Zurück   Trojaner-Board > Malware entfernen > Log-Analyse und Auswertung

Log-Analyse und Auswertung: habe von der telekom ein brief bekommen, sind trojaner auf mein pc?

Windows 7 Wenn Du Dir einen Trojaner eingefangen hast oder ständig Viren Warnungen bekommst, kannst Du hier die Logs unserer Diagnose Tools zwecks Auswertung durch unsere Experten posten. Um Viren und Trojaner entfernen zu können, muss das infizierte System zuerst untersucht werden: Erste Schritte zur Hilfe. Beachte dass ein infiziertes System nicht vertrauenswürdig ist und bis zur vollständigen Entfernung der Malware nicht verwendet werden sollte.

Antwort
Alt 15.08.2010, 04:49   #1
Farthecry
 
habe von der telekom ein brief bekommen, sind trojaner auf mein pc? - Standard

habe von der telekom ein brief bekommen, sind trojaner auf mein pc?



Hi ihr lieben helfer von trojaner board.

Gestern hab ich ein brief von der telekom erhalten das ich angeblich schadhaften code von meinem pc aus versende wovon ich aber nichts weiß o.O frage ist nun hab ich schädlichen code auf meinem pc wenn die mich anschreiben?? Die haben gesagt sie haben meine Email funktion eingeschränkt das man nur noch empfangen kann aber nix mehr raussenden kann. Die haben mir irgendsoein Northon 360 vorgeschlagen. Kam mir fast wie werbung vor, aber ich will auf nummer sicher gehen denn wenn es ernst ist können die vlt. auch mein Internet zugang schließen wegen trojaner versenden?



Danke für eure antworten,


ich schick am besten gleiche einen highjackthis log mit

euer farthecry


Code:
ATTFilter
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 04:44:51, on 15.08.2010
Platform: Windows Vista SP2 (WinNT 6.00.1906)
MSIE: Internet Explorer v8.00 (8.00.6001.18943)
Boot mode: Normal

Running processes:
C:\Program Files\Common Files\LogiShrd\LVCOMSER\LVComSer.exe
C:\Windows\system32\Dwm.exe
C:\Windows\system32\taskeng.exe
C:\Windows\Explorer.EXE
C:\Program Files\Avira\AntiVir Desktop\avgnt.exe
C:\Program Files\Spybot - Search & Destroy\SpybotSD.exe
C:\Windows\system32\conime.exe
C:\Program Files\Windows Live\Toolbar\wltuser.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Windows\system32\Macromed\Flash\FlashUtil10e.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\DAEMON Tools Pro\DTProShellHlp.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe
C:\Program Files\Opera\Opera.exe
C:\Windows\system32\DllHost.exe

R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = 
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch = 
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: Search Helper - {6EBF7485-159F-4bff-A14F-B9E3AAC4465B} - C:\Program Files\Microsoft\Search Enhancement Pack\Search Helper\SEPsearchhelperie.dll
O2 - BHO: ZoneAlarm Security Engine Registrar - {8A4A36C2-0535-4D2C-BD3D-496CB7EED6E3} - C:\Program Files\CheckPoint\ZAForceField\TrustChecker\bin\TrustCheckerIEPlugin.dll
O2 - BHO: Ask Toolbar BHO - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files\Ask.com\GenericAskToolbar.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: Windows Live Toolbar Helper - {E15A8DC0-8516-42A1-81EA-DC94EC1ACF10} - C:\Program Files\Windows Live\Toolbar\wltcore.dll
O2 - BHO: ZoneAlarm-Sicherheit Toolbar - {fc2b76fc-2132-4d80-a9a3-1f5c6e49066b} - C:\Program Files\ZoneAlarm-Sicherheit\tbZone.dll
O3 - Toolbar: &Windows Live Toolbar - {21FA44EF-376D-4D53-9B0F-8A89D3229068} - C:\Program Files\Windows Live\Toolbar\wltcore.dll
O3 - Toolbar: LimeWire Toolbar - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files\Ask.com\GenericAskToolbar.dll
O3 - Toolbar: ICQToolBar - {855F3B16-6D32-4FE6-8A56-BBB695989046} - C:\Program Files\ICQ6Toolbar\ICQToolBar.dll
O3 - Toolbar: ZoneAlarm-Sicherheit Toolbar - {fc2b76fc-2132-4d80-a9a3-1f5c6e49066b} - C:\Program Files\ZoneAlarm-Sicherheit\tbZone.dll
O3 - Toolbar: ZoneAlarm Security Engine - {EE2AC4E5-B0B0-4EC6-88A9-BCA1A32AB107} - C:\Program Files\CheckPoint\ZAForceField\TrustChecker\bin\TrustCheckerIEPlugin.dll
O4 - HKLM\..\Run: [avgnt] "C:\Program Files\Avira\AntiVir Desktop\avgnt.exe" /min
O4 - HKLM\..\Run: [ZoneAlarm Client] "C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe"
O4 - HKLM\..\Run: [ISW] "C:\Program Files\CheckPoint\ZAForceField\ForceField.exe" /icon="hidden"
O4 - HKCU\..\Run: [{427D3F2C-68EF-BD1E-D392-1BECB0DD60B1}] C:\Users\Standard\AppData\Roaming\Ivga\efik.exe
O4 - Global Startup: McAfee Security Scan Plus.lnk = ?
O9 - Extra button: In Blog veröffentlichen - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra 'Tools' menuitem: In Windows Live Writer in Blog veröffentliche&n - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra button: ICQ7.2 - {72EFBFE4-C74F-4187-AEFD-73EA3BE968D6} - C:\Program Files\ICQ7.2\ICQ.exe
O9 - Extra 'Tools' menuitem: ICQ7.2 - {72EFBFE4-C74F-4187-AEFD-73EA3BE968D6} - C:\Program Files\ICQ7.2\ICQ.exe
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O16 - DPF: {59136DB4-6CA3-4B40-8F2F-BBF84B6F1E91} (Attachment Upload Control) - https://stream.web.de/mail/activex/mail_upload_11213.cab
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
O23 - Service: Avira AntiVir Planer (AntiVirSchedulerService) - Avira GmbH - C:\Program Files\Avira\AntiVir Desktop\sched.exe
O23 - Service: Avira AntiVir Guard (AntiVirService) - Avira GmbH - C:\Program Files\Avira\AntiVir Desktop\avguard.exe
O23 - Service: CacheBoost Performance Optimizer and Tuner Service (CacheBoost Service) - Systweak Inc - C:\Program Files\Systweak\Systweak CacheBoost\cbsrv.exe
O23 - Service: Firebird Server - MAGIX Instance (FirebirdServerMAGIXInstance) - MAGIX® - C:\Program Files\MAGIX\Common\Database\bin\fbserver.exe
O23 - Service: F-Secure Management Agent (FSMA) - F-Secure Corporation - C:\Program Files\F-Secure Internet Security\Common\FSMA32.EXE
O23 - Service: ICQ Service - Unknown owner - C:\Program Files\ICQ6Toolbar\ICQ Service.exe
O23 - Service: ZoneAlarm Toolbar IswSvc (IswSvc) - Check Point Software Technologies - C:\Program Files\CheckPoint\ZAForceField\IswSvc.exe
O23 - Service: Logitech Bluetooth Service (LBTServ) - Logitech, Inc. - C:\Program Files\Common Files\Logitech\Bluetooth\LBTServ.exe
O23 - Service: LVCOMSer - Logitech Inc. - C:\Program Files\Common Files\LogiShrd\LVCOMSER\LVComSer.exe
O23 - Service: Process Monitor (LVPrcSrv) - Logitech Inc. - C:\Program Files\Common Files\LogiShrd\LVMVFM\LVPrcSrv.exe
O23 - Service: McAfee Security Scan Component Host Service (McComponentHostService) - McAfee, Inc. - C:\Program Files\McAfee Security Scan\2.0.181\McCHSvc.exe
O23 - Service: NVIDIA Display Driver Service (nvsvc) - NVIDIA Corporation - C:\Windows\system32\nvvsvc.exe
O23 - Service: SBSD Security Center Service (SBSDWSCService) - Safer Networking Ltd. - C:\Program Files\Spybot - Search & Destroy\SDWinSec.exe
O23 - Service: Steam Client Service - Valve Corporation - C:\Program Files\Common Files\Steam\SteamService.exe
O23 - Service: NVIDIA Stereoscopic 3D Driver Service (Stereo Service) - NVIDIA Corporation - C:\Program Files\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe
O23 - Service: Fujitsu Siemens Computers Diagnostic Testhandler (TestHandler) - Unknown owner - C:\firststeps\OnlineDiagnostic\TestManager\TestHandler.exe (file missing)
O23 - Service: TrueVector Internet Monitor (vsmon) - Check Point Software Technologies LTD - C:\Windows\System32\ZoneLabs\vsmon.exe

--
End of file - 6525 bytes
         

Alt 15.08.2010, 10:49   #2
Chris4You
 
habe von der telekom ein brief bekommen, sind trojaner auf mein pc? - Standard

habe von der telekom ein brief bekommen, sind trojaner auf mein pc?



Hi,

online bei Virustotal.com prüfen lassen:
Code:
ATTFilter
C:\Users\Standard\AppData\Roaming\Ivga\efik.exe
         
Malwarebytes Antimalware (MAM)
Anleitung&Download hier: http://www.trojaner-board.de/51187-m...i-malware.html
Falls der Download nicht klappt, bitte hierüber eine generische Version runterladen:
http://filepony.de/download-chameleon/
Danach bitte update der Signaturdateien (Reiter "Update" -> Suche nach Aktualisierungen")
Fullscan und alles bereinigen lassen! Log posten.

OTL
Lade Dir OTL von Oldtimer herunter (http://filepony.de/download-otl/) und speichere es auf Deinem Desktop
  • Vista/Win7 User: Rechtsklick auf die OTL.exe und "als Administrator ausführen" wählen
  • Oben findest Du ein Kästchen mit Output. Wähle bitte Minimal Output
  • Unter Extra Registry, wähle bitte Use SafeList
  • Klicke nun auf Run Scan links oben
  • Wenn der Scan beendet wurde werden 2 Logfiles erstellt (OTL.TXT und EXTRAS.TXT)
  • Poste die Logfiles hier in den Thread

chris
__________________

__________________

Alt 15.08.2010, 22:38   #3
Farthecry
 
habe von der telekom ein brief bekommen, sind trojaner auf mein pc? - Standard

habe von der telekom ein brief bekommen, sind trojaner auf mein pc?



hilfe ich habe die datei efik.exe scannen lassen bei virustotal.com
und habe ein erschreckendes Ergebnis erhalten?!

Code:
ATTFilter
File name: efik.exe
Submission date: 2010-08-15 20:35:01 (UTC)
Current status: queued (#4) queued analysing finished


Result: 20/ 42 (47.6%)
 VT Community

not reviewed
 Safety score: -  
Compact Print results Antivirus Version Last Update Result 
AhnLab-V3 2010.08.15.01 2010.08.15 Win-Trojan/Fakeav.165376.AK 
AntiVir 8.2.4.34 2010.08.15 - 
Antiy-AVL 2.0.3.7 2010.08.11 Trojan/Win32.Jorik.gen 
Authentium 5.2.0.5 2010.08.15 - 
Avast 4.8.1351.0 2010.08.15 Win32:Spyware-gen 
Avast5 5.0.332.0 2010.08.15 Win32:Spyware-gen 
AVG 9.0.0.851 2010.08.15 Generic18.ACRT 
BitDefender 7.2 2010.08.15 Backdoor.Bot.125058 
CAT-QuickHeal 11.00 2010.08.14 - 
ClamAV 0.96.0.3-git 2010.08.15 - 
Comodo 5750 2010.08.15 - 
DrWeb 5.0.2.03300 2010.08.15 Trojan.Packed.20538 
Emsisoft 5.0.0.37 2010.08.15 Trojan.Win32.Jorik.Zbot.c!A2 
eSafe 7.0.17.0 2010.08.15 - 
eTrust-Vet 36.1.7790 2010.08.13 - 
F-Prot 4.6.1.107 2010.08.14 - 
F-Secure 9.0.15370.0 2010.08.15 Backdoor.Bot.125058 
Fortinet 4.1.143.0 2010.08.15 - 
GData 21 2010.08.15 Backdoor.Bot.125058 
Ikarus T3.1.1.88.0 2010.08.15 - 
Jiangmin 13.0.900 2010.08.15 Trojan/Jorik.ho 
Kaspersky 7.0.0.125 2010.08.15 Trojan.Win32.Jorik.Zbot.c 
McAfee 5.400.0.1158 2010.08.15 - 
McAfee-GW-Edition 2010.1 2010.08.15 - 
Microsoft 1.6004 2010.08.15 PWS:Win32/Zbot 
NOD32 5368 2010.08.15 Win32/Spy.Zbot.YW 
Norman 6.05.11 2010.08.15 - 
nProtect 2010-08-15.01 2010.08.15 Trojan/W32.Jorik.165376 
Panda 10.0.2.7 2010.08.15 Trj/Downloader.MDW 
PCTools 7.0.3.5 2010.08.15 - 
Prevx 3.0 2010.08.15 High Risk Cloaked Malware 
Rising 22.60.06.04 2010.08.15 - 
Sophos 4.56.0 2010.08.15 Mal/FakeAV-CH 
Sunbelt 6738 2010.08.15 - 
SUPERAntiSpyware 4.40.0.1006 2010.08.15 - 
Symantec 20101.1.1.7 2010.08.15 - 
TheHacker 6.5.2.1.348 2010.08.15 Trojan/Jorik.Zbot.c 
TrendMicro 9.120.0.1004 2010.08.15 - 
TrendMicro-HouseCall 9.120.0.1004 2010.08.15 - 
VBA32 3.12.14.0 2010.08.13 - 
ViRobot 2010.8.9.3978 2010.08.15 - 
VirusBuster 5.0.27.0 2010.08.15 TrojanSpy.Zbot.AEYN
         



2. scan mit OTL :

Code:
ATTFilter
OTL logfile created on: 15.08.2010 22:39:43 - Run 1
OTL by OldTimer - Version 3.2.9.1     Folder = C:\Users\Standard\Downloads
Windows Vista Home Premium Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18943)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
 
3,00 Gb Total Physical Memory | 2,00 Gb Available Physical Memory | 62,00% Memory free
6,00 Gb Paging File | 5,00 Gb Available in Paging File | 79,00% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 216,90 Gb Total Space | 71,30 Gb Free Space | 32,87% Space Free | Partition Type: NTFS
Drive D: | 106,45 Gb Total Space | 105,54 Gb Free Space | 99,15% Space Free | Partition Type: NTFS
E: Drive not present or media not loaded
F: Drive not present or media not loaded
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded
 
Computer Name: STANDARD-PC
Current User Name: Standard
Logged in as Administrator.
 
Current Boot Mode: Normal
Scan Mode: Current user
Company Name Whitelist: Off
Skip Microsoft Files: Off
File Age = 30 Days
Output = Standard
 
========== Processes (SafeList) ==========
 
PRC - [2010.08.15 22:39:25 | 000,574,976 | ---- | M] (OldTimer Tools) -- C:\Users\Standard\Downloads\OTL.exe
PRC - [2010.06.28 13:01:30 | 002,435,592 | ---- | M] (Check Point Software Technologies LTD) -- C:\Windows\System32\ZoneLabs\vsmon.exe
PRC - [2010.06.28 12:59:52 | 001,043,968 | ---- | M] (Check Point Software Technologies LTD) -- C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe
PRC - [2010.06.15 17:49:54 | 000,493,048 | ---- | M] (Check Point Software Technologies) -- C:\Program Files\CheckPoint\ZAForceField\IswSvc.exe
PRC - [2010.06.15 17:49:50 | 000,738,808 | ---- | M] (Check Point Software Technologies) -- C:\Program Files\CheckPoint\ZAForceField\ForceField.exe
PRC - [2010.06.02 16:58:20 | 000,246,520 | ---- | M] () -- C:\Program Files\ICQ6Toolbar\ICQ Service.exe
PRC - [2010.05.17 13:14:12 | 002,345,680 | ---- | M] (IObit) -- C:\Program Files\IObit\Advanced SystemCare 3\AWC.exe
PRC - [2010.01.27 02:58:38 | 000,256,280 | R--- | M] (Adobe Systems, Inc.) -- C:\Windows\System32\Macromed\Flash\FlashUtil10e.exe
PRC - [2010.01.15 14:49:20 | 000,255,536 | ---- | M] (McAfee, Inc.) -- C:\Program Files\McAfee Security Scan\2.0.181\SSScheduler.exe
PRC - [2010.01.11 22:00:00 | 000,240,232 | ---- | M] (NVIDIA Corporation) -- C:\Program Files\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe
PRC - [2009.07.21 14:34:28 | 000,185,089 | ---- | M] (Avira GmbH) -- C:\Program Files\Avira\AntiVir Desktop\avguard.exe
PRC - [2009.05.19 12:36:18 | 000,240,512 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe
PRC - [2009.05.13 16:48:18 | 000,108,289 | ---- | M] (Avira GmbH) -- C:\Program Files\Avira\AntiVir Desktop\sched.exe
PRC - [2009.04.11 08:27:36 | 002,926,592 | ---- | M] (Microsoft Corporation) -- C:\Windows\explorer.exe
PRC - [2009.04.11 08:27:28 | 000,069,120 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\conime.exe
PRC - [2009.03.02 13:08:43 | 000,209,153 | ---- | M] (Avira GmbH) -- C:\Program Files\Avira\AntiVir Desktop\avgnt.exe
PRC - [2009.02.06 19:21:00 | 000,224,632 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Windows Live\Toolbar\wltuser.exe
PRC - [2009.01.26 16:31:10 | 001,153,368 | ---- | M] (Safer Networking Ltd.) -- C:\Program Files\Spybot - Search & Destroy\SDWinSec.exe
PRC - [2008.10.14 15:03:48 | 000,232,088 | ---- | M] (F-Secure Corporation) -- C:\Program Files\F-Secure Internet Security\Common\FSMB32.EXE
PRC - [2008.10.14 15:03:40 | 000,117,400 | ---- | M] (F-Secure Corporation) -- C:\Program Files\F-Secure Internet Security\Common\FSMA32.EXE
PRC - [2008.10.14 15:03:36 | 000,404,064 | ---- | M] (F-Secure Corporation) -- C:\Program Files\F-Secure Internet Security\Common\FAMEH32.EXE
PRC - [2008.10.14 15:03:36 | 000,125,592 | ---- | M] (F-Secure Corporation) -- C:\Program Files\F-Secure Internet Security\Common\FCH32.EXE
PRC - [2008.07.26 08:25:36 | 000,150,040 | ---- | M] (Logitech Inc.) -- C:\Program Files\Common Files\LogiShrd\LVMVFM\LVPrcSrv.exe
PRC - [2008.07.26 08:23:42 | 000,186,904 | ---- | M] (Logitech Inc.) -- C:\Program Files\Common Files\LogiShrd\LVCOMSER\LVComSer.exe
 
 
========== Modules (SafeList) ==========
 
MOD - [2010.08.15 22:39:25 | 000,574,976 | ---- | M] (OldTimer Tools) -- C:\Users\Standard\Downloads\OTL.exe
MOD - [2010.06.15 17:50:00 | 000,640,504 | ---- | M] (Check Point Software Technologies) -- C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll
MOD - [2009.04.11 08:21:38 | 001,686,016 | ---- | M] (Microsoft Corporation) -- C:\Windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.6002.18005_none_5cb72f96088b0de0\comctl32.dll
MOD - [2009.03.30 06:42:16 | 000,632,656 | ---- | M] (Microsoft Corporation) -- C:\Windows\winsxs\x86_microsoft.vc80.crt_1fc8b3b9a1e18e3b_8.0.50727.4016_none_d0893820442e7fe4\msvcr80.dll
MOD - [2009.03.30 06:42:16 | 000,554,832 | ---- | M] (Microsoft Corporation) -- C:\Windows\winsxs\x86_microsoft.vc80.crt_1fc8b3b9a1e18e3b_8.0.50727.4016_none_d0893820442e7fe4\msvcp80.dll
MOD - [2008.07.26 08:25:24 | 000,109,080 | ---- | M] (Logitech Inc.) -- C:\Windows\Temp\logishrd\LVPrcInj01.dll
MOD - [2008.01.18 23:33:02 | 000,110,592 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\msscript.ocx
 
