Host Process und ein Virus, der Tabs öffnet

Minako · 15.04.2011, 18:28

Hallo liebe Community!
Ich wende mich nun an dieses Board, nachdem meine Freunde und ich uns keinen Reim darauf machen konnten, was denn mit meinem PC los ist. Auch Google Suchen brachten nichts, da ich dieses Fachchinesisch in den meisten Foren nicht verstanden habe und auf englisch sowieso nicht o_O Darum versuche ich hier mein Glück!

Zuerst etwas allgemeines zu meinem Betriebssystem:
Vista Home Premium, SP2, Version amerikanisch
Processor: Intel(R) Pentium(R) Dual CPU E2140 1.60 GHz
Memory RAM 1.00 GB
32Bit

So, nun zu meinen Problemen. Das erste ist nicht so schlimm und stört mich eigentlich kaum, dennoch fürchte ich, das es ein Virus ist, den ich gerne loswerden möchte: Wenn ich in Firefox bin und nichts tue, öffnen sich wie von selbst gern mal Werbetabs, oder Tabs mit anderem Bullshit (eventuell sogar Stuff, wo sich mehr unerwünschter Kram runterlädt) und ich absolut nicht weiß, was es ist o.O

Ob das zweite gravierende Problem nun in dieses Board gehört, weiß ich nicht, aber es nervt mich total und es behindert meinen PC auch totalst. Und gerade beim schreiben, kommt diese nette Meldung erneut. Ich screene sie mal für euch.

Das wäre diese nette Meldung. Was danach passiert ist meist unterschiedlich, aber oft wird danach der Bildschirm kurz schwarz, die Vista Anzeige spinnt und wird entweder bei Programmen oder die ganze Taskleiste wird dann grau und altmodisch (also Designmäßig von XP und älter) und kurze Zeit ist dann auch das Internet langsam. Ich hab alles versucht, aber nichts hat geholfen. Ich überfordere das System nicht mit vielen offenen Programmen gleichzeitig und auch Internet Suchen haben nichts gebracht.
Ich hoffe, das mir hier jemand helfen kann!

Liebe Grüße
Minako

cosinus · 15.04.2011, 18:50

Zitat:

habe und auf englisch sowieso nicht
Version amerikanisch

Äh versteh ich dich richtig, englisch liegt dir nicht so gut, du nutzt aber eine "amerikanische" Windows -Version?

markusg · 15.04.2011, 18:50

Systemscan mit OTL
download otl:
http://filepony.de/download-otl/

Doppelklick auf die OTL.exe
(user von Windows 7 und Vista: Rechtsklick als Administrator ausführen)
1. Oben findest Du ein Kästchen mit Output. Wähle bitte Minimal Output
2. Hake an "scan all users"
3. Unter "Extra Registry wähle:
"Use Safelist" "LOP Check" "Purity Check"
4. Kopiere in die Textbox:
netsvcs
msconfig
safebootminimal
safebootnetwork
activex
drivers32
%ALLUSERSPROFILE%\Application Data\*.
%ALLUSERSPROFILE%\Application Data\*.exe /s
%APPDATA%\*.
%APPDATA%\*.exe /s
%SYSTEMDRIVE%\*.exe
/md5start
userinit.exe
eventlog.dll
scecli.dll
netlogon.dll
cngaudit.dll
ws2ifsl.sys
sceclt.dll
ntelogon.dll
winlogon.exe
logevent.dll
user32.DLL
explorer.exe
iaStor.sys
nvstor.sys
atapi.sys
IdeChnDr.sys
viasraid.sys
AGP440.sys
vaxscsi.sys
nvatabus.sys
viamraid.sys
nvata.sys
nvgts.sys
iastorv.sys
ViPrt.sys
eNetHook.dll
ahcix86.sys
KR10N.sys
nvstor32.sys
ahcix86s.sys
/md5stop
%systemroot%\system32\drivers\*.sys /lockedfiles
%systemroot%\System32\config\*.sav
%systemroot%\*. /mp /s
%systemroot%\system32\*.dll /lockedfiles
CREATERESTOREPOINT
5. Klicke "Scan"
6. 2 reporte werden erstellt:
OTL.Txt
Extras.Txt
beide posten

Minako · 15.04.2011, 19:14

Zitat:

Zitat von cosinus

Äh versteh ich dich richtig, englisch liegt dir nicht so gut, du nutzt aber eine "amerikanische" Windows -Version?

Äh doch englisch liegt mir, aber da ich in den Fachbegriffen der EDV ja nicht sonderlich gut bin, ist mir das ganze in englisch noch schwerer zu erfassen ^^ Ich kapier das ja auf deutsch schon kaum ^^ Und warum ich n amerikanisches BS hab ist sowieso eine lange Geschichte *abwink*

@Markusg:
Danke, hab das alles mal gemacht.
Also:

Bei Extras steht:
OTL Logfile:

Code:

ATTFilter

OTL Extras logfile created on: 15.04.2011 19:53:34 - Run 1
OTL by OldTimer - Version 3.2.22.3     Folder = C:\Users\Minako\Pictures
Windows Vista Home Premium Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.19019)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
 
1.014,00 Mb Total Physical Memory | 122,00 Mb Available Physical Memory | 12,00% Memory free
2,00 Gb Paging File | 1,00 Gb Available in Paging File | 29,00% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 148,49 Gb Total Space | 31,74 Gb Free Space | 21,37% Space Free | Partition Type: NTFS
Drive D: | 100,00 Mb Total Space | 61,43 Mb Free Space | 61,43% Space Free | Partition Type: NTFS
Drive E: | 72,58 Gb Total Space | 22,43 Gb Free Space | 30,90% Space Free | Partition Type: NTFS
 
Computer Name: MINAKO-PC | User Name: Minako | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
 
========== Extra Registry (SafeList) ==========
 
 
========== File Associations ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- C:\Windows\System32\control.exe (Microsoft Corporation)
.hlp [@ = hlpfile] -- C:\Windows\winhlp32.exe (Microsoft Corporation)
 
[HKEY_USERS\S-1-5-21-2379896403-3557715863-3817968929-1000\SOFTWARE\Classes\<extension>]
.html [@ = FirefoxHTML] -- C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation)
 
========== Shell Spawning ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
hlpfile [open] -- %SystemRoot%\winhlp32.exe %1 (Microsoft Corporation)
htmlfile [edit] -- Reg Error: Key error.
htmlfile [print] -- rundll32.exe %windir%\system32\mshtml.dll,PrintHTML "%1"
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe /separate,/idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /separate,/e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
 
========== Security Center Settings ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0
"VistaSp1" = Reg Error: Unknown registry data type -- File not found
"VistaSp2" = Reg Error: Unknown registry data type -- File not found
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]
 
========== Firewall Settings ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0
 
========== Authorized Applications List ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
"C:\Program Files\Orbitdownloader\orbitdm.exe" = C:\Program Files\Orbitdownloader\orbitdm.exe:*:Enabled:Orbit -- (Orbitdownloader.com)
"C:\Program Files\Orbitdownloader\orbitnet.exe" = C:\Program Files\Orbitdownloader\orbitnet.exe:*:Enabled:Orbit -- (Orbitdownloader.com)
 
 
========== Vista Active Open Ports Exception List ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{0E09EE5B-9BC3-4B44-9E7F-ABFEDAB09A6C}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe | 
"{115DA4E6-E068-46A3-8047-93DCE833E598}" = lport=547 | protocol=17 | dir=in | svc=sharedaccess | app=%systemroot%\system32\svchost.exe | 
"{3B133E8E-BFDA-43B2-8BBF-3A492B448DCF}" = lport=2869 | protocol=6 | dir=in | app=system | 
"{51AA9513-919C-4FFD-BCE8-1753E19C68D6}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=svchost.exe | 
"{5A6333C5-D82F-4CD5-BFAE-EF8923D3E99B}" = rport=2869 | protocol=6 | dir=out | app=system | 
"{90E6E29A-7D75-429B-A64B-87467C8CA70C}" = lport=67 | protocol=17 | dir=in | svc=sharedaccess | app=%systemroot%\system32\svchost.exe | 
"{95D7B3C0-34F1-40FF-94BD-358E83F3DEA0}" = lport=53 | protocol=17 | dir=in | svc=sharedaccess | app=%systemroot%\system32\svchost.exe | 
"{D90F1DA8-E8DF-45CC-A229-DB13B7BF8DD1}" = lport=2869 | protocol=6 | dir=in | app=system | 
"{EB16B927-8DF3-48BE-AC7A-7B425E99A19E}" = lport=68 | protocol=17 | dir=in | svc=sharedaccess | app=%systemroot%\system32\svchost.exe | 
"{F435E6B7-2FBD-4B6E-97C0-7182EE07AC52}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe | 
 
========== Vista Active Application Exception List ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{067BB7CF-47E6-4E08-A835-E223BD39D868}" = protocol=17 | dir=in | app=c:\program files\avg\avg10\avgmfapx.exe | 
"{095EC44D-09AC-4186-AC42-D7931A111E47}" = protocol=58 | dir=in | name=@hnetcfg.dll,-148 | 
"{0BBAA132-1151-47CF-BF99-1FF35C1A5F7B}" = protocol=6 | dir=out | svc=upnphost | app=%systemroot%\system32\svchost.exe | 
"{0F4CC72F-02B0-4CC5-A829-B275F69945D8}" = protocol=6 | dir=in | app=c:\program files\avg\avg10\avgnsx.exe | 
"{21966928-2102-492B-9C49-F1D726C04AE0}" = protocol=17 | dir=in | app=c:\program files\utorrent\utorrent.exe | 
"{287A1A0F-77EA-4F54-9441-C5D68EF9381F}" = protocol=17 | dir=in | app=c:\program files\teamviewer\version6\teamviewer.exe | 
"{30EC5FD3-C526-40B0-B3D3-D2ED563D766A}" = protocol=17 | dir=in | app=c:\program files\teamviewer\version6\teamviewer_service.exe | 
"{5195B1ED-7CA0-409E-B7D6-85B8FF94FC7B}" = dir=in | app=c:\program files\windows live\sync\windowslivesync.exe | 
"{5A4AA73F-B1DE-4FD3-95E0-50B3AD7CA161}" = dir=out | svc=sharedaccess | app=%systemroot%\system32\svchost.exe | 
"{5CAC70B5-9242-4A26-B356-C6335895145A}" = protocol=6 | dir=in | app=c:\program files\avg\avg10\avgmfapx.exe | 
"{6098DA93-D24B-43C1-8299-0BF009935892}" = dir=in | app=c:\program files\wificonnector\nintendowfcreg.exe | 
"{720CC2FA-BB87-4C74-B85D-A6FBF94A96B6}" = protocol=6 | dir=in | app=c:\program files\teamviewer\version6\teamviewer_service.exe | 
"{7A5668A2-53FD-4077-B89F-9146492C1914}" = protocol=6 | dir=in | app=c:\program files\avg\avg10\avgdiagex.exe | 
"{7BFFBA77-18C3-4D52-B949-DC2778AE9567}" = protocol=6 | dir=in | app=c:\program files\utorrent\utorrent.exe | 
"{999C245E-D4F4-42D3-A4ED-E95A8B279858}" = protocol=17 | dir=in | app=c:\program files\avg\avg10\avgemcx.exe | 
"{9E5DF261-31F9-43D1-8626-4A66582A8B89}" = protocol=6 | dir=in | app=c:\program files\avg\avg10\avgemcx.exe | 
"{9EF209F0-A5F6-4997-B51C-2B96B817BA25}" = protocol=17 | dir=in | app=c:\program files\avg\avg10\avgnsx.exe | 
"{B14234DE-D36E-49BB-8CF7-875ABB2B855B}" = protocol=17 | dir=in | app=c:\program files\avg\avg10\avgdiagex.exe | 
"{BC1F2791-1FE6-40EC-B598-BE2C167F7829}" = protocol=6 | dir=in | app=c:\program files\teamviewer\version6\teamviewer.exe | 
"{CF536A6E-83CC-46E0-A503-03410287E66B}" = dir=in | app=c:\program files\windows live\messenger\msnmsgr.exe | 
"{D243DC24-B5B4-46CB-890E-A1B13D21D4EB}" = dir=in | app=c:\program files\windows live\messenger\wlcsdk.exe | 
"TCP Query User{46E4ED1B-3656-434A-A3FC-650B3A945D6B}C:\program files\keyholetv\keyholetv.exe" = protocol=6 | dir=in | app=c:\program files\keyholetv\keyholetv.exe | 
"TCP Query User{57688C0D-C300-4705-8C2D-CEE1A2DDA21E}C:\program files\orbitdownloader\orbitnet.exe" = protocol=6 | dir=in | app=c:\program files\orbitdownloader\orbitnet.exe | 
"TCP Query User{720C989E-62B3-438A-88C6-12E8B76D78E9}C:\program files\java\jre6\bin\javaw.exe" = protocol=6 | dir=in | app=c:\program files\java\jre6\bin\javaw.exe | 
"TCP Query User{8CCFF49F-3BBA-4DD4-884E-935766881E46}C:\program files\internet explorer\iexplore.exe" = protocol=6 | dir=in | app=c:\program files\internet explorer\iexplore.exe | 
"TCP Query User{9EEA8807-2650-471A-A607-2020849DE208}C:\program files\java\jre6\bin\java.exe" = protocol=6 | dir=in | app=c:\program files\java\jre6\bin\java.exe | 
"TCP Query User{E1B79362-8474-4F0C-B227-5992409550ED}C:\program files\keyholetv\keyholetv.exe" = protocol=6 | dir=in | app=c:\program files\keyholetv\keyholetv.exe | 
"TCP Query User{E9B92BC7-E7EF-467A-BE5B-DB57D3A1EE43}C:\program files\internet explorer\iexplore.exe" = protocol=6 | dir=in | app=c:\program files\internet explorer\iexplore.exe | 
"TCP Query User{ED64C6C2-079A-473B-A3FF-DEFDB30CA01C}C:\program files\mozilla firefox\firefox.exe" = protocol=6 | dir=in | app=c:\program files\mozilla firefox\firefox.exe | 
"TCP Query User{F9F25E5E-AC3D-4B69-93AB-2045AD04B3F8}C:\program files\java\jre6\bin\javaw.exe" = protocol=6 | dir=in | app=c:\program files\java\jre6\bin\javaw.exe | 
"UDP Query User{0B625B63-D571-4368-B77E-9813B0B6052F}C:\program files\keyholetv\keyholetv.exe" = protocol=17 | dir=in | app=c:\program files\keyholetv\keyholetv.exe | 
"UDP Query User{1B01D163-43A4-4766-A78C-5657D537B9D9}C:\program files\keyholetv\keyholetv.exe" = protocol=17 | dir=in | app=c:\program files\keyholetv\keyholetv.exe | 
"UDP Query User{56E7F91F-4CFD-4CB4-B932-5FB71CF3C21C}C:\program files\java\jre6\bin\javaw.exe" = protocol=17 | dir=in | app=c:\program files\java\jre6\bin\javaw.exe | 
"UDP Query User{5771F1D4-1E37-4048-96B0-88E2AC325563}C:\program files\internet explorer\iexplore.exe" = protocol=17 | dir=in | app=c:\program files\internet explorer\iexplore.exe | 
"UDP Query User{9187C805-FFC1-44EB-B69C-C5C29DCE4474}C:\program files\orbitdownloader\orbitnet.exe" = protocol=17 | dir=in | app=c:\program files\orbitdownloader\orbitnet.exe | 
"UDP Query User{919EF24B-41DB-4CCA-81A8-CDB28F2BCF04}C:\program files\java\jre6\bin\java.exe" = protocol=17 | dir=in | app=c:\program files\java\jre6\bin\java.exe | 
"UDP Query User{96E1A364-134B-4853-97C3-B9DD4D30BC17}C:\program files\java\jre6\bin\javaw.exe" = protocol=17 | dir=in | app=c:\program files\java\jre6\bin\javaw.exe | 
"UDP Query User{9998D7D1-281F-4FD0-9113-06898A673E51}C:\program files\internet explorer\iexplore.exe" = protocol=17 | dir=in | app=c:\program files\internet explorer\iexplore.exe | 
"UDP Query User{D2633EA2-CF86-41F0-833F-7C031A7761E4}C:\program files\mozilla firefox\firefox.exe" = protocol=17 | dir=in | app=c:\program files\mozilla firefox\firefox.exe | 
 
========== HKEY_LOCAL_MACHINE Uninstall List ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{1199FAD5-9546-44f3-81CF-FFDB8040B7BF}_Canon_MP250_series" = Canon MP250 series MP Drivers
"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
"{205C6BDD-7B73-42DE-8505-9A093F35A238}" = Windows Live-Uploadtool
"{22B775E7-6C42-4FC5-8E10-9A5E3257BD94}" = MSVCRT
"{26A24AE4-039D-4CA4-87B4-2F83216022FF}" = Java(TM) 6 Update 22
"{28C2DED6-325B-4CC7-983A-1777C8F7FBAB}" = RealUpgrade 1.1
"{29042B1C-0713-4575-B7CA-5C8E7B0899D4}" = MySQL Connector/ODBC 5.1
"{3175E049-F9A9-4A3D-8F19-AC9FB04514D1}" = Windows Live Communications Platform
"{3C3901C5-3455-3E0A-A214-0B093A5070A6}" = Microsoft .NET Framework 4 Client Profile
"{4286716B-1287-48E7-9078-3DC8248DBA96}" = OpenOffice.org 3.3
"{46B34A3B-DC6E-43DC-9746-1D2C93C242EC}}_is1" = Nordschlacht Launcher 1.1
"{4817189D-1785-4627-A33C-39FD90919300}" = Die Sims™ 2 Haustiere
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{52B97218-98CB-4B8B-9283-D213C85E1AA4}" = Windows Live Anmelde-Assistent
"{586509F0-350D-48B5-B763-9CC2F8D96C4C}" = Windows Live Sync
"{7770E71B-2D43-4800-9CB3-5B6CAAEBEBEA}" = RealNetworks - Microsoft Visual C++ 2008 Runtime
"{7B3577F5-1D82-4C9B-008B-69D026FD8BCA}" = Die Sims 2: Open For Business
"{850C7BD3-9F3F-46AD-9396-E7985B38C55E}" = Windows Live Fotogalerie
"{95120000-00B9-0409-0000-0000000FF1CE}" = Microsoft Application Error Reporting
"{9C244239-ED8E-40f1-937F-51C706CD2160}" = Die Sims™ 2 Deluxe
"{A7496F46-78AE-4DB2-BCF5-95F210FA6F96}" = Windows Live Movie Maker
"{AED2DD42-9853-407E-A6BC-8A1D6B715909}" = Windows Live Messenger
"{B3AEF776-7FFF-4C50-A402-9119E3849EE0}" = AVG 2011
"{B4092C6D-E886-4CB2-BA68-FE5A88D31DE6}_is1" = Spybot - Search & Destroy
"{B93DCF58-AA57-41EC-8D69-B05C66C6312D}_is1" = v2011.build.46
"{CAFA57E8-8927-4912-AFCF-B0AA3837E989}" = Windows Live Essentials
"{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1
"{D2041A37-5FEC-49F0-AE5C-3F2FFDFAA4F4}" = Windows Live Call
"{D4E53304-1F6C-4111-9872-1BCD2CF5B642}" = AVG 2011
"{DFEF49D9-FC95-4301-99B9-2FB91C6ABA06}" = Die Sims™ 2 Vier Jahreszeiten
"{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}" = Microsoft SQL Server 2005 Compact Edition [ENU]
"{F0E12BBA-AD66-4022-A453-A1C8A0C4D570}" = Microsoft Choice Guard
"{FF66E9F6-83E7-3A3E-AF14-8DE9A809A6A4}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022
"Adobe Flash Player ActiveX" = Adobe Flash Player 10 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 10 Plugin
"AIDA32_is1" = AIDA32 v3.93
"AVG" = AVG 2011
"BSPlayerf" = BS.Player FREE
"conduitEngine" = Conduit Engine 
"Driver Genius Professional Edition_is1" = Driver Genius Professional Edition
"DVDVideoSoftTB Toolbar" = DVDVideoSoftTB Toolbar
"Free Audio CD Burner_is1" = Free Audio CD Burner version 1.4.7
"Free Video to JPG Converter_is1" = Free Video to JPG Converter version 1.8.7.305
"Free YouTube to MP3 Converter_is1" = Free YouTube to MP3 Converter version 3.9.31
"Grand Fantasia" = Grand Fantasia
"HDMI" = Intel(R) Graphics Media Accelerator Driver
"JDownloader" = JDownloader
"KeyHoleTV" = KeyHoleTV
"Messenger Plus!" = Messenger Plus! 5
"Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1
"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile
"MKV TO AVI CONVERTER_is1" = MKV TO AVI CONVERTER version 3.22
"Mozilla Firefox (3.6.16)" = Mozilla Firefox (3.6.16)
"NewSelcouth" = NewSelcouth
"NirSoft WinUpdatesList" = NirSoft WinUpdatesList
"Orbit_is1" = Orbit Downloader
"PhotoScape" = PhotoScape
"RadarSync2 Toolbar" = RadarSync2 Toolbar
"RealPlayer 12.0" = RealPlayer
"RollerCoaster Tycoon Setup" = Roll
"Sims2Pack Clean Installer" = Sims2Pack Clean Installer
"Super_nude_patch_II_1.0" = Super nude patch II 2.8
"SystemRequirementsLab" = System Requirements Lab
"TeamViewer 6" = TeamViewer 6
"TVWiz" = Intel(R) TV Wizard
"UltraGet Video Downloader_is1" = UltraGet Video Downloader 3.0.1
"Uninstall_is1" = Uninstall 1.0.0.1
"uTorrent" = µTorrent
"WiFiConnector" = Registrierungsprogramm für den Nintendo Wi-Fi USB Connector
"WinLiveSuite_Wave3" = Windows Live Essentials
"WinRAR archiver" = WinRAR
"Xilisoft MKV Converter 6" = Xilisoft MKV Converter 6
 
