| |
| |||||||
Log-Analyse und Auswertung: Masterbootsektor Virus "BOO/Whistler"Windows 7 Wenn Du Dir einen Trojaner eingefangen hast oder ständig Viren Warnungen bekommst, kannst Du hier die Logs unserer Diagnose Tools zwecks Auswertung durch unsere Experten posten. Um Viren und Trojaner entfernen zu können, muss das infizierte System zuerst untersucht werden: Erste Schritte zur Hilfe. Beachte dass ein infiziertes System nicht vertrauenswürdig ist und bis zur vollständigen Entfernung der Malware nicht verwendet werden sollte.XML. |
31.08.2011, 01:11
| #1 |
 |  Masterbootsektor Virus "BOO/Whistler" Hallo alle zusammen, Erste Anzeichen eines Viruses war, dass meine externe Festplatte nicht mehr erkannt wurde. Nach einem Neustart blinkte nun auch mein AntiVir auf: "Im Masterbootsektor von Laufwerk 'Masterbootsektor HD0' wurde ein Virus oder unerwünschtes Programm 'BOO/Whistler' [virus] gefunden" Diese Nachricht wird für alle meine Partitionen angezeigt und der Laptop merklich langsamer. Habe defogger und OTL ausgeführt. Bei GMER jedoch habe ich nur einen Bluescreen erhalten. Als ich es im abgesicherten Modus versuchte, ist auch der PC abgestürzt. Daher kein gmer-Protokoll. OTL Logfile: Code:
ATTFilter OTL logfile created on: 31.08.2011 01:19:35 - Run 2 OTL by OldTimer - Version 3.2.26.7 Folder = C:\Users\Moritz\Downloads Windows Vista Home Premium Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation Internet Explorer (Version = 8.0.6001.19120) Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy 2,75 Gb Total Physical Memory | 1,78 Gb Available Physical Memory | 64,78% Memory free 5,72 Gb Paging File | 4,62 Gb Available in Paging File | 80,74% Paging File free Paging file location(s): ?:\pagefile.sys [binary data] %SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files Drive C: | 144,17 Gb Total Space | 9,61 Gb Free Space | 6,66% Space Free | Partition Type: NTFS Drive D: | 72,13 Gb Total Space | 64,52 Gb Free Space | 89,45% Space Free | Partition Type: NTFS Drive I: | 72,02 Gb Total Space | 69,32 Gb Free Space | 96,25% Space Free | Partition Type: NTFS Computer Name: MORITZ-LAPTOP | User Name: Moritz | Logged in as Administrator. Boot Mode: Normal | Scan Mode: Current user | Quick Scan Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days ========== Processes (SafeList) ========== PRC - [2011.08.31 00:41:00 | 000,580,608 | ---- | M] (OldTimer Tools) -- C:\Users\Moritz\Downloads\OTL.exe PRC - [2011.08.03 11:00:00 | 000,140,952 | ---- | M] (Google Inc.) -- C:\Programme\Google\Update\1.3.21.65\GoogleCrashHandler.exe PRC - [2011.07.03 22:53:47 | 000,269,480 | ---- | M] (Avira GmbH) -- C:\Programme\Avira\AntiVir Desktop\avguard.exe PRC - [2011.05.12 14:17:07 | 000,136,360 | ---- | M] (Avira GmbH) -- C:\Programme\Avira\AntiVir Desktop\sched.exe PRC - [2011.03.21 20:56:16 | 001,230,704 | ---- | M] () -- C:\Programme\DivX\DivX Update\DivXUpdate.exe PRC - [2010.11.05 19:07:06 | 000,281,768 | ---- | M] (Avira GmbH) -- C:\Programme\Avira\AntiVir Desktop\avgnt.exe PRC - [2010.05.28 08:25:04 | 000,233,472 | ---- | M] (Teruten) -- C:\Windows\System32\FsUsbExService.Exe PRC - [2010.01.14 22:10:53 | 000,076,968 | ---- | M] (Avira GmbH) -- C:\Programme\Avira\AntiVir Desktop\avshadow.exe PRC - [2009.04.11 08:27:36 | 002,926,592 | ---- | M] (Microsoft Corporation) -- C:\Windows\explorer.exe PRC - [2008.05.21 04:06:00 | 006,144,000 | ---- | M] (Realtek Semiconductor) -- C:\Windows\RtHDVCpl.exe PRC - [2008.05.14 17:05:30 | 000,500,784 | ---- | M] (Egis Incorporated) -- C:\Programme\Acer\Empowering Technology\eDataSecurity\x86\eDSService.exe PRC - [2008.03.21 13:22:52 | 000,024,576 | ---- | M] () -- C:\Programme\Acer\Empowering Technology\Service\ETService.exe PRC - [2008.01.21 04:25:33 | 000,896,512 | ---- | M] (Microsoft Corporation) -- C:\Programme\Windows Media Player\wmpnetwk.exe PRC - [2008.01.21 04:25:33 | 000,202,240 | ---- | M] (Microsoft Corporation) -- C:\Programme\Windows Media Player\wmpnscfg.exe PRC - [2007.12.06 16:15:28 | 000,110,592 | ---- | M] () -- C:\Acer\Mobility Center\MobilityService.exe PRC - [2007.09.02 14:58:52 | 000,495,616 | ---- | M] () -- C:\Programme\RocketDock\RocketDock.exe PRC - [2006.11.02 14:35:35 | 000,176,128 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\wpcumi.exe ========== Modules (No Company Name) ========== MOD - [2011.06.24 22:56:36 | 000,087,328 | ---- | M] () -- C:\Programme\Common Files\Apple\Apple Application Support\zlib1.dll MOD - [2011.06.24 22:56:14 | 001,241,888 | ---- | M] () -- C:\Programme\Common Files\Apple\Apple Application Support\libxml2.dll MOD - [2011.03.21 20:57:34 | 000,096,112 | ---- | M] () -- C:\Programme\DivX\DivX Update\DivXUpdateCheck.dll MOD - [2011.03.21 20:56:16 | 001,230,704 | ---- | M] () -- C:\Programme\DivX\DivX Update\DivXUpdate.exe MOD - [2010.07.04 23:32:38 | 000,010,752 | ---- | M] () -- C:\Programme\Unlocker\UnlockerCOM.dll MOD - [2008.09.16 21:18:06 | 000,132,608 | ---- | M] () -- C:\Programme\WinRAR\RarExt.dll MOD - [2008.06.25 08:13:46 | 000,159,744 | ---- | M] () -- C:\Windows\System32\atitmmxx.dll MOD - [2007.09.02 14:58:52 | 000,495,616 | ---- | M] () -- C:\Programme\RocketDock\RocketDock.exe MOD - [2007.09.02 14:57:36 | 000,069,632 | ---- | M] () -- C:\Programme\RocketDock\RocketDock.dll ========== Win32 Services (SafeList) ========== SRV - [2011.07.03 22:53:47 | 000,269,480 | ---- | M] (Avira GmbH) [Auto | Running] -- C:\Program Files\Avira\AntiVir Desktop\avguard.exe -- (AntiVirService) SRV - [2011.05.12 14:17:07 | 000,136,360 | ---- | M] (Avira GmbH) [Auto | Running] -- C:\Program Files\Avira\AntiVir Desktop\sched.exe -- (AntiVirSchedulerService) SRV - [2010.05.28 08:25:04 | 000,233,472 | ---- | M] (Teruten) [Auto | Running] -- C:\Windows\System32\FsUsbExService.Exe -- (FsUsbExService) SRV - [2008.05.14 17:05:30 | 000,500,784 | ---- | M] (Egis Incorporated) [Auto | Running] -- C:\Program Files\Acer\Empowering Technology\eDataSecurity\x86\eDSService.exe -- (eDataSecurity Service) SRV - [2008.03.21 13:22:52 | 000,024,576 | ---- | M] () [Auto | Running] -- C:\Programme\Acer\Empowering Technology\Service\ETService.exe -- (ETService) SRV - [2008.01.21 04:23:32 | 000,272,952 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Programme\Windows Defender\MpSvc.dll -- (WinDefend) SRV - [2007.12.06 16:15:28 | 000,110,592 | ---- | M] () [Auto | Running] -- C:\Acer\Mobility Center\MobilityService.exe -- (MobilityService) ========== Driver Services (SafeList) ========== DRV - [2011.07.03 22:53:56 | 000,138,192 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\Windows\System32\drivers\avipbb.sys -- (avipbb) DRV - [2011.07.03 