| Nemesis36 | 23.11.2010 13:23 |
Spyware während der Pay-Pal Anmeldung!
Hi,
ich habe ein Problem. Als ich mich neulich bei Pay-Pal anmelden wollte, kam in diesem Moment die Virus-Warnung von Avira:
Erkennungs-Muster des Droppers DR Spy/ZBot.arzj
Hört sich für mich nicht gut an, dass in dem Moment, wo ich mich bei Pay-Pal anmelden will, von wo man auf mein Geld zugreifen kann, ein "Virus" aktiv wird, wo was von Spy im Namen steht.:eek: Ich habe Angst, bitte helft mir.:(
Also habe ich mal Ad-Aware runtergeladen und auf Anhieb 5 Funde gehabt. Allerdings bin ich mir sicher, dass der Carspawner und der sacam_loader.exe keine Trojaner sind. Sie hacken sich lediglich in ein Computer-Spiel ein und werden deshalb wohl fälschlicherweise als Trojaner erkannt. Das Programm icetea dürfte auch kein Trojaner sein, das habe ich 1 Jahr und Avira hatte mich nicht gewahrnt, Anti-Malware auch nicht, aber jetzt auf einmal halt schon: Code:
Logfile created: 19.11.2010 21:20:23
Ad-Aware version: 8.3.5
Extended engine: 3
Extended engine version: 3.1.2770
User performing scan: Fabian
*********************** Definitions database information ***********************
Lavasoft definition file: 150.167
Genotype definition file version: 2010/11/18 15:56:06
Extended engine definition file: 7350.0
******************************** Scan results: *********************************
Scan profile name: Vollständiger Scan (ID: full)
Objects scanned: 313180
Objects detected: 5
Type Detected
==========================
Processes.......: 0
Registry entries: 0
Hostfile entries: 0
Files...........: 5
Folders.........: 0
LSPs............: 0
Cookies.........: 0
Browser hijacks.: 0
MRU objects.....: 0
Quarantined items:
Description: c:\users\fabian\appdata\roaming\desktopicon\ebayshortcuts.exe Family Name: Trojan.Win32.Adware Engine: 3 Clean status: Success Item ID: 1 Family ID: 0 MD5: a7cb09be9c921040735388b599209dbf
Description: c:\users\fabian\mein zeug\psp\psp\12556_icetea1.3_win\icetea1.3_win\icetea.exe Family Name: Win32.Hoax.Agent Engine: 1 Clean status: Success Item ID: 0 Family ID: 3723 MD5: 523f0447ad0cc94b734839f1ea7c433f
Description: c:\users\fabian\mein zeug\san andreas\san andreas-programmme\carspawner.exe Family Name: Trojan-Dropper.Win32.Agent Engine: 3 Clean status: Success Item ID: 2 Family ID: 0 MD5: 09b0c858845400df5110352bcb28a3cf
Description: c:\users\fabian\mein zeug\san andreas\san andreas-programmme\samp_cam_hack_vista\sampcamhack\sacam_loader.exe Family Name: Trojan.Win32.Generic!BT Engine: 3 Clean status: Success Item ID: 3 Family ID: 0 MD5: da6e13d9187ae7af22035730b25c4569
Description: c:\program files\aws\minibug.exe Family Name: Trojan.Win32.Generic!BT Engine: 3 Clean status: Success Item ID: 3 Family ID: 0 MD5: 8a9ff2d074d6325e0bc8a0230ad282ff
Scan and cleaning complete: Stopped by request after 8603 seconds
*********************************** Settings ***********************************
Scan profile:
ID: full, enabled:1, value: Vollständiger Scan
ID: folderstoscan, enabled:1, value: C:\
ID: useantivirus, enabled:1, value: true
ID: sections, enabled:1
ID: scancriticalareas, enabled:1, value: true
ID: scanrunningapps, enabled:1, value: true
ID: scanregistry, enabled:1, value: true
ID: scanlsp, enabled:1, value: true
ID: scanads, enabled:1, value: true
ID: scanhostsfile, enabled:1, value: true
ID: scanmru, enabled:1, value: true
ID: scanbrowserhijacks, enabled:1, value: true
ID: scantrackingcookies, enabled:1, value: true
ID: closebrowsers, enabled:1, value: false
ID: filescanningoptions, enabled:1
ID: archives, enabled:1, value: true
ID: onlyexecutables, enabled:1, value: false
ID: skiplargerthan, enabled:1, value: 20480
ID: scanrootkits, enabled:1, value: true
ID: rootkitlevel, enabled:1, value: mild, domain: medium,mild,strict
ID: usespywareheuristics, enabled:1, value: true
Scan global:
ID: global, enabled:1
ID: addtocontextmenu, enabled:1, value: true
