| |
| |||||||
Plagegeister aller Art und deren Bekämpfung: tr/kazy.mekml.1Windows 7 Wenn Du nicht sicher bist, ob Du dir Malware oder Trojaner eingefangen hast, erstelle hier ein Thema. Ein Experte wird sich mit weiteren Anweisungen melden und Dir helfen die Malware zu entfernen oder Unerwünschte Software zu deinstallieren bzw. zu löschen. Bitte schildere dein Problem so genau wie möglich. Sollte es ein Trojaner oder Viren Problem sein wird ein Experte Dir bei der Beseitigug der Infektion helfen. |
 |
21.04.2011, 03:29
| #1 |
| |  tr/kazy.mekml.1 Hallo, habe mir wahrscheinlich auch den tr/kazy.mekml.1 eingefangen. Antivir spuckt diese Meldung aus, schwarzer Bildschirm, kein Zugriff auf eigene Dateien und ständige Fehlermeldungen meine Festplatte sei defekt! Hier meine OTL-Logs: OTL.txt Code:
ATTFilter OTL logfile created on: 21.04.2011 03:18:45 - Run 1 OTL by OldTimer - Version 3.2.22.3 Folder = C:\Users\Basti\Desktop Windows Vista Home Premium Edition Service Pack 1 (Version = 6.0.6001) - Type = NTWorkstation Internet Explorer (Version = 7.0.6001.18000) Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy 2,00 Gb Total Physical Memory | 1,00 Gb Available Physical Memory | 58,00% Memory free 7,00 Gb Paging File | 5,00 Gb Available in Paging File | 80,00% Paging File free Paging file location(s): c:\pagefile.sys 0 0d:\pagefile.sys 0 0 [binary data] %SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files Drive C: | 47,31 Gb Total Space | 11,26 Gb Free Space | 23,80% Space Free | Partition Type: NTFS Drive D: | 179,72 Gb Total Space | 2,74 Gb Free Space | 1,53% Space Free | Partition Type: NTFS Drive F: | 4,36 Gb Total Space | 0,00 Gb Free Space | 0,00% Space Free | Partition Type: UDF Computer Name: BASTI-PC | User Name: Basti | Logged in as Administrator. Boot Mode: Normal | Scan Mode: Current user Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days ========== Processes (SafeList) ========== PRC - [2011.04.21 03:08:13 | 000,580,608 | ---- | M] (OldTimer Tools) -- C:\Users\Basti\Desktop\OTL.exe PRC - [2011.04.21 02:45:48 | 000,569,344 | -H-- | M] (WinTrust) -- C:\ProgramData\UEBeSifOsb.exe PRC - [2011.03.24 17:05:38 | 000,912,344 | ---- | M] (Mozilla Corporation) -- C:\Programme\Mozilla Firefox\firefox.exe PRC - [2010.05.25 19:53:50 | 002,155,848 | ---- | M] () -- D:\Programme\Acronis\DiskDirector\OSS\reinstall_svc.exe PRC - [2010.04.16 23:12:28 | 003,872,080 | ---- | M] (Microsoft Corporation) -- C:\Programme\Windows Live\Messenger\msnmsgr.exe PRC - [2008.10.29 08:29:41 | 002,927,104 | ---- | M] (Microsoft Corporation) -- C:\Windows\explorer.exe PRC - [2008.10.24 14:03:47 | 000,068,865 | ---- | M] (Avira GmbH) -- C:\Programme\Avira\AntiVir PersonalEdition Classic\sched.exe PRC - [2008.10.24 14:03:45 | 000,151,297 | ---- | M] (Avira GmbH) -- C:\Programme\Avira\AntiVir PersonalEdition Classic\avguard.exe PRC - [2008.06.12 14:28:40 | 000,266,497 | ---- | M] (Avira GmbH) -- C:\Programme\Avira\AntiVir PersonalEdition Classic\avgnt.exe PRC - [2008.01.29 17:38:32 | 000,583,048 | ---- | M] (Symantec Corporation) -- C:\Programme\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe PRC - [2008.01.19 00:33:40 | 000,896,512 | ---- | M] (Microsoft Corporation) -- C:\Programme\Windows Media Player\wmpnetwk.exe PRC - [2008.01.19 00:33:40 | 000,202,240 | ---- | M] (Microsoft Corporation) -- C:\Programme\Windows Media Player\wmpnscfg.exe PRC - [2008.01.19 00:33:32 | 001,233,920 | ---- | M] (Microsoft Corporation) -- C:\Programme\Windows Sidebar\sidebar.exe PRC - [2008.01.19 00:33:06 | 000,069,120 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\conime.exe PRC - [2007.09.27 03:05:56 | 000,734,264 | ---- | M] (Microsoft Corporation) -- C:\Programme\Microsoft Xbox 360 Accessories\XBoxStat.exe PRC - [2007.09.11 16:50:28 | 000,804,144 | ---- | M] (AVM Berlin) -- C:\Programme\FRITZ!DSL\StCenter.exe PRC - [2007.09.07 15:38:42 | 000,561,152 | ---- | M] (MSI) -- C:\Programme\System Control Manager\MGSysCtrl.exe PRC - [2007.09.04 11:14:34 | 000,087,344 | ---- | M] (AVM Berlin) -- C:\Programme\FRITZ!DSL\IGDCTRL.EXE PRC - [2007.08.23 14:37:18 | 000,061,440 | ---- | M] () -- C:\Programme\System Control Manager\edd.exe PRC - [2007.04.04 00:29:15 | 000,165,784 | ---- | M] (DT Soft Ltd.) -- C:\Programme\DAEMON Tools\daemon.exe PRC - [2007.03.22 14:06:10 | 000,028,672 | ---- | M] () -- C:\Programme\AVEO\AVEO UVC Filter Driver Kit\AveoSTI.exe PRC - [2007.03.09 16:17:06 | 002,170,880 | ---- | M] (TOSHIBA CORPORATION.) -- C:\Programme\Toshiba\Bluetooth Toshiba Stack\TosBtProc.exe PRC - [2007.03.07 14:01:18 | 000,274,432 | ---- | M] (TOSHIBA CORPORATION.) -- C:\Programme\Toshiba\Bluetooth Toshiba Stack\TosBtHSP.exe PRC - [2007.02.27 20:21:10 | 000,278,528 | ---- | M] (TOSHIBA CORPORATION.) -- C:\Programme\Toshiba\Bluetooth Toshiba Stack\TosA2dp.exe PRC - [2007.02.27 19:57:56 | 000,278,528 | ---- | M] (TOSHIBA CORPORATION.) -- C:\Programme\Toshiba\Bluetooth Toshiba Stack\TosAVRC.exe PRC - [2007.02.27 14:31:34 | 002,756,608 | ---- | M] (TOSHIBA CORPORATION.) -- C:\Programme\Toshiba\Bluetooth Toshiba Stack\TosBtMng.exe PRC - [2007.02.25 21:55:18 | 000,125,048 | ---- | M] (TOSHIBA CORPORATION) -- C:\Programme\Toshiba\Bluetooth Toshiba Stack\TosBtSrv.exe PRC - [2007.01.30 17:47:48 | 000,307,200 | ---- | M] (TOSHIBA CORPORATION.) -- C:\Programme\Toshiba\Bluetooth Toshiba Stack\TosOBEX.exe PRC - [2006.11.02 11:44:50 | 000,016,384 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\attrib.exe PRC - [2006.10.05 06:10:00 | 000,009,216 | ---- | M] (Agere Systems) -- C:\Windows\System32\agrsmsvc.exe PRC - [2006.01.23 23:14:10 | 000,069,632 | ---- | M] (TOSHIBA CORPORATION.) -- C:\Programme\Toshiba\Bluetooth Toshiba Stack\TosBtHid.exe PRC - [2005.10.23 00:00:00 | 000,385,024 | ---- | M] (Team H2O) -- C:\Programme\Syncrosoft\POS\H2O\cledx.exe ========== Modules (SafeList) ========== MOD - [2011.04.21 03:08:13 | 000,580,608 | ---- | M] (OldTimer Tools) -- C:\Users\Basti\Desktop\OTL.exe MOD - [2010.08.31 17:39:57 | 001,684,480 | ---- | M] (Microsoft Corporation) -- C:\Windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.6001.18523_none_5cdd65e20837faf2\comctl32.dll ========== Win32 Services (SafeList) ========== SRV - File not found [Auto | Stopped] -- -- (LiveUpdate Notice Ex) SRV - [2011.03.30 21:43:13 | 003,229,784 | ---- | M] () [Auto | Running] -- c:\Programme\Common Files\Akamai\netsession_win_a35e6b9.dll -- (Akamai) SRV - [2010.07.25 08:26:02 | 000,884,736 | -H-- | M] () [Auto | Stopped] -- C:\Users\Basti\AppData\Local\TVersity\Media Server\MediaServer.exe -- (TVersityMediaServer) SRV - [2010.05.25 19:53:50 | 002,155,848 | ---- | M] () [Auto | Running] -- D:\Programme\Acronis\DiskDirector\OSS\reinstall_svc.exe -- (OS Selector) SRV - [2008.10.24 14:03:47 | 000,068,865 | ---- | M] (Avira GmbH) [Auto | Running] -- C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe -- (AntiVirScheduler) SRV - [2008.10.24 14:03:45 | 000,151,297 | ---- | M] (Avira GmbH) [Auto | Running] -- C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe -- (AntiVirService) SRV - [2008.01.29 17:38:32 | 000,583,048 | ---- | M] (Symantec Corporation) [Auto | Running] -- C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe -- (LiveUpdate Notice Service) SRV - [2008.01.19 00:38:26 | 000,272,952 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Programme\Windows Defender\MpSvc.dll -- (WinDefend) SRV - [2007.09.04 11:14:34 | 000,087,344 | ---- | M] (AVM Berlin) [Auto | Running] -- C:\Program Files\FRITZ!DSL\IGDCTRL.EXE -- (IGDCTRL) SRV - [2007.08.23 14:37:18 | 000,061,440 | ---- | M] () [Auto | Running] -- C:\Programme\System Control Manager\edd.exe -- (NishService) SRV - [2007.02.25 21:55:18 | 000,125,048 | ---- | M] (TOSHIBA CORPORATION) [Auto | Running] -- C:\Programme\Toshiba\Bluetooth Toshiba Stack\TosBtSrv.exe -- (TOSHIBA Bluetooth Service) SRV - [2006.10.05 06:10:00 | 000,009,216 | ---- | M] (Agere Systems) [Auto | Running] -- C:\Windows\System32\agrsmsvc.exe -- (AgereModemAudio) ========== Driver Services (SafeList) ========== DRV - [2010.10.15 05:29:31 | 000,170,080 | ---- | M] (Acronis) [Kernel | Boot | Running] -- C:\Windows\system32\DRIVERS\snapman.sys -- (snapman) DRV - [2009.05.31 10:56:18 | 000,075,096 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\Windows\System32\drivers\avipbb.sys -- (avipbb) DRV - [2009.05.31 10:56:14 | 000,052,056 | ---- | M] (Avira GmbH) [File_System | On_Demand | Running] -- C:\Programme\Avira\AntiVir PersonalEdition Classic\avgntflt.sys -- (avgntflt) DRV - [2009.05.31 10:56:12 | 000,011,608 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\Programme\Avira\AntiVir PersonalEdition Classic\avgio.sys -- (avgio) DRV - [2009.01.30 10:12:00 | 007,544,832 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\nvlddmkm.sys -- (nvlddmkm) DRV - [2008.08.30 14:08:50 | 000,682,232 | ---- | M] () [Kernel | Boot | Running] -- C:\Windows\System32\Drivers\sptd.sys -- (sptd) DRV - [2007.11.08 19:03:26 | 000,021,248 | ---- | M] (AVIRA GmbH) [Kernel | System | Running] -- C:\Windows\System32\drivers\ssmdrv.sys -- (ssmdrv) DRV - [2007.06.25 07:37:00 | 000,084,480 | ---- | M] (Realtek Corporation ) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\Rtlh86.sys -- (RTL8169) DRV - [2007.04.30 00:45:18 | 002,219,520 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\NETw4v32.sys -- (NETw4v32) Intel(R) DRV - [2007.03.07 10:26:50 | 000,032,256 | ---- | M] (ENE TECHNOLOGY INC.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\enecir.sys -- (enecir) DRV - [2007.03.01 16:53:12 | 000,073,728 | ---- | M] (TOSHIBA Corporation.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\Tosrfhid.sys -- (Tosrfhid) DRV - [2007.02.28 22:27:06 | 000,041,344 | ---- | M] (TOSHIBA CORPORATION) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\tosrfusb.sys -- (Tosrfusb) DRV - [2007.02.24 14:42:22 | 000,039,936 | ---- | M] (REDC) [Kernel | Auto | Running] -- C:\Windows\System32\drivers\rimmptsk.sys -- (rimmptsk) DRV - [2007.02.22 19:56:24 | 000,113,920 | ---- | M] (TOSHIBA CORPORATION) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\tosrfbd.sys -- (tosrfbd) DRV - [2007.01.23 16:40:20 | 000,042,496 | ---- | M] (REDC) [Kernel | Auto | Running] -- C:\Windows\System32\drivers\rimsptsk.sys -- (rimsptsk) DRV - [2007.01.22 10:43:26 | 000,053,376 | ---- | M] (TOSHIBA Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\TosRfSnd.sys -- (TosRfSnd) DRV - [2006.12.22 05:21:52 | 000,019,456 | ---- | M] (Windows (R) Codename Longhorn DDK provider) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\MGHwCtrl.sys -- (MGHwCtrl) DRV - [2006.11.28 09:11:00 | 001,161,888 | ---- | M] (Agere Systems) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\AGRSM.sys -- (AgereSoftModem) DRV - [2006.11.20 17:55:16 | 000,036,480 | ---- | M] (TOSHIBA Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\tosrfbnp.sys -- (tosrfbnp) DRV - [2006.11.17 10:57:00 | 000,210,224 | ---- | M] (Silicon Image, Inc) [Kernel | Boot | Running] -- C:\Windows\system32\DRIVERS\Si3531.sys -- (Si3531) DRV - [2006.10.18 08:20:00 | 000,005,504 | ---- | M] (Silicon Image, Inc.) [Kernel | Boot | Running] -- C:\Windows\system32\DRIVERS\SiRemFil.sys -- (SiRemFil) DRV - [2006.10.10 19:33:00 | 000,041,600 | ---- | M] (TOSHIBA Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\tosporte.sys -- (tosporte) DRV - [2005.08.01 16:45:00 | 000,064,896 | ---- | M] (TOSHIBA Corporation) [Kernel | System | Running] -- C:\Windows\System32\drivers\tosrfcom.sys -- (Tosrfcom) DRV - [2005.05.09 20:08:40 | 000,033,792 | ---- | M] (Team H2O) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\cledx.sys -- (CLEDX) DRV - [2005.01.06 13:42:00 | 000,018,612 | ---- | M] (TOSHIBA Corporation.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\tosrfnds.sys -- (tosrfnds) DRV - [2004.11.01 05:21:00 | 000,010,368 | ---- | M] (Silicon Image, Inc.) [Kernel | Boot | Running] -- C:\Windows\system32\DRIVERS\SiWinAcc.sys -- (SiFilter) ========== Standard Registry (SafeList) ========== ========== Internet Explorer ========== IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://www.msi.com.tw IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = %SystemRoot%\system32\blank.htm IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,StartPageCache = 1 IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 ========== FireFox ========== FF - prefs.js..browser.search.selectedEngine: "Google" FF - prefs.js..extensions.enabledItems: moveplayer@movenetworks.com:1.0.0.071303000004 FF - prefs.js..extensions.enabledItems: firefox@tvunetworks.com:2 FF - prefs.js..extensions.enabledItems: 5 FF - prefs.js..extensions.enabledItems: 2 FF - prefs.js..extensions.enabledItems: 2 FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA}:6.0.21 FF - prefs.js..extensions.enabledItems: {ACAA314B-EEBA-48e4-AD47-84E31C44796C}:1.0.1 FF - HKLM\software\mozilla\Mozilla Firefox 3.6.16\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2011.03.24 17:05:39 | 000,000,000 | ---D | M] FF - HKLM\software\mozilla\Mozilla Firefox 3.6.16\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2011.03.24 17:05:39 | 000,000,000 | ---D | M] [2009.03.09 10:10:40 | 000,000,000 | -H-D | M] (No name found) -- C:\Users\Basti\AppData\Roaming\mozilla\Extensions [2011.04.20 14:02:56 | 000,000,000 | -H-D | M] (No name found) -- C:\Users\Basti\AppData\Roaming\mozilla\Firefox\Profiles\yoeosc8w.default\extensions [2010.06.28 18:11:26 | 000,000,000 | -H-D | M] (Microsoft .NET Framework Assistant) -- C:\Users\Basti\AppData\Roaming\mozilla\Firefox\Profiles\yoeosc8w.default\extensions\{20a82645-c095-46ed-80e3-08825760534b} [2010.10.03 19:10:14 | 000,000,000 | -H-D | M] (No name found) -- C:\Users\Basti\AppData\Roaming\mozilla\Firefox\Profiles\yoeosc8w.default\extensions\{40a1f5d7-afc2-498f-b264-02668d616ff6} [2011.03.11 00:43:23 | 000,000,000 | -H-D | M] ("DVDVideoSoft Menu") -- C:\Users\Basti\AppData\Roaming\mozilla\Firefox\Profiles\yoeosc8w.default\extensions\{ACAA314B-EEBA-48e4-AD47-84E31C44796C} [2010.04.03 20:04:54 | 000,000,000 | -H-D | M] (TVU Web Player) -- C:\Users\Basti\AppData\Roaming\mozilla\Firefox\Profiles\yoeosc8w.default\extensions\firefox@tvunetworks.com [2009.05.06 23:43:10 | 000,000,000 | -H-D | M] (Move Media Player) -- C:\Users\Basti\AppData\Roaming\mozilla\Firefox\Profiles\yoeosc8w.default\extensions\moveplayer@movenetworks.com [2009.03.09 10:11:14 | 000,000,000 | -H-D | M] (No name found) -- C:\Users\Basti\AppData\Roaming\mozilla\Firefox\Profiles\yoeosc8w.default\extensions\toolbar_extras@de.yahoo.com [2010.08.15 19:24:04 | 000,000,000 | ---D | M] (No name found) -- C:\Programme\Mozilla Firefox\extensions [2010.08.15 19:24:04 | 000,000,000 | ---D | M] (Java Console) -- C:\Programme\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA} [2009.03.09 09:43:37 | 000,000,000 | ---D | M] (Yahoo! Deutschland Toolbar und Extras) -- C:\Programme\Mozilla Firefox\extensions\toolbar_extras@de.yahoo.com [2009.04.07 23:28:04 | 000,000,000 | ---D | M] (Java Console) -- C:\PROGRAM FILES\MOZILLA FIREFOX\EXTENSIONS\{CAFEEFAC-0016-0000-0013-ABCDEFFEDCBA} [2010.08.15 19:24:04 | 000,000,000 | ---D | M] (Java Console) -- C:\PROGRAM FILES\MOZILLA FIREFOX\EXTENSIONS\{CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA} [2010.07.17 05:00:04 | 000,423,656 | ---- | M] (Sun Microsystems, Inc.) -- C:\Programme\Mozilla Firefox\plugins\npdeployJava1.dll [2011.03.10 01:18:15 | 000,001,392 | ---- | M] () -- C:\Programme\Mozilla Firefox\searchplugins\amazondotcom-de.xml [2011.03.10 01:18:15 | 000,002,344 | ---- | M] () -- C:\Programme\Mozilla Firefox\searchplugins\eBay-de.xml [2011.03.10 01:18:16 | 000,006,805 | ---- | M] () -- C:\Programme\Mozilla Firefox\searchplugins\leo_ende_de.xml [2011.03.10 01:18:16 | 000,001,178 | ---- | M] () -- C:\Programme\Mozilla Firefox\searchplugins\wikipedia-de.xml [2011.03.10 01:18:16 | 000,001,105 | ---- | M] () -- C:\Programme\Mozilla Firefox\searchplugins\yahoo-de.xml O1 HOSTS File: ([2006.09.18 23:41:30 | 000,000,761 | ---- | M]) - C:\Windows\System32\drivers\etc\hosts O1 - Hosts: 127.0.0.1 localhost O1 - Hosts: ::1 localhost O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - No CLSID value found. O2 - BHO: (Windows Live Anmelde-Hilfsprogramm) - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Programme\Common Files\microsoft shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corporation) O2 - BHO: (Ask Toolbar BHO) - {F0D4B231-DA4B-4daf-81E4-DFEE4931A4AA} - C:\Programme\AskSBar\bar\1.bin\ASKSBAR.DLL (Ask.com) O3 - HKLM\..