22:53:56 | 000,066,616 | ---- | M] (Avira GmbH) [File_System | Auto | Running] -- C:\Windows\System32\drivers\avgntflt.sys -- (avgntflt) DRV - [2011.01.29 18:00:20 | 000,020,032 | ---- | M] (Devguru Co., Ltd) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\dgderdrv.sys -- (dgderdrv) DRV - [2011.01.03 10:38:36 | 000,136,680 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\ssadmdm.sys -- (ssadmdm) DRV - [2011.01.03 10:38:36 | 000,121,192 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\ssadbus.sys -- (ssadbus) SAMSUNG Android USB Composite Device driver (WDM) DRV - [2011.01.03 10:38:36 | 000,012,776 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\ssadmdfl.sys -- (ssadmdfl) SAMSUNG Android USB Modem (Filter) DRV - [2010.12.21 07:55:02 | 000,132,424 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\sscdmdm.sys -- (sscdmdm) DRV - [2010.12.21 07:55:02 | 000,104,648 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\sscdbus.sys -- (sscdbus) SAMSUNG USB Composite Device driver (WDM) DRV - [2010.12.21 07:55:02 | 000,014,920 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\sscdmdfl.sys -- (sscdmdfl) DRV - [2010.10.25 11:03:52 | 000,036,640 | ---- | M] () [Kernel | On_Demand | Running] -- C:\Windows\System32\FsUsbExDisk.Sys -- (FsUsbExDisk) DRV - [2009.10.21 21:09:50 | 000,281,760 | ---- | M] () [Kernel | Auto | Running] -- C:\Windows\System32\drivers\atksgt.sys -- (atksgt) DRV - [2009.10.21 21:09:49 | 000,025,888 | ---- | M] () [Kernel | Auto | Running] -- C:\Windows\System32\drivers\lirsgt.sys -- (lirsgt) DRV - [2009.09.30 07:53:12 | 001,184,768 | ---- | M] (Atheros Communications, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\athr.sys -- (athr) DRV - [2009.05.11 10:12:49 | 000,028,520 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\Windows\System32\drivers\ssmdrv.sys -- (ssmdrv) DRV - [2009.04.06 21:38:18 | 000,717,296 | ---- | M] (Duplex Secure Ltd.) [Kernel | Disabled | Stopped] -- C:\Windows\System32\Drivers\sptd.sys -- (sptd) DRV - [2009.02.13 12:35:01 | 000,011,608 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\Programme\Avira\AntiVir Desktop\avgio.sys -- (avgio) DRV - [2008.10.09 16:42:42 | 000,017,408 | ---- | M] (Windows (R) Codename Longhorn DDK provider) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\KMWDFILTER.sys -- (KMWDFILTER) DRV - [2008.06.25 08:53:34 | 003,844,608 | ---- | M] (ATI Technologies Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\atikmdag.sys -- (atikmdag) DRV - [2008.05.28 17:54:20 | 000,022,072 | ---- | M] (Advanced Micro Devices Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\usbfilter.sys -- (usbfilter) DRV - [2008.05.27 23:55:54 | 000,173,576 | ---- | M] (AMD Technologies Inc.) [Kernel | Boot | Running] -- C:\Windows\system32\DRIVERS\ahcix86s.sys -- (ahcix86s) DRV - [2008.04.28 19:26:42 | 000,014,352 | ---- | M] (ATI Technologies Inc.) [Kernel | Boot | Running] -- C:\Windows\system32\DRIVERS\AtiPcie.sys -- (AtiPcie) ATI PCI Express (3GIO) DRV - [2008.03.21 10:48:24 | 000,015,392 | ---- | M] (Acer, Inc.) [Kernel | Auto | Running] -- C:\Windows\System32\drivers\int15.sys -- (int15) DRV - [2008.01.10 03:34:43 | 000,005,120 | ---- | M] (Samsung Electronics) [Kernel | Auto | Running] -- C:\Windows\System32\drivers\SSPORT.SYS -- (SSPORT) DRV - [2008.01.10 03:34:42 | 000,041,984 | ---- | M] (Samsung Electronics Co., Ltd.) [Kernel | Auto | Stopped] -- C:\Windows\System32\drivers\DGIVECP.SYS -- (DgiVecp) DRV - [2006.11.29 02:44:52 | 000,008,192 | ---- | M] (Conexant Systems, Inc.) [Kernel | Auto | Running] -- C:\Windows\System32\drivers\XAudio.sys -- (XAudio) ========== Standard Registry (SafeList) ========== ========== Internet Explorer ========== IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://homepage.acer.com/rdr.aspx?b=ACAW&l=0407&s=2&o=vp32&d=0908&m=aspire_5535 IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Secondary Start Pages = hxxp://global.acer.com [binary data] IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://homepage.acer.com/rdr.aspx?b=ACAW&l=0407&s=2&o=vp32&d=0908&m=aspire_5535 IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,StartPageCache = 1 IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local ========== FireFox ========== FF - prefs.js..browser.search.openintab: true FF - prefs.js..browser.search.param.yahoo-fr: "chr-greentree_ff&type=302398" FF - prefs.js..browser.search.useDBForOrder: true FF - prefs.js..browser.startup.homepage: "hxxp://www.n-tv.de/" FF - prefs.js..extensions.enabledItems: {d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}:1.3.9 FF - prefs.js..extensions.enabledItems: {D4DD63FA-01E4-46a7-B6B1-EDAB7D6AD389}:0.9.8 FF - prefs.js..extensions.enabledItems: {b9db16a4-6edc-47ec-a1f4-b86292ed211d}:4.8.2 FF - prefs.js..extensions.enabledItems: dvscontextmenuy@dvdvideosoft.com:1.0 FF - prefs.js..extensions.enabledItems: {dc572301-7619-498c-a57d-39143191b318}:0.3.8.6 FF - prefs.js..extensions.enabledItems: personas@christopher.beard:1.6.1 FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}:6.0.20 FF - prefs.js..extensions.enabledItems: vshare@toolbar:1.0.0 FF - prefs.js..extensions.enabledItems: {000a9d1c-beef-4f90-9363-039d445309b8}:0.5.36.0 FF - prefs.js..extensions.enabledItems: {07b2a769-ed19-4483-87ce-c643914c81bb}:3.0.0.91 FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF32.dll () FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=: File not found FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll () FF - HKLM\Software\MozillaPlugins\@divx.com/DivX Browser Plugin,version=1.0.0: C:\Program Files\DivX\DivX Plus Web Player\npdivx32.dll (DivX, LLC) FF - HKLM\Software\MozillaPlugins\@divx.com/DivX Player Plugin,version=1.0.0: C:\Program Files\DivX\DivX Player\npDivxPlayerPlugin.dll (DivX, Inc) FF - HKLM\Software\MozillaPlugins\@divx.com/DivX VOD Helper,version=1.0.0: C:\Program Files\DivX\DivX OVS Helper\npovshelper.dll (DivX, LLC.) FF - HKLM\Software\MozillaPlugins\@foxitsoftware.com/Foxit Reader Plugin,version=1.0,application/pdf: C:\Program Files\Foxit Software\Foxit Reader\plugins\npFoxitReaderPlugin.dll (Foxit Corporation) FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: C:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files\Google\Update\1.3.21.65\npGoogleUpdate3.dll (Google Inc.) FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files\Google\Update\1.3.21.65\npGoogleUpdate3.dll (Google Inc.) FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{000a9d1c-beef-4f90-9363-039d445309b8}: C:\Program Files\Google\Google Gears\Firefox\ [2011.03.12 22:30:07 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{23fcfd51-4958-4f00-80a3-ae97e717ed8b}: C:\Program Files\DivX\DivX Plus Web Player\firefox\DivXHTML5 [2011.07.14 22:42:34 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 6.0\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2011.08.29 00:06:11 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 6.0\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2011.08.31 00:24:54 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Thunderbird 6.0\extensions\\Components: C:\Program Files\Mozilla Thunderbird\components [2011.08.29 00:06:11 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Thunderbird 6.0\extensions\\Plugins: C:\Program Files\Mozilla Thunderbird\plugins [2011.08.31 00:24:54 | 000,000,000 | ---D | M] [2010.02.23 17:52:50 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Moritz\AppData\Roaming\mozilla\Extensions [2010.02.23 17:52:50 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Moritz\AppData\Roaming\mozilla\Extensions\{3550f703-e582-4d05-9a08-453d09bdfdc6} [2011.08.21 09:06:44 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Moritz\AppData\Roaming\mozilla\Firefox\Profiles\4zf2y16n.default\extensions [2010.12.11 14:14:01 | 000,000,000 | ---D | M] (Vista-aero) -- C:\Users\Moritz\AppData\Roaming\mozilla\Firefox\Profiles\4zf2y16n.default\extensions\{07b2a769-ed19-4483-87ce-c643914c81bb} [2010.04.27 17:24:59 | 000,000,000 | ---D | M] (Microsoft .NET Framework Assistant) -- C:\Users\Moritz\AppData\Roaming\mozilla\Firefox\Profiles\4zf2y16n.default\extensions\{20a82645-c095-46ed-80e3-08825760534b} [2011.08.03 00:57:34 | 000,000,000 | ---D | M] (FoxyTunes) -- C:\Users\Moritz\AppData\Roaming\mozilla\Firefox\Profiles\4zf2y16n.default\extensions\{463F6CA5-EE3C-4be1-B7E6-7FEE11953374} [2011.07.16 10:51:07 | 000,000,000 | ---D | M] ("Free YouTube Download (Free Studio) Menu") -- C:\Users\Moritz\AppData\Roaming\mozilla\Firefox\Profiles\4zf2y16n.default\extensions\{ACAA314B-EEBA-48e4-AD47-84E31C44796C} [2011.07.05 12:32:04 | 000,000,000 | ---D | M] (Adblock Plus) -- C:\Users\Moritz\AppData\Roaming\mozilla\Firefox\Profiles\4zf2y16n.default\extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d} [2011.07.05 12:32:04 | 000,000,000 | ---D | M] (Download Statusbar) -- C:\Users\Moritz\AppData\Roaming\mozilla\Firefox\Profiles\4zf2y16n.default\extensions\{D4DD63FA-01E4-46a7-B6B1-EDAB7D6AD389} [2011.07.05 12:32:05 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Moritz\AppData\Roaming\mozilla\Firefox\Profiles\4zf2y16n.default\extensions\{dc572301-7619-498c-a57d-39143191b318} [2009.04.15 18:47:17 | 000,000,000 | ---D | M] (RDown - Rapidshare Downloader) -- C:\Users\Moritz\AppData\Roaming\mozilla\Firefox\Profiles\4zf2y16n.default\extensions\dave2x@download [2011.01.04 12:05:47 | 000,000,000 | ---D | M] (Read It Later) -- C:\Users\Moritz\AppData\Roaming\mozilla\Firefox\Profiles\4zf2y16n.default\extensions\isreaditlater@ideashower.com [2011.02.12 16:21:01 | 000,000,000 | ---D | M] (vShare Plugin) -- C:\Users\Moritz\AppData\Roaming\mozilla\Firefox\Profiles\4zf2y16n.default\extensions\vshare@toolbar [2010.12.11 14:14:01 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Moritz\AppData\Roaming\mozilla\Firefox\Profiles\4zf2y16n.default\extensions\{07b2a769-ed19-4483-87ce-c643914c81bb}\chrome\mozapps\extensions [2011.07.05 12:32:05 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Moritz\AppData\Roaming\mozilla\Firefox\Profiles\4zf2y16n.default\extensions\{dc572301-7619-498c-a57d-39143191b318}\modules\extensions [2009.12.09 23:24:45 | 000,001,127 | ---- | M] () -- C:\Users\Moritz\AppData\Roaming\Mozilla\Firefox\Profiles\4zf2y16n.default\searchplugins\rapidshare-filefinder.xml [2009.12.09 23:24:13 | 000,004,153 | ---- | M] () -- C:\Users\Moritz\AppData\Roaming\Mozilla\Firefox\Profiles\4zf2y16n.default\searchplugins\youtube.xml [2011.08.16 10:09:31 | 000,000,000 | ---D | M] (No name found) -- C:\Programme\Mozilla Firefox\extensions [2010.04.18 15:09:17 | 000,000,000 | ---D | M] (Java Console) -- C:\Programme\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA} () (No name found) -- C:\USERS\MORITZ\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\4ZF2Y16N.DEFAULT\EXTENSIONS\{DD05FD3D-18DF-4CE4-AE53-E795339C5F01}.XPI () (No name found) -- C:\USERS\MORITZ\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\4ZF2Y16N.DEFAULT\EXTENSIONS\SMARTERWIKI@WIKIATIC.COM.XPI [2011.08.12 08:13:04 | 000,134,104 | ---- | M] (Mozilla Foundation) -- C:\Program Files\mozilla firefox\components\browsercomps.dll [2010.04.12 17:29:19 | 000,411,368 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\mozilla firefox\plugins\npdeployJava1.dll [2010.10.19 19:38:57 | 000,075,208 | ---- | M] (Foxit Software Company) -- C:\Program Files\mozilla firefox\plugins\npFoxitReaderPlugin.dll [2011.07.11 23:48:12 | 000,012,800 | ---- | M] (Nullsoft, Inc.) -- C:\Program Files\mozilla firefox\plugins\npwachk.dll [2011.08.12 06:19:37 | 000,001,392 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\amazondotcom-de.xml [2011.08.12 06:14:12 | 000,002,252 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\bing.xml [2011.08.12 06:19:37 | 000,001,153 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\eBay-de.xml [2011.08.12 06:19:37 | 000,006,805 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\leo_ende_de.xml [2011.08.12 06:19:37 | 000,001,178 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\wikipedia-de.xml [2011.08.12 06:19:37 | 000,001,105 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\yahoo-de.xml O1 HOSTS File: ([2006.09.18 23:41:30 | 000,000,736 | ---- | M]) - C:\Windows\System32\drivers\etc\hosts O1 - Hosts: ::1 localhost O2 - BHO: (vShare Toolbar) - {043C5167-00BB-4324-AF7E-62013FAEDACF} - C:\Programme\vShare\vshare_toolbar.dll () O2 - BHO: (Adobe PDF Reader Link Helper) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Programme\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll (Adobe Systems Incorporated) O2 - BHO: (DivX Plus Web Player HTML5 <video>) - {326E768D-4182-46FD-9C16-1449A49795F4} - C:\Programme\DivX\DivX Plus Web Player\ie\DivXHTML5\DivXHTML5.dll (DivX, LLC) O2 - BHO: (ShowBarObj Class) - {83A2F9B1-01A2-4AA5-87D1-45B6B8505E96} - C:\Programme\Acer\Empowering Technology\eDataSecurity\x86\ActiveToolBand.dll (Egis) O2 - BHO: (Google Gears Helper) - {E0FEFE40-FBF9-42AE-BA58-794CA7E3FB53} - C:\Programme\Google\Google Gears\Internet Explorer\0.5.36.0\gears.dll (Google Inc.) O3 - HKLM\..\Toolbar: (vShare Toolbar) - {043C5167-00BB-4324-AF7E-62013FAEDACF} - C:\Programme\vShare\vshare_toolbar.dll () O3 - HKLM\..\Toolbar: (no name) - {0BF43445-2F28-4351-9252-17FE6E806AA0} - No CLSID value found. O3 - HKLM\..