| |
| |||||||
Plagegeister aller Art und deren Bekämpfung: [Schadprogramm] Windows Restore beseitigt und t.w. noch ProblemeWindows 7 Wenn Du nicht sicher bist, ob Du dir Malware oder Trojaner eingefangen hast, erstelle hier ein Thema. Ein Experte wird sich mit weiteren Anweisungen melden und Dir helfen die Malware zu entfernen oder Unerwünschte Software zu deinstallieren bzw. zu löschen. Bitte schildere dein Problem so genau wie möglich. Sollte es ein Trojaner oder Viren Problem sein wird ein Experte Dir bei der Beseitigug der Infektion helfen. |
28.04.2011, 18:32
| #1 |
 | ![[Schadprogramm] Windows Restore beseitigt und t.w. noch Probleme - Standard](images/icons/icon1.gif){kind=icon} [Schadprogramm] Windows Restore beseitigt und t.w. noch Probleme Vor 2-3 Wochen hatte ich mir das Schadprogramm Windows Restore eingefangen und die Hilfestellungen hier im Forum angewand. Soweit funktionierte der Rechner dann auch wieder relativ normal. 2 Dinge blieben jedoch: 1. Wurden Links über die google-Suche zum Teil weitergeleitet und auf zweifelhafte Seite verlinkt wo man als nächstes irgendwelche Programme installieren sollte. Ausserdem ist verlangsamt sich die Zugriffszeit auf Seiten nach einigen Stunden stark. 2. Es taucht während der Nutzung des Rechners auch immer wieder ein Scriptfehler auf, der auf eine Internetadresse (www2a.glam.com/mobile/detect.act?affiliateId=38198522) zurückzuführen ist. Code:
ATTFilter Malwarebytes' Anti-Malware 1.50.1.1100
www.malwarebytes.org
Datenbank Version: 6336
Windows 6.1.7600
Internet Explorer 8.0.7600.16385
11.04.2011 22:56:21
mbam-log-2011-04-11 (22-56-21).txt
Art des Suchlaufs: Vollständiger Suchlauf (C:\|N:\|)
Durchsuchte Objekte: 467047
Laufzeit: 1 Stunde(n), 23 Minute(n), 12 Sekunde(n)
Infizierte Speicherprozesse: 0
Infizierte Speichermodule: 0
Infizierte Registrierungsschlüssel: 0
Infizierte Registrierungswerte: 1
Infizierte Dateiobjekte der Registrierung: 1
Infizierte Verzeichnisse: 1
Infizierte Dateien: 5
Infizierte Speicherprozesse:
(Keine bösartigen Objekte gefunden)
Infizierte Speichermodule:
(Keine bösartigen Objekte gefunden)
Infizierte Registrierungsschlüssel:
(Keine bösartigen Objekte gefunden)
Infizierte Registrierungswerte:
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\oMaNKFWcCnXLENt (Trojan.FakeAlert) -> Value: oMaNKFWcCnXLENt -> Quarantined and deleted successfully.
Infizierte Dateiobjekte der Registrierung:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\DisableTaskMgr (PUM.Hijack.TaskManager) -> Bad: (1) Good: (0) -> Quarantined and deleted successfully.
Infizierte Verzeichnisse:
c:\Users\Melms\AppData\Roaming\microsoft\Windows\start menu\Programs\windows restore (Trojan.FakeAlert) -> Quarantined and deleted successfully.
Infizierte Dateien:
c:\programdata\omankfwccnxlent.exe (Trojan.FakeAlert) -> Quarantined and deleted successfully.
c:\Users\Melms\AppData\LocalLow\Sun\Java\deployment\cache\6.0\19\6a44c13-186c571b (Trojan.FakeAlert) -> Quarantined and deleted successfully.
c:\programdata\34791176.exe (Trojan.FakeAlert) -> Quarantined and deleted successfully.
c:\Users\Melms\AppData\Roaming\microsoft\Windows\start menu\Programs\windows restore\uninstall windows restore.lnk (Trojan.FakeAlert) -> Quarantined and deleted successfully.
c:\Users\Melms\AppData\Roaming\microsoft\Windows\start menu\Programs\windows restore\windows restore.lnk (Trojan.FakeAlert) -> Quarantined and deleted successfully.
Code:
ATTFilter Malwarebytes' Anti-Malware 1.50.1.1100
www.malwarebytes.org
Datenbank Version: 6336
Windows 6.1.7600
Internet Explorer 8.0.7600.16385
14.04.2011 21:49:38
mbam-log-2011-04-14 (21-49-38).txt
Art des Suchlaufs: Quick-Scan
Durchsuchte Objekte: 159030
Laufzeit: 5 Minute(n), 52 Sekunde(n)
Infizierte Speicherprozesse: 0
Infizierte Speichermodule: 0
Infizierte Registrierungsschlüssel: 0
Infizierte Registrierungswerte: 0
Infizierte Dateiobjekte der Registrierung: 0
Infizierte Verzeichnisse: 0
Infizierte Dateien: 0
Infizierte Speicherprozesse:
(Keine bösartigen Objekte gefunden)
Infizierte Speichermodule:
(Keine bösartigen Objekte gefunden)
Infizierte Registrierungsschlüssel:
(Keine bösartigen Objekte gefunden)
Infizierte Registrierungswerte:
(Keine bösartigen Objekte gefunden)
Infizierte Dateiobjekte der Registrierung:
(Keine bösartigen Objekte gefunden)
Infizierte Verzeichnisse:
(Keine bösartigen Objekte gefunden)
Infizierte Dateien:
(Keine bösartigen Objekte gefunden)
Code:
ATTFilter Malwarebytes' Anti-Malware 1.50.1.1100
www.malwarebytes.org
Datenbank Version: 6459
Windows 6.1.7600
Internet Explorer 8.0.7600.16385
27.04.2011 23:31:49
mbam-log-2011-04-27 (23-31-49).txt
Art des Suchlaufs: Quick-Scan
Durchsuchte Objekte: 154773
Laufzeit: 4 Minute(n), 17 Sekunde(n)
Infizierte Speicherprozesse: 0
Infizierte Speichermodule: 0
Infizierte Registrierungsschlüssel: 0
Infizierte Registrierungswerte: 0
Infizierte Dateiobjekte der Registrierung: 0
Infizierte Verzeichnisse: 0
Infizierte Dateien: 1
Infizierte Speicherprozesse:
(Keine bösartigen Objekte gefunden)
Infizierte Speichermodule:
(Keine bösartigen Objekte gefunden)
Infizierte Registrierungsschlüssel:
(Keine bösartigen Objekte gefunden)
Infizierte Registrierungswerte:
(Keine bösartigen Objekte gefunden)
Infizierte Dateiobjekte der Registrierung:
(Keine bösartigen Objekte gefunden)
Infizierte Verzeichnisse:
(Keine bösartigen Objekte gefunden)
Infizierte Dateien:
c:\Windows\System32\spool\prtprocs\w32x86\7352869.tmp (Trojan.Agent) -> Quarantined and deleted successfully.
Code:
ATTFilter Malwarebytes' Anti-Malware 1.50.1.1100
www.malwarebytes.org
Datenbank Version: 6459
Windows 6.1.7600
Internet Explorer 8.0.7600.16385
28.04.2011 08:29:08
mbam-log-2011-04-28 (08-29-08).txt
Art des Suchlaufs: Quick-Scan
Durchsuchte Objekte: 154831
Laufzeit: 5 Minute(n), 4 Sekunde(n)
Infizierte Speicherprozesse: 0
Infizierte Speichermodule: 0
Infizierte Registrierungsschlüssel: 0
Infizierte Registrierungswerte: 0
Infizierte Dateiobjekte der Registrierung: 0
Infizierte Verzeichnisse: 0
Infizierte Dateien: 0
Infizierte Speicherprozesse:
(Keine bösartigen Objekte gefunden)
Infizierte Speichermodule:
(Keine bösartigen Objekte gefunden)
Infizierte Registrierungsschlüssel:
(Keine bösartigen Objekte gefunden)
Infizierte Registrierungswerte:
(Keine bösartigen Objekte gefunden)
Infizierte Dateiobjekte der Registrierung:
(Keine bösartigen Objekte gefunden)
Infizierte Verzeichnisse:
(Keine bösartigen Objekte gefunden)
Infizierte Dateien:
(Keine bösartigen Objekte gefunden)
Code:
ATTFilter Malwarebytes' Anti-Malware 1.50.1.1100
www.malwarebytes.org
Datenbank Version: 6459
Windows 6.1.7600
Internet Explorer 8.0.7600.16385
28.04.2011 19:50:11
mbam-log-2011-04-28 (19-50-11).txt
Art des Suchlaufs: Quick-Scan
Durchsuchte Objekte: 155344
Laufzeit: 5 Minute(n), 18 Sekunde(n)
Infizierte Speicherprozesse: 0
Infizierte Speichermodule: 0
Infizierte Registrierungsschlüssel: 0
Infizierte Registrierungswerte: 0
Infizierte Dateiobjekte der Registrierung: 0
Infizierte Verzeichnisse: 0
Infizierte Dateien: 0
Infizierte Speicherprozesse:
(Keine bösartigen Objekte gefunden)
Infizierte Speichermodule:
(Keine bösartigen Objekte gefunden)
Infizierte Registrierungsschlüssel:
(Keine bösartigen Objekte gefunden)
Infizierte Registrierungswerte:
(Keine bösartigen Objekte gefunden)
Infizierte Dateiobjekte der Registrierung:
(Keine bösartigen Objekte gefunden)
Infizierte Verzeichnisse:
(Keine bösartigen Objekte gefunden)
Infizierte Dateien:
(Keine bösartigen Objekte gefunden)
Code:
ATTFilter OTL logfile created on: 28.04.2011 08:17:53 - Run 2 OTL by OldTimer - Version 3.2.22.3 Folder = C:\Users\Melms\Desktop Home Premium Edition (Version = 6.1.7600) - Type = NTWorkstation Internet Explorer (Version = 8.0.7600.16385) Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy 2,00 Gb Total Physical Memory | 1,00 Gb Available Physical Memory | 44,00% Memory free 4,00 Gb Paging File | 2,00 Gb Available in Paging File | 60,00% Paging File free Paging file location(s): ?:\pagefile.sys [binary data] %SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files Drive C: | 443,13 Gb Total Space | 313,72 Gb Free Space | 70,80% Space Free | Partition Type: NTFS Unable to calculate disk information. Unable to calculate disk information. Drive N: | 232,83 Gb Total Space | 108,88 Gb Free Space | 46,77% Space Free | Partition Type: FAT32 Computer Name: MELMS-PC | User Name: Melms | Logged in as Administrator. Boot Mode: Normal | Scan Mode: Current user | Quick Scan Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days ========== Processes (SafeList) ========== PRC - [2011.04.20 23:43:35 | 013,007,304 | ---- | M] (Microsoft Corporation) -- C:\Windows\SoftwareDistribution\Download\Install\windows-kb890830-v3.18.exe PRC - [2011.04.18 15:46:44 | 000,079,304 | ---- | M] (Microsoft Corporation) -- c:\ecebd7d2dd50074cfa1593d09b\mrtstub.exe PRC - [2011.04.11 20:21:31 | 000,580,608 | ---- | M] (OldTimer Tools) -- C:\Users\Melms\Desktop\OTL.exe PRC - [2011.03.28 15:41:14 | 001,910,152 | ---- | M] (LogMeIn Inc.) -- C:\Programme\LogMeIn Hamachi\hamachi-2-ui.exe PRC - [2011.03.28 15:41:12 | 001,242,504 | ---- | M] (LogMeIn Inc.) -- C:\Programme\LogMeIn Hamachi\hamachi-2.exe PRC - [2011.03.21 07:49:56 | 000,924,632 | ---- | M] (Mozilla Corporation) -- C:\Programme\Mozilla Firefox\firefox.exe PRC - [2011.03.20 11:42:20 | 000,269,480 | ---- | M] (Avira GmbH) -- C:\Programme\Avira\AntiVir Desktop\avguard.exe PRC - [2011.02.15 03:32:52 | 001,230,704 | ---- | M] () -- C:\Programme\DivX\DivX Update\DivXUpdate.exe PRC - [2010.12.09 12:45:58 | 000,074,752 | ---- | M] (Nullsoft, Inc.) -- C:\Programme\Winamp\winampa.exe PRC - [2010.11.12 19:53:18 | 000,145,184 | ---- | M] (Sun Microsystems, Inc.) -- C:\Programme\Java\jre6\bin\java.exe PRC - [2010.11.03 09:32:50 | 000,281,768 | ---- | M] (Avira GmbH) -- C:\Programme\Avira\AntiVir Desktop\avgnt.exe PRC - [2010.11.03 09:32:50 | 000,135,336 | ---- | M] (Avira GmbH) -- C:\Programme\Avira\AntiVir Desktop\sched.exe PRC - [2010.06.18 19:38:22 | 000,619,800 | ---- | M] (hxxp://tortoisesvn.net) -- C:\Programme\TortoiseSVN\bin\TSVNCache.exe PRC - [2010.06.13 13:54:52 | 004,574,208 | ---- | M] (Shareaza Development Team) -- C:\Programme\Shareaza\Shareaza.exe PRC - [2010.05.20 23:59:30 | 011,312,128 | ---- | M] (OpenOffice.org) -- C:\Programme\OpenOffice.org 3\program\soffice.bin PRC - [2010.05.20 23:59:28 | 011,318,784 | ---- | M] (OpenOffice.org) -- C:\Programme\OpenOffice.org 3\program\soffice.exe PRC - [2010.04.16 22:12:28 | 003,872,080 | ---- | M] (Microsoft Corporation) -- C:\Programme\Windows Live\Messenger\msnmsgr.exe PRC - [2010.03.22 12:50:18 | 000,219,976 | ---- | M] () -- C:\Programme\BumpTop\TexHelper.exe PRC - [2010.03.22 12:49:58 | 007,162,184 | ---- | M] () -- C:\Programme\BumpTop\BumpTop.exe PRC - [2010.01.14 22:10:53 | 000,076,968 | ---- | M] (Avira GmbH) -- C:\Programme\Avira\AntiVir Desktop\avshadow.exe PRC - [2009.11.20 13:17:54 | 000,106,496 | ---- | M] (NEC Electronics Corporation) -- C:\Programme\NEC Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe PRC - [2009.10.31 07:45:39 | 002,614,272 | ---- | M] (Microsoft Corporation) -- C:\Windows\explorer.exe PRC - [2009.07.14 03:14:47 | 001,121,280 | ---- | M] (Microsoft Corporation) -- C:\Programme\Windows Media Player\wmpnetwk.exe PRC - [2009.07.14 03:14:46 | 000,115,200 | ---- | M] () -- \\?