\Toolbar: (Ask Toolbar) - {F0D4B239-DA4B-4daf-81E4-DFEE4931A4AA} - C:\Programme\AskSBar\bar\1.bin\ASKSBAR.DLL (Ask.com) O3 - HKCU\..\Toolbar\WebBrowser: (Ask Toolbar) - {F0D4B239-DA4B-4DAF-81E4-DFEE4931A4AA} - C:\Programme\AskSBar\bar\1.bin\ASKSBAR.DLL (Ask.com) O4 - HKLM..\Run: [AveoKeySti] File not found O4 - HKLM..\Run: [avgnt] C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe (Avira GmbH) O4 - HKLM..\Run: [H2O] C:\Programme\Syncrosoft\POS\H2O\cledx.exe (Team H2O) O4 - HKLM..\Run: [MGSysCtrl] C:\Programme\System Control Manager\MGSysCtrl.exe (MSI) O4 - HKLM..\Run: [NvCplDaemon] C:\Windows\System32\NvCpl.dll (NVIDIA Corporation) O4 - HKLM..\Run: [NvMediaCenter] C:\Windows\System32\NvMcTray.dll (NVIDIA Corporation) O4 - HKLM..\Run: [Symantec PIF AlertEng] C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe (Symantec Corporation) O4 - HKLM..\Run: [WinampAgent] File not found O4 - HKLM..\Run: [Windows Defender] C:\Program Files\Windows Defender\MSASCui.exe (Microsoft Corporation) O4 - HKCU..\Run: [cmds] File not found O4 - HKCU..\Run: [DAEMON Tools] C:\Program Files\DAEMON Tools\daemon.exe (DT Soft Ltd.) O4 - HKCU..\Run: [EA Core] File not found O4 - HKCU..\Run: [MSServer] File not found O4 - HKCU..\Run: [Smart Antivirus-2009.exe] File not found O4 - HKCU..\Run: [UEBeSifOsb] C:\ProgramData\UEBeSifOsb.exe (WinTrust) O4 - HKCU..\Run: [WMPNSCFG] C:\Programme\Windows Media Player\wmpnscfg.exe (Microsoft Corporation) O4 - Startup: C:\Users\Basti\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OpenOffice.org 3.0.lnk = C:\Programme\OpenOffice.org 3\program\quickstart.exe () O8 - Extra context menu item: Free YouTube to MP3 Converter - C:\Users\Basti\AppData\Roaming\DVDVideoSoftIEHelpers\freeyoutubetomp3converter.htm () O8 - Extra context menu item: Nach Microsoft E&xel exportieren - C:\Programme\Microsoft Office\Office12\EXCEL.EXE (Microsoft Corporation) O9 - Extra Button: An OneNote senden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Programme\Microsoft Office\Office12\ONBttnIE.dll (Microsoft Corporation) O9 - Extra 'Tools' menuitem : An OneNote s&enden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Programme\Microsoft Office\Office12\ONBttnIE.dll (Microsoft Corporation) O9 - Extra Button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\Programme\Microsoft Office\Office12\REFIEBAR.DLL (Microsoft Corporation) O13 - gopher Prefix: missing O15 - HKCU\..Trusted Domains: fritz.box ([]* in Lokales Intranet) O15 - HKCU\..Trusted Domains: msn.com ([zone] https in Vertrauenswürdige Sites) O15 - HKCU\..Trusted Ranges: Range1 ([*] in Lokales Intranet) O16 - DPF: {1E54D648-B804-468d-BC78-4AFFED8E262E} hxxp://www.nvidia.com/content/DriverDownload/srl/3.0.0.0/srl_bin/sysreqlab3.cab (System Requirements Lab Class) O16 - DPF: {5C051655-FCD5-4969-9182-770EA5AA5565} hxxp://messenger.zone.msn.com/binary/SolitaireShowdown.cab56986.cab (Solitaire Showdown Class) O16 - DPF: {74DBCB52-F298-4110-951D-AD2FF67BC8AB} hxxp://www.nvidia.com/content/DriverDownload/nforce/NvidiaSmartScan.cab (NVIDIA Smart Scan) O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_21-windows-i586.cab (Java Plug-in 1.6.0_21) O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} hxxp://cdn2.zone.msn.com/binFramework/v10/ZPAFramework.cab102118.cab (MSN Games - Installer) O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} hxxp://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab56907.cab (MessengerStatsClient Class) O16 - DPF: {CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_21-windows-i586.cab (Java Plug-in 1.6.0_21) O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_21-windows-i586.cab (Java Plug-in 1.6.0_21) O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} hxxp://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab (Shockwave Flash Object) O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab (Reg Error: Key error.) O16 - DPF: {FF3C5A9F-5A99-4930-80E8-4709194C2AD3} hxxp://zone.msn.com/bingame/zpagames/ZPA_Backgammon.cab64162.cab (MSN Games – Backgammon) O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.205.211 192.168.205.212 O18 - Protocol\Handler\livecall {828030A1-22C1-4009-854F-8E305202313F} - C:\Programme\Windows Live\Messenger\msgrapp.14.0.8117.0416.dll (Microsoft Corporation) O18 - Protocol\Handler\ms-help {314111c7-a502-11d2-bbca-00c04f8ec294} - C:\Programme\Common Files\microsoft shared\Help\hxds.dll (Microsoft Corporation) O18 - Protocol\Handler\ms-itss {0A9007C0-4076-11D3-8789-0000F8105754} - C:\Programme\Common Files\microsoft shared\Information Retrieval\msitss.dll (Microsoft Corporation) O18 - Protocol\Handler\msnim {828030A1-22C1-4009-854F-8E305202313F} - C:\Programme\Windows Live\Messenger\msgrapp.14.0.8117.0416.dll (Microsoft Corporation) O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Programme\Common Files\Skype\Skype4COM.dll (Skype Technologies) O18 - Protocol\Filter\text/xml {807563E5-5146-11D5-A672-00B0D022E945} - C:\Programme\Common Files\microsoft shared\OFFICE12\MSOXMLMF.DLL (Microsoft Corporation) O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation) O24 - Desktop WallPaper: C:\Users\Basti\Pictures\pamela_anderson_wallpaper_1024x768_003.jpg O24 - Desktop BackupWallPaper: C:\Users\Basti\Pictures\pamela_anderson_wallpaper_1024x768_003.jpg O32 - HKLM CDRom: AutoRun - 1 O32 - AutoRun File - [2006.09.18 23:43:36 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ] O33 - MountPoints2\{257c9a53-a34a-11dd-914c-0019db99ae46}\Shell - "" = AutoRun O33 - MountPoints2\{257c9a53-a34a-11dd-914c-0019db99ae46}\Shell\AutoRun\command - "" = G:\setup\rsrc\Autorun.exe O33 - MountPoints2\{257c9a53-a34a-11dd-914c-0019db99ae46}\Shell\dinstall\command - "" = G:\Directx\dxsetup.exe O33 - MountPoints2\{9aea7971-e0db-11dd-8e18-0019db99ae46}\Shell\1\Command - "" = .\recycled\info.exe O33 - MountPoints2\{9aea7971-e0db-11dd-8e18-0019db99ae46}\Shell\AutoRun\command - "" = C:\Windows\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL .\recycled\info.exe O33 - MountPoints2\{bfd3ff16-8b50-11dd-8d16-0019db99ae46}\Shell\AutoRun\command - "" = C:\Windows\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL wscript.exe UTELIAS.vbs O34 - HKLM BootExecute: (autocheck autochk *) - File not found O35 - HKLM\..comfile [open] -- "%1" %* O35 - HKLM\..exefile [open] -- "%1" %* O37 - HKLM\...com [@ = comfile] -- "%1" %* O37 - HKLM\...exe [@ = exefile] -- "%1" %* ========== Files/Folders - Created Within 30 Days ========== [2011.04.21 03:22:33 | 000,000,000 | -H-D | C] -- C:\ProgramData\Malwarebytes [2011.04.21 03:22:29 | 000,000,000 | ---D | C] -- C:\Programme\Malwarebytes' Anti-Malware [2011.04.21 03:21:57 | 007,734,208 | -H-- | C] (Malwarebytes Corporation ) -- C:\Users\Basti\Desktop\mbam-setup-1.50.1.1100.exe [2011.04.21 03:08:02 | 000,580,608 | -H-- | C] (OldTimer Tools) -- C:\Users\Basti\Desktop\OTL.exe [2011.04.21 02:45:49 | 000,569,344 | -H-- | C] (WinTrust) -- C:\ProgramData\UEBeSifOsb.exe [2011.04.13 12:14:36 | 000,292,864 | ---- | C] (Adobe Systems Incorporated) -- C:\Windows\System32\atmfd.dll [2011.04.13 12:14:36 | 000,034,304 | ---- | C] (Adobe Systems) -- C:\Windows\System32\atmlib.dll [2011.04.13 12:14:33 | 001,136,640 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mfc42.dll [2011.04.13 12:14:32 | 001,161,728 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mfc42u.dll [2011.04.13 12:14:29 | 000,025,088 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\dnscacheugc.exe [2011.04.13 12:14:23 | 000,380,928 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ieapfltr.dll [2011.04.13 12:14:22 | 000,671,232 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mstime.dll [2011.04.13 12:14:22 | 000,389,632 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\html.iec [2011.04.13 12:14:22 | 000,230,400 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ieaksie.dll [2011.04.13 12:14:21 | 001,383,424 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mshtml.tlb [2011.04.13 12:14:21 | 000,467,456 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msfeeds.dll [2011.04.13 12:14:21 | 000,389,120 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\iedkcs32.dll [2011.04.13 12:14:21 | 000,193,024 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\iepeers.dll [2011.04.13 12:14:21 | 000,078,336 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ieencode.dll [2011.04.13 12:14:21 | 000,028,160 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\jsproxy.dll [2011.04.13 12:14:18 | 002,040,832 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\win32k.sys [2011.04.13 12:14:16 | 000,512,000 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\jscript.dll [2011.04.13 12:14:16 | 000,430,080 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\vbscript.dll [2011.03.29 21:07:19 | 000,000,000 | -H-D | C] -- C:\Users\Basti\Documents\wohnung [2011.03.29 20:37:40 | 000,000,000 | -H-D | C] -- C:\Users\Basti\Documents\PIXMA_MX850_MANUAL [2011.03.27 19:06:11 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Canon MX850 series Benutzerregistrierung [2011.03.27 19:04:32 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Canon MX850 series [2011.03.27 19:02:24 | 000,000,000 | -H-D | C] -- C:\ProgramData\CanonBJ [2011.03.27 19:01:04 | 000,000,000 | -H-D | C] -- C:\Windows\System32\CanonIJ Uninstaller Information [2011.03.27 18:57:20 | 000,223,744 | ---- | C] (CANON INC.) -- C:\Windows\System32\CNMLM98.DLL [2011.03.27 18:56:01 | 000,204,800 | ---- | C] (CANON INC.) -- C:\Windows\System32\CNC850L.DLL [2011.03.27 18:56:01 | 000,188,416 | ---- | C] (Canon Inc.) -- C:\Windows\System32\CNC850O.DLL [2011.03.27 18:56:01 | 000,098,304 | ---- | C] (CANON INC.) -- C:\Windows\System32\CNC850I.DLL [2011.03.27 18:56:00 | 001,339,392 | ---- | C] (CANON INC.) -- C:\Windows\System32\CNC850C.DLL [2011.03.27 18:55:55 | 000,106,496 | ---- | C] (Canon Inc.) -- C:\Windows\System32\CNCFMSf.EXE [2011.03.27 18:55:55 | 000,003,584 | ---- | C] (Canon Inc.) -- C:\Windows\System32\CNCFLfUS.DLL [2011.03.27 18:55:55 | 000,003,584 | ---- | C] (Canon Inc.) -- C:\Windows\System32\CNCFLfTW.DLL [2011.03.27 18:55:55 | 000,003,584 | ---- | C] (Canon Inc.) -- C:\Windows\System32\CNCFLfTR.DLL [2011.03.27 18:55:55 | 000,003,584 | ---- | C] (Canon Inc.) -- C:\Windows\System32\CNCFLfTH.DLL [2011.03.27 18:55:55 | 000,003,584 | ---- | C] (Canon Inc.) -- C:\Windows\System32\CNCFLfSE.DLL [2011.03.27 18:55:55 | 000,003,584 | ---- | C] (Canon Inc.) -- C:\Windows\System32\CNCFLfRU.DLL [2011.03.27 18:55:55 | 000,003,584 | ---- | C] (Canon Inc.) -- C:\Windows\System32\CNCFLfPT.DLL [2011.03.27 18:55:55 | 000,003,584 | ---- | C] (Canon Inc.) -- C:\Windows\System32\CNCFLfPL.DLL [2011.03.27 18:55:55 | 000,003,584 | ---- | C] (Canon Inc.) -- C:\Windows\System32\CNCFLfNO.DLL [2011.03.27 18:55:55 | 000,003,584 | ---- | C] (Canon Inc.) -- C:\Windows\System32\CNCFLfKR.DLL [2011.03.27 18:55:55 | 000,003,584 | ---- | C] (Canon Inc.) -- C:\Windows\System32\CNCFLfIT.DLL [2011.03.27 18:55:55 | 000,003,584 | ---- | C] (Canon Inc.) -- C:\Windows\System32\CNCFLfID.DLL [2011.03.27 18:55:55 | 000,003,584 | ---- | C] (Canon Inc.) -- C:\Windows\System32\CNCFLfHU.DLL [2011.03.27 18:55:55 | 000,003,584 | ---- | C] (Canon Inc.) -- C:\Windows\System32\CNCFLfGR.DLL [2011.03.27 18:55:55 | 000,003,584 | ---- | C] (Canon Inc.) -- C:\Windows\System32\CNCFLfFR.DLL [2011.03.27 18:55:55 | 000,003,584 | ---- | C] (Canon Inc.) -- C:\Windows\System32\CNCFLfFI.DLL [2011.03.27 18:55:55 | 000,003,584 | ---- | C] (Canon Inc.) -- C:\Windows\System32\CNCFLfES.DLL [2011.03.27 18:55:55 | 000,003,584 | ---- | C] (Canon Inc.) -- C:\Windows\System32\CNCFLfDK.DLL [2011.03.27 18:55:55 | 000,003,584 | ---- | C] (Canon Inc.) -- C:\Windows\System32\CNCFLfDE.DLL [2011.03.27 18:55:55 | 000,003,584 | ---- | C] (Canon Inc.) -- C:\Windows\System32\CNCFLfCZ.DLL [2011.03.27 18:55:55 | 000,003,584 | ---- | C] (Canon Inc.) -- C:\Windows\System32\CNCFLfCN.DLL [2011.03.27 18:55:55 | 000,003,584 | ---- | C] (Canon Inc.) -- C:\Windows\System32\CNCFLfAR.DLL [2011.03.27 18:55:55 | 000,003,072 | ---- | C] (Canon Inc.) -- C:\Windows\System32\CNCFLfJP.DLL [2011.03.27 18:55:54 | 000,156,160 | ---- | C] (Canon Inc.) -- C:\Windows\System32\CNCF2Lf.DLL [2011.03.27 18:55:42 | 000,000,000 | -H-D | C] -- C:\Programme\CanonBJ [2011.03.27 18:55:28 | 000,363,520 | ---- | C] (CANON INC.) -- C:\Windows\System32\CNMNPPM.DLL [2011.03.27 18:55:28 | 000,143,360 | ---- | C] (CANON INC.) -- C:\Windows\System32\CNMNPUI.DLL [2011.03.27 18:54:49 | 000,000,000 | ---D | C] -- C:\Programme\Canon [3 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ] [2 C:\Windows\System32\*.tmp files -> C:\Windows\System32\*.tmp -> ] [11 C:\*.tmp files -> C:\*.tmp -> ] ========== Files - Modified Within 30 Days ========== [2011.04.21 03:22:37 | 000,000,916 | ---- | M] () -- C:\Users\Public\Desktop\Malwarebytes' Anti-Malware.lnk [2011.04.21 03:22:00 | 007,734,208 | -H-- | M] (Malwarebytes Corporation ) -- C:\Users\Basti\Desktop\mbam-setup-1.50.1.1100.exe [2011.04.21 03:12:27 | 000,003,168 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0 [2011.04.21 03:12:27 | 000,003,168 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0 [2011.04.21 03:12:22 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat [2011.04.21 03:08:13 | 000,580,608 | -H-- | M] (OldTimer Tools) -- C:\Users\Basti\Desktop\OTL.exe [2011.04.21 02:48:57 | 000,102,035 | -H-- | M] () -- C:\ProgramData\nvModes.001 [2011.04.21 02:45:48 | 000,569,344 | -H-- | M] (WinTrust) -- C:\ProgramData\UEBeSifOsb.exe [2011.04.21 00:05:08 | 000,102,035 | -H-- | M] () -- C:\ProgramData\nvModes.dat [2011.04.20 13:53:27 | 000,000,418 | -H-- | M] () -- C:\Windows\tasks\User_Feed_Synchronization-{8D3263E7-530E-4AF9-89AC-C8AF1A32D293}.job [2011.04.15 14:24:59 | 000,206,848 | -H-- | M] () -- C:\Users\Basti\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini [2011.04.14 03:37:04 | 000,363,352 | ---- | M] () -- C:\Windows\System32\FNTCACHE.DAT [2011.04.14 03:07:57 | 000,670,934 | ---- | M] () -- C:\Windows\System32\perfh007.dat [2011.04.14 03:07:57 | 000,631,636 | ---- | M] () -- C:\Windows\System32\perfh009.dat [2011.04.14 03:07:57 | 000,143,888 | ---- | M] () -- C:\Windows\System32\perfc007.dat [2011.04.14 03:07:57 | 000,118,262 | ---- | M] () -- C:\Windows\System32\perfc009.dat [2011.03.29 20:37:21 | 014,389,179 | -H-- | M] () -- C:\Users\Basti\Documents\PIXMA_MX850_MANUAL.zip [2011.03.27 19:08:54 | 000,086,432 | -H-- | M] () -- C:\Users\Basti\Documents\ausbi67.ods [2011.03.27 19:08:46 | 000,085,941 | -H-- | M] () -- C:\Users\Basti\Documents\ausbi65.ods [2011.03.27 19:08:38 | 000,086,983 | -H-- | M] () -- C:\Users\Basti\Documents\ausbi66.ods [2011.03.27 19:06:11 | 000,001,853 | ---- | M] () -- C:\Users\Public\Desktop\Canon MX850 series Benutzerregistrierung.LNK [2011.03.27 16:30:35 | 000,107,520 | -H-- | M] () -- C:\Users\Basti\Documents\ausbinachweis.xlt [2011.03.22 17:11:42 | 000,007,592 | -H-- | M] () -- C:\Users\Basti\AppData\Local\d3d9caps.dat [3 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ] [2 C:\Windows\System32\*.tmp files -> C:\Windows\System32\*.tmp -> ] [11 C:\*.tmp files -> C:\*.tmp -> ] ========== Files Created - No Company Name ========== [2011.04.21 03:22:37 | 000,000,916 | ---- | C] () -- C:\Users\Public\Desktop\Malwarebytes' Anti-Malware.lnk [2011.03.29 20:36:18 | 014,389,179 | -H-- | C] () -- C:\Users\Basti\Documents\PIXMA_MX850_MANUAL.zip [2011.03.27 19:06:11 | 000,001,853 | ---- | C] () -- C:\Users\Public\Desktop\Canon MX850 series Benutzerregistrierung.LNK [2011.03.27 18:55:55 | 000,003,584 | ---- | C] () -- C:\Windows\System32\CNCFLfNL.DLL [2011.03.27 16:57:05 | 000,086,432 | -H-- | C] () -- C:\Users\Basti\Documents\ausbi67.ods [2011.03.27 16:50:54 | 000,086,983 | -H-- | C] () -- C:\Users\Basti\Documents\ausbi66.ods [2011.03.27 16:50:45 | 000,085,941 | -H-- | C] () -- C:\Users\Basti\Documents\ausbi65.ods [2011.03.27 16:30:34 | 000,107,520 | -H-- | C] () -- C:\Users\Basti\Documents\ausbinachweis.xlt [2010.08.25 10:43:36 | 000,085,504 | ---- | C] () -- C:\Windows\System32\ff_vfw.dll [2010.03.09 15:45:51 | 000,164,193 | ---- | C] () -- C:\Windows\hpoins19.dat [2010.03.09 15:45:36 | 000,026,952 | ---- | C] () -- C:\Windows\hpomdl19.dat [2009.09.09 17:31:45 | 000,000,056 | -H-- | C] () -- C:\ProgramData\ezsidmv.dat [2009.07.29 15:25:52 | 000,007,592 | -H-- | C] () -- C:\Users\Basti\AppData\Local\d3d9caps.dat [2009.05.12 10:12:00 | 000,028,672 | ---- | C] () -- C:\Windows\System32\MFC_InstDrvDLL.dll [2009.04.11 16:03:57 | 000,000,020 | ---- | C] () -- C:\Windows\powerlist.ini [2009.04.11 15:44:37 | 000,000,013 | ---- | C] () -- C:\Windows\msgtn.ini [2009.04.11 15:43:57 | 000,000,829 | ---- | C] () -- C:\Windows\psnetwork.ini [2009.04.11 15:43:57 | 000,000,412 | ---- | C] () -- C:\Windows\powerplayer.ini [2009.03.09 15:36:08 | 000,102,035 | -H-- | C] () -- C:\ProgramData\nvModes.dat [2009.03.09 15:36:08 | 000,102,035 | -H-- | C] () -- C:\ProgramData\nvModes.001 [2008.12.02 19:48:48 | 000,066,872 | ---- | C] () -- C:\Windows\System32\PnkBstrA.exe [2008.12.02 19:48:37 | 000,138,184 | ---- | C] () -- C:\Windows\System32\drivers\PnkBstrK.sys [2008.12.02 19:48:29 | 000,183,112 | ---- | C] () -- C:\Windows\System32\PnkBstrB.exe [2008.11.28 02:15:17 | 000,100,043 | ---- | C] () -- C:\Windows\System32\StructuredQuerySchema.bin [2008.11.06 18:37:32 | 003,596,288 | ---- | C] () -- C:\Windows\System32\qt-dx331.dll [2008.11.06 18:33:02 | 000,012,288 | ---- | C] () -- C:\Windows\System32\DivXWMPExtType.dll [2008.10.07 10:13:30 | 000,197,912 | ---- | C] () -- C:\Windows\System32\physxcudart_20.dll [2008.10.07 10:13:22 | 000,058,648 | ---- | C] () -- C:\Windows\System32\AgCPanelTraditionalChinese.dll [2008.10.07 10:13:20 | 000,058,648 | ---- | C] () -- C:\Windows\System32\AgCPanelSwedish.dll [2008.10.07 10:13:20 | 000,058,648 | ---- | C] () -- C:\Windows\System32\AgCPanelSpanish.dll [2008.10.07 10:13:20 | 000,058,648 | ---- | C] () -- C:\Windows\System32\AgCPanelSimplifiedChinese.dll [2008.10.07 10:13:20 | 000,058,648 | ---- | C] () -- C:\Windows\System32\AgCPanelPortugese.dll [2008.10.07 10:13:20 | 000,058,648 | ---- | C] () -- C:\Windows\System32\AgCPanelKorean.dll [2008.10.07 10:13:20 | 000,058,648 | ---- | C] () -- C:\Windows\System32\AgCPanelJapanese.dll [2008.10.07 10:13:20 | 000,058,648 | ---- | C] () -- C:\Windows\System32\AgCPanelGerman.dll [2008.10.07 10:13:20 | 000,058,648 | ---- | C] () -- C:\Windows\System32\AgCPanelFrench.dll [2008.09.05 01:25:51 | 000,206,848 | -H-- | C] () -- C:\Users\Basti\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini [2008.07.06 23:44:41 | 000,075,069 | -H-- | C] () -- C:\Users\Basti\AppData\Roaming\nvModes.001 [2008.07.06 23:44:40 | 000,075,069 | -H-- | C] () -- C:\Users\Basti\AppData\Roaming\nvModes.dat [2007.09.02 07:37:55 | 000,110,592 | ---- | C] () -- C:\Windows\System32\MGHwCtrl.dll [2007.09.02 07:37:55 | 000,032,768 | ---- | C] () -- C:\Windows\System32\MGFPCtrl.dll [2006.12.05 13:05:06 | 000,114,688 | ---- | C] () -- C:\Windows\System32\TosBtAcc.dll [2006.11.02 17:33:31 | 000,670,934 | ---- | C] () -- C:\Windows\System32\perfh007.dat [2006.11.02 17:33:31 | 000,290,748 | ---- | C] () -- C:\Windows\System32\perfi007.dat [2006.11.02 17:33:31 | 000,143,888 | ---- | C] () -- C:\Windows\System32\perfc007.dat [2006.11.02 17:33:31 | 000,036,916 | ---- | C] () -- C:\Windows\System32\perfd007.dat [2006.11.02 14:57:28 | 000,067,584 | --S- | C] () -- C:\Windows\bootstat.dat [2006.11.02 14:47:37 | 000,363,352 | ---- | C] () -- C:\Windows\System32\FNTCACHE.DAT [2006.11.02 14:35:32 | 000,005,632 | ---- | C] () -- C:\Windows\System32\sysprepMCE.dll [2006.11.02 12:33:01 | 000,631,636 | ---- | C] () -- C:\Windows\System32\perfh009.dat [2006.11.02 12:33:01 | 000,287,440 | ---- | C] () -- C:\Windows\System32\perfi009.dat [2006.11.02 12:33:01 | 000,118,262 | ---- | C] () -- C:\Windows\System32\perfc009.dat [2006.11.02 12:33:01 | 000,030,674 | ---- | C] () -- C:\Windows\System32\perfd009.dat [2006.11.02 12:23:21 | 000,215,943 | ---- | C] () -- C:\Windows\System32\dssec.dat [2006.11.02 10:58:30 | 000,043,131 | ---- | C] () -- C:\Windows\mib.bin [2006.11.02 10:19:00 | 000,000,741 | ---- | C] () -- C:\Windows\System32\NOISE.DAT [2006.11.02 09:40:29 | 000,013,750 | ---- | C] () -- C:\Windows\System32\pacerprf.ini [2006.11.02 09:25:31 | 000,673,088 | ---- | C] () -- C:\Windows\System32\mlang.dat [2006.11.02 09:22:43 | 000,018,271 | ---- | C] () -- C:\Windows\System32\StructuredQuerySchemaTrivial.bin [2005.07.22 21:30:20 | 000,065,536 | ---- | C] () -- C:\Windows\System32\TosCommAPI.dll < End of report > Code:
ATTFilter OTL Extras logfile created on: 21.04.2011 03:41:01 - Run 1
OTL by OldTimer - Version 3.2.22.3 Folder = C:\Users\Basti\Desktop
Windows Vista Home Premium Edition Service Pack 1 (Version = 6.0.6001) - Type = NTWorkstation
Internet Explorer (Version = 7.0.6001.18000)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
2,00 Gb Total Physical Memory | 1,00 Gb Available Physical Memory | 55,00% Memory free
7,00 Gb Paging File | 5,00 Gb Available in Paging File | 80,00% Paging File free
Paging file location(s): c:\pagefile.sys 0 0d:\pagefile.sys 0 0 [binary data]
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 47,31 Gb Total Space | 11,11 Gb Free Space | 23,48% Space Free | Partition Type: NTFS
Drive D: | 179,72 Gb Total Space | 2,74 Gb Free Space | 1,53% Space Free | Partition Type: NTFS
Drive F: | 4,36 Gb Total Space | 0,00 Gb Free Space | 0,00% Space Free | Partition Type: UDF
Computer Name: BASTI-PC | User Name: Basti | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
========== Extra Registry (SafeList) ==========
========== File Associations ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- C:\Windows\System32\control.exe (Microsoft Corporation)
.hlp [@ = hlpfile] -- C:\Windows\winhlp32.exe (Microsoft Corporation)
.url [@ = InternetShortcut] -- rundll32.exe ieframe.dll,OpenURL %l
[HKEY_CURRENT_USER\SOFTWARE\Classes\<extension>]
.html [@ = FirefoxHTML] -- C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation)
========== Shell Spawning ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
hlpfile [open] -- %SystemRoot%\winhlp32.exe %1 (Microsoft Corporation)
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
InternetShortcut [open] -- rundll32.exe ieframe.dll,OpenURL %l
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [AddToPlaylistVLC] -- "C:\Program Files\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" ()
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [OneNote.Open] -- C:\PROGRA~1\MICROS~2\Office12\ONENOTE.EXE "%L" (Microsoft Corporation)
Directory [PlayWithVLC] -- "C:\Program Files\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" ()
Directory [TVersity] -- "C:\Users\Basti\AppData\Local\TVersity\Media Server\GUILaunch.exe" -type "folder" -url "%1" -title "" -tags "" ()
Directory [Winamp.Bookmark] -- "C:\Program Files\Winamp\winamp.exe" /BOOKMARK "%1" (Nullsoft)
Directory [Winamp.Enqueue] -- "C:\Program Files\Winamp\winamp.exe" /ADD "%1" (Nullsoft)
Directory [Winamp.Play] -- "C:\Program Files\Winamp\winamp.exe" "%1" (Nullsoft)
Folder [open] -- %SystemRoot%\Explorer.exe /separate,/idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /separate,/e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
========== Security Center Settings ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1
"UacDisableNotify" = 1
"InternetSettingsDisableNotify" = 1
"AutoUpdateDisableNotify" = 1
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
"DisableMonitoring" = 1
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus]
"DisableMonitoring" = 1
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall]
"DisableMonitoring" = 1
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0
"VistaSp1" = Reg Error: Unknown registry data type -- File not found
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]
========== Firewall Settings ==========
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
========== Authorized Applications List ==========
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
"C:\Program Files\PPStream\PPStream.exe" = C:\Program Files\PPStream\PPStream.exe:*:Enabled:PPSÍøÂçµçÊÓ -- (PPStream Inc.)
"C:\Program Files\PPStream\PPSAP.exe" = C:\Program Files\PPStream\PPSAP.exe:*:Enabled:PPS ÍøÂç¼ÓËÙÆ÷ -- (PPStream Inc)
========== Vista Active Open Ports Exception List ==========
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{0480238D-A439-4BBC-89BE-8D84DD82B9E4}" = rport=2177 | protocol=6 | dir=out | svc=qwave | app=c:\windows\system32\svchost.exe |
"{0CEEBE93-4ED9-48EB-A444-F6AFF087E0EA}" = lport=49161 | protocol=6 | dir=in | name=akamai netsession interface |
"{10176D6B-3C9A-4EF0-A73B-CA3F9ADBCA9C}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=c:\windows\system32\svchost.exe |
"{14EA2ABE-8687-40AB-88DB-379553C89D98}" = lport=2177 | protocol=6 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{16FC42EC-F47D-4776-A9E8-322E81B607B0}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=svchost.exe |
"{1CF57C01-0B7D-4DA6-982A-B7E9E0488776}" = lport=50001 | protocol=6 | dir=in | name=vuze |
"{2D4E0BBE-BE7B-4A4F-8E4C-42CC35BBDEED}" = rport=2177 | protocol=6 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{3B0D828B-D1C4-4518-9897-A1AE8EC89FE2}" = lport=2869 | protocol=6 | dir=in | app=system |
"{3E6C8C36-28C2-4688-8BAC-A058B75D3C9E}" = rport=10244 | protocol=6 | dir=out | app=system |
"{435C7F28-3AF6-4191-B2F0-BDCF83CE3D06}" = lport=2177 | protocol=17 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{48690AC3-3002-43EE-8B2D-DEC79F8A1FD3}" = lport=2177 | protocol=6 | dir=in | svc=qwave | app=c:\windows\system32\svchost.exe |
"{4A02DC9F-4706-4C6A-8B64-28D2005F1E42}" = lport=2869 | protocol=6 | dir=in | app=system |
"{6663AA09-EE6F-433E-ADFA-611061FF7264}" = rport=10244 | protocol=6 | dir=out | app=system |
"{66D624CC-8AD4-44E7-9644-16C4445A1241}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{68D09A99-649C-4B8D-998F-D102F74E22E2}" = rport=10243 | protocol=6 | dir=out | app=system |
"{74943D2A-320B-41AE-BBB9-999FD4340CB1}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=c:\windows\system32\svchost.exe |
"{785C353D-AA32-458D-ADC0-8FE2808B5347}" = lport=5000 | protocol=17 | dir=in | name=akamai netsession interface |
"{7A51C5B3-3C9A-4B5D-83AD-A72B78C859A3}" = lport=10244 | protocol=6 | dir=in | app=system |
"{7F68F46F-2100-484C-9A5E-1C486CA0E4CA}" = lport=808 | protocol=6 | dir=in | svc=nettcpactivator | app=c:\windows\microsoft.net\framework\v4.0.30319\smsvchost.exe |
"{8752B766-2AFC-41B8-9811-7EEA6D4BC344}" = lport=10243 | protocol=6 | dir=in | app=system |
"{8EF7ACDC-E5F9-4715-A540-870F5F171AFD}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=c:\windows\system32\svchost.exe |
"{90EC38E8-6D35-4DBC-A7D0-FF90A0EF7704}" = lport=5000 | protocol=17 | dir=in | name=akamai netsession interface |
"{917F1CEB-D2D8-4ACC-95B9-E469B79C5692}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{9405977B-AF36-4958-A0EF-FAA105692365}" = lport=554 | protocol=6 | dir=in | app=c:\windows\ehome\ehshell.exe |
"{94533F7A-49A5-4A01-A1A4-563EF992D488}" = lport=2177 | protocol=6 | dir=in | svc=qwave | app=c:\windows\system32\svchost.exe |
"{A1402820-8DC9-469C-9493-6B47510D4D04}" = rport=2177 | protocol=6 | dir=out | svc=qwave | app=c:\windows\system32\svchost.exe |
"{A1F27024-27CA-46DA-B105-DC424F7E1750}" = rport=2177 | protocol=17 | dir=out | svc=qwave | app=c:\windows\system32\svchost.exe |
"{A6A37339-7143-45F6-93C3-4D9CF6670A42}" = lport=2177 | protocol=17 | dir=in | svc=qwave | app=c:\windows\system32\svchost.exe |
"{AADB7CA4-B33C-4DC9-8F7C-3628EF5D4906}" = rport=2177 | protocol=17 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{BAFD726B-0064-43A6-8DC2-C29525722BEE}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=c:\windows\system32\svchost.exe |
"{BC90D045-1A35-415B-9740-4D4C69F3859D}" = lport=554 | protocol=6 | dir=in | app=c:\windows\ehome\ehshell.exe |
"{D0573E56-1291-48F3-916D-A1A76A429163}" = lport=3390 | protocol=6 | dir=in | app=system |
"{D6915033-CE42-453F-B5E3-FFF11623E397}" = lport=3390 | protocol=6 | dir=in | app=system |
"{DB2FA487-7C5A-4387-8A73-A84F6435BB1C}" = lport=50001 | protocol=17 | dir=in | name=vuzeudp |
"{DC039100-8836-4E52-9C74-CFCCF1FCFC76}" = lport=2177 | protocol=17 | dir=in | svc=qwave | app=c:\windows\system32\svchost.exe |
"{DCB48DAC-8033-4DED-8D68-A4EB20A32E6D}" = lport=10244 | protocol=6 | dir=in | app=system |
"{DDB6495B-1564-4D68-AADE-43A730F15E3A}" = lport=49161 | protocol=6 | dir=in | name=akamai netsession interface |
"{E13BBC2B-1EE4-4AA6-A967-5F7E630E0DC4}" = lport=7777 | protocol=17 | dir=in | app=c:\windows\ehome\ehshell.exe |
"{F5334E2A-414A-405D-BB74-05CB3F7941C0}" = rport=2177 | protocol=17 | dir=out | svc=qwave | app=c:\windows\system32\svchost.exe |
"{F78E9F03-AD05-443A-9311-3B939C97BC72}" = lport=7777 | protocol=17 | dir=in | app=c:\windows\ehome\ehshell.exe |
========== Vista Active Application Exception List ==========
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{013BD9BC-540B-4FC1-9BD7-27A95CFBAA1A}" = protocol=6 | dir=in | app=c:\program files\microsoft office\office12\onenote.exe |
"{0760B0C7-3119-47B6-B571-4BA89AC2BFFB}" = protocol=6 | dir=in | app=c:\program files\fritz!dsl\igdctrl.exe |
"{0C94A18E-9B3A-45E9-AEB7-C7EF43D08070}" = protocol=6 | dir=out | app=c:\windows\ehome\ehshell.exe |
"{2C55B68C-99D6-4B7E-8547-4668A161F0D1}" = protocol=6 | dir=out | app=c:\windows\ehome\mcx2prov.exe |
"{31E216C4-332A-406E-90EB-FDFE3DB4003A}" = protocol=17 | dir=out | app=c:\windows\ehome\ehshell.exe |
"{3D8009F9-66E8-4F31-956F-5210050FBB20}" = protocol=17 | dir=in | app=d:\call of duty - world at war\codwaw.exe |
"{3DBA5B88-D456-4B1B-B3E2-D5367EFADEBE}" = protocol=6 | dir=out | app=c:\windows\ehome\ehshell.exe |
"{458BF580-CB93-4DC9-B32D-FF2B588F9ED2}" = protocol=17 | dir=in | app=c:\program files\fritz!dsl\fboxupd.exe |
"{517C3996-CAF0-4C52-9D91-BC5647153A52}" = protocol=6 | dir=out | svc=mcx2svc | app=c:\windows\system32\svchost.exe |
"{75014B41-C0BF-47DA-99EB-E624F6638FC6}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{7BBDF974-EF4C-44F4-AD49-53EEEFEC33B8}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe |
"{7F44CB82-B290-4741-951E-548B1F2B8FD7}" = protocol=6 | dir=in | app=d:\call of duty - world at war\codwawmp.exe |
"{99C17028-F6C6-46DE-AA02-1E28F78072C6}" = protocol=6 | dir=in | app=c:\users\basti\appdata\local\tversity\media server\mediaserver.exe |
"{9ADA5464-5E57-452D-A8E4-63756EF73AE8}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{9D77A592-11CF-44B3-A76B-D38D0DDD8F7F}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{9ED7FCDC-6F4F-4D91-9747-965015E41069}" = protocol=6 | dir=in | app=d:\call of duty - world at war\codwaw.exe |
"{A0D955D3-1D1A-4F12-A255-13113B61BCA8}" = protocol=6 | dir=out | svc=mcx2svc | app=c:\windows\system32\svchost.exe |
"{A6A2206A-8EDC-4FF7-82D5-C509FA43B009}" = protocol=6 | dir=out | svc=upnphost | app=%systemroot%\system32\svchost.exe |
"{AA37E326-1306-4127-8A4C-1CEF576726B8}" = dir=in | app=c:\program files\windows live\messenger\msnmsgr.exe |
"{AB610899-5CBD-4F21-9E3C-5855E2EB0070}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe |
"{AB8C0860-F581-401A-AD73-D0F6DE69EB67}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{B09EAC25-88C6-4C93-9ECF-4741F525CD92}" = protocol=17 | dir=in | app=c:\program files\fritz!dsl\webwaigd.exe |
