| |
| |||||||
Plagegeister aller Art und deren Bekämpfung: Updateprobleme jeweder Software(Nach Internet Security 2011 befall)Windows 7 Wenn Du nicht sicher bist, ob Du dir Malware oder Trojaner eingefangen hast, erstelle hier ein Thema. Ein Experte wird sich mit weiteren Anweisungen melden und Dir helfen die Malware zu entfernen oder Unerwünschte Software zu deinstallieren bzw. zu löschen. Bitte schildere dein Problem so genau wie möglich. Sollte es ein Trojaner oder Viren Problem sein wird ein Experte Dir bei der Beseitigug der Infektion helfen. |
 |
| |
23.06.2011, 22:07
| #1 |
 |  Updateprobleme jeweder Software(Nach Internet Security 2011 befall) Moin alle zusammen nun führt mein weg doch wieder zurück zum Trojaner-Board. Hatte letztens beim laden verschiedener Software das Problem der angehängten Software "Internet Security 2011". Hab mich natürlich die krätze geärgert das mir das nach 4 Jahren sorglosem Surfen doch passiert. Ich bin im abgesicherten Modus gestartet und der Sache auf den grund gegangen. Ich konnte komischerweise den Taskmanager starten und den prozess zu einer exe zurück verfolgen. "kya.exe" Mit der Datei suche konnte ich diese "exe" und eine "txt" datei identifizieren und entfernen. Danach öffnete sich nichts mehr von diesem Scareware Programm. Nachdem habe ich mit Security Essentials (Microsoft), Malewarebytes und S&D alle restlichen viren/spyware/maleware entfernt. Jedoch funktionieren seitdem keine Updates mehr, welches ein großes problem für mich ist. Mit Combofix und OTL hab ich ein Log erstellt. OTL EXTRAS Logfile: OTL Logfile: Code:
ATTFilter OTL Extras logfile created on: 23.06.2011 22:54:15 - Run 1
OTL by OldTimer - Version 3.2.24.1 Folder = C:\Users\Justin\Desktop
64bit- An unknown product (Version = 6.1.7600) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
6,00 Gb Total Physical Memory | 4,75 Gb Available Physical Memory | 79,18% Memory free
11,99 Gb Paging File | 10,58 Gb Available in Paging File | 88,24% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 298,09 Gb Total Space | 90,75 Gb Free Space | 30,44% Space Free | Partition Type: NTFS
Drive D: | 1397,26 Gb Total Space | 617,24 Gb Free Space | 44,18% Space Free | Partition Type: NTFS
Drive F: | 465,66 Gb Total Space | 447,30 Gb Free Space | 96,06% Space Free | Partition Type: NTFS
Computer Name: JUSTINS-PC | User Name: Justin | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Include 64bit Scans
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
========== Extra Registry (SafeList) ==========
========== File Associations ==========
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.url[@ = InternetShortcut] -- C:\Windows\SysNative\rundll32.exe (Microsoft Corporation)
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- C:\Windows\SysWow64\control.exe (Microsoft Corporation)
[HKEY_CURRENT_USER\SOFTWARE\Classes\<extension>]
.html [@ = FirefoxHTML] -- C:\Program Files (x86)\Mozilla Firefox\firefox.exe (Mozilla Corporation)
========== Shell Spawning ==========
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %* File not found
cmdfile [open] -- "%1" %* File not found
comfile [open] -- "%1" %* File not found
exefile [open] -- "%1" %* File not found
helpfile [open] -- Reg Error: Key error.
htafile [open] -- "%1" %* File not found
htmlfile [print] -- rundll32.exe %SystemRoot%\system32\mshtml.dll,PrintHTML "%1" (Microsoft Corporation)
inffile [install] -- %SystemRoot%\System32\rundll32.exe setupapi,InstallHinfSection DefaultInstall 132 %1 (Microsoft Corporation)
InternetShortcut [open] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\ieframe.dll",OpenURL %l (Microsoft Corporation)
InternetShortcut [print] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\mshtml.dll",PrintHTML "%1" (Microsoft Corporation)
piffile [open] -- "%1" %* File not found
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1" File not found
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l File not found
scrfile [open] -- "%1" /S File not found
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1 File not found
Directory [AddToPlaylistVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" ()
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [PlayWithVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" ()
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
htafile [open] -- "%1" %*
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [AddToPlaylistVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" ()
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [PlayWithVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" ()
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
========== Security Center Settings ==========
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 0
"FirewallDisableNotify" = 0
"AntiVirusDisableNotify" = 0
"UpdatesDisableNotify" = 0
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"VistaSp1" = 28 4D B2 76 41 04 CA 01 [binary data]
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"FirewallDisableNotify" = 0
"AntiVirusDisableNotify" = 0
"UpdatesDisableNotify" = 0
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
========== System Restore Settings ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRestore]
"DisableSR" = 0
========== Firewall Settings ==========
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall]
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\DomainProfile]
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\StandardProfile]
[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall]
[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\DomainProfile]
[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\StandardProfile]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
========== Authorized Applications List ==========
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
========== HKEY_LOCAL_MACHINE Uninstall List ==========
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{0E3DAF3D-FF69-345A-A99E-1FED304CA083}" = Microsoft .NET Framework 4 Client Profile DEU Language Pack
"{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161
"{6CC95B76-D380-46B2-9022-9353938E48BA}" = Logitech GamePanel Software 3.03.113
"{6DE721A5-5E89-4D74-994C-652BB3C0672E}" = Pinnacle Video Treiber
"{774088D4-0777-4D78-904D-E435B318F5D2}" = Microsoft Antimalware
"{7782916E-3D46-4F1F-AC4B-3FB9D17049F4}" = Microsoft Antimalware Service DE-DE Language Pack
"{7E265513-8CDA-4631-B696-F40D983F3B07}_is1" = CDBurnerXP
"{80C27FE9-C6C4-F5C8-EAD3-09E7E0102E78}" = ATI Stream SDK v2 Developer
"{8220EEFE-38CD-377E-8595-13398D740ACE}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17
"{8338783A-0968-3B85-AFC7-BAAE0A63DC50}" = Microsoft Visual C++ 2008 Redistributable - KB2467174 - x64 9.0.30729.5570
"{8DF9D3DF-6D03-A04F-217F-F2577D973DBE}" = ATI Catalyst Install Manager
"{8F473675-D702-45F9-8EBC-342B40C17BF5}" = Apple Mobile Device Support
"{90140000-0015-0407-1000-0000000FF1CE}" = Microsoft Office Access MUI (German) 2010
"{90140000-0016-0407-1000-0000000FF1CE}" = Microsoft Office Excel MUI (German) 2010
"{90140000-0018-0407-1000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (German) 2010
"{90140000-0019-0407-1000-0000000FF1CE}" = Microsoft Office Publisher MUI (German) 2010
"{90140000-001A-0407-1000-0000000FF1CE}" = Microsoft Office Outlook MUI (German) 2010
"{90140000-001B-0407-1000-0000000FF1CE}" = Microsoft Office Word MUI (German) 2010
"{90140000-001F-0407-1000-0000000FF1CE}" = Microsoft Office Proof (German) 2010
"{90140000-001F-0409-1000-0000000FF1CE}" = Microsoft Office Proof (English) 2010
"{90140000-001F-040C-1000-0000000FF1CE}" = Microsoft Office Proof (French) 2010
"{90140000-001F-0410-1000-0000000FF1CE}" = Microsoft Office Proof (Italian) 2010
"{90140000-002C-0407-1000-0000000FF1CE}" = Microsoft Office Proofing (German) 2010
"{90140000-0043-0000-1000-0000000FF1CE}" = Microsoft Office Office 32-bit Components 2010
"{90140000-0043-0407-1000-0000000FF1CE}" = Microsoft Office Shared 32-bit MUI (German) 2010
"{90140000-0044-0407-1000-0000000FF1CE}" = Microsoft Office InfoPath MUI (German) 2010
"{90140000-006E-0407-1000-0000000FF1CE}" = Microsoft Office Shared MUI (German) 2010
"{90140000-00A1-0407-1000-0000000FF1CE}" = Microsoft Office OneNote MUI (German) 2010
"{90140000-00B4-0407-1000-0000000FF1CE}" = Microsoft Office Project MUI (German) 2010
"{90140000-00BA-0407-1000-0000000FF1CE}" = Microsoft Office Groove MUI (German) 2010
"{91140000-0011-0000-1000-0000000FF1CE}" = Microsoft Office Professional Plus 2010
"{91140000-003B-0000-1000-0000000FF1CE}" = Microsoft Office Project Professional 2010
"{95120000-00B9-0409-1000-0000000FF1CE}" = Microsoft Application Error Reporting
"{95140000-007D-0409-1000-0000000FF1CE}" = Microsoft Outlook Social Connector Provider for Windows Live Messenger 64-bit
"{95140000-007F-0407-1000-0000000FF1CE}" = Microsoft Outlook Hotmail Connector 64-Bit
"{AE0D971F-5430-8874-B09E-3F1C76E2F8FF}" = WMV9/VC-1 Video Playback
"{B24A47E5-F196-461E-A7A4-AADB72CB19DD}" = iTunes
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.3DVision" = NVIDIA 3D Vision Treiber 266.58
"{B2FE1952-0186-46c3-BAEC-A80AA35AC5B8}_Display.ControlPanel" = NVIDIA Systemsteuerung 266.58
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Driver" = NVIDIA Grafiktreiber 266.58
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.PhysX" = NVIDIA PhysX-Systemsoftware 9.10.0514
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_installer" = NVIDIA Install Application
"{B49673F8-7AB6-4A14-8213-C8A7BE370010}" = UltraMon
"{CC7D4CC8-FE90-17E2-FAC6-3D14C93DCE09}" = AMD Drag and Drop Transcoding
"{D0795B21-0CDA-4a92-AB9E-6E92D8111E44}" = SAMSUNG USB Driver for Mobile Phones
"{D29E5E5F-47CA-087E-DCBF-FB75171D5B2E}" = ccc-utility64
"{E4F5E48E-7155-4CF9-88CD-7F377EC9AC54}" = Bonjour
"{E77543EE-6FB5-4FF6-AB70-635392C8C756}" = Microsoft Security Client
"{EE936C7A-EA40-31D5-9B65-8E3E089C3828}" = Microsoft Visual C++ 2008 ATL Update kb973924 - x64 9.0.30729.4148
"{F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4}" = Microsoft .NET Framework 4 Client Profile
"{FCAB9F73-BF5D-4E3D-92E7-B0F35C568F20}" = Microsoft Security Client DE-DE Language Pack
"CPUID CPU-Z_is1" = CPUID CPU-Z 1.56
"CrystalDiskMark_is1" = CrystalDiskMark 3.0.1a
"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile
"Microsoft .NET Framework 4 Client Profile DEU Language Pack" = Microsoft .NET Framework 4 Client Profile DEU Language Pack
"Microsoft Security Client" = Microsoft Security Essentials
"Office14.PRJPROR" = Microsoft Project Professional 2010
"Office14.PROPLUSR" = Microsoft Office Professional Plus 2010
"Shrew Soft VPN Client" = Shrew Soft VPN Client
"TeamSpeak 3 Client" = TeamSpeak 3 Client
"WinGimp-2.0_is1" = GIMP 2.6.8
"WinRAR archiver" = WinRAR
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{003BFBBD-6C67-419E-A24D-0DCAFC3A5249}" = tools-freebsd
"{048298C9-A4D3-490B-9FF9-AB023A9238F3}" = Steam
"{11083C7A-D0D6-4DA4-8C3A-74B8389EC07B}" = ATI Catalyst Registration
"{135F49F2-9071-F45A-4263-DF7D42FBF7DD}" = CCC Help English
"{1362E602-9625-42D3-B57F-CDA9D26F9DA8}" = Pinnacle Studio 15
"{197597A7-AD33-4898-9D8E-73066818B464}" = tools-netware
"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
"{20D4A895-748C-4D88-871C-FDB1695B0169}" = Platform
"{26A24AE4-039D-4CA4-87B4-2F83216022FF}" = Java(TM) 6 Update 23
"{2DC94AFD-A6E2-4AB4-9132-4A3F8E07B386}" = Apple Application Support
"{3F66C4BF-4BD9-FF9C-FA9F-4579F60A33B3}" = Catalyst Control Center Graphics Previews Vista
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{4CB0307C-565E-4441-86BE-0DF2E4FB828C}" = Microsoft Games for Windows Marketplace
"{554E5DE9-4670-452D-8157-FCB81C502D65}" = ShadowProtect Desktop
"{57752979-A1C9-4C02-856B-FBB27AC4E02C}" = QuickTime
"{5DA8F6CD-C70E-39D8-8430-3D9808D6BD17}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30411
"{69FDFBB6-351D-4B8C-89D8-867DC9D0A2A4}" = Windows Media Player Firefox Plugin
"{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}" = Microsoft Visual C++ 2005 Redistributable
"{73C6DCFB-B606-47F3-BDFA-9A4FBF931E37}" = ICQ7.4
"{758C8301-2696-4855-AF45-534B1200980A}" = Samsung Kies
"{770657D0-A123-3C07-8E44-1C83EC895118}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
"{7F3AD00A-1819-4B15-BB7D-08B3586336D7}" = 3DMark06
"{837b34e3-7c30-493c-8f6a-2b0f04e2912c}" = Microsoft Visual C++ 2005 Redistributable
"{86CE85E6-DBAC-3FFD-B977-E4B79F83C909}" = Microsoft Visual C++ 2008 Redistributable - KB2467174 - x86 9.0.30729.5570
"{8850DEC8-22FD-4F05-A3AA-49B91200C24F}" = ShadowProtect Desktop
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{95120000-00B9-0409-0000-0000000FF1CE}" = Microsoft Application Error Reporting
"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
"{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
"{A3FF5CB2-FB35-4658-8751-9EDE1D65B3AA}" = VMware Workstation
"{A914AE85-1A36-0575-714C-BF996BDA20C7}" = ccc-core-static
"{AB1C87CB-1807-4CF0-B4C2-CEE14C18CDB4}" = tools-solaris
"{AC76BA86-7AD7-1031-7B44-AA1000000001}" = Adobe Reader X (10.1.0) - Deutsch
"{AE0F62A7-A1A2-407F-9F4C-48939BD9AD8D}" = tools-winPre2k
"{AE249BA3-2421-3996-5E9A-DF4A9F3551FC}" = Catalyst Control Center InstallProxy
"{B9DB4C76-01A4-46D5-8910-F7AA6376DBAF}" = NVIDIA PhysX
"{BC7BED89-618B-4E89-8ADF-75D47F276223}" = Pinnacle Studio 15 Ultimate Collection Plugins
"{BEE64C14-BEF1-4610-8A68-A16EAA47B882}" = Futuremark SystemInfo
"{C41300B9-185D-475E-BFEC-39EF732F19B1}" = Apple Software Update
"{D102611A-6466-4101-A51D-51069303AC65}" = tools-linux
"{D7BF9739-8A68-4335-BBEE-37752AD9E86B}" = NEC Electronics USB 3.0 Host Controller Driver
"{DB8B49A9-7CF1-34DB-6DF2-1EC41C0FE5E1}" = Catalyst Control Center Graphics Previews Common
"{DDA34038-89BD-4804-B0B8-DC48D5DFB463}" = Catalyst Control Center - Branding
"{E633D396-5188-4E9D-8F6B-BFB8BF3467E8}" = Skype™ 5.0
"{EF6E3398-7BB4-4A1C-B43A-D53ABEB1999F}" = HFM.NET 0.6.1.251
"{F2508213-9989-4E85-A078-72BE483917EF}" = Microsoft Games for Windows - LIVE Redistributable
"{F30787F6-EA4F-4BC8-0001-398BDCC33E1E}" = MovieSaver*3.0
"{FC030CB5-46A6-4229-AD6E-0AC869F509C8}" = Pinnacle Studio Bonus Content
"{FFD9383C-01D5-4897-A954-43AF599AED30}" = tools-windows
"Adobe Flash Player ActiveX" = Adobe Flash Player 10 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 10 Plugin
"AIMP2" = AIMP2
"APB Reloaded" = APB Reloaded
"BeyondCompare3_is1" = Beyond Compare Version 3.1.11
"BitTorrent" = BitTorrent
"FileZilla Client" = FileZilla Client 3.4.0
"Fraps" = Fraps (remove only)
"Free YouTube to MP3 Converter_is1" = Free YouTube to MP3 Converter version 3.9.37.426
"HD Tune Pro_is1" = HD Tune Pro 3.10
"InstallShield_{20D4A895-748C-4D88-871C-FDB1695B0169}" = VIA Plattform-Geräte-Manager
"InstallShield_{758C8301-2696-4855-AF45-534B1200980A}" = Samsung Kies
"InstallShield_{D7BF9739-8A68-4335-BBEE-37752AD9E86B}" = NEC Electronics USB 3.0 Host Controller Driver
"JDownloader" = JDownloader
"Knoll Light Factory EZ Studio 15" = Knoll Light Factory EZ Studio 15
"Magic Bullet Looks Studio 15" = Magic Bullet Looks Studio 15
"Marvell Miniport Driver" = Marvell Miniport Driver
"Messenger Plus!" = Messenger Plus! 5
"Messenger Plus! Live" = Messenger Plus! Live
"Mozilla Firefox 5.0 (x86 de)" = Mozilla Firefox 5.0 (x86 de)
"MyFreeCodec" = MyFreeCodec
"NVIDIAStereo" = NVIDIA Stereoscopic 3D Driver
"PunkBusterSvc" = PunkBuster Services
"Red Giant ToonIt Studio 15" = Red Giant ToonIt Studio 15
"RocketDock_is1" = RocketDock 1.3.5
"Simple Internet Meter" = Simple Internet Meter
"StarCraft II" = StarCraft II
"Steam App 10" = Counter-Strike
"Steam App 10180" = Call of Duty: Modern Warfare 2
"Steam App 10190" = Call of Duty: Modern Warfare 2 - Multiplayer
"Steam App 12210" = Grand Theft Auto IV
"Steam App 12220" = Grand Theft Auto: Episodes from Liberty City
"Steam App 41500" = Torchlight
"Steam App 42700" = Call of Duty: Black Ops
"Steam App 42710" = Call of Duty: Black Ops - Multiplayer
"Steam App 630" = Alien Swarm
"Teamspeak 2 RC2_is1" = TeamSpeak 2 RC2
"TeamSpeak 3 Client" = TeamSpeak 3 Client
"TeamViewer 6" = TeamViewer 6
"Trapcode 3DStroke Studio 15" = Trapcode 3DStroke Studio 15
"Trapcode Particular Studio" = Trapcode Particular Studio
"Trapcode Shine Studio 15" = Trapcode Shine Studio 15
"Uninstall_is1" = Uninstall 1.0.0.1
"VLC media player" = VLC media player 1.1.9
"VMware_Workstation" = VMware Workstation
"WBFS Manager 3.0" = WBFS Manager 3.0
"Winmx Community 1" = Winmx Community 1
"winpcap-nmap" = winpcap-nmap 4.02
"WinRAR archiver" = WinRAR archiver
"World of Warcraft" = World of Warcraft
========== HKEY_CURRENT_USER Uninstall List ==========
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"BitTorrent DNA" = DNA
"MyFreeCodec" = MyFreeCodec
========== Last 10 Event Log Errors ==========
[ Application Events ]
Error - 23.06.2011 11:23:08 | Computer Name = Justins-PC | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: Continuously busy for more than a second
Error - 23.06.2011 11:23:08 | Computer Name = Justins-PC | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: m->NextScheduledEvent 7005
Error - 23.06.2011 11:23:08 | Computer Name = Justins-PC | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: m->NextScheduledSPRetry 7005
Error - 23.06.2011 11:23:09 | Computer Name = Justins-PC | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: Continuously busy for more than a second
Error - 23.06.2011 11:23:09 | Computer Name = Justins-PC | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: m->NextScheduledEvent 8019
Error - 23.06.2011 11:23:09 | Computer Name = Justins-PC | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: m->NextScheduledSPRetry 8019
Error - 23.06.2011 11:23:10 | Computer Name = Justins-PC | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: Continuously busy for more than a second
Error - 23.06.2011 11:23:10 | Computer Name = Justins-PC | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: m->NextScheduledEvent 9017
Error - 23.06.2011 11:23:10 | Computer Name = Justins-PC | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: m->NextScheduledSPRetry 9017
Error - 23.06.2011 16:52:38 | Computer Name = Justins-PC | Source = Schedule | ID = 0
Description =
[ System Events ]
Error - 23.06.2011 16:54:26 | Computer Name = Justins-PC | Source = Microsoft Antimalware | ID = 2001
Description = Fehler in %%860 beim Aktualisieren von Signaturen. Neue Signaturversion:
Vorherige Signaturversion: 0.0.0.0 Aktualisierungsquelle: %%851 Aktualisierungsstufe:
%%852 Quellpfad: hxxp://go.microsoft.com/fwlink/?LinkID=121721&clcid=0x409&arch=x64&eng=0.0.0.0&avdelta=0.0.0.0&asdelta=0.0.0.0&prod=EDB4FA23-53B8-4AFA-8C5D-99752CCA7094
Signaturtyp:
%%800 Aktualisierungstyp: %%803 Benutzer: NT-AUTORITÄT\NETZWERKDIENST Aktuelle Modulversion:
Vorherige Modulversion: 0.0.0.0 Fehlercode: 0x80072ee7 Fehlerbeschreibung: Der Servername
oder die Serveradresse konnte nicht verarbeitet werden.
Error - 23.06.2011 16:54:26 | Computer Name = Justins-PC | Source = Microsoft Antimalware | ID = 2001
Description = Fehler in %%860 beim Aktualisieren von Signaturen. Neue Signaturversion:
Vorherige Signaturversion: 0.0.0.0 Aktualisierungsquelle: %%851 Aktualisierungsstufe:
%%852 Quellpfad: hxxp://go.microsoft.com/fwlink/?LinkID=121721&clcid=0x409&arch=x64&eng=0.0.0.0&avdelta=0.0.0.0&asdelta=0.0.0.0&prod=EDB4FA23-53B8-4AFA-8C5D-99752CCA7094
Signaturtyp:
%%801 Aktualisierungstyp: %%803 Benutzer: NT-AUTORITÄT\NETZWERKDIENST Aktuelle Modulversion:
Vorherige Modulversion: 0.0.0.0 Fehlercode: 0x80072ee7 Fehlerbeschreibung: Der Servername
oder die Serveradresse konnte nicht verarbeitet werden.
Error - 23.06.2011 16:54:26 | Computer Name = Justins-PC | Source = Microsoft Antimalware | ID = 2001
Description = Fehler in %%860 beim Aktualisieren von Signaturen. Neue Signaturversion:
Vorherige Signaturversion: 0.0.0.0 Aktualisierungsquelle: %%851 Aktualisierungsstufe:
%%852 Quellpfad: hxxp://go.microsoft.com/fwlink/?LinkID=121721&clcid=0x409&arch=x64&eng=0.0.0.0&avdelta=0.0.0.0&asdelta=0.0.0.0&prod=EDB4FA23-53B8-4AFA-8C5D-99752CCA7094
Signaturtyp:
%%800 Aktualisierungstyp: %%803 Benutzer: NT-AUTORITÄT\NETZWERKDIENST Aktuelle Modulversion:
Vorherige Modulversion: 0.0.0.0 Fehlercode: 0x80072ee7 Fehlerbeschreibung: Der Servername
oder die Serveradresse konnte nicht verarbeitet werden.
Error - 23.06.2011 16:54:26 | Computer Name = Justins-PC | Source = Microsoft Antimalware | ID = 2001
Description = Fehler in %%860 beim Aktualisieren von Signaturen. Neue Signaturversion:
Vorherige Signaturversion: 0.0.0.0 Aktualisierungsquelle: %%851 Aktualisierungsstufe:
%%852 Quellpfad: hxxp://go.microsoft.com/fwlink/?LinkID=121721&clcid=0x409&arch=x64&eng=0.0.0.0&avdelta=0.0.0.0&asdelta=0.0.0.0&prod=EDB4FA23-53B8-4AFA-8C5D-99752CCA7094
Signaturtyp:
%%801 Aktualisierungstyp: %%803 Benutzer: NT-AUTORITÄT\NETZWERKDIENST Aktuelle Modulversion:
Vorherige Modulversion: 0.0.0.0 Fehlercode: 0x80072ee7 Fehlerbeschreibung: Der Servername
oder die Serveradresse konnte nicht verarbeitet werden.
Error - 23.06.2011 16:54:26 | Computer Name = Justins-PC | Source = Microsoft Antimalware | ID = 2001
Description = Fehler in %%860 beim Aktualisieren von Signaturen. Neue Signaturversion:
Vorherige Signaturversion: 0.0.0.0 Aktualisierungsquelle: %%851 Aktualisierungsstufe:
%%852 Quellpfad: hxxp://go.microsoft.com/fwlink/?LinkID=121721&clcid=0x409&arch=x64&eng=0.0.0.0&avdelta=0.0.0.0&asdelta=0.0.0.0&prod=EDB4FA23-53B8-4AFA-8C5D-99752CCA7094
Signaturtyp:
%%800 Aktualisierungstyp: %%803 Benutzer: NT-AUTORITÄT\NETZWERKDIENST Aktuelle Modulversion:
Vorherige Modulversion: 0.0.0.0 Fehlercode: 0x80072ee7 Fehlerbeschreibung: Der Servername
oder die Serveradresse konnte nicht verarbeitet werden.
Error - 23.06.2011 16:54:31 | Computer Name = Justins-PC | Source = Microsoft Antimalware | ID = 2001
Description = Fehler in %%860 beim Aktualisieren von Signaturen. Neue Signaturversion:
Vorherige Signaturversion: 0.0.0.0 Aktualisierungsquelle: %%851 Aktualisierungsstufe:
%%852 Quellpfad: hxxp://go.microsoft.com/fwlink/?LinkID=187316&clcid=0x409&arch=x64&eng=0.0.0.0&sig=0.0.0.0&prod=EDB4FA23-53B8-4AFA-8C5D-99752CCA7094
Signaturtyp:
%%800 Aktualisierungstyp: %%803 Benutzer: NT-AUTORITÄT\NETZWERKDIENST Aktuelle Modulversion:
Vorherige Modulversion: 0.0.0.0 Fehlercode: 0x80072ee7 Fehlerbeschreibung: Der Servername
oder die Serveradresse konnte nicht verarbeitet werden.
