| |
| |||||||
Plagegeister aller Art und deren Bekämpfung: iexplore.exe / über 10 mal im Task Manager / Prozess belegt ArbeitsspeicherWindows 7 Wenn Du nicht sicher bist, ob Du dir Malware oder Trojaner eingefangen hast, erstelle hier ein Thema. Ein Experte wird sich mit weiteren Anweisungen melden und Dir helfen die Malware zu entfernen oder Unerwünschte Software zu deinstallieren bzw. zu löschen. Bitte schildere dein Problem so genau wie möglich. Sollte es ein Trojaner oder Viren Problem sein wird ein Experte Dir bei der Beseitigug der Infektion helfen. |
 |
17.02.2011, 20:32
| #1 |
 |  iexplore.exe / über 10 mal im Task Manager / Prozess belegt Arbeitsspeicher Hi Leute, ich hoffe Ihr könnt mir weiterhelfen. Seit einigen Tagen ist mir aufgefallen dass mein Rechner langsamer wird und im Task Manager der Prozess iexplore.exe geöffnet bzw. sich mehrfach öffnet. Für das Internet benutze ich Mozilla. Jede Datei belegt ca 30.000K +/- 8.000k Wenn der PC 5 Stunden lang in Betrieb ist dann erscheint im Task Manager die Datei über 10 mal. Wenn die Prozessstruktur beendet wird ist alles weg. Nach einer gewissen Zeit öffnet sich die Datei wieder. Der Internet Explorer erscheint nicht auf dem Desktop! Also der Prozess läuft im Hintergrund. Folgende Programme habe ich schon benutzt, aber leider ohne Ergebnis. Bitdefender Internet Security 2011 CCleaner Spybot-Search&Destroy Könnt Ihr mir weiterhelfen? Anbei die Logfiles Falls noch was fehlt bitte fragen!!! Danke für eure Hilfe Andy |
|
17.02.2011, 21:09
| #2 | |||
| /// Winkelfunktion /// TB-Süch-Tiger™   | iexplore.exe / über 10 mal im Task Manager / Prozess belegt Arbeitsspeicher Hallo und
__________________ Zitat:
Zitat:
Denk daran, dass Malwarebytes vor jedem Scan manuell aktualisiert werden muss! Falls Logs aus älteren Scans mit Malwarebytes vorhanden sind, bitte auch davon alle posten!
__________________ |
|
18.02.2011, 06:37
| #3 |
| | iexplore.exe / über 10 mal im Task Manager / Prozess belegt Arbeitsspeicher Hi Cosinus,
__________________vielen Dank für Deine Hilfe ! Den IE9 habe ich aus rein "Verzweiflung" installiert. Der Fehler war schon beim IE8 da. Sry dass es so lang gedauert hat mit dem Log. Musste den erst durchlaufen lassen. Code:
ATTFilter Malwarebytes' Anti-Malware 1.50.1.1100
www.malwarebytes.org
Datenbank Version: 5786
Windows 6.1.7600
Internet Explorer 9.0.8080.16413
18.02.2011 06:34:31
mbam-log-2011-02-18 (06-34-31).txt
Art des Suchlaufs: Vollständiger Suchlauf (C:\|E:\|F:\|G:\|H:\|K:\|)
Durchsuchte Objekte: 785035
Laufzeit: 1 Stunde(n), 48 Minute(n), 33 Sekunde(n)
Infizierte Speicherprozesse: 0
Infizierte Speichermodule: 0
Infizierte Registrierungsschlüssel: 0
Infizierte Registrierungswerte: 0
Infizierte Dateiobjekte der Registrierung: 0
Infizierte Verzeichnisse: 0
Infizierte Dateien: 0
Infizierte Speicherprozesse:
(Keine bösartigen Objekte gefunden)
Infizierte Speichermodule:
(Keine bösartigen Objekte gefunden)
Infizierte Registrierungsschlüssel:
(Keine bösartigen Objekte gefunden)
Infizierte Registrierungswerte:
(Keine bösartigen Objekte gefunden)
Infizierte Dateiobjekte der Registrierung:
(Keine bösartigen Objekte gefunden)
Infizierte Verzeichnisse:
(Keine bösartigen Objekte gefunden)
Infizierte Dateien:
(Keine bösartigen Objekte gefunden)
Code:
ATTFilter Malwarebytes' Anti-Malware 1.50.1.1100
www.malwarebytes.org
Datenbank Version: 5672
Windows 6.1.7600 (Safe Mode)
Internet Explorer 8.0.7600.16385
04.02.2011 07:59:09
mbam-log-2011-02-04 (07-59-09).txt
Art des Suchlaufs: Vollständiger Suchlauf (C:\|E:\|F:\|G:\|H:\|K:\|)
Durchsuchte Objekte: 777219
Laufzeit: 57 Minute(n), 34 Sekunde(n)
Infizierte Speicherprozesse: 0
Infizierte Speichermodule: 0
Infizierte Registrierungsschlüssel: 0
Infizierte Registrierungswerte: 0
Infizierte Dateiobjekte der Registrierung: 0
Infizierte Verzeichnisse: 0
Infizierte Dateien: 0
Infizierte Speicherprozesse:
(Keine bösartigen Objekte gefunden)
Infizierte Speichermodule:
(Keine bösartigen Objekte gefunden)
Infizierte Registrierungsschlüssel:
(Keine bösartigen Objekte gefunden)
Infizierte Registrierungswerte:
(Keine bösartigen Objekte gefunden)
Infizierte Dateiobjekte der Registrierung:
(Keine bösartigen Objekte gefunden)
Infizierte Verzeichnisse:
(Keine bösartigen Objekte gefunden)
Infizierte Dateien:
(Keine bösartigen Objekte gefunden)
Code:
ATTFilter Malwarebytes' Anti-Malware 1.50.1.1100
www.malwarebytes.org
Datenbank Version: 5622
Windows 6.1.7600
Internet Explorer 8.0.7600.16385
27.01.2011 19:04:26
mbam-log-2011-01-27 (19-04-26).txt
Art des Suchlaufs: Quick-Scan
Durchsuchte Objekte: 169384
Laufzeit: 2 Minute(n), 11 Sekunde(n)
Infizierte Speicherprozesse: 0
Infizierte Speichermodule: 0
Infizierte Registrierungsschlüssel: 0
Infizierte Registrierungswerte: 0
Infizierte Dateiobjekte der Registrierung: 0
Infizierte Verzeichnisse: 0
Infizierte Dateien: 0
Infizierte Speicherprozesse:
(Keine bösartigen Objekte gefunden)
Infizierte Speichermodule:
(Keine bösartigen Objekte gefunden)
Infizierte Registrierungsschlüssel:
(Keine bösartigen Objekte gefunden)
Infizierte Registrierungswerte:
(Keine bösartigen Objekte gefunden)
Infizierte Dateiobjekte der Registrierung:
(Keine bösartigen Objekte gefunden)
Infizierte Verzeichnisse:
(Keine bösartigen Objekte gefunden)
Infizierte Dateien:
(Keine bösartigen Objekte gefunden)
|
|
18.02.2011, 09:43
| #4 | |
| /// Winkelfunktion /// TB-Süch-Tiger™ | iexplore.exe / über 10 mal im Task Manager / Prozess belegt ArbeitsspeicherZitat:
Mach danach bitte frische OTL-Logs: Systemscan mit OTL Lade Dir bitte OTL von Oldtimer herunter und speichere es auf Deinem Desktop
__________________ Logfiles bitte immer in CODE-Tags posten  |
|
18.02.2011, 20:33
| #5 |
| | iexplore.exe / über 10 mal im Task Manager / Prozess belegt Arbeitsspeicher Hier die zwei Logfiles OTL Code:
ATTFilter OTL logfile created on: 18.02.2011 18:46:51 - Run 4 OTL by OldTimer - Version 3.2.20.6 Folder = C:\Users\Fischmoesi\Desktop\MFTools 64bit- Ultimate Edition (Version = 6.1.7600) - Type = NTWorkstation Internet Explorer (Version = 9.0.8080.16413) Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy 12,00 Gb Total Physical Memory | 10,00 Gb Available Physical Memory | 81,00% Memory free 24,00 Gb Paging File | 22,00 Gb Available in Paging File | 90,00% Paging File free Paging file location(s): c:\pagefile.sys 0 0 [binary data] %SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86) Drive C: | 139,64 Gb Total Space | 53,07 Gb Free Space | 38,00% Space Free | Partition Type: NTFS Drive E: | 279,46 Gb Total Space | 35,98 Gb Free Space | 12,87% Space Free | Partition Type: NTFS Drive F: | 931,50 Gb Total Space | 195,23 Gb Free Space | 20,96% Space Free | Partition Type: NTFS Drive G: | 931,51 Gb Total Space | 737,13 Gb Free Space | 79,13% Space Free | Partition Type: NTFS Drive H: | 298,09 Gb Total Space | 65,23 Gb Free Space | 21,88% Space Free | Partition Type: NTFS Drive K: | 149,00 Gb Total Space | 50,46 Gb Free Space | 33,86% Space Free | Partition Type: FAT32 Computer Name: AQUARIUM | User Name: Fischmoesi | Logged in as Administrator. Boot Mode: Normal | Scan Mode: Current user | Include 64bit Scans Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days ========== Processes (SafeList) ========== PRC - C:\Users\Fischmoesi\Desktop\MFTools\OTL.exe (OldTimer Tools) PRC - C:\Program Files (x86)\TeamViewer\Version6\TeamViewer.exe (TeamViewer GmbH) PRC - C:\Program Files (x86)\TeamViewer\Version6\TeamViewer_Service.exe (TeamViewer GmbH) PRC - C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe (NVIDIA Corporation) PRC - C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe (Apple Inc.) PRC - C:\Program Files (x86)\Mozilla Firefox\firefox.exe (Mozilla Corporation) PRC - C:\Program Files (x86)\Windows Media Player\wmplayer.exe (Microsoft Corporation) PRC - C:\Programme\Logitech\GamePanel Software\Applets\LCDMedia.exe (Logitech Inc.) PRC - C:\Windows\SysWOW64\PnkBstrA.exe () PRC - C:\Program Files (x86)\Common Files\Logishrd\LVMVFM\LVPrS64H.exe (Logitech Inc.) PRC - C:\Program Files (x86)\Logitech\LWS\Webcam Software\LWS.exe (Logitech Inc.) PRC - C:\Program Files (x86)\Creative\Shared Files\CTAudSvc.exe (Creative Technology Ltd) PRC - C:\Users\Fischmoesi\AppData\Roaming\Transcend\JFSW2\JFSW2Launch.exe () PRC - C:\Program Files (x86)\Lavalys\EVEREST Ultimate Edition\everest.exe (Lavalys, Inc.) PRC - C:\Program Files (x86)\ROCCAT\Kone Mouse\KoneHID.EXE (ROCCAT) PRC - C:\Program Files (x86)\Common Files\MAGIX Services\Database\bin\FABS.exe (MAGIX AG) PRC - C:\Windows\SysWOW64\CTxfispi.exe (Creative Technology Ltd) PRC - C:\Programme\ASUS\Six Engine\SixEngine.exe () PRC - C:\Programme\ASUS\TurboV\TurboV.exe () PRC - C:\Program Files (x86)\Canon\Canon IJ Network Scan Utility\CNMNSUT.exe (CANON INC.) PRC - C:\Program Files (x86)\ASUS\AsSysCtrlService\1.00.02\AsSysCtrlService.exe () PRC - C:\Program Files (x86)\Spybot - Search & Destroy\TeaTimer.exe (Safer-Networking Ltd.) PRC - C:\ASUS.SYS\CONFIG\DVMExportService.exe (DeviceVM) PRC - C:\Program Files (x86)\Canon\IJPLM\IJPLMSVC.EXE () PRC - C:\Program Files (x86)\Spybot - Search & Destroy\SDWinSec.exe (Safer Networking Ltd.) PRC - C:\Program Files (x86)\ROCCAT\Kone Mouse\osd.exe (ROCCAT) PRC - C:\Program Files (x86)\Creative\Sound Blaster X-Fi\Volume Panel\VolPanlu.exe (Creative Technology Ltd) PRC - C:\Program Files (x86)\Schmads Inc\G15_TeamSpeak\G15_TeamSpeak.exe () ========== Modules (SafeList) ========== MOD - C:\Users\Fischmoesi\Desktop\MFTools\OTL.exe (OldTimer Tools) MOD - C:\Windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7600.16661_none_420fe3fa2b8113bd\comctl32.dll (Microsoft Corporation) ========== Win32 Services (SafeList) ========== SRV:64bit: - (UxTuneUp) -- C:\Windows\SysNative\uxtuneup.dll (TuneUp Software) SRV:64bit: - (NisSrv) -- C:\Program Files\Microsoft Security Client\Antimalware\NisSrv.exe (Microsoft Corporation) SRV:64bit: - (MsMpSvc) -- C:\Program Files\Microsoft Security Client\Antimalware\MsMpEng.exe (Microsoft Corporation) SRV:64bit: - (FLEXnet Licensing Service 64) -- C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService64.exe (Acresso Software Inc.) SRV:64bit: - (LVPrcS64) -- C:\Program Files\Common Files\Logishrd\LVMVFM\LVPrcSrv.exe (Logitech Inc.) SRV:64bit: - (AppMgmt) -- C:\Windows\SysNative\appmgmts.dll (Microsoft Corporation) SRV:64bit: - (AEADIFilters) -- C:\Windows\SysNative\AEADISRV.EXE (Andrea Electronics Corporation) SRV - (TeamViewer6) -- C:\Program Files (x86)\TeamViewer\Version6\TeamViewer_Service.exe (TeamViewer GmbH) SRV - (Steam Client Service) -- C:\Program Files (x86)\Common Files\Steam\SteamService.exe (Valve Corporation) SRV - (Stereo Service) -- C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe (NVIDIA Corporation) SRV - (Apple Mobile Device) -- C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe (Apple Inc.) SRV - (MBAMService) -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe (Malwarebytes Corporation) SRV - (TuneUp.UtilitiesSvc) -- C:\Program Files (x86)\TuneUp Utilities 2011\TuneUpUtilitiesService64.exe (TuneUp Software) SRV - (UxTuneUp) -- C:\Windows\SysWOW64\uxtuneup.dll (TuneUp Software) SRV - (Creative ALchemy AL6 Licensing Service) -- C:\Program Files (x86)\Common Files\Creative Labs Shared\Service\AL6Licensing.exe (Creative Labs) SRV - (PnkBstrA) -- C:\Windows\SysWOW64\PnkBstrA.exe () SRV - (clr_optimization_v4.0.30319_32) -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe (Microsoft Corporation) SRV - (CTAudSvcService) -- C:\Program Files (x86)\Creative\Shared Files\CTAudSvc.exe (Creative Technology Ltd) SRV - (Creative Media Toolbox 6 Licensing Service) -- C:\Program Files (x86)\Common Files\Creative Labs Shared\Service\MT6Licensing.exe (Creative Labs) SRV - (Fabs) -- C:\Program Files (x86)\Common Files\MAGIX Services\Database\bin\FABS.exe (MAGIX AG) SRV - (clr_optimization_v2.0.50727_32) -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe (Microsoft Corporation) SRV - (AsSysCtrlService) -- C:\Program Files (x86)\ASUS\AsSysCtrlService\1.00.02\AsSysCtrlService.exe () SRV - (MDES) -- C:\ASUS.SYS\CONFIG\DVMExportService.exe (DeviceVM) SRV - (IJPLMSVC) -- C:\Program Files (x86)\Canon\IJPLM\IJPLMSVC.EXE () SRV - (SBSDWSCService) -- C:\Program Files (x86)\Spybot - Search & Destroy\SDWinSec.exe (Safer Networking Ltd.) SRV - (FirebirdServerMAGIXInstance) -- C:\Program Files (x86)\Common Files\MAGIX Services\Database\bin\fbserver.exe (MAGIX®) SRV - (AcronisOSSReinstallSvc) -- C:\Program Files (x86)\Common Files\Acronis\Acronis Disk Director\oss_reinstall_svc.exe () SRV - (KMService) -- C:\Windows\SysWOW64\srvany.exe () SRV - (Creative Audio Engine Licensing Service) -- C:\Program Files (x86)\Common Files\Creative Labs Shared\Service\CTAELicensing.exe (Creative Labs) ========== Driver Services (SafeList) ========== DRV:64bit: - (MBAMProtector) -- C:\Windows\SysNative\drivers\mbam.sys (Malwarebytes Corporation) DRV:64bit: - (NVHDA) -- C:\Windows\SysNative\drivers\nvhda64v.sys (NVIDIA Corporation) DRV:64bit: - (LVUVC64) Logitech QuickCam Pro 9000(UVC) -- C:\Windows\SysNative\drivers\lvuvc64.sys (Logitech Inc.) DRV:64bit: - (LVRS64) -- C:\Windows\SysNative\drivers\lvrs64.sys (Logitech Inc.) DRV:64bit: - (NisDrv) -- C:\Windows\SysNative\drivers\NisDrvWFP.sys (Microsoft Corporation) DRV:64bit: - (ElbyCDIO) -- C:\Windows\SysNative\drivers\ElbyCDIO.sys (Elaborate Bytes AG) DRV:64bit: - (USBAAPL64) -- C:\Windows\SysNative\drivers\usbaapl64.sys (Apple, Inc.) DRV:64bit: - (yukonw7) -- C:\Windows\SysNative\drivers\yk62x64.sys (Marvell) DRV:64bit: - (LVPr2Mon) -- C:\Windows\SysNative\drivers\LVPr2M64.sys () DRV:64bit: - (LVPr2M64) -- C:\Windows\SysNative\drivers\LVPr2M64.sys () DRV:64bit: - (acedrv11) -- C:\Windows\SysNative\drivers\acedrv11.sys (Protect Software GmbH) DRV:64bit: - (snapman) -- C:\Windows\SysNative\drivers\snapman.sys (Acronis) DRV:64bit: - (LGVirHid) -- C:\Windows\SysNative\drivers\LGVirHid.sys (Logitech Inc.) DRV:64bit: - (LGBusEnum) -- C:\Windows\SysNative\drivers\LGBusEnum.sys (Logitech Inc.) DRV:64bit: - (AnyDVD) -- C:\Windows\SysNative\drivers\AnyDVD.sys (SlySoft, Inc.) DRV:64bit: - (atksgt) -- C:\Windows\SysNative\drivers\atksgt.sys () DRV:64bit: - (lirsgt) -- C:\Windows\SysNative\drivers\lirsgt.sys () DRV:64bit: - (WmXlCore) -- C:\Windows\SysNative\drivers\WmXlCore.sys (Logitech Inc.) DRV:64bit: - (WmVirHid) -- C:\Windows\SysNative\drivers\WmVirHid.sys (Logitech Inc.) DRV:64bit: - (WmFilter) -- C:\Windows\SysNative\drivers\WmFilter.sys (Logitech Inc.) DRV:64bit: - (WmBEnum) -- C:\Windows\SysNative\drivers\WmBEnum.sys (Logitech Inc.) DRV:64bit: - (MTsensor) -- C:\Windows\SysNative\drivers\ASACPI.sys () DRV:64bit: - (ha20x22k) -- C:\Windows\SysNative\drivers\ha20x22k.sys (Creative Technology Ltd) DRV:64bit: - (ha20x2k) -- C:\Windows\SysNative\drivers\ha20x2k.sys (Creative Technology Ltd) DRV:64bit: - (emupia) -- C:\Windows\SysNative\drivers\emupia2k.sys (Creative Technology Ltd) DRV:64bit: - (ctsfm2k) -- C:\Windows\SysNative\drivers\ctsfm2k.sys (Creative Technology Ltd) DRV:64bit: - (ctprxy2k) -- C:\Windows\SysNative\drivers\ctprxy2k.sys (Creative Technology Ltd) DRV:64bit: - (ossrv) -- C:\Windows\SysNative\drivers\ctoss2k.sys (Creative Technology Ltd.) DRV:64bit: - (ctaud2k) Creative Audio Driver (WDM) -- C:\Windows\SysNative\drivers\ctaud2k.sys (Creative Technology Ltd) DRV:64bit: - (ctac32k) -- C:\Windows\SysNative\drivers\ctac32k.sys (Creative Technology Ltd) DRV:64bit: - (CTEXFIFX.SYS) -- C:\Windows\SysNative\drivers\CTEXFIFX.sys (Creative Technology Ltd.) DRV:64bit: - (CTEXFIFX) -- C:\Windows\SysNative\drivers\CTEXFIFX.sys (Creative Technology Ltd.) DRV:64bit: - (CTHWIUT.SYS) -- C:\Windows\SysNative\drivers\CTHWIUT.sys (Creative Technology Ltd.) DRV:64bit: - (CTHWIUT) -- C:\Windows\SysNative\drivers\CTHWIUT.sys (Creative Technology Ltd.) DRV:64bit: - (CT20XUT.SYS) -- C:\Windows\SysNative\drivers\CT20XUT.sys (Creative Technology Ltd.) DRV:64bit: - (CT20XUT) -- C:\Windows\SysNative\drivers\CT20XUT.sys (Creative Technology Ltd.) DRV:64bit: - (amdsata) -- C:\Windows\SysNative\drivers\amdsata.sys (Advanced Micro Devices) DRV:64bit: - (amdxata) -- C:\Windows\SysNative\drivers\amdxata.sys (Advanced Micro Devices) DRV:64bit: - (amdsbs) -- C:\Windows\SysNative\drivers\amdsbs.sys (AMD Technologies Inc.) DRV:64bit: - (LSI_SAS2) -- C:\Windows\SysNative\drivers\lsi_sas2.sys (LSI Corporation) DRV:64bit: - (HpSAMD) -- C:\Windows\SysNative\drivers\HpSAMD.sys (Hewlett-Packard Company) DRV:64bit: - (stexstor) -- C:\Windows\SysNative\drivers\stexstor.sys (Promise Technology) DRV:64bit: - (LUsbFilt) -- C:\Windows\SysNative\drivers\LUsbFilt.sys (Logitech, Inc.) DRV:64bit: - (LMouFilt) -- C:\Windows\SysNative\drivers\LMouFilt.Sys (Logitech, Inc.) DRV:64bit: - (LHidFilt) -- C:\Windows\SysNative\drivers\LHidFilt.Sys (Logitech, Inc.) DRV:64bit: - (Ntfs) -- C:\Windows\SysNative\wbem\ntfs.mof () DRV:64bit: - (ebdrv) -- C:\Windows\SysNative\drivers\evbda.sys (Broadcom Corporation) DRV:64bit: - (b06bdrv) -- C:\Windows\SysNative\drivers\bxvbda.sys (Broadcom Corporation) DRV:64bit: - (b57nd60a) -- C:\Windows\SysNative\drivers\b57nd60a.sys (Broadcom Corporation) DRV:64bit: - (hcw85cir) -- C:\Windows\SysNative\drivers\hcw85cir.sys (Hauppauge Computer Works, Inc.) DRV:64bit: - (ADIHdAudAddService) -- C:\Windows\SysNative\drivers\ADIHdAud.sys (Analog Devices, Inc.) DRV:64bit: - (GEARAspiWDM) -- C:\Windows\SysNative\drivers\GEARAspiWDM.sys (GEAR Software Inc.) DRV:64bit: - (mv61xx) -- C:\Windows\SysNative\drivers\mv61xx.sys (Marvell Semiconductor, Inc.) DRV:64bit: - (KoneFltr) -- C:\Windows\SysNative\drivers\Kone.sys (ROCCAT Ltd) DRV:64bit: - (OV550I) -- C:\Windows\SysNative\drivers\ov550ivx.sys (Omnivision Technologies, Inc.) DRV:64bit: - (SynUSB64) -- C:\Windows\SysNative\drivers\synUSB64.sys (SIA Syncrosoft) DRV:64bit: - (s117bus) Sony Ericsson Device 117 driver (WDM) -- C:\Windows\SysNative\drivers\s117bus.sys (MCCI Corporation) DRV:64bit: - (s117unic) Sony Ericsson Device 117 USB Ethernet Emulation SEMC117 (WDM) -- C:\Windows\SysNative\drivers\s117unic.sys (MCCI Corporation) DRV:64bit: - (s117obex) -- C:\Windows\SysNative\drivers\s117obex.sys (MCCI Corporation) DRV:64bit: - (s117nd5) Sony Ericsson Device 117 USB Ethernet Emulation SEMC117 (NDIS) -- C:\Windows\SysNative\drivers\s117nd5.sys (MCCI Corporation) DRV:64bit: - (s117mdm) -- C:\Windows\SysNative\drivers\s117mdm.sys (MCCI Corporation) DRV:64bit: - (s117mgmt) Sony Ericsson Device 117 USB WMC Device Management Drivers (WDM) -- C:\Windows\SysNative\drivers\s117mgmt.sys (MCCI Corporation) DRV:64bit: - (s117mdfl) -- C:\Windows\SysNative\drivers\s117mdfl.sys (MCCI Corporation) DRV:64bit: - (sptd) -- C:\Windows\SysNative\drivers\sptd.sys () DRV - (TuneUpUtilitiesDrv) -- C:\Program Files (x86)\TuneUp Utilities 2011\TuneUpUtilitiesDriver64.sys (TuneUp Software) DRV - (SAVRKBootTasks) -- C:\Windows\SysWOW64\SAVRKBootTasks.sys (Sophos Plc) DRV - (WinRing0_1_2_0) -- C:\Users\Fischmoesi\AppData\Local\Microsoft\Windows Sidebar\Gadgets\IntelCoreSeries24.gadget\WinRing0x64.sys (OpenLibSys.org) DRV - (AnyDVD) -- C:\Windows\SysWOW64\drivers\AnyDVD.sys (SlySoft, Inc.) DRV - (EverestDriver) -- C:\Program Files (x86)\Lavalys\EVEREST Ultimate Edition\kerneld.amd64 () DRV - (Aspi32) -- C:\Windows\SysWOW64\drivers\ASPI32.SYS (Adaptec) DRV - (Sentinel) -- C:\Windows\System32\Drivers\SENTINEL.SYS (Rainbow Technologies, Inc.) DRV - (Sntnlusb) -- C:\Windows\SysWOW64\drivers\SNTNLUSB.SYS (Rainbow Technologies Inc.) ========== Standard Registry (SafeList) ========== ========== Internet Explorer ========== IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.msn.com/ IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.msn.com/ IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = hxxp://de.msn.com/?ocid=iehp IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = de IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 84 7A 27 EC C9 FC CA 01 [binary data] IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 ========== FireFox ========== FF - prefs.js..browser.search.defaultenginename: "ICQ Search" FF - prefs.js..browser.search.defaultthis.engineName: "Winload Customized Web Search" FF - prefs.js..browser.search.defaulturl: "hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT2319825&SearchSource=3&q={searchTerms}" FF - prefs.js..browser.search.selectedEngine: "Google" FF - prefs.js..browser.search.useDBForOrder: true FF - prefs.js..browser.startup.homepage: "hxxp://www.google.de/" FF - prefs.js..extensions.enabledItems: {d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}:1.3.3 FF - prefs.js..extensions.enabledItems: {b8cbd8e0-e642-11dd-ba2f-0800200c9a66}:1.6 FF - prefs.js..extensions.enabledItems: {DDC359D1-844A-42a7-9AA1-88A850A938A8}:2.0 FF - prefs.js..extensions.enabledItems: personas@christopher.beard:1.6.1 FF - prefs.js..extensions.enabledItems: {B13721C7-F507-4982-B2E5-502A71474FED}:3.3.0.3971 FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}:6.0.20 FF - prefs.js..extensions.enabledItems: {E2883E8F-472F-4fb0-9522-AC9BF37916A7}:1.6.2.87 FF - prefs.js..extensions.enabledItems: fb_add_on@avm.de:1.5.5 FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA}:6.0.21 FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}:6.0.22 FF - prefs.js..extensions.enabledItems: {c0c9a2c7-2e5c-4447-bc53-97718bc91e1b}:4.0 FF - prefs.js..extensions.enabledItems: {800b5000-a755-47e1-992b-48a1c1357f07}:1.1.7 FF - prefs.js..extensions.enabledItems: quickstores@quickstores.de:1.2.0 FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA}:6.0.23 FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA}:6.0.24 FF - prefs.js..keyword.URL: "hxxp://search.icq.com/search/afe_results.php?ch_id=afex&tb_ver=1.1.7&q=" FF - HKLM\software\mozilla\Mozilla Firefox 3.6.13\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2011.02.03 