"{B0B5BA1B-F4D3-46D5-90A0-05CE25717085}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe |
"{B1609969-BEA3-4725-BBB0-2B160CDA20F9}" = protocol=17 | dir=out | app=c:\windows\ehome\ehshell.exe |
"{BC141F76-40BB-4673-A0D6-04604A9DDA9D}" = protocol=17 | dir=in | app=c:\program files\fritz!dsl\igdctrl.exe |
"{BCF2C58F-9FA7-451B-BB38-F78752A05475}" = protocol=6 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe |
"{C90D13C4-D0AF-49C0-BEE8-0260CBEEA456}" = dir=in | app=c:\program files\cyberlink\powerdirector express\pdx.exe |
"{CEF1E102-F108-45F1-AD70-BAD9B904F686}" = protocol=6 | dir=out | app=c:\windows\ehome\mcx2prov.exe |
"{D3832025-A589-4F0D-877A-CEAA160F765E}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{D4258166-D00E-4785-9286-17AA09A01CE0}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe |
"{DCD0F455-EA11-4C75-87B0-8649F2A72622}" = protocol=6 | dir=in | app=c:\program files\fritz!dsl\webwaigd.exe |
"{E1E749EA-C830-4C97-A757-351DF17A1A3D}" = protocol=17 | dir=in | app=c:\program files\microsoft office\office12\onenote.exe |
"{E57BBC30-7B60-40B2-8F42-48D99522B74C}" = protocol=17 | dir=in | app=c:\users\basti\appdata\local\tversity\media server\mediaserver.exe |
"{E77089A5-087B-4D50-BB08-9A30FEB42139}" = protocol=6 | dir=in | app=c:\program files\fritz!dsl\fboxupd.exe |
"{F0995D43-341C-4140-85F3-3A961A80F153}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe |
"{F3B917CF-9E3D-4ECC-AAA7-AE4E92A35279}" = protocol=6 | dir=out | app=system |
"{FDBEC566-A783-468E-8D59-E5F224F0F64B}" = protocol=17 | dir=in | app=d:\call of duty - world at war\codwawmp.exe |
"TCP Query User{11864471-F79F-4726-9615-A4AA9C07BA2C}D:\electronic arts\eadm\core.exe" = protocol=6 | dir=in | app=d:\electronic arts\eadm\core.exe |
"TCP Query User{27C7DD88-072E-4A39-96CE-A4BF54815C8C}D:\program files\vuze\azureus.exe" = protocol=6 | dir=in | app=d:\program files\vuze\azureus.exe |
"TCP Query User{3AF0B694-6DD0-44CE-90F6-003DDC190CDE}C:\program files\mozilla firefox\firefox.exe" = protocol=6 | dir=in | app=c:\program files\mozilla firefox\firefox.exe |
"TCP Query User{4B033598-C7E1-41A4-BE04-A642C846E292}D:\electronic arts\eadm\core.exe" = protocol=6 | dir=in | app=d:\electronic arts\eadm\core.exe |
"TCP Query User{58971C0B-F701-462A-8462-D2DB83A94DBE}C:\program files\sopcast\sopcast.exe" = protocol=6 | dir=in | app=c:\program files\sopcast\sopcast.exe |
"TCP Query User{66A8E826-0BEF-4EBA-94F7-512EB7DE1FC3}C:\program files\java\jre6\bin\javaw.exe" = protocol=6 | dir=in | app=c:\program files\java\jre6\bin\javaw.exe |
"TCP Query User{D12808A3-6582-45D7-B8C4-2F6FEBBA2917}C:\program files\sopcast\adv\sopadver.exe" = protocol=6 | dir=in | app=c:\program files\sopcast\adv\sopadver.exe |
"TCP Query User{D6DE786D-1C09-4E64-8AD4-CDAA8E10413C}C:\program files\java\jre6\bin\java.exe" = protocol=6 | dir=in | app=c:\program files\java\jre6\bin\java.exe |
"TCP Query User{FE28C814-1C12-48EB-A445-AC8B819989B0}D:\program files\vuze\azureus.exe" = protocol=6 | dir=in | app=d:\program files\vuze\azureus.exe |
"UDP Query User{07DB2828-EB82-44B6-9D92-3F577FDDB594}C:\program files\java\jre6\bin\javaw.exe" = protocol=17 | dir=in | app=c:\program files\java\jre6\bin\javaw.exe |
"UDP Query User{1407F657-A510-4803-9209-8C3EE32CC405}D:\electronic arts\eadm\core.exe" = protocol=17 | dir=in | app=d:\electronic arts\eadm\core.exe |
"UDP Query User{323E3039-3CBB-4D94-8E70-955B0ED29CEF}D:\program files\vuze\azureus.exe" = protocol=17 | dir=in | app=d:\program files\vuze\azureus.exe |
"UDP Query User{3F43C682-71B6-4584-9F97-F34298307D9F}C:\program files\sopcast\adv\sopadver.exe" = protocol=17 | dir=in | app=c:\program files\sopcast\adv\sopadver.exe |
"UDP Query User{478DECA8-3DB5-499D-99A8-AF9474F4B180}D:\electronic arts\eadm\core.exe" = protocol=17 | dir=in | app=d:\electronic arts\eadm\core.exe |
"UDP Query User{6D3FAD3B-91E8-409E-8624-617616CA2E81}C:\program files\java\jre6\bin\java.exe" = protocol=17 | dir=in | app=c:\program files\java\jre6\bin\java.exe |
"UDP Query User{841738A0-A188-4901-873C-E6F8597F04EC}C:\program files\sopcast\sopcast.exe" = protocol=17 | dir=in | app=c:\program files\sopcast\sopcast.exe |
"UDP Query User{94895169-7EE6-4AE1-803D-011FFB25C8AA}C:\program files\mozilla firefox\firefox.exe" = protocol=17 | dir=in | app=c:\program files\mozilla firefox\firefox.exe |
"UDP Query User{E1B666E7-F5C2-4A4C-8D78-B236A23DAF7F}D:\program files\vuze\azureus.exe" = protocol=17 | dir=in | app=d:\program files\vuze\azureus.exe |
========== HKEY_LOCAL_MACHINE Uninstall List ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{002D9D5E-29BA-3E6D-9BC4-3D7D6DBC735C}" = Microsoft Visual C++ 2008 ATL Update kb973924 - x86 9.0.30729.4148
"{04B45310-A5FE-4425-BFCA-1A6D8920DE74}" = OpenOffice.org 3.0
"{0A0CADCF-78DA-33C4-A350-CD51849B9702}" = Microsoft .NET Framework 4 Extended
"{0D2E9DCB-9938-475E-B4DD-8851738852FF}" = AIO_Scan
"{1199FAD5-9546-44f3-81CF-FFDB8040B7BF}_Canon_MX850_series" = Canon MX850 series
"{13F3917B56CD4C25848BDC69916971BB}" = DivX Converter
"{1451DE6B-ABE1-4F62-BE9A-B363A17588A2}" = QuickTime
"{1746EA69-DCB6-4408-B5A5-E75F55439CDF}" = Scan
"{179C56A4-F57F-4561-8BBF-F911D26EB435}" = WebReg
"{18D10072035C4515918F7E37EAFAACFC}" = AutoUpdate
"{1FBF6C24-C1FD-4101-A42B-0C564F9E8E79}" = DVD Suite
"{205C6BDD-7B73-42DE-8505-9A093F35A238}" = Windows Live-Uploadtool
"{22B775E7-6C42-4FC5-8E10-9A5E3257BD94}" = MSVCRT
"{23F76BD5-9DD6-4121-900B-FBBDF81DC74A}" = AveoCap
"{2457326B-C110-40C3-89B0-889CC913871A}" = AVM FRITZ!DSL
"{26A24AE4-039D-4CA4-87B4-2F83216010FF}" = Java(TM) 6 Update 21
"{3175E049-F9A9-4A3D-8F19-AC9FB04514D1}" = Windows Live Communications Platform
"{3C3901C5-3455-3E0A-A214-0B093A5070A6}" = Microsoft .NET Framework 4 Client Profile
"{3FA365DF-2D68-45ED-8F83-8C8A33E65143}" = Apple Application Support
"{3FC7CBBC4C1E11DCA1A752EA55D89593}" = DivX Version Checker
"{40BF1E83-20EB-11D8-97C5-0009C5020658}" = Power2Go 5.0
"{49F2B650-2D7B-4F59-B33D-346F63776BD3}" = DocProc
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{4EA2F95F-A537-4d17-9E7F-6B3FF8D9BBE3}" = Microsoft Works
"{59F6A514-9813-47A3-948C-8A155460CC2A}" = RICOH R5C83x/84x Flash Media Controller Driver Ver.3.51.01
"{66E6CE0C-5A1E-430C-B40A-0C90FF1804A8}" = eSupportQFolder
"{67D3F1A0-A1F2-49b7-B9EE-011277B170CD}" = HPProductAssistant
"{6956856F-B6B3-4BE0-BA0B-8F495BE32033}" = Apple Software Update
"{69FDFBB6-351D-4B8C-89D8-867DC9D0A2A4}" = Windows Media Player Firefox Plugin
"{7299052b-02a4-4627-81f2-1818da5d550d}" = Microsoft Visual C++ 2005 Redistributable
"{767CC44C-9BBC-438D-BAD3-FD4595DD148B}" = VC80CRTRedist - 8.0.50727.762
"{770657D0-A123-3C07-8E44-1C83EC895118}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
"{7A7DC702-DEDE-42A8-8722-B3BA724D546F}" = Fax
"{7B63B2922B174135AFC0E1377DD81EC2}" = DivX Codec
"{825E9A84-1E03-4526-9F8E-45015C938A7C}" = WBFS Manager 4.0
"{83E2CFA9-E0EB-4E08-9F85-43E577FF3D60}" = Windows Live Anmelde-Assistent
"{86CE85E6-DBAC-3FFD-B977-E4B79F83C909}" = Microsoft Visual C++ 2008 Redistributable - KB2467174 - x86 9.0.30729.5570
"{87E2B986-07E8-477a-93DC-AF0B6758B192}" = DocProcQFolder
"{8833FFB6-5B0C-4764-81AA-06DFEED9A476}" = Realtek 8169 PCI, 8168 and 8101E PCIe Ethernet Network Card Driver for Windows Vista
"{8AAB4176-A747-493A-A42C-B63CFADFD8E3}" = NVIDIA PhysX
"{8ADFC4160D694100B5B8A22DE9DCABD9}" = DivX Player
"{8C6027FD-53DC-446D-BB75-CACD7028A134}" = HP Update
"{90120000-0016-0407-0000-0000000FF1CE}" = Microsoft Office Excel MUI (German) 2007
"{90120000-0016-0407-0000-0000000FF1CE}_HOMESTUDENTR_{9BD40163-B95D-4B07-8991-0AB775B6D88B}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0018-0407-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (German) 2007
"{90120000-0018-0407-0000-0000000FF1CE}_HOMESTUDENTR_{9BD40163-B95D-4B07-8991-0AB775B6D88B}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-001B-0000-0000-0000000FF1CE}" = Microsoft Office Word 2007
"{90120000-001B-0000-0000-0000000FF1CE}_WORD_{0B36C6D6-F5D8-4EAF-BF94-4376A230AD5B}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-001B-0000-0000-0000000FF1CE}_WORD_{3D019598-7B59-447A-80AE-815B703B84FF}" = Security Update for Microsoft Office system 2007 (972581)
"{90120000-001B-0407-0000-0000000FF1CE}" = Microsoft Office Word MUI (German) 2007
"{90120000-001B-0407-0000-0000000FF1CE}_HOMESTUDENTR_{9BD40163-B95D-4B07-8991-0AB775B6D88B}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-001B-0407-0000-0000000FF1CE}_WORD_{9BD40163-B95D-4B07-8991-0AB775B6D88B}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-001F-0407-0000-0000000FF1CE}" = Microsoft Office Proof (German) 2007
"{90120000-001F-0407-0000-0000000FF1CE}_HOMESTUDENTR_{A0516415-ED61-419A-981D-93596DA74165}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-001F-0407-0000-0000000FF1CE}_WORD_{A0516415-ED61-419A-981D-93596DA74165}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2007
"{90120000-001F-0409-0000-0000000FF1CE}_HOMESTUDENTR_{ABDDE972-355B-4AF1-89A8-DA50B7B5C045}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-001F-0409-0000-0000000FF1CE}_WORD_{ABDDE972-355B-4AF1-89A8-DA50B7B5C045}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2007
"{90120000-001F-040C-0000-0000000FF1CE}_HOMESTUDENTR_{F580DDD5-8D37-4998-968E-EBB76BB86787}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-001F-040C-0000-0000000FF1CE}_WORD_{F580DDD5-8D37-4998-968E-EBB76BB86787}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-001F-0410-0000-0000000FF1CE}" = Microsoft Office Proof (Italian) 2007
"{90120000-001F-0410-0000-0000000FF1CE}_HOMESTUDENTR_{322296D4-1EAE-4030-9FBC-D2787EB25FA2}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-001F-0410-0000-0000000FF1CE}_WORD_{322296D4-1EAE-4030-9FBC-D2787EB25FA2}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-002C-0407-0000-0000000FF1CE}" = Microsoft Office Proofing (German) 2007
"{90120000-006E-0407-0000-0000000FF1CE}" = Microsoft Office Shared MUI (German) 2007
"{90120000-006E-0407-0000-0000000FF1CE}_HOMESTUDENTR_{26454C26-D259-4543-AA60-3189E09C5F76}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-006E-0407-0000-0000000FF1CE}_WORD_{26454C26-D259-4543-AA60-3189E09C5F76}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-00A1-0407-0000-0000000FF1CE}" = Microsoft Office OneNote MUI (German) 2007
"{90120000-00A1-0407-0000-0000000FF1CE}_HOMESTUDENTR_{9BD40163-B95D-4B07-8991-0AB775B6D88B}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{91120000-002F-0000-0000-0000000FF1CE}" = Microsoft Office Home and Student 2007
"{91120000-002F-0000-0000-0000000FF1CE}_HOMESTUDENTR_{0B36C6D6-F5D8-4EAF-BF94-4376A230AD5B}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{91120000-002F-0000-0000-0000000FF1CE}_HOMESTUDENTR_{3D019598-7B59-447A-80AE-815B703B84FF}" = Security Update for Microsoft Office system 2007 (972581)
"{95120000-00B9-0409-0000-0000000FF1CE}" = Microsoft Application Error Reporting
"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
"{9CCC78EF-027E-40E0-9B61-39932C65E3FE}" = Acronis*Disk*Director*Home
"{a0fe116e-9a8a-466f-aee0-625cb7c207e3}" = Microsoft Visual C++ 2005 Redistributable - KB2467175
"{A36CD345-625C-4d6c-B3E2-76E1248CB451}" = SolutionCenter
"{A96E97134CA649888820BCDE5E300BBD}" = H.264 Decoder
"{AAC389499AEF40428987B3D30CFC76C9}" = MKV Splitter
"{AC76BA86-7AD7-1031-7B44-A94000000001}" = Adobe Reader 9.4.2 - Deutsch
"{AED2DD42-9853-407E-A6BC-8A1D6B715909}" = Windows Live Messenger
"{AEF9DC35ADDF4825B049ACBFD1C6EB37}" = AAC Decoder
"{B13A7C41581B411290FBC0395694E2A9}" = DivX Converter
"{B727BD4D-0C42-43F7-AC60-4AFBDDC732BD}" = FlexPoints 2.01
"{B7A0CE06-068E-11D6-97FD-0050BACBF861}" = PowerProducer
"{BE77A81F-B315-4666-9BF3-AE70C0ADB057}" = BufferChm
"{C716522C-3731-4667-8579-40B098294500}" = Toolbox
"{C916D86C-AB76-49c7-B0E4-A946E0FD9BC2}" = HP Photosmart, Officejet, PSC and Deskjet All-In-One Driver Software 8.0.B
"{CAFA57E8-8927-4912-AFCF-B0AA3837E989}" = Windows Live Essentials
"{CC13FB47-0B90-46C3-9BB7-57D2DB455D4D}" = Microsoft Xbox 360 Accessories 1.1
"{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1
"{CEBB6BFB-D708-4F99-A633-BC2600E01EF6}" = Bluetooth Stack for Windows by Toshiba
"{D103C4BA-F905-437A-8049-DB24763BBE36}" = Skype™ 4.2
"{D2041A37-5FEC-49F0-AE5C-3F2FFDFAA4F4}" = Windows Live Call
"{DBA4DB9D-EE51-4944-A419-98AB1F1249C8}" = LiveUpdate Notice (Symantec Corporation)
"{E06F04B9-45E6-4AC0-8083-85F7515F40F7}" = UnloadSupport
"{E09575B2-498D-4C8B-A9D2-623F78574F29}" = AIO_CDB_Software
"{E7112940-5F8E-4918-B9FE-251F2F8DC81F}" = AIO_CDB_ProductContext
"{EB21A812-671B-4D08-B974-2A347F0D8F70}" = HP Photosmart Essential
"{ED9C5D25-55DF-48D8-9328-2AC0D75DE5D8}" = System Control Manager
"{EDE721EC-870A-11D8-9D75-000129760D75}" = PowerDirector Express
"{F0E12BBA-AD66-4022-A453-A1C8A0C4D570}" = Microsoft Choice Guard
"{F1E63043-54FC-429B-AB2C-31AF9FBA4BC7}" = 32 Bit HP CIO Components Installer
"AC3Filter" = AC3Filter (remove only)
"Achtung, die Kurve!" = Achtung, die Kurve!
"Adobe Flash Player ActiveX" = Adobe Flash Player 10 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 10 Plugin
"Adobe Shockwave Player" = Adobe Shockwave Player 11.5
"Agere Systems Soft Modem" = Agere Systems HDA Modem
"Akamai" = Akamai NetSession Interface
"AntiVir PersonalEdition Classic" = Avira AntiVir Personal - Free Antivirus
"AskSBar Uninstall" = Ask Toolbar
"AVMFBox" = AVM FRITZ!Box Dokumentation
"AVMFBoxPrinter" = AVM FRITZ!Box Druckeranschluss
"Canon MX850 series Benutzerregistrierung" = Canon MX850 series Benutzerregistrierung
"DivX Plus DirectShow Filters" = DivX Plus DirectShow Filters
"EADM" = EA Download Manager
"Explorer Suite_is1" = Explorer Suite III
"ffdshow_is1" = ffdshow [rev 3154] [2009-12-09]
"Free Audio CD Burner_is1" = Free Audio CD Burner version 1.4.7
"Free YouTube to MP3 Converter_is1" = Free YouTube to MP3 Converter version 3.9.34.305
"FUSSBALL MANAGER 10" = FUSSBALL MANAGER 10
"HaaliMkx" = Haali Media Splitter
"HOMESTUDENTR" = Microsoft Office Home and Student 2007
"HP Solution Center & Imaging Support Tools" = HP Solution Center 8.0
"HPOCR" = HP OCR Software 8.0
"Malwarebytes' Anti-Malware_is1" = Malwarebytes' Anti-Malware
"Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1
"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile
"Microsoft .NET Framework 4 Extended" = Microsoft .NET Framework 4 Extended
"Mozilla Firefox (3.6.16)" = Mozilla Firefox (3.6.16)
"Next Generation Graphic Patch Update" = Next Generation Graphic Patch Update
"NVIDIA Drivers" = NVIDIA Drivers
"PokerStars" = PokerStars
"PPStream" = PPStream
"SopCast" = SopCast 3.2.4
"Steinberg Cubase SX v3.1.1.944" = Steinberg Cubase SX v3.1.1.944
"SyncroSoft Emu" = SyncroSoft Emu (Remove only)
"Syncrosoft's License Control" = Syncrosofts Lizenz Kontrolle
"SystemRequirementsLab" = System Requirements Lab
"The Magic Fireplace Screensaver 1.4_is1" = The Magic Fireplace Screensaver 1.4
"TVAnts 1.0" = TVAnts 1.0
"TVersity Codec Pack" = TVersity Codec Pack 1.4
"TVersity Media Server" = TVersity Media Server 1.9.2
"TVUPlayer" = TVUPlayer 2.5.2.2
"Uninstall_is1" = Uninstall 1.0.0.1
"Veetle TV" = Veetle TV 0.9.18
"VLC media player" = VLC media player 1.0.1
"Vuze" = Vuze
"Wave Editor_is1" = Wave Editor 3.1.0.0
"Winamp" = Winamp
"WinLiveSuite_Wave3" = Windows Live Essentials
"WinRAR archiver" = WinRAR archiver
"WORD" = Microsoft Office Word 2007
"World Series of Poker 2008" = World Series of Poker 2008: Battle for the Bracelets
"YDKJV2" = YOU DON'T KNOW JACK Volume 2
"You Don't Know Jack 4" = You Don't Know Jack 4 1.00
"Zatacka_is1" = Zatacka 0.1.7
========== Last 10 Event Log Errors ==========
[ Application Events ]
Error - 19.12.2010 12:52:34 | Computer Name = Basti-PC | Source = Application Error | ID = 1000
Description = Fehlerhafte Anwendung explorer.exe, Version 6.0.6001.18164, Zeitstempel
0x4907e242, fehlerhaftes Modul TosBtShell.dll_unloaded, Version 0.0.0.0, Zeitstempel
0x45b456f8, Ausnahmecode 0xc0000005, Fehleroffset 0x03a84730, Prozess-ID 0xe78,
Anwendungsstartzeit 01cb9f9bf1b11553.