 
========== Win32 Services (SafeList) ==========
 
SRV - File not found [Auto | Stopped] -- C:\firststeps\OnlineDiagnostic\TestManager\TestHandler.exe -- (TestHandler)
SRV - [2010.08.10 22:42:12 | 000,407,336 | ---- | M] (Valve Corporation) [On_Demand | Stopped] -- C:\Program Files\Common Files\Steam\SteamService.exe -- (Steam Client Service)
SRV - [2010.06.28 13:01:30 | 002,435,592 | ---- | M] (Check Point Software Technologies LTD) [Auto | Running] -- C:\Windows\System32\ZoneLabs\vsmon.exe -- (vsmon)
SRV - [2010.06.15 17:49:54 | 000,493,048 | ---- | M] (Check Point Software Technologies) [Auto | Running] -- C:\Program Files\CheckPoint\ZAForceField\IswSvc.exe -- (IswSvc)
SRV - [2010.06.02 16:58:20 | 000,246,520 | ---- | M] () [Auto | Running] -- C:\Program Files\ICQ6Toolbar\ICQ Service.exe -- (ICQ Service)
SRV - [2010.01.15 14:49:20 | 000,227,232 | ---- | M] (McAfee, Inc.) [On_Demand | Stopped] -- C:\Program Files\McAfee Security Scan\2.0.181\McCHSvc.exe -- (McComponentHostService)
SRV - [2010.01.11 22:00:00 | 000,240,232 | ---- | M] (NVIDIA Corporation) [Auto | Running] -- C:\Program Files\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe -- (Stereo Service)
SRV - [2009.09.25 03:27:04 | 000,793,088 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\FntCache.dll -- (FontCache)
SRV - [2009.08.05 23:48:42 | 000,704,864 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Program Files\Windows Live\Family Safety\fsssvc.exe -- (fsssvc)
SRV - [2009.07.21 14:34:28 | 000,185,089 | ---- | M] (Avira GmbH) [Auto | Running] -- C:\Program Files\Avira\AntiVir Desktop\avguard.exe -- (AntiVirService)
SRV - [2009.07.20 13:28:10 | 000,121,360 | ---- | M] (Logitech, Inc.) [On_Demand | Stopped] -- C:\Program Files\Common Files\Logitech\Bluetooth\LBTServ.exe -- (LBTServ)
SRV - [2009.05.19 12:36:18 | 000,240,512 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe -- (SeaPort)
SRV - [2009.05.13 16:48:18 | 000,108,289 | ---- | M] (Avira GmbH) [Auto | Running] -- C:\Program Files\Avira\AntiVir Desktop\sched.exe -- (AntiVirSchedulerService)
SRV - [2009.05.06 11:29:10 | 000,120,640 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Windows\Microsoft.NET\Framework\v4.0.20506\SMSvcHost.exe -- (NetTcpPortSharing)
SRV - [2009.05.06 11:29:10 | 000,035,160 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\Microsoft.NET\Framework\v4.0.20506\aspnet_state.exe -- (aspnet_state)
SRV - [2009.05.06 09:08:16 | 000,104,272 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\Microsoft.NET\Framework\v4.0.20506\mscorsvw.exe -- (clr_optimization_v4.0.20506_32)
SRV - [2009.01.26 16:31:10 | 001,153,368 | ---- | M] (Safer Networking Ltd.) [Auto | Running] -- C:\Program Files\Spybot - Search & Destroy\SDWinSec.exe -- (SBSDWSCService)
SRV - [2008.10.14 15:03:40 | 000,117,400 | ---- | M] (F-Secure Corporation) [Auto | Running] -- C:\Program Files\F-Secure Internet Security\Common\FSMA32.EXE -- (FSMA)
SRV - [2008.07.26 08:25:36 | 000,150,040 | ---- | M] (Logitech Inc.) [Auto | Running] -- C:\Program Files\Common Files\LogiShrd\LVMVFM\LVPrcSrv.exe -- (LVPrcSrv)
SRV - [2008.07.26 08:23:42 | 000,186,904 | ---- | M] (Logitech Inc.) [Auto | Running] -- C:\Program Files\Common Files\LogiShrd\LVCOMSER\LVComSer.exe -- (LVCOMSer)
SRV - [2008.03.09 13:54:58 | 000,187,120 | ---- | M] (Systweak Inc) [Auto | Stopped] -- C:\Program Files\Systweak\Systweak CacheBoost\cbsrv.exe -- (CacheBoost Service)
SRV - [2008.01.18 23:38:26 | 000,272,952 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files\Windows Defender\mpsvc.dll -- (WinDefend)
SRV - [2006.12.14 17:00:00 | 000,544,768 | ---- | M] (Magix AG) [Disabled | Stopped] -- C:\Program Files\Common Files\MAGIX Shared\UPnPService\UPnPService.exe -- (UPnPService)
SRV - [2006.11.02 20:40:12 | 000,174,656 | ---- | M] () [Disabled | Stopped] -- C:\Windows\System32\PSIService.exe -- (ProtexisLicensing)
SRV - [2005.11.17 15:18:52 | 001,527,900 | ---- | M] (MAGIX®) [On_Demand | Stopped] -- C:\Program Files\MAGIX\Common\Database\bin\fbserver.exe -- (FirebirdServerMAGIXInstance)
 
 
========== Driver Services (SafeList) ==========
 
DRV - File not found [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\vsdatant.win7.sys -- (vsdatant7)
DRV - File not found [Kernel | On_Demand | Stopped] -- C:\Windows\System32\DRIVERS\nwlnkfwd.sys -- (NwlnkFwd)
DRV - File not found [Kernel | On_Demand | Stopped] -- C:\Windows\System32\DRIVERS\nwlnkflt.sys -- (NwlnkFlt)
DRV - File not found [Kernel | On_Demand | Stopped] -- C:\Windows\System32\DRIVERS\ipinip.sys -- (IpInIp)
DRV - File not found [Kernel | Disabled | Stopped] -- C:\Program Files\F-Secure Internet Security\Anti-Virus\Win2K\FSrec.sys -- (F-Secure Recognizer)
DRV - File not found [Kernel | On_Demand | Stopped] -- C:\Program Files\F-Secure Internet Security\Anti-Virus\minifilter\fsgk.sys -- (F-Secure Gatekeeper)
DRV - File not found [Kernel | Disabled | Stopped] -- C:\Program Files\F-Secure Internet Security\Anti-Virus\Win2K\FSfilter.sys -- (F-Secure Filter)
DRV - File not found [Kernel | Disabled | Stopped] -- C:\Windows\System32\drivers\blbdrive.sys -- (blbdrive)
DRV - [2010.06.15 17:49:46 | 000,026,872 | ---- | M] (Check Point Software Technologies) [Kernel | Auto | Running] -- C:\Program Files\CheckPoint\ZAForceField\ISWKL.sys -- (ISWKL)
DRV - [2010.05.15 16:30:46 | 000,457,304 | ---- | M] (Check Point Software Technologies LTD) [Kernel | System | Running] -- C:\Windows\System32\drivers\vsdatant.sys -- (Vsdatant)
DRV - [2010.01.12 06:03:33 | 011,586,280 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\nvlddmkm.sys -- (nvlddmkm)
DRV - [2009.11.25 12:19:02 | 000,056,816 | ---- | M] (Avira GmbH) [File_System | Auto | Running] -- C:\Windows\System32\drivers\avgntflt.sys -- (avgntflt)
DRV - [2009.10.19 18:03:41 | 000,281,760 | ---- | M] () [Kernel | Auto | Running] -- C:\Windows\System32\drivers\atksgt.sys -- (atksgt)
DRV - [2009.10.19 18:03:40 | 000,025,888 | ---- | M] () [Kernel | Auto | Running] -- C:\Windows\System32\drivers\lirsgt.sys -- (lirsgt)
DRV - [2009.08.23 01:16:26 | 000,110,304 | ---- | M] (Protect Software GmbH) [Kernel | Auto | Running] -- C:\Windows\System32\drivers\ACEDRV09.sys -- (ACEDRV09)
DRV - [2009.08.05 23:48:42 | 000,054,632 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\fssfltr.sys -- (fssfltr)
DRV - [2009.06.17 18:56:32 | 000,028,560 | ---- | M] (Logitech, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\LUsbFilt.sys -- (LUsbFilt)
DRV - [2009.06.17 18:56:16 | 000,037,392 | ---- | M] (Logitech, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\LMouFilt.Sys -- (LMouFilt)
DRV - [2009.06.17 18:56:06 | 000,035,472 | ---- | M] (Logitech, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\LHidFilt.Sys -- (LHidFilt)
DRV - [2009.05.11 10:12:20 | 000,028,520 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\Windows\System32\drivers\ssmdrv.sys -- (ssmdrv)
DRV - [2009.04.07 21:06:26 | 000,717,296 | ---- | M] () [Kernel | Boot | Running] -- C:\Windows\System32\Drivers\sptd.sys -- (sptd)
DRV - [2009.03.30 10:33:03 | 000,096,104 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\Windows\System32\drivers\avipbb.sys -- (avipbb)
DRV - [2009.02.13 12:35:01 | 000,011,608 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\Program Files\Avira\AntiVir Desktop\avgio.sys -- (avgio)
DRV - [2008.07.26 08:25:02 | 000,025,624 | ---- | M] () [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\LVPr2Mon.sys -- (LVPr2Mon)
DRV - [2008.01.18 23:41:26 | 000,020,024 | ---- | M] (VIA Technologies, Inc.) [Kernel | Boot | Running] -- C:\Windows\system32\drivers\viaide.sys -- (viaide)
DRV - [2007.10.12 02:00:44 | 000,041,752 | ---- | M] (Logitech Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\LVUSBSta.sys -- (LVUSBSta)
DRV - [2007.10.12 01:56:22 | 000,490,776 | ---- | M] (Logitech Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\LV561AV.SYS -- (PID_0928) Logitech QuickCam Express(PID_0928)
DRV - [2007.07.18 19:32:40 | 001,841,312 | ---- | M] (Realtek Semiconductor Corp.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\RTKVHDA.sys -- (IntcAzAudAddService) Service for Realtek HD Audio (WDM)
DRV - [2007.07.12 16:35:02 | 000,305,176 | ---- | M] (Intel Corporation) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\iastor.sys -- (iaStor)
DRV - [2007.07.02 17:37:10 | 000,131,616 | ---- | M] (NVIDIA Corporation) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\nvrd32.sys -- (nvrd32)
DRV - [2007.07.02 17:37:08 | 000,110,112 | ---- | M] (NVIDIA Corporation) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\nvstor32.sys -- (nvstor32)
DRV - [2007.06.13 23:47:12 | 000,048,256 | ---- | M] (JMicron Technology Corp.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\jraid.sys -- (JRAID)
DRV - [2007.03.26 15:26:00 | 000,052,224 | ---- | M] (VIA Technologies, Inc.) [Kernel | Boot | Running] -- C:\Windows\system32\DRIVERS\ViPrt.sys -- (ViPrt)
DRV - [2007.03.26 15:26:00 | 000,016,896 | ---- | M] (VIA Technologies, Inc.) [Kernel | Boot | Running] -- C:\Windows\system32\DRIVERS\ViBus.sys -- (ViBus)
DRV - [2006.11.02 11:51:45 | 000,900,712 | ---- | M] (QLogic Corporation) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\ql2300.sys -- (ql2300)
DRV - [2006.11.02 11:51:38 | 000,420,968 | ---- | M] (Adaptec, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\adp94xx.sys -- (adp94xx)
DRV - [2006.11.02 11:51:34 | 000,316,520 | ---- | M] (Emulex) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\elxstor.sys -- (elxstor)
DRV - [2006.11.02 11:51:32 | 000,297,576 | ---- | M] (Adaptec, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\adpahci.sys -- (adpahci)
DRV - [2006.11.02 11:51:25 | 000,235,112 | ---- | M] (ULi Electronics Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\uliahci.sys -- (uliahci)
DRV - [2006.11.02 11:51:25 | 000,232,040 | ---- | M] (Intel Corporation) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\iastorv.sys -- (iaStorV)
DRV - [2006.11.02 11:51:00 | 000,147,048 | ---- | M] (Adaptec, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\adpu320.sys -- (adpu320)
DRV - [2006.11.02 11:50:45 | 000,115,816 | ---- | M] (Promise Technology, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\ulsata2.sys -- (ulsata2)
DRV - [2006.11.02 11:50:41 | 000,112,232 | ---- | M] (VIA Technologies Inc.,Ltd) [Kernel | Boot | Running] -- C:\Windows\system32\drivers\vsmraid.sys -- (vsmraid)
DRV - [2006.11.02 11:50:35 | 000,106,088 | ---- | M] (QLogic Corporation) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\ql40xx.sys -- (ql40xx)
DRV - [2006.11.02 11:50:35 | 000,098,408 | ---- | M] (Promise Technology, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\ulsata.sys -- (UlSata)
DRV - [2006.11.02 11:50:35 | 000,098,408 | ---- | M] (Adaptec, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\adpu160m.sys -- (adpu160m)
DRV - [2006.11.02 11:50:24 | 000,088,680 | ---- | M] (NVIDIA Corporation) [Kernel | Boot | Running] -- C:\Windows\system32\drivers\nvraid.sys -- (nvraid)
DRV - [2006.11.02 11:50:19 | 000,045,160 | ---- | M] (IBM Corporation) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\nfrd960.sys -- (nfrd960)
DRV - [2006.11.02 11:50:17 | 000,041,576 | ---- | M] (Intel Corp./ICP vortex GmbH) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\iirsp.sys -- (iirsp)
DRV - [2006.11.02 11:50:16 | 000,071,784 | ---- | M] (Silicon Integrated Systems) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\sisraid4.sys -- (SiSRaid4)
DRV - [2006.11.02 11:50:13 | 000,040,040 | ---- | M] (NVIDIA Corporation) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\nvstor.sys -- (nvstor)
DRV - [2006.11.02 11:50:11 | 000,071,272 | ---- | M] (Adaptec, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\djsvs.sys -- (aic78xx)
DRV - [2006.11.02 11:50:10 | 000,067,688 | ---- | M] (Adaptec, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\arcsas.sys -- (arcsas)
DRV - [2006.11.02 11:50:10 | 000,065,640 | ---- | M] (LSI Logic) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\lsi_scsi.sys -- (LSI_SCSI)
DRV - [2006.11.02 11:50:10 | 000,038,504 | ---- | M] (Silicon Integrated Systems Corp.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\sisraid2.sys -- (SiSRaid2)
DRV - [2006.11.02 11:50:10 | 000,037,480 | ---- | M] (Hewlett-Packard Company) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\hpcisss.sys -- (HpCISSs)
DRV - [2006.11.02 11:50:09 | 000,067,688 | ---- | M] (Adaptec, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\arc.sys -- (arc)
DRV - [2006.11.02 11:50:09 | 000,035,944 | ---- | M] (Integrated Technology Express, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\iteraid.sys -- (iteraid)
DRV - [2006.11.02 11:50:07 | 000,035,944 | ---- | M] (Integrated Technology Express, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\iteatapi.sys -- (iteatapi)
DRV - [2006.11.02 11:50:05 | 000,065,640 | ---- | M] (LSI Logic) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\lsi_sas.sys -- (LSI_SAS)
DRV - [2006.11.02 11:50:05 | 000,035,944 | ---- | M] (LSI Logic) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\symc8xx.sys -- (Symc8xx)
DRV - [2006.11.02 11:50:04 | 000,065,640 | ---- | M] (LSI Logic) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\lsi_fc.sys -- (LSI_FC)
DRV - [2006.11.02 11:50:03 | 000,034,920 | ---- | M] (LSI Logic) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\sym_u3.sys -- (Sym_u3)
DRV - [2006.11.02 11:49:59 | 000,033,384 | ---- | M] (LSI Logic Corporation) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\mraid35x.sys -- (Mraid35x)
DRV - [2006.11.02 11:49:56 | 000,031,848 | ---- | M] (LSI Logic) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\sym_hi.sys -- (Sym_hi)
DRV - [2006.11.02 11:49:53 | 000,028,776 | ---- | M] (LSI Logic Corporation) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\megasas.sys -- (megasas)
DRV - [2006.11.02 11:49:28 | 000,016,488 | ---- | M] (CMD Technology, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\cmdide.sys -- (cmdide)
DRV - [2006.11.02 11:49:20 | 000,014,952 | ---- | M] (Acer Laboratories Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\aliide.sys -- (aliide)
DRV - [2006.11.02 10:25:24 | 000,071,808 | ---- | M] (Brother Industries Ltd.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\brserid.sys -- (Brserid) Brother MFC Serial Port Interface Driver (WDM)
DRV - [2006.11.02 10:24:47 | 000,011,904 | ---- | M] (Brother Industries Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\drivers\brusbser.sys -- (BrUsbSer)
DRV - [2006.11.02 10:24:46 | 000,005,248 | ---- | M] (Brother Industries, Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\drivers\brfiltup.sys -- (BrFiltUp)
DRV - [2006.11.02 10:24:45 | 000,013,568 | ---- | M] (Brother Industries, Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\drivers\brfiltlo.sys -- (BrFiltLo)
DRV - [2006.11.02 10:24:44 | 000,062,336 | ---- | M] (Brother Industries Ltd.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\brserwdm.sys -- (BrSerWdm)
DRV - [2006.11.02 10:24:44 | 000,012,160 | ---- | M] (Brother Industries Ltd.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\brusbmdm.sys -- (BrUsbMdm)
DRV - [2006.11.02 09:36:50 | 000,020,608 | ---- | M] (N-trig Innovative Technologies) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\ntrigdigi.sys -- (ntrigdigi)
DRV - [2006.11.02 09:30:54 | 000,117,760 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\E1G60I32.sys -- (E1G60) Intel(R)
DRV - [2006.09.05 19:59:18 | 000,097,088 | ---- | M] (MCCI) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\se58mdm.sys -- (se58mdm)
DRV - [2006.09.05 19:59:14 | 000,009,360 | ---- | M] (MCCI) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\se58mdfl.sys -- (se58mdfl)
DRV - [2006.09.05 19:58:26 | 000,061,536 | ---- | M] (MCCI) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\se58bus.sys -- (se58bus) Sony Ericsson Device 088 driver (WDM)
 
 
========== Standard Registry (SafeList) ==========
 
 
========== Internet Explorer ==========
 
IE - HKLM\..\URLSearchHook:  - Reg Error: Key error. File not found
IE - HKLM\..\URLSearchHook: {855F3B16-6D32-4fe6-8A56-BBB695989046} - C:\Program Files\ICQ6Toolbar\ICQToolBar.dll (ICQ)
IE - HKLM\..\URLSearchHook: {fc2b76fc-2132-4d80-a9a3-1f5c6e49066b} - C:\Program Files\ZoneAlarm-Sicherheit\tbZone.dll (Conduit Ltd.)
 