========== HKEY_USERS Uninstall List ==========
 
[HKEY_USERS\S-1-5-21-2379896403-3557715863-3817968929-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"PhotoFiltre" = PhotoFiltre
"Tian'Anmen RO" = Tian'Anmen RO
 
========== Last 10 Event Log Errors ==========
 
[ Application Events ]
Error - 14.04.2011 17:28:26 | Computer Name = Minako-PC | Source = Microsoft-Windows-CAPI2 | ID = 131077
Description = 
 
Error - 14.04.2011 19:19:52 | Computer Name = Minako-PC | Source = Application Error | ID = 1000
Description = Faulting application svchost.exe, version 6.0.6001.18000, time stamp
 0x47918b89, faulting module ntdll.dll, version 6.0.6002.18327, time stamp 0x4cb73436,
 exception code 0xc000071b, fault offset 0x00088d15,  process id 0xf20, application
 start time 0x01cbfade77dbbf14.
 
Error - 15.04.2011 10:51:56 | Computer Name = Minako-PC | Source = Application Error | ID = 1000
Description = Faulting application svchost.exe, version 6.0.6001.18000, time stamp
 0x47918b89, faulting module ntdll.dll, version 6.0.6002.18327, time stamp 0x4cb73436,
 exception code 0xc000071b, fault offset 0x00088d15,  process id 0x4fc, application
 start time 0x01cbfb690d66979a.
 
Error - 15.04.2011 11:27:06 | Computer Name = Minako-PC | Source = SPP | ID = 16387
Description = 
 
Error - 15.04.2011 11:27:06 | Computer Name = Minako-PC | Source = System Restore | ID = 8193
Description = 
 
Error - 15.04.2011 11:27:06 | Computer Name = Minako-PC | Source = System Restore | ID = 8210
Description = 
 
Error - 15.04.2011 13:21:15 | Computer Name = Minako-PC | Source = Application Error | ID = 1000
Description = Faulting application svchost.exe, version 6.0.6001.18000, time stamp
 0x47918b89, faulting module ntdll.dll, version 6.0.6002.18327, time stamp 0x4cb73436,
 exception code 0xc000071b, fault offset 0x00088d15,  process id 0x500, application
 start time 0x01cbfb8eb13a31e0.
 
Error - 15.04.2011 13:42:46 | Computer Name = Minako-PC | Source = Application Error | ID = 1000
Description = Faulting application svchost.exe, version 6.0.6001.18000, time stamp
 0x47918b89, faulting module ntdll.dll, version 6.0.6002.18327, time stamp 0x4cb73436,
 exception code 0xc000071b, fault offset 0x00088d15,  process id 0x298, application
 start time 0x01cbfb9198325e6c.
 
Error - 15.04.2011 13:56:02 | Computer Name = Minako-PC | Source = SPP | ID = 16387
Description = 
 
Error - 15.04.2011 13:56:02 | Computer Name = Minako-PC | Source = System Restore | ID = 8193
Description = 
 
[ System Events ]
Error - 15.04.2011 13:01:57 | Computer Name = Minako-PC | Source = ipnathlp | ID = 30013
Description = The DHCP allocator has disabled itself on IP address 192.168.1.1, 
since the IP address is outside the 192.168.0.0/255.255.255.0 scope from which addresses
 are being allocated to DHCP clients. To enable the DHCP allocator on this IP address,
 change the scope to include the IP address, or change the IP address to fall within
 the scope.
 
Error - 15.04.2011 13:05:21 | Computer Name = Minako-PC | Source = ipnathlp | ID = 34001
Description = The ICS_IPV6 failed to configure IPv6 stack.
 
Error - 15.04.2011 13:21:48 | Computer Name = Minako-PC | Source = Service Control Manager | ID = 7031
Description = 
 
Error - 15.04.2011 13:23:45 | Computer Name = Minako-PC | Source = Service Control Manager | ID = 7032
Description = 
 
Error - 15.04.2011 13:23:53 | Computer Name = Minako-PC | Source = ipnathlp | ID = 30013
Description = The DHCP allocator has disabled itself on IP address 192.168.1.1, 
since the IP address is outside the 192.168.0.0/255.255.255.0 scope from which addresses
 are being allocated to DHCP clients. To enable the DHCP allocator on this IP address,
 change the scope to include the IP address, or change the IP address to fall within
 the scope.
 
Error - 15.04.2011 13:26:00 | Computer Name = Minako-PC | Source = ipnathlp | ID = 34001
Description = The ICS_IPV6 failed to configure IPv6 stack.
 
Error - 15.04.2011 13:45:11 | Computer Name = Minako-PC | Source = Service Control Manager | ID = 7032
Description = 
 
Error - 15.04.2011 13:45:17 | Computer Name = Minako-PC | Source = ipnathlp | ID = 30013
Description = The DHCP allocator has disabled itself on IP address 192.168.1.1, 
since the IP address is outside the 192.168.0.0/255.255.255.0 scope from which addresses
 are being allocated to DHCP clients. To enable the DHCP allocator on this IP address,
 change the scope to include the IP address, or change the IP address to fall within
 the scope.
 
Error - 15.04.2011 13:47:24 | Computer Name = Minako-PC | Source = ipnathlp | ID = 34001
Description = The ICS_IPV6 failed to configure IPv6 stack.
 
Error - 15.04.2011 13:48:11 | Computer Name = Minako-PC | Source = Service Control Manager | ID = 7032
Description = 
 
 
< End of report >

--- --- ---

[/spoiler]

Und bei OTL:

OTL Logfile:

Code:

ATTFilter

OTL logfile created on: 15.04.2011 19:53:34 - Run 1
OTL by OldTimer - Version 3.2.22.3     Folder = C:\Users\Minako\Pictures
Windows Vista Home Premium Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.19019)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
 
1.014,00 Mb Total Physical Memory | 122,00 Mb Available Physical Memory | 12,00% Memory free
2,00 Gb Paging File | 1,00 Gb Available in Paging File | 29,00% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 148,49 Gb Total Space | 31,74 Gb Free Space | 21,37% Space Free | Partition Type: NTFS
Drive D: | 100,00 Mb Total Space | 61,43 Mb Free Space | 61,43% Space Free | Partition Type: NTFS
Drive E: | 72,58 Gb Total Space | 22,43 Gb Free Space | 30,90% Space Free | Partition Type: NTFS
 
Computer Name: MINAKO-PC | User Name: Minako | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
 
========== Processes (SafeList) ==========
 
PRC - C:\Users\Minako\Pictures\OTL.exe (OldTimer Tools)
PRC - C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation)
PRC - C:\Program Files\TeamViewer\Version6\TeamViewer_Service.exe (TeamViewer GmbH)
PRC - C:\Program Files\Real\RealPlayer\Update\realsched.exe (RealNetworks, Inc.)
PRC - C:\Program Files\Orbitdownloader\orbitdm.exe (Orbitdownloader.com)
PRC - C:\Program Files\Orbitdownloader\orbitnet.exe (Orbitdownloader.com)
PRC - C:\Program Files\OpenOffice.org 3\program\soffice.exe (OpenOffice.org)
PRC - C:\Program Files\OpenOffice.org 3\program\soffice.bin (OpenOffice.org)
PRC - C:\Program Files\AVG\AVG10\avgtray.exe (AVG Technologies CZ, s.r.o.)
PRC - C:\Program Files\AVG\AVG10\avgnsx.exe (AVG Technologies CZ, s.r.o.)
PRC - C:\Program Files\AVG\AVG10\avgemcx.exe (AVG Technologies CZ, s.r.o.)
PRC - C:\Program Files\AVG\AVG10\Identity Protection\Agent\Bin\AVGIDSMonitor.exe (AVG Technologies CZ, s.r.o.)
PRC - C:\Program Files\AVG\AVG10\avgrsx.exe (AVG Technologies CZ, s.r.o.)
PRC - C:\Program Files\AVG\AVG10\avgchsvx.exe (AVG Technologies CZ, s.r.o.)
PRC - C:\Program Files\AVG\AVG10\avgwdsvc.exe (AVG Technologies CZ, s.r.o.)
PRC - C:\Program Files\AVG\AVG10\avgcsrvx.exe (AVG Technologies CZ, s.r.o.)
PRC - C:\Program Files\PhotoFiltre\photofiltre.exe (Antonio Da Cruz)
PRC - C:\Program Files\Common Files\Java\Java Update\jucheck.exe (Sun Microsystems, Inc.)
PRC - C:\Windows\explorer.exe (Microsoft Corporation)
PRC - C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe (Safer Networking Limited)
PRC - C:\Program Files\Spybot - Search & Destroy\SDWinSec.exe (Safer Networking Ltd.)
PRC - C:\Windows\System32\wermgr.exe (Microsoft Corporation)
PRC - C:\Program Files\WiFiConnector\NintendoWFCReg.exe ()
 
 
========== Modules (SafeList) ==========
 
MOD - C:\Users\Minako\Pictures\OTL.exe (OldTimer Tools)
MOD - C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\Chrome\Hook\rpchromebrowserrecordhelper.dll (RealNetworks, Inc.)
MOD - C:\Windows\winsxs\x86_microsoft.vc90.crt_1fc8b3b9a1e18e3b_9.0.30729.4148_none_5090ab56bcba71c2\msvcr90.dll (Microsoft Corporation)
MOD - C:\Windows\winsxs\x86_microsoft.vc90.crt_1fc8b3b9a1e18e3b_9.0.30729.4148_none_5090ab56bcba71c2\msvcp90.dll (Microsoft Corporation)
MOD - C:\Windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.6002.18305_none_5cb72f2a088b0ed3\comctl32.dll (Microsoft Corporation)
MOD - C:\Windows\System32\powrprof.dll (Microsoft Corporation)
MOD - C:\Users\Minako\AppData\Local\ufecukalibiki.dll ()
MOD - C:\Windows\System32\dsound.dll (Microsoft Corporation)
 
 
========== Win32 Services (SafeList) ==========
 
SRV - (TeamViewer6) -- C:\Program Files\TeamViewer\Version6\TeamViewer_Service.exe (TeamViewer GmbH)
SRV - (AVGIDSAgent) -- C:\Program Files\AVG\AVG10\Identity Protection\Agent\Bin\AVGIDSAgent.exe (AVG Technologies CZ, s.r.o.)
SRV - (WinHttpAutoProxySvc) -- winhttp.dll (Microsoft Corporation)
SRV - (avgwd) -- C:\Program Files\AVG\AVG10\avgwdsvc.exe (AVG Technologies CZ, s.r.o.)
SRV - (SBSDWSCService) -- C:\Program Files\Spybot - Search & Destroy\SDWinSec.exe (Safer Networking Ltd.)
SRV - (WinDefend) -- C:\Program Files\Windows Defender\MpSvc.dll (Microsoft Corporation)
 
 
========== Driver Services (SafeList) ==========
 
DRV - (Avgldx86) -- C:\Windows\System32\drivers\avgldx86.sys (AVG Technologies CZ, s.r.o.)
DRV - (Avgtdix) -- C:\Windows\System32\drivers\avgtdix.sys (AVG Technologies CZ, s.r.o.)
DRV - (AVGIDSEH) -- C:\Windows\system32\DRIVERS\AVGIDSEH.Sys (AVG Technologies CZ, s.r.o. )
DRV - (Avgmfx86) -- C:\Windows\System32\drivers\avgmfx86.sys (AVG Technologies CZ, s.r.o.)
DRV - (Avgrkx86) -- C:\Windows\system32\DRIVERS\avgrkx86.sys (AVG Technologies CZ, s.r.o.)
DRV - (AVGIDSShim) -- C:\Windows\System32\drivers\AVGIDSShim.sys (AVG Technologies CZ, s.r.o. )
DRV - (AVGIDSDriver) -- C:\Windows\System32\drivers\AVGIDSDriver.sys (AVG Technologies CZ, s.r.o. )
DRV - (AVGIDSFilter) -- C:\Windows\System32\drivers\AVGIDSFilter.sys (AVG Technologies CZ, s.r.o. )
DRV - (RT25USBAP) -- C:\Windows\System32\drivers\RT25USBAP.SYS (Ralink Technology Inc.)
DRV - (RTL8169) -- C:\Windows\System32\drivers\Rtlh86.sys (Realtek Corporation)
 
 
========== Standard Registry (SafeList) ==========
 
 
========== Internet Explorer ==========
 
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = about:blank
IE - HKLM\..\URLSearchHook: {6edc3889-b841-4127-a2bf-c5fc48f972c7} - C:\Program Files\RadarSync2\prxtbRad0.dll (Conduit Ltd.)
IE - HKLM\..\URLSearchHook: {872b5b88-9db5-4310-bdd0-ac189557e5f5} - C:\Program Files\DVDVideoSoftTB\tbDVDV.dll (Conduit Ltd.)
 
 
IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
 
 
IE - HKU\S-1-5-21-2379896403-3557715863-3817968929-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://search.conduit.com?SearchSource=10&ctid=CT2269050
IE - HKU\S-1-5-21-2379896403-3557715863-3817968929-1000\SOFTWARE\Microsoft\Internet Explorer\Main,StartPageCache = 1
IE - HKU\S-1-5-21-2379896403-3557715863-3817968929-1000\..\URLSearchHook: {6edc3889-b841-4127-a2bf-c5fc48f972c7} - C:\Program Files\RadarSync2\prxtbRad0.dll (Conduit Ltd.)
IE - HKU\S-1-5-21-2379896403-3557715863-3817968929-1000\..\URLSearchHook: {872b5b88-9db5-4310-bdd0-ac189557e5f5} - C:\Program Files\DVDVideoSoftTB\tbDVDV.dll (Conduit Ltd.)
IE - HKU\S-1-5-21-2379896403-3557715863-3817968929-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
========== FireFox ==========
 
FF - prefs.js..browser.search.defaultenginename: "Facemoods Search"
FF - prefs.js..browser.search.selectedEngine: "Facemoods Search"
FF - prefs.js..browser.startup.homepage: "hxxp://start.facemoods.com/?a=ddr"
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}:6.0.22
FF - prefs.js..extensions.enabledItems: {ACAA314B-EEBA-48e4-AD47-84E31C44796C}:1.0.1
FF - prefs.js..extensions.enabledItems: {b9db16a4-6edc-47ec-a1f4-b86292ed211d}:4.8.4
FF - prefs.js..extensions.enabledItems: {ABDE892B-13A8-4d1b-88E6-365A6E755758}:14.0.2
FF - prefs.js..extensions.enabledItems: {DDC359D1-844A-42a7-9AA1-88A850A938A8}:2.0.2
FF - prefs.js..extensions.enabledItems: {35379F86-8CCB-4724-AE33-4278DE266C70}:1.0.5
FF - prefs.js..extensions.enabledItems: {872b5b88-9db5-4310-bdd0-ac189557e5f5}:3.3.3.2
FF - prefs.js..extensions.enabledItems: engine@conduit.com:3.3.3.2
FF - prefs.js..extensions.enabledItems: {2DE66BE0-FCC5-4280-8FB1-C072806B8CF3}:1.9.1
FF - prefs.js..extensions.enabledItems: {1E73965B-8B48-48be-9C8D-68B920ABC1C4}:10.0.0.1209
FF - prefs.js..extensions.enabledItems: {184AA5E6-741D-464a-820E-94B3ABC2F3B4}:1.0
FF - prefs.js..network.proxy.type: 0
 
FF - HKLM\software\mozilla\Firefox\Extensions\\{ABDE892B-13A8-4d1b-88E6-365A6E755758}: C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\Firefox\Ext [2011.02.26 03:23:49 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Firefox\Extensions\\{2DE66BE0-FCC5-4280-8FB1-C072806B8CF3}: C:\Users\Minako\AppData\Local\{2DE66BE0-FCC5-4280-8FB1-C072806B8CF3} [2011.03.29 03:35:31 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Firefox\Extensions\\{1E73965B-8B48-48be-9C8D-68B920ABC1C4}: C:\Program Files\AVG\AVG10\Firefox4\ [2011.03.30 10:44:41 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Firefox\Extensions\\{184AA5E6-741D-464a-820E-94B3ABC2F3B4}: C:\Users\Minako\AppData\Roaming\5015 [2011.04.10 22:41:46 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.6.16\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2011.03.24 14:40:37 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.6.16\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2011.03.24 14:40:37 | 000,000,000 | ---D | M]
 
