 | 000,000,950 | ---- | M] () -- C:\Users\****\AppData\Roaming\Mozilla\Firefox\Profiles\tbqrb68m.default\searchplugins\icqplugin-8.xml [2009.04.23 13:02:49 | 000,000,950 | ---- | M] () -- C:\Users\****\AppData\Roaming\Mozilla\Firefox\Profiles\tbqrb68m.default\searchplugins\icqplugin-9.xml [2010.06.21 16:35:24 | 000,001,042 | ---- | M] () -- C:\Users\****\AppData\Roaming\Mozilla\Firefox\Profiles\tbqrb68m.default\searchplugins\icqplugin.xml [2009.03.16 15:50:16 | 000,001,632 | ---- | M] () -- C:\Users\****\AppData\Roaming\Mozilla\Firefox\Profiles\tbqrb68m.default\searchplugins\live-search.xml [2009.11.22 00:09:14 | 000,001,196 | ---- | M] () -- C:\Users\****\AppData\Roaming\Mozilla\Firefox\Profiles\tbqrb68m.default\searchplugins\winamp-search.xml [2011.02.12 12:47:15 | 000,000,000 | ---D | M] (No name found) -- C:\Programme\Mozilla Firefox\extensions [2010.02.19 18:35:12 | 000,000,000 | ---D | M] ("ICQ Toolbar") -- C:\Programme\Mozilla Firefox\extensions\{800b5000-a755-47e1-992b-48a1c1357f07} [2010.02.18 21:11:53 | 000,000,000 | ---D | M] ("ICQ Toolbar") -- C:\Programme\Mozilla Firefox\extensions\{800b5000-a755-47e1-992b-48a1c1357f07}(19) [2010.05.14 10:04:54 | 000,000,000 | ---D | M] (Java Console) -- C:\Programme\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA} [2010.10.09 13:44:50 | 000,000,000 | ---D | M] (Java Console) -- C:\Programme\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA} [2010.11.20 12:57:55 | 000,000,000 | ---D | M] (Java Console) -- C:\Programme\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA} [2011.02.12 12:47:15 | 000,000,000 | ---D | M] (Java Console) -- C:\Programme\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA} [2007.08.20 15:36:04 | 000,000,000 | ---D | M] (Java Console) -- C:\PROGRAM FILES\MOZILLA FIREFOX\EXTENSIONS\{CAFEEFAC-0016-0000-0002-ABCDEFFEDCBA} [2007.10.11 19:09:17 | 000,000,000 | ---D | M] (Java Console) -- C:\PROGRAM FILES\MOZILLA FIREFOX\EXTENSIONS\{CAFEEFAC-0016-0000-0003-ABCDEFFEDCBA} [2008.03.11 14:20:50 | 000,000,000 | ---D | M] (Java Console) -- C:\PROGRAM FILES\MOZILLA FIREFOX\EXTENSIONS\{CAFEEFAC-0016-0000-0005-ABCDEFFEDCBA} [2008.07.11 11:33:46 | 000,000,000 | ---D | M] (Java Console) -- C:\PROGRAM FILES\MOZILLA FIREFOX\EXTENSIONS\{CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA} [2008.12.12 13:32:09 | 000,000,000 | ---D | M] (Java Console) -- C:\PROGRAM FILES\MOZILLA FIREFOX\EXTENSIONS\{CAFEEFAC-0016-0000-0011-ABCDEFFEDCBA} [2009.03.24 22:04:31 | 000,000,000 | ---D | M] (Java Console) -- C:\PROGRAM FILES\MOZILLA FIREFOX\EXTENSIONS\{CAFEEFAC-0016-0000-0013-ABCDEFFEDCBA} [2009.09.24 17:47:26 | 000,000,000 | ---D | M] (Java Console) -- C:\PROGRAM FILES\MOZILLA FIREFOX\EXTENSIONS\{CAFEEFAC-0016-0000-0015-ABCDEFFEDCBA} [2009.10.21 16:48:02 | 000,000,000 | ---D | M] (Java Console) -- C:\PROGRAM FILES\MOZILLA FIREFOX\EXTENSIONS\{CAFEEFAC-0016-0000-0016-ABCDEFFEDCBA} [2009.11.17 16:24:54 | 000,000,000 | ---D | M] (Java Console) -- C:\PROGRAM FILES\MOZILLA FIREFOX\EXTENSIONS\{CAFEEFAC-0016-0000-0017-ABCDEFFEDCBA} [2010.05.14 10:04:54 | 000,000,000 | ---D | M] (Java Console) -- C:\PROGRAM FILES\MOZILLA FIREFOX\EXTENSIONS\{CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA} [2010.10.09 13:44:50 | 000,000,000 | ---D | M] (Java Console) -- C:\PROGRAM FILES\MOZILLA FIREFOX\EXTENSIONS\{CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA} [2010.11.20 12:57:55 | 000,000,000 | ---D | M] (Java Console) -- C:\PROGRAM FILES\MOZILLA FIREFOX\EXTENSIONS\{CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA} [2011.02.12 12:47:15 | 000,000,000 | ---D | M] (Java Console) -- C:\PROGRAM FILES\MOZILLA FIREFOX\EXTENSIONS\{CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA} [2009.01.27 19:49:08 | 000,000,000 | ---D | M] (Veoh Web Player Video Finder) -- C:\PROGRAM FILES\VEOH NETWORKS\VEOHWEBPLAYER\FFVIDEOFINDER [2010.11.12 18:53:06 | 000,472,808 | ---- | M] (Sun Microsystems, Inc.) -- C:\Programme\Mozilla Firefox\plugins\npdeployJava1.dll [2010.01.16 02:15:29 | 000,001,392 | ---- | M] () -- C:\Programme\Mozilla Firefox\searchplugins\amazondotcom-de.xml [2010.01.16 02:15:29 | 000,002,344 | ---- | M] () -- C:\Programme\Mozilla Firefox\searchplugins\eBay-de.xml [2010.01.16 02:15:29 | 000,006,805 | ---- | M] () -- C:\Programme\Mozilla Firefox\searchplugins\leo_ende_de.xml [2010.01.16 02:15:29 | 000,001,178 | ---- | M] () -- C:\Programme\Mozilla Firefox\searchplugins\wikipedia-de.xml [2010.01.16 02:15:29 | 000,001,105 | ---- | M] () -- C:\Programme\Mozilla Firefox\searchplugins\yahoo-de.xml O1 HOSTS File: ([2006.09.18 22:41:30 | 000,000,761 | ---- | M]) - C:\Windows\System32\drivers\etc\hosts O1 - Hosts: 127.0.0.1 localhost O1 - Hosts: ::1 localhost O2 - BHO: (HotSpot International Toolbar) - {0002ee26-8c11-49eb-9cdf-56eeffef664f} - C:\Programme\HotSpot_International\tbHotS.dll (Conduit Ltd.) O2 - BHO: (&Yahoo! Toolbar Helper) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\Programme\Yahoo!\Companion\Installs\cpn\yt.dll (Yahoo! Inc.) O2 - BHO: (Adobe PDF Reader) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Programme\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll (Adobe Systems Incorporated) O2 - BHO: (Winamp Toolbar Loader) - {25CEE8EC-5730-41bc-8B58-22DDC8AB8C20} - C:\Programme\Winamp Toolbar\winamptb.dll (AOL LLC.) O2 - BHO: (Spybot-S&D IE Protection) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Users\****\Eigene Programme\SPYBOT\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited) O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - No CLSID value found. O2 - BHO: (Search Helper) - {6EBF7485-159F-4bff-A14F-B9E3AAC4465B} - C:\Programme\Microsoft\Search Enhancement Pack\Search Helper\SEPsearchhelperie.dll (Microsoft Corporation) O2 - BHO: (Softonic Deutsch Toolbar) - {8dbb6d8e-e4a6-4e3b-9753-af78b226441c} - C:\Programme\Softonic_Deutsch\tbSoft.dll (Conduit Ltd.) O2 - BHO: (Windows Live ID-Anmelde-Hilfsprogramm) - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Programme\Common Files\microsoft shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corporation) O2 - BHO: (Google Toolbar Helper) - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Programme\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.) O2 - BHO: (Skype Plug-In) - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Programme\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.) O2 - BHO: (Google Toolbar Notifier BHO) - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Programme\Google\GoogleToolbarNotifier\5.4.4525.1752\swg.dll (Google Inc.) O2 - BHO: (Windows Live Toolbar Helper) - {E15A8DC0-8516-42A1-81EA-DC94EC1ACF10} - C:\Programme\Windows Live\Toolbar\wltcore.dll (Microsoft Corporation) O2 - BHO: (Hotspot Shield Class) - {F9E4A054-E9B1-4BC3-83A3-76A1AE736170} - C:\Programme\Hotspot Shield\HssIE\HssIE.dll (AnchorFree Inc.) O3 - HKLM\..\Toolbar: (HotSpot International Toolbar) - {0002ee26-8c11-49eb-9cdf-56eeffef664f} - C:\Programme\HotSpot_International\tbHotS.dll (Conduit Ltd.) O3 - HKLM\..\Toolbar: (Veoh Web Player Video Finder) - {0FBB9689-D3D7-4f7a-A2E2-585B10099BFC} - C:\Programme\Veoh Networks\VeohWebPlayer\VeohIEToolbar.dll (Veoh Networks Inc) O3 - HKLM\..\Toolbar: (&Windows Live Toolbar) - {21FA44EF-376D-4D53-9B0F-8A89D3229068} - C:\Programme\Windows Live\Toolbar\wltcore.dll (Microsoft Corporation) O3 - HKLM\..\Toolbar: (Google Toolbar) - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Programme\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.) O3 - HKLM\..\Toolbar: (ICQToolBar) - {855F3B16-6D32-4fe6-8A56-BBB695989046} - C:\Programme\ICQ6Toolbar\ICQToolBar.dll (ICQ) O3 - HKLM\..\Toolbar: (Softonic Deutsch Toolbar) - {8dbb6d8e-e4a6-4e3b-9753-af78b226441c} - C:\Programme\Softonic_Deutsch\tbSoft.dll (Conduit Ltd.) O3 - HKLM\..\Toolbar: (Veoh Browser Plug-in) - {D0943516-5076-4020-A3B5-AEFAF26AB263} - C:\Programme\Veoh Networks\Veoh\Plugins\reg\VeohToolbar.dll (Veoh Networks Inc) O3 - HKLM\..\Toolbar: (Winamp Toolbar) - {EBF2BA02-9094-4c5a-858B-BB198F3D8DE2} - C:\Programme\Winamp Toolbar\winamptb.dll (AOL LLC.) O3 - HKLM\..\Toolbar: (Yahoo! Toolbar) - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Programme\Yahoo!\Companion\Installs\cpn\yt.dll (Yahoo! Inc.) O3 - HKCU\..\Toolbar\WebBrowser: (Google Toolbar) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - C:\Programme\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.) O3 - HKCU\..\Toolbar\WebBrowser: (ICQToolBar) - {855F3B16-6D32-4FE6-8A56-BBB695989046} - C:\Programme\ICQ6Toolbar\ICQToolBar.dll (ICQ) O3 - HKCU\..\Toolbar\WebBrowser: (Winamp Toolbar) - {EBF2BA02-9094-4C5A-858B-BB198F3D8DE2} - C:\Programme\Winamp Toolbar\winamptb.dll (AOL LLC.) O4 - HKLM..\Run: [Adobe Reader Speed Launcher] C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe (Adobe Systems Incorporated) O4 - HKLM..\Run: [avgnt] C:\Program Files\Avira\AntiVir Desktop\avgnt.exe (Avira GmbH) O4 - HKLM..\Run: [ControlCenter3] File not found O4 - HKLM..\Run: [ErgoMedia] C:\Programme\KYE\ErgoMedia\SyTray.exe () O4 - HKLM..\Run: [Razer Imperator Driver] C:\Programme\Razer\Imperator\RazerImperatorTray.exe (Razer USA Ltd) O4 - HKLM..\Run: [RtHDVCpl] C:\Windows\RtHDVCpl.exe (Realtek Semiconductor) O4 - HKLM..\Run: [UVS10 Preload] File not found O4 - HKLM..\Run: [WinampAgent] C:\Program Files\Winamp\winampa.exe () O4 - HKLM..\Run: [Windows Defender] C:\Program Files\Windows Defender\MSASCui.exe (Microsoft Corporation) O4 - HKCU..\Run: [] File not found O4 - HKCU..\Run: [ICQ] C:\Program Files\ICQ7.2\ICQ.exe (ICQ, LLC.) O4 - HKCU..\Run: [SpybotSD TeaTimer] C:\Users\****\Eigene Programme\SPYBOT\Spybot - Search & Destroy\TeaTimer.exe (Safer Networking Limited) O4 - HKCU..\Run: [Steam] File not found O4 - HKCU..\Run: [swg] C:\Programme\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe (Google Inc.) O4 - HKCU..\Run: [VeohPlugin] C:\Program Files\Veoh Networks\VeohWebPlayer\veohwebplayer.exe (Veoh Networks) O4 - HKLM..\RunOnce: [Malwarebytes' Anti-Malware] C:\Users\****\Security\Malwarebytes' Anti-Malware\mbamgui.exe (Malwarebytes Corporation) O4 - Startup: C:\Users\Georg\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Picture Motion Browser Medien-Prüfung.lnk = C:\Programme\Sony\Sony Picture Utility\VolumeWatcher\SPUVolumeWatcher.exe (Sony Corporation) O4 - Startup: C:\Users\Georg\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Stardock ObjectDock.lnk = C:\Users\Georg\Eigene Programme\Star Docks\ObjectDock\ObjectDock.exe (Stardock) O8 - Extra context menu item: Nach Microsoft E&xel exportieren - C:\Programme\Microsoft Office\Office12\EXCEL.EXE (Microsoft Corporation) O9 - Extra Button: In Blog veröffentlichen - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Programme\Windows Live\Writer\WriterBrowserExtension.dll (Microsoft Corporation) O9 - Extra 'Tools' menuitem : In Windows Live Writer in Blog veröffentliche&n - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Programme\Windows Live\Writer\WriterBrowserExtension.dll (Microsoft Corporation) O9 - Extra Button: ICQ7.2 - {72EFBFE4-C74F-4187-AEFD-73EA3BE968D6} - C:\Programme\ICQ7.2\ICQ.exe (ICQ, LLC.) O9 - Extra 'Tools' menuitem : ICQ7.2 - {72EFBFE4-C74F-4187-AEFD-73EA3BE968D6} - C:\Programme\ICQ7.2\ICQ.exe (ICQ, LLC.) O9 - Extra Button: Skype Plug-In - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Programme\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.) O9 - Extra 'Tools' menuitem : Skype Plug-In - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Programme\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.) O9 - Extra Button: Recherchieren - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\OFFICE11\REFIEBAR.DLL (Microsoft Corporation) O9 - Extra Button: ICQ Lite - {B863453A-26C3-4e1f-A54D-A2CD196348E9} - File not found O9 - Extra 'Tools' menuitem : ICQ Lite - {B863453A-26C3-4e1f-A54D-A2CD196348E9} - File not found O9 - Extra 'Tools' menuitem : Spybot - Search && Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Users\Georg\Eigene Programme\SPYBOT\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited) O10 - NameSpace_Catalog5\Catalog_Entries\000000000007 [] - C:\Programme\Bonjour\mdnsNSP.dll (Apple Inc.) O13 - gopher Prefix: missing O16 - DPF: {1E54D648-B804-468d-BC78-4AFFED8E262E} hxxp://www.nvidia.com/content/DriverDownload/srl/3.0.0.0/srl_bin/sysreqlab3.cab (System Requirements Lab Class) O16 - DPF: {67A5F8DC-1A4B-4D66-9F24-A704AD929EEE} hxxp://www.nvidia.com/content/DriverDownload/srl/2.0.0.1/sysreqlab2.cab (Reg Error: Key error.) O16 - DPF: {74DBCB52-F298-4110-951D-AD2FF67BC8AB} hxxp://www.nvidia.com/content/DriverDownload/nforce/NvidiaSmartScan.cab (NVIDIA Smart Scan) O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_23-windows-i586.cab (Java Plug-in 1.6.0_23) O16 - DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} hxxp://fpdownload.macromedia.com/get/flashplayer/current/ultrashim.cab (Reg Error: Key error.) O16 - DPF: {CAFEEFAC-0016-0000-0001-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_01-windows-i586.cab (Java Plug-in 1.6.0_01) O16 - DPF: {CAFEEFAC-0016-0000-0002-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_02-windows-i586.cab (Java Plug-in 1.6.0_02) O16 - DPF: {CAFEEFAC-0016-0000-0003-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_03-windows-i586.cab (Java Plug-in 1.6.0_03) O16 - DPF: {CAFEEFAC-0016-0000-0005-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_05-windows-i586.cab (Java Plug-in 1.6.0_05) O16 - DPF: {CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_07-windows-i586.cab (Java Plug-in 1.6.0_07) O16 - DPF: {CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_23-windows-i586.cab (Java Plug-in 1.6.0_23) O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_23-windows-i586.cab (Java Plug-in 1.6.0_23) O16 - DPF: {D0C0F75C-683A-4390-A791-1ACFD5599AB8} hxxp://icq.oberon-media.com/Gameshell/GameHost/1.0/OberonGameHost.cab (Oberon Flash Game Host) O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} hxxp://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab (Shockwave Flash Object) O18 - Protocol\Handler\http\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation) O18 - Protocol\Handler\http\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation) O18 - Protocol\Handler\https\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation) O18 - Protocol\Handler\https\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation) O18 - Protocol\Handler\livecall {828030A1-22C1-4009-854F-8E305202313F} - C:\Programme\Windows Live\Messenger\msgrapp.14.0.8089.0726.dll (Microsoft Corporation) O18 - Protocol\Handler\msdaipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation) O18 - Protocol\Handler\msdaipp\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation) O18 - Protocol\Handler\ms-help {314111c7-a502-11d2-bbca-00c04f8ec294} - C:\Programme\Common Files\microsoft shared\Help\hxds.dll (Microsoft Corporation) O18 - Protocol\Handler\msnim {828030A1-22C1-4009-854F-8E305202313F} - C:\Programme\Windows Live\Messenger\msgrapp.14.0.8089.0726.dll (Microsoft Corporation) O18 - Protocol\Handler\mso-offdap11 {32505114-5902-49B2-880A-1F7738E5A384} - C:\Programme\Common Files\microsoft shared\Web Components\11\OWC11.DLL (Microsoft Corporation) O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Programme\Common Files\Skype\Skype4COM.dll (Skype Technologies) O18 - Protocol\Handler\skype-ie-addon-data {91774881-D725-4E58-B298-07617B9B86A8} - C:\Programme\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.) O18 - Protocol\Handler\wlmailhtml {03C514A3-1EFB-4856-9F99-10D7BE1653C0} - C:\Programme\Windows Live\Mail\mailcomm.dll (Microsoft Corporation) O18 - Protocol\Filter\text/xml {807553E5-5146-11D5-A672-00B0D022E945} - C:\Programme\Common Files\microsoft shared\OFFICE11\MSOXMLMF.DLL (Microsoft Corporation) O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation) O24 - Desktop WallPaper: C:\Users\****\AppData\Roaming\Microsoft\Windows Photo Gallery\Hintergrundbild der Windows-Fotogalerie.jpg O24 - Desktop BackupWallPaper: C:\Users\****\AppData\Roaming\Microsoft\Windows Photo Gallery\Hintergrundbild der Windows-Fotogalerie.jpg O32 - HKLM CDRom: AutoRun - 1 O32 - AutoRun File - [2006.09.18 22:43:36 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ] O32 - AutoRun File - [2007.01.24 03:48:50 | 000,000,041 | R--- | M] () - F:\autorun.inf -- [ UDF ] O33 - MountPoints2\{da0a881d-e94c-11dc-9159-806e6f6e6963}\Shell - "" = AutoRun O33 - MountPoints2\{da0a881d-e94c-11dc-9159-806e6f6e6963}\Shell\AutoRun\command - "" = F:\launch.exe -- [2004.10.22 02:38:02 | 000,126,976 | R--- | M] (Macrovision Corporation) O34 - HKLM BootExecute: (autocheck autochk *) - File not found O34 - HKLM BootExecute: (lsdelete) - C:\Windows\System32\lsdelete.exe () O35 - HKLM\..comfile [open] -- "%1" %* O35 - HKLM\..exefile [open] -- "%1" %* O37 - HKLM\...com [@ = comfile] -- "%1" %* O37 - HKLM\...exe [@ = exefile] -- "%1" %* ========== Files/Folders - Created Within 60 Days ========== [2011.02.12 12:47:14 | 000,157,472 | ---- | C] (Sun Microsystems, Inc.) -- C:\Windows\System32\javaws.exe [2011.02.12 12:47:14 | 000,145,184 | ---- | C] (Sun Microsystems, Inc.) -- C:\Windows\System32\javaw.exe [2011.02.12 12:47:14 | 000,145,184 | ---- | C] (Sun Microsystems, Inc.) -- C:\Windows\System32\java.exe [2011.02.09 21:15:09 | 000,000,000 | ---D | C] -- C:\Users\Georg\Documents\Fitness [2011.02.09 20:03:45 | 002,039,808 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\win32k.sys [2011.02.09 20:03:41 | 003,602,320 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ntkrnlpa.exe [2011.02.09 20:03:40 | 003,550,096 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ntoskrnl.exe [2011.02.09 20:03:31 | 001,172,480 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\d3d10warp.dll [2011.02.09 20:03:31 | 001,068,544 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\DWrite.dll [2011.02.09 20:03:31 | 000,979,456 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\MFH264Dec.dll [2011.02.09 20:03:31 | 000,797,184 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\FntCache.dll [2011.02.09 20:03:30 | 001,554,432 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\xpsservices.dll [2011.02.09 20:03:30 | 000,876,032 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\XpsPrint.dll [2011.02.09 20:03:30 | 000,847,360 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\OpcServices.dll [2011.02.09 20:03:30 | 000,683,008 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\d2d1.dll [2011.02.09 20:03:30 | 000,357,376 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\MFHEAACdec.dll [2011.02.09 20:03:30 | 000,302,592 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mfmp4src.dll [2011.02.09 20:03:30 | 000,288,768 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\XpsGdiConverter.dll [2011.02.09 20:03:30 | 000,261,632 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mfreadwrite.dll [2011.02.09 20:03:30 | 000,135,680 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\XpsRasterService.dll [2011.02.09 20:03:29 | 002,873,344 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mf.dll [2011.02.09 20:03:29 | 001,029,120 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\d3d10.dll [2011.02.09 20:03:29 | 000,478,720 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\dxgi.dll [2011.02.09 20:03:29 | 000,219,648 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\d3d10_1core.dll [2011.02.09 20:03:29 | 000,160,768 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\d3d10_1.dll [2011.02.09 20:03:28 | 000,667,648 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\printfilterpipelinesvc.exe [2011.02.09 20:03:28 | 000,486,400 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\d3d10level9.dll [2011.02.09 20:03:28 | 000,209,920 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mfplat.dll [2011.02.09 20:03:28 | 000,189,952 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\d3d10core.dll [2011.02.09 20:03:26 | 000,098,816 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mfps.dll [2011.02.09 20:03:26 | 000,037,376 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\cdd.dll [2011.02.09 20:03:25 | 000,026,112 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\printfilterpipelineprxy.dll [2011.02.09 20:03:17 | 001,638,912 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mshtml.tlb [2011.02.09 20:03:17 | 001,469,440 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\inetcpl.cpl [2011.02.09 20:03:17 | 000,611,840 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mstime.dll [2011.02.09 20:03:17 | 000,602,112 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msfeeds.dll [2011.02.09 20:03:17 | 000,387,584 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\iedkcs32.dll [2011.02.09 20:03:17 | 000,385,024 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\html.iec [2011.02.09 20:03:17 | 000,184,320 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\iepeers.dll [2011.02.09 20:03:17 | 000,173,568 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ie4uinit.exe [2011.02.09 20:03:17 | 000,164,352 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ieui.dll [2011.02.09 20:03:17 | 000,133,632 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ieUnatt.exe [2011.02.09 20:03:17 | 000,109,056 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\iesysprep.dll [2011.02.09 20:03:17 | 000,071,680 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\iesetup.dll [2011.02.09 20:03:17 | 000,055,808 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\iernonce.dll [2011.02.09 20:03:17 | 000,055,296 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msfeedsbs.dll [2011.02.09 20:03:17 | 000,043,520 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\licmgr10.dll [2011.02.09 20:03:17 | 000,025,600 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\jsproxy.dll [2011.02.09 20:03:17 | 000,013,312 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msfeedssync.exe [2011.02.09 20:03:12 | 000,292,352 | ---- | C] (Adobe Systems Incorporated) -- C:\Windows\System32\atmfd.dll [2011.02.09 20:03:12 | 000,034,304 | ---- | C] (Adobe Systems) -- C:\Windows\System32\atmlib.dll [2011.02.05 16:15:56 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\THQ [2011.02.02 20:49:15 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\iTunes [2011.02.02 20:48:20 | 000,000,000 | ---D | C] -- C:\Programme\iPod [2011.02.02 20:48:19 | 000,000,000 | ---D | C] -- C:\Programme\iTunes [2011.01.28 19:46:41 | 000,000,000 | ---D | C] -- C:\Users\****\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\StarCraft II [2011.01.16 01:59:30 | 000,000,000 | ---D | C] -- C:\Users\****\AppData\Roaming\.minecraft [2011.01.12 16:34:32 | 000,413,696 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\odbc32.dll [2011.01.12 16:34:30 | 001,169,408 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\sdclt.exe [2011.01.06 20:50:39 | 000,000,000 | ---D | C] -- C:\Users\****\AppData\Roaming\NVIDIA [2011.01.03 19:56:08 | 000,000,000 | ---D | C] -- C:\Users\****\AppData\Roaming\Canneverbe Limited [2011.01.03 19:56:08 | 000,000,000 | ---D | C] -- C:\ProgramData\Canneverbe Limited [2011.01.03 19:42:24 | 000,000,000 | ---D | C] -- C:\Users\****\AppData\Roaming\Ashampoo [2011.01.03 19:41:41 | 000,000,000 | ---D | C] -- C:\Users\****\AppData\Local\ashampoo [2011.01.03 19:41:40 | 000,000,000 | ---D | C] -- C:\ProgramData\ashampoo [2011.01.03 19:41:37 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Ashampoo [2010.12.23 20:56:07 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\QuickTime [2010.12.23 20:55:53 | 000,000,000 | ---D | C] -- C:\Programme\QuickTime [3 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ] ========== Files - Modified Within 60 Days ========== [2011.02.14 00:09:59 | 000,000,418 | -H-- | M] () -- C:\Windows\tasks\User_Feed_Synchronization-{D4458F72-53FA-4982-82DA-68B74D95648C}.job [2011.02.13 23:31:10 | 000,004,256 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0 [2011.02.13 23:31:10 | 000,004,256 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0 [2011.02.13 23:18:01 | 000,001,096 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job [2011.02.13 22:37:51 | 000,000,933 | ---- | M] () -- C:\Users\Public\Desktop\Malwarebytes' Anti-Malware.lnk [2011.02.13 22:15:41 | 000,055,781 | ---- | M] () -- C:\ProgramData\nvModes.001 [2011.02.13 22:15:40 | 000,055,781 | ---- | M] () -- C:\ProgramData\nvModes.dat [2011.02.13 21:18:02 | 000,001,092 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job [2011.02.13 16:37:29 | 000,216,576 | ---- | M] () -- C:\Users\****\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini [2011.02.13 16:04:26 | 000,638,972 | ---- | M] () -- C:\Windows\System32\perfh007.dat [2011.02.13 16:04:26 | 000,604,566 | ---- | M] () -- C:\Windows\System32\perfh009.dat [2011.02.13 16:04:26 | 000,130,818 | ---- | M] () -- C:\Windows\System32\perfc007.dat [2011.02.13 16:04:26 | 000,107,898 | ---- | M] () -- C:\Windows\System32\perfc009.dat [2011.02.13 13:31:28 | 000,000,252 | ---- | M] () -- C:\Windows\tasks\RtlVistaStart.job [2011.02.13 13:31:09 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat [2011.02.13 13:31:07 | 3354,517,504 | -HS- | M] () -- C:\hiberfil.sys [2011.02.10 20:29:13 | 000,288,776 | ---- | M] () -- C:\Windows\System32\FNTCACHE.DAT [2011.02.04 23:40:11 | 000,138,440 | ---- | M] () -- C:\Windows\System32\drivers\PnkBstrK.sys [2011.02.04 23:40:03 | 000,270,856 | ---- | M] () -- C:\Windows\System32\PnkBstrB.xtr [2011.02.04 23:37:35 | 000,218,496 | ---- | M] () -- C:\Windows\System32\PnkBstrB.ex0 [2011.02.02 20:49:15 | 000,001,664 | ---- | M] () -- C:\Users\Public\Desktop\iTunes.lnk [2011.01.27 20:13:47 | 000,011,155 | ---- | M] () -- C:\Users\****\Documents\Game Toplist.xlsx [2011.01.24 23:22:11 | 000,000,716 | ---- | M] () -- C:\Users\****\Documents\Games-Toplist.rtf [2011.01.20 17:08:16 | 000,478,720 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\dxgi.dll [2011.01.20 17:08:06 | 001,029,120 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\d3d10.dll [2011.01.20 17:08:06 | 000,219,648 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\d3d10_1core.dll [2011.01.20 17:08:06 | 000,189,952 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\d3d10core.dll [2011.01.20 17:08:06 | 000,160,768 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\d3d10_1.dll [2011.01.20 17:07:58 | 000,037,376 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\cdd.dll [2011.01.20 17:06:38 | 002,873,344 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\mf.dll [2011.01.20 17:06:35 | 000,026,112 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\printfilterpipelineprxy.dll [2011.01.20 17:04:54 | 000,209,920 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\mfplat.dll [2011.01.20 17:04:54 | 000,098,816 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\mfps.dll [2011.01.20 15:28:38 | 001,554,432 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\xpsservices.dll [2011.01.20 15:27:50 | 000,876,032 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\XpsPrint.dll [2011.01.20 15:26:30 | 000,667,648 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\printfilterpipelinesvc.exe [2011.01.20 15:25:25 | 000,847,360 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\OpcServices.dll [2011.01.20 15:24:32 | 000,288,768 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\XpsGdiConverter.dll [2011.01.20 15:24:26 | 000,135,680 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\XpsRasterService.dll [2011.01.20 15:15:10 | 000,979,456 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\MFH264Dec.dll [2011.01.20 15:14:39 | 000,357,376 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\MFHEAACdec.dll [2011.01.20 15:14:03 | 000,302,592 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\mfmp4src.dll [2011.01.20 15:14:03 | 000,261,632 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\mfreadwrite.dll [2011.01.20 15:12:46 | 001,172,480 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\d3d10warp.dll [2011.01.20 15:11:34 | 000,486,400 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\d3d10level9.dll [2011.01.20 14:47:51 | 000,683,008 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\d2d1.dll [2011.01.20 14:44:05 | 001,068,544 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\DWrite.dll [2011.01.20 14:44:03 | 000,797,184 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\FntCache.dll [2011.01.09 20:16:20 | 000,014,892 | ---- | M] () -- C:\Users\****\Desktop\MZ-Lager 3.1.11-7.1.10.docx [2011.01.09 19:54:49 | 000,014,908 | ---- | M] () -- C:\Users\****\Desktop\MZ-Lager 6.12.10-10.12.10.docx [2011.01.08 09:47:50 | 000,034,304 | ---- | M] (Adobe Systems) -- C:\Windows\System32\atmlib.dll [2011.01.08 07:28:49 | 000,292,352 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\System32\atmfd.dll [2011.01.03 19:55:58 | 000,001,839 | ---- | M] () -- C:\Users\Public\Desktop\CDBurnerXP.lnk [2011.01.03 19:41:37 | 000,001,028 | ---- | M] () -- C:\Users\Public\Desktop\Ashampoo Burning Studio 2010 Advanced.lnk [2010.12.31 14:57:01 | 002,039,808 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\win32k.sys [2010.12.28 16:55:03 | 000,413,696 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\odbc32.dll [2010.12.20 18:09:00 | 000,038,224 | ---- | M] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbamswissarmy.sys [2010.12.20 18:08:40 | 000,020,952 | ---- | M] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbam.sys [2010.12.20 16:45:50 | 000,135,096 | ---- | M] (Avira GmbH) -- C:\Windows\System32\drivers\avipbb.sys [2010.12.18 07:23:39 | 000,611,840 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\mstime.dll [2010.12.18 07:23:11 | 000,602,112 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\msfeeds.dll [2010.12.18 07:23:11 | 000,055,296 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\msfeedsbs.dll [2010.12.18 07:22:41 | 000,043,520 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\licmgr10.dll [2010.12.18 07:22:33 | 000,025,600 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\jsproxy.dll [2010.12.18 07:22:27 | 001,469,440 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\inetcpl.cpl [2010.12.18 07:22:11 | 000,164,352 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\ieui.dll [2010.12.18 07:22:11 | 000,109,056 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\iesysprep.dll [2010.12.18 07:22:11 | 000,071,680 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\iesetup.dll [2010.12.18 07:22:11 | 000,055,808 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\iernonce.dll [2010.12.18 07:22:10 | 000,184,320 