Inet explorer offnet sich und zeigt werbung

29.06.2010, 16:14

Ich habe das problem das sich bei mir seit gestern der i-net explorrer immer öffnet und werbung zeigt!

Lasse gerade antivir laufen glaube aber nicht das die 2 viren die er bis jetzt gefunden hat es sind.

Seit ich die mnabeb.exe gefunden habe wollte ich hier den HijackThis lock posten damit ihr mir helft!

Hier der log:

Code:

ATTFilter

Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 17:10:41, on 29.06.2010
Platform: Windows 7  (WinNT 6.00.3504)
MSIE: Internet Explorer v8.00 (8.00.7600.16385)
Boot mode: Normal

Running processes:
C:\Program Files (x86)\LogMeIn Hamachi\hamachi-2-ui.exe
C:\Program Files (x86)\Launchy\Launchy.exe
C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe
C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
C:\program files (x86)\avira\antivir desktop\avscan.exe
C:\Program Files (x86)\Spyware Terminator\SpyWareTerminator.exe
C:\Program Files (x86)\Skype\Phone\Skype.exe
C:\Program Files (x86)\Skype\Plugin Manager\skypePM.exe
C:\Program Files (x86)\Mozilla Firefox\firefox.exe
C:\Program Files (x86)\Microsoft Office\Office12\OUTLOOK.EXE
C:\Program Files (x86)\Mozilla Firefox\plugin-container.exe
C:\Users\***\Desktop\Downloads\HiJackThis204.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://de.ask.com?o=14597&l=dis
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = hxxp://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = 
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch = 
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = 
F2 - REG:system.ini: UserInit=userinit.exe
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files (x86)\Microsoft Office\Office12\GrooveShellExtensions.dll
O2 - BHO: Windows Live Anmelde-Hilfsprogramm - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: FDMIECookiesBHO Class - {CC59E0F9-7E43-44FA-9FAA-8377850BF205} - C:\Program Files (x86)\Free Download Manager\iefdm2.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll
O3 - Toolbar: (no name) - {10EDB994-47F8-43F7-AE96-F2EA63E9F90F} - (no file)
O4 - HKLM\..\Run: [GrooveMonitor] "C:\Program Files (x86)\Microsoft Office\Office12\GrooveMonitor.exe"
O4 - HKLM\..\Run: [avgnt] "C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe" /min
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"
O4 - HKCU\..\Run: [Google Update] "C:\Users\***\AppData\Local\Google\Update\GoogleUpdate.exe" /c
O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun (User 'LOKALER DIENST')
O4 - HKUS\S-1-5-19\..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (User 'LOKALER DIENST')
O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun (User 'NETZWERKDIENST')
O4 - HKUS\S-1-5-20\..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (User 'NETZWERKDIENST')
O4 - Global Startup: Launchy.lnk = C:\Program Files (x86)\Launchy\Launchy.exe
O8 - Extra context menu item: Alles mit FDM herunterladen - file://C:\Program Files (x86)\Free Download Manager\dlall.htm
O8 - Extra context menu item: Auswahl mit FDM herunterladen - file://C:\Program Files (x86)\Free Download Manager\dlselected.htm
O8 - Extra context menu item: Datei mit FDM herunterladen - file://C:\Program Files (x86)\Free Download Manager\dllink.htm
O8 - Extra context menu item: Nach Microsoft E&xel exportieren - res://C:\PROGRA~2\MICROS~1\Office12\EXCEL.EXE/3000
O8 - Extra context menu item: Videos mit FDM herunterladen - file://C:\Program Files (x86)\Free Download Manager\dlfvideo.htm
O9 - Extra button: In Blog veröffentlichen - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra 'Tools' menuitem: In Windows Live Writer in Blog veröffentliche&n - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra button: An OneNote senden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~2\MICROS~1\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: An OneNote s&enden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~2\MICROS~1\Office12\ONBttnIE.dll
O9 - Extra button: ICQ7 - {88EB38EF-4D2C-436D-ABD3-56B232674062} - C:\Program Files (x86)\ICQ7.0\ICQ.exe
O9 - Extra 'Tools' menuitem: ICQ7 - {88EB38EF-4D2C-436D-ABD3-56B232674062} - C:\Program Files (x86)\ICQ7.0\ICQ.exe
O9 - Extra button: Recherchieren - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~2\MICROS~1\OFFICE11\REFIEBAR.DLL
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - hxxp://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\Program Files (x86)\Microsoft Office\Office12\GrooveSystemServices.dll
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~2\COMMON~1\Skype\SKYPE4~1.DLL
O21 - SSODL: Programsand - {abaf9c46-b4e9-478c-ac93-a56dd5b7168c} - C:\Program Files (x86)\Common Files\Programs\Programsand.dll (file missing)
O23 - Service: @%SystemRoot%\system32\Alg.exe,-112 (ALG) - Unknown owner - C:\Windows\System32\alg.exe (file missing)
O23 - Service: Avira AntiVir Planer (AntiVirSchedulerService) - Avira GmbH - C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe
O23 - Service: Avira AntiVir Guard (AntiVirService) - Avira GmbH - C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe
O23 - Service: @%SystemRoot%\system32\efssvc.dll,-100 (EFS) - Unknown owner - C:\Windows\System32\lsass.exe (file missing)
O23 - Service: ES lite Service for program management. (ES lite Service) - Unknown owner - C:\Program Files (x86)\Gigabyte\EasySaver\ESSVR.EXE
O23 - Service: @%systemroot%\system32\fxsresm.dll,-118 (Fax) - Unknown owner - C:\Windows\system32\fxssvc.exe (file missing)
O23 - Service: LogMeIn Hamachi 2.0 Tunneling Engine (Hamachi2Svc) - LogMeIn Inc. - C:\Program Files (x86)\LogMeIn Hamachi\hamachi-2.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files (x86)\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: @keyiso.dll,-100 (KeyIso) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files (x86)\Common Files\LightScribe\LSSrvc.exe
O23 - Service: @comres.dll,-2797 (MSDTC) - Unknown owner - C:\Windows\System32\msdtc.exe (file missing)
O23 - Service: @%SystemRoot%\System32\netlogon.dll,-102 (Netlogon) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: nProtect GameGuard Service (npggsvc) - Unknown owner - C:\Windows\system32\GameMon.des.exe (file missing)
O23 - Service: NVIDIA Display Driver Service (nvsvc) - Unknown owner - C:\Windows\system32\nvvsvc.exe (file missing)
O23 - Service: @%systemroot%\system32\psbase.dll,-300 (ProtectedStorage) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: @%systemroot%\system32\Locator.exe,-2 (RpcLocator) - Unknown owner - C:\Windows\system32\locator.exe (file missing)
O23 - Service: @%SystemRoot%\system32\samsrv.dll,-1 (SamSs) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: @%SystemRoot%\system32\snmptrap.exe,-3 (SNMPTRAP) - Unknown owner - C:\Windows\System32\snmptrap.exe (file missing)
O23 - Service: @%systemroot%\system32\spoolsv.exe,-1 (Spooler) - Unknown owner - C:\Windows\System32\spoolsv.exe (file missing)
O23 - Service: @%SystemRoot%\system32\sppsvc.exe,-101 (sppsvc) - Unknown owner - C:\Windows\system32\sppsvc.exe (file missing)
O23 - Service: Spyware Terminator Realtime Shield Service (sp_rssrv) - Crawler.com - C:\Program Files (x86)\Spyware Terminator\sp_rsser.exe
O23 - Service: NVIDIA Stereoscopic 3D Driver Service (Stereo Service) - NVIDIA Corporation - C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe
O23 - Service: @%SystemRoot%\system32\ui0detect.exe,-101 (UI0Detect) - Unknown owner - C:\Windows\system32\UI0Detect.exe (file missing)
O23 - Service: @%SystemRoot%\system32\vaultsvc.dll,-1003 (VaultSvc) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: @%SystemRoot%\system32\vds.exe,-100 (vds) - Unknown owner - C:\Windows\System32\vds.exe (file missing)
O23 - Service: @%systemroot%\system32\vssvc.exe,-102 (VSS) - Unknown owner - C:\Windows\system32\vssvc.exe (file missing)
O23 - Service: @%systemroot%\system32\wbengine.exe,-104 (wbengine) - Unknown owner - C:\Windows\system32\wbengine.exe (file missing)
O23 - Service: @%Systemroot%\system32\wbem\wmiapsrv.exe,-110 (wmiApSrv) - Unknown owner - C:\Windows\system32\wbem\WmiApSrv.exe (file missing)
O23 - Service: @%PROGRAMFILES%\Windows Media Player\wmpnetwk.exe,-101 (WMPNetworkSvc) - Unknown owner - C:\Program Files (x86)\Windows Media Player\wmpnetwk.exe (file missing)

--
End of file - 9887 bytes

29.06.2010, 17:18

Ich glaube ich habs gelöst!

Mnabeb.exe ist ein trojan downloader (sagt virus total)

Code:

ATTFilter

Microsoft	1.5902 2010.06.29 TrojanDownloader:Win32/Renos.JW

hab den prozess beendet und datei gelöscht, bis jetzt is nix mehr passiert!

Bitte trotzdem um das durchgucken von meinem HijackThis log!

29.06.2010, 17:22

Ich kann den log oben nicht mehr editieren, also hier eion neuer wenigen programme am laufen!:
HiJackthis Logfile:

Code:

ATTFilter

Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 18:19:28, on 29.06.2010
Platform: Windows 7  (WinNT 6.00.3504)
MSIE: Internet Explorer v8.00 (8.00.7600.16385)
Boot mode: Normal

Running processes:
C:\Program Files (x86)\Launchy\Launchy.exe
C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe
C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
C:\Users\Sebi\Desktop\Downloads\HiJackThis204.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://de.ask.com?o=14597&l=dis
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = hxxp://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = 
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch = 
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = 
F2 - REG:system.ini: UserInit=userinit.exe
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files (x86)\Microsoft Office\Office12\GrooveShellExtensions.dll
O2 - BHO: Windows Live Anmelde-Hilfsprogramm - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: FDMIECookiesBHO Class - {CC59E0F9-7E43-44FA-9FAA-8377850BF205} - C:\Program Files (x86)\Free Download Manager\iefdm2.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll
O3 - Toolbar: (no name) - {10EDB994-47F8-43F7-AE96-F2EA63E9F90F} - (no file)
O4 - HKLM\..\Run: [GrooveMonitor] "C:\Program Files (x86)\Microsoft Office\Office12\GrooveMonitor.exe"
O4 - HKLM\..\Run: [avgnt] "C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe" /min
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"
O4 - HKCU\..\Run: [Google Update] "C:\Users\Sebi\AppData\Local\Google\Update\GoogleUpdate.exe" /c
O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun (User 'LOKALER DIENST')
O4 - HKUS\S-1-5-19\..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (User 'LOKALER DIENST')
O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun (User 'NETZWERKDIENST')
O4 - HKUS\S-1-5-20\..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (User 'NETZWERKDIENST')
O4 - Global Startup: Launchy.lnk = C:\Program Files (x86)\Launchy\Launchy.exe
O8 - Extra context menu item: Alles mit FDM herunterladen - file://C:\Program Files (x86)\Free Download Manager\dlall.htm
O8 - Extra context menu item: Auswahl mit FDM herunterladen - file://C:\Program Files (x86)\Free Download Manager\dlselected.htm
O8 - Extra context menu item: Datei mit FDM herunterladen - file://C:\Program Files (x86)\Free Download Manager\dllink.htm
O8 - Extra context menu item: Nach Microsoft E&xel exportieren - res://C:\PROGRA~2\MICROS~1\Office12\EXCEL.EXE/3000
O8 - Extra context menu item: Videos mit FDM herunterladen - file://C:\Program Files (x86)\Free Download Manager\dlfvideo.htm
O9 - Extra button: In Blog veröffentlichen - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra 'Tools' menuitem: In Windows Live Writer in Blog veröffentliche&n - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra button: An OneNote senden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~2\MICROS~1\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: An OneNote s&enden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~2\MICROS~1\Office12\ONBttnIE.dll
O9 - Extra button: ICQ7 - {88EB38EF-4D2C-436D-ABD3-56B232674062} - C:\Program Files (x86)\ICQ7.0\ICQ.exe
O9 - Extra 'Tools' menuitem: ICQ7 - {88EB38EF-4D2C-436D-ABD3-56B232674062} - C:\Program Files (x86)\ICQ7.0\ICQ.exe
O9 - Extra button: Recherchieren - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~2\MICROS~1\OFFICE11\REFIEBAR.DLL
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - hxxp://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\Program Files (x86)\Microsoft Office\Office12\GrooveSystemServices.dll
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~2\COMMON~1\Skype\SKYPE4~1.DLL
O21 - SSODL: Programsand - {abaf9c46-b4e9-478c-ac93-a56dd5b7168c} - C:\Program Files (x86)\Common Files\Programs\Programsand.dll (file missing)
O23 - Service: @%SystemRoot%\system32\Alg.exe,-112 (ALG) - Unknown owner - C:\Windows\System32\alg.exe (file missing)
O23 - Service: Avira AntiVir Planer (AntiVirSchedulerService) - Avira GmbH - C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe
O23 - Service: Avira AntiVir Guard (AntiVirService) - Avira GmbH - C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe
O23 - Service: @%SystemRoot%\system32\efssvc.dll,-100 (EFS) - Unknown owner - C:\Windows\System32\lsass.exe (file missing)
O23 - Service: ES lite Service for program management. (ES lite Service) - Unknown owner - C:\Program Files (x86)\Gigabyte\EasySaver\ESSVR.EXE
O23 - Service: @%systemroot%\system32\fxsresm.dll,-118 (Fax) - Unknown owner - C:\Windows\system32\fxssvc.exe (file missing)
O23 - Service: LogMeIn Hamachi 2.0 Tunneling Engine (Hamachi2Svc) - LogMeIn Inc. - C:\Program Files (x86)\LogMeIn Hamachi\hamachi-2.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files (x86)\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: @keyiso.dll,-100 (KeyIso) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files (x86)\Common Files\LightScribe\LSSrvc.exe
O23 - Service: @comres.dll,-2797 (MSDTC) - Unknown owner - C:\Windows\System32\msdtc.exe (file missing)
O23 - Service: @%SystemRoot%\System32\netlogon.dll,-102 (Netlogon) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: nProtect GameGuard Service (npggsvc) - Unknown owner - C:\Windows\system32\GameMon.des.exe (file missing)
O23 - Service: NVIDIA Display Driver Service (nvsvc) - Unknown owner - C:\Windows\system32\nvvsvc.exe (file missing)
O23 - Service: @%systemroot%\system32\psbase.dll,-300 (ProtectedStorage) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: @%systemroot%\system32\Locator.exe,-2 (RpcLocator) - Unknown owner - C:\Windows\system32\locator.exe (file missing)
O23 - Service: @%SystemRoot%\system32\samsrv.dll,-1 (SamSs) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: @%SystemRoot%\system32\snmptrap.exe,-3 (SNMPTRAP) - Unknown owner - C:\Windows\System32\snmptrap.exe (file missing)
O23 - Service: @%systemroot%\system32\spoolsv.exe,-1 (Spooler) - Unknown owner - C:\Windows\System32\spoolsv.exe (file missing)
O23 - Service: @%SystemRoot%\system32\sppsvc.exe,-101 (sppsvc) - Unknown owner - C:\Windows\system32\sppsvc.exe (file missing)
O23 - Service: Spyware Terminator Realtime Shield Service (sp_rssrv) - Crawler.com - C:\Program Files (x86)\Spyware Terminator\sp_rsser.exe
O23 - Service: NVIDIA Stereoscopic 3D Driver Service (Stereo Service) - NVIDIA Corporation - C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe
O23 - Service: @%SystemRoot%\system32\ui0detect.exe,-101 (UI0Detect) - Unknown owner - C:\Windows\system32\UI0Detect.exe (file missing)
O23 - Service: @%SystemRoot%\system32\vaultsvc.dll,-1003 (VaultSvc) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: @%SystemRoot%\system32\vds.exe,-100 (vds) - Unknown owner - C:\Windows\System32\vds.exe (file missing)
O23 - Service: @%systemroot%\system32\vssvc.exe,-102 (VSS) - Unknown owner - C:\Windows\system32\vssvc.exe (file missing)
O23 - Service: @%systemroot%\system32\wbengine.exe,-104 (wbengine) - Unknown owner - C:\Windows\system32\wbengine.exe (file missing)
O23 - Service: @%Systemroot%\system32\wbem\wmiapsrv.exe,-110 (wmiApSrv) - Unknown owner - C:\Windows\system32\wbem\WmiApSrv.exe (file missing)
O23 - Service: @%PROGRAMFILES%\Windows Media Player\wmpnetwk.exe,-101 (WMPNetworkSvc) - Unknown owner - C:\Program Files (x86)\Windows Media Player\wmpnetwk.exe (file missing)

--
End of file - 9430 bytes

Larusso · 29.06.2010, 17:31

Eine Bereinigung ist mitunter mit viel Arbeit für Dich verbunden.

Bitte arbeite alle Schritte der Reihe nach ab.
Lese die Anleitungen sorgfältig. Sollte es Probleme geben, bitte stoppen und hier so gut es geht beschreiben.
Nur Scanns durchführen zu denen Du von einem Helfer aufgefordert wirst.
Bitte kein Crossposting ( posten in mehreren Foren).
Poste die Logfiles direkt in deinen Thread. Nicht anhängen ausser ich fordere Dich dazu auf. Erschwert mir nämlich das auswerten.

Hinweis: Ich kann Dir niemals eine Garantie geben, dass ich auch alles finde. Eine Formatierung ist meist der Schnellere und immer der sicherste Weg.
Solltest Du Dich für eine Bereinigung entscheiden, arbeite solange mit, bis dir jemand vom Team sagt, dass Du clean bist.

Vista und Win7 User
Alle Tools mit Rechtsklick "als Administrator ausführen" starten.

Schritt 1

Bereinigung mit Malwarebytes' Anti-Malware (Quick-Scan)

Downloade Dir bitte Malwarebytes

Installiere das Programm in den vorgegebenen Pfad.
Denke daran, bei Vista das Programm als Admin zu starten, ansonsten per Doppelklick starten.
Lasse es online updaten (Reiter Updates), sofern sich das Programm bereits auf dem Rechner befand.
Aktiviere "Quick-Scan durchführen" => Scan.
Wenn der Scan beendet ist, klicke auf "Ergebnisse anzeigen".
Bei Funden in C:\System Volume Information den Haken entfernen.
Ansonsten wird dieser Systemwiederherstellungspunkt nicht mehr funktionieren.
Er könnte jedoch trotz Malware noch gebraucht werden.
Versichere Dich, dass ansonsten alle Funde markiert sind und drücke "Entferne Auswahl".
Poste das Logfile, welches sich in Notepad öffnet, hier in den Thread.
Nachträglich kannst du den Bericht unter "Scan-Berichte" finden.
Berichte, wie der Rechner nun läuft.

Hier findest Du eine ausführliche und bebilderte Anleitung.

Schritt 2

Systemscan mit OTL

Lade Dir bitte OTL von Oldtimer herunter und speichere es auf Deinem Desktop ( falls noch nicht vorhanden)

Doppelklick auf die OTL.exe
Vista User: Rechtsklick auf die OTL.exe und "als Administrator ausführen" wählen
Oben findest Du ein Kästchen mit Output. Wähle bitte Minimal Output
Unter Extra Registry, wähle bitte Use SafeList
Klicke nun auf Run Scan links oben
Wenn der Scan beendet wurde werden 2 Logfiles erstellt
Poste die Logfiles hier in den Thread.

Bitte poste in Deiner nächsten Antwort
MBAM Log
OTL.txt
Extras.txt

29.06.2010, 19:50

Hab alles gemacht hat auch was gefunden, gelöscht, aber ich merke keinen unterschied. Seit ich diese mnabeb.exe gelöscht habe funzt wieder alles aber trotzdem.

Code:

ATTFilter

Hier der BMAM-Log:
Malwarebytes' Anti-Malware 1.46
www.malwarebytes.org

Datenbank Version: 4258

Windows 6.1.7600
Internet Explorer 8.0.7600.16385

29.06.2010 20:38:15
mbam-log-2010-06-29 (20-38-15).txt

Art des Suchlaufs: Quick-Scan
Durchsuchte Objekte: 134741
Laufzeit: 3 Minute(n), 44 Sekunde(n)

Infizierte Speicherprozesse: 0
Infizierte Speichermodule: 0
Infizierte Registrierungsschlüssel: 1
Infizierte Registrierungswerte: 0
Infizierte Dateiobjekte der Registrierung: 0
Infizierte Verzeichnisse: 0
Infizierte Dateien: 1

Infizierte Speicherprozesse:
(Keine bösartigen Objekte gefunden)

Infizierte Speichermodule:
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungsschlüssel:
HKEY_CURRENT_USER\SOFTWARE\RZDVL2F27W (Trojan.FakeAlert) -> Quarantined and deleted successfully.

Infizierte Registrierungswerte:
(Keine bösartigen Objekte gefunden)

Infizierte Dateiobjekte der Registrierung:
(Keine bösartigen Objekte gefunden)

Infizierte Verzeichnisse:
(Keine bösartigen Objekte gefunden)

Infizierte Dateien:
C:\Windows\Tasks\{35DC3473-A719-4d14-B7C1-FD326CA84A0C}.job (Trojan.Downloader) -> Quarantined and deleted successfully.

[CODE]Hier die OTL.txt:
OTL Logfile:

Code:

ATTFilter

OTL logfile created on: 29.06.2010 20:44:06 - Run 1
OTL by OldTimer - Version 3.2.7.0     Folder = C:\Users\***\Desktop\Downloads
64bit- Ultimate Edition  (Version = 6.1.7600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.7600.16385)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
 
4,00 Gb Total Physical Memory | 3,00 Gb Available Physical Memory | 72,00% Memory free
8,00 Gb Paging File | 7,00 Gb Available in Paging File | 85,00% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 465,66 Gb Total Space | 181,87 Gb Free Space | 39,06% Space Free | Partition Type: NTFS
D: Drive not present or media not loaded
E: Drive not present or media not loaded
F: Drive not present or media not loaded
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded
 
Computer Name: ***-PC
Current User Name: ***
Logged in as Administrator.
 