[2011.02.05 18:38:22 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Minako\AppData\Roaming\Mozilla\Extensions
[2011.04.15 19:14:46 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Minako\AppData\Roaming\Mozilla\Firefox\Profiles\w9nn54q5.default\extensions
[2011.03.25 14:27:28 | 000,000,000 | ---D | M] (Microsoft .NET Framework Assistant) -- C:\Users\Minako\AppData\Roaming\Mozilla\Firefox\Profiles\w9nn54q5.default\extensions\{20a82645-c095-46ed-80e3-08825760534b}
[2011.03.25 14:27:16 | 000,000,000 | ---D | M] (DVDVideoSoftTB Community Toolbar) -- C:\Users\Minako\AppData\Roaming\Mozilla\Firefox\Profiles\w9nn54q5.default\extensions\{872b5b88-9db5-4310-bdd0-ac189557e5f5}
[2011.02.12 02:17:40 | 000,000,000 | ---D | M] ("DVDVideoSoft Menu") -- C:\Users\Minako\AppData\Roaming\Mozilla\Firefox\Profiles\w9nn54q5.default\extensions\{ACAA314B-EEBA-48e4-AD47-84E31C44796C}
[2011.03.25 14:27:27 | 000,000,000 | ---D | M] (DownloadHelper) -- C:\Users\Minako\AppData\Roaming\Mozilla\Firefox\Profiles\w9nn54q5.default\extensions\{b9db16a4-6edc-47ec-a1f4-b86292ed211d}
[2011.03.25 14:27:22 | 000,000,000 | ---D | M] (DownThemAll!) -- C:\Users\Minako\AppData\Roaming\Mozilla\Firefox\Profiles\w9nn54q5.default\extensions\{DDC359D1-844A-42a7-9AA1-88A850A938A8}
[2011.03.25 14:27:07 | 000,000,000 | ---D | M] (Conduit Engine) -- C:\Users\Minako\AppData\Roaming\Mozilla\Firefox\Profiles\w9nn54q5.default\extensions\engine@conduit.com
[2011.04.15 19:14:46 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\extensions
[2011.02.08 14:45:39 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}
[2011.03.30 10:44:41 | 000,000,000 | ---D | M] (AVG Safe Search) -- C:\PROGRAM FILES\AVG\AVG10\FIREFOX4
[2011.02.28 02:31:48 | 000,000,000 | ---D | M] (OneClick YouTube Downloader) -- C:\PROGRAM FILES\ORBITDOWNLOADER\ADDONS\ONECLICKYOUTUBEDOWNLOADER
[2011.02.26 03:23:49 | 000,000,000 | ---D | M] (RealPlayer Browser Record Plugin) -- C:\PROGRAMDATA\REAL\REALPLAYER\BROWSERRECORDPLUGIN\FIREFOX\EXT
[2011.03.29 03:35:31 | 000,000,000 | ---D | M] (XULRunner) -- C:\USERS\MINAKO\APPDATA\LOCAL\{2DE66BE0-FCC5-4280-8FB1-C072806B8CF3}
[2011.04.10 22:41:46 | 000,000,000 | ---D | M] (Java String Helper) -- C:\USERS\MINAKO\APPDATA\ROAMING\5015
[2011.02.08 14:45:26 | 000,472,808 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\Mozilla Firefox\plugins\npdeployJava1.dll
[2011.03.03 14:14:50 | 000,001,392 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\amazondotcom-de.xml
[2011.03.03 14:14:50 | 000,002,344 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\eBay-de.xml
[2011.02.25 03:32:30 | 000,002,046 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\fcmdSrchddr.xml
[2011.03.03 14:14:50 | 000,006,805 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\leo_ende_de.xml
[2011.03.03 14:14:50 | 000,001,178 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\wikipedia-de.xml
[2011.03.03 14:14:50 | 000,001,105 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\yahoo-de.xml
 
O1 HOSTS File: ([2006.09.18 23:41:30 | 000,000,761 | ---- | M]) - C:\Windows\System32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1       localhost
O1 - Hosts: ::1             localhost
O2 - BHO: (Octh Class) - {000123B4-9B42-4900-B3F7-F4B073EFC214} - C:\Program Files\Orbitdownloader\orbitcth.dll (Orbitdownloader.com)
O2 - BHO: (RealPlayer Download and Record Plugin for Internet Explorer) - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\IE\rpbrowserrecordplugin.dll (RealPlayer)
O2 - BHO: (Conduit Engine ) - {30F9B915-B755-4826-820B-08FBA6BD249D} - C:\Program Files\ConduitEngine\prxConduitEngine.dll (Conduit Ltd.)
O2 - BHO: (AVG Safe Search) - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files\AVG\AVG10\avgssie.dll (AVG Technologies CZ, s.r.o.)
O2 - BHO: (Spybot-S&D IE Protection) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited)
O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - No CLSID value found.
O2 - BHO: (RadarSync2 Toolbar) - {6edc3889-b841-4127-a2bf-c5fc48f972c7} - C:\Program Files\RadarSync2\prxtbRad0.dll (Conduit Ltd.)
O2 - BHO: (DVDVideoSoftTB Toolbar) - {872b5b88-9db5-4310-bdd0-ac189557e5f5} - C:\Program Files\DVDVideoSoftTB\tbDVDV.dll (Conduit Ltd.)
O3 - HKLM\..\Toolbar: (Conduit Engine ) - {30F9B915-B755-4826-820B-08FBA6BD249D} - C:\Program Files\ConduitEngine\prxConduitEngine.dll (Conduit Ltd.)
O3 - HKLM\..\Toolbar: (RadarSync2 Toolbar) - {6edc3889-b841-4127-a2bf-c5fc48f972c7} - C:\Program Files\RadarSync2\prxtbRad0.dll (Conduit Ltd.)
O3 - HKLM\..\Toolbar: (DVDVideoSoftTB Toolbar) - {872b5b88-9db5-4310-bdd0-ac189557e5f5} - C:\Program Files\DVDVideoSoftTB\tbDVDV.dll (Conduit Ltd.)
O3 - HKLM\..\Toolbar: (Grab Pro) - {C55BBCD6-41AD-48AD-9953-3609C48EACC7} - C:\Program Files\Orbitdownloader\GrabPro.dll ()
O3 - HKU\S-1-5-21-2379896403-3557715863-3817968929-1000\..\Toolbar\WebBrowser: (RadarSync2 Toolbar) - {6EDC3889-B841-4127-A2BF-C5FC48F972C7} - C:\Program Files\RadarSync2\prxtbRad0.dll (Conduit Ltd.)
O3 - HKU\S-1-5-21-2379896403-3557715863-3817968929-1000\..\Toolbar\WebBrowser: (DVDVideoSoftTB Toolbar) - {872B5B88-9DB5-4310-BDD0-AC189557E5F5} - C:\Program Files\DVDVideoSoftTB\tbDVDV.dll (Conduit Ltd.)
O3 - HKU\S-1-5-21-2379896403-3557715863-3817968929-1000\..\Toolbar\WebBrowser: (Grab Pro) - {C55BBCD6-41AD-48AD-9953-3609C48EACC7} - C:\Program Files\Orbitdownloader\GrabPro.dll ()
O4 - HKLM..\Run: [AVG_TRAY] C:\Program Files\AVG\AVG10\avgtray.exe (AVG Technologies CZ, s.r.o.)
O4 - HKLM..\Run: [TaskTray]  File not found
O4 - HKLM..\Run: [TkBellExe] C:\Program Files\Real\RealPlayer\update\realsched.exe (RealNetworks, Inc.)
O4 - HKLM..\Run: [Txamabupic] C:\Users\Minako\AppData\Local\ufecukalibiki.dll ()
O4 - HKLM..\Run: [Windows Defender] C:\Program Files\Windows Defender\MSASCui.exe (Microsoft Corporation)
O4 - HKU\S-1-5-19..\Run: [WindowsWelcomeCenter] C:\Windows\System32\oobefldr.dll (Microsoft Corporation)
O4 - HKU\S-1-5-20..\Run: [WindowsWelcomeCenter] C:\Windows\System32\oobefldr.dll (Microsoft Corporation)
O4 - HKU\S-1-5-21-2379896403-3557715863-3817968929-1000..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe (Safer Networking Limited)
O4 - HKU\S-1-5-21-2379896403-3557715863-3817968929-1000..\Run: [uTorrent] C:\Program Files\uTorrent\uTorrent.exe (BitTorrent, Inc.)
O4 - HKU\S-1-5-21-2379896403-3557715863-3817968929-1000..\Run: [WindowsWelcomeCenter] C:\Windows\System32\oobefldr.dll (Microsoft Corporation)
O4 - Startup: C:\Users\Minako\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OpenOffice.org 3.3.lnk = C:\Program Files\OpenOffice.org 3\program\quickstart.exe ()
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableLUA = 0
O8 - Extra context menu item: &Download by Orbit - C:\Program Files\Orbitdownloader\orbitmxt.dll (Orbitdownloader.com)
O8 - Extra context menu item: &Grab video by Orbit - C:\Program Files\Orbitdownloader\orbitmxt.dll (Orbitdownloader.com)
O8 - Extra context menu item: Do&wnload selected by Orbit - C:\Program Files\Orbitdownloader\orbitmxt.dll (Orbitdownloader.com)
O8 - Extra context menu item: Down&load all by Orbit - C:\Program Files\Orbitdownloader\orbitmxt.dll (Orbitdownloader.com)
O8 - Extra context menu item: Free YouTube to MP3 Converter - C:\Users\Minako\AppData\Roaming\DVDVideoSoftIEHelpers\freeyoutubetomp3converter.htm ()
O9 - Extra 'Tools' menuitem : Spybot - Search && Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited)
O13 - gopher Prefix: missing
O16 - DPF: {1E54D648-B804-468d-BC78-4AFFED8E262F} hxxp://www.nvidia.com/content/DriverDownload/srl/3.0.0.4/srl_bin/sysreqlab_nvd.cab (System Requirements Lab Class)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab (Java Plug-in 1.6.0_22)
O16 - DPF: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab (Java Plug-in 1.6.0_22)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab (Java Plug-in 1.6.0_22)
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} hxxp://fpdownload2.macromedia.com/pub/shockwave/cabs/flash/swflash.cab (Shockwave Flash Object)
O18 - Protocol\Handler\linkscanner {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG10\avgpp.dll (AVG Technologies CZ, s.r.o.)
O18 - Protocol\Filter\application/octet-stream {1E66F26B-79EE-11D2-8710-00C04F79ED0D} - mscoree.dll (Microsoft Corporation)
O18 - Protocol\Filter\application/x-complus {1E66F26B-79EE-11D2-8710-00C04F79ED0D} - mscoree.dll (Microsoft Corporation)
O18 - Protocol\Filter\application/x-msdownload {1E66F26B-79EE-11D2-8710-00C04F79ED0D} - mscoree.dll (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20 - Winlogon\Notify\igfxcui: DllName - igfxdev.dll - igfxdev.dll (Intel Corporation)
O24 - Desktop WallPaper: C:\Users\Minako\AppData\Roaming\Microsoft\Windows Photo Gallery\Windows Photo Gallery Wallpaper.jpg
O24 - Desktop BackupWallPaper: C:\Users\Minako\AppData\Roaming\Microsoft\Windows Photo Gallery\Windows Photo Gallery Wallpaper.jpg
O29 - HKLM SecurityProviders - (credssp.dll) - credssp.dll (Microsoft Corporation)
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2006.09.18 23:43:36 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]
O34 - HKLM BootExecute: (autocheck autochk *) -  File not found
O34 - HKLM BootExecute: (C:\PROGRA~1\AVG\AVG10\avgchsvx.exe /sync) - C:\Program Files\AVG\AVG10\avgchsvx.exe (AVG Technologies CZ, s.r.o.)
O34 - HKLM BootExecute: (C:\PROGRA~1\AVG\AVG10\avgrsx.exe /sync /restart) - C:\Program Files\AVG\AVG10\avgrsx.exe (AVG Technologies CZ, s.r.o.)
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
 
NetSvcs: FastUserSwitchingCompatibility -  File not found
NetSvcs: Ias -  File not found
NetSvcs: Nla -  File not found
NetSvcs: Ntmssvc -  File not found
NetSvcs: NWCWorkstation -  File not found
NetSvcs: Nwsapagent -  File not found
NetSvcs: SRService -  File not found
NetSvcs: WmdmPmSp -  File not found
NetSvcs: LogonHours -  File not found
NetSvcs: PCAudit -  File not found
NetSvcs: helpsvc -  File not found
NetSvcs: uploadmgr -  File not found
 
 
SafeBootMin: AppMgmt - Service
SafeBootMin: Base - Driver Group
SafeBootMin: Boot Bus Extender - Driver Group
SafeBootMin: Boot file system - Driver Group
SafeBootMin: File system - Driver Group
SafeBootMin: Filter - Driver Group
SafeBootMin: HelpSvc - Service
SafeBootMin: NTDS -  File not found
SafeBootMin: PCI Configuration - Driver Group
SafeBootMin: PNP Filter - Driver Group
SafeBootMin: Primary disk - Driver Group
SafeBootMin: sacsvr - Service
SafeBootMin: SCSI Class - Driver Group
SafeBootMin: System Bus Extender - Driver Group
SafeBootMin: WinDefend - C:\Program Files\Windows Defender\MpSvc.dll (Microsoft Corporation)
SafeBootMin: {36FC9E60-C465-11CF-8056-444553540000} - Universal Serial Bus controllers
SafeBootMin: {4D36E965-E325-11CE-BFC1-08002BE10318} - CD-ROM Drive
SafeBootMin: {4D36E967-E325-11CE-BFC1-08002BE10318} - DiskDrive
SafeBootMin: {4D36E969-E325-11CE-BFC1-08002BE10318} - Standard floppy disk controller
SafeBootMin: {4D36E96A-E325-11CE-BFC1-08002BE10318} - Hdc
SafeBootMin: {4D36E96B-E325-11CE-BFC1-08002BE10318} - Keyboard
SafeBootMin: {4D36E96F-E325-11CE-BFC1-08002BE10318} - Mouse
SafeBootMin: {4D36E977-E325-11CE-BFC1-08002BE10318} - PCMCIA Adapters
SafeBootMin: {4D36E97B-E325-11CE-BFC1-08002BE10318} - SCSIAdapter
SafeBootMin: {4D36E97D-E325-11CE-BFC1-08002BE10318} - System
SafeBootMin: {4D36E980-E325-11CE-BFC1-08002BE10318} - Floppy disk drive
SafeBootMin: {533C5B84-EC70-11D2-9505-00C04F79DEAF} - Volume shadow copy
SafeBootMin: {6BDD1FC1-810F-11D0-BEC7-08002BE2092F} - IEEE 1394 Bus host controllers
SafeBootMin: {71A27CDD-812A-11D0-BEC7-08002BE2092F} - Volume
SafeBootMin: {745A17A0-74D3-11D0-B6FE-00A0C90F57DA} - Human Interface Devices
SafeBootMin: {D48179BE-EC20-11D1-B6B8-00C04FA372A7} - SBP2 IEEE 1394 Devices
SafeBootMin: {D94EE5D8-D189-4994-83D2-F68D7D41B0E6} - SecurityDevices
 
SafeBootNet: AppMgmt - Service
SafeBootNet: Base - Driver Group
SafeBootNet: Boot Bus Extender - Driver Group
SafeBootNet: Boot file system - Driver Group
SafeBootNet: File system - Driver Group
SafeBootNet: Filter - Driver Group
SafeBootNet: HelpSvc - Service
SafeBootNet: Messenger - Service
SafeBootNet: NDIS Wrapper - Driver Group
SafeBootNet: NetBIOSGroup - Driver Group
SafeBootNet: NetDDEGroup - Driver Group
SafeBootNet: Network - Driver Group
SafeBootNet: NetworkProvider - Driver Group
SafeBootNet: NTDS -  File not found
SafeBootNet: PCI Configuration - Driver Group
SafeBootNet: PNP Filter - Driver Group
SafeBootNet: PNP_TDI - Driver Group
SafeBootNet: Primary disk - Driver Group
SafeBootNet: rdsessmgr - Service
SafeBootNet: sacsvr - Service
SafeBootNet: SCSI Class - Driver Group
SafeBootNet: Streams Drivers - Driver Group
SafeBootNet: System Bus Extender - Driver Group
SafeBootNet: TDI - Driver Group
SafeBootNet: WinDefend - C:\Program Files\Windows Defender\MpSvc.dll (Microsoft Corporation)
SafeBootNet: WudfPf - Driver
SafeBootNet: WudfUsbccidDriver - Driver
SafeBootNet: {36FC9E60-C465-11CF-8056-444553540000} - Universal Serial Bus controllers
SafeBootNet: {4D36E965-E325-11CE-BFC1-08002BE10318} - CD-ROM Drive
SafeBootNet: {4D36E967-E325-11CE-BFC1-08002BE10318} - DiskDrive
SafeBootNet: {4D36E969-E325-11CE-BFC1-08002BE10318} - Standard floppy disk controller
SafeBootNet: {4D36E96A-E325-11CE-BFC1-08002BE10318} - Hdc
SafeBootNet: {4D36E96B-E325-11CE-BFC1-08002BE10318} - Keyboard
SafeBootNet: {4D36E96F-E325-11CE-BFC1-08002BE10318} - Mouse
SafeBootNet: {4D36E972-E325-11CE-BFC1-08002BE10318} - Net
SafeBootNet: {4D36E973-E325-11CE-BFC1-08002BE10318} - NetClient
SafeBootNet: {4D36E974-E325-11CE-BFC1-08002BE10318} - NetService
SafeBootNet: {4D36E975-E325-11CE-BFC1-08002BE10318} - NetTrans
SafeBootNet: {4D36E977-E325-11CE-BFC1-08002BE10318} - PCMCIA Adapters
SafeBootNet: {4D36E97B-E325-11CE-BFC1-08002BE10318} - SCSIAdapter
SafeBootNet: {4D36E97D-E325-11CE-BFC1-08002BE10318} - System
SafeBootNet: {4D36E980-E325-11CE-BFC1-08002BE10318} - Floppy disk drive
SafeBootNet: {50DD5230-BA8A-11D1-BF5D-0000F805F530} - Smart card readers
SafeBootNet: {533C5B84-EC70-11D2-9505-00C04F79DEAF} - Volume shadow copy
SafeBootNet: {6BDD1FC1-810F-11D0-BEC7-08002BE2092F} - IEEE 1394 Bus host controllers
SafeBootNet: {71A27CDD-812A-11D0-BEC7-08002BE2092F} - Volume
SafeBootNet: {745A17A0-74D3-11D0-B6FE-00A0C90F57DA} - Human Interface Devices
SafeBootNet: {D48179BE-EC20-11D1-B6B8-00C04FA372A7} - SBP2 IEEE 1394 Devices
SafeBootNet: {D94EE5D8-D189-4994-83D2-F68D7D41B0E6} - SecurityDevices
 
ActiveX: {08B0E5C0-4FCB-11CF-AAA5-00401C608500} - Java (Sun)
ActiveX: {2179C5D3-EBFF-11CF-B6FD-00AA00B4E220} - 
ActiveX: {22d6f312-b0f6-11d0-94ab-0080c74c7e95} - C:\Windows\System32\Microsoft
ActiveX: {2C7339CF-2B09-4501-B3F3-F3508C9228ED} - %SystemRoot%\system32\regsvr32.exe /s /n /i:/UserInstall %SystemRoot%\system32\themeui.dll
ActiveX: {3af36230-a269-11d1-b5bf-0000f8051515} - Offline Browsing Pack
ActiveX: {3C3901C5-3455-3E0A-A214-0B093A5070A6} - .NET Framework
ActiveX: {44BBA840-CC51-11CF-AAFA-00AA00B6015C} - "%ProgramFiles%\Windows Mail\WinMail.exe" OCInstallUserConfigOE
ActiveX: {44BBA848-CC51-11CF-AAFA-00AA00B6015C} - 
ActiveX: {44BBA855-CC51-11CF-AAFA-00AA00B6015F} - DirectDrawEx
ActiveX: {45ea75a0-a269-11d1-b5bf-0000f8051515} - Internet Explorer Help
ActiveX: {4f645220-306d-11d2-995d-00c04f98bbc9} - Microsoft Windows Script 5.6
ActiveX: {5fd399c0-a70a-11d1-9948-00c04f98bbc9} - Internet Explorer Setup Tools
ActiveX: {630b1da0-b465-11d1-9948-00c04f98bbc9} - Browsing Enhancements
ActiveX: {6BF52A52-394A-11d3-B153-00C04F79FAA6} - C:\Windows\System32\Microsoft
ActiveX: {6fab99d0-bab8-11d1-994a-00c04f98bbc9} - MSN Site Access
ActiveX: {7790769C-0471-11d2-AF11-00C04FA35D02} - Address Book 7
ActiveX: {7C028AF8-F614-47B3-82DA-BA94E41B1089} - .NET Framework
ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4340} - regsvr32.exe /s /n /i:U shell32.dll
ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4383} - C:\Windows\system32\ie4uinit.exe -BaseSettings
ActiveX: {89B4C1CD-B018-4511-B0A1-5476DBF70820} - C:\Windows\system32\Rundll32.exe C:\Windows\system32\mscories.dll,Install
ActiveX: {9381D8F2-0288-11D0-9501-00AA00B911A5} - Dynamic HTML Data Binding
ActiveX: {C9E9A340-D1F1-11D0-821E-444553540600} - Internet Explorer Core Fonts
ActiveX: {CDD7975E-60F8-41d5-8149-19E51D6F71D0} - Windows Movie Maker v2.1
ActiveX: {de5aed00-a4bf-11d1-9948-00c04f98bbc9} - HTML Help
ActiveX: {E92B03AB-B707-11d2-9CBD-0000F87A369E} - Active Directory Service Interface
ActiveX: >{22d6f312-b0f6-11d0-94ab-0080c74c7e95} - C:\Windows\system32\unregmp2.exe /ShowWMP
ActiveX: >{26923b43-4d38-484f-9b9e-de460746276c} - C:\Windows\system32\ie4uinit.exe -UserIconConfig
ActiveX: >{60B49E34-C7CC-11D0-8953-00A0C90347FF} - "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\iedkcs32.dll",BrandIEActiveSetup SIGNUP
 