\C:\Windows\System32\wbem\WMIADAP.EXE PRC - [2009.07.14 03:14:42 | 000,049,152 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\taskhost.exe PRC - [2009.07.14 03:14:15 | 000,271,360 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\conhost.exe PRC - [2008.11.04 11:06:36 | 001,105,920 | ---- | M] (TerraTec Electronic GmbH) -- C:\Programme\Common Files\TerraTec\Remote\TTTvRc.exe PRC - [2007.09.11 00:45:04 | 000,124,832 | ---- | M] () -- C:\Programme\Adobe\Photoshop Elements 6.0\PhotoshopElementsFileAgent.exe PRC - [2007.09.11 00:43:54 | 000,067,488 | ---- | M] (Adobe Systems Incorporated) -- C:\Programme\Adobe\Photoshop Elements 6.0\apdproxy.exe PRC - [2007.07.11 18:18:54 | 000,237,568 | ---- | M] () -- C:\Windows\tsnp2uvc.exe PRC - [2007.03.22 11:09:18 | 000,132,704 | ---- | M] (ashampoo Technology GmbH & Co. KG) -- C:\Programme\Ashampoo\Ashampoo Magical Defrag\bin\defragMonitorService.exe PRC - [2007.03.22 11:09:16 | 004,540,120 | ---- | M] ( ) -- C:\Programme\Ashampoo\Ashampoo Magical Defrag\bin\aDefragCtrl.exe PRC - [2007.03.22 11:09:16 | 001,689,304 | ---- | M] ( ) -- C:\Programme\Ashampoo\Ashampoo Magical Defrag\bin\aDefragService.exe PRC - [2007.03.22 11:09:16 | 000,079,456 | ---- | M] () -- C:\Programme\Ashampoo\Ashampoo Magical Defrag\bin\defragActivityMonitor.exe PRC - [2006.07.09 21:58:00 | 001,777,664 | ---- | M] (Idea2) -- C:\Programme\Desktop Sidebar\dsidebar.exe PRC - [2005.03.08 12:46:00 | 000,651,264 | ---- | M] (AVM Berlin) -- C:\Programme\FRITZ!DSL\StCenter.exe PRC - [2005.03.04 11:50:00 | 000,118,784 | ---- | M] (AVM Berlin) -- C:\Programme\FRITZ!DSL\IGDCTRL.EXE PRC - [2004.12.09 13:14:34 | 001,068,032 | ---- | M] (Nokia Mobile Phones Ltd.) -- C:\Programme\Common Files\PCSuite\DataLayer\DataLayer.exe PRC - [2004.12.01 14:20:28 | 000,456,192 | ---- | M] (Nokia Corporation) -- C:\Programme\Common Files\Nokia\MPAPI\MPAPI3s.exe PRC - [2004.11.25 13:59:06 | 000,143,360 | ---- | M] (Nokia) -- C:\Programme\Nokia\Nokia PC Suite 6\Launch Application 2.exe PRC - [2004.11.24 13:29:38 | 000,880,640 | ---- | M] (Time Information Services Ltd.) -- C:\Programme\Nokia\Nokia PC Suite 6\PcSync2.exe PRC - [2004.11.16 12:55:16 | 000,089,088 | ---- | M] (Nokia.) -- C:\Programme\Common Files\PCSuite\Services\ServiceLayer.exe ========== Modules (SafeList) ========== MOD - [2011.04.11 20:21:31 | 000,580,608 | ---- | M] (OldTimer Tools) -- C:\Users\Melms\Desktop\OTL.exe MOD - [2010.08.21 07:21:32 | 001,680,896 | ---- | M] (Microsoft Corporation) -- C:\Windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7600.16661_none_420fe3fa2b8113bd\comctl32.dll ========== Win32 Services (SafeList) ========== SRV - [2011.03.28 15:41:12 | 001,242,504 | ---- | M] (LogMeIn Inc.) [Auto | Running] -- C:\Program Files\LogMeIn Hamachi\hamachi-2.exe -- (Hamachi2Svc) SRV - [2011.03.20 11:42:20 | 000,269,480 | ---- | M] (Avira GmbH) [Auto | Running] -- C:\Program Files\Avira\AntiVir Desktop\avguard.exe -- (AntiVirService) SRV - [2010.12.21 07:38:22 | 000,350,720 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- winhttp.dll -- (WinHttpAutoProxySvc) SRV - [2010.11.03 09:32:50 | 000,135,336 | ---- | M] (Avira GmbH) [Auto | Running] -- C:\Program Files\Avira\AntiVir Desktop\sched.exe -- (AntiVirSchedulerService) SRV - [2010.07.04 11:44:03 | 000,654,848 | ---- | M] (Macrovision Europe Ltd.) [On_Demand | Stopped] -- C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe -- (FLEXnet Licensing Service) SRV - [2009.07.14 03:16:13 | 000,025,088 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\sensrsvc.dll -- (SensrSvc) SRV - [2009.07.14 03:15:41 | 000,680,960 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Programme\Windows Defender\MpSvc.dll -- (WinDefend) SRV - [2007.09.11 00:45:04 | 000,124,832 | ---- | M] () [Auto | Running] -- C:\Programme\Adobe\Photoshop Elements 6.0\PhotoshopElementsFileAgent.exe -- (AdobeActiveFileMonitor6.0) SRV - [2007.03.22 11:09:16 | 001,689,304 | ---- | M] ( ) [Auto | Running] -- C:\Programme\Ashampoo\Ashampoo Magical Defrag\bin\aDefragService.exe -- (AshampooDefragService) SRV - [2005.11.17 15:18:52 | 001,527,900 | ---- | M] (MAGIX®) [On_Demand | Stopped] -- C:\Programme\MAGIX\Common\Database\bin\fbserver.exe -- (FirebirdServerMAGIXInstance) SRV - [2005.03.04 12:42:08 | 000,315,392 | ---- | M] (AVM Berlin) [On_Demand | Stopped] -- C:\Programme\Common Files\AVM\De_serv.exe -- (de_serv) SRV - [2005.03.04 11:50:00 | 000,118,784 | ---- | M] (AVM Berlin) [Auto | Running] -- C:\Programme\FRITZ!DSL\IGDCTRL.EXE -- (AVM IGD CTRL Service) ========== Driver Services (SafeList) ========== DRV - [2011.03.20 11:42:20 | 000,137,656 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\Windows\System32\drivers\avipbb.sys -- (avipbb) DRV - [2010.11.22 23:55:16 | 000,061,960 | ---- | M] (Avira GmbH) [File_System | Auto | Running] -- C:\Windows\System32\drivers\avgntflt.sys -- (avgntflt) DRV - [2010.10.13 22:49:42 | 000,022,768 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\usbsermpt.sys -- (usbsermpt) DRV - [2010.08.14 17:59:32 | 000,281,760 | ---- | M] () [Kernel | Auto | Running] -- C:\Windows\System32\drivers\atksgt.sys -- (atksgt) DRV - [2010.08.14 17:59:32 | 000,025,888 | ---- | M] () [Kernel | Auto | Running] -- C:\Windows\System32\drivers\lirsgt.sys -- (lirsgt) DRV - [2010.07.10 06:37:00 | 011,008,040 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\nvlddmkm.sys -- (nvlddmkm) DRV - [2009.12.22 02:26:36 | 000,030,392 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\usbfilter.sys -- (usbfilter) DRV - [2009.11.20 13:15:18 | 000,137,728 | ---- | M] (NEC Electronics Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\nusb3xhc.sys -- (nusb3xhc) DRV - [2009.11.20 13:15:16 | 000,058,880 | ---- | M] (NEC Electronics Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\nusb3hub.sys -- (nusb3hub) DRV - [2009.05.11 10:12:49 | 000,028,520 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\Windows\System32\drivers\ssmdrv.sys -- (ssmdrv) DRV - [2009.05.05 03:00:28 | 000,014,392 | ---- | M] (Advanced Micro Devices Inc.) [Kernel | Boot | Running] -- C:\Windows\system32\DRIVERS\AtiPcie.sys -- (AtiPcie) AMD PCI Express (3GIO) DRV - [2009.04.29 15:37:26 | 000,025,088 | ---- | M] (Windows (R) Codename Longhorn DDK provider) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\KMWDFILTER.sys -- (KMWDFILTERx86) DRV - [2009.03.18 17:35:40 | 000,026,176 | ---- | M] (LogMeIn, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\hamachi.sys -- (hamachi) DRV - [2008.05.02 11:58:14 | 000,020,864 | ---- | M] (Nokia) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\ccdcmbo.sys -- (nmwcdc) DRV - [2008.05.02 11:58:14 | 000,008,064 | ---- | M] (Windows (R) Codename Longhorn DDK provider) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\usbser_lowerflt.sys -- (upperdev) DRV - [2008.05.02 11:58:12 | 000,017,536 | ---- | M] (Nokia) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\ccdcmb.sys -- (nmwcd) DRV - [2007.07.27 12:46:06 | 000,251,680 | ---- | M] (Protect Software GmbH) [Kernel | Auto | Running] -- C:\Windows\System32\drivers\acehlp10.sys -- (acehlp10) DRV - [2007.07.27 10:13:08 | 000,330,144 | ---- | M] (Protect Software GmbH) [Kernel | Auto | Running] -- C:\Windows\System32\drivers\ACEDRV10.sys -- (acedrv10) DRV - [2007.05.11 16:17:25 | 000,221,184 | ---- | M] (TerraTec Electronic GmbH.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\Cinergy_HT_PCI_MKII.sys -- (Cinergy_HT_PCI_MKII) Cinergy HT PCI (MKII) DRV - [2004.07.14 12:54:42 | 000,676,864 | ---- | M] (Aladdin Knowledge Systems) [Kernel | Auto | Running] -- C:\Windows\System32\drivers\hardlock.sys -- (Hardlock) ========== Standard Registry (SafeList) ========== ========== Internet Explorer ========== IE - HKLM\..\URLSearchHook: - Reg Error: Key error. File not found IE - HKLM\..\URLSearchHook: {855F3B16-6D32-4fe6-8A56-BBB695989046} - Reg Error: Key error. File not found IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://start.icq.com/ IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = hxxp://de.msn.com/?ocid=iehp IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = de IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 37 13 EE 64 48 11 CB 01 [binary data] IE - HKCU\..\URLSearchHook: - Reg Error: Key error. File not found IE - HKCU\..