18:38:33 | 000,000,000 | ---D | M] FF - HKLM\software\mozilla\Mozilla Firefox 3.6.13\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins [2011.02.03 18:38:36 | 000,000,000 | ---D | M] [2002.01.01 18:30:22 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Fischmoesi\AppData\Roaming\mozilla\Extensions [2011.02.17 20:33:36 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Fischmoesi\AppData\Roaming\mozilla\Firefox\Profiles\f1f48eki.default\extensions [2010.11.24 23:33:32 | 000,000,000 | ---D | M] ("ICQ Toolbar") -- C:\Users\Fischmoesi\AppData\Roaming\mozilla\Firefox\Profiles\f1f48eki.default\extensions\{800b5000-a755-47e1-992b-48a1c1357f07} [2010.01.24 20:18:11 | 000,000,000 | ---D | M] ("DHL Packstation Bestellhelfer") -- C:\Users\Fischmoesi\AppData\Roaming\mozilla\Firefox\Profiles\f1f48eki.default\extensions\{b8cbd8e0-e642-11dd-ba2f-0800200c9a66} [2010.12.15 20:25:57 | 000,000,000 | ---D | M] (Easy Youtube Video Downloader) -- C:\Users\Fischmoesi\AppData\Roaming\mozilla\Firefox\Profiles\f1f48eki.default\extensions\{c0c9a2c7-2e5c-4447-bc53-97718bc91e1b} [2011.01.12 22:43:56 | 000,000,000 | ---D | M] (Adblock Plus) -- C:\Users\Fischmoesi\AppData\Roaming\mozilla\Firefox\Profiles\f1f48eki.default\extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d} [2011.01.12 22:43:56 | 000,000,000 | ---D | M] (DownThemAll!) -- C:\Users\Fischmoesi\AppData\Roaming\mozilla\Firefox\Profiles\f1f48eki.default\extensions\{DDC359D1-844A-42a7-9AA1-88A850A938A8} [2010.08.24 19:54:12 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Fischmoesi\AppData\Roaming\mozilla\Firefox\Profiles\f1f48eki.default\extensions\{E2883E8F-472F-4fb0-9522-AC9BF37916A7} [2010.08.16 21:01:16 | 000,000,000 | ---D | M] ("FRITZ!Box AddOn") -- C:\Users\Fischmoesi\AppData\Roaming\mozilla\Firefox\Profiles\f1f48eki.default\extensions\fb_add_on@avm.de [2010.09.11 22:50:50 | 000,000,000 | ---D | M] (Personas) -- C:\Users\Fischmoesi\AppData\Roaming\mozilla\Firefox\Profiles\f1f48eki.default\extensions\personas@christopher.beard [2010.03.24 15:13:02 | 000,000,917 | ---- | M] () -- C:\Users\Fischmoesi\AppData\Roaming\Mozilla\Firefox\Profiles\f1f48eki.default\searchplugins\conduit.xml [2002.01.01 19:59:41 | 000,002,399 | ---- | M] () -- C:\Users\Fischmoesi\AppData\Roaming\Mozilla\Firefox\Profiles\f1f48eki.default\searchplugins\daemon-search.xml [2009.11.07 15:36:18 | 000,000,694 | ---- | M] () -- C:\Users\Fischmoesi\AppData\Roaming\Mozilla\Firefox\Profiles\f1f48eki.default\searchplugins\icq-search.xml [2010.01.07 23:31:46 | 000,000,961 | ---- | M] () -- C:\Users\Fischmoesi\AppData\Roaming\Mozilla\Firefox\Profiles\f1f48eki.default\searchplugins\icqplugin-1.xml [2010.01.21 20:37:02 | 000,000,950 | ---- | M] () -- C:\Users\Fischmoesi\AppData\Roaming\Mozilla\Firefox\Profiles\f1f48eki.default\searchplugins\icqplugin-2.xml [2010.02.08 17:37:25 | 000,000,950 | ---- | M] () -- C:\Users\Fischmoesi\AppData\Roaming\Mozilla\Firefox\Profiles\f1f48eki.default\searchplugins\icqplugin-3.xml [2010.04.04 17:22:25 | 000,000,950 | ---- | M] () -- C:\Users\Fischmoesi\AppData\Roaming\Mozilla\Firefox\Profiles\f1f48eki.default\searchplugins\icqplugin-4.xml [2010.12.13 18:46:25 | 000,000,950 | ---- | M] () -- C:\Users\Fischmoesi\AppData\Roaming\Mozilla\Firefox\Profiles\f1f48eki.default\searchplugins\icqplugin-5.xml [2010.08.01 16:24:42 | 000,000,168 | ---- | M] () -- C:\Users\Fischmoesi\AppData\Roaming\Mozilla\Firefox\Profiles\f1f48eki.default\searchplugins\icqplugin.gif [2010.08.01 16:24:42 | 000,000,618 | ---- | M] () -- C:\Users\Fischmoesi\AppData\Roaming\Mozilla\Firefox\Profiles\f1f48eki.default\searchplugins\icqplugin.src [2009.12.03 01:01:57 | 000,000,961 | ---- | M] () -- C:\Users\Fischmoesi\AppData\Roaming\Mozilla\Firefox\Profiles\f1f48eki.default\searchplugins\icqplugin.xml [2009.10.21 22:52:35 | 000,001,774 | ---- | M] () -- C:\Users\Fischmoesi\AppData\Roaming\Mozilla\Firefox\Profiles\f1f48eki.default\searchplugins\wowdbbuffedde.xml [2011.02.17 20:33:36 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\mozilla firefox\extensions [2002.01.02 19:24:34 | 000,000,000 | ---D | M] ("ICQ Toolbar") -- C:\Program Files (x86)\mozilla firefox\extensions\{800b5000-a755-47e1-992b-48a1c1357f07} [2010.05.04 20:44:42 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files (x86)\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA} [2010.09.20 17:07:12 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files (x86)\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA} [2010.10.26 16:55:52 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files (x86)\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA} [2010.12.20 17:12:53 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files (x86)\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA} [2011.02.16 19:53:23 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files (x86)\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA} [2010.12.04 16:37:41 | 000,000,000 | ---D | M] (QuickStores-Toolbar) -- C:\Program Files (x86)\mozilla firefox\extensions\quickstores@quickstores.de [2011.02.02 21:40:24 | 000,472,808 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files (x86)\mozilla firefox\plugins\npdeployJava1.dll [2010.11.25 13:49:56 | 000,167,704 | ---- | M] (Tracker Software Products Ltd.) -- C:\Program Files (x86)\mozilla firefox\plugins\npPDFXCviewNPPlugin.dll [2010.12.09 11:47:06 | 000,012,800 | ---- | M] (Nullsoft, Inc.) -- C:\Program Files (x86)\mozilla firefox\plugins\npwachk.dll [2010.10.05 18:45:24 | 000,001,392 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\amazondotcom-de.xml [2010.10.05 18:45:24 | 000,002,344 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\eBay-de.xml [2010.10.05 18:45:24 | 000,006,805 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\leo_ende_de.xml [2010.10.05 18:45:24 | 000,001,178 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\wikipedia-de.xml [2010.10.05 18:45:24 | 000,001,105 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\yahoo-de.xml O1 HOSTS File: ([2011.02.16 10:40:55 | 000,429,948 | R--- | M]) - C:\Windows\SysNative\drivers\etc\hosts O1 - Hosts: 127.0.0.1 www.007guard.com O1 - Hosts: 127.0.0.1 007guard.com O1 - Hosts: 127.0.0.1 008i.com O1 - Hosts: 127.0.0.1 www.008k.com O1 - Hosts: 127.0.0.1 008k.com O1 - Hosts: 127.0.0.1 www.00hq.com O1 - Hosts: 127.0.0.1 00hq.com O1 - Hosts: 127.0.0.1 010402.com O1 - Hosts: 127.0.0.1 www.032439.com O1 - Hosts: 127.0.0.1 032439.com O1 - Hosts: 127.0.0.1 www.0scan.com O1 - Hosts: 127.0.0.1 0scan.com O1 - Hosts: 127.0.0.1 1000gratisproben.com O1 - Hosts: 127.0.0.1 www.1000gratisproben.com O1 - Hosts: 127.0.0.1 1001namen.com O1 - Hosts: 127.0.0.1 www.1001namen.com O1 - Hosts: 127.0.0.1 100888290cs.com O1 - Hosts: 127.0.0.1 www.100888290cs.com O1 - Hosts: 127.0.0.1 www.100sexlinks.com O1 - Hosts: 127.0.0.1 100sexlinks.com O1 - Hosts: 127.0.0.1 10sek.com O1 - Hosts: 127.0.0.1 www.10sek.com O1 - Hosts: 127.0.0.1 www.1-2005-search.com O1 - Hosts: 127.0.0.1 1-2005-search.com O1 - Hosts: 127.0.0.1 123fporn.info O1 - Hosts: 14798 more lines... O2:64bit: - BHO: (Groove GFS Browser Helper) - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Programme\Microsoft Office\Office14\GROOVEEX.DLL (Microsoft Corporation) O2:64bit: - BHO: (Windows Live ID-Anmelde-Hilfsprogramm) - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Programme\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corporation) O2:64bit: - BHO: (Office Document Cache Handler) - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Programme\Microsoft Office\Office14\URLREDIR.DLL (Microsoft Corporation) O2 - BHO: (Canon Easy-WebPrint EX BHO) - {3785D0AD-BFFF-47F6-BF5B-A587C162FED9} - C:\Program Files (x86)\Canon\Easy-WebPrint EX\ewpexbho.dll (CANON INC.) O2 - BHO: (Spybot-S&D IE Protection) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~2\SPYBOT~1\SDHelper.dll (Safer Networking Limited) O2 - BHO: (Groove GFS Browser Helper) - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\PROGRA~2\MICROS~2\Office14\GROOVEEX.DLL (Microsoft Corporation) O2 - BHO: (Office Document Cache Handler) - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\PROGRA~2\MICROS~2\Office14\URLREDIR.DLL (Microsoft Corporation) O3:64bit: - HKLM\..\Toolbar: (no name) - {32099AAC-C132-4136-9E9A-4E364A424E17} - No CLSID value found. O3 - HKLM\..\Toolbar: (Canon Easy-WebPrint EX) - {759D9886-0C6F-4498-BAB6-4A5F47C6C72F} - C:\Program Files (x86)\Canon\Easy-WebPrint EX\ewpexhlp.dll (CANON INC.) O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {21FA44EF-376D-4D53-9B0F-8A89D3229068} - No CLSID value found. O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {32099AAC-C132-4136-9E9A-4E364A424E17} - No CLSID value found. O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - No CLSID value found. O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {56CF4856-ECB4-4E46-A897-A378821F97B9} - No CLSID value found. O3 - HKCU\..\Toolbar\WebBrowser: (Canon Easy-WebPrint EX) - {759D9886-0C6F-4498-BAB6-4A5F47C6C72F} - C:\Program Files (x86)\Canon\Easy-WebPrint EX\ewpexhlp.dll (CANON INC.) O4:64bit: - HKLM..\Run: [CanonMyPrinter] C:\Program Files\Canon\MyPrinter\BJMyPrt.exe (CANON INC.) O4:64bit: - HKLM..\Run: [Launch LCDMon] C:\Program Files\Logitech\GamePanel Software\LCD Manager\LCDMon.exe (Logitech Inc.) O4:64bit: - HKLM..\Run: [Launch LGDCore] C:\Program Files\Logitech\GamePanel Software\G-series Software\LGDCore.exe (Logitech Inc.) O4:64bit: - HKLM..\Run: [Launch LgDeviceAgent] C:\Program Files\Logitech\GamePanel Software\LgDevAgt.exe (Logitech Inc.) O4:64bit: - HKLM..\Run: [MSC] C:\Program Files\Microsoft Security Client\msseces.exe (Microsoft Corporation) O4:64bit: - HKLM..\Run: [Start WingMan Profiler] C:\Program Files\Logitech\Gaming Software\LWEMon.exe (Logitech Inc.) O4 - HKLM..\Run: [AppleSyncNotifier] C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleSyncNotifier.exe (Apple Inc.) O4 - HKLM..\Run: [IJNetworkScanUtility] C:\Program Files (x86)\Canon\Canon IJ Network Scan Utility\CNMNSUT.exe (CANON INC.) O4 - HKLM..\Run: [Kone] C:\Program Files (x86)\ROCCAT\Kone Mouse\KoneHID.EXE (ROCCAT) O4 - HKLM..\Run: [LWS] C:\Program Files (x86)\Logitech\LWS\Webcam Software\LWS.exe (Logitech Inc.) O4 - HKLM..\Run: [Malwarebytes' Anti-Malware] C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe (Malwarebytes Corporation) O4 - HKLM..\Run: [SoundMAXPnP] C:\Program Files (x86)\Analog Devices\Core\smax4pnp.exe (Analog Devices, Inc.) O4 - HKLM..\Run: [TurboV] C:\Program Files\ASUS\TurboV\TurboV.exe () O4 - HKLM..\Run: [VolPanel] C:\Program Files (x86)\Creative\Sound Blaster X-Fi\Volume Panel\VolPanlu.exe (Creative Technology Ltd) O4 - HKCU..\Run: [JFSW2Launch] C:\Users\Fischmoesi\AppData\Roaming\Transcend\JFSW2\JFSW2Launch.exe () O4 - HKCU..\Run: [SpybotSD TeaTimer] C:\Program Files (x86)\Spybot - Search & Destroy\TeaTimer.exe (Safer-Networking Ltd.) O4 - Startup: C:\Users\Fischmoesi\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\ERUNT AutoBackup.lnk = C:\Program Files (x86)\ERUNT\AUTOBACK.EXE () O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktopChanges = 1 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 255 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutorunSetting = 1 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 0 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: PromptOnSecureDesktop = 0 O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutorun = 0 O8 - Extra context menu item: Add to Google Photos Screensa&ver - C:\Windows\SysWow64\GPhotos.scr (Google Inc.) O9:64bit: - Extra Button: An OneNote senden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Programme\Microsoft Office\Office14\ONBttnIE.dll (Microsoft Corporation) O9:64bit: - Extra 'Tools' menuitem : An OneNote s&enden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Programme\Microsoft Office\Office14\ONBttnIE.dll (Microsoft Corporation) O9:64bit: - Extra Button: Verknüpfte &OneNote-Notizen - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Programme\Microsoft Office\Office14\ONBttnIELinkedNotes.dll (Microsoft Corporation) O9:64bit: - Extra 'Tools' menuitem : Verknüpfte &OneNote-Notizen - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Programme\Microsoft Office\Office14\ONBttnIELinkedNotes.dll (Microsoft Corporation) O9 - Extra 'Tools' menuitem : Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~2\SPYBOT~1\SDHelper.dll (Safer Networking Limited) O9 - Extra Button: ICQ6 - {E59EB121-F339-4851-A3BA-FE49C35617C2} - C:\Program Files (x86)\ICQ6.5\ICQ.exe (ICQ, LLC.) O9 - Extra 'Tools' menuitem : ICQ6 - {E59EB121-F339-4851-A3BA-FE49C35617C2} - C:\Program Files (x86)\ICQ6.5\ICQ.exe (ICQ, LLC.) O10:64bit: - NameSpace_Catalog5\Catalog_Entries\000000000010 [] - C:\Program Files (x86)\Bonjour\mdnsNSP.dll (Apple Inc.) O10 - NameSpace_Catalog5\Catalog_Entries\000000000010 [] - C:\Program Files (x86)\Bonjour\mdnsNSP.dll (Apple Inc.) O13 - gopher Prefix: missing O13 - gopher Prefix: missing O16 - DPF: {0D41B8C5-2599-4893-8183-00195EC8D5F9} hxxp://support.asus.com/common/asusTek_sys_ctrl.cab (asusTek_sysctrl Class) O16 - DPF: {1E54D648-B804-468d-BC78-4AFFED8E262F} hxxp://www.nvidia.com/content/DriverDownload/srl/3.0.0.4/srl_bin/sysreqlab_nvd.cab (System Requirements Lab Class) O16 - DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} hxxp://download.bitdefender.com/resources/scanner/sources/en/scan8/oscan8.cab (BDSCANONLINE Control) O16 - DPF: {6C269571-C6D7-4818-BCA4-32A035E8C884} hxxp://ccfiles.creative.com/Web/softwareupdate/su/ocx/15101/CTSUEng.cab (Creative Software AutoUpdate) O16 - DPF: {74DBCB52-F298-4110-951D-AD2FF67BC8AB} hxxp://www.nvidia.com/content/DriverDownload/nforce/NvidiaSmartScan.cab (NVIDIA Smart Scan) O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_24-windows-i586.cab (Java Plug-in 1.6.0_24) O16 - DPF: {CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_24-windows-i586.cab (Java Plug-in 1.6.0_24) O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_24-windows-i586.cab (Java Plug-in 1.6.0_24) O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} hxxp://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab (Shockwave Flash Object) O16 - DPF: {F6ACF75C-C32C-447B-9BEF-46B766368D29} hxxp://ccfiles.creative.com/Web/softwareupdate/su2/ocx/15112/CTPID.cab (Creative Software AutoUpdate Support Package) O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.178.1 O18:64bit: - Protocol\Handler\bwfile-8876480 {9462A756-7B47-47BC-8C80-C34B9B80B32B} - Reg Error: Key error. File not found O18:64bit: - Protocol\Handler\livecall {828030A1-22C1-4009-854F-8E305202313F} - Reg Error: Key error. File not found O18:64bit: - Protocol\Handler\ms-help {314111c7-a502-11d2-bbca-00c04f8ec294} - Reg Error: Key error. File not found O18:64bit: - Protocol\Handler\msnim {828030A1-22C1-4009-854F-8E305202313F} - Reg Error: Key error. File not found O18:64bit: - Protocol\Handler\mso-offdap11 {32505114-5902-49B2-880A-1F7738E5A384} - Reg Error: Key error. File not found O18:64bit: - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - Reg Error: Key error. File not found O18:64bit: - Protocol\Handler\wlmailhtml {03C514A3-1EFB-4856-9F99-10D7BE1653C0} - Reg Error: Key error. File not found O18 - Protocol\Handler\bwfile-8876480 {9462A756-7B47-47BC-8C80-C34B9B80B32B} - C:\Program Files (x86)\Logitech\Desktop Messenger\8876480\Program\GAPlugProtocol-8876480.dll (Logitech Inc.) O18 - Protocol\Handler\livecall {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~2\WIC4A1~1\MESSEN~1\MSGRAP~1.DLL (Microsoft Corporation) O18 - Protocol\Handler\msnim {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~2\WIC4A1~1\MESSEN~1\MSGRAP~1.DLL (Microsoft Corporation) O18 - Protocol\Handler\mso-offdap11 {32505114-5902-49B2-880A-1F7738E5A384} - C:\PROGRA~2\COMMON~1\MICROS~1\WEBCOM~1\11\OWC11.DLL (Microsoft Corporation) O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~2\COMMON~1\Skype\SKYPE4~1.DLL (Skype Technologies) O18:64bit: - Protocol\Filter\text/xml {807573E5-5146-11D5-A672-00B0D022E945} - C:\Programme\Common Files\Microsoft Shared\OFFICE14\MSOXMLMF.DLL (Microsoft Corporation) O20:64bit: - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation) O20:64bit: - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\Windows\SysNative\SystemPropertiesPerformance.exe (Microsoft Corporation) O20:64bit: - HKLM Winlogon: VMApplet - (/pagefile) - File not found O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation) O20 - HKLM Winlogon: VMApplet - (/pagefile) - File not found O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - CLSID or File not found. O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - CLSID or File not found. O28:64bit: - HKLM ShellExecuteHooks: {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - C:\Programme\Microsoft Office\Office14\GROOVEEX.DLL (Microsoft Corporation) O28 - HKLM ShellExecuteHooks: {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - C:\PROGRA~2\MICROS~2\Office14\GROOVEEX.DLL (Microsoft Corporation) O32 - HKLM CDRom: AutoRun - 1 O33 - MountPoints2\{6d38ee41-fee9-11d5-83bc-90e6ba1f9b88}\Shell - "" = AutoRun O33 - MountPoints2\{6d38ee41-fee9-11d5-83bc-90e6ba1f9b88}\Shell\AutoRun\command - "" = J:\Borderlands.exe O33 - MountPoints2\{a2e953b3-fec8-11d5-ba7c-806e6f6e6963}\Shell - "" = AutoRun O33 - MountPoints2\{a2e953b3-fec8-11d5-ba7c-806e6f6e6963}\Shell\AutoRun\command - "" = D:\autorun.exe O34 - HKLM BootExecute: (autocheck autochk *) - File not found O35:64bit: - HKLM\..comfile [open] -- "%1" %* O35:64bit: - HKLM\..exefile [open] -- "%1" %* O35 - HKLM\..comfile [open] -- "%1" %* O35 - HKLM\..exefile [open] -- "%1" %* O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %* O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %* O37 - HKLM\...com [@ = comfile] -- "%1" %* O37 - HKLM\...exe [@ = exefile] -- "%1" %* ========== Files/Folders - Created Within 30 Days ========== [2011.02.18 18:41:09 | 000,000,000 | ---D | C] -- C:\Device [2011.02.18 18:31:59 | 000,000,000 | -HSD | C] -- C:\Config.Msi [2011.02.17 18:26:26 | 000,000,000 | ---D | C] -- C:\Windows\ERDNT [2011.02.17 18:23:58 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ERUNT [2011.02.17 18:23:58 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\ERUNT [2011.02.17 11:02:59 | 000,000,000 | ---D | C] -- C:\Users\Fischmoesi\Desktop\MFTools [2011.02.16 21:19:12 | 000,000,000 | ---D | C] -- C:\ProgramData\Norton [2011.02.16 21:19:09 | 000,000,000 | ---D | C] -- C:\Users\Fischmoesi\AppData\Local\NPE [2011.02.16 21:18:31 | 006,100,408 | ---- | C] (Symantec Corporation) -- C:\Users\Fischmoesi\Desktop\NPE.exe [2011.02.16 19:53:57 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Java [2011.02.16 19:53:20 | 000,157,472 | ---- | C] (Sun Microsystems, Inc.) -- C:\Windows\SysWow64\javaws.exe [2011.02.16 19:53:20 | 000,145,184 | ---- | C] (Sun Microsystems, Inc.) -- C:\Windows\SysWow64\javaw.exe [2011.02.16 19:53:20 | 000,145,184 | ---- | C] (Sun Microsystems, Inc.) -- C:\Windows\SysWow64\java.exe [2011.02.16 11:54:27 | 000,034,624 | ---- | C] (TuneUp Software) -- C:\Windows\SysNative\TURegOpt.exe [2011.02.16 11:54:26 | 000,036,160 | ---- | C] (TuneUp Software) -- C:\Windows\SysNative\uxtuneup.dll [2011.02.16 11:54:26 | 000,029,504 | ---- | C] (TuneUp Software) -- C:\Windows\SysWow64\uxtuneup.dll [2011.02.16 11:54:26 | 000,025,920 | ---- | C] (TuneUp Software) -- C:\Windows\SysNative\authuitu.dll [2011.02.16 11:54:26 | 000,021,312 | ---- | C] (TuneUp Software) -- C:\Windows\SysWow64\authuitu.dll [2011.02.16 11:54:25 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\TuneUp Utilities 2011 [2011.02.16 11:54:20 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\TuneUp Utilities 2011 [2011.02.16 07:33:00 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Spybot - Search & Destroy [2011.02.15 23:25:52 | 000,000,000 | ---D | C] -- C:\Users\Fischmoesi\Documents\Meine empfangenen Dateien [2011.02.15 23:06:53 | 000,264,192 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\upnp.dll [2011.02.15 23:06:53 | 000,204,288 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\upnp.dll [2011.02.15 23:06:51 | 000,100,864 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\davclnt.dll [2011.02.15 23:06:51 | 000,062,976 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\wscapi.dll [2011.02.15 23:06:50 | 000,080,384 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\davclnt.dll [2011.02.15 23:06:50 | 000,051,200 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\wscapi.dll [2011.02.15 23:06:50 | 000,015,360 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\slwga.dll [2011.02.15 23:06:50 | 000,014,336 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\slwga.dll [2011.02.15 23:06:47 | 005,510,528 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ntoskrnl.exe [2011.02.15 23:06:47 | 001,739,176 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ntdll.dll [2011.02.15 23:06:46 | 003,957,120 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ntkrnlpa.exe [2011.02.15 23:06:46 | 003,901,824 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ntoskrnl.exe [2011.02.15 23:06:41 | 000,366,080 | ---- | C] (Adobe Systems Incorporated) -- C:\Windows\SysNative\atmfd.dll [2011.02.15 23:06:41 | 000,294,400 | ---- | C] (Adobe Systems Incorporated) -- C:\Windows\SysWow64\atmfd.dll [2011.02.15 23:06:41 | 000,214,016 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\winsrv.dll [2011.02.15 23:06:40 | 000,046,080 | ---- | C] (Adobe Systems) -- C:\Windows\SysNative\atmlib.dll [2011.02.15 23:06:40 | 000,034,304 | ---- | C] (Adobe Systems) -- C:\Windows\SysWow64\atmlib.dll [2011.02.15 22:12:28 | 003,695,416 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ieapfltr.dat [2011.02.15 22:12:28 | 001,426,432 