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\iepeers.dll [2010.12.18 07:22:06 | 000,387,584 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\iedkcs32.dll [2010.12.18 06:25:26 | 000,385,024 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\html.iec [2010.12.18 05:48:39 | 000,133,632 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\ieUnatt.exe [2010.12.18 05:48:23 | 000,173,568 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\ie4uinit.exe [2010.12.18 05:47:42 | 000,013,312 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\msfeedssync.exe [2010.12.18 05:47:11 | 001,638,912 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\mshtml.tlb [3 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ] ========== Files Created - No Company Name ========== [2011.02.13 22:37:51 | 000,000,933 | ---- | C] () -- C:\Users\Public\Desktop\Malwarebytes' Anti-Malware.lnk [2011.02.05 16:15:09 | 000,040,960 | R--- | C] () -- C:\Windows\System32\psfind.dll [2011.02.02 20:49:15 | 000,001,664 | ---- | C] () -- C:\Users\Public\Desktop\iTunes.lnk [2011.01.27 20:13:47 | 000,011,155 | ---- | C] () -- C:\Users\****\Documents\Game Toplist.xlsx [2011.01.24 23:22:11 | 000,000,716 | ---- | C] () -- C:\Users\****\Documents\Games-Toplist.rtf [2011.01.09 20:16:20 | 000,014,892 | ---- | C] () -- C:\Users\****\Desktop\MZ-Lager 3.1.11-7.1.10.docx [2011.01.09 19:54:48 | 000,014,908 | ---- | C] () -- C:\Users\****\Desktop\MZ-Lager 6.12.10-10.12.10.docx [2011.01.09 19:33:17 | 000,032,768 | ---- | C] () -- C:\Users\****\Desktop\Wochenberichte 1+2 Lehrjahr Verbund.dot [2011.01.03 19:55:58 | 000,001,839 | ---- | C] () -- C:\Users\Public\Desktop\CDBurnerXP.lnk [2011.01.03 19:55:58 | 000,001,807 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\CDBurnerXP.lnk [2011.01.03 19:41:37 | 000,001,028 | ---- | C] () -- C:\Users\Public\Desktop\Ashampoo Burning Studio 2010 Advanced.lnk [2010.11.20 18:47:39 | 000,055,781 | ---- | C] () -- C:\ProgramData\nvModes.001 [2010.11.20 18:47:30 | 000,055,781 | ---- | C] () -- C:\ProgramData\nvModes.dat [2010.10.14 01:36:44 | 000,179,263 | ---- | C] () -- C:\Windows\System32\xlive.dll.cat [2010.04.17 12:40:52 | 000,001,852 | ---- | C] () -- C:\Users\****\AppData\Roaming\ImperatorProfile0.dat [2010.02.21 15:41:15 | 000,327,168 | ---- | C] () -- C:\Windows\System32\cutil32.dll [2010.02.07 13:32:48 | 000,005,760 | ---- | C] () -- C:\Windows\System32\drivers\yrtumdriver.sys [2009.10.01 15:36:59 | 000,000,093 | ---- | C] () -- C:\Users\****\AppData\Local\fusioncache.dat [2009.09.24 18:10:54 | 000,117,248 | ---- | C] () -- C:\Windows\System32\EhStorAuthn.dll [2009.08.03 14:07:42 | 000,403,816 | ---- | C] () -- C:\Windows\System32\OGACheckControl.dll [2009.06.25 19:37:20 | 000,007,552 | ---- | C] () -- C:\Windows\System32\drivers\enodpl.sys [2009.06.25 19:37:20 | 000,004,736 | ---- | C] () -- C:\Windows\System32\drivers\tandpl.sys [2009.04.15 14:04:38 | 000,104,520 | ---- | C] () -- C:\Windows\System32\OSD.dll [2009.03.17 12:09:34 | 000,007,718 | ---- | C] () -- C:\Windows\cadx2.ini [2008.12.12 17:18:56 | 000,000,056 | -H-- | C] () -- C:\ProgramData\ezsidmv.dat [2008.12.04 20:19:21 | 000,000,020 | ---- | C] () -- C:\Windows\Ulead32.ini [2008.10.07 09:13:22 | 000,058,648 | ---- | C] () -- C:\Windows\System32\AgCPanelTraditionalChinese.dll [2008.10.07 09:13:20 | 000,058,648 | ---- | C] () -- C:\Windows\System32\AgCPanelSwedish.dll [2008.10.07 09:13:20 | 000,058,648 | ---- | C] () -- C:\Windows\System32\AgCPanelSpanish.dll [2008.10.07 09:13:20 | 000,058,648 | ---- | C] () -- C:\Windows\System32\AgCPanelSimplifiedChinese.dll [2008.10.07 09:13:20 | 000,058,648 | ---- | C] () -- C:\Windows\System32\AgCPanelPortugese.dll [2008.10.07 09:13:20 | 000,058,648 | ---- | C] () -- C:\Windows\System32\AgCPanelKorean.dll [2008.10.07 09:13:20 | 000,058,648 | ---- | C] () -- C:\Windows\System32\AgCPanelJapanese.dll [2008.10.07 09:13:20 | 000,058,648 | ---- | C] () -- C:\Windows\System32\AgCPanelGerman.dll [2008.10.07 09:13:20 | 000,058,648 | ---- | C] () -- C:\Windows\System32\AgCPanelFrench.dll [2008.10.01 21:31:38 | 000,138,440 | ---- | C] () -- C:\Windows\System32\drivers\PnkBstrK.sys [2008.10.01 21:31:38 | 000,138,056 | ---- | C] () -- C:\Users\****\AppData\Roaming\PnkBstrK.sys [2008.10.01 21:31:18 | 000,000,319 | ---- | C] () -- C:\Windows\game.ini [2008.06.05 07:58:26 | 000,197,912 | ---- | C] () -- C:\Windows\System32\physxcudart_20.dll [2008.05.30 18:22:22 | 003,596,288 | ---- | C] () -- C:\Windows\System32\qt-dx331.dll [2008.05.30 18:18:00 | 000,012,288 | ---- | C] () -- C:\Windows\System32\DivXWMPExtType.dll [2008.05.13 15:51:43 | 000,000,085 | -HS- | C] () -- C:\ProgramData\.zreglib [2008.05.10 13:18:19 | 000,524,288 | ---- | C] () -- C:\Windows\System32\xvidcore.dll [2008.05.10 13:18:19 | 000,139,264 | ---- | C] () -- C:\Windows\System32\xvidvfw.dll [2008.05.02 13:20:03 | 000,003,654 | ---- | C] () -- C:\Windows\System32\drivers\Sonyhcp.dll [2007.12.15 22:13:59 | 000,165,504 | ---- | C] () -- C:\Windows\System32\drivers\atjsgt.sys [2007.12.15 22:13:54 | 000,016,000 | ---- | C] () -- C:\Windows\System32\drivers\linsgt.sys [2007.11.30 22:50:25 | 000,000,400 | ---- | C] () -- C:\Windows\ODBC.INI [2007.11.28 20:08:36 | 000,000,032 | ---- | C] () -- C:\ProgramData\ezsid.dat [2007.08.18 13:41:59 | 000,027,114 | ---- | C] () -- C:\Windows\maxlink.ini [2007.08.12 12:39:35 | 000,000,305 | ---- | C] () -- C:\ProgramData\addr_file.html [2007.07.05 15:53:55 | 000,000,425 | ---- | C] () -- C:\Windows\BRWMARK.INI [2007.07.05 15:53:55 | 000,000,027 | ---- | C] () -- C:\Windows\BRPP2KA.INI [2007.07.05 15:52:49 | 000,000,225 | ---- | C] () -- C:\Windows\Brpfx04a.ini [2007.07.05 15:52:49 | 000,000,093 | ---- | C] () -- C:\Windows\brpcfx.ini [2007.07.05 15:46:16 | 000,106,496 | ---- | C] () -- C:\Windows\System32\BrMuSNMP.dll [2007.07.03 20:10:06 | 000,216,576 | ---- | C] () -- C:\Users\****\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini [2007.06.20 19:27:13 | 000,000,065 | ---- | C] () -- C:\Programme\Common Files\appop.log [2007.06.20 19:26:52 | 000,204,800 | ---- | C] () -- C:\Windows\System32\IVIresizeW7.dll [2007.06.20 19:26:52 | 000,200,704 | ---- | C] () -- C:\Windows\System32\IVIresizeA6.dll [2007.06.20 19:26:52 | 000,192,512 | ---- | C] () -- C:\Windows\System32\IVIresizeP6.dll [2007.06.20 19:26:52 | 000,192,512 | ---- | C] () -- C:\Windows\System32\IVIresizeM6.dll [2007.06.20 19:26:52 | 000,188,416 | ---- | C] () -- C:\Windows\System32\IVIresizePX.dll [2007.06.20 19:26:52 | 000,020,480 | ---- | C] () -- C:\Windows\System32\IVIresize.dll [2007.06.20 19:26:40 | 000,005,376 | ---- | C] () -- C:\Windows\System32\drivers\udffsrec.sys [2007.06.20 18:35:22 | 000,024,576 | ---- | C] () -- C:\Windows\System32\AsIO.dll [2007.06.20 18:35:22 | 000,012,664 | ---- | C] () -- C:\Windows\System32\drivers\AsIO.sys [2007.06.20 18:35:20 | 000,012,096 | ---- | C] () -- C:\Windows\System32\drivers\AsInsHelp64.sys [2007.06.20 18:35:20 | 000,010,304 | ---- | C] () -- C:\Windows\System32\drivers\AsInsHelp32.sys [2007.06.20 18:29:11 | 000,002,032 | ---- | C] () -- C:\Users\****\AppData\Local\d3d9caps.dat [2006.11.02 13:35:32 | 000,005,632 | ---- | C] () -- C:\Windows\System32\sysprepMCE.dll [2006.11.02 08:40:29 | 000,013,750 | ---- | C] () -- C:\Windows\System32\pacerprf.ini [2006.10.18 20:44:48 | 000,007,680 | ---- | C] () -- C:\Windows\System32\drivers\ASACPI.sys [2002.03.04 09:16:34 | 000,110,592 | R--- | C] () -- C:\Windows\System32\Jpeg32.dll ========== LOP Check ========== [2011.01.16 01:59:30 | 000,000,000 | ---D | M] -- C:\Users\****\AppData\Roaming\.minecraft [2010.04.24 14:12:28 | 000,000,000 | ---D | M] -- C:\Users\****\AppData\Roaming\Artweaver [2011.01.03 19:42:24 | 000,000,000 | ---D | M] -- C:\Users\****\AppData\Roaming\Ashampoo [2010.09.04 22:48:47 | 000,000,000 | ---D | M] -- C:\Users\****\AppData\Roaming\Atari [2011.01.03 19:56:08 | 000,000,000 | ---D | M] -- C:\Users\****\AppData\Roaming\Canneverbe Limited [2008.10.28 22:32:44 | 000,000,000 | ---D | M] -- C:\Users\****\AppData\Roaming\Command & Conquer 3 Tiberium Wars [2010.04.24 14:48:14 | 000,000,000 | ---D | M] -- C:\Users\****\AppData\Roaming\gtk-2.0 [2010.07.01 15:03:10 | 000,000,000 | ---D | M] -- C:\Users\****\AppData\Roaming\hdbADS [2011.02.13 18:12:21 | 000,000,000 | ---D | M] -- C:\Users\****\AppData\Roaming\ICQ [2007.09.21 20:55:40 | 000,000,000 | ---D | M] -- C:\Users\****\AppData\Roaming\ICQ Toolbar [2007.09.21 21:07:42 | 000,000,000 | ---D | M] -- C:\Users\****\AppData\Roaming\ICQLite [2007.06.20 19:31:46 | 000,000,000 | ---D | M] -- C:\Users\****\AppData\Roaming\InterVideo [2009.01.01 14:28:42 | 000,000,000 | ---D | M] -- C:\Users\****\AppData\Roaming\IrfanView [2010.09.04 22:47:25 | 000,000,000 | ---D | M] -- C:\Users\****\AppData\Roaming\Leadertech [2009.03.07 21:01:06 | 000,000,000 | ---D | M] -- C:\Users\****\AppData\Roaming\Mumble [2007.12.30 02:46:55 | 000,000,000 | ---D | M] -- C:\Users\****\AppData\Roaming\My Battle for Middle-earth Files [2010.04.29 16:29:14 | 000,000,000 | ---D | M] -- C:\Users\****\AppData\Roaming\OpenCandy [2010.06.10 21:23:40 | 000,000,000 | ---D | M] -- C:\Users\****\AppData\Roaming\PersonalBrain [2008.12.28 13:42:21 | 000,000,000 | ---D | M] -- C:\Users\****\AppData\Roaming\Publish Providers [2007.09.25 18:54:30 | 000,000,000 | ---D | M] -- C:\Users\****\AppData\Roaming\ScanSoft [2009.09.06 17:24:56 | 000,000,000 | ---D | M] -- C:\Users\****\AppData\Roaming\Sony [2009.02.18 17:36:36 | 000,000,000 | ---D | M] -- C:\Users\****\AppData\Roaming\Teeworlds [2010.08.20 18:38:04 | 000,000,000 | ---D | M] -- C:\Users\****\AppData\Roaming\TS3Client [2008.11.24 10:17:36 | 000,000,000 | ---D | M] -- C:\Users\****\AppData\Roaming\TuneUp Software [2010.06.06 16:51:11 | 000,000,294 | ---- | M] () -- C:\Windows\Tasks\Crysis Wars(R) Updates.job [2011.02.13 13:31:28 | 000,000,252 | ---- | M] () -- C:\Windows\Tasks\RtlVistaStart.job [2011.02.13 02:33:15 | 000,032,530 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT [2011.02.14 00:09:59 | 000,000,418 | -H-- | M] () -- C:\Windows\Tasks\User_Feed_Synchronization-{D4458F72-53FA-4982-82DA-68B74D95648C}.job ========== Purity Check ========== ========== Alternate Data Streams ========== @Alternate Data Stream - 114 bytes -> C:\ProgramData\TEMP:39413AC3 < End of report > |
|
14.02.2011, 15:59
| #2 |
| /// Winkelfunktion /// TB-Süch-Tiger™   | JAVA/Dldr.Cethry.E Gibt es noch weitere Logs von Malwarebytes? Wenn ja bitte alle posten, die in Malwarebytes im Reiter Logdateien sichtbar sind.
__________________
__________________ |
|
14.02.2011, 18:27
| #3 |
| | JAVA/Dldr.Cethry.E Das einzige was noch da war is das hier:
__________________Code:
ATTFilter Malwarebytes' Anti-Malware 1.46
www.malwarebytes.org
Datenbank Version: 4345
Windows 6.0.6002 Service Pack 2
Internet Explorer 8.0.6001.18928
25.07.2010 02:47:53
mbam-log-2010-07-25 (02-47-53).txt
Art des Suchlaufs: Vollständiger Suchlauf (C:\|D:\|E:\|G:\|H:\|I:\|)
Durchsuchte Objekte: 399208
Laufzeit: 1 Stunde(n), 19 Minute(n), 44 Sekunde(n)
Infizierte Speicherprozesse: 0
Infizierte Speichermodule: 0
Infizierte Registrierungsschlüssel: 2
Infizierte Registrierungswerte: 0
Infizierte Dateiobjekte der Registrierung: 0
Infizierte Verzeichnisse: 0
Infizierte Dateien: 1
Infizierte Speicherprozesse:
(Keine bösartigen Objekte gefunden)
Infizierte Speichermodule:
(Keine bösartigen Objekte gefunden)
Infizierte Registrierungsschlüssel:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{055fd26d-3a88-4e15-963d-dc8493744b1d} (Trojan.BHO) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{055fd26d-3a88-4e15-963d-dc8493744b1d} (Trojan.BHO) -> Quarantined and deleted successfully.
Infizierte Registrierungswerte:
(Keine bösartigen Objekte gefunden)
Infizierte Dateiobjekte der Registrierung:
(Keine bösartigen Objekte gefunden)
Infizierte Verzeichnisse:
(Keine bösartigen Objekte gefunden)
Infizierte Dateien:
C:\Program Files\ICQToolbar\1112\toolbaru.dll (Trojan.BHO) -> Quarantined and deleted successfully.
|
|
14.02.2011, 18:57
| #4 |
| /// Winkelfunktion /// TB-Süch-Tiger™ | JAVA/Dldr.Cethry.E Beende alle Programme, starte OTL und kopiere folgenden Text in die "Custom Scan/Fixes" Box (unten in OTL): (das ":OTL" muss mitkopiert werden!!!) Code:
ATTFilter :OTL
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2006.09.18 22:43:36 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]
O32 - AutoRun File - [2007.01.24 03:48:50 | 000,000,041 | R--- | M] () - F:\autorun.inf -- [ UDF ]
O33 - MountPoints2\{da0a881d-e94c-11dc-9159-806e6f6e6963}\Shell - "" = AutoRun
O33 - MountPoints2\{da0a881d-e94c-11dc-9159-806e6f6e6963}\Shell\AutoRun\command - "" = F:\launch.exe -- [2004.10.22 02:38:02 | 000,126,976 | R--- | M] (Macrovision Corporation)
@Alternate Data Stream - 114 bytes -> C:\ProgramData\TEMP:39413AC3
:Commands
[purity]
[resethosts]
[emptytemp]
Das Logfile müsste geöffnet werden, wenn Du nach dem Fixen auf ok klickst, poste das bitte. Evtl. wird der Rechner neu gestartet.
__________________ Logfiles bitte immer in CODE-Tags posten  |
|
14.02.2011, 20:00
| #5 |
| | JAVA/Dldr.Cethry.E Hier ist die Logfile: Code:
ATTFilter All processes killed
========== OTL ==========
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Cdrom\\AutoRun|DWORD:1 /E : value set successfully!
C:\autoexec.bat moved successfully.
File move failed. F:\autorun.inf scheduled to be moved on reboot.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{da0a881d-e94c-11dc-9159-806e6f6e6963}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{da0a881d-e94c-11dc-9159-806e6f6e6963}\ not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{da0a881d-e94c-11dc-9159-806e6f6e6963}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{da0a881d-e94c-11dc-9159-806e6f6e6963}\ not found.
File move failed. F:\launch.exe scheduled to be moved on reboot.
ADS C:\ProgramData\TEMP:39413AC3 deleted successfully.
========== COMMANDS ==========
C:\Windows\System32\drivers\etc\Hosts moved successfully.
HOSTS file reset successfully
[EMPTYTEMP]
User: All Users
User: Default
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 33170 bytes
->Flash cache emptied: 56504 bytes
User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
->Flash cache emptied: 0 bytes
User: ****
->Temp folder emptied: 305229241 bytes
->Temporary Internet Files folder emptied: 985756329 bytes
->Java cache emptied: 120524868 bytes
->FireFox cache emptied: 93800618 bytes
->Google Chrome cache emptied: 8382249 bytes
->Flash cache emptied: 414877 bytes
User: Public
%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 356400 bytes
%systemroot%\System32 .tmp files removed: 0 bytes
%systemroot%\System32\dllcache .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 556745257 bytes
RecycleBin emptied: 0 bytes
Total Files Cleaned = 1.975,00 mb
OTL by OldTimer - Version 3.2.20.6 log created on 02142011_195146
Files\Folders moved on Reboot...
File move failed. F:\autorun.inf scheduled to be moved on reboot.
File move failed. F:\launch.exe scheduled to be moved on reboot.
Registry entries deleted on Reboot...
|
|
14.02.2011, 20:08
| #6 |
| /// Winkelfunktion /// TB-Süch-Tiger™ | JAVA/Dldr.Cethry.E Dann bitte jetzt CF ausführen: ComboFix Ein Leitfaden und Tutorium zur Nutzung von ComboFix
Combofix darf ausschließlich ausgeführt werden, wenn ein Kompetenzler dies ausdrücklich empfohlen hat!