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.msn.com/
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = hxxp://de.msn.com/?ocid=iehp
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = de
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 86 2B 1D 76 75 06 CB 01  [binary data]
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,StartPageCache = 1
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
========== FireFox ==========
 
FF - prefs.js..browser.search.defaultengine: "Ask.com"
FF - prefs.js..browser.search.defaultenginename: "ICQ Search"
FF - prefs.js..browser.search.order.1: "Ask.com"
FF - prefs.js..browser.search.selectedEngine: "ICQ Search"
FF - prefs.js..browser.search.useDBForOrder: true
FF - prefs.js..browser.startup.homepage: "hxxp://start.icq.com/"
FF - prefs.js..extensions.enabledItems: toolbar@ask.com:3.6.6.117
FF - prefs.js..extensions.enabledItems: DTToolbar@toolbarnet.com:1.0.7.0088
FF - prefs.js..extensions.enabledItems: {800b5000-a755-47e1-992b-48a1c1357f07}:1.1.6
FF - prefs.js..extensions.enabledItems: {49f3fc85-dcfe-4e42-9301-226ebe658509}:0.6.6
FF - prefs.js..extensions.enabledItems: moveplayer@movenetworks.com:1.0.0.071303000004
FF - prefs.js..extensions.enabledItems: {888d99e7-e8b5-46a3-851e-1ec45da1e644}:4.0.0
FF - prefs.js..extensions.enabledItems: {B13721C7-F507-4982-B2E5-502A71474FED}:3.3.0.3971
FF - prefs.js..extensions.enabledItems: searchrecs@veoh.com:1.5.1
FF - prefs.js..extensions.enabledItems: {635abd67-4fe9-1b23-4f01-e679fa7484c1}:1.5.4.20081105
FF - prefs.js..extensions.enabledItems: {fc2b76fc-2132-4d80-a9a3-1f5c6e49066b}:2.6.0.15
FF - prefs.js..keyword.URL: "hxxp://search.icq.com/search/afe_results.php?ch_id=afex&tb_ver=1.1.6&q="
 
 
FF - HKLM\software\mozilla\Firefox\Extensions\\{20a82645-c095-46ed-80e3-08825760534b}: C:\Windows\Microsoft.NET\Framework\v4.0.20506\WPF\DotNetAssistantExtension\ [2009.09.11 14:23:37 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Firefox\Extensions\\{FFB96CC1-7EB3-449D-B827-DB661701C6BB}: C:\Program Files\CheckPoint\ZAForceField\TrustChecker [2010.08.14 21:47:03 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.5.11\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2010.07.23 14:17:55 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.5.11\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2010.08.13 09:11:14 | 000,000,000 | ---D | M]
 
[2009.03.28 14:03:22 | 000,000,000 | ---D | M] -- C:\Users\Standard\AppData\Roaming\mozilla\Extensions
[2009.03.28 14:03:22 | 000,000,000 | ---D | M] -- C:\Users\Standard\AppData\Roaming\mozilla\Extensions\mozswing@mozswing.org
[2010.08.14 21:18:04 | 000,000,000 | ---D | M] -- C:\Users\Standard\AppData\Roaming\mozilla\Firefox\Profiles\e4ndxa7a.default\extensions
[2009.09.03 20:09:58 | 000,000,000 | ---D | M] (Microsoft .NET Framework Assistant) -- C:\Users\Standard\AppData\Roaming\mozilla\Firefox\Profiles\e4ndxa7a.default\extensions\{20a82645-c095-46ed-80e3-08825760534b}
[2010.04.15 04:57:47 | 000,000,000 | ---D | M] (LinkChecker) -- C:\Users\Standard\AppData\Roaming\mozilla\Firefox\Profiles\e4ndxa7a.default\extensions\{49f3fc85-dcfe-4e42-9301-226ebe658509}
[2009.11.19 22:17:04 | 000,000,000 | ---D | M] (Yahoo! Toolbar) -- C:\Users\Standard\AppData\Roaming\mozilla\Firefox\Profiles\e4ndxa7a.default\extensions\{635abd67-4fe9-1b23-4f01-e679fa7484c1}
[2010.07.14 23:42:52 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Standard\AppData\Roaming\mozilla\Firefox\Profiles\e4ndxa7a.default\extensions\{800b5000-a755-47e1-992b-48a1c1357f07}
[2010.07.21 06:34:01 | 000,000,000 | ---D | M] (ReloadEvery) -- C:\Users\Standard\AppData\Roaming\mozilla\Firefox\Profiles\e4ndxa7a.default\extensions\{888d99e7-e8b5-46a3-851e-1ec45da1e644}
[2010.08.14 21:18:06 | 000,000,000 | ---D | M] (ZoneAlarm-Sicherheit Toolbar) -- C:\Users\Standard\AppData\Roaming\mozilla\Firefox\Profiles\e4ndxa7a.default\extensions\{fc2b76fc-2132-4d80-a9a3-1f5c6e49066b}
[2009.05.16 02:15:26 | 000,000,000 | ---D | M] -- C:\Users\Standard\AppData\Roaming\mozilla\Firefox\Profiles\e4ndxa7a.default\extensions\moveplayer@movenetworks.com
[2009.11.23 21:44:03 | 000,000,000 | ---D | M] -- C:\Users\Standard\AppData\Roaming\mozilla\Firefox\Profiles\e4ndxa7a.default\extensions\searchrecs@veoh.com
[2010.06.06 03:42:24 | 000,000,000 | ---D | M] -- C:\Users\Standard\AppData\Roaming\mozilla\Firefox\Profiles\e4ndxa7a.default\extensions\toolbar@ask.com
[2010.05.17 14:32:00 | 000,002,253 | ---- | M] () -- C:\Users\Standard\AppData\Roaming\Mozilla\FireFox\Profiles\e4ndxa7a.default\searchplugins\askcom.xml
[2009.04.08 23:54:53 | 000,000,440 | ---- | M] () -- C:\Users\Standard\AppData\Roaming\Mozilla\FireFox\Profiles\e4ndxa7a.default\searchplugins\daemon-search.xml
[2010.08.08 00:37:48 | 000,000,961 | ---- | M] () -- C:\Users\Standard\AppData\Roaming\Mozilla\FireFox\Profiles\e4ndxa7a.default\searchplugins\icqplugin-1.xml
[2009.11.18 05:19:16 | 000,000,961 | ---- | M] () -- C:\Users\Standard\AppData\Roaming\Mozilla\FireFox\Profiles\e4ndxa7a.default\searchplugins\icqplugin-2.xml
[2009.12.20 05:36:08 | 000,000,961 | ---- | M] () -- C:\Users\Standard\AppData\Roaming\Mozilla\FireFox\Profiles\e4ndxa7a.default\searchplugins\icqplugin-3.xml
[2010.01.08 06:22:30 | 000,000,961 | ---- | M] () -- C:\Users\Standard\AppData\Roaming\Mozilla\FireFox\Profiles\e4ndxa7a.default\searchplugins\icqplugin-4.xml
[2010.02.18 21:48:52 | 000,000,961 | ---- | M] () -- C:\Users\Standard\AppData\Roaming\Mozilla\FireFox\Profiles\e4ndxa7a.default\searchplugins\icqplugin-5.xml
[2010.04.03 02:03:14 | 000,000,961 | ---- | M] () -- C:\Users\Standard\AppData\Roaming\Mozilla\FireFox\Profiles\e4ndxa7a.default\searchplugins\icqplugin-6.xml
[2010.05.17 14:31:54 | 000,000,961 | ---- | M] () -- C:\Users\Standard\AppData\Roaming\Mozilla\FireFox\Profiles\e4ndxa7a.default\searchplugins\icqplugin-7.xml
[2010.07.14 23:43:00 | 000,000,961 | ---- | M] () -- C:\Users\Standard\AppData\Roaming\Mozilla\FireFox\Profiles\e4ndxa7a.default\searchplugins\icqplugin-8.xml
[2010.07.14 23:42:52 | 000,000,168 | ---- | M] () -- C:\Users\Standard\AppData\Roaming\Mozilla\FireFox\Profiles\e4ndxa7a.default\searchplugins\icqplugin.gif
[2010.07.14 23:42:52 | 000,000,618 | ---- | M] () -- C:\Users\Standard\AppData\Roaming\Mozilla\FireFox\Profiles\e4ndxa7a.default\searchplugins\icqplugin.src
[2010.05.12 18:40:06 | 000,001,042 | ---- | M] () -- C:\Users\Standard\AppData\Roaming\Mozilla\FireFox\Profiles\e4ndxa7a.default\searchplugins\icqplugin.xml
[2010.08.14 21:18:58 | 000,000,000 | ---D | M] -- C:\Program Files\mozilla firefox\extensions
[2009.09.09 11:13:28 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\mozilla firefox\extensions\{800b5000-a755-47e1-992b-48a1c1357f07}
[2009.03.24 11:10:44 | 000,114,688 | ---- | M] (Zylom) -- C:\Program Files\mozilla firefox\plugins\npzylomgamesplayer.dll
[2010.07.23 14:17:50 | 000,001,392 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\amazondotcom-de.xml
[2010.07.23 14:17:50 | 000,002,344 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\eBay-de.xml
[2010.07.23 14:17:50 | 000,006,805 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\leo_ende_de.xml
[2010.07.23 14:17:50 | 000,001,178 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\wikipedia-de.xml
[2010.07.23 14:17:50 | 000,000,801 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\yahoo-de.xml
 
O1 HOSTS File: ([2010.06.08 01:32:24 | 000,403,666 | R--- | M]) - C:\Windows\System32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1       localhost
O1 - Hosts: 127.0.0.1	www.007guard.com
O1 - Hosts: 127.0.0.1	007guard.com
O1 - Hosts: 127.0.0.1	008i.com
O1 - Hosts: 127.0.0.1	www.008k.com
O1 - Hosts: 127.0.0.1	008k.com
O1 - Hosts: 127.0.0.1	www.00hq.com
O1 - Hosts: 127.0.0.1	00hq.com
O1 - Hosts: 127.0.0.1	010402.com
O1 - Hosts: 127.0.0.1	www.032439.com
O1 - Hosts: 127.0.0.1	032439.com
O1 - Hosts: 127.0.0.1	www.0scan.com
O1 - Hosts: 127.0.0.1	0scan.com
O1 - Hosts: 127.0.0.1	1000gratisproben.com
O1 - Hosts: 127.0.0.1	www.1000gratisproben.com
O1 - Hosts: 127.0.0.1	1001namen.com
O1 - Hosts: 127.0.0.1	www.1001namen.com
O1 - Hosts: 127.0.0.1	100888290cs.com
O1 - Hosts: 127.0.0.1	www.100888290cs.com
O1 - Hosts: 127.0.0.1	www.100sexlinks.com
O1 - Hosts: 127.0.0.1	100sexlinks.com
O1 - Hosts: 127.0.0.1	10sek.com
O1 - Hosts: 127.0.0.1	www.10sek.com
O1 - Hosts: 127.0.0.1	www.1-2005-search.com
O1 - Hosts: 127.0.0.1	1-2005-search.com
O1 - Hosts: 13964 more lines...
O2 - BHO: (Spybot-S&D IE Protection) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll (Safer Networking Limited)
O2 - BHO: (Search Helper) - {6EBF7485-159F-4bff-A14F-B9E3AAC4465B} - C:\Program Files\Microsoft\Search Enhancement Pack\Search Helper\SEPsearchhelperie.dll (Microsoft Corporation)
O2 - BHO: (ZoneAlarm Security Engine Registrar) - {8A4A36C2-0535-4D2C-BD3D-496CB7EED6E3} - C:\Program Files\CheckPoint\ZAForceField\TrustChecker\bin\TrustCheckerIEPlugin.dll (Check Point Software Technologies)
O2 - BHO: (LimeWire Toolbar) - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files\Ask.com\GenericAskToolbar.dll (Ask.com)
O2 - BHO: (Windows Live Toolbar Helper) - {E15A8DC0-8516-42A1-81EA-DC94EC1ACF10} - C:\Program Files\Windows Live\Toolbar\wltcore.dll (Microsoft Corporation)
O2 - BHO: (ZoneAlarm-Sicherheit Toolbar) - {fc2b76fc-2132-4d80-a9a3-1f5c6e49066b} - C:\Program Files\ZoneAlarm-Sicherheit\tbZone.dll (Conduit Ltd.)
O3 - HKLM\..\Toolbar: (&Windows Live Toolbar) - {21FA44EF-376D-4D53-9B0F-8A89D3229068} - C:\Program Files\Windows Live\Toolbar\wltcore.dll (Microsoft Corporation)
O3 - HKLM\..\Toolbar: (ICQToolBar) - {855F3B16-6D32-4FE6-8A56-BBB695989046} - C:\Program Files\ICQ6Toolbar\ICQToolBar.dll (ICQ)
O3 - HKLM\..\Toolbar: (LimeWire Toolbar) - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files\Ask.com\GenericAskToolbar.dll (Ask.com)
O3 - HKLM\..\Toolbar: (ZoneAlarm Security Engine) - {EE2AC4E5-B0B0-4EC6-88A9-BCA1A32AB107} - C:\Program Files\CheckPoint\ZAForceField\TrustChecker\bin\TrustCheckerIEPlugin.dll (Check Point Software Technologies)
O3 - HKLM\..\Toolbar: (ZoneAlarm-Sicherheit Toolbar) - {fc2b76fc-2132-4d80-a9a3-1f5c6e49066b} - C:\Program Files\ZoneAlarm-Sicherheit\tbZone.dll (Conduit Ltd.)
O3 - HKCU\..\Toolbar\WebBrowser: (&Windows Live Toolbar) - {21FA44EF-376D-4D53-9B0F-8A89D3229068} - C:\Program Files\Windows Live\Toolbar\wltcore.dll (Microsoft Corporation)
O3 - HKCU\..\Toolbar\WebBrowser: (DAEMON Tools Toolbar) - {32099AAC-C132-4136-9E9A-4E364A424E17} - C:\Program Files\DAEMON Tools Toolbar\DTToolbar.dll ()
O3 - HKCU\..\Toolbar\WebBrowser: (LimeWire Toolbar) - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files\Ask.com\GenericAskToolbar.dll (Ask.com)
O3 - HKCU\..\Toolbar\WebBrowser: (ZoneAlarm Security Engine) - {EE2AC4E5-B0B0-4EC6-88A9-BCA1A32AB107} - C:\Program Files\CheckPoint\ZAForceField\TrustChecker\bin\TrustCheckerIEPlugin.dll (Check Point Software Technologies)
O3 - HKCU\..\Toolbar\WebBrowser: (ZoneAlarm-Sicherheit Toolbar) - {FC2B76FC-2132-4D80-A9A3-1F5C6E49066B} - C:\Program Files\ZoneAlarm-Sicherheit\tbZone.dll (Conduit Ltd.)
O4 - HKLM..\Run: [avgnt] C:\Program Files\Avira\AntiVir Desktop\avgnt.exe (Avira GmbH)
O4 - HKLM..\Run: [ISW] C:\Program Files\CheckPoint\ZAForceField\ForceField.exe (Check Point Software Technologies)
O4 - HKLM..\Run: [ZoneAlarm Client] C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe (Check Point Software Technologies LTD)
O4 - HKCU..\Run: [{427D3F2C-68EF-BD1E-D392-1BECB0DD60B1}] C:\Users\Standard\AppData\Roaming\Ivga\efik.exe ()
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O9 - Extra Button: In Blog veröffentlichen - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : In Windows Live Writer in Blog veröffentliche&n - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll (Microsoft Corporation)
O9 - Extra Button: ICQ7.2 - {72EFBFE4-C74F-4187-AEFD-73EA3BE968D6} - C:\Program Files\ICQ7.2\ICQ.exe (ICQ, LLC.)
O9 - Extra 'Tools' menuitem : ICQ7.2 - {72EFBFE4-C74F-4187-AEFD-73EA3BE968D6} - C:\Program Files\ICQ7.2\ICQ.exe (ICQ, LLC.)
O9 - Extra 'Tools' menuitem : Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll (Safer Networking Limited)
O16 - DPF: {59136DB4-6CA3-4B40-8F2F-BBF84B6F1E91} https://stream.web.de/mail/activex/mail_upload_11213.cab (Attachment Upload Control)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_19-windows-i586.cab (Java Plug-in 1.6.0_19)
O16 - DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} hxxp://fpdownload.macromedia.com/get/flashplayer/current/polarbear/ultrashim.cab (Reg Error: Value error.)
O16 - DPF: {CAFEEFAC-0016-0000-0019-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_19-windows-i586.cab (Java Plug-in 1.6.0_19)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_19-windows-i586.cab (Java Plug-in 1.6.0_19)
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab (Reg Error: Key error.)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.0.1
O18 - Protocol\Handler\livecall {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\WI1F86~1\MESSEN~1\MSGRAP~1.DLL (Microsoft Corporation)
O18 - Protocol\Handler\msnim {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\WI1F86~1\MESSEN~1\MSGRAP~1.DLL (Microsoft Corporation)
O18 - Protocol\Handler\wlmailhtml {03C514A3-1EFB-4856-9F99-10D7BE1653C0} - C:\Program Files\Windows Live\Mail\mailcomm.dll (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O24 - Desktop WallPaper: C:\Users\Standard\AppData\Roaming\Microsoft\Windows Photo Gallery\Hintergrundbild der Windows-Fotogalerie.jpg
O24 - Desktop BackupWallPaper: C:\Users\Standard\AppData\Roaming\Microsoft\Windows Photo Gallery\Hintergrundbild der Windows-Fotogalerie.jpg
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2006.09.18 23:43:36 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]
O33 - MountPoints2\{5fc4d1f3-23a7-11de-9f15-e4ff96c00dd0}\Shell - "" = AutoRun
O33 - MountPoints2\{5fc4d1f3-23a7-11de-9f15-e4ff96c00dd0}\Shell\AutoRun\command - "" = L:\autorun.exe -- File not found
O33 - MountPoints2\{5fc4d1f5-23a7-11de-9f15-e4ff96c00dd0}\Shell - "" = AutoRun
O33 - MountPoints2\{5fc4d1f5-23a7-11de-9f15-e4ff96c00dd0}\Shell\AutoRun\command - "" = M:\RunGame.exe -- File not found
O33 - MountPoints2\{5fc4d213-23a7-11de-9f15-e4ff96c00dd0}\Shell - "" = AutoRun
O33 - MountPoints2\{5fc4d213-23a7-11de-9f15-e4ff96c00dd0}\Shell\AutoRun\command - "" = N:\Autorun.exe -- File not found
O33 - MountPoints2\{82640234-24f3-11de-8d68-d15cbd9629c2}\Shell - "" = AutoRun
O33 - MountPoints2\{82640234-24f3-11de-8d68-d15cbd9629c2}\Shell\AutoRun\command - "" = O:\autorun.exe -- File not found
O33 - MountPoints2\{c20f525a-00dd-11de-924b-806e6f6e6963}\Shell - "" = AutoRun
O33 - MountPoints2\{c20f525a-00dd-11de-924b-806e6f6e6963}\Shell\AutoRun\command - "" = F:\Autorun.exe -- File not found
O34 - HKLM BootExecute: (autocheck autochk *) -  File not found
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
 
