| |
| |||||||
Plagegeister aller Art und deren Bekämpfung: Auf dem PC entdeckt SpyEyes / Exploits EXP/CVE-2010-4452.AWindows 7 Wenn Du nicht sicher bist, ob Du dir Malware oder Trojaner eingefangen hast, erstelle hier ein Thema. Ein Experte wird sich mit weiteren Anweisungen melden und Dir helfen die Malware zu entfernen oder Unerwünschte Software zu deinstallieren bzw. zu löschen. Bitte schildere dein Problem so genau wie möglich. Sollte es ein Trojaner oder Viren Problem sein wird ein Experte Dir bei der Beseitigug der Infektion helfen. |
| |
23.05.2011, 21:09
| #1 |
 |  Auf dem PC entdeckt SpyEyes / Exploits EXP/CVE-2010-4452.A Hallo an alle, bin durch Zufall und Google hier im Forum gelandet und nach mehreren Stunden lesen und überlegen mich entschieden nach Hilfe zu fragen. Für Schreibfehler entschuldige ich mich gleich - Deutsch ist nicht meine Muttersprache. Am Donnerstag, 19.05., nach 14 Uhr habe ich beim Versuch mich für Onlinebanking anzumelden zum 1. Mal diese "Mitteilung der Bank" über Abschaffung von iTans gesehen. Das Fenster lies sich nicht schließen, alt+F4 hat auch den IE geschlossen - also habe ich beim 2. Versuch auf "Bestätigen" geklickt. Die Bank-Seite war wieder frei und ich habe die Login-Daten eingegeben und Enter. Es passierte nichts. Da ahnte ich schon böses... Bin schnell zu anderen Bank wo ich ein anderes Konto habe - da kam die selbe "Mitteilung"! Erst Mal von anderem PC nachgesehen - da gibt es diese "Mitteilung" nicht - eingeloggt, Passwort geändert. Nun versuche ich seit dem das "Ding" zu beseitigen. Zu erst mit Avira GmbH telefoniert, mehrmals hin und her gemailt - letzte Email am Freitag, die konnten nichts in meinen zugeschickten Berichten finden... Am Wochenende war Pause (Büro-PC). Heute hat Avira gemeldet: ------------------------------------ Beginne mit der Suche in 'C:\' C:\Users\xxx\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\0\6685d300-4f3badaf [FUND] Enthält Erkennungsmuster des Exploits EXP/CVE-2010-4452.A Beginne mit der Suche in 'D:\' <HP_RECOVERY> Beginne mit der Desinfektion: C:\Users\xxx\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\0\6685d300-4f3badaf [FUND] Enthält Erkennungsmuster des Exploits EXP/CVE-2010-4452.A [HINWEIS] Die Datei wurde ins Quarantäneverzeichnis unter dem Namen '4b53b2c5.qua' verschoben! Ende des Suchlaufs: Montag, 23. Mai 2011 10:09 Benötigte Zeit: 1:53:38 Stunde(n) Der Suchlauf wurde vollständig durchgeführt. 26081 Verzeichnisse wurden überprüft 741470 Dateien wurden geprüft 1 Viren bzw. unerwünschte Programme wurden gefunden 0 Dateien wurden als verdächtig eingestuft 0 Dateien wurden gelöscht 0 Viren bzw. unerwünschte Programme wurden repariert 1 Dateien wurden in die Quarantäne verschoben 0 Dateien wurden umbenannt 0 Dateien konnten nicht durchsucht werden 741469 Dateien ohne Befall 12651 Archive wurden durchsucht 0 Warnungen 1 Hinweise --------------------------------- Das Problem wurde erkannt, dachte ich, und eigentlich auch beseitigt... Beim Versuch Onlinebanking zu starten war meine "Mitteilung" wieder da. Avira hat nichts mehr gefunden, nur Versteckte Dateien... die ich dann entfernt habe... "Mitteilung" war immer noch da... In meiner Panik (hatte noch nie solche Probleme und eigentlich kein Wissen über Viren usw.) googelte ich die Datei, die Avira im Bericht meldete und bin hier gelandet. Bevor ich mich getraut habe hier zu schreiben lies ich die Malware drüberlaufen. Die meldete SpyEyes. Die Dateien habe ich entfernen lassen. Nun ist grade OTL fertig. Die Berichte kommen gleich unten. Ich hoffe, dass mir jemand helfen kann... Auf dem PC ist Vista, habe alles als Administrator gemacht... Ich danke euch schon mal für Rückmeldungen. Mara Bericht von Malware: Code:
ATTFilter Malwarebytes' Anti-Malware 1.50.1.1100
www.malwarebytes.org
Datenbank Version: 6654
Windows 6.0.6002 Service Pack 2
Internet Explorer 9.0.8112.16421
23.05.2011 21:03:00
mbam-log-2011-05-23 (21-03-00).txt
Art des Suchlaufs: Vollständiger Suchlauf (C:\|D:\|)
Durchsuchte Objekte: 390525
Laufzeit: 1 Stunde(n), 50 Minute(n), 10 Sekunde(n)
Infizierte Speicherprozesse: 0
Infizierte Speichermodule: 0
Infizierte Registrierungsschlüssel: 0
Infizierte Registrierungswerte: 1
Infizierte Dateiobjekte der Registrierung: 0
Infizierte Verzeichnisse: 1
Infizierte Dateien: 2
Infizierte Speicherprozesse:
(Keine bösartigen Objekte gefunden)
Infizierte Speichermodule:
(Keine bösartigen Objekte gefunden)
Infizierte Registrierungsschlüssel:
(Keine bösartigen Objekte gefunden)
Infizierte Registrierungswerte:
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\4E3E0230AEBB4E96 (Trojan.SpyEyes) -> Value: 4E3E0230AEBB4E96 -> Quarantined and deleted successfully.
Infizierte Dateiobjekte der Registrierung:
(Keine bösartigen Objekte gefunden)
Infizierte Verzeichnisse:
c:\Recycle.Bin (Trojan.Spyeyes) -> Quarantined and deleted successfully.
Infizierte Dateien:
c:\Recycle.Bin\recycle.bin.exe (Trojan.SpyEyes) -> Quarantined and deleted successfully.
c:\Recycle.Bin\config.bin (Trojan.Spyeyes) -> Quarantined and deleted successfully.
Hier das OTL-Bericht: OTL Logfile: Code:
ATTFilter OTL Extras logfile created on: 23.05.2011 21:23:52 - Run 1
OTL by OldTimer - Version 3.2.23.0 Folder = C:\Users\xxx\Desktop
Windows Vista Home Premium Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
2,00 Gb Total Physical Memory | 1,09 Gb Available Physical Memory | 54,53% Memory free
4,23 Gb Paging File | 3,14 Gb Available in Paging File | 74,12% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 225,35 Gb Total Space | 133,30 Gb Free Space | 59,15% Space Free | Partition Type: NTFS
Drive D: | 7,54 Gb Total Space | 2,28 Gb Free Space | 30,22% Space Free | Partition Type: NTFS
Computer Name: MEIN_ARBEITS-PC | User Name: xxx | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: Off | File Age = 30 Days
========== Extra Registry (SafeList) ==========
========== File Associations ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- C:\Windows\System32\control.exe (Microsoft Corporation)
.hlp [@ = hlpfile] -- C:\Windows\winhlp32.exe (Microsoft Corporation)
========== Shell Spawning ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
hlpfile [open] -- %SystemRoot%\winhlp32.exe %1 (Microsoft Corporation)
htmlfile [edit] -- Reg Error: Key error.
htmlfile [print] -- rundll32.exe %windir%\system32\mshtml.dll,PrintHTML "%1"
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe /separate,/idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /separate,/e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
========== Security Center Settings ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1
"UacDisableNotify" = 1
"InternetSettingsDisableNotify" = 1
"AutoUpdateDisableNotify" = 1
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
"DisableMonitoring" = 1
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus]
"DisableMonitoring" = 1
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall]
"DisableMonitoring" = 1
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0
"VistaSp1" = Reg Error: Unknown registry data type -- File not found
"VistaSp2" = Reg Error: Unknown registry data type -- File not found
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]
========== Firewall Settings ==========
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
========== Authorized Applications List ==========
========== Vista Active Open Ports Exception List ==========
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{1B213619-CE8F-4769-981F-C602F1FA58EB}" = lport=67 | protocol=17 | dir=in | svc=sharedaccess | app=%systemroot%\system32\svchost.exe |
"{222DF65F-E7C6-4DFA-B8B4-6FF4D3513D16}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{2BA8692D-FCB0-4DD3-A2E0-19E231DC7732}" = lport=2869 | protocol=6 | dir=in | app=system |
"{4DD66591-E4C3-45A6-8114-F0688DF5CD75}" = lport=53 | protocol=17 | dir=in | svc=sharedaccess | app=%systemroot%\system32\svchost.exe |
"{8E806442-76A0-4199-862F-1261E0FEE5D4}" = rport=2869 | protocol=6 | dir=out | app=system |
"{ADA66A25-BD3C-4734-9531-05BD65CA0104}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{BF57D778-2E2A-43FD-98EC-23128180FE33}" = lport=2869 | protocol=6 | dir=in | app=system |
