Zurück   Trojaner-Board > Malware entfernen > Log-Analyse und Auswertung

Log-Analyse und Auswertung: Win7 64Bit | Firefox-> TABS öffnen sich automatisch

Windows 7 Wenn Du Dir einen Trojaner eingefangen hast oder ständig Viren Warnungen bekommst, kannst Du hier die Logs unserer Diagnose Tools zwecks Auswertung durch unsere Experten posten. Um Viren und Trojaner entfernen zu können, muss das infizierte System zuerst untersucht werden: Erste Schritte zur Hilfe. Beachte dass ein infiziertes System nicht vertrauenswürdig ist und bis zur vollständigen Entfernung der Malware nicht verwendet werden sollte.

Antwort
Alt 20.10.2010, 19:29   #1
IMM0rtalis
 
Win7 64Bit | Firefox-> TABS öffnen sich automatisch - Standard

Win7 64Bit | Firefox-> TABS öffnen sich automatisch



Hallihallo,
ich hoffe, ich mache hier alles richtig...

Folgende Situation:
Ich habe vor einigen Tagen ne .exe runtergeladen, die bei vielen Youtubevideos verlinkt war(gab viele positive Kommentare).. Sinn war das Spielen eines älteres Spiels über Netzwerk...

Naja.. ich wusste, dass ein sehr hohen Risiko bestand... aber wegen der vielen positiven Kommentare...

Naja.. die Exe verschwand und der Computer fuhr ziemlich schnell herunter. Der Neustart dauerte ewig...

Antivir Free Personal zeigte nichts. War sogar deaktiviert.
Dann habe ich mir Kaspersky besorgt, weil es glaube ich einer der aggressivsten Antivirenprogramme ist. Es hat 3 Viren in irgendwelchen Dateien von JAVA gefunden und gelöscht.

Mit der Zeit gingen hin und wieder TABS im Firefox mit den unterschiedlichsten Seiten auf. Mal unseriöse Seiten, die auch teilweise geblockt wurde, mal Ebay, mal Adobe.. etc...

----------------------
Ich habe mir SpyBot Search&Destroy und mehrere andere Programme geladen und durchsuchen lassen.. auch Norten Antivirus, doch die AutoTABS gingen nicht weg.

Hin und wieder berichtet Kaspersky von einem Zugriff der svhost.exe auf eine komische Seite(die Seite ist dann immer anders).. aber hat selbst keinen weiteren Bericht dazu. Es hieß lediglich "Der Link wurde in einer Datenbank gefunden".

Ich hab gegoogelt und hab irgendwie nur Anleitungen für ältere Systeme gefunden

Deshalb hab ich mich jetzt hier angemeldet...

----------------------

OTL.txt
Code:
ATTFilter
OTL logfile created on: 20.10.2010 20:06:38 - Run 1
OTL by OldTimer - Version 3.2.16.0     Folder = C:\Users\IMM0rtalis\Downloads
64bit- Ultimate Edition  (Version = 6.1.7600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.7600.16385)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
 
2,00 Gb Total Physical Memory | 0,00 Gb Available Physical Memory | 18,00% Memory free
4,00 Gb Paging File | 2,00 Gb Available in Paging File | 41,00% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 24,90 Gb Total Space | 0,02 Gb Free Space | 0,08% Space Free | Partition Type: NTFS
Drive E: | 25,00 Gb Total Space | 14,10 Gb Free Space | 56,38% Space Free | Partition Type: NTFS
Drive M: | 100,01 Gb Total Space | 19,98 Gb Free Space | 19,97% Space Free | Partition Type: NTFS
Drive P: | 10,00 Gb Total Space | 8,02 Gb Free Space | 80,18% Space Free | Partition Type: NTFS
Drive Q: | 50,01 Gb Total Space | 21,85 Gb Free Space | 43,69% Space Free | Partition Type: NTFS
Drive S: | 80,01 Gb Total Space | 23,62 Gb Free Space | 29,53% Space Free | Partition Type: NTFS
Drive V: | 616,49 Gb Total Space | 3,90 Gb Free Space | 0,63% Space Free | Partition Type: NTFS
Drive W: | 232,89 Gb Total Space | 37,31 Gb Free Space | 16,02% Space Free | Partition Type: NTFS
Drive X: | 130,00 Gb Total Space | 36,32 Gb Free Space | 27,94% Space Free | Partition Type: NTFS
Drive Y: | 320,75 Gb Total Space | 232,09 Gb Free Space | 72,36% Space Free | Partition Type: NTFS
Drive Z: | 40,00 Gb Total Space | 29,59 Gb Free Space | 73,97% Space Free | Partition Type: NTFS
 
Computer Name: BGSTYLE | User Name: IMM0rtalis | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Include 64bit Scans
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
 
========== Processes (SafeList) ==========
 
PRC - C:\Users\IMM0rtalis\Downloads\OTL.exe (OldTimer Tools)
PRC - C:\Program Files (x86)\Mozilla Firefox\firefox.exe (Mozilla Corporation)
PRC - C:\Program Files (x86)\Mozilla Firefox\plugin-container.exe (Mozilla Corporation)
PRC - C:\Windows\SysWOW64\PnkBstrA.exe ()
PRC - e:\Norton AntiVirus\Engine\18.1.0.37\ccSvcHst.exe (Symantec Corporation)
PRC - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2011\avp.exe (Kaspersky Lab ZAO)
PRC - C:\Program Files (x86)\MirandaFusion\miranda32.exe ( )
PRC - C:\Program Files (x86)\MirandaFusion\mfwd.exe (Miranda Fusion Team)
PRC - C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe (NVIDIA Corporation)
PRC - P:\xampp\mysql\bin\mysqld.exe (MySQL AB)
PRC - P:\xampp\xampp-control.exe (Apache Friends)
PRC - P:\xampp\apache\bin\httpd.exe (Apache Software Foundation)
PRC - P:\NetBeans 6.8\NetBeans 6.8\bin\netbeans.exe ()
PRC - C:\Windows\SysWOW64\vmnat.exe (VMware, Inc.)
PRC - E:\VMPlayer\vmware-authd.exe (VMware, Inc.)
PRC - C:\Windows\SysWOW64\vmnetdhcp.exe (VMware, Inc.)
PRC - C:\Program Files (x86)\Windows Sidebar\sidebar.exe (Microsoft Corporation)
PRC - C:\Program Files (x86)\Common Files\Nero\Nero BackItUp 4\NBService.exe (Nero AG)
 
 
========== Modules (SafeList) ==========
 
MOD - C:\Users\IMM0rtalis\Downloads\OTL.exe (OldTimer Tools)
MOD - C:\Windows\SysWOW64\imagehlp.dll (Microsoft Corporation)
MOD - C:\Windows\SysWOW64\normaliz.dll (Microsoft Corporation)
MOD - C:\Windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7600.16385_none_421189da2b7fabfc\comctl32.dll (Microsoft Corporation)
 
 
========== Win32 Services (SafeList) ==========
 
SRV:64bit: - (VMware NAT Service) -- C:\Windows\SysNative\vmnat.exe File not found
SRV:64bit: - (VMnetDHCP) -- C:\Windows\SysNative\vmnetdhcp.exe File not found
SRV:64bit: - (PnkBstrA) -- C:\Windows\SysNative\PnkBstrA.exe File not found
SRV:64bit: - (FLEXnet Licensing Service 64) -- C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService64.exe (Acresso Software Inc.)
SRV:64bit: - (WinDefend) -- C:\Program Files\Windows Defender\mpsvc.dll (Microsoft Corporation)
SRV:64bit: - (AppMgmt) -- C:\Windows\SysNative\appmgmts.dll (Microsoft Corporation)
SRV - (sp_rssrv) -- E:\Spyware Terminator\sp_rsser.exe (Xacti LLC)
SRV - (PnkBstrA) -- C:\Windows\SysWOW64\PnkBstrA.exe ()
SRV - (NAV) -- e:\Norton AntiVirus\Engine\18.1.0.37\ccSvcHst.exe (Symantec Corporation)
SRV - (AVP) -- C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2011\avp.exe (Kaspersky Lab ZAO)
SRV - (Hamachi2Svc) -- E:\LogMeIn Hamachi\hamachi-2.exe (LogMeIn Inc.)
SRV - (Steam Client Service) -- C:\Program Files (x86)\Common Files\Steam\SteamService.exe (Valve Corporation)
SRV - (Stereo Service) -- C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe (NVIDIA Corporation)
SRV - (FLEXnet Licensing Service) -- C:\Program Files (x86)\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe (Acresso Software Inc.)
SRV - (VMware NAT Service) -- C:\Windows\SysWOW64\vmnat.exe (VMware, Inc.)
SRV - (VMAuthdService) -- E:\VMPlayer\vmware-authd.exe (VMware, Inc.)
SRV - (VMnetDHCP) -- C:\Windows\SysWOW64\vmnetdhcp.exe (VMware, Inc.)
SRV - (VMUSBArbService) -- C:\Program Files (x86)\Common Files\VMware\USB\vmware-usbarbitrator.exe (VMware, Inc.)
SRV - (ufad-ws60) -- E:\VMPlayer\vmware-ufad.exe (VMware, Inc.)
SRV - (Nero BackItUp Scheduler 4.0) -- C:\Program Files (x86)\Common Files\Nero\Nero BackItUp 4\NBService.exe (Nero AG)
SRV - (clr_optimization_v2.0.50727_32) -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe (Microsoft Corporation)
 
