| |
| |||||||
Log-Analyse und Auswertung: Vista Desktopsymbolde verschwunden geht so gut wie nix mehrWindows 7 Wenn Du Dir einen Trojaner eingefangen hast oder ständig Viren Warnungen bekommst, kannst Du hier die Logs unserer Diagnose Tools zwecks Auswertung durch unsere Experten posten. Um Viren und Trojaner entfernen zu können, muss das infizierte System zuerst untersucht werden: Erste Schritte zur Hilfe. Beachte dass ein infiziertes System nicht vertrauenswürdig ist und bis zur vollständigen Entfernung der Malware nicht verwendet werden sollte.XML. |
 |
10.05.2011, 19:11
| #1 |
 |  Vista Desktopsymbolde verschwunden geht so gut wie nix mehr Hi Leute hab mir vor 2 tagen nen laptop von kumpel ausgeliehn und nach dem ich ihn anmachte und sein Opera browser benutzen wollte gingen die ganze zeit Fenster auf vom explorer neu gestartet und dann war desktop futsch kann auf viele Programe nicht mehr zu greifen hoffe hier auf schnelle hilfe !!! danke schon mal OTL Logfile: Code:
ATTFilter OTL logfile created on: 10.05.2011 19:30:34 - Run 1 OTL by OldTimer - Version 3.2.22.3 Folder = F:\ Windows Vista Business Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation Internet Explorer (Version = 7.0.6002.18005) Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy 3,00 Gb Total Physical Memory | 3,00 Gb Available Physical Memory | 79,00% Memory free 7,00 Gb Paging File | 7,00 Gb Available in Paging File | 92,00% Paging File free Paging file location(s): C:\pagefile.sys 0 0 [binary data] %SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files Drive C: | 48,83 Gb Total Space | 7,50 Gb Free Space | 15,37% Space Free | Partition Type: NTFS Drive D: | 100,11 Gb Total Space | 57,01 Gb Free Space | 56,94% Space Free | Partition Type: NTFS Drive F: | 961,72 Mb Total Space | 673,97 Mb Free Space | 70,08% Space Free | Partition Type: FAT Computer Name: MARKETING-LAP | User Name: Administrator | Logged in as Administrator. Boot Mode: Normal | Scan Mode: All users Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days ========== Processes (SafeList) ========== PRC - F:\OTL.exe (OldTimer Tools) PRC - C:\Programme\Avira\AntiVir Desktop\avshadow.exe (Avira GmbH) PRC - C:\Programme\Avira\AntiVir Desktop\sched.exe (Avira GmbH) PRC - C:\Programme\Avira\AntiVir Desktop\avguard.exe (Avira GmbH) ========== Modules (SafeList) ========== MOD - F:\OTL.exe (OldTimer Tools) MOD - C:\Windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.6002.18305_none_5cb72f2a088b0ed3\comctl32.dll (Microsoft Corporation) ========== Win32 Services (SafeList) ========== SRV - (AMService) -- File not found SRV - (TuneUp.UtilitiesSvc) -- C:\Program Files\TuneUp Utilities 2011\TuneUpUtilitiesService32.exe (TuneUp Software) SRV - (UxTuneUp) -- C:\Windows\System32\uxtuneup.dll (TuneUp Software) SRV - (AntiVirSchedulerService) -- C:\Program Files\Avira\AntiVir Desktop\sched.exe (Avira GmbH) SRV - (AntiVirService) -- C:\Program Files\Avira\AntiVir Desktop\avguard.exe (Avira GmbH) SRV - (FLEXnet Licensing Service) -- C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe (Acresso Software Inc.) SRV - (AAV UpdateService) -- C:\Program Files\Akademische Arbeitsgemeinschaft\AAVUpdateManager\aavus.exe () SRV - (Adobe Version Cue CS4) -- C:\Program Files\Common Files\Adobe\Adobe Version Cue CS4\Server\bin\VersionCueCS4.exe (Adobe Systems Incorporated) SRV - (WinDefend) -- C:\Programme\Windows Defender\MpSvc.dll (Microsoft Corporation) SRV - (WcesComm) -- C:\Windows\WindowsMobile\wcescomm.dll (Microsoft Corporation) SRV - (RapiMgr) -- C:\Windows\WindowsMobile\rapimgr.dll (Microsoft Corporation) SRV - (AdobeActiveFileMonitor) -- D:\Program Files\Adobe\Photoshop Elements 3.0\PhotoshopElementsFileAgent.exe () SRV - (PhotoshopElementsDeviceConnect) -- D:\Program Files\Adobe\Photoshop Elements 3.0\PhotoshopElementsDeviceConnect.exe () ========== Driver Services (SafeList) ========== DRV - (avipbb) -- C:\Windows\System32\drivers\avipbb.sys (Avira GmbH) DRV - (avgntflt) -- C:\Windows\System32\drivers\avgntflt.sys (Avira GmbH) DRV - (VBoxDrv) -- C:\Windows\System32\drivers\VBoxDrv.sys (Oracle Corporation) DRV - (VBoxNetFlt) -- C:\Windows\System32\drivers\VBoxNetFlt.sys (Oracle Corporation) DRV - (VBoxNetAdp) -- C:\Windows\System32\drivers\VBoxNetAdp.sys (Oracle Corporation) DRV - (VBoxUSBMon) -- C:\Windows\System32\drivers\VBoxUSBMon.sys (Oracle Corporation) DRV - (TuneUpUtilitiesDrv) -- C:\Programme\TuneUp Utilities 2011\TuneUpUtilitiesDriver32.sys (TuneUp Software) DRV - (pwdrvio) -- C:\Windows\System32\pwdrvio.sys () DRV - (pwdspio) -- C:\Windows\System32\pwdspio.sys () DRV - (ssmdrv) -- C:\Windows\System32\drivers\ssmdrv.sys (Avira GmbH) DRV - (StarOpen) -- C:\Windows\System32\drivers\StarOpen.sys () DRV - (winusb) -- C:\Windows\System32\drivers\winusb.sys (Microsoft Corporation) DRV - (USBCCID) -- C:\Windows\System32\drivers\usbccid.sys (Microsoft Corporation) DRV - (nvlddmkm) -- C:\Windows\System32\drivers\nvlddmkm.sys (NVIDIA Corporation) DRV - (avgio) -- C:\Programme\Avira\AntiVir Desktop\avgio.sys (Avira GmbH) DRV - (BVRPMPR5) -- C:\Windows\System32\drivers\BVRPMPR5.SYS (Avanquest Software) DRV - (DNE) -- C:\Windows\System32\drivers\dne2000.sys (Deterministic Networks, Inc.) DRV - (NETw3v32) Intel(R) -- C:\Windows\System32\drivers\NETw3v32.sys (Intel Corporation) DRV - (ApfiltrService) -- C:\Windows\System32\drivers\Apfiltr.sys (Alps Electric Co., Ltd.) DRV - (RemoteControl-USBLAN) -- C:\Windows\System32\drivers\rcblan.sys (Belcarra Technologies) ========== Standard Registry (SafeList) ========== ========== Internet Explorer ========== IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 IE - HKU\S-1-5-20\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 IE - HKU\S-1-5-21-2477383873-555130815-950272694-500\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 FF - HKLM\software\mozilla\Firefox\Extensions\\{9A611894-845A-4041-8FA9-48C6ADB2BA14}: C:\Users\Administrator\AppData\Local\{9A611894-845A-4041-8FA9-48C6ADB2BA14} [2011.05.05 22:17:48 | 000,000,000 | ---D | M] FF - HKLM\software\mozilla\Mozilla Firefox 3.6.2pre\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2011.04.02 20:41:59 | 000,000,000 | ---D | M] FF - HKLM\software\mozilla\Mozilla Firefox 3.6.2pre\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2011.04.02 20:41:59 | 000,000,000 | ---D | M] [2011.04.03 21:54:45 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Administrator\AppData\Roaming\mozilla\Extensions [2010.01.01 19:05:00 | 000,000,000 | ---D | M] (No name found) -- C:\Programme\Mozilla Firefox\extensions [2006.09.26 12:03:14 | 000,098,304 | ---- | M] (Zylom) -- C:\Programme\Mozilla Firefox\plugins\npzylomgamesplayer.dll [2010.03.26 14:08:42 | 000,001,392 | ---- | M] () -- C:\Programme\Mozilla Firefox\searchplugins\amazondotcom-de.xml [2010.03.26 14:08:42 | 000,002,344 | ---- | M] () -- C:\Programme\Mozilla Firefox\searchplugins\eBay-de.xml [2010.03.26 14:08:42 | 000,006,805 | ---- | M] () -- C:\Programme\Mozilla Firefox\searchplugins\leo_ende_de.xml [2010.03.26 14:08:42 | 000,001,178 | ---- | M] () -- C:\Programme\Mozilla Firefox\searchplugins\wikipedia-de.xml [2010.03.26 14:08:42 | 000,001,105 | ---- | M] () -- C:\Programme\Mozilla Firefox\searchplugins\yahoo-de.xml Hosts file not found O2 - BHO: (Spybot-S&D IE Protection) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Programme\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited) O2 - BHO: (Adobe PDF Conversion Toolbar Helper) - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Programme\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated) O2 - BHO: (SmartSelect Class) - {F4971EE7-DAA0-4053-9964-665D8EE6A077} - C:\Programme\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated) O3 - HKLM\..\Toolbar: (Adobe PDF) - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Programme\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated) O3 - HKU\S-1-5-21-2477383873-555130815-950272694-500\..\Toolbar\WebBrowser: (Adobe PDF) - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Programme\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated) O4 - HKLM..\Run: [] File not found O4 - HKLM..\Run: [Apoint] C:\Programme\DellTPad\Apoint.exe (Alps Electric Co., Ltd.) O4 - HKLM..\Run: [avgnt] C:\Program Files\Avira\AntiVir Desktop\avgnt.exe (Avira GmbH) O4 - HKLM..\Run: [Windows Mobile-based device management] C:\Windows\WindowsMobile\wmdSync.exe (Microsoft Corporation) O4 - HKU\.DEFAULT..\Run: [AMService] File not found O4 - HKU\S-1-5-18..\Run: [AMService] File not found O4 - HKU\S-1-5-20..\Run: [4E3E0230AEBB4E96] File not found O4 - HKU\S-1-5-20..\Run: [WindowsWelcomeCenter] C:\Windows\System32\oobefldr.dll (Microsoft Corporation) O4 - HKLM..\RunOnce: [*WerKernelReporting] C:\Windows\System32\WerFault.exe (Microsoft Corporation) O4 - HKLM..\RunOnce: [BrowserBallot] C:\Windows\System32\browserchoice.exe (Microsoft Corporation) O4 - HKLM..\RunOnce: [InnoSetupRegFile.0000000001] C:\Windows\is-MRLS1.exe () O7 - HKU\S-1-5-21-2477383873-555130815-950272694-500\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 0 O7 - HKU\S-1-5-21-2477383873-555130815-950272694-500\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoWindowsUpdate = 1 O7 - HKU\S-1-5-21-2477383873-555130815-950272694-500\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoLowDiskSpaceChecks = 1 O7 - HKU\S-1-5-21-2477383873-555130815-950272694-500\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutorun = 0 O8 - Extra context menu item: An vorhandene PDF-Datei anfügen - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated) O8 - Extra context menu item: Free YouTube to MP3 Converter - C:\Users\Administrator\AppData\Roaming\DVDVideoSoftIEHelpers\freeyoutubetomp3converter.htm () O8 - Extra context menu item: In Adobe PDF konvertieren - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated) O8 - Extra context menu item: Linkziel an vorhandene PDF-Datei anhängen - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated) O8 - Extra context menu item: Linkziel in Adobe PDF konvertieren - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated) O8 - Extra context menu item: Nach Microsoft E&xel exportieren - C:\Programme\Microsoft Office\Office12\EXCEL.EXE (Microsoft Corporation) O9 - Extra Button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\Programme\Microsoft Office\Office12\REFIEBAR.DLL (Microsoft Corporation) O9 - Extra 'Tools' menuitem : Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Programme\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited) O13 - gopher Prefix: missing O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_17-windows-i586.cab (Java Plug-in 1.6.0_17) O16 - DPF: {CAFEEFAC-0016-0000-0017-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_17-windows-i586.cab (Java Plug-in 1.6.0_17) O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_17-windows-i586.cab (Java Plug-in 1.6.0_17) O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} hxxp://fpdownload2.macromedia.com/get/flashplayer/current/swflash.cab (Shockwave Flash Object) O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.178.1 O18 - Protocol\Handler\ms-help {314111c7-a502-11d2-bbca-00c04f8ec294} - C:\Programme\Common Files\microsoft shared\Help\hxds.dll (Microsoft Corporation) O18 - Protocol\Filter\text/xml {807563E5-5146-11D5-A672-00B0D022E945} - C:\Programme\Common Files\microsoft shared\OFFICE12\MSOXMLMF.DLL (Microsoft Corporation) O20 - HKLM Winlogon: Shell - (Explorer.exe) - File not found O24 - Desktop WallPaper: C:\Users\Public\Pictures\Sample Pictures\bioshock-2-the-sisters-wallpaper.jpg O24 - Desktop BackupWallPaper: C:\Users\Public\Pictures\Sample Pictures\bioshock-2-the-sisters-wallpaper.jpg O32 - HKLM CDRom: AutoRun - 1 O32 - AutoRun File - [2006.09.18 23:43:36 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ] O33 - MountPoints2\{1a7a12b8-5e7f-11e0-9f1a-f227c6c79f67}\Shell\AutoRun\command - "" = J:\csmgho.exe O33 - MountPoints2\{1a7a12b8-5e7f-11e0-9f1a-f227c6c79f67}\Shell\open\Command - "" = J:\csmgho.exe O33 - MountPoints2\{c815f2e3-5712-11e0-a9ce-001c234e51de}\Shell\AutoRun\command - "" = G:\ O33 - MountPoints2\{c815f2e3-5712-11e0-a9ce-001c234e51de}\Shell\linuxlive\command - "" = VirtualBox\Virtualize_This_Key.exe O33 - MountPoints2\{c815f2e3-5712-11e0-a9ce-001c234e51de}\Shell\linuxlive2\command - "" = VirtualBox\VirtualBox.exe O33 - MountPoints2\{d203706b-5d31-11e0-9dc9-080027005424}\Shell - "" = AutoRun O33 - MountPoints2\{d203706b-5d31-11e0-9dc9-080027005424}\Shell\AutoRun\command - "" = H:\LaunchU3.exe -a O34 - HKLM BootExecute: (autocheck autochk *) - File not found O35 - HKLM\..comfile [open] -- "%1" %* O35 - HKLM\..exefile [open] -- "%1" %* O37 - HKLM\...com [@ = comfile] -- "%1" %* O37 - HKLM\...exe [@ = exefile] -- "%1" %* ========== Files/Folders - Created Within 30 Days ========== [2011.05.09 20:43:49 | 000,000,000 | ---D | C] -- C:\Users\Administrator\AppData\Roaming\Canneverbe Limited [2011.05.08 19:07:34 | 000,000,000 | -H-D | C] -- C:\Windows\PIF [2011.05.08 17:32:45 | 000,017,920 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\netevent.dll [2011.05.08 17:32:33 | 000,876,032 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\XpsPrint.dll [2011.05.07 16:55:13 | 004,240,384 | ---- | C] (Microsoft) -- C:\Windows\System32\GameUXLegacyGDFs.dll [2011.05.07 16:55:13 | 000,028,672 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\Apphlpdm.dll [2011.05.07 16:27:50 | 000,295,264 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\PresentationHost.exe [2011.05.07 16:27:50 | 000,099,176 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\PresentationHostProxy.dll [2011.05.07 16:27:50 | 000,049,472 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\netfxperf.dll [2011.05.07 16:22:04 | 000,000,000 | ---D | C] -- C:\Windows\System32\WindowsPowerShell [2011.05.07 16:21:04 | 000,002,048 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\winrsmgr.dll [2011.05.07 16:20:57 | 000,040,448 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\winrs.exe [2011.05.07 16:20:57 | 000,020,480 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\winrshost.exe [2011.05.07 16:20:57 | 000,012,800 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\wsmprovhost.exe [2011.05.07 16:20:57 | 000,010,240 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\wsmplpxy.dll [2011.05.07 16:20:57 | 000,010,240 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\winrssrv.dll [2011.05.07 16:20:55 | 000,081,408 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\wevtfwd.dll [2011.05.07 16:20:55 | 000,079,872 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\wecutil.exe [2011.05.07 16:20:55 | 000,056,320 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\wecapi.dll [2011.05.07 16:20:55 | 000,054,272 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\WsmRes.dll [2011.05.07 16:20:55 | 000,041,472 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\pwrshplugin.dll [2011.05.07 16:20:51 | 000,252,416 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\WSManMigrationPlugin.dll [2011.05.07 16:20:51 | 000,246,272 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\WSManHTTPConfig.exe [2011.05.07 16:20:51 | 000,241,152 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\winrscmd.dll [2011.05.07 16:20:51 | 000,214,016 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\WsmWmiPl.dll [2011.05.07 16:20:51 | 000,145,408 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\WsmAuto.dll [2011.05.07 15:54:56 | 000,413,696 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\odbc32.dll [2011.05.07 15:54:48 | 000,292,864 | ---- | C] (Adobe Systems Incorporated) -- C:\Windows\System32\atmfd.dll [2011.05.07 15:54:48 | 000,072,704 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\fontsub.dll [2011.05.07 15:54:48 | 000,034,304 | ---- | C] (Adobe Systems) -- C:\Windows\System32\atmlib.dll [2011.05.07 15:54:33 | 008,147,456 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\wmploc.DLL [2011.05.07 15:53:53 | 003,602,320 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ntkrnlpa.exe [2011.05.07 15:53:53 | 000,000,000 | -H-D | C] -- C:\Recycle.Bin [2011.05.07 15:53:52 | 003,550,096 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ntoskrnl.exe [2011.05.07 15:53:42 | 000,025,088 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\dnscacheugc.exe [2011.05.07 15:53:41 | 000,081,920 | ---- | C] (Radius Inc.) -- C:\Windows\System32\iccvid.dll [2011.05.07 15:53:35 | 001,162,240 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mfc42u.dll [2011.05.07 15:53:35 | 001,136,640 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mfc42.dll [2011.05.07 15:45:52 | 000,000,000 | ---D | C] -- C:\Programme\Windows Portable Devices [2011.05.07 15:26:51 | 000,979,456 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\MFH264Dec.dll [2011.05.07 15:26:51 | 000,478,720 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\dxgi.dll [2011.05.07 15:26:51 | 000,135,680 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\XpsRasterService.dll [2011.05.07 15:26:50 | 002,873,344 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mf.dll [2011.05.07 15:26:50 | 000,667,648 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\printfilterpipelinesvc.exe [2011.05.07 15:26:50 | 000,357,376 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\MFHEAACdec.dll [2011.05.07 15:26:50 | 000,302,592 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mfmp4src.dll [2011.05.07 15:26:50 | 000,261,632 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mfreadwrite.dll [2011.05.07 15:26:50 | 000,037,376 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\cdd.dll [2011.05.07 15:26:49 | 000,209,920 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mfplat.dll [2011.05.07 15:26:48 | 000,098,816 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mfps.dll [2011.05.07 15:26:48 | 000,026,112 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\printfilterpipelineprxy.dll [2011.05.07 15:26:22 | 000,067,072 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\asycfilt.dll [2011.05.07 15:26:03 | 000,157,184 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\t2embed.dll [2011.05.07 15:26:00 | 002,452,872 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ieapfltr.dat [2011.05.07 15:25:58 | 000,671,232 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mstime.dll [2011.05.07 15:25:58 | 000,471,040 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msfeeds.dll [2011.05.07 15:25:58 | 000,389,632 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\html.iec [2011.05.07 15:25:58 | 000,193,024 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\iepeers.dll [2011.05.07 15:25:58 | 000,180,736 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ieui.dll [2011.05.07 15:25:57 | 000,380,928 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ieapfltr.dll [2011.05.07 15:25:57 | 000,078,336 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ieencode.dll [2011.05.07 15:25:42 | 002,041,856 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\win32k.sys [2011.05.07 15:25:40 | 001,169,408 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\sdclt.exe [2011.05.07 15:25:33 | 001,696,256 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\gameux.dll [2011.05.07 15:25:24 | 000,317,952 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\MP4SDECD.DLL [2011.05.07 15:25:23 | 000,512,000 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\jscript.dll [2011.05.07 15:25:23 | 000,430,080 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\vbscript.dll [2011.05.07 15:25:16 | 001,172,480 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\d3d10warp.dll [2011.05.07 15:25:16 | 001,068,544 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\DWrite.dll [2011.05.07 15:25:16 | 001,029,120 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\d3d10.dll [2011.05.07 15:25:16 | 000,683,008 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\d2d1.dll [2011.05.07 15:25:16 | 000,160,768 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\d3d10_1.dll [2011.05.07 15:25:15 | 001,554,432 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\xpsservices.dll [2011.05.07 15:25:15 | 000,847,360 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\OpcServices.dll [2011.05.07 15:25:15 | 000,486,400 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\d3d10level9.dll [2011.05.07 15:25:15 | 000,288,768 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\XpsGdiConverter.dll [2011.05.07 15:25:15 | 000,219,648 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\d3d10_1core.dll [2011.05.07 15:25:15 | 000,189,952 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\d3d10core.dll [2011.05.07 15:24:58 | 000,954,752 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mfc40.dll [2011.05.07 15:24:58 | 000,954,288 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mfc40u.dll [2011.05.07 15:24:56 | 000,036,864 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\rtutils.dll [2011.05.07 15:24:55 | 000,867,328 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\wmpmde.dll [2011.05.07 15:24:54 | 000,429,056 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\EncDec.dll [2011.05.07 15:24:54 | 000,322,560 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\sbe.dll [2011.05.07 15:24:54 | 000,177,664 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mpg2splt.ax [2011.05.07 15:24:54 | 000,153,088 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\sbeio.dll [2011.05.07 15:24:52 | 000,220,672 | ---- | C] (Fraunhofer Institut Integrierte Schaltungen IIS) -- C:\Windows\System32\l3codecp.acm [2011.05.07 15:24:52 | 000,062,464 | ---- | C] (Fraunhofer Institut Integrierte Schaltungen IIS) -- C:\Windows\System32\l3codeca.acm [2011.05.07 15:24:30 | 000,352,768 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\taskschd.dll [2011.05.07 15:24:30 | 000,345,600 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\wmicmiplugin.dll [2011.05.07 15:24:30 | 000,270,336 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\taskcomp.dll [2011.05.07 15:24:27 | 000,081,920 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\consent.exe [2011.05.07 15:24:17 | 000,002,048 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\tzres.dll [2011.05.07 15:23:16 | 001,164,800 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\UIRibbonRes.dll [2011.05.07 15:23:16 | 000,092,672 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\UIAnimation.dll [2011.05.07 15:23:15 | 003,023,360 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\UIRibbon.dll [2011.05.07 15:22:37 | 000,369,664 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\WMPhoto.dll [2011.05.07 15:22:36 | 000,519,680 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\d3d11.dll [2011.05.07 15:22:36 | 000,321,024 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\PhotoMetadataHandler.dll [2011.05.07 15:22:36 | 000,252,928 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\dxdiag.exe [2011.05.07 15:22:36 | 000,195,584 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\dxdiagn.dll [2011.05.07 15:22:36 | 000,189,440 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\WindowsCodecsExt.dll [2011.05.07 15:22:09 | 000,031,232 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\BthMtpContextHandler.dll [2011.05.07 15:22:09 | 000,030,208 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\WPDShextAutoplay.exe [2011.05.07 15:22:08 | 000,060,928 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\PortableDeviceConnectApi.dll [2011.05.07 15:22:07 | 000,546,816 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\wpd_ci.dll [2011.05.07 15:22:07 | 000,061,952 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\WpdMtpUS.dll [2011.05.07 15:22:07 | 000,033,280 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\WpdConns.dll [2011.05.07 15:22:06 | 000,350,208 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\WPDSp.dll [2011.05.07 15:22:06 | 000,334,848 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\PortableDeviceApi.dll [2011.05.07 15:22:06 | 000,226,816 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\WpdMtp.dll [2011.05.07 15:22:06 | 000,196,608 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\PortableDeviceWMDRM.dll [2011.05.07 15:22:06 | 000,160,256 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\PortableDeviceTypes.dll [2011.05.07 15:22:06 | 000,100,864 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\PortableDeviceClassExtension.dll [2011.05.07 15:21:12 | 000,555,520 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\UIAutomationCore.dll [2011.05.07 15:21:12 | 000,004,096 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\oleaccrc.dll [2011.05.07 15:18:22 | 000,293,376 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\browserchoice.exe [2011.05.07 15:14:37 | 000,024,064 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\nshhttp.dll [2011.05.07 15:14:35 | 000,030,720 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\httpapi.dll [2011.05.07 15:12:45 | 000,000,000 | ---D | C] -- C:\Programme\MSXML 4.0 [2011.05.07 15:08:37 | 000,231,424 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msshsq.dll [2011.05.07 15:04:40 | 000,302,592 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\wlansec.dll [2011.05.07 15:04:40 | 000,293,376 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\wlanmsm.dll [2011.05.07 15:04:40 | 000,127,488 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\L2SecHC.dll [2011.05.07 15:04:40 | 000,065,024 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\wlanapi.dll [2011.05.07 15:04:18 | 000,623,616 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\localspl.dll [2011.05.07 15:04:16 | 000,010,240 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\dciman32.dll [2011.05.07 15:03:50 | 000,105,984 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\netiohlp.dll [2011.05.07 15:03:50 | 000,027,136 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\NETSTAT.EXE [2011.05.07 15:03:50 | 000,019,968 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ARP.EXE [2011.05.07 15:03:50 | 000,010,240 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\finger.exe [2011.05.07 15:03:50 | 000,008,704 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\HOSTNAME.EXE [2011.05.07 15:03:49 | 000,017,920 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ROUTE.EXE [2011.05.07 15:03:49 | 000,011,264 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\MRINFO.EXE [2011.05.07 15:02:51 | 002,386,944 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\WMVCORE.DLL [2011.05.07 15:02:39 | 000,714,240 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\timedate.cpl [2011.05.07 15:01:53 | 001,259,008 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\lsasrv.dll [2011.05.07 15:01:21 | 000,043,520 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msdxm.tlb [2011.05.07 15:01:21 | 000,018,432 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\amcompat.tlb [2011.05.07 15:01:17 | 000,526,336 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\RMActivate_isv.exe [2011.05.07 15:01:17 | 000,471,552 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\secproc_isv.dll [2011.05.07 15:01:17 | 000,471,552 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\secproc.dll [2011.05.07 15:01:17 | 000,346,624 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\RMActivate_ssp_isv.exe [2011.05.07 15:01:16 | 000,518,144 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\RMActivate.exe [2011.05.07 15:01:16 | 000,347,136 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\RMActivate_ssp.exe [2011.05.07 15:01:16 | 000,332,288 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msdrm.dll [2011.05.07 15:01:16 | 000,152,576 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\secproc_ssp_isv.dll [2011.05.07 15:01:16 | 000,152,064 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\secproc_ssp.dll [2011.05.07 15:01:10 | 000,243,712 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\rastls.dll [2011.05.07 15:01:09 | 000,604,672 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\WMSPDMOD.DLL [2011.05.07 15:01:08 | 001,314,816 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\quartz.dll [2011.05.07 15:01:08 | 000,091,136 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\avifil32.dll [2011.05.07 15:01:08 | 000,082,944 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mciavi32.dll [2011.05.07 15:01:07 | 000,355,328 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\WSDApi.dll [2011.05.07 15:01:07 | 000,123,904 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msvfw32.dll [2011.05.07 14:59:04 | 000,310,784 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\unregmp2.exe [2011.05.07 14:59:03 | 000,007,680 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\spwmp.dll [2011.05.07 14:59:02 | 000,004,096 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msdxm.ocx [2011.05.07 14:59:02 | 000,004,096 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\dxmasf.dll [2011.05.07 14:58:44 | 000,044,768 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\wups2.dll [2011.05.07 14:58:43 | 002,421,760 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\wucltux.dll [2011.05.07 14:58:26 | 000,575,704 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\wuapi.dll [2011.05.07 14:58:26 | 000,087,552 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\wudriver.dll [2011.05.07 14:58:26 | 000,035,552 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\wups.dll [2011.05.07 14:58:21 | 000,171,608 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\wuwebv.dll [2011.05.07 14:58:21 | 000,033,792 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\wuapp.exe [2011.05.07 11:22:28 | 000,000,000 | -HSD | C] -- C:\found.003 [2011.05.06 18:52:24 | 000,000,000 | ---D | C] -- C:\Windows\System32\MpEngineStore [2011.05.06 14:16:29 | 000,000,000 | ---D | C] -- C:\Users\Administrator\AppData\Roaming\Avira [2011.05.05 22:17:48 | 000,000,000 | ---D | C] -- C:\Users\Administrator\AppData\Local\{9A611894-845A-4041-8FA9-48C6ADB2BA14} [2011.05.05 21:32:44 | 000,000,000 | ---D | C] -- C:\Users\Administrator\AppData\Roaming\Opera [2011.05.05 21:32:44 | 000,000,000 | ---D | C] -- C:\Users\Administrator\AppData\Local\Opera [2011.04.23 03:01:15 | 000,000,000 | ---D | C] -- C:\Users\Administrator\Documents\My Games [2011.04.23 02:57:55 | 000,107,888 | ---- | C] (Sony DADC Austria AG.) -- C:\Windows\System32\CmdLineExt.dll [2011.04.22 05:17:01 | 000,000,000 | ---D | C] -- C:\Users\Administrator\Documents\MEMENTO [2011.04.22 04:17:10 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\dtp entertainment [2011.04.21 22:39:28 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ASCARON Entertainment [2011.04.21 22:34:44 | 000,000,000 | -HSD | C] -- C:\Windows\ftpcache [2011.04.21 22:21:39 | 000,000,000 | ---D | C] -- C:\Users\Administrator\AppData\Roaming\Media Player Classic [2 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ] ========== Files - Modified Within 30 Days ========== [2011.05.10 18:32:15 | 000,003,648 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0 [2011.05.10 18:32:15 | 000,003,648 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0 [2011.05.10 18:32:07 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat [2011.05.10 18:32:07 | 000,036,864 | ---- | M] () -- C:\Windows\System32\umstartup.etl [2011.05.10 18:32:05 | 3755,966,464 | -HS- | M] () -- C:\hiberfil.sys [2011.05.10 00:39:12 | 000,240,123 | ---- | M] () -- C:\ProgramData\nvModes.001 [2011.05.10 00:39:11 | 000,000,318 | -H-- | M] () -- C:\Windows\tasks\{BBAEAEAF-1275-40e2-BD6C-BC8F88BD114A}.job [2011.05.10 00:39:09 | 000,000,262 | -H-- | M] () -- C:\Windows\tasks\{810401E2-DDE0-454e-B0E2-AA89C9E5967C}.job [2011.05.10 00:03:59 | 000,001,166 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-1376967859-582049725-33702389-1124UA.job [2011.05.09 23:00:01 | 002,407,184 | ---- | M] () -- C:\Windows\System32\FNTCACHE.DAT [2011.05.09 21:26:01 | 000,240,123 | ---- | M] () -- C:\ProgramData\nvModes.dat [2011.05.09 21:04:00 | 000,001,114 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-1376967859-582049725-33702389-1124Core.job [2011.05.09 20:43:48 | 001,556,992 | ---- | M] () -- C:\Windows\is-MRLS1.exe [2011.05.09 20:43:48 | 000,025,599 | ---- | M] () -- C:\Windows\is-MRLS1.msg [2011.05.09 20:43:48 | 000,001,775 | ---- | M] () -- C:\Users\Public\Desktop\CDBurnerXP.lnk [2011.05.09 20:43:48 | 000,000,346 | ---- | M] () -- C:\Windows\is-MRLS1.lst [2011.05.07 15:35:35 | 000,000,000 | -H-- | M] () -- C:\Windows\System32\drivers\Msft_User_WpdMtpDr_01_07_00.Wdf [2011.05.07 15:35:31 | 000,000,000 | -H-- | M] () -- C:\Windows\System32\drivers\Msft_User_WpdFs_01_07_00.Wdf [2011.05.07 03:33:51 | 000,600,112 | ---- | M] () -- C:\Windows\System32\perfh009.dat [2011.05.07 03:33:51 | 000,134,200 | ---- | M] () -- C:\Windows\System32\perfc007.dat [2011.05.07 03:33:51 | 000,111,740 | ---- | M] () -- C:\Windows\System32\perfc009.dat [2011.05.07 03:33:51 | 000,000,000 | ---- | M] () -- C:\Windows\System32\perfh007.dat [2011.05.06 16:55:57 | 000,000,000 | ---- | M] () -- C:\Users\Administrator\AppData\Local\Xzuxure.bin [2011.05.06 15:35:31 | 000,000,680 | ---- | M] () -- C:\Users\Administrator\AppData\Local\d3d9caps.dat [2011.05.06 13:54:28 | 000,001,829 | ---- | M] () -- C:\Users\Public\Desktop\TuneUp 1-Klick-Wartung.lnk [2011.05.06 13:54:28 | 000,001,825 | ---- | M] () -- C:\Users\Public\Desktop\TuneUp Utilities 2011.lnk [2011.05.05 22:17:50 | 000,000,120 | ---- | M] () -- C:\Users\Administrator\AppData\Local\Mkafevedecote.dat [2011.05.05 21:34:54 | 000,001,574 | ---- | M] () -- C:\Users\Public\Desktop\Opera.lnk [2011.04.23 02:57:55 | 000,107,888 | ---- | M] (Sony DADC Austria AG.) -- C:\Windows\System32\CmdLineExt.dll [2011.04.21 22:39:28 | 000,000,659 | ---- | M] () -- C:\Users\Administrator\Desktop\ANSTOSS 2007.lnk [2011.04.21 22:12:38 | 000,247,296 | ---- | M] () -- C:\Users\Administrator\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini [2 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ] ========== Files Created - No Company Name ========== [2011.05.09 21:14:03 | 000,000,318 | -H-- | C] () -- C:\Windows\tasks\{BBAEAEAF-1275-40e2-BD6C-BC8F88BD114A}.job [2011.05.09 20:43:48 | 001,556,992 | ---- | C] () -- C:\Windows\is-MRLS1.exe [2011.05.09 20:43:48 | 000,025,599 | ---- | C] () -- C:\Windows\is-MRLS1.msg [2011.05.09 20:43:48 | 000,001,775 | ---- | C] () -- C:\Users\Public\Desktop\CDBurnerXP.lnk [2011.05.09 20:43:48 | 000,001,725 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\CDBurnerXP.lnk [2011.05.09 20:43:48 | 000,000,346 | ---- | C] () -- C:\Windows\is-MRLS1.lst [2011.05.08 22:15:39 | 3755,966,464 | -HS- | C] () -- C:\hiberfil.sys [2011.05.08 20:38:29 | 000,000,262 | -H-- | C] () -- C:\Windows\tasks\{810401E2-DDE0-454e-B0E2-AA89C9E5967C}.job [2011.05.07 16:20:52 | 000,201,184 | ---- | C] () -- C:\Windows\System32\winrm.vbs [2011.05.07 16:20:52 | 000,004,675 | ---- | C] () -- C:\Windows\System32\wsmanconfig_schema.xml [2011.05.07 16:20:52 | 000,002,426 | ---- | C] () -- C:\Windows\System32\WsmTxt.xsl [2011.05.07 15:35:35 | 000,000,000 | -H-- | C] () -- C:\Windows\System32\drivers\Msft_User_WpdMtpDr_01_07_00.Wdf [2011.05.07 15:35:31 | 000,000,000 | -H-- | C] () -- C:\Windows\System32\drivers\Msft_User_WpdFs_01_07_00.Wdf [2011.05.07 15:04:40 | 002,501,921 | ---- | C] () -- C:\Windows\System32\wlan.tmf [2011.05.06 14:11:11 | 000,000,680 | ---- | C] () -- C:\Users\Administrator\AppData\Local\d3d9caps.dat [2011.05.06 13:54:28 | 000,001,829 | ---- | C] () -- C:\Users\Public\Desktop\TuneUp 1-Klick-Wartung.lnk [2011.05.05 22:17:50 | 000,000,120 | ---- | C] () -- C:\Users\Administrator\AppData\Local\Mkafevedecote.dat [2011.05.05 22:17:50 | 000,000,000 | ---- | C] () -- C:\Users\Administrator\AppData\Local\Xzuxure.bin [2011.05.05 21:34:54 | 000,001,586 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Opera.lnk [2011.05.05 21:34:54 | 000,001,574 | ---- | C] () -- C:\Users\Public\Desktop\Opera.lnk [2011.04.21 22:39:28 | 000,000,659 | ---- | C] () -- C:\Users\Administrator\Desktop\ANSTOSS 2007.lnk [2011.04.03 10:45:50 | 000,001,536 | ---- | C] () -- C:\Windows\EyeCand3.INI [2011.04.03 08:14:39 | 000,000,209 | ---- | C] () -- C:\Windows\ODBCINST.INI [2011.04.02 23:08:43 | 000,025,773 | ---- | C] () -- C:\Users\Administrator\AppData\Roaming\UserTile.png [2011.04.02 20:42:55 | 000,000,014 | ---- | C] () -- C:\Windows\popcinfo.dat [2011.03.26 14:15:23 | 000,001,057 | ---- | C] () -- C:\Users\Administrator\AppData\Roaming\vso_ts_preview.xml [2011.03.25 22:18:42 | 000,725,064 | ---- | C] () -- C:\Windows\System32\pwNative.exe [2011.03.25 22:18:42 | 000,016,472 | ---- | C] () -- C:\Windows\System32\pwdrvio.sys [2011.03.25 22:18:37 | 000,011,104 | ---- | C] () -- C:\Windows\System32\pwdspio.sys [2011.03.25 21:42:34 | 000,247,296 | ---- | C] () -- C:\Users\Administrator\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini [2010.03.09 12:08:17 | 000,001,008 | ---- | C] () -- C:\Windows\wininit.ini [2010.01.01 19:08:10 | 000,000,000 | ---- | C] () -- C:\Windows\nsreg.dat [2009.11.13 23:04:19 | 000,000,478 | ---- | C] () -- C:\Windows\crackpdf.INI [2009.11.12 17:59:14 | 000,000,056 | -H-- | C] () -- C:\Windows\System32\ezsidmv.dat [2009.11.11 04:32:56 | 000,000,046 | ---- | C] () -- C:\Windows\PCCT.INI [2009.11.11 01:36:34 | 000,007,168 | ---- | C] () -- C:\Windows\System32\drivers\StarOpen.sys [2009.11.10 18:38:37 | 000,940,608 | RHS- | C] () -- C:\Windows\System32\csrcs.exe [2009.11.10 18:38:37 | 000,940,608 | ---- | C] () -- C:\Windows\System32\73517313.exe [2009.11.10 18:30:51 | 000,240,123 | ---- | C] () -- C:\ProgramData\nvModes.001 [2009.11.10 18:30:50 | 000,240,123 | ---- | C] () -- C:\ProgramData\nvModes.dat [2009.11.10 18:29:15 | 001,724,416 | ---- | C] () -- C:\Windows\System32\nvwdmcpl.dll [2009.11.10 18:29:15 | 001,657,376 | ---- | C] () -- C:\Windows\System32\nwiz.exe [2009.11.10 18:29:15 | 001,503,232 | ---- | C] () -- C:\Windows\System32\nView.dll [2009.11.10 18:29:15 | 001,101,824 | ---- | C] () -- C:\Windows\System32\nvwimg.dll [2009.11.10 18:29:15 | 000,466,944 | ---- | C] () -- C:\Windows\System32\nvShell.dll [2009.11.10 18:29:15 | 000,449,056 | ---- | C] () -- C:\Windows\System32\nvAppBar.exe [2009.11.10 18:29:15 | 000,158,240 | ---- | C] () -- C:\Windows\System32\nvTaskbar.exe [2009.11.10 07:46:25 | 000,178,176 | ---- | C] () -- C:\Windows\System32\unrar.dll [2009.11.10 07:17:15 | 000,000,111 | ---- | C] () -- C:\Windows\installation.ini [2009.11.10 06:45:39 | 000,120,200 | ---- | C] () -- C:\Windows\System32\DLLDEV32i.dll [2009.11.10 06:01:05 | 000,062,976 | ---- | C] () -- C:\Windows\System32\PrintBrmUi.exe [2009.11.10 06:00:58 | 000,117,248 | ---- | C] () -- C:\Windows\System32\EhStorAuthn.dll [2009.11.10 06:00:20 | 000,107,612 | ---- | C] () -- C:\Windows\System32\StructuredQuerySchema.bin [2009.11.10 06:00:20 | 000,018,904 | ---- | C] () -- C:\Windows\System32\StructuredQuerySchemaTrivial.bin [2009.06.19 20:06:22 | 000,197,912 | ---- | C] () -- C:\Windows\System32\physxcudart_20.dll [2009.06.19 20:06:22 | 000,058,648 | ---- | C] () -- C:\Windows\System32\AgCPanelTraditionalChinese.dll [2009.06.19 20:06:22 | 000,058,648 | ---- | C] () -- C:\Windows\System32\AgCPanelSwedish.dll [2009.06.19 20:06:22 | 000,058,648 | ---- | C] () -- C:\Windows\System32\AgCPanelSpanish.dll [2009.06.19 20:06:22 | 000,058,648 | ---- | C] () -- C:\Windows\System32\AgCPanelSimplifiedChinese.dll [2009.06.19 20:06:22 | 000,058,648 | ---- | C] () -- C:\Windows\System32\AgCPanelPortugese.dll [2009.06.19 20:06:22 | 000,058,648 | ---- | C] () -- C:\Windows\System32\AgCPanelKorean.dll [2009.06.19 20:06:22 | 000,058,648 | ---- | C] () -- C:\Windows\System32\AgCPanelJapanese.dll [2009.06.19 20:06:22 | 000,058,648 | ---- | C] () -- C:\Windows\System32\AgCPanelGerman.dll [2009.06.19 20:06:22 | 000,058,648 | ---- | C] () -- C:\Windows\System32\AgCPanelFrench.dll [2008.11.06 18:37:32 | 003,596,288 | ---- | C] () -- C:\Windows\System32\qt-dx331.dll [2006.11.02 18:10:16 | 000,080,912 | ---- | C] () -- C:\Windows\System32\sherlock2.exe [2006.11.02 17:42:41 | 000,290,748 | ---- | C] () -- C:\Windows\System32\perfi007.dat [2006.11.02 17:42:41 | 000,134,200 | ---- | C] () -- C:\Windows\System32\perfc007.dat [2006.11.02 17:42:41 | 000,036,916 | ---- | C] () -- C:\Windows\System32\perfd007.dat [2006.11.02 17:42:41 | 000,000,000 | ---- | C] () -- C:\Windows\System32\perfh007.dat [2006.11.02 14:56:48 | 000,067,584 | --S- | C] () -- C:\Windows\bootstat.dat [2006.11.02 14:47:43 | 002,407,184 | ---- | C] () -- C:\Windows\System32\FNTCACHE.DAT [2006.11.02 12:33:01 | 000,600,112 | ---- | C] () -- C:\Windows\System32\perfh009.dat [2006.11.02 12:33:01 | 000,287,440 | ---- | C] () -- C:\Windows\System32\perfi009.dat [2006.11.02 12:33:01 | 000,111,740 | ---- | C] () -- C:\Windows\System32\perfc009.dat [2006.11.02 12:33:01 | 000,030,674 | ---- | C] () -- C:\Windows\System32\perfd009.dat [2006.11.02 12:23:21 | 000,215,943 | ---- | C] () -- C:\Windows\System32\dssec.dat [2006.11.02 10:58:30 | 000,043,131 | ---- | C] () -- C:\Windows\mib.bin [2006.11.02 10:19:00 | 000,000,741 | ---- | C] () -- C:\Windows\System32\NOISE.DAT [2006.11.02 09:40:29 | 000,013,750 | ---- | C] () -- C:\Windows\System32\pacerprf.ini [2006.11.02 09:25:31 | 000,673,088 | ---- | C] () -- C:\Windows\System32\mlang.dat [2001.07.20 07:09:58 | 000,196,608 | ---- | C] () -- C:\Windows\System32\swfobjs.dll ========== Alternate Data Streams ========== @Alternate Data Stream - 134 bytes -> C:\ProgramData\TEMP:054B9966 < End of report > OTL Logfile: Code:
ATTFilter OTL Extras logfile created on: 10.05.2011 19:30:34 - Run 1
OTL by OldTimer - Version 3.2.22.3 Folder = F:\
Windows Vista Business Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation
Internet Explorer (Version = 7.0.6002.18005)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
3,00 Gb Total Physical Memory | 3,00 Gb Available Physical Memory | 79,00% Memory free
7,00 Gb Paging File | 7,00 Gb Available in Paging File | 92,00% Paging File free
Paging file location(s): C:\pagefile.sys 0 0 [binary data]
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 48,83 Gb Total Space | 7,50 Gb Free Space | 15,37% Space Free | Partition Type: NTFS
Drive D: | 100,11 Gb Total Space | 57,01 Gb Free Space | 56,94% Space Free | Partition Type: NTFS
Drive F: | 961,72 Mb Total Space | 673,97 Mb Free Space | 70,08% Space Free | Partition Type: FAT
Computer Name: MARKETING-LAP | User Name: Administrator | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
========== Extra Registry (SafeList) ==========
========== File Associations ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- C:\Windows\System32\control.exe (Microsoft Corporation)
.hlp [@ = hlpfile] -- C:\Windows\winhlp32.exe (Microsoft Corporation)
.html [@ = Opera.HTML] -- C:\Program Files\Opera\Opera.exe (Opera Software)
.url [@ = InternetShortcut] -- rundll32.exe ieframe.dll,OpenURL %l
========== Shell Spawning ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
hlpfile [open] -- %SystemRoot%\winhlp32.exe %1 (Microsoft Corporation)
http [open] -- "C:\Program Files\Opera\Opera.exe" "%1" (Opera Software)
https [open] -- "C:\Program Files\Opera\Opera.exe" "%1" (Opera Software)
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
InternetShortcut [open] -- rundll32.exe ieframe.dll,OpenURL %l
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [AddToPlaylistVLC] -- "C:\Program Files\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" ()
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [PlayWithVLC] -- "C:\Program Files\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" ()
Directory [runas] -- cmd.exe /c takeown /f "%1" && icacls "%1" /grant administrators:F (Microsoft Corporation)
Folder [open] -- Reg Error: Key error.
