|
Plagegeister aller Art und deren Bekämpfung: Komische .exe-Datein in msconfig!Windows 7 Wenn Du nicht sicher bist, ob Du dir Malware oder Trojaner eingefangen hast, erstelle hier ein Thema. Ein Experte wird sich mit weiteren Anweisungen melden und Dir helfen die Malware zu entfernen oder Unerwünschte Software zu deinstallieren bzw. zu löschen. Bitte schildere dein Problem so genau wie möglich. Sollte es ein Trojaner oder Viren Problem sein wird ein Experte Dir bei der Beseitigug der Infektion helfen. |
24.04.2011, 08:25 | #1 |
| Komische .exe-Datein in msconfig! Hey, ich habe eben bei der Suche "msconfig" eingeben um die Startprogramme ein bisschen zu reduzieren. Da hab ich ein paar komische Funde gemacht. .exe-Programme die sicherlich nicht von Windows sind. (Hersteller: Unbekannt) Ich habe diese Datein gegoogelt und manche sagen, das seien Trojaner, manche sagen, das ist harmlos. Ich hab keine Ahnung, deswegen wende ich mich an die Profis! Okay, diese Datein heißen: "facemoods.com", "jdsfjsdijf.exe", "{A3F70900-2328-7984-CEB4-633B74F1D0}", "portwexexe.exe", "ONWERETETR.exe", "malacuxaxtx.exe" und als letztes (glaube Ich) "syscheckert.exe". (können abtippfehler dabei sein!) Ich habe bei msconfig die Haken der Datein erstmal raus genommen, jedoch wenn ich diese Namen in der Windowssuche eingebe, kommt nichts. Ich habe vor paar Tagen mein Avira durchlaufen lassen & paar Trojaner in Quarantäne geschickt & direkt gelöscht! Wenn ihr ehrlich bin, will ich mein System nicht neu aufsetzen. (Viele MP3, PNGS & wichtige Programme). Ich hab keine Lust, hier dann 500 Stunden zu sitzen & alles neuzuinstallieren bzw. auf 500 Usb-sticks zu speichern. Ich hoffe ihr könnt mir helfen! Ich betreibe kein Onlinebanking noch kauf ich irgendwo ein (Ebay or so) Hab Windows 7, 32 Bit! OTL.txt: OTL Logfile: Code:
ATTFilter OTL logfile created on: 24.04.2011 09:54:28 - Run 1 OTL by OldTimer - Version 3.2.22.3 Folder = C:\Users\Benutzer\Desktop Home Premium Edition (Version = 6.1.7600) - Type = NTWorkstation Internet Explorer (Version = 8.0.7600.16385) Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy 2,00 Gb Total Physical Memory | 1,00 Gb Available Physical Memory | 52,00% Memory free 4,00 Gb Paging File | 3,00 Gb Available in Paging File | 64,00% Paging File free Paging file location(s): ?:\pagefile.sys [binary data] %SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files Drive C: | 576,61 Gb Total Space | 294,42 Gb Free Space | 51,06% Space Free | Partition Type: NTFS Drive D: | 19,55 Gb Total Space | 13,55 Gb Free Space | 69,33% Space Free | Partition Type: FAT32 Drive E: | 6,91 Gb Total Space | 0,00 Gb Free Space | 0,00% Space Free | Partition Type: UDF Computer Name: GAGA | User Name: Benutzer | Logged in as Administrator. Boot Mode: Normal | Scan Mode: Current user | Quick Scan Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days ========== Processes (SafeList) ========== PRC - [2011.04.24 09:36:21 | 000,580,608 | ---- | M] (OldTimer Tools) -- C:\Users\Benutzer\Desktop\OTL.exe PRC - [2011.03.28 15:41:14 | 001,910,152 | ---- | M] (LogMeIn Inc.) -- C:\Program Files\LogMeIn Hamachi\hamachi-2-ui.exe PRC - [2011.03.28 15:41:12 | 001,242,504 | ---- | M] (LogMeIn Inc.) -- C:\Program Files\LogMeIn Hamachi\hamachi-2.exe PRC - [2011.03.24 23:06:22 | 000,912,344 | ---- | M] (Mozilla Corporation) -- C:\Program Files\Mozilla Firefox\firefox.exe PRC - [2011.03.17 10:15:04 | 000,842,048 | ---- | M] (DT Soft Ltd) -- C:\Program Files\DAEMON Tools Pro\DTAgent.exe PRC - [2011.01.28 18:36:42 | 000,526,336 | ---- | M] (Spigot, Inc.) -- C:\Program Files\Common Files\Spigot\Search Settings\SearchSettings.exe PRC - [2011.01.28 18:10:28 | 000,387,072 | ---- | M] (Spigot, Inc.) -- C:\Program Files\Application Updater\ApplicationUpdater.exe PRC - [2011.01.14 16:55:56 | 002,250,616 | ---- | M] (TeamViewer GmbH) -- C:\Program Files\TeamViewer\Version6\TeamViewer_Service.exe PRC - [2010.10.15 07:25:38 | 001,721,640 | ---- | M] (ManyCam LLC) -- C:\Program Files\ManyCam\Bin\ManyCam.exe PRC - [2010.09.06 19:56:38 | 000,247,096 | ---- | M] () -- C:\Program Files\ICQ6Toolbar\ICQ Service.exe PRC - [2010.07.06 17:03:00 | 000,173,352 | ---- | M] (TeamViewer GmbH) -- C:\Program Files\TeamViewer\Version5\TeamViewer_Service.exe PRC - [2010.06.03 02:50:58 | 001,144,104 | ---- | M] () -- C:\Program Files\DivX\DivX Update\DivXUpdate.exe PRC - [2010.05.11 08:12:12 | 002,398,344 | ---- | M] (mobile concepts GmbH) -- C:\Program Files\S.A.D\CyberGhost VPN\CGVPNCliService.exe PRC - [2009.12.20 00:00:00 | 006,095,504 | ---- | M] (MySQL AB) -- C:\xampp\mysql\bin\mysqld.exe PRC - [2009.12.20 00:00:00 | 000,029,416 | ---- | M] (Apache Software Foundation) -- C:\xampp\apache\bin\httpd.exe PRC - [2009.11.28 23:20:09 | 000,386,872 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\Java\jre6\bin\jucheck.exe PRC - [2009.10.31 07:45:40 | 002,614,272 | ---- | M] (Microsoft Corporation) -- C:\Windows\explorer.exe PRC - [2009.10.19 17:30:26 | 002,913,576 | ---- | M] (Guillemot Corporation S.A.) -- C:\Program Files\Hercules\Blog Webcam\XtrCtrl.exe PRC - [2009.10.07 14:50:26 | 000,185,640 | ---- | M] (TeamViewer GmbH) -- C:\Program Files\TeamViewer\Version4\TeamViewer_Service.exe PRC - [2009.08.27 18:09:10 | 001,253,376 | ---- | M] (MAGIX AG) -- C:\Program Files\Common Files\MAGIX Services\Database\bin\FABS.exe PRC - [2009.08.18 03:36:36 | 000,348,160 | ---- | M] (AMD) -- C:\Windows\System32\atieclxx.exe PRC - [2009.08.18 03:36:08 | 000,176,128 | ---- | M] (AMD) -- C:\Windows\System32\atiesrxx.exe PRC - [2009.07.21 14:34:28 | 000,185,089 | ---- | M] (Avira GmbH) -- C:\Program Files\Avira\AntiVir Desktop\avguard.exe PRC - [2009.07.14 03:14:42 | 000,049,152 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\taskhost.exe PRC - [2009.05.13 16:48:18 | 000,108,289 | ---- | M] (Avira GmbH) -- C:\Program Files\Avira\AntiVir Desktop\sched.exe PRC - [2009.03.02 13:08:43 | 000,209,153 | ---- | M] (Avira GmbH) -- C:\Program Files\Avira\AntiVir Desktop\avgnt.exe PRC - [2008.10.14 11:57:32 | 000,020,480 | ---- | M] (Google) -- C:\Program Files\Google\Google EULA\GoogleEULALauncher.exe PRC - [2008.09.09 18:32:00 | 006,281,760 | ---- | M] (Realtek Semiconductor) -- C:\Windows\RtHDVCpl.exe PRC - [2007.02.26 17:53:26 | 000,118,784 | ---- | M] (Guillemot Corporation S.A.) -- C:\Program Files\Hercules\Hercules Blog Webcam\CamService.exe ========== Modules (SafeList) ========== MOD - [2011.04.24 09:36:21 | 000,580,608 | ---- | M] (OldTimer Tools) -- C:\Users\Benutzer\Desktop\OTL.exe MOD - [2010.08.21 07:21:32 | 001,680,896 | ---- | M] (Microsoft Corporation) -- C:\Windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7600.16661_none_420fe3fa2b8113bd\comctl32.dll ========== Win32 Services (SafeList) ========== SRV - [2011.03.30 22:12:50 | 003,229,784 | ---- | M] () [Auto | Running] -- c:\Program Files\Common Files\Akamai\netsession_win_a35e6b9.dll -- (Akamai) SRV - [2011.03.28 15:41:12 | 001,242,504 | ---- | M] (LogMeIn Inc.) [Auto | Running] -- C:\Program Files\LogMeIn Hamachi\hamachi-2.exe -- (Hamachi2Svc) SRV - [2011.02.25 22:12:21 | 000,407,336 | ---- | M] (Valve Corporation) [On_Demand | Stopped] -- C:\Program Files\Common Files\Steam\SteamService.exe -- (Steam Client Service) SRV - [2011.01.28 18:10:28 | 000,387,072 | ---- | M] (Spigot, Inc.) [Auto | Running] -- C:\Program Files\Application Updater\ApplicationUpdater.exe -- (Application Updater) SRV - [2011.01.14 16:55:56 | 002,250,616 | ---- | M] (TeamViewer GmbH) [Auto | Running] -- C:\Program Files\TeamViewer\Version6\TeamViewer_Service.exe -- (TeamViewer6) SRV - [2010.09.06 19:56:38 | 000,247,096 | ---- | M] () [Auto | Running] -- C:\Program Files\ICQ6Toolbar\ICQ Service.exe -- (ICQ Service) SRV - [2010.07.06 17:03:00 | 000,173,352 | ---- | M] (TeamViewer GmbH) [Auto | Running] -- C:\Program Files\TeamViewer\Version5\TeamViewer_Service.exe -- (TeamViewer5) SRV - [2010.05.11 08:12:12 | 002,398,344 | ---- | M] (mobile concepts GmbH) [Auto | Running] -- C:\Program Files\S.A.D\CyberGhost VPN\CGVPNCliService.exe -- (CGVPNCliSrvc) SRV - [2010.03.10 23:38:04 | 000,655,624 | ---- | M] (Acresso Software Inc.) [On_Demand | Stopped] -- C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe -- (FLEXnet Licensing Service) SRV - [2010.02.19 13:37:14 | 000,517,096 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\Program Files\Common Files\Adobe\SwitchBoard\SwitchBoard.exe -- (SwitchBoard) SRV - [2009.12.20 00:00:00 | 006,095,504 | ---- | M] (MySQL AB) [Auto | Running] -- C:\xampp\mysql\bin\mysqld.exe -- (MySQL) SRV - [2009.12.20 00:00:00 | 000,029,416 | ---- | M] (Apache Software Foundation) [Auto | Running] -- C:\xampp\apache\bin\httpd.exe -- (Apache2.2) SRV - [2009.11.06 10:20:16 | 000,051,168 | ---- | M] (NOS Microsystems Ltd.) [On_Demand | Stopped] -- C:\Program Files\NOS\bin\getPlus_Helper.dll -- (getPlusHelper) getPlus(R) SRV - [2009.10.20 20:19:48 | 000,117,264 | ---- | M] (CACE Technologies, Inc.) [On_Demand | Stopped] -- C:\Program Files\WinPcap\rpcapd.exe -- (rpcapd) Remote Packet Capture Protocol v.0 (experimental) SRV - [2009.10.07 14:50:26 | 000,185,640 | ---- | M] (TeamViewer GmbH) [Auto | Running] -- C:\Program Files\TeamViewer\Version4\TeamViewer_Service.exe -- (TeamViewer4) SRV - [2009.08.27 18:09:10 | 001,253,376 | ---- | M] (MAGIX AG) [Unknown | Running] -- C:\Program Files\Common Files\MAGIX Services\Database\bin\FABS.exe -- (Fabs) SRV - [2009.08.18 03:36:08 | 000,176,128 | ---- | M] (AMD) [Auto | Running] -- C:\Windows\System32\atiesrxx.exe -- (AMD External Events Utility) SRV - [2009.07.21 14:34:28 | 000,185,089 | ---- | M] (Avira GmbH) [Auto | Running] -- C:\Program Files\Avira\AntiVir Desktop\avguard.exe -- (AntiVirService) SRV - [2009.07.14 03:16:13 | 000,025,088 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\sensrsvc.dll -- (SensrSvc) SRV - [2009.07.14 03:15:41 | 000,680,960 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend) SRV - [2009.05.13 16:48:18 | 000,108,289 | ---- | M] (Avira