 
========== Driver Services (SafeList) ==========
 
DRV:64bit: - (SymEvent) -- C:\Windows\SysNative\drivers\SYMEVENT64x86.SYS (Symantec Corporation)
DRV:64bit: - (KLIF) -- C:\Windows\SysNative\drivers\klif.sys (Kaspersky Lab)
DRV:64bit: - (SymEFA) -- C:\Windows\SysNative\drivers\NAVx64\1201000.025\SymEFA64.sys (Symantec Corporation)
DRV:64bit: - (SRTSP) -- C:\Windows\SysNative\drivers\NAVx64\1201000.025\srtsp64.sys (Symantec Corporation)
DRV:64bit: - (SRTSPX) Symantec Real Time Storage Protection (PEL) -- C:\Windows\SysNative\drivers\NAVx64\1201000.025\srtspx64.sys (Symantec Corporation)
DRV:64bit: - (SYMNETS) -- C:\Windows\SysNative\drivers\NAVx64\1201000.025\symnets.sys (Symantec Corporation)
DRV:64bit: - (sp_rsdrv2) -- C:\Windows\SysNative\drivers\stflt.sys (Windows (R) Win 7 DDK provider)
DRV:64bit: - (SymIRON) -- C:\Windows\SysNative\drivers\NAVx64\1201000.025\Ironx64.sys (Symantec Corporation)
DRV:64bit: - (SymDS) -- C:\Windows\SysNative\drivers\NAVx64\1201000.025\SymDS64.sys (Symantec Corporation)
DRV:64bit: - (kl2) -- C:\Windows\SysNative\drivers\kl2.sys (Kaspersky Lab ZAO)
DRV:64bit: - (KL1) -- C:\Windows\SysNative\drivers\kl1.sys (Kaspersky Lab ZAO)
DRV:64bit: - (KLIM6) -- C:\Windows\SysNative\drivers\klim6.sys (Kaspersky Lab ZAO)
DRV:64bit: - (hamachi) -- C:\Windows\SysNative\drivers\hamachi.sys (LogMeIn, Inc.)
DRV:64bit: - (sptd) -- C:\Windows\SysNative\drivers\sptd.sys ()
DRV:64bit: - (klmouflt) -- C:\Windows\SysNative\drivers\klmouflt.sys (Kaspersky Lab)
DRV:64bit: - (vmci) -- C:\Windows\SysNative\drivers\vmci.sys (VMware, Inc.)
DRV:64bit: - (vmkbd) -- C:\Windows\SysNative\drivers\VMkbd.sys (VMware, Inc.)
DRV:64bit: - (vmx86) -- C:\Windows\SysNative\drivers\vmx86.sys (VMware, Inc.)
DRV:64bit: - (VMnetuserif) -- C:\Windows\SysNative\drivers\vmnetuserif.sys (VMware, Inc.)
DRV:64bit: - (hcmon) -- C:\Windows\SysNative\drivers\hcmon.sys (VMware, Inc.)
DRV:64bit: - (VMnetBridge) -- C:\Windows\SysNative\drivers\vmnetbridge.sys (VMware, Inc.)
DRV:64bit: - (VMnetAdapter) -- C:\Windows\SysNative\drivers\vmnetadapter.sys (VMware, Inc.)
DRV:64bit: - (vpcnfltr) -- C:\Windows\SysNative\drivers\vpcnfltr.sys (Microsoft Corporation)
DRV:64bit: - (vpcvmm) -- C:\Windows\SysNative\drivers\vpcvmm.sys (Microsoft Corporation)
DRV:64bit: - (vpcusb) -- C:\Windows\SysNative\drivers\vpcusb.sys (Microsoft Corporation)
DRV:64bit: - (vpcbus) -- C:\Windows\SysNative\drivers\vpchbus.sys (Microsoft Corporation)
DRV:64bit: - (amdsata) -- C:\Windows\SysNative\drivers\amdsata.sys (Advanced Micro Devices)
DRV:64bit: - (amdxata) -- C:\Windows\SysNative\drivers\amdxata.sys (Advanced Micro Devices)
DRV:64bit: - (amdsbs) -- C:\Windows\SysNative\drivers\amdsbs.sys (AMD Technologies Inc.)
DRV:64bit: - (LSI_SAS2) -- C:\Windows\SysNative\drivers\lsi_sas2.sys (LSI Corporation)
DRV:64bit: - (HpSAMD) -- C:\Windows\SysNative\drivers\HpSAMD.sys (Hewlett-Packard Company)
DRV:64bit: - (stexstor) -- C:\Windows\SysNative\drivers\stexstor.sys (Promise Technology)
DRV:64bit: - (61883) -- C:\Windows\SysNative\drivers\61883.sys (Microsoft Corporation)
DRV:64bit: - (Avc) -- C:\Windows\SysNative\drivers\avc.sys (Microsoft Corporation)
DRV:64bit: - (MSDV) -- C:\Windows\SysNative\drivers\msdv.sys (Microsoft Corporation)
DRV:64bit: - (Ntfs) -- C:\Windows\SysNative\wbem\ntfs.mof ()
DRV:64bit: - (netr7364) -- C:\Windows\SysNative\drivers\netr7364.sys (Ralink Technology, Corp.)
DRV:64bit: - (NVENETFD) -- C:\Windows\SysNative\drivers\nvm62x64.sys (NVIDIA Corporation)
DRV:64bit: - (ebdrv) -- C:\Windows\SysNative\drivers\evbda.sys (Broadcom Corporation)
DRV:64bit: - (b06bdrv) -- C:\Windows\SysNative\drivers\bxvbda.sys (Broadcom Corporation)
DRV:64bit: - (b57nd60a) -- C:\Windows\SysNative\drivers\b57nd60a.sys (Broadcom Corporation)
DRV:64bit: - (hcw85cir) -- C:\Windows\SysNative\drivers\hcw85cir.sys (Hauppauge Computer Works, Inc.)
DRV:64bit: - (PxHlpa64) -- C:\Windows\SysNative\drivers\PxHlpa64.sys (Sonic Solutions)
DRV:64bit: - (hotcore3) -- C:\Windows\SysNative\drivers\hotcore3.sys (Paragon Software Group)
DRV:64bit: - (hxctlflt) -- C:\Windows\SysNative\drivers\hxctlflt.sys (Guillemot Corporation)
DRV:64bit: - (PAC7302) -- C:\Windows\SysNative\drivers\PAC7302.SYS (PixArt Imaging Inc.)
DRV:64bit: - (s125mgmt) Sony Ericsson Device 125 USB WMC Device Management Drivers (WDM) -- C:\Windows\SysNative\drivers\s125mgmt.sys (MCCI Corporation)
DRV:64bit: - (s125bus) Sony Ericsson Device 125 driver (WDM) -- C:\Windows\SysNative\drivers\s125bus.sys (MCCI Corporation)
DRV:64bit: - (Razerlow) -- C:\Windows\SysNative\drivers\Razerlow.sys (Razer (Asia-Pacific) Pte Ltd)
DRV:64bit: - (MTsensor) -- C:\Windows\SysNative\drivers\ASACPI.sys ()
DRV - (NAVEX15) -- C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NAV_18.1.0.37\Definitions\VirusDefs\20100813.009\EX64.SYS (Symantec Corporation)
DRV - (eeCtrl) -- C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\eeCtrl64.sys (Symantec Corporation)
DRV - (NAVENG) -- C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NAV_18.1.0.37\Definitions\VirusDefs\20100813.009\ENG64.SYS (Symantec Corporation)
DRV - (BHDrvx64) -- C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NAV_18.1.0.37\Definitions\BASHDefs\20100810.004\BHDrvx64.sys (Symantec Corporation)
DRV - (IDSVia64) -- C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NAV_18.1.0.37\Definitions\IPSDefs\20100706.002\IDSVia64.sys (Symantec Corporation)
DRV - (vstor2-ws60) -- E:\VMPlayer\vstor2-ws60.sys (VMware, Inc.)
DRV - (adfs) -- C:\Windows\SysWow64\drivers\adfs.sys (Adobe Systems, Inc.)
DRV - (ISODrive) -- C:\Program Files (x86)\UltraISO\drivers\ISODrv64.sys (EZB Systems, Inc.)
 
 
========== Standard Registry (SafeList) ==========
 
 
========== Internet Explorer ==========
 
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
 
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = hxxp://de.msn.com/?ocid=iehp
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = de
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 10 A9 22 0F 41 70 CB 01  [binary data]
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
========== FireFox ==========
 
FF - prefs.js..browser.startup.homepage: "hxxp://www.google.de/"
FF - prefs.js..extensions.enabledItems: {d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}:1.2.2
FF - prefs.js..extensions.enabledItems: firebug@software.joehewitt.com:1.5.4
FF - prefs.js..extensions.enabledItems: {3b56bcc7-54e5-44a2-9b44-66c3ef58c13e}:0.8.6.1
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}:6.0.20
FF - prefs.js..extensions.enabledItems: {f13b157f-b174-47e7-a34d-4815ddfdfeb8}:0.9.88.1
FF - prefs.js..extensions.enabledItems: {c45c406e-ab73-11d8-be73-000a95be3b12}:1.1.8
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA}:6.0.21
FF - prefs.js..extensions.enabledItems: foxgame2@foxgame.org:2.0 Beta
FF - prefs.js..extensions.enabledItems: KavAntiBanner@Kaspersky.ru:11.0.0.232
FF - prefs.js..extensions.enabledItems: linkfilter@kaspersky.ru:11.0.0.232
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}:6.0.22
 
FF - HKLM\software\mozilla\Firefox\Extensions\\{BBDA0591-3099-440a-AA10-41764D9DB4DB}: C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NAV_18.1.0.37\IPSFFPlgn\ [2010.10.20 19:07:57 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.6.11\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2010.10.20 18:09:20 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.6.11\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins [2010.10.20 18:09:20 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Thunderbird\Extensions\\{eea12ec4-729d-4703-bc37-106ce9879ce2}: C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2011\THBExt [2010.10.17 03:52:33 | 000,000,000 | ---D | M]
 
[2009.12.25 01:50:25 | 000,000,000 | ---D | M] -- C:\Users\IMM0rtalis\AppData\Roaming\mozilla\Extensions
[2010.10.20 11:35:02 | 000,000,000 | ---D | M] -- C:\Users\IMM0rtalis\AppData\Roaming\mozilla\Firefox\Profiles\jqbj77gh.default\extensions
[2010.01.31 23:34:31 | 000,000,000 | ---D | M] (Html Validator) -- C:\Users\IMM0rtalis\AppData\Roaming\mozilla\Firefox\Profiles\jqbj77gh.default\extensions\{3b56bcc7-54e5-44a2-9b44-66c3ef58c13e}
[2010.01.31 23:34:27 | 000,000,000 | ---D | M] (Web Developer) -- C:\Users\IMM0rtalis\AppData\Roaming\mozilla\Firefox\Profiles\jqbj77gh.default\extensions\{c45c406e-ab73-11d8-be73-000a95be3b12}
[2010.08.22 11:30:34 | 000,000,000 | ---D | M] (Adblock Plus) -- C:\Users\IMM0rtalis\AppData\Roaming\mozilla\Firefox\Profiles\jqbj77gh.default\extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}
[2010.08.23 11:08:27 | 000,000,000 | ---D | M] (JavaScript Debugger) -- C:\Users\IMM0rtalis\AppData\Roaming\mozilla\Firefox\Profiles\jqbj77gh.default\extensions\{f13b157f-b174-47e7-a34d-4815ddfdfeb8}
[2010.05.07 06:28:04 | 000,000,000 | ---D | M] -- C:\Users\IMM0rtalis\AppData\Roaming\mozilla\Firefox\Profiles\jqbj77gh.default\extensions\firebug@software.joehewitt.com
[2010.10.12 21:39:25 | 000,000,000 | ---D | M] -- C:\Users\IMM0rtalis\AppData\Roaming\mozilla\Firefox\Profiles\jqbj77gh.default\extensions\foxgame2@foxgame.org
[2009.12.26 18:59:19 | 000,000,000 | ---D | M] -- C:\Users\IMM0rtalis\AppData\Roaming\mozilla\Firefox\Profiles\jqbj77gh.default\extensions\RaNaN@ogeneral.de
[2010.10.20 11:35:02 | 000,000,000 | ---D | M] -- C:\Program Files (x86)\mozilla firefox\extensions
[2010.05.05 06:35:18 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files (x86)\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}
[2010.08.22 13:17:56 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files (x86)\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA}
[2010.10.16 15:21:49 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files (x86)\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}
[2010.10.17 03:53:18 | 000,000,000 | ---D | M] -- C:\Program Files (x86)\mozilla firefox\extensions\KavAntiBanner@Kaspersky.ru
[2010.10.17 03:53:18 | 000,000,000 | ---D | M] -- C:\Program Files (x86)\mozilla firefox\extensions\linkfilter@kaspersky.ru
[2010.09.15 04:50:38 | 000,472,808 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files (x86)\mozilla firefox\plugins\npdeployJava1.dll
[2009.12.21 07:47:02 | 000,063,488 | ---- | M] (Nullsoft) -- C:\Program Files (x86)\mozilla firefox\plugins\npwachk.dll
[2010.07.19 08:52:14 | 000,001,392 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\amazondotcom-de.xml
[2010.07.19 08:52:14 | 000,002,344 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\eBay-de.xml
[2010.07.19 08:52:14 | 000,006,805 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\leo_ende_de.xml
[2010.07.19 08:52:14 | 000,001,178 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\wikipedia-de.xml
[2010.07.19 08:52:15 | 000,001,105 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\yahoo-de.xml
 