\Toolbar: (Acer eDataSecurity Management) - {5CBE3B7C-1E47-477e-A7DD-396DB0476E29} - C:\Programme\Acer\Empowering Technology\eDataSecurity\x86\eDStoolbar.dll (Egis Incorporated.) O3 - HKCU\..\Toolbar\ShellBrowser: (Acer eDataSecurity Management) - {5CBE3B7C-1E47-477E-A7DD-396DB0476E29} - C:\Programme\Acer\Empowering Technology\eDataSecurity\x86\eDStoolbar.dll (Egis Incorporated.) O3 - HKCU\..\Toolbar\WebBrowser: (vShare Toolbar) - {043C5167-00BB-4324-AF7E-62013FAEDACF} - C:\Programme\vShare\vshare_toolbar.dll () O4 - HKLM..\Run: [avgnt] C:\Program Files\Avira\AntiVir Desktop\avgnt.exe (Avira GmbH) O4 - HKLM..\Run: [DivXUpdate] C:\Program Files\DivX\DivX Update\DivXUpdate.exe () O4 - HKLM..\Run: [RtHDVCpl] C:\Windows\RtHDVCpl.exe (Realtek Semiconductor) O4 - HKLM..\Run: [Wallpaper Juggler Monitor] C:\Program Files\Wallpaper Juggler\WallpaperJugglerM.exe (Topdownloads Networks) O4 - HKLM..\Run: [WPCUMI] C:\Windows\System32\wpcumi.exe (Microsoft Corporation) O4 - HKCU..\Run: [RocketDock] C:\Program Files\RocketDock\RocketDock.exe () O4 - HKCU..\Run: [WMPNSCFG] C:\Programme\Windows Media Player\wmpnscfg.exe (Microsoft Corporation) O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableLUA = 0 O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145 O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: LogonHoursAction = 2 O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: DontDisplayLogonHoursWarnings = 1 O8 - Extra context menu item: Free YouTube to MP3 Converter - C:\Users\Moritz\AppData\Roaming\DVDVideoSoftIEHelpers\freeyoutubetomp3converter.htm () O8 - Extra context menu item: Nach Microsoft E&xel exportieren - C:\Programme\Microsoft Office\Office12\EXCEL.EXE (Microsoft Corporation) O8 - Extra context menu item: Save YouTube Video as MP3 - C:\Program Files\Common Files\DVDVideoSoft\Dll\IEContextMenuY.dll (DVSTeam) O9 - Extra 'Tools' menuitem : &Gears-Einstellungen - {09C04DA7-5B76-4EBC-BBEE-B25EAC5965F5} - C:\Programme\Google\Google Gears\Internet Explorer\0.5.36.0\gears.dll (Google Inc.) O9 - Extra Button: An OneNote senden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Programme\Microsoft Office\Office12\ONBttnIE.dll (Microsoft Corporation) O9 - Extra 'Tools' menuitem : An OneNote s&enden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Programme\Microsoft Office\Office12\ONBttnIE.dll (Microsoft Corporation) O9 - Extra Button: ICQ7.5 - {7578ADEA-D65F-4C89-A249-B1C88B6FFC20} - C:\Programme\ICQ7.5\ICQ.exe (ICQ, LLC.) O9 - Extra 'Tools' menuitem : ICQ7.5 - {7578ADEA-D65F-4C89-A249-B1C88B6FFC20} - C:\Programme\ICQ7.5\ICQ.exe (ICQ, LLC.) O9 - Extra Button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\Programme\Microsoft Office\Office12\REFIEBAR.DLL (Microsoft Corporation) O10 - NameSpace_Catalog5\Catalog_Entries\000000000007 [] - C:\Programme\Bonjour\mdnsNSP.dll (Apple Inc.) O10 - Protocol_Catalog9\Catalog_Entries\000000000001 - C:\Windows\System32\wpclsp.dll (Microsoft Corporation) O10 - Protocol_Catalog9\Catalog_Entries\000000000002 - C:\Windows\System32\wpclsp.dll (Microsoft Corporation) O10 - Protocol_Catalog9\Catalog_Entries\000000000003 - C:\Windows\System32\wpclsp.dll (Microsoft Corporation) O10 - Protocol_Catalog9\Catalog_Entries\000000000004 - C:\Windows\System32\wpclsp.dll (Microsoft Corporation) O10 - Protocol_Catalog9\Catalog_Entries\000000000005 - C:\Windows\System32\wpclsp.dll (Microsoft Corporation) O10 - Protocol_Catalog9\Catalog_Entries\000000000006 - C:\Windows\System32\wpclsp.dll (Microsoft Corporation) O10 - Protocol_Catalog9\Catalog_Entries\000000000007 - C:\Windows\System32\wpclsp.dll (Microsoft Corporation) O10 - Protocol_Catalog9\Catalog_Entries\000000000008 - C:\Windows\System32\wpclsp.dll (Microsoft Corporation) O10 - Protocol_Catalog9\Catalog_Entries\000000000020 - C:\Windows\System32\wpclsp.dll (Microsoft Corporation) O13 - gopher Prefix: missing O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_20-windows-i586.cab (Java Plug-in 1.6.0_20) O16 - DPF: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_20-windows-i586.cab (Java Plug-in 1.6.0_20) O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_20-windows-i586.cab (Java Plug-in 1.6.0_20) O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} hxxp://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab (Shockwave Flash Object) O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.178.1 O18 - Protocol\Handler\ms-help {314111c7-a502-11d2-bbca-00c04f8ec294} - C:\Programme\Common Files\microsoft shared\Help\hxds.dll (Microsoft Corporation) O18 - Protocol\Handler\ms-itss {0A9007C0-4076-11D3-8789-0000F8105754} - c:\Programme\Common Files\microsoft shared\Information Retrieval\msitss.dll (Microsoft Corporation) O18 - Protocol\Handler\vsharechrome {3F3A4B8A-86FC-43A4-BB00-6D7EBE9D4484} - C:\Programme\vShare\vshare_toolbar.dll () O18 - Protocol\Filter\text/xml {807563E5-5146-11D5-A672-00B0D022E945} - C:\Programme\Common Files\microsoft shared\OFFICE12\MSOXMLMF.DLL (Microsoft Corporation) O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation) O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\System32\userinit.exe (Microsoft Corporation) O24 - Desktop WallPaper: C:\Users\Moritz\AppData\Roaming\Microsoft\Windows Photo Gallery\Hintergrundbild der Windows-Fotogalerie.jpg O24 - Desktop BackupWallPaper: C:\Users\Moritz\AppData\Roaming\Microsoft\Windows Photo Gallery\Hintergrundbild der Windows-Fotogalerie.jpg O32 - HKLM CDRom: AutoRun - 1 O32 - AutoRun File - [2006.09.18 23:43:36 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ] O33 - MountPoints2\{042d38f9-29a5-11de-b14a-001d72d3342b}\Shell - "" = AutoRun O33 - MountPoints2\{042d38f9-29a5-11de-b14a-001d72d3342b}\Shell\AutoRun\command - "" = F:\RunGame.exe O33 - MountPoints2\{535531ae-8281-11df-81e5-979c78c094fd}\Shell - "" = AutoRun O33 - MountPoints2\{535531ae-8281-11df-81e5-979c78c094fd}\Shell\AutoRun\command - "" = H:\LaunchU3.exe -a O33 - MountPoints2\{73374348-e1bb-11de-a178-001d72d3342b}\Shell\AutoRun\command - "" = I:\DVAP.exe O33 - MountPoints2\{b482a856-22e2-11de-9d11-001d72d3342b}\Shell - "" = AutoRun O33 - MountPoints2\{b482a856-22e2-11de-9d11-001d72d3342b}\Shell\AutoRun\command - "" = F:\autoplay.exe O34 - HKLM BootExecute: (autocheck autochk *) - File not found O35 - HKLM\..comfile [open] -- "%1" %* O35 - HKLM\..exefile [open] -- "%1" %* O37 - HKLM\...com [@ = comfile] -- "%1" %* O37 - HKLM\...exe [@ = exefile] -- "%1" %* ActiveX: {08B0E5C0-4FCB-11CF-AAA5-00401C608500} - Java (Sun) ActiveX: {2179C5D3-EBFF-11CF-B6FD-00AA00B4E220} - ActiveX: {22d6f312-b0f6-11d0-94ab-0080c74c7e95} - Microsoft