__________________ --> JAVA/Dldr.Cethry.E |
|
14.02.2011, 21:00
| #7 |
| | JAVA/Dldr.Cethry.E Habs gemacht, hier ist wieder er Text: Code:
ATTFilter ComboFix 11-02-13.04 - ****14.02.2011 20:42:25.1.2 - x86
Microsoft® Windows Vista™ Home Premium 6.0.6002.2.1252.49.1031.18.3198.2059 [GMT 1:00]
ausgeführt von:: c:\users\****\Desktop\cofi.exe
AV: AntiVir Desktop *Disabled/Updated* {090F9C29-64CE-6C6F-379C-5901B49A85B7}
SP: AntiVir Desktop *Disabled/Updated* {B26E7DCD-42F4-63E1-0D2C-6273CF1DCF0A}
SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
(((((((((((((((((((((((((((((((((((( Weitere Löschungen ))))))))))))))))))))))))))))))))))))))))))))))))
.
c:\programdata\Desktop
c:\users\Georg\videos\XMediaRecode2053_setup.exe
c:\windows\system32\spool\prtprocs\w32x86\ppbiPr.dll
.
((((((((((((((((((((((( Dateien erstellt von 2011-01-14 bis 2011-02-14 ))))))))))))))))))))))))))))))
.
2011-02-14 19:49 . 2011-02-14 19:49 -------- d-----w- c:\users\****\AppData\Local\temp
2011-02-14 19:49 . 2011-02-14 19:49 -------- d-----w- c:\users\Default\AppData\Local\temp
2011-02-14 19:21 . 2011-02-14 19:21 -------- d-----w- c:\program files\CCleaner
2011-02-14 18:51 . 2011-02-14 18:51 -------- d-----w- C:\_OTL
2011-02-11 16:26 . 2011-01-13 09:41 5890896 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{C6B1A513-494E-4168-B0CD-94CBF5A94DB5}\mpengine.dll
2011-02-05 15:15 . 2007-01-03 13:16 40960 ----a-r- c:\windows\system32\psfind.dll
2011-02-02 19:48 . 2011-02-02 19:48 -------- d-----w- c:\program files\iPod
2011-02-02 19:48 . 2011-02-02 19:49 -------- d-----w- c:\program files\iTunes
2011-01-16 00:59 . 2011-01-16 00:59 -------- d-----w- c:\users\****\AppData\Roaming\.minecraft
.
(((((((((((((((((((((((((((((((((((( Find3M Bericht ))))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2011-02-04 22:40 . 2008-10-01 20:31 138440 ----a-w- c:\windows\system32\drivers\PnkBstrK.sys
2011-02-04 22:40 . 2009-04-08 12:44 270856 ----a-w- c:\windows\system32\PnkBstrB.xtr
2011-02-04 22:40 . 2008-10-01 20:31 270856 ----a-w- c:\windows\system32\PnkBstrB.exe
2011-02-04 22:37 . 2008-10-01 20:31 218496 ----a-w- c:\windows\system32\PnkBstrB.ex0
2010-12-28 15:55 . 2011-01-12 15:34 413696 ----a-w- c:\windows\system32\odbc32.dll
2010-12-20 17:09 . 2010-07-24 23:23 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2010-12-20 17:08 . 2010-07-24 23:23 20952 ----a-w- c:\windows\system32\drivers\mbam.sys
2010-12-20 15:45 . 2009-06-25 14:52 135096 ----a-w- c:\windows\system32\drivers\avipbb.sys
2010-12-14 14:49 . 2011-01-12 15:34 1169408 ----a-w- c:\windows\system32\sdclt.exe
2010-11-29 16:38 . 2010-11-29 16:38 94208 ----a-w- c:\windows\system32\QuickTimeVR.qtx
2010-11-29 16:38 . 2010-11-29 16:38 69632 ----a-w- c:\windows\system32\QuickTime.qts
2010-11-22 15:56 . 2009-06-25 14:52 61960 ----a-w- c:\windows\system32\drivers\avgntflt.sys
2010-11-18 20:50 . 2008-10-01 20:31 75136 ----a-w- c:\windows\system32\PnkBstrA.exe
2009-02-24 19:34 . 2009-02-24 19:34 1044480 ----a-w- c:\program files\mozilla firefox\plugins\libdivx.dll
2009-02-24 19:34 . 2009-02-24 19:34 200704 ----a-w- c:\program files\mozilla firefox\plugins\ssldivx.dll
.
(((((((((((((((((((((((((((( Autostartpunkte der Registrierung ))))))))))))))))))))))))))))))))))))))))
.
.
*Hinweis* leere Einträge & legitime Standardeinträge werden nicht angezeigt.
REGEDIT4
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\URLSearchHooks]
"{57BCA5FA-5DBB-45a2-B558-1755C3F6253B}"= "c:\program files\Winamp Toolbar\winamptb.dll" [2009-05-06 1262888]
"{0002ee26-8c11-49eb-9cdf-56eeffef664f}"= "c:\program files\HotSpot_International\tbHotS.dll" [2010-06-13 2734688]
[HKEY_CLASSES_ROOT\clsid\{57bca5fa-5dbb-45a2-b558-1755c3f6253b}]
[HKEY_CLASSES_ROOT\WINAMPTB.AOLTBSearch.1]
[HKEY_CLASSES_ROOT\TypeLib\{538CD77C-BFDD-49b0-9562-77419CAB89D1}]
[HKEY_CLASSES_ROOT\WINAMPTB.AOLTBSearch]
[HKEY_CLASSES_ROOT\clsid\{0002ee26-8c11-49eb-9cdf-56eeffef664f}]
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{0002ee26-8c11-49eb-9cdf-56eeffef664f}]
2010-06-13 18:10 2734688 ----a-w- c:\program files\HotSpot_International\tbHotS.dll
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{8dbb6d8e-e4a6-4e3b-9753-af78b226441c}]
2008-09-15 04:47 1784856 ----a-w- c:\program files\Softonic_Deutsch\tbSoft.dll
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
"{8dbb6d8e-e4a6-4e3b-9753-af78b226441c}"= "c:\program files\Softonic_Deutsch\tbSoft.dll" [2008-09-15 1784856]
"{0002ee26-8c11-49eb-9cdf-56eeffef664f}"= "c:\program files\HotSpot_International\tbHotS.dll" [2010-06-13 2734688]
[HKEY_CLASSES_ROOT\clsid\{8dbb6d8e-e4a6-4e3b-9753-af78b226441c}]
[HKEY_CLASSES_ROOT\clsid\{0002ee26-8c11-49eb-9cdf-56eeffef664f}]
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"swg"="c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2009-01-01 39408]
"SpybotSD TeaTimer"="c:\users\****\Eigene Programme\SPYBOT\Spybot - Search & Destroy\TeaTimer.exe" [2008-07-07 2156368]
"VeohPlugin"="c:\program files\Veoh Networks\VeohWebPlayer\veohwebplayer.exe" [2010-07-06 2634048]
"Sidebar"="c:\program files\Windows Sidebar\sidebar.exe" [2009-04-11 1233920]
"ICQ"="c:\program files\ICQ7.2\ICQ.exe" [2011-01-05 133432]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"RtHDVCpl"="RtHDVCpl.exe" [2006-12-29 4317184]
"avgnt"="c:\program files\Avira\AntiVir Desktop\avgnt.exe" [2010-11-04 281768]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2008-10-14 39792]
"WinampAgent"="c:\program files\Winamp\winampa.exe" [2009-07-01 37888]
"ErgoMedia"="c:\progra~1\KYE\ERGOME~1\SyTray.exe" [2005-06-28 1855488]
"Razer Imperator Driver"="c:\program files\Razer\Imperator\RazerImperatorTray.exe" [2010-03-18 2787224]
"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2010-05-14 248552]
"QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2010-11-29 421888]
"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2011-01-25 421160]
c:\users\****\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
Picture Motion Browser Medien-Prfung.lnk - c:\program files\Sony\Sony Picture Utility\VolumeWatcher\SPUVolumeWatcher.exe [2008-5-2 344064]
Stardock ObjectDock.lnk - c:\users\****\Eigene Programme\Star Docks\ObjectDock\ObjectDock.exe [2008-7-28 3450608]
c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
McAfee Security Scan Plus.lnk - c:\program files\McAfee Security Scan\2.0.181\SSScheduler.exe [2010-1-15 255536]
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"EnableUIADesktopToggle"= 0 (0x0)
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\aawservice]
@="Service"
[HKLM\~\startupfolder\C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^InterVideo WinCinema Manager.lnk]
path=c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\InterVideo WinCinema Manager.lnk
backup=c:\windows\pss\InterVideo WinCinema Manager.lnk.CommonStartup
backupExtension=.CommonStartup
[HKLM\~\startupfolder\C:^Users^****^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^Hamachi.lnk]
path=c:\users\****\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Hamachi.lnk
backup=c:\windows\pss\Hamachi.lnk.Startup
backupExtension=.Startup
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Reader Speed Launcher]
2008-10-14 23:04 39792 ----a-w- c:\program files\Adobe\Reader 8.0\Reader\reader_sl.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AdobeUpdater]
2008-09-26 09:02 2356088 ----a-r- c:\program files\Common Files\Adobe\Updater5\AdobeUpdater.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Ai Quicker Help]
2006-11-09 19:29 3165696 ----a-w- c:\program files\ASUS\ASUS DH Remote\AsRc.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\BrMfcWnd]
2006-06-28 05:46 622592 ------w- c:\program files\Brother\Brmfcmon\BrMfcWnd.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DTVRemote]
2006-03-30 13:49 57344 ----a-w- c:\program files\DTV\RemoteControl.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ehTray.exe]
2008-01-18 22:33 125952 ----a-w- c:\windows\ehome\ehtray.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\GAINWARD]
2009-03-17 16:24 2181672 ----a-w- c:\program files\EXPERTool\TBPANEL.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\IndexSearch]
2005-03-17 15:01 40960 ----a-w- c:\program files\ScanSoft\PaperPort\IndexSearch.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Installation Diagnostics]
2006-02-04 16:05 131072 ------w- c:\program files\Brother\Brmfl06a\Brinstck.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\iTunesHelper]
2011-01-25 14:08 421160 ----a-w- c:\program files\iTunes\iTunesHelper.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ Malwarebytes Anti-Malware (reboot)]
2010-12-20 17:08 963976 ----a-w- c:\users\****\Security\Malwarebytes' Anti-Malware\mbam.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NvCplDaemon]
2010-07-09 15:37 13939816 ----a-w- c:\windows\System32\nvcpl.dll
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NvMediaCenter]
2010-07-09 15:37 110696 ----a-w- c:\windows\System32\nvmctray.dll
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NvSvc]
2010-07-09 15:37 1469544 ----a-w- c:\windows\System32\nvsvc.dll
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Octoshape Streaming Services]
2006-02-13 16:33 214648 ----a-w- c:\users\****\AppData\Local\Octoshape\Octoshape Streaming Services\OctoshapeClient.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PaperPort PTD]
2005-03-17 14:39 57393 ----a-w- c:\program files\ScanSoft\PaperPort\pptd40nt.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
2010-11-29 16:38 421888 ----a-w- c:\program files\QuickTime\QTTask.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RtHDVCpl]
2006-12-29 17:11 4317184 ----a-w- c:\windows\RtHDVCpl.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SetDefPrt]
2005-01-26 16:02 49152 ----a-w- c:\program files\Brother\Brmfl06a\BrStDvPt.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SSBkgdUpdate]
2003-10-14 08:22 155648 ----a-r- c:\program files\Common Files\ScanSoft Shared\SSBkgdUpdate\SSBkgdUpdate.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Veoh]
2008-08-28 08:18 3660848 ----a-w- c:\program files\Veoh Networks\Veoh\VeohClient.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\WINCINEMAMGR]
2005-01-21 00:47 270336 ----a-w- c:\program files\InterVideo\Common\Bin\WinCinemaMgr.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\WindowsWelcomeCenter]
2009-04-11 06:28 2153472 ----a-w- c:\windows\System32\oobefldr.dll
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Svc]
"AntiVirusOverride"=dword:00000001
R1 M9207;M9207 USB Digital TV BOX;c:\windows\system32\DRIVERS\M9207BDA.sys [2006-05-25 36096]
R2 AWISp60;AWISp60 NDIS Protocol Driver;c:\windows\system32\Drivers\AWISp60.sys [x]
R2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384]
R2 gupdate1c9b870e83d315e;Google Update Service (gupdate1c9b870e83d315e);c:\program files\Google\Update\GoogleUpdate.exe [2009-04-08 133104]
R3 DAUpdaterSvc;Dragon Age: Origins - Inhaltsupdater;c:\program files\Dragon Age\bin_ship\DAUpdaterSvc.Service.exe [x]
R3 iviudf;iviudf;c:\windows\system32\drivers\IviUdf.sys [x]
R3 McComponentHostService;McAfee Security Scan Component Host Service;c:\program files\McAfee Security Scan\2.0.181\McCHSvc.exe [2010-01-15 227232]
R3 RTL8187;Realtek RTL8187 Wireless 802.11g 54Mbps USB 2.0 Network Adapter;c:\windows\system32\DRIVERS\RTL8187.sys [2007-03-13 216064]
R3 RtlProt;Realtke RtlProt WLAN Utility Protocol Driver;c:\windows\system32\DRIVERS\rtlprot.sys [2007-03-09 15360]
R3 SjyPkt;SjyPkt;c:\windows\System32\Drivers\SjyPkt.sys [x]
R3 WPFFontCache_v0400;Windows Presentation Foundation Font Cache 4.0.0.0;c:\windows\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe [2010-03-18 753504]
S0 ivicd;Ivi CDVD Filter Driver;c:\windows\system32\drivers\ivicd.sys [2005-01-12 38784]
S2 Active@ Disk Monitor;Active@ Disk Monitor;c:\program files\LSoft Technologies Inc\Active@ Hard Disk Monitor\DiskMonitorService.exe [2009-09-02 1127944]
S2 AntiVirSchedulerService;Avira AntiVir Planer;c:\program files\Avira\AntiVir Desktop\sched.exe [2010-11-04 135336]
S2 atjsgt;atjsgt;c:\windows\system32\DRIVERS\atjsgt.sys [2007-12-15 165504]
S2 cpuz133;cpuz133;c:\windows\system32\drivers\cpuz133_x32.sys [2010-03-10 20968]
S2 HssWd;Hotspot Shield Monitoring Service;c:\program files\Hotspot Shield\bin\hsswd.exe [2010-09-22 325168]
S2 ICQ Service;ICQ Service;c:\program files\ICQ6Toolbar\ICQ Service.exe [2010-09-06 247096]
S2 linsgt;linsgt;c:\windows\system32\DRIVERS\linsgt.sys [2007-12-15 16000]
--- Andere Dienste/Treiber im Speicher ---
*Deregistered* - udffsrec
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
LocalServiceAndNoImpersonation REG_MULTI_SZ FontCache
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost - NetSvcs
UxTuneUp
.
Inhalt des "geplante Tasks" Ordners
2010-06-06 c:\windows\Tasks\Crysis Wars(R) Updates.job
- c:\windows\Installer\Crysis Wars(R) Updates for All Users.lnk [2010-06-06 15:46]
2011-02-14 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2009-04-08 17:38]
2011-02-14 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2009-04-08 17:38]
2011-02-14 c:\windows\Tasks\RtlVistaStart.job
- c:\program files\ASUS WiFi-AP Solo\RtWLan.exe [2007-06-20 09:16]
2011-02-13 c:\windows\Tasks\User_Feed_Synchronization-{D4458F72-53FA-4982-82DA-68B74D95648C}.job
- c:\windows\system32\msfeedssync.exe [2011-02-09 04:47]
.
.