O1 HOSTS File: ([2009.12.28 16:27:22 | 000,000,857 | ---- | M]) - C:\Windows\SysNative\drivers\etc\hosts
O1 - Hosts: 127.0.0.1				activate.adobe.com
O2:64bit: - BHO: (IEVkbdBHO Class) - {59273AB4-E7D3-40F9-A1A8-6FA9CCA1862C} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2011\x64\ievkbd.dll (Kaspersky Lab ZAO)
O2:64bit: - BHO: (FilterBHO Class) - {E33CF602-D945-461A-83F0-819F76A199F8} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2011\x64\klwtbbho.dll (Kaspersky Lab ZAO)
O2 - BHO: (IEVkbdBHO Class) - {59273AB4-E7D3-40F9-A1A8-6FA9CCA1862C} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2011\ievkbd.dll (Kaspersky Lab ZAO)
O2 - BHO: (Symantec Intrusion Prevention) - {6D53EC84-6AAE-4787-AEEE-F4628F01010C} - e:\Norton AntiVirus\Engine\18.1.0.37\IPSBHO.dll (Symantec Corporation)
O2 - BHO: (FilterBHO Class) - {E33CF602-D945-461A-83F0-819F76A199F8} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2011\klwtbbho.dll (Kaspersky Lab ZAO)
O4 - HKLM..\Run: [AVP] C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2011\avp.exe (Kaspersky Lab ZAO)
O4 - HKCU..\Run: [Sidebar] C:\Program Files (x86)\Windows Sidebar\sidebar.exe (Microsoft Corporation)
O4 - HKCU..\Run: [SpywareTerminatorUpdate] E:\Spyware Terminator\SpywareTerminatorUpdate.exe (Crawler.com)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktopChanges = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 255
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableLUA = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: PromptOnSecureDesktop = 0
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O8:64bit: - Extra context menu item: Hinzufügen zu Anti-Banner - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2011\ie_banner_deny.htm ()
O8 - Extra context menu item: Hinzufügen zu Anti-Banner - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2011\ie_banner_deny.htm ()
O9:64bit: - Extra Button: &Virtuelle Tastatur - {4248FE82-7FCB-46AC-B270-339F08212110} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2011\x64\klwtbbho.dll (Kaspersky Lab ZAO)
O9:64bit: - Extra Button: Li&nks untersuchen - {CCF151D8-D089-449F-A5A4-D9909053F20F} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2011\x64\klwtbbho.dll (Kaspersky Lab ZAO)
O9 - Extra Button: An OneNote senden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~2\MICROS~2\Office12\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : An OneNote s&enden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~2\MICROS~2\Office12\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra Button: &Virtuelle Tastatur - {4248FE82-7FCB-46AC-B270-339F08212110} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2011\klwtbbho.dll (Kaspersky Lab ZAO)
O9 - Extra Button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~2\MICROS~2\Office12\REFIEBAR.DLL (Microsoft Corporation)
O9 - Extra Button: Li&nks untersuchen - {CCF151D8-D089-449F-A5A4-D9909053F20F} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2011\klwtbbho.dll (Kaspersky Lab ZAO)
O10:64bit: - Protocol_Catalog9\Catalog_Entries\000000000011 - E:\VMPlayer\vsocklib.dll (VMware, Inc.)
O10:64bit: - Protocol_Catalog9\Catalog_Entries\000000000012 - E:\VMPlayer\vsocklib.dll (VMware, Inc.)
O10 - Protocol_Catalog9\Catalog_Entries\000000000011 - E:\VMPlayer\vsocklib.dll (VMware, Inc.)
O10 - Protocol_Catalog9\Catalog_Entries\000000000012 - E:\VMPlayer\vsocklib.dll (VMware, Inc.)
O13 - gopher Prefix: missing
O13 - gopher Prefix: missing
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab (Java Plug-in 1.6.0_22)
O16 - DPF: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab (Java Plug-in 1.6.0_22)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab (Java Plug-in 1.6.0_22)
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab (Reg Error: Key error.)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.178.1
O18:64bit: - Protocol\Handler\grooveLocalGWS {88FED34C-F0CA-4636-A375-3CB6248B04CD} - Reg Error: Key error. File not found
O18:64bit: - Protocol\Handler\livecall {828030A1-22C1-4009-854F-8E305202313F} - Reg Error: Key error. File not found
O18:64bit: - Protocol\Handler\ms-help {314111c7-a502-11d2-bbca-00c04f8ec294} - Reg Error: Key error. File not found
O18:64bit: - Protocol\Handler\msnim {828030A1-22C1-4009-854F-8E305202313F} - Reg Error: Key error. File not found
O18:64bit: - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - Reg Error: Key error. File not found
O18 - Protocol\Handler\livecall {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~2\WIC4A1~1\MESSEN~1\MSGRAP~1.DLL (Microsoft Corporation)
O18 - Protocol\Handler\msnim {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~2\WIC4A1~1\MESSEN~1\MSGRAP~1.DLL (Microsoft Corporation)
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~2\COMMON~1\Skype\SKYPE4~1.DLL (Skype Technologies)
O18:64bit: - Protocol\Filter\text/xml {807563E5-5146-11D5-A672-00B0D022E945} - C:\PROGRA~1\COMMON~1\MICROS~1\OFFICE12\MSOXMLMF.DLL (Microsoft Corporation)
O18 - Protocol\Filter\text/xml {807563E5-5146-11D5-A672-00B0D022E945} - C:\PROGRA~2\COMMON~1\MICROS~1\OFFICE12\MSOXMLMF.DLL (Microsoft Corporation)
O20:64bit: - AppInit_DLLs: (C:\PROGRA~2\KASPER~1\KASPER~1\x64\kloehk.dll) - C:\PROGRA~2\KASPER~1\KASPER~1\x64\kloehk.dll (Kaspersky Lab ZAO)
O20:64bit: - AppInit_DLLs: (C:\PROGRA~2\KASPER~1\KASPER~1\x64\sbhook64.dll) - C:\PROGRA~2\KASPER~1\KASPER~1\x64\sbhook64.dll (Kaspersky Lab ZAO)
O20 - AppInit_DLLs: (C:\PROGRA~2\KASPER~1\KASPER~1\mzvkbd3.dll) - C:\PROGRA~2\KASPER~1\KASPER~1\mzvkbd3.dll (Kaspersky Lab ZAO)
O20 - AppInit_DLLs: (C:\PROGRA~2\KASPER~1\KASPER~1\sbhook.dll) - C:\PROGRA~2\KASPER~1\KASPER~1\sbhook.dll (Kaspersky Lab ZAO)
O20:64bit: - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\Windows\SysNative\SystemPropertiesPerformance.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: VMApplet - (/pagefile) -  File not found
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (/pagefile) -  File not found
O20:64bit: - Winlogon\Notify\klogon: DllName - Reg Error: Key error. - C:\Windows\SysNative\klogon.dll (Kaspersky Lab ZAO)
O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - CLSID or File not found.
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - CLSID or File not found.
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2010.06.26 20:47:52 | 000,000,000 | ---D | M] - E:\Autodesk Network License Manager -- [ NTFS ]
O32 - AutoRun File - [2009.01.24 16:02:13 | 000,000,000 | ---- | M] () - Z:\AUTOEXEC.BAT -- [ NTFS ]
O34 - HKLM BootExecute: (autocheck autochk *) -  File not found
O35:64bit: - HKLM\..comfile [open] -- "%1" %*
O35:64bit: - HKLM\..exefile [open] -- "%1" %*
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %*
O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
 
========== Files/Folders - Created Within 30 Days ==========
 
[2010.10.20 19:11:54 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Symantec Shared
[2010.10.20 19:07:41 | 000,174,640 | ---- | C] (Symantec Corporation) -- C:\Windows\SysNative\drivers\SYMEVENT64x86.SYS
[2010.10.20 19:07:41 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Symantec Shared
[2010.10.20 19:07:41 | 000,000,000 | ---D | C] -- C:\Program Files\Symantec
[2010.10.20 19:07:25 | 000,821,808 | R--- | C] (Symantec Corporation) -- C:\Windows\SysNative\drivers\NAVx64\1201000.025\SymEFA64.sys
[2010.10.20 19:07:25 | 000,715,824 | R--- | C] (Symantec Corporation) -- C:\Windows\SysNative\drivers\NAVx64\1201000.025\srtsp64.sys
[2010.10.20 19:07:25 | 000,450,096 | R--- | C] (Symantec Corporation) -- C:\Windows\SysNative\drivers\NAVx64\1201000.025\SymDS64.sys
[2010.10.20 19:07:25 | 000,381,488 | R--- | C] (Symantec Corporation) -- C:\Windows\SysNative\drivers\NAVx64\1201000.025\symnets.sys
[2010.10.20 19:07:25 | 000,168,496 | R--- | C] (Symantec Corporation) -- C:\Windows\SysNative\drivers\NAVx64\1201000.025\Ironx64.sys
[2010.10.20 19:07:25 | 000,040,496 | R--- | C] (Symantec Corporation) -- C:\Windows\SysNative\drivers\NAVx64\1201000.025\srtspx64.sys
[2010.10.20 19:07:12 | 000,000,000 | ---D | C] -- C:\Windows\SysNative\drivers\NAVx64
[2010.10.20 19:07:12 | 000,000,000 | ---D | C] -- C:\Windows\SysNative\drivers\NAVx64\1201000.025
[2010.10.20 19:06:33 | 000,000,000 | ---D | C] -- C:\ProgramData\Norton
[2010.10.20 18:51:34 | 000,000,000 | ---D | C] -- C:\ProgramData\NortonInstaller
[2010.10.20 18:51:34 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\NortonInstaller
[2010.10.20 18:47:53 | 103,702,528 | ---- | C] (Symantec Corporation) -- C:\Users\IMM0rtalis\Desktop\NAV_18.1.0.37_SYMTB_TMD-1ON1_LOEM_MRFTT_181_5417ST.exe
[2010.10.20 18:41:49 | 000,000,000 | ---D | C] -- C:\Users\IMM0rtalis\Pavark
[2010.10.20 18:28:21 | 000,000,000 | ---D | C] -- C:\Users\IMM0rtalis\AppData\Roaming\Spyware Terminator
[2010.10.20 18:28:02 | 000,000,000 | ---D | C] -- C:\ProgramData\Spyware Terminator
[2010.10.17 03:52:22 | 000,000,000 | ---D | C] -- C:\ProgramData\Kaspersky Lab
[2010.10.17 03:52:22 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Kaspersky Lab
[2010.10.17 03:52:15 | 000,560,216 | ---- | C] (Kaspersky Lab) -- C:\Windows\SysNative\drivers\klif.sys
[2010.10.17 03:47:17 | 000,000,000 | ---D | C] -- C:\ProgramData\Kaspersky Lab Setup Files
[2010.10.16 15:21:47 | 000,153,376 | ---- | C] (Sun Microsystems, Inc.) -- C:\Windows\SysWow64\javaws.exe
[2010.10.16 15:21:47 | 000,145,184 | ---- | C] (Sun Microsystems, Inc.) -- C:\Windows\SysWow64\javaw.exe
[2010.10.16 15:21:47 | 000,145,184 | ---- | C] (Sun Microsystems, Inc.) -- C:\Windows\SysWow64\java.exe
[2010.10.16 00:31:51 | 000,000,000 | ---D | C] -- C:\ProgramData\Spybot - Search & Destroy
[2010.10.15 22:22:41 | 000,000,000 | ---D | C] -- C:\Users\IMM0rtalis\Documents\StarCraft II
[2010.10.15 22:22:41 | 000,000,000 | ---D | C] -- C:\ProgramData\Blizzard Entertainment
[2010.10.15 22:22:41 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Blizzard Entertainment
[2010.10.15 02:25:19 | 000,000,000 | ---D | C] -- C:\Users\IMM0rtalis\Documents\TADS
[2010.10.03 23:02:25 | 000,000,000 | ---D | C] -- C:\Users\IMM0rtalis\AppData\Roaming\MyPhoneExplorer
[2010.09.30 17:30:24 | 000,000,000 | ---D | C] -- C:\ProgramData\Codemasters
[2010.09.30 17:23:58 | 017,686,528 | ---- | C] (Intel Corporation / Blue Ripple Sound Limited) -- C:\Windows\SysWow64\mkl_blueripple.dll
[2010.09.30 17:23:56 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\BRS
[2010.09.30 17:23:55 | 000,466,520 | ---- | C] (Creative Labs) -- C:\Windows\SysNative\wrap_oal.dll
[2010.09.30 17:23:55 | 000,445,016 | ---- | C] (Creative Labs) -- C:\Windows\SysWow64\wrap_oal.dll
[2010.09.30 17:23:55 | 000,122,968 | ---- | C] (Portions (C) Creative Labs Inc. and NVIDIA Corp.) -- C:\Windows\SysNative\OpenAL32.dll
[2010.09.30 17:23:55 | 000,109,144 | ---- | C] (Portions (C) Creative Labs Inc. and NVIDIA Corp.) -- C:\Windows\SysWow64\OpenAL32.dll
[2010.09.30 17:23:55 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\OpenAL
[2010.09.29 21:36:48 | 000,000,000 | ---D | C] -- C:\Users\IMM0rtalis\AppData\Roaming\Thinstall
[2010.09.29 17:12:59 | 000,000,000 | --SD | C] -- C:\Users\IMM0rtalis\Documents\Meine Shapes
[2 C:\Windows\SysWow64\*.tmp files -> C:\Windows\SysWow64\*.tmp -> ]
 