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\inetcpl.cpl [2011.02.15 22:12:28 | 000,580,096 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\msfeeds.dll [2011.02.15 22:12:28 | 000,434,176 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ieapfltr.dll [2011.02.15 22:12:28 | 000,367,104 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\html.iec [2011.02.15 22:12:28 | 000,353,792 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\dxtmsft.dll [2011.02.15 22:12:28 | 000,231,936 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\url.dll [2011.02.15 22:12:28 | 000,227,840 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ieaksie.dll [2011.02.15 22:12:28 | 000,223,744 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\dxtrans.dll [2011.02.15 22:12:28 | 000,176,640 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ieui.dll [2011.02.15 22:12:28 | 000,162,304 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\msrating.dll [2011.02.15 22:12:28 | 000,161,280 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\msls31.dll [2011.02.15 22:12:28 | 000,152,064 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\wextract.exe [2011.02.15 22:12:28 | 000,150,528 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\iexpress.exe [2011.02.15 22:12:28 | 000,142,848 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ieUnatt.exe [2011.02.15 22:12:28 | 000,130,560 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ieakeng.dll [2011.02.15 22:12:28 | 000,123,392 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\occache.dll [2011.02.15 22:12:28 | 000,110,592 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\IEAdvpack.dll [2011.02.15 22:12:28 | 000,101,888 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\admparse.dll [2011.02.15 22:12:28 | 000,086,528 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\iesysprep.dll [2011.02.15 22:12:28 | 000,078,848 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\inseng.dll [2011.02.15 22:12:28 | 000,076,800 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\SetIEInstalledDate.exe [2011.02.15 22:12:28 | 000,074,752 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\RegisterIEPKEYs.exe [2011.02.15 22:12:28 | 000,074,752 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\iesetup.dll [2011.02.15 22:12:28 | 000,074,240 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ie4uinit.exe [2011.02.15 22:12:28 | 000,072,704 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\mshtmled.dll [2011.02.15 22:12:28 | 000,066,048 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\icardie.dll [2011.02.15 22:12:28 | 000,063,488 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\tdc.ocx [2011.02.15 22:12:28 | 000,054,272 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\pngfilt.dll [2011.02.15 22:12:28 | 000,048,640 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\mshtmler.dll [2011.02.15 22:12:28 | 000,031,744 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\iernonce.dll [2011.02.15 22:12:28 | 000,023,552 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\licmgr10.dll [2011.02.15 22:12:27 | 002,272,768 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\jscript9.dll [2011.02.15 22:12:27 | 001,791,488 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\jscript9.dll [2011.02.15 22:12:27 | 000,817,664 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\jscript.dll [2011.02.15 22:12:27 | 000,716,800 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\jscript.dll [2011.02.15 22:12:27 | 000,267,776 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ieaksie.dll [2011.02.15 22:12:27 | 000,248,320 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ieui.dll [2011.02.15 22:12:27 | 000,222,208 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\msls31.dll [2011.02.15 22:12:27 | 000,197,120 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\msrating.dll [2011.02.15 22:12:27 | 000,173,056 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ieUnatt.exe [2011.02.15 22:12:27 | 000,163,840 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ieakui.dll [2011.02.15 22:12:27 | 000,163,840 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ieakui.dll [2011.02.15 22:12:27 | 000,160,256 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ieakeng.dll [2011.02.15 22:12:27 | 000,149,504 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\occache.dll [2011.02.15 22:12:27 | 000,145,408 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\iepeers.dll [2011.02.15 22:12:27 | 000,135,168 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\IEAdvpack.dll [2011.02.15 22:12:27 | 000,117,760 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\iepeers.dll [2011.02.15 22:12:27 | 000,114,176 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\admparse.dll [2011.02.15 22:12:27 | 000,111,616 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\iesysprep.dll [2011.02.15 22:12:27 | 000,091,648 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\SetIEInstalledDate.exe [2011.02.15 22:12:27 | 000,089,088 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\RegisterIEPKEYs.exe [2011.02.15 22:12:27 | 000,076,800 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\tdc.ocx [2011.02.15 22:12:27 | 000,065,024 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\pngfilt.dll [2011.02.15 22:12:27 | 000,049,664 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\imgutil.dll [2011.02.15 22:12:27 | 000,048,640 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\mshtmler.dll [2011.02.15 22:12:27 | 000,035,840 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\imgutil.dll [2011.02.15 22:12:27 | 000,012,288 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\mshta.exe [2011.02.15 22:12:27 | 000,010,240 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\msfeedssync.exe [2011.02.15 22:12:27 | 000,010,240 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\msfeedssync.exe [2011.02.15 22:12:26 | 003,695,416 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ieapfltr.dat [2011.02.15 22:12:26 | 001,490,944 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\inetcpl.cpl [2011.02.15 22:12:26 | 000,696,832 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\msfeeds.dll [2011.02.15 22:12:26 | 000,603,648 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\vbscript.dll [2011.02.15 22:12:26 | 000,534,528 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ieapfltr.dll [2011.02.15 22:12:26 | 000,453,632 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\dxtmsft.dll [2011.02.15 22:12:26 | 000,448,512 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\html.iec [2011.02.15 22:12:26 | 000,282,624 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\dxtrans.dll [2011.02.15 22:12:26 | 000,236,544 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\url.dll [2011.02.15 22:12:26 | 000,165,888 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\iexpress.exe [2011.02.15 22:12:26 | 000,160,256 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\wextract.exe [2011.02.15 22:12:26 | 000,103,936 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\inseng.dll [2011.02.15 22:12:26 | 000,096,256 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\mshtmled.dll [2011.02.15 22:12:26 | 000,089,088 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ie4uinit.exe [2011.02.15 22:12:26 | 000,085,504 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\iesetup.dll [2011.02.15 22:12:26 | 000,082,432 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\icardie.dll [2011.02.15 22:12:26 | 000,039,936 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\iernonce.dll [2011.02.15 22:12:26 | 000,030,720 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\licmgr10.dll [2011.02.15 22:10:45 | 000,265,088 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\dxgmms1.sys [2011.02.15 22:10:45 | 000,144,384 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\cdd.dll [2011.02.15 22:09:42 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Feedback Tool [2011.02.14 21:14:05 | 000,018,816 | ---- | C] (Sophos Plc) -- C:\Windows\SysWow64\SAVRKBootTasks.sys [2011.02.14 18:59:07 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Sophos [2011.02.14 18:59:07 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Sophos [2011.02.11 21:55:37 | 000,000,000 | ---D | C] -- C:\Users\Fischmoesi\AppData\Roaming\Unity [2011.02.11 17:58:55 | 000,000,000 | ---D | C] -- C:\Users\Fischmoesi\AppData\Roaming\vlc [2011.02.11 17:58:46 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\VideoLAN [2011.02.10 20:06:45 | 000,000,000 | ---D | C] -- C:\Users\Fischmoesi\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\HiJackThis [2011.02.10 20:06:44 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\TrendMicro [2011.02.10 06:45:42 | 000,000,000 | ---D | C] -- C:\Users\Fischmoesi\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Google Chrome [2011.02.09 21:56:59 | 000,000,000 | ---D | C] -- C:\Users\Fischmoesi\AppData\Local\Unity [2011.02.08 21:27:20 | 000,000,000 | ---D | C] -- C:\ProgramData\Kaspersky Lab [2011.02.05 09:11:16 | 000,000,000 | ---D | C] -- C:\Users\Fischmoesi\Documents\PhatHack Media Manager [2011.02.05 09:10:03 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\PhatHack [2011.02.05 09:10:00 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\PhatHack [2011.02.04 19:09:06 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Microsoft Security Client [2011.02.04 19:08:58 | 000,000,000 | ---D | C] -- C:\Programme\Microsoft Security Client [2011.02.04 19:08:45 | 000,374,664 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\netio.sys [2011.02.03 21:43:46 | 000,000,000 | ---D | C] -- C:\ProgramData\Spybot - Search & Destroy [2011.02.03 21:43:46 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Spybot - Search & Destroy [2011.02.03 00:54:55 | 000,000,000 | ---D | C] -- C:\ProgramData\SecTaskMan [2011.02.03 00:54:53 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Security Task Manager [2011.02.03 00:54:52 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Security Task Manager [2011.01.31 19:18:48 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\iTunes [2011.01.31 19:18:27 | 000,000,000 | ---D | C] -- C:\Programme\iPod [2011.01.31 19:18:26 | 000,000,000 | ---D | C] -- C:\Programme\iTunes [2011.01.27 19:31:44 | 000,049,752 | ---- | C] (Sunbelt Software) -- C:\Windows\SysNative\drivers\SBREDrv.sys [2011.01.27 19:19:17 | 000,000,000 | ---D | C] -- C:\Users\Fischmoesi\AppData\Local\Sunbelt Software [2011.01.27 19:18:48 | 000,000,000 | ---D | C] -- C:\ProgramData\Lavasoft [2011.01.27 19:01:30 | 000,000,000 | ---D | C] -- C:\Users\Fischmoesi\AppData\Roaming\Malwarebytes [2011.01.27 19:01:26 | 000,038,224 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\SysWow64\drivers\mbamswissarmy.sys [2011.01.27 19:01:26 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes' Anti-Malware [2011.01.27 19:01:25 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes [2011.01.27 19:01:23 | 000,024,152 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\SysNative\drivers\mbam.sys [2011.01.27 19:01:22 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Malwarebytes' Anti-Malware [2011.01.26 21:44:52 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Earth [2011.01.26 20:37:51 | 000,000,000 | ---D | C] -- C:\Users\Fischmoesi\Desktop\backups [2011.01.26 20:33:37 | 000,388,608 | ---- | C] (Trend Micro Inc.) -- C:\Users\Fischmoesi\Desktop\HiJackThis204.exe [2011.01.20 20:13:39 | 020,471,912 | ---- | C] (NVIDIA Corporation) -- C:\Windows\SysNative\nvoglv64.dll [2011.01.20 20:13:39 | 018,580,072 | ---- | C] (NVIDIA Corporation) -- C:\Windows\SysNative\nvcompiler.dll [2011.01.20 20:13:39 | 015,047,272 | ---- | C] (NVIDIA Corporation) -- C:\Windows\SysWow64\nvoglv32.dll [2011.01.20 20:13:39 | 013,011,560 | ---- | C] (NVIDIA Corporation) -- C:\Windows\SysWow64\nvcompiler.dll [2011.01.20 20:13:39 | 006,604,904 | ---- | C] (NVIDIA Corporation) -- C:\Windows\SysNative\nvcuda.dll [2011.01.20 20:13:39 | 005,653,096 | ---- | C] (NVIDIA Corporation) -- C:\Windows\SysWow64\nvwgf2um.dll [2011.01.20 20:13:39 | 004,941,928 | ---- | C] (NVIDIA Corporation) -- C:\Windows\SysWow64\nvcuda.dll [2011.01.20 20:13:39 | 003,112,040 | ---- | C] (NVIDIA Corporation) -- C:\Windows\SysNative\nvcuvid.dll [2011.01.20 20:13:39 | 002,895,976 | ---- | C] (NVIDIA Corporation) -- C:\Windows\SysWow64\nvcuvid.dll [2011.01.20 20:13:39 | 002,479,720 | ---- | C] (NVIDIA Corporation) -- C:\Windows\SysNative\nvcuvenc.dll [2011.01.20 20:13:39 | 002,251,368 | ---- | C] (NVIDIA Corporation) -- C:\Windows\SysWow64\nvcuvenc.dll [2011.01.20 20:13:39 | 001,614,440 | ---- | C] (NVIDIA Corporation) -- C:\Windows\SysNative\nvdispco642090.dll [2011.01.20 20:13:39 | 001,359,976 | ---- | C] (NVIDIA Corporation) -- C:\Windows\SysNative\nvgenco64hda.dll [2011.01.20 20:13:39 | 001,359,976 | ---- | C] (NVIDIA Corporation) -- C:\Windows\SysNative\nvgenco642040.dll [2011.01.20 20:13:39 | 000,155,752 | ---- | C] (NVIDIA Corporation) -- C:\Windows\SysNative\drivers\nvhda64v.sys [2011.01.20 20:13:39 | 000,067,176 | ---- | C] (Khronos Group) -- C:\Windows\SysNative\OpenCL.dll [2011.01.20 20:13:39 | 000,057,960 | ---- | C] (Khronos Group) -- C:\Windows\SysWow64\OpenCL.dll [2011.01.20 20:13:39 | 000,029,288 | ---- | C] (NVIDIA Corporation) -- C:\Windows\SysNative\nvhdap64.dll [2011.01.20 20:13:39 | 000,011,240 | ---- | C] (NVIDIA Corporation) -- C:\Windows\SysNative\drivers\nvBridge.kmd [2011.01.20 19:56:04 | 000,000,000 | ---D | C] -- C:\Windows\SysWow64\logishrd [2011.01.20 19:56:04 | 000,000,000 | ---D | C] -- C:\Windows\SysNative\logishrd [2011.01.20 19:55:53 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\LWS [2011.01.20 19:42:06 | 000,021,712 | ---- | C] (Phoenix Technologies) -- C:\Windows\SysWow64\drivers\DrvAgent64.SYS [2011.01.20 19:42:06 | 000,000,000 | ---D | C] -- C:\Users\Fischmoesi\AppData\Local\eSupport.com [2009.07.14 00:30:56 | 000,014,336 | ---- | C] ( ) -- C:\Windows\SysWow64\a3d.dll ========== Files - Modified Within 30 Days ========== [2011.02.18 18:49:00 | 000,001,138 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-1220478906-1765848077-1096141842-1001UA.job [2011.02.18 18:44:15 | 000,001,112 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job [2011.02.18 18:44:00 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat [2011.02.18 18:43:55 | 1066,754,046 | -HS- | M] () -- C:\hiberfil.sys [2011.02.18 18:42:42 | 000,063,896 | ---- | M] () -- C:\Windows\SysNative\BMXStateBkp-{00000001-00000000-00000000-00001102-0000000B-00431102}.rfx [2011.02.18 18:42:42 | 000,063,896 | ---- | M] () -- C:\Windows\SysNative\BMXState-{00000001-00000000-00000000-00001102-0000000B-00431102}.rfx [2011.02.18 18:42:42 | 000,000,820 | ---- | M] () -- C:\Windows\SysNative\DVCState-{00000001-00000000-00000000-00001102-0000000B-00431102}.rfx [2011.02.18 18:42:39 | 000,014,016 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0 [2011.02.18 18:42:39 | 000,014,016 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0 [2011.02.18 18:42:38 | 000,000,177 | -H-- | M] () -- C:\dvmexp.idx [2011.02.18 18:42:22 | 000,034,232 | ---- | M] () -- C:\Users\Fischmoesi\Documents\cc_20110218_184218.reg [2011.02.18 18:36:43 | 000,994,979 | ---- | M] () -- C:\ProgramData\bdinstall.bin [2011.02.18 17:52:00 | 000,001,116 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job [2011.02.18 06:49:00 | 000,001,086 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-1220478906-1765848077-1096141842-1001Core.job [2011.02.17 18:26:17 | 000,001,108 | ---- | M] () -- C:\Users\Fischmoesi\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\ERUNT AutoBackup.lnk [2011.02.17 18:26:15 | 000,000,928 | ---- | M] () -- C:\Users\Fischmoesi\Desktop\NTREGOPT.lnk [2011.02.17 18:26:15 | 000,000,909 | ---- | M] () -- C:\Users\Fischmoesi\Desktop\ERUNT.lnk [2011.02.16 21:47:35 | 001,628,456 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI [2011.02.16 21:47:35 | 000,702,424 | ---- | M] () -- C:\Windows\SysNative\perfh007.dat [2011.02.16 21:47:35 | 000,657,136 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat [2011.02.16 21:47:35 | 000,150,120 | ---- | M] () -- C:\Windows\SysNative\perfc007.dat [2011.02.16 21:47:35 | 000,122,908 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat [2011.02.16 21:31:48 | 000,429,948 | ---- | M] () -- C:\Windows\SysNative\drivers\etc\hosts.bak [2011.02.16 21:31:48 | 000,000,054 | ---- | M] () -- C:\Windows\SysNative\drivers\etc\hosts.smr [2011.02.16 20:18:02 | 000,001,090 | ---- | M] () -- C:\Users\Public\Desktop\TeamViewer 6.lnk [2011.02.16 11:54:26 | 000,002,213 | ---- | M] () -- C:\Users\Public\Desktop\TuneUp 1-Klick-Wartung.lnk [2011.02.16 11:54:26 | 000,002,193 | ---- | M] () -- C:\Users\Public\Desktop\TuneUp Utilities 2011.lnk [2011.02.16 10:40:55 | 000,429,948 | R--- | M] () -- C:\Windows\SysNative\drivers\etc\hosts [2011.02.16 07:35:46 | 000,429,948 | R--- | M] () -- C:\Windows\SysNative\drivers\etc\hosts.20110216-104055.backup [2011.02.16 07:33:03 | 000,001,262 | ---- | M] () -- C:\Users\Fischmoesi\Desktop\Spybot - Search & Destroy.lnk [2011.02.15 23:28:21 | 000,514,064 | ---- | M] () -- C:\Windows\SysNative\FNTCACHE.DAT [2011.02.15 22:44:51 | 000,000,983 | ---- | M] () -- C:\Users\Public\Desktop\Winamp.lnk [2011.02.15 22:12:29 | 000,161,280 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\msls31.dll [2011.02.15 22:12:28 | 003,695,416 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\ieapfltr.dat [2011.02.15 22:12:28 | 001,426,432 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\inetcpl.cpl [2011.02.15 22:12:28 | 000,580,096 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\msfeeds.dll [2011.02.15 22:12:28 | 000,434,176 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\ieapfltr.dll [2011.02.15 22:12:28 | 000,367,104 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\html.iec [2011.02.15 22:12:28 | 000,353,792 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\dxtmsft.dll [2011.02.15 22:12:28 | 000,231,936 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\url.dll [2011.02.15 22:12:28 | 000,227,840 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\ieaksie.dll [2011.02.15 22:12:28 | 000,223,744 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\dxtrans.dll [2011.02.15 22:12:28 | 000,176,640 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\ieui.dll [2011.02.15 22:12:28 | 000,163,840 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\ieakui.dll [2011.02.15 22:12:28 | 000,162,304 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\msrating.dll [2011.02.15 22:12:28 | 000,152,064 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\wextract.exe [2011.02.15 22:12:28 | 000,150,528 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\iexpress.exe [2011.02.15 22:12:28 | 000,142,848 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\ieUnatt.exe [2011.02.15 22:12:28 | 000,130,560 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\ieakeng.dll [2011.02.15 22:12:28 | 000,123,392 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\occache.dll [2011.02.15 22:12:28 | 000,110,592 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\IEAdvpack.dll [2011.02.15 22:12:28 | 000,101,888 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\admparse.dll [2011.02.15 22:12:28 | 000,086,528 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\iesysprep.dll [2011.02.15 22:12:28 | 000,078,848 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\inseng.dll [2011.02.15 22:12:28 | 000,076,800 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\SetIEInstalledDate.exe [2011.02.15 22:12:28 | 000,074,752 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\RegisterIEPKEYs.exe [2011.02.15 22:12:28 | 000,074,752 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\iesetup.dll [2011.02.15 22:12:28 | 000,074,240 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\ie4uinit.exe [2011.02.15 22:12:28 | 000,072,822 | ---- | M] () -- C:\Windows\SysWow64\ieuinit.inf [2011.02.15 22:12:28 | 000,072,704 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\mshtmled.dll [2011.02.15 22:12:28 | 000,066,048 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\icardie.dll [2011.02.15 22:12:28 | 000,063,488 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\tdc.ocx [2011.02.15 22:12:28 | 000,054,272 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\pngfilt.dll [2011.02.15 22:12:28 | 000,048,640 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\mshtmler.dll [2011.02.15 22:12:28 | 000,031,744 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\iernonce.dll [2011.02.15 22:12:28 | 000,023,552 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\licmgr10.dll [2011.02.15 22:12:27 | 002,272,768 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\jscript9.dll [2011.02.15 22:12:27 | 001,791,488 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\jscript9.dll [2011.02.15 22:12:27 | 000,817,664 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\jscript.dll [2011.02.15 22:12:27 | 000,716,800 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\jscript.dll [2011.02.15 22:12:27 | 000,267,776 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\ieaksie.dll [2011.02.15 22:12:27 | 000,248,320 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\ieui.dll [2011.02.15 22:12:27 | 000,222,208 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\msls31.dll [2011.02.15 22:12:27 | 000,197,120 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\msrating.dll [2011.02.15 22:12:27 | 000,173,056 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\ieUnatt.exe [2011.02.15 22:12:27 | 000,163,840 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\ieakui.dll [2011.02.15 22:12:27 | 000,160,256 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\ieakeng.dll [2011.02.15 22:12:27 | 000,149,504 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\occache.dll [2011.02.15 22:12:27 | 000,145,408 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\iepeers.dll [2011.02.15 22:12:27 | 000,135,168 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\IEAdvpack.dll [2011.02.15 22:12:27 | 000,117,760 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\iepeers.dll [2011.02.15 22:12:27 | 000,114,176 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\admparse.dll [2011.02.15 22:12:27 | 000,111,616 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\iesysprep.dll [2011.02.15 22:12:27 | 000,091,648 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\SetIEInstalledDate.exe [2011.02.15 22:12:27 | 000,089,088 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\RegisterIEPKEYs.exe [2011.02.15 22:12:27 | 000,076,800 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\tdc.ocx [2011.02.15 22:12:27 | 000,065,024 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\pngfilt.dll [2011.02.15 22:12:27 | 000,049,664 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\imgutil.dll [2011.02.15 22:12:27 | 000,048,640 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\mshtmler.dll [2011.02.15 22:12:27 | 000,035,840 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\imgutil.dll [2011.02.15 22:12:27 | 000,012,288 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\mshta.exe [2011.02.15 22:12:27 | 000,010,240 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\msfeedssync.exe [2011.02.15 22:12:27 | 000,010,240 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\msfeedssync.exe [2011.02.15 22:12:26 | 003,695,416 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\ieapfltr.dat [2011.02.15 22:12:26 | 001,490,944 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\inetcpl.cpl [2011.02.15 22:12:26 | 000,696,832 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\msfeeds.dll [2011.02.15 22:12:26 | 000,603,648 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\vbscript.dll [2011.02.15 22:12:26 | 000,534,528 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\ieapfltr.dll [2011.02.15 22:12:26 | 000,453,632 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\dxtmsft.dll [2011.02.15 22:12:26 | 000,448,512 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\html.iec [2011.02.15 22:12:26 | 000,282,624 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\dxtrans.dll [2011.02.15 22:12:26 | 000,236,544 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\url.dll [2011.02.15 22:12:26 | 000,165,888 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\iexpress.exe [2011.02.15 22:12:26 | 000,160,256 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\wextract.exe [2011.02.15 22:12:26 | 000,103,936 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\inseng.dll [2011.02.15 22:12:26 | 000,096,256 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\mshtmled.dll [2011.02.15 22:12:26 | 000,089,088 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\ie4uinit.exe [2011.02.15 22:12:26 | 000,085,504 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\iesetup.dll [2011.02.15 22:12:26 | 000,082,432 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\icardie.dll [2011.02.15 22:12:26 | 000,072,822 | ---- | M] () -- C:\Windows\SysNative\ieuinit.inf [2011.02.15 22:12:26 | 000,039,936 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\iernonce.dll [2011.02.15 22:12:26 | 000,030,720 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\licmgr10.dll [2011.02.15 22:10:45 | 000,265,088 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\dxgmms1.sys [2011.02.15 22:10:45 | 000,144,384 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\cdd.dll [2011.02.12 12:34:18 | 000,472,080 | ---- | M] () -- C:\Users\Fischmoesi\Desktop\Load.exe [2011.02.12 03:49:43 | 000,002,426 | ---- | M] () -- C:\Users\Fischmoesi\Desktop\Google Chrome.lnk [2011.02.11 17:58:46 | 000,001,070 | ---- | M] () -- C:\Users\Public\Desktop\VLC media player.lnk [2011.02.11 17:53:29 | 000,002,198 | ---- | M] () -- C:\Windows\epplauncher.mif [2011.02.11 06:32:30 | 000,000,017 | ---- | M] () -- C:\Users\Fischmoesi\Desktop\stinger10101361.opt [2011.02.10 20:06:45 | 000,002,997 | ---- | M] () -- C:\Users\Fischmoesi\Desktop\HiJackThis.lnk [2011.02.10 20:03:42 | 000,022,092 | ---- | M] () -- C:\Users\Fischmoesi\Documents\cc_20110210_200338.reg [2011.02.09 22:13:19 | 000,001,429 | ---- | M] () -- C:\ProgramData\search_result.xml [2011.02.06 16:28:14 | 000,004,096 | ---- | M] () -- C:\Users\Public\Documents\00001811.LCS [2011.02.06 16:17:48 | 000,001,392 | ---- | M] () -- C:\Users\Fischmoesi\Desktop\Emergency 2012.lnk [2011.02.05 09:31:21 | 000,000,026 | ---- | M] () -- C:\Windows\PhatMan.INI [2011.02.05 09:13:29 | 000,000,026 | ---- | M] () -- C:\Windows\BasicMan.INI [2011.02.04 19:09:15 | 001,650,042 | ---- | M] () -- C:\Windows\SysWow64\PerfStringBackup.INI [2011.02.04 19:03:20 | 000,041,500 | ---- | M] () -- C:\Users\Fischmoesi\Documents\cc_20110204_190316.reg [2011.02.03 22:21:45 | 000,429,816 | R--- | M] () -- C:\Windows\SysNative\drivers\etc\hosts.20110216-073546.backup [2011.02.03 11:42:29 | 000,004,936 | ---- | M] () -- C:\Users\Fischmoesi\Documents\cc_20110203_114224.reg [2011.02.02 21:40:39 | 000,157,472 | ---- | M] (Sun Microsystems, Inc.) -- C:\Windows\SysWow64\javaws.exe [2011.02.02 21:40:38 | 000,145,184 | ---- | M] (Sun Microsystems, Inc.) -- C:\Windows\SysWow64\javaw.exe [2011.02.02 21:40:36 | 000,145,184 | ---- | M] (Sun Microsystems, Inc.) -- C:\Windows\SysWow64\java.exe [2011.02.02 21:40:23 | 000,472,808 | ---- | M] (Sun Microsystems, Inc.) -- C:\Windows\SysWow64\deployJava1.dll [2011.01.31 19:18:48 | 000,001,783 | ---- | M] () -- C:\Users\Public\Desktop\iTunes.lnk [2011.01.27 19:31:44 | 000,049,752 | ---- | M] (Sunbelt Software) -- C:\Windows\SysNative\drivers\SBREDrv.sys [2011.01.27 19:01:26 | 000,001,113 | ---- | M] () -- C:\Users\Public\Desktop\Malwarebytes' Anti-Malware.lnk [2011.01.26 21:44:52 | 000,002,288 | ---- | M] () -- C:\Users\Public\Desktop\Google Earth.lnk [2011.01.26 21:40:20 | 000,222,424 | -H-- | M] () -- C:\Windows\SysWow64\mlfcache.dat [2011.01.26 20:50:16 | 000,091,232 | ---- | M] () -- C:\Users\Fischmoesi\Documents\cc_20110126_205011.reg [2011.01.26 20:47:37 | 000,001,021 | ---- | M] () -- C:\Users\Public\Desktop\CCleaner.lnk [2011.01.26 17:59:52 | 000,015,160 | ---- | M] () -- C:\Users\Fischmoesi\Documents\Lebenslauf Kerstin.docx [2011.01.26 17:32:26 | 000,013,894 | ---- | M] () -- C:\Users\Fischmoesi\Documents\Kündigung Kerstin Herbort.docx [2011.01.26 06:45:15 | 000,493,912 | ---- | M] () -- C:\Users\Fischmoesi\Desktop\OG.pdf [2011.01.20 20:39:20 | 000,001,769 | ---- | M] () -- C:\Windows\Language_trs.ini [2011.01.20 20:24:08 | 000,000,121 | ---- | M] () -- C:\Windows\bdagent.INI [2011.01.20 19:56:27 | 000,000,000 | ---- | M] () -- C:\Windows\SysNative\drivers\lvuvc.hs [2011.01.20 19:55:42 | 000,001,624 | ---- | M] () -- C:\Users\Public\Desktop\Logitech Webcam Software .lnk [2011.01.20 19:42:06 | 000,021,712 | ---- | M] (Phoenix Technologies) -- C:\Windows\SysWow64\drivers\DrvAgent64.SYS ========== Files Created - No Company Name ========== [2011.02.18 18:42:19 | 000,034,232 | ---- | C] () -- C:\Users\Fischmoesi\Documents\cc_20110218_184218.reg [2011.02.17 18:24:02 | 000,001,108 | ---- | C] () -- C:\Users\Fischmoesi\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\ERUNT AutoBackup.lnk [2011.02.17 18:23:58 | 000,000,928 | ---- | C] () -- C:\Users\Fischmoesi\Desktop\NTREGOPT.lnk [2011.02.17 18:23:58 | 000,000,909 | ---- | C] () -- C:\Users\Fischmoesi\Desktop\ERUNT.lnk [2011.02.17 11:02:28 | 000,472,080 | ---- | C] () -- C:\Users\Fischmoesi\Desktop\Load.exe [2011.02.16 11:54:26 | 000,002,213 | ---- | C] () -- C:\Users\Public\Desktop\TuneUp 1-Klick-Wartung.lnk [2011.02.16 11:54:26 | 000,002,193 | ---- | C] () -- C:\Users\Public\Desktop\TuneUp Utilities 2011.lnk [2011.02.16 11:54:25 | 000,002,205 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\TuneUp Utilities 2011.lnk [2011.02.16 07:33:03 | 000,001,262 | ---- | C] () -- C:\Users\Fischmoesi\Desktop\Spybot - Search & Destroy.lnk [2011.02.15 22:12:28 | 000,072,822 | ---- | C] () -- C:\Windows\SysWow64\ieuinit.inf [2011.02.15 22:12:26 | 000,072,822 | ---- | C] () -- C:\Windows\SysNative\ieuinit.inf [2011.02.11 17:58:46 | 000,001,070 | ---- | C] () -- C:\Users\Public\Desktop\VLC media player.lnk [2011.02.10 20:03:40 | 000,022,092 | ---- | C] () -- C:\Users\Fischmoesi\Documents\cc_20110210_200338.reg [2011.02.10 06:45:45 | 000,002,426 | ---- | C] () -- C:\Users\Fischmoesi\Desktop\Google Chrome.lnk [2011.02.10 06:44:16 | 000,001,138 | ---- | C] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-1220478906-1765848077-1096141842-1001UA.job [2011.02.10 06:44:16 | 000,001,086 | ---- | C] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-1220478906-1765848077-1096141842-1001Core.job [2011.02.09 22:13:18 | 000,001,429 | ---- | C] () -- C:\ProgramData\search_result.xml [2011.02.09 06:32:54 | 000,000,017 | ---- | C] () -- C:\Users\Fischmoesi\Desktop\stinger10101361.opt [2011.02.07 21:45:21 | 000,008,192 | ---- | C] () -- C:\Windows\SysWow64\srvany.exe [2011.02.05 09:14:39 | 000,000,026 | ---- | C] () -- C:\Windows\PhatMan.INI [2011.02.05 09:13:29 | 000,000,026 | ---- | C] () -- C:\Windows\BasicMan.INI [2011.02.04 19:09:01 | 000,001,897 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Security Essentials.lnk [2011.02.04 19:03:18 | 000,041,500 | ---- | C] () -- C:\Users\Fischmoesi\Documents\cc_20110204_190316.reg [2011.02.04 18:57:32 | 000,002,198 | ---- | C] () -- C:\Windows\epplauncher.mif [2011.02.03 11:42:26 | 000,004,936 | ---- | C] () -- C:\Users\Fischmoesi\Documents\cc_20110203_114224.reg [2011.01.31 19:18:48 | 000,001,783 | ---- | C] () -- C:\Users\Public\Desktop\iTunes.lnk [2011.01.27 19:01:26 | 000,001,113 | ---- | C] () -- C:\Users\Public\Desktop\Malwarebytes' Anti-Malware.lnk [2011.01.26 21:44:52 | 000,002,288 | ---- | C] () -- C:\Users\Public\Desktop\Google Earth.lnk [2011.01.26 20:50:13 | 000,091,232 | ---- | C] () -- C:\Users\Fischmoesi\Documents\cc_20110126_205011.reg [2011.01.26 17:59:51 | 000,015,160 | ---- | C] () -- C:\Users\Fischmoesi\Documents\Lebenslauf Kerstin.docx [2011.01.26 17:32:26 | 000,013,894 | ---- | C] () -- C:\Users\Fischmoesi\Documents\Kündigung Kerstin Herbort.docx [2011.01.26 06:45:15 | 000,493,912 | ---- | C] () -- C:\Users\Fischmoesi\Desktop\OG.pdf [2011.01.20 20:39:20 | 000,001,769 | ---- | C] () -- C:\Windows\Language_trs.ini [2011.01.20 19:55:42 | 000,001,624 | ---- | C] () -- C:\Users\Public\Desktop\Logitech Webcam Software .lnk [2011.01.09 14:29:41 | 000,000,121 | ---- | C] () -- C:\Windows\bdagent.INI [2010.12.31 12:51:55 | 000,994,979 | ---- | C] () -- C:\ProgramData\bdinstall.bin [2010.11.13 22:51:39 | 000,000,043 | -HS- | C] () -- C:\ProgramData\.zreglib [2010.11.10 03:45:30 | 010,871,128 | ---- | C] () -- C:\Windows\SysWow64\LogiDPP.dll [2010.11.10 03:45:20 | 000,316,248 | ---- | C] () -- C:\Windows\SysWow64\DevManagerCore.dll [2010.10.14 01:36:44 | 000,179,263 | ---- | C] () -- C:\Windows\SysWow64\xlive.dll.cat [2010.08.24 21:46:48 | 000,016,070 | ---- | C] () -- C:\Windows\German2.ini [2010.08.12 21:03:13 | 000,000,400 | ---- | C] () -- C:\Windows\g_oirotq399.ini [2010.08.12 19:48:59 | 000,081,920 | ---- | C] () -- C:\Windows\SysWow64\acedrv07.dll [2010.07.09 20:04:40 | 000,041,872 | ---- | C] () -- C:\Windows\SysWow64\xfcodec.dll [2010.05.26 21:58:50 | 000,004,076 | -HS- | C] () -- C:\ProgramData\KGyGaAvL.sys [2010.05.26 21:58:50 | 000,000,008 | RHS- | C] () -- C:\ProgramData\CD25BC2C3C.sys [2010.04.20 18:21:19 | 000,120,200 | ---- | C] () -- C:\Windows\SysWow64\DLLDEV32i.dll [2010.03.25 17:51:00 | 000,197,120 | ---- | C] () -- C:\Windows\patchw32.dll [2010.02.16 22:03:13 | 000,000,025 | ---- | C] () -- C:\Users\Fischmoesi\AppData\Roaming\bdfvconp.ini [2010.01.27 19:28:11 | 000,000,000 | ---- | C] () -- C:\Windows\eDrawingOfficeAutomator.INI [2009.11.02 20:17:29 | 001,650,042 | ---- | C] () -- C:\Windows\SysWow64\PerfStringBackup.INI [2009.10.26 22:16:32 | 000,047,104 | ---- | C] () -- C:\Windows\SysWow64\wh2robo.dll [2009.10.26 22:16:32 | 000,036,352 | ---- | C] () -- C:\Windows\SysWow64\sx32w.dll [2009.10.26 22:12:28 | 000,000,571 | ---- | C] () -- C:\Windows\SysWow64\FeMakro.ini [2009.10.26 22:12:28 | 000,000,497 | ---- | C] () -- C:\Windows\SysWow64\FeAnim.ini [2009.10.24 19:36:53 | 000,000,059 | ---- | C] () -- C:\Windows\cdplayer.ini [2009.10.22 20:15:56 | 000,143,872 | ---- | C] () -- C:\Windows\SysWow64\libmpeg2_ff.dll [2009.10.22 20:01:22 | 004,835,652 | ---- | C] () -- C:\Windows\SysWow64\libavcodec.dll [2009.10.17 00:58:06 | 000,183,296 | ---- | C] () -- C:\Windows\SysWow64\ff_samplerate.dll [2009.10.17 00:57:06 | 000,146,944 | ---- | C] () -- C:\Windows\SysWow64\ff_tremor.dll [2009.10.17 00:04:24 | 000,178,688 | ---- | C] () -- C:\Windows\SysWow64\ff_libmad.dll [2009.10.17 00:04:08 | 000,113,152 | ---- | C] () -- C:\Windows\SysWow64\ff_unrar.dll [2009.10.17 00:03:48 | 000,257,024 | ---- | C] () -- C:\Windows\SysWow64\ff_libdts.dll [2009.10.17 00:03:44 | 000,142,848 | ---- | C] () -- C:\Windows\SysWow64\ff_liba52.dll [2009.10.17 00:03:40 | 000,484,864 | ---- | C] () -- C:\Windows\SysWow64\ff_libfaad2.dll [2009.10.16 23:10:10 | 000,281,748 | ---- | C] () -- C:\Windows\SysWow64\ff_kernelDeint.dll [2009.10.16 21:53:32 | 000,100,864 | ---- | C] () -- C:\Windows\SysWow64\ff_wmv9.dll [2009.10.16 21:53:20 | 000,085,504 | ---- | C] () -- C:\Windows\SysWow64\ff_vfw.dll [2009.10.16 20:40:42 | 000,957,047 | ---- | C] () -- C:\Windows\SysWow64\ff_x264.dll [2009.10.16 20:38:20 | 000,914,464 | ---- | C] () -- C:\Windows\SysWow64\xvidcore.dll [2009.10.16 20:35:50 | 000,311,204 | ---- | C] () -- C:\Windows\SysWow64\TomsMoComp_ff.dll [2009.10.16 20:08:54 | 000,611,638 | ---- | C] () -- C:\Windows\SysWow64\libmplayer.dll [2009.10.16 20:04:28 | 001,632,375 | ---- | C] () -- C:\Windows\SysWow64\ffmpegmt.dll [2009.10.11 17:47:07 | 000,000,029 | ---- | C] () -- C:\Windows\sfbm.INI [2009.07.14 01:14:20 | 000,027,839 | ---- | C] () -- C:\Windows\SysWow64\instwdm.ini [2009.07.14 00:42:10 | 000,064,000 | ---- | C] () -- C:\Windows\SysWow64\BWContextHandler.dll [2009.07.14 00:28:04 | 000,002,560 | ---- | C] () -- C:\Windows\SysWow64\CtxfiRes.dll [2009.07.13 22:03:59 | 000,364,544 | ---- | C] () -- C:\Windows\SysWow64\msjetoledb40.dll [2009.05.26 12:12:38 | 000,000,285 | ---- | C] () -- C:\Windows\SysWow64\kill.ini [2009.01.10 23:17:32 | 000,163,840 | ---- | C] () -- C:\Windows\SysWow64\ts.dll [2009.01.10 23:16:56 | 000,148,480 | ---- | C] () -- C:\Windows\SysWow64\mkx.dll [2009.01.10 23:16:50 | 000,108,032 | ---- | C] () -- C:\Windows\SysWow64\avi.dll [2009.01.10 23:16:14 | 000,141,312 | ---- | C] () -- C:\Windows\SysWow64\mp4.dll [2009.01.10 23:15:54 | 000,120,832 | ---- | C] () -- C:\Windows\SysWow64\ogm.dll [2009.01.10 23:15:44 | 000,159,744 | ---- | C] () -- C:\Windows\SysWow64\mmfinfo.dll [2009.01.10 23:15:32 | 000,102,400 | ---- | C] () -- C:\Windows\SysWow64\avss.dll [2009.01.10 23:15:28 | 000,246,784 | ---- | C] () -- C:\Windows\SysWow64\dxr.dll [2009.01.10 23:15:12 | 000,097,280 | ---- | C] () -- C:\Windows\SysWow64\avs.dll [2009.01.10 23:14:08 | 000,079,360 | ---- | C] () -- C:\Windows\SysWow64\mkzlib.dll [2009.01.10 23:14:06 | 000,023,552 | ---- | C] () -- C:\Windows\SysWow64\mkunicode.dll [2009.01.05 15:44:10 | 000,000,453 | ---- | C] () -- C:\Windows\bdoscandellang.ini [2008.12.03 23:11:50 | 000,180,224 | ---- | C] () -- C:\Windows\SysWow64\xvidvfw.dll [2008.12.01 18:32:32 | 000,362,029 | ---- | C] () -- C:\Windows\SysWow64\sqlite3.dll [2008.11.06 17:37:32 | 003,596,288 | ---- | C] () -- C:\Windows\SysWow64\qt-dx331.dll [2007.12.28 08:22:02 | 000,010,296 | ---- | C] () -- C:\Windows\SysWow64\drivers\ASUSHWIO.SYS [2007.10.13 10:30:20 | 000,000,137 | ---- | C] () -- C:\Windows\SysWow64\Registration.ini [2007.08.21 20:46:34 | 000,059,160 | ---- | C] () -- C:\Windows\SysWow64\zlib.dll [2007.03.12 17:59:00 | 000,299,008 | ---- | C] () -- C:\Program Files (x86)\navigram_register.exe [2002.01.01 21:30:25 | 000,003,972 | ---- | C] () -- C:\Windows\SysWow64\drivers\PciBus.sys [2002.01.01 18:52:56 | 000,000,283 | ---- | C] () -- C:\Windows\game.ini [2002.01.01 18:16:50 | 000,024,576 | ---- | C] () -- C:\Windows\SysWow64\AsIO.dll [2002.01.01 18:16:50 | 000,013,440 | ---- | C] () -- C:\Windows\SysWow64\drivers\AsIO.sys [2002.01.01 18:06:19 | 000,034,729 | ---- | C] () -- C:\Windows\Ascd_log.ini [2002.01.01 18:05:42 | 000,025,106 | ---- | C] () -- C:\Windows\Ascd_tmp.ini [2002.01.01 16:10:04 | 000,166,912 | ---- | C] () -- C:\Windows\SysWow64\APOMngr.DLL [2002.01.01 16:10:04 | 000,073,728 | ---- | C] () -- C:\Windows\SysWow64\CmdRtr.DLL [2002.01.01 16:09:51 | 000,000,054 | ---- | C] () -- C:\Windows\SysWow64\ctzapxx.ini [2002.01.01 16:09:27 | 000,002,560 | ---- | C] () -- C:\Windows\SysWow64\CTXFIGER.DLL ========== Files - Unicode (All) ========== [2011.02.18 18:36:43 | 000,000,000 | ---- | M] ()(C:\Windows\SysNative\?????) -- C:\Windows\SysNative\獷楬汢捯污 [2011.02.18 18:31:44 | 000,000,000 | ---- | C] ()(C:\Windows\SysNative\?????) -- C:\Windows\SysNative\獷楬汢捯污 ========== Alternate Data Streams ========== @Alternate Data Stream - 295 bytes -> C:\ProgramData\TEMP:8FF81EB0 @Alternate Data Stream - 10 bytes -> C:\Users\Fischmoesi\Desktop\SWGameDE.exe:BDU < End of report > Code:
ATTFilter OTL Extras logfile created on: 18.02.2011 18:46:51 - Run 4
OTL by OldTimer - Version 3.2.20.6 Folder = C:\Users\Fischmoesi\Desktop\MFTools
64bit- Ultimate Edition (Version = 6.1.7600) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8080.16413)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
12,00 Gb Total Physical Memory | 10,00 Gb Available Physical Memory | 81,00% Memory free
24,00 Gb Paging File | 22,00 Gb Available in Paging File | 90,00% Paging File free
Paging file location(s): c:\pagefile.sys 0 0 [binary data]
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 139,64 Gb Total Space | 53,07 Gb Free Space | 38,00% Space Free | Partition Type: NTFS
Drive E: | 279,46 Gb Total Space | 35,98 Gb Free Space | 12,87% Space Free | Partition Type: NTFS
Drive F: | 931,50 Gb Total Space | 195,23 Gb Free Space | 20,96% Space Free | Partition Type: NTFS
Drive G: | 931,51 Gb Total Space | 737,13 Gb Free Space | 79,13% Space Free | Partition Type: NTFS
Drive H: | 298,09 Gb Total Space | 65,23 Gb Free Space | 21,88% Space Free | Partition Type: NTFS
Drive K: | 149,00 Gb Total Space | 50,46 Gb Free Space | 33,86% Space Free | Partition Type: FAT32
Computer Name: AQUARIUM | User Name: Fischmoesi | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Include 64bit Scans
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
========== Extra Registry (SafeList) ==========
========== File Associations ==========
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.url[@ = InternetShortcut] -- C:\Windows\SysNative\rundll32.exe (Microsoft Corporation)
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- C:\Windows\SysWow64\control.exe (Microsoft Corporation)
[HKEY_CURRENT_USER\SOFTWARE\Classes\<extension>]
.html [@ = FirefoxHTML] -- C:\Program Files (x86)\Mozilla Firefox\firefox.exe (Mozilla Corporation)
========== Shell Spawning ==========
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %* File not found
cmdfile [open] -- "%1" %* File not found
comfile [open] -- "%1" %* File not found
exefile [open] -- "%1" %* File not found
helpfile [open] -- Reg Error: Key error.
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
InternetShortcut [open] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\ieframe.dll",OpenURL %l (Microsoft Corporation)
InternetShortcut [print] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\mshtml.dll",PrintHTML "%1" (Microsoft Corporation)
piffile [open] -- "%1" %* File not found
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1" File not found
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l File not found
scrfile [open] -- "%1" /S File not found
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1 File not found
Directory [AddToPlaylistVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" ()
Directory [CEWE FOTOSCHAU] -- "C:\Program Files (x86)\dm\dm-Fotowelt\CEWE FOTOSCHAU.exe" -d "%1" ()
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [dm-Fotowelt] -- "C:\Program Files (x86)\dm\dm-Fotowelt\dm-Fotowelt.exe" "%1" ()
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [PlayWithVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" ()
Directory [Winamp.Bookmark] -- "C:\Program Files (x86)\Winamp\winamp.exe" /BOOKMARK "%1" (Nullsoft, Inc.)
Directory [Winamp.Enqueue] -- "C:\Program Files (x86)\Winamp\winamp.exe" /ADD "%1" (Nullsoft, Inc.)
Directory [Winamp.Play] -- "C:\Program Files (x86)\Winamp\winamp.exe" "%1" (Nullsoft, Inc.)
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [AddToPlaylistVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" ()
Directory [CEWE FOTOSCHAU] -- "C:\Program Files (x86)\dm\dm-Fotowelt\CEWE FOTOSCHAU.exe" -d "%1" ()
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [dm-Fotowelt] -- "C:\Program Files (x86)\dm\dm-Fotowelt\dm-Fotowelt.exe" "%1" ()
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [PlayWithVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" ()
Directory [Winamp.Bookmark] -- "C:\Program Files (x86)\Winamp\winamp.exe" /BOOKMARK "%1" (Nullsoft, Inc.)
Directory [Winamp.Enqueue] -- "C:\Program Files (x86)\Winamp\winamp.exe" /ADD "%1" (Nullsoft, Inc.)
Directory [Winamp.Play] -- "C:\Program Files (x86)\Winamp\winamp.exe" "%1" (Nullsoft, Inc.)