Current Boot Mode: Normal
Scan Mode: Current user
Include 64bit Scans
Company Name Whitelist: Off
Skip Microsoft Files: Off
File Age = 30 Days
Output = Minimal
 
========== Processes (SafeList) ==========
 
PRC - C:\Users\***\Desktop\Downloads\OTL.exe (OldTimer Tools)
PRC - C:\Program Files (x86)\Mozilla Firefox\firefox.exe (Mozilla Corporation)
PRC - C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe (Avira GmbH)
PRC - C:\Program Files (x86)\Spyware Terminator\sp_rsser.exe (Crawler.com)
PRC - C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe (NVIDIA Corporation)
PRC - C:\Program Files (x86)\LogMeIn Hamachi\hamachi-2-ui.exe (LogMeIn Inc.)
PRC - C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe (Avira GmbH)
PRC - C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe (Avira GmbH)
PRC - c:\Program Files (x86)\Microsoft SQL Server\MSSQL10.SQLEXPRESS\MSSQL\Binn\sqlservr.exe (Microsoft Corporation)
PRC - C:\Program Files (x86)\Gigabyte\EasySaver\ESSVR.EXE ()
PRC - C:\Program Files (x86)\Launchy\Launchy.exe ()
 
 
========== Modules (SafeList) ==========
 
MOD - C:\Users\***\Desktop\Downloads\OTL.exe (OldTimer Tools)
MOD - C:\Windows\SysWOW64\msscript.ocx (Microsoft Corporation)
MOD - C:\Windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7600.16385_none_421189da2b7fabfc\comctl32.dll (Microsoft Corporation)
 
 
========== Win32 Services (SafeList) ==========
 
SRV:64bit: - (UmRdpService) -- C:\Windows\SysNative\umrdp.dll (Microsoft Corporation)
SRV:64bit: - (PeerDistSvc) -- C:\Windows\SysNative\PeerDistSvc.dll (Microsoft Corporation)
SRV:64bit: - (CscService) -- C:\Windows\SysNative\cscsvc.dll (Microsoft Corporation)
SRV:64bit: - (AppMgmt) -- C:\Windows\SysNative\appmgmts.dll (Microsoft Corporation)
SRV:64bit: - (msvsmon90) -- C:\Program Files\Microsoft Visual Studio 9.0\Common7\IDE\Remote Debugger\x64\msvsmon.exe (Microsoft Corporation)
SRV - (Akamai) -- c:\program files (x86)\common files\akamai\rswin_3725.dll ()
SRV - (AntiVirService) -- C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe (Avira GmbH)
SRV - (sp_rssrv) -- C:\Program Files (x86)\Spyware Terminator\sp_rsser.exe (Crawler.com)
SRV - (Stereo Service) -- C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe (NVIDIA Corporation)
SRV - (Hamachi2Svc) -- C:\Program Files (x86)\LogMeIn Hamachi\hamachi-2.exe (LogMeIn Inc.)
SRV - (TeamViewer5) -- C:\Program Files (x86)\TeamViewer\Version5\TeamViewer_Service.exe (TeamViewer GmbH)
SRV - (AntiVirSchedulerService) -- C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe (Avira GmbH)
SRV - (npggsvc) -- C:\Windows\SysWow64\GameMon.des (INCA Internet Co., Ltd.)
SRV - (VSS) -- C:\Windows\Vss [2009.07.14 05:20:14 | 000,000,000 | ---D | M]
SRV - (MSDTC) -- C:\Windows\SysWOW64\Msdtc [2009.07.14 05:20:14 | 000,000,000 | ---D | M]
SRV - (vds) -- C:\Windows\SysWOW64\wbem\vds.mof ()
SRV - (MSSQL$SQLEXPRESS) SQL Server (SQLEXPRESS) -- c:\Program Files (x86)\Microsoft SQL Server\MSSQL10.SQLEXPRESS\MSSQL\Binn\sqlservr.exe (Microsoft Corporation)
SRV - (SQLAgent$SQLEXPRESS) SQL Server-Agent (SQLEXPRESS) -- c:\Program Files (x86)\Microsoft SQL Server\MSSQL10.SQLEXPRESS\MSSQL\Binn\SQLAGENT.EXE (Microsoft Corporation)
SRV - (ES lite Service) -- C:\Program Files (x86)\Gigabyte\EasySaver\ESSVR.EXE ()
SRV - (Microsoft Office Groove Audit Service) -- C:\Program Files (x86)\Microsoft Office\Office12\GrooveAuditService.exe (Microsoft Corporation)
SRV - (Nero BackItUp Scheduler 4.0) -- C:\Program Files (x86)\Common Files\Nero\Nero BackItUp 4\NBService.exe (Nero AG)
SRV - (MSSQLServerADHelper100) -- c:\Program Files (x86)\Microsoft SQL Server\100\Shared\SQLADHLP.EXE (Microsoft Corporation)
 
 
========== Driver Services (SafeList) ==========
 
DRV:64bit: - (dc3d) MS Hardware Device Detection Driver (USB) -- C:\Windows\SysNative\drivers\dc3d.sys (Microsoft Corporation)
DRV:64bit: - (USBAAPL64) -- C:\Windows\SysNative\drivers\usbaapl64.sys (Apple, Inc.)
DRV:64bit: - (avipbb) -- C:\Windows\SysNative\drivers\avipbb.sys (Avira GmbH)
DRV:64bit: - (avgntflt) -- C:\Windows\SysNative\drivers\avgntflt.sys (Avira GmbH)
DRV:64bit: - (hamachi) -- C:\Windows\SysNative\drivers\hamachi.sys (LogMeIn, Inc.)
DRV:64bit: - (NVHDA) -- C:\Windows\SysNative\drivers\nvhda64v.sys (NVIDIA Corporation)
DRV:64bit: - (sptd) -- C:\Windows\SysNative\drivers\sptd.sys ()
DRV:64bit: - (RTL8167) -- C:\Windows\SysNative\drivers\Rt64win7.sys (Realtek                                            )
DRV:64bit: - (RtNdPt60) -- C:\Windows\SysNative\drivers\RtNdPt60.sys (Realtek                                            )
DRV:64bit: - (amdsata) -- C:\Windows\SysNative\drivers\amdsata.sys (Advanced Micro Devices)
DRV:64bit: - (amdxata) -- C:\Windows\SysNative\drivers\amdxata.sys (Advanced Micro Devices)
DRV:64bit: - (amdsbs) -- C:\Windows\SysNative\drivers\amdsbs.sys (AMD Technologies Inc.)
DRV:64bit: - (LSI_SAS2) -- C:\Windows\SysNative\drivers\lsi_sas2.sys (LSI Corporation)
DRV:64bit: - (HpSAMD) -- C:\Windows\SysNative\drivers\HpSAMD.sys (Hewlett-Packard Company)
DRV:64bit: - (vmbus) -- C:\Windows\SysNative\drivers\vmbus.sys (Microsoft Corporation)
DRV:64bit: - (storflt) -- C:\Windows\SysNative\drivers\vmstorfl.sys (Microsoft Corporation)
DRV:64bit: - (storvsc) -- C:\Windows\SysNative\drivers\storvsc.sys (Microsoft Corporation)
DRV:64bit: - (stexstor) -- C:\Windows\SysNative\drivers\stexstor.sys (Promise Technology)
DRV:64bit: - (s3cap) -- C:\Windows\SysNative\drivers\vms3cap.sys (Microsoft Corporation)
DRV:64bit: - (VMBusHID) -- C:\Windows\SysNative\drivers\VMBusHID.sys (Microsoft Corporation)
DRV:64bit: - (CSC) -- C:\Windows\SysNative\drivers\csc.sys (Microsoft Corporation)
DRV:64bit: - (ebdrv) -- C:\Windows\SysNative\drivers\evbda.sys (Broadcom Corporation)
DRV:64bit: - (b06bdrv) -- C:\Windows\SysNative\drivers\bxvbda.sys (Broadcom Corporation)
DRV:64bit: - (b57nd60a) -- C:\Windows\SysNative\drivers\b57nd60a.sys (Broadcom Corporation)
DRV:64bit: - (hcw85cir) -- C:\Windows\SysNative\drivers\hcw85cir.sys (Hauppauge Computer Works, Inc.)
DRV:64bit: - (grmnusb) -- C:\Windows\SysNative\drivers\grmnusb.sys (GARMIN Corp.)
DRV:64bit: - (KMWDFILTER) -- C:\Windows\SysNative\drivers\KMWDFILTER.sys (Windows (R) Codename Longhorn DDK provider)
DRV:64bit: - (TEAM) Realtek Virtual Miniport Driver for Teaming (NDIS 6.0) -- C:\Windows\SysNative\drivers\RtTeam60.sys (Realtek Corporation)
DRV:64bit: - (RTTEAMPT) Realtek Teaming Protocol Driver (NDIS 6.0) -- C:\Windows\SysNative\drivers\RtTeam60.sys (Realtek Corporation)
DRV:64bit: - (RTVLANPT) Realtek Vlan Protocol Driver (NDIS 6.2) -- C:\Windows\SysNative\drivers\RtVlan60.sys (Windows (R) Codename Longhorn DDK provider)
DRV - (gdrv) -- C:\Windows\gdrv.sys (Windows (R) Server 2003 DDK provider)
DRV - (CSC) -- C:\Windows\CSC [2010.01.22 01:12:00 | 000,000,000 | ---D | M]
DRV - (mpsdrv) -- C:\Windows\SysWOW64\wbem\mpsdrv.mof ()
DRV - (Tcpip) -- C:\Windows\SysWOW64\wbem\tcpip.mof ()
DRV - (MOUSEWDFilter) -- C:\Windows\SysWOW64\drivers\MOUSEWD.SYS ()
DRV - (NPPTNT2) -- C:\Windows\SysWOW64\npptNT2.sys (INCA Internet Co., Ltd.)
DRV - (ASPI) -- C:\Windows\SysWOW64\drivers\ASPI32.SYS (Adaptec)
DRV - (zlportio) -- C:\Spiele\Ultrastar\Ultrastar\zlportio.sys (SpecoSoft)
DRV - (TVicPort) -- C:\Windows\SysWOW64\drivers\TVICPORT.SYS ()
 
 
========== Standard Registry (SafeList) ==========
 
 
========== Internet Explorer ==========
 
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
 
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://de.ask.com?o=14597&l=dis
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = hxxp://de.msn.com/?ocid=iehp
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = de
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 5B 11 36 E8 CD C9 CA 01  [binary data]
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
========== FireFox ==========
 
FF - prefs.js..browser.search.useDBForOrder: true
FF - prefs.js..browser.startup.homepage: "www.google.de"
FF - prefs.js..extensions.enabledItems: {d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}:1.2
FF - prefs.js..extensions.enabledItems: {195A3098-0BD5-4e90-AE22-BA1C540AFD1E}:2.9.2
FF - prefs.js..extensions.enabledItems: {b9db16a4-6edc-47ec-a1f4-b86292ed211d}:4.7.3
FF - prefs.js..extensions.enabledItems: {DDC359D1-844A-42a7-9AA1-88A850A938A8}:1.1.10
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}:6.0.20
FF - prefs.js..extensions.enabledItems: {46551EC9-40F0-4e47-8E18-8E5CF550CFB8}:1.0.9
FF - prefs.js..extensions.enabledItems: {c45c406e-ab73-11d8-be73-000a95be3b12}:1.1.8
FF - prefs.js..extensions.enabledItems: personas@christopher.beard:1.5.3
FF - prefs.js..extensions.enabledItems: {7BDB48D1-CD94-4B99-A5A4-E418B9EE6532}:0.9.1
 
FF - HKLM\software\mozilla\Mozilla Firefox 3.6.6\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2010.06.27 16:54:41 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.6.6\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins [2010.06.27 16:54:41 | 000,000,000 | ---D | M]
 
[2010.04.18 20:27:46 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\mozilla\Extensions
[2010.06.28 22:10:21 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\mozilla\Firefox\Profiles\djznzq1w.default\extensions
[2010.04.18 20:35:13 | 000,000,000 | ---D | M] (No name found) -- C:\Users\***\AppData\Roaming\mozilla\Firefox\Profiles\djznzq1w.default\extensions\{195A3098-0BD5-4e90-AE22-BA1C540AFD1E}
[2010.05.24 22:57:14 | 000,000,000 | ---D | M] (Stylish) -- C:\Users\***\AppData\Roaming\mozilla\Firefox\Profiles\djznzq1w.default\extensions\{46551EC9-40F0-4e47-8E18-8E5CF550CFB8}
[2010.06.28 19:03:53 | 000,000,000 | ---D | M] (Destroy the Web) -- C:\Users\***\AppData\Roaming\mozilla\Firefox\Profiles\djznzq1w.default\extensions\{7BDB48D1-CD94-4B99-A5A4-E418B9EE6532}
[2010.04.28 20:22:59 | 000,000,000 | ---D | M] (DownloadHelper) -- C:\Users\***\AppData\Roaming\mozilla\Firefox\Profiles\djznzq1w.default\extensions\{b9db16a4-6edc-47ec-a1f4-b86292ed211d}
[2010.05.30 18:59:34 | 000,000,000 | ---D | M] (Web Developer) -- C:\Users\***\AppData\Roaming\mozilla\Firefox\Profiles\djznzq1w.default\extensions\{c45c406e-ab73-11d8-be73-000a95be3b12}
[2010.05.01 13:26:23 | 000,000,000 | ---D | M] (Adblock Plus) -- C:\Users\***\AppData\Roaming\mozilla\Firefox\Profiles\djznzq1w.default\extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}
[2010.05.30 08:25:08 | 000,000,000 | ---D | M] (DownThemAll!) -- C:\Users\***\AppData\Roaming\mozilla\Firefox\Profiles\djznzq1w.default\extensions\{DDC359D1-844A-42a7-9AA1-88A850A938A8}
[2010.06.27 17:01:35 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\mozilla\Firefox\Profiles\djznzq1w.default\extensions\personas@christopher.beard
[2010.06.21 18:29:20 | 000,002,354 | ---- | M] () -- C:\Users\***\AppData\Roaming\Mozilla\FireFox\Profiles\djznzq1w.default\searchplugins\ecosia.xml
[2010.06.21 18:26:48 | 000,002,314 | ---- | M] () -- C:\Users\***\AppData\Roaming\Mozilla\FireFox\Profiles\djznzq1w.default\searchplugins\forestle-de.xml
[2010.06.28 22:10:21 | 000,000,000 | ---D | M] -- C:\Program Files (x86)\mozilla firefox\extensions
[2010.05.24 21:06:06 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files (x86)\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}
[2010.05.24 21:05:59 | 000,411,368 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files (x86)\mozilla firefox\plugins\npdeployJava1.dll
[2010.04.01 18:54:38 | 000,001,392 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\amazondotcom-de.xml
[2010.04.01 18:54:38 | 000,002,344 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\eBay-de.xml
[2010.04.01 18:54:38 | 000,006,805 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\leo_ende_de.xml
[2010.04.01 18:54:38 | 000,001,178 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\wikipedia-de.xml
[2010.04.01 18:54:38 | 000,001,105 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\yahoo-de.xml
 
O1 HOSTS File: ([2010.04.14 20:58:25 | 000,000,872 | ---- | M]) - C:\Windows\SysNative\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 71i.de
O1 - Hosts: 127.0.0.1 adicqserver.71i.de
O2 - BHO: (Groove GFS Browser Helper) - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files (x86)\Microsoft Office\Office12\GrooveShellExtensions.dll (Microsoft Corporation)
O2 - BHO: (FDMIECookiesBHO Class) - {CC59E0F9-7E43-44FA-9FAA-8377850BF205} - C:\Program Files (x86)\Free Download Manager\iefdm2.dll ()
O3 - HKLM\..\Toolbar: (no name) - {10EDB994-47F8-43F7-AE96-F2EA63E9F90F} - No CLSID value found.
O4:64bit: - HKLM..\Run: [RtHDVCpl] C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe (Realtek Semiconductor)
O4 - HKLM..\Run: [avgnt] C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe (Avira GmbH)
O4 - HKLM..\Run: [GrooveMonitor] C:\Program Files (x86)\Microsoft Office\Office12\GrooveMonitor.exe (Microsoft Corporation)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktopChanges = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 255
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoAutorun = 2
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableLUA = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: PromptOnSecureDesktop = 0
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoCDBurning = 0
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O8:64bit: - Extra context menu item: Alles mit FDM herunterladen - C:\Program Files (x86)\Free Download Manager\dlall.htm ()
O8:64bit: - Extra context menu item: Auswahl mit FDM herunterladen - C:\Program Files (x86)\Free Download Manager\dlselected.htm ()
O8:64bit: - Extra context menu item: Datei mit FDM herunterladen - C:\Program Files (x86)\Free Download Manager\dllink.htm ()
O8:64bit: - Extra context menu item: Videos mit FDM herunterladen - C:\Program Files (x86)\Free Download Manager\dlfvideo.htm ()
O8 - Extra context menu item: Alles mit FDM herunterladen - C:\Program Files (x86)\Free Download Manager\dlall.htm ()
O8 - Extra context menu item: Auswahl mit FDM herunterladen - C:\Program Files (x86)\Free Download Manager\dlselected.htm ()
O8 - Extra context menu item: Datei mit FDM herunterladen - C:\Program Files (x86)\Free Download Manager\dllink.htm ()
O8 - Extra context menu item: Videos mit FDM herunterladen - C:\Program Files (x86)\Free Download Manager\dlfvideo.htm ()
O9 - Extra Button: In Blog veröffentlichen - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : In Windows Live Writer in Blog veröffentliche&n - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll (Microsoft Corporation)
O9 - Extra Button: An OneNote senden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~2\MICROS~1\Office12\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : An OneNote s&enden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~2\MICROS~1\Office12\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra Button: ICQ7 - {88EB38EF-4D2C-436D-ABD3-56B232674062} - C:\Program Files (x86)\ICQ7.0\ICQ.exe (ICQ, LLC.)
O9 - Extra 'Tools' menuitem : ICQ7 - {88EB38EF-4D2C-436D-ABD3-56B232674062} - C:\Program Files (x86)\ICQ7.0\ICQ.exe (ICQ, LLC.)
O9 - Extra Button: Recherchieren - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~2\MICROS~1\OFFICE11\REFIEBAR.DLL (Microsoft Corporation)
O13 - gopher Prefix: missing
O13 - gopher Prefix: missing
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_20-windows-i586.cab (Java Plug-in 1.6.0_20)
O16 - DPF: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_20-windows-i586.cab (Java Plug-in 1.6.0_20)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_20-windows-i586.cab (Java Plug-in 1.6.0_20)
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} hxxp://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab (Shockwave Flash Object)
O18:64bit: - Protocol\Handler\grooveLocalGWS {88FED34C-F0CA-4636-A375-3CB6248B04CD} - Reg Error: Key error. File not found
O18:64bit: - Protocol\Handler\http\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - Reg Error: Key error. File not found
O18:64bit: - Protocol\Handler\http\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - Reg Error: Key error. File not found
O18:64bit: - Protocol\Handler\https\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - Reg Error: Key error. File not found
O18:64bit: - Protocol\Handler\https\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - Reg Error: Key error. File not found
O18:64bit: - Protocol\Handler\msdaipp - No CLSID value found
O18:64bit: - Protocol\Handler\msdaipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - Reg Error: Key error. File not found
O18:64bit: - Protocol\Handler\msdaipp\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - Reg Error: Key error. File not found
O18:64bit: - Protocol\Handler\ms-help {314111c7-a502-11d2-bbca-00c04f8ec294} - Reg Error: Key error. File not found
O18:64bit: - Protocol\Handler\mso-offdap11 {32505114-5902-49B2-880A-1F7738E5A384} - Reg Error: Key error. File not found
O18:64bit: - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - Reg Error: Key error. File not found
O18 - Protocol\Handler\grooveLocalGWS {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\Program Files (x86)\Microsoft Office\Office12\GrooveSystemServices.dll (Microsoft Corporation)
O18 - Protocol\Handler\http\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\SYSTEM\OLE DB\msdaipp.dll (Microsoft Corporation)
O18 - Protocol\Handler\http\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\SYSTEM\OLE DB\msdaipp.dll (Microsoft Corporation)
O18 - Protocol\Handler\https\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\SYSTEM\OLE DB\msdaipp.dll (Microsoft Corporation)
O18 - Protocol\Handler\https\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\SYSTEM\OLE DB\msdaipp.dll (Microsoft Corporation)
O18 - Protocol\Handler\msdaipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\SYSTEM\OLE DB\msdaipp.dll (Microsoft Corporation)
O18 - Protocol\Handler\msdaipp\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\SYSTEM\OLE DB\msdaipp.dll (Microsoft Corporation)
O18 - Protocol\Handler\mso-offdap11 {32505114-5902-49B2-880A-1F7738E5A384} - C:\PROGRA~2\COMMON~1\MICROS~1\WEBCOM~1\11\OWC11.DLL (Microsoft Corporation)
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~2\COMMON~1\Skype\SKYPE4~1.DLL (Skype Technologies)
O18:64bit: - Protocol\Filter\text/xml {807553E5-5146-11D5-A672-00B0D022E945} - Reg Error: Key error. File not found
O18 - Protocol\Filter\text/xml {807553E5-5146-11D5-A672-00B0D022E945} - C:\Program Files (x86)\Common Files\Microsoft Shared\OFFICE11\MSOXMLMF.DLL (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\Windows\SysNative\SystemPropertiesPerformance.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: VMApplet - (/pagefile) -  File not found
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\Windows\SysWow64\SystemPropertiesPerformance.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (/pagefile) -  File not found
O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - CLSID or File not found.
O21 - SSODL: Programsand - {abaf9c46-b4e9-478c-ac93-a56dd5b7168c} - C:\Program Files (x86)\Common Files\Programs\Programsand.dll File not found
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - CLSID or File not found.
O28 - HKLM ShellExecuteHooks: {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - C:\Program Files (x86)\Microsoft Office\Office12\GrooveShellExtensions.dll (Microsoft Corporation)
O32 - HKLM CDRom: AutoRun - 1
O33 - MountPoints2\{62209535-0751-11df-a420-00241d8dea96}\Shell - "" = AutoRun
O33 - MountPoints2\{62209535-0751-11df-a420-00241d8dea96}\Shell\AutoRun\command - "" = H:\Setup.exe -- File not found
O33 - MountPoints2\{7f89f060-0fe2-11df-9897-00241d8dea96}\Shell - "" = AutoRun
O33 - MountPoints2\{7f89f060-0fe2-11df-9897-00241d8dea96}\Shell\AutoRun\command - "" = E:\LaunchU3.exe -- File not found
O34 - HKLM BootExecute: (autocheck autochk *) -  File not found
O35:64bit: - HKLM\..comfile [open] -- "%1" %*
O35:64bit: - HKLM\..exefile [open] -- "%1" %*
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %*
O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
 