========== Files/Folders - Created Within 30 Days ==========
 
[2010.08.14 21:19:05 | 000,000,000 | ---D | C] -- C:\Users\Standard\Documents\ForceField Shared Files
[2010.08.14 21:19:04 | 000,000,000 | ---D | C] -- C:\Users\Standard\AppData\Roaming\CheckPoint
[2010.08.14 21:17:55 | 000,000,000 | ---D | C] -- C:\Program Files\Conduit
[2010.08.14 21:17:54 | 000,000,000 | ---D | C] -- C:\Program Files\ZoneAlarm-Sicherheit
[2010.08.14 21:17:40 | 000,000,000 | ---D | C] -- C:\Program Files\CheckPoint
[2010.08.14 21:17:29 | 000,046,592 | ---- | C] (Zone Labs Inc.) -- C:\Windows\System32\vsutil_loc0407.dll
[2010.08.14 21:17:25 | 000,058,368 | ---- | C] (Check Point Software Technologies LTD) -- C:\Windows\System32\vsregexp.dll
[2010.08.14 21:16:59 | 000,221,568 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\drivers\netio.sys
[2010.08.14 21:16:26 | 000,103,936 | ---- | C] (Check Point Software Technologies LTD) -- C:\Windows\System32\zlcommdb.dll
[2010.08.14 21:16:26 | 000,069,120 | ---- | C] (Check Point Software Technologies LTD) -- C:\Windows\System32\zlcomm.dll
[2010.08.14 21:16:19 | 000,043,008 | ---- | C] (Check Point Software Technologies LTD) -- C:\Windows\System32\vswmi.dll
[2010.08.14 21:16:14 | 001,238,528 | ---- | C] (Check Point Software Technologies LTD) -- C:\Windows\System32\zpeng25.dll
[2010.08.14 21:16:14 | 000,110,080 | ---- | C] (Check Point Software Technologies LTD) -- C:\Windows\System32\vsxml.dll
[2010.08.14 21:16:13 | 000,302,592 | ---- | C] (Check Point Software Technologies LTD) -- C:\Windows\System32\vspubapi.dll
[2010.08.14 21:16:13 | 000,107,520 | ---- | C] (Check Point Software Technologies LTD) -- C:\Windows\System32\vsmonapi.dll
[2010.08.14 21:16:12 | 000,112,128 | ---- | C] (Check Point Software Technologies LTD) -- C:\Windows\System32\vsdata.dll
[2010.08.14 21:15:56 | 000,457,304 | ---- | C] (Check Point Software Technologies LTD) -- C:\Windows\System32\drivers\vsdatant.sys
[2010.08.14 21:15:56 | 000,000,000 | ---D | C] -- C:\Windows\System32\ZoneLabs
[2010.08.14 21:15:53 | 000,000,000 | ---D | C] -- C:\Program Files\Zone Labs
[2010.08.14 21:15:30 | 000,000,000 | ---D | C] -- C:\ProgramData\CheckPoint
[2010.08.14 21:15:29 | 000,228,864 | ---- | C] (Check Point Software Technologies LTD) -- C:\Windows\System32\vsinit.dll
[2010.08.14 21:15:29 | 000,000,000 | ---D | C] -- C:\Windows\Internet Logs
[2010.08.14 21:15:28 | 000,713,728 | ---- | C] (Check Point Software Technologies LTD) -- C:\Windows\System32\vsutil.dll
[2010.08.13 22:52:56 | 000,000,000 | ---D | C] -- C:\Users\Standard\Desktop\Neuer Ordner
[2010.08.12 21:22:09 | 000,000,000 | ---D | C] -- C:\ProgramData\McAfee Security Scan
[2010.08.12 21:22:09 | 000,000,000 | ---D | C] -- C:\ProgramData\McAfee
[2010.08.12 21:22:06 | 000,000,000 | ---D | C] -- C:\Program Files\McAfee Security Scan
[2010.08.11 00:42:00 | 001,469,440 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\inetcpl.cpl
[2010.08.11 00:42:00 | 000,611,840 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mstime.dll
[2010.08.11 00:42:00 | 000,599,040 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msfeeds.dll
[2010.08.11 00:42:00 | 000,387,584 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\iedkcs32.dll
[2010.08.11 00:42:00 | 000,173,056 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ie4uinit.exe
[2010.08.11 00:42:00 | 000,164,352 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ieui.dll
[2010.08.11 00:41:59 | 001,638,912 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mshtml.tlb
[2010.08.11 00:41:59 | 000,184,320 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\iepeers.dll
[2010.08.11 00:41:59 | 000,133,632 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ieUnatt.exe
[2010.08.11 00:41:59 | 000,109,056 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\iesysprep.dll
[2010.08.11 00:41:59 | 000,071,680 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\iesetup.dll
[2010.08.11 00:41:59 | 000,055,808 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\iernonce.dll
[2010.08.11 00:41:59 | 000,055,296 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msfeedsbs.dll
[2010.08.11 00:41:59 | 000,025,600 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\jsproxy.dll
[2010.08.11 00:41:59 | 000,013,312 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msfeedssync.exe
[2010.08.11 00:41:56 | 000,081,920 | ---- | C] (Radius Inc.) -- C:\Windows\System32\iccvid.dll
[2010.08.11 00:41:44 | 002,037,760 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\win32k.sys
[2010.08.11 00:41:40 | 000,036,864 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\rtutils.dll
[2010.08.11 00:41:22 | 003,600,768 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ntkrnlpa.exe
[2010.08.11 00:41:22 | 003,548,040 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ntoskrnl.exe
[2010.08.10 22:49:03 | 000,000,000 | ---D | C] -- C:\Users\Standard\AppData\Local\2K Games
[2010.08.10 22:48:37 | 002,106,216 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\D3DCompiler_43.dll
[2010.08.10 22:48:37 | 001,868,128 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\d3dcsx_43.dll
[2010.08.10 22:48:37 | 000,527,192 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\XAudio2_7.dll
[2010.08.10 22:48:37 | 000,248,672 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\d3dx11_43.dll
[2010.08.10 22:48:37 | 000,239,960 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\xactengine3_7.dll
[2010.08.10 22:48:37 | 000,074,072 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\XAPOFX1_5.dll
[2010.08.10 22:48:36 | 005,501,792 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\d3dcsx_42.dll
[2010.08.10 22:48:36 | 001,998,168 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\D3DX9_43.dll
[2010.08.10 22:48:36 | 001,974,616 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\D3DCompiler_42.dll
[2010.08.10 22:48:36 | 000,528,216 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\XAudio2_6.dll
[2010.08.10 22:48:36 | 000,515,416 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\XAudio2_5.dll
[2010.08.10 22:48:36 | 000,470,880 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\d3dx10_43.dll
[2010.08.10 22:48:36 | 000,238,936 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\xactengine3_6.dll
[2010.08.10 22:48:36 | 000,238,936 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\xactengine3_5.dll
[2010.08.10 22:48:36 | 000,074,072 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\XAPOFX1_4.dll
[2010.08.10 22:48:36 | 000,022,360 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\X3DAudio1_7.dll
[2010.08.10 22:48:35 | 000,235,344 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\d3dx11_42.dll
[2010.08.10 22:48:33 | 000,069,464 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\XAPOFX1_3.dll
[2010.08.10 22:48:31 | 000,509,448 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\XAudio2_2.dll
[2010.08.10 22:48:31 | 000,238,088 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\xactengine3_2.dll
[2010.08.10 22:48:31 | 000,068,616 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\XAPOFX1_1.dll
[2010.08.10 22:39:56 | 000,000,000 | ---D | C] -- C:\Users\Standard\Desktop\MafiaIIDemo
[2010.08.10 22:27:50 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Steam
[2010.08.10 22:27:48 | 000,000,000 | ---D | C] -- C:\Program Files\Steam
[2010.08.09 20:26:07 | 001,279,192 | ---- | C] (IObit                                                       ) -- C:\Users\Standard\Desktop\gamebooster_151.exe
[2010.08.05 04:40:12 | 000,000,000 | ---D | C] -- C:\Users\Standard\Desktop\neuuu
[2010.07.31 02:52:31 | 000,000,000 | ---D | C] -- C:\Users\Standard\AppData\Roaming\.purple
[2010.07.31 02:51:44 | 000,000,000 | ---D | C] -- C:\Program Files\Pidgin
[2010.07.25 02:47:19 | 000,000,000 | -HSD | C] -- C:\ProgramData\SecuROM
[2010.07.24 22:55:59 | 000,107,888 | ---- | C] (Sony DADC Austria AG.) -- C:\Windows\System32\CmdLineExt.dll
[2010.07.24 22:20:00 | 000,000,000 | ---D | C] -- C:\Users\Standard\AppData\Local\Rockstar Games
[2010.07.22 00:47:06 | 000,000,000 | ---D | C] -- C:\Users\Standard\Documents\astragon Software GmbH
[2 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]
 
========== Files - Modified Within 30 Days ==========
 
[2010.08.15 22:42:56 | 008,650,752 | ---- | M] () -- C:\Users\Standard\ntuser.dat
[2010.08.15 21:25:16 | 000,053,164 | ---- | M] () -- C:\ProgramData\nvModes.dat
[2010.08.15 21:25:16 | 000,053,164 | ---- | M] () -- C:\ProgramData\nvModes.001
[2010.08.15 21:24:46 | 000,000,376 | ---- | M] () -- C:\Windows\tasks\AWC Startup.job
[2010.08.15 21:24:45 | 000,000,006 | -H-- | M] () -- C:\Windows\tasks\SA.DAT
[2010.08.15 21:24:42 | 000,003,168 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0
[2010.08.15 21:24:42 | 000,003,168 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0
[2010.08.15 21:24:34 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2010.08.15 21:23:47 | 3219,644,416 | -HS- | M] () -- C:\hiberfil.sys
[2010.08.15 10:51:35 | 000,524,288 | -HS- | M] () -- C:\Users\Standard\ntuser.dat{dc609bfd-582a-11df-b860-dbde0ba0b6e5}.TMContainer00000000000000000001.regtrans-ms
[2010.08.15 10:51:35 | 000,065,536 | -HS- | M] () -- C:\Users\Standard\ntuser.dat{dc609bfd-582a-11df-b860-dbde0ba0b6e5}.TM.blf
[2010.08.15 10:51:25 | 005,148,992 | -H-- | M] () -- C:\Users\Standard\AppData\Local\IconCache.db
[2010.08.14 21:19:28 | 000,421,442 | -H-- | M] () -- C:\Windows\System32\drivers\vsconfig.xml
[2010.08.14 21:17:32 | 000,000,877 | ---- | M] () -- C:\Users\Standard\Desktop\ZoneAlarm Security.lnk
[2010.08.14 21:17:31 | 000,005,977 | ---- | M] () -- C:\Windows\System32\vsconfig.xml
[2010.08.14 21:13:54 | 048,045,056 | ---- | M] () -- C:\Users\Standard\Desktop\zaSetup_92_058_000_de.exe
[2010.08.13 22:55:20 | 001,650,452 | ---- | M] () -- C:\Windows\System32\PerfStringBackup.INI
[2010.08.13 22:55:20 | 000,705,786 | ---- | M] () -- C:\Windows\System32\perfh007.dat
[2010.08.13 22:55:20 | 000,668,804 | ---- | M] () -- C:\Windows\System32\perfh009.dat
[2010.08.13 22:55:20 | 000,152,416 | ---- | M] () -- C:\Windows\System32\perfc007.dat
[2010.08.13 22:55:20 | 000,127,858 | ---- | M] () -- C:\Windows\System32\perfc009.dat
[2010.08.12 21:22:08 | 000,001,719 | ---- | M] () -- C:\Users\Public\Desktop\McAfee Security Scan Plus.lnk
[2010.08.12 21:22:08 | 000,001,717 | ---- | M] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\McAfee Security Scan Plus.lnk
[2010.08.12 19:45:39 | 000,423,073 | ---- | M] () -- C:\Users\Standard\Desktop\mafia2.time.freez.rar
[2010.08.11 21:58:49 | 002,243,272 | ---- | M] () -- C:\Windows\System32\FNTCACHE.DAT
[2010.08.10 22:44:26 | 000,000,792 | ---- | M] () -- C:\Users\Public\Desktop\Steam.lnk
[2010.08.10 22:27:02 | 001,598,976 | ---- | M] () -- C:\Users\Standard\Desktop\SteamInstall.msi
[2010.08.10 13:58:25 | 001,037,617 | ---- | M] () -- C:\Users\Standard\Desktop\MafiaII.exe
[2010.08.09 20:26:56 | 000,000,891 | ---- | M] () -- C:\Users\Public\Desktop\Switch to Gaming Mode.lnk
[2010.08.09 20:26:56 | 000,000,883 | ---- | M] () -- C:\Users\Public\Desktop\Game Booster.lnk
[2010.08.09 20:26:13 | 001,279,192 | ---- | M] (IObit                                                       ) -- C:\Users\Standard\Desktop\gamebooster_151.exe
[2010.08.09 20:25:43 | 000,260,400 | ---- | M] () -- C:\Users\Standard\Desktop\SoftonicDownloader80984.exe
[2010.08.08 22:29:35 | 000,053,248 | ---- | M] () -- C:\Users\Standard\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2010.08.03 04:42:47 | 000,000,218 | ---- | M] () -- C:\Users\Standard\.recently-used.xbel
[2010.07.24 22:55:59 | 000,107,888 | ---- | M] (Sony DADC Austria AG.) -- C:\Windows\System32\CmdLineExt.dll
[2010.07.23 20:14:42 | 000,000,410 | ---- | M] () -- C:\Windows\tasks\1-Klick-Wartung.job
[2 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]
 
========== Files Created - No Company Name ==========
 
[2010.08.14 21:17:32 | 000,000,877 | ---- | C] () -- C:\Users\Standard\Desktop\ZoneAlarm Security.lnk
[2010.08.14 21:17:31 | 000,005,977 | ---- | C] () -- C:\Windows\System32\vsconfig.xml
[2010.08.14 21:15:56 | 000,421,442 | -H-- | C] () -- C:\Windows\System32\drivers\vsconfig.xml
[2010.08.14 21:13:52 | 048,045,056 | ---- | C] () -- C:\Users\Standard\Desktop\zaSetup_92_058_000_de.exe
[2010.08.12 21:22:08 | 000,001,719 | ---- | C] () -- C:\Users\Public\Desktop\McAfee Security Scan Plus.lnk
[2010.08.12 21:22:08 | 000,001,717 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\McAfee Security Scan Plus.lnk
[2010.08.12 19:40:37 | 001,037,617 | ---- | C] () -- C:\Users\Standard\Desktop\MafiaII.exe
[2010.08.12 04:47:37 | 000,423,073 | ---- | C] () -- C:\Users\Standard\Desktop\mafia2.time.freez.rar
[2010.08.10 22:27:48 | 000,000,792 | ---- | C] () -- C:\Users\Public\Desktop\Steam.lnk
[2010.08.10 22:26:53 | 001,598,976 | ---- | C] () -- C:\Users\Standard\Desktop\SteamInstall.msi
[2010.08.09 20:26:56 | 000,000,891 | ---- | C] () -- C:\Users\Public\Desktop\Switch to Gaming Mode.lnk
[2010.08.09 20:26:56 | 000,000,883 | ---- | C] () -- C:\Users\Public\Desktop\Game Booster.lnk
[2010.08.09 20:25:43 | 000,260,400 | ---- | C] () -- C:\Users\Standard\Desktop\SoftonicDownloader80984.exe
[2010.08.03 04:42:47 | 000,000,218 | ---- | C] () -- C:\Users\Standard\.recently-used.xbel
[2010.04.02 17:17:34 | 000,179,091 | ---- | C] () -- C:\Windows\System32\xlive.dll.cat
[2009.10.19 18:03:40 | 000,281,760 | ---- | C] () -- C:\Windows\System32\drivers\atksgt.sys
[2009.10.19 18:03:39 | 000,025,888 | ---- | C] () -- C:\Windows\System32\drivers\lirsgt.sys
[2009.09.17 02:02:01 | 000,117,248 | ---- | C] () -- C:\Windows\System32\EhStorAuthn.dll
[2009.04.07 21:06:26 | 000,717,296 | ---- | C] () -- C:\Windows\System32\drivers\sptd.sys
[2009.03.18 18:42:50 | 000,077,824 | ---- | C] () -- C:\Windows\System32\HPZIDS01.dll
[2009.03.17 17:31:23 | 000,000,848 | -HS- | C] () -- C:\Windows\System32\KGyGaAvL.sys
[2008.07.26 08:25:02 | 000,025,624 | ---- | C] () -- C:\Windows\System32\drivers\LVPr2Mon.sys
[2007.10.18 13:56:14 | 000,120,200 | ---- | C] () -- C:\Windows\System32\DLLDEV32i.dll
[2007.10.18 13:56:14 | 000,006,768 | ---- | C] () -- C:\Windows\mgxoschk.ini
[2007.10.18 13:46:46 | 000,069,632 | ---- | C] () -- C:\Windows\System32\vuins32.dll
[2007.10.12 01:11:58 | 000,059,500 | ---- | C] () -- C:\Windows\System32\lvcoinst.ini
[2006.11.02 14:35:32 | 000,005,632 | ---- | C] () -- C:\Windows\System32\sysprepMCE.dll
[2006.11.02 09:40:29 | 000,013,750 | ---- | C] () -- C:\Windows\System32\pacerprf.ini
[2006.08.11 09:52:02 | 000,012,288 | ---- | C] () -- C:\Windows\System32\EvOnlDiag.dll
[2002.03.17 02:00:00 | 000,007,420 | ---- | C] () -- C:\Windows\UA000096.DLL
 
========== Alternate Data Streams ==========
 
@Alternate Data Stream - 72 bytes -> C:\Windows:4F9666BB02E53299
@Alternate Data Stream - 128 bytes -> C:\ProgramData\TEMP:6CC69D3C
@Alternate Data Stream - 101 bytes -> C:\ProgramData\TEMP:18AE7C5A
< End of report >
         
__________________

Geändert von Farthecry (15.08.2010 um 22:45 Uhr)

Alt 16.08.2010, 15:36   #4
Farthecry
 
habe von der telekom ein brief bekommen, sind trojaner auf mein pc? - Standard

habe von der telekom ein brief bekommen, sind trojaner auf mein pc?



was soll ich nun tun? Bitte helft mir, wir wissen ja nun welche datei der virus oder trojaner ist, soll ich die löschen? was soll ich machen ich glaube wenn man länger wartet arbeitet der virus sich ins system besser rein oder?

mfg farthecry



Anti malware scan: Funde 5 .

Code:
ATTFilter
Malwarebytes' Anti-Malware 1.46
www.malwarebytes.org

Datenbank Version: 4435

Windows 6.0.6002 Service Pack 2
Internet Explorer 8.0.6001.18943

16.08.2010 15:49:53
mbam-log-2010-08-16 (15-49-53).txt

Art des Suchlaufs: Quick-Scan
Durchsuchte Objekte: 148283
Laufzeit: 6 Minute(n), 0 Sekunde(n)

Infizierte Speicherprozesse: 0
Infizierte Speichermodule: 0
Infizierte Registrierungsschlüssel: 5
Infizierte Registrierungswerte: 2
Infizierte Dateiobjekte der Registrierung: 0
Infizierte Verzeichnisse: 1
Infizierte Dateien: 2

Infizierte Speicherprozesse:
(Keine bösartigen Objekte gefunden)

Infizierte Speichermodule:
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungsschlüssel:
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\{19127ad2-394b-70f5-c650-b97867baa1f7} (Backdoor.Bot) -> Quarantined and deleted successfully.
HKEY_USERS\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\{19127ad2-394b-70f5-c650-b97867baa1f7} (Backdoor.Bot) -> Quarantined and deleted successfully.
HKEY_USERS\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\{43bf8cd1-c5d5-2230-7bb2-98f22c2b7dc6} (Backdoor.Bot) -> Quarantined and deleted successfully.
HKEY_USERS\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\{19127ad2-394b-70f5-c650-b97867baa1f7} (Backdoor.Bot) -> Quarantined and deleted successfully.
HKEY_USERS\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\{43bf8cd1-c5d5-2230-7bb2-98f22c2b7dc6} (Backdoor.Bot) -> Quarantined and deleted successfully.

Infizierte Registrierungswerte:
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\winid (Malware.Trace) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\{427d3f2c-68ef-bd1e-d392-1becb0dd60b1} (Trojan.ZbotR.Gen) -> Delete on reboot.

Infizierte Dateiobjekte der Registrierung:
(Keine bösartigen Objekte gefunden)

Infizierte Verzeichnisse:
C:\Windows\System32\lowsec (Stolen.data) -> Quarantined and deleted successfully.

Infizierte Dateien:
C:\Windows\System32\homepage.txt (Stolen.Data) -> Quarantined and deleted successfully.
C:\Users\Standard\AppData\Roaming\Ivga\efik.exe (Trojan.ZbotR.Gen) -> Quarantined and deleted successfully.
         

Geändert von Farthecry (16.08.2010 um 15:50 Uhr) Grund: hab was vergessen

Alt 16.08.2010, 15:49   #5
markusg
/// Malware-holic
 
habe von der telekom ein brief bekommen, sind trojaner auf mein pc? - Standard

habe von der telekom ein brief bekommen, sind trojaner auf mein pc?



nein, nichts löschen und auf antwort deines helfers warten.


Alt 16.08.2010, 19:03   #6
Chris4You
 
habe von der telekom ein brief bekommen, sind trojaner auf mein pc? - Standard

habe von der telekom ein brief bekommen, sind trojaner auf mein pc?



Hi,

bitte noch mal ein neues OTL-Log (nach dem MAM-Lauf).
In MAM nichts löschen lassen, nur in Quarantäne verschieben!
Hast du ein packprogramm wie winzip, 7zip izarc?
Wir müssen das Verzeichnis von MAM unter benutzer\du\appdata\roaming\malewarebytes\quarantäne packen und hier im uploadchannel (http://www.trojaner-board.de/54791-a...ner-board.html) mal hochladen... eventuell kommt nacher noch was dazu...


chris
__________________
--> habe von der telekom ein brief bekommen, sind trojaner auf mein pc?

Geändert von Chris4You (16.08.2010 um 19:17 Uhr)

Alt 16.08.2010, 19:27   #7
Farthecry
 
habe von der telekom ein brief bekommen, sind trojaner auf mein pc? - Standard

habe von der telekom ein brief bekommen, sind trojaner auf mein pc?



2.Scan mit OTL nach dem MAM durchgeführt wurde.


Code:
ATTFilter
OTL logfile created on: 16.08.2010 19:23:06 - Run 2
OTL by OldTimer - Version 3.2.9.1     Folder = C:\Users\Standard\Downloads
Windows Vista Home Premium Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18943)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
 
3,00 Gb Total Physical Memory | 2,00 Gb Available Physical Memory | 54,00% Memory free
6,00 Gb Paging File | 5,00 Gb Available in Paging File | 75,00% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 216,90 Gb Total Space | 70,80 Gb Free Space | 32,64% Space Free | Partition Type: NTFS
Drive D: | 106,45 Gb Total Space | 105,54 Gb Free Space | 99,15% Space Free | Partition Type: NTFS
E: Drive not present or media not loaded
Drive F: | 7,03 Gb Total Space | 0,00 Gb Free Space | 0,00% Space Free | Partition Type: UDF
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded
 
Computer Name: STANDARD-PC
Current User Name: Standard
Logged in as Administrator.
 