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
========== Security Center Settings ==========
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"VistaSp1" = 28 4D B2 76 41 04 CA 01 [binary data]
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
========== Firewall Settings ==========
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
========== Authorized Applications List ==========
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]
"C:\Program Files (x86)\Logitech\Logitech Harmony Remote Software 7\HarmonyRemote.exe" = C:\Program Files (x86)\Logitech\Logitech Harmony Remote Software 7\HarmonyRemote.exe:*:Enabled:Logitech Harmony Remote Software 7 -- ()
"C:\Program Files (x86)\Logitech\Logitech Harmony Remote Software 7\HarmonyRemote.exe" = C:\Program Files (x86)\Logitech\Logitech Harmony Remote Software 7\HarmonyRemote.exe:*:Enabled:Logitech Harmony Remote Software 7 -- ()
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
"C:\Program Files (x86)\Logitech\Logitech Harmony Remote Software 7\HarmonyRemote.exe" = C:\Program Files (x86)\Logitech\Logitech Harmony Remote Software 7\HarmonyRemote.exe:*:Enabled:Logitech Harmony Remote Software 7 -- ()
"C:\Program Files (x86)\Logitech\Logitech Harmony Remote Software 7\HarmonyRemote.exe" = C:\Program Files (x86)\Logitech\Logitech Harmony Remote Software 7\HarmonyRemote.exe:*:Enabled:Logitech Harmony Remote Software 7 -- ()
========== HKEY_LOCAL_MACHINE Uninstall List ==========
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{02382870-19C7-3ACD-BBAE-F6E3760947DC}" = Microsoft .NET Framework 4 Extended DEU Language Pack
"{071c9b48-7c32-4621-a0ac-3f809523288f}" = Microsoft Visual C++ 2005 Redistributable (x64)
"{0E3DAF3D-FF69-345A-A99E-1FED304CA083}" = Microsoft .NET Framework 4 Client Profile DEU Language Pack
"{1199FAD5-9546-44f3-81CF-FFDB8040B7BF}_Canon_MP560_series" = Canon MP560 series MP Drivers
"{138A4072-9E64-46BD-B5F9-DB2BB395391F}" = LWS VideoEffects
"{41BF0DE4-5BAE-4B88-AFD3-86A30B222186}" = Bonjour
"{4B6C7001-C7D6-3710-913E-5BC23FCE91E6}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148
"{542DDF04-9F91-4F36-B2F4-2638B788A4C8}" = Microsoft Visual Studio 2005 Remote Debugger Light (x64) - ENU
"{56F26668-13DA-497A-883F-61434A10CBAB}" = MobileMe Control Panel
"{639673E9-D53F-44F4-A046-485C8A6ADA16}" = Paint.NET v3.5.6
"{774088D4-0777-4D78-904D-E435B318F5D2}" = Microsoft Antimalware
"{7782916E-3D46-4F1F-AC4B-3FB9D17049F4}" = Microsoft Antimalware Service DE-DE Language Pack
"{77B8B4A5-EE79-4907-A318-2DA86325B8D7}" = iTunes
"{7E265513-8CDA-4631-B696-F40D983F3B07}_is1" = CDBurnerXP
"{8220EEFE-38CD-377E-8595-13398D740ACE}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17
"{8E34682C-8118-31F1-BC4C-98CD9675E1C2}" = Microsoft .NET Framework 4 Extended
"{90140000-002A-0000-1000-0000000FF1CE}" = Microsoft Office Office 64-bit Components 2010
"{90140000-002A-0407-1000-0000000FF1CE}" = Microsoft Office Shared 64-bit MUI (German) 2010
"{95120000-00B9-0409-1000-0000000FF1CE}" = Microsoft Application Error Reporting
"{96F1BA99-300F-4DD5-A26B-788EF63B53B1}" = Logitech Gaming Software 5.08
"{9B48B0AC-C813-4174-9042-476A887592C7}" = Windows Live ID-Anmelde-Assistent
"{A1E85B9A-AFAD-4D38-AF01-6B020DD5213A}" = Logitech GamePanel Software 3.06.109
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.3DVision" = NVIDIA 3D Vision Treiber 266.58
"{B2FE1952-0186-46c3-BAEC-A80AA35AC5B8}_Display.ControlPanel" = NVIDIA Systemsteuerung 266.58
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Driver" = NVIDIA Grafiktreiber 266.58
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.PhysX" = NVIDIA PhysX-Systemsoftware 9.10.0514
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_HDAudio.Driver" = NVIDIA HD-Audiotreiber 1.1.13.1
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_installer" = NVIDIA Install Application
"{B6E3757B-5E77-3915-866A-CCFC4B8D194C}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x64 8.0.50727.4053
"{E5C95CA5-4565-4B9D-97ED-05088D775614}" = Apple Mobile Device Support
"{E77543EE-6FB5-4FF6-AB70-635392C8C756}" = Microsoft Security Client
"{EE936C7A-EA40-31D5-9B65-8E3E089C3828}" = Microsoft Visual C++ 2008 ATL Update kb973924 - x64 9.0.30729.4148
"{F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4}" = Microsoft .NET Framework 4 Client Profile
"{F84D9B9F-3A33-4115-981F-8FDDBF42ED4D}" = PDF-XChange Viewer
"{FCAB9F73-BF5D-4E3D-92E7-B0F35C568F20}" = Microsoft Security Client DE-DE Language Pack
"CCleaner" = CCleaner
"lvdrivers_12.10" = Logitech Webcam Software-Treiberpaket
"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile
"Microsoft .NET Framework 4 Client Profile DEU Language Pack" = Microsoft .NET Framework 4 Client Profile DEU Language Pack
"Microsoft .NET Framework 4 Extended" = Microsoft .NET Framework 4 Extended
"Microsoft .NET Framework 4 Extended DEU Language Pack" = Microsoft .NET Framework 4 Extended DEU Language Pack
"Microsoft Security Client" = Microsoft Security Essentials
"Microsoft Visual Studio 2005 Remote Debugger Light (x64) - ENU" = Microsoft Visual Studio 2005 Remote Debugger Light (x64) - ENU
"TeamSpeak 3 Client" = TeamSpeak 3 Client
"WinRAR archiver" = WinRAR
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{002D9D5E-29BA-3E6D-9BC4-3D7D6DBC735C}" = Microsoft Visual C++ 2008 ATL Update kb973924 - x86 9.0.30729.4148
"{00406322-04F7-44D0-94DA-13D07F73B2F2}" = MAGIX Fotos auf CD & DVD 10 Deluxe Download-Version
"{048298C9-A4D3-490B-9FF9-AB023A9238F3}" = Steam
"{050C1C8E-4A4D-4C2F-B9AE-67E60EE91B7F}" = Call of Duty(R) 4 - Modern Warfare(TM) 1.3 Patch
"{0513EE35-E0FB-4166-B663-BD1AE3A803DE}" = Anno 1404
"{063E409E-3D7C-4A4A-95AB-2F124B9224B3}" = ArcSoft PhotoImpression 6
"{0761C9A8-8F3A-4216-B4A7-B7AFBF24A24A}" = HiJackThis
"{08610298-29AE-445B-B37D-EFBE05802967}" = LWS Pictures And Video
"{08B3869E-D282-424C-9AFC-870E04A4BA14}" = Rockstar Games Social Club
"{0D005F09-A5F4-473B-A901-5735C6AF5628}" = Silent Hunter 4 Wolves of the Pacific
"{0DD140D3-9563-481E-AA75-BA457CBDAEF2}" = PC Inspector File Recovery
"{1161D415-64B5-45F3-97AD-E1D2786E33FC}" = MAGIX Speed burnR (MSI)
"{13A5E785-5197-4EAD-8EE3-D660271E49BC}" = Feedback Tool
"{14574B7F-75D1-4718-B7F2-EBF6E2862A35}" = Company of Heroes - FAKEMSI
"{14F2EFBD-98E8-4EE1-BF58-762B1AB13E6E}" = MAGIX Fotos auf CD & DVD 10 Deluxe Download-Version (Tutorials)
"{15634701-BACE-4449-8B25-1567DA8C9FD3}" = CameraHelperMsi
"{15B0C6CC-BA72-4386-BEB6-12EF56C07871}" = .NET Bildbearbeitung 1.7.9
"{1651216E-E7AD-4250-92A1-FB8ED61391C9}" = LWS Help_main
"{174A3B31-4C43-43DD-866F-73C9DB887B48}" = LWS Twitter
"{199E6632-EB28-4F73-AECB-3E192EB92D18}" = Company of Heroes - FAKEMSI
"{1B546047-843E-418C-A0DA-420ADC647929}" = MAGIX Fotos auf CD & DVD 10 Deluxe Download-Version (Überblendeffekte)
"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
"{1FDA5A37-B22D-43FF-B582-B8964050DC13}" = Microsoft Games for Windows - LIVE Redistributable
"{20288888-A7AF-4B24-8AEB-398D20CD563C}" = Sound Blaster X-Fi
"{205C6BDD-7B73-42DE-8505-9A093F35A238}" = Windows Live-Uploadtool
"{21DF0294-6B9D-4741-AB6F-B2ABFBD2387E}" = LWS YouTube Plugin
"{22B775E7-6C42-4FC5-8E10-9A5E3257BD94}" = MSVCRT
"{2300EE96-0A41-4FAB-BD03-989EC44577A0}" = Acronis*Disk Director Suite
"{24036256-BFDB-4CD3-BE8A-A3D6160F2E16}" = TuneUp Utilities 2011
"{25724802-CC14-4B90-9F3B-3D6955EE27B1}" = Company of Heroes - FAKEMSI
"{268723B7-A994-4286-9F85-B974D5CAFC7B}" = EasyRecovery Professional
"{26A24AE4-039D-4CA4-87B4-2F83216016FF}" = Java(TM) 6 Update 24
"{29CB3A0C-8980-45B6-95A0-B1118B776C5A}" = Fly The Airbus A380 v2 for FSX
"{2BB61B48-FEA6-4096-9201-6FE5AB0CD038}" = MAGIX Screenshare
"{2F4AF40B-433A-494E-BB41-816D113F32BA}" = aerosoft's - Mega Airport London Heathrow X
"{3175E049-F9A9-4A3D-8F19-AC9FB04514D1}" = Windows Live Communications Platform
"{32394A59-A39C-4C90-A9A5-F16B0C7442E1}" = Express Gate Tools
"{32C4A4EB-C97D-414E-99C5-38F8DFD31D5D}" = Company of Heroes - FAKEMSI
"{342F5437-C87D-4BB5-89B9-B23E16C6A395}" = Microsoft Visual C++ 8.0 Support DLLs
"{34EB6245-C8D0-4D8A-B8D8-EEBFF7A91485}" = Firebird SQL Server - MAGIX Edition
"{37F50C53-EDED-4FFE-9877-532A335C5C18}" = Aerosoft's - MyTraffic 2010
"{3A1B1652-D70A-4D19-981E-BB15D0DBF253}" = Ghostbusters (TM): The Video Game
"{3BD633E0-4BF8-4499-9149-88F0767D449C}" = Call of Duty(R) 4 - Modern Warfare(TM) 1.4 Patch
"{3D9CF3CA-3AB0-4A82-9853-D7C43FD1D775}" = ANNO 1404
"{3EE9BCAE-E9A9-45E5-9B1C-83A4D357E05C}" = erLT
"{434D0831-3E0C-4D03-A5D4-5E1000008400}" = F1 2010
"{434D0831-A4CC-401A-9E74-621000018401}" = F1 2010
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{4CBA3D4C-8F51-4D60-B27E-F6B641C571E7}" = Microsoft Search Enhancement Pack
"{50193078-F553-4EBA-AA77-64C9FAA12F98}" = Company of Heroes - FAKEMSI
"{51D718D1-DA81-4FAD-919F-5C1CE3C33379}" = Company of Heroes - FAKEMSI
"{56B83336-FBC1-4C46-8613-90A9E3B440D6}" = EPU-6 Engine
"{57752979-A1C9-4C02-856B-FBB27AC4E02C}" = QuickTime
"{579BA58C-F33D-4970-9953-B94B43768AC3}" = Grand Theft Auto IV
"{586509F0-350D-48B5-B763-9CC2F8D96C4C}" = Windows Live Sync
"{587178E7-B1DF-494E-9838-FA4DD36E873C}" = ASUSUpdate
"{5C6F884D-680C-448B-B4C9-22296EE1B206}" = Logitech Harmony Remote Software 7
"{5CE23B58-2323-43A0-8F51-10F0551AA0F1}" = MAGIX Fotos auf CD & DVD 10 Deluxe Download-Version (Deluxe-Content 4)
"{5D4C60AA-84E6-4E1A-8A68-69970D387BE1}" = TuneUp Utilities Language Pack (de-DE)
"{60DE4033-9503-48D1-A483-7846BD217CA9}" = ICQ6.5
"{61AF34EF-B0A4-4664-975B-81904824EB1C}" = WISO Mein Geld 2011 Professional
"{61C6337D-EDF5-43F0-9E50-541A389070BD}" = Aerosoft's - VFR Germany 3
"{65B32A06-A49D-47A4-9863-86DD5F635130}" = MAGIX Online Druck Service
"{66D6F3BD-CA23-41A4-9FA3-96B26B32528D}" = Command & Conquer Die ersten 10 Jahre
"{66F78C51-D108-4F0C-A93C-1CBE74CE338F}" = Company of Heroes - FAKEMSI
"{6956856F-B6B3-4BE0-BA0B-8F495BE32033}" = Apple Software Update
"{6AFCA4E1-9B78-3640-8F72-A7BF33448200}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729
"{6B9B0C6F-E5FA-4633-A640-AB98A272ECCA}" = Safari
"{6C2A42BE-C7CA-4D15-9E8B-B6608F64631B}_is1" = Strategic Engine 1.3
"{6F76EC3C-34B1-436E-97FB-48C58D7BEDCD}" = LWS Gallery
"{716E0306-8318-4364-8B8F-0CC4E9376BAC}" = MSXML 4.0 SP2 Parser und SDK
"{71E66D3F-A009-44AB-8784-75E2819BA4BA}" = LWS Motion Detection
"{7299052b-02a4-4627-81f2-1818da5d550d}" = Microsoft Visual C++ 2005 Redistributable
"{77077FFF-8831-470F-9627-E86F06A50CCD}" = Avery Wizard 3.1
"{7B956E7E-7709-4B43-90C2-432FE5DB5134}" = MAGIX Xtreme Grafik Designer 5
"{7F4B1592-222F-4E5F-A100-E5AFD61A0BB3}" = Company of Heroes - FAKEMSI
"{80AE0E0A-5579-4015-9C1A-35F2F2CE5673}" = Emergency 4
"{80D03817-7943-4839-8E96-B9F924C5E67D}" = Company of Heroes - FAKEMSI
"{823FCA70-5B66-4DFE-9D9D-117E4672773F}" = MAGIX Fotos auf CD & DVD 10 Deluxe Download-Version (Deluxe-Content 3)
"{837b34e3-7c30-493c-8f6a-2b0f04e2912c}" = Microsoft Visual C++ 2005 Redistributable
"{83C8FA3C-F4EA-46C4-8392-D3CE353738D6}" = LWS Launcher
"{8471021C-F529-43DE-84DF-3612E10F58C4}" = Remote Control USB Driver
"{8503C901-85D7-4262-88D2-8D8B2A7B08B8}" = Call of Duty(R) 4 - Modern Warfare(TM) 1.5 Patch
"{850C7BD3-9F3F-46AD-9396-E7985B38C55E}" = Windows Live Fotogalerie
"{86A4C6D9-29EE-4719-AFA1-BA3341862B83}" = Microsoft Games for Windows - LIVE
"{885F5AC6-4413-4D30-99A9-F4494BFA4923}" = Logitech Harmony Remote Software 7
"{888F1505-C2B3-4FDE-835D-36353EBD4754}" = Ubisoft Game Launcher
"{8937D274-C281-42E4-8CDB-A0B2DF979189}" = LWS Webcam Software
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{8A15B7D9-908A-4EF9-BA84-5AEDE61743EE}" = Call of Duty(R) 4 - Modern Warfare(TM) 1.6 Patch
"{8A74E887-8F0F-4017-AF53-CBA42211AAA5}" = Microsoft Sync Framework Runtime Native v1.0 (x86)
"{8ADDB203-8A7B-443A-A9C2-D3AF7156EB17}" = PhatNoise CAS Speech Support
"{8E5233E1-7495-44FB-8DEB-4BE906D59619}" = Junk Mail filter update
"{900B1197-53F5-4F46-A882-2CFFFE2EEDCB}" = Logitech Desktop Messenger
"{90120000-00A4-0409-0000-0000000FF1CE}" = Microsoft Office 2003 Web Components
"{90140000-0011-0000-0000-0000000FF1CE}" = Microsoft Office Professional Plus 2010
"{90140000-0015-0407-0000-0000000FF1CE}" = Microsoft Office Access MUI (German) 2010
"{90140000-0016-0407-0000-0000000FF1CE}" = Microsoft Office Excel MUI (German) 2010
"{90140000-0018-0407-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (German) 2010
"{90140000-0019-0407-0000-0000000FF1CE}" = Microsoft Office Publisher MUI (German) 2010
"{90140000-001A-0407-0000-0000000FF1CE}" = Microsoft Office Outlook MUI (German) 2010
"{90140000-001B-0407-0000-0000000FF1CE}" = Microsoft Office Word MUI (German) 2010
"{90140000-001F-0407-0000-0000000FF1CE}" = Microsoft Office Proof (German) 2010
"{90140000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2010
"{90140000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2010
"{90140000-001F-0410-0000-0000000FF1CE}" = Microsoft Office Proof (Italian) 2010
"{90140000-002C-0407-0000-0000000FF1CE}" = Microsoft Office Proofing (German) 2010
"{90140000-0044-0407-0000-0000000FF1CE}" = Microsoft Office InfoPath MUI (German) 2010
"{90140000-006E-0407-0000-0000000FF1CE}" = Microsoft Office Shared MUI (German) 2010
"{90140000-00A1-0407-0000-0000000FF1CE}" = Microsoft Office OneNote MUI (German) 2010
"{90140000-00BA-0407-0000-0000000FF1CE}" = Microsoft Office Groove MUI (German) 2010
"{907B4640-266B-4A21-92FB-CD1A86CD0F63}" = RollerCoaster Tycoon 3
"{931C37FC-594D-43A9-B10F-A2F2B1F03498}" = Call of Duty(R) 4 - Modern Warfare(TM) 1.7 Patch
"{95120000-0122-0407-0000-0000000FF1CE}" = Microsoft Office Outlook Connector
"{9733747E-E53D-4C17-977E-3A872AFB93E1}" = ROCCAT Kone Mouse Driver
"{97E5205F-EA4F-438F-B211-F1846419F1C1}" = Company of Heroes - FAKEMSI
"{99A7722D-9ACB-43F3-A222-ABC7133F159E}" = Company of Heroes - FAKEMSI
"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
"{9DAEA76B-E50F-4272-A595-0124E826553D}" = LWS WLM Plugin
"{A07B2C21-863B-47AB-AE7E-20BB00BD7D33}" = ANNO 1404 - Venedig
"{A31951C5-DCD8-4DFE-A525-CFC701F54792}" = TurboV
"{A498D9EB-927B-459B-85D6-DD6EF8C2C564}" = erLT
"{A49F249F-0C91-497F-86DF-B2585E8E76B7}" = Microsoft Visual C++ 2005 Redistributable
"{A5101403-2C42-40E0-8D9E-5E49E7C3B89E}" = Tycoon City - New York
"{A663BED9-978C-4A04-82A3-3029245055BE}" = Aerosoft's - F-16 Fighting Falcon
"{A7496F46-78AE-4DB2-BCF5-95F210FA6F96}" = Windows Live Movie Maker
"{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper
"{AC61C594-5F86-4BE9-ABAF-763C6A8E2302}" = Silent Hunter 5
"{AC76BA86-7AD7-5464-3428-900000000004}" = Spelling Dictionaries Support For Adobe Reader 9
"{AE09704D-9051-4C25-B940-77F889F0C93F}" = OVTScanner_Vista64
"{AED2DD42-9853-407E-A6BC-8A1D6B715909}" = Windows Live Messenger
"{B4092C6D-E886-4CB2-BA68-FE5A88D31DE6}_is1" = Spybot - Search & Destroy
"{B5342B67-F969-41C3-9913-6C20190A053C}" = MAGIX Fotos auf CD & DVD 10 Deluxe Download-Version (Deluxe-Content)
"{B5FDA445-CAC4-4BA6-A8FB-A7212BD439DE}" = Microsoft XML Parser
"{B9737B90-6903-4C69-BE4B-0D9491AFB280}" = MAGIX Foto Manager 10
"{B9DB4C76-01A4-46D5-8910-F7AA6376DBAF}" = NVIDIA PhysX
"{BA801B94-C28D-46EE-B806-E1E021A3D519}" = Company of Heroes - FAKEMSI
"{BAEE0C24-C8C2-4820-9DF4-887909F1A286}" = aerosoft's - Mega Airport Frankfurt X
"{BBF0A67B-5DBA-452F-9D2E-6F168BC226E4}" = Need for Speed™ SHIFT
"{BD64AF4A-8C80-4152-AD77-FCDDF05208AB}" = Microsoft Sync Framework Services Native v1.0 (x86)
"{BEE64C14-BEF1-4610-8A68-A16EAA47B882}" = Futuremark SystemInfo
"{BEEFC4F8-2909-48B3-AFAA-55D3533FDEDD}" = Creative MediaSource 5
"{C4D738F7-996A-4C81-B8FA-C4E26D767E41}" = Windows Live Mail
"{C768790F-04FB-11E0-9B2C-001AA037B01E}" = Google Earth
"{CAFA57E8-8927-4912-AFCF-B0AA3837E989}" = Windows Live Essentials
"{CE7CB214-DB11-4B5D-A6AF-3B4ED47C68B7}" = Microsoft Game Studios Common Redistributables Pack 1
"{CF704302-9E0E-4366-98D0-162DF7F0734F}" = MAGIX Fotos auf CD & DVD 10 Deluxe Download-Version (Menüvorlagen)
"{D186EE99-F905-4F87-B188-01D60D8FF1B3}" = Just Flight - Traffic X
"{D2041A37-5FEC-49F0-AE5C-3F2FFDFAA4F4}" = Windows Live Call
"{D2FCA41E-AC01-4DCD-B3A7-DC9E32363065}}_is1" = Rapture3D 2.4.4 Game
"{D40EB009-0499-459c-A8AF-C9C110766215}" = Logitech Webcam Software
"{D481EA96-2313-4A7C-98EE-710D1AF884AC}" = Microsoft Visual Studio 2005 Tools for Applications - ENU
"{D4D244D1-05E0-4D24-86A2-B2433C435671}" = Company of Heroes - FAKEMSI
"{D8DF8554-9181-402A-9D77-4155C5802E06}" = MAGIX Fotos auf CD & DVD 10 Deluxe Download-Version (Fotoshow Maker-Stile)
"{DDEDAF6C-488E-4CDA-8276-1CCF5F3C5C32}" = Command & Conquer 3
"{E0439648-574A-4D4F-9CD8-A5944508570A}" = MAGIX Fotos auf CD & DVD 10 Deluxe Download-Version (Deluxe-Content 2)
"{E0A4805D-280A-4DD7-9E74-3A5F85E302A1}" = Windows Live Writer
"{E48469CC-635E-4FD5-A122-1497C286D217}" = Call of Duty(R) 4 - Modern Warfare(TM)
"{E5141379-B2D9-4BBC-BB2A-5805541571DD}" = Call of Duty(R) 4 - Modern Warfare(TM) 1.2 Patch
"{E633D396-5188-4E9D-8F6B-BFB8BF3467E8}" = Skype™ 5.0
"{E7CC4B85-DC2F-463F-8FEB-E7398E25C19A}" = Microsoft Flight Simulator X Service Pack 2
"{E9E9C6AE-1D9D-4A6F-B5F4-AA673E9861BD}" = Deep Exploration 5 CE
"{EA74B216-7ADB-4F40-99D0-08DEF8C0F30F}" = MAGIX Fotos auf CD & DVD 10 Deluxe Download-Version (Designelemente)
"{EA926717-CE5A-4CB4-AB21-9E6E9565A458}" = RCT3 Soaked
"{EAF636A9-F664-4703-A659-85A894DA264F}" = Company of Heroes - FAKEMSI
"{EE6097DD-05F4-4178-9719-D3170BF098E8}" = Apple Application Support
"{EED027B7-0DB6-404B-8F45-6DFEE34A0441}" = LWS Video Mask Maker
"{F0A37341-D692-11D4-A984-009027EC0A9C}" = SoundMAX
"{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}" = Microsoft SQL Server 2005 Compact Edition [ENU]
"{F0E12BBA-AD66-4022-A453-A1C8A0C4D570}" = Microsoft Choice Guard
"{F11ADC64-C89E-47F4-A0B3-3665FF859397}" = WORLD IN CONFLICT
"{F1A14CB2-A048-45A6-AFDA-3571296E1D76}" = Creative Media Toolbox 6
"{F2835483-37F2-4123-B4FE-0E77D58447F2}" = Far Cry 2
"{F333A33D-125C-32A2-8DCE-5C5D14231E27}" = Visual C++ 2008 x86 Runtime - (v9.0.30729)
"{F333A33D-125C-32A2-8DCE-5C5D14231E27}.vc_x86runtime_30729_01" = Visual C++ 2008 x86 Runtime - v9.0.30729.01
"{F40BBEC7-C2A4-4A00-9B24-7A055A2C5262}" = Microsoft Office Live Add-in 1.5
"{F535B2CF-C9BB-4162-B03A-02D6971F32CC}" = Microsoft Flight Simulator X
"{F7338FA3-DAB5-49B2-900D-0AFB5760C166}" = PC Probe II
"{F94C940F-3B72-4877-9B27-9C71D3EF6540}" = PhatHack DMS Tools
"{FDBBAF14-5ED8-49B7-A5BE-1C35668B074D}" = Unreal Tournament 3 (LG)
"{FF167195-9EE4-46C0-8CD7-FBA3457E88AB}" = LWS Facebook
"{FF66E9F6-83E7-3A3E-AF14-8DE9A809A6A4}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022
"3DMIDI" = Creative 3DMIDI Player
"Adobe Flash Player ActiveX" = Adobe Flash Player 10 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 10 Plugin
"Adobe Shockwave Player" = Adobe Shockwave Player 11.5
"Album Art Downloader XUI" = Album Art Downloader XUI 0.36
"ALchemy" = Creative ALchemy
"Allway Sync_is1" = Allway Sync version 11.1.3
"AnyDVD" = AnyDVD
"Ashampoo Cover Studio 2_is1" = Ashampoo Cover Studio 2.01
"ASIO4ALL" = ASIO4ALL
"AudioCS" = Creative Audio-Systemsteuerung
"Audiograbber" = Audiograbber 1.83 SE
"Canon MP560 series Benutzerregistrierung" = Canon MP560 series Benutzerregistrierung