GmbH) [Auto | Running] -- C:\Program Files\Avira\AntiVir Desktop\sched.exe -- (AntiVirSchedulerService) SRV - [2008.08.07 12:10:02 | 003,276,800 | ---- | M] (MAGIX®) [On_Demand | Stopped] -- C:\Program Files\Common Files\MAGIX Services\Database\bin\fbserver.exe -- (FirebirdServerMAGIXInstance) ========== Driver Services (SafeList) ========== DRV - [2011.04.14 02:53:02 | 000,233,024 | ---- | M] (DT Soft Ltd) [Kernel | System | Running] -- C:\Windows\System32\drivers\dtsoftbus01.sys -- (dtsoftbus01) DRV - [2010.02.25 17:51:02 | 000,025,216 | ---- | M] (The OpenVPN Project) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\tap0901.sys -- (tap0901) DRV - [2009.12.07 17:44:46 | 000,056,816 | ---- | M] (Avira GmbH) [File_System | Auto | Running] -- C:\Windows\System32\drivers\avgntflt.sys -- (avgntflt) DRV - [2009.10.20 20:19:44 | 000,050,704 | ---- | M] (CACE Technologies, Inc.) [Kernel | Auto | Running] -- C:\Windows\System32\drivers\npf.sys -- (NPF) DRV - [2009.09.29 08:11:22 | 000,012,160 | ---- | M] (LG Electronics Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\lgbtport.sys -- (LgBttPort) DRV - [2009.09.29 08:11:20 | 000,012,928 | ---- | M] (LG Electronics Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\lgvmodem.sys -- (LGVMODEM) DRV - [2009.09.29 08:11:20 | 000,010,496 | ---- | M] (LG Electronics Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\lgbtbus.sys -- (lgbusenum) DRV - [2009.08.18 04:48:06 | 004,994,560 | ---- | M] (ATI Technologies Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\atikmdag.sys -- (atikmdag) DRV - [2009.07.14 01:51:11 | 000,034,944 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\winusb.sys -- (WinUsb) DRV - [2009.07.14 00:02:52 | 000,347,264 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\nvm62x32.sys -- (NVENETFD) DRV - [2009.05.11 10:12:20 | 000,028,520 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\Windows\System32\drivers\ssmdrv.sys -- (ssmdrv) DRV - [2009.03.30 10:33:03 | 000,096,104 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\Windows\System32\drivers\avipbb.sys -- (avipbb) DRV - [2009.03.18 17:35:40 | 000,026,176 | -H-- | M] (LogMeIn, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\hamachi.sys -- (hamachi) DRV - [2009.02.13 12:35:01 | 000,011,608 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\Program Files\Avira\AntiVir Desktop\avgio.sys -- (avgio) DRV - [2009.02.09 10:42:42 | 000,099,968 | ---- | M] (Guillemot Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\hxctlflt.sys -- (hxctlflt) DRV - [2008.11.19 17:09:10 | 000,024,832 | ---- | M] (LG Electronics Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\lgusbmodem.sys -- (USBModem) DRV - [2008.11.19 17:09:08 | 000,019,968 | ---- | M] (LG Electronics Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\lgusbdiag.sys -- (UsbDiag) DRV - [2008.11.19 17:09:08 | 000,013,056 | ---- | M] (LG Electronics Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\lgusbbus.sys -- (usbbus) DRV - [2008.09.26 12:30:54 | 000,651,264 | ---- | M] (Ralink Technology Corp.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\netr28u.sys -- (netr28u) DRV - [2008.07.10 03:49:14 | 000,242,712 | ---- | M] (Microsoft Corporation) [File_System | Disabled | Stopped] -- C:\Windows\System32\drivers\RsFx0102.sys -- (RsFx0102) DRV - [2008.01.14 12:06:32 | 000,021,632 | ---- | M] (ManyCam LLC.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\ManyCam.sys -- (ManyCam) DRV - [2007.12.08 08:28:08 | 000,140,320 | ---- | M] (NVIDIA Corporation) [Kernel | Boot | Running] -- C:\Windows\system32\DRIVERS\nvstor32.sys -- (nvstor32) DRV - [2007.10.12 16:53:10 | 000,013,312 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\nvsmu.sys -- (nvsmu) DRV - [2007.07.13 10:44:26 | 000,285,952 | ---- | M] (Akkord Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\BLvidv.sys -- (APL531) ========== Standard Registry (SafeList) ========== ========== Internet Explorer ========== IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http//www.msn.de/ IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = %SystemRoot%\system32\blank.htm IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = hxxp://start.facemoods.com/?a=ddr&s={searchTerms}&f=4 IE - HKLM\..\URLSearchHook: - Reg Error: Key error. File not found IE - HKLM\..\URLSearchHook: {542e4d79-1970-4e95-9862-fdb96f61b280} - C:\Program Files\Messenger_Plus_Live_Germany\tbMess.dll (Conduit Ltd.) IE - HKLM\..\URLSearchHook: {855F3B16-6D32-4fe6-8A56-BBB695989046} - C:\Program Files\ICQ6Toolbar\ICQToolBar.dll (ICQ) IE - HKLM\..\URLSearchHook: {cc05a3e3-64c3-4af2-bfc1-af0d66b69065} - C:\Program Files\softonic-de3\tbsoft.dll (Conduit Ltd.) IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.google.com IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://start.icq.com/ IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,StartPageCache = 1 IE - HKCU\..\URLSearchHook: - Reg Error: Key error. File not found IE - HKCU\..\URLSearchHook: {01398B87-61AF-4FFB-9AB5-1A1C5FB39A9C} - C:\Program Files\Dealio Toolbar\IE\4.3\dealioToolbarIE.dll (Spigot, Inc.) IE - HKCU\..\URLSearchHook: {542e4d79-1970-4e95-9862-fdb96f61b280} - C:\Program Files\Messenger_Plus_Live_Germany\tbMess.dll (Conduit Ltd.) IE - HKCU\..\URLSearchHook: {855F3B16-6D32-4fe6-8A56-BBB695989046} - C:\Program Files\ICQ6Toolbar\ICQToolBar.dll (ICQ) IE - HKCU\..\URLSearchHook: {cc05a3e3-64c3-4af2-bfc1-af0d66b69065} - C:\Program Files\softonic-de3\tbsoft.dll (Conduit Ltd.) IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local;<local> IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyServer" = 173.203.215.116:80 ========== FireFox ========== FF - prefs.js..browser.search.defaultenginename: "ICQ Search" FF - prefs.js..browser.search.defaultthis.engineName: "Messenger Plus Live Germany Customized Web Search" FF - prefs.js..browser.search.defaulturl: "hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT2567732&SearchSource=3&q={searchTerms}" FF - prefs.js..browser.search.param.yahoo-fr: "chr-greentree_ff&type=867034" FF - prefs.js..browser.search.selectedEngine: "Google" FF - prefs.js..browser.search.useDBForOrder: true FF - prefs.js..browser.startup.homepage: "hxxp://start.icq.com/" FF - prefs.js..extensions.enabledItems: de-DE@dictionaries.addons.mozilla.org:2.0.1 FF - prefs.js..extensions.enabledItems: {b9db16a4-6edc-47ec-a1f4-b86292ed211d}:4.8.1 FF - prefs.js..extensions.enabledItems: StrataBuddy@ReduxTeam:0.6.2 FF - prefs.js..extensions.enabledItems: {d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}:1.2.1 FF - prefs.js..extensions.enabledItems: {542e4d79-1970-4e95-9862-fdb96f61b280}:2.6.0.15 FF - prefs.js..extensions.enabledItems: {dc572301-7619-498c-a57d-39143191b318}:0.3.8.4 FF - prefs.js..extensions.enabledItems: personas@christopher.beard:1.5.3 FF - prefs.js..extensions.enabledItems: {ACAA314B-EEBA-48e4-AD47-84E31C44796C}:1.0.1 FF - prefs.js..extensions.enabledItems: firebug@software.joehewitt.com:1.5.4 FF - prefs.js..extensions.enabledItems: firecookie@janodvarko.cz:1.0.2 FF - prefs.js..extensions.enabledItems: {ED0CF0C8-62F1-4865-A3FD-2E2A2B50FAFA}:1.0 FF - prefs.js..extensions.enabledItems: wtxpcom@mybrowserbar.com:4.3 FF - prefs.js..extensions.enabledItems: {b749fc7c-e949-447f-926c-3f4eed6accfe}:0.6.9 FF - prefs.js..extensions.enabledItems: quickstores@quickstores.de:1.2.0 FF - prefs.js..extensions.enabledItems: furnicheck@habbotimes.net:0.9.6 FF - prefs.js..extensions.enabledItems: {d62e0de0-401b-11dd-ae16-0800200c9a66}:4.5.4 FF - prefs.js..extensions.enabledItems: stratareloaded@addons.mozilla.org:2.4.0 FF - prefs.js..keyword.URL: "hxxp://search.icq.com/search/afe_results.php?ch_id=afex&q=" FF - prefs.js..network.proxy.type: 0 FF - HKLM\software\mozilla\Mozilla Firefox 3.6.16\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2011.04.21 03:43:00 | 000,000,000 | ---D | M] FF - HKLM\software\mozilla\Mozilla Firefox 3.6.16\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2011.04.16 15:39:58 | 000,000,000 | ---D | M] [2010.01.12 18:00:37 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Benutzer\AppData\Roaming\mozilla\Extensions [2011.04.23 23:00:51 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Benutzer\AppData\Roaming\mozilla\Firefox\Profiles\huncckhy.default\extensions [2010.07.25 16:59:47 | 000,000,000 | ---D | M] (Microsoft .NET Framework Assistant) -- C:\Users\Benutzer\AppData\Roaming\mozilla\Firefox\Profiles\huncckhy.default\extensions\{20a82645-c095-46ed-80e3-08825760534b} [2010.06.12 22:44:39 | 000,000,000 | ---D | M] (Messenger Plus Live Germany Toolbar) -- C:\Users\Benutzer\AppData\Roaming\mozilla\Firefox\Profiles\huncckhy.default\extensions\{542e4d79-1970-4e95-9862-fdb96f61b280} [2011.03.14 02:40:59 | 000,000,000 | ---D | M] ("ICQ Toolbar") -- C:\Users\Benutzer\AppData\Roaming\mozilla\Firefox\Profiles\huncckhy.default\extensions\{800b5000-a755-47e1-992b-48a1c1357f07} [2010.08.16 00:05:52 | 000,000,000 | ---D | M] ("DVDVideoSoft Menu") -- C:\Users\Benutzer\AppData\Roaming\mozilla\Firefox\Profiles\huncckhy.default\extensions\{ACAA314B-EEBA-48e4-AD47-84E31C44796C} [2011.02.07 04:12:34 | 000,000,000 | ---D | M] (Modify Headers) -- C:\Users\Benutzer\AppData\Roaming\mozilla\Firefox\Profiles\huncckhy.default\extensions\{b749fc7c-e949-447f-926c-3f4eed6accfe} [2010.12.20 17:48:14 | 000,000,000 | ---D | M] (DownloadHelper) -- C:\Users\Benutzer\AppData\Roaming\mozilla\Firefox\Profiles\huncckhy.default\extensions\{b9db16a4-6edc-47ec-a1f4-b86292ed211d} [2010.07.25 16:59:30 | 000,000,000 | ---D | M] (Adblock Plus) -- C:\Users\Benutzer\AppData\Roaming\mozilla\Firefox\Profiles\huncckhy.default\extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d} [2010.03.01 21:31:49 | 000,000,000 | ---D | M] (AvantGarde Skylight) -- C:\Users\Benutzer\AppData\Roaming\mozilla\Firefox\Profiles\huncckhy.default\extensions\{d62e0de0-401b-11dd-ae16-0800200c9a66} [2010.07.28 11:05:25 | 000,000,000 | ---D | M] ("Tab Mix