| |
| |||||||
Plagegeister aller Art und deren Bekämpfung: Google spinnt bei mir! Tojaner oder Maleware, weiss ich nicht x_xWindows 7 Wenn Du nicht sicher bist, ob Du dir Malware oder Trojaner eingefangen hast, erstelle hier ein Thema. Ein Experte wird sich mit weiteren Anweisungen melden und Dir helfen die Malware zu entfernen oder Unerwünschte Software zu deinstallieren bzw. zu löschen. Bitte schildere dein Problem so genau wie möglich. Sollte es ein Trojaner oder Viren Problem sein wird ein Experte Dir bei der Beseitigug der Infektion helfen. |
 |
11.05.2011, 02:29
| #1 |
 |  Google spinnt bei mir! Tojaner oder Maleware, weiss ich nicht x_x Hallo zusammen. Wie bereits erwähnt, spinnt Google bei mir. Mein Problem ist, dass die Links, die mir Google bei einer Suche gibt, immer auf Seiten wie pcabusers.com oder andere Seiten springt. Ich habe schon Avira, Spybot Search & Destroy und Trojaner Remover laufen lassen, aber das bringt immer noch nichts. Hab auch Anleitungen zum Entfernen von Trojanern versucht, bin aber zu doof dafür glaub ich. Bin am verzweifeln und ich bin nicht wirklich der hellste am PC. (Sry wenn das jetzt im falschen Bereich ist.) Ach und was mir gerade noch auffält... es kommt immer eine Nachricht, dass ein Skriptfehler aufgetaucht ist. Auf Seiten, die ich weder mit Firefox, noch mit dem IE geöffnet habe. Benutze nur Firefox, das Fenster sagt aber etwas von einem IE Skriptfehler... Auch spielt mein PC Audiodateien (hört sich so an, als ob das Webung wär) ab, die ich nirgendswo geöffnet haben kann... ich verzweifel gerade echt... |
|
11.05.2011, 07:12
| #2 | |||
| /// Helfer-Team    | Google spinnt bei mir! Tojaner oder Maleware, weiss ich nicht x_x Hallo und Herzlich Willkommen!
__________________ Bevor wir unsere Zusammenarbeit beginnen, [Bitte Vollständig lesen]: Zitat:
Zitat:
Für Vista und Win7: Wichtig: Alle Befehle bitte als Administrator ausführen! rechte Maustaste auf die Eingabeaufforderung und "als Administrator ausführen" auswählen Auf der angewählten Anwendung einen Rechtsklick (rechte Maustaste) und "Als Administrator ausführen" wählen! ► Falls es Meldung/Bericht von deinem Antivirenprogramm oder andere Schutzprogramme gibt, bitte posten! Was gefunden und vor allem wo... ► Beschreibe, welche Versuche unternommen hast, um das Problem zu lösen (die schon vorhandenen Ergebnisse auch posten): Code:
ATTFilter Avira
Spybot
Trojan Remover
Lade Dir Malwarebytes Anti-Malware von→ malwarebytes.org
2. Systemscan mit OTL Lade Dir bitte OTL von Oldtimer herunter und speichere es auf Deinem Desktop
3. → Lade Dir HJTscanlist.zip herunter → entpacke die Datei auf deinem Desktop → Bei WindowsXP Home musst vor dem Scan zusätzlich tasklist.zip installieren → per Doppelklick starten → Wähle dein Betriebsystem aus - bei Win7 wähle Vista → Wenn Du gefragt wirst, die Option "Einstellung" (1) - scanlist" wählen → Nach kurzer Zeit sollte sich Dein Editor öffnen und die Datei hjtscanlist.txt präsentieren → Bitte kopiere den Inhalt hier in Deinen Thread. ** Falls es klappt auf einmal nicht, kannst den Text in mehrere Teile teilen und so posten 4. Ich würde gerne noch all deine installierten Programme sehen: Lade dir das Tool Ccleaner herunter → Download installieren (Software-Lizenzvereinbarung lesen, falls angeboten wird "Füge CCleaner Yahoo! Toolbar hinzu" abwählen)→ starten→ falls nötig - unter Options settings-> "german" einstellen dann klick auf "Extra (um die installierten Programme auch anzuzeigen)→ weiter auf "Als Textdatei speichern..." wird eine Textdatei (*.txt) erstellt, kopiere dazu den Inhalt und füge ihn da ein Zitat:
** Möglichst nicht ins internet gehen, kein Online-Banking, File-sharing, Chatprogramme usw grußCoverflow
__________________ |
|
11.05.2011, 15:17
| #3 |
| | Google spinnt bei mir! Tojaner oder Maleware, weiss ich nicht x_x Malwarebytes Anti-Malware Ergebnisse (die anderen Schritte folgen noch)
__________________Code:
ATTFilter Malwarebytes' Anti-Malware 1.50.1.1100
www.malwarebytes.org
Datenbank Version: 6554
Windows 6.0.6002 Service Pack 2
Internet Explorer 7.0.6002.18005
11.05.2011 16:15:50
mbam-log-2011-05-11 (16-15-50).txt
Art des Suchlaufs: Vollständiger Suchlauf (A:\|C:\|E:\|)
Durchsuchte Objekte: 266552
Laufzeit: 1 Stunde(n), 48 Minute(n), 31 Sekunde(n)
Infizierte Speicherprozesse: 0
Infizierte Speichermodule: 0
Infizierte Registrierungsschlüssel: 0
Infizierte Registrierungswerte: 0
Infizierte Dateiobjekte der Registrierung: 0
Infizierte Verzeichnisse: 4
Infizierte Dateien: 4
Infizierte Speicherprozesse:
(Keine bösartigen Objekte gefunden)
Infizierte Speichermodule:
(Keine bösartigen Objekte gefunden)
Infizierte Registrierungsschlüssel:
(Keine bösartigen Objekte gefunden)
Infizierte Registrierungswerte:
(Keine bösartigen Objekte gefunden)
Infizierte Dateiobjekte der Registrierung:
(Keine bösartigen Objekte gefunden)
Infizierte Verzeichnisse:
c:\moonxxxxxx.exe (Trojan.SpyEyes) -> Quarantined and deleted successfully.
c:\portwexexe (Trojan.SpyEyes.WC) -> Quarantined and deleted successfully.
c:\portwexexe.exe (Trojan.SpyEyes.WC) -> Quarantined and deleted successfully.
c:\syscheckrt (Trojan.SpyEyes) -> Quarantined and deleted successfully.
Infizierte Dateien:
c:\moonxxxxxx.exe\config.bin (Trojan.SpyEyes) -> Quarantined and deleted successfully.
c:\portwexexe\config.bin (Trojan.SpyEyes.WC) -> Quarantined and deleted successfully.
c:\portwexexe.exe\config.bin (Trojan.SpyEyes.WC) -> Quarantined and deleted successfully.
c:\syscheckrt\config.bin (Trojan.SpyEyes) -> Quarantined and deleted successfully.
|
|
11.05.2011, 17:41
| #4 |
| | Google spinnt bei mir! Tojaner oder Maleware, weiss ich nicht x_x OTL (1. Logfile) Code:
ATTFilter OTL logfile created on: 11.05.2011 18:25:28 - Run 2 OTL by OldTimer - Version 3.2.22.3 Folder = C:\Users\User\Downloads Windows Vista Home Basic Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation Internet Explorer (Version = 7.0.6002.18005) Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy 2,00 Gb Total Physical Memory | 1,00 Gb Available Physical Memory | 51,00% Memory free 4,00 Gb Paging File | 3,00 Gb Available in Paging File | 69,00% Paging File free Paging file location(s): ?:\pagefile.sys [binary data] %SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files Drive C: | 223,04 Gb Total Space | 128,38 Gb Free Space | 57,56% Space Free | Partition Type: NTFS Computer Name: USER-PC | User Name: User | Logged in as Administrator. Boot Mode: Normal | Scan Mode: Current user Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days ========== Processes (SafeList) ========== PRC - C:\Users\User\Downloads\OTL.exe (OldTimer Tools) PRC - C:\Programme\Mozilla Firefox\firefox.exe (Mozilla Corporation) PRC - C:\Programme\Avira\AntiVir Desktop\sched.exe (Avira GmbH) PRC - C:\Programme\Avira\AntiVir Desktop\avguard.exe (Avira GmbH) PRC - C:\Programme\DivX\DivX Update\DivXUpdate.exe () PRC - C:\Programme\Avira\AntiVir Desktop\avgnt.exe (Avira GmbH) PRC - C:\Programme\DivX\DivX Plus Web Player\DDMService.exe (DivX, LLC) PRC - C:\Programme\T-Online\T-Online_Software_6\Basis-Software\Basis2\profilemgr.exe (Deutsche Telekom AG) PRC - C:\Programme\T-Online\T-Online_Software_6\Basis-Software\Basis2\sc_watch.exe (Deutsche Telekom AG) PRC - C:\Programme\T-Online\T-Online_Software_6\Basis-Software\Basis2\kernel.exe (Deutsche Telekom AG) PRC - C:\Programme\Avira\AntiVir Desktop\avshadow.exe (Avira GmbH) PRC - C:\Programme\Windows Sidebar\sidebar.exe (Microsoft Corporation) PRC - C:\Windows\explorer.exe (Microsoft Corporation) PRC - C:\Programme\Spybot - Search & Destroy\TeaTimer.exe (Safer Networking Limited) PRC - C:\Programme\Spybot - Search & Destroy\SDWinSec.exe (Safer Networking Ltd.) PRC - C:\Programme\Windows Media Player\wmpnetwk.exe (Microsoft Corporation) PRC - C:\Programme\Windows Media Player\wmpnscfg.exe (Microsoft Corporation) PRC - C:\Programme\Windows Defender\MSASCui.exe (Microsoft Corporation) PRC - C:\Windows\RtHDVCpl.exe (Realtek Semiconductor) PRC - C:\Programme\T-Online\T-Online_Software_6\Notifier\Notifier.exe (fun communications GmbH, hxxp://www.fun.de) ========== Modules (SafeList) ========== MOD - C:\Users\User\Downloads\OTL.exe (OldTimer Tools) MOD - C:\Windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.6002.18305_none_5cb72f2a088b0ed3\comctl32.dll (Microsoft Corporation) ========== Win32 Services (SafeList) ========== SRV - (Akamai) -- c:\Programme\Common Files\Akamai\netsession_win_3f211bc.dll () SRV - (AntiVirSchedulerService) -- C:\Program Files\Avira\AntiVir Desktop\sched.exe (Avira GmbH) SRV - (AntiVirService) -- C:\Program Files\Avira\AntiVir Desktop\avguard.exe (Avira GmbH) SRV - (npggsvc) -- C:\Windows\System32\GameMon.des (INCA Internet Co., Ltd.) SRV - (SwitchBoard) -- C:\Program Files\Common Files\Adobe\SwitchBoard\SwitchBoard.exe (Adobe Systems Incorporated) SRV - (SBSDWSCService) -- C:\Programme\Spybot - Search & Destroy\SDWinSec.exe (Safer Networking Ltd.) SRV - (WinDefend) -- C:\Programme\Windows Defender\MpSvc.dll (Microsoft Corporation) ========== Driver Services (SafeList) ========== DRV - (avipbb) -- C:\Windows\System32\drivers\avipbb.sys (Avira GmbH) DRV - (avgntflt) -- C:\Windows\System32\drivers\avgntflt.sys (Avira GmbH) DRV - (atksgt) -- C:\Windows\System32\drivers\atksgt.sys () DRV - (lirsgt) -- C:\Windows\System32\drivers\lirsgt.sys () DRV - (MTOnlPktAlyX) -- C:\Programme\T-Online\T-Online_Software_6\Basis-Software\Basis1\MTOnlPktAlyx.sys (Deutsche Telekom AG AG, Marmiko IT-Solutions GmbH) DRV - (ssmdrv) -- C:\Windows\System32\drivers\ssmdrv.sys (Avira GmbH) DRV - (avgio) -- C:\Programme\Avira\AntiVir Desktop\avgio.sys (Avira GmbH) DRV - (Beep) -- C:\Windows\System32\beep.sys (Microsoft Corporation) DRV - (nvlddmkm) -- C:\Windows\System32\drivers\nvlddmkm.sys (NVIDIA Corporation) DRV - (JRAID) -- C:\Windows\system32\drivers\jraid.sys (JMicron Technology Corp.) DRV - (NVENETFD) -- C:\Windows\System32\drivers\nvmfdx32.sys (NVIDIA Corporation) DRV - (RTL8023xp) -- C:\Windows\System32\drivers\Rtnicxp.sys (Realtek Semiconductor Corporation ) DRV - (MTsensor) -- C:\Windows\System32\drivers\ASACPI.sys () DRV - (JGOGO) -- C:\Windows\system32\drivers\jgogo.sys (JMicron ) ========== Standard Registry (SafeList) ========== ========== Internet Explorer ========== IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = %SystemRoot%\system32\blank.htm IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://home.sweetim.com IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = about:blank IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,StartPageCache = 1 IE - HKCU\..\URLSearchHook: - Reg Error: Key error. File not found IE - HKCU\..\URLSearchHook: {855F3B16-6D32-4fe6-8A56-BBB695989046} - Reg Error: Key error. File not found IE - HKCU\..\URLSearchHook: {EEE6C35D-6118-11DC-9C72-001320C79847} - File not found IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 ========== FireFox ========== FF - prefs.js..browser.search.defaultenginename: "SweetIM Search" FF - prefs.js..browser.search.defaultthis.engineName: "Search" FF - prefs.js..browser.search.defaulturl: "hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT2269050&SearchSource=3&q={searchTerms}" FF - prefs.js..browser.search.useDBForOrder: true FF - prefs.js..browser.startup.homepage: "www.google.de" FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}:6.0.20 FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA}:6.0.21 FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}:6.0.22 FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA}:6.0.23 FF - prefs.js..extensions.enabledItems: {23fcfd51-4958-4f00-80a3-ae97e717ed8b}:2.1.0.900 FF - prefs.js..extensions.enabledItems: {6904342A-8307-11DF-A508-4AE2DFD72085}:2.1.0.900 FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA}:6.0.24 FF - prefs.js..extensions.enabledItems: {ACAA314B-EEBA-48e4-AD47-84E31C44796C}:1.0.1 FF - prefs.js..keyword.URL: "hxxp://search.sweetim.com/search.asp?src=2&q=" FF - prefs.js..sweetim.toolbar.previous.browser.search.defaultenginename: "ICQ Search" FF - prefs.js..sweetim.toolbar.previous.browser.search.selectedEngine: "Google" FF - prefs.js..browser.startup.homepage: "google.de" FF - prefs.js..sweetim.toolbar.previous.keyword.URL: "chrome://browser-region/locale/region.properties" FF - HKLM\software\mozilla\Firefox\Extensions\\{23fcfd51-4958-4f00-80a3-ae97e717ed8b}: C:\Program Files\DivX\DivX Plus Web Player\firefox\html5video [2011.02.07 05:29:38 | 000,000,000 | ---D | M] FF - HKLM\software\mozilla\Firefox\Extensions\\{6904342A-8307-11DF-A508-4AE2DFD72085}: C:\Program Files\DivX\DivX Plus Web Player\firefox\wpa [2011.02.07 05:29:38 | 000,000,000 | ---D | M] FF - HKLM\software\mozilla\Mozilla Firefox 4.0.1\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2011.05.06 22:21:17 | 000,000,000 | ---D | M] FF - HKLM\software\mozilla\Mozilla Firefox 4.0.1\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2011.05.06 22:21:17 | 000,000,000 | ---D | M] [2010.01.31 20:11:51 | 000,000,000 | ---D | M] (No name found) -- C:\Users\User\AppData\Roaming\mozilla\Extensions [2011.05.06 21:17:44 | 000,000,000 | ---D | M] (No name found) -- C:\Users\User\AppData\Roaming\mozilla\Firefox\Profiles\jattuqq3.default\extensions [2011.03.30 16:23:40 | 000,000,000 | ---D | M] ("DVDVideoSoft Menu") -- C:\Users\User\AppData\Roaming\mozilla\Firefox\Profiles\jattuqq3.default\extensions\{ACAA314B-EEBA-48e4-AD47-84E31C44796C} [2011.05.09 01:11:51 | 000,000,944 | ---- | M] () -- C:\Users\User\AppData\Roaming\Mozilla\Firefox\Profiles\jattuqq3.default\searchplugins\icqplugin.xml [2011.01.19 14:24:17 | 000,002,057 | ---- | M] () -- C:\Users\User\AppData\Roaming\Mozilla\Firefox\Profiles\jattuqq3.default\searchplugins\youtube-videosuche.xml [2011.02.22 01:51:43 | 000,000,000 | ---D | M] (No name found) -- C:\Programme\Mozilla Firefox\extensions [2010.06.20 00:58:46 | 000,000,000 | ---D | M] (Java Console) -- C:\Programme\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA} [2010.10.11 09:58:55 | 000,000,000 | ---D | M] (Java Console) -- C:\Programme\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA} [2010.10.14 17:53:21 | 000,000,000 | ---D | M] (Java Console) -- C:\Programme\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA} [2011.01.13 18:44:50 | 000,000,000 | ---D | M] (Java Console) -- C:\Programme\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA} [2011.02.22 01:51:43 | 000,000,000 | ---D | M] (Java Console) -- C:\Programme\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA} File not found (No name found) -- [2010.06.20 00:58:46 | 000,000,000 | ---D | M] (Java Console) -- C:\PROGRAM FILES\MOZILLA FIREFOX\EXTENSIONS\{CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA} [2010.10.11 09:58:55 | 000,000,000 | ---D | M] (Java Console) -- C:\PROGRAM FILES\MOZILLA FIREFOX\EXTENSIONS\{CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA} [2010.10.14 17:53:21 | 000,000,000 | ---D | M] (Java Console) -- C:\PROGRAM FILES\MOZILLA FIREFOX\EXTENSIONS\{CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA} [2011.01.13 18:44:50 | 000,000,000 | ---D | M] (Java Console) -- C:\PROGRAM FILES\MOZILLA FIREFOX\EXTENSIONS\{CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA} [2011.02.22 01:51:43 | 000,000,000 | ---D | M] (Java Console) -- C:\PROGRAM FILES\MOZILLA FIREFOX\EXTENSIONS\{CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA} [2010.02.05 04:02:44 | 000,000,000 | ---D | M] (Microsoft .NET Framework Assistant) -- C:\WINDOWS\MICROSOFT.NET\FRAMEWORK\V3.5\WINDOWS PRESENTATION FOUNDATION\DOTNETASSISTANTEXTENSION [2011.05.06 22:21:14 | 000,142,296 | ---- | M] (Mozilla Foundation) -- C:\Programme\Mozilla Firefox\components\browsercomps.dll [2011.02.02 22:40:24 | 000,472,808 | ---- | M] (Sun Microsystems, Inc.) -- C:\Programme\Mozilla Firefox\plugins\npdeployJava1.dll [2011.05.06 22:21:16 | 000,001,392 | ---- | M] () -- C:\Programme\Mozilla Firefox\searchplugins\amazondotcom-de.xml [2011.05.06 22:21:16 | 000,002,252 | ---- | M] () -- C:\Programme\Mozilla Firefox\searchplugins\bing.xml [2011.05.06 22:21:16 | 000,001,153 | ---- | M] () -- C:\Programme\Mozilla Firefox\searchplugins\eBay-de.xml [2011.05.06 22:21:16 | 000,006,805 | ---- | M] () -- C:\Programme\Mozilla Firefox\searchplugins\leo_ende_de.xml [2011.05.06 22:21:16 | 000,001,178 | ---- | M] () -- C:\Programme\Mozilla Firefox\searchplugins\wikipedia-de.xml [2011.05.06 22:21:16 | 000,001,105 | ---- | M] () -- C:\Programme\Mozilla Firefox\searchplugins\yahoo-de.xml O1 HOSTS File: ([2006.09.18 23:41:30 | 000,000,761 | ---- | M]) - C:\Windows\System32\drivers\etc\hosts O1 - Hosts: 127.0.0.1 localhost O1 - Hosts: ::1 localhost O2 - BHO: (Adobe PDF Reader) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Programme\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll (Adobe Systems Incorporated) O2 - BHO: (DivX Plus Web Player HTML5 <video>) - {326E768D-4182-46FD-9C16-1449A49795F4} - C:\Programme\DivX\DivX Plus Web Player\npdivx32.dll (DivX, LLC) O2 - BHO: (Spybot-S&D IE Protection) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Programme\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited) O2 - BHO: (DivX HiQ) - {593DDEC6-7468-4cdd-90E1-42DADAA222E9} - C:\Programme\DivX\DivX Plus Web Player\npdivx32.dll (DivX, LLC) O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - No CLSID value found. O2 - BHO: (Windows Live Anmelde-Hilfsprogramm) - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Programme\Common Files\microsoft shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corporation) O3 - HKLM\..\Toolbar: (SweetIM Toolbar for Internet Explorer) - {EEE6C35B-6118-11DC-9C72-001320C79847} - File not found O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {D4027C7F-154A-4066-A1AD-4243D8127440} - No CLSID value found. O3 - HKCU\..\Toolbar\WebBrowser: (SweetIM Toolbar for Internet Explorer) - {EEE6C35B-6118-11DC-9C72-001320C79847} - File not found O4 - HKLM..\Run: [AdobeAAMUpdater-1.0] C:\Program Files\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe (Adobe Systems Incorporated) O4 - HKLM..\Run: [AdobeCS5ServiceManager] C:\Program Files\Common Files\Adobe\CS5ServiceManager\CS5ServiceManager.exe (Adobe Systems Incorporated) O4 - HKLM..\Run: [avgnt] C:\Program Files\Avira\AntiVir Desktop\avgnt.exe (Avira GmbH) O4 - HKLM..\Run: [DivX Download Manager] C:\Program Files\DivX\DivX Plus Web Player\DDmService.exe (DivX, LLC) O4 - HKLM..\Run: [DivXUpdate] C:\Program Files\DivX\DivX Update\DivXUpdate.exe () O4 - HKLM..\Run: [Malwarebytes' Anti-Malware (reboot)] C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe (Malwarebytes Corporation) O4 - HKLM..\Run: [NeroFilterCheck] C:\Programme\Common Files\Ahead\Lib\NeroCheck.exe (Nero AG) O4 - HKLM..\Run: [NvCplDaemon] C:\Windows\System32\NvCpl.dll (NVIDIA Corporation) O4 - HKLM..\Run: [NvMediaCenter] C:\Windows\System32\NvMcTray.dll (NVIDIA Corporation) O4 - HKLM..\Run: [NvSvc] C:\Windows\System32\nvsvc.dll (NVIDIA Corporation) O4 - HKLM..\Run: [RtHDVCpl] C:\Windows\RtHDVCpl.exe (Realtek Semiconductor) O4 - HKLM..\Run: [SwitchBoard] C:\Programme\Common Files\Adobe\SwitchBoard\SwitchBoard.exe (Adobe Systems Incorporated) O4 - HKLM..\Run: [TrojanScanner] C:\Program Files\Trojan Remover\Trjscan.exe (Simply Super Software) O4 - HKLM..\Run: [Windows Defender] C:\Program Files\Windows Defender\MSASCui.exe (Microsoft Corporation) O4 - HKCU..\Run: [RocketDock] File not found O4 - HKCU..\Run: [SpybotSD TeaTimer] C:\Programme\Spybot - Search & Destroy\TeaTimer.exe (Safer Networking Limited) O4 - HKCU..\Run: [WindowsWelcomeCenter] C:\Windows\System32\oobefldr.dll (Microsoft Corporation) O4 - HKCU..\Run: [WMPNSCFG] C:\Programme\Windows Media Player\wmpnscfg.exe (Microsoft Corporation) O4 - HKCU..\RunOnce: [JavaInstallRetry] File not found O8 - Extra context menu item: Free YouTube to Mp3 Converter - C:\Users\User\AppData\Roaming\DVDVideoSoftIEHelpers\freeyoutubetomp3converter.htm () O9 - Extra Button: ICQ7 - {88EB38EF-4D2C-436D-ABD3-56B232674062} - C:\Programme\ICQ7.0\ICQ.exe (ICQ, LLC.) O9 - Extra 'Tools' menuitem : ICQ7 - {88EB38EF-4D2C-436D-ABD3-56B232674062} - C:\Programme\ICQ7.0\ICQ.exe (ICQ, LLC.) O9 - Extra 'Tools' menuitem : Spybot - Search && Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Programme\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited) O10 - NameSpace_Catalog5\Catalog_Entries\000000000007 [] - C:\Programme\Bonjour\mdnsNSP.dll (Apple Inc.) O13 - gopher Prefix: missing O16 - DPF: {CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_24-windows-i586.cab (Java Plug-in 1.6.0_24) O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_24-windows-i586.cab (Java Plug-in 1.6.0_24) O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.178.1 O18 - Protocol\Handler\livecall {828030A1-22C1-4009-854F-8E305202313F} - C:\Programme\Windows Live\Messenger\msgrapp.14.0.8117.0416.dll (Microsoft Corporation) O18 - Protocol\Handler\msnim {828030A1-22C1-4009-854F-8E305202313F} - C:\Programme\Windows Live\Messenger\msgrapp.14.0.8117.0416.dll (Microsoft Corporation) O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Programme\Common Files\Skype\Skype4COM.dll (Skype Technologies) O18 - Protocol\Handler\wlmailhtml {03C514A3-1EFB-4856-9F99-10D7BE1653C0} - C:\Programme\Windows Live\Mail\mailcomm.dll (Microsoft Corporation) O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation) O24 - Desktop WallPaper: C:\Users\User\AppData\Roaming\Mozilla\Firefox\Desktop-Hintergrund.bmp O24 - Desktop BackupWallPaper: C:\Users\User\AppData\Roaming\Mozilla\Firefox\Desktop-Hintergrund.bmp O32 - HKLM CDRom: AutoRun - 1 O32 - AutoRun File - [2006.09.18 23:43:36 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ] O33 - MountPoints2\{9993bd10-54fc-11df-ac51-001fc6096b92}\Shell - "" = AutoRun O33 - MountPoints2\{9993bd10-54fc-11df-ac51-001fc6096b92}\Shell\AutoRun\command - "" = F:\SETUP.EXE O34 - HKLM BootExecute: (autocheck autochk *) - File not found O35 - HKLM\..comfile [open] -- "%1" %* O35 - HKLM\..exefile [open] -- "%1" %* O37 - HKLM\...com [@ = comfile] -- "%1" %* O37 - HKLM\...exe [@ = exefile] -- "%1" %* ========== Files/Folders - Created Within 30 Days ========== [2011.05.11 13:44:37 | 000,000,000 | ---D | C] -- C:\Users\User\AppData\Roaming\Malwarebytes [2011.05.11 13:43:45 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes' Anti-Malware [2011.05.11 13:43:44 | 000,038,224 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbamswissarmy.sys [2011.05.11 13:43:43 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes [2011.05.11 13:43:39 | 000,000,000 | ---D | C] -- C:\Programme\Malwarebytes' Anti-Malware [2011.05.11 02:49:51 | 000,000,000 | ---D | C] -- C:\ProgramData\TEMP [2011.05.11 02:35:08 | 000,000,000 | ---D | C] -- C:\Users\User\Documents\Simply Super Software [2011.05.11 02:34:58 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Trojan Remover [2011.05.11 02:34:55 | 000,069,632 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ztvcabinet.dll [2011.05.11 02:34:52 | 000,000,000 | ---D | C] -- C:\Programme\Trojan Remover [2011.05.11 02:34:52 | 000,000,000 | ---D | C] -- C:\Users\User\AppData\Roaming\Simply Super Software [2011.05.11 02:34:52 | 000,000,000 | ---D | C] -- C:\ProgramData\Simply Super Software [2011.05.07 16:09:51 | 000,006,144 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\beep.sys [2011.04.27 05:41:27 | 004,240,384 | ---- | C] (Microsoft) -- C:\Windows\System32\GameUXLegacyGDFs.dll [2011.04.27 05:41:27 | 000,028,672 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\Apphlpdm.dll [2011.04.27 05:41:20 | 000,876,032 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\XpsPrint.dll [2011.04.22 19:46:21 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Ventrilo [2011.04.22 19:46:18 | 000,000,000 | ---D | C] -- C:\Programme\Ventrilo [2011.04.13 06:13:15 | 000,292,864 | ---- | C] (Adobe Systems Incorporated) -- C:\Windows\System32\atmfd.dll [2011.04.13 06:13:14 | 000,034,304 | ---- | C] (Adobe Systems) -- C:\Windows\System32\atmlib.dll [2011.04.13 06:13:08 | 001,162,240 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mfc42u.dll [2011.04.13 06:13:07 | 001,136,640 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mfc42.dll [2011.04.13 06:13:02 | 000,025,088 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\dnscacheugc.exe [2011.04.13 06:12:55 | 000,671,232 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mstime.dll [2011.04.13 06:12:55 | 000,471,040 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msfeeds.dll [2011.04.13 06:12:55 | 000,389,632 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\html.iec [2011.04.13 06:12:55 | 000,193,024 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\iepeers.dll [2011.04.13 06:12:54 | 000,380,928 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ieapfltr.dll [2011.04.13 06:12:54 | 000,078,336 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ieencode.dll [2011.04.13 06:12:50 | 002,041,856 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\win32k.sys [2011.04.13 06:12:48 | 000,512,000 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\jscript.dll [2011.04.13 06:12:48 | 000,430,080 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\vbscript.dll ========== Files - Modified Within 30 Days ========== [2011.05.11 18:23:58 | 000,003,216 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0 [2011.05.11 18:23:58 | 000,003,216 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0 [2011.05.11 18:07:00 | 000,001,116 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-1763264499-3753471517-4276012898-1000UA.job [2011.05.11 16:28:27 | 000,628,504 | ---- | M] () -- C:\Windows\System32\perfh007.dat [2011.05.11 16:28:27 | 000,595,798 | ---- | M] () -- C:\Windows\System32\perfh009.dat [2011.05.11 16:28:27 | 000,126,248 | ---- | M] () -- C:\Windows\System32\perfc007.dat [2011.05.11 16:28:27 | 000,103,872 | ---- | M] () -- C:\Windows\System32\perfc009.dat [2011.05.11 16:23:56 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat [2011.05.11 15:02:16 | 000,000,049 | ---- | M] () -- C:\Windows\NeroDigital.ini [2011.05.11 13:43:45 | 000,000,906 | ---- | M] () -- C:\Users\Public\Desktop\Malwarebytes' Anti-Malware.lnk [2011.05.11 10:07:00 | 000,001,064 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-1763264499-3753471517-4276012898-1000Core.job [2011.05.11 02:34:58 | 000,000,936 | ---- | M] () -- C:\Users\Public\Desktop\Trojan Remover.lnk [2011.05.10 20:32:11 | 000,228,864 | ---- | M] () -- C:\Users\User\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini [2011.05.08 20:11:42 | 000,002,110 | ---- | M] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\T-Online 6.0.lnk [2011.05.08 20:11:32 | 000,000,858 | ---- | M] () -- C:\Users\User\Desktop\Mozilla Firefox.lnk [2011.05.08 11:11:38 | 000,002,037 | ---- | M] () -- C:\Users\User\Desktop\Google Chrome.lnk [2011.05.03 22:00:33 | 000,019,014 | ---- | M] () -- C:\Users\User\Desktop\English Abi.rtf [2011.04.22 19:46:28 | 000,000,262 | ---- | M] () -- C:\Windows\{789289CA-F73A-4A16-A331-54D498CE069F}_WiseFW.ini [2011.04.14 03:32:48 | 003,624,312 | ---- | M] () -- C:\Windows\System32\FNTCACHE.DAT ========== Files Created - No Company Name ========== [2011.05.11 13:43:45 | 000,000,906 | ---- | C] () -- C:\Users\Public\Desktop\Malwarebytes' Anti-Malware.lnk [2011.05.11 02:34:58 | 000,000,936 | ---- | C] () -- C:\Users\Public\Desktop\Trojan Remover.lnk [2011.05.11 02:34:55 | 000,162,304 | ---- | C] () -- C:\Windows\System32\ztvunrar36.dll [2011.05.11 02:34:55 | 000,153,088 | ---- | C] () -- C:\Windows\System32\UNRAR3.dll [2011.05.11 02:34:55 | 000,077,312 | ---- | C] () -- C:\Windows\System32\ztvunace26.dll [2011.05.11 02:34:55 | 000,075,264 | ---- | C] () -- C:\Windows\System32\unacev2.dll [2011.05.08 20:11:42 | 000,002,110 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\T-Online 6.0.lnk [2011.05.08 20:11:32 | 000,000,858 | ---- | C] () -- C:\Users\User\Desktop\Mozilla Firefox.lnk [2011.05.06 22:21:18 | 000,000,858 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Mozilla Firefox.lnk [2011.05.03 21:46:06 | 000,019,014 | ---- | C] () -- C:\Users\User\Desktop\English Abi.rtf [2011.04.22 19:46:15 | 000,000,262 | ---- | C] () -- C:\Windows\{789289CA-F73A-4A16-A331-54D498CE069F}_WiseFW.ini [2011.03.05 23:42:40 | 000,151,301 | ---- | C] () -- C:\Windows\Proteinbiosynthese Uninstaller.exe [2010.10.13 16:59:57 | 000,281,504 | ---- | C] () -- C:\Windows\System32\drivers\atksgt.sys [2010.10.13 16:59:55 | 000,025,888 | ---- | C] () -- C:\Windows\System32\drivers\lirsgt.sys [2010.07.21 16:52:33 | 000,000,552 | ---- | C] () -- C:\Users\User\AppData\Local\d3d8caps.dat [2010.07.07 21:07:25 | 000,228,864 | ---- | C] () -- C:\Users\User\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini [2010.07.07 00:34:57 | 000,000,760 | ---- | C] () -- C:\Users\User\AppData\Roaming\setup_ldm.iss [2010.05.01 11:58:13 | 000,000,683 | ---- | C] () -- C:\Windows\wininit.ini [2010.03.13 19:00:28 | 000,000,049 | ---- | C] () -- C:\Windows\NeroDigital.ini [2010.02.18 19:56:12 | 000,000,056 | -H-- | C] () -- C:\ProgramData\ezsidmv.dat [2010.02.02 10:15:29 | 000,117,248 | ---- | C] () -- C:\Windows\System32\EhStorAuthn.dll [2010.02.02 10:15:29 | 000,107,612 | ---- | C] () -- C:\Windows\System32\StructuredQuerySchema.bin [2010.02.02 02:12:18 | 000,018,904 | ---- | C] () -- C:\Windows\System32\StructuredQuerySchemaTrivial.bin [2010.02.01 17:52:59 | 000,000,088 | RHS- | C] () -- C:\ProgramData\106B5E8615.sys [2010.02.01 17:52:58 | 000,002,828 | -HS- | C] () -- C:\ProgramData\KGyGaAvL.sys [2008.10.07 09:13:30 | 000,197,912 | ---- | C] () -- C:\Windows\System32\physxcudart_20.dll [2008.10.07 09:13:22 | 000,058,648 | ---- | C] () -- C:\Windows\System32\AgCPanelTraditionalChinese.dll [2008.10.07 09:13:20 | 000,058,648 | ---- | C] () -- C:\Windows\System32\AgCPanelSwedish.dll [2008.10.07 09:13:20 | 000,058,648 | ---- | C] () -- C:\Windows\System32\AgCPanelSpanish.dll [2008.10.07 09:13:20 | 000,058,648 | ---- | C] () -- C:\Windows\System32\AgCPanelSimplifiedChinese.dll [2008.10.07 09:13:20 | 000,058,648 | ---- | C] () -- C:\Windows\System32\AgCPanelPortugese.dll [2008.10.07 09:13:20 | 000,058,648 | ---- | C] () -- C:\Windows\System32\AgCPanelKorean.dll [2008.10.07 09:13:20 | 000,058,648 | ---- | C] () -- C:\Windows\System32\AgCPanelJapanese.dll [2008.10.07 09:13:20 | 000,058,648 | ---- | C] () -- C:\Windows\System32\AgCPanelGerman.dll [2008.10.07 09:13:20 | 000,058,648 | ---- | C] () -- C:\Windows\System32\AgCPanelFrench.dll [2008.02.13 23:35:20 | 000,007,680 | ---- | C] () -- C:\Windows\System32\drivers\ASACPI.sys [2008.02.13 14:44:41 | 000,001,732 | ---- | C] () -- C:\Windows\System32\drivers\nvphy.bin [2008.01.21 10:21:25 | 000,628,504 | ---- | C] () -- C:\Windows\System32\perfh007.dat [2008.01.21 10:21:25 | 000,290,748 | ---- | C] () -- C:\Windows\System32\perfi007.dat [2008.01.21 10:21:25 | 000,126,248 | ---- | C] () -- C:\Windows\System32\perfc007.dat [2008.01.21 10:21:25 | 000,036,916 | ---- | C] () -- C:\Windows\System32\perfd007.dat [2006.11.02 14:53:49 | 000,067,584 | --S- | C] () -- C:\Windows\bootstat.dat [2006.11.02 14:44:53 | 003,624,312 | ---- | C] () -- C:\Windows\System32\FNTCACHE.DAT [2006.11.02 12:33:01 | 000,595,798 | ---- | C] () -- C:\Windows\System32\perfh009.dat [2006.11.02 12:33:01 | 000,287,440 | ---- | C] () -- C:\Windows\System32\perfi009.dat [2006.11.02 12:33:01 | 000,103,872 | ---- | C] () -- C:\Windows\System32\perfc009.dat [2006.11.02 12:33:01 | 000,030,674 | ---- | C] () -- C:\Windows\System32\perfd009.dat [2006.11.02 12:23:21 | 000,215,943 | ---- | C] () -- C:\Windows\System32\dssec.dat [2006.11.02 10:58:30 | 000,043,131 | ---- | C] () -- C:\Windows\mib.bin [2006.11.02 10:19:00 | 000,000,741 | ---- | C] () -- C:\Windows\System32\NOISE.DAT [2006.11.02 09:40:29 | 000,013,750 | ---- | C] () -- C:\Windows\System32\pacerprf.ini [2006.11.02 09:25:31 | 000,673,088 | ---- | C] () -- C:\Windows\System32\mlang.dat [1999.01.27 13:39:06 | 000,065,024 | ---- | C] () -- C:\Windows\System32\indounin.dll [1997.11.17 17:13:16 | 000,010,240 | ---- | C] () -- C:\Windows\System32\vidx16.dll [1997.06.13 07:56:08 | 000,056,832 | ---- | C] () -- C:\Windows\System32\Iyvu9_32.dll ========== Files - Unicode (All) ========== [2010.11.05 11:08:08 | 000,000,000 | ---D | M](C:\Users\User\Documents\?? ???) -- C:\Users\User\Documents\넥슨 플러그 [2010.11.05 11:08:08 | 000,000,000 | ---D | C](C:\Users\User\Documents\?? ???) -- C:\Users\User\Documents\넥슨 플러그 ========== Alternate Data Streams ========== @Alternate Data Stream - 102 bytes -> C:\ProgramData\TEMP:CB0AACC9 < End of report > Code:
ATTFilter OTL Extras logfile created on: 11.05.2011 18:25:28 - Run 2
OTL by OldTimer - Version 3.2.22.3 Folder = C:\Users\User\Downloads
Windows Vista Home Basic Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation
Internet Explorer (Version = 7.0.6002.18005)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
2,00 Gb Total Physical Memory | 1,00 Gb Available Physical Memory | 51,00% Memory free
4,00 Gb Paging File | 3,00 Gb Available in Paging File | 69,00% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 223,04 Gb Total Space | 128,38 Gb Free Space | 57,56% Space Free | Partition Type: NTFS
Computer Name: USER-PC | User Name: User | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
========== Extra Registry (SafeList) ==========
========== File Associations ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- C:\Windows\System32\control.exe (Microsoft Corporation)
.hlp [@ = hlpfile] -- C:\Windows\winhlp32.exe (Microsoft Corporation)
.url [@ = InternetShortcut] -- rundll32.exe ieframe.dll,OpenURL %l
[HKEY_CURRENT_USER\SOFTWARE\Classes\<extension>]
.html [@ = FirefoxHTML] -- C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation)
========== Shell Spawning ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
hlpfile [open] -- %SystemRoot%\winhlp32.exe %1 (Microsoft Corporation)
htmlfile [edit] -- Reg Error: Key error.
htmlfile [print] -- rundll32.exe %windir%\system32\mshtml.dll,PrintHTML "%1"
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
InternetShortcut [open] -- rundll32.exe ieframe.dll,OpenURL %l
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [AddToPlaylistVLC] -- "C:\Program Files\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" ()
Directory [Bridge] -- C:\Program Files\Adobe\Adobe Bridge CS5\Bridge.exe "%L" (Adobe Systems, Inc.)
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [PlayWithVLC] -- "C:\Program Files\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" ()
Folder [open] -- %SystemRoot%\Explorer.exe /separate,/idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /separate,/e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
========== Security Center Settings ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0
"VistaSp1" = Reg Error: Unknown registry data type -- File not found
"VistaSp2" = Reg Error: Unknown registry data type -- File not found
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]
========== Firewall Settings ==========
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0
"DoNotAllowExceptions" = 0
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0
"DoNotAllowExceptions" = 0
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0
========== Authorized Applications List ==========
========== Vista Active Open Ports Exception List ==========
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{29CD9AD3-6B3D-4FB8-A01A-9949C9380A67}" = lport=49162 | protocol=6 | dir=in | name=akamai netsession interface |
"{580246D6-51C8-47D5-BEA9-00C3A4B26B42}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=svchost.exe |
"{763A29CB-B868-4856-B660-753B473979C8}" = lport=2869 | protocol=6 | dir=in | app=system |
"{A0EB756A-24B5-407F-B1A4-DD7C3149439E}" = lport=5000 | protocol=17 | dir=in | name=akamai netsession interface |
========== Vista Active Application Exception List ==========
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{0CB48D45-42C9-40DC-AF50-F750168A224A}" = protocol=6 | dir=in | app=c:\program files\frostwire\frostwire.exe |
"{0D708FC9-FB9E-4D87-A4D3-22C191C93F5B}" = protocol=17 | dir=in | app=c:\users\user\downloads\sweetimsetup.exe |
"{1B530998-F061-4296-9A30-614D3D6573CD}" = protocol=17 | dir=in | app=c:\program files\icq7.0\icq.exe |
"{2937ACF5-4FCF-4776-AF2F-2EB181A199D6}" = dir=in | app=c:\program files\pando networks\media booster\pmb.exe |
"{308DD4AB-4434-4625-B074-99A27F1AA90E}" = protocol=6 | dir=in | app=c:\nexon\combat arms eu\nmservice.exe |
"{36A0121F-18EB-42B7-AEE5-F4861B3D01D5}" = protocol=6 | dir=in | app=c:\program files\icq7.0\icq.exe |
"{4856A642-1D7F-4519-9731-DB8123AE513D}" = protocol=6 | dir=in | app=c:\program files\pando networks\media booster\pmb.exe |
"{4A87644B-1AB1-472C-9B29-C79DC70F46E3}" = protocol=17 | dir=in | app=c:\program files\icq7.0\aolload.exe |
"{4E18EF97-B8FF-4219-9F78-715700C5DB44}" = protocol=6 | dir=in | app=c:\gamigo\loong\launcher.exe |
"{51908FC7-AEB3-4415-98FD-A431C6CC5046}" = protocol=17 | dir=in | app=c:\program files\pando networks\media booster\pmb.exe |
"{5373CE04-8EDA-4D0F-A6F6-0AD68F2C177B}" = protocol=17 | dir=in | app=c:\programdata\nexoneu\ngm\ngm.exe |
"{5AE2864A-F7B8-4D91-A40A-DF821D0941CB}" = protocol=17 | dir=in | app=c:\gamigo\loong\launcher.exe |
"{6930FB1D-2D26-40E5-90E0-B5244D275B00}" = protocol=17 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe |
"{6B683A82-FDBE-4A78-88B8-B2D20D49B20F}" = protocol=6 | dir=in | app=c:\program files\icq7.0\aolload.exe |
"{7A9D848F-2D18-426C-A3C4-C16D9D0C1444}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{88026AD3-26FF-4C91-8B5C-C47E6AF5F64C}" = protocol=6 | dir=in | app=c:\program files\icq7.0\icq.exe |
"{894D3D0A-2915-4377-A5FB-B93A4FCFB66C}" = protocol=17 | dir=in | app=c:\program files\ventrilo\ventrilo.exe |
"{8AA18992-976C-41CE-B9E9-3F1CCC650A43}" = protocol=6 | dir=in | app=c:\program files\pando networks\media booster\pmb.exe |
"{8E2B0961-7FC7-41FF-A787-F1EC3A656F2F}" = dir=in | app=c:\program files\itunes\itunes.exe |
"{A38469D5-023B-487D-BC49-B84C9D18DC97}" = protocol=6 | dir=in | app=c:\program files\icq7.0\aolload.exe |
"{AB55AD93-9210-433D-B81A-77D29DAEA076}" = protocol=17 | dir=in | app=c:\program files\pando networks\media booster\pmb.exe |
"{B48A0EB1-57BD-4848-BA89-50F1A4633F73}" = protocol=6 | dir=in | app=c:\programdata\nexoneu\ngm\ngm.exe |
"{BECCF2BF-3782-4D1D-B7D0-79489DAC5B99}" = dir=in | app=c:\program files\windows live\messenger\msnmsgr.exe |
"{C46CF48F-3350-4886-8A92-6C32F731C34E}" = protocol=17 | dir=in | app=c:\program files\icq7.0\aolload.exe |
"{C5939EA9-4B02-494D-A471-6909BEB73884}" = protocol=6 | dir=in | app=c:\program files\ventrilo\ventrilo.exe |
"{D163CA54-3AB1-4F56-84B0-6D6A7D780CB2}" = protocol=17 | dir=in | app=c:\nexon\combat arms eu\nmservice.exe |
"{D3D39046-9040-4AD7-B873-346C6E2FC8BE}" = protocol=17 | dir=in | app=c:\program files\frostwire\frostwire.exe |
"{DFC6D880-47D0-402A-A20A-72CC5BB5150A}" = protocol=6 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe |
"{EA6F1683-2A5C-47CA-9F9A-BB017407231F}" = protocol=6 | dir=in | app=c:\users\user\downloads\sweetimsetup.exe |
"{FAD2CBFA-30C7-4EFB-8B31-31F7B1F3C6AC}" = protocol=17 | dir=in | app=c:\program files\icq7.0\icq.exe |
"TCP Query User{1A745B49-1DDF-49F9-9A36-1ABD779DBF91}C:\users\user\downloads\maestia-downloader.exe" = protocol=6 | dir=in | app=c:\users\user\downloads\maestia-downloader.exe |
"TCP Query User{513A14B1-1BFE-4A07-AD5C-E37FAC95CE5D}C:\program files\java\jre6\bin\java.exe" = protocol=6 | dir=in | app=c:\program files\java\jre6\bin\java.exe |
"TCP Query User{52E5C4FD-789F-4CEB-9667-CA8FF55831A4}C:\program files\alaplaya\loco\system\loco.exe" = protocol=6 | dir=in | app=c:\program files\alaplaya\loco\system\loco.exe |
"TCP Query User{55743758-C1D7-4426-99F3-C8921135D8DE}C:\program files\java\jre6\bin\javaw.exe" = protocol=6 | dir=in | app=c:\program files\java\jre6\bin\javaw.exe |
"TCP Query User{596D771D-DAB4-44E5-9ED8-F97F281362D6}C:\aeriagames\rohan\rohanclient.exe" = protocol=6 | dir=in | app=c:\aeriagames\rohan\rohanclient.exe |
"TCP Query User{647C7D15-E698-4BFF-ACEB-7CD2FAED5A75}C:\program files\mozilla firefox\firefox.exe" = protocol=6 | dir=in | app=c:\program files\mozilla firefox\firefox.exe |
"TCP Query User{C0157D1E-27FA-4732-95B7-8CC8CC6221C1}C:\users\user\desktop\rohan\rohanclient.exe" = protocol=6 | dir=in | app=c:\users\user\desktop\rohan\rohanclient.exe |
"TCP Query User{D156C566-CE7F-440F-BD25-BE3A67C64030}C:\nexon\nexon_eu_downloader\nexon_eu_downloader_engine.exe" = protocol=6 | dir=in | app=c:\nexon\nexon_eu_downloader\nexon_eu_downloader_engine.exe |
"TCP Query User{D1EF8C53-A594-4006-B785-DB92EBC3D728}C:\program files\bitlord\bitlord.exe" = protocol=6 | dir=in | app=c:\program files\bitlord\bitlord.exe |
"UDP Query User{0018A949-BC9C-493D-80A1-0D2F22126728}C:\program files\java\jre6\bin\java.exe" = protocol=17 | dir=in | app=c:\program files\java\jre6\bin\java.exe |
"UDP Query User{0AC144C7-3BD6-4EB8-B2A4-978F983AE72D}C:\nexon\nexon_eu_downloader\nexon_eu_downloader_engine.exe" = protocol=17 | dir=in | app=c:\nexon\nexon_eu_downloader\nexon_eu_downloader_engine.exe |
"UDP Query User{168D25D1-B6BF-4DE0-94EE-D3D5FBCA6731}C:\program files\mozilla firefox\firefox.exe" = protocol=17 | dir=in | app=c:\program files\mozilla firefox\firefox.exe |
"UDP Query User{66D02D8B-99CD-489D-9D1C-1FBD76ABEB23}C:\users\user\desktop\rohan\rohanclient.exe" = protocol=17 | dir=in | app=c:\users\user\desktop\rohan\rohanclient.exe |
"UDP Query User{966CE106-159F-4420-BEB6-ED5F1D5AB1AE}C:\program files\alaplaya\loco\system\loco.exe" = protocol=17 | dir=in | app=c:\program files\alaplaya\loco\system\loco.exe |
"UDP Query User{A1D503CD-F828-41D6-BC1D-194D793B5553}C:\program files\bitlord\bitlord.exe" = protocol=17 | dir=in | app=c:\program files\bitlord\bitlord.exe |
"UDP Query User{AAA4E197-570C-4303-BC10-145E138A5543}C:\users\user\downloads\maestia-downloader.exe" = protocol=17 | dir=in | app=c:\users\user\downloads\maestia-downloader.exe |
"UDP Query User{ED44FC36-3A43-495E-90EA-707C263FEB39}C:\program files\java\jre6\bin\javaw.exe" = protocol=17 | dir=in | app=c:\program files\java\jre6\bin\javaw.exe |
"UDP Query User{FE3BDE88-9D2C-48AC-B8AF-535763D0FC57}C:\aeriagames\rohan\rohanclient.exe" = protocol=17 | dir=in | app=c:\aeriagames\rohan\rohanclient.exe |
========== HKEY_LOCAL_MACHINE Uninstall List ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{002D9D5E-29BA-3E6D-9BC4-3D7D6DBC735C}" = Microsoft Visual C++ 2008 ATL Update kb973924 - x86 9.0.30729.4148
"{015C0A2E-3837-4BAC-9AEC-4E7D84808035}" = Loong
"{033E378E-6AD3-4AD5-BDEB-CBD69B31046C}" = Microsoft_VC90_ATL_x86
"{052FDD78-A6EA-3187-8386-C82F4CA3A929}" = Microsoft .NET Framework 3.5 Language Pack SP1 - deu
"{08D2E121-7F6A-43EB-97FD-629B44903403}" = Microsoft_VC90_CRT_x86
"{0D2DBE8A-43D0-7830-7AE7-CA6C99A832E7}" = Adobe Community Help
"{0F3647F8-E51D-4FCC-8862-9A8D0C5ACF25}" = Microsoft_VC80_ATL_x86
"{15FEDA5F-141C-4127-8D7E-B962D1742728}" = Adobe Photoshop CS5
"{1C4551A6-4743-4093-91E4-1477CD655043}" = NVIDIA PhysX
"{205C6BDD-7B73-42DE-8505-9A093F35A238}" = Windows Live-Uploadtool
"{22B775E7-6C42-4FC5-8E10-9A5E3257BD94}" = MSVCRT
"{26A24AE4-039D-4CA4-87B4-2F83216020FF}" = Java(TM) 6 Update 24
"{295C31E5-3F91-498E-9623-DA24D2FA2B6A}" = T-Online WLAN-Access Finder
"{2A981294-F14C-4F0F-9627-D793270922F8}" = Bonjour
"{2EA870FA-585F-4187-903D-CB9FFD21E2E0}" = DHTML Editing Component
"{3175E049-F9A9-4A3D-8F19-AC9FB04514D1}" = Windows Live Communications Platform
"{3C3901C5-3455-3E0A-A214-0B093A5070A6}" = Microsoft .NET Framework 4 Client Profile
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{52B97218-98CB-4B8B-9283-D213C85E1AA4}" = Windows Live Anmelde-Assistent
"{56C049BE-79E9-4502-BEA7-9754A3E60F9B}" = neroxml
"{57752979-A1C9-4C02-856B-FBB27AC4E02C}" = QuickTime
"{5BF5F9C5-E95B-4AFA-94BE-F2A9CA73B61D}" = Apple Mobile Device Support
"{5EE7D259-D137-4438-9A5F-42F432EC0421}" = VC80CRTRedist - 8.0.50727.4053
"{635FED5B-2C6D-49BE-87E6-7A6FCD22BC5A}" = Microsoft_VC90_MFC_x86
"{6956856F-B6B3-4BE0-BA0B-8F495BE32033}" = Apple Software Update
"{69FDFBB6-351D-4B8C-89D8-867DC9D0A2A4}" = Windows Media Player Firefox Plugin
"{7299052b-02a4-4627-81f2-1818da5d550d}" = Microsoft Visual C++ 2005 Redistributable
"{770657D0-A123-3C07-8E44-1C83EC895118}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
"{789289CA-F73A-4A16-A331-54D498CE069F}" = Ventrilo Client
"{847CAE64-4CD2-4B2D-AF00-978FF5431031}" = Nero 7 Essentials
"{86CE85E6-DBAC-3FFD-B977-E4B79F83C909}" = Microsoft Visual C++ 2008 Redistributable - KB2467174 - x86 9.0.30729.5570
"{88EB38EF-4D2C-436D-ABD3-56B232674062}" = ICQ7
"{8D1E61D1-1395-4E97-997F-D002DB3A5074}" = OpenOffice.org 3.2
"{8E5233E1-7495-44FB-8DEB-4BE906D59619}" = Junk Mail filter update
"{92D58719-BBC1-4CC3-A08B-56C9E884CC2C}" = Microsoft_VC80_CRT_x86
"{95120000-00B9-0409-0000-0000000FF1CE}" = Microsoft Application Error Reporting
"{95140000-00AF-0407-0000-0000000FF1CE}" = Microsoft PowerPoint Viewer
"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
"{a0fe116e-9a8a-466f-aee0-625cb7c207e3}" = Microsoft Visual C++ 2005 Redistributable - KB2467175
"{A2BCA9F1-566C-4805-97D1-7FDC93386723}" = Adobe AIR
"{A78FE97A-C0C8-49CE-89D0-EDD524A17392}" = PDF Settings CS5
"{AAD47011-8518-4608-9656-951DA35B587B}" = iTunes
"{AC76BA86-7AD7-1031-7B44-A80000000002}" = Adobe Reader 8 - Deutsch
"{AED2DD42-9853-407E-A6BC-8A1D6B715909}" = Windows Live Messenger
"{B1275E23-717A-4D52-997A-1AD1E24BC7F3}" = T-Online 6.0
"{B4092C6D-E886-4CB2-BA68-FE5A88D31DE6}_is1" = Spybot - Search & Destroy
"{BF67F764-95B6-4360-BB57-B2E5AA6C814B}" = SweetIM Toolbar for Internet Explorer 4.0
"{C4D738F7-996A-4C81-B8FA-C4E26D767E41}" = Windows Live Mail
"{CAFA57E8-8927-4912-AFCF-B0AA3837E989}" = Windows Live Essentials
"{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1
"{CF8C077A-B467-4C43-8DB5-3A9B94FF9681}" = LightScribe System Software 1.12.29.2
"{D103C4BA-F905-437A-8049-DB24763BBE36}" = Skype™ 4.2
"{D1A19B02-817E-4296-A45B-07853FD74D57}" = Microsoft_VC80_MFC_x86
"{D2041A37-5FEC-49F0-AE5C-3F2FFDFAA4F4}" = Windows Live Call
"{D92BBB52-82FF-42ED-8A3C-4E062F944AB7}" = Microsoft_VC80_MFCLOC_x86
"{DE3A9DC5-9A5D-6485-9662-347162C7E4CA}" = Adobe Media Player
"{EE6097DD-05F4-4178-9719-D3170BF098E8}" = Apple Application Support
"{F0E12BBA-AD66-4022-A453-A1C8A0C4D570}" = Microsoft Choice Guard
"{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver
"{F750C986-5310-3A5A-95F8-4EC71C8AC01C}" = Microsoft .NET Framework 4 Client Profile DEU Language Pack
"Adobe AIR" = Adobe AIR
"Adobe Flash Player Plugin" = Adobe Flash Player 10 Plugin
"Akamai" = Akamai NetSession Interface
"Avira AntiVir Desktop" = Avira AntiVir Personal - Free Antivirus
"CamStudio" = CamStudio
"chc.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1" = Adobe Community Help
"com.adobe.amp.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1" = Adobe Media Player
"DivX Setup.divx.com" = DivX-Setup
"Free Audio CD Burner_is1" = Free Audio CD Burner version 1.4.7
"Free YouTube to MP3 Converter_is1" = Free YouTube to MP3 Converter version 3.9.35.324
"FrostWire" = FrostWire 4.21.3
"HaaliMkx" = Haali Media Splitter
"JDownloader" = JDownloader
"Malwarebytes' Anti-Malware_is1" = Malwarebytes' Anti-Malware
"Microsoft .NET Framework 3.5 Language Pack SP1 - deu" = Microsoft .NET Framework 3.5 Language Pack SP1 - DEU
"Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1
"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile
"Microsoft .NET Framework 4 Client Profile DEU Language Pack" = Microsoft .NET Framework 4 Client Profile DEU Language Pack
"Mozilla Firefox 4.0.1 (x86 de)" = Mozilla Firefox 4.0.1 (x86 de)
"NVIDIA Drivers" = NVIDIA Drivers
"Proteinbiosynthese" = Proteinbiosynthese
"ShockwaveFlash" = Adobe Flash Player 9 ActiveX
"TeamSpeak 3 Client" = TeamSpeak 3 Client
"Trojan Remover_is1" = Trojan Remover 6.8.2
"Uninstall_is1" = Uninstall 1.0.0.1
"VLC media player" = VLC media player 1.0.5
"WinLiveSuite_Wave3" = Windows Live Essentials
"WinRAR archiver" = WinRAR
========== HKEY_CURRENT_USER Uninstall List ==========
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"Google Chrome" = Google Chrome
"PhotoFiltre" = PhotoFiltre
========== Last 10 Event Log Errors ==========
[ Application Events ]
Error - 01.05.2011 20:28:09 | Computer Name = User-PC | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: m->NextScheduledSPRetry 8502
Error - 01.05.2011 20:28:10 | Computer Name = User-PC | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: Continuously busy for more than a second
Error - 01.05.2011 20:28:10 | Computer Name = User-PC | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: m->NextScheduledEvent 9594
Error - 01.05.2011 20:28:10 | Computer Name = User-PC | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: m->NextScheduledSPRetry 9594
Error - 01.05.2011 20:47:08 | Computer Name = User-PC | Source = WinMgmt | ID = 10
Description =
Error - 02.05.2011 19:50:41 | Computer Name = User-PC | Source = WinMgmt | ID = 10
Description =
Error - 03.05.2011 06:34:14 | Computer Name = User-PC | Source = WinMgmt | ID = 10
Description =
Error - 04.05.2011 08:31:36 | Computer Name = User-PC | Source = WinMgmt | ID = 10
Description =
Error - 04.05.2011 14:57:04 | Computer Name = User-PC | Source = WinMgmt | ID = 10
Description =
Error - 05.05.2011 15:00:31 | Computer Name = User-PC | Source = Application Error | ID = 1000
Description = Fehlerhafte Anwendung plugin-container.exe, Version 1.9.2.4127, Zeitstempel
0x4daf62c6, fehlerhaftes Modul ntdll.dll, Version 6.0.6002.18327, Zeitstempel 0x4cb73436,
Ausnahmecode 0xc0000005, Fehleroffset 0x00048822, Prozess-ID 0x88c, Anwendungsstartzeit
01cc0b3cb41e1bf7.
[ System Events ]
Error - 10.05.2011 06:47:27 | Computer Name = User-PC | Source = Service Control Manager | ID = 7011
Description =
Error - 10.05.2011 20:37:56 | Computer Name = User-PC | Source = Service Control Manager | ID = 7026
Description =
Error - 10.05.2011 21:02:39 | Computer Name = User-PC | Source = Service Control Manager | ID = 7026
Description =
Error - 11.05.2011 00:20:05 | Computer Name = User-PC | Source = DCOM | ID = 10016
Description =
Error - 11.05.2011 00:20:06 | Computer Name = User-PC | Source = DCOM | ID = 10016
Description =
Error - 11.05.2011 00:20:24 | Computer Name = User-PC | Source = DCOM | ID = 10016
Description =
Error - 11.05.2011 00:20:24 | Computer Name = User-PC | Source = DCOM | ID = 10016
Description =
Error - 11.05.2011 00:22:29 | Computer Name = User-PC | Source = DCOM | ID = 10010
Description =
Error - 11.05.2011 00:24:07 | Computer Name = User-PC | Source = Service Control Manager | ID = 7026
Description =
Error - 11.05.2011 10:24:14 | Computer Name = User-PC | Source = Service Control Manager | ID = 7026
Description =
< End of report >
|
|
11.05.2011, 17:46
| #5 |
| | Google spinnt bei mir! Tojaner oder Maleware, weiss ich nicht x_x hjtscanlist Code:
ATTFilter
$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$
º º
hjtscanlist v2.0
º º
$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$
Microsoft Windows [Version 6.0.6002]
C:
C:\pagefile.sys ---------
11.05.2011 14:19 C:\ProgramData --------- 8192
11.05.2011 13:43 C:\Program Files --------- 24576
11.05.2011 07:43 C:\System Volume Information --------- 20480
10.05.2011 17:50 C:\Windows --------- 20480
12.02.2011 17:58 C:\DVDVideoSoft --------- 0
08.01.2011 21:04 C:\Perfect World Entertainment --------- 4096
14.12.2010 20:50 C:\Download --------- 4096
14.12.2010 02:14 C:\gamigo --------- 0
29.11.2010 06:33 C:\Nexon --------- 0
23.11.2010 02:23 C:\RocWorks --------- 0
07.02.2010 14:09 C:\Boot --------- 4096
31.01.2010 23:57 C:\ISO --------- 0
31.01.2010 15:17 C:\$Recycle.Bin --------- 0
31.01.2010 15:16 C:\Users --------- 4096
31.01.2010 15:13 C:\Programme --------- 0
31.01.2010 15:13 C:\Dokumente und Einstellungen --------- 0
11.04.2009 08:36 C:\bootmgr --------- 333257
27.02.2008 17:00 C:\MSDOS.SYS --------- 0
27.02.2008 17:00 C:\IO.SYS --------- 0
15.02.2008 09:47 C:\MBDOC --------- 0
13.02.2008 23:36 C:\BOOTSECT.BAK --------- 8192
13.02.2008 14:46 C:\sources --------- 45056
13.02.2008 14:43 C:\RHDSetup.log --------- 420
08.02.2008 14:35 C:\BundleSW --------- 0
21.01.2008 04:43 C:\PerfLogs --------- 0
14.02.2007 22:24 C:\unattend.xml --------- 1656
18.09.2006 23:43 C:\config.sys --------- 10
18.09.2006 23:43 C:\autoexec.bat --------- 24
24.03.2006 15:16 C:\Recycled --------- 0
----------------------------------------
C:\Windows
11.05.2011 16:27 C:\Windows\WindowsUpdate.log --------- 1204866
11.05.2011 16:23 C:\Windows\bootstat.dat --------- 67584
11.05.2011 15:02 C:\Windows\NeroDigital.ini --------- 49
11.05.2011 06:23 C:\Windows\PFRO.log --------- 125318
22.04.2011 19:46 C:\Windows\{789289CA-F73A-4A16-A331-54D498CE069F}_WiseFW.ini --------- 262
05.03.2011 23:42 C:\Windows\Proteinbiosynthese Uninstaller.exe --------- 151301
04.11.2010 23:10 C:\Windows\NEXON_EU_DownloaderUpdater.exe --------- 446464
03.08.2010 00:48 C:\Windows\system.ini --------- 219
07.07.2010 01:10 C:\Windows\msxmlcab.log --------- 101
01.05.2010 11:58 C:\Windows\_detmp.1 --------- 3913
01.05.2010 11:58 C:\Windows\wininit.ini --------- 683
01.05.2010 11:58 C:\Windows\tmpcpyis.bat --------- 140
01.05.2010 11:58 C:\Windows\tmpdelis.bat --------- 122
01.05.2010 11:58 C:\Windows\winstart.bat --------- 26
07.02.2010 13:33 C:\Windows\ie8_main.log --------- 2067
07.02.2010 05:27 C:\Windows\DPINST.LOG --------- 8688
03.02.2010 16:17 C:\Windows\msxml4-KB954430-enu.LOG --------- 274314
03.02.2010 16:17 C:\Windows\msxml4-KB973688-enu.LOG --------- 285198
31.01.2010 15:02 C:\Windows\TSSysprep.log --------- 3652
31.01.2010 15:01 C:\Windows\DtcInstall.log --------- 4257
11.04.2009 08:27 C:\Windows\explorer.exe --------- 2926592
14.02.2008 13:50 C:\Windows\DirectX.log --------- 26885
13.02.2008 14:42 C:\Windows\DIFxAPI.dll --------- 319456
13.02.2008 14:42 C:\Windows\HideWin.exe --------- 315392
08.02.2008 14:36 C:\Windows\csup.txt --------- 10
21.01.2008 04:57 C:\Windows\WindowsShell.Manifest --------- 749
21.01.2008 04:34 C:\Windows\regedit.exe --------- 134656
21.01.2008 04:34 C:\Windows\bfsvc.exe --------- 58880
21.01.2008 04:34 C:\Windows\fveupdate.exe --------- 13312
21.01.2008 04:33 C:\Windows\HelpPane.exe --------- 498176
21.01.2008 04:33 C:\Windows\notepad.exe --------- 151040
26.06.2007 15:12 C:\Windows\UNNeroVision.exe --------- 972072
23.04.2007 17:42 C:\Windows\UNRecode.exe --------- 972336
10.04.2007 17:01 C:\Windows\RtHDVCpl.exe --------- 4431872
04.04.2007 18:22 C:\Windows\SkyTel.exe --------- 1822720
16.01.2007 11:39 C:\Windows\RtlUpd.exe --------- 1191936
12.01.2007 17:54 C:\Windows\RtlExUpd.dll --------- 520192
02.11.2006 15:01 C:\Windows\win.ini --------- 144
02.11.2006 14:34 C:\Windows\WMSysPr9.prx --------- 316640
02.11.2006 14:33 C:\Windows\twunk_16.exe --------- 49680
02.11.2006 14:33 C:\Windows\twunk_32.exe --------- 31232
02.11.2006 14:33 C:\Windows\twain_32.dll --------- 50688
02.11.2006 14:33 C:\Windows\twain.dll --------- 94784
02.11.2006 11:45 C:\Windows\winhlp32.exe --------- 9216
02.11.2006 11:45 C:\Windows\hh.exe --------- 14848
02.11.2006 09:46 C:\Windows\mib.bin --------- 43131
19.09.2006 13:41 C:\Windows\HomeBasic.xml --------- 8286
18.09.2006 23:43 C:\Windows\_default.pif --------- 707
18.09.2006 23:43 C:\Windows\winhelp.exe --------- 256192
18.09.2006 23:30 C:\Windows\msdfmap.ini --------- 1405
30.08.2005 22:37 C:\Windows\UNNeroVision.cfg --------- 50
30.08.2005 22:36 C:\Windows\UNRecode.cfg --------- 50
15.05.1998 13:27 C:\Windows\_detmp.2 --------- 36352
17.12.1997 18:33 C:\Windows\IsUninst.exe --------- 304128
08.04.1997 20:08 C:\Windows\uninst.exe --------- 299520
----------------------------------------
C:\Windows\System
02.11.2006 14:33 C:\Windows\System\mciseq.drv --------- 25264
02.11.2006 14:33 C:\Windows\System\mciwave.drv --------- 28160
02.11.2006 14:33 C:\Windows\System\avifile.dll --------- 109456
02.11.2006 14:33 C:\Windows\System\mciavi.drv --------- 73376
02.11.2006 14:33 C:\Windows\System\avicap.dll --------- 69584
02.11.2006 14:33 C:\Windows\System\msvideo.dll --------- 126912
02.11.2006 09:10 C:\Windows\System\OLESVR.DLL --------- 24064
02.11.2006 09:10 C:\Windows\System\WFWNET.DRV --------- 12704
02.11.2006 09:10 C:\Windows\System\COMMDLG.DLL --------- 32816
02.11.2006 09:10 C:\Windows\System\TIMER.DRV --------- 4048
02.11.2006 09:10 C:\Windows\System\MMSYSTEM.DLL --------- 68992
02.11.2006 09:10 C:\Windows\System\mmtask.tsk --------- 1152
02.11.2006 09:10 C:\Windows\System\mouse.drv --------- 2032
02.11.2006 09:10 C:\Windows\System\vga.drv --------- 2176
02.11.2006 09:10 C:\Windows\System\sound.drv --------- 1744
02.11.2006 09:10 C:\Windows\System\keyboard.drv --------- 2000
02.11.2006 09:10 C:\Windows\System\SHELL.DLL --------- 5120
02.11.2006 09:10 C:\Windows\System\system.drv --------- 3360
18.09.2006 23:43 C:\Windows\System\ver.dll --------- 9008
18.09.2006 23:43 C:\Windows\System\olecli.dll --------- 82944
18.09.2006 23:43 C:\Windows\System\lzexpand.dll --------- 9936
18.09.2006 23:35 C:\Windows\System\stdole.tlb --------- 5532
----------------------------------------
C:\Windows\System32
11.05.2011 18:23 C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0 --------- 3216
11.05.2011 18:23 C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0 --------- 3216
11.05.2011 16:28 C:\Windows\system32\perfh009.dat --------- 595798
11.05.2011 16:28 C:\Windows\system32\perfh007.dat --------- 628504
11.05.2011 16:28 C:\Windows\system32\perfc009.dat --------- 103872
11.05.2011 16:28 C:\Windows\system32\perfc007.dat --------- 126248
11.05.2011 16:28 C:\Windows\system32\PerfStringBackup.INI --------- 1445310
11.05.2011 16:23 C:\Windows\system32\drivers --------- 57344
11.05.2011 12:36 C:\Windows\system32\catroot --------- 12288
08.05.2011 19:06 C:\Windows\system32\spool --------- 4096
03.05.2011 04:11 C:\Windows\system32\catroot2 --------- 4096
18.04.2011 15:46 C:\Windows\system32\mrt.exe --------- 42181064
14.04.2011 03:32 C:\Windows\system32\FNTCACHE.DAT --------- 3624312
12.03.2011 23:55 C:\Windows\system32\XpsPrint.dll --------- 876032
10.03.2011 19:03 C:\Windows\system32\mfc42u.dll --------- 1162240
10.03.2011 19:03 C:\Windows\system32\mfc42.dll --------- 1136640
03.03.2011 17:42 C:\Windows\system32\inetcomm.dll --------- 739328
03.03.2011 17:40 C:\Windows\system32\Apphlpdm.dll --------- 28672
03.03.2011 15:35 C:\Windows\system32\GameUXLegacyGDFs.dll --------- 4240384
03.03.2011 15:25 C:\Windows\system32\win32k.sys --------- 2041856
02.03.2011 17:44 C:\Windows\system32\dnsrslvr.dll --------- 86528
02.03.2011 17:44 C:\Windows\system32\dnsapi.dll --------- 168448
24.02.2011 04:04 C:\Windows\system32\de-DE --------- 327680
24.02.2011 04:03 C:\Windows\system32\WindowsPowerShell --------- 0
22.02.2011 16:13 C:\Windows\system32\XpsGdiConverter.dll --------- 288768
22.02.2011 15:33 C:\Windows\system32\DWrite.dll --------- 1068544
22.02.2011 15:33 C:\Windows\system32\FntCache.dll --------- 797696
22.02.2011 01:51 C:\Windows\system32\jupdate-1.6.0_24-b07.log --------- 3305
18.02.2011 18:38 C:\Windows\system32\wininet.dll --------- 834048
18.02.2011 18:38 C:\Windows\system32\urlmon.dll --------- 1176064
18.02.2011 18:36 C:\Windows\system32\mstime.dll --------- 671232
18.02.2011 18:36 C:\Windows\system32\mshtmled.dll --------- 477696
18.02.2011 18:36 C:\Windows\system32\mshtml.dll --------- 3608576
18.02.2011 18:36 C:\Windows\system32\msfeeds.dll --------- 471040
18.02.2011 18:35 C:\Windows\system32\iepeers.dll --------- 193024
18.02.2011 18:35 C:\Windows\system32\ieframe.dll --------- 6089216
18.02.2011 18:35 C:\Windows\system32\ieapfltr.dll --------- 380928
18.02.2011 17:45 C:\Windows\system32\ieencode.dll --------- 78336
18.02.2011 16:49 C:\Windows\system32\html.iec --------- 389632
16.02.2011 18:21 C:\Windows\system32\vbscript.dll --------- 430080
16.02.2011 18:18 C:\Windows\system32\jscript.dll --------- 512000
16.02.2011 18:16 C:\Windows\system32\atmlib.dll --------- 34304
16.02.2011 16:02 C:\Windows\system32\atmfd.dll --------- 292864
07.02.2011 16:04 C:\Windows\system32\WDI --------- 4096
06.02.2011 00:29 C:\Windows\system32\Tasks --------- 4096
02.02.2011 22:40 C:\Windows\system32\javaws.exe --------- 157472
02.02.2011 22:40 C:\Windows\system32\javaw.exe --------- 145184
02.02.2011 22:40 C:\Windows\system32\java.exe --------- 145184
02.02.2011 22:40 C:\Windows\system32\deployJava1.dll --------- 472808
02.02.2011 18:11 C:\Windows\system32\MpSigStub.exe --------- 222080
21.01.2011 18:35 C:\Windows\system32\shlwapi.dll --------- 353280
21.01.2011 18:35 C:\Windows\system32\shell32.dll --------- 11586048
20.01.2011 18:08 C:\Windows\system32\dxgi.dll --------- 478720
20.01.2011 18:08 C:\Windows\system32\d3d10core.dll --------- 189952
20.01.2011 18:08 C:\Windows\system32\d3d10_1core.dll --------- 219648
20.01.2011 18:08 C:\Windows\system32\d3d10_1.dll --------- 160768
20.01.2011 18:08 C:\Windows\system32\d3d10.dll --------- 1029120
20.01.2011 18:07 C:\Windows\system32\cdd.dll --------- 37376
20.01.2011 18:07 C:\Windows\system32\winspool.drv --------- 258048
20.01.2011 18:07 C:\Windows\system32\stobject.dll --------- 586240
20.01.2011 18:07 C:\Windows\system32\shdocvw.dll --------- 1075712
20.01.2011 18:06 C:\Windows\system32\mf.dll --------- 2873344
20.01.2011 18:06 C:\Windows\system32\printfilterpipelineprxy.dll --------- 26112
20.01.2011 18:04 C:\Windows\system32\mfps.dll --------- 98816
20.01.2011 18:04 C:\Windows\system32\mfplat.dll --------- 209920
20.01.2011 16:28 C:\Windows\system32\xpsservices.dll --------- 1554432
20.01.2011 16:26 C:\Windows\system32\printfilterpipelinesvc.exe --------- 667648
20.01.2011 16:25 C:\Windows\system32\OpcServices.dll --------- 847360
20.01.2011 16:24 C:\Windows\system32\XpsRasterService.dll --------- 135680
20.01.2011 16:15 C:\Windows\system32\MFH264Dec.dll --------- 979456
20.01.2011 16:14 C:\Windows\system32\MFHEAACdec.dll --------- 357376
20.01.2011 16:14 C:\Windows\system32\mfmp4src.dll --------- 302592
20.01.2011 16:14 C:\Windows\system32\mfreadwrite.dll --------- 261632
20.01.2011 16:12 C:\Windows\system32\d3d10warp.dll --------- 1172480
20.01.2011 16:11 C:\Windows\system32\d3d10level9.dll --------- 486400
20.01.2011 15:47 C:\Windows\system32\d2d1.dll --------- 683008
13.01.2011 18:44 C:\Windows\system32\jupdate-1.6.0_23-b05.log --------- 3734
29.12.2010 20:28 C:\Windows\system32\sbeio.dll --------- 153088
29.12.2010 20:28 C:\Windows\system32\sbe.dll --------- 322560
29.12.2010 20:28 C:\Windows\system32\EncDec.dll --------- 429056
29.12.2010 20:26 C:\Windows\system32\mpg2splt.ax --------- 177664
28.12.2010 17:55 C:\Windows\system32\odbc32.dll --------- 413696
17.12.2010 17:45 C:\Windows\system32\mstscax.dll --------- 2067968
17.12.2010 15:54 C:\Windows\system32\mstsc.exe --------- 677888
14.12.2010 16:49 C:\Windows\system32\sdclt.exe --------- 1169408
29.11.2010 18:38 C:\Windows\system32\QuickTime.qts --------- 69632
29.11.2010 18:38 C:\Windows\system32\QuickTimeVR.qtx --------- 94208
09.11.2010 00:57 C:\Windows\system32\DivXControlPanelApplet.cpl --------- 353592
04.11.2010 23:10 C:\Windows\system32\nxEuUninstall.bat --------- 235
04.11.2010 20:56 C:\Windows\system32\wmicmiplugin.dll --------- 345600
04.11.2010 20:55 C:\Windows\system32\taskschd.dll --------- 352768
04.11.2010 20:55 C:\Windows\system32\taskcomp.dll --------- 270336
04.11.2010 20:55 C:\Windows\system32\schedsvc.dll --------- 601600
04.11.2010 18:34 C:\Windows\system32\taskeng.exe --------- 171520
28.10.2010 15:20 C:\Windows\system32\tzres.dll --------- 2048
18.10.2010 15:37 C:\Windows\system32\consent.exe --------- 81920
15.10.2010 16:08 C:\Windows\system32\ntkrnlpa.exe --------- 3602320
15.10.2010 16:08 C:\Windows\system32\ntoskrnl.exe --------- 3550096
15.10.2010 15:48 C:\Windows\system32\ntdll.dll --------- 1205080
14.10.2010 17:53 C:\Windows\system32\jupdate-1.6.0_22-b04.log --------- 4034
----------------------------------------
C:\Windows\Prefetch
----------------------------------------
C:\Windows\Tasks
11.05.2011 18:07 C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1763264499-3753471517-4276012898-1000UA.job --------- 1116
11.05.2011 16:24 C:\Windows\Tasks\SA.DAT --------- 6
11.05.2011 16:22 C:\Windows\Tasks\SCHEDLGU.TXT --------- 32632
11.05.2011 10:07 C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1763264499-3753471517-4276012898-1000Core.job --------- 1064
24.03.2010 15:53 C:\Windows\Tasks\Install_NSS.job --------- 362
----------------------------------------
C:\Windows\Temp
11.05.2011 02:29 C:\Windows\Temp\MpCmdRun.log --------- 4992
11.05.2011 01:33 C:\Windows\Temp\fwtsqmfile07.sqm --------- 120
11.05.2011 01:33 C:\Windows\Temp\fwtsqmfile06.sqm --------- 120
11.05.2011 01:33 C:\Windows\Temp\fwtsqmfile05.sqm --------- 120
11.05.2011 01:33 C:\Windows\Temp\fwtsqmfile04.sqm --------- 120
11.05.2011 01:33 C:\Windows\Temp\fwtsqmfile03.sqm --------- 120
11.05.2011 01:32 C:\Windows\Temp\fwtsqmfile02.sqm --------- 120
11.05.2011 01:32 C:\Windows\Temp\fwtsqmfile01.sqm --------- 120
11.05.2011 01:32 C:\Windows\Temp\fwtsqmfile00.sqm --------- 120
11.05.2011 01:32 C:\Windows\Temp\fwtsqmfile19.sqm --------- 120
11.05.2011 01:32 C:\Windows\Temp\fwtsqmfile18.sqm --------- 120
11.05.2011 01:31 C:\Windows\Temp\fwtsqmfile17.sqm --------- 120
11.05.2011 01:31 C:\Windows\Temp\fwtsqmfile16.sqm --------- 120
11.05.2011 01:31 C:\Windows\Temp\fwtsqmfile15.sqm --------- 120
11.05.2011 01:31 C:\Windows\Temp\fwtsqmfile14.sqm --------- 120
11.05.2011 01:30 C:\Windows\Temp\fwtsqmfile13.sqm --------- 120
11.05.2011 01:30 C:\Windows\Temp\fwtsqmfile12.sqm --------- 120
11.05.2011 01:30 C:\Windows\Temp\fwtsqmfile11.sqm --------- 120
11.05.2011 01:30 C:\Windows\Temp\fwtsqmfile10.sqm --------- 120
11.05.2011 01:30 C:\Windows\Temp\fwtsqmfile09.sqm --------- 120
11.05.2011 01:29 C:\Windows\Temp\fwtsqmfile08.sqm --------- 120
10.05.2011 15:15 C:\Windows\Temp\MpSigStub.log --------- 3268
07.02.2010 14:50 C:\Windows\Temp\History --------- 0
07.02.2010 14:50 C:\Windows\Temp\Cookies --------- 0
07.02.2010 14:50 C:\Windows\Temp\Temporary Internet Files --------- 0
----------------------------------------
C:\Users\User\AppData\Local\Temp
11.05.2011 18:30 C:\Users\User\AppData\Local\Temp\plugtmp-1 --------- 0
11.05.2011 18:29 C:\Users\User\AppData\Local\Temp\fla2CFF.tmp --------- 7395094
11.05.2011 16:29 C:\Users\User\AppData\Local\Temp\jusched.log --------- 489
11.05.2011 16:24 C:\Users\User\AppData\Local\Temp\divEE63.tmp --------- 0
11.05.2011 16:24 C:\Users\User\AppData\Local\Temp\User.bmp --------- 31832
11.05.2011 16:24 C:\Users\User\AppData\Local\Temp\WPDNSE --------- 0
11.05.2011 15:10 C:\Users\User\AppData\Local\Temp\plugtmp --------- 0
11.05.2011 13:52 C:\Users\User\AppData\Local\Temp\~DF5446.tmp --------- 81920
11.05.2011 06:26 C:\Users\User\AppData\Local\Temp\trhiv --------- 0
11.05.2011 06:24 C:\Users\User\AppData\Local\Temp\divEA2F.tmp --------- 0
11.05.2011 06:22 C:\Users\User\AppData\Local\Temp\hsperfdata_User --------- 0
----------------------------------------
C:\Program Files
11.05.2011 13:43 C:\Program Files\Malwarebytes' Anti-Malware --------- 4096
11.05.2011 02:37 C:\Program Files\Trojan Remover --------- 4096
06.05.2011 22:21 C:\Program Files\Mozilla Firefox --------- 40960
22.04.2011 19:46 C:\Program Files\Ventrilo --------- 4096
14.04.2011 03:04 C:\Program Files\Windows Mail --------- 4096
05.03.2011 23:42 C:\Program Files\Schroedel --------- 0
28.02.2011 06:42 C:\Program Files\Haali --------- 0
26.02.2011 23:52 C:\Program Files\CamStudio --------- 0
22.02.2011 17:00 C:\Program Files\TeamSpeak 3 Client --------- 4096
22.02.2011 01:52 C:\Program Files\Common Files --------- 4096
22.02.2011 01:51 C:\Program Files\Java --------- 0
15.02.2011 22:19 C:\Program Files\iTunes --------- 8192
15.02.2011 22:18 C:\Program Files\iPod --------- 0
11.02.2011 06:56 C:\Program Files\FrostWire --------- 0
09.02.2011 14:51 C:\Program Files\Adobe --------- 4096
07.02.2011 05:29 C:\Program Files\DivX --------- 4096
06.02.2011 00:22 C:\Program Files\Adobe Media Player --------- 4096
04.02.2011 13:30 C:\Program Files\MAESTIA --------- 0
29.01.2011 22:11 C:\Program Files\Incomplete --------- 0
26.01.2011 20:55 C:\Program Files\OpenOffice.org 3 --------- 4096
23.01.2011 00:56 C:\Program Files\JDownloader --------- 8192
07.01.2011 20:27 C:\Program Files\ICQ7.0 --------- 20480
24.12.2010 13:51 C:\Program Files\QuickTime --------- 4096
22.12.2010 21:04 C:\Program Files\DVDVideoSoft --------- 4096
09.12.2010 01:04 C:\Program Files\Bonjour --------- 4096
29.11.2010 06:33 C:\Program Files\Neffy --------- 0
29.11.2010 06:27 C:\Program Files\PriceGong --------- 0
19.11.2010 21:34 C:\Program Files\Microsoft Office --------- 0
19.11.2010 21:33 C:\Program Files\MSECache --------- 0
16.10.2010 11:57 C:\Program Files\Skype --------- 0
13.10.2010 17:06 C:\Program Files\InstallShield Installation Information --------- 4096
13.10.2010 04:29 C:\Program Files\Windows Media Player --------- 4096
12.08.2010 18:51 C:\Program Files\OpenSource Flash Video Splitter --------- 0
12.08.2010 18:51 C:\Program Files\Bass Audio Decoder --------- 0
12.08.2010 18:51 C:\Program Files\DirectVobSub --------- 0
12.08.2010 18:49 C:\Program Files\Logitech --------- 0
12.08.2010 18:48 C:\Program Files\RealMedia --------- 0
12.08.2010 03:20 C:\Program Files\Movie Maker --------- 4096
08.07.2010 03:00 C:\Program Files\Microsoft CAPICOM 2.1.0.2 --------- 0
25.06.2010 19:35 C:\Program Files\Microsoft.NET --------- 0
01.05.2010 11:46 C:\Program Files\Uninstall Information --------- 0
01.05.2010 10:41 C:\Program Files\Elaborate Bytes --------- 0
21.03.2010 13:55 C:\Program Files\PhotoFiltre --------- 4096
13.03.2010 19:02 C:\Program Files\VideoLAN --------- 0
14.02.2010 16:24 C:\Program Files\Spybot - Search & Destroy --------- 4096
09.02.2010 20:20 C:\Program Files\Windows Portable Devices --------- 0
07.02.2010 14:05 C:\Program Files\Windows Calendar --------- 0
07.02.2010 14:05 C:\Program Files\Windows Sidebar --------- 4096
07.02.2010 14:05 C:\Program Files\Internet Explorer --------- 4096
07.02.2010 14:05 C:\Program Files\Windows Collaboration --------- 4096
07.02.2010 14:05 C:\Program Files\Windows Photo Gallery --------- 4096
07.02.2010 14:05 C:\Program Files\Windows Defender --------- 4096
07.02.2010 05:23 C:\Program Files\HP_Vista_SF_Ph1 --------- 0
05.02.2010 01:55 C:\Program Files\Apple Software Update --------- 4096
03.02.2010 16:16 C:\Program Files\MSXML 4.0 --------- 0
02.02.2010 00:28 C:\Program Files\ICQ6Toolbar --------- 0
01.02.2010 17:51 C:\Program Files\WinRAR --------- 4096
31.01.2010 20:56 C:\Program Files\Windows Live --------- 4096
31.01.2010 20:56 C:\Program Files\Microsoft --------- 0
31.01.2010 20:56 C:\Program Files\Windows Live SkyDrive --------- 0
31.01.2010 20:35 C:\Program Files\Avira --------- 0
31.01.2010 15:35 C:\Program Files\T-Online --------- 0
31.01.2010 15:13 C:\Program Files\Gemeinsame Dateien --------- 0
31.01.2010 15:13 C:\Program Files\Windows NT --------- 4096
14.02.2008 13:51 C:\Program Files\Nero --------- 0
13.02.2008 14:42 C:\Program Files\Realtek --------- 0
21.01.2008 04:57 C:\Program Files\desktop.ini --------- 174
02.11.2006 14:35 C:\Program Files\Microsoft Games --------- 4096
02.11.2006 14:35 C:\Program Files\Reference Assemblies --------- 0
02.11.2006 14:35 C:\Program Files\MSBuild --------- 0
----------------------------------------
C:\ProgramData\..
User
Default User
All Users
Default
desktop.ini
Public
----------------------------------------
C:\Windows\system32\drivers\etc\hosts
127.0.0.1 localhost
::1 localhost
----------------------------------------
Abbildname PID Sitzungsname Sitz.-Nr. Speichernutzung
========================= ======== ================ =========== ===============
System Idle Process 0 Services 0 24 K
System 4 Services 0 22.816 K
smss.exe 444 Services 0 600 K
csrss.exe 512 Services 0 5.572 K
wininit.exe 564 Services 0 3.592 K
csrss.exe 572 Console 1 10.956 K
services.exe 608 Services 0 7.932 K
lsass.exe 620 Services 0 1.804 K
lsm.exe 628 Services 0 3.172 K
winlogon.exe 780 Console 1 4.460 K
svchost.exe 848 Services 0 5.592 K
svchost.exe 932 Services 0 5.304 K
svchost.exe 1000 Services 0 24.636 K
svchost.exe 1080 Services 0 11.424 K
svchost.exe 1144 Services 0 65.812 K
svchost.exe 1164 Services 0 27.100 K
audiodg.exe 1252 Services 0 13.144 K
SLsvc.exe 1284 Services 0 3.932 K
svchost.exe 1352 Services 0 10.800 K
svchost.exe 1516 Services 0 12.224 K
spoolsv.exe 1768 Services 0 7.268 K
taskeng.exe 1792 Console 1 9.176 K
sched.exe 1824 Services 0 956 K
dwm.exe 1832 Console 1 40.656 K
svchost.exe 1868 Services 0 16.300 K
explorer.exe 1896 Console 1 62.088 K
svchost.exe 560 Services 0 10.240 K
avguard.exe 1016 Services 0 13.104 K
AppleMobileDeviceService. 1160 Services 0 4.276 K
mDNSResponder.exe 1344 Services 0 4.780 K
LSSrvc.exe 1552 Services 0 2.856 K
avshadow.exe 1632 Services 0 3.408 K
svchost.exe 1624 Services 0 4.872 K
svchost.exe 1700 Services 0 5.068 K
svchost.exe 2084 Services 0 1.800 K
SearchIndexer.exe 2120 Services 0 16.276 K
SDWinSec.exe 2268 Services 0 7.388 K
taskeng.exe 2600 Services 0 5.068 K
MSASCui.exe 2956 Console 1 5.284 K
RtHDVCpl.exe 2964 Console 1 5.196 K
rundll32.exe 3100 Console 1 3.688 K
avgnt.exe 3108 Console 1 2.128 K
DDMService.exe 3140 Console 1 3.936 K
rundll32.exe 3192 Console 1 4.876 K
DivXUpdate.exe 3228 Console 1 8.148 K
iTunesHelper.exe 3236 Console 1 6.256 K
jusched.exe 3244 Console 1 3.044 K
WmiPrvSE.exe 3380 Services 0 5.264 K
sidebar.exe 3464 Console 1 6.444 K
LightScribeControlPanel.e 3476 Console 1 3.940 K
TeaTimer.exe 3548 Console 1 55.112 K
wmpnscfg.exe 3640 Console 1 4.164 K
kernel.exe 3748 Console 1 23.448 K
wmpnetwk.exe 3872 Services 0 6.380 K
sc_watch.exe 3916 Console 1 3.036 K
PROFIL~1.EXE 1236 Console 1 6.496 K
iPodService.exe 2908 Services 0 4.356 K
unsecapp.exe 1036 Console 1 4.224 K
Notifier.exe 3720 Console 1 6.348 K
svchost.exe 3524 Services 0 4.652 K
wuauclt.exe 3588 Console 1 5.508 K
firefox.exe 2988 Console 1 116.820 K
plugin-container.exe 3572 Console 1 56.092 K
cmd.exe 3692 Console 1 2.936 K
conime.exe 2624 Console 1 3.380 K
SearchProtocolHost.exe 3940 Services 0 7.820 K
SearchFilterHost.exe 1480 Services 0 5.192 K
tasklist.exe 3700 Console 1 4.668 K
WmiPrvSE.exe 3584 Services 0 5.640 K
dllhost.exe 1068 Console 1 4.240 K
***** Ende des Scans 11.05.2011 um 18:45:27,03 ***
Code:
ATTFilter Adobe AIR Adobe Systems Inc. 05.02.2011 30,7MB 1.5.3.9120
Adobe Community Help Adobe Systems Incorporated 05.02.2011 2,52MB 3.0.0.400
Adobe Flash Player 10 Plugin Adobe Systems Incorporated 30.01.2010 10.0.42.34
Adobe Flash Player 9 ActiveX Adobe Systems Incorporated 30.01.2010 9
Adobe Media Player Adobe Systems Incorporated 05.02.2011 2,70MB 1.8
Adobe Photoshop CS5 Adobe Systems Incorporated 05.02.2011 1.559MB 12.0
Adobe Reader 8 - Deutsch Adobe Systems Incorporated 12.02.2008 90,9MB 8.0.0
Akamai NetSession Interface 04.02.2011 13,8MB
Apple Application Support Apple Inc. 08.12.2010 52,7MB 1.4.1
Apple Mobile Device Support Apple Inc. 14.02.2011 21,7MB 3.3.1.3
Apple Software Update Apple Inc. 04.02.2010 2,16MB 2.1.1.116
Avira AntiVir Personal - Free Antivirus Avira GmbH 27.04.2011 89,9MB 10.0.0.648
Bonjour Apple Inc. 08.12.2010 1,10MB 2.0.4.0
CamStudio 25.02.2011 8,22MB
CCleaner Piriform 10.05.2011 3,63MB 3.06
DHTML Editing Component Microsoft Corporation 30.01.2010 0,45MB 6.02.0001
DivX-Setup DivX, LLC 06.02.2011 3,14MB 2.3.0.20
Free Audio CD Burner version 1.4.7 DVDVideoSoft Limited. 29.03.2011 3,02MB
Free YouTube to MP3 Converter version 3.9.35.324 DVDVideoSoft Limited. 29.03.2011 3,35MB
FrostWire 4.21.3 FrostWire Team 10.02.2011 38,7MB 4.21.3.0
Google Chrome Google Inc. 25.02.2010 252MB 11.0.696.65
Haali Media Splitter 27.02.2011 2,34MB
ICQ7 ICQ 31.01.2010 39,1MB 7.0
iTunes Apple Inc. 14.02.2011 144,7MB 10.1.2.17
Java(TM) 6 Update 24 Sun Microsystems, Inc. 19.06.2010 94,5MB 6.0.240
JDownloader AppWork UG (haftungsbeschränkt) 15.01.2011 55,0MB
LightScribe System Software 1.12.29.2 hxxp://www.lightscribe.com 13.02.2008 20,6MB 1.12.29.2
Loong Your Company Name 14.12.2010 2.772MB 1.3.3.4
Malwarebytes' Anti-Malware Malwarebytes Corporation 10.05.2011 4,80MB
Microsoft .NET Framework 3.5 Language Pack SP1 - DEU Microsoft Corporation 04.02.2010 37,0MB
Microsoft .NET Framework 3.5 SP1 Microsoft Corporation 02.02.2010 37,0MB
Microsoft .NET Framework 4 Client Profile Microsoft Corporation 24.06.2010 120,3MB 4.0.30319
Microsoft .NET Framework 4 Client Profile DEU Language Pack Microsoft Corporation 24.06.2010 24,5MB 4.0.30319
Microsoft PowerPoint Viewer Microsoft Corporation 13.04.2011 157,4MB 14.0.4763.1000
Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053 Microsoft Corporation 13.10.2010 0,25MB 8.0.50727.4053
Microsoft Visual C++ 2005 Redistributable Microsoft Corporation 12.10.2010 0,41MB 8.0.56336
Microsoft Visual C++ 2005 Redistributable - KB2467175 Microsoft Corporation 13.04.2011 0,29MB 8.0.51011
Microsoft Visual C++ 2008 ATL Update kb973924 - x86 9.0.30729.4148 Microsoft Corporation 01.02.2010 0,19MB 9.0.30729.4148
Microsoft Visual C++ 2008 Redistributable - KB2467174 - x86 9.0.30729.5570 Microsoft Corporation 13.04.2011 0,58MB 9.0.30729.5570
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 Microsoft Corporation 30.01.2010 0,58MB 9.0.30729
Mozilla Firefox 4.0.1 (x86 de) Mozilla 05.05.2011 32,1MB 4.0.1
MSXML 4.0 SP2 (KB954430) Microsoft Corporation 02.02.2010 34,00KB 4.20.9870.0
MSXML 4.0 SP2 (KB973688) Microsoft Corporation 02.02.2010 1,34MB 4.20.9876.0
Nero 7 Essentials Nero AG 13.02.2008 1.573MB 7.02.9755
NVIDIA Drivers 30.01.2010
NVIDIA PhysX NVIDIA Corporation 12.10.2010 119,9MB 9.09.0203
OpenOffice.org 3.2 OpenOffice.org 25.01.2011 363MB 3.2.9502
PhotoFiltre 20.03.2010 3,76MB
Proteinbiosynthese Schroedel 04.03.2011 10,4MB 1.0
QuickTime Apple Inc. 23.12.2010 73,7MB 7.69.80.9
Realtek High Definition Audio Driver Realtek Semiconductor Corp. 12.02.2008 14,2MB 6.0.1.5397
Skype™ 4.2 Skype Technologies S.A. 30.09.2010 31,1MB 4.2.187
Spybot - Search & Destroy Safer Networking Limited 13.02.2010 52,5MB 1.6.2
SweetIM Toolbar for Internet Explorer 4.0 SweetIM Technologies Ltd. 13.11.2010 4,16MB 4.0.0004
T-Online 6.0 30.01.2010 105,0MB
T-Online WLAN-Access Finder 30.01.2010 0,95MB
TeamSpeak 3 Client TeamSpeak Systems GmbH 06.10.2010 26,4MB
Trojan Remover 6.8.2 Simply Super Software 10.05.2011 9,03MB 6.8.2
Uninstall 1.0.0.1 29.03.2011 32,9MB
Ventrilo Client Flagship Industries, Inc. 21.04.2011 5,58MB 3.0.8
VLC media player 1.0.5 VideoLAN Team 12.03.2010 76,1MB 1.0.5
Windows Live Anmelde-Assistent Microsoft Corporation 30.01.2010 1,93MB 5.000.818.5
Windows Live Essentials Microsoft Corporation 06.12.2010 82,8MB 14.0.8117.0416
Windows Live-Uploadtool Microsoft Corporation 30.01.2010 0,22MB 14.0.8014.1029
Windows Media Player Firefox Plugin Microsoft Corp 30.01.2010 0,29MB 1.0.0.8
WinRAR 31.01.2010 3,78MB
Geändert von Timcanpy (11.05.2011 um 17:52 Uhr) |
|
12.05.2011, 10:07
| #6 | ||
| /// Helfer-Team | Google spinnt bei mir! Tojaner oder Maleware, weiss ich nicht x_x 1. Anwendungen, die im Hintergrund laufen während der Reinigung, können die Leistung deines Computers und auch unsere Arbeit negativ beeinflussen, deswegen bitte die hier aufgelisteten Programme zuerst mal abschalten/deaktivieren: Zitat:
Dienste beenden: Start -> Ausführen -> "Services.msc" -> (reinschreiben ohne ""-> OK" - "Eigenschaften"-> "Stop" -> Starttyp "Deaktiviert" auswählen 2. den Tea Timer von Spybot abstellen - Modus-> Erweiterte Modus-> Ja-> Werkzeuge-> Resident-> das Häkchen entfernen aus der "Resident "TeaTimer" (Schutz aller Systemeinstellungen) -> exit.) - bitte abstellen, versucht positive änderungen auch zu blockieren) 3. Code:
ATTFilter FrostWire
Zitat:
 Ausserdem nicht nur trojanische Pferde oder andere Virentypen eine direkt Verbindung brauchen, sondern der Verwendung von µtorrent & Co, "telefonieren auch nach Hause", wenn auch noch keine Beweise vorliegen (zumindest teilweise nicht) und solchen Clients erlaubt, würde ich nicht empfehlen!  4. nicht empfohlen, ich würde deinstallieren (Magnet für Malware) : unter→ Systemsteuerung → Programme und Funktionen → deinstallieren... Code:
ATTFilter SweetIM Toolbar for Internet Explorer
Deine Javaversion ist nicht aktuell! Da aufgrund alter Sicherheitslücken ist Java sehr anfällig, deinstalliere zunächst alle vorhandenen Java-Versionen: → Systemsteuerung → Programme und Funktionen → deinstallieren... → Rechner neu aufstarten → Downloade nun die Offline-Version von Java Version 6 Update 24 von Oracle herunter Achte darauf, eventuell angebotene Toolbars abwählen (den Haken bei der Toolbar entfernen)! 6. Adobe Reader aktualisieren : - Bei Installation aufpassen/mitlesen!: Wenn irgendeine Software, Toolbar etc angeboten wird, bitte abwählen! - (z.B "McAfee Security Scan Plus") Adobe Reader Oder: Adobe starten-> gehe auf "Hilfe"-> "Nach Update suchen..." 7. reinige dein System mit Ccleaner:
8. erneut einen Scan mit OTL:
__________________ --> Google spinnt bei mir! Tojaner oder Maleware, weiss ich nicht x_x |
|
12.05.2011, 17:51
| #7 |
| | Google spinnt bei mir! Tojaner oder Maleware, weiss ich nicht x_x 1. Logfile Code:
ATTFilter OTL logfile created on: 12.05.2011 18:45:39 - Run 3 OTL by OldTimer - Version 3.2.22.3 Folder = C:\Users\User\Downloads Windows Vista Home Basic Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation Internet Explorer (Version = 7.0.6002.18005) Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy 2,00 Gb Total Physical Memory | 1,00 Gb Available Physical Memory | 51,00% Memory free 4,00 Gb Paging File | 3,00 Gb Available in Paging File | 74,00% Paging File free Paging file location(s): ?:\pagefile.sys [binary data] %SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files Drive C: | 223,04 Gb Total Space | 133,36 Gb Free Space | 59,79% Space Free | Partition Type: NTFS Computer Name: USER-PC | User Name: User | Logged in as Administrator. Boot Mode: Normal | Scan Mode: Current user Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days ========== Processes (SafeList) ========== PRC - C:\Users\User\Downloads\OTL.exe (OldTimer Tools) PRC - C:\Programme\Mozilla Firefox\firefox.exe (Mozilla Corporation) PRC - C:\Programme\Avira\AntiVir Desktop\sched.exe (Avira GmbH) PRC - C:\Programme\Avira\AntiVir Desktop\avguard.exe (Avira GmbH) PRC - C:\Programme\Avira\AntiVir Desktop\avgnt.exe (Avira GmbH) PRC - C:\Programme\T-Online\T-Online_Software_6\Basis-Software\Basis2\profilemgr.exe (Deutsche Telekom AG) PRC - C:\Programme\T-Online\T-Online_Software_6\Basis-Software\Basis2\sc_watch.exe (Deutsche Telekom AG) PRC - C:\Programme\T-Online\T-Online_Software_6\Basis-Software\Basis2\kernel.exe (Deutsche Telekom AG) PRC - C:\Programme\Avira\AntiVir Desktop\avshadow.exe (Avira GmbH) PRC - \\?\C:\Windows\System32\wbem\WMIADAP.EXE () PRC - C:\Programme\Windows Sidebar\sidebar.exe (Microsoft Corporation) PRC - C:\Windows\explorer.exe (Microsoft Corporation) PRC - C:\Programme\Spybot - Search & Destroy\SDWinSec.exe (Safer Networking Ltd.) PRC - C:\Programme\Windows Media Player\wmpnetwk.exe (Microsoft Corporation) PRC - C:\Programme\Windows Media Player\wmpnscfg.exe (Microsoft Corporation) PRC - C:\Programme\Windows Defender\MSASCui.exe (Microsoft Corporation) PRC - C:\Windows\RtHDVCpl.exe (Realtek Semiconductor) PRC - C:\Programme\T-Online\T-Online_Software_6\Notifier\Notifier.exe (fun communications GmbH, hxxp://www.fun.de) ========== Modules (SafeList) ========== MOD - C:\Users\User\Downloads\OTL.exe (OldTimer Tools) MOD - C:\Windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.6002.18305_none_5cb72f2a088b0ed3\comctl32.dll (Microsoft Corporation) ========== Win32 Services (SafeList) ========== SRV - (Akamai) -- c:\Programme\Common Files\Akamai\netsession_win_3f211bc.dll () SRV - (AntiVirSchedulerService) -- C:\Program Files\Avira\AntiVir Desktop\sched.exe (Avira GmbH) SRV - (AntiVirService) -- C:\Program Files\Avira\AntiVir Desktop\avguard.exe (Avira GmbH) SRV - (npggsvc) -- C:\Windows\System32\GameMon.des (INCA Internet Co., Ltd.) SRV - (SwitchBoard) -- C:\Program Files\Common Files\Adobe\SwitchBoard\SwitchBoard.exe (Adobe Systems Incorporated) SRV - (WinHttpAutoProxySvc) -- winhttp.dll (Microsoft Corporation) SRV - (SBSDWSCService) -- C:\Programme\Spybot - Search & Destroy\SDWinSec.exe (Safer Networking Ltd.) SRV - (WinDefend) -- C:\Programme\Windows Defender\MpSvc.dll (Microsoft Corporation) ========== Driver Services (SafeList) ========== DRV - (avipbb) -- C:\Windows\System32\drivers\avipbb.sys (Avira GmbH) DRV - (avgntflt) -- C:\Windows\System32\drivers\avgntflt.sys (Avira GmbH) DRV - (atksgt) -- C:\Windows\System32\drivers\atksgt.sys () DRV - (lirsgt) -- C:\Windows\System32\drivers\lirsgt.sys () DRV - (MTOnlPktAlyX) -- C:\Programme\T-Online\T-Online_Software_6\Basis-Software\Basis1\MTOnlPktAlyx.sys (Deutsche Telekom AG AG, Marmiko IT-Solutions GmbH) DRV - (ssmdrv) -- C:\Windows\System32\drivers\ssmdrv.sys (Avira GmbH) DRV - (avgio) -- C:\Programme\Avira\AntiVir Desktop\avgio.sys (Avira GmbH) DRV - (Beep) -- C:\Windows\System32\beep.sys (Microsoft Corporation) DRV - (nvlddmkm) -- C:\Windows\System32\drivers\nvlddmkm.sys (NVIDIA Corporation) DRV - (JRAID) -- C:\Windows\system32\drivers\jraid.sys (JMicron Technology Corp.) DRV - (NVENETFD) -- C:\Windows\System32\drivers\nvmfdx32.sys (NVIDIA Corporation) DRV - (RTL8023xp) -- C:\Windows\System32\drivers\Rtnicxp.sys (Realtek Semiconductor Corporation ) DRV - (MTsensor) -- C:\Windows\System32\drivers\ASACPI.sys () DRV - (JGOGO) -- C:\Windows\system32\drivers\jgogo.sys (JMicron ) ========== Standard Registry (SafeList) ========== ========== Internet Explorer ========== IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = %SystemRoot%\system32\blank.htm IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = about:blank IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,StartPageCache = 1 IE - HKCU\..\URLSearchHook: - Reg Error: Key error. File not found IE - HKCU\..\URLSearchHook: {855F3B16-6D32-4fe6-8A56-BBB695989046} - Reg Error: Key error. File not found IE - HKCU\..\URLSearchHook: {EEE6C35D-6118-11DC-9C72-001320C79847} - File not found IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 ========== FireFox ========== FF - prefs.js..browser.search.defaultenginename: "SweetIM Search" FF - prefs.js..browser.search.defaultthis.engineName: "Search" FF - prefs.js..browser.search.defaulturl: "hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT2269050&SearchSource=3&q={searchTerms}" FF - prefs.js..browser.search.useDBForOrder: true FF - prefs.js..browser.startup.homepage: "www.google.de" FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}:6.0.20 FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA}:6.0.21 FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}:6.0.22 FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA}:6.0.23 FF - prefs.js..extensions.enabledItems: {23fcfd51-4958-4f00-80a3-ae97e717ed8b}:2.1.0.900 FF - prefs.js..extensions.enabledItems: {6904342A-8307-11DF-A508-4AE2DFD72085}:2.1.0.900 FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA}:6.0.24 FF - prefs.js..extensions.enabledItems: {ACAA314B-EEBA-48e4-AD47-84E31C44796C}:1.0.1 FF - prefs.js..keyword.URL: "hxxp://search.sweetim.com/search.asp?src=2&q=" FF - prefs.js..sweetim.toolbar.previous.browser.search.defaultenginename: "ICQ Search" FF - prefs.js..sweetim.toolbar.previous.browser.search.selectedEngine: "Google" FF - prefs.js..browser.startup.homepage: "google.de" FF - prefs.js..sweetim.toolbar.previous.keyword.URL: "chrome://browser-region/locale/region.properties" FF - HKLM\software\mozilla\Mozilla Firefox 4.0.1\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2011.05.06 22:21:17 | 000,000,000 | ---D | M] FF - HKLM\software\mozilla\Mozilla Firefox 4.0.1\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2011.05.06 22:21:17 | 000,000,000 | ---D | M] [2010.01.31 20:11:51 | 000,000,000 | ---D | M] (No name found) -- C:\Users\User\AppData\Roaming\mozilla\Extensions [2011.05.06 21:17:44 | 000,000,000 | ---D | M] (No name found) -- C:\Users\User\AppData\Roaming\mozilla\Firefox\Profiles\jattuqq3.default\extensions [2011.03.30 16:23:40 | 000,000,000 | ---D | M] ("DVDVideoSoft Menu") -- C:\Users\User\AppData\Roaming\mozilla\Firefox\Profiles\jattuqq3.default\extensions\{ACAA314B-EEBA-48e4-AD47-84E31C44796C} [2011.05.09 01:11:51 | 000,000,944 | ---- | M] () -- C:\Users\User\AppData\Roaming\Mozilla\Firefox\Profiles\jattuqq3.default\searchplugins\icqplugin.xml [2011.01.19 14:24:17 | 000,002,057 | ---- | M] () -- C:\Users\User\AppData\Roaming\Mozilla\Firefox\Profiles\jattuqq3.default\searchplugins\youtube-videosuche.xml [2011.05.12 18:37:47 | 000,000,000 | ---D | M] (No name found) -- C:\Programme\Mozilla Firefox\extensions [2010.06.20 00:58:46 | 000,000,000 | ---D | M] (Java Console) -- C:\Programme\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA} [2010.10.11 09:58:55 | 000,000,000 | ---D | M] (Java Console) -- C:\Programme\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA} [2010.10.14 17:53:21 | 000,000,000 | ---D | M] (Java Console) -- C:\Programme\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA} [2011.01.13 18:44:50 | 000,000,000 | ---D | M] (Java Console) -- C:\Programme\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA} File not found (No name found) -- [2010.06.20 00:58:46 | 000,000,000 | ---D | M] (Java Console) -- C:\PROGRAM FILES\MOZILLA FIREFOX\EXTENSIONS\{CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA} [2010.10.11 09:58:55 | 000,000,000 | ---D | M] (Java Console) -- C:\PROGRAM FILES\MOZILLA FIREFOX\EXTENSIONS\{CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA} [2010.10.14 17:53:21 | 000,000,000 | ---D | M] (Java Console) -- C:\PROGRAM FILES\MOZILLA FIREFOX\EXTENSIONS\{CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA} [2011.01.13 18:44:50 | 000,000,000 | ---D | M] (Java Console) -- C:\PROGRAM FILES\MOZILLA FIREFOX\EXTENSIONS\{CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA} [2010.02.05 04:02:44 | 000,000,000 | ---D | M] (Microsoft .NET Framework Assistant) -- C:\WINDOWS\MICROSOFT.NET\FRAMEWORK\V3.5\WINDOWS PRESENTATION FOUNDATION\DOTNETASSISTANTEXTENSION [2011.05.06 22:21:14 | 000,142,296 | ---- | M] (Mozilla Foundation) -- C:\Programme\Mozilla Firefox\components\browsercomps.dll [2011.02.02 22:40:24 | 000,472,808 | ---- | M] (Sun Microsystems, Inc.) -- C:\Programme\Mozilla Firefox\plugins\npdeployJava1.dll [2011.05.06 22:21:16 | 000,001,392 | ---- | M] () -- C:\Programme\Mozilla Firefox\searchplugins\amazondotcom-de.xml [2011.05.06 22:21:16 | 000,002,252 | ---- | M] () -- C:\Programme\Mozilla Firefox\searchplugins\bing.xml [2011.05.06 22:21:16 | 000,001,153 | ---- | M] () -- C:\Programme\Mozilla Firefox\searchplugins\eBay-de.xml [2011.05.06 22:21:16 | 000,006,805 | ---- | M] () -- C:\Programme\Mozilla Firefox\searchplugins\leo_ende_de.xml [2011.05.06 22:21:16 | 000,001,178 | ---- | M] () -- C:\Programme\Mozilla Firefox\searchplugins\wikipedia-de.xml [2011.05.06 22:21:16 | 000,001,105 | ---- | M] () -- C:\Programme\Mozilla Firefox\searchplugins\yahoo-de.xml O1 HOSTS File: ([2006.09.18 23:41:30 | 000,000,761 | ---- | M]) - C:\Windows\System32\drivers\etc\hosts O1 - Hosts: 127.0.0.1 localhost O1 - Hosts: ::1 localhost O2 - BHO: (Adobe PDF Reader) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Programme\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll (Adobe Systems Incorporated) O2 - BHO: (Spybot-S&D IE Protection) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Programme\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited) O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - No CLSID value found. O2 - BHO: (Windows Live Anmelde-Hilfsprogramm) - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Programme\Common Files\microsoft shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corporation) O2 - BHO: (Java(tm) Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - File not found O3 - HKLM\..\Toolbar: (SweetIM Toolbar for Internet Explorer) - {EEE6C35B-6118-11DC-9C72-001320C79847} - File not found O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {D4027C7F-154A-4066-A1AD-4243D8127440} - No CLSID value found. O3 - HKCU\..\Toolbar\WebBrowser: (SweetIM Toolbar for Internet Explorer) - {EEE6C35B-6118-11DC-9C72-001320C79847} - File not found O4 - HKLM..\Run: [avgnt] C:\Program Files\Avira\AntiVir Desktop\avgnt.exe (Avira GmbH) O4 - HKLM..\Run: [NeroFilterCheck] C:\Programme\Common Files\Ahead\Lib\NeroCheck.exe (Nero AG) O4 - HKLM..\Run: [NvCplDaemon] C:\Windows\System32\NvCpl.dll (NVIDIA Corporation) O4 - HKLM..\Run: [NvMediaCenter] C:\Windows\System32\NvMcTray.dll (NVIDIA Corporation) O4 - HKLM..\Run: [NvSvc] C:\Windows\System32\nvsvc.dll (NVIDIA Corporation) O4 - HKLM..\Run: [RtHDVCpl] C:\Windows\RtHDVCpl.exe (Realtek Semiconductor) O4 - HKLM..\Run: [Windows Defender] C:\Program Files\Windows Defender\MSASCui.exe (Microsoft Corporation) O4 - HKCU..\Run: [WindowsWelcomeCenter] C:\Windows\System32\oobefldr.dll (Microsoft Corporation) O4 - HKCU..\Run: [WMPNSCFG] C:\Programme\Windows Media Player\wmpnscfg.exe (Microsoft Corporation) O8 - Extra context menu item: Free YouTube to Mp3 Converter - C:\Users\User\AppData\Roaming\DVDVideoSoftIEHelpers\freeyoutubetomp3converter.htm () O9 - Extra Button: ICQ7 - {88EB38EF-4D2C-436D-ABD3-56B232674062} - C:\Programme\ICQ7.0\ICQ.exe (ICQ, LLC.) O9 - Extra 'Tools' menuitem : ICQ7 - {88EB38EF-4D2C-436D-ABD3-56B232674062} - C:\Programme\ICQ7.0\ICQ.exe (ICQ, LLC.) O9 - Extra 'Tools' menuitem : Spybot - Search && Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Programme\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited) O10 - NameSpace_Catalog5\Catalog_Entries\000000000007 [] - C:\Programme\Bonjour\mdnsNSP.dll (Apple Inc.) O13 - gopher Prefix: missing O18 - Protocol\Handler\livecall {828030A1-22C1-4009-854F-8E305202313F} - C:\Programme\Windows Live\Messenger\msgrapp.14.0.8117.0416.dll (Microsoft Corporation) O18 - Protocol\Handler\msnim {828030A1-22C1-4009-854F-8E305202313F} - C:\Programme\Windows Live\Messenger\msgrapp.14.0.8117.0416.dll (Microsoft Corporation) O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Programme\Common Files\Skype\Skype4COM.dll (Skype Technologies) O18 - Protocol\Handler\wlmailhtml {03C514A3-1EFB-4856-9F99-10D7BE1653C0} - C:\Programme\Windows Live\Mail\mailcomm.dll (Microsoft Corporation) O18 - Protocol\Filter\application/octet-stream {1E66F26B-79EE-11D2-8710-00C04F79ED0D} - mscoree.dll (Microsoft Corporation) O18 - Protocol\Filter\application/x-complus {1E66F26B-79EE-11D2-8710-00C04F79ED0D} - mscoree.dll (Microsoft Corporation) O18 - Protocol\Filter\application/x-msdownload {1E66F26B-79EE-11D2-8710-00C04F79ED0D} - mscoree.dll (Microsoft Corporation) O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation) O24 - Desktop WallPaper: C:\Users\User\AppData\Roaming\Mozilla\Firefox\Desktop-Hintergrund.bmp O24 - Desktop BackupWallPaper: C:\Users\User\AppData\Roaming\Mozilla\Firefox\Desktop-Hintergrund.bmp O29 - HKLM SecurityProviders - (credssp.dll) - credssp.dll (Microsoft Corporation) O32 - HKLM CDRom: AutoRun - 1 O32 - AutoRun File - [2006.09.18 23:43:36 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ] O33 - MountPoints2\{9993bd10-54fc-11df-ac51-001fc6096b92}\Shell - "" = AutoRun O33 - MountPoints2\{9993bd10-54fc-11df-ac51-001fc6096b92}\Shell\AutoRun\command - "" = F:\SETUP.EXE O34 - HKLM BootExecute: (autocheck autochk *) - File not found O35 - HKLM\..comfile [open] -- "%1" %* O35 - HKLM\..exefile [open] -- "%1" %* O37 - HKLM\...com [@ = comfile] -- "%1" %* O37 - HKLM\...exe [@ = exefile] -- "%1" %* ========== Files/Folders - Created Within 30 Days ========== [2011.05.11 18:47:51 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\CCleaner [2011.05.11 18:47:49 | 000,000,000 | ---D | C] -- C:\Programme\CCleaner [2011.05.11 13:44:37 | 000,000,000 | ---D | C] -- C:\Users\User\AppData\Roaming\Malwarebytes [2011.05.11 13:43:45 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes' Anti-Malware [2011.05.11 13:43:44 | 000,038,224 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbamswissarmy.sys [2011.05.11 13:43:43 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes [2011.05.11 13:43:39 | 000,000,000 | ---D | C] -- C:\Programme\Malwarebytes' Anti-Malware [2011.05.11 02:49:51 | 000,000,000 | ---D | C] -- C:\ProgramData\TEMP [2011.05.11 02:35:08 | 000,000,000 | ---D | C] -- C:\Users\User\Documents\Simply Super Software [2011.05.11 02:34:58 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Trojan Remover [2011.05.11 02:34:55 | 000,069,632 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ztvcabinet.dll [2011.05.11 02:34:52 | 000,000,000 | ---D | C] -- C:\Programme\Trojan Remover [2011.05.11 02:34:52 | 000,000,000 | ---D | C] -- C:\Users\User\AppData\Roaming\Simply Super Software [2011.05.11 02:34:52 | 000,000,000 | ---D | C] -- C:\ProgramData\Simply Super Software [2011.05.07 16:09:51 | 000,006,144 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\beep.sys [2011.04.27 05:41:27 | 004,240,384 | ---- | C] (Microsoft) -- C:\Windows\System32\GameUXLegacyGDFs.dll [2011.04.27 05:41:27 | 000,028,672 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\Apphlpdm.dll [2011.04.27 05:41:20 | 000,876,032 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\XpsPrint.dll [2011.04.22 19:46:21 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Ventrilo [2011.04.22 19:46:18 | 000,000,000 | ---D | C] -- C:\Programme\Ventrilo [2011.04.13 06:13:15 | 000,292,864 | ---- | C] (Adobe Systems Incorporated) -- C:\Windows\System32\atmfd.dll [2011.04.13 06:13:14 | 000,034,304 | ---- | C] (Adobe Systems) -- C:\Windows\System32\atmlib.dll [2011.04.13 06:13:08 | 001,162,240 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mfc42u.dll [2011.04.13 06:13:07 | 001,136,640 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mfc42.dll [2011.04.13 06:13:02 | 000,025,088 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\dnscacheugc.exe [2011.04.13 06:12:55 | 000,671,232 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mstime.dll [2011.04.13 06:12:55 | 000,471,040 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msfeeds.dll [2011.04.13 06:12:55 | 000,389,632 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\html.iec [2011.04.13 06:12:55 | 000,193,024 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\iepeers.dll [2011.04.13 06:12:54 | 000,380,928 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ieapfltr.dll [2011.04.13 06:12:54 | 000,078,336 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ieencode.dll [2011.04.13 06:12:50 | 002,041,856 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\win32k.sys [2011.04.13 06:12:48 | 000,512,000 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\jscript.dll [2011.04.13 06:12:48 | 000,430,080 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\vbscript.dll ========== Files - Modified Within 30 Days ========== [2011.05.12 18:47:42 | 000,628,504 | ---- | M] () -- C:\Windows\System32\perfh007.dat [2011.05.12 18:47:42 | 000,595,798 | ---- | M] () -- C:\Windows\System32\perfh009.dat [2011.05.12 18:47:42 | 000,126,248 | ---- | M] () -- C:\Windows\System32\perfc007.dat [2011.05.12 18:47:42 | 000,103,872 | ---- | M] () -- C:\Windows\System32\perfc009.dat [2011.05.12 18:41:25 | 000,003,216 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0 [2011.05.12 18:41:25 | 000,003,216 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0 [2011.05.12 18:41:18 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat [2011.05.12 18:31:01 | 000,000,230 | ---- | M] () -- C:\Users\User\Desktop\Run.lnk [2011.05.12 18:14:32 | 000,002,110 | ---- | M] () -- C:\Users\User\Desktop\T-Online 6.0.lnk [2011.05.12 18:13:45 | 000,001,116 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-1763264499-3753471517-4276012898-1000UA.job [2011.05.12 14:24:10 | 000,228,864 | ---- | M] () -- C:\Users\User\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini [2011.05.12 10:07:00 | 000,001,064 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-1763264499-3753471517-4276012898-1000Core.job [2011.05.12 04:25:30 | 000,000,049 | ---- | M] () -- C:\Windows\NeroDigital.ini [2011.05.11 18:47:51 | 000,000,804 | ---- | M] () -- C:\Users\Public\Desktop\CCleaner.lnk [2011.05.11 13:43:45 | 000,000,906 | ---- | M] () -- C:\Users\Public\Desktop\Malwarebytes' Anti-Malware.lnk [2011.05.11 02:34:58 | 000,000,936 | ---- | M] () -- C:\Users\Public\Desktop\Trojan Remover.lnk [2011.05.08 20:11:42 | 000,002,110 | ---- | M] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\T-Online 6.0.lnk [2011.05.08 20:11:32 | 000,000,858 | ---- | M] () -- C:\Users\User\Desktop\Mozilla Firefox.lnk [2011.05.08 11:11:38 | 000,002,037 | ---- | M] () -- C:\Users\User\Desktop\Google Chrome.lnk [2011.05.03 22:00:33 | 000,019,014 | ---- | M] () -- C:\Users\User\Desktop\English Abi.rtf [2011.04.22 19:46:28 | 000,000,262 | ---- | M] () -- C:\Windows\{789289CA-F73A-4A16-A331-54D498CE069F}_WiseFW.ini [2011.04.14 03:32:48 | 003,624,312 | ---- | M] () -- C:\Windows\System32\FNTCACHE.DAT ========== Files Created - No Company Name ========== [2011.05.12 18:31:01 | 000,000,230 | ---- | C] () -- C:\Users\User\Desktop\Run.lnk [2011.05.12 18:14:32 | 000,002,110 | ---- | C] () -- C:\Users\User\Desktop\T-Online 6.0.lnk [2011.05.11 18:47:51 | 000,000,804 | ---- | C] () -- C:\Users\Public\Desktop\CCleaner.lnk [2011.05.11 13:43:45 | 000,000,906 | ---- | C] () -- C:\Users\Public\Desktop\Malwarebytes' Anti-Malware.lnk [2011.05.11 02:34:58 | 000,000,936 | ---- | C] () -- C:\Users\Public\Desktop\Trojan Remover.lnk [2011.05.11 02:34:55 | 000,162,304 | ---- | C] () -- C:\Windows\System32\ztvunrar36.dll [2011.05.11 02:34:55 | 000,153,088 | ---- | C] () -- C:\Windows\System32\UNRAR3.dll [2011.05.11 02:34:55 | 000,077,312 | ---- | C] () -- C:\Windows\System32\ztvunace26.dll [2011.05.11 02:34:55 | 000,075,264 | ---- | C] () -- C:\Windows\System32\unacev2.dll [2011.05.08 20:11:42 | 000,002,110 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\T-Online 6.0.lnk [2011.05.08 20:11:32 | 000,000,858 | ---- | C] () -- C:\Users\User\Desktop\Mozilla Firefox.lnk [2011.05.06 22:21:18 | 000,000,858 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Mozilla Firefox.lnk [2011.05.03 21:46:06 | 000,019,014 | ---- | C] () -- C:\Users\User\Desktop\English Abi.rtf [2011.04.22 19:46:15 | 000,000,262 | ---- | C] () -- C:\Windows\{789289CA-F73A-4A16-A331-54D498CE069F}_WiseFW.ini [2011.03.05 23:42:40 | 000,151,301 | ---- | C] () -- C:\Windows\Proteinbiosynthese Uninstaller.exe [2010.10.13 16:59:57 | 000,281,504 | ---- | C] () -- C:\Windows\System32\drivers\atksgt.sys [2010.10.13 16:59:55 | 000,025,888 | ---- | C] () -- C:\Windows\System32\drivers\lirsgt.sys [2010.07.21 16:52:33 | 000,000,552 | ---- | C] () -- C:\Users\User\AppData\Local\d3d8caps.dat [2010.07.07 21:07:25 | 000,228,864 | ---- | C] () -- C:\Users\User\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini [2010.07.07 00:34:57 | 000,000,760 | ---- | C] () -- C:\Users\User\AppData\Roaming\setup_ldm.iss [2010.05.01 11:58:13 | 000,000,683 | ---- | C] () -- C:\Windows\wininit.ini [2010.03.13 19:00:28 | 000,000,049 | ---- | C] () -- C:\Windows\NeroDigital.ini [2010.02.18 19:56:12 | 000,000,056 | -H-- | C] () -- C:\ProgramData\ezsidmv.dat [2010.02.02 10:15:29 | 000,117,248 | ---- | C] () -- C:\Windows\System32\EhStorAuthn.dll [2010.02.02 10:15:29 | 000,107,612 | ---- | C] () -- C:\Windows\System32\StructuredQuerySchema.bin [2010.02.02 02:12:18 | 000,018,904 | ---- | C] () -- C:\Windows\System32\StructuredQuerySchemaTrivial.bin [2010.02.01 17:52:59 | 000,000,088 | RHS- | C] () -- C:\ProgramData\106B5E8615.sys [2010.02.01 17:52:58 | 000,002,828 | -HS- | C] () -- C:\ProgramData\KGyGaAvL.sys [2008.10.07 09:13:30 | 000,197,912 | ---- | C] () -- C:\Windows\System32\physxcudart_20.dll [2008.10.07 09:13:22 | 000,058,648 | ---- | C] () -- C:\Windows\System32\AgCPanelTraditionalChinese.dll [2008.10.07 09:13:20 | 000,058,648 | ---- | C] () -- C:\Windows\System32\AgCPanelSwedish.dll [2008.10.07 09:13:20 | 000,058,648 | ---- | C] () -- C:\Windows\System32\AgCPanelSpanish.dll [2008.10.07 09:13:20 | 000,058,648 | ---- | C] () -- C:\Windows\System32\AgCPanelSimplifiedChinese.dll [2008.10.07 09:13:20 | 000,058,648 | ---- | C] () -- C:\Windows\System32\AgCPanelPortugese.dll [2008.10.07 09:13:20 | 000,058,648 | ---- | C] () -- C:\Windows\System32\AgCPanelKorean.dll [2008.10.07 09:13:20 | 000,058,648 | ---- | C] () -- C:\Windows\System32\AgCPanelJapanese.dll [2008.10.07 09:13:20 | 000,058,648 | ---- | C] () -- C:\Windows\System32\AgCPanelGerman.dll [2008.10.07 09:13:20 | 000,058,648 | ---- | C] () -- C:\Windows\System32\AgCPanelFrench.dll [2008.02.13 23:35:20 | 000,007,680 | ---- | C] () -- C:\Windows\System32\drivers\ASACPI.sys [2008.02.13 14:44:41 | 000,001,732 | ---- | C] () -- C:\Windows\System32\drivers\nvphy.bin [2008.01.21 10:21:25 | 000,628,504 | ---- | C] () -- C:\Windows\System32\perfh007.dat [2008.01.21 10:21:25 | 000,290,748 | ---- | C] () -- C:\Windows\System32\perfi007.dat [2008.01.21 10:21:25 | 000,126,248 | ---- | C] () -- C:\Windows\System32\perfc007.dat [2008.01.21 10:21:25 | 000,036,916 | ---- | C] () -- C:\Windows\System32\perfd007.dat [2006.11.02 14:53:49 | 000,067,584 | --S- | C] () -- C:\Windows\bootstat.dat [2006.11.02 14:44:53 | 003,624,312 | ---- | C] () -- C:\Windows\System32\FNTCACHE.DAT [2006.11.02 12:33:01 | 000,595,798 | ---- | C] () -- C:\Windows\System32\perfh009.dat [2006.11.02 12:33:01 | 000,287,440 | ---- | C] () -- C:\Windows\System32\perfi009.dat [2006.11.02 12:33:01 | 000,103,872 | ---- | C] () -- C:\Windows\System32\perfc009.dat [2006.11.02 12:33:01 | 000,030,674 | ---- | C] () -- C:\Windows\System32\perfd009.dat [2006.11.02 12:23:21 | 000,215,943 | ---- | C] () -- C:\Windows\System32\dssec.dat [2006.11.02 10:58:30 | 000,043,131 | ---- | C] () -- C:\Windows\mib.bin [2006.11.02 10:19:00 | 000,000,741 | ---- | C] () -- C:\Windows\System32\NOISE.DAT [2006.11.02 09:40:29 | 000,013,750 | ---- | C] () -- C:\Windows\System32\pacerprf.ini [2006.11.02 09:25:31 | 000,673,088 | ---- | C] () -- C:\Windows\System32\mlang.dat [1999.01.27 13:39:06 | 000,065,024 | ---- | C] () -- C:\Windows\System32\indounin.dll [1997.11.17 17:13:16 | 000,010,240 | ---- | C] () -- C:\Windows\System32\vidx16.dll [1997.06.13 07:56:08 | 000,056,832 | ---- | C] () -- C:\Windows\System32\Iyvu9_32.dll ========== Files - Unicode (All) ========== [2010.11.05 11:08:08 | 000,000,000 | ---D | M](C:\Users\User\Documents\?? ???) -- C:\Users\User\Documents\넥슨 플러그 [2010.11.05 11:08:08 | 000,000,000 | ---D | C](C:\Users\User\Documents\?? ???) -- C:\Users\User\Documents\넥슨 플러그 ========== Alternate Data Streams ========== @Alternate Data Stream - 102 bytes -> C:\ProgramData\TEMP:CB0AACC9 < End of report > Code:
ATTFilter OTL Extras logfile created on: 12.05.2011 18:45:39 - Run 3
OTL by OldTimer - Version 3.2.22.3 Folder = C:\Users\User\Downloads
Windows Vista Home Basic Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation
Internet Explorer (Version = 7.0.6002.18005)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
2,00 Gb Total Physical Memory | 1,00 Gb Available Physical Memory | 51,00% Memory free
4,00 Gb Paging File | 3,00 Gb Available in Paging File | 74,00% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 223,04 Gb Total Space | 133,36 Gb Free Space | 59,79% Space Free | Partition Type: NTFS
Computer Name: USER-PC | User Name: User | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
========== Extra Registry (SafeList) ==========
========== File Associations ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- C:\Windows\System32\control.exe (Microsoft Corporation)
.hlp [@ = hlpfile] -- C:\Windows\winhlp32.exe (Microsoft Corporation)
.url [@ = InternetShortcut] -- rundll32.exe ieframe.dll,OpenURL %l
[HKEY_CURRENT_USER\SOFTWARE\Classes\<extension>]
.html [@ = FirefoxHTML] -- C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation)
========== Shell Spawning ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
hlpfile [open] -- %SystemRoot%\winhlp32.exe %1 (Microsoft Corporation)
htmlfile [edit] -- Reg Error: Key error.
htmlfile [print] -- rundll32.exe %windir%\system32\mshtml.dll,PrintHTML "%1"
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
InternetShortcut [open] -- rundll32.exe ieframe.dll,OpenURL %l
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [AddToPlaylistVLC] -- "C:\Program Files\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" ()
Directory [Bridge] -- C:\Program Files\Adobe\Adobe Bridge CS5\Bridge.exe "%L" (Adobe Systems, Inc.)
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [PlayWithVLC] -- "C:\Program Files\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" ()
Folder [open] -- %SystemRoot%\Explorer.exe /separate,/idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /separate,/e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
========== Security Center Settings ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0
"VistaSp1" = Reg Error: Unknown registry data type -- File not found
"VistaSp2" = Reg Error: Unknown registry data type -- File not found
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]
========== Firewall Settings ==========
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0
"DoNotAllowExceptions" = 0
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0
"DoNotAllowExceptions" = 0
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0
========== Authorized Applications List ==========
========== Vista Active Open Ports Exception List ==========
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{580246D6-51C8-47D5-BEA9-00C3A4B26B42}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=svchost.exe |
"{763A29CB-B868-4856-B660-753B473979C8}" = lport=2869 | protocol=6 | dir=in | app=system |
"{767DE962-AB8C-4C5E-8F78-36FFAC439D4C}" = lport=5000 | protocol=17 | dir=in | name=akamai netsession interface |
"{B606DA60-8331-46D8-A31A-DE1EAB603284}" = lport=49181 | protocol=6 | dir=in | name=akamai netsession interface |
========== Vista Active Application Exception List ==========
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{0CB48D45-42C9-40DC-AF50-F750168A224A}" = protocol=6 | dir=in | app=c:\program files\frostwire\frostwire.exe |
"{0D708FC9-FB9E-4D87-A4D3-22C191C93F5B}" = protocol=17 | dir=in | app=c:\users\user\downloads\sweetimsetup.exe |
"{1B530998-F061-4296-9A30-614D3D6573CD}" = protocol=17 | dir=in | app=c:\program files\icq7.0\icq.exe |
"{2937ACF5-4FCF-4776-AF2F-2EB181A199D6}" = dir=in | app=c:\program files\pando networks\media booster\pmb.exe |
"{308DD4AB-4434-4625-B074-99A27F1AA90E}" = protocol=6 | dir=in | app=c:\nexon\combat arms eu\nmservice.exe |
"{36A0121F-18EB-42B7-AEE5-F4861B3D01D5}" = protocol=6 | dir=in | app=c:\program files\icq7.0\icq.exe |
"{4856A642-1D7F-4519-9731-DB8123AE513D}" = protocol=6 | dir=in | app=c:\program files\pando networks\media booster\pmb.exe |
"{4A87644B-1AB1-472C-9B29-C79DC70F46E3}" = protocol=17 | dir=in | app=c:\program files\icq7.0\aolload.exe |
"{4E18EF97-B8FF-4219-9F78-715700C5DB44}" = protocol=6 | dir=in | app=c:\gamigo\loong\launcher.exe |
"{51908FC7-AEB3-4415-98FD-A431C6CC5046}" = protocol=17 | dir=in | app=c:\program files\pando networks\media booster\pmb.exe |
"{5373CE04-8EDA-4D0F-A6F6-0AD68F2C177B}" = protocol=17 | dir=in | app=c:\programdata\nexoneu\ngm\ngm.exe |
"{5AE2864A-F7B8-4D91-A40A-DF821D0941CB}" = protocol=17 | dir=in | app=c:\gamigo\loong\launcher.exe |
"{6930FB1D-2D26-40E5-90E0-B5244D275B00}" = protocol=17 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe |
"{6B683A82-FDBE-4A78-88B8-B2D20D49B20F}" = protocol=6 | dir=in | app=c:\program files\icq7.0\aolload.exe |
"{7A9D848F-2D18-426C-A3C4-C16D9D0C1444}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{88026AD3-26FF-4C91-8B5C-C47E6AF5F64C}" = protocol=6 | dir=in | app=c:\program files\icq7.0\icq.exe |
"{894D3D0A-2915-4377-A5FB-B93A4FCFB66C}" = protocol=17 | dir=in | app=c:\program files\ventrilo\ventrilo.exe |
"{8AA18992-976C-41CE-B9E9-3F1CCC650A43}" = protocol=6 | dir=in | app=c:\program files\pando networks\media booster\pmb.exe |
"{8E2B0961-7FC7-41FF-A787-F1EC3A656F2F}" = dir=in | app=c:\program files\itunes\itunes.exe |
"{A38469D5-023B-487D-BC49-B84C9D18DC97}" = protocol=6 | dir=in | app=c:\program files\icq7.0\aolload.exe |
"{AB55AD93-9210-433D-B81A-77D29DAEA076}" = protocol=17 | dir=in | app=c:\program files\pando networks\media booster\pmb.exe |
"{B48A0EB1-57BD-4848-BA89-50F1A4633F73}" = protocol=6 | dir=in | app=c:\programdata\nexoneu\ngm\ngm.exe |
"{BECCF2BF-3782-4D1D-B7D0-79489DAC5B99}" = dir=in | app=c:\program files\windows live\messenger\msnmsgr.exe |
"{C46CF48F-3350-4886-8A92-6C32F731C34E}" = protocol=17 | dir=in | app=c:\program files\icq7.0\aolload.exe |
"{C5939EA9-4B02-494D-A471-6909BEB73884}" = protocol=6 | dir=in | app=c:\program files\ventrilo\ventrilo.exe |
"{D163CA54-3AB1-4F56-84B0-6D6A7D780CB2}" = protocol=17 | dir=in | app=c:\nexon\combat arms eu\nmservice.exe |
"{D3D39046-9040-4AD7-B873-346C6E2FC8BE}" = protocol=17 | dir=in | app=c:\program files\frostwire\frostwire.exe |
"{DFC6D880-47D0-402A-A20A-72CC5BB5150A}" = protocol=6 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe |
"{EA6F1683-2A5C-47CA-9F9A-BB017407231F}" = protocol=6 | dir=in | app=c:\users\user\downloads\sweetimsetup.exe |
"{FAD2CBFA-30C7-4EFB-8B31-31F7B1F3C6AC}" = protocol=17 | dir=in | app=c:\program files\icq7.0\icq.exe |
"TCP Query User{1A745B49-1DDF-49F9-9A36-1ABD779DBF91}C:\users\user\downloads\maestia-downloader.exe" = protocol=6 | dir=in | app=c:\users\user\downloads\maestia-downloader.exe |
"TCP Query User{513A14B1-1BFE-4A07-AD5C-E37FAC95CE5D}C:\program files\java\jre6\bin\java.exe" = protocol=6 | dir=in | app=c:\program files\java\jre6\bin\java.exe |
"TCP Query User{52E5C4FD-789F-4CEB-9667-CA8FF55831A4}C:\program files\alaplaya\loco\system\loco.exe" = protocol=6 | dir=in | app=c:\program files\alaplaya\loco\system\loco.exe |
"TCP Query User{55743758-C1D7-4426-99F3-C8921135D8DE}C:\program files\java\jre6\bin\javaw.exe" = protocol=6 | dir=in | app=c:\program files\java\jre6\bin\javaw.exe |
"TCP Query User{596D771D-DAB4-44E5-9ED8-F97F281362D6}C:\aeriagames\rohan\rohanclient.exe" = protocol=6 | dir=in | app=c:\aeriagames\rohan\rohanclient.exe |
"TCP Query User{647C7D15-E698-4BFF-ACEB-7CD2FAED5A75}C:\program files\mozilla firefox\firefox.exe" = protocol=6 | dir=in | app=c:\program files\mozilla firefox\firefox.exe |
"TCP Query User{C0157D1E-27FA-4732-95B7-8CC8CC6221C1}C:\users\user\desktop\rohan\rohanclient.exe" = protocol=6 | dir=in | app=c:\users\user\desktop\rohan\rohanclient.exe |
"TCP Query User{D156C566-CE7F-440F-BD25-BE3A67C64030}C:\nexon\nexon_eu_downloader\nexon_eu_downloader_engine.exe" = protocol=6 | dir=in | app=c:\nexon\nexon_eu_downloader\nexon_eu_downloader_engine.exe |
"TCP Query User{D1EF8C53-A594-4006-B785-DB92EBC3D728}C:\program files\bitlord\bitlord.exe" = protocol=6 | dir=in | app=c:\program files\bitlord\bitlord.exe |
"UDP Query User{0018A949-BC9C-493D-80A1-0D2F22126728}C:\program files\java\jre6\bin\java.exe" = protocol=17 | dir=in | app=c:\program files\java\jre6\bin\java.exe |
"UDP Query User{0AC144C7-3BD6-4EB8-B2A4-978F983AE72D}C:\nexon\nexon_eu_downloader\nexon_eu_downloader_engine.exe" = protocol=17 | dir=in | app=c:\nexon\nexon_eu_downloader\nexon_eu_downloader_engine.exe |
"UDP Query User{168D25D1-B6BF-4DE0-94EE-D3D5FBCA6731}C:\program files\mozilla firefox\firefox.exe" = protocol=17 | dir=in | app=c:\program files\mozilla firefox\firefox.exe |
"UDP Query User{66D02D8B-99CD-489D-9D1C-1FBD76ABEB23}C:\users\user\desktop\rohan\rohanclient.exe" = protocol=17 | dir=in | app=c:\users\user\desktop\rohan\rohanclient.exe |
"UDP Query User{966CE106-159F-4420-BEB6-ED5F1D5AB1AE}C:\program files\alaplaya\loco\system\loco.exe" = protocol=17 | dir=in | app=c:\program files\alaplaya\loco\system\loco.exe |
"UDP Query User{A1D503CD-F828-41D6-BC1D-194D793B5553}C:\program files\bitlord\bitlord.exe" = protocol=17 | dir=in | app=c:\program files\bitlord\bitlord.exe |
"UDP Query User{AAA4E197-570C-4303-BC10-145E138A5543}C:\users\user\downloads\maestia-downloader.exe" = protocol=17 | dir=in | app=c:\users\user\downloads\maestia-downloader.exe |
"UDP Query User{ED44FC36-3A43-495E-90EA-707C263FEB39}C:\program files\java\jre6\bin\javaw.exe" = protocol=17 | dir=in | app=c:\program files\java\jre6\bin\javaw.exe |
"UDP Query User{FE3BDE88-9D2C-48AC-B8AF-535763D0FC57}C:\aeriagames\rohan\rohanclient.exe" = protocol=17 | dir=in | app=c:\aeriagames\rohan\rohanclient.exe |
========== HKEY_LOCAL_MACHINE Uninstall List ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{002D9D5E-29BA-3E6D-9BC4-3D7D6DBC735C}" = Microsoft Visual C++ 2008 ATL Update kb973924 - x86 9.0.30729.4148
"{015C0A2E-3837-4BAC-9AEC-4E7D84808035}" = Loong
"{033E378E-6AD3-4AD5-BDEB-CBD69B31046C}" = Microsoft_VC90_ATL_x86
"{052FDD78-A6EA-3187-8386-C82F4CA3A929}" = Microsoft .NET Framework 3.5 Language Pack SP1 - deu
"{08D2E121-7F6A-43EB-97FD-629B44903403}" = Microsoft_VC90_CRT_x86
"{0D2DBE8A-43D0-7830-7AE7-CA6C99A832E7}" = Adobe Community Help
"{0F3647F8-E51D-4FCC-8862-9A8D0C5ACF25}" = Microsoft_VC80_ATL_x86
"{15FEDA5F-141C-4127-8D7E-B962D1742728}" = Adobe Photoshop CS5
"{1C4551A6-4743-4093-91E4-1477CD655043}" = NVIDIA PhysX
"{205C6BDD-7B73-42DE-8505-9A093F35A238}" = Windows Live-Uploadtool
"{22B775E7-6C42-4FC5-8E10-9A5E3257BD94}" = MSVCRT
"{295C31E5-3F91-498E-9623-DA24D2FA2B6A}" = T-Online WLAN-Access Finder
"{2A981294-F14C-4F0F-9627-D793270922F8}" = Bonjour
"{2EA870FA-585F-4187-903D-CB9FFD21E2E0}" = DHTML Editing Component
"{3175E049-F9A9-4A3D-8F19-AC9FB04514D1}" = Windows Live Communications Platform
"{3C3901C5-3455-3E0A-A214-0B093A5070A6}" = Microsoft .NET Framework 4 Client Profile
"{52B97218-98CB-4B8B-9283-D213C85E1AA4}" = Windows Live Anmelde-Assistent
"{56C049BE-79E9-4502-BEA7-9754A3E60F9B}" = neroxml
"{57752979-A1C9-4C02-856B-FBB27AC4E02C}" = QuickTime
"{5BF5F9C5-E95B-4AFA-94BE-F2A9CA73B61D}" = Apple Mobile Device Support
"{635FED5B-2C6D-49BE-87E6-7A6FCD22BC5A}" = Microsoft_VC90_MFC_x86
"{6956856F-B6B3-4BE0-BA0B-8F495BE32033}" = Apple Software Update
"{69FDFBB6-351D-4B8C-89D8-867DC9D0A2A4}" = Windows Media Player Firefox Plugin
"{7299052b-02a4-4627-81f2-1818da5d550d}" = Microsoft Visual C++ 2005 Redistributable
"{770657D0-A123-3C07-8E44-1C83EC895118}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
"{789289CA-F73A-4A16-A331-54D498CE069F}" = Ventrilo Client
"{847CAE64-4CD2-4B2D-AF00-978FF5431031}" = Nero 7 Essentials
"{86CE85E6-DBAC-3FFD-B977-E4B79F83C909}" = Microsoft Visual C++ 2008 Redistributable - KB2467174 - x86 9.0.30729.5570
"{88EB38EF-4D2C-436D-ABD3-56B232674062}" = ICQ7
"{8D1E61D1-1395-4E97-997F-D002DB3A5074}" = OpenOffice.org 3.2
"{8E5233E1-7495-44FB-8DEB-4BE906D59619}" = Junk Mail filter update
"{92D58719-BBC1-4CC3-A08B-56C9E884CC2C}" = Microsoft_VC80_CRT_x86
"{95120000-00B9-0409-0000-0000000FF1CE}" = Microsoft Application Error Reporting
"{95140000-00AF-0407-0000-0000000FF1CE}" = Microsoft PowerPoint Viewer
"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
"{a0fe116e-9a8a-466f-aee0-625cb7c207e3}" = Microsoft Visual C++ 2005 Redistributable - KB2467175
"{A2BCA9F1-566C-4805-97D1-7FDC93386723}" = Adobe AIR
"{A78FE97A-C0C8-49CE-89D0-EDD524A17392}" = PDF Settings CS5
"{AAD47011-8518-4608-9656-951DA35B587B}" = iTunes
"{AC76BA86-7AD7-1031-7B44-A80000000002}" = Adobe Reader 8 - Deutsch
"{AED2DD42-9853-407E-A6BC-8A1D6B715909}" = Windows Live Messenger
"{B1275E23-717A-4D52-997A-1AD1E24BC7F3}" = T-Online 6.0
"{B4092C6D-E886-4CB2-BA68-FE5A88D31DE6}_is1" = Spybot - Search & Destroy
"{C4D738F7-996A-4C81-B8FA-C4E26D767E41}" = Windows Live Mail
"{CAFA57E8-8927-4912-AFCF-B0AA3837E989}" = Windows Live Essentials
"{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1
"{CF8C077A-B467-4C43-8DB5-3A9B94FF9681}" = LightScribe System Software 1.12.29.2
"{D103C4BA-F905-437A-8049-DB24763BBE36}" = Skype™ 4.2
"{D1A19B02-817E-4296-A45B-07853FD74D57}" = Microsoft_VC80_MFC_x86
"{D2041A37-5FEC-49F0-AE5C-3F2FFDFAA4F4}" = Windows Live Call
"{D92BBB52-82FF-42ED-8A3C-4E062F944AB7}" = Microsoft_VC80_MFCLOC_x86
"{DE3A9DC5-9A5D-6485-9662-347162C7E4CA}" = Adobe Media Player
"{EE6097DD-05F4-4178-9719-D3170BF098E8}" = Apple Application Support
"{F0E12BBA-AD66-4022-A453-A1C8A0C4D570}" = Microsoft Choice Guard
"{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver
"{F750C986-5310-3A5A-95F8-4EC71C8AC01C}" = Microsoft .NET Framework 4 Client Profile DEU Language Pack
"Adobe AIR" = Adobe AIR
"Adobe Flash Player Plugin" = Adobe Flash Player 10 Plugin
"Akamai" = Akamai NetSession Interface
"Avira AntiVir Desktop" = Avira AntiVir Personal - Free Antivirus
"CamStudio" = CamStudio
"CCleaner" = CCleaner
"chc.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1" = Adobe Community Help
"com.adobe.amp.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1" = Adobe Media Player
"DivX Setup.divx.com" = DivX-Setup
"Free Audio CD Burner_is1" = Free Audio CD Burner version 1.4.7
"Free YouTube to MP3 Converter_is1" = Free YouTube to MP3 Converter version 3.9.35.324
"HaaliMkx" = Haali Media Splitter
"JDownloader" = JDownloader
"Malwarebytes' Anti-Malware_is1" = Malwarebytes' Anti-Malware
"Microsoft .NET Framework 3.5 Language Pack SP1 - deu" = Microsoft .NET Framework 3.5 Language Pack SP1 - DEU
"Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1
"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile
"Microsoft .NET Framework 4 Client Profile DEU Language Pack" = Microsoft .NET Framework 4 Client Profile DEU Language Pack
"Mozilla Firefox 4.0.1 (x86 de)" = Mozilla Firefox 4.0.1 (x86 de)
"NVIDIA Drivers" = NVIDIA Drivers
"Proteinbiosynthese" = Proteinbiosynthese
"ShockwaveFlash" = Adobe Flash Player 9 ActiveX
"TeamSpeak 3 Client" = TeamSpeak 3 Client
"Trojan Remover_is1" = Trojan Remover 6.8.2
"Uninstall_is1" = Uninstall 1.0.0.1
"VLC media player" = VLC media player 1.0.5
"WinLiveSuite_Wave3" = Windows Live Essentials
"WinRAR archiver" = WinRAR
========== HKEY_CURRENT_USER Uninstall List ==========
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"Google Chrome" = Google Chrome
"PhotoFiltre" = PhotoFiltre
========== Last 10 Event Log Errors ==========
[ Application Events ]
Error - 07.05.2011 10:09:12 | Computer Name = User-PC | Source = Application Error | ID = 1000
Description = Fehlerhafte Anwendung LogonUI.exe, Version 6.0.6001.18000, Zeitstempel
0x47918daf, fehlerhaftes Modul dll.dll, Version 0.0.0.0, Zeitstempel 0x4d776bbf,
Ausnahmecode 0xc000001d, Fehleroffset 0x00002085, Prozess-ID 0x14b8, Anwendungsstartzeit
01cc0cc055929a99.
Error - 07.05.2011 10:09:22 | Computer Name = User-PC | Source = Application Error | ID = 1000
Description = Fehlerhafte Anwendung wermgr.exe, Version 6.0.6001.18000, Zeitstempel
0x47918ca1, fehlerhaftes Modul dll.dll, Version 0.0.0.0, Zeitstempel 0x4d776bbf,
Ausnahmecode 0xc000001d, Fehleroffset 0x00002085, Prozess-ID 0x898, Anwendungsstartzeit
01cc0cc0575c5e19.
Error - 07.05.2011 10:12:38 | Computer Name = User-PC | Source = VSS | ID = 12289
Description =
Error - 07.05.2011 10:12:50 | Computer Name = User-PC | Source = VSS | ID = 12289
Description =
Error - 07.05.2011 10:12:50 | Computer Name = User-PC | Source = VSS | ID = 12289
Description =
Error - 07.05.2011 10:13:00 | Computer Name = User-PC | Source = VSS | ID = 12289
Description =
Error - 07.05.2011 10:13:00 | Computer Name = User-PC | Source = Application Error | ID = 1000
Description = Fehlerhafte Anwendung Taskmgr.exe, Version 6.0.6001.18000, Zeitstempel
0x47918e94, fehlerhaftes Modul dll.dll, Version 0.0.0.0, Zeitstempel 0x4d776bbf,
Ausnahmecode 0xc000001d, Fehleroffset 0x00002085, Prozess-ID 0xfec, Anwendungsstartzeit
01cc0cc05be345c9.
Error - 07.05.2011 10:41:23 | Computer Name = User-PC | Source = VSS | ID = 12289
Description =
Error - 07.05.2011 10:41:33 | Computer Name = User-PC | Source = VSS | ID = 12289
Description =
Error - 07.05.2011 10:41:33 | Computer Name = User-PC | Source = VSS | ID = 12289
Description =
[ System Events ]
Error - 11.05.2011 00:20:05 | Computer Name = User-PC | Source = DCOM | ID = 10016
Description =
Error - 11.05.2011 00:20:06 | Computer Name = User-PC | Source = DCOM | ID = 10016
Description =
Error - 11.05.2011 00:20:24 | Computer Name = User-PC | Source = DCOM | ID = 10016
Description =
Error - 11.05.2011 00:20:24 | Computer Name = User-PC | Source = DCOM | ID = 10016
Description =
Error - 11.05.2011 00:22:29 | Computer Name = User-PC | Source = DCOM | ID = 10010
Description =
Error - 11.05.2011 00:24:07 | Computer Name = User-PC | Source = Service Control Manager | ID = 7026
Description =
Error - 11.05.2011 10:24:14 | Computer Name = User-PC | Source = Service Control Manager | ID = 7026
Description =
Error - 12.05.2011 09:13:57 | Computer Name = User-PC | Source = RasMan | ID = 20062
Description = Interner Fehler: Das Trennen an PPPoE2-0 endete zwar vollständig,
aber mit einem Fehler. PPPoE2-0
Error - 12.05.2011 12:18:12 | Computer Name = User-PC | Source = Service Control Manager | ID = 7026
Description =
Error - 12.05.2011 12:41:53 | Computer Name = User-PC | Source = Service Control Manager | ID = 7026
Description =
< End of report >
Also das Problem mit Google taucht im Moment gar nicht mehr auf, nachdem ich deine Schritte durchgeführt habe. Was immer noch da ist:  Das Fenster oben öffnet sich ständig. Doch ich hab kein IE geöffnet (wie man im Task-Manager sehen kann) und kenne diese Seite auch gar nicht. X_X Ich klick immer auf nein, jedoch taucht es wirklich 4-5mal in einer Std auf. Kannst du mir damit auch helfen pls? Geändert von Timcanpy (12.05.2011 um 18:08 Uhr) |
|
12.05.2011, 19:08
| #8 |
| | Google spinnt bei mir! Tojaner oder Maleware, weiss ich nicht x_x Das kommt auch bei mir voll oft:  Nachdem ich ok/ [x] klick kommt das:  Klicke immer auf OK... ist das ein Virus? |
|
13.05.2011, 08:16
| #9 |
| /// Helfer-Team | Google spinnt bei mir! Tojaner oder Maleware, weiss ich nicht x_x 1. Fixen mit OTL
Code:
ATTFilter :OTL
IE - HKCU\..\URLSearchHook: - Reg Error: Key error. File not found
IE - HKCU\..\URLSearchHook: {855F3B16-6D32-4fe6-8A56-BBB695989046} - Reg Error: Key error. File not found
IE - HKCU\..\URLSearchHook: {EEE6C35D-6118-11DC-9C72-001320C79847} - File not found
FF - prefs.js..browser.search.defaultenginename: "SweetIM Search"
FF - prefs.js..browser.search.defaulturl: "hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT2269050&SearchSource=3&q={searchTerms}"
FF - prefs.js..keyword.URL: "hxxp://search.sweetim.com/search.asp?src=2&q="
FF - prefs.js..sweetim.toolbar.previous.keyword.URL: "chrome://browser-region/locale/region.properties"
O3 - HKLM\..\Toolbar: (SweetIM Toolbar for Internet Explorer) - {EEE6C35B-6118-11DC-9C72-001320C79847} - File not found
O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {D4027C7F-154A-4066-A1AD-4243D8127440} - No CLSID value found.
O3 - HKCU\..\Toolbar\WebBrowser: (SweetIM Toolbar for Internet Explorer) - {EEE6C35B-6118-11DC-9C72-001320C79847} - File not found
@Alternate Data Stream - 102 bytes -> C:\ProgramData\TEMP:CB0AACC9
:Reg
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{0CB48D45-42C9-40DC-AF50-F750168A224A}" =-
"{0D708FC9-FB9E-4D87-A4D3-22C191C93F5B}" =-
"{EA6F1683-2A5C-47CA-9F9A-BB017407231F}" =-
:Commands
[purity]
[emptytemp]
2. läuft unter XP, Vista mit (32Bit) und Windows 7 (32Bit) Achtung!: WENN GMER NICHT AUSGEFÜHRT WERDEN KANN ODER PROBMLEME VERURSACHT, fahre mit dem nächsten Punkt fort!- Es ist NICHT sinnvoll einen zweiten Versuch zu starten! Um einen tieferen Einblick in dein System, um eine mögliche Infektion mit einem Rootkit/Info v.wikipedia.org) aufzuspüren, werden wir ein Tool - Gmer - einsetzen :
** keine Verbindung zu einem Netzwerk und Internet - WLAN nicht vergessen Wenn der Scan beendet ist, bitte alle Programme und Tools wieder aktivieren! Anleitung:-> GMER - Rootkit Scanner 3. Kontrolle mit MBR -t, ob Master Boot Record in Ordnung ist (MBR-Rootkit) Mit dem folgenden Tool prüfen wir, ob sich etwas Schädliches im Master Boot Record eingenistet hat.
4. Öffne CCleaner
5. erneut einen Scan mit OTL:
__________________ Warnung!: Vorsicht beim Rechnungen per Email mit ZIP-Datei als Anhang! Kann mit einen Verschlüsselungs-Trojaner infiziert sein! Anhang nicht öffnen, in unserem Forum erst nachfragen! Sichere regelmäßig deine Daten, auf CD/DVD, USB-Sticks oder externe Festplatten, am besten 2x an verschiedenen Orten! Bitte diese Warnung weitergeben, wo Du nur kannst! |
|
19.05.2011, 02:30
| #10 |
| | Google spinnt bei mir! Tojaner oder Maleware, weiss ich nicht x_x 1. Code:
ATTFilter All processes killed
========== OTL ==========
Registry value HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\URLSearchHooks\\ not found.
Registry value HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\URLSearchHooks\\{855F3B16-6D32-4fe6-8A56-BBB695989046} not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{855F3B16-6D32-4fe6-8A56-BBB695989046}\ not found.
Registry value HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\URLSearchHooks\\{EEE6C35D-6118-11DC-9C72-001320C79847} not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{EEE6C35D-6118-11DC-9C72-001320C79847}\ not found.
Prefs.js: "SweetIM Search" removed from browser.search.defaultenginename
Prefs.js: "hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT2269050&SearchSource=3&q={searchTerms}" removed from browser.search.defaulturl
Prefs.js: "hxxp://search.sweetim.com/search.asp?src=2&q=" removed from keyword.URL
Prefs.js: "chrome://browser-region/locale/region.properties" removed from sweetim.toolbar.previous.keyword.URL
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Toolbar\\{EEE6C35B-6118-11DC-9C72-001320C79847} not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{EEE6C35B-6118-11DC-9C72-001320C79847}\ not found.
Registry value HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{D4027C7F-154A-4066-A1AD-4243D8127440} not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{D4027C7F-154A-4066-A1AD-4243D8127440}\ not found.
Registry value HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{EEE6C35B-6118-11DC-9C72-001320C79847} not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{EEE6C35B-6118-11DC-9C72-001320C79847}\ not found.
Unable to delete ADS C:\ProgramData\TEMP:CB0AACC9 .
========== REGISTRY ==========
Registry value HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\{0CB48D45-42C9-40DC-AF50-F750168A224A} not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{0CB48D45-42C9-40DC-AF50-F750168A224A}\ not found.
Registry value HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\{0D708FC9-FB9E-4D87-A4D3-22C191C93F5B} not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{0D708FC9-FB9E-4D87-A4D3-22C191C93F5B}\ not found.
Registry value HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\{EA6F1683-2A5C-47CA-9F9A-BB017407231F} not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{EA6F1683-2A5C-47CA-9F9A-BB017407231F}\ not found.
========== COMMANDS ==========
[EMPTYTEMP]
User: All Users
User: Default
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
->Flash cache emptied: 0 bytes
User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
->Flash cache emptied: 0 bytes
User: Public
User: User
->Temp folder emptied: 403969 bytes
->Temporary Internet Files folder emptied: 635379 bytes
->Java cache emptied: 0 bytes
->FireFox cache emptied: 94131023 bytes
->Google Chrome cache emptied: 0 bytes
->Flash cache emptied: 2802 bytes
%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 0 bytes
%systemroot%\System32 .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 54116 bytes
RecycleBin emptied: 0 bytes
Total Files Cleaned = 91,00 mb
OTL by OldTimer - Version 3.2.22.3 log created on 05192011_021237
Files\Folders moved on Reboot...
Registry entries deleted on Reboot...
Code:
ATTFilter GMER 1.0.15.15627 - hxxp://www.gmer.net
Rootkit scan 2011-05-19 03:19:15
Windows 6.0.6002 Service Pack 2 Harddisk0\DR0 -> \Device\Ide\IdeDeviceP2T0L0-3 WDC_WD2500AAJS-00VTA0 rev.01.01B01
Running: x4u6ns7u.exe; Driver: C:\Users\User\AppData\Local\Temp\kxldapob.sys
---- Kernel code sections - GMER 1.0.15 ----
.text C:\Windows\system32\DRIVERS\nvlddmkm.sys section is writeable [0x8BC00340, 0x39DB57, 0xE8000020]
.text C:\Windows\system32\DRIVERS\atksgt.sys section is writeable [0x9AED2300, 0x3B638, 0xE8000020]
.text C:\Windows\system32\DRIVERS\lirsgt.sys section is writeable [0x9AF15300, 0x1BEE, 0xE8000020]
---- User code sections - GMER 1.0.15 ----
.text C:\Program Files\Internet Explorer\iexplore.exe[456] USER32.dll!DialogBoxParamW 767410B0 5 Bytes JMP 7168BFE7 C:\Windows\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[456] USER32.dll!DialogBoxIndirectParamW 76742EF5 5 Bytes JMP 717CBBB2 C:\Windows\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[456] USER32.dll!DialogBoxParamA 76758152 5 Bytes JMP 717CBB77 C:\Windows\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[456] USER32.dll!DialogBoxIndirectParamA 7675847D 5 Bytes JMP 717CBBED C:\Windows\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[456] USER32.dll!MessageBoxIndirectA 7676D4D9 5 Bytes JMP 717CBB33 C:\Windows\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[456] USER32.dll!MessageBoxIndirectW 7676D5D3 5 Bytes JMP 717CBAEF C:\Windows\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[456] USER32.dll!MessageBoxExA 7676D639 5 Bytes JMP 717CBAB5 C:\Windows\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[456] USER32.dll!MessageBoxExW 7676D65D 5 Bytes JMP 717CBA7B C:\Windows\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[456] ole32.dll!OleLoadFromStream 76A41E80 5 Bytes JMP 717CBDAF C:\Windows\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[456] WININET.dll!HttpAddRequestHeadersA 76BD1A68 5 Bytes JMP 00B164C0
.text C:\Program Files\Internet Explorer\iexplore.exe[456] WININET.dll!HttpAddRequestHeadersW 76C3B901 5 Bytes JMP 00B166C0
.text C:\Program Files\Internet Explorer\iexplore.exe[456] WS2_32.dll!closesocket 7714330C 5 Bytes JMP 00C5000A
.text C:\Program Files\Internet Explorer\iexplore.exe[456] WS2_32.dll!recv 7714343A 5 Bytes JMP 00C3000A
.text C:\Program Files\Internet Explorer\iexplore.exe[456] WS2_32.dll!connect 771440D9 5 Bytes JMP 00C4000A
.text C:\Program Files\Internet Explorer\iexplore.exe[456] WS2_32.dll!getaddrinfo 7714418A 5 Bytes JMP 00C8000A
.text C:\Program Files\Internet Explorer\iexplore.exe[456] WS2_32.dll!send 7714659B 5 Bytes JMP 00C6000A
.text C:\Program Files\Internet Explorer\iexplore.exe[456] WS2_32.dll!gethostbyname 771562D4 5 Bytes JMP 00C7000A
---- Devices - GMER 1.0.15 ----
AttachedDevice \FileSystem\fastfat \Fat fltmgr.sys (Microsoft Dateisystem-Filter-Manager/Microsoft Corporation)
---- Threads - GMER 1.0.15 ----
Thread System [4:252] 85A7FE7A
Thread System [4:256] 85A82008
---- EOF - GMER 1.0.15 ----
Code:
ATTFilter Stealth MBR rootkit/Mebroot/Sinowal/TDL4 detector 0.4.2 by Gmer, hxxp://www.gmer.net
Windows 6.0.6002 Disk: WDC_WD2500AAJS-00VTA0 rev.01.01B01 -> Harddisk0\DR0 -> \Device\Ide\IdeDeviceP2T0L0-3
device: opened successfully
user: MBR read successfully
Disk trace:
called modules: ntkrnlpa.exe CLASSPNP.SYS disk.sys acpi.sys hal.dll >>UNKNOWN [0x85A7B1ED]<<
1 ntkrnlpa!IofCallDriver[0x8204D912] -> \Device\Harddisk0\DR0[0x84DA9AC8]
3 CLASSPNP[0x87FA68B3] -> ntkrnlpa!IofCallDriver[0x8204D912] -> [0x84284930]
5 acpi[0x806146BC] -> ntkrnlpa!IofCallDriver[0x8204D912] -> \Device\Ide\IdeDeviceP2T0L0-3[0x84280030]
kernel: MBR read successfully
detected disk devices:
detected hooks:
\Driver\atapi -> 0x85a7b1ed
user & kernel MBR OK
Warning: possible MBR rootkit infection !
Logfile 1 Code:
ATTFilter OTL logfile created on: 19.05.2011 03:37:08 - Run 4 OTL by OldTimer - Version 3.2.22.3 Folder = C:\Users\User\Desktop Windows Vista Home Basic Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation Internet Explorer (Version = 7.0.6002.18005) Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy 2,00 Gb Total Physical Memory | 1,00 Gb Available Physical Memory | 54,00% Memory free 4,00 Gb Paging File | 3,00 Gb Available in Paging File | 77,00% Paging File free Paging file location(s): ?:\pagefile.sys [binary data] %SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files Drive C: | 223,04 Gb Total Space | 124,63 Gb Free Space | 55,88% Space Free | Partition Type: NTFS Computer Name: USER-PC | User Name: User | Logged in as Administrator. Boot Mode: Normal | Scan Mode: Current user Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days ========== Processes (SafeList) ========== PRC - C:\Users\User\Desktop\OTL.exe (OldTimer Tools) PRC - C:\Programme\Mozilla Firefox\firefox.exe (Mozilla Corporation) PRC - C:\Programme\Avira\AntiVir Desktop\sched.exe (Avira GmbH) PRC - C:\Programme\Avira\AntiVir Desktop\avguard.exe (Avira GmbH) PRC - C:\Programme\Avira\AntiVir Desktop\avgnt.exe (Avira GmbH) PRC - C:\Programme\T-Online\T-Online_Software_6\Basis-Software\Basis2\profilemgr.exe (Deutsche Telekom AG) PRC - C:\Programme\T-Online\T-Online_Software_6\Basis-Software\Basis2\sc_watch.exe (Deutsche Telekom AG) PRC - C:\Programme\T-Online\T-Online_Software_6\Basis-Software\Basis2\kernel.exe (Deutsche Telekom AG) PRC - C:\Programme\Avira\AntiVir Desktop\avshadow.exe (Avira GmbH) PRC - C:\Programme\Windows Sidebar\sidebar.exe (Microsoft Corporation) PRC - C:\Programme\Internet Explorer\iexplore.exe (Microsoft Corporation) PRC - C:\Programme\Internet Explorer\ieuser.exe (Microsoft Corporation) PRC - C:\Windows\explorer.exe (Microsoft Corporation) PRC - C:\Programme\Spybot - Search & Destroy\SDWinSec.exe (Safer Networking Ltd.) PRC - C:\Programme\Windows Media Player\wmpnetwk.exe (Microsoft Corporation) PRC - C:\Programme\Windows Media Player\wmpnscfg.exe (Microsoft Corporation) PRC - C:\Programme\Windows Defender\MSASCui.exe (Microsoft Corporation) PRC - C:\Windows\RtHDVCpl.exe (Realtek Semiconductor) PRC - C:\Programme\T-Online\T-Online_Software_6\Notifier\Notifier.exe (fun communications GmbH, hxxp://www.fun.de) ========== Modules (SafeList) ========== MOD - C:\Users\User\Desktop\OTL.exe (OldTimer Tools) MOD - C:\Windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.6002.18305_none_5cb72f2a088b0ed3\comctl32.dll (Microsoft Corporation) ========== Win32 Services (SafeList) ========== SRV - (Akamai) -- c:\Programme\Common Files\Akamai\netsession_win_8832f4b.dll () SRV - (AntiVirSchedulerService) -- C:\Program Files\Avira\AntiVir Desktop\sched.exe (Avira GmbH) SRV - (AntiVirService) -- C:\Program Files\Avira\AntiVir Desktop\avguard.exe (Avira GmbH) SRV - (npggsvc) -- C:\Windows\System32\GameMon.des (INCA Internet Co., Ltd.) SRV - (SwitchBoard) -- C:\Program Files\Common Files\Adobe\SwitchBoard\SwitchBoard.exe (Adobe Systems Incorporated) SRV - (SBSDWSCService) -- C:\Programme\Spybot - Search & Destroy\SDWinSec.exe (Safer Networking Ltd.) SRV - (WinDefend) -- C:\Programme\Windows Defender\MpSvc.dll (Microsoft Corporation) ========== Driver Services (SafeList) ========== DRV - (avipbb) -- C:\Windows\System32\drivers\avipbb.sys (Avira GmbH) DRV - (avgntflt) -- C:\Windows\System32\drivers\avgntflt.sys (Avira GmbH) DRV - (atksgt) -- C:\Windows\System32\drivers\atksgt.sys () DRV - (lirsgt) -- C:\Windows\System32\drivers\lirsgt.sys () DRV - (MTOnlPktAlyX) -- C:\Programme\T-Online\T-Online_Software_6\Basis-Software\Basis1\MTOnlPktAlyx.sys (Deutsche Telekom AG AG, Marmiko IT-Solutions GmbH) DRV - (ssmdrv) -- C:\Windows\System32\drivers\ssmdrv.sys (Avira GmbH) DRV - (avgio) -- C:\Programme\Avira\AntiVir Desktop\avgio.sys (Avira GmbH) DRV - (Beep) -- C:\Windows\System32\beep.sys (Microsoft Corporation) DRV - (nvlddmkm) -- C:\Windows\System32\drivers\nvlddmkm.sys (NVIDIA Corporation) DRV - (JRAID) -- C:\Windows\system32\drivers\jraid.sys (JMicron Technology Corp.) DRV - (NVENETFD) -- C:\Windows\System32\drivers\nvmfdx32.sys (NVIDIA Corporation) DRV - (RTL8023xp) -- C:\Windows\System32\drivers\Rtnicxp.sys (Realtek Semiconductor Corporation ) DRV - (MTsensor) -- C:\Windows\System32\drivers\ASACPI.sys () DRV - (JGOGO) -- C:\Windows\system32\drivers\jgogo.sys (JMicron ) ========== Standard Registry (SafeList) ========== ========== Internet Explorer ========== IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = %SystemRoot%\system32\blank.htm IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = about:blank IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,StartPageCache = 1 IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 ========== FireFox ========== FF - prefs.js..browser.search.defaultenginename: "" FF - prefs.js..browser.search.defaultthis.engineName: "Search" FF - prefs.js..browser.search.defaulturl: "hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT2269050&SearchSource=3&q={searchTerms}" FF - prefs.js..browser.search.useDBForOrder: true FF - prefs.js..browser.startup.homepage: "www.google.de" FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}:6.0.20 FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA}:6.0.21 FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}:6.0.22 FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA}:6.0.23 FF - prefs.js..extensions.enabledItems: {23fcfd51-4958-4f00-80a3-ae97e717ed8b}:2.1.0.900 FF - prefs.js..extensions.enabledItems: {6904342A-8307-11DF-A508-4AE2DFD72085}:2.1.0.900 FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA}:6.0.24 FF - prefs.js..extensions.enabledItems: {ACAA314B-EEBA-48e4-AD47-84E31C44796C}:1.0.1 FF - prefs.js..keyword.URL: "hxxp://search.sweetim.com/search.asp?src=2&q=" FF - prefs.js..sweetim.toolbar.previous.browser.search.defaultenginename: "ICQ Search" FF - prefs.js..sweetim.toolbar.previous.browser.search.selectedEngine: "Google" FF - prefs.js..browser.startup.homepage: "google.de" FF - HKLM\software\mozilla\Mozilla Firefox 4.0.1\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2011.05.06 22:21:17 | 000,000,000 | ---D | M] FF - HKLM\software\mozilla\Mozilla Firefox 4.0.1\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2011.05.06 22:21:17 | 000,000,000 | ---D | M] [2010.01.31 20:11:51 | 000,000,000 | ---D | M] (No name found) -- C:\Users\User\AppData\Roaming\mozilla\Extensions [2011.05.17 21:47:30 | 000,000,000 | ---D | M] (No name found) -- C:\Users\User\AppData\Roaming\mozilla\Firefox\Profiles\jattuqq3.default\extensions [2011.03.30 16:23:40 | 000,000,000 | ---D | M] ("DVDVideoSoft Menu") -- C:\Users\User\AppData\Roaming\mozilla\Firefox\Profiles\jattuqq3.default\extensions\{ACAA314B-EEBA-48e4-AD47-84E31C44796C} [2011.05.09 01:11:51 | 000,000,944 | ---- | M] () -- C:\Users\User\AppData\Roaming\Mozilla\Firefox\Profiles\jattuqq3.default\searchplugins\icqplugin.xml [2011.01.19 14:24:17 | 000,002,057 | ---- | M] () -- C:\Users\User\AppData\Roaming\Mozilla\Firefox\Profiles\jattuqq3.default\searchplugins\youtube-videosuche.xml [2011.05.12 18:37:47 | 000,000,000 | ---D | M] (No name found) -- C:\Programme\Mozilla Firefox\extensions [2010.06.20 00:58:46 | 000,000,000 | ---D | M] (Java Console) -- C:\Programme\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA} [2010.10.11 09:58:55 | 000,000,000 | ---D | M] (Java Console) -- C:\Programme\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA} [2010.10.14 17:53:21 | 000,000,000 | ---D | M] (Java Console) -- C:\Programme\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA} [2011.01.13 18:44:50 | 000,000,000 | ---D | M] (Java Console) -- C:\Programme\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA} File not found (No name found) -- [2010.06.20 00:58:46 | 000,000,000 | ---D | M] (Java Console) -- C:\PROGRAM FILES\MOZILLA FIREFOX\EXTENSIONS\{CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA} [2010.10.11 09:58:55 | 000,000,000 | ---D | M] (Java Console) -- C:\PROGRAM FILES\MOZILLA FIREFOX\EXTENSIONS\{CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA} [2010.10.14 17:53:21 | 000,000,000 | ---D | M] (Java Console) -- C:\PROGRAM FILES\MOZILLA FIREFOX\EXTENSIONS\{CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA} [2011.01.13 18:44:50 | 000,000,000 | ---D | M] (Java Console) -- C:\PROGRAM FILES\MOZILLA FIREFOX\EXTENSIONS\{CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA} () (No name found) -- C:\USERS\USER\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\JATTUQQ3.DEFAULT\EXTENSIONS\DIVXWEBPLAYER@DIVX.COM.XPI [2010.02.05 04:02:44 | 000,000,000 | ---D | M] (Microsoft .NET Framework Assistant) -- C:\WINDOWS\MICROSOFT.NET\FRAMEWORK\V3.5\WINDOWS PRESENTATION FOUNDATION\DOTNETASSISTANTEXTENSION [2011.05.06 22:21:14 | 000,142,296 | ---- | M] (Mozilla Foundation) -- C:\Programme\Mozilla Firefox\components\browsercomps.dll [2011.02.02 22:40:24 | 000,472,808 | ---- | M] (Sun Microsystems, Inc.) -- C:\Programme\Mozilla Firefox\plugins\npdeployJava1.dll [2011.05.06 22:21:16 | 000,001,392 | ---- | M] () -- C:\Programme\Mozilla Firefox\searchplugins\amazondotcom-de.xml [2011.05.06 22:21:16 | 000,002,252 | ---- | M] () -- C:\Programme\Mozilla Firefox\searchplugins\bing.xml [2011.05.06 22:21:16 | 000,001,153 | ---- | M] () -- C:\Programme\Mozilla Firefox\searchplugins\eBay-de.xml [2011.05.06 22:21:16 | 000,006,805 | ---- | M] () -- C:\Programme\Mozilla Firefox\searchplugins\leo_ende_de.xml [2011.05.06 22:21:16 | 000,001,178 | ---- | M] () -- C:\Programme\Mozilla Firefox\searchplugins\wikipedia-de.xml [2011.05.06 22:21:16 | 000,001,105 | ---- | M] () -- C:\Programme\Mozilla Firefox\searchplugins\yahoo-de.xml O1 HOSTS File: ([2006.09.18 23:41:30 | 000,000,761 | ---- | M]) - C:\Windows\System32\drivers\etc\hosts O1 - Hosts: 127.0.0.1 localhost O1 - Hosts: ::1 localhost O2 - BHO: (Adobe PDF Reader) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Programme\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll (Adobe Systems Incorporated) O2 - BHO: (Spybot-S&D IE Protection) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Programme\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited) O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - No CLSID value found. O2 - BHO: (Windows Live Anmelde-Hilfsprogramm) - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Programme\Common Files\microsoft shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corporation) O2 - BHO: (no name) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - No CLSID value found. O4 - HKLM..\Run: [avgnt] C:\Program Files\Avira\AntiVir Desktop\avgnt.exe (Avira GmbH) O4 - HKLM..\Run: [NeroFilterCheck] C:\Programme\Common Files\Ahead\Lib\NeroCheck.exe (Nero AG) O4 - HKLM..\Run: [NvCplDaemon] C:\Windows\System32\NvCpl.dll (NVIDIA Corporation) O4 - HKLM..\Run: [NvMediaCenter] C:\Windows\System32\NvMcTray.dll (NVIDIA Corporation) O4 - HKLM..\Run: [NvSvc] C:\Windows\System32\nvsvc.dll (NVIDIA Corporation) O4 - HKLM..\Run: [RtHDVCpl] C:\Windows\RtHDVCpl.exe (Realtek Semiconductor) O4 - HKLM..\Run: [Windows Defender] C:\Program Files\Windows Defender\MSASCui.exe (Microsoft Corporation) O4 - HKCU..\Run: [WindowsWelcomeCenter] C:\Windows\System32\oobefldr.dll (Microsoft Corporation) O4 - HKCU..\Run: [WMPNSCFG] C:\Programme\Windows Media Player\wmpnscfg.exe (Microsoft Corporation) O8 - Extra context menu item: Free YouTube to Mp3 Converter - C:\Users\User\AppData\Roaming\DVDVideoSoftIEHelpers\freeyoutubetomp3converter.htm () O9 - Extra Button: ICQ7 - {88EB38EF-4D2C-436D-ABD3-56B232674062} - C:\Programme\ICQ7.0\ICQ.exe (ICQ, LLC.) O9 - Extra 'Tools' menuitem : ICQ7 - {88EB38EF-4D2C-436D-ABD3-56B232674062} - C:\Programme\ICQ7.0\ICQ.exe (ICQ, LLC.) O9 - Extra 'Tools' menuitem : Spybot - Search && Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Programme\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited) O10 - NameSpace_Catalog5\Catalog_Entries\000000000007 [] - C:\Programme\Bonjour\mdnsNSP.dll (Apple Inc.) O13 - gopher Prefix: missing O18 - Protocol\Handler\livecall {828030A1-22C1-4009-854F-8E305202313F} - C:\Programme\Windows Live\Messenger\msgrapp.14.0.8117.0416.dll (Microsoft Corporation) O18 - Protocol\Handler\msnim {828030A1-22C1-4009-854F-8E305202313F} - C:\Programme\Windows Live\Messenger\msgrapp.14.0.8117.0416.dll (Microsoft Corporation) O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Programme\Common Files\Skype\Skype4COM.dll (Skype Technologies) O18 - Protocol\Handler\wlmailhtml {03C514A3-1EFB-4856-9F99-10D7BE1653C0} - C:\Programme\Windows Live\Mail\mailcomm.dll (Microsoft Corporation) O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation) O24 - Desktop WallPaper: C:\Users\User\AppData\Roaming\Microsoft\Windows Photo Gallery\Hintergrundbild der Windows-Fotogalerie.jpg O24 - Desktop BackupWallPaper: C:\Users\User\AppData\Roaming\Microsoft\Windows Photo Gallery\Hintergrundbild der Windows-Fotogalerie.jpg O32 - HKLM CDRom: AutoRun - 1 O32 - AutoRun File - [2006.09.18 23:43:36 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ] O33 - MountPoints2\{9993bd10-54fc-11df-ac51-001fc6096b92}\Shell - "" = AutoRun O33 - MountPoints2\{9993bd10-54fc-11df-ac51-001fc6096b92}\Shell\AutoRun\command - "" = F:\SETUP.EXE O34 - HKLM BootExecute: (autocheck autochk *) - File not found O35 - HKLM\..comfile [open] -- "%1" %* O35 - HKLM\..exefile [open] -- "%1" %* O37 - HKLM\...com [@ = comfile] -- "%1" %* O37 - HKLM\...exe [@ = exefile] -- "%1" %* ========== Files/Folders - Created Within 30 Days ========== [2011.05.15 18:28:31 | 000,000,000 | ---D | C] -- C:\Users\User\Desktop\NDS [2011.05.13 19:45:28 | 000,000,000 | ---D | C] -- C:\_OTL [2011.05.12 18:44:42 | 000,580,608 | ---- | C] (OldTimer Tools) -- C:\Users\User\Desktop\OTL.exe [2011.05.11 18:47:51 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\CCleaner [2011.05.11 18:47:49 | 000,000,000 | ---D | C] -- C:\Programme\CCleaner [2011.05.11 13:44:37 | 000,000,000 | ---D | C] -- C:\Users\User\AppData\Roaming\Malwarebytes [2011.05.11 13:43:45 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes' Anti-Malware [2011.05.11 13:43:44 | 000,038,224 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbamswissarmy.sys [2011.05.11 13:43:43 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes [2011.05.11 13:43:39 | 000,000,000 | ---D | C] -- C:\Programme\Malwarebytes' Anti-Malware [2011.05.11 02:49:51 | 000,000,000 | ---D | C] -- C:\ProgramData\TEMP [2011.05.11 02:35:08 | 000,000,000 | ---D | C] -- C:\Users\User\Documents\Simply Super Software [2011.05.11 02:34:58 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Trojan Remover [2011.05.11 02:34:55 | 000,069,632 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ztvcabinet.dll [2011.05.11 02:34:52 | 000,000,000 | ---D | C] -- C:\Programme\Trojan Remover [2011.05.11 02:34:52 | 000,000,000 | ---D | C] -- C:\Users\User\AppData\Roaming\Simply Super Software [2011.05.11 02:34:52 | 000,000,000 | ---D | C] -- C:\ProgramData\Simply Super Software [2011.05.07 16:09:51 | 000,006,144 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\beep.sys [2011.04.27 05:41:27 | 004,240,384 | ---- | C] (Microsoft) -- C:\Windows\System32\GameUXLegacyGDFs.dll [2011.04.27 05:41:27 | 000,028,672 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\Apphlpdm.dll [2011.04.27 05:41:20 | 000,876,032 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\XpsPrint.dll [2011.04.22 19:46:21 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Ventrilo [2011.04.22 19:46:18 | 000,000,000 | ---D | C] -- C:\Programme\Ventrilo ========== Files - Modified Within 30 Days ========== [2011.05.19 03:34:38 | 000,003,216 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0 [2011.05.19 03:34:38 | 000,003,216 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0 [2011.05.19 03:34:14 | 003,624,200 | ---- | M] () -- C:\Windows\System32\FNTCACHE.DAT [2011.05.19 03:33:51 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat [2011.05.19 03:32:10 | 000,114,036 | ---- | M] () -- C:\Users\User\Documents\cc_20110519_033204.reg [2011.05.19 03:22:21 | 000,089,088 | ---- | M] () -- C:\Windows\System32\mbr.exe [2011.05.19 03:22:21 | 000,089,088 | ---- | M] () -- C:\Users\User\Desktop\mbr.exe [2011.05.19 03:07:00 | 000,001,116 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-1763264499-3753471517-4276012898-1000UA.job [2011.05.19 02:20:48 | 000,628,504 | ---- | M] () -- C:\Windows\System32\perfh007.dat [2011.05.19 02:20:48 | 000,595,798 | ---- | M] () -- C:\Windows\System32\perfh009.dat [2011.05.19 02:20:48 | 000,126,248 | ---- | M] () -- C:\Windows\System32\perfc007.dat [2011.05.19 02:20:48 | 000,103,872 | ---- | M] () -- C:\Windows\System32\perfc009.dat [2011.05.19 02:19:18 | 000,302,080 | ---- | M] () -- C:\Users\User\Desktop\x4u6ns7u.exe [2011.05.19 01:15:14 | 000,232,960 | ---- | M] () -- C:\Users\User\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini [2011.05.19 00:22:23 | 000,000,049 | ---- | M] () -- C:\Windows\NeroDigital.ini [2011.05.18 10:07:00 | 000,001,064 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-1763264499-3753471517-4276012898-1000Core.job [2011.05.15 19:42:14 | 002,970,957 | ---- | M] () -- C:\Users\User\Desktop\A.SNA [2011.05.15 18:32:10 | 000,000,503 | ---- | M] () -- C:\Users\User\Desktop\NO$GBA - Verknüpfung.lnk [2011.05.15 14:09:19 | 000,002,037 | ---- | M] () -- C:\Users\User\Desktop\Google Chrome.lnk [2011.05.12 18:44:45 | 000,580,608 | ---- | M] (OldTimer Tools) -- C:\Users\User\Desktop\OTL.exe [2011.05.12 18:31:01 | 000,000,230 | ---- | M] () -- C:\Users\User\Desktop\Run.lnk [2011.05.12 18:14:32 | 000,002,110 | ---- | M] () -- C:\Users\User\Desktop\T-Online 6.0.lnk [2011.05.11 18:47:51 | 000,000,804 | ---- | M] () -- C:\Users\Public\Desktop\CCleaner.lnk [2011.05.11 13:43:45 | 000,000,906 | ---- | M] () -- C:\Users\Public\Desktop\Malwarebytes' Anti-Malware.lnk [2011.05.11 02:34:58 | 000,000,936 | ---- | M] () -- C:\Users\Public\Desktop\Trojan Remover.lnk [2011.05.08 20:11:42 | 000,002,110 | ---- | M] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\T-Online 6.0.lnk [2011.05.08 20:11:32 | 000,000,858 | ---- | M] () -- C:\Users\User\Desktop\Mozilla Firefox.lnk [2011.05.03 22:00:33 | 000,019,014 | ---- | M] () -- C:\Users\User\Desktop\English Abi.rtf [2011.04.22 19:46:28 | 000,000,262 | ---- | M] () -- C:\Windows\{789289CA-F73A-4A16-A331-54D498CE069F}_WiseFW.ini ========== Files Created - No Company Name ========== [2011.05.19 03:32:07 | 000,114,036 | ---- | C] () -- C:\Users\User\Documents\cc_20110519_033204.reg [2011.05.19 03:27:21 | 000,089,088 | ---- | C] () -- C:\Windows\System32\mbr.exe [2011.05.19 03:22:19 | 000,089,088 | ---- | C] () -- C:\Users\User\Desktop\mbr.exe [2011.05.19 02:19:14 | 000,302,080 | ---- | C] () -- C:\Users\User\Desktop\x4u6ns7u.exe [2011.05.15 19:42:14 | 002,970,957 | ---- | C] () -- C:\Users\User\Desktop\A.SNA [2011.05.15 18:32:10 | 000,000,503 | ---- | C] () -- C:\Users\User\Desktop\NO$GBA - Verknüpfung.lnk [2011.05.15 17:48:19 | 268,435,456 | ---- | C] () -- C:\Users\User\Desktop\sss.nds [2011.05.15 17:48:06 | 268,435,456 | ---- | C] () -- C:\Users\User\Desktop\Pokemon Black.nds [2011.05.12 18:31:01 | 000,000,230 | ---- | C] () -- C:\Users\User\Desktop\Run.lnk [2011.05.12 18:14:32 | 000,002,110 | ---- | C] () -- C:\Users\User\Desktop\T-Online 6.0.lnk [2011.05.11 18:47:51 | 000,000,804 | ---- | C] () -- C:\Users\Public\Desktop\CCleaner.lnk [2011.05.11 13:43:45 | 000,000,906 | ---- | C] () -- C:\Users\Public\Desktop\Malwarebytes' Anti-Malware.lnk [2011.05.11 02:34:58 | 000,000,936 | ---- | C] () -- C:\Users\Public\Desktop\Trojan Remover.lnk [2011.05.11 02:34:55 | 000,162,304 | ---- | C] () -- C:\Windows\System32\ztvunrar36.dll [2011.05.11 02:34:55 | 000,153,088 | ---- | C] () -- C:\Windows\System32\UNRAR3.dll [2011.05.11 02:34:55 | 000,077,312 | ---- | C] () -- C:\Windows\System32\ztvunace26.dll [2011.05.11 02:34:55 | 000,075,264 | ---- | C] () -- C:\Windows\System32\unacev2.dll [2011.05.08 20:11:42 | 000,002,110 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\T-Online 6.0.lnk [2011.05.08 20:11:32 | 000,000,858 | ---- | C] () -- C:\Users\User\Desktop\Mozilla Firefox.lnk [2011.05.06 22:21:18 | 000,000,858 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Mozilla Firefox.lnk [2011.05.03 21:46:06 | 000,019,014 | ---- | C] () -- C:\Users\User\Desktop\English Abi.rtf [2011.04.22 19:46:15 | 000,000,262 | ---- | C] () -- C:\Windows\{789289CA-F73A-4A16-A331-54D498CE069F}_WiseFW.ini [2011.03.05 23:42:40 | 000,151,301 | ---- | C] () -- C:\Windows\Proteinbiosynthese Uninstaller.exe [2010.10.13 16:59:57 | 000,281,504 | ---- | C] () -- C:\Windows\System32\drivers\atksgt.sys [2010.10.13 16:59:55 | 000,025,888 | ---- | C] () -- C:\Windows\System32\drivers\lirsgt.sys [2010.07.21 16:52:33 | 000,000,552 | ---- | C] () -- C:\Users\User\AppData\Local\d3d8caps.dat [2010.07.07 21:07:25 | 000,232,960 | ---- | C] () -- C:\Users\User\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini [2010.07.07 00:34:57 | 000,000,760 | ---- | C] () -- C:\Users\User\AppData\Roaming\setup_ldm.iss [2010.05.01 11:58:13 | 000,000,683 | ---- | C] () -- C:\Windows\wininit.ini [2010.03.13 19:00:28 | 000,000,049 | ---- | C] () -- C:\Windows\NeroDigital.ini [2010.02.18 19:56:12 | 000,000,056 | -H-- | C] () -- C:\ProgramData\ezsidmv.dat [2010.02.02 10:15:29 | 000,117,248 | ---- | C] () -- C:\Windows\System32\EhStorAuthn.dll [2010.02.02 10:15:29 | 000,107,612 | ---- | C] () -- C:\Windows\System32\StructuredQuerySchema.bin [2010.02.02 02:12:18 | 000,018,904 | ---- | C] () -- C:\Windows\System32\StructuredQuerySchemaTrivial.bin [2010.02.01 17:52:59 | 000,000,088 | RHS- | C] () -- C:\ProgramData\106B5E8615.sys [2010.02.01 17:52:58 | 000,002,828 | -HS- | C] () -- C:\ProgramData\KGyGaAvL.sys [2008.10.07 09:13:30 | 000,197,912 | ---- | C] () -- C:\Windows\System32\physxcudart_20.dll [2008.10.07 09:13:22 | 000,058,648 | ---- | C] () -- C:\Windows\System32\AgCPanelTraditionalChinese.dll [2008.10.07 09:13:20 | 000,058,648 | ---- | C] () -- C:\Windows\System32\AgCPanelSwedish.dll [2008.10.07 09:13:20 | 000,058,648 | ---- | C] () -- C:\Windows\System32\AgCPanelSpanish.dll [2008.10.07 09:13:20 | 000,058,648 | ---- | C] () -- C:\Windows\System32\AgCPanelSimplifiedChinese.dll [2008.10.07 09:13:20 | 000,058,648 | ---- | C] () -- C:\Windows\System32\AgCPanelPortugese.dll [2008.10.07 09:13:20 | 000,058,648 | ---- | C] () -- C:\Windows\System32\AgCPanelKorean.dll [2008.10.07 09:13:20 | 000,058,648 | ---- | C] () -- C:\Windows\System32\AgCPanelJapanese.dll [2008.10.07 09:13:20 | 000,058,648 | ---- | C] () -- C:\Windows\System32\AgCPanelGerman.dll [2008.10.07 09:13:20 | 000,058,648 | ---- | C] () -- C:\Windows\System32\AgCPanelFrench.dll [2008.02.13 23:35:20 | 000,007,680 | ---- | C] () -- C:\Windows\System32\drivers\ASACPI.sys [2008.02.13 14:44:41 | 000,001,732 | ---- | C] () -- C:\Windows\System32\drivers\nvphy.bin [2008.01.21 10:21:25 | 000,628,504 | ---- | C] () -- C:\Windows\System32\perfh007.dat [2008.01.21 10:21:25 | 000,290,748 | ---- | C] () -- C:\Windows\System32\perfi007.dat [2008.01.21 10:21:25 | 000,126,248 | ---- | C] () -- C:\Windows\System32\perfc007.dat [2008.01.21 10:21:25 | 000,036,916 | ---- | C] () -- C:\Windows\System32\perfd007.dat [2006.11.02 14:53:49 | 000,067,584 | --S- | C] () -- C:\Windows\bootstat.dat [2006.11.02 14:44:53 | 003,624,200 | ---- | C] () -- C:\Windows\System32\FNTCACHE.DAT [2006.11.02 12:33:01 | 000,595,798 | ---- | C] () -- C:\Windows\System32\perfh009.dat [2006.11.02 12:33:01 | 000,287,440 | ---- | C] () -- C:\Windows\System32\perfi009.dat [2006.11.02 12:33:01 | 000,103,872 | ---- | C] () -- C:\Windows\System32\perfc009.dat [2006.11.02 12:33:01 | 000,030,674 | ---- | C] () -- C:\Windows\System32\perfd009.dat [2006.11.02 12:23:21 | 000,215,943 | ---- | C] () -- C:\Windows\System32\dssec.dat [2006.11.02 10:58:30 | 000,043,131 | ---- | C] () -- C:\Windows\mib.bin [2006.11.02 10:19:00 | 000,000,741 | ---- | C] () -- C:\Windows\System32\NOISE.DAT [2006.11.02 09:40:29 | 000,013,750 | ---- | C] () -- C:\Windows\System32\pacerprf.ini [2006.11.02 09:25:31 | 000,673,088 | ---- | C] () -- C:\Windows\System32\mlang.dat [1999.01.27 13:39:06 | 000,065,024 | ---- | C] () -- C:\Windows\System32\indounin.dll [1997.11.17 17:13:16 | 000,010,240 | ---- | C] () -- C:\Windows\System32\vidx16.dll [1997.06.13 07:56:08 | 000,056,832 | ---- | C] () -- C:\Windows\System32\Iyvu9_32.dll ========== Files - Unicode (All) ========== [2010.11.05 11:08:08 | 000,000,000 | ---D | M](C:\Users\User\Documents\?? ???) -- C:\Users\User\Documents\넥슨 플러그 [2010.11.05 11:08:08 | 000,000,000 | ---D | C](C:\Users\User\Documents\?? ???) -- C:\Users\User\Documents\넥슨 플러그 < End of report > Code:
ATTFilter OTL Extras logfile created on: 19.05.2011 03:37:08 - Run 4
OTL by OldTimer - Version 3.2.22.3 Folder = C:\Users\User\Desktop
Windows Vista Home Basic Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation
Internet Explorer (Version = 7.0.6002.18005)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
2,00 Gb Total Physical Memory | 1,00 Gb Available Physical Memory | 54,00% Memory free
4,00 Gb Paging File | 3,00 Gb Available in Paging File | 77,00% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 223,04 Gb Total Space | 124,63 Gb Free Space | 55,88% Space Free | Partition Type: NTFS
Computer Name: USER-PC | User Name: User | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
========== Extra Registry (SafeList) ==========
========== File Associations ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- C:\Windows\System32\control.exe (Microsoft Corporation)
.hlp [@ = hlpfile] -- C:\Windows\winhlp32.exe (Microsoft Corporation)
.url [@ = InternetShortcut] -- rundll32.exe ieframe.dll,OpenURL %l
[HKEY_CURRENT_USER\SOFTWARE\Classes\<extension>]
.html [@ = FirefoxHTML] -- C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation)
========== Shell Spawning ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
hlpfile [open] -- %SystemRoot%\winhlp32.exe %1 (Microsoft Corporation)
htmlfile [edit] -- Reg Error: Key error.
htmlfile [print] -- rundll32.exe %windir%\system32\mshtml.dll,PrintHTML "%1"
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
InternetShortcut [open] -- rundll32.exe ieframe.dll,OpenURL %l
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [AddToPlaylistVLC] -- "C:\Program Files\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" ()
Directory [Bridge] -- C:\Program Files\Adobe\Adobe Bridge CS5\Bridge.exe "%L" (Adobe Systems, Inc.)
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [PlayWithVLC] -- "C:\Program Files\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" ()
Folder [open] -- %SystemRoot%\Explorer.exe /separate,/idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /separate,/e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
========== Security Center Settings ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0
"VistaSp1" = Reg Error: Unknown registry data type -- File not found
"VistaSp2" = Reg Error: Unknown registry data type -- File not found
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]
========== Firewall Settings ==========
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0
"DoNotAllowExceptions" = 0
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0
"DoNotAllowExceptions" = 0
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0
========== Authorized Applications List ==========
========== Vista Active Open Ports Exception List ==========
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{580246D6-51C8-47D5-BEA9-00C3A4B26B42}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=svchost.exe |
"{6A171A92-C1F9-4C66-86AD-0A2BE8C8190D}" = lport=49165 | protocol=6 | dir=in | name=akamai netsession interface |
"{763A29CB-B868-4856-B660-753B473979C8}" = lport=2869 | protocol=6 | dir=in | app=system |
"{9BD8253D-80D8-4D15-B67F-2C7DA7358A1E}" = lport=49164 | protocol=6 | dir=in | name=akamai netsession interface |
"{C7245120-CD4D-43BD-8C08-5A8E7693437F}" = lport=5000 | protocol=17 | dir=in | name=akamai netsession interface |
"{DE585BCD-F020-4AE4-8FAF-8CC98F955420}" = lport=5000 | protocol=17 | dir=in | name=akamai netsession interface |
========== Vista Active Application Exception List ==========
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{1B530998-F061-4296-9A30-614D3D6573CD}" = protocol=17 | dir=in | app=c:\program files\icq7.0\icq.exe |
"{36A0121F-18EB-42B7-AEE5-F4861B3D01D5}" = protocol=6 | dir=in | app=c:\program files\icq7.0\icq.exe |
"{4A87644B-1AB1-472C-9B29-C79DC70F46E3}" = protocol=17 | dir=in | app=c:\program files\icq7.0\aolload.exe |
"{4E18EF97-B8FF-4219-9F78-715700C5DB44}" = protocol=6 | dir=in | app=c:\gamigo\loong\launcher.exe |
"{5373CE04-8EDA-4D0F-A6F6-0AD68F2C177B}" = protocol=17 | dir=in | app=c:\programdata\nexoneu\ngm\ngm.exe |
"{5AE2864A-F7B8-4D91-A40A-DF821D0941CB}" = protocol=17 | dir=in | app=c:\gamigo\loong\launcher.exe |
"{6930FB1D-2D26-40E5-90E0-B5244D275B00}" = protocol=17 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe |
"{6B683A82-FDBE-4A78-88B8-B2D20D49B20F}" = protocol=6 | dir=in | app=c:\program files\icq7.0\aolload.exe |
"{7A9D848F-2D18-426C-A3C4-C16D9D0C1444}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{88026AD3-26FF-4C91-8B5C-C47E6AF5F64C}" = protocol=6 | dir=in | app=c:\program files\icq7.0\icq.exe |
"{894D3D0A-2915-4377-A5FB-B93A4FCFB66C}" = protocol=17 | dir=in | app=c:\program files\ventrilo\ventrilo.exe |
"{8E2B0961-7FC7-41FF-A787-F1EC3A656F2F}" = dir=in | app=c:\program files\itunes\itunes.exe |
"{A38469D5-023B-487D-BC49-B84C9D18DC97}" = protocol=6 | dir=in | app=c:\program files\icq7.0\aolload.exe |
"{B48A0EB1-57BD-4848-BA89-50F1A4633F73}" = protocol=6 | dir=in | app=c:\programdata\nexoneu\ngm\ngm.exe |
"{BECCF2BF-3782-4D1D-B7D0-79489DAC5B99}" = dir=in | app=c:\program files\windows live\messenger\msnmsgr.exe |
"{C46CF48F-3350-4886-8A92-6C32F731C34E}" = protocol=17 | dir=in | app=c:\program files\icq7.0\aolload.exe |
"{C5939EA9-4B02-494D-A471-6909BEB73884}" = protocol=6 | dir=in | app=c:\program files\ventrilo\ventrilo.exe |
"{DFC6D880-47D0-402A-A20A-72CC5BB5150A}" = protocol=6 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe |
"{FAD2CBFA-30C7-4EFB-8B31-31F7B1F3C6AC}" = protocol=17 | dir=in | app=c:\program files\icq7.0\icq.exe |
"TCP Query User{647C7D15-E698-4BFF-ACEB-7CD2FAED5A75}C:\program files\mozilla firefox\firefox.exe" = protocol=6 | dir=in | app=c:\program files\mozilla firefox\firefox.exe |
"TCP Query User{C0391192-51B8-4E5C-B1DB-B6B83A007076}C:\program files\videolan\vlc\vlc.exe" = protocol=6 | dir=in | app=c:\program files\videolan\vlc\vlc.exe |
"UDP Query User{168D25D1-B6BF-4DE0-94EE-D3D5FBCA6731}C:\program files\mozilla firefox\firefox.exe" = protocol=17 | dir=in | app=c:\program files\mozilla firefox\firefox.exe |
"UDP Query User{34D309CF-3B87-470F-984C-24B1B6C46689}C:\program files\videolan\vlc\vlc.exe" = protocol=17 | dir=in | app=c:\program files\videolan\vlc\vlc.exe |
========== HKEY_LOCAL_MACHINE Uninstall List ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{002D9D5E-29BA-3E6D-9BC4-3D7D6DBC735C}" = Microsoft Visual C++ 2008 ATL Update kb973924 - x86 9.0.30729.4148
"{015C0A2E-3837-4BAC-9AEC-4E7D84808035}" = Loong
"{033E378E-6AD3-4AD5-BDEB-CBD69B31046C}" = Microsoft_VC90_ATL_x86
"{052FDD78-A6EA-3187-8386-C82F4CA3A929}" = Microsoft .NET Framework 3.5 Language Pack SP1 - deu
"{08D2E121-7F6A-43EB-97FD-629B44903403}" = Microsoft_VC90_CRT_x86
"{0D2DBE8A-43D0-7830-7AE7-CA6C99A832E7}" = Adobe Community Help
"{0F3647F8-E51D-4FCC-8862-9A8D0C5ACF25}" = Microsoft_VC80_ATL_x86
"{15FEDA5F-141C-4127-8D7E-B962D1742728}" = Adobe Photoshop CS5
"{1C4551A6-4743-4093-91E4-1477CD655043}" = NVIDIA PhysX
"{205C6BDD-7B73-42DE-8505-9A093F35A238}" = Windows Live-Uploadtool
"{22B775E7-6C42-4FC5-8E10-9A5E3257BD94}" = MSVCRT
"{295C31E5-3F91-498E-9623-DA24D2FA2B6A}" = T-Online WLAN-Access Finder
"{2A981294-F14C-4F0F-9627-D793270922F8}" = Bonjour
"{2EA870FA-585F-4187-903D-CB9FFD21E2E0}" = DHTML Editing Component
"{3175E049-F9A9-4A3D-8F19-AC9FB04514D1}" = Windows Live Communications Platform
"{3C3901C5-3455-3E0A-A214-0B093A5070A6}" = Microsoft .NET Framework 4 Client Profile
"{52B97218-98CB-4B8B-9283-D213C85E1AA4}" = Windows Live Anmelde-Assistent
"{56C049BE-79E9-4502-BEA7-9754A3E60F9B}" = neroxml
"{57752979-A1C9-4C02-856B-FBB27AC4E02C}" = QuickTime
"{5BF5F9C5-E95B-4AFA-94BE-F2A9CA73B61D}" = Apple Mobile Device Support
"{635FED5B-2C6D-49BE-87E6-7A6FCD22BC5A}" = Microsoft_VC90_MFC_x86
"{6956856F-B6B3-4BE0-BA0B-8F495BE32033}" = Apple Software Update
"{69FDFBB6-351D-4B8C-89D8-867DC9D0A2A4}" = Windows Media Player Firefox Plugin
"{7299052b-02a4-4627-81f2-1818da5d550d}" = Microsoft Visual C++ 2005 Redistributable
"{770657D0-A123-3C07-8E44-1C83EC895118}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
"{789289CA-F73A-4A16-A331-54D498CE069F}" = Ventrilo Client
"{847CAE64-4CD2-4B2D-AF00-978FF5431031}" = Nero 7 Essentials
"{86CE85E6-DBAC-3FFD-B977-E4B79F83C909}" = Microsoft Visual C++ 2008 Redistributable - KB2467174 - x86 9.0.30729.5570
"{88EB38EF-4D2C-436D-ABD3-56B232674062}" = ICQ7
"{8D1E61D1-1395-4E97-997F-D002DB3A5074}" = OpenOffice.org 3.2
"{8E5233E1-7495-44FB-8DEB-4BE906D59619}" = Junk Mail filter update
"{92D58719-BBC1-4CC3-A08B-56C9E884CC2C}" = Microsoft_VC80_CRT_x86
"{95120000-00B9-0409-0000-0000000FF1CE}" = Microsoft Application Error Reporting
"{95140000-00AF-0407-0000-0000000FF1CE}" = Microsoft PowerPoint Viewer
"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
"{a0fe116e-9a8a-466f-aee0-625cb7c207e3}" = Microsoft Visual C++ 2005 Redistributable - KB2467175
"{A2BCA9F1-566C-4805-97D1-7FDC93386723}" = Adobe AIR
"{A78FE97A-C0C8-49CE-89D0-EDD524A17392}" = PDF Settings CS5
"{AAD47011-8518-4608-9656-951DA35B587B}" = iTunes
"{AC76BA86-7AD7-1031-7B44-A80000000002}" = Adobe Reader 8 - Deutsch
"{AED2DD42-9853-407E-A6BC-8A1D6B715909}" = Windows Live Messenger
"{B1275E23-717A-4D52-997A-1AD1E24BC7F3}" = T-Online 6.0
"{B4092C6D-E886-4CB2-BA68-FE5A88D31DE6}_is1" = Spybot - Search & Destroy
"{C4D738F7-996A-4C81-B8FA-C4E26D767E41}" = Windows Live Mail
"{CAFA57E8-8927-4912-AFCF-B0AA3837E989}" = Windows Live Essentials
"{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1
"{CF8C077A-B467-4C43-8DB5-3A9B94FF9681}" = LightScribe System Software 1.12.29.2
"{D103C4BA-F905-437A-8049-DB24763BBE36}" = Skype™ 4.2
"{D1A19B02-817E-4296-A45B-07853FD74D57}" = Microsoft_VC80_MFC_x86
"{D2041A37-5FEC-49F0-AE5C-3F2FFDFAA4F4}" = Windows Live Call
"{D92BBB52-82FF-42ED-8A3C-4E062F944AB7}" = Microsoft_VC80_MFCLOC_x86
"{DE3A9DC5-9A5D-6485-9662-347162C7E4CA}" = Adobe Media Player
"{EE6097DD-05F4-4178-9719-D3170BF098E8}" = Apple Application Support
"{F0E12BBA-AD66-4022-A453-A1C8A0C4D570}" = Microsoft Choice Guard
"{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver
"{F750C986-5310-3A5A-95F8-4EC71C8AC01C}" = Microsoft .NET Framework 4 Client Profile DEU Language Pack
"Adobe AIR" = Adobe AIR
"Adobe Flash Player Plugin" = Adobe Flash Player 10 Plugin
"Akamai" = Akamai NetSession Interface
"Avira AntiVir Desktop" = Avira AntiVir Personal - Free Antivirus
"CamStudio" = CamStudio
"CCleaner" = CCleaner
"chc.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1" = Adobe Community Help
"com.adobe.amp.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1" = Adobe Media Player
"DivX Setup.divx.com" = DivX-Setup
"Free Audio CD Burner_is1" = Free Audio CD Burner version 1.4.7
"Free YouTube to MP3 Converter_is1" = Free YouTube to MP3 Converter version 3.9.35.324
"HaaliMkx" = Haali Media Splitter
"JDownloader" = JDownloader
"Malwarebytes' Anti-Malware_is1" = Malwarebytes' Anti-Malware
"Microsoft .NET Framework 3.5 Language Pack SP1 - deu" = Microsoft .NET Framework 3.5 Language Pack SP1 - DEU
"Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1
"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile
"Microsoft .NET Framework 4 Client Profile DEU Language Pack" = Microsoft .NET Framework 4 Client Profile DEU Language Pack
"Mozilla Firefox 4.0.1 (x86 de)" = Mozilla Firefox 4.0.1 (x86 de)
"NVIDIA Drivers" = NVIDIA Drivers
"Proteinbiosynthese" = Proteinbiosynthese
"ShockwaveFlash" = Adobe Flash Player 9 ActiveX
"TeamSpeak 3 Client" = TeamSpeak 3 Client
"Trojan Remover_is1" = Trojan Remover 6.8.2
"Uninstall_is1" = Uninstall 1.0.0.1
"VLC media player" = VLC media player 1.0.5
"WinLiveSuite_Wave3" = Windows Live Essentials
"WinRAR archiver" = WinRAR
========== HKEY_CURRENT_USER Uninstall List ==========
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"Google Chrome" = Google Chrome
"PhotoFiltre" = PhotoFiltre
========== Last 10 Event Log Errors ==========
[ Application Events ]
Error - 10.05.2011 19:18:44 | Computer Name = User-PC | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: Continuously busy for more than a second
Error - 10.05.2011 19:18:44 | Computer Name = User-PC | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: m->NextScheduledEvent 6193
Error - 10.05.2011 19:18:44 | Computer Name = User-PC | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: m->NextScheduledSPRetry 6193
Error - 10.05.2011 19:18:45 | Computer Name = User-PC | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: Continuously busy for more than a second
Error - 10.05.2011 19:18:45 | Computer Name = User-PC | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: m->NextScheduledEvent 7191
Error - 10.05.2011 19:18:45 | Computer Name = User-PC | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: m->NextScheduledSPRetry 7191
Error - 10.05.2011 19:18:46 | Computer Name = User-PC | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: Continuously busy for more than a second
Error - 10.05.2011 19:18:46 | Computer Name = User-PC | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: m->NextScheduledEvent 8236
Error - 10.05.2011 19:18:46 | Computer Name = User-PC | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: m->NextScheduledSPRetry 8236
Error - 10.05.2011 20:37:50 | Computer Name = User-PC | Source = WinMgmt | ID = 10
Description =
[ System Events ]
Error - 12.05.2011 09:13:57 | Computer Name = User-PC | Source = RasMan | ID = 20062
Description = Interner Fehler: Das Trennen an PPPoE2-0 endete zwar vollständig,
aber mit einem Fehler. PPPoE2-0
Error - 12.05.2011 12:18:12 | Computer Name = User-PC | Source = Service Control Manager | ID = 7026
Description =
Error - 12.05.2011 12:41:53 | Computer Name = User-PC | Source = Service Control Manager | ID = 7026
Description =
Error - 13.05.2011 13:48:38 | Computer Name = User-PC | Source = Service Control Manager | ID = 7026
Description =
Error - 14.05.2011 00:26:32 | Computer Name = User-PC | Source = EventLog | ID = 6008
Description = Das System wurde zuvor am 14.05.2011 um 06:21:16 unerwartet heruntergefahren.
Error - 14.05.2011 00:26:54 | Computer Name = User-PC | Source = Service Control Manager | ID = 7026
Description =
Error - 14.05.2011 12:38:20 | Computer Name = User-PC | Source = EventLog | ID = 6008
Description = Das System wurde zuvor am 14.05.2011 um 18:36:32 unerwartet heruntergefahren.
Error - 14.05.2011 12:38:41 | Computer Name = User-PC | Source = Service Control Manager | ID = 7026
Description =
Error - 18.05.2011 20:15:32 | Computer Name = User-PC | Source = Service Control Manager | ID = 7026
Description =
Error - 18.05.2011 21:34:19 | Computer Name = User-PC | Source = Service Control Manager | ID = 7026
Description =
< End of report >
Geändert von Timcanpy (19.05.2011 um 02:44 Uhr) |
|
21.05.2011, 06:42
| #11 |
| /// Helfer-Team | Google spinnt bei mir! Tojaner oder Maleware, weiss ich nicht x_x TDSSKiller von Kaspersky
__________________ Warnung!: Vorsicht beim Rechnungen per Email mit ZIP-Datei als Anhang! Kann mit einen Verschlüsselungs-Trojaner infiziert sein! Anhang nicht öffnen, in unserem Forum erst nachfragen! Sichere regelmäßig deine Daten, auf CD/DVD, USB-Sticks oder externe Festplatten, am besten 2x an verschiedenen Orten! Bitte diese Warnung weitergeben, wo Du nur kannst! |
|
22.05.2011, 16:14
| #12 |
| | Google spinnt bei mir! Tojaner oder Maleware, weiss ich nicht x_x Irgendwie funktioniert das Programm nicht. Ich hab's auf den Desktop entpackt und versuche es zu Starten. Das klappt aber nicht. |
|
23.05.2011, 00:13
| #13 |
| /// Helfer-Team | Google spinnt bei mir! Tojaner oder Maleware, weiss ich nicht x_x - Hast Du mit Rechtsklick drauf als Administrator ausgeführt? wenn nicht, versuche so bitte nochmal! wenn geht trotzdem nicht dann: MBR mit aswMBR von Avast wiederherstellen Lade aswMBR.exe von Avast herunter und speichere das Tool auf deinem Desktop (nicht woanders hin). XP Benutzer: Doppelklick auf die aswMBR.exe, um das Tool zu starten. Vista und Windows 7 Benutzer: Rechtsklick auf die aswMBR.exe und Als Administrator starten wählen. Es wird sich ein Eingabe-Fenster mit einigen Angaben öffnen. Klicke Scan, um den Suchlauf zu starten. Wenn der Scan beendet ist, was mit Scan finished sucessfull! angezeigt und eine MBR-Infektion gemeldet wird, klicke Fix (bei TLD) oder FixMBR (bei Whistler), um den MBR wiederherzustellen.
__________________ Warnung!: Vorsicht beim Rechnungen per Email mit ZIP-Datei als Anhang! Kann mit einen Verschlüsselungs-Trojaner infiziert sein! Anhang nicht öffnen, in unserem Forum erst nachfragen! Sichere regelmäßig deine Daten, auf CD/DVD, USB-Sticks oder externe Festplatten, am besten 2x an verschiedenen Orten! Bitte diese Warnung weitergeben, wo Du nur kannst! |
|
25.05.2011, 21:38
| #14 |
| | Google spinnt bei mir! Tojaner oder Maleware, weiss ich nicht x_x hab die MBR wiederhergestellt, nur klappt TDSkiller immer noch nicht |
|
25.05.2011, 22:15
| #15 | |
| /// Helfer-Team | Google spinnt bei mir! Tojaner oder Maleware, weiss ich nicht x_xZitat:
mittles Wiederherstellungskonsole, dann den Befehl "bootrec.exe /FixMbr"?
__________________ Warnung!: Vorsicht beim Rechnungen per Email mit ZIP-Datei als Anhang! Kann mit einen Verschlüsselungs-Trojaner infiziert sein! Anhang nicht öffnen, in unserem Forum erst nachfragen! Sichere regelmäßig deine Daten, auf CD/DVD, USB-Sticks oder externe Festplatten, am besten 2x an verschiedenen Orten! Bitte diese Warnung weitergeben, wo Du nur kannst! |
|
| Themen zu Google spinnt bei mir! Tojaner oder Maleware, weiss ich nicht x_x |
| andere, avira, bereich, destroy, entfernen, falsche, gen, google, laufen, links, maleware, problem, remover, search, seite, seiten, spinn, spinnt, spybot, suche, tojaner, trojaner, trojanern, versucht, wirklich |
.
Linear-Darstellung