Error - 23.06.2011 16:54:31 | Computer Name = Justins-PC | Source = Microsoft Antimalware | ID = 2001
Description = Fehler in %%860 beim Aktualisieren von Signaturen. Neue Signaturversion:
Vorherige Signaturversion: 0.0.0.0 Aktualisierungsquelle: %%851 Aktualisierungsstufe:
%%852 Quellpfad: hxxp://go.microsoft.com/fwlink/?LinkID=187316&clcid=0x409&arch=x64&eng=0.0.0.0&sig=0.0.0.0&prod=EDB4FA23-53B8-4AFA-8C5D-99752CCA7094
Signaturtyp:
%%801 Aktualisierungstyp: %%803 Benutzer: NT-AUTORITÄT\NETZWERKDIENST Aktuelle Modulversion:
Vorherige Modulversion: 0.0.0.0 Fehlercode: 0x80072ee7 Fehlerbeschreibung: Der Servername
oder die Serveradresse konnte nicht verarbeitet werden.
Error - 23.06.2011 16:54:31 | Computer Name = Justins-PC | Source = Microsoft Antimalware | ID = 2001
Description = Fehler in %%860 beim Aktualisieren von Signaturen. Neue Signaturversion:
Vorherige Signaturversion: 0.0.0.0 Aktualisierungsquelle: %%851 Aktualisierungsstufe:
%%852 Quellpfad: hxxp://go.microsoft.com/fwlink/?LinkID=187316&clcid=0x409&arch=x64&eng=0.0.0.0&sig=0.0.0.0&prod=EDB4FA23-53B8-4AFA-8C5D-99752CCA7094
Signaturtyp:
%%800 Aktualisierungstyp: %%803 Benutzer: NT-AUTORITÄT\NETZWERKDIENST Aktuelle Modulversion:
Vorherige Modulversion: 0.0.0.0 Fehlercode: 0x80072ee7 Fehlerbeschreibung: Der Servername
oder die Serveradresse konnte nicht verarbeitet werden.
Error - 23.06.2011 16:54:31 | Computer Name = Justins-PC | Source = Microsoft Antimalware | ID = 2001
Description = Fehler in %%860 beim Aktualisieren von Signaturen. Neue Signaturversion:
Vorherige Signaturversion: 0.0.0.0 Aktualisierungsquelle: %%851 Aktualisierungsstufe:
%%852 Quellpfad: hxxp://go.microsoft.com/fwlink/?LinkID=187316&clcid=0x409&arch=x64&eng=0.0.0.0&sig=0.0.0.0&prod=EDB4FA23-53B8-4AFA-8C5D-99752CCA7094
Signaturtyp:
%%801 Aktualisierungstyp: %%803 Benutzer: NT-AUTORITÄT\NETZWERKDIENST Aktuelle Modulversion:
Vorherige Modulversion: 0.0.0.0 Fehlercode: 0x80072ee7 Fehlerbeschreibung: Der Servername
oder die Serveradresse konnte nicht verarbeitet werden.
Error - 23.06.2011 16:54:31 | Computer Name = Justins-PC | Source = Microsoft Antimalware | ID = 2001
Description = Fehler in %%860 beim Aktualisieren von Signaturen. Neue Signaturversion:
Vorherige Signaturversion: 0.0.0.0 Aktualisierungsquelle: %%851 Aktualisierungsstufe:
%%852 Quellpfad: hxxp://go.microsoft.com/fwlink/?LinkID=187316&clcid=0x409&arch=x64&eng=0.0.0.0&sig=0.0.0.0&prod=EDB4FA23-53B8-4AFA-8C5D-99752CCA7094
Signaturtyp:
%%800 Aktualisierungstyp: %%803 Benutzer: NT-AUTORITÄT\NETZWERKDIENST Aktuelle Modulversion:
Vorherige Modulversion: 0.0.0.0 Fehlercode: 0x80072ee7 Fehlerbeschreibung: Der Servername
oder die Serveradresse konnte nicht verarbeitet werden.
< End of report >
--- --- --- OTL Logfile: Code:
ATTFilter OTL logfile created on: 23.06.2011 22:57:54 - Run 1 OTL by OldTimer - Version 3.2.24.1 Folder = C:\Users\Justin\Desktop 64bit- An unknown product (Version = 6.1.7600) - Type = NTWorkstation Internet Explorer (Version = 9.0.8112.16421) Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy 6,00 Gb Total Physical Memory | 4,46 Gb Available Physical Memory | 74,44% Memory free 11,99 Gb Paging File | 10,26 Gb Available in Paging File | 85,53% Paging File free Paging file location(s): ?:\pagefile.sys [binary data] %SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86) Drive C: | 298,09 Gb Total Space | 90,74 Gb Free Space | 30,44% Space Free | Partition Type: NTFS Drive D: | 1397,26 Gb Total Space | 617,24 Gb Free Space | 44,18% Space Free | Partition Type: NTFS Drive F: | 465,66 Gb Total Space | 447,30 Gb Free Space | 96,06% Space Free | Partition Type: NTFS Computer Name: JUSTINS-PC | User Name: Justin | Logged in as Administrator. Boot Mode: Normal | Scan Mode: Current user | Quick Scan | Include 64bit Scans Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days ========== Processes (SafeList) ========== PRC - [2011.06.23 22:50:16 | 000,579,072 | ---- | M] (OldTimer Tools) -- C:\Users\Justin\Desktop\OTL.exe PRC - [2011.06.23 13:18:48 | 000,075,136 | ---- | M] () -- C:\Windows\SysWOW64\PnkBstrA.exe PRC - [2011.06.23 12:19:30 | 000,924,632 | ---- | M] (Mozilla Corporation) -- C:\Program Files (x86)\Mozilla Firefox\firefox.exe PRC - [2011.06.06 12:55:28 | 000,064,952 | ---- | M] (Adobe Systems Incorporated) -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe PRC - [2011.06.02 12:57:06 | 000,403,240 | ---- | M] (Valve Corporation) -- C:\Program Files (x86)\Common Files\Steam\SteamService.exe PRC - [2011.03.25 23:51:46 | 000,334,448 | ---- | M] (VMware, Inc.) -- C:\Windows\SysWOW64\vmnetdhcp.exe PRC - [2011.03.25 23:51:32 | 000,404,080 | ---- | M] (VMware, Inc.) -- C:\Windows\SysWOW64\vmnat.exe PRC - [2011.03.25 23:51:20 | 000,113,264 | ---- | M] (VMware, Inc.) -- C:\Program Files (x86)\VMware\VMware Workstation\vmware-authd.exe PRC - [2010.11.16 23:31:48 | 001,242,448 | ---- | M] (Valve Corporation) -- C:\Program Files (x86)\Steam\Steam.exe PRC - [2010.01.22 13:29:40 | 000,106,496 | ---- | M] (NEC Electronics Corporation) -- C:\Program Files (x86)\NEC Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe PRC - [2009.12.21 09:00:50 | 000,081,920 | ---- | M] (Realtime Soft Ltd) -- C:\Program Files (x86)\Common Files\Realtime Soft\RTSHookInterop\x32\RTSHookInterop.exe PRC - [2007.09.02 14:58:52 | 000,495,616 | ---- | M] () -- C:\Program Files (x86)\RocketDock\RocketDock.exe ========== Modules (SafeList) ========== MOD - [2011.06.23 22:50:16 | 000,579,072 | ---- | M] (OldTimer Tools) -- C:\Users\Justin\Desktop\OTL.exe MOD - [2010.08.21 07:21:32 | 001,680,896 | ---- | M] (Microsoft Corporation) -- C:\Windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7600.16661_none_420fe3fa2b8113bd\comctl32.dll MOD - [2010.02.14 03:53:56 | 000,210,432 | ---- | M] (Realtime Soft Ltd) -- C:\Programme\UltraMon\RTSUltraMonHookX32.dll MOD - [2010.02.14 03:52:06 | 000,325,120 | ---- | M] (Realtime Soft Ltd) -- C:\Programme\UltraMon\UltraMonResButtons.dll MOD - [2009.07.14 03:15:44 | 002,340,864 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWOW64\msi.dll MOD - [2009.07.14 03:09:00 | 000,002,048 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWOW64\normaliz.dll MOD - [2009.07.14 03:03:50 | 001,624,576 | ---- | M] (Microsoft Corporation) -- C:\Windows\winsxs\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7600.16385_none_72fc7cbf861225ca\GdiPlus.dll ========== Win32 Services (SafeList) ========== SRV:64bit: - [2010.11.11 14:36:38 | 000,282,616 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Program Files\Microsoft Security Client\Antimalware\NisSrv.exe -- (NisSrv) SRV:64bit: - [2010.11.11 14:36:38 | 000,012,784 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files\Microsoft Security Client\Antimalware\MsMpEng.exe -- (MsMpSvc) SRV:64bit: - [2010.10.08 07:18:46 | 000,697,616 | ---- | M] () [Disabled | Stopped] -- C:\Program Files\ShrewSoft\VPN Client\ipsecd.exe -- (ipsecd) SRV:64bit: - [2010.10.08 07:18:46 | 000,056,592 | ---- | M] () [Disabled | Stopped] -- C:\Program Files\ShrewSoft\VPN Client\dtpd.exe -- (dtpd) SRV:64bit: - [2010.10.08 07:18:44 | 000,957,712 | ---- | M] () [Disabled | Stopped] -- C:\Program Files\ShrewSoft\VPN Client\iked.exe -- (iked) SRV:64bit: - [2010.09.29 03:51:08 | 000,203,264 | ---- | M] (AMD) [Auto | Running] -- C:\Windows\SysNative\atiesrxx.exe -- (AMD External Events Utility) SRV:64bit: - [2009.07.14 03:40:01 | 000,193,536 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\appmgmts.dll -- (AppMgmt) SRV - [2011.06.23 13:18:48 | 000,075,136 | ---- | M] () [Auto | Running] -- C:\Windows\SysWOW64\PnkBstrA.exe -- (PnkBstrA) SRV - [2011.06.06 12:55:28 | 000,064,952 | ---- | M] (Adobe Systems Incorporated) [Auto | Running] -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe -- (AdobeARMservice) SRV - [2011.06.02 12:57:06 | 000,403,240 | ---- | M] (Valve Corporation) [On_Demand | Running] -- C:\Program Files (x86)\Common Files\Steam\SteamService.exe -- (Steam Client Service) SRV - [2011.04.01 10:31:39 | 002,271,608 | ---- | M] (TeamViewer GmbH) [Disabled | Stopped] -- C:\Program Files (x86)\TeamViewer\Version6\TeamViewer_Service.exe -- (TeamViewer6) SRV - [2011.03.25 23:51:46 | 000,334,448 | ---- | M] (VMware, Inc.) [Auto | Running] -- C:\Windows\SysWOW64\vmnetdhcp.exe -- (VMnetDHCP) SRV - [2011.03.25 23:51:32 | 000,404,080 | ---- | M] (VMware, Inc.) [Auto | Running] -- C:\Windows\SysWOW64\vmnat.exe -- (VMware NAT Service) SRV - [2011.03.25 23:51:20 | 000,113,264 | ---- | M] (VMware, Inc.) [Auto | Running] -- C:\Program Files (x86)\VMware\VMware Workstation\vmware-authd.exe -- (VMAuthdService) SRV - [2011.03.25 22:27:40 | 000,539,248 | ---- | M] (VMware, Inc.) [Disabled | Stopped] -- C:\Program Files (x86)\Common Files\VMware\USB\vmware-usbarbitrator.exe -- (VMUSBArbService) SRV - [2011.01.07 20:48:56 | 000,378,984 | ---- | M] (NVIDIA Corporation) [Disabled | Stopped] -- C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe -- (Stereo Service) SRV - [2010.08.19 13:57:14 | 000,191,024 | ---- | M] (VMware, Inc.) [Disabled | Stopped] -- C:\Program Files (x86)\VMware\VMware Workstation\vmware-ufad.exe -- (ufad-ws60) SRV - [2010.07.15 19:11:08 | 000,067,616 | ---- | M] (StorageCraft Technology Corporation) [Disabled | Stopped] -- C:\Windows\SysWOW64\vsnapvss.exe -- (VSNAPVSS) SRV - [2010.07.15 19:09:22 | 001,657,376 | ---- | M] (StorageCraft Technology Corporation) [Disabled | Stopped] -- C:\Program Files (x86)\StorageCraft\ShadowProtect\ShadowProtectSvc.exe -- (ShadowProtectSvc) SRV - [2010.03.18 14:16:28 | 000,130,384 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -- (clr_optimization_v4.0.30319_32) SRV - [2009.06.10 23:23:09 | 000,066,384 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32) SRV - [2007.05.28 18:57:54 | 000,275,968 | ---- | M] (Rocket Division Software) [Disabled | Stopped] -- C:\Program Files (x86)\Alcohol Soft\Alcohol 120\StarWind\StarWindServiceAE.exe -- (StarWindServiceAE) ========== Driver Services (SafeList) ========== DRV:64bit: - [2011.03.25 23:52:38 | 000,068,720 | ---- | M] (VMware, Inc.) [Kernel | Auto | Running] -- C:\Windows\SysNative\drivers\vmx86.sys -- (vmx86) DRV:64bit: - [2011.03.25 23:52:34 | 000,081,008 | ---- | M] (VMware, Inc.) [Kernel | Auto | Running] -- C:\Windows\SysNative\drivers\vmci.sys -- (vmci) DRV:64bit: - [2011.03.25 23:50:52 | 000,031,856 | ---- | M] (VMware, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\VMkbd.sys -- (vmkbd) DRV:64bit: - [2011.03.25 23:50:44 | 000,030,320 | ---- | M] (VMware, Inc.) [Kernel | Auto | Running] -- C:\Windows\SysNative\drivers\vmnetuserif.sys -- (VMnetuserif) DRV:64bit: - [2011.03.25 22:27:36 | 000,038,512 | ---- | M] (VMware, Inc.) [Kernel | Auto | Running] -- C:\Windows\SysNative\drivers\hcmon.sys -- (hcmon) DRV:64bit: - [2011.03.25 20:04:58 | 000,045,104 | ---- | M] (VMware, Inc.) [Kernel | Auto | Running] -- C:\Windows\SysNative\drivers\vmnetbridge.sys -- (VMnetBridge) DRV:64bit: - [2011.03.25 20:04:58 | 000,020,016 | ---- | M] (VMware, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\vmnetadapter.sys -- (VMnetAdapter) DRV:64bit: - [2011.03.11 08:22:41 | 000,107,904 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsata.sys -- (amdsata) DRV:64bit: - [2011.03.11 08:22:40 | 000,027,008 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\amdxata.sys -- (amdxata) DRV:64bit: - [2011.02.18 17:36:58 | 000,051,712 | ---- | M] (Apple, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\usbaapl64.sys -- (USBAAPL64) DRV:64bit: - [2011.01.03 10:38:36 | 000,177,128 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\ssadmdm.sys -- (ssadmdm) DRV:64bit: - [2011.01.03 10:38:36 | 000,157,160 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\ssadbus.sys -- (ssadbus) SAMSUNG Android USB Composite Device driver (WDM) DRV:64bit: - [2011.01.03 10:38:36 | 000,016,872 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\ssadmdfl.sys -- (ssadmdfl) SAMSUNG Android USB Modem (Filter) DRV:64bit: - [2010.12.21 07:55:02 | 000,172,104 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\sscdmdm.sys -- (sscdmdm) DRV:64bit: - [2010.12.21 07:55:02 | 000,136,264 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\sscdbus.sys -- (sscdbus) SAMSUNG USB Composite Device driver (WDM) DRV:64bit: - [2010.12.21 07:55:02 | 000,019,016 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\sscdmdfl.sys -- (sscdmdfl) DRV:64bit: - [2010.11.09 08:52:33 | 000,868,848 | ---- | M] (Duplex Secure Ltd.) [Kernel | Disabled | Stopped] -- C:\Windows\SysNative\drivers\sptd.sys -- (sptd) DRV:64bit: - [2010.10.25 11:10:22 | 000,020,552 | ---- | M] (Devguru Co., Ltd) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\dgderdrv.sys -- (dgderdrv) DRV:64bit: - [2010.10.25 11:03:52 | 000,016,392 | ---- | M] (Teruten Inc) [File_System | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\TFsExDisk.sys -- (TFsExDisk) DRV:64bit: - [2010.10.24 21:25:38 | 000,072,064 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\NisDrvWFP.sys -- (NisDrv) DRV:64bit: - [2010.10.15 16:23:41 | 000,035,112 | ---- | M] (TeamViewer GmbH) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\teamviewervpn.sys -- (teamviewervpn) DRV:64bit: - [2010.09.29 04:26:12 | 007,883,264 | ---- | M] (ATI Technologies Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\atikmdag.sys -- (amdkmdag) DRV:64bit: - [2010.09.29 03:14:48 | 000,285,696 | ---- | M] (Advanced Micro Devices, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\atikmpag.sys -- (amdkmdap) DRV:64bit: - [2010.09.02 09:18:46 | 000,021,504 | ---- | M] (Shrew Soft Inc) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\vfilter.sys -- (vflt) DRV:64bit: - [2010.09.02 09:18:46 | 000,017,408 | ---- | M] (Shrew Soft Inc) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\virtualnet.sys -- (vnet) DRV:64bit: - [2010.08.16 12:42:00 | 000,116,240 | ---- | M] (ATI Technologies, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\AtihdW76.sys -- (AtiHDAudioService) DRV:64bit: - [2010.07.15 18:48:20 | 000,217,632 | ---- | M] (StorageCraft Technology Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\stcvsm.sys -- (stcvsm) DRV:64bit: - [2010.07.09 14:19:04 | 000,021,480 | ---- | M] (Windows (R) Win 7 DDK provider) [Kernel | Auto | Running] -- C:\Windows\SysNative\drivers\cpuz134_x64.sys -- (cpuz134) DRV:64bit: - [2010.03.17 12:24:00 | 000,401,696 | ---- | M] (Marvell) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\yk62x64.sys -- (yukonw7) DRV:64bit: - [2010.03.02 20:30:20 | 001,301,504 | ---- | M] (VIA Technologies, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\viahduaa.sys -- (VIAHdAudAddService) DRV:64bit: - [2010.01.22 13:22:22 | 000,180,224 | ---- | M] (NEC Electronics Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\nusb3xhc.sys -- (nusb3xhc) DRV:64bit: - [2010.01.22 13:22:18 | 000,077,824 | ---- | M] (NEC Electronics Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\nusb3hub.sys -- (nusb3hub) DRV:64bit: - [2009.07.31 12:40:34 | 000,025,600 | ---- | M] (Creative Technology Ltd.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\VMfilt64.sys -- (VMfilt) DRV:64bit: - [2009.07.14 03:52:20 | 000,194,128 | ---- | M] (AMD Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsbs.sys -- (amdsbs) DRV:64bit: - [2009.07.14 03:48:04 | 000,065,600 | ---- | M] (LSI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\lsi_sas2.sys -- (LSI_SAS2) DRV:64bit: - [2009.07.14 03:47:48 | 000,077,888 | ---- | M] (Hewlett-Packard Company) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\HpSAMD.sys -- (HpSAMD) DRV:64bit: - [2009.07.14 03:45:55 | 000,024,656 | ---- | M] (Promise Technology) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\stexstor.sys -- (stexstor) DRV:64bit: - [2009.07.14 02:39:20 | 000,023,040 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\WSDPrint.sys -- (WSDPrintDevice) DRV:64bit: - [2009.07.09 17:56:06 | 000,022,408 | ---- | M] (Logitech Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\LGBusEnum.sys -- (LGBusEnum) DRV:64bit: - [2009.06.10 22:38:56 | 000,000,308 | ---- | M] () [File_System | On_Demand | Running] -- C:\Windows\SysNative\wbem\ntfs.mof -- (Ntfs) DRV:64bit: - [2009.06.10 22:34:33 | 003,286,016 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\evbda.sys -- (ebdrv) DRV:64bit: - [2009.06.10 22:34:28 | 000,468,480 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\bxvbda.sys -- (b06bdrv) DRV:64bit: - [2009.06.10 22:34:23 | 000,270,848 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\b57nd60a.sys -- (b57nd60a) DRV:64bit: - [2009.06.10 22:31:59 | 000,031,232 | ---- | M] (Hauppauge Computer Works, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\hcw85cir.sys -- (hcw85cir) DRV:64bit: - [2009.05.18 14:17:08 | 000,034,152 | ---- | M] (GEAR Software Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\GEARAspiWDM.sys -- (GEARAspiWDM) DRV:64bit: - [2009.03.15 22:13:08 | 000,040,464 | ---- | M] (CACE Technologies) [Kernel | Auto | Running] -- C:\Windows\SysNative\drivers\npf.sys -- (npf) DRV:64bit: - [2005.09.23 23:18:34 | 000,261,120 | ---- | M] (Pinnacle Systems GmbH) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\MarvinBus64.sys -- (MarvinBus) DRV:64bit: - [2005.03.29 02:30:38 | 000,008,192 | ---- | M] () [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\ASACPI.sys -- (MTsensor) DRV - [2010.10.25 11:03:52 | 000,016,392 | ---- | M] (Teruten Inc) [File_System | On_Demand | Stopped] -- C:\Windows\SysWOW64\drivers\TFsExDisk.Sys -- (TFsExDisk) DRV - [2010.08.19 13:56:38 | 000,032,816 | ---- | M] (VMware, Inc.) [Kernel | Auto | Running] -- C:\Program Files (x86)\VMware\VMware Workstation\vstor2-ws60.sys -- (vstor2-ws60) DRV - [2008.11.14 03:11:42 | 000,020,512 | ---- | M] (Realtime Soft Ltd) [Kernel | Auto | Running] -- C:\Program Files (x86)\Common Files\Realtime Soft\UltraMonMirrorDrv\x64\UltraMonUtility.sys -- (UltraMonUtility) ========== Standard Registry (SafeList) ========== ========== Internet Explorer ========== IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.google.de/ IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = de IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = BE B8 37 63 9D E5 CB 01 [binary data] IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 ========== FireFox ========== FF - prefs.js..browser.search.defaultenginename: "Plasmoo" FF - prefs.js..browser.search.defaultthis.engineName: "Plasmoo" FF - prefs.js..browser.search.defaulturl: "hxxp://plasmoo.com/index.htm?SearchMashine=true&q={searchTerms}" FF - prefs.js..browser.search.selectedEngine: "Google" FF - prefs.js..browser.startup.homepage: "www.google.de" FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}:6.0.22 FF - prefs.js..extensions.enabledItems: {AB2CE124-6272-4b12-94A9-7303C7397BD1}:5.0.0.6483 FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA}:6.0.23 FF - prefs.js..keyword.URL: "hxxp://plasmoo.com/index.htm?SearchMashine=true&q=" FF - HKLM\software\mozilla\Mozilla Firefox 5.0\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2011.06.23 12:19:30 | 000,000,000 | ---D | M] FF - HKLM\software\mozilla\Mozilla Firefox 5.0\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins [2011.06.23 12:35:00 | 000,000,000 | ---D | M] [2010.11.09 08:58:46 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Justin\AppData\Roaming\mozilla\Extensions [2011.05.01 00:02:18 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Justin\AppData\Roaming\mozilla\Firefox\Profiles\58gc5y1s.default\extensions [2011.05.01 00:02:15 | 000,000,000 | ---D | M] ("DVDVideoSoft Menu") -- C:\Users\Justin\AppData\Roaming\mozilla\Firefox\Profiles\58gc5y1s.default\extensions\{ACAA314B-EEBA-48e4-AD47-84E31C44796C} [2011.05.01 00:02:18 | 000,000,000 | ---D | M] (Plasmoo Search Engine) -- C:\Users\Justin\AppData\Roaming\mozilla\Firefox\Profiles\58gc5y1s.default\extensions\engine@plasmoo.com [2011.04.28 19:42:58 | 000,001,975 | ---- | M] () -- C:\Users\Justin\AppData\Roaming\Mozilla\Firefox\Profiles\58gc5y1s.default\searchplugins\plasmoo.xml [2011.03.19 16:52:43 | 000,001,583 | ---- | M] () -- C:\Users\Justin\AppData\Roaming\Mozilla\Firefox\Profiles\58gc5y1s.default\searchplugins\web-search.xml [2011.06.21 22:09:03 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\mozilla firefox\extensions [2010.11.09 23:09:16 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files (x86)\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA} [2011.01.09 14:03:51 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files (x86)\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA} File not found (No name found) -- [2011.06.23 12:19:30 | 000,142,296 | ---- | M] (Mozilla Foundation) -- C:\Program Files (x86)\mozilla firefox\components\browsercomps.dll [2010.11.12 19:53:06 | 000,472,808 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files (x86)\mozilla firefox\plugins\npdeployJava1.dll [2010.01.01 10:00:00 | 000,001,392 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\amazondotcom-de.xml [2010.01.01 10:00:00 | 000,002,252 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\bing.xml [2010.01.01 10:00:00 | 000,001,153 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\eBay-de.xml [2010.01.01 10:00:00 | 000,006,805 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\leo_ende_de.xml [2010.01.01 10:00:00 | 000,001,178 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\wikipedia-de.xml [2010.01.01 10:00:00 | 000,001,105 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\yahoo-de.xml O1 HOSTS File: ([2011.06.23 22:45:00 | 000,000,027 | ---- | M]) - C:\Windows\SysNative\drivers\etc\hosts O1 - Hosts: 127.0.0.1 localhost O2:64bit: - BHO: (Groove GFS Browser Helper) - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Programme\Microsoft Office\Office14\GROOVEEX.DLL (Microsoft Corporation) O2:64bit: - BHO: (Office Document Cache Handler) - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Programme\Microsoft Office\Office14\URLREDIR.DLL (Microsoft Corporation) O2 - BHO: (Groove GFS Browser Helper) - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\PROGRA~2\MICROS~1\Office14\GROOVEEX.DLL (Microsoft Corporation) O2 - BHO: (Office Document Cache Handler) - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\PROGRA~2\MICROS~1\Office14\URLREDIR.DLL (Microsoft Corporation) O4:64bit: - HKLM..\Run: [Launch LgDeviceAgent] C:\Program Files\Logitech\GamePanel Software\LgDevAgt.exe (Logitech Inc.) O4:64bit: - HKLM..\Run: [MSC] C:\Program Files\Microsoft Security Client\msseces.exe (Microsoft Corporation) O4 - HKLM..\Run: [NUSB3MON] C:\Program Files (x86)\NEC Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe (NEC Electronics Corporation) O4 - HKLM..\Run: [StartCCC] C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe (Advanced Micro Devices, Inc.) O4 - HKCU..\Run: [RocketDock] C:\Program Files (x86)\RocketDock\RocketDock.exe () O4 - HKCU..