| |
| |||||||
Antiviren-, Firewall- und andere Schutzprogramme: Antivirus fakeWindows 7 Sämtliche Fragen zur Bedienung von Firewalls, Anti-Viren Programmen, Anti Malware und Anti Trojaner Software sind hier richtig. Dies ist ein Diskussionsforum für Sicherheitslösungen für Windows Rechner. Benötigst du Hilfe beim Trojaner entfernen oder weil du dir einen Virus eingefangen hast, erstelle ein Thema in den oberen Bereinigungsforen. |
 |
22.12.2010, 19:23
| #1 |
| |  Antivirus fake Hallo meine mutter war gestern am Pc und meint sie hätte ein film gekuckt und auf einmal erschein ein virus scanner den sie nicht gedownloadet hat sie hat nix gedownloadet .Aber dieser scanner geht nicht weg,weilwenn ich den Pc starte wird es automatisch nach einer minute herunter gefahren und meint es ist etwas infiziert. Ich wollte mal mit Malwarebytes-Anti-Malware scannen aber er fährt immer runter ich wollte mal in abgesicherten modus eine system wiederhersellung machen aber irgentdwie verweigert mich etwas .Im abgesicherten modus ist im moment alles klar und übrigenst das virus heisst (Antivrus Scanner) brauche hilfe dank in voraus.Ich habe noch etwas vergessen zu sagen es hat automatisch mein eigentlichen antivirus scanner deaktiviert  |
|
22.12.2010, 20:13
| #2 |
| /// Malware-holic   | Antivirus fake Systemscan mit OTL
__________________download otl: http://filepony.de/download-otl/ Doppelklick auf die OTL.exe (user von Windows 7 und Vista: Rechtsklick als Administrator ausführen) 1. Oben findest Du ein Kästchen mit Output. Wähle bitte Minimal Output 2. Hake an "scan all users" 3. Unter "Extra Registry wähle: "Use Safelist" "LOP Check" "Purity Check" 4. Kopiere in die Textbox: netsvcs msconfig safebootminimal safebootnetwork activex drivers32 %ALLUSERSPROFILE%\Application Data\*. %ALLUSERSPROFILE%\Application Data\*.exe /s %APPDATA%\*. %APPDATA%\*.exe /s %SYSTEMDRIVE%\*.exe /md5start userinit.exe eventlog.dll scecli.dll netlogon.dll cngaudit.dll ws2ifsl.sys sceclt.dll ntelogon.dll winlogon.exe logevent.dll user32.DLL explorer.exe iaStor.sys nvstor.sys atapi.sys IdeChnDr.sys viasraid.sys AGP440.sys vaxscsi.sys nvatabus.sys viamraid.sys nvata.sys nvgts.sys iastorv.sys ViPrt.sys eNetHook.dll ahcix86.sys KR10N.sys nvstor32.sys ahcix86s.sys /md5stop %systemroot%\system32\drivers\*.sys /lockedfiles %systemroot%\System32\config\*.sav %systemroot%\*. /mp /s %systemroot%\system32\*.dll /lockedfiles CREATERESTOREPOINT 5. Klicke "Scan" 6. 2 reporte werden erstellt: OTL.Txt Extras.Txt beide posten. das kommt davon wenn man auf streaming seiten filme schaut wie kino.to, die sind mist verseucht. das otl log kannst du im abgesicherten modus erstellen
__________________ |
|
25.12.2010, 17:20
| #3 |
| | Antivirus fake OTL.textOTL Logfile:
__________________Code:
ATTFilter OTL logfile created on: 25.12.2010 17:07:58 - Run 4 OTL by OldTimer - Version 3.2.18.0 Folder = C:\Users\****\Desktop\Neuer Ordner Ultimate Edition (Version = 6.1.7600) - Type = NTWorkstation Internet Explorer (Version = 8.0.7600.16385) Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy 3,00 Gb Total Physical Memory | 2,00 Gb Available Physical Memory | 64,00% Memory free 15,00 Gb Paging File | 14,00 Gb Available in Paging File | 94,00% Paging File free Paging file location(s): [Binary data over 100 bytes] %SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files Drive C: | 69,25 Gb Total Space | 6,55 Gb Free Space | 9,45% Space Free | Partition Type: NTFS Drive D: | 465,75 Gb Total Space | 124,23 Gb Free Space | 26,67% Space Free | Partition Type: NTFS Drive F: | 465,75 Gb Total Space | 76,01 Gb Free Space | 16,32% Space Free | Partition Type: NTFS Computer Name: ****-PC | User Name: **** | Logged in as Administrator. Boot Mode: SafeMode with Networking | Scan Mode: Current user Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days ========== Processes (SafeList) ========== PRC - C:\Users\Cansel\Desktop\Neuer Ordner\OTL.exe (OldTimer Tools) PRC - C:\Programme\Mozilla Firefox\firefox.exe (Mozilla Corporation) PRC - C:\Programme\Malwarebytes' Anti-Malware\mbam.exe (Malwarebytes Corporation) PRC - C:\Windows\explorer.exe (Microsoft Corporation) ========== Modules (SafeList) ========== MOD - C:\Users\****\Desktop\Neuer Ordner\OTL.exe (OldTimer Tools) MOD - C:\Windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7600.16661_none_420fe3fa2b8113bd\comctl32.dll (Microsoft Corporation) MOD - C:\Windows\System32\sspicli.dll (Microsoft Corporation) MOD - C:\Windows\System32\sechost.dll (Microsoft Corporation) MOD - C:\Windows\System32\samcli.dll (Microsoft Corporation) MOD - C:\Windows\System32\profapi.dll (Microsoft Corporation) MOD - C:\Windows\System32\netutils.dll (Microsoft Corporation) MOD - C:\Windows\System32\KernelBase.dll (Microsoft Corporation) MOD - C:\Windows\System32\fms.dll (Windows (R) Codename Longhorn DDK provider) MOD - C:\Windows\System32\devobj.dll (Microsoft Corporation) MOD - C:\Windows\System32\cryptbase.dll (Microsoft Corporation) MOD - C:\Windows\System32\cfgmgr32.dll (Microsoft Corporation) ========== Win32 Services (SafeList) ========== SRV - (AMService) -- C:\Windows\TEMP\bcry\setup.exe () SRV - (TuneUp.UtilitiesSvc) -- C:\Program Files\TuneUp Utilities 2011\TuneUpUtilitiesService32.exe (TuneUp Software) SRV - (UxTuneUp) -- C:\Windows\System32\uxtuneup.dll (TuneUp Software) SRV - (Akamai) -- c:\Programme\Common Files\Akamai\netsession_win_aeec0f0.dll () SRV - (EhttpSrv) -- C:\Program Files\ESET\ESET NOD32 Antivirus\EHttpSrv.exe (ESET) SRV - (ekrn) -- C:\Program Files\ESET\ESET NOD32 Antivirus\ekrn.exe (ESET) SRV - (clr_optimization_v4.0.30319_32) -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe (Microsoft Corporation) SRV - (fsssvc) -- C:\Program Files\Windows Live\Family Safety\fsssvc.exe (Microsoft Corporation) SRV - (WwanSvc) -- C:\Windows\System32\wwansvc.dll (Microsoft Corporation) SRV - (WbioSrvc) -- C:\Windows\System32\wbiosrvc.dll (Microsoft Corporation) SRV - (Power) -- C:\Windows\System32\umpo.dll (Microsoft Corporation) SRV - (Themes) -- C:\Windows\System32\themeservice.dll (Microsoft Corporation) SRV - (sppuinotify) -- C:\Windows\System32\sppuinotify.dll (Microsoft Corporation) SRV - (RpcEptMapper) -- C:\Windows\System32\RpcEpMap.dll (Microsoft Corporation) SRV - (SensrSvc) -- C:\Windows\System32\sensrsvc.dll (Microsoft Corporation) SRV - (PeerDistSvc) -- C:\Windows\System32\PeerDistSvc.dll (Microsoft Corporation) SRV - (PNRPsvc) -- C:\Windows\System32\pnrpsvc.dll (Microsoft Corporation) SRV - (p2pimsvc) -- C:\Windows\System32\pnrpsvc.dll (Microsoft Corporation) SRV - (HomeGroupProvider) -- C:\Windows\System32\provsvc.dll (Microsoft Corporation) SRV - (PNRPAutoReg) -- C:\Windows\System32\pnrpauto.dll (Microsoft Corporation) SRV - (WinDefend) -- C:\Programme\Windows Defender\MpSvc.dll (Microsoft Corporation) SRV - (HomeGroupListener) -- C:\Windows\System32\ListSvc.dll (Microsoft Corporation) SRV - (FontCache) -- C:\Windows\System32\FntCache.dll (Microsoft Corporation) SRV - (Dhcp) -- C:\Windows\System32\dhcpcore.dll (Microsoft Corporation) SRV - (defragsvc) -- C:\Windows\System32\defragsvc.dll (Microsoft Corporation) SRV - (BDESVC) -- C:\Windows\System32\bdesvc.dll (Microsoft Corporation) SRV - (AxInstSV) ActiveX-Installer (AxInstSV) -- C:\Windows\System32\AxInstSv.dll (Microsoft Corporation) SRV - (AppIDSvc) -- C:\Windows\System32\appidsvc.dll (Microsoft Corporation) SRV - (sppsvc) -- C:\Windows\System32\sppsvc.exe (Microsoft Corporation) SRV - (AEADIFilters) -- C:\Windows\System32\AEADISRV.EXE (Andrea Electronics Corporation) SRV - (SeaPort) -- C:\Program Files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe (Microsoft Corporation) SRV - (ICQ Service) -- C:\Programme\ICQ6Toolbar\ICQ Service.exe () SRV - (ForceWare Intelligent Application Manager (IAM)) ForceWare Intelligent Application Manager (IAM) -- C:\Programme\NVIDIA Corporation\NetworkAccessManager\bin32\nSvcAppFlt.exe () SRV - (nSvcIp) -- C:\Programme\NVIDIA Corporation\NetworkAccessManager\bin32\nSvcIp.exe () SRV - (Autodata Limited License Service) -- C:\Program Files\Common Files\Autodata Limited Shared\Service\ADCDLicSvc.exe (Autodata Limited) SRV - (TDslMgrService) -- C:\Program Files\DSL-Manager\DslMgrSvc.exe (T-Systems Enterprise Services GmbH) SRV - (nTuneService) -- C:\Program Files\NVIDIA Corporation\nTune\nTuneService.exe (NVIDIA) SRV - (PSI_SVC_2) -- c:\Program Files\Common Files\Protexis\License Service\PsiService_2.exe (Protexis Inc.) SRV - (OKI OPHC DCS Loader) -- C:\Windows\System32\spool\drivers\w32x86\3\OPHCLDCS.EXE (Oki Data Corporation) SRV - (AVM WLAN Connection Service) -- C:\Programme\avmwlanstick\WLanNetService.exe (AVM Berlin) SRV - (LVSrvLauncher) -- C:\Programme\Common Files\LogiShrd\SrvLnch\SrvLnch.exe (Logitech Inc.) SRV - (LVPrcSrv) -- c:\Programme\Common Files\LogiShrd\LVMVFM\LVPrcSrv.exe (Logitech Inc.) SRV - (StarWindService) -- C:\Programme\Alcohol Soft\Alcohol 120\StarWind\StarWindService.exe (Rocket Division Software) ========== Driver Services (SafeList) ========== DRV - (XDva375) -- C:\Windows\System32\XDva375.sys File not found DRV - (XDva370) -- C:\Windows\System32\XDva370.sys File not found DRV - (XDva359) -- C:\Windows\System32\XDva359.sys File not found DRV - (XDva352) -- C:\Windows\System32\XDva352.sys File not found DRV - (XDva349) -- C:\Windows\System32\XDva349.sys File not found DRV - (XDva347) -- C:\Windows\System32\XDva347.sys File not found DRV - (XDva346) -- C:\Windows\System32\XDva346.sys File not found DRV - (XDva343) -- C:\Windows\System32\XDva343.sys File not found DRV - (XDva341) -- C:\Windows\System32\XDva341.sys File not found DRV - (XDva337) -- C:\Windows\System32\XDva337.sys File not found DRV - (XDva332) -- C:\Windows\System32\XDva332.sys File not found DRV - (NVNET) -- C:\Windows\System32\DRIVERS\nvmf6232.sys File not found DRV - (EagleNT) -- C:\Windows\System32\drivers\EagleNT.sys File not found DRV - (TuneUpUtilitiesDrv) -- C:\Programme\TuneUp Utilities 2011\TuneUpUtilitiesDriver32.sys (TuneUp Software) DRV - (eamonm) -- C:\Windows\System32\drivers\eamonm.sys (ESET) DRV - (ehdrv) -- C:\Windows\System32\drivers\ehdrv.sys (ESET) DRV - (epfwwfpr) -- C:\Windows\System32\drivers\epfwwfpr.sys (ESET) DRV - (dc3d) -- C:\Windows\System32\drivers\dc3d.sys (Microsoft Corporation) DRV - (nvlddmkm) -- C:\Windows\System32\drivers\nvlddmkm.sys (NVIDIA Corporation) DRV - (KSecPkg) -- C:\Windows\System32\Drivers\ksecpkg.sys (Microsoft Corporation) DRV - (BthAvrcp) -- C:\Windows\System32\drivers\BthAvrcp.sys (CSR, plc) DRV - (fssfltr) -- C:\Windows\System32\drivers\fssfltr.sys (Microsoft Corporation) DRV - (cmdide) -- C:\Windows\system32\DRIVERS\cmdide.sys (CMD Technology, Inc.) DRV - (adpahci) -- C:\Windows\system32\DRIVERS\adpahci.sys (Adaptec, Inc.) DRV - (adp94xx) -- C:\Windows\system32\DRIVERS\adp94xx.sys (Adaptec, Inc.) DRV - (amdsbs) -- C:\Windows\system32\DRIVERS\amdsbs.sys (AMD Technologies Inc.) DRV - (adpu320) -- C:\Windows\system32\DRIVERS\adpu320.sys (Adaptec, Inc.) DRV - (arcsas) -- C:\Windows\system32\DRIVERS\arcsas.sys (Adaptec, Inc.) DRV - (amdsata) -- C:\Windows\system32\DRIVERS\amdsata.sys (Advanced Micro Devices) DRV - (arc) -- C:\Windows\system32\DRIVERS\arc.sys (Adaptec, Inc.) DRV - (amdxata) -- C:\Windows\system32\DRIVERS\amdxata.sys (Advanced Micro Devices) DRV - (aliide) -- C:\Windows\system32\DRIVERS\aliide.sys (Acer Laboratories Inc.) DRV - (nvraid) -- C:\Windows\system32\DRIVERS\nvraid.sys (NVIDIA Corporation) DRV - (nfrd960) -- C:\Windows\system32\DRIVERS\nfrd960.sys (IBM Corporation) DRV - (LSI_SAS) -- C:\Windows\system32\DRIVERS\lsi_sas.sys (LSI Corporation) DRV - (iaStorV) -- C:\Windows\system32\DRIVERS\iaStorV.sys (Intel Corporation) DRV - (MegaSR) -- C:\Windows\system32\DRIVERS\MegaSR.sys (LSI Corporation, Inc.) DRV - (LSI_SCSI) -- C:\Windows\system32\DRIVERS\lsi_scsi.sys (LSI Corporation) DRV - (LSI_FC) -- C:\Windows\system32\DRIVERS\lsi_fc.sys (LSI Corporation) DRV - (LSI_SAS2) -- C:\Windows\system32\DRIVERS\lsi_sas2.sys (LSI Corporation) DRV - (iirsp) -- C:\Windows\system32\DRIVERS\iirsp.sys (Intel Corp./ICP vortex GmbH) DRV - (megasas) -- C:\Windows\system32\DRIVERS\megasas.sys (LSI Corporation) DRV - (hwpolicy) -- C:\Windows\System32\drivers\hwpolicy.sys (Microsoft Corporation) DRV - (elxstor) -- C:\Windows\system32\DRIVERS\elxstor.sys (Emulex) DRV - (aic78xx) -- C:\Windows\system32\DRIVERS\djsvs.sys (Adaptec, Inc.) DRV - (HpSAMD) -- C:\Windows\system32\DRIVERS\HpSAMD.sys (Hewlett-Packard Company) DRV - (FsDepends) -- C:\Windows\System32\drivers\fsdepends.sys (Microsoft Corporation) DRV - (vsmraid) -- C:\Windows\system32\DRIVERS\vsmraid.sys (VIA Technologies Inc.,Ltd) DRV - (vmbus) -- C:\Windows\system32\DRIVERS\vmbus.sys (Microsoft Corporation) DRV - (vhdmp) -- C:\Windows\system32\DRIVERS\vhdmp.sys (Microsoft Corporation) DRV - (storflt) -- C:\Windows\system32\DRIVERS\vmstorfl.sys (Microsoft Corporation) DRV - (vdrvroot) -- C:\Windows\system32\DRIVERS\vdrvroot.sys (Microsoft Corporation) DRV - (storvsc) -- C:\Windows\system32\DRIVERS\storvsc.sys (Microsoft Corporation) DRV - (WIMMount) -- C:\Windows\System32\drivers\wimmount.sys (Microsoft Corporation) DRV - (viaide) -- C:\Windows\system32\DRIVERS\viaide.sys (VIA Technologies, Inc.) DRV - (ql2300) -- C:\Windows\system32\DRIVERS\ql2300.sys (QLogic Corporation) DRV - (rdyboost) -- C:\Windows\System32\drivers\rdyboost.sys (Microsoft Corporation) DRV - (ql40xx) -- C:\Windows\system32\DRIVERS\ql40xx.sys (QLogic Corporation) DRV - (SiSRaid4) -- C:\Windows\system32\DRIVERS\sisraid4.sys (Silicon Integrated Systems) DRV - (pcw) -- C:\Windows\System32\drivers\pcw.sys (Microsoft Corporation) DRV - (SiSRaid2) -- C:\Windows\system32\DRIVERS\SiSRaid2.sys (Silicon Integrated Systems Corp.) DRV - (stexstor) -- C:\Windows\system32\DRIVERS\stexstor.sys (Promise Technology) DRV - (CNG) -- C:\Windows\System32\Drivers\cng.sys (Microsoft Corporation) DRV - (Brserid) Brother MFC-Seriellschnittstellentreiber (WDM) -- C:\Windows\System32\Drivers\Brserid.sys (Brother Industries Ltd.) DRV - (rdpbus) -- C:\Windows\System32\drivers\rdpbus.sys (Microsoft Corporation) DRV - (RDPREFMP) -- C:\Windows\System32\drivers\RDPREFMP.sys (Microsoft Corporation) DRV - (RasAgileVpn) WAN Miniport (IKEv2) -- C:\Windows\System32\drivers\agilevpn.sys (Microsoft Corporation) DRV - (WfpLwf) -- C:\Windows\System32\drivers\wfplwf.sys (Microsoft Corporation) DRV - (NdisCap) -- C:\Windows\System32\drivers\ndiscap.sys (Microsoft Corporation) DRV - (vwifibus) -- C:\Windows\System32\drivers\vwifibus.sys (Microsoft Corporation) DRV - (1394ohci) -- C:\Windows\System32\drivers\1394ohci.sys (Microsoft Corporation) DRV - (UmPass) -- C:\Windows\system32\DRIVERS\umpass.sys (Microsoft Corporation) DRV - (usbaudio) USB-Audiotreiber (WDM) -- C:\Windows\System32\drivers\USBAUDIO.sys (Microsoft Corporation) DRV - (WinUsb) -- C:\Windows\System32\drivers\winusb.sys (Microsoft Corporation) DRV - (mshidkmdf) -- C:\Windows\System32\drivers\mshidkmdf.sys (Microsoft Corporation) DRV - (MTConfig) -- C:\Windows\system32\DRIVERS\MTConfig.sys (Microsoft Corporation) DRV - (CompositeBus) -- C:\Windows\System32\drivers\CompositeBus.sys (Microsoft Corporation) DRV - (AppID) -- C:\Windows\system32\drivers\appid.sys (Microsoft Corporation) DRV - (scfilter) -- C:\Windows\System32\drivers\scfilter.sys (Microsoft Corporation) DRV - (s3cap) -- C:\Windows\system32\DRIVERS\vms3cap.sys (Microsoft Corporation) DRV - (VMBusHID) -- C:\Windows\system32\DRIVERS\VMBusHID.sys (Microsoft Corporation) DRV - (discache) -- C:\Windows\System32\drivers\discache.sys (Microsoft Corporation) DRV - (AcpiPmi) -- C:\Windows\system32\DRIVERS\acpipmi.sys (Microsoft Corporation) DRV - (AmdPPM) -- C:\Windows\System32\drivers\amdppm.sys (Microsoft Corporation) DRV - (hcw85cir) -- C:\Windows\system32\drivers\hcw85cir.sys (Hauppauge Computer Works, Inc.) DRV - (BrUsbMdm) Brother MFC-nur-Fax-Modem (USB) -- C:\Windows\System32\Drivers\BrUsbMdm.sys (Brother Industries Ltd.) DRV - (BrUsbSer) Brother MFC-WDM-Treiber (USB,seriell) -- C:\Windows\System32\Drivers\BrUsbSer.sys (Brother Industries Ltd.) DRV - (BrSerWdm) Brother WDM-Treiber (seriell) -- C:\Windows\System32\Drivers\BrSerWdm.sys (Brother Industries Ltd.) DRV - (BrFiltLo) -- C:\Windows\system32\DRIVERS\BrFiltLo.sys (Brother Industries, Ltd.) DRV - (BrFiltUp) -- C:\Windows\system32\DRIVERS\BrFiltUp.sys (Brother Industries, Ltd.) DRV - (NVENETFD) -- C:\Windows\System32\drivers\nvm62x32.sys (NVIDIA Corporation) DRV - (E1G60) Intel(R) -- C:\Windows\System32\drivers\E1G60I32.sys (Intel Corporation) DRV - (b57nd60x) -- C:\Windows\System32\drivers\b57nd60x.sys (Broadcom Corporation) DRV - (ebdrv) -- C:\Windows\system32\DRIVERS\evbdx.sys (Broadcom Corporation) DRV - (b06bdrv) -- C:\Windows\system32\DRIVERS\bxvbdx.sys (Broadcom Corporation) DRV - (nvsmu) -- C:\Windows\System32\drivers\nvsmu.sys (NVIDIA Corporation) DRV - (ADIHdAudAddService) -- C:\Windows\System32\drivers\ADIHdAud.sys (Analog Devices, Inc.) DRV - (nvstor32) -- C:\Windows\system32\DRIVERS\nvstor32.sys (NVIDIA Corporation) DRV - (NVHDA) -- C:\Windows\System32\drivers\nvhda32v.sys (NVIDIA Corporation) DRV - (uigxrdr) -- C:\Windows\System32\drivers\uigxrdr.SYS (GMX GmbH) DRV - (Point32) -- C:\Windows\System32\drivers\point32k.sys (Microsoft Corporation) DRV - (AsIO) -- C:\Windows\System32\drivers\AsIO.sys () DRV - (dsltestSp5) -- C:\Windows\System32\drivers\DslTestSp5.sys (Printing Communications Assoc., Inc. (PCAUSA)) DRV - (NVR0Dev) -- C:\Windows\nvoclock.sys (NVidia Corp.) DRV - (DslMNLwf) -- C:\Windows\System32\drivers\dslmnlwf.sys (T-Systems Enterprise Services GmbH) DRV - (sptd) -- C:\Windows\System32\Drivers\sptd.sys (Duplex Secure Ltd.) DRV - (hotcore3) -- C:\Windows\system32\drivers\hotcore3.sys (Paragon Software Group) DRV - (LMouKE) -- C:\Windows\System32\drivers\LMouKE.Sys (Logitech Inc.) DRV - (L8042mou) -- C:\Windows\System32\drivers\L8042mou.Sys (Logitech Inc.) DRV - (L8042Kbd) -- C:\Windows\System32\drivers\L8042Kbd.sys (Logitech Inc.) DRV - (nvstor) -- C:\Windows\system32\DRIVERS\nvstor.sys (NVIDIA Corporation) DRV - (avmeject) -- C:\Windows\System32\drivers\avmeject.sys (AVM Berlin) DRV - (LVPr2Mon) -- C:\Windows\System32\drivers\LVPr2Mon.sys () DRV - (LVMVDrv) -- C:\Windows\System32\drivers\LVMVdrv.sys (Logitech Inc.) DRV - (LVcKap) -- C:\Windows\System32\drivers\Lvckap.sys () DRV - (LVUSBSta) -- C:\Windows\System32\drivers\LVUSBSta.sys (Logitech Inc.) DRV - (MTsensor) -- C:\Windows\System32\drivers\ASACPI.sys () DRV - (Hardlock) -- C:\Windows\System32\drivers\hardlock.sys (Aladdin Knowledge Systems Ltd.) DRV - (QCMerced) -- C:\Windows\System32\drivers\lvcm.sys () DRV - (nvnforce) Service for NVIDIA(R) nForce(TM) -- C:\Windows\System32\drivers\nvapu.sys (NVIDIA Corporation) DRV - (nvax) Service for NVIDIA(R) nForce(TM) -- C:\Windows\System32\drivers\nvax.sys (NVIDIA Corporation) DRV - (EIO) -- C:\Windows\System32\drivers\EIO.sys (ASUSTeK Computer Inc.) ========== Standard Registry (All) ========== ========== Internet Explorer ========== IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = MSN, Messenger und Hotmail sowie Nachrichten, Unterhaltung, Video, Sport, Lifestyle, Finanzen, Auto uvm. bei MSN IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Search_URL = Bing IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Secondary_Page_URL = [binary data] IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Extensions Off Page = about:NoAdd-ons IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\System32\blank.htm IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = ${URL_SEARCHPAGE} IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Security Risk Page = about:SecurityRisk IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = MSN, Messenger und Hotmail sowie Nachrichten, Unterhaltung, Video, Sport, Lifestyle, Finanzen, Auto uvm. bei MSN IE - HKLM\..