| |
| |||||||
Plagegeister aller Art und deren Bekämpfung: Ron ads revenuebuster/Sparkassenseite fragt tan ab/ netbook ohne Laufwerk-windows neu drauf machen?Windows 7 Wenn Du nicht sicher bist, ob Du dir Malware oder Trojaner eingefangen hast, erstelle hier ein Thema. Ein Experte wird sich mit weiteren Anweisungen melden und Dir helfen die Malware zu entfernen oder Unerwünschte Software zu deinstallieren bzw. zu löschen. Bitte schildere dein Problem so genau wie möglich. Sollte es ein Trojaner oder Viren Problem sein wird ein Experte Dir bei der Beseitigug der Infektion helfen. |
 |
30.08.2010, 18:50
| #1 |
 |  Ron ads revenuebuster/Sparkassenseite fragt tan ab/ netbook ohne Laufwerk-windows neu drauf machen? Hallo, habe leider absolut keine Peilung, wenns um PCs geht, aber vielleicht könnt ihr mir ja doch helfen? Hatte mir vor einiger Zeit irgendwas auf meinem netbook eingefangen. Und zwar öffnen sich Fenster mit dem Titel "Ron ads by revenuebuster". Hab das mal gegoogelt, hab auch mehrere Anleitungen für andere Ron Ads gefunden, bin aber leider, alleine nicht schlau geworden. Heute hat mich meine Online Banking Seite nach Tan Nr gefragt. Hab das Konto sperren lassen. Normalerweise hätte ich jetzt auf dem grossen Pc windows einmal komplett neu draufgemacht. Jetzt hab ich aber nur mehr mein netbook, welches ja kein Laufwerk hat. Was würdet ihr mir raten? Krieg ich das wieder runter? Wie? Hab heute schon ein AntiMaleware Programm durchlaufen lassen. Bin mir aber nicht sicher, ob jetzt alles ok ist. Ist zwar noch kein Fenster aufgegangen, aber richtig laufen tuts glaub auch nicht!? Aber bitte erklärt es für doofe  , so dass ichs auch verstehe. Liebe Grüsse, Britta |
|
30.08.2010, 19:07
| #2 |
| /// Winkelfunktion /// TB-Süch-Tiger™   | Ron ads revenuebuster/Sparkassenseite fragt tan ab/ netbook ohne Laufwerk-windows neu drauf machen? Hallo und
__________________ Eine Bereinigung ist mitunter mit viel Arbeit für Dich verbunden.
Hinweis: Ich kann Dir niemals eine Garantie geben, dass ich auch alles finde. Eine Formatierung ist meist der Schnellere und immer der sicherste Weg. Solltest Du Dich für eine Bereinigung entscheiden, arbeite solange mit, bis dir jemand vom Team sagt, dass Du clean bist. Vista und Win7 User Alle Tools mit Rechtsklick "als Administrator ausführen" starten. Bitte routinemäßig einen Vollscan mit Malwarebytes machen und Log posten. Denk daran, dass Malwarebytes vor jedem Scan manuell aktualisiert werden muss! Danach OTL: Systemscan mit OTL Lade Dir bitte OTL von Oldtimer herunter und speichere es auf Deinem Desktop
__________________ |
|
30.08.2010, 20:31
| #3 |
| | Ron ads revenuebuster/Sparkassenseite fragt tan ab/ netbook ohne Laufwerk-windows neu drauf machen? ok, hoffe hab alles richtig gemacht, war stets bemüht
__________________malewarebites hatte ich schon heute Nachmittag durchlaufen lassen, das war das Ergebnis: Malwarebytes' Anti-Malware 1.46 www.malwarebytes.org Datenbank Version: 4507 Windows 5.1.2600 Service Pack 3 Internet Explorer 8.0.6001.18702 30.08.2010 17:31:11 mbam-log-2010-08-30 (17-31-11).txt Art des Suchlaufs: Quick-Scan Durchsuchte Objekte: 132622 Laufzeit: 19 Minute(n), 19 Sekunde(n) Infizierte Speicherprozesse: 0 Infizierte Speichermodule: 0 Infizierte Registrierungsschlüssel: 4 Infizierte Registrierungswerte: 1 Infizierte Dateiobjekte der Registrierung: 0 Infizierte Verzeichnisse: 0 Infizierte Dateien: 5 Infizierte Speicherprozesse: (Keine bösartigen Objekte gefunden) Infizierte Speichermodule: (Keine bösartigen Objekte gefunden) Infizierte Registrierungsschlüssel: HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{1d4db7d2-6ec9-47a3-bd87-1e41684e07bb} (Adware.MyWebSearch) -> Quarantined and deleted successfully. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\setup.exe (Adware.Agent) -> Quarantined and deleted successfully. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{923ee3e6-6241-1369-64bc-6d83284df9fe} (Adware.AdRotator) -> Quarantined and deleted successfully. HKEY_CLASSES_ROOT\CLSID\{923ee3e6-6241-1369-64bc-6d83284df9fe} (Adware.AdRotator) -> Quarantined and deleted successfully. Infizierte Registrierungswerte: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\ozjfvbywbh (Trojan.Agent) -> Quarantined and deleted successfully. Infizierte Dateiobjekte der Registrierung: (Keine bösartigen Objekte gefunden) Infizierte Verzeichnisse: (Keine bösartigen Objekte gefunden) Infizierte Dateien: C:\Dokumente und Einstellungen\Britta\Lokale Einstellungen\Temp\0.3516862961745635.exe (Spyware.Passwords) -> Quarantined and deleted successfully. C:\Dokumente und Einstellungen\Britta\Lokale Einstellungen\Temp\BrowserHotfix1.exe (Trojan.BHO) -> Quarantined and deleted successfully. C:\Dokumente und Einstellungen\Britta\Lokale Einstellungen\Temp\BrowserHotfix6.exe (Trojan.BHO) -> Quarantined and deleted successfully. C:\Dokumente und Einstellungen\Britta\Lokale Einstellungen\Temp\Temporäres Verzeichnis 1 für 17 Clueso - Gute Musik - Egal wo (mit Blumentopf).zip\setup.exe (Adware.Agent) -> Quarantined and deleted successfully. C:\WINDOWS\system32\sspisklexpfvfxepo.dll (Trojan.Agent) -> Delete on reboot. |
|
30.08.2010, 20:32
| #4 |
| | Ron ads revenuebuster/Sparkassenseite fragt tan ab/ netbook ohne Laufwerk-windows neu drauf machen? OTL Logfile:OTL Logfile: Code:
ATTFilter OTL logfile created on: 30.08.2010 21:23:29 - Run 1 OTL by OldTimer - Version 3.2.11.0 Folder = C:\Programme Windows XP Home Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation Internet Explorer (Version = 8.0.6001.18702) Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy 1.015,00 Mb Total Physical Memory | 252,00 Mb Available Physical Memory | 25,00% Memory free 2,00 Gb Paging File | 2,00 Gb Available in Paging File | 71,00% Paging File free Paging file location(s): C:\pagefile.sys 1522 1522 [binary data] %SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Programme Drive C: | 80,02 Gb Total Space | 63,31 Gb Free Space | 79,11% Space Free | Partition Type: NTFS Drive D: | 69,00 Gb Total Space | 68,91 Gb Free Space | 99,87% Space Free | Partition Type: NTFS E: Drive not present or media not loaded F: Drive not present or media not loaded G: Drive not present or media not loaded H: Drive not present or media not loaded I: Drive not present or media not loaded Computer Name: BRITT Current User Name: Britta Logged in as Administrator. Current Boot Mode: Normal Scan Mode: Current user Company Name Whitelist: Off Skip Microsoft Files: Off File Age = 30 Days Output = Minimal ========== Processes (SafeList) ========== PRC - C:\Programme\OTL.exe (OldTimer Tools) PRC - C:\Programme\Mozilla Firefox 4.0 Beta 4\firefox.exe (Mozilla Corporation) PRC - C:\Programme\TuneUp Utilities 2010\TuneUpUtilitiesApp32.exe (TuneUp Software) PRC - C:\Programme\TuneUp Utilities 2010\TuneUpUtilitiesService32.exe (TuneUp Software) PRC - C:\Programme\Uniblue\RegistryBooster\registrybooster.exe (Uniblue Systems Limited) PRC - C:\Programme\Uniblue\RegistryBooster\rbmonitor.exe (Uniblue Systems Limited) PRC - C:\Programme\Malwarebytes' Anti-Malware\mbam.exe (Malwarebytes Corporation) PRC - C:\Programme\Gemeinsame Dateien\Real\Update_OB\realsched.exe (RealNetworks, Inc.) PRC - C:\Programme\Avira\AntiVir Desktop\sched.exe (Avira GmbH) PRC - C:\Programme\Avira\AntiVir Desktop\avguard.exe (Avira GmbH) PRC - C:\Programme\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe (Microsoft Corporation) PRC - C:\Programme\Avira\AntiVir Desktop\avgnt.exe (Avira GmbH) PRC - C:\Programme\Windows Live\Toolbar\wltuser.exe (Microsoft Corporation) PRC - C:\Programme\EeePC\ACPI\AsTray.exe (ASUSTeK Computer Inc.) PRC - C:\Programme\EeePC\ACPI\AsAcpiSvr.exe (ASUSTeK Computer Inc.) PRC - C:\Programme\Elantech\ETDCTRL.EXE (ELANTECH Devices Corp.) PRC - C:\Programme\Asus\EeePC\Super Hybrid Engine\SuperHybridEngine.exe (ASUSTeK Computer Inc.) PRC - C:\Programme\EeePC\ACPI\AsEPCMon.exe (ASUSTeK Computer Inc.) PRC - C:\WINDOWS\explorer.exe (Microsoft Corporation) PRC - C:\Programme\Sun\StarOffice 8\program\soffice.bin (Sun Microsystems, Inc.) PRC - C:\Programme\Sun\StarOffice 8\program\soffice.exe (Sun Microsystems, Inc.) PRC - C:\WINDOWS\system32\igfxext.exe (Intel Corporation) PRC - C:\Programme\Gemeinsame Dateien\InterVideo\RegMgr\iviRegMgr.exe (InterVideo) ========== Modules (SafeList) ========== MOD - C:\Programme\OTL.exe (OldTimer Tools) MOD - C:\WINDOWS\system32\mstiosk.dll () MOD - C:\WINDOWS\system32\msscript.ocx (Microsoft Corporation) ========== Win32 Services (SafeList) ========== SRV - (HidServ) -- C:\WINDOWS\System32\hidserv.dll File not found SRV - (AppMgmt) -- C:\WINDOWS\System32\appmgmts.dll File not found SRV - (TuneUp.Defrag) -- C:\Programme\TuneUp Utilities 2010\TuneUpDefragService.exe (TuneUp Software) SRV - (TuneUp.UtilitiesSvc) -- C:\Programme\TuneUp Utilities 2010\TuneUpUtilitiesService32.exe (TuneUp Software) SRV - (UxTuneUp) -- C:\WINDOWS\system32\uxtuneup.dll (TuneUp Software) SRV - (AntiVirSchedulerService) -- C:\Programme\Avira\AntiVir Desktop\sched.exe (Avira GmbH) SRV - (AntiVirService) -- C:\Programme\Avira\AntiVir Desktop\avguard.exe (Avira GmbH) SRV - (fsssvc) -- C:\Programme\Windows Live\Family Safety\fsssvc.exe (Microsoft Corporation) SRV - (SeaPort) -- C:\Programme\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe (Microsoft Corporation) SRV - (IviRegMgr) -- C:\Programme\Gemeinsame Dateien\InterVideo\RegMgr\iviRegMgr.exe (InterVideo) ========== Driver Services (SafeList) ========== DRV - (MBAMSwissArmy) -- C:\WINDOWS\system32\drivers\mbamswissarmy.sys (Malwarebytes Corporation) DRV - (TuneUpUtilitiesDrv) -- C:\Programme\TuneUp Utilities 2010\TuneUpUtilitiesDriver32.sys (TuneUp Software) DRV - (avgntflt) -- C:\WINDOWS\system32\drivers\avgntflt.sys (Avira GmbH) DRV - (ssmdrv) -- C:\WINDOWS\system32\drivers\ssmdrv.sys (Avira GmbH) DRV - (fssfltr) -- C:\WINDOWS\system32\drivers\fssfltr_tdi.sys (Microsoft Corporation) DRV - (avipbb) -- C:\WINDOWS\system32\drivers\avipbb.sys (Avira GmbH) DRV - (avgio) -- C:\Programme\Avira\AntiVir Desktop\avgio.sys (Avira GmbH) DRV - (hwdatacard) -- C:\WINDOWS\system32\drivers\ewusbmdm.sys (Huawei Technologies Co., Ltd.) DRV - (IntcAzAudAddService) Service for Realtek HD Audio (WDM) -- C:\WINDOWS\system32\drivers\RtkHDAud.sys (Realtek Semiconductor Corp.) DRV - (Ktp) -- C:\WINDOWS\system32\drivers\ETD.sys (ELANTECH Devices Corp.) DRV - (HDAudBus) -- C:\WINDOWS\system32\drivers\hdaudbus.sys (Windows (R) Server 2003 DDK provider) DRV - (L1e) -- C:\WINDOWS\system32\drivers\l1e51x86.sys (Atheros Communications, Inc.) DRV - (AsusACPI) -- C:\WINDOWS\system32\drivers\ASUSACPI.SYS (ASUSTeK Computer Inc.) DRV - (AR5211) -- C:\WINDOWS\system32\drivers\ar5211.sys (Atheros Communications, Inc.) DRV - (ialm) -- C:\WINDOWS\system32\drivers\igxpmp32.sys (Intel Corporation) ========== Standard Registry (SafeList) ========== ========== Internet Explorer ========== IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = about:blank IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 ========== FireFox ========== FF - prefs.js..browser.search.useDBForOrder: true FF - prefs.js..network.proxy.type: 0 FF - HKLM\software\mozilla\Mozilla Firefox 4.0b4\extensions\\Components: C:\Programme\Mozilla Firefox 4.0 Beta 4\components [2010.08.25 10:09:55 | 000,000,000 | ---D | M] [2010.08.08 23:14:09 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Britta\Anwendungsdaten\Mozilla\Extensions [2010.08.08 23:14:09 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Britta\Anwendungsdaten\Mozilla\Extensions\IMVUClientXUL@imvu.com [2010.08.26 13:28:48 | 000,001,622 | ---- | M] () -- C:\Dokumente und Einstellungen\Britta\Anwendungsdaten\Mozilla\Firefox\Profiles\ikgofx0q.default\searchplugins\bing.xml [2010.08.27 17:03:53 | 000,002,698 | ---- | M] () -- C:\Dokumente und Einstellungen\Britta\Anwendungsdaten\Mozilla\Firefox\Profiles\ikgofx0q.default\searchplugins\twitter.xml O1 HOSTS File: ([2008.04.14 14:00:00 | 000,000,820 | ---- | M]) - C:\WINDOWS\system32\drivers\etc\hosts O1 - Hosts: 127.0.0.1 localhost O2 - BHO: (Adobe PDF Reader) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Programme\Gemeinsame Dateien\Adobe\Acrobat\ActiveX\AcroIEHelper.dll (Adobe Systems Incorporated) O2 - BHO: (RealPlayer Download and Record Plugin for Internet Explorer) - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\Programme\Real\RealPlayer\rpbrowserrecordplugin.dll (RealPlayer) O2 - BHO: (nixneues.de Toolbar) - {33988062-a155-4ff7-ae2f-4288a3f076d5} - Reg Error: Value error. File not found O2 - BHO: (Search Helper) - {6EBF7485-159F-4bff-A14F-B9E3AAC4465B} - C:\Programme\Microsoft\Search Enhancement Pack\Search Helper\SEPsearchhelperie.dll (Microsoft Corporation) O2 - BHO: (Windows Live Anmelde-Hilfsprogramm) - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Programme\Gemeinsame Dateien\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corporation) O2 - BHO: (Skype add-on for Internet Explorer) - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Programme\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.) O2 - BHO: (Windows Live Toolbar Helper) - {E15A8DC0-8516-42A1-81EA-DC94EC1ACF10} - C:\Programme\Windows Live\Toolbar\wltcore.dll (Microsoft Corporation) O3 - HKLM\..\Toolbar: (&Windows Live Toolbar) - {21FA44EF-376D-4D53-9B0F-8A89D3229068} - C:\Programme\Windows Live\Toolbar\wltcore.dll (Microsoft Corporation) O3 - HKLM\..\Toolbar: (nixneues.de Toolbar) - {33988062-a155-4ff7-ae2f-4288a3f076d5} - Reg Error: Value error. File not found O3 - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found. O3 - HKCU\..\Toolbar\WebBrowser: (nixneues.de Toolbar) - {33988062-A155-4FF7-AE2F-4288A3F076D5} - Reg Error: Value error. File not found O4 - HKLM..\Run: [Alcmtr] C:\WINDOWS\Alcmtr.exe (Realtek Semiconductor Corp.) O4 - HKLM..\Run: [AsusACPIServer] C:\Programme\EeePC\ACPI\AsAcpiSvr.exe (ASUSTeK Computer Inc.) O4 - HKLM..\Run: [AsusEPCMonitor] C:\Programme\EeePC\ACPI\AsEPCMon.exe (ASUSTeK Computer Inc.) O4 - HKLM..\Run: [AsusTray] C:\Programme\EeePC\ACPI\AsTray.exe (ASUSTeK Computer Inc.) O4 - HKLM..\Run: [avgnt] C:\Programme\Avira\AntiVir Desktop\avgnt.exe (Avira GmbH) O4 - HKLM..\Run: [ETDWare] C:\Programme\Elantech\ETDCTRL.EXE (ELANTECH Devices Corp.) O4 - HKLM..\Run: [TkBellExe] C:\Programme\Gemeinsame Dateien\Real\Update_OB\realsched.exe (RealNetworks, Inc.) O4 - HKCU..\Run: [RegistryBooster] C:\Programme\Uniblue\RegistryBooster\launcher.exe (Uniblue Systems Limited) O4 - HKLM..\RunOnce: [Malwarebytes' Anti-Malware] C:\Programme\Malwarebytes' Anti-Malware\mbamgui.exe (Malwarebytes Corporation) O4 - Startup: C:\Dokumente und Einstellungen\All Users\Startmenü\Programme\Autostart\SuperHybridEngine.lnk = C:\Programme\Asus\EeePC\Super Hybrid Engine\SuperHybridEngine.exe (ASUSTeK Computer Inc.) O4 - Startup: C:\Dokumente und Einstellungen\Britta\Startmenü\Programme\Autostart\StarOffice 8.lnk = C:\Programme\Sun\StarOffice 8\program\quickstart.exe () O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1 O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145 O9 - Extra Button: In Blog veröffentlichen - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Programme\Windows Live\Writer\WriterBrowserExtension.dll (Microsoft Corporation) O9 - Extra 'Tools' menuitem : In Windows Live Writer in Blog veröffentliche&n - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Programme\Windows Live\Writer\WriterBrowserExtension.dll (Microsoft Corporation) O9 - Extra Button: Skype add-on for Internet Explorer - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Programme\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.) O9 - Extra 'Tools' menuitem : Skype add-on for Internet Explorer - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Programme\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.) O9 - Extra Button: Run IMVU - {d9288080-1baa-4bc4-9cf8-a92d743db949} - C:\Dokumente und Einstellungen\Britta\Startmenü\Programme\IMVU\Run IMVU.lnk File not found O16 - DPF: {166B1BCA-3F9C-11CF-8075-444553540000} hxxp://download.macromedia.com/pub/shockwave/cabs/director/sw.cab (Shockwave ActiveX Control) O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_17-windows-i586.cab (Java Plug-in 1.6.0_17) O16 - DPF: {CAFEEFAC-0016-0000-0003-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_03-windows-i586.cab (Reg Error: Key error.) O16 - DPF: {CAFEEFAC-0016-0000-0017-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_17-windows-i586.cab (Java Plug-in 1.6.0_17) O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_17-windows-i586.cab (Java Plug-in 1.6.0_17) O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.2.1 O18 - Protocol\Handler\http\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Gemeinsame Dateien\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation) O18 - Protocol\Handler\http\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Gemeinsame Dateien\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation) O18 - Protocol\Handler\https\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Gemeinsame Dateien\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation) O18 - Protocol\Handler\https\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Gemeinsame Dateien\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation) O18 - Protocol\Handler\ipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Gemeinsame Dateien\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation) O18 - Protocol\Handler\msdaipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Gemeinsame Dateien\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation) O18 - Protocol\Handler\msdaipp\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Gemeinsame Dateien\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation) O18 - Protocol\Handler\ms-itss {0A9007C0-4076-11D3-8789-0000F8105754} - C:\Programme\Gemeinsame Dateien\Microsoft Shared\Information Retrieval\msitss.dll (Microsoft Corporation) O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Programme\Gemeinsame Dateien\Skype\Skype4COM.dll (Skype Technologies) O18 - Protocol\Handler\skype-ie-addon-data {91774881-D725-4E58-B298-07617B9B86A8} - C:\Programme\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.) O18 - Protocol\Handler\wlmailhtml {03C514A3-1EFB-4856-9F99-10D7BE1653C0} - C:\Programme\Windows Live\Mail\mailcomm.dll (Microsoft Corporation) O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation) O20 - Winlogon\Notify\igfxcui: DllName - igfxdev.dll - C:\WINDOWS\System32\igfxdev.dll (Intel Corporation) O24 - Desktop Components:0 (Die derzeitige Homepage) - About:Home O24 - Desktop WallPaper: C:\Dokumente und Einstellungen\Britta\Lokale Einstellungen\Anwendungsdaten\Microsoft\Wallpaper1.bmp O24 - Desktop BackupWallPaper: C:\Dokumente und Einstellungen\Britta\Lokale Einstellungen\Anwendungsdaten\Microsoft\Wallpaper1.bmp O32 - HKLM CDRom: AutoRun - 1 O32 - AutoRun File - [2008.08.08 09:20:06 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ] O33 - MountPoints2\{58a151ae-9cac-11de-9c74-00224336c51d}\Shell - "" = AutoRun O33 - MountPoints2\{58a151ae-9cac-11de-9c74-00224336c51d}\Shell\AutoRun - "" = Auto&Play O33 - MountPoints2\{58a151ae-9cac-11de-9c74-00224336c51d}\Shell\AutoRun\command - "" = E:\AutoRun.exe -- File not found O33 - MountPoints2\{58a151af-9cac-11de-9c74-00224336c51d}\Shell - "" = AutoRun O33 - MountPoints2\{58a151af-9cac-11de-9c74-00224336c51d}\Shell\AutoRun - "" = Auto&Play O33 - MountPoints2\{58a151af-9cac-11de-9c74-00224336c51d}\Shell\AutoRun\command - "" = E:\AutoRun.exe -- File not found O33 - MountPoints2\{7f1bf00c-24b3-11df-9e5b-00224336c51d}\Shell - "" = AutoRun O33 - MountPoints2\{7f1bf00c-24b3-11df-9e5b-00224336c51d}\Shell\AutoRun - "" = Auto&Play O33 - MountPoints2\{7f1bf00c-24b3-11df-9e5b-00224336c51d}\Shell\AutoRun\command - "" = E:\AutoRun.exe -- File not found O33 - MountPoints2\{90526ef1-9e46-11df-9fe8-00224336c51d}\Shell\AutoRun\command - "" = E:\Menu.exe -- File not found O33 - MountPoints2\{dcac42f0-6b0c-11de-9bb8-00224336c51d}\Shell - "" = AutoRun O33 - MountPoints2\{dcac42f0-6b0c-11de-9bb8-00224336c51d}\Shell\AutoRun - "" = Auto&Play O33 - MountPoints2\{dcac42f0-6b0c-11de-9bb8-00224336c51d}\Shell\AutoRun\command - "" = E:\AutoRun.exe -- File not found O33 - MountPoints2\{dcac42f3-6b0c-11de-9bb8-00224336c51d}\Shell - "" = AutoRun O33 - MountPoints2\{dcac42f3-6b0c-11de-9bb8-00224336c51d}\Shell\AutoRun - "" = Auto&Play O33 - MountPoints2\{dcac42f3-6b0c-11de-9bb8-00224336c51d}\Shell\AutoRun\command - "" = E:\AutoRun.exe -- File not found O34 - HKLM BootExecute: (autocheck autochk *) - File not found O35 - HKLM\..comfile [open] -- "%1" %* O35 - HKLM\..exefile [open] -- "%1" %* O36 - AppCertDlls: mmchost - (C:\WINDOWS\system32\mstiosk.dll) - C:\WINDOWS\system32\mstiosk.dll () O37 - HKLM\...com [@ = comfile] -- "%1" %* O37 - HKLM\...exe [@ = exefile] -- "%1" %* ========== Files/Folders - Created Within 30 Days ========== [2011.08.08 14:48:55 | 003,426,072 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\d3dx9_32.dll [2011.08.08 14:46:33 | 000,000,000 | -HSD | C] -- C:\Programme\Gemeinsame Dateien\WindowsLiveInstaller [2011.08.08 14:46:30 | 000,000,000 | ---D | C] -- C:\Programme\Windows Live [2011.08.08 14:46:25 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\WLInstaller [2011.08.08 14:46:03 | 000,000,000 | ---D | C] -- C:\Programme\Microsoft Office [2011.08.08 14:45:27 | 000,000,000 | ---D | C] -- C:\Programme\Microsoft Works [2011.08.08 14:44:54 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Adobe [2011.08.08 14:44:47 | 000,000,000 | ---D | C] -- C:\Programme\Gemeinsame Dateien\Adobe [2011.08.08 14:44:01 | 000,000,000 | ---D | C] -- C:\Programme\Microsoft SQL Server Compact Edition [2011.08.08 14:43:49 | 000,044,768 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\wups2.dll [2011.08.08 14:43:48 | 000,023,264 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\wucltui.dll.mui [2011.08.08 14:43:48 | 000,018,144 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\wuaueng.dll.mui [2011.08.08 14:43:48 | 000,015,584 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\wuaucpl.cpl.mui [2011.08.08 14:43:48 | 000,015,584 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\wuapi.dll.mui [2011.08.08 14:43:48 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\SoftwareDistribution [2011.08.08 14:39:20 | 000,000,000 | R-SD | C] -- C:\WINDOWS\assembly [2011.08.08 14:39:19 | 000,000,000 | ---D | C] -- C:\WINDOWS\Microsoft.NET [2011.08.08 14:39:18 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\URTTemp [2011.08.08 14:37:52 | 000,000,000 | ---D | C] -- C:\Programme\Asus [2011.08.08 14:36:52 | 000,011,264 | ---- | C] (ASUSTeK Computer Inc.) -- C:\WINDOWS\System32\drivers\ASUSACPI.SYS [2011.08.08 14:36:51 | 000,000,000 | ---D | C] -- C:\Programme\EeePC [2011.08.08 14:36:32 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\Atheros_L1e [2011.08.08 14:36:06 | 000,172,032 | ---- | C] (Intel Corporation) -- C:\WINDOWS\System32\igfxrita.lrc [2011.08.08 14:36:06 | 000,159,744 | ---- | C] (Intel Corporation) -- C:\WINDOWS\System32\igfxrsve.lrc [2011.08.08 14:36:06 | 000,159,744 | ---- | C] (Intel Corporation) -- C:\WINDOWS\System32\igfxrdan.lrc [2011.08.08 14:36:06 | 000,155,648 | ---- | C] (Intel Corporation) -- C:\WINDOWS\System32\igfxrtrk.lrc [2011.08.08 14:36:06 | 000,139,264 | ---- | C] (Intel Corporation) -- C:\WINDOWS\System32\igfxrheb.lrc [2011.08.08 14:36:06 | 000,114,688 | ---- | C] (Intel Corporation) -- C:\WINDOWS\System32\igfxrkor.lrc [2011.08.08 14:36:06 | 000,114,688 | ---- | C] (Intel Corporation) -- C:\WINDOWS\System32\igfxrjpn.lrc [2011.08.08 14:36:06 | 000,053,248 | ---- | C] (Intel Corporation) -- C:\WINDOWS\System32\igxprd32.dll [2011.08.08 14:36:06 | 000,023,552 | ---- | C] (Intel Corporation) -- C:\WINDOWS\System32\igfxexps.dll [2011.08.08 14:36:05 | 001,181,824 | ---- | C] (Intel Corporation) -- C:\WINDOWS\System32\drivers\igxpmp32.sys [2011.08.08 14:36:05 | 000,167,936 | ---- | C] (Intel Corporation) -- C:\WINDOWS\System32\igfxrfra.lrc [2011.08.08 14:36:05 | 000,159,744 | ---- | C] (Intel Corporation) -- C:\WINDOWS\System32\igfxrcsy.lrc [2011.08.08 14:36:05 | 000,147,456 | ---- | C] (Intel Corporation) -- C:\WINDOWS\System32\igfxrtha.lrc [2011.08.08 14:36:05 | 000,143,360 | ---- | C] (Intel Corporation) -- C:\WINDOWS\System32\igfxrara.lrc [2011.08.08 14:36:05 | 000,129,560 | ---- | C] (Intel Corporation) -- C:\WINDOWS\System32\igfxext.exe [2011.08.08 14:36:05 | 000,044,032 | ---- | C] (Intel Corporation) -- C:\WINDOWS\System32\igfxsrvc.dll [2011.08.08 14:36:04 | 003,276,800 | ---- | C] (Intel Corporation) -- C:\WINDOWS\System32\igfxress.dll [2011.08.08 14:36:04 | 002,363,392 | ---- | C] (Intel Corporation) -- C:\WINDOWS\System32\iglicd32.dll [2011.08.08 14:36:04 | 002,262,528 | ---- | C] (Intel Corporation) -- C:\WINDOWS\System32\igxpdx32.dll [2011.08.08 14:36:04 | 001,442,848 | ---- | C] (Intel Corporation) -- C:\WINDOWS\System32\igxpdv32.dll [2011.08.08 14:36:04 | 000,457,240 | ---- | C] (Intel Corporation) -- C:\WINDOWS\System32\igfxcfg.exe [2011.08.08 14:36:04 | 000,454,656 | ---- | C] (Intel Corporation) -- C:\WINDOWS\System32\igldev32.dll [2011.08.08 14:36:04 | 000,312,320 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\difx32.dll [2011.08.08 14:36:04 | 000,176,128 | ---- | C] (Intel Corporation) -- C:\WINDOWS\System32\igfxrell.lrc [2011.08.08 14:36:04 | 000,176,128 | ---- | C] (Intel Corporation) -- C:\WINDOWS\System32\igfxrdeu.lrc [2011.08.08 14:36:04 | 000,172,032 | ---- | C] (Intel Corporation) -- C:\WINDOWS\System32\igfxrnld.lrc [2011.08.08 14:36:04 | 000,172,032 | ---- | C] (Intel Corporation) -- C:\WINDOWS\System32\igfxresp.lrc [2011.08.08 14:36:04 | 000,167,936 | ---- | C] (Intel Corporation) -- C:\WINDOWS\System32\igfxrhun.lrc [2011.08.08 14:36:04 | 000,163,840 | ---- | C] (Intel Corporation) -- C:\WINDOWS\System32\igfxrrus.lrc [2011.08.08 14:36:04 | 000,163,840 | ---- | C] (Intel Corporation) -- C:\WINDOWS\System32\igfxrptg.lrc [2011.08.08 14:36:04 | 000,163,840 | ---- | C] (Intel Corporation) -- C:\WINDOWS\System32\igfxrptb.lrc [2011.08.08 14:36:04 | 000,163,840 | ---- | C] (Intel Corporation) -- C:\WINDOWS\System32\igfxrplk.lrc [2011.08.08 14:36:04 | 000,163,840 | ---- | C] (Intel Corporation) -- C:\WINDOWS\System32\igfxpph.dll [2011.08.08 14:36:04 | 000,159,744 | ---- | C] (Intel Corporation) -- C:\WINDOWS\System32\igfxrnor.lrc [2011.08.08 14:36:04 | 000,159,744 | ---- | C] (Intel Corporation) -- C:\WINDOWS\System32\igfxrfin.lrc [2011.08.08 14:36:04 | 000,155,648 | ---- | C] (Intel Corporation) -- C:\WINDOWS\System32\igfxrenu.lrc [2011.08.08 14:36:04 | 000,155,648 | ---- | C] (Intel Corporation) -- C:\WINDOWS\System32\igfxdev.dll [2011.08.08 14:36:04 | 000,146,432 | ---- | C] (Intel Corporation) -- C:\WINDOWS\System32\igxpgd32.dll [2011.08.08 14:36:04 | 000,113,176 | ---- | C] (Intel