Drivers32: aux - wdmaud.drv (Microsoft Corporation)
Drivers32: midi - wdmaud.drv (Microsoft Corporation)
Drivers32: midimapper - midimap.dll (Microsoft Corporation)
Drivers32: mixer - wdmaud.drv (Microsoft Corporation)
Drivers32: msacm.imaadpcm - imaadp32.acm (Microsoft Corporation)
Drivers32: msacm.l3acm - C:\Windows\System32\l3codeca.acm (Fraunhofer Institut Integrierte Schaltungen IIS)
Drivers32: msacm.msadpcm - msadp32.acm (Microsoft Corporation)
Drivers32: msacm.msg711 - msg711.acm (Microsoft Corporation)
Drivers32: msacm.msgsm610 - msgsm32.acm (Microsoft Corporation)
Drivers32: msacm.siren - sirenacm.dll (Microsoft Corporation)
Drivers32: vidc.cvid - iccvid.dll (Radius Inc.)
Drivers32: vidc.i420 - i420vfw.dll (www.helixcommunity.org)
Drivers32: vidc.iyuv - iyuv_32.dll (Microsoft Corporation)
Drivers32: vidc.mrle - msrle32.dll (Microsoft Corporation)
Drivers32: vidc.msvc - msvidc32.dll (Microsoft Corporation)
Drivers32: vidc.uyvy - msyuv.dll (Microsoft Corporation)
Drivers32: vidc.VP60 - C:\Windows\System32\vp6vfw.dll (On2.com)
Drivers32: vidc.VP61 - C:\Windows\System32\vp6vfw.dll (On2.com)
Drivers32: vidc.yuy2 - msyuv.dll (Microsoft Corporation)
Drivers32: vidc.yv12 - yv12vfw.dll (www.helixcommunity.org)
Drivers32: vidc.yvu9 - tsbyuv.dll (Microsoft Corporation)
Drivers32: vidc.yvyu - msyuv.dll (Microsoft Corporation)
Drivers32: wave - wdmaud.drv (Microsoft Corporation)
Drivers32: wavemapper - msacm32.drv (Microsoft Corporation)
 
CREATERESTOREPOINT
Error creating restore point.
 
========== Files/Folders - Created Within 30 Days ==========
 
[2011.04.14 21:13:57 | 000,000,000 | -HSD | C] -- C:\found.000
[2011.04.10 22:41:50 | 000,236,496 | ---- | C] (Adobe Systems, Incorporated) -- C:\Users\Minako\AppData\Roaming\AcroIEHelpe.dll
[2011.04.10 22:41:32 | 000,000,000 | ---D | C] -- C:\Users\Minako\AppData\Roaming\5015
[2011.04.10 22:40:49 | 000,000,000 | ---D | C] -- C:\Users\Minako\AppData\Roaming\xmldm
[2011.04.10 14:17:00 | 000,000,000 | ---D | C] -- C:\ProgramData\WindowsSearch
[2011.04.04 03:27:26 | 000,000,000 | ---D | C] -- C:\Users\Minako\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Tian'Anmen RO
[2011.04.04 03:19:18 | 000,000,000 | ---D | C] -- C:\TianRO
[2011.04.03 22:23:34 | 000,000,000 | ---D | C] -- C:\Users\Minako\Desktop\RO
[2011.04.02 15:08:30 | 000,000,000 | ---D | C] -- C:\Program Files\TeamViewer
[2011.04.02 15:01:19 | 003,261,184 | ---- | C] (TeamViewer GmbH) -- C:\Users\Minako\Documents\TeamViewer_Setup_de.exe
[2011.04.02 14:57:24 | 000,000,000 | ---D | C] -- C:\Users\Minako\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\NirSoft WinUpdatesList
[2011.04.02 14:57:24 | 000,000,000 | ---D | C] -- C:\Program Files\NirSoft
[2011.04.02 02:54:49 | 000,000,000 | ---D | C] -- C:\Users\Minako\AppData\Roaming\Xilisoft
[2011.04.02 02:53:18 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Xilisoft
[2011.04.02 02:52:07 | 000,000,000 | ---D | C] -- C:\ProgramData\Xilisoft
[2011.04.02 02:52:07 | 000,000,000 | ---D | C] -- C:\Program Files\Xilisoft
[2011.04.02 02:39:34 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\MKV TO AVI CONVERTER
[2011.04.02 02:39:33 | 000,000,000 | ---D | C] -- C:\Program Files\mkvtoavi
[2011.04.01 23:02:36 | 000,000,000 | ---D | C] -- C:\Users\Minako\AppData\Local\Windows Live
[2011.04.01 23:01:00 | 000,754,688 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\webservices.dll
[2011.04.01 22:31:20 | 000,000,000 | ---D | C] -- C:\58d6adcceca06f205c
[2011.04.01 22:29:09 | 001,638,912 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mshtml.tlb
[2011.04.01 22:29:09 | 000,611,840 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mstime.dll
[2011.04.01 22:29:08 | 000,184,320 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\iepeers.dll
[2011.04.01 22:29:08 | 000,043,520 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\licmgr10.dll
[2011.04.01 22:29:08 | 000,025,600 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\jsproxy.dll
[2011.04.01 22:29:07 | 000,602,112 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msfeeds.dll
[2011.04.01 22:29:07 | 000,164,352 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ieui.dll
[2011.04.01 22:29:07 | 000,055,296 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msfeedsbs.dll
[2011.04.01 22:29:06 | 000,071,680 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\iesetup.dll
[2011.04.01 22:29:05 | 000,055,808 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\iernonce.dll
[2011.04.01 22:29:04 | 000,387,584 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\iedkcs32.dll
[2011.04.01 22:29:03 | 000,385,024 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\html.iec
[2011.04.01 22:29:03 | 000,173,568 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ie4uinit.exe
[2011.04.01 22:29:03 | 000,013,312 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msfeedssync.exe
[2011.04.01 22:29:02 | 000,133,632 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ieUnatt.exe
[2011.04.01 22:29:02 | 000,109,056 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\iesysprep.dll
[2011.04.01 22:29:01 | 001,469,440 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\inetcpl.cpl
[2011.04.01 22:26:31 | 000,156,160 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msls31.dll
[2011.04.01 22:26:31 | 000,125,952 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ieakeng.dll
[2011.04.01 22:26:31 | 000,072,704 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\admparse.dll
[2011.04.01 22:26:31 | 000,048,128 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mshtmler.dll
[2011.04.01 22:26:31 | 000,018,944 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\corpol.dll
[2011.04.01 22:26:30 | 000,348,160 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\dxtmsft.dll
[2011.04.01 22:26:30 | 000,216,064 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\dxtrans.dll
[2011.04.01 22:26:30 | 000,034,816 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\imgutil.dll
[2011.04.01 22:26:29 | 000,229,376 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ieaksie.dll
[2011.04.01 22:26:29 | 000,193,536 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msrating.dll
[2011.04.01 22:26:29 | 000,163,840 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ieakui.dll
[2011.04.01 22:26:29 | 000,094,720 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\inseng.dll
[2011.04.01 22:26:29 | 000,066,560 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\wextract.exe
[2011.04.01 22:26:28 | 000,208,384 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\WinFXDocObj.exe
[2011.04.01 22:26:28 | 000,046,592 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\pngfilt.dll
[2011.04.01 22:26:27 | 000,726,528 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\jscript.dll
[2011.04.01 22:26:27 | 000,445,952 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ieapfltr.dll
[2011.04.01 22:26:27 | 000,420,352 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\vbscript.dll
[2011.04.01 22:26:27 | 000,105,984 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\url.dll
[2011.04.01 22:26:25 | 003,698,584 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ieapfltr.dat
[2011.04.01 22:26:25 | 000,169,472 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\iexpress.exe
[2011.04.01 22:26:25 | 000,109,568 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\PDMSetup.exe
[2011.04.01 22:26:25 | 000,107,520 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\RegisterIEPKEYs.exe
[2011.04.01 22:26:25 | 000,107,008 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\SetIEInstalledDate.exe
[2011.04.01 22:26:25 | 000,103,936 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\SetDepNx.exe
[2011.03.30 13:31:50 | 000,000,000 | ---D | C] -- C:\Users\Minako\Desktop\Pokewalker
[2011.03.29 03:35:31 | 000,000,000 | ---D | C] -- C:\Users\Minako\AppData\Local\{2DE66BE0-FCC5-4280-8FB1-C072806B8CF3}
[2011.03.27 19:49:17 | 000,000,000 | ---D | C] -- C:\Users\Minako\AppData\Local\Conduit
[2011.03.23 11:28:36 | 000,000,000 | ---D | C] -- C:\Users\Minako\Wood_R4_v1.27
[2011.03.23 04:13:15 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Hasbro Interactive
[2011.03.23 04:12:43 | 000,000,000 | ---D | C] -- C:\Program Files\Hasbro Interactive
[2011.03.19 21:15:46 | 000,000,000 | ---D | C] -- C:\Program Files\Yuna Software
[2011.03.18 20:36:04 | 000,000,000 | ---D | C] -- C:\Users\Minako\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Sims2Pack Clean Installer
[2011.03.18 20:36:04 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Sims2Pack Clean Installer
[2011.03.18 20:36:02 | 000,000,000 | ---D | C] -- C:\Program Files\Sims2Pack Clean Installer
[2011.03.18 03:38:11 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Super nude patch II
[2011.03.18 03:38:02 | 000,737,280 | ---- | C] (Indigo Rose Corporation) -- C:\Windows\iun6002.exe
[2011.03.18 01:40:27 | 000,000,000 | ---D | C] -- C:\Users\Public\Documents\EA Games
[2011.03.18 01:00:05 | 000,000,000 | ---D | C] -- C:\Users\Minako\Documents\EA Games
[2011.03.18 01:00:01 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\EA GAMES
[2011.03.18 00:45:31 | 000,000,000 | ---D | C] -- C:\Program Files\EA GAMES
[2011.03.18 00:45:30 | 000,442,368 | R--- | C] (On2.com) -- C:\Windows\System32\vp6vfw.dll
[2011.03.17 03:38:29 | 000,000,000 | ---D | C] -- C:\Users\Minako\AppData\Local\Microsoft Games
[1 C:\Windows\System32\*.tmp files -> C:\Windows\System32\*.tmp -> ]
[1 C:\Users\Minako\AppData\Roaming\*.tmp files -> C:\Users\Minako\AppData\Roaming\*.tmp -> ]
 
========== Files - Modified Within 30 Days ==========
 
[2011.04.15 19:25:39 | 000,021,627 | ---- | M] () -- C:\Users\Minako\meldung.jpg
[2011.04.15 19:18:52 | 000,004,928 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0
[2011.04.15 19:18:52 | 000,004,928 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0
[2011.04.15 19:02:28 | 000,001,682 | ---- | M] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Orbit.lnk
[2011.04.15 19:02:04 | 000,000,120 | ---- | M] () -- C:\Users\Minako\AppData\Local\Jhevucocaliroq.dat
[2011.04.15 19:00:55 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2011.04.15 19:00:51 | 1063,575,552 | -HS- | M] () -- C:\hiberfil.sys
[2011.04.15 14:40:24 | 112,496,297 | ---- | M] () -- C:\Windows\System32\drivers\AVG\incavi.avm
[2011.04.15 14:32:51 | 000,000,000 | ---- | M] () -- C:\Users\Minako\AppData\Local\Sfecex.bin
[2011.04.10 22:41:50 | 000,236,496 | ---- | M] (Adobe Systems, Incorporated) -- C:\Users\Minako\AppData\Roaming\AcroIEHelpe.dll
[2011.04.09 22:24:56 | 111,581,355 | ---- | M] () -- C:\Windows\MEMORY.DMP
[2011.04.09 20:21:52 | 000,032,574 | ---- | M] () -- C:\Users\Minako\Documents\Mina Posting.odt
[2011.04.04 23:54:55 | 093,444,576 | ---- | M] () -- C:\Users\Minako\Documents\LifeRO Small.exe
[2011.04.04 03:27:36 | 000,000,577 | ---- | M] () -- C:\Users\Minako\Desktop\Izanami (MR).lnk
[2011.04.04 03:27:34 | 000,000,577 | ---- | M] () -- C:\Users\Minako\Desktop\Izanagi (HR).lnk
[2011.04.03 21:53:12 | 1826,339,780 | ---- | M] () -- C:\Users\Minako\Documents\TianAnmenROInstaller.exe
[2011.04.02 15:09:13 | 000,000,955 | ---- | M] () -- C:\Users\Public\Desktop\TeamViewer 6.lnk
[2011.04.02 15:01:45 | 003,261,184 | ---- | M] (TeamViewer GmbH) -- C:\Users\Minako\Documents\TeamViewer_Setup_de.exe
[2011.04.02 14:57:14 | 000,111,012 | ---- | M] () -- C:\Users\Minako\Documents\wul_setup.exe
[2011.04.02 02:53:18 | 000,001,902 | ---- | M] () -- C:\Users\Minako\Application Data\Microsoft\Internet Explorer\Quick Launch\Xilisoft MKV Converter 6.lnk
[2011.04.02 02:53:18 | 000,001,878 | ---- | M] () -- C:\Users\Public\Desktop\Xilisoft MKV Converter 6.lnk
[2011.04.02 02:44:42 | 000,007,168 | ---- | M] () -- C:\Users\Minako\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2011.04.02 02:39:38 | 000,000,752 | ---- | M] () -- C:\Users\Minako\Desktop\MKV TO AVI CONVERTER.lnk
[2011.04.01 23:04:16 | 000,595,798 | ---- | M] () -- C:\Windows\System32\perfh009.dat
[2011.04.01 23:04:16 | 000,103,872 | ---- | M] () -- C:\Windows\System32\perfc009.dat
[2011.04.01 22:39:36 | 000,000,943 | ---- | M] () -- C:\Users\Minako\Application Data\Microsoft\Internet Explorer\Quick Launch\Launch Internet Explorer Browser.lnk
[2011.03.30 10:44:44 | 000,000,846 | ---- | M] () -- C:\Users\Public\Desktop\AVG 2011.lnk
[2011.03.20 21:42:20 | 000,054,832 | ---- | M] () -- C:\Users\Minako\bscap0001.jpg
[2011.03.20 21:19:05 | 000,060,963 | ---- | M] () -- C:\Users\Minako\bscap0000.jpg
[2011.03.18 20:37:09 | 000,000,020 | ---- | M] () -- C:\Program Files\Sims2Pack Clean Installer.ini
[2011.03.18 20:36:04 | 000,001,008 | ---- | M] () -- C:\Users\Minako\Desktop\Sims2Pack Clean Installer.lnk
[2011.03.18 03:35:11 | 000,737,280 | ---- | M] (Indigo Rose Corporation) -- C:\Windows\iun6002.exe
[2011.03.18 02:29:45 | 000,002,085 | ---- | M] () -- C:\Users\Public\Desktop\Die Sims™ 2 Vier Jahreszeiten.lnk
[2011.03.18 02:17:11 | 000,002,085 | ---- | M] () -- C:\Users\Public\Desktop\Die Sims 2 Open For Business.lnk
[2011.03.18 01:42:13 | 000,002,013 | ---- | M] () -- C:\Users\Public\Desktop\Die Sims™ 2 Haustiere.lnk
[2011.03.18 01:01:23 | 000,002,070 | ---- | M] () -- C:\Users\Public\Desktop\Die Sims™ 2 Deluxe.lnk
[1 C:\Windows\System32\*.tmp files -> C:\Windows\System32\*.tmp -> ]
[1 C:\Users\Minako\AppData\Roaming\*.tmp files -> C:\Users\Minako\AppData\Roaming\*.tmp -> ]
 