Plus") -- C:\Users\Benutzer\AppData\Roaming\mozilla\Firefox\Profiles\huncckhy.default\extensions\{dc572301-7619-498c-a57d-39143191b318} [2010.02.20 15:39:51 | 000,000,000 | ---D | M] (German Dictionary) -- C:\Users\Benutzer\AppData\Roaming\mozilla\Firefox\Profiles\huncckhy.default\extensions\de-DE@dictionaries.addons.mozilla.org [2010.09.08 20:50:02 | 000,000,000 | ---D | M] (Firebug) -- C:\Users\Benutzer\AppData\Roaming\mozilla\Firefox\Profiles\huncckhy.default\extensions\firebug@software.joehewitt.com [2010.09.29 22:37:55 | 000,000,000 | ---D | M] (Firecookie) -- C:\Users\Benutzer\AppData\Roaming\mozilla\Firefox\Profiles\huncckhy.default\extensions\firecookie@janodvarko.cz [2011.04.13 04:42:25 | 000,000,000 | ---D | M] ("HabboTimes Preisliste") -- C:\Users\Benutzer\AppData\Roaming\mozilla\Firefox\Profiles\huncckhy.default\extensions\furnicheck@habbotimes.net [2010.07.28 11:10:20 | 000,000,000 | ---D | M] (Personas) -- C:\Users\Benutzer\AppData\Roaming\mozilla\Firefox\Profiles\huncckhy.default\extensions\personas@christopher.beard [2011.04.13 04:42:25 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Benutzer\AppData\Roaming\mozilla\Firefox\Profiles\huncckhy.default\extensions\staged-xpis [2010.07.25 16:59:46 | 000,000,000 | ---D | M] (StrataBuddy) -- C:\Users\Benutzer\AppData\Roaming\mozilla\Firefox\Profiles\huncckhy.default\extensions\StrataBuddy@ReduxTeam [2010.07.25 16:59:43 | 000,000,000 | ---D | M] (Strata RELOADED) -- C:\Users\Benutzer\AppData\Roaming\mozilla\Firefox\Profiles\huncckhy.default\extensions\stratareloaded@addons.mozilla.org [2010.07.25 16:59:43 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Benutzer\AppData\Roaming\mozilla\Firefox\Profiles\huncckhy.default\extensions\stratareloaded@addons.mozilla.org\chrome\3.0x\mozapps\extensions [2010.07.25 16:59:43 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Benutzer\AppData\Roaming\mozilla\Firefox\Profiles\huncckhy.default\extensions\stratareloaded@addons.mozilla.org\chrome\3.5x\mozapps\extensions [2010.07.25 16:59:43 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Benutzer\AppData\Roaming\mozilla\Firefox\Profiles\huncckhy.default\extensions\stratareloaded@addons.mozilla.org\chrome\3.6x\mozapps\extensions [2010.07.25 16:59:43 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Benutzer\AppData\Roaming\mozilla\Firefox\Profiles\huncckhy.default\extensions\stratareloaded@addons.mozilla.org\chrome\4.0x\mozapps\extensions [2009.11.28 20:58:40 | 000,002,171 | ---- | M] () -- C:\Users\Benutzer\AppData\Roaming\Mozilla\Firefox\Profiles\huncckhy.default\searchplugins\bing.xml [2010.04.21 12:07:06 | 000,000,957 | ---- | M] () -- C:\Users\Benutzer\AppData\Roaming\Mozilla\Firefox\Profiles\huncckhy.default\searchplugins\conduit.xml [2011.04.23 13:46:40 | 000,000,950 | ---- | M] () -- C:\Users\Benutzer\AppData\Roaming\Mozilla\Firefox\Profiles\huncckhy.default\searchplugins\icqplugin-1.xml [2010.08.07 15:59:55 | 000,000,950 | ---- | M] () -- C:\Users\Benutzer\AppData\Roaming\Mozilla\Firefox\Profiles\huncckhy.default\searchplugins\icqplugin-10.xml [2010.09.17 11:26:46 | 000,000,950 | ---- | M] () -- C:\Users\Benutzer\AppData\Roaming\Mozilla\Firefox\Profiles\huncckhy.default\searchplugins\icqplugin-11.xml [2010.10.18 16:22:04 | 000,000,950 | ---- | M] () -- C:\Users\Benutzer\AppData\Roaming\Mozilla\Firefox\Profiles\huncckhy.default\searchplugins\icqplugin-12.xml [2010.10.25 01:14:33 | 000,000,950 | ---- | M] () -- C:\Users\Benutzer\AppData\Roaming\Mozilla\Firefox\Profiles\huncckhy.default\searchplugins\icqplugin-13.xml [2010.10.29 22:24:33 | 000,000,950 | ---- | M] () -- C:\Users\Benutzer\AppData\Roaming\Mozilla\Firefox\Profiles\huncckhy.default\searchplugins\icqplugin-14.xml [2010.12.09 22:08:33 | 000,000,950 | ---- | M] () -- C:\Users\Benutzer\AppData\Roaming\Mozilla\Firefox\Profiles\huncckhy.default\searchplugins\icqplugin-15.xml [2010.01.12 18:24:50 | 000,000,961 | ---- | M] () -- C:\Users\Benutzer\AppData\Roaming\Mozilla\Firefox\Profiles\huncckhy.default\searchplugins\icqplugin-2.xml [2010.03.16 13:26:47 | 000,000,950 | ---- | M] () -- C:\Users\Benutzer\AppData\Roaming\Mozilla\Firefox\Profiles\huncckhy.default\searchplugins\icqplugin-3.xml [2010.03.23 17:31:14 | 000,000,950 | ---- | M] () -- C:\Users\Benutzer\AppData\Roaming\Mozilla\Firefox\Profiles\huncckhy.default\searchplugins\icqplugin-4.xml [2010.03.24 17:54:55 | 000,000,950 | ---- | M] () -- C:\Users\Benutzer\AppData\Roaming\Mozilla\Firefox\Profiles\huncckhy.default\searchplugins\icqplugin-5.xml [2010.06.19 14:47:33 | 000,000,950 | ---- | M] () -- C:\Users\Benutzer\AppData\Roaming\Mozilla\Firefox\Profiles\huncckhy.default\searchplugins\icqplugin-6.xml [2010.07.06 13:23:43 | 000,000,950 | ---- | M] () -- C:\Users\Benutzer\AppData\Roaming\Mozilla\Firefox\Profiles\huncckhy.default\searchplugins\icqplugin-7.xml [2010.07.10 14:33:32 | 000,000,950 | ---- | M] () -- C:\Users\Benutzer\AppData\Roaming\Mozilla\Firefox\Profiles\huncckhy.default\searchplugins\icqplugin-8.xml [2010.07.24 20:43:03 | 000,000,950 | ---- | M] () -- C:\Users\Benutzer\AppData\Roaming\Mozilla\Firefox\Profiles\huncckhy.default\searchplugins\icqplugin-9.xml [2010.05.12 18:40:48 | 000,001,042 | ---- | M] () -- C:\Users\Benutzer\AppData\Roaming\Mozilla\Firefox\Profiles\huncckhy.default\searchplugins\icqplugin.xml [2011.04.23 21:16:39 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\extensions [2010.01.12 17:50:34 | 000,000,000 | ---D | M] ("ICQ Toolbar") -- C:\Program Files\Mozilla Firefox\extensions\{800b5000-a755-47e1-992b-48a1c1357f07} [2011.02.09 03:03:47 | 000,000,000 | ---D | M] (QuickStores-Toolbar) -- C:\Program Files\Mozilla Firefox\extensions\quickstores@quickstores.de [2011.02.20 00:13:19 | 000,000,000 | ---D | M] (Widgi Toolbar Platform) -- C:\PROGRAM FILES\COMMON FILES\SPIGOT\WTXPCOM [2010.11.09 14:33:38 | 000,000,000 | ---D | M] (Java String Helper) -- C:\USERS\BENUTZER\APPDATA\ROAMING\5008 [2010.12.03 20:14:08 | 000,001,392 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\amazondotcom-de.xml [2010.12.03 20:14:08 | 000,002,344 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\eBay-de.xml [2011.02.28 21:31:03 | 000,002,046 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\fcmdSrchddr.xml [2010.12.03 20:14:08 | 000,006,805 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\leo_ende_de.xml [2010.12.03 20:14:08 | 000,001,178 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\wikipedia-de.xml [2010.12.03 20:14:08 | 000,001,105 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\yahoo-de.xml O1 HOSTS File: ([2010.06.16 15:00:19 | 000,001,345 | ---- | M]) - C:\Windows\System32\drivers\etc\hosts O1 - Hosts: 127.0.0.1 activate.adobe.com O1 - Hosts: 127.0.0.1 adobe.activate.com O1 - Hosts: 127.0.0.1 practivate.adobe.com O1 - Hosts: 127.0.0.1 ereg.adobe.com O1 - Hosts: 127.0.0.1 adobeereg.com O1 - Hosts: 127.0.0.1 activate.wip3.adobe.com O1 - Hosts: 127.0.0.1 wip3.adobe.com O1 - Hosts: 127.0.0.1 3dns-3.adobe.com O1 - Hosts: 127.0.0.1 3dns-2.adobe.com O1 - Hosts: 127.0.0.1 adobe-dns.adobe.com O1 - Hosts: 127.0.0.1 adobe-dns-2.adobe.com O1 - Hosts: 127.0.0.1 adobe-dns-3.adobe.com O1 - Hosts: 127.0.0.1 ereg.wip3.adobe.com O1 - Hosts: 127.0.0.1 activate-sea.adobe.com O1 - Hosts: 127.0.0.1 wwis-dubc1-vip60.adobe.com O1 - Hosts: 127.0.0.1 activate-sjc0.adobe.com O1 - Hosts: 127.0.0.1 wwis-dubc1-vip60.adobe.com O2 - BHO: (Dealio Toolbar) - {01398B87-61AF-4FFB-9AB5-1A1C5FB39A9C} - C:\Program Files\Dealio Toolbar\IE\4.3\dealioToolbarIE.dll (Spigot, Inc.) O2 - BHO: (Messenger Plus Live Germany Toolbar) - {542e4d79-1970-4e95-9862-fdb96f61b280} - C:\Program Files\Messenger_Plus_Live_Germany\tbMess.dll (Conduit Ltd.) O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - No CLSID value found. O2 - BHO: (CescrtHlpr Object) - {64182481-4F71-486b-A045-B233BD0DA8FC} - C:\Program Files\facemoods.com\facemoods\1.4.17.5\bh\facemoods.dll (facemoods.com BHO) O2 - BHO: (softonic-de3 Toolbar) - {cc05a3e3-64c3-4af2-bfc1-af0d66b69065} - C:\Program Files\softonic-de3\tbsoft.dll (Conduit Ltd.) O2 - BHO: (Ask Toolbar) - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files\Ask.com\GenericAskToolbar.dll (Ask) O3 - HKLM\..\Toolbar: (Dealio Toolbar) - {01398B87-61AF-4FFB-9AB5-1A1C5FB39A9C} - C:\Program Files\Dealio Toolbar\IE\4.3\dealioToolbarIE.dll (Spigot, Inc.) O3 - HKLM\..\Toolbar: (Messenger Plus Live Germany Toolbar) - {542e4d79-1970-4e95-9862-fdb96f61b280} - C:\Program Files\Messenger_Plus_Live_Germany\tbMess.dll (Conduit Ltd.) O3 - HKLM\..\Toolbar: (ICQToolBar) - {855F3B16-6D32-4FE6-8A56-BBB695989046} - C:\Program Files\ICQ6Toolbar\ICQToolBar.dll (ICQ) O3 - HKLM\..\Toolbar: (softonic-de3 Toolbar) - {cc05a3e3-64c3-4af2-bfc1-af0d66b69065} - C:\Program Files\softonic-de3\tbsoft.dll (Conduit Ltd.) O3 - HKLM\..\Toolbar: (Ask Toolbar) - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files\Ask.com\GenericAskToolbar.dll (Ask) O3 - HKLM\..\Toolbar: (facemoods Toolbar) - {DB4E9724-F518-4dfd-9C7C-78B52103CAB9} - C:\Program Files\facemoods.com\facemoods\1.4.17.5\facemoodsTlbr.dll (facemoods.com) O3 - HKCU\..\Toolbar\ShellBrowser: (no name) - {AD55C869-668E-457C-B270-0CFB2F61116F} - No CLSID value found. O3 - HKCU\..\Toolbar\WebBrowser: (Messenger Plus Live Germany Toolbar) - {542E4D79-1970-4E95-9862-FDB96F61B280} - C:\Program Files\Messenger_Plus_Live_Germany\tbMess.dll (Conduit Ltd.) O3 - HKCU\..\Toolbar\WebBrowser: (softonic-de3 Toolbar) - {CC05A3E3-64C3-4AF2-BFC1-AF0D66B69065} - C:\Program Files\softonic-de3\tbsoft.dll (Conduit Ltd.) O3 - HKCU\..\Toolbar\WebBrowser: (Ask Toolbar) - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files\Ask.com\GenericAskToolbar.dll (Ask) O4 - HKLM..\Run: [] File not found O4 - HKLM..\Run: [AdobeCS4ServiceManager] C:\Program Files\Common Files\Adobe\CS4ServiceManager\CS4ServiceManager.exe (Adobe Systems Incorporated) O4 - HKLM..\Run: [AdobeCS5ServiceManager] C:\Program Files\Common Files\Adobe\CS5ServiceManager\CS5ServiceManager.exe (Adobe Systems Incorporated) O4 - HKLM..\Run: [avgnt] C:\Program Files\Avira\AntiVir Desktop\avgnt.exe (Avira GmbH) O4 - HKLM..