\Run: [Steam] C:\Program Files (x86)\Steam\Steam.exe (Valve Corporation) O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 255 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: SoftwareSASGeneration = 1 O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0 O8:64bit: - Extra context menu item: An OneNote s&enden - C:\Programme\Microsoft Office\Office14\ONBttnIE.dll (Microsoft Corporation) O8:64bit: - Extra context menu item: Free YouTube to MP3 Converter - C:\Users\Justin\AppData\Roaming\DVDVideoSoftIEHelpers\freeyoutubetomp3converter.htm () O8:64bit: - Extra context menu item: Nach Microsoft E&xcel exportieren - C:\Programme\Microsoft Office\Office14\EXCEL.EXE (Microsoft Corporation) O8 - Extra context menu item: An OneNote s&enden - C:\Programme\Microsoft Office\Office14\ONBttnIE.dll (Microsoft Corporation) O8 - Extra context menu item: Free YouTube to MP3 Converter - C:\Users\Justin\AppData\Roaming\DVDVideoSoftIEHelpers\freeyoutubetomp3converter.htm () O8 - Extra context menu item: Nach Microsoft E&xcel exportieren - C:\Programme\Microsoft Office\Office14\EXCEL.EXE (Microsoft Corporation) O9:64bit: - Extra Button: An OneNote senden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Programme\Microsoft Office\Office14\ONBttnIE.dll (Microsoft Corporation) O9:64bit: - Extra 'Tools' menuitem : An OneNote s&enden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Programme\Microsoft Office\Office14\ONBttnIE.dll (Microsoft Corporation) O9:64bit: - Extra Button: Verknüpfte &OneNote-Notizen - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Programme\Microsoft Office\Office14\ONBttnIELinkedNotes.dll (Microsoft Corporation) O9:64bit: - Extra 'Tools' menuitem : Verknüpfte &OneNote-Notizen - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Programme\Microsoft Office\Office14\ONBttnIELinkedNotes.dll (Microsoft Corporation) O9 - Extra Button: ICQ7.4 - {73C6DCFB-B606-47F3-BDFA-9A4FBF931E37} - C:\Program Files (x86)\ICQ7.4\ICQ.exe (ICQ, LLC.) O9 - Extra 'Tools' menuitem : ICQ7.4 - {73C6DCFB-B606-47F3-BDFA-9A4FBF931E37} - C:\Program Files (x86)\ICQ7.4\ICQ.exe (ICQ, LLC.) O10:64bit: - NameSpace_Catalog5\Catalog_Entries\000000000007 [] - C:\Program Files (x86)\Bonjour\mdnsNSP.dll (Apple Inc.) O10:64bit: - Protocol_Catalog9\Catalog_Entries\000000000011 - C:\Program Files (x86)\VMware\VMware Workstation\vsocklib.dll (VMware, Inc.) O10:64bit: - Protocol_Catalog9\Catalog_Entries\000000000012 - C:\Program Files (x86)\VMware\VMware Workstation\vsocklib.dll (VMware, Inc.) O10 - NameSpace_Catalog5\Catalog_Entries\000000000007 [] - C:\Program Files (x86)\Bonjour\mdnsNSP.dll (Apple Inc.) O10 - Protocol_Catalog9\Catalog_Entries\000000000011 - C:\Program Files (x86)\VMware\VMware Workstation\vsocklib.dll (VMware, Inc.) O10 - Protocol_Catalog9\Catalog_Entries\000000000012 - C:\Program Files (x86)\VMware\VMware Workstation\vsocklib.dll (VMware, Inc.) O15 - HKCU\..Trusted Domains: microsoft.com ([]* in Trusted sites) O15 - HKCU\..Trusted Domains: microsoft.com ([*.update] * in Trusted sites) O15 - HKCU\..Trusted Domains: microsoft.com ([*.windowsupdate] * in Trusted sites) O15 - HKCU\..Trusted Domains: windowsupdate.com ([]* in Trusted sites) O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_23-windows-i586.cab (Java Plug-in 1.6.0_23) O16 - DPF: {CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_23-windows-i586.cab (Java Plug-in 1.6.0_23) O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_23-windows-i586.cab (Java Plug-in 1.6.0_23) O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} hxxp://fpdownload2.macromedia.com/pub/shockwave/cabs/flash/swflash.cab (Shockwave Flash Object) O18:64bit: - Protocol\Handler\ms-help {314111c7-a502-11d2-bbca-00c04f8ec294} - C:\Programme\Common Files\Microsoft Shared\Help\hxds.dll (Microsoft Corporation) O18:64bit: - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - Reg Error: Key error. File not found O18 - Protocol\Handler\ms-help {314111c7-a502-11d2-bbca-00c04f8ec294} - Reg Error: Key error. File not found O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~2\COMMON~1\Skype\SKYPE4~1.DLL (Skype Technologies) O18:64bit: - Protocol\Filter\text/xml {807573E5-5146-11D5-A672-00B0D022E945} - C:\Programme\Common Files\Microsoft Shared\OFFICE14\MSOXMLMF.DLL (Microsoft Corporation) O20:64bit: - HKLM Winlogon: Shell - (Explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation) O20:64bit: - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\Windows\SysNative\SystemPropertiesPerformance.exe (Microsoft Corporation) O20:64bit: - HKLM Winlogon: VMApplet - (/pagefile) - File not found O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation) O20 - HKLM Winlogon: VMApplet - (/pagefile) - File not found O28:64bit: - HKLM ShellExecuteHooks: {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - C:\Programme\Microsoft Office\Office14\GROOVEEX.DLL (Microsoft Corporation) O28 - HKLM ShellExecuteHooks: {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - C:\PROGRA~2\MICROS~1\Office14\GROOVEEX.DLL (Microsoft Corporation) O32 - HKLM CDRom: AutoRun - 1 O32 - AutoRun File - [2011.06.23 22:24:36 | 000,000,000 | ---- | M] () - C:\autoexec.bat -- [ NTFS ] O34 - HKLM BootExecute: (autocheck autochk *) - File not found O35:64bit: - HKLM\..comfile [open] -- "%1" %* O35:64bit: - HKLM\..exefile [open] -- "%1" %* O35 - HKLM\..comfile [open] -- "%1" %* O35 - HKLM\..exefile [open] -- "%1" %* O35 - HKCU\..exefile [open] -- "%1" %* O37:64bit: - HKLM\...com [@ = ComFile] -- "%1" %* O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %* O37 - HKLM\...com [@ = ComFile] -- "%1" %* O37 - HKLM\...exe [@ = exefile] -- "%1" %* O37 - HKCU\...exe [@ = exefile] -- "%1" %* ========== Files/Folders - Created Within 30 Days ========== [2011.06.23 22:52:48 | 000,000,000 | -HSD | C] -- C:\$RECYCLE.BIN [2011.06.23 22:50:15 | 000,579,072 | ---- | C] (OldTimer Tools) -- C:\Users\Justin\Desktop\OTL.exe [2011.06.23 22:46:26 | 000,000,000 | ---D | C] -- C:\Windows\temp [2011.06.23 22:43:26 | 000,000,000 | ---D | C] -- C:\Config.Msi [2011.06.23 22:39:36 | 000,518,144 | ---- | C] (SteelWerX) -- C:\Windows\SWREG.exe [2011.06.23 22:39:36 | 000,406,528 | ---- | C] (SteelWerX) -- C:\Windows\SWSC.exe [2011.06.23 22:39:36 | 000,060,416 | ---- | C] (NirSoft) -- C:\Windows\NIRCMD.exe [2011.06.23 22:39:34 | 000,000,000 | ---D | C] -- C:\Windows\ERDNT [2011.06.23 22:39:12 | 000,000,000 | ---D | C] -- C:\Qoobox [2011.06.23 22:38:15 | 004,135,090 | R--- | C] (Swearware) -- C:\Users\Justin\Desktop\ComboFix.exe [2011.06.23 22:25:23 | 000,000,000 | ---D | C] -- C:\ProgramData\{AB2D8F2E-F7AD-4446-A11A-50D846B2CF2A} [2011.06.23 22:24:23 | 000,000,000 | ---D | C] -- C:\Programme\Enigma Software Group [2011.06.23 22:23:39 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Wise Installation Wizard [2011.06.23 22:18:48 | 000,000,000 | ---D | C] -- C:\Users\Justin\AppData\Local\PackageAware [2011.06.23 12:34:57 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Adobe [2011.06.23 12:34:57 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Adobe [2011.06.23 12:27:30 | 000,000,000 | ---D | C] -- C:\ProgramData\Spybot - Search & Destroy [2011.06.23 12:27:30 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Spybot - Search & Destroy [2011.06.21 22:15:13 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Microsoft Security Client [2011.06.21 22:15:08 | 000,000,000 | ---D | C] -- C:\Programme\Microsoft Security Client [2011.06.21 18:52:52 | 000,000,000 | ---D | C] -- C:\Users\Justin\Documents\ICQ [2011.06.21 11:07:36 | 000,000,000 | ---D | C] -- C:\Users\Justin\AppData\Local\{AEC54154-E298-420C-A62F-65063180C5A8} [2011.06.20 18:18:45 | 000,000,000 | ---D | C] -- C:\Users\Justin\AppData\Local\{CF0E8247-F42B-4A51-892E-2486920F1522} [2011.06.20 17:28:10 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\TeamSpeak 3 Client [2011.06.20 12:44:28 | 000,000,000 | ---D | C] -- C:\Users\Justin\AppData\Local\{08FF1306-6C83-4A00-812F-64BEAF6035B0} [2011.06.20 03:17:41 | 000,000,000 | ---D | C] -- C:\avktmp [2011.06.20 00:52:52 | 000,000,000 | ---D | C] -- C:\ProgramData\nE28247HgJmF28247 [2011.06.19 23:45:12 | 000,000,000 | ---D | C] -- C:\Users\Justin\AppData\Local\{3B49D928-1761-44FE-B5B1-819147491BC0} [2011.06.19 11:44:45 | 000,000,000 | ---D | C] -- C:\Users\Justin\AppData\Local\{765EC9CA-2B70-4E60-8472-93EB2F03D312} [2011.06.19 01:50:38 | 000,000,000 | ---D | C] -- C:\Windows\SysNative\EventProviders [2011.06.18 15:16:50 | 000,000,000 | ---D | C] -- C:\Users\Justin\AppData\Local\{9458BF69-934D-485C-9E06-69768D52B77E} [2011.06.17 10:30:33 | 000,000,000 | ---D | C] -- C:\Users\Justin\AppData\Local\{0BEF3957-B07A-402A-94DB-EAEADE8B76D9} [2011.06.16 11:46:42 | 000,000,000 | ---D | C] -- C:\Users\Justin\AppData\Local\{A2A7DF3F-3095-471B-997C-297E5993AA49} [2011.06.15 23:46:17 | 000,000,000 | ---D | C] -- C:\Users\Justin\AppData\Local\{1C077B33-3059-4718-959D-A9F0FB4F3647} [2011.06.15 11:45:53 | 000,000,000 | ---D | C] -- C:\Users\Justin\AppData\Local\{DD28D64C-99FD-495C-9701-FC4FA281B470} [2011.06.14 23:45:28 | 000,000,000 | ---D | C] -- C:\Users\Justin\AppData\Local\{9F50A274-932B-428A-89FC-941540AECDFF} [2011.06.14 11:45:16 | 000,000,000 | ---D | C] -- C:\Users\Justin\AppData\Local\{52EDC7F5-E92D-4C26-8D0F-D38856C8492A} [2011.06.13 23:44:51 | 000,000,000 | ---D | C] -- C:\Users\Justin\AppData\Local\{F810E773-FC2D-4658-8AB0-E5CAD996447B} [2011.06.13 17:01:51 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\CrystalDiskMark [2011.06.13 17:01:50 | 000,000,000 | ---D | C] -- C:\Programme\CrystalDiskMark [2011.06.13 16:56:56 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\HD Tune Pro [2011.06.13 16:56:56 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\HD Tune Pro [2011.06.13 16:56:43 | 000,000,000 | ---D | C] -- C:\Users\Justin\Desktop\hd tune pro [2011.06.13 15:42:13 | 000,000,000 | ---D | C] -- C:\Users\Justin\Desktop\Vogel [2011.06.13 11:44:26 | 000,000,000 | ---D | C] -- C:\Users\Justin\AppData\Local\{9B15E19D-4575-4204-B61A-6656935099F2} [2011.06.12 11:37:38 | 000,000,000 | ---D | C] -- C:\Users\Justin\AppData\Local\{18D9A83C-2AC4-4250-ABA5-6592202529E0} [2011.06.11 21:01:32 | 000,000,000 | ---D | C] -- C:\ProgramData\Hewlett-Packard [2011.06.11 18:56:39 | 000,000,000 | ---D | C] -- C:\Users\Justin\AppData\Local\{B7CEDDBB-ECA3-49CA-890F-49C258851B20} [2011.06.09 16:40:11 | 000,000,000 | ---D | C] -- C:\Users\Justin\AppData\Local\{49737F2E-56A7-43A9-B94F-31167011EAEE} [2011.06.08 18:21:58 | 000,000,000 | ---D | C] -- C:\Users\Justin\AppData\Local\{77838E10-8757-4A04-85BE-77E46522557B} [2011.06.07 16:34:13 | 000,000,000 | ---D | C] -- C:\Users\Justin\AppData\Local\{E7CFA76D-2785-4D05-B71E-AF152773AE4F} [2011.06.06 16:17:12 | 000,000,000 | ---D | C] -- C:\Users\Justin\AppData\Local\{8B517B1C-4C64-486C-9A20-5281FDD0CE88} [2011.06.05 22:39:38 | 000,000,000 | ---D | C] -- C:\Users\Justin\AppData\Local\{62BD8C7B-95CF-4B49-BAE7-CE2EE89CD45E} [2011.06.05 10:39:17 | 000,000,000 | ---D | C] -- C:\Users\Justin\AppData\Local\{E28171D1-15C0-4AEF-91EE-F01908D8B40B} [2011.06.04 10:24:57 | 000,000,000 | ---D | C] -- C:\Users\Justin\AppData\Local\{F92890FF-1BAE-45D4-871A-15A4DAE9C0DB} [2011.06.03 23:45:35 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\DNA [2011.06.03 17:27:58 | 000,000,000 | ---D | C] -- C:\Users\Justin\AppData\Local\{D8333509-A29D-4ED3-8E12-99E312B5E1BA} [2011.06.02 23:31:57 | 000,000,000 | ---D | C] -- C:\Users\Justin\AppData\Local\{75922FCE-02E2-4ED0-80F0-9BFDDC191F29} [2011.06.02 23:29:06 | 000,000,000 | ---D | C] -- C:\Users\Justin\AppData\Local\PunkBuster [2011.06.02 21:24:17 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Pando Networks [2011.06.02 21:24:13 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\GamersFirst [2011.06.02 21:24:10 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\GamersFirst [2011.06.02 11:31:45 | 000,000,000 | ---D | C] -- C:\Users\Justin\AppData\Local\{13102B78-EA9B-4276-B9CE-74866B568C53} [2011.06.01 20:57:52 | 000,000,000 | ---D | C] -- C:\Users\Justin\AppData\Roaming\Artisteer [2011.06.01 20:54:21 | 000,000,000 | ---D | C] -- C:\Users\Justin\Desktop\Artisteer [2011.06.01 18:58:45 | 000,000,000 | ---D | C] -- C:\Users\Justin\AppData\Local\{6B492914-CDD5-452C-9E51-C4D644E1AB49} [2011.05.31 21:52:25 | 000,000,000 | ---D | C] -- C:\Users\Justin\AppData\Local\{E349716F-38C2-45CE-BF80-A6CF311A63CE} [2011.05.30 20:54:53 | 000,000,000 | ---D | C] -- C:\Users\Justin\Documents\gegl-0.0 [2011.05.30 20:54:53 | 000,000,000 | ---D | C] -- C:\Users\Justin\.gimp-2.6 [2011.05.30 20:54:49 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\GIMP [2011.05.30 20:54:35 | 000,000,000 | ---D | C] -- C:\Programme\GIMP-2.0 [2011.05.30 19:50:06 | 000,000,000 | ---D | C] -- C:\Users\Justin\AppData\Local\{8CC7172A-B917-40F7-AE2A-6C99E49BD72B} [2011.05.29 22:29:04 | 000,000,000 | ---D | C] -- C:\Users\Justin\AppData\Local\{A00A899C-9050-45F5-8281-D9D21A2F82C9} [2011.05.29 10:29:12 | 000,000,000 | ---D | C] -- C:\Users\Justin\AppData\Local\{38035D52-CDD8-4DAF-82F1-B3BA68C95FB8} [2011.05.28 16:50:00 | 000,000,000 | ---D | C] -- C:\Users\Justin\AppData\Local\{AB44ACBB-2F7A-4F63-8315-331A3879312E} [2011.05.27 19:31:57 | 000,000,000 | ---D | C] -- C:\Users\Justin\AppData\Local\{E14A3A57-57B8-4B5E-8586-5C5C0D9751D7} [2011.05.26 15:03:51 | 000,000,000 | ---D | C] -- C:\Users\Justin\AppData\Local\{D75FD3FD-58C1-4577-ADCD-0CE98DB56DF4} [2011.05.25 20:14:52 | 000,000,000 | ---D | C] -- C:\Users\Justin\AppData\Local\{07164B29-CFFE-45F4-92D1-3603DCFBFB35} [1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ] [1 C:\Users\Justin\Desktop\*.tmp files -> C:\Users\Justin\Desktop\*.tmp -> ] ========== Files - Modified Within 30 Days ========== [2011.06.23 22:52:28 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat [2011.06.23 22:52:22 | 535,433,215 | -HS- | M] () -- C:\hiberfil.sys [2011.06.23 22:51:10 | 000,000,020 | ---- | M] () -- C:\Users\Justin\defogger_reenable [2011.06.23 22:50:16 | 000,579,072 | ---- | M] (OldTimer Tools) -- C:\Users\Justin\Desktop\OTL.exe [2011.06.23 22:50:04 | 000,050,477 | ---- | M] () -- C:\Users\Justin\Desktop\Defogger.exe [2011.06.23 22:45:00 | 000,000,027 | ---- | M] () -- C:\Windows\SysNative\drivers\etc\hosts [2011.06.23 22:39:00 | 004,135,090 | R--- | M] (Swearware) -- C:\Users\Justin\Desktop\ComboFix.exe [2011.06.23 22:24:36 | 000,000,000 | ---- | M] () -- C:\autoexec.bat [2011.06.23 16:10:43 | 000,013,264 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0 [2011.06.23 16:10:43 | 000,013,264 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0 [2011.06.23 13:23:49 | 000,270,632 | ---- | M] () -- C:\Windows\SysWow64\PnkBstrB.xtr [2011.06.23 13:23:49 | 000,270,632 | ---- | M] () -- C:\Windows\SysWow64\PnkBstrB.exe [2011.06.23 13:18:56 | 000,189,248 | ---- | M] () -- C:\Windows\SysWow64\PnkBstrB.ex0 [2011.06.23 13:18:48 | 000,075,136 | ---- | M] () -- C:\Windows\SysWow64\PnkBstrA.exe [2011.06.23 12:25:28 | 000,000,036 | ---- | M] () -- C:\Users\Justin\AppData\Local\housecall.guid.cache [2011.06.23 11:27:27 | 000,067,879 | ---- | M] () -- C:\Users\Justin\Desktop\006.jpg [2011.06.23 11:26:40 | 000,033,622 | ---- | M] () -- C:\Users\Justin\Desktop\dm_8000_0.jpg [2011.06.23 09:47:39 | 001,513,152 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI [2011.06.23 09:47:39 | 000,658,712 | ---- | M] () -- C:\Windows\SysNative\perfh007.dat [2011.06.23 09:47:39 | 000,620,594 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat [2011.06.23 09:47:39 | 000,132,010 | ---- | M] () -- C:\Windows\SysNative\perfc007.dat [2011.06.23 09:47:39 | 000,108,400 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat [2011.06.21 22:15:45 | 000,001,912 | ---- | M] () -- C:\Windows\epplauncher.mif [2011.06.21 22:15:16 | 001,534,178 | ---- | M] () -- C:\Windows\SysWow64\PerfStringBackup.INI [2011.06.20 17:28:12 | 000,001,162 | ---- | M] () -- C:\Users\Public\Desktop\TeamSpeak 3 Client.lnk [2011.06.20 03:04:46 | 000,013,012 | -HS- | M] () -- C:\Users\Justin\AppData\Local\0tu10km5tq8 [2011.06.20 03:04:46 | 000,013,012 | -HS- | M] () -- C:\ProgramData\0tu10km5tq8 [2011.06.19 22:29:16 | 000,000,349 | ---- | M] () -- C:\Users\Public\Documents\PCLECHAL.INI [2011.06.19 22:25:27 | 000,005,120 | ---- | M] () -- C:\Users\Justin\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini [2011.06.16 13:37:10 | 000,030,253 | ---- | M] () -- C:\Users\Justin\Desktop\617koh.jpg [2011.06.16 10:06:28 | 000,482,240 | ---- | M] () -- C:\Windows\SysNative\FNTCACHE.DAT [2011.06.14 16:41:58 | 000,002,022 | -H-- | M] () -- C:\Users\Justin\Documents\Default.rdp [2011.06.13 17:13:39 | 000,000,079 | ---- | M] () -- C:\Users\Justin\AppData\Local\CrystalDiskMark30.ini [2011.06.13 17:01:51 | 000,001,794 | ---- | M] () -- C:\Users\Justin\Desktop\CrystalDiskMark.lnk [2011.06.13 15:41:49 | 002,830,916 | ---- | M] () -- C:\Users\Justin\Desktop\Vogel.rar [2011.06.02 22:09:37 | 3805,508,496 | ---- | M] () -- C:\Users\Justin\Client1.5.0.562750.7z [2011.05.30 20:54:49 | 000,000,910 | ---- | M] () -- C:\Users\Public\Desktop\GIMP 2.lnk [2011.05.29 09:11:20 | 000,025,912 | ---- | M] (Malwarebytes Corporation) -- C:\Windows\SysNative\drivers\mbam.sys [1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ] [1 C:\Users\Justin\Desktop\*.tmp files -> C:\Users\Justin\Desktop\*.tmp -> ] ========== Files Created - No Company Name ========== [2011.06.23 22:51:10 | 000,000,020 | ---- | C] () -- C:\Users\Justin\defogger_reenable [2011.06.23 22:50:03 | 000,050,477 | ---- | C] () -- C:\Users\Justin\Desktop\Defogger.exe [2011.06.23 22:39:36 | 000,256,512 | ---- | C] () -- C:\Windows\PEV.exe [2011.06.23 22:39:36 | 000,208,896 | ---- | C] () -- C:\Windows\MBR.exe [2011.06.23 22:39:36 | 000,098,816 | ---- | C] () -- C:\Windows\sed.exe [2011.06.23 22:39:36 | 000,080,412 | ---- | C] () -- C:\Windows\grep.exe [2011.06.23 22:39:36 | 000,068,096 | ---- | C] () -- C:\Windows\zip.exe [2011.06.23 22:24:36 | 000,000,000 | ---- | C] () -- C:\autoexec.bat [2011.06.23 12:35:00 | 000,002,441 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Reader X.lnk [2011.06.23 12:25:28 | 000,000,036 | ---- | C] () -- C:\Users\Justin\AppData\Local\housecall.guid.cache [2011.06.23 11:27:27 | 000,067,879 | ---- | C] () -- C:\Users\Justin\Desktop\006.jpg [2011.06.23 11:26:39 | 000,033,622 | ---- | C] () -- C:\Users\Justin\Desktop\dm_8000_0.jpg [2011.06.22 11:10:27 | 000,270,632 | ---- | C] () -- C:\Windows\SysWow64\PnkBstrB.exe [2011.06.22 11:10:26 | 000,075,136 | ---- | C] () -- C:\Windows\SysWow64\PnkBstrA.exe [2011.06.21 22:15:09 | 000,001,897 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Security Essentials.lnk [2011.06.20 17:28:12 | 000,001,162 | ---- | C] () -- C:\Users\Public\Desktop\TeamSpeak 3 Client.lnk [2011.06.20 04:37:17 | 000,001,912 | ---- | C] () -- C:\Windows\epplauncher.mif [2011.06.20 00:53:02 | 000,013,012 | -HS- | C] () -- C:\Users\Justin\AppData\Local\0tu10km5tq8 [2011.06.20 00:53:02 | 000,013,012 | -HS- | C] () -- C:\ProgramData\0tu10km5tq8 [2011.06.16 13:37:08 | 000,030,253 | ---- | C] () -- C:\Users\Justin\Desktop\617koh.jpg [2011.06.13 17:01:53 | 000,000,079 | ---- | C] () -- C:\Users\Justin\AppData\Local\CrystalDiskMark30.ini [2011.06.13 17:01:51 | 000,001,794 | ---- | C] () -- C:\Users\Justin\Desktop\CrystalDiskMark.lnk [2011.06.13 15:41:47 | 002,830,916 | ---- | C] () -- C:\Users\Justin\Desktop\Vogel.rar [2011.06.02 23:29:09 | 000,270,632 | ---- | C] () -- C:\Windows\SysWow64\PnkBstrB.xtr [2011.06.02 23:26:02 | 000,189,248 | ---- | C] () -- C:\Windows\SysWow64\PnkBstrB.ex0 [2011.06.02 21:28:30 | 3805,508,496 | ---- | C] () -- C:\Users\Justin\Client1.5.0.562750.7z [2011.05.30 20:54:49 | 000,000,910 | ---- | C] () -- C:\Users\Public\Desktop\GIMP 2.lnk [2011.04.09 18:55:28 | 000,179,261 | ---- | C] () -- C:\Windows\SysWow64\xlive.dll.cat [2011.03.12 19:18:42 | 000,005,120 | ---- | C] () -- C:\Users\Justin\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini [2011.03.08 14:41:06 | 000,030,568 | ---- | C] () -- C:\Windows\MusiccityDownload.exe [2011.03.08 14:41:04 | 000,974,848 | ---- | C] () -- C:\Windows\SysWow64\cis-2.4.dll [2011.03.08 14:41:04 | 000,081,920 | ---- | C] () -- C:\Windows\SysWow64\issacapi_bs-2.3.dll [2011.03.08 14:41:04 | 000,065,536 | ---- | C] () -- C:\Windows\SysWow64\issacapi_pe-2.3.dll [2011.03.08 14:41:04 | 000,057,344 | ---- | C] () -- C:\Windows\SysWow64\issacapi_se-2.3.dll [2011.02.27 13:13:41 | 000,372,736 | ---- | C] () -- C:\Windows\SysWow64\RSLSP.dll [2011.02.04 22:24:55 | 000,000,022 | ---- | C] () -- C:\Windows\simpwt.dat [2011.01.21 13:30:06 | 000,311,296 | ---- | C] () -- C:\Windows\SysWow64\EMRegSys.dll [2010.12.29 02:35:00 | 000,004,758 | ---- | C] () -- C:\Users\Justin\AppData\Roaming\Cabos.plist [2010.11.27 21:32:35 | 000,000,056 | -H-- | C] () -- C:\ProgramData\ezsidmv.dat [2010.11.09 09:33:25 | 001,534,178 | ---- | C] () -- C:\Windows\SysWow64\PerfStringBackup.INI [2010.11.08 17:14:35 | 000,000,000 | ---- | C] () -- C:\Windows\ativpsrm.bin [2010.11.08 16:59:13 | 000,001,769 | ---- | C] () -- C:\Windows\Language_trs.ini [2010.06.16 00:28:54 | 000,002,857 | ---- | C] () -- C:\Windows\SysWow64\atipblag.dat [2009.10.06 09:16:00 | 000,819,200 | ---- | C] () -- C:\Windows\SysWow64\xvidcore.dll [2009.07.14 07:38:36 | 000,067,584 | --S- | C] () -- C:\Windows\bootstat.dat [2009.07.14 04:35:51 | 000,000,741 | ---- | C] () -- C:\Windows\SysWow64\NOISE.DAT [2009.07.14 04:34:42 | 000,215,943 | ---- | C] () -- C:\Windows\SysWow64\dssec.dat [2009.07.14 02:10:29 | 000,043,131 | ---- | C] () -- C:\Windows\mib.bin [2009.07.14 01:42:10 | 000,064,000 | ---- | C] () -- C:\Windows\SysWow64\BWContextHandler.dll [2009.07.13 23:03:59 | 000,364,544 | ---- | C] () -- C:\Windows\SysWow64\msjetoledb40.dll [2009.06.10 23:26:10 | 000,673,088 | ---- | C] () -- C:\Windows\SysWow64\mlang.dat [2009.03.15 22:13:10 | 000,053,299 | ---- | C] () -- C:\Windows\SysWow64\pthreadVC.dll ========== LOP Check ========== [2011.06.23 22:45:08 | 000,000,000 | ---D | M] -- C:\Users\Justin\AppData\Roaming\AIMP [2011.06.01 20:57:52 | 000,000,000 | ---D | M] -- C:\Users\Justin\AppData\Roaming\Artisteer [2011.06.14 13:00:11 | 000,000,000 | ---D | M] -- C:\Users\Justin\AppData\Roaming\BitTorrent [2010.12.29 02:35:00 | 000,000,000 | ---D | M] -- C:\Users\Justin\AppData\Roaming\Cabos [2010.11.20 20:09:43 | 000,000,000 | ---D | M] -- C:\Users\Justin\AppData\Roaming\Canneverbe Limited [2011.06.20 13:59:50 | 000,000,000 | ---D | M] -- C:\Users\Justin\AppData\Roaming\DNA [2011.05.01 00:02:15 | 000,000,000 | ---D | M] -- C:\Users\Justin\AppData\Roaming\DVDVideoSoftIEHelpers [2011.02.27 13:22:57 | 000,000,000 | ---D | M] -- C:\Users\Justin\AppData\Roaming\Engelmann Media [2011.06.02 23:13:44 | 000,000,000 | ---D | M] -- C:\Users\Justin\AppData\Roaming\FileZilla [2010.11.26 16:53:18 | 000,000,000 | ---D | M] -- C:\Users\Justin\AppData\Roaming\Folding@home-x86 [2010.12.21 17:57:20 | 000,000,000 | ---D | M] -- C:\Users\Justin\AppData\Roaming\HFM [2011.06.22 22:34:06 | 000,000,000 | ---D | M] -- C:\Users\Justin\AppData\Roaming\ICQ [2010.12.29 03:11:07 | 000,000,000 | ---D | M] -- C:\Users\Justin\AppData\Roaming\LimeWire [2011.02.21 22:22:46 | 000,000,000 | ---D | M] -- C:\Users\Justin\AppData\Roaming\LockHunter [2011.05.14 10:12:34 | 000,000,000 | ---D | M] -- C:\Users\Justin\AppData\Roaming\runic games [2010.12.12 15:26:11 | 000,000,000 | ---D | M] -- C:\Users\Justin\AppData\Roaming\Samsung [2010.11.09 10:29:44 | 000,000,000 | ---D | M] -- C:\Users\Justin\AppData\Roaming\Scooter Software [2011.02.27 14:02:37 | 000,000,000 | ---D | M] -- C:\Users\Justin\AppData\Roaming\Sytexis Software [2011.04.12 17:29:10 | 000,000,000 | ---D | M] -- C:\Users\Justin\AppData\Roaming\TeamViewer [2011.03.30 20:39:20 | 000,000,000 | ---D | M] -- C:\Users\Justin\AppData\Roaming\Thinstall [2010.11.12 11:43:34 | 000,000,000 | ---D | M] -- C:\Users\Justin\AppData\Roaming\TightVNC [2011.05.18 10:38:25 | 000,000,000 | ---D | M] -- C:\Users\Justin\AppData\Roaming\TS3Client [2011.06.23 22:52:38 | 000,032,640 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT ========== Purity Check ========== ========== Alternate Data Streams ========== @Alternate Data Stream - 133 bytes -> C:\ProgramData\TEMP:618D0840 < End of report > Geändert von Flow-De (23.06.2011 um 22:36 Uhr) |
|
24.06.2011, 09:57
| #2 | ||
| /// Winkelfunktion /// TB-Süch-Tiger™   | Updateprobleme jeweder Software(Nach Internet Security 2011 befall)Zitat:
 Einen ganz klaren Hinweis gibt es auch zu http://www.trojaner-board.de/95175-combofix.html Zitat:
__________________ |
|
24.06.2011, 13:09
| #3 |
| | Updateprobleme jeweder Software(Nach Internet Security 2011 befall)Code:
ATTFilter ComboFix 11-06-23.01 - Justin 23.06.2011 22:40:16.1.4 - x64
Microsoft Windows 7 Professional 6.1.7600.0.1252.49.1031.18.6142.4307 [GMT 2:00]
ausgeführt von:: c:\users\Justin\Desktop\ComboFix.exe
AV: AntiVir Desktop *Enabled/Updated* {090F9C29-64CE-6C6F-379C-5901B49A85B7}
SP: AntiVir Desktop *Enabled/Updated* {B26E7DCD-42F4-63E1-0D2C-6273CF1DCF0A}
SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
(((((((((((((((((((((((((((((((((((( Weitere Löschungen ))))))))))))))))))))))))))))))))))))))))))))))))
.