========== Files/Folders - Created Within 30 Days ==========
 
[2010.06.29 20:25:31 | 000,000,000 | ---D | C] -- C:\Users\***\AppData\Roaming\Malwarebytes
[2010.06.29 20:25:22 | 000,038,224 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\SysWow64\drivers\mbamswissarmy.sys
[2010.06.29 20:25:21 | 000,024,664 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\SysNative\drivers\mbam.sys
[2010.06.29 20:25:21 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Malwarebytes' Anti-Malware
[2010.06.29 20:25:21 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes
[2010.06.28 22:17:13 | 000,000,000 | ---D | C] -- C:\Users\***\AppData\Roaming\ImTOO
[2010.06.28 22:16:00 | 000,000,000 | ---D | C] -- C:\Programme\ImTOO
[2010.06.28 22:14:44 | 000,000,000 | ---D | C] -- C:\Users\***\Desktop\ImTOO Video Converter Ultimate v6.0.3 (Build 0430)
[2010.06.28 21:46:52 | 000,000,000 | -HSD | C] -- C:\Config.Msi
[2010.06.27 21:34:05 | 000,000,000 | ---D | C] -- C:\ProgramData\2DBoy
[2010.06.27 21:33:30 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\WorldOfGoo
[2010.06.27 20:28:37 | 000,000,000 | ---D | C] -- C:\Users\***\Desktop\287410779 Sabrina
[2010.06.27 16:26:11 | 000,527,192 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\XAudio2_7.dll
[2010.06.27 16:26:11 | 000,518,488 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\XAudio2_7.dll
[2010.06.27 16:26:11 | 000,239,960 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\xactengine3_7.dll
[2010.06.27 16:26:11 | 000,176,984 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\xactengine3_7.dll
[2010.06.27 16:26:11 | 000,077,656 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\XAPOFX1_5.dll
[2010.06.27 16:26:11 | 000,074,072 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\XAPOFX1_5.dll
[2010.06.27 16:26:10 | 002,526,056 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\D3DCompiler_43.dll
[2010.06.27 16:26:10 | 002,106,216 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\D3DCompiler_43.dll
[2010.06.27 16:26:10 | 001,907,552 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\d3dcsx_43.dll
[2010.06.27 16:26:10 | 001,868,128 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\d3dcsx_43.dll
[2010.06.27 16:26:10 | 000,276,832 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\d3dx11_43.dll
[2010.06.27 16:26:10 | 000,248,672 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\d3dx11_43.dll
[2010.06.27 16:26:09 | 000,511,328 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\d3dx10_43.dll
[2010.06.27 16:26:09 | 000,470,880 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\d3dx10_43.dll
[2010.06.27 16:26:08 | 002,401,112 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\D3DX9_43.dll
[2010.06.27 16:26:08 | 001,998,168 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\D3DX9_43.dll
[2010.06.27 16:25:28 | 000,000,000 | -H-D | C] -- C:\Windows\msdownld.tmp
[2010.06.27 16:25:28 | 000,000,000 | ---D | C] -- C:\Windows\SysWow64\directx
[2010.06.27 13:16:18 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Gameforge4D
[2010.06.26 10:07:59 | 000,000,000 | ---D | C] -- C:\Users\***\Desktop\0052_Another_Code_Two_Memories_PROPER_EUR_NDS-TRM
[2010.06.24 18:58:46 | 000,000,000 | ---D | C] -- C:\ProgramData\NOS
[2010.06.23 21:27:44 | 001,942,856 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\dfshim.dll
[2010.06.23 21:27:44 | 001,130,824 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\dfshim.dll
[2010.06.23 21:27:44 | 000,320,352 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\PresentationHost.exe
[2010.06.23 21:27:44 | 000,295,264 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\PresentationHost.exe
[2010.06.23 21:27:44 | 000,109,912 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\PresentationHostProxy.dll
[2010.06.23 21:27:44 | 000,099,176 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\PresentationHostProxy.dll
[2010.06.23 21:27:44 | 000,049,472 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\netfxperf.dll
[2010.06.23 21:27:44 | 000,048,960 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\netfxperf.dll
[2010.06.23 18:27:16 | 000,000,000 | R--D | C] -- C:\Users\***\Documents\Scanned Documents
[2010.06.23 18:27:16 | 000,000,000 | ---D | C] -- C:\Users\***\Documents\Fax
[2010.06.20 21:28:33 | 000,000,000 | ---D | C] -- C:\Users\***\AppData\Roaming\Media Player Classic
[2010.06.20 21:22:47 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\XviD
[2010.06.20 21:22:14 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Gabest
[2010.06.20 21:22:01 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\AutoGK
[2010.06.20 14:00:05 | 000,000,000 | ---D | C] -- C:\Users\***\Desktop\SSBR
[2010.06.20 14:00:04 | 000,000,000 | ---D | C] -- C:\Users\***\Desktop\SSBRumble Demo 0.8
[2010.06.19 19:53:47 | 000,000,000 | ---D | C] -- C:\Users\***\Desktop\408002942 Wölkchen
[2010.06.19 19:37:29 | 000,000,000 | ---D | C] -- C:\Users\***\Desktop\Usb backup
[2010.06.15 15:13:07 | 000,000,000 | ---D | C] -- C:\Users\***\Desktop\Counter Ops
[2010.06.12 14:19:53 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\PC Inspector File Recovery
[2010.06.12 13:46:45 | 000,000,000 | ---D | C] -- C:\Users\***\Desktop\bilder
[2010.06.11 23:01:44 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Microsoft
[2010.06.11 23:01:32 | 000,000,000 | ---D | C] -- C:\Users\Public\Documents\microsoft
[2010.06.11 23:01:14 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Windows Live SkyDrive
[2010.06.11 23:00:37 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Windows Live
[2010.06.11 22:59:02 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Microsoft SQL Server Compact Edition
[2010.06.11 13:20:36 | 000,366,080 | ---- | C] (Adobe Systems Incorporated) -- C:\Windows\SysNative\atmfd.dll
[2010.06.11 13:20:36 | 000,293,888 | ---- | C] (Adobe Systems Incorporated) -- C:\Windows\SysWow64\atmfd.dll
[2010.06.11 13:20:36 | 000,046,080 | ---- | C] (Adobe Systems) -- C:\Windows\SysNative\atmlib.dll
[2010.06.11 13:20:36 | 000,034,304 | ---- | C] (Adobe Systems) -- C:\Windows\SysWow64\atmlib.dll
[2010.06.09 21:27:45 | 000,000,000 | ---D | C] -- C:\Users\***\Desktop\Alles Atze
[2010.06.08 23:04:37 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\DDVideoDPGAVI
[2010.06.08 23:04:35 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Programs
[2010.06.01 22:11:26 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Windows Live
[2010.06.01 16:06:06 | 002,610,008 | ---- | C] (Waves Audio Ltd.) -- C:\Windows\SysNative\WavesGUILib.dll
[2010.06.01 16:06:06 | 001,958,944 | ---- | C] (Realtek Semiconductor Corp.) -- C:\Windows\SysNative\RtPgEx64.dll
[2010.06.01 16:06:06 | 001,146,400 | ---- | C] (Realtek Semiconductor Corp.) -- C:\Windows\SysNative\RTSnMg64.cpl
[2010.06.01 16:06:06 | 000,518,896 | ---- | C] (SRS Labs, Inc.) -- C:\Windows\SysNative\SRSTSX64.dll
[2010.06.01 16:06:06 | 000,332,320 | ---- | C] (Realtek Semiconductor Corp.) -- C:\Windows\SysNative\RtlCPAPI64.dll
[2010.06.01 16:06:06 | 000,211,184 | ---- | C] (SRS Labs, Inc.) -- C:\Windows\SysNative\SRSTSH64.dll
[2010.06.01 16:06:06 | 000,198,896 | ---- | C] (SRS Labs, Inc.) -- C:\Windows\SysNative\SRSHP64.dll
[2010.06.01 16:06:06 | 000,155,888 | ---- | C] (SRS Labs, Inc.) -- C:\Windows\SysNative\SRSWOW64.dll
[2010.06.01 16:06:05 | 002,602,016 | ---- | C] (Realtek Semiconductor Corp.) -- C:\Windows\SysNative\RtkAPO64.dll
[2010.06.01 16:06:05 | 002,197,264 | ---- | C] (Waves Audio Ltd.) -- C:\Windows\SysNative\MaxxAudioEQ.dll
[2010.06.01 16:06:05 | 001,733,464 | ---- | C] (Waves Audio Ltd.) -- C:\Windows\SysNative\MaxxAudioRealtek.dll
[2010.06.01 16:06:05 | 001,210,912 | ---- | C] (Realtek Semiconductor Corp.) -- C:\Windows\SysNative\RTCOM64.dll
[2010.06.01 16:06:05 | 000,476,192 | ---- | C] (Realtek Semiconductor Corp.) -- C:\Windows\SysNative\RtkApi64.dll
[2010.06.01 16:06:05 | 000,372,936 | ---- | C] (Dolby Laboratories, Inc.) -- C:\Windows\SysNative\RTEEP64A.dll
[2010.06.01 16:06:05 | 000,335,192 | ---- | C] (Waves Audio Ltd.) -- C:\Windows\SysNative\MaxxVolumeSDAPO.dll
[2010.06.01 16:06:05 | 000,335,192 | ---- | C] (Waves Audio Ltd.) -- C:\Windows\SysNative\MaxxAudioAPO30.dll
[2010.06.01 16:06:05 | 000,318,808 | ---- | C] (Waves Audio Ltd.) -- C:\Windows\SysNative\MaxxAudioAPO20.dll
[2010.06.01 16:06:05 | 000,307,920 | ---- | C] (Dolby Laboratories, Inc.) -- C:\Windows\SysNative\RP3DHT64.dll
[2010.06.01 16:06:05 | 000,307,920 | ---- | C] (Dolby Laboratories, Inc.) -- C:\Windows\SysNative\RP3DAA64.dll
[2010.06.01 16:06:05 | 000,201,928 | ---- | C] (Dolby Laboratories, Inc.) -- C:\Windows\SysNative\RTEED64A.dll
[2010.06.01 16:06:05 | 000,149,536 | ---- | C] (Realtek Semiconductor Corp.) -- C:\Windows\SysNative\RtkCfg64.dll
[2010.06.01 16:06:05 | 000,099,016 | ---- | C] (Dolby Laboratories, Inc.) -- C:\Windows\SysNative\RTEEL64A.dll
[2010.06.01 16:06:05 | 000,076,488 | ---- | C] (Dolby Laboratories, Inc.) -- C:\Windows\SysNative\RTEEG64A.dll
[2010.06.01 16:06:05 | 000,070,176 | ---- | C] (Realtek Semiconductor Corp.) -- C:\Windows\SysNative\RCoInst64.dll
[2010.06.01 16:06:04 | 001,325,328 | ---- | C] (DTS) -- C:\Windows\SysNative\DTSS2SpeakerDLL64.dll
[2010.06.01 16:06:04 | 001,178,384 | ---- | C] (DTS) -- C:\Windows\SysNative\DTSS2HeadphoneDLL64.dll
[2010.06.01 16:06:04 | 001,110,800 | ---- | C] (DTS) -- C:\Windows\SysNative\DTSBoostDLL64.dll
[2010.06.01 16:06:04 | 000,504,592 | ---- | C] (DTS) -- C:\Windows\SysNative\DTSBassEnhancementDLL64.dll
[2010.06.01 16:06:04 | 000,489,744 | ---- | C] (DTS) -- C:\Windows\SysNative\DTSSymmetryDLL64.dll
[2010.06.01 16:06:04 | 000,474,896 | ---- | C] (DTS) -- C:\Windows\SysNative\DTSVoiceClarityDLL64.dll
[2010.06.01 16:06:04 | 000,330,656 | ---- | C] (Fortemedia Corporation) -- C:\Windows\SysNative\FMAPO64.dll
[2010.06.01 16:06:04 | 000,315,152 | ---- | C] (DTS) -- C:\Windows\SysNative\DTSNeoPCDLL64.dll
[2010.06.01 16:06:04 | 000,268,560 | ---- | C] (DTS) -- C:\Windows\SysNative\DTSLimiterDLL64.dll
[2010.06.01 16:06:04 | 000,265,488 | ---- | C] (DTS) -- C:\Windows\SysNative\DTSGainCompensatorDLL64.dll
[2010.06.01 16:06:04 | 000,168,288 | ---- | C] (Andrea Electronics Corporation) -- C:\Windows\SysNative\AERTAC64.dll
[2010.06.01 16:06:04 | 000,123,664 | ---- | C] (DTS) -- C:\Windows\SysNative\DTSLFXAPO64.dll
[2010.06.01 16:06:04 | 000,123,152 | ---- | C] (DTS) -- C:\Windows\SysNative\DTSGFXAPO64.dll
[2010.06.01 16:06:04 | 000,122,128 | ---- | C] (DTS) -- C:\Windows\SysNative\DTSGFXAPONS64.dll
[2010.06.01 16:06:04 | 000,108,960 | ---- | C] (Andrea Electronics Corporation) -- C:\Windows\SysNative\AERTAR64.dll
[2010.06.01 16:06:02 | 001,251,872 | ---- | C] (Realtek Semiconductor Corp.) -- C:\Windows\RtlExUpd.dll
[2010.06.01 16:01:04 | 000,000,000 | ---D | C] -- C:\Windows\SysWow64\RTCOM
[2010.06.01 16:01:04 | 000,000,000 | ---D | C] -- C:\Programme\Realtek
[2002.11.11 03:00:10 | 000,073,728 | ---- | C] ( ) -- C:\Windows\SysWow64\SlpV24.dll
[4 C:\Windows\SysWow64\*.tmp files -> C:\Windows\SysWow64\*.tmp -> ]
[3 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]
[1 C:\Windows\SysNative\*.tmp files -> C:\Windows\SysNative\*.tmp -> ]
 
========== Files - Modified Within 30 Days ==========
 
[2010.06.29 20:46:16 | 000,014,192 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2010.06.29 20:46:16 | 000,014,192 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2010.06.29 20:40:49 | 000,023,080 | ---- | M] (Windows (R) Server 2003 DDK provider) -- C:\Windows\gdrv.sys
[2010.06.29 20:40:40 | 000,000,006 | -H-- | M] () -- C:\Windows\tasks\SA.DAT
[2010.06.29 20:40:37 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2010.06.29 20:40:33 | 3220,037,632 | -HS- | M] () -- C:\hiberfil.sys
[2010.06.29 20:39:39 | 003,145,728 | -HS- | M] () -- C:\Users\***\ntuser.dat
[2010.06.29 20:39:34 | 010,100,806 | -H-- | M] () -- C:\Users\***\AppData\Local\IconCache.db
[2010.06.29 20:25:25 | 000,001,009 | ---- | M] () -- C:\Users\Public\Desktop\Malwarebytes' Anti-Malware.lnk
[2010.06.29 19:49:00 | 000,001,114 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-1035008423-2702467771-726374958-1000UA.job
[2010.06.29 18:49:00 | 000,001,062 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-1035008423-2702467771-726374958-1000Core.job
[2010.06.28 22:15:43 | 000,002,165 | ---- | M] () -- C:\Users\Public\Desktop\ImTOO Video Converter Ultimate 6.lnk
[2010.06.28 22:02:45 | 000,109,616 | ---- | M] () -- C:\Users\***\AppData\Local\GDIPFONTCACHEV1.DAT
[2010.06.28 21:52:07 | 000,169,984 | ---- | M] () -- C:\Windows\Mnabea.exe
[2010.06.27 21:33:53 | 000,001,917 | ---- | M] () -- C:\Users\Public\Desktop\World of Goo.lnk
[2010.06.27 20:20:51 | 000,419,336 | ---- | M] () -- C:\Windows\SysNative\FNTCACHE.DAT
[2010.06.27 11:45:45 | 002,259,074 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI
[2010.06.27 11:45:45 | 000,712,450 | ---- | M] () -- C:\Windows\SysNative\perfh007.dat
[2010.06.27 11:45:45 | 000,675,208 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat
[2010.06.27 11:45:45 | 000,492,918 | ---- | M] () -- C:\Windows\SysNative\perfh00B.dat
[2010.06.27 11:45:45 | 000,151,600 | ---- | M] () -- C:\Windows\SysNative\perfc007.dat
[2010.06.27 11:45:45 | 000,128,616 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat
[2010.06.27 11:45:45 | 000,103,638 | ---- | M] () -- C:\Windows\SysNative\perfc00B.dat
[2010.06.26 20:48:16 | 001,021,898 | ---- | M] () -- C:\Users\***\Desktop\SL382099.jpg
[2010.06.26 14:07:42 | 000,000,083 | ---- | M] () -- C:\Windows\wp.INI
[2010.06.24 13:24:54 | 000,019,215 | ---- | M] () -- C:\Users\***\Desktop\Meine Spiele.jpg
[2010.06.20 22:19:39 | 000,000,566 | ---- | M] () -- C:\Users\***\AppData\Roaming\AutoGK.ini
[2010.06.20 14:18:37 | 001,067,294 | ---- | M] () -- C:\Users\***\Desktop\Kircliche TrauungParty22 05 2010 175.jpg
[2010.06.19 16:27:18 | 1055,306,184 | ---- | M] () -- C:\Users\***\Desktop\Mein Film.wmv
[2010.06.19 16:06:08 | 000,000,069 | ---- | M] () -- C:\Windows\NeroDigital.ini
[2010.06.19 15:51:33 | 000,151,843 | ---- | M] () -- C:\Users\***\Desktop\Ultraviolet.jpg
[2010.06.19 00:00:16 | 000,000,392 | ---- | M] () -- C:\Windows\tasks\NeroLiveEpgUpdate-***-PC_***.job
[2010.06.17 15:06:03 | 000,000,098 | ---- | M] () -- C:\Users\***\Desktop\Flagge_Sebastian.vrs
[2010.06.15 21:24:21 | 000,107,184 | ---- | M] () -- C:\Users\***\Desktop\3DS.png
[2010.06.15 21:14:38 | 000,031,458 | ---- | M] () -- C:\Users\***\Desktop\DS Vergleich.jpg
[2010.06.15 21:13:32 | 000,015,317 | ---- | M] () -- C:\Users\***\Desktop\ctr_hardware.jpg
[2010.06.12 14:19:53 | 000,001,858 | ---- | M] () -- C:\Users\Public\Desktop\PC Inspector File Recovery.lnk
[2010.06.11 22:59:03 | 000,000,020 | ---- | M] () -- C:\Windows\Àù¾
[2010.06.11 22:49:43 | 041,043,920 | ---- | M] () -- C:\Users\***\Desktop\06 Baby Got Back.wav
[2010.06.11 13:44:24 | 000,002,354 | ---- | M] () -- C:\Users\***\Desktop\Google Chrome.lnk
[2010.06.10 17:37:31 | 384,269,034 | ---- | M] () -- C:\Windows\MEMORY.DMP
[2010.06.09 20:38:03 | 000,000,083 | ---- | M] () -- C:\Windows\wwp.INI
[2010.06.08 22:31:58 | 000,027,648 | ---- | M] () -- C:\Users\***\Desktop\Franze_bewerbung.doc
[2010.06.02 04:55:30 | 000,527,192 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\XAudio2_7.dll
[2010.06.02 04:55:30 | 000,518,488 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\XAudio2_7.dll
[2010.06.02 04:55:30 | 000,239,960 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\xactengine3_7.dll
[2010.06.02 04:55:30 | 000,176,984 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\xactengine3_7.dll
[2010.06.02 04:55:30 | 000,077,656 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\XAPOFX1_5.dll
[2010.06.02 04:55:30 | 000,074,072 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\XAPOFX1_5.dll
[2010.06.01 22:03:03 | 000,176,502 | ---- | M] () -- C:\Users\***\Desktop\stille.wav
[2010.06.01 16:10:46 | 000,058,853 | ---- | M] () -- C:\Users\***\Documents\Unbenannt (2).wma
[2010.06.01 16:00:23 | 000,525,792 | ---- | M] (Microsoft Corporation) -- C:\Windows\DIFxAPI.dll
[4 C:\Windows\SysWow64\*.tmp files -> C:\Windows\SysWow64\*.tmp -> ]
[3 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]
[1 C:\Windows\SysNative\*.tmp files -> C:\Windows\SysNative\*.tmp -> ]
 
========== Files Created - No Company Name ==========
 
[2010.06.29 20:25:25 | 000,001,009 | ---- | C] () -- C:\Users\Public\Desktop\Malwarebytes' Anti-Malware.lnk
[2010.06.28 22:15:43 | 000,002,165 | ---- | C] () -- C:\Users\Public\Desktop\ImTOO Video Converter Ultimate 6.lnk
[2010.06.28 21:52:12 | 000,169,984 | ---- | C] () -- C:\Windows\Mnabea.exe
[2010.06.27 21:33:53 | 000,001,917 | ---- | C] () -- C:\Users\Public\Desktop\World of Goo.lnk
[2010.06.26 20:48:15 | 001,021,898 | ---- | C] () -- C:\Users\***\Desktop\SL382099.jpg
[2010.06.26 20:21:47 | 067,108,864 | ---- | C] () -- C:\Users\***\Desktop\Ace Atorny.nds.nds
[2010.06.26 14:07:42 | 000,000,083 | ---- | C] () -- C:\Windows\wp.INI
[2010.06.24 13:22:37 | 000,019,215 | ---- | C] () -- C:\Users\***\Desktop\Meine Spiele.jpg
[2010.06.20 22:19:39 | 000,000,566 | ---- | C] () -- C:\Users\***\AppData\Roaming\AutoGK.ini
[2010.06.20 22:13:08 | 067,108,864 | ---- | C] () -- C:\Users\***\Desktop\DK Jungle Climber.nds
[2010.06.20 14:17:36 | 001,067,294 | ---- | C] () -- C:\Users\***\Desktop\Kircliche TrauungParty22 05 2010 175.jpg
[2010.06.19 16:08:29 | 1055,306,184 | ---- | C] () -- C:\Users\***\Desktop\Mein Film.wmv
[2010.06.19 15:51:33 | 000,151,843 | ---- | C] () -- C:\Users\***\Desktop\Ultraviolet.jpg
[2010.06.19 15:40:31 | 735,971,328 | ---- | C] () -- C:\Users\***\Desktop\Ultraviolet.avi
[2010.06.16 20:01:54 | 000,000,098 | ---- | C] () -- C:\Users\***\Desktop\Flagge_Sebastian.vrs
[2010.06.15 21:19:35 | 000,107,184 | ---- | C] () -- C:\Users\***\Desktop\3DS.png
[2010.06.15 21:14:38 | 000,031,458 | ---- | C] () -- C:\Users\***\Desktop\DS Vergleich.jpg
[2010.06.15 21:13:32 | 000,015,317 | ---- | C] () -- C:\Users\***\Desktop\ctr_hardware.jpg
[2010.06.12 14:19:54 | 000,006,200 | ---- | C] () -- C:\Windows\SysWow64\INT13EXT.VXD
[2010.06.12 14:19:53 | 000,001,858 | ---- | C] () -- C:\Users\Public\Desktop\PC Inspector File Recovery.lnk
[2010.06.11 22:59:02 | 000,000,020 | ---- | C] () -- C:\Windows\Àù¾
[2010.06.11 22:49:40 | 041,043,920 | ---- | C] () -- C:\Users\***\Desktop\06 Baby Got Back.wav
[2010.06.09 20:36:33 | 000,000,083 | ---- | C] () -- C:\Windows\wwp.INI
[2010.06.08 22:31:58 | 000,027,648 | ---- | C] () -- C:\Users\***\Desktop\Franze_bewerbung.doc
[2010.06.01 21:58:29 | 000,176,502 | ---- | C] () -- C:\Users\***\Desktop\stille.wav
[2010.06.01 16:10:46 | 000,058,853 | ---- | C] () -- C:\Users\***\Documents\Unbenannt (2).wma
[2010.05.27 22:24:37 | 000,006,528 | ---- | C] () -- C:\Windows\SysWow64\drivers\MOUSEWD.SYS
[2010.05.13 14:14:18 | 000,000,220 | ---- | C] () -- C:\Windows\scrantic.ini
[2010.05.12 17:41:51 | 000,000,000 | ---- | C] () -- C:\Windows\HPMProp.INI
[2010.03.21 18:36:38 | 000,240,640 | ---- | C] () -- C:\Windows\SysWow64\NMOCOD.DLL
[2010.03.21 18:36:38 | 000,004,080 | ---- | C] () -- C:\Windows\SysWow64\drivers\TVICPORT.SYS
[2010.02.25 21:42:16 | 000,000,269 | ---- | C] () -- C:\Windows\pwc62ud.INI
[2010.02.20 15:00:11 | 000,000,069 | ---- | C] () -- C:\Windows\NeroDigital.ini
[2010.02.02 13:30:27 | 000,000,224 | ---- | C] () -- C:\Windows\SIERRA.INI
[2010.01.29 15:15:25 | 000,000,400 | ---- | C] () -- C:\Windows\ODBC.INI
[2010.01.25 21:14:55 | 000,142,592 | ---- | C] () -- C:\Windows\SysWow64\drivers\sp_rsdrv2.sys
[2010.01.23 11:35:15 | 002,286,846 | ---- | C] () -- C:\Windows\SysWow64\PerfStringBackup.INI
[2010.01.22 16:14:50 | 000,001,018 | ---- | C] () -- C:\Windows\disney.ini
[2010.01.21 18:39:44 | 000,000,010 | ---- | C] () -- C:\Windows\GSetup.ini
[2009.07.14 01:42:10 | 000,064,000 | ---- | C] () -- C:\Windows\SysWow64\BWContextHandler.dll
[2009.07.13 23:03:59 | 000,364,544 | ---- | C] () -- C:\Windows\SysWow64\msjetoledb40.dll
[2009.01.25 23:10:48 | 000,179,200 | ---- | C] () -- C:\Windows\SysWow64\xvidvfw.dll
[2009.01.09 01:01:22 | 000,629,760 | ---- | C] () -- C:\Windows\SysWow64\xvidcore.dll
[2002.10.16 00:54:04 | 000,153,088 | ---- | C] () -- C:\Windows\SysWow64\unrar.dll
< End of report >

--- --- ---

[CODE]und hier die Extras.txt:
OTL Logfile:

Code:

ATTFilter

OTL Extras logfile created on: 29.06.2010 20:44:06 - Run 1
OTL by OldTimer - Version 3.2.7.0     Folder = C:\Users\***\Desktop\Downloads
64bit- Ultimate Edition  (Version = 6.1.7600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.7600.16385)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
 
4,00 Gb Total Physical Memory | 3,00 Gb Available Physical Memory | 72,00% Memory free
8,00 Gb Paging File | 7,00 Gb Available in Paging File | 85,00% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 465,66 Gb Total Space | 181,87 Gb Free Space | 39,06% Space Free | Partition Type: NTFS
D: Drive not present or media not loaded
E: Drive not present or media not loaded
F: Drive not present or media not loaded
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded
 
Computer Name: ***-PC
Current User Name: ***
Logged in as Administrator.
 
Current Boot Mode: Normal
Scan Mode: Current user
Include 64bit Scans
Company Name Whitelist: Off
Skip Microsoft Files: Off
File Age = 30 Days
Output = Minimal
 
========== Extra Registry (SafeList) ==========
 
 
========== File Associations ==========
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- C:\Windows\SysWow64\control.exe (Microsoft Corporation)
 
[HKEY_CURRENT_USER\SOFTWARE\Classes\<extension>]
.html [@ = FirefoxHTML] -- C:\Program Files (x86)\Mozilla Firefox\firefox.exe (Mozilla Corporation)
 
========== Shell Spawning ==========
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %* File not found
cmdfile [open] -- "%1" %* File not found
comfile [open] -- "%1" %* File not found
exefile [open] -- "%1" %* File not found
helpfile [open] -- Reg Error: Key error.
htmlfile [edit] -- "C:\Program Files (x86)\Microsoft Office\Office12\msohtmed.exe" %1 (Microsoft Corporation)
htmlfile [print] -- "C:\Program Files (x86)\Microsoft Office\Office12\msohtmed.exe" /p %1 (Microsoft Corporation)
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
InternetShortcut [print] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\mshtml.dll",PrintHTML "%1" (Microsoft Corporation)
piffile [open] -- "%1" %* File not found
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1" File not found
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l (Microsoft Corporation)
scrfile [open] -- "%1" /S File not found
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1 File not found
Directory [Browse with &IrfanView] -- "C:\Program Files (x86)\IrfanView\i_view32.exe" "%1 /thumbs" (Irfan Skiljan)
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [OneNote.Open] -- C:\PROGRA~2\MICROS~1\Office12\ONENOTE.EXE "%L" File not found
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
htmlfile [edit] -- "C:\Program Files (x86)\Microsoft Office\Office12\msohtmed.exe" %1 (Microsoft Corporation)
htmlfile [print] -- "C:\Program Files (x86)\Microsoft Office\Office12\msohtmed.exe" /p %1 (Microsoft Corporation)
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
InternetShortcut [print] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\mshtml.dll",PrintHTML "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l (Microsoft Corporation)
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [Browse with &IrfanView] -- "C:\Program Files (x86)\IrfanView\i_view32.exe" "%1 /thumbs" (Irfan Skiljan)
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [OneNote.Open] -- C:\PROGRA~2\MICROS~1\Office12\ONENOTE.EXE "%L" File not found
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
 
========== Security Center Settings ==========
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"VistaSp1" = 28 4D B2 76 41 04 CA 01  [binary data]
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
 