\URLSearchHook: {c9508125-4747-4733-b048-e4b82dc9716d} - C:\Programme\PHPNukeDE\tbPHP1.dll (Conduit Ltd.) IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\system32\blank.htm IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Page_Transitions = 1 IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = ${URL_SEARCHPAGE} IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = Orbit Downloader Start IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,StartPageCache = 2 IE - HKCU\..\URLSearchHook: {855F3B16-6D32-4fe6-8A56-BBB695989046} - C:\Programme\ICQ6Toolbar\ICQToolBar.dll (ICQ) IE - HKCU\..\URLSearchHook: {c9508125-4747-4733-b048-e4b82dc9716d} - C:\Programme\PHPNukeDE\tbPHP1.dll (Conduit Ltd.) IE - HKCU\..\URLSearchHook: {CFBFAE00-17A6-11D0-99CB-00C04FD64497} - C:\Windows\System32\ieframe.dll (Microsoft Corporation) IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 1 IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = <local> IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyServer" = http=127.0.0.1:8074 ========== FireFox ========== FF - prefs.js..browser.search.defaultenginename: "ICQ Search" FF - prefs.js..browser.search.defaulturl: "hxxp://www.google.com/search?lr=&ie=UTF-8&oe=UTF-8&q=" FF - prefs.js..browser.search.selectedEngine: "ICQ Search" FF - prefs.js..browser.startup.homepage: "hxxp://www.google.de/" FF - prefs.js..extensions.enabledItems: {D4DD63FA-01E4-46a7-B6B1-EDAB7D6AD389}:0.9.7.2 FF - prefs.js..extensions.enabledItems: de-DE@dictionaries.addons.mozilla.org:2.0.2 FF - prefs.js..extensions.enabledItems: {3112ca9c-de6d-4884-a869-9855de68056c}:7.1.20100830W FF - prefs.js..extensions.enabledItems: {e4a8a97b-f2ed-450b-b12d-ee082ba24781}:0.8.20100408.6 FF - prefs.js..extensions.enabledItems: {800b5000-a755-47e1-992b-48a1c1357f07}:1.1.7 FF - prefs.js..extensions.enabledItems: {9AA46F4F-4DC7-4c06-97AF-5035170634FE}:3.3.5 FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0005-ABCDEFFEDCBA}:6.0.05 FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0003-ABCDEFFEDCBA}:6.0.03 FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA}:6.0.07 FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0011-ABCDEFFEDCBA}:6.0.11 FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0013-ABCDEFFEDCBA}:6.0.13 FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0017-ABCDEFFEDCBA}:6.0.17 FF - prefs.js..extensions.enabledItems: {20a82645-c095-46ed-80e3-08825760534b}:1.2.1 FF - prefs.js..extensions.enabledItems: moveplayer@movenetworks.com:1.0.0.071302000004 FF - prefs.js..extensions.enabledItems: extension@virtusdesigns.com:3.6.7 FF - prefs.js..extensions.enabledItems: {5c8bfb7c-9a54-11dc-8314-0800200c9a66}:3.6.7 FF - prefs.js..extensions.enabledItems: {972ce4c6-7e08-4474-a285-3208198ce6fd}:3.5.16 FF - prefs.js..keyword.URL: "hxxp://search.icq.com/search/afe_results.php?ch_id=afex&tb_ver=1.1.7&q=" FF - HKLM\software\mozilla\Firefox\Extensions\\{20a82645-c095-46ed-80e3-08825760534b}: C:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\ [2009.12.06 23:27:05 | 000,000,000 | ---D | M] FF - HKLM\software\mozilla\Mozilla Firefox 3.5.16\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2010.12.22 20:54:13 | 000,000,000 | ---D | M] FF - HKLM\software\mozilla\Mozilla Firefox 3.5.16\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2010.12.22 20:54:13 | 000,000,000 | ---D | M] FF - HKLM\software\mozilla\Thunderbird\Extensions\\eplgTb@eset.com: C:\Program Files\ESET\ESET NOD32 Antivirus\Mozilla Thunderbird [2010.12.23 14:42:31 | 000,000,000 | ---D | M] [2009.12.06 23:34:32 | 000,000,000 | ---D | M] -- C:\Users\Cansel\AppData\Roaming\mozilla\Extensions [2008.11.02 13:10:33 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Cansel\AppData\Roaming\mozilla\Extensions\{ec8030f7-c20a-464f-9b0e-13a3a9e97384} [2010.12.25 00:39:57 | 000,000,000 | ---D | M] -- C:\Users\Cansel\AppData\Roaming\mozilla\Firefox\Profiles\w4lgutyr.default\extensions [2010.12.24 00:45:42 | 000,000,000 | ---D | M] (Microsoft .NET Framework Assistant) -- C:\Users\Cansel\AppData\Roaming\mozilla\Firefox\Profiles\w4lgutyr.default\extensions\{20a82645-c095-46ed-80e3-08825760534b} [2010.10.10 15:43:22 | 000,000,000 | ---D | M] (Google Toolbar for Firefox) -- C:\Users\Cansel\AppData\Roaming\mozilla\Firefox\Profiles\w4lgutyr.default\extensions\{3112ca9c-de6d-4884-a869-9855de68056c} [2010.12.24 00:45:35 | 000,000,000 | ---D | M] (Aero Fox XL) -- C:\Users\Cansel\AppData\Roaming\mozilla\Firefox\Profiles\w4lgutyr.default\extensions\{5c8bfb7c-9a54-11dc-8314-0800200c9a66} [2010.12.24 00:45:42 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Cansel\AppData\Roaming\mozilla\Firefox\Profiles\w4lgutyr.default\extensions\{800b5000-a755-47e1-992b-48a1c1357f07} [2010.12.24 00:45:42 | 000,000,000 | ---D | M] (ImTranslator) -- C:\Users\Cansel\AppData\Roaming\mozilla\Firefox\Profiles\w4lgutyr.default\extensions\{9AA46F4F-4DC7-4c06-97AF-5035170634FE} [2010.12.24 00:45:40 | 000,000,000 | ---D | M] (Adblock Plus) -- C:\Users\Cansel\AppData\Roaming\mozilla\Firefox\Profiles\w4lgutyr.default\extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d} [2010.12.24 00:45:43 | 000,000,000 | ---D | M] (Download Statusbar) -- C:\Users\Cansel\AppData\Roaming\mozilla\Firefox\Profiles\w4lgutyr.default\extensions\{D4DD63FA-01E4-46a7-B6B1-EDAB7D6AD389} [2010.04.13 21:25:10 | 000,000,000 | ---D | M] (Greasemonkey) -- C:\Users\Cansel\AppData\Roaming\mozilla\Firefox\Profiles\w4lgutyr.default\extensions\{e4a8a97b-f2ed-450b-b12d-ee082ba24781} [2010.12.24 00:45:42 | 000,000,000 | ---D | M] -- C:\Users\Cansel\AppData\Roaming\mozilla\Firefox\Profiles\w4lgutyr.default\extensions\de-DE@dictionaries.addons.mozilla.org [2010.12.24 00:45:41 | 000,000,000 | ---D | M] -- C:\Users\Cansel\AppData\Roaming\mozilla\Firefox\Profiles\w4lgutyr.default\extensions\extension@virtusdesigns.com [2009.12.06 23:34:32 | 000,000,000 | ---D | M] -- C:\Users\Cansel\AppData\Roaming\mozilla\Firefox\Profiles\w4lgutyr.default\extensions\moveplayer@movenetworks.com [2010.12.24 00:45:41 | 000,000,000 | ---D | M] -- C:\Users\Cansel\AppData\Roaming\mozilla\Firefox\Profiles\w4lgutyr.default\extensions\extension@virtusdesigns.com\chrome [2010.12.24 00:45:37 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Cansel\AppData\Roaming\mozilla\Firefox\Profiles\w4lgutyr.default\extensions\{5c8bfb7c-9a54-11dc-8314-0800200c9a66}\chrome\win\mozapps\extensions [2010.12.19 17:59:31 | 000,000,961 | ---- | M] () -- C:\Users\Cansel\AppData\Roaming\Mozilla\FireFox\Profiles\w4lgutyr.default\searchplugins\icqplugin-1.xml [2010.11.16 12:03:36 | 000,000,961 | ---- | M] () -- C:\Users\Cansel\AppData\Roaming\Mozilla\FireFox\Profiles\w4lgutyr.default\searchplugins\icqplugin-10.xml [2010.12.11 15:26:18 | 000,000,961 | ---- | M] () -- C:\Users\Cansel\AppData\Roaming\Mozilla\FireFox\Profiles\w4lgutyr.default\searchplugins\icqplugin-11.xml [2010.12.22 20:54:27 | 000,000,961 | ---- | M] () -- C:\Users\Cansel\AppData\Roaming\Mozilla\FireFox\Profiles\w4lgutyr.default\searchplugins\icqplugin-12.xml [2009.04.29 13:16:51 | 000,000,950 | ---- | M] () -- C:\Users\Cansel\AppData\Roaming\Mozilla\FireFox\Profiles\w4lgutyr.default\searchplugins\icqplugin-2.xml [2009.06.21 16:26:51 | 000,000,950 | ---- | M] () -- C:\Users\Cansel\AppData\Roaming\Mozilla\FireFox\Profiles\w4lgutyr.default\searchplugins\icqplugin-3.xml [2009.12.10 22:14:25 | 000,000,950 | ---- | M] () -- C:\Users\Cansel\AppData\Roaming\Mozilla\FireFox\Profiles\w4lgutyr.default\searchplugins\icqplugin-4.xml [2009.12.25 01:09:17 | 000,000,950 | ---- | M] () -- C:\Users\Cansel\AppData\Roaming\Mozilla\FireFox\Profiles\w4lgutyr.default\searchplugins\icqplugin-5.xml [2010.01.07 23:32:54 | 000,000,961 | ---- | M] () -- C:\Users\Cansel\AppData\Roaming\Mozilla\FireFox\Profiles\w4lgutyr.default\searchplugins\icqplugin-6.xml [2010.03.22 16:17:05 | 000,000,961 | ---- | M] () -- C:\Users\Cansel\AppData\Roaming\Mozilla\FireFox\Profiles\w4lgutyr.default\searchplugins\icqplugin-7.xml [2010.07.06 15:09:24 | 000,000,961 | ---- | M] () -- C:\Users\Cansel\AppData\Roaming\Mozilla\FireFox\Profiles\w4lgutyr.default\searchplugins\icqplugin-8.xml [2010.08.25 13:40:04 | 000,000,961 | ---- | M] () -- C:\Users\Cansel\AppData\Roaming\Mozilla\FireFox\Profiles\w4lgutyr.default\searchplugins\icqplugin-9.xml [2010.08.01 16:24:42 | 000,000,168 | ---- | M] () -- C:\Users\Cansel\AppData\Roaming\Mozilla\FireFox\Profiles\w4lgutyr.default\searchplugins\icqplugin.gif [2010.08.01 16:24:42 | 000,000,618 | ---- | M] () -- C:\Users\Cansel\AppData\Roaming\Mozilla\FireFox\Profiles\w4lgutyr.default\searchplugins\icqplugin.src [2009.03.28 11:14:08 | 000,000,950 | ---- | M] () -- C:\Users\Cansel\AppData\Roaming\Mozilla\FireFox\Profiles\w4lgutyr.default\searchplugins\icqplugin.xml [2009.10.18 12:15:47 | 000,002,128 | ---- | M] () -- C:\Users\Cansel\AppData\Roaming\Mozilla\FireFox\Profiles\w4lgutyr.default\searchplugins\live-search.xml [2010.12.25 00:39:57 | 000,000,000 | ---D | M] -- C:\Programme\Mozilla Firefox\extensions [2009.12.06 23:25:29 | 000,000,000 | ---D | M] (Google Toolbar for Firefox) -- C:\Programme\Mozilla Firefox\extensions\{3112ca9c-de6d-4884-a869-9855de68056c} [2009.12.06 23:25:29 | 000,000,000 | ---D | M] (No name found) -- C:\Programme\Mozilla Firefox\extensions\{800b5000-a755-47e1-992b-48a1c1357f07} [2010.12.22 20:54:13 | 000,000,000 | ---D | M] (Default) -- C:\Programme\Mozilla Firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd} [2009.12.06 23:25:29 | 000,000,000 | ---D | M] (Java Console) -- C:\Programme\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0003-ABCDEFFEDCBA} [2009.12.06 23:25:29 | 000,000,000 | ---D | M] (Java Console) -- C:\Programme\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0005-ABCDEFFEDCBA} [2009.12.06 23:25:29 | 000,000,000 | ---D | M] (Java Console) -- C:\Programme\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA} [2009.12.06 23:25:29 | 000,000,000 | ---D | M] (Java Console) -- C:\Programme\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0011-ABCDEFFEDCBA} [2009.12.06 23:25:30 | 000,000,000 | ---D | M] (Java Console) -- C:\Programme\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0013-ABCDEFFEDCBA} [2009.12.06 23:25:30 | 000,000,000 | ---D | M] (Java Console) -- C:\Programme\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0017-ABCDEFFEDCBA} [2010.12.22 20:54:00 | 000,025,048 | ---- | M] (Mozilla Foundation) -- C:\Programme\Mozilla Firefox\components\browserdirprovider.dll [2010.12.22 20:54:00 | 000,138,712 | ---- | M] (Mozilla Foundation) -- C:\Programme\Mozilla Firefox\components\brwsrcmp.dll [2007.04.10 17:21:08 | 000,163,256 | ---- | M] (Microsoft Corporation) -- C:\Programme\Mozilla Firefox\plugins\np-mswmp.dll [2009.10.11 04:17:27 | 000,411,368 | ---- | M] (Sun Microsystems, Inc.) -- C:\Programme\Mozilla Firefox\plugins\npdeploytk.dll [2008.11.06 17:33:48 | 001,332,224 | ---- | M] (DivX,Inc.) -- C:\Programme\Mozilla Firefox\plugins\npdivx32.dll [2006.09.28 04:45:46 | 000,053,355 | ---- | M] (Oracle Corporation) -- C:\Programme\Mozilla Firefox\plugins\NPJinit13128.dll [2007.10.11 14:17:50 | 001,435,688 | ---- | M] (Microsoft Corporation) -- C:\Programme\Mozilla Firefox\plugins\npLegitCheckPlugin.dll [2010.12.22 20:54:10 | 000,066,520 | ---- | M] (mozilla.org) -- C:\Programme\Mozilla Firefox\plugins\npnul32.dll [2008.10.14 21:33:30 | 000,095,600 | ---- | M] (Adobe Systems Inc.) -- C:\Programme\Mozilla Firefox\plugins\nppdf32.dll [2010.10.07 20:51:06 | 000,159,744 | ---- | M] (Apple Inc.) -- C:\Programme\Mozilla Firefox\plugins\npqtplugin.dll [2010.10.07 20:51:06 | 000,159,744 | ---- | M] (Apple Inc.) -- C:\Programme\Mozilla Firefox\plugins\npqtplugin2.dll [2010.10.07 20:51:06 | 000,159,744 | ---- | M] (Apple Inc.) -- C:\Programme\Mozilla Firefox\plugins\npqtplugin3.dll [2010.10.07 20:51:06 | 000,159,744 | ---- | M] (Apple Inc.) -- C:\Programme\Mozilla Firefox\plugins\npqtplugin4.dll [2010.10.07 20:51:06 | 000,159,744 | ---- | M] (Apple Inc.) -- C:\Programme\Mozilla Firefox\plugins\npqtplugin5.dll [2010.10.07 20:51:06 | 000,159,744 | ---- | M] (Apple Inc.) -- C:\Programme\Mozilla Firefox\plugins\npqtplugin6.dll [2010.10.07 20:51:06 | 000,159,744 | ---- | M] (Apple Inc.) -- C:\Programme\Mozilla Firefox\plugins\npqtplugin7.dll [2010.12.11 15:26:04 | 000,001,394 | ---- | M] () -- C:\Programme\Mozilla Firefox\searchplugins\amazondotcom.xml [2010.12.11 15:26:04 | 000,002,193 | ---- | M] () -- C:\Programme\Mozilla Firefox\searchplugins\answers.xml [2010.12.11 15:26:04 | 000,001,534 | ---- | M] () -- C:\Programme\Mozilla Firefox\searchplugins\creativecommons.xml [2010.12.11 15:26:04 | 000,002,344 | ---- | M] () -- C:\Programme\Mozilla Firefox\searchplugins\eBay.xml [2010.12.11 15:26:04 | 000,002,371 | ---- | M] () -- C:\Programme\Mozilla Firefox\searchplugins\google.xml [2010.12.11 15:26:04 | 000,001,182 | ---- | M] () -- C:\Programme\Mozilla Firefox\searchplugins\wikipedia-tr.xml [2010.12.11 15:26:04 | 000,000,792 | ---- | M] () -- C:\Programme\Mozilla Firefox\searchplugins\yahoo.xml O1 HOSTS File: ([2010.10.24 18:01:45 | 000,000,749 | ---- | M]) - C:\Windows\System32\drivers\etc\hosts O1 - Hosts: 127.0.0.1 localhost O1 - Hosts: ::1 localhost O3 - HKLM\..\Toolbar: (&Windows Live Toolbar) - {21FA44EF-376D-4D53-9B0F-8A89D3229068} - C:\Programme\Windows Live\Toolbar\wltcore.dll (Microsoft Corporation) O3 - HKLM\..\Toolbar: (no name) - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - No CLSID value found. O3 - HKLM\..\Toolbar: (ICQToolBar) - {855F3B16-6D32-4fe6-8A56-BBB695989046} - C:\Programme\ICQ6Toolbar\ICQToolBar.dll (ICQ) O3 - HKLM\..\Toolbar: (PHPNukeDE Toolbar) - {c9508125-4747-4733-b048-e4b82dc9716d} - C:\Programme\PHPNukeDE\tbPHP1.dll (Conduit Ltd.) O3 - HKCU\..\Toolbar\WebBrowser: (&Windows Live Toolbar) - {21FA44EF-376D-4D53-9B0F-8A89D3229068} - C:\Programme\Windows Live\Toolbar\wltcore.dll (Microsoft Corporation) O3 - HKCU\..\Toolbar\WebBrowser: (PHPNukeDE Toolbar) - {C9508125-4747-4733-B048-E4B82DC9716D} - C:\Programme\PHPNukeDE\tbPHP1.dll (Conduit Ltd.) O4 - HKLM..\Run: [Ai Nap] C:\Program Files\ASUS\AI Suite\AiNap\AiNap.exe () O4 - HKLM..\Run: [AVMWlanClient] C:\Programme\avmwlanstick\wlangui.exe () O4 - HKLM..\Run: [Cpu Level Up help] C:\Programme\ASUS\AI Suite\CpuLevelUpHelp.exe () O4 - HKLM..\Run: [CPU Power Monitor] C:\Program Files\ASUS\AI Suite\AiGear3\CpuPowerMonitor.exe () O4 - HKLM..\Run: [egui] C:\Program Files\ESET\ESET NOD32 Antivirus\egui.exe (ESET) O4 - HKLM..\Run: [fssui] C:\Program Files\Windows Live\Family Safety\fsui.exe () O4 - HKLM..\Run: [Logitech Hardware Abstraction Layer] C:\Windows\KHALMNPR.Exe (Logitech Inc.) O4 - HKLM..\Run: [LogitechCommunicationsManager] C:\Program Files\Common Files\LogiShrd\LComMgr\Communications_Helper.exe () O4 - HKLM..\Run: [LogitechQuickCamRibbon] C:\Program Files\Logitech\QuickCam10\QuickCam10.exe () O4 - HKLM..\Run: [NeroFilterCheck] C:\Programme\Common Files\Ahead\Lib\NeroCheck.exe () O4 - HKLM..\Run: [SoundMAX] C:\Program Files\Analog Devices\SoundMAX\soundmax.exe (Analog Devices, Inc.) O4 - HKLM..\Run: [SoundMAXPnP] C:\Programme\Analog Devices\Core\smax4pnp.exe () O4 - HKLM..\Run: [Windows Defender] C:\Program Files\Windows Defender\MSASCui.exe (Microsoft Corporation) O4 - HKCU..\Run: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe (Nero AG) O4 - HKCU..\Run: [EA Core] C:\Program Files\Electronic Arts\EADM\Core.exe (Electronic Arts) O4 - HKCU..\Run: [ehTray.exe] C:\Windows\ehome\ehtray.exe (Microsoft Corporation) O4 - HKCU..\Run: [NVIDIA nTune] C:\Program Files\NVIDIA Corporation\nTune\nTuneCmd.exe (NVIDIA) O4 - HKCU..