Corporation) -- C:\WINDOWS\System32\igfxzoom.exe [2011.08.08 14:36:04 | 000,098,304 | ---- | C] (Intel Corporation) -- C:\WINDOWS\System32\igfxrcht.lrc [2011.08.08 14:36:04 | 000,098,304 | ---- | C] (Intel Corporation) -- C:\WINDOWS\System32\igfxrchs.lrc [2011.08.08 14:36:04 | 000,098,304 | ---- | C] (Intel Corporation) -- C:\WINDOWS\System32\igfxdo.dll [2011.08.08 14:36:04 | 000,094,208 | ---- | C] (Intel Corporation) -- C:\WINDOWS\System32\igfxcpl.cpl [2011.08.08 14:36:04 | 000,081,920 | ---- | C] (Intel Corporation) -- C:\WINDOWS\System32\hccutils.dll [2011.08.08 14:36:04 | 000,057,344 | ---- | C] (Intel Corporation) -- C:\WINDOWS\System32\oemdspif.dll [2011.08.08 14:36:03 | 000,371,224 | ---- | C] (Intel(R) Corporation) -- C:\WINDOWS\System32\igxpun.exe [2011.08.08 14:36:03 | 000,312,320 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\difxapi.dll [2011.08.08 14:36:03 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\Lang [2011.08.08 14:35:09 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\ReinstallBackups [2011.08.08 14:35:07 | 000,000,000 | ---D | C] -- C:\Programme\Intel [2011.08.08 14:35:07 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\DRVSTORE [2011.08.08 14:35:00 | 000,000,000 | ---D | C] -- C:\Intel [2011.08.08 14:34:55 | 000,006,272 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\splitter.sys [2011.08.08 14:34:53 | 000,083,072 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\wdmaud.sys [2011.08.08 14:34:50 | 000,052,864 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\dmusic.sys [2011.08.08 14:34:47 | 000,056,576 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\swmidi.sys [2011.08.08 14:34:45 | 000,142,592 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\aec.sys [2011.08.08 14:34:43 | 000,172,416 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\kmixer.sys [2011.08.08 14:34:41 | 000,002,944 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\drmkaud.sys [2011.08.08 14:34:39 | 000,060,800 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\sysaudio.sys [2011.08.08 14:34:34 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\RTCOM [2011.08.08 14:34:30 | 000,146,048 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\drivers\portcls.sys [2011.08.08 14:34:30 | 000,146,048 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\portcls.sys [2011.08.08 14:34:30 | 000,060,160 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\drivers\drmk.sys [2011.08.08 14:34:30 | 000,060,160 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\drmk.sys [2011.08.08 14:34:25 | 001,826,816 | ---- | C] (Realtek Semiconductor Corp.) -- C:\WINDOWS\SkyTel.exe [2011.08.08 14:34:25 | 001,196,032 | ---- | C] (Realtek Semiconductor Corp.) -- C:\WINDOWS\RtlUpd.exe [2011.08.08 14:34:25 | 000,266,240 | ---- | C] (Realtek Semiconductor Corp.) -- C:\WINDOWS\System32\RTSndMgr.cpl [2011.08.08 14:34:25 | 000,077,824 | ---- | C] (Realtek Semiconductor Corp.) -- C:\WINDOWS\SoundMan.exe [2011.08.08 14:34:24 | 009,715,200 | ---- | C] (Realtek Semiconductor Corp.) -- C:\WINDOWS\RTLCPL.exe [2011.08.08 14:34:24 | 004,747,776 | ---- | C] (Realtek Semiconductor Corp.) -- C:\WINDOWS\System32\drivers\RtkHDAud.sys [2011.08.08 14:34:23 | 002,165,760 | ---- | C] (Realtek Semiconductor Corp.) -- C:\WINDOWS\MicCal.exe [2011.08.08 14:34:22 | 000,278,528 | ---- | C] (Realtek Semiconductor Corp.) -- C:\WINDOWS\System32\ALSndMgr.cpl [2011.08.08 14:34:21 | 002,808,832 | ---- | C] (RealTek Semicoductor Corp.) -- C:\WINDOWS\alcwzrd.exe [2011.08.08 14:34:21 | 000,057,344 | ---- | C] (Realtek Semiconductor Corp.) -- C:\WINDOWS\Alcmtr.exe [2011.08.08 14:34:21 | 000,000,000 | -H-D | C] -- C:\Programme\InstallShield Installation Information [2011.08.08 14:34:21 | 000,000,000 | ---D | C] -- C:\Programme\Realtek [2011.08.08 14:34:18 | 000,520,192 | ---- | C] (Realtek Semiconductor Corp.) -- C:\WINDOWS\RtlExUpd.dll [2011.08.08 14:34:18 | 000,315,392 | ---- | C] (Realtek Semiconductor Corp.) -- C:\WINDOWS\HideWin.exe [2011.08.08 14:34:14 | 000,000,000 | ---D | C] -- C:\Programme\Gemeinsame Dateien\InstallShield [2011.08.08 14:01:37 | 000,000,000 | -H-D | C] -- C:\Programme\Uninstall Information [2011.08.08 14:00:40 | 000,000,000 | ---D | C] -- C:\WINDOWS\SoftwareDistribution [2011.08.08 14:00:37 | 000,000,000 | ---D | C] -- C:\WINDOWS\Prefetch [2011.08.08 14:00:36 | 000,000,000 | --SD | C] -- C:\WINDOWS\System32\Microsoft [2011.08.08 14:00:35 | 000,000,000 | --SD | C] -- C:\Dokumente und Einstellungen\LocalService\Anwendungsdaten\Microsoft [2011.08.08 14:00:35 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\LocalService\Lokale Einstellungen\Anwendungsdaten\Microsoft [2011.08.08 14:00:34 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\NetworkService\Lokale Einstellungen\Anwendungsdaten\Microsoft [2011.08.08 14:00:33 | 000,000,000 | --SD | C] -- C:\Dokumente und Einstellungen\NetworkService\Anwendungsdaten\Microsoft [2010.08.30 21:20:53 | 000,574,976 | ---- | C] (OldTimer Tools) -- C:\Programme\OTL.exe [2010.08.30 20:47:24 | 006,153,648 | ---- | C] (Malwarebytes Corporation ) -- C:\Programme\mailware trojaner board bam-setup.exe [2010.08.30 17:08:58 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\Britta\Anwendungsdaten\Malwarebytes [2010.08.30 17:08:45 | 000,038,224 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbamswissarmy.sys [2010.08.30 17:08:40 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Malwarebytes [2010.08.30 17:08:38 | 000,020,952 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbam.sys [2010.08.30 17:08:38 | 000,000,000 | ---D | C] -- C:\Programme\Malwarebytes' Anti-Malware [2010.08.25 22:09:30 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\Britta\Startmenü\Eigene Dateien\Downloads [2010.08.25 10:10:17 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\Britta\Lokale Einstellungen\Anwendungsdaten\Mozilla [2010.08.25 10:09:39 | 000,000,000 | ---D | C] -- C:\Programme\Mozilla Firefox 4.0 Beta 4 [2010.08.25 10:07:57 | 009,595,848 | ---- | C] (Mozilla) -- C:\Programme\Firefox_Setup_4.0_Beta_4.exe [2010.08.25 09:46:29 | 000,030,528 | ---- | C] (TuneUp Software) -- C:\WINDOWS\System32\TURegOpt.exe [2010.08.25 09:46:26 | 000,030,016 | ---- | C] (TuneUp Software) -- C:\WINDOWS\System32\uxtuneup.dll [2010.08.25 09:45:37 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\Britta\Anwendungsdaten\TuneUp Software [2010.08.25 09:44:50 | 000,000,000 | ---D | C] -- C:\Programme\TuneUp Utilities 2010 [2010.08.25 09:44:02 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\TuneUp Software [2010.08.25 09:42:43 | 000,000,000 | -HSD | C] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\{D3742F82-1C1A-4DCC-ABBD-0E7C3C0185CC} [2010.08.25 09:42:24 | 019,807,040 | ---- | C] (TuneUp Software) -- C:\Programme\TUNEUP2010.exe [2010.08.25 09:21:13 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\Britta\Anwendungsdaten\Uniblue [2010.08.25 09:20:57 | 000,000,000 | ---D | C] -- C:\Programme\Uniblue [2010.08.08 23:17:29 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\Britta\Anwendungsdaten\Vivox [2010.08.08 23:14:09 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\Britta\Anwendungsdaten\Mozilla [2010.08.02 17:13:38 | 000,000,000 | ---D | C] -- C:\Programme\PixiePack Codec Pack [2010.08.02 17:12:44 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\Britta\Anwendungsdaten\FILEminimizerPictures [2010.08.02 17:12:24 | 000,000,000 | ---D | C] -- C:\Programme\FILEminimizer Pictures [2010.08.02 17:07:37 | 000,000,000 | ---D | C] -- C:\Programme\RapidSolution [2010.08.02 17:07:36 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\RapidSolution [2010.08.02 17:02:38 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\Britta\Lokale Einstellungen\Anwendungsdaten\RapidSolution [2009.12.07 02:01:04 | 000,431,104 | ---- | C] (Frogster Online Gaming GmbH) -- C:\Programme\FOGDownloader-RoM_2_1_0_1871.exe [2009.09.30 08:12:25 | 000,535,576 | ---- | C] (RealNetworks, Inc.) -- C:\Programme\RealPlayerSPGold_de.exe [2008.08.08 14:11:34 | 015,523,560 | ---- | C] (Macrovision Corporation) -- C:\Programme\U1 Setup.exe [1 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ] ========== Files - Modified Within 30 Days ========== [2011.08.08 14:38:42 | 000,000,692 | ---- | M] () -- C:\WINDOWS\setup.iss [2011.08.08 14:37:52 | 000,000,759 | ---- | M] () -- C:\Dokumente und Einstellungen\All Users\Startmenü\Programme\Autostart\SuperHybridEngine.lnk [2011.08.08 14:34:18 | 000,315,392 | ---- | M] (Realtek Semiconductor Corp.) -- C:\WINDOWS\HideWin.exe [2010.08.30 21:21:07 | 000,574,976 | ---- | M] (OldTimer Tools) -- C:\Programme\OTL.exe [2010.08.30 20:49:58 | 000,000,676 | ---- | M] () -- C:\Dokumente und Einstellungen\All Users\Desktop\Malwarebytes' Anti-Malware.lnk [2010.08.30 20:48:57 | 006,153,648 | ---- | M] (Malwarebytes Corporation ) -- C:\Programme\mailware trojaner board bam-setup.exe [2010.08.30 20:41:00 | 003,670,016 | ---- | M] () -- C:\Dokumente und Einstellungen\Britta\ntuser.dat [2010.08.30 18:14:54 | 000,000,258 | ---- | M] () -- C:\WINDOWS\tasks\RegistryBooster.job [2010.08.30 18:14:50 | 000,000,006 | -H-- | M] () -- C:\WINDOWS\tasks\SA.DAT [2010.08.30 18:14:42 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat [2010.08.30 18:05:26 | 001,299,784 | ---- | M] () -- C:\WINDOWS\System32\PerfStringBackup.INI [2010.08.30 18:05:26 | 000,549,460 | ---- | M] () -- C:\WINDOWS\System32\perfh007.dat [2010.08.30 18:05:26 | 000,520,688 | ---- | M] () -- C:\WINDOWS\System32\perfh009.dat [2010.08.30 18:05:26 | 000,115,838 | ---- | M] () -- C:\WINDOWS\System32\perfc007.dat [2010.08.30 18:05:26 | 000,097,956 | ---- | M] () -- C:\WINDOWS\System32\perfc009.dat [2010.08.30 17:43:11 | 000,000,190 | -HS- | M] () -- C:\Dokumente und Einstellungen\Britta\ntuser.ini [2010.08.30 16:52:09 | 000,000,729 | ---- | M] () -- C:\Dokumente und Einstellungen\All Users\Desktop\RegistryBooster.lnk [2010.08.27 16:40:30 | 000,000,119 | ---- | M] () -- C:\WINDOWS\Podcasts.INI [2010.08.25 10:10:31 | 000,000,000 | ---- | M] () -- C:\WINDOWS\nsreg.dat [2010.08.25 10:09:59 | 000,001,669 | ---- | M] () -- C:\Dokumente und Einstellungen\All Users\Desktop\Mozilla Firefox 4.0 Beta 4.lnk [2010.08.25 10:08:22 | 009,595,848 | ---- | M] (Mozilla) -- C:\Programme\Firefox_Setup_4.0_Beta_4.exe [2010.08.25 09:46:21 | 000,001,709 | ---- | M] () -- C:\Dokumente und Einstellungen\All Users\Desktop\TuneUp 1-Klick-Wartung.lnk [2010.08.25 09:46:21 | 000,001,695 | ---- | M] () -- C:\Dokumente und Einstellungen\All Users\Desktop\TuneUp Utilities.lnk [2010.08.25 09:42:39 | 019,807,040 | ---- | M] (TuneUp Software) -- C:\Programme\TUNEUP2010.exe [2010.08.22 12:00:55 | 000,050,398 | ---- | M] () -- C:\WINDOWS\System32\vmmufiapoqyr.exe [2010.08.21 15:17:06 | 000,001,158 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl [2010.08.17 20:06:26 | 000,002,243 | ---- | M] () -- C:\Dokumente und Einstellungen\Britta\Desktop\Skype.lnk [2010.08.16 19:53:57 | 000,210,960 | ---- | M] () -- C:\Dokumente und Einstellungen\Britta\Startmenü\Eigene Dateien\ts3_clientui-win32-11315-2010-08-16 19_53_57.062500.dmp [2010.08.13 08:12:49 | 000,185,016 | ---- | M] () -- C:\WINDOWS\System32\FNTCACHE.DAT [2010.08.13 02:10:12 | 000,001,374 | ---- | M] () -- C:\WINDOWS\imsins.BAK [2010.08.12 21:26:04 | 000,030,528 | ---- | M] (TuneUp Software) -- C:\WINDOWS\System32\TURegOpt.exe [2010.08.12 21:19:54 | 000,030,016 | ---- | M] (TuneUp Software) -- C:\WINDOWS\System32\uxtuneup.dll [2010.08.10 22:50:05 | 000,048,128 | -H-- | M] () -- C:\WINDOWS\System32\mstiosk.dll [2010.08.02 17:12:35 | 000,000,777 | ---- | M] () -- C:\Dokumente und Einstellungen\Britta\Desktop\FILEminimizer.lnk [2010.08.02 17:10:32 | 000,000,862 | ---- | M] () -- C:\Dokumente und Einstellungen\All Users\Desktop\Radiotracker 6.lnk [2010.08.02 17:01:56 | 000,000,032 | ---- | M] () -- C:\WINDOWS\Menu.INI [1 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ] ========== Files Created - No Company Name ========== [2011.08.08 14:38:44 | 000,049,152 | ---- | C] () -- C:\WINDOWS\INSTALLEEE.EXE [2011.08.08 14:38:44 | 000,001,162 | ---- | C] () -- C:\WINDOWS\sr.VBS [2011.08.08 14:38:44 | 000,000,256 | ---- | C] () -- C:\WINDOWS\RUN.REG [2011.08.08 14:38:44 | 000,000,124 | ---- | C] () -- C:\WINDOWS\HW.VBS [2011.08.08 14:38:44 | 000,000,037 | ---- | C] () -- C:\WINDOWS\AUTO.BAT [2011.08.08 14:38:42 | 000,000,692 | ---- | C] () -- C:\WINDOWS\setup.iss [2011.08.08 14:37:52 | 000,000,759 | ---- | C] () -- C:\Dokumente und Einstellungen\All Users\Startmenü\Programme\Autostart\SuperHybridEngine.lnk [2011.08.08 14:36:52 | 000,001,203 | ---- | C] () -- C:\WINDOWS\System32\drivers\AsusACPI.inf [2011.08.08 14:36:06 | 000,000,929 | ---- | C] () -- C:\WINDOWS\System32\igxpxa32.vp [2011.08.08 14:36:05 | 000,655,842 | ---- | C] () -- C:\WINDOWS\System32\igxpxa32.cpa [2011.08.08 14:36:04 | 000,200,704 | ---- | C] () -- C:\WINDOWS\System32\igfxCoIn_v4704.dll [2011.08.08 14:36:04 | 000,023,632 | ---- | C] () -- C:\WINDOWS\System32\igxpxs32.vp [2011.08.08 14:36:04 | 000,002,096 | ---- | C] () -- C:\WINDOWS\System32\igxpxk32.vp [2011.08.08 14:36:03 | 000,121,232 | ---- | C] () -- C:\WINDOWS\System32\IScrNBR.bmp [2011.08.08 14:36:03 | 000,121,232 | ---- | C] () -- C:\WINDOWS\System32\IScrNB.bmp [2011.08.08 14:34:59 | 000,000,553 | ---- | C] () -- C:\WINDOWS\USetup.iss [2011.08.08 14:34:57 | 000,049,152 | ---- | C] () -- C:\WINDOWS\System32\ChCfg.exe [2011.08.08 14:34:26 | 000,000,520 | ---- | C] () -- C:\WINDOWS\System32\drivers\SamSfPa.dat [2010.08.30 17:08:49 | 000,000,676 | ---- | C] () -- C:\Dokumente und Einstellungen\All Users\Desktop\Malwarebytes' Anti-Malware.lnk [2010.08.30 16:52:31 | 000,000,258 | ---- | C] () -- C:\WINDOWS\tasks\RegistryBooster.job [2010.08.30 16:52:09 | 000,000,729 | ---- | C] () -- C:\Dokumente und Einstellungen\All Users\Desktop\RegistryBooster.lnk [2010.08.25 10:10:31 | 000,000,000 | ---- | C] () -- C:\WINDOWS\nsreg.dat [2010.08.25 10:09:59 | 000,001,669 | ---- | C] () -- C:\Dokumente und Einstellungen\All Users\Desktop\Mozilla Firefox 4.0 Beta 4.lnk [2010.08.25 09:46:21 | 000,001,709 | ---- | C] () -- C:\Dokumente und Einstellungen\All Users\Desktop\TuneUp 1-Klick-Wartung.lnk [2010.08.25 09:46:21 | 000,001,695 | ---- | C] () -- C:\Dokumente und Einstellungen\All Users\Desktop\TuneUp Utilities.lnk [2010.08.16 19:53:57 | 000,210,960 | ---- | C] () -- C:\Dokumente und Einstellungen\Britta\Startmenü\Eigene Dateien\ts3_clientui-win32-11315-2010-08-16 19_53_57.062500.dmp [2010.08.10 22:50:05 | 000,048,128 | -H-- | C] () -- C:\WINDOWS\System32\mstiosk.dll [2010.08.02 19:26:57 | 000,000,119 | ---- | C] () -- C:\WINDOWS\Podcasts.INI [2010.08.02 17:12:35 | 000,000,777 | ---- | C] () -- C:\Dokumente und Einstellungen\Britta\Desktop\FILEminimizer.lnk [2010.08.02 17:10:31 | 000,000,862 | ---- | C] () -- C:\Dokumente und Einstellungen\All Users\Desktop\Radiotracker 6.lnk [2010.08.02 17:01:03 | 000,000,032 | ---- | C] () -- C:\WINDOWS\Menu.INI [2009.11.25 13:40:50 | 000,085,504 | ---- | C] () -- C:\WINDOWS\System32\ff_vfw.dll [2009.11.25 12:40:53 | 000,022,892 | ---- | C] () -- C:\Programme\Einheiten.zip [2009.10.25 16:04:13 | 005,862,994 | ---- | C] () -- C:\Programme\ts2_client_rc2_2032.exe [2009.09.09 08:39:38 | 005,364,932 | ---- | C] () -- C:\Programme\eMule.v0.49c.Razorback3.Next.Generation.v5.21.installer.exe [2009.07.13 19:48:35 | 030,228,816 | ---- | C] () -- C:\Programme\avira_antivir_personal_de.exe [2009.04.18 13:56:53 | 000,001,252 | ---- | C] () -- C:\Dokumente und Einstellungen\Britta\Anwendungsdaten\wklnhst.dat [2009.04.18 13:27:20 | 000,000,032 | ---- | C] () -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\ezsid.dat [2009.04.18 02:57:46 | 000,000,139 | ---- | C] () -- C:\Dokumente und Einstellungen\Britta\Lokale Einstellungen\Anwendungsdaten\fusioncache.dat [2009.03.02 11:33:32 | 000,000,547 | ---- | C] () -- C:\WINDOWS\System32\ff_vfw.dll.manifest [2008.08.08 14:47:58 | 000,000,061 | ---- | C] () -- C:\WINDOWS\smscfg.ini [2008.08.08 14:25:09 | 000,204,800 | ---- | C] () -- C:\WINDOWS\System32\IVIresizeW7.dll [2008.08.08 14:25:09 | 000,200,704 | ---- | C] () -- C:\WINDOWS\System32\IVIresizeA6.dll [2008.08.08 14:25:09 | 000,192,512 | ---- | C] () -- C:\WINDOWS\System32\IVIresizeP6.dll [2008.08.08 14:25:09 | 000,192,512 | ---- | C] () -- C:\WINDOWS\System32\IVIresizeM6.dll [2008.08.08 14:25:09 | 000,188,416 | ---- | C] () -- C:\WINDOWS\System32\IVIresizePX.dll [2008.08.08 14:25:09 | 000,020,480 | ---- | C] () -- C:\WINDOWS\System32\IVIresize.dll [2008.08.08 09:03:15 | 000,005,312 | ---- | C] () -- C:\WINDOWS\System32\OEMINFO.INI [2008.08.08 09:03:12 | 000,755,200 | ---- | C] () -- C:\WINDOWS\System32\ir50_32.dll [2008.08.08 09:03:12 | 000,338,432 | ---- | C] () -- C:\WINDOWS\System32\ir41_qcx.dll [2008.08.08 09:03:12 | 000,200,192 | ---- | C] () -- C:\WINDOWS\System32\ir50_qc.dll [2008.08.08 09:03:12 | 000,183,808 | ---- | C] () -- C:\WINDOWS\System32\ir50_qcx.dll [2008.08.08 09:03:12 | 000,120,320 | ---- | C] () -- C:\WINDOWS\System32\ir41_qc.dll [2008.03.17 15:54:36 | 000,012,208 | ---- | C] () -- C:\WINDOWS\AsTrayLang.ini SRV - (HidServ) -- C:\WINDOWS\System32\hidserv.dll File not found SRV - (AppMgmt) -- C:\WINDOWS\System32\appmgmts.dll File not found SRV - (TuneUp.Defrag) -- C:\Programme\TuneUp Utilities 2010\TuneUpDefragService.exe (TuneUp Software) SRV - (TuneUp.UtilitiesSvc) -- C:\Programme\TuneUp Utilities 2010\TuneUpUtilitiesService32.exe (TuneUp Software) SRV - (UxTuneUp) -- C:\WINDOWS\system32\uxtuneup.dll (TuneUp Software) SRV - (AntiVirSchedulerService) -- C:\Programme\Avira\AntiVir Desktop\sched.exe (Avira GmbH) SRV - (AntiVirService) -- C:\Programme\Avira\AntiVir Desktop\avguard.exe (Avira GmbH) SRV - (fsssvc) -- C:\Programme\Windows Live\Family Safety\fsssvc.exe (Microsoft Corporation) SRV - (SeaPort) -- C:\Programme\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe (Microsoft Corporation) SRV - (IviRegMgr) -- C:\Programme\Gemeinsame Dateien\InterVideo\RegMgr\iviRegMgr.exe (InterVideo) ========== Driver Services (SafeList) ========== DRV - (MBAMSwissArmy) -- C:\WINDOWS\system32\drivers\mbamswissarmy.sys (Malwarebytes Corporation) DRV - (TuneUpUtilitiesDrv) -- C:\Programme\TuneUp Utilities 2010\TuneUpUtilitiesDriver32.sys (TuneUp Software) DRV - (avgntflt) -- C:\WINDOWS\system32\drivers\avgntflt.sys (Avira GmbH) DRV - (ssmdrv) -- C:\WINDOWS\system32\drivers\ssmdrv.sys (Avira GmbH) DRV - (fssfltr) -- C:\WINDOWS\system32\drivers\fssfltr_tdi.sys (Microsoft Corporation) DRV - (avipbb) -- C:\WINDOWS\system32\drivers\avipbb.sys (Avira GmbH) DRV - (avgio) -- C:\Programme\Avira\AntiVir Desktop\avgio.sys (Avira GmbH) DRV - (hwdatacard) -- C:\WINDOWS\system32\drivers\ewusbmdm.sys (Huawei Technologies Co., Ltd.) DRV - (IntcAzAudAddService) Service for Realtek HD Audio (WDM) -- C:\WINDOWS\system32\drivers\RtkHDAud.sys (Realtek Semiconductor Corp.) DRV - (Ktp) -- C:\WINDOWS\system32\drivers\ETD.sys (ELANTECH Devices Corp.) DRV - (HDAudBus) -- C:\WINDOWS\system32\drivers\hdaudbus.sys (Windows (R) Server 2003 DDK provider) DRV - (L1e) -- C:\WINDOWS\system32\drivers\l1e51x86.sys (Atheros Communications, Inc.) DRV - (AsusACPI) -- C:\WINDOWS\system32\drivers\ASUSACPI.SYS (ASUSTeK Computer Inc.) DRV - (AR5211) -- C:\WINDOWS\system32\drivers\ar5211.sys (Atheros Communications, Inc.) DRV - (ialm) -- C:\WINDOWS\system32\drivers\igxpmp32.sys (Intel Corporation) ========== Standard Registry (SafeList) ========== ========== Internet Explorer ========== IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = about:blank IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 ========== FireFox ========== FF - prefs.js..browser.search.useDBForOrder: true FF - prefs.js..network.proxy.type: 0 FF - HKLM\software\mozilla\Mozilla Firefox 4.0b4\extensions\\Components: C:\Programme\Mozilla Firefox 4.0 Beta 4\components [2010.08.25 10:09:55 | 000,000,000 | ---D | M] [2010.08.08 23:14:09 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Britta\Anwendungsdaten\Mozilla\Extensions [2010.08.08 23:14:09 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Britta\Anwendungsdaten\Mozilla\Extensions\IMVUClientXUL@imvu.com [2010.08.26 13:28:48 | 000,001,622 | ---- | M] () -- C:\Dokumente und Einstellungen\Britta\Anwendungsdaten\Mozilla\Firefox\Profiles\ikgofx0q.default\searchplugins\bing.xml [2010.08.27 17:03:53 | 000,002,698 | ---- | M] () -- C:\Dokumente und Einstellungen\Britta\Anwendungsdaten\Mozilla\Firefox\Profiles\ikgofx0q.default\searchplugins\twitter.xml O1 HOSTS File: ([2008.04.14 14:00:00 | 000,000,820 | ---- | M]) - C:\WINDOWS\system32\drivers\etc\hosts O1 - Hosts: 127.0.0.1 localhost O2 - BHO: (Adobe PDF Reader) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Programme\Gemeinsame Dateien\Adobe\Acrobat\ActiveX\AcroIEHelper.dll (Adobe Systems Incorporated) O2 - BHO: (RealPlayer Download and Record Plugin for Internet Explorer) - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\Programme\Real\RealPlayer\rpbrowserrecordplugin.dll (RealPlayer) O2 - BHO: (nixneues.de Toolbar) - {33988062-a155-4ff7-ae2f-4288a3f076d5} - Reg Error: Value error. File not found O2 - BHO: (Search Helper) - {6EBF7485-159F-4bff-A14F-B9E3AAC4465B} - C:\Programme\Microsoft\Search Enhancement Pack\Search Helper\SEPsearchhelperie.dll (Microsoft Corporation) O2 - BHO: (Windows Live Anmelde-Hilfsprogramm) - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Programme\Gemeinsame Dateien\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corporation) O2 - BHO: (Skype add-on for Internet Explorer) - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Programme\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.) O2 - BHO: (Windows Live Toolbar Helper) - {E15A8DC0-8516-42A1-81EA-DC94EC1ACF10} - C:\Programme\Windows Live\Toolbar\wltcore.dll (Microsoft Corporation) O3 - HKLM\..\Toolbar: (&Windows Live Toolbar) - {21FA44EF-376D-4D53-9B0F-8A89D3229068} - C:\Programme\Windows Live\Toolbar\wltcore.dll (Microsoft Corporation) O3 - HKLM\..\Toolbar: (nixneues.de Toolbar) - {33988062-a155-4ff7-ae2f-4288a3f076d5} - Reg Error: Value error. File not found O3 - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found. O3 - HKCU\..\Toolbar\WebBrowser: (nixneues.de Toolbar) - {33988062-A155-4FF7-AE2F-4288A3F076D5} - Reg Error: Value error. File not found O4 - HKLM..\Run: [Alcmtr] C:\WINDOWS\Alcmtr.exe (Realtek Semiconductor Corp.) O4 - HKLM..\Run: [AsusACPIServer] C:\Programme\EeePC\ACPI\AsAcpiSvr.exe (ASUSTeK Computer Inc.) O4 - HKLM..\Run: [AsusEPCMonitor] C:\Programme\EeePC\ACPI\AsEPCMon.exe (ASUSTeK Computer Inc.) O4 - HKLM..\Run: [AsusTray] C:\Programme\EeePC\ACPI\AsTray.exe (ASUSTeK Computer Inc.) O4 - HKLM..\Run: [avgnt] C:\Programme\Avira\AntiVir Desktop\avgnt.exe (Avira GmbH) O4 - HKLM..\Run: [ETDWare] C:\Programme\Elantech\ETDCTRL.EXE (ELANTECH Devices Corp.) O4 - HKLM..\Run: [TkBellExe] C:\Programme\Gemeinsame Dateien\Real\Update_OB\realsched.exe (RealNetworks, Inc.) O4 - HKCU..\Run: [RegistryBooster] C:\Programme\Uniblue\RegistryBooster\launcher.exe (Uniblue Systems Limited) O4 - HKLM..