========== Authorized Applications List ==========
 
 
========== HKEY_LOCAL_MACHINE Uninstall List ==========
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{28D06854-572C-4A65-83E5-F8CAF26B9FDC}" = Microsoft SQL Server VSS Writer
"{5DE154DF-A55E-4FA5-BE59-32E78FCACF3E}" = Microsoft Windows SDK for Visual Studio 2008 Headers and Libraries
"{8325FD0C-2FDB-46C3-921A-3A78385EA972}" = Microsoft SQL Server 2008 Native Client
"{90120000-002A-0000-1000-0000000FF1CE}" = Microsoft Office Office 64-bit Components 2007
"{90120000-002A-0407-1000-0000000FF1CE}" = Microsoft Office Shared 64-bit MUI (German) 2007
"{95120000-00B9-0409-1000-0000000FF1CE}" = Microsoft Application Error Reporting
"{BE930E38-7BB3-45B6-85B2-5251F374F844}" = 64 Bit HP CIO Components Installer
"{DE2C9D5F-C55C-30E8-9322-2B8E8B5DF87C}" = Microsoft Windows SDK for Visual Studio 2008 SP1 Express Tools for .NET Framework - deu
"{E6420CCB-92BE-3ACB-BDC3-69FBDD319C94}" = Microsoft Visual Studio 2008 Remote Debugger Light (x64) - DEU
"{F5C819A5-E068-4f7d-B91A-1BD18702AFFB}" = Microsoft Windows SDK for Visual Studio 2008 SP1 Express Tools for Win32
"45A7283175C62FAC673F913C1F532C5361F97841" = Windows Driver Package - Garmin (grmnusb) GARMIN Devices  (03/08/2007 2.2.1.0)
"Microsoft Visual Studio 2008 Remote Debugger Light (x64) - DEU" = Microsoft Visual Studio 2008 Remote Debugger Light (x64) - DEU
"NVIDIA Display Control Panel" = NVIDIA Display Control Panel
"NVIDIA Drivers" = NVIDIA Drivers
"TeraCopy_is1" = TeraCopy 2.12
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{002D9D5E-29BA-3E6D-9BC4-3D7D6DBC735C}" = Microsoft Visual C++ 2008 ATL Update kb973924 - x86 9.0.30729.4148
"{0711500B-9912-4D60-9A49-C577B4503D42}" = Nero Recode Help
"{07300F01-89CA-4CF8-92BD-2A605EB83C95}" = EasySaver B9.0205.1 
"{07A8ED9E-B98E-437F-B750-241B412BE924}" = Garmin USB Drivers
"{07FF7593-9DEA-40B5-9F87-F557E65BBF60}" = Nero Recode
"{08D5F667-E1D7-4792-9FFD-5888C8D4A0DF}" = Garmin Training Center
"{0DD140D3-9563-481E-AA75-BA457CBDAEF2}" = PC Inspector File Recovery
"{1122AAC4-AAAA-43BF-B2D4-3C8C12378952}" = Nero InfoTool
"{112B0ED9-57F8-4883-8E6A-5BEAABDABBC1}" = Crazy Machines II
"{11A84FCA-C3C7-4AFD-A797-111DB8569DBC}" = Nero BurningROM
"{12345674-DE9A-677A-CCEE-666356D89777}" = Nero BurnRights
"{1351cb7d-1b73-47c6-989e-60a509007d7d}" = Nero 9
"{161B0ABD-3856-42AC-8A43-9D2B9C7FC6C5}" = Image Minimizer
"{1B040683-C390-4711-ABC7-DA8D85E470E7}" = NeroBurningROM
"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
"{205C6BDD-7B73-42DE-8505-9A093F35A238}" = Windows Live-Uploadtool
"{22B775E7-6C42-4FC5-8E10-9A5E3257BD94}" = MSVCRT
"{2447500B-22D7-47BD-9B13-1A927F43A267}" = Empire Earth
"{26A24AE4-039D-4CA4-87B4-2F83216020FF}" = Java(TM) 6 Update 20
"{2B54B4B6-5834-494D-81E6-79AC3955EEE5}_is1" = SnowBound Online v2.0
"{2D3455A8-3B15-41A8-99F8-0D4215746463}" = Nero StartSmart
"{3097B151-1F61-4211-A4CC-D70127B226AE}" = SoundTrax
"{3175E049-F9A9-4A3D-8F19-AC9FB04514D1}" = Windows Live Communications Platform
"{33AE9E89-47C9-4A0D-9E9D-BDD6966A3804}" = Microsoft SQL Server 2008 RsFx Driver
"{342D4AD7-EC4C-4EC8-AEA6-E70F5905A490}" = SQL Server System CLR Types
"{3C3D696B-0DB7-3C6D-A356-3DB8CE541918}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729
"{3F30CC51-0788-487B-AA83-7214A239C0C0}" = Nero Disc Copy Gadget Help
"{477415F5-93DA-46AA-85C5-640047825995}" = Microsoft SQL Server 2008 Database Engine Shared
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{4A6F34E2-09E5-4616-B227-4A26A488A6F9}" = Microsoft SQL Server 2008 Common Files
"{4AF2248C-B3DF-46FB-9596-87F5DB193689}" = Microsoft SQL Server 2008 Browser
"{4D42353B-533F-4306-AD0B-7FEF292ADE04}" = Nero CoverDesigner Help
"{4E8C27C2-D727-4C00-A90E-C3F6376EEE70}" = Nero ControlCenter
"{510D2239-6C2E-457B-9590-485EC552D94D}" = Garmin USB Drivers
"{52B97218-98CB-4B8B-9283-D213C85E1AA4}" = Windows Live Anmelde-Assistent
"{548F99E0-14CC-4D53-A7D6-4A62A5F2C748}" = Nero PhotoSnap
"{56BE5CC9-95E6-4128-ABEA-968414CA9C80}" = DolbyFiles
"{56C049BE-79E9-4502-BEA7-9754A3E60F9B}" = neroxml
"{586509F0-350D-48B5-B763-9CC2F8D96C4C}" = Windows Live Sync
"{58FA5D40-E35A-47ED-8AFA-68CCC758559E}" = Garmin MapSource
"{5A0B7BA5-4682-4273-81C2-69B17E649103}" = GRID
"{5A62A775-A29A-4CE1-BBC2-4A9CD0B211EF}" = Nero Live Help
"{5AE12194-3EAA-40DF-B2BF-FE1D6B78BBF4}" = Nero Vision
"{5BD39911-A12F-4562-98BA-A6E03E3370B1}" = Microsoft SQL Server 2008 Database Engine Services
"{5C2E8A0F-80E2-4C68-8CC0-D8D16E7196BF}" = Nero RescueAgent Help
"{5C42EAB8-54F9-423A-948C-1CBEF25F8DB4}" = Nero PhotoSnap Help
"{5C9BB0B3-E830-4814-BBA4-D93535E1C7B9}" = Nero Live
"{69FDFBB6-351D-4B8C-89D8-867DC9D0A2A4}" = Windows Media Player Firefox Plugin
"{6E36A172-06FB-4BC8-B7FC-D30D219E6776}" = Tom Clancy's H.A.W.X
"{7236672F-6430-439E-9B27-27EDEAF1D676}" = Diagnostic Utility
"{7299052b-02a4-4627-81f2-1818da5d550d}" = Microsoft Visual C++ 2005 Redistributable
"{74715EE0-D979-4690-ACF9-9C3693AD36FE}" = Island Xtreme Stunts
"{75321954-2589-11DC-DDCC-E98356D81493}" = Nero DriveSpeed
"{753973C4-B961-43BF-B2D4-3C8C92F7216E}" = Nero DriveSpeed
"{770657D0-A123-3C07-8E44-1C83EC895118}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
"{78523651-D8B1-11DC-CCEE-741589645873}" = Nero DiscSpeed
"{850C7BD3-9F3F-46AD-9396-E7985B38C55E}" = Windows Live Fotogalerie
"{877B3198-1C6B-4A9A-8D28-BE4F6040987F}" = Unterstützungsdateien für Microsoft SQL Server 2008-Setup 
"{8833FFB6-5B0C-4764-81AA-06DFEED9A476}" = Realtek Ethernet Controller Driver For Windows 7
"{88EB38EF-4D2C-436D-ABD3-56B232674062}" = ICQ7
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{8A74DEFD-A224-49CC-AB80-4E88BC730125}" = LogMeIn Hamachi
"{8C654BD0-1949-43DE-84F2-EC2A1ABB0CB4}" = Nero ShowTime
"{90120000-0015-0407-0000-0000000FF1CE}" = Microsoft Office Access MUI (German) 2007
"{90120000-0015-0407-0000-0000000FF1CE}_ENTERPRISE_{9BD40163-B95D-4B07-8991-0AB775B6D88B}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0016-0407-0000-0000000FF1CE}" = Microsoft Office Excel MUI (German) 2007
"{90120000-0016-0407-0000-0000000FF1CE}_ENTERPRISE_{9BD40163-B95D-4B07-8991-0AB775B6D88B}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0018-0407-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (German) 2007
"{90120000-0018-0407-0000-0000000FF1CE}_ENTERPRISE_{9BD40163-B95D-4B07-8991-0AB775B6D88B}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0019-0407-0000-0000000FF1CE}" = Microsoft Office Publisher MUI (German) 2007
"{90120000-0019-0407-0000-0000000FF1CE}_ENTERPRISE_{9BD40163-B95D-4B07-8991-0AB775B6D88B}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-001A-0407-0000-0000000FF1CE}" = Microsoft Office Outlook MUI (German) 2007
"{90120000-001A-0407-0000-0000000FF1CE}_ENTERPRISE_{9BD40163-B95D-4B07-8991-0AB775B6D88B}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-001B-0407-0000-0000000FF1CE}" = Microsoft Office Word MUI (German) 2007
"{90120000-001B-0407-0000-0000000FF1CE}_ENTERPRISE_{9BD40163-B95D-4B07-8991-0AB775B6D88B}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-001F-0407-0000-0000000FF1CE}" = Microsoft Office Proof (German) 2007
"{90120000-001F-0407-0000-0000000FF1CE}_ENTERPRISE_{A0516415-ED61-419A-981D-93596DA74165}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2007
"{90120000-001F-0409-0000-0000000FF1CE}_ENTERPRISE_{ABDDE972-355B-4AF1-89A8-DA50B7B5C045}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2007
"{90120000-001F-040C-0000-0000000FF1CE}_ENTERPRISE_{F580DDD5-8D37-4998-968E-EBB76BB86787}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-001F-0410-0000-0000000FF1CE}" = Microsoft Office Proof (Italian) 2007
"{90120000-001F-0410-0000-0000000FF1CE}_ENTERPRISE_{322296D4-1EAE-4030-9FBC-D2787EB25FA2}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-002A-0000-1000-0000000FF1CE}_ENTERPRISE_{E64BA721-2310-4B55-BE5A-2925F9706192}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-002A-0407-1000-0000000FF1CE}_ENTERPRISE_{26454C26-D259-4543-AA60-3189E09C5F76}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-002C-0407-0000-0000000FF1CE}" = Microsoft Office Proofing (German) 2007
"{90120000-0030-0000-0000-0000000FF1CE}" = Microsoft Office Enterprise 2007
"{90120000-0030-0000-0000-0000000FF1CE}_ENTERPRISE_{0B36C6D6-F5D8-4EAF-BF94-4376A230AD5B}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0030-0000-0000-0000000FF1CE}_ENTERPRISE_{3D019598-7B59-447A-80AE-815B703B84FF}" = Security Update for Microsoft Office system 2007 (972581)
"{90120000-0044-0407-0000-0000000FF1CE}" = Microsoft Office InfoPath MUI (German) 2007
"{90120000-0044-0407-0000-0000000FF1CE}_ENTERPRISE_{9BD40163-B95D-4B07-8991-0AB775B6D88B}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-006E-0407-0000-0000000FF1CE}" = Microsoft Office Shared MUI (German) 2007
"{90120000-006E-0407-0000-0000000FF1CE}_ENTERPRISE_{26454C26-D259-4543-AA60-3189E09C5F76}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-00A1-0407-0000-0000000FF1CE}" = Microsoft Office OneNote MUI (German) 2007
"{90120000-00A1-0407-0000-0000000FF1CE}_ENTERPRISE_{9BD40163-B95D-4B07-8991-0AB775B6D88B}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-00BA-0407-0000-0000000FF1CE}" = Microsoft Office Groove MUI (German) 2007
"{90120000-00BA-0407-0000-0000000FF1CE}_ENTERPRISE_{9BD40163-B95D-4B07-8991-0AB775B6D88B}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90170407-6000-11D3-8CFE-0150048383C9}" = Microsoft Office FrontPage 2003
"{943CC0C0-2253-4FE0-9493-DD386F7857FD}" = Nero Express
"{948FFAAE-C57F-447B-9B07-3721E950BFDC}" = Nero ShowTime
"{961D53EA-40DC-4156-AD74-25684CE05F81}" = Nero Installer
"{9A200E68-D5F4-4E70-910F-2871753A0E2B}" = Worms World Party
"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
"{9A875B56-A35C-46BA-A3AA-DF8D03EE9F2F}" = Nero ControlCenter
"{9F3523F8-DAD7-AE52-6DA7-45CDDDF33726}" = Advertising Center
"{A73BEC3C-40A0-480E-87EF-EFCD33629088}" = NeroExpress
"{A7496F46-78AE-4DB2-BCF5-95F210FA6F96}" = Windows Live Movie Maker
"{A8399F58-234A-48C6-BA55-30C15738BF3C}" = Nero CoverDesigner
"{A8F2089B-1F79-4BF6-B385-A2C2B0B9A74D}" = ImagXpress
"{AAA12554-2589-11DC-92EF-E98356D81493}" = Nero InfoTool
"{AABBCC54-D8B1-11DC-92EF-E98356D81493}" = Nero DiscSpeed
"{AC76BA86-7AD7-1031-7B44-A93000000001}" = Adobe Reader 9.3.2 - Deutsch
"{AE255C55-E0CF-4591-AA86-CAA19AA32C53}" = Garmin TOPO Deutschland v3
"{AEDBD563-24BB-4EE3-8366-A654DAC2D988}" = Mirror's Edge™
"{B2C12C8D-65DC-40BD-B309-5ADB0C6C8D8F}" = Nero WaveEditor
"{B2C85224-88C1-4ED2-8ECC-EF7362D9F63B}" = Movie Templates - Pack 1
"{B5153233-9AEE-4CD4-9D2C-4FAAC870DBE2}" = Microsoft SQL Server 2008 Database Engine Services
"{B96C2601-52F5-4D5D-816A-63469EA311EF}" = "Nero SoundTrax Help
"{BAEBE7F0-BB3E-4228-BFE0-8FF70BB9B837}" = Menu Templates - Pack 1
"{BCD82AB5-670D-4242-90FA-1F97103C16CD}" = Movie Templates - Starter Kit
"{C05D8CDB-417D-4335-A38C-A0659EDFD6B8}" = Die Sims™ 3
"{C965F01C-76EA-4BD7-973E-46236AE312D7}" = Sql Server Customer Experience Improvement Program
"{C99C89A3-119A-45E6-B26E-DD5643CAA0C5}" = Menu Templates - Starter Kit
"{CAFA57E8-8927-4912-AFCF-B0AA3837E989}" = Windows Live Essentials
"{CD1826A5-CFCC-4C6E-9F9D-E181876162EA}" = Nero Rescue Agent
"{CDD0BC3E-4992-4962-8372-2D700425F42D}" = Menu Templates - Pack 2
"{CE0900ED-C76A-40C0-8DB4-0F68D825B283}_is1" = Stranded II 1.0.0.1
"{D103C4BA-F905-437A-8049-DB24763BBE36}" = Skype™ 4.2
"{D17111CB-C992-42A9-9D56-C19395102AAA}" = Garmin WebUpdater
"{D5A7D7AB-3093-3619-9261-74DB250ECF7B}" = Microsoft Visual C++ 2008 Express Edition with SP1 - DEU
"{D7C206B6-1A63-4389-A8B1-8F607D0BFF1F}" = Nero StartSmart Help
"{D96021A9-B290-4783-B019-0E4000DA84CE}" = S4 League_EU
"{DEA314C4-0929-4250-BC92-98E4C105F28D}" = NVIDIA PhysX
"{DF94566F-BDEC-4529-9532-7FBBEDA38045}" = Menu Templates - Pack 3
"{E0A4805D-280A-4DD7-9E74-3A5F85E302A1}" = Windows Live Writer
"{E3E71D07-CD27-46CB-8448-16D4FB29AA13}" = Microsoft WSE 3.0 Runtime
"{E4A8DD87-A746-4443-BF25-CAF99CED6767}" = Nero Disc Copy Gadget
"{E86156E5-9859-440D-8876-26CED1349802}" = Nero WaveEditor Help
"{EA9FFE54-D8B1-11DC-92EF-E98356D81493}" = Nero BurnRights
"{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}" = Microsoft SQL Server 2005 Compact Edition [ENU]
"{F0E12BBA-AD66-4022-A453-A1C8A0C4D570}" = Microsoft Choice Guard
"{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver
"{F3494AB6-6900-41C6-AF57-823626827ED8}" = Microsoft SQL Server 2008 Database Engine Shared
"{F53F6769-AC46-49E3-ABE3-2C8AFD39D0DD}" = Nero Vision
"{F5E87B12-3C27-452F-8E78-21D42164FD83}" = Microsoft SQL Server 2008 Management Objects
"{FA8BFB25-BF48-4F8B-8859-B30810745190}" = LightScribe System Software
"{FF3C203A-2F19-43A2-9C7C-EC1B5A0FC873}" = Pure
"{FF66E9F6-83E7-3A3E-AF14-8DE9A809A6A4}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022
"{FF6F95A4-E59B-45C8-BEA8-0BDC8D9CAB51}" = Microsoft SQL Server 2008 Common Files
"Adobe Flash Player ActiveX" = Adobe Flash Player 10 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 10 Plugin
"Adobe Shockwave Player" = Adobe Shockwave Player 11.5
"Audacity 1.3 Beta (Unicode)_is1" = Audacity 1.3.12 (Unicode)
"Audacity_is1" = Audacity 1.2.6
"AutoGK" = Auto Gordian Knot 2.55
"AutoHotkey" = AutoHotkey 1.0.48.05
"Avira AntiVir Desktop" = Avira AntiVir Personal - Free Antivirus
"AviSynth" = AviSynth 2.5
"Dev-C++" = Dev-C++ 5 beta 9 release (4.9.9.2)
"ENTERPRISE" = Microsoft Office Enterprise 2007
"EVEREST Home Edition_is1" = EVEREST Home Edition v2.20
"FormatFactory" = FormatFactory 2.30
"Free Download Manager_is1" = Free Download Manager 3.0
"HyperCam 3" = HyperCam 3
"ImTOO Video Converter Ultimate" = ImTOO Video Converter Ultimate 6
"InstallShield_{74715EE0-D979-4690-ACF9-9C3693AD36FE}" = Island Xtreme Stunts
"IrfanView" = IrfanView (remove only)
"JDownloader" = JDownloader
"KLiteCodecPack_is1" = K-Lite Codec Pack 5.8.0 (Standard)
"Launchy_21344213_is1" = Launchy 2.1.2
"LogMeIn Hamachi" = LogMeIn Hamachi
"Malwarebytes' Anti-Malware_is1" = Malwarebytes' Anti-Malware
"Microsoft SQL Server 10" = Microsoft SQL Server 2008
"Microsoft SQL Server 10 Release" = Microsoft SQL Server 2008
"Microsoft Visual C++ 2008 Express Edition with SP1 - DEU" = Microsoft Visual C++ 2008 Express Edition mit SP1 - DEU
"Mozilla Firefox (3.6.6)" = Mozilla Firefox (3.6.6)
"NVIDIAStereo" = NVIDIA Stereoscopic 3D Driver
"OpenAL" = OpenAL
"PDF Passwort Knacker 1" = PDF Passwort Knacker 1
"Spyware Terminator_is1" = Spyware Terminator
"ST6UNST #1" = BEWERBUNGSMASTER
"TeamViewer 5" = TeamViewer 5
"Think Tanks_is1" = Think Tanks
"TmNationsForever_is1" = TmNationsForever Update 2010-03-15
"Tomb Raider: Underworld" = Tomb Raider: Underworld 1.0
"uTorrent" = µTorrent
"VLMC" = VideoLAN Movie Creator
"VobSub" = VobSub v2.23 (Remove Only)
"WinGimp-2.0_is1" = GIMP 2.6.8
"WinLiveSuite_Wave3" = Windows Live Essentials
"WIN-LOGO 2.0" = WIN-LOGO 2.0
"WinRAR archiver" = WinRAR archiver
"World of Warcraft" = World of Warcraft
"XviD MPEG4 Video Codec" = XviD MPEG4 Video Codec (remove only)
"You Don't Know Jack 4" = You Don't Know Jack 4 1.00
 
========== HKEY_CURRENT_USER Uninstall List ==========
 
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"Google Chrome" = Google Chrome
 
========== Last 10 Event Log Errors ==========
 
[ Application Events ]
Error - 23.06.2010 13:12:33 | Computer Name = ***-PC | Source = SideBySide | ID = 16842832
Description = Fehler beim Generieren des Aktivierungskontexts für "C:\Program Files
 (x86)\Nero\Nero 9\Nero PhotoSnap\PhotoSnapViewer.exe.Manifest". Fehler in  Manifest-
 oder Richtliniendatei "" in Zeile .  Eine für die Anwendung erforderliche Komponentenversion
 steht in Konflikt mit  einer anderen, bereits aktiven Komponentenversion.  In Konflikt
 stehende Komponenten:.  Komponente 1: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7600.16385_none_fa645303170382f6.manifest.
Komponente
 2: C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7600.16385_none_421189da2b7fabfc.manifest.
 
Error - 23.06.2010 13:12:33 | Computer Name = ***-PC | Source = SideBySide | ID = 16842832
Description = Fehler beim Generieren des Aktivierungskontexts für "C:\Program Files
 (x86)\Nero\Nero 9\Nero Recode\Recode.exe.Manifest". Fehler in  Manifest- oder Richtliniendatei
 "" in Zeile .  Eine für die Anwendung erforderliche Komponentenversion steht in Konflikt
 mit  einer anderen, bereits aktiven Komponentenversion.  In Konflikt stehende Komponenten:.
Komponente
 1: C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7600.16385_none_421189da2b7fabfc.manifest.
Komponente
 2: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7600.16385_none_fa645303170382f6.manifest.
 
Error - 25.06.2010 08:14:31 | Computer Name = ***-PC | Source = SideBySide | ID = 16842787
Description = Fehler beim Generieren des Aktivierungskontextes für "c:\program files
 (x86)\windows live\photo gallery\MovieMaker.Exe". Fehler in Manifest- oder Richtliniendatei
 "c:\program files (x86)\windows live\photo gallery\WLMFDS.DLL" in Zeile  8.  Die 
im Manifest gefundene Komponenten-ID stimmt nicht mit der ID der angeforderten Komponente
 überein.  Verweis: WLMFDS,processorArchitecture="AMD64",type="win32",version="1.0.0.1".
Definition:
 WLMFDS,processorArchitecture="x86",type="win32",version="1.0.0.1".  Verwenden Sie
 das Programm "sxstrace.exe" für eine detaillierte Diagnose.
 
Error - 25.06.2010 08:14:55 | Computer Name = ***-PC | Source = SideBySide | ID = 16842832
Description = Fehler beim Generieren des Aktivierungskontexts für "C:\Program Files
 (x86)\Nero\Nero 9\Nero PhotoSnap\PhotoSnapViewer.exe.Manifest". Fehler in  Manifest-
 oder Richtliniendatei "" in Zeile .  Eine für die Anwendung erforderliche Komponentenversion
 steht in Konflikt mit  einer anderen, bereits aktiven Komponentenversion.  In Konflikt
 stehende Komponenten:.  Komponente 1: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7600.16385_none_fa645303170382f6.manifest.
Komponente
 2: C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7600.16385_none_421189da2b7fabfc.manifest.
 
Error - 25.06.2010 08:14:55 | Computer Name = ***-PC | Source = SideBySide | ID = 16842832
Description = Fehler beim Generieren des Aktivierungskontexts für "C:\Program Files
 (x86)\Nero\Nero 9\Nero Recode\Recode.exe.Manifest". Fehler in  Manifest- oder Richtliniendatei
 "" in Zeile .  Eine für die Anwendung erforderliche Komponentenversion steht in Konflikt
 mit  einer anderen, bereits aktiven Komponentenversion.  In Konflikt stehende Komponenten:.
Komponente
 1: C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7600.16385_none_421189da2b7fabfc.manifest.
Komponente
 2: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7600.16385_none_fa645303170382f6.manifest.
 
Error - 26.06.2010 08:04:19 | Computer Name = ***-PC | Source = SideBySide | ID = 16842787
Description = Fehler beim Generieren des Aktivierungskontextes für "c:\program files
 (x86)\windows live\photo gallery\MovieMaker.Exe". Fehler in Manifest- oder Richtliniendatei
 "c:\program files (x86)\windows live\photo gallery\WLMFDS.DLL" in Zeile  8.  Die 
im Manifest gefundene Komponenten-ID stimmt nicht mit der ID der angeforderten Komponente
 überein.  Verweis: WLMFDS,processorArchitecture="AMD64",type="win32",version="1.0.0.1".
Definition:
 WLMFDS,processorArchitecture="x86",type="win32",version="1.0.0.1".  Verwenden Sie
 das Programm "sxstrace.exe" für eine detaillierte Diagnose.
 
Error - 26.06.2010 08:04:41 | Computer Name = ***-PC | Source = SideBySide | ID = 16842832
Description = Fehler beim Generieren des Aktivierungskontexts für "C:\Program Files
 (x86)\Nero\Nero 9\Nero PhotoSnap\PhotoSnapViewer.exe.Manifest". Fehler in  Manifest-
 oder Richtliniendatei "" in Zeile .  Eine für die Anwendung erforderliche Komponentenversion
 steht in Konflikt mit  einer anderen, bereits aktiven Komponentenversion.  In Konflikt
 stehende Komponenten:.  Komponente 1: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7600.16385_none_fa645303170382f6.manifest.
Komponente
 2: C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7600.16385_none_421189da2b7fabfc.manifest.
 
Error - 26.06.2010 08:04:41 | Computer Name = ***-PC | Source = SideBySide | ID = 16842832
Description = Fehler beim Generieren des Aktivierungskontexts für "C:\Program Files
 (x86)\Nero\Nero 9\Nero Recode\Recode.exe.Manifest". Fehler in  Manifest- oder Richtliniendatei
 "" in Zeile .  Eine für die Anwendung erforderliche Komponentenversion steht in Konflikt
 mit  einer anderen, bereits aktiven Komponentenversion.  In Konflikt stehende Komponenten:.
Komponente
 1: C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7600.16385_none_421189da2b7fabfc.manifest.
Komponente
 2: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7600.16385_none_fa645303170382f6.manifest.
 