"Canon_IJ_Network_Scan_UTILITY" = Canon IJ Network Scan Utility
"Canon_IJ_Network_UTILITY" = Canon IJ Network Tool
"CANONIJPLM100" = Canon Inkjet Printer/Scanner/Fax Extended Survey Program
"CanonMyPrinter" = Canon Utilities My Printer
"CanonSolutionMenu" = Canon Utilities Solution Menu
"Cities XL 2011" = Cities XL 2011
"CloneDVD2" = CloneDVD2
"Company of Heroes" = Company of Heroes
"Console Launcher" = Creative Konsole Starter
"Creative Software AutoUpdate" = Creative Software AutoUpdate
"Creative Sound Blaster Properties x64 Edition" = Creative Sound Blaster Properties x64 Edition
"Creative Volume Panel" = Lautstärkefenster
"CurseClient" = Curse Client
"Diagnostics 4_5" = Creative-Diagnose
"Digital DJ" = Digital DJ
"dm-Fotowelt" = dm-Fotowelt
"Dolby Digital Live Pack" = Dolby Digital Live Pack
"Easy-PhotoPrint EX" = Canon Utilities Easy-PhotoPrint EX
"Easy-WebPrint EX" = Canon Easy-WebPrint EX
"Emergency 2012" = Emergency 2012
"ERUNT_is1" = ERUNT 1.1j
"EVEREST Ultimate Edition_is1" = EVEREST Ultimate Edition v5.30
"f1mustang_FSX" = Flight1 Citation Mustang
"FileZilla Client" = FileZilla Client 3.3.1
"Fraps" = Fraps (remove only)
"Free Studio_is1" = Free Studio version 4.2
"Freelancer 1.0" = Freelancer
"FSDreamTeam JFK FSX_is1" = FSDreamTeam JFK FSX 1.2
"G15_TeamSpeak" = G15_TeamSpeak (NSIS)
"GFWL_{434D0831-3E0C-4D03-A5D4-5E1000008400}" = F1 2010
"HijackThis" = HijackThis 2.0.2
"Host OpenAL (ADI)" = Host OpenAL (ADI)
"InstallShield_{050C1C8E-4A4D-4C2F-B9AE-67E60EE91B7F}" = Call of Duty(R) 4 - Modern Warfare(TM) 1.3 Patch
"InstallShield_{268723B7-A994-4286-9F85-B974D5CAFC7B}" = EasyRecovery Professional
"InstallShield_{3BD633E0-4BF8-4499-9149-88F0767D449C}" = Call of Duty(R) 4 - Modern Warfare(TM) 1.4 Patch
"InstallShield_{8503C901-85D7-4262-88D2-8D8B2A7B08B8}" = Call of Duty(R) 4 - Modern Warfare(TM) 1.5 Multiplayer Patch
"InstallShield_{8A15B7D9-908A-4EF9-BA84-5AEDE61743EE}" = Call of Duty(R) 4 - Modern Warfare(TM) 1.6 Patch
"InstallShield_{931C37FC-594D-43A9-B10F-A2F2B1F03498}" = Call of Duty(R) 4 - Modern Warfare(TM) 1.7 Patch
"InstallShield_{E48469CC-635E-4FD5-A122-1497C286D217}" = Call of Duty(R) 4 - Modern Warfare(TM)
"InstallShield_{E5141379-B2D9-4BBC-BB2A-5805541571DD}" = Call of Duty(R) 4 - Modern Warfare(TM) 1.2 Patch
"InstallShield_{F535B2CF-C9BB-4162-B03A-02D6971F32CC}" = Microsoft Flight Simulator X
"MAGIX 3D Maker D" = MAGIX 3D Maker (embeded)
"MAGIX Online Druck Service D" = MAGIX Online Druck Service
"MAGIX Screenshare D" = MAGIX Screenshare
"MAGIX Speed burnR D" = MAGIX Speed burnR
"MAGIX_MSI_Foto_Manager_10" = MAGIX Foto Manager 10
"MAGIX_MSI_Fotos_auf_CD_DVD_10_Dlx" = MAGIX Fotos auf CD & DVD 10 Deluxe Download-Version
"Malwarebytes' Anti-Malware_is1" = Malwarebytes' Anti-Malware
"Marvell Miniport Driver" = Marvell Miniport Driver
"Microsoft Visual Studio 2005 Tools for Applications - ENU" = Microsoft Visual Studio 2005 Tools for Applications - ENU
"Mozilla Firefox (3.6.13)" = Mozilla Firefox (3.6.13)
"MP Navigator EX 3.0" = Canon MP Navigator EX 3.0
"Mp3tag" = Mp3tag v2.47b
"mv61xxDriver" = marvell 61xx
"MyTraffic X 5.2a Simmarket Edition" = MyTraffic X 5.2a Simmarket Edition
"NVIDIAStereo" = NVIDIA Stereoscopic 3D Driver
"Office14.PROPLUS" = Microsoft Office Professional Plus 2010
"OpenAL" = OpenAL
"PandoraRecovery" = PandoraRecovery (Remove Only)
"PhatMan" = PhatNoise Music Manager
"Picasa 3" = Picasa 3
"ProtectDisc Driver 11" = ProtectDisc Driver, Version 11
"PunkBusterSvc" = PunkBuster Services
"QuickStores-Toolbar_is1" = QuickStores-Toolbar 1.2.0
"Rainbow Sentinel Driver" = Sentinel System Driver
"Security Task Manager" = Security Task Manager 1.8c
"SFBM" = SoundFont-Bank-Manager
"Sophos-AntiRootkit" = Sophos Anti-Rootkit 1.5.4
"SP1_F535B2CF-C9BB-4162-B03A-02D6971F32CC" = Microsoft Flight Simulator X Service Pack 1
"StarCraft II" = StarCraft II
"Steam App 10180" = Call of Duty: Modern Warfare 2
"Steam App 10190" = Call of Duty: Modern Warfare 2 - Multiplayer
"Steam App 10500" = Empire: Total War
"Steam App 24960" = Battlefield: Bad Company 2
"Steam App 42700" = Call of Duty: Black Ops
"Steam App 42710" = Call of Duty: Black Ops - Multiplayer
"SysInfo" = Creative Systeminformationen
"SystemRequirementsLab" = System Requirements Lab
"TeamViewer 6" = TeamViewer 6
"Tropico3" = Tropico 3 1.00
"TuneUp Utilities 2011" = TuneUp Utilities 2011
"UltraISO_is1" = UltraISO Premium V9.33
"Uninstall_is1" = Uninstall 1.0.0.1
"Uninstaller_B4736000_Creative Media Toolbox 6" = Creative Media Toolbox 6 (Shared Components)
"UseNeXT_is1" = UseNeXT
"VLC media player" = VLC media player 1.1.7
"WaveStudio 7" = Creative WaveStudio 7
"Winamp" = Winamp
"Windows 7 - Codec Pack" = Windows 7 Codec Pack 2.2.0
"WinGimp-2.0_is1" = GIMP 2.6.8
"WinLiveSuite_Wave3" = Windows Live Essentials
"WISO Mein Geld 2011 Professional" = WISO Mein Geld 2011 Professional
"World of Warcraft" = World of Warcraft
"Xfire" = Xfire (remove only)
"XMedia Recode" = XMedia Recode 2.1.4.8
"ZOTAC FireStorm" = ZOTAC FireStorm
========== HKEY_CURRENT_USER Uninstall List ==========
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"022f67d83d91b1c6" = Lotto-Check
"090215de958f1060" = Curse Client
"Area 52 Simulations C-5M Super Galaxy" = Area 52 Simulations C-5M Super Galaxy
"F/A 18 Hornet for FSX" = F/A 18 Hornet for FSX
"Google Chrome" = Google Chrome
"InstallShield_{FDBBAF14-5ED8-49B7-A5BE-1C35668B074D}" = Unreal Tournament 3 (LG)
"UnityWebPlayer" = Unity Web Player
"Winamp Detect" = Winamp Erkennungs-Plug-in
========== Last 10 Event Log Errors ==========
Error reading Event Logs: The Event Service is not operating properly or the Event Logs are corrupt!
< End of report >
|
|
18.02.2011, 21:05
| #6 |
| /// Winkelfunktion /// TB-Süch-Tiger™ | iexplore.exe / über 10 mal im Task Manager / Prozess belegt Arbeitsspeicher Beende alle Programme, starte OTL und kopiere folgenden Text in die "Custom Scan/Fixes" Box (unten in OTL): (das ":OTL" muss mitkopiert werden!!!) Code:
ATTFilter :OTL
O32 - HKLM CDRom: AutoRun - 1
O33 - MountPoints2\{6d38ee41-fee9-11d5-83bc-90e6ba1f9b88}\Shell - "" = AutoRun
O33 - MountPoints2\{6d38ee41-fee9-11d5-83bc-90e6ba1f9b88}\Shell\AutoRun\command - "" = J:\Borderlands.exe
O33 - MountPoints2\{a2e953b3-fec8-11d5-ba7c-806e6f6e6963}\Shell - "" = AutoRun
O33 - MountPoints2\{a2e953b3-fec8-11d5-ba7c-806e6f6e6963}\Shell\AutoRun\command - "" = D:\autorun.exe
@Alternate Data Stream - 295 bytes -> C:\ProgramData\TEMP:8FF81EB0
@Alternate Data Stream - 10 bytes -> C:\Users\Fischmoesi\Desktop\SWGameDE.exe:BDU
:Commands
[purity]
[resethosts]
[emptytemp]
Das Logfile müsste geöffnet werden, wenn Du nach dem Fixen auf ok klickst, poste das bitte. Evtl. wird der Rechner neu gestartet.
__________________ --> iexplore.exe / über 10 mal im Task Manager / Prozess belegt Arbeitsspeicher |
|
18.02.2011, 22:46
| #7 |
| | iexplore.exe / über 10 mal im Task Manager / Prozess belegt Arbeitsspeicher Sodele, nach dem Neustart hat es die Logfile angezeigt Code:
ATTFilter All processes killed
========== OTL ==========
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Cdrom\\AutoRun|DWORD:1 /E : value set successfully!
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{6d38ee41-fee9-11d5-83bc-90e6ba1f9b88}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{6d38ee41-fee9-11d5-83bc-90e6ba1f9b88}\ not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{6d38ee41-fee9-11d5-83bc-90e6ba1f9b88}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{6d38ee41-fee9-11d5-83bc-90e6ba1f9b88}\ not found.
File J:\Borderlands.exe not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{a2e953b3-fec8-11d5-ba7c-806e6f6e6963}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{a2e953b3-fec8-11d5-ba7c-806e6f6e6963}\ not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{a2e953b3-fec8-11d5-ba7c-806e6f6e6963}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{a2e953b3-fec8-11d5-ba7c-806e6f6e6963}\ not found.
File D:\autorun.exe not found.
ADS C:\ProgramData\TEMP:8FF81EB0 deleted successfully.
ADS C:\Users\Fischmoesi\Desktop\SWGameDE.exe:BDU deleted successfully.
========== COMMANDS ==========
C:\Windows\System32\drivers\etc\Hosts moved successfully.
HOSTS file reset successfully
[EMPTYTEMP]
User: All Users
User: AppData
User: Default
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
User: Fischmoesi
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 21679903 bytes
->Java cache emptied: 0 bytes
->FireFox cache emptied: 92153248 bytes
->Google Chrome cache emptied: 0 bytes
->Apple Safari cache emptied: 0 bytes
->Flash cache emptied: 1038 bytes
User: Public
%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 0 bytes
%systemroot%\System32 .tmp files removed: 0 bytes
%systemroot%\System32 (64bit) .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 92140 bytes
%systemroot%\sysnative\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files folder emptied: 313965 bytes
RecycleBin emptied: 181986151 bytes
Total Files Cleaned = 283,00 mb
OTL by OldTimer - Version 3.2.20.6 log created on 02182011_224245
Files\Folders moved on Reboot...
Registry entries deleted on Reboot...
|
|
19.02.2011, 22:58
| #8 |
| /// Winkelfunktion /// TB-Süch-Tiger™ | iexplore.exe / über 10 mal im Task Manager / Prozess belegt Arbeitsspeicher Dann bitte jetzt CF ausführen: ComboFix Ein Leitfaden und Tutorium zur Nutzung von ComboFix
Combofix darf ausschließlich ausgeführt werden, wenn ein Kompetenzler dies ausdrücklich empfohlen hat!
__________________ Logfiles bitte immer in CODE-Tags posten |
|
20.02.2011, 08:32
| #9 |
| | iexplore.exe / über 10 mal im Task Manager / Prozess belegt Arbeitsspeicher CCleaner habe ich durchlaufen lassen Hier die nächste Logfile Code:
ATTFilter ComboFix 11-02-19.02 - Fischmoesi 20.02.2011 8:20.1.8 - x64
Microsoft Windows 7 Ultimate 6.1.7600.0.1252.49.1031.18.12279.8725 [GMT 1:00]
ausgeführt von:: c:\users\Fischmoesi\Desktop\confi.exe
AV: Microsoft Security Essentials *Disabled/Updated* {108DAC43-C256-20B7-BB05-914135DA5160}
SP: Microsoft Security Essentials *Disabled/Updated* {ABEC4DA7-E46C-2F39-81B5-AA334E5D1BDD}
SP: Windows Defender *Disabled/Outdated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
(((((((((((((((((((((((((((((((((((( Weitere Löschungen ))))))))))))))))))))))))))))))))))))))))))))))))
.
c:\windows\system32\ccrpTmr6.dll
c:\windows\SysWow64\ccrpTmr6.dll
G:\install.exe
.
((((((((((((((((((((((( Dateien erstellt von 2011-01-20 bis 2011-02-20 ))))))))))))))))))))))))))))))
.
2011-02-20 07:23 . 2011-02-20 07:23 -------- d-----w- c:\users\Default\AppData\Local\temp
2011-02-19 21:50 . 2011-02-02 16:10 7844688 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{018BA68D-B96F-41E2-8A55-D4383DB4584C}\mpengine.dll
2011-02-18 21:42 . 2011-02-18 21:42 -------- d-----w- C:\_OTL
2011-02-18 17:41 . 2011-02-18 17:41 -------- d-----w- C:\Device
2011-02-17 17:23 . 2011-02-17 17:26 -------- d-----w- c:\program files (x86)\ERUNT
2011-02-16 20:19 . 2011-02-16 20:19 -------- d-----w- c:\programdata\Norton
2011-02-16 20:19 . 2011-02-16 20:29 -------- d-----w- c:\users\Fischmoesi\AppData\Local\NPE
2011-02-16 18:53 . 2011-02-16 18:53 -------- d-----w- c:\program files (x86)\Common Files\Java
2011-02-16 10:54 . 2010-12-14 13:05 34624 ----a-w- c:\windows\system32\TURegOpt.exe
2011-02-16 10:54 . 2010-12-14 13:01 25920 ----a-w- c:\windows\system32\authuitu.dll
2011-02-16 10:54 . 2010-12-14 13:00 21312 ----a-w- c:\windows\SysWow64\authuitu.dll
2011-02-16 10:54 . 2010-12-14 13:00 36160 ----a-w- c:\windows\system32\uxtuneup.dll
2011-02-16 10:54 . 2010-12-14 13:00 29504 ----a-w- c:\windows\SysWow64\uxtuneup.dll
2011-02-16 10:54 . 2011-02-16 10:54 -------- d-----w- c:\program files (x86)\TuneUp Utilities 2011
2011-02-15 22:13 . 2011-02-15 22:13 85465960 ----a-w- c:\program files (x86)\Common Files\Windows Live\.cache\wlc9148.tmp
2011-02-15 21:13 . 2011-02-15 21:13 -------- d-----w- c:\windows\SysWow64\wbem\en-US
2011-02-15 21:13 . 2011-02-15 21:13 -------- d-----w- c:\windows\system32\wbem\en-US
2011-02-15 21:13 . 2011-02-15 21:13 94208 ----a-w- c:\program files (x86)\Internet Explorer\de\iediag.resources.dll
2011-02-15 21:10 . 2011-02-15 21:10 982912 ----a-w- c:\windows\system32\drivers\dxgkrnl.sys
2011-02-15 21:10 . 2011-02-15 21:10 265088 ----a-w- c:\windows\system32\drivers\dxgmms1.sys
2011-02-15 21:10 . 2011-02-15 21:10 144384 ----a-w- c:\windows\system32\cdd.dll
2011-02-15 21:09 . 2011-02-15 21:09 -------- d-----w- c:\program files (x86)\Feedback Tool
2011-02-14 20:14 . 2010-05-26 09:45 18816 ------w- c:\windows\SysWow64\SAVRKBootTasks.sys
2011-02-14 17:59 . 2011-02-14 17:59 -------- d-----w- c:\program files (x86)\Sophos
2011-02-11 20:55 . 2011-02-11 20:55 -------- d-----w- c:\users\Fischmoesi\AppData\Roaming\Unity
2011-02-11 16:58 . 2011-02-16 23:03 -------- d-----w- c:\users\Fischmoesi\AppData\Roaming\vlc
2011-02-10 19:06 . 2011-02-10 19:06 388096 ----a-r- c:\users\Fischmoesi\AppData\Roaming\Microsoft\Installer\{0761C9A8-8F3A-4216-B4A7-B7AFBF24A24A}\HiJackThis.exe
2011-02-10 19:06 . 2011-02-10 19:06 -------- d-----w- c:\program files (x86)\TrendMicro
2011-02-09 20:56 . 2011-02-15 21:45 -------- d-----w- c:\users\Fischmoesi\AppData\Local\Unity
2011-02-08 20:27 . 2011-02-08 20:27 -------- d-----w- c:\programdata\Kaspersky Lab
2011-02-07 20:45 . 2003-04-18 18:06 8192 ----a-w- c:\windows\SysWow64\srvany.exe
2011-02-05 08:10 . 2011-02-05 08:10 -------- d-----w- c:\program files (x86)\PhatHack
2011-02-05 01:05 . 2011-02-02 16:10 7844688 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\Backup\mpengine.dll
2011-02-04 18:21 . 2011-02-04 18:20 601424 ------w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\NISBackup\gapaengine.dll
2011-02-04 18:21 . 2011-02-04 18:20 601424 ------w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{608C7388-C37D-4CEB-9750-50D35B2D9BD6}\gapaengine.dll
2011-02-04 18:09 . 2011-02-04 18:09 -------- d-----w- c:\program files (x86)\Microsoft Security Client
2011-02-04 18:08 . 2011-02-04 18:09 -------- d-----w- c:\program files\Microsoft Security Client
2011-02-04 18:08 . 2010-04-09 11:06 374664 ----a-w- c:\windows\system32\drivers\netio.sys
2011-02-03 20:43 . 2011-02-20 07:16 -------- d-----w- c:\programdata\Spybot - Search & Destroy
2011-02-03 20:43 . 2011-02-16 06:34 -------- d-----w- c:\program files (x86)\Spybot - Search & Destroy
2011-02-02 23:54 . 2011-02-16 20:14 -------- d-----w- c:\programdata\SecTaskMan
2011-02-02 23:54 . 2011-02-02 23:55 -------- d-----w- c:\program files (x86)\Security Task Manager
2011-01-31 18:18 . 2011-01-31 18:18 -------- d-----w- c:\program files\iPod
2011-01-31 18:18 . 2011-01-31 18:18 -------- d-----w- c:\program files\iTunes
2011-01-27 18:31 . 2011-01-27 18:31 49752 ----a-w- c:\windows\system32\drivers\SBREDrv.sys
2011-01-27 18:19 . 2011-01-27 18:19 -------- d-----w- c:\users\Fischmoesi\AppData\Local\Sunbelt Software
2011-01-27 18:18 . 2011-02-02 23:54 -------- d-----w- c:\programdata\Lavasoft
2011-01-27 18:01 . 2011-01-27 18:01 -------- d-----w- c:\users\Fischmoesi\AppData\Roaming\Malwarebytes
2011-01-27 18:01 . 2010-12-20 17:09 38224 ----a-w- c:\windows\SysWow64\drivers\mbamswissarmy.sys
2011-01-27 18:01 . 2011-01-27 18:01 -------- d-----w- c:\programdata\Malwarebytes
2011-01-27 18:01 . 2010-12-20 17:08 24152 ----a-w- c:\windows\system32\drivers\mbam.sys
2011-01-27 18:01 . 2011-01-27 18:01 -------- d-----w- c:\program files (x86)\Malwarebytes' Anti-Malware
.
(((((((((((((((((((((((((((((((((((( Find3M Bericht ))))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2011-02-18 17:36 . 2010-12-31 11:51 994979 ----a-w- c:\programdata\bdinstall.bin
2011-02-02 20:40 . 2010-05-04 19:44 472808 ----a-w- c:\windows\SysWow64\deployJava1.dll
2011-01-20 18:56 . 2011-01-20 18:56 53248 ----a-r- c:\users\Fischmoesi\AppData\Roaming\Microsoft\Installer\{3EE9BCAE-E9A9-45E5-9B1C-83A4D357E05C}\ARPPRODUCTICON.exe
2011-01-20 18:42 . 2011-01-20 18:42 21712 ----a-w- c:\windows\SysWow64\drivers\DrvAgent64.SYS
2011-01-08 03:27 . 2011-01-20 19:13 67176 ----a-w- c:\windows\system32\OpenCL.dll
2011-01-08 03:27 . 2011-01-20 19:13 6604904 ----a-w- c:\windows\system32\nvcuda.dll
2011-01-08 03:27 . 2011-01-20 19:13 57960 ----a-w- c:\windows\SysWow64\OpenCL.dll
2011-01-08 03:27 . 2011-01-20 19:13 5653096 ----a-w- c:\windows\SysWow64\nvwgf2um.dll
2011-01-08 03:27 . 2011-01-20 19:13 4941928 ----a-w- c:\windows\SysWow64\nvcuda.dll
2011-01-08 03:27 . 2011-01-20 19:13 3112040 ----a-w- c:\windows\system32\nvcuvid.dll
2011-01-08 03:27 . 2011-01-20 19:13 2895976 ----a-w- c:\windows\SysWow64\nvcuvid.dll
2011-01-08 03:27 . 2011-01-20 19:13 2479720 ----a-w- c:\windows\system32\nvcuvenc.dll
2011-01-08 03:27 . 2011-01-20 19:13 2251368 ----a-w- c:\windows\SysWow64\nvcuvenc.dll
2011-01-08 03:27 . 2011-01-20 19:13 20471912 ----a-w- c:\windows\system32\nvoglv64.dll
2011-01-08 03:27 . 2011-01-20 19:13 18580072 ----a-w- c:\windows\system32\nvcompiler.dll
2011-01-08 03:27 . 2011-01-20 19:13 1614440 ----a-w- c:\windows\system32\nvdispco642090.dll
2011-01-08 03:27 . 2011-01-20 19:13 15047272 ----a-w- c:\windows\SysWow64\nvoglv32.dll
2011-01-08 03:27 . 2011-01-20 19:13 1359976 ----a-w- c:\windows\system32\nvgenco642040.dll
2011-01-08 03:27 . 2011-01-20 19:13 13011560 ----a-w- c:\windows\SysWow64\nvcompiler.dll
2011-01-08 03:27 . 2011-01-20 19:13 12961640 ----a-w- c:\windows\system32\drivers\nvlddmkm.sys
2011-01-08 03:27 . 2010-10-28 19:55 10078312 ----a-w- c:\windows\SysWow64\nvd3dum.dll
2011-01-08 03:27 . 2010-03-10 17:50 7729256 ----a-w- c:\windows\system32\nvwgf2umx.dll
2011-01-08 03:27 . 2010-03-10 17:50 2200680 ----a-w- c:\windows\system32\nvapi64.dll
2011-01-08 03:27 . 2010-03-10 17:50 1965672 ----a-w- c:\windows\SysWow64\nvapi.dll
2011-01-08 03:27 . 2010-03-10 17:50 12859496 ----a-w- c:\windows\system32\nvd3dumx.dll
2011-01-07 19:50 . 2011-01-07 19:50 795752 ----a-w- c:\windows\system32\easyUpdatusAPIU64.dll
2011-01-07 19:50 . 2011-01-07 19:50 6143080 ----a-w- c:\windows\system32\nvcpl.dll
2011-01-07 19:49 . 2011-01-07 19:49 3156072 ----a-w- c:\windows\system32\nvsvc64.dll
2011-01-07 19:49 . 2011-01-07 19:49 117864 ----a-w- c:\windows\system32\nvmctray.dll
2011-01-07 19:49 . 2011-01-07 19:49 2558568 ----a-w- c:\windows\system32\nvsvcr.dll
2011-01-07 19:49 . 2011-01-07 19:49 1005160 ----a-w- c:\windows\system32\nvvsvc.exe
2010-12-27 15:11 . 2010-12-27 15:11 127034 ------r- c:\windows\bwUnin-8.1.1.50-8876480SL.exe
2010-12-17 17:22 . 2010-05-26 20:58 4076 --sha-w- c:\programdata\KGyGaAvL.sys
2010-12-02 09:12 . 2011-01-20 19:13 1359976 ----a-w- c:\windows\system32\nvgenco64hda.dll
2010-12-02 03:35 . 2010-12-02 03:35 4280320 ----a-w- c:\windows\SysWow64\GPhotos.scr
2010-11-29 16:38 . 2010-11-29 16:38 94208 ----a-w- c:\windows\SysWow64\QuickTimeVR.qtx
2010-11-29 16:38 . 2010-11-29 16:38 69632 ----a-w- c:\windows\SysWow64\QuickTime.qts
2007-03-12 16:59 . 2007-03-12 16:59 299008 ----a-w- c:\program files (x86)\navigram_register.exe
.
(((((((((((((((((((((((((((( Autostartpunkte der Registrierung ))))))))))))))))))))))))))))))))))))))))
.
.
*Hinweis* leere Einträge & legitime Standardeinträge werden nicht angezeigt.