Current Boot Mode: Normal
Scan Mode: Current user
Company Name Whitelist: Off
Skip Microsoft Files: Off
File Age = 30 Days
Output = Standard
 
========== Processes (SafeList) ==========
 
PRC - [2010.08.15 22:39:25 | 000,574,976 | ---- | M] (OldTimer Tools) -- C:\Users\Standard\Downloads\OTL.exe
PRC - [2010.06.28 13:01:30 | 002,435,592 | ---- | M] (Check Point Software Technologies LTD) -- C:\Windows\System32\ZoneLabs\vsmon.exe
PRC - [2010.06.28 12:59:52 | 001,043,968 | ---- | M] (Check Point Software Technologies LTD) -- C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe
PRC - [2010.06.15 17:49:54 | 000,493,048 | ---- | M] (Check Point Software Technologies) -- C:\Program Files\CheckPoint\ZAForceField\IswSvc.exe
PRC - [2010.06.15 17:49:50 | 000,738,808 | ---- | M] (Check Point Software Technologies) -- C:\Program Files\CheckPoint\ZAForceField\ForceField.exe
PRC - [2010.06.02 16:58:20 | 000,246,520 | ---- | M] () -- C:\Program Files\ICQ6Toolbar\ICQ Service.exe
PRC - [2010.05.17 13:14:12 | 002,345,680 | ---- | M] (IObit) -- C:\Program Files\IObit\Advanced SystemCare 3\AWC.exe
PRC - [2010.01.27 02:58:38 | 000,256,280 | R--- | M] (Adobe Systems, Inc.) -- C:\Windows\System32\Macromed\Flash\FlashUtil10e.exe
PRC - [2010.01.15 14:49:20 | 000,255,536 | ---- | M] (McAfee, Inc.) -- C:\Program Files\McAfee Security Scan\2.0.181\SSScheduler.exe
PRC - [2010.01.11 22:00:00 | 000,240,232 | ---- | M] (NVIDIA Corporation) -- C:\Program Files\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe
PRC - [2009.07.21 14:34:28 | 000,185,089 | ---- | M] (Avira GmbH) -- C:\Program Files\Avira\AntiVir Desktop\avguard.exe
PRC - [2009.05.19 12:36:18 | 000,240,512 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe
PRC - [2009.05.13 16:48:18 | 000,108,289 | ---- | M] (Avira GmbH) -- C:\Program Files\Avira\AntiVir Desktop\sched.exe
PRC - [2009.04.11 08:27:36 | 002,926,592 | ---- | M] (Microsoft Corporation) -- C:\Windows\explorer.exe
PRC - [2009.04.11 08:27:28 | 000,069,120 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\conime.exe
PRC - [2009.03.02 13:08:43 | 000,209,153 | ---- | M] (Avira GmbH) -- C:\Program Files\Avira\AntiVir Desktop\avgnt.exe
PRC - [2009.02.06 19:21:00 | 000,224,632 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Windows Live\Toolbar\wltuser.exe
PRC - [2009.01.26 16:31:10 | 001,153,368 | ---- | M] (Safer Networking Ltd.) -- C:\Program Files\Spybot - Search & Destroy\SDWinSec.exe
PRC - [2008.10.14 15:03:48 | 000,232,088 | ---- | M] (F-Secure Corporation) -- C:\Program Files\F-Secure Internet Security\Common\FSMB32.EXE
PRC - [2008.10.14 15:03:40 | 000,117,400 | ---- | M] (F-Secure Corporation) -- C:\Program Files\F-Secure Internet Security\Common\FSMA32.EXE
PRC - [2008.10.14 15:03:36 | 000,404,064 | ---- | M] (F-Secure Corporation) -- C:\Program Files\F-Secure Internet Security\Common\FAMEH32.EXE
PRC - [2008.10.14 15:03:36 | 000,125,592 | ---- | M] (F-Secure Corporation) -- C:\Program Files\F-Secure Internet Security\Common\FCH32.EXE
PRC - [2008.07.26 08:25:36 | 000,150,040 | ---- | M] (Logitech Inc.) -- C:\Program Files\Common Files\LogiShrd\LVMVFM\LVPrcSrv.exe
PRC - [2008.07.26 08:23:42 | 000,186,904 | ---- | M] (Logitech Inc.) -- C:\Program Files\Common Files\LogiShrd\LVCOMSER\LVComSer.exe
 
 
========== Modules (SafeList) ==========
 
MOD - [2010.08.15 22:39:25 | 000,574,976 | ---- | M] (OldTimer Tools) -- C:\Users\Standard\Downloads\OTL.exe
MOD - [2010.06.15 17:50:00 | 000,640,504 | ---- | M] (Check Point Software Technologies) -- C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll
MOD - [2009.04.11 08:21:38 | 001,686,016 | ---- | M] (Microsoft Corporation) -- C:\Windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.6002.18005_none_5cb72f96088b0de0\comctl32.dll
MOD - [2009.03.30 06:42:16 | 000,632,656 | ---- | M] (Microsoft Corporation) -- C:\Windows\winsxs\x86_microsoft.vc80.crt_1fc8b3b9a1e18e3b_8.0.50727.4016_none_d0893820442e7fe4\msvcr80.dll
MOD - [2009.03.30 06:42:16 | 000,554,832 | ---- | M] (Microsoft Corporation) -- C:\Windows\winsxs\x86_microsoft.vc80.crt_1fc8b3b9a1e18e3b_8.0.50727.4016_none_d0893820442e7fe4\msvcp80.dll
MOD - [2008.07.26 08:25:24 | 000,109,080 | ---- | M] (Logitech Inc.) -- C:\Windows\Temp\logishrd\LVPrcInj01.dll
MOD - [2008.01.18 23:33:02 | 000,110,592 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\msscript.ocx
 
 
========== Win32 Services (SafeList) ==========
 
SRV - File not found [Auto | Stopped] -- C:\firststeps\OnlineDiagnostic\TestManager\TestHandler.exe -- (TestHandler)
SRV - [2010.08.10 22:42:12 | 000,407,336 | ---- | M] (Valve Corporation) [On_Demand | Stopped] -- C:\Program Files\Common Files\Steam\SteamService.exe -- (Steam Client Service)
SRV - [2010.06.28 13:01:30 | 002,435,592 | ---- | M] (Check Point Software Technologies LTD) [Auto | Running] -- C:\Windows\System32\ZoneLabs\vsmon.exe -- (vsmon)
SRV - [2010.06.15 17:49:54 | 000,493,048 | ---- | M] (Check Point Software Technologies) [Auto | Running] -- C:\Program Files\CheckPoint\ZAForceField\IswSvc.exe -- (IswSvc)
SRV - [2010.06.02 16:58:20 | 000,246,520 | ---- | M] () [Auto | Running] -- C:\Program Files\ICQ6Toolbar\ICQ Service.exe -- (ICQ Service)
SRV - [2010.01.15 14:49:20 | 000,227,232 | ---- | M] (McAfee, Inc.) [On_Demand | Stopped] -- C:\Program Files\McAfee Security Scan\2.0.181\McCHSvc.exe -- (McComponentHostService)
SRV - [2010.01.11 22:00:00 | 000,240,232 | ---- | M] (NVIDIA Corporation) [Auto | Running] -- C:\Program Files\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe -- (Stereo Service)
SRV - [2009.09.25 03:27:04 | 000,793,088 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\FntCache.dll -- (FontCache)
SRV - [2009.08.05 23:48:42 | 000,704,864 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Program Files\Windows Live\Family Safety\fsssvc.exe -- (fsssvc)
SRV - [2009.07.21 14:34:28 | 000,185,089 | ---- | M] (Avira GmbH) [Auto | Running] -- C:\Program Files\Avira\AntiVir Desktop\avguard.exe -- (AntiVirService)
SRV - [2009.07.20 13:28:10 | 000,121,360 | ---- | M] (Logitech, Inc.) [On_Demand | Stopped] -- C:\Program Files\Common Files\Logitech\Bluetooth\LBTServ.exe -- (LBTServ)
SRV - [2009.05.19 12:36:18 | 000,240,512 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe -- (SeaPort)
SRV - [2009.05.13 16:48:18 | 000,108,289 | ---- | M] (Avira GmbH) [Auto | Running] -- C:\Program Files\Avira\AntiVir Desktop\sched.exe -- (AntiVirSchedulerService)
SRV - [2009.05.06 11:29:10 | 000,120,640 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Windows\Microsoft.NET\Framework\v4.0.20506\SMSvcHost.exe -- (NetTcpPortSharing)
SRV - [2009.05.06 11:29:10 | 000,035,160 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\Microsoft.NET\Framework\v4.0.20506\aspnet_state.exe -- (aspnet_state)
SRV - [2009.05.06 09:08:16 | 000,104,272 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\Microsoft.NET\Framework\v4.0.20506\mscorsvw.exe -- (clr_optimization_v4.0.20506_32)
SRV - [2009.01.26 16:31:10 | 001,153,368 | ---- | M] (Safer Networking Ltd.) [Auto | Running] -- C:\Program Files\Spybot - Search & Destroy\SDWinSec.exe -- (SBSDWSCService)
SRV - [2008.10.14 15:03:40 | 000,117,400 | ---- | M] (F-Secure Corporation) [Auto | Running] -- C:\Program Files\F-Secure Internet Security\Common\FSMA32.EXE -- (FSMA)
SRV - [2008.07.26 08:25:36 | 000,150,040 | ---- | M] (Logitech Inc.) [Auto | Running] -- C:\Program Files\Common Files\LogiShrd\LVMVFM\LVPrcSrv.exe -- (LVPrcSrv)
SRV - [2008.07.26 08:23:42 | 000,186,904 | ---- | M] (Logitech Inc.) [Auto | Running] -- C:\Program Files\Common Files\LogiShrd\LVCOMSER\LVComSer.exe -- (LVCOMSer)
SRV - [2008.03.09 13:54:58 | 000,187,120 | ---- | M] (Systweak Inc) [Auto | Stopped] -- C:\Program Files\Systweak\Systweak CacheBoost\cbsrv.exe -- (CacheBoost Service)
SRV - [2008.01.18 23:38:26 | 000,272,952 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files\Windows Defender\mpsvc.dll -- (WinDefend)
SRV - [2006.12.14 17:00:00 | 000,544,768 | ---- | M] (Magix AG) [Disabled | Stopped] -- C:\Program Files\Common Files\MAGIX Shared\UPnPService\UPnPService.exe -- (UPnPService)
SRV - [2006.11.02 20:40:12 | 000,174,656 | ---- | M] () [Disabled | Stopped] -- C:\Windows\System32\PSIService.exe -- (ProtexisLicensing)
SRV - [2005.11.17 15:18:52 | 001,527,900 | ---- | M] (MAGIX®) [On_Demand | Stopped] -- C:\Program Files\MAGIX\Common\Database\bin\fbserver.exe -- (FirebirdServerMAGIXInstance)
 
 
========== Driver Services (SafeList) ==========
 
DRV - File not found [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\vsdatant.win7.sys -- (vsdatant7)
DRV - File not found [Kernel | On_Demand | Stopped] -- C:\Windows\System32\DRIVERS\nwlnkfwd.sys -- (NwlnkFwd)
DRV - File not found [Kernel | On_Demand | Stopped] -- C:\Windows\System32\DRIVERS\nwlnkflt.sys -- (NwlnkFlt)
DRV - File not found [Kernel | On_Demand | Stopped] -- C:\Windows\System32\DRIVERS\ipinip.sys -- (IpInIp)
DRV - File not found [Kernel | Disabled | Stopped] -- C:\Program Files\F-Secure Internet Security\Anti-Virus\Win2K\FSrec.sys -- (F-Secure Recognizer)
DRV - File not found [Kernel | On_Demand | Stopped] -- C:\Program Files\F-Secure Internet Security\Anti-Virus\minifilter\fsgk.sys -- (F-Secure Gatekeeper)
DRV - File not found [Kernel | Disabled | Stopped] -- C:\Program Files\F-Secure Internet Security\Anti-Virus\Win2K\FSfilter.sys -- (F-Secure Filter)
DRV - File not found [Kernel | Disabled | Stopped] -- C:\Windows\System32\drivers\blbdrive.sys -- (blbdrive)
DRV - [2010.06.15 17:49:46 | 000,026,872 | ---- | M] (Check Point Software Technologies) [Kernel | Auto | Running] -- C:\Program Files\CheckPoint\ZAForceField\ISWKL.sys -- (ISWKL)
DRV - [2010.05.15 16:30:46 | 000,457,304 | ---- | M] (Check Point Software Technologies LTD) [Kernel | System | Running] -- C:\Windows\System32\drivers\vsdatant.sys -- (Vsdatant)
DRV - [2010.01.12 06:03:33 | 011,586,280 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\nvlddmkm.sys -- (nvlddmkm)
DRV - [2009.11.25 12:19:02 | 000,056,816 | ---- | M] (Avira GmbH) [File_System | Auto | Running] -- C:\Windows\System32\drivers\avgntflt.sys -- (avgntflt)
DRV - [2009.10.19 18:03:41 | 000,281,760 | ---- | M] () [Kernel | Auto | Running] -- C:\Windows\System32\drivers\atksgt.sys -- (atksgt)
DRV - [2009.10.19 18:03:40 | 000,025,888 | ---- | M] () [Kernel | Auto | Running] -- C:\Windows\System32\drivers\lirsgt.sys -- (lirsgt)
DRV - [2009.08.23 01:16:26 | 000,110,304 | ---- | M] (Protect Software GmbH) [Kernel | Auto | Running] -- C:\Windows\System32\drivers\ACEDRV09.sys -- (ACEDRV09)
DRV - [2009.08.05 23:48:42 | 000,054,632 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\fssfltr.sys -- (fssfltr)
DRV - [2009.06.17 18:56:32 | 000,028,560 | ---- | M] (Logitech, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\LUsbFilt.sys -- (LUsbFilt)
DRV - [2009.06.17 18:56:16 | 000,037,392 | ---- | M] (Logitech, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\LMouFilt.Sys -- (LMouFilt)
DRV - [2009.06.17 18:56:06 | 000,035,472 | ---- | M] (Logitech, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\LHidFilt.Sys -- (LHidFilt)
DRV - [2009.05.11 10:12:20 | 000,028,520 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\Windows\System32\drivers\ssmdrv.sys -- (ssmdrv)
DRV - [2009.04.07 21:06:26 | 000,717,296 | ---- | M] () [Kernel | Boot | Running] -- C:\Windows\System32\Drivers\sptd.sys -- (sptd)
DRV - [2009.03.30 10:33:03 | 000,096,104 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\Windows\System32\drivers\avipbb.sys -- (avipbb)
DRV - [2009.02.13 12:35:01 | 000,011,608 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\Program Files\Avira\AntiVir Desktop\avgio.sys -- (avgio)
DRV - [2008.07.26 08:25:02 | 000,025,624 | ---- | M] () [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\LVPr2Mon.sys -- (LVPr2Mon)
DRV - [2008.01.18 23:41:26 | 000,020,024 | ---- | M] (VIA Technologies, Inc.) [Kernel | Boot | Running] -- C:\Windows\system32\drivers\viaide.sys -- (viaide)
DRV - [2007.10.12 02:00:44 | 000,041,752 | ---- | M] (Logitech Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\LVUSBSta.sys -- (LVUSBSta)
DRV - [2007.10.12 01:56:22 | 000,490,776 | ---- | M] (Logitech Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\LV561AV.SYS -- (PID_0928) Logitech QuickCam Express(PID_0928)
DRV - [2007.07.18 19:32:40 | 001,841,312 | ---- | M] (Realtek Semiconductor Corp.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\RTKVHDA.sys -- (IntcAzAudAddService) Service for Realtek HD Audio (WDM)
DRV - [2007.07.12 16:35:02 | 000,305,176 | ---- | M] (Intel Corporation) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\iastor.sys -- (iaStor)
DRV - [2007.07.02 17:37:10 | 000,131,616 | ---- | M] (NVIDIA Corporation) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\nvrd32.sys -- (nvrd32)
DRV - [2007.07.02 17:37:08 | 000,110,112 | ---- | M] (NVIDIA Corporation) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\nvstor32.sys -- (nvstor32)
DRV - [2007.06.13 23:47:12 | 000,048,256 | ---- | M] (JMicron Technology Corp.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\jraid.sys -- (JRAID)
DRV - [2007.03.26 15:26:00 | 000,052,224 | ---- | M] (VIA Technologies, Inc.) [Kernel | Boot | Running] -- C:\Windows\system32\DRIVERS\ViPrt.sys -- (ViPrt)
DRV - [2007.03.26 15:26:00 | 000,016,896 | ---- | M] (VIA Technologies, Inc.) [Kernel | Boot | Running] -- C:\Windows\system32\DRIVERS\ViBus.sys -- (ViBus)
DRV - [2006.11.02 11:51:45 | 000,900,712 | ---- | M] (QLogic Corporation) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\ql2300.sys -- (ql2300)
DRV - [2006.11.02 11:51:38 | 000,420,968 | ---- | M] (Adaptec, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\adp94xx.sys -- (adp94xx)
DRV - [2006.11.02 11:51:34 | 000,316,520 | ---- | M] (Emulex) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\elxstor.sys -- (elxstor)
DRV - [2006.11.02 11:51:32 | 000,297,576 | ---- | M] (Adaptec, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\adpahci.sys -- (adpahci)
DRV - [2006.11.02 11:51:25 | 000,235,112 | ---- | M] (ULi Electronics Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\uliahci.sys -- (uliahci)
DRV - [2006.11.02 11:51:25 | 000,232,040 | ---- | M] (Intel Corporation) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\iastorv.sys -- (iaStorV)
DRV - [2006.11.02 11:51:00 | 000,147,048 | ---- | M] (Adaptec, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\adpu320.sys -- (adpu320)
DRV - [2006.11.02 11:50:45 | 000,115,816 | ---- | M] (Promise Technology, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\ulsata2.sys -- (ulsata2)
DRV - [2006.11.02 11:50:41 | 000,112,232 | ---- | M] (VIA Technologies Inc.,Ltd) [Kernel | Boot | Running] -- C:\Windows\system32\drivers\vsmraid.sys -- (vsmraid)
DRV - [2006.11.02 11:50:35 | 000,106,088 | ---- | M] (QLogic Corporation) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\ql40xx.sys -- (ql40xx)
DRV - [2006.11.02 11:50:35 | 000,098,408 | ---- | M] (Promise Technology, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\ulsata.sys -- (UlSata)
DRV - [2006.11.02 11:50:35 | 000,098,408 | ---- | M] (Adaptec, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\adpu160m.sys -- (adpu160m)
DRV - [2006.11.02 11:50:24 | 000,088,680 | ---- | M] (NVIDIA Corporation) [Kernel | Boot | Running] -- C:\Windows\system32\drivers\nvraid.sys -- (nvraid)
DRV - [2006.11.02 11:50:19 | 000,045,160 | ---- | M] (IBM Corporation) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\nfrd960.sys -- (nfrd960)
DRV - [2006.11.02 11:50:17 | 000,041,576 | ---- | M] (Intel Corp./ICP vortex GmbH) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\iirsp.sys -- (iirsp)
DRV - [2006.11.02 11:50:16 | 000,071,784 | ---- | M] (Silicon Integrated Systems) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\sisraid4.sys -- (SiSRaid4)
DRV - [2006.11.02 11:50:13 | 000,040,040 | ---- | M] (NVIDIA Corporation) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\nvstor.sys -- (nvstor)
DRV - [2006.11.02 11:50:11 | 000,071,272 | ---- | M] (Adaptec, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\djsvs.sys -- (aic78xx)
DRV - [2006.11.02 11:50:10 | 000,067,688 | ---- | M] (Adaptec, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\arcsas.sys -- (arcsas)
DRV - [2006.11.02 11:50:10 | 000,065,640 | ---- | M] (LSI Logic) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\lsi_scsi.sys -- (LSI_SCSI)
DRV - [2006.11.02 11:50:10 | 000,038,504 | ---- | M] (Silicon Integrated Systems Corp.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\sisraid2.sys -- (SiSRaid2)
DRV - [2006.11.02 11:50:10 | 000,037,480 | ---- | M] (Hewlett-Packard Company) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\hpcisss.sys -- (HpCISSs)
DRV - [2006.11.02 11:50:09 | 000,067,688 | ---- | M] (Adaptec, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\arc.sys -- (arc)
DRV - [2006.11.02 11:50:09 | 000,035,944 | ---- | M] (Integrated Technology Express, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\iteraid.sys -- (iteraid)
DRV - [2006.11.02 11:50:07 | 000,035,944 | ---- | M] (Integrated Technology Express, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\iteatapi.sys -- (iteatapi)
DRV - [2006.11.02 11:50:05 | 000,065,640 | ---- | M] (LSI Logic) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\lsi_sas.sys -- (LSI_SAS)
DRV - [2006.11.02 11:50:05 | 000,035,944 | ---- | M] (LSI Logic) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\symc8xx.sys -- (Symc8xx)
DRV - [2006.11.02 11:50:04 | 000,065,640 | ---- | M] (LSI Logic) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\lsi_fc.sys -- (LSI_FC)
DRV - [2006.11.02 11:50:03 | 000,034,920 | ---- | M] (LSI Logic) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\sym_u3.sys -- (Sym_u3)
DRV - [2006.11.02 11:49:59 | 000,033,384 | ---- | M] (LSI Logic Corporation) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\mraid35x.sys -- (Mraid35x)
DRV - [2006.11.02 11:49:56 | 000,031,848 | ---- | M] (LSI Logic) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\sym_hi.sys -- (Sym_hi)
DRV - [2006.11.02 11:49:53 | 000,028,776 | ---- | M] (LSI Logic Corporation) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\megasas.sys -- (megasas)
DRV - [2006.11.02 11:49:28 | 000,016,488 | ---- | M] (CMD Technology, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\cmdide.sys -- (cmdide)
DRV - [2006.11.02 11:49:20 | 000,014,952 | ---- | M] (Acer Laboratories Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\aliide.sys -- (aliide)
DRV - [2006.11.02 10:25:24 | 000,071,808 | ---- | M] (Brother Industries Ltd.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\brserid.sys -- (Brserid) Brother MFC Serial Port Interface Driver (WDM)
DRV - [2006.11.02 10:24:47 | 000,011,904 | ---- | M] (Brother Industries Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\drivers\brusbser.sys -- (BrUsbSer)
DRV - [2006.11.02 10:24:46 | 000,005,248 | ---- | M] (Brother Industries, Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\drivers\brfiltup.sys -- (BrFiltUp)
DRV - [2006.11.02 10:24:45 | 000,013,568 | ---- | M] (Brother Industries, Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\drivers\brfiltlo.sys -- (BrFiltLo)
DRV - [2006.11.02 10:24:44 | 000,062,336 | ---- | M] (Brother Industries Ltd.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\brserwdm.sys -- (BrSerWdm)
DRV - [2006.11.02 10:24:44 | 000,012,160 | ---- | M] (Brother Industries Ltd.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\brusbmdm.sys -- (BrUsbMdm)
DRV - [2006.11.02 09:36:50 | 000,020,608 | ---- | M] (N-trig Innovative Technologies) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\ntrigdigi.sys -- (ntrigdigi)
DRV - [2006.11.02 09:30:54 | 000,117,760 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\E1G60I32.sys -- (E1G60) Intel(R)
DRV - [2006.09.05 19:59:18 | 000,097,088 | ---- | M] (MCCI) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\se58mdm.sys -- (se58mdm)
DRV - [2006.09.05 19:59:14 | 000,009,360 | ---- | M] (MCCI) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\se58mdfl.sys -- (se58mdfl)
DRV - [2006.09.05 19:58:26 | 000,061,536 | ---- | M] (MCCI) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\se58bus.sys -- (se58bus) Sony Ericsson Device 088 driver (WDM)
 
 
========== Standard Registry (SafeList) ==========
 
 
========== Internet Explorer ==========
 
IE - HKLM\..\URLSearchHook:  - Reg Error: Key error. File not found
IE - HKLM\..\URLSearchHook: {855F3B16-6D32-4fe6-8A56-BBB695989046} - C:\Program Files\ICQ6Toolbar\ICQToolBar.dll (ICQ)
IE - HKLM\..\URLSearchHook: {fc2b76fc-2132-4d80-a9a3-1f5c6e49066b} - C:\Program Files\ZoneAlarm-Sicherheit\tbZone.dll (Conduit Ltd.)
 