------- Zusätzlicher Suchlauf -------
.
uStart Page = hxxp://search.conduit.com?SearchSource=10&ctid=CT2604146
mStart Page = hxxp://de.yahoo.com
uInternet Settings,ProxyOverride = *.local
IE: Nach Microsoft E&xel exportieren - c:\progra~1\MICROS~2\Office12\EXCEL.EXE/3000
FF - ProfilePath - c:\users\****\AppData\Roaming\Mozilla\Firefox\Profiles\tbqrb68m.default\
FF - prefs.js: browser.search.defaulturl - hxxp://slirsredirect.search.aol.com/slirs_http/sredir?sredir=2685&invocationType=tb50ffwinampie7&query=
FF - prefs.js: browser.search.selectedEngine - Wikipedia (de)
FF - prefs.js: browser.startup.homepage - hxxp://www.buffed.de/wow|hxxp://de.ign.com/
FF - prefs.js: keyword.URL - hxxp://search.icq.com/search/afe_results.php?ch_id=afex&tb_ver=1.1.7&q=
FF - Ext: ICQ Toolbar: {800b5000-a755-47e1-992b-48a1c1357f07} - c:\program files\Mozilla Firefox\extensions\{800b5000-a755-47e1-992b-48a1c1357f07}
FF - Ext: Default: {972ce4c6-7e08-4474-a285-3208198ce6fd} - c:\program files\Mozilla Firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
FF - Ext: Java Console: {CAFEEFAC-0016-0000-0002-ABCDEFFEDCBA} - c:\program files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0002-ABCDEFFEDCBA}
FF - Ext: Java Console: {CAFEEFAC-0016-0000-0003-ABCDEFFEDCBA} - c:\program files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0003-ABCDEFFEDCBA}
FF - Ext: Java Console: {CAFEEFAC-0016-0000-0005-ABCDEFFEDCBA} - c:\program files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0005-ABCDEFFEDCBA}
FF - Ext: Java Console: {CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA} - c:\program files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA}
FF - Ext: Java Console: {CAFEEFAC-0016-0000-0011-ABCDEFFEDCBA} - c:\program files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0011-ABCDEFFEDCBA}
FF - Ext: Java Console: {CAFEEFAC-0016-0000-0013-ABCDEFFEDCBA} - c:\program files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0013-ABCDEFFEDCBA}
FF - Ext: Java Console: {CAFEEFAC-0016-0000-0015-ABCDEFFEDCBA} - c:\program files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0015-ABCDEFFEDCBA}
FF - Ext: Java Console: {CAFEEFAC-0016-0000-0016-ABCDEFFEDCBA} - c:\program files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0016-ABCDEFFEDCBA}
FF - Ext: Java Console: {CAFEEFAC-0016-0000-0017-ABCDEFFEDCBA} - c:\program files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0017-ABCDEFFEDCBA}
FF - Ext: Java Console: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA} - c:\program files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}
FF - Ext: Java Console: {CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA} - c:\program files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA}
FF - Ext: Java Console: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA} - c:\program files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}
FF - Ext: Java Console: {CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA} - c:\program files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA}
FF - Ext: AnyColor: anycolor.pavlos256@gmail.com - %profile%\extensions\anycolor.pavlos256@gmail.com
FF - Ext: bug489729: bug489729@alice0775 - %profile%\extensions\bug489729@alice0775
FF - Ext: Veoh Video Compass: searchrecs@veoh.com - %profile%\extensions\searchrecs@veoh.com
FF - Ext: Smart Bookmarks Bar: smartbookmarksbar@remy.juteau - %profile%\extensions\smartbookmarksbar@remy.juteau
FF - Ext: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - %profile%\extensions\{20a82645-c095-46ed-80e3-08825760534b}
FF - Ext: Google Toolbar for Firefox: {3112ca9c-de6d-4884-a869-9855de68056c} - %profile%\extensions\{3112ca9c-de6d-4884-a869-9855de68056c}
FF - Ext: Yahoo! Toolbar: {635abd67-4fe9-1b23-4f01-e679fa7484c1} - %profile%\extensions\{635abd67-4fe9-1b23-4f01-e679fa7484c1}
FF - Ext: ICQ Toolbar: {800b5000-a755-47e1-992b-48a1c1357f07} - %profile%\extensions\{800b5000-a755-47e1-992b-48a1c1357f07}
FF - Ext: DownloadHelper: {b9db16a4-6edc-47ec-a1f4-b86292ed211d} - %profile%\extensions\{b9db16a4-6edc-47ec-a1f4-b86292ed211d}
FF - Ext: Adblock Plus: {d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d} - %profile%\extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}
FF - Ext: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension
FF - Ext: Veoh Web Player Video Finder: web@veoh.com - c:\program files\Veoh Networks\VeohWebPlayer\FFVideoFinder
FF - user.js: browser.sessionstore.resume_from_crash - false
.
- - - - Entfernte verwaiste Registrierungseinträge - - - -
HKCU-Run-Steam - c:\program files\Valve\Steam\Steam.exe
HKLM-Run-ControlCenter3 - c:\program files\Brother\ControlCenter3\brctrcen.exe
HKLM-Run-UVS10 Preload - c:\users\****\Eigene Programme\Ulead Video Studio 10\uvPL.exe
MSConfigStartUp-Free Download Manager - c:\program files\Free Download Manager\fdm.exe
MSConfigStartUp-ICQ - c:\program files\ICQ6\ICQ.exe
MSConfigStartUp-swg - c:\program files\Google\GoogleToolbarNotifier\1.2.1128.5462\GoogleToolbarNotifier.exe
AddRemove-Guild Wars - c:\users\****\Spiele\GUILD WARS\Gw.exe
AddRemove-HijackThis - c:\users\****\Downloads\HijackThis.exe
AddRemove-Steam App 17500 - c:\program files\Valve\Steam\steam.exe
AddRemove-Steam App 17510 - c:\program files\Valve\Steam\steam.exe
AddRemove-Steam App 240 - c:\program files\Valve\Steam\steam.exe
AddRemove-Steam App 300 - c:\program files\Valve\Steam\steam.exe
AddRemove-Steam App 302 - c:\program files\Valve\Steam\steam.exe
AddRemove-Steam App 320 - c:\program files\Valve\Steam\steam.exe
AddRemove-Steam App 340 - c:\program files\Valve\Steam\steam.exe
AddRemove-Steam App 400 - c:\program files\Valve\Steam\steam.exe
AddRemove-TmNationsForever_is1 - c:\program files\TmNationsForever\unins000.exe
AddRemove-WinAce Archiver - c:\users\****\Eigene Programme\WnAce\SXUNINST.EXE
AddRemove-{D2031B23-9DF1-4D44-B381-A78E6B1E3B36} - c:\vallen\vzipper\vzipper.exe
AddRemove-Steam App 10 - c:\program files\Valve\Steam\steam.exe
AddRemove-Steam App 100 - c:\program files\Valve\Steam\steam.exe
AddRemove-Steam App 30 - c:\program files\Valve\Steam\steam.exe
AddRemove-Steam App 40 - c:\program files\Valve\Steam\steam.exe
AddRemove-Steam App 60 - c:\program files\Valve\Steam\steam.exe
AddRemove-Steam App 80 - c:\program files\Valve\Steam\steam.exe
**************************************************************************
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, hxxp://www.gmer.net
Rootkit scan 2011-02-14 20:49
Windows 6.0.6002 Service Pack 2 NTFS
Scanne versteckte Prozesse...
Scanne versteckte Autostarteinträge...
Scanne versteckte Dateien...
Scan erfolgreich abgeschlossen
versteckte Dateien: 0
**************************************************************************
.
--------------------- Gesperrte Registrierungsschluessel ---------------------
[HKEY_USERS\S-1-5-21-265132421-3806334842-1491770889-1000\Software\SecuROM\!CAUTION! NEVER A OR CHANGE ANY KEY*]
@Allowed: (Read) (RestrictedCode)
"??"=hex:a2,30,5e,96,4e,27,6d,41,75,6d,d0,d9,bc,1f,6e,63,9a,94,b9,8e,bf,22,1e,
9c,8b,4a,5d,0c,27,f2,7e,6a,4d,ba,97,56,70,5f,0a,25,68,17,47,4b,e4,ff,0e,0b,\
"??"=hex:a1,5e,47,db,25,65,bb,27,8b,92,55,34,10,3f,d9,49
[HKEY_USERS\S-1-5-21-265132421-3806334842-1491770889-1000\Software\SecuROM\License information*]
"datasecu"=hex:77,06,79,39,c3,80,0d,9a,dc,82,35,fa,54,15,bd,a6,77,32,64,ed,28,
04,e8,c3,1c,62,e6,c7,44,0c,52,cd,73,6c,1f,4a,21,38,35,3a,cd,b5,73,c7,d1,8c,\
"rkeysecu"=hex:1b,7b,46,0e,69,b1,81,0b,af,69,fb,f9,0f,0c,07,33
.
Zeit der Fertigstellung: 2011-02-14 20:51:59
ComboFix-quarantined-files.txt 2011-02-14 19:51
Vor Suchlauf: 21 Verzeichnis(se), 91.544.973.312 Bytes frei
Nach Suchlauf: 25 Verzeichnis(se), 91.493.330.944 Bytes frei
- - End Of File - - 0C36EB80414256146AC4425D1738C296
Geändert von Trokker (14.02.2011 um 21:22 Uhr) |
|
14.02.2011, 21:33
| #8 |
| /// Winkelfunktion /// TB-Süch-Tiger™ | JAVA/Dldr.Cethry.E Ok. Bitte nun Logs mit GMER und OSAM erstellen und posten. GMER stürzt häufiger ab, wenn das Tool auch beim 2. Mal nicht will, lass es einfach weg und führ nur OSAM aus - die Online-Abfrage durch OSAM bitte überspringen. Bei OSAM bitte darauf auch achten, dass Du das Log auch als *.log und nicht *.html oder so abspeicherst. Downloade Dir danach bitte MBRCheck (by a_d_13) und speichere die Datei auf dem Desktop.
__________________ Logfiles bitte immer in CODE-Tags posten |
|
15.02.2011, 00:25
| #9 |
| | JAVA/Dldr.Cethry.E Hab jetzt auch diese Programme laufen lassen. Aber erstmal die Logfiles: GMER Code:
ATTFilter GMER 1.0.15.15530 - hxxp://www.gmer.net
Rootkit scan 2011-02-14 23:47:50
Windows 6.0.6002 Service Pack 2 Harddisk0\DR0 -> \Device\Ide\IdeDeviceP2T0L0-4 SAMSUNG_HD321KJ rev.CP100-10
Running: p5tobl89.exe; Driver: C:\Users\****\AppData\Local\Temp\fglcrpob.sys
---- Kernel code sections - GMER 1.0.15 ----
.text C:\Windows\system32\DRIVERS\atjsgt.sys section is writeable [0x93343300, 0x220A0, 0xE8000020]
.text C:\Windows\system32\DRIVERS\linsgt.sys section is writeable [0x93377300, 0x1B7E, 0xE8000020]
? C:\Windows\system32\Drivers\PROCEXP113.SYS Das System kann die angegebene Datei nicht finden. !
? C:\Users\****\AppData\Local\Temp\catchme.sys Das System kann die angegebene Datei nicht finden. !
---- User IAT/EAT - GMER 1.0.15 ----
IAT C:\Windows\explorer.exe[5988] @ C:\Windows\explorer.exe [gdiplus.dll!GdiplusShutdown] [74977817] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6002.18005_none_9e50b396ca17ae07\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT C:\Windows\explorer.exe[5988] @ C:\Windows\explorer.exe [gdiplus.dll!GdipCloneImage] [749CA86D] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6002.18005_none_9e50b396ca17ae07\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT C:\Windows\explorer.exe[5988] @ C:\Windows\explorer.exe [gdiplus.dll!GdipDrawImageRectI] [7497BB22] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6002.18005_none_9e50b396ca17ae07\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT C:\Windows\explorer.exe[5988] @ C:\Windows\explorer.exe [gdiplus.dll!GdipSetInterpolationMode] [7496F695] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6002.18005_none_9e50b396ca17ae07\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT C:\Windows\explorer.exe[5988] @ C:\Windows\explorer.exe [gdiplus.dll!GdiplusStartup] [749775E9] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6002.18005_none_9e50b396ca17ae07\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT C:\Windows\explorer.exe[5988] @ C:\Windows\explorer.exe [gdiplus.dll!GdipCreateFromHDC] [7496E7CA] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6002.18005_none_9e50b396ca17ae07\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT C:\Windows\explorer.exe[5988] @ C:\Windows\explorer.exe [gdiplus.dll!GdipCreateBitmapFromStreamICM] [749A8395] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6002.18005_none_9e50b396ca17ae07\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT C:\Windows\explorer.exe[5988] @ C:\Windows\explorer.exe [gdiplus.dll!GdipCreateBitmapFromStream] [7497DA60] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6002.18005_none_9e50b396ca17ae07\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT C:\Windows\explorer.exe[5988] @ C:\Windows\explorer.exe [gdiplus.dll!GdipGetImageHeight] [7496FFFA] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6002.18005_none_9e50b396ca17ae07\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT C:\Windows\explorer.exe[5988] @ C:\Windows\explorer.exe [gdiplus.dll!GdipGetImageWidth] [7496FF61] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6002.18005_none_9e50b396ca17ae07\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT C:\Windows\explorer.exe[5988] @ C:\Windows\explorer.exe [gdiplus.dll!GdipDisposeImage] [749671CF] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6002.18005_none_9e50b396ca17ae07\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT C:\Windows\explorer.exe[5988] @ C:\Windows\explorer.exe [gdiplus.dll!GdipLoadImageFromFileICM] [749FCAE2] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6002.18005_none_9e50b396ca17ae07\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT C:\Windows\explorer.exe[5988] @ C:\Windows\explorer.exe [gdiplus.dll!GdipLoadImageFromFile] [7499C8D8] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6002.18005_none_9e50b396ca17ae07\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT C:\Windows\explorer.exe[5988] @ C:\Windows\explorer.exe [gdiplus.dll!GdipDeleteGraphics] [7496D968] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6002.18005_none_9e50b396ca17ae07\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT C:\Windows\explorer.exe[5988] @ C:\Windows\explorer.exe [gdiplus.dll!GdipFree] [74966853] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6002.18005_none_9e50b396ca17ae07\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT C:\Windows\explorer.exe[5988] @ C:\Windows\explorer.exe [gdiplus.dll!GdipAlloc] [7496687E] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6002.18005_none_9e50b396ca17ae07\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT C:\Windows\explorer.exe[5988] @ C:\Windows\explorer.exe [gdiplus.dll!GdipSetCompositingMode] [74972AD1] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6002.18005_none_9e50b396ca17ae07\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT C:\Windows\explorer.exe[5988] @ C:\Windows\system32\ole32.dll [msvcrt.dll!free] [6C4CF3FB] C:\Windows\AppPatch\AcSpecfc.DLL (Windows Compatibility DLL/Microsoft Corporation)
---- EOF - GMER 1.0.15 ----
Code:
ATTFilter Report of OSAM: Autorun Manager v5.0.11926.0 hxxp://www.online-solutions.ru/en/ Saved at 00:12:14 on 15.02.2011 OS: Windows Vista Home Premium Edition Service Pack 2 (Build 6002), 32-bit Default Browser: Mozilla Corporation Firefox 3.6.13 Scanner Settings [x] Rootkits detection (hidden registry) [x] Rootkits detection (hidden files) [x] Retrieve files information [x] Check Microsoft signatures Filters [ ] Trusted entries [ ] Empty entries [x] Hidden registry entries (rootkit activity) [x] Exclusively opened files [x] Not found files [x] Files without detailed information [x] Existing files [ ] Non-startable services [ ] Non-startable drivers [x] Active entries [x] Disabled entries [Boot Execute] -----( HKLM\SYSTEM\CurrentControlSet\Control\Session Manager )----- "BootExecute" - ? - C:\Windows\system32\lsdelete.exe (File found, but it contains no detailed information) [Common] -----( %SystemRoot%\Tasks )----- "Crysis Wars(R) Updates.job" - ? - C:\Windows\Installer\Crysis Wars(R) Updates for All Users.lnk "GoogleUpdateTaskMachineCore.job" - "Google Inc." - C:\Program Files\Google\Update\GoogleUpdate.exe "GoogleUpdateTaskMachineUA.job" - "Google Inc." - C:\Program Files\Google\Update\GoogleUpdate.exe "RtlVistaStart.job" - "AzureWave.com" - C:\Program Files\ASUS WiFi-AP Solo\RtWLan.exe [Control Panel Objects] -----( %SystemRoot%\system32 )----- "BrnStiCp.cpl" - "Brother Industries,Ltd." - C:\Windows\system32\BrnStiCp.cpl "PCWizard.cpl" - "CPUID" - C:\Windows\system32\PCWizard.cpl "PhysX.cpl" - "NVIDIA Corporation" - C:\Windows\system32\PhysX.cpl -----( HKLM\Software\Microsoft\Windows\CurrentVersion\Control Panel\Cpls )----- "mlcfg32.cpl" - "Microsoft Corporation" - C:\PROGRA~1\MICROS~2\Office12\MLCFG32.CPL "QuickTime" - "Apple Inc." - C:\Program Files\QuickTime\QTSystem\QuickTime.cpl [Drivers] -----( HKLM\SYSTEM\CurrentControlSet\Services )----- "AsIO" (AsIO) - ? - C:\Windows\System32\drivers\AsIO.sys (File found, but it contains no detailed information) "atjsgt" (atjsgt) - ? - C:\Windows\System32\DRIVERS\atjsgt.sys (File found, but it contains no detailed information) "avgio" (avgio) - "Avira GmbH" - C:\Program Files\Avira\AntiVir Desktop\avgio.sys "avgntflt" (avgntflt) - "Avira GmbH" - C:\Windows\System32\DRIVERS\avgntflt.sys "avipbb" (avipbb) - "Avira GmbH" - C:\Windows\System32\DRIVERS\avipbb.sys "AWISp60 NDIS Protocol Driver" (AWISp60) - ? - C:\Windows\System32\Drivers\AWISp60.sys (File not found) "catchme" (catchme) - ? - C:\Users\Georg\AppData\Local\Temp\catchme.sys (File not found) "cpuz133" (cpuz133) - "Windows (R) Win 7 DDK provider" - C:\Windows\system32\drivers\cpuz133_x32.sys "enodpl" (enodpl) - ? - C:\Windows\System32\drivers\enodpl.sys (File found, but it contains no detailed information) "fglcrpob" (fglcrpob) - ? - C:\Users\Georg\AppData\Local\Temp\fglcrpob.sys (Hidden registry entry, rootkit activity | File not found) "Hamachi Network Interface" (hamachi) - "LogMeIn, Inc." - C:\Windows\System32\DRIVERS\hamachi.sys "IP in IP Tunnel Driver" (IpInIp) - ? - C:\Windows\System32\DRIVERS\ipinip.sys (File not found) "IPX Traffic Filter Driver" (NwlnkFlt) - ? - C:\Windows\System32\DRIVERS\nwlnkflt.sys (File not found) "IPX Traffic Forwarder Driver" (NwlnkFwd) - ? - C:\Windows\System32\DRIVERS\nwlnkfwd.sys (File not found) "IVI ASPI Shell" (Iviaspi) - "InterVideo, Inc." - C:\Windows\System32\drivers\iviaspi.sys "Ivi CDVD Filter Driver" (ivicd) - "InterVideo" - C:\Windows\System32\drivers\ivicd.sys "iviudf" (iviudf) - ? - C:\Windows\System32\drivers\IviUdf.sys (File not found) "linsgt" (linsgt) - ? - C:\Windows\System32\DRIVERS\linsgt.sys (File found, but it contains no detailed information) "mbr" (mbr) - ? - C:\cofi\mbr.sys (Hidden registry entry, rootkit activity | File not found) "Realtke RtlProt WLAN Utility Protocol Driver" (RtlProt) - "Windows (R) Codename Longhorn DDK provider" - C:\Windows\System32\DRIVERS\rtlprot.sys "SjyPkt" (SjyPkt) - ? - C:\Windows\System32\Drivers\SjyPkt.sys (File not found) "ssmdrv" (ssmdrv) - "Avira GmbH" - C:\Windows\System32\DRIVERS\ssmdrv.sys "tandpl" (tandpl) - ? - C:\Windows\System32\drivers\tandpl.sys (File found, but it contains no detailed information) "TBPanel" (TBPanel) - "Windows (R) 2000 DDK provider" - C:\Windows\system32\drivers\TBPanel.sys "udffsrec" (udffsrec) - ? - C:\Windows\System32\drivers\udffsrec.sys (File found, but it contains no detailed information) [Explorer] -----( HKLM\Software\Classes\Folder\shellex\ColumnHandlers )----- {F9DB5320-233E-11D1-9F84-707F02C10627} "PDF Shell Extension" - "Adobe Systems, Inc." - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\PDFShell.dll -----( HKLM\Software\Classes\Protocols\Filter )----- {807553E5-5146-11D5-A672-00B0D022E945} "text/xml" - "Microsoft Corporation" - C:\Program Files\Common Files\Microsoft Shared\OFFICE11\MSOXMLMF.DLL -----( HKLM\Software\Classes\Protocols\Handler )----- {32505114-5902-49B2-880A-1F7738E5A384} "Data Page Plugable Protocal mso-offdap11 Handler" - "Microsoft Corporation" - C:\PROGRA~1\COMMON~1\MICROS~1\WEBCOM~1\11\OWC11.DLL {314111c7-a502-11d2-bbca-00c04f8ec294} "HxProtocol Class" - "Microsoft Corporation" - C:\Program Files\Common Files\Microsoft Shared\Help\hxds.dll {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} "IEProtocolHandler Class" - "Skype Technologies" - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL {828030A1-22C1-4009-854F-8E305202313F} "livecall" - "Microsoft Corporation" - C:\PROGRA~1\WI1F86~1\MESSEN~1\MSGRAP~1.DLL {828030A1-22C1-4009-854F-8E305202313F} "msnim" - "Microsoft Corporation" - C:\PROGRA~1\WI1F86~1\MESSEN~1\MSGRAP~1.DLL {91774881-D725-4E58-B298-07617B9B86A8} "Skype IE add-on Pluggable Protocol" - "Skype Technologies S.A." - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll {03C514A3-1EFB-4856-9F99-10D7BE1653C0} "Windows Live Mail HTML Asynchronous Pluggable Protocol Handler" - "Microsoft Corporation" - C:\Program Files\Windows Live\Mail\mailcomm.dll -----( HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks )----- {AEB6717E-7E19-11d0-97EE-00C04FD91972} "{AEB6717E-7E19-11d0-97EE-00C04FD91972}" - ? - (File not found | COM-object registry key not found) -----( HKLM\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved )----- {911051fa-c21c-4246-b470-070cd8df6dc4} ".cab or .zip files" - ? - (File not found | COM-object registry key not found) {23170F69-40C1-278A-1000-000100020000} "7-Zip Shell Extension" - "Igor Pavlov" - C:\Program Files\7-Zip\7-zip.dll {1b24a030-9b20-49bc-97ac-1be4426f9e59} "ActiveDirectory Folder" - ? - (File not found | COM-object registry key not found) {34449847-FD14-4fc8-A75A-7432F5181EFB} "ActiveDirectory Folder" - ? - (File not found | COM-object registry key not found) {0563DB41-F538-4B37-A92D-4659049B7766} "CLSID_WLMCMimeFilter" - "Microsoft Corporation" - C:\Program Files\Windows Live\Mail\mailcomm.dll {0F8604A5-4ECE-4DE1-BA7D-CF10F8AA4F48} "Contacts folder" - ? - (File not found | COM-object registry key not found) {51131DA7-1D24-40e5-AE07-5E3750F5DE3C} "ContextMenuExt Extension" - "Intervideo" - C:\Program Files\InterVideo\Common\Bin\IviContextMenu.dll {A70C977A-BF00-412C-90B7-034C51DA2439} "DesktopContext Class" - "NVIDIA Corporation" - C:\Windows\system32\nvcpl.dll {2C2577C2-63A7-40e3-9B7F-586602617ECB} "Explorer Query Band" - ? - (File not found | COM-object registry key not found) {73B24247-042E-4EF5-ADC2-42F62E6FD654} "ICQ Lite Shell Extension" - ? - (File not found | COM-object registry key not found) {FAC3CBF6-8697-43d0-BAB9-DCD1FCE19D75} "IE User Assist" - ? - (File not found | COM-object registry key not found) {B9E1D2CB-CCFF-4AA6-9579-D7A4754030EF} "iTunes" - "Apple Inc." - C:\Program Files\iTunes\iTunesMiniPlayer.dll {42042206-2D85-11D3-8CFF-005004838597} "Microsoft Office HTML Icon Handler" - "Microsoft Corporation" - C:\Program Files\Microsoft Office\Office12\msohevi.dll {993BE281-6695-4BA5-8A2A-7AACBFAAB69E} "Microsoft Office Metadata Handler" - "Microsoft Corporation" - C:\PROGRA~1\COMMON~1\MICROS~1\OFFICE12\msoshext.dll {00020d75-0000-0000-c000-000000000046} "Microsoft Office Outlook" - "Microsoft Corporation" - C:\PROGRA~1\MICROS~2\Office12\MLSHEXT.DLL {C41662BB-1FA0-4CE0-8DC5-9B7F8279FF97} "Microsoft Office Thumbnail Handler" - "Microsoft Corporation" - C:\PROGRA~1\COMMON~1\MICROS~1\OFFICE12\msoshext.dll {3D1975AF-48C6-4f8e-A182-BE0E08FA86A9} "NVIDIA CPL Context Menu Extension" - "NVIDIA Corporation" - C:\Windows\system32\nvshext.dll {FFB699E0-306A-11d3-8BD1-00104B6F7516} "NVIDIA CPL Extension" - "NVIDIA Corporation" - C:\Windows\system32\nvcpl.dll {0006F045-0000-0000-C000-000000000046} "Outlook File Icon Extension" - "Microsoft Corporation" - C:\PROGRA~1\MICROS~2\Office12\OLKFSTUB.DLL {C8494E42-ACDD-4739-B0FB-217361E4894F} "Sam Account Folder" - ? - (File not found | COM-object registry key not found) {E29F9716-5C08-4FCD-955A-119FDB5A522D} "Sam Account Folder" - ? - (File not found | COM-object registry key not found) {45AC2688-0253-4ED8-97DE-B5370FA7D48A} "Shell Extension for Malware scanning" - "Avira GmbH" - C:\Program Files\Avira\AntiVir Desktop\shlext.dll {4838CD50-7E5D-4811-9B17-C47A85539F28} "TuneUp Disk Space Explorer Shell Extension" - "TuneUp Software" - C:\Program Files\TuneUp Utilities 2009\DseShExt-x86.dll {4858E7D9-8E12-45a3-B6A3-1CD128C9D403} "TuneUp Shredder Shell Extension" - "TuneUp Software" - C:\Program Files\TuneUp Utilities 2009\SDShelEx-win32.dll {44440D00-FF19-4AFC-B765-9A0970567D97} "TuneUp Theme Extension" - "TuneUp Software" - C:\Windows\System32\uxtuneup.dll {DBD8E168-244D-448C-9922-25508950D1DC} "USIShellExt Class" - "Ulead Systems, Inc." - C:\Program Files\Common Files\Ulead Systems\DVD\USIShex.dll {BDEADF00-C265-11D0-BCED-00A0C90AB50F} "Webordner" - "Microsoft Corporation" - C:\PROGRA~1\COMMON~1\MICROS~1\WEBFOL~1\MSONSEXT.DLL {8FF88D27-7BD0-11D1-BFB7-00AA00262A11} "WinAceContext Menu (Add) Extension" - ? - C:\Users\*****\Eigene Programme\WnAce\arcext.dll (File not found) {8FF88D21-7BD0-11D1-BFB7-00AA00262A11} "WinAceContext Menu Extension" - ? - C:\Users\****\Eigene Programme\WnAce\arcext.dll (File not found) {8FF88D25-7BD0-11D1-BFB7-00AA00262A11} "WinAceDrag-Drop Extension" - ? - C:\Users\****\Eigene Programme\WnAce\arcext.dll (File not found) {8FF88D23-7BD0-11D1-BFB7-00AA00262A11} "WinAceProperty Sheet Extension" - ? - C:\Users\****\Eigene Programme\WnAce\arcext.dll (File not found) {2BE99FD4-A181-4996-BFA9-58C5FFD11F6C} "Windows Live Photo Gallery Autoplay Drop Target" - "Microsoft Corporation" - C:\Program Files\Windows Live\Photo Gallery\WLXPhotoGallery.exe {00F30F64-AC33-42F5-8FD1-5DC2D3FDE06C} "Windows Live Photo Gallery Editor Drop Target" - "Microsoft Corporation" - C:\Program Files\Windows Live\Photo Gallery\WLXPhotoGallery.exe {00F3712A-CA79-45B4-9E4D-D7891E7F8B9D} "Windows Live Photo Gallery Editor Shim" - "Microsoft Corporation" - C:\Program Files\Windows Live\Photo Gallery\PhotoViewerShim.dll {00F30F90-3E96-453B-AFCD-D71989ECC2C7} "Windows Live Photo Gallery Viewer Autoplay Shim" - "Microsoft Corporation" - C:\Program Files\Windows Live\Photo Gallery\PhotoViewerShim.dll {00F33137-EE26-412F-8D71-F84E4C2C6625} "Windows Live Photo Gallery Viewer Autoplay Shim" - "Microsoft Corporation" - C:\Program Files\Windows Live\Photo Gallery\PhotoViewerShim.dll {00F374B7-B390-4884-B372-2FC349F2172B} "Windows Live Photo Gallery Viewer Drop Target" - "Microsoft Corporation" - C:\Program Files\Windows Live\Photo Gallery\WLXPhotoGallery.exe {00F346CB-35A4-465B-8B8F-65A29DBAB1F6} "Windows Live Photo Gallery Viewer Shim" - "Microsoft Corporation" - C:\Program Files\Windows Live\Photo Gallery\PhotoViewerShim.dll {da67b8ad-e81b-4c70-9b91b417b5e33527} "Windows Search Shell Service" - ? - (File not found | COM-object registry key not found) {B41DB860-8EE4-11D2-9906-E49FADC173CA} "WinRAR" - "Alexander Roshal" - C:\Program Files\WinRAR\rarext.dll {06A2568A-CED6-4187-BB20-400B8C02BE5A} "{06A2568A-CED6-4187-BB20-400B8C02BE5A}" - "Microsoft Corporation" - C:\Program Files\Windows Live\Photo Gallery\WLXPhotoAcquireWizard.exe [Internet Explorer] -----( HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser )----- <binary data> "Google Toolbar" - "Google Inc." - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll <binary data> "ICQToolBar" - "ICQ" - C:\Program Files\ICQ6Toolbar\ICQToolBar.dll ITBar7Height "ITBar7Height" - ? - (File not found | COM-object registry key not found) <binary data> "ITBar7Layout" - ? - (File not found | COM-object registry key not found) <binary data> "ITBarLayout" - ? - (File not found | COM-object registry key not found) <binary data> "Winamp Toolbar" - "AOL LLC." - C:\Program Files\Winamp Toolbar\winamptb.dll -----( HKCU\Software\Microsoft\Internet Explorer\URLSearchHooks )----- {0002ee26-8c11-49eb-9cdf-56eeffef664f} "HotSpot International Toolbar" - "Conduit Ltd." - C:\Program Files\HotSpot_International\tbHotS.dll {855F3B16-6D32-4fe6-8A56-BBB695989046} "ICQToolBar" - "ICQ" - C:\Program Files\ICQ6Toolbar\ICQToolBar.dll {57BCA5FA-5DBB-45a2-B558-1755C3F6253B} "Winamp Search Class" - "AOL LLC." - C:\Program Files\Winamp Toolbar\winamptb.dll {EF99BD32-C1FB-11D2-892F-0090271D4F88} "Yahoo! Toolbar" - "Yahoo! Inc." - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll "{855F3B16-6D32-4fe6-8A56-BBB695989046}" - ? - (File not found | COM-object registry key not found) -----( HKLM\SOFTWARE\Microsoft\Code Store Database\Distribution Units )----- {CAFEEFAC-0016-0000-0001-ABCDEFFEDCBA} "Java Plug-in 1.6.0_01" - "Sun Microsystems, Inc." - C:\Program Files\Java\jre6\bin\jp2iexp.dll / hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_01-windows-i586.cab {CAFEEFAC-0016-0000-0002-ABCDEFFEDCBA} "Java Plug-in 1.6.0_02" - "Sun Microsystems, Inc." - C:\Program Files\Java\jre6\bin\jp2iexp.dll / hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_02-windows-i586.cab {CAFEEFAC-0016-0000-0003-ABCDEFFEDCBA} "Java Plug-in 1.6.0_03" - "Sun Microsystems, Inc." - C:\Program Files\Java\jre6\bin\jp2iexp.dll / hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_03-windows-i586.cab {CAFEEFAC-0016-0000-0005-ABCDEFFEDCBA} "Java Plug-in 1.6.0_05" - "Sun Microsystems, Inc." - C:\Program Files\Java\jre6\bin\jp2iexp.dll / hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_05-windows-i586.cab {CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA} "Java Plug-in 1.6.0_07" - "Sun Microsystems, Inc." - C:\Program Files\Java\jre6\bin\jp2iexp.dll / hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_07-windows-i586.cab {8AD9C840-044E-11D1-B3E9-00805F499D93} "Java Plug-in 1.6.0_23" - "Sun Microsystems, Inc." - C:\Program Files\Java\jre6\bin\jp2iexp.dll / hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_23-windows-i586.cab {CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA} "Java Plug-in 1.6.0_23" - "Sun Microsystems, Inc." - C:\Program Files\Java\jre6\bin\jp2iexp.dll / hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_23-windows-i586.cab {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} "Java Plug-in 1.6.0_23" - "Sun Microsystems, Inc." - C:\Program Files\Java\jre6\bin\npjpi160_23.dll / hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_23-windows-i586.cab {74DBCB52-F298-4110-951D-AD2FF67BC8AB} "NVIDIA Smart Scan" - "NVIDIA" - C:\Windows\DOWNLO~1\NVIDIA~1.OCX / hxxp://www.nvidia.com/content/DriverDownload/nforce/NvidiaSmartScan.cab {D0C0F75C-683A-4390-A791-1ACFD5599AB8} "Oberon Flash Game Host" - "Oberon Media, Inc." - C:\Windows\Downloaded Program Files\OberonGameHost.dll / hxxp://icq.oberon-media.com/Gameshell/GameHost/1.0/OberonGameHost.cab {D27CDB6E-AE6D-11CF-96B8-444553540000} "Shockwave Flash Object" - "Adobe Systems, Inc." - C:\Windows\system32\Macromed\Flash\Flash9f.ocx / hxxp://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab {1E54D648-B804-468d-BC78-4AFFED8E262E} "System Requirements Lab Class" - "Husdawg, LLC" - C:\Program Files\SystemRequirementsLab\sysreqlab_srl.dll / hxxp://www.nvidia.com/content/DriverDownload/srl/3.0.0.0/srl_bin/sysreqlab3.cab {67A5F8DC-1A4B-4D66-9F24-A704AD929EEE} "{67A5F8DC-1A4B-4D66-9F24-A704AD929EEE}" - ? - (File not found | COM-object registry key not found) / hxxp://www.nvidia.com/content/DriverDownload/srl/2.0.0.1/sysreqlab2.cab {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} "{8FFBE65D-2C9C-4669-84BD-5829DC0B603C}" - ? - (File not found | COM-object registry key not found) / hxxp://fpdownload.macromedia.com/get/flashplayer/current/ultrashim.cab -----( HKLM\SOFTWARE\Microsoft\Internet Explorer\Extensions )----- {53707962-6F74-2D53-2644-206D7942484F} "ClsidExtension" - "Safer Networking Limited" - C:\Users\Georg\Eigene Programme\SPYBOT\Spybot - Search & Destroy\SDHelper.dll "ICQ Lite" - ? - C:\Program Files\ICQLite\ICQLite.exe (File not found) "ICQ7.2" - "ICQ, LLC." - C:\Program Files\ICQ7.2\ICQ.exe {5F7B1267-94A9-47F5-98DB-E99415F33AEC} "In Blog veröffentlichen" - "Microsoft Corporation" - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll {FF059E31-CC5A-4E2E-BF3B-96E929D65503} "Recherchieren" - "Microsoft Corporation" - C:\OFFICE11\REFIEBAR.DLL {898EA8C8-E7FF-479B-8935-AEC46303B9E5} "Skype Plug-In" - "Skype Technologies S.A." - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll -----( HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar )----- <binary data> "&Windows Live Toolbar" - "Microsoft Corporation" - C:\Program Files\Windows Live\Toolbar\wltcore.dll <binary data> "Google Toolbar" - "Google Inc." - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll {0002ee26-8c11-49eb-9cdf-56eeffef664f} "HotSpot International Toolbar" - "Conduit Ltd." - C:\Program Files\HotSpot_International\tbHotS.dll {855F3B16-6D32-4fe6-8A56-BBB695989046} "ICQToolBar" - "ICQ" - C:\Program Files\ICQ6Toolbar\ICQToolBar.dll {8dbb6d8e-e4a6-4e3b-9753-af78b226441c} "Softonic Deutsch Toolbar" - "Conduit Ltd." - C:\Program Files\Softonic_Deutsch\tbSoft.dll {D0943516-5076-4020-A3B5-AEFAF26AB263} "Veoh Browser Plug-in" - "Veoh Networks Inc" - C:\Program Files\Veoh Networks\Veoh\Plugins\reg\VeohToolbar.dll {0FBB9689-D3D7-4f7a-A2E2-585B10099BFC} "Veoh Web Player Video Finder" - "Veoh Networks Inc" - C:\Program Files\Veoh Networks\VeohWebPlayer\VeohIEToolbar.dll {EBF2BA02-9094-4c5a-858B-BB198F3D8DE2} "Winamp Toolbar" - "AOL LLC." - C:\Program Files\Winamp Toolbar\winamptb.dll <binary data> "Yahoo! Toolbar" - "Yahoo! Inc." - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll -----( HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects )----- {02478D38-C3F9-4efb-9B51-7695ECA05670} "&Yahoo! Toolbar Helper" - "Yahoo! Inc." - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} "Adobe PDF Reader" - "Adobe Systems Incorporated" - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll {AA58ED58-01DD-4d91-8333-CF10577473F7} "Google Toolbar Helper" - "Google Inc." - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} "Google Toolbar Notifier BHO" - "Google Inc." - C:\Program Files\Google\GoogleToolbarNotifier\5.4.4525.1752\swg.dll {0002ee26-8c11-49eb-9cdf-56eeffef664f} "HotSpot International Toolbar" - "Conduit Ltd." - C:\Program Files\HotSpot_International\tbHotS.dll {DBC80044-A445-435b-BC74-9C25C1C588A9} "Java(tm) Plug-In 2 SSV Helper" - "Sun Microsystems, Inc." - C:\Program Files\Java\jre6\bin\jp2ssv.dll {6EBF7485-159F-4bff-A14F-B9E3AAC4465B} "Search Helper" - "Microsoft Corporation" - C:\Program Files\Microsoft\Search Enhancement Pack\Search Helper\SEPsearchhelperie.dll {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} "Skype Plug-In" - "Skype Technologies S.A." - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll {8dbb6d8e-e4a6-4e3b-9753-af78b226441c} "Softonic Deutsch Toolbar" - "Conduit Ltd." - C:\Program Files\Softonic_Deutsch\tbSoft.dll {53707962-6F74-2D53-2644-206D7942484F} "Spybot-S&D IE Protection" - "Safer Networking Limited" - C:\Users\****\Eigene Programme\SPYBOT\Spybot - Search & Destroy\SDHelper.dll {25CEE8EC-5730-41bc-8B58-22DDC8AB8C20} "Winamp Toolbar Loader" - "AOL LLC." - C:\Program Files\Winamp Toolbar\winamptb.dll {9030D464-4C02-4ABF-8ECC-5164760863C6} "Windows Live ID-Anmelde-Hilfsprogramm" - "Microsoft Corporation" - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll {E15A8DC0-8516-42A1-81EA-DC94EC1ACF10} "Windows Live Toolbar Helper" - "Microsoft Corporation" - C:\Program Files\Windows Live\Toolbar\wltcore.dll {5C255C8A-E604-49b4-9D64-90988571CECB} "{5C255C8A-E604-49b4-9D64-90988571CECB}" - ? - (File not found | COM-object registry key not found) [Logon] -----( %APPDATA%\Microsoft\Windows\Start Menu\Programs\Startup )----- "desktop.ini" - ? - C:\Users\****\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\desktop.ini "Picture Motion Browser Medien-Prüfung.lnk" - "Sony Corporation" - C:\Program Files\Sony\Sony Picture Utility\VolumeWatcher\SPUVolumeWatcher.exe (Shortcut exists | File exists) "Stardock ObjectDock.lnk" - "Stardock" - C:\Users\****\Eigene Programme\Star Docks\ObjectDock\ObjectDock.exe (Shortcut exists | File exists) -----( %AllUsersProfile%\Microsoft\Windows\Start Menu\Programs\Startup )----- "desktop.ini" - ? - C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\desktop.ini "McAfee Security Scan Plus.lnk" - "McAfee, Inc." - C:\Program Files\McAfee Security Scan\2.0.181\SSScheduler.exe (Shortcut exists | File exists) -----( HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Run )----- "ICQ" - "ICQ, LLC." - "C:\Program Files\ICQ7.2\ICQ.exe" silent loginmode=4 "SpybotSD TeaTimer" - "Safer Networking Limited" - C:\Users\****\Eigene Programme\SPYBOT\Spybot - Search & Destroy\TeaTimer.exe "swg" - "Google Inc." - C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe "VeohPlugin" - "Veoh Networks" - "C:\Program Files\Veoh Networks\VeohWebPlayer\veohwebplayer.exe" -----( HKLM\SYSTEM\CurrentControlSet\Control\Terminal Server\Wds\rdpwd )----- "StartupPrograms" - ? - rdpclip (File not found) -----( HKLM\Software\Microsoft\Windows\CurrentVersion\Run )----- "Adobe Reader Speed Launcher" - "Adobe Systems Incorporated" - "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe" "avgnt" - "Avira GmbH" - "C:\Program Files\Avira\AntiVir Desktop\avgnt.exe" /min "ErgoMedia" - ? - C:\PROGRA~1\KYE\ERGOME~1\SyTray.exe (File found, but it contains no detailed information) "iTunesHelper" - "Apple Inc." - "C:\Program Files\iTunes\iTunesHelper.exe" "QuickTime Task" - "Apple Inc." - "C:\Program Files\QuickTime\QTTask.exe" -atboottime "Razer Imperator Driver" - "Razer USA Ltd" - C:\Program Files\Razer\Imperator\RazerImperatorTray.exe "SunJavaUpdateSched" - "Sun Microsystems, Inc." - "C:\Program Files\Common Files\Java\Java Update\jusched.exe" "WinampAgent" - ? - "C:\Program Files\Winamp\winampa.exe" (File found, but it contains no detailed information) [Print Monitors] -----( HKLM\SYSTEM\CurrentControlSet\Control\Print\Monitors )----- "Microsoft Document Imaging Writer Monitor" - "Microsoft Corporation" - C:\Windows\system32\mdimon.dll [Services] -----( HKLM\SYSTEM\CurrentControlSet\Services )----- "@%SystemRoot%\System32\TuneUpDefragService.exe,-1" (TuneUp.Defrag) - "TuneUp Software" - C:\Windows\System32\TuneUpDefragService.exe "@%SystemRoot%\System32\TUProgSt.exe,-1" (TuneUp.ProgramStatisticsSvc) - "TuneUp Software" - C:\Windows\System32\TUProgSt.exe "@%SystemRoot%\System32\uxtuneup.dll,-4096" (UxTuneUp) - "TuneUp Software" - C:\Windows\System32\uxtuneup.dll "@C:\Windows\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe,-100" (WPFFontCache_v0400) - "Microsoft Corporation" - C:\Windows\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe "Active@ Disk Monitor" (Active@ Disk Monitor) - "LSoft Technologies Inc" - C:\Program Files\LSoft Technologies Inc\Active@ Hard Disk Monitor\DiskMonitorService.exe "Apple Mobile Device" (Apple Mobile Device) - "Apple Inc." - C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe "Avira AntiVir Guard" (AntiVirService) - "Avira GmbH" - C:\Program Files\Avira\AntiVir Desktop\avguard.exe "Avira AntiVir Planer" (AntiVirSchedulerService) - "Avira GmbH" - C:\Program Files\Avira\AntiVir Desktop\sched.exe "Dienst "Bonjour"" (Bonjour Service) - "Apple Inc." - C:\Program Files\Bonjour\mDNSResponder.exe "Dragon Age: Origins - Inhaltsupdater" (DAUpdaterSvc) - ? - C:\Program Files\Dragon Age\bin_ship\DAUpdaterSvc.Service.exe (File not found) "FLEXnet Licensing Service" (FLEXnet Licensing Service) - "Acresso Software Inc." - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe "Google Software Updater" (gusvc) - "Google" - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe "Google Update Service (gupdate1c9b870e83d315e)" (gupdate1c9b870e83d315e) - "Google Inc." - C:\Program Files\Google\Update\GoogleUpdate.exe "Hotspot Shield Monitoring Service" (HssWd) - ? - C:\Program Files\Hotspot Shield\bin\hsswd.exe (File found, but it contains no detailed information) "Hotspot Shield Routing Service" (HssSrv) - ? - C:\Program Files\Hotspot Shield\HssWPR\hsssrv.exe "Hotspot Shield Service" (HotspotShieldService) - ? - C:\Program Files\Hotspot Shield\bin\openvpnas.exe (File found, but it contains no detailed information) "Hotspot Shield Tray Service" (HssTrayService) - ? - C:\Program Files\Hotspot Shield\bin\HssTrayService.EXE (File found, but it contains no detailed information) "ICQ Service" (ICQ Service) - ? - C:\Program Files\ICQ6Toolbar\ICQ Service.exe "InstallDriver Table Manager" (IDriverT) - "Macrovision Corporation" - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe "iPod-Dienst" (iPod Service) - "Apple Inc." - C:\Program Files\iPod\bin\iPodService.exe "Lavasoft Ad-Aware Service" (aawservice) - "Lavasoft" - C:\Users\Georg\Eigene Programme\ADAWRE\aawservice.exe "McAfee Security Scan Component Host Service" (McComponentHostService) - "McAfee, Inc." - C:\Program Files\McAfee Security Scan\2.0.181\McCHSvc.exe "Microsoft .NET Framework NGEN v4.0.30319_X86" (clr_optimization_v4.0.30319_32) - "Microsoft Corporation" - C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe "Microsoft Office Diagnostics Service" (odserv) - "Microsoft Corporation" - C:\Program Files\Common Files\Microsoft Shared\OFFICE12\ODSERV.EXE "NVIDIA Display Driver Service" (nvsvc) - "NVIDIA Corporation" - C:\Windows\system32\nvvsvc.exe "Office Source Engine" (ose) - "Microsoft Corporation" - C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE "PnkBstrA" (PnkBstrA) - ? - C:\Windows\system32\PnkBstrA.exe (File found, but it contains no detailed information) "SeaPort" (SeaPort) - "Microsoft Corporation" - C:\Program Files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe "Steam Client Service" (Steam Client Service) - "Valve Corporation" - C:\Program Files\Common Files\Steam\SteamService.exe "Ulead Burning Helper" (UleadBurningHelper) - "Ulead Systems, Inc." - C:\Program Files\Common Files\Ulead Systems\DVD\ULCDRSvr.exe "Windows Live ID Sign-in Assistant" (wlidsvc) - "Microsoft Corporation" - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE [Winsock Providers] -----( HKLM\SYSTEM\CurrentControlSet\Services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries )----- "mdnsNSP" - "Apple Inc." - C:\Program Files\Bonjour\mdnsNSP.dll ===[ Logfile end ]=========================================[ Logfile end ]=== If You have questions or want to get some help, You can visit hxxp://forum.online-solutions.ru Code:
ATTFilter MBRCheck, version 1.2.3
(c) 2010, AD
Command-line:
Windows Version: Windows Vista Home Premium Edition
Windows Information: Service Pack 2 (build 6002), 32-bit
Base Board Manufacturer: ASUSTeK Computer INC.
BIOS Manufacturer: American Megatrends Inc.
System Manufacturer: ASUSTEK COMPUTER INC
System Product Name: P5W DH Deluxe
Logical Drives Mask: 0x000003fd
Kernel Drivers (total 172):
0x83052000 \SystemRoot\system32\ntoskrnl.exe
0x8301F000 \SystemRoot\system32\hal.dll
0x8B00A000 \SystemRoot\system32\kdcom.dll
0x8B011000 \SystemRoot\system32\mcupdate_GenuineIntel.dll
0x8B081000 \SystemRoot\system32\PSHED.dll
0x8B092000 \SystemRoot\system32\BOOTVID.dll
0x8B09A000 \SystemRoot\system32\CLFS.SYS
0x8B0DB000 \SystemRoot\system32\CI.dll
0x8B1BB000 \SystemRoot\system32\drivers\Wdf01000.sys
0x8B237000 \SystemRoot\system32\drivers\WDFLDR.SYS
0x8B244000 \SystemRoot\system32\drivers\acpi.sys
0x8B28A000 \SystemRoot\system32\drivers\WMILIB.SYS
0x8B293000 \SystemRoot\system32\drivers\msisadrv.sys
0x8B29B000 \SystemRoot\system32\drivers\pci.sys
0x8B2C2000 \SystemRoot\System32\drivers\partmgr.sys
0x8B2D1000 \SystemRoot\system32\drivers\volmgr.sys
0x8B2E0000 \SystemRoot\System32\drivers\volmgrx.sys
0x8B32A000 \SystemRoot\system32\drivers\intelide.sys
0x8B331000 \SystemRoot\system32\drivers\PCIIDEX.SYS
0x8B33F000 \SystemRoot\system32\drivers\pciide.sys
0x8B346000 \SystemRoot\System32\drivers\mountmgr.sys
0x8B356000 \SystemRoot\system32\drivers\atapi.sys
0x8B35E000 \SystemRoot\system32\drivers\ataport.SYS
0x8B37C000 \SystemRoot\system32\drivers\fltmgr.sys
0x8B3AE000 \SystemRoot\system32\drivers\fileinfo.sys
0x8B3BE000 \SystemRoot\system32\Drivers\PxHelp20.sys
0x8B407000 \SystemRoot\System32\Drivers\ksecdd.sys
0x8B478000 \SystemRoot\system32\drivers\ndis.sys
0x8B583000 \SystemRoot\system32\drivers\msrpc.sys
0x8B5AE000 \SystemRoot\system32\drivers\NETIO.SYS
0x8B5E9000 \SystemRoot\System32\drivers\tcpip.sys
0x8B6D3000 \SystemRoot\System32\drivers\fwpkclnt.sys
0x8B6EE000 \SystemRoot\System32\Drivers\Ntfs.sys
0x8B803000 \SystemRoot\system32\drivers\volsnap.sys
0x8B83C000 \SystemRoot\System32\Drivers\spldr.sys
0x8B844000 \SystemRoot\System32\Drivers\mup.sys
0x8B853000 \SystemRoot\System32\drivers\ecache.sys
0x8B87A000 \SystemRoot\system32\drivers\ivicd.sys
0x8B884000 \SystemRoot\system32\drivers\disk.sys
0x8B895000 \SystemRoot\system32\drivers\CLASSPNP.SYS
0x8B8B6000 \SystemRoot\system32\drivers\crcdisk.sys
0x8B8DF000 \SystemRoot\system32\DRIVERS\tunnel.sys
0x8B8EA000 \SystemRoot\system32\DRIVERS\tunmp.sys
0x8B8F3000 \SystemRoot\system32\DRIVERS\intelppm.sys
0x90405000 \SystemRoot\system32\DRIVERS\nvlddmkm.sys
0x90E83000 \SystemRoot\system32\DRIVERS\nvBridge.kmd
0x90E85000 \SystemRoot\System32\drivers\dxgkrnl.sys