\RunOnce: [Malwarebytes' Anti-Malware] C:\Programme\Malwarebytes' Anti-Malware\mbamgui.exe (Malwarebytes Corporation) O4 - Startup: C:\Dokumente und Einstellungen\All Users\Startmenü\Programme\Autostart\SuperHybridEngine.lnk = C:\Programme\Asus\EeePC\Super Hybrid Engine\SuperHybridEngine.exe (ASUSTeK Computer Inc.) O4 - Startup: C:\Dokumente und Einstellungen\Britta\Startmenü\Programme\Autostart\StarOffice 8.lnk = C:\Programme\Sun\StarOffice 8\program\quickstart.exe () O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1 O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145 O9 - Extra Button: In Blog veröffentlichen - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Programme\Windows Live\Writer\WriterBrowserExtension.dll (Microsoft Corporation) O9 - Extra 'Tools' menuitem : In Windows Live Writer in Blog veröffentliche&n - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Programme\Windows Live\Writer\WriterBrowserExtension.dll (Microsoft Corporation) O9 - Extra Button: Skype add-on for Internet Explorer - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Programme\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.) O9 - Extra 'Tools' menuitem : Skype add-on for Internet Explorer - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Programme\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.) O9 - Extra Button: Run IMVU - {d9288080-1baa-4bc4-9cf8-a92d743db949} - C:\Dokumente und Einstellungen\Britta\Startmenü\Programme\IMVU\Run IMVU.lnk File not found O16 - DPF: {166B1BCA-3F9C-11CF-8075-444553540000} hxxp://download.macromedia.com/pub/shockwave/cabs/director/sw.cab (Shockwave ActiveX Control) O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_17-windows-i586.cab (Java Plug-in 1.6.0_17) O16 - DPF: {CAFEEFAC-0016-0000-0003-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_03-windows-i586.cab (Reg Error: Key error.) O16 - DPF: {CAFEEFAC-0016-0000-0017-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_17-windows-i586.cab (Java Plug-in 1.6.0_17) O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_17-windows-i586.cab (Java Plug-in 1.6.0_17) O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.2.1 O18 - Protocol\Handler\http\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Gemeinsame Dateien\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation) O18 - Protocol\Handler\http\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Gemeinsame Dateien\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation) O18 - Protocol\Handler\https\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Gemeinsame Dateien\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation) O18 - Protocol\Handler\https\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Gemeinsame Dateien\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation) O18 - Protocol\Handler\ipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Gemeinsame Dateien\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation) O18 - Protocol\Handler\msdaipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Gemeinsame Dateien\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation) O18 - Protocol\Handler\msdaipp\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Gemeinsame Dateien\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation) O18 - Protocol\Handler\ms-itss {0A9007C0-4076-11D3-8789-0000F8105754} - C:\Programme\Gemeinsame Dateien\Microsoft Shared\Information Retrieval\msitss.dll (Microsoft Corporation) O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Programme\Gemeinsame Dateien\Skype\Skype4COM.dll (Skype Technologies) O18 - Protocol\Handler\skype-ie-addon-data {91774881-D725-4E58-B298-07617B9B86A8} - C:\Programme\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.) O18 - Protocol\Handler\wlmailhtml {03C514A3-1EFB-4856-9F99-10D7BE1653C0} - C:\Programme\Windows Live\Mail\mailcomm.dll (Microsoft Corporation) O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation) O20 - Winlogon\Notify\igfxcui: DllName - igfxdev.dll - C:\WINDOWS\System32\igfxdev.dll (Intel Corporation) O24 - Desktop Components:0 (Die derzeitige Homepage) - About:Home O24 - Desktop WallPaper: C:\Dokumente und Einstellungen\Britta\Lokale Einstellungen\Anwendungsdaten\Microsoft\Wallpaper1.bmp O24 - Desktop BackupWallPaper: C:\Dokumente und Einstellungen\Britta\Lokale Einstellungen\Anwendungsdaten\Microsoft\Wallpaper1.bmp O32 - HKLM CDRom: AutoRun - 1 O32 - AutoRun File - [2008.08.08 09:20:06 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ] O33 - MountPoints2\{58a151ae-9cac-11de-9c74-00224336c51d}\Shell - "" = AutoRun O33 - MountPoints2\{58a151ae-9cac-11de-9c74-00224336c51d}\Shell\AutoRun - "" = Auto&Play O33 - MountPoints2\{58a151ae-9cac-11de-9c74-00224336c51d}\Shell\AutoRun\command - "" = E:\AutoRun.exe -- File not found O33 - MountPoints2\{58a151af-9cac-11de-9c74-00224336c51d}\Shell - "" = AutoRun O33 - MountPoints2\{58a151af-9cac-11de-9c74-00224336c51d}\Shell\AutoRun - "" = Auto&Play O33 - MountPoints2\{58a151af-9cac-11de-9c74-00224336c51d}\Shell\AutoRun\command - "" = E:\AutoRun.exe -- File not found O33 - MountPoints2\{7f1bf00c-24b3-11df-9e5b-00224336c51d}\Shell - "" = AutoRun O33 - MountPoints2\{7f1bf00c-24b3-11df-9e5b-00224336c51d}\Shell\AutoRun - "" = Auto&Play O33 - MountPoints2\{7f1bf00c-24b3-11df-9e5b-00224336c51d}\Shell\AutoRun\command - "" = E:\AutoRun.exe -- File not found O33 - MountPoints2\{90526ef1-9e46-11df-9fe8-00224336c51d}\Shell\AutoRun\command - "" = E:\Menu.exe -- File not found O33 - MountPoints2\{dcac42f0-6b0c-11de-9bb8-00224336c51d}\Shell - "" = AutoRun O33 - MountPoints2\{dcac42f0-6b0c-11de-9bb8-00224336c51d}\Shell\AutoRun - "" = Auto&Play O33 - MountPoints2\{dcac42f0-6b0c-11de-9bb8-00224336c51d}\Shell\AutoRun\command - "" = E:\AutoRun.exe -- File not found O33 - MountPoints2\{dcac42f3-6b0c-11de-9bb8-00224336c51d}\Shell - "" = AutoRun O33 - MountPoints2\{dcac42f3-6b0c-11de-9bb8-00224336c51d}\Shell\AutoRun - "" = Auto&Play O33 - MountPoints2\{dcac42f3-6b0c-11de-9bb8-00224336c51d}\Shell\AutoRun\command - "" = E:\AutoRun.exe -- File not found O34 - HKLM BootExecute: (autocheck autochk *) - File not found O35 - HKLM\..comfile [open] -- "%1" %* O35 - HKLM\..exefile [open] -- "%1" %* O36 - AppCertDlls: mmchost - (C:\WINDOWS\system32\mstiosk.dll) - C:\WINDOWS\system32\mstiosk.dll () O37 - HKLM\...com [@ = comfile] -- "%1" %* O37 - HKLM\...exe [@ = exefile] -- "%1" %* ========== Files/Folders - Created Within 30 Days ========== [2011.08.08 14:48:55 | 003,426,072 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\d3dx9_32.dll [2011.08.08 14:46:33 | 000,000,000 | -HSD | C] -- C:\Programme\Gemeinsame Dateien\WindowsLiveInstaller [2011.08.08 14:46:30 | 000,000,000 | ---D | C] -- C:\Programme\Windows Live [2011.08.08 14:46:25 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\WLInstaller [2011.08.08 14:46:03 | 000,000,000 | ---D | C] -- C:\Programme\Microsoft Office [2011.08.08 14:45:27 | 000,000,000 | ---D | C] -- C:\Programme\Microsoft Works [2011.08.08 14:44:54 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Adobe [2011.08.08 14:44:47 | 000,000,000 | ---D | C] -- C:\Programme\Gemeinsame Dateien\Adobe [2011.08.08 14:44:01 | 000,000,000 | ---D | C] -- C:\Programme\Microsoft SQL Server Compact Edition [2011.08.08 14:43:49 | 000,044,768 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\wups2.dll [2011.08.08 14:43:48 | 000,023,264 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\wucltui.dll.mui [2011.08.08 14:43:48 | 000,018,144 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\wuaueng.dll.mui [2011.08.08 14:43:48 | 000,015,584 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\wuaucpl.cpl.mui [2011.08.08 14:43:48 | 000,015,584 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\wuapi.dll.mui [2011.08.08 14:43:48 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\SoftwareDistribution [2011.08.08 14:39:20 | 000,000,000 | R-SD | C] -- C:\WINDOWS\assembly [2011.08.08 14:39:19 | 000,000,000 | ---D | C] -- C:\WINDOWS\Microsoft.NET [2011.08.08 14:39:18 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\URTTemp [2011.08.08 14:37:52 | 000,000,000 | ---D | C] -- C:\Programme\Asus [2011.08.08 14:36:52 | 000,011,264 | ---- | C] (ASUSTeK Computer Inc.) -- C:\WINDOWS\System32\drivers\ASUSACPI.SYS [2011.08.08 14:36:51 | 000,000,000 | ---D | C] -- C:\Programme\EeePC [2011.08.08 14:36:32 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\Atheros_L1e [2011.08.08 14:36:06 | 000,172,032 | ---- | C] (Intel Corporation) -- C:\WINDOWS\System32\igfxrita.lrc [2011.08.08 14:36:06 | 000,159,744 | ---- | C] (Intel Corporation) -- C:\WINDOWS\System32\igfxrsve.lrc [2011.08.08 14:36:06 | 000,159,744 | ---- | C] (Intel Corporation) -- C:\WINDOWS\System32\igfxrdan.lrc [2011.08.08 14:36:06 | 000,155,648 | ---- | C] (Intel Corporation) -- C:\WINDOWS\System32\igfxrtrk.lrc [2011.08.08 14:36:06 | 000,139,264 | ---- | C] (Intel Corporation) -- C:\WINDOWS\System32\igfxrheb.lrc [2011.08.08 14:36:06 | 000,114,688 | ---- | C] (Intel Corporation) -- C:\WINDOWS\System32\igfxrkor.lrc [2011.08.08 14:36:06 | 000,114,688 | ---- | C] (Intel Corporation) -- C:\WINDOWS\System32\igfxrjpn.lrc [2011.08.08 14:36:06 | 000,053,248 | ---- | C] (Intel Corporation) -- C:\WINDOWS\System32\igxprd32.dll [2011.08.08 14:36:06 | 000,023,552 | ---- | C] (Intel Corporation) -- C:\WINDOWS\System32\igfxexps.dll [2011.08.08 14:36:05 | 001,181,824 | ---- | C] (Intel Corporation) -- C:\WINDOWS\System32\drivers\igxpmp32.sys [2011.08.08 14:36:05 | 000,167,936 | ---- | C] (Intel Corporation) -- C:\WINDOWS\System32\igfxrfra.lrc [2011.08.08 14:36:05 | 000,159,744 | ---- | C] (Intel Corporation) -- C:\WINDOWS\System32\igfxrcsy.lrc [2011.08.08 14:36:05 | 000,147,456 | ---- | C] (Intel Corporation) -- C:\WINDOWS\System32\igfxrtha.lrc [2011.08.08 14:36:05 | 000,143,360 | ---- | C] (Intel Corporation) -- C:\WINDOWS\System32\igfxrara.lrc [2011.08.08 14:36:05 | 000,129,560 | ---- | C] (Intel Corporation) -- C:\WINDOWS\System32\igfxext.exe [2011.08.08 14:36:05 | 000,044,032 | ---- | C] (Intel Corporation) -- C:\WINDOWS\System32\igfxsrvc.dll [2011.08.08 14:36:04 | 003,276,800 | ---- | C] (Intel Corporation) -- C:\WINDOWS\System32\igfxress.dll [2011.08.08 14:36:04 | 002,363,392 | ---- | C] (Intel Corporation) -- C:\WINDOWS\System32\iglicd32.dll [2011.08.08 14:36:04 | 002,262,528 | ---- | C] (Intel Corporation) -- C:\WINDOWS\System32\igxpdx32.dll [2011.08.08 14:36:04 | 001,442,848 | ---- | C] (Intel Corporation) -- C:\WINDOWS\System32\igxpdv32.dll [2011.08.08 14:36:04 | 000,457,240 | ---- | C] (Intel Corporation) -- C:\WINDOWS\System32\igfxcfg.exe [2011.08.08 14:36:04 | 000,454,656 | ---- | C] (Intel Corporation) -- C:\WINDOWS\System32\igldev32.dll [2011.08.08 14:36:04 | 000,312,320 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\difx32.dll [2011.08.08 14:36:04 | 000,176,128 | ---- | C] (Intel Corporation) -- C:\WINDOWS\System32\igfxrell.lrc [2011.08.08 14:36:04 | 000,176,128 | ---- | C] (Intel Corporation) -- C:\WINDOWS\System32\igfxrdeu.lrc [2011.08.08 14:36:04 | 000,172,032 | ---- | C] (Intel Corporation) -- C:\WINDOWS\System32\igfxrnld.lrc [2011.08.08 14:36:04 | 000,172,032 | ---- | C] (Intel Corporation) -- C:\WINDOWS\System32\igfxresp.lrc [2011.08.08 14:36:04 | 000,167,936 | ---- | C] (Intel Corporation) -- C:\WINDOWS\System32\igfxrhun.lrc [2011.08.08 14:36:04 | 000,163,840 | ---- | C] (Intel Corporation) -- C:\WINDOWS\System32\igfxrrus.lrc [2011.08.08 14:36:04 | 000,163,840 | ---- | C] (Intel Corporation) -- C:\WINDOWS\System32\igfxrptg.lrc [2011.08.08 14:36:04 | 000,163,840 | ---- | C] (Intel Corporation) -- C:\WINDOWS\System32\igfxrptb.lrc [2011.08.08 14:36:04 | 000,163,840 | ---- | C] (Intel Corporation) -- C:\WINDOWS\System32\igfxrplk.lrc [2011.08.08 14:36:04 | 000,163,840 | ---- | C] (Intel Corporation) -- C:\WINDOWS\System32\igfxpph.dll [2011.08.08 14:36:04 | 000,159,744 | ---- | C] (Intel Corporation) -- C:\WINDOWS\System32\igfxrnor.lrc [2011.08.08 14:36:04 | 000,159,744 | ---- | C] (Intel Corporation) -- C:\WINDOWS\System32\igfxrfin.lrc [2011.08.08 14:36:04 | 000,155,648 | ---- | C] (Intel Corporation) -- C:\WINDOWS\System32\igfxrenu.lrc [2011.08.08 14:36:04 | 000,155,648 | ---- | C] (Intel Corporation) -- C:\WINDOWS\System32\igfxdev.dll [2011.08.08 14:36:04 | 000,146,432 | ---- | C] (Intel Corporation) -- C:\WINDOWS\System32\igxpgd32.dll [2011.08.08 14:36:04 | 000,113,176 | ---- | C] (Intel Corporation) -- C:\WINDOWS\System32\igfxzoom.exe [2011.08.08 14:36:04 | 000,098,304 | ---- | C] (Intel Corporation) -- C:\WINDOWS\System32\igfxrcht.lrc [2011.08.08 14:36:04 | 000,098,304 | ---- | C] (Intel Corporation) -- C:\WINDOWS\System32\igfxrchs.lrc [2011.08.08 14:36:04 | 000,098,304 | ---- | C] (Intel Corporation) -- C:\WINDOWS\System32\igfxdo.dll [2011.08.08 14:36:04 | 000,094,208 | ---- | C] (Intel Corporation) -- C:\WINDOWS\System32\igfxcpl.cpl [2011.08.08 14:36:04 | 000,081,920 | ---- | C] (Intel Corporation) -- C:\WINDOWS\System32\hccutils.dll [2011.08.08 14:36:04 | 000,057,344 | ---- | C] (Intel Corporation) -- C:\WINDOWS\System32\oemdspif.dll [2011.08.08 14:36:03 | 000,371,224 | ---- | C] (Intel(R) Corporation) -- C:\WINDOWS\System32\igxpun.exe [2011.08.08 14:36:03 | 000,312,320 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\difxapi.dll [2011.08.08 14:36:03 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\Lang [2011.08.08 14:35:09 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\ReinstallBackups [2011.08.08 14:35:07 | 000,000,000 | ---D | C] -- C:\Programme\Intel [2011.08.08 14:35:07 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\DRVSTORE [2011.08.08 14:35:00 | 000,000,000 | ---D | C] -- C:\Intel [2011.08.08 14:34:55 | 000,006,272 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\splitter.sys [2011.08.08 14:34:53 | 000,083,072 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\wdmaud.sys [2011.08.08 14:34:50 | 000,052,864 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\dmusic.sys [2011.08.08 14:34:47 | 000,056,576 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\swmidi.sys [2011.08.08 14:34:45 | 000,142,592 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\aec.sys [2011.08.08 14:34:43 | 000,172,416 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\kmixer.sys [2011.08.08 14:34:41 | 000,002,944 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\drmkaud.sys [2011.08.08 14:34:39 | 000,060,800 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\sysaudio.sys [2011.08.08 14:34:34 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\RTCOM [2011.08.08 14:34:30 | 000,146,048 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\drivers\portcls.sys [2011.08.08 14:34:30 | 000,146,048 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\portcls.sys [2011.08.08 14:34:30 | 000,060,160 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\drivers\drmk.sys [2011.08.08 14:34:30 | 000,060,160 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\drmk.sys [2011.08.08 14:34:25 | 001,826,816 | ---- | C] (Realtek Semiconductor Corp.) -- C:\WINDOWS\SkyTel.exe [2011.08.08 14:34:25 | 001,196,032 | ---- | C] (Realtek Semiconductor Corp.) -- C:\WINDOWS\RtlUpd.exe [2011.08.08 14:34:25 | 000,266,240 | ---- | C] (Realtek Semiconductor Corp.) -- C:\WINDOWS\System32\RTSndMgr.cpl [2011.08.08 14:34:25 | 000,077,824 | ---- | C] (Realtek Semiconductor Corp.) -- C:\WINDOWS\SoundMan.exe [2011.08.08 14:34:24 | 009,715,200 | ---- | C] (Realtek Semiconductor Corp.) -- C:\WINDOWS\RTLCPL.exe [2011.08.08 14:34:24 | 004,747,776 | ---- | C] (Realtek Semiconductor Corp.) -- C:\WINDOWS\System32\drivers\RtkHDAud.sys [2011.08.08 14:34:23 | 002,165,760 | ---- | C] (Realtek Semiconductor Corp.) -- C:\WINDOWS\MicCal.exe [2011.08.08 14:34:22 | 000,278,528 | ---- | C] (Realtek Semiconductor Corp.) -- C:\WINDOWS\System32\ALSndMgr.cpl [2011.08.08 14:34:21 | 002,808,832 | ---- | C] (RealTek Semicoductor Corp.) -- C:\WINDOWS\alcwzrd.exe [2011.08.08 14:34:21 | 000,057,344 | ---- | C] (Realtek Semiconductor Corp.) -- C:\WINDOWS\Alcmtr.exe [2011.08.08 14:34:21 | 000,000,000 | -H-D | C] -- C:\Programme\InstallShield Installation Information [2011.08.08 14:34:21 | 000,000,000 | ---D | C] -- C:\Programme\Realtek [2011.08.08 14:34:18 | 000,520,192 | ---- | C] (Realtek Semiconductor Corp.) -- C:\WINDOWS\RtlExUpd.dll [2011.08.08 14:34:18 | 000,315,392 | ---- | C] (Realtek Semiconductor Corp.) -- C:\WINDOWS\HideWin.exe [2011.08.08 14:34:14 | 000,000,000 | ---D | C] -- C:\Programme\Gemeinsame Dateien\InstallShield [2011.08.08 14:01:37 | 000,000,000 | -H-D | C] -- C:\Programme\Uninstall Information [2011.08.08 14:00:40 | 000,000,000 | ---D | C] -- C:\WINDOWS\SoftwareDistribution [2011.08.08 14:00:37 | 000,000,000 | ---D | C] -- C:\WINDOWS\Prefetch [2011.08.08 14:00:36 | 000,000,000 | --SD | C] -- C:\WINDOWS\System32\Microsoft [2011.08.08 14:00:35 | 000,000,000 | --SD | C] -- C:\Dokumente und Einstellungen\LocalService\Anwendungsdaten\Microsoft [2011.08.08 14:00:35 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\LocalService\Lokale Einstellungen\Anwendungsdaten\Microsoft [2011.08.08 14:00:34 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\NetworkService\Lokale Einstellungen\Anwendungsdaten\Microsoft [2011.08.08 14:00:33 | 000,000,000 | --SD | C] -- C:\Dokumente und Einstellungen\NetworkService\Anwendungsdaten\Microsoft [2010.08.30 21:20:53 | 000,574,976 | ---- | C] (OldTimer Tools) -- C:\Programme\OTL.exe [2010.08.30 20:47:24 | 006,153,648 | ---- | C] (Malwarebytes Corporation ) -- C:\Programme\mailware trojaner board bam-setup.exe [2010.08.30 17:08:58 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\Britta\Anwendungsdaten\Malwarebytes [2010.08.30 17:08:45 | 000,038,224 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbamswissarmy.sys [2010.08.30 17:08:40 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Malwarebytes [2010.08.30 17:08:38 | 000,020,952 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbam.sys [2010.08.30 17:08:38 | 000,000,000 | ---D | C] -- C:\Programme\Malwarebytes' Anti-Malware [2010.08.25 22:09:30 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\Britta\Startmenü\Eigene Dateien\Downloads [2010.08.25 10:10:17 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\Britta\Lokale Einstellungen\Anwendungsdaten\Mozilla [2010.08.25 10:09:39 | 000,000,000 | ---D | C] -- C:\Programme\Mozilla Firefox 4.0 Beta 4 [2010.08.25 10:07:57 | 009,595,848 | ---- | C] (Mozilla) -- C:\Programme\Firefox_Setup_4.0_Beta_4.exe [2010.08.25 09:46:29 | 000,030,528 | ---- | C] (TuneUp Software) -- C:\WINDOWS\System32\TURegOpt.exe [2010.08.25 09:46:26 | 000,030,016 | ---- | C] (TuneUp Software) -- C:\WINDOWS\System32\uxtuneup.dll [2010.08.25 09:45:37 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\Britta\Anwendungsdaten\TuneUp Software [2010.08.25 09:44:50 | 000,000,000 | ---D | C] -- C:\Programme\TuneUp Utilities 2010 [2010.08.25 09:44:02 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\TuneUp Software [2010.08.25 09:42:43 | 000,000,000 | -HSD | C] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\{D3742F82-1C1A-4DCC-ABBD-0E7C3C0185CC} [2010.08.25 09:42:24 | 019,807,040 | ---- | C] (TuneUp Software) -- C:\Programme\TUNEUP2010.exe [2010.08.25 09:21:13 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\Britta\Anwendungsdaten\Uniblue [2010.08.25 09:20:57 | 000,000,000 | ---D | C] -- C:\Programme\Uniblue [2010.08.08 23:17:29 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\Britta\Anwendungsdaten\Vivox [2010.08.08 23:14:09 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\Britta\Anwendungsdaten\Mozilla [2010.08.02 17:13:38 | 000,000,000 | ---D | C] -- C:\Programme\PixiePack Codec Pack [2010.08.02 17:12:44 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\Britta\Anwendungsdaten\FILEminimizerPictures [2010.08.02 17:12:24 | 000,000,000 | ---D | C] -- C:\Programme\FILEminimizer Pictures [2010.08.02 17:07:37 | 000,000,000 | ---D | C] -- C:\Programme\RapidSolution [2010.08.02 17:07:36 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\RapidSolution [2010.08.02 17:02:38 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\Britta\Lokale Einstellungen\Anwendungsdaten\RapidSolution [2009.12.07 02:01:04 | 000,431,104 | ---- | C] (Frogster Online Gaming GmbH) -- C:\Programme\FOGDownloader-RoM_2_1_0_1871.exe [2009.09.30 08:12:25 | 000,535,576 | ---- | C] (RealNetworks, Inc.) -- C:\Programme\RealPlayerSPGold_de.exe [2008.08.08 14:11:34 | 015,523,560 | ---- | C] (Macrovision Corporation) -- C:\Programme\U1 Setup.exe [1 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ] ========== Files - Modified Within 30 Days ========== [2011.08.08 14:38:42 | 000,000,692 | ---- | M] () -- C:\WINDOWS\setup.iss [2011.08.08 14:37:52 | 000,000,759 | ---- | M] () -- C:\Dokumente und Einstellungen\All Users\Startmenü\Programme\Autostart\SuperHybridEngine.lnk [2011.08.08 14:34:18 | 000,315,392 | ---- | M] (Realtek Semiconductor Corp.) -- C:\WINDOWS\HideWin.exe [2010.08.30 21:21:07 | 000,574,976 | ---- | M] (OldTimer Tools) -- C:\Programme\OTL.exe [2010.08.30 20:49:58 | 000,000,676 | ---- | M] () -- C:\Dokumente und Einstellungen\All Users\Desktop\Malwarebytes' Anti-Malware.lnk [2010.08.30 20:48:57 | 006,153,648 | ---- | M] (Malwarebytes Corporation ) -- C:\Programme\mailware trojaner board bam-setup.exe [2010.08.30 20:41:00 | 003,670,016 | ---- | M] () -- C:\Dokumente und Einstellungen\Britta\ntuser.dat [2010.08.30 18:14:54 | 000,000,258 | ---- | M] () -- C:\WINDOWS\tasks\RegistryBooster.job [2010.08.30 18:14:50 | 000,000,006 | -H-- | M] () -- C:\WINDOWS\tasks\SA.DAT [2010.08.30 18:14:42 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat [2010.08.30 18:05:26 | 001,299,784 | ---- | M] () -- C:\WINDOWS\System32\PerfStringBackup.INI [2010.08.30 18:05:26 | 000,549,460 | ---- | M] () -- C:\WINDOWS\System32\perfh007.dat [2010.08.30 18:05:26 | 000,520,688 | ---- | M] () -- C:\WINDOWS\System32\perfh009.dat [2010.08.30 18:05:26 | 000,115,838 | ---- | M] () -- C:\WINDOWS\System32\perfc007.dat [2010.08.30 18:05:26 | 000,097,956 | ---- | M] () -- C:\WINDOWS\System32\perfc009.dat [2010.08.30 17:43:11 | 000,000,190 | -HS- | M] () -- C:\Dokumente und Einstellungen\Britta\ntuser.ini [2010.08.30 16:52:09 | 000,000,729 | ---- | M] () -- C:\Dokumente und Einstellungen\All Users\Desktop\RegistryBooster.lnk [2010.08.27 16:40:30 | 000,000,119 | ---- | M] () -- C:\WINDOWS\Podcasts.INI [2010.08.25 10:10:31 | 000,000,000 | ---- | M] () -- C:\WINDOWS\nsreg.dat [2010.08.25 10:09:59 | 000,001,669 | ---- | M] () -- C:\Dokumente und Einstellungen\All Users\Desktop\Mozilla Firefox 4.0 Beta 4.lnk [2010.08.25 10:08:22 | 009,595,848 | ---- | M] (Mozilla) -- C:\Programme\Firefox_Setup_4.0_Beta_4.exe [2010.08.25 09:46:21 | 000,001,709 | ---- | M] () -- C:\Dokumente und Einstellungen\All Users\Desktop\TuneUp 1-Klick-Wartung.lnk [2010.08.25 09:46:21 | 000,001,695 | ---- | M] () -- C:\Dokumente und Einstellungen\All Users\Desktop\TuneUp Utilities.lnk [2010.08.25 09:42:39 | 019,807,040 | ---- | M] (TuneUp Software) -- C:\Programme\TUNEUP2010.exe [2010.08.22 12:00:55 | 000,050,398 | ---- | M] () -- C:\WINDOWS\System32\vmmufiapoqyr.exe [2010.08.21 15:17:06 | 000,001,158 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl [2010.08.17 20:06:26 | 000,002,243 | ---- | M] () -- C:\Dokumente und Einstellungen\Britta\Desktop\Skype.lnk [2010.08.16 19:53:57 | 000,210,960 | ---- | M] () -- C:\Dokumente und Einstellungen\Britta\Startmenü\Eigene Dateien\ts3_clientui-win32-11315-2010-08-16 19_53_57.062500.dmp [2010.08.13 08:12:49 | 000,185,016 | ---- | M] () -- C:\WINDOWS\System32\FNTCACHE.DAT [2010.08.13 02:10:12 | 000,001,374 | ---- | M] () -- C:\WINDOWS\imsins.BAK [2010.08.12 21:26:04 | 000,030,528 | ---- | M] (TuneUp Software) -- C:\WINDOWS\System32\TURegOpt.exe [2010.08.12 21:19:54 | 000,030,016 | ---- | M] (TuneUp Software) -- C:\WINDOWS\System32\uxtuneup.dll [2010.08.10 22:50:05 | 000,048,128 | -H-- | M] () -- C:\WINDOWS\System32\mstiosk.dll [2010.08.02 17:12:35 | 000,000,777 | ---- | M] () -- C:\Dokumente und Einstellungen\Britta\Desktop\FILEminimizer.lnk [2010.08.02 17:10:32 | 000,000,862 | ---- | M] () -- C:\Dokumente und Einstellungen\All Users\Desktop\Radiotracker 6.lnk [2010.08.02 17:01:56 | 000,000,032 | ---- | M] () -- C:\WINDOWS\Menu.INI [1 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ] ========== Files Created - No Company Name ========== [2011.08.08 14:38:44 | 000,049,152 | ---- | C] () -- C:\WINDOWS\INSTALLEEE.EXE [2011.08.08 14:38:44 | 000,001,162 | ---- | C] () -- C:\WINDOWS\sr.VBS [2011.08.08 14:38:44 | 000,000,256 | ---- | C] () -- C:\WINDOWS\RUN.REG [2011.08.08 14:38:44 | 000,000,124 | ---- | C] () -- C:\WINDOWS\HW.VBS [2011.08.08 14:38:44 | 000,000,037 | ---- | C] () -- C:\WINDOWS\AUTO.BAT [2011.08.08 14:38:42 | 000,000,692 | ---- | C] () -- C:\WINDOWS\setup.iss [2011.08.08 14:37:52 | 000,000,759 | ---- | C] () -- C:\Dokumente und Einstellungen\All Users\Startmenü\Programme\Autostart\SuperHybridEngine.lnk [2011.08.08 14:36:52 | 000,001,203 | ---- | C] () -- C:\WINDOWS\System32\drivers\AsusACPI.inf [2011.08.08 14:36:06 | 000,000,929 | ---- | C] () -- C:\WINDOWS\System32\igxpxa32.vp [2011.08.08 14:36:05 | 000,655,842 | ---- | C] () -- C:\WINDOWS\System32\igxpxa32.cpa [2011.08.08 14:36:04 | 000,200,704 | ---- | C] () -- C:\WINDOWS\System32\igfxCoIn_v4704.dll [2011.08.08 14:36:04 | 000,023,632 | ---- | C] () -- C:\WINDOWS\System32\igxpxs32.vp [2011.08.08 14:36:04 | 000,002,096 | ---- | C] () -- C:\WINDOWS\System32\igxpxk32.vp [2011.08.08 14:36:03 | 000,121,232 | ---- | C] () -- C:\WINDOWS\System32\IScrNBR.bmp [2011.08.08 14:36:03 | 000,121,232 | ---- | C] () -- C:\WINDOWS\System32\IScrNB.bmp [2011.08.08 14:34:59 | 000,000,553 | ---- | C] () -- C:\WINDOWS\USetup.iss [2011.08.08 14:34:57 | 000,049,152 | ---- | C] () -- C:\WINDOWS\System32\ChCfg.exe [2011.08.08 14:34:26 | 000,000,520 | ---- | C] () -- C:\WINDOWS\System32\drivers\SamSfPa.dat [2010.08.30 21:31:42 | 000,034,932 | ---- | C] () -- C:\Programme\Extras.Txt [2010.08.30 21:31:33 | 000,080,600 | ---- | C] () -- C:\Programme\OTL.Txt [2010.08.30 17:08:49 | 000,000,676 | ---- | C] () -- C:\Dokumente und Einstellungen\All Users\Desktop\Malwarebytes' Anti-Malware.lnk [2010.08.30 16:52:31 | 000,000,258 | ---- | C] () -- C:\WINDOWS\tasks\RegistryBooster.job [2010.08.30 16:52:09 | 000,000,729 | ---- | C] () -- C:\Dokumente und Einstellungen\All Users\Desktop\RegistryBooster.lnk [2010.08.25 10:10:31 | 000,000,000 | ---- | C] () -- C:\WINDOWS\nsreg.dat [2010.08.25 10:09:59 | 000,001,669 | ---- | C] () -- C:\Dokumente und Einstellungen\All Users\Desktop\Mozilla Firefox 4.0 Beta 4.lnk [2010.08.25 09:46:21 | 000,001,709 | ---- | C] () -- C:\Dokumente und Einstellungen\All Users\Desktop\TuneUp 1-Klick-Wartung.lnk [2010.08.25 09:46:21 | 000,001,695 | ---- | C] () -- C:\Dokumente und Einstellungen\All Users\Desktop\TuneUp Utilities.lnk [2010.08.16 19:53:57 | 000,210,960 | ---- | C] () -- C:\Dokumente und Einstellungen\Britta\Startmenü\Eigene Dateien\ts3_clientui-win32-11315-2010-08-16 19_53_57.062500.dmp [2010.08.10 22:50:05 | 000,048,128 | -H-- | C] () -- C:\WINDOWS\System32\mstiosk.dll [2010.08.02 19:26:57 | 000,000,119 | ---- | C] () -- C:\WINDOWS\Podcasts.INI [2010.08.02 17:12:35 | 000,000,777 | ---- | C] () -- C:\Dokumente und Einstellungen\Britta\Desktop\FILEminimizer.lnk [2010.08.02 17:10:31 | 000,000,862 | ---- | C] () -- C:\Dokumente und Einstellungen\All Users\Desktop\Radiotracker 6.lnk [2010.08.02 17:01:03 | 000,000,032 | ---- | C] () -- C:\WINDOWS\Menu.INI [2009.11.25 13:40:50 | 000,085,504 | ---- | C] () -- C:\WINDOWS\System32\ff_vfw.dll [2009.11.25 12:40:53 | 000,022,892 | ---- | C] () -- C:\Programme\Einheiten.zip [2009.10.25 16:04:13 | 005,862,994 | ---- | C] () -- C:\Programme\ts2_client_rc2_2032.exe [2009.09.09 08:39:38 | 005,364,932 | ---- | C] () -- C:\Programme\eMule.v0.49c.Razorback3.Next.Generation.v5.21.installer.exe [2009.07.13 19:48:35 | 030,228,816 | ---- | C] () -- C:\Programme\avira_antivir_personal_de.exe [2009.04.18 13:56:53 | 000,001,252 | ---- | C] () -- C:\Dokumente und Einstellungen\Britta\Anwendungsdaten\wklnhst.dat [2009.04.18 13:27:20 | 000,000,032 | ---- | C] () -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\ezsid.dat [2009.04.18 02:57:46 | 000,000,139 | ---- | C] () -- C:\Dokumente und Einstellungen\Britta\Lokale Einstellungen\Anwendungsdaten\fusioncache.dat [2009.03.02 11:33:32 | 000,000,547 | ---- | C] () -- C:\WINDOWS\System32\ff_vfw.dll.manifest [2008.08.08 14:47:58 | 000,000,061 | ---- | C] () -- C:\WINDOWS\smscfg.ini [2008.08.08 14:25:09 | 000,204,800 | ---- | C] () -- C:\WINDOWS\System32\IVIresizeW7.dll [2008.08.08 14:25:09 | 000,200,704 | ---- | C] () -- C:\WINDOWS\System32\IVIresizeA6.dll [2008.08.08 14:25:09 | 000,192,512 | ---- | C] () -- C:\WINDOWS\System32\IVIresizeP6.dll [2008.08.08 14:25:09 | 000,192,512 | ---- | C] () -- C:\WINDOWS\System32\IVIresizeM6.dll [2008.08.08 14:25:09 | 000,188,416 | ---- | C] () -- C:\WINDOWS\System32\IVIresizePX.dll [2008.08.08 14:25:09 | 000,020,480 | ---- | C] () -- C:\WINDOWS\System32\IVIresize.dll [2008.08.08 09:03:15 | 000,005,312 | ---- | C] () -- C:\WINDOWS\System32\OEMINFO.INI [2008.08.08 09:03:12 | 000,755,200 | ---- | C] () -- C:\WINDOWS\System32\ir50_32.dll [2008.08.08 09:03:12 | 000,338,432 | ---- | C] () -- C:\WINDOWS\System32\ir41_qcx.dll [2008.08.08 09:03:12 | 000,200,192 | ---- | C] () -- C:\WINDOWS\System32\ir50_qc.dll [2008.08.08 09:03:12 | 000,183,808 | ---- | C] () -- C:\WINDOWS\System32\ir50_qcx.dll [2008.08.08 09:03:12 | 000,120,320 | ---- | C] () -- C:\WINDOWS\System32\ir41_qc.dll [2008.03.17 15:54:36 | 000,012,208 | ---- | C] () -- C:\WINDOWS\AsTrayLang.ini < End of report > |
|
30.08.2010, 20:35
| #5 |
| | Ron ads revenuebuster/Sparkassenseite fragt tan ab/ netbook ohne Laufwerk-windows neu drauf machen? OTL EXTRAS Logfile:OTL EXTRAS Logfile: Code:
ATTFilter OTL Extras logfile created on: 30.08.2010 21:23:29 - Run 1
OTL by OldTimer - Version 3.2.11.0 Folder = C:\Programme
Windows XP Home Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
1.015,00 Mb Total Physical Memory | 252,00 Mb Available Physical Memory | 25,00% Memory free
2,00 Gb Paging File | 2,00 Gb Available in Paging File | 71,00% Paging File free
Paging file location(s): C:\pagefile.sys 1522 1522 [binary data]
%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Programme
Drive C: | 80,02 Gb Total Space | 63,31 Gb Free Space | 79,11% Space Free | Partition Type: NTFS
Drive D: | 69,00 Gb Total Space | 68,91 Gb Free Space | 99,87% Space Free | Partition Type: NTFS
E: Drive not present or media not loaded
F: Drive not present or media not loaded
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded
Computer Name: BRITT
Current User Name: Britta
Logged in as Administrator.