Error - 19.12.2010 14:49:54 | Computer Name = Basti-PC | Source = Application Error | ID = 1000
Description = Fehlerhafte Anwendung Explorer.EXE, Version 6.0.6001.18164, Zeitstempel
0x4907e242, fehlerhaftes Modul TosBtShell.dll_unloaded, Version 0.0.0.0, Zeitstempel
0x45b456f8, Ausnahmecode 0xc0000005, Fehleroffset 0x079a4733, Prozess-ID 0xca4,
Anwendungsstartzeit 01cb9f8737b6daa7.
Error - 19.12.2010 15:02:54 | Computer Name = Basti-PC | Source = Application Error | ID = 1000
Description = Fehlerhafte Anwendung Explorer.EXE, Version 6.0.6001.18164, Zeitstempel
0x4907e242, fehlerhaftes Modul TosBtShell.dll_unloaded, Version 0.0.0.0, Zeitstempel
0x45b456f8, Ausnahmecode 0xc0000005, Fehleroffset 0x08884730, Prozess-ID 0x1338,
Anwendungsstartzeit 01cb9fad89e9cdb8.
Error - 01.01.2011 16:28:10 | Computer Name = Basti-PC | Source = Application Error | ID = 1000
Description = Fehlerhafte Anwendung MGSysCtrl.exe, Version 1.2.9.0, Zeitstempel
0x46e10001, fehlerhaftes Modul unknown, Version 0.0.0.0, Zeitstempel 0x00000000,
Ausnahmecode 0xc0000005, Fehleroffset 0x00000000, Prozess-ID 0xd58, Anwendungsstartzeit
01cba9d5d1220cd6.
Error - 04.01.2011 13:50:18 | Computer Name = Basti-PC | Source = Application Error | ID = 1000
Description = Fehlerhafte Anwendung MGSysCtrl.exe, Version 1.2.9.0, Zeitstempel
0x46e10001, fehlerhaftes Modul unknown, Version 0.0.0.0, Zeitstempel 0x00000000,
Ausnahmecode 0xc0000005, Fehleroffset 0x00000000, Prozess-ID 0xf50, Anwendungsstartzeit
01cbac19603d732f.
Error - 11.02.2011 15:04:10 | Computer Name = Basti-PC | Source = Application Error | ID = 1000
Description = Fehlerhafte Anwendung cledx.exe, Version 0.3.1412.777, Zeitstempel
0x427ec9c6, fehlerhaftes Modul unknown, Version 0.0.0.0, Zeitstempel 0x00000000,
Ausnahmecode 0xc0000005, Fehleroffset 0x004605d2, Prozess-ID 0x678, Anwendungsstartzeit
01cbca1e3cf7025a.
Error - 11.02.2011 15:21:26 | Computer Name = Basti-PC | Source = MsiInstaller | ID = 10005
Description =
Error - 11.02.2011 15:21:26 | Computer Name = Basti-PC | Source = MsiInstaller | ID = 10005
Description =
Error - 10.03.2011 05:09:23 | Computer Name = Basti-PC | Source = Application Error | ID = 1000
Description = Fehlerhafte Anwendung cledx.exe, Version 0.3.1412.777, Zeitstempel
0x427ec9c6, fehlerhaftes Modul unknown, Version 0.0.0.0, Zeitstempel 0x00000000,
Ausnahmecode 0xc0000005, Fehleroffset 0x004605d2, Prozess-ID 0xf14, Anwendungsstartzeit
01cbdf02cd57eb7f.
Error - 27.03.2011 13:01:29 | Computer Name = Basti-PC | Source = Application Hang | ID = 1002
Description = Programm SETUP.EXE, Version 1.3.0.60 arbeitet nicht mehr mit Windows
zusammen und wurde beendet. Überprüfen Sie den Problemverlauf im Applet "Lösungen
für Probleme" in der Systemsteuerung, um nach weiteren Informationen über das Problem
zu suchen. Prozess-ID: 548 Anfangszeit: 01cbec9fc7cbe1ac Zeitpunkt der Beendigung:
0
[ Media Center Events ]
Error - 18.08.2010 14:28:43 | Computer Name = Basti-PC | Source = Mcx2Dvcs | ID = 401
Description =
Error - 18.08.2010 14:35:02 | Computer Name = Basti-PC | Source = McrMgr | ID = 107
Description =
Error - 24.08.2010 07:10:09 | Computer Name = Basti-PC | Source = McrMgr | ID = 107
Description =
Error - 24.08.2010 07:18:24 | Computer Name = Basti-PC | Source = McrMgr | ID = 108
Description =
Error - 24.08.2010 07:18:24 | Computer Name = Basti-PC | Source = McrMgr | ID = 108
Description =
Error - 24.08.2010 07:18:39 | Computer Name = Basti-PC | Source = McrMgr | ID = 100
Description =
Error - 24.08.2010 07:18:39 | Computer Name = Basti-PC | Source = McrMgr | ID = 107
Description =
[ System Events ]
Error - 09.12.2009 12:26:04 | Computer Name = Basti-PC | Source = HTTP | ID = 15016
Description =
Error - 10.12.2009 12:58:37 | Computer Name = Basti-PC | Source = HTTP | ID = 15016
Description =
Error - 10.12.2009 16:48:17 | Computer Name = Basti-PC | Source = DCOM | ID = 10010
Description =
Error - 11.12.2009 08:39:29 | Computer Name = Basti-PC | Source = HTTP | ID = 15016
Description =
Error - 11.12.2009 09:06:37 | Computer Name = Basti-PC | Source = DCOM | ID = 10010
Description =
Error - 11.12.2009 09:09:25 | Computer Name = Basti-PC | Source = HTTP | ID = 15016
Description =
Error - 12.12.2009 07:18:20 | Computer Name = Basti-PC | Source = HTTP | ID = 15016
Description =
Error - 12.12.2009 11:42:49 | Computer Name = Basti-PC | Source = HTTP | ID = 15016
Description =
Error - 14.12.2009 02:35:30 | Computer Name = Basti-PC | Source = HTTP | ID = 15016
Description =
Error - 14.12.2009 10:37:16 | Computer Name = Basti-PC | Source = EventLog | ID = 6008
Description = Das System wurde zuvor am 14.12.2009 um 08:49:03 unerwartet heruntergefahren.
< End of report >
C:\ProgramData\UEBeSifOsb.exe C:\Users\Basti\AppData\Local\d3d9caps.dat C:\Users\Basti\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini C:\ProgramData\ezsidmv.dat Bekomme außerdem ab und zu eine Meldung von Antivir, dass eine 40230664.exe zugreifen möchte. Bin über jede Hilfe dankbar! Vielen Dank im Voraus! |
|
21.04.2011, 07:24
| #2 | |||
| /// Helfer-Team    | tr/kazy.mekml.1 Hallo und Herzlich Willkommen!
__________________ Bevor wir unsere Zusammenarbeit beginnen, [Bitte Vollständig lesen]: Zitat:
Zitat:
Für Vista und Win7: Wichtig: Alle Befehle bitte als Administrator ausführen! rechte Maustaste auf die Eingabeaufforderung und "als Administrator ausführen" auswählen 1. Fixen mit OTL
Code:
ATTFilter :OTL
PRC - [2011.04.21 02:45:48 | 000,569,344 | -H-- | M] (WinTrust) -- C:\ProgramData\UEBeSifOsb.exe
O2 - BHO: (Ask Toolbar BHO) - {F0D4B231-DA4B-4daf-81E4-DFEE4931A4AA} - C:\Programme\AskSBar\bar\1.bin\ASKSBAR.DLL (Ask.com)
O3 - HKLM\..\Toolbar: (Ask Toolbar) - {F0D4B239-DA4B-4daf-81E4-DFEE4931A4AA} - C:\Programme\AskSBar\bar\1.bin\ASKSBAR.DLL (Ask.com)
O3 - HKCU\..\Toolbar\WebBrowser: (Ask Toolbar) - {F0D4B239-DA4B-4DAF-81E4-DFEE4931A4AA} - C:\Programme\AskSBar\bar\1.bin\ASKSBAR.DLL (Ask.com)
O4 - HKCU..\Run: [Smart Antivirus-2009.exe] File not found
:Files
C:\ProgramData\UEBeSifOsb.exe
:Commands
[purity]
[emptytemp]
2. Hast du den Rechner bereits auf Viren überprüft? Folgende Ergebnisse möchte ich noch sehen: Code:
ATTFilter Malwarebytes
→ Lade Dir HJTscanlist.zip herunter → entpacke die Datei auf deinem Desktop → Bei WindowsXP Home musst vor dem Scan zusätzlich tasklist.zip installieren → per Doppelklick starten → Wähle dein Betriebsystem aus - bei Win7 wähle Vista → Wenn Du gefragt wirst, die Option "Einstellung" (1) - scanlist" wählen → Nach kurzer Zeit sollte sich Dein Editor öffnen und die Datei hjtscanlist.txt präsentieren → Bitte kopiere den Inhalt hier in Deinen Thread. ** Falls es klappt auf einmal nicht, kannst den Text in mehrere Teile teilen und so posten 4. Ich würde gerne noch all deine installierten Programme sehen: Lade dir das Tool Ccleaner herunter → Download installieren (Software-Lizenzvereinbarung lesen, falls angeboten wird "Füge CCleaner Yahoo! Toolbar hinzu" abwählen)→ starten→ falls nötig - unter Options settings-> "german" einstellen dann klick auf "Extra (um die installierten Programme auch anzuzeigen)→ weiter auf "Als Textdatei speichern..." wird eine Textdatei (*.txt) erstellt, kopiere dazu den Inhalt und füge ihn da ein Zitat:
** Möglichst nicht ins internet gehen, kein Online-Banking, File-sharing, Chatprogramme usw grußCoverflow
__________________ |
|
21.04.2011, 14:13
| #3 |
| | tr/kazy.mekml.1 Vielen Dank für die schnelle Hilfe!
__________________Das hat OTL nach dem Neustart ausgespuckt: Code:
ATTFilter All processes killed
========== OTL ==========
No active process named UEBeSifOsb.exe was found!
Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{F0D4B231-DA4B-4daf-81E4-DFEE4931A4AA}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{F0D4B231-DA4B-4daf-81E4-DFEE4931A4AA}\ deleted successfully.
C:\Programme\AskSBar\bar\1.bin\ASKSBAR.DLL moved successfully.
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Toolbar\\{F0D4B239-DA4B-4daf-81E4-DFEE4931A4AA} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{F0D4B239-DA4B-4daf-81E4-DFEE4931A4AA}\ deleted successfully.
File C:\Programme\AskSBar\bar\1.bin\ASKSBAR.DLL not found.
Registry value HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{F0D4B239-DA4B-4DAF-81E4-DFEE4931A4AA} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{F0D4B239-DA4B-4DAF-81E4-DFEE4931A4AA}\ not found.
File C:\Programme\AskSBar\bar\1.bin\ASKSBAR.DLL not found.
Registry value HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run\\Smart Antivirus-2009.exe deleted successfully.
========== FILES ==========
File move failed. C:\ProgramData\UEBeSifOsb.exe scheduled to be moved on reboot.
========== COMMANDS ==========
[EMPTYTEMP]
User: All Users
User: Basti
->Temp folder emptied: 712105557 bytes
->Temporary Internet Files folder emptied: 176970532 bytes
->Java cache emptied: 102291907 bytes
->FireFox cache emptied: 107793376 bytes
->Flash cache emptied: 11451304 bytes
User: Default
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 33170 bytes
User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
User: Mcx1
->Temp folder emptied: 28876 bytes
->Temporary Internet Files folder emptied: 365997 bytes
User: Public
%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 173919 bytes
%systemroot%\System32 .tmp files removed: 1249280 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 1793720513 bytes
RecycleBin emptied: 1576716085 bytes
Total Files Cleaned = 4.275,00 mb
OTL by OldTimer - Version 3.2.22.3 log created on 04212011_150201
Files\Folders moved on Reboot...
File\Folder C:\ProgramData\UEBeSifOsb.exe not found!
Registry entries deleted on Reboot...
|
|
21.04.2011, 15:57
| #4 |
| | tr/kazy.mekml.1 So, hier das Malwarebytes-Ergebnis: Code:
ATTFilter Malwarebytes' Anti-Malware 1.50.1.1100
www.malwarebytes.org
Datenbank Version: 6412
Windows 6.0.6001 Service Pack 1
Internet Explorer 7.0.6001.18000
21.04.2011 16:55:50
mbam-log-2011-04-21 (16-55-50).txt
Art des Suchlaufs: Vollständiger Suchlauf (C:\|D:\|)
Durchsuchte Objekte: 316703
Laufzeit: 1 Stunde(n), 24 Minute(n), 23 Sekunde(n)
Infizierte Speicherprozesse: 0
Infizierte Speichermodule: 0
Infizierte Registrierungsschlüssel: 3
Infizierte Registrierungswerte: 1
Infizierte Dateiobjekte der Registrierung: 0
Infizierte Verzeichnisse: 0
Infizierte Dateien: 3
Infizierte Speicherprozesse:
(Keine bösartigen Objekte gefunden)
Infizierte Speichermodule:
(Keine bösartigen Objekte gefunden)
Infizierte Registrierungsschlüssel:
HKEY_CURRENT_USER\SOFTWARE\Smart Antivirus 2009 (Rogue.SmartAntiVirus) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\contim (Trojan.Vundo) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\rdfa (Trojan.Vundo) -> Quarantined and deleted successfully.
Infizierte Registrierungswerte:
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\cmds (Malware.Trace) -> Value: cmds -> Quarantined and deleted successfully.
Infizierte Dateiobjekte der Registrierung:
(Keine bösartigen Objekte gefunden)
Infizierte Verzeichnisse:
(Keine bösartigen Objekte gefunden)
Infizierte Dateien:
d:\downloads\programme\Download\cryptload\ocr\netload.in\asmcaptcha\test.exe (Malware.Packer) -> Not selected for removal.
d:\downloads\programme\Download\cryptload\router\fritz!box\nc.exe (PUP.KeyLogger) -> Not selected for removal.
c:\Users\Basti\AppData\Roaming\microsoft\internet explorer\quick launch\smart antivirus-2009.lnk (Rogue.SmartAntiVirus) -> Quarantined and deleted successfully.