Error - 27.06.2010 07:45:47 | Computer Name = ***-PC | Source = Application Error | ID = 1000
Description = Name der fehlerhaften Anwendung: S4Client.exe, Version: 1.8.36.7341,
 Zeitstempel: 0x4c0cb422  Name des fehlerhaften Moduls: S4Client.exe, Version: 1.8.36.7341,
 Zeitstempel: 0x4c0cb422  Ausnahmecode: 0x40000015  Fehleroffset: 0x003283ee  ID des fehlerhaften
 Prozesses: 0xe48  Startzeit der fehlerhaften Anwendung: 0x01cb15ea38bf5546  Pfad der
 fehlerhaften Anwendung: C:\Program Files (x86)\alaplaya\S4League\S4Client.exe  Pfad
 des fehlerhaften Moduls: C:\Program Files (x86)\alaplaya\S4League\S4Client.exe  Berichtskennung:
 86051a52-81e1-11df-850e-00241d8dea96
 
Error - 27.06.2010 08:49:00 | Computer Name = ***-PC | Source = Google Update | ID = 1
Description = 
 
[ System Events ]
Error - 07.06.2010 12:42:37 | Computer Name = ***-PC | Source = Service Control Manager | ID = 7000
Description = Der Dienst "Lavalys EVEREST Kernel Driver" wurde aufgrund folgenden
 Fehlers nicht gestartet:   %%577
 
Error - 07.06.2010 12:42:37 | Computer Name = ***-PC | Source = Service Control Manager | ID = 7000
Description = Der Dienst "Lavalys EVEREST Kernel Driver" wurde aufgrund folgenden
 Fehlers nicht gestartet:   %%577
 
Error - 07.06.2010 13:23:03 | Computer Name = ***-PC | Source = Service Control Manager | ID = 7016
Description = Der Dienst "NVIDIA Stereoscopic 3D Driver Service" hat einen ungültigen
 aktuellen Status gemeldet: 0
 
Error - 08.06.2010 10:41:16 | Computer Name = ***-PC | Source = Application Popup | ID = 1060
Description = Aufgrund der Inkompatibilität mit diesem System wurde \SystemRoot\SysWow64\Drivers\TVicPort.SYS
 nicht geladen. Wenden Sie sich an den Softwarehersteller, um eine kompatible Version
 des Treibers zu erhalten.
 
Error - 08.06.2010 10:41:16 | Computer Name = ***-PC | Source = Service Control Manager | ID = 7000
Description = Der Dienst "TVicPort" wurde aufgrund folgenden Fehlers nicht gestartet:
   %%1275
 
Error - 08.06.2010 12:59:02 | Computer Name = ***-PC | Source = Service Control Manager | ID = 7016
Description = Der Dienst "NVIDIA Stereoscopic 3D Driver Service" hat einen ungültigen
 aktuellen Status gemeldet: 0
 
Error - 08.06.2010 14:17:55 | Computer Name = ***-PC | Source = Application Popup | ID = 1060
Description = Aufgrund der Inkompatibilität mit diesem System wurde \SystemRoot\SysWow64\Drivers\TVicPort.SYS
 nicht geladen. Wenden Sie sich an den Softwarehersteller, um eine kompatible Version
 des Treibers zu erhalten.
 
Error - 08.06.2010 14:17:55 | Computer Name = ***-PC | Source = Service Control Manager | ID = 7000
Description = Der Dienst "TVicPort" wurde aufgrund folgenden Fehlers nicht gestartet:
   %%1275
 
Error - 08.06.2010 17:19:30 | Computer Name = ***-PC | Source = Service Control Manager | ID = 7031
Description = Der Dienst "Apple Mobile Device" wurde unerwartet beendet. Dies ist
 bereits 1 Mal vorgekommen. Folgende Korrekturmaßnahmen werden in 60000 Millisekunden
 durchgeführt: Neustart des Diensts.
 
Error - 08.06.2010 17:20:07 | Computer Name = ***-PC | Source = Service Control Manager | ID = 7016
Description = Der Dienst "NVIDIA Stereoscopic 3D Driver Service" hat einen ungültigen
 aktuellen Status gemeldet: 0
 
 
< End of report >

--- --- ---

Hoffe das bringt dich weiter mir zu helfen!

Larusso · 29.06.2010, 20:44

Welche Datei hast du gelöscht ?
Diese
[2010.06.28 21:52:07 | 000,169,984 | ---- | M] () -- C:\Windows\Mnabea.exe

Nur weil die Symptome weg sind, bedeutet das noch lange nicht das der PC auch clean ist.

Schritt 1

Bitte Uploade folgende Datei.
C:\Windows\Mnabea.exe

Schritt 2

Starte bitte die OTL.exe.
Vista und Win7 User mit Rechtsklick "als Administrator starten"
Kopiere nun den Inhalt in die Textbox.

Code:

ATTFilter

:OTL
:services
:files
C:\Windows\Mnabea.exe
:reg
:Commands
[purity]
[emptytemp]
[reboot]

Schliesse bitte nun alle Programme.
Klicke nun bitte auf den Fix Button.
Klick auf .
OTL kann gegebenfalls einen Neustart verlangen. Bitte dies zulassen.
Nach dem Neustart findest Du ein Textdokument auf deinem Desktop.
( Auch zu finden unter C:\_OTL\MovedFiles\<time_date>.txt)
Kopiere nun den Inhalt hier in Deinen Thread

Schritt 3

Grundreinigung mit SUPERAntiSpyware

Bitte lade Dir SUPERAntiSpyware FREE Edition herunter.
Das Programm ist geeignet für: Windows 98, 98SE, ME, 2000, 2003, XP und Vista.
Installiere das Programm und lasse das Programm die neuesten Definition und Updates laden.
Eine bebilderte Anleitung findest Du hier.
Schließe alle Anwendungen inkl. Browser.
Öffne SUPERAntiSpyware und klicke auf Ihren Computer durchsuchen.
Setze ein Häkchen bei Kompletter Scan und klicke auf Weiter.
Wenn der Suchlauf beendet ist, wird Dir eine Übersicht mit den Funden angezeigt, die Du mit OK zur Kenntnis nimmst.
Achte darauf, dass bei allen Funden ein Häkchen steht, klicke dann auf Weiter und OK.
Klicke auf Fertig stellen, was Dich ins Hauptfenster bringt.
Es kann sein, dass Dein Rechner neu gestartet werden muss, um Malware mit dem Neustart vom System zu entfernen.
Um das Logfile zu erhalten, musst du erst auf Präferenzen und dann auf den Statistiken und Protokolle klicken.
Klicke auf das datierte Logfile, drücke auf Protokoll anzeigen. Nun erscheint ein Textfenster.
Bitte kopiere diesen Bericht hier in den Thread.

Schritt 4

ESET Online Scanner

Bitte während der Online-Scans evtl. vorhandene externe Festplatten einschalten! Bitte während der Scans alle Hintergrundwächter (Anti-Virus-Programm, Firewall, Skriptblocking und ähnliches) abstellen und nicht vergessen, alles hinterher wieder einzuschalten.

Unterstützte Betriebssysteme: Microsoft Windows 98/ME/NT 4.0/2000/XP und Windows Vista
Anmerkung für Vista-User: Bitte den Browser unbedingt als Administrator starten.
Dein Anti-Virus-Programm während des Scans deaktivieren.
Button "ESET Online Scanner" drücken.
Firefox-User müssen ein zusätzliches Addon (esetsmartinstaller_enu.exe) installieren.
Das Firefox-Addon auf dem Desktop speichern und dann installieren.
IE-User müssen das Installieren eines ActiveX Elements erlauben.
Einen Haken bei "Remove found threads" und "Scan archives" machen.
Start drücken.
Signaturen werden heruntergeladen.
Der Scan beginnt automatisch.
Finish drücken.
Browser schließen.
Explorer öffnen.
C:\Programme\Eset\EsetOnlineScanner\log.txt suchen und mit Deinem Editor öffnen.
Logfile hier posten.
Deinstallation: Systemsteuerung => Software => Eset Online Scanner V3 entfernen.
Manuell folgenden Ordner löschen und Papierkorb leeren => C:\Programme\Eset
IE-User zusätzlich: mit HJT folgenden Eintrag fixen:
O16 - DPF: {7530BFB8-7293-4D34-9923-61A11451AFC5} (OnlineScanner Control)

Schritt 5

Starte bitte OTL.exe und klicke auf den Quick Scan Button.

Bitte poste in Deiner nächsten Antwort
OTLFix Log
SASW Log
ESET Log
OTL.txt

29.06.2010, 21:31

Ich habe die datei mnabeb.exe gelöscht.

Mein problem ist das ich sie nicht mehr habe!
Habe unachtsam den papierkorb geleert, und über file recovery bekomme ich sie auch nicht zurück.

Larusso · 29.06.2010, 21:34

Ich versteh aber nicht warum diese dann noch in der Logfile aufscheint

Mach mal mit schritt 2 weiter

29.06.2010, 21:36

Ich habe die mnabeb.exe gelöscht!

und nicht die mnabea.exe

Edit:

Habs gerade bei virustotal hochgeladen , und der sagt er hätte sie schonmal überprüft, und leitet mich auf meine letzte suche weiter, also scheit es kein unterschied zu sein.

30.06.2010, 15:03

Ok hier die geforderten logs:

OTl-fix-log:

Code:

ATTFilter

All processes killed
========== OTL ==========
========== SERVICES/DRIVERS ==========
========== FILES ==========
C:\Windows\Mnabea.exe moved successfully.
========== REGISTRY ==========
========== COMMANDS ==========
 
[EMPTYTEMP]
 
User: All Users
 
User: Default
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 33170 bytes
 
User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
 
User: Public
 
User: ***
->Temp folder emptied: 301993041 bytes
->Temporary Internet Files folder emptied: 59692714 bytes
->Java cache emptied: 8092426 bytes
->FireFox cache emptied: 68442907 bytes
->Google Chrome cache emptied: 32564366 bytes
->Flash cache emptied: 116808 bytes
 
%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 311296 bytes
%systemroot%\System32 .tmp files removed: 3175472 bytes
%systemroot%\System32 (64bit) .tmp files removed: 508928 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 66016 bytes
%systemroot%\sysnative\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files folder emptied: 50434 bytes
RecycleBin emptied: 2097 bytes
 
Total Files Cleaned = 453,00 mb
 
 
OTL by OldTimer - Version 3.2.7.0 log created on 06292010_224303

Files\Folders moved on Reboot...
C:\Users\***\AppData\Local\Temp\FXSAPIDebugLogFile.txt moved successfully.

Registry entries deleted on Reboot...

Hier der Super anti spyware log:

Code:

ATTFilter

SUPERAntiSpyware Scan Log
hxxp://www.superantispyware.com

Generated 06/29/2010 at 11:28 PM

Application Version : 4.39.1002

Core Rules Database Version : 5134
Trace Rules Database Version: 2946

Scan type       : Complete Scan
Total Scan Time : 00:36:04

Memory items scanned      : 550
Memory threats detected   : 0
Registry items scanned    : 14970
Registry threats detected : 2
File items scanned        : 38876
File threats detected     : 175

Trojan.Agent/Gen-FraudLoad
	C:\SPIELE\WORMS WORLD PARTY\WWP.EXE
	(x86) HKLM\Software\Microsoft\Windows\CurrentVersion\App Paths\wwp.exe
	(x86) HKLM\Software\Microsoft\Windows\CurrentVersion\App Paths\wwp.exe#Path
	C:\PROGRAMDATA\MICROSOFT\WINDOWS\START MENU\PROGRAMS\TEAM17\WORMS WORLD PARTY\WORMS WORLD PARTY.LNK
	C:\USERS\***\APPDATA\LOCAL\MICROSOFT\WINDOWS\GAMEEXPLORER\{FB1C1E48-806A-41BA-81F4-60603EFFFC39}\PLAYTASKS\0\SPIELEN.LNK

Adware.Tracking Cookie
	C:\Users\***\AppData\Roaming\Microsoft\Windows\Cookies\***@collective-media[1].txt
	C:\Users\***\AppData\Roaming\Microsoft\Windows\Cookies\***@webmasterplan[2].txt
	C:\Users\***\AppData\Roaming\Microsoft\Windows\Cookies\***@shop.zanox[2].txt
	C:\Users\***\AppData\Roaming\Microsoft\Windows\Cookies\***@fastclick[1].txt
	C:\Users\***\AppData\Roaming\Microsoft\Windows\Cookies\***@myroitracking[1].txt
	C:\Users\***\AppData\Roaming\Microsoft\Windows\Cookies\***@revenue[2].txt
	C:\Users\***\AppData\Roaming\Microsoft\Windows\Cookies\***@trafficare[1].txt
	C:\Users\***\AppData\Roaming\Microsoft\Windows\Cookies\***@zbox.zanox[2].txt
	C:\Users\***\AppData\Roaming\Microsoft\Windows\Cookies\***@ad.adition[2].txt
	C:\Users\***\AppData\Roaming\Microsoft\Windows\Cookies\***@tracking.mindshare[1].txt
	C:\Users\***\AppData\Roaming\Microsoft\Windows\Cookies\***@casalemedia[2].txt
	C:\Users\***\AppData\Roaming\Microsoft\Windows\Cookies\***@revsci[1].txt
	C:\Users\***\AppData\Roaming\Microsoft\Windows\Cookies\***@mtvn.112.2o7[1].txt
	C:\Users\***\AppData\Roaming\Microsoft\Windows\Cookies\***@www.mktrack[2].txt
	C:\Users\***\AppData\Roaming\Microsoft\Windows\Cookies\***@www.zanox-affiliate[2].txt
	C:\Users\***\AppData\Roaming\Microsoft\Windows\Cookies\***@unitymedia[2].txt
	C:\Users\***\AppData\Roaming\Microsoft\Windows\Cookies\***@server.cpmstar[2].txt
	C:\Users\***\AppData\Roaming\Microsoft\Windows\Cookies\***@ar.atwola[2].txt
	C:\Users\***\AppData\Roaming\Microsoft\Windows\Cookies\***@adviva[1].txt
	C:\Users\***\AppData\Roaming\Microsoft\Windows\Cookies\***@adserver.adtechus[1].txt
	C:\Users\***\AppData\Roaming\Microsoft\Windows\Cookies\***@smartadserver[2].txt
	C:\Users\***\AppData\Roaming\Microsoft\Windows\Cookies\***@tracking.mlsat02[1].txt
	C:\Users\***\AppData\Roaming\Microsoft\Windows\Cookies\***@yieldmanager[1].txt
	C:\Users\***\AppData\Roaming\Microsoft\Windows\Cookies\***@adbrite[2].txt
	C:\Users\***\AppData\Roaming\Microsoft\Windows\Cookies\***@ads.myadplatform[2].txt
	C:\Users\***\AppData\Roaming\Microsoft\Windows\Cookies\***@ad.adnet[2].txt
	C:\Users\***\AppData\Roaming\Microsoft\Windows\Cookies\***@ads.pointroll[1].txt
	C:\Users\***\AppData\Roaming\Microsoft\Windows\Cookies\***@doubleclick[1].txt
	C:\Users\***\AppData\Roaming\Microsoft\Windows\Cookies\***@content.yieldmanager[2].txt
	C:\Users\***\AppData\Roaming\Microsoft\Windows\Cookies\***@tradedoubler[2].txt
	C:\Users\***\AppData\Roaming\Microsoft\Windows\Cookies\***@www.windowsmedia[2].txt
	C:\Users\***\AppData\Roaming\Microsoft\Windows\Cookies\***@ad.trigami[2].txt
	C:\Users\***\AppData\Roaming\Microsoft\Windows\Cookies\***@ads.smartadx[2].txt
	C:\Users\***\AppData\Roaming\Microsoft\Windows\Cookies\***@cdn5.specificclick[1].txt
	C:\Users\***\AppData\Roaming\Microsoft\Windows\Cookies\***@247realmedia[1].txt
	C:\Users\***\AppData\Roaming\Microsoft\Windows\Cookies\***@adtech[1].txt
	C:\Users\***\AppData\Roaming\Microsoft\Windows\Cookies\***@apmebf[2].txt
	C:\Users\***\AppData\Roaming\Microsoft\Windows\Cookies\***@smartadx[1].txt
	C:\Users\***\AppData\Roaming\Microsoft\Windows\Cookies\***@2o7[2].txt
	C:\Users\***\AppData\Roaming\Microsoft\Windows\Cookies\***@media6degrees[2].txt
	C:\Users\***\AppData\Roaming\Microsoft\Windows\Cookies\***@eas.apm.emediate[2].txt
	C:\Users\***\AppData\Roaming\Microsoft\Windows\Cookies\***@yadro[1].txt
	C:\Users\***\AppData\Roaming\Microsoft\Windows\Cookies\***@msnportal.112.2o7[1].txt
	C:\Users\***\AppData\Roaming\Microsoft\Windows\Cookies\***@specificclick[1].txt
	C:\Users\***\AppData\Roaming\Microsoft\Windows\Cookies\***@guj.122.2o7[1].txt
	C:\Users\***\AppData\Roaming\Microsoft\Windows\Cookies\***@kontera[2].txt
	C:\Users\***\AppData\Roaming\Microsoft\Windows\Cookies\***@ad.yieldmanager[1].txt
	C:\Users\***\AppData\Roaming\Microsoft\Windows\Cookies\***@im.banner.t-online[1].txt
	C:\Users\***\AppData\Roaming\Microsoft\Windows\Cookies\***@clicksor[1].txt
	C:\Users\***\AppData\Roaming\Microsoft\Windows\Cookies\***@questionmarket[2].txt
	C:\Users\***\AppData\Roaming\Microsoft\Windows\Cookies\***@zanox[1].txt
	C:\Users\***\AppData\Roaming\Microsoft\Windows\Cookies\***@eaeacom.112.2o7[1].txt
	C:\Users\***\AppData\Roaming\Microsoft\Windows\Cookies\***@tribalfusion[1].txt
	C:\Users\***\AppData\Roaming\Microsoft\Windows\Cookies\***@www.etracker[1].txt
	C:\Users\***\AppData\Roaming\Microsoft\Windows\Cookies\***@ads.creative-serving[2].txt
	C:\Users\***\AppData\Roaming\Microsoft\Windows\Cookies\***@atdmt[2].txt
	C:\Users\***\AppData\Roaming\Microsoft\Windows\Cookies\***@mediaplex[2].txt
	C:\Users\***\AppData\Roaming\Microsoft\Windows\Cookies\***@serving-sys[2].txt
	C:\Users\***\AppData\Roaming\Microsoft\Windows\Cookies\***@viacom.adbureau[1].txt
	C:\Users\***\AppData\Roaming\Microsoft\Windows\Cookies\***@bs.serving-sys[1].txt
	C:\Users\***\AppData\Roaming\Microsoft\Windows\Cookies\***@pro-market[2].txt
	C:\Users\***\AppData\Roaming\Microsoft\Windows\Cookies\***@adfarm1.adition[1].txt
	C:\Users\***\AppData\Roaming\Microsoft\Windows\Cookies\***@indiads[1].txt
	C:\Users\***\AppData\Roaming\Microsoft\Windows\Cookies\***@dmtracker[1].txt
	C:\Users\***\AppData\Roaming\Microsoft\Windows\Cookies\***@tracking.quisma[1].txt
	C:\Users\***\AppData\Roaming\Microsoft\Windows\Cookies\***@ad.zanox[1].txt
	C:\Users\***\AppData\Roaming\Microsoft\Windows\Cookies\***@tracking.hannoversche[2].txt
	C:\Users\***\AppData\Roaming\Microsoft\Windows\Cookies\***@ads.ad4game[2].txt
	C:\Users\***\AppData\Roaming\Microsoft\Windows\Cookies\***@ad.adc-serv[1].txt
	C:\Users\***\AppData\Roaming\Microsoft\Windows\Cookies\***@zedo[2].txt
	C:\Users\***\AppData\Roaming\Microsoft\Windows\Cookies\***@atwola[2].txt
	C:\Users\***\AppData\Roaming\Microsoft\Windows\Cookies\***@content.yieldmanager[3].txt
	C:\Users\***\AppData\Roaming\Microsoft\Windows\Cookies\***@overture[2].txt
	C:\Users\***\AppData\Roaming\Microsoft\Windows\Cookies\***@pointroll[2].txt
	C:\Users\***\AppData\Roaming\Microsoft\Windows\Cookies\***@trackinggroup[2].txt
	ad.yieldmanager.com [ C:\Users\***\AppData\Local\Google\Chrome\User Data\Default\Cookies ]
	.adfarm1.adition.com [ C:\Users\***\AppData\Local\Google\Chrome\User Data\Default\Cookies ]
	.doubleclick.net [ C:\Users\***\AppData\Local\Google\Chrome\User Data\Default\Cookies ]
	.richmedia.yahoo.com [ C:\Users\***\AppData\Local\Google\Chrome\User Data\Default\Cookies ]
	ad.yieldmanager.com [ C:\Users\***\AppData\Local\Google\Chrome\User Data\Default\Cookies ]
	.content.yieldmanager.com [ C:\Users\***\AppData\Local\Google\Chrome\User Data\Default\Cookies ]
	.atdmt.com [ C:\Users\***\AppData\Local\Google\Chrome\User Data\Default\Cookies ]
	.atdmt.com [ C:\Users\***\AppData\Local\Google\Chrome\User Data\Default\Cookies ]
	questions.netq.ch [ C:\Users\***\AppData\Local\Google\Chrome\User Data\Default\Cookies ]
	ad.yieldmanager.com [ C:\Users\***\AppData\Local\Google\Chrome\User Data\Default\Cookies ]
	.adfarm1.adition.com [ C:\Users\***\AppData\Local\Google\Chrome\User Data\Default\Cookies ]
	ad.yieldmanager.com [ C:\Users\***\AppData\Local\Google\Chrome\User Data\Default\Cookies ]
	.content.yieldmanager.com [ C:\Users\***\AppData\Local\Google\Chrome\User Data\Default\Cookies ]
	ad.yieldmanager.com [ C:\Users\***\AppData\Local\Google\Chrome\User Data\Default\Cookies ]
	ad.yieldmanager.com [ C:\Users\***\AppData\Local\Google\Chrome\User Data\Default\Cookies ]
	ad.yieldmanager.com [ C:\Users\***\AppData\Local\Google\Chrome\User Data\Default\Cookies ]
	ad.yieldmanager.com [ C:\Users\***\AppData\Local\Google\Chrome\User Data\Default\Cookies ]
	.bs.serving-sys.com [ C:\Users\***\AppData\Local\Google\Chrome\User Data\Default\Cookies ]
	.serving-sys.com [ C:\Users\***\AppData\Local\Google\Chrome\User Data\Default\Cookies ]
	.serving-sys.com [ C:\Users\***\AppData\Local\Google\Chrome\User Data\Default\Cookies ]
	.serving-sys.com [ C:\Users\***\AppData\Local\Google\Chrome\User Data\Default\Cookies ]
	.serving-sys.com [ C:\Users\***\AppData\Local\Google\Chrome\User Data\Default\Cookies ]
	.serving-sys.com [ C:\Users\***\AppData\Local\Google\Chrome\User Data\Default\Cookies ]
	.serving-sys.com [ C:\Users\***\AppData\Local\Google\Chrome\User Data\Default\Cookies ]
	.serving-sys.com [ C:\Users\***\AppData\Local\Google\Chrome\User Data\Default\Cookies ]
	.vip.clickzs.com [ C:\Users\***\AppData\Roaming\Mozilla\Firefox\Profiles\djznzq1w.default\cookies.sqlite ]
	.sextapesonly.com [ C:\Users\***\AppData\Roaming\Mozilla\Firefox\Profiles\djznzq1w.default\cookies.sqlite ]
	.yadro.ru [ C:\Users\***\AppData\Roaming\Mozilla\Firefox\Profiles\djznzq1w.default\cookies.sqlite ]
	www.usenext.de [ C:\Users\***\AppData\Roaming\Mozilla\Firefox\Profiles\djznzq1w.default\cookies.sqlite ]
	www.usenext.de [ C:\Users\***\AppData\Roaming\Mozilla\Firefox\Profiles\djznzq1w.default\cookies.sqlite ]
	statse.webtrendslive.com [ C:\Users\***\AppData\Roaming\Mozilla\Firefox\Profiles\djznzq1w.default\cookies.sqlite ]
	server.lon.liveperson.net [ C:\Users\***\AppData\Roaming\Mozilla\Firefox\Profiles\djznzq1w.default\cookies.sqlite ]
	server.lon.liveperson.net [ C:\Users\***\AppData\Roaming\Mozilla\Firefox\Profiles\djznzq1w.default\cookies.sqlite ]
	.revsci.net [ C:\Users\***\AppData\Roaming\Mozilla\Firefox\Profiles\djznzq1w.default\cookies.sqlite ]
	uk.sitestat.com [ C:\Users\***\AppData\Roaming\Mozilla\Firefox\Profiles\djznzq1w.default\cookies.sqlite ]
	uk.sitestat.com [ C:\Users\***\AppData\Roaming\Mozilla\Firefox\Profiles\djznzq1w.default\cookies.sqlite ]
	.imrworldwide.com [ C:\Users\***\AppData\Roaming\Mozilla\Firefox\Profiles\djznzq1w.default\cookies.sqlite ]
	.imrworldwide.com [ C:\Users\***\AppData\Roaming\Mozilla\Firefox\Profiles\djznzq1w.default\cookies.sqlite ]
	.deutschepostag.112.2o7.net [ C:\Users\***\AppData\Roaming\Mozilla\Firefox\Profiles\djznzq1w.default\cookies.sqlite ]
	www.etracker.de [ C:\Users\***\AppData\Roaming\Mozilla\Firefox\Profiles\djznzq1w.default\cookies.sqlite ]
	.4stats.de [ C:\Users\***\AppData\Roaming\Mozilla\Firefox\Profiles\djznzq1w.default\cookies.sqlite ]
	.webstats4u.com [ C:\Users\***\AppData\Roaming\Mozilla\Firefox\Profiles\djznzq1w.default\cookies.sqlite ]
	.rambler.ru [ C:\Users\***\AppData\Roaming\Mozilla\Firefox\Profiles\djznzq1w.default\cookies.sqlite ]
	.xiti.com [ C:\Users\***\AppData\Roaming\Mozilla\Firefox\Profiles\djznzq1w.default\cookies.sqlite ]
	www.co2stats.com [ C:\Users\***\AppData\Roaming\Mozilla\Firefox\Profiles\djznzq1w.default\cookies.sqlite ]
	www.co2stats.com [ C:\Users\***\AppData\Roaming\Mozilla\Firefox\Profiles\djznzq1w.default\cookies.sqlite ]
	.xxx-spoof.com [ C:\Users\***\AppData\Roaming\Mozilla\Firefox\Profiles\djznzq1w.default\cookies.sqlite ]
	.xxx-spoof.com [ C:\Users\***\AppData\Roaming\Mozilla\Firefox\Profiles\djznzq1w.default\cookies.sqlite ]
	.mediafire.com [ C:\Users\***\AppData\Roaming\Mozilla\Firefox\Profiles\djznzq1w.default\cookies.sqlite ]
	.mediafire.com [ C:\Users\***\AppData\Roaming\Mozilla\Firefox\Profiles\djznzq1w.default\cookies.sqlite ]
	.mediafire.com [ C:\Users\***\AppData\Roaming\Mozilla\Firefox\Profiles\djznzq1w.default\cookies.sqlite ]
	de.sitestat.com [ C:\Users\***\AppData\Roaming\Mozilla\Firefox\Profiles\djznzq1w.default\cookies.sqlite ]
	www.etracker.de [ C:\Users\***\AppData\Roaming\Mozilla\Firefox\Profiles\djznzq1w.default\cookies.sqlite ]
	www.etracker.de [ C:\Users\***\AppData\Roaming\Mozilla\Firefox\Profiles\djznzq1w.default\cookies.sqlite ]
	questions.netq.ch [ C:\Users\***\AppData\Roaming\Mozilla\Firefox\Profiles\djznzq1w.default\cookies.sqlite ]
	.youporn.com [ C:\Users\***\AppData\Roaming\Mozilla\Firefox\Profiles\djznzq1w.default\cookies.sqlite ]
	.youporn.com [ C:\Users\***\AppData\Roaming\Mozilla\Firefox\Profiles\djznzq1w.default\cookies.sqlite ]
	.youporn.com [ C:\Users\***\AppData\Roaming\Mozilla\Firefox\Profiles\djznzq1w.default\cookies.sqlite ]
	.youporn.com [ C:\Users\***\AppData\Roaming\Mozilla\Firefox\Profiles\djznzq1w.default\cookies.sqlite ]
	www7.addfreestats.com [ C:\Users\***\AppData\Roaming\Mozilla\Firefox\Profiles\djznzq1w.default\cookies.sqlite ]
	.statcounter.com [ C:\Users\***\AppData\Roaming\Mozilla\Firefox\Profiles\djznzq1w.default\cookies.sqlite ]
	.adscendmedia.com [ C:\Users\***\AppData\Roaming\Mozilla\Firefox\Profiles\djznzq1w.default\cookies.sqlite ]
	da-tracking.com [ C:\Users\***\AppData\Roaming\Mozilla\Firefox\Profiles\djznzq1w.default\cookies.sqlite ]
	www.histats.com [ C:\Users\***\AppData\Roaming\Mozilla\Firefox\Profiles\djznzq1w.default\cookies.sqlite ]
	www.histats.com [ C:\Users\***\AppData\Roaming\Mozilla\Firefox\Profiles\djznzq1w.default\cookies.sqlite ]
	www.histats.com [ C:\Users\***\AppData\Roaming\Mozilla\Firefox\Profiles\djznzq1w.default\cookies.sqlite ]
	www.histats.com [ C:\Users\***\AppData\Roaming\Mozilla\Firefox\Profiles\djznzq1w.default\cookies.sqlite ]
	www.histats.com [ C:\Users\***\AppData\Roaming\Mozilla\Firefox\Profiles\djznzq1w.default\cookies.sqlite ]
	www.histats.com [ C:\Users\***\AppData\Roaming\Mozilla\Firefox\Profiles\djznzq1w.default\cookies.sqlite ]
	.histats.com [ C:\Users\***\AppData\Roaming\Mozilla\Firefox\Profiles\djznzq1w.default\cookies.sqlite ]
	.histats.com [ C:\Users\***\AppData\Roaming\Mozilla\Firefox\Profiles\djznzq1w.default\cookies.sqlite ]
	de.sitestat.com [ C:\Users\***\AppData\Roaming\Mozilla\Firefox\Profiles\djznzq1w.default\cookies.sqlite ]
	.revsci.net [ C:\Users\***\AppData\Roaming\Mozilla\Firefox\Profiles\djznzq1w.default\cookies.sqlite ]
	.revsci.net [ C:\Users\***\AppData\Roaming\Mozilla\Firefox\Profiles\djznzq1w.default\cookies.sqlite ]
	.revsci.net [ C:\Users\***\AppData\Roaming\Mozilla\Firefox\Profiles\djznzq1w.default\cookies.sqlite ]
	.revsci.net [ C:\Users\***\AppData\Roaming\Mozilla\Firefox\Profiles\djznzq1w.default\cookies.sqlite ]
	s03.flagcounter.com [ C:\Users\***\AppData\Roaming\Mozilla\Firefox\Profiles\djznzq1w.default\cookies.sqlite ]
	click.mediadome.ru [ C:\Users\***\AppData\Roaming\Mozilla\Firefox\Profiles\djznzq1w.default\cookies.sqlite ]
	.adfarm1.adition.com [ C:\Users\***\AppData\Roaming\Mozilla\Firefox\Profiles\djznzq1w.default\cookies.sqlite ]
	.adfarm1.adition.com [ C:\Users\***\AppData\Roaming\Mozilla\Firefox\Profiles\djznzq1w.default\cookies.sqlite ]
	.overture.com [ C:\Users\***\AppData\Roaming\Mozilla\Firefox\Profiles\djznzq1w.default\cookies.sqlite ]
	.overture.com [ C:\Users\***\AppData\Roaming\Mozilla\Firefox\Profiles\djznzq1w.default\cookies.sqlite ]
	www.multimediaxis.de [ C:\Users\***\AppData\Roaming\Mozilla\Firefox\Profiles\djznzq1w.default\cookies.sqlite ]
	www.multimediaxis.de [ C:\Users\***\AppData\Roaming\Mozilla\Firefox\Profiles\djznzq1w.default\cookies.sqlite ]
	tracking.gameforge.de [ C:\Users\***\AppData\Roaming\Mozilla\Firefox\Profiles\djznzq1w.default\cookies.sqlite ]
	.adlegend.com [ C:\Users\***\AppData\Roaming\Mozilla\Firefox\Profiles\djznzq1w.default\cookies.sqlite ]
	.doubleclick.net [ C:\Users\***\AppData\Roaming\Mozilla\Firefox\Profiles\djznzq1w.default\cookies.sqlite ]
	www.etracker.de [ C:\Users\***\AppData\Roaming\Mozilla\Firefox\Profiles\djznzq1w.default\cookies.sqlite ]
	de.sitestat.com [ C:\Users\***\AppData\Roaming\Mozilla\Firefox\Profiles\djznzq1w.default\cookies.sqlite ]
	.vodafonegroup.122.2o7.net [ C:\Users\***\AppData\Roaming\Mozilla\Firefox\Profiles\djznzq1w.default\cookies.sqlite ]
	.statcounter.com [ C:\Users\***\AppData\Roaming\Mozilla\Firefox\Profiles\djznzq1w.default\cookies.sqlite ]
	.clickaider.com [ C:\Users\***\AppData\Roaming\Mozilla\Firefox\Profiles\djznzq1w.default\cookies.sqlite ]