ID: playsoundoninfection, enabled:1, value: false
ID: soundfile, enabled:0, value: N/A
Scheduled scan settings:
<Empty>
Update settings:
ID: updates, enabled:1
ID: launchthreatworksafterscan, enabled:1, value: off, domain: normal,off,silently
ID: deffiles, enabled:1, value: downloadandinstall, domain: dontcheck,downloadandinstall
ID: licenseandinfo, enabled:1, value: downloadandinstall, domain: dontcheck,downloadandinstall
ID: schedules, enabled:1, value: true
ID: updatedaily1, enabled:1, value: Daily 1
ID: time, enabled:1, value: Fri Nov 19 21:14:00 2010
ID: frequency, enabled:1, value: daily, domain: daily,monthly,once,systemstart,weekly
ID: weekdays, enabled:1
ID: monday, enabled:1, value: false
ID: tuesday, enabled:1, value: false
ID: wednesday, enabled:1, value: false
ID: thursday, enabled:1, value: false
ID: friday, enabled:1, value: false
ID: saturday, enabled:1, value: false
ID: sunday, enabled:1, value: false
ID: monthly, enabled:1, value: 1, minvalue: 1, maxvalue: 31
ID: scanprofile, enabled:1, value:
ID: auto_deal_with_infections, enabled:1, value: false
ID: updatedaily2, enabled:1, value: Daily 2
ID: time, enabled:1, value: Fri Nov 19 03:14:00 2010
ID: frequency, enabled:1, value: daily, domain: daily,monthly,once,systemstart,weekly
ID: weekdays, enabled:1
ID: monday, enabled:1, value: false
ID: tuesday, enabled:1, value: false
ID: wednesday, enabled:1, value: false
ID: thursday, enabled:1, value: false
ID: friday, enabled:1, value: false
ID: saturday, enabled:1, value: false
ID: sunday, enabled:1, value: false
ID: monthly, enabled:1, value: 1, minvalue: 1, maxvalue: 31
ID: scanprofile, enabled:1, value:
ID: auto_deal_with_infections, enabled:1, value: false
ID: updatedaily3, enabled:1, value: Daily 3
ID: time, enabled:1, value: Fri Nov 19 09:14:00 2010
ID: frequency, enabled:1, value: daily, domain: daily,monthly,once,systemstart,weekly
ID: weekdays, enabled:1
ID: monday, enabled:1, value: false
ID: tuesday, enabled:1, value: false
ID: wednesday, enabled:1, value: false
ID: thursday, enabled:1, value: false
ID: friday, enabled:1, value: false
ID: saturday, enabled:1, value: false
ID: sunday, enabled:1, value: false
ID: monthly, enabled:1, value: 1, minvalue: 1, maxvalue: 31
ID: scanprofile, enabled:1, value:
ID: auto_deal_with_infections, enabled:1, value: false
ID: updatedaily4, enabled:1, value: Daily 4
ID: time, enabled:1, value: Fri Nov 19 15:14:00 2010
ID: frequency, enabled:1, value: daily, domain: daily,monthly,once,systemstart,weekly
ID: weekdays, enabled:1
ID: monday, enabled:1, value: false
ID: tuesday, enabled:1, value: false
ID: wednesday, enabled:1, value: false
ID: thursday, enabled:1, value: false
ID: friday, enabled:1, value: false
ID: saturday, enabled:1, value: false
ID: sunday, enabled:1, value: false
ID: monthly, enabled:1, value: 1, minvalue: 1, maxvalue: 31
ID: scanprofile, enabled:1, value:
ID: auto_deal_with_infections, enabled:1, value: false
ID: updateweekly1, enabled:1, value: Weekly
ID: time, enabled:1, value: Fri Nov 19 21:14:00 2010
ID: frequency, enabled:1, value: weekly, domain: daily,monthly,once,systemstart,weekly
ID: weekdays, enabled:1
ID: monday, enabled:1, value: true
ID: tuesday, enabled:1, value: false
ID: wednesday, enabled:1, value: false
ID: thursday, enabled:1, value: false
ID: friday, enabled:1, value: true
ID: saturday, enabled:1, value: false
ID: sunday, enabled:1, value: false
ID: monthly, enabled:1, value: 1, minvalue: 1, maxvalue: 31
ID: scanprofile, enabled:1, value:
ID: auto_deal_with_infections, enabled:1, value: false
Appearance settings:
ID: appearance, enabled:1
ID: skin, enabled:1, value: default.egl, reglocation: HKEY_LOCAL_MACHINE\SOFTWARE\Lavasoft\Ad-Aware\Resource
ID: showtrayicon, enabled:1, value: true
ID: autoentertainmentmode, enabled:1, value: true
ID: guimode, enabled:1, value: mode_simple, domain: mode_advanced,mode_simple