========== Files - Modified Within 30 Days ==========
 
[2010.10.20 19:08:08 | 001,458,328 | ---- | M] () -- C:\Windows\SysNative\drivers\NAVx64\1201000.025\Cat.DB
[2010.10.20 19:07:41 | 000,174,640 | ---- | M] (Symantec Corporation) -- C:\Windows\SysNative\drivers\SYMEVENT64x86.SYS
[2010.10.20 19:07:41 | 000,007,440 | ---- | M] () -- C:\Windows\SysNative\drivers\SYMEVENT64x86.CAT
[2010.10.20 19:07:41 | 000,000,854 | ---- | M] () -- C:\Windows\SysNative\drivers\SYMEVENT64x86.INF
[2010.10.20 19:07:29 | 000,001,093 | ---- | M] () -- C:\Users\Public\Desktop\Norton AntiVirus.lnk
[2010.10.20 18:51:28 | 103,702,528 | ---- | M] (Symantec Corporation) -- C:\Users\IMM0rtalis\Desktop\NAV_18.1.0.37_SYMTB_TMD-1ON1_LOEM_MRFTT_181_5417ST.exe
[2010.10.20 18:43:09 | 000,284,610 | ---- | M] () -- C:\Users\IMM0rtalis\Desktop\gmer1.0.15.15279.zip
[2010.10.20 18:11:13 | 001,480,120 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI
[2010.10.20 18:11:13 | 000,645,744 | ---- | M] () -- C:\Windows\SysNative\perfh007.dat
[2010.10.20 18:11:13 | 000,610,214 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat
[2010.10.20 18:11:13 | 000,127,648 | ---- | M] () -- C:\Windows\SysNative\perfc007.dat
[2010.10.20 18:11:13 | 000,105,118 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat
[2010.10.20 18:09:39 | 000,014,192 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2010.10.20 18:09:39 | 000,014,192 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2010.10.20 18:04:33 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2010.10.20 18:04:28 | 1609,416,704 | -HS- | M] () -- C:\hiberfil.sys
[2010.10.17 04:16:12 | 000,149,773 | ---- | M] () -- C:\Windows\SysNative\drivers\klin.dat
[2010.10.17 04:16:12 | 000,106,765 | ---- | M] () -- C:\Windows\SysNative\drivers\klick.dat
[2010.10.17 03:52:15 | 000,560,216 | ---- | M] (Kaspersky Lab) -- C:\Windows\SysNative\drivers\klif.sys
[2010.10.15 02:24:48 | 000,065,536 | ---- | M] () -- C:\Windows\TADSUINS.EXE
[2010.10.10 15:52:00 | 000,001,553 | ---- | M] () -- C:\Users\IMM0rtalis\Desktop\polygontest5.wrl
[2010.10.10 13:14:19 | 000,000,790 | ---- | M] () -- C:\Users\IMM0rtalis\Desktop\polygontest4.wrl
[2010.10.07 17:14:59 | 000,233,960 | ---- | M] () -- C:\Windows\SysWow64\PnkBstrB.xtr
[2010.10.07 17:14:59 | 000,233,960 | ---- | M] () -- C:\Windows\SysWow64\PnkBstrB.exe
[2010.10.05 21:49:37 | 000,096,768 | ---- | M] () -- C:\Users\IMM0rtalis\Desktop\gesamtquali10.xls
[2010.09.30 22:43:58 | 000,063,488 | ---- | M] () -- C:\Users\IMM0rtalis\Desktop\Dok2.doc
[2010.09.30 17:23:55 | 000,466,520 | ---- | M] (Creative Labs) -- C:\Windows\SysNative\wrap_oal.dll
[2010.09.30 17:23:55 | 000,445,016 | ---- | M] (Creative Labs) -- C:\Windows\SysWow64\wrap_oal.dll
[2010.09.30 17:23:55 | 000,122,968 | ---- | M] (Portions (C) Creative Labs Inc. and NVIDIA Corp.) -- C:\Windows\SysNative\OpenAL32.dll
[2010.09.30 17:23:55 | 000,109,144 | ---- | M] (Portions (C) Creative Labs Inc. and NVIDIA Corp.) -- C:\Windows\SysWow64\OpenAL32.dll
[2010.09.30 17:15:23 | 000,000,070 | ---- | M] () -- C:\Windows\SIERRA.INI
[2010.09.29 21:07:52 | 000,000,029 | ---- | M] () -- C:\Windows\UML.INI
[2010.09.29 16:59:07 | 000,000,162 | ---- | M] () -- C:\Windows\ODBC.INI
[2010.09.23 17:12:01 | 000,075,064 | ---- | M] () -- C:\Windows\SysWow64\PnkBstrA.exe
[2010.09.23 16:24:40 | 000,000,300 | ---- | M] () -- C:\Windows\game.ini
[2010.09.22 18:51:56 | 000,000,023 | ---- | M] () -- C:\Windows\BlendSettings.ini
[2 C:\Windows\SysWow64\*.tmp files -> C:\Windows\SysWow64\*.tmp -> ]
 
========== Files Created - No Company Name ==========
 
[2010.10.20 19:07:46 | 001,458,328 | ---- | C] () -- C:\Windows\SysNative\drivers\NAVx64\1201000.025\Cat.DB
[2010.10.20 19:07:42 | 000,007,440 | ---- | C] () -- C:\Windows\SysNative\drivers\SYMEVENT64x86.CAT
[2010.10.20 19:07:42 | 000,000,854 | ---- | C] () -- C:\Windows\SysNative\drivers\SYMEVENT64x86.INF
[2010.10.20 19:07:29 | 000,001,093 | ---- | C] () -- C:\Users\Public\Desktop\Norton AntiVirus.lnk
[2010.10.20 19:07:19 | 000,003,373 | R--- | C] () -- C:\Windows\SysNative\drivers\NAVx64\1201000.025\SymEFA.inf
[2010.10.20 19:07:19 | 000,002,792 | R--- | C] () -- C:\Windows\SysNative\drivers\NAVx64\1201000.025\SymDS.inf
[2010.10.20 19:07:19 | 000,001,445 | R--- | C] () -- C:\Windows\SysNative\drivers\NAVx64\1201000.025\SymNet.inf
[2010.10.20 19:07:19 | 000,001,438 | R--- | C] () -- C:\Windows\SysNative\drivers\NAVx64\1201000.025\srtsp64.inf
[2010.10.20 19:07:19 | 000,001,422 | R--- | C] () -- C:\Windows\SysNative\drivers\NAVx64\1201000.025\srtspx64.inf
[2010.10.20 19:07:19 | 000,000,771 | R--- | C] () -- C:\Windows\SysNative\drivers\NAVx64\1201000.025\Iron.inf
[2010.10.20 19:07:12 | 000,007,414 | R--- | C] () -- C:\Windows\SysNative\drivers\NAVx64\1201000.025\srtspx64.cat
[2010.10.20 19:07:12 | 000,007,412 | R--- | C] () -- C:\Windows\SysNative\drivers\NAVx64\1201000.025\SymEFA64.cat
[2010.10.20 19:07:12 | 000,007,410 | R--- | C] () -- C:\Windows\SysNative\drivers\NAVx64\1201000.025\symnet64.cat
[2010.10.20 19:07:12 | 000,007,410 | R--- | C] () -- C:\Windows\SysNative\drivers\NAVx64\1201000.025\srtsp64.cat
[2010.10.20 19:07:12 | 000,007,406 | R--- | C] () -- C:\Windows\SysNative\drivers\NAVx64\1201000.025\SymDS64.cat
[2010.10.20 19:07:12 | 000,007,402 | R--- | C] () -- C:\Windows\SysNative\drivers\NAVx64\1201000.025\iron.cat
[2010.10.20 19:07:12 | 000,000,172 | ---- | C] () -- C:\Windows\SysNative\drivers\NAVx64\1201000.025\isolate.ini
[2010.10.20 18:43:08 | 000,284,610 | ---- | C] () -- C:\Users\IMM0rtalis\Desktop\gmer1.0.15.15279.zip
[2010.10.17 03:53:05 | 000,149,773 | ---- | C] () -- C:\Windows\SysNative\drivers\klin.dat
[2010.10.17 03:53:05 | 000,106,765 | ---- | C] () -- C:\Windows\SysNative\drivers\klick.dat
[2010.10.15 02:25:20 | 000,065,536 | ---- | C] () -- C:\Windows\TADSUINS.EXE
[2010.10.10 15:52:00 | 000,001,553 | ---- | C] () -- C:\Users\IMM0rtalis\Desktop\polygontest5.wrl
[2010.10.10 13:12:11 | 000,000,790 | ---- | C] () -- C:\Users\IMM0rtalis\Desktop\polygontest4.wrl
[2010.09.30 22:45:30 | 000,063,488 | ---- | C] () -- C:\Users\IMM0rtalis\Desktop\Dok2.doc
[2010.09.29 21:07:52 | 000,000,029 | ---- | C] () -- C:\Windows\UML.INI
[2010.09.29 16:59:07 | 000,000,162 | ---- | C] () -- C:\Windows\ODBC.INI
[2010.07.01 22:40:22 | 000,000,039 | ---- | C] () -- C:\Windows\Irremote.ini
[2010.04.11 19:25:01 | 000,000,023 | ---- | C] () -- C:\Windows\BlendSettings.ini
[2010.02.28 00:58:52 | 000,000,226 | ---- | C] () -- C:\Windows\ACTIVEJP.INI
[2010.02.26 21:22:52 | 000,000,300 | ---- | C] () -- C:\Windows\game.ini
[2010.02.09 02:05:24 | 000,000,193 | ---- | C] () -- C:\Windows\WORDPAD.INI
[2010.02.08 16:50:04 | 001,500,394 | ---- | C] () -- C:\Windows\SysWow64\PerfStringBackup.INI
[2010.02.04 19:20:28 | 000,001,025 | ---- | C] () -- C:\Windows\SysWow64\sysprs7.dll
[2010.02.04 19:20:28 | 000,001,025 | ---- | C] () -- C:\Windows\SysWow64\clauth2.dll
[2010.02.04 19:20:28 | 000,001,025 | ---- | C] () -- C:\Windows\SysWow64\clauth1.dll
[2010.02.04 19:20:28 | 000,000,205 | ---- | C] () -- C:\Windows\SysWow64\lsprst7.dll
[2010.02.04 19:20:28 | 000,000,073 | ---- | C] () -- C:\Windows\SysWow64\ssprs.dll
[2010.02.04 19:20:28 | 000,000,021 | ---- | C] () -- C:\Windows\SurCode.INI
[2010.01.01 23:30:38 | 000,000,070 | ---- | C] () -- C:\Windows\SIERRA.INI
[2009.12.27 01:45:25 | 000,000,566 | ---- | C] () -- C:\Windows\SysWow64\SP7302.INI
[2009.12.26 15:55:10 | 000,007,605 | ---- | C] () -- C:\Users\IMM0rtalis\AppData\Local\Resmon.ResmonCfg
[2009.11.06 11:58:04 | 000,178,975 | ---- | C] () -- C:\Windows\SysWow64\xlive.dll.cat
[2009.07.14 01:42:10 | 000,064,000 | ---- | C] () -- C:\Windows\SysWow64\BWContextHandler.dll
[2009.07.13 23:03:59 | 000,364,544 | ---- | C] () -- C:\Windows\SysWow64\msjetoledb40.dll
[2002.08.23 10:00:00 | 000,375,296 | ---- | C] () -- C:\Windows\SysWow64\WSIHK32.DLL
[2002.08.23 10:00:00 | 000,132,096 | ---- | C] () -- C:\Windows\SysWow64\WSIWIN32.DLL
 