\Run: [CamserviceBlog] C:\Program Files\Hercules\Blog Webcam\XtrCtrl.exe (Guillemot Corporation S.A.) O4 - HKLM..\Run: [DivXUpdate] C:\Program Files\DivX\DivX Update\DivXUpdate.exe () O4 - HKLM..\Run: [Google EULA Launcher] C:\Program Files\Google\Google EULA\GoogleEULALauncher.exe (Google) O4 - HKLM..\Run: [HerculesCamService] C:\Program Files\Hercules\Hercules Blog Webcam\CamService.exe (Guillemot Corporation S.A.) O4 - HKLM..\Run: [LogMeIn Hamachi Ui] C:\Program Files\LogMeIn Hamachi\hamachi-2-ui.exe (LogMeIn Inc.) O4 - HKLM..\Run: [RtHDVCpl] C:\Windows\RtHDVCpl.exe (Realtek Semiconductor) O4 - HKLM..\Run: [SearchSettings] C:\Program Files\Common Files\Spigot\Search Settings\SearchSettings.exe (Spigot, Inc.) O4 - HKLM..\Run: [SwitchBoard] C:\Program Files\Common Files\Adobe\SwitchBoard\SwitchBoard.exe (Adobe Systems Incorporated) O4 - HKLM..\Run: [WinGuard Pro] File not found O4 - HKCU..\Run: [AdobeBridge] File not found O4 - HKCU..\Run: [DAEMON Tools Pro Agent] C:\Program Files\DAEMON Tools Pro\DTAgent.exe (DT Soft Ltd) O4 - HKCU..\Run: [ICQ] C:\Program Files\ICQ7.4\ICQ.exe (ICQ, LLC.) O4 - HKCU..\Run: [ManyCam] C:\Program Files\ManyCam\Bin\ManyCam.exe (ManyCam LLC) O4 - HKCU..\Run: [syscheckrt.exe] File not found O4 - HKCU..\Run: [Userinit] File not found O4 - Startup: C:\Users\Benutzer\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\DestroyTwitter.lnk = File not found O4 - Startup: C:\Users\Benutzer\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\ERUNT AutoBackup.lnk = C:\Program Files\ERUNT\AUTOBACK.EXE () O4 - Startup: C:\Users\Benutzer\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OpenOffice.org 3.0.lnk = C:\Program Files\OpenOffice.org 3\program\quickstart.exe () O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 0 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableLUA = 0 O8 - Extra context menu item: Free YouTube to Mp3 Converter - C:\Users\Benutzer\AppData\Roaming\DVDVideoSoftIEHelpers\youtubetomp3.htm () O8 - Extra context menu item: Google Sidewiki... - C:\Program Files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_60D6097707281E79.dll (Google Inc.) O9 - Extra Button: eBay - Der weltweite Online-Marktplatz - {0B65DCC9-1740-43dc-B19C-4F309FB6A6CA} - File not found O9 - Extra 'Tools' menuitem : eBay - {0B65DCC9-1740-43dc-B19C-4F309FB6A6CA} - File not found O9 - Extra Button: ICQ7.4 - {73C6DCFB-B606-47F3-BDFA-9A4FBF931E37} - C:\Program Files\ICQ7.4\ICQ.exe (ICQ, LLC.) O9 - Extra 'Tools' menuitem : ICQ7.4 - {73C6DCFB-B606-47F3-BDFA-9A4FBF931E37} - C:\Program Files\ICQ7.4\ICQ.exe (ICQ, LLC.) O9 - Extra Button: Fiddler2 - {CF819DA3-9882-4944-ADF5-6EF17ECF3C6E} - C:\Program Files\Fiddler2\Fiddler.exe (Eric Lawrence) O9 - Extra 'Tools' menuitem : Fiddler2 - {CF819DA3-9882-4944-ADF5-6EF17ECF3C6E} - C:\Program Files\Fiddler2\Fiddler.exe (Eric Lawrence) O10 - NameSpace_Catalog5\Catalog_Entries\000000000007 [] - C:\Windows\System32\PrxerNsp.dll (Initex Software) O10 - NameSpace_Catalog5\Catalog_Entries\000000000010 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.) O10 - Protocol_Catalog9\Catalog_Entries\000000000001 - C:\Windows\System32\PrxerDrv.dll (Initex Software) O10 - Protocol_Catalog9\Catalog_Entries\000000000012 - C:\Windows\System32\PrxerDrv.dll (Initex Software) O13 - gopher Prefix: missing O15 - HKCU\..Trusted Domains: localhost ([]http in Local intranet) O15 - HKCU\..Trusted Ranges: GD ([http] in Local intranet) O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_16-windows-i586.cab (Java Plug-in 1.6.0_16) O16 - DPF: {CAFEEFAC-0016-0000-0016-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_16-windows-i586.cab (Java Plug-in 1.6.0_16) O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_16-windows-i586.cab (Java Plug-in 1.6.0_16) O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.2.1 O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files\Common Files\Skype\Skype4COM.dll (Skype Technologies) O20 - AppInit_DLLs: (C:\PROGRA~1\Google\GOOGLE~1\GO36F4~1.DLL) - C:\Program Files\Google\Google Desktop Search\GoogleDesktopNetwork3.dll (Google) O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation) O20 - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\Windows\System32\SystemPropertiesPerformance.exe (Microsoft Corporation) O20 - HKLM Winlogon: VMApplet - (/pagefile) - File not found O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - CLSID or File not found. O24 - Desktop WallPaper: C:\Users\Benutzer\AppData\Roaming\Mozilla\Firefox\Desktop-Hintergrund.bmp O24 - Desktop BackupWallPaper: C:\Users\Benutzer\AppData\Roaming\Mozilla\Firefox\Desktop-Hintergrund.bmp O32 - HKLM CDRom: AutoRun - 1 O32 - AutoRun File - [2009.06.10 23:42:20 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ] O33 - MountPoints2\{dacc9c88-9e21-11df-919d-f0424f2352e1}\Shell - "" = AutoRun O33 - MountPoints2\{dacc9c88-9e21-11df-919d-f0424f2352e1}\Shell\AutoRun\command - "" = F:\USBAutoRun.exe O34 - HKLM BootExecute: (autocheck autochk *) - File not found O35 - HKLM\..comfile [open] -- "%1" %* O35 - HKLM\..exefile [open] -- "%1" %* O37 - HKLM\...com [@ = comfile] -- "%1" %* O37 - HKLM\...exe [@ = exefile] -- "%1" %* NetSvcs: FastUserSwitchingCompatibility - File not found NetSvcs: Ias - File not found NetSvcs: Nla - File not found NetSvcs: Ntmssvc - File not found NetSvcs: NWCWorkstation - File not found NetSvcs: Nwsapagent - File not found NetSvcs: SRService - File not found NetSvcs: WmdmPmSp - File not found NetSvcs: LogonHours - File not found NetSvcs: PCAudit - File not found NetSvcs: helpsvc - File not found NetSvcs: uploadmgr - File not found MsConfig - StartUpReg: AdobeAAMUpdater-1.0 - hkey= - key= - C:\Program Files\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe (Adobe Systems Incorporated) MsConfig - StartUpReg: DeLuXe Screenshot Assistant - hkey= - key= - File not found MsConfig - StartUpReg: EA Core - hkey= - key= - File not found MsConfig - StartUpReg: facemoods - hkey= - key= - C:\Program Files\facemoods.com\facemoods\1.4.17.5\facemoodssrv.exe (facemoods.com) MsConfig - StartUpReg: iTunesHelper - hkey= - key= - C:\Program Files\iTunes\iTunesHelper.exe (Apple Inc.) MsConfig - StartUpReg: jdsfjsdijf.exe - hkey= - key= - File not found MsConfig - StartUpReg: malacuxatx.exe - hkey= - key= - File not found MsConfig - StartUpReg: ONWERETETR.exe - hkey= - key= - File not found MsConfig - StartUpReg: portwexexe.exe - hkey= - key= - File not found MsConfig - StartUpReg: RGSC - hkey= - key= - C:\Program Files\Steam\steamapps\common\grand theft auto iv\RGSC\RGSCLauncher.exe (Take-Two Interactive Software, Inc.) MsConfig - StartUpReg: Skype - hkey= - key= - C:\Program Files\Skype\Phone\Skype.exe (Skype Technologies S.A.) MsConfig - StartUpReg: Steam - hkey= - key= - C:\Program Files\Steam\steam.exe (Valve Corporation) MsConfig - StartUpReg: TrayServer - hkey= - key= - C:\Program Files\MAGIX\Video_deluxe_17_Premium_Download-Version\Trayserver.exe (MAGIX AG) MsConfig - StartUpReg: {A3F70800-2328-7984-CEB4-633B74F4D1D0} - hkey= - key= - File not found MsConfig - State: "startup" - 2 ========== Files/Folders - Created Within 30 Days ========== [2011.04.24 09:52:57 | 000,000,000 | ---D | C] -- C:\Windows\ERDNT [2011.04.24 09:51:57 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programme\ERUNT [2011.04.24 09:51:57 | 000,000,000 | ---D | C] -- C:\Program Files\ERUNT [2011.04.24 09:36:17 | 000,791,393 | ---- | C] (Lars Hederer ) -- C:\Users\Benutzer\Desktop\Erunt-setup.exe [2011.04.24 09:36:17 | 000,580,608 | ---- | C] (OldTimer Tools) -- C:\Users\Benutzer\Desktop\OTL.exe [2011.04.24 09:36:17 | 000,446,464 | ---- | C] (OldTimer Tools) -- C:\Users\Benutzer\Desktop\TFC.exe [2011.04.24 06:59:54 | 000,000,000 | ---D | C] -- C:\Users\Benutzer\Desktop\jb homepage [2011.04.24 05:40:30 | 000,000,000 | ---D | C] -- C:\Users\Benutzer\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Bapuli Online [2011.04.24 05:40:14 | 000,000,000 | ---D | C] -- C:\Users\Benutzer\AppData\Local\Deployment [2011.04.24 05:40:14 | 000,000,000 | ---D | C] -- C:\Users\Benutzer\AppData\Local\Apps [2011.04.24 05:39:56 | 000,000,000 | ---D | C] -- C:\Users\Benutzer\Desktop\setup [2011.04.24 04:13:38 | 000,000,000 | ---D | C] -- C:\Users\Benutzer\Desktop\fashionnistaaa [2011.04.16 15:41:35 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programme\iTunes [2011.04.16 15:40:50 | 000,000,000 | ---D | C] -- C:\Program Files\iPod [2011.04.16 15:40:49 | 000,000,000 | ---D | C] -- C:\Program Files\iTunes [2011.04.16 15:39:52 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programme\QuickTime [2011.04.16 15:38:44 | 000,000,000 | ---D | C] -- C:\Program Files\Apple Software Update [2011.04.16 15:37:44 | 000,000,000 | ---D | C] -- C:\Program Files\Bonjour [2011.04.14 13:52:08 | 000,000,000 | ---D | C] -- C:\Users\Benutzer\The.Sims.3.Ambitions-ViTALiTY [2011.04.14 02:53:02 | 000,233,024 | ---- | C] (DT Soft Ltd) -- C:\Windows\System32\drivers\dtsoftbus01.sys [2011.04.14 02:52:58 | 000,000,000 | ---D | C] -- C:\Program Files\DAEMON Tools Pro [2011.04.14 02:52:40 | 000,000,000 | ---D | C] -- C:\Users\Benutzer\AppData\Roaming\DAEMON Tools Pro [2011.04.14 02:52:40 | 000,000,000 | ---D | C] -- C:\ProgramData\DAEMON Tools Pro [2011.04.10 20:15:40 | 000,000,000 | ---D | C] -- C:\Users\Benutzer\AppData\Local\LogMeIn Hamachi [2011.04.10 20:15:10 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programme\LogMeIn Hamachi [2011.04.10 20:15:09 | 000,000,000 | ---D | C] -- C:\Program Files\LogMeIn Hamachi [2011.04.05 21:02:17 | 000,000,000 | ---D | C] -- C:\Users\Benutzer\AppData\Roaming\.minecraft [1 C:\Users\Benutzer\AppData\Roaming\*.tmp files -> C:\Users\Benutzer\AppData\Roaming\*.tmp -> ] ========== Files - Modified Within 30 Days ========== [2011.04.24 09:55:10 | 000,010,896 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0 [2011.04.24 09:55:10 | 000,010,896 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0 [2011.04.24 09:52:09 | 000,001,042 | ---- | M] () -- C:\Users\Benutzer\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\ERUNT AutoBackup.lnk [2011.04.24 09:51:57 | 000,000,862 | ---- | M] () -- C:\Users\Benutzer\Desktop\NTREGOPT.lnk [2011.04.24 09:51:57 | 000,000,843 | ---- | M] () -- C:\Users\Benutzer\Desktop\ERUNT.lnk [2011.04.24 09:48:15 | 000,001,096 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job [2011.04.24 09:47:45 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat [2011.04.24 09:47:34 | 1610,063,872 | -HS- | M] () -- C:\hiberfil.sys [2011.04.24 09:36:26 | 000,301,568 | ---- | M] () -- C:\Users\Benutzer\Desktop\g2m3e4r.exe [2011.04.24 09:36:24 | 000,791,393 | ---- | M] (Lars Hederer ) -- C:\Users\Benutzer\Desktop\Erunt-setup.exe [2011.04.24 09:36:21 | 000,580,608 | ---- | M] (OldTimer Tools) -- C:\Users\Benutzer\Desktop\OTL.exe [2011.04.24 09:36:20 | 000,446,464 | ---- | M] (OldTimer Tools) -- C:\Users\Benutzer\Desktop\TFC.exe [2011.04.24 09:35:00 | 000,001,100 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job [2011.04.24 09:32:12 | 000,377,260 | ---- | M] () -- C:\Users\Benutzer\Desktop\Load.exe [2011.04.24 09:01:15 | 000,230,584 | ---- | M] () -- C:\Users\Benutzer\Desktop\task.png [2011.04.24 09:01:14 | 000,000,132 | ---- | M] () -- C:\Users\Benutzer\AppData\Roaming\Adobe PNG Format CS5 Prefs [2011.04.24 07:44:11 | 000,001,456 | ---- | M] () -- C:\Users\Benutzer\AppData\Local\Adobe Für Web speichern 12.0 Prefs [2011.04.24 07:41:45 | 000,001,752 | ---- | M] () -- C:\Users\Benutzer\Desktop\index.html [2011.04.23 23:46:14 | 000,000,069 | ---- | M] () -- C:\Windows\NeroDigital.ini [2011.04.23 17:21:36 | 000,070,933 | ---- | M] () -- C:\Users\Benutzer\Desktop\Bewerbung von Fabian100x.pdf [2011.04.22 23:04:30 | 010,023,791 | ---- | M] () -- C:\Users\Benutzer\Desktop\Beyonce - If I Were A Boy.mp3 [2011.04.21 18:28:48 | 000,000,109 | ---- | M] () -- C:\Windows\GMouse.ini [2011.04.20 15:22:52 | 000,761,444 | ---- | M] () -- C:\Windows\System32\perfh007.dat [2011.04.20 15:22:52 | 000,716,762 | ---- | M] () -- C:\Windows\System32\perfh009.dat [2011.04.20 15:22:52 | 000,171,830 | ---- | M] () -- C:\Windows\System32\perfc007.dat [2011.04.20 15:22:52 | 000,144,784 | ---- | M] () -- C:\Windows\System32\perfc009.dat [2011.04.16 21:39:32 | 009,124,672 | ---- | M] () -- C:\Users\Benutzer\Desktop\lol.psd [2011.04.16 16:24:13 | 010,005,794 | R--- | M] () -- C:\Users\Benutzer\Desktop\Lady%20Gaga-%20Judas.mp3 [2011.04.14 05:39:39 | 000,294,552 | ---- | M] () -- C:\Windows\System32\FNTCACHE.DAT [2011.04.14 05:13:15 | 005,251,200 | ---- | M] () -- C:\Users\Benutzer\Desktop\Sebastian singt Hallelujah in der 6 DSDS-Mottoshow.mp3 [2011.04.14 02:53:02 | 000,233,024 | ---- | M] (DT Soft Ltd) -- C:\Windows\System32\drivers\dtsoftbus01.sys [2011.03.31 15:35:33 | 004,741,511 | R--- | M] () -- C:\Users\Benutzer\Desktop\Justin Bieber - Born to be Somebody.mp3 [2011.03.31 15:04:40 | 002,943,652 | ---- | M] () -- C:\Users\Benutzer\Desktop\Willow Smith - 21st Century Girl.mp3 [2011.03.31 15:04:17 | 007,401,863 | ---- | M] () -- C:\Users\Benutzer\Desktop\Justin Bieber - Dr Bieber.mp3 [2011.03.25 21:34:52 | 000,051,340 | -H-- | M] () -- C:\Windows\System32\mlfcache.dat [1 C:\Users\Benutzer\AppData\Roaming\*.tmp files -> C:\Users\Benutzer\AppData\Roaming\*.tmp -> ] ========== Files Created - No Company Name ========== [2011.04.24 09:52:09 | 000,001,042 | ---- | C] () -- C:\Users\Benutzer\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\ERUNT AutoBackup.lnk [2011.04.24 09:51:57 | 000,000,862 | ---- | C] () -- C:\Users\Benutzer\Desktop\NTREGOPT.lnk [2011.04.24 09:51:57 | 000,000,843 | ---- | C] () -- C:\Users\Benutzer\Desktop\ERUNT.lnk [2011.04.24 09:36:18 | 000,301,568 | ---- | C] () -- C:\Users\Benutzer\Desktop\g2m3e4r.exe [2011.04.24 09:31:58 | 000,377,260 | ---- | C] () -- C:\Users\Benutzer\Desktop\Load.exe [2011.04.24 09:01:13 | 000,230,584 | ---- | C] () -- C:\Users\Benutzer\Desktop\task.png [2011.04.24 07:41:45 | 000,001,752 | ---- | C] () -- C:\Users\Benutzer\Desktop\index.html [2011.04.23 17:21:36 | 000,070,933 | ---- | C] () -- C:\Users\Benutzer\Desktop\Bewerbung von Fabian100x.pdf [2011.04.22 23:03:55 | 010,023,791 | ---- | C] () -- C:\Users\Benutzer\Desktop\Beyonce - If I Were A Boy.mp3 [2011.04.16 21:39:28 | 009,124,672 | ---- | C] () -- C:\Users\Benutzer\Desktop\lol.psd [2011.04.16 16:24:13 | 010,005,794 | R--- | C] () -- C:\Users\Benutzer\Desktop\Lady%20Gaga-%20Judas.mp3 [2011.04.14 05:13:06 | 005,251,200 | ---- | C] () -- C:\Users\Benutzer\Desktop\Sebastian singt Hallelujah in der 6 DSDS-Mottoshow.mp3 [2011.03.31 15:35:33 | 004,741,511 | R--- | C] () -- C:\Users\Benutzer\Desktop\Justin Bieber - Born to be Somebody.mp3 [2011.03.31 15:02:11 | 002,943,652 | ---- | C] () -- C:\Users\Benutzer\Desktop\Willow Smith - 21st Century Girl.mp3 [2011.03.31 15:01:10 | 007,401,863 | ---- | C] () -- C:\Users\Benutzer\Desktop\Justin Bieber - Dr Bieber.mp3 [2011.03.23 00:53:24 | 000,000,056 | -H-- | C] () -- C:\Windows\System32\ezsidmv.dat [2011.03.03 00:37:46 | 000,051,340 | -H-- | C] () -- C:\Windows\System32\mlfcache.dat [2011.03.02 22:43:08 | 000,111,104 | ---- | C] () -- C:\Windows\System32\Uharc.exe [2011.03.02 22:43:08 | 000,008,636 | ---- | C] () -- C:\Windows\System32\modifype.exe [2010.10.19 14:55:26 | 000,000,151 | ---- | C] () -- C:\Users\Benutzer\AppData\Roaming\urhtps.dat [2010.10.16 23:41:24 | 000,015,312 | ---- | C] () -- C:\Windows\System32\RaCoInst.dat [2010.10.14 02:36:44 | 000,179,263 | ---- | C] () -- C:\Windows\System32\xlive.dll.cat [2010.08.13 18:43:34 | 000,001,456 | ---- | C] () -- C:\Users\Benutzer\AppData\Local\Adobe Für Web speichern 12.0 Prefs [2010.07.19 23:07:42 | 000,053,248 | ---- | C] () -- C:\Users\Benutzer\AppData\Roaming\chrtmp [2010.07.19 02:05:20 | 000,027,648 | ---- | C] () -- C:\Windows\System32\AVSredirect.dll [2010.05.29 22:20:03 | 000,019,456 | ---- | C] () -- C:\Users\Benutzer\AppData\Local\WebpageIcons.db [2010.05.27 01:30:15 | 000,528,896 | ---- | C] () -- C:\Windows\System32\RegisterDialog.dll [2010.05.23 21:37:55 | 000,674,138 | ---- | C] () -- C:\Windows\unins000.exe [2010.05.23 21:37:55 | 000,009,473 | ---- | C] () -- C:\Windows\unins000.dat [2010.05.13 02:05:03 | 000,000,132 | ---- | C] () -- C:\Users\Benutzer\AppData\Roaming\Adobe PNG Format CS5 Prefs [2010.03.22 23:16:38 | 000,000,069 | ---- | C] () -- C:\Windows\NeroDigital.ini [2010.03.20 00:46:44 | 003,600,384 | ---- | C] () -- C:\Windows\ffmpeg.exe [2010.02.28 00:16:55 | 000,144,186 | ---- | C] () -- C:\Users\Benutzer\AppData\Local\debuggee.mdmp [2010.01.20 22:11:36 | 000,011,264 | ---- | C] () -- C:\Users\Benutzer\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini [2010.01.15 20:17:06 | 000,034,308 | ---- | C] () -- C:\Windows\System32\bassmod.dll [2010.01.14 21:04:51 | 000,000,402 | ---- | C] () -- C:\Users\Benutzer\AppData\Roaming\Current.prx [2010.01.12 18:09:05 | 000,021,532 | ---- | C] () -- C:\Windows\System32\emptyregdb.dat [2010.01.12 17:46:17 | 000,000,000 | ---- | C] () -- C:\Windows\ativpsrm.bin [2009.12.25 06:19:33 | 000,000,109 | ---- | C] () -- C:\Windows\GMouse.ini [2009.10.20 20:19:30 | 000,053,299 | ---- | C] () -- C:\Windows\System32\pthreadVC.dll [2009.07.14 10:47:43 | 000,761,444 | ---- | C] () -- C:\Windows\System32\perfh007.dat [2009.07.14 10:47:43 | 000,295,922 | ---- | C] () -- C:\Windows\System32\perfi007.dat [2009.07.14 10:47:43 | 000,171,830 | ---- | C] () -- C:\Windows\System32\perfc007.dat [2009.07.14 10:47:43 | 000,038,104 | ---- | C] () -- C:\Windows\System32\perfd007.dat [2009.07.14 06:57:37 | 000,067,584 | --S- | C] () -- C:\Windows\bootstat.dat [2009.07.14 06:33:53 | 000,294,552 | ---- | C] () -- C:\Windows\System32\FNTCACHE.DAT [2009.07.14 04:05:48 | 000,716,762 | ---- | C] () -- C:\Windows\System32\perfh009.dat [2009.07.14 04:05:48 | 000,291,294 | ---- | C] () -- C:\Windows\System32\perfi009.dat [2009.07.14 04:05:48 | 000,144,784 | ---- | C] () -- C:\Windows\System32\perfc009.dat [2009.07.14 04:05:48 | 000,031,548 | ---- | C] () -- C:\Windows\System32\perfd009.dat [2009.07.14 04:05:05 | 000,000,741 | ---- | C] () -- C:\Windows\System32\NOISE.DAT [2009.07.14 04:04:11 | 000,215,943 | ---- | C] () -- C:\Windows\System32\dssec.dat [2009.07.14 01:55:01 | 000,043,131 | ---- | C] () -- C:\Windows\mib.bin [2009.07.14 01:51:43 | 000,073,728 | ---- | C] () -- C:\Windows\System32\BthpanContextHandler.dll [2009.07.14 01:42:10 | 000,064,000 | ---- | C] () -- C:\Windows\System32\BWContextHandler.dll [2009.06.18 20:29:04 | 000,197,654 | ---- | C] () -- C:\Windows\System32\atiicdxx.dat [2009.06.10 23:26:10 | 000,673,088 | ---- | C] () -- C:\Windows\System32\mlang.dat [2009.02.18 18:55:22 | 000,294,912 | ---- | C] () -- C:\Windows\System32\ATIODE.exe [2009.02.03 21:52:04 | 000,045,056 | ---- | C] () -- C:\Windows\System32\ATIODCLI.exe [2009.01.14 14:12:25 | 000,003,636 | ---- | C] () -- C:\Windows\System32\drivers\nvphy.bin [2007.04.27 11:43:58 | 000,120,200 | ---- | C] () -- C:\Windows\System32\DLLDEV32i.dll [2002.05.16 01:38:40 | 000,091,136 | ---- | C] () -- C:\Windows\System32\mp4fil32.dll [2002.05.04 15:19:00 | 000,049,152 | ---- | C] () -- C:\Windows\System32\avisynthEx.dll [2002.04.21 20:30:14 | 000,151,552 | ---- | C] () -- C:\Windows\System32\OggDS.dll [2002.04.19 16:23:26 | 000,106,137 | ---- | C] () -- C:\Windows\System32\libpostproc.dll [2002.04.19 15:51:04 | 000,211,760 | ---- | C] () -- C:\Windows\System32\libavcodec.dll [2002.04.02 00:16:30 | 000,454,656 | ---- | C] () -- C:\Windows\System32\VorbisEnc.dll [2002.04.02 00:16:14 | 000,118,784 | ---- | C] () -- C:\Windows\System32\vorbis.dll [2002.04.02 00:15:40 | 000,011,264 | ---- | C] () -- C:\Windows\System32\ogg.dll [2002.02.21 18:41:20 | 000,157,184 | ---- | C] () -- C:\Windows\System32\unrar.dll [2001.06.22 13:06:02 | 000,167,936 | ---- | C] () -- C:\Windows\System32\MPEG2DEC.dll [2001.05.24 12:20:38 | 000,544,256 | ---- | C] () -- C:\Windows\System32\janGraphics.dll ========== LOP Check ========== [2011.04.05 21:05:33 | 000,000,000 | ---D | M] -- C:\Users\Benutzer\AppData\Roaming\.minecraft [2010.10.18 18:15:53 | 000,000,000 | ---D | M] -- C:\Users\Benutzer\AppData\Roaming\5006 [2010.11.09 14:33:38 | 000,000,000 | ---D | M] -- C:\Users\Benutzer\AppData\Roaming\5008 [2010.02.02 01:29:37 | 000,000,000 | ---D | M] -- C:\Users\Benutzer\AppData\Roaming\app.destroytwitter.23CA2F9B070E2FB8C4472F982F88B1A471F11AE2.1 [2011.01.29 03:34:15 | 000,000,000 | ---D | M] -- C:\Users\Benutzer\AppData\Roaming\Audacity [2010.03.16 16:33:54 | 000,000,000 | ---D | M] -- C:\Users\Benutzer\AppData\Roaming\Azureus [2010.10.05 04:34:16 | 000,000,000 | ---D | M] -- C:\Users\Benutzer\AppData\Roaming\Ceab [2010.08.29 17:38:14 | 000,000,000 | ---D | M] -- C:\Users\Benutzer\AppData\Roaming\chc.