ID: language, enabled:1, value: de, reglocation: HKEY_LOCAL_MACHINE\SOFTWARE\Lavasoft\Ad-Aware\Language
Realtime protection settings:
ID: realtime, enabled:1
ID: layers, enabled:1
ID: useantivirus, enabled:1, value: true
ID: usespywareheuristics, enabled:1, value: true
ID: infomessages, enabled:1, value: onlyimportant, domain: display,dontnotify,onlyimportant
ID: modules, enabled:1
ID: processprotection, enabled:1, value: true
ID: onaccessprotection, enabled:1, value: false
ID: registryprotection, enabled:1, value: true
ID: networkprotection, enabled:1, value: true
****************************** System information ******************************
Computer name: FABIAN-PC
Processor name: Intel(R) Core(TM)2 CPU 6600 @ 2.40GHz
Processor identifier: x86 Family 6 Model 15 Stepping 6
Processor speed: ~2405MHZ
Raw info: processorarchitecture 0, processortype 586, processorlevel 6, processor revision 3846, number of processors 2, processor features: [MMX,SSE,SSE2,SSE3]
Physical memory available: 1099677696 bytes
Physical memory total: 2145710080 bytes
Virtual memory available: 1838669824 bytes
Virtual memory total: 2147352576 bytes
Memory load: 48%
Microsoft Windows Vista Home Premium Edition, 32-bit Service Pack 1 (build 6001)
Windows startup mode:
Running processes:
PID: 488 name: C:\Windows\System32\smss.exe owner: SYSTEM domain: NT-AUTORITÄT
PID: 604 name: C:\Windows\System32\csrss.exe owner: SYSTEM domain: NT-AUTORITÄT
PID: 656 name: C:\Windows\System32\wininit.exe owner: SYSTEM domain: NT-AUTORITÄT
PID: 668 name: C:\Windows\System32\csrss.exe owner: SYSTEM domain: NT-AUTORITÄT
PID: 700 name: C:\Windows\System32\services.exe owner: SYSTEM domain: NT-AUTORITÄT
PID: 712 name: C:\Windows\System32\lsass.exe owner: SYSTEM domain: NT-AUTORITÄT
PID: 724 name: C:\Windows\System32\lsm.exe owner: SYSTEM domain: NT-AUTORITÄT
PID: 888 name: C:\Windows\System32\winlogon.exe owner: SYSTEM domain: NT-AUTORITÄT
PID: 912 name: C:\Windows\System32\svchost.exe owner: SYSTEM domain: NT-AUTORITÄT
PID: 976 name: C:\Windows\System32\nvvsvc.exe owner: SYSTEM domain: NT-AUTORITÄT
PID: 1004 name: C:\Windows\System32\svchost.exe owner: NETZWERKDIENST domain: NT-AUTORITÄT
PID: 1044 name: C:\Windows\System32\svchost.exe owner: SYSTEM domain: NT-AUTORITÄT
PID: 1096 name: C:\Windows\System32\svchost.exe owner: LOKALER DIENST domain: NT-AUTORITÄT
PID: 1132 name: C:\Windows\System32\svchost.exe owner: SYSTEM domain: NT-AUTORITÄT
PID: 1168 name: C:\Windows\System32\svchost.exe owner: SYSTEM domain: NT-AUTORITÄT
PID: 1336 name: C:\Windows\System32\svchost.exe owner: SYSTEM domain: NT-AUTORITÄT
PID: 1360 name: C:\Windows\System32\SLsvc.exe owner: NETZWERKDIENST domain: NT-AUTORITÄT
PID: 1392 name: C:\Windows\System32\svchost.exe owner: LOKALER DIENST domain: NT-AUTORITÄT
PID: 1484 name: C:\Windows\System32\rundll32.exe owner: SYSTEM domain: NT-AUTORITÄT
PID: 1628 name: C:\Windows\System32\svchost.exe owner: NETZWERKDIENST domain: NT-AUTORITÄT
PID: 1756 name: C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe owner: SYSTEM domain: NT-AUTORITÄT
PID: 1848 name: C:\Windows\System32\spoolsv.exe owner: SYSTEM domain: NT-AUTORITÄT
PID: 1872 name: C:\Program Files\Avira\AntiVir Desktop\sched.exe owner: SYSTEM domain: NT-AUTORITÄT
PID: 1884 name: C:\Windows\System32\svchost.exe owner: LOKALER DIENST domain: NT-AUTORITÄT
PID: 336 name: C:\Program Files\Avira\AntiVir Desktop\avguard.exe owner: SYSTEM domain: NT-AUTORITÄT
PID: 396 name: C:\Program Files\Common Files\Nero\Nero BackItUp 4\NBService.exe owner: SYSTEM domain: NT-AUTORITÄT
PID: 1416 name: C:\Program Files\OO Software\Defrag\oodag.exe owner: SYSTEM domain: NT-AUTORITÄT
PID: 1468 name: C:\Windows\System32\PnkBstrA.exe owner: SYSTEM domain: NT-AUTORITÄT
PID: 2008 name: C:\Windows\System32\svchost.exe owner: NETZWERKDIENST domain: NT-AUTORITÄT
PID: 648 name: C:\Program Files\CyberLink\Shared Files\RichVideo.exe owner: SYSTEM domain: NT-AUTORITÄT