========== Files Created - No Company Name ==========
 
[2011.04.15 19:25:38 | 000,021,627 | ---- | C] () -- C:\Users\Minako\meldung.jpg
[2011.04.08 04:21:59 | 000,032,574 | ---- | C] () -- C:\Users\Minako\Documents\Mina Posting.odt
[2011.04.04 23:40:59 | 093,444,576 | ---- | C] () -- C:\Users\Minako\Documents\LifeRO Small.exe
[2011.04.03 22:00:19 | 000,000,577 | ---- | C] () -- C:\Users\Minako\Desktop\Izanami (MR).lnk
[2011.04.03 22:00:16 | 000,000,577 | ---- | C] () -- C:\Users\Minako\Desktop\Izanagi (HR).lnk
[2011.04.03 14:51:29 | 1826,339,780 | ---- | C] () -- C:\Users\Minako\Documents\TianAnmenROInstaller.exe
[2011.04.02 15:09:14 | 000,000,967 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\TeamViewer 6.lnk
[2011.04.02 15:09:13 | 000,000,955 | ---- | C] () -- C:\Users\Public\Desktop\TeamViewer 6.lnk
[2011.04.02 14:57:06 | 000,111,012 | ---- | C] () -- C:\Users\Minako\Documents\wul_setup.exe
[2011.04.02 02:53:18 | 000,001,902 | ---- | C] () -- C:\Users\Minako\Application Data\Microsoft\Internet Explorer\Quick Launch\Xilisoft MKV Converter 6.lnk
[2011.04.02 02:53:18 | 000,001,878 | ---- | C] () -- C:\Users\Public\Desktop\Xilisoft MKV Converter 6.lnk
[2011.04.02 02:39:38 | 000,000,752 | ---- | C] () -- C:\Users\Minako\Desktop\MKV TO AVI CONVERTER.lnk
[2011.04.01 22:29:04 | 000,057,667 | ---- | C] () -- C:\Windows\System32\ieuinit.inf
[2011.03.30 10:44:44 | 000,000,846 | ---- | C] () -- C:\Users\Public\Desktop\AVG 2011.lnk
[2011.03.29 03:35:33 | 000,000,120 | ---- | C] () -- C:\Users\Minako\AppData\Local\Jhevucocaliroq.dat
[2011.03.29 03:35:33 | 000,000,000 | ---- | C] () -- C:\Users\Minako\AppData\Local\Sfecex.bin
[2011.03.23 11:35:07 | 000,000,110 | ---- | C] () -- C:\Users\Minako\NDS-Scene.url
[2011.03.23 11:34:56 | 134,217,728 | ---- | C] () -- C:\Users\Minako\5604 - Okamiden (USA) (AP Patched).nds
[2011.03.23 04:13:15 | 000,045,568 | ---- | C] () -- C:\Windows\UniFish3.exe
[2011.03.20 21:42:20 | 000,054,832 | ---- | C] () -- C:\Users\Minako\bscap0001.jpg
[2011.03.20 21:19:05 | 000,060,963 | ---- | C] () -- C:\Users\Minako\bscap0000.jpg
[2011.03.18 20:37:09 | 000,000,020 | ---- | C] () -- C:\Program Files\Sims2Pack Clean Installer.ini
[2011.03.18 20:36:04 | 000,001,008 | ---- | C] () -- C:\Users\Minako\Desktop\Sims2Pack Clean Installer.lnk
[2011.03.18 20:35:33 | 004,276,991 | ---- | C] () -- C:\Users\Minako\Gai.Sims2Pack
[2011.03.18 20:34:51 | 006,429,023 | ---- | C] () -- C:\Users\Minako\Azuma.Sims2Pack
[2011.03.18 20:34:44 | 006,005,424 | ---- | C] () -- C:\Users\Minako\Kakashi.Sims2Pack
[2011.03.18 20:33:56 | 003,982,331 | ---- | C] () -- C:\Users\Minako\Iruka.Sims2Pack
[2011.03.18 02:29:45 | 000,002,085 | ---- | C] () -- C:\Users\Public\Desktop\Die Sims™ 2 Vier Jahreszeiten.lnk
[2011.03.18 02:17:11 | 000,002,085 | ---- | C] () -- C:\Users\Public\Desktop\Die Sims 2 Open For Business.lnk
[2011.03.18 01:42:13 | 000,002,013 | ---- | C] () -- C:\Users\Public\Desktop\Die Sims™ 2 Haustiere.lnk
[2011.03.18 01:01:23 | 000,002,070 | ---- | C] () -- C:\Users\Public\Desktop\Die Sims™ 2 Deluxe.lnk
[2011.03.06 21:11:06 | 000,000,190 | ---- | C] () -- C:\Windows\wininit.ini
[2011.02.26 03:22:14 | 000,027,648 | ---- | C] () -- C:\Windows\System32\AVSredirect.dll
[2011.02.17 23:01:55 | 000,007,168 | ---- | C] () -- C:\Users\Minako\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2011.02.05 18:59:03 | 000,000,232 | ---- | C] () -- C:\Windows\ODBCINST.INI
[2011.02.05 17:01:23 | 000,140,288 | ---- | C] () -- C:\Windows\System32\igfxtvcx.dll
[2011.02.05 15:58:25 | 000,000,680 | ---- | C] () -- C:\Users\Minako\AppData\Local\d3d9caps.dat
[2009.04.11 15:18:28 | 000,363,008 | ---- | C] () -- C:\Users\Minako\AppData\Local\ufecukalibiki.dll
[2009.04.11 15:18:12 | 000,107,612 | ---- | C] () -- C:\Windows\System32\StructuredQuerySchema.bin
[2009.04.11 15:18:12 | 000,018,904 | ---- | C] () -- C:\Windows\System32\StructuredQuerySchemaTrivial.bin
[2009.04.11 15:18:11 | 000,117,248 | ---- | C] () -- C:\Windows\System32\EhStorAuthn.dll
[2008.02.11 20:55:18 | 000,147,456 | ---- | C] () -- C:\Windows\System32\igfxCoIn_v1437.dll
[2008.02.11 20:34:48 | 002,215,364 | ---- | C] () -- C:\Windows\System32\igklg400.bin
[2008.02.11 20:34:48 | 001,971,732 | ---- | C] () -- C:\Windows\System32\igklg450.bin
[2008.02.11 20:34:48 | 000,029,932 | ---- | C] () -- C:\Windows\System32\igmedcompkrn.bin
[2006.11.02 14:57:28 | 000,067,584 | --S- | C] () -- C:\Windows\bootstat.dat
[2006.11.02 14:47:37 | 000,254,720 | ---- | C] () -- C:\Windows\System32\FNTCACHE.DAT
[2006.11.02 14:35:32 | 000,005,632 | ---- | C] () -- C:\Windows\System32\sysprepMCE.dll
[2006.11.02 12:33:01 | 000,595,798 | ---- | C] () -- C:\Windows\System32\perfh009.dat
[2006.11.02 12:33:01 | 000,287,440 | ---- | C] () -- C:\Windows\System32\perfi009.dat
[2006.11.02 12:33:01 | 000,103,872 | ---- | C] () -- C:\Windows\System32\perfc009.dat
[2006.11.02 12:33:01 | 000,030,674 | ---- | C] () -- C:\Windows\System32\perfd009.dat
[2006.11.02 12:23:21 | 000,215,943 | ---- | C] () -- C:\Windows\System32\dssec.dat
[2006.11.02 10:58:30 | 000,043,131 | ---- | C] () -- C:\Windows\mib.bin
[2006.11.02 10:19:00 | 000,000,741 | ---- | C] () -- C:\Windows\System32\NOISE.DAT
[2006.11.02 09:40:29 | 000,013,750 | ---- | C] () -- C:\Windows\System32\pacerprf.ini
[2006.11.02 09:25:31 | 000,673,088 | ---- | C] () -- C:\Windows\System32\mlang.dat
 
========== LOP Check ==========
 
[2011.04.10 22:41:46 | 000,000,000 | ---D | M] -- C:\Users\Minako\AppData\Roaming\5015
[2011.03.06 00:56:21 | 000,000,000 | ---D | M] -- C:\Users\Minako\AppData\Roaming\AVG10
[2011.03.17 01:43:57 | 000,000,000 | ---D | M] -- C:\Users\Minako\AppData\Roaming\BSplayer
[2011.02.17 23:10:18 | 000,000,000 | ---D | M] -- C:\Users\Minako\AppData\Roaming\BSplayer Pro
[2011.02.12 02:17:39 | 000,000,000 | ---D | M] -- C:\Users\Minako\AppData\Roaming\DVDVideoSoftIEHelpers
[2011.02.28 02:31:51 | 000,000,000 | ---D | M] -- C:\Users\Minako\AppData\Roaming\GrabPro
[2011.02.08 15:57:55 | 000,000,000 | ---D | M] -- C:\Users\Minako\AppData\Roaming\OpenOffice.org
[2011.04.15 19:02:53 | 000,000,000 | ---D | M] -- C:\Users\Minako\AppData\Roaming\Orbit
[2011.02.18 05:12:06 | 000,000,000 | ---D | M] -- C:\Users\Minako\AppData\Roaming\PhotoFiltre
[2011.03.09 14:03:16 | 000,000,000 | ---D | M] -- C:\Users\Minako\AppData\Roaming\PhotoScape
[2011.02.28 02:32:05 | 000,000,000 | ---D | M] -- C:\Users\Minako\AppData\Roaming\ProgSense
[2011.02.17 22:59:29 | 000,000,000 | ---D | M] -- C:\Users\Minako\AppData\Roaming\UltraGet
[2011.04.15 19:02:10 | 000,000,000 | ---D | M] -- C:\Users\Minako\AppData\Roaming\uTorrent
[2011.04.02 02:54:49 | 000,000,000 | ---D | M] -- C:\Users\Minako\AppData\Roaming\Xilisoft
[2011.04.10 22:40:49 | 000,000,000 | ---D | M] -- C:\Users\Minako\AppData\Roaming\xmldm
[2011.04.15 19:43:09 | 000,032,646 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT
 
========== Purity Check ==========
 
 
 
========== Custom Scans ==========
 
 
< %ALLUSERSPROFILE%\Application Data\*. >
 
< %ALLUSERSPROFILE%\Application Data\*.exe /s >
 
< %APPDATA%\*. >
[2011.04.10 22:41:46 | 000,000,000 | ---D | M] -- C:\Users\Minako\AppData\Roaming\5015
[2011.03.29 03:33:10 | 000,000,000 | ---D | M] -- C:\Users\Minako\AppData\Roaming\Adobe
[2011.03.06 00:56:21 | 000,000,000 | ---D | M] -- C:\Users\Minako\AppData\Roaming\AVG10
[2011.03.17 01:43:57 | 000,000,000 | ---D | M] -- C:\Users\Minako\AppData\Roaming\BSplayer
[2011.02.17 23:10:18 | 000,000,000 | ---D | M] -- C:\Users\Minako\AppData\Roaming\BSplayer Pro
[2011.02.12 02:17:39 | 000,000,000 | ---D | M] -- C:\Users\Minako\AppData\Roaming\DVDVideoSoftIEHelpers
[2011.02.28 02:31:51 | 000,000,000 | ---D | M] -- C:\Users\Minako\AppData\Roaming\GrabPro
[2011.02.05 15:58:33 | 000,000,000 | ---D | M] -- C:\Users\Minako\AppData\Roaming\Identities
[2011.02.05 20:49:25 | 000,000,000 | ---D | M] -- C:\Users\Minako\AppData\Roaming\Macromedia
[2006.11.02 14:37:34 | 000,000,000 | ---D | M] -- C:\Users\Minako\AppData\Roaming\Media Center Programs
[2011.02.07 15:17:32 | 000,000,000 | --SD | M] -- C:\Users\Minako\AppData\Roaming\Microsoft
[2011.02.05 18:38:22 | 000,000,000 | ---D | M] -- C:\Users\Minako\AppData\Roaming\Mozilla
[2011.02.08 15:57:55 | 000,000,000 | ---D | M] -- C:\Users\Minako\AppData\Roaming\OpenOffice.org
[2011.04.15 19:02:53 | 000,000,000 | ---D | M] -- C:\Users\Minako\AppData\Roaming\Orbit
[2011.02.18 05:12:06 | 000,000,000 | ---D | M] -- C:\Users\Minako\AppData\Roaming\PhotoFiltre
[2011.03.09 14:03:16 | 000,000,000 | ---D | M] -- C:\Users\Minako\AppData\Roaming\PhotoScape
[2011.02.28 02:32:05 | 000,000,000 | ---D | M] -- C:\Users\Minako\AppData\Roaming\ProgSense
[2011.02.26 03:24:12 | 000,000,000 | ---D | M] -- C:\Users\Minako\AppData\Roaming\Real
[2011.02.17 22:59:29 | 000,000,000 | ---D | M] -- C:\Users\Minako\AppData\Roaming\UltraGet
[2011.04.15 19:02:10 | 000,000,000 | ---D | M] -- C:\Users\Minako\AppData\Roaming\uTorrent
[2011.02.05 20:45:58 | 000,000,000 | ---D | M] -- C:\Users\Minako\AppData\Roaming\WinRAR
[2011.04.02 02:54:49 | 000,000,000 | ---D | M] -- C:\Users\Minako\AppData\Roaming\Xilisoft
[2011.04.10 22:40:49 | 000,000,000 | ---D | M] -- C:\Users\Minako\AppData\Roaming\xmldm
 
< %APPDATA%\*.exe /s >
[2011.03.29 03:33:18 | 000,000,162 | ---- | M] () -- C:\Users\Minako\AppData\Roaming\Adobe\plugs\KB47567734.exe
[2011.03.29 03:33:18 | 000,000,162 | ---- | M] () -- C:\Users\Minako\AppData\Roaming\Adobe\plugs\KB47567765.exe
[2011.03.29 03:33:18 | 000,000,162 | ---- | M] () -- C:\Users\Minako\AppData\Roaming\Adobe\plugs\KB47568093.exe
[2011.03.29 03:33:18 | 000,000,162 | ---- | M] () -- C:\Users\Minako\AppData\Roaming\Adobe\plugs\KB47570843.exe
[2011.03.29 03:33:19 | 000,000,162 | ---- | M] () -- C:\Users\Minako\AppData\Roaming\Adobe\plugs\KB47570859.exe
[2011.03.29 03:33:18 | 000,000,162 | ---- | M] () -- C:\Users\Minako\AppData\Roaming\Adobe\plugs\KB47570875.exe
[2010.02.23 18:01:52 | 001,185,871 | ---- | M] () -- C:\Users\Minako\AppData\Roaming\BSplayer\FFDShow\unins000.exe
[2010.08.14 11:42:54 | 000,113,152 | ---- | M] () -- C:\Users\Minako\AppData\Roaming\BSplayer\Haali media splitter\dsmux.exe
[2010.08.14 11:45:10 | 000,358,400 | ---- | M] () -- C:\Users\Minako\AppData\Roaming\BSplayer\Haali media splitter\gdsmux.exe
[2010.08.14 11:42:06 | 000,137,728 | ---- | M] () -- C:\Users\Minako\AppData\Roaming\BSplayer\Haali media splitter\mkv2vfr.exe
[2010.09.30 16:30:22 | 000,042,305 | ---- | M] () -- C:\Users\Minako\AppData\Roaming\BSplayer\Haali media splitter\uninstall.exe
 
< %SYSTEMDRIVE%\*.exe >
 
 
< MD5 for: AGP440.SYS  >
[2008.01.21 04:23:01 | 000,056,376 | ---- | M] (Microsoft Corporation) MD5=13F9E33747E6B41A3FF305C37DB0D360 -- C:\Windows\System32\drivers\AGP440.sys
[2008.01.21 04:23:01 | 000,056,376 | ---- | M] (Microsoft Corporation) MD5=13F9E33747E6B41A3FF305C37DB0D360 -- C:\Windows\System32\DriverStore\FileRepository\machine.inf_51b95d75\AGP440.sys
[2008.01.21 04:23:01 | 000,056,376 | ---- | M] (Microsoft Corporation) MD5=13F9E33747E6B41A3FF305C37DB0D360 -- C:\Windows\System32\DriverStore\FileRepository\machine.inf_f750e484\AGP440.sys
[2008.01.21 04:23:01 | 000,056,376 | ---- | M] (Microsoft Corporation) MD5=13F9E33747E6B41A3FF305C37DB0D360 -- C:\Windows\winsxs\x86_machine.inf_31bf3856ad364e35_6.0.6001.18000_none_ba12ed3bbeb0d97a\AGP440.sys
[2008.01.21 04:23:01 | 000,056,376 | ---- | M] (Microsoft Corporation) MD5=13F9E33747E6B41A3FF305C37DB0D360 -- C:\Windows\winsxs\x86_machine.inf_31bf3856ad364e35_6.0.6002.18005_none_bbfe6647bbd2a4c6\AGP440.sys
[2006.11.02 11:49:52 | 000,053,864 | ---- | M] (Microsoft Corporation) MD5=EF23439CDD587F64C2C1B8825CEAD7D8 -- C:\Windows\System32\DriverStore\FileRepository\machine.inf_920a2c1f\AGP440.sys
 
< MD5 for: ATAPI.SYS  >
[2009.04.11 15:18:00 | 000,019,944 | ---- | M] (Microsoft Corporation) MD5=1F05B78AB91C9075565A9D8A4B880BC4 -- C:\Windows\System32\drivers\atapi.sys
[2009.04.11 15:18:00 | 000,019,944 | ---- | M] (Microsoft Corporation) MD5=1F05B78AB91C9075565A9D8A4B880BC4 -- C:\Windows\System32\DriverStore\FileRepository\mshdc.inf_b12d8e84\atapi.sys
[2009.04.11 15:18:00 | 000,019,944 | ---- | M] (Microsoft Corporation) MD5=1F05B78AB91C9075565A9D8A4B880BC4 -- C:\Windows\winsxs\x86_mshdc.inf_31bf3856ad364e35_6.0.6002.18005_none_df23a1261eab99e8\atapi.sys
[2008.01.21 04:23:00 | 000,021,560 | ---- | M] (Microsoft Corporation) MD5=2D9C903DC76A66813D350A562DE40ED9 -- C:\Windows\System32\DriverStore\FileRepository\mshdc.inf_cc18792d\atapi.sys
[2008.01.21 04:23:00 | 000,021,560 | ---- | M] (Microsoft Corporation) MD5=2D9C903DC76A66813D350A562DE40ED9 -- C:\Windows\winsxs\x86_mshdc.inf_31bf3856ad364e35_6.0.6001.18000_none_dd38281a2189ce9c\atapi.sys
[2006.11.02 11:49:36 | 000,019,048 | ---- | M] (Microsoft Corporation) MD5=4F4FCB8B6EA06784FB6D475B7EC7300F -- C:\Windows\System32\DriverStore\FileRepository\mshdc.inf_c6c2e699\atapi.sys
 
< MD5 for: CNGAUDIT.DLL  >
[2006.11.02 11:46:03 | 000,011,776 | ---- | M] (Microsoft Corporation) MD5=7F15B4953378C8B5161D65C26D5FED4D -- C:\Windows\System32\cngaudit.dll
[2006.11.02 11:46:03 | 000,011,776 | ---- | M] (Microsoft Corporation) MD5=7F15B4953378C8B5161D65C26D5FED4D -- C:\Windows\winsxs\x86_microsoft-windows-cngaudit-dll_31bf3856ad364e35_6.0.6000.16386_none_e62d292932a96ce6\cngaudit.dll
 
< MD5 for: EXPLORER.EXE  >
[2009.04.11 15:18:30 | 002,926,592 | ---- | M] (Microsoft Corporation) MD5=D07D4C3038F3578FFCE1C0237F2A1253 -- C:\Windows\explorer.exe
[2009.04.11 15:18:30 | 002,926,592 | ---- | M] (Microsoft Corporation) MD5=D07D4C3038F3578FFCE1C0237F2A1253 -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.0.6002.18005_none_53a0201e76de3a0b\explorer.exe
 
< MD5 for: IASTORV.SYS  >
[2008.01.21 04:23:23 | 000,235,064 | ---- | M] (Intel Corporation) MD5=54155EA1B0DF185878E0FC9EC3AC3A14 -- C:\Windows\System32\drivers\iaStorV.sys
[2008.01.21 04:23:23 | 000,235,064 | ---- | M] (Intel Corporation) MD5=54155EA1B0DF185878E0FC9EC3AC3A14 -- C:\Windows\System32\DriverStore\FileRepository\iastorv.inf_c9df7691\iaStorV.sys
[2008.01.21 04:23:23 | 000,235,064 | ---- | M] (Intel Corporation) MD5=54155EA1B0DF185878E0FC9EC3AC3A14 -- C:\Windows\winsxs\x86_iastorv.inf_31bf3856ad364e35_6.0.6001.18000_none_af11527887c7fa8f\iaStorV.sys
[2006.11.02 11:51:25 | 000,232,040 | ---- | M] (Intel Corporation) MD5=C957BF4B5D80B46C5017BF0101E6C906 -- C:\Windows\System32\DriverStore\FileRepository\iastorv.inf_37cdafa4\iaStorV.sys
 
< MD5 for: NETLOGON.DLL  >
[2009.04.11 15:18:21 | 000,592,896 | ---- | M] (Microsoft Corporation) MD5=95DAECF0FB120A7B5DA679CC54E37DDE -- C:\Windows\System32\netlogon.dll
[2009.04.11 15:18:21 | 000,592,896 | ---- | M] (Microsoft Corporation) MD5=95DAECF0FB120A7B5DA679CC54E37DDE -- C:\Windows\winsxs\x86_microsoft-windows-security-netlogon_31bf3856ad364e35_6.0.6002.18005_none_ffa3304f351bb3a3\netlogon.dll
 
< MD5 for: NVSTOR.SYS  >
[2006.11.02 11:50:13 | 000,040,040 | ---- | M] (NVIDIA Corporation) MD5=9E0BA19A28C498A6D323D065DB76DFFC -- C:\Windows\System32\DriverStore\FileRepository\nvraid.inf_733654ff\nvstor.sys
[2008.01.21 04:23:21 | 000,045,112 | ---- | M] (NVIDIA Corporation) MD5=ABED0C09758D1D97DB0042DBB2688177 -- C:\Windows\System32\drivers\nvstor.sys
[2008.01.21 04:23:21 | 000,045,112 | ---- | M] (NVIDIA Corporation) MD5=ABED0C09758D1D97DB0042DBB2688177 -- C:\Windows\System32\DriverStore\FileRepository\nvraid.inf_31c3d71d\nvstor.sys
[2008.01.21 04:23:21 | 000,045,112 | ---- | M] (NVIDIA Corporation) MD5=ABED0C09758D1D97DB0042DBB2688177 -- C:\Windows\winsxs\x86_nvraid.inf_31bf3856ad364e35_6.0.6001.18000_none_39dac327befea467\nvstor.sys
 