========== LOP Check ==========
 
[2010.06.26 19:56:08 | 000,000,000 | ---D | M] -- C:\Users\IMM0rtalis\AppData\Roaming\Autodesk
[2009.12.27 19:06:50 | 000,000,000 | ---D | M] -- C:\Users\IMM0rtalis\AppData\Roaming\DAEMON Tools Lite
[2010.05.06 17:51:55 | 000,000,000 | ---D | M] -- C:\Users\IMM0rtalis\AppData\Roaming\Miranda Fusion
[2010.10.03 23:10:19 | 000,000,000 | ---D | M] -- C:\Users\IMM0rtalis\AppData\Roaming\MyPhoneExplorer
[2010.03.04 00:49:51 | 000,000,000 | ---D | M] -- C:\Users\IMM0rtalis\AppData\Roaming\Opera
[2010.10.20 18:32:35 | 000,000,000 | ---D | M] -- C:\Users\IMM0rtalis\AppData\Roaming\Spyware Terminator
[2009.12.28 17:01:06 | 000,000,000 | ---D | M] -- C:\Users\IMM0rtalis\AppData\Roaming\Subversion
[2010.03.04 00:52:54 | 000,000,000 | ---D | M] -- C:\Users\IMM0rtalis\AppData\Roaming\TeamViewer
[2010.09.04 09:23:39 | 000,000,000 | ---D | M] -- C:\Users\IMM0rtalis\AppData\Roaming\temp
[2010.09.29 21:36:48 | 000,000,000 | ---D | M] -- C:\Users\IMM0rtalis\AppData\Roaming\Thinstall
[2010.10.16 00:11:20 | 000,032,620 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT
 
========== Purity Check ==========
 
 

< End of report >
         
Extras.txt
Code:
ATTFilter
OTL Extras logfile created on: 20.10.2010 20:06:38 - Run 1
OTL by OldTimer - Version 3.2.16.0     Folder = C:\Users\IMM0rtalis\Downloads
64bit- Ultimate Edition  (Version = 6.1.7600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.7600.16385)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
 
2,00 Gb Total Physical Memory | 0,00 Gb Available Physical Memory | 18,00% Memory free
4,00 Gb Paging File | 2,00 Gb Available in Paging File | 41,00% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 24,90 Gb Total Space | 0,02 Gb Free Space | 0,08% Space Free | Partition Type: NTFS
Drive E: | 25,00 Gb Total Space | 14,10 Gb Free Space | 56,38% Space Free | Partition Type: NTFS
Drive M: | 100,01 Gb Total Space | 19,98 Gb Free Space | 19,97% Space Free | Partition Type: NTFS
Drive P: | 10,00 Gb Total Space | 8,02 Gb Free Space | 80,18% Space Free | Partition Type: NTFS
Drive Q: | 50,01 Gb Total Space | 21,85 Gb Free Space | 43,69% Space Free | Partition Type: NTFS
Drive S: | 80,01 Gb Total Space | 23,62 Gb Free Space | 29,53% Space Free | Partition Type: NTFS
Drive V: | 616,49 Gb Total Space | 3,90 Gb Free Space | 0,63% Space Free | Partition Type: NTFS
Drive W: | 232,89 Gb Total Space | 37,31 Gb Free Space | 16,02% Space Free | Partition Type: NTFS
Drive X: | 130,00 Gb Total Space | 36,32 Gb Free Space | 27,94% Space Free | Partition Type: NTFS
Drive Y: | 320,75 Gb Total Space | 232,09 Gb Free Space | 72,36% Space Free | Partition Type: NTFS
Drive Z: | 40,00 Gb Total Space | 29,59 Gb Free Space | 73,97% Space Free | Partition Type: NTFS
 
Computer Name: BGSTYLE | User Name: IMM0rtalis | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Include 64bit Scans
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
 
========== Extra Registry (SafeList) ==========
 
 
========== File Associations ==========
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.url[@ = InternetShortcut] -- C:\Windows\System32\ieframe.DLL (Microsoft Corporation)
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- C:\Windows\SysWow64\control.exe (Microsoft Corporation)
.url [@ = InternetShortcut] -- C:\Windows\System32\ieframe.DLL (Microsoft Corporation)
 
[HKEY_CURRENT_USER\SOFTWARE\Classes\<extension>]
.html [@ = FirefoxHTML] -- C:\Program Files (x86)\Mozilla Firefox\firefox.exe (Mozilla Corporation)
 
========== Shell Spawning ==========
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %* File not found
cmdfile [open] -- "%1" %* File not found
comfile [open] -- "%1" %* File not found
exefile [open] -- "%1" %* File not found
helpfile [open] -- Reg Error: Key error.
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
InternetShortcut [open] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\ieframe.dll",OpenURL %l (Microsoft Corporation)
InternetShortcut [print] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\mshtml.dll",PrintHTML "%1" (Microsoft Corporation)
piffile [open] -- "%1" %* File not found
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1" File not found
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l (Microsoft Corporation)
scrfile [open] -- "%1" /S File not found
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1 File not found
Directory [AddToPlaylistVLC] -- "E:\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" ()
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [OneNote.Open] -- C:\PROGRA~2\MICROS~2\Office12\ONENOTE.EXE "%L" File not found
Directory [PlayWithVLC] -- "E:\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" ()
Directory [Winamp.Bookmark] -- "E:\Winamp\winamp.exe" /BOOKMARK "%1" (Nullsoft)
Directory [Winamp.Enqueue] -- "E:\Winamp\winamp.exe" /ADD "%1" (Nullsoft)
Directory [Winamp.Play] -- "E:\Winamp\winamp.exe" "%1" (Nullsoft)
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
InternetShortcut [open] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\ieframe.dll",OpenURL %l (Microsoft Corporation)
InternetShortcut [print] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\mshtml.dll",PrintHTML "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l (Microsoft Corporation)
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [AddToPlaylistVLC] -- "E:\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" ()
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [OneNote.Open] -- C:\PROGRA~2\MICROS~2\Office12\ONENOTE.EXE "%L" File not found
Directory [PlayWithVLC] -- "E:\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" ()
Directory [Winamp.Bookmark] -- "E:\Winamp\winamp.exe" /BOOKMARK "%1" (Nullsoft)
Directory [Winamp.Enqueue] -- "E:\Winamp\winamp.exe" /ADD "%1" (Nullsoft)
Directory [Winamp.Play] -- "E:\Winamp\winamp.exe" "%1" (Nullsoft)
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
 
========== Security Center Settings ==========
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"VistaSp1" = 28 4D B2 76 41 04 CA 01  [binary data]
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\KasperskyAntiVirus]
"DisableMonitoring" = 1
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
 
========== Firewall Settings ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"DisableNotifications" = 0
"EnableFirewall" = 0
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"DisableNotifications" = 0
"EnableFirewall" = 0
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"DisableNotifications" = 0
"EnableFirewall" = 0
 