und schließlich noch die hjtscanlist: Code:
ATTFilter
$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$
º º
hjtscanlist v2.0
º º
$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$
Microsoft Windows [Version 6.0.6001]
C:
C:\pagefile.sys ---------
21.04.2011 15:06 C:\Windows --------- 28672
21.04.2011 15:03 C:\ProgramData --------- 8192
21.04.2011 03:22 C:\Program Files --------- 24576
20.04.2011 16:04 C:\System Volume Information --------- 16384
14.04.2011 03:35 C:\Config.Msi --------- 0
18.08.2010 20:29 C:\Users --------- 4096
03.02.2010 17:56 C:\IO.SYS --------- 0
03.02.2010 17:56 C:\MSDOS.SYS --------- 0
09.03.2009 15:30 C:\NVIDIA --------- 0
28.11.2008 02:45 C:\Boot --------- 4096
28.11.2008 02:35 C:\PerfLogs --------- 0
28.11.2008 02:10 C:\16b0a3b01fc182f98d3a611bb32fd9 --------- 0
30.08.2008 14:28 C:\test.log --------- 54178
04.07.2008 17:25 C:\$Recycle.Bin --------- 4096
04.07.2008 17:23 C:\Programme --------- 0
04.07.2008 17:23 C:\Dokumente und Einstellungen --------- 0
09.05.2008 01:22 C:\aol --------- 0
09.05.2008 01:20 C:\RECYCLER --------- 0
19.01.2008 00:45 C:\bootmgr --------- 333203
02.09.2007 08:31 C:\MSOCache --------- 0
02.09.2007 07:45 C:\deviceInfo.txt --------- 14469
02.09.2007 07:02 C:\Intel --------- 0
02.09.2007 00:02 C:\BOOTSECT.BAK --------- 8192
02.11.2006 15:02 C:\Documents and Settings --------- 0
18.09.2006 23:43 C:\config.sys --------- 10
18.09.2006 23:43 C:\autoexec.bat --------- 24
01.01.2005 01:07 C:\Bios --------- 0
----------------------------------------
C:\Windows
21.04.2011 17:04 C:\Windows\bootstat.dat --------- 67584
21.04.2011 17:08 C:\Windows\WindowsUpdate.log --------- 1117149
21.04.2011 02:48 C:\Windows\PFRO.log --------- 90638
01.04.2011 01:09 C:\Windows\setupact.log --------- 33883
16.11.2010 14:23 C:\Windows\win.ini --------- 179
15.10.2010 22:09 C:\Windows\ie8_main.log --------- 2067
09.03.2010 16:08 C:\Windows\hpoins19.dat --------- 164193
09.03.2010 15:49 C:\Windows\DPINST.LOG --------- 56122
25.11.2009 18:01 C:\Windows\msxml4-KB973688-enu.LOG --------- 271828
14.11.2009 21:28 C:\Windows\DirectX.log --------- 385630
11.04.2009 16:49 C:\Windows\psnetwork.ini --------- 829
11.04.2009 16:49 C:\Windows\powerplayer.ini --------- 412
11.04.2009 16:49 C:\Windows\msgtn.ini --------- 13
11.04.2009 16:04 C:\Windows\powerlist.ini --------- 20
02.03.2009 19:41 C:\Windows\DIFxAPI.dll --------- 319456
18.02.2009 22:21 C:\Windows\avmsysnet.log --------- 107
18.02.2009 22:18 C:\Windows\avmadd321.log --------- 2536
18.02.2009 22:18 C:\Windows\avmadd32.log --------- 2840
28.11.2008 02:45 C:\Windows\WindowsShell.Manifest --------- 749
28.11.2008 02:43 C:\Windows\DtcInstall.log --------- 3297
28.11.2008 02:23 C:\Windows\SPInstall.etl --------- 196608
14.11.2008 04:00 C:\Windows\msxml4-KB954430-enu.LOG --------- 281072
29.10.2008 08:29 C:\Windows\explorer.exe --------- 2927104
04.07.2008 23:20 C:\Windows\TSSysprep.log --------- 3540
19.01.2008 00:33 C:\Windows\regedit.exe --------- 134656
19.01.2008 00:33 C:\Windows\notepad.exe --------- 151040
19.01.2008 00:33 C:\Windows\HelpPane.exe --------- 498176
19.01.2008 00:33 C:\Windows\fveupdate.exe --------- 13312
19.01.2008 00:33 C:\Windows\bfsvc.exe --------- 58880
02.09.2007 19:40 C:\Windows\bcdtmp.cmd --------- 165
02.09.2007 08:02 C:\Windows\csup.txt --------- 10
02.09.2007 07:20 C:\Windows\HideWin.exe --------- 315392
02.09.2007 06:54 C:\Windows\msxml4-KB936181-deu.LOG --------- 411380
13.03.2007 21:50 C:\Windows\hpomdl19.dat --------- 26952
02.01.2007 18:27 C:\Windows\Twunk_16.dll --------- 12288
02.01.2007 18:27 C:\Windows\Twunk_32.dll --------- 12288
02.11.2006 14:52 C:\Windows\setuperr.log --------- 0
02.11.2006 14:47 C:\Windows\SETUPAPI.LOG --------- 94
02.11.2006 14:35 C:\Windows\WMSysPr9.prx --------- 316640
02.11.2006 14:34 C:\Windows\twunk_16.exe --------- 49680
02.11.2006 14:34 C:\Windows\twunk_32.exe --------- 31232
02.11.2006 14:34 C:\Windows\twain_32.dll --------- 50688
02.11.2006 14:34 C:\Windows\twain.dll --------- 94784
02.11.2006 11:45 C:\Windows\winhlp32.exe --------- 9216
02.11.2006 11:45 C:\Windows\hh.exe --------- 14848
02.11.2006 09:46 C:\Windows\mib.bin --------- 43131
26.10.2006 07:08 C:\Windows\agrsmdel.exe --------- 50752
19.09.2006 13:41 C:\Windows\HomePremium.xml --------- 8328
18.09.2006 23:46 C:\Windows\system.ini --------- 219
18.09.2006 23:43 C:\Windows\_default.pif --------- 707
18.09.2006 23:43 C:\Windows\winhelp.exe --------- 256192
18.09.2006 23:30 C:\Windows\msdfmap.ini --------- 1405
11.12.2002 20:11 C:\Windows\WMPrfDEU.prx --------- 33820
----------------------------------------
C:\Windows\System
02.11.2006 14:34 C:\Windows\System\mciseq.drv --------- 25264
02.11.2006 14:34 C:\Windows\System\mciwave.drv --------- 28160
02.11.2006 14:34 C:\Windows\System\avifile.dll --------- 109456
02.11.2006 14:34 C:\Windows\System\avicap.dll --------- 69584
02.11.2006 14:34 C:\Windows\System\mciavi.drv --------- 73376
02.11.2006 14:34 C:\Windows\System\msvideo.dll --------- 126912
02.11.2006 09:10 C:\Windows\System\OLESVR.DLL --------- 24064
02.11.2006 09:10 C:\Windows\System\WFWNET.DRV --------- 12704
02.11.2006 09:10 C:\Windows\System\COMMDLG.DLL --------- 32816
02.11.2006 09:10 C:\Windows\System\TIMER.DRV --------- 4048
02.11.2006 09:10 C:\Windows\System\MMSYSTEM.DLL --------- 68992
02.11.2006 09:10 C:\Windows\System\mmtask.tsk --------- 1152
02.11.2006 09:10 C:\Windows\System\mouse.drv --------- 2032
02.11.2006 09:10 C:\Windows\System\vga.drv --------- 2176
02.11.2006 09:10 C:\Windows\System\sound.drv --------- 1744
02.11.2006 09:10 C:\Windows\System\keyboard.drv --------- 2000
02.11.2006 09:10 C:\Windows\System\SHELL.DLL --------- 5120
02.11.2006 09:10 C:\Windows\System\system.drv --------- 3360
18.09.2006 23:43 C:\Windows\System\ver.dll --------- 9008
18.09.2006 23:43 C:\Windows\System\olecli.dll --------- 82944
18.09.2006 23:43 C:\Windows\System\lzexpand.dll --------- 9936
18.09.2006 23:35 C:\Windows\System\stdole.tlb --------- 5532
----------------------------------------
C:\Windows\System32
21.04.2011 17:04 C:\Windows\system32\TVersityMediaServer.log --------- 485
21.04.2011 17:04 C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0 --------- 3168
21.04.2011 17:04 C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0 --------- 3168
21.04.2011 17:03 C:\Windows\system32\drivers --------- 65536
14.04.2011 03:37 C:\Windows\system32\FNTCACHE.DAT --------- 363352
14.04.2011 03:17 C:\Windows\system32\catroot --------- 4096
14.04.2011 03:17 C:\Windows\system32\catroot2 --------- 8192
14.04.2011 03:07 C:\Windows\system32\perfh009.dat --------- 631636
14.04.2011 03:07 C:\Windows\system32\perfc009.dat --------- 118262
14.04.2011 03:07 C:\Windows\system32\perfh007.dat --------- 670934
14.04.2011 03:07 C:\Windows\system32\perfc007.dat --------- 143888
14.04.2011 03:07 C:\Windows\system32\PerfStringBackup.INI --------- 1581174
14.04.2011 03:03 C:\Windows\system32\mrt.exe --------- 39828936
27.03.2011 19:01 C:\Windows\system32\CanonIJ Uninstaller Information --------- 0
10.03.2011 18:12 C:\Windows\system32\mfc42u.dll --------- 1161728
10.03.2011 18:12 C:\Windows\system32\mfc42.dll --------- 1136640
03.03.2011 17:00 C:\Windows\system32\inetcomm.dll --------- 738816
03.03.2011 14:53 C:\Windows\system32\win32k.sys --------- 2040832
02.03.2011 16:49 C:\Windows\system32\dnsrslvr.dll --------- 86528
02.03.2011 16:49 C:\Windows\system32\dnsapi.dll --------- 167936
18.02.2011 17:48 C:\Windows\system32\wininet.dll --------- 833024
18.02.2011 17:48 C:\Windows\system32\urlmon.dll --------- 1174528
18.02.2011 17:47 C:\Windows\system32\occache.dll --------- 146432
18.02.2011 17:46 C:\Windows\system32\mstime.dll --------- 671232
18.02.2011 17:45 C:\Windows\system32\mshtmled.dll --------- 476672
18.02.2011 17:45 C:\Windows\system32\mshtml.dll --------- 3592704
18.02.2011 17:45 C:\Windows\system32\msfeeds.dll --------- 467456
18.02.2011 17:45 C:\Windows\system32\jsproxy.dll --------- 28160
18.02.2011 17:45 C:\Windows\system32\iertutil.dll --------- 270848
18.02.2011 17:45 C:\Windows\system32\iepeers.dll --------- 193024
18.02.2011 17:45 C:\Windows\system32\ieframe.dll --------- 6078464
18.02.2011 17:45 C:\Windows\system32\ieencode.dll --------- 78336
18.02.2011 17:45 C:\Windows\system32\iedkcs32.dll --------- 389120
18.02.2011 17:45 C:\Windows\system32\ieapfltr.dll --------- 380928
18.02.2011 17:45 C:\Windows\system32\ieaksie.dll --------- 230400
18.02.2011 16:09 C:\Windows\system32\html.iec --------- 389632
18.02.2011 15:48 C:\Windows\system32\mshtml.tlb --------- 1383424
16.02.2011 17:35 C:\Windows\system32\vbscript.dll --------- 430080
16.02.2011 17:32 C:\Windows\system32\jscript.dll --------- 512000
16.02.2011 17:29 C:\Windows\system32\atmlib.dll --------- 34304
16.02.2011 15:24 C:\Windows\system32\atmfd.dll --------- 292864
02.02.2011 18:11 C:\Windows\system32\MpSigStub.exe --------- 222080
21.01.2011 17:46 C:\Windows\system32\shlwapi.dll --------- 351744
21.01.2011 17:46 C:\Windows\system32\shell32.dll --------- 11582464
29.12.2010 19:41 C:\Windows\system32\sbeio.dll --------- 153088
29.12.2010 19:41 C:\Windows\system32\sbe.dll --------- 323072
29.12.2010 19:41 C:\Windows\system32\EncDec.dll --------- 429056
29.12.2010 19:39 C:\Windows\system32\mpg2splt.ax --------- 177664
28.12.2010 16:57 C:\Windows\system32\odbc32.dll --------- 409600
17.12.2010 18:43 C:\Windows\system32\mstscax.dll --------- 2067456
17.12.2010 17:06 C:\Windows\system32\mstsc.exe --------- 677888
16.12.2010 04:04 C:\Windows\system32\de-DE --------- 188416
14.12.2010 17:49 C:\Windows\system32\sdclt.exe --------- 1169408
06.11.2010 13:10 C:\Windows\system32\wmicmiplugin.dll --------- 345088
06.11.2010 13:10 C:\Windows\system32\taskschd.dll --------- 357376
06.11.2010 13:10 C:\Windows\system32\taskcomp.dll --------- 270336
06.11.2010 13:09 C:\Windows\system32\schedsvc.dll --------- 603648
05.11.2010 02:53 C:\Windows\system32\taskeng.exe --------- 171520
28.10.2010 14:56 C:\Windows\system32\tzres.dll --------- 2048
18.10.2010 16:01 C:\Windows\system32\consent.exe --------- 81920
17.10.2010 02:01 C:\Windows\system32\Tasks --------- 4096
15.10.2010 16:08 C:\Windows\system32\ntoskrnl.exe --------- 3548048
15.10.2010 16:08 C:\Windows\system32\ntkrnlpa.exe --------- 3600272
15.10.2010 15:48 C:\Windows\system32\ntdll.dll --------- 1205080
15.10.2010 05:38 C:\Windows\system32\autopart.opt --------- 151
14.10.2010 23:53 C:\Windows\system32\en-US --------- 4096
24.09.2010 18:15 C:\Windows\system32\TVUAx --------- 4096
10.09.2010 20:18 C:\Windows\system32\wmp.dll --------- 10626560
10.09.2010 18:37 C:\Windows\system32\wmploc.DLL --------- 8147456
06.09.2010 18:24 C:\Windows\system32\srvsvc.dll --------- 125952
06.09.2010 18:23 C:\Windows\system32\netevent.dll --------- 17920
31.08.2010 17:41 C:\Windows\system32\mfc40u.dll --------- 954288
31.08.2010 17:41 C:\Windows\system32\mfc40.dll --------- 954752
31.08.2010 17:40 C:\Windows\system32\comctl32.dll --------- 531968
26.08.2010 18:07 C:\Windows\system32\t2embed.dll --------- 157184
20.08.2010 17:21 C:\Windows\system32\wmpmde.dll --------- 866816
18.08.2010 20:28 C:\Windows\system32\GroupPolicy --------- 0
17.08.2010 15:32 C:\Windows\system32\spoolsv.exe --------- 126464
15.08.2010 19:23 C:\Windows\system32\jupdate-1.6.0_21-b07.log --------- 6339
10.08.2010 17:02 C:\Windows\system32\schannel.dll --------- 274432
17.07.2010 05:00 C:\Windows\system32\javaws.exe --------- 153376
17.07.2010 05:00 C:\Windows\system32\javaw.exe --------- 145184
17.07.2010 05:00 C:\Windows\system32\java.exe --------- 145184
17.07.2010 05:00 C:\Windows\system32\deployJava1.dll --------- 423656
28.06.2010 18:15 C:\Windows\system32\ole32.dll --------- 1315840
18.06.2010 18:43 C:\Windows\system32\rtutils.dll --------- 36352
16.06.2010 17:12 C:\Windows\system32\fontsub.dll --------- 72704
13.06.2010 08:38 C:\Windows\system32\wbem --------- 61440
11.06.2010 17:30 C:\Windows\system32\msxml3.dll --------- 1257472
06.06.2010 19:04 C:\Windows\system32\Adobe --------- 0
27.05.2010 21:16 C:\Windows\system32\iccvid.dll --------- 81920
04.05.2010 20:39 C:\Windows\system32\msshsq.dll --------- 248832
04.05.2010 18:53 C:\Windows\system32\ieUnatt.exe --------- 26624
16.04.2010 23:12 C:\Windows\system32\sirenacm.dll --------- 48464
16.04.2010 18:10 C:\Windows\system32\usp10.dll --------- 501760
16.04.2010 18:10 C:\Windows\system32\quartz.dll --------- 1314816
05.04.2010 18:08 C:\Windows\system32\MP4SDECD.DLL --------- 317952
05.04.2010 18:07 C:\Windows\system32\asycfilt.dll --------- 67072
18.03.2010 16:47 C:\Windows\system32\aspnet_counters.dll --------- 17760
18.03.2010 13:16 C:\Windows\system32\msvcr100_clr0400.dll --------- 771424
----------------------------------------
C:\Windows\Prefetch
----------------------------------------
C:\Windows\Tasks
21.04.2011 17:04 C:\Windows\Tasks\SA.DAT --------- 6
21.04.2011 17:03 C:\Windows\Tasks\SCHEDLGU.TXT --------- 32606
21.04.2011 15:29 C:\Windows\Tasks\User_Feed_Synchronization-{8D3263E7-530E-4AF9-89AC-C8AF1A32D293}.job --------- 418
----------------------------------------
C:\Windows\Temp
----------------------------------------
C:\Users\Basti\AppData\Local\Temp
21.04.2011 17:09 C:\Users\Basti\AppData\Local\Temp\jusched.log --------- 302
21.04.2011 17:07 C:\Users\Basti\AppData\Local\Temp\plugtmp-1 --------- 4096
21.04.2011 17:06 C:\Users\Basti\AppData\Local\Temp\fla7BB0.tmp --------- 25473715
21.04.2011 17:04 C:\Users\Basti\AppData\Local\Temp\WPDNSE --------- 0
21.04.2011 17:04 C:\Users\Basti\AppData\Local\Temp\~DF72B.tmp --------- 212992
21.04.2011 17:04 C:\Users\Basti\AppData\Local\Temp\Basti.bmp --------- 31832
21.04.2011 17:04 C:\Users\Basti\AppData\Local\Temp\~DF1B9E.tmp --------- 49152
21.04.2011 17:04 C:\Users\Basti\AppData\Local\Temp\ArmUI.ini --------- 148526
21.04.2011 17:02 C:\Users\Basti\AppData\Local\Temp\plugtmp --------- 0
21.04.2011 15:13 C:\Users\Basti\AppData\Local\Temp\~DF1D27.tmp --------- 81920
21.04.2011 15:10 C:\Users\Basti\AppData\Local\Temp\tosBtExt --------- 0
21.04.2011 15:10 C:\Users\Basti\AppData\Local\Temp\AdobeARM.log --------- 1526
21.04.2011 15:09 C:\Users\Basti\AppData\Local\Temp\MessengerCache --------- 0
21.04.2011 15:09 C:\Users\Basti\AppData\Local\Temp\~DFB3DA.tmp --------- 212992
21.04.2011 15:09 C:\Users\Basti\AppData\Local\Temp\~DFCCB0.tmp --------- 49152
----------------------------------------
C:\Program Files
21.04.2011 03:22 C:\Program Files\Malwarebytes' Anti-Malware --------- 4096
14.04.2011 03:34 C:\Program Files\Internet Explorer --------- 4096
27.03.2011 19:06 C:\Program Files\Canon --------- 0
27.03.2011 18:55 C:\Program Files\CanonBJ --------- 0
24.03.2011 17:05 C:\Program Files\Mozilla Firefox --------- 40960
11.03.2011 00:42 C:\Program Files\DVDVideoSoft --------- 0
11.03.2011 00:42 C:\Program Files\Common Files --------- 4096
08.03.2011 12:01 C:\Program Files\Adobe --------- 0
02.01.2011 03:22 C:\Program Files\WBFS --------- 0
16.12.2010 05:45 C:\Program Files\Windows Mail --------- 4096
15.10.2010 03:24 C:\Program Files\Windows Media Player --------- 4096
14.10.2010 23:53 C:\Program Files\Microsoft.NET --------- 0
03.10.2010 19:43 C:\Program Files\InstallShield Installation Information --------- 4096
17.09.2010 15:30 C:\Program Files\AC3Filter --------- 4096
17.09.2010 15:30 C:\Program Files\Haali --------- 0
25.08.2010 10:43 C:\Program Files\ffdshow --------- 8192
25.08.2010 10:37 C:\Program Files\TVersity Codec Pack --------- 4096
15.08.2010 19:23 C:\Program Files\Java --------- 0
14.08.2010 19:00 C:\Program Files\Movie Maker --------- 4096
14.08.2010 14:44 C:\Program Files\Skype --------- 0
03.04.2010 20:03 C:\Program Files\TVUPlayer --------- 4096
03.04.2010 19:59 C:\Program Files\TVAnts --------- 4096
09.03.2010 23:06 C:\Program Files\SopCast --------- 4096
09.03.2010 16:02 C:\Program Files\HP --------- 4096
09.03.2010 16:00 C:\Program Files\Hewlett-Packard --------- 0
15.02.2010 17:20 C:\Program Files\QuickTime --------- 4096
15.02.2010 17:17 C:\Program Files\Apple Software Update --------- 4096
18.12.2009 16:52 C:\Program Files\The Magic Fireplace Screensaver 1.4 --------- 4096
16.12.2009 15:34 C:\Program Files\Microsoft Works --------- 16384
28.11.2009 13:39 C:\Program Files\Microsoft --------- 0
24.10.2009 11:58 C:\Program Files\Weight Watchers --------- 0
17.06.2009 12:03 C:\Program Files\OpenOffice.org 3 --------- 4096
17.06.2009 12:02 C:\Program Files\OpenOffice --------- 0
01.06.2009 18:19 C:\Program Files\Syncrosoft --------- 4096
12.05.2009 10:11 C:\Program Files\AVEO --------- 0
19.04.2009 12:09 C:\Program Files\Windows Live SkyDrive --------- 0
19.04.2009 12:08 C:\Program Files\Windows Live --------- 0
11.04.2009 16:05 C:\Program Files\PPStream --------- 4096
09.03.2009 15:36 C:\Program Files\AGEIA Technologies --------- 8192
09.03.2009 15:25 C:\Program Files\SystemRequirementsLab --------- 0
09.03.2009 10:30 C:\Program Files\Design Science --------- 0
06.03.2009 11:54 C:\Program Files\VideoLAN --------- 0
02.03.2009 19:54 C:\Program Files\DivX --------- 4096
02.03.2009 19:41 C:\Program Files\Realtek --------- 0
18.02.2009 22:19 C:\Program Files\FRITZDSL --------- 8192
18.02.2009 22:18 C:\Program Files\FRITZBox --------- 4096
18.02.2009 22:18 C:\Program Files\FRITZBoxPrint --------- 4096
28.11.2008 02:45 C:\Program Files\desktop.ini --------- 174
28.11.2008 02:38 C:\Program Files\Windows Calendar --------- 0
28.11.2008 02:38 C:\Program Files\Windows Sidebar --------- 4096
28.11.2008 02:38 C:\Program Files\Windows Collaboration --------- 4096
28.11.2008 02:38 C:\Program Files\Windows Journal --------- 4096
28.11.2008 02:38 C:\Program Files\Windows Photo Gallery --------- 4096
28.11.2008 02:37 C:\Program Files\Windows Defender --------- 4096
29.09.2008 16:56 C:\Program Files\Winamp --------- 4096
24.09.2008 19:38 C:\Program Files\AskSBar --------- 0
19.09.2008 19:14 C:\Program Files\Microsoft Xbox 360 Accessories --------- 4096
19.09.2008 16:24 C:\Program Files\Avira --------- 0
30.08.2008 14:12 C:\Program Files\DAEMON Tools --------- 4096
04.07.2008 17:23 C:\Program Files\Windows NT --------- 4096
04.07.2008 17:23 C:\Program Files\Gemeinsame Dateien --------- 0
02.09.2007 08:50 C:\Program Files\Microsoft Office --------- 4096
02.09.2007 08:28 C:\Program Files\CyberLink --------- 4096
02.09.2007 08:07 C:\Program Files\Toshiba --------- 0
02.09.2007 08:06 C:\Program Files\WinRAR 3.61 Multi --------- 4096
02.09.2007 07:37 C:\Program Files\System Control Manager --------- 4096
02.09.2007 07:02 C:\Program Files\Intel --------- 0
02.09.2007 06:51 C:\Program Files\MSXML 4.0 --------- 0
02.11.2006 15:01 C:\Program Files\Uninstall Information --------- 0
02.11.2006 14:37 C:\Program Files\Microsoft Games --------- 4096
02.11.2006 14:37 C:\Program Files\Reference Assemblies --------- 0
02.11.2006 14:37 C:\Program Files\MSBuild --------- 0
----------------------------------------
C:\ProgramData\..