Folder [explore] -- Reg Error: Key error.
Drive [find] -- Reg Error: Key error.
========== Security Center Settings ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 0
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0
"VistaSp1" = Reg Error: Unknown registry data type -- File not found
"VistaSp2" = Reg Error: Unknown registry data type -- File not found
========== System Restore Settings ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows NT\SystemRestore]
========== Firewall Settings ==========
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
========== Authorized Applications List ==========
========== Vista Active Open Ports Exception List ==========
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{002DCAE3-D951-4C89-8EFC-8BBCA1D146B8}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{083F0A3D-9F7C-4F6A-AAC7-4395D33C27E6}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{0C97E82F-2B94-4EF6-9963-ABFF67EF335B}" = rport=2177 | protocol=6 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{12DDA065-B09A-4244-86CA-1247C1C7D236}" = rport=3702 | protocol=17 | dir=out | svc=fdrespub | app=%systemroot%\system32\svchost.exe |
"{2530413E-A391-4C5E-9D61-6EB40E26182D}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{48C30369-9468-4D15-B340-ACDCD0C501AA}" = lport=2869 | protocol=6 | dir=in | app=system |
"{597DAFAB-A454-4570-AEEA-1D4AD15FE787}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{611040F2-773C-4011-8138-6B6795BFFDA7}" = lport=990 | protocol=6 | dir=in | svc=rapimgr | app=%systemroot%\system32\svchost.exe |
"{61214288-707E-4D25-9BA3-3ABFF8AA98CC}" = rport=5679 | protocol=17 | dir=out | svc=rapimgr | app=%systemroot%\system32\svchost.exe |
"{69CDCA6C-290D-45FF-A725-5A06498875A0}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{81F3C232-BEEC-402A-B61E-BD95DDA72E29}" = lport=2177 | protocol=17 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{AC3E2A04-A457-45E1-9BCE-E9638C3C5032}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=c:\windows\system32\svchost.exe |
"{ADC88C81-E6E4-4C93-9434-228F9ABE776F}" = rport=2177 | protocol=17 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{AE44BB83-22C1-47D5-AAB0-CF82DB758AA7}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{B05F1D4E-9AA3-4D72-91FE-9141F65E4F77}" = lport=10243 | protocol=6 | dir=in | app=system |
"{B578793A-4451-40E2-9D14-BFBD02DEDA46}" = lport=2177 | protocol=6 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{C0FF85BF-94EA-486E-AD51-1DC2ACCECDBE}" = rport=3702 | protocol=17 | dir=out | svc=fdphost | app=%systemroot%\system32\svchost.exe |
"{D87A3343-D6B9-458C-89F7-D9FA10F40795}" = rport=10243 | protocol=6 | dir=out | app=system |
"{E4A5228D-2167-46ED-B8D1-521E91890E37}" = lport=2869 | protocol=6 | dir=in | app=system |
"{E6A23ADB-99A7-454F-8B2D-01E35D35EF1C}" = lport=3702 | protocol=17 | dir=in | svc=fdphost | app=%systemroot%\system32\svchost.exe |
"{F29D395E-EE78-4CDE-AA97-459CFB66FA92}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=c:\windows\system32\svchost.exe |
"{FC3718B3-C196-4E1F-AF9E-5BB6EA618CFC}" = lport=3702 | protocol=17 | dir=in | svc=fdrespub | app=%systemroot%\system32\svchost.exe |
========== Vista Active Application Exception List ==========
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{0C16E878-D41D-431C-9FAE-E92A217A6598}" = protocol=6 | dir=out | app=system |
"{178D26CA-0B02-4B99-86BD-FA1AD0CB8655}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe |
"{17B50102-0E65-45A9-BECA-843B4E865D44}" = protocol=6 | dir=in | app=c:\program files\opera\opera.exe |
"{1EB73675-89DB-47D0-AD10-A02A2D93DBFB}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe |
"{6BAEC9D5-FA6F-4A6E-A70D-171899FCE73B}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{6DB3EE80-693D-4011-A59C-76E3721B639D}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe |
"{777F62C1-6DAB-4ADD-971B-452EF867738C}" = protocol=6 | dir=out | app=c:\windows\system32\wudfhost.exe |
"{82051943-4347-40A8-B156-119303FA5D2C}" = protocol=17 | dir=in | app=c:\program files\opera\opera.exe |
"{88DF0007-0C94-4224-93F5-B7B82A47227D}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{A7D4F69F-5497-406F-A5B5-DAB357A0F9EC}" = protocol=6 | dir=out | svc=upnphost | app=%systemroot%\system32\svchost.exe |
"{C155431B-FBD2-44E3-B9E8-BBB7AA593C55}" = protocol=6 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe |
"{D3848D21-BB9A-4C44-BAF9-FF576B8EBA04}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe |
"{D60B92F7-B2F3-401E-A725-121C452EE5E4}" = protocol=6 | dir=out | svc=upnphost | app=%systemroot%\system32\svchost.exe |
"{D8DB697C-DBE4-430C-8E79-0D5E1DB162C2}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{D99B66FA-661D-4A31-BFA4-D894E57E4211}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{E32CFE5E-A6E5-4A05-BF48-5E8DD6E7BB79}" = protocol=17 | dir=in | app=c:\program files\sonos\sonos.exe |
"{F0B9C30D-BC2B-4933-90CC-6380278B51D1}" = protocol=6 | dir=out | app=system |
"{FA6A1E84-5A14-4ECD-9757-DEC732C974F1}" = protocol=6 | dir=out | svc=upnphost | app=c:\windows\system32\svchost.exe |
"{FCF6E3BC-69B2-41C0-ACC7-1210C9F1432E}" = protocol=6 | dir=in | app=c:\program files\sonos\sonos.exe |
"{FEE7E6A6-2747-41F3-B3D6-CE4AF6ABC774}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe |
"TCP Query User{1848D14B-6F74-48B4-AEF5-9433D0B525A5}C:\program files\vuze\azureus.exe" = protocol=6 | dir=in | app=c:\program files\vuze\azureus.exe |
"TCP Query User{2BE9D046-E99E-41B3-85E8-8EA15A9CC92F}C:\program files\sonicwall\sonicwall global vpn client\swgvpnclient.exe" = protocol=6 | dir=in | app=c:\program files\sonicwall\sonicwall global vpn client\swgvpnclient.exe |
"TCP Query User{5E26A412-F8C9-405E-B765-6CF7FDDD9704}C:\program files\opera\opera.exe" = protocol=6 | dir=in | app=c:\program files\opera\opera.exe |
"TCP Query User{8649C98D-6926-443D-A08A-4F205D7BA571}C:\program files\google\google earth\plugin\geplugin.exe" = protocol=6 | dir=in | app=c:\program files\google\google earth\plugin\geplugin.exe |
"TCP Query User{A98BBA1F-DCA2-4232-909A-7317D47F7960}C:\program files\age of booty\age of booty.exe" = protocol=6 | dir=in | app=c:\program files\age of booty\age of booty.exe |
"TCP Query User{C27A580C-76D9-49D0-9DFE-1200878C38C5}C:\program files\videolan\vlc\vlc.exe" = protocol=6 | dir=in | app=c:\program files\videolan\vlc\vlc.exe |
"TCP Query User{FBFD0C85-68B5-4C2E-B4D0-84FF31149C52}C:\program files\java\jre6\bin\javaw.exe" = protocol=6 | dir=in | app=c:\program files\java\jre6\bin\javaw.exe |
"UDP Query User{014C2F24-1890-4353-833F-D29CFDDDF61A}C:\program files\vuze\azureus.exe" = protocol=17 | dir=in | app=c:\program files\vuze\azureus.exe |
"UDP Query User{0D932268-D1EE-43BE-8546-8E553B249C55}C:\program files\sonicwall\sonicwall global vpn client\swgvpnclient.exe" = protocol=17 | dir=in | app=c:\program files\sonicwall\sonicwall global vpn client\swgvpnclient.exe |
"UDP Query User{352BB706-A7C7-4D95-9E32-D09AD8178E7E}C:\program files\java\jre6\bin\javaw.exe" = protocol=17 | dir=in | app=c:\program files\java\jre6\bin\javaw.exe |
"UDP Query User{74C185FA-8B31-40ED-ABFA-E9953A01DF3D}C:\program files\videolan\vlc\vlc.exe" = protocol=17 | dir=in | app=c:\program files\videolan\vlc\vlc.exe |
"UDP Query User{DA61CCFD-3382-4FAF-88F6-BAA2BAF36237}C:\program files\age of booty\age of booty.exe" = protocol=17 | dir=in | app=c:\program files\age of booty\age of booty.exe |
"UDP Query User{EFE1BD91-4688-484E-9EE1-409E04937F03}C:\program files\opera\opera.exe" = protocol=17 | dir=in | app=c:\program files\opera\opera.exe |
"UDP Query User{FEA741C6-C8CC-43D5-9B3C-E3C1DC26DE9D}C:\program files\google\google earth\plugin\geplugin.exe" = protocol=17 | dir=in | app=c:\program files\google\google earth\plugin\geplugin.exe |
========== HKEY_LOCAL_MACHINE Uninstall List ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{002D9D5E-29BA-3E6D-9BC4-3D7D6DBC735C}" = Microsoft Visual C++ 2008 ATL Update kb973924 - x86 9.0.30729.4148
"{052FDD78-A6EA-3187-8386-C82F4CA3A929}" = Microsoft .NET Framework 3.5 Language Pack SP1 - deu
"{05308C4E-7285-4066-BAE3-6B50DA6ED755}" = Adobe Update Manager CS4
"{054EFA56-2AC1-48F4-A883-0AB89874B972}" = Adobe Extension Manager CS4
"{0927890C-3369-42FE-898E-71653057D2BB}_is1" = Age of Booty
"{098727E1-775A-4450-B573-3F441F1CA243}" = kuler
"{098A2A49-7CF3-4F08-A38D-FB879117152A}" = Adobe Color NA Extra Settings CS4
"{0D6013AB-A0C7-41DC-973C-E93129C9A29F}" = Adobe Color JA Extra Settings CS4
"{0DC0E85F-36E4-463B-B3EA-4CD8ED2222A1}" = Adobe Color EU Recommended Settings CS4
"{0F723FC1-7606-4867-866C-CE80AD292DAF}" = Adobe CSI CS4
"{1401311D-3960-4CEB-AC0B-4214F069E5B9}" = Sonos Desktop Controller
"{1451DE6B-ABE1-4F62-BE9A-B363A17588A2}" = QuickTime
"{15BF7AAF-846C-4A6D-80E1-5D1FC7FB461B}" = Adobe SGM CS4
"{1618734A-3957-4ADD-8199-F973763109A8}" = Adobe Anchor Service CS4
"{16E16F01-2E2D-4248-A42F-76261C147B6C}" = Adobe Drive CS4
"{16E6D2C1-7C90-4309-8EC4-D2212690AAA4}" = AdobeColorCommonSetRGB
"{197A3012-8C85-4FD3-AB66-9EC7E13DB92E}" = Adobe AIR
"{1a413f37-ed88-4fec-9666-5c48dc4b7bb7}" = YouTube Downloader 2.5.3
"{1B7C06E1-4888-47A6-992A-0990B9683486}" = Adobe Version Cue CS4 Server
"{1DCA3EAA-6EB5-4563-A970-EA14D75037BA}" = Adobe InDesign CS4
"{1E04CB54-AF4E-4AC3-B4B7-C0A160BE57F1}" = Adobe InDesign CS4 Icon Handler
"{21AE04E8-EBF6-40DB-9AA9-B7A80C5D057D}" = mkv2vob
"{24036256-BFDB-4CD3-BE8A-A3D6160F2E16}" = TuneUp Utilities 2011
"{26A24AE4-039D-4CA4-87B4-2F83216017FF}" = Java(TM) 6 Update 17
"{2BAF2B96-7560-48B4-87D4-10178DDBE217}" = Adobe InDesign CS4 Application Feature Set Files (Roman)
"{30C8AA56-4088-426F-91D1-0EDFD3A25678}" = Adobe Dreamweaver CS4
"{329304C3-75E2-4648-BCF3-86CDAF08567F}" = Xirrus Wi-Fi Inspector
"{35D94F92-1D3A-43C5-8605-EA268B1A7BD9}" = PDF Settings CS4
"{36A1E3D6-288A-4EEE-A081-30D9808B2BE3}" = Joe
"{39F6E2B4-CFE8-C30A-66E8-489651F0F34C}" = Adobe Media Player
"{3A4E8896-C2E7-4084-A4A4-B8FD1894E739}" = Adobe XMP Panels CS4
"{3A6829EF-0791-4FDD-9382-C690DD0821B9}" = Adobe Flash Player 10 ActiveX
"{3C3901C5-3455-3E0A-A214-0B093A5070A6}" = Microsoft .NET Framework 4 Client Profile
"{3D2C9DE6-9ADE-4252-A241-E43723B0CE02}" = Adobe Color - Photoshop Specific CS4
"{3DA8DF9A-044E-46C4-8531-DEDBB0EE37FF}" = Adobe WinSoft Linguistics Plugin
"{408CD2E8-3977-449B-8102-76F158D4885F}" = Oracle VM VirtualBox 4.0.4
"{428FDF9F-E010-4C4C-A8BB-156960AFCA1C}" = Adobe Fireworks CS4
"{43509E18-076E-40FE-AF38-CA5ED400A5A9}" = Pixel Bender Toolkit
"{47C6F987-685A-41AE-B092-E75B277AEE39}" = Adobe Flash CS4 Extension - Flash Lite STI others
"{4943EFF5-229F-435D-BEA9-BE3CAEA783A7}" = Adobe Service Manager Extension
"{4A52555C-032A-4083-BDD9-6A85ABFB39A8}" = Adobe SING CS4
"{55718B4B90B54F7EADC5621C750A14E6}" = DivX Author 1.5
"{5D4C60AA-84E6-4E1A-8A68-69970D387BE1}" = TuneUp Utilities Language Pack (de-DE)
"{5DB65884-C963-4454-AABA-4CA3089281FA}" = NVIDIA PhysX
"{5EE7D259-D137-4438-9A5F-42F432EC0421}" = VC80CRTRedist - 8.0.50727.4053
"{60DB5894-B5A1-4B62-B0F3-669A22C0EE5D}" = Adobe Dynamiclink Support
"{63C24A08-70F3-4C8E-B9FB-9F21A903801D}" = Adobe Color Video Profiles CS CS4
"{63E5CDBF-8214-4F03-84F8-CD3CE48639AD}" = Adobe Photoshop CS4 Support
"{67F0E67A-8E93-4C2C-B29D-47C48262738A}" = Adobe Device Central CS4
"{68243FF8-83CA-466B-B2B8-9F99DA5479C4}" = AdobeColorCommonSetCMYK
"{706EA4A8-97B5-4C29-A0F3-0B38C666F0C4}" = QuarkXPress