PID: 2052 name: C:\Users\Fabian\AppData\Roaming\OCS\SM\SearchAnonymizerHelper.exe owner: SYSTEM domain: NT-AUTORITÄT
PID: 2104 name: C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindServiceAE.exe owner: SYSTEM domain: NT-AUTORITÄT
PID: 2120 name: C:\Windows\System32\svchost.exe owner: LOKALER DIENST domain: NT-AUTORITÄT
PID: 2148 name: C:\Windows\System32\svchost.exe owner: SYSTEM domain: NT-AUTORITÄT
PID: 2188 name: C:\Windows\System32\SearchIndexer.exe owner: SYSTEM domain: NT-AUTORITÄT
PID: 2216 name: C:\Program Files\Vodafone\Vodafone Mobile Connect\Bin\VMCService.exe owner: SYSTEM domain: NT-AUTORITÄT
PID: 2348 name: C:\Program Files\Spybot - Search & Destroy\SDWinSec.exe owner: SYSTEM domain: NT-AUTORITÄT
PID: 2488 name: C:\Windows\System32\wbem\WmiPrvSE.exe owner: NETZWERKDIENST domain: NT-AUTORITÄT
PID: 2696 name: C:\Windows\System32\WUDFHost.exe owner: LOKALER DIENST domain: NT-AUTORITÄT
PID: 2932 name: C:\Windows\System32\wbem\unsecapp.exe owner: SYSTEM domain: NT-AUTORITÄT
PID: 2992 name: C:\Windows\System32\wbem\WmiPrvSE.exe owner: SYSTEM domain: NT-AUTORITÄT
PID: 3292 name: C:\Windows\System32\dwm.exe owner: Fabian domain: Fabian-PC
PID: 3344 name: C:\Windows\explorer.exe owner: Fabian domain: Fabian-PC
PID: 3372 name: C:\Windows\System32\taskeng.exe owner: Fabian domain: Fabian-PC
PID: 3724 name: C:\Windows\System32\Narrator.exe owner: Fabian domain: Fabian-PC
PID: 3804 name: C:\Windows\System32\rundll32.exe owner: Fabian domain: Fabian-PC
PID: 3848 name: C:\Program Files\Razer\Salmosa\razerhid.exe owner: Fabian domain: Fabian-PC
PID: 3940 name: C:\Program Files\Logitech\Gaming Software\LWEMon.exe owner: Fabian domain: Fabian-PC
PID: 3952 name: C:\Program Files\Razer\Salmosa\razertra.exe owner: Fabian domain: Fabian-PC
PID: 3980 name: C:\Program Files\Razer\Salmosa\razerofa.exe owner: Fabian domain: Fabian-PC
PID: 4000 name: C:\Program Files\Java\jre6\bin\jusched.exe owner: Fabian domain: Fabian-PC
PID: 4044 name: C:\Program Files\Avira\AntiVir Desktop\avgnt.exe owner: Fabian domain: Fabian-PC
PID: 4056 name: C:\Program Files\QuickTime\QTTask.exe owner: Fabian domain: Fabian-PC
PID: 4064 name: C:\Windows\ehome\ehtray.exe owner: Fabian domain: Fabian-PC
PID: 2100 name: C:\Program Files\Windows Media Player\wmpnscfg.exe owner: Fabian domain: Fabian-PC
PID: 1732 name: C:\Program Files\Lavasoft\Ad-Aware\Ad-Aware.exe owner: Fabian domain: Fabian-PC
PID: 832 name: C:\Windows\ehome\ehmsas.exe owner: Fabian domain: Fabian-PC
PID: 1588 name: C:\Windows\ehome\ehsched.exe owner: NETZWERKDIENST domain: NT-AUTORITÄT
PID: 3640 name: C:\Program Files\Windows Media Player\wmpnetwk.exe owner: NETZWERKDIENST domain: NT-AUTORITÄT
PID: 1544 name: C:\Windows\ehome\ehrecvr.exe owner: NETZWERKDIENST domain: NT-AUTORITÄT
PID: 2260 name: C:\Windows\System32\taskeng.exe owner: SYSTEM domain: NT-AUTORITÄT
PID: 3044 name: C:\Windows\System32\SearchProtocolHost.exe owner: SYSTEM domain: NT-AUTORITÄT
PID: 3760 name: C:\Program Files\Lavasoft\Ad-Aware\AAWTray.exe owner: Fabian domain: Fabian-PC
PID: 2940 name: C:\Windows\System32\SearchFilterHost.exe owner: SYSTEM domain: NT-AUTORITÄT
Startup items:
Name: {8C7461EF-2B13-11d2-BE35-3078302C2030}
imagepath: Component Categories cache daemon
Name: NvCplDaemon
imagepath: RUNDLL32.EXE C:\Windows\system32\NvCpl.dll,NvStartup
Name: NvMediaCenter
imagepath: RUNDLL32.EXE C:\Windows\system32\NvMcTray.dll,NvTaskbarInit
Name: Salmosa
imagepath: C:\Program Files\Razer\Salmosa\razerhid.exe
Name: Start WingMan Profiler
imagepath: C:\Program Files\Logitech\Gaming Software\LWEMon.exe /noui
Name: SunJavaUpdateSched
imagepath: "C:\Program Files\Java\jre6\bin\jusched.exe"
Name: Ocs_SM
imagepath: C:\Users\Fabian\AppData\Roaming\OCS\SM\SearchAnonymizer.exe
Name: Malwarebytes Anti-Malware (reboot)
imagepath: "C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe" /runcleanupscript
Name: avgnt