Trojan.Agent/Gen-CDesc[Gen]
	C:\_OTL\MOVEDFILES\06292010_224303\C_WINDOWS\MNABEA.EXE

Hier der Estlog:

Code:

ATTFilter

ESETSmartInstaller@High as downloader log:
all ok
# version=7
# OnlineScannerApp.exe=1.0.0.1
# OnlineScanner.ocx=1.0.0.6211
# api_version=3.0.2
# EOSSerial=1787c3ab60f93f48ac34b36213c54b58
# end=finished
# remove_checked=true
# archives_checked=true
# unwanted_checked=true
# unsafe_checked=false
# antistealth_checked=true
# utc_time=2010-06-30 01:44:01
# local_time=2010-06-30 03:44:01 (+0100, Mitteleuropäische Sommerzeit)
# country="Germany"
# lang=1033
# osver=6.1.7600 NT 
# compatibility_mode=512 16777215 100 0 0 0 0 0
# compatibility_mode=1797 16775141 100 94 523284 20241154 73207 0
# compatibility_mode=5893 16776573 100 94 161155 29529740 0 0
# compatibility_mode=7937 16777213 100 100 1612919 13456595 0 0
# compatibility_mode=8192 67108863 100 0 113 113 0 0
# scanned=260005
# found=3
# cleaned=3
# scan_time=5551
C:\Users\***\Desktop\Downloads\WWP_Colour_Fix_for_Vista_v1.1.zip	probably a variant of Win32/Agent trojan (deleted - quarantined)	00000000000000000000000000000000	C
C:\Users\***\Downloads\Garmin Unlock Generator v.1.5 FINAL.rar	a variant of Win32/Adware.Virtumonde.NDI application (deleted - quarantined)	00000000000000000000000000000000	C
C:\Users\***\Downloads\Nero.9.MULTiLANGUAGE.DVD-RESTORE\nero9.iso	Win32/Toolbar.AskSBar application (deleted - quarantined)	00000000000000000000000000000000	C

Hier der Otl-log:

Code:

ATTFilter

OTL logfile created on: 30.06.2010 15:58:35 - Run 2
OTL by OldTimer - Version 3.2.7.0     Folder = C:\Users\Sebi\Desktop\Downloads
64bit- Ultimate Edition  (Version = 6.1.7600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.7600.16385)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
 
4,00 Gb Total Physical Memory | 3,00 Gb Available Physical Memory | 65,00% Memory free
8,00 Gb Paging File | 7,00 Gb Available in Paging File | 82,00% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 465,66 Gb Total Space | 180,76 Gb Free Space | 38,82% Space Free | Partition Type: NTFS
D: Drive not present or media not loaded
E: Drive not present or media not loaded
F: Drive not present or media not loaded
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded
 
Computer Name: SEBI-PC
Current User Name: Sebi
Logged in as Administrator.
 
Current Boot Mode: Normal
Scan Mode: Current user
Include 64bit Scans
Company Name Whitelist: On
Skip Microsoft Files: On
File Age = 90 Days
Output = Minimal
Quick Scan
 
========== Processes (SafeList) ==========
 
PRC - C:\Users\Sebi\Desktop\Downloads\OTL.exe (OldTimer Tools)
PRC - C:\Program Files (x86)\Mozilla Firefox\firefox.exe (Mozilla Corporation)
PRC - C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe (Avira GmbH)
PRC - C:\Program Files (x86)\Spyware Terminator\sp_rsser.exe (Crawler.com)
PRC - C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe (NVIDIA Corporation)
PRC - C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe (Avira GmbH)
PRC - C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe (Avira GmbH)
PRC - c:\Program Files (x86)\Microsoft SQL Server\MSSQL10.SQLEXPRESS\MSSQL\Binn\sqlservr.exe (Microsoft Corporation)
PRC - C:\Program Files (x86)\Gigabyte\EasySaver\ESSVR.EXE ()
PRC - C:\Program Files (x86)\Launchy\Launchy.exe ()
 
 
========== Modules (SafeList) ==========
 
MOD - C:\Users\Sebi\Desktop\Downloads\OTL.exe (OldTimer Tools)
MOD - C:\Windows\SysWOW64\msscript.ocx (Microsoft Corporation)
MOD - C:\Windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7600.16385_none_421189da2b7fabfc\comctl32.dll (Microsoft Corporation)
 
 
========== Win32 Services (SafeList) ==========
 
SRV:64bit: - (!SASCORE) -- C:\Program Files\SUPERAntiSpyware\SASCORE64.EXE (SUPERAntiSpyware.com)
SRV:64bit: - (UmRdpService) -- C:\Windows\SysNative\umrdp.dll (Microsoft Corporation)
SRV:64bit: - (PeerDistSvc) -- C:\Windows\SysNative\PeerDistSvc.dll (Microsoft Corporation)
SRV:64bit: - (CscService) -- C:\Windows\SysNative\cscsvc.dll (Microsoft Corporation)
SRV:64bit: - (AppMgmt) -- C:\Windows\SysNative\appmgmts.dll (Microsoft Corporation)
SRV:64bit: - (msvsmon90) -- C:\Program Files\Microsoft Visual Studio 9.0\Common7\IDE\Remote Debugger\x64\msvsmon.exe (Microsoft Corporation)
SRV - (Akamai) -- c:\program files (x86)\common files\akamai\rswin_3725.dll ()
SRV - (AntiVirService) -- C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe (Avira GmbH)
SRV - (sp_rssrv) -- C:\Program Files (x86)\Spyware Terminator\sp_rsser.exe (Crawler.com)
SRV - (Stereo Service) -- C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe (NVIDIA Corporation)
SRV - (Hamachi2Svc) -- C:\Program Files (x86)\LogMeIn Hamachi\hamachi-2.exe (LogMeIn Inc.)
SRV - (TeamViewer5) -- C:\Program Files (x86)\TeamViewer\Version5\TeamViewer_Service.exe (TeamViewer GmbH)
SRV - (AntiVirSchedulerService) -- C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe (Avira GmbH)
SRV - (npggsvc) -- C:\Windows\SysWow64\GameMon.des (INCA Internet Co., Ltd.)
SRV - (VSS) -- C:\Windows\Vss [2009.07.14 05:20:14 | 000,000,000 | ---D | M]
SRV - (MSDTC) -- C:\Windows\SysWOW64\Msdtc [2009.07.14 05:20:14 | 000,000,000 | ---D | M]
SRV - (vds) -- C:\Windows\SysWOW64\wbem\vds.mof ()
SRV - (MSSQL$SQLEXPRESS) SQL Server (SQLEXPRESS) -- c:\Program Files (x86)\Microsoft SQL Server\MSSQL10.SQLEXPRESS\MSSQL\Binn\sqlservr.exe (Microsoft Corporation)
SRV - (SQLAgent$SQLEXPRESS) SQL Server-Agent (SQLEXPRESS) -- c:\Program Files (x86)\Microsoft SQL Server\MSSQL10.SQLEXPRESS\MSSQL\Binn\SQLAGENT.EXE (Microsoft Corporation)
SRV - (ES lite Service) -- C:\Program Files (x86)\Gigabyte\EasySaver\ESSVR.EXE ()
SRV - (Microsoft Office Groove Audit Service) -- C:\Program Files (x86)\Microsoft Office\Office12\GrooveAuditService.exe (Microsoft Corporation)
SRV - (Nero BackItUp Scheduler 4.0) -- C:\Program Files (x86)\Common Files\Nero\Nero BackItUp 4\NBService.exe (Nero AG)
SRV - (MSSQLServerADHelper100) -- c:\Program Files (x86)\Microsoft SQL Server\100\Shared\SQLADHLP.EXE (Microsoft Corporation)
 
 
========== Driver Services (SafeList) ==========
 
DRV:64bit: - (dc3d) MS Hardware Device Detection Driver (USB) -- C:\Windows\SysNative\drivers\dc3d.sys (Microsoft Corporation)
DRV:64bit: - (USBAAPL64) -- C:\Windows\SysNative\drivers\usbaapl64.sys (Apple, Inc.)
DRV:64bit: - (avipbb) -- C:\Windows\SysNative\drivers\avipbb.sys (Avira GmbH)
DRV:64bit: - (avgntflt) -- C:\Windows\SysNative\drivers\avgntflt.sys (Avira GmbH)
DRV:64bit: - (hamachi) -- C:\Windows\SysNative\drivers\hamachi.sys (LogMeIn, Inc.)
DRV:64bit: - (NVHDA) -- C:\Windows\SysNative\drivers\nvhda64v.sys (NVIDIA Corporation)
DRV:64bit: - (sptd) -- C:\Windows\SysNative\drivers\sptd.sys ()
DRV:64bit: - (RTL8167) -- C:\Windows\SysNative\drivers\Rt64win7.sys (Realtek                                            )
DRV:64bit: - (RtNdPt60) -- C:\Windows\SysNative\drivers\RtNdPt60.sys (Realtek                                            )
DRV:64bit: - (amdsata) -- C:\Windows\SysNative\drivers\amdsata.sys (Advanced Micro Devices)
DRV:64bit: - (amdxata) -- C:\Windows\SysNative\drivers\amdxata.sys (Advanced Micro Devices)
DRV:64bit: - (amdsbs) -- C:\Windows\SysNative\drivers\amdsbs.sys (AMD Technologies Inc.)
DRV:64bit: - (LSI_SAS2) -- C:\Windows\SysNative\drivers\lsi_sas2.sys (LSI Corporation)
DRV:64bit: - (HpSAMD) -- C:\Windows\SysNative\drivers\HpSAMD.sys (Hewlett-Packard Company)
DRV:64bit: - (vmbus) -- C:\Windows\SysNative\drivers\vmbus.sys (Microsoft Corporation)
DRV:64bit: - (storflt) -- C:\Windows\SysNative\drivers\vmstorfl.sys (Microsoft Corporation)
DRV:64bit: - (storvsc) -- C:\Windows\SysNative\drivers\storvsc.sys (Microsoft Corporation)
DRV:64bit: - (stexstor) -- C:\Windows\SysNative\drivers\stexstor.sys (Promise Technology)
DRV:64bit: - (s3cap) -- C:\Windows\SysNative\drivers\vms3cap.sys (Microsoft Corporation)
DRV:64bit: - (VMBusHID) -- C:\Windows\SysNative\drivers\VMBusHID.sys (Microsoft Corporation)
DRV:64bit: - (CSC) -- C:\Windows\SysNative\drivers\csc.sys (Microsoft Corporation)
DRV:64bit: - (ebdrv) -- C:\Windows\SysNative\drivers\evbda.sys (Broadcom Corporation)
DRV:64bit: - (b06bdrv) -- C:\Windows\SysNative\drivers\bxvbda.sys (Broadcom Corporation)
DRV:64bit: - (b57nd60a) -- C:\Windows\SysNative\drivers\b57nd60a.sys (Broadcom Corporation)
DRV:64bit: - (hcw85cir) -- C:\Windows\SysNative\drivers\hcw85cir.sys (Hauppauge Computer Works, Inc.)
DRV:64bit: - (grmnusb) -- C:\Windows\SysNative\drivers\grmnusb.sys (GARMIN Corp.)
DRV:64bit: - (KMWDFILTER) -- C:\Windows\SysNative\drivers\KMWDFILTER.sys (Windows (R) Codename Longhorn DDK provider)
DRV:64bit: - (TEAM) Realtek Virtual Miniport Driver for Teaming (NDIS 6.0) -- C:\Windows\SysNative\drivers\RtTeam60.sys (Realtek Corporation)
DRV:64bit: - (RTTEAMPT) Realtek Teaming Protocol Driver (NDIS 6.0) -- C:\Windows\SysNative\drivers\RtTeam60.sys (Realtek Corporation)
DRV:64bit: - (RTVLANPT) Realtek Vlan Protocol Driver (NDIS 6.2) -- C:\Windows\SysNative\drivers\RtVlan60.sys (Windows (R) Codename Longhorn DDK provider)
DRV - (gdrv) -- C:\Windows\gdrv.sys (Windows (R) Server 2003 DDK provider)
DRV - (SASDIFSV) -- C:\Programme\SUPERAntiSpyware\sasdifsv64.sys (SUPERAdBlocker.com and SUPERAntiSpyware.com)
DRV - (SASKUTIL) -- C:\Programme\SUPERAntiSpyware\saskutil64.sys (SUPERAdBlocker.com and SUPERAntiSpyware.com)
DRV - (CSC) -- C:\Windows\CSC [2010.01.22 01:12:00 | 000,000,000 | ---D | M]
DRV - (mpsdrv) -- C:\Windows\SysWOW64\wbem\mpsdrv.mof ()
DRV - (Tcpip) -- C:\Windows\SysWOW64\wbem\tcpip.mof ()
DRV - (MOUSEWDFilter) -- C:\Windows\SysWOW64\drivers\MOUSEWD.SYS ()
DRV - (NPPTNT2) -- C:\Windows\SysWOW64\npptNT2.sys (INCA Internet Co., Ltd.)
DRV - (ASPI) -- C:\Windows\SysWOW64\drivers\ASPI32.SYS (Adaptec)
DRV - (zlportio) -- C:\Spiele\Ultrastar\Ultrastar\zlportio.sys (SpecoSoft)
DRV - (TVicPort) -- C:\Windows\SysWOW64\drivers\TVICPORT.SYS ()
 
 
========== Standard Registry (SafeList) ==========
 
 
========== Internet Explorer ==========
 
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
 
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://de.ask.com?o=14597&l=dis
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = hxxp://de.msn.com/?ocid=iehp
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = de
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 5B 11 36 E8 CD C9 CA 01  [binary data]
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
========== FireFox ==========
 
FF - prefs.js..browser.search.useDBForOrder: true
FF - prefs.js..browser.startup.homepage: "www.google.de"
FF - prefs.js..extensions.enabledItems: {d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}:1.2
FF - prefs.js..extensions.enabledItems: {195A3098-0BD5-4e90-AE22-BA1C540AFD1E}:2.9.2
FF - prefs.js..extensions.enabledItems: {b9db16a4-6edc-47ec-a1f4-b86292ed211d}:4.7.3
FF - prefs.js..extensions.enabledItems: {DDC359D1-844A-42a7-9AA1-88A850A938A8}:1.1.10
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}:6.0.20
FF - prefs.js..extensions.enabledItems: {46551EC9-40F0-4e47-8E18-8E5CF550CFB8}:1.0.9
FF - prefs.js..extensions.enabledItems: {c45c406e-ab73-11d8-be73-000a95be3b12}:1.1.8
FF - prefs.js..extensions.enabledItems: personas@christopher.beard:1.5.3
FF - prefs.js..extensions.enabledItems: {7BDB48D1-CD94-4B99-A5A4-E418B9EE6532}:0.9.1
 
FF - HKLM\software\mozilla\Mozilla Firefox 3.6.6\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2010.06.27 16:54:41 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.6.6\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins [2010.06.27 16:54:41 | 000,000,000 | ---D | M]
 
[2010.04.18 20:27:46 | 000,000,000 | ---D | M] -- C:\Users\Sebi\AppData\Roaming\mozilla\Extensions
[2010.06.29 22:28:41 | 000,000,000 | ---D | M] -- C:\Users\Sebi\AppData\Roaming\mozilla\Firefox\Profiles\djznzq1w.default\extensions
[2010.04.18 20:35:13 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Sebi\AppData\Roaming\mozilla\Firefox\Profiles\djznzq1w.default\extensions\{195A3098-0BD5-4e90-AE22-BA1C540AFD1E}
[2010.05.24 22:57:14 | 000,000,000 | ---D | M] (Stylish) -- C:\Users\Sebi\AppData\Roaming\mozilla\Firefox\Profiles\djznzq1w.default\extensions\{46551EC9-40F0-4e47-8E18-8E5CF550CFB8}
[2010.06.28 19:03:53 | 000,000,000 | ---D | M] (Destroy the Web) -- C:\Users\Sebi\AppData\Roaming\mozilla\Firefox\Profiles\djznzq1w.default\extensions\{7BDB48D1-CD94-4B99-A5A4-E418B9EE6532}
[2010.04.28 20:22:59 | 000,000,000 | ---D | M] (DownloadHelper) -- C:\Users\Sebi\AppData\Roaming\mozilla\Firefox\Profiles\djznzq1w.default\extensions\{b9db16a4-6edc-47ec-a1f4-b86292ed211d}
[2010.05.30 18:59:34 | 000,000,000 | ---D | M] (Web Developer) -- C:\Users\Sebi\AppData\Roaming\mozilla\Firefox\Profiles\djznzq1w.default\extensions\{c45c406e-ab73-11d8-be73-000a95be3b12}
[2010.05.01 13:26:23 | 000,000,000 | ---D | M] (Adblock Plus) -- C:\Users\Sebi\AppData\Roaming\mozilla\Firefox\Profiles\djznzq1w.default\extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}
[2010.05.30 08:25:08 | 000,000,000 | ---D | M] (DownThemAll!) -- C:\Users\Sebi\AppData\Roaming\mozilla\Firefox\Profiles\djznzq1w.default\extensions\{DDC359D1-844A-42a7-9AA1-88A850A938A8}
[2010.06.27 17:01:35 | 000,000,000 | ---D | M] -- C:\Users\Sebi\AppData\Roaming\mozilla\Firefox\Profiles\djznzq1w.default\extensions\personas@christopher.beard
[2010.06.21 18:29:20 | 000,002,354 | ---- | M] () -- C:\Users\Sebi\AppData\Roaming\Mozilla\FireFox\Profiles\djznzq1w.default\searchplugins\ecosia.xml
[2010.06.21 18:26:48 | 000,002,314 | ---- | M] () -- C:\Users\Sebi\AppData\Roaming\Mozilla\FireFox\Profiles\djznzq1w.default\searchplugins\forestle-de.xml
[2010.06.29 22:28:41 | 000,000,000 | ---D | M] -- C:\Program Files (x86)\mozilla firefox\extensions
[2010.05.24 21:06:06 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files (x86)\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}
[2010.05.24 21:05:59 | 000,411,368 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files (x86)\mozilla firefox\plugins\npdeployJava1.dll
[2010.04.01 18:54:38 | 000,001,392 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\amazondotcom-de.xml
[2010.04.01 18:54:38 | 000,002,344 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\eBay-de.xml
[2010.04.01 18:54:38 | 000,006,805 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\leo_ende_de.xml
[2010.04.01 18:54:38 | 000,001,178 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\wikipedia-de.xml
[2010.04.01 18:54:38 | 000,001,105 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\yahoo-de.xml
 