\Run: [Sidebar] C:\Program Files\Windows Sidebar\sidebar.exe (Microsoft Corporation) O4 - Startup: C:\Users\Cansel\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OneNote 2007 Bildschirmausschnitt- und Startprogramm.lnk = C:\Programme\Microsoft Office\Office12\ONENOTEM.EXE (Microsoft Corporation) O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: BindDirectlyToPropertySetStorage = 0 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 0 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableInstallerDetection = 1 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableLUA = 0 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableSecureUIAPaths = 1 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableUIADesktopToggle = 0 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableVirtualization = 1 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: PromptOnSecureDesktop = 0 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ValidateAdminCodeSignatures = 0 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: dontdisplaylastusername = 0 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: legalnoticecaption = O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: scforceoption = 0 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: shutdownwithoutlogon = 1 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: undockwithoutlogon = 1 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: FilterAdministratorToken = 0 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: legalnoticetext = O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: SynchronousMachineGroupPolicy = 0 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: SynchronousUserGroupPolicy = 0 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\UIPI\Clipboard\ExceptionFormats: CF_TEXT = 1 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\UIPI\Clipboard\ExceptionFormats: CF_BITMAP = 2 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\UIPI\Clipboard\ExceptionFormats: CF_OEMTEXT = 7 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\UIPI\Clipboard\ExceptionFormats: CF_DIB = 8 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\UIPI\Clipboard\ExceptionFormats: CF_PALETTE = 9 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\UIPI\Clipboard\ExceptionFormats: CF_UNICODETEXT = 13 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\UIPI\Clipboard\ExceptionFormats: CF_DIBV5 = 17 O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoCDBurning = 1 O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145 O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: DisableRegistryTools = 0 O8 - Extra context menu item: Nach Microsoft E&xel exportieren - C:\Programme\Microsoft Office\Office12\EXCEL.EXE (Microsoft Corporation) O10 - NameSpace_Catalog5\Catalog_Entries\000000000001 [] - C:\Windows\System32\nlaapi.dll (Microsoft Corporation) O10 - NameSpace_Catalog5\Catalog_Entries\000000000002 [] - C:\Windows\System32\NapiNSP.dll (Microsoft Corporation) O10 - NameSpace_Catalog5\Catalog_Entries\000000000003 [] - C:\Windows\System32\pnrpnsp.dll (Microsoft Corporation) O10 - NameSpace_Catalog5\Catalog_Entries\000000000004 [] - C:\Windows\System32\pnrpnsp.dll (Microsoft Corporation) O10 - NameSpace_Catalog5\Catalog_Entries\000000000005 [] - C:\Windows\System32\mswsock.dll (Microsoft Corporation) O10 - NameSpace_Catalog5\Catalog_Entries\000000000006 [] - C:\Windows\System32\winrnr.dll (Microsoft Corporation) O10 - NameSpace_Catalog5\Catalog_Entries\000000000007 [] - C:\Programme\Common Files\microsoft shared\Windows Live\WLIDNSP.DLL (Microsoft Corporation) O10 - NameSpace_Catalog5\Catalog_Entries\000000000008 [] - C:\Programme\Common Files\microsoft shared\Windows Live\WLIDNSP.DLL (Microsoft Corporation) O10 - NameSpace_Catalog5\Catalog_Entries\000000000009 [] - C:\Windows\System32\wshbth.dll (Microsoft Corporation) O10 - Protocol_Catalog9\Catalog_Entries\000000000001 - C:\Windows\System32\mswsock.dll (Microsoft Corporation) O10 - Protocol_Catalog9\Catalog_Entries\000000000002 - C:\Windows\System32\mswsock.dll (Microsoft Corporation) O10 - Protocol_Catalog9\Catalog_Entries\000000000003 - C:\Windows\System32\mswsock.dll (Microsoft Corporation) O10 - Protocol_Catalog9\Catalog_Entries\000000000004 - C:\Windows\System32\mswsock.dll (Microsoft Corporation) O10 - Protocol_Catalog9\Catalog_Entries\000000000005 - C:\Windows\System32\mswsock.dll (Microsoft Corporation) O10 - Protocol_Catalog9\Catalog_Entries\000000000006 - C:\Windows\System32\mswsock.dll (Microsoft Corporation) O10 - Protocol_Catalog9\Catalog_Entries\000000000007 - C:\Windows\System32\mswsock.dll (Microsoft Corporation) O10 - Protocol_Catalog9\Catalog_Entries\000000000008 - C:\Windows\System32\mswsock.dll (Microsoft Corporation) O10 - Protocol_Catalog9\Catalog_Entries\000000000009 - C:\Windows\System32\mswsock.dll (Microsoft Corporation) O10 - Protocol_Catalog9\Catalog_Entries\000000000010 - C:\Windows\System32\mswsock.dll (Microsoft Corporation) O10 - Protocol_Catalog9\Catalog_Entries\000000000011 - C:\Windows\System32\mswsock.dll (Microsoft Corporation) O10 - Protocol_Catalog9\Catalog_Entries\000000000012 - C:\Windows\System32\mswsock.dll (Microsoft Corporation) O10 - Protocol_Catalog9\Catalog_Entries\000000000013 - C:\Windows\System32\mswsock.dll (Microsoft Corporation) O10 - Protocol_Catalog9\Catalog_Entries\000000000014 - C:\Windows\System32\mswsock.dll (Microsoft Corporation) O10 - Protocol_Catalog9\Catalog_Entries\000000000015 - C:\Windows\System32\mswsock.dll (Microsoft Corporation) O10 - Protocol_Catalog9\Catalog_Entries\000000000016 - C:\Windows\System32\mswsock.dll (Microsoft Corporation) O10 - Protocol_Catalog9\Catalog_Entries\000000000017 - C:\Windows\System32\mswsock.dll (Microsoft Corporation) O10 - Protocol_Catalog9\Catalog_Entries\000000000018 - C:\Windows\System32\mswsock.dll (Microsoft Corporation) O10 - Protocol_Catalog9\Catalog_Entries\000000000019 - C:\Windows\System32\mswsock.dll (Microsoft Corporation) O10 - Protocol_Catalog9\Catalog_Entries\000000000020 - C:\Windows\System32\mswsock.dll (Microsoft Corporation) O10 - Protocol_Catalog9\Catalog_Entries\000000000021 - C:\Windows\System32\mswsock.dll (Microsoft Corporation) O10 - Protocol_Catalog9\Catalog_Entries\000000000022 - C:\Windows\System32\mswsock.dll (Microsoft Corporation) O10 - Protocol_Catalog9\Catalog_Entries\000000000023 - C:\Windows\System32\mswsock.dll (Microsoft Corporation) O10 - Protocol_Catalog9\Catalog_Entries\000000000024 - C:\Windows\System32\mswsock.dll (Microsoft Corporation) O10 - Protocol_Catalog9\Catalog_Entries\000000000025 - C:\Windows\System32\mswsock.dll (Microsoft Corporation) O13 - gopher Prefix: missing O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} hxxp://download.microsoft.com/download/8/b/d/8bd77752-5704-4d68-a152-f7252adaa4f2/LegitCheckControl.cab (Windows Genuine Advantage Validation Tool) O16 - DPF: {3860DD98-0549-4D50-AA72-5D17D200EE10} hxxp://cdn.scan.onecare.live.com/resource/download/scanner/en-us/wlscctrl2.cab (Windows Live OneCare safety scanner control) O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_17-windows-i586.cab (Java Plug-in 1.6.0_17) O16 - DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} hxxp://fpdownload.macromedia.com/get/flashplayer/current/ultrashim.cab (Reg Error: Value error.) O16 - DPF: {CAFEEFAC-0014-0002-0003-ABCDEFFEDCBA} Java Plug-in Technology (Java Plug-in 1.4.2_03) O16 - DPF: {CAFEEFAC-0016-0000-0002-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_02-windows-i586.cab (Java Plug-in 1.6.0_02) O16 - DPF: {CAFEEFAC-0016-0000-0003-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_03-windows-i586.cab (Java Plug-in 1.6.0_03) O16 - DPF: {CAFEEFAC-0016-0000-0005-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_05-windows-i586.cab (Java Plug-in 1.6.0_05) O16 - DPF: {CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_07-windows-i586.cab (Java Plug-in 1.6.0_07) O16 - DPF: {CAFEEFAC-0016-0000-0017-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_17-windows-i586.cab (Java Plug-in 1.6.0_17) O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_17-windows-i586.cab (Java Plug-in 1.6.0_17) O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.2.1 O18 - Protocol\Handler\about {3050F406-98B5-11CF-BB82-00AA00BDCE0B} - C:\Windows\System32\mshtml.dll (Microsoft Corporation) O18 - Protocol\Handler\cdl {3dd53d40-7b8b-11D0-b013-00aa0059ce02} - C:\Windows\System32\urlmon.dll (Microsoft Corporation) O18 - Protocol\Handler\dvd {12D51199-0DB5-46FE-A120-47A3D7D937CC} - C:\Windows\System32\MSVidCtl.dll (Microsoft Corporation) O18 - Protocol\Handler\file {79eac9e7-baf9-11ce-8c82-00aa004ba90b} - C:\Windows\System32\urlmon.dll (Microsoft Corporation) O18 - Protocol\Handler\ftp {79eac9e3-baf9-11ce-8c82-00aa004ba90b} - C:\Windows\System32\urlmon.dll (Microsoft Corporation) O18 - Protocol\Handler\http {79eac9e2-baf9-11ce-8c82-00aa004ba90b} - C:\Windows\System32\urlmon.dll (Microsoft Corporation) O18 - Protocol\Handler\https {79eac9e5-baf9-11ce-8c82-00aa004ba90b} - C:\Windows\System32\urlmon.dll (Microsoft Corporation) O18 - Protocol\Handler\its {9D148291-B9C8-11D0-A4CC-0000F80149F6} - C:\Windows\System32\itss.dll (Microsoft Corporation) O18 - Protocol\Handler\javascript {3050F3B2-98B5-11CF-BB82-00AA00BDCE0B} - C:\Windows\System32\mshtml.dll (Microsoft Corporation) O18 - Protocol\Handler\livecall {828030A1-22C1-4009-854F-8E305202313F} - C:\Programme\Windows Live\Messenger\msgrapp.14.0.8089.0726.dll (Microsoft Corporation) O18 - Protocol\Handler\local {79eac9e7-baf9-11ce-8c82-00aa004ba90b} - C:\Windows\System32\urlmon.dll (Microsoft Corporation) O18 - Protocol\Handler\mailto {3050f3DA-98B5-11CF-BB82-00AA00BDCE0B} - C:\Windows\System32\mshtml.dll (Microsoft Corporation) O18 - Protocol\Handler\mhtml {05300401-BCBC-11d0-85E3-00C04FD85AB4} - C:\Windows\System32\inetcomm.dll (Microsoft Corporation) O18 - Protocol\Handler\mk {79eac9e6-baf9-11ce-8c82-00aa004ba90b} - C:\Windows\System32\urlmon.dll (Microsoft Corporation) O18 - Protocol\Handler\ms-help {314111c7-a502-11d2-bbca-00c04f8ec294} - C:\Programme\Common Files\microsoft shared\Help\hxds.dll (Microsoft Corporation) O18 - Protocol\Handler\ms-its {9D148291-B9C8-11D0-A4CC-0000F80149F6} - C:\Windows\System32\itss.dll (Microsoft Corporation) O18 - Protocol\Handler\msnim {828030A1-22C1-4009-854F-8E305202313F} - C:\Programme\Windows Live\Messenger\msgrapp.14.0.8089.0726.dll (Microsoft Corporation) O18 - Protocol\Handler\res {3050F3BC-98B5-11CF-BB82-00AA00BDCE0B} - C:\Windows\System32\mshtml.dll (Microsoft Corporation) O18 - Protocol\Handler\tv {CBD30858-AF45-11D2-B6D6-00C04FBBDE6E} - C:\Windows\System32\MSVidCtl.dll (Microsoft Corporation) O18 - Protocol\Handler\vbscript {3050F3B2-98B5-11CF-BB82-00AA00BDCE0B} - C:\Windows\System32\mshtml.dll (Microsoft Corporation) O18 - Protocol\Handler\wlmailhtml {03C514A3-1EFB-4856-9F99-10D7BE1653C0} - C:\Programme\Windows Live\Mail\mailcomm.dll (Microsoft Corporation) O18 - Protocol\Filter\application/octet-stream {1E66F26B-79EE-11D2-8710-00C04F79ED0D} - C:\Windows\System32\mscoree.dll (Microsoft Corporation) O18 - Protocol\Filter\application/x-complus {1E66F26B-79EE-11D2-8710-00C04F79ED0D} - C:\Windows\System32\mscoree.dll (Microsoft Corporation) O18 - Protocol\Filter\application/x-msdownload {1E66F26B-79EE-11D2-8710-00C04F79ED0D} - C:\Windows\System32\mscoree.dll (Microsoft Corporation) O18 - Protocol\Filter\deflate {8f6b0360-b80d-11d0-a9b3-006097942311} - C:\Windows\System32\urlmon.dll (Microsoft Corporation) O18 - Protocol\Filter\gzip {8f6b0360-b80d-11d0-a9b3-006097942311} - C:\Windows\System32\urlmon.dll (Microsoft Corporation) O18 - Protocol\Filter\text/xml {807563E5-5146-11D5-A672-00B0D022E945} - C:\Programme\Common Files\microsoft shared\OFFICE12\MSOXMLMF.DLL (Microsoft Corporation) O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation) O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\System32\userinit.exe (Microsoft Corporation) O20 - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\Windows\System32\SystemPropertiesPerformance.exe (Microsoft Corporation) O20 - HKLM Winlogon: VMApplet - (/pagefile) - File not found O20 - Winlogon\Notify\dcmprss: DllName - dcmprss.dll - C:\Windows\System32\dcmprss.dll () O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - CLSID or File not found. O24 - Desktop WallPaper: C:\Users\Cansel\Pictures\UltimateStrands_1920x1200.jpg O24 - Desktop BackupWallPaper: C:\Users\Cansel\Pictures\UltimateStrands_1920x1200.jpg O29 - HKLM SecurityProviders - (credssp.dll) - C:\Windows\System32\credssp.dll (Microsoft Corporation) O30 - LSA: Authentication Packages - (msv1_0) - C:\Windows\System32\msv1_0.dll (Microsoft Corporation) O30 - LSA: Security Packages - (kerberos) - C:\Windows\System32\kerberos.dll (Microsoft Corporation) O30 - LSA: Security Packages - (msv1_0) - C:\Windows\System32\msv1_0.dll (Microsoft Corporation) O30 - LSA: Security Packages - (schannel) - C:\Windows\System32\schannel.dll (Microsoft Corporation) O30 - LSA: Security Packages - (wdigest) - C:\Windows\System32\wdigest.dll (Microsoft Corporation) O30 - LSA: Security Packages - (tspkg) - C:\Windows\System32\tspkg.dll (Microsoft Corporation) O30 - LSA: Security Packages - (pku2u) - C:\Windows\System32\pku2u.dll (Microsoft Corporation) O30 - LSA: Security Packages - (livessp) - C:\Windows\System32\livessp.dll (Microsoft Corporation) O31 - SafeBoot: AlternateShell - cmd.exe O32 - HKLM CDRom: AutoRun - 1 O32 - AutoRun File - [2009.06.10 22:42:20 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ] O33 - MountPoints2\{14cb6fc7-fc89-11df-bf47-001583f11118}\Shell - "" = AutoRun O33 - MountPoints2\{14cb6fc7-fc89-11df-bf47-001583f11118}\Shell\AutoRun\command - "" = G:\LaunchU3.exe -- File not found O34 - HKLM BootExecute: (autocheck autochk *) - File not found O35 - HKLM\..comfile [open] -- "%1" %* O35 - HKLM\..exefile [open] -- "%1" %* O37 - HKLM\...com [@ = comfile] -- "%1" %* O37 - HKLM\...exe [@ = exefile] -- "%1" %* ========== Files/Folders - Created Within 30 Days ========== [2010.12.25 13:21:14 | 000,079,874 | ---- | C] () -- C:\ProgramData\lbgaKFev.exe [2010.12.25 13:21:14 | 000,079,874 | ---- | C] () -- C:\ProgramData\lbgaKFev.exe [2010.12.25 13:21:03 | 000,000,112 | ---- | C] () -- C:\ProgramData\e4em2uq.dat [2010.12.25 13:21:03 | 000,000,112 | ---- | C] () -- C:\ProgramData\e4em2uq.dat [2010.12.25 13:20:10 | 000,039,936 | ---- | C] () -- C:\Windows\Fonts\tfn3pTBOW.com [2010.12.22 22:02:18 | 001,393,388 | -H-- | C] () -- C:\Users\Cansel\AppData\Local\IconCache.db [2010.12.22 20:58:16 | 000,031,552 | ---- | C] (TuneUp Software) -- C:\Windows\System32\TURegOpt.exe [2010.12.22 20:58:14 | 000,029,504 | ---- | C] (TuneUp Software) -- C:\Windows\System32\uxtuneup.dll [2010.12.22 20:58:14 | 000,021,312 | ---- | C] (TuneUp Software) -- C:\Windows\System32\authuitu.dll [2010.12.22 20:57:45 | 000,000,000 | ---D | C] -- C:\Programme\TuneUp Utilities 2011 [2010.12.22 20:55:57 | 000,000,000 | -HSD | C] -- C:\ProgramData\{24036256-BFDB-4CD3-BE8A-A3D6160F2E16} [2010.12.22 00:40:53 | 000,756,224 | ---- | C] (Windows (R) Codename Longhorn DDK provider) -- C:\Windows\System32\drivers\gwqqzn.sys [2010.12.22 00:39:45 | 000,009,728 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\drivers\acpipmi.sys [2010.12.22 00:36:11 | 000,000,000 | ---D | C] -- C:\Users\Cansel\AppData\Roaming\Isce [2010.12.22 00:36:11 | 000,000,000 | ---D | C] -- C:\Users\Cansel\AppData\Roaming\Ilmalu [2010.12.22 00:35:58 | 000,000,000 | -H-D | C] -- C:\Users\Public\Documents\Server [2010.12.16 13:52:08 | 000,002,048 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\tzres.dll [2010.12.16 13:51:56 | 000,606,208 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mstime.dll [2010.12.16 13:51:51 | 000,599,040 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msfeeds.dll [2010.12.16 13:51:50 | 000,381,440 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\iedkcs32.dll [2010.12.16 13:51:50 | 000,185,856 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\iepeers.dll [2010.12.16 13:51:50 | 000,176,640 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ieui.dll [2010.12.16 13:51:49 | 000,064,512 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msfeedsbs.dll [2010.12.16 13:51:49 | 000,044,544 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\licmgr10.dll [2010.12.16 13:51:48 | 000,386,048 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\html.iec [2010.12.16 13:51:48 | 000,048,128 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\jsproxy.dll [2010.12.16 13:51:48 | 000,012,800 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msfeedssync.exe [2010.12.16 13:51:47 | 001,638,912 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mshtml.tlb [2010.12.16 13:51:44 | 000,496,128 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\taskschd.dll [2010.12.16 13:51:43 | 000,351,232 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\wmicmiplugin.dll [2010.12.16 13:51:42 | 000,305,152 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\taskcomp.dll [2010.12.16 13:51:42 | 000,179,712 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\schtasks.exe [2010.12.16 13:51:40 | 000,294,400 | ---- | C] (Adobe Systems Incorporated) -- C:\Windows\System32\atmfd.dll [2010.12.16 13:51:40 | 000,034,304 | ---- | C] (Adobe Systems) -- C:\Windows\System32\atmlib.dll [2010.12.16 13:51:39 | 000,314,368 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\webio.dll [2010.12.16 13:51:38 | 002,327,552 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\win32k.sys [2010.12.16 13:51:38 | 000,101,760 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\consent.exe [2010.12.11 13:36:35 | 000,000,000 | ---D | C] -- C:\Windows\Hacker [2010.12.11 13:36:34 | 000,000,000 | ---D | C] -- C:\Programme\Cornel H@cker [2010.12.05 02:50:04 | 000,076,435 | ---- | C] () -- C:\Users\Cansel\AppData\Local\TempPic.jpg [2009.12.07 01:53:37 | 000,000,017 | ---- | C] () -- C:\Users\Cansel\AppData\Local\resmon.resmoncfg [2009.12.07 00:05:13 | 000,091,280 | ---- | C] () -- C:\Users\Cansel\AppData\Local\GDIPFONTCACHEV1.DAT [2009.12.01 00:22:29 | 000,000,027 | ---- | C] () -- C:\Users\Cansel\AppData\Roaming\Opusbext.dat [2009.07.14 05:41:57 | 000,000,174 | -HS- | C] () -- C:\Programme\desktop.ini [2008.12.28 21:27:23 | 000,001,980 | ---- | C] () -- C:\Program Files\Windows Live Messenger .lnk [2007.12.16 17:51:01 | 000,022,328 | ---- | C] () -- C:\Users\Cansel\AppData\Roaming\PnkBstrK.sys [1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ] ========== Files - Modified Within 30 Days ========== [2010.12.25 16:49:56 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat [2010.12.25 16:49:51 | 2414,731,264 | -HS- | M] () -- C:\hiberfil.sys [2010.12.25 14:04:19 | 000,010,288 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0 [2010.12.25 14:04:19 | 000,010,288 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0 [2010.12.25 14:00:00 | 000,000,344 | ---- | M] () -- C:\Windows\tasks\At87.job [2010.12.25 14:00:00 | 000,000,344 | ---- | M] () -- C:\Windows\tasks\At63.job [2010.12.25 14:00:00 | 000,000,344 | ---- | M] () -- C:\Windows\tasks\At39.job [2010.12.25 13:59:16 | 008,405,015 | ---- | M] () -- C:\Windows\TempFile [2010.12.25 13:59:12 | 000,000,372 | ---- | M] () -- C:\Windows\tasks\AWC Startup.job [2010.12.25 13:59:10 | 000,000,350 | ---- | M] () -- C:\Windows\tasks\At9.job [2010.12.25 13:59:10 | 000,000,350 | ---- | M] () -- C:\Windows\tasks\At8.job [2010.12.25 13:59:10 | 000,000,350 | ---- | M] () -- C:\Windows\tasks\At7.job [2010.12.25 13:59:10 | 000,000,350 | ---- | M] () -- C:\Windows\tasks\At6.job [2010.12.25 13:59:10 | 000,000,350 | ---- | M] () -- C:\Windows\tasks\At5.job [2010.12.25 13:59:10 | 000,000,350 | ---- | M] () -- C:\Windows\tasks\At4.job [2010.12.25 13:59:10 | 000,000,350 | ---- | M] () -- C:\Windows\tasks\At3.job [2010.12.25 13:59:10 | 000,000,350 | ---- | M] () -- C:\Windows\tasks\At24.job [2010.12.25 13:59:10 | 000,000,350 | ---- | M] () -- C:\Windows\tasks\At23.job [2010.12.25 13:59:10 | 000,000,350 | ---- | M] () -- C:\Windows\tasks\At22.job [2010.12.25 13:59:10 | 000,000,350 | ---- | M] () -- C:\Windows\tasks\At21.job [2010.12.25 13:59:10 | 000,000,350 | ---- | M] () -- C:\Windows\tasks\At20.job [2010.12.25 13:59:10 | 000,000,350 | ---- | M] () -- C:\Windows\tasks\At2.job [2010.12.25 13:59:10 | 000,000,350 | ---- | M] () -- C:\Windows\tasks\At19.job [2010.12.25 13:59:10 | 000,000,350 | ---- | M] () -- C:\Windows\tasks\At18.job [2010.12.25 13:59:10 | 000,000,350 | ---- | M] () -- C:\Windows\tasks\At17.job [2010.12.25 13:59:10 | 000,000,350 | ---- | M] () -- C:\Windows\tasks\At16.job [2010.12.25 13:59:10 | 000,000,350 | ---- | M] () -- C:\Windows\tasks\At15.job [2010.12.25 13:59:10 | 000,000,350 | ---- | M] () -- C:\Windows\tasks\At14.job [2010.12.25 13:59:10 | 000,000,350 | ---- | M] () -- C:\Windows\tasks\At13.job [2010.12.25 13:59:10 | 000,000,350 | ---- | M] () -- C:\Windows\tasks\At12.job [2010.12.25 13:59:10 | 000,000,350 | ---- | M] () -- C:\Windows\tasks\At11.job [2010.12.25 13:59:10 | 000,000,350 | ---- | M] () -- C:\Windows\tasks\At10.job [2010.12.25 13:59:10 | 000,000,350 | ---- | M] () -- C:\Windows\tasks\At1.job [2010.12.25 13:59:10 | 000,000,344 | ---- | M] () -- C:\Windows\tasks\At96.job [2010.12.25 13:59:10 | 000,000,344 | ---- | M] () -- C:\Windows\tasks\At95.job [2010.12.25 13:59:10 | 000,000,344 | ---- | M] () -- C:\Windows\tasks\At94.job [2010.12.25 13:59:10 | 000,000,344 | ---- | M] () -- C:\Windows\tasks\At93.job [2010.12.25 13:59:10 | 000,000,344 | ---- | M] () -- C:\Windows\tasks\At92.job [2010.12.25 13:59:10 | 000,000,344 | ---- | M] () -- C:\Windows\tasks\At91.job [2010.12.25 13:59:10 | 000,000,344 | ---- | M] () -- C:\Windows\tasks\At90.job [2010.12.25 13:59:10 | 000,000,344 | ---- | M] () -- C:\Windows\tasks\At89.job [2010.12.25 13:59:10 | 000,000,344 | ---- | M] () -- C:\Windows\tasks\At88.job [2010.12.25 13:59:10 | 000,000,344 | ---- | M] () -- C:\Windows\tasks\At86.job [2010.12.25 13:59:10 | 000,000,344 | ---- | M] () -- C:\Windows\tasks\At85.job [2010.12.25 13:59:10 | 000,000,344 | ---- | M] () -- C:\Windows\tasks\At84.job [2010.12.25 13:59:10 | 000,000,344 | ---- | M] () -- C:\Windows\tasks\At83.job [2010.12.25 13:59:10 | 000,000,344 | ---- | M] () -- C:\Windows\tasks\At82.job [2010.12.25 13:59:10 | 000,000,344 | ---- | M] () -- C:\Windows\tasks\At81.job [2010.12.25 13:59:10 | 000,000,344 | ---- | M] () -- C:\Windows\tasks\At80.job [2010.12.25 13:59:10 | 000,000,344 | ---- | M] () -- C:\Windows\tasks\At79.job [2010.12.25 13:59:10 | 000,000,344 | ---- | M] () -- C:\Windows\tasks\At78.job [2010.12.25 13:59:10 | 000,000,344 | ---- | M] () -- C:\Windows\tasks\At77.job [2010.12.25 13:59:10 | 000,000,344 | ---- | M] () -- C:\Windows\tasks\At76.job [2010.12.25 13:59:10 | 000,000,344 | ---- | M] () -- C:\Windows\tasks\At75.job [2010.12.25 13:59:10 | 000,000,344 | ---- | M] () -- C:\Windows\tasks\At74.job [2010.12.25 13:59:10 | 000,000,344 | ---- | M] () -- C:\Windows\tasks\At73.job [2010.12.25 13:59:10 | 000,000,344 | ---- | M] () -- C:\Windows\tasks\At72.job [2010.12.25 13:59:10 | 000,000,344 | ---- | M] () -- C:\Windows\tasks\At71.job [2010.12.25 13:59:10 | 000,000,344 | ---- | M] () -- C:\Windows\tasks\At70.job [2010.12.25 13:59:10 | 000,000,344 | ---- | M] () -- C:\Windows\tasks\At69.job [2010.12.25 13:59:10 | 000,000,344 | ---- | M] () -- C:\Windows\tasks\At68.job [2010.12.25 13:59:10 | 000,000,344 | ---- | M] () -- C:\Windows\tasks\At67.job [2010.12.25 13:59:10 | 000,000,344 | ---- | M] () -- C:\Windows\tasks\At66.job [2010.12.25 13:59:10 | 000,000,344 | ---- | M] () -- C:\Windows\tasks\At65.job [2010.12.25 13:59:10 | 000,000,344 | ---- | M] () -- C:\Windows\tasks\At64.job [2010.12.25 13:59:10 | 000,000,344 | ---- | M] () -- C:\Windows\tasks\At62.job [2010.12.25 13:59:10 | 000,000,344 | ---- | M] () -- C:\Windows\tasks\At61.job [2010.12.25 13:59:10 | 000,000,344 | ---- | M] () -- C:\Windows\tasks\At60.job [2010.12.25 13:59:10 | 000,000,344 | ---- | M] () -- C:\Windows\tasks\At59.job [2010.12.25 13:59:10 | 000,000,344 | ---- | M] () -- C:\Windows\tasks\At58.job [2010.12.25 13:59:10 | 000,000,344 | ---- | M] () -- C:\Windows\tasks\At57.job [2010.12.25 13:59:10 | 000,000,344 | ---- | M] () -- C:\Windows\tasks\At56.job [2010.12.25 13:59:10 | 000,000,344 | ---- | M] () -- C:\Windows\tasks\At55.job [2010.12.25 13:59:10 | 000,000,344 | ---- | M] () -- C:\Windows\tasks\At54.job [2010.12.25 13:59:10 | 000,000,344 | ---- | M] () -- C:\Windows\tasks\At53.job [2010.12.25 13:59:10 | 000,000,344 | ---- | M] () -- C:\Windows\tasks\At52.job [2010.12.25 13:59:10 | 000,000,344 | ---- | M] () -- C:\Windows\tasks\At51.job [2010.12.25 13:59:10 | 000,000,344 | ---- | M] () -- C:\Windows\tasks\At50.job [2010.12.25 13:59:10 | 000,000,344 | ---- | M] () -- C:\Windows\tasks\At49.job [2010.12.25 13:59:10 | 000,000,344 | ---- | M] () -- C:\Windows\tasks\At48.job [2010.12.25 13:59:10 | 000,000,344 | ---- | M] () -- C:\Windows\tasks\At47.job [2010.12.25 13:59:10 | 000,000,344 | ---- | M] () -- C:\Windows\tasks\At46.job [2010.12.25 13:59:10 | 000,000,344 | ---- | M] () -- C:\Windows\tasks\At45.job [2010.12.25 13:59:10 | 000,000,344 | ---- | M] () -- C:\Windows\tasks\At44.job [2010.12.25 13:59:10 | 000,000,344 | ---- | M] () -- C:\Windows\tasks\At43.job [2010.12.25 13:59:10 | 000,000,344 | ---- | M] () -- C:\Windows\tasks\At42.job [2010.12.25 13:59:10 | 000,000,344 | ---- | M] () -- C:\Windows\tasks\At41.job [2010.12.25 13:59:10 | 000,000,344 | ---- | M] () -- C:\Windows\tasks\At40.job [2010.12.25 13:59:10 | 000,000,344 | ---- | M] () -- C:\Windows\tasks\At38.job [2010.12.25 13:59:10 | 000,000,344 | ---- | M] () -- C:\Windows\tasks\At37.job [2010.12.25 13:59:10 | 000,000,344 | ---- | M] () -- C:\Windows\tasks\At36.job [2010.12.25 13:59:10 | 000,000,344 | ---- | M] () -- C:\Windows\tasks\At35.job [2010.12.25 13:59:10 | 000,000,344 | ---- | M] () -- C:\Windows\tasks\At34.job [2010.12.25 13:59:10 | 000,000,344 | ---- | M] () -- C:\Windows\tasks\At33.job [2010.12.25 13:59:10 | 000,000,344 | ---- | M] () -- C:\Windows\tasks\At32.job [2010.12.25 13:59:10 | 000,000,344 | ---- | M] () -- C:\Windows\tasks\At31.job [2010.12.25 13:59:10 | 000,000,344 | ---- | M] () -- C:\Windows\tasks\At30.job [2010.12.25 13:59:10 | 000,000,344 | ---- | M] () -- C:\Windows\tasks\At29.job [2010.12.25 13:59:10 | 000,000,344 | ---- | M] () -- C:\Windows\tasks\At28.job [2010.12.25 13:59:10 | 000,000,344 | ---- | M] () -- C:\Windows\tasks\At27.job [2010.12.25 13:59:10 | 000,000,344 | ---- | M] () -- C:\Windows\tasks\At26.job [2010.12.25 13:59:10 | 000,000,344 | ---- | M] () -- C:\Windows\tasks\At25.job [2010.12.25 13:30:13 | 000,000,344 | ---- | M] () -- C:\Windows\tasks\At120.job [2010.12.25 13:30:13 | 000,000,344 | ---- | M] () -- C:\Windows\tasks\At119.job [2010.12.25 13:30:13 | 000,000,344 | ---- | M] () -- C:\Windows\tasks\At118.job [2010.12.25 13:30:13 | 000,000,344 | ---- | M] () -- C:\Windows\tasks\At117.job [2010.12.25 13:30:13 | 000,000,344 | ---- | M] () -- C:\Windows\tasks\At116.job [2010.12.25 13:30:13 | 000,000,344 | ---- | M] () -- C:\Windows\tasks\At115.job [2010.12.25 13:30:13 | 000,000,344 | ---- | M] () -- C:\Windows\tasks\At114.job [2010.12.25 13:30:13 | 000,000,344 | ---- | M] () -- C:\Windows\tasks\At113.job [2010.12.25 13:30:13 | 000,000,344 | ---- | M] () -- C:\Windows\tasks\At112.job [2010.12.25 13:30:13 | 000,000,344 | ---- | M] () -- C:\Windows\tasks\At111.job [2010.12.25 13:30:13 | 000,000,344 | ---- | M] () -- C:\Windows\tasks\At110.job [2010.12.25 13:30:13 | 000,000,344 | ---- | M] () -- C:\Windows\tasks\At109.job [2010.12.25 13:30:13 | 000,000,344 | ---- | M] () -- C:\Windows\tasks\At108.job [2010.12.25 13:30:12 | 000,000,344 | ---- | M] () -- C:\Windows\tasks\At99.job [2010.12.25 13:30:12 | 000,000,344 | ---- | M] () -- C:\Windows\tasks\At98.job [2010.12.25 13:30:12 | 000,000,344 | ---- | M] () -- C:\Windows\tasks\At97.job [2010.12.25 13:30:12 | 000,000,344 | ---- | M] () -- C:\Windows\tasks\At107.job [2010.12.25 13:30:12 | 000,000,344 | ---- | M] () -- C:\Windows\tasks\At106.job [2010.12.25 13:30:12 | 000,000,344 | ---- | M] () -- C:\Windows\tasks\At105.job [2010.12.25 13:30:12 | 000,000,344 | ---- | M] () -- C:\Windows\tasks\At104.job [2010.12.25 13:30:12 | 000,000,344 | ---- | M] () -- C:\Windows\tasks\At103.job [2010.12.25 13:30:12 | 000,000,344 | ---- | M] () -- C:\Windows\tasks\At102.job [2010.12.25 13:30:12 | 000,000,344 | ---- | M] () -- C:\Windows\tasks\At101.job [2010.12.25 13:30:12 | 000,000,344 | ---- | M] () -- C:\Windows\tasks\At100.job [2010.12.25 13:21:03 | 000,079,874 | ---- | M] () -- C:\ProgramData\lbgaKFev.exe [2010.12.25 13:21:03 | 000,000,112 | ---- | M] () -- C:\ProgramData\e4em2uq.dat [2010.12.25 00:22:08 | 000,010,752 | ---- | M] () -- C:\Windows\System32\dcmprss.dll [2010.12.22 20:58:02 | 000,002,164 | ---- | M] () -- C:\Users\Public\Desktop\TuneUp 1-Klick-Wartung.lnk [2010.12.22 20:58:02 | 000,002,144 | ---- | M] () -- C:\Users\Public\Desktop\TuneUp Utilities 2011.lnk [2010.12.22 12:27:40 | 000,756,224 | ---- | M] (Windows (R) Codename Longhorn DDK provider) -- C:\Windows\System32\drivers\gwqqzn.sys [2010.12.20 18:09:00 | 000,038,224 | ---- | M] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbamswissarmy.sys [2010.12.20 18:08:40 | 000,020,952 | ---- | M] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbam.sys [2010.12.17 15:48:33 | 000,000,069 | ---- | M] () -- C:\Windows\NeroDigital.ini [2010.12.16 14:29:41 | 000,358,456 | ---- | M] () -- C:\Windows\System32\FNTCACHE.DAT [2010.12.14 14:05:20 | 000,031,552 | ---- | M] (TuneUp Software) -- C:\Windows\System32\TURegOpt.exe [2010.12.14 14:00:56 | 000,021,312 | ---- | M] (TuneUp Software) -- C:\Windows\System32\authuitu.dll [2010.12.14 14:00:50 | 000,029,504 | ---- | M] (TuneUp Software) -- C:\Windows\System32\uxtuneup.dll [2010.12.05 02:55:26 | 000,076,435 | ---- | M] () -- C:\Users\Cansel\AppData\Local\TempPic.jpg [2010.12.04 10:46:26 | 000,000,036 | ---- | M] () -- C:\Windows\Cornel_Password.config [2010.12.02 21:59:08 | 000,109,568 | -H-- | M] () -- C:\Windows\System32\vcuzneefxgelhbvo.exe [2010.12.02 21:59:08 | 000,109,568 | -H-- | M] () -- C:\Windows\System32\tygrayocviwfcnma.exe [2010.12.02 21:59:08 | 000,109,568 | -H-- | M] () -- C:\Windows\System32\oanbhtadbncuitom.exe [2010.12.02 21:59:08 | 000,109,568 | -H-- | M] () -- C:\Windows\System32\knwmhvfbfuxywqkr.exe [2010.12.02 21:59:08 | 000,109,568 | -H-- | M] () -- C:\Windows\System32\jwmrvrzqbyupnfvw.exe [2010.12.02 21:59:08 | 000,109,568 | -H-- | M] () -- C:\Windows\System32\iszijxrfxakgusoa.exe [2010.12.02 21:59:08 | 000,109,568 | -H-- | M] () -- C:\Windows\System32\alsaipbnjsndpaee.exe [2010.11.30 15:30:49 | 000,653,928 | ---- | M] () -- C:\Windows\System32\perfh007.dat [2010.11.30 15:30:49 | 000,615,810 | ---- | M] () -- C:\Windows\System32\perfh009.dat [2010.11.30 15:30:49 | 000,129,800 | ---- | M] () -- C:\Windows\System32\perfc007.dat [2010.11.30 15:30:49 | 000,106,190 | ---- | M] () -- C:\Windows\System32\perfc009.dat [2010.11.25 20:13:48 | 000,000,000 | ---- | M] () -- C:\Users\Cansel\Desktop\Microsoft Office Word-Dokument (neu).docx [1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ] ========== Files Created - No Company Name ========== [2010.12.25 13:30:13 | 000,000,344 | ---- | C] () -- C:\Windows\tasks\At120.job [2010.12.25 13:30:13 | 000,000,344 | ---- | C] () -- C:\Windows\tasks\At119.job [2010.12.25 13:30:13 | 000,000,344 | ---- | C] () -- C:\Windows\tasks\At118.job [2010.12.25 13:30:13 | 000,000,344 | ---- | C] () -- C:\Windows\tasks\At117.job [2010.12.25 13:30:13 | 000,000,344 | ---- | C] () -- C:\Windows\tasks\At116.job [2010.12.25 13:30:13 | 000,000,344 | ---- | C] () -- C:\Windows\tasks\At115.job [2010.12.25 13:30:13 | 000,000,344 | ---- | C] () -- C:\Windows\tasks\At114.job [2010.12.25 13:30:13 | 000,000,344 | ---- | C] () -- C:\Windows\tasks\At113.job [2010.12.25 13:30:13 | 000,000,344 | ---- | C] () -- C:\Windows\tasks\At112.job [2010.12.25 13:30:13 | 000,000,344 | ---- | C] () -- C:\Windows\tasks\At111.job [2010.12.25 13:30:13 | 000,000,344 | ---- | C] () -- C:\Windows\tasks\At110.job [2010.12.25 13:30:13 | 000,000,344 | ---- | C] () -- C:\Windows\tasks\At109.job [2010.12.25 13:30:12 | 000,000,344 | ---- | C] () -- C:\Windows\tasks\At99.job [2010.12.25 13:30:12 | 000,000,344 | ---- | C] () -- C:\Windows\tasks\At98.job [2010.12.25 13:30:12 | 000,000,344 | ---- | C] () -- C:\Windows\tasks\At97.job [2010.12.25 13:30:12 | 000,000,344 | ---- | C] () -- C:\Windows\tasks\At108.job [2010.12.25 13:30:12 | 000,000,344 | ---- | C] () -- C:\Windows\tasks\At107.job [2010.12.25 13:30:12 | 000,000,344 | ---- | C] () -- C:\Windows\tasks\At106.job [2010.12.25 13:30:12 | 000,000,344 | ---- | C] () -- C:\Windows\tasks\At105.job [2010.12.25 13:30:12 | 000,000,344 | ---- | C] () -- C:\Windows\tasks\At104.job [2010.12.25 13:30:12 | 000,000,344 | ---- | C] () -- C:\Windows\tasks\At103.job [2010.12.25 13:30:12 | 000,000,344 | ---- | C] () -- C:\Windows\tasks\At102.job [2010.12.25 13:30:12 | 000,000,344 | ---- | C] () -- C:\Windows\tasks\At101.job [2010.12.25 13:30:12 | 000,000,344 | ---- | C] () -- C:\Windows\tasks\At100.job [2010.12.25 13:28:13 | 000,000,344 | ---- | C] () -- C:\Windows\tasks\At96.job [2010.12.25 13:28:13 | 000,000,344 | ---- | C] () -- C:\Windows\tasks\At95.job [2010.12.25 13:28:13 | 000,000,344 | ---- | C] () -- C:\Windows\tasks\At94.job [2010.12.25 13:28:13 | 000,000,344 | ---- | C] () -- C:\Windows\tasks\At93.job [2010.12.25 13:28:13 | 000,000,344 | ---- | C] () -- C:\Windows\tasks\At92.job [2010.12.25 13:28:13 | 000,000,344 | ---- | C] () -- C:\Windows\tasks\At91.job [2010.12.25 13:28:13 | 000,000,344 | ---- | C] () -- C:\Windows\tasks\At90.job [2010.12.25 13:28:12 | 000,000,344 | ---- | C] () -- C:\Windows\tasks\At89.job [2010.12.25 13:28:12 | 000,000,344 | ---- | C] () -- C:\Windows\tasks\At88.job [2010.12.25 13:28:12 | 000,000,344 | ---- | C] () -- C:\Windows\tasks\At87.job [2010.12.25 13:28:12 | 000,000,344 | ---- | C] () -- C:\Windows\tasks\At86.job [2010.12.25 13:28:12 | 000,000,344 | ---- | C] () -- C:\Windows\tasks\At85.job [2010.12.25 13:28:12 | 000,000,344 | ---- | C] () -- C:\Windows\tasks\At84.job [2010.12.25 13:28:12 | 000,000,344 | ---- | C] () -- C:\Windows\tasks\At83.job [2010.12.25 13:28:12 | 000,000,344 | ---- | C] () -- C:\Windows\tasks\At82.job [2010.12.25 13:28:12 | 000,000,344 | ---- | C] () -- C:\Windows\tasks\At81.job [2010.12.25 13:28:12 | 000,000,344 | ---- | C] () -- C:\Windows\tasks\At80.job [2010.12.25 13:28:12 | 000,000,344 | ---- | C] () -- C:\Windows\tasks\At79.job [2010.12.25 13:28:12 | 000,000,344 | ---- | C] () -- C:\Windows\tasks\At78.job [2010.12.25 13:28:12 | 000,000,344 | ---- | C] () -- C:\Windows\tasks\At77.job [2010.12.25 13:28:12 | 000,000,344 | ---- | C] () -- C:\Windows\tasks\At76.job [2010.12.25 13:28:12 | 000,000,344 | ---- | C] () -- C:\Windows\tasks\At75.job [2010.12.25 13:28:12 | 000,000,344 | ---- | C] () -- C:\Windows\tasks\At74.job [2010.12.25 13:28:12 | 000,000,344 | ---- | C] () -- C:\Windows\tasks\At73.job [2010.12.25 13:23:35 | 000,000,344 | ---- | C] () -- C:\Windows\tasks\At72.job [2010.12.25 13:23:35 | 000,000,344 | ---- | C] () -- C:\Windows\tasks\At71.job [2010.12.25 13:23:35 | 000,000,344 | ---- | C] () -- C:\Windows\tasks\At70.job [2010.12.25 13:23:35 | 000,000,344 | ---- | C] () -- C:\Windows\tasks\At69.job [2010.12.25 13:23:35 | 000,000,344 | ---- | C] () -- C:\Windows\tasks\At68.job [2010.12.25 13:23:35 | 000,000,344 | ---- | C] () -- C:\Windows\tasks\At67.job [2010.12.25 13:23:35 | 000,000,344 | ---- | C] () -- C:\Windows\tasks\At66.job [2010.12.25 13:23:35 | 000,000,344 | ---- | C] () -- C:\Windows\tasks\At65.job [2010.12.25 13:23:35 | 000,000,344 | ---- | C] () -- C:\Windows\tasks\At64.job [2010.12.25 13:23:35 | 000,000,344 | ---- | C] () -- C:\Windows\tasks\At63.job [2010.12.25 13:23:35 | 000,000,344 | ---- | C] () -- C:\Windows\tasks\At62.job [2010.12.25 13:23:35 | 000,000,344 | ---- | C] () -- C:\Windows\tasks\At61.job [2010.12.25 13:23:35 | 000,000,344 | ---- | C] () -- C:\Windows\tasks\At60.job [2010.12.25 13:23:35 | 000,000,344 | ---- | C] () -- C:\Windows\tasks\At59.job [2010.12.25 13:23:35 | 000,000,344 | ---- | C] () -- C:\Windows\tasks\At58.job [2010.12.25 13:23:35 | 000,000,344 | ---- | C] () -- C:\Windows\tasks\At57.job [2010.12.25 13:23:35 | 000,000,344 | ---- | C] () -- C:\Windows\tasks\At56.job [2010.12.25 13:23:35 | 000,000,344 | ---- | C] () -- C:\Windows\tasks\At55.job [2010.12.25 13:23:35 | 000,000,344 | ---- | C] () -- C:\Windows\tasks\At54.job [2010.12.25 13:23:35 | 000,000,344 | ---- | C] () -- C:\Windows\tasks\At53.job [2010.12.25 13:23:35 | 000,000,344 | ---- | C] () -- C:\Windows\tasks\At52.job [2010.12.25 13:23:35 | 000,000,344 | ---- | C] () -- C:\Windows\tasks\At51.job [2010.12.25 13:23:34 | 000,000,344 | ---- | C] () -- C:\Windows\tasks\At50.job [2010.12.25 13:23:34 | 000,000,344 | ---- | C] () -- C:\Windows\tasks\At49.job [2010.12.25 13:21:15 | 000,000,344 | ---- | C] () -- C:\Windows\tasks\At48.job [2010.12.25 13:21:14 | 000,000,344 | ---- | C] () -- C:\Windows\tasks\At47.job [2010.12.25 13:21:14 | 000,000,344 | ---- | C] () -- C:\Windows\tasks\At46.job [2010.12.25 13:21:14 | 000,000,344 | ---- | C] () -- C:\Windows\tasks\At45.job [2010.12.25 13:21:14 | 000,000,344 | ---- | C] () -- C:\Windows\tasks\At44.job [2010.12.25 13:21:14 | 000,000,344 | ---- | C] () -- C:\Windows\tasks\At43.job [2010.12.25 13:21:14 | 000,000,344 | ---- | C] () -- C:\Windows\tasks\At42.job [2010.12.25 13:21:14 | 000,000,344 | ---- | C] () -- C:\Windows\tasks\At41.job [2010.12.25 13:21:14 | 000,000,344 | ---- | C] () -- C:\Windows\tasks\At40.job [2010.12.25 13:21:14 | 000,000,344 | ---- | C] () -- C:\Windows\tasks\At39.job [2010.12.25 13:21:14 | 000,000,344 | ---- | C] () -- C:\Windows\tasks\At38.job [2010.12.25 13:21:14 | 000,000,344 | ---- | C] () -- C:\Windows\tasks\At37.job [2010.12.25 13:21:14 | 000,000,344 | ---- | C] () -- C:\Windows\tasks\At36.job [2010.12.25 13:21:14 | 000,000,344 | ---- | C] () -- C:\Windows\tasks\At35.job [2010.12.25 13:21:14 | 000,000,344 | ---- | C] () -- C:\Windows\tasks\At34.job [2010.12.25 13:21:14 | 000,000,344 | ---- | C] () -- C:\Windows\tasks\At33.job [2010.12.25 13:21:14 | 000,000,344 | ---- | C] () -- C:\Windows\tasks\At32.job [2010.12.25 13:21:14 | 000,000,344 | ---- | C] () -- C:\Windows\tasks\At31.job [2010.12.25 13:21:14 | 000,000,344 | ---- | C] () -- C:\Windows\tasks\At30.job [2010.12.25 13:21:14 | 000,000,344 | ---- | C] () -- C:\Windows\tasks\At29.job [2010.12.25 13:21:14 | 000,000,344 | ---- | C] () -- C:\Windows\tasks\At28.job [2010.12.25 13:21:14 | 000,000,344 | ---- | C] () -- C:\Windows\tasks\At27.job [2010.12.25 13:21:14 | 000,000,344 | ---- | C] () -- C:\Windows\tasks\At26.job [2010.12.25 13:21:14 | 000,000,344 | ---- | C] () -- C:\Windows\tasks\At25.job [2010.12.25 13:20:12 | 000,000,350 | ---- | C] () -- C:\Windows\tasks\At24.job [2010.12.25 13:20:11 | 000,000,350 | ---- | C] () -- C:\Windows\tasks\At9.job [2010.12.25 13:20:11 | 000,000,350 | ---- | C] () -- C:\Windows\tasks\At8.job [2010.12.25 13:20:11 | 000,000,350 | ---- | C] () -- C:\Windows\tasks\At7.job [2010.12.25 13:20:11 | 000,000,350 | ---- | C] () -- C:\Windows\tasks\At6.job [2010.12.25 13:20:11 | 000,000,350 | ---- | C] () -- C:\Windows\tasks\At5.job [2010.12.25 13:20:11 | 000,000,350 | ---- | C] () -- C:\Windows\tasks\At4.job [2010.12.25 13:20:11 | 000,000,350 | ---- | C] () -- C:\Windows\tasks\At3.job [2010.12.25 13:20:11 | 000,000,350 | ---- | C] () -- C:\Windows\tasks\At23.job [2010.12.25 13:20:11 | 000,000,350 | ---- | C] () -- C:\Windows\tasks\At22.job [2010.12.25 13:20:11 | 000,000,350 | ---- | C] () -- C:\Windows\tasks\At21.job [2010.12.25 13:20:11 | 000,000,350 | ---- | C] () -- C:\Windows\tasks\At20.job [2010.12.25 13:20:11 | 000,000,350 | ---- | C] () -- C:\Windows\tasks\At2.job [2010.12.25 13:20:11 | 000,000,350 | ---- | C] () -- C:\Windows\tasks\At19.job [2010.12.25 13:20:11 | 000,000,350 | ---- | C] () -- C:\Windows\tasks\At18.job [2010.12.25 13:20:11 | 000,000,350 | ---- | C] () -- C:\Windows\tasks\At17.job [2010.12.25 13:20:11 | 000,000,350 | ---- | C] () -- C:\Windows\tasks\At16.job [2010.12.25 13:20:11 | 000,000,350 | ---- | C] () -- C:\Windows\tasks\At15.job [2010.12.25 13:20:11 | 000,000,350 | ---- | C] () -- C:\Windows\tasks\At14.job [2010.12.25 13:20:11 | 000,000,350 | ---- | C] () -- C:\Windows\tasks\At13.job [2010.12.25 13:20:11 | 000,000,350 | ---- | C] () -- C:\Windows\tasks\At12.job [2010.12.25 13:20:11 | 000,000,350 | ---- | C] () -- C:\Windows\tasks\At11.job [2010.12.25 13:20:11 | 000,000,350 | ---- | C] () -- C:\Windows\tasks\At10.job [2010.12.25 13:20:11 | 000,000,350 | ---- | C] () -- C:\Windows\tasks\At1.job [2010.12.25 00:22:08 | 000,010,752 | ---- | C] () -- C:\Windows\System32\dcmprss.dll [2010.12.22 20:58:02 | 000,002,164 | ---- | C] () -- C:\Users\Public\Desktop\TuneUp 1-Klick-Wartung.lnk [2010.12.22 20:58:02 | 000,002,144 | ---- | C] () -- C:\Users\Public\Desktop\TuneUp Utilities 2011.lnk [2010.12.12 17:32:19 | 000,109,568 | -H-- | C] () -- C:\Windows\System32\vcuzneefxgelhbvo.exe [2010.12.11 13:47:59 | 000,109,568 | -H-- | C] () -- C:\Windows\System32\oanbhtadbncuitom.exe [2010.12.04 19:32:12 | 000,109,568 | -H-- | C] () -- C:\Windows\System32\iszijxrfxakgusoa.exe [2010.12.04 11:21:11 | 000,109,568 | -H-- | C] () -- C:\Windows\System32\alsaipbnjsndpaee.exe [2010.12.04 11:20:35 | 000,109,568 | -H-- | C] () -- C:\Windows\System32\knwmhvfbfuxywqkr.exe [2010.12.04 11:18:15 | 000,109,568 | -H-- | C] () -- C:\Windows\System32\jwmrvrzqbyupnfvw.exe [2010.12.04 10:46:26 | 000,000,036 | ---- | C] () -- C:\Windows\Cornel_Password.config [2010.12.04 10:46:04 | 000,109,568 | -H-- | C] () -- C:\Windows\System32\tygrayocviwfcnma.exe [2010.11.25 20:13:48 | 000,000,000 | ---- | C] () -- C:\Users\Cansel\Desktop\Microsoft Office Word-Dokument (neu).docx [2010.11.07 17:26:38 | 001,970,176 | ---- | C] () -- C:\Windows\System32\d3dx9.dll [2010.11.05 14:39:52 | 000,005,120 | ---- | C] () -- C:\Windows\System32\BReWErS.dll [2009.12.07 00:54:01 | 000,001,769 | ---- | C] () -- C:\Windows\Language_trs.ini [2009.12.06 20:31:03 | 000,000,063 | ---- | C] () -- C:\Windows\WININIT.INI [2009.11.25 23:15:58 | 000,117,248 | ---- | C] () -- C:\Windows\System32\EhStorAuthn.dll [2009.07.14 00:51:43 | 000,073,728 | ---- | C] () -- C:\Windows\System32\BthpanContextHandler.dll [2009.07.14 00:42:10 | 000,064,000 | ---- | C] () -- C:\Windows\System32\BWContextHandler.dll [2009.02.22 16:15:01 | 000,000,630 | ---- | C] () -- C:\Windows\IfoEdit.INI [2009.01.18 03:03:41 | 000,000,160 | ---- | C] () -- C:\Windows\mafosav.INI [2008.10.11 01:00:01 | 000,024,576 | R--- | C] () -- C:\Windows\System32\AsIO.dll [2008.10.11 01:00:01 | 000,012,400 | R--- | C] () -- C:\Windows\System32\drivers\AsIO.sys [2008.10.11 00:59:58 | 000,011,832 | ---- | C] () -- C:\Windows\System32\drivers\AsInsHelp64.sys [2008.10.11 00:59:58 | 000,010,216 | ---- | C] () -- C:\Windows\System32\drivers\AsInsHelp32.sys [2008.10.11 00:39:20 | 000,003,972 | ---- | C] () -- C:\Windows\System32\drivers\PciBus.sys [2008.10.10 22:55:50 | 000,007,680 | ---- | C] () -- C:\Windows\System32\drivers\ASACPI.sys [2008.10.10 22:55:09 | 000,031,780 | ---- | C] () -- C:\Windows\Ascd_log.ini [2008.10.07 09:13:22 | 000,058,648 | ---- | C] () -- C:\Windows\System32\AgCPanelTraditionalChinese.dll [2008.10.07 09:13:20 | 000,058,648 | ---- | C] () -- C:\Windows\System32\AgCPanelSwedish.dll [2008.10.07 09:13:20 | 000,058,648 | ---- | C] () -- C:\Windows\System32\AgCPanelSpanish.dll [2008.10.07 09:13:20 | 000,058,648 | ---- | C] () -- C:\Windows\System32\AgCPanelSimplifiedChinese.dll [2008.10.07 09:13:20 | 000,058,648 | ---- | C] () -- C:\Windows\System32\AgCPanelPortugese.dll [2008.10.07 09:13:20 | 000,058,648 | ---- | C] () -- C:\Windows\System32\AgCPanelKorean.dll [2008.10.07 09:13:20 | 000,058,648 | ---- | C] () -- C:\Windows\System32\AgCPanelJapanese.dll [2008.10.07 09:13:20 | 000,058,648 | ---- | C] () -- C:\Windows\System32\AgCPanelGerman.dll [2008.10.07 09:13:20 | 000,058,648 | ---- | C] () -- C:\Windows\System32\AgCPanelFrench.dll [2008.10.03 20:12:36 | 004,245,008 | ---- | C] () -- C:\Windows\System32\qtp-mt334.dll [2008.10.03 20:12:36 | 000,247,824 | ---- | C] () -- C:\Windows\System32\prgiso.dll [2008.10.03 20:12:36 | 000,013,840 | ---- | C] () -- C:\Windows\System32\wnaspi32.dll [2008.08.24 15:15:53 | 000,000,371 | ---- | C] () -- C:\Windows\Meister3grundlagen.ini [2008.06.05 07:58:26 | 000,197,912 | ---- | C] () -- C:\Windows\System32\physxcudart_20.dll [2008.03.24 21:47:21 | 000,000,305 | ---- | C] () -- C:\Windows\game.ini [2008.03.16 01:16:25 | 000,000,098 | ---- | C] () -- C:\Windows\etkinst.ini [2008.03.03 00:07:25 | 000,036,962 | ---- | C] () -- C:\Windows\System32\ActPanel.dll [2008.01.04 21:02:34 | 000,028,928 | ---- | C] () -- C:\Windows\System32\drivers\usb2vcom.sys [2007.12.16 17:51:02 | 000,138,464 | ---- | C] () -- C:\Windows\System32\drivers\PnkBstrK.sys [2007.11.27 09:05:57 | 000,000,169 | ---- | C] () -- C:\Windows\RtlRack.ini [2007.08.01 12:39:28 | 000,012,536 | ---- | C] () -- C:\Windows\System32\drivers\ASUSHWIO.SYS [2007.06.20 00:13:43 | 000,000,031 | ---- | C] () -- C:\Windows\LxTrans.INI [2007.06.20 00:09:12 | 000,300,032 | ---- | C] () -- C:\Windows\System32\LE50as.dll [2007.06.20 00:09:12 | 000,090,112 | ---- | C] () -- C:\Windows\System32\KSCB532.DLL [2007.06.20 00:08:21 | 000,208,896 | ---- | C] () -- C:\Windows\System32\LXPrnUtil10.dll [2007.06.20 00:08:21 | 000,135,168 | ---- | C] () -- C:\Windows\System32\MMedia10VC7.dll [2007.06.20 00:08:21 | 000,090,112 | ---- | C] () -- C:\Windows\System32\LxUtl10.dll [2007.06.20 00:08:20 | 000,131,072 | ---- | C] () -- C:\Windows\System32\BH_DATA100VC7.dll [2007.06.20 00:08:15 | 000,000,198 | ---- | C] () -- C:\Windows\ODBCINST.ini [2007.06.07 21:35:57 | 000,000,069 | ---- | C] () -- C:\Windows\NeroDigital.ini [2007.06.03 13:51:08 | 000,014,848 | ---- | C] () -- C:\Windows\System32\BASSMOD.dll [2007.03.12 11:01:30 | 000,217,088 | ---- | C] () -- C:\Windows\NVGfxOgl.dll [2006.12.22 11:32:48 | 000,025,632 | ---- | C] () -- C:\Windows\System32\drivers\LVPr2Mon.sys [2006.12.22 11:30:42 | 001,683,232 | ---- | C] () -- C:\Windows\System32\drivers\Lvckap.sys [2006.11.13 15:03:58 | 000,409,600 | ---- | C] () -- C:\Windows\System32\BH_DATA100VC8.dll [2006.11.08 02:59:26 | 000,057,344 | ---- | C] () -- C:\Windows\System32\FKStampPainter20.dll [2006.09.29 14:12:12 | 000,303,104 | ---- | C] () -- C:\Windows\System32\dnt27VC8.dll [2006.09.24 20:04:42 | 000,090,112 | ---- | C] () -- C:\Windows\System32\dntvmc27VC8.dll [2006.09.24 20:03:32 | 000,086,016 | ---- | C] () -- C:\Windows\System32\dntvm27VC8.dll [2006.09.21 12:53:28 | 000,282,679 | ---- | C] () -- C:\Windows\System32\dnt27.dll [2006.09.21 12:52:24 | 000,077,882 | ---- | C] () -- C:\Windows\System32\dntvmc27.dll [2006.09.21 12:52:14 | 000,077,881 | ---- | C] () -- C:\Windows\System32\dntvm27.dll [2005.11.09 11:13:48 | 000,282,624 | ---- | C] () -- C:\Windows\System32\dnt27VC7.dll [2005.11.09 11:11:46 | 000,086,016 | ---- | C] () -- C:\Windows\System32\dntvmc27VC7.dll [2005.11.09 11:11:30 | 000,077,824 | ---- | C] () -- C:\Windows\System32\dntvm27VC7.dll [2005.05.27 07:32:52 | 001,317,152 | ---- | C] () -- C:\Windows\System32\drivers\lvcm.sys [2005.05.27 07:10:24 | 000,009,255 | ---- | C] () -- C:\Windows\System32\lvcoinst.ini [2002.05.16 00:38:40 | 000,091,136 | ---- | C] () -- C:\Windows\System32\mp4fil32.dll [2002.05.04 14:19:00 | 000,049,152 | ---- | C] () -- C:\Windows\System32\avisynthEx.dll [2002.04.21 19:30:14 | 000,151,552 | ---- | C] () -- C:\Windows\System32\OggDS.dll [2002.04.19 15:23:26 | 000,106,137 | ---- | C] () -- C:\Windows\System32\libpostproc.dll [2002.04.19 14:51:04 | 000,211,760 | ---- | C] () -- C:\Windows\System32\libavcodec.dll [2002.04.01 23:16:30 | 000,454,656 | ---- | C] () -- C:\Windows\System32\VorbisEnc.dll [2002.04.01 23:16:14 | 000,118,784 | ---- | C] () -- C:\Windows\System32\vorbis.dll [2002.04.01 23:15:40 | 000,011,264 | ---- | C] () -- C:\Windows\System32\ogg.dll [2002.02.21 17:41:20 | 000,157,184 | ---- | C] () -- C:\Windows\System32\unrar.dll [2001.12.12 10:41:36 | 000,041,472 | ---- | C] () -- C:\Windows\System32\W32btstp.dll [2001.12.12 10:41:36 | 000,025,088 | ---- | C] () -- C:\Windows\System32\W32btxlt.dll [2001.10.10 07:57:58 | 000,073,786 | ---- | C] () -- C:\Windows\System32\dntvmc23.dll [2001.10.10 07:57:58 | 000,061,497 | ---- | C] () -- C:\Windows\System32\dntvm23.dll [2001.06.22 12:06:02 | 000,167,936 | ---- | C] () -- C:\Windows\System32\MPEG2DEC.dll [2001.03.07 07:02:30 | 000,229,431 | ---- | C] () -- C:\Windows\System32\dnt23.dll ========== LOP Check ========== [2009.12.06 23:34:13 | 000,000,000 | ---D | M] -- C:\Users\Cansel\AppData\Roaming\ESET [2009.12.06 23:34:13 | 000,000,000 | ---D | M] -- C:\Users\Cansel\AppData\Roaming\FRITZ! [2009.12.06 23:34:13 | 000,000,000 | ---D | M] -- C:\Users\Cansel\AppData\Roaming\GMX [2010.11.19 15:24:59 | 000,000,000 | ---D | M] -- C:\Users\Cansel\AppData\Roaming\GrabPro [2009.12.06 23:34:13 | 000,000,000 | ---D | M] -- C:\Users\Cansel\AppData\Roaming\hds [2009.12.06 23:34:13 | 000,000,000 | ---D | M] -- C:\Users\Cansel\AppData\Roaming\ICQ [2010.12.22 20:48:50 | 000,000,000 | ---D | M] -- C:\Users\Cansel\AppData\Roaming\Ilmalu [2010.10.24 17:36:11 | 000,000,000 | ---D | M] -- C:\Users\Cansel\AppData\Roaming\IObit [2010.12.22 00:41:58 | 000,000,000 | ---D | M] -- C:\Users\Cansel\AppData\Roaming\Isce [2009.12.06 23:34:13 | 000,000,000 | ---D | M] -- C:\Users\Cansel\AppData\Roaming\Leadertech [2009.12.06 23:34:13 | 000,000,000 | ---D | M] -- C:\Users\Cansel\AppData\Roaming\Lexware [2009.12.06 23:34:28 | 000,000,000 | ---D | M] -- C:\Users\Cansel\AppData\Roaming\ManyCam [2009.12.06 23:34:35 | 000,000,000 | ---D | M] -- C:\Users\Cansel\AppData\Roaming\Opera [2009.12.06 23:34:35 | 000,000,000 | ---D | M] -- C:\Users\Cansel\AppData\Roaming\OPHC [2010.11.23 16:16:19 | 000,000,000 | ---D | M] -- C:\Users\Cansel\AppData\Roaming\Orbit [2010.11.20 09:36:43 | 000,000,000 | ---D | M] -- C:\Users\Cansel\AppData\Roaming\ProgSense [2009.12.06 23:34:37 | 000,000,000 | ---D | M] -- C:\Users\Cansel\AppData\Roaming\SonyEricsson [2009.12.06 23:34:37 | 000,000,000 | ---D | M] -- C:\Users\Cansel\AppData\Roaming\T-Online [2009.12.06 23:34:37 | 000,000,000 | ---D | M] -- C:\Users\Cansel\AppData\Roaming\TeamViewer [2009.12.06 23:34:37 | 000,000,000 | ---D | M] -- C:\Users\Cansel\AppData\Roaming\Thinstall [2008.10.12 19:56:43 | 000,000,000 | ---D | M] -- C:\Users\Cansel\AppData\Roaming\TMP [2010.12.22 20:57:56 | 000,000,000 | ---D | M] -- C:\Users\Cansel\AppData\Roaming\TuneUp Software [2010.12.25 13:59:10 | 000,000,350 | ---- | M] () -- C:\Windows\Tasks\At1.job [2010.12.25 13:59:10 | 000,000,350 | ---- | M] () -- C:\Windows\Tasks\At10.job [2010.12.25 13:30:12 | 000,000,344 | ---- | M] () -- C:\Windows\Tasks\At100.job [2010.12.25 13:30:12 | 000,000,344 | ---- | M] () -- C:\Windows\Tasks\At101.job [2010.12.25 13:30:12 | 000,000,344 | ---- | M] () -- C:\Windows\Tasks\At102.job [2010.12.25 13:30:12 | 000,000,344 | ---- | M] () -- C:\Windows\Tasks\At103.job [2010.12.25 13:30:12 | 000,000,344 | ---- | M] () -- C:\Windows\Tasks\At104.job [2010.12.25 13:30:12 | 000,000,344 | ---- | M] () -- C:\Windows\Tasks\At105.job [2010.12.25 13:30:12 | 000,000,344 | ---- | M] () -- C:\Windows\Tasks\At106.job [2010.12.25 13:30:12 | 000,000,344 | ---- | M] () -- C:\Windows\Tasks\At107.job [2010.12.25 13:30:13 | 000,000,344 | ---- | M] () -- C:\Windows\Tasks\At108.job [2010.12.25 13:30:13 | 000,000,344 | ---- | M] () -- C:\Windows\Tasks\At109.job [2010.12.25 13:59:10 | 000,000,350 | ---- | M] () -- C:\Windows\Tasks\At11.job [2010.12.25 13:30:13 | 000,000,344 | ---- | M] () -- C:\Windows\Tasks\At110.job [2010.12.25 13:30:13 | 000,000,344 | ---- | M] () -- C:\Windows\Tasks\At111.job [2010.12.25 13:30:13 | 000,000,344 | ---- | M] () -- C:\Windows\Tasks\At112.job [2010.12.25 13:30:13 | 000,000,344 | ---- | M] () -- C:\Windows\Tasks\At113.job [2010.12.25 13:30:13 | 000,000,344 | ---- | M] () -- C:\Windows\Tasks\At114.job [2010.12.25 13:30:13 | 000,000,344 | ---- | M] () -- C:\Windows\Tasks\At115.job [2010.12.25 13:30:13 | 000,000,344 | ---- | M] () -- C:\Windows\Tasks\At116.job [2010.12.25 13:30:13 | 000,000,344 | ---- | M] () -- C:\Windows\Tasks\At117.job [2010.12.25 13:30:13 | 000,000,344 | ---- | M] () -- C:\Windows\Tasks\At118.job [2010.12.25 13:30:13 | 000,000,344 | ---- | M] () -- C:\Windows\Tasks\At119.job [2010.12.25 13:59:10 | 000,000,350 | ---- | M] () -- C:\Windows\Tasks\At12.job [2010.12.25 13:30:13 | 000,000,344 | ---- | M] () -- C:\Windows\Tasks\At120.job [2010.12.25 13:59:10 | 000,000,350 | ---- | M] () -- C:\Windows\Tasks\At13.job [2010.12.25 13:59:10 | 000,000,350 | ---- | M] () -- C:\Windows\Tasks\At14.job [2010.12.25 13:59:10 | 000,000,350 | ---- | M] () -- C:\Windows\Tasks\At15.job [2010.12.25 13:59:10 | 000,000,350 | ---- | M] () -- C:\Windows\Tasks\At16.job [2010.12.25 13:59:10 | 000,000,350 | ---- | M] () -- C:\Windows\Tasks\At17.job [2010.12.25 13:59:10 | 000,000,350 | ---- | M] () -- C:\Windows\Tasks\At18.job [2010.12.25 13:59:10 | 000,000,350 | ---- | M] () -- C:\Windows\Tasks\At19.job [2010.12.25 13:59:10 | 000,000,350 | ---- | M] () -- C:\Windows\Tasks\At2.job [2010.12.25 13:59:10 | 000,000,350 | ---- | M] () -- C:\Windows\Tasks\At20.job [2010.12.25 13:59:10 | 000,000,350 | ---- | M] () -- C:\Windows\Tasks\At21.job [2010.12.25 13:59:10 | 000,000,350 | ---- | M] () -- C:\Windows\Tasks\At22.job [2010.12.25 13:59:10 | 000,000,350 | ---- | M] () -- C:\Windows\Tasks\At23.job [2010.12.25 13:59:10 | 000,000,350 | ---- | M] () -- C:\Windows\Tasks\At24.job [2010.12.25 13:59:10 | 000,000,344 | ---- | M] () -- C:\Windows\Tasks\At25.job [2010.12.25 13:59:10 | 000,000,344 | ---- | M] () -- C:\Windows\Tasks\At26.job [2010.12.25 13:59:10 | 000,000,344 | ---- | M] () -- C:\Windows\Tasks\At27.job [2010.12.25 13:59:10 | 000,000,344 | ---- | M] () -- C:\Windows\Tasks\At28.job [2010.12.25 13:59:10 | 000,000,344 | ---- | M] () -- C:\Windows\Tasks\At29.job [2010.12.25 13:59:10 | 000,000,350 | ---- | M] () -- C:\Windows\Tasks\At3.job [2010.12.25 13:59:10 | 000,000,344 | ---- | M] () -- C:\Windows\Tasks\At30.job [2010.12.25 13:59:10 | 000,000,344 | ---- | M] () -- C:\Windows\Tasks\At31.job [2010.12.25 13:59:10 | 000,000,344 | ---- | M] () -- C:\Windows\Tasks\At32.job [2010.12.25 13:59:10 | 000,000,344 | ---- | M] () -- C:\Windows\Tasks\At33.job [2010.12.25 13:59:10 | 000,000,344 | ---- | M] () -- C:\Windows\Tasks\At34.job [2010.12.25 13:59:10 | 000,000,344 | ---- | M] () -- C:\Windows\Tasks\At35.job [2010.12.25 13:59:10 | 000,000,344 | ---- | M] () -- C:\Windows\Tasks\At36.job [2010.12.25 13:59:10 | 000,000,344 | ---- | M] () -- C:\Windows\Tasks\At37.job [2010.12.25 13:59:10 | 000,000,344 | ---- | M] () -- C:\Windows\Tasks\At38.job [2010.12.25 14:00:00 | 000,000,344 | ---- | M] () -- C:\Windows\Tasks\At39.job [2010.12.25 13:59:10 | 000,000,350 | ---- | M] () -- C:\Windows\Tasks\At4.job [2010.12.25 13:59:10 | 000,000,344 | ---- | M] () -- C:\Windows\Tasks\At40.job [2010.12.25 13:59:10 | 000,000,344 | ---- | M] () -- C:\Windows\Tasks\At41.job [2010.12.25 13:59:10 | 000,000,344 | ---- | M] () -- C:\Windows\Tasks\At42.job [2010.12.25 13:59:10 | 000,000,344 | ---- | M] () -- C:\Windows\Tasks\At43.job [2010.12.25 13:59:10 | 000,000,344 | ---- | M] () -- C:\Windows\Tasks\At44.job [2010.12.25 13:59:10 | 000,000,344 | ---- | M] () -- C:\Windows\Tasks\At45.job [2010.12.25 13:59:10 | 000,000,344 | ---- | M] () -- C:\Windows\Tasks\At46.job [2010.12.25 13:59:10 | 000,000,344 | ---- | M] () -- C:\Windows\Tasks\At47.job [2010.12.25 13:59:10 | 000,000,344 | ---- | M] () -- C:\Windows\Tasks\At48.job [2010.12.25 13:59:10 | 000,000,344 | ---- | M] () -- C:\Windows\Tasks\At49.job [2010.12.25 13:59:10 | 000,000,350 | ---- | M] () -- C:\Windows\Tasks\At5.job [2010.12.25 13:59:10 | 000,000,344 | ---- | M] () -- C:\Windows\Tasks\At50.job [2010.12.25 13:59:10 | 000,000,344 | ---- | M] () -- C:\Windows\Tasks\At51.job [2010.12.25 13:59:10 | 000,000,344 | ---- | M] () -- C:\Windows\Tasks\At52.job [2010.12.25 13:59:10 | 000,000,344 | ---- | M] () -- C:\Windows\Tasks\At53.job [2010.12.25 13:59:10 | 000,000,344 | ---- | M] () -- C:\Windows\Tasks\At54.job [2010.12.25 13:59:10 | 000,000,344 | ---- | M] () -- C:\Windows\Tasks\At55.job [2010.12.25 13:59:10 | 000,000,344 | ---- | M] () -- C:\Windows\Tasks\At56.job [2010.12.25 13:59:10 | 000,000,344 | ---- | M] () -- C:\Windows\Tasks\At57.job [2010.12.25 13:59:10 | 000,000,344 | ---- | M] () -- C:\Windows\Tasks\At58.job [2010.12.25 13:59:10 | 000,000,344 | ---- | M] () -- C:\Windows\Tasks\At59.job [2010.12.25 13:59:10 | 000,000,350 | ---- | M] () -- C:\Windows\Tasks\At6.job [2010.12.25 13:59:10 | 000,000,344 | ---- | M] () -- C:\Windows\Tasks\At60.job [2010.12.25 13:59:10 | 000,000,344 | ---- | M] () -- C:\Windows\Tasks\At61.job [2010.12.25 13:59:10 | 000,000,344 | ---- | M] () -- C:\Windows\Tasks\At62.job [2010.12.25 14:00:00 | 000,000,344 | ---- | M] () -- C:\Windows\Tasks\At63.job [2010.12.25 13:59:10 | 000,000,344 | ---- | M] () -- C:\Windows\Tasks\At64.job [2010.12.25 13:59:10 | 000,000,344 | ---- | M] () -- C:\Windows\Tasks\At65.job [2010.12.25 13:59:10 | 000,000,344 | ---- | M] () -- C:\Windows\Tasks\At66.job [2010.12.25 13:59:10 | 000,000,344 | ---- | M] () -- C:\Windows\Tasks\At67.job [2010.12.25 13:59:10 | 000,000,344 | ---- | M] () -- C:\Windows\Tasks\At68.job [2010.12.25 13:59:10 | 000,000,344 | ---- | M] () -- C:\Windows\Tasks\At69.job [2010.12.25 13:59:10 | 000,000,350 | ---- | M] () -- C:\Windows\Tasks\At7.job [2010.12.25 13:59:10 | 000,000,344 | ---- | M] () -- C:\Windows\Tasks\At70.job [2010.12.25 13:59:10 | 000,000,344 | ---- | M] () -- C:\Windows\Tasks\At71.job [2010.12.25 13:59:10 | 000,000,344 | ---- | M] () -- C:\Windows\Tasks\At72.job [2010.12.25 13:59:10 | 000,000,344 | ---- | M] () -- C:\Windows\Tasks\At73.job [2010.12.25 13:59:10 | 000,000,344 | ---- | M] () -- C:\Windows\Tasks\At74.job [2010.12.25 13:59:10 | 000,000,344 | ---- | M] () -- C:\Windows\Tasks\At75.job [2010.12.25 13:59:10 | 000,000,344 | ---- | M] () -- C:\Windows\Tasks\At76.job [2010.12.25 13:59:10 | 000,000,344 | ---- | M] () -- C:\Windows\Tasks\At77.job [2010.12.25 13:59:10 | 000,000,344 | ---- | M] () -- C:\Windows\Tasks\At78.job [2010.12.25 13:59:10 | 000,000,344 | ---- | M] () -- C:\Windows\Tasks\At79.job [2010.12.25 13:59:10 | 000,000,350 | ---- | M] () -- C:\Windows\Tasks\At8.job [2010.12.25 13:59:10 | 000,000,344 | ---- | M] () -- C:\Windows\Tasks\At80.job [2010.12.25 13:59:10 | 000,000,344 | ---- | M] () -- C:\Windows\Tasks\At81.job [2010.12.25 13:59:10 | 000,000,344 | ---- | M] () -- C:\Windows\Tasks\At82.job [2010.12.25 13:59:10 | 000,000,344 | ---- | M] () -- C:\Windows\Tasks\At83.job [2010.12.25 13:59:10 | 000,000,344 | ---- | M] () -- C:\Windows\Tasks\At84.job [2010.12.25 13:59:10 | 000,000,344 | ---- | M] () -- C:\Windows\Tasks\At85.job [2010.12.25 13:59:10 | 000,000,344 | ---- | M] () -- C:\Windows\Tasks\At86.job [2010.12.25 14:00:00 | 000,000,344 | ---- | M] () -- C:\Windows\Tasks\At87.job [2010.12.25 13:59:10 | 000,000,344 | ---- | M] () -- C:\Windows\Tasks\At88.job [2010.12.25 13:59:10 | 000,000,344 | ---- | M] () -- C:\Windows\Tasks\At89.job [2010.12.25 13:59:10 | 000,000,350 | ---- | M] () -- C:\Windows\Tasks\At9.job [2010.12.25 13:59:10 | 000,000,344 | ---- | M] () -- C:\Windows\Tasks\At90.job [2010.12.25 13:59:10 | 000,000,344 | ---- | M] () -- C:\Windows\Tasks\At91.job [2010.12.25 13:59:10 | 000,000,344 | ---- | M] () -- C:\Windows\Tasks\At92.job [2010.12.25 13:59:10 | 000,000,344 | ---- | M] () -- C:\Windows\Tasks\At93.job [2010.12.25 13:59:10 | 000,000,344 | ---- | M] () -- C:\Windows\Tasks\At94.job [2010.12.25 13:59:10 | 000,000,344 | ---- | M] () -- C:\Windows\Tasks\At95.job [2010.12.25 13:59:10 | 000,000,344 | ---- | M] () -- C:\Windows\Tasks\At96.job [2010.12.25 13:30:12 | 000,000,344 | ---- | M] () -- C:\Windows\Tasks\At97.job [2010.12.25 13:30:12 | 000,000,344 | ---- | M] () -- C:\Windows\Tasks\At98.job [2010.12.25 13:30:12 | 000,000,344 | ---- | M] () -- C:\Windows\Tasks\At99.job [2010.12.25 13:59:12 | 000,000,372 | ---- | M] () -- C:\Windows\Tasks\AWC Startup.job [2010.12.23 11:03:49 | 000,032,640 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT ========== Purity Check ========== ========== Custom Scans ========== < %ALLUSERSPROFILE%\Application Data\*. > < %ALLUSERSPROFILE%\Application Data\*.exe /s > < %APPDATA%\*. > [2009.12.06 23:34:09 | 000,000,000 | ---D | M] -- C:\Users\Cansel\AppData\Roaming\Adobe [2009.12.06 23:34:09 | 000,000,000 | ---D | M] -- C:\Users\Cansel\AppData\Roaming\Ahead [2009.12.06 23:34:13 | 000,000,000 | ---D | M] -- C:\Users\Cansel\AppData\Roaming\Corel [2009.12.06 23:34:13 | 000,000,000 | ---D | M] -- C:\Users\Cansel\AppData\Roaming\CyberLink [2009.12.06 23:34:13 | 000,000,000 | ---D | M] -- C:\Users\Cansel\AppData\Roaming\DivX [2009.12.07 01:21:24 | 000,000,000 | ---D | M] -- C:\Users\Cansel\AppData\Roaming\Download Manager [2009.12.06 23:34:13 | 000,000,000 | ---D | M] -- C:\Users\Cansel\AppData\Roaming\ESET [2009.12.06 23:34:13 | 000,000,000 | ---D | M] -- C:\Users\Cansel\AppData\Roaming\FRITZ! [2009.12.06 23:34:13 | 000,000,000 | ---D | M] -- C:\Users\Cansel\AppData\Roaming\GMX [2009.12.06 23:34:13 | 000,000,000 | ---D | M] -- C:\Users\Cansel\AppData\Roaming\Google [2010.11.19 15:24:59 | 000,000,000 | ---D | M] -- C:\Users\Cansel\AppData\Roaming\GrabPro [2009.12.06 23:34:13 | 000,000,000 | ---D | M] -- C:\Users\Cansel\AppData\Roaming\hds [2008.08.23 21:39:34 | 000,000,000 | ---D | M] -- C:\Users\Cansel\AppData\Roaming\Help [2009.12.06 23:34:13 | 000,000,000 | ---D | M] -- C:\Users\Cansel\AppData\Roaming\ICQ [2009.12.06 23:34:13 | 000,000,000 | ---D | M] -- C:\Users\Cansel\AppData\Roaming\Identities [2010.12.22 20:48:50 | 000,000,000 | ---D | M] -- C:\Users\Cansel\AppData\Roaming\Ilmalu [2009.12.06 23:34:13 | 000,000,000 | ---D | M] -- C:\Users\Cansel\AppData\Roaming\InstallShield [2010.10.24 17:36:11 | 000,000,000 | ---D | M] -- C:\Users\Cansel\AppData\Roaming\IObit [2010.12.22 00:41:58 | 000,000,000 | ---D | M] -- C:\Users\Cansel\AppData\Roaming\Isce [2009.12.06 23:34:13 | 000,000,000 | ---D | M] -- C:\Users\Cansel\AppData\Roaming\Leadertech [2009.12.06 23:34:13 | 000,000,000 | ---D | M] -- C:\Users\Cansel\AppData\Roaming\Lexware [2009.12.06 23:34:13 | 000,000,000 | ---D | M] -- C:\Users\Cansel\AppData\Roaming\Macromedia [2010.10.11 11:03:29 | 000,000,000 | ---D | M] -- C:\Users\Cansel\AppData\Roaming\Malwarebytes [2009.12.06 23:34:28 | 000,000,000 | ---D | M] -- C:\Users\Cansel\AppData\Roaming\ManyCam [2009.07.14 09:56:41 | 000,000,000 | ---D | M] -- C:\Users\Cansel\AppData\Roaming\Media Center Programs [2010.11.10 22:22:01 | 000,000,000 | --SD | M] -- C:\Users\Cansel\AppData\Roaming\Microsoft [2009.12.06 23:34:32 | 000,000,000 | ---D | M] -- C:\Users\Cansel\AppData\Roaming\Mozilla [2009.12.06 23:34:35 | 000,000,000 | ---D | M] -- C:\Users\Cansel\AppData\Roaming\Opera [2009.12.06 23:34:35 | 000,000,000 | ---D | M] -- C:\Users\Cansel\AppData\Roaming\OPHC [2010.11.23 16:16:19 | 000,000,000 | ---D | M] -- C:\Users\Cansel\AppData\Roaming\Orbit [2010.11.20 09:36:43 | 000,000,000 | ---D | M] -- C:\Users\Cansel\AppData\Roaming\ProgSense [2010.06.03 13:41:53 | 000,000,000 | ---D | M] -- C:\Users\Cansel\AppData\Roaming\Skype [2009.12.06 23:34:37 | 000,000,000 | ---D | M] -- C:\Users\Cansel\AppData\Roaming\SonyEricsson [2009.12.06 23:34:37 | 000,000,000 | ---D | M] -- C:\Users\Cansel\AppData\Roaming\Sun [2009.12.06 23:34:37 | 000,000,000 | ---D | M] -- C:\Users\Cansel\AppData\Roaming\Symantec [2009.12.06 23:34:37 | 000,000,000 | ---D | M] -- C:\Users\Cansel\AppData\Roaming\T-Online [2010.10.21 19:16:16 | 000,000,000 | ---D | M] -- C:\Users\Cansel\AppData\Roaming\teamspeak2 [2009.12.06 23:34:37 | 000,000,000 | ---D | M] -- C:\Users\Cansel\AppData\Roaming\TeamViewer [2009.12.06 23:34:37 | 000,000,000 | ---D | M] -- C:\Users\Cansel\AppData\Roaming\Thinstall [2008.10.12 19:56:43 | 000,000,000 | ---D | M] -- C:\Users\Cansel\AppData\Roaming\TMP [2010.12.22 20:57:56 | 000,000,000 | ---D | M] -- C:\Users\Cansel\AppData\Roaming\TuneUp Software [2009.08.22 22:12:42 | 000,000,000 | ---D | M] -- C:\Users\Cansel\AppData\Roaming\U3 [2007.06.03 13:37:12 | 000,000,000 | ---D | M] -- C:\Users\Cansel\AppData\Roaming\WinRAR < %APPDATA%\*.exe /s > [2008.10.12 18:26:45 | 000,010,134 | R--- | M] () -- C:\Users\Cansel\AppData\Roaming\Microsoft\Installer\{35725FBC-A136-4A46-9F29-091759D9BB93}\ARPPRODUCTICON.exe [2007.12.28 03:09:33 | 000,010,134 | R--- | M] () -- C:\Users\Cansel\AppData\Roaming\Microsoft\Installer\{ADE3CACC-EC31-480C-83A0-587EE60CE8DF}\ARPPRODUCTICON.exe [2007.12.28 03:09:33 | 000,040,960 | R--- | M] (InstallShield Software Corp.) -- C:\Users\Cansel\AppData\Roaming\Microsoft\Installer\{ADE3CACC-EC31-480C-83A0-587EE60CE8DF}\NewShortcut2_ADE3CACCEC31480C83A0587EE60CE8DF.exe [2007.12.28 03:09:33 | 000,040,960 | R--- | M] (InstallShield Software Corp.) -- C:\Users\Cansel\AppData\Roaming\Microsoft\Installer\{ADE3CACC-EC31-480C-83A0-587EE60CE8DF}\Rambooster.exe1_ADE3CACCEC31480C83A0587EE60CE8DF_1.exe [2008.10.12 18:27:10 | 000,010,134 | R--- | M] () -- C:\Users\Cansel\AppData\Roaming\Microsoft\Installer\{BEF726DD-4037-4214-8C6A-E625C02D2870}\ARPPRODUCTICON.exe [2008.10.12 18:26:35 | 000,010,134 | R--- | M] () -- C:\Users\Cansel\AppData\Roaming\Microsoft\Installer\{EA516024-D84D-41F1-814F-83175A6188F2}\ARPPRODUCTICON.exe [2008.09.07 21:00:49 | 000,018,432 | ---- | M] () -- C:\Users\Cansel\AppData\Roaming\Thinstall\GreenBox 1.0\4000005100002i\Print.exe [2009.12.25 20:53:58 | 000,018,432 | ---- | M] () -- C:\Users\Cansel\AppData\Roaming\Thinstall\GreenBox 1.0\400000c400002i\GreenBox.exe < %SYSTEMDRIVE%\*.exe > < MD5 for: AGP440.SYS > [2009.07.14 02:26:15 | 000,053,312 | ---- | M] (Microsoft Corporation) MD5=507812C3054C21CEF746B6EE3D04DD6E -- C:\Windows\System32\drivers\AGP440.sys [2009.07.14 02:26:15 | 000,053,312 | ---- | M] (Microsoft Corporation) MD5=507812C3054C21CEF746B6EE3D04DD6E -- C:\Windows\System32\DriverStore\FileRepository\machine.inf_x86_neutral_65848c2d7375a720\AGP440.sys [2009.07.14 02:26:15 | 000,053,312 | ---- | M] (Microsoft Corporation) MD5=507812C3054C21CEF746B6EE3D04DD6E -- C:\Windows\winsxs\x86_machine.inf_31bf3856ad364e35_6.1.7600.16385_none_b9e9435f20046eeb\AGP440.sys < MD5 for: ATAPI.SYS > [2009.07.14 02:26:15 | 000,021,584 | ---- | M] (Microsoft Corporation) MD5=338C86357871C167A96AB976519BF59E -- C:\Windows\System32\drivers\atapi.sys [2009.07.14 02:26:15 | 000,021,584 | ---- | M] (Microsoft Corporation) MD5=338C86357871C167A96AB976519BF59E -- C:\Windows\System32\DriverStore\FileRepository\mshdc.inf_x86_neutral_f64b9c35a3a5be81\atapi.sys [2009.07.14 02:26:15 | 000,021,584 | ---- | M] (Microsoft Corporation) MD5=338C86357871C167A96AB976519BF59E -- C:\Windows\winsxs\x86_mshdc.inf_31bf3856ad364e35_6.1.7600.16385_none_dd0e7e3d82dd640d\atapi.sys < MD5 for: CNGAUDIT.DLL > [2009.07.14 02:15:06 | 000,012,288 | ---- | M] (Microsoft Corporation) MD5=50BA656134F78AF64E4DD3C8B6FEFD7E -- C:\Windows\System32\cngaudit.dll [2009.07.14 02:15:06 | 000,012,288 | ---- | M] (Microsoft Corporation) MD5=50BA656134F78AF64E4DD3C8B6FEFD7E -- C:\Windows\winsxs\x86_microsoft-windows-cngaudit-dll_31bf3856ad364e35_6.1.7600.16385_none_e83a414890e8132b\cngaudit.dll < MD5 for: EXPLORER.EXE > [2009.07.14 02:14:20 | 002,613,248 | ---- | M] (Microsoft Corporation) MD5=15BC38A7492BEFE831966ADB477CF76F -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16385_none_518afd35db100430\explorer.exe [2009.10.31 06:45:39 | 002,614,272 | ---- | M] (Microsoft Corporation) MD5=2626FC9755BE22F805D3CFA0CE3EE727 -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16450_none_51a66d6ddafc2ed1\explorer.exe [2009.10.31 06:45:39 | 002,614,272 | ---- | M] (Microsoft Corporation) MD5=54CFDBE5DD844FEF98253A2AE77AE874 -- C:\Windows\explorer.exe [2005.11.02 10:47:42 | 001,064,960 | ---- | M] (DeltaSingular) MD5=67CE8B4995ECB5591C68A7792B94CC27 -- C:\Programme\WERKSTATTOFFICE Orginal\explorer.exe [2005.11.02 09:47:42 | 001,064,960 | ---- | M] (DeltaSingular) MD5=67CE8B4995ECB5591C68A7792B94CC27 -- C:\Programme\WERKSTATTOFFICE\explorer.exe [2009.08.03 06:49:47 | 002,613,248 | ---- | M] (Microsoft Corporation) MD5=9FF6C4C91A3711C0A3B18F87B08B518D -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.20500_none_526619d4f3f142e6\explorer.exe [2009.08.03 06:35:50 | 002,613,248 | ---- | M] (Microsoft Corporation) MD5=B95EEB0F4E5EFBF1038A35B3351CF047 -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16404_none_51e07e31dad00878\explorer.exe [2009.10.31 07:00:51 | 002,614,272 | ---- | M] (Microsoft Corporation) MD5=C76153C7ECA00FA852BB0C193378F917 -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.20563_none_52283b2af41f3691\explorer.exe < MD5 for: IASTORV.SYS > [2009.07.14 02:20:36 | 000,332,352 | ---- | M] (Intel Corporation) MD5=934AF4D7C5F457B9F0743F4299B77B67 -- C:\Windows\System32\drivers\iaStorV.sys [2009.07.14 02:20:36 | 000,332,352 | ---- | M] (Intel Corporation) MD5=934AF4D7C5F457B9F0743F4299B77B67 -- C:\Windows\System32\DriverStore\FileRepository\iastorv.inf_x86_neutral_18cccb83b34e1453\iaStorV.sys [2009.07.14 02:20:36 | 000,332,352 | ---- | M] (Intel Corporation) MD5=934AF4D7C5F457B9F0743F4299B77B67 -- C:\Windows\winsxs\x86_iastorv.inf_31bf3856ad364e35_6.1.7600.16385_none_aee7a89be91b9000\iaStorV.sys < MD5 for: NETLOGON.DLL > [2009.07.14 02:16:02 | 000,563,712 | ---- | M] (Microsoft Corporation) MD5=EAA75D9000B71F10EEC04D2AE6C60E81 -- C:\Windows\System32\netlogon.dll [2009.07.14 02:16:02 | 000,563,712 | ---- | M] (Microsoft Corporation) MD5=EAA75D9000B71F10EEC04D2AE6C60E81 -- C:\Windows\winsxs\x86_microsoft-windows-security-netlogon_31bf3856ad364e35_6.1.7600.16385_none_fd8e0d66994d7dc8\netlogon.dll < MD5 for: NVSTOR.SYS > [2007.01.05 20:59:42 | 000,035,920 | ---- | M] (NVIDIA Corporation) MD5=4A5FCAB82D9BF6AF8A023A66802FE9E9 -- C:\Windows\System32\drivers\nvstor.sys [2007.01.05 20:59:42 | 000,035,920 | ---- | M] (NVIDIA Corporation) MD5=4A5FCAB82D9BF6AF8A023A66802FE9E9 -- C:\Windows\System32\DriverStore\FileRepository\nvstor.inf_x86_neutral_2d190bda0635df72\nvstor.sys [2009.07.14 02:20:44 | 000,142,416 | ---- | M] (NVIDIA Corporation) MD5=C99F251A5DE63C6F129CF71933ACED0F -- C:\Windows\System32\DriverStore\FileRepository\nvraid.inf_x86_neutral_5bde3fe2945bce9e\nvstor.sys [2009.07.14 02:20:44 | 000,142,416 | ---- | M] (NVIDIA Corporation) MD5=C99F251A5DE63C6F129CF71933ACED0F -- C:\Windows\winsxs\x86_nvraid.inf_31bf3856ad364e35_6.1.7600.16385_none_39b1194b205239d8\nvstor.sys < MD5 for: NVSTOR32.SYS > [2009.08.04 17:44:14 | 000,213,024 | ---- | M] (NVIDIA Corporation) MD5=269DE658DEAF032564E8B6430B5BD170 -- C:\NVIDIA\nForceWinVista\15.49\English\IDE\Win7\sataraid\nvstor32.sys [2009.08.04 17:44:14 | 000,213,024 | ---- | M] (NVIDIA Corporation) MD5=269DE658DEAF032564E8B6430B5BD170 -- C:\NVIDIA\nForceWinVista\15.49\English\IDE\WinVista\sataraid\nvstor32.sys [2009.08.04 17:43:40 | 000,213,024 | ---- | M] (NVIDIA Corporation) MD5=3FF57A9A657C9690ECBC8B1E3B6E3979 -- C:\NVIDIA\nForceWinVista\15.49\English\IDE\Win7\sata_ide\nvstor32.sys [2009.08.04 17:43:40 | 000,213,024 | ---- | M] (NVIDIA Corporation) MD5=3FF57A9A657C9690ECBC8B1E3B6E3979 -- C:\NVIDIA\nForceWinVista\15.49\English\IDE\WinVista\sata_ide\nvstor32.sys [2007.04.19 12:12:58 | 000,102,696 | ---- | M] (NVIDIA Corporation) MD5=615D79A1D2C98817FF2FDEB1B167D808 -- C:\Windows\System32\DriverStore\FileRepository\nvstor32.inf_x86_neutral_4bece76eb5acfb21\nvstor32.sys [2008.08.18 17:58:00 | 000,145,952 | ---- | M] (NVIDIA Corporation) MD5=8EE374B6FB3CB2BB8D70395218B464A5 -- C:\$WINDOWS.~Q\DATA\Windows\System32\drivers\nvstor32.sys [2008.08.18 17:58:00 | 000,145,952 | ---- | M] (NVIDIA Corporation) MD5=8EE374B6FB3CB2BB8D70395218B464A5 -- C:\Windows\System32\drivers\nvstor32.sys [2008.08.18 17:58:00 | 000,145,952 | ---- | M] (NVIDIA Corporation) MD5=8EE374B6FB3CB2BB8D70395218B464A5 -- C:\Windows\System32\DriverStore\FileRepository\nvstor32.inf_x86_neutral_b900095f3aa53048\nvstor32.sys [2007.07.02 16:37:00 | 000,110,112 | ---- | M] (NVIDIA Corporation) MD5=A1CE1A6FD74C046F029448FCFA5E386D -- C:\Windows\System32\DriverStore\FileRepository\nvstor32.inf_x86_neutral_73e25653bed8b986\nvstor32.sys [2008.01.25 19:02:02 | 000,140,832 | ---- | M] (NVIDIA Corporation) MD5=FA7B8ECA6E845B244B7E30A9DCD82C6C -- C:\Windows\System32\DriverStore\FileRepository\nvstor32.inf_x86_neutral_fc721f131d97c98c\nvstor32.sys < MD5 for: SCECLI.DLL > [2009.07.14 02:16:13 | 000,175,616 | ---- | M] (Microsoft Corporation) MD5=26073302DAEA83CC5B944C546D6B47D2 -- C:\Windows\System32\scecli.dll [2009.07.14 02:16:13 | 000,175,616 | ---- | M] (Microsoft Corporation) MD5=26073302DAEA83CC5B944C546D6B47D2 -- C:\Windows\winsxs\x86_microsoft-windows-s..urationengineclient_31bf3856ad364e35_6.1.7600.16385_none_37e4387f3a6f0483\scecli.dll < MD5 for: USER32.DLL > [2009.07.14 02:16:17 | 000,811,520 | ---- | M] (Microsoft Corporation) MD5=34B7E222E81FAFA885F0C5F2CFA56861 -- C:\Windows\System32\user32.dll [2009.07.14 02:16:17 | 000,811,520 | ---- | M] (Microsoft Corporation) MD5=34B7E222E81FAFA885F0C5F2CFA56861 -- C:\Windows\winsxs\x86_microsoft-windows-user32_31bf3856ad364e35_6.1.7600.16385_none_cd0ec264ceb014a3\user32.dll < MD5 for: USERINIT.EXE > [2009.07.14 02:14:43 | 000,026,112 | ---- | M] (Microsoft Corporation) MD5=6DE80F60D7DE9CE6B8C2DDFDF79EF175 -- C:\Windows\System32\userinit.exe [2009.07.14 02:14:43 | 000,026,112 | ---- | M] (Microsoft Corporation) MD5=6DE80F60D7DE9CE6B8C2DDFDF79EF175 -- C:\Windows\winsxs\x86_microsoft-windows-userinit_31bf3856ad364e35_6.1.7600.16385_none_dbff103933038d7c\userinit.exe < MD5 for: WINLOGON.EXE > [2009.10.28 07:17:59 | 000,285,696 | ---- | M] (Microsoft Corporation) MD5=37CDB7E72EB66BA85A87CBE37E7F03FD -- C:\Windows\System32\winlogon.exe [2009.10.28 07:17:59 | 000,285,696 | ---- | M] (Microsoft Corporation) MD5=37CDB7E72EB66BA85A87CBE37E7F03FD -- C:\Windows\winsxs\x86_microsoft-windows-winlogon_31bf3856ad364e35_6.1.7600.16447_none_6fc699643622d177\winlogon.exe [2009.10.28 06:52:08 | 000,285,696 | ---- | M] (Microsoft Corporation) MD5=3BABE6767C78FBF5FB8435FEED187F30 -- C:\Windows\winsxs\x86_microsoft-windows-winlogon_31bf3856ad364e35_6.1.7600.20560_none_703394514f56f7c2\winlogon.exe [2009.07.14 02:14:45 | 000,285,696 | ---- | M] (Microsoft Corporation) MD5=8EC6A4AB12B8F3759E21F8E3A388F2CF -- C:\Windows\winsxs\x86_microsoft-windows-winlogon_31bf3856ad364e35_6.1.7600.16385_none_6f99573a36451166\winlogon.exe < MD5 for: WS2IFSL.SYS > [2009.07.14 00:55:02 | 000,016,384 | ---- | M] (Microsoft Corporation) MD5=6DB3276587B853BF886B69528FDB048C -- C:\Windows\System32\drivers\ws2ifsl.sys [2009.07.14 00:55:02 | 000,016,384 | ---- | M] (Microsoft Corporation) MD5=6DB3276587B853BF886B69528FDB048C -- C:\Windows\winsxs\x86_microsoft-windows-w..rastructure-ws2ifsl_31bf3856ad364e35_6.1.7600.16385_none_4f5cf6f829213bb2\ws2ifsl.sys < %systemroot%\system32\drivers\*.sys /lockedfiles > < %systemroot%\System32\config\*.sav > < %systemroot%\*. /mp /s > < %systemroot%\system32\*.dll /lockedfiles > [2009.10.11 04:17:27 | 000,411,368 | ---- | M] (Sun Microsystems, Inc.) Unable to obtain MD5 -- C:\Windows\System32\deploytk.dll [2009.07.14 02:15:13 | 000,346,112 | ---- | M] (Microsoft Corporation) Unable to obtain MD5 -- C:\Windows\System32\dxtmsft.dll [2009.07.14 02:15:13 | 000,215,552 | ---- | M] (Microsoft Corporation) Unable to obtain MD5 -- C:\Windows\System32\dxtrans.dll [2010.11.04 06:48:18 | 000,185,856 | ---- | M] (Microsoft Corporation) Unable to obtain MD5 -- C:\Windows\System32\iepeers.dll < End of report > |
|
25.12.2010, 17:21
| #4 |
| | Antivirus fake OTL EXTRAS Logfile: Code:
ATTFilter OTL Extras logfile created on: 25.12.2010 17:07:58 - Run 4
OTL by OldTimer - Version 3.2.18.0 Folder = C:\Users\Cansel\Desktop\Neuer Ordner
Ultimate Edition (Version = 6.1.7600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.7600.16385)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
3,00 Gb Total Physical Memory | 2,00 Gb Available Physical Memory | 64,00% Memory free
15,00 Gb Paging File | 14,00 Gb Available in Paging File | 94,00% Paging File free
Paging file location(s): [Binary data over 100 bytes]
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 69,25 Gb Total Space | 6,55 Gb Free Space | 9,45% Space Free | Partition Type: NTFS
Drive D: | 465,75 Gb Total Space | 124,23 Gb Free Space | 26,67% Space Free | Partition Type: NTFS
Drive F: | 465,75 Gb Total Space | 76,01 Gb Free Space | 16,32% Space Free | Partition Type: NTFS
Computer Name: CANSEL-PC | User Name: Cansel | Logged in as Administrator.