imagepath: "C:\Program Files\Avira\AntiVir Desktop\avgnt.exe" /min
Name: QuickTime Task
imagepath: "C:\Program Files\QuickTime\QTTask.exe" -atboottime
Name: WebCheck
imagepath: {E6FB5E20-DE35-11CF-9C87-00AA005127ED}
Name:
imagepath: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\desktop.ini
Name:
imagepath: C:\Windows\System32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\desktop.ini
Bootexecute items:
Name:
imagepath: autocheck autochk *
Name:
imagepath: OODBS
Running services:
Name: AeLookupSvc
displayname: Anwendungserfahrung
Name: AntiVirSchedulerService
displayname: Avira AntiVir Planer
Name: AntiVirService
displayname: Avira AntiVir Guard
Name: Appinfo
displayname: Anwendungsinformationen
Name: AudioEndpointBuilder
displayname: Windows-Audio-Endpunkterstellung
Name: Audiosrv
displayname: Windows-Audio
Name: BFE
displayname: Basisfiltermodul
Name: BITS
displayname: Intelligenter Hintergrundübertragungsdienst
Name: Browser
displayname: Computerbrowser
Name: CryptSvc
displayname: Kryptografiedienste
Name: DcomLaunch
displayname: DCOM-Server-Prozessstart
Name: Dhcp
displayname: DHCP-Client
Name: Dnscache
displayname: DNS-Client
Name: DPS
displayname: Diagnoserichtliniendienst
Name: EapHost
displayname: Extensible Authentication-Protokoll
Name: ehRecvr
displayname: Windows Media Center-Empfängerdienst
Name: ehSched
displayname: Windows Media Center-Planerdienst
Name: EMDMgmt
displayname: ReadyBoost
Name: Eventlog
displayname: Windows-Ereignisprotokoll
Name: EventSystem
displayname: COM+-Ereignissystem
Name: fdPHost
displayname: Funktionssuchanbieter-Host
Name: FDResPub
displayname: Funktionssuche-Ressourcenveröffentlichung
Name: gpsvc
displayname: Gruppenrichtlinienclient
Name: hidserv
displayname: Zugriff auf Eingabegeräte
Name: IKEEXT
displayname: IKE- und AuthIP IPsec-Schlüsselerstellungsmodule
Name: iphlpsvc
displayname: IP-Hilfsdienst
Name: KeyIso
displayname: CNG-Schlüsselisolation
Name: KtmRm
displayname: KtmRm für Distributed Transaction Coordinator
Name: LanmanServer
displayname: Server
Name: LanmanWorkstation
displayname: Arbeitsstationsdienst
Name: Lavasoft Ad-Aware Service
displayname: Lavasoft Ad-Aware Service
Name: lmhosts
displayname: TCP/IP-NetBIOS-Hilfsdienst
Name: MMCSS
displayname: Multimediaklassenplaner
Name: MpsSvc
displayname: Windows-Firewall
Name: Nero BackItUp Scheduler 4.0
displayname: Nero BackItUp Scheduler 4.0
Name: Netman
displayname: Netzwerkverbindungen
Name: netprofm
displayname: Netzwerklistendienst
Name: NlaSvc
displayname: NLA (Network Location Awareness)
Name: nsi
displayname: Netzwerkspeicher-Schnittstellendienst
Name: nvsvc
displayname: NVIDIA Display Driver Service
Name: OODefragAgent
displayname: O&O Defrag
Name: PcaSvc
displayname: Programmkompatibilitäts-Assistent-Dienst
Name: PlugPlay
displayname: Plug & Play
Name: PnkBstrA
displayname: PnkBstrA
Name: PolicyAgent
displayname: IPsec-Richtlinien-Agent
Name: ProfSvc
displayname: Benutzerprofildienst
Name: RasMan
displayname: RAS-Verbindungsverwaltung
Name: RichVideo
displayname: Cyberlink RichVideo Service(CRVS)
Name: RpcSs
displayname: Remoteprozeduraufruf (RPC)
Name: SamSs
displayname: Sicherheitskonto-Manager
Name: SBSDWSCService
displayname: SBSD Security Center Service
Name: Schedule
displayname: Aufgabenplanung
Name: SearchAnonymizer
displayname: SearchAnonymizer
Name: seclogon
displayname: Sekundäre Anmeldung
Name: SENS
displayname: Benachrichtigungsdienst für Systemereignisse
Name: ShellHWDetection
displayname: Shellhardwareerkennung
Name: slsvc
displayname: Softwarelizenzierung
Name: Spooler
displayname: Druckwarteschlange
Name: SSDPSRV
displayname: SSDP-Suche
Name: SstpSvc
displayname: SSTP-Dienst
Name: StarWindServiceAE
displayname: StarWind AE Service
Name: stisvc
displayname: Windows-Bilderfassung
Name: SysMain
displayname: Superfetch
Name: TabletInputService
displayname: Tablet PC-Eingabedienst
Name: TapiSrv
displayname: Telefonie