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1 [2010.10.18 18:15:39 | 000,000,000 | ---D | M] -- C:\Users\Benutzer\AppData\Roaming\cock [2011.04.14 02:54:50 | 000,000,000 | ---D | M] -- C:\Users\Benutzer\AppData\Roaming\DAEMON Tools Pro [2010.12.28 18:39:13 | 000,000,000 | ---D | M] -- C:\Users\Benutzer\AppData\Roaming\DigitalDJ17 [2010.08.16 00:05:52 | 000,000,000 | ---D | M] -- C:\Users\Benutzer\AppData\Roaming\DVDVideoSoftIEHelpers [2011.04.11 22:09:00 | 000,000,000 | ---D | M] -- C:\Users\Benutzer\AppData\Roaming\FileZilla [2010.03.23 00:36:19 | 000,000,000 | ---D | M] -- C:\Users\Benutzer\AppData\Roaming\FreeFLVConverter [2010.11.19 23:40:53 | 000,000,000 | ---D | M] -- C:\Users\Benutzer\AppData\Roaming\GetRightToGo [2011.04.24 09:48:57 | 000,000,000 | ---D | M] -- C:\Users\Benutzer\AppData\Roaming\ICQ [2010.08.02 13:42:44 | 000,000,000 | ---D | M] -- C:\Users\Benutzer\AppData\Roaming\LG Electronics [2011.01.07 19:35:48 | 000,000,000 | ---D | M] -- C:\Users\Benutzer\AppData\Roaming\MAGIX [2010.11.23 07:31:43 | 000,000,000 | ---D | M] -- C:\Users\Benutzer\AppData\Roaming\ManyCam [2010.01.12 18:00:38 | 000,000,000 | ---D | M] -- C:\Users\Benutzer\AppData\Roaming\Mp3tag [2010.05.24 04:29:49 | 000,000,000 | ---D | M] -- C:\Users\Benutzer\AppData\Roaming\Mumble [2010.07.21 17:17:41 | 000,000,000 | ---D | M] -- C:\Users\Benutzer\AppData\Roaming\NCH Swift Sound [2010.03.16 22:30:56 | 000,000,000 | ---D | M] -- C:\Users\Benutzer\AppData\Roaming\Notepad++ [2010.06.22 22:48:04 | 000,000,000 | ---D | M] -- C:\Users\Benutzer\AppData\Roaming\OpenOffice.org [2010.01.01 00:49:21 | 000,000,000 | ---D | M] -- C:\Users\Benutzer\AppData\Roaming\Publish Providers [2011.03.14 02:43:30 | 000,000,000 | ---D | M] -- C:\Users\Benutzer\AppData\Roaming\QuickStoresToolbar [2010.10.06 23:34:40 | 000,000,000 | ---D | M] -- C:\Users\Benutzer\AppData\Roaming\Raubuc [2010.01.12 18:00:38 | 000,000,000 | ---D | M] -- C:\Users\Benutzer\AppData\Roaming\Sony [2010.05.24 09:52:37 | 000,000,000 | ---D | M] -- C:\Users\Benutzer\AppData\Roaming\StageManager.BD092818F67280F4B42B04877600987F0111B594.1 [2011.01.17 20:05:10 | 000,000,000 | ---D | M] -- C:\Users\Benutzer\AppData\Roaming\TeamViewer [2010.04.03 18:54:28 | 000,000,000 | ---D | M] -- C:\Users\Benutzer\AppData\Roaming\TS3Client [2010.04.06 23:15:05 | 000,000,000 | ---D | M] -- C:\Users\Benutzer\AppData\Roaming\TubeBox [2010.11.26 07:33:22 | 000,000,000 | ---D | M] -- C:\Users\Benutzer\AppData\Roaming\UAs [2010.09.10 22:24:01 | 000,000,000 | ---D | M] -- C:\Users\Benutzer\AppData\Roaming\Uniblue [2011.03.02 01:27:39 | 000,000,000 | ---D | M] -- C:\Users\Benutzer\AppData\Roaming\uTorrent [2010.10.01 20:43:52 | 000,000,000 | ---D | M] -- C:\Users\Benutzer\AppData\Roaming\Uxel [2010.04.07 20:23:51 | 000,000,000 | ---D | M] -- C:\Users\Benutzer\AppData\Roaming\Wireshark [2010.12.15 17:13:59 | 000,000,000 | ---D | M] -- C:\Users\Benutzer\AppData\Roaming\xmldm [2010.09.27 13:21:13 | 000,000,000 | ---D | M] -- C:\Users\Benutzer\AppData\Roaming\Ynisp [2010.08.02 13:42:44 | 000,000,000 | -H-D | M] -- C:\Users\Benutzer\AppData\Roaming\{D94BA408-F110-488B-A65E-3AE7945F79E6} [2011.03.24 12:53:29 | 000,032,640 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT ========== Purity Check ========== ========== Custom Scans ========== < %SYSTEMDRIVE%\*. > [2010.01.12 17:33:49 | 000,000,000 | -H-D | M] -- C:\$INPLACE.~TR [2009.07.14 06:54:09 | 000,000,000 | -HSD | M] -- C:\$RECYCLE.BIN [2010.01.12 18:09:58 | 000,000,000 | -H-D | M] -- C:\$WINDOWS.~Q [2010.01.12 17:42:45 | 000,000,000 | -HSD | M] -- C:\Boot [2009.07.14 06:53:55 | 000,000,000 | -HSD | M] -- C:\Documents and Settings [2009.09.18 18:38:21 | 000,000,000 | -HSD | M] -- C:\Dokumente und Einstellungen [2010.01.31 03:14:57 | 000,000,000 | ---D | M] -- C:\DVDVideoSoft [2010.12.14 22:27:06 | 000,000,000 | -H-D | M] -- C:\jdsfjsdijf.exe [2010.11.30 14:22:37 | 000,000,000 | -H-D | M] -- C:\malacuxatx.exe [2010.11.27 18:20:44 | 000,000,000 | -H-D | M] -- C:\ONWERETETR.exe [2010.10.25 00:32:57 | 000,000,000 | ---D | M] -- C:\output [2009.07.14 04:37:05 | 000,000,000 | ---D | M] -- C:\PerfLogs [2010.12.23 14:20:40 | 000,000,000 | -H-D | M] -- C:\portwexexe.exe [2011.04.24 09:51:57 | 000,000,000 | ---D | M] -- C:\Program Files [2011.04.14 02:52:40 | 000,000,000 | ---D | M] -- C:\ProgramData [2009.09.18 18:38:21 | 000,000,000 | -HSD | M] -- C:\Programme [2010.01.12 18:20:21 | 000,000,000 | -HSD | M] -- C:\Recovery [2011.03.03 06:29:43 | 000,000,000 | ---D | M] -- C:\SnowFiles [2010.01.26 23:22:09 | 000,000,000 | ---D | M] -- C:\sound [2011.03.11 23:06:29 | 000,000,000 | -H-D | M] -- C:\syscheckrt [2011.04.22 14:26:04 | 000,000,000 | -HSD | M] -- C:\System Volume Information [2010.01.12 18:05:21 | 000,000,000 | R--D | M] -- C:\Users [2011.04.24 09:52:57 | 000,000,000 | ---D | M] -- C:\Windows [2009.12.20 00:00:00 | 000,000,000 | ---D | M] -- C:\xampp < %PROGRAMFILES%\*.exe > < %LOCALAPPDATA%\*.exe > < %systemroot%\*. /mp /s > < MD5 for: EXPLORER.EXE > [2009.07.14 03:14:20 | 002,613,248 | ---- | M] (Microsoft Corporation) MD5=15BC38A7492BEFE831966ADB477CF76F -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16385_none_518afd35db100430\explorer.exe [2009.10.31 07:45:40 | 002,614,272 | ---- | M] (Microsoft Corporation) MD5=2626FC9755BE22F805D3CFA0CE3EE727 -- C:\Windows\explorer.exe [2009.10.31 07:45:40 | 002,614,272 | ---- | M] (Microsoft Corporation) MD5=2626FC9755BE22F805D3CFA0CE3EE727 -- C:\Windows\System32\SLTrans\explorer.exe [2009.10.31 07:45:39 | 002,614,272 | ---- | M] (Microsoft Corporation) MD5=2626FC9755BE22F805D3CFA0CE3EE727 -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16450_none_51a66d6ddafc2ed1\explorer.exe [2009.08.03 07:49:47 | 002,613,248 | ---- | M] (Microsoft Corporation) MD5=9FF6C4C91A3711C0A3B18F87B08B518D -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.20500_none_526619d4f3f142e6\explorer.exe [2009.08.03 07:35:50 | 002,613,248 | ---- | M] (Microsoft Corporation) MD5=B95EEB0F4E5EFBF1038A35B3351CF047 -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16404_none_51e07e31dad00878\explorer.exe [2009.10.31 08:00:51 | 002,614,272 | ---- | M] (Microsoft Corporation) MD5=C76153C7ECA00FA852BB0C193378F917 -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.20563_none_52283b2af41f3691\explorer.exe < MD5 for: USERINIT.EXE > [2009.07.14 03:14:43 | 000,026,112 | ---- | M] (Microsoft Corporation) MD5=6DE80F60D7DE9CE6B8C2DDFDF79EF175 -- C:\Windows\System32\userinit.exe [2009.07.14 03:14:43 | 000,026,112 | ---- | M] (Microsoft Corporation) MD5=6DE80F60D7DE9CE6B8C2DDFDF79EF175 -- C:\Windows\winsxs\x86_microsoft-windows-userinit_31bf3856ad364e35_6.1.7600.16385_none_dbff103933038d7c\userinit.exe < MD5 for: WININIT.EXE > [2009.07.14 03:14:45 | 000,096,256 | ---- | M] (Microsoft Corporation) MD5=B5C5DCAD3899512020D135600129D665 -- C:\Windows\System32\wininit.exe [2009.07.14 03:14:45 | 000,096,256 | ---- | M] (Microsoft Corporation) MD5=B5C5DCAD3899512020D135600129D665 -- C:\Windows\winsxs\x86_microsoft-windows-wininit_31bf3856ad364e35_6.1.7600.16385_none_30c90ef265a43c13\wininit.exe < MD5 for: WINLOGON.EXE > [2009.10.28 08:17:59 | 000,285,696 | ---- | M] (Microsoft Corporation) MD5=37CDB7E72EB66BA85A87CBE37E7F03FD -- C:\Windows\System32\winlogon.exe [2009.10.28 08:17:59 | 000,285,696 | ---- | M] (Microsoft Corporation) MD5=37CDB7E72EB66BA85A87CBE37E7F03FD -- C:\Windows\winsxs\x86_microsoft-windows-winlogon_31bf3856ad364e35_6.1.7600.16447_none_6fc699643622d177\winlogon.exe [2009.10.28 07:52:08 | 000,285,696 | ---- | M] (Microsoft Corporation) MD5=3BABE6767C78FBF5FB8435FEED187F30 -- C:\Windows\winsxs\x86_microsoft-windows-winlogon_31bf3856ad364e35_6.1.7600.20560_none_703394514f56f7c2\winlogon.exe [2009.07.14 03:14:45 | 000,285,696 | ---- | M] (Microsoft Corporation) MD5=8EC6A4AB12B8F3759E21F8E3A388F2CF -- C:\Windows\winsxs\x86_microsoft-windows-winlogon_31bf3856ad364e35_6.1.7600.16385_none_6f99573a36451166\winlogon.exe < HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\WindowsUpdate\AU > < HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WindowsUpdate\Auto Update\Results\Install|LastSuccessTime /rs > HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WindowsUpdate\Auto Update\Results\Install\\LastSuccessTime: 2011-04-22 12:26:16 < End of report > Extras.txt: OTL Logfile: Code:
ATTFilter OTL Extras logfile created on: 24.04.2011 09:54:28 - Run 1 OTL by OldTimer - Version 3.2.22.3 Folder = C:\Users\Benutzer\Desktop Home Premium Edition (Version = 6.1.7600) - Type = NTWorkstation Internet Explorer (Version = 8.0.7600.16385) Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy 2,00 Gb Total Physical Memory | 1,00 Gb Available Physical Memory | 52,00% Memory free 4,00 Gb Paging File | 3,00 Gb Available in Paging File | 64,00% Paging File free Paging file location(s): ?:\pagefile.sys [binary data] %SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files Drive C: | 576,61 Gb Total Space | 294,42 Gb Free Space | 51,06% Space Free | Partition Type: NTFS Drive D: | 19,55 Gb Total Space | 13,55 Gb Free Space | 69,33% Space Free | Partition Type: FAT32 Drive E: | 6,91 Gb Total Space | 0,00 Gb Free Space | 0,00% Space Free | Partition Type: UDF Computer Name: GAGA | User Name: Benutzer | Logged in as Administrator. Boot Mode: Normal | Scan Mode: Current user | Quick Scan Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days ========== Extra Registry (SafeList) ========== ========== File Associations ========== [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>] .cpl [@ = cplfile] -- C:\Windows\System32\control.exe (Microsoft Corporation) .hlp [@ = hlpfile] -- C:\Windows\winhlp32.exe (Microsoft Corporation) .html [@ = ChromeHTML] -- Reg Error: Key error. File not found [HKEY_CURRENT_USER\SOFTWARE\Classes\<extension>] .html [@ = FirefoxHTML] -- C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation) ========== Shell Spawning ========== [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command] batfile [open] -- "%1" %* cmdfile [open] -- "%1" %* comfile [open] -- "%1" %* cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation) exefile [open] -- "%1" %* helpfile [open] -- Reg Error: Key error. hlpfile [open] -- %SystemRoot%\winhlp32.exe %1 (Microsoft Corporation) htmlfile [edit] -- Reg Error: Key error. htmlfile [print] -- Reg Error: Value error. http [open] -- "C:\Program Files\Google\Chrome\Application\chrome.exe" -- "%1" https [open] -- "C:\Program Files\Google\Chrome\Application\chrome.exe" -- "%1" inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation) piffile [open] -- "%1" %* regfile [merge] -- Reg Error: Key error. scrfile [config] -- "%1" scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l scrfile [open] -- "%1" /S txtfile [edit] -- Reg Error: Key error. Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1 Directory [Bridge] -- C:\Program Files\Adobe\Adobe Bridge CS5\Bridge.exe "%L" (Adobe Systems, Inc.) Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation) Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation) Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation) Folder [explore] -- Reg Error: Value error. Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation) ========== Security Center Settings ========== [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center] "cval" = 1 [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc] "VistaSp1" = Reg Error: Unknown registry data type -- File not found "AntiVirusOverride" = 0 "AntiSpywareOverride" = 0 "FirewallOverride" = 0 [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol] ========== Firewall Settings ========== [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile] "DisableNotifications" = 0 "EnableFirewall" = 1 [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile] "DisableNotifications" = 0 "EnableFirewall" = 1 [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile] "DisableNotifications" = 0 "EnableFirewall" = 1 ========== Authorized Applications List ========== ========== HKEY_LOCAL_MACHINE Uninstall List ========== [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall] "{002D9D5E-29BA-3E6D-9BC4-3D7D6DBC735C}" = Microsoft Visual C++ 2008 ATL Update kb973924 - x86 9.0.30729.4148 "{033E378E-6AD3-4AD5-BDEB-CBD69B31046C}" = Microsoft_VC90_ATL_x86 "{044F9133-B8D7-4d11-BF39-803FA20F5C8B}" = Microsoft Windows SDK for Visual Studio 2008 SP1 Express Tools for Win32 "{048298C9-A4D3-490B-9FF9-AB023A9238F3}" = Steam "{04858915-9F49-4B2A-AED4-DC49A7DE6A7B}" = Battlefield 2(TM) "{05308C4E-7285-4066-BAE3-6B50DA6ED755}" = Adobe Update Manager CS4 "{054EFA56-2AC1-48F4-A883-0AB89874B972}" = Adobe Extension Manager CS4 "{0760DE01-36E3-44BF-9F3B-EDED55D7B105}" = Hercules Blog Webcam "{0840B4D6-7DD1-4187-8523-E6FC0007EFB7}" = Windows Live ID Sign-in Assistant "{08D2E121-7F6A-43EB-97FD-629B44903403}" = Microsoft_VC90_CRT_x86 "{098727E1-775A-4450-B573-3F441F1CA243}" = kuler "{0A0CADCF-78DA-33C4-A350-CD51849B9702}" = Microsoft .NET Framework 4 Extended "{0D2DBE8A-43D0-7830-7AE7-CA6C99A832E7}" = Adobe Community Help "{0E592C31-09EF-3CA1-A7DE-05D13DFCF791}" = Microsoft Windows SDK for Visual Studio 2008 SP1 Express Tools for .NET Framework - deu "{0F3647F8-E51D-4FCC-8862-9A8D0C5ACF25}" = Microsoft_VC80_ATL_x86 "{0F723FC1-7606-4867-866C-CE80AD292DAF}" = Adobe CSI CS4 "{14AFE241-FC6E-4FDB-BCA0-7AD6F4974171}" = Adobe Setup "{15FEDA5F-141C-4127-8D7E-B962D1742728}" = Adobe Photoshop CS5 "{1618734A-3957-4ADD-8199-F973763109A8}" = Adobe Anchor Service CS4 "{16E6D2C1-7C90-4309-8EC4-D2212690AAA4}" = AdobeColorCommonSetRGB "{171E6C1E-B5FC-11DF-B115-005056C00008}" = Google Earth Plug-in "{18455581-E099-4BA8-BC6B-F34B2F06600C}" = Google Toolbar for Internet Explorer "{1a413f37-ed88-4fec-9666-5c48dc4b7bb7}" = YouTube Downloader 2.5.4 "{1D14373E-7970-4F2F-A467-ACA4F0EA21E3}" = Google Earth "{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 "{1FDA5A37-B22D-43FF-B582-B8964050DC13}" = Microsoft Games for Windows - LIVE Redistributable "{205C6BDD-7B73-42DE-8505-9A093F35A238}" = Windows Live-Uploadtool "{20ACB2F8-3BCA-45A8-80A2-9D3CB5C25F43}" = Safari "{21DDB7A5-00A9-96D3-AF53-AF143CE29CD1}" = Catalyst Control Center InstallProxy "{22B775E7-6C42-4FC5-8E10-9A5E3257BD94}" = MSVCRT "{2318C2B1-4965-11d4-9B18-009027A5CD4F}" = Google Toolbar for Internet Explorer "{26A24AE4-039D-4CA4-87B4-2F83216016FF}" = Java(TM) 6 Update 16 "{2A697B53-0DE3-42DA-B41D-C3F804B1C538}" = iTunes "{2A981294-F14C-4F0F-9627-D793270922F8}" = Bonjour "{2DC94AFD-A6E2-4AB4-9132-4A3F8E07B386}" = Apple Application Support "{30355ED7-DE49-4C8D-BE23-2161D36E8A9A}" = Microsoft SQL Server 2008 Setup Support Files (English) "{30C8AA56-4088-426F-91D1-0EDFD3A25678}" = Adobe Dreamweaver CS4 "{3175E049-F9A9-4A3D-8F19-AC9FB04514D1}" = Windows Live Communications Platform "{342D4AD7-EC4C-4EC8-AEA6-E70F5905A490}" = SQL Server System CLR Types "{34EB6245-C8D0-4D8A-B8D8-EEBFF7A91485}" = Firebird SQL Server - MAGIX Edition "{3921A67A-5AB1-4E48-9444-C71814CF3027}" = VCRedistSetup "{39F6E2B4-CFE8-C30A-66E8-489651F0F34C}" = Adobe Media Player "{3A4E8896-C2E7-4084-A4A4-B8FD1894E739}" = Adobe XMP Panels CS4 "{3C3901C5-3455-3E0A-A214-0B093A5070A6}" = Microsoft .NET Framework 4 Client Profile "{3C3D696B-0DB7-3C6D-A356-3DB8CE541918}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729 "{411F3ABA-2AB5-4799-AA19-6ADF0A8F7424}" = Adobe Setup "{432DEFB9-9C74-A859-1B66-F67530CF1D33}" = Catalyst Control Center Localization German "{44E240EC-2224-4078-A88B-2CEE0D3016EF}" = Adobe After Effects CS4 Presets "{45EC816C-0771-4C14-AE6D-72D1B578F4C8}" = Adobe After Effects CS4 "{477415F5-93DA-46AA-85C5-640047825995}" = Microsoft SQL Server 2008 Database Engine Shared "{47948554-90C6-4AAC-8CFA-D23CE11C1031}" = Nero 8 Essentials "{491DFBAA-77EF-4B06-8676-2FC66EEE049A}" = LogMeIn Hamachi "{4943EFF5-229F-435D-BEA9-BE3CAEA783A7}" = Adobe Service Manager Extension "{494420A9-5F25-457B-9BBF-228E6A73B94B}" = MAGIX Speed burnR (MSI) "{4A6F34E2-09E5-4616-B227-4A26A488A6F9}" = Microsoft SQL Server 2008 Common Files "{4AF2248C-B3DF-46FB-9596-87F5DB193689}" = Microsoft SQL Server 2008-Browser "{4EE9A620-46A0-4BCF-82AC-950D2BBED982}" = Belkin Wireless USB Adapter Setup "{561968FD-56A1-49FD-9ED0-F55482C7C5BC}" = Adobe Media Encoder CS4 Exporter "{56415658-366E-4E28-A6BD-68EC63E560E0}" = Vegas Pro 9.0 "{56C049BE-79E9-4502-BEA7-9754A3E60F9B}" = neroxml "{57752979-A1C9-4C02-856B-FBB27AC4E02C}" = QuickTime "{586509F0-350D-48B5-B763-9CC2F8D96C4C}" = Windows Live Sync "{5BD39911-A12F-4562-98BA-A6E03E3370B1}" = Microsoft SQL Server 2008 Database Engine Services "{5EE7D259-D137-4438-9A5F-42F432EC0421}" = VC80CRTRedist - 8.0.50727.4053 "{60DB5894-B5A1-4B62-B0F3-669A22C0EE5D}" = Adobe Dynamiclink Support "{635FED5B-2C6D-49BE-87E6-7A6FCD22BC5A}" = Microsoft_VC90_MFC_x86 "{67A9747A-E1F5-4E9A-81CC-12B5D5B81B6E}" = Adobe After Effects CS4 Third Party Content "{67F0E67A-8E93-4C2C-B29D-47C48262738A}" = Adobe Device Central CS4 "{69FDFBB6-351D-4B8C-89D8-867DC9D0A2A4}" = Windows Media Player Firefox Plugin "{7299052b-02a4-4627-81f2-1818da5d550d}" = Microsoft Visual C++ 2005 Redistributable "{738B0934-6676-44F6-AB52-32F4E60DCA7F}" = Microsoft SQL Server Compact 3.5 SP1 Design Tools (Deutsch) "{73C6DCFB-B606-47F3-BDFA-9A4FBF931E37}" = ICQ7.4 "{73EBF259-D41F-3517-78C6-29F335BD252B}" = Skins "{770657D0-A123-3C07-8E44-1C83EC895118}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053 "{7AEBD87F-7818-2C67-F0F5-822E0260D002}" = Catalyst Control Center Graphics Full New "{8186FF34-D389-4B7E-9A2F-C197585BCFBD}" = Adobe Media Encoder CS4 Importer "{820D3F45-F6EE-4AAF-81EF-CE21FF21D230}" = Adobe Type Support CS4 "{837b34e3-7c30-493c-8f6a-2b0f04e2912c}" = Microsoft Visual C++ 2005 Redistributable "{83877DB1-8B77-45BC-AB43-2BAC22E093E0}" = Adobe Bridge CS4 "{842B4B72-9E8F-4962-B3C1-1C422A5C4434}" = Suite Shared Configuration CS4 "{850C7BD3-9F3F-46AD-9396-E7985B38C55E}" = Windows Live Fotogalerie "{86A4C6D9-29EE-4719-AFA1-BA3341862B83}" = Microsoft Games for Windows - LIVE "{86CE85E6-DBAC-3FFD-B977-E4B79F83C909}" = Microsoft Visual C++ 2008 Redistributable - KB2467174 - x86 9.0.30729.5570 "{86D4B82A-ABED-442A-BE86-96357B70F4FE}" = Ask Toolbar "{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight "{8A5323B7-45CB-48AB-B7E3-1C22BA63DA4C}" = Windows Vista Demo Screen Saver "{8B6490BA-FAEA-486C-BAB5-561251D5F2B1}" = Hercules Blog Webcam "{8E5233E1-7495-44FB-8DEB-4BE906D59619}" = Junk Mail filter update "{8EF276E0-1D97-4B9D-BB29-013165F567CA}" = MAGIX Video deluxe 17 Premium Download-Version "{8F714418-F3C3-3BF0-B548-E4BDA7AD41DE}" = Microsoft Visual Basic 2008 Express Edition with SP1 - DEU "{910F4A29-1134-49E0-AD8B-56E4A3152BD1}" = Die Sims™ 3 Traumkarrieren "{92D58719-BBC1-4CC3-A08B-56C9E884CC2C}" = Microsoft_VC80_CRT_x86 "{94D398EB-D2FD-4FD1-B8C4-592635E8A191}" = Adobe CMaps CS4 "{95120000-00B9-0409-0000-0000000FF1CE}" = Microsoft Application Error Reporting "{98129815-2DEB-7E30-8105-65CC9D0E3F0D}" = ccc-utility "{9992BAC0-E57C-1BBB-8391-3DEC5BFC025B}" = ATI Catalyst Install Manager "{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 "{9DDD0B95-1F3E-453E-9F12-EACB0DD6B6CF}" = Dealio Toolbar v4.3 "{9E752ADC-4903-E12F-8843-743A78CD3CBB}" = ccc-core-static "{9F9D923C-8BF4-859A-853A-7C4299FD98DD}" = Catalyst