\URLSearchHook: {cc05a3e3-64c3-4af2-bfc1-af0d66b69065} - Reg Error: Key error. File not found IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local ========== FireFox ========== FF - prefs.js..browser.search.defaultenginename: "ICQ Search" FF - prefs.js..browser.search.selectedEngine: "Google" FF - prefs.js..browser.startup.homepage: "hxxp://www.gmx.net/" FF - prefs.js..extensions.enabledItems: {CE6E6E3B-84DD-4cac-9F63-8D2AE4F30A4B}:3.2 FF - prefs.js..extensions.enabledItems: {ef4e370e-d9f0-4e00-b93e-a4f274cfdd5a}:1.4.1 FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA}:6.0.21 FF - prefs.js..extensions.enabledItems: {c0c9a2c7-2e5c-4447-bc53-97718bc91e1b}:4.0 FF - prefs.js..extensions.enabledItems: {37E4D8EA-8BDA-4831-8EA1-89053939A250}:3.0.0.2 FF - prefs.js..extensions.enabledItems: toolbar@ask.com:3.9.1.14019 FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA}:6.0.23 FF - prefs.js..extensions.enabledItems: engine@conduit.com:3.2.5.2 FF - prefs.js..extensions.enabledItems: {cc05a3e3-64c3-4af2-bfc1-af0d66b69065}:3.2.5.2 FF - prefs.js..extensions.enabledItems: longurlplease@darragh.curran:0.4.3 FF - prefs.js..extensions.enabledItems: {D4DD63FA-01E4-46a7-B6B1-EDAB7D6AD389}:0.9.8 FF - prefs.js..extensions.enabledItems: FirefoxAddon@similarWeb.com:1.2.06 FF - prefs.js..extensions.enabledItems: {23fcfd51-4958-4f00-80a3-ae97e717ed8b}:2.1.1.94 FF - prefs.js..extensions.enabledItems: {6904342A-8307-11DF-A508-4AE2DFD72085}:2.1.1.94 FF - prefs.js..keyword.URL: "hxxp://search.icq.com/search/afe_results.php?ch_id=afex&tb_ver=2.0.0.4&q=" FF - HKLM\software\mozilla\Firefox\Extensions\\{23fcfd51-4958-4f00-80a3-ae97e717ed8b}: C:\Program Files\DivX\DivX Plus Web Player\firefox\html5video [2011.03.18 21:07:43 | 000,000,000 | ---D | M] FF - HKLM\software\mozilla\Firefox\Extensions\\{6904342A-8307-11DF-A508-4AE2DFD72085}: C:\Program Files\DivX\DivX Plus Web Player\firefox\wpa [2011.03.18 21:07:43 | 000,000,000 | ---D | M] FF - HKLM\software\mozilla\Mozilla Firefox 4.0\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2011.03.21 07:49:57 | 000,000,000 | ---D | M] FF - HKLM\software\mozilla\Mozilla Firefox 4.0\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2011.03.19 11:55:34 | 000,000,000 | ---D | M] [2010.06.26 15:07:01 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Melms\AppData\Roaming\mozilla\Extensions [2011.04.15 23:44:35 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Melms\AppData\Roaming\mozilla\Firefox\Profiles\xsdvpeay.default\extensions [2011.02.04 09:34:03 | 000,000,000 | ---D | M] (PDF Download) -- C:\Users\Melms\AppData\Roaming\mozilla\Firefox\Profiles\xsdvpeay.default\extensions\{37E4D8EA-8BDA-4831-8EA1-89053939A250} [2011.01.14 09:29:30 | 000,000,000 | ---D | M] ("CoolPreviews") -- C:\Users\Melms\AppData\Roaming\mozilla\Firefox\Profiles\xsdvpeay.default\extensions\{CE6E6E3B-84DD-4cac-9F63-8D2AE4F30A4B} [2011.03.12 09:14:20 | 000,000,000 | ---D | M] (Download Statusbar) -- C:\Users\Melms\AppData\Roaming\mozilla\Firefox\Profiles\xsdvpeay.default\extensions\{D4DD63FA-01E4-46a7-B6B1-EDAB7D6AD389} [2011.02.19 16:23:41 | 000,000,000 | ---D | M] (SimilarWeb) -- C:\Users\Melms\AppData\Roaming\mozilla\Firefox\Profiles\xsdvpeay.default\extensions\FirefoxAddon@similarWeb.com [2011.03.27 11:05:20 | 000,000,000 | ---D | M] (Foxit PDF Creator Toolbar) -- C:\Users\Melms\AppData\Roaming\mozilla\Firefox\Profiles\xsdvpeay.default\extensions\toolbar@ask.com [2011.04.25 23:21:55 | 000,001,056 | ---- | M] () -- C:\Users\Melms\AppData\Roaming\Mozilla\Firefox\Profiles\xsdvpeay.default\searchplugins\icqplugin.xml [2011.03.19 11:55:36 | 000,000,000 | ---D | M] (No name found) -- C:\Programme\Mozilla Firefox\extensions [2010.07.17 09:13:10 | 000,000,000 | ---D | M] (Java Console) -- C:\Programme\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA} [2011.01.12 09:21:14 | 000,000,000 | ---D | M] (Java Console) -- C:\Programme\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA} File not found (No name found) -- [2010.07.17 09:13:10 | 000,000,000 | ---D | M] (Java Console) -- C:\PROGRAM FILES\MOZILLA FIREFOX\EXTENSIONS\{CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA} [2011.01.12 09:21:14 | 000,000,000 | ---D | M] (Java Console) -- C:\PROGRAM FILES\MOZILLA FIREFOX\EXTENSIONS\{CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA} () (No name found) -- C:\USERS\MELMS\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\XSDVPEAY.DEFAULT\EXTENSIONS\{C0C9A2C7-2E5C-4447-BC53-97718BC91E1B}.XPI () (No name found) -- C:\USERS\MELMS\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\XSDVPEAY.DEFAULT\EXTENSIONS\{EF4E370E-D9F0-4E00-B93E-A4F274CFDD5A}.XPI [2011.03.21 07:49:56 | 000,142,296 | ---- | M] (Mozilla Foundation) -- C:\Programme\Mozilla Firefox\components\browsercomps.dll [2010.11.12 19:53:06 | 000,472,808 | ---- | M] (Sun Microsystems, Inc.) -- C:\Programme\Mozilla Firefox\plugins\npdeployJava1.dll [2010.06.21 17:10:13 | 000,072,960 | ---- | M] (Foxit Software Company) -- C:\Programme\Mozilla Firefox\plugins\npFoxitReaderPlugin.dll [2010.12.09 12:47:06 | 000,012,800 | ---- | M] (Nullsoft, Inc.) -- C:\Programme\Mozilla Firefox\plugins\npwachk.dll [2010.01.01 10:00:00 | 000,001,392 | ---- | M] () -- C:\Programme\Mozilla Firefox\searchplugins\amazondotcom-de.xml [2010.01.01 10:00:00 | 000,002,252 | ---- | M] () -- C:\Programme\Mozilla Firefox\searchplugins\bing.xml [2010.01.01 10:00:00 | 000,001,153 | ---- | M] () -- C:\Programme\Mozilla Firefox\searchplugins\eBay-de.xml [2010.01.01 10:00:00 | 000,006,805 | ---- | M] () -- C:\Programme\Mozilla Firefox\searchplugins\leo_ende_de.xml [2010.01.01 10:00:00 | 000,001,178 | ---- | M] () -- C:\Programme\Mozilla Firefox\searchplugins\wikipedia-de.xml [2010.01.01 10:00:00 | 000,001,105 | ---- | M] () -- C:\Programme\Mozilla Firefox\searchplugins\yahoo-de.xml O1 HOSTS File: ([2009.06.10 23:39:37 | 000,000,824 | ---- | M]) - C:\Windows\System32\drivers\etc\hosts O2 - BHO: (Shareaza Web Download Hook) - {0EEDB912-C5FA-486F-8334-57288578C627} - C:\Programme\Shareaza\RazaWebHook32.dll (Shareaza Development Team) O2 - BHO: (DivX Plus Web Player HTML5 <video>) - {326E768D-4182-46FD-9C16-1449A49795F4} - C:\Programme\DivX\DivX Plus Web Player\npdivx32.dll (DivX, LLC) O2 - BHO: (Idea2 SidebarBrowserMonitor Class) - {45AD732C-2CE2-4666-B366-B2214AD57A49} - C:\Programme\Desktop Sidebar\sbhelp.dll (Idea2) O2 - BHO: (DivX HiQ) - {593DDEC6-7468-4cdd-90E1-42DADAA222E9} - C:\Programme\DivX\DivX Plus Web Player\npdivx32.dll (DivX, LLC) O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - No CLSID value found. O2 - BHO: (Windows Live Anmelde-Hilfsprogramm) - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Programme\Common Files\microsoft shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corporation) O2 - BHO: (Foxit PDF Creator Toolbar) - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Programme\Ask.com\GenericAskToolbar.dll (Ask) O3 - HKLM\..\Toolbar: (TerraTec Home Cinema) - {AD6E6555-FB2C-47D4-8339-3E2965509877} - C:\Programme\TerraTec\TerraTec Home Cinema\ThcDeskBand.dll (TerraTec Electronic GmbH) O3 - HKLM\..\Toolbar: (Foxit PDF Creator Toolbar) - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Programme\Ask.com\GenericAskToolbar.dll (Ask) O3 - HKCU\..\Toolbar\WebBrowser: (Foxit PDF Creator Toolbar) - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Programme\Ask.com\GenericAskToolbar.dll (Ask) O4 - HKLM..\Run: [Adobe Photo Downloader] C:\Program Files\Adobe\Photoshop Elements 6.0\apdproxy.exe (Adobe Systems Incorporated) O4 - HKLM..\Run: [avgnt] C:\Program Files\Avira\AntiVir Desktop\avgnt.exe (Avira GmbH) O4 - HKLM..\Run: [DataLayer] C:\Programme\Common Files\PCSuite\DataLayer\DataLayer.exe (Nokia Mobile Phones Ltd.) O4 - HKLM..\Run: [DivXUpdate] C:\Program Files\DivX\DivX Update\DivXUpdate.exe () O4 - HKLM..\Run: [LogMeIn Hamachi Ui] C:\Program Files\LogMeIn Hamachi\hamachi-2-ui.exe (LogMeIn Inc.) O4 - HKLM..\Run: [NUSB3MON] C:\Program Files\NEC Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe (NEC Electronics Corporation) O4 - HKLM..\Run: [PCSuiteTrayApplication] C:\Program Files\Nokia\Nokia PC Suite 6\Launch Application 2.exe (Nokia) O4 - HKLM..\Run: [tsnp2uvc] C:\Windows\tsnp2uvc.exe () O4 - HKLM..\Run: [WinampAgent] C:\Program Files\Winamp\winampa.exe (Nullsoft, Inc.) O4 - HKCU..\Run: [PcSync] C:\Program Files\Nokia\Nokia PC Suite 6\PcSync2.exe (Time Information Services Ltd.) O4 - HKCU..\Run: [Remote Control Editor] C:\Program Files\Common Files\TerraTec\Remote\TTTvRc.exe (TerraTec Electronic GmbH) O4 - HKCU..\Run: [Shareaza] C:\Program Files\Shareaza\Shareaza.exe (Shareaza Development Team) O4 - HKCU..\Run: [SIDEBAR] C:\Program Files\Desktop Sidebar\dsidebar.exe (Idea2) O4 - Startup: C:\Users\Melms\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OpenOffice.org 3.2.lnk = C:\Programme\OpenOffice.org 3\program\quickstart.exe () O4 - Startup: C:\Users\Melms\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\TV-Browser.url () O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 0 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableLUA = 0 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: PromptOnSecureDesktop = 0 O8 - Extra context menu item: Download with &Shareaza - C:\Program Files\Shareaza\RazaWebHook32.dll (Shareaza Development Team) O9 - Extra Button: Subscribe in Desktop Sidebar - {09FE188B-6E85-479e-9411-51FB2220DF80} - C:\Programme\Desktop Sidebar\sbhelp.dll (Idea2) O9 - Extra 'Tools' menuitem : Subscribe in Desktop Sidebar - {09FE188B-6E85-479e-9411-51FB2220DF80} - C:\Programme\Desktop Sidebar\sbhelp.dll (Idea2) O9 - Extra Button: ICQ7.4 - {73C6DCFB-B606-47F3-BDFA-9A4FBF931E37} - C:\Programme\ICQ7.4\ICQ.exe (ICQ, LLC.) O9 - Extra 'Tools' menuitem : ICQ7.4 - {73C6DCFB-B606-47F3-BDFA-9A4FBF931E37} - C:\Programme\ICQ7.4\ICQ.exe (ICQ, LLC.) O10 - NameSpace_Catalog5\Catalog_Entries\000000000007 [] - C:\Programme\Bonjour\mdnsNSP.dll (Apple Inc.) O13 - gopher Prefix: missing O15 - HKCU\..Trusted Domains: fritz.box ([]* in Lokales Intranet) O15 - HKCU\..Trusted Ranges: Range1 ([*] in Lokales Intranet) O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_23-windows-i586.cab (Java Plug-in 1.6.0_23) O16 - DPF: {CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_23-windows-i586.cab (Java Plug-in 1.6.0_23) O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_23-windows-i586.cab (Java Plug-in 1.6.0_23) O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} hxxp://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab (Shockwave Flash Object) O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.178.1 O18 - Protocol\Handler\livecall {828030A1-22C1-4009-854F-8E305202313F} - C:\Programme\Windows Live\Messenger\msgrapp.14.0.8117.0416.dll (Microsoft Corporation) O18 - Protocol\Handler\msnim {828030A1-22C1-4009-854F-8E305202313F} - C:\Programme\Windows Live\Messenger\msgrapp.14.0.8117.0416.dll (Microsoft Corporation) O18 - Protocol\Filter\application/octet-stream {1E66F26B-79EE-11D2-8710-00C04F79ED0D} - mscoree.dll (Microsoft Corporation) O18 - Protocol\Filter\application/x-complus {1E66F26B-79EE-11D2-8710-00C04F79ED0D} - mscoree.dll (Microsoft Corporation) O18 - Protocol\Filter\application/x-msdownload {1E66F26B-79EE-11D2-8710-00C04F79ED0D} - mscoree.dll (Microsoft Corporation) O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation) O20 - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - SystemPropertiesPerformance.exe (Microsoft Corporation) O20 - HKLM Winlogon: VMApplet - (/pagefile) - File not found O20 - HKCU Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation) O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - CLSID or File not found. O22 - SharedTaskScheduler: {E31004D1-A431-41B8-826F-E902F9D95C81} - Windows DreamScene - C:\Windows\System32\DreamScene.dll (Microsoft Corporation) O29 - HKLM SecurityProviders - (credssp.dll) - credssp.dll (Microsoft Corporation) O32 - HKLM CDRom: AutoRun - 1 O32 - AutoRun File - [2009.06.10 23:42:20 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ] O33 - MountPoints2\{280400cd-59da-11e0-b01d-6cf049e2f3ee}\Shell - "" = AutoRun O33 - MountPoints2\{280400cd-59da-11e0-b01d-6cf049e2f3ee}\Shell\AutoRun\command - "" = F:\EasySuite.exe O33 - MountPoints2\{a2133406-85c9-11df-916f-6cf049e2f3ee}\Shell - "" = AutoRun O33 - MountPoints2\{a2133406-85c9-11df-916f-6cf049e2f3ee}\Shell\AutoRun\command - "" = K:\autorun.exe de O34 - HKLM BootExecute: (autocheck autochk *) - File not found O35 - HKLM\..comfile [open] -- "%1" %* O35 - HKLM\..exefile [open] -- "%1" %* O37 - HKLM\...com [@ = comfile] -- "%1" %* O37 - HKLM\...exe [@ = exefile] -- "%1" %* ========== Files/Folders - Created Within 30 Days ========== [2011.04.28 08:17:32 | 000,000,000 | ---D | C] -- C:\ecebd7d2dd50074cfa1593d09b [2011.04.22 17:45:07 | 000,000,000 | ---D | C] -- C:\Users\Melms\AppData\Roaming\Need for Speed World [2011.04.22 17:16:59 | 000,000,000 | ---D | C] -- C:\Users\Melms\AppData\Local\Electronic_Arts_Inc [2011.04.18 19:48:41 | 000,000,000 | ---D | C] -- C:\Users\Melms\AppData\Roaming\TV-Browser [2011.04.11 21:18:53 | 000,000,000 | ---D | C] -- C:\Users\Melms\AppData\Roaming\Malwarebytes [2011.04.11 21:18:49 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes' Anti-Malware [2011.04.11 21:18:48 | 000,038,224 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbamswissarmy.sys [2011.04.11 21:18:48 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes [2011.04.11 21:18:45 | 000,000,000 | ---D | C] -- C:\Programme\Malwarebytes' Anti-Malware [2011.04.11 21:17:26 | 007,734,208 | ---- | C] (Malwarebytes Corporation ) -- C:\Users\Melms\Desktop\herbert.exe [2011.04.11 20:21:31 | 000,580,608 | ---- | C] (OldTimer Tools) -- C:\Users\Melms\Desktop\OTL.exe [2011.04.10 15:32:20 | 000,000,000 | ---D | C] -- C:\Programme\Yuna Software [2011.04.01 15:04:23 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ICQ7.4 [2011.04.01 15:03:56 | 000,000,000 | ---D | C] -- C:\Programme\ICQ7.4 [2011.04.01 13:20:30 | 000,026,176 | ---- | C] (LogMeIn, Inc.) -- C:\Windows\System32\hamachi.sys [2011.04.01 13:20:28 | 000,000,000 | ---D | C] -- C:\Programme\LogMeIn Hamachi [2011.04.01 13:20:28 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\LogMeIn Hamachi [2011.03.29 09:56:05 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\FRITZ!Box [2011.03.29 09:55:12 | 000,053,760 | R--- | C] (AVM GmbH) -- C:\Windows\System32\avmadd32.dll [2010.10.11 21:12:07 | 000,180,224 | ---- | C] ( ) -- C:\Windows\System32\rsnp2uvc.dll [1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ] ========== Files - Modified Within 30 Days ========== [2011.04.28 08:20:48 | 000,014,624 | ---- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0 [2011.04.28 08:20:48 | 000,014,624 | ---- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0 [2011.04.28 08:19:41 | 000,668,302 | ---- | M] () -- C:\Windows\System32\perfh007.dat [2011.04.28 08:19:41 | 000,619,894 | ---- | M] () -- C:\Windows\System32\perfh009.dat [2011.04.28 08:19:41 | 000,134,150 | ---- | M] () -- C:\Windows\System32\perfc007.dat [2011.04.28 08:19:41 | 000,110,082 | ---- | M] () -- C:\Windows\System32\perfc009.dat [2011.04.28 08:19:05 | 000,001,094 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job [2011.04.28 08:13:34 | 000,001,090 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job [2011.04.28 08:13:30 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat [2011.04.28 08:13:19 | 1610,309,632 | -HS- | M] () -- C:\hiberfil.sys [2011.04.27 21:58:56 | 000,010,610 | ---- | M] () -- C:\Users\Melms\Desktop\schafe.png [2011.04.27 21:34:00 | 000,014,591 | ---- | M] () -- C:\Users\Melms\Desktop\7lx41k8ykeq.png [2011.04.25 20:56:50 | 005,722,575 | ---- | M] () -- C:\Users\Melms\Desktop\newstime_ausgabe43.pdf [2011.04.22 17:16:39 | 000,002,167 | ---- | M] () -- C:\Users\Public\Desktop\Need For Speed World.lnk [2011.04.21 18:58:11 | 000,293,488 | ---- | M] () -- C:\Users\Melms\Desktop\driving-at-night-1280x960.jpg [2011.04.16 22:50:30 | 000,000,381 | ---- | M] () -- C:\Windows\BeatBox.INI [2011.04.16 22:50:30 | 000,000,028 | ---- | M] () -- C:\Windows\Robota.INI [2011.04.15 20:14:58 | 000,334,200 | ---- | M] () -- C:\Windows\System32\FNTCACHE.DAT [2011.04.12 18:00:16 | 000,025,336 | ---- | M] () -- C:\Users\Melms\Desktop\Checkliste Unterlagen ESt.pdf [2011.04.11 22:59:52 | 000,504,657 | ---- | M] () -- C:\Users\Melms\Desktop\unhide.exe [2011.04.11 21:18:49 | 000,001,071 | ---- | M] () -- C:\Users\Public\Desktop\Malwarebytes' Anti-Malware.lnk [2011.04.11 21:17:42 | 007,734,208 | ---- | M] (Malwarebytes Corporation ) -- C:\Users\Melms\Desktop\herbert.exe [2011.04.11 21:10:03 | 320,021,172 | ---- | M] () -- C:\Windows\MEMORY.DMP [2011.04.11 21:07:59 | 001,006,778 | ---- | M] () -- C:\Users\Melms\Desktop\iExplorer.exe.com [2011.04.11 20:21:31 | 000,580,608 | ---- | M] (OldTimer Tools) -- C:\Users\Melms\Desktop\OTL.exe [2011.04.11 20:08:44 | 000,000,392 | ---- | M] () -- C:\ProgramData\34791176 [2011.04.11 20:06:52 | 000,000,136 | ---- | M] () -- C:\ProgramData\~34791176r [2011.04.11 20:06:52 | 000,000,104 | ---- | M] () -- C:\ProgramData\~34791176 [2011.04.02 18:44:40 | 000,420,467 | ---- | M] () -- C:\Users\Melms\Desktop\image.png [2011.03.30 21:39:07 | 000,001,236 | ---- | M] () -- C:\Users\Melms\Desktop\Eigene Dateien.lnk [2011.03.30 21:38:54 | 000,000,798 | ---- | M] () -- C:\Users\Melms\Desktop\mircG5.0.exe - Verknüpfung.lnk [2011.03.29 09:56:06 | 000,000,994 | ---- | M] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\FRITZ!DSL Startcenter.lnk [1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ] ========== Files Created - No Company Name ========== [2011.04.27 21:58:56 | 000,010,610 | ---- | C] () -- C:\Users\Melms\Desktop\schafe.png [2011.04.27 21:33:54 | 000,014,591 | ---- | C] () -- C:\Users\Melms\Desktop\7lx41k8ykeq.png [2011.04.25 20:56:38 | 005,722,575 | ---- | C] () -- C:\Users\Melms\Desktop\newstime_ausgabe43.pdf [2011.04.22 17:16:39 | 000,002,167 | ---- | C] () -- C:\Users\Public\Desktop\Need For Speed World.lnk [2011.04.21 18:58:00 | 000,293,488 | ---- | C] () -- C:\Users\Melms\Desktop\driving-at-night-1280x960.jpg [2011.04.12 18:00:15 | 000,025,336 | ---- | C] () -- C:\Users\Melms\Desktop\Checkliste Unterlagen ESt.pdf [2011.04.11 22:59:53 | 000,504,657 | ---- | C] () -- C:\Users\Melms\Desktop\unhide.exe [2011.04.11 21:18:49 | 000,001,071 | ---- | C] () -- C:\Users\Public\Desktop\Malwarebytes' Anti-Malware.lnk [2011.04.11 21:10:03 | 320,021,172 | ---- | C] () -- C:\Windows\MEMORY.DMP [2011.04.11 21:07:56 | 001,006,778 | ---- | C] () -- C:\Users\Melms\Desktop\iExplorer.exe.com [2011.04.11 20:02:31 | 000,000,136 | ---- | C] () -- C:\ProgramData\~34791176r [2011.04.11 20:02:30 | 000,000,104 | ---- | C] () -- C:\ProgramData\~34791176 [2011.04.11 20:02:28 | 000,000,392 | ---- | C] () -- C:\ProgramData\34791176 [2011.04.02 18:44:38 | 000,420,467 | ---- | C] () -- C:\Users\Melms\Desktop\image.png [2011.03.20 20:48:15 | 000,043,520 | ---- | C] () -- C:\Windows\System32\CmdLineExt03.dll [2011.02.27 01:45:09 | 000,000,381 | ---- | C] () -- C:\Windows\BeatBox.INI [2011.02.27 01:45:09 | 000,000,028 | ---- | C] () -- C:\Windows\Robota.INI [2011.02.27 00:58:31 | 000,124,596 | ---- | C] () -- C:\Windows\System32\mlfcache.dat [2011.02.05 20:09:24 | 000,139,152 | ---- | C] () -- C:\Windows\System32\drivers\PnkBstrK.sys [2011.02.05 20:09:18 | 000,139,152 | ---- | C] () -- C:\Users\Melms\AppData\Roaming\PnkBstrK.sys [2011.02.05 20:08:43 | 000,111,928 | ---- | C] () -- C:\Windows\System32\PnkBstrB.exe [2011.02.05 20:08:40 | 000,794,408 | ---- | C] () -- C:\Windows\System32\pbsvc.exe [2011.02.05 20:08:40 | 000,075,064 | ---- | C] () -- C:\Windows\System32\PnkBstrA.exe [2011.02.03 21:56:57 | 000,000,019 | ---- | C] () -- C:\Windows\SoundConverter.INI [2010.12.29 21:00:43 | 000,000,180 | ---- | C] () -- C:\Windows\System32\msftpd.exe [2010.12.19 20:34:53 | 000,000,221 | ---- | C] () -- C:\Windows\SOFTEK.INI [2010.10.19 17:18:19 | 000,002,464 | ---- | C] () -- C:\Windows\netdet.ini [2010.10.15 21:00:00 | 000,006,656 | ---- | C] () -- C:\Users\Melms\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini [2010.10.11 21:12:07 | 000,237,568 | ---- | C] () -- C:\Windows\tsnp2uvc.exe [2010.08.28 19:41:48 | 000,053,248 | ---- | C] () -- C:\Windows\System32\mgxasio2.dll [2010.08.28 19:34:40 | 000,120,200 | ---- | C] () -- C:\Windows\System32\DLLDEV32i.dll [2010.08.28 19:34:13 | 000,006,768 | ---- | C] () -- C:\Windows\mgxoschk.ini [2010.08.14 17:26:47 | 000,007,597 | ---- | C] () -- C:\Users\Melms\AppData\Local\Resmon.ResmonCfg [2010.08.14 17:14:19 | 000,281,760 | ---- | C] () -- C:\Windows\System32\drivers\atksgt.sys [2010.08.14 17:14:14 | 000,025,888 | ---- | C] () -- C:\Windows\System32\drivers\lirsgt.sys [2010.07.27 13:00:39 | 000,000,614 | ---- | C] () -- C:\Windows\eReg.dat [2010.07.04 11:29:04 | 000,000,209 | ---- | C] () -- C:\Windows\ODBCINST.INI [2009.08.03 00:21:54 | 000,197,912 | ---- | C] () -- C:\Windows\System32\physxcudart_20.dll [2009.08.03 00:21:54 | 000,058,648 | ---- | C] () -- C:\Windows\System32\AgCPanelTraditionalChinese.dll [2009.08.03 00:21:54 | 000,058,648 | ---- | C] () -- C:\Windows\System32\AgCPanelSwedish.dll [2009.08.03 00:21:54 | 000,058,648 | ---- | C] () -- C:\Windows\System32\AgCPanelSpanish.dll [2009.08.03 00:21:54 | 000,058,648 | ---- | C] () -- C:\Windows\System32\AgCPanelSimplifiedChinese.dll [2009.08.03 00:21:54 | 000,058,648 | ---- | C] () -- C:\Windows\System32\AgCPanelPortugese.dll [2009.08.03 00:21:54 | 000,058,648 | ---- | C] () -- C:\Windows\System32\AgCPanelKorean.dll [2009.08.03 00:21:54 | 000,058,648 | ---- | C] () -- C:\Windows\System32\AgCPanelJapanese.dll [2009.08.03 00:21:52 | 000,058,648 | ---- | C] () -- C:\Windows\System32\AgCPanelGerman.dll [2009.08.03 00:21:52 | 000,058,648 | ---- | C] () -- C:\Windows\System32\AgCPanelFrench.dll [2009.07.14 10:47:43 | 000,668,302 | ---- | C] () -- C:\Windows\System32\perfh007.dat [2009.07.14 10:47:43 | 