Current Boot Mode: Normal
Scan Mode: Current user
Company Name Whitelist: Off
Skip Microsoft Files: Off
File Age = 30 Days
Output = Minimal
========== Extra Registry (SafeList) ==========
========== File Associations ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
[HKEY_CURRENT_USER\SOFTWARE\Classes\<extension>]
.html [@ = htmlfile] -- Reg Error: Key error. File not found
========== Shell Spawning ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
exefile [open] -- "%1" %*
htmlfile [edit] -- Reg Error: Key error.
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l (Microsoft Corporation)
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe /idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
========== Security Center Settings ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"FirstRunDisabled" = 1
"AntiVirusDisableNotify" = 0
"FirewallDisableNotify" = 0
"UpdatesDisableNotify" = 0
"AntiVirusOverride" = 0
"FirewallOverride" = 0
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\AhnlabAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ComputerAssociatesAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\KasperskyAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeFirewall]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaFirewall]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SophosAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TinyFirewall]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendFirewall]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ZoneLabsFirewall]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall" = 1
"DoNotAllowExceptions" = 0
"DisableNotifications" = 0
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]
========== Authorized Applications List ==========
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]
"C:\Programme\Windows Live\Sync\WindowsLiveSync.exe" = C:\Programme\Windows Live\Sync\WindowsLiveSync.exe:*:Enabled:Windows Live Sync -- (Microsoft Corporation)
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
"C:\Programme\eMule\emule.exe" = C:\Programme\eMule\emule.exe:*:Enabled:eMule -- (eMule-Project.net - Official eMule Homepage. Downloads, Help, Docu, News...)
"C:\Programme\Windows Live\Sync\WindowsLiveSync.exe" = C:\Programme\Windows Live\Sync\WindowsLiveSync.exe:*:Enabled:Windows Live Sync -- (Microsoft Corporation)
========== HKEY_LOCAL_MACHINE Uninstall List ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{002D9D5E-29BA-3E6D-9BC4-3D7D6DBC735C}" = Microsoft Visual C++ 2008 ATL Update kb973924 - x86 9.0.30729.4148
"{053B3DA8-91B5-4682-A130-715412A1A252}" = Paint.NET v3.5.4
"{0990B5DF-92C3-4AD6-A18D-BF3ADF311240}" = Super Hybrid Engine
"{19F5658D-92E8-4A08-8657-D38ABB1574B2}" = Asus ACPI Driver
"{205C6BDD-7B73-42DE-8505-9A093F35A238}" = Windows Live-Uploadtool
"{22B775E7-6C42-4FC5-8E10-9A5E3257BD94}" = MSVCRT
"{26A24AE4-039D-4CA4-87B4-2F83216013FF}" = Java(TM) 6 Update 17
"{2BA722D1-48D1-406E-9123-8AE5431D63EF}" = Windows Live Fotogalerie
"{3108C217-BE83-42E4-AE9E-A56A2A92E549}" = Atheros Communications Inc.(R) AR8121/AR8113/AR8114 Gigabit/Fast Ethernet Driver
"{3248F0A8-6813-11D6-A77B-00B0D0160030}" = Java(TM) 6 Update 3
"{350C97B3-3D7C-4EE8-BAA9-00BCB3D54227}" = WebFldrs XP
"{39D0E034-1042-4905-BECB-5502909FCB7C}" = Microsoft Works
"{4CBA3D4C-8F51-4D60-B27E-F6B641C571E7}" = Microsoft Search Enhancement Pack
"{587178E7-B1DF-494E-9838-FA4DD36E873C}" = ASUSUpdate for Eee PC
"{69333A04-5134-40A5-A055-9166A7AA1EC8}" =
"{6E4DAE31-7CF3-441A-B6E5-B014D63C80CD}" = Eee Instant Key
"{70B7A167-0B88-445D-A3EA-97C73AA88CAC}" = Windows Live Toolbar
"{76618402-179D-4699-A66B-D351C59436BC}" = Windows Live Sync
"{7EE873AF-46BB-4B5D-BA6F-CFE4B0566E22}" = TuneUp Utilities Language Pack (de-DE)
"{83E2CFA9-E0EB-4E08-9F85-43E577FF3D60}" = Windows Live Anmelde-Assistent
"{85E3CFBC-9B1B-470C-AF72-54EACA0F1322}" = ECAP
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{8A74E887-8F0F-4017-AF53-CBA42211AAA5}" = Microsoft Sync Framework Runtime Native v1.0 (x86)
"{90120000-0020-0407-0000-0000000FF1CE}" = Compatibility Pack für 2007 Office System
"{91810AFC-A4F8-4EBA-A5AA-B198BBC81144}" = InterVideo WinDVD
"{9510AB97-A36C-4352-8725-E72E5528FA1B}" = StarOffice 8 ASUS Edition
"{95120000-00B9-0409-0000-0000000FF1CE}" = Microsoft Application Error Reporting
"{981029E0-7FC9-4CF3-AB39-6F133621921A}" = Skype Toolbars
"{994223F3-A99B-4DDD-9E1D-0190A17C6860}" = Windows Live Family Safety
"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
"{A1F66FC9-11EE-4F2F-98C9-16F8D1E69FB7}" = Segoe UI
"{A3051CD0-2F64-3813-A88D-B8DCCDE8F8C7}" = Microsoft .NET Framework 3.0 Service Pack 2
"{A5C70685-914D-4BBF-A27C-8E2F99C4B38F}" = Radiotracker
"{A8D647C8-65AC-409F-B7B2-3C0FEE1A32F2}" = PixiePack Codec Pack
"{AC76BA86-7AD7-1031-7B44-A81300000003}" = Adobe Reader 8.1.4 - Deutsch
"{BD64AF4A-8C80-4152-AD77-FCDDF05208AB}" = Microsoft Sync Framework Services Native v1.0 (x86)
"{C09FB3CD-3D0C-3F2D-899A-6A1D67F2073F}" = Microsoft .NET Framework 2.0 Service Pack 2
"{C4D738F7-996A-4C81-B8FA-C4E26D767E41}" = Windows Live Mail
"{CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}" = Microsoft .NET Framework 1.1
"{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1
"{D103C4BA-F905-437A-8049-DB24763BBE36}" = Skype™ 4.2
"{D3742F82-1C1A-4DCC-ABBD-0E7C3C0185CC}" = TuneUp Utilities
"{DEB6ACEB-C418-4880-9133-1C5EB9AFBC79}" = Eee Storage
"{E0A4805D-280A-4DD7-9E74-3A5F85E302A1}" = Windows Live Writer
"{E2DFE069-083E-4631-9B6C-43C48E991DE5}" = Junk Mail filter update
"{E63E34A7-E552-412B-9E40-FD6FC5227ABA}_is1" = Uniblue RegistryBooster
"{ED00D08A-3C5F-488D-93A0-A04F21F23956}" = Windows Live Communications Platform
"{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}" = Microsoft SQL Server 2005 Compact Edition [ENU]
"{F0E12BBA-AD66-4022-A453-A1C8A0C4D570}" = Microsoft Choice Guard
"{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver
"{F18DB86D-BC16-4E01-BCCE-63F62B931D82}" = InterVideo Register Manager
"{F8FF18EE-264A-43FD-B2F6-5EAD40798C2F}" = Windows Live Essentials
"Adobe Flash Player ActiveX" = Adobe Flash Player 10 ActiveX
"Adobe Shockwave Player" = Adobe Shockwave Player 11.5
"Avira AntiVir Desktop" = Avira AntiVir Personal - Free Antivirus
"Elantech" = ETDWare PS/2-x86 7.0.3.7 WHQL
"eMule Razorback 3" = eMule Razorback 3
"FILEminimizer Pictures_is1" = FILEminimizer Pictures
"HDMI" = Intel(R) Graphics Media Accelerator Driver
"ie8" = Windows Internet Explorer 8
"Malwarebytes' Anti-Malware_is1" = Malwarebytes' Anti-Malware
"Microsoft .NET Framework 1.1 (1033)" = Microsoft .NET Framework 1.1
"Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1
"Mozilla Firefox (4.0b4)" = Mozilla Firefox (4.0b4)
"RealPlayer 12.0" = RealPlayer
"Surf & E-Mail-Stick" = Surf & E-Mail-Stick
"TeamSpeak 3 Client" = TeamSpeak 3 Client
"TuneUp Utilities" = TuneUp Utilities
"vmmufiapoqyr" = Tagging System Revenuebuster
"WinLiveSuite_Wave3" = Windows Live Essentials
========== HKEY_CURRENT_USER Uninstall List ==========
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"TeamSpeak 3 Client" = TeamSpeak 3 Client
========== Last 10 Event Log Errors ==========
[ Application Events ]
Error - 13.08.2010 12:39:34 | Computer Name = BRITT | Source = Application Error | ID = 1000
Description = Fehlgeschlagene Anwendung iexplore.exe, Version 8.0.6001.18702, fehlgeschlagenes
Modul msvcrt.dll, Version 7.0.2600.5512, Fehleradresse 0x00036fa3.
Error - 16.08.2010 13:54:11 | Computer Name = BRITT | Source = Application Error | ID = 1000
Description = Fehlgeschlagene Anwendung ts3client_win32.exe, Version 1.0.0.0, fehlgeschlagenes
Modul unknown, Version 0.0.0.0, Fehleradresse 0xeae1e0ee.
Error - 18.08.2010 07:43:48 | Computer Name = BRITT | Source = WmiAdapter | ID = 4099
Description = Dienst konnte nicht geöffnet werden.
Error - 21.08.2010 09:23:17 | Computer Name = BRITT | Source = Windows Live Messenger | ID = 1000
Description =
Error - 22.08.2010 06:10:02 | Computer Name = BRITT | Source = Windows Live Messenger | ID = 1000
Description =
Error - 24.08.2010 17:35:47 | Computer Name = BRITT | Source = Application Error | ID = 1000
Description = Fehlgeschlagene Anwendung iexplore.exe, Version 8.0.6001.18702, fehlgeschlagenes
Modul flash10b.ocx, Version 10.0.22.87, Fehleradresse 0x000ca3d0.
Error - 25.08.2010 03:57:05 | Computer Name = BRITT | Source = Application Hang | ID = 1002
Description = Stillstehende Anwendung rundll32.exe, Version 5.1.2600.5512, Stillstandmodul
hungapp, Version 0.0.0.0, Stillstandadresse 0x00000000.
Error - 25.08.2010 06:00:54 | Computer Name = BRITT | Source = WmiAdapter | ID = 4099
Description = Dienst konnte nicht geöffnet werden.
Error - 27.08.2010 11:00:09 | Computer Name = BRITT | Source = WmiAdapter | ID = 4099
Description = Dienst konnte nicht geöffnet werden.
Error - 30.08.2010 15:15:24 | Computer Name = BRITT | Source = Application Error | ID = 1000
Description = Fehlgeschlagene Anwendung iexplore.exe, Version 8.0.6001.18702, fehlgeschlagenes
Modul wininet.dll, Version 8.0.6001.18939, Fehleradresse 0x0004ba0b.
[ Application Events ]
Error - 13.08.2010 12:39:34 | Computer Name = BRITT | Source = Application Error | ID = 1000
Description = Fehlgeschlagene Anwendung iexplore.exe, Version 8.0.6001.18702, fehlgeschlagenes
Modul msvcrt.dll, Version 7.0.2600.5512, Fehleradresse 0x00036fa3.
Error - 16.08.2010 13:54:11 | Computer Name = BRITT | Source = Application Error | ID = 1000
Description = Fehlgeschlagene Anwendung ts3client_win32.exe, Version 1.0.0.0, fehlgeschlagenes
Modul unknown, Version 0.0.0.0, Fehleradresse 0xeae1e0ee.
Error - 18.08.2010 07:43:48 | Computer Name = BRITT | Source = WmiAdapter | ID = 4099
Description = Dienst konnte nicht geöffnet werden.
Error - 21.08.2010 09:23:17 | Computer Name = BRITT | Source = Windows Live Messenger | ID = 1000
Description =
Error - 22.08.2010 06:10:02 | Computer Name = BRITT | Source = Windows Live Messenger | ID = 1000
Description =
Error - 24.08.2010 17:35:47 | Computer Name = BRITT | Source = Application Error | ID = 1000
Description = Fehlgeschlagene Anwendung iexplore.exe, Version 8.0.6001.18702, fehlgeschlagenes
Modul flash10b.ocx, Version 10.0.22.87, Fehleradresse 0x000ca3d0.
Error - 25.08.2010 03:57:05 | Computer Name = BRITT | Source = Application Hang | ID = 1002
Description = Stillstehende Anwendung rundll32.exe, Version 5.1.2600.5512, Stillstandmodul
hungapp, Version 0.0.0.0, Stillstandadresse 0x00000000.
Error - 25.08.2010 06:00:54 | Computer Name = BRITT | Source = WmiAdapter | ID = 4099
Description = Dienst konnte nicht geöffnet werden.
Error - 27.08.2010 11:00:09 | Computer Name = BRITT | Source = WmiAdapter | ID = 4099
Description = Dienst konnte nicht geöffnet werden.
Error - 30.08.2010 15:15:24 | Computer Name = BRITT | Source = Application Error | ID = 1000
Description = Fehlgeschlagene Anwendung iexplore.exe, Version 8.0.6001.18702, fehlgeschlagenes
Modul wininet.dll, Version 8.0.6001.18939, Fehleradresse 0x0004ba0b.
[ System Events ]
Error - 30.08.2010 12:06:13 | Computer Name = BRITT | Source = DCOM | ID = 10005
Description = Bei DCOM ist der Fehler "%1084" aufgetreten, als der Dienst "TuneUp.UtilitiesSvc"
mit den Argumenten "" gestartet wurde, um den folgenden Server zu verwenden: {FCA02D56-BF9D-4591-AD41-E59AF763C64A}
Error - 30.08.2010 12:06:14 | Computer Name = BRITT | Source = DCOM | ID = 10005
Description = Bei DCOM ist der Fehler "%1084" aufgetreten, als der Dienst "TuneUp.UtilitiesSvc"
mit den Argumenten "" gestartet wurde, um den folgenden Server zu verwenden: {FCA02D56-BF9D-4591-AD41-E59AF763C64A}
Error - 30.08.2010 12:06:15 | Computer Name = BRITT | Source = DCOM | ID = 10005
Description = Bei DCOM ist der Fehler "%1084" aufgetreten, als der Dienst "TuneUp.UtilitiesSvc"
mit den Argumenten "" gestartet wurde, um den folgenden Server zu verwenden: {FCA02D56-BF9D-4591-AD41-E59AF763C64A}
Error - 30.08.2010 12:06:16 | Computer Name = BRITT | Source = DCOM | ID = 10005
Description = Bei DCOM ist der Fehler "%1084" aufgetreten, als der Dienst "TuneUp.UtilitiesSvc"
mit den Argumenten "" gestartet wurde, um den folgenden Server zu verwenden: {FCA02D56-BF9D-4591-AD41-E59AF763C64A}
Error - 30.08.2010 12:06:20 | Computer Name = BRITT | Source = DCOM | ID = 10005
Description = Bei DCOM ist der Fehler "%1084" aufgetreten, als der Dienst "TuneUp.UtilitiesSvc"
mit den Argumenten "" gestartet wurde, um den folgenden Server zu verwenden: {FCA02D56-BF9D-4591-AD41-E59AF763C64A}
Error - 30.08.2010 12:06:40 | Computer Name = BRITT | Source = DCOM | ID = 10005
Description = Bei DCOM ist der Fehler "%1084" aufgetreten, als der Dienst "TuneUp.UtilitiesSvc"
mit den Argumenten "" gestartet wurde, um den folgenden Server zu verwenden: {FCA02D56-BF9D-4591-AD41-E59AF763C64A}
Error - 30.08.2010 12:07:05 | Computer Name = BRITT | Source = DCOM | ID = 10005
Description = Bei DCOM ist der Fehler "%1084" aufgetreten, als der Dienst "TuneUp.UtilitiesSvc"
mit den Argumenten "" gestartet wurde, um den folgenden Server zu verwenden: {FCA02D56-BF9D-4591-AD41-E59AF763C64A}
Error - 30.08.2010 12:07:25 | Computer Name = BRITT | Source = DCOM | ID = 10005
Description = Bei DCOM ist der Fehler "%1084" aufgetreten, als der Dienst "TuneUp.UtilitiesSvc"
mit den Argumenten "" gestartet wurde, um den folgenden Server zu verwenden: {FCA02D56-BF9D-4591-AD41-E59AF763C64A}
Error - 30.08.2010 12:09:02 | Computer Name = BRITT | Source = DCOM | ID = 10005
Description = Bei DCOM ist der Fehler "%1084" aufgetreten, als der Dienst "TuneUp.UtilitiesSvc"
mit den Argumenten "" gestartet wurde, um den folgenden Server zu verwenden: {FCA02D56-BF9D-4591-AD41-E59AF763C64A}
Error - 30.08.2010 12:10:26 | Computer Name = BRITT | Source = DCOM | ID = 10005
Description = Bei DCOM ist der Fehler "%1084" aufgetreten, als der Dienst "EventSystem"
mit den Argumenten "" gestartet wurde, um den folgenden Server zu verwenden: {1BE1F766-5536-11D1-B726-00C04FB926AF}
========== Extra Registry (SafeList) ==========
========== File Associations ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
[HKEY_CURRENT_USER\SOFTWARE\Classes\<extension>]
.html [@ = htmlfile] -- Reg Error: Key error. File not found
========== Shell Spawning ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
exefile [open] -- "%1" %*
htmlfile [edit] -- Reg Error: Key error.
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l (Microsoft Corporation)
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe /idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
========== Security Center Settings ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"FirstRunDisabled" = 1
"AntiVirusDisableNotify" = 0
"FirewallDisableNotify" = 0
"UpdatesDisableNotify" = 0
"AntiVirusOverride" = 0
"FirewallOverride" = 0
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\AhnlabAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ComputerAssociatesAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\KasperskyAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeFirewall]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaFirewall]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SophosAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TinyFirewall]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendFirewall]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ZoneLabsFirewall]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall" = 1
"DoNotAllowExceptions" = 0
"DisableNotifications" = 0
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]
========== Authorized Applications List ==========
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]
"C:\Programme\Windows Live\Sync\WindowsLiveSync.exe" = C:\Programme\Windows Live\Sync\WindowsLiveSync.exe:*:Enabled:Windows Live Sync -- (Microsoft Corporation)
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
"C:\Programme\eMule\emule.exe" = C:\Programme\eMule\emule.exe:*:Enabled:eMule -- (eMule-Project.net - Official eMule Homepage. Downloads, Help, Docu, News...)
"C:\Programme\Windows Live\Sync\WindowsLiveSync.exe" = C:\Programme\Windows Live\Sync\WindowsLiveSync.exe:*:Enabled:Windows Live Sync -- (Microsoft Corporation)
========== HKEY_LOCAL_MACHINE Uninstall List ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{002D9D5E-29BA-3E6D-9BC4-3D7D6DBC735C}" = Microsoft Visual C++ 2008 ATL Update kb973924 - x86 9.0.30729.4148
"{053B3DA8-91B5-4682-A130-715412A1A252}" = Paint.NET v3.5.4
"{0990B5DF-92C3-4AD6-A18D-BF3ADF311240}" = Super Hybrid Engine
"{19F5658D-92E8-4A08-8657-D38ABB1574B2}" = Asus ACPI Driver
"{205C6BDD-7B73-42DE-8505-9A093F35A238}" = Windows Live-Uploadtool
"{22B775E7-6C42-4FC5-8E10-9A5E3257BD94}" = MSVCRT
"{26A24AE4-039D-4CA4-87B4-2F83216013FF}" = Java(TM) 6 Update 17
"{2BA722D1-48D1-406E-9123-8AE5431D63EF}" = Windows Live Fotogalerie
"{3108C217-BE83-42E4-AE9E-A56A2A92E549}" = Atheros Communications Inc.(R) AR8121/AR8113/AR8114 Gigabit/Fast Ethernet Driver
"{3248F0A8-6813-11D6-A77B-00B0D0160030}" = Java(TM) 6 Update 3
"{350C97B3-3D7C-4EE8-BAA9-00BCB3D54227}" = WebFldrs XP
"{39D0E034-1042-4905-BECB-5502909FCB7C}" = Microsoft Works
"{4CBA3D4C-8F51-4D60-B27E-F6B641C571E7}" = Microsoft Search Enhancement Pack
"{587178E7-B1DF-494E-9838-FA4DD36E873C}" = ASUSUpdate for Eee PC
"{69333A04-5134-40A5-A055-9166A7AA1EC8}" =
"{6E4DAE31-7CF3-441A-B6E5-B014D63C80CD}" = Eee Instant Key
"{70B7A167-0B88-445D-A3EA-97C73AA88CAC}" = Windows Live Toolbar
"{76618402-179D-4699-A66B-D351C59436BC}" = Windows Live Sync
"{7EE873AF-46BB-4B5D-BA6F-CFE4B0566E22}" = TuneUp Utilities Language Pack (de-DE)
"{83E2CFA9-E0EB-4E08-9F85-43E577FF3D60}" = Windows Live Anmelde-Assistent
"{85E3CFBC-9B1B-470C-AF72-54EACA0F1322}" = ECAP
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{8A74E887-8F0F-4017-AF53-CBA42211AAA5}" = Microsoft Sync Framework Runtime Native v1.0 (x86)
"{90120000-0020-0407-0000-0000000FF1CE}" = Compatibility Pack für 2007 Office System
"{91810AFC-A4F8-4EBA-A5AA-B198BBC81144}" = InterVideo WinDVD
"{9510AB97-A36C-4352-8725-E72E5528FA1B}" = StarOffice 8 ASUS Edition
"{95120000-00B9-0409-0000-0000000FF1CE}" = Microsoft Application Error Reporting
"{981029E0-7FC9-4CF3-AB39-6F133621921A}" = Skype Toolbars
"{994223F3-A99B-4DDD-9E1D-0190A17C6860}" = Windows Live Family Safety
"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
"{A1F66FC9-11EE-4F2F-98C9-16F8D1E69FB7}" = Segoe UI
"{A3051CD0-2F64-3813-A88D-B8DCCDE8F8C7}" = Microsoft .NET Framework 3.0 Service Pack 2
"{A5C70685-914D-4BBF-A27C-8E2F99C4B38F}" = Radiotracker
"{A8D647C8-65AC-409F-B7B2-3C0FEE1A32F2}" = PixiePack Codec Pack
"{AC76BA86-7AD7-1031-7B44-A81300000003}" = Adobe Reader 8.1.4 - Deutsch
"{BD64AF4A-8C80-4152-AD77-FCDDF05208AB}" = Microsoft Sync Framework Services Native v1.0 (x86)
"{C09FB3CD-3D0C-3F2D-899A-6A1D67F2073F}" = Microsoft .NET Framework 2.0 Service Pack 2
"{C4D738F7-996A-4C81-B8FA-C4E26D767E41}" = Windows Live Mail
"{CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}" = Microsoft .NET Framework 1.1
"{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1
"{D103C4BA-F905-437A-8049-DB24763BBE36}" = Skype™ 4.2
"{D3742F82-1C1A-4DCC-ABBD-0E7C3C0185CC}" = TuneUp Utilities
"{DEB6ACEB-C418-4880-9133-1C5EB9AFBC79}" = Eee Storage
"{E0A4805D-280A-4DD7-9E74-3A5F85E302A1}" = Windows Live Writer
"{E2DFE069-083E-4631-9B6C-43C48E991DE5}" = Junk Mail filter update
"{E63E34A7-E552-412B-9E40-FD6FC5227ABA}_is1" = Uniblue RegistryBooster
"{ED00D08A-3C5F-488D-93A0-A04F21F23956}" = Windows Live Communications Platform
"{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}" = Microsoft SQL Server 2005 Compact Edition [ENU]
"{F0E12BBA-AD66-4022-A453-A1C8A0C4D570}" = Microsoft Choice Guard
"{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver
"{F18DB86D-BC16-4E01-BCCE-63F62B931D82}" = InterVideo Register Manager
"{F8FF18EE-264A-43FD-B2F6-5EAD40798C2F}" = Windows Live Essentials
"Adobe Flash Player ActiveX" = Adobe Flash Player 10 ActiveX
"Adobe Shockwave Player" = Adobe Shockwave Player 11.5
"Avira AntiVir Desktop" = Avira AntiVir Personal - Free Antivirus
"Elantech" = ETDWare PS/2-x86 7.0.3.7 WHQL
"eMule Razorback 3" = eMule Razorback 3
"FILEminimizer Pictures_is1" = FILEminimizer Pictures
"HDMI" = Intel(R) Graphics Media Accelerator Driver
"ie8" = Windows Internet Explorer 8
"Malwarebytes' Anti-Malware_is1" = Malwarebytes' Anti-Malware
"Microsoft .NET Framework 1.1 (1033)" = Microsoft .NET Framework 1.1
"Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1
"Mozilla Firefox (4.0b4)" = Mozilla Firefox (4.0b4)
"RealPlayer 12.0" = RealPlayer
"Surf & E-Mail-Stick" = Surf & E-Mail-Stick
"TeamSpeak 3 Client" = TeamSpeak 3 Client
"TuneUp Utilities" = TuneUp Utilities
"vmmufiapoqyr" = Tagging System Revenuebuster
"WinLiveSuite_Wave3" = Windows Live Essentials
========== HKEY_CURRENT_USER Uninstall List ==========
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"TeamSpeak 3 Client" = TeamSpeak 3 Client
========== Last 10 Event Log Errors ==========
[ Application Events ]
Error - 13.08.2010 12:39:34 | Computer Name = BRITT | Source = Application Error | ID = 1000
Description = Fehlgeschlagene Anwendung iexplore.exe, Version 8.0.6001.18702, fehlgeschlagenes
Modul msvcrt.dll, Version 7.0.2600.5512, Fehleradresse 0x00036fa3.
Error - 16.08.2010 13:54:11 | Computer Name = BRITT | Source = Application Error | ID = 1000
Description = Fehlgeschlagene Anwendung ts3client_win32.exe, Version 1.0.0.0, fehlgeschlagenes
Modul unknown, Version 0.0.0.0, Fehleradresse 0xeae1e0ee.
Error - 18.08.2010 07:43:48 | Computer Name = BRITT | Source = WmiAdapter | ID = 4099
Description = Dienst konnte nicht geöffnet werden.
Error - 21.08.2010 09:23:17 | Computer Name = BRITT | Source = Windows Live Messenger | ID = 1000
Description =
Error - 22.08.2010 06:10:02 | Computer Name = BRITT | Source = Windows Live Messenger | ID = 1000
Description =
Error - 24.08.2010 17:35:47 | Computer Name = BRITT | Source = Application Error | ID = 1000
Description = Fehlgeschlagene Anwendung iexplore.exe, Version 8.0.6001.18702, fehlgeschlagenes
Modul flash10b.ocx, Version 10.0.22.87, Fehleradresse 0x000ca3d0.
Error - 25.08.2010 03:57:05 | Computer Name = BRITT | Source = Application Hang | ID = 1002
Description = Stillstehende Anwendung rundll32.exe, Version 5.1.2600.5512, Stillstandmodul
hungapp, Version 0.0.0.0, Stillstandadresse 0x00000000.
Error - 25.08.2010 06:00:54 | Computer Name = BRITT | Source = WmiAdapter | ID = 4099
Description = Dienst konnte nicht geöffnet werden.
Error - 27.08.2010 11:00:09 | Computer Name = BRITT | Source = WmiAdapter | ID = 4099
Description = Dienst konnte nicht geöffnet werden.
Error - 30.08.2010 15:15:24 | Computer Name = BRITT | Source = Application Error | ID = 1000
Description = Fehlgeschlagene Anwendung iexplore.exe, Version 8.0.6001.18702, fehlgeschlagenes
Modul wininet.dll, Version 8.0.6001.18939, Fehleradresse 0x0004ba0b.
[ Application Events ]
Error - 13.08.2010 12:39:34 | Computer Name = BRITT | Source = Application Error | ID = 1000
Description = Fehlgeschlagene Anwendung iexplore.exe, Version 8.0.6001.18702, fehlgeschlagenes
Modul msvcrt.dll, Version 7.0.2600.5512, Fehleradresse 0x00036fa3.
Error - 16.08.2010 13:54:11 | Computer Name = BRITT | Source = Application Error | ID = 1000
Description = Fehlgeschlagene Anwendung ts3client_win32.exe, Version 1.0.0.0, fehlgeschlagenes
Modul unknown, Version 0.0.0.0, Fehleradresse 0xeae1e0ee.
Error - 18.08.2010 07:43:48 | Computer Name = BRITT | Source = WmiAdapter | ID = 4099
Description = Dienst konnte nicht geöffnet werden.
Error - 21.08.2010 09:23:17 | Computer Name = BRITT | Source = Windows Live Messenger | ID = 1000
Description =
Error - 22.08.2010 06:10:02 | Computer Name = BRITT | Source = Windows Live Messenger | ID = 1000
Description =
Error - 24.08.2010 17:35:47 | Computer Name = BRITT | Source = Application Error | ID = 1000
Description = Fehlgeschlagene Anwendung iexplore.exe, Version 8.0.6001.18702, fehlgeschlagenes
Modul flash10b.ocx, Version 10.0.22.87, Fehleradresse 0x000ca3d0.
Error - 25.08.2010 03:57:05 | Computer Name = BRITT | Source = Application Hang | ID = 1002
Description = Stillstehende Anwendung rundll32.exe, Version 5.1.2600.5512, Stillstandmodul
hungapp, Version 0.0.0.0, Stillstandadresse 0x00000000.
Error - 25.08.2010 06:00:54 | Computer Name = BRITT | Source = WmiAdapter | ID = 4099
Description = Dienst konnte nicht geöffnet werden.
Error - 27.08.2010 11:00:09 | Computer Name = BRITT | Source = WmiAdapter | ID = 4099
Description = Dienst konnte nicht geöffnet werden.
Error - 30.08.2010 15:15:24 | Computer Name = BRITT | Source = Application Error | ID = 1000
Description = Fehlgeschlagene Anwendung iexplore.exe, Version 8.0.6001.18702, fehlgeschlagenes
Modul wininet.dll, Version 8.0.6001.18939, Fehleradresse 0x0004ba0b.