========== Authorized Applications List ==========
 
 
========== HKEY_LOCAL_MACHINE Uninstall List ==========
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{071c9b48-7c32-4621-a0ac-3f809523288f}" = Microsoft Visual C++ 2005 Redistributable (x64)
"{1374CC63-B520-4f3f-98E8-E9020BF01CFF}" = Windows XP Mode
"{23170F69-40C1-2702-0910-000001000000}" = 7-Zip 9.10 (x64 edition)
"{295CFB7C-A57E-4313-93E7-68E7CE1D0332}" = Adobe WinSoft Linguistics Plugin x64
"{2D74E972-5A85-44DC-9193-8A302BA8C181}" = Photoshop Camera Raw_x64
"{36A415C2-7181-421D-92C9-8255766E0FF3}" = TortoiseSVN 1.6.10.19898 (64 bit)
"{3D3E663D-4E7E-4577-A560-7ECDDD45548A}" = PVSonyDll
"{4B6C7001-C7D6-3710-913E-5BC23FCE91E6}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148
"{4BE91685-1632-47FC-B563-A8A542C6664C}" = Autodesk Network License Manager
"{6631325A-9B1B-4EE7-8E64-8CC4A6F10643}" = Adobe Fonts All x64
"{6ce5bae9-d3ca-4b99-891a-1dc6c118a5fc}" = Microsoft Visual C++ 2005 Redistributable (x64)
"{7C9D315B-1320-4AA9-AA58-DA61B75D8079}" = Slik Subversion 1.6.12 (x64)
"{8220EEFE-38CD-377E-8595-13398D740ACE}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17
"{8875A1C0-6308-4790-8CF6-D34E89880052}" = Adobe Linguistics CS4 x64
"{887797BF-37A5-4199-B0C9-0D38D6196E9A}" = Adobe Anchor Service x64 CS4
"{8C8D673B-20FB-43E6-BCB7-9B3F78F2E762}" = Adobe Type Support x64 CS4
"{8DAA31EB-6830-4006-A99F-4DF8AB24714F}" = Adobe CSI CS4 x64
"{90120000-002A-0000-1000-0000000FF1CE}" = Microsoft Office Office 64-bit Components 2007
"{90120000-002A-0407-1000-0000000FF1CE}" = Microsoft Office Shared 64-bit MUI (German) 2007
"{90BA8112-80B3-4617-A3C1-BD2771B60F74}" = Adobe CMaps x64 CS4
"{95120000-00B9-0409-1000-0000000FF1CE}" = Microsoft Application Error Reporting
"{A3454894-144A-4D80-B605-C128FE0D7329}" = Adobe Drive CS4 x64
"{A35001F0-F1E4-11DD-A38B-005056C00008}" = Paragon Partition Manager™ 10.0 Professional
"{B6E3757B-5E77-3915-866A-CCFC4B8D194C}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x64 8.0.50727.4053
"{D40172D6-CE2D-4B72-BF5F-26A04A900B7B}" = Adobe Photoshop CS4 (64 Bit)
"{DFFABE78-8173-4E97-9C5C-22FB26192FC5}" = Adobe PDF Library Files x64 CS4
"NVIDIA Display Control Panel" = NVIDIA Display Control Panel
"NVIDIA Drivers" = NVIDIA Drivers
"TeamSpeak 3 Client" = TeamSpeak 3 Client
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{002D9D5E-29BA-3E6D-9BC4-3D7D6DBC735C}" = Microsoft Visual C++ 2008 ATL Update kb973924 - x86 9.0.30729.4148
"{00C5F4F4-62F9-40D7-8000-AD8A9CD0C669}" = Microsoft Games for Windows - LIVE Redistributable
"{01339AE5-04D4-43F8-008E-13AD788DC4F7}" = SimCity 4
"{022F6097-A053-4B1B-BE50-3AADE4116B92}" = Opera 10.50
"{05308C4E-7285-4066-BAE3-6B50DA6ED755}" = Adobe Update Manager CS4
"{054EFA56-2AC1-48F4-A883-0AB89874B972}" = Adobe Extension Manager CS4
"{086A7D8C-0A38-4C7F-819A-620275550D5C}" = Nero Burning ROM Help
"{098727E1-775A-4450-B573-3F441F1CA243}" = kuler
"{098A2A49-7CF3-4F08-A38D-FB879117152A}" = Adobe Color NA Extra Settings CS4
"{0D6013AB-A0C7-41DC-973C-E93129C9A29F}" = Adobe Color JA Extra Settings CS4
"{0D67A4E4-5BE0-4C9A-8AD8-AB552B433F23}" = Adobe Setup
"{0DC0E85F-36E4-463B-B3EA-4CD8ED2222A1}" = Adobe Color EU Recommended Settings CS4
"{0F723FC1-7606-4867-866C-CE80AD292DAF}" = Adobe CSI CS4
"{14C87AA7-08E6-419F-A165-998EBE5023D7}" = Oblivion - Knights of the Nine
"{1618734A-3957-4ADD-8199-F973763109A8}" = Adobe Anchor Service CS4
"{16E16F01-2E2D-4248-A42F-76261C147B6C}" = Adobe Drive CS4
"{16E6D2C1-7C90-4309-8EC4-D2212690AAA4}" = AdobeColorCommonSetRGB
"{197A3012-8C85-4FD3-AB66-9EC7E13DB92E}" = Adobe AIR
"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
"{22B775E7-6C42-4FC5-8E10-9A5E3257BD94}" = MSVCRT
"{2348B586-C9AE-46CE-936C-A68E9426E214}" = Nero StartSmart Help
"{26A24AE4-039D-4CA4-87B4-2F83216017FF}" = Java(TM) 6 Update 22
"{297190A1-4B0D-4CD6-8B9F-3907F15C3FD8}" = Adobe CS4 American English Speech Analysis Models
"{33CF58F5-48D8-4575-83D6-96F574E4D83A}" = Nero DriveSpeed
"{35CB6715-41F8-4F99-8881-6FC75BF054B0}" = Oblivion
"{35D94F92-1D3A-43C5-8605-EA268B1A7BD9}" = PDF Settings CS4
"{368BA326-73AD-4351-84ED-3C0A7A52CC53}" = Nero Rescue Agent
"{39F6E2B4-CFE8-C30A-66E8-489651F0F34C}" = Adobe Media Player
"{3A4E8896-C2E7-4084-A4A4-B8FD1894E739}" = Adobe XMP Panels CS4
"{3AC8457C-0385-4BEA-A959-E095F05D6D67}" = Battlefield: Bad Company™ 2
"{3D2C9DE6-9ADE-4252-A241-E43723B0CE02}" = Adobe Color - Photoshop Specific CS4
"{3DA8DF9A-044E-46C4-8531-DEDBB0EE37FF}" = Adobe WinSoft Linguistics Plugin
"{41E654A9-26D0-4EAC-854B-0FA824FFFABB}" = Windows Live Messenger
"{43E39830-1826-415D-8BAE-86845787B54B}" = Nero Vision
"{4943EFF5-229F-435D-BEA9-BE3CAEA783A7}" = Adobe Service Manager Extension
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{52B97218-98CB-4B8B-9283-D213C85E1AA4}" = Windows Live Anmelde-Assistent
"{566BB41D-F006-4956-A5D3-94D8DFFA7F51}" = Adobe Setup
"{56C049BE-79E9-4502-BEA7-9754A3E60F9B}" = neroxml
"{595A3116-40BB-4E0F-A2E8-D7951DA56270}" = NeroExpress
"{5D9BE3C1-8BA4-4E7E-82FD-9F74FA6815D1}" = Nero Vision Help
"{5E08ECD1-C98E-4711-BF65-8FD736B3F969}" = Nero RescueAgent Help
"{5EAD5443-7194-46CC-A055-428E6ABB1BAF}" = Adobe Encore CS4
"{5FC68772-6D56-41C6-9DF1-24E868198AE6}" = Windows Live Call
"{60C731FB-C951-41CE-AD41-8E54C8594609}" = Nero Disc Copy Gadget Help
"{60DB5894-B5A1-4B62-B0F3-669A22C0EE5D}" = Adobe Dynamiclink Support
"{63C24A08-70F3-4C8E-B9FB-9F21A903801D}" = Adobe Color Video Profiles CS CS4
"{63E5CDBF-8214-4F03-84F8-CD3CE48639AD}" = Adobe Photoshop CS4 Support
"{66F1F013-008F-4875-B283-5A814B820347}" = Kaspersky Internet Security 2011
"{67F0E67A-8E93-4C2C-B29D-47C48262738A}" = Adobe Device Central CS4
"{68243FF8-83CA-466B-B2B8-9F99DA5479C4}" = AdobeColorCommonSetCMYK
"{69FDFBB6-351D-4B8C-89D8-867DC9D0A2A4}" = Windows Media Player Firefox Plugin
"{72263053-50D1-4598-9502-51ED64E54C51}" = Borland Delphi 7
"{7299052b-02a4-4627-81f2-1818da5d550d}" = Microsoft Visual C++ 2005 Redistributable
"{7406DF60-016D-476B-A2C7-55D997592047}" = Adobe OnLocation CS4
"{770657D0-A123-3C07-8E44-1C83EC895118}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
"{7748AC8C-18E3-43BB-959B-088FAEA16FB2}" = Nero StartSmart
"{7829DB6F-A066-4E40-8912-CB07887C20BB}" = Nero BurnRights
"{820D3F45-F6EE-4AAF-81EF-CE21FF21D230}" = Adobe Type Support CS4
"{83202942-84B3-4C50-8622-B8C0AA2D2885}" = Nero Express Help
"{837b34e3-7c30-493c-8f6a-2b0f04e2912c}" = Microsoft Visual C++ 2005 Redistributable
"{83877DB1-8B77-45BC-AB43-2BAC22E093E0}" = Adobe Bridge CS4
"{842B4B72-9E8F-4962-B3C1-1C422A5C4434}" = Suite Shared Configuration CS4
"{869200DB-287A-4DC0-B02B-2B6787FBCD4C}" = Nero DiscSpeed
"{8A15B7D9-908A-4EF9-BA84-5AEDE61743EE}" = Call of Duty(R) 4 - Modern Warfare(TM) 1.6 Patch
"{8A74DEFD-A224-49CC-AB80-4E88BC730125}" = LogMeIn Hamachi
"{90120000-0015-0407-0000-0000000FF1CE}" = Microsoft Office Access MUI (German) 2007
"{90120000-0015-0407-0000-0000000FF1CE}_ENTERPRISE_{9BD40163-B95D-4B07-8991-0AB775B6D88B}" = 2007 Microsoft Office Suite Service Pack 2 (SP2)
"{90120000-0016-0407-0000-0000000FF1CE}" = Microsoft Office Excel MUI (German) 2007
"{90120000-0016-0407-0000-0000000FF1CE}_ENTERPRISE_{9BD40163-B95D-4B07-8991-0AB775B6D88B}" = 2007 Microsoft Office Suite Service Pack 2 (SP2)
"{90120000-0018-0407-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (German) 2007
"{90120000-0018-0407-0000-0000000FF1CE}_ENTERPRISE_{9BD40163-B95D-4B07-8991-0AB775B6D88B}" = 2007 Microsoft Office Suite Service Pack 2 (SP2)
"{90120000-0019-0407-0000-0000000FF1CE}" = Microsoft Office Publisher MUI (German) 2007
"{90120000-0019-0407-0000-0000000FF1CE}_ENTERPRISE_{9BD40163-B95D-4B07-8991-0AB775B6D88B}" = 2007 Microsoft Office Suite Service Pack 2 (SP2)
"{90120000-001A-0407-0000-0000000FF1CE}" = Microsoft Office Outlook MUI (German) 2007
"{90120000-001A-0407-0000-0000000FF1CE}_ENTERPRISE_{9BD40163-B95D-4B07-8991-0AB775B6D88B}" = 2007 Microsoft Office Suite Service Pack 2 (SP2)
"{90120000-001B-0407-0000-0000000FF1CE}" = Microsoft Office Word MUI (German) 2007