Name: TermService
displayname: Terminaldienste
Name: Themes
displayname: Designs
Name: TrkWks
displayname: Überwachung verteilter Verknüpfungen (Client)
Name: upnphost
displayname: UPnP-Gerätehost
Name: UxSms
displayname: Sitzungs-Manager für Desktopfenster-Manager
Name: UxTuneUp
displayname: TuneUp Designerweiterung
Name: VMCService
displayname: Vodafone Mobile Connect Service
Name: W32Time
displayname: Windows-Zeitgeber
Name: WdiSystemHost
displayname: Diagnosesystemhost
Name: WebClient
displayname: WebClient
Name: WerSvc
displayname: Windows-Fehlerberichterstattungsdienst
Name: WinDefend
displayname: Windows-Defender
Name: WinHttpAutoProxySvc
displayname: WinHTTP-Web Proxy Auto-Discovery-Dienst
Name: Winmgmt
displayname: Windows-Verwaltungsinstrumentation
Name: Wlansvc
displayname: Automatische WLAN-Konfiguration
Name: WMPNetworkSvc
displayname: Windows Media Player-Netzwerkfreigabedienst
Name: WPDBusEnum
displayname: Enumeratordienst für tragbare Geräte
Name: wscsvc
displayname: Sicherheitscenter
Name: WSearch
displayname: Windows Search
Name: wuauserv
displayname: Windows Update
Name: wudfsvc
displayname: Windows Driver Foundation - Benutzermodus-Treiberframework
Das Programm spuckt noch nen paar andere interessante Sachen aus, wie laufende Prozesse. Vllt. kann da ja jemand was mit anfangen.:p
Hier mal die OTL-Logfile. Ist es normal, dass während das Programm läuft 100 mal diese Fehlermeldung kommt?:
Exception Processing Message 0xc0000013 Parameters 0x754E92A0
0x0000004 ox754E92A0 0x754E92A0
Wenn nicht, ist die Log-File denke ich mal aussagelos, aber hier:
OTL.Txt Code:
OTL logfile created on: 23.11.2010 12:46:31 - Run 1
OTL by OldTimer - Version 3.2.17.3 Folder = C:\Users\Fabian\Desktop
Windows Vista Home Premium Edition Service Pack 1 (Version = 6.0.6001) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18783)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
2,00 Gb Total Physical Memory | 1,00 Gb Available Physical Memory | 43,00% Memory free
4,00 Gb Paging File | 3,00 Gb Available in Paging File | 64,00% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 465,76 Gb Total Space | 27,49 Gb Free Space | 5,90% Space Free | Partition Type: NTFS
Drive E: | 59,31 Mb Total Space | 0,00 Mb Free Space | 0,00% Space Free | Partition Type: CDFS
Drive H: | 999,63 Mb Total Space | 803,11 Mb Free Space | 80,34% Space Free | Partition Type: FAT
Computer Name: FABIAN-PC | User Name: Fabian | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
========== Processes (SafeList) ==========
PRC - C:\Users\Fabian\Desktop\OTL.exe (OldTimer Tools)
PRC - C:\Programme\Lavasoft\Ad-Aware\AAWTray.exe (Lavasoft)
PRC - C:\Programme\Lavasoft\Ad-Aware\AAWService.exe (Lavasoft)
PRC - C:\Programme\Mozilla Firefox\plugin-container.exe (Mozilla Corporation)
PRC - C:\Programme\Mozilla Firefox\firefox.exe (Mozilla Corporation)
PRC - C:\Programme\OO Software\Defrag\oodag.exe (O&O Software GmbH)
PRC - C:\Programme\Vodafone\Vodafone Mobile Connect\Bin\MobileConnect.exe (Vodafone)
PRC - C:\Programme\Vodafone\Vodafone Mobile Connect\Bin\VMCService.exe (Vodafone)
PRC - C:\Users\Fabian\AppData\Roaming\OCS\SM\SearchAnonymizerHelper.exe ()
PRC - C:\Programme\Avira\AntiVir Desktop\avguard.exe (Avira GmbH)
PRC - C:\Programme\Common Files\Nero\Nero BackItUp 4\NBService.exe (Nero AG)
PRC - C:\Programme\Avira\AntiVir Desktop\sched.exe (Avira GmbH)
PRC - C:\Programme\Internet Explorer\ielowutil.exe (Microsoft Corporation)
PRC - C:\Programme\Avira\AntiVir Desktop\avgnt.exe (Avira GmbH)
PRC - C:\Programme\Spybot - Search & Destroy\SpybotSD.exe (Safer Networking Limited)
PRC - C:\Programme\Spybot - Search & Destroy\SDWinSec.exe (Safer Networking Ltd.)
PRC - C:\Windows\explorer.exe (Microsoft Corporation)
PRC - C:\Programme\Razer\Salmosa\razertra.exe ()
PRC - C:\Programme\Razer\Salmosa\razerhid.exe ()
PRC - C:\Programme\Razer\Salmosa\razerofa.exe (Razer Inc.)