[ System Events ]
Error - 30.08.2010 12:06:13 | Computer Name = BRITT | Source = DCOM | ID = 10005
Description = Bei DCOM ist der Fehler "%1084" aufgetreten, als der Dienst "TuneUp.UtilitiesSvc"
mit den Argumenten "" gestartet wurde, um den folgenden Server zu verwenden: {FCA02D56-BF9D-4591-AD41-E59AF763C64A}
Error - 30.08.2010 12:06:14 | Computer Name = BRITT | Source = DCOM | ID = 10005
Description = Bei DCOM ist der Fehler "%1084" aufgetreten, als der Dienst "TuneUp.UtilitiesSvc"
mit den Argumenten "" gestartet wurde, um den folgenden Server zu verwenden: {FCA02D56-BF9D-4591-AD41-E59AF763C64A}
Error - 30.08.2010 12:06:15 | Computer Name = BRITT | Source = DCOM | ID = 10005
Description = Bei DCOM ist der Fehler "%1084" aufgetreten, als der Dienst "TuneUp.UtilitiesSvc"
mit den Argumenten "" gestartet wurde, um den folgenden Server zu verwenden: {FCA02D56-BF9D-4591-AD41-E59AF763C64A}
Error - 30.08.2010 12:06:16 | Computer Name = BRITT | Source = DCOM | ID = 10005
Description = Bei DCOM ist der Fehler "%1084" aufgetreten, als der Dienst "TuneUp.UtilitiesSvc"
mit den Argumenten "" gestartet wurde, um den folgenden Server zu verwenden: {FCA02D56-BF9D-4591-AD41-E59AF763C64A}
Error - 30.08.2010 12:06:20 | Computer Name = BRITT | Source = DCOM | ID = 10005
Description = Bei DCOM ist der Fehler "%1084" aufgetreten, als der Dienst "TuneUp.UtilitiesSvc"
mit den Argumenten "" gestartet wurde, um den folgenden Server zu verwenden: {FCA02D56-BF9D-4591-AD41-E59AF763C64A}
Error - 30.08.2010 12:06:40 | Computer Name = BRITT | Source = DCOM | ID = 10005
Description = Bei DCOM ist der Fehler "%1084" aufgetreten, als der Dienst "TuneUp.UtilitiesSvc"
mit den Argumenten "" gestartet wurde, um den folgenden Server zu verwenden: {FCA02D56-BF9D-4591-AD41-E59AF763C64A}
Error - 30.08.2010 12:07:05 | Computer Name = BRITT | Source = DCOM | ID = 10005
Description = Bei DCOM ist der Fehler "%1084" aufgetreten, als der Dienst "TuneUp.UtilitiesSvc"
mit den Argumenten "" gestartet wurde, um den folgenden Server zu verwenden: {FCA02D56-BF9D-4591-AD41-E59AF763C64A}
Error - 30.08.2010 12:07:25 | Computer Name = BRITT | Source = DCOM | ID = 10005
Description = Bei DCOM ist der Fehler "%1084" aufgetreten, als der Dienst "TuneUp.UtilitiesSvc"
mit den Argumenten "" gestartet wurde, um den folgenden Server zu verwenden: {FCA02D56-BF9D-4591-AD41-E59AF763C64A}
Error - 30.08.2010 12:09:02 | Computer Name = BRITT | Source = DCOM | ID = 10005
Description = Bei DCOM ist der Fehler "%1084" aufgetreten, als der Dienst "TuneUp.UtilitiesSvc"
mit den Argumenten "" gestartet wurde, um den folgenden Server zu verwenden: {FCA02D56-BF9D-4591-AD41-E59AF763C64A}
Error - 30.08.2010 12:10:26 | Computer Name = BRITT | Source = DCOM | ID = 10005
Description = Bei DCOM ist der Fehler "%1084" aufgetreten, als der Dienst "EventSystem"
mit den Argumenten "" gestartet wurde, um den folgenden Server zu verwenden: {1BE1F766-5536-11D1-B726-00C04FB926AF}
< End of report >
|
|
30.08.2010, 20:36
| #6 |
| | Ron ads revenuebuster/Sparkassenseite fragt tan ab/ netbook ohne Laufwerk-windows neu drauf machen? OTL Logfile: Code:
ATTFilter OTL logfile created on: 30.08.2010 21:23:29 - Run 1 OTL by OldTimer - Version 3.2.11.0 Folder = C:\Programme Windows XP Home Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation Internet Explorer (Version = 8.0.6001.18702) Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy 1.015,00 Mb Total Physical Memory | 252,00 Mb Available Physical Memory | 25,00% Memory free 2,00 Gb Paging File | 2,00 Gb Available in Paging File | 71,00% Paging File free Paging file location(s): C:\pagefile.sys 1522 1522 [binary data] %SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Programme Drive C: | 80,02 Gb Total Space | 63,31 Gb Free Space | 79,11% Space Free | Partition Type: NTFS Drive D: | 69,00 Gb Total Space | 68,91 Gb Free Space | 99,87% Space Free | Partition Type: NTFS E: Drive not present or media not loaded F: Drive not present or media not loaded G: Drive not present or media not loaded H: Drive not present or media not loaded I: Drive not present or media not loaded Computer Name: BRITT Current User Name: Britta Logged in as Administrator. Current Boot Mode: Normal Scan Mode: Current user Company Name Whitelist: Off Skip Microsoft Files: Off File Age = 30 Days Output = Minimal ========== Processes (SafeList) ========== PRC - C:\Programme\OTL.exe (OldTimer Tools) PRC - C:\Programme\Mozilla Firefox 4.0 Beta 4\firefox.exe (Mozilla Corporation) PRC - C:\Programme\TuneUp Utilities 2010\TuneUpUtilitiesApp32.exe (TuneUp Software) PRC - C:\Programme\TuneUp Utilities 2010\TuneUpUtilitiesService32.exe (TuneUp Software) PRC - C:\Programme\Uniblue\RegistryBooster\registrybooster.exe (Uniblue Systems Limited) PRC - C:\Programme\Uniblue\RegistryBooster\rbmonitor.exe (Uniblue Systems Limited) PRC - C:\Programme\Malwarebytes' Anti-Malware\mbam.exe (Malwarebytes Corporation) PRC - C:\Programme\Gemeinsame Dateien\Real\Update_OB\realsched.exe (RealNetworks, Inc.) PRC - C:\Programme\Avira\AntiVir Desktop\sched.exe (Avira GmbH) PRC - C:\Programme\Avira\AntiVir Desktop\avguard.exe (Avira GmbH) PRC - C:\Programme\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe (Microsoft Corporation) PRC - C:\Programme\Avira\AntiVir Desktop\avgnt.exe (Avira GmbH) PRC - C:\Programme\Windows Live\Toolbar\wltuser.exe (Microsoft Corporation) PRC - C:\Programme\EeePC\ACPI\AsTray.exe (ASUSTeK Computer Inc.) PRC - C:\Programme\EeePC\ACPI\AsAcpiSvr.exe (ASUSTeK Computer Inc.) PRC - C:\Programme\Elantech\ETDCTRL.EXE (ELANTECH Devices Corp.) PRC - C:\Programme\Asus\EeePC\Super Hybrid Engine\SuperHybridEngine.exe (ASUSTeK Computer Inc.) PRC - C:\Programme\EeePC\ACPI\AsEPCMon.exe (ASUSTeK Computer Inc.) PRC - C:\WINDOWS\explorer.exe (Microsoft Corporation) PRC - C:\Programme\Sun\StarOffice 8\program\soffice.bin (Sun Microsystems, Inc.) PRC - C:\Programme\Sun\StarOffice 8\program\soffice.exe (Sun Microsystems, Inc.) PRC - C:\WINDOWS\system32\igfxext.exe (Intel Corporation) PRC - C:\Programme\Gemeinsame Dateien\InterVideo\RegMgr\iviRegMgr.exe (InterVideo) ========== Modules (SafeList) ========== MOD - C:\Programme\OTL.exe (OldTimer Tools) MOD - C:\WINDOWS\system32\mstiosk.dll () MOD - C:\WINDOWS\system32\msscript.ocx (Microsoft Corporation) ========== Win32 Services (SafeList) ========== SRV - (HidServ) -- C:\WINDOWS\System32\hidserv.dll File not found SRV - (AppMgmt) -- C:\WINDOWS\System32\appmgmts.dll File not found SRV - (TuneUp.Defrag) -- C:\Programme\TuneUp Utilities 2010\TuneUpDefragService.exe (TuneUp Software) SRV - (TuneUp.UtilitiesSvc) -- C:\Programme\TuneUp Utilities 2010\TuneUpUtilitiesService32.exe (TuneUp Software) SRV - (UxTuneUp) -- C:\WINDOWS\system32\uxtuneup.dll (TuneUp Software) SRV - (AntiVirSchedulerService) -- C:\Programme\Avira\AntiVir Desktop\sched.exe (Avira GmbH) SRV - (AntiVirService) -- C:\Programme\Avira\AntiVir Desktop\avguard.exe (Avira GmbH) SRV - (fsssvc) -- C:\Programme\Windows Live\Family Safety\fsssvc.exe (Microsoft Corporation) SRV - (SeaPort) -- C:\Programme\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe (Microsoft Corporation) SRV - (IviRegMgr) -- C:\Programme\Gemeinsame Dateien\InterVideo\RegMgr\iviRegMgr.exe (InterVideo) ========== Driver Services (SafeList) ========== DRV - (MBAMSwissArmy) -- C:\WINDOWS\system32\drivers\mbamswissarmy.sys (Malwarebytes Corporation) DRV - (TuneUpUtilitiesDrv) -- C:\Programme\TuneUp Utilities 2010\TuneUpUtilitiesDriver32.sys (TuneUp Software) DRV - (avgntflt) -- C:\WINDOWS\system32\drivers\avgntflt.sys (Avira GmbH) DRV - (ssmdrv) -- C:\WINDOWS\system32\drivers\ssmdrv.sys (Avira GmbH) DRV - (fssfltr) -- C:\WINDOWS\system32\drivers\fssfltr_tdi.sys (Microsoft Corporation) DRV - (avipbb) -- C:\WINDOWS\system32\drivers\avipbb.sys (Avira GmbH) DRV - (avgio) -- C:\Programme\Avira\AntiVir Desktop\avgio.sys (Avira GmbH) DRV - (hwdatacard) -- C:\WINDOWS\system32\drivers\ewusbmdm.sys (Huawei Technologies Co., Ltd.) DRV - (IntcAzAudAddService) Service for Realtek HD Audio (WDM) -- C:\WINDOWS\system32\drivers\RtkHDAud.sys (Realtek Semiconductor Corp.) DRV - (Ktp) -- C:\WINDOWS\system32\drivers\ETD.sys (ELANTECH Devices Corp.) DRV - (HDAudBus) -- C:\WINDOWS\system32\drivers\hdaudbus.sys (Windows (R) Server 2003 DDK provider) DRV - (L1e) -- C:\WINDOWS\system32\drivers\l1e51x86.sys (Atheros Communications, Inc.) DRV - (AsusACPI) -- C:\WINDOWS\system32\drivers\ASUSACPI.SYS (ASUSTeK Computer Inc.) DRV - (AR5211) -- C:\WINDOWS\system32\drivers\ar5211.sys (Atheros Communications, Inc.) DRV - (ialm) -- C:\WINDOWS\system32\drivers\igxpmp32.sys (Intel Corporation) ========== Standard Registry (SafeList) ========== ========== Internet Explorer ========== IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = about:blank IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 ========== FireFox ========== FF - prefs.js..browser.search.useDBForOrder: true FF - prefs.js..network.proxy.type: 0 FF - HKLM\software\mozilla\Mozilla Firefox 4.0b4\extensions\\Components: C:\Programme\Mozilla Firefox 4.0 Beta 4\components [2010.08.25 10:09:55 | 000,000,000 | ---D | M] [2010.08.08 23:14:09 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Britta\Anwendungsdaten\Mozilla\Extensions [2010.08.08 23:14:09 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Britta\Anwendungsdaten\Mozilla\Extensions\IMVUClientXUL@imvu.com [2010.08.26 13:28:48 | 000,001,622 | ---- | M] () -- C:\Dokumente und Einstellungen\Britta\Anwendungsdaten\Mozilla\Firefox\Profiles\ikgofx0q.default\searchplugins\bing.xml [2010.08.27 17:03:53 | 000,002,698 | ---- | M] () -- C:\Dokumente und Einstellungen\Britta\Anwendungsdaten\Mozilla\Firefox\Profiles\ikgofx0q.default\searchplugins\twitter.xml O1 HOSTS File: ([2008.04.14 14:00:00 | 000,000,820 | ---- | M]) - C:\WINDOWS\system32\drivers\etc\hosts O1 - Hosts: 127.0.0.1 localhost O2 - BHO: (Adobe PDF Reader) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Programme\Gemeinsame Dateien\Adobe\Acrobat\ActiveX\AcroIEHelper.dll (Adobe Systems Incorporated) O2 - BHO: (RealPlayer Download and Record Plugin for Internet Explorer) - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\Programme\Real\RealPlayer\rpbrowserrecordplugin.dll (RealPlayer) O2 - BHO: (nixneues.de Toolbar) - {33988062-a155-4ff7-ae2f-4288a3f076d5} - Reg Error: Value error. File not found O2 - BHO: (Search Helper) - {6EBF7485-159F-4bff-A14F-B9E3AAC4465B} - C:\Programme\Microsoft\Search Enhancement Pack\Search Helper\SEPsearchhelperie.dll (Microsoft Corporation) O2 - BHO: (Windows Live Anmelde-Hilfsprogramm) - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Programme\Gemeinsame Dateien\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corporation) O2 - BHO: (Skype add-on for Internet Explorer) - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Programme\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.) O2 - BHO: (Windows Live Toolbar Helper) - {E15A8DC0-8516-42A1-81EA-DC94EC1ACF10} - C:\Programme\Windows Live\Toolbar\wltcore.dll (Microsoft Corporation) O3 - HKLM\..\Toolbar: (&Windows Live Toolbar) - {21FA44EF-376D-4D53-9B0F-8A89D3229068} - C:\Programme\Windows Live\Toolbar\wltcore.dll (Microsoft Corporation) O3 - HKLM\..\Toolbar: (nixneues.de Toolbar) - {33988062-a155-4ff7-ae2f-4288a3f076d5} - Reg Error: Value error. File not found O3 - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found. O3 - HKCU\..\Toolbar\WebBrowser: (nixneues.de Toolbar) - {33988062-A155-4FF7-AE2F-4288A3F076D5} - Reg Error: Value error. File not found O4 - HKLM..\Run: [Alcmtr] C:\WINDOWS\Alcmtr.exe (Realtek Semiconductor Corp.) O4 - HKLM..\Run: [AsusACPIServer] C:\Programme\EeePC\ACPI\AsAcpiSvr.exe (ASUSTeK Computer Inc.) O4 - HKLM..\Run: [AsusEPCMonitor] C:\Programme\EeePC\ACPI\AsEPCMon.exe (ASUSTeK Computer Inc.) O4 - HKLM..\Run: [AsusTray] C:\Programme\EeePC\ACPI\AsTray.exe (ASUSTeK Computer Inc.) O4 - HKLM..\Run: [avgnt] C:\Programme\Avira\AntiVir Desktop\avgnt.exe (Avira GmbH) O4 - HKLM..\Run: [ETDWare] C:\Programme\Elantech\ETDCTRL.EXE (ELANTECH Devices Corp.) O4 - HKLM..\Run: [TkBellExe] C:\Programme\Gemeinsame Dateien\Real\Update_OB\realsched.exe (RealNetworks, Inc.) O4 - HKCU..\Run: [RegistryBooster] C:\Programme\Uniblue\RegistryBooster\launcher.exe (Uniblue Systems Limited) O4 - HKLM..\RunOnce: [Malwarebytes' Anti-Malware] C:\Programme\Malwarebytes' Anti-Malware\mbamgui.exe (Malwarebytes Corporation) O4 - Startup: C:\Dokumente und Einstellungen\All Users\Startmenü\Programme\Autostart\SuperHybridEngine.lnk = C:\Programme\Asus\EeePC\Super Hybrid Engine\SuperHybridEngine.exe (ASUSTeK Computer Inc.) O4 - Startup: C:\Dokumente und Einstellungen\Britta\Startmenü\Programme\Autostart\StarOffice 8.lnk = C:\Programme\Sun\StarOffice 8\program\quickstart.exe () O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1 O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145 O9 - Extra Button: In Blog veröffentlichen - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Programme\Windows Live\Writer\WriterBrowserExtension.dll (Microsoft Corporation) O9 - Extra 'Tools' menuitem : In Windows Live Writer in Blog veröffentliche&n - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Programme\Windows Live\Writer\WriterBrowserExtension.dll (Microsoft Corporation) O9 - Extra Button: Skype add-on for Internet Explorer - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Programme\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.) O9 - Extra 'Tools' menuitem : Skype add-on for Internet Explorer - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Programme\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.) O9 - Extra Button: Run IMVU - {d9288080-1baa-4bc4-9cf8-a92d743db949} - C:\Dokumente und Einstellungen\Britta\Startmenü\Programme\IMVU\Run IMVU.lnk File not found O16 - DPF: {166B1BCA-3F9C-11CF-8075-444553540000} hxxp://download.macromedia.com/pub/shockwave/cabs/director/sw.cab (Shockwave ActiveX Control) O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_17-windows-i586.cab (Java Plug-in 1.6.0_17) O16 - DPF: {CAFEEFAC-0016-0000-0003-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_03-windows-i586.cab (Reg Error: Key error.) O16 - DPF: {CAFEEFAC-0016-0000-0017-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_17-windows-i586.cab (Java Plug-in 1.6.0_17) O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_17-windows-i586.cab (Java Plug-in 1.6.0_17) O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.2.1 O18 - Protocol\Handler\http\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Gemeinsame Dateien\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation) O18 - Protocol\Handler\http\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Gemeinsame Dateien\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation) O18 - Protocol\Handler\https\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Gemeinsame Dateien\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation) O18 - Protocol\Handler\https\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Gemeinsame Dateien\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation) O18 - Protocol\Handler\ipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Gemeinsame Dateien\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation) O18 - Protocol\Handler\msdaipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Gemeinsame Dateien\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation) O18 - Protocol\Handler\msdaipp\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Gemeinsame Dateien\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation) O18 - Protocol\Handler\ms-itss {0A9007C0-4076-11D3-8789-0000F8105754} - C:\Programme\Gemeinsame Dateien\Microsoft Shared\Information Retrieval\msitss.dll (Microsoft Corporation) O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Programme\Gemeinsame Dateien\Skype\Skype4COM.dll (Skype Technologies) O18 - Protocol\Handler\skype-ie-addon-data {91774881-D725-4E58-B298-07617B9B86A8} - C:\Programme\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.) O18 - Protocol\Handler\wlmailhtml {03C514A3-1EFB-4856-9F99-10D7BE1653C0} - C:\Programme\Windows Live\Mail\mailcomm.dll (Microsoft Corporation) O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation) O20 - Winlogon\Notify\igfxcui: DllName - igfxdev.dll - C:\WINDOWS\System32\igfxdev.dll (Intel Corporation) O24 - Desktop Components:0 (Die derzeitige Homepage) - About:Home O24 - Desktop WallPaper: C:\Dokumente und Einstellungen\Britta\Lokale Einstellungen\Anwendungsdaten\Microsoft\Wallpaper1.bmp O24 - Desktop BackupWallPaper: C:\Dokumente und Einstellungen\Britta\Lokale Einstellungen\Anwendungsdaten\Microsoft\Wallpaper1.bmp O32 - HKLM CDRom: AutoRun - 1 O32 - AutoRun File - [2008.08.08 09:20:06 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ] O33 - MountPoints2\{58a151ae-9cac-11de-9c74-00224336c51d}\Shell - "" = AutoRun O33 - MountPoints2\{58a151ae-9cac-11de-9c74-00224336c51d}\Shell\AutoRun - "" = Auto&Play O33 - MountPoints2\{58a151ae-9cac-11de-9c74-00224336c51d}\Shell\AutoRun\command - "" = E:\AutoRun.exe -- File not found O33 - MountPoints2\{58a151af-9cac-11de-9c74-00224336c51d}\Shell - "" = AutoRun O33 - MountPoints2\{58a151af-9cac-11de-9c74-00224336c51d}\Shell\AutoRun - "" = Auto&Play O33 - MountPoints2\{58a151af-9cac-11de-9c74-00224336c51d}\Shell\AutoRun\command - "" = E:\AutoRun.exe -- File not found O33 - MountPoints2\{7f1bf00c-24b3-11df-9e5b-00224336c51d}\Shell - "" = AutoRun O33 - MountPoints2\{7f1bf00c-24b3-11df-9e5b-00224336c51d}\Shell\AutoRun - "" = Auto&Play O33 - MountPoints2\{7f1bf00c-24b3-11df-9e5b-00224336c51d}\Shell\AutoRun\command - "" = E:\AutoRun.exe -- File not found O33 - MountPoints2\{90526ef1-9e46-11df-9fe8-00224336c51d}\Shell\AutoRun\command - "" = E:\Menu.exe -- File not found O33 - MountPoints2\{dcac42f0-6b0c-11de-9bb8-00224336c51d}\Shell - "" = AutoRun O33 - MountPoints2\{dcac42f0-6b0c-11de-9bb8-00224336c51d}\Shell\AutoRun - "" = Auto&Play O33 - MountPoints2\{dcac42f0-6b0c-11de-9bb8-00224336c51d}\Shell\AutoRun\command - "" = E:\AutoRun.exe -- File not found O33 - MountPoints2\{dcac42f3-6b0c-11de-9bb8-00224336c51d}\Shell - "" = AutoRun O33 - MountPoints2\{dcac42f3-6b0c-11de-9bb8-00224336c51d}\Shell\AutoRun - "" = Auto&Play O33 - MountPoints2\{dcac42f3-6b0c-11de-9bb8-00224336c51d}\Shell\AutoRun\command - "" = E:\AutoRun.exe -- File not found O34 - HKLM BootExecute: (autocheck autochk *) - File not found O35 - HKLM\..comfile [open] -- "%1" %* O35 - HKLM\..exefile [open] -- "%1" %* O36 - AppCertDlls: mmchost - (C:\WINDOWS\system32\mstiosk.dll) - C:\WINDOWS\system32\mstiosk.dll () O37 - HKLM\...com [@ = comfile] -- "%1" %* O37 - HKLM\...exe [@ = exefile] -- "%1" %* ========== Files/Folders - Created Within 30 Days ========== [2011.08.08 14:48:55 | 003,426,072 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\d3dx9_32.dll [2011.08.08 14:46:33 | 000,000,000 | -HSD | C] -- C:\Programme\Gemeinsame Dateien\WindowsLiveInstaller [2011.08.08 14:46:30 | 000,000,000 | ---D | C] -- C:\Programme\Windows Live [2011.08.08 14:46:25 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\WLInstaller [2011.08.08 14:46:03 | 000,000,000 | ---D | C] -- C:\Programme\Microsoft Office [2011.08.08 14:45:27 | 000,000,000 | ---D | C] -- C:\Programme\Microsoft Works [2011.08.08 14:44:54 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Adobe [2011.08.08 14:44:47 | 000,000,000 | ---D | C] -- C:\Programme\Gemeinsame Dateien\Adobe [2011.08.08 14:44:01 | 000,000,000 | ---D | C] -- C:\Programme\Microsoft SQL Server Compact Edition [2011.08.08 14:43:49 | 000,044,768 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\wups2.dll [2011.08.08 14:43:48 | 000,023,264 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\wucltui.dll.mui [2011.08.08 14:43:48 | 000,018,144 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\wuaueng.dll.mui [2011.08.08 14:43:48 | 000,015,584 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\wuaucpl.cpl.mui [2011.08.08 14:43:48 | 000,015,584 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\wuapi.dll.mui [2011.08.08 14:43:48 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\SoftwareDistribution [2011.08.08 14:39:20 | 000,000,000 | R-SD | C] -- C:\WINDOWS\assembly [2011.08.08 14:39:19 | 000,000,000 | ---D | C] -- C:\WINDOWS\Microsoft.NET [2011.08.08 14:39:18 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\URTTemp [2011.08.08 14:37:52 | 000,000,000 | ---D | C] -- C:\Programme\Asus [2011.08.08 14:36:52 | 000,011,264 | ---- | C] (ASUSTeK Computer Inc.) -- C:\WINDOWS\System32\drivers\ASUSACPI.SYS [2011.08.08 14:36:51 | 000,000,000 | ---D | C] -- C:\Programme\EeePC [2011.08.08 14:36:32 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\Atheros_L1e [2011.08.08 14:36:06 | 000,172,032 | ---- | C] (Intel Corporation) -- C:\WINDOWS\System32\igfxrita.lrc [2011.08.08 14:36:06 | 000,159,744 | ---- | C] (Intel Corporation) -- C:\WINDOWS\System32\igfxrsve.lrc [2011.08.08 14:36:06 | 000,159,744 | ---- | C] (Intel Corporation) -- C:\WINDOWS\System32\igfxrdan.lrc [2011.08.08 14:36:06 | 000,155,648 | ---- | C] (Intel Corporation) -- C:\WINDOWS\System32\igfxrtrk.lrc [2011.08.08 14:36:06 | 000,139,264 | ---- | C] (Intel Corporation) -- C:\WINDOWS\System32\igfxrheb.lrc [2011.08.08 14:36:06 | 000,114,688 | ---- | C] (Intel Corporation) -- C:\WINDOWS\System32\igfxrkor.lrc [2011.08.08 14:36:06 | 000,114,688 | ---- | C] (Intel Corporation) -- C:\WINDOWS\System32\igfxrjpn.lrc [2011.08.08 14:36:06 | 000,053,248 | ---- | C] (Intel Corporation) -- C:\WINDOWS\System32\igxprd32.dll [2011.08.08 14:36:06 | 000,023,552 | ---- | C] (Intel Corporation) -- C:\WINDOWS\System32\igfxexps.dll [2011.08.08 14:36:05 | 001,181,824 | ---- | C] (Intel Corporation) -- C:\WINDOWS\System32\drivers\igxpmp32.sys [2011.08.08 14:36:05 | 000,167,936 | ---- | C] (Intel Corporation) -- C:\WINDOWS\System32\igfxrfra.lrc [2011.08.08 14:36:05 | 000,159,744 | ---- | C] (Intel Corporation) -- C:\WINDOWS\System32\igfxrcsy.lrc [2011.08.08 14:36:05 | 000,147,456 | ---- | C] (Intel Corporation) -- C:\WINDOWS\System32\igfxrtha.lrc [2011.08.08 14:36:05 | 000,143,360 | ---- | C] (Intel Corporation) -- C:\WINDOWS\System32\igfxrara.lrc [2011.08.08 14:36:05 | 000,129,560 | ---- | C] (Intel Corporation) -- C:\WINDOWS\System32\igfxext.exe [2011.08.08 14:36:05 | 000,044,032 | ---- | C] (Intel Corporation) -- C:\WINDOWS\System32\igfxsrvc.dll [2011.08.08 14:36:04 | 003,276,800 | ---- | C] (Intel Corporation) -- C:\WINDOWS\System32\igfxress.dll [2011.08.08 14:36:04 | 002,363,392 | ---- | C] (Intel Corporation) -- C:\WINDOWS\System32\iglicd32.dll [2011.08.08 14:36:04 | 002,262,528 | ---- | C] (Intel Corporation) -- C:\WINDOWS\System32\igxpdx32.dll [2011.08.08 14:36:04 | 001,442,848 | ---- | C] (Intel Corporation) -- C:\WINDOWS\System32\igxpdv32.dll [2011.08.08 14:36:04 | 000,457,240 | ---- | C] (Intel Corporation) -- C:\WINDOWS\System32\igfxcfg.exe [2011.08.08 14:36:04 | 000,454,656 | ---- | C] (Intel Corporation) -- C:\WINDOWS\System32\igldev32.dll [2011.08.08 14:36:04 | 000,312,320 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\difx32.dll [2011.08.08 14:36:04 | 000,176,128 | ---- | C] (Intel Corporation) -- C:\WINDOWS\System32\igfxrell.lrc [2011.08.08 14:36:04 | 000,176,128 | ---- | C] (Intel Corporation) -- C:\WINDOWS\System32\igfxrdeu.lrc [2011.08.08 14:36:04 | 000,172,032 | ---- | C] (Intel Corporation) -- C:\WINDOWS\System32\igfxrnld.lrc [2011.08.08 14:36:04 | 000,172,032 | ---- | C] (Intel Corporation) -- C:\WINDOWS\System32\igfxresp.lrc [2011.08.08 14:36:04 | 000,167,936 | ---- | C] (Intel Corporation) -- C:\WINDOWS\System32\igfxrhun.lrc [2011.08.08 14:36:04 | 000,163,840 | ---- | C] (Intel Corporation) -- C:\WINDOWS\System32\igfxrrus.lrc [2011.08.08 14:36:04 | 000,163,840 | ---- | C] (Intel Corporation) -- C:\WINDOWS\System32\igfxrptg.lrc [2011.08.08 14:36:04 | 000,163,840 | ---- | C] (Intel Corporation) -- C:\WINDOWS\System32\igfxrptb.lrc [2011.08.08 14:36:04 | 000,163,840 | ---- | C] (Intel Corporation) -- C:\WINDOWS\System32\igfxrplk.lrc [2011.08.08 14:36:04 | 000,163,840 | ---- | C] (Intel Corporation) -- C:\WINDOWS\System32\igfxpph.dll [2011.08.08 14:36:04 | 000,159,744 | ---- | C] (Intel Corporation) -- C:\WINDOWS\System32\igfxrnor.lrc [2011.08.08 14:36:04 | 000,159,744 | ---- | C] (Intel Corporation) -- C:\WINDOWS\System32\igfxrfin.lrc [2011.08.08 14:36:04 | 000,155,648 | ---- | C] (Intel Corporation) -- C:\WINDOWS\System32\igfxrenu.lrc [2011.08.08 14:36:04 | 000,155,648 | ---- | C] (Intel Corporation) -- C:\WINDOWS\System32\igfxdev.dll [2011.08.08 14:36:04 | 000,146,432 | ---- | C] (Intel Corporation) -- C:\WINDOWS\System32\igxpgd32.dll [2011.08.08 14:36:04 | 000,113,176 | ---- | C] (Intel Corporation) -- C:\WINDOWS\System32\igfxzoom.exe [2011.08.08 14:36:04 | 000,098,304 | ---- | C] (Intel Corporation) -- C:\WINDOWS\System32\igfxrcht.lrc [2011.08.08 14:36:04 | 000,098,304 | ---- | C] (Intel Corporation) -- C:\WINDOWS\System32\igfxrchs.lrc [2011.08.08 14:36:04 | 000,098,304 | ---- | C] (Intel Corporation) -- C:\WINDOWS\System32\igfxdo.dll [2011.08.08 14:36:04 | 000,094,208 | ---- | C] (Intel Corporation) -- C:\WINDOWS\System32\igfxcpl.cpl [2011.08.08 14:36:04 | 000,081,920 | ---- | C] (Intel Corporation) -- C:\WINDOWS\System32\hccutils.dll [2011.08.08 14:36:04 | 000,057,344 | ---- | C] (Intel Corporation) -- C:\WINDOWS\System32\oemdspif.dll [2011.08.08 14:36:03 | 000,371,224 | ---- | C] (Intel(R) Corporation) -- C:\WINDOWS\System32\igxpun.exe [2011.08.08 14:36:03 | 000,312,320 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\difxapi.dll [2011.08.08 14:36:03 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\Lang [2011.08.08 14:35:09 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\ReinstallBackups [2011.08.08 14:35:07 | 000,000,000 | ---D | C] -- C:\Programme\Intel [2011.08.08 14:35:07 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\DRVSTORE [2011.08.08 14:35:00 | 000,000,000 | ---D | C] -- C:\Intel [2011.08.08 14:34:55 | 000,006,272 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\splitter.sys [2011.08.08 14:34:53 | 000,083,072 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\wdmaud.sys [2011.08.08 14:34:50 | 000,052,864 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\dmusic.sys [2011.08.08 14:34:47 | 000,056,576 