000,295,922 | ---- | C] () -- C:\Windows\System32\perfi007.dat [2009.07.14 10:47:43 | 000,134,150 | ---- | C] () -- C:\Windows\System32\perfc007.dat [2009.07.14 10:47:43 | 000,038,104 | ---- | C] () -- C:\Windows\System32\perfd007.dat [2009.07.14 06:57:37 | 000,067,584 | --S- | C] () -- C:\Windows\bootstat.dat [2009.07.14 06:33:53 | 000,334,200 | ---- | C] () -- C:\Windows\System32\FNTCACHE.DAT [2009.07.14 04:05:48 | 000,619,894 | ---- | C] () -- C:\Windows\System32\perfh009.dat [2009.07.14 04:05:48 | 000,291,294 | ---- | C] () -- C:\Windows\System32\perfi009.dat [2009.07.14 04:05:48 | 000,110,082 | ---- | C] () -- C:\Windows\System32\perfc009.dat [2009.07.14 04:05:48 | 000,031,548 | ---- | C] () -- C:\Windows\System32\perfd009.dat [2009.07.14 04:05:05 | 000,000,741 | ---- | C] () -- C:\Windows\System32\NOISE.DAT [2009.07.14 04:04:11 | 000,215,943 | ---- | C] () -- C:\Windows\System32\dssec.dat [2009.07.14 01:55:01 | 000,043,131 | ---- | C] () -- C:\Windows\mib.bin [2009.07.14 01:51:43 | 000,073,728 | ---- | C] () -- C:\Windows\System32\BthpanContextHandler.dll [2009.07.14 01:42:10 | 000,064,000 | ---- | C] () -- C:\Windows\System32\BWContextHandler.dll [2009.06.10 23:26:10 | 000,673,088 | ---- | C] () -- C:\Windows\System32\mlang.dat ========== LOP Check ========== [2010.07.20 15:35:15 | 000,000,000 | ---D | M] -- C:\Users\Melms\AppData\Roaming\#Company short name [2011.01.23 20:41:11 | 000,000,000 | ---D | M] -- C:\Users\Melms\AppData\Roaming\Aston [2011.01.23 17:12:59 | 000,000,000 | ---D | M] -- C:\Users\Melms\AppData\Roaming\Bump Technologies, Inc [2011.04.27 23:35:21 | 000,000,000 | ---D | M] -- C:\Users\Melms\AppData\Roaming\Desktop Sidebar [2010.12.29 14:42:48 | 000,000,000 | ---D | M] -- C:\Users\Melms\AppData\Roaming\FileZilla [2010.06.21 17:10:18 | 000,000,000 | ---D | M] -- C:\Users\Melms\AppData\Roaming\Foxit [2010.10.09 10:25:23 | 000,000,000 | ---D | M] -- C:\Users\Melms\AppData\Roaming\Foxit Software [2011.03.13 11:46:42 | 000,000,000 | ---D | M] -- C:\Users\Melms\AppData\Roaming\FRITZ! [2011.04.27 23:19:21 | 000,000,000 | ---D | M] -- C:\Users\Melms\AppData\Roaming\ICQ [2010.11.14 21:51:58 | 000,000,000 | ---D | M] -- C:\Users\Melms\AppData\Roaming\Jasc [2010.08.29 13:58:48 | 000,000,000 | ---D | M] -- C:\Users\Melms\AppData\Roaming\Lern-o-Mat [2010.08.28 19:43:37 | 000,000,000 | ---D | M] -- C:\Users\Melms\AppData\Roaming\MAGIX [2011.04.22 17:45:07 | 000,000,000 | ---D | M] -- C:\Users\Melms\AppData\Roaming\Need for Speed World [2011.02.21 23:21:18 | 000,000,000 | ---D | M] -- C:\Users\Melms\AppData\Roaming\Nokia Multimedia Player [2010.07.04 13:01:02 | 000,000,000 | ---D | M] -- C:\Users\Melms\AppData\Roaming\OpenOffice.org [2011.02.21 23:18:43 | 000,000,000 | ---D | M] -- C:\Users\Melms\AppData\Roaming\PC Suite [2011.02.16 13:00:53 | 000,000,000 | ---D | M] -- C:\Users\Melms\AppData\Roaming\Shareaza [2010.06.26 20:34:09 | 000,000,000 | ---D | M] -- C:\Users\Melms\AppData\Roaming\Sierra [2010.06.26 20:20:43 | 000,000,000 | ---D | M] -- C:\Users\Melms\AppData\Roaming\Sierra Entertainment [2010.06.27 21:49:29 | 000,000,000 | ---D | M] -- C:\Users\Melms\AppData\Roaming\Subversion [2010.06.26 18:59:17 | 000,000,000 | ---D | M] -- C:\Users\Melms\AppData\Roaming\TerraTec [2010.10.31 14:46:00 | 000,000,000 | ---D | M] -- C:\Users\Melms\AppData\Roaming\Tokback [2011.04.28 08:13:44 | 000,000,000 | ---D | M] -- C:\Users\Melms\AppData\Roaming\TV-Browser [2011.02.16 23:05:57 | 000,000,000 | ---D | M] -- C:\Users\Melms\AppData\Roaming\wargaming.net [2011.03.25 15:10:55 | 000,032,640 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT ========== Purity Check ========== ========== Alternate Data Streams ========== @Alternate Data Stream - 16 bytes -> C:\Users\Melms\Downloads:Shareaza.GUID < End of report > Code:
ATTFilter OTL logfile created on: 28.04.2011 21:27:50 - Run 3 OTL by OldTimer - Version 3.2.22.3 Folder = C:\Users\Melms\Desktop Home Premium Edition (Version = 6.1.7600) - Type = NTWorkstation Internet Explorer (Version = 8.0.7600.16385) Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy 2,00 Gb Total Physical Memory | 1,00 Gb Available Physical Memory | 39,00% Memory free 4,00 Gb Paging File | 1,00 Gb Available in Paging File | 36,00% Paging File free Paging file location(s): ?:\pagefile.sys [binary data] %SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files Drive C: | 443,13 Gb Total Space | 312,99 Gb Free Space | 70,63% Space Free | Partition Type: NTFS Unable to calculate disk information. Unable to calculate disk information. Drive N: | 232,83 Gb Total Space | 108,88 Gb Free Space | 46,77% Space Free | Partition Type: FAT32 Computer Name: MELMS-PC | User Name: Melms | Logged in as Administrator. Boot Mode: Normal | Scan Mode: Current user | Quick Scan Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days ========== Processes (SafeList) ========== PRC - [2011.04.11 20:21:31 | 000,580,608 | ---- | M] (OldTimer Tools) -- C:\Users\Melms\Desktop\OTL.exe PRC - [2011.04.01 15:04:02 | 000,119,608 | ---- | M] (ICQ, LLC.) -- C:\Programme\ICQ7.4\ICQ.exe PRC - [2011.03.28 15:41:14 | 001,910,152 | ---- | M] (LogMeIn Inc.) -- C:\Programme\LogMeIn Hamachi\hamachi-2-ui.exe PRC - [2011.03.28 15:41:12 | 001,242,504 | ---- | M] (LogMeIn Inc.) -- C:\Programme\LogMeIn Hamachi\hamachi-2.exe PRC - [2011.03.21 07:49:56 | 000,924,632 | ---- | M] (Mozilla Corporation) -- C:\Programme\Mozilla Firefox\firefox.exe PRC - [2011.03.20 11:42:20 | 000,269,480 | ---- | M] (Avira GmbH) -- C:\Programme\Avira\AntiVir Desktop\avguard.exe PRC - [2011.02.26 07:33:07 | 002,614,784 | ---- | M] (Microsoft Corporation) -- C:\Windows\explorer.exe PRC - [2011.02.15 03:32:52 | 001,230,704 | ---- | M] () -- C:\Programme\DivX\DivX Update\DivXUpdate.exe PRC - [2010.12.09 12:47:04 | 001,595,744 | ---- | M] (Nullsoft, Inc.) -- C:\Programme\Winamp\winamp.exe PRC - [2010.12.09 12:45:58 | 000,074,752 | ---- | M] (Nullsoft, Inc.) -- C:\Programme\Winamp\winampa.exe PRC - [2010.11.12 19:53:18 | 000,145,184 | ---- | M] (Sun Microsystems, Inc.) -- C:\Programme\Java\jre6\bin\java.exe PRC - [2010.11.03 09:32:50 | 000,281,768 | ---- | M] (Avira GmbH) -- C:\Programme\Avira\AntiVir Desktop\avgnt.exe PRC - [2010.11.03 09:32:50 | 000,135,336 | ---- | M] (Avira GmbH) -- C:\Programme\Avira\AntiVir Desktop\sched.exe PRC - [2010.09.01 06:26:04 | 000,164,864 | ---- | M] (Microsoft Corporation) -- C:\Programme\Windows Media Player\wmplayer.exe PRC - [2010.06.18 19:38:22 | 000,619,800 | ---- | M] (hxxp://tortoisesvn.net) -- C:\Programme\TortoiseSVN\bin\TSVNCache.exe PRC - [2010.06.13 13:54:52 | 004,574,208 | ---- | M] (Shareaza Development Team) -- C:\Programme\Shareaza\Shareaza.exe PRC - [2010.05.20 23:59:30 | 011,312,128 | ---- | M] (OpenOffice.org) -- C:\Programme\OpenOffice.org 3\program\soffice.bin PRC - [2010.05.20 23:59:28 | 011,318,784 | ---- | M] (OpenOffice.org) -- C:\Programme\OpenOffice.org 3\program\soffice.exe PRC - [2010.05.14 11:44:46 | 000,501,480 | ---- | M] (Sun Microsystems, Inc.) -- C:\Programme\Common Files\Java\Java Update\jucheck.exe PRC - [2010.04.16 22:12:28 | 003,872,080 | ---- | M] (Microsoft Corporation) -- C:\Programme\Windows Live\Messenger\msnmsgr.exe PRC - [2010.04.16 18:36:42 | 000,026,480 | ---- | M] (Microsoft Corporation) -- C:\Programme\Windows Live\Contacts\wlcomm.exe PRC - [2010.03.22 12:50:18 | 000,219,976 | ---- | M] () -- C:\Programme\BumpTop\TexHelper.exe PRC - [2010.03.22 12:49:58 | 007,162,184 | ---- | M] () -- C:\Programme\BumpTop\BumpTop.exe PRC - [2010.01.14 22:10:53 | 000,076,968 | ---- | M] (Avira GmbH) -- C:\Programme\Avira\AntiVir Desktop\avshadow.exe PRC - [2009.11.20 13:17:54 | 000,106,496 | ---- | M] (NEC Electronics Corporation) -- C:\Programme\NEC Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe PRC - [2009.07.14 03:14:47 | 001,121,280 | ---- | M] (Microsoft Corporation) -- C:\Programme\Windows Media Player\wmpnetwk.exe PRC - [2009.07.14 03:14:42 | 000,049,152 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\taskhost.exe PRC - [2009.07.14 03:14:15 | 000,271,360 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\conhost.exe PRC - [2008.11.04 11:26:04 | 006,209,536 | ---- | M] (TerraTec Electronic GmbH) -- C:\Programme\TerraTec\TerraTec Home Cinema\CinergyDvr.exe PRC - [2008.11.04 11:06:36 | 001,105,920 | ---- | M] (TerraTec Electronic GmbH) -- C:\Programme\Common Files\TerraTec\Remote\TTTvRc.exe PRC - [2007.11.01 20:57:24 | 002,756,096 | ---- | M] (mIRC Co. Ltd.) -- N:\[G]Script50\mircG5.0.exe PRC - [2007.09.11 00:45:04 | 000,124,832 | ---- | M] () -- C:\Programme\Adobe\Photoshop Elements 6.0\PhotoshopElementsFileAgent.exe PRC - [2007.09.11 00:43:54 | 000,067,488 | ---- | M] (Adobe Systems Incorporated) -- C:\Programme\Adobe\Photoshop Elements 6.0\apdproxy.exe PRC - [2007.07.11 18:18:54 | 000,237,568 | ---- | M] () -- C:\Windows\tsnp2uvc.exe PRC - [2007.03.22 11:09:16 | 004,540,120 | ---- | M] ( ) -- C:\Programme\Ashampoo\Ashampoo Magical Defrag\bin\aDefragCtrl.exe PRC - [2007.03.22 11:09:16 | 001,689,304 | ---- | M] ( ) -- C:\Programme\Ashampoo\Ashampoo Magical Defrag\bin\aDefragService.exe PRC - [2006.07.09 21:58:00 | 001,777,664 | ---- | M] (Idea2) -- C:\Programme\Desktop Sidebar\dsidebar.exe PRC - [2005.03.08 12:46:00 | 000,651,264 | ---- | M] (AVM Berlin) -- C:\Programme\FRITZ!DSL\StCenter.exe PRC - [2005.03.04 11:50:00 | 000,118,784 | ---- | M] (AVM Berlin) -- C:\Programme\FRITZ!DSL\IGDCTRL.EXE PRC - [2004.12.09 13:14:34 | 001,068,032 | ---- | M] (Nokia Mobile Phones Ltd.) -- C:\Programme\Common Files\PCSuite\DataLayer\DataLayer.exe PRC - [2004.12.01 14:20:28 | 000,456,192 | ---- | M] (Nokia Corporation) -- C:\Programme\Common Files\Nokia\MPAPI\MPAPI3s.exe PRC - [2004.11.25 13:59:06 | 000,143,360 | ---- | M] (Nokia) -- C:\Programme\Nokia\Nokia PC Suite 6\Launch Application 2.exe PRC - [2004.11.24 13:29:38 | 000,880,640 | ---- | M] (Time Information Services Ltd.) -- C:\Programme\Nokia\Nokia PC Suite 6\PcSync2.exe PRC - [2004.11.16 12:55:16 | 000,089,088 | ---- | M] (Nokia.) -- C:\Programme\Common Files\PCSuite\Services\ServiceLayer.exe ========== Modules (SafeList) ========== MOD - [2011.04.11 20:21:31 | 000,580,608 | ---- | M] (OldTimer Tools) -- C:\Users\Melms\Desktop\OTL.exe MOD - [2010.08.21 07:21:32 | 001,680,896 | ---- | M] (Microsoft Corporation) -- C:\Windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7600.16661_none_420fe3fa2b8113bd\comctl32.dll ========== Win32 Services (SafeList) ========== SRV - [2011.03.28 15:41:12 | 001,242,504 | ---- | M] (LogMeIn Inc.) [Auto | Running] -- C:\Program Files\LogMeIn Hamachi\hamachi-2.exe -- (Hamachi2Svc) SRV - [2011.03.20 11:42:20 | 000,269,480 | ---- | M] (Avira GmbH) [Auto | Running] -- C:\Program Files\Avira\AntiVir Desktop\avguard.exe -- (AntiVirService) SRV - [2010.12.21 07:38:22 | 000,350,720 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- winhttp.dll -- (WinHttpAutoProxySvc) SRV - [2010.11.03 09:32:50 | 000,135,336 | ---- | M] (Avira GmbH) [Auto | Running] -- C:\Program Files\Avira\AntiVir Desktop\sched.exe -- (AntiVirSchedulerService) SRV - [2010.07.04 11:44:03 | 000,654,848 | ---- | M] (Macrovision Europe Ltd.) [On_Demand | Stopped] -- C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe -- (FLEXnet Licensing Service) SRV - [2009.07.14 03:16:13 | 000,025,088 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\sensrsvc.dll -- (SensrSvc) SRV - [2009.07.14 03:15:41 | 000,680,960 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Programme\Windows Defender\MpSvc.dll -- (WinDefend) SRV - [2007.09.11 00:45:04 | 000,124,832 | ---- | M] () [Auto | Running] -- C:\Programme\Adobe\Photoshop Elements 6.0\PhotoshopElementsFileAgent.exe -- (AdobeActiveFileMonitor6.0) SRV - [2007.03.22 11:09:16 | 001,689,304 | ---- | M] ( ) [Auto | Running] -- C:\Programme\Ashampoo\Ashampoo Magical Defrag\bin\aDefragService.exe -- (AshampooDefragService) SRV - [2005.11.17 15:18:52 | 001,527,900 | ---- | M] (MAGIX®) [On_Demand | Stopped] -- C:\Programme\MAGIX\Common\Database\bin\fbserver.exe -- (FirebirdServerMAGIXInstance) SRV - [2005.03.04 12:42:08 | 000,315,392 | ---- | M] (AVM Berlin) [On_Demand | Stopped] -- C:\Programme\Common Files\AVM\De_serv.exe -- (de_serv) SRV - [2005.03.04 11:50:00 | 000,118,784 | ---- | M] (AVM Berlin) [Auto | Running] -- C:\Programme\FRITZ!DSL\IGDCTRL.EXE -- (AVM IGD CTRL Service) ========== Driver Services (SafeList) ========== DRV - [2011.03.20 11:42:20 | 000,137,656 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\Windows\System32\drivers\avipbb.sys -- (avipbb) DRV - [2010.11.22 23:55:16 | 000,061,960 | ---- | M] (Avira GmbH) [File_System | Auto | Running] -- C:\Windows\System32\drivers\avgntflt.sys -- (avgntflt) DRV - [2010.10.13 22:49:42 | 000,022,768 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\usbsermpt.sys -- (usbsermpt) DRV - [2010.08.14 17:59:32 | 000,281,760 | ---- | M] () [Kernel | Auto | Running] -- C:\Windows\System32\drivers\atksgt.sys -- (atksgt) DRV - [2010.08.14 17:59:32 | 000,025,888 | ---- | M] () [Kernel | Auto | Running] -- C:\Windows\System32\drivers\lirsgt.sys -- (lirsgt) DRV - [2010.07.10 06:37:00 | 011,008,040 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\nvlddmkm.sys -- (nvlddmkm) DRV - [2009.12.22 02:26:36 | 000,030,392 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\usbfilter.sys -- (usbfilter) DRV - [2009.11.20 13:15:18 | 000,137,728 | ---- | M] (NEC Electronics Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\nusb3xhc.sys -- (nusb3xhc) DRV - [2009.11.20 13:15:16 | 000,058,880 | ---- | M] (NEC Electronics Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\nusb3hub.sys -- (nusb3hub) DRV - [2009.05.11 10:12:49 | 000,028,520 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\Windows\System32\drivers\ssmdrv.sys -- (ssmdrv) DRV - [2009.05.05 03:00:28 | 000,014,392 | ---- | M] (Advanced Micro Devices Inc.) [Kernel | Boot | Running] -- C:\Windows\system32\DRIVERS\AtiPcie.sys -- (AtiPcie) AMD PCI Express (3GIO) DRV - [2009.04.29 15:37:26 | 000,025,088 | ---- | M] (Windows (R) Codename Longhorn DDK provider) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\KMWDFILTER.sys -- (KMWDFILTERx86) DRV - [2009.03.18 17:35:40 | 000,026,176 | ---- | M] (LogMeIn, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\hamachi.sys -- (hamachi) DRV - [2008.05.02 11:58:14 | 000,020,864 | ---- | M] (Nokia) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\ccdcmbo.sys -- (nmwcdc) DRV - [2008.05.02 11:58:14 | 000,008,064 | ---- | M] (Windows (R) Codename Longhorn DDK provider) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\usbser_lowerflt.sys -- (upperdev) DRV - [2008.05.02 11:58:12 | 000,017,536 | ---- | M] (Nokia) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\ccdcmb.sys -- (nmwcd) DRV - [2007.07.27 12:46:06 | 000,251,680 | ---- | M] (Protect Software GmbH) [Kernel | Auto | Running] -- C:\Windows\System32\drivers\acehlp10.sys -- (acehlp10) DRV - [2007.07.27 10:13:08 | 000,330,144 | ---- | M] (Protect Software GmbH) [Kernel | Auto | Running] -- C:\Windows\System32\drivers\ACEDRV10.sys -- (acedrv10) DRV - [2007.05.11 16:17:25 | 000,221,184 | ---- | M] (TerraTec Electronic GmbH.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\Cinergy_HT_PCI_MKII.sys -- (Cinergy_HT_PCI_MKII) Cinergy HT PCI (MKII) DRV - [2004.07.14 12:54:42 | 000,676,864 | ---- | M] (Aladdin Knowledge Systems) [Kernel | Auto | Running] -- C:\Windows\System32\drivers\hardlock.sys -- (Hardlock) ========== Standard Registry (SafeList) ========== ========== Internet Explorer ========== IE - HKLM\..\URLSearchHook: - Reg Error: Key error. File not found IE - HKLM\..\URLSearchHook: {855F3B16-6D32-4fe6-8A56-BBB695989046} - Reg Error: Key error. File not found IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://start.icq.com/ IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = hxxp://de.msn.com/?ocid=iehp IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = de IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 37 13 EE 64 48 11 CB 01 [binary data] IE - HKCU\..\URLSearchHook: - Reg Error: Key error. File not found IE - HKCU\..\URLSearchHook: {cc05a3e3-64c3-4af2-bfc1-af0d66b69065} - Reg Error: Key error. File not found IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local ========== FireFox ========== FF - prefs.js..browser.search.defaultenginename: "ICQ Search" FF - prefs.js..browser.search.selectedEngine: "Google" FF - prefs.js..browser.startup.homepage: "hxxp://www.gmx.net/" FF - prefs.js..extensions.enabledItems: {CE6E6E3B-84DD-4cac-9F63-8D2AE4F30A4B}:3.2 FF - prefs.js..extensions.enabledItems: {ef4e370e-d9f0-4e00-b93e-a4f274cfdd5a}:1.4.1 FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA}:6.0.21 FF - prefs.js..extensions.enabledItems: {c0c9a2c7-2e5c-4447-bc53-97718bc91e1b}:4.0 FF - prefs.js..extensions.enabledItems: {37E4D8EA-8BDA-4831-8EA1-89053939A250}:3.0.0.2 FF - prefs.js..extensions.enabledItems: toolbar@ask.com:3.9.1.14019 FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA}:6.0.23 FF - prefs.js..extensions.enabledItems: engine@conduit.com:3.2.5.2 FF - prefs.js..extensions.enabledItems: {cc05a3e3-64c3-4af2-bfc1-af0d66b69065}:3.2.5.2 FF - prefs.js..extensions.enabledItems: longurlplease@darragh.curran:0.4.3 FF - prefs.js..extensions.enabledItems: {D4DD63FA-01E4-46a7-B6B1-EDAB7D6AD389}:0.9.8 FF - prefs.js..extensions.enabledItems: FirefoxAddon@similarWeb.com:1.2.06 FF - prefs.js..extensions.enabledItems: {23fcfd51-4958-4f00-80a3-ae97e717ed8b}:2.1.1.94 FF - prefs.js..extensions.enabledItems: {6904342A-8307-11DF-A508-4AE2DFD72085}:2.1.1.94 FF - prefs.js..keyword.URL: "hxxp://search.icq.com/search/afe_results.php?ch_id=afex&tb_ver=2.0.0.4&q=" FF - HKLM\software\mozilla\Firefox\Extensions\\{23fcfd51-4958-4f00-80a3-ae97e717ed8b}: C:\Program Files\DivX\DivX Plus Web Player\firefox\html5video [2011.03.18 21:07:43 | 000,000,000 | ---D | M] FF - HKLM\software\mozilla\Firefox\Extensions\\{6904342A-8307-11DF-A508-4AE2DFD72085}: C:\Program Files\DivX\DivX Plus Web Player\firefox\wpa [2011.03.18 21:07:43 | 000,000,000 | ---D | M] FF - HKLM\software\mozilla\Mozilla Firefox 4.0\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2011.03.21 07:49:57 | 000,000,000 | ---D | M] FF - HKLM\software\mozilla\Mozilla Firefox 4.0\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2011.03.19 11:55:34 | 000,000,000 | ---D | M] [2010.06.26 15:07:01 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Melms\AppData\Roaming\mozilla\Extensions [2011.04.15 23:44:35 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Melms\AppData\Roaming\mozilla\Firefox\Profiles\xsdvpeay.default\extensions [2011.02.04 09:34:03 | 000,000,000 | ---D | M] (PDF Download) -- C:\Users\Melms\AppData\Roaming\mozilla\Firefox\Profiles\xsdvpeay.default\extensions\{37E4D8EA-8BDA-4831-8EA1-89053939A250} [2011.01.14 09:29:30 | 000,000,000 | ---D | M] ("CoolPreviews") -- C:\Users\Melms\AppData\Roaming\mozilla\Firefox\Profiles\xsdvpeay.default\extensions\{CE6E6E3B-84DD-4cac-9F63-8D2AE4F30A4B} [2011.03.12 09:14:20 | 000,000,000 | ---D | M] (Download Statusbar) -- C:\Users\Melms\AppData\Roaming\mozilla\Firefox\Profiles\xsdvpeay.default\extensions\{D4DD63FA-01E4-46a7-B6B1-EDAB7D6AD389} [2011.02.19 16:23:41 | 000,000,000 | ---D | M] (SimilarWeb) -- C:\Users\Melms\AppData\Roaming\mozilla\Firefox\Profiles\xsdvpeay.default\extensions\FirefoxAddon@similarWeb.com [2011.03.27 11:05:20 | 000,000,000 | ---D | M] (Foxit PDF Creator Toolbar) -- C:\Users\Melms\AppData\Roaming\mozilla\Firefox\Profiles\xsdvpeay.default\extensions\toolbar@ask.com [2011.04.25 23:21:55 | 000,001,056 | ---- | M] () -- C:\Users\Melms\AppData\Roaming\Mozilla\Firefox\Profiles\xsdvpeay.default\searchplugins\icqplugin.xml [2011.03.19 11:55:36 | 000,000,000 | ---D | M] (No name found) -- C:\Programme\Mozilla Firefox\extensions [2010.07.17 09:13:10 | 000,000,000 | ---D | M] (Java Console) -- C:\Programme\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA} [2011.01.12 09:21:14 | 000,000,000 | ---D | M] (Java Console) -- C:\Programme\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA} File not found (No name found) -- [2010.07.17 09:13:10 | 000,000,000 | ---D | M] (Java Console) -- C:\PROGRAM FILES\MOZILLA FIREFOX\EXTENSIONS\{CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA} [2011.01.12 09:21:14 | 000,000,000 | ---D | M] (Java Console) -- C:\PROGRAM FILES\MOZILLA FIREFOX\EXTENSIONS\{CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA} () (No name found) -- C:\USERS\MELMS\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\XSDVPEAY.DEFAULT\EXTENSIONS\{C0C9A2C7-2E5C-4447-BC53-97718BC91E1B}.XPI () (No name found) -- C:\USERS\MELMS\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\XSDVPEAY.DEFAULT\EXTENSIONS\{EF4E370E-D9F0-4E00-B93E-A4F274CFDD5A}.XPI [2011.03.21 07:49:56 | 000,142,296 | ---- | M] (Mozilla