.
C:\timer2tray
c:\users\Justin\APB_Reloaded_Installer.exe
c:\users\Justin\AppData\Roaming\Adobe\plugs
c:\users\Justin\AppData\Roaming\Adobe\shed
c:\windows\SysWow64\muzapp.exe
.
.
((((((((((((((((((((((( Dateien erstellt von 2011-05-23 bis 2011-06-23 ))))))))))))))))))))))))))))))
.
.
2011-06-23 20:44 . 2011-06-23 20:44 -------- d-----w- c:\users\Default\AppData\Local\temp
2011-06-23 20:25 . 2011-06-23 20:25 -------- d-----w- c:\programdata\{AB2D8F2E-F7AD-4446-A11A-50D846B2CF2A}
2011-06-23 20:24 . 2011-06-23 20:24 -------- d-----w- c:\program files\Enigma Software Group
2011-06-23 20:23 . 2011-06-23 20:43 -------- d-----w- c:\windows\1226A4C56F274C4EAE372B5512DE125A.TMP
2011-06-23 20:23 . 2011-06-23 20:23 -------- d-----w- c:\program files (x86)\Common Files\Wise Installation Wizard
2011-06-23 20:18 . 2011-06-23 20:25 -------- dc-h--w- c:\programdata\~0
2011-06-23 20:18 . 2011-06-23 20:18 -------- d-----w- c:\users\Justin\AppData\Local\PackageAware
2011-06-23 10:34 . 2011-06-23 10:35 -------- d-----w- c:\program files (x86)\Common Files\Adobe
2011-06-23 10:27 . 2011-06-23 10:55 -------- d-----w- c:\program files (x86)\Spybot - Search & Destroy
2011-06-23 10:27 . 2011-06-23 10:55 -------- d-----w- c:\programdata\Spybot - Search & Destroy
2011-06-23 10:19 . 2011-06-23 10:19 2106216 ----a-w- c:\program files (x86)\Mozilla Firefox\D3DCompiler_43.dll
2011-06-23 10:19 . 2011-06-23 10:19 1998168 ----a-w- c:\program files (x86)\Mozilla Firefox\d3dx9_43.dll
2011-06-22 09:10 . 2011-06-23 11:23 270632 ----a-w- c:\windows\SysWow64\PnkBstrB.exe
2011-06-22 09:10 . 2011-06-23 11:18 75136 ----a-w- c:\windows\SysWow64\PnkBstrA.exe
2011-06-21 21:40 . 2011-06-21 21:46 -------- d-----w- c:\users\test
2011-06-21 20:15 . 2011-06-21 20:15 -------- d-----w- c:\program files (x86)\Microsoft Security Client
2011-06-21 20:15 . 2011-06-21 20:15 -------- d-----w- c:\program files\Microsoft Security Client
2011-06-21 09:07 . 2011-06-21 09:07 -------- d-----w- c:\users\Justin\AppData\Local\{AEC54154-E298-420C-A62F-65063180C5A8}
2011-06-20 16:18 . 2011-06-20 16:18 -------- d-----w- c:\users\Justin\AppData\Local\{CF0E8247-F42B-4A51-892E-2486920F1522}
2011-06-20 15:28 . 2011-06-20 15:28 -------- d-----w- c:\program files (x86)\TeamSpeak 3 Client
2011-06-20 10:44 . 2011-06-20 10:44 -------- d-----w- c:\users\Justin\AppData\Local\{08FF1306-6C83-4A00-812F-64BEAF6035B0}
2011-06-20 02:35 . 2010-04-09 11:06 374664 ----a-w- c:\windows\system32\drivers\netio.sys
2011-06-20 01:17 . 2011-06-20 01:17 -------- d-----w- C:\avktmp
2011-06-19 22:52 . 2011-06-20 02:14 -------- d-----w- c:\programdata\nE28247HgJmF28247
2011-06-19 21:45 . 2011-06-19 21:45 -------- d-----w- c:\users\Justin\AppData\Local\{3B49D928-1761-44FE-B5B1-819147491BC0}
2011-06-19 09:44 . 2011-06-19 09:44 -------- d-----w- c:\users\Justin\AppData\Local\{765EC9CA-2B70-4E60-8472-93EB2F03D312}
2011-06-18 23:50 . 2011-06-18 23:50 -------- d-----w- c:\windows\system32\EventProviders
2011-06-18 13:16 . 2011-06-18 13:17 -------- d-----w- c:\users\Justin\AppData\Local\{9458BF69-934D-485C-9E06-69768D52B77E}
2011-06-17 08:32 . 2011-05-09 22:00 8718160 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{A1D42E87-0FE9-444A-AECB-F5A9B8D403D9}\mpengine.dll
2011-06-17 08:30 . 2011-06-17 08:30 -------- d-----w- c:\users\Justin\AppData\Local\{0BEF3957-B07A-402A-94DB-EAEADE8B76D9}
2011-06-16 09:46 . 2011-06-16 09:46 -------- d-----w- c:\users\Justin\AppData\Local\{A2A7DF3F-3095-471B-997C-297E5993AA49}
2011-06-15 21:46 . 2011-06-15 21:46 -------- d-----w- c:\users\Justin\AppData\Local\{1C077B33-3059-4718-959D-A9F0FB4F3647}
2011-06-15 19:58 . 2011-04-27 02:57 102400 ----a-w- c:\windows\system32\drivers\dfsc.sys
2011-06-15 19:58 . 2011-04-25 05:32 1896832 ----a-w- c:\windows\system32\drivers\tcpip.sys
2011-06-15 19:58 . 2011-04-25 02:44 499712 ----a-w- c:\windows\system32\drivers\afd.sys
2011-06-15 19:58 . 2011-05-04 02:51 287744 ----a-w- c:\windows\system32\drivers\mrxsmb10.sys
2011-06-15 19:58 . 2011-05-04 02:51 157696 ----a-w- c:\windows\system32\drivers\mrxsmb.sys
2011-06-15 19:58 . 2011-05-04 02:51 126464 ----a-w- c:\windows\system32\drivers\mrxsmb20.sys
2011-06-15 19:58 . 2011-05-28 03:07 3133952 ----a-w- c:\windows\system32\win32k.sys
2011-06-15 19:57 . 2011-01-17 06:17 197120 ----a-w- c:\windows\system32\d3d10_1.dll
2011-06-15 19:57 . 2011-01-17 05:38 161792 ----a-w- c:\windows\SysWow64\d3d10_1.dll
2011-06-15 19:57 . 2011-04-29 03:13 461312 ----a-w- c:\windows\system32\drivers\srv.sys
2011-06-15 19:57 . 2011-04-29 03:12 399872 ----a-w- c:\windows\system32\drivers\srv2.sys
2011-06-15 19:57 . 2011-04-29 03:12 161792 ----a-w- c:\windows\system32\drivers\srvnet.sys
2011-06-15 19:57 . 2010-12-18 06:13 861184 ----a-w- c:\windows\system32\oleaut32.dll
2011-06-15 19:57 . 2010-12-18 05:31 571904 ----a-w- c:\windows\SysWow64\oleaut32.dll
2011-06-15 19:57 . 2011-05-03 05:21 976896 ----a-w- c:\windows\system32\inetcomm.dll
2011-06-15 19:57 . 2011-05-03 04:50 740864 ----a-w- c:\windows\SysWow64\inetcomm.dll
2011-06-15 09:45 . 2011-06-15 09:46 -------- d-----w- c:\users\Justin\AppData\Local\{DD28D64C-99FD-495C-9701-FC4FA281B470}
2011-06-14 21:45 . 2011-06-14 21:45 -------- d-----w- c:\users\Justin\AppData\Local\{9F50A274-932B-428A-89FC-941540AECDFF}
2011-06-14 09:45 . 2011-06-14 09:45 -------- d-----w- c:\users\Justin\AppData\Local\{52EDC7F5-E92D-4C26-8D0F-D38856C8492A}
2011-06-13 21:44 . 2011-06-13 21:45 -------- d-----w- c:\users\Justin\AppData\Local\{F810E773-FC2D-4658-8AB0-E5CAD996447B}
2011-06-13 15:01 . 2011-06-13 15:01 -------- d-----w- c:\program files\CrystalDiskMark
2011-06-13 14:56 . 2011-06-13 14:56 -------- d-----w- c:\program files (x86)\HD Tune Pro
2011-06-13 09:44 . 2011-06-13 09:44 -------- d-----w- c:\users\Justin\AppData\Local\{9B15E19D-4575-4204-B61A-6656935099F2}
2011-06-12 09:37 . 2011-06-12 09:37 -------- d-----w- c:\users\Justin\AppData\Local\{18D9A83C-2AC4-4250-ABA5-6592202529E0}
2011-06-11 19:01 . 2011-06-11 19:01 -------- d-----w- c:\programdata\Hewlett-Packard
2011-06-11 19:01 . 2009-07-14 01:41 230400 ----a-w- c:\windows\system32\Spool\prtprocs\x64\hpzppw71.dll
2011-06-11 16:56 . 2011-06-11 16:56 -------- d-----w- c:\users\Justin\AppData\Local\{B7CEDDBB-ECA3-49CA-890F-49C258851B20}
2011-06-09 16:06 . 2009-07-14 01:41 258048 ----a-w- c:\windows\system32\Spool\prtprocs\x64\hpfppw73.dll
2011-06-09 14:40 . 2011-06-09 14:40 -------- d-----w- c:\users\Justin\AppData\Local\{49737F2E-56A7-43A9-B94F-31167011EAEE}
2011-06-08 16:21 . 2011-06-08 16:22 -------- d-----w- c:\users\Justin\AppData\Local\{77838E10-8757-4A04-85BE-77E46522557B}
2011-06-07 14:34 . 2011-06-07 14:34 -------- d-----w- c:\users\Justin\AppData\Local\{E7CFA76D-2785-4D05-B71E-AF152773AE4F}
2011-06-06 14:17 . 2011-06-06 14:17 -------- d-----w- c:\users\Justin\AppData\Local\{8B517B1C-4C64-486C-9A20-5281FDD0CE88}
2011-06-06 10:55 . 2011-06-06 10:55 183696 ----a-w- c:\program files (x86)\Mozilla Firefox\plugins\nppdf32.dll
2011-06-06 10:55 . 2011-06-06 10:55 183696 ----a-w- c:\program files (x86)\Internet Explorer\Plugins\nppdf32.dll
2011-06-05 20:39 . 2011-06-05 20:39 -------- d-----w- c:\users\Justin\AppData\Local\{62BD8C7B-95CF-4B49-BAE7-CE2EE89CD45E}
2011-06-05 08:39 . 2011-06-05 08:39 -------- d-----w- c:\users\Justin\AppData\Local\{E28171D1-15C0-4AEF-91EE-F01908D8B40B}
2011-06-04 08:24 . 2011-06-04 08:25 -------- d-----w- c:\users\Justin\AppData\Local\{F92890FF-1BAE-45D4-871A-15A4DAE9C0DB}
2011-06-03 21:45 . 2011-06-03 21:45 -------- d-----w- c:\program files (x86)\DNA
2011-06-03 15:27 . 2011-06-03 15:28 -------- d-----w- c:\users\Justin\AppData\Local\{D8333509-A29D-4ED3-8E12-99E312B5E1BA}
2011-06-02 21:31 . 2011-06-02 21:32 -------- d-----w- c:\users\Justin\AppData\Local\{75922FCE-02E2-4ED0-80F0-9BFDDC191F29}
2011-06-02 21:29 . 2011-06-23 11:23 270632 ----a-w- c:\windows\SysWow64\PnkBstrB.xtr
2011-06-02 21:29 . 2011-06-02 21:29 -------- d-----w- c:\users\Justin\AppData\Local\PunkBuster
2011-06-02 21:26 . 2011-06-23 11:18 189248 ----a-w- c:\windows\SysWow64\PnkBstrB.ex0
2011-06-02 19:24 . 2011-06-02 19:24 -------- d-----w- c:\program files (x86)\Pando Networks
2011-06-02 19:24 . 2011-06-23 11:05 -------- d-----w- c:\program files (x86)\GamersFirst
2011-06-02 09:31 . 2011-06-02 09:31 -------- d-----w- c:\users\Justin\AppData\Local\{13102B78-EA9B-4276-B9CE-74866B568C53}
2011-06-01 18:57 . 2011-06-01 18:57 -------- d-----w- c:\users\Justin\AppData\Roaming\Artisteer
2011-06-01 16:58 . 2011-06-01 16:58 -------- d-----w- c:\users\Justin\AppData\Local\{6B492914-CDD5-452C-9E51-C4D644E1AB49}
2011-05-31 19:52 . 2011-05-31 19:52 -------- d-----w- c:\users\Justin\AppData\Local\{E349716F-38C2-45CE-BF80-A6CF311A63CE}
2011-05-30 18:54 . 2011-05-30 19:52 -------- d-----w- c:\users\Justin\.gimp-2.6
2011-05-30 18:54 . 2011-05-30 18:54 -------- d-----w- c:\program files\GIMP-2.0
2011-05-30 17:50 . 2011-05-30 17:50 -------- d-----w- c:\users\Justin\AppData\Local\{8CC7172A-B917-40F7-AE2A-6C99E49BD72B}
2011-05-29 20:29 . 2011-05-29 20:29 -------- d-----w- c:\users\Justin\AppData\Local\{A00A899C-9050-45F5-8281-D9D21A2F82C9}
2011-05-29 08:29 . 2011-05-29 08:29 -------- d-----w- c:\users\Justin\AppData\Local\{38035D52-CDD8-4DAF-82F1-B3BA68C95FB8}
2011-05-28 14:50 . 2011-05-28 14:51 -------- d-----w- c:\users\Justin\AppData\Local\{AB44ACBB-2F7A-4F63-8315-331A3879312E}
2011-05-27 17:31 . 2011-05-27 17:34 -------- d-----w- c:\users\Justin\AppData\Local\{E14A3A57-57B8-4B5E-8586-5C5C0D9751D7}
2011-05-26 13:03 . 2011-05-26 13:04 -------- d-----w- c:\users\Justin\AppData\Local\{D75FD3FD-58C1-4577-ADCD-0CE98DB56DF4}
2011-05-25 18:17 . 2011-04-22 20:18 27008 ----a-w- c:\windows\system32\drivers\Diskdump.sys
2011-05-25 18:14 . 2011-05-25 18:15 -------- d-----w- c:\users\Justin\AppData\Local\{07164B29-CFFE-45F4-92D1-3603DCFBFB35}
.
.
.
(((((((((((((((((((((((((((((((((((( Find3M Bericht ))))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2011-06-19 18:00 . 2011-05-15 07:52 404640 ----a-w- c:\windows\SysWow64\FlashPlayerCPLApp.cpl
2011-05-29 07:11 . 2010-11-26 10:45 25912 ----a-w- c:\windows\system32\drivers\mbam.sys
2011-05-07 21:57 . 2011-05-07 21:57 86528 ----a-w- c:\windows\SysWow64\iesysprep.dll
2011-05-07 21:57 . 2011-05-07 21:57 76800 ----a-w- c:\windows\SysWow64\SetIEInstalledDate.exe
2011-05-07 21:57 . 2011-05-07 21:57 74752 ----a-w- c:\windows\SysWow64\RegisterIEPKEYs.exe
2011-05-07 21:57 . 2011-05-07 21:57 48640 ----a-w- c:\windows\SysWow64\mshtmler.dll
2011-05-07 21:57 . 2011-05-07 21:57 161792 ----a-w- c:\windows\SysWow64\msls31.dll
2011-05-07 21:57 . 2011-05-07 21:57 1126912 ----a-w- c:\windows\SysWow64\wininet.dll
2011-05-07 21:57 . 2011-05-07 21:57 110592 ----a-w- c:\windows\SysWow64\IEAdvpack.dll
2011-05-07 21:57 . 2011-05-07 21:57 91648 ----a-w- c:\windows\system32\SetIEInstalledDate.exe
2011-05-07 21:57 . 2011-05-07 21:57 89088 ----a-w- c:\windows\system32\RegisterIEPKEYs.exe
2011-05-07 21:57 . 2011-05-07 21:57 85504 ----a-w- c:\windows\system32\iesetup.dll
2011-05-07 21:57 . 2011-05-07 21:57 76800 ----a-w- c:\windows\system32\tdc.ocx
2011-05-07 21:57 . 2011-05-07 21:57 74752 ----a-w- c:\windows\SysWow64\iesetup.dll
2011-05-07 21:57 . 2011-05-07 21:57 63488 ----a-w- c:\windows\SysWow64\tdc.ocx
2011-05-07 21:57 . 2011-05-07 21:57 603648 ----a-w- c:\windows\system32\vbscript.dll
2011-05-07 21:57 . 2011-05-07 21:57 49664 ----a-w- c:\windows\system32\imgutil.dll
2011-05-07 21:57 . 2011-05-07 21:57 48640 ----a-w- c:\windows\system32\mshtmler.dll
2011-05-07 21:57 . 2011-05-07 21:57 448512 ----a-w- c:\windows\system32\html.iec
2011-05-07 21:57 . 2011-05-07 21:57 420864 ----a-w- c:\windows\SysWow64\vbscript.dll
2011-05-07 21:57 . 2011-05-07 21:57 367104 ----a-w- c:\windows\SysWow64\html.iec
2011-05-07 21:57 . 2011-05-07 21:57 35840 ----a-w- c:\windows\SysWow64\imgutil.dll
2011-05-07 21:57 . 2011-05-07 21:57 30720 ----a-w- c:\windows\system32\licmgr10.dll
2011-05-07 21:57 . 2011-05-07 21:57 23552 ----a-w- c:\windows\SysWow64\licmgr10.dll
2011-05-07 21:57 . 2011-05-07 21:57 222208 ----a-w- c:\windows\system32\msls31.dll
2011-05-07 21:57 . 2011-05-07 21:57 173056 ----a-w- c:\windows\system32\ieUnatt.exe
2011-05-07 21:57 . 2011-05-07 21:57 165888 ----a-w- c:\windows\system32\iexpress.exe
2011-05-07 21:57 . 2011-05-07 21:57 160256 ----a-w- c:\windows\system32\wextract.exe
2011-05-07 21:57 . 2011-05-07 21:57 152064 ----a-w- c:\windows\SysWow64\wextract.exe
2011-05-07 21:57 . 2011-05-07 21:57 150528 ----a-w- c:\windows\SysWow64\iexpress.exe
2011-05-07 21:57 . 2011-05-07 21:57 1492992 ----a-w- c:\windows\system32\inetcpl.cpl
2011-05-07 21:57 . 2011-05-07 21:57 142848 ----a-w- c:\windows\SysWow64\ieUnatt.exe
2011-05-07 21:57 . 2011-05-07 21:57 1427456 ----a-w- c:\windows\SysWow64\inetcpl.cpl
2011-05-07 21:57 . 2011-05-07 21:57 1389056 ----a-w- c:\windows\system32\wininet.dll
2011-05-07 21:57 . 2011-05-07 21:57 135168 ----a-w- c:\windows\system32\IEAdvpack.dll
2011-05-07 21:57 . 2011-05-07 21:57 12288 ----a-w- c:\windows\system32\mshta.exe
2011-05-07 21:57 . 2011-05-07 21:57 11776 ----a-w- c:\windows\SysWow64\mshta.exe
2011-05-07 21:57 . 2011-05-07 21:57 114176 ----a-w- c:\windows\system32\admparse.dll
2011-05-07 21:57 . 2011-05-07 21:57 111616 ----a-w- c:\windows\system32\iesysprep.dll
2011-05-07 21:57 . 2011-05-07 21:57 101888 ----a-w- c:\windows\SysWow64\admparse.dll
2011-04-09 16:55 . 2011-04-09 16:55 15453336 ----a-w- c:\windows\SysWow64\xlive.dll
2011-04-09 16:55 . 2011-04-09 16:55 13642904 ----a-w- c:\windows\SysWow64\xlivefnt.dll
2011-04-09 06:58 . 2011-05-19 11:05 142336 ----a-w- c:\windows\system32\poqexec.exe
2011-04-09 06:45 . 2011-05-11 20:18 5509504 ----a-w- c:\windows\system32\ntoskrnl.exe
2011-04-09 06:13 . 2011-05-11 20:18 3957632 ----a-w- c:\windows\SysWow64\ntkrnlpa.exe
2011-04-09 06:13 . 2011-05-11 20:18 3901824 ----a-w- c:\windows\SysWow64\ntoskrnl.exe
2011-04-09 05:56 . 2011-05-19 11:05 123904 ----a-w- c:\windows\SysWow64\poqexec.exe
2011-03-25 21:52 . 2011-05-19 08:01 68720 ----a-w- c:\windows\system32\drivers\vmx86.sys
2011-03-25 21:52 . 2011-05-19 08:01 968816 ----a-w- c:\windows\system32\vnetlib64.dll
2011-03-25 21:52 . 2011-05-19 08:01 81008 ----a-w- c:\windows\system32\drivers\vmci.sys
2011-03-25 21:51 . 2011-05-19 08:01 334448 ----a-w- c:\windows\SysWow64\vmnetdhcp.exe
2011-03-25 21:51 . 2011-05-19 08:01 404080 ----a-w- c:\windows\SysWow64\vmnat.exe
2011-03-25 21:50 . 2011-05-19 08:00 31856 ----a-w- c:\windows\system32\drivers\VMkbd.sys
2011-03-25 21:50 . 2011-05-19 08:01 30320 ----a-w- c:\windows\system32\drivers\vmnetuserif.sys
.