0x90F25000 \SystemRoot\System32\drivers\watchdog.sys
0x90F31000 \SystemRoot\system32\DRIVERS\HDAudBus.sys
0x90FBE000 \SystemRoot\system32\DRIVERS\yk60x86.sys
0x90FF1000 \SystemRoot\system32\DRIVERS\usbuhci.sys
0x8B902000 \SystemRoot\system32\DRIVERS\USBPORT.SYS
0x8B940000 \SystemRoot\system32\DRIVERS\usbehci.sys
0x8B94F000 \SystemRoot\system32\DRIVERS\ohci1394.sys
0x8B95F000 \SystemRoot\system32\DRIVERS\1394BUS.SYS
0x8B96D000 \SystemRoot\system32\DRIVERS\fdc.sys
0x8B978000 \SystemRoot\system32\DRIVERS\ASACPI.sys
0x8B980000 \SystemRoot\system32\DRIVERS\i8042prt.sys
0x8B993000 \SystemRoot\system32\DRIVERS\kbdclass.sys
0x8B99E000 \SystemRoot\system32\DRIVERS\serial.sys
0x8B9B8000 \SystemRoot\system32\DRIVERS\serenum.sys
0x8B9C2000 \SystemRoot\system32\drivers\iviaspi.sys
0x8B9C8000 \SystemRoot\system32\DRIVERS\cdrom.sys
0x8B9E0000 \SystemRoot\System32\Drivers\GEARAspiWDM.sys
0x8B9E6000 \SystemRoot\system32\DRIVERS\msiscsi.sys
0x8BA15000 \SystemRoot\system32\DRIVERS\storport.sys
0x8BA56000 \SystemRoot\system32\DRIVERS\TDI.SYS
0x8BA61000 \SystemRoot\system32\DRIVERS\HssDrv.sys
0x8BA71000 \SystemRoot\system32\DRIVERS\rasl2tp.sys
0x8BA88000 \SystemRoot\system32\DRIVERS\ndistapi.sys
0x8BA93000 \SystemRoot\system32\DRIVERS\ndiswan.sys
0x8BAB6000 \SystemRoot\system32\DRIVERS\raspppoe.sys
0x8BAC5000 \SystemRoot\system32\DRIVERS\raspptp.sys
0x8BAD9000 \SystemRoot\system32\DRIVERS\rassstp.sys
0x90400000 \SystemRoot\system32\DRIVERS\hamachi.sys
0x8BAEE000 \SystemRoot\system32\DRIVERS\taphss.sys
0x8BAF5000 \SystemRoot\system32\DRIVERS\termdd.sys
0x8BB05000 \SystemRoot\system32\DRIVERS\mouclass.sys
0x90FFC000 \SystemRoot\system32\DRIVERS\swenum.sys
0x8BB10000 \SystemRoot\system32\DRIVERS\ks.sys
0x8BB3A000 \SystemRoot\system32\DRIVERS\mssmbios.sys
0x8BB44000 \SystemRoot\system32\DRIVERS\umbus.sys
0x8BB51000 \SystemRoot\system32\DRIVERS\usbhub.sys
0x8BB86000 \SystemRoot\system32\DRIVERS\flpydisk.sys
0x8BB90000 \SystemRoot\System32\Drivers\NDProxy.SYS
0x9100A000 \SystemRoot\system32\drivers\RTKVHDA.sys
0x911A0000 \SystemRoot\system32\drivers\portcls.sys
0x911CD000 \SystemRoot\system32\drivers\drmk.sys
0x911F2000 \SystemRoot\System32\Drivers\Fs_Rec.SYS
0x911FB000 \SystemRoot\system32\drivers\udffsrec.sys
0x911FD000 \SystemRoot\System32\Drivers\Null.SYS
0x91204000 \SystemRoot\System32\Drivers\Beep.SYS
0x91214000 \SystemRoot\system32\DRIVERS\HIDPARSE.SYS
0x9121B000 \SystemRoot\System32\drivers\vga.sys
0x91227000 \SystemRoot\System32\drivers\VIDEOPRT.SYS
0x91248000 \SystemRoot\System32\DRIVERS\RDPCDD.sys
0x91250000 \SystemRoot\system32\drivers\rdpencdd.sys
0x91258000 \SystemRoot\System32\Drivers\Msfs.SYS
0x91263000 \SystemRoot\System32\Drivers\Npfs.SYS
0x91271000 \SystemRoot\System32\DRIVERS\rasacd.sys
0x9127A000 \SystemRoot\system32\DRIVERS\tdx.sys
0x91290000 \SystemRoot\system32\DRIVERS\smb.sys
0x912A4000 \SystemRoot\system32\drivers\afd.sys
0x912EC000 \SystemRoot\System32\DRIVERS\netbt.sys
0x9131E000 \SystemRoot\system32\DRIVERS\pacer.sys
0x91334000 \SystemRoot\system32\DRIVERS\netbios.sys
0x91342000 \SystemRoot\system32\DRIVERS\wanarp.sys
0x91355000 \SystemRoot\system32\DRIVERS\ssmdrv.sys
0x9135B000 \SystemRoot\system32\DRIVERS\rdbss.sys
0x91397000 \SystemRoot\system32\drivers\nsiproxy.sys
0x913AA000 \SystemRoot\system32\DRIVERS\BdaSup.SYS
0x913AF000 \SystemRoot\System32\Drivers\dfsc.sys
0x913C6000 \SystemRoot\system32\DRIVERS\avipbb.sys
0x913EC000 \??\C:\Program Files\Avira\AntiVir Desktop\avgio.sys
0x913EE000 \SystemRoot\system32\drivers\AsIO.sys
0x8BBA1000 \SystemRoot\system32\DRIVERS\usbccgp.sys
0x913F0000 \SystemRoot\system32\DRIVERS\USBD.SYS
0x8BBB8000 \SystemRoot\system32\DRIVERS\udfs.sys
0x913F2000 \SystemRoot\system32\DRIVERS\hidusb.sys
0x8B8BF000 \SystemRoot\system32\DRIVERS\HIDCLASS.SYS
0x91000000 \SystemRoot\system32\DRIVERS\mouhid.sys
0x9120B000 \SystemRoot\system32\DRIVERS\kbdhid.sys
0x8B8CF000 \SystemRoot\system32\DRIVERS\usbprint.sys
0x8BBF3000 \SystemRoot\system32\DRIVERS\usbscan.sys
0x913A1000 \SystemRoot\System32\Drivers\BrUsbSer.sys
0x8B3C8000 \SystemRoot\System32\Drivers\BrSerIf.sys
0x8B3D9000 \SystemRoot\system32\DRIVERS\USBSTOR.SYS
0x8B3EE000 \SystemRoot\System32\Drivers\crashdmp.sys
0x9300E000 \SystemRoot\System32\Drivers\dump_dumpata.sys
0x93019000 \SystemRoot\System32\Drivers\dump_atapi.sys
0x9A040000 \SystemRoot\System32\win32k.sys
0x93021000 \SystemRoot\System32\drivers\Dxapi.sys
0x9302B000 \SystemRoot\system32\DRIVERS\monitor.sys
0x9A260000 \SystemRoot\System32\TSDDD.dll
0x9A280000 \SystemRoot\System32\cdd.dll
0x9303A000 \SystemRoot\system32\drivers\luafv.sys
0x93055000 \SystemRoot\system32\DRIVERS\avgntflt.sys
0x93072000 \SystemRoot\system32\drivers\spsys.sys
0x93122000 \SystemRoot\system32\DRIVERS\lltdio.sys
0x93132000 \SystemRoot\system32\DRIVERS\nwifi.sys
0x9315C000 \SystemRoot\system32\DRIVERS\ndisuio.sys
0x93166000 \SystemRoot\system32\DRIVERS\rspndr.sys
0x93179000 \SystemRoot\system32\drivers\HTTP.sys
0x931E6000 \SystemRoot\System32\DRIVERS\srvnet.sys
0x93203000 \SystemRoot\system32\DRIVERS\bowser.sys
0x9321C000 \SystemRoot\System32\drivers\mpsdrv.sys
0x93231000 \SystemRoot\system32\drivers\mrxdav.sys
0x93252000 \SystemRoot\system32\DRIVERS\mrxsmb.sys
0x93271000 \SystemRoot\system32\DRIVERS\mrxsmb10.sys
0x932AA000 \SystemRoot\system32\DRIVERS\mrxsmb20.sys
0x932C2000 \SystemRoot\System32\DRIVERS\srv2.sys
0x932EA000 \SystemRoot\System32\DRIVERS\srv.sys
0x93338000 \SystemRoot\system32\DRIVERS\asyncmac.sys
0x93341000 \SystemRoot\System32\Drivers\TBPanel.SYS
0x93343000 \SystemRoot\system32\DRIVERS\atjsgt.sys
0x9336C000 \??\C:\Windows\system32\drivers\cpuz133_x32.sys
0x93375000 \SystemRoot\System32\drivers\enodpl.sys
0x93377000 \SystemRoot\system32\DRIVERS\linsgt.sys
0xA6C08000 \SystemRoot\system32\drivers\peauth.sys
0xA6CE6000 \SystemRoot\System32\Drivers\secdrv.SYS
0xA6CF0000 \SystemRoot\System32\drivers\tandpl.sys
0xA6CF2000 \SystemRoot\System32\drivers\tcpipreg.sys
0xA6CFE000 \SystemRoot\system32\DRIVERS\WUDFRd.sys
0xA6D13000 \SystemRoot\system32\DRIVERS\WUDFPf.sys
0xA6D25000 \SystemRoot\system32\drivers\tdtcp.sys
0xA6D30000 \SystemRoot\System32\DRIVERS\tssecsrv.sys
0xA6D3C000 \SystemRoot\System32\Drivers\RDPWD.SYS
0xA6D6F000 \??\C:\Windows\system32\Drivers\PROCEXP113.SYS
0xA6D71000 \??\C:\Users\****\AppData\Local\Temp\catchme.sys
0xA6D80000 \SystemRoot\system32\DRIVERS\cdfs.sys
0xA6D96000 \??\C:\Users\****\AppData\Local\Temp\fglcrpob.sys
0x77A20000 \Windows\System32\ntdll.dll
Processes (total 77):
0 System Idle Process
4 System
452 C:\Windows\System32\smss.exe
592 csrss.exe
644 C:\Windows\System32\wininit.exe
656 csrss.exe
688 C:\Windows\System32\services.exe
700 C:\Windows\System32\lsass.exe
708 C:\Windows\System32\lsm.exe
868 C:\Windows\System32\winlogon.exe
896 C:\Windows\System32\svchost.exe
960 C:\Windows\System32\nvvsvc.exe
988 C:\Windows\System32\svchost.exe
1040 C:\Windows\System32\svchost.exe
1124 C:\Windows\System32\svchost.exe
1156 C:\Windows\System32\svchost.exe
1188 C:\Windows\System32\svchost.exe
1288 C:\Windows\System32\audiodg.exe
1316 C:\Windows\System32\svchost.exe
1340 C:\Windows\System32\SLsvc.exe
1396 C:\Windows\System32\svchost.exe
1480 C:\Windows\System32\nvvsvc.exe
1592 C:\Windows\System32\svchost.exe
1776 C:\Users\Georg\Eigene Programme\ADAWRE\aawservice.exe
1900 C:\Windows\System32\spoolsv.exe
1924 C:\Program Files\Avira\AntiVir Desktop\sched.exe
1936 C:\Windows\System32\svchost.exe
1436 C:\Windows\System32\dwm.exe
1584 C:\Windows\System32\taskeng.exe
1996 C:\Windows\System32\taskeng.exe
1704 C:\Program Files\ASUS WiFi-AP Solo\RtWLan.exe
1528 C:\Windows\System32\taskeng.exe
2204 C:\Program Files\LSoft Technologies Inc\Active@ Hard Disk Monitor\DiskMonitorService.exe
2228 C:\Program Files\Avira\AntiVir Desktop\avguard.exe
2264 C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
2284 C:\Program Files\Avira\AntiVir Desktop\avshadow.exe
2304 C:\Program Files\Bonjour\mDNSResponder.exe
2344 C:\Program Files\Hotspot Shield\bin\openvpnas.exe
2368 C:\Program Files\Hotspot Shield\HssWPR\hsssrv.exe
2420 C:\Program Files\Hotspot Shield\bin\hsswd.exe
2496 C:\Program Files\ICQ6Toolbar\ICQ Service.exe
2576 C:\Windows\System32\PnkBstrA.exe
2600 C:\Windows\System32\svchost.exe
2620 C:\Program Files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe
2656 C:\Windows\System32\svchost.exe
2684 C:\Windows\System32\TUProgSt.exe
2700 C:\Program Files\Common Files\Ulead Systems\DVD\ULCDRSvr.exe
2720 C:\Windows\System32\svchost.exe
2760 C:\Program Files\Common Files\microsoft shared\Windows Live\WLIDSVC.EXE
2784 C:\Windows\System32\SearchIndexer.exe
3092 WUDFHost.exe
3296 C:\Program Files\Common Files\microsoft shared\Windows Live\WLIDSVCM.EXE
3772 C:\Windows\RtHDVCpl.exe
3800 C:\Program Files\Avira\AntiVir Desktop\avgnt.exe
3864 C:\Program Files\Razer\Imperator\RazerImperatorTray.exe
3888 C:\Program Files\Common Files\Java\Java Update\jusched.exe
3944 C:\Program Files\iTunes\iTunesHelper.exe
816 C:\Program Files\Veoh Networks\VeohWebPlayer\veohwebplayer.exe
2108 C:\Program Files\Windows Sidebar\sidebar.exe
788 C:\Program Files\McAfee Security Scan\2.0.181\SSScheduler.exe
764 C:\Program Files\Sony\Sony Picture Utility\VolumeWatcher\SPUVolumeWatcher.exe
2180 C:\Users\****\Eigene Programme\Star Docks\ObjectDock\ObjectDock.exe
332 C:\Program Files\iPod\bin\iPodService.exe
288 C:\Program Files\Hotspot Shield\bin\openvpntray.exe
4484 C:\Windows\System32\svchost.exe
4668 C:\Windows\System32\SearchProtocolHost.exe
5048 C:\Windows\System32\conime.exe
5988 C:\Windows\explorer.exe
5776 C:\Program Files\Skype\Plugin Manager\skypePM.exe
4148 C:\Program Files\Mozilla Firefox\firefox.exe
4360 C:\Users\****\Downloads\osam.exe
552 taskeng.exe
4196 C:\Windows\System32\notepad.exe
5832 C:\Program Files\Microsoft Office\Office12\WINWORD.EXE
4748 C:\Program Files\Microsoft\Office Live\OfficeLiveSignIn.exe
5812 C:\Windows\System32\SearchFilterHost.exe
2648 C:\Users\****\Desktop\MBRCheck.exe
\\.\C: --> \\.\PhysicalDrive0 at offset 0x00000000`00100000 (NTFS)
\\.\D: --> \\.\PhysicalDrive0 at offset 0x00000041`eb100000 (NTFS)
\\.\E: --> \\.\PhysicalDrive0 at offset 0x00000048`ff900000 (NTFS)
\\.\G: --> \\.\PhysicalDrive1 at offset 0x00000000`00100000 (NTFS)
\\.\H: --> \\.\PhysicalDrive1 at offset 0x00000030`d4100000 (NTFS)
\\.\I: --> \\.\PhysicalDrive1 at offset 0x00000055`73100000 (NTFS)
PhysicalDrive0 Model Number: SAMSUNGHD321KJ, Rev: CP100-10
PhysicalDrive1 Model Number: SAMSUNGHD502HJ, Rev: 1AJ100E4
Size Device Name MBR Status
--------------------------------------------
298 GB \\.\PhysicalDrive0 Windows 2008 MBR code detected
SHA1: 8DF43F2BDE2D9451948FA14B5279969C777A7979
465 GB \\.\PhysicalDrive1 Windows 2008 MBR code detected
SHA1: 8DF43F2BDE2D9451948FA14B5279969C777A7979
Done!
Geändert von Trokker (15.02.2011 um 00:34 Uhr) |
|
15.02.2011, 10:10
| #10 | |
| /// Winkelfunktion /// TB-Süch-Tiger™ | JAVA/Dldr.Cethry.EZitat:
Wenn die Datei schon ausgewertet sein sollte, bitte eine weitere Auswertung starten.
__________________ Logfiles bitte immer in CODE-Tags posten |
|
15.02.2011, 16:01
| #11 |
| | JAVA/Dldr.Cethry.E Hi, hier ist der Link von VirusTotal: hxxp://www.virustotal.com/file-scan/report.html?id=b28b299fc2a9297b506aa5fa33dd9491566b6218e3cf8c290598d915be9c3543-1297781763 |
|
15.02.2011, 16:11
| #12 |
| /// Winkelfunktion /// TB-Süch-Tiger™ | JAVA/Dldr.Cethry.E Sieht ok aus. Mach bitte zur Kontrolle Vollscans mit Malwarebytes und SUPERAntiSpyware und poste die Logs. Denk dran beide Tools zu updaten vor dem Scan!!
__________________ Logfiles bitte immer in CODE-Tags posten |
|
15.02.2011, 20:54
| #13 |
| | JAVA/Dldr.Cethry.E Hier sind die nächsten: SUPERAntispyware Code:
ATTFilter SUPERAntiSpyware Scan Log
hxxp://www.superantispyware.com
Generated 02/15/2011 at 07:09 PM
Application Version : 4.48.1000
Core Rules Database Version : 6401
Trace Rules Database Version: 4213
Scan type : Complete Scan
Total Scan Time : 02:36:15
Memory items scanned : 698
Memory threats detected : 0
Registry items scanned : 10041
Registry threats detected : 0
File items scanned : 315166
File threats detected : 2
Adware.Tracking Cookie
C:\Users\****\AppData\Roaming\Microsoft\Windows\Cookies\****@doubleclick[1].txt
Trojan.Agent/Gen-FakeAlert
G:\GAMES\COUNTER STRIKE 1.5\UNWISE.EXE
Code:
ATTFilter Malwarebytes' Anti-Malware 1.50.1.1100
www.malwarebytes.org
Datenbank Version: 5768
Windows 6.0.6002 Service Pack 2
Internet Explorer 8.0.6001.19019
15.02.2011 20:45:19
mbam-log-2011-02-15 (20-45-19).txt
Art des Suchlaufs: Vollständiger Suchlauf (C:\|D:\|E:\|G:\|H:\|I:\|)
Durchsuchte Objekte: 468627
Laufzeit: 1 Stunde(n), 23 Minute(n), 31 Sekunde(n)
Infizierte Speicherprozesse: 0
Infizierte Speichermodule: 0
Infizierte Registrierungsschlüssel: 0
Infizierte Registrierungswerte: 0
Infizierte Dateiobjekte der Registrierung: 0
Infizierte Verzeichnisse: 0
Infizierte Dateien: 0
Infizierte Speicherprozesse:
(Keine bösartigen Objekte gefunden)
Infizierte Speichermodule:
(Keine bösartigen Objekte gefunden)
Infizierte Registrierungsschlüssel:
(Keine bösartigen Objekte gefunden)
Infizierte Registrierungswerte:
(Keine bösartigen Objekte gefunden)
Infizierte Dateiobjekte der Registrierung:
(Keine bösartigen Objekte gefunden)
Infizierte Verzeichnisse:
(Keine bösartigen Objekte gefunden)
Infizierte Dateien:
(Keine bösartigen Objekte gefunden)
|
|
15.02.2011, 21:47
| #14 |
| /// Winkelfunktion /// TB-Süch-Tiger™ | JAVA/Dldr.Cethry.E Ein Fehlalarm und ein Cookie. Harmlos. Noch Probleme oder weitere Funde oder ist nun alles ok?
__________________ Logfiles bitte immer in CODE-Tags posten |
|
15.02.2011, 21:56
| #15 |
| | JAVA/Dldr.Cethry.E Also schon mal vielen Dank für die Hilfe. War der Java-Virus auch nur ein Fehlalarm oder hab ich ihn beim durchlaufen der Programme gelöscht? Kann man so einen Virus wirklich durch ein Java-Update bekommen? |
|
| Themen zu JAVA/Dldr.Cethry.E |
| 0x00000001, adblock, adobe, adware.180solutions, alternate, antivir, autorun, avgntflt.sys, avira, bho, bonjour, conduit, corp./icp, defender, desktop, dwm.exe, error, excel.exe, fehlalarm, fontcache, google, hard disk, home, home premium, hotspot, hotspot shield, hängen, langs, location, logfile, mozilla, nt.dll, nvlddmkm.sys, nvstor.sys, oldtimer, otl.exe, plug-in, programdata, programm, prozess, prozesse, realtek, registry, safer networking, searchplugins, security, security scan, services.exe, softonic, softonic deutsch toolbar, software, start menu, studio, svchost.exe, uleadburninghelper, versteckte objekte, verweise, virus gefunden, windows |
Linear-Darstellung