"{90120000-001B-0407-0000-0000000FF1CE}_ENTERPRISE_{9BD40163-B95D-4B07-8991-0AB775B6D88B}" = 2007 Microsoft Office Suite Service Pack 2 (SP2)
"{90120000-001F-0407-0000-0000000FF1CE}" = Microsoft Office Proof (German) 2007
"{90120000-001F-0407-0000-0000000FF1CE}_ENTERPRISE_{A0516415-ED61-419A-981D-93596DA74165}" = 2007 Microsoft Office Suite Service Pack 2 (SP2)
"{90120000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2007
"{90120000-001F-0409-0000-0000000FF1CE}_ENTERPRISE_{ABDDE972-355B-4AF1-89A8-DA50B7B5C045}" = 2007 Microsoft Office Suite Service Pack 2 (SP2)
"{90120000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2007
"{90120000-001F-040C-0000-0000000FF1CE}_ENTERPRISE_{F580DDD5-8D37-4998-968E-EBB76BB86787}" = 2007 Microsoft Office Suite Service Pack 2 (SP2)
"{90120000-001F-0410-0000-0000000FF1CE}" = Microsoft Office Proof (Italian) 2007
"{90120000-001F-0410-0000-0000000FF1CE}_ENTERPRISE_{322296D4-1EAE-4030-9FBC-D2787EB25FA2}" = 2007 Microsoft Office Suite Service Pack 2 (SP2)
"{90120000-002A-0000-1000-0000000FF1CE}_ENTERPRISE_{E64BA721-2310-4B55-BE5A-2925F9706192}" = 2007 Microsoft Office Suite Service Pack 2 (SP2)
"{90120000-002A-0407-1000-0000000FF1CE}_ENTERPRISE_{26454C26-D259-4543-AA60-3189E09C5F76}" = 2007 Microsoft Office Suite Service Pack 2 (SP2)
"{90120000-002C-0407-0000-0000000FF1CE}" = Microsoft Office Proofing (German) 2007
"{90120000-0030-0000-0000-0000000FF1CE}" = Microsoft Office Enterprise 2007
"{90120000-0030-0000-0000-0000000FF1CE}_ENTERPRISE_{0B36C6D6-F5D8-4EAF-BF94-4376A230AD5B}" = 2007 Microsoft Office Suite Service Pack 2 (SP2)
"{90120000-0030-0000-0000-0000000FF1CE}_ENTERPRISE_{3D019598-7B59-447A-80AE-815B703B84FF}" = Security Update for Microsoft Office system 2007 (972581)
"{90120000-0044-0407-0000-0000000FF1CE}" = Microsoft Office InfoPath MUI (German) 2007
"{90120000-0044-0407-0000-0000000FF1CE}_ENTERPRISE_{9BD40163-B95D-4B07-8991-0AB775B6D88B}" = 2007 Microsoft Office Suite Service Pack 2 (SP2)
"{90120000-0051-0000-0000-0000000FF1CE}" = Microsoft Office Visio Professional 2007
"{90120000-0054-0407-0000-0000000FF1CE}" = Microsoft Office Visio MUI (German) 2007
"{90120000-006E-0407-0000-0000000FF1CE}" = Microsoft Office Shared MUI (German) 2007
"{90120000-006E-0407-0000-0000000FF1CE}_ENTERPRISE_{26454C26-D259-4543-AA60-3189E09C5F76}" = 2007 Microsoft Office Suite Service Pack 2 (SP2)
"{90120000-00A1-0407-0000-0000000FF1CE}" = Microsoft Office OneNote MUI (German) 2007
"{90120000-00A1-0407-0000-0000000FF1CE}_ENTERPRISE_{9BD40163-B95D-4B07-8991-0AB775B6D88B}" = 2007 Microsoft Office Suite Service Pack 2 (SP2)
"{90120000-00BA-0407-0000-0000000FF1CE}" = Microsoft Office Groove MUI (German) 2007
"{90120000-00BA-0407-0000-0000000FF1CE}_ENTERPRISE_{9BD40163-B95D-4B07-8991-0AB775B6D88B}" = 2007 Microsoft Office Suite Service Pack 2 (SP2)
"{931AB7EA-3656-4BB7-864D-022B09E3DD67}" = Adobe Linguistics CS4
"{931C37FC-594D-43A9-B10F-A2F2B1F03498}" = Call of Duty(R) 4 - Modern Warfare(TM) 1.7 Patch
"{94D398EB-D2FD-4FD1-B8C4-592635E8A191}" = Adobe CMaps CS4
"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
"{A1C962E2-2426-49C6-A38B-9A07E40D607C}" = Microsoft Games for Windows - LIVE
"{A53A11EA-0095-493F-86FA-A15E8A86A405}" = VMware Player
"{A8F2089B-1F79-4BF6-B385-A2C2B0B9A74D}" = ImagXpress
"{AC76BA86-7AD7-1031-7B44-A94000000001}" = Adobe Reader 9.4.0 - Deutsch
"{AD88355B-A4E0-4DA1-BAC3-EA4FEA930691}" = Ipswitch WS_FTP 12
"{B1549CC1-EB81-4E7C-9C7C-8B97CD9FD37A}" = Hercules Classic Link
"{B169BC97-B8AA-4ACA-9CF2-9D0FF5BABDF7}" = Adobe Premiere Pro CS4 Functional Content
"{B1ADF008-E898-4FE2-8A1F-690D9A06ACAF}" = DolbyFiles
"{B29AD377-CC12-490A-A480-1452337C618D}" = Connect
"{B2EC4A38-B545-4A00-8214-13FE0E915E6D}" = Advertising Center
"{B4092C6D-E886-4CB2-BA68-FE5A88D31DE6}_is1" = Spybot - Search & Destroy
"{B65BA85C-0A27-4BC0-A22D-A66F0E5B9494}" = Adobe Photoshop CS4
"{B78120A0-CF84-4366-A393-4D0A59BC546C}" = Menu Templates - Starter Kit
"{BB4E33EC-8181-4685-96F7-8554293DEC6A}" = Adobe Output Module
"{BD5CA0DA-71AD-43DA-B19E-6EEE0C9ADC9A}" = Nero ControlCenter
"{BE9CEAAA-F069-4331-BF2F-8D350F6504F4}" = Adobe Media Encoder CS4 Additional Exporter
"{C3C44248-B8F7-4B20-A5C7-994870B60F55}" = Hercules Webcam Station Evolution SE
"{C52E3EC1-048C-45E1-8D53-10B0C6509683}" = Adobe Default Language CS4
"{CC019E3F-59D2-4486-8D4B-878105B62A71}" = Nero DiscSpeed Help
"{CC75AB5C-2110-4A7F-AF52-708680D22FE8}" = Photoshop Camera Raw
"{D025A639-B9C9-417D-8531-208859000AF8}" = NeroBurningROM
"{D102611A-6466-4101-A51D-51069303AC65}" = tools-linux
"{D103C4BA-F905-437A-8049-DB24763BBE36}" = Skype™ 4.2
"{D2FCA41E-AC01-4DCD-B3A7-DC9E32363065}}_is1" = Rapture3D 2.4.4 Game
"{D499F8DE-3F31-4900-9157-61061613704B}" = Adobe Premiere Pro CS4
"{DE3BB35E-C0CE-4CA1-9CB4-CD9E69364BD9}" = Adobe Premiere Pro CS4
"{DEB90B8E-0DCB-48CE-B90E-8842A2BD643E}" = Adobe Media Encoder CS4
"{E10DB5DA-E576-40EA-A7FC-1CB2A7B283A6}" = NVIDIA PhysX
"{e28bce1d-1092-4f7e-ab67-7510a2fd4c12}" = Nero 9
"{E48469CC-635E-4FD5-A122-1497C286D217}" = Call of Duty(R) 4 - Modern Warfare(TM)
"{E4848436-0345-47E2-B648-8B522FCDA623}" = Adobe Photoshop CS4
"{E5C7D048-F9B4-4219-B323-8BDB01A2563D}" = Nero DriveSpeed Help
"{E8A80433-302B-4FF1-815D-FCC8EAC482FF}" = Nero Installer
"{ED00D08A-3C5F-488D-93A0-A04F21F23956}" = Windows Live Communications Platform
"{EDA12670-56B5-4459-BA21-D010F0E3EBA1}" = Emergency 4 Deluxe
"{EE353798-E875-42E0-B58D-7E6696182EA8}" = Adobe Media Encoder CS4 Dolby
"{EF36A836-BF89-4A4F-B079-057B0C68C1E0}" = Sid Meier's Civilization IV Colonization
"{F0E12BBA-AD66-4022-A453-A1C8A0C4D570}" = Microsoft Choice Guard
"{F0E64E2E-3A60-40D8-A55D-92F6831875DA}" = Adobe Search for Help
"{F1861F30-3419-44DB-B2A1-C274825698B3}" = Nero Disc Copy Gadget
"{F4041DCE-3FE1-4E18-8A9E-9DE65231EE36}" = Nero ControlCenter
"{F6BDD7C5-89ED-4569-9318-469AA9732572}" = Nero BurnRights Help
"{F8EF2B3F-C345-4F20-8FE4-791A20333CD5}" = Adobe ExtendScript Toolkit CS4
"{F8FF18EE-264A-43FD-B2F6-5EAD40798C2F}" = Windows Live Essentials
"{F93C84A6-0DC6-42AF-89FA-776F7C377353}" = Adobe PDF Library Files CS4
"{FCDD51BB-CAD0-4BB1-B7DF-CE86D1032794}" = Adobe Fonts All
"Adobe AIR" = Adobe AIR
"Adobe Flash Player ActiveX" = Adobe Flash Player 10 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 10 Plugin
"Adobe_26b63376f4efc354dae41af6b5e3343" = Adobe Premiere Pro CS4
"Adobe_faf656ef605427ee2f42989c3ad31b8" = Adobe Photoshop CS4
"CINEMA 4D Release 10" = CINEMA 4D Release 10
"com.adobe.amp.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1" = Adobe Media Player
"Combined Community Codec Pack_is1" = Combined Community Codec Pack 2009-09-09
"Der VerkehrsGigant-Gold Edition" = Der VerkehrsGigant-Gold Edition
"EasyBCD" = EasyBCD 1.7.2
"ENTERPRISE" = Microsoft Office Enterprise 2007
"htmltads.exe" = HTML TADS Player Kit
"InstallShield_{050C1C8E-4A4D-4C2F-B9AE-67E60EE91B7F}" = Call of Duty(R) 4 - Modern Warfare(TM) 1.3 Patch
"InstallShield_{8A15B7D9-908A-4EF9-BA84-5AEDE61743EE}" = Call of Duty(R) 4 - Modern Warfare(TM) 1.6 Patch
"InstallShield_{931C37FC-594D-43A9-B10F-A2F2B1F03498}" = Call of Duty(R) 4 - Modern Warfare(TM) 1.7 Patch
"InstallShield_{E48469CC-635E-4FD5-A122-1497C286D217}" = Call of Duty(R) 4 - Modern Warfare(TM)
"InstallWIX_{66F1F013-008F-4875-B283-5A814B820347}" = Kaspersky Internet Security 2011
"LogMeIn Hamachi" = LogMeIn Hamachi
"MirandaFusion" = Miranda Fusion 2.0.23
"mIRC" = mIRC
"Mozilla Firefox (3.6.11)" = Mozilla Firefox (3.6.11)
"MPE" = MyPhoneExplorer
"NAV" = Norton AntiVirus
"nbi-nb-base-6.8.0.0.0" = NetBeans IDE 6.8
"NVIDIAStereo" = NVIDIA Stereoscopic 3D Driver
"OpenAL" = OpenAL
"PunkBusterSvc" = PunkBuster Services
"Spyware Terminator_is1" = Spyware Terminator
"StarCraft II" = StarCraft II
"Steam App 240" = Counter-Strike: Source
"Teamspeak 2 RC2_is1" = TeamSpeak 2 RC2
"UltraISO_is1" = UltraISO Premium V9.32
"VISPRO" = Microsoft Office Visio Professional 2007
"VLC media player" = VLC media player 1.0.5
"VMware_Player" = VMware Player
"Winamp" = Winamp
"WinLiveSuite_Wave3" = Windows Live Essentials
"WinRAR archiver" = WinRAR
 