"{C26CEB2A-D5B7-41F2-9CF6-B2B7413DC65B}" = lport=547 | protocol=17 | dir=in | svc=sharedaccess | app=%systemroot%\system32\svchost.exe |
"{C5044150-AB36-489C-85C3-579AE78442C3}" = lport=68 | protocol=17 | dir=in | svc=sharedaccess | app=%systemroot%\system32\svchost.exe |
"{EB6EB3E0-DF7A-452B-965A-548971C6A386}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=svchost.exe |
========== Vista Active Application Exception List ==========
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{05740BE2-72EF-429B-9E5D-2B6FEECA0B28}" = protocol=6 | dir=in | app=c:\program files\microsoft office\office12\onenote.exe |
"{05BDDA5F-4286-4DFC-B442-95E340ADA878}" = protocol=17 | dir=in | app=c:\program files\microsoft office\office12\onenote.exe |
"{15D85CC1-2407-4CF1-8F96-8E3B4C0687BD}" = protocol=6 | dir=in | app=c:\windows\system32\spool\drivers\w32x86\3\hp1006mc.exe |
"{1E1D50FC-DCF2-429D-A9B7-6FD1CC095E45}" = protocol=17 | dir=in | app=c:\program files\skype\phone\skype.exe |
"{2AEB939F-DC9E-425B-B29C-7A7B0144D948}" = protocol=17 | dir=in | app=c:\windows\system32\spool\drivers\w32x86\3\hp1006mc.exe |
"{3A3033BD-311B-4A6D-B13A-2A1C14052CA0}" = protocol=6 | dir=out | svc=upnphost | app=%systemroot%\system32\svchost.exe |
"{3AABD80B-337E-4F0D-813A-D7118F789BD3}" = dir=in | app=c:\program files\msn messenger\livecall.exe |
"{7D100A2B-EE9A-4E0D-9449-BE494A610CB4}" = protocol=6 | dir=in | app=c:\program files\skype\phone\skype.exe |
"{7EBDCEDB-3F52-4967-B9F1-635E2B4F366B}" = dir=in | app=c:\program files\hp\quickplay\qp.exe |
"{9B486095-BC92-4574-8323-607CCD4C9829}" = dir=out | svc=sharedaccess | app=%systemroot%\system32\svchost.exe |
"{A6790671-C896-495F-A8E2-A9952EFD431E}" = dir=in | app=c:\program files\msn messenger\msnmsgr.exe |
"{BBA335CC-8665-4CE1-817C-B1C03046ABB6}" = protocol=58 | dir=in | name=@hnetcfg.dll,-148 |
"{D243203B-5D8C-4C0D-B3EA-33E9AD6724DC}" = dir=in | app=c:\program files\hp\quickplay\qpservice.exe |
"{D6474DB5-D9D6-4C6C-A792-D437B5D34A49}" = protocol=17 | dir=in | app=c:\program files\skype\phone\skype.exe |
"TCP Query User{024EF36A-1C3A-4696-B02A-AF653F21C521}C:\users\xxx\desktop\aufgeraeumt\sendetool-vcn.exe" = protocol=6 | dir=in | app=c:\users\xxx\desktop\aufgeraeumt\sendetool-vcn.exe |
"TCP Query User{141D4B11-5DAB-48BC-AFE0-57B4DD0E33D8}C:\program files\google\google earth\plugin\geplugin.exe" = protocol=6 | dir=in | app=c:\program files\google\google earth\plugin\geplugin.exe |
"TCP Query User{5F589320-FB3D-42D0-95D9-548E7701E5B0}C:\program files\microsoft games\age of empires\empires.exe" = protocol=6 | dir=in | app=c:\program files\microsoft games\age of empires\empires.exe |
"TCP Query User{66398D10-38ED-4F09-B030-8175FB1F8C31}E:\pmsdview.exe" = protocol=6 | dir=in | app=e:\pmsdview.exe |
"TCP Query User{9FDE60BB-6864-4AC7-A896-6414090F5C2A}C:\sierra\emperordadrdm\emperor.exe" = protocol=6 | dir=in | app=c:\sierra\emperordadrdm\emperor.exe |
"TCP Query User{BEE76208-6068-4AC7-B3A2-FC902AB8CD19}C:\program files\ftp commander\ftpcomm.exe" = protocol=6 | dir=in | app=c:\program files\ftp commander\ftpcomm.exe |
"UDP Query User{34650647-07EF-4C0D-BB05-041D23F83BA0}E:\pmsdview.exe" = protocol=17 | dir=in | app=e:\pmsdview.exe |
"UDP Query User{64B4F7C1-E613-4396-AD4B-6DE5FDC272D1}C:\program files\google\google earth\plugin\geplugin.exe" = protocol=17 | dir=in | app=c:\program files\google\google earth\plugin\geplugin.exe |
"UDP Query User{66A61FD5-9C66-4B17-9397-F56EBFA7FC2A}C:\program files\ftp commander\ftpcomm.exe" = protocol=17 | dir=in | app=c:\program files\ftp commander\ftpcomm.exe |
"UDP Query User{CAABA174-6924-4140-B08F-F319C48FC2C8}C:\users\xxx\desktop\aufgeraeumt\sendetool-vcn.exe" = protocol=17 | dir=in | app=c:\users\xxx\desktop\aufgeraeumt\sendetool-vcn.exe |
"UDP Query User{D0639038-EFD6-4DB9-8979-744F829E020C}C:\sierra\emperordadrdm\emperor.exe" = protocol=17 | dir=in | app=c:\sierra\emperordadrdm\emperor.exe |
"UDP Query User{E5862B83-A126-4542-8700-E190AEE17D8F}C:\program files\microsoft games\age of empires\empires.exe" = protocol=17 | dir=in | app=c:\program files\microsoft games\age of empires\empires.exe |
========== HKEY_LOCAL_MACHINE Uninstall List ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{00718491-55BF-46C6-83EF-4B3B95AC807A}" = SplitCam
"{0360D8F0-626A-4E87-8A16-938BD0BEBCC5}" = 32 Bit HP CIO Components Installer
"{0394CDC8-FABD-4ed8-B104-03393876DFDF}" = Roxio Creator Tools
"{04830D0F-F980-4EC0-89F1-594F2FD2A1B5}" = ElsterFormular 2008/2009
"{06F8CD93-C722-45E9-A9A4-F48F78E39E84}" = hppFaxUtilityCM1410
"{082702D5-5DD8-4600-BCE5-48B15174687F}" = HP Doc Viewer
"{0CFD3BAF-9F4D-4D70-BD0B-638EA2504C25}" = PSSWCORE
"{0D397393-9B50-4c52-84D5-77E344289F87}" = Roxio Creator Data
"{0EF0EA0D-F945-4958-85CC-60FF1E86D216}" = HP LaserJet Professional CM1410 Series
"{11F93B4B-48F0-4A4E-AE77-DFA96A99664B}" = Roxio Creator EasyArchive
"{13F00518-807A-4B3A-83B0-A7CD90F3A398}" = MarketResearch
"{18455581-E099-4BA8-BC6B-F34B2F06600C}" = Google Toolbar for Internet Explorer
"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
"{20C45B32-5AB6-46A4-94EF-58950CAF05E5}" = EPSON Attach To Email
"{20C53FA2-4307-4671-A93F-9463B29DFCF1}" = Symantec Technical Support Web Controls
"{21749F4E-02A1-4828-9A1E-BBDF5929C5D0}" = HP LJ CM1410 MFP Series HP Scan
"{229D6185-BD7E-494B-A73B-C5215BE0690E}" = HPLJUT
"{22FE3793-5961-4ADE-AE66-69D9291C22B1}" = HPLaserJetHelp_LearnCenter
"{2318C2B1-4965-11d4-9B18-009027A5CD4F}" = Google Toolbar for Internet Explorer
"{254C37AA-6B72-4300-84F6-98A82419187E}" = Hewlett-Packard Active Check
"{26A24AE4-039D-4CA4-87B4-2F83216017FF}" = Java(TM) 6 Update 22
"{2767DEDE-EA9D-4FCE-A06A-40F4DD293330}" = hppusgP1000
"{27CC6AB1-E72B-4179-AF1A-EAE507EBAF51}_is1" = ConvertHelper 2.1
"{290B83AA-093A-45BF-A917-D1C4A1E8D917}" = HP Active Support Library
"{2A88F1BF-7041-4E42-84B1-6B4ACB83AC64}" = EPSON Scan Assistant
"{2CCBABCB-6427-4A55-B091-49864623C43F}" = Google Toolbar for Firefox
"{3248F0A8-6813-11D6-A77B-00B0D0160000}" = Java(TM) SE Runtime Environment 6
"{33C65B6A-5D73-4E3E-A1F9-127C27BD3F72}" = Roxio MyDVD Basic v9
"{34D2AB40-150D-475D-AE32-BD23FB5EE355}" = HP Quick Launch Buttons 6.20 B1
"{35E1EC43-D4FC-4E4A-AAB3-20DDA27E8BB0}" = Roxio Activation Module
"{3BE480ED-E17A-431A-981C-5C2EDDBCD3BF}" = Macromedia Flash MX
"{40F7AED3-0C7D-4582-99F6-484A515C73F2}" = HP Easy Setup - Frontend
"{43B74FAB-FB58-447D-8D3A-5F638AF36FD1}" = Netzmanager
"{45D707E9-F3C4-11D9-A373-0050BAE317E1}" = HP QuickPlay 3.2
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{4D826618-59C6-11D4-976E-00C04F8EEB39}" = Macromedia FreeHand 10
"{4EA2F95F-A537-4d17-9E7F-6B3FF8D9BBE3}" = Microsoft Works
"{58ECE031-9AAD-4011-B34A-BC78E77527E2}" = hppMSRedist
"{5AB56552-6938-4686-9F87-DB0ED8D1E06B}" = HP User Guides 0056
"{619CDD8A-14B6-43a1-AB6C-0F4EE48CE048}" = Roxio Creator Copy
"{6675CA7F-E51B-4F6A-99D4-F8F0124C6EAA}" = Roxio Express Labeler 3
"{669D4A35-146B-4314-89F1-1AC3D7B88367}" = Hewlett-Packard Asset Agent
"{6AFCA4E1-9B78-3640-8F72-A7BF33448200}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729
"{7902E313-FF0F-4493-ACB1-A8147B78DCD0}" = HPSSupply
"{7A7B0BF3-2F00-4F03-8A9B-6ABCC07B90C6}" = Windows Live installer
"{7E75BB0E-21CD-42C5-9F8C-1C3A7C10E1F5}" = HotSpot Manager
"{821DABD6-26F2-49E5-AE55-40A589ADBE6D}" = DER ERSTE KAISER: Aufstieg des Reichs der Mitte
"{83FFCFC7-88C6-41c6-8752-958A45325C82}" = Roxio Creator Audio
"{86CE85E6-DBAC-3FFD-B977-E4B79F83C909}" = Microsoft Visual C++ 2008 Redistributable - KB2467174 - x86 9.0.30729.5570
"{8B4AB829-DFD3-436D-B808-D9733D76C590}" = Macromedia Dreamweaver MX
"{8CC5F040-44F2-4FB7-9720-47F53F96D180}" = MSCU for Microsoft Vista
"{8CEA85DE-955B-4BF4-87F2-0BAA62821633}" = HP Photosmart Essential2.5
"{9061CEF2-51F5-42C9-8A70-9ED351C6597A}" = HP Help and Support
"{92F91A05-8241-4651-B9F4-9D04EE1F2634}" = hppSendFaxCM1410
"{930B2432-43D4-11D5-9871-00C04F8EEB39}" = Macromedia Fireworks MX
"{9FA7A537-E6F6-4A6E-95B9-E4152756132D}" = hppCM1410LaserJetService
"{A5BA14E0-7384-11D4-BAE7-00409631A2C8}" = Macromedia Extension Manager
"{A82D052A-0806-42DF-80CD-1730A1AC0ED3}" = MrvlUsgTracking
"{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper
"{AABE44D1-0B72-4C6B-9778-20B2317F8064}" = hpzTLBXFX
"{AB5E289E-76BF-4251-9F3F-9B763F681AE0}" = HP Customer Experience Enhancements
"{AC76BA86-7AD7-1031-7B44-AA0000000001}" = Adobe Reader X (10.0.1) - Deutsch
"{B480BD2A-F1BA-4FE6-8C8E-34C6111B72C9}" = ElsterFormular 2007/2008
"{B66E665A-DF96-4C38-9422-C7F74BC1B4E5}" = EPSON Easy Photo Print
"{B76A76EB-BCCA-4625-9C4C-1FFAE19E4772}" = ESU for Microsoft Vista
"{C8B0680B-CDAE-4809-9F91-387B6DE00F7C}" = Roxio Creator Basic v9
"{CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}" = Microsoft .NET Framework 1.1
"{CD95F661-A5C4-44F5-A6AA-ECDD91C240BD}" = WinZip 14.5
"{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1
"{D103C4BA-F905-437A-8049-DB24763BBE36}" = Skype™ 4.1
"{D32067CD-7409-4792-BFA0-1469BCD8F0C8}" = HP Wireless Assistant
"{D608C59B-424B-45D4-971C-5978F8564CEE}" = hppLaserJetService
"{D765F1CE-5AE5-4C47-B134-AE58AC474740}" = OpenOffice.org 3.1
"{D9B4D7EE-481C-4C36-86AB-A8F7417725FF}" = LightScribe 1.6.43.1
"{DA5576B5-EF2A-4E3A-8763-FCA8BA84DA00}" = hppTLBXFXCM1410
"{DDD5104F-1C44-49EB-9E6B-29EC5D27658B}" = HP Update
"{E38C00D0-A68B-4318-A8A6-F7D4B5B1DF0E}" = Windows Media Encoder 9 Series
"{FAB0C302-CB18-4A7A-BA03-C3DC23101A68}" = HP Active Support Library 32 bit components
"{FF477885-5EA8-40D0-ADF3-D4C1B86FAEA4}" = EPSON Print CD
"{FFD7B2D9-AC9D-468C-83A2-21017A811623}" = hppFaxDrvCM1410
"Adobe Flash Player ActiveX" = Adobe Flash Player 10 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player Plugin
"Adobe Photoshop 6.0" = Adobe Photoshop 6.0
"Adobe SVG Viewer" = Adobe SVG Viewer 3.0
"AFPL Ghostscript 8.54" = AFPL Ghostscript 8.54
"AFPL Ghostscript Fonts" = AFPL Ghostscript Fonts
"Age of Empires" = Microsoft Age of Empires
"Age of Empires 2.0" = Microsoft Age of Empires II
"Avira AntiVir Desktop" = Avira AntiVir Premium
"CNXT_HDAUDIO" = Conexant HD Audio
"CNXT_MODEM_HDAUDIO_VEN_14F1&DEV_5045&SUBSYS_103C30B7" = HDAUDIO Soft Data Fax Modem with SmartCP
"Digital Camera Driver" = Digital Camera Driver
"EasyCash&Tax_is1" = EasyCash&Tax 1.52
"ECTPlugAnlagenverzeichnis_is1" = ECTPlugAnlagenverzeichnis 1.3
"ElsterFormular für Privatanwender und Unternehmer 11.5.3.5585" = ElsterFormular für Privatanwender und Unternehmer
"EPSON Printer and Utilities" = EPSON-Drucker-Software
"ESP1400_1410 Ben.handbuch" = ESP1400_1410 Ben.handbuch
"Farm Frenzy 3" = Farm Frenzy 3
"FreePDF_XP" = FreePDF XP (Remove only)
"FTP Commander" = FTP Commander
"Herrscher des Olymp - Zeus" = Herrscher des Olymp - Zeus
"HP LaserJet P1000 series" = HP LaserJet P1000 series
"HP Photosmart Essential" = HP Photosmart Essential 2.0
"InstallShield_{20C45B32-5AB6-46A4-94EF-58950CAF05E5}" = EPSON Attach To Email
"KLiteCodecPack_is1" = K-Lite Mega Codec Pack 4.1.0
"Malwarebytes' Anti-Malware_is1" = Malwarebytes' Anti-Malware
"Microsoft .NET Framework 1.1 (1033)" = Microsoft .NET Framework 1.1
"Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1
"Mozilla Firefox (3.5.8)" = Mozilla Firefox (3.5.8)
"My Nail & Cosmetic Studio" = My Nail & Cosmetic Studio
"Netzmanager" = Netzmanager
"NVIDIA Drivers" = NVIDIA Drivers
"phase5" = phase5
"Redirection Port Monitor" = RedMon - Redirection Port Monitor
"Samsung SF-370_CF-370 Series" = Samsung SF-370_CF-370 Series
"SmartAudio" = SmartAudio
"SynTPDeinstKey" = Synaptics Pointing Device Driver
"VideoLAN" = VideoLAN VLC media player 0.7.0
"Windows Media Encoder 9" = Windows Media Encoder 9 Series
========== Last 10 Event Log Errors ==========
[ Application Events ]
Error - 19.05.2011 04:18:58 | Computer Name = Mein_Arbeits-PC | Source = Microsoft-Windows-CAPI2 | ID = 131083
Description =
Error - 19.05.2011 10:34:11 | Computer Name = Mein_Arbeits-PC | Source = Microsoft-Windows-CAPI2 | ID = 131083
Description =
Error - 19.05.2011 12:33:27 | Computer Name = Mein_Arbeits-PC | Source = Application Hang | ID = 1002
Description = Programm iexplore.exe, Version 8.0.6001.19048 arbeitet nicht mehr
mit Windows zusammen und wurde beendet. Überprüfen Sie den Problemverlauf im Applet
"Lösungen für Probleme" in der Systemsteuerung, um nach weiteren Informationen
über das Problem zu suchen. Prozess-ID: 12b8 Anfangszeit: 01cc16409e2d488f Zeitpunkt
der Beendigung: 16
Error - 20.05.2011 01:59:44 | Computer Name = Mein_Arbeits-PC | Source = Microsoft-Windows-CAPI2 | ID = 131083
Description =
Error - 23.05.2011 01:48:41 | Computer Name = Mein_Arbeits-PC | Source = Microsoft-Windows-CAPI2 | ID = 131083
Description =
Error - 23.05.2011 04:24:51 | Computer Name = Mein_Arbeits-PC | Source = Microsoft-Windows-CAPI2 | ID = 131083
Description =
Error - 23.05.2011 07:23:39 | Computer Name = Mein_Arbeits-PC | Source = Microsoft-Windows-CAPI2 | ID = 131083
Description =
Error - 23.05.2011 08:50:35 | Computer Name = Mein_Arbeits-PC | Source = Application Hang | ID = 1002
Description = Programm Explorer.EXE, Version 6.0.6002.18005 arbeitet nicht mehr
mit Windows zusammen und wurde beendet. Überprüfen Sie den Problemverlauf im Applet
"Lösungen für Probleme" in der Systemsteuerung, um nach weiteren Informationen
über das Problem zu suchen. Prozess-ID: df4 Anfangszeit: 01cc1947489aa0f7 Zeitpunkt
der Beendigung: 0
Error - 23.05.2011 08:52:29 | Computer Name = Mein_Arbeits-PC | Source = Application Hang | ID = 1002
Description = Programm Explorer.EXE, Version 6.0.6002.18005 arbeitet nicht mehr
mit Windows zusammen und wurde beendet. Überprüfen Sie den Problemverlauf im Applet
"Lösungen für Probleme" in der Systemsteuerung, um nach weiteren Informationen
über das Problem zu suchen. Prozess-ID: 11d4 Anfangszeit: 01cc1948015b1397 Zeitpunkt
der Beendigung: 63
Error - 23.05.2011 10:48:44 | Computer Name = Mein_Arbeits-PC | Source = Application Hang | ID = 1002
Description = Programm iexplore.exe, Version 9.0.8112.16421 arbeitet nicht mehr
mit Windows zusammen und wurde beendet. Überprüfen Sie den Problemverlauf im Applet
"Lösungen für Probleme" in der Systemsteuerung, um nach weiteren Informationen
über das Problem zu suchen. Prozess-ID: 10a4 Anfangszeit: 01cc194baf0ada97 Zeitpunkt
der Beendigung: 78
[ Media Center Events ]
Error - 10.06.2008 03:22:29 | Computer Name = Mein_Arbeits-PC | Source = MCUpdate | ID = 0
Description = Es konnte nicht auf den MCUpdate-Mutex gewartet werden. Ausnahme:
'Der Wartezustand wurde aufgrund eines abgebrochenen Mutex beendet.'.
[ System Events ]
Error - 23.05.2011 08:33:01 | Computer Name = Mein_Arbeits-PC | Source = Service Control Manager | ID = 7000
Description =
Error - 23.05.2011 15:06:40 | Computer Name = Mein_Arbeits-PC | Source = Microsoft-Windows-ResourcePublication | ID = 1002
Description =
Error - 23.05.2011 15:08:04 | Computer Name = Mein_Arbeits-PC | Source = Service Control Manager | ID = 7000
Description =
Error - 23.05.2011 15:08:04 | Computer Name = Mein_Arbeits-PC | Source = Service Control Manager | ID = 7000
Description =
Error - 23.05.2011 15:08:04 | Computer Name = Mein_Arbeits-PC | Source = Service Control Manager | ID = 7000
Description =
Error - 23.05.2011 15:08:09 | Computer Name = Mein_Arbeits-PC | Source = Service Control Manager | ID = 7022
Description =
Error - 23.05.2011 15:08:10 | Computer Name = Mein_Arbeits-PC | Source = Service Control Manager | ID = 7001
Description =
Error - 23.05.2011 15:08:14 | Computer Name = Mein_Arbeits-PC | Source = ipnathlp | ID = 34001
Description = ICS_IPV6 konnte den IPv6-Stapel nicht konfigurieren.
Error - 23.05.2011 15:08:14 | Computer Name = Mein_Arbeits-PC | Source = ipnathlp | ID = 30013
Description = Die DHCP-Zuweisung wurde für IP-Adresse 169.254.101.16 deaktiviert,
da die IP-Adresse außerhalb des Bereichs 192.168.0.0/255.255.255.0 liegt, von der
die Adressen DHCP-Clients zu gewiesen werden. Ändern Sie den Bereich, sodass die
IP-Adresse mit einbezogen wird, oder ändern Sie die IP-Adresse, sodass sie innerhalb
dieses Bereichs liegt, um die DHCP-Zuweisung zu aktivieren.
Error - 23.05.2011 15:08:28 | Computer Name = Mein_Arbeits-PC | Source = ipnathlp | ID = 30013
Description = Die DHCP-Zuweisung wurde für IP-Adresse 192.168.2.101 deaktiviert,
da die IP-Adresse außerhalb des Bereichs 192.168.0.0/255.255.255.0 liegt, von der
die Adressen DHCP-Clients zu gewiesen werden. Ändern Sie den Bereich, sodass die
IP-Adresse mit einbezogen wird, oder ändern Sie die IP-Adresse, sodass sie innerhalb
dieses Bereichs liegt, um die DHCP-Zuweisung zu aktivieren.
< End of report >
und das zweite: OTL Logfile: Code:
ATTFilter OTL logfile created on: 23.05.2011 21:23:52 - Run 1 OTL by OldTimer - Version 3.2.23.0 Folder = C:\Users\Tamara\Desktop Windows Vista Home Premium Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation Internet Explorer (Version = 9.0.8112.16421) Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy 2,00 Gb Total Physical Memory | 1,09 Gb Available Physical Memory | 54,53% Memory free 4,23 Gb Paging File | 3,14 Gb Available in Paging File | 74,12% Paging File free Paging file location(s): ?:\pagefile.sys [binary data] %SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files Drive C: | 225,35 Gb Total Space | 133,30 Gb Free Space | 59,15% Space Free | Partition Type: NTFS Drive D: | 7,54 Gb Total Space | 2,28 Gb Free Space | 30,22% Space Free | Partition Type: NTFS Computer Name: MEIN_ARBEITS-PC | User Name: xxx | Logged in as Administrator. Boot Mode: Normal | Scan Mode: Current user Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: Off | File Age = 30 Days ========== Processes (SafeList) ========== PRC - [2011.05.23 21:18:10 | 000,580,096 | ---- | M] (OldTimer Tools) -- C:\Users\xxx\Desktop\OTL.exe PRC - [2011.05.20 07:16:28 | 000,307,376 | ---- | M] (Google Inc.) -- C:\Program Files\Google\Google Toolbar\GoogleToolbarUser_32.exe PRC - [2011.04.27 09:01:17 | 000,136,360 | ---- | M] (Avira GmbH) -- C:\Program Files\Avira\AntiVir Desktop\sched.exe PRC - [2011.03.16 12:27:21 | 000,269,480 | ---- | M] (Avira GmbH) -- C:\Program Files\Avira\AntiVir Desktop\avguard.exe PRC - [2011.03.09 09:02:37 | 000,234,656 | ---- | M] (Adobe Systems, Inc.) -- C:\Windows\System32\Macromed\Flash\FlashUtil10n_ActiveX.exe PRC - [2011.03.08 12:03:07 | 000,421,032 | ---- | M] (Avira GmbH) -- C:\Program Files\Avira\AntiVir Desktop\avwebgrd.exe PRC - [2010.11.30 19:19:36 | 000,339,624 | ---- | M] (Avira GmbH) -- C:\Program Files\Avira\AntiVir Desktop\avmailc.exe PRC - [2010.11.30 19:19:36 | 000,281,768 | ---- | M] (Avira GmbH) -- C:\Program Files\Avira\AntiVir Desktop\avgnt.exe PRC - [2010.04.16 11:32:48 | 000,058,936 | ---- | M] (Hewlett-Packard Company) -- C:\Program Files\HP\ToolboxFX\bin\HPTLBXFX.exe PRC - [2010.04.12 09:13:08 | 000,142,336 | ---- | M] (HP) -- C:\Program Files\HP\HPLaserJetService\HPLaserJetService.exe PRC - [2010.01.14 22:12:14 | 000,076,968 | ---- | M] (Avira GmbH) -- C:\Program Files\Avira\AntiVir Desktop\avshadow.exe PRC - [2009.05.04 13:16:49 | 000,009,728 | ---- | M] (Deutsche Telekom AG) -- C:\Program Files\Netzmanager\NMInfraIS2\Netzmanager_Service.exe PRC - [2009.04.11 08:27:36 | 002,926,592 | ---- | M] (Microsoft Corporation) -- C:\Windows\explorer.exe PRC - [2009.04.11 08:27:28 | 000,069,120 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\conime.exe PRC - [2008.04.28 06:14:00 | 000,073,728 | ---- | M] (Software 2000 Limited) -- C:\Windows\System32\spool\drivers\w32x86\3\HP1006MC.EXE PRC - [2007.06.26 21:27:46 | 000,312,320 | ---- | M] (shbox.de) -- C:\Program Files\FreePDF_XP\fpassist.exe PRC - [2007.05.04 13:14:04 | 000,036,864 | ---- | M] ( ) -- C:\Program Files\HP\HP UT\bin\hppusg.exe PRC - [2007.04.24 03:11:42 | 000,262,243 | ---- | M] () -- C:\Program Files\HP\QuickPlay\Kernel\TV\CLCapSvc.exe PRC - [2006.11.02 11:45:59 | 000,215,552 | ---- | M] (Microsoft Corporation) -- C:\Windows\WindowsMobile\wmdSync.exe PRC - [2006.07.04 06:00:00 | 000,139,264 | ---- | M] (SEIKO EPSON CORPORATION) -- C:\Windows\System32\spool\drivers\w32x86\3\E_FATIBUE.EXE ========== Modules (SafeList) ========== MOD - [2011.05.23 21:18:10 | 000,580,096 | ---- | M] (OldTimer Tools) -- C:\Users\xxx\Desktop\OTL.exe MOD - [2010.08.31 17:43:52 | 001,686,016 | ---- | M] (Microsoft Corporation) -- C:\Windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.6002.18305_none_5cb72f2a088b0ed3\comctl32.dll ========== Win32 Services (SafeList) ========== SRV - File not found [Auto | Stopped] -- -- (Automatisches LiveUpdate - Scheduler) SRV - [2011.04.27 09:01:17 | 000,136,360 | ---- | M] (Avira GmbH) [Auto | Running] -- C:\Program Files\Avira\AntiVir Desktop\sched.exe -- (AntiVirSchedulerService) SRV - [2011.03.16 12:27:21 | 000,269,480 | ---- | M] (Avira GmbH) [Auto | Running] -- C:\Program Files\Avira\AntiVir Desktop\avguard.exe -- (AntiVirService) SRV - [2011.03.08 12:03:07 | 000,421,032 | ---- | M] (Avira GmbH) [Auto | Running] -- C:\Program Files\Avira\AntiVir Desktop\AVWEBGRD.EXE -- (AntiVirWebService) SRV - [2010.11.30 19:19:36 | 000,339,624 | ---- | M] (Avira GmbH) [Auto | Running] -- C:\Program Files\Avira\AntiVir Desktop\avmailc.exe -- (AntiVirMailService) SRV - [2010.04.21 19:46:17 | 000,373,760 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Windows\System32\inetsrv\iisw3adm.dll -- (WAS) SRV - [2010.04.21 19:46:17 | 000,373,760 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\System32\inetsrv\iisw3adm.dll -- (W3SVC) SRV - [2010.04.12 09:13:08 | 000,142,336 | ---- | M] (HP) [Auto | Running] -- C:\Program Files\HP\HPLaserJetService\HPLaserJetService.exe -- (HP LaserJet Service) SRV - [2009.05.04 13:16:49 | 000,009,728 | ---- | M] (Deutsche Telekom AG) [Auto | Running] -- C:\Program Files\Netzmanager\NMInfraIS2\Netzmanager_Service.exe -- (Netzmanager Service) SRV - [2009.04.11 08:28:17 | 000,052,224 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\System32\inetsrv\apphostsvc.dll -- (AppHostSvc) SRV - [2008.01.29 17:09:02 | 000,394,704 | ---- | M] (Symantec, Inc.) [On_Demand | Stopped] -- C:\Program Files\Common Files\Symantec Shared\Support Controls\ssrc.exe -- (Symantec RemoteAssist) SRV - [2008.01.19 09:38:24 | 000,272,952 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend) SRV - [2008.01.19 09:36:49 | 000,365,568 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\WindowsMobile\wcescomm.dll -- (WcesComm) SRV - [2008.01.19 09:36:15 | 000,167,936 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\WindowsMobile\rapimgr.dll -- (RapiMgr) SRV - [2008.01.19 09:34:43 | 000,035,328 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\System32\lpdsvc.dll -- (LPDSVC) SRV - [2007.04.24 03:11:44 | 000,106,593 | ---- | M] () [Auto | Stopped] -- C:\Program Files\HP\QuickPlay\Kernel\TV\CLSched.exe -- (CLSched) CyberLink Task Scheduler (CTS) SRV - [2007.04.24 03:11:42 | 000,262,243 | ---- | M] () [Auto | Running] -- C:\Program Files\HP\QuickPlay\Kernel\TV\CLCapSvc.exe -- (CLCapSvc) CyberLink Background Capture Service (CBCS) SRV - [2007.01.09 23:55:34 | 000,110,592 | ---- | M] (Hewlett-Packard Development Company, L.P.) [On_Demand | Stopped] -- C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\Com4Qlb.exe -- (Com4Qlb) SRV - [2006.11.02 14:36:18 | 000,029,696 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\System32\iprip.dll -- (iprip) ========== Driver Services (SafeList) ========== DRV - [2011.03.16 12:27:21 | 000,137,656 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\Windows\System32\drivers\avipbb.sys -- (avipbb) DRV - [2010.06.17 15:30:17 | 000,028,520 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\Windows\System32\drivers\ssmdrv.sys -- (ssmdrv) DRV - [2009.04.11 06:42:52 | 000,031,616 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\winusb.sys -- (winusb) DRV - [2007.12.10 16:59:21 | 000,013,824 | ---- | M] (LoteSoft Co.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\splitcam.sys -- (SPLITCAM) DRV - [2007.07.09 04:57:00 | 007,140,800 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\nvlddmkm.sys -- (nvlddmkm) DRV - [2007.04.12 04:30:52 | 000,160,768 | ---- | M] (Conexant Systems Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\CHDART.sys -- (HdAudAddService) DRV - [2007.03.07 06:15:58 | 001,059,112 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\nvmfdx32.sys -- (NVENETFD) DRV - [2007.02.24 16:42:22 | 000,039,936 | ---- | M] (REDC) [Kernel | Auto | Running] -- C:\Windows\System32\drivers\rimmptsk.sys -- (rimmptsk) DRV - [2007.02.17 01:50:32 | 000,012,032 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\nvsmu.sys -- (nvsmu) DRV - [2007.01.23 19:03:28 | 000,037,376 | ---- | M] (REDC) [Kernel | Auto | Running] -- C:\Windows\System32\drivers\rixdptsk.sys -- (rismxdp) DRV - [2007.01.23 18:40:20 | 000,042,496 | ---- | M] (REDC) [Kernel | Auto | Running] -- C:\Windows\System32\drivers\rimsptsk.sys -- (rimsptsk) DRV - [2006.11.30 19:24:58 | 000,008,192 | ---- | M] (Hewlett-Packard Development Company, L.P.) [Kernel | System | Running] -- C:\Windows\System32\drivers\eabfiltr.sys -- (eabfiltr) DRV - [2006.11.28 18:44:52 | 000,008,192 | ---- | M] (Conexant Systems, Inc.) [Kernel | Auto | Running] -- C:\Windows\System32\drivers\XAudio.sys -- (XAudio) DRV - [2006.11.24 04:34:47 | 000,005,120 | ---- | M] (Samsung Electronics) [Kernel | Auto | Running] -- C:\Windows\System32\drivers\SSPORT.SYS -- (SSPORT) DRV - [2006.11.24 04:34:46 | 000,041,984 | ---- | M] (Samsung Electronics Co., Ltd.) [Kernel | Auto | Stopped] -- C:\Windows\System32\drivers\DGIVECP.SYS -- (DgiVecp) DRV - [2006.06.28 18:54:00 | 000,009,472 | ---- | M] (Hewlett-Packard Development Company, L.P.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\CPQBttn.sys -- (HBtnKey) ========== Standard Registry (SafeList) ========== ========== Internet Explorer ========== IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=DE_DE&c=73&bd=Pavilion&pf=laptop IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=DE_DE&c=73&bd=Pavilion&pf=laptop IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.google.de/ IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,StartPageCache = 1 IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 ========== FireFox ========== FF - prefs.js..browser.search.defaultenginename: "Google" FF - prefs.js..browser.search.defaulturl: "hxxp://www.google.com/search?lr=&ie=UTF-8&oe=UTF-8&q=" FF - prefs.js..browser.search.selectedEngine: "Google" FF - prefs.js..browser.startup.homepage: "hxxp://www.google.de" FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}:6.0.20 FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA}:6.0.21 FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}:6.0.22 FF - HKLM\software\mozilla\Firefox\Extensions\\{3112ca9c-de6d-4884-a869-9855de68056c}: C:\ProgramData\Google\Toolbar for Firefox\{3112ca9c-de6d-4884-a869-9855de68056c} [2011.04.05 09:58:17 | 000,000,000 | ---D | M] FF - HKLM\software\mozilla\Mozilla Firefox 3.5.8\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2011.05.09 14:33:34 | 000,000,000 | ---D | M] FF - HKLM\software\mozilla\Mozilla Firefox 3.5.8\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2011.05.09 14:33:34 | 000,000,000 | ---D | M] [2008.12.01 15:08:17 | 000,000,000 | ---D | M] (No name found) -- C:\Users\xxx\AppData\Roaming\mozilla\Extensions [2011.05.19 14:14:18 | 000,000,000 | ---D | M] (No name found) -- C:\Users\xxx\AppData\Roaming\mozilla\Firefox\Profiles\1rbesmy0.default\extensions [2010.06.03 19:41:51 | 000,000,000 | ---D | M] (Microsoft .NET Framework Assistant) -- C:\Users\xxx\AppData\Roaming\mozilla\Firefox\Profiles\1rbesmy0.default\extensions\{20a82645-c095-46ed-80e3-08825760534b} [2011.01.20 17:43:51 | 000,000,000 | ---D | M] (Google Toolbar for Firefox) -- C:\Users\xxx\AppData\Roaming\mozilla\Firefox\Profiles\1rbesmy0.default\extensions\{3112ca9c-de6d-4884-a869-9855de68056c} [2011.04.08 11:05:48 | 000,000,000 | ---D | M] (DownloadHelper) -- C:\Users\xxx\AppData\Roaming\mozilla\Firefox\Profiles\1rbesmy0.default\extensions\{b9db16a4-6edc-47ec-a1f4-b86292ed211d} [2010.12.13 10:22:53 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\extensions [2010.06.15 08:29:33 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA} [2010.09.03 08:20:30 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA} [2010.12.13 10:22:53 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA} [2008.08.05 18:24:26 | 000,000,000 | ---D | M] (Google Settings) -- C:\Program Files\Mozilla Firefox\extensions\google-cjk@partners.mozilla.com [2010.09.15 05:50:38 | 000,472,808 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\Mozilla Firefox\plugins\npdeployJava1.dll [2009.12.22 05:57:54 | 000,001,392 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\amazondotcom-de.xml [2009.12.22 05:57:54 | 000,002,344 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\eBay-de.xml [2009.12.22 05:57:54 | 000,006,805 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\leo_ende_de.xml [2009.12.22 05:57:54 | 000,001,178 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\wikipedia-de.xml [2009.12.22 05:57:54 | 000,000,801 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\yahoo-de.xml O1 HOSTS File: ([2006.09.18 23:41:30 | 000,000,761 | ---- | M]) - C:\Windows\System32\drivers\etc\hosts O1 - Hosts: 127.0.0.1 localhost O1 - Hosts: ::1 localhost O2 - BHO: (Google Toolbar Notifier BHO) - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.7.6406.1642\swg.dll (Google Inc.) O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {EEE6C35B-6118-11DC-9C72-001320C79847} - No CLSID value found. O4 - HKLM..\Run: [] File not found O4 - HKLM..\Run: [Adobe Reader Speed Launcher] C:\Program Files\Adobe\Reader 10.0\Reader\Reader_sl.exe (Adobe Systems Incorporated) O4 - HKLM..\Run: [avgnt] C:\Program Files\Avira\AntiVir Desktop\avgnt.exe (Avira GmbH) O4 - HKLM..\Run: [FreePDF Assistant] C:\Program Files\FreePDF_XP\fpassist.exe (shbox.de) O4 - HKLM..\Run: [HP Health Check Scheduler] C:\Program Files\Hewlett-Packard\HP Health Check\HPHC_Scheduler.exe (Hewlett-Packard) O4 - HKLM..\Run: [HP LaserJet Professional CM1410 Series Fax] C:\Program Files\HP\HP LaserJet Professional CM1410 Series\Fax Driver\hppfaxprintersrv.exe (Hewlett-Packard Company) O4 - HKLM..\Run: [HPUsageTracking] C:\Program Files\HP\HP UT\bin\hppusg.exe ( ) O4 - HKLM..\Run: [NapsterShell] File not found O4 - HKLM..\Run: [NvCplDaemon] C:\Windows\System32\NvCpl.dll (NVIDIA Corporation) O4 - HKLM..\Run: [NvMediaCenter] C:\Windows\System32\NvMcTray.dll (NVIDIA Corporation) O4 - HKLM..\Run: [NvSvc] C:\Windows\System32\nvsvc.dll (NVIDIA Corporation) O4 - HKLM..\Run: [ToolboxFX] C:\Program Files\HP\ToolboxFX\bin\HPTLBXFX.exe (Hewlett-Packard Company) O4 - HKLM..\Run: [Windows Defender] C:\Program Files\Windows Defender\MSASCui.exe (Microsoft Corporation) O4 - HKLM..\Run: [Windows Mobile-based device management] C:\Windows\WindowsMobile\wmdSync.exe (Microsoft Corporation) O4 - HKCU..\Run: [EPSON Stylus Photo 1400 Series] C:\Windows\System32\spool\DRIVERS\W32X86\3\E_FATIBUE.EXE (SEIKO EPSON CORPORATION) O4 - HKCU..\Run: [msnmsgr] File not found O4 - HKLM..\RunOnce: [Launcher] C:\Windows\SMINST\Launcher.exe (soft thinks) O8 - Extra context menu item: Google Sidewiki... - C:\Program Files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_6CE5017F567343CA.dll (Google Inc.) O10 - Protocol_Catalog9\Catalog_Entries\000000000001 - C:\Program Files\Avira\AntiVir Desktop\avsda.dll (Avira GmbH) O10 - Protocol_Catalog9\Catalog_Entries\000000000002 - C:\Program Files\Avira\AntiVir Desktop\avsda.dll (Avira GmbH) O10 - Protocol_Catalog9\Catalog_Entries\000000000013 - C:\Program Files\Avira\AntiVir Desktop\avsda.dll (Avira GmbH) O13 - gopher Prefix: missing O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab (Java Plug-in 1.6.0_22) O16 - DPF: {CAFEEFAC-0016-0000-0000-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0-windows-i586.cab (Java Plug-in 1.6.0) O16 - DPF: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab (Java Plug-in 1.6.0_22) O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab (Java Plug-in 1.6.0_22) O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab (Reg Error: Key error.) O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.2.1 O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation) O24 - Desktop WallPaper: C:\Users\xxx\AppData\Roaming\Microsoft\Windows Photo Gallery\Hintergrundbild der Windows-Fotogalerie.jpg O24 - Desktop BackupWallPaper: C:\Users\xxx\AppData\Roaming\Microsoft\Windows Photo Gallery\Hintergrundbild der Windows-Fotogalerie.jpg O32 - HKLM CDRom: AutoRun - 1 O32 - AutoRun File - [2006.09.18 23:43:36 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ] O32 - AutoRun File - [2005.09.11 17:18:54 | 000,000,340 | -HS- | M] () - D:\AUTOMODE -- [ NTFS ] O33 - MountPoints2\{5c3a8a0b-f1d3-11dc-90e8-001a73c85e99}\Shell - "" = AutoRun O33 - MountPoints2\{5c3a8a0b-f1d3-11dc-90e8-001a73c85e99}\Shell\AutoRun\command - "" = F:\AutoRun.exe O33 - MountPoints2\{6022dea4-fca4-11dc-9dc9-001a73c85e99}\Shell - "" = AutoRun O33 - MountPoints2\{6022dea4-fca4-11dc-9dc9-001a73c85e99}\Shell\AutoRun\command - "" = F:\AutoRun.exe O33 - MountPoints2\{6022dea5-fca4-11dc-9dc9-001a73c85e99}\Shell - "" = AutoRun O33 - MountPoints2\{6022dea5-fca4-11dc-9dc9-001a73c85e99}\Shell\AutoRun\command - "" = F:\AutoRun.exe O33 - MountPoints2\{7773c7d2-0c8d-11de-a6ca-806e6f6e6963}\Shell - "" = AutoRun O33 - MountPoints2\{7773c7d2-0c8d-11de-a6ca-806e6f6e6963}\Shell\AutoRun\command - "" = F:\AutoRun.exe O33 - MountPoints2\{97d8b4e7-f1d5-11dc-b9a4-001a73c85e99}\Shell - "" = AutoRun O33 - MountPoints2\{97d8b4e7-f1d5-11dc-b9a4-001a73c85e99}\Shell\AutoRun\command - "" = F:\AutoRun.exe O33 - MountPoints2\{b27fdcc8-f183-11dc-bf65-001b24dad16c}\Shell - "" = AutoRun O33 - MountPoints2\{b27fdcc8-f183-11dc-bf65-001b24dad16c}\Shell\AutoRun\command - "" = F:\AutoRun.exe O33 - MountPoints2\{b8eb1974-0de7-11dd-be13-001b24dad16c}\Shell - "" = AutoRun O33 - MountPoints2\{b8eb1974-0de7-11dd-be13-001b24dad16c}\Shell\AutoRun\command - "" = F:\AutoRun.exe O33 - MountPoints2\{bb89790b-f677-11dc-bc30-001b24dad16c}\Shell - "" = AutoRun O33 - MountPoints2\{bb89790b-f677-11dc-bc30-001b24dad16c}\Shell\AutoRun\command - "" = F:\AutoRun.exe O33 - MountPoints2\{c94e833a-c5a7-11dc-9a3e-001b24dad16c}\Shell\AutoRun\command - "" = F:\InstallTomTomHOME.exe O33 - MountPoints2\F\Shell - "" = AutoRun O33 - MountPoints2\F\Shell\AutoRun\command - "" = F:\AutoRun.exe O33 - MountPoints2\G\Shell - "" = AutoRun O33 - MountPoints2\G\Shell\AutoRun\command - "" = G:\AutoRun.exe O34 - HKLM BootExecute: (autocheck autochk *) - File not found O35 - HKLM\..comfile [open] -- "%1" %* O35 - HKLM\..exefile [open] -- "%1" %* O37 - HKLM\...com [@ = comfile] -- "%1" %* O37 - HKLM\...exe [@ = exefile] -- "%1" %* ========== Files/Folders - Created Within 30 Days ========== [2011.05.23 21:18:09 | 000,580,096 | ---- | C] (OldTimer Tools) -- C:\Users\xxx\Desktop\OTL.exe [2011.05.23 16:29:17 | 000,000,000 | ---D | C] -- C:\Users\xxx\AppData\Roaming\Malwarebytes [2011.05.23 16:29:06 | 000,038,224 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbamswissarmy.sys [2011.05.23 16:29:06 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes' Anti-Malware [2011.05.23 16:29:04 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes [2011.05.23 16:29:00 | 000,020,952 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbam.sys [2011.05.23 16:28:59 | 000,000,000 | ---D | C] -- C:\Program Files\Malwarebytes' Anti-Malware [2011.05.23 13:50:45 | 000,161,792 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msls31.dll [2011.05.23 13:50:44 | 000,176,640 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ieui.dll [2011.05.23 13:50:44 | 000,162,304 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msrating.dll [2011.05.23 13:50:44 | 000,086,528 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\iesysprep.dll [2011.05.23 13:50:44 | 000,076,800 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\SetIEInstalledDate.exe [2011.05.23 13:50:44 | 000,074,752 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\RegisterIEPKEYs.exe [2011.05.23 13:50:44 | 000,065,024 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\jsproxy.dll [2011.05.23 13:50:44 | 000,048,640 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mshtmler.dll [2011.05.23 13:50:43 | 003,695,416 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ieapfltr.dat [2011.05.23 13:50:43 | 000,434,176 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ieapfltr.dll [2011.05.23 13:50:43 | 000,367,104 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\html.iec [2011.05.23 13:50:43 | 000,353,792 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\dxtmsft.dll [2011.05.23 13:50:43 | 000,353,584 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\iedkcs32.dll [2011.05.23 13:50:43 | 000,231,936 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\url.dll [2011.05.23 13:50:43 | 000,223,232 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\dxtrans.dll [2011.05.23 13:50:43 | 000,074,752 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\iesetup.dll [2011.05.23 13:50:43 | 000,074,240 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ie4uinit.exe [2011.05.23 13:50:43 | 000,031,744 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\iernonce.dll [2011.05.23 13:50:42 | 002,382,848 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mshtml.tlb [2011.05.23 13:50:42 | 001,427,456 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\inetcpl.cpl [2011.05.23 13:50:42 | 000,580,608 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msfeeds.dll [2011.05.23 13:50:42 | 000,420,864 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\vbscript.dll [2011.05.23 13:50:42 | 000,152,064 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\wextract.exe [2011.05.23 13:50:42 | 000,150,528 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\iexpress.exe [2011.05.23 13:50:42 | 000,142,848 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ieUnatt.exe [2011.05.23 13:50:42 | 000,078,848 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\inseng.dll [2011.05.23 13:50:42 | 000,023,552 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\licmgr10.dll [2011.05.23 13:50:41 | 001,797,632 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\jscript9.dll [2011.05.23 13:50:41 | 000,716,800 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\jscript.dll [2011.05.23 13:50:41 | 000,227,840 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ieaksie.dll [2011.05.23 13:50:41 | 000,163,840 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ieakui.dll [2011.05.23 13:50:41 | 000,130,560 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ieakeng.dll [2011.05.23 13:50:41 | 000,118,784 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\iepeers.dll [2011.05.23 13:50:41 | 000,110,592 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\IEAdvpack.dll [2011.05.23 13:50:41 | 000,101,888 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\admparse.dll [2011.05.23 13:50:41 | 000,054,272 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\pngfilt.dll [2011.05.23 13:50:41 | 000,041,472 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msfeedsbs.dll [2011.05.23 13:50:41 | 000,035,840 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\imgutil.dll [2011.05.23 13:50:41 | 000,010,752 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msfeedssync.exe [2011.05.23 13:49:06 | 002,873,344 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mf.dll [2011.05.23 13:49:06 | 000,979,456 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\MFH264Dec.dll [2011.05.23 13:49:06 | 000,357,376 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\MFHEAACdec.dll [2011.05.23 13:49:06 | 000,302,592 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mfmp4src.dll [2011.05.23 13:49:06 | 000,261,632 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mfreadwrite.dll [2011.05.23 13:49:06 | 000,098,816 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mfps.dll [2011.05.23 13:49:05 | 000,209,920 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mfplat.dll [2011.05.23 13:49:04 | 000,683,008 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\d2d1.dll [2011.05.23 13:49:04 | 000,486,400 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\d3d10level9.dll [2011.05.23 13:49:04 | 000,135,680 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\XpsRasterService.dll [2011.05.23 13:49:03 | 001,172,480 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\d3d10warp.dll [2011.05.23 13:49:03 | 001,029,120 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\d3d10.dll [2011.05.23 13:49:03 | 000,667,648 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\printfilterpipelinesvc.exe [2011.05.23 13:49:03 | 000,478,720 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\dxgi.dll [2011.05.23 13:49:03 | 000,219,648 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\d3d10_1core.dll [2011.05.23 13:49:03 | 000,189,952 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\d3d10core.dll [2011.05.23 13:49:03 | 000,160,768 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\d3d10_1.dll [2011.05.23 13:49:03 | 000,037,376 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\cdd.dll [2011.05.23 13:49:03 | 000,026,112 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\printfilterpipelineprxy.dll [2011.05.23 13:49:02 | 001,554,432 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\xpsservices.dll [2011.05.23 13:49:02 | 000,876,032 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\XpsPrint.dll [2011.05.23 13:49:02 | 000,847,360 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\OpcServices.dll [2011.05.23 13:46:52 | 000,519,680 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\d3d11.dll [2011.05.23 13:46:52 | 000,369,664 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\WMPhoto.dll [2011.05.23 13:46:52 | 000,252,928 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\dxdiag.exe [2011.05.23 13:46:52 | 000,195,584 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\dxdiagn.dll [2011.05.23 13:46:51 | 000,321,024 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\PhotoMetadataHandler.dll [2011.05.23 13:46:51 | 000,189,440 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\WindowsCodecsExt.dll [2011.05.23 13:41:40 | 001,696,256 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\gameux.dll [2011.05.23 13:41:39 | 004,240,384 | ---- | C] (Microsoft) -- C:\Windows\System32\GameUXLegacyGDFs.dll [2011.05.23 13:41:39 | 000,028,672 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\Apphlpdm.dll [2011.05.23 13:41:36 | 000,714,240 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\timedate.cpl [2011.05.23 13:41:18 | 001,068,544 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\DWrite.dll [2011.05.23 13:41:18 | 000,288,768 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\XpsGdiConverter.dll [2011.05.23 13:40:12 | 000,310,784 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\unregmp2.exe [2011.05.23 08:07:10 | 003,663,960 | ---- | C] (TeamViewer GmbH) -- C:\Users\xxx\Desktop\customermodule_avira_support_de.exe [2011.05.20 14:35:52 | 000,000,000 | -HSD | C] -- C:\$RECYCLE.BIN [2011.05.09 14:35:31 | 000,000,000 | -HSD | C] -- C:\Config.Msi [3 C:\Windows\System32\*.tmp files -> C:\Windows\System32\*.tmp -> ] [1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ] ========== Files - Modified Within 30 Days ========== [2011.05.23 21:26:00 | 000,001,098 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job [2011.05.23 21:25:50 | 007,340,032 | -HS- | M] () -- C:\Users\xxx\ntuser.dat [2011.05.23 21:18:10 | 000,580,096 | ---- | M] (OldTimer Tools) -- C:\Users\xxx\Desktop\OTL.exe [2011.05.23 21:09:25 | 000,054,318 | ---- | M] () -- C:\Users\xxx\AppData\Roaming\nvModes.001 [2011.05.23 21:09:16 | 000,000,148 | ---- | M] () -- C:\Users\Public\Documents\hpqp.ini [2011.05.23 21:08:23 | 000,001,094 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job [2011.05.23 21:06:40 | 000,065,536 | ---- | M] () -- C:\Windows\System32\Ikeext.etl [2011.05.23 21:06:36 | 000,003,296 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0 [2011.05.23 21:06:36 | 000,003,296 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0 [2011.05.23 21:06:33 | 000,000,006 | -H-- | M] () -- C:\Windows\tasks\SA.DAT [2011.05.23 21:06:29 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat [2011.05.23 21:04:41 | 000,524,288 | -HS- | M] () -- C:\Users\xxx\NTUSER.DAT{3a539871-6a70-11db-887c-d362bd253390}.TMContainer00000000000000000002.regtrans-ms [2011.05.23 21:04:41 | 000,065,536 | -HS- | M] () -- C:\Users\xxx\NTUSER.DAT{3a539871-6a70-11db-887c-d362bd253390}.TM.blf [2011.05.23 21:04:36 | 004,631,770 | -H-- | M] () -- C:\Users\xxx\AppData\Local\IconCache.db [2011.05.23 16:29:06 | 000,000,866 | ---- | M] () -- C:\Users\Public\Desktop\Malwarebytes' Anti-Malware.lnk [2011.05.23 14:24:51 | 000,194,304 | ---- | M] () -- C:\Users\xxx\AppData\Local\GDIPFONTCACHEV1.DAT [2011.05.23 14:20:02 | 001,630,778 | ---- | M] () -- C:\Windows\System32\PerfStringBackup.INI [2011.05.23 14:20:02 | 000,701,768 | ---- | M] () -- C:\Windows\System32\perfh007.dat [2011.05.23 14:20:02 | 000,656,152 | ---- | M] () -- C:\Windows\System32\perfh009.dat [2011.05.23 14:20:02 | 000,153,002 | ---- | M] () -- C:\Windows\System32\perfc007.dat [2011.05.23 14:20:02 | 000,125,776 | ---- | M] () -- C:\Windows\System32\perfc009.dat [2011.05.23 14:13:36 | 000,896,640 | ---- | M] () -- C:\Windows\System32\FNTCACHE.DAT [2011.05.23 13:50:55 | 000,008,798 | ---- | M] () -- C:\Windows\System32\icrav03.rat [2011.05.23 13:50:55 | 000,001,988 | ---- | M] () -- C:\Windows\System32\ticrf.rat [2011.05.23 13:50:45 | 000,161,792 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\msls31.dll [2011.05.23 13:50:44 | 000,176,640 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\ieui.dll [2011.05.23 13:50:44 | 000,162,304 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\msrating.dll [2011.05.23 13:50:44 | 000,086,528 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\iesysprep.dll [2011.05.23 13:50:44 | 000,076,800 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\SetIEInstalledDate.exe [2011.05.23 13:50:44 | 000,074,752 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\RegisterIEPKEYs.exe [2011.05.23 13:50:44 | 000,065,024 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\jsproxy.dll [2011.05.23 13:50:44 | 000,048,640 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\mshtmler.dll [2011.05.23 13:50:43 | 003,695,416 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\ieapfltr.dat [2011.05.23 13:50:43 | 000,434,176 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\ieapfltr.dll [2011.05.23 13:50:43 | 000,367,104 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\html.iec [2011.05.23 13:50:43 | 000,353,792 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\dxtmsft.dll [2011.05.23 13:50:43 | 000,353,584 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\iedkcs32.dll [2011.05.23 13:50:43 | 000,231,936 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\url.dll [2011.05.23 13:50:43 | 000,223,232 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\dxtrans.dll [2011.05.23 13:50:43 | 000,074,752 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\iesetup.dll [2011.05.23 13:50:43 | 000,074,240 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\ie4uinit.exe [2011.05.23 13:50:43 | 000,072,822 | ---- | M] () -- C:\Windows\System32\ieuinit.inf [2011.05.23 13:50:43 | 000,031,744 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\iernonce.dll [2011.05.23 13:50:42 | 002,382,848 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\mshtml.tlb [2011.05.23 13:50:42 | 001,427,456 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\inetcpl.cpl [2011.05.23 13:50:42 | 000,580,608 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\msfeeds.dll [2011.05.23 13:50:42 | 000,420,864 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\vbscript.dll [2011.05.23 13:50:42 | 000,152,064 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\wextract.exe [2011.05.23 13:50:42 | 000,150,528 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\iexpress.exe [2011.05.23 13:50:42 | 000,142,848 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\ieUnatt.exe [2011.05.23 13:50:42 | 000,078,848 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\inseng.dll [2011.05.23 13:50:42 | 000,023,552 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\licmgr10.dll [2011.05.23 13:50:41 | 001,797,632 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\jscript9.dll [2011.05.23 13:50:41 | 000,716,800 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\jscript.dll [2011.05.23 13:50:41 | 000,227,840 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\ieaksie.dll [2011.05.23 13:50:41 | 000,163,840 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\ieakui.dll [2011.05.23 13:50:41 | 000,130,560 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\ieakeng.dll [2011.05.23 13:50:41 | 000,118,784 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\iepeers.dll [2011.05.23 13:50:41 | 000,110,592 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\IEAdvpack.dll [2011.05.23 13:50:41 | 000,101,888 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\admparse.dll [2011.05.23 13:50:41 | 000,054,272 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\pngfilt.dll [2011.05.23 13:50:41 | 000,041,472 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\msfeedsbs.dll [2011.05.23 13:50:41 | 000,035,840 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\imgutil.dll [2011.05.23 13:50:41 | 000,010,752 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\msfeedssync.exe [2011.05.23 13:49:06 | 002,873,344 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\mf.dll [2011.05.23 13:49:06 | 000,979,456 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\MFH264Dec.dll [2011.05.23 13:49:06 | 000,357,376 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\MFHEAACdec.dll [2011.05.23 13:49:06 | 000,302,592 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\mfmp4src.dll [2011.05.23 13:49:06 | 000,261,632 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\mfreadwrite.dll [2011.05.23 13:49:06 | 000,098,816 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\mfps.dll [2011.05.23 13:49:05 | 000,209,920 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\mfplat.dll [2011.05.23 13:49:04 | 000,683,008 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\d2d1.dll [2011.05.23 13:49:04 | 000,486,400 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\d3d10level9.dll [2011.05.23 13:49:04 | 000,135,680 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\XpsRasterService.dll [2011.05.23 13:49:03 | 001,172,480 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\d3d10warp.dll [2011.05.23 13:49:03 | 001,029,120 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\d3d10.dll [2011.05.23 13:49:03 | 000,667,648 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\printfilterpipelinesvc.exe [2011.05.23 13:49:03 | 000,478,720 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\dxgi.dll [2011.05.23 13:49:03 | 000,219,648 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\d3d10_1core.dll [2011.05.23 13:49:03 | 000,189,952 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\d3d10core.dll [2011.05.23 13:49:03 | 000,160,768 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\d3d10_1.dll [2011.05.23 13:49:03 | 000,037,376 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\cdd.dll [2011.05.23 13:49:03 | 000,026,112 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\printfilterpipelineprxy.dll [2011.05.23 13:49:02 | 001,554,432 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\xpsservices.dll [2011.05.23 13:49:02 | 000,876,032 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\XpsPrint.dll [2011.05.23 13:49:02 | 000,847,360 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\OpcServices.dll [2011.05.23 13:46:52 | 000,519,680 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\d3d11.dll [2011.05.23 13:46:52 | 000,369,664 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\WMPhoto.dll [2011.05.23 13:46:52 | 000,252,928 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\dxdiag.exe [2011.05.23 13:46:52 | 000,195,584 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\dxdiagn.dll [2011.05.23 13:46:52 | 000,004,096 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\drivers\de-DE\dxgkrnl.sys.mui [2011.05.23 13:46:51 | 000,321,024 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\PhotoMetadataHandler.dll [2011.05.23 13:46:51 | 000,189,440 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\WindowsCodecsExt.dll [2011.05.23 08:07:18 | 003,663,960 | ---- | M] (TeamViewer GmbH) -- C:\Users\xxx\Desktop\customermodule_avira_support_de.exe [2011.05.23 07:57:02 | 000,240,128 | ---- | M] () -- C:\Users\xxx\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini [2011.05.18 15:37:11 | 000,001,152 | ---- | M] () -- C:\Users\xxx\Desktop\Ticker.html [2011.05.10 13:36:16 | 000,013,877 | ---- | M] () -- C:\Users\xxx\Desktop\Kurz-mal-weg-de.ods [2011.05.09 11:06:45 | 012,552,815 | ---- | M] () -- C:\Users\xxx\Desktop\Ohne Titel-1.psd [2011.05.09 07:56:47 | 000,000,259 | ---- | M] () -- C:\Windows\win.ini [2011.05.05 09:23:28 | 000,054,318 | ---- | M] () -- C:\Users\xxx\AppData\Roaming\nvModes.dat [2011.05.02 12:05:45 | 230,991,984 | ---- | M] () -- C:\Windows\MEMORY.DMP [3 C:\Windows\System32\*.tmp files -> C:\Windows\System32\*.tmp -> ] [1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ] ========== Files Created - No Company Name ========== [2011.05.23 16:29:06 | 000,000,866 | ---- | C] () -- C:\Users\Public\Desktop\Malwarebytes' Anti-Malware.lnk [2011.05.23 13:50:43 | 000,072,822 | ---- | C] () -- C:\Windows\System32\ieuinit.inf [2011.05.10 13:36:14 | 000,013,877 | ---- | C] () -- C:\Users\xxx\Desktop\Kurz-mal-weg-de.ods [2011.05.05 14:06:11 | 012,552,815 | ---- | C] () -- C:\Users\xxx\Desktop\Ohne Titel-1.psd [2011.03.30 20:22:05 | 000,000,608 | -HS- | C] () -- C:\Windows\System32\winzvprt5.sys [2011.03.30 20:22:05 | 000,000,250 | ---- | C] () -- C:\Windows\System32\hppfaxprinter5.ini [2010.12.13 19:19:44 | 004,631,770 | -H-- | C] () -- C:\Users\xxx\AppData\Local\IconCache.db [2009.09.16 13:30:15 | 000,117,248 | ---- | C] () -- C:\Windows\System32\EhStorAuthn.dll [2009.09.16 13:30:15 | 000,107,612 | ---- | C] () -- C:\Windows\System32\StructuredQuerySchema.bin [2009.09.16 13:29:50 | 000,368,640 | ---- | C] () -- C:\Windows\System32\msjetoledb40.dll [2009.09.16 13:29:33 | 000,018,904 | ---- | C] () -- C:\Windows\System32\StructuredQuerySchemaTrivial.bin [2009.09.16 11:44:52 | 000,003,235 | ---- | C] () -- C:\Windows\System32\hptcpmon.ini [2009.04.13 14:42:37 | 000,000,094 | ---- | C] () -- C:\Users\xxx\AppData\Local\fusioncache.dat [2009.02.14 22:46:23 | 000,069,632 | R--- | C] () -- C:\Windows\System32\xmltok.dll [2009.02.14 22:46:23 | 000,036,864 | R--- | C] () -- C:\Windows\System32\xmlparse.dll [2009.02.09 19:52:19 | 000,111,932 | ---- | C] () -- C:\Windows\System32\EPPICPrinterDB.dat [2009.02.09 19:52:19 | 000,031,053 | ---- | C] () -- C:\Windows\System32\EPPICPattern131.dat [2009.02.09 19:52:19 | 000,027,417 | ---- | C] () -- C:\Windows\System32\EPPICPattern121.dat [2009.02.09 19:52:19 | 000,026,154 | ---- | C] () -- C:\Windows\System32\EPPICPattern1.dat [2009.02.09 19:52:19 | 000,024,903 | ---- | C] () -- C:\Windows\System32\EPPICPattern3.dat [2009.02.09 19:52:19 | 000,021,390 | ---- | C] () -- C:\Windows\System32\EPPICPattern5.dat [2009.02.09 19:52:19 | 000,020,148 | ---- | C] () -- C:\Windows\System32\EPPICPattern2.dat [2009.02.09 19:52:19 | 000,011,811 | ---- | C] () -- C:\Windows\System32\EPPICPattern4.dat [2009.02.09 19:52:19 | 000,004,943 | ---- | C] () -- C:\Windows\System32\EPPICPattern6.dat [2009.02.09 19:52:19 | 000,001,146 | ---- | C] () -- C:\Windows\System32\EPPICPresetData_DU.dat [2009.02.09 19:52:19 | 000,001,139 | ---- | C] () -- C:\Windows\System32\EPPICPresetData_PT.dat [2009.02.09 19:52:19 | 000,001,139 | ---- | C] () -- C:\Windows\System32\EPPICPresetData_BP.dat [2009.02.09 19:52:19 | 000,001,136 | ---- | C] () -- C:\Windows\System32\EPPICPresetData_ES.dat [2009.02.09 19:52:19 | 000,001,129 | ---- | C] () -- C:\Windows\System32\EPPICPresetData_FR.dat [2009.02.09 19:52:19 | 000,001,129 | ---- | C] () -- C:\Windows\System32\EPPICPresetData_CF.dat [2009.02.09 19:52:19 | 000,001,120 | ---- | C] () -- C:\Windows\System32\EPPICPresetData_IT.dat [2009.02.09 19:52:19 | 000,001,107 | ---- | C] () -- C:\Windows\System32\EPPICPresetData_GE.dat [2009.02.09 19:52:19 | 000,001,104 | ---- | C] () -- C:\Windows\System32\EPPICPresetData_EN.dat [2009.02.09 19:52:19 | 000,000,097 | ---- | C] () -- C:\Windows\System32\PICSDK.ini [2009.02.09 19:50:33 | 000,000,025 | ---- | C] () -- C:\Windows\CDE ESP1400Euro.ini [2008.11.21 20:03:24 | 000,000,492 | ---- | C] () -- C:\Windows\SIERRA.INI [2008.09.17 21:47:54 | 000,060,124 | ---- | C] () -- C:\Windows\System32\tcpmon.ini [2008.08.05 23:19:56 | 000,164,352 | ---- | C] () -- C:\Windows\System32\unrar.dll [2008.08.05 23:19:53 | 003,596,288 | ---- | C] () -- C:\Windows\System32\qt-dx331.dll [2008.08.05 23:19:53 | 000,755,027 | ---- | C] () -- C:\Windows\System32\xvidcore.dll [2008.08.05 23:19:53 | 000,159,839 | ---- | C] () -- C:\Windows\System32\xvidvfw.dll [2008.08.05 23:19:51 | 000,007,680 | ---- | C] () -- C:\Windows\System32\ff_vfw.dll [2008.08.05 23:19:51 | 000,000,547 | ---- | C] () -- C:\Windows\System32\ff_vfw.dll.manifest [2008.08.05 17:37:09 | 000,066,560 | ---- | C] () -- C:\Windows\MOTA113.exe [2008.08.05 17:37:09 | 000,027,648 | ---- | C] () -- C:\Windows\System32\AVSredirect.dll [2008.08.05 17:37:08 | 000,502,784 | ---- | C] () -- C:\Windows\x2.64.exe [2008.08.05 17:37:08 | 000,240,128 | ---- | C] () -- C:\Windows\System32\x.264.exe [2008.08.05 17:37:08 | 000,217,073 | ---- | C] () -- C:\Windows\meta4.exe [2008.02.20 23:44:36 | 000,065,536 | ---- | C] () -- C:\Windows\System32\HPPLVS.dll [2008.02.07 10:05:18 | 000,163,840 | ---- | C] () -- C:\Windows\System32\hppatusg01.dll [2008.02.02 13:40:22 | 000,116,224 | ---- | C] () -- C:\Windows\System32\redmonnt.dll [2008.02.02 13:40:22 | 000,045,056 | ---- | C] () -- C:\Windows\System32\unredmon.exe [2007.12.18 15:56:39 | 000,007,592 | ---- | C] () -- C:\Users\xxx\AppData\Local\d3d9caps.dat [2007.12.09 23:20:36 | 000,650,487 | ---- | C] () -- C:\Users\xxx\AppData\Roaming\UserTile.png [2007.12.09 12:13:35 | 000,054,318 | ---- | C] () -- C:\Users\xxx\AppData\Roaming\nvModes.001 [2007.12.08 22:08:10 | 000,054,318 | ---- | C] () -- C:\Users\xxx\AppData\Roaming\nvModes.dat [2007.12.08 20:54:02 | 000,013,734 | ---- | C] () -- C:\Users\xxx\AppData\Roaming\wklnhst.dat [2007.12.05 21:12:43 | 000,240,128 | ---- | C] () -- C:\Users\xxx\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini [2007.12.05 15:25:23 | 000,194,304 | ---- | C] () -- C:\Users\xxx\AppData\Local\GDIPFONTCACHEV1.DAT [2007.08.20 11:01:39 | 000,111,045 | ---- | C] () -- C:\Windows\hpqins13.dat [2007.08.20 09:49:27 | 000,001,732 | ---- | C] () -- C:\Windows\System32\drivers\nvphy.bin [2007.02.27 22:43:02 | 000,000,000 | ---- | C] () -- C:\Windows\System32\px.ini [2006.12.14 08:01:36 | 000,520,192 | ---- | C] () -- C:\Windows\System32\CddbPlaylist2Roxio.dll [2006.12.14 08:01:36 | 000,204,800 | ---- | C] () -- C:\Windows\System32\CddbFileTaggerRoxio.dll [2006.11.02 17:33:31 | 000,701,768 | ---- | C] () -- C:\Windows\System32\perfh007.dat [2006.11.02 17:33:31 | 000,290,748 | ---- | C] () -- C:\Windows\System32\perfi007.dat [2006.11.02 17:33:31 | 000,153,002 | ---- | C] () -- C:\Windows\System32\perfc007.dat [2006.11.02 17:33:31 | 000,036,916 | ---- | C] () -- C:\Windows\System32\perfd007.dat [2006.11.02 14:57:28 | 000,067,584 | --S- | C] () -- C:\Windows\bootstat.dat [2006.11.02 14:47:37 | 000,896,640 | ---- | C] () -- C:\Windows\System32\FNTCACHE.DAT [2006.11.02 14:35:32 | 000,005,632 | ---- | C] () -- C:\Windows\System32\sysprepMCE.dll [2006.11.02 12:33:01 | 001,630,778 | ---- | C] () -- C:\Windows\System32\PerfStringBackup.INI [2006.11.02 12:33:01 | 000,656,152 | ---- | C] () -- C:\Windows\System32\perfh009.dat [2006.11.02 12:33:01 | 000,287,440 | ---- | C] () -- C:\Windows\System32\perfi009.dat [2006.11.02 12:33:01 | 000,125,776 | ---- | C] () -- C:\Windows\System32\perfc009.dat [2006.11.02 12:33:01 | 000,030,674 | ---- | C] () -- C:\Windows\System32\perfd009.dat [2006.11.02 12:25:25 | 000,557,568 | ---- | C] () -- C:\Windows\System32\hpotscld.dll [2006.11.02 12:25:21 | 000,061,440 | ---- | C] () -- C:\Windows\System32\igfxTMM.dll [2006.11.02 12:24:31 | 000,001,405 | ---- | C] () -- C:\Windows\msdfmap.ini [2006.11.02 12:23:31 | 000,000,259 | ---- | C] () -- C:\Windows\win.ini [2006.11.02 12:23:31 | 000,000,219 | ---- | C] () -- C:\Windows\system.ini [2006.11.02 12:23:21 | 000,215,943 | ---- | C] () -- C:\Windows\System32\dssec.dat [2006.11.02 10:58:30 | 000,043,131 | ---- | C] () -- C:\Windows\mib.bin [2006.11.02 10:33:50 | 000,056,880 | ---- | C] () -- C:\Windows\System32\scvideo.dll [2006.11.02 10:19:00 | 000,000,741 | ---- | C] () -- C:\Windows\System32\NOISE.DAT [2006.11.02 09:40:29 | 000,013,750 | ---- | C] () -- C:\Windows\System32\pacerprf.ini [2006.11.02 09:25:31 | 000,673,088 | ---- | C] () -- C:\Windows\System32\mlang.dat [2006.11.02 09:10:37 | 000,053,536 | ---- | C] () -- C:\Windows\System32\dosx.exe [2006.11.02 09:10:02 | 000,000,718 | ---- | C] () -- C:\Windows\System32\mscdexnt.exe [2006.11.02 09:10:00 | 000,002,842 | ---- | C] () -- C:\Windows\System32\redir.exe [2006.11.02 09:09:59 | 000,069,886 | ---- | C] () -- C:\Windows\System32\edit.com [2006.11.02 09:09:59 | 000,019,694 | ---- | C] () -- C:\Windows\System32\GRAPHICS.COM [2006.11.02 09:09:59 | 000,000,882 | ---- | C] () -- C:\Windows\System32\share.exe [2006.11.02 09:09:59 | 000,000,882 | ---- | C] () -- C:\Windows\System32\fastopen.exe [2006.11.02 09:09:57 | 000,014,710 | ---- | C] () -- C:\Windows\System32\KB16.COM [2006.11.02 09:09:56 | 000,007,052 | ---- | C] () -- C:\Windows\System32\nlsfunc.exe [2006.11.02 09:09:55 | 000,039,274 | ---- | C] () -- C:\Windows\System32\mem.exe [2006.11.02 09:09:55 | 000,001,131 | ---- | C] () -- C:\Windows\System32\LOADFIX.COM [2006.11.02 09:09:53 | 000,011,753 | ---- | C] () -- C:\Windows\System32\setver.exe [2006.11.02 09:09:52 | 000,020,634 | ---- | C] () -- C:\Windows\System32\debug.exe [2006.11.02 09:09:51 | 000,008,424 | ---- | C] () -- C:\Windows\System32\exe2bin.exe [2006.11.02 09:09:50 | 000,012,642 | ---- | C] () -- C:\Windows\System32\edlin.exe [2006.11.02 09:09:49 | 000,050,648 | ---- | C] () -- C:\Windows\System32\COMMAND.COM [2006.11.02 09:09:49 | 000,012,498 | ---- | C] () -- C:\Windows\System32\append.exe [2006.11.02 09:09:45 | 000,027,097 | ---- | C] () -- C:\Windows\System32\country.sys [2006.11.02 09:09:44 | 000,042,809 | ---- | C] () -- C:\Windows\System32\KEY01.SYS [2006.11.02 09:09:44 | 000,042,537 | ---- | C] () -- C:\Windows\System32\KEYBOARD.SYS [2006.11.02 09:09:42 | 000,009,029 | ---- | C] () -- C:\Windows\System32\ANSI.SYS [2006.11.02 09:09:41 | 000,004,768 | ---- | C] () -- C:\Windows\System32\HIMEM.SYS [2006.11.02 09:09:40 | 000,029,274 | ---- | C] () -- C:\Windows\System32\NTDOS412.SYS [2006.11.02 09:09:38 | 000,029,370 | ---- | C] () -- C:\Windows\System32\NTDOS411.SYS [2006.11.02 09:09:35 | 000,029,146 | ---- | C] () -- C:\Windows\System32\NTDOS404.SYS [2006.11.02 09:09:31 | 000,029,146 | ---- | C] () -- C:\Windows\System32\NTDOS804.SYS [2006.11.02 09:09:29 | 000,027,866 | ---- | C] () -- C:\Windows\System32\NTDOS.SYS [2006.11.02 09:09:26 | 000,035,536 | ---- | C] () -- C:\Windows\System32\NTIO412.SYS [2006.11.02 09:09:24 | 000,035,776 | ---- | C] () -- C:\Windows\System32\NTIO411.SYS [2006.11.02 09:09:23 | 000,034,672 | ---- | C] () -- C:\Windows\System32\NTIO404.SYS [2006.11.02 09:09:22 | 000,034,672 | ---- | C] () -- C:\Windows\System32\NTIO804.SYS [2006.11.02 09:09:20 | 000,033,952 | ---- | C] () -- C:\Windows\System32\NTIO.SYS [2006.11.02 08:25:08 | 000,013,312 | ---- | C] () -- C:\Windows\System32\win87em.dll [2006.03.10 02:58:00 | 001,060,424 | ---- | C] () -- C:\Windows\System32\WdfCoInstaller01000.dll [2005.05.07 14:06:00 | 000,016,480 | ---- | C] () -- C:\Windows\System32\rixdicon.dll [1997.06.14 13:56:08 | 000,056,832 | ---- | C] () -- C:\Windows\System32\iyvu9_32.dll ========== LOP Check ========== [2010.12.23 10:53:49 | 000,000,000 | ---D | M] -- C:\Users\xxx\AppData\Roaming\Alawar [2010.12.14 13:58:46 | 000,000,000 | ---D | M] -- C:\Users\xxx\AppData\Roaming\Crtuser [2011.01.02 15:37:02 | 000,000,000 | ---D | M] -- C:\Users\xxx\AppData\Roaming\elsterformular [2009.02.09 20:40:46 | 000,000,000 | ---D | M] -- C:\Users\xxx\AppData\Roaming\EPSON [2009.12.18 17:56:24 | 000,000,000 | ---D | M] -- C:\Users\xxx\AppData\Roaming\Hemera [2010.01.21 10:01:22 | 000,000,000 | ---D | M] -- C:\Users\xxx\AppData\Roaming\OpenOffice.org [2007.12.10 17:58:27 | 000,000,000 | ---D | M] -- C:\Users\xxx\AppData\Roaming\PX24 [2009.12.06 18:36:34 | 000,000,000 | ---D | M] -- C:\Users\xxx\AppData\Roaming\T-Online [2009.12.14 20:53:53 | 000,000,000 | ---D | M] -- C:\Users\xxx\AppData\Roaming\Template [2010.12.15 18:16:35 | 000,000,000 | ---D | M] -- C:\Users\xxx\AppData\Roaming\Uniblue [2007.12.10 16:46:35 | 000,000,000 | ---D | M] -- C:\Users\xxx\AppData\Roaming\Visit-X [2008.06.24 23:11:48 | 000,000,000 | ---D | M] -- C:\Users\xxx\AppData\Roaming\VX-Software2007 [2011.05.23 21:05:08 | 000,032,580 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT ========== Purity Check ========== ========== Alternate Data Streams ========== @Alternate Data Stream - 98 bytes -> C:\ProgramData\TEMP:DFC5A2B2 @Alternate Data Stream - 128 bytes -> C:\ProgramData\TEMP:E1F04E8D < End of report > [/code] Sorry, mehrfach gepostet Hallo und guten Morgen, tut mir Leid, wenn ich zu ungeduldig bin... Kann mir jemand weiter helfen? Ist mein PC jetzt frei von Schädlingen? Was soll ich machen?  Das Fenster mit der "Meldung" kommt jetzt nicht mehr, ich habe aber Bedenken mich wieder frei im Internet zu bewegen... LG Mara |
| Themen zu Auf dem PC entdeckt SpyEyes / Exploits EXP/CVE-2010-4452.A |
| 32 bit, administrator, alt+f4, alternate, appdata, arbeits-pc, avira, datei, dateien, deutsch, ebanking, entfernen, exp/cve-2010-4452.a, exploits exp/cve-2010-4452, forum, frage, google, google earth, hotspot, install.exe, ip-adresse, java, launch, malware, namen, nvlddmkm.sys, oldtimer, panik, passwort, plug-in, problem, probleme, programme, recovery, recycle.bin, schließen, schreibfehler, searchplugins, shell32.dll, sierra, spyeyes, start menu, starten, studio, versteckte, viren, viren usw., vista, was soll ich machen, ändern |
Baum-Darstellung