< MD5 for: SCECLI.DLL  >
[2009.04.11 15:18:47 | 000,177,152 | ---- | M] (Microsoft Corporation) MD5=8FC182167381E9915651267044105EE1 -- C:\Windows\System32\scecli.dll
[2009.04.11 15:18:47 | 000,177,152 | ---- | M] (Microsoft Corporation) MD5=8FC182167381E9915651267044105EE1 -- C:\Windows\winsxs\x86_microsoft-windows-s..urationengineclient_31bf3856ad364e35_6.0.6002.18005_none_39f95b67d63d3a5e\scecli.dll
 
< MD5 for: USER32.DLL  >
[2009.04.11 15:18:28 | 000,627,712 | ---- | M] (Microsoft Corporation) Unable to obtain MD5 -- C:\Windows\System32\user32.dll
[2009.04.11 15:18:28 | 000,627,712 | ---- | M] (Microsoft Corporation) Unable to obtain MD5 -- C:\Windows\winsxs\x86_microsoft-windows-user32_31bf3856ad364e35_6.0.6002.18005_none_cf23e54d6a7e4a7e\user32.dll
 
< MD5 for: USERINIT.EXE  >
[2008.01.21 04:24:49 | 000,025,088 | ---- | M] (Microsoft Corporation) MD5=0E135526E9785D085BCD9AEDE6FBCBF9 -- C:\Windows\System32\userinit.exe
[2008.01.21 04:24:49 | 000,025,088 | ---- | M] (Microsoft Corporation) MD5=0E135526E9785D085BCD9AEDE6FBCBF9 -- C:\Windows\winsxs\x86_microsoft-windows-userinit_31bf3856ad364e35_6.0.6001.18000_none_dc28ba15d1aff80b\userinit.exe
 
< MD5 for: WINLOGON.EXE  >
[2009.04.11 15:18:46 | 000,314,368 | ---- | M] (Microsoft Corporation) MD5=898E7C06A350D4A1A64A9EA264D55452 -- C:\Windows\System32\winlogon.exe
[2009.04.11 15:18:46 | 000,314,368 | ---- | M] (Microsoft Corporation) MD5=898E7C06A350D4A1A64A9EA264D55452 -- C:\Windows\winsxs\x86_microsoft-windows-winlogon_31bf3856ad364e35_6.0.6002.18005_none_71ae7a22d2134741\winlogon.exe
 
< MD5 for: WS2IFSL.SYS  >
[2008.01.21 04:24:47 | 000,015,872 | ---- | M] (Microsoft Corporation) MD5=E3A3CB253C0EC2494D4A61F5E43A389C -- C:\Windows\System32\drivers\ws2ifsl.sys
[2008.01.21 04:24:47 | 000,015,872 | ---- | M] (Microsoft Corporation) MD5=E3A3CB253C0EC2494D4A61F5E43A389C -- C:\Windows\winsxs\x86_microsoft-windows-w..rastructure-ws2ifsl_31bf3856ad364e35_6.0.6001.18000_none_4f86a0d4c7cda641\ws2ifsl.sys
 
< %systemroot%\system32\drivers\*.sys /lockedfiles >
 
< %systemroot%\System32\config\*.sav >
 
< %systemroot%\*. /mp /s >
 
< %systemroot%\system32\*.dll /lockedfiles >
[2009.03.08 13:31:42 | 000,348,160 | ---- | M] (Microsoft Corporation) Unable to obtain MD5 -- C:\Windows\System32\dxtmsft.dll
[2009.03.08 13:31:37 | 000,216,064 | ---- | M] (Microsoft Corporation) Unable to obtain MD5 -- C:\Windows\System32\dxtrans.dll
[1 C:\Windows\system32\*.tmp files -> C:\Windows\system32\*.tmp -> ]

< End of report >

--- --- ---

[/spoiler]

markusg · 15.04.2011, 19:16

sorry @cosinus du warst schneller, viel spaß :-)

Minako · 15.04.2011, 19:22

Könnt ihr damit was anfangen? oO Ich nämlich nicht!

cosinus · 15.04.2011, 20:50

Bitte routinemäßig einen Vollscan mit Malwarebytes machen und Log posten.
Denk daran, dass Malwarebytes vor jedem Scan manuell aktualisiert werden muss!

Falls Logs aus älteren Scans mit Malwarebytes vorhanden sind, bitte auch davon alle posten!

Minako · 16.04.2011, 00:14

Zitat:

Zitat von cosinus

Bitte routinemäßig einen Vollscan mit Malwarebytes machen und Log posten.
Denk daran, dass Malwarebytes vor jedem Scan manuell aktualisiert werden muss!

Falls Logs aus älteren Scans mit Malwarebytes vorhanden sind, bitte auch davon alle posten!

Oh gott drei Stunden hat der Scan gedauert.
In die Registerkarte Log kann ich leider nicht zugreifen, aber ich hab die Textdatei mal. gibt nur einen Log und darin steht das:

Malwarebytes' Anti-Malware 1.50.1.1100
www.malwarebytes.org

Database version: 6369

Windows 6.0.6002 Service Pack 2
Internet Explorer 8.0.6001.19019

16.04.2011 01:08:50
mbam-log-2011-04-16 (01-08-34).txt

Scan type: Full scan (C:\|D:\|E:\|)
Objects scanned: 322072
Time elapsed: 2 hour(s), 47 minute(s), 21 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 1
Registry Keys Infected: 0
Registry Values Infected: 1
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 11

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
c:\Users\Minako\AppData\Local\ufecukalibiki.dll (Trojan.Agent) -> No action taken.

Registry Keys Infected:
(No malicious items detected)

Registry Values Infected:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Txamabupic (Trojan.Agent) -> Value: Txamabupic -> No action taken.

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
(No malicious items detected)

Files Infected:
c:\Users\Minako\AppData\Local\ufecukalibiki.dll (Trojan.Agent) -> No action taken.
c:\program files\jdownloader\curl_router_reconnect.exe (Trojan.Banker) -> No action taken.
c:\Users\Minako\Pictures\Animes\Pokemon\N\black white edition\msgplus3-setup.exe (Adware.Agent) -> No action taken.
e:\system volume information\_restore{f26650da-9906-42ac-98f2-c5334e1a5ad8}\RP261\A0305724.exe (Adware.Agent) -> No action taken.
e:\system volume information\_restore{f44883b3-33b1-47f3-9113-f56e0e537be5}\RP16\A0001735.exe (Adware.Agent) -> No action taken.
c:\Users\Minako\AppData\Roaming\Adobe\plugs\kb47567734.exe (Trojan.Agent) -> No action taken.
c:\Users\Minako\AppData\Roaming\Adobe\plugs\kb47567765.exe (Trojan.Agent) -> No action taken.
c:\Users\Minako\AppData\Roaming\Adobe\plugs\kb47568093.exe (Trojan.Agent) -> No action taken.
c:\Users\Minako\AppData\Roaming\Adobe\plugs\kb47570843.exe (Trojan.Agent) -> No action taken.
c:\Users\Minako\AppData\Roaming\Adobe\plugs\kb47570859.exe (Trojan.Agent) -> No action taken.
c:\Users\Minako\AppData\Roaming\Adobe\plugs\kb47570875.exe (Trojan.Agent) -> No action taken.

Ich hoffe das war das Richtige :/

cosinus · 16.04.2011, 11:38

Zitat:

-> No action taken.

Du solltest alle Funde entfernen!

Minako · 16.04.2011, 11:43

Also bevor ich das Programm beendet habe, hab ich auf Entfernen gedrückt, woraufhin die Daten alle vermutlich in Quarantäne geschoben wurden.
Oder muss ich direkt in die Ordner gehen und die löschen?

cosinus · 16.04.2011, 12:00

Nein dann ist das so ok.

Mach einen OTL-Fix, beende alle evtl. geöffneten Programme, auch Virenscanner deaktivieren (!), starte OTL und kopiere folgenden Text in die "Custom Scan/Fixes" Box (unten in OTL): (das ":OTL" muss mitkopiert werden!!!)

Code:

ATTFilter

:OTL
MOD - C:\Users\Minako\AppData\Local\ufecukalibiki.dll ()
[2011.03.29 03:33:18 | 000,000,162 | ---- | M] () -- C:\Users\Minako\AppData\Roaming\Adobe\plugs\KB47567734.exe
[2011.03.29 03:33:18 | 000,000,162 | ---- | M] () -- C:\Users\Minako\AppData\Roaming\Adobe\plugs\KB47567765.exe
[2011.03.29 03:33:18 | 000,000,162 | ---- | M] () -- C:\Users\Minako\AppData\Roaming\Adobe\plugs\KB47568093.exe
[2011.03.29 03:33:18 | 000,000,162 | ---- | M] () -- C:\Users\Minako\AppData\Roaming\Adobe\plugs\KB47570843.exe
[2011.03.29 03:33:19 | 000,000,162 | ---- | M] () -- C:\Users\Minako\AppData\Roaming\Adobe\plugs\KB47570859.exe
[2011.03.29 03:33:18 | 000,000,162 | ---- | M] () -- C:\Users\Minako\AppData\Roaming\Adobe\plugs\KB47570875.exe
[2011.04.10 22:41:46 | 000,000,000 | ---D | M] -- C:\Users\Minako\AppData\Roaming\5015
[2011.04.10 22:40:49 | 000,000,000 | ---D | M] -- C:\Users\Minako\AppData\Roaming\xmldm
[2011.03.29 03:35:31 | 000,000,000 | ---D | C] -- C:\Users\Minako\AppData\Local\{2DE66BE0-FCC5-4280-8FB1-C072806B8CF3}
[2011.04.01 22:31:20 | 000,000,000 | ---D | C] -- C:\58d6adcceca06f205c
[2011.04.14 21:13:57 | 000,000,000 | -HSD | C] -- C:\found.000
O4 - HKLM..\Run: [Txamabupic] C:\Users\Minako\AppData\Local\ufecukalibiki.dll ()
:Commands
[purity]
[resethosts]
[emptytemp]

Klick dann oben links auf den Button Fix!
Das Logfile müsste geöffnet werden, wenn Du nach dem Fixen auf ok klickst, poste das bitte. Evtl. wird der Rechner neu gestartet.

Die mit diesem Script gefixten Einträge, Dateien und Ordner werden zur Sicherheit nicht vollständig gelöscht, es wird eine Sicherheitskopie auf der Systempartition im Ordner "_OTL" erstellt.

Minako · 16.04.2011, 13:09

So ich hab das mal gemacht.
Bevor ich das gemacht hab, kam nochmal dieser Host Process Fehler.
Hoffentlich ist der damit auch behoben.

Also in der Datei, die jetzt nach dem Neustart geöffnet wurde, steht:

All processes killed
========== OTL ==========
File C:\Users\Minako\AppData\Roaming\Adobe\plugs\KB47567734.exe not found.
File C:\Users\Minako\AppData\Roaming\Adobe\plugs\KB47567765.exe not found.
File C:\Users\Minako\AppData\Roaming\Adobe\plugs\KB47568093.exe not found.
File C:\Users\Minako\AppData\Roaming\Adobe\plugs\KB47570843.exe not found.
File C:\Users\Minako\AppData\Roaming\Adobe\plugs\KB47570859.exe not found.
File C:\Users\Minako\AppData\Roaming\Adobe\plugs\KB47570875.exe not found.
C:\Users\Minako\AppData\Roaming\5015\components folder moved successfully.
C:\Users\Minako\AppData\Roaming\5015 folder moved successfully.
C:\Users\Minako\AppData\Roaming\xmldm folder moved successfully.
C:\Users\Minako\AppData\Local\{2DE66BE0-FCC5-4280-8FB1-C072806B8CF3}\chrome\content folder moved successfully.
C:\Users\Minako\AppData\Local\{2DE66BE0-FCC5-4280-8FB1-C072806B8CF3}\chrome folder moved successfully.
C:\Users\Minako\AppData\Local\{2DE66BE0-FCC5-4280-8FB1-C072806B8CF3} folder moved successfully.
C:\58d6adcceca06f205c folder moved successfully.
C:\found.000\dir0000.chk folder moved successfully.
C:\found.000 folder moved successfully.
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\\Txamabupic not found.
File C:\Users\Minako\AppData\Local\ufecukalibiki.dll not found.
========== COMMANDS ==========
C:\Windows\System32\drivers\etc\Hosts moved successfully.
HOSTS file reset successfully

[EMPTYTEMP]

User: All Users

User: Default
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 33170 bytes

User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes

User: Minako
->Temp folder emptied: 1325426228 bytes
->Temporary Internet Files folder emptied: 32112926 bytes
->Java cache emptied: 564349 bytes
->FireFox cache emptied: 53168357 bytes
->Flash cache emptied: 39140 bytes

User: Public

%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 0 bytes
%systemroot%\System32 .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 21221757 bytes
RecycleBin emptied: 8349298233 bytes

Total Files Cleaned = 9.329,00 mb

OTL by OldTimer - Version 3.2.22.3 log created on 04162011_130634

Files\Folders moved on Reboot...

Registry entries deleted on Reboot...

EDIT:

Diese Fehlermeldung mit dem Host Process und dem Gespinne mit der Anzeige kommt weiterhin.
Eine Freundin vermutet, das es etwas mit der Grafikkarte zu tun hat.

cosinus · 16.04.2011, 14:16

Bitte nun dieses Tool von Kaspersky ausführen und das Log posten => http://www.trojaner-board.de/82358-t...entfernen.html

Falls du durch die Infektion auf deine Dokumente/Eigenen Dateien nicht zugreifen kannst, bitte unhide ausführen:
Downloade dir bitte unhide.exe und speichere diese Datei auf deinem Desktop.
Starte das Tool und es sollten alle Dateien und Ordner wieder sichtbar sein. ( Könnte eine Weile dauern )

Vista und 7 User müssen das Tool per Rechtsklick als Administrator ausführen!

Minako · 16.04.2011, 15:52

Zitat:

Zitat von cosinus

Bitte nun dieses Tool von Kaspersky ausführen und das Log posten => http://www.trojaner-board.de/82358-a...entfernen.html

Falls du durch die Infektion auf deine Dokumente/Eigenen Dateien nicht zugreifen kannst, bitte unhide ausführen:
Downloade dir bitte unhide.exe und speichere diese Datei auf deinem Desktop.
Starte das Tool und es sollten alle Dateien und Ordner wieder sichtbar sein. ( Könnte eine Weile dauern )

Vista und 7 User müssen das Tool per Rechtsklick als Administrator ausführen!

Okay, also nach dem ersten Mal, hat er eine Datei im Harddrive angezeigt und der PC sollte neu gestartet werden, um das zu beheben. Als ich danach den Log geöffnet habe, stand das drin:

Code:

ATTFilter

2011/04/16 16:47:11.0413 1728	TDSS rootkit removing tool 2.4.21.0 Mar 10 2011 12:26:28
2011/04/16 16:47:12.0251 1728	================================================================================
2011/04/16 16:47:12.0251 1728	SystemInfo:
2011/04/16 16:47:12.0251 1728	
2011/04/16 16:47:12.0251 1728	OS Version: 6.0.6002 ServicePack: 2.0
2011/04/16 16:47:12.0251 1728	Product type: Workstation
2011/04/16 16:47:12.0251 1728	ComputerName: MINAKO-PC
2011/04/16 16:47:12.0251 1728	UserName: Minako
2011/04/16 16:47:12.0251 1728	Windows directory: C:\Windows
2011/04/16 16:47:12.0251 1728	System windows directory: C:\Windows
2011/04/16 16:47:12.0251 1728	Processor architecture: Intel x86
2011/04/16 16:47:12.0251 1728	Number of processors: 2
2011/04/16 16:47:12.0251 1728	Page size: 0x1000
2011/04/16 16:47:12.0251 1728	Boot type: Normal boot
2011/04/16 16:47:12.0251 1728	================================================================================
2011/04/16 16:47:17.0286 1728	Initialize success

Dann hab ich nochmal gescannt, diesmal ohne einen Fund und im gescannten Log steht das:

Code:

ATTFilter

2011/04/16 16:47:11.0413 1728	TDSS rootkit removing tool 2.4.21.0 Mar 10 2011 12:26:28
2011/04/16 16:47:12.0251 1728	================================================================================
2011/04/16 16:47:12.0251 1728	SystemInfo:
2011/04/16 16:47:12.0251 1728	
2011/04/16 16:47:12.0251 1728	OS Version: 6.0.6002 ServicePack: 2.0
2011/04/16 16:47:12.0251 1728	Product type: Workstation
2011/04/16 16:47:12.0251 1728	ComputerName: MINAKO-PC
2011/04/16 16:47:12.0251 1728	UserName: Minako
2011/04/16 16:47:12.0251 1728	Windows directory: C:\Windows
2011/04/16 16:47:12.0251 1728	System windows directory: C:\Windows
2011/04/16 16:47:12.0251 1728	Processor architecture: Intel x86
2011/04/16 16:47:12.0251 1728	Number of processors: 2
2011/04/16 16:47:12.0251 1728	Page size: 0x1000
2011/04/16 16:47:12.0251 1728	Boot type: Normal boot
2011/04/16 16:47:12.0251 1728	================================================================================
2011/04/16 16:47:17.0286 1728	Initialize success
2011/04/16 16:48:14.0180 4660	================================================================================
2011/04/16 16:48:14.0180 4660	Scan started
2011/04/16 16:48:14.0180 4660	Mode: Manual; 
2011/04/16 16:48:14.0180 4660	================================================================================
2011/04/16 16:48:17.0519 4660	ACPI            (82b296ae1892fe3dbee00c9cf92f8ac7) C:\Windows\system32\drivers\acpi.sys
2011/04/16 16:48:18.0244 4660	adp94xx         (04f0fcac69c7c71a3ac4eb97fafc8303) C:\Windows\system32\drivers\adp94xx.sys
2011/04/16 16:48:18.0688 4660	adpahci         (60505e0041f7751bdbb80f88bf45c2ce) C:\Windows\system32\drivers\adpahci.sys
2011/04/16 16:48:18.0923 4660	adpu160m        (8a42779b02aec986eab64ecfc98f8bd7) C:\Windows\system32\drivers\adpu160m.sys
2011/04/16 16:48:19.0262 4660	adpu320         (241c9e37f8ce45ef51c3de27515ca4e5) C:\Windows\system32\drivers\adpu320.sys
2011/04/16 16:48:19.0595 4660	AFD             (a201207363aa900abf1a388468688570) C:\Windows\system32\drivers\afd.sys
2011/04/16 16:48:20.0116 4660	agp440          (13f9e33747e6b41a3ff305c37db0d360) C:\Windows\system32\drivers\agp440.sys
2011/04/16 16:48:20.0199 4660	aic78xx         (ae1fdf7bf7bb6c6a70f67699d880592a) C:\Windows\system32\drivers\djsvs.sys
2011/04/16 16:48:20.0376 4660	aliide          (9eaef5fc9b8e351afa7e78a6fae91f91) C:\Windows\system32\drivers\aliide.sys
2011/04/16 16:48:20.0417 4660	amdagp          (c47344bc706e5f0b9dce369516661578) C:\Windows\system32\drivers\amdagp.sys
2011/04/16 16:48:20.0502 4660	amdide          (9b78a39a4c173fdbc1321e0dd659b34c) C:\Windows\system32\drivers\amdide.sys
2011/04/16 16:48:20.0769 4660	AmdK7           (18f29b49ad23ecee3d2a826c725c8d48) C:\Windows\system32\drivers\amdk7.sys
2011/04/16 16:48:21.0021 4660	AmdK8           (93ae7f7dd54ab986a6f1a1b37be7442d) C:\Windows\system32\drivers\amdk8.sys
2011/04/16 16:48:21.0374 4660	arc             (5d2888182fb46632511acee92fdad522) C:\Windows\system32\drivers\arc.sys
2011/04/16 16:48:21.0535 4660	arcsas          (5e2a321bd7c8b3624e41fdec3e244945) C:\Windows\system32\drivers\arcsas.sys
2011/04/16 16:48:21.0562 4660	AsyncMac        (53b202abee6455406254444303e87be1) C:\Windows\system32\DRIVERS\asyncmac.sys
2011/04/16 16:48:21.0767 4660	atapi           (1f05b78ab91c9075565a9d8a4b880bc4) C:\Windows\system32\drivers\atapi.sys
2011/04/16 16:48:21.0856 4660	AVGIDSDriver    (5f6c56305ea73760cdafc7604d64bbe0) C:\Windows\system32\DRIVERS\AVGIDSDriver.Sys
2011/04/16 16:48:21.0910 4660	AVGIDSEH        (20a2d48722cf055c846bdeafa4f733ce) C:\Windows\system32\DRIVERS\AVGIDSEH.Sys
2011/04/16 16:48:21.0962 4660	AVGIDSFilter    (0a95333ca80ca8b79d612f3965466cc0) C:\Windows\system32\DRIVERS\AVGIDSFilter.Sys
2011/04/16 16:48:22.0083 4660	AVGIDSShim      (ab7e4b37126447ffe4fb639901012fb3) C:\Windows\system32\DRIVERS\AVGIDSShim.Sys
2011/04/16 16:48:22.0199 4660	Avgldx86        (5fe5a2c2330c376a1d8dcff8d2680a2d) C:\Windows\system32\DRIVERS\avgldx86.sys
2011/04/16 16:48:22.0232 4660	Avgmfx86        (54f1a9b4c9b540c2d8ac4baa171696b1) C:\Windows\system32\DRIVERS\avgmfx86.sys
2011/04/16 16:48:22.0694 4660	Avgrkx86        (8da3b77993c5f354cc2977b7ea06d03a) C:\Windows\system32\DRIVERS\avgrkx86.sys
2011/04/16 16:48:23.0247 4660	Avgtdix         (660788ec46f10ece80274d564fa8b4aa) C:\Windows\system32\DRIVERS\avgtdix.sys
2011/04/16 16:48:23.0704 4660	Beep            (67e506b75bd5326a3ec7b70bd014dfb6) C:\Windows\system32\drivers\Beep.sys
2011/04/16 16:48:24.0073 4660	blbdrive        (d4df28447741fd3d953526e33a617397) C:\Windows\system32\drivers\blbdrive.sys
2011/04/16 16:48:24.0127 4660	bowser          (74b442b2be1260b7588c136177ceac66) C:\Windows\system32\DRIVERS\bowser.sys
2011/04/16 16:48:24.0158 4660	BrFiltLo        (9f9acc7f7ccde8a15c282d3f88b43309) C:\Windows\system32\drivers\brfiltlo.sys
2011/04/16 16:48:24.0468 4660	BrFiltUp        (56801ad62213a41f6497f96dee83755a) C:\Windows\system32\drivers\brfiltup.sys
2011/04/16 16:48:24.0653 4660	Brserid         (b304e75cff293029eddf094246747113) C:\Windows\system32\drivers\brserid.sys
2011/04/16 16:48:25.0033 4660	BrSerWdm        (203f0b1e73adadbbb7b7b1fabd901f6b) C:\Windows\system32\drivers\brserwdm.sys
2011/04/16 16:48:25.0283 4660	BrUsbMdm        (bd456606156ba17e60a04e18016ae54b) C:\Windows\system32\drivers\brusbmdm.sys
2011/04/16 16:48:25.0525 4660	BrUsbSer        (af72ed54503f717a43268b3cc5faec2e) C:\Windows\system32\drivers\brusbser.sys
2011/04/16 16:48:25.0754 4660	BTHMODEM        (ad07c1ec6665b8b35741ab91200c6b68) C:\Windows\system32\drivers\bthmodem.sys
2011/04/16 16:48:26.0240 4660	cdfs            (7add03e75beb9e6dd102c3081d29840a) C:\Windows\system32\DRIVERS\cdfs.sys
2011/04/16 16:48:26.0469 4660	cdrom           (6b4bffb9becd728097024276430db314) C:\Windows\system32\DRIVERS\cdrom.sys
2011/04/16 16:48:27.0062 4660	circlass        (e5d4133f37219dbcfe102bc61072589d) C:\Windows\system32\drivers\circlass.sys
2011/04/16 16:48:27.0368 4660	CLFS            (d7659d3b5b92c31e84e53c1431f35132) C:\Windows\system32\CLFS.sys
2011/04/16 16:48:27.0708 4660	cmdide          (0ca25e686a4928484e9fdabd168ab629) C:\Windows\system32\drivers\cmdide.sys
2011/04/16 16:48:27.0751 4660	Compbatt        (6afef0b60fa25de07c0968983ee4f60a) C:\Windows\system32\drivers\compbatt.sys
2011/04/16 16:48:27.0802 4660	crcdisk         (741e9dff4f42d2d8477d0fc1dc0df871) C:\Windows\system32\drivers\crcdisk.sys
2011/04/16 16:48:27.0881 4660	Crusoe          (1f07becdca750766a96cda811ba86410) C:\Windows\system32\drivers\crusoe.sys
2011/04/16 16:48:28.0118 4660	DfsC            (218d8ae46c88e82014f5d73d0236d9b2) C:\Windows\system32\Drivers\dfsc.sys
2011/04/16 16:48:28.0344 4660	disk            (5d4aefc3386920236a548271f8f1af6a) C:\Windows\system32\drivers\disk.sys
2011/04/16 16:48:28.0676 4660	drmkaud         (97fef831ab90bee128c9af390e243f80) C:\Windows\system32\drivers\drmkaud.sys
2011/04/16 16:48:29.0409 4660	DXGKrnl         (c68ac676b0ef30cfbb1080adce49eb1f) C:\Windows\System32\drivers\dxgkrnl.sys
2011/04/16 16:48:30.0065 4660	E1G60           (5425f74ac0c1dbd96a1e04f17d63f94c) C:\Windows\system32\DRIVERS\E1G60I32.sys
2011/04/16 16:48:30.0632 4660	Ecache          (7f64ea048dcfac7acf8b4d7b4e6fe371) C:\Windows\system32\drivers\ecache.sys
2011/04/16 16:48:30.0906 4660	elxstor         (23b62471681a124889978f6295b3f4c6) C:\Windows\system32\drivers\elxstor.sys
2011/04/16 16:48:31.0149 4660	ErrDev          (a81ab23eddb4693612014d87367d014c) C:\Windows\system32\drivers\errdev.sys
2011/04/16 16:48:31.0704 4660	exfat           (22b408651f9123527bcee54b4f6c5cae) C:\Windows\system32\drivers\exfat.sys
2011/04/16 16:48:32.0082 4660	fastfat         (1e9b9a70d332103c52995e957dc09ef8) C:\Windows\system32\drivers\fastfat.sys
2011/04/16 16:48:32.0161 4660	fdc             (afe1e8b9782a0dd7fb46bbd88e43f89a) C:\Windows\system32\DRIVERS\fdc.sys
2011/04/16 16:48:32.0251 4660	FileInfo        (a8c0139a884861e3aae9cfe73b208a9f) C:\Windows\system32\drivers\fileinfo.sys
2011/04/16 16:48:32.0432 4660	Filetrace       (0ae429a696aecbc5970e3cf2c62635ae) C:\Windows\system32\drivers\filetrace.sys
2011/04/16 16:48:33.0651 4660	flpydisk        (85b7cf99d532820495d68d747fda9ebd) C:\Windows\system32\DRIVERS\flpydisk.sys
2011/04/16 16:48:34.0202 4660	FltMgr          (01334f9ea68e6877c4ef05d3ea8abb05) C:\Windows\system32\drivers\fltmgr.sys
2011/04/16 16:48:34.0514 4660	Fs_Rec          (65ea8b77b5851854f0c55c43fa51a198) C:\Windows\system32\drivers\Fs_Rec.sys
2011/04/16 16:48:34.0905 4660	gagp30kx        (34582a6e6573d54a07ece5fe24a126b5) C:\Windows\system32\drivers\gagp30kx.sys
2011/04/16 16:48:35.0246 4660	HdAudAddService (3f90e001369a07243763bd5a523d8722) C:\Windows\system32\drivers\HdAudio.sys
2011/04/16 16:48:35.0715 4660	HDAudBus        (062452b7ffd68c8c042a6261fe8dff4a) C:\Windows\system32\DRIVERS\HDAudBus.sys
2011/04/16 16:48:36.0363 4660	HidBth          (1338520e78d90154ed6be8f84de5fceb) C:\Windows\system32\drivers\hidbth.sys
2011/04/16 16:48:36.0846 4660	HidIr           (ff3160c3a2445128c5a6d9b076da519e) C:\Windows\system32\drivers\hidir.sys
2011/04/16 16:48:37.0228 4660	HidUsb          (cca4b519b17e23a00b826c55716809cc) C:\Windows\system32\DRIVERS\hidusb.sys
2011/04/16 16:48:37.0343 4660	HpCISSs         (7ebec5eb56b90ed65a8bbd91464e5cfb) C:\Windows\system32\drivers\hpcisss.sys
2011/04/16 16:48:37.0537 4660	HTTP            (f870aa3e254628ebeafe754108d664de) C:\Windows\system32\drivers\HTTP.sys
2011/04/16 16:48:37.0756 4660	i2omp           (c6b032d69650985468160fc9937cf5b4) C:\Windows\system32\drivers\i2omp.sys
2011/04/16 16:48:38.0100 4660	i8042prt        (22d56c8184586b7a1f6fa60be5f5a2bd) C:\Windows\system32\DRIVERS\i8042prt.sys
2011/04/16 16:48:38.0615 4660	iaStorV         (54155ea1b0df185878e0fc9ec3ac3a14) C:\Windows\system32\drivers\iastorv.sys
2011/04/16 16:48:40.0464 4660	igfx            (a9221d13d8f1f772010ee293ba9baeb7) C:\Windows\system32\DRIVERS\igdkmd32.sys
2011/04/16 16:48:41.0286 4660	iirsp           (2d077bf86e843f901d8db709c95b49a5) C:\Windows\system32\drivers\iirsp.sys
2011/04/16 16:48:41.0566 4660	intelide        (83aa759f3189e6370c30de5dc5590718) C:\Windows\system32\drivers\intelide.sys
2011/04/16 16:48:42.0143 4660	intelppm        (224191001e78c89dfa78924c3ea595ff) C:\Windows\system32\DRIVERS\intelppm.sys
2011/04/16 16:48:42.0508 4660	IpFilterDriver  (62c265c38769b864cb25b4bcf62df6c3) C:\Windows\system32\DRIVERS\ipfltdrv.sys
2011/04/16 16:48:43.0667 4660	IPMIDRV         (4b9c0f4d4a3acc535f9771039ecd6365) C:\Windows\system32\drivers\ipmidrv.sys
2011/04/16 16:48:44.0136 4660	IPNAT           (8793643a67b42cec66490b2a0cf92d68) C:\Windows\system32\DRIVERS\ipnat.sys
2011/04/16 16:48:44.0542 4660	IRENUM          (109c0dfb82c3632fbd11949b73aeeac9) C:\Windows\system32\drivers\irenum.sys
2011/04/16 16:48:45.0345 4660	isapnp          (6c70698a3e5c4376c6ab5c7c17fb0614) C:\Windows\system32\drivers\isapnp.sys
2011/04/16 16:48:45.0958 4660	iScsiPrt        (232fa340531d940aac623b121a595034) C:\Windows\system32\DRIVERS\msiscsi.sys
2011/04/16 16:48:46.0511 4660	iteatapi        (bced60d16156e428f8df8cf27b0df150) C:\Windows\system32\drivers\iteatapi.sys
2011/04/16 16:48:47.0306 4660	iteraid         (06fa654504a498c30adca8bec4e87e7e) C:\Windows\system32\drivers\iteraid.sys
2011/04/16 16:48:47.0742 4660	kbdclass        (37605e0a8cf00cbba538e753e4344c6e) C:\Windows\system32\DRIVERS\kbdclass.sys
2011/04/16 16:48:48.0721 4660	kbdhid          (ede59ec70e25c24581add1fbec7325f7) C:\Windows\system32\DRIVERS\kbdhid.sys
2011/04/16 16:48:49.0471 4660	KSecDD          (86165728af9bf72d6442a894fdfb4f8b) C:\Windows\system32\Drivers\ksecdd.sys
2011/04/16 16:48:50.0318 4660	lltdio          (d1c5883087a0c3f1344d9d55a44901f6) C:\Windows\system32\DRIVERS\lltdio.sys
2011/04/16 16:48:50.0656 4660	LSI_FC          (c7e15e82879bf3235b559563d4185365) C:\Windows\system32\drivers\lsi_fc.sys
2011/04/16 16:48:51.0006 4660	LSI_SAS         (ee01ebae8c9bf0fa072e0ff68718920a) C:\Windows\system32\drivers\lsi_sas.sys
2011/04/16 16:48:51.0696 4660	LSI_SCSI        (912a04696e9ca30146a62afa1463dd5c) C:\Windows\system32\drivers\lsi_scsi.sys
2011/04/16 16:48:52.0354 4660	luafv           (8f5c7426567798e62a3b3614965d62cc) C:\Windows\system32\drivers\luafv.sys
2011/04/16 16:48:52.0749 4660	megasas         (0001ce609d66632fa17b84705f658879) C:\Windows\system32\drivers\megasas.sys
2011/04/16 16:48:53.0211 4660	MegaSR          (c252f32cd9a49dbfc25ecf26ebd51a99) C:\Windows\system32\drivers\megasr.sys
2011/04/16 16:48:53.0968 4660	Modem           (e13b5ea0f51ba5b1512ec671393d09ba) C:\Windows\system32\drivers\modem.sys
2011/04/16 16:48:55.0058 4660	monitor         (0a9bb33b56e294f686abb7c1e4e2d8a8) C:\Windows\system32\DRIVERS\monitor.sys
2011/04/16 16:48:55.0523 4660	mouclass        (5bf6a1326a335c5298477754a506d263) C:\Windows\system32\DRIVERS\mouclass.sys
2011/04/16 16:48:55.0856 4660	mouhid          (93b8d4869e12cfbe663915502900876f) C:\Windows\system32\DRIVERS\mouhid.sys
2011/04/16 16:48:56.0539 4660	MountMgr        (bdafc88aa6b92f7842416ea6a48e1600) C:\Windows\system32\drivers\mountmgr.sys
2011/04/16 16:48:57.0473 4660	mpio            (5da347912fd3af24d7bfb3de519d4bd0) C:\Windows\system32\drivers\mpio.sys
2011/04/16 16:48:57.0915 4660	mpsdrv          (22241feba9b2defa669c8cb0a8dd7d2e) C:\Windows\system32\drivers\mpsdrv.sys
2011/04/16 16:48:58.0282 4660	Mraid35x        (4fbbb70d30fd20ec51f80061703b001e) C:\Windows\system32\drivers\mraid35x.sys
2011/04/16 16:48:58.0915 4660	MRxDAV          (82cea0395524aacfeb58ba1448e8325c) C:\Windows\system32\drivers\mrxdav.sys
2011/04/16 16:48:59.0469 4660	mrxsmb          (454341e652bdf5e01b0f2140232b073e) C:\Windows\system32\DRIVERS\mrxsmb.sys
2011/04/16 16:48:59.0973 4660	mrxsmb10        (2a4901aff069944fa945ed5bbf4dcde3) C:\Windows\system32\DRIVERS\mrxsmb10.sys
2011/04/16 16:49:00.0759 4660	mrxsmb20        (28b3f1ab44bdd4432c041581412f17d9) C:\Windows\system32\DRIVERS\mrxsmb20.sys
2011/04/16 16:49:01.0436 4660	msahci          (5457dcfa7c0da43522f4d9d4049c1472) C:\Windows\system32\drivers\msahci.sys
2011/04/16 16:49:02.0055 4660	msdsm           (2c563aef15b8d0014c36c5f27742ac7b) C:\Windows\system32\drivers\msdsm.sys
2011/04/16 16:49:03.0043 4660	Msfs            (a9927f4a46b816c92f461acb90cf8515) C:\Windows\system32\drivers\Msfs.sys
2011/04/16 16:49:03.0730 4660	msisadrv        (0f400e306f385c56317357d6dea56f62) C:\Windows\system32\drivers\msisadrv.sys
2011/04/16 16:49:04.0162 4660	MSKSSRV         (d8c63d34d9c9e56c059e24ec7185cc07) C:\Windows\system32\drivers\MSKSSRV.sys
2011/04/16 16:49:04.0424 4660	MSPCLOCK        (1d373c90d62ddb641d50e55b9e78d65e) C:\Windows\system32\drivers\MSPCLOCK.sys
2011/04/16 16:49:04.0599 4660	MSPQM           (b572da05bf4e098d4bba3a4734fb505b) C:\Windows\system32\drivers\MSPQM.sys
2011/04/16 16:49:04.0803 4660	MsRPC           (b49456d70555de905c311bcda6ec6adb) C:\Windows\system32\drivers\MsRPC.sys
2011/04/16 16:49:05.0090 4660	mssmbios        (e384487cb84be41d09711c30ca79646c) C:\Windows\system32\DRIVERS\mssmbios.sys
2011/04/16 16:49:05.0148 4660	MSTEE           (7199c1eec1e4993caf96b8c0a26bd58a) C:\Windows\system32\drivers\MSTEE.sys
2011/04/16 16:49:05.0483 4660	Mup             (6a57b5733d4cb702c8ea4542e836b96c) C:\Windows\system32\Drivers\mup.sys
2011/04/16 16:49:05.0759 4660	NativeWifiP     (85c44fdff9cf7e72a40dcb7ec06a4416) C:\Windows\system32\DRIVERS\nwifi.sys
2011/04/16 16:49:06.0204 4660	NDIS            (1357274d1883f68300aeadd15d7bbb42) C:\Windows\system32\drivers\ndis.sys
2011/04/16 16:49:06.0312 4660	NdisTapi        (0e186e90404980569fb449ba7519ae61) C:\Windows\system32\DRIVERS\ndistapi.sys
2011/04/16 16:49:06.0374 4660	Ndisuio         (d6973aa34c4d5d76c0430b181c3cd389) C:\Windows\system32\DRIVERS\ndisuio.sys
2011/04/16 16:49:06.0455 4660	NdisWan         (818f648618ae34f729fdb47ec68345c3) C:\Windows\system32\DRIVERS\ndiswan.sys
2011/04/16 16:49:06.0566 4660	NDProxy         (71dab552b41936358f3b541ae5997fb3) C:\Windows\system32\drivers\NDProxy.sys
2011/04/16 16:49:06.0615 4660	NetBIOS         (bcd093a5a6777cf626434568dc7dba78) C:\Windows\system32\DRIVERS\netbios.sys
2011/04/16 16:49:06.0828 4660	netbt           (ecd64230a59cbd93c85f1cd1cab9f3f6) C:\Windows\system32\DRIVERS\netbt.sys
2011/04/16 16:49:07.0092 4660	nfrd960         (2e7fb731d4790a1bc6270accefacb36e) C:\Windows\system32\drivers\nfrd960.sys
2011/04/16 16:49:07.0341 4660	Npfs            (d36f239d7cce1931598e8fb90a0dbc26) C:\Windows\system32\drivers\Npfs.sys
2011/04/16 16:49:07.0433 4660	nsiproxy        (609773e344a97410ce4ebf74a8914fcf) C:\Windows\system32\drivers\nsiproxy.sys
2011/04/16 16:49:07.0563 4660	Ntfs            (6a4a98cee84cf9e99564510dda4baa47) C:\Windows\system32\drivers\Ntfs.sys
2011/04/16 16:49:07.0660 4660	ntrigdigi       (e875c093aec0c978a90f30c9e0dfbb72) C:\Windows\system32\drivers\ntrigdigi.sys
2011/04/16 16:49:07.0865 4660	Null            (c5dbbcda07d780bda9b685df333bb41e) C:\Windows\system32\drivers\Null.sys
2011/04/16 16:49:08.0027 4660	nvraid          (2edf9e7751554b42cbb60116de727101) C:\Windows\system32\drivers\nvraid.sys
2011/04/16 16:49:08.0056 4660	nvstor          (abed0c09758d1d97db0042dbb2688177) C:\Windows\system32\drivers\nvstor.sys
2011/04/16 16:49:08.0224 4660	nv_agp          (18bbdf913916b71bd54575bdb6eeac0b) C:\Windows\system32\drivers\nv_agp.sys
2011/04/16 16:49:08.0445 4660	ohci1394        (6f310e890d46e246e0e261a63d9b36b4) C:\Windows\system32\DRIVERS\ohci1394.sys
2011/04/16 16:49:08.0523 4660	Parport         (8a79fdf04a73428597e2caf9d0d67850) C:\Windows\system32\DRIVERS\parport.sys
2011/04/16 16:49:08.0623 4660	partmgr         (57389fa59a36d96b3eb09d0cb91e9cdc) C:\Windows\system32\drivers\partmgr.sys
2011/04/16 16:49:08.0717 4660	Parvdm          (6c580025c81caf3ae9e3617c22cad00e) C:\Windows\system32\DRIVERS\parvdm.sys
2011/04/16 16:49:08.0851 4660	pci             (941dc1d19e7e8620f40bbc206981efdb) C:\Windows\system32\drivers\pci.sys
2011/04/16 16:49:08.0910 4660	pciide          (1636d43f10416aeb483bc6001097b26c) C:\Windows\system32\drivers\pciide.sys
2011/04/16 16:49:08.0943 4660	pcmcia          (e6f3fb1b86aa519e7698ad05e58b04e5) C:\Windows\system32\drivers\pcmcia.sys
2011/04/16 16:49:09.0014 4660	PEAUTH          (6349f6ed9c623b44b52ea3c63c831a92) C:\Windows\system32\drivers\peauth.sys
2011/04/16 16:49:09.0158 4660	PptpMiniport    (ecfffaec0c1ecd8dbc77f39070ea1db1) C:\Windows\system32\DRIVERS\raspptp.sys
2011/04/16 16:49:09.0211 4660	Processor       (2027293619dd0f047c584cf2e7df4ffd) C:\Windows\system32\drivers\processr.sys
2011/04/16 16:49:09.0356 4660	PSched          (99514faa8df93d34b5589187db3aa0ba) C:\Windows\system32\DRIVERS\pacer.sys
2011/04/16 16:49:09.0413 4660	ql2300          (0a6db55afb7820c99aa1f3a1d270f4f6) C:\Windows\system32\drivers\ql2300.sys
2011/04/16 16:49:09.0485 4660	ql40xx          (81a7e5c076e59995d54bc1ed3a16e60b) C:\Windows\system32\drivers\ql40xx.sys
2011/04/16 16:49:09.0570 4660	QWAVEdrv        (9f5e0e1926014d17486901c88eca2db7) C:\Windows\system32\drivers\qwavedrv.sys
2011/04/16 16:49:09.0629 4660	RasAcd          (147d7f9c556d259924351feb0de606c3) C:\Windows\system32\DRIVERS\rasacd.sys
2011/04/16 16:49:09.0707 4660	Rasl2tp         (a214adbaf4cb47dd2728859ef31f26b0) C:\Windows\system32\DRIVERS\rasl2tp.sys
2011/04/16 16:49:09.0824 4660	RasPppoe        (509a98dd18af4375e1fc40bc175f1def) C:\Windows\system32\DRIVERS\raspppoe.sys
2011/04/16 16:49:09.0883 4660	RasSstp         (2005f4a1e05fa09389ac85840f0a9e4d) C:\Windows\system32\DRIVERS\rassstp.sys
2011/04/16 16:49:09.0961 4660	rdbss           (b14c9d5b9add2f84f70570bbbfaa7935) C:\Windows\system32\DRIVERS\rdbss.sys
2011/04/16 16:49:10.0036 4660	RDPCDD          (89e59be9a564262a3fb6c4f4f1cd9899) C:\Windows\system32\DRIVERS\RDPCDD.sys
2011/04/16 16:49:10.0116 4660	rdpdr           (943b18305eae3935598a9b4a3d560b4c) C:\Windows\system32\drivers\rdpdr.sys
2011/04/16 16:49:10.0150 4660	RDPENCDD        (9d91fe5286f748862ecffa05f8a0710c) C:\Windows\system32\drivers\rdpencdd.sys
2011/04/16 16:49:10.0199 4660	RDPWD           (30bfbdfb7f95559ede971f9ddb9a00ba) C:\Windows\system32\drivers\RDPWD.sys
2011/04/16 16:49:10.0355 4660	rspndr          (9c508f4074a39e8b4b31d27198146fad) C:\Windows\system32\DRIVERS\rspndr.sys
2011/04/16 16:49:10.0401 4660	RT25USBAP       (d3b4872de758efa9e0740694c4461421) C:\Windows\system32\DRIVERS\rt25usbap.sys
2011/04/16 16:49:10.0459 4660	RTL8169         (283392af1860ecdb5e0f8ebd7f3d72df) C:\Windows\system32\DRIVERS\Rtlh86.sys
2011/04/16 16:49:10.0749 4660	sbp2port        (3ce8f073a557e172b330109436984e30) C:\Windows\system32\drivers\sbp2port.sys
2011/04/16 16:49:10.0917 4660	secdrv          (90a3935d05b494a5a39d37e71f09a677) C:\Windows\system32\drivers\secdrv.sys
2011/04/16 16:49:10.0991 4660	Serenum         (ce9ec966638ef0b10b864ddedf62a099) C:\Windows\system32\DRIVERS\serenum.sys
2011/04/16 16:49:11.0065 4660	Serial          (6d663022db3e7058907784ae14b69898) C:\Windows\system32\DRIVERS\serial.sys
2011/04/16 16:49:11.0150 4660	sermouse        (8af3d28a879bf75db53a0ee7a4289624) C:\Windows\system32\drivers\sermouse.sys
2011/04/16 16:49:11.0242 4660	sffdisk         (3efa810bdca87f6ecc24f9832243fe86) C:\Windows\system32\drivers\sffdisk.sys
2011/04/16 16:49:11.0298 4660	sffp_mmc        (e5eafe85815bd89095fef3144a09ab68) C:\Windows\system32\drivers\sffp_mmc.sys
2011/04/16 16:49:11.0345 4660	sffp_sd         (9f66a46c55d6f1ccabc79bb7afccc545) C:\Windows\system32\drivers\sffp_sd.sys
2011/04/16 16:49:11.0386 4660	sfloppy         (46ed8e91793b2e6f848015445a0ac188) C:\Windows\system32\drivers\sfloppy.sys
2011/04/16 16:49:11.0504 4660	sisagp          (1d76624a09a054f682d746b924e2dbc3) C:\Windows\system32\drivers\sisagp.sys
2011/04/16 16:49:11.0548 4660	SiSRaid2        (43cb7aa756c7db280d01da9b676cfde2) C:\Windows\system32\drivers\sisraid2.sys
2011/04/16 16:49:11.0669 4660	SiSRaid4        (a99c6c8b0baa970d8aa59ddc50b57f94) C:\Windows\system32\drivers\sisraid4.sys
2011/04/16 16:49:11.0723 4660	Smb             (7b75299a4d201d6a6533603d6914ab04) C:\Windows\system32\DRIVERS\smb.sys
2011/04/16 16:49:11.0866 4660	spldr           (7aebdeef071fe28b0eef2cdd69102bff) C:\Windows\system32\drivers\spldr.sys
2011/04/16 16:49:11.0919 4660	srv             (ff3cbc13db84d81f56931bc922cc37c4) C:\Windows\system32\DRIVERS\srv.sys
2011/04/16 16:49:11.0960 4660	srv2            (d15959d9f69f0d39a0153e9c244f20dd) C:\Windows\system32\DRIVERS\srv2.sys
2011/04/16 16:49:12.0018 4660	srvnet          (faa0d553a49e85008c6bb3781987c574) C:\Windows\system32\DRIVERS\srvnet.sys
2011/04/16 16:49:12.0139 4660	swenum          (7ba58ecf0c0a9a69d44b3dca62becf56) C:\Windows\system32\DRIVERS\swenum.sys
2011/04/16 16:49:12.0182 4660	Symc8xx         (192aa3ac01df071b541094f251deed10) C:\Windows\system32\drivers\symc8xx.sys
2011/04/16 16:49:12.0217 4660	Sym_hi          (8c8eb8c76736ebaf3b13b633b2e64125) C:\Windows\system32\drivers\sym_hi.sys
2011/04/16 16:49:12.0250 4660	Sym_u3          (8072af52b5fd103bbba387a1e49f62cb) C:\Windows\system32\drivers\sym_u3.sys
2011/04/16 16:49:12.0376 4660	Tcpip           (a474879afa4a596b3a531f3e69730dbf) C:\Windows\system32\drivers\tcpip.sys
2011/04/16 16:49:12.0485 4660	Tcpip6          (a474879afa4a596b3a531f3e69730dbf) C:\Windows\system32\DRIVERS\tcpip.sys
2011/04/16 16:49:12.0859 4660	tcpipreg        (608c345a255d82a6289c2d468eb41fd7) C:\Windows\system32\drivers\tcpipreg.sys
2011/04/16 16:49:13.0149 4660	TDPIPE          (5dcf5e267be67a1ae926f2df77fbcc56) C:\Windows\system32\drivers\tdpipe.sys
2011/04/16 16:49:13.0411 4660	TDTCP           (389c63e32b3cefed425b61ed92d3f021) C:\Windows\system32\drivers\tdtcp.sys
2011/04/16 16:49:13.0538 4660	tdx             (76b06eb8a01fc8624d699e7045303e54) C:\Windows\system32\DRIVERS\tdx.sys
2011/04/16 16:49:13.0709 4660	TermDD          (3cad38910468eab9a6479e2f01db43c7) C:\Windows\system32\DRIVERS\termdd.sys
2011/04/16 16:49:13.0830 4660	tssecsrv        (dcf0f056a2e4f52287264f5ab29cf206) C:\Windows\system32\DRIVERS\tssecsrv.sys
2011/04/16 16:49:13.0875 4660	tunmp           (caecc0120ac49e3d2f758b9169872d38) C:\Windows\system32\DRIVERS\tunmp.sys
2011/04/16 16:49:13.0945 4660	tunnel          (119b8184e106baedc83fce5ddf3950da) C:\Windows\system32\DRIVERS\tunnel.sys
2011/04/16 16:49:13.0991 4660	uagp35          (7d33c4db2ce363c8518d2dfcf533941f) C:\Windows\system32\drivers\uagp35.sys
2011/04/16 16:49:14.0070 4660	udfs            (d9728af68c4c7693cb100b8441cbdec6) C:\Windows\system32\DRIVERS\udfs.sys
2011/04/16 16:49:14.0132 4660	uliagpkx        (b0acfdc9e4af279e9116c03e014b2b27) C:\Windows\system32\drivers\uliagpkx.sys
2011/04/16 16:49:14.0226 4660	uliahci         (9224bb254f591de4ca8d572a5f0d635c) C:\Windows\system32\drivers\uliahci.sys
2011/04/16 16:49:14.0293 4660	UlSata          (8514d0e5cd0534467c5fc61be94a569f) C:\Windows\system32\drivers\ulsata.sys
2011/04/16 16:49:14.0367 4660	ulsata2         (38c3c6e62b157a6bc46594fada45c62b) C:\Windows\system32\drivers\ulsata2.sys
2011/04/16 16:49:14.0462 4660	umbus           (32cff9f809ae9aed85464492bf3e32d2) C:\Windows\system32\DRIVERS\umbus.sys
2011/04/16 16:49:14.0535 4660	usbccgp         (caf811ae4c147ffcd5b51750c7f09142) C:\Windows\system32\DRIVERS\usbccgp.sys
2011/04/16 16:49:14.0583 4660	usbcir          (e9476e6c486e76bc4898074768fb7131) C:\Windows\system32\drivers\usbcir.sys
2011/04/16 16:49:14.0661 4660	usbehci         (79e96c23a97ce7b8f14d310da2db0c9b) C:\Windows\system32\DRIVERS\usbehci.sys
2011/04/16 16:49:14.0747 4660	usbhub          (4673bbcb006af60e7abddbe7a130ba42) C:\Windows\system32\DRIVERS\usbhub.sys
2011/04/16 16:49:14.0837 4660	usbohci         (38dbc7dd6cc5a72011f187425384388b) C:\Windows\system32\drivers\usbohci.sys
2011/04/16 16:49:14.0896 4660	usbprint        (e75c4b5269091d15a2e7dc0b6d35f2f5) C:\Windows\system32\DRIVERS\usbprint.sys
2011/04/16 16:49:15.0000 4660	usbscan         (a508c9bd8724980512136b039bba65e9) C:\Windows\system32\DRIVERS\usbscan.sys
2011/04/16 16:49:15.0071 4660	USBSTOR         (be3da31c191bc222d9ad503c5224f2ad) C:\Windows\system32\DRIVERS\USBSTOR.SYS
2011/04/16 16:49:15.0136 4660	usbuhci         (814d653efc4d48be3b04a307eceff56f) C:\Windows\system32\DRIVERS\usbuhci.sys
2011/04/16 16:49:15.0358 4660	vga             (87b06e1f30b749a114f74622d013f8d4) C:\Windows\system32\DRIVERS\vgapnp.sys
2011/04/16 16:49:15.0413 4660	VgaSave         (2e93ac0a1d8c79d019db6c51f036636c) C:\Windows\System32\drivers\vga.sys
2011/04/16 16:49:15.0459 4660	viaagp          (5d7159def58a800d5781ba3a879627bc) C:\Windows\system32\drivers\viaagp.sys
2011/04/16 16:49:15.0501 4660	ViaC7           (c4f3a691b5bad343e6249bd8c2d45dee) C:\Windows\system32\drivers\viac7.sys
2011/04/16 16:49:15.0539 4660	viaide          (aadf5587a4063f52c2c3fed7887426fc) C:\Windows\system32\drivers\viaide.sys
2011/04/16 16:49:15.0598 4660	volmgr          (69503668ac66c77c6cd7af86fbdf8c43) C:\Windows\system32\drivers\volmgr.sys
2011/04/16 16:49:15.0634 4660	volmgrx         (23e41b834759917bfd6b9a0d625d0c28) C:\Windows\system32\drivers\volmgrx.sys
2011/04/16 16:49:15.0694 4660	volsnap         (147281c01fcb1df9252de2a10d5e7093) C:\Windows\system32\drivers\volsnap.sys
2011/04/16 16:49:15.0777 4660	vsmraid         (587253e09325e6bf226b299774b728a9) C:\Windows\system32\drivers\vsmraid.sys
2011/04/16 16:49:15.0830 4660	WacomPen        (48dfee8f1af7c8235d4e626f0c4fe031) C:\Windows\system32\drivers\wacompen.sys
2011/04/16 16:49:15.0901 4660	Wanarp          (55201897378cca7af8b5efd874374a26) C:\Windows\system32\DRIVERS\wanarp.sys
2011/04/16 16:49:15.0923 4660	Wanarpv6        (55201897378cca7af8b5efd874374a26) C:\Windows\system32\DRIVERS\wanarp.sys
2011/04/16 16:49:15.0973 4660	Wd              (78fe9542363f297b18c027b2d7e7c07f) C:\Windows\system32\drivers\wd.sys
2011/04/16 16:49:16.0077 4660	Wdf01000        (b6f0a7ad6d4bd325fbcd8bac96cd8d96) C:\Windows\system32\drivers\Wdf01000.sys
2011/04/16 16:49:16.0317 4660	WmiAcpi         (2e7255d172df0b8283cdfb7b433b864e) C:\Windows\system32\drivers\wmiacpi.sys
2011/04/16 16:49:16.0562 4660	ws2ifsl         (e3a3cb253c0ec2494d4a61f5e43a389c) C:\Windows\system32\drivers\ws2ifsl.sys
2011/04/16 16:49:16.0814 4660	WUDFRd          (ac13cb789d93412106b0fb6c7eb2bcb6) C:\Windows\system32\DRIVERS\WUDFRd.sys
2011/04/16 16:49:16.0941 4660	================================================================================
2011/04/16 16:49:16.0941 4660	Scan finished
2011/04/16 16:49:16.0941 4660	================================================================================