"{7299052b-02a4-4627-81f2-1818da5d550d}" = Microsoft Visual C++ 2005 Redistributable
"{746F49C9-3789-4F8E-AF3A-3A4B42ACFAF8}" = Spellforce 2 Gold
"{76399B91-C83E-4DC0-BC4F-6352985A29EF}" = Apex Data Loader 17
"{7CC7BDD5-6F10-4724-96A1-EAC7D9F2831C}" = Adobe InDesign CS4 Common Base Files
"{7E265513-8CDA-4631-B696-F40D983F3B07}_is1" = CDBurnerXP
"{8186FF34-D389-4B7E-9A2F-C197585BCFBD}" = Adobe Media Encoder CS4 Importer
"{820D3F45-F6EE-4AAF-81EF-CE21FF21D230}" = Adobe Type Support CS4
"{837b34e3-7c30-493c-8f6a-2b0f04e2912c}" = Microsoft Visual C++ 2005 Redistributable
"{83877DB1-8B77-45BC-AB43-2BAC22E093E0}" = Adobe Bridge CS4
"{842B4B72-9E8F-4962-B3C1-1C422A5C4434}" = Suite Shared Configuration CS4
"{851C67EF-068A-4060-9EF5-2E3DDCD68382}" = Adobe Photoshop Elements 3.0
"{87532CAB-7932-4F84-8937-823337622807}" = Adobe Illustrator CS4
"{90120000-0016-0407-0000-0000000FF1CE}" = Microsoft Office Excel MUI (German) 2007
"{90120000-0016-0407-0000-0000000FF1CE}_SMALLBUSINESS_{9BD40163-B95D-4B07-8991-0AB775B6D88B}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0018-0407-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (German) 2007
"{90120000-0018-0407-0000-0000000FF1CE}_SMALLBUSINESS_{9BD40163-B95D-4B07-8991-0AB775B6D88B}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0019-0407-0000-0000000FF1CE}" = Microsoft Office Publisher MUI (German) 2007
"{90120000-0019-0407-0000-0000000FF1CE}_SMALLBUSINESS_{9BD40163-B95D-4B07-8991-0AB775B6D88B}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-001A-0407-0000-0000000FF1CE}" = Microsoft Office Outlook MUI (German) 2007
"{90120000-001A-0407-0000-0000000FF1CE}_SMALLBUSINESS_{9BD40163-B95D-4B07-8991-0AB775B6D88B}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-001B-0407-0000-0000000FF1CE}" = Microsoft Office Word MUI (German) 2007
"{90120000-001B-0407-0000-0000000FF1CE}_SMALLBUSINESS_{9BD40163-B95D-4B07-8991-0AB775B6D88B}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-001F-0407-0000-0000000FF1CE}" = Microsoft Office Proof (German) 2007
"{90120000-001F-0407-0000-0000000FF1CE}_SMALLBUSINESS_{A0516415-ED61-419A-981D-93596DA74165}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2007
"{90120000-001F-0409-0000-0000000FF1CE}_SMALLBUSINESS_{ABDDE972-355B-4AF1-89A8-DA50B7B5C045}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2007
"{90120000-001F-040C-0000-0000000FF1CE}_SMALLBUSINESS_{F580DDD5-8D37-4998-968E-EBB76BB86787}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-001F-0410-0000-0000000FF1CE}" = Microsoft Office Proof (Italian) 2007
"{90120000-001F-0410-0000-0000000FF1CE}_SMALLBUSINESS_{322296D4-1EAE-4030-9FBC-D2787EB25FA2}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-002C-0407-0000-0000000FF1CE}" = Microsoft Office Proofing (German) 2007
"{90120000-006E-0407-0000-0000000FF1CE}" = Microsoft Office Shared MUI (German) 2007
"{90120000-006E-0407-0000-0000000FF1CE}_SMALLBUSINESS_{26454C26-D259-4543-AA60-3189E09C5F76}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-00CA-0000-0000-0000000FF1CE}" = Microsoft Office Small Business 2007
"{90120000-00CA-0000-0000-0000000FF1CE}_SMALLBUSINESS_{0B36C6D6-F5D8-4EAF-BF94-4376A230AD5B}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-00CA-0000-0000-0000000FF1CE}_SMALLBUSINESS_{3D019598-7B59-447A-80AE-815B703B84FF}" = Security Update for Microsoft Office system 2007 (972581)
"{931AB7EA-3656-4BB7-864D-022B09E3DD67}" = Adobe Linguistics CS4
"{94D398EB-D2FD-4FD1-B8C4-592635E8A191}" = Adobe CMaps CS4
"{95120000-00B9-0409-0000-0000000FF1CE}" = Microsoft Application Error Reporting
"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
"{9F72EF8B-AEC9-4CA5-B483-143980AFD6FD}" = Dell Touchpad
"{A128921B-D03F-4BFB-8141-C365AA48D660}" = Adobe Setup
"{A2881E09-38DB-4F79-9135-00FDA01768A7}" = Adobe Creative Suite 4 Design Premium
"{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper
"{AC0BAA05-28E6-4911-B3F3-0AE2EB0F54A1}" = AKVIS Sketch
"{AC76BA86-1033-F400-7760-000000000004}" = Adobe Acrobat 9 Pro - English, Français, Deutsch
"{AC76BA86-7AD7-1031-7B44-A92000000001}" = Adobe Reader 9.2 - Deutsch
"{B13A7C41581B411290FBC0395694E2A9}" = DivX Converter
"{B29AD377-CC12-490A-A480-1452337C618D}" = Connect
"{B4092C6D-E886-4CB2-BA68-FE5A88D31DE6}_is1" = Spybot - Search & Destroy
"{B65BA85C-0A27-4BC0-A22D-A66F0E5B9494}" = Adobe Photoshop CS4
"{B9F4561A-924D-4510-A85A-BB0960C338CB}" = Adobe Asset Services CS4
"{BB4E33EC-8181-4685-96F7-8554293DEC6A}" = Adobe Output Module
"{BD3374D3-C2E6-42B7-A80B-E850B6886246}" = Adobe Flash CS4 STI-other
"{C52E3EC1-048C-45E1-8D53-10B0C6509683}" = Adobe Default Language CS4
"{C86E7C99-E4AD-79C7-375B-1AEF9A91EC2B}" = Acrobat.com
"{CC75AB5C-2110-4A7F-AF52-708680D22FE8}" = Photoshop Camera Raw
"{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1
"{DB6AB705-C9BD-40E3-8929-2EA57F36A4FF}_is1" = ConvertXtoDVD 4.1.2.336
"{DEB90B8E-0DCB-48CE-B90E-8842A2BD643E}" = Adobe Media Encoder CS4
"{DF6FE172-006A-4324-AF7F-ACFE4BA290FE}" = AAVUpdateManager
"{F0E64E2E-3A60-40D8-A55D-92F6831875DA}" = Adobe Search for Help
"{F6E99614-F042-4459-82B7-8B38B2601356}" = Adobe Flash CS4
"{F8EF2B3F-C345-4F20-8FE4-791A20333CD5}" = Adobe ExtendScript Toolkit CS4
"{F93C84A6-0DC6-42AF-89FA-776F7C377353}" = Adobe PDF Library Files CS4
"{FA031DA5-05D0-4937-BD2B-DCEC47A2506B}_is1" = ANSTOSS 2007
"{FCDD51BB-CAD0-4BB1-B7DF-CE86D1032794}" = Adobe Fonts All
"123 AVI to GIF Converter_is1" = 123 AVI to GIF Converter 3.0
"7-Zip" = 7-Zip 4.65
"Adobe AIR" = Adobe AIR
"Adobe Flash Player ActiveX" = Adobe Flash Player 10 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 10 Plugin
"Adobe_55230b0b70661df0f212e88f0b655f7" = Adobe Creative Suite 4 Design Premium
"Avira AntiVir Desktop" = Avira AntiVir Personal - Free Antivirus
"com.adobe.amp.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1" = Adobe Media Player
"com.adobe.mauby.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1" = Acrobat.com
"DivX Plus DirectShow Filters" = DivX Plus DirectShow Filters
"DivX Setup.divx.com" = DivX-Setup
"EVEREST Ultimate Edition_is1" = EVEREST Ultimate Edition v5.50
"Free Audio CD Burner_is1" = Free Audio CD Burner version 1.4.7
"Free YouTube to MP3 Converter_is1" = Free YouTube to MP3 Converter version 3.9.32
"Fun Morph_is1" = Fun Morph 3.0
"InstallShield_{329304C3-75E2-4648-BCF3-86CDAF08567F}" = Xirrus Wi-Fi Inspector
"IsoBuster_is1" = IsoBuster 1.5
"KLiteCodecPack_is1" = K-Lite Codec Pack 5.7.0 (Standard)
"Licking Dog Screen Clean Screensaver" = Licking Dog Screen Clean Screensaver
"Live 8.0.4" = Live 8.0.4
"Memento Mori_is1" = Memento Mori
"Microsoft .NET Framework 3.5 Language Pack SP1 - deu" = Microsoft .NET Framework 3.5 Language Pack SP1 - DEU
"Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1
"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile
"Mozilla Firefox (3.6.2pre)" = Mozilla Firefox (3.6.2pre)
"Native Instruments Traktor DJ Studio 3" = Native Instruments Traktor DJ Studio 3
"Novation K-Station "factory presets"" = Novation K-Station "factory presets"
"Novation V-Station v1.20-H2O" = Novation V-Station v1.20-H2O
"NVIDIA Drivers" = NVIDIA Drivers
"nView Desktop Manager" = NVIDIA nView Desktop Manager
"OpenAL" = OpenAL
"Opera 11.10.2092" = Opera 11.10
"Orion v3.7" = Orion v3.7
"SMALLBUSINESS" = Microsoft Office Small Business 2007
"Total Video Converter 3.02_is1" = Total Video Converter 3.02
"TuneUp Utilities 2011" = TuneUp Utilities 2011
"Uninstall_is1" = Uninstall 1.0.0.1
"VLC media player" = VLC media player 1.0.3
"WinRAR archiver" = WinRAR
========== Last 10 Event Log Errors ==========
[ Application Events ]
Error - 09.05.2011 14:04:53 | Computer Name = Marketing-Lap | Source = profsvc | ID = 1542
Description = Die Klassenregistrierungsdatei kann nicht geladen werden. DETAIL -
Das System kann die angegebene Datei nicht finden.
Error - 09.05.2011 14:05:45 | Computer Name = Marketing-Lap | Source = LoadPerf | ID = 3001
Description =
Error - 09.05.2011 14:32:19 | Computer Name = Marketing-Lap | Source = profsvc | ID = 1542
Description = Die Klassenregistrierungsdatei kann nicht geladen werden. DETAIL -
Das System kann die angegebene Datei nicht finden.
Error - 09.05.2011 14:39:04 | Computer Name = Marketing-Lap | Source = LoadPerf | ID = 3001
Description =
Error - 09.05.2011 15:10:17 | Computer Name = MARKETING-LAP | Source = Software Licensing Service | ID = 1001
Description = Fehler beim Starten des Softwarelizenzierungsdienstes. hr=0x80070002,
[2, 4]
Error - 09.05.2011 15:10:20 | Computer Name = MARKETING-LAP | Source = profsvc | ID = 1542
Description = Die Klassenregistrierungsdatei kann nicht geladen werden. DETAIL -
Das System kann die angegebene Datei nicht finden.
Error - 09.05.2011 15:10:32 | Computer Name = Marketing-Lap | Source = profsvc | ID = 1542
Description = Die Klassenregistrierungsdatei kann nicht geladen werden. DETAIL -
Das System kann die angegebene Datei nicht finden.
Error - 09.05.2011 15:18:13 | Computer Name = Marketing-Lap | Source = LoadPerf | ID = 3001
Description =
Error - 09.05.2011 15:25:16 | Computer Name = Marketing-Lap | Source = profsvc | ID = 1542
Description = Die Klassenregistrierungsdatei kann nicht geladen werden. DETAIL -
Das System kann die angegebene Datei nicht finden.
Error - 09.05.2011 15:31:01 | Computer Name = Marketing-Lap | Source = LoadPerf | ID = 3001
Description =
[ OSession Events ]
Error - 07.12.2009 11:53:45 | Computer Name = Kalmanun-PC | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 6, Application Name: Microsoft Office Outlook, Application Version:
12.0.4518.1014, Microsoft Office Version: 12.0.4518.1014. This session lasted 2243
seconds with 780 seconds of active time. This session ended with a crash.
Error - 15.12.2009 03:26:53 | Computer Name = Kalmanun-PC | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 6, Application Name: Microsoft Office Outlook, Application Version:
12.0.4518.1014, Microsoft Office Version: 12.0.4518.1014. This session lasted 4
seconds with 0 seconds of active time. This session ended with a crash.
[ System Events ]
Error - 09.05.2011 18:27:46 | Computer Name = Marketing-Lap | Source = Service Control Manager | ID = 7001
Description =
Error - 09.05.2011 18:27:46 | Computer Name = Marketing-Lap | Source = Service Control Manager | ID = 7001
Description =
Error - 09.05.2011 18:27:46 | Computer Name = Marketing-Lap | Source = Service Control Manager | ID = 7001
Description =
Error - 09.05.2011 18:27:46 | Computer Name = Marketing-Lap | Source = Service Control Manager | ID = 7001
Description =
Error - 09.05.2011 18:27:46 | Computer Name = Marketing-Lap | Source = Service Control Manager | ID = 7001
Description =
Error - 09.05.2011 18:27:46 | Computer Name = Marketing-Lap | Source = Service Control Manager | ID = 7001
Description =
Error - 09.05.2011 18:27:46 | Computer Name = Marketing-Lap | Source = Service Control Manager | ID = 7001
Description =
Error - 09.05.2011 18:28:06 | Computer Name = Marketing-Lap | Source = Service Control Manager | ID = 7006
Description =
Error - 09.05.2011 18:28:06 | Computer Name = Marketing-Lap | Source = Service Control Manager | ID = 7006
Description =
Error - 09.05.2011 18:35:13 | Computer Name = Marketing-Lap | Source = Service Control Manager | ID = 7030
Description =
< End of report >
|
|
10.05.2011, 19:18
| #2 |
| /// Malware-holic   | Vista Desktopsymbolde verschwunden geht so gut wie nix mehr bitte erstelle und poste ein combofix log.