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.msn.com/
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = hxxp://de.msn.com/?ocid=iehp
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = de
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 86 2B 1D 76 75 06 CB 01  [binary data]
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,StartPageCache = 1
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
========== FireFox ==========
 
FF - prefs.js..browser.search.defaultengine: "Ask.com"
FF - prefs.js..browser.search.defaultenginename: "ICQ Search"
FF - prefs.js..browser.search.order.1: "Ask.com"
FF - prefs.js..browser.search.selectedEngine: "ICQ Search"
FF - prefs.js..browser.search.useDBForOrder: true
FF - prefs.js..browser.startup.homepage: "hxxp://start.icq.com/"
FF - prefs.js..extensions.enabledItems: toolbar@ask.com:3.6.6.117
FF - prefs.js..extensions.enabledItems: DTToolbar@toolbarnet.com:1.0.7.0088
FF - prefs.js..extensions.enabledItems: {800b5000-a755-47e1-992b-48a1c1357f07}:1.1.6
FF - prefs.js..extensions.enabledItems: {49f3fc85-dcfe-4e42-9301-226ebe658509}:0.6.6
FF - prefs.js..extensions.enabledItems: moveplayer@movenetworks.com:1.0.0.071303000004
FF - prefs.js..extensions.enabledItems: {888d99e7-e8b5-46a3-851e-1ec45da1e644}:4.0.0
FF - prefs.js..extensions.enabledItems: {B13721C7-F507-4982-B2E5-502A71474FED}:3.3.0.3971
FF - prefs.js..extensions.enabledItems: searchrecs@veoh.com:1.5.1
FF - prefs.js..extensions.enabledItems: {635abd67-4fe9-1b23-4f01-e679fa7484c1}:1.5.4.20081105
FF - prefs.js..extensions.enabledItems: {fc2b76fc-2132-4d80-a9a3-1f5c6e49066b}:2.6.0.15
FF - prefs.js..extensions.enabledItems: {FFB96CC1-7EB3-449D-B827-DB661701C6BB}:1.5.232.0
FF - prefs.js..keyword.URL: "hxxp://search.icq.com/search/afe_results.php?ch_id=afex&tb_ver=1.1.6&q="
 
 
FF - HKLM\software\mozilla\Firefox\Extensions\\{20a82645-c095-46ed-80e3-08825760534b}: C:\Windows\Microsoft.NET\Framework\v4.0.20506\WPF\DotNetAssistantExtension\ [2009.09.11 14:23:37 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Firefox\Extensions\\{FFB96CC1-7EB3-449D-B827-DB661701C6BB}: C:\Program Files\CheckPoint\ZAForceField\TrustChecker [2010.08.14 21:47:03 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.5.11\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2010.07.23 14:17:55 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.5.11\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2010.08.13 09:11:14 | 000,000,000 | ---D | M]
 
[2009.03.28 14:03:22 | 000,000,000 | ---D | M] -- C:\Users\Standard\AppData\Roaming\mozilla\Extensions
[2009.03.28 14:03:22 | 000,000,000 | ---D | M] -- C:\Users\Standard\AppData\Roaming\mozilla\Extensions\mozswing@mozswing.org
[2010.08.15 22:41:40 | 000,000,000 | ---D | M] -- C:\Users\Standard\AppData\Roaming\mozilla\Firefox\Profiles\e4ndxa7a.default\extensions
[2009.09.03 20:09:58 | 000,000,000 | ---D | M] (Microsoft .NET Framework Assistant) -- C:\Users\Standard\AppData\Roaming\mozilla\Firefox\Profiles\e4ndxa7a.default\extensions\{20a82645-c095-46ed-80e3-08825760534b}
[2010.04.15 04:57:47 | 000,000,000 | ---D | M] (LinkChecker) -- C:\Users\Standard\AppData\Roaming\mozilla\Firefox\Profiles\e4ndxa7a.default\extensions\{49f3fc85-dcfe-4e42-9301-226ebe658509}
[2009.11.19 22:17:04 | 000,000,000 | ---D | M] (Yahoo! Toolbar) -- C:\Users\Standard\AppData\Roaming\mozilla\Firefox\Profiles\e4ndxa7a.default\extensions\{635abd67-4fe9-1b23-4f01-e679fa7484c1}
[2010.07.14 23:42:52 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Standard\AppData\Roaming\mozilla\Firefox\Profiles\e4ndxa7a.default\extensions\{800b5000-a755-47e1-992b-48a1c1357f07}
[2010.07.21 06:34:01 | 000,000,000 | ---D | M] (ReloadEvery) -- C:\Users\Standard\AppData\Roaming\mozilla\Firefox\Profiles\e4ndxa7a.default\extensions\{888d99e7-e8b5-46a3-851e-1ec45da1e644}
[2010.08.14 21:18:06 | 000,000,000 | ---D | M] (ZoneAlarm-Sicherheit Toolbar) -- C:\Users\Standard\AppData\Roaming\mozilla\Firefox\Profiles\e4ndxa7a.default\extensions\{fc2b76fc-2132-4d80-a9a3-1f5c6e49066b}
[2009.05.16 02:15:26 | 000,000,000 | ---D | M] -- C:\Users\Standard\AppData\Roaming\mozilla\Firefox\Profiles\e4ndxa7a.default\extensions\moveplayer@movenetworks.com
[2009.11.23 21:44:03 | 000,000,000 | ---D | M] -- C:\Users\Standard\AppData\Roaming\mozilla\Firefox\Profiles\e4ndxa7a.default\extensions\searchrecs@veoh.com
[2010.06.06 03:42:24 | 000,000,000 | ---D | M] -- C:\Users\Standard\AppData\Roaming\mozilla\Firefox\Profiles\e4ndxa7a.default\extensions\toolbar@ask.com
[2010.05.17 14:32:00 | 000,002,253 | ---- | M] () -- C:\Users\Standard\AppData\Roaming\Mozilla\FireFox\Profiles\e4ndxa7a.default\searchplugins\askcom.xml
[2010.06.15 00:31:50 | 000,000,943 | ---- | M] () -- C:\Users\Standard\AppData\Roaming\Mozilla\FireFox\Profiles\e4ndxa7a.default\searchplugins\conduit.xml
[2009.04.08 23:54:53 | 000,000,440 | ---- | M] () -- C:\Users\Standard\AppData\Roaming\Mozilla\FireFox\Profiles\e4ndxa7a.default\searchplugins\daemon-search.xml
[2010.08.15 22:51:28 | 000,000,961 | ---- | M] () -- C:\Users\Standard\AppData\Roaming\Mozilla\FireFox\Profiles\e4ndxa7a.default\searchplugins\icqplugin-1.xml
[2009.11.18 05:19:16 | 000,000,961 | ---- | M] () -- C:\Users\Standard\AppData\Roaming\Mozilla\FireFox\Profiles\e4ndxa7a.default\searchplugins\icqplugin-2.xml
[2009.12.20 05:36:08 | 000,000,961 | ---- | M] () -- C:\Users\Standard\AppData\Roaming\Mozilla\FireFox\Profiles\e4ndxa7a.default\searchplugins\icqplugin-3.xml
[2010.01.08 06:22:30 | 000,000,961 | ---- | M] () -- C:\Users\Standard\AppData\Roaming\Mozilla\FireFox\Profiles\e4ndxa7a.default\searchplugins\icqplugin-4.xml
[2010.02.18 21:48:52 | 000,000,961 | ---- | M] () -- C:\Users\Standard\AppData\Roaming\Mozilla\FireFox\Profiles\e4ndxa7a.default\searchplugins\icqplugin-5.xml
[2010.04.03 02:03:14 | 000,000,961 | ---- | M] () -- C:\Users\Standard\AppData\Roaming\Mozilla\FireFox\Profiles\e4ndxa7a.default\searchplugins\icqplugin-6.xml
[2010.05.17 14:31:54 | 000,000,961 | ---- | M] () -- C:\Users\Standard\AppData\Roaming\Mozilla\FireFox\Profiles\e4ndxa7a.default\searchplugins\icqplugin-7.xml
[2010.07.14 23:43:00 | 000,000,961 | ---- | M] () -- C:\Users\Standard\AppData\Roaming\Mozilla\FireFox\Profiles\e4ndxa7a.default\searchplugins\icqplugin-8.xml
[2010.07.14 23:42:52 | 000,000,168 | ---- | M] () -- C:\Users\Standard\AppData\Roaming\Mozilla\FireFox\Profiles\e4ndxa7a.default\searchplugins\icqplugin.gif
[2010.07.14 23:42:52 | 000,000,618 | ---- | M] () -- C:\Users\Standard\AppData\Roaming\Mozilla\FireFox\Profiles\e4ndxa7a.default\searchplugins\icqplugin.src
[2010.05.12 18:40:06 | 000,001,042 | ---- | M] () -- C:\Users\Standard\AppData\Roaming\Mozilla\FireFox\Profiles\e4ndxa7a.default\searchplugins\icqplugin.xml
[2010.08.14 21:18:58 | 000,000,000 | ---D | M] -- C:\Program Files\mozilla firefox\extensions
[2009.09.09 11:13:28 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\mozilla firefox\extensions\{800b5000-a755-47e1-992b-48a1c1357f07}
[2009.03.24 11:10:44 | 000,114,688 | ---- | M] (Zylom) -- C:\Program Files\mozilla firefox\plugins\npzylomgamesplayer.dll
[2010.07.23 14:17:50 | 000,001,392 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\amazondotcom-de.xml
[2010.07.23 14:17:50 | 000,002,344 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\eBay-de.xml
[2010.07.23 14:17:50 | 000,006,805 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\leo_ende_de.xml
[2010.07.23 14:17:50 | 000,001,178 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\wikipedia-de.xml
[2010.07.23 14:17:50 | 000,000,801 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\yahoo-de.xml
 
O1 HOSTS File: ([2010.06.08 01:32:24 | 000,403,666 | R--- | M]) - C:\Windows\System32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1       localhost
O1 - Hosts: 127.0.0.1	www.007guard.com
O1 - Hosts: 127.0.0.1	007guard.com
O1 - Hosts: 127.0.0.1	008i.com
O1 - Hosts: 127.0.0.1	www.008k.com
O1 - Hosts: 127.0.0.1	008k.com
O1 - Hosts: 127.0.0.1	www.00hq.com
O1 - Hosts: 127.0.0.1	00hq.com
O1 - Hosts: 127.0.0.1	010402.com
O1 - Hosts: 127.0.0.1	www.032439.com
O1 - Hosts: 127.0.0.1	032439.com
O1 - Hosts: 127.0.0.1	www.0scan.com
O1 - Hosts: 127.0.0.1	0scan.com
O1 - Hosts: 127.0.0.1	1000gratisproben.com
O1 - Hosts: 127.0.0.1	www.1000gratisproben.com
O1 - Hosts: 127.0.0.1	1001namen.com
O1 - Hosts: 127.0.0.1	www.1001namen.com
O1 - Hosts: 127.0.0.1	100888290cs.com
O1 - Hosts: 127.0.0.1	www.100888290cs.com
O1 - Hosts: 127.0.0.1	www.100sexlinks.com
O1 - Hosts: 127.0.0.1	100sexlinks.com
O1 - Hosts: 127.0.0.1	10sek.com
O1 - Hosts: 127.0.0.1	www.10sek.com
O1 - Hosts: 127.0.0.1	www.1-2005-search.com
O1 - Hosts: 127.0.0.1	1-2005-search.com
O1 - Hosts: 13964 more lines...
O2 - BHO: (Spybot-S&D IE Protection) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll (Safer Networking Limited)
O2 - BHO: (Search Helper) - {6EBF7485-159F-4bff-A14F-B9E3AAC4465B} - C:\Program Files\Microsoft\Search Enhancement Pack\Search Helper\SEPsearchhelperie.dll (Microsoft Corporation)
O2 - BHO: (ZoneAlarm Security Engine Registrar) - {8A4A36C2-0535-4D2C-BD3D-496CB7EED6E3} - C:\Program Files\CheckPoint\ZAForceField\TrustChecker\bin\TrustCheckerIEPlugin.dll (Check Point Software Technologies)
O2 - BHO: (LimeWire Toolbar) - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files\Ask.com\GenericAskToolbar.dll (Ask.com)
O2 - BHO: (Windows Live Toolbar Helper) - {E15A8DC0-8516-42A1-81EA-DC94EC1ACF10} - C:\Program Files\Windows Live\Toolbar\wltcore.dll (Microsoft Corporation)
O2 - BHO: (ZoneAlarm-Sicherheit Toolbar) - {fc2b76fc-2132-4d80-a9a3-1f5c6e49066b} - C:\Program Files\ZoneAlarm-Sicherheit\tbZone.dll (Conduit Ltd.)
O3 - HKLM\..\Toolbar: (&Windows Live Toolbar) - {21FA44EF-376D-4D53-9B0F-8A89D3229068} - C:\Program Files\Windows Live\Toolbar\wltcore.dll (Microsoft Corporation)
O3 - HKLM\..\Toolbar: (ICQToolBar) - {855F3B16-6D32-4FE6-8A56-BBB695989046} - C:\Program Files\ICQ6Toolbar\ICQToolBar.dll (ICQ)
O3 - HKLM\..\Toolbar: (LimeWire Toolbar) - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files\Ask.com\GenericAskToolbar.dll (Ask.com)
O3 - HKLM\..\Toolbar: (ZoneAlarm Security Engine) - {EE2AC4E5-B0B0-4EC6-88A9-BCA1A32AB107} - C:\Program Files\CheckPoint\ZAForceField\TrustChecker\bin\TrustCheckerIEPlugin.dll (Check Point Software Technologies)
O3 - HKLM\..\Toolbar: (ZoneAlarm-Sicherheit Toolbar) - {fc2b76fc-2132-4d80-a9a3-1f5c6e49066b} - C:\Program Files\ZoneAlarm-Sicherheit\tbZone.dll (Conduit Ltd.)
O3 - HKCU\..\Toolbar\WebBrowser: (&Windows Live Toolbar) - {21FA44EF-376D-4D53-9B0F-8A89D3229068} - C:\Program Files\Windows Live\Toolbar\wltcore.dll (Microsoft Corporation)
O3 - HKCU\..\Toolbar\WebBrowser: (DAEMON Tools Toolbar) - {32099AAC-C132-4136-9E9A-4E364A424E17} - C:\Program Files\DAEMON Tools Toolbar\DTToolbar.dll ()
O3 - HKCU\..\Toolbar\WebBrowser: (LimeWire Toolbar) - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files\Ask.com\GenericAskToolbar.dll (Ask.com)
O3 - HKCU\..\Toolbar\WebBrowser: (ZoneAlarm Security Engine) - {EE2AC4E5-B0B0-4EC6-88A9-BCA1A32AB107} - C:\Program Files\CheckPoint\ZAForceField\TrustChecker\bin\TrustCheckerIEPlugin.dll (Check Point Software Technologies)
O3 - HKCU\..\Toolbar\WebBrowser: (ZoneAlarm-Sicherheit Toolbar) - {FC2B76FC-2132-4D80-A9A3-1F5C6E49066B} - C:\Program Files\ZoneAlarm-Sicherheit\tbZone.dll (Conduit Ltd.)
O4 - HKLM..\Run: [avgnt] C:\Program Files\Avira\AntiVir Desktop\avgnt.exe (Avira GmbH)
O4 - HKLM..\Run: [ISW] C:\Program Files\CheckPoint\ZAForceField\ForceField.exe (Check Point Software Technologies)
O4 - HKLM..\Run: [ Malwarebytes Anti-Malware  (reboot)] C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe (Malwarebytes Corporation)
O4 - HKLM..\Run: [ZoneAlarm Client] C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe (Check Point Software Technologies LTD)
O4 - HKCU..\Run: [{427D3F2C-68EF-BD1E-D392-1BECB0DD60B1}] C:\Users\Standard\AppData\Roaming\Ivga\efik.exe File not found
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O9 - Extra Button: In Blog veröffentlichen - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : In Windows Live Writer in Blog veröffentliche&n - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll (Microsoft Corporation)
O9 - Extra Button: ICQ7.2 - {72EFBFE4-C74F-4187-AEFD-73EA3BE968D6} - C:\Program Files\ICQ7.2\ICQ.exe (ICQ, LLC.)
O9 - Extra 'Tools' menuitem : ICQ7.2 - {72EFBFE4-C74F-4187-AEFD-73EA3BE968D6} - C:\Program Files\ICQ7.2\ICQ.exe (ICQ, LLC.)
O9 - Extra 'Tools' menuitem : Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll (Safer Networking Limited)
O16 - DPF: {59136DB4-6CA3-4B40-8F2F-BBF84B6F1E91} https://stream.web.de/mail/activex/mail_upload_11213.cab (Attachment Upload Control)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_19-windows-i586.cab (Java Plug-in 1.6.0_19)
O16 - DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} hxxp://fpdownload.macromedia.com/get/flashplayer/current/polarbear/ultrashim.cab (Reg Error: Value error.)
O16 - DPF: {CAFEEFAC-0016-0000-0019-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_19-windows-i586.cab (Java Plug-in 1.6.0_19)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_19-windows-i586.cab (Java Plug-in 1.6.0_19)
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab (Reg Error: Key error.)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.0.1
O18 - Protocol\Handler\livecall {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\WI1F86~1\MESSEN~1\MSGRAP~1.DLL (Microsoft Corporation)
O18 - Protocol\Handler\msnim {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\WI1F86~1\MESSEN~1\MSGRAP~1.DLL (Microsoft Corporation)
O18 - Protocol\Handler\wlmailhtml {03C514A3-1EFB-4856-9F99-10D7BE1653C0} - C:\Program Files\Windows Live\Mail\mailcomm.dll (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O24 - Desktop WallPaper: C:\Users\Standard\AppData\Roaming\Microsoft\Windows Photo Gallery\Hintergrundbild der Windows-Fotogalerie.jpg
O24 - Desktop BackupWallPaper: C:\Users\Standard\AppData\Roaming\Microsoft\Windows Photo Gallery\Hintergrundbild der Windows-Fotogalerie.jpg
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2006.09.18 23:43:36 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]
O32 - AutoRun File - [2008.11.15 11:52:50 | 000,161,088 | R--- | M] (Take-Two Interactive Software, Inc.) - F:\Autorun.exe -- [ UDF ]
O32 - AutoRun File - [2008.10.11 19:03:48 | 000,000,054 | R--- | M] () - F:\Autorun.inf -- [ UDF ]
O33 - MountPoints2\{5fc4d1f3-23a7-11de-9f15-e4ff96c00dd0}\Shell - "" = AutoRun
O33 - MountPoints2\{5fc4d1f3-23a7-11de-9f15-e4ff96c00dd0}\Shell\AutoRun\command - "" = L:\autorun.exe -- File not found
O33 - MountPoints2\{5fc4d1f5-23a7-11de-9f15-e4ff96c00dd0}\Shell - "" = AutoRun
O33 - MountPoints2\{5fc4d1f5-23a7-11de-9f15-e4ff96c00dd0}\Shell\AutoRun\command - "" = M:\RunGame.exe -- File not found
O33 - MountPoints2\{5fc4d213-23a7-11de-9f15-e4ff96c00dd0}\Shell - "" = AutoRun
O33 - MountPoints2\{5fc4d213-23a7-11de-9f15-e4ff96c00dd0}\Shell\AutoRun\command - "" = N:\Autorun.exe -- File not found
O33 - MountPoints2\{82640234-24f3-11de-8d68-d15cbd9629c2}\Shell - "" = AutoRun
O33 - MountPoints2\{82640234-24f3-11de-8d68-d15cbd9629c2}\Shell\AutoRun\command - "" = O:\autorun.exe -- File not found
O33 - MountPoints2\{c20f525a-00dd-11de-924b-806e6f6e6963}\Shell - "" = AutoRun
O33 - MountPoints2\{c20f525a-00dd-11de-924b-806e6f6e6963}\Shell\AutoRun\command - "" = F:\Autorun.exe -- [2008.11.15 11:52:50 | 000,161,088 | R--- | M] (Take-Two Interactive Software, Inc.)
O34 - HKLM BootExecute: (autocheck autochk *) -  File not found
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
 