Foundation) -- C:\Programme\Mozilla Firefox\components\browsercomps.dll [2010.11.12 19:53:06 | 000,472,808 | ---- | M] (Sun Microsystems, Inc.) -- C:\Programme\Mozilla Firefox\plugins\npdeployJava1.dll [2010.06.21 17:10:13 | 000,072,960 | ---- | M] (Foxit Software Company) -- C:\Programme\Mozilla Firefox\plugins\npFoxitReaderPlugin.dll [2010.12.09 12:47:06 | 000,012,800 | ---- | M] (Nullsoft, Inc.) -- C:\Programme\Mozilla Firefox\plugins\npwachk.dll [2010.01.01 10:00:00 | 000,001,392 | ---- | M] () -- C:\Programme\Mozilla Firefox\searchplugins\amazondotcom-de.xml [2010.01.01 10:00:00 | 000,002,252 | ---- | M] () -- C:\Programme\Mozilla Firefox\searchplugins\bing.xml [2010.01.01 10:00:00 | 000,001,153 | ---- | M] () -- C:\Programme\Mozilla Firefox\searchplugins\eBay-de.xml [2010.01.01 10:00:00 | 000,006,805 | ---- | M] () -- C:\Programme\Mozilla Firefox\searchplugins\leo_ende_de.xml [2010.01.01 10:00:00 | 000,001,178 | ---- | M] () -- C:\Programme\Mozilla Firefox\searchplugins\wikipedia-de.xml [2010.01.01 10:00:00 | 000,001,105 | ---- | M] () -- C:\Programme\Mozilla Firefox\searchplugins\yahoo-de.xml O1 HOSTS File: ([2009.06.10 23:39:37 | 000,000,824 | ---- | M]) - C:\Windows\System32\drivers\etc\hosts O2 - BHO: (Shareaza Web Download Hook) - {0EEDB912-C5FA-486F-8334-57288578C627} - C:\Programme\Shareaza\RazaWebHook32.dll (Shareaza Development Team) O2 - BHO: (DivX Plus Web Player HTML5 <video>) - {326E768D-4182-46FD-9C16-1449A49795F4} - C:\Programme\DivX\DivX Plus Web Player\npdivx32.dll (DivX, LLC) O2 - BHO: (Idea2 SidebarBrowserMonitor Class) - {45AD732C-2CE2-4666-B366-B2214AD57A49} - C:\Programme\Desktop Sidebar\sbhelp.dll (Idea2) O2 - BHO: (DivX HiQ) - {593DDEC6-7468-4cdd-90E1-42DADAA222E9} - C:\Programme\DivX\DivX Plus Web Player\npdivx32.dll (DivX, LLC) O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - No CLSID value found. O2 - BHO: (Windows Live Anmelde-Hilfsprogramm) - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Programme\Common Files\microsoft shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corporation) O2 - BHO: (Foxit PDF Creator Toolbar) - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Programme\Ask.com\GenericAskToolbar.dll (Ask) O3 - HKLM\..\Toolbar: (TerraTec Home Cinema) - {AD6E6555-FB2C-47D4-8339-3E2965509877} - C:\Programme\TerraTec\TerraTec Home Cinema\ThcDeskBand.dll (TerraTec Electronic GmbH) O3 - HKLM\..\Toolbar: (Foxit PDF Creator Toolbar) - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Programme\Ask.com\GenericAskToolbar.dll (Ask) O3 - HKCU\..\Toolbar\WebBrowser: (Foxit PDF Creator Toolbar) - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Programme\Ask.com\GenericAskToolbar.dll (Ask) O4 - HKLM..\Run: [Adobe Photo Downloader] C:\Program Files\Adobe\Photoshop Elements 6.0\apdproxy.exe (Adobe Systems Incorporated) O4 - HKLM..\Run: [avgnt] C:\Program Files\Avira\AntiVir Desktop\avgnt.exe (Avira GmbH) O4 - HKLM..\Run: [DataLayer] C:\Programme\Common Files\PCSuite\DataLayer\DataLayer.exe (Nokia Mobile Phones Ltd.) O4 - HKLM..\Run: [DivXUpdate] C:\Program Files\DivX\DivX Update\DivXUpdate.exe () O4 - HKLM..\Run: [LogMeIn Hamachi Ui] C:\Program Files\LogMeIn Hamachi\hamachi-2-ui.exe (LogMeIn Inc.) O4 - HKLM..\Run: [NUSB3MON] C:\Program Files\NEC Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe (NEC Electronics Corporation) O4 - HKLM..\Run: [PCSuiteTrayApplication] C:\Program Files\Nokia\Nokia PC Suite 6\Launch Application 2.exe (Nokia) O4 - HKLM..\Run: [tsnp2uvc] C:\Windows\tsnp2uvc.exe () O4 - HKLM..\Run: [WinampAgent] C:\Program Files\Winamp\winampa.exe (Nullsoft, Inc.) O4 - HKCU..\Run: [PcSync] C:\Program Files\Nokia\Nokia PC Suite 6\PcSync2.exe (Time Information Services Ltd.) O4 - HKCU..\Run: [Remote Control Editor] C:\Program Files\Common Files\TerraTec\Remote\TTTvRc.exe (TerraTec Electronic GmbH) O4 - HKCU..\Run: [Shareaza] C:\Program Files\Shareaza\Shareaza.exe (Shareaza Development Team) O4 - HKCU..\Run: [SIDEBAR] C:\Program Files\Desktop Sidebar\dsidebar.exe (Idea2) O4 - Startup: C:\Users\Melms\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OpenOffice.org 3.2.lnk = C:\Programme\OpenOffice.org 3\program\quickstart.exe () O4 - Startup: C:\Users\Melms\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\TV-Browser.url () O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 0 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableLUA = 0 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: PromptOnSecureDesktop = 0 O8 - Extra context menu item: Download with &Shareaza - C:\Program Files\Shareaza\RazaWebHook32.dll (Shareaza Development Team) O9 - Extra Button: Subscribe in Desktop Sidebar - {09FE188B-6E85-479e-9411-51FB2220DF80} - C:\Programme\Desktop Sidebar\sbhelp.dll (Idea2) O9 - Extra 'Tools' menuitem : Subscribe in Desktop Sidebar - {09FE188B-6E85-479e-9411-51FB2220DF80} - C:\Programme\Desktop Sidebar\sbhelp.dll (Idea2) O9 - Extra Button: ICQ7.4 - {73C6DCFB-B606-47F3-BDFA-9A4FBF931E37} - C:\Programme\ICQ7.4\ICQ.exe (ICQ, LLC.) O9 - Extra 'Tools' menuitem : ICQ7.4 - {73C6DCFB-B606-47F3-BDFA-9A4FBF931E37} - C:\Programme\ICQ7.4\ICQ.exe (ICQ, LLC.) O10 - NameSpace_Catalog5\Catalog_Entries\000000000007 [] - C:\Programme\Bonjour\mdnsNSP.dll (Apple Inc.) O13 - gopher Prefix: missing O15 - HKCU\..Trusted Domains: fritz.box ([]* in Lokales Intranet) O15 - HKCU\..Trusted Ranges: Range1 ([*] in Lokales Intranet) O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_23-windows-i586.cab (Java Plug-in 1.6.0_23) O16 - DPF: {CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_23-windows-i586.cab (Java Plug-in 1.6.0_23) O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_23-windows-i586.cab (Java Plug-in 1.6.0_23) O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} hxxp://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab (Shockwave Flash Object) O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.178.1 O18 - Protocol\Handler\livecall {828030A1-22C1-4009-854F-8E305202313F} - C:\Programme\Windows Live\Messenger\msgrapp.14.0.8117.0416.dll (Microsoft Corporation) O18 - Protocol\Handler\msnim {828030A1-22C1-4009-854F-8E305202313F} - C:\Programme\Windows Live\Messenger\msgrapp.14.0.8117.0416.dll (Microsoft Corporation) O18 - Protocol\Filter\application/octet-stream {1E66F26B-79EE-11D2-8710-00C04F79ED0D} - mscoree.dll (Microsoft Corporation) O18 - Protocol\Filter\application/x-complus {1E66F26B-79EE-11D2-8710-00C04F79ED0D} - mscoree.dll (Microsoft Corporation) O18 - Protocol\Filter\application/x-msdownload {1E66F26B-79EE-11D2-8710-00C04F79ED0D} - mscoree.dll (Microsoft Corporation) O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation) O20 - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - SystemPropertiesPerformance.exe (Microsoft Corporation) O20 - HKLM Winlogon: VMApplet - (/pagefile) - File not found O20 - HKCU Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation) O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - CLSID or File not found. O22 - SharedTaskScheduler: {E31004D1-A431-41B8-826F-E902F9D95C81} - Windows DreamScene - C:\Windows\System32\DreamScene.dll (Microsoft Corporation) O29 - HKLM SecurityProviders - (credssp.dll) - credssp.dll (Microsoft Corporation) O32 - HKLM CDRom: AutoRun - 1 O32 - AutoRun File - [2009.06.10 23:42:20 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ] O33 - MountPoints2\{280400cd-59da-11e0-b01d-6cf049e2f3ee}\Shell - "" = AutoRun O33 - MountPoints2\{280400cd-59da-11e0-b01d-6cf049e2f3ee}\Shell\AutoRun\command - "" = F:\EasySuite.exe O33 - MountPoints2\{a2133406-85c9-11df-916f-6cf049e2f3ee}\Shell - "" = AutoRun O33 - MountPoints2\{a2133406-85c9-11df-916f-6cf049e2f3ee}\Shell\AutoRun\command - "" = K:\autorun.exe de O34 - HKLM BootExecute: (autocheck autochk *) - File not found O35 - HKLM\..comfile [open] -- "%1" %* O35 - HKLM\..exefile [open] -- "%1" %* O37 - HKLM\...com [@ = comfile] -- "%1" %* O37 - HKLM\...exe [@ = exefile] -- "%1" %* ========== Files/Folders - Created Within 30 Days ========== [2011.04.22 17:45:07 | 000,000,000 | ---D | C] -- C:\Users\Melms\AppData\Roaming\Need for Speed World [2011.04.22 17:16:59 | 000,000,000 | ---D | C] -- C:\Users\Melms\AppData\Local\Electronic_Arts_Inc [2011.04.18 19:48:41 | 000,000,000 | ---D | C] -- C:\Users\Melms\AppData\Roaming\TV-Browser [2011.04.11 21:18:53 | 000,000,000 | ---D | C] -- C:\Users\Melms\AppData\Roaming\Malwarebytes [2011.04.11 21:18:49 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes' Anti-Malware [2011.04.11 21:18:48 | 000,038,224 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbamswissarmy.sys [2011.04.11 21:18:48 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes [2011.04.11 21:18:45 | 000,000,000 | ---D | C] -- C:\Programme\Malwarebytes' Anti-Malware [2011.04.11 21:17:26 | 007,734,208 | ---- | C] (Malwarebytes Corporation ) -- C:\Users\Melms\Desktop\herbert.exe [2011.04.11 20:21:31 | 000,580,608 | ---- | C] (OldTimer Tools) -- C:\Users\Melms\Desktop\OTL.exe [2011.04.10 15:32:20 | 000,000,000 | ---D | C] -- C:\Programme\Yuna Software [2011.04.01 15:04:23 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ICQ7.4 [2011.04.01 15:03:56 | 000,000,000 | ---D | C] -- C:\Programme\ICQ7.4 [2011.04.01 13:20:30 | 000,026,176 | ---- | C] (LogMeIn, Inc.) -- C:\Windows\System32\hamachi.sys [2011.04.01 13:20:28 | 000,000,000 | ---D | C] -- C:\Programme\LogMeIn Hamachi [2011.04.01 13:20:28 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\LogMeIn Hamachi [2010.10.11 21:12:07 | 000,180,224 | ---- | C] ( ) -- C:\Windows\System32\rsnp2uvc.dll [1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ] ========== Files - Modified Within 30 Days ========== [2011.04.28 21:24:00 | 000,001,096 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job [2011.04.28 18:24:00 | 000,001,092 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job [2011.04.28 18:00:46 | 000,668,302 | ---- | M] () -- C:\Windows\System32\perfh007.dat [2011.04.28 18:00:46 | 000,619,894 | ---- | M] () -- C:\Windows\System32\perfh009.dat [2011.04.28 18:00:46 | 000,134,150 | ---- | M] () -- C:\Windows\System32\perfc007.dat [2011.04.28 18:00:46 | 000,110,082 | ---- | M] () -- C:\Windows\System32\perfc009.dat [2011.04.28 17:59:57 | 000,014,624 | ---- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0 [2011.04.28 17:59:57 | 000,014,624 | ---- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0 [2011.04.28 17:54:42 