Windows Media Player 11.0 ActiveX: {25FFAAD0-F4A3-4164-95FF-4461E9F35D51} - .NET Framework ActiveX: {2C7339CF-2B09-4501-B3F3-F3508C9228ED} - %SystemRoot%\system32\regsvr32.exe /s /n /i:/UserInstall %SystemRoot%\system32\themeui.dll ActiveX: {3af36230-a269-11d1-b5bf-0000f8051515} - Offline Browsing Pack ActiveX: {3C3901C5-3455-3E0A-A214-0B093A5070A6} - .NET Framework ActiveX: {44BBA840-CC51-11CF-AAFA-00AA00B6015C} - "%ProgramFiles%\Windows Mail\WinMail.exe" OCInstallUserConfigOE ActiveX: {44BBA848-CC51-11CF-AAFA-00AA00B6015C} - ActiveX: {44BBA855-CC51-11CF-AAFA-00AA00B6015F} - DirectDrawEx ActiveX: {45ea75a0-a269-11d1-b5bf-0000f8051515} - Internet Explorer Help ActiveX: {4f645220-306d-11d2-995d-00c04f98bbc9} - Microsoft Windows Script 5.8 ActiveX: {5fd399c0-a70a-11d1-9948-00c04f98bbc9} - Internet Explorer Setup Tools ActiveX: {630b1da0-b465-11d1-9948-00c04f98bbc9} - Browsing Enhancements ActiveX: {6BF52A52-394A-11d3-B153-00C04F79FAA6} - Microsoft Windows Media Player ActiveX: {6fab99d0-bab8-11d1-994a-00c04f98bbc9} - MSN Site Access ActiveX: {7790769C-0471-11d2-AF11-00C04FA35D02} - Address Book 7 ActiveX: {7C028AF8-F614-47B3-82DA-BA94E41B1089} - .NET Framework ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4340} - regsvr32.exe /s /n /i:U shell32.dll ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4383} - C:\Windows\system32\ie4uinit.exe -BaseSettings ActiveX: {89B4C1CD-B018-4511-B0A1-5476DBF70820} - C:\Windows\system32\Rundll32.exe C:\Windows\system32\mscories.dll,Install ActiveX: {9381D8F2-0288-11D0-9501-00AA00B911A5} - Dynamic HTML Data Binding ActiveX: {9C450606-ED24-4958-92BA-B8940C99D441} - C:\Program Files\PixiePack Codec Pack\InstallerHelper.exe ActiveX: {C9E9A340-D1F1-11D0-821E-444553540600} - Internet Explorer Core Fonts ActiveX: {CDD7975E-60F8-41d5-8149-19E51D6F71D0} - Windows Movie Maker v2.1 ActiveX: {D27CDB6E-AE6D-11CF-96B8-444553540000} - Adobe Flash Player ActiveX: {de5aed00-a4bf-11d1-9948-00c04f98bbc9} - HTML Help ActiveX: {E92B03AB-B707-11d2-9CBD-0000F87A369E} - Active Directory Service Interface ActiveX: >{22d6f312-b0f6-11d0-94ab-0080c74c7e95} - C:\Windows\system32\unregmp2.exe /ShowWMP ActiveX: >{26923b43-4d38-484f-9b9e-de460746276c} - C:\Windows\system32\ie4uinit.exe -UserIconConfig ActiveX: >{60B49E34-C7CC-11D0-8953-00A0C90347FF} - "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\iedkcs32.dll",BrandIEActiveSetup SIGNUP NetSvcs: FastUserSwitchingCompatibility - File not found NetSvcs: Ias - C:\Windows\System32\ias.dll (Microsoft Corporation) NetSvcs: Nla - File not found NetSvcs: Ntmssvc - File not found NetSvcs: NWCWorkstation - File not found NetSvcs: Nwsapagent - File not found NetSvcs: SRService - File not found NetSvcs: WmdmPmSp - File not found NetSvcs: LogonHours - File not found NetSvcs: PCAudit - File not found NetSvcs: helpsvc - File not found NetSvcs: uploadmgr - File not found MsConfig - StartUpFolder: C:^Users^Moritz^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^OneNote 2007 Bildschirmausschnitt- und Startprogramm.lnk - C:\Programme\Microsoft Office\Office12\ONENOTEM.EXE - (Microsoft Corporation) MsConfig - StartUpFolder: C:^Users^Moritz^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^OpenOffice.org 3.0.lnk - - File not found MsConfig - StartUpReg: Adobe ARM - hkey= - key= - C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe (Adobe Systems Incorporated) MsConfig - StartUpReg: Adobe Reader Speed Launcher - hkey= - key= - C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe (Adobe Systems Incorporated) MsConfig - StartUpReg: ArcadeDeluxeAgent - hkey= - key= - File not found MsConfig - StartUpReg: BkupTray - hkey= - key= - C:\Program Files\NewTech Infosystems\NTI Backup Now 5\BkupTray.exe () MsConfig - StartUpReg: CLMLServer - hkey= - key= - File not found MsConfig - StartUpReg: EA Core - hkey= - key= - File not found MsConfig - StartUpReg: eDataSecurity Loader - hkey= - key= - C:\Programme\Acer\Empowering Technology\eDataSecurity\x86\eDSLoader.exe (Egis Incorporated) MsConfig - StartUpReg: ePower_DMC - hkey= - key= - C:\Programme\Acer\Empowering Technology\ePower\ePower_DMC.exe (Acer Inc.) MsConfig - StartUpReg: ICQ - hkey= - key= - File not found MsConfig - StartUpReg: iTunesHelper - hkey= - key= - C:\Program Files\iTunes\iTunesHelper.exe (Apple Inc.) MsConfig - StartUpReg: KiesHelper - hkey= - key= - C:\Program Files\Samsung\Kies\KiesHelper.exe (Samsung) MsConfig - StartUpReg: KiesTrayAgent - hkey= - key= - C:\Programme\Samsung\Kies\KiesTrayAgent.exe (Samsung Electronics Co., Ltd.) MsConfig - StartUpReg: LManager - hkey= - key= - C:\Programme\Launch Manager\LManager.exe (Dritek System Inc.) MsConfig - StartUpReg: PlayMovie - hkey= - key= - File not found MsConfig - StartUpReg: QuickTime Task - hkey= - key= - C:\Program Files\QuickTime\QTTask.exe (Apple Inc.) MsConfig - StartUpReg: RtHDVCpl - hkey= - key= - C:\Windows\RtHDVCpl.exe (Realtek Semiconductor) MsConfig - StartUpReg: Skytel - hkey= - key= - C:\Windows\SkyTel.exe (Realtek Semiconductor Corp.) MsConfig - StartUpReg: StartCCC - hkey= - key= - C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe (Advanced Micro Devices, Inc.) MsConfig - StartUpReg: WarReg_PopUp - hkey= - key= - C:\Programme\Acer\WR_PopUp\WarReg_PopUp.exe (Acer Incorporated) MsConfig - StartUpReg: WinampAgent - hkey= - key= - File not found MsConfig - StartUpReg: Windows Defender - hkey= - key= - File not found MsConfig - State: "startup" - 2 MsConfig - State: "bootini" - 2 CREATERESTOREPOINT Restore point Set: OTL Restore Point ========== Files/Folders - Created Within 30 Days ========== [2011.08.30 13:09:20 | 000,000,000 | ---D | C] -- C:\Users\Moritz\AppData\Roaming\Malwarebytes [2011.08.30 13:09:08 | 000,041,272 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbamswissarmy.sys [2011.08.30 13:09:08 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes' Anti-Malware [2011.08.30 13:09:06 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes [2011.08.30 13:09:03 | 000,022,712 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbam.sys [2011.08.30 13:09:03 | 000,000,000 | ---D | C] -- C:\Program Files\Malwarebytes' Anti-Malware [2011.08.29 00:20:49 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\iTunes [2011.08.29 00:19:30 | 000,000,000 | ---D | C] -- C:\Program Files\iPod [2011.08.29 00:07:35 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\QuickTime [2011.08.28 15:10:07 | 000,000,000 | ---D | C] -- C:\Users\Moritz\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Wallpaper Juggler [2011.08.28 15:10:07 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Wallpaper Juggler [2011.08.28 