Basti
Mcx1
Public
desktop.ini
Default
All Users
Default User
----------------------------------------
C:\Windows\system32\drivers\etc\hosts
127.0.0.1 localhost
::1 localhost
----------------------------------------
Abbildname PID Sitzungsname Sitz.-Nr. Speichernutzung
========================= ======== ================ =========== ===============
System Idle Process 0 Services 0 28 K
System 4 Services 0 4.336 K
smss.exe 564 Services 0 648 K
csrss.exe 724 Services 0 4.676 K
wininit.exe 776 Services 0 3.356 K
csrss.exe 788 Console 1 8.668 K
services.exe 820 Services 0 6.044 K
lsass.exe 832 Services 0 2.108 K
lsm.exe 840 Services 0 4.368 K
svchost.exe 992 Services 0 5.192 K
nvvsvc.exe 1036 Services 0 3.012 K
svchost.exe 1064 Services 0 4.952 K
winlogon.exe 1100 Console 1 4.680 K
svchost.exe 1136 Services 0 46.008 K
svchost.exe 1188 Services 0 10.596 K
svchost.exe 1216 Services 0 58.696 K
svchost.exe 1228 Services 0 24.396 K
audiodg.exe 1328 Services 0 10.440 K
SLsvc.exe 1360 Services 0 4.264 K
svchost.exe 1404 Services 0 11.056 K
svchost.exe 1508 Services 0 11.700 K
rundll32.exe 1796 Console 1 5.040 K
spoolsv.exe 1852 Services 0 8.588 K
sched.exe 1908 Services 0 1.328 K
svchost.exe 1928 Services 0 13.168 K
agrsmsvc.exe 1624 Services 0 2.072 K
svchost.exe 1608 Services 0 7.756 K
avguard.exe 1316 Services 0 24.208 K
svchost.exe 1916 Services 0 5.844 K
IGDCTRL.EXE 792 Services 0 5.052 K
PIFSvc.exe 2092 Services 0 932 K
svchost.exe 2332 Services 0 2.524 K
edd.exe 2352 Services 0 1.452 K
svchost.exe 2388 Services 0 2.372 K
svchost.exe 2408 Services 0 4.080 K
RichVideo.exe 2436 Services 0 3.460 K
svchost.exe 2476 Services 0 5.808 K
TosBtSrv.exe 2508 Services 0 3.136 K
svchost.exe 2624 Services 0 1.868 K
SearchIndexer.exe 2668 Services 0 16.668 K
reinstall_svc.exe 2740 Services 0 3.576 K
taskeng.exe 2900 Services 0 5.132 K
dwm.exe 3272 Console 1 36.288 K
explorer.exe 3296 Console 1 28.328 K
MSASCui.exe 3464 Console 1 5.348 K
MGSysCtrl.exe 3480 Console 1 7.680 K
PIFSvc.exe 3500 Console 1 852 K
avgnt.exe 3528 Console 1 2.348 K
XBoxStat.exe 3572 Console 1 3.864 K
rundll32.exe 3604 Console 1 4.400 K
jusched.exe 3652 Console 1 5.244 K
cledx.exe 3668 Console 1 4.648 K
hpwuSchd2.exe 3748 Console 1 2.628 K
reader_sl.exe 3780 Console 1 3.064 K
taskeng.exe 3788 Console 1 9.020 K
AdobeARM.exe 3888 Console 1 7.032 K
sidebar.exe 4012 Console 1 16.376 K
daemon.exe 4036 Console 1 3.936 K
msnmsgr.exe 4056 Console 1 2.748 K
ehtray.exe 1480 Console 1 1.120 K
wmpnscfg.exe 2500 Console 1 4.144 K
AveoSTI.exe 2616 Console 1 4.064 K
TosBtMng.exe 2648 Console 1 6.588 K
StCenter.exe 2940 Console 1 6.524 K
ehmsas.exe 3292 Console 1 4.460 K
TosA2dp.exe 1708 Console 1 4.340 K
wmpnetwk.exe 2528 Services 0 13.356 K
TosBtHid.exe 2696 Console 1 2.276 K
TosBtHSP.exe 3616 Console 1 4.716 K
TosAVRC.exe 4164 Console 1 4.236 K
TosOBEX.exe 4452 Console 1 6.508 K
TosBtProc.exe 5004 Console 1 4.600 K
firefox.exe 5408 Console 1 217.484 K
plugin-container.exe 6044 Console 1 194.496 K
wuauclt.exe 5180 Console 1 5.424 K
SearchProtocolHost.exe 5872 Services 0 9.540 K
SearchFilterHost.exe 5820 Services 0 5.632 K
WinRAR.exe 3916 Console 1 11.700 K
cmd.exe 3816 Console 1 2.912 K
conime.exe 4160 Console 1 3.208 K
tasklist.exe 5624 Console 1 4.728 K
WmiPrvSE.exe 4300 Services 0 5.932 K
***** Ende des Scans 21.04.2011 um 17:09:47,88 ***
Code:
ATTFilter AC3Filter (remove only) 16.09.2010 4,04MB
Achtung, die Kurve! 30.06.2010
Acronis*Disk*Director*Home Acronis 14.10.2010 216MB 11.0.216
Adobe Flash Player 10 ActiveX Adobe Systems Incorporated 09.03.2011 10.2.152.32
Adobe Flash Player 10 Plugin Adobe Systems Incorporated 19.04.2011 10.2.159.1
Adobe Reader 9.4.2 - Deutsch Adobe Systems Incorporated 07.03.2011 174,8MB 9.4.2
Adobe Shockwave Player 11.5 Adobe Systems, Inc. 05.06.2010 8,37MB 11.5.7.609
Agere Systems HDA Modem Agere Systems 01.09.2007
Akamai NetSession Interface 20.10.2010 13,4MB
Apple Application Support Apple Inc. 14.02.2010 32,4MB 1.1.0
Apple Software Update Apple Inc. 14.02.2010 2,16MB 2.1.1.116
Ask Toolbar Ask.com 23.09.2008 0,42MB
AveoCap AVEO 11.05.2009 0,20MB 1.00.0011
Avira AntiVir Personal - Free Antivirus Avira GmbH 18.09.2008 81,6MB
AVM FRITZ!Box Dokumentation AVM Berlin 17.02.2009 5,02MB
AVM FRITZ!Box Druckeranschluss AVM Berlin 17.02.2009
AVM FRITZ!DSL AVM Berlin 17.02.2009 14,1MB 2.04.02
Bluetooth Stack for Windows by Toshiba 01.09.2007 54,5MB v5.10.06
Canon MX850 series 26.03.2011
Canon MX850 series Benutzerregistrierung 26.03.2011 0,52MB
CCleaner Piriform 20.04.2011 3,60MB 3.05
DivX Codec DivX, Inc. 01.03.2009 1,40MB 6.8.5
DivX Converter DivX, Inc. 01.03.2009 35,9MB 7.0.0
DivX Player DivX, Inc. 01.03.2009 8,09MB 7.0.0
DivX Plus DirectShow Filters DivX, Inc. 01.03.2009 1,21MB
DVD Suite CyberLink Corporation 03.07.2008 11,3MB 5.0.1729
EA Download Manager Electronic Arts, Inc. 24.11.2009 7,99MB 5.1.0.4
Explorer Suite III 06.01.2009 6,85MB
ffdshow [rev 3154] [2009-12-09] 24.08.2010 17,0MB 1.0
FlexPoints 2.01 Weight Watchers 23.10.2009 131,8MB 2.01.0000
Free Audio CD Burner version 1.4.7 DVDVideoSoft Limited. 09.03.2011 3,02MB
Free YouTube to MP3 Converter version 3.9.34.305 DVDVideoSoft Limited. 09.03.2011 3,47MB
FUSSBALL MANAGER 10 Electronic Arts 03.12.2009 6.968MB 2.0.0.4
Haali Media Splitter 16.09.2010 2,45MB
HP OCR Software 8.0 HP 08.03.2010 1,53MB 8.0
HP Photosmart Essential HP 08.03.2010 10,2MB 1.12.0.46
HP Photosmart, Officejet, PSC and Deskjet All-In-One Driver Software 8.0.B HP 08.03.2010 75,8MB 8.0
HP Solution Center 8.0 HP 08.03.2010 1,53MB 8.0
HP Update Hewlett-Packard 08.03.2010 3,57MB 4.000.005.006
Java(TM) 6 Update 21 Sun Microsystems, Inc. 29.10.2008 94,4MB 6.0.210
LiveUpdate Notice (Symantec Corporation) Symantec Corporation 03.09.2008 7,59MB 1.4.5
Malwarebytes' Anti-Malware Malwarebytes Corporation 20.04.2011 4,80MB
Microsoft .NET Framework 3.5 SP1 Microsoft Corporation 18.08.2009 27,8MB
Microsoft .NET Framework 4 Client Profile Microsoft Corporation 13.10.2010 182,9MB 4.0.30319
Microsoft .NET Framework 4 Extended Microsoft Corporation 13.10.2010 46,0MB 4.0.30319
Microsoft Office Home and Student 2007 Microsoft Corporation 15.12.2009 298MB 12.0.6425.1000
Microsoft Office Word 2007 Microsoft Corporation 15.12.2009 308MB 12.0.6425.1000
Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053 Microsoft Corporation 30.07.2009 0,25MB 8.0.50727.4053
Microsoft Visual C++ 2005 Redistributable Microsoft Corporation 17.02.2009 0,41MB 8.0.56336
Microsoft Visual C++ 2005 Redistributable - KB2467175 Microsoft Corporation 13.04.2011 0,29MB 8.0.51011
Microsoft Visual C++ 2008 ATL Update kb973924 - x86 9.0.30729.4148 Microsoft Corporation 18.03.2011 0,19MB 9.0.30729.4148
Microsoft Visual C++ 2008 Redistributable - KB2467174 - x86 9.0.30729.5570 Microsoft Corporation 13.04.2011 0,58MB 9.0.30729.5570
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 Microsoft Corporation 17.03.2011 0,58MB 9.0.30729
Microsoft Works Microsoft Corporation 10.12.2009 285MB 08.05.0822
Microsoft Xbox 360 Accessories 1.1 Microsoft 18.09.2008 6,51MB 1.10.123.0
Mozilla Firefox (3.6.16) Mozilla 23.03.2011 30,7MB 3.6.16 (de)
MSXML 4.0 SP2 (KB936181) Microsoft Corporation 01.09.2007 1,28MB 4.20.9848.0
MSXML 4.0 SP2 (KB954430) Microsoft Corporation 13.11.2008 1,28MB 4.20.9870.0
MSXML 4.0 SP2 (KB973688) Microsoft Corporation 24.11.2009 1,34MB 4.20.9876.0
Next Generation Graphic Patch Update 08.03.2009
NVIDIA Drivers NVIDIA Corporation 08.03.2009 1.3
NVIDIA PhysX NVIDIA Corporation 08.03.2009 120,0MB 9.09.0010
OpenOffice.org 3.0 OpenOffice.org 16.06.2009 332MB 3.0.9379
PokerStars PokerStars 11.10.2008 57,9MB
Power2Go 5.0 03.07.2008 3,76MB
PowerDirector Express 03.07.2008 129,4MB
PowerProducer 03.07.2008 137,9MB
PPStream PPStream, Inc. 10.04.2009 20,4MB 2.6.86.8250
QuickTime Apple Inc. 14.02.2010 77,3MB 7.65.17.80
Realtek 8169 PCI, 8168 and 8101E PCIe Ethernet Network Card Driver for Windows Vista Realtek 01.09.2007 0,68MB 1.00.0000
RICOH R5C83x/84x Flash Media Controller Driver Ver.3.51.01 03.07.2008 1,93MB 3.51.01
Skype™ 4.2 Skype Technologies S.A. 22.08.2010 31,1MB 4.2.169
SopCast 3.2.4 SopCast.com 08.03.2010 9,18MB 3.2.4
Steinberg Cubase SX v3.1.1.944 31.05.2009 179,7MB
SyncroSoft Emu (Remove only) 31.05.2009 10,3MB
Syncrosofts Lizenz Kontrolle Syncrosoft Hard- Und Software GmbH 31.05.2009 10,3MB
System Control Manager 01.09.2007 5,03MB 1.0207.0907.G100.30
System Requirements Lab 08.03.2009 0,73MB
The Magic Fireplace Screensaver 1.4 bid77 Media Service 17.12.2009 1,63MB 1.4
TVAnts 1.0 02.04.2010 5,41MB
TVersity Codec Pack 1.4 TVersity Inc. 24.08.2010 1,63MB 1.4
TVersity Media Server 1.9.2 TVersity 24.08.2010 93,2MB 1.9.2
TVUPlayer 2.5.2.2 TVU networks 02.04.2010 14,6MB 2.5.2.2
Uninstall 1.0.0.1 09.03.2011 32,1MB
Veetle TV 0.9.18 Veetle, Inc 28.11.2010 10,1MB 0.9.18
VLC media player 1.0.1 VideoLAN Team 28.07.2009 72,4MB 1.0.1
Vuze Vuze, Inc. 23.09.2008 114,9MB
Wave Editor 3.1.0.0 AbyssMedia.com 09.03.2011 1,93MB 3.1.0.0
WBFS Manager 4.0 WBFS 01.01.2011 3,57MB 4.0
Winamp Nullsoft, Inc 28.09.2008 13,8MB 5.541
Windows Live Anmelde-Assistent Microsoft Corporation 05.03.2009 1,93MB 5.000.818.6
Windows Live Essentials Microsoft Corporation 10.02.2011 44,0MB 14.0.8117.0416
Windows Live-Uploadtool Microsoft Corporation 18.04.2009 0,22MB 14.0.8014.1029
Windows Media Player Firefox Plugin Microsoft Corp 16.09.2009 0,29MB 1.0.0.8
WinRAR archiver 03.07.2008
World Series of Poker 2008: Battle for the Bracelets Activision Value 13.11.2009 2.932MB 1.1
You Don't Know Jack 4 1.00 Take 2 Interactive 16.09.2009 229MB 1.00
YOU DON'T KNOW JACK Volume 2 30.06.2010 229MB
Zatacka 0.1.7 Mage 30.06.2010 2,95MB
Geändert von s0ny (21.04.2011 um 16:14 Uhr) |
|
21.04.2011, 16:30
| #5 | |
| /// Helfer-Team | tr/kazy.mekml.1 1. Deinstalliere unter `Start→ Systemsteuereung→ Ändern/Entfernen...` Code:
ATTFilter Ask Toolbar - Adware -Toolbar Immer die benutzerdefinierte Installation wählen, nicht die Standardinstallation, weil dann oft Sachen mitinstalliert werden, die man nicht braucht oder nicht möchte. Bei Installation die Lizenzbestimmungen immer lesen, und nicht sofort überall den Haken setzen, weil damit stimmt man nämlich zu, dass Adware (Werbe-Pop-ups) durch Partnerprogrammen, Sponsoren etc - mitinstalliert wird, weil sich Freeware damit finanziert. in diese Kategorie gehören noch einige, wie z.B: -> Unerwünschte Toolbars deinstallieren 2. Code:
ATTFilter Vuze
Zitat:
 Ausserdem nicht nur trojanische Pferde oder andere Virentypen eine direkt Verbindung brauchen, sondern der Verwendung von µtorrent & Co, "telefonieren auch nach Hause", wenn auch noch keine Beweise vorliegen (zumindest teilweise nicht) und solchen Clients erlaubt, würde ich nicht empfehlen!  3. Deine Javaversion ist nicht aktuell! Da aufgrund alter Sicherheitslücken ist Java sehr anfällig, deinstalliere zunächst alle vorhandenen Java-Versionen: → Systemsteuerung → Software → deinstallieren... → Rechner neu aufstarten → Downloade nun die Offline-Version von Java Version 6 Update 24 von Oracle herunter Achte darauf, eventuell angebotene Toolbars abwählen (den Haken bei der Toolbar entfernen)! 4. Adobe Reader aktualisieren : - Bei Installation aufpassen/mitlesen!: Wenn irgendeine Software, Toolbar etc angeboten wird, bitte abwählen! - (z.B "McAfee Security Scan Plus") Adobe Reader Oder: Adobe starten-> gehe auf "Hilfe"-> "Nach Update suchen..." 5.
6. - "Link:-> ESET Online Scanner >>Du sollst nicht die Antivirus-Sicherheitssoftware installieren, sondern dein System nur online scannen<< Auch auf USB-Sticks, selbstgebrannten Datenträgern, externen Festplatten und anderen Datenträgern können Viren transportiert werden. Man muss daher durch regelmäßige Prüfungen auf Schäden, die durch Malware ("Worm.Win32.Autorun") verursacht worden sein können, überwacht werden. Hierfür sind ser gut geegnet und empfohlen, die auf dem Speichermedium gesicherten Daten, mit Hilfe des kostenlosen Online Scanners zu prüfen. Schließe jetzt alle externe Datenträgeran (USB Sticks etc) Deinen Rechner an, dabei die Hochstell-Taste [Shift-Taste] gedrückt halten, damit die Autorun-Funktion nicht ausgeführt wird. (So verhindest Du die Ausführung der AUTORUN-Funktion) - Man kann die AUTORUN-Funktion aber auch generell abschalten.► [Sicherheit] Autorun Funktion für mehr Sicherheit auf allen Laufwerken deaktivieren /Avira Support Forum -> Führe dann einen Komplett-Systemcheck mit Eset/Nod32 durch - folgendes bitte anhaken > "Remove found threads" und "Scan archives" - die Scanergebnis als *.txt Dateien speichern) - meistens "C:\Programme\Eset\EsetOnlineScanner\log.txt" Vor dem Scan Einstellungen im Internet Explorer: - "Extras→ Internetoptionen→ Sicherheit": - alles auf Standardstufe stellen - Active X erlauben - um den Scan zu starten: wenn du danach gefragt wirst (den Text in der Informationsleiste ) - ActiveX-Steuerelement installieren lassen ► Hast du jetzt noch irgendwelche Probleme?