========== Files/Folders - Created Within 30 Days ==========
 
[2010.08.14 21:19:05 | 000,000,000 | ---D | C] -- C:\Users\Standard\Documents\ForceField Shared Files
[2010.08.14 21:19:04 | 000,000,000 | ---D | C] -- C:\Users\Standard\AppData\Roaming\CheckPoint
[2010.08.14 21:17:55 | 000,000,000 | ---D | C] -- C:\Program Files\Conduit
[2010.08.14 21:17:54 | 000,000,000 | ---D | C] -- C:\Program Files\ZoneAlarm-Sicherheit
[2010.08.14 21:17:40 | 000,000,000 | ---D | C] -- C:\Program Files\CheckPoint
[2010.08.14 21:17:29 | 000,046,592 | ---- | C] (Zone Labs Inc.) -- C:\Windows\System32\vsutil_loc0407.dll
[2010.08.14 21:17:25 | 000,058,368 | ---- | C] (Check Point Software Technologies LTD) -- C:\Windows\System32\vsregexp.dll
[2010.08.14 21:16:59 | 000,221,568 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\drivers\netio.sys
[2010.08.14 21:16:26 | 000,103,936 | ---- | C] (Check Point Software Technologies LTD) -- C:\Windows\System32\zlcommdb.dll
[2010.08.14 21:16:26 | 000,069,120 | ---- | C] (Check Point Software Technologies LTD) -- C:\Windows\System32\zlcomm.dll
[2010.08.14 21:16:19 | 000,043,008 | ---- | C] (Check Point Software Technologies LTD) -- C:\Windows\System32\vswmi.dll
[2010.08.14 21:16:14 | 001,238,528 | ---- | C] (Check Point Software Technologies LTD) -- C:\Windows\System32\zpeng25.dll
[2010.08.14 21:16:14 | 000,110,080 | ---- | C] (Check Point Software Technologies LTD) -- C:\Windows\System32\vsxml.dll
[2010.08.14 21:16:13 | 000,302,592 | ---- | C] (Check Point Software Technologies LTD) -- C:\Windows\System32\vspubapi.dll
[2010.08.14 21:16:13 | 000,107,520 | ---- | C] (Check Point Software Technologies LTD) -- C:\Windows\System32\vsmonapi.dll
[2010.08.14 21:16:12 | 000,112,128 | ---- | C] (Check Point Software Technologies LTD) -- C:\Windows\System32\vsdata.dll
[2010.08.14 21:15:56 | 000,457,304 | ---- | C] (Check Point Software Technologies LTD) -- C:\Windows\System32\drivers\vsdatant.sys
[2010.08.14 21:15:56 | 000,000,000 | ---D | C] -- C:\Windows\System32\ZoneLabs
[2010.08.14 21:15:53 | 000,000,000 | ---D | C] -- C:\Program Files\Zone Labs
[2010.08.14 21:15:30 | 000,000,000 | ---D | C] -- C:\ProgramData\CheckPoint
[2010.08.14 21:15:29 | 000,228,864 | ---- | C] (Check Point Software Technologies LTD) -- C:\Windows\System32\vsinit.dll
[2010.08.14 21:15:29 | 000,000,000 | ---D | C] -- C:\Windows\Internet Logs
[2010.08.14 21:15:28 | 000,713,728 | ---- | C] (Check Point Software Technologies LTD) -- C:\Windows\System32\vsutil.dll
[2010.08.13 22:52:56 | 000,000,000 | ---D | C] -- C:\Users\Standard\Desktop\Neuer Ordner
[2010.08.12 21:22:09 | 000,000,000 | ---D | C] -- C:\ProgramData\McAfee Security Scan
[2010.08.12 21:22:09 | 000,000,000 | ---D | C] -- C:\ProgramData\McAfee
[2010.08.12 21:22:06 | 000,000,000 | ---D | C] -- C:\Program Files\McAfee Security Scan
[2010.08.11 00:42:00 | 001,469,440 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\inetcpl.cpl
[2010.08.11 00:42:00 | 000,611,840 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mstime.dll
[2010.08.11 00:42:00 | 000,599,040 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msfeeds.dll
[2010.08.11 00:42:00 | 000,387,584 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\iedkcs32.dll
[2010.08.11 00:42:00 | 000,173,056 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ie4uinit.exe
[2010.08.11 00:42:00 | 000,164,352 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ieui.dll
[2010.08.11 00:41:59 | 001,638,912 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mshtml.tlb
[2010.08.11 00:41:59 | 000,184,320 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\iepeers.dll
[2010.08.11 00:41:59 | 000,133,632 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ieUnatt.exe
[2010.08.11 00:41:59 | 000,109,056 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\iesysprep.dll
[2010.08.11 00:41:59 | 000,071,680 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\iesetup.dll
[2010.08.11 00:41:59 | 000,055,808 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\iernonce.dll
[2010.08.11 00:41:59 | 000,055,296 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msfeedsbs.dll
[2010.08.11 00:41:59 | 000,025,600 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\jsproxy.dll
[2010.08.11 00:41:59 | 000,013,312 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msfeedssync.exe
[2010.08.11 00:41:56 | 000,081,920 | ---- | C] (Radius Inc.) -- C:\Windows\System32\iccvid.dll
[2010.08.11 00:41:44 | 002,037,760 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\win32k.sys
[2010.08.11 00:41:40 | 000,036,864 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\rtutils.dll
[2010.08.11 00:41:22 | 003,600,768 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ntkrnlpa.exe
[2010.08.11 00:41:22 | 003,548,040 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ntoskrnl.exe
[2010.08.10 22:49:03 | 000,000,000 | ---D | C] -- C:\Users\Standard\AppData\Local\2K Games
[2010.08.10 22:48:37 | 002,106,216 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\D3DCompiler_43.dll
[2010.08.10 22:48:37 | 001,868,128 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\d3dcsx_43.dll
[2010.08.10 22:48:37 | 000,527,192 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\XAudio2_7.dll
[2010.08.10 22:48:37 | 000,248,672 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\d3dx11_43.dll
[2010.08.10 22:48:37 | 000,239,960 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\xactengine3_7.dll
[2010.08.10 22:48:37 | 000,074,072 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\XAPOFX1_5.dll
[2010.08.10 22:48:36 | 005,501,792 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\d3dcsx_42.dll
[2010.08.10 22:48:36 | 001,998,168 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\D3DX9_43.dll
[2010.08.10 22:48:36 | 001,974,616 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\D3DCompiler_42.dll
[2010.08.10 22:48:36 | 000,528,216 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\XAudio2_6.dll
[2010.08.10 22:48:36 | 000,515,416 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\XAudio2_5.dll
[2010.08.10 22:48:36 | 000,470,880 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\d3dx10_43.dll
[2010.08.10 22:48:36 | 000,238,936 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\xactengine3_6.dll
[2010.08.10 22:48:36 | 000,238,936 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\xactengine3_5.dll
[2010.08.10 22:48:36 | 000,074,072 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\XAPOFX1_4.dll
[2010.08.10 22:48:36 | 000,022,360 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\X3DAudio1_7.dll
[2010.08.10 22:48:35 | 000,235,344 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\d3dx11_42.dll
[2010.08.10 22:48:33 | 000,069,464 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\XAPOFX1_3.dll
[2010.08.10 22:48:31 | 000,509,448 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\XAudio2_2.dll
[2010.08.10 22:48:31 | 000,238,088 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\xactengine3_2.dll
[2010.08.10 22:48:31 | 000,068,616 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\XAPOFX1_1.dll
[2010.08.10 22:39:56 | 000,000,000 | ---D | C] -- C:\Users\Standard\Desktop\MafiaIIDemo
[2010.08.10 22:27:50 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Steam
[2010.08.10 22:27:48 | 000,000,000 | ---D | C] -- C:\Program Files\Steam
[2010.08.09 20:26:07 | 001,279,192 | ---- | C] (IObit                                                       ) -- C:\Users\Standard\Desktop\gamebooster_151.exe
[2010.08.05 04:40:12 | 000,000,000 | ---D | C] -- C:\Users\Standard\Desktop\neuuu
[2010.07.31 02:52:31 | 000,000,000 | ---D | C] -- C:\Users\Standard\AppData\Roaming\.purple
[2010.07.31 02:51:44 | 000,000,000 | ---D | C] -- C:\Program Files\Pidgin
[2010.07.25 02:47:19 | 000,000,000 | -HSD | C] -- C:\ProgramData\SecuROM
[2010.07.24 22:55:59 | 000,107,888 | ---- | C] (Sony DADC Austria AG.) -- C:\Windows\System32\CmdLineExt.dll
[2010.07.24 22:20:00 | 000,000,000 | ---D | C] -- C:\Users\Standard\AppData\Local\Rockstar Games
[2010.07.22 00:47:06 | 000,000,000 | ---D | C] -- C:\Users\Standard\Documents\astragon Software GmbH
[2 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]
 
========== Files - Modified Within 30 Days ==========
 
[2010.08.16 19:25:22 | 008,650,752 | ---- | M] () -- C:\Users\Standard\ntuser.dat
[2010.08.16 18:43:53 | 000,003,168 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0
[2010.08.16 18:43:53 | 000,003,168 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0
[2010.08.16 16:44:34 | 000,053,164 | ---- | M] () -- C:\ProgramData\nvModes.dat
[2010.08.16 16:44:34 | 000,053,164 | ---- | M] () -- C:\ProgramData\nvModes.001
[2010.08.16 16:44:05 | 000,000,376 | ---- | M] () -- C:\Windows\tasks\AWC Startup.job
[2010.08.16 16:44:05 | 000,000,006 | -H-- | M] () -- C:\Windows\tasks\SA.DAT
[2010.08.16 16:43:52 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2010.08.16 16:43:50 | 3219,644,416 | -HS- | M] () -- C:\hiberfil.sys
[2010.08.16 16:42:52 | 000,524,288 | -HS- | M] () -- C:\Users\Standard\ntuser.dat{dc609bfd-582a-11df-b860-dbde0ba0b6e5}.TMContainer00000000000000000001.regtrans-ms
[2010.08.16 16:42:52 | 000,065,536 | -HS- | M] () -- C:\Users\Standard\ntuser.dat{dc609bfd-582a-11df-b860-dbde0ba0b6e5}.TM.blf
[2010.08.16 16:42:51 | 005,057,272 | -H-- | M] () -- C:\Users\Standard\AppData\Local\IconCache.db
[2010.08.16 15:42:00 | 000,000,824 | ---- | M] () -- C:\Users\Public\Desktop\Malwarebytes' Anti-Malware.lnk
[2010.08.14 21:19:28 | 000,421,442 | -H-- | M] () -- C:\Windows\System32\drivers\vsconfig.xml
[2010.08.14 21:17:32 | 000,000,877 | ---- | M] () -- C:\Users\Standard\Desktop\ZoneAlarm Security.lnk
[2010.08.14 21:17:31 | 000,005,977 | ---- | M] () -- C:\Windows\System32\vsconfig.xml
[2010.08.14 21:13:54 | 048,045,056 | ---- | M] () -- C:\Users\Standard\Desktop\zaSetup_92_058_000_de.exe
[2010.08.13 22:55:20 | 001,650,452 | ---- | M] () -- C:\Windows\System32\PerfStringBackup.INI
[2010.08.13 22:55:20 | 000,705,786 | ---- | M] () -- C:\Windows\System32\perfh007.dat
[2010.08.13 22:55:20 | 000,668,804 | ---- | M] () -- C:\Windows\System32\perfh009.dat
[2010.08.13 22:55:20 | 000,152,416 | ---- | M] () -- C:\Windows\System32\perfc007.dat
[2010.08.13 22:55:20 | 000,127,858 | ---- | M] () -- C:\Windows\System32\perfc009.dat
[2010.08.12 21:22:08 | 000,001,719 | ---- | M] () -- C:\Users\Public\Desktop\McAfee Security Scan Plus.lnk
[2010.08.12 21:22:08 | 000,001,717 | ---- | M] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\McAfee Security Scan Plus.lnk
[2010.08.12 19:45:39 | 000,423,073 | ---- | M] () -- C:\Users\Standard\Desktop\mafia2.time.freez.rar
[2010.08.11 21:58:49 | 002,243,272 | ---- | M] () -- C:\Windows\System32\FNTCACHE.DAT
[2010.08.10 22:44:26 | 000,000,792 | ---- | M] () -- C:\Users\Public\Desktop\Steam.lnk
[2010.08.10 22:27:02 | 001,598,976 | ---- | M] () -- C:\Users\Standard\Desktop\SteamInstall.msi
[2010.08.10 13:58:25 | 001,037,617 | ---- | M] () -- C:\Users\Standard\Desktop\MafiaII.exe
[2010.08.09 20:26:56 | 000,000,891 | ---- | M] () -- C:\Users\Public\Desktop\Switch to Gaming Mode.lnk
[2010.08.09 20:26:56 | 000,000,883 | ---- | M] () -- C:\Users\Public\Desktop\Game Booster.lnk
[2010.08.09 20:26:13 | 001,279,192 | ---- | M] (IObit                                                       ) -- C:\Users\Standard\Desktop\gamebooster_151.exe
[2010.08.09 20:25:43 | 000,260,400 | ---- | M] () -- C:\Users\Standard\Desktop\SoftonicDownloader80984.exe
[2010.08.08 22:29:35 | 000,053,248 | ---- | M] () -- C:\Users\Standard\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2010.08.03 04:42:47 | 000,000,218 | ---- | M] () -- C:\Users\Standard\.recently-used.xbel
[2010.07.24 22:55:59 | 000,107,888 | ---- | M] (Sony DADC Austria AG.) -- C:\Windows\System32\CmdLineExt.dll
[2010.07.23 20:14:42 | 000,000,410 | ---- | M] () -- C:\Windows\tasks\1-Klick-Wartung.job
[2 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]
 
========== Files Created - No Company Name ==========
 
[2010.08.16 15:42:00 | 000,000,824 | ---- | C] () -- C:\Users\Public\Desktop\Malwarebytes' Anti-Malware.lnk
[2010.08.14 21:17:32 | 000,000,877 | ---- | C] () -- C:\Users\Standard\Desktop\ZoneAlarm Security.lnk
[2010.08.14 21:17:31 | 000,005,977 | ---- | C] () -- C:\Windows\System32\vsconfig.xml
[2010.08.14 21:15:56 | 000,421,442 | -H-- | C] () -- C:\Windows\System32\drivers\vsconfig.xml
[2010.08.14 21:13:52 | 048,045,056 | ---- | C] () -- C:\Users\Standard\Desktop\zaSetup_92_058_000_de.exe
[2010.08.12 21:22:08 | 000,001,719 | ---- | C] () -- C:\Users\Public\Desktop\McAfee Security Scan Plus.lnk
[2010.08.12 21:22:08 | 000,001,717 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\McAfee Security Scan Plus.lnk
[2010.08.12 19:40:37 | 001,037,617 | ---- | C] () -- C:\Users\Standard\Desktop\MafiaII.exe
[2010.08.12 04:47:37 | 000,423,073 | ---- | C] () -- C:\Users\Standard\Desktop\mafia2.time.freez.rar
[2010.08.10 22:27:48 | 000,000,792 | ---- | C] () -- C:\Users\Public\Desktop\Steam.lnk
[2010.08.10 22:26:53 | 001,598,976 | ---- | C] () -- C:\Users\Standard\Desktop\SteamInstall.msi
[2010.08.09 20:26:56 | 000,000,891 | ---- | C] () -- C:\Users\Public\Desktop\Switch to Gaming Mode.lnk
[2010.08.09 20:26:56 | 000,000,883 | ---- | C] () -- C:\Users\Public\Desktop\Game Booster.lnk
[2010.08.09 20:25:43 | 000,260,400 | ---- | C] () -- C:\Users\Standard\Desktop\SoftonicDownloader80984.exe
[2010.08.03 04:42:47 | 000,000,218 | ---- | C] () -- C:\Users\Standard\.recently-used.xbel
[2010.04.02 17:17:34 | 000,179,091 | ---- | C] () -- C:\Windows\System32\xlive.dll.cat
[2009.10.19 18:03:40 | 000,281,760 | ---- | C] () -- C:\Windows\System32\drivers\atksgt.sys
[2009.10.19 18:03:39 | 000,025,888 | ---- | C] () -- C:\Windows\System32\drivers\lirsgt.sys
[2009.09.17 02:02:01 | 000,117,248 | ---- | C] () -- C:\Windows\System32\EhStorAuthn.dll
[2009.04.07 21:06:26 | 000,717,296 | ---- | C] () -- C:\Windows\System32\drivers\sptd.sys
[2009.03.18 18:42:50 | 000,077,824 | ---- | C] () -- C:\Windows\System32\HPZIDS01.dll
[2009.03.17 17:31:23 | 000,000,848 | -HS- | C] () -- C:\Windows\System32\KGyGaAvL.sys
[2008.07.26 08:25:02 | 000,025,624 | ---- | C] () -- C:\Windows\System32\drivers\LVPr2Mon.sys
[2007.10.18 13:56:14 | 000,120,200 | ---- | C] () -- C:\Windows\System32\DLLDEV32i.dll
[2007.10.18 13:56:14 | 000,006,768 | ---- | C] () -- C:\Windows\mgxoschk.ini
[2007.10.18 13:46:46 | 000,069,632 | ---- | C] () -- C:\Windows\System32\vuins32.dll
[2007.10.12 01:11:58 | 000,059,500 | ---- | C] () -- C:\Windows\System32\lvcoinst.ini
[2006.11.02 14:35:32 | 000,005,632 | ---- | C] () -- C:\Windows\System32\sysprepMCE.dll
[2006.11.02 09:40:29 | 000,013,750 | ---- | C] () -- C:\Windows\System32\pacerprf.ini
[2006.08.11 09:52:02 | 000,012,288 | ---- | C] () -- C:\Windows\System32\EvOnlDiag.dll
[2002.03.17 02:00:00 | 000,007,420 | ---- | C] () -- C:\Windows\UA000096.DLL
 
========== Alternate Data Streams ==========
 
@Alternate Data Stream - 72 bytes -> C:\Windows:4F9666BB02E53299
@Alternate Data Stream - 128 bytes -> C:\ProgramData\TEMP:6CC69D3C
@Alternate Data Stream - 101 bytes -> C:\ProgramData\TEMP:18AE7C5A
< End of report >
         




Dazu muss ich noch sagen das ich vorhin bei MAM auf Quarantäne und delete gegangen bin. Ist das nun in quarantäne und gelöscht?

Soll ich den ganzen system32 ordner in euer forum schicken weil ich finde das hier nicht mehr C:\Windows\System32\lowsec <----- sondern nur C:\Windows\System32\ <-- das ?

Geändert von Farthecry (16.08.2010 um 19:34 Uhr) Grund: was muss ich nun tun?

Alt 16.08.2010, 23:35   #8
Chris4You
 
habe von der telekom ein brief bekommen, sind trojaner auf mein pc? - Standard

habe von der telekom ein brief bekommen, sind trojaner auf mein pc?



Hi,

das war fast gut. Du hättet die Quarantäne nicht löschen sollen, da wir die Files noch gebraucht hätten (zur Untersuchung).... Nunja, habe ich mich wohl nicht klar genug ausgedrückt...

Auf dem Rechner war aber schon mal einiges los, oder?
Lass mal die folgenden Files untersuchen, wenn Du sie findest...

Bitte folgende Files prüfen:

Dateien Online überprüfen lassen:
  • Suche die Seite Virtustotal auf, klicke auf den Button „Durchsuchen“
    und suche folgende Datei/Dateien:
Code:
ATTFilter
C:\Windows\System32\DRIVERS\ipinip.sys
C:\Windows\System32\drivers\blbdrive.sys
         
  • Lade nun nacheinander jede/alle Datei/Dateien hoch, und warte bis der Scan vorbei ist. (kann bis zu 2 Minuten dauern.)
  • Poste im Anschluss das Ergebnis der Auswertung, alles abkopieren und in einen Beitrag einfügen.
  • Wichtig: Auch die Größenangabe sowie den HASH mit kopieren!
  • Doppelklick auf die OTL.exe, um das Programm auszuführen.
  • Vista/Win7-User bitte per Rechtsklick und "Ausführen als Administrator" starten.
  • Kopiere den Inhalt der folgenden Codebox komplett in die OTL-Box unter "Custom Scan/Fixes"
Code:
ATTFilter
:OTL

O4 - HKCU..\Run: [{427D3F2C-68EF-BD1E-D392-1BECB0DD60B1}] C:\Users\Standard\AppData\Roaming\Ivga\efik.exe File not found
FF - prefs.js..browser.search.defaultengine: "Ask.com"
FF - prefs.js..browser.search.defaultenginename: "ICQ Search"
FF - prefs.js..browser.search.order.1: "Ask.com"
FF - prefs.js..extensions.enabledItems: toolbar@ask.com:3.6.6.117
[2010.05.17 14:32:00 | 000,002,253 | ---- | M] () -- C:\Users\Standard\AppData\Roaming\Mozilla\FireFox\Profiles\e4ndxa7a.default\searchplugins\askcom.xml

:Commands
[emptytemp]
[Reboot]
         
  • Den roten Run Fixes! Button anklicken.
  • Bitte alles aus dem Ergebnisfenster (Results) herauskopieren.
  • Eine Kopie eines OTL-Fix-Logs wird in einer Textdatei in folgendem Ordner gespeichert:
  • %systemroot%\_OTL

Superantispyware:
Anleitung&Download hier: http://www.trojaner-board.de/51871-a...tispyware.html

chris
__________________
Don't bring me down
Vor dem posten beachten!
Spenden
(Wer spenden will, kann sich gerne melden )

Alt 17.08.2010, 03:33   #9
Farthecry
 
habe von der telekom ein brief bekommen, sind trojaner auf mein pc? - Standard

habe von der telekom ein brief bekommen, sind trojaner auf mein pc?



hi chris4you.

Habe die zwei dateien nicht gefunden, sind nicht mehr in diesem verzeichniss ich vermute MAM hat sie in quarantäne geschoben oder gelöscht?
Jedenfalls habe ich nun den code mit OTL gemacht und hier der log, nach dem fix hat mein pc sich neugestartet.




Code:
ATTFilter
All processes killed
Error: Unable to interpret <Code:Alles auswählenLarusso Modus > in the current context!
========== OTL ==========
Registry value HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run\\{427D3F2C-68EF-BD1E-D392-1BECB0DD60B1} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{427D3F2C-68EF-BD1E-D392-1BECB0DD60B1}\ not found.
Prefs.js: "Ask.com" removed from browser.search.defaultengine
Prefs.js: "ICQ Search" removed from browser.search.defaultenginename
Prefs.js: "Ask.com" removed from browser.search.order.1
Prefs.js: toolbar@ask.com:3.6.6.117 removed from extensions.enabledItems
C:\Users\Standard\AppData\Roaming\Mozilla\FireFox\Profiles\e4ndxa7a.default\searchplugins\askcom.xml moved successfully.
========== COMMANDS ==========
 
[EMPTYTEMP]
 
User: All Users
 
User: Default
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 33170 bytes
 
User: Default User
 
User: Gast
->Temp folder emptied: 5320370 bytes
->Temporary Internet Files folder emptied: 5391768 bytes
->Java cache emptied: 162323 bytes
->Flash cache emptied: 627 bytes
 
User: Public
 
User: Standard
->Temp folder emptied: 18759104 bytes
->Temporary Internet Files folder emptied: 61081989 bytes
->Java cache emptied: 31828961 bytes
->FireFox cache emptied: 40333342 bytes
->Google Chrome cache emptied: 0 bytes
->Opera cache emptied: 124801 bytes
->Flash cache emptied: 4257 bytes
 
User: TEMP
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 32768 bytes
 
%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 401408 bytes
%systemroot%\System32 .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 3104386 bytes
RecycleBin emptied: 5308 bytes
 
Total Files Cleaned = 159,00 mb
 
 
OTL by OldTimer - Version 3.2.9.1 log created on 08172010_005354

Files\Folders moved on Reboot...
C:\Users\Standard\AppData\Local\Temp\~DF6C6B.tmp moved successfully.
C:\Users\Standard\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\M5ZTXB1L\01[1].htm moved successfully.
C:\Users\Standard\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\M5ZTXB1L\df949936-2850-4e26-af65-c14d91c5c48b[1].htm moved successfully.
C:\Users\Standard\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\J7ZMACK5\adsCAJIBH6G.htm moved successfully.
C:\Users\Standard\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\J7ZMACK5\adsCAQXHDR3.htm moved successfully.
C:\Users\Standard\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\J7ZMACK5\de_msn_com[1].htm moved successfully.
C:\Users\Standard\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\E8ES44KZ\adsCAYAW9HN.htm moved successfully.
C:\Users\Standard\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\BFLXWSC0\89508-habe-von-der-telekom-ein-brief-bekommen-sind-trojaner-auf-mein-pc[1].html moved successfully.
C:\Users\Standard\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\BFLXWSC0\blank[1].htm moved successfully.
C:\Users\Standard\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\MSIMGSIZ.DAT moved successfully.
File move failed. C:\Windows\temp\logishrd\LVPrcInj01.dll scheduled to be moved on reboot.
File\Folder C:\Windows\temp\ZLT07fd1.TMP not found!

Registry entries deleted on Reboot...
         

Alt 17.08.2010, 06:50   #10
Chris4You
 
habe von der telekom ein brief bekommen, sind trojaner auf mein pc? - Standard

habe von der telekom ein brief bekommen, sind trojaner auf mein pc?



Hallo,

jetzt bitte noch wie angegeben SUPERAntiSpyware laufen lassen...

chris
__________________
Don't bring me down
Vor dem posten beachten!
Spenden
(Wer spenden will, kann sich gerne melden )

Alt 18.08.2010, 01:59   #11
Farthecry
 
habe von der telekom ein brief bekommen, sind trojaner auf mein pc? - Standard

habe von der telekom ein brief bekommen, sind trojaner auf mein pc?



hi Chris4you,

habe nun zwei mal den kompletten scan ausgeführt mit SUPERAntiSpyware und er hat beim ersten 22.Adware infektionen gefunden und ein troj.win32.
Und dann beim zweiten hat er nochmal 15Gefunden. Und dann hab ich schnell scan nochmal gemacht, und er hat 1 Adware gefunden.


Soll ich nun noch etwas machen?

Alt 18.08.2010, 18:32   #12
Chris4You
 
habe von der telekom ein brief bekommen, sind trojaner auf mein pc? - Standard

habe von der telekom ein brief bekommen, sind trojaner auf mein pc?



Hi,

poste das Log von Superantspyware und ein neues OTL-Log....
Da waren jede Menge Spuren von alten Infektionen...

Customscan mit OTL:

* Starte bitte die OTL.exe.
Vista/Win7-User mit Rechtsklick "als Administrator starten"
* Kopiere nun den Inhalt in die Textbox.


Code:
ATTFilter
netsvcs
msconfig
safebootminimal
safebootnetwork
activex
drivers32
%SYSTEMDRIVE%\*.exe
/md5start
eventlog.dll
scecli.dll
netlogon.dll
cngaudit.dll
sceclt.dll
ntelogon.dll
logevent.dll
iaStor.sys
nvstor.sys
atapi.sys
IdeChnDr.sys
viasraid.sys
AGP440.sys
vaxscsi.sys
nvatabus.sys
viamraid.sys
nvata.sys
nvgts.sys
iastorv.sys
ViPrt.sys
eNetHook.dll
ahcix86.sys
KR10N.sys
nvstor32.sys
mv61xx.sys
/md5stop
c:\windows\system32\drivers\*.sys /lockedfiles
c:\windows\system32\*.dll /lockedfiles
%systemroot%\*. /mp /s
%PROGRAMFILES%\*.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WindowsUpdate\Auto Update\Results\Install|LastSuccessTime /rs
CREATERESTOREPOINT
         
* Schliesse bitte nun alle Programme. (Wichtig)
* Klicke nun bitte auf den Quick Scan Button.
* Klick auf OK .
* Kopiere nun den Inhalt aus OTL.txt und Extra.txt hier in Deinen Thread


Gmer:
http://www.trojaner-board.de/74908-a...t-scanner.html
Den Downloadlink findest Du links oben (GMER - Rootkit Detector and Remover), dort dann
auf den Button "Download EXE", dabei wird ein zufälliger Name generiert (den und den Pfad wo Du sie gespeichert hast bitte merken).
Starte GMER und schaue, ob es schon was meldet. Macht es das, bitte alle Fragen mit "nein" beantworten, auf den Reiter "rootkit" gehen, wiederum die Frage mit "nein" beantworten und mit Hilfe von copy den Bericht in den Thread einfügen. Meldet es so nichts, gehe auf den Reiter Rootkit und mache einen Scan. Ist dieser beendet, wähle Copy und füge den Bericht ein.

chris
__________________
Don't bring me down
Vor dem posten beachten!
Spenden
(Wer spenden will, kann sich gerne melden )

Alt 18.08.2010, 21:40   #13
Farthecry
 
habe von der telekom ein brief bekommen, sind trojaner auf mein pc? - Standard

habe von der telekom ein brief bekommen, sind trojaner auf mein pc?





ich kann den OTL log nicht hier rein posten da kommt immer diese fehlermeldung hier: Fatal error: Maximum execution time of 30 seconds exceeded in /www/htdocs/tbcom/includes/functions.php on line 1838


was soll das heißen???
ich mach nun GMER ok

Alt 18.08.2010, 22:34   #14
Farthecry
 
habe von der telekom ein brief bekommen, sind trojaner auf mein pc? - Standard

habe von der telekom ein brief bekommen, sind trojaner auf mein pc?



Ok hab nun GMER gemacht, aber da kam kein Log? Chris4you hast du noch ein tipp was ich machen kann? Denkst du das mein Pc virenfrei irgendwann wird?? du hattest ja gesagt das auf mein pc viel los ist oder war.
Ich hab den verdacht das auf mein Pc noch viren sind wir müssen die viren verbrennen


Mfg far the cry

Alt 20.08.2010, 01:17   #15
Farthecry
 
habe von der telekom ein brief bekommen, sind trojaner auf mein pc? - Standard

habe von der telekom ein brief bekommen, sind trojaner auf mein pc?



hi schicke hier die SUPERAntiSpyware scan log. Einmal vom 18.08 und dann nochmal vom 19.08




Code:
ATTFilter
SUPERAntiSpyware Scan Log
hxxp://www.superantispyware.com

Generated 08/18/2010 at 09:02 AM

Application Version : 4.41.1000

Core Rules Database Version : 5370
Trace Rules Database Version: 3182

Scan type       : Complete Scan
Total Scan Time : 01:35:00

Memory items scanned      : 602
Memory threats detected   : 0
Registry items scanned    : 9260
Registry threats detected : 0
File items scanned        : 153509
File threats detected     : 16

Adware.Tracking Cookie
	C:\Users\Standard\AppData\Roaming\Microsoft\Windows\Cookies\standard@ad.yieldmanager[2].txt
	C:\Users\Standard\AppData\Roaming\Microsoft\Windows\Cookies\standard@adfarm1.adition[1].txt
	C:\Users\Standard\AppData\Roaming\Microsoft\Windows\Cookies\standard@webmasterplan[2].txt
	C:\Users\Standard\AppData\Roaming\Microsoft\Windows\Cookies\standard@tradedoubler[1].txt
	C:\Users\Standard\AppData\Roaming\Microsoft\Windows\Cookies\standard@ad.zanox[1].txt
	C:\Users\Standard\AppData\Roaming\Microsoft\Windows\Cookies\standard@msnportal.112.2o7[1].txt
	C:\Users\Standard\AppData\Roaming\Microsoft\Windows\Cookies\standard@content.yieldmanager[3].txt
	C:\Users\Standard\AppData\Roaming\Microsoft\Windows\Cookies\standard@zanox-affiliate[1].txt
	C:\Users\Standard\AppData\Roaming\Microsoft\Windows\Cookies\standard@adtech[1].txt
	C:\Users\Standard\AppData\Roaming\Microsoft\Windows\Cookies\standard@content.yieldmanager[2].txt
	C:\Users\Standard\AppData\Roaming\Microsoft\Windows\Cookies\standard@atdmt[2].txt
	C:\Users\Standard\AppData\Roaming\Microsoft\Windows\Cookies\standard@eas.apm.emediate[1].txt
	C:\Users\Standard\AppData\Roaming\Microsoft\Windows\Cookies\standard@zanox[2].txt
	C:\Users\Standard\AppData\Roaming\Microsoft\Windows\Cookies\standard@mediaplex[1].txt
	C:\Users\Standard\AppData\Roaming\Microsoft\Windows\Cookies\standard@adxpose[1].txt
	imagesrv.adition.com [ C:\Users\Standard\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\D4W7NWXK ]
         


Code:
ATTFilter
SUPERAntiSpyware Scan Log
hxxp://www.superantispyware.com

Generated 08/19/2010 at 05:19 AM

Application Version : 4.41.1000

Core Rules Database Version : 5370
Trace Rules Database Version: 3182

Scan type       : Complete Scan
Total Scan Time : 00:09:39

Memory items scanned      : 565
Memory threats detected   : 0
Registry items scanned    : 9260
Registry threats detected : 0
File items scanned        : 6109
File threats detected     : 28

Adware.Tracking Cookie
	C:\Users\Standard\AppData\Roaming\Microsoft\Windows\Cookies\standard@ad.yieldmanager[1].txt
	C:\Users\Standard\AppData\Roaming\Microsoft\Windows\Cookies\standard@rts.pgmediaserve[1].txt
	C:\Users\Standard\AppData\Roaming\Microsoft\Windows\Cookies\standard@partypoker[2].txt
	C:\Users\Standard\AppData\Roaming\Microsoft\Windows\Cookies\standard@adfarm1.adition[2].txt
	C:\Users\Standard\AppData\Roaming\Microsoft\Windows\Cookies\standard@webmasterplan[2].txt
	C:\Users\Standard\AppData\Roaming\Microsoft\Windows\Cookies\standard@tradedoubler[1].txt
	C:\Users\Standard\AppData\Roaming\Microsoft\Windows\Cookies\standard@ads.whaleads[2].txt
	C:\Users\Standard\AppData\Roaming\Microsoft\Windows\Cookies\standard@adultfriendfinder[2].txt
	C:\Users\Standard\AppData\Roaming\Microsoft\Windows\Cookies\standard@ad.zanox[1].txt
	C:\Users\Standard\AppData\Roaming\Microsoft\Windows\Cookies\standard@msnportal.112.2o7[1].txt
	C:\Users\Standard\AppData\Roaming\Microsoft\Windows\Cookies\standard@content.yieldmanager[3].txt
	C:\Users\Standard\AppData\Roaming\Microsoft\Windows\Cookies\standard@ad.ad-srv[2].txt
	C:\Users\Standard\AppData\Roaming\Microsoft\Windows\Cookies\standard@zanox-affiliate[1].txt
	C:\Users\Standard\AppData\Roaming\Microsoft\Windows\Cookies\standard@adxpansion[1].txt
	C:\Users\Standard\AppData\Roaming\Microsoft\Windows\Cookies\standard@adtech[1].txt
	C:\Users\Standard\AppData\Roaming\Microsoft\Windows\Cookies\standard@alphaporno[2].txt
	C:\Users\Standard\AppData\Roaming\Microsoft\Windows\Cookies\standard@content.yieldmanager[2].txt
	C:\Users\Standard\AppData\Roaming\Microsoft\Windows\Cookies\standard@ad3.adfarm1.adition[2].txt
	C:\Users\Standard\AppData\Roaming\Microsoft\Windows\Cookies\standard@atdmt[2].txt
	C:\Users\Standard\AppData\Roaming\Microsoft\Windows\Cookies\standard@adserver.hardsextube[2].txt
	C:\Users\Standard\AppData\Roaming\Microsoft\Windows\Cookies\standard@eas.apm.emediate[2].txt
	C:\Users\Standard\AppData\Roaming\Microsoft\Windows\Cookies\standard@zanox[2].txt
	C:\Users\Standard\AppData\Roaming\Microsoft\Windows\Cookies\standard@www.zanox-affiliate[1].txt
	C:\Users\Standard\AppData\Roaming\Microsoft\Windows\Cookies\standard@hardsextube[2].txt
	C:\Users\Standard\AppData\Roaming\Microsoft\Windows\Cookies\standard@www.alphaporno[2].txt
	C:\Users\Standard\AppData\Roaming\Microsoft\Windows\Cookies\standard@adweb2.hornymatches[2].txt
	C:\Users\Standard\AppData\Roaming\Microsoft\Windows\Cookies\standard@atwola[1].txt
	C:\Users\Standard\AppData\Roaming\Microsoft\Windows\Cookies\standard@tracking.mlsat02[1].txt
         

Antwort

Themen zu habe von der telekom ein brief bekommen, sind trojaner auf mein pc?
antivir, antivir guard, ask toolbar, ask.com, avg, avira, bho, brief, checkpoint, desktop, email, frage, highjackthis, hijack, hijackthis, internet, internet explorer, limewire, logfile, magix, monitor, performance, safer networking, security, security scan, server, software, system, systweak, trojaner, vista, werbung, windows



Ähnliche Themen: habe von der telekom ein brief bekommen, sind trojaner auf mein pc?


  1. Habe bei Steam eine .scr Datei geschickt bekommen dann gedownloaded... Trojaner?
    Plagegeister aller Art und deren Bekämpfung - 13.03.2015 (12)
  2. Telekom-Brief bez. Trojaner/ Virus - Ist mein System befallen?
    Plagegeister aller Art und deren Bekämpfung - 26.02.2015 (10)
  3. Habe img_72938.scr geschickt bekommen...
    Plagegeister aller Art und deren Bekämpfung - 17.02.2015 (11)
  4. Brief von der Telekom bekommen, Internet Anschluss versendet Spam-Mails
    Plagegeister aller Art und deren Bekämpfung - 28.01.2015 (9)
  5. Telekom Trojaner geöffnet--> Fehlermeldung beim download bekommen
    Log-Analyse und Auswertung - 24.06.2014 (5)
  6. Habe Telekom Rechnung geöffnet! Bin mir nicht sicher, ob ich einen Trjoaner eingefangen habe
    Plagegeister aller Art und deren Bekämpfung - 08.06.2014 (15)
  7. habe E-mail von BSI bekommen
    Log-Analyse und Auswertung - 27.01.2014 (7)
  8. brief von der Telekom bekommen
    Plagegeister aller Art und deren Bekämpfung - 30.10.2013 (1)
  9. Brief von Telekom: Sie sind mit ZeuS/ZBot-Trojaner infiziert
    Log-Analyse und Auswertung - 10.10.2013 (3)
  10. brauche hilfe habe e-mail bekommen mit anhang meine mutter hat es geofnet und da warn trojaner drin
    Log-Analyse und Auswertung - 30.06.2013 (2)
  11. Ich habe leider ein Trojaner (wieder -.-) bekommen!
    Log-Analyse und Auswertung - 11.09.2012 (1)
  12. habe GEMA Trojaner aber finde die dateien nicht die in diversen anleitungen aufgelistet sind
    Plagegeister aller Art und deren Bekämpfung - 11.06.2012 (9)
  13. E-mail bekommen: Virus eingefangen und jetzt sind alle meiner Daten umgeändert kriege die nicht auf!
    Log-Analyse und Auswertung - 06.06.2012 (4)
  14. Noch habe ich keinen Trojaner, kann ich vorher einen Rat bekommen oder erst wenn es zu spät ist?
    Plagegeister aller Art und deren Bekämpfung - 17.04.2012 (4)
  15. Dateien sind alle weg und ich bekommen fehlermeldungen!
    Plagegeister aller Art und deren Bekämpfung - 02.11.2011 (14)
  16. Habe von t-online Post bekommen...
    Plagegeister aller Art und deren Bekämpfung - 01.12.2008 (14)
  17. Habe mein HJT-Log ausgewertet - es sind noch Fragen offen
    Log-Analyse und Auswertung - 16.04.2006 (1)

Zum Thema habe von der telekom ein brief bekommen, sind trojaner auf mein pc? - Hi ihr lieben helfer von trojaner board. Gestern hab ich ein brief von der telekom erhalten das ich angeblich schadhaften code von meinem pc aus versende wovon ich aber nichts - habe von der telekom ein brief bekommen, sind trojaner auf mein pc?...
Archiv
Du betrachtest: habe von der telekom ein brief bekommen, sind trojaner auf mein pc? auf Trojaner-Board

Search Engine Optimization by vBSEO ©2011, Crawlability, Inc.