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat [2011.04.28 17:54:22 | 1610,309,632 | -HS- | M] () -- C:\hiberfil.sys [2011.04.25 20:56:50 | 005,722,575 | ---- | M] () -- C:\Users\Melms\Desktop\newstime_ausgabe43.pdf [2011.04.22 17:16:39 | 000,002,167 | ---- | M] () -- C:\Users\Public\Desktop\Need For Speed World.lnk [2011.04.16 22:50:30 | 000,000,381 | ---- | M] () -- C:\Windows\BeatBox.INI [2011.04.16 22:50:30 | 000,000,028 | ---- | M] () -- C:\Windows\Robota.INI [2011.04.15 20:14:58 | 000,334,200 | ---- | M] () -- C:\Windows\System32\FNTCACHE.DAT [2011.04.12 18:00:16 | 000,025,336 | ---- | M] () -- C:\Users\Melms\Desktop\Checkliste Unterlagen ESt.pdf [2011.04.11 22:59:52 | 000,504,657 | ---- | M] () -- C:\Users\Melms\Desktop\unhide.exe [2011.04.11 21:18:49 | 000,001,071 | ---- | M] () -- C:\Users\Public\Desktop\Malwarebytes' Anti-Malware.lnk [2011.04.11 21:17:42 | 007,734,208 | ---- | M] (Malwarebytes Corporation ) -- C:\Users\Melms\Desktop\herbert.exe [2011.04.11 21:10:03 | 320,021,172 | ---- | M] () -- C:\Windows\MEMORY.DMP [2011.04.11 21:07:59 | 001,006,778 | ---- | M] () -- C:\Users\Melms\Desktop\iExplorer.exe.com [2011.04.11 20:21:31 | 000,580,608 | ---- | M] (OldTimer Tools) -- C:\Users\Melms\Desktop\OTL.exe [2011.04.11 20:08:44 | 000,000,392 | ---- | M] () -- C:\ProgramData\34791176 [2011.04.11 20:06:52 | 000,000,136 | ---- | M] () -- C:\ProgramData\~34791176r [2011.04.11 20:06:52 | 000,000,104 | ---- | M] () -- C:\ProgramData\~34791176 [2011.04.02 18:44:40 | 000,420,467 | ---- | M] () -- C:\Users\Melms\Desktop\image.png [2011.03.30 21:39:07 | 000,001,236 | ---- | M] () -- C:\Users\Melms\Desktop\Eigene Dateien.lnk [2011.03.30 21:38:54 | 000,000,798 | ---- | M] () -- C:\Users\Melms\Desktop\mircG5.0.exe - Verknüpfung.lnk [1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ] ========== Files Created - No Company Name ========== [2011.04.25 20:56:38 | 005,722,575 | ---- | C] () -- C:\Users\Melms\Desktop\newstime_ausgabe43.pdf [2011.04.22 17:16:39 | 000,002,167 | ---- | C] () -- C:\Users\Public\Desktop\Need For Speed World.lnk [2011.04.12 18:00:15 | 000,025,336 | ---- | C] () -- C:\Users\Melms\Desktop\Checkliste Unterlagen ESt.pdf [2011.04.11 22:59:53 | 000,504,657 | ---- | C] () -- C:\Users\Melms\Desktop\unhide.exe [2011.04.11 21:18:49 | 000,001,071 | ---- | C] () -- C:\Users\Public\Desktop\Malwarebytes' Anti-Malware.lnk [2011.04.11 21:10:03 | 320,021,172 | ---- | C] () -- C:\Windows\MEMORY.DMP [2011.04.11 21:07:56 | 001,006,778 | ---- | C] () -- C:\Users\Melms\Desktop\iExplorer.exe.com [2011.04.11 20:02:31 | 000,000,136 | ---- | C] () -- C:\ProgramData\~34791176r [2011.04.11 20:02:30 | 000,000,104 | ---- | C] () -- C:\ProgramData\~34791176 [2011.04.11 20:02:28 | 000,000,392 | ---- | C] () -- C:\ProgramData\34791176 [2011.04.02 18:44:38 | 000,420,467 | ---- | C] () -- C:\Users\Melms\Desktop\image.png [2011.03.20 20:48:15 | 000,043,520 | ---- | C] () -- C:\Windows\System32\CmdLineExt03.dll [2011.02.27 01:45:09 | 000,000,381 | ---- | C] () -- C:\Windows\BeatBox.INI [2011.02.27 01:45:09 | 000,000,028 | ---- | C] () -- C:\Windows\Robota.INI [2011.02.27 00:58:31 | 000,124,596 | ---- | C] () -- C:\Windows\System32\mlfcache.dat [2011.02.05 20:09:24 | 000,139,152 | ---- | C] () -- C:\Windows\System32\drivers\PnkBstrK.sys [2011.02.05 20:09:18 | 000,139,152 | ---- | C] () -- C:\Users\Melms\AppData\Roaming\PnkBstrK.sys [2011.02.05 20:08:43 | 000,111,928 | ---- | C] () -- C:\Windows\System32\PnkBstrB.exe [2011.02.05 20:08:40 | 000,794,408 | ---- | C] () -- C:\Windows\System32\pbsvc.exe [2011.02.05 20:08:40 | 000,075,064 | ---- | C] () -- C:\Windows\System32\PnkBstrA.exe [2011.02.03 21:56:57 | 000,000,019 | ---- | C] () -- C:\Windows\SoundConverter.INI [2010.12.29 21:00:43 | 000,000,180 | ---- | C] () -- C:\Windows\System32\msftpd.exe [2010.12.19 20:34:53 | 000,000,221 | ---- | C] () -- C:\Windows\SOFTEK.INI [2010.10.19 17:18:19 | 000,002,464 | ---- | C] () -- C:\Windows\netdet.ini [2010.10.15 21:00:00 | 000,006,656 | ---- | C] () -- C:\Users\Melms\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini [2010.10.11 21:12:07 | 000,237,568 | ---- | C] () -- C:\Windows\tsnp2uvc.exe [2010.08.28 19:41:48 | 000,053,248 | ---- | C] () -- C:\Windows\System32\mgxasio2.dll [2010.08.28 19:34:40 | 000,120,200 | ---- | C] () -- C:\Windows\System32\DLLDEV32i.dll [2010.08.28 19:34:13 | 000,006,768 | ---- | C] () -- C:\Windows\mgxoschk.ini [2010.08.14 17:26:47 | 000,007,597 | ---- | C] () -- C:\Users\Melms\AppData\Local\Resmon.ResmonCfg [2010.08.14 17:14:19 | 000,281,760 | ---- | C] () -- C:\Windows\System32\drivers\atksgt.sys [2010.08.14 17:14:14 | 000,025,888 | ---- | C] () -- C:\Windows\System32\drivers\lirsgt.sys [2010.07.27 13:00:39 | 000,000,614 | ---- | C] () -- C:\Windows\eReg.dat [2010.07.04 11:29:04 | 000,000,209 | ---- | C] () -- C:\Windows\ODBCINST.INI [2009.08.03 00:21:54 | 000,197,912 | ---- | C] () -- C:\Windows\System32\physxcudart_20.dll [2009.08.03 00:21:54 | 000,058,648 | ---- | C] () -- C:\Windows\System32\AgCPanelTraditionalChinese.dll [2009.08.03 00:21:54 | 000,058,648 | ---- | C] () -- C:\Windows\System32\AgCPanelSwedish.dll [2009.08.03 00:21:54 | 000,058,648 | ---- | C] () -- C:\Windows\System32\AgCPanelSpanish.dll [2009.08.03 00:21:54 | 000,058,648 | ---- | C] () -- C:\Windows\System32\AgCPanelSimplifiedChinese.dll [2009.08.03 00:21:54 | 000,058,648 | ---- | C] () -- C:\Windows\System32\AgCPanelPortugese.dll [2009.08.03 00:21:54 | 000,058,648 | ---- | C] () -- C:\Windows\System32\AgCPanelKorean.dll [2009.08.03 00:21:54 | 000,058,648 | ---- | C] () -- C:\Windows\System32\AgCPanelJapanese.dll [2009.08.03 00:21:52 | 000,058,648 | ---- | C] () -- C:\Windows\System32\AgCPanelGerman.dll [2009.08.03 00:21:52 | 000,058,648 | ---- | C] () -- C:\Windows\System32\AgCPanelFrench.dll [2009.07.14 10:47:43 | 000,668,302 | ---- | C] () -- C:\Windows\System32\perfh007.dat [2009.07.14 10:47:43 | 000,295,922 | ---- | C] () -- C:\Windows\System32\perfi007.dat [2009.07.14 10:47:43 | 000,134,150 | ---- | C] () -- C:\Windows\System32\perfc007.dat [2009.07.14 10:47:43 | 000,038,104 | ---- | C] () -- C:\Windows\System32\perfd007.dat [2009.07.14 06:57:37 | 000,067,584 | --S- | C] () -- C:\Windows\bootstat.dat [2009.07.14 06:33:53 | 000,334,200 | ---- | C] () -- C:\Windows\System32\FNTCACHE.DAT [2009.07.14 04:05:48 | 000,619,894 | ---- | C] () -- C:\Windows\System32\perfh009.dat [2009.07.14 04:05:48 | 000,291,294 | ---- | C] () -- C:\Windows\System32\perfi009.dat [2009.07.14 04:05:48 | 000,110,082 | ---- | C] () -- C:\Windows\System32\perfc009.dat [2009.07.14 04:05:48 | 000,031,548 | ---- | C] () -- C:\Windows\System32\perfd009.dat [2009.07.14 04:05:05 | 000,000,741 | ---- | C] () -- C:\Windows\System32\NOISE.DAT [2009.07.14 04:04:11 | 000,215,943 | ---- | C] () -- C:\Windows\System32\dssec.dat [2009.07.14 01:55:01 | 000,043,131 | ---- | C] () -- C:\Windows\mib.bin [2009.07.14 01:51:43 | 000,073,728 | ---- | C] () -- C:\Windows\System32\BthpanContextHandler.dll [2009.07.14 01:42:10 | 000,064,000 | ---- | C] () -- C:\Windows\System32\BWContextHandler.dll [2009.06.10 23:26:10 | 000,673,088 | ---- | C] () -- C:\Windows\System32\mlang.dat ========== LOP Check ========== [2010.07.20 15:35:15 | 000,000,000 | ---D | M] -- C:\Users\Melms\AppData\Roaming\#Company short name [2011.01.23 20:41:11 | 000,000,000 | ---D | M] -- C:\Users\Melms\AppData\Roaming\Aston [2011.01.23 17:12:59 | 000,000,000 | ---D | M] -- C:\Users\Melms\AppData\Roaming\Bump Technologies, Inc [2011.04.28 08:46:03 | 000,000,000 | ---D | M] -- C:\Users\Melms\AppData\Roaming\Desktop Sidebar [2010.12.29 14:42:48 | 000,000,000 | ---D | M] -- C:\Users\Melms\AppData\Roaming\FileZilla [2010.06.21 17:10:18 | 000,000,000 | ---D | M] -- C:\Users\Melms\AppData\Roaming\Foxit [2010.10.09 10:25:23 | 000,000,000 | ---D | M] -- C:\Users\Melms\AppData\Roaming\Foxit Software [2011.03.13 11:46:42 | 000,000,000 | ---D | M] -- C:\Users\Melms\AppData\Roaming\FRITZ! [2011.04.28 19:42:17 | 000,000,000 | ---D | M] -- C:\Users\Melms\AppData\Roaming\ICQ [2010.11.14 21:51:58 | 000,000,000 | ---D | M] -- C:\Users\Melms\AppData\Roaming\Jasc [2010.08.29 13:58:48 | 000,000,000 | ---D | M] -- C:\Users\Melms\AppData\Roaming\Lern-o-Mat [2010.08.28 19:43:37 | 000,000,000 | ---D | M] -- C:\Users\Melms\AppData\Roaming\MAGIX [2011.04.22 17:45:07 | 000,000,000 | ---D | M] -- C:\Users\Melms\AppData\Roaming\Need for Speed World [2011.02.21 23:21:18 | 000,000,000 | ---D | M] -- C:\Users\Melms\AppData\Roaming\Nokia Multimedia Player [2010.07.04 13:01:02 | 000,000,000 | ---D | M] -- C:\Users\Melms\AppData\Roaming\OpenOffice.org [2011.02.21 23:18:43 | 000,000,000 | ---D | M] -- C:\Users\Melms\AppData\Roaming\PC Suite [2011.02.16 13:00:53 | 000,000,000 | ---D | M] -- C:\Users\Melms\AppData\Roaming\Shareaza [2010.06.26 20:34:09 | 000,000,000 | ---D | M] -- C:\Users\Melms\AppData\Roaming\Sierra [2010.06.26 20:20:43 | 000,000,000 | ---D | M] -- C:\Users\Melms\AppData\Roaming\Sierra Entertainment [2010.06.27 21:49:29 | 000,000,000 | ---D | M] -- C:\Users\Melms\AppData\Roaming\Subversion [2010.06.26 18:59:17 | 000,000,000 | ---D | M] -- C:\Users\Melms\AppData\Roaming\TerraTec [2010.10.31 14:46:00 | 000,000,000 | ---D | M] -- C:\Users\Melms\AppData\Roaming\Tokback [2011.04.28 21:14:37 | 000,000,000 | ---D | M] -- C:\Users\Melms\AppData\Roaming\TV-Browser [2011.02.16 23:05:57 | 000,000,000 | ---D | M] -- C:\Users\Melms\AppData\Roaming\wargaming.net [2011.03.25 15:10:55 | 000,032,640 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT ========== Purity Check ========== ========== Alternate Data Streams ========== @Alternate Data Stream - 16 bytes -> C:\Users\Melms\Downloads:Shareaza.GUID < End of report > |
| Themen zu [Schadprogramm] Windows Restore beseitigt und t.w. noch Probleme |
| adresse, alternate, avgntflt.sys, beseitigt, checkliste, dinge, disabletaskmgr, eingefangen, fehler, forum, gen, installieren, interne, intranet, launch, links, location, nutzung, nvlddmkm.sys, oldtimer, pdf creator, plug-in, problem, probleme, programme, rechner, rechners, relativ, remote control, restore, searchplugins, seite, seiten, start menu, stunden, usb 3.0, webcheck, weitergeleitet, windows, woche, wochen |
![[Schadprogramm] Windows Restore beseitigt und t.w. noch Probleme](iconimages/plagegeister-aller-art-deren-bekaempfung/schadprogramm-windows-restore-beseitigt-t-w-noch-probleme_ltr.gif)
Baum-Darstellung