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\swmidi.sys [2011.08.08 14:34:45 | 000,142,592 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\aec.sys [2011.08.08 14:34:43 | 000,172,416 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\kmixer.sys [2011.08.08 14:34:41 | 000,002,944 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\drmkaud.sys [2011.08.08 14:34:39 | 000,060,800 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\sysaudio.sys [2011.08.08 14:34:34 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\RTCOM [2011.08.08 14:34:30 | 000,146,048 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\drivers\portcls.sys [2011.08.08 14:34:30 | 000,146,048 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\portcls.sys [2011.08.08 14:34:30 | 000,060,160 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\drivers\drmk.sys [2011.08.08 14:34:30 | 000,060,160 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\drmk.sys [2011.08.08 14:34:25 | 001,826,816 | ---- | C] (Realtek Semiconductor Corp.) -- C:\WINDOWS\SkyTel.exe [2011.08.08 14:34:25 | 001,196,032 | ---- | C] (Realtek Semiconductor Corp.) -- C:\WINDOWS\RtlUpd.exe [2011.08.08 14:34:25 | 000,266,240 | ---- | C] (Realtek Semiconductor Corp.) -- C:\WINDOWS\System32\RTSndMgr.cpl [2011.08.08 14:34:25 | 000,077,824 | ---- | C] (Realtek Semiconductor Corp.) -- C:\WINDOWS\SoundMan.exe [2011.08.08 14:34:24 | 009,715,200 | ---- | C] (Realtek Semiconductor Corp.) -- C:\WINDOWS\RTLCPL.exe [2011.08.08 14:34:24 | 004,747,776 | ---- | C] (Realtek Semiconductor Corp.) -- C:\WINDOWS\System32\drivers\RtkHDAud.sys [2011.08.08 14:34:23 | 002,165,760 | ---- | C] (Realtek Semiconductor Corp.) -- C:\WINDOWS\MicCal.exe [2011.08.08 14:34:22 | 000,278,528 | ---- | C] (Realtek Semiconductor Corp.) -- C:\WINDOWS\System32\ALSndMgr.cpl [2011.08.08 14:34:21 | 002,808,832 | ---- | C] (RealTek Semicoductor Corp.) -- C:\WINDOWS\alcwzrd.exe [2011.08.08 14:34:21 | 000,057,344 | ---- | C] (Realtek Semiconductor Corp.) -- C:\WINDOWS\Alcmtr.exe [2011.08.08 14:34:21 | 000,000,000 | -H-D | C] -- C:\Programme\InstallShield Installation Information [2011.08.08 14:34:21 | 000,000,000 | ---D | C] -- C:\Programme\Realtek [2011.08.08 14:34:18 | 000,520,192 | ---- | C] (Realtek Semiconductor Corp.) -- C:\WINDOWS\RtlExUpd.dll [2011.08.08 14:34:18 | 000,315,392 | ---- | C] (Realtek Semiconductor Corp.) -- C:\WINDOWS\HideWin.exe [2011.08.08 14:34:14 | 000,000,000 | ---D | C] -- C:\Programme\Gemeinsame Dateien\InstallShield [2011.08.08 14:01:37 | 000,000,000 | -H-D | C] -- C:\Programme\Uninstall Information [2011.08.08 14:00:40 | 000,000,000 | ---D | C] -- C:\WINDOWS\SoftwareDistribution [2011.08.08 14:00:37 | 000,000,000 | ---D | C] -- C:\WINDOWS\Prefetch [2011.08.08 14:00:36 | 000,000,000 | --SD | C] -- C:\WINDOWS\System32\Microsoft [2011.08.08 14:00:35 | 000,000,000 | --SD | C] -- C:\Dokumente und Einstellungen\LocalService\Anwendungsdaten\Microsoft [2011.08.08 14:00:35 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\LocalService\Lokale Einstellungen\Anwendungsdaten\Microsoft [2011.08.08 14:00:34 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\NetworkService\Lokale Einstellungen\Anwendungsdaten\Microsoft [2011.08.08 14:00:33 | 000,000,000 | --SD | C] -- C:\Dokumente und Einstellungen\NetworkService\Anwendungsdaten\Microsoft [2010.08.30 21:20:53 | 000,574,976 | ---- | C] (OldTimer Tools) -- C:\Programme\OTL.exe [2010.08.30 20:47:24 | 006,153,648 | ---- | C] (Malwarebytes Corporation ) -- C:\Programme\mailware trojaner board bam-setup.exe [2010.08.30 17:08:58 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\Britta\Anwendungsdaten\Malwarebytes [2010.08.30 17:08:45 | 000,038,224 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbamswissarmy.sys [2010.08.30 17:08:40 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Malwarebytes [2010.08.30 17:08:38 | 000,020,952 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbam.sys [2010.08.30 17:08:38 | 000,000,000 | ---D | C] -- C:\Programme\Malwarebytes' Anti-Malware [2010.08.25 22:09:30 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\Britta\Startmenü\Eigene Dateien\Downloads [2010.08.25 10:10:17 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\Britta\Lokale Einstellungen\Anwendungsdaten\Mozilla [2010.08.25 10:09:39 | 000,000,000 | ---D | C] -- C:\Programme\Mozilla Firefox 4.0 Beta 4 [2010.08.25 10:07:57 | 009,595,848 | ---- | C] (Mozilla) -- C:\Programme\Firefox_Setup_4.0_Beta_4.exe [2010.08.25 09:46:29 | 000,030,528 | ---- | C] (TuneUp Software) -- C:\WINDOWS\System32\TURegOpt.exe [2010.08.25 09:46:26 | 000,030,016 | ---- | C] (TuneUp Software) -- C:\WINDOWS\System32\uxtuneup.dll [2010.08.25 09:45:37 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\Britta\Anwendungsdaten\TuneUp Software [2010.08.25 09:44:50 | 000,000,000 | ---D | C] -- C:\Programme\TuneUp Utilities 2010 [2010.08.25 09:44:02 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\TuneUp Software [2010.08.25 09:42:43 | 000,000,000 | -HSD | C] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\{D3742F82-1C1A-4DCC-ABBD-0E7C3C0185CC} [2010.08.25 09:42:24 | 019,807,040 | ---- | C] (TuneUp Software) -- C:\Programme\TUNEUP2010.exe [2010.08.25 09:21:13 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\Britta\Anwendungsdaten\Uniblue [2010.08.25 09:20:57 | 000,000,000 | ---D | C] -- C:\Programme\Uniblue [2010.08.08 23:17:29 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\Britta\Anwendungsdaten\Vivox [2010.08.08 23:14:09 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\Britta\Anwendungsdaten\Mozilla [2010.08.02 17:13:38 | 000,000,000 | ---D | C] -- C:\Programme\PixiePack Codec Pack [2010.08.02 17:12:44 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\Britta\Anwendungsdaten\FILEminimizerPictures [2010.08.02 17:12:24 | 000,000,000 | ---D | C] -- C:\Programme\FILEminimizer Pictures [2010.08.02 17:07:37 | 000,000,000 | ---D | C] -- C:\Programme\RapidSolution [2010.08.02 17:07:36 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\RapidSolution [2010.08.02 17:02:38 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\Britta\Lokale Einstellungen\Anwendungsdaten\RapidSolution [2009.12.07 02:01:04 | 000,431,104 | ---- | C] (Frogster Online Gaming GmbH) -- C:\Programme\FOGDownloader-RoM_2_1_0_1871.exe [2009.09.30 08:12:25 | 000,535,576 | ---- | C] (RealNetworks, Inc.) -- C:\Programme\RealPlayerSPGold_de.exe [2008.08.08 14:11:34 | 015,523,560 | ---- | C] (Macrovision Corporation) -- C:\Programme\U1 Setup.exe [1 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ] ========== Files - Modified Within 30 Days ========== [2011.08.08 14:38:42 | 000,000,692 | ---- | M] () -- C:\WINDOWS\setup.iss [2011.08.08 14:37:52 | 000,000,759 | ---- | M] () -- C:\Dokumente und Einstellungen\All Users\Startmenü\Programme\Autostart\SuperHybridEngine.lnk [2011.08.08 14:34:18 | 000,315,392 | ---- | M] (Realtek Semiconductor Corp.) -- C:\WINDOWS\HideWin.exe [2010.08.30 21:21:07 | 000,574,976 | ---- | M] (OldTimer Tools) -- C:\Programme\OTL.exe [2010.08.30 20:49:58 | 000,000,676 | ---- | M] () -- C:\Dokumente und Einstellungen\All Users\Desktop\Malwarebytes' Anti-Malware.lnk [2010.08.30 20:48:57 | 006,153,648 | ---- | M] (Malwarebytes Corporation ) -- C:\Programme\mailware trojaner board bam-setup.exe [2010.08.30 20:41:00 | 003,670,016 | ---- | M] () -- C:\Dokumente und Einstellungen\Britta\ntuser.dat [2010.08.30 18:14:54 | 000,000,258 | ---- | M] () -- C:\WINDOWS\tasks\RegistryBooster.job [2010.08.30 18:14:50 | 000,000,006 | -H-- | M] () -- C:\WINDOWS\tasks\SA.DAT [2010.08.30 18:14:42 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat [2010.08.30 18:05:26 | 001,299,784 | ---- | M] () -- C:\WINDOWS\System32\PerfStringBackup.INI [2010.08.30 18:05:26 | 000,549,460 | ---- | M] () -- C:\WINDOWS\System32\perfh007.dat [2010.08.30 18:05:26 | 000,520,688 | ---- | M] () -- C:\WINDOWS\System32\perfh009.dat [2010.08.30 18:05:26 | 000,115,838 | ---- | M] () -- C:\WINDOWS\System32\perfc007.dat [2010.08.30 18:05:26 | 000,097,956 | ---- | M] () -- C:\WINDOWS\System32\perfc009.dat [2010.08.30 17:43:11 | 000,000,190 | -HS- | M] () -- C:\Dokumente und Einstellungen\Britta\ntuser.ini [2010.08.30 16:52:09 | 000,000,729 | ---- | M] () -- C:\Dokumente und Einstellungen\All Users\Desktop\RegistryBooster.lnk [2010.08.27 16:40:30 | 000,000,119 | ---- | M] () -- C:\WINDOWS\Podcasts.INI [2010.08.25 10:10:31 | 000,000,000 | ---- | M] () -- C:\WINDOWS\nsreg.dat [2010.08.25 10:09:59 | 000,001,669 | ---- | M] () -- C:\Dokumente und Einstellungen\All Users\Desktop\Mozilla Firefox 4.0 Beta 4.lnk [2010.08.25 10:08:22 | 009,595,848 | ---- | M] (Mozilla) -- C:\Programme\Firefox_Setup_4.0_Beta_4.exe [2010.08.25 09:46:21 | 000,001,709 | ---- | M] () -- C:\Dokumente und Einstellungen\All Users\Desktop\TuneUp 1-Klick-Wartung.lnk [2010.08.25 09:46:21 | 000,001,695 | ---- | M] () -- C:\Dokumente und Einstellungen\All Users\Desktop\TuneUp Utilities.lnk [2010.08.25 09:42:39 | 019,807,040 | ---- | M] (TuneUp Software) -- C:\Programme\TUNEUP2010.exe [2010.08.22 12:00:55 | 000,050,398 | ---- | M] () -- C:\WINDOWS\System32\vmmufiapoqyr.exe [2010.08.21 15:17:06 | 000,001,158 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl [2010.08.17 20:06:26 | 000,002,243 | ---- | M] () -- C:\Dokumente und Einstellungen\Britta\Desktop\Skype.lnk [2010.08.16 19:53:57 | 000,210,960 | ---- | M] () -- C:\Dokumente und Einstellungen\Britta\Startmenü\Eigene Dateien\ts3_clientui-win32-11315-2010-08-16 19_53_57.062500.dmp [2010.08.13 08:12:49 | 000,185,016 | ---- | M] () -- C:\WINDOWS\System32\FNTCACHE.DAT [2010.08.13 02:10:12 | 000,001,374 | ---- | M] () -- C:\WINDOWS\imsins.BAK [2010.08.12 21:26:04 | 000,030,528 | ---- | M] (TuneUp Software) -- C:\WINDOWS\System32\TURegOpt.exe [2010.08.12 21:19:54 | 000,030,016 | ---- | M] (TuneUp Software) -- C:\WINDOWS\System32\uxtuneup.dll [2010.08.10 22:50:05 | 000,048,128 | -H-- | M] () -- C:\WINDOWS\System32\mstiosk.dll [2010.08.02 17:12:35 | 000,000,777 | ---- | M] () -- C:\Dokumente und Einstellungen\Britta\Desktop\FILEminimizer.lnk [2010.08.02 17:10:32 | 000,000,862 | ---- | M] () -- C:\Dokumente und Einstellungen\All Users\Desktop\Radiotracker 6.lnk [2010.08.02 17:01:56 | 000,000,032 | ---- | M] () -- C:\WINDOWS\Menu.INI [1 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ] ========== Files Created - No Company Name ========== [2011.08.08 14:38:44 | 000,049,152 | ---- | C] () -- C:\WINDOWS\INSTALLEEE.EXE [2011.08.08 14:38:44 | 000,001,162 | ---- | C] () -- C:\WINDOWS\sr.VBS [2011.08.08 14:38:44 | 000,000,256 | ---- | C] () -- C:\WINDOWS\RUN.REG [2011.08.08 14:38:44 | 000,000,124 | ---- | C] () -- C:\WINDOWS\HW.VBS [2011.08.08 14:38:44 | 000,000,037 | ---- | C] () -- C:\WINDOWS\AUTO.BAT [2011.08.08 14:38:42 | 000,000,692 | ---- | C] () -- C:\WINDOWS\setup.iss [2011.08.08 14:37:52 | 000,000,759 | ---- | C] () -- C:\Dokumente und Einstellungen\All Users\Startmenü\Programme\Autostart\SuperHybridEngine.lnk [2011.08.08 14:36:52 | 000,001,203 | ---- | C] () -- C:\WINDOWS\System32\drivers\AsusACPI.inf [2011.08.08 14:36:06 | 000,000,929 | ---- | C] () -- C:\WINDOWS\System32\igxpxa32.vp [2011.08.08 14:36:05 | 000,655,842 | ---- | C] () -- C:\WINDOWS\System32\igxpxa32.cpa [2011.08.08 14:36:04 | 000,200,704 | ---- | C] () -- C:\WINDOWS\System32\igfxCoIn_v4704.dll [2011.08.08 14:36:04 | 000,023,632 | ---- | C] () -- C:\WINDOWS\System32\igxpxs32.vp [2011.08.08 14:36:04 | 000,002,096 | ---- | C] () -- C:\WINDOWS\System32\igxpxk32.vp [2011.08.08 14:36:03 | 000,121,232 | ---- | C] () -- C:\WINDOWS\System32\IScrNBR.bmp [2011.08.08 14:36:03 | 000,121,232 | ---- | C] () -- C:\WINDOWS\System32\IScrNB.bmp [2011.08.08 14:34:59 | 000,000,553 | ---- | C] () -- C:\WINDOWS\USetup.iss [2011.08.08 14:34:57 | 000,049,152 | ---- | C] () -- C:\WINDOWS\System32\ChCfg.exe [2011.08.08 14:34:26 | 000,000,520 | ---- | C] () -- C:\WINDOWS\System32\drivers\SamSfPa.dat [2010.08.30 17:08:49 | 000,000,676 | ---- | C] () -- C:\Dokumente und Einstellungen\All Users\Desktop\Malwarebytes' Anti-Malware.lnk [2010.08.30 16:52:31 | 000,000,258 | ---- | C] () -- C:\WINDOWS\tasks\RegistryBooster.job [2010.08.30 16:52:09 | 000,000,729 | ---- | C] () -- C:\Dokumente und Einstellungen\All Users\Desktop\RegistryBooster.lnk [2010.08.25 10:10:31 | 000,000,000 | ---- | C] () -- C:\WINDOWS\nsreg.dat [2010.08.25 10:09:59 | 000,001,669 | ---- | C] () -- C:\Dokumente und Einstellungen\All Users\Desktop\Mozilla Firefox 4.0 Beta 4.lnk [2010.08.25 09:46:21 | 000,001,709 | ---- | C] () -- C:\Dokumente und Einstellungen\All Users\Desktop\TuneUp 1-Klick-Wartung.lnk [2010.08.25 09:46:21 | 000,001,695 | ---- | C] () -- C:\Dokumente und Einstellungen\All Users\Desktop\TuneUp Utilities.lnk [2010.08.16 19:53:57 | 000,210,960 | ---- | C] () -- C:\Dokumente und Einstellungen\Britta\Startmenü\Eigene Dateien\ts3_clientui-win32-11315-2010-08-16 19_53_57.062500.dmp [2010.08.10 22:50:05 | 000,048,128 | -H-- | C] () -- C:\WINDOWS\System32\mstiosk.dll [2010.08.02 19:26:57 | 000,000,119 | ---- | C] () -- C:\WINDOWS\Podcasts.INI [2010.08.02 17:12:35 | 000,000,777 | ---- | C] () -- C:\Dokumente und Einstellungen\Britta\Desktop\FILEminimizer.lnk [2010.08.02 17:10:31 | 000,000,862 | ---- | C] () -- C:\Dokumente und Einstellungen\All Users\Desktop\Radiotracker 6.lnk [2010.08.02 17:01:03 | 000,000,032 | ---- | C] () -- C:\WINDOWS\Menu.INI [2009.11.25 13:40:50 | 000,085,504 | ---- | C] () -- C:\WINDOWS\System32\ff_vfw.dll [2009.11.25 12:40:53 | 000,022,892 | ---- | C] () -- C:\Programme\Einheiten.zip [2009.10.25 16:04:13 | 005,862,994 | ---- | C] () -- C:\Programme\ts2_client_rc2_2032.exe [2009.09.09 08:39:38 | 005,364,932 | ---- | C] () -- C:\Programme\eMule.v0.49c.Razorback3.Next.Generation.v5.21.installer.exe [2009.07.13 19:48:35 | 030,228,816 | ---- | C] () -- C:\Programme\avira_antivir_personal_de.exe [2009.04.18 13:56:53 | 000,001,252 | ---- | C] () -- C:\Dokumente und Einstellungen\Britta\Anwendungsdaten\wklnhst.dat [2009.04.18 13:27:20 | 000,000,032 | ---- | C] () -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\ezsid.dat [2009.04.18 02:57:46 | 000,000,139 | ---- | C] () -- C:\Dokumente und Einstellungen\Britta\Lokale Einstellungen\Anwendungsdaten\fusioncache.dat [2009.03.02 11:33:32 | 000,000,547 | ---- | C] () -- C:\WINDOWS\System32\ff_vfw.dll.manifest [2008.08.08 14:47:58 | 000,000,061 | ---- | C] () -- C:\WINDOWS\smscfg.ini [2008.08.08 14:25:09 | 000,204,800 | ---- | C] () -- C:\WINDOWS\System32\IVIresizeW7.dll [2008.08.08 14:25:09 | 000,200,704 | ---- | C] () -- C:\WINDOWS\System32\IVIresizeA6.dll [2008.08.08 14:25:09 | 000,192,512 | ---- | C] () -- C:\WINDOWS\System32\IVIresizeP6.dll [2008.08.08 14:25:09 | 000,192,512 | ---- | C] () -- C:\WINDOWS\System32\IVIresizeM6.dll [2008.08.08 14:25:09 | 000,188,416 | ---- | C] () -- C:\WINDOWS\System32\IVIresizePX.dll [2008.08.08 14:25:09 | 000,020,480 | ---- | C] () -- C:\WINDOWS\System32\IVIresize.dll [2008.08.08 09:03:15 | 000,005,312 | ---- | C] () -- C:\WINDOWS\System32\OEMINFO.INI [2008.08.08 09:03:12 | 000,755,200 | ---- | C] () -- C:\WINDOWS\System32\ir50_32.dll [2008.08.08 09:03:12 | 000,338,432 | ---- | C] () -- C:\WINDOWS\System32\ir41_qcx.dll [2008.08.08 09:03:12 | 000,200,192 | ---- | C] () -- C:\WINDOWS\System32\ir50_qc.dll [2008.08.08 09:03:12 | 000,183,808 | ---- | C] () -- C:\WINDOWS\System32\ir50_qcx.dll [2008.08.08 09:03:12 | 000,120,320 | ---- | C] () -- C:\WINDOWS\System32\ir41_qc.dll [2008.03.17 15:54:36 | 000,012,208 | ---- | C] () -- C:\WINDOWS\AsTrayLang.ini < End of report > |
|
30.08.2010, 20:37
| #7 |
| | Ron ads revenuebuster/Sparkassenseite fragt tan ab/ netbook ohne Laufwerk-windows neu drauf machen? OTL EXTRAS Logfile: Code:
ATTFilter OTL Extras logfile created on: 30.08.2010 21:23:29 - Run 1
OTL by OldTimer - Version 3.2.11.0 Folder = C:\Programme
Windows XP Home Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
1.015,00 Mb Total Physical Memory | 252,00 Mb Available Physical Memory | 25,00% Memory free
2,00 Gb Paging File | 2,00 Gb Available in Paging File | 71,00% Paging File free
Paging file location(s): C:\pagefile.sys 1522 1522 [binary data]
%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Programme
Drive C: | 80,02 Gb Total Space | 63,31 Gb Free Space | 79,11% Space Free | Partition Type: NTFS
Drive D: | 69,00 Gb Total Space | 68,91 Gb Free Space | 99,87% Space Free | Partition Type: NTFS
E: Drive not present or media not loaded
F: Drive not present or media not loaded
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded
Computer Name: BRITT
Current User Name: Britta
Logged in as Administrator.
Current Boot Mode: Normal
Scan Mode: Current user
Company Name Whitelist: Off
Skip Microsoft Files: Off
File Age = 30 Days
Output = Minimal
========== Extra Registry (SafeList) ==========
========== File Associations ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
[HKEY_CURRENT_USER\SOFTWARE\Classes\<extension>]
.html [@ = htmlfile] -- Reg Error: Key error. File not found
========== Shell Spawning ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
exefile [open] -- "%1" %*
htmlfile [edit] -- Reg Error: Key error.
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l (Microsoft Corporation)
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe /idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
========== Security Center Settings ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"FirstRunDisabled" = 1
"AntiVirusDisableNotify" = 0
"FirewallDisableNotify" = 0
"UpdatesDisableNotify" = 0
"AntiVirusOverride" = 0
"FirewallOverride" = 0
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\AhnlabAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ComputerAssociatesAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\KasperskyAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeFirewall]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaFirewall]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SophosAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TinyFirewall]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendFirewall]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ZoneLabsFirewall]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall" = 1
"DoNotAllowExceptions" = 0
"DisableNotifications" = 0
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]
========== Authorized Applications List ==========
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]
"C:\Programme\Windows Live\Sync\WindowsLiveSync.exe" = C:\Programme\Windows Live\Sync\WindowsLiveSync.exe:*:Enabled:Windows Live Sync -- (Microsoft Corporation)
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
"C:\Programme\eMule\emule.exe" = C:\Programme\eMule\emule.exe:*:Enabled:eMule -- (eMule-Project.net - Official eMule Homepage. Downloads, Help, Docu, News...)
"C:\Programme\Windows Live\Sync\WindowsLiveSync.exe" = C:\Programme\Windows Live\Sync\WindowsLiveSync.exe:*:Enabled:Windows Live Sync -- (Microsoft Corporation)
========== HKEY_LOCAL_MACHINE Uninstall List ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{002D9D5E-29BA-3E6D-9BC4-3D7D6DBC735C}" = Microsoft Visual C++ 2008 ATL Update kb973924 - x86 9.0.30729.4148
"{053B3DA8-91B5-4682-A130-715412A1A252}" = Paint.NET v3.5.4
"{0990B5DF-92C3-4AD6-A18D-BF3ADF311240}" = Super Hybrid Engine
"{19F5658D-92E8-4A08-8657-D38ABB1574B2}" = Asus ACPI Driver
"{205C6BDD-7B73-42DE-8505-9A093F35A238}" = Windows Live-Uploadtool
"{22B775E7-6C42-4FC5-8E10-9A5E3257BD94}" = MSVCRT
"{26A24AE4-039D-4CA4-87B4-2F83216013FF}" = Java(TM) 6 Update 17
"{2BA722D1-48D1-406E-9123-8AE5431D63EF}" = Windows Live Fotogalerie
"{3108C217-BE83-42E4-AE9E-A56A2A92E549}" = Atheros Communications Inc.(R) AR8121/AR8113/AR8114 Gigabit/Fast Ethernet Driver
"{3248F0A8-6813-11D6-A77B-00B0D0160030}" = Java(TM) 6 Update 3
"{350C97B3-3D7C-4EE8-BAA9-00BCB3D54227}" = WebFldrs XP
"{39D0E034-1042-4905-BECB-5502909FCB7C}" = Microsoft Works
"{4CBA3D4C-8F51-4D60-B27E-F6B641C571E7}" = Microsoft Search Enhancement Pack
"{587178E7-B1DF-494E-9838-FA4DD36E873C}" = ASUSUpdate for Eee PC
"{69333A04-5134-40A5-A055-9166A7AA1EC8}" =
"{6E4DAE31-7CF3-441A-B6E5-B014D63C80CD}" = Eee Instant Key
"{70B7A167-0B88-445D-A3EA-97C73AA88CAC}" = Windows Live Toolbar
"{76618402-179D-4699-A66B-D351C59436BC}" = Windows Live Sync
"{7EE873AF-46BB-4B5D-BA6F-CFE4B0566E22}" = TuneUp Utilities Language Pack (de-DE)
"{83E2CFA9-E0EB-4E08-9F85-43E577FF3D60}" = Windows Live Anmelde-Assistent
"{85E3CFBC-9B1B-470C-AF72-54EACA0F1322}" = ECAP
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{8A74E887-8F0F-4017-AF53-CBA42211AAA5}" = Microsoft Sync Framework Runtime Native v1.0 (x86)
"{90120000-0020-0407-0000-0000000FF1CE}" = Compatibility Pack für 2007 Office System
"{91810AFC-A4F8-4EBA-A5AA-B198BBC81144}" = InterVideo WinDVD
"{9510AB97-A36C-4352-8725-E72E5528FA1B}" = StarOffice 8 ASUS Edition
"{95120000-00B9-0409-0000-0000000FF1CE}" = Microsoft Application Error Reporting
"{981029E0-7FC9-4CF3-AB39-6F133621921A}" = Skype Toolbars
"{994223F3-A99B-4DDD-9E1D-0190A17C6860}" = Windows Live Family Safety
"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
"{A1F66FC9-11EE-4F2F-98C9-16F8D1E69FB7}" = Segoe UI
"{A3051CD0-2F64-3813-A88D-B8DCCDE8F8C7}" = Microsoft .NET Framework 3.0 Service Pack 2
"{A5C70685-914D-4BBF-A27C-8E2F99C4B38F}" = Radiotracker
"{A8D647C8-65AC-409F-B7B2-3C0FEE1A32F2}" = PixiePack Codec Pack
"{AC76BA86-7AD7-1031-7B44-A81300000003}" = Adobe Reader 8.1.4 - Deutsch
"{BD64AF4A-8C80-4152-AD77-FCDDF05208AB}" = Microsoft Sync Framework Services Native v1.0 (x86)
"{C09FB3CD-3D0C-3F2D-899A-6A1D67F2073F}" = Microsoft .NET Framework 2.0 Service Pack 2
"{C4D738F7-996A-4C81-B8FA-C4E26D767E41}" = Windows Live Mail
"{CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}" = Microsoft .NET Framework 1.1
"{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1
"{D103C4BA-F905-437A-8049-DB24763BBE36}" = Skype™ 4.2
"{D3742F82-1C1A-4DCC-ABBD-0E7C3C0185CC}" = TuneUp Utilities
"{DEB6ACEB-C418-4880-9133-1C5EB9AFBC79}" = Eee Storage
"{E0A4805D-280A-4DD7-9E74-3A5F85E302A1}" = Windows Live Writer
"{E2DFE069-083E-4631-9B6C-43C48E991DE5}" = Junk Mail filter update
"{E63E34A7-E552-412B-9E40-FD6FC5227ABA}_is1" = Uniblue RegistryBooster
"{ED00D08A-3C5F-488D-93A0-A04F21F23956}" = Windows Live Communications Platform
"{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}" = Microsoft SQL Server 2005 Compact Edition [ENU]
"{F0E12BBA-AD66-4022-A453-A1C8A0C4D570}" = Microsoft Choice Guard
"{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver
"{F18DB86D-BC16-4E01-BCCE-63F62B931D82}" = InterVideo Register Manager
"{F8FF18EE-264A-43FD-B2F6-5EAD40798C2F}" = Windows Live Essentials
"Adobe Flash Player ActiveX" = Adobe Flash Player 10 ActiveX
"Adobe Shockwave Player" = Adobe Shockwave Player 11.5
"Avira AntiVir Desktop" = Avira AntiVir Personal - Free Antivirus
"Elantech" = ETDWare PS/2-x86 7.0.3.7 WHQL
"eMule Razorback 3" = eMule Razorback 3
"FILEminimizer Pictures_is1" = FILEminimizer Pictures
"HDMI" = Intel(R) Graphics Media Accelerator Driver
"ie8" = Windows Internet Explorer 8
"Malwarebytes' Anti-Malware_is1" = Malwarebytes' Anti-Malware
"Microsoft .NET Framework 1.1 (1033)" = Microsoft .NET Framework 1.1
"Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1
"Mozilla Firefox (4.0b4)" = Mozilla Firefox (4.0b4)
"RealPlayer 12.0" = RealPlayer
"Surf & E-Mail-Stick" = Surf & E-Mail-Stick
"TeamSpeak 3 Client" = TeamSpeak 3 Client
"TuneUp Utilities" = TuneUp Utilities
"vmmufiapoqyr" = Tagging System Revenuebuster
"WinLiveSuite_Wave3" = Windows Live Essentials
========== HKEY_CURRENT_USER Uninstall List ==========
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"TeamSpeak 3 Client" = TeamSpeak 3 Client
========== Last 10 Event Log Errors ==========
[ Application Events ]
Error - 13.08.2010 12:39:34 | Computer Name = BRITT | Source = Application Error | ID = 1000
Description = Fehlgeschlagene Anwendung iexplore.exe, Version 8.0.6001.18702, fehlgeschlagenes
Modul msvcrt.dll, Version 7.0.2600.5512, Fehleradresse 0x00036fa3.
Error - 16.08.2010 13:54:11 | Computer Name = BRITT | Source = Application Error | ID = 1000
Description = Fehlgeschlagene Anwendung ts3client_win32.exe, Version 1.0.0.0, fehlgeschlagenes
Modul unknown, Version 0.0.0.0, Fehleradresse 0xeae1e0ee.
Error - 18.08.2010 07:43:48 | Computer Name = BRITT | Source = WmiAdapter | ID = 4099
Description = Dienst konnte nicht geöffnet werden.
Error - 21.08.2010 09:23:17 | Computer Name = BRITT | Source = Windows Live Messenger | ID = 1000
Description =
Error - 22.08.2010 06:10:02 | Computer Name = BRITT | Source = Windows Live Messenger | ID = 1000
Description =
Error - 24.08.2010 17:35:47 | Computer Name = BRITT | Source = Application Error | ID = 1000
Description = Fehlgeschlagene Anwendung iexplore.exe, Version 8.0.6001.18702, fehlgeschlagenes
Modul flash10b.ocx, Version 10.0.22.87, Fehleradresse 0x000ca3d0.
Error - 25.08.2010 03:57:05 | Computer Name = BRITT | Source = Application Hang | ID = 1002
Description = Stillstehende Anwendung rundll32.exe, Version 5.1.2600.5512, Stillstandmodul
hungapp, Version 0.0.0.0, Stillstandadresse 0x00000000.
Error - 25.08.2010 06:00:54 | Computer Name = BRITT | Source = WmiAdapter | ID = 4099
Description = Dienst konnte nicht geöffnet werden.
Error - 27.08.2010 11:00:09 | Computer Name = BRITT | Source = WmiAdapter | ID = 4099
Description = Dienst konnte nicht geöffnet werden.
Error - 30.08.2010 15:15:24 | Computer Name = BRITT | Source = Application Error | ID = 1000
Description = Fehlgeschlagene Anwendung iexplore.exe, Version 8.0.6001.18702, fehlgeschlagenes
Modul wininet.dll, Version 8.0.6001.18939, Fehleradresse 0x0004ba0b.
[ Application Events ]
Error - 13.08.2010 12:39:34 | Computer Name = BRITT | Source = Application Error | ID = 1000
Description = Fehlgeschlagene Anwendung iexplore.exe, Version 8.0.6001.18702, fehlgeschlagenes
Modul msvcrt.dll, Version 7.0.2600.5512, Fehleradresse 0x00036fa3.
Error - 16.08.2010 13:54:11 | Computer Name = BRITT | Source = Application Error | ID = 1000
Description = Fehlgeschlagene Anwendung ts3client_win32.exe, Version 1.0.0.0, fehlgeschlagenes
Modul unknown, Version 0.0.0.0, Fehleradresse 0xeae1e0ee.
Error - 18.08.2010 07:43:48 | Computer Name = BRITT | Source = WmiAdapter | ID = 4099
Description = Dienst konnte nicht geöffnet werden.