.
(((((((((((((((((((((((((((( Autostartpunkte der Registrierung ))))))))))))))))))))))))))))))))))))))))
.
.
*Hinweis* leere Einträge & legitime Standardeinträge werden nicht angezeigt.
REGEDIT4
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Steam"="c:\program files (x86)\Steam\Steam.exe" [2010-11-16 1242448]
"RocketDock"="c:\program files (x86)\RocketDock\RocketDock.exe" [2007-09-02 495616]
"Sidebar"="c:\program files\Windows Sidebar\sidebar.exe" [2009-07-14 1475072]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"StartCCC"="c:\program files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2010-09-30 98304]
"NUSB3MON"="c:\program files (x86)\NEC Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe" [2010-01-22 106496]
"Adobe ARM"="c:\program files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2011-06-06 937920]
.
c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
UltraMon.lnk - c:\windows\Installer\{B49673F8-7AB6-4A14-8213-C8A7BE370010}\IcoUltraMon.ico [2010-11-15 29310]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 5 (0x5)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)
"SoftwareSASGeneration"= 1 (0x1)
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\drivers32]
"aux4"=wdmaud.drv
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MsMpSvc]
@="Service"
.
R2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384]
R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576]
R3 ALSysIO;ALSysIO;c:\users\Justin\AppData\Local\Temp\ALSysIO64.sys [x]
R3 cpuz130;cpuz130;c:\users\Justin\AppData\Local\Temp\cpuz130\cpuz_x64.sys [x]
R3 dgderdrv;dgderdrv;c:\windows\system32\drivers\dgderdrv.sys [x]
R3 DIRECTIO;DIRECTIO;c:\program files (x86)\PerformanceTest\DirectIo.sys [x]
R3 Microsoft SharePoint Workspace Audit Service;Microsoft SharePoint Workspace Audit Service;c:\program files\Microsoft Office\Office14\GROOVE.EXE [2010-03-25 51456888]
R3 MpNWMon;Microsoft Malware Protection Network Driver;c:\windows\system32\DRIVERS\MpNWMon.sys [x]
R3 NisDrv;Microsoft Network Inspection System;c:\windows\system32\DRIVERS\NisDrvWFP.sys [x]
R3 NisSrv;Microsoft-Netzwerkinspektion;c:\program files\Microsoft Security Client\Antimalware\NisSrv.exe [2010-11-11 282616]
R3 ose64;Office 64 Source Engine;c:\program files\Common Files\Microsoft Shared\Source Engine\OSE.EXE [2010-01-09 174440]
R3 osppsvc;Office Software Protection Platform;c:\program files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE [2010-01-09 4925184]
R3 ssadbus;SAMSUNG Android USB Composite Device driver (WDM);c:\windows\system32\DRIVERS\ssadbus.sys [x]
R3 ssadmdfl;SAMSUNG Android USB Modem (Filter);c:\windows\system32\DRIVERS\ssadmdfl.sys [x]
R3 ssadmdm;SAMSUNG Android USB Modem Drivers;c:\windows\system32\DRIVERS\ssadmdm.sys [x]
R3 teamviewervpn;TeamViewer VPN Adapter;c:\windows\system32\DRIVERS\teamviewervpn.sys [x]
R3 TFsExDisk;TFsExDisk;c:\windows\System32\Drivers\TFsExDisk.sys [2010-10-25 16392]
R3 USBAAPL64;Apple Mobile USB Driver;c:\windows\system32\Drivers\usbaapl64.sys [x]
R3 vnet;Shrew Soft Virtual Adapter;c:\windows\system32\DRIVERS\virtualnet.sys [x]
R3 WSDPrintDevice;WSD-Druckunterstützung durch UMB;c:\windows\system32\DRIVERS\WSDPrint.sys [x]
R4 dtpd;ShrewSoft DNS Proxy Daemon;c:\program files\ShrewSoft\VPN Client\dtpd.exe [2010-10-08 56592]
R4 iked;ShrewSoft IKE Daemon;c:\program files\ShrewSoft\VPN Client\iked.exe [2010-10-08 957712]
R4 ipsecd;ShrewSoft IPSEC Daemon;c:\program files\ShrewSoft\VPN Client\ipsecd.exe [2010-10-08 697616]
R4 ShadowProtectSvc;ShadowProtect Service;c:\program files (x86)\StorageCraft\ShadowProtect\ShadowProtectSvc.exe [2010-07-15 1657376]
R4 Stereo Service;NVIDIA Stereoscopic 3D Driver Service;c:\program files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe [2011-01-07 378984]
R4 TeamViewer6;TeamViewer 6;c:\program files (x86)\TeamViewer\Version6\TeamViewer_Service.exe [2011-04-01 2271608]
R4 VMUSBArbService;VMware USB Arbitration Service;c:\program files (x86)\Common Files\VMware\USB\vmware-usbarbitrator.exe [2011-03-25 539248]
R4 VSNAPVSS;StorageCraft Shadow Copy Provider;c:\windows\SysWOW64\vsnapvss.exe [2010-07-15 67616]
S0 sptd;sptd;c:\windows\System32\Drivers\sptd.sys [x]
S0 stcvsm;StorageCraft Volume Snapshot Driver;c:\windows\system32\DRIVERS\stcvsm.sys [x]
S1 sbmount;StorageCraft Image Mount Driver; [x]
S1 vflt;Shrew Soft Lightweight Filter;c:\windows\system32\DRIVERS\vfilter.sys [x]
S2 AdobeARMservice;Adobe Acrobat Update Service;c:\program files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe [2011-06-06 64952]
S2 AMD External Events Utility;AMD External Events Utility;c:\windows\system32\atiesrxx.exe [x]
S2 cpuz134;cpuz134;c:\windows\system32\drivers\cpuz134_x64.sys [x]
S2 npf;NetGroup Packet Filter Driver;c:\windows\system32\drivers\npf.sys [x]
S2 UltraMonUtility;UltraMon Utility Driver;c:\program files (x86)\Common Files\Realtime Soft\UltraMonMirrorDrv\x64\UltraMonUtility.sys [2008-11-14 20512]
S2 vmci;VMware vmci;c:\windows\system32\drivers\vmci.sys [x]
S3 amdkmdag;amdkmdag;c:\windows\system32\DRIVERS\atikmdag.sys [x]
S3 amdkmdap;amdkmdap;c:\windows\system32\DRIVERS\atikmpag.sys [x]
S3 AtiHDAudioService;ATI Function Driver for HD Audio Service;c:\windows\system32\drivers\AtihdW76.sys [x]
S3 esgiguard;esgiguard;c:\program files\Enigma Software Group\SpyHunter\esgiguard.sys [x]
S3 LGBusEnum;Logitech GamePanel Virtual Bus Enumerator Driver;c:\windows\system32\drivers\LGBusEnum.sys [x]
S3 nusb3hub;NEC Electronics USB 3.0 Hub Driver;c:\windows\system32\DRIVERS\nusb3hub.sys [x]
S3 nusb3xhc;NEC Electronics USB 3.0 Host Controller Driver;c:\windows\system32\DRIVERS\nusb3xhc.sys [x]
S3 VIAHdAudAddService;VIA High Definition Audio Driver Service;c:\windows\system32\drivers\viahduaa.sys [x]
S3 VMfilt;VMfilt;c:\windows\system32\drivers\VMfilt64.sys [x]
S3 yukonw7;NDIS6.2 Miniport Driver for Marvell Yukon Ethernet Controller;c:\windows\system32\DRIVERS\yk62x64.sys [x]
.
.
--- Andere Dienste/Treiber im Speicher ---
.
*NewlyCreated* - ESGIGUARD
.
.
--------- x86-64 -----------
.
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Launch LgDeviceAgent"="c:\program files\Logitech\GamePanel Software\LgDevAgt.exe" [2009-07-09 408584]
"MSC"="c:\program files\Microsoft Security Client\msseces.exe" [2010-11-30 1436224]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]
"LoadAppInit_DLLs"=0x0
.
------- Zusätzlicher Suchlauf -------
.
uLocal Page = c:\windows\system32\blank.htm
uStart Page = hxxp://www.google.de/
mLocal Page = c:\windows\SysWOW64\blank.htm
IE: An OneNote s&enden - c:\progra~1\MICROS~1\Office14\ONBttnIE.dll/105
IE: Free YouTube to MP3 Converter - c:\users\Justin\AppData\Roaming\DVDVideoSoftIEHelpers\freeyoutubetomp3converter.htm
IE: Nach Microsoft E&xcel exportieren - c:\progra~1\MICROS~1\Office14\EXCEL.EXE/3000
IE: {{73C6DCFB-B606-47F3-BDFA-9A4FBF931E37} - c:\program files (x86)\ICQ7.4\ICQ.exe
LSP: c:\program files (x86)\VMware\VMware Workstation\vsocklib.dll
Trusted Zone: microsoft.com
Trusted Zone: microsoft.com\*.update
Trusted Zone: microsoft.com\*.windowsupdate
Trusted Zone: windowsupdate.com
TCP: Interfaces\{B2FA24B3-6AA5-4134-B690-9474E9EE74B0}: NameServer = 172.16.10.16
TCP: Interfaces\{E94CCF6C-A2FB-4C0A-A7D6-C60261E95A92}: NameServer = 192.168.2.1
FF - ProfilePath - c:\users\Justin\AppData\Roaming\Mozilla\Firefox\Profiles\58gc5y1s.default\
FF - prefs.js: browser.search.defaulturl - hxxp://plasmoo.com/index.htm?SearchMashine=true&q={searchTerms}
FF - prefs.js: browser.search.selectedEngine - Google
FF - prefs.js: browser.startup.homepage - www.google.de
FF - prefs.js: keyword.URL - hxxp://plasmoo.com/index.htm?SearchMashine=true&q=
.
- - - - Entfernte verwaiste Registrierungseinträge - - - -
.
AddRemove-{09FF4DB8-7DE9-4D47-B7DB-915DB7D9A8CA} - c:\programdata\{AB2D8F2E-F7AD-4446-A11A-50D846B2CF2A}\bm_installer.exe
.
.
.
--------------------- Gesperrte Registrierungsschluessel ---------------------
.
[HKEY_USERS\S-1-5-21-911968414-3850360206-3924130046-1000\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved\{6BF3FB61-2747-78C2-26D8-DC4CD658160B}*]
"iahbkgmgalimnhpgmp"=hex:6a,61,6c,61,65,63,64,66,64,69,6d,62,62,6f,65,6b,61,6a,
6c,6c,00,ed
"habbajmnegncmejp"=hex:6a,61,6c,61,65,63,64,66,64,69,6d,62,62,6f,65,6b,61,6a,
6c,6c,00,7b
.
[HKEY_USERS\S-1-5-21-911968414-3850360206-3924130046-1000\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved\{CEDD38C2-232B-99BE-57AA-C19FA123AFC6}*]
"maficcaeembonmclkhnnhgmbmn"=hex:6a,61,68,67,6b,64,62,6f,63,69,70,67,70,6c,6c,
6b,69,6a,68,64,00,ed
"nalgibjbknjlmbhfchmoobdccado"=hex:6a,61,68,67,6b,64,62,6f,63,69,70,67,70,6c,
6c,6b,69,6a,68,64,00,02
"ialgibjbknjlmbhfch"=hex:6a,61,68,67,6b,64,62,6f,63,69,70,67,70,6c,6c,6b,69,6a,
68,64,00,00
"haficcaeembonmcl"=hex:6a,61,68,67,6b,64,62,6f,63,69,70,67,70,6c,6c,6b,69,6a,
68,64,00,00
.
[HKEY_USERS\S-1-5-21-911968414-3850360206-3924130046-1000\Software\SecuROM\License information*]
"datasecu"=hex:9d,dc,b2,84,47,89,af,b4,a5,31,90,c6,14,09,0f,fc,6f,17,29,d9,0d,
93,8a,7d,24,eb,2d,c2,d5,0c,0d,28,03,68,e2,e4,fb,be,85,c4,e9,31,d0,41,cf,8a,\
"rkeysecu"=hex:7d,49,f8,a2,ad,e2,f2,ab,f8,15,62,7e,51,d6,fe,50
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil10l_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\LocalServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil10l_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Shockwave Flash Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash10l.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
@="0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
@="ShockwaveFlash.ShockwaveFlash.10"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash10l.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="ShockwaveFlash.ShockwaveFlash"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Macromedia Flash Factory Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash10l.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
@="FlashFactory.FlashFactory.1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash10l.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="FlashFactory.FlashFactory"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}]
@Denied: (A 2) (Everyone)
@="IFlashBroker4"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0001\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
Zeit der Fertigstellung: 2011-06-23 22:46:25
ComboFix-quarantined-files.txt 2011-06-23 20:46
.
Vor Suchlauf: 12 Verzeichnis(se), 97.496.489.984 Bytes frei
Nach Suchlauf: 16 Verzeichnis(se), 97.342.078.976 Bytes frei
.
- - End Of File - - 44257F9F029E132B12EF396B698F2D9A
|
|
24.06.2011, 14:02
| #4 |
| /// Winkelfunktion /// TB-Süch-Tiger™ | Updateprobleme jeweder Software(Nach Internet Security 2011 befall) Combofix - Scripten 1. Starte das Notepad (Start / Ausführen / notepad[Enter]) 2. Jetzt füge mit copy/paste den ganzen Inhalt der untenstehenden Codebox in das Notepad Fenster ein. Code:
ATTFilter Regnull::
[HKEY_USERS\S-1-5-21-911968414-3850360206-3924130046-1000\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved\{6BF3FB61-2747-78C2-26D8-DC4CD658160B}*]
[HKEY_USERS\S-1-5-21-911968414-3850360206-3924130046-1000\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved\{CEDD38C2-232B-99BE-57AA-C19FA123AFC6}*]
4. Deaktivere den Guard Deines Antivirenprogramms und eine eventuell vorhandene Software Firewall. (Auch Guards von Ad-, Spyware Programmen und den Tea Timer (wenn vorhanden) !) 5. Dann ziehe die CFScript.txt auf die cofi.exe, so wie es im unteren Bild zu sehen ist. Damit wird Combofix neu gestartet.  6. Nach dem Neustart (es wird gefragt ob Du neustarten willst), poste bitte die folgenden Log Dateien: Combofix.txt Hinweis: Das obige Script ist nur für diesen einen User in dieser Situtation erstellt worden. Es ist auf keinen anderen Rechner portierbar und darf nicht anderweitig verwandt werden, da es das System nachhaltig schädigen kann!
__________________ Logfiles bitte immer in CODE-Tags posten  |
|
26.06.2011, 18:15
| #5 |
| | Updateprobleme jeweder Software(Nach Internet Security 2011 befall) Moin, wenn es dir nicht soviel umstand macht, würde ich gerne wissen was dieses script bewirken soll? Laut Combofix sollen noch Antivir Guard etc. aktiviert sein, aber dieses Programm ist schon längere zeit deinstalliert. Wohlmöglich reste in der Registry... was mich aber stört ist das Combofix sagt es wird ausgeführt. Unter den Prozessen konnte ich nichts von Antivir finden. Durch 2-3 mal ok klicken lief Combofix trotzdem. Der Rechner hat auch nicht neugestartet. Hier das Log: Code:
ATTFilter ComboFix 11-06-23.01 - Justin 26.06.2011 18:54:39.2.4 - x64
Microsoft Windows 7 Professional 6.1.7600.0.1252.49.1031.18.6142.4729 [GMT 2:00]
ausgeführt von:: c:\users\Justin\Desktop\ComboFix.exe
Benutzte Befehlsschalter :: c:\users\Justin\Desktop\CFScript.txt
AV: AntiVir Desktop *Enabled/Updated* {090F9C29-64CE-6C6F-379C-5901B49A85B7}
SP: AntiVir Desktop *Enabled/Updated* {B26E7DCD-42F4-63E1-0D2C-6273CF1DCF0A}
SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
* Neuer Wiederherstellungspunkt wurde erstellt
.
.
((((((((((((((((((((((( Dateien erstellt von 2011-05-26 bis 2011-06-26 ))))))))))))))))))))))))))))))
.
.
2011-06-26 16:59 . 2011-06-26 16:59 -------- d-----w- c:\users\Default\AppData\Local\temp
2011-06-23 21:54 . 2011-05-29 07:11 39984 ----a-w- c:\windows\SysWow64\drivers\mbamswissarmy.sys
2011-06-23 21:54 . 2011-06-23 21:54 -------- d-----w- c:\program files (x86)\Malwarebytes' Anti-Malware
2011-06-23 20:25 . 2011-06-23 20:25 -------- d-----w- c:\programdata\{AB2D8F2E-F7AD-4446-A11A-50D846B2CF2A}
2011-06-23 20:24 . 2011-06-23 20:24 -------- d-----w- c:\program files\Enigma Software Group
2011-06-23 20:23 . 2011-06-23 20:43 -------- d-----w- c:\windows\1226A4C56F274C4EAE372B5512DE125A.TMP
2011-06-23 20:23 . 2011-06-23 20:23 -------- d-----w- c:\program files (x86)\Common Files\Wise Installation Wizard
2011-06-23 20:18 . 2011-06-23 20:18 -------- d-----w- c:\users\Justin\AppData\Local\PackageAware
2011-06-23 10:34 . 2011-06-23 10:35 -------- d-----w- c:\program files (x86)\Common Files\Adobe
2011-06-23 10:27 . 2011-06-23 10:55 -------- d-----w- c:\program files (x86)\Spybot - Search & Destroy
2011-06-23 10:27 . 2011-06-23 10:55 -------- d-----w- c:\programdata\Spybot - Search & Destroy
2011-06-23 10:19 . 2011-06-23 10:19 2106216 ----a-w- c:\program files (x86)\Mozilla Firefox\D3DCompiler_43.dll
2011-06-23 10:19 . 2011-06-23 10:19 1998168 ----a-w- c:\program files (x86)\Mozilla Firefox\d3dx9_43.dll
2011-06-22 09:10 . 2011-06-24 07:55 270632 ----a-w- c:\windows\SysWow64\PnkBstrB.exe
2011-06-22 09:10 . 2011-06-23 11:18 75136 ----a-w- c:\windows\SysWow64\PnkBstrA.exe
2011-06-21 21:40 . 2011-06-21 21:46 -------- d-----w- c:\users\test
2011-06-21 20:15 . 2011-06-21 20:15 -------- d-----w- c:\program files (x86)\Microsoft Security Client
2011-06-21 20:15 . 2011-06-21 20:15 -------- d-----w- c:\program files\Microsoft Security Client
2011-06-21 09:07 . 2011-06-21 09:07 -------- d-----w- c:\users\Justin\AppData\Local\{AEC54154-E298-420C-A62F-65063180C5A8}
2011-06-20 16:18 . 2011-06-20 16:18 -------- d-----w- c:\users\Justin\AppData\Local\{CF0E8247-F42B-4A51-892E-2486920F1522}
2011-06-20 15:28 . 2011-06-20 15:28 -------- d-----w- c:\program files (x86)\TeamSpeak 3 Client
2011-06-20 10:44 . 2011-06-20 10:44 -------- d-----w- c:\users\Justin\AppData\Local\{08FF1306-6C83-4A00-812F-64BEAF6035B0}
2011-06-20 02:35 . 2010-04-09 11:06 374664 ----a-w- c:\windows\system32\drivers\netio.sys
2011-06-20 01:17 . 2011-06-20 01:17 -------- d-----w- C:\avktmp
2011-06-19 22:52 . 2011-06-20 02:14 -------- d-----w- c:\programdata\nE28247HgJmF28247
2011-06-19 21:45 . 2011-06-19 21:45 -------- d-----w- c:\users\Justin\AppData\Local\{3B49D928-1761-44FE-B5B1-819147491BC0}
2011-06-19 09:44 . 2011-06-19 09:44 -------- d-----w- c:\users\Justin\AppData\Local\{765EC9CA-2B70-4E60-8472-93EB2F03D312}
2011-06-18 23:50 . 2011-06-18 23:50 -------- d-----w- c:\windows\system32\EventProviders
2011-06-18 13:16 . 2011-06-18 13:17 -------- d-----w- c:\users\Justin\AppData\Local\{9458BF69-934D-485C-9E06-69768D52B77E}
2011-06-17 08:32 . 2011-05-09 22:00 8718160 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{A1D42E87-0FE9-444A-AECB-F5A9B8D403D9}\mpengine.dll
2011-06-17 08:30 . 2011-06-17 08:30 -------- d-----w- c:\users\Justin\AppData\Local\{0BEF3957-B07A-402A-94DB-EAEADE8B76D9}
2011-06-16 09:46 . 2011-06-16 09:46 -------- d-----w- c:\users\Justin\AppData\Local\{A2A7DF3F-3095-471B-997C-297E5993AA49}
2011-06-15 21:46 . 2011-06-15 21:46 -------- d-----w- c:\users\Justin\AppData\Local\{1C077B33-3059-4718-959D-A9F0FB4F3647}
2011-06-15 19:58 . 2011-04-27 02:57 102400 ----a-w- c:\windows\system32\drivers\dfsc.sys
2011-06-15 19:58 . 2011-04-25 05:32 1896832 ----a-w- c:\windows\system32\drivers\tcpip.sys
2011-06-15 19:58 . 2011-04-25 02:44 499712 ----a-w- c:\windows\system32\drivers\afd.sys
2011-06-15 19:58 . 2011-05-04 02:51 287744 ----a-w- c:\windows\system32\drivers\mrxsmb10.sys
2011-06-15 19:58 . 2011-05-04 02:51 157696 ----a-w- c:\windows\system32\drivers\mrxsmb.sys
2011-06-15 19:58 . 2011-05-04 02:51 126464 ----a-w- c:\windows\system32\drivers\mrxsmb20.sys
2011-06-15 19:58 . 2011-05-28 03:07 3133952 ----a-w- c:\windows\system32\win32k.sys
2011-06-15 19:57 . 2011-01-17 06:17 197120 ----a-w- c:\windows\system32\d3d10_1.dll
2011-06-15 19:57 . 2011-01-17 05:38 161792 ----a-w- c:\windows\SysWow64\d3d10_1.dll
2011-06-15 19:57 . 2011-04-29 03:13 461312 ----a-w- c:\windows\system32\drivers\srv.sys
2011-06-15 19:57 . 2011-04-29 03:12 399872 ----a-w- c:\windows\system32\drivers\srv2.sys
2011-06-15 19:57 . 2011-04-29 03:12 161792 ----a-w- c:\windows\system32\drivers\srvnet.sys
2011-06-15 19:57 . 2010-12-18 06:13 861184 ----a-w- c:\windows\system32\oleaut32.dll
2011-06-15 19:57 . 2010-12-18 05:31 571904 ----a-w- c:\windows\SysWow64\oleaut32.dll
2011-06-15 19:57 . 2011-05-03 05:21 976896 ----a-w- c:\windows\system32\inetcomm.dll
2011-06-15 19:57 . 2011-05-03 04:50 740864 ----a-w- c:\windows\SysWow64\inetcomm.dll
2011-06-15 09:45 . 2011-06-15 09:46 -------- d-----w- c:\users\Justin\AppData\Local\{DD28D64C-99FD-495C-9701-FC4FA281B470}
2011-06-14 21:45 . 2011-06-14 21:45 -------- d-----w- c:\users\Justin\AppData\Local\{9F50A274-932B-428A-89FC-941540AECDFF}
2011-06-14 09:45 . 2011-06-14 09:45 -------- d-----w- c:\users\Justin\AppData\Local\{52EDC7F5-E92D-4C26-8D0F-D38856C8492A}
2011-06-13 21:44 . 2011-06-13 21:45 -------- d-----w- c:\users\Justin\AppData\Local\{F810E773-FC2D-4658-8AB0-E5CAD996447B}
2011-06-13 15:01 . 2011-06-13 15:01 -------- d-----w- c:\program files\CrystalDiskMark
2011-06-13 14:56 . 2011-06-13 14:56 -------- d-----w- c:\program files (x86)\HD Tune Pro
2011-06-13 09:44 . 2011-06-13 09:44 -------- d-----w- c:\users\Justin\AppData\Local\{9B15E19D-4575-4204-B61A-6656935099F2}
2011-06-12 09:37 . 2011-06-12 09:37 -------- d-----w- c:\users\Justin\AppData\Local\{18D9A83C-2AC4-4250-ABA5-6592202529E0}
2011-06-11 19:01 . 2011-06-11 19:01 -------- d-----w- c:\programdata\Hewlett-Packard
2011-06-11 19:01 . 2009-07-14 01:41 230400 ----a-w- c:\windows\system32\Spool\prtprocs\x64\hpzppw71.dll
2011-06-11 16:56 . 2011-06-11 16:56 -------- d-----w- c:\users\Justin\AppData\Local\{B7CEDDBB-ECA3-49CA-890F-49C258851B20}
2011-06-09 16:06 . 2009-07-14 01:41 258048 ----a-w- c:\windows\system32\Spool\prtprocs\x64\hpfppw73.dll
2011-06-09 14:40 . 2011-06-09 14:40 -------- d-----w- c:\users\Justin\AppData\Local\{49737F2E-56A7-43A9-B94F-31167011EAEE}
2011-06-08 16:21 . 2011-06-08 16:22 -------- d-----w- c:\users\Justin\AppData\Local\{77838E10-8757-4A04-85BE-77E46522557B}
2011-06-07 14:34 . 2011-06-07 14:34 -------- d-----w- c:\users\Justin\AppData\Local\{E7CFA76D-2785-4D05-B71E-AF152773AE4F}
2011-06-06 14:17 . 2011-06-06 14:17 -------- d-----w- c:\users\Justin\AppData\Local\{8B517B1C-4C64-486C-9A20-5281FDD0CE88}
2011-06-06 10:55 . 2011-06-06 10:55 183696 ----a-w- c:\program files (x86)\Mozilla Firefox\plugins\nppdf32.dll
2011-06-06 10:55 . 2011-06-06 10:55 183696 ----a-w- c:\program files (x86)\Internet Explorer\Plugins\nppdf32.dll
2011-06-05 20:39 . 2011-06-05 20:39 -------- d-----w- c:\users\Justin\AppData\Local\{62BD8C7B-95CF-4B49-BAE7-CE2EE89CD45E}
2011-06-05 08:39 . 2011-06-05 08:39 -------- d-----w- c:\users\Justin\AppData\Local\{E28171D1-15C0-4AEF-91EE-F01908D8B40B}
2011-06-04 08:24 . 2011-06-04 08:25 -------- d-----w- c:\users\Justin\AppData\Local\{F92890FF-1BAE-45D4-871A-15A4DAE9C0DB}
2011-06-03 21:45 . 2011-06-03 21:45 -------- d-----w- c:\program files (x86)\DNA
2011-06-03 15:27 . 2011-06-03 15:28 -------- d-----w- c:\users\Justin\AppData\Local\{D8333509-A29D-4ED3-8E12-99E312B5E1BA}
2011-06-02 21:31 . 2011-06-02 21:32 -------- d-----w- c:\users\Justin\AppData\Local\{75922FCE-02E2-4ED0-80F0-9BFDDC191F29}
2011-06-02 21:29 . 2011-06-24 07:55 270632 ----a-w- c:\windows\SysWow64\PnkBstrB.xtr
2011-06-02 21:29 . 2011-06-02 21:29 -------- d-----w- c:\users\Justin\AppData\Local\PunkBuster
2011-06-02 21:26 . 2011-06-23 11:23 270632 ----a-w- c:\windows\SysWow64\PnkBstrB.ex0
2011-06-02 19:24 . 2011-06-02 19:24 -------- d-----w- c:\program files (x86)\Pando Networks
2011-06-02 19:24 . 2011-06-23 11:05 -------- d-----w- c:\program files (x86)\GamersFirst
2011-06-02 09:31 . 2011-06-02 09:31 -------- d-----w- c:\users\Justin\AppData\Local\{13102B78-EA9B-4276-B9CE-74866B568C53}
2011-06-01 18:57 . 2011-06-01 18:57 -------- d-----w- c:\users\Justin\AppData\Roaming\Artisteer
2011-06-01 16:58 . 2011-06-01 16:58 -------- d-----w- c:\users\Justin\AppData\Local\{6B492914-CDD5-452C-9E51-C4D644E1AB49}
2011-05-31 19:52 . 2011-05-31 19:52 -------- d-----w- c:\users\Justin\AppData\Local\{E349716F-38C2-45CE-BF80-A6CF311A63CE}
2011-05-30 18:54 . 2011-05-30 19:52 -------- d-----w- c:\users\Justin\.gimp-2.6
2011-05-30 18:54 . 2011-05-30 18:54 -------- d-----w- c:\program files\GIMP-2.0
2011-05-30 17:50 . 2011-05-30 17:50 -------- d-----w- c:\users\Justin\AppData\Local\{8CC7172A-B917-40F7-AE2A-6C99E49BD72B}
2011-05-29 20:29 . 2011-05-29 20:29 -------- d-----w- c:\users\Justin\AppData\Local\{A00A899C-9050-45F5-8281-D9D21A2F82C9}
2011-05-29 08:29 . 2011-05-29 08:29 -------- d-----w- c:\users\Justin\AppData\Local\{38035D52-CDD8-4DAF-82F1-B3BA68C95FB8}
2011-05-28 14:50 . 2011-05-28 14:51 -------- d-----w- c:\users\Justin\AppData\Local\{AB44ACBB-2F7A-4F63-8315-331A3879312E}
2011-05-27 17:31 . 2011-05-27 17:34 -------- d-----w- c:\users\Justin\AppData\Local\{E14A3A57-57B8-4B5E-8586-5C5C0D9751D7}
.