REGEDIT4
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Sidebar"="c:\program files\Windows Sidebar\sidebar.exe" [2009-07-14 1475072]
"JFSW2Launch"="c:\users\Fischmoesi\AppData\Roaming\Transcend\JFSW2\JFSW2Launch.exe" [2010-02-03 176128]
"SpybotSD TeaTimer"="c:\program files (x86)\Spybot - Search & Destroy\TeaTimer.exe" [2009-03-05 2260480]
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"VolPanel"="c:\program files (x86)\Creative\Sound Blaster X-Fi\Volume Panel\VolPanlu.exe" [2008-08-06 233576]
"Kone"="c:\program files (x86)\ROCCAT\Kone Mouse\KoneHID.EXE" [2009-09-15 180224]
"AppleSyncNotifier"="c:\program files (x86)\Common Files\Apple\Mobile Device Support\AppleSyncNotifier.exe" [2010-10-08 47904]
"TurboV"="c:\program files\ASUS\TurboV\TurboV.exe" [2009-05-25 5391872]
"IJNetworkScanUtility"="c:\program files (x86)\Canon\Canon IJ Network Scan Utility\CNMNSUT.exe" [2009-05-19 136544]
"LWS"="c:\program files (x86)\Logitech\LWS\Webcam Software\LWS.exe" [2010-05-07 165208]
"Malwarebytes' Anti-Malware"="c:\program files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe" [2010-12-20 443728]
"SoundMAXPnP"="c:\program files (x86)\Analog Devices\Core\smax4pnp.exe" [2009-06-05 1310720]
"BCSSync"="c:\program files (x86)\Microsoft Office\Office14\BCSSync.exe" [2010-03-13 91520]
c:\users\Fischmoesi\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
ERUNT AutoBackup.lnk - c:\program files (x86)\ERUNT\AUTOBACK.EXE [2005-10-20 38912]
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 0 (0x0)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)
"PromptOnSecureDesktop"= 0 (0x0)
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
Security Packages REG_MULTI_SZ kerberos msv1_0 schannel wdigest tspkg pku2u livessp
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MsMpSvc]
@="Service"
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\run-]
"CTxfiHlp"=CTXFIHLP.EXE
"SunJavaUpdateSched"="c:\program files (x86)\Common Files\Java\Java Update\jusched.exe"
R1 SAVRKBootTasks;Boot Tasks Driver;c:\windows\system32\SAVRKBootTasks.sys [x]
R2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384]
R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576]
R2 KMService;KMService;c:\windows\system32\srvany.exe [x]
R2 MBAMService;MBAMService;c:\program files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe [2010-12-20 363344]
R3 cpuz130;cpuz130;c:\users\FISCHM~1\AppData\Local\Temp\cpuz130\cpuz_x64.sys [x]
R3 Creative ALchemy AL6 Licensing Service;Creative ALchemy AL6 Licensing Service;c:\program files (x86)\Common Files\Creative Labs Shared\Service\AL6Licensing.exe [2010-07-01 79360]
R3 Creative Audio Engine Licensing Service;Creative Audio Engine Licensing Service;c:\program files (x86)\Common Files\Creative Labs Shared\Service\CTAELicensing.exe [2002-01-01 79360]
R3 Creative Media Toolbox 6 Licensing Service;Creative Media Toolbox 6 Licensing Service;c:\program files (x86)\Common Files\Creative Labs Shared\Service\MT6Licensing.exe [2009-10-11 79360]
R3 CT20XUT;CT20XUT;c:\windows\system32\drivers\CT20XUT.SYS [2009-07-14 230424]
R3 CTEXFIFX;CTEXFIFX;c:\windows\system32\drivers\CTEXFIFX.SYS [2009-07-14 1445912]
R3 CTHWIUT;CTHWIUT;c:\windows\system32\drivers\CTHWIUT.SYS [2009-07-14 95256]
R3 FirebirdServerMAGIXInstance;Firebird Server - MAGIX Instance;c:\program files (x86)\Common Files\MAGIX Services\Database\bin\fbserver.exe [2008-08-07 3276800]
R3 FLEXnet Licensing Service 64;FLEXnet Licensing Service 64;c:\program files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService64.exe [2010-08-24 1436424]
R3 MEMSWEEP2;MEMSWEEP2;c:\windows\system32\CAF3.tmp [x]
R3 Microsoft SharePoint Workspace Audit Service;Microsoft SharePoint Workspace Audit Service;c:\program files (x86)\Microsoft Office\Office14\GROOVE.EXE [2010-03-25 30969208]
R3 MpNWMon;Microsoft Malware Protection Network Driver;c:\windows\system32\DRIVERS\MpNWMon.sys [2010-10-24 40832]
R3 NisDrv;Microsoft Network Inspection System;c:\windows\system32\DRIVERS\NisDrvWFP.sys [2010-10-24 72064]
R3 NisSrv;Microsoft-Netzwerkinspektion;c:\program files\Microsoft Security Client\Antimalware\NisSrv.exe [2010-11-11 282616]
R3 osppsvc;Office Software Protection Platform;c:\program files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE [2010-01-09 4925184]
R3 OV550I;OVT Scanner;c:\windows\system32\Drivers\ov550ivx.sys [2008-02-21 196992]
R3 SynUSB64;SynUSB64;c:\windows\system32\DRIVERS\SynUSB64.sys [2007-10-24 29432]
R3 USBAAPL64;Apple Mobile USB Driver;c:\windows\system32\Drivers\usbaapl64.sys [2010-09-28 51712]
S0 mv61xx;mv61xx;c:\windows\system32\DRIVERS\mv61xx.sys [2009-05-11 178728]
S0 sptd;sptd;c:\windows\System32\Drivers\sptd.sys [2002-01-01 871408]
S2 acedrv11;acedrv11;c:\windows\system32\drivers\acedrv11.sys [2010-02-24 191616]
S2 AsSysCtrlService;ASUS System Control Service;c:\program files (x86)\ASUS\AsSysCtrlService\1.00.02\AsSysCtrlService.exe [2009-04-02 90112]
S2 Fabs;FABS - Helping agent for MAGIX media database;c:\program files (x86)\Common Files\MAGIX Services\Database\bin\FABS.exe [2009-08-27 1253376]
S2 gupdate;Google Update Service (gupdate);c:\program files (x86)\Google\Update\GoogleUpdate.exe [2009-10-11 133104]
S2 LVPrcS64;Process Monitor;c:\program files\Common Files\Logishrd\LVMVFM\LVPrcSrv.exe [2010-05-07 197976]
S2 MDES;DVM Meta Data Export Service;c:\asus.sys\CONFIG\DVMExportService.exe [2009-02-18 315392]
S2 SBSDWSCService;SBSD Security Center Service;c:\program files (x86)\Spybot - Search & Destroy\SDWinSec.exe [2009-01-26 1153368]
S2 Stereo Service;NVIDIA Stereoscopic 3D Driver Service;c:\program files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe [2011-01-07 378984]
S2 TeamViewer6;TeamViewer 6;c:\program files (x86)\TeamViewer\Version6\TeamViewer_Service.exe [2011-01-27 2253688]
S2 TuneUp.UtilitiesSvc;TuneUp Utilities Service;c:\program files (x86)\TuneUp Utilities 2011\TuneUpUtilitiesService64.exe [2010-12-14 2019648]
S2 WinRing0_1_2_0;WinRing0_1_2_0;c:\users\Fischmoesi\AppData\Local\Microsoft\Windows Sidebar\Gadgets\IntelCoreSeries24.gadget\WinRing0x64.sys [2010-03-25 14544]
S3 CT20XUT.SYS;CT20XUT.SYS;c:\windows\System32\drivers\CT20XUT.SYS [2009-07-14 230424]
S3 CTEXFIFX.SYS;CTEXFIFX.SYS;c:\windows\System32\drivers\CTEXFIFX.SYS [2009-07-14 1445912]
S3 CTHWIUT.SYS;CTHWIUT.SYS;c:\windows\System32\drivers\CTHWIUT.SYS [2009-07-14 95256]
S3 EverestDriver;Lavalys EVEREST Kernel Driver;c:\program files (x86)\Lavalys\EVEREST Ultimate Edition\kerneld.amd64 [2009-10-01 26240]
S3 ha20x22k;Creative 20X2 HAL Driver;c:\windows\system32\drivers\ha20x22k.sys [2009-07-14 1613336]
S3 KoneFltr;ROCCAT Kone;c:\windows\system32\drivers\Kone.sys [2008-12-11 15488]
S3 LGBusEnum;Logitech GamePanel Virtual Bus Enumerator Driver;c:\windows\system32\drivers\LGBusEnum.sys [2009-11-23 22408]
S3 LGVirHid;Logitech Gamepanel Virtual HID Device Driver;c:\windows\system32\drivers\LGVirHid.sys [2009-11-23 16008]
S3 LVPr2M64;Logitech LVPr2M64 Driver;c:\windows\system32\DRIVERS\LVPr2M64.sys [2010-05-07 30304]
S3 LVRS64;Logitech RightSound Filter Driver;c:\windows\system32\DRIVERS\lvrs64.sys [2010-11-10 341856]
S3 LVUVC64;Logitech QuickCam Pro 9000(UVC);c:\windows\system32\DRIVERS\lvuvc64.sys [2010-11-10 4162784]
S3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [2010-12-20 24152]
S3 NVHDA;Service for NVIDIA High Definition Audio Driver;c:\windows\system32\drivers\nvhda64v.sys [2010-11-11 155752]
S3 TuneUpUtilitiesDrv;TuneUpUtilitiesDrv;c:\program files (x86)\TuneUp Utilities 2011\TuneUpUtilitiesDriver64.sys [2010-11-29 11856]
S3 yukonw7;NDIS6.2 Miniport Driver for Marvell Yukon Ethernet Controller;c:\windows\system32\DRIVERS\yk62x64.sys [2010-07-13 402720]
.
Inhalt des "geplante Tasks" Ordners
2011-02-20 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2009-10-11 20:22]
2011-02-20 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2009-10-11 20:22]
2011-02-20 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1220478906-1765848077-1096141842-1001Core.job
- c:\users\Fischmoesi\AppData\Local\Google\Update\GoogleUpdate.exe [2011-02-10 16:47]
2011-02-20 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1220478906-1765848077-1096141842-1001UA.job
- c:\users\Fischmoesi\AppData\Local\Google\Update\GoogleUpdate.exe [2011-02-10 16:47]
.
--------- x86-64 -----------
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"CanonMyPrinter"="c:\program files\Canon\MyPrinter\BJMyPrt.exe" [2009-03-24 2184520]
"MSC"="c:\program files\Microsoft Security Client\msseces.exe" [2010-11-30 1436224]
"Launch LgDeviceAgent"="c:\program files\Logitech\GamePanel Software\LgDevAgt.exe" [2010-08-03 415816]
"Launch LCDMon"="c:\program files\Logitech\GamePanel Software\LCD Manager\LCDMon.exe" [2010-08-03 2412616]
"Launch LGDCore"="c:\program files\Logitech\GamePanel Software\G-series Software\LGDCore.exe" [2010-08-03 4725320]
"Start WingMan Profiler"="c:\program files\Logitech\Gaming Software\LWEMon.exe" [2009-09-16 190472]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]
"LoadAppInit_DLLs"=0x0
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost - NetSvcs
UxTuneUp
.
------- Zusätzlicher Suchlauf -------
.
uLocal Page = c:\windows\system32\blank.htm
mLocal Page = c:\windows\SYSTEM32\blank.htm
IE: Add to Google Photos Screensa&ver - c:\windows\system32\GPhotos.scr/200
IE: An OneNote s&enden - c:\progra~2\MICROS~2\Office14\ONBttnIE.dll/105
IE: An vorhandene PDF-Datei anfügen - c:\program files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIEAppend.html
IE: Linkziel an vorhandene PDF-Datei anhängen - c:\program files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
IE: Linkziel in Adobe PDF konvertieren - c:\program files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
IE: Nach Microsoft E&xcel exportieren - c:\progra~2\MICROS~2\Office14\EXCEL.EXE/3000
IE: Nach Microsoft E&xel exportieren - c:\progra~2\MICROS~2\Office12\EXCEL.EXE/3000
Filter: text/xml - {807573E5-5146-11D5-A672-00B0D022E945} - c:\program files (x86)\Common Files\microsoft shared\OFFICE14\MSOXMLMF.DLL
Handler: bwfile-8876480 - {9462A756-7B47-47BC-8C80-C34B9B80B32B} - c:\program files (x86)\Logitech\Desktop Messenger\8876480\Program\GAPlugProtocol-8876480.dll
FF - ProfilePath - c:\users\Fischmoesi\AppData\Roaming\Mozilla\Firefox\Profiles\f1f48eki.default\
FF - prefs.js: browser.search.defaulturl - hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT2319825&SearchSource=3&q={searchTerms}
FF - prefs.js: browser.search.selectedEngine - Google
FF - prefs.js: browser.startup.homepage - hxxp://www.google.de/
FF - prefs.js: keyword.URL - hxxp://search.icq.com/search/afe_results.php?ch_id=afex&tb_ver=1.1.7&q=
FF - Ext: QuickStores-Toolbar: quickstores@quickstores.de - c:\program files (x86)\Mozilla Firefox\extensions\quickstores@quickstores.de
FF - Ext: ICQ Toolbar: {800b5000-a755-47e1-992b-48a1c1357f07} - c:\program files (x86)\Mozilla Firefox\extensions\{800b5000-a755-47e1-992b-48a1c1357f07}
FF - Ext: Default: {972ce4c6-7e08-4474-a285-3208198ce6fd} - c:\program files (x86)\Mozilla Firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
FF - Ext: Java Console: {CAFEEFAC-0016-0000-0016-ABCDEFFEDCBA} - c:\program files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0016-ABCDEFFEDCBA}
FF - Ext: Java Console: {CAFEEFAC-0016-0000-0017-ABCDEFFEDCBA} - c:\program files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0017-ABCDEFFEDCBA}
FF - Ext: Java Console: {CAFEEFAC-0016-0000-0019-ABCDEFFEDCBA} - c:\program files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0019-ABCDEFFEDCBA}
FF - Ext: Java Console: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA} - c:\program files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}
FF - Ext: Java Console: {CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA} - c:\program files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA}
FF - Ext: Java Console: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA} - c:\program files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}
FF - Ext: Java Console: {CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA} - c:\program files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA}
FF - Ext: Java Console: {CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA} - c:\program files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA}
FF - Ext: FRITZ!Box AddOn: fb_add_on@avm.de - %profile%\extensions\fb_add_on@avm.de
FF - Ext: Personas: personas@christopher.beard - %profile%\extensions\personas@christopher.beard
FF - Ext: ICQ Toolbar: {800b5000-a755-47e1-992b-48a1c1357f07} - %profile%\extensions\{800b5000-a755-47e1-992b-48a1c1357f07}
FF - Ext: DHL Packstation Bestellhelfer: {b8cbd8e0-e642-11dd-ba2f-0800200c9a66} - %profile%\extensions\{b8cbd8e0-e642-11dd-ba2f-0800200c9a66}
FF - Ext: Easy Youtube Video Downloader: {c0c9a2c7-2e5c-4447-bc53-97718bc91e1b} - %profile%\extensions\{c0c9a2c7-2e5c-4447-bc53-97718bc91e1b}
FF - Ext: Adblock Plus: {d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d} - %profile%\extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}
FF - Ext: DownThemAll!: {DDC359D1-844A-42a7-9AA1-88A850A938A8} - %profile%\extensions\{DDC359D1-844A-42a7-9AA1-88A850A938A8}
FF - user.js: network.http.max-persistent-connections-per-server - 4
FF - user.js: nglayout.initialpaint.delay - 600
FF - user.js: content.notify.interval - 600000
FF - user.js: content.max.tokenizing.time - 1800000
FF - user.js: content.switch.threshold - 600000
FF - user.js: yahoo.homepage.dontask - true
.
- - - - Entfernte verwaiste Registrierungseinträge - - - -
Wow6432Node-HKU-Default-Run-CtxfiReg - CTXFIREG.exe
AddRemove-Adobe Shockwave Player - c:\windows\system32\Adobe\Shockwave 11\uninstaller.exe
AddRemove-PunkBusterSvc - c:\windows\system32\pbsvc_bc2.exe
AddRemove-Rainbow Sentinel Driver - c:\windows\SYSTEM32\RNBOSENT\SETUPX86.EXE
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\EverestDriver]
"ImagePath"="\??\c:\program files (x86)\Lavalys\EVEREST Ultimate Edition\kerneld.amd64"
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\MEMSWEEP2]
"ImagePath"="\??\c:\windows\system32\CAF3.tmp"
.
--------------------- Gesperrte Registrierungsschluessel ---------------------
[HKEY_USERS\.Default\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.alb\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="FotoManager10Deluxe.8.alb"
[HKEY_USERS\S-1-5-21-1220478906-1765848077-1096141842-1001\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved\{B7388AE4-449D-BC29-5E37-3AB14CEF12B3}*]
"paeeekfnacdbdbeehkbomefpfmkljhme"=hex:61,62,6c,6d,6b,65,6c,69,62,68,69,66,6b,
61,66,67,62,61,6f,6b,65,62,63,65,68,6a,66,6d,6f,67,67,6e,64,6c,00,60
[HKEY_USERS\S-1-5-21-1220478906-1765848077-1096141842-1001\Software\SecuROM\!CAUTION! NEVER A OR CHANGE ANY KEY*]
"??"=hex:fd,35,51,fc,1c,0d,2c,12,f4,77,e4,c8,26,98,dd,e1,8c,43,26,94,9b,36,81,
8f,c7,63,58,ff,1e,2f,31,43,34,9d,b9,87,89,27,51,76,45,cd,53,3b,e4,1c,4d,ef,\
"??"=hex:5d,2e,bc,00,9b,07,bc,9c,34,34,87,88,c9,ab,ca,0d
[HKEY_USERS\S-1-5-21-1220478906-1765848077-1096141842-1001\Software\SecuROM\License information*]
"datasecu"=hex:00,31,97,6b,89,d7,d1,63,d3,81,bc,3d,12,5e,6d,2d,c2,1c,b5,fd,13,
fa,39,7c,87,5b,37,e0,b4,19,3e,f3,80,fc,1f,6a,81,81,5f,53,15,87,9a,fe,01,4b,\
"rkeysecu"=hex:32,73,d6,69,eb,63,ed,a9,db,c5,71,60,2e,a4,91,10
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil10m_ActiveX.exe,-101"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\Elevation]
"Enabled"=dword:00000001
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\LocalServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil10m_ActiveX.exe"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Shockwave Flash Object"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash10m.ocx"
"ThreadingModel"="Apartment"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
@="0"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
@="ShockwaveFlash.ShockwaveFlash.10"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash10m.ocx, 1"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="ShockwaveFlash.ShockwaveFlash"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Macromedia Flash Factory Object"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash10m.ocx"
"ThreadingModel"="Apartment"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
@="FlashFactory.FlashFactory.1"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash10m.ocx, 1"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="FlashFactory.FlashFactory"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}]
@Denied: (A 2) (Everyone)
@="IFlashBroker4"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Office\Common\Smart Tag\Actions\{B7EFF951-E52F-45CC-9EF7-57124F2177CC}]
@Denied: (A) (Everyone)
"Solution"="{15727DE6-F92D-4E46-ACB4-0E2C58B31A18}"
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Schema Library\ActionsPane3]
@Denied: (A) (Everyone)
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Schema Library\ActionsPane3\0]
"Key"="ActionsPane3"
"Location"="c:\\Program Files (x86)\\Common Files\\Microsoft Shared\\VSTO\\ActionsPane3.xsd"
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0001\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
------------------------ Weitere laufende Prozesse ------------------------
.
c:\program files (x86)\Creative\Shared Files\CTAudSvc.exe
c:\program files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
c:\program files (x86)\Bonjour\mDNSResponder.exe
c:\program files (x86)\Canon\IJPLM\IJPLMSVC.EXE
c:\program files (x86)\Common Files\Logishrd\LVMVFM\LVPrS64H.exe
c:\windows\SysWOW64\PnkBstrA.exe
c:\program files (x86)\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe
c:\program files (x86)\TeamViewer\Version6\TeamViewer.exe
c:\program files\ASUS\Six Engine\SixEngine.exe
c:\program files (x86)\Lavalys\EVEREST Ultimate Edition\everest.exe
c:\program files (x86)\Windows Media Player\wmplayer.exe
c:\program files\Logitech\GamePanel Software\Applets\LCDMedia.exe
c:\program files (x86)\Schmads Inc\G15_TeamSpeak\G15_TeamSpeak.exe
c:\windows\SysWOW64\CTXFISPI.EXE
c:\program files (x86)\ROCCAT\Kone Mouse\osd.exe
.
**************************************************************************
.
Zeit der Fertigstellung: 2011-02-20 08:29:30 - PC wurde neu gestartet
ComboFix-quarantined-files.txt 2011-02-20 07:29
Vor Suchlauf: 18 Verzeichnis(se), 56.442.675.200 Bytes frei
Nach Suchlauf: 26 Verzeichnis(se), 55.938.134.016 Bytes frei
- - End Of File - - 5A34AAA835B1091943D9347D60E2AE74
|
|
20.02.2011, 17:50
| #10 |
| /// Winkelfunktion /// TB-Süch-Tiger™ | iexplore.exe / über 10 mal im Task Manager / Prozess belegt Arbeitsspeicher Bitte nun Logs mit GMER und mbrcheck erstellen und posten. GMER stürzt häufiger ab, wenn das Tool auch beim 2. Mal nicht will, lass es einfach weg Anleitung zu mbrcheck: Downloade Dir MBRCheck (by a_d_13) und speichere die Datei auf dem Desktop.
__________________ Logfiles bitte immer in CODE-Tags posten |
|
20.02.2011, 20:48
| #11 |
| | iexplore.exe / über 10 mal im Task Manager / Prozess belegt Arbeitsspeicher GMER Log Code:
ATTFilter GMER 1.0.15.15530 - hxxp://www.gmer.net
Rootkit scan 2011-02-20 20:44:38
Windows 6.1.7600
Running: 1ignp81j.exe
---- Registry - GMER 1.0.15 ----
Reg HKLM\SYSTEM\CurrentControlSet\services\BTHPORT\Parameters\Keys\0009dd507601
Reg HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg@s1 771343423
Reg HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg@s2 285507792
Reg HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg@h0 1
Reg HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC
Reg HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@p0 C:\Program Files (x86)\DAEMON Tools Lite\
Reg HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@h0 0
Reg HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@hdf12 0xE0 0x70 0xA1 0x16 ...
Reg HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001
Reg HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001@a0 0x20 0x01 0x00 0x00 ...
Reg HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001@hdf12 0x6D 0xF6 0xC2 0x21 ...
Reg HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001\gdq0
Reg HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001\gdq0@hdf12 0xDD 0x82 0x8E 0xC3 ...
Reg HKLM\SYSTEM\ControlSet002\services\BTHPORT\Parameters\Keys\0009dd507601 (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet002\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet002\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@p0 C:\Program Files (x86)\DAEMON Tools Lite\
Reg HKLM\SYSTEM\ControlSet002\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@h0 0
Reg HKLM\SYSTEM\ControlSet002\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@hdf12 0xE0 0x70 0xA1 0x16 ...
Reg HKLM\SYSTEM\ControlSet002\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001 (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet002\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001@a0 0x20 0x01 0x00 0x00 ...
Reg HKLM\SYSTEM\ControlSet002\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001@hdf12 0x6D 0xF6 0xC2 0x21 ...
Reg HKLM\SYSTEM\ControlSet002\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001\gdq0 (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet002\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001\gdq0@hdf12 0xDD 0x82 0x8E 0xC3 ...
Reg HKCU\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved\{B7388AE4-449D-BC29-5E37-3AB14CEF12B3}
Reg HKCU\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved\{B7388AE4-449D-BC29-5E37-3AB14CEF12B3}@paeeekfnacdbdbeehkbomefpfmkljhme 0x61 0x62 0x6C 0x6D ...
---- EOF - GMER 1.0.15 ----
Code:
ATTFilter MBRCheck, version 1.2.3
(c) 2010, AD
Command-line:
Windows Version: Windows 7 Ultimate Edition
Windows Information: (build 7600), 64-bit
Base Board Manufacturer: ASUSTeK Computer INC.
BIOS Manufacturer: American Megatrends Inc.
System Manufacturer: System manufacturer
System Product Name: System Product Name
Logical Drives Mask: 0x000007fd
Kernel Drivers (total 222):
0x03655000 \SystemRoot\system32\ntoskrnl.exe
0x0360C000 \SystemRoot\system32\hal.dll
0x00BCD000 \SystemRoot\system32\kdcom.dll
0x00CF9000 \SystemRoot\system32\mcupdate_GenuineIntel.dll
0x00D3D000 \SystemRoot\system32\PSHED.dll
0x00D51000 \SystemRoot\system32\CLFS.SYS
0x00C00000 \SystemRoot\system32\CI.dll
0x00E15000 \SystemRoot\system32\drivers\Wdf01000.sys
0x00EB9000 \SystemRoot\system32\drivers\WDFLDR.SYS
0x00EC8000 \SystemRoot\System32\Drivers\spws.sys
0x00E00000 \SystemRoot\System32\Drivers\WMILIB.SYS
0x00CC0000 \SystemRoot\System32\Drivers\SCSIPORT.SYS
0x010D2000 \SystemRoot\system32\DRIVERS\ACPI.sys
0x01129000 \SystemRoot\system32\DRIVERS\msisadrv.sys
0x01133000 \SystemRoot\system32\DRIVERS\vdrvroot.sys
0x01140000 \SystemRoot\system32\DRIVERS\pci.sys
0x01173000 \SystemRoot\System32\drivers\partmgr.sys
0x01188000 \SystemRoot\system32\DRIVERS\volmgr.sys
0x0119D000 \SystemRoot\System32\drivers\volmgrx.sys
0x011F9000 \SystemRoot\system32\DRIVERS\pciide.sys
0x01000000 \SystemRoot\system32\DRIVERS\PCIIDEX.SYS
0x01010000 \SystemRoot\System32\drivers\mountmgr.sys
0x0102A000 \SystemRoot\system32\DRIVERS\atapi.sys
0x01033000 \SystemRoot\system32\DRIVERS\ataport.SYS
0x0105D000 \SystemRoot\system32\DRIVERS\mv61xx.sys
0x010A3000 \SystemRoot\system32\DRIVERS\amdxata.sys
0x00DAF000 \SystemRoot\system32\drivers\fltmgr.sys
0x010AE000 \SystemRoot\system32\drivers\fileinfo.sys
0x01253000 \SystemRoot\System32\Drivers\Ntfs.sys
0x01459000 \SystemRoot\System32\Drivers\msrpc.sys
0x014B7000 \SystemRoot\System32\Drivers\ksecdd.sys
0x014D1000 \SystemRoot\System32\Drivers\cng.sys
0x01544000 \SystemRoot\System32\drivers\pcw.sys
0x01555000 \SystemRoot\System32\Drivers\Fs_Rec.sys
0x016B9000 \SystemRoot\system32\drivers\ndis.sys
0x01600000 \SystemRoot\system32\drivers\NETIO.SYS
0x01660000 \SystemRoot\System32\Drivers\ksecpkg.sys
0x01802000 \SystemRoot\System32\drivers\tcpip.sys
0x017AB000 \SystemRoot\System32\drivers\fwpkclnt.sys
0x0168B000 \SystemRoot\system32\DRIVERS\vmstorfl.sys
0x0155F000 \SystemRoot\system32\DRIVERS\volsnap.sys
0x0169B000 \SystemRoot\System32\Drivers\spldr.sys
0x015AB000 \SystemRoot\system32\DRIVERS\snapman.sys
0x01400000 \SystemRoot\System32\drivers\rdyboost.sys
0x016A3000 \SystemRoot\System32\Drivers\mup.sys
0x017F5000 \SystemRoot\System32\drivers\hwpolicy.sys
0x01200000 \SystemRoot\System32\DRIVERS\fvevol.sys
0x0143A000 \SystemRoot\system32\DRIVERS\disk.sys
0x01A55000 \SystemRoot\system32\DRIVERS\CLASSPNP.SYS
0x01ABB000 \SystemRoot\system32\DRIVERS\cdrom.sys
0x01AE5000 \SystemRoot\system32\DRIVERS\MpFilter.sys
0x01B16000 \SystemRoot\System32\Drivers\Null.SYS
0x01B1F000 \SystemRoot\System32\Drivers\Beep.SYS
0x01B26000 \SystemRoot\System32\drivers\vga.sys
0x01B34000 \SystemRoot\System32\drivers\VIDEOPRT.SYS
0x01B59000 \SystemRoot\System32\drivers\watchdog.sys
0x01B69000 \SystemRoot\System32\DRIVERS\RDPCDD.sys
0x01B72000 \SystemRoot\system32\drivers\rdpencdd.sys
0x01B7B000 \SystemRoot\system32\drivers\rdprefmp.sys
0x01B84000 \SystemRoot\System32\Drivers\Msfs.SYS
0x01B8F000 \SystemRoot\System32\Drivers\Npfs.SYS
0x01BA0000 \SystemRoot\system32\DRIVERS\tdx.sys
0x01BBE000 \SystemRoot\system32\DRIVERS\TDI.SYS
0x02E98000 \SystemRoot\system32\drivers\afd.sys
0x02F22000 \SystemRoot\System32\DRIVERS\netbt.sys
0x02F67000 \SystemRoot\system32\DRIVERS\wfplwf.sys
0x02F70000 \SystemRoot\system32\DRIVERS\pacer.sys
0x02F96000 \SystemRoot\system32\DRIVERS\netbios.sys
0x02FA5000 \SystemRoot\system32\DRIVERS\wanarp.sys
0x02FC0000 \SystemRoot\system32\DRIVERS\termdd.sys
0x02E00000 \SystemRoot\system32\DRIVERS\rdbss.sys
0x02E51000 \SystemRoot\system32\drivers\nsiproxy.sys
0x02E5D000 \SystemRoot\system32\DRIVERS\mssmbios.sys
0x02E68000 \SystemRoot\System32\Drivers\ElbyCDIO.sys
0x02E74000 \SystemRoot\System32\drivers\discache.sys
0x042FF000 \SystemRoot\system32\drivers\csc.sys
0x04382000 \SystemRoot\System32\Drivers\dfsc.sys
0x043A0000 \SystemRoot\system32\DRIVERS\blbdrive.sys
0x043B1000 \SystemRoot\SysWow64\drivers\AsIO.sys
0x043B7000 \SystemRoot\system32\DRIVERS\tunnel.sys
0x043DD000 \SystemRoot\system32\DRIVERS\intelppm.sys
0x04200000 \SystemRoot\system32\drivers\ctaud2k.sys
0x042A9000 \SystemRoot\system32\drivers\portcls.sys
0x02FD4000 \SystemRoot\system32\drivers\drmk.sys
0x01A00000 \SystemRoot\system32\drivers\ks.sys
0x01BCB000 \SystemRoot\system32\drivers\ctoss2k.sys
0x042E6000 \SystemRoot\system32\drivers\ctprxy2k.sys
0x042EE000 \SystemRoot\system32\drivers\ksthunk.sys
0x10E7E000 \SystemRoot\system32\DRIVERS\nvlddmkm.sys
0x11AD9000 \SystemRoot\System32\Drivers\nvBridge.kmd
0x11ADB000 \SystemRoot\System32\drivers\dxgkrnl.sys
0x10E00000 \SystemRoot\System32\drivers\dxgmms1.sys
0x10E46000 \SystemRoot\system32\DRIVERS\HDAudBus.sys
0x10E6A000 \SystemRoot\system32\DRIVERS\usbuhci.sys
0x0448F000 \SystemRoot\system32\DRIVERS\USBPORT.SYS
0x044E5000 \SystemRoot\system32\DRIVERS\usbehci.sys
0x044F6000 \SystemRoot\system32\DRIVERS\yk62x64.sys
0x0455B000 \SystemRoot\system32\DRIVERS\1394ohci.sys
0x04599000 \SystemRoot\system32\DRIVERS\fdc.sys
0x045A6000 \SystemRoot\system32\DRIVERS\ASACPI.sys
0x045AE000 \SystemRoot\SysWOW64\drivers\Afc.sys
0x045B7000 \SystemRoot\System32\Drivers\AnyDVD.sys
0x045D9000 \SystemRoot\system32\DRIVERS\GEARAspiWDM.sys
0x04400000 \SystemRoot\System32\Drivers\amrbc5yj.SYS
0x04444000 \SystemRoot\system32\DRIVERS\wmiacpi.sys
0x0444D000 \SystemRoot\system32\DRIVERS\CompositeBus.sys
0x0445D000 \SystemRoot\system32\DRIVERS\AgileVpn.sys
0x11BCF000 \SystemRoot\system32\DRIVERS\rasl2tp.sys
0x04473000 \SystemRoot\system32\DRIVERS\ndistapi.sys
0x04C77000 \SystemRoot\system32\DRIVERS\ndiswan.sys
0x04CA6000 \SystemRoot\system32\DRIVERS\raspppoe.sys
0x04CC1000 \SystemRoot\system32\DRIVERS\raspptp.sys
0x04CE2000 \SystemRoot\system32\DRIVERS\rassstp.sys
0x04CFC000 \SystemRoot\system32\DRIVERS\rdpbus.sys
0x04D07000 \SystemRoot\system32\DRIVERS\kbdclass.sys
0x04D16000 \SystemRoot\system32\DRIVERS\mouclass.sys
0x04D87000 \SystemRoot\system32\DRIVERS\swenum.sys
0x04D89000 \SystemRoot\system32\drivers\WmBEnum.sys
0x04D8E000 \SystemRoot\system32\drivers\WmXlCore.sys
0x04DA0000 \SystemRoot\system32\drivers\LGBusEnum.sys
0x04DA4000 \SystemRoot\system32\DRIVERS\umbus.sys
0x04C00000 \SystemRoot\system32\DRIVERS\usbhub.sys
0x05426000 \SystemRoot\system32\drivers\ha20x22k.sys
0x055B3000 \SystemRoot\system32\drivers\emupia2k.sys
0x04D25000 \SystemRoot\system32\drivers\ctsfm2k.sys
0x05400000 \SystemRoot\system32\DRIVERS\flpydisk.sys
0x0540B000 \SystemRoot\System32\Drivers\NDProxy.SYS
0x04D5D000 \SystemRoot\System32\drivers\CTHWIUT.SYS
0x04DB6000 \SystemRoot\System32\drivers\CT20XUT.SYS
0x05C5A000 \SystemRoot\System32\drivers\CTEXFIFX.SYS
0x05DBE000 \SystemRoot\system32\drivers\nvhda64v.sys
0x000F0000 \SystemRoot\System32\win32k.sys
0x05DE7000 \SystemRoot\System32\drivers\Dxapi.sys
0x05C00000 \SystemRoot\system32\DRIVERS\udfs.sys
0x04C5A000 \SystemRoot\system32\DRIVERS\monitor.sys
0x00460000 \SystemRoot\System32\TSDDD.dll
0x00670000 \SystemRoot\System32\cdd.dll
0x01A85000 \SystemRoot\system32\DRIVERS\USBSTOR.SYS
0x05C54000 \SystemRoot\system32\DRIVERS\USBD.SYS
0x03E21000 \SystemRoot\system32\drivers\luafv.sys
0x03E44000 \SystemRoot\system32\drivers\WudfPf.sys
0x03E65000 \SystemRoot\System32\Drivers\crashdmp.sys
0x03E73000 \SystemRoot\System32\Drivers\dump_dumpata.sys
0x03E7F000 \SystemRoot\System32\Drivers\dump_atapi.sys
0x03E88000 \SystemRoot\System32\Drivers\dump_dumpfve.sys
0x03E9B000 \SystemRoot\System32\Drivers\fastfat.SYS
0x03ED1000 \SystemRoot\system32\DRIVERS\usbccgp.sys
0x05E06000 \SystemRoot\system32\DRIVERS\lvuvc64.sys
0x03EEE000 \SystemRoot\system32\drivers\usbaudio.sys
0x03F09000 \SystemRoot\system32\DRIVERS\lvrs64.sys
0x05E00000 \SystemRoot\system32\drivers\Kone.sys
0x03F5B000 \SystemRoot\system32\DRIVERS\hidusb.sys
0x03F69000 \SystemRoot\system32\DRIVERS\HIDCLASS.SYS
0x03F82000 \SystemRoot\system32\DRIVERS\HIDPARSE.SYS
0x03F8B000 \SystemRoot\system32\DRIVERS\mouhid.sys
0x03F98000 \SystemRoot\system32\DRIVERS\kbdhid.sys
0x03FA6000 \SystemRoot\system32\DRIVERS\WUDFRd.sys
0x03FD7000 \SystemRoot\system32\DRIVERS\lltdio.sys
0x03E00000 \SystemRoot\system32\DRIVERS\rspndr.sys
0x06A95000 \SystemRoot\system32\drivers\HTTP.sys
0x06B5D000 \SystemRoot\system32\DRIVERS\bowser.sys
0x06B7B000 \SystemRoot\System32\drivers\mpsdrv.sys
0x06B93000 \SystemRoot\system32\DRIVERS\mrxsmb.sys
0x06A00000 \SystemRoot\system32\DRIVERS\mrxsmb10.sys
0x06A4E000 \SystemRoot\system32\DRIVERS\mrxsmb20.sys
0x06CFC000 \??\C:\Windows\system32\drivers\acedrv11.sys
0x06D56000 \SystemRoot\system32\DRIVERS\atksgt.sys
0x06DA5000 \SystemRoot\system32\DRIVERS\lirsgt.sys
0x06C00000 \SystemRoot\system32\drivers\peauth.sys
0x06CA6000 \SystemRoot\System32\Drivers\secdrv.SYS
0x06CB1000 \SystemRoot\System32\DRIVERS\srvnet.sys
0x06CDE000 \SystemRoot\System32\drivers\tcpipreg.sys
0x06CF0000 \??\C:\Users\Fischmoesi\AppData\Local\Microsoft\Windows Sidebar\Gadgets\IntelCoreSeries24.gadget\WinRing0x64.sys
0x074F0000 \SystemRoot\System32\DRIVERS\srv2.sys
0x07557000 \SystemRoot\System32\DRIVERS\srv.sys
0x075F5000 \SystemRoot\system32\DRIVERS\LVPr2M64.sys
0x0740A000 \SystemRoot\system32\drivers\LGVirHid.sys
0x0740D000 \SystemRoot\system32\drivers\WmVirHid.sys
0x07410000 \??\C:\Windows\system32\drivers\mbam.sys
0x0748B000 \??\C:\Windows\system32\Drivers\PROCEXP113.SYS
0x07493000 \SystemRoot\system32\DRIVERS\MpNWMon.sys
0x074A3000 \SystemRoot\system32\DRIVERS\NisDrvWFP.sys
0x77550000 \Windows\System32\ntdll.dll
0x47660000 \Windows\System32\smss.exe
0xFF870000 \Windows\System32\apisetschema.dll
0xFFDE0000 \Windows\System32\autochk.exe
0xFF750000 \Windows\System32\msctf.dll
0xFF680000 \Windows\System32\usp10.dll
0xFF5E0000 \Windows\System32\msvcrt.dll
0xFF4B0000 \Windows\System32\rpcrt4.dll
0x77400000 \Windows\System32\urlmon.dll
0xFF430000 \Windows\System32\difxapi.dll
0x772E0000 \Windows\System32\kernel32.dll
0xFE6A0000 \Windows\System32\shell32.dll
0xFE650000 \Windows\System32\Wldap32.dll
0xFE630000 \Windows\System32\imagehlp.dll
0x77720000 \Windows\System32\normaliz.dll
0xFE610000 \Windows\System32\sechost.dll
0xFE570000 \Windows\System32\clbcatq.dll
0xFE560000 \Windows\System32\lpk.dll
0xFE350000 \Windows\System32\ole32.dll
0xFE270000 \Windows\System32\oleaut32.dll
0x770D0000 \Windows\System32\iertutil.dll
0xFE190000 \Windows\System32\advapi32.dll
0xFE180000 \Windows\System32\nsi.dll
0xFE150000 \Windows\System32\imm32.dll
0xFE100000 \Windows\System32\ws2_32.dll
0x76FD0000 \Windows\System32\user32.dll
0x76E70000 \Windows\System32\wininet.dll
0xFE080000 \Windows\System32\shlwapi.dll
0xFDFE0000 \Windows\System32\comdlg32.dll
0xFDE00000 \Windows\System32\setupapi.dll
0x77710000 \Windows\System32\psapi.dll
0xFDD90000 \Windows\System32\gdi32.dll
0xFDCF0000 \Windows\System32\comctl32.dll
0xFDCB0000 \Windows\System32\cfgmgr32.dll
0xFDC70000 \Windows\System32\wintrust.dll
0xFDC00000 \Windows\System32\KernelBase.dll
0xFDA90000 \Windows\System32\crypt32.dll
0xFDA70000 \Windows\System32\devobj.dll
0xFDA60000 \Windows\System32\msasn1.dll
0x77700000 \Windows\SysWOW64\normaliz.dll
Processes (total 80):
0 System Idle Process
4 System
452 C:\Windows\System32\smss.exe
568 csrss.exe
644 C:\Windows\System32\wininit.exe
668 csrss.exe
704 C:\Windows\System32\services.exe
720 C:\Windows\System32\lsass.exe
728 C:\Windows\System32\lsm.exe
840 C:\Windows\System32\svchost.exe
884 C:\Windows\System32\winlogon.exe
948 C:\Windows\System32\nvvsvc.exe
1008 C:\Windows\System32\svchost.exe
468 C:\Program Files\Microsoft Security Client\Antimalware\MsMpEng.exe
656 C:\Windows\System32\svchost.exe
1036 C:\Windows\System32\svchost.exe
1064 C:\Windows\System32\svchost.exe
1216 C:\Program Files (x86)\Creative\Shared Files\CTAudSvc.exe
1316 C:\Windows\System32\svchost.exe
1520 C:\Program Files\NVIDIA Corporation\Display\NvXDSync.exe
1532 C:\Windows\System32\nvvsvc.exe
1592 WUDFHost.exe
1776 WUDFHost.exe
1836 C:\Windows\System32\svchost.exe
1956 C:\Windows\System32\spoolsv.exe
1996 C:\Windows\System32\svchost.exe
1648 C:\Windows\System32\AEADISRV.EXE
1732 C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
2032 C:\Program Files (x86)\ASUS\AsSysCtrlService\1.00.02\AsSysCtrlService.exe
1452 C:\Program Files (x86)\Bonjour\mDNSResponder.exe
1716 C:\Program Files (x86)\Common Files\MAGIX Services\Database\bin\FABS.exe
1636 C:\Windows\System32\svchost.exe
2052 C:\Program Files (x86)\Canon\IJPLM\ijplmsvc.exe
2136 C:\ASUS.SYS\CONFIG\DVMExportService.exe
2204 C:\Windows\SysWOW64\PnkBstrA.exe
2228 C:\Program Files (x86)\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe
2276 C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe
2308 C:\Windows\System32\svchost.exe
2336 C:\Program Files (x86)\TeamViewer\Version6\TeamViewer_Service.exe
2416 C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
2496 C:\Program Files (x86)\Spybot - Search & Destroy\SDWinSec.exe
2800 C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVCM.EXE
2092 C:\Windows\System32\dwm.exe
2968 C:\Windows\explorer.exe
3472 C:\Windows\System32\SearchIndexer.exe
3692 C:\Windows\System32\svchost.exe
3936 C:\Windows\System32\taskhost.exe
3096 C:\Program Files\Windows Media Player\WMPSideShowGadget.exe
4144 C:\Program Files (x86)\Windows Media Player\wmplayer.exe
5092 C:\Program Files\Windows Media Player\wmpnetwk.exe
5852 taskhost.exe
5740 C:\Program Files\Microsoft Security Client\msseces.exe
5768 C:\Program Files\Logitech\GamePanel Software\LGDevAgt.exe
6036 C:\Program Files\Windows Sidebar\sidebar.exe
5232 C:\Program Files (x86)\Schmads Inc\G15_TeamSpeak\G15_TeamSpeak.exe
6096 C:\Program Files (x86)\Creative\Sound Blaster X-Fi\Volume Panel\VolPanlu.exe
4704 C:\Program Files\ASUS\TurboV\TurboV.exe
2296 C:\Windows\SysWOW64\CTxfispi.exe
6184 C:\Windows\System32\svchost.exe
6888 dllhost.exe
7020 WmiPrvSE.exe
8140 C:\Program Files\Microsoft Security Client\Antimalware\NisSrv.exe
8448 C:\Program Files\Internet Explorer\iexplore.exe
8852 C:\Program Files\Internet Explorer\iexplore.exe
8184 C:\Program Files\Internet Explorer\iexplore.exe
1508 C:\Program Files\Internet Explorer\iexplore.exe
544 C:\Program Files\Internet Explorer\iexplore.exe
7868 C:\Program Files\Internet Explorer\iexplore.exe
7424 WUDFHost.exe
4292 C:\Program Files\Internet Explorer\iexplore.exe
4232 C:\Program Files (x86)\Mozilla Firefox\firefox.exe
7564 C:\Program Files (x86)\Mozilla Firefox\plugin-container.exe
3872 C:\Windows\System32\taskhost.exe
7228 C:\Program Files\Internet Explorer\iexplore.exe
9152 C:\Program Files\Internet Explorer\iexplore.exe
4472 C:\Windows\System32\audiodg.exe
1580 C:\Windows\System32\SearchProtocolHost.exe
9084 C:\Windows\System32\SearchFilterHost.exe
516 C:\Users\Fischmoesi\Desktop\MBRCheck.exe
9268 C:\Windows\System32\conhost.exe
\\.\C: --> \\.\PhysicalDrive2 at offset 0x00000000`06500000 (NTFS)
\\.\E: --> \\.\PhysicalDrive4 at offset 0x00000000`00100000 (NTFS)
\\.\F: --> \\.\PhysicalDrive1 at offset 0x00000000`007e0000 (NTFS)
\\.\G: --> \\.\PhysicalDrive3 at offset 0x00000000`00100000 (NTFS)
\\.\H: --> \\.\PhysicalDrive0 at offset 0x00000000`00100000 (NTFS)
\\.\K: --> \\.\PhysicalDrive5 at offset 0x00000000`00007e00 (FAT32)
PhysicalDrive2 Model Number: WDCWD1500HLFS-01G6U1, Rev: 04.04V02
PhysicalDrive4 Model Number: WDCWD3000GLFS-01F8U0, Rev: 03.03V01
PhysicalDrive1 Model Number: SAMSUNGHD103UJ, Rev: 1AA01113
PhysicalDrive3 Model Number: SAMSUNGHD103UJ, Rev: 1AA01118
PhysicalDrive0 Model Number: ST3320620AS, Rev: 3.AAD
PhysicalDrive5 Model Number: WDC WD1600BB-00RDA0, Rev:
Size Device Name MBR Status
--------------------------------------------
139 GB \\.\PhysicalDrive2 Windows 7 MBR code detected
SHA1: 4379A3D43019B46FA357F7DD6A53B45A3CA8FB79
279 GB \\.\PhysicalDrive4 Windows 7 MBR code detected
SHA1: 4379A3D43019B46FA357F7DD6A53B45A3CA8FB79
931 GB \\.\PhysicalDrive1 Unknown MBR code
SHA1: 639AC5CDF8A5CF3245975932C6A4215450A7B98F
931 GB \\.\PhysicalDrive3 Windows 7 MBR code detected
SHA1: 4379A3D43019B46FA357F7DD6A53B45A3CA8FB79
298 GB \\.\PhysicalDrive0 Windows 2008 MBR code detected
SHA1: 8DF43F2BDE2D9451948FA14B5279969C777A7979
149 GB \\.\PhysicalDrive5 RE: Unknown MBR code
SHA1: 4597B86E5C26EF38751DCC0504D119D7F3351C8A
Found non-standard or infected MBR.
Enter 'Y' and hit ENTER for more options, or 'N' to exit:
Done!
|
|
21.02.2011, 11:14
| #12 |
| /// Winkelfunktion /// TB-Süch-Tiger™ | iexplore.exe / über 10 mal im Task Manager / Prozess belegt Arbeitsspeicher Du hast 6 Festplatten im Rechner??  Ist nur auf einer ein Betriebssystem installiert?
__________________ Logfiles bitte immer in CODE-Tags posten |
|
21.02.2011, 13:43
| #13 |
| | iexplore.exe / über 10 mal im Task Manager / Prozess belegt Arbeitsspeicher Ich habe 5 im Rechner und 1 ist USB Platte. Das Betriebssystem ist nur auf 1 installiert. |
|
21.02.2011, 14:00
| #14 |
| /// Winkelfunktion /// TB-Süch-Tiger™ | iexplore.exe / über 10 mal im Task Manager / Prozess belegt Arbeitsspeicher Dann gehts i.O. Mach bitte zur Kontrolle Vollscans mit Malwarebytes und SUPERAntiSpyware und poste die Logs. Denk dran beide Tools zu updaten vor dem Scan!!
__________________ Logfiles bitte immer in CODE-Tags posten |
|
21.02.2011, 19:57
| #15 |
| | iexplore.exe / über 10 mal im Task Manager / Prozess belegt Arbeitsspeicher Malearebytes Code:
ATTFilter Malwarebytes' Anti-Malware 1.50.1.1100
www.malwarebytes.org
Datenbank Version: 5829
Windows 6.1.7600
Internet Explorer 9.0.8080.16413
21.02.2011 15:45:04
mbam-log-2011-02-21 (15-45-04).txt
Art des Suchlaufs: Vollständiger Suchlauf (C:\|E:\|F:\|G:\|H:\|K:\|)
Durchsuchte Objekte: 782009
Laufzeit: 1 Stunde(n), 25 Minute(n), 42 Sekunde(n)
Infizierte Speicherprozesse: 0
Infizierte Speichermodule: 0
Infizierte Registrierungsschlüssel: 0
Infizierte Registrierungswerte: 0
Infizierte Dateiobjekte der Registrierung: 0
Infizierte Verzeichnisse: 0
Infizierte Dateien: 0
Infizierte Speicherprozesse:
(Keine bösartigen Objekte gefunden)
Infizierte Speichermodule:
(Keine bösartigen Objekte gefunden)
Infizierte Registrierungsschlüssel:
(Keine bösartigen Objekte gefunden)
Infizierte Registrierungswerte:
(Keine bösartigen Objekte gefunden)
Infizierte Dateiobjekte der Registrierung:
(Keine bösartigen Objekte gefunden)
Infizierte Verzeichnisse:
(Keine bösartigen Objekte gefunden)
Infizierte Dateien:
(Keine bösartigen Objekte gefunden)
|
|
| Themen zu iexplore.exe / über 10 mal im Task Manager / Prozess belegt Arbeitsspeicher |
| arbeitsspeicher, beendet, betrieb, datei, defender, desktop, erscheint, explorer, frage, fragen, hoffe, iexplore.exe, interne, internet, internet explorer, langsamer, leute, manager, mehrfach, programme, prozess, rechner, security, stunden, task manager |
Linear-Darstellung