Boot Mode: SafeMode with Networking | Scan Mode: Current user
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
========== Extra Registry (SafeList) ==========
========== File Associations ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- C:\Windows\System32\control.exe (Microsoft Corporation)
.hlp [@ = hlpfile] -- C:\Windows\winhlp32.exe (Microsoft Corporation)
.html [@ = FirefoxHTML] -- C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation)
========== Shell Spawning ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
hlpfile [open] -- %SystemRoot%\winhlp32.exe %1 (Microsoft Corporation)
http [open] -- "C:\Program Files\Mozilla Firefox\firefox.exe" -requestPending -osint -url "%1" (Mozilla Corporation)
https [open] -- "C:\Program Files\Mozilla Firefox\firefox.exe" -requestPending -osint -url "%1" (Mozilla Corporation)
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l (Microsoft Corporation)
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [OneNote.Open] -- C:\PROGRA~1\MIF5BA~1\Office12\ONENOTE.EXE "%L" (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
========== Security Center Settings ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"VistaSp1" = Reg Error: Unknown registry data type -- File not found
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0
========== System Restore Settings ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows NT\SystemRestore]
"DisableSR" = 1
========== Firewall Settings ==========
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
========== Authorized Applications List ==========
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
========== HKEY_LOCAL_MACHINE Uninstall List ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"_{7F05E704-30A6-421A-97A7-8EEB1C7FF010}" = CorelDRAW(R) Graphics Suite X4
"_{CE2DA11A-917F-4CF5-AB55-755EC115DD10}" = CorelDRAW(R) Graphics Suite X4 - Windows Shell Extension
"{002D9D5E-29BA-3E6D-9BC4-3D7D6DBC735C}" = Microsoft Visual C++ 2008 ATL Update kb973924 - x86 9.0.30729.4148
"{00D0200F-3B4D-4A2F-869E-533ED835A943}" = Hervorhebe-Funktion (Windows Live Toolbar)
"{08976F97-548A-4084-B6D4-0F0D766365C4}" = Kartendesigner für Visitenkarten 2
"{0A7353C1-0C5C-45E8-BCE0-1559916CC7E8}" = Lexware financial office 2007
"{10A44844-4465-456E-8C97-80BDD4F68845}" = Windows Live ID-Anmelde-Assistent
"{1ADE1AA0-7F82-4BB1-B1BD-727DE438057B}" = Cool & Quiet
"{205C6BDD-7B73-42DE-8505-9A093F35A238}" = Windows Live-Uploadtool
"{218761F6-CBF6-4973-B910-A33E6563A1EA}" = Windows Live Toolbar-Erweiterung (Windows Live Toolbar)
"{22B775E7-6C42-4FC5-8E10-9A5E3257BD94}" = MSVCRT
"{24036256-BFDB-4CD3-BE8A-A3D6160F2E16}" = TuneUp Utilities 2011
"{24D753CA-6AE9-4E30-8F5F-EFC93E08BF3D}" = Skype™ 4.0
"{26A24AE4-039D-4CA4-87B4-2F83216011FF}" = Java(TM) 6 Update 17
"{276453C2-FFAF-468F-AC7E-8D4162698932}" = ESET NOD32 Antivirus
"{2BA722D1-48D1-406E-9123-8AE5431D63EF}" = Windows Live Fotogalerie
"{2DD6C198-FA9A-40B4-8DE5-CE5206E3EB34}" = Smart Menus (Windows Live Toolbar)
"{310BC5E2-31AF-49BB-904D-E71EB93645DC}" = AI Suite
"{31C50740-FC5A-4C6C-B91B-E3B5DFADC824}" = Logitech QuickCam
"{3248F0A8-6813-11D6-A77B-00B0D0160010}" = Java(TM) SE Runtime Environment 6 Update 1
"{3248F0A8-6813-11D6-A77B-00B0D0160020}" = Java(TM) 6 Update 2
"{3248F0A8-6813-11D6-A77B-00B0D0160030}" = Java(TM) 6 Update 3
"{3248F0A8-6813-11D6-A77B-00B0D0160050}" = Java(TM) 6 Update 5
"{3248F0A8-6813-11D6-A77B-00B0D0160070}" = Java(TM) 6 Update 7
"{35725FBC-A136-4A46-9F29-091759D9BB93}" = MVision
"{3B4E636E-9D65-4D67-BA61-189800823F52}" = Windows Live Communications Platform
"{3BD633E0-4BF8-4499-9149-88F0767D449C}" = Call of Duty(R) 4 - Modern Warfare(TM) 1.4 Patch
"{3C3901C5-3455-3E0A-A214-0B093A5070A6}" = Microsoft .NET Framework 4 Client Profile
"{3D3E663D-4E7E-4577-A560-7ECDDD45548A}" = PVSonyDll
"{3D654496-9C3D-4565-858C-3E551ECDA4E2}" = Virtual Cable Tester
"{3EFEF049-23D4-4B46-8903-4592FEA51018}" = Windows Live Movie Maker
"{41E654A9-26D0-4EAC-854B-0FA824FFFABB}" = Windows Live Messenger
"{44A27085-0616-4181-A0C3-81C7ECA17F73}" = CorelDRAW Graphics Suite X4
"{48EE6C79-1CE2-4CE8-B511-F2140B6781D6}" = Google Earth Pro
"{496BE58C-60E9-4203-AC5E-F076222A242B}" = Lexware financial office 2007
"{4CBA3D4C-8F51-4D60-B27E-F6B641C571E7}" = Microsoft Search Enhancement Pack
"{56C049BE-79E9-4502-BEA7-9754A3E60F9B}" = neroxml
"{587178E7-B1DF-494E-9838-FA4DD36E873C}" = ASUSUpdate
"{5888428E-699C-4E71-BF71-94EE06B497DA}" = TuneUp Utilities 2008
"{5D4C60AA-84E6-4E1A-8A68-69970D387BE1}" = TuneUp Utilities Language Pack (de-DE)
"{5DFC56CD-D74B-4B60-B4C1-4E5F0849FDCA}" = S4 League_EU
"{5FC68772-6D56-41C6-9DF1-24E868198AE6}" = Windows Live Call
"{60DE4033-9503-48D1-A483-7846BD217CA9}" = ICQ6.5
"{66A9D30D-1464-4C7F-B2F3-507DADAF2595}" = Microsoft IntelliPoint 6.3
"{6956856F-B6B3-4BE0-BA0B-8F495BE32033}" = Apple Software Update
"{69FDFBB6-351D-4B8C-89D8-867DC9D0A2A4}" = Windows Media Player Firefox Plugin
"{6D6204C8-6B1D-4FBA-ADA9-CB6DFF9BF80D}" = America's Army Deploy Client
"{70312451-0D00-4A84-B9B1-0D59B5180A4F}" = Opera 10.53
"{70B7A167-0B88-445D-A3EA-97C73AA88CAC}" = Windows Live Toolbar
"{7148F0A8-6813-11D6-A77B-00B0D0142030}" = Java 2 Runtime Environment, SE v1.4.2_03
"{7299052b-02a4-4627-81f2-1818da5d550d}" = Microsoft Visual C++ 2005 Redistributable
"{76618402-179D-4699-A66B-D351C59436BC}" = Windows Live Sync
"{767CC44C-9BBC-438D-BAD3-FD4595DD148B}" = VC80CRTRedist - 8.0.50727.762
"{770657D0-A123-3C07-8E44-1C83EC895118}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
"{786C4AD1-DCBA-49A6-B0EF-B317A344BD66}" = Windows Live Favorites für Windows Live Toolbar
"{7B63B2922B174135AFC0E1377DD81EC2}" = DivX Codec
"{7C7F30F4-94E7-4AA8-8941-90C4A80C68BF}" = NVIDIA nTune
"{7CFA46E3-CC2F-4355-82AE-6012DC3633FD}" = NVIDIA ForceWare Network Access Manager
"{7EE873AF-46BB-4B5D-BA6F-CFE4B0566E22}" = TuneUp Utilities Language Pack (de-DE)
"{7F05E704-30A6-421A-97A7-8EEB1C7FF010}" = CorelDRAW Graphics SUite X4 - ICA
"{7F05E704-30A6-421A-97A7-8EEB1C7FF012}" = CorelDRAW Graphics Suite X4 - Capture
"{7F05E704-30A6-421A-97A7-8EEB1C7FF013}" = CorelDRAW Graphics Suite X4 - Draw
"{7F05E704-30A6-421A-97A7-8EEB1C7FF014}" = CorelDRAW Graphics Suite X4 - PP
"{7F05E704-30A6-421A-97A7-8EEB1C7FF016}" = CorelDRAW Graphics Suite X4 - Content
"{7F05E704-30A6-421A-97A7-8EEB1C7FF017}" = CorelDRAW Graphics Suite X4 - Filters
"{7F05E704-30A6-421A-97A7-8EEB1C7FF019}" = CorelDRAW Graphics Suite X4 - FontNav
"{7F3AD00A-1819-4B15-BB7D-08B3586336D7}" = 3DMark06
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{8A74E887-8F0F-4017-AF53-CBA42211AAA5}" = Microsoft Sync Framework Runtime Native v1.0 (x86)
"{90120000-0015-0407-0000-0000000FF1CE}" = Microsoft Office Access MUI (German) 2007
"{90120000-0015-0407-0000-0000000FF1CE}_ENTERPRISE_{9BD40163-B95D-4B07-8991-0AB775B6D88B}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0016-0407-0000-0000000FF1CE}" = Microsoft Office Excel MUI (German) 2007
"{90120000-0016-0407-0000-0000000FF1CE}_ENTERPRISE_{9BD40163-B95D-4B07-8991-0AB775B6D88B}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0018-0407-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (German) 2007
"{90120000-0018-0407-0000-0000000FF1CE}_ENTERPRISE_{9BD40163-B95D-4B07-8991-0AB775B6D88B}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0019-0407-0000-0000000FF1CE}" = Microsoft Office Publisher MUI (German) 2007
"{90120000-0019-0407-0000-0000000FF1CE}_ENTERPRISE_{9BD40163-B95D-4B07-8991-0AB775B6D88B}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-001A-0407-0000-0000000FF1CE}" = Microsoft Office Outlook MUI (German) 2007
"{90120000-001A-0407-0000-0000000FF1CE}_ENTERPRISE_{9BD40163-B95D-4B07-8991-0AB775B6D88B}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-001B-0407-0000-0000000FF1CE}" = Microsoft Office Word MUI (German) 2007
"{90120000-001B-0407-0000-0000000FF1CE}_ENTERPRISE_{9BD40163-B95D-4B07-8991-0AB775B6D88B}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-001F-0407-0000-0000000FF1CE}" = Microsoft Office Proof (German) 2007
"{90120000-001F-0407-0000-0000000FF1CE}_ENTERPRISE_{A0516415-ED61-419A-981D-93596DA74165}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2007
"{90120000-001F-0409-0000-0000000FF1CE}_ENTERPRISE_{ABDDE972-355B-4AF1-89A8-DA50B7B5C045}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2007
"{90120000-001F-040C-0000-0000000FF1CE}_ENTERPRISE_{F580DDD5-8D37-4998-968E-EBB76BB86787}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-001F-0410-0000-0000000FF1CE}" = Microsoft Office Proof (Italian) 2007
"{90120000-001F-0410-0000-0000000FF1CE}_ENTERPRISE_{322296D4-1EAE-4030-9FBC-D2787EB25FA2}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-002C-0407-0000-0000000FF1CE}" = Microsoft Office Proofing (German) 2007
"{90120000-0030-0000-0000-0000000FF1CE}" = Microsoft Office Enterprise 2007
"{90120000-0030-0000-0000-0000000FF1CE}_ENTERPRISE_{0B36C6D6-F5D8-4EAF-BF94-4376A230AD5B}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0030-0000-0000-0000000FF1CE}_ENTERPRISE_{3D019598-7B59-447A-80AE-815B703B84FF}" = Security Update for Microsoft Office system 2007 (972581)
"{90120000-0044-0407-0000-0000000FF1CE}" = Microsoft Office InfoPath MUI (German) 2007
"{90120000-0044-0407-0000-0000000FF1CE}_ENTERPRISE_{9BD40163-B95D-4B07-8991-0AB775B6D88B}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-006E-0407-0000-0000000FF1CE}" = Microsoft Office Shared MUI (German) 2007
"{90120000-006E-0407-0000-0000000FF1CE}_ENTERPRISE_{26454C26-D259-4543-AA60-3189E09C5F76}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-00A1-0407-0000-0000000FF1CE}" = Microsoft Office OneNote MUI (German) 2007
"{90120000-00A1-0407-0000-0000000FF1CE}_ENTERPRISE_{9BD40163-B95D-4B07-8991-0AB775B6D88B}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-00BA-0407-0000-0000000FF1CE}" = Microsoft Office Groove MUI (German) 2007
"{90120000-00BA-0407-0000-0000000FF1CE}_ENTERPRISE_{9BD40163-B95D-4B07-8991-0AB775B6D88B}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{91B323B5-A79C-4D23-BD6D-046C565F9BCF}" = MadOnion.com/3DMark2001 SE
"{95120000-00B9-0409-0000-0000000FF1CE}" = Microsoft Application Error Reporting
"{989112B0-74DB-4A40-932F-580049CD0B97}" = Visual Basic for Applications (R) Core - German
"{994223F3-A99B-4DDD-9E1D-0190A17C6860}" = Windows Live Family Safety
"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
"{9D0798D0-AF6C-4E62-94B1-AEBF1A43E00A}" = CorelDRAW Graphics Suite X4 - IPM
"{A20A58C4-6784-4B4B-86CC-94E2E3671031}" = Nero 7 Premium
"{A49F249F-0C91-497F-86DF-B2585E8E76B7}" = Microsoft Visual C++ 2005 Redistributable
"{A4ABD5F4-0CAC-4B1F-ABEC-E1A4435BCACA}" = Lexware financial office 2007
"{AC76BA86-7AD7-1031-7B44-A81300000003}" = Adobe Reader 8.1.3 - Deutsch
"{ADE3CACC-EC31-480C-83A0-587EE60CE8DF}" = RamBooster
"{AE3CF174-872C-46C6-B9F6-C0593F3BC7B8}" = Microsoft Office Live Add-in 1.4
"{AEF5959B-4CEE-4BE2-8CAD-F13BB94C8A10}" = S4 League_EU
"{AEFBAC58-2DDD-4CEF-BDFD-52A5A5F432ED}" = CorelDRAW Graphics Suite X4 - Lang DE
"{B13A7C41581B411290FBC0395694E2A9}" = DivX Converter
"{B3DAF54F-DB25-4586-9EF1-96D24BB14088}" = Windows Movie Maker 2.6
"{B61D21B6-469D-4423-B161-62DB20B8A70E}" = Visual Basic for Applications (R) Core - English
"{B7050CBDB2504B34BC2A9CA0A692CC29}" = DivX Web Player
"{BD64AF4A-8C80-4152-AD77-FCDDF05208AB}" = Microsoft Sync Framework Services Native v1.0 (x86)
"{BEF726DD-4037-4214-8C6A-E625C02D2870}" = Logitech Audio Echo Cancellation Component
"{BF439B41-0252-48DE-8B8B-0430CB26A181}" = CorelDRAW Graphics Suite X4 - VBA
"{BF73B032-8D89-49D0-80F8-6C73DC1B0C20}" = Lexware financial office 2007
"{C4D738F7-996A-4C81-B8FA-C4E26D767E41}" = Windows Live Mail
"{C5C1C0F0-D62F-4DBF-81D4-D7EF397C228B}" = NVIDIA PhysX
"{C73A3AB4-99A4-45E5-B77F-09A3065E0D6A}" = Microsoft IntelliType Pro 6.1
"{CAFECAFE-0013-0001-0128-ABCDEFABCDEF}" = Oracle JInitiator 1.3.1.28
"{CE2DA11A-917F-4CF5-AB55-755EC115DD10}" = CorelDRAW(R) Graphics Suite X4 - Windows Shell Extension
"{D4AB77BC-A6C0-4DD4-B4FC-13022E203429}" = S4 League_EU
"{D873FA4B-C374-4F8A-8D9A-130DB56FAB16}" = America's Army
"{DAEAFD68-BB4A-4507-A241-C8804D2EA66D}" = Apple Application Support
"{DB81779E-7CC5-4630-BCFC-754004956444}" = Visual Basic for Applications (R) Core
"{DCA0C032-72D5-452C-9C3D-7D4E86D47030}" = Partition Commander 10 Server
"{E0A4805D-280A-4DD7-9E74-3A5F85E302A1}" = Windows Live Writer
"{E2DFE069-083E-4631-9B6C-43C48E991DE5}" = Junk Mail filter update
"{E7004147-2CCA-431C-AA05-2AB166B9785D}" = QuickTime
"{EA516024-D84D-41F1-814F-83175A6188F2}" = Logitech Video Enumerator
"{EF7E931D-DC84-471B-8DB6-A83358095474}" = EA Download Manager
"{F06FCDEC-5AB3-4927-A3E7-36AF98A8E05C}" = Huge Pine USB to UART Driver
"{F0A37341-D692-11D4-A984-009027EC0A9C}" = SoundMAX
"{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}" = Microsoft SQL Server 2005 Compact Edition [ENU]
"{F0E12BBA-AD66-4022-A453-A1C8A0C4D570}" = Microsoft Choice Guard
"{F7338FA3-DAB5-49B2-900D-0AFB5760C166}" = PC Probe II
"{F750C986-5310-3A5A-95F8-4EC71C8AC01C}" = Microsoft .NET Framework 4 Client Profile DEU Language Pack
"{F8FF18EE-264A-43FD-B2F6-5EAD40798C2F}" = Windows Live Essentials
"{F99898C4-4620-404A-915B-01292FA1A657}" = Lexware financial office 2007
"{FE0646A7-19D0-41B4-A2BB-2C35D644270D}" = Windows Live OneCare safety scanner
"{FF748561-FFFE-11D3-A06B-00E02939A7B1}" = dakota.ag
"Adobe Flash Player ActiveX" = Adobe Flash Player 10 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 10 Plugin
"Advanced SystemCare 3_is1" = Advanced SystemCare 3
"Akamai" = Akamai NetSession Interface
"AVMWLANCLI" = AVM FRITZ!WLAN
"Cheat Engine 5.6_is1" = Cheat Engine 5.6
"DivX Plus DirectShow Filters" = DivX Plus DirectShow Filters
"DreamLight Photo Editor_is1" = DreamLight Photo Editor 2.7
"ENTERPRISE" = Microsoft Office Enterprise 2007
"ETKA" = ETKA
"EVEREST Ultimate Edition_is1" = EVEREST Ultimate Edition v4.60
"FlashFXP" = FlashFXP
"FlorensiaEN" = FlorensiaEN 1.0
"GMX Upload-Manager" = GMX Upload-Manager
"Host OpenAL (ADI)" = Host OpenAL (ADI)
"ICQToolbar" = ICQ Toolbar
"InstallShield_{3BD633E0-4BF8-4499-9149-88F0767D449C}" = Call of Duty(R) 4 - Modern Warfare(TM) 1.4 Patch
"InstallShield_{7C7F30F4-94E7-4AA8-8941-90C4A80C68BF}" = NVIDIA nTune
"InstallShield_{7CFA46E3-CC2F-4355-82AE-6012DC3633FD}" = NVIDIA ForceWare Network Access Manager
"InstallShield_{EF7E931D-DC84-471B-8DB6-A83358095474}" = EA Download Manager
"Malwarebytes' Anti-Malware_is1" = Malwarebytes' Anti-Malware
"Marvell Miniport Driver" = Marvell Miniport Driver
"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile
"Microsoft .NET Framework 4 Client Profile DEU Language Pack" = Microsoft .NET Framework 4 Client Profile DEU Language Pack
"mIRC" = mIRC
"Mozilla Firefox (3.5.16)" = Mozilla Firefox (3.5.16)
"NimoCorp" = Nimo Codecs Pack v5.0 (Remove Only)
"NOD32 v3.x FiX 1.1 by TemDono_is1" = NOD32 v3.x FiX 1.1 by TemDono (Free Updates - Expire in 2050)
"NVIDIA Display Control Panel" = NVIDIA Display Control Panel
"NVIDIA Drivers" = NVIDIA Drivers
"Online-KeyToolBox-v1.1beta" = Online-KeyToolBox-v1.1beta
"PHPNukeDE Toolbar" = PHPNukeDE Toolbar
"PunkBusterSvc" = PunkBuster Services
"QcDrv" = Logitech® Camera-Treiber
"SystemRequirementsLab" = System Requirements Lab
"Teamspeak 2 RC2_is1" = TeamSpeak 2 RC2
"TuneUp Utilities 2011" = TuneUp Utilities 2011
"Werkstatt Office Professional (KFZ)_is1" = Werkstatt Office Professional
"Windows Live OneCare safety scanner" = Windows Live OneCare safety scanner
"WinLiveSuite_Wave3" = Windows Live Essentials
"WinRAR archiver" = WinRAR archiver
"xp-AntiSpy" = xp-AntiSpy 3.96-8
========== HKEY_CURRENT_USER Uninstall List ==========
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"Google Chrome" = Google Chrome
========== Last 10 Event Log Errors ==========
Error reading Event Logs: The Event Service is not operating properly or the Event Logs are corrupt!