15:10:04 | 000,000,000 | ---D | C] -- C:\Program Files\Wallpaper Juggler [2011.08.26 19:00:16 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Foxit Reader 5.0 [2011.08.26 18:43:05 | 000,000,000 | ---D | C] -- C:\Users\Moritz\AppData\Roaming\Foxit Software [2011.08.15 17:01:05 | 000,000,000 | ---D | C] -- C:\Program Files\ALDI Bestellsoftware [2011.08.12 23:27:59 | 000,000,000 | ---D | C] -- C:\Users\Moritz\A Norway [2011.08.12 23:04:31 | 000,000,000 | ---D | C] -- C:\Users\Moritz\America [2011.08.03 13:07:50 | 000,000,000 | ---D | C] -- C:\Users\Moritz\AppData\Local\Microsoft Corporation [2011.08.03 13:06:53 | 000,000,000 | ---D | C] -- C:\Program Files\Microsoft Windows 7 Upgrade Advisor [2011.08.03 00:58:39 | 000,000,000 | ---D | C] -- C:\Program Files\Bonjour [2011.07.06 18:44:23 | 005,243,208 | ---- | C] ( ) -- C:\Users\Moritz\AppData\Roaming\AvsP.exe [2011.07.06 18:41:47 | 004,284,535 | ---- | C] (ffdshow ) -- C:\Users\Moritz\AppData\Roaming\ffdshow.exe [2011.07.06 18:41:31 | 000,642,685 | ---- | C] (Xvid team ) -- C:\Users\Moritz\AppData\Roaming\xvid.exe [2011.07.06 18:39:39 | 004,182,178 | ---- | C] (The Public) -- C:\Users\Moritz\AppData\Roaming\Avisynth.exe [2008.09.25 13:49:40 | 000,049,152 | ---- | C] ( ) -- C:\Windows\Interop.IWshRuntimeLibrary.dll [1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ] [1 C:\Users\Moritz\Documents\*.tmp files -> C:\Users\Moritz\Documents\*.tmp -> ] ========== Files - Modified Within 30 Days ========== [2011.08.31 01:05:00 | 000,001,098 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job [2011.08.31 00:56:55 | 000,000,420 | -H-- | M] () -- C:\Windows\tasks\User_Feed_Synchronization-{1AEAEB46-8F29-4B72-9FF7-AAD3A371800A}.job [2011.08.31 00:46:10 | 000,000,000 | ---- | M] () -- C:\Windows\System32\LogConfigTemp.xml [2011.08.31 00:46:00 | 000,003,216 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0 [2011.08.31 00:45:59 | 000,003,216 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0 [2011.08.31 00:45:51 | 000,001,094 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job [2011.08.31 00:45:25 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat [2011.08.31 00:45:18 | 2951,131,136 | -HS- | M] () -- C:\hiberfil.sys [2011.08.31 00:44:22 | 000,000,020 | ---- | M] () -- C:\Users\Moritz\defogger_reenable [2011.08.31 00:18:26 | 000,628,742 | ---- | M] () -- C:\Windows\System32\perfh007.dat [2011.08.31 00:18:26 | 000,595,996 | ---- | M] () -- C:\Windows\System32\perfh009.dat [2011.08.31 00:18:26 | 000,126,454 | ---- | M] () -- C:\Windows\System32\perfc007.dat [2011.08.31 00:18:26 | 000,104,070 | ---- | M] () -- C:\Windows\System32\perfc009.dat [2011.08.31 00:10:30 | 220,358,934 | ---- | M] () -- C:\Windows\MEMORY.DMP [2011.08.30 13:09:08 | 000,000,910 | ---- | M] () -- C:\Users\Public\Desktop\Malwarebytes' Anti-Malware.lnk [2011.08.30 12:21:57 | 001,605,632 | ---- | M] () -- C:\Users\Moritz\boot.iso [2011.08.29 00:20:49 | 000,001,668 | ---- | M] () -- C:\Users\Public\Desktop\iTunes.lnk [2011.08.28 15:42:18 | 000,247,808 | ---- | M] () -- C:\Users\Moritz\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini [2011.08.28 15:10:07 | 000,001,755 | ---- | M] () -- C:\Users\Moritz\Desktop\Wallpaper Juggler.lnk [2011.08.14 14:58:22 | 000,000,926 | ---- | M] () -- C:\Users\Moritz\Desktop\Dropbox.lnk [2011.08.03 13:06:56 | 000,001,988 | ---- | M] () -- C:\Users\Public\Desktop\Windows 7 Upgrade Advisor.lnk [1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ] [1 C:\Users\Moritz\Documents\*.tmp files -> C:\Users\Moritz\Documents\*.tmp -> ] ========== Files Created - No Company Name ========== [2011.08.31 00:44:07 | 000,000,020 | ---- | C] () -- C:\Users\Moritz\defogger_reenable [2011.08.30 13:09:08 | 000,000,910 | ---- | C] () -- C:\Users\Public\Desktop\Malwarebytes' Anti-Malware.lnk [2011.08.30 12:21:57 | 001,605,632 | ---- | C] () -- C:\Users\Moritz\boot.iso [2011.08.29 00:20:49 | 000,001,668 | ---- | C] () -- C:\Users\Public\Desktop\iTunes.lnk [2011.08.28 15:10:07 | 000,389,120 | ---- | C] () -- C:\Windows\System32\actskn43.ocx [2011.08.28 15:10:07 | 000,001,755 | ---- | C] () -- C:\Users\Moritz\Desktop\Wallpaper Juggler.lnk [2011.08.03 13:06:56 | 000,002,000 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Windows 7 Upgrade Advisor.lnk [2011.08.03 13:06:56 | 000,001,988 | ---- | C] () -- C:\Users\Public\Desktop\Windows 7 Upgrade Advisor.lnk [2011.07.06 18:48:12 | 000,765,952 | ---- | C] () -- C:\Windows\System32\xvidcore.dll [2011.07.06 18:48:12 | 000,180,224 | ---- | C] () -- C:\Windows\System32\xvidvfw.dll [2011.01.29 18:00:24 | 000,030,568 | ---- | C] () -- C:\Windows\MusiccityDownload.exe [2011.01.29 18:00:22 | 000,974,848 | ---- | C] () -- C:\Windows\System32\cis-2.4.dll [2011.01.29 18:00:22 | 000,081,920 | ---- | C] () -- C:\Windows\System32\issacapi_bs-2.3.dll [2011.01.29 18:00:22 | 000,065,536 | ---- | C] () -- C:\Windows\System32\issacapi_pe-2.3.dll [2011.01.29 18:00:22 | 000,057,344 | ---- | C] () -- C:\Windows\System32\issacapi_se-2.3.dll [2010.12.24 11:58:13 | 000,022,328 | ---- | C] () -- C:\Users\Moritz\AppData\Roaming\PnkBstrK.sys [2010.12.24 11:57:59 | 000,107,832 | ---- | C] () -- C:\Windows\System32\PnkBstrB.exe [2010.12.24 11:57:55 | 000,066,872 | ---- | C] () -- C:\Windows\System32\PnkBstrA.exe [2010.10.16 14:50:32 | 000,110,592 | ---- | C] () -- C:\Windows\System32\FsUsbExDevice.Dll [2010.10.16 14:50:32 | 000,036,640 | ---- | C] () -- C:\Windows\System32\FsUsbExDisk.Sys [2010.04.02 15:33:25 | 000,033,807 | ---- | C] () -- C:\Windows\Irremote.ini [2010.04.02 15:33:09 | 000,000,135 | ---- | C] () -- C:\Windows\ODBC.INI [2010.04.02 15:33:08 | 000,000,209 | ---- | C] () -- C:\Windows\ODBCINST.INI [2010.04.02 15:32:36 | 000,142,337 | ---- | C] () -- C:\Windows\System32\Wait.exe [2010.02.23 17:52:50 | 000,000,000 | ---- | C] () -- C:\Windows\nsreg.dat [2009.11.30 23:34:56 | 000,034,308 | ---- | C] () -- C:\ProgramData\mazuki.dll [2009.11.12 13:34:19 | 000,000,000 | ---- | C] () -- C:\Windows\jcmkr32.INI [2009.11.01 12:50:22 | 000,000,809 | ---- | C] () -- C:\Windows\NTIWVEDT.INI [2009.10.21 21:09:50 | 000,281,760 | ---- | C] () -- C:\Windows\System32\drivers\atksgt.sys [2009.10.21 21:09:49 | 000,025,888 | ---- | C] () -- C:\Windows\System32\drivers\lirsgt.sys [2009.05.27 17:32:58 | 000,107,612 | ---- | C] () -- C:\Windows\System32\StructuredQuerySchema.bin [2009.05.27 17:32:57 | 000,117,248 | ---- | C] () -- C:\Windows\System32\EhStorAuthn.dll [2009.05.03 19:12:34 | 000,479,232 | ---- | C] () -- C:\Windows\ssndii.exe [2009.03.16 12:45:12 | 000,022,723 | ---- | C] () -- C:\Windows\System32\ssp2ml3.dll [2009.02.24 14:09:00 | 