O1 HOSTS File: ([2010.04.14 20:58:25 | 000,000,872 | ---- | M]) - C:\Windows\SysNative\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 71i.de
O1 - Hosts: 127.0.0.1 adicqserver.71i.de
O2 - BHO: (Groove GFS Browser Helper) - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files (x86)\Microsoft Office\Office12\GrooveShellExtensions.dll (Microsoft Corporation)
O2 - BHO: (FDMIECookiesBHO Class) - {CC59E0F9-7E43-44FA-9FAA-8377850BF205} - C:\Program Files (x86)\Free Download Manager\iefdm2.dll ()
O3 - HKLM\..\Toolbar: (no name) - {10EDB994-47F8-43F7-AE96-F2EA63E9F90F} - No CLSID value found.
O4:64bit: - HKLM..\Run: [RtHDVCpl] C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe (Realtek Semiconductor)
O4 - HKLM..\Run: [avgnt] C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe (Avira GmbH)
O4 - HKLM..\Run: [GrooveMonitor] C:\Program Files (x86)\Microsoft Office\Office12\GrooveMonitor.exe (Microsoft Corporation)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktopChanges = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 255
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoAutorun = 2
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableLUA = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: PromptOnSecureDesktop = 0
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoCDBurning = 0
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O8:64bit: - Extra context menu item: Alles mit FDM herunterladen - C:\Program Files (x86)\Free Download Manager\dlall.htm ()
O8:64bit: - Extra context menu item: Auswahl mit FDM herunterladen - C:\Program Files (x86)\Free Download Manager\dlselected.htm ()
O8:64bit: - Extra context menu item: Datei mit FDM herunterladen - C:\Program Files (x86)\Free Download Manager\dllink.htm ()
O8:64bit: - Extra context menu item: Videos mit FDM herunterladen - C:\Program Files (x86)\Free Download Manager\dlfvideo.htm ()
O8 - Extra context menu item: Alles mit FDM herunterladen - C:\Program Files (x86)\Free Download Manager\dlall.htm ()
O8 - Extra context menu item: Auswahl mit FDM herunterladen - C:\Program Files (x86)\Free Download Manager\dlselected.htm ()
O8 - Extra context menu item: Datei mit FDM herunterladen - C:\Program Files (x86)\Free Download Manager\dllink.htm ()
O8 - Extra context menu item: Videos mit FDM herunterladen - C:\Program Files (x86)\Free Download Manager\dlfvideo.htm ()
O9 - Extra Button: In Blog veröffentlichen - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : In Windows Live Writer in Blog veröffentliche&n - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll (Microsoft Corporation)
O9 - Extra Button: An OneNote senden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~2\MICROS~1\Office12\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : An OneNote s&enden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~2\MICROS~1\Office12\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra Button: ICQ7 - {88EB38EF-4D2C-436D-ABD3-56B232674062} - C:\Program Files (x86)\ICQ7.0\ICQ.exe (ICQ, LLC.)
O9 - Extra 'Tools' menuitem : ICQ7 - {88EB38EF-4D2C-436D-ABD3-56B232674062} - C:\Program Files (x86)\ICQ7.0\ICQ.exe (ICQ, LLC.)
O9 - Extra Button: Recherchieren - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~2\MICROS~1\OFFICE11\REFIEBAR.DLL (Microsoft Corporation)
O13 - gopher Prefix: missing
O13 - gopher Prefix: missing
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_20-windows-i586.cab (Java Plug-in 1.6.0_20)
O16 - DPF: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_20-windows-i586.cab (Java Plug-in 1.6.0_20)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_20-windows-i586.cab (Java Plug-in 1.6.0_20)
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} hxxp://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab (Shockwave Flash Object)
O18:64bit: - Protocol\Handler\grooveLocalGWS {88FED34C-F0CA-4636-A375-3CB6248B04CD} - Reg Error: Key error. File not found
O18:64bit: - Protocol\Handler\http\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - Reg Error: Key error. File not found
O18:64bit: - Protocol\Handler\http\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - Reg Error: Key error. File not found
O18:64bit: - Protocol\Handler\https\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - Reg Error: Key error. File not found
O18:64bit: - Protocol\Handler\https\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - Reg Error: Key error. File not found
O18:64bit: - Protocol\Handler\msdaipp - No CLSID value found
O18:64bit: - Protocol\Handler\msdaipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - Reg Error: Key error. File not found
O18:64bit: - Protocol\Handler\msdaipp\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - Reg Error: Key error. File not found
O18:64bit: - Protocol\Handler\ms-help {314111c7-a502-11d2-bbca-00c04f8ec294} - Reg Error: Key error. File not found
O18:64bit: - Protocol\Handler\mso-offdap11 {32505114-5902-49B2-880A-1F7738E5A384} - Reg Error: Key error. File not found
O18:64bit: - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - Reg Error: Key error. File not found
O18 - Protocol\Handler\grooveLocalGWS {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\Program Files (x86)\Microsoft Office\Office12\GrooveSystemServices.dll (Microsoft Corporation)
O18 - Protocol\Handler\http\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\SYSTEM\OLE DB\msdaipp.dll (Microsoft Corporation)
O18 - Protocol\Handler\http\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\SYSTEM\OLE DB\msdaipp.dll (Microsoft Corporation)
O18 - Protocol\Handler\https\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\SYSTEM\OLE DB\msdaipp.dll (Microsoft Corporation)
O18 - Protocol\Handler\https\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\SYSTEM\OLE DB\msdaipp.dll (Microsoft Corporation)
O18 - Protocol\Handler\msdaipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\SYSTEM\OLE DB\msdaipp.dll (Microsoft Corporation)
O18 - Protocol\Handler\msdaipp\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\SYSTEM\OLE DB\msdaipp.dll (Microsoft Corporation)
O18 - Protocol\Handler\mso-offdap11 {32505114-5902-49B2-880A-1F7738E5A384} - C:\PROGRA~2\COMMON~1\MICROS~1\WEBCOM~1\11\OWC11.DLL (Microsoft Corporation)
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~2\COMMON~1\Skype\SKYPE4~1.DLL (Skype Technologies)
O18:64bit: - Protocol\Filter\text/xml {807553E5-5146-11D5-A672-00B0D022E945} - Reg Error: Key error. File not found
O18 - Protocol\Filter\text/xml {807553E5-5146-11D5-A672-00B0D022E945} - C:\Program Files (x86)\Common Files\Microsoft Shared\OFFICE11\MSOXMLMF.DLL (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\Windows\SysNative\SystemPropertiesPerformance.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: VMApplet - (/pagefile) -  File not found
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\Windows\SysWow64\SystemPropertiesPerformance.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (/pagefile) -  File not found
O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - CLSID or File not found.
O21 - SSODL: Programsand - {abaf9c46-b4e9-478c-ac93-a56dd5b7168c} - C:\Program Files (x86)\Common Files\Programs\Programsand.dll File not found
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - CLSID or File not found.
O28 - HKLM ShellExecuteHooks: {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - C:\Program Files (x86)\Microsoft Office\Office12\GrooveShellExtensions.dll (Microsoft Corporation)
O32 - HKLM CDRom: AutoRun - 1
O33 - MountPoints2\{62209535-0751-11df-a420-00241d8dea96}\Shell - "" = AutoRun
O33 - MountPoints2\{62209535-0751-11df-a420-00241d8dea96}\Shell\AutoRun\command - "" = H:\Setup.exe -- File not found
O33 - MountPoints2\{7f89f060-0fe2-11df-9897-00241d8dea96}\Shell - "" = AutoRun
O33 - MountPoints2\{7f89f060-0fe2-11df-9897-00241d8dea96}\Shell\AutoRun\command - "" = E:\LaunchU3.exe -- File not found
O34 - HKLM BootExecute: (autocheck autochk *) -  File not found
O35:64bit: - HKLM\..comfile [open] -- "%1" %*
O35:64bit: - HKLM\..exefile [open] -- "%1" %*
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %*
O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
 
========== Files/Folders - Created Within 90 Days ==========
 
[2010.06.30 14:09:37 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\ESET
[2010.06.29 22:49:03 | 000,000,000 | ---D | C] -- C:\Users\Sebi\AppData\Roaming\SUPERAntiSpyware.com
[2010.06.29 22:49:03 | 000,000,000 | ---D | C] -- C:\ProgramData\SUPERAntiSpyware.com
[2010.06.29 22:48:58 | 000,000,000 | ---D | C] -- C:\ProgramData\!SASCORE
[2010.06.29 22:48:57 | 000,000,000 | ---D | C] -- C:\Programme\SUPERAntiSpyware
[2010.06.29 22:47:42 | 000,000,000 | ---D | C] -- C:\Users\Sebi\Desktop\Antivirus
[2010.06.29 22:43:03 | 000,000,000 | ---D | C] -- C:\_OTL
[2010.06.29 22:24:15 | 000,000,000 | ---D | C] -- C:\ProgramData\TEMP
[2010.06.29 22:24:12 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Smart PC Solutions
[2010.06.29 20:25:31 | 000,000,000 | ---D | C] -- C:\Users\Sebi\AppData\Roaming\Malwarebytes
[2010.06.29 20:25:22 | 000,038,224 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\SysWow64\drivers\mbamswissarmy.sys
[2010.06.29 20:25:21 | 000,024,664 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\SysNative\drivers\mbam.sys
[2010.06.29 20:25:21 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Malwarebytes' Anti-Malware
[2010.06.29 20:25:21 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes
[2010.06.28 22:17:13 | 000,000,000 | ---D | C] -- C:\Users\Sebi\AppData\Roaming\ImTOO
[2010.06.28 22:16:00 | 000,000,000 | ---D | C] -- C:\Programme\ImTOO
[2010.06.28 22:14:44 | 000,000,000 | ---D | C] -- C:\Users\Sebi\Desktop\ImTOO Video Converter Ultimate v6.0.3 (Build 0430)
[2010.06.28 21:46:52 | 000,000,000 | -HSD | C] -- C:\Config.Msi
[2010.06.27 21:34:05 | 000,000,000 | ---D | C] -- C:\ProgramData\2DBoy
[2010.06.27 21:33:30 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\WorldOfGoo
[2010.06.27 16:25:28 | 000,000,000 | ---D | C] -- C:\Windows\SysWow64\directx
[2010.06.27 13:16:18 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Gameforge4D
[2010.06.26 10:07:59 | 000,000,000 | ---D | C] -- C:\Users\Sebi\Desktop\0052_Another_Code_Two_Memories_PROPER_EUR_NDS-TRM
[2010.06.24 18:58:46 | 000,000,000 | ---D | C] -- C:\ProgramData\NOS
[2010.06.23 18:27:16 | 000,000,000 | R--D | C] -- C:\Users\Sebi\Documents\Scanned Documents
[2010.06.23 18:27:16 | 000,000,000 | ---D | C] -- C:\Users\Sebi\Documents\Fax
[2010.06.20 21:28:33 | 000,000,000 | ---D | C] -- C:\Users\Sebi\AppData\Roaming\Media Player Classic
[2010.06.20 21:22:47 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\XviD
[2010.06.20 21:22:14 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Gabest
[2010.06.20 21:22:01 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\AutoGK
[2010.06.20 14:00:05 | 000,000,000 | ---D | C] -- C:\Users\Sebi\Desktop\SSBR
[2010.06.20 14:00:04 | 000,000,000 | ---D | C] -- C:\Users\Sebi\Desktop\SSBRumble Demo 0.8
[2010.06.19 19:53:47 | 000,000,000 | ---D | C] -- C:\Users\Sebi\Desktop\408002942 Wölkchen
[2010.06.19 19:37:29 | 000,000,000 | ---D | C] -- C:\Users\Sebi\Desktop\Usb backup
[2010.06.15 15:13:07 | 000,000,000 | ---D | C] -- C:\Users\Sebi\Desktop\Counter Ops
[2010.06.12 14:19:53 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\PC Inspector File Recovery
[2010.06.12 13:46:45 | 000,000,000 | ---D | C] -- C:\Users\Sebi\Desktop\bilder
[2010.06.11 23:01:44 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Microsoft
[2010.06.11 23:01:32 | 000,000,000 | ---D | C] -- C:\Users\Public\Documents\microsoft
[2010.06.11 23:01:14 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Windows Live SkyDrive
[2010.06.11 23:00:37 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Windows Live
[2010.06.11 22:59:02 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Microsoft SQL Server Compact Edition
[2010.06.09 21:27:45 | 000,000,000 | ---D | C] -- C:\Users\Sebi\Desktop\Alles Atze
[2010.06.08 23:04:37 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\DDVideoDPGAVI
[2010.06.08 23:04:35 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Programs
[2010.06.01 22:11:26 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Windows Live
[2010.06.01 16:06:06 | 002,610,008 | ---- | C] (Waves Audio Ltd.) -- C:\Windows\SysNative\WavesGUILib.dll
[2010.06.01 16:06:06 | 000,518,896 | ---- | C] (SRS Labs, Inc.) -- C:\Windows\SysNative\SRSTSX64.dll
[2010.06.01 16:06:06 | 000,211,184 | ---- | C] (SRS Labs, Inc.) -- C:\Windows\SysNative\SRSTSH64.dll
[2010.06.01 16:06:06 | 000,198,896 | ---- | C] (SRS Labs, Inc.) -- C:\Windows\SysNative\SRSHP64.dll
[2010.06.01 16:06:06 | 000,155,888 | ---- | C] (SRS Labs, Inc.) -- C:\Windows\SysNative\SRSWOW64.dll
[2010.06.01 16:06:05 | 002,197,264 | ---- | C] (Waves Audio Ltd.) -- C:\Windows\SysNative\MaxxAudioEQ.dll
[2010.06.01 16:06:05 | 001,733,464 | ---- | C] (Waves Audio Ltd.) -- C:\Windows\SysNative\MaxxAudioRealtek.dll
[2010.06.01 16:06:05 | 000,372,936 | ---- | C] (Dolby Laboratories, Inc.) -- C:\Windows\SysNative\RTEEP64A.dll
[2010.06.01 16:06:05 | 000,335,192 | ---- | C] (Waves Audio Ltd.) -- C:\Windows\SysNative\MaxxVolumeSDAPO.dll
[2010.06.01 16:06:05 | 000,335,192 | ---- | C] (Waves Audio Ltd.) -- C:\Windows\SysNative\MaxxAudioAPO30.dll
[2010.06.01 16:06:05 | 000,318,808 | ---- | C] (Waves Audio Ltd.) -- C:\Windows\SysNative\MaxxAudioAPO20.dll
[2010.06.01 16:06:05 | 000,307,920 | ---- | C] (Dolby Laboratories, Inc.) -- C:\Windows\SysNative\RP3DHT64.dll
[2010.06.01 16:06:05 | 000,307,920 | ---- | C] (Dolby Laboratories, Inc.) -- C:\Windows\SysNative\RP3DAA64.dll
[2010.06.01 16:06:05 | 000,201,928 | ---- | C] (Dolby Laboratories, Inc.) -- C:\Windows\SysNative\RTEED64A.dll
[2010.06.01 16:06:05 | 000,099,016 | ---- | C] (Dolby Laboratories, Inc.) -- C:\Windows\SysNative\RTEEL64A.dll
[2010.06.01 16:06:05 | 000,076,488 | ---- | C] (Dolby Laboratories, Inc.) -- C:\Windows\SysNative\RTEEG64A.dll
[2010.06.01 16:06:04 | 001,325,328 | ---- | C] (DTS) -- C:\Windows\SysNative\DTSS2SpeakerDLL64.dll
[2010.06.01 16:06:04 | 001,178,384 | ---- | C] (DTS) -- C:\Windows\SysNative\DTSS2HeadphoneDLL64.dll
[2010.06.01 16:06:04 | 001,110,800 | ---- | C] (DTS) -- C:\Windows\SysNative\DTSBoostDLL64.dll
[2010.06.01 16:06:04 | 000,504,592 | ---- | C] (DTS) -- C:\Windows\SysNative\DTSBassEnhancementDLL64.dll
[2010.06.01 16:06:04 | 000,489,744 | ---- | C] (DTS) -- C:\Windows\SysNative\DTSSymmetryDLL64.dll
[2010.06.01 16:06:04 | 000,474,896 | ---- | C] (DTS) -- C:\Windows\SysNative\DTSVoiceClarityDLL64.dll
[2010.06.01 16:06:04 | 000,330,656 | ---- | C] (Fortemedia Corporation) -- C:\Windows\SysNative\FMAPO64.dll
[2010.06.01 16:06:04 | 000,315,152 | ---- | C] (DTS) -- C:\Windows\SysNative\DTSNeoPCDLL64.dll
[2010.06.01 16:06:04 | 000,268,560 | ---- | C] (DTS) -- C:\Windows\SysNative\DTSLimiterDLL64.dll
[2010.06.01 16:06:04 | 000,265,488 | ---- | C] (DTS) -- C:\Windows\SysNative\DTSGainCompensatorDLL64.dll
[2010.06.01 16:06:04 | 000,123,664 | ---- | C] (DTS) -- C:\Windows\SysNative\DTSLFXAPO64.dll
[2010.06.01 16:06:04 | 000,123,152 | ---- | C] (DTS) -- C:\Windows\SysNative\DTSGFXAPO64.dll
[2010.06.01 16:06:04 | 000,122,128 | ---- | C] (DTS) -- C:\Windows\SysNative\DTSGFXAPONS64.dll
[2010.06.01 16:01:04 | 000,000,000 | ---D | C] -- C:\Windows\SysWow64\RTCOM
[2010.06.01 16:01:04 | 000,000,000 | ---D | C] -- C:\Programme\Realtek
[2010.05.22 14:25:14 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\PhoenixBit
[2010.05.22 11:57:13 | 000,000,000 | ---D | C] -- C:\Users\Sebi\AppData\Local\Apple Computer
[2010.05.22 11:57:12 | 000,000,000 | ---D | C] -- C:\Users\Sebi\AppData\Roaming\Apple Computer
[2010.05.22 11:57:07 | 000,000,000 | ---D | C] -- C:\Windows\SysNative\DRVSTORE
[2010.05.22 11:56:53 | 000,000,000 | ---D | C] -- C:\ProgramData\{93E26451-CD9A-43A5-A2FA-C42392EA4001}
[2010.05.22 11:56:03 | 000,000,000 | ---D | C] -- C:\ProgramData\Apple Computer
[2010.05.22 11:55:58 | 000,000,000 | ---D | C] -- C:\Users\Sebi\AppData\Local\Apple
[2010.05.22 11:55:24 | 000,000,000 | ---D | C] -- C:\ProgramData\Apple
[2010.05.20 20:33:15 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\K-Lite Codec Pack
[2010.05.20 20:23:58 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\VideoLAN
[2010.05.19 21:48:51 | 000,000,000 | ---D | C] -- C:\Users\Sebi\AppData\Roaming\Audacity
[2010.05.19 21:47:25 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Audacity 1.3 Beta (Unicode)
[2010.05.15 20:42:24 | 000,000,000 | ---D | C] -- C:\Users\Sebi\Desktop\USB stick
[2010.05.13 17:09:50 | 000,000,000 | ---D | C] -- C:\Users\Sebi\Desktop\apptest
[2010.05.13 10:21:01 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\OnlineControl
[2010.05.12 17:41:40 | 000,000,000 | ---D | C] -- C:\ProgramData\Hewlett-Packard
[2010.05.12 17:41:26 | 000,276,480 | ---- | C] (Hewlett Packard Corporation) -- C:\Windows\SysWow64\hpcc3094.DLL
[2010.05.10 18:40:16 | 000,000,000 | ---D | C] -- C:\Users\Sebi\Documents\Downloads
[2010.05.10 18:39:22 | 000,000,000 | ---D | C] -- C:\Users\Sebi\AppData\Local\Google
[2010.05.07 20:02:49 | 000,000,000 | ---D | C] -- C:\Users\Sebi\AppData\Roaming\NVIDIA
[2010.05.07 20:02:47 | 000,000,000 | ---D | C] -- C:\Users\Sebi\Documents\EA Games
[2010.05.07 19:50:11 | 000,000,000 | ---D | C] -- C:\ProgramData\Electronic Arts
[2010.05.02 09:51:43 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Audacity
[2010.05.01 13:35:47 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\VLMC
[2010.04.30 16:56:41 | 000,000,000 | ---D | C] -- C:\Users\Sebi\AppData\Roaming\dvdcss
[2010.04.30 16:49:39 | 001,435,272 | ---- | C] (Macromedia, Inc.) -- C:\Windows\SysWow64\Flash.ocx
[2010.04.30 16:45:23 | 000,000,000 | ---D | C] -- C:\Users\Sebi\AppData\Roaming\NeroDigital(TM)
[2010.04.30 13:54:01 | 000,000,000 | ---D | C] -- C:\Medion
[2010.04.25 14:28:14 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Crazy Machines II
[2010.04.25 14:26:59 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Wise Installation Wizard
[2010.04.23 22:19:29 | 000,000,000 | ---D | C] -- C:\Users\Sebi\Documents\BewerbungsMaster
[2010.04.23 22:19:29 | 000,000,000 | ---D | C] -- C:\ProgramData\BewerbungsMaster
[2010.04.23 22:18:16 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\BEWERBUNGSMASTER
[2010.04.22 15:15:23 | 000,000,000 | ---D | C] -- C:\Users\Sebi\Desktop\Dolphin
[2010.04.22 14:56:59 | 000,064,616 | ---- | C] (Khronos Group) -- C:\Windows\SysNative\OpenCL.dll
[2010.04.22 14:56:59 | 000,056,424 | ---- | C] (Khronos Group) -- C:\Windows\SysWow64\OpenCL.dll
[2010.04.21 21:39:11 | 000,050,688 | ---- | C] (Realtek Corporation) -- C:\Windows\SysNative\drivers\RtTeam60.sys
[2010.04.21 21:39:11 | 000,027,136 | ---- | C] (Realtek                                            ) -- C:\Windows\SysNative\drivers\RtNdPt60.sys
[2010.04.21 21:39:11 | 000,024,064 | ---- | C] (Windows (R) Codename Longhorn DDK provider) -- C:\Windows\SysNative\drivers\RtVlan60.sys
[2010.04.21 21:38:00 | 000,295,424 | ---- | C] (Realtek                                            ) -- C:\Windows\SysNative\drivers\Rt64win7.sys
[2010.04.21 21:38:00 | 000,097,792 | ---- | C] (Realtek Semiconductor Corporation) -- C:\Windows\SysNative\RTNUninst64.dll
[2010.04.21 21:31:12 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Lavalys
[2010.04.20 20:32:48 | 000,000,000 | ---D | C] -- C:\Users\Sebi\Documents\Clonk reg key
[2010.04.20 14:59:05 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\LogMeIn Hamachi
[2010.04.19 20:06:14 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\AutoHotkey
[2010.04.18 20:27:40 | 000,000,000 | ---D | C] -- C:\Users\Sebi\AppData\Roaming\Mozilla
[2010.04.18 20:27:32 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Mozilla Firefox
[2010.04.18 19:42:39 | 000,000,000 | ---D | C] -- C:\Windows\SysNative\appmgmt
[2010.04.18 13:42:42 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Garmin GPS Plugin
[2010.04.18 12:31:04 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Think Tanks
[2010.04.18 12:11:19 | 000,000,000 | ---D | C] -- C:\Users\Sebi\Documents\Mein Garmin
[2010.04.18 12:11:19 | 000,000,000 | ---D | C] -- C:\Users\Sebi\AppData\Roaming\GARMIN
[2010.04.18 12:11:19 | 000,000,000 | ---D | C] -- C:\ProgramData\GARMIN
[2010.04.18 12:10:21 | 000,000,000 | ---D | C] -- C:\Programme\DIFX
[2010.04.18 12:10:17 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Garmin
[2010.04.16 13:45:55 | 000,000,000 | ---D | C] -- C:\Users\Sebi\AppData\Roaming\Dev-Cpp
[2010.04.16 13:45:44 | 000,000,000 | ---D | C] -- C:\Programme\Dev-Cpp
[2010.04.15 16:38:21 | 000,000,000 | ---D | C] -- C:\Users\Sebi\AppData\Roaming\TeamViewer
[2010.04.15 16:38:12 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\TeamViewer
[2010.04.14 20:45:27 | 000,000,000 | ---D | C] -- C:\Users\Sebi\AppData\Roaming\McLoad
[2010.04.05 18:29:55 | 000,000,000 | ---D | C] -- C:\Programme\TeraCopy
[2010.04.05 17:59:56 | 000,000,000 | ---D | C] -- C:\Users\Sebi\AppData\Roaming\TeraCopy
[2010.04.05 14:34:35 | 000,000,000 | ---D | C] -- C:\Users\Sebi\AppData\Roaming\TuneUp Software
[2010.04.05 14:34:05 | 000,000,000 | ---D | C] -- C:\ProgramData\TuneUp Software
[2010.04.05 14:34:02 | 000,000,000 | -HSD | C] -- C:\ProgramData\{D3742F82-1C1A-4DCC-ABBD-0E7C3C0185CC}
[2002.11.11 03:00:10 | 000,073,728 | ---- | C] ( ) -- C:\Windows\SysWow64\SlpV24.dll
 