__________________ Warnung!: Vorsicht beim Rechnungen per Email mit ZIP-Datei als Anhang! Kann mit einen Verschlüsselungs-Trojaner infiziert sein! Anhang nicht öffnen, in unserem Forum erst nachfragen! Sichere regelmäßig deine Daten, auf CD/DVD, USB-Sticks oder externe Festplatten, am besten 2x an verschiedenen Orten! Bitte diese Warnung weitergeben, wo Du nur kannst! |
|
21.04.2011, 16:42
| #6 |
| | tr/kazy.mekml.1 Alles klar, werde das alles in Angriff nehmen! Vielen, vielen Dank! |
|
22.04.2011, 09:37
| #7 |
| | tr/kazy.mekml.1 SUPERAntiSpyware-Scan: Code:
ATTFilter SUPERAntiSpyware Scan Log
hxxp://www.superantispyware.com
Generated 04/22/2011 at 03:19 AM
Application Version : 4.51.1000
Core Rules Database Version : 6887
Trace Rules Database Version: 4699
Scan type : Complete Scan
Total Scan Time : 00:55:28
Memory items scanned : 760
Memory threats detected : 0
Registry items scanned : 8609
Registry threats detected : 1
File items scanned : 40053
File threats detected : 156
Adware.Tracking Cookie
C:\Users\Basti\AppData\Roaming\Microsoft\Windows\Cookies\basti@apmebf[2].txt
C:\Users\Basti\AppData\Roaming\Microsoft\Windows\Cookies\basti@bs.serving-sys[2].txt
C:\Users\Basti\AppData\Roaming\Microsoft\Windows\Cookies\basti@atdmt.combing[2].txt
C:\Users\Basti\AppData\Roaming\Microsoft\Windows\Cookies\basti@usenext[2].txt
C:\Users\Basti\AppData\Roaming\Microsoft\Windows\Cookies\basti@serving-sys[1].txt
C:\Users\Basti\AppData\Roaming\Microsoft\Windows\Cookies\basti@doubleclick[1].txt
C:\Users\Basti\AppData\Roaming\Microsoft\Windows\Cookies\basti@questionmarket[2].txt
C:\Users\Basti\AppData\Roaming\Microsoft\Windows\Cookies\basti@advertising[1].txt
C:\Users\Basti\AppData\Roaming\Microsoft\Windows\Cookies\basti@adfarm1.adition[2].txt
C:\Users\Basti\AppData\Roaming\Microsoft\Windows\Cookies\basti@komtrack[1].txt
C:\Users\Basti\AppData\Roaming\Microsoft\Windows\Cookies\basti@adbrite[2].txt
C:\Users\Basti\AppData\Roaming\Microsoft\Windows\Cookies\basti@weborama[2].txt
C:\Users\Basti\AppData\Roaming\Microsoft\Windows\Cookies\basti@zanox[2].txt
C:\Users\Basti\AppData\Roaming\Microsoft\Windows\Cookies\basti@tradedoubler[2].txt
C:\Users\Basti\AppData\Roaming\Microsoft\Windows\Cookies\basti@yadro[1].txt
C:\Users\Basti\AppData\Roaming\Microsoft\Windows\Cookies\basti@content.yieldmanager[2].txt
C:\Users\Basti\AppData\Roaming\Microsoft\Windows\Cookies\basti@content.yieldmanager[3].txt
C:\Users\Basti\AppData\Roaming\Microsoft\Windows\Cookies\basti@traffictrack[2].txt
C:\Users\Basti\AppData\Roaming\Microsoft\Windows\Cookies\basti@mediaplex[2].txt
C:\Users\Basti\AppData\Roaming\Microsoft\Windows\Cookies\basti@www.etracker[1].txt
C:\Users\Basti\AppData\Roaming\Microsoft\Windows\Cookies\basti@tracking.3gnet[2].txt
C:\Users\Basti\AppData\Roaming\Microsoft\Windows\Cookies\basti@ad.yieldmanager[1].txt
C:\Users\Basti\AppData\Roaming\Microsoft\Windows\Cookies\basti@adtech[1].txt
C:\Users\Basti\AppData\Roaming\Microsoft\Windows\Cookies\basti@zanox-affiliate[2].txt
C:\Users\Basti\AppData\Roaming\Microsoft\Windows\Cookies\basti@a3.adserver01[1].txt
C:\Users\Basti\AppData\Roaming\Microsoft\Windows\Cookies\basti@adultfriendfinder[1].txt
C:\Users\Basti\AppData\Roaming\Microsoft\Windows\Cookies\basti@atdmt[1].txt
C:\Users\Basti\AppData\Roaming\Microsoft\Windows\Cookies\basti@tto2.traffictrack[2].txt
C:\Users\Basti\AppData\Roaming\Microsoft\Windows\Cookies\basti@bluestreak[1].txt
C:\Users\Basti\AppData\Roaming\Microsoft\Windows\Cookies\basti@zedo[1].txt
C:\Users\Basti\AppData\Roaming\Microsoft\Windows\Cookies\basti@www.usenext[3].txt
C:\Users\Basti\AppData\Roaming\Microsoft\Windows\Cookies\basti@tracking.quisma[2].txt
C:\Users\Basti\AppData\Roaming\Microsoft\Windows\Cookies\basti@www.usenext[2].txt
C:\Users\Basti\AppData\Roaming\Microsoft\Windows\Cookies\basti@fastclick[2].txt
C:\Users\Basti\AppData\Roaming\Microsoft\Windows\Cookies\basti@www.active-tracking[1].txt
C:\Users\Basti\AppData\Roaming\Microsoft\Windows\Cookies\basti@2o7[1].txt
C:\Users\Basti\AppData\Roaming\Microsoft\Windows\Cookies\basti@msnportal.112.2o7[2].txt
C:\Users\Basti\AppData\Roaming\Microsoft\Windows\Cookies\basti@imrworldwide[2].txt
C:\Users\Basti\AppData\Roaming\Microsoft\Windows\Cookies\basti@adply.plymedia[1].txt
C:\Users\Basti\AppData\Roaming\Microsoft\Windows\Cookies\Low\basti@doubleclick[1].txt
C:\Users\Basti\AppData\Roaming\Microsoft\Windows\Cookies\Low\basti@hitbox[1].txt
C:\Users\Basti\AppData\Roaming\Microsoft\Windows\Cookies\Low\basti@ad.yieldmanager[1].txt
C:\Users\Basti\AppData\Roaming\Microsoft\Windows\Cookies\Low\basti@media6degrees[2].txt
C:\Users\Basti\AppData\Roaming\Microsoft\Windows\Cookies\Low\basti@youporn[1].txt
C:\Users\Basti\AppData\Roaming\Microsoft\Windows\Cookies\Low\basti@ad.adnet[2].txt
C:\Users\Basti\AppData\Roaming\Microsoft\Windows\Cookies\Low\basti@youporn[2].txt
C:\Users\Basti\AppData\Roaming\Microsoft\Windows\Cookies\Low\basti@media.adsvelocity[2].txt
C:\Users\Basti\AppData\Roaming\Microsoft\Windows\Cookies\Low\basti@tracking.quisma[1].txt
C:\Users\Basti\AppData\Roaming\Microsoft\Windows\Cookies\Low\basti@ad.ad-srv[2].txt
C:\Users\Basti\AppData\Roaming\Microsoft\Windows\Cookies\Low\basti@ads.crakmedia[2].txt
C:\Users\Basti\AppData\Roaming\Microsoft\Windows\Cookies\Low\basti@studivz.adfarm1.adition[1].txt
C:\Users\Basti\AppData\Roaming\Microsoft\Windows\Cookies\Low\basti@atdmt[1].txt
C:\Users\Basti\AppData\Roaming\Microsoft\Windows\Cookies\Low\basti@interclick[2].txt
C:\Users\Basti\AppData\Roaming\Microsoft\Windows\Cookies\Low\basti@adtech[1].txt
C:\Users\Basti\AppData\Roaming\Microsoft\Windows\Cookies\Low\basti@adviva[2].txt
C:\Users\Basti\AppData\Roaming\Microsoft\Windows\Cookies\Low\basti@tracking.mindshare[1].txt
C:\Users\Basti\AppData\Roaming\Microsoft\Windows\Cookies\Low\basti@ad.adserver01[2].txt
C:\Users\Basti\AppData\Roaming\Microsoft\Windows\Cookies\Low\basti@msnportal.112.2o7[1].txt
C:\Users\Basti\AppData\Roaming\Microsoft\Windows\Cookies\Low\basti@a7.adserver01[1].txt
C:\Users\Basti\AppData\Roaming\Microsoft\Windows\Cookies\Low\basti@statcounter[1].txt
C:\Users\Basti\AppData\Roaming\Microsoft\Windows\Cookies\Low\basti@ads.heias[2].txt
C:\Users\Basti\AppData\Roaming\Microsoft\Windows\Cookies\Low\basti@trafficmp[2].txt
C:\Users\Basti\AppData\Roaming\Microsoft\Windows\Cookies\Low\basti@media.brandreachsys[2].txt
C:\Users\Basti\AppData\Roaming\Microsoft\Windows\Cookies\Low\basti@2o7[1].txt
C:\Users\Basti\AppData\Roaming\Microsoft\Windows\Cookies\Low\basti@nike.112.2o7[1].txt
C:\Users\Basti\AppData\Roaming\Microsoft\Windows\Cookies\Low\basti@adcentriconline[1].txt
C:\Users\Basti\AppData\Roaming\Microsoft\Windows\Cookies\Low\basti@imrworldwide[2].txt
C:\Users\Basti\AppData\Roaming\Microsoft\Windows\Cookies\Low\basti@himedia.individuad[2].txt
C:\Users\Basti\AppData\Roaming\Microsoft\Windows\Cookies\Low\basti@zanox-affiliate[2].txt
C:\Users\Basti\AppData\Roaming\Microsoft\Windows\Cookies\Low\basti@server.lon.liveperson[3].txt
C:\Users\Basti\AppData\Roaming\Microsoft\Windows\Cookies\Low\basti@xiti[1].txt
C:\Users\Basti\AppData\Roaming\Microsoft\Windows\Cookies\Low\basti@adrevolver[2].txt
C:\Users\Basti\AppData\Roaming\Microsoft\Windows\Cookies\Low\basti@server.lon.liveperson[2].txt
C:\Users\Basti\AppData\Roaming\Microsoft\Windows\Cookies\Low\basti@stat.dealtime[2].txt
C:\Users\Basti\AppData\Roaming\Microsoft\Windows\Cookies\Low\basti@content.yieldmanager[2].txt
C:\Users\Basti\AppData\Roaming\Microsoft\Windows\Cookies\Low\basti@tracking.hannoversche[2].txt
C:\Users\Basti\AppData\Roaming\Microsoft\Windows\Cookies\Low\basti@adserver.itsfogo[1].txt
C:\Users\Basti\AppData\Roaming\Microsoft\Windows\Cookies\Low\basti@www.etracker[2].txt
C:\Users\Basti\AppData\Roaming\Microsoft\Windows\Cookies\Low\basti@www.discount24[1].txt
C:\Users\Basti\AppData\Roaming\Microsoft\Windows\Cookies\Low\basti@zedo[1].txt
C:\Users\Basti\AppData\Roaming\Microsoft\Windows\Cookies\Low\basti@eaeacom.112.2o7[1].txt
C:\Users\Basti\AppData\Roaming\Microsoft\Windows\Cookies\Low\basti@smartadserver[1].txt
C:\Users\Basti\AppData\Roaming\Microsoft\Windows\Cookies\Low\basti@tenyardtracker[1].txt
C:\Users\Basti\AppData\Roaming\Microsoft\Windows\Cookies\Low\basti@ehg-adidas.hitbox[2].txt
C:\Users\Basti\AppData\Roaming\Microsoft\Windows\Cookies\Low\basti@media.adrevolver[1].txt
C:\Users\Basti\AppData\Roaming\Microsoft\Windows\Cookies\Low\basti@hertz.122.2o7[1].txt
C:\Users\Basti\AppData\Roaming\Microsoft\Windows\Cookies\Low\basti@invitemedia[1].txt
C:\Users\Basti\AppData\Roaming\Microsoft\Windows\Cookies\Low\basti@myroitracking[2].txt
C:\Users\Basti\AppData\Roaming\Microsoft\Windows\Cookies\Low\basti@microsoftsto.112.2o7[1].txt
C:\Users\Basti\AppData\Roaming\Microsoft\Windows\Cookies\Low\basti@track.webtrekk[2].txt
C:\Users\Basti\AppData\Roaming\Microsoft\Windows\Cookies\Low\basti@ad.slutload[1].txt
C:\Users\Basti\AppData\Roaming\Microsoft\Windows\Cookies\Low\basti@www9.discount24[1].txt
C:\Users\Basti\AppData\Roaming\Microsoft\Windows\Cookies\Low\basti@specificclick[2].txt
C:\Users\Basti\AppData\Roaming\Microsoft\Windows\Cookies\Low\basti@clicksor[2].txt
C:\Users\Basti\AppData\Roaming\Microsoft\Windows\Cookies\Low\basti@fastclick[1].txt
C:\Users\Basti\AppData\Roaming\Microsoft\Windows\Cookies\Low\basti@track.webtrekk[1].txt
C:\Users\Basti\AppData\Roaming\Microsoft\Windows\Cookies\Low\basti@fl01.ct2.comclick[2].txt
C:\Users\Basti\AppData\Roaming\Microsoft\Windows\Cookies\Low\basti@statse.webtrendslive[1].txt
C:\Users\Basti\AppData\Roaming\Microsoft\Windows\Cookies\Low\basti@revsci[1].txt
C:\Users\Basti\AppData\Roaming\Microsoft\Windows\Cookies\Low\basti@zanox[1].txt
C:\Users\Basti\AppData\Roaming\Microsoft\Windows\Cookies\Low\basti@youporn.videobox[2].txt
C:\Users\Basti\AppData\Roaming\Microsoft\Windows\Cookies\Low\basti@adfarm1.adition[2].txt
C:\Users\Basti\AppData\Roaming\Microsoft\Windows\Cookies\Low\basti@ad.zanox[2].txt
C:\Users\Basti\AppData\Roaming\Microsoft\Windows\Cookies\Low\basti@partypoker[2].txt
C:\Users\Basti\AppData\Roaming\Microsoft\Windows\Cookies\Low\basti@ad4.adfarm1.adition[1].txt
C:\Users\Basti\AppData\Roaming\Microsoft\Windows\Cookies\Low\basti@ad3.adfarm1.adition[1].txt
C:\Users\Basti\AppData\Roaming\Microsoft\Windows\Cookies\Low\basti@ad2.adfarm1.adition[1].txt
C:\Users\Basti\AppData\Roaming\Microsoft\Windows\Cookies\Low\basti@ad1.adfarm1.adition[2].txt
C:\Users\Basti\AppData\Roaming\Microsoft\Windows\Cookies\Low\basti@unitymedia[1].txt
C:\Users\Basti\AppData\Roaming\Microsoft\Windows\Cookies\Low\basti@ads.undertone[2].txt
C:\Users\Basti\AppData\Roaming\Microsoft\Windows\Cookies\Low\basti@shop.zanox[2].txt
C:\Users\Basti\AppData\Roaming\Microsoft\Windows\Cookies\Low\basti@in.getclicky[1].txt
C:\Users\Basti\AppData\Roaming\Microsoft\Windows\Cookies\Low\basti@thomascookag.122.2o7[1].txt
C:\Users\Basti\AppData\Roaming\Microsoft\Windows\Cookies\Low\basti@tracking.onmarketing[1].txt
C:\Users\Basti\AppData\Roaming\Microsoft\Windows\Cookies\Low\basti@mediaplex[1].txt
C:\Users\Basti\AppData\Roaming\Microsoft\Windows\Cookies\Low\basti@discount24[1].txt
C:\Users\Basti\AppData\Roaming\Microsoft\Windows\Cookies\Low\basti@tradedoubler[2].txt
C:\Users\Basti\AppData\Roaming\Microsoft\Windows\Cookies\Low\basti@casalemedia[1].txt
C:\Users\Basti\AppData\Roaming\Microsoft\Windows\Cookies\Low\basti@adsrv.admediate[2].txt
C:\Users\Basti\AppData\Roaming\Microsoft\Windows\Cookies\Low\basti@ero-advertising[2].txt
C:\Users\Basti\AppData\Roaming\Microsoft\Windows\Cookies\Low\basti@track.effiliation[1].txt
C:\Users\Basti\AppData\Roaming\Microsoft\Windows\Cookies\Low\basti@ad.youporn.videobox[1].txt
C:\Users\Basti\AppData\Roaming\Microsoft\Windows\Cookies\Low\basti@webmasterplan[2].txt
C:\Users\Basti\AppData\Roaming\Microsoft\Windows\Cookies\Low\basti@bs.serving-sys[1].txt
C:\Users\Basti\AppData\Roaming\Microsoft\Windows\Cookies\Low\basti@track.effiliation[2].txt
C:\Users\Basti\AppData\Roaming\Microsoft\Windows\Cookies\Low\basti@porntubemate[1].txt
C:\Users\Basti\AppData\Roaming\Microsoft\Windows\Cookies\Low\basti@traffictrack[1].txt
C:\Users\Basti\AppData\Roaming\Microsoft\Windows\Cookies\Low\basti@ads.quartermedia[2].txt
C:\Users\Basti\AppData\Roaming\Microsoft\Windows\Cookies\Low\basti@traveladvertising[2].txt
C:\Users\Basti\AppData\Roaming\Microsoft\Windows\Cookies\Low\basti@adultfriendfinder[2].txt
C:\Users\Basti\AppData\Roaming\Microsoft\Windows\Cookies\Low\basti@www.usenext[2].txt
C:\Users\Basti\AppData\Roaming\Microsoft\Windows\Cookies\Low\basti@apmebf[1].txt
C:\Users\Basti\AppData\Roaming\Microsoft\Windows\Cookies\Low\basti@serving-sys[1].txt
C:\Users\Basti\AppData\Roaming\Microsoft\Windows\Cookies\Low\basti@adserver.anschlusstor[1].txt
C:\Users\Basti\AppData\Roaming\Microsoft\Windows\Cookies\Low\basti@tracking.mlsat02[2].txt
C:\Users\Basti\AppData\Roaming\Microsoft\Windows\Cookies\Low\basti@ads.watchmygf[1].txt
C:\Users\Basti\AppData\Roaming\Microsoft\Windows\Cookies\Low\basti@tele2de.112.2o7[1].txt
C:\Users\Basti\AppData\Roaming\Microsoft\Windows\Cookies\Low\basti@porntube[1].txt
C:\Users\Basti\AppData\Roaming\Microsoft\Windows\Cookies\Low\basti@www.googleadservices[2].txt
C:\Users\Basti\AppData\Roaming\Microsoft\Windows\Cookies\Low\basti@tribalfusion[1].txt
C:\Users\Basti\AppData\Roaming\Microsoft\Windows\Cookies\Low\basti@ads.youporn[1].txt
C:\Users\Basti\AppData\Roaming\Microsoft\Windows\Cookies\Low\basti@track.adform[2].txt
C:\Users\Basti\AppData\Roaming\Microsoft\Windows\Cookies\Low\basti@rotator.adjuggler[1].txt
C:\Users\Basti\AppData\Roaming\Microsoft\Windows\Cookies\Low\basti@ads.adcloud[2].txt
C:\Users\Basti\AppData\Roaming\Microsoft\Windows\Cookies\Low\basti@im.banner.t-online[1].txt
C:\Users\Basti\AppData\Roaming\Microsoft\Windows\Cookies\Low\basti@questionmarket[2].txt
C:\Users\Basti\AppData\Roaming\Microsoft\Windows\Cookies\Low\basti@sonyeurope.112.2o7[1].txt
C:\Users\Basti\AppData\Roaming\Microsoft\Windows\Cookies\Low\basti@adultadworld[1].txt
C:\Users\Basti\AppData\Roaming\Microsoft\Windows\Cookies\Low\basti@advertising[1].txt
C:\Users\Basti\AppData\Roaming\Microsoft\Windows\Cookies\Low\basti@eas.apm.emediate[2].txt
secure-uk.imrworldwide.com [ C:\Users\Basti\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\73SPAL36 ]
Adware.Vundo Variant/Rel
HKU\S-1-5-21-9527809-2398962358-3293105967-1000\Software\Microsoft\Windows\CurrentVersion\Run#MSServer [ rundll32.exe C:\Users\Basti\AppData\Local\Temp\iifebCVm.dll,#1 ]
Code:
ATTFilter C:\aol\aolsilentsetup.ex_ möglicherweise Variante von Win32/StartPage.LWOOMNQ Trojaner gelöscht - in Quarantäne kopiert
C:\Users\Public\Desktop\aolsilentsetup.exe möglicherweise Variante von Win32/StartPage.LWOOMNQ Trojaner gelöscht - in Quarantäne kopiert
D:\Downloads\Programme\Browser\Firefox_Setup.exe möglicherweise Variante von Win32/TrojanDownloader.Banload.HSGFPBY Trojaner Gesäubert durch Löschen - in Quarantäne kopiert
D:\Images\rld-fif9.iso möglicherweise Variante von Win32/Obfuscated.JJEZGMV Trojaner gelöscht - in Quarantäne kopiert
|
|
22.04.2011, 22:30
| #8 |
| /// Helfer-Team | tr/kazy.mekml.1 schaue mal hier:-> http://www.mce-community.de/portal/i...ell-bearbeiten
__________________ Warnung!: Vorsicht beim Rechnungen per Email mit ZIP-Datei als Anhang! Kann mit einen Verschlüsselungs-Trojaner infiziert sein! Anhang nicht öffnen, in unserem Forum erst nachfragen! Sichere regelmäßig deine Daten, auf CD/DVD, USB-Sticks oder externe Festplatten, am besten 2x an verschiedenen Orten! Bitte diese Warnung weitergeben, wo Du nur kannst! |
|
23.04.2011, 15:02
| #9 |
| | tr/kazy.mekml.1 Ah, okay. Dankeschön. Habe jetzt auch schlauerweise bemerkt, dass alles wieder so ist wie es sein soll. Die Ordner der Benutzerkonten waren lediglich versteckt! Also vielen, vielen Dank! Ohne Hilfe hätte ich das nie hinbekommen! |
|
23.04.2011, 22:19
| #10 | |
| /// Helfer-Team | tr/kazy.mekml.1 Tool-Bereinigung mit OTL Wir werden nun die CleanUp!-Funktion von OTL nutzen, um die meisten Programme, die wir zur Bereinigung installiert haben, wieder von Deinem System zu löschen.
2. wenn alles gut verlaufen ist und dein System läuft stabil, mache folgendes: Erstelle manuell einen Wiederherstellungspunkt: Aktivieren und Deaktivieren der Systemwiederherstellung 3. Ändere deine Passworte und Zugangsdaten! - von einem sauberen System aus - Alle Passwörter, die auf dem kompromittierten System verwendet wurden (also z.B. Login-, Mail- oder Website-Passwörter, aber auch die PIN für das Online-Banking) sofort ändern (► am besten von einem anderen, nicht-infizierten Rechner aus! ) Tipps: Die sichere Passwort-Wahl - (sollte man eigentlich regelmäßigen Abständen ca. alle 3-5 Monate ändern) auch noch hier unter: Sicheres Kennwort (Password) Lesestoff Nr.1:
** Der gesunde Menschenverstand, Windows und Internet-Software sicher konfigurieren ist der beste Weg zur Sicherheit im Webverkehr ist !! Zitat:
► Kann sich auf Dauer eine Menge Datenmüll ansammeln, sich Fehlermeldungen häufen, der PC ist wahrscheinlich nicht mehr so schnell, wie früher:
__________________ Warnung!: Vorsicht beim Rechnungen per Email mit ZIP-Datei als Anhang! Kann mit einen Verschlüsselungs-Trojaner infiziert sein! Anhang nicht öffnen, in unserem Forum erst nachfragen! Sichere regelmäßig deine Daten, auf CD/DVD, USB-Sticks oder externe Festplatten, am besten 2x an verschiedenen Orten! Bitte diese Warnung weitergeben, wo Du nur kannst! |
|
.
Linear-Darstellung