000,000,569 | ---- | C] () -- C:\Windows\eReg.dat [2009.02.04 16:00:45 | 000,212,992 | ---- | C] () -- C:\Windows\System32\WMIMPLEX.dll [2009.02.04 16:00:45 | 000,040,960 | ---- | C] () -- C:\Windows\System32\maplec.dll [2009.02.04 16:00:45 | 000,020,480 | ---- | C] () -- C:\Windows\System32\maplecompat.dll [2009.02.02 16:59:58 | 000,554,496 | ---- | C] () -- C:\Windows\System32\dvmsg.dll [2009.01.30 16:19:35 | 000,000,025 | ---- | C] () -- C:\Windows\SIERRA.INI [2009.01.25 12:47:50 | 000,000,306 | RHS- | C] () -- C:\ProgramData\ntuser.pol [2009.01.24 16:51:36 | 000,247,808 | ---- | C] () -- C:\Users\Moritz\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini [2009.01.24 15:46:54 | 000,026,340 | ---- | C] () -- C:\Users\Moritz\AppData\Roaming\UserTile.png [2009.01.24 13:36:30 | 000,000,680 | ---- | C] () -- C:\Users\Moritz\AppData\Local\d3d9caps.dat [2009.01.24 13:17:40 | 000,018,904 | ---- | C] () -- C:\Windows\System32\StructuredQuerySchemaTrivial.bin [2008.11.06 18:37:32 | 003,596,288 | ---- | C] () -- C:\Windows\System32\qt-dx331.dll [2008.10.07 09:13:30 | 000,197,912 | ---- | C] () -- C:\Windows\System32\physxcudart_20.dll [2008.10.07 09:13:22 | 000,058,648 | ---- | C] () -- C:\Windows\System32\AgCPanelTraditionalChinese.dll [2008.10.07 09:13:20 | 000,058,648 | ---- | C] () -- C:\Windows\System32\AgCPanelSwedish.dll [2008.10.07 09:13:20 | 000,058,648 | ---- | C] () -- C:\Windows\System32\AgCPanelSpanish.dll [2008.10.07 09:13:20 | 000,058,648 | ---- | C] () -- C:\Windows\System32\AgCPanelSimplifiedChinese.dll [2008.10.07 09:13:20 | 000,058,648 | ---- | C] () -- C:\Windows\System32\AgCPanelPortugese.dll [2008.10.07 09:13:20 | 000,058,648 | ---- | C] () -- C:\Windows\System32\AgCPanelKorean.dll [2008.10.07 09:13:20 | 000,058,648 | ---- | C] () -- C:\Windows\System32\AgCPanelJapanese.dll [2008.10.07 09:13:20 | 000,058,648 | ---- | C] () -- C:\Windows\System32\AgCPanelGerman.dll [2008.10.07 09:13:20 | 000,058,648 | ---- | C] () -- C:\Windows\System32\AgCPanelFrench.dll [2008.09.25 13:48:26 | 003,107,788 | ---- | C] () -- C:\Windows\System32\atiumdva.dat [2008.09.25 13:48:26 | 000,174,819 | ---- | C] () -- C:\Windows\System32\atiicdxx.dat [2008.09.25 13:48:26 | 000,159,744 | ---- | C] () -- C:\Windows\System32\atitmmxx.dll [2008.09.25 13:48:26 | 000,090,112 | ---- | C] () -- C:\Windows\System32\atibrtmon.exe [2008.09.25 04:07:43 | 000,204,800 | ---- | C] () -- C:\Windows\System32\SysHook.dll [2008.09.25 04:04:33 | 000,001,694 | ---- | C] () -- C:\Windows\RtDefLvl.ini [2008.09.25 04:04:33 | 000,000,520 | ---- | C] () -- C:\Windows\System32\drivers\RTEQEX1.dat [2008.09.25 04:04:33 | 000,000,520 | ---- | C] () -- C:\Windows\System32\drivers\RTEQEX0.dat [2008.09.25 04:04:33 | 000,000,008 | ---- | C] () -- C:\Windows\System32\drivers\rtkhdaud.dat [2008.09.25 03:55:43 | 000,000,000 | ---- | C] () -- C:\Windows\ativpsrm.bin [2008.08.28 05:39:18 | 000,628,742 | ---- | C] () -- C:\Windows\System32\perfh007.dat [2008.08.28 05:39:18 | 000,290,748 | ---- | C] () -- C:\Windows\System32\perfi007.dat [2008.08.28 05:39:18 | 000,126,454 | ---- | C] () -- C:\Windows\System32\perfc007.dat [2008.08.28 05:39:18 | 000,036,916 | ---- | C] () -- C:\Windows\System32\perfd007.dat [2008.08.27 20:36:03 | 000,487,424 | ---- | C] () -- C:\Windows\System32\INT15.dll [2008.08.27 20:32:07 | 000,001,024 | RH-- | C] () -- C:\Windows\System32\NTIOFM4.dll [2008.08.27 20:32:07 | 000,001,024 | RH-- | C] () -- C:\Windows\System32\NTIBUN5.dll [2008.08.19 04:48:56 | 001,060,424 | ---- | C] () -- C:\Windows\System32\WdfCoInstaller01000.dll [2008.08.19 04:48:50 | 000,872,448 | ---- | C] () -- C:\Windows\iconv.dll [2008.08.19 04:48:50 | 000,743,424 | ---- | C] () -- C:\Windows\libxml2.dll [2008.08.19 04:48:18 | 000,000,041 | ---- | C] () -- C:\Windows\Prelaunch.ini [2006.11.02 14:57:28 | 000,067,584 | --S- | C] () -- C:\Windows\bootstat.dat [2006.11.02 14:47:37 | 000,344,464 | ---- | C] () -- C:\Windows\System32\FNTCACHE.DAT [2006.11.02 14:35:32 | 000,005,632 | ---- | C] () -- C:\Windows\System32\sysprepMCE.dll [2006.11.02 12:33:01 | 000,595,996 | ---- | C] () -- C:\Windows\System32\perfh009.dat [2006.11.02 12:33:01 | 000,287,440 | ---- | C] () -- C:\Windows\System32\perfi009.dat [2006.11.02 12:33:01 | 000,104,070 | ---- | C] () -- C:\Windows\System32\perfc009.dat [2006.11.02 12:33:01 | 000,030,674 | ---- | C] () -- C:\Windows\System32\perfd009.dat [2006.11.02 12:23:21 | 000,215,943 | ---- | C] () -- C:\Windows\System32\dssec.dat [2006.11.02 10:58:30 | 000,043,131 | ---- | C] () -- C:\Windows\mib.bin [2006.11.02 10:19:00 | 000,000,741 | ---- | C] () -- C:\Windows\System32\NOISE.DAT [2006.11.02 09:40:29 | 000,013,750 | ---- | C] () -- C:\Windows\System32\pacerprf.ini [2006.11.02 09:25:31 | 000,673,088 | ---- | C] () -- C:\Windows\System32\mlang.dat [2002.09.18 01:45:00 | 000,119,808 | ---- | C] () -- C:\Windows\lsb_un20.exe [2001.12.26 16:12:30 | 000,065,536 | ---- | C] () -- C:\Windows\System32\multiplex_vcd.dll [2001.09.03 23:46:38 | 000,110,592 | ---- | C] () -- C:\Windows\System32\Hmpg12.dll [2001.07.30 16:33:56 | 000,118,784 | ---- | C] () -- C:\Windows\System32\HMPV2_ENC.dll [2001.07.23 22:04:36 | 000,118,784 | ---- | C] () -- C:\Windows\System32\HMPV2_ENC_MMX.dll [1996.04.03 21:33:26 | 000,005,248 | ---- | C] () -- C:\Windows\System32\giveio.sys ========== LOP Check ========== [2008.08.27 20:30:20 | 000,000,000 | ---D | M] -- C:\Users\Moritz\AppData\Roaming\Acer GameZone Console [2010.12.10 22:58:01 | 000,000,000 | ---D | M] -- C:\Users\Moritz\AppData\Roaming\albumart [2009.04.16 12:25:13 | 000,000,000 | ---D | M] -- C:\Users\Moritz\AppData\Roaming\DAEMON Tools [2009.04.16 12:26:33 | 000,000,000 | ---D | M] -- C:\Users\Moritz\AppData\Roaming\DAEMON Tools Lite [2009.04.06 21:45:51 | 000,000,000 | ---D | M] -- C:\Users\Moritz\AppData\Roaming\DAEMON Tools Pro [2011.08.27 21:07:58 | 000,000,000 | ---D | M] -- C:\Users\Moritz\AppData\Roaming\Dropbox [2011.07.16 10:51:36 | 000,000,000 | ---D | M] -- C:\Users\Moritz\AppData\Roaming\DVDVideoSoft [2011.07.16 10:51:06 | 000,000,000 | ---D | M] -- C:\Users\Moritz\AppData\Roaming\DVDVideoSoftIEHelpers [2011.08.26 18:43:05 | 000,000,000 | ---D | M] -- C:\Users\Moritz\AppData\Roaming\Foxit Software [2011.08.15 14:48:24 | 000,000,000 | ---D | M] -- C:\Users\Moritz\AppData\Roaming\gtk-2.0 [2011.08.30 23:58:21 | 000,000,000 | ---D | M] -- C:\Users\Moritz\AppData\Roaming\ICQ [2010.12.26 11:50:10 | 000,000,000 | ---D | M] -- C:\Users\Moritz\AppData\Roaming\Leadertech [2009.02.10 18:37:04 | 000,000,000 | ---D | M] -- C:\Users\Moritz\AppData\Roaming\OpenOffice.org [2009.01.24 15:46:54 | 000,000,000 | ---D | M] -- C:\Users\Moritz\AppData\Roaming\PeerNetworking [2011.07.15 01:06:33 | 000,000,000 | ---D | M] -- C:\Users\Moritz\AppData\Roaming\Personal Video Database [2009.02.15 17:10:34 | 000,000,000 | ---D | M] -- C:\Users\Moritz\AppData\Roaming\Pingus [2011.02.12 19:14:38 | 000,000,000 | ---D | M] -- C:\Users\Moritz\AppData\Roaming\Rovio [2010.10.16 14:49:03 | 000,000,000 | ---D | M] -- C:\Users\Moritz\AppData\Roaming\Samsung [2010.04.18 15:00:48 | 000,000,000 | ---D | M] -- C:\Users\Moritz\AppData\Roaming\smc [2009.09.29 16:47:16 | 000,000,000 | ---D | M] -- C:\Users\Moritz\AppData\Roaming\Teeworlds [2010.05.13 15:04:03 | 000,000,000 | ---D | M] -- C:\Users\Moritz\AppData\Roaming\temp [2010.02.23 17:52:49 | 000,000,000 | ---D | M] -- C:\Users\Moritz\AppData\Roaming\Thunderbird [2009.02.08 13:32:16 | 000,000,000 | ---D | M] -- C:\Users\Moritz\AppData\Roaming\Tobit [2010.04.27 18:00:57 | 000,000,000 | ---D | M] -- C:\Users\Moritz\AppData\Roaming\TuneUp Software [2009.02.09 20:24:23 | 000,000,000 | ---D | M] -- C:\Users\Moritz\AppData\Roaming\Wormux [2011.08.31 00:44:34 | 000,032,530 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT [2011.08.31 00:56:55 | 000,000,420 | -H-- | M] () -- C:\Windows\Tasks\User_Feed_Synchronization-{1AEAEB46-8F29-4B72-9FF7-AAD3A371800A}.job ========== Purity Check ========== ========== Custom Scans ========== < %SYSTEMDRIVE%\*. > [2009.03.19 20:12:11 | 000,000,000 | -HSD | M] -- C:\$RECYCLE.BIN [2009.01.24 12:48:34 | 000,000,000 | ---D | M] -- C:\Acer [2010.02.19 14:39:55 | 000,000,000 | ---D | M] -- C:\ATI [2009.05.27 22:55:40 | 000,000,000 | -HSD | M] -- C:\Boot [2006.11.02 15:02:03 | 000,000,000 | -HSD | M] -- C:\Documents and Settings [2009.01.24 12:43:07 | 000,000,000 | -HSD | M] -- C:\Dokumente und Einstellungen [2011.08.30 11:09:47 | 000,000,000 | ---D | M] -- C:\Lyrics [2008.08.27 20:13:50 | 000,000,000 | RH-D | M] -- C:\MSOCache [2011.08.31 00:24:54 | 000,000,000 | R--D | M] -- C:\Program Files [2011.08.30 13:09:06 | 000,000,000 | -H-D | M] -- C:\ProgramData [2009.01.24 12:43:07 | 000,000,000 | -HSD | M] -- C:\Programme [2011.08.31 01:21:38 | 000,000,000 | -HSD | M] -- C:\System Volume Information [2011.03.13 14:21:23 | 000,000,000 | ---D | M] -- C:\Temp [2009.03.19 20:11:47 | 000,000,000 | R--D | M] -- C:\Users [2011.08.31 00:33:03 | 000,000,000 | ---D | M] -- C:\Windows < %PROGRAMFILES%\*.exe > < %LOCALAPPDATA%\*.exe > < %systemroot%\*. /mp /s > < MD5 for: EXPLORER.EXE > [2008.10.29 08:20:29 | 002,923,520 | ---- | M] (Microsoft Corporation) MD5=37440D09DEAE0B672A04DCCF7ABF06BE -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.0.6000.16771_none_4f83bb287ccdb7e3\explorer.exe [2008.10.29 08:29:41 | 002,927,104 | ---- | M] (Microsoft Corporation) MD5=4F554999D7D5F05DAAEBBA7B5BA1089D -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.0.6001.18164_none_5177ca9879e978e8\explorer.exe [2008.10.30 05:59:17 | 002,927,616 | ---- | M] (Microsoft Corporation) MD5=50BA5850147410CDE89C523AD3BC606E -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.0.6001.22298_none_51e4f8c7931bd1e1\explorer.exe [2009.04.11 08:27:36 | 002,926,592 | ---- | M] (Microsoft Corporation) MD5=D07D4C3038F3578FFCE1C0237F2A1253 -- C:\Windows\explorer.exe [2009.04.11 08:27:36 | 002,926,592 | ---- | M] (Microsoft Corporation) MD5=D07D4C3038F3578FFCE1C0237F2A1253 -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.0.6002.18005_none_53a0201e76de3a0b\explorer.exe [2008.10.28 04:15:02 | 002,923,520 | ---- | M] (Microsoft Corporation) MD5=E7156B0B74762D9DE0E66BDCDE06E5FB -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.0.6000.20947_none_5033cb5995cd990b\explorer.exe [2008.01.21 04:24:24 | 002,927,104 | ---- | M] (Microsoft Corporation) MD5=FFA764631CB70A30065C12EF8E174F9F -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.0.6001.18000_none_51b4a71279bc6ebf\explorer.exe < MD5 for: REGEDIT.EXE > [2008.01.21 04:24:53 | 000,134,656 | ---- | M] (Microsoft Corporation) MD5=467A3B03E924B7B7EDD16D34740574B0 -- C:\Windows\regedit.exe [2008.01.21 04:24:53 | 000,134,656 | ---- | M] (Microsoft Corporation) MD5=467A3B03E924B7B7EDD16D34740574B0 -- C:\Windows\winsxs\x86_microsoft-windows-registry-editor_31bf3856ad364e35_6.0.6001.18000_none_f42eb564dbd8a697\regedit.exe < MD5 for: USERINIT.EXE > [2008.01.21 04:24:49 | 000,025,088 | ---- | M] (Microsoft Corporation) MD5=0E135526E9785D085BCD9AEDE6FBCBF9 -- C:\Windows\System32\userinit.exe [2008.01.21 04:24:49 | 000,025,088 | ---- | M] (Microsoft Corporation) MD5=0E135526E9785D085BCD9AEDE6FBCBF9 -- C:\Windows\winsxs\x86_microsoft-windows-userinit_31bf3856ad364e35_6.0.6001.18000_none_dc28ba15d1aff80b\userinit.exe < MD5 for: WININIT.EXE > [2008.01.21 04:23:42 | 000,096,768 | ---- | M] (Microsoft Corporation) MD5=101BA3EA053480BB5D957EF37C06B5ED -- C:\Windows\System32\wininit.exe [2008.01.21 04:23:42 | 000,096,768 | ---- | M] (Microsoft Corporation) MD5=101BA3EA053480BB5D957EF37C06B5ED -- C:\Windows\winsxs\x86_microsoft-windows-wininit_31bf3856ad364e35_6.0.6001.18000_none_30f2b8cf0450a6a2\wininit.exe < MD5 for: WINLOGON.EXE > [2009.04.11 08:28:13 | 000,314,368 | ---- | M] (Microsoft Corporation) MD5=898E7C06A350D4A1A64A9EA264D55452 -- C:\Windows\System32\winlogon.exe [2009.04.11 08:28:13 | 000,314,368 | ---- | M] (Microsoft Corporation) MD5=898E7C06A350D4A1A64A9EA264D55452 -- C:\Windows\winsxs\x86_microsoft-windows-winlogon_31bf3856ad364e35_6.0.6002.18005_none_71ae7a22d2134741\winlogon.exe [2008.01.21 04:24:49 | 000,314,880 | ---- | M] (Microsoft Corporation) MD5=C2610B6BDBEFC053BBDAB4F1B965CB24 -- C:\Windows\winsxs\x86_microsoft-windows-winlogon_31bf3856ad364e35_6.0.6001.18000_none_6fc30116d4f17bf5\winlogon.exe < HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\WindowsUpdate\AU > < HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WindowsUpdate\Auto Update\Results\Install|LastSuccessTime /rs > HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WindowsUpdate\Auto Update\Results\Install\\LastSuccessTime: 2011-08-30 22:51:20 < End of report > So nun kann ich nur hoffen, dass sich jemand meinem Problem annimmt und möchte mich schonmal im vorraus für eure Mühen bedanken lapala |
| Themen zu Masterbootsektor Virus "BOO/Whistler" |
| adblock, antivir, application/pdf, application/pdf:, avira, bho, bluescreen, bonjour, c:\windows\system32\rundll32.exe, converter, desktop, device driver, downloader, excel.exe, festplatte, firefox, google, helper, home, locker, logfile, masterbootsektor hd0, mozilla thunderbird, mp3, object, plug-in, popup, problem, programm, realtek, scan, senden, software, start menu, studio, version=1.0, virus, vista |
Baum-Darstellung