Control Center Core Implementation "{a0fe116e-9a8a-466f-aee0-625cb7c207e3}" = Microsoft Visual C++ 2005 Redistributable - KB2467175 "{A589DA26-51BD-475D-8C32-E19E34145842}" = Camtasia Studio 6 "{A7496F46-78AE-4DB2-BCF5-95F210FA6F96}" = Windows Live Movie Maker "{A78FE97A-C0C8-49CE-89D0-EDD524A17392}" = PDF Settings CS5 "{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper "{ABD7DBE3-E344-4BCA-B8AD-4360494DD1D9}" = LG MC USB U330 driver "{AC76BA86-7AD7-1031-7B44-A90000000001}" = Adobe Reader 9 - Deutsch "{AC7EE5F1-0DE4-4256-8E43-92B73C8E6019}" = LG Bluetooth Drivers "{AED2DD42-9853-407E-A6BC-8A1D6B715909}" = Windows Live Messenger "{B05DE7B7-0B40-4411-BD4B-222CAE2D8F15}" = Adobe MotionPicture Color Files CS4 "{B15381DD-FF97-4FCD-A881-ED4DB0975500}" = Adobe Color Video Profiles AE CS4 "{B194272D-1F92-46DF-99EB-8D5CE91CB4EC}" = Adobe AIR "{B29AD377-CC12-490A-A480-1452337C618D}" = Connect "{B3DAF54F-DB25-4586-9EF1-96D24BB14088}" = Windows Movie Maker 2.6 "{B5153233-9AEE-4CD4-9D2C-4FAAC870DBE2}" = Microsoft SQL Server 2008 Database Engine Services "{B60D61FD-1CB1-4ED5-974E-8C959F14208E}" = Hercules Webcam Station Evolution "{BAC80EF3-E106-4AEA-8C57-F217F9BC7358}" = Microsoft SQL Server 2005 Compact Edition [DEU] "{BB4E33EC-8181-4685-96F7-8554293DEC6A}" = Adobe Output Module "{BF8DC7F0-DB69-5F15-4871-5B38C95410EA}" = Catalyst Control Center Graphics Light "{C05D8CDB-417D-4335-A38C-A0659EDFD6B8}" = Die Sims™ 3 "{C41300B9-185D-475E-BFEC-39EF732F19B1}" = Apple Software Update "{C4D738F7-996A-4C81-B8FA-C4E26D767E41}" = Windows Live Mail "{C52E3EC1-048C-45E1-8D53-10B0C6509683}" = Adobe Default Language CS4 "{C911A0C2-2236-3164-AA47-F2566C01AE5E}" = Microsoft .NET Framework 4 Extended DEU Language Pack "{C91C4EF4-63E1-41EE-AE6A-5152628FDC21}" = Microsoft SQL Server 2008 Native Client "{C965F01C-76EA-4BD7-973E-46236AE312D7}" = Sql Server Customer Experience Improvement Program "{CACAEB5F-174D-4C7C-AC56-A33289A807CA}" = Apple Mobile Device Support "{CAFA57E8-8927-4912-AFCF-B0AA3837E989}" = Windows Live Essentials "{CC75AB5C-2110-4A7F-AF52-708680D22FE8}" = Photoshop Camera Raw "{CCA09491-F5C1-4D20-91A6-7F7E39769E94}" = OpenOffice.org 3.0 "{D074DC76-F6C9-440E-A1D0-1DE958417FDB}" = Microsoft SQL Server VSS Writer "{D103C4BA-F905-437A-8049-DB24763BBE36}" = Skype™ 4.2 "{D1A19B02-817E-4296-A45B-07853FD74D57}" = Microsoft_VC80_MFC_x86 "{D1D1D5FE-AF9E-9150-1493-C76A81A69FEE}" = Catalyst Control Center Graphics Full Existing "{D2041A37-5FEC-49F0-AE5C-3F2FFDFAA4F4}" = Windows Live Call "{D66BDB75-FBB8-4B4E-5379-B17E7EBD7B1A}" = CCC Help English "{D761C5D2-E727-415A-BC4E-52642CEA1A1C}" = TubeBox! "{D92BBB52-82FF-42ED-8A3C-4E062F944AB7}" = Microsoft_VC80_MFCLOC_x86 "{D94BA408-F110-488B-A65E-3AE7945F79E6}_is1" = LG PC Suite III deinstallieren "{DAD6325D-55CF-4D30-9DB9-2ADFE02D0777}" = MAGIX Screenshare "{DC344C96-0A5D-65C7-F0D3-CCBA48DDA190}" = CCC Help German "{E0A4805D-280A-4DD7-9E74-3A5F85E302A1}" = Windows Live Writer "{E1640DA5-89B4-4F52-B15D-5DA3D14F29D4}" = LG USB Modem Drivers "{E2883E8F-472F-4fb0-9522-AC9BF37916A7}" = Adobe Download Manager "{E37C6398-2D75-6EF3-FA55-CF4B92371940}" = Catalyst Control Center Graphics Previews Vista "{E397F6F0-AEE4-4236-BB05-1351350F8365}" = War Rock "{E3E71D07-CD27-46CB-8448-16D4FB29AA13}" = Microsoft WSE 3.0 Runtime "{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}" = Microsoft SQL Server 2005 Compact Edition [ENU] "{F0E12BBA-AD66-4022-A453-A1C8A0C4D570}" = Microsoft Choice Guard "{F0E2B312-D7FD-4349-A9B6-E90B36DB1BD0}" = Paint.NET v3.5.5 "{F0E64E2E-3A60-40D8-A55D-92F6831875DA}" = Adobe Search for Help "{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver "{F1DC7648-8623-442F-92B7-E118DF61872E}" = Microsoft SQL Server 2008 RsFx Driver "{F3494AB6-6900-41C6-AF57-823626827ED8}" = Microsoft SQL Server 2008 Database Engine Shared "{F5E87B12-3C27-452F-8E78-21D42164FD83}" = Microsoft SQL Server 2008 Management Objects "{F750C986-5310-3A5A-95F8-4EC71C8AC01C}" = Microsoft .NET Framework 4 Client Profile DEU Language Pack "{F8EF2B3F-C345-4F20-8FE4-791A20333CD5}" = Adobe ExtendScript Toolkit CS4 "{F93C84A6-0DC6-42AF-89FA-776F7C377353}" = Adobe PDF Library Files CS4 "{FA440BE8-EC2F-4478-A01A-077DA0606501}" = Microsoft SQL Server Compact 3.5 SP1 (Deutsch) "{FCDD51BB-CAD0-4BB1-B7DF-CE86D1032794}" = Adobe Fonts All "{FF66E9F6-83E7-3A3E-AF14-8DE9A809A6A4}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022 "{FF6F95A4-E59B-45C8-BEA8-0BDC8D9CAB51}" = Microsoft SQL Server 2008 Common Files "AbiWord2" = AbiWord 2.8.4 "AC3Filter" = AC3Filter (remove only) "Adobe AIR" = Adobe AIR "Adobe Flash Player ActiveX" = Adobe Flash Player ActiveX "Adobe Flash Player Plugin" = Adobe Flash Player 10 Plugin "Adobe Shockwave Player" = Adobe Shockwave Player 11.5 "Adobe_3dcb365ab9e01871fb8c6f27b0ea079" = Adobe After Effects CS4 "Adobe_acce07fd2c8fe7f9e3f26243e626578" = Adobe Dreamweaver CS4 "Akamai" = Akamai NetSession Interface "ASIO4ALL" = ASIO4ALL "Audacity 1.3 Beta (Unicode)_is1" = Audacity 1.3.12 (Unicode) "Audiograbber" = Audiograbber 1.83 SE "Avira AntiVir Desktop" = Avira AntiVir Personal - Free Antivirus "CCleaner" = CCleaner "chc.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1" = Adobe Community Help "com.adobe.amp.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1" = Adobe Media Player "CyberGhost VPN_is1" = CyberGhost VPN "DAEMON Tools Pro" = DAEMON Tools Pro "Digital DJ" = Digital DJ "DivX Setup.divx.com" = DivX-Setup "DoSHTTP 2.0" = DoSHTTP 2.0 "EADM" = EA Download Manager "ERUNT_is1" = ERUNT 1.1j "facemoods" = Facemoods Toolbar "Fiddler2" = Fiddler2 (remove only) "FlyakiteOSX" = FlyakiteOSX "Free Audio CD Burner_is1" = Free Audio CD Burner version 1.4 "Free FLV Converter_is1" = Free FLV Converter V 6.7.4 "Free Studio_is1" = Free Studio version 4.2 "Free YouTube to MP3 Converter_is1" = Free YouTube to MP3 Converter version 3.8 "GhostMouse 2.0" = GhostMouse 2.0 "Google Desktop" = Google Desktop "ICQToolbar" = ICQ Toolbar "ImTOO MP4 Video Converter" = ImTOO MP4 Video Converter "JDownloader" = JDownloader "LameACM" = Lame ACM MP3 Codec "LHTTSENG" = L&H TTS3000 British English "LHTTSGED" = L&H TTS3000 Deutsch "LIVETV4PC_is1" = LIVETV4PC "LMMS 0.4.6" = Linux MultiMedia Studio (LMMS) "LogMeIn Hamachi" = LogMeIn Hamachi "Magic Bullet Looks Vegas" = Magic Bullet Looks Vegas "MAGIX_MSI_Videodeluxe17_premium" = MAGIX Video deluxe 17 Premium Download-Version "ManyCam" = ManyCam 2.6.1 (remove only) "Messenger Plus! Live" = Messenger Plus! Live "Messenger_Plus_Live_Germany Toolbar" = Messenger_Plus_Live_Germany Toolbar "Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile "Microsoft .NET Framework 4 Client Profile DEU Language Pack" = Microsoft .NET Framework 4 Client Profile DEU Language Pack "Microsoft .NET Framework 4 Extended" = Microsoft .NET Framework 4 Extended "Microsoft .NET Framework 4 Extended DEU Language Pack" = Microsoft .NET Framework 4 Extended DEU Language Pack "Microsoft SQL Server 10" = Microsoft SQL Server 2008 "Microsoft SQL Server 10 Release" = Microsoft SQL Server 2008 "Microsoft Visual Basic 2008 Express Edition with SP1 - DEU" = Microsoft Visual Basic 2008 Express Edition mit SP1 - DEU "Mozilla Firefox (3.6.16)" = Mozilla Firefox (3.6.16) "Mp3tag" = Mp3tag v2.45a "Mumble" = Mumble and Murmur "NimoCorp" = Nimo Codecs Pack v5.0 (Remove Only) "Notepad++" = Notepad++ "NVIDIA Drivers" = NVIDIA Drivers "PhotoScape" = PhotoScape "Picasa2" = Picasa 2 "Proxifier_is1" = Proxifier version 2.9 "QuickStores-Toolbar_is1" = QuickStores-Toolbar 1.2.0 "RocketDock_is1" = RocketDock 1.3.5 "softonic-de3 Toolbar" = softonic-de3 Toolbar "Spider Mail V2.0" = Spider Mail V2.0 2.0 "Steam App 240" = Counter-Strike: Source "Teamspeak 2 RC2_is1" = TeamSpeak 2 RC2 "TeamViewer 4" = TeamViewer 4 "TeamViewer 5" = TeamViewer 5 "TeamViewer 6" = TeamViewer 6 "TmNationsForever_is1" = TmNationsForever Update 2010-03-15 "TS Admin-Client 2_is1" = TS Admin-Client 2.2.3-alpha [Build: 1485] "tv_enua" = Lernout & Hauspie TruVoice American English TTS Engine "Uninstall_is1" = Uninstall 1.0.0.1 "uTorrent" = µTorrent "Virtual DJ - Atomix Productions" = Virtual DJ - Atomix Productions "WavePad" = WavePad Sound Editor "WebCam-SnapShot_is1" = WebCam-SnapShot 1.3 "WinLiveSuite_Wave3" = Windows Live Essentials "WinPcapInst" = WinPcap 4.1.1 "WinRAR archiver" = WinRAR "Wireshark" = Wireshark 1.2.7 "World of Warcraft" = World of Warcraft "XMedia Recode" = XMedia Recode 2.1.9.5 ========== HKEY_CURRENT_USER Uninstall List ========== [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall] "81f438e5d9120dd8" = Click MusicalKEYS "ExeIco" = ExeIco (remove only) "FileZilla Client" = FileZilla Client 3.3.1 "TeamSpeak 3 Client" = TeamSpeak 3 Client ========== Last 10 Event Log Errors ========== Error reading Event Logs: The Event Service is not operating properly or the Event Logs are corrupt! < End of report > Immer wenn ich die gmes.txt Datei hirein kopieren will, stürtzt Mozilla immer ab! -.- Deswegen hier als Download: Multiupload.com - upload your files to multiple file hosting sites! |
26.04.2011, 15:07 | #2 | |
/// Winkelfunktion /// TB-Süch-Tiger™ | Komische .exe-Datein in msconfig! Poste alle Logs von AntiVir!
__________________Zitat:
Gibt es noch weitere Logs von Malwarebytes? Wenn ja bitte alle posten, die in Malwarebytes im Reiter Logdateien sichtbar sind.
__________________ |
Themen zu Komische .exe-Datein in msconfig! |
32 bit, adblock, adobe after effects, ahnung, applaus, audiograbber, avgntflt.sys, avira, conduit, cyberghost, datei, datein, direkt, ebanking, funde, gelöscht, google earth, grand theft auto, hoffe, install.exe, intranet, jdownloader, komische, location, mp3, msconfig, namen, neu, oldtimer, picasa, plug-in, profis, programme, quarantäne, saver, searchplugins, shell32.dll, skype.exe, speicher, spigot, start menu, startprogramme, studio, stunden, suche, system, third party, trojaner, unbekannt, video converter, visual studio, webcheck, wichtige, windows, windowssuche, youtube downloader |