Sollte der Fehler noch einmal auftreten, werde ich mich sofort melden.

EDIT:
Also bisher verhält sich der PC ruhig und es scheint auch keine Laggs mehr zu geben. Ich hoffe das Problem ist nun gelöst.
Vielen Dank Cosinus für deine tatkräftige Unterstützung, ohne dich müsste ich mich wohl ewig mit dem Fehler herum ärgern. Aber wenn ich jetzt wieder so ein Problem bekomme, weiß ich jetzt, was ich dagegen tun kann / muss

Vielen lieben Dank nochmal!

cosinus · 17.04.2011, 19:10

Dann bitte jetzt CF ausführen:

ComboFix

Ein Leitfaden und Tutorium zur Nutzung von ComboFix

Lade dir ComboFix hier herunter auf deinen Desktop. Benenne es beim Runterladen um in cofi.exe.

Dann folgende Anleitung durchlesen und abarbeiten -> CCleaner Systembereinigung

Schliesse alle Programme, vor allem dein Antivirenprogramm und andere Hintergrundwächter sowie deinen Internetbrowser.

Starte cofi.exe von deinem Desktop aus, bestätige die Warnmeldungen, führe die Updates durch (falls vorgeschlagen), installiere die Wiederherstellungskonsole (falls vorgeschlagen) und lass dein System durchsuchen.
Vermeide es auch während Combofix läuft die Maus und Tastatur zu benutzen.

Im Anschluss öffnet sich automatisch eine combofix.txt, diesen Inhalt bitte kopieren ([Strg]a, [Strg]c) und in deinen Beitrag einfügen ([Strg]v). Die Datei findest du außerdem unter: C:\ComboFix.txt.

Wichtiger Hinweis:

Combofix darf ausschließlich ausgeführt werden, wenn ein Kompetenzler dies ausdrücklich empfohlen hat!
Es sollte nie auf eigene Initiative hin ausgeführt werden! Eine falsche Benutzung kann ernsthafte Computerprobleme nach sich ziehen und eine Bereinigung der Infektion noch erschweren.

15.04.2011, 19:16	#5
markusg /// Malware-holic	Host Process und ein Virus, der Tabs öffnet sorry @cosinus du warst schneller, viel spaß :-) __________________ -Verdächtige mails bitte an uns zur Analyse weiterleiten: markusg.trojaner-board@web.de Weiterleiten Anleitung: http://markusg.trojaner-board.de Mails bitte vorerst nach obiger Anleitung an markusg.trojaner-board@web.de Weiterleiten Wenn Ihr uns unterstützen möchtet

15.04.2011, 20:50	#7
cosinus /// Winkelfunktion /// TB-Süch-Tiger™	Host Process und ein Virus, der Tabs öffnet Bitte routinemäßig einen Vollscan mit Malwarebytes machen und Log posten. Denk daran, dass Malwarebytes vor jedem Scan manuell aktualisiert werden muss! Falls Logs aus älteren Scans mit Malwarebytes vorhanden sind, bitte auch davon alle posten! __________________ Logfiles bitte immer in CODE-Tags posten

Host Process und ein Virus, der Tabs öffnet

Plagegeister aller Art und deren Bekämpfung: Host Process und ein Virus, der Tabs öffnet