PRC - C:\Programme\Logitech\Gaming Software\LWEMon.exe (Logitech Inc.)
PRC - C:\Programme\Windows Media Player\wmpnetwk.exe (Microsoft Corporation)
PRC - C:\Programme\Windows Media Player\wmpnscfg.exe (Microsoft Corporation)
PRC - C:\Windows\System32\conime.exe (Microsoft Corporation)
PRC - C:\Programme\Alcohol Soft\Alcohol 120\StarWind\StarWindServiceAE.exe (Rocket Division Software)
========== Modules (SafeList) ==========
MOD - C:\Users\Fabian\Desktop\OTL.exe (OldTimer Tools)
MOD - C:\Windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.6001.18000_none_5cdbaa5a083979cc\comctl32.dll (Microsoft Corporation)
========== Win32 Services (SafeList) ==========
SRV - (Lavasoft Ad-Aware Service) -- C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe (Lavasoft)
SRV - (OODefragAgent) -- C:\Program Files\OO Software\Defrag\oodag.exe (O&O Software GmbH)
SRV - (VMCService) -- C:\Program Files\Vodafone\Vodafone Mobile Connect\Bin\VMCService.exe (Vodafone)
SRV - (McComponentHostService) -- C:\Program Files\McAfee Security Scan\2.0.181\McCHSvc.exe (McAfee, Inc.)
SRV - (SearchAnonymizer) -- C:\Users\Fabian\AppData\Roaming\OCS\SM\SearchAnonymizerHelper.exe ()
SRV - (AntiVirService) -- C:\Program Files\Avira\AntiVir Desktop\avguard.exe (Avira GmbH)
SRV - (Nero BackItUp Scheduler 4.0) -- C:\Programme\Common Files\Nero\Nero BackItUp 4\NBService.exe (Nero AG)
SRV - (TuneUp.Defrag) -- C:\Windows\System32\TuneUpDefragService.exe (TuneUp Software GmbH)
SRV - (AntiVirSchedulerService) -- C:\Program Files\Avira\AntiVir Desktop\sched.exe (Avira GmbH)
SRV - (SBSDWSCService) -- C:\Programme\Spybot - Search & Destroy\SDWinSec.exe (Safer Networking Ltd.)
SRV - (WinDefend) -- C:\Programme\Windows Defender\MpSvc.dll (Microsoft Corporation)
SRV - (UxTuneUp) -- C:\Windows\System32\uxtuneup.dll (TuneUp Software GmbH)
SRV - (StarWindServiceAE) -- C:\Programme\Alcohol Soft\Alcohol 120\StarWind\StarWindServiceAE.exe (Rocket Division Software)
========== Driver Services (SafeList) ==========
DRV - (wanatw) WAN Miniport (ATW) -- C:\Windows\System32\DRIVERS\wanatw4.sys File not found
DRV - (PCASp50) -- C:\Windows\System32\Drivers\PCASp50.sys File not found
DRV - (NwlnkFwd) -- C:\Windows\System32\DRIVERS\nwlnkfwd.sys File not found
DRV - (NwlnkFlt) -- C:\Windows\System32\DRIVERS\nwlnkflt.sys File not found
DRV - (IpInIp) -- C:\Windows\System32\DRIVERS\ipinip.sys File not found
DRV - (IntcAzAudAddService) Service for Realtek HD Audio (WDM) -- C:\Windows\System32\drivers\RTKVHDA.sys File not found
DRV - (blbdrive) -- C:\Windows\System32\drivers\blbdrive.sys File not found
DRV - (Lavasoft Kernexplorer) -- C:\Programme\Lavasoft\Ad-Aware\kernexplorer.sys ()
DRV - (Lbd) -- C:\Windows\system32\DRIVERS\Lbd.sys (Lavasoft AB)
DRV - (cpuz133) -- C:\Windows\System32\drivers\cpuz133_x32.sys (Windows (R) Win 7 DDK provider)
DRV - (vodafone_K3805-z_dc_enum) -- C:\Windows\System32\drivers\vodafone_K3805-z_dc_enum.sys (Vodafone)
DRV - (sptd) -- C:\Windows\System32\Drivers\sptd.sys ()
DRV - (RRNetCapMP) -- C:\Windows\System32\drivers\rrnetcap.sys (RapidSolution Software AG)
DRV - (RRNetCap) -- C:\Windows\System32\drivers\rrnetcap.sys (RapidSolution Software AG)
DRV - (avgntflt) -- C:\Windows\System32\drivers\avgntflt.sys (Avira GmbH)
DRV - (ssmdrv) -- C:\Windows\System32\drivers\ssmdrv.sys (Avira GmbH)
DRV - (SNP2UVC) -- C:\Windows\System32\drivers\snp2uvc.sys ()
DRV - (avipbb) -- C:\Windows\System32\drivers\avipbb.sys (Avira GmbH)
DRV - (nvlddmkm) -- C:\Windows\System32\drivers\nvlddmkm.sys (NVIDIA Corporation)
DRV - (avgio) -- C:\Programme\Avira\AntiVir Desktop\avgio.sys (Avira GmbH)
DRV - (hxctlflt) -- C:\Windows\System32\drivers\hxctlflt.sys (Guillemot Corporation)
DRV - (athr) -- C:\Windows\System32\drivers\athr.sys (Atheros Communications, Inc.)