.
.
(((((((((((((((((((((((((((((((((((( Find3M Bericht ))))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2011-06-19 18:00 . 2011-05-15 07:52 404640 ----a-w- c:\windows\SysWow64\FlashPlayerCPLApp.cpl
2011-05-29 07:11 . 2010-11-26 10:45 25912 ----a-w- c:\windows\system32\drivers\mbam.sys
2011-05-07 21:57 . 2011-05-07 21:57 86528 ----a-w- c:\windows\SysWow64\iesysprep.dll
2011-05-07 21:57 . 2011-05-07 21:57 76800 ----a-w- c:\windows\SysWow64\SetIEInstalledDate.exe
2011-05-07 21:57 . 2011-05-07 21:57 74752 ----a-w- c:\windows\SysWow64\RegisterIEPKEYs.exe
2011-05-07 21:57 . 2011-05-07 21:57 48640 ----a-w- c:\windows\SysWow64\mshtmler.dll
2011-05-07 21:57 . 2011-05-07 21:57 161792 ----a-w- c:\windows\SysWow64\msls31.dll
2011-05-07 21:57 . 2011-05-07 21:57 1126912 ----a-w- c:\windows\SysWow64\wininet.dll
2011-05-07 21:57 . 2011-05-07 21:57 110592 ----a-w- c:\windows\SysWow64\IEAdvpack.dll
2011-05-07 21:57 . 2011-05-07 21:57 91648 ----a-w- c:\windows\system32\SetIEInstalledDate.exe
2011-05-07 21:57 . 2011-05-07 21:57 89088 ----a-w- c:\windows\system32\RegisterIEPKEYs.exe
2011-05-07 21:57 . 2011-05-07 21:57 85504 ----a-w- c:\windows\system32\iesetup.dll
2011-05-07 21:57 . 2011-05-07 21:57 76800 ----a-w- c:\windows\system32\tdc.ocx
2011-05-07 21:57 . 2011-05-07 21:57 74752 ----a-w- c:\windows\SysWow64\iesetup.dll
2011-05-07 21:57 . 2011-05-07 21:57 63488 ----a-w- c:\windows\SysWow64\tdc.ocx
2011-05-07 21:57 . 2011-05-07 21:57 603648 ----a-w- c:\windows\system32\vbscript.dll
2011-05-07 21:57 . 2011-05-07 21:57 49664 ----a-w- c:\windows\system32\imgutil.dll
2011-05-07 21:57 . 2011-05-07 21:57 48640 ----a-w- c:\windows\system32\mshtmler.dll
2011-05-07 21:57 . 2011-05-07 21:57 448512 ----a-w- c:\windows\system32\html.iec
2011-05-07 21:57 . 2011-05-07 21:57 420864 ----a-w- c:\windows\SysWow64\vbscript.dll
2011-05-07 21:57 . 2011-05-07 21:57 367104 ----a-w- c:\windows\SysWow64\html.iec
2011-05-07 21:57 . 2011-05-07 21:57 35840 ----a-w- c:\windows\SysWow64\imgutil.dll
2011-05-07 21:57 . 2011-05-07 21:57 30720 ----a-w- c:\windows\system32\licmgr10.dll
2011-05-07 21:57 . 2011-05-07 21:57 23552 ----a-w- c:\windows\SysWow64\licmgr10.dll
2011-05-07 21:57 . 2011-05-07 21:57 222208 ----a-w- c:\windows\system32\msls31.dll
2011-05-07 21:57 . 2011-05-07 21:57 173056 ----a-w- c:\windows\system32\ieUnatt.exe
2011-05-07 21:57 . 2011-05-07 21:57 165888 ----a-w- c:\windows\system32\iexpress.exe
2011-05-07 21:57 . 2011-05-07 21:57 160256 ----a-w- c:\windows\system32\wextract.exe
2011-05-07 21:57 . 2011-05-07 21:57 152064 ----a-w- c:\windows\SysWow64\wextract.exe
2011-05-07 21:57 . 2011-05-07 21:57 150528 ----a-w- c:\windows\SysWow64\iexpress.exe
2011-05-07 21:57 . 2011-05-07 21:57 1492992 ----a-w- c:\windows\system32\inetcpl.cpl
2011-05-07 21:57 . 2011-05-07 21:57 142848 ----a-w- c:\windows\SysWow64\ieUnatt.exe
2011-05-07 21:57 . 2011-05-07 21:57 1427456 ----a-w- c:\windows\SysWow64\inetcpl.cpl
2011-05-07 21:57 . 2011-05-07 21:57 1389056 ----a-w- c:\windows\system32\wininet.dll
2011-05-07 21:57 . 2011-05-07 21:57 135168 ----a-w- c:\windows\system32\IEAdvpack.dll
2011-05-07 21:57 . 2011-05-07 21:57 12288 ----a-w- c:\windows\system32\mshta.exe
2011-05-07 21:57 . 2011-05-07 21:57 11776 ----a-w- c:\windows\SysWow64\mshta.exe
2011-05-07 21:57 . 2011-05-07 21:57 114176 ----a-w- c:\windows\system32\admparse.dll
2011-05-07 21:57 . 2011-05-07 21:57 111616 ----a-w- c:\windows\system32\iesysprep.dll
2011-05-07 21:57 . 2011-05-07 21:57 101888 ----a-w- c:\windows\SysWow64\admparse.dll
2011-04-22 20:18 . 2011-05-25 18:17 27008 ----a-w- c:\windows\system32\drivers\Diskdump.sys
2011-04-09 16:55 . 2011-04-09 16:55 15453336 ----a-w- c:\windows\SysWow64\xlive.dll
2011-04-09 16:55 . 2011-04-09 16:55 13642904 ----a-w- c:\windows\SysWow64\xlivefnt.dll
2011-04-09 06:58 . 2011-05-19 11:05 142336 ----a-w- c:\windows\system32\poqexec.exe
2011-04-09 06:45 . 2011-05-11 20:18 5509504 ----a-w- c:\windows\system32\ntoskrnl.exe
2011-04-09 06:13 . 2011-05-11 20:18 3957632 ----a-w- c:\windows\SysWow64\ntkrnlpa.exe
2011-04-09 06:13 . 2011-05-11 20:18 3901824 ----a-w- c:\windows\SysWow64\ntoskrnl.exe
2011-04-09 05:56 . 2011-05-19 11:05 123904 ----a-w- c:\windows\SysWow64\poqexec.exe
.
.
((((((((((((((((((((((((((((( SnapShot@2011-06-23_20.45.04 )))))))))))))))))))))))))))))))))))))))))
.
+ 2010-11-08 15:16 . 2011-06-26 16:46 79742 c:\windows\system32\wdi\ShutdownPerformanceDiagnostics_SystemData.bin
+ 2009-07-14 05:10 . 2011-06-26 16:46 45176 c:\windows\system32\wdi\BootPerformanceDiagnostics_SystemData.bin
+ 2010-11-08 15:16 . 2011-06-26 16:46 20214 c:\windows\system32\wdi\{86432a0b-3c7d-4ddf-a89c-172faa90485d}\S-1-5-21-911968414-3850360206-3924130046-1000_UserData.bin
+ 2010-11-08 14:26 . 2011-06-23 20:58 16384 c:\windows\system32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
- 2010-11-08 14:26 . 2011-06-23 10:32 16384 c:\windows\system32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
+ 2010-11-08 14:26 . 2011-06-23 20:58 32768 c:\windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
- 2010-11-08 14:26 . 2011-06-23 10:32 32768 c:\windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
- 2009-07-14 04:54 . 2011-06-23 10:32 16384 c:\windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
+ 2009-07-14 04:54 . 2011-06-23 20:58 16384 c:\windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
- 2011-06-23 14:03 . 2011-06-23 14:03 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive1.dat
+ 2011-06-26 16:41 . 2011-06-26 16:41 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive1.dat
+ 2011-06-26 16:41 . 2011-06-26 16:41 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive0.dat
- 2011-06-23 14:03 . 2011-06-23 14:03 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive0.dat
- 2009-07-14 05:01 . 2011-06-23 12:13 414768 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-System.dat
+ 2009-07-14 05:01 . 2011-06-24 12:34 414768 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-System.dat
+ 2011-05-18 21:24 . 2011-06-23 20:51 1921440 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-S-1-5-21-911968414-3850360206-3924130046-1000-4096.dat
- 2011-05-18 21:24 . 2011-05-25 22:06 1921440 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-S-1-5-21-911968414-3850360206-3924130046-1000-4096.dat
+ 2010-12-12 14:45 . 2011-06-24 12:34 1270420 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-S-1-5-21-911968414-3850360206-3924130046-1000-12288.dat
- 2010-12-12 14:45 . 2011-06-23 12:13 1270420 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-S-1-5-21-911968414-3850360206-3924130046-1000-12288.dat
+ 2010-11-09 22:23 . 2011-06-24 12:34 13418396 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-S-1-5-21-911968414-3850360206-3924130046-1000-8192.dat
.
(((((((((((((((((((((((((((( Autostartpunkte der Registrierung ))))))))))))))))))))))))))))))))))))))))
.
.
*Hinweis* leere Einträge & legitime Standardeinträge werden nicht angezeigt.
REGEDIT4
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Steam"="c:\program files (x86)\Steam\Steam.exe" [2010-11-16 1242448]
"RocketDock"="c:\program files (x86)\RocketDock\RocketDock.exe" [2007-09-02 495616]
"Sidebar"="c:\program files\Windows Sidebar\sidebar.exe" [2009-07-14 1475072]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"StartCCC"="c:\program files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2010-09-30 98304]
"NUSB3MON"="c:\program files (x86)\NEC Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe" [2010-01-22 106496]
"Adobe ARM"="c:\program files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2011-06-06 937920]
.
c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
UltraMon.lnk - c:\windows\Installer\{B49673F8-7AB6-4A14-8213-C8A7BE370010}\IcoUltraMon.ico [2010-11-15 29310]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 5 (0x5)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)
"SoftwareSASGeneration"= 1 (0x1)
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\drivers32]
"aux4"=wdmaud.drv
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MsMpSvc]
@="Service"
.
R2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384]
R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576]
R3 ALSysIO;ALSysIO;c:\users\Justin\AppData\Local\Temp\ALSysIO64.sys [x]
R3 cpuz130;cpuz130;c:\users\Justin\AppData\Local\Temp\cpuz130\cpuz_x64.sys [x]
R3 dgderdrv;dgderdrv;c:\windows\system32\drivers\dgderdrv.sys [x]
R3 DIRECTIO;DIRECTIO;c:\program files (x86)\PerformanceTest\DirectIo.sys [x]
R3 esgiguard;esgiguard;c:\program files\Enigma Software Group\SpyHunter\esgiguard.sys [x]
R3 Microsoft SharePoint Workspace Audit Service;Microsoft SharePoint Workspace Audit Service;c:\program files\Microsoft Office\Office14\GROOVE.EXE [2010-03-25 51456888]
R3 MpNWMon;Microsoft Malware Protection Network Driver;c:\windows\system32\DRIVERS\MpNWMon.sys [x]
R3 NisDrv;Microsoft Network Inspection System;c:\windows\system32\DRIVERS\NisDrvWFP.sys [x]
R3 NisSrv;Microsoft-Netzwerkinspektion;c:\program files\Microsoft Security Client\Antimalware\NisSrv.exe [2010-11-11 282616]
R3 ose64;Office 64 Source Engine;c:\program files\Common Files\Microsoft Shared\Source Engine\OSE.EXE [2010-01-09 174440]
R3 osppsvc;Office Software Protection Platform;c:\program files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE [2010-01-09 4925184]
R3 ssadbus;SAMSUNG Android USB Composite Device driver (WDM);c:\windows\system32\DRIVERS\ssadbus.sys [x]
R3 ssadmdfl;SAMSUNG Android USB Modem (Filter);c:\windows\system32\DRIVERS\ssadmdfl.sys [x]
R3 ssadmdm;SAMSUNG Android USB Modem Drivers;c:\windows\system32\DRIVERS\ssadmdm.sys [x]
R3 teamviewervpn;TeamViewer VPN Adapter;c:\windows\system32\DRIVERS\teamviewervpn.sys [x]
R3 TFsExDisk;TFsExDisk;c:\windows\System32\Drivers\TFsExDisk.sys [2010-10-25 16392]
R3 USBAAPL64;Apple Mobile USB Driver;c:\windows\system32\Drivers\usbaapl64.sys [x]
R3 vnet;Shrew Soft Virtual Adapter;c:\windows\system32\DRIVERS\virtualnet.sys [x]
R3 WSDPrintDevice;WSD-Druckunterstützung durch UMB;c:\windows\system32\DRIVERS\WSDPrint.sys [x]
R4 dtpd;ShrewSoft DNS Proxy Daemon;c:\program files\ShrewSoft\VPN Client\dtpd.exe [2010-10-08 56592]
R4 iked;ShrewSoft IKE Daemon;c:\program files\ShrewSoft\VPN Client\iked.exe [2010-10-08 957712]
R4 ipsecd;ShrewSoft IPSEC Daemon;c:\program files\ShrewSoft\VPN Client\ipsecd.exe [2010-10-08 697616]
R4 ShadowProtectSvc;ShadowProtect Service;c:\program files (x86)\StorageCraft\ShadowProtect\ShadowProtectSvc.exe [2010-07-15 1657376]
R4 Stereo Service;NVIDIA Stereoscopic 3D Driver Service;c:\program files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe [2011-01-07 378984]
R4 TeamViewer6;TeamViewer 6;c:\program files (x86)\TeamViewer\Version6\TeamViewer_Service.exe [2011-04-01 2271608]
R4 VMUSBArbService;VMware USB Arbitration Service;c:\program files (x86)\Common Files\VMware\USB\vmware-usbarbitrator.exe [2011-03-25 539248]
R4 VSNAPVSS;StorageCraft Shadow Copy Provider;c:\windows\SysWOW64\vsnapvss.exe [2010-07-15 67616]
S0 sptd;sptd;c:\windows\System32\Drivers\sptd.sys [x]
S0 stcvsm;StorageCraft Volume Snapshot Driver;c:\windows\system32\DRIVERS\stcvsm.sys [x]
S1 sbmount;StorageCraft Image Mount Driver; [x]
S1 vflt;Shrew Soft Lightweight Filter;c:\windows\system32\DRIVERS\vfilter.sys [x]
S2 AdobeARMservice;Adobe Acrobat Update Service;c:\program files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe [2011-06-06 64952]
S2 AMD External Events Utility;AMD External Events Utility;c:\windows\system32\atiesrxx.exe [x]
S2 cpuz134;cpuz134;c:\windows\system32\drivers\cpuz134_x64.sys [x]
S2 npf;NetGroup Packet Filter Driver;c:\windows\system32\drivers\npf.sys [x]
S2 UltraMonUtility;UltraMon Utility Driver;c:\program files (x86)\Common Files\Realtime Soft\UltraMonMirrorDrv\x64\UltraMonUtility.sys [2008-11-14 20512]
S2 vmci;VMware vmci;c:\windows\system32\drivers\vmci.sys [x]
S3 amdkmdag;amdkmdag;c:\windows\system32\DRIVERS\atikmdag.sys [x]
S3 amdkmdap;amdkmdap;c:\windows\system32\DRIVERS\atikmpag.sys [x]
S3 AtiHDAudioService;ATI Function Driver for HD Audio Service;c:\windows\system32\drivers\AtihdW76.sys [x]
S3 LGBusEnum;Logitech GamePanel Virtual Bus Enumerator Driver;c:\windows\system32\drivers\LGBusEnum.sys [x]
S3 nusb3hub;NEC Electronics USB 3.0 Hub Driver;c:\windows\system32\DRIVERS\nusb3hub.sys [x]
S3 nusb3xhc;NEC Electronics USB 3.0 Host Controller Driver;c:\windows\system32\DRIVERS\nusb3xhc.sys [x]
S3 VIAHdAudAddService;VIA High Definition Audio Driver Service;c:\windows\system32\drivers\viahduaa.sys [x]
S3 VMfilt;VMfilt;c:\windows\system32\drivers\VMfilt64.sys [x]
S3 yukonw7;NDIS6.2 Miniport Driver for Marvell Yukon Ethernet Controller;c:\windows\system32\DRIVERS\yk62x64.sys [x]
.
.
.
--------- x86-64 -----------
.
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Launch LgDeviceAgent"="c:\program files\Logitech\GamePanel Software\LgDevAgt.exe" [2009-07-09 408584]
"MSC"="c:\program files\Microsoft Security Client\msseces.exe" [2010-11-30 1436224]
.
------- Zusätzlicher Suchlauf -------
.
uLocal Page = c:\windows\system32\blank.htm
uStart Page = hxxp://www.google.de/
mLocal Page = c:\windows\SysWOW64\blank.htm
IE: An OneNote s&enden - c:\progra~1\MICROS~1\Office14\ONBttnIE.dll/105
IE: Free YouTube to MP3 Converter - c:\users\Justin\AppData\Roaming\DVDVideoSoftIEHelpers\freeyoutubetomp3converter.htm
IE: Nach Microsoft E&xcel exportieren - c:\progra~1\MICROS~1\Office14\EXCEL.EXE/3000
IE: {{73C6DCFB-B606-47F3-BDFA-9A4FBF931E37} - c:\program files (x86)\ICQ7.4\ICQ.exe
LSP: c:\program files (x86)\VMware\VMware Workstation\vsocklib.dll
Trusted Zone: microsoft.com
Trusted Zone: microsoft.com\*.update
Trusted Zone: microsoft.com\*.windowsupdate
Trusted Zone: windowsupdate.com
TCP: Interfaces\{B2FA24B3-6AA5-4134-B690-9474E9EE74B0}: NameServer = 172.16.10.16
TCP: Interfaces\{E94CCF6C-A2FB-4C0A-A7D6-C60261E95A92}: NameServer = 192.168.2.1
FF - ProfilePath - c:\users\Justin\AppData\Roaming\Mozilla\Firefox\Profiles\58gc5y1s.default\
FF - prefs.js: browser.search.defaulturl - hxxp://plasmoo.com/index.htm?SearchMashine=true&q={searchTerms}
FF - prefs.js: browser.search.selectedEngine - Google
FF - prefs.js: browser.startup.homepage - www.google.de
FF - prefs.js: keyword.URL - hxxp://plasmoo.com/index.htm?SearchMashine=true&q=
.
.
--------------------- Gesperrte Registrierungsschluessel ---------------------
.
[HKEY_USERS\S-1-5-21-911968414-3850360206-3924130046-1000\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved\{6BF3FB61-2747-78C2-26D8-DC4CD658160B}*]
"iahbkgmgalimnhpgmp"=hex:6a,61,6c,61,65,63,64,66,64,69,6d,62,62,6f,65,6b,61,6a,
6c,6c,00,ed
"habbajmnegncmejp"=hex:6a,61,6c,61,65,63,64,66,64,69,6d,62,62,6f,65,6b,61,6a,
6c,6c,00,7b
.
[HKEY_USERS\S-1-5-21-911968414-3850360206-3924130046-1000\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved\{CEDD38C2-232B-99BE-57AA-C19FA123AFC6}*]
"maficcaeembonmclkhnnhgmbmn"=hex:6a,61,68,67,6b,64,62,6f,63,69,70,67,70,6c,6c,
6b,69,6a,68,64,00,ed
"nalgibjbknjlmbhfchmoobdccado"=hex:6a,61,68,67,6b,64,62,6f,63,69,70,67,70,6c,
6c,6b,69,6a,68,64,00,02
"ialgibjbknjlmbhfch"=hex:6a,61,68,67,6b,64,62,6f,63,69,70,67,70,6c,6c,6b,69,6a,
68,64,00,00
"haficcaeembonmcl"=hex:6a,61,68,67,6b,64,62,6f,63,69,70,67,70,6c,6c,6b,69,6a,
68,64,00,00
.
[HKEY_USERS\S-1-5-21-911968414-3850360206-3924130046-1000\Software\SecuROM\License information*]
"datasecu"=hex:9d,dc,b2,84,47,89,af,b4,a5,31,90,c6,14,09,0f,fc,6f,17,29,d9,0d,
93,8a,7d,24,eb,2d,c2,d5,0c,0d,28,03,68,e2,e4,fb,be,85,c4,e9,31,d0,41,cf,8a,\
"rkeysecu"=hex:7d,49,f8,a2,ad,e2,f2,ab,f8,15,62,7e,51,d6,fe,50
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil10l_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\LocalServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil10l_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Shockwave Flash Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash10l.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
@="0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
@="ShockwaveFlash.ShockwaveFlash.10"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash10l.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="ShockwaveFlash.ShockwaveFlash"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Macromedia Flash Factory Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash10l.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
@="FlashFactory.FlashFactory.1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash10l.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="FlashFactory.FlashFactory"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}]
@Denied: (A 2) (Everyone)
@="IFlashBroker4"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0001\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
Zeit der Fertigstellung: 2011-06-26 19:00:55
ComboFix-quarantined-files.txt 2011-06-26 17:00
ComboFix2.txt 2011-06-23 20:46
.
Vor Suchlauf: 15 Verzeichnis(se), 96.710.262.784 Bytes frei
Nach Suchlauf: 16 Verzeichnis(se), 96.601.128.960 Bytes frei
.
- - End Of File - - 7F22F70917E693955B03875F37D84B0E
|
|
27.06.2011, 09:49
| #6 | |
| /// Winkelfunktion /// TB-Süch-Tiger™ | Updateprobleme jeweder Software(Nach Internet Security 2011 befall)Zitat:
Downloade Dir bitte MBRCheck (by a_d_13) und speichere die Datei auf dem Desktop.
__________________ --> Updateprobleme jeweder Software(Nach Internet Security 2011 befall) |
|
27.06.2011, 09:59
| #7 |
| | Updateprobleme jeweder Software(Nach Internet Security 2011 befall)Code:
ATTFilter MBRCheck, version 1.2.3
(c) 2010, AD
Command-line:
Windows Version: Windows 7 Professional
Windows Information: (build 7600), 64-bit
Base Board Manufacturer: ASUSTeK Computer INC.
BIOS Manufacturer: American Megatrends Inc.
System Manufacturer: System manufacturer
System Product Name: System Product Name
Logical Drives Mask: 0x000000bc
Kernel Drivers (total 200):
0x02E5B000 \SystemRoot\system32\ntoskrnl.exe
0x02E12000 \SystemRoot\system32\hal.dll
0x00BD2000 \SystemRoot\system32\kdcom.dll
0x00CE6000 \SystemRoot\system32\mcupdate_AuthenticAMD.dll
0x00CF3000 \SystemRoot\system32\PSHED.dll
0x00D07000 \SystemRoot\system32\CLFS.SYS
0x00C00000 \SystemRoot\system32\CI.dll
0x00E44000 \SystemRoot\system32\drivers\Wdf01000.sys
0x00EE8000 \SystemRoot\system32\drivers\WDFLDR.SYS
0x0106C000 \SystemRoot\System32\Drivers\splp.sys
0x011A0000 \SystemRoot\System32\Drivers\WMILIB.SYS
0x011A9000 \SystemRoot\System32\Drivers\SCSIPORT.SYS
0x01000000 \SystemRoot\system32\DRIVERS\ACPI.sys
0x01057000 \SystemRoot\system32\DRIVERS\msisadrv.sys
0x011D8000 \SystemRoot\system32\DRIVERS\vdrvroot.sys
0x00EF7000 \SystemRoot\system32\DRIVERS\pci.sys
0x011E5000 \SystemRoot\System32\drivers\partmgr.sys
0x00F2A000 \SystemRoot\system32\DRIVERS\volmgr.sys
0x00F3F000 \SystemRoot\System32\drivers\volmgrx.sys
0x01061000 \SystemRoot\system32\DRIVERS\pciide.sys
0x00F9B000 \SystemRoot\system32\DRIVERS\PCIIDEX.SYS
0x00FAB000 \SystemRoot\System32\drivers\mountmgr.sys
0x00FC5000 \SystemRoot\system32\DRIVERS\atapi.sys
0x00FCE000 \SystemRoot\system32\DRIVERS\ataport.SYS
0x00E00000 \SystemRoot\system32\drivers\amdxata.sys
0x00D65000 \SystemRoot\system32\drivers\fltmgr.sys
0x00E0B000 \SystemRoot\system32\drivers\fileinfo.sys
0x00DB1000 \SystemRoot\system32\DRIVERS\stcvsm.sys
0x01242000 \SystemRoot\System32\Drivers\Ntfs.sys
0x01463000 \SystemRoot\System32\Drivers\msrpc.sys
0x014C1000 \SystemRoot\System32\Drivers\ksecdd.sys
0x014DB000 \SystemRoot\System32\Drivers\cng.sys
0x0154E000 \SystemRoot\System32\drivers\pcw.sys
0x0155F000 \SystemRoot\System32\Drivers\Fs_Rec.sys
0x016DC000 \SystemRoot\system32\drivers\ndis.sys
0x01600000 \SystemRoot\system32\drivers\NETIO.SYS
0x01660000 \SystemRoot\System32\Drivers\ksecpkg.sys
0x01800000 \SystemRoot\System32\drivers\tcpip.sys
0x0168B000 \SystemRoot\System32\drivers\fwpkclnt.sys
0x017CE000 \SystemRoot\system32\DRIVERS\vmstorfl.sys
0x01569000 \SystemRoot\system32\DRIVERS\volsnap.sys
0x017DE000 \SystemRoot\System32\Drivers\spldr.sys
0x015B5000 \SystemRoot\System32\drivers\rdyboost.sys
0x017E6000 \SystemRoot\System32\Drivers\mup.sys
0x015EF000 \SystemRoot\System32\drivers\hwpolicy.sys
0x01400000 \SystemRoot\System32\DRIVERS\fvevol.sys
0x0143A000 \SystemRoot\system32\DRIVERS\disk.sys
0x01200000 \SystemRoot\system32\DRIVERS\CLASSPNP.SYS
0x02CB8000 \SystemRoot\system32\DRIVERS\cdrom.sys
0x02CE2000 \SystemRoot\system32\DRIVERS\MpFilter.sys
0x02D13000 \SystemRoot\System32\Drivers\Null.SYS
0x02D1C000 \SystemRoot\System32\Drivers\Beep.SYS
0x02D23000 \SystemRoot\System32\drivers\vga.sys
0x02D31000 \SystemRoot\System32\drivers\VIDEOPRT.SYS
0x02D56000 \SystemRoot\System32\drivers\watchdog.sys
0x02D66000 \SystemRoot\System32\DRIVERS\RDPCDD.sys
0x02D6F000 \SystemRoot\system32\drivers\rdpencdd.sys
0x02D78000 \SystemRoot\system32\drivers\rdprefmp.sys
0x02D81000 \SystemRoot\System32\Drivers\Msfs.SYS
0x02D8C000 \SystemRoot\System32\Drivers\Npfs.SYS
0x02D9D000 \SystemRoot\system32\DRIVERS\tdx.sys
0x02DBB000 \SystemRoot\system32\DRIVERS\TDI.SYS
0x02C00000 \SystemRoot\system32\drivers\afd.sys
0x03E23000 \SystemRoot\System32\DRIVERS\netbt.sys
0x03E68000 \SystemRoot\system32\drivers\ws2ifsl.sys
0x03E73000 \SystemRoot\system32\DRIVERS\wfplwf.sys
0x03E7C000 \SystemRoot\system32\DRIVERS\pacer.sys
0x03EA2000 \SystemRoot\system32\DRIVERS\vfilter.sys
0x03EAC000 \SystemRoot\system32\DRIVERS\netbios.sys
0x03EBB000 \SystemRoot\system32\DRIVERS\wanarp.sys
0x03ED6000 \SystemRoot\system32\DRIVERS\termdd.sys
0x03EEA000 \SystemRoot\System32\Drivers\sbmount.SYS
0x03F0A000 \SystemRoot\system32\DRIVERS\rdbss.sys
0x03F5B000 \SystemRoot\system32\drivers\nsiproxy.sys
0x03F67000 \SystemRoot\system32\DRIVERS\mssmbios.sys
0x03F72000 \SystemRoot\System32\drivers\discache.sys
0x04010000 \SystemRoot\system32\drivers\csc.sys
0x04093000 \SystemRoot\System32\Drivers\dfsc.sys
0x040B1000 \SystemRoot\system32\DRIVERS\blbdrive.sys
0x040C2000 \SystemRoot\system32\DRIVERS\tunnel.sys
0x040E8000 \SystemRoot\system32\DRIVERS\amdppm.sys
0x040FD000 \SystemRoot\system32\DRIVERS\atikmpag.sys
0x0482A000 \SystemRoot\system32\DRIVERS\atikmdag.sys
0x042E8000 \SystemRoot\System32\drivers\dxgkrnl.sys
0x04200000 \SystemRoot\System32\drivers\dxgmms1.sys
0x04246000 \SystemRoot\system32\DRIVERS\HDAudBus.sys
0x0426A000 \SystemRoot\system32\DRIVERS\1394ohci.sys
0x04148000 \SystemRoot\system32\DRIVERS\yk62x64.sys
0x042A8000 \SystemRoot\system32\DRIVERS\nusb3xhc.sys
0x042D8000 \SystemRoot\system32\DRIVERS\USBD.SYS
0x042DA000 \SystemRoot\system32\DRIVERS\GEARAspiWDM.sys
0x043DC000 \SystemRoot\system32\DRIVERS\usbohci.sys
0x03F81000 \SystemRoot\system32\DRIVERS\USBPORT.SYS
0x043E7000 \SystemRoot\system32\DRIVERS\usbehci.sys
0x043F8000 \SystemRoot\system32\DRIVERS\ASACPI.sys
0x041AD000 \SystemRoot\System32\Drivers\atthorsy.SYS
0x04800000 \SystemRoot\system32\DRIVERS\wmiacpi.sys
0x04809000 \SystemRoot\system32\DRIVERS\CompositeBus.sys
0x03FD7000 \SystemRoot\system32\DRIVERS\AgileVpn.sys
0x02C89000 \SystemRoot\system32\DRIVERS\rasl2tp.sys
0x04819000 \SystemRoot\system32\DRIVERS\ndistapi.sys
0x02DC8000 \SystemRoot\system32\DRIVERS\ndiswan.sys
0x03E00000 \SystemRoot\system32\DRIVERS\raspppoe.sys
0x00E1F000 \SystemRoot\system32\DRIVERS\raspptp.sys
0x00CC0000 \SystemRoot\system32\DRIVERS\rassstp.sys
0x041F0000 \SystemRoot\system32\DRIVERS\rdpbus.sys
0x04000000 \SystemRoot\system32\DRIVERS\kbdclass.sys
0x03FED000 \SystemRoot\system32\DRIVERS\mouclass.sys
0x04825000 \SystemRoot\system32\DRIVERS\swenum.sys
0x0508D000 \SystemRoot\system32\DRIVERS\ks.sys
0x050D0000 \SystemRoot\system32\drivers\LGBusEnum.sys
0x050D4000 \SystemRoot\system32\DRIVERS\MarvinBus64.sys
0x05118000 \SystemRoot\system32\DRIVERS\umbus.sys
0x0512A000 \SystemRoot\system32\DRIVERS\nusb3hub.sys
0x05142000 \SystemRoot\system32\DRIVERS\usbhub.sys
0x0519C000 \SystemRoot\System32\Drivers\NDProxy.SYS
0x051B1000 \SystemRoot\system32\drivers\AtihdW76.sys
0x05000000 \SystemRoot\system32\drivers\portcls.sys
0x0503D000 \SystemRoot\system32\drivers\drmk.sys
0x0505F000 \SystemRoot\system32\drivers\ksthunk.sys
0x05E35000 \SystemRoot\system32\drivers\viahduaa.sys
0x05FE6000 \SystemRoot\system32\drivers\VMfilt64.sys
0x05E00000 \SystemRoot\System32\Drivers\crashdmp.sys
0x05E0E000 \SystemRoot\System32\Drivers\dump_dumpata.sys
0x05E1A000 \SystemRoot\System32\Drivers\dump_atapi.sys
0x05065000 \SystemRoot\System32\Drivers\dump_dumpfve.sys
0x051D1000 \SystemRoot\system32\DRIVERS\usbccgp.sys
0x013E4000 \SystemRoot\system32\drivers\usbaudio.sys
0x000A0000 \SystemRoot\System32\win32k.sys
0x05E23000 \SystemRoot\System32\drivers\Dxapi.sys
0x051EE000 \SystemRoot\system32\DRIVERS\hidusb.sys
0x06072000 \SystemRoot\system32\DRIVERS\HIDCLASS.SYS
0x0608B000 \SystemRoot\system32\DRIVERS\HIDPARSE.SYS
0x06094000 \SystemRoot\system32\DRIVERS\mouhid.sys
0x060A1000 \SystemRoot\system32\DRIVERS\kbdhid.sys
0x060AF000 \??\C:\Windows\system32\drivers\VMkbd.sys
0x060BA000 \SystemRoot\system32\DRIVERS\monitor.sys
0x004E0000 \SystemRoot\System32\TSDDD.dll
0x00770000 \SystemRoot\System32\cdd.dll
0x060C8000 \SystemRoot\system32\drivers\luafv.sys
0x060EB000 \SystemRoot\system32\drivers\WudfPf.sys
0x0610C000 \SystemRoot\system32\DRIVERS\WUDFRd.sys
0x0613D000 \SystemRoot\system32\DRIVERS\vmnetbridge.sys
0x0614D000 \SystemRoot\system32\DRIVERS\VMNET.SYS
0x06157000 \SystemRoot\system32\DRIVERS\lltdio.sys
0x0616C000 \SystemRoot\system32\DRIVERS\rspndr.sys
0x074F6000 \SystemRoot\system32\drivers\HTTP.sys
0x075BE000 \SystemRoot\system32\DRIVERS\bowser.sys
0x075DC000 \SystemRoot\System32\drivers\mpsdrv.sys
0x07400000 \SystemRoot\system32\DRIVERS\mrxsmb.sys
0x0742D000 \SystemRoot\system32\DRIVERS\mrxsmb10.sys
0x0747B000 \SystemRoot\system32\DRIVERS\mrxsmb20.sys
0x0749E000 \??\C:\Windows\system32\drivers\hcmon.sys
0x074AA000 \??\C:\Windows\system32\drivers\vmci.sys
0x0783C000 \??\C:\Windows\system32\drivers\vmx86.sys
0x07912000 \??\C:\Windows\system32\drivers\cpuz134_x64.sys
0x0791B000 \SystemRoot\system32\drivers\npf.sys
0x07928000 \SystemRoot\system32\drivers\peauth.sys
0x079CE000 \SystemRoot\System32\Drivers\secdrv.SYS
0x07800000 \SystemRoot\System32\DRIVERS\srvnet.sys
0x079D9000 \SystemRoot\System32\drivers\tcpipreg.sys
0x079EB000 \??\C:\Program Files (x86)\Common Files\Realtime Soft\UltraMonMirrorDrv\x64\UltraMonUtility.sys
0x079F4000 \??\C:\Windows\system32\drivers\vmnetuserif.sys
0x0782D000 \??\C:\Program Files (x86)\VMware\VMware Workstation\vstor2-ws60.sys
0x06184000 \SystemRoot\System32\DRIVERS\srv2.sys
0x07CD5000 \SystemRoot\System32\DRIVERS\srv.sys
0x07DDB000 \SystemRoot\system32\DRIVERS\asyncmac.sys
0x775F0000 \Windows\System32\ntdll.dll
0x48000000 \Windows\System32\smss.exe
0xFF910000 \Windows\System32\apisetschema.dll
0xFFE60000 \Windows\System32\autochk.exe
0x774A0000 \Windows\System32\urlmon.dll
0xFF880000 \Windows\System32\shlwapi.dll
0x777C0000 \Windows\System32\psapi.dll
0xFF810000 \Windows\System32\gdi32.dll
0x77380000 \Windows\System32\kernel32.dll
0xFF740000 \Windows\System32\usp10.dll
0xFF710000 \Windows\System32\imm32.dll
0xFE980000 \Windows\System32\shell32.dll
0xFE8E0000 \Windows\System32\clbcatq.dll
0xFE6D0000 \Windows\System32\ole32.dll
0xFE4F0000 \Windows\System32\setupapi.dll
0xFE4D0000 \Windows\System32\imagehlp.dll
0xFE430000 \Windows\System32\msvcrt.dll
0xFE320000 \Windows\System32\msctf.dll
0x77280000 \Windows\System32\user32.dll
0xFE240000 \Windows\System32\advapi32.dll
0xFE1C0000 \Windows\System32\difxapi.dll
0xFE120000 \Windows\System32\comdlg32.dll
0x777B0000 \Windows\System32\normaliz.dll
0xFDFF0000 \Windows\System32\rpcrt4.dll
0xFDFA0000 \Windows\System32\Wldap32.dll
0x77120000 \Windows\System32\wininet.dll
0xFDEC0000 \Windows\System32\oleaut32.dll
0x76F10000 \Windows\System32\iertutil.dll
0xFDEA0000 \Windows\System32\sechost.dll
0xFDE50000 \Windows\System32\ws2_32.dll
0xFDE40000 \Windows\System32\lpk.dll
0xFDE30000 \Windows\System32\nsi.dll
0xFDE10000 \Windows\System32\devobj.dll
Processes (total 64):
0 System Idle Process
4 System
380 C:\Windows\System32\smss.exe
504 csrss.exe
572 C:\Windows\System32\wininit.exe
596 csrss.exe
632 C:\Windows\System32\services.exe
648 C:\Windows\System32\lsass.exe
656 C:\Windows\System32\lsm.exe
720 C:\Windows\System32\winlogon.exe
804 C:\Windows\System32\svchost.exe
884 C:\Windows\System32\svchost.exe
956 C:\Program Files\Microsoft Security Client\Antimalware\MsMpEng.exe
124 C:\Windows\System32\atiesrxx.exe
428 C:\Windows\System32\svchost.exe
760 C:\Windows\System32\svchost.exe
996 C:\Windows\System32\svchost.exe
ok danke für die Informationen Ein bisschen kenne ich michaus mit Rechnern/Software/Viren. |
|
27.06.2011, 10:30
| #8 |
| /// Winkelfunktion /// TB-Süch-Tiger™ | Updateprobleme jeweder Software(Nach Internet Security 2011 befall) Log ist unvollständig...
__________________ Logfiles bitte immer in CODE-Tags posten |
|
27.06.2011, 11:21
| #9 |
| | Updateprobleme jeweder Software(Nach Internet Security 2011 befall)Code:
ATTFilter MBRCheck, version 1.2.3
(c) 2010, AD
Command-line:
Windows Version: Windows 7 Professional
Windows Information: (build 7600), 64-bit
Base Board Manufacturer: ASUSTeK Computer INC.
BIOS Manufacturer: American Megatrends Inc.
System Manufacturer: System manufacturer
System Product Name: System Product Name
Logical Drives Mask: 0x000000bc
Kernel Drivers (total 200):
0x02E5B000 \SystemRoot\system32\ntoskrnl.exe
0x02E12000 \SystemRoot\system32\hal.dll
0x00BD2000 \SystemRoot\system32\kdcom.dll
0x00CE6000 \SystemRoot\system32\mcupdate_AuthenticAMD.dll
0x00CF3000 \SystemRoot\system32\PSHED.dll
0x00D07000 \SystemRoot\system32\CLFS.SYS
0x00C00000 \SystemRoot\system32\CI.dll
0x00E44000 \SystemRoot\system32\drivers\Wdf01000.sys
0x00EE8000 \SystemRoot\system32\drivers\WDFLDR.SYS
0x0106C000 \SystemRoot\System32\Drivers\splp.sys
0x011A0000 \SystemRoot\System32\Drivers\WMILIB.SYS
0x011A9000 \SystemRoot\System32\Drivers\SCSIPORT.SYS
0x01000000 \SystemRoot\system32\DRIVERS\ACPI.sys
0x01057000 \SystemRoot\system32\DRIVERS\msisadrv.sys
0x011D8000 \SystemRoot\system32\DRIVERS\vdrvroot.sys
0x00EF7000 \SystemRoot\system32\DRIVERS\pci.sys
0x011E5000 \SystemRoot\System32\drivers\partmgr.sys
0x00F2A000 \SystemRoot\system32\DRIVERS\volmgr.sys
0x00F3F000 \SystemRoot\System32\drivers\volmgrx.sys
0x01061000 \SystemRoot\system32\DRIVERS\pciide.sys
0x00F9B000 \SystemRoot\system32\DRIVERS\PCIIDEX.SYS
0x00FAB000 \SystemRoot\System32\drivers\mountmgr.sys
0x00FC5000 \SystemRoot\system32\DRIVERS\atapi.sys
0x00FCE000 \SystemRoot\system32\DRIVERS\ataport.SYS
0x00E00000 \SystemRoot\system32\drivers\amdxata.sys
0x00D65000 \SystemRoot\system32\drivers\fltmgr.sys
0x00E0B000 \SystemRoot\system32\drivers\fileinfo.sys
0x00DB1000 \SystemRoot\system32\DRIVERS\stcvsm.sys
0x01242000 \SystemRoot\System32\Drivers\Ntfs.sys
0x01463000 \SystemRoot\System32\Drivers\msrpc.sys
0x014C1000 \SystemRoot\System32\Drivers\ksecdd.sys
0x014DB000 \SystemRoot\System32\Drivers\cng.sys
0x0154E000 \SystemRoot\System32\drivers\pcw.sys
0x0155F000 \SystemRoot\System32\Drivers\Fs_Rec.sys
0x016DC000 \SystemRoot\system32\drivers\ndis.sys
0x01600000 \SystemRoot\system32\drivers\NETIO.SYS
0x01660000 \SystemRoot\System32\Drivers\ksecpkg.sys
0x01800000 \SystemRoot\System32\drivers\tcpip.sys
0x0168B000 \SystemRoot\System32\drivers\fwpkclnt.sys
0x017CE000 \SystemRoot\system32\DRIVERS\vmstorfl.sys
0x01569000 \SystemRoot\system32\DRIVERS\volsnap.sys
0x017DE000 \SystemRoot\System32\Drivers\spldr.sys
0x015B5000 \SystemRoot\System32\drivers\rdyboost.sys
0x017E6000 \SystemRoot\System32\Drivers\mup.sys
0x015EF000 \SystemRoot\System32\drivers\hwpolicy.sys
0x01400000 \SystemRoot\System32\DRIVERS\fvevol.sys
0x0143A000 \SystemRoot\system32\DRIVERS\disk.sys
0x01200000 \SystemRoot\system32\DRIVERS\CLASSPNP.SYS
0x02CB8000 \SystemRoot\system32\DRIVERS\cdrom.sys
0x02CE2000 \SystemRoot\system32\DRIVERS\MpFilter.sys
0x02D13000 \SystemRoot\System32\Drivers\Null.SYS
0x02D1C000 \SystemRoot\System32\Drivers\Beep.SYS
0x02D23000 \SystemRoot\System32\drivers\vga.sys
0x02D31000 \SystemRoot\System32\drivers\VIDEOPRT.SYS
0x02D56000 \SystemRoot\System32\drivers\watchdog.sys
0x02D66000 \SystemRoot\System32\DRIVERS\RDPCDD.sys
0x02D6F000 \SystemRoot\system32\drivers\rdpencdd.sys
0x02D78000 \SystemRoot\system32\drivers\rdprefmp.sys
0x02D81000 \SystemRoot\System32\Drivers\Msfs.SYS
0x02D8C000 \SystemRoot\System32\Drivers\Npfs.SYS
0x02D9D000 \SystemRoot\system32\DRIVERS\tdx.sys
0x02DBB000 \SystemRoot\system32\DRIVERS\TDI.SYS
0x02C00000 \SystemRoot\system32\drivers\afd.sys
0x03E23000 \SystemRoot\System32\DRIVERS\netbt.sys
0x03E68000 \SystemRoot\system32\drivers\ws2ifsl.sys
0x03E73000 \SystemRoot\system32\DRIVERS\wfplwf.sys
0x03E7C000 \SystemRoot\system32\DRIVERS\pacer.sys
0x03EA2000 \SystemRoot\system32\DRIVERS\vfilter.sys
0x03EAC000 \SystemRoot\system32\DRIVERS\netbios.sys
0x03EBB000 \SystemRoot\system32\DRIVERS\wanarp.sys
0x03ED6000 \SystemRoot\system32\DRIVERS\termdd.sys
0x03EEA000 \SystemRoot\System32\Drivers\sbmount.SYS
0x03F0A000 \SystemRoot\system32\DRIVERS\rdbss.sys
0x03F5B000 \SystemRoot\system32\drivers\nsiproxy.sys
0x03F67000 \SystemRoot\system32\DRIVERS\mssmbios.sys
0x03F72000 \SystemRoot\System32\drivers\discache.sys
0x04010000 \SystemRoot\system32\drivers\csc.sys
0x04093000 \SystemRoot\System32\Drivers\dfsc.sys
0x040B1000 \SystemRoot\system32\DRIVERS\blbdrive.sys
0x040C2000 \SystemRoot\system32\DRIVERS\tunnel.sys
0x040E8000 \SystemRoot\system32\DRIVERS\amdppm.sys
0x040FD000 \SystemRoot\system32\DRIVERS\atikmpag.sys
0x0482A000 \SystemRoot\system32\DRIVERS\atikmdag.sys
0x042E8000 \SystemRoot\System32\drivers\dxgkrnl.sys
0x04200000 \SystemRoot\System32\drivers\dxgmms1.sys
0x04246000 \SystemRoot\system32\DRIVERS\HDAudBus.sys
0x0426A000 \SystemRoot\system32\DRIVERS\1394ohci.sys
0x04148000 \SystemRoot\system32\DRIVERS\yk62x64.sys
0x042A8000 \SystemRoot\system32\DRIVERS\nusb3xhc.sys
0x042D8000 \SystemRoot\system32\DRIVERS\USBD.SYS
0x042DA000 \SystemRoot\system32\DRIVERS\GEARAspiWDM.sys
0x043DC000 \SystemRoot\system32\DRIVERS\usbohci.sys
0x03F81000 \SystemRoot\system32\DRIVERS\USBPORT.SYS
0x043E7000 \SystemRoot\system32\DRIVERS\usbehci.sys
0x043F8000 \SystemRoot\system32\DRIVERS\ASACPI.sys
0x041AD000 \SystemRoot\System32\Drivers\atthorsy.SYS
0x04800000 \SystemRoot\system32\DRIVERS\wmiacpi.sys
0x04809000 \SystemRoot\system32\DRIVERS\CompositeBus.sys
0x03FD7000 \SystemRoot\system32\DRIVERS\AgileVpn.sys
0x02C89000 \SystemRoot\system32\DRIVERS\rasl2tp.sys
0x04819000 \SystemRoot\system32\DRIVERS\ndistapi.sys
0x02DC8000 \SystemRoot\system32\DRIVERS\ndiswan.sys
0x03E00000 \SystemRoot\system32\DRIVERS\raspppoe.sys
0x00E1F000 \SystemRoot\system32\DRIVERS\raspptp.sys
0x00CC0000 \SystemRoot\system32\DRIVERS\rassstp.sys
0x041F0000 \SystemRoot\system32\DRIVERS\rdpbus.sys
0x04000000 \SystemRoot\system32\DRIVERS\kbdclass.sys
0x03FED000 \SystemRoot\system32\DRIVERS\mouclass.sys
0x04825000 \SystemRoot\system32\DRIVERS\swenum.sys
0x0508D000 \SystemRoot\system32\DRIVERS\ks.sys
0x050D0000 \SystemRoot\system32\drivers\LGBusEnum.sys
0x050D4000 \SystemRoot\system32\DRIVERS\MarvinBus64.sys
0x05118000 \SystemRoot\system32\DRIVERS\umbus.sys
0x0512A000 \SystemRoot\system32\DRIVERS\nusb3hub.sys
0x05142000 \SystemRoot\system32\DRIVERS\usbhub.sys
0x0519C000 \SystemRoot\System32\Drivers\NDProxy.SYS
0x051B1000 \SystemRoot\system32\drivers\AtihdW76.sys
0x05000000 \SystemRoot\system32\drivers\portcls.sys
0x0503D000 \SystemRoot\system32\drivers\drmk.sys
0x0505F000 \SystemRoot\system32\drivers\ksthunk.sys
0x05E35000 \SystemRoot\system32\drivers\viahduaa.sys
0x05FE6000 \SystemRoot\system32\drivers\VMfilt64.sys
0x05E00000 \SystemRoot\System32\Drivers\crashdmp.sys
0x05E0E000 \SystemRoot\System32\Drivers\dump_dumpata.sys
0x05E1A000 \SystemRoot\System32\Drivers\dump_atapi.sys
0x05065000 \SystemRoot\System32\Drivers\dump_dumpfve.sys
0x051D1000 \SystemRoot\system32\DRIVERS\usbccgp.sys