========== HKEY_CURRENT_USER Uninstall List ==========
 
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"Faraday's Electromagnetic Lab" = Faraday's Electromagnetic Lab
"Winamp Detect" = Winamp Anwendungserkennung
"XBMC" = XBMC
 
========== Last 10 Event Log Errors ==========
 
Error reading Event Logs: The Event Service is not operating properly or the Event Logs are corrupt!
 
< End of report >
         
Ich hoffe, ihr könnt mir helfen, weil ich habe keinen Bock, mein System neu aufzusetzen

mfg

Alt 20.10.2010, 19:53   #2
markusg
/// Malware-holic
 
Win7 64Bit | Firefox-> TABS öffnen sich automatisch - Standard

Win7 64Bit | Firefox-> TABS öffnen sich automatisch



1. norton und kaspersky sollten nicht auf dem selben pc laufen, welches wirst du deinstalieren?
2.
download malwarebytes:
Malwarebytes
instalieren, öffnen, registerkarte aktualisierung, programm updaten.
schalte alle laufenden programme ab, trenne die internetverbindung.
registerkarte scanner, komplett scan, funde entfernen, log posten.
__________________


Alt 20.10.2010, 22:25   #3
IMM0rtalis
 
Win7 64Bit | Firefox-> TABS öffnen sich automatisch - Standard

Win7 64Bit | Firefox-> TABS öffnen sich automatisch



Code:
ATTFilter
Malwarebytes' Anti-Malware 1.46
www.malwarebytes.org

Datenbank Version: 4895

Windows 6.1.7600
Internet Explorer 8.0.7600.16385

20.10.2010 23:20:19
mbam-log-2010-10-20 (23-20-19).txt

Art des Suchlaufs: Vollständiger Suchlauf (C:\|E:\|P:\|Q:\|S:\|)
Durchsuchte Objekte: 458340
Laufzeit: 1 Stunde(n), 39 Minute(n), 3 Sekunde(n)

Infizierte Speicherprozesse: 0
Infizierte Speichermodule: 0
Infizierte Registrierungsschlüssel: 0
Infizierte Registrierungswerte: 0
Infizierte Dateiobjekte der Registrierung: 0
Infizierte Verzeichnisse: 0
Infizierte Dateien: 3

Infizierte Speicherprozesse:
(Keine bösartigen Objekte gefunden)

Infizierte Speichermodule:
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungsschlüssel:
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungswerte:
(Keine bösartigen Objekte gefunden)

Infizierte Dateiobjekte der Registrierung:
(Keine bösartigen Objekte gefunden)

Infizierte Verzeichnisse:
(Keine bösartigen Objekte gefunden)

Infizierte Dateien:
E:\Adobe\Adobe Premiere Pro CS4\adobe.premiere.pro.cs4.4.0.0.0-nope.exe (Trojan.Downloader) -> Not selected for removal.
P:\xampp\htdocs\sonstiges\BACKUP\14.01.07\PPS\Adobe_Photoshop_CS2\MSVCP60.DLL (Malware.Packer.Gen) -> Quarantined and deleted successfully.
S:\RECYCLER\S-1-5-21-436374069-1284227242-1801674531-500\Dg1\3D SexVilla 2 - Everlust\Binaries\fc3DSexVilla.dll (Trojan.Agent) -> Quarantined and deleted successfully.
         
die Sachen sind aber schon länger drauf

Hab Norten nur installiert gehabt, um nach dem Virus zu suchen.. erfolglos.. ist wieder deinstalliert.

mfg
__________________

Alt 28.10.2010, 12:55   #4
markusg
/// Malware-holic
 
Win7 64Bit | Firefox-> TABS öffnen sich automatisch - Standard

Win7 64Bit | Firefox-> TABS öffnen sich automatisch



sorry mein computer war kaputt
ootl:
Systemscan mit OTL
download otl:
http://filepony.de/download-otl/

Doppelklick auf die OTL.exe
(user von Windows 7 und Vista: Rechtsklick als Administrator ausführen)
1. Oben findest Du ein Kästchen mit Output. Wähle bitte Minimal Output
2. Hake an "scan all users"
3. Unter "Extra Registry wähle:
"Use Safelist" "LOP Check" "Purity Check"
4. Kopiere in die Textbox:
netsvcs
msconfig
safebootminimal
safebootnetwork
activex
drivers32
%ALLUSERSPROFILE%\Application Data\*.
%ALLUSERSPROFILE%\Application Data\*.exe /s
%APPDATA%\*.
%APPDATA%\*.exe /s
%SYSTEMDRIVE%\*.exe
/md5start
userinit.exe
eventlog.dll
scecli.dll
netlogon.dll
cngaudit.dll
ws2ifsl.sys
sceclt.dll
ntelogon.dll
winlogon.exe
logevent.dll
user32.DLL
explorer.exe
iaStor.sys
nvstor.sys
atapi.sys
IdeChnDr.sys
viasraid.sys
AGP440.sys
vaxscsi.sys
nvatabus.sys
viamraid.sys
nvata.sys
nvgts.sys
iastorv.sys
ViPrt.sys
eNetHook.dll
ahcix86.sys
KR10N.sys
nvstor32.sys
ahcix86s.sys
/md5stop
%systemroot%\system32\drivers\*.sys /lockedfiles
%systemroot%\System32\config\*.sav
%systemroot%\*. /mp /s
%systemroot%\system32\*.dll /lockedfiles
CREATERESTOREPOINT
5. Klicke "Scan"
6. 2 reporte werden erstellt:
OTL.Txt
Extras.Txt
beide posten.

Alt 02.11.2010, 17:12   #5
IMM0rtalis
 
Win7 64Bit | Firefox-> TABS öffnen sich automatisch - Standard

Win7 64Bit | Firefox-> TABS öffnen sich automatisch



hallihallo... hat sich erledigt... durchs hin und herschieben von partitionen mittels paragon partitionsmanager sind meine festplatten gecrasehd und ich war seit/bin seit donnerstag mit datenrecovery beschäftigt...

virus ist weg, da ich das betriebssystem neu aufgespielt habe...


mfg


Alt 02.11.2010, 17:16   #6
markusg
/// Malware-holic
 
Win7 64Bit | Firefox-> TABS öffnen sich automatisch - Standard

Win7 64Bit | Firefox-> TABS öffnen sich automatisch



ich würde dir, falls gewünscht, noch tipps zum absichern gebn damit so was nicht mehr passiert.

Alt 04.11.2010, 23:39   #7
IMM0rtalis
 
Win7 64Bit | Firefox-> TABS öffnen sich automatisch - Standard

Win7 64Bit | Firefox-> TABS öffnen sich automatisch



soo.. jetzt hab ich endlich einigermaßen ordnung geschaffen.. :/

naja.. ich kanns vereiden, indem ich nicht mehr versuche, cracks zu suchen

e aber im ernst: wie kann ich mich vor solchen .exe-dateien schützen, wenn ich den inhalt nicht kenne aber eigentlich davon "ausgehe", es sei was richtiges.. ?

Antwort

Themen zu Win7 64Bit | Firefox-> TABS öffnen sich automatisch
64-bit, 7-zip, adblock, analysis, antivirus, avp.exe, bho, c:\windows\system32\rundll32.exe, call of duty, components, computer, ebay, error, excel, firefox, firefox.exe, flash player, format, ftp, ieframe.dll, install.exe, internet security 2011, intrusion prevention, kaspersky, langs, location, logfile, microsoft office word, mozilla, oldtimer, otl.exe, programdata, registry, rundll, saver, scan, searchplugins, security, security update, senden, shell32.dll, shortcut, sich automatisch, software, spielen, sptd.sys, spyware, spyware terminator, symantec, system neu, syswow64, tabs öffnen, tastatur, teamspeak, unseriöse seiten, vlc media player, webcheck, win7 64bit, windows, windows xp



Ähnliche Themen: Win7 64Bit | Firefox-> TABS öffnen sich automatisch


  1. Unter Google Chrome öffnen sich automatisch Tabs
    Plagegeister aller Art und deren Bekämpfung - 23.03.2015 (15)
  2. zwei neue Tabs öffnen sich in Chrome automatisch
    Log-Analyse und Auswertung - 17.02.2015 (3)
  3. Tabs öffnen sich automatisch
    Plagegeister aller Art und deren Bekämpfung - 02.02.2015 (7)
  4. Tabs öffnen sich automatisch
    Log-Analyse und Auswertung - 15.12.2014 (5)
  5. Tabs öffnen sich automatisch
    Log-Analyse und Auswertung - 02.12.2014 (7)
  6. Win7 64bit: Firefox neue Tabs mit Werbung, Umleitung von Seitenaurufen, Popup Fenster
    Log-Analyse und Auswertung - 21.11.2014 (10)
  7. Browser startet automatisch, Tabs öffnen sich eigenständig mit Werbung
    Plagegeister aller Art und deren Bekämpfung - 13.10.2014 (13)
  8. Tabs öffnen sich automatisch
    Plagegeister aller Art und deren Bekämpfung - 17.09.2014 (31)
  9. Chrome Tabs öffnen sich automatisch
    Log-Analyse und Auswertung - 29.06.2014 (19)
  10. Immer wieder öffnen sich Tabs mit Werbungen automatisch!
    Alles rund um Windows - 23.05.2014 (3)
  11. Tabs öffnen sich automatisch
    Plagegeister aller Art und deren Bekämpfung - 16.05.2014 (10)
  12. Firefox und I-net Explorer öffnen ständig automatisch irgendwelche Tabs bzw Fenster!
    Plagegeister aller Art und deren Bekämpfung - 16.03.2014 (4)
  13. tabs öffnen sich automatisch, reg-Eintrag lässt sich mit mbam nicht löschen
    Plagegeister aller Art und deren Bekämpfung - 29.12.2011 (13)
  14. Feststelltaste verselbständigt sich, Firefox Tabs öffnen automatisch
    Log-Analyse und Auswertung - 01.05.2011 (12)
  15. Tabs öffnen sich automatisch
    Plagegeister aller Art und deren Bekämpfung - 10.12.2009 (7)
  16. Tabs öffnen sich automatisch im IE und im Firefox
    Log-Analyse und Auswertung - 11.11.2008 (1)
  17. Hijack Problem - Tabs im IE öffnen sich automatisch
    Log-Analyse und Auswertung - 19.07.2008 (12)

Zum Thema Win7 64Bit | Firefox-> TABS öffnen sich automatisch - Hallihallo, ich hoffe, ich mache hier alles richtig... Folgende Situation: Ich habe vor einigen Tagen ne .exe runtergeladen, die bei vielen Youtubevideos verlinkt war(gab viele positive Kommentare).. Sinn war das - Win7 64Bit | Firefox-> TABS öffnen sich automatisch...
Archiv
Du betrachtest: Win7 64Bit | Firefox-> TABS öffnen sich automatisch auf Trojaner-Board

Search Engine Optimization by vBSEO ©2011, Crawlability, Inc.