< End of report >
|
|
25.12.2010, 17:22
| #5 |
| | Antivirus fake Extra.txtOTL EXTRAS Logfile: Code:
ATTFilter OTL Extras logfile created on: 25.12.2010 17:07:58 - Run 4
OTL by OldTimer - Version 3.2.18.0 Folder = C:\Users\Cansel\Desktop\Neuer Ordner
Ultimate Edition (Version = 6.1.7600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.7600.16385)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
3,00 Gb Total Physical Memory | 2,00 Gb Available Physical Memory | 64,00% Memory free
15,00 Gb Paging File | 14,00 Gb Available in Paging File | 94,00% Paging File free
Paging file location(s): [Binary data over 100 bytes]
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 69,25 Gb Total Space | 6,55 Gb Free Space | 9,45% Space Free | Partition Type: NTFS
Drive D: | 465,75 Gb Total Space | 124,23 Gb Free Space | 26,67% Space Free | Partition Type: NTFS
Drive F: | 465,75 Gb Total Space | 76,01 Gb Free Space | 16,32% Space Free | Partition Type: NTFS
Computer Name: CANSEL-PC | User Name: Cansel | Logged in as Administrator.
Boot Mode: SafeMode with Networking | Scan Mode: Current user
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
========== Extra Registry (SafeList) ==========
========== File Associations ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- C:\Windows\System32\control.exe (Microsoft Corporation)
.hlp [@ = hlpfile] -- C:\Windows\winhlp32.exe (Microsoft Corporation)
.html [@ = FirefoxHTML] -- C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation)
========== Shell Spawning ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
hlpfile [open] -- %SystemRoot%\winhlp32.exe %1 (Microsoft Corporation)
http [open] -- "C:\Program Files\Mozilla Firefox\firefox.exe" -requestPending -osint -url "%1" (Mozilla Corporation)
https [open] -- "C:\Program Files\Mozilla Firefox\firefox.exe" -requestPending -osint -url "%1" (Mozilla Corporation)
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l (Microsoft Corporation)
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [OneNote.Open] -- C:\PROGRA~1\MIF5BA~1\Office12\ONENOTE.EXE "%L" (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
========== Security Center Settings ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"VistaSp1" = Reg Error: Unknown registry data type -- File not found
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0
========== System Restore Settings ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows NT\SystemRestore]
"DisableSR" = 1
========== Firewall Settings ==========
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
========== Authorized Applications List ==========
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
========== HKEY_LOCAL_MACHINE Uninstall List ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"_{7F05E704-30A6-421A-97A7-8EEB1C7FF010}" = CorelDRAW(R) Graphics Suite X4
"_{CE2DA11A-917F-4CF5-AB55-755EC115DD10}" = CorelDRAW(R) Graphics Suite X4 - Windows Shell Extension
"{002D9D5E-29BA-3E6D-9BC4-3D7D6DBC735C}" = Microsoft Visual C++ 2008 ATL Update kb973924 - x86 9.0.30729.4148
"{00D0200F-3B4D-4A2F-869E-533ED835A943}" = Hervorhebe-Funktion (Windows Live Toolbar)
"{08976F97-548A-4084-B6D4-0F0D766365C4}" = Kartendesigner für Visitenkarten 2
"{0A7353C1-0C5C-45E8-BCE0-1559916CC7E8}" = Lexware financial office 2007
"{10A44844-4465-456E-8C97-80BDD4F68845}" = Windows Live ID-Anmelde-Assistent
"{1ADE1AA0-7F82-4BB1-B1BD-727DE438057B}" = Cool & Quiet
"{205C6BDD-7B73-42DE-8505-9A093F35A238}" = Windows Live-Uploadtool
"{218761F6-CBF6-4973-B910-A33E6563A1EA}" = Windows Live Toolbar-Erweiterung (Windows Live Toolbar)
"{22B775E7-6C42-4FC5-8E10-9A5E3257BD94}" = MSVCRT
"{24036256-BFDB-4CD3-BE8A-A3D6160F2E16}" = TuneUp Utilities 2011
"{24D753CA-6AE9-4E30-8F5F-EFC93E08BF3D}" = Skype™ 4.0
"{26A24AE4-039D-4CA4-87B4-2F83216011FF}" = Java(TM) 6 Update 17
"{276453C2-FFAF-468F-AC7E-8D4162698932}" = ESET NOD32 Antivirus
"{2BA722D1-48D1-406E-9123-8AE5431D63EF}" = Windows Live Fotogalerie
"{2DD6C198-FA9A-40B4-8DE5-CE5206E3EB34}" = Smart Menus (Windows Live Toolbar)
"{310BC5E2-31AF-49BB-904D-E71EB93645DC}" = AI Suite
"{31C50740-FC5A-4C6C-B91B-E3B5DFADC824}" = Logitech QuickCam
"{3248F0A8-6813-11D6-A77B-00B0D0160010}" = Java(TM) SE Runtime Environment 6 Update 1
"{3248F0A8-6813-11D6-A77B-00B0D0160020}" = Java(TM) 6 Update 2
"{3248F0A8-6813-11D6-A77B-00B0D0160030}" = Java(TM) 6 Update 3
"{3248F0A8-6813-11D6-A77B-00B0D0160050}" = Java(TM) 6 Update 5
"{3248F0A8-6813-11D6-A77B-00B0D0160070}" = Java(TM) 6 Update 7
"{35725FBC-A136-4A46-9F29-091759D9BB93}" = MVision
"{3B4E636E-9D65-4D67-BA61-189800823F52}" = Windows Live Communications Platform
"{3BD633E0-4BF8-4499-9149-88F0767D449C}" = Call of Duty(R) 4 - Modern Warfare(TM) 1.4 Patch
"{3C3901C5-3455-3E0A-A214-0B093A5070A6}" = Microsoft .NET Framework 4 Client Profile
"{3D3E663D-4E7E-4577-A560-7ECDDD45548A}" = PVSonyDll
"{3D654496-9C3D-4565-858C-3E551ECDA4E2}" = Virtual Cable Tester
"{3EFEF049-23D4-4B46-8903-4592FEA51018}" = Windows Live Movie Maker
"{41E654A9-26D0-4EAC-854B-0FA824FFFABB}" = Windows Live Messenger
"{44A27085-0616-4181-A0C3-81C7ECA17F73}" = CorelDRAW Graphics Suite X4
"{48EE6C79-1CE2-4CE8-B511-F2140B6781D6}" = Google Earth Pro
"{496BE58C-60E9-4203-AC5E-F076222A242B}" = Lexware financial office 2007
"{4CBA3D4C-8F51-4D60-B27E-F6B641C571E7}" = Microsoft Search Enhancement Pack
"{56C049BE-79E9-4502-BEA7-9754A3E60F9B}" = neroxml
"{587178E7-B1DF-494E-9838-FA4DD36E873C}" = ASUSUpdate
"{5888428E-699C-4E71-BF71-94EE06B497DA}" = TuneUp Utilities 2008
"{5D4C60AA-84E6-4E1A-8A68-69970D387BE1}" = TuneUp Utilities Language Pack (de-DE)
"{5DFC56CD-D74B-4B60-B4C1-4E5F0849FDCA}" = S4 League_EU
"{5FC68772-6D56-41C6-9DF1-24E868198AE6}" = Windows Live Call
"{60DE4033-9503-48D1-A483-7846BD217CA9}" = ICQ6.5
"{66A9D30D-1464-4C7F-B2F3-507DADAF2595}" = Microsoft IntelliPoint 6.3
"{6956856F-B6B3-4BE0-BA0B-8F495BE32033}" = Apple Software Update
"{69FDFBB6-351D-4B8C-89D8-867DC9D0A2A4}" = Windows Media Player Firefox Plugin
"{6D6204C8-6B1D-4FBA-ADA9-CB6DFF9BF80D}" = America's Army Deploy Client
"{70312451-0D00-4A84-B9B1-0D59B5180A4F}" = Opera 10.53
"{70B7A167-0B88-445D-A3EA-97C73AA88CAC}" = Windows Live Toolbar
"{7148F0A8-6813-11D6-A77B-00B0D0142030}" = Java 2 Runtime Environment, SE v1.4.2_03
"{7299052b-02a4-4627-81f2-1818da5d550d}" = Microsoft Visual C++ 2005 Redistributable
"{76618402-179D-4699-A66B-D351C59436BC}" = Windows Live Sync
"{767CC44C-9BBC-438D-BAD3-FD4595DD148B}" = VC80CRTRedist - 8.0.50727.762
"{770657D0-A123-3C07-8E44-1C83EC895118}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
"{786C4AD1-DCBA-49A6-B0EF-B317A344BD66}" = Windows Live Favorites für Windows Live Toolbar
"{7B63B2922B174135AFC0E1377DD81EC2}" = DivX Codec
"{7C7F30F4-94E7-4AA8-8941-90C4A80C68BF}" = NVIDIA nTune
"{7CFA46E3-CC2F-4355-82AE-6012DC3633FD}" = NVIDIA ForceWare Network Access Manager
"{7EE873AF-46BB-4B5D-BA6F-CFE4B0566E22}" = TuneUp Utilities Language Pack (de-DE)
"{7F05E704-30A6-421A-97A7-8EEB1C7FF010}" = CorelDRAW Graphics SUite X4 - ICA
"{7F05E704-30A6-421A-97A7-8EEB1C7FF012}" = CorelDRAW Graphics Suite X4 - Capture
"{7F05E704-30A6-421A-97A7-8EEB1C7FF013}" = CorelDRAW Graphics Suite X4 - Draw
"{7F05E704-30A6-421A-97A7-8EEB1C7FF014}" = CorelDRAW Graphics Suite X4 - PP
"{7F05E704-30A6-421A-97A7-8EEB1C7FF016}" = CorelDRAW Graphics Suite X4 - Content
"{7F05E704-30A6-421A-97A7-8EEB1C7FF017}" = CorelDRAW Graphics Suite X4 - Filters
"{7F05E704-30A6-421A-97A7-8EEB1C7FF019}" = CorelDRAW Graphics Suite X4 - FontNav
"{7F3AD00A-1819-4B15-BB7D-08B3586336D7}" = 3DMark06
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{8A74E887-8F0F-4017-AF53-CBA42211AAA5}" = Microsoft Sync Framework Runtime Native v1.0 (x86)
"{90120000-0015-0407-0000-0000000FF1CE}" = Microsoft Office Access MUI (German) 2007
"{90120000-0015-0407-0000-0000000FF1CE}_ENTERPRISE_{9BD40163-B95D-4B07-8991-0AB775B6D88B}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0016-0407-0000-0000000FF1CE}" = Microsoft Office Excel MUI (German) 2007
"{90120000-0016-0407-0000-0000000FF1CE}_ENTERPRISE_{9BD40163-B95D-4B07-8991-0AB775B6D88B}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0018-0407-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (German) 2007
"{90120000-0018-0407-0000-0000000FF1CE}_ENTERPRISE_{9BD40163-B95D-4B07-8991-0AB775B6D88B}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0019-0407-0000-0000000FF1CE}" = Microsoft Office Publisher MUI (German) 2007
"{90120000-0019-0407-0000-0000000FF1CE}_ENTERPRISE_{9BD40163-B95D-4B07-8991-0AB775B6D88B}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-001A-0407-0000-0000000FF1CE}" = Microsoft Office Outlook MUI (German) 2007
"{90120000-001A-0407-0000-0000000FF1CE}_ENTERPRISE_{9BD40163-B95D-4B07-8991-0AB775B6D88B}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-001B-0407-0000-0000000FF1CE}" = Microsoft Office Word MUI (German) 2007
"{90120000-001B-0407-0000-0000000FF1CE}_ENTERPRISE_{9BD40163-B95D-4B07-8991-0AB775B6D88B}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-001F-0407-0000-0000000FF1CE}" = Microsoft Office Proof (German) 2007
"{90120000-001F-0407-0000-0000000FF1CE}_ENTERPRISE_{A0516415-ED61-419A-981D-93596DA74165}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2007
"{90120000-001F-0409-0000-0000000FF1CE}_ENTERPRISE_{ABDDE972-355B-4AF1-89A8-DA50B7B5C045}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2007
"{90120000-001F-040C-0000-0000000FF1CE}_ENTERPRISE_{F580DDD5-8D37-4998-968E-EBB76BB86787}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-001F-0410-0000-0000000FF1CE}" = Microsoft Office Proof (Italian) 2007
"{90120000-001F-0410-0000-0000000FF1CE}_ENTERPRISE_{322296D4-1EAE-4030-9FBC-D2787EB25FA2}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-002C-0407-0000-0000000FF1CE}" = Microsoft Office Proofing (German) 2007
"{90120000-0030-0000-0000-0000000FF1CE}" = Microsoft Office Enterprise 2007
"{90120000-0030-0000-0000-0000000FF1CE}_ENTERPRISE_{0B36C6D6-F5D8-4EAF-BF94-4376A230AD5B}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0030-0000-0000-0000000FF1CE}_ENTERPRISE_{3D019598-7B59-447A-80AE-815B703B84FF}" = Security Update for Microsoft Office system 2007 (972581)
"{90120000-0044-0407-0000-0000000FF1CE}" = Microsoft Office InfoPath MUI (German) 2007
"{90120000-0044-0407-0000-0000000FF1CE}_ENTERPRISE_{9BD40163-B95D-4B07-8991-0AB775B6D88B}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-006E-0407-0000-0000000FF1CE}" = Microsoft Office Shared MUI (German) 2007
"{90120000-006E-0407-0000-0000000FF1CE}_ENTERPRISE_{26454C26-D259-4543-AA60-3189E09C5F76}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-00A1-0407-0000-0000000FF1CE}" = Microsoft Office OneNote MUI (German) 2007
"{90120000-00A1-0407-0000-0000000FF1CE}_ENTERPRISE_{9BD40163-B95D-4B07-8991-0AB775B6D88B}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-00BA-0407-0000-0000000FF1CE}" = Microsoft Office Groove MUI (German) 2007
"{90120000-00BA-0407-0000-0000000FF1CE}_ENTERPRISE_{9BD40163-B95D-4B07-8991-0AB775B6D88B}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{91B323B5-A79C-4D23-BD6D-046C565F9BCF}" = MadOnion.com/3DMark2001 SE
"{95120000-00B9-0409-0000-0000000FF1CE}" = Microsoft Application Error Reporting
"{989112B0-74DB-4A40-932F-580049CD0B97}" = Visual Basic for Applications (R) Core - German
"{994223F3-A99B-4DDD-9E1D-0190A17C6860}" = Windows Live Family Safety
"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
"{9D0798D0-AF6C-4E62-94B1-AEBF1A43E00A}" = CorelDRAW Graphics Suite X4 - IPM
"{A20A58C4-6784-4B4B-86CC-94E2E3671031}" = Nero 7 Premium
"{A49F249F-0C91-497F-86DF-B2585E8E76B7}" = Microsoft Visual C++ 2005 Redistributable
"{A4ABD5F4-0CAC-4B1F-ABEC-E1A4435BCACA}" = Lexware financial office 2007
"{AC76BA86-7AD7-1031-7B44-A81300000003}" = Adobe Reader 8.1.3 - Deutsch
"{ADE3CACC-EC31-480C-83A0-587EE60CE8DF}" = RamBooster
"{AE3CF174-872C-46C6-B9F6-C0593F3BC7B8}" = Microsoft Office Live Add-in 1.4
"{AEF5959B-4CEE-4BE2-8CAD-F13BB94C8A10}" = S4 League_EU
"{AEFBAC58-2DDD-4CEF-BDFD-52A5A5F432ED}" = CorelDRAW Graphics Suite X4 - Lang DE
"{B13A7C41581B411290FBC0395694E2A9}" = DivX Converter
"{B3DAF54F-DB25-4586-9EF1-96D24BB14088}" = Windows Movie Maker 2.6
"{B61D21B6-469D-4423-B161-62DB20B8A70E}" = Visual Basic for Applications (R) Core - English
"{B7050CBDB2504B34BC2A9CA0A692CC29}" = DivX Web Player
"{BD64AF4A-8C80-4152-AD77-FCDDF05208AB}" = Microsoft Sync Framework Services Native v1.0 (x86)
"{BEF726DD-4037-4214-8C6A-E625C02D2870}" = Logitech Audio Echo Cancellation Component
"{BF439B41-0252-48DE-8B8B-0430CB26A181}" = CorelDRAW Graphics Suite X4 - VBA
"{BF73B032-8D89-49D0-80F8-6C73DC1B0C20}" = Lexware financial office 2007
"{C4D738F7-996A-4C81-B8FA-C4E26D767E41}" = Windows Live Mail
"{C5C1C0F0-D62F-4DBF-81D4-D7EF397C228B}" = NVIDIA PhysX
"{C73A3AB4-99A4-45E5-B77F-09A3065E0D6A}" = Microsoft IntelliType Pro 6.1
"{CAFECAFE-0013-0001-0128-ABCDEFABCDEF}" = Oracle JInitiator 1.3.1.28
"{CE2DA11A-917F-4CF5-AB55-755EC115DD10}" = CorelDRAW(R) Graphics Suite X4 - Windows Shell Extension
"{D4AB77BC-A6C0-4DD4-B4FC-13022E203429}" = S4 League_EU
"{D873FA4B-C374-4F8A-8D9A-130DB56FAB16}" = America's Army
"{DAEAFD68-BB4A-4507-A241-C8804D2EA66D}" = Apple Application Support
"{DB81779E-7CC5-4630-BCFC-754004956444}" = Visual Basic for Applications (R) Core
"{DCA0C032-72D5-452C-9C3D-7D4E86D47030}" = Partition Commander 10 Server
"{E0A4805D-280A-4DD7-9E74-3A5F85E302A1}" = Windows Live Writer
"{E2DFE069-083E-4631-9B6C-43C48E991DE5}" = Junk Mail filter update
"{E7004147-2CCA-431C-AA05-2AB166B9785D}" = QuickTime
"{EA516024-D84D-41F1-814F-83175A6188F2}" = Logitech Video Enumerator
"{EF7E931D-DC84-471B-8DB6-A83358095474}" = EA Download Manager
"{F06FCDEC-5AB3-4927-A3E7-36AF98A8E05C}" = Huge Pine USB to UART Driver
"{F0A37341-D692-11D4-A984-009027EC0A9C}" = SoundMAX
"{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}" = Microsoft SQL Server 2005 Compact Edition [ENU]
"{F0E12BBA-AD66-4022-A453-A1C8A0C4D570}" = Microsoft Choice Guard
"{F7338FA3-DAB5-49B2-900D-0AFB5760C166}" = PC Probe II
"{F750C986-5310-3A5A-95F8-4EC71C8AC01C}" = Microsoft .NET Framework 4 Client Profile DEU Language Pack
"{F8FF18EE-264A-43FD-B2F6-5EAD40798C2F}" = Windows Live Essentials
"{F99898C4-4620-404A-915B-01292FA1A657}" = Lexware financial office 2007
"{FE0646A7-19D0-41B4-A2BB-2C35D644270D}" = Windows Live OneCare safety scanner
"{FF748561-FFFE-11D3-A06B-00E02939A7B1}" = dakota.ag
"Adobe Flash Player ActiveX" = Adobe Flash Player 10 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 10 Plugin
"Advanced SystemCare 3_is1" = Advanced SystemCare 3
"Akamai" = Akamai NetSession Interface
"AVMWLANCLI" = AVM FRITZ!WLAN
"Cheat Engine 5.6_is1" = Cheat Engine 5.6
"DivX Plus DirectShow Filters" = DivX Plus DirectShow Filters
"DreamLight Photo Editor_is1" = DreamLight Photo Editor 2.7
"ENTERPRISE" = Microsoft Office Enterprise 2007
"ETKA" = ETKA
"EVEREST Ultimate Edition_is1" = EVEREST Ultimate Edition v4.60
"FlashFXP" = FlashFXP
"FlorensiaEN" = FlorensiaEN 1.0
"GMX Upload-Manager" = GMX Upload-Manager
"Host OpenAL (ADI)" = Host OpenAL (ADI)
"ICQToolbar" = ICQ Toolbar
"InstallShield_{3BD633E0-4BF8-4499-9149-88F0767D449C}" = Call of Duty(R) 4 - Modern Warfare(TM) 1.4 Patch
"InstallShield_{7C7F30F4-94E7-4AA8-8941-90C4A80C68BF}" = NVIDIA nTune
"InstallShield_{7CFA46E3-CC2F-4355-82AE-6012DC3633FD}" = NVIDIA ForceWare Network Access Manager
"InstallShield_{EF7E931D-DC84-471B-8DB6-A83358095474}" = EA Download Manager
"Malwarebytes' Anti-Malware_is1" = Malwarebytes' Anti-Malware
"Marvell Miniport Driver" = Marvell Miniport Driver
"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile
"Microsoft .NET Framework 4 Client Profile DEU Language Pack" = Microsoft .NET Framework 4 Client Profile DEU Language Pack
"mIRC" = mIRC
"Mozilla Firefox (3.5.16)" = Mozilla Firefox (3.5.16)
"NimoCorp" = Nimo Codecs Pack v5.0 (Remove Only)
"NOD32 v3.x FiX 1.1 by TemDono_is1" = NOD32 v3.x FiX 1.1 by TemDono (Free Updates - Expire in 2050)
"NVIDIA Display Control Panel" = NVIDIA Display Control Panel
"NVIDIA Drivers" = NVIDIA Drivers
"Online-KeyToolBox-v1.1beta" = Online-KeyToolBox-v1.1beta
"PHPNukeDE Toolbar" = PHPNukeDE Toolbar
"PunkBusterSvc" = PunkBuster Services
"QcDrv" = Logitech® Camera-Treiber
"SystemRequirementsLab" = System Requirements Lab
"Teamspeak 2 RC2_is1" = TeamSpeak 2 RC2
"TuneUp Utilities 2011" = TuneUp Utilities 2011
"Werkstatt Office Professional (KFZ)_is1" = Werkstatt Office Professional
"Windows Live OneCare safety scanner" = Windows Live OneCare safety scanner
"WinLiveSuite_Wave3" = Windows Live Essentials
"WinRAR archiver" = WinRAR archiver
"xp-AntiSpy" = xp-AntiSpy 3.96-8
========== HKEY_CURRENT_USER Uninstall List ==========
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"Google Chrome" = Google Chrome
========== Last 10 Event Log Errors ==========
Error reading Event Logs: The Event Service is not operating properly or the Event Logs are corrupt!
< End of report >
|
|
25.12.2010, 17:25
| #6 |
| /// Malware-holic | Antivirus fake bitte erstelle und poste ein combofix log. Ein Leitfaden und Tutorium zur Nutzung von ComboFix im abgesicherten modus, falls nötig.
__________________ --> Antivirus fake |
|
25.12.2010, 17:33
| #7 | |
| | Antivirus fakeZitat:
|
|
25.12.2010, 17:41
| #8 |
| | Antivirus fake hallo ich wollte genau im abgesicherten modus ComboFix starten und da kam plötzlich ein blue srceen.Ich habe schon mit Malwarebytes-Anti-Malware gescannt und habe haufenweise viren endeckt.Ich hatte beim letzten mal vergessen es zu aktualisieren. |
|
25.12.2010, 17:44
| #9 |
| /// Malware-holic | Antivirus fake dann poste das Malwarebytes log, zu finden unter malwarebytes, logdateien.
__________________ -Verdächtige mails bitte an uns zur Analyse weiterleiten: markusg.trojaner-board@web.de Weiterleiten Anleitung: http://markusg.trojaner-board.de Mails bitte vorerst nach obiger Anleitung an markusg.trojaner-board@web.de Weiterleiten Wenn Ihr uns unterstützen möchtet |
|
| Themen zu Antivirus fake |
| abgesicherte, abgesicherten, anderes, antivirus, antivirus fake, antivirus scan, automatisch, brauche, erschein, fake, film, gefahren, geht nicht weg, gestern, heiss, herunter, infiziert., minute, modus, mutter, scan, scannen, scanner, starte, system, verweigert, virus |
Antivirus fake
Linear-Darstellung