Error - 21.08.2010 09:23:17 | Computer Name = BRITT | Source = Windows Live Messenger | ID = 1000
Description =
Error - 22.08.2010 06:10:02 | Computer Name = BRITT | Source = Windows Live Messenger | ID = 1000
Description =
Error - 24.08.2010 17:35:47 | Computer Name = BRITT | Source = Application Error | ID = 1000
Description = Fehlgeschlagene Anwendung iexplore.exe, Version 8.0.6001.18702, fehlgeschlagenes
Modul flash10b.ocx, Version 10.0.22.87, Fehleradresse 0x000ca3d0.
Error - 25.08.2010 03:57:05 | Computer Name = BRITT | Source = Application Hang | ID = 1002
Description = Stillstehende Anwendung rundll32.exe, Version 5.1.2600.5512, Stillstandmodul
hungapp, Version 0.0.0.0, Stillstandadresse 0x00000000.
Error - 25.08.2010 06:00:54 | Computer Name = BRITT | Source = WmiAdapter | ID = 4099
Description = Dienst konnte nicht geöffnet werden.
Error - 27.08.2010 11:00:09 | Computer Name = BRITT | Source = WmiAdapter | ID = 4099
Description = Dienst konnte nicht geöffnet werden.
Error - 30.08.2010 15:15:24 | Computer Name = BRITT | Source = Application Error | ID = 1000
Description = Fehlgeschlagene Anwendung iexplore.exe, Version 8.0.6001.18702, fehlgeschlagenes
Modul wininet.dll, Version 8.0.6001.18939, Fehleradresse 0x0004ba0b.
[ System Events ]
Error - 30.08.2010 12:06:13 | Computer Name = BRITT | Source = DCOM | ID = 10005
Description = Bei DCOM ist der Fehler "%1084" aufgetreten, als der Dienst "TuneUp.UtilitiesSvc"
mit den Argumenten "" gestartet wurde, um den folgenden Server zu verwenden: {FCA02D56-BF9D-4591-AD41-E59AF763C64A}
Error - 30.08.2010 12:06:14 | Computer Name = BRITT | Source = DCOM | ID = 10005
Description = Bei DCOM ist der Fehler "%1084" aufgetreten, als der Dienst "TuneUp.UtilitiesSvc"
mit den Argumenten "" gestartet wurde, um den folgenden Server zu verwenden: {FCA02D56-BF9D-4591-AD41-E59AF763C64A}
Error - 30.08.2010 12:06:15 | Computer Name = BRITT | Source = DCOM | ID = 10005
Description = Bei DCOM ist der Fehler "%1084" aufgetreten, als der Dienst "TuneUp.UtilitiesSvc"
mit den Argumenten "" gestartet wurde, um den folgenden Server zu verwenden: {FCA02D56-BF9D-4591-AD41-E59AF763C64A}
Error - 30.08.2010 12:06:16 | Computer Name = BRITT | Source = DCOM | ID = 10005
Description = Bei DCOM ist der Fehler "%1084" aufgetreten, als der Dienst "TuneUp.UtilitiesSvc"
mit den Argumenten "" gestartet wurde, um den folgenden Server zu verwenden: {FCA02D56-BF9D-4591-AD41-E59AF763C64A}
Error - 30.08.2010 12:06:20 | Computer Name = BRITT | Source = DCOM | ID = 10005
Description = Bei DCOM ist der Fehler "%1084" aufgetreten, als der Dienst "TuneUp.UtilitiesSvc"
mit den Argumenten "" gestartet wurde, um den folgenden Server zu verwenden: {FCA02D56-BF9D-4591-AD41-E59AF763C64A}
Error - 30.08.2010 12:06:40 | Computer Name = BRITT | Source = DCOM | ID = 10005
Description = Bei DCOM ist der Fehler "%1084" aufgetreten, als der Dienst "TuneUp.UtilitiesSvc"
mit den Argumenten "" gestartet wurde, um den folgenden Server zu verwenden: {FCA02D56-BF9D-4591-AD41-E59AF763C64A}
Error - 30.08.2010 12:07:05 | Computer Name = BRITT | Source = DCOM | ID = 10005
Description = Bei DCOM ist der Fehler "%1084" aufgetreten, als der Dienst "TuneUp.UtilitiesSvc"
mit den Argumenten "" gestartet wurde, um den folgenden Server zu verwenden: {FCA02D56-BF9D-4591-AD41-E59AF763C64A}
Error - 30.08.2010 12:07:25 | Computer Name = BRITT | Source = DCOM | ID = 10005
Description = Bei DCOM ist der Fehler "%1084" aufgetreten, als der Dienst "TuneUp.UtilitiesSvc"
mit den Argumenten "" gestartet wurde, um den folgenden Server zu verwenden: {FCA02D56-BF9D-4591-AD41-E59AF763C64A}
Error - 30.08.2010 12:09:02 | Computer Name = BRITT | Source = DCOM | ID = 10005
Description = Bei DCOM ist der Fehler "%1084" aufgetreten, als der Dienst "TuneUp.UtilitiesSvc"
mit den Argumenten "" gestartet wurde, um den folgenden Server zu verwenden: {FCA02D56-BF9D-4591-AD41-E59AF763C64A}
Error - 30.08.2010 12:10:26 | Computer Name = BRITT | Source = DCOM | ID = 10005
Description = Bei DCOM ist der Fehler "%1084" aufgetreten, als der Dienst "EventSystem"
mit den Argumenten "" gestartet wurde, um den folgenden Server zu verwenden: {1BE1F766-5536-11D1-B726-00C04FB926AF}
< End of report >
|
|
31.08.2010, 07:24
| #8 |
| /// Winkelfunktion /// TB-Süch-Tiger™ | Ron ads revenuebuster/Sparkassenseite fragt tan ab/ netbook ohne Laufwerk-windows neu drauf machen? Beende alle Programme, starte OTL und kopiere folgenden Text in die "Custom Scan/Fixes" Box (unten in OTL): (das ":OTL" muss mitkopiert werden!!!) Code:
ATTFilter :OTL
O3 - HKLM\..\Toolbar: (nixneues.de Toolbar) - {33988062-a155-4ff7-ae2f-4288a3f076d5} - Reg Error: Value error. File not found
O3 - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found.
O3 - HKCU\..\Toolbar\WebBrowser: (nixneues.de Toolbar) - {33988062-A155-4FF7-AE2F-4288A3F076D5} - Reg Error: Value error. File not found
O33 - MountPoints2\{58a151ae-9cac-11de-9c74-00224336c51d}\Shell - "" = AutoRun
O33 - MountPoints2\{58a151ae-9cac-11de-9c74-00224336c51d}\Shell\AutoRun - "" = Auto&Play
O33 - MountPoints2\{58a151ae-9cac-11de-9c74-00224336c51d}\Shell\AutoRun\command - "" = E:\AutoRun.exe -- File not found
O33 - MountPoints2\{58a151af-9cac-11de-9c74-00224336c51d}\Shell - "" = AutoRun
O33 - MountPoints2\{58a151af-9cac-11de-9c74-00224336c51d}\Shell\AutoRun - "" = Auto&Play
O33 - MountPoints2\{58a151af-9cac-11de-9c74-00224336c51d}\Shell\AutoRun\command - "" = E:\AutoRun.exe -- File not found
O33 - MountPoints2\{7f1bf00c-24b3-11df-9e5b-00224336c51d}\Shell - "" = AutoRun
O33 - MountPoints2\{7f1bf00c-24b3-11df-9e5b-00224336c51d}\Shell\AutoRun - "" = Auto&Play
O33 - MountPoints2\{7f1bf00c-24b3-11df-9e5b-00224336c51d}\Shell\AutoRun\command - "" = E:\AutoRun.exe -- File not found
O33 - MountPoints2\{90526ef1-9e46-11df-9fe8-00224336c51d}\Shell\AutoRun\command - "" = E:\Menu.exe -- File not found
O33 - MountPoints2\{dcac42f0-6b0c-11de-9bb8-00224336c51d}\Shell - "" = AutoRun
O33 - MountPoints2\{dcac42f0-6b0c-11de-9bb8-00224336c51d}\Shell\AutoRun - "" = Auto&Play
O33 - MountPoints2\{dcac42f0-6b0c-11de-9bb8-00224336c51d}\Shell\AutoRun\command - "" = E:\AutoRun.exe -- File not found
O33 - MountPoints2\{dcac42f3-6b0c-11de-9bb8-00224336c51d}\Shell - "" = AutoRun
O33 - MountPoints2\{dcac42f3-6b0c-11de-9bb8-00224336c51d}\Shell\AutoRun - "" = Auto&Play
O33 - MountPoints2\{dcac42f3-6b0c-11de-9bb8-00224336c51d}\Shell\AutoRun\command - "" = E:\AutoRun.exe -- File not found
O36 - AppCertDlls: mmchost - (C:\WINDOWS\system32\mstiosk.dll) - C:\WINDOWS\system32\mstiosk.dll ()
[2010.08.25 09:42:43 | 000,000,000 | -HSD | C] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\{D3742F82-1C1A-4DCC-ABBD-0E7C3C0185CC}
[2010.08.22 12:00:55 | 000,050,398 | ---- | M] () -- C:\WINDOWS\System32\vmmufiapoqyr.exe
[2011.08.08 14:38:44 | 000,049,152 | ---- | C] () -- C:\WINDOWS\INSTALLEEE.EXE
[2011.08.08 14:38:44 | 000,001,162 | ---- | C] () -- C:\WINDOWS\sr.VBS
[2011.08.08 14:38:44 | 000,000,256 | ---- | C] () -- C:\WINDOWS\RUN.REG
[2011.08.08 14:38:44 | 000,000,124 | ---- | C] () -- C:\WINDOWS\HW.VBS
[2011.08.08 14:38:44 | 000,000,037 | ---- | C] () -- C:\WINDOWS\AUTO.BAT
[2011.08.08 14:38:42 | 000,000,692 | ---- | C] () -- C:\WINDOWS\setup.iss
[2009.09.09 08:39:38 | 005,364,932 | ---- | C] () -- C:\Programme\eMule.v0.49c.Razorback3.Next.Generation.v5.21.installer.exe
:Commands
[purity]
[resethosts]
[emptytemp]
Das Logfile müsste geöffnet werden, wenn Du nach dem Fixen auf ok klickst, poste das bitte. Evtl. wird der Rechner neu gestartet.
__________________ Logfiles bitte immer in CODE-Tags posten  |
|
31.08.2010, 13:17
| #9 |
| | Ron ads revenuebuster/Sparkassenseite fragt tan ab/ netbook ohne Laufwerk-windows neu drauf machen? Vielen Dank für Deine Hilfe, dass ist so nett.. All processes killed ========== OTL ========== Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Toolbar\\{33988062-a155-4ff7-ae2f-4288a3f076d5} deleted successfully. Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{33988062-a155-4ff7-ae2f-4288a3f076d5}\ deleted successfully. Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Toolbar\\Locked deleted successfully. Registry value HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{33988062-A155-4FF7-AE2F-4288A3F076D5} deleted successfully. Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{33988062-A155-4FF7-AE2F-4288A3F076D5}\ not found. Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{58a151ae-9cac-11de-9c74-00224336c51d}\ deleted successfully. Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{58a151ae-9cac-11de-9c74-00224336c51d}\ not found. Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{58a151ae-9cac-11de-9c74-00224336c51d}\ not found. Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{58a151ae-9cac-11de-9c74-00224336c51d}\ not found. Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{58a151ae-9cac-11de-9c74-00224336c51d}\ not found. Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{58a151ae-9cac-11de-9c74-00224336c51d}\ not found. File E:\AutoRun.exe not found. Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{58a151af-9cac-11de-9c74-00224336c51d}\ deleted successfully. Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{58a151af-9cac-11de-9c74-00224336c51d}\ not found. Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{58a151af-9cac-11de-9c74-00224336c51d}\ not found. Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{58a151af-9cac-11de-9c74-00224336c51d}\ not found. Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{58a151af-9cac-11de-9c74-00224336c51d}\ not found. Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{58a151af-9cac-11de-9c74-00224336c51d}\ not found. File E:\AutoRun.exe not found. Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{7f1bf00c-24b3-11df-9e5b-00224336c51d}\ deleted successfully. Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{7f1bf00c-24b3-11df-9e5b-00224336c51d}\ not found. Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{7f1bf00c-24b3-11df-9e5b-00224336c51d}\ not found. Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{7f1bf00c-24b3-11df-9e5b-00224336c51d}\ not found. Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{7f1bf00c-24b3-11df-9e5b-00224336c51d}\ not found. Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{7f1bf00c-24b3-11df-9e5b-00224336c51d}\ not found. File E:\AutoRun.exe not found. Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{90526ef1-9e46-11df-9fe8-00224336c51d}\ deleted successfully. Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{90526ef1-9e46-11df-9fe8-00224336c51d}\ not found. File E:\Menu.exe not found. Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{dcac42f0-6b0c-11de-9bb8-00224336c51d}\ deleted successfully. Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{dcac42f0-6b0c-11de-9bb8-00224336c51d}\ not found. Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{dcac42f0-6b0c-11de-9bb8-00224336c51d}\ not found. Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{dcac42f0-6b0c-11de-9bb8-00224336c51d}\ not found. Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{dcac42f0-6b0c-11de-9bb8-00224336c51d}\ not found. Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{dcac42f0-6b0c-11de-9bb8-00224336c51d}\ not found. File E:\AutoRun.exe not found. Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{dcac42f3-6b0c-11de-9bb8-00224336c51d}\ deleted successfully. Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{dcac42f3-6b0c-11de-9bb8-00224336c51d}\ not found. Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{dcac42f3-6b0c-11de-9bb8-00224336c51d}\ not found. Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{dcac42f3-6b0c-11de-9bb8-00224336c51d}\ not found. Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{dcac42f3-6b0c-11de-9bb8-00224336c51d}\ not found. Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{dcac42f3-6b0c-11de-9bb8-00224336c51d}\ not found. File E:\AutoRun.exe not found. Registry value HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Session Manager\AppCertDlls\\mmchost:C:\WINDOWS\system32\mstiosk.dll deleted successfully. C:\WINDOWS\system32\mstiosk.dll moved successfully. C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\{D3742F82-1C1A-4DCC-ABBD-0E7C3C0185CC} folder moved successfully. C:\WINDOWS\system32\vmmufiapoqyr.exe moved successfully. C:\WINDOWS\INSTALLEEE.EXE moved successfully. C:\WINDOWS\sr.VBS moved successfully. C:\WINDOWS\RUN.REG moved successfully. C:\WINDOWS\HW.VBS moved successfully. C:\WINDOWS\AUTO.BAT moved successfully. C:\WINDOWS\setup.iss moved successfully. C:\Programme\eMule.v0.49c.Razorback3.Next.Generation.v5.21.installer.exe moved successfully. ========== COMMANDS ========== C:\WINDOWS\System32\drivers\etc\Hosts moved successfully. HOSTS file reset successfully [EMPTYTEMP] User: Administrator ->Temp folder emptied: 0 bytes ->Temporary Internet Files folder emptied: 242476 bytes User: All Users User: Britta ->Temp folder emptied: 374936959 bytes ->Temporary Internet Files folder emptied: 11035721 bytes ->Java cache emptied: 78522974 bytes ->FireFox cache emptied: 0 bytes ->Flash cache emptied: 1950829 bytes User: Default User ->Temp folder emptied: 0 bytes ->Temporary Internet Files folder emptied: 32902 bytes User: Gast ->Temp folder emptied: 587756 bytes ->Temporary Internet Files folder emptied: 1134186 bytes User: LocalService ->Temp folder emptied: 0 bytes ->Temporary Internet Files folder emptied: 9763290 bytes User: NetworkService ->Temp folder emptied: 0 bytes ->Temporary Internet Files folder emptied: 33170 bytes %systemdrive% .tmp files removed: 0 bytes %systemroot% .tmp files removed: 0 bytes %systemroot%\System32 .tmp files removed: 2951 bytes %systemroot%\System32\dllcache .tmp files removed: 0 bytes %systemroot%\System32\drivers .tmp files removed: 0 bytes Windows Temp folder emptied: 197201 bytes RecycleBin emptied: 1947083266 bytes Total Files Cleaned = 2.313,00 mb OTL by OldTimer - Version 3.2.11.0 log created on 08312010_141120 Files\Folders moved on Reboot... C:\Dokumente und Einstellungen\Britta\Lokale Einstellungen\Temporary Internet Files\Content.IE5\XK2GOWTO\ads[1].txt moved successfully. C:\Dokumente und Einstellungen\Britta\Lokale Einstellungen\Temporary Internet Files\Content.IE5\XK2GOWTO\ads[2].txt moved successfully. C:\Dokumente und Einstellungen\Britta\Lokale Einstellungen\Temporary Internet Files\Content.IE5\XK2GOWTO\favicon[1].ico moved successfully. C:\Dokumente und Einstellungen\Britta\Lokale Einstellungen\Temporary Internet Files\Content.IE5\WB1XI40I\afr[1].htm moved successfully. C:\Dokumente und Einstellungen\Britta\Lokale Einstellungen\Temporary Internet Files\Content.IE5\TYFENS2I\90231-ron-ads-revenuebuster-sparkassenseite-fragt-tan-ab-netbook-ohne-laufwerk-windows-neu-drauf-machen[1].html moved successfully. C:\Dokumente und Einstellungen\Britta\Lokale Einstellungen\Temporary Internet Files\Content.IE5\TYFENS2I\ads[1].txt moved successfully. C:\Dokumente und Einstellungen\Britta\Lokale Einstellungen\Temporary Internet Files\Content.IE5\TYFENS2I\h[1].gif moved successfully. C:\Dokumente und Einstellungen\Britta\Lokale Einstellungen\Temporary Internet Files\Content.IE5\TYFENS2I\index[2].htm moved successfully. C:\Dokumente und Einstellungen\Britta\Lokale Einstellungen\Temporary Internet Files\Content.IE5\2HPSVGOS\afr[1].htm moved successfully. C:\Dokumente und Einstellungen\Britta\Lokale Einstellungen\Temporary Internet Files\Content.IE5\2HPSVGOS\favicon[1].ico moved successfully. C:\Dokumente und Einstellungen\Britta\Lokale Einstellungen\Temporary Internet Files\Content.IE5\2HPSVGOS\h[1].gif moved successfully. C:\Dokumente und Einstellungen\Britta\Lokale Einstellungen\Temporary Internet Files\Content.IE5\2HPSVGOS\h[2].gif moved successfully. C:\Dokumente und Einstellungen\Britta\Lokale Einstellungen\Temporary Internet Files\AntiPhishing\2CEDBFBC-DBA8-43AA-B1FD-CC8E6316E3E2.dat moved successfully. Registry entries deleted on Reboot... |
|
31.08.2010, 19:39
| #10 |
| /// Winkelfunktion /// TB-Süch-Tiger™ | Ron ads revenuebuster/Sparkassenseite fragt tan ab/ netbook ohne Laufwerk-windows neu drauf machen? Dann bitte jetzt CF ausführen: ComboFix Ein Leitfaden und Tutorium zur Nutzung von ComboFix
Combofix darf ausschließlich ausgeführt werden, wenn ein Kompetenzler dies ausdrücklich empfohlen hat!
__________________ Logfiles bitte immer in CODE-Tags posten |
|
31.08.2010, 21:40
| #11 |
| | Ron ads revenuebuster/Sparkassenseite fragt tan ab/ netbook ohne Laufwerk-windows neu drauf machen? ok, danke für die schnelle Antwort. Das Programm lief zuerst nicht, hab dann das Programm nochmal runtergeladen, aber leider nicht umbenannt. Combofix Logfile: Code:
ATTFilter ComboFix 10-08-31.01 - Britta 31.08.2010 22:28:00.1.1 - x86
Microsoft Windows XP Home Edition 5.1.2600.3.1252.49.1031.18.1015.562 [GMT 2:00]
ausgeführt von:: c:\dokumente und einstellungen\Britta\Desktop\ComboFix.exe
AV: AntiVir Desktop *On-access scanning disabled* (Updated) {AD166499-45F9-482A-A743-FDD3350758C7}
.
(((((((((((((((((((((((((((((((((((( Weitere Löschungen ))))))))))))))))))))))))))))))))))))))))))))))))
.
c:\dokumente und einstellungen\All Users\Anwendungsdaten\ECAP
c:\dokumente und einstellungen\All Users\Anwendungsdaten\ECAP\ECap.ini
c:\dokumente und einstellungen\All Users\Anwendungsdaten\ECAP\GenePccMon.ini
c:\windows\system32\Thumbs.db
.
((((((((((((((((((((((( Dateien erstellt von 2010-07-28 bis 2010-08-31 ))))))))))))))))))))))))))))))
.
2011-08-08 12:48 . 2006-11-29 12:06 3426072 ----a-w- c:\windows\system32\d3dx9_32.dll
2011-08-08 12:46 . 2011-08-08 12:48 -------- dcsh--w- c:\programme\Gemeinsame Dateien\WindowsLiveInstaller
2011-08-08 12:46 . 2010-08-25 07:12 -------- d-----w- c:\programme\Windows Live
2011-08-08 12:46 . 2011-08-08 12:46 -------- d-----w- c:\dokumente und einstellungen\All Users\Anwendungsdaten\WLInstaller
2011-08-08 12:45 . 2010-08-13 00:09 -------- d-----w- c:\programme\Microsoft Works
2011-08-08 12:44 . 2009-04-18 11:57 -------- d-----w- c:\programme\Gemeinsame Dateien\Adobe
2011-08-08 12:44 . 2011-08-08 12:44 -------- d-----w- c:\programme\Microsoft SQL Server Compact Edition
2011-08-08 12:43 . 2009-08-06 17:24 44768 ----a-w- c:\windows\system32\wups2.dll
2011-08-08 12:39 . 2011-08-08 12:39 -------- d-----w- c:\windows\system32\URTTemp
2011-08-08 12:37 . 2011-08-08 12:38 -------- d-----w- c:\programme\Asus
2011-08-08 12:35 . 2011-08-08 12:35 -------- d-----w- c:\programme\Intel
2011-08-08 12:35 . 2009-12-23 17:14 -------- dc----w- c:\windows\system32\DRVSTORE
2011-08-08 12:35 . 2011-08-08 12:35 -------- d-----w- C:\Intel
2011-08-08 12:01 . 2001-08-18 02:22 12288 ----a-w- c:\windows\system32\drivers\mouhid.sys
2010-08-31 19:32 . 2010-08-31 19:42 -------- d-----w- c:\dokumente und einstellungen\All Users\Anwendungsdaten\Yahoo! Companion
2010-08-31 19:32 . 2010-08-31 19:32 -------- d-----w- c:\dokumente und einstellungen\Britta\Anwendungsdaten\Yahoo!
2010-08-31 19:32 . 2010-08-31 19:32 -------- d-----w- c:\programme\Yahoo!
2010-08-31 19:32 . 2010-08-31 19:32 -------- d-----w- c:\programme\CCleaner
2010-08-31 19:25 . 2010-08-31 19:32 3427712 ----a-w- c:\programme\ccsetup235.exe
2010-08-31 12:11 . 2010-08-31 12:11 -------- d-----w- C:\_OTL
2010-08-30 18:47 . 2010-08-30 18:48 6153648 ----a-w- c:\programme\mailware trojaner board bam-setup.exe
2010-08-30 16:07 . 2010-08-30 16:07 -------- d-----w- c:\dokumente und einstellungen\Administrator\Anwendungsdaten\Uniblue
2010-08-30 16:02 . 2010-08-30 16:02 -------- d-----w- c:\dokumente und einstellungen\Administrator\Anwendungsdaten\TuneUp Software
2010-08-30 15:44 . 2008-08-08 12:33 -------- d-----w- c:\dokumente und einstellungen\Administrator\Lokale Einstellungen\Anwendungsdaten\ApplicationHistory
2010-08-30 15:44 . 2008-08-08 12:27 -------- d-----w- c:\dokumente und einstellungen\Administrator\Anwendungsdaten\Skype
2010-08-30 15:44 . 2008-08-08 12:12 -------- d-----w- c:\dokumente und einstellungen\Administrator\Lokale Einstellungen\Anwendungsdaten\Microsoft
2010-08-30 15:44 . 2008-08-08 08:11 -------- d--h--w- c:\dokumente und einstellungen\Administrator\Netzwerkumgebung
2010-08-30 15:44 . 2008-08-08 08:11 -------- d--h--w- c:\dokumente und einstellungen\Administrator\Druckumgebung
2010-08-30 15:44 . 2010-08-30 16:09 -------- d-----r- c:\dokumente und einstellungen\Administrator\Startmenü
2010-08-30 15:44 . 2008-08-08 07:16 -------- d--h--w- c:\dokumente und einstellungen\Administrator\Vorlagen
2010-08-30 15:44 . 2010-08-30 15:45 -------- d-----w- c:\dokumente und einstellungen\Administrator
2010-08-30 15:08 . 2010-08-30 15:08 -------- d-----w- c:\dokumente und einstellungen\Britta\Anwendungsdaten\Malwarebytes
2010-08-30 15:08 . 2010-04-29 10:19 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2010-08-30 15:08 . 2010-08-30 15:08 -------- d-----w- c:\dokumente und einstellungen\All Users\Anwendungsdaten\Malwarebytes
2010-08-30 15:08 . 2010-08-30 18:49 -------- d-----w- c:\programme\Malwarebytes' Anti-Malware
2010-08-30 15:08 . 2010-04-29 10:19 20952 ----a-w- c:\windows\system32\drivers\mbam.sys
2010-08-25 08:10 . 2010-08-25 08:10 0 ----a-w- c:\windows\nsreg.dat
2010-08-25 08:10 . 2010-08-25 08:10 -------- d-----w- c:\dokumente und einstellungen\Britta\Lokale Einstellungen\Anwendungsdaten\Mozilla
2010-08-25 08:09 . 2010-08-25 08:09 -------- d-----w- c:\programme\Mozilla Firefox 4.0 Beta 4
2010-08-25 08:07 . 2010-08-25 08:08 9595848 ----a-w- c:\programme\Firefox_Setup_4.0_Beta_4.exe
2010-08-25 07:46 . 2010-08-12 19:26 30528 ----a-w- c:\windows\system32\TURegOpt.exe
2010-08-25 07:46 . 2010-08-12 19:19 30016 ----a-w- c:\windows\system32\uxtuneup.dll
2010-08-25 07:45 . 2010-08-25 07:45 -------- d-----w- c:\dokumente und einstellungen\Britta\Anwendungsdaten\TuneUp Software
2010-08-25 07:44 . 2010-08-25 07:48 -------- d-----w- c:\programme\TuneUp Utilities 2010
2010-08-25 07:44 . 2010-08-25 07:44 -------- d-----w- c:\dokumente und einstellungen\All Users\Anwendungsdaten\TuneUp Software
2010-08-25 07:42 . 2010-08-25 07:42 19807040 ----a-w- c:\programme\TUNEUP2010.exe
2010-08-25 07:21 . 2010-08-25 07:21 -------- d-----w- c:\dokumente und einstellungen\Britta\Anwendungsdaten\Uniblue
2010-08-25 07:20 . 2010-08-25 07:20 -------- d-----w- c:\programme\Uniblue
2010-08-08 21:17 . 2010-08-08 21:17 -------- d-----w- c:\dokumente und einstellungen\Britta\Anwendungsdaten\Vivox
2010-08-02 15:13 . 2010-08-02 15:14 -------- d-----w- c:\programme\PixiePack Codec Pack
2010-08-02 15:13 . 2010-08-02 15:13 77664 ----a-w- c:\dokumente und einstellungen\All Users\Anwendungsdaten\RapidSolution\Radiotracker_2009\RadioRip\PlgSoundclick.dll
2010-08-02 15:13 . 2010-08-02 15:13 59232 ----a-w- c:\dokumente und einstellungen\All Users\Anwendungsdaten\RapidSolution\Radiotracker_2009\RadioRip\PlgPandora.dll
2010-08-02 15:13 . 2010-08-02 15:13 87904 ----a-w- c:\dokumente und einstellungen\All Users\Anwendungsdaten\RapidSolution\Radiotracker_2009\RadioRip\PlgMyspace.dll
2010-08-02 15:13 . 2010-08-02 15:13 103264 ----a-w- c:\dokumente und einstellungen\All Users\Anwendungsdaten\RapidSolution\Radiotracker_2009\RadioRip\PlgLastfm.dll
2010-08-02 15:13 . 2010-08-02 15:13 84320 ----a-w- c:\dokumente und einstellungen\All Users\Anwendungsdaten\RapidSolution\Radiotracker_2009\RadioRip\PlgImeem.dll
2010-08-02 15:13 . 2010-08-02 15:13 62816 ----a-w- c:\dokumente und einstellungen\All Users\Anwendungsdaten\RapidSolution\Radiotracker_2009\RadioRip\PlgIJigg.dll
2010-08-02 15:13 . 2010-08-02 15:13 114528 ----a-w- c:\dokumente und einstellungen\All Users\Anwendungsdaten\RapidSolution\Radiotracker_2009\RadioRip\PlgHypemachine.dll
2010-08-02 15:13 . 2010-08-02 15:13 94560 ----a-w- c:\dokumente und einstellungen\All Users\Anwendungsdaten\RapidSolution\Radiotracker_2009\RadioRip\PlgGeneral.dll
2010-08-02 15:12 . 2010-08-02 15:13 46944 ----a-w- c:\dokumente und einstellungen\All Users\Anwendungsdaten\RapidSolution\Radiotracker_2009\RadioRip\PlgDefault.dll
2010-08-02 15:12 . 2010-08-02 15:12 89952 ----a-w- c:\dokumente und einstellungen\All Users\Anwendungsdaten\RapidSolution\Radiotracker_2009\RadioRip\PlgDeezer.dll
2010-08-02 15:12 . 2010-08-02 15:12 347488 ----a-w- c:\dokumente und einstellungen\All Users\Anwendungsdaten\RapidSolution\Radiotracker_2009\RadioRip\RadioRip.dll
2010-08-02 15:12 . 2010-08-02 15:12 -------- d-----w- c:\dokumente und einstellungen\Britta\Anwendungsdaten\FILEminimizerPictures
2010-08-02 15:12 . 2010-08-02 15:12 495616 ----a-w- c:\dokumente und einstellungen\All Users\Anwendungsdaten\RapidSolution\Radiotracker_2009\EncodingBackend\lame_enc.dll
2010-08-02 15:12 . 2010-08-02 15:12 -------- d-----w- c:\programme\FILEminimizer Pictures
2010-08-02 15:07 . 2010-08-02 15:07 -------- d-----w- c:\programme\RapidSolution
2010-08-02 15:07 . 2010-08-02 15:07 -------- d-----w- c:\dokumente und einstellungen\All Users\Anwendungsdaten\RapidSolution
2010-08-02 15:02 . 2010-08-02 15:02 -------- d-----w- c:\dokumente und einstellungen\Britta\Lokale Einstellungen\Anwendungsdaten\RapidSolution
.
(((((((((((((((((((((((((((((((((((( Find3M Bericht ))))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2011-08-08 12:40 . 2010-08-30 15:44 141 ----a-w- c:\dokumente und einstellungen\Administrator\Lokale Einstellungen\Anwendungsdaten\fusioncache.dat
2011-08-08 12:38 . 2011-08-08 12:34 -------- d-----w- c:\programme\Gemeinsame Dateien\InstallShield
2011-08-08 12:37 . 2010-08-30 15:44 -------- d-----w- c:\dokumente und einstellungen\Administrator\Anwendungsdaten\InstallShield
2011-08-08 12:37 . 2009-04-18 00:57 -------- d-----w- c:\dokumente und einstellungen\Britta\Anwendungsdaten\InstallShield
2011-08-08 12:37 . 2009-04-18 00:56 -------- d-----w- c:\windows\system32\config\systemprofile\Anwendungsdaten\InstallShield
2011-08-08 12:36 . 2011-08-08 12:36 -------- d-----w- c:\programme\EeePC
2011-08-08 12:34 . 2011-08-08 12:34 -------- d-----w- c:\programme\Realtek
2011-08-08 12:34 . 2011-08-08 12:34 315392 ----a-w- c:\windows\HideWin.exe
2010-08-31 19:45 . 2009-04-18 00:57 38184 ----a-w- c:\dokumente und einstellungen\Britta\Lokale Einstellungen\Anwendungsdaten\GDIPFONTCACHEV1.DAT
2010-08-31 16:06 . 2009-04-18 11:51 -------- d-----w- c:\dokumente und einstellungen\Britta\Anwendungsdaten\StarOffice8
2010-08-30 16:05 . 2008-08-08 07:03 549460 ----a-w- c:\windows\system32\perfh007.dat
2010-08-30 16:05 . 2008-08-08 07:03 115838 ----a-w- c:\windows\system32\perfc007.dat
2010-08-30 15:45 . 2010-08-30 15:45 -------- d-----w- c:\dokumente und einstellungen\Administrator\Anwendungsdaten\Malwarebytes
2010-08-19 21:39 . 2009-04-18 00:57 -------- d-----w- c:\dokumente und einstellungen\Britta\Anwendungsdaten\Skype
2010-08-19 15:36 . 2009-04-18 11:27 -------- d-----w- c:\dokumente und einstellungen\Britta\Anwendungsdaten\skypePM
2010-07-26 16:02 . 2010-03-22 23:15 -------- d-----w- c:\programme\Bounty Bay Online
2010-06-30 12:28 . 2008-08-08 07:03 149504 ----a-w- c:\windows\system32\schannel.dll
2010-06-24 12:22 . 2008-08-08 07:03 916480 ----a-w- c:\windows\system32\wininet.dll
2010-06-24 09:02 . 2008-08-08 07:03 1852032 ----a-w- c:\windows\system32\win32k.sys
2010-06-21 15:27 . 2008-08-08 07:03 354304 ----a-w- c:\windows\system32\drivers\srv.sys
2010-06-17 14:03 . 2008-08-08 07:03 80384 ----a-w- c:\windows\system32\iccvid.dll
2010-06-14 14:31 . 2008-08-08 07:17 744448 ----a-w- c:\windows\pchealth\helpctr\binaries\helpsvc.exe
2010-06-14 07:41 . 2008-08-08 07:03 1172480 ----a-w- c:\windows\system32\msxml3.dll
2009-12-07 00:01 . 2009-12-07 00:01 431104 ----a-w- c:\programme\FOGDownloader-RoM_2_1_0_1871.exe
2009-11-25 10:40 . 2009-11-25 10:40 22892 ----a-w- c:\programme\Einheiten.zip
2009-10-25 14:04 . 2009-10-25 14:04 5862994 ----a-w- c:\programme\ts2_client_rc2_2032.exe
2009-09-30 06:12 . 2009-09-30 06:12 535576 ----a-w- c:\programme\RealPlayerSPGold_de.exe
2009-09-06 16:30 . 2009-07-13 17:48 30228816 ----a-w- c:\programme\avira_antivir_personal_de.exe
2008-05-07 08:34 . 2008-08-08 12:11 15523560 ----a-w- c:\programme\U1 Setup.exe
.
(((((((((((((((((((((((((((( Autostartpunkte der Registrierung ))))))))))))))))))))))))))))))))))))))))
.
.
*Hinweis* leere Einträge & legitime Standardeinträge werden nicht angezeigt.
REGEDIT4
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2007-09-24 104984]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2007-09-24 121368]
"Persistence"="c:\windows\system32\igfxpers.exe" [2007-09-24 100888]
"AsusTray"="c:\programme\EeePC\ACPI\AsTray.exe" [2008-07-23 98304]
"AsusACPIServer"="c:\programme\EeePC\ACPI\AsAcpiSvr.exe" [2008-07-23 479232]
"AsusEPCMonitor"="c:\programme\EeePC\ACPI\AsEPCMon.exe" [2008-05-20 94208]
"ETDWare"="c:\programme\Elantech\ETDCtrl.exe" [2008-07-23 335872]
"avgnt"="c:\programme\Avira\AntiVir Desktop\avgnt.exe" [2009-03-02 209153]
"TkBellExe"="c:\programme\Gemeinsame Dateien\Real\Update_OB\realsched.exe" [2009-09-30 198160]
"SunJavaUpdateSched"="c:\programme\Java\jre6\bin\jusched.exe" [2009-10-11 149280]
"RTHDCPL"="RTHDCPL.EXE" [2008-07-16 16806400]
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2008-04-14 15360]
c:\dokumente und einstellungen\Britta\Startmen\Programme\Autostart\
StarOffice 8.lnk - c:\programme\Sun\StarOffice 8\program\quickstart.exe [2007-8-17 122880]
c:\dokumente und einstellungen\All Users\Startmen\Programme\Autostart\
SuperHybridEngine.lnk - c:\programme\Asus\EeePC\Super Hybrid Engine\SuperHybridEngine.exe [2011-8-8 303104]
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Reader Speed Launcher]
2008-10-14 23:04 39792 ----a-w- c:\programme\Adobe\Reader 8.0\Reader\reader_sl.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Alcmtr]
2008-06-19 08:20 57344 ----a-w- c:\windows\Alcmtr.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AlcWzrd]
2008-06-19 08:42 2808832 ----a-w- c:\windows\alcwzrd.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SoundMan]
2008-06-18 10:01 77824 ----a-w- c:\windows\SoundMan.exe
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run-]
"Adobe Reader Speed Launcher"="c:\programme\Adobe\Reader 8.0\Reader\Reader_sl.exe"
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"%windir%\\system32\\sessmgr.exe"=
"c:\\Programme\\eMule\\emule.exe"=
"c:\\Programme\\Windows Live\\Sync\\WindowsLiveSync.exe"=
"c:\\Programme\\Skype\\Plugin Manager\\skypePM.exe"=
"c:\\Programme\\Skype\\Phone\\Skype.exe"=
R2 AntiVirSchedulerService;Avira AntiVir Planer;c:\programme\Avira\AntiVir Desktop\sched.exe [06.09.2009 18:39 108289]
R2 TuneUp.UtilitiesSvc;TuneUp Utilities Service;c:\programme\TuneUp Utilities 2010\TuneUpUtilitiesService32.exe [12.08.2010 21:23 1051968]
R3 TuneUpUtilitiesDrv;TuneUpUtilitiesDrv;c:\programme\TuneUp Utilities 2010\TuneUpUtilitiesDriver32.sys [25.02.2010 11:18 10064]
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost - NetSvcs
UxTuneUp
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{A8D647C8-65AC-409F-B7B2-3C0FEE1A32F2}]
2010-02-16 17:02 114688 ----a-w- c:\programme\PixiePack Codec Pack\InstallerHelper.exe
.
.
------- Zusätzlicher Suchlauf -------
.
uStart Page = about:blank
IE: {{d9288080-1baa-4bc4-9cf8-a92d743db949} - c:\dokumente und einstellungen\Britta\Startmenü\Programme\IMVU\Run IMVU.lnk
FF - ProfilePath - c:\dokumente und einstellungen\Britta\Anwendungsdaten\Mozilla\Firefox\Profiles\ikgofx0q.default\
FF - prefs.js: network.proxy.type - 0
FF - plugin: c:\programme\Windows Live\Photo Gallery\NPWLPG.dll
.
- - - - Entfernte verwaiste Registrierungseinträge - - - -
BHO-{33988062-a155-4ff7-ae2f-4288a3f076d5} - (no file)
MSConfigStartUp-MsnMsgr - c:\programme\Windows Live\Messenger\MsnMsgr.Exe
**************************************************************************
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, hxxp://www.gmer.net
Rootkit scan 2010-08-31 22:34
Windows 5.1.2600 Service Pack 3 NTFS
Scanne versteckte Prozesse...
Scanne versteckte Autostarteinträge...
Scanne versteckte Dateien...
Scan erfolgreich abgeschlossen
versteckte Dateien: 0
**************************************************************************
.
--------------------- Durch laufende Prozesse gestartete DLLs ---------------------
- - - - - - - > 'winlogon.exe'(924)
c:\windows\system32\igfxdev.dll
.
Zeit der Fertigstellung: 2010-08-31 22:38:27
ComboFix-quarantined-files.txt 2010-08-31 20:38
Vor Suchlauf: 9 Verzeichnis(se), 68.453.883.904 Bytes frei
Nach Suchlauf: 10 Verzeichnis(se), 68.504.236.032 Bytes frei
WindowsXP-KB310994-SP2-Home-BootDisk-DEU.exe
[boot loader]
timeout=2
default=multi(0)disk(0)rdisk(0)partition(1)\WINDOWS
[operating systems]
c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons
UnsupportedDebug="do not select this" /debug
multi(0)disk(0)rdisk(0)partition(1)\WINDOWS="Microsoft Windows XP Home Edition" /noexecute=optin /fastdetect
- - End Of File - - 05366DD892D4EB25D1A521A775815195
|
|
01.09.2010, 11:50
| #12 |
| /// Winkelfunktion /// TB-Süch-Tiger™ | Ron ads revenuebuster/Sparkassenseite fragt tan ab/ netbook ohne Laufwerk-windows neu drauf machen? Ok. Bitte nun Logs mit GMER und OSAM erstellen und posten. GMER stürzt häufiger ab, wenn das Tool auch beim 2. Mal nicht will, lass es einfach weg und führ nur OSAM aus Anschließend den bootkit_remover herunterladen. Entpacke das Tool in einen eigenen Ordner auf dem Desktop und führe in diesem Ordner die Datei remove.exe aus. Wenn Du Windows Vista oder Windows 7 verwendest, musst Du die remover.exe über ein Rechtsklick => als Administrator ausführen Ein schwarzes Fenster wird sich öffnen und automatisch nach bösartigen Veränderungen im MBR suchen. Poste dann bitte, ob es Veränderungen gibt und wenn ja in welchem device. Am besten alles posten was die remover.exe ausgibt.
__________________ Logfiles bitte immer in CODE-Tags posten |
|
03.09.2010, 15:41
| #13 |
| | Ron ads revenuebuster/Sparkassenseite fragt tan ab/ netbook ohne Laufwerk-windows neu drauf machen? GMER Logfile: Code:
ATTFilter GMER 1.0.15.15281 - hxxp://www.gmer.net
Rootkit scan 2010-09-01 19:04:02
Windows 5.1.2600 Service Pack 3
Running: kyk8yfgr.exe; Driver: C:\DOKUME~1\Britta\LOKALE~1\Temp\fxtdqpow.sys
---- System - GMER 1.0.15 ----
SSDT F7B4110E ZwCreateKey
SSDT F7B41104 ZwCreateThread
SSDT F7B41113 ZwDeleteKey
SSDT F7B4111D ZwDeleteValueKey
SSDT F7B41122 ZwLoadKey
SSDT F7B410F0 ZwOpenProcess
SSDT F7B410F5 ZwOpenThread
SSDT F7B4112C ZwReplaceKey
SSDT F7B41127 ZwRestoreKey
SSDT F7B41118 ZwSetValueKey
SSDT F7B410FF ZwTerminateProcess
---- Devices - GMER 1.0.15 ----
AttachedDevice \Driver\Tcpip \Device\Tcp fssfltr_tdi.sys (Family Safety Filter Driver (TDI)/Microsoft Corporation)
---- EOF - GMER 1.0.15 ----
|
|
03.09.2010, 16:04
| #14 |
| | Ron ads revenuebuster/Sparkassenseite fragt tan ab/ netbook ohne Laufwerk-windows neu drauf machen? Report of OSAM: Autorun Manager v5.0.11926.0 Online Solutions. Complex Protection for Information Systems Saved at 17:08:25 on 03.09.2010 OS: Windows XP Home Edition Service Pack 3 (Build 2600) Default Browser: Microsoft Corporation Internet Explorer 8.00.6001.18702 Scanner Settings Rootkits detection (hidden registry) Rootkits detection (hidden files) Retrieve files information Check Microsoft signatures Filters Trusted entries Empty entries Hidden registry entries (rootkit activity) Exclusively opened files Not found files Files without detailed information Existing files Non-startable services Non-startable drivers Active entries Disabled entries Risk Name Publisher Full Path Status Control Panel Objects %SystemRoot%\system32 |||||| "infocardcpl.cpl" "Microsoft Corporation" C:\WINDOWS\system32\infocardcpl.cpl File exists |||||| "javacpl.cpl" "Sun Microsystems, Inc." C:\WINDOWS\system32\javacpl.cpl File exists HKLM\Software\Microsoft\Windows\CurrentVersion\Control Panel\Cpls |||||| "Avira AntiVir Personal - Free Antivirus " "Avira GmbH" C:\PROGRA~1\Avira\ANTIVI~1\avconfig.cpl File exists Drivers HKLM\SYSTEM\CurrentControlSet\Services |||||| "avgio" (avgio) "Avira GmbH" C:\Programme\Avira\AntiVir Desktop\avgio.sys File exists |||||| "avgntflt" (avgntflt) "Avira GmbH" C:\WINDOWS\System32\DRIVERS\avgntflt.sys File exists |||||| "avipbb" (avipbb) "Avira GmbH" C:\WINDOWS\System32\DRIVERS\avipbb.sys File exists "catchme" (catchme) C:\DOKUME~1\Britta\LOKALE~1\Temp\catchme.sys File not found "Changer" (Changer) C:\WINDOWS\system32\drivers\Changer.sys File not found |||||| "FssFltr" (fssfltr) "Microsoft Corporation" C:\WINDOWS\System32\DRIVERS\fssfltr_tdi.sys File exists "i2omgmt" (i2omgmt) C:\WINDOWS\system32\drivers\i2omgmt.sys File not found "lbrtfdc" (lbrtfdc) C:\WINDOWS\system32\drivers\lbrtfdc.sys File not found "PCIDump" (PCIDump) C:\WINDOWS\system32\drivers\PCIDump.sys File not found "PDCOMP" (PDCOMP) C:\WINDOWS\system32\drivers\PDCOMP.sys File not found "PDFRAME" (PDFRAME) C:\WINDOWS\system32\drivers\PDFRAME.sys File not found "PDRELI" (PDRELI) C:\WINDOWS\system32\drivers\PDRELI.sys File not found "PDRFRAME" (PDRFRAME) C:\WINDOWS\system32\drivers\PDRFRAME.sys File not found |||||| "ssmdrv" (ssmdrv) "Avira GmbH" C:\WINDOWS\System32\DRIVERS\ssmdrv.sys File exists |||||| "TuneUpUtilitiesDrv" (TuneUpUtilitiesDrv) "TuneUp Software" C:\Programme\TuneUp Utilities 2010\TuneUpUtilitiesDriver32.sys File exists "WDICA" (WDICA) C:\WINDOWS\system32\drivers\WDICA.sys File not found Explorer HKLM\SOFTWARE\Microsoft\Active Setup\Installed Components || {A8D647C8-65AC-409F-B7B2-3C0FEE1A32F2} "PixiePack Codec Pack 1.1.1200.0" C:\Programme\PixiePack Codec Pack\InstallerHelper.exe File exists |||||| {89B4C1CD-B018-4511-B0A1-5476DBF70820} "StubPath" "Microsoft Corporation" C:\WINDOWS\system32\Rundll32.exe C:\WINDOWS\system32\mscories.dll,Install File exists HKLM\Software\Classes\Folder\shellex\ColumnHandlers |||||| {F9DB5320-233E-11D1-9F84-707F02C10627} "PDF Shell Extension" "Adobe Systems, Inc." C:\Programme\Gemeinsame Dateien\Adobe\Acrobat\ActiveX\PDFShell.dll File exists |||||| {C52AF81D-F7A0-4AAB-8E87-F80A60CCD396} "{C52AF81D-F7A0-4AAB-8E87-F80A60CCD396}" C:\Programme\Sun\StarOffice 8\program\shlxthdl.dll File exists HKLM\Software\Classes\Protocols\Filter |||||| {1E66F26B-79EE-11D2-8710-00C04F79ED0D} "Cor MIME Filter, CorFltr, CorFltr 1" "Microsoft Corporation" C:\WINDOWS\system32\mscoree.dll File exists |||||| {1E66F26B-79EE-11D2-8710-00C04F79ED0D} "Cor MIME Filter, CorFltr, CorFltr 1" "Microsoft Corporation" C:\WINDOWS\system32\mscoree.dll File exists |||||| {1E66F26B-79EE-11D2-8710-00C04F79ED0D} "Cor MIME Filter, CorFltr, CorFltr 1" "Microsoft Corporation" C:\WINDOWS\system32\mscoree.dll File exists HKLM\Software\Classes\Protocols\Handler |||||| {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} "IEProtocolHandler Class" "Skype Technologies" C:\PROGRA~1\GEMEIN~1\Skype\SKYPE4~1.DLL File exists |||||| {0A9007C0-4076-11D3-8789-0000F8105754} "Microsoft Infotech Storage Protocol for IE 4.0" "Microsoft Corporation" C:\Programme\Gemeinsame Dateien\Microsoft Shared\Information Retrieval\msitss.dll File exists |||| {91774881-D725-4E58-B298-07617B9B86A8} "Skype IE add-on Pluggable Protocol" "Skype Technologies S.A." C:\Programme\Skype\Toolbars\Internet Explorer\skypeieplugin.dll File exists |||||| {03C514A3-1EFB-4856-9F99-10D7BE1653C0} "Windows Live Mail HTML Asynchronous Pluggable Protocol Handler" "Microsoft Corporation" C:\Programme\Windows Live\Mail\mailcomm.dll File exists HKLM\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved |||||| {D5906221-A717-479B-9B49-CD848F9CE816} "BZShlExtImpl Class" "Bitberry Software" C:\Programme\BitZipper\BZShlExt.dll File exists |||||| {0563DB41-F538-4B37-A92D-4659049B7766} "CLSID_WLMCMimeFilter" "Microsoft Corporation" C:\Programme\Windows Live\Mail\mailcomm.dll File exists {42071714-76d4-11d1-8b24-00a0c9068ff3} "CPL-Erweiterung für Anzeigeverschiebung" deskpan.dll File not found |||||| {8A0265BC-EBA5-4F6A-8972-AFCDFB89516A} "FILEminimizer Shell Extension" C:\Programme\FILEminimizer Pictures\FILEMShell.dll File found, but it contains no detailed information |||||| {1D2680C9-0E2A-469d-B787-065558BC7D43} "Fusion Cache" "Microsoft Corporation" C:\WINDOWS\system32\mscoree.dll File exists {FAC3CBF6-8697-43d0-BAB9-DCD1FCE19D75} "IE User Assist" File not found | COM-object registry key not found {853FE2B1-B769-11d0-9C4E-00C04FB6C6FA} "Kontextmenü für die Verschlüsselung" File not found | COM-object registry key not found |||||| {993BE281-6695-4BA5-8A2A-7AACBFAAB69E} "Microsoft Office Metadata Handler" "Microsoft Corporation" C:\PROGRA~1\GEMEIN~1\MICROS~1\OFFICE12\msoshext.dll File exists |||||| {C41662BB-1FA0-4CE0-8DC5-9B7F8279FF97} "Microsoft Office Thumbnail Handler" "Microsoft Corporation" C:\PROGRA~1\GEMEIN~1\MICROS~1\OFFICE12\msoshext.dll File exists |||||| {C52AF81D-F7A0-4AAB-8E87-F80A60CCD396} "OpenOffice.org Column Handler" C:\Programme\Sun\StarOffice 8\program\shlxthdl.dll File exists |||||| {087B3AE3-E237-4467-B8DB-5A38AB959AC9} "OpenOffice.org Infotip Handler" C:\Programme\Sun\StarOffice 8\program\shlxthdl.dll File exists |||||| {63542C48-9552-494A-84F7-73AA6A7C99C1} "OpenOffice.org Property Sheet Handler" C:\Programme\Sun\StarOffice 8\program\shlxthdl.dll File exists |||||| {3B092F0C-7696-40E3-A80F-68D74DA84210} "OpenOffice.org Thumbnail Viewer" C:\Programme\Sun\StarOffice 8\program\shlxthdl.dll File exists |||||| {F0CB00CD-5A07-4D91-97F5-A8C92CDA93E4} "RealOne Player Context Menu Class" "RealNetworks, Inc." C:\Programme\Real\RealPlayer\rpshell.dll File exists |||||| {45AC2688-0253-4ED8-97DE-B5370FA7D48A} "Shell Extension for Malware scanning" "Avira GmbH" C:\Programme\Avira\AntiVir Desktop\shlext.dll File exists |||||| {E37E2028-CE1A-4f42-AF05-6CEABC4E5D75} "Shell Icon Handler for Application References" "Microsoft Corporation" C:\WINDOWS\system32\dfshim.dll File exists {764BF0E1-F219-11ce-972D-00AA00A14F56} "Shellerweiterungen für die Dateikomprimierung" File not found | COM-object registry key not found |||||| {e82a2d71-5b2f-43a0-97b8-81be15854de8} "ShellLink for Application References" "Microsoft Corporation" C:\WINDOWS\system32\dfshim.dll File exists {4838CD50-7E5D-4811-9B17-C47A85539F28} "TuneUp Disk Space Explorer Shell Extension" "TuneUp Software" C:\Programme\TuneUp Utilities 2010\DseShExt-x86.dll File exists {4858E7D9-8E12-45a3-B6A3-1CD128C9D403} "TuneUp Shredder Shell Extension" "TuneUp Software" C:\Programme\TuneUp Utilities 2010\SDShelEx-win32.dll File exists {44440D00-FF19-4AFC-B765-9A0970567D97} "TuneUp Theme Extension" "TuneUp Software" C:\WINDOWS\System32\uxtuneup.dll File exists |||||| {2BE99FD4-A181-4996-BFA9-58C5FFD11F6C} "Windows Live Photo Gallery Autoplay Drop Target" "Microsoft Corporation" C:\Programme\Windows Live\Photo Gallery\WLXPhotoGallery.exe File exists |||||| {00F30F64-AC33-42F5-8FD1-5DC2D3FDE06C} "Windows Live Photo Gallery Editor Drop Target" "Microsoft Corporation" C:\Programme\Windows Live\Photo Gallery\WLXPhotoGallery.exe File exists |||||| {00F3712A-CA79-45B4-9E4D-D7891E7F8B9D} "Windows Live Photo Gallery Editor Shim" "Microsoft Corporation" C:\Programme\Windows Live\Photo Gallery\PhotoViewerShim.dll File exists |||||| {00F30F90-3E96-453B-AFCD-D71989ECC2C7} "Windows Live Photo Gallery Viewer Autoplay Shim" "Microsoft Corporation" C:\Programme\Windows Live\Photo Gallery\PhotoViewerShim.dll File exists |||||| {00F33137-EE26-412F-8D71-F84E4C2C6625} "Windows Live Photo Gallery Viewer Autoplay Shim" "Microsoft Corporation" C:\Programme\Windows Live\Photo Gallery\PhotoViewerShim.dll File exists |||||| {00F374B7-B390-4884-B372-2FC349F2172B} "Windows Live Photo Gallery Viewer Drop Target" "Microsoft Corporation" C:\Programme\Windows Live\Photo Gallery\WLXPhotoGallery.exe File exists |||||| {00F346CB-35A4-465B-8B8F-65A29DBAB1F6} "Windows Live Photo Gallery Viewer Shim" "Microsoft Corporation" C:\Programme\Windows Live\Photo Gallery\PhotoViewerShim.dll File exists |||||| {06A2568A-CED6-4187-BB20-400B8C02BE5A} "{06A2568A-CED6-4187-BB20-400B8C02BE5A}" "Microsoft Corporation" C:\Programme\Windows Live\Photo Gallery\WLXPhotoAcquireWizard.exe File exists Internet Explorer HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser ITBar7Height "ITBar7Height" File not found | COM-object registry key not found "ITBar7Layout" File not found | COM-object registry key not found "ITBarLayout" File not found | COM-object registry key not found "{BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0}" File not found | COM-object registry key not found HKCU\Software\Microsoft\Internet Explorer\URLSearchHooks |||| {EF99BD32-C1FB-11D2-892F-0090271D4F88} "Yahoo! Toolbar" "Yahoo! Inc." C:\Programme\Yahoo!\Companion\Installs\cpn\yt.dll File exists HKLM\SOFTWARE\Microsoft\Code Store Database\Distribution Units |||| {8AD9C840-044E-11D1-B3E9-00805F499D93} "Java Plug-in 1.6.0_17" hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_17-windows-i586.cab "Sun Microsystems, Inc." C:\Programme\Java\jre6\bin\npjpi160_17.dll File exists |||| {CAFEEFAC-0016-0000-0017-ABCDEFFEDCBA} "Java Plug-in 1.6.0_17" hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_17-windows-i586.cab "Sun Microsystems, Inc." C:\Programme\Java\jre6\bin\npjpi160_17.dll File exists |||| {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} "Java Plug-in 1.6.0_17" hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_17-windows-i586.cab "Sun Microsystems, Inc." C:\Programme\Java\jre6\bin\npjpi160_17.dll File exists |||||| {166B1BCA-3F9C-11CF-8075-444553540000} "Shockwave ActiveX Control" hxxp://download.macromedia.com/pub/shockwave/cabs/director/sw.cab "Adobe Systems, Inc." C:\WINDOWS\system32\Adobe\Director\SwDir.dll File exists {CAFEEFAC-0016-0000-0003-ABCDEFFEDCBA} "{CAFEEFAC-0016-0000-0003-ABCDEFFEDCBA}" hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_03-windows-i586.cab File not found | COM-object registry key not found HKLM\SOFTWARE\Microsoft\Internet Explorer\Extensions |||| {5F7B1267-94A9-47F5-98DB-E99415F33AEC} "In Blog veröffentlichen" "Microsoft Corporation" C:\Programme\Windows Live\Writer\WriterBrowserExtension.dll File exists |||| {898EA8C8-E7FF-479B-8935-AEC46303B9E5} "Skype add-on for Internet Explorer" "Skype Technologies S.A." C:\Programme\Skype\Toolbars\Internet Explorer\skypeieplugin.dll File exists HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar |||| "&Windows Live Toolbar" "Microsoft Corporation" C:\Programme\Windows Live\Toolbar\wltcore.dll File exists |||| "Yahoo! Toolbar" "Yahoo! Inc." C:\Programme\Yahoo!\Companion\Installs\cpn\yt.dll File exists HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects |||| {02478D38-C3F9-4efb-9B51-7695ECA05670} "&Yahoo! Toolbar Helper" "Yahoo! Inc." C:\Programme\Yahoo!\Companion\Installs\cpn\yt.dll File exists |||||| {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} "Adobe PDF Reader" "Adobe Systems Incorporated" C:\Programme\Gemeinsame Dateien\Adobe\Acrobat\ActiveX\AcroIEHelper.dll File exists |||| {DBC80044-A445-435b-BC74-9C25C1C588A9} "Java(tm) Plug-In 2 SSV Helper" "Sun Microsystems, Inc." C:\Programme\Java\jre6\bin\jp2ssv.dll File exists |||| {E7E6F031-17CE-4C07-BC86-EABFE594F69C} "JQSIEStartDetectorImpl Class" "Sun Microsystems, Inc." C:\Programme\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll File exists |||| {3049C3E9-B461-4BC5-8870-4C09146192CA} "RealPlayer Download and Record Plugin for Internet Explorer" "RealPlayer" C:\Programme\Real\RealPlayer\rpbrowserrecordplugin.dll File exists || {6EBF7485-159F-4bff-A14F-B9E3AAC4465B} "Search Helper" "Microsoft Corporation" C:\Programme\Microsoft\Search Enhancement Pack\Search Helper\SEPsearchhelperie.dll File exists |||| {FDAD4DA1-61A2-4FD8-9C17-86F7AC245081} "SingleInstance Class" "Yahoo! Inc" C:\Programme\Yahoo!\Companion\Installs\cpn\YTSingleInstance.dll File exists |||| {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} "Skype add-on for Internet Explorer" "Skype Technologies S.A." C:\Programme\Skype\Toolbars\Internet Explorer\skypeieplugin.dll File exists |||||| {9030D464-4C02-4ABF-8ECC-5164760863C6} "Windows Live Anmelde-Hilfsprogramm" "Microsoft Corporation" C:\Programme\Gemeinsame Dateien\Microsoft Shared\Windows Live\WindowsLiveLogin.dll File exists |||| {E15A8DC0-8516-42A1-81EA-DC94EC1ACF10} "Windows Live Toolbar Helper" "Microsoft Corporation" C:\Programme\Windows Live\Toolbar\wltcore.dll File exists Logon %AllUsersProfile%\Startmenü\Programme\Autostart |||||| "desktop.ini" C:\Dokumente und Einstellungen\All Users\Startmenü\Programme\Autostart\desktop.ini File exists |||| "SuperHybridEngine.lnk" "ASUSTeK Computer Inc." C:\Programme\Asus\EeePC\Super Hybrid Engine\SuperHybridEngine.exe Shortcut exists | File exists %UserProfile%\Startmenü\Programme\Autostart |||||| "desktop.ini" C:\Dokumente und Einstellungen\Britta\Startmenü\Programme\Autostart\desktop.ini File exists |||| "StarOffice 8.lnk" C:\Programme\Sun\StarOffice 8\program\quickstart.exe Shortcut exists | File found, but it contains no detailed information | File exists HKLM\Software\Microsoft\Windows\CurrentVersion\Run |||||| "AsusACPIServer" "ASUSTeK Computer Inc." C:\Programme\EeePC\ACPI\AsAcpiSvr.exe File exists |||| "AsusEPCMonitor" "ASUSTeK Computer Inc." C:\Programme\EeePC\ACPI\AsEPCMon.exe File exists |||| "AsusTray" "ASUSTeK Computer Inc." C:\Programme\EeePC\ACPI\AsTray.exe File exists |||||| "avgnt" "Avira GmbH" "C:\Programme\Avira\AntiVir Desktop\avgnt.exe" /min File exists |||| "ETDWare" "ELANTECH Devices Corp." C:\Programme\Elantech\ETDCtrl.exe File exists |||| "SunJavaUpdateSched" "Sun Microsystems, Inc." "C:\Programme\Java\jre6\bin\jusched.exe" File exists |||| "TkBellExe" "RealNetworks, Inc." "C:\Programme\Gemeinsame Dateien\Real\Update_OB\realsched.exe" -osboot File exists Services HKLM\SYSTEM\CurrentControlSet\Services |||||| ".NET Runtime Optimization Service v2.0.50727_X86" (clr_optimization_v2.0.50727_32) "Microsoft Corporation" C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe File exists "Anwendungsverwaltung" (AppMgmt) C:\WINDOWS\System32\appmgmts.dll File not found |||||| "ASP.NET State Service" (aspnet_state) "Microsoft Corporation" C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe File exists |||||| "Avira AntiVir Guard" (AntiVirService) "Avira GmbH" C:\Programme\Avira\AntiVir Desktop\avguard.exe File exists |||||| "Avira AntiVir Planer" (AntiVirSchedulerService) "Avira GmbH" C:\Programme\Avira\AntiVir Desktop\sched.exe File exists |||||| "IviRegMgr" (IviRegMgr) "InterVideo" C:\Programme\Gemeinsame Dateien\InterVideo\RegMgr\iviRegMgr.exe File exists |||||| "Java Quick Starter" (JavaQuickStarterService) "Sun Microsystems, Inc." C:\Programme\Java\jre6\bin\jqs.exe File exists |||||| "SeaPort" (SeaPort) "Microsoft Corporation" C:\Programme\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe File exists "TuneUp Designerweiterung" (UxTuneUp) "TuneUp Software" C:\WINDOWS\System32\uxtuneup.dll File exists "TuneUp Drive Defrag-Dienst" (TuneUp.Defrag) "TuneUp Software" C:\Programme\TuneUp Utilities 2010\TuneUpDefragService.exe File exists "TuneUp Utilities Service" (TuneUp.UtilitiesSvc) "TuneUp Software" C:\Programme\TuneUp Utilities 2010\TuneUpUtilitiesService32.exe File exists |||||| "Windows CardSpace" (idsvc) "Microsoft Corporation" c:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe File exists |||||| "Windows Live Family Safety-Dienst" (fsssvc) "Microsoft Corporation" C:\Programme\Windows Live\Family Safety\fsssvc.exe File exists |||||| "Windows Presentation Foundation Font Cache 3.0.0.0" (FontCache3.0.0.0) "Microsoft Corporation" c:\WINDOWS\Microsoft.NET\Framework\v3.0\WPF\PresentationFontCache.exe File exists Winlogon HKCU\Control Panel\Desktop "SCRNSAVE.EXE" C:\WINDOWS\system32\Shenkuu.scr File not found HKCU\Control Panel\IOProcs "MVB" mvfs32.dll File not found HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\GPExtensions {c6dc5466-785a-11d2-84d0-00c04fb169f7} "Softwareinstallation" appmgmts.dll File not found If You have questions or |
|
03.09.2010, 16:25
| #15 |
| | Ron ads revenuebuster/Sparkassenseite fragt tan ab/ netbook ohne Laufwerk-windows neu drauf machen? Bootkit remover System Volume is \\.\C: \\.\C: -> \\.\ PhysicalDrive 0 at offset 0x00000000´00007e00 Bootsektor MD5 is: 6def5ffcbcdbdb4082f1015625e597bd Size 149 GB Device name \\.\ PhysicalDrive 0 MBR Status ok (DOS/Win32 Boot code found) Done |
|
| Themen zu Ron ads revenuebuster/Sparkassenseite fragt tan ab/ netbook ohne Laufwerk-windows neu drauf machen? |
| ads, andere, banking, einiger, fenster, grosse, kein laufwerk, komplett, konto, krieg, laufwerk, neu, nicht sicher, online, online banking, pcs, programm, richtig, runter, seite, sperre, sperren, tan, windows, würde, würdet, öffnen |
Linear-Darstellung