__________________Ein Leitfaden und Tutorium zur Nutzung von ComboFix
__________________ |
|
10.05.2011, 19:59
| #3 |
| | Vista Desktopsymbolde verschwunden geht so gut wie nix mehr soo hoffe es hat soo geklappt
__________________Combofix Logfile: Code:
ATTFilter ComboFix 11-05-09.03 - Administrator 10.05.2011 20:31:14.1.2 - x86
Microsoft® Windows Vista™ Business 6.0.6002.2.1252.49.1031.18.3581.2913 [GMT 2:00]
ausgeführt von:: F:\ComboFix.exe
* Neuer Wiederherstellungspunkt wurde erstellt
.
.
(((((((((((((((((((((((((((((((((((( Weitere Löschungen ))))))))))))))))))))))))))))))))))))))))))))))))
.
.
C:\readme.txt
C:\Recycle.Bin
c:\recycle.bin\config.bin
c:\users\Administrator\AppData\Local\{9A611894-845A-4041-8FA9-48C6ADB2BA14}
c:\users\Administrator\AppData\Local\{9A611894-845A-4041-8FA9-48C6ADB2BA14}\chrome.manifest
c:\users\Administrator\AppData\Local\{9A611894-845A-4041-8FA9-48C6ADB2BA14}\chrome\content\_cfg.js
c:\users\Administrator\AppData\Local\{9A611894-845A-4041-8FA9-48C6ADB2BA14}\chrome\content\overlay.xul
c:\users\Administrator\AppData\Local\{9A611894-845A-4041-8FA9-48C6ADB2BA14}\install.rdf
c:\windows\system32\73517313.exe
c:\windows\system32\csrcs.exe
.
.
((((((((((((((((((((((( Dateien erstellt von 2011-04-10 bis 2011-05-10 ))))))))))))))))))))))))))))))
.
.
2011-05-10 18:36 . 2011-05-10 18:36 -------- d-----w- c:\users\Michael Friedrich\AppData\Local\temp
2011-05-10 18:36 . 2011-05-10 18:37 -------- d-----w- c:\users\Administrator\AppData\Local\temp
2011-05-10 18:36 . 2011-05-10 18:36 -------- d-----w- c:\users\Default\AppData\Local\temp
2011-05-09 18:43 . 2011-05-09 18:43 -------- d-----w- c:\users\Administrator\AppData\Roaming\Canneverbe Limited
2011-05-09 18:43 . 2011-05-09 18:43 1556992 ----a-w- c:\windows\isRS-000.tmp
2011-05-08 17:07 . 2011-05-08 17:07 -------- d--h--w- c:\windows\PIF
2011-05-08 15:32 . 2010-09-06 16:20 125952 ----a-w- c:\windows\system32\srvsvc.dll
2011-05-08 15:32 . 2010-09-06 16:19 17920 ----a-w- c:\windows\system32\netevent.dll
2011-05-08 15:32 . 2009-08-24 11:36 377344 ----a-w- c:\windows\system32\winhttp.dll
2011-05-08 15:32 . 2011-03-12 21:55 876032 ----a-w- c:\windows\system32\XpsPrint.dll
2011-05-07 14:55 . 2011-03-03 15:40 28672 ----a-w- c:\windows\system32\Apphlpdm.dll
2011-05-07 14:55 . 2011-03-03 13:35 4240384 ----a-w- c:\windows\system32\GameUXLegacyGDFs.dll
2011-05-07 14:27 . 2009-11-08 08:55 99176 ----a-w- c:\windows\system32\PresentationHostProxy.dll
2011-05-07 14:27 . 2009-11-08 08:55 49472 ----a-w- c:\windows\system32\netfxperf.dll
2011-05-07 14:27 . 2009-11-08 08:55 297808 ----a-w- c:\windows\system32\mscoree.dll
2011-05-07 14:27 . 2009-11-08 08:55 295264 ----a-w- c:\windows\system32\PresentationHost.exe
2011-05-07 14:27 . 2009-11-08 08:55 1130824 ----a-w- c:\windows\system32\dfshim.dll
2011-05-07 14:21 . 2009-10-09 21:56 2048 ----a-w- c:\windows\system32\winrsmgr.dll
2011-05-07 13:54 . 2010-12-28 15:55 413696 ----a-w- c:\windows\system32\odbc32.dll
2011-05-07 13:53 . 2010-08-10 15:53 274944 ----a-w- c:\windows\system32\schannel.dll
2011-05-07 13:53 . 2010-10-15 14:08 3602320 ----a-w- c:\windows\system32\ntkrnlpa.exe
2011-05-07 13:53 . 2010-10-15 13:48 1205080 ----a-w- c:\windows\system32\ntdll.dll
2011-05-07 13:53 . 2010-10-15 14:08 3550096 ----a-w- c:\windows\system32\ntoskrnl.exe
2011-05-07 13:53 . 2011-03-02 15:44 86528 ----a-w- c:\windows\system32\dnsrslvr.dll
2011-05-07 13:53 . 2009-05-04 09:59 25088 ----a-w- c:\windows\system32\dnscacheugc.exe
2011-05-07 13:53 . 2010-05-27 20:08 81920 ----a-w- c:\windows\system32\iccvid.dll
2011-05-07 13:53 . 2010-01-29 15:40 1616384 ----a-w- c:\program files\Windows Mail\msoe.dll
2011-05-07 13:53 . 2011-03-10 17:03 1162240 ----a-w- c:\windows\system32\mfc42u.dll
2011-05-07 13:53 . 2011-03-10 17:03 1136640 ----a-w- c:\windows\system32\mfc42.dll
2011-05-07 13:45 . 2011-05-07 13:45 -------- d-----w- c:\program files\Windows Portable Devices
2011-05-07 13:25 . 2011-02-18 16:38 834048 ----a-w- c:\windows\system32\wininet.dll
2011-05-07 13:24 . 2010-08-31 15:46 954752 ----a-w- c:\windows\system32\mfc40.dll
2011-05-07 13:23 . 2011-03-03 10:50 2409784 ----a-w- c:\program files\Windows Mail\OESpamFilter.dat
2011-05-07 13:23 . 2010-12-17 15:45 2067968 ----a-w- c:\windows\system32\mstscax.dll
2011-05-07 13:23 . 2010-12-17 13:54 677888 ----a-w- c:\windows\system32\mstsc.exe
2011-05-07 13:23 . 2010-06-16 16:04 905088 ----a-w- c:\windows\system32\drivers\tcpip.sys
2011-05-07 13:23 . 2009-12-08 17:26 30720 ----a-w- c:\windows\system32\drivers\tcpipreg.sys
2011-05-07 13:23 . 2010-08-31 15:44 531968 ----a-w- c:\windows\system32\comctl32.dll
2011-05-07 13:23 . 2009-09-10 02:00 1164800 ----a-w- c:\windows\system32\UIRibbonRes.dll
2011-05-07 13:23 . 2009-09-10 02:00 92672 ----a-w- c:\windows\system32\UIAnimation.dll
2011-05-07 13:23 . 2009-09-10 02:01 3023360 ----a-w- c:\windows\system32\UIRibbon.dll
2011-05-07 13:21 . 2009-10-08 21:08 555520 ----a-w- c:\windows\system32\UIAutomationCore.dll
2011-05-07 13:21 . 2009-10-08 21:08 234496 ----a-w- c:\windows\system32\oleacc.dll
2011-05-07 13:21 . 2009-10-08 21:07 4096 ----a-w- c:\windows\system32\oleaccrc.dll
2011-05-07 13:18 . 2010-02-12 10:32 293376 ----a-w- c:\windows\system32\browserchoice.exe
2011-05-07 13:14 . 2010-02-20 23:06 24064 ----a-w- c:\windows\system32\nshhttp.dll
2011-05-07 13:14 . 2010-02-20 23:05 30720 ----a-w- c:\windows\system32\httpapi.dll
2011-05-07 13:14 . 2010-02-20 20:53 411648 ----a-w- c:\windows\system32\drivers\http.sys
2011-05-07 13:12 . 2011-05-07 13:12 -------- d-----w- c:\program files\MSXML 4.0
2011-05-07 13:08 . 2009-12-23 11:33 172032 ----a-w- c:\windows\system32\wintrust.dll
2011-05-07 13:08 . 2010-01-13 17:34 98304 ----a-w- c:\windows\system32\cabview.dll
2011-05-07 13:08 . 2010-05-04 19:13 231424 ----a-w- c:\windows\system32\msshsq.dll
2011-05-07 13:04 . 2009-07-11 19:01 513536 ----a-w- c:\windows\system32\wlansvc.dll
2011-05-07 13:04 . 2009-07-11 19:01 302592 ----a-w- c:\windows\system32\wlansec.dll
2011-05-07 13:04 . 2009-07-11 19:01 293376 ----a-w- c:\windows\system32\wlanmsm.dll
2011-05-07 13:04 . 2009-07-11 19:01 65024 ----a-w- c:\windows\system32\wlanapi.dll
2011-05-07 13:04 . 2009-07-11 17:03 127488 ----a-w- c:\windows\system32\L2SecHC.dll
2011-05-07 13:04 . 2009-04-23 12:14 623616 ----a-w- c:\windows\system32\localspl.dll
2011-05-07 13:04 . 2009-06-15 14:52 23552 ----a-w- c:\windows\system32\lpk.dll
2011-05-07 13:04 . 2009-06-15 14:51 10240 ----a-w- c:\windows\system32\dciman32.dll
2011-05-07 13:03 . 2009-08-14 13:49 9728 ----a-w- c:\windows\system32\TCPSVCS.EXE
2011-05-07 13:03 . 2009-08-14 13:49 27136 ----a-w- c:\windows\system32\NETSTAT.EXE
2011-05-07 13:03 . 2009-08-14 13:49 8704 ----a-w- c:\windows\system32\HOSTNAME.EXE
2011-05-07 13:03 . 2009-08-14 13:49 19968 ----a-w- c:\windows\system32\ARP.EXE
2011-05-07 13:03 . 2009-08-14 13:49 10240 ----a-w- c:\windows\system32\finger.exe
2011-05-07 13:03 . 2009-08-14 13:48 105984 ----a-w- c:\windows\system32\netiohlp.dll
2011-05-07 13:03 . 2009-08-14 13:49 17920 ----a-w- c:\windows\system32\ROUTE.EXE
2011-05-07 13:03 . 2009-08-14 13:49 11264 ----a-w- c:\windows\system32\MRINFO.EXE
2011-05-07 13:03 . 2009-08-11 16:44 1401856 ----a-w- c:\windows\system32\msxml6.dll
2011-05-07 13:03 . 2009-09-10 16:48 218624 ----a-w- c:\windows\system32\msv1_0.dll
2011-05-07 13:02 . 2009-07-17 13:54 71680 ----a-w- c:\windows\system32\atl.dll
2011-05-07 13:02 . 2009-06-10 11:42 160256 ----a-w- c:\windows\system32\wkssvc.dll
2011-05-07 13:02 . 2009-10-23 17:10 714240 ----a-w- c:\windows\system32\timedate.cpl
2011-05-07 13:02 . 2009-04-23 12:15 784896 ----a-w- c:\windows\system32\rpcrt4.dll
2011-05-07 12:59 . 2009-09-10 14:58 1418752 ----a-w- c:\program files\Windows Media Player\setup_wm.exe
2011-05-07 12:59 . 2009-09-10 14:58 310784 ----a-w- c:\windows\system32\unregmp2.exe
2011-05-07 12:59 . 2009-07-15 12:39 107520 ----a-w- c:\program files\Windows Media Player\wmpconfig.exe
2011-05-07 12:59 . 2009-07-15 12:39 7680 ----a-w- c:\windows\system32\spwmp.dll
2011-05-07 12:59 . 2009-07-15 12:39 107520 ----a-w- c:\program files\Windows Media Player\wmpshare.exe
2011-05-07 12:59 . 2009-07-15 12:39 4096 ----a-w- c:\windows\system32\msdxm.ocx
2011-05-07 12:59 . 2009-07-15 12:39 4096 ----a-w- c:\windows\system32\dxmasf.dll
2011-05-07 12:58 . 2009-08-07 02:24 44768 ----a-w- c:\windows\system32\wups2.dll
2011-05-07 12:58 . 2009-08-07 02:24 53472 ----a-w- c:\windows\system32\wuauclt.exe
2011-05-07 12:58 . 2009-08-07 02:23 1929952 ----a-w- c:\windows\system32\wuaueng.dll
2011-05-07 12:58 . 2009-08-07 01:45 2421760 ----a-w- c:\windows\system32\wucltux.dll
2011-05-07 12:58 . 2009-08-07 02:24 35552 ----a-w- c:\windows\system32\wups.dll
2011-05-07 12:58 . 2009-08-07 02:23 575704 ----a-w- c:\windows\system32\wuapi.dll
2011-05-07 12:58 . 2009-08-07 01:44 87552 ----a-w- c:\windows\system32\wudriver.dll
2011-05-07 12:58 . 2009-08-06 17:23 171608 ----a-w- c:\windows\system32\wuwebv.dll
2011-05-07 12:58 . 2009-08-06 16:44 33792 ----a-w- c:\windows\system32\wuapp.exe
2011-05-07 09:22 . 2011-05-07 09:22 -------- d-----w- C:\found.003
2011-05-06 17:04 . 2011-04-18 07:15 7071056 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{8ACBB51B-81F7-411E-90A8-A312BF08AEA5}\mpengine.dll
2011-05-06 16:52 . 2011-05-06 17:05 -------- d-----w- c:\windows\system32\MpEngineStore
2011-05-06 16:44 . 2011-05-06 16:44 -------- d-----w- c:\users\Kalmanun\AppData\Local\Opera
2011-05-06 12:16 . 2011-05-06 12:16 -------- d-----w- c:\users\Administrator\AppData\Roaming\Avira
2011-05-05 22:24 . 2009-04-10 22:27 2926592 ----a-w- c:\windows\system32\config\systemprofile\explorer.bak
2011-05-05 20:53 . 2011-05-05 20:54 -------- d-----w- c:\users\Gast
2011-05-05 20:17 . 2011-05-06 14:55 0 ----a-w- c:\users\Administrator\AppData\Local\Xzuxure.bin
2011-05-05 19:32 . 2011-05-05 19:32 -------- d-----w- c:\users\Administrator\AppData\Local\Opera
2011-04-23 00:57 . 2011-04-23 00:57 107888 ----a-w- c:\windows\system32\CmdLineExt.dll
2011-04-21 20:34 . 2011-04-21 20:34 -------- d-sh--w- c:\windows\ftpcache
2011-04-21 20:21 . 2011-04-21 20:21 -------- d-----w- c:\users\Administrator\AppData\Roaming\Media Player Classic
.
.
.
(((((((((((((((((((((((((((((((((((( Find3M Bericht ))))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2011-04-04 15:52 . 2011-04-04 15:52 1807938 ----a-w- c:\windows\system32\Licking Dog Screen Clean.scr
2011-04-03 09:04 . 2011-04-03 09:04 444952 ----a-w- c:\windows\system32\wrap_oal.dll
2011-04-03 09:04 . 2011-04-03 09:04 109080 ----a-w- c:\windows\system32\OpenAL32.dll
2011-04-03 08:55 . 2011-04-03 08:55 27136 ----a-w- c:\windows\~GLH0000.TMP
2011-04-03 08:55 . 2011-04-03 08:55 155136 ----a-w- c:\windows\~GLC0000.TMP
2011-04-01 15:07 . 2009-11-14 00:57 61960 ----a-w- c:\windows\system32\drivers\avgntflt.sys
2011-04-01 15:07 . 2009-11-14 00:57 137656 ----a-w- c:\windows\system32\drivers\avipbb.sys
2011-03-30 17:50 . 2011-04-02 15:15 31552 ----a-w- c:\windows\system32\TURegOpt.exe
2011-03-30 17:45 . 2011-04-02 15:15 21312 ----a-w- c:\windows\system32\authuitu.dll
2011-03-30 17:45 . 2011-04-02 15:15 29504 ----a-w- c:\windows\system32\uxtuneup.dll
2011-03-03 15:40 . 2011-05-07 14:55 173056 ----a-w- c:\windows\apppatch\AcXtrnal.dll
2011-03-03 15:40 . 2011-05-07 14:55 542720 ----a-w- c:\windows\apppatch\AcLayers.dll
2011-03-03 15:40 . 2011-05-07 14:55 458752 ----a-w- c:\windows\apppatch\AcSpecfc.dll
2011-03-03 15:40 . 2011-05-07 14:55 2159616 ----a-w- c:\windows\apppatch\AcGenral.dll
2011-02-17 17:06 . 2011-03-26 15:36 160560 ----a-w- c:\windows\system32\drivers\VBoxDrv.sys
2011-02-17 17:06 . 2011-03-26 15:36 44784 ----a-w- c:\windows\system32\drivers\VBoxUSBMon.sys
2011-02-17 17:06 . 2011-02-17 17:06 122032 ----a-w- c:\windows\system32\drivers\VBoxNetFlt.sys
2011-02-17 17:06 . 2011-02-17 17:06 111152 ----a-w- c:\windows\system32\drivers\VBoxNetAdp.sys
2011-02-17 17:06 . 2011-02-17 17:06 135472 ----a-w- c:\windows\system32\VBoxNetFltNotify.dll
.
.
------- Sigcheck -------
.
[7] 2009-04-10 . D07D4C3038F3578FFCE1C0237F2A1253 . 2926592 . . [6.0.6002.18005] . . c:\windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.0.6002.18005_none_53a0201e76de3a0b\explorer.exe
[7] 2008-01-18 . FFA764631CB70A30065C12EF8E174F9F . 2927104 . . [6.0.6001.18000] . . c:\windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.0.6001.18000_none_51b4a71279bc6ebf\explorer.exe
[7] 2006-11-02 . FD8C53FB002217F6F888BCF6F5D7084D . 2923520 . . [6.0.6000.16386] . . c:\windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.0.6000.16386_none_4f7de5167cd15deb\explorer.exe
.
c:\windows\explorer.exe ... Fehlt !!
.
(((((((((((((((((((((((((((( Autostartpunkte der Registrierung ))))))))))))))))))))))))))))))))))))))))
.
.
*Hinweis* leere Einträge & legitime Standardeinträge werden nicht angezeigt.
REGEDIT4
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Sidebar"="c:\program files\Windows Sidebar\sidebar.exe" [2009-04-10 1233920]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Apoint"="c:\program files\DellTPad\Apoint.exe" [2007-07-02 159744]
"avgnt"="c:\program files\Avira\AntiVir Desktop\avgnt.exe" [2011-03-28 281768]
"Windows Mobile-based device management"="c:\windows\WindowsMobile\wmdSync.exe" [2006-11-02 215552]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"EnableUIADesktopToggle"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys]
@="Driver"
.
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\run-]
"WindowsWelcomeCenter"=rundll32.exe oobefldr.dll,ShowWelcomeCenter
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run-]
"Adobe Acrobat Speed Launcher"="c:\program files\Adobe\Acrobat 9.0\Acrobat\Acrobat_sl.exe"
"QuickTime Task"="c:\program files\QuickTime\QTTask.exe" -atboottime
"Acrobat Assistant 8.0"="c:\program files\Adobe\Acrobat 9.0\Acrobat\Acrotray.exe"
"AdobeCS4ServiceManager"="c:\program files\Common Files\Adobe\CS4ServiceManager\CS4ServiceManager.exe" -launchedbylogin
"Adobe_ID0ENQBO"=c:\progra~1\COMMON~1\Adobe\ADOBEV~1\Server\bin\VERSIO~2.EXE
.
R1 mcvmgfvp;mcvmgfvp;c:\windows\system32\drivers\mcvmgfvp.sys [x]
R2 AMService;AMService;c:\windows\TEMP\riwr\setup.exe run [x]
R3 b57nd60x;%SvcDispName%;c:\windows\system32\DRIVERS\b57nd60x.sys [2008-01-18 179712]
R3 netr28u;RT2870 USB Wireless LAN Card Driver for Vista;c:\windows\system32\DRIVERS\netr28u.sys [x]
R3 pwdrvio;pwdrvio;c:\windows\system32\pwdrvio.sys [2010-08-16 16472]
R3 pwdspio;pwdspio;c:\windows\system32\pwdspio.sys [2010-08-16 11104]
R3 rcvpn;SonicWALL VPN Adapter;c:\windows\system32\DRIVERS\rcvpn.sys [x]
R3 SliceDisk5;SliceDisk5;c:\users\Administrator\AppData\Local\Temp\HBCD\FindAndMount\slicedisk.sys [x]
R3 TuneUpUtilitiesDrv;TuneUpUtilitiesDrv;c:\program files\TuneUp Utilities 2011\TuneUpUtilitiesDriver32.sys [2011-02-10 10064]
R3 VBoxNetAdp;VirtualBox Host-Only Ethernet Adapter;c:\windows\system32\DRIVERS\VBoxNetAdp.sys [2011-02-17 111152]
R4 AAV UpdateService;AAV UpdateService;c:\program files\Akademische Arbeitsgemeinschaft\AAVUpdateManager\aavus.exe [2008-10-24 128296]
R4 Adobe Version Cue CS4;Adobe Version Cue CS4;c:\program files\Common Files\Adobe\Adobe Version Cue CS4\Server\bin\VersionCueCS4.exe [2008-08-15 284016]
R4 AdobeActiveFileMonitor;Adobe Active File Monitor;d:\program files\Adobe\Photoshop Elements 3.0\PhotoshopElementsFileAgent.exe [2004-10-12 98304]
R4 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384]
R4 gupdate;Google Update Service (gupdate);c:\program files\Google\Update\GoogleUpdate.exe [2009-11-13 135664]
R4 PhotoshopElementsDeviceConnect;Photoshop Elements Device Connect;d:\program files\Adobe\Photoshop Elements 3.0\PhotoshopElementsDeviceConnect.exe [2004-10-12 118784]
R4 RemoteControl-USBLAN;RemoteControl-USBLAN;c:\windows\system32\DRIVERS\rcblan.sys [2007-01-24 39704]
R4 TuneUp.UtilitiesSvc;TuneUp Utilities Service;c:\program files\TuneUp Utilities 2011\TuneUpUtilitiesService32.exe [2011-03-30 1523008]
R4 WPFFontCache_v0400;Windows Presentation Foundation Font Cache 4.0.0.0;c:\windows\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe [2010-03-18 753504]
S1 VBoxDrv;VirtualBox Service;c:\windows\system32\DRIVERS\VBoxDrv.sys [2011-02-17 160560]
S1 VBoxUSBMon;VirtualBox USB Monitor Driver;c:\windows\system32\DRIVERS\VBoxUSBMon.sys [2011-02-17 44784]
S2 AntiVirSchedulerService;Avira AntiVir Planer;c:\program files\Avira\AntiVir Desktop\sched.exe [2011-03-28 136360]
S3 VBoxNetFlt;VBoxNetFlt Service;c:\windows\system32\DRIVERS\VBoxNetFlt.sys [2011-02-17 122032]
.
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
LocalServiceNoNetwork REG_MULTI_SZ PLA DPS BFE mpssvc
WindowsMobile REG_MULTI_SZ wcescomm rapimgr
LocalServiceRestricted REG_MULTI_SZ WcesComm RapiMgr
LocalServiceAndNoImpersonation REG_MULTI_SZ FontCache
.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost - NetSvcs
UxTuneUp
.
Inhalt des "geplante Tasks" Ordners
.
2011-03-26 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2009-11-13 23:36]
.
2011-03-26 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2009-11-13 23:36]
.
2011-05-09 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1376967859-582049725-33702389-1124Core.job
- c:\users\Michael Friedrich\AppData\Local\Google\Update\GoogleUpdate.exe [2009-12-23 23:36]
.
2011-05-10 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1376967859-582049725-33702389-1124UA.job
- c:\users\Michael Friedrich\AppData\Local\Google\Update\GoogleUpdate.exe [2009-12-23 23:36]
.
.
------- Zusätzlicher Suchlauf -------
.
IE: An vorhandene PDF-Datei anfügen - c:\program files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIEAppend.html
IE: Free YouTube to MP3 Converter - c:\users\Administrator\AppData\Roaming\DVDVideoSoftIEHelpers\freeyoutubetomp3converter.htm
IE: In Adobe PDF konvertieren - c:\program files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIECapture.html
IE: Linkziel an vorhandene PDF-Datei anhängen - c:\program files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
IE: Linkziel in Adobe PDF konvertieren - c:\program files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
IE: Nach Microsoft E&xel exportieren - c:\progra~1\MICROS~1\Office12\EXCEL.EXE/3000
FF - ProfilePath -
.
- - - - Entfernte verwaiste Registrierungseinträge - - - -
.
ShellIconOverlayIdentifiers-{FB314ED9-A251-47B7-93E1-CDD82E34AF8B} - (no file)
ShellIconOverlayIdentifiers-{FB314EDA-A251-47B7-93E1-CDD82E34AF8B} - (no file)
ShellIconOverlayIdentifiers-{FB314EDB-A251-47B7-93E1-CDD82E34AF8B} - (no file)
HKU-Default-Run-AMService - c:\windows\system32\setup.exe
.
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, hxxp://www.gmer.net
Rootkit scan 2011-05-10 20:37
Windows 6.0.6002 Service Pack 2 NTFS
.
Scanne versteckte Prozesse...
.
Scanne versteckte Autostarteinträge...
.
Scanne versteckte Dateien...
.
Scan erfolgreich abgeschlossen
versteckte Dateien: 0
.
**************************************************************************
.
--------------------- Gesperrte Registrierungsschluessel ---------------------
.
[HKEY_USERS\S-1-5-21-2477383873-555130815-950272694-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.3gp\UserChoice]
@Denied: (2) (Administrator)
"Progid"="KLCP.WMP.3gp"
.
[HKEY_USERS\S-1-5-21-2477383873-555130815-950272694-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.3gpp\UserChoice]
@Denied: (2) (Administrator)
"Progid"="KLCP.WMP.3gpp"
.
[HKEY_USERS\S-1-5-21-2477383873-555130815-950272694-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.aif\UserChoice]
@Denied: (2) (Administrator)
"Progid"="WMP11.AssocFile.AIFF"
.
[HKEY_USERS\S-1-5-21-2477383873-555130815-950272694-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.aifc\UserChoice]
@Denied: (2) (Administrator)
"Progid"="WMP11.AssocFile.AIFF"
.
[HKEY_USERS\S-1-5-21-2477383873-555130815-950272694-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.aiff\UserChoice]
@Denied: (2) (Administrator)
"Progid"="WMP11.AssocFile.AIFF"
.
[HKEY_USERS\S-1-5-21-2477383873-555130815-950272694-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.asf\UserChoice]
@Denied: (2) (Administrator)
"Progid"="WMP11.AssocFile.ASF"
.
[HKEY_USERS\S-1-5-21-2477383873-555130815-950272694-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.asx\UserChoice]
@Denied: (2) (Administrator)
"Progid"="WMP11.AssocFile.ASX"
.
[HKEY_USERS\S-1-5-21-2477383873-555130815-950272694-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.au\UserChoice]
@Denied: (2) (Administrator)
"Progid"="WMP11.AssocFile.AU"
.
[HKEY_USERS\S-1-5-21-2477383873-555130815-950272694-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.avi\UserChoice]
@Denied: (2) (Administrator)
"Progid"="Applications\\vlc.exe"
.
[HKEY_USERS\S-1-5-21-2477383873-555130815-950272694-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.cda\UserChoice]
@Denied: (2) (Administrator)
"Progid"="WMP11.AssocFile.CDA"
.
[HKEY_USERS\S-1-5-21-2477383873-555130815-950272694-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.div\UserChoice]
@Denied: (2) (Administrator)
"Progid"="divx_div_file"
.
[HKEY_USERS\S-1-5-21-2477383873-555130815-950272694-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.divx\UserChoice]
@Denied: (2) (Administrator)
"Progid"="KLCP.WMP.divx"
.
[HKEY_USERS\S-1-5-21-2477383873-555130815-950272694-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.flac\UserChoice]
@Denied: (2) (Administrator)
"Progid"="KLCP.WMP.flac"
.
[HKEY_USERS\S-1-5-21-2477383873-555130815-950272694-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.flv\UserChoice]
@Denied: (2) (Administrator)
"Progid"="KLCP.WMP.flv"
.
[HKEY_USERS\S-1-5-21-2477383873-555130815-950272694-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.gif\UserChoice]
@Denied: (2) (Administrator)
"Progid"="Applications\\vlc.exe"
.
[HKEY_USERS\S-1-5-21-2477383873-555130815-950272694-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.hdmov\UserChoice]
@Denied: (2) (Administrator)
"Progid"="KLCP.WMP.hdmov"
.
[HKEY_USERS\S-1-5-21-2477383873-555130815-950272694-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.htm\UserChoice]
@Denied: (2) (Administrator)
"Progid"="Opera.HTML"
.
[HKEY_USERS\S-1-5-21-2477383873-555130815-950272694-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.html\UserChoice]
@Denied: (2) (Administrator)
"Progid"="Opera.HTML"
.
[HKEY_USERS\S-1-5-21-2477383873-555130815-950272694-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.inf\UserChoice]
@Denied: (2) (Administrator)
"Progid"="inffile"
.
[HKEY_USERS\S-1-5-21-2477383873-555130815-950272694-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.iso\UserChoice]
@Denied: (2) (Administrator)
"Progid"="WinRAR"
.
[HKEY_USERS\S-1-5-21-2477383873-555130815-950272694-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.jpg\UserChoice]
@Denied: (2) (Administrator)
"Progid"="jpegfile"
.
[HKEY_USERS\S-1-5-21-2477383873-555130815-950272694-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.m1v\UserChoice]
@Denied: (2) (Administrator)
"Progid"="WMP11.AssocFile.MPEG"
.
[HKEY_USERS\S-1-5-21-2477383873-555130815-950272694-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.m2t\UserChoice]
@Denied: (2) (Administrator)
"Progid"="KLCP.WMP.m2t"
.
[HKEY_USERS\S-1-5-21-2477383873-555130815-950272694-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.m2ts\UserChoice]
@Denied: (2) (Administrator)
"Progid"="KLCP.WMP.m2ts"
.
[HKEY_USERS\S-1-5-21-2477383873-555130815-950272694-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.M2V\UserChoice]
@Denied: (2) (Administrator)
"Progid"="WMP11.AssocFile.MPEG"
.
[HKEY_USERS\S-1-5-21-2477383873-555130815-950272694-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.m3u\UserChoice]
@Denied: (2) (Administrator)
"Progid"="WMP11.AssocFile.M3U"
.
[HKEY_USERS\S-1-5-21-2477383873-555130815-950272694-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.m4a\UserChoice]
@Denied: (2) (Administrator)
"Progid"="KLCP.WMP.m4a"
.
[HKEY_USERS\S-1-5-21-2477383873-555130815-950272694-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.m4v\UserChoice]
@Denied: (2) (Administrator)
"Progid"="KLCP.WMP.m4v"
.
[HKEY_USERS\S-1-5-21-2477383873-555130815-950272694-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.mht\UserChoice]
@Denied: (2) (Administrator)
"Progid"="Opera.HTML"
.
[HKEY_USERS\S-1-5-21-2477383873-555130815-950272694-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.mhtml\UserChoice]
@Denied: (2) (Administrator)
"Progid"="Opera.HTML"
.
[HKEY_USERS\S-1-5-21-2477383873-555130815-950272694-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.mid\UserChoice]
@Denied: (2) (Administrator)
"Progid"="WMP11.AssocFile.MIDI"
.
[HKEY_USERS\S-1-5-21-2477383873-555130815-950272694-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.midi\UserChoice]
@Denied: (2) (Administrator)
"Progid"="WMP11.AssocFile.MIDI"
.
[HKEY_USERS\S-1-5-21-2477383873-555130815-950272694-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.mka\UserChoice]
@Denied: (2) (Administrator)
"Progid"="KLCP.WMP.mka"
.
[HKEY_USERS\S-1-5-21-2477383873-555130815-950272694-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.mkv\UserChoice]
@Denied: (2) (Administrator)
"Progid"="KLCP.WMP.mkv"
.
[HKEY_USERS\S-1-5-21-2477383873-555130815-950272694-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.MOD\UserChoice]
@Denied: (2) (Administrator)
"Progid"="WMP11.AssocFile.MPEG"
.
[HKEY_USERS\S-1-5-21-2477383873-555130815-950272694-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.mov\UserChoice]
@Denied: (2) (Administrator)
"Progid"="Applications\\vlc.exe"
.
[HKEY_USERS\S-1-5-21-2477383873-555130815-950272694-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.mp2\UserChoice]
@Denied: (2) (Administrator)
"Progid"="WMP11.AssocFile.MPEG"
.
[HKEY_USERS\S-1-5-21-2477383873-555130815-950272694-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.mp2v\UserChoice]
@Denied: (2) (Administrator)
"Progid"="WMP11.AssocFile.MPEG"
.
[HKEY_USERS\S-1-5-21-2477383873-555130815-950272694-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.mp3\UserChoice]
@Denied: (2) (Administrator)
"Progid"="Applications\\vlc.exe"
.
[HKEY_USERS\S-1-5-21-2477383873-555130815-950272694-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.mp4\UserChoice]
@Denied: (2) (Administrator)
"Progid"="KLCP.WMP.mp4"
.
[HKEY_USERS\S-1-5-21-2477383873-555130815-950272694-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.mp4v\UserChoice]
@Denied: (2) (Administrator)
"Progid"="KLCP.WMP.mp4v"
.
[HKEY_USERS\S-1-5-21-2477383873-555130815-950272694-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.mpa\UserChoice]
@Denied: (2) (Administrator)
"Progid"="WMP11.AssocFile.MPEG"
.
[HKEY_USERS\S-1-5-21-2477383873-555130815-950272694-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.mpe\UserChoice]
@Denied: (2) (Administrator)
"Progid"="WMP11.AssocFile.MPEG"
.
[HKEY_USERS\S-1-5-21-2477383873-555130815-950272694-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.mpeg\UserChoice]
@Denied: (2) (Administrator)
"Progid"="WMP11.AssocFile.MPEG"
.
[HKEY_USERS\S-1-5-21-2477383873-555130815-950272694-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.mpg\UserChoice]
@Denied: (2) (Administrator)
"Progid"="Applications\\vlc.exe"
.
[HKEY_USERS\S-1-5-21-2477383873-555130815-950272694-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.mpls\UserChoice]
@Denied: (2) (Administrator)
"Progid"="KLCP.WMP.mpls"
.
[HKEY_USERS\S-1-5-21-2477383873-555130815-950272694-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.mpv2\UserChoice]
@Denied: (2) (Administrator)
"Progid"="WMP11.AssocFile.MPEG"
.
[HKEY_USERS\S-1-5-21-2477383873-555130815-950272694-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.mpv4\UserChoice]
@Denied: (2) (Administrator)
"Progid"="KLCP.WMP.mpv4"
.
[HKEY_USERS\S-1-5-21-2477383873-555130815-950272694-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.mts\UserChoice]
@Denied: (2) (Administrator)
"Progid"="KLCP.WMP.mts"
.
[HKEY_USERS\S-1-5-21-2477383873-555130815-950272694-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.nfo\UserChoice]
@Denied: (2) (Administrator)
"Progid"="Applications\\notepad.exe"
.
[HKEY_USERS\S-1-5-21-2477383873-555130815-950272694-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.oga\UserChoice]
@Denied: (2) (Administrator)
"Progid"="KLCP.WMP.oga"
.
[HKEY_USERS\S-1-5-21-2477383873-555130815-950272694-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.ogg\UserChoice]
@Denied: (2) (Administrator)
"Progid"="KLCP.WMP.ogg"
.
[HKEY_USERS\S-1-5-21-2477383873-555130815-950272694-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.ogm\UserChoice]
@Denied: (2) (Administrator)
"Progid"="KLCP.WMP.ogm"
.
[HKEY_USERS\S-1-5-21-2477383873-555130815-950272694-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.ogv\UserChoice]
@Denied: (2) (Administrator)
"Progid"="KLCP.WMP.ogv"
.
[HKEY_USERS\S-1-5-21-2477383873-555130815-950272694-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.png\UserChoice]
@Denied: (2) (Administrator)
"Progid"="pngfile"
.
[HKEY_USERS\S-1-5-21-2477383873-555130815-950272694-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.rmi\UserChoice]
@Denied: (2) (Administrator)
"Progid"="WMP11.AssocFile.MIDI"
.
[HKEY_USERS\S-1-5-21-2477383873-555130815-950272694-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.snd\UserChoice]
@Denied: (2) (Administrator)
"Progid"="WMP11.AssocFile.AU"
.
[HKEY_USERS\S-1-5-21-2477383873-555130815-950272694-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.tix\UserChoice]
@Denied: (2) (Administrator)
"Progid"="divx_tix_file"
.
[HKEY_USERS\S-1-5-21-2477383873-555130815-950272694-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.tps\UserChoice]
@Denied: (2) (Administrator)
"Progid"="KLCP.WMP.tps"
.
[HKEY_USERS\S-1-5-21-2477383873-555130815-950272694-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.ts\UserChoice]
@Denied: (2) (Administrator)
"Progid"="KLCP.WMP.ts"
.
[HKEY_USERS\S-1-5-21-2477383873-555130815-950272694-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.wav\UserChoice]
@Denied: (2) (Administrator)
"Progid"="WMP11.AssocFile.WAV"
.
[HKEY_USERS\S-1-5-21-2477383873-555130815-950272694-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.wax\UserChoice]
@Denied: (2) (Administrator)
"Progid"="WMP11.AssocFile.WAX"
.
[HKEY_USERS\S-1-5-21-2477383873-555130815-950272694-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.wm\UserChoice]
@Denied: (2) (Administrator)
"Progid"="WMP11.AssocFile.ASF"
.
[HKEY_USERS\S-1-5-21-2477383873-555130815-950272694-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.wma\UserChoice]
@Denied: (2) (Administrator)
"Progid"="WMP11.AssocFile.WMA"
.
[HKEY_USERS\S-1-5-21-2477383873-555130815-950272694-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.wmd\UserChoice]
@Denied: (2) (Administrator)
"Progid"="WMP11.AssocFile.WMD"
.
[HKEY_USERS\S-1-5-21-2477383873-555130815-950272694-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.wms\UserChoice]
@Denied: (2) (Administrator)
"Progid"="WMP11.AssocFile.WMS"
.
[HKEY_USERS\S-1-5-21-2477383873-555130815-950272694-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.wmv\UserChoice]
@Denied: (2) (Administrator)
"Progid"="Applications\\vlc.exe"
.
[HKEY_USERS\S-1-5-21-2477383873-555130815-950272694-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.wmx\UserChoice]
@Denied: (2) (Administrator)
"Progid"="WMP11.AssocFile.ASX"
.
[HKEY_USERS\S-1-5-21-2477383873-555130815-950272694-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.wmz\UserChoice]
@Denied: (2) (Administrator)
"Progid"="WMP11.AssocFile.WMZ"
.
[HKEY_USERS\S-1-5-21-2477383873-555130815-950272694-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.wpl\UserChoice]
@Denied: (2) (Administrator)
"Progid"="WMP11.AssocFile.WPL"
.
[HKEY_USERS\S-1-5-21-2477383873-555130815-950272694-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.wv\UserChoice]
@Denied: (2) (Administrator)
"Progid"="KLCP.WMP.wv"
.
[HKEY_USERS\S-1-5-21-2477383873-555130815-950272694-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.wvx\UserChoice]
@Denied: (2) (Administrator)
"Progid"="WMP11.AssocFile.WVX"
.
[HKEY_USERS\S-1-5-21-2477383873-555130815-950272694-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.xht\UserChoice]
@Denied: (2) (Administrator)
"Progid"="Opera.HTML"
.
[HKEY_USERS\S-1-5-21-2477383873-555130815-950272694-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.xhtm\UserChoice]
@Denied: (2) (Administrator)
"Progid"="Opera.HTML"
.
[HKEY_USERS\S-1-5-21-2477383873-555130815-950272694-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.xhtml\UserChoice]
@Denied: (2) (Administrator)
"Progid"="Opera.HTML"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet003\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
Zeit der Fertigstellung: 2011-05-10 20:39:43
ComboFix-quarantined-files.txt 2011-05-10 18:39
.
Vor Suchlauf: 7.913.385.984 Bytes frei
Nach Suchlauf: 8.155.586.560 Bytes frei
.
Current=3 Default=3 Failed=2 LastKnownGood=5 Sets=1,2,3,4,5
- - End Of File - - AFC25D7047686C0591E708C97ACD024C
|
|
10.05.2011, 20:02
| #4 |
| /// Malware-holic | Vista Desktopsymbolde verschwunden geht so gut wie nix mehr öffne computer f: qoobox rechtsklick auf quarantain, mit winrar oder zip packen, hochladen. http://www.trojaner-board.de/54791-a...ner-board.html machst du onlinebanking einkäufe oder sonst was wichtiges?
__________________ -Verdächtige mails bitte an uns zur Analyse weiterleiten: markusg.trojaner-board@web.de Weiterleiten Anleitung: http://markusg.trojaner-board.de Mails bitte vorerst nach obiger Anleitung an markusg.trojaner-board@web.de Weiterleiten Wenn Ihr uns unterstützen möchtet |
|
10.05.2011, 21:51
| #5 |
| | Vista Desktopsymbolde verschwunden geht so gut wie nix mehr neee zum glück nicht Geändert von Zuspaet77 (10.05.2011 um 22:21 Uhr) |
|
11.05.2011, 10:43
| #6 |
| /// Malware-holic | Vista Desktopsymbolde verschwunden geht so gut wie nix mehr trotzdem, hier sind viele verschiedene trojaner drauf, man kann nicht mehr dafür garantieren, dass wir das system sauber bekommen, da krimminelle deinen pc zu straftaten nutzen könnten, ist es das sicherste ihn neu aufzusetzen. ich würde dir, wenn du willst, dann sagen, wie du das system in zukunft wirksam schützt.
__________________ --> Vista Desktopsymbolde verschwunden geht so gut wie nix mehr |
|
11.05.2011, 15:54
| #7 |
| | Vista Desktopsymbolde verschwunden geht so gut wie nix mehr ich danke dir naa klar will ich das !!!!!!  |
|
11.05.2011, 15:55
| #8 |
| /// Malware-holic | Vista Desktopsymbolde verschwunden geht so gut wie nix mehr ok, aber erst mal musst du deine daten sichern und dann muss das system neu aufgesetzt werden. weist du wie das geht, oder benötigst du dabei hilfe?
__________________ -Verdächtige mails bitte an uns zur Analyse weiterleiten: markusg.trojaner-board@web.de Weiterleiten Anleitung: http://markusg.trojaner-board.de Mails bitte vorerst nach obiger Anleitung an markusg.trojaner-board@web.de Weiterleiten Wenn Ihr uns unterstützen möchtet |
|
11.05.2011, 15:55
| #9 | |
| | Vista Desktopsymbolde verschwunden geht so gut wie nix mehrZitat:
|
|
11.05.2011, 15:59
| #10 | |
| | Vista Desktopsymbolde verschwunden geht so gut wie nix mehrZitat:
habe ne cd von cumputerbild gefunden rettungs cd heisst sie und das geht irgentwie aber alles völlig anders |
|
11.05.2011, 16:18
| #11 |
| /// Malware-holic | Vista Desktopsymbolde verschwunden geht so gut wie nix mehr ne das ist ja auch nicht deine windows cd... musst du daten sichern ja oder nein?
__________________ -Verdächtige mails bitte an uns zur Analyse weiterleiten: markusg.trojaner-board@web.de Weiterleiten Anleitung: http://markusg.trojaner-board.de Mails bitte vorerst nach obiger Anleitung an markusg.trojaner-board@web.de Weiterleiten Wenn Ihr uns unterstützen möchtet |
|
11.05.2011, 17:27
| #12 |
| | Vista Desktopsymbolde verschwunden geht so gut wie nix mehr ja das wäre nicht schlecht |
|
11.05.2011, 17:55
| #13 |
| /// Malware-holic | Vista Desktopsymbolde verschwunden geht so gut wie nix mehr
__________________ -Verdächtige mails bitte an uns zur Analyse weiterleiten: markusg.trojaner-board@web.de Weiterleiten Anleitung: http://markusg.trojaner-board.de Mails bitte vorerst nach obiger Anleitung an markusg.trojaner-board@web.de Weiterleiten Wenn Ihr uns unterstützen möchtet |
|
11.05.2011, 18:00
| #14 |
| | Vista Desktopsymbolde verschwunden geht so gut wie nix mehr ubuntu laden Download | Ubuntu brennen und infizierten pc starten daten sichern.[/QUOTE] ok danke sag bescheid wen es hin gehaun hat |
|
11.05.2011, 20:38
| #15 |
| | Vista Desktopsymbolde verschwunden geht so gut wie nix mehr ok erledigt |
|
| Themen zu Vista Desktopsymbolde verschwunden geht so gut wie nix mehr |
| 7-zip, alternate, avgntflt.sys, browser, desktop, excel.exe, explorer, fenster, futsch, gestartet, google earth, greifen, hoffe, install.exe, kumpel, laptop, leute, location, microsoft office word, neu, nicht mehr, nvlddmkm.sys, office 2007, oldtimer, opera, opera browser, plug-in, programe, safer networking, sched.exe, schnelle, schnelle hilfe, searchplugins, security update, shell32.dll, shortcut, staropen, start menu, studio, tagen, verschwunden, video converter, virtualbox, vista, wlan., youtube downloader |
Linear-Darstellung