0x013E4000 \SystemRoot\system32\drivers\usbaudio.sys
0x000A0000 \SystemRoot\System32\win32k.sys
0x05E23000 \SystemRoot\System32\drivers\Dxapi.sys
0x051EE000 \SystemRoot\system32\DRIVERS\hidusb.sys
0x06072000 \SystemRoot\system32\DRIVERS\HIDCLASS.SYS
0x0608B000 \SystemRoot\system32\DRIVERS\HIDPARSE.SYS
0x06094000 \SystemRoot\system32\DRIVERS\mouhid.sys
0x060A1000 \SystemRoot\system32\DRIVERS\kbdhid.sys
0x060AF000 \??\C:\Windows\system32\drivers\VMkbd.sys
0x060BA000 \SystemRoot\system32\DRIVERS\monitor.sys
0x004E0000 \SystemRoot\System32\TSDDD.dll
0x00770000 \SystemRoot\System32\cdd.dll
0x060C8000 \SystemRoot\system32\drivers\luafv.sys
0x060EB000 \SystemRoot\system32\drivers\WudfPf.sys
0x0610C000 \SystemRoot\system32\DRIVERS\WUDFRd.sys
0x0613D000 \SystemRoot\system32\DRIVERS\vmnetbridge.sys
0x0614D000 \SystemRoot\system32\DRIVERS\VMNET.SYS
0x06157000 \SystemRoot\system32\DRIVERS\lltdio.sys
0x0616C000 \SystemRoot\system32\DRIVERS\rspndr.sys
0x074F6000 \SystemRoot\system32\drivers\HTTP.sys
0x075BE000 \SystemRoot\system32\DRIVERS\bowser.sys
0x075DC000 \SystemRoot\System32\drivers\mpsdrv.sys
0x07400000 \SystemRoot\system32\DRIVERS\mrxsmb.sys
0x0742D000 \SystemRoot\system32\DRIVERS\mrxsmb10.sys
0x0747B000 \SystemRoot\system32\DRIVERS\mrxsmb20.sys
0x0749E000 \??\C:\Windows\system32\drivers\hcmon.sys
0x074AA000 \??\C:\Windows\system32\drivers\vmci.sys
0x0783C000 \??\C:\Windows\system32\drivers\vmx86.sys
0x07912000 \??\C:\Windows\system32\drivers\cpuz134_x64.sys
0x0791B000 \SystemRoot\system32\drivers\npf.sys
0x07928000 \SystemRoot\system32\drivers\peauth.sys
0x079CE000 \SystemRoot\System32\Drivers\secdrv.SYS
0x07800000 \SystemRoot\System32\DRIVERS\srvnet.sys
0x079D9000 \SystemRoot\System32\drivers\tcpipreg.sys
0x079EB000 \??\C:\Program Files (x86)\Common Files\Realtime Soft\UltraMonMirrorDrv\x64\UltraMonUtility.sys
0x079F4000 \??\C:\Windows\system32\drivers\vmnetuserif.sys
0x0782D000 \??\C:\Program Files (x86)\VMware\VMware Workstation\vstor2-ws60.sys
0x06184000 \SystemRoot\System32\DRIVERS\srv2.sys
0x07CD5000 \SystemRoot\System32\DRIVERS\srv.sys
0x07DDB000 \SystemRoot\system32\DRIVERS\asyncmac.sys
0x775F0000 \Windows\System32\ntdll.dll
0x48000000 \Windows\System32\smss.exe
0xFF910000 \Windows\System32\apisetschema.dll
0xFFE60000 \Windows\System32\autochk.exe
0x774A0000 \Windows\System32\urlmon.dll
0xFF880000 \Windows\System32\shlwapi.dll
0x777C0000 \Windows\System32\psapi.dll
0xFF810000 \Windows\System32\gdi32.dll
0x77380000 \Windows\System32\kernel32.dll
0xFF740000 \Windows\System32\usp10.dll
0xFF710000 \Windows\System32\imm32.dll
0xFE980000 \Windows\System32\shell32.dll
0xFE8E0000 \Windows\System32\clbcatq.dll
0xFE6D0000 \Windows\System32\ole32.dll
0xFE4F0000 \Windows\System32\setupapi.dll
0xFE4D0000 \Windows\System32\imagehlp.dll
0xFE430000 \Windows\System32\msvcrt.dll
0xFE320000 \Windows\System32\msctf.dll
0x77280000 \Windows\System32\user32.dll
0xFE240000 \Windows\System32\advapi32.dll
0xFE1C0000 \Windows\System32\difxapi.dll
0xFE120000 \Windows\System32\comdlg32.dll
0x777B0000 \Windows\System32\normaliz.dll
0xFDFF0000 \Windows\System32\rpcrt4.dll
0xFDFA0000 \Windows\System32\Wldap32.dll
0x77120000 \Windows\System32\wininet.dll
0xFDEC0000 \Windows\System32\oleaut32.dll
0x76F10000 \Windows\System32\iertutil.dll
0xFDEA0000 \Windows\System32\sechost.dll
0xFDE50000 \Windows\System32\ws2_32.dll
0xFDE40000 \Windows\System32\lpk.dll
0xFDE30000 \Windows\System32\nsi.dll
0xFDE10000 \Windows\System32\devobj.dll
Processes (total 63):
0 System Idle Process
4 System
380 C:\Windows\System32\smss.exe
504 csrss.exe
572 C:\Windows\System32\wininit.exe
596 csrss.exe
632 C:\Windows\System32\services.exe
648 C:\Windows\System32\lsass.exe
656 C:\Windows\System32\lsm.exe
720 C:\Windows\System32\winlogon.exe
804 C:\Windows\System32\svchost.exe
884 C:\Windows\System32\svchost.exe
956 C:\Program Files\Microsoft Security Client\Antimalware\MsMpEng.exe
124 C:\Windows\System32\atiesrxx.exe
428 C:\Windows\System32\svchost.exe
760 C:\Windows\System32\svchost.exe
996 C:\Windows\System32\svchost.exe
1096 C:\Windows\System32\audiodg.exe
1188 C:\Windows\System32\svchost.exe
1364 WUDFHost.exe
1516 C:\Windows\System32\atieclxx.exe
1564 WUDFHost.exe
1632 C:\Windows\System32\svchost.exe
1740 C:\Windows\System32\spoolsv.exe
1768 C:\Windows\System32\svchost.exe
1876 C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
1920 C:\Program Files (x86)\Bonjour\mDNSResponder.exe
2028 C:\Windows\SysWOW64\PnkBstrA.exe
1088 C:\Windows\System32\svchost.exe
1340 C:\Windows\SysWOW64\vmnat.exe
1500 C:\Windows\SysWOW64\vmnetdhcp.exe
1288 C:\Program Files (x86)\VMware\VMware Workstation\vmware-authd.exe
2628 C:\Windows\System32\dwm.exe
2684 C:\Windows\explorer.exe
2864 C:\Program Files\Logitech\GamePanel Software\LGDevAgt.exe
2904 C:\Program Files\Logitech\GamePanel Software\LCD Manager\LCDMon.exe
2944 C:\Program Files\Microsoft Security Client\msseces.exe
2952 C:\Program Files (x86)\Steam\Steam.exe
2960 C:\Program Files (x86)\RocketDock\RocketDock.exe
2968 C:\Program Files\Windows Sidebar\sidebar.exe
1440 C:\Program Files\UltraMon\UltraMon.exe
2748 C:\Program Files\UltraMon\UltraMonTaskbar.exe
1708 C:\Windows\System32\svchost.exe
3032 C:\Program Files (x86)\NEC Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe
1020 C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\MOM.exe
3216 C:\Windows\System32\SearchIndexer.exe
3252 C:\Program Files (x86)\Common Files\Steam\SteamService.exe
3432 C:\Program Files\Windows Media Player\wmpnetwk.exe
3684 C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CCC.exe
4036 C:\Windows\System32\svchost.exe
2936 C:\Program Files (x86)\Mozilla Firefox\firefox.exe
2068 C:\Program Files (x86)\Common Files\Realtime Soft\RTSHookInterop\x32\RTSHookInterop.exe
2524 C:\Program Files (x86)\Mozilla Firefox\plugin-container.exe
1960 C:\Program Files (x86)\AIMP2\AIMP2.exe
4116 C:\Program Files\UltraMon\UltraMonUiAcc.exe
4148 C:\Program Files (x86)\Common Files\Realtime Soft\RTSHookInterop\x32\RTSHookInterop.exe
3592 C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE
4844 C:\Program Files\Microsoft Office\Office14\POWERPNT.EXE
2360 C:\Program Files\Microsoft Office\Office14\WINWORD.EXE
700 C:\Users\Justin\Desktop\MBRCheck.exe
3848 C:\Windows\System32\conhost.exe
5100 C:\Windows\System32\dllhost.exe
4404 <unknown>
\\.\C: --> \\.\PhysicalDrive1 at offset 0x00000000`00100000 (NTFS)
\\.\D: --> \\.\PhysicalDrive2 at offset 0x00000000`00100000 (NTFS)
\\.\F: --> \\.\PhysicalDrive0 at offset 0x00000000`06500000 (NTFS)
PhysicalDrive1 Model Number: WDCWD3200AAJS-00RYA0, Rev: 12.01B01
PhysicalDrive2 Model Number: SAMSUNGHD154UI, Rev: 1AG01118
PhysicalDrive0 Model Number: SAMSUNGHD501LJ, Rev: CR100-13
Size Device Name MBR Status
--------------------------------------------
298 GB \\.\PhysicalDrive1 Windows 7 MBR code detected
SHA1: 4379A3D43019B46FA357F7DD6A53B45A3CA8FB79
1397 GB \\.\PhysicalDrive2 Windows 7 MBR code detected
SHA1: 4379A3D43019B46FA357F7DD6A53B45A3CA8FB79
465 GB \\.\PhysicalDrive0 Windows 7 MBR code detected
SHA1: 4379A3D43019B46FA357F7DD6A53B45A3CA8FB79
Done!
|
|
27.06.2011, 12:02
| #10 |
| /// Winkelfunktion /// TB-Süch-Tiger™ | Updateprobleme jeweder Software(Nach Internet Security 2011 befall) Sieht ok aus. Mach bitte zur Kontrolle Vollscans mit Malwarebytes und SUPERAntiSpyware und poste die Logs. Denk dran beide Tools zu updaten vor dem Scan!! Anschließend über den OnlineScanner von ESET eine zusätzliche Meinung zu holen ist auch nicht verkehrt: ESET Online Scanner
__________________ Logfiles bitte immer in CODE-Tags posten |
|
27.06.2011, 14:48
| #11 |
| | Updateprobleme jeweder Software(Nach Internet Security 2011 befall)Code:
ATTFilter Malwarebytes' Anti-Malware 1.46
www.malwarebytes.org
Datenbank Version: 5191
Windows 6.1.7600
Internet Explorer 8.0.7600.16385
26.11.2010 12:16:18
mbam-log-2010-11-26 (12-16-18).txt
Art des Suchlaufs: Vollständiger Suchlauf (C:\|D:\|F:\|)
Durchsuchte Objekte: 264822
Laufzeit: 29 Minute(n), 31 Sekunde(n)
Infizierte Speicherprozesse: 0
Infizierte Speichermodule: 0
Infizierte Registrierungsschlüssel: 0
Infizierte Registrierungswerte: 0
Infizierte Dateiobjekte der Registrierung: 0
Infizierte Verzeichnisse: 0
Infizierte Dateien: 1
Infizierte Speicherprozesse:
(Keine bösartigen Objekte gefunden)
Infizierte Speichermodule:
(Keine bösartigen Objekte gefunden)
Infizierte Registrierungsschlüssel:
(Keine bösartigen Objekte gefunden)
Infizierte Registrierungswerte:
(Keine bösartigen Objekte gefunden)
Infizierte Dateiobjekte der Registrierung:
(Keine bösartigen Objekte gefunden)
Infizierte Verzeichnisse:
(Keine bösartigen Objekte gefunden)
Infizierte Dateien:
D:\Musik, Filme, Programme\Programme\Autodata_3_24_DVD\autodata_and_info\adatadrv.sys (Trojan.Agent) -> Quarantined and deleted successfully.
Code:
ATTFilter SUPERAntiSpyware Scan Log
hxxp://www.superantispyware.com
Generated 06/27/2011 at 02:01 PM
Application Version : 4.54.1000
Core Rules Database Version : 7329
Trace Rules Database Version: 5141
Scan type : Complete Scan
Total Scan Time : 00:45:31
Memory items scanned : 799
Memory threats detected : 0
Registry items scanned : 14484
Registry threats detected : 0
File items scanned : 40650
File threats detected : 77
Adware.Tracking Cookie
C:\Users\Justin\AppData\Roaming\Microsoft\Windows\Cookies\justin@at.atwola[1].txt
C:\Users\Justin\AppData\Roaming\Microsoft\Windows\Cookies\justin@bs.serving-sys[2].txt
C:\Users\Justin\AppData\Roaming\Microsoft\Windows\Cookies\justin@vdwp.solution.weborama[2].txt
C:\Users\Justin\AppData\Roaming\Microsoft\Windows\Cookies\justin@atdmt[1].txt
C:\Users\Justin\AppData\Roaming\Microsoft\Windows\Cookies\justin@advertising[2].txt
C:\Users\Justin\AppData\Roaming\Microsoft\Windows\Cookies\justin@ad.ad-srv[2].txt
C:\Users\Justin\AppData\Roaming\Microsoft\Windows\Cookies\justin@traffictrack[1].txt
C:\Users\Justin\AppData\Roaming\Microsoft\Windows\Cookies\justin@atwola[2].txt
C:\Users\Justin\AppData\Roaming\Microsoft\Windows\Cookies\justin@weborama[1].txt
C:\Users\Justin\AppData\Roaming\Microsoft\Windows\Cookies\justin@ad.yieldmanager[2].txt
C:\Users\Justin\AppData\Roaming\Microsoft\Windows\Cookies\justin@2o7[2].txt
C:\Users\Justin\AppData\Roaming\Microsoft\Windows\Cookies\justin@revsci[1].txt
C:\Users\Justin\AppData\Roaming\Microsoft\Windows\Cookies\justin@zanox[1].txt
C:\Users\Justin\AppData\Roaming\Microsoft\Windows\Cookies\justin@ad3.adfarm1.adition[1].txt
C:\Users\Justin\AppData\Roaming\Microsoft\Windows\Cookies\justin@atdmt.combing[2].txt
C:\Users\Justin\AppData\Roaming\Microsoft\Windows\Cookies\justin@de.sitestat[1].txt
C:\Users\Justin\AppData\Roaming\Microsoft\Windows\Cookies\justin@adxpose[1].txt
C:\Users\Justin\AppData\Roaming\Microsoft\Windows\Cookies\justin@www.active-tracking[2].txt
C:\Users\Justin\AppData\Roaming\Microsoft\Windows\Cookies\justin@invitemedia[1].txt
C:\Users\Justin\AppData\Roaming\Microsoft\Windows\Cookies\justin@ad.adserver01[1].txt
C:\Users\Justin\AppData\Roaming\Microsoft\Windows\Cookies\justin@zanox-affiliate[1].txt
C:\Users\Justin\AppData\Roaming\Microsoft\Windows\Cookies\justin@serving-sys[2].txt
C:\Users\Justin\AppData\Roaming\Microsoft\Windows\Cookies\justin@adtech[1].txt
C:\Users\Justin\AppData\Roaming\Microsoft\Windows\Cookies\justin@adfarm1.adition[2].txt
C:\Users\Justin\AppData\Roaming\Microsoft\Windows\Cookies\justin@content.yieldmanager[3].txt
C:\Users\Justin\AppData\Roaming\Microsoft\Windows\Cookies\justin@ad.zanox[2].txt
C:\Users\Justin\AppData\Roaming\Microsoft\Windows\Cookies\justin@www.zanox-affiliate[1].txt
C:\Users\Justin\AppData\Roaming\Microsoft\Windows\Cookies\justin@tacoda.at.atwola[1].txt
C:\Users\Justin\AppData\Roaming\Microsoft\Windows\Cookies\justin@questionmarket[1].txt
C:\Users\Justin\AppData\Roaming\Microsoft\Windows\Cookies\justin@de.sitestat[2].txt
C:\Users\Justin\AppData\Roaming\Microsoft\Windows\Cookies\justin@ad2.adfarm1.adition[2].txt
C:\Users\Justin\AppData\Roaming\Microsoft\Windows\Cookies\justin@content.yieldmanager[1].txt
C:\Users\Justin\AppData\Roaming\Microsoft\Windows\Cookies\justin@yieldmanager[1].txt
C:\Users\Justin\AppData\Roaming\Microsoft\Windows\Cookies\justin@adserver.adtechus[1].txt
C:\Users\Justin\AppData\Roaming\Microsoft\Windows\Cookies\justin@xiti[1].txt
C:\Users\Justin\AppData\Roaming\Microsoft\Windows\Cookies\justin@imrworldwide[2].txt
C:\Users\Justin\AppData\Roaming\Microsoft\Windows\Cookies\justin@ad4.adfarm1.adition[1].txt
C:\Users\Justin\AppData\Roaming\Microsoft\Windows\Cookies\justin@doubleclick[1].txt
akamai.smartadserver.com [ C:\Users\Justin\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\XBCUALQP ]
countdownpage.createyourcountdown.com [ C:\Users\Justin\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\XBCUALQP ]
counter.cam-content.com [ C:\Users\Justin\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\XBCUALQP ]
ia.media-imdb.com [ C:\Users\Justin\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\XBCUALQP ]
imagesrv.adition.com [ C:\Users\Justin\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\XBCUALQP ]
imgs.adverticum.net [ C:\Users\Justin\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\XBCUALQP ]
media.mtvnservices.com [ C:\Users\Justin\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\XBCUALQP ]
media1.break.com [ C:\Users\Justin\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\XBCUALQP ]
objects.tremormedia.com [ C:\Users\Justin\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\XBCUALQP ]
s0.2mdn.net [ C:\Users\Justin\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\XBCUALQP ]
secure-us.imrworldwide.com [ C:\Users\Justin\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\XBCUALQP ]
www.adservercentral.info [ C:\Users\Justin\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\XBCUALQP ]
www.deinsexdate.com [ C:\Users\Justin\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\XBCUALQP ]
www.pornme.com [ C:\Users\Justin\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\XBCUALQP ]
www.sexkiste.com [ C:\Users\Justin\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\XBCUALQP ]
C:\Users\Justin\AppData\Roaming\Microsoft\Windows\Cookies\justin@atdmt[3].txt
C:\Users\Justin\AppData\Roaming\Microsoft\Windows\Cookies\justin@atdmt[2].txt
C:\Users\Justin\AppData\Roaming\Microsoft\Windows\Cookies\justin@serving-sys[1].txt
C:\Users\Justin\AppData\Roaming\Microsoft\Windows\Cookies\Low\justin@ad.zanox[2].txt
C:\Users\Justin\AppData\Roaming\Microsoft\Windows\Cookies\Low\justin@serving-sys[2].txt
C:\Users\Justin\AppData\Roaming\Microsoft\Windows\Cookies\Low\justin@tradedoubler[1].txt
C:\Users\Justin\AppData\Roaming\Microsoft\Windows\Cookies\Low\justin@adx.chip[2].txt
C:\Users\Justin\AppData\Roaming\Microsoft\Windows\Cookies\Low\justin@ad.ad-srv[2].txt
C:\Users\Justin\AppData\Roaming\Microsoft\Windows\Cookies\Low\justin@ad.yieldmanager[1].txt
C:\Users\Justin\AppData\Roaming\Microsoft\Windows\Cookies\Low\justin@zanox[2].txt
C:\Users\Justin\AppData\Roaming\Microsoft\Windows\Cookies\Low\justin@smartadserver[2].txt
C:\Users\Justin\AppData\Roaming\Microsoft\Windows\Cookies\Low\justin@statcounter[1].txt
C:\Users\Justin\AppData\Roaming\Microsoft\Windows\Cookies\Low\justin@doubleclick[1].txt
C:\Users\Justin\AppData\Roaming\Microsoft\Windows\Cookies\Low\justin@2o7[1].txt
C:\Users\Justin\AppData\Roaming\Microsoft\Windows\Cookies\Low\justin@content.yieldmanager[1].txt
C:\Users\Justin\AppData\Roaming\Microsoft\Windows\Cookies\Low\justin@tracking.mindshare[1].txt
C:\Users\Justin\AppData\Roaming\Microsoft\Windows\Cookies\Low\justin@weborama[1].txt
C:\Users\Justin\AppData\Roaming\Microsoft\Windows\Cookies\Low\justin@liveperson[1].txt
C:\Users\Justin\AppData\Roaming\Microsoft\Windows\Cookies\Low\justin@zedo[2].txt
C:\Users\Justin\AppData\Roaming\Microsoft\Windows\Cookies\Low\justin@atdmt[2].txt
C:\Users\Justin\AppData\Roaming\Microsoft\Windows\Cookies\Low\justin@msnportal.112.2o7[1].txt
C:\Users\Justin\AppData\Roaming\Microsoft\Windows\Cookies\Low\justin@liveperson[3].txt
C:\Users\Justin\AppData\Roaming\Microsoft\Windows\Cookies\Low\justin@bs.serving-sys[2].txt
C:\Users\Justin\AppData\Roaming\Microsoft\Windows\Cookies\Low\justin@server.lon.liveperson[1].txt
|
|
27.06.2011, 14:55
| #12 | |
| /// Winkelfunktion /// TB-Süch-Tiger™ | Updateprobleme jeweder Software(Nach Internet Security 2011 befall)Zitat:
 Bitte die aktuelle Programmversion nehmen und die Signaturen nochmal updaten! Anschließend den Vollscan wiederholen.
__________________ Logfiles bitte immer in CODE-Tags posten |
|
27.06.2011, 15:16
| #13 |
| | Updateprobleme jeweder Software(Nach Internet Security 2011 befall) Tut mir leid, ist mir in dem falle nicht aufgefallen da der log ja auch nicht von heute ist. Aber siehe Threadtitel keine Updates möglich. MBAM wurde nun neuheruntergeladen und momentan läuft nochmal ein komplett scan. |
|
27.06.2011, 15:23
| #14 |
| /// Winkelfunktion /// TB-Süch-Tiger™ | Updateprobleme jeweder Software(Nach Internet Security 2011 befall) Ups sry das hab ich ja völlig übersehen  Ich hab gelesen 26.06.2011 und nicht 26.10.2010 
__________________ Logfiles bitte immer in CODE-Tags posten |
|
27.06.2011, 17:23
| #15 |
| | Updateprobleme jeweder Software(Nach Internet Security 2011 befall)Code:
ATTFilter Malwarebytes' Anti-Malware 1.51.0.1200
www.malwarebytes.org
Datenbank Version: 6959
Windows 6.1.7600
Internet Explorer 9.0.8112.16421
27.06.2011 17:38:19
mbam-log-2011-06-27 (17-38-19).txt
Art des Suchlaufs: Vollständiger Suchlauf (C:\|D:\|F:\|)
Durchsuchte Objekte: 381786
Laufzeit: 1 Stunde(n), 23 Minute(n), 20 Sekunde(n)
Infizierte Speicherprozesse: 0
Infizierte Speichermodule: 0
Infizierte Registrierungsschlüssel: 0
Infizierte Registrierungswerte: 0
Infizierte Dateiobjekte der Registrierung: 0
Infizierte Verzeichnisse: 0
Infizierte Dateien: 0
Infizierte Speicherprozesse:
(Keine bösartigen Objekte gefunden)
Infizierte Speichermodule:
(Keine bösartigen Objekte gefunden)
Infizierte Registrierungsschlüssel:
(Keine bösartigen Objekte gefunden)
Infizierte Registrierungswerte:
(Keine bösartigen Objekte gefunden)
Infizierte Dateiobjekte der Registrierung:
(Keine bösartigen Objekte gefunden)
Infizierte Verzeichnisse:
(Keine bösartigen Objekte gefunden)
Infizierte Dateien:
(Keine bösartigen Objekte gefunden)
|
|
| Themen zu Updateprobleme jeweder Software(Nach Internet Security 2011 befall) |
| 32-bit, adobe, alternate, black, c:\windows\system32\rundll32.exe, call of duty, combofix, converter, cpu-z, device driver, document, enigma, error, excel, excel.exe, exe, fehler, flash player, format, grand theft auto, internet, jdownloader, langs, launch, logfile, microsoft office word, microsoft security, mozilla, mp3, nodrives, plug-in, problem, prozess, registry, rundll, scan, searchplugins, security, server, shell32.dll, shortcut, software, sptd.sys, start menu, studio, syswow64, taskmanager, teamspeak, usb, usb 3.0, windows |
Hybrid-Darstellung