========== Files - Modified Within 90 Days ==========
 
[2010.06.30 15:58:56 | 003,145,728 | -HS- | M] () -- C:\Users\Sebi\ntuser.dat
[2010.06.30 15:49:01 | 000,001,114 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-1035008423-2702467771-726374958-1000UA.job
[2010.06.30 14:06:29 | 000,014,192 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2010.06.30 14:06:29 | 000,014,192 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2010.06.30 14:01:09 | 000,000,006 | -H-- | M] () -- C:\Windows\tasks\SA.DAT
[2010.06.30 14:01:05 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2010.06.30 14:01:01 | 3220,037,632 | -HS- | M] () -- C:\hiberfil.sys
[2010.06.30 00:11:35 | 010,104,778 | -H-- | M] () -- C:\Users\Sebi\AppData\Local\IconCache.db
[2010.06.30 00:00:20 | 000,000,392 | ---- | M] () -- C:\Windows\tasks\NeroLiveEpgUpdate-Sebi-PC_Sebi.job
[2010.06.29 22:48:58 | 000,001,808 | ---- | M] () -- C:\Users\Public\Desktop\SUPERAntiSpyware Free Edition.lnk
[2010.06.29 22:24:13 | 000,001,330 | ---- | M] () -- C:\Users\Sebi\Desktop\Smart Data Recovery.lnk
[2010.06.29 20:25:25 | 000,001,009 | ---- | M] () -- C:\Users\Public\Desktop\Malwarebytes' Anti-Malware.lnk
[2010.06.29 18:49:00 | 000,001,062 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-1035008423-2702467771-726374958-1000Core.job
[2010.06.28 22:15:43 | 000,002,165 | ---- | M] () -- C:\Users\Public\Desktop\ImTOO Video Converter Ultimate 6.lnk
[2010.06.28 22:02:45 | 000,109,616 | ---- | M] () -- C:\Users\Sebi\AppData\Local\GDIPFONTCACHEV1.DAT
[2010.06.27 21:33:53 | 000,001,917 | ---- | M] () -- C:\Users\Public\Desktop\World of Goo.lnk
[2010.06.27 20:20:51 | 000,419,336 | ---- | M] () -- C:\Windows\SysNative\FNTCACHE.DAT
[2010.06.27 11:45:45 | 002,259,074 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI
[2010.06.27 11:45:45 | 000,712,450 | ---- | M] () -- C:\Windows\SysNative\perfh007.dat
[2010.06.27 11:45:45 | 000,675,208 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat
[2010.06.27 11:45:45 | 000,492,918 | ---- | M] () -- C:\Windows\SysNative\perfh00B.dat
[2010.06.27 11:45:45 | 000,151,600 | ---- | M] () -- C:\Windows\SysNative\perfc007.dat
[2010.06.27 11:45:45 | 000,128,616 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat
[2010.06.27 11:45:45 | 000,103,638 | ---- | M] () -- C:\Windows\SysNative\perfc00B.dat
[2010.06.26 20:48:16 | 001,021,898 | ---- | M] () -- C:\Users\Sebi\Desktop\SL382099.jpg
[2010.06.26 14:07:42 | 000,000,083 | ---- | M] () -- C:\Windows\wp.INI
[2010.06.24 13:24:54 | 000,019,215 | ---- | M] () -- C:\Users\Sebi\Desktop\Meine Spiele.jpg
[2010.06.20 22:19:39 | 000,000,566 | ---- | M] () -- C:\Users\Sebi\AppData\Roaming\AutoGK.ini
[2010.06.20 14:18:37 | 001,067,294 | ---- | M] () -- C:\Users\Sebi\Desktop\Kircliche TrauungParty22 05 2010 175.jpg
[2010.06.19 16:27:18 | 1055,306,184 | ---- | M] () -- C:\Users\Sebi\Desktop\Mein Film.wmv
[2010.06.19 16:06:08 | 000,000,069 | ---- | M] () -- C:\Windows\NeroDigital.ini
[2010.06.19 15:51:33 | 000,151,843 | ---- | M] () -- C:\Users\Sebi\Desktop\Ultraviolet.jpg
[2010.06.17 15:06:03 | 000,000,098 | ---- | M] () -- C:\Users\Sebi\Desktop\Flagge_Sebastian.vrs
[2010.06.15 21:24:21 | 000,107,184 | ---- | M] () -- C:\Users\Sebi\Desktop\3DS.png
[2010.06.15 21:14:38 | 000,031,458 | ---- | M] () -- C:\Users\Sebi\Desktop\DS Vergleich.jpg
[2010.06.15 21:13:32 | 000,015,317 | ---- | M] () -- C:\Users\Sebi\Desktop\ctr_hardware.jpg
[2010.06.12 14:19:53 | 000,001,858 | ---- | M] () -- C:\Users\Public\Desktop\PC Inspector File Recovery.lnk
[2010.06.11 22:59:03 | 000,000,020 | ---- | M] () -- C:\Windows\Àù¾
[2010.06.11 22:49:43 | 041,043,920 | ---- | M] () -- C:\Users\Sebi\Desktop\06 Baby Got Back.wav
[2010.06.11 13:44:24 | 000,002,354 | ---- | M] () -- C:\Users\Sebi\Desktop\Google Chrome.lnk
[2010.06.10 17:37:31 | 384,269,034 | ---- | M] () -- C:\Windows\MEMORY.DMP
[2010.06.09 20:38:03 | 000,000,083 | ---- | M] () -- C:\Windows\wwp.INI
[2010.06.08 22:31:58 | 000,027,648 | ---- | M] () -- C:\Users\Sebi\Desktop\Franze_bewerbung.doc
[2010.06.01 22:03:03 | 000,176,502 | ---- | M] () -- C:\Users\Sebi\Desktop\stille.wav
[2010.06.01 16:10:46 | 000,058,853 | ---- | M] () -- C:\Users\Sebi\Documents\Unbenannt (2).wma
[2010.05.23 18:48:28 | 000,020,891 | ---- | M] () -- C:\Users\Sebi\Documents\Telefonbuch.jpg
[2010.05.13 14:15:12 | 000,000,220 | ---- | M] () -- C:\Windows\scrantic.ini
[2010.05.12 23:16:06 | 000,014,236 | ---- | M] () -- C:\Users\Sebi\Desktop\Fast fertig.gif
[2010.05.12 23:01:29 | 000,012,593 | ---- | M] () -- C:\Users\Sebi\Desktop\anonymous_monkey-320x240.gif
[2010.05.12 17:41:51 | 000,000,000 | ---- | M] () -- C:\Windows\HPMProp.INI
[2010.05.10 19:37:36 | 001,789,601 | ---- | M] () -- C:\Users\Sebi\Desktop\Serviceanleitung_deutsch_FY50QT.pdf
[2010.05.02 18:52:02 | 000,042,040 | ---- | M] () -- C:\Users\Sebi\Documents\Dokument.ncd
[2010.04.29 15:39:38 | 000,038,224 | ---- | M] (Malwarebytes Corporation) -- C:\Windows\SysWow64\drivers\mbamswissarmy.sys
[2010.04.29 15:39:28 | 000,024,664 | ---- | M] (Malwarebytes Corporation) -- C:\Windows\SysNative\drivers\mbam.sys
[2010.04.27 20:52:26 | 002,610,008 | ---- | M] (Waves Audio Ltd.) -- C:\Windows\SysNative\WavesGUILib.dll
[2010.04.27 20:52:20 | 000,335,192 | ---- | M] (Waves Audio Ltd.) -- C:\Windows\SysNative\MaxxVolumeSDAPO.dll
[2010.04.27 20:52:14 | 001,733,464 | ---- | M] (Waves Audio Ltd.) -- C:\Windows\SysNative\MaxxAudioRealtek.dll
[2010.04.27 20:52:10 | 000,335,192 | ---- | M] (Waves Audio Ltd.) -- C:\Windows\SysNative\MaxxAudioAPO30.dll
[2010.04.27 13:50:46 | 000,330,656 | ---- | M] (Fortemedia Corporation) -- C:\Windows\SysNative\FMAPO64.dll
[2010.04.26 18:43:27 | 000,072,323 | ---- | M] () -- C:\Users\Sebi\Documents\Unbenannt.wma
[2010.04.23 22:25:03 | 000,000,003 | ---- | M] () -- C:\Users\Sebi\Documents\bmm.cfg
[2010.04.19 20:06:39 | 000,001,352 | ---- | M] () -- C:\Users\Sebi\Documents\AutoHotkey.ahk
[2010.04.18 20:27:41 | 000,000,000 | ---- | M] () -- C:\Windows\nsreg.dat
[2010.04.18 20:27:35 | 000,001,939 | ---- | M] () -- C:\Users\Public\Desktop\Mozilla Firefox.lnk
[2010.04.15 16:38:18 | 000,001,162 | ---- | M] () -- C:\Users\Public\Desktop\TeamViewer 5.lnk
[2010.04.14 17:56:00 | 000,318,808 | ---- | M] (Waves Audio Ltd.) -- C:\Windows\SysNative\MaxxAudioAPO20.dll
[2010.04.07 20:57:51 | 000,009,216 | ---- | M] () -- C:\Users\Sebi\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2010.04.04 00:55:31 | 000,064,616 | ---- | M] (Khronos Group) -- C:\Windows\SysNative\OpenCL.dll
[2010.04.04 00:55:31 | 000,056,424 | ---- | M] (Khronos Group) -- C:\Windows\SysWow64\OpenCL.dll
[2010.04.04 00:55:31 | 000,009,832 | ---- | M] () -- C:\Windows\SysNative\nvinfo.pb
[2010.04.03 18:41:38 | 000,276,196 | ---- | M] () -- C:\Windows\SysNative\NvApps.xml
[2010.04.03 18:41:38 | 000,066,714 | ---- | M] () -- C:\Windows\SysNative\NvwsApps.xml
 
========== Files Created - No Company Name ==========
 
[2010.06.29 22:48:58 | 000,001,808 | ---- | C] () -- C:\Users\Public\Desktop\SUPERAntiSpyware Free Edition.lnk
[2010.06.29 22:24:13 | 000,001,330 | ---- | C] () -- C:\Users\Sebi\Desktop\Smart Data Recovery.lnk
[2010.06.29 20:25:25 | 000,001,009 | ---- | C] () -- C:\Users\Public\Desktop\Malwarebytes' Anti-Malware.lnk
[2010.06.28 22:15:43 | 000,002,165 | ---- | C] () -- C:\Users\Public\Desktop\ImTOO Video Converter Ultimate 6.lnk
[2010.06.27 21:33:53 | 000,001,917 | ---- | C] () -- C:\Users\Public\Desktop\World of Goo.lnk
[2010.06.26 20:48:15 | 001,021,898 | ---- | C] () -- C:\Users\Sebi\Desktop\SL382099.jpg
[2010.06.26 20:21:47 | 067,108,864 | ---- | C] () -- C:\Users\Sebi\Desktop\Ace Atorny.nds.nds
[2010.06.26 14:07:42 | 000,000,083 | ---- | C] () -- C:\Windows\wp.INI
[2010.06.24 13:22:37 | 000,019,215 | ---- | C] () -- C:\Users\Sebi\Desktop\Meine Spiele.jpg
[2010.06.20 22:19:39 | 000,000,566 | ---- | C] () -- C:\Users\Sebi\AppData\Roaming\AutoGK.ini
[2010.06.20 22:13:08 | 067,108,864 | ---- | C] () -- C:\Users\Sebi\Desktop\DK Jungle Climber.nds
[2010.06.20 14:17:36 | 001,067,294 | ---- | C] () -- C:\Users\Sebi\Desktop\Kircliche TrauungParty22 05 2010 175.jpg
[2010.06.19 16:08:29 | 1055,306,184 | ---- | C] () -- C:\Users\Sebi\Desktop\Mein Film.wmv
[2010.06.19 15:51:33 | 000,151,843 | ---- | C] () -- C:\Users\Sebi\Desktop\Ultraviolet.jpg
[2010.06.19 15:40:31 | 735,971,328 | ---- | C] () -- C:\Users\Sebi\Desktop\Ultraviolet.avi
[2010.06.16 20:01:54 | 000,000,098 | ---- | C] () -- C:\Users\Sebi\Desktop\Flagge_Sebastian.vrs
[2010.06.15 21:19:35 | 000,107,184 | ---- | C] () -- C:\Users\Sebi\Desktop\3DS.png
[2010.06.15 21:14:38 | 000,031,458 | ---- | C] () -- C:\Users\Sebi\Desktop\DS Vergleich.jpg
[2010.06.15 21:13:32 | 000,015,317 | ---- | C] () -- C:\Users\Sebi\Desktop\ctr_hardware.jpg
[2010.06.12 14:19:54 | 000,006,200 | ---- | C] () -- C:\Windows\SysWow64\INT13EXT.VXD
[2010.06.12 14:19:53 | 000,001,858 | ---- | C] () -- C:\Users\Public\Desktop\PC Inspector File Recovery.lnk
[2010.06.11 22:59:02 | 000,000,020 | ---- | C] () -- C:\Windows\Àù¾
[2010.06.11 22:49:40 | 041,043,920 | ---- | C] () -- C:\Users\Sebi\Desktop\06 Baby Got Back.wav
[2010.06.09 20:36:33 | 000,000,083 | ---- | C] () -- C:\Windows\wwp.INI
[2010.06.08 22:31:58 | 000,027,648 | ---- | C] () -- C:\Users\Sebi\Desktop\Franze_bewerbung.doc
[2010.06.01 21:58:29 | 000,176,502 | ---- | C] () -- C:\Users\Sebi\Desktop\stille.wav
[2010.06.01 16:10:46 | 000,058,853 | ---- | C] () -- C:\Users\Sebi\Documents\Unbenannt (2).wma
[2010.05.27 22:24:37 | 000,006,528 | ---- | C] () -- C:\Windows\SysWow64\drivers\MOUSEWD.SYS
[2010.05.19 19:56:55 | 000,020,891 | ---- | C] () -- C:\Users\Sebi\Documents\Telefonbuch.jpg
[2010.05.13 14:14:18 | 000,000,220 | ---- | C] () -- C:\Windows\scrantic.ini
[2010.05.12 23:06:10 | 000,014,236 | ---- | C] () -- C:\Users\Sebi\Desktop\Fast fertig.gif
[2010.05.12 22:59:19 | 000,012,593 | ---- | C] () -- C:\Users\Sebi\Desktop\anonymous_monkey-320x240.gif
[2010.05.12 17:41:51 | 000,000,000 | ---- | C] () -- C:\Windows\HPMProp.INI
[2010.05.10 19:37:36 | 001,789,601 | ---- | C] () -- C:\Users\Sebi\Desktop\Serviceanleitung_deutsch_FY50QT.pdf
[2010.05.10 18:39:55 | 000,002,354 | ---- | C] () -- C:\Users\Sebi\Desktop\Google Chrome.lnk
[2010.05.10 18:39:24 | 000,001,114 | ---- | C] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-1035008423-2702467771-726374958-1000UA.job
[2010.05.10 18:39:23 | 000,001,062 | ---- | C] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-1035008423-2702467771-726374958-1000Core.job
[2010.05.02 18:52:02 | 000,042,040 | ---- | C] () -- C:\Users\Sebi\Documents\Dokument.ncd
[2010.04.26 18:43:27 | 000,072,323 | ---- | C] () -- C:\Users\Sebi\Documents\Unbenannt.wma
[2010.04.23 22:24:59 | 000,000,003 | ---- | C] () -- C:\Users\Sebi\Documents\bmm.cfg
[2010.04.22 14:56:59 | 000,009,832 | ---- | C] () -- C:\Windows\SysNative\nvinfo.pb
[2010.04.21 21:38:00 | 000,067,584 | ---- | C] () -- C:\Windows\SysNative\RtNicProp64.dll
[2010.04.19 20:06:39 | 000,001,352 | ---- | C] () -- C:\Users\Sebi\Documents\AutoHotkey.ahk
[2010.04.18 20:27:41 | 000,000,000 | ---- | C] () -- C:\Windows\nsreg.dat
[2010.04.18 20:27:35 | 000,001,939 | ---- | C] () -- C:\Users\Public\Desktop\Mozilla Firefox.lnk
[2010.04.15 16:38:18 | 000,001,162 | ---- | C] () -- C:\Users\Public\Desktop\TeamViewer 5.lnk
[2010.04.03 18:41:38 | 000,276,196 | ---- | C] () -- C:\Windows\SysNative\NvApps.xml
[2010.04.03 18:41:38 | 000,066,714 | ---- | C] () -- C:\Windows\SysNative\NvwsApps.xml
[2010.03.21 18:36:38 | 000,240,640 | ---- | C] () -- C:\Windows\SysWow64\NMOCOD.DLL
[2010.03.21 18:36:38 | 000,004,080 | ---- | C] () -- C:\Windows\SysWow64\drivers\TVICPORT.SYS
[2010.02.25 21:42:16 | 000,000,269 | ---- | C] () -- C:\Windows\pwc62ud.INI
[2010.02.20 15:00:11 | 000,000,069 | ---- | C] () -- C:\Windows\NeroDigital.ini
[2010.02.02 13:30:27 | 000,000,224 | ---- | C] () -- C:\Windows\SIERRA.INI
[2010.01.29 15:15:25 | 000,000,400 | ---- | C] () -- C:\Windows\ODBC.INI
[2010.01.25 21:14:55 | 000,142,592 | ---- | C] () -- C:\Windows\SysWow64\drivers\sp_rsdrv2.sys
[2010.01.23 11:35:15 | 002,286,846 | ---- | C] () -- C:\Windows\SysWow64\PerfStringBackup.INI
[2010.01.22 16:14:50 | 000,001,018 | ---- | C] () -- C:\Windows\disney.ini
[2010.01.21 18:39:44 | 000,000,010 | ---- | C] () -- C:\Windows\GSetup.ini
[2009.07.14 01:42:10 | 000,064,000 | ---- | C] () -- C:\Windows\SysWow64\BWContextHandler.dll
[2009.07.13 23:03:59 | 000,364,544 | ---- | C] () -- C:\Windows\SysWow64\msjetoledb40.dll
[2009.01.25 23:10:48 | 000,179,200 | ---- | C] () -- C:\Windows\SysWow64\xvidvfw.dll
[2009.01.09 01:01:22 | 000,629,760 | ---- | C] () -- C:\Windows\SysWow64\xvidcore.dll
[2002.10.16 00:54:04 | 000,153,088 | ---- | C] () -- C:\Windows\SysWow64\unrar.dll
 
========== LOP Check ==========
 
[2010.06.01 22:03:06 | 000,000,000 | ---D | M] -- C:\Users\Sebi\AppData\Roaming\Audacity
[2010.04.20 20:26:58 | 000,000,000 | ---D | M] -- C:\Users\Sebi\AppData\Roaming\Clonk Rage
[2010.01.22 17:44:12 | 000,000,000 | ---D | M] -- C:\Users\Sebi\AppData\Roaming\DAEMON Tools Lite
[2010.04.16 14:50:37 | 000,000,000 | ---D | M] -- C:\Users\Sebi\AppData\Roaming\Dev-Cpp
[2010.01.22 17:07:44 | 000,000,000 | ---D | M] -- C:\Users\Sebi\AppData\Roaming\Disney Interactive Studios
[2010.03.28 13:58:55 | 000,000,000 | ---D | M] -- C:\Users\Sebi\AppData\Roaming\Free Download Manager
[2010.04.18 12:12:07 | 000,000,000 | ---D | M] -- C:\Users\Sebi\AppData\Roaming\GARMIN
[2010.02.13 22:07:20 | 000,000,000 | ---D | M] -- C:\Users\Sebi\AppData\Roaming\gtk-2.0
[2010.06.29 22:28:24 | 000,000,000 | ---D | M] -- C:\Users\Sebi\AppData\Roaming\ICQ
[2010.06.28 22:17:13 | 000,000,000 | ---D | M] -- C:\Users\Sebi\AppData\Roaming\ImTOO
[2010.02.06 17:01:10 | 000,000,000 | ---D | M] -- C:\Users\Sebi\AppData\Roaming\IrfanView
[2010.02.09 17:16:41 | 000,000,000 | ---D | M] -- C:\Users\Sebi\AppData\Roaming\Launchy
[2010.02.24 22:53:15 | 000,000,000 | ---D | M] -- C:\Users\Sebi\AppData\Roaming\LEGO Interactive
[2010.04.18 19:41:24 | 000,000,000 | ---D | M] -- C:\Users\Sebi\AppData\Roaming\McLoad
[2010.06.28 22:43:54 | 000,000,000 | ---D | M] -- C:\Users\Sebi\AppData\Roaming\Spyware Terminator
[2010.04.20 14:57:03 | 000,000,000 | ---D | M] -- C:\Users\Sebi\AppData\Roaming\TeamViewer
[2010.01.22 22:41:51 | 000,000,000 | ---D | M] -- C:\Users\Sebi\AppData\Roaming\Teeworlds
[2010.06.19 19:31:18 | 000,000,000 | ---D | M] -- C:\Users\Sebi\AppData\Roaming\TeraCopy
[2010.04.05 14:34:35 | 000,000,000 | ---D | M] -- C:\Users\Sebi\AppData\Roaming\TuneUp Software
[2010.06.28 21:59:58 | 000,000,000 | ---D | M] -- C:\Users\Sebi\AppData\Roaming\uTorrent
[2010.02.14 11:14:14 | 000,000,000 | ---D | M] -- C:\Users\Sebi\AppData\Roaming\vghd
[2010.02.01 20:21:11 | 000,000,000 | ---D | M] -- C:\Users\Sebi\AppData\Roaming\VitySoft
[2010.05.24 09:43:17 | 000,032,640 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT
 
========== Purity Check ==========
 
 
< End of report >

Larusso · 30.06.2010, 15:14

C:\USERS\***\DESKTOP\KEYLEMON 2.0.1 MIT CRACK\SPIELE\WORMS WORLD PARTY.LNK

Dateien, die crack.exe, keygen.exe oder patch.exe sind zu 99,9% gefährliche Schädlinge, mit denen man nicht Spaßen sollte.
Ausserdem sind diese illegal und somit beschränkt sich der Support auf
Anleitung zum Neu aufsetzten

30.06.2010, 15:21

Aber wenn du genau guckst:
C:\USERS\***\DESKTOP\KEYLEMON 2.0.1 MIT CRACK\SPIELE\WORMS WORLD PARTY.LNK

Nur der ordner heißt so!

Ich würde dich also bitten mir weiter zu helfen.

Larusso · 30.06.2010, 16:05

Und wenn du genau weißt was MIT Crack bedeutet, weißt Du das sich das auf alles bezieht was mit geklauter Software zu tun hat.

Und wenn ich das alles mal via google suche wird mir schnell mal anders.

30.06.2010, 20:27

Ich bitte trotzdem um weitere hilfe!

Oder ist jetzt alles wieder in ordnung?

Larusso · 30.06.2010, 21:19

Ich darf und will hier nicht helfen. Würdest für Gratis arbeiten gehen ?
Dann denk auch mal an die Software Entwickler

29.06.2010, 17:18	#2
Sepel Gast	Inet explorer offnet sich und zeigt werbung Ich glaube ich habs gelöst! Mnabeb.exe ist ein trojan downloader (sagt virus total) Code: ATTFilter Microsoft 1.5902 2010.06.29 TrojanDownloader:Win32/Renos.JW hab den prozess beendet und datei gelöscht, bis jetzt is nix mehr passiert! Bitte trotzdem um das durchgucken von meinem HijackThis log! __________________

29.06.2010, 21:31	#7
Sepel Gast	Inet explorer offnet sich und zeigt werbung Ich habe die datei mnabeb.exe gelöscht. Mein problem ist das ich sie nicht mehr habe! Habe unachtsam den papierkorb geleert, und über file recovery bekomme ich sie auch nicht zurück.

29.06.2010, 21:34	#8
Larusso /// Selecta Jahrusso	Inet explorer offnet sich und zeigt werbung Ich versteh aber nicht warum diese dann noch in der Logfile aufscheint Mach mal mit schritt 2 weiter __________________ mfg, Daniel ASAP & UNITE Member Alliance of Security Analysis Professionals Unified Network of Instructors and Trusted Eliminators Lerne, zurück zu schlagen und unterstütze uns! TB Akademie

29.06.2010, 21:36	#9
Sepel Gast	Inet explorer offnet sich und zeigt werbung Ich habe die mnabeb.exe gelöscht! und nicht die mnabea.exe Edit: Habs gerade bei virustotal hochgeladen , und der sagt er hätte sie schonmal überprüft, und leitet mich auf meine letzte suche weiter, also scheit es kein unterschied zu sein.

30.06.2010, 15:21	#12
Sepel Gast	Inet explorer offnet sich und zeigt werbung Aber wenn du genau guckst: C:\USERS\**\DESKTOP\KEYLEMON 2.0.1 MIT CRACK\SPIELE\WORMS WORLD PARTY.LNK Nur der ordner heißt so! Ich würde dich also bitten mir weiter zu helfen. Geändert von Sepel (30.06.2010 um 15:53 Uhr)*

Inet explorer offnet sich und zeigt werbung

Plagegeister aller Art und deren Bekämpfung: Inet explorer offnet sich und zeigt werbung