DRV - (acedrv11) -- C:\Windows\System32\drivers\acedrv11.sys (Protect Software GmbH)
DRV - (L1E) -- C:\Windows\System32\drivers\L1E60x86.sys (Atheros Communications, Inc.)
DRV - (Salmosa03) -- C:\Windows\System32\drivers\Salmosa.sys (Razer (Asia-Pacific) Pte Ltd)
DRV - (hwdatacard) -- C:\Windows\System32\drivers\ewusbmdm.sys (Huawei Technologies Co., Ltd.)
DRV - (WmXlCore) -- C:\Windows\System32\drivers\WmXlCore.sys (Logitech Inc.)
DRV - (WmVirHid) -- C:\Windows\System32\drivers\WmVirHid.sys (Logitech Inc.)
DRV - (WmFilter) -- C:\Windows\System32\drivers\WmFilter.sys (Logitech Inc.)
DRV - (WmBEnum) -- C:\Windows\System32\drivers\WmBEnum.sys (Logitech Inc.)
DRV - (usbaudio) USB-Audiotreiber (WDM) -- C:\Windows\System32\drivers\USBAUDIO.sys (Microsoft Corporation)
DRV - (NPF) WinPcap Packet Driver (NPF) -- C:\Windows\System32\drivers\npf.sys (CACE Technologies)
DRV - (SLEE_16_DRIVER) -- C:\Windows\System32\drivers\sleen16.sys (Softwareentwicklung Remus - ArchiCrypt )
DRV - (atksgt) -- C:\Windows\System32\drivers\atksgt.sys ()
DRV - (lirsgt) -- C:\Windows\System32\drivers\lirsgt.sys ()
DRV - (TBPanel) -- C:\Windows\System32\drivers\TBPanel.sys (Windows (R) 2000 DDK provider)
DRV - (RTL8187) -- C:\Windows\System32\drivers\rtl8187.sys (Realtek Semiconductor Corporation )
DRV - (RtlProt) -- C:\Windows\System32\drivers\RtlProt.sys (Windows (R) Codename Longhorn DDK provider)
DRV - (HCW88TSE) -- C:\Windows\System32\drivers\hcw88tse.sys (Hauppauge Computer Works, Inc)
DRV - (hcw88rc5) -- C:\Windows\System32\drivers\hcw88rc5.sys (Hauppauge Computer Works, Inc.)
DRV - (HCW88BDA) -- C:\Windows\System32\drivers\hcw88bda.sys (Hauppauge Computer Works, Inc)
DRV - (HCW88AUD) -- C:\Windows\System32\drivers\hcw88aud.sys (Hauppauge Computer Works, Inc)
DRV - (sfvfs02) StarForce Protection VFS Driver (version 2.x) -- C:\Windows\System32\drivers\sfvfs02.sys (Protection Technology (StarForce))
DRV - (ql2300) -- C:\Windows\system32\drivers\ql2300.sys (QLogic Corporation)
DRV - (adp94xx) -- C:\Windows\system32\drivers\adp94xx.sys (Adaptec, Inc.)
DRV - (elxstor) -- C:\Windows\system32\drivers\elxstor.sys (Emulex)
DRV - (adpahci) -- C:\Windows\system32\drivers\adpahci.sys (Adaptec, Inc.)
DRV - (uliahci) -- C:\Windows\system32\drivers\uliahci.sys (ULi Electronics Inc.)
DRV - (iaStorV) -- C:\Windows\system32\drivers\iastorv.sys (Intel Corporation)
DRV - (adpu320) -- C:\Windows\system32\drivers\adpu320.sys (Adaptec, Inc.)
DRV - (ulsata2) -- C:\Windows\system32\drivers\ulsata2.sys (Promise Technology, Inc.)
DRV - (vsmraid) -- C:\Windows\system32\drivers\vsmraid.sys (VIA Technologies Inc.,Ltd)
DRV - (ql40xx) -- C:\Windows\system32\drivers\ql40xx.sys (QLogic Corporation)
DRV - (UlSata) -- C:\Windows\system32\drivers\ulsata.sys (Promise Technology, Inc.)
DRV - (adpu160m) -- C:\Windows\system32\drivers\adpu160m.sys (Adaptec, Inc.)
DRV - (nvraid) -- C:\Windows\system32\drivers\nvraid.sys (NVIDIA Corporation)
DRV - (nfrd960) -- C:\Windows\system32\drivers\nfrd960.sys (IBM Corporation)
DRV - (iirsp) -- C:\Windows\system32\drivers\iirsp.sys (Intel Corp./ICP vortex GmbH)
DRV - (SiSRaid4) -- C:\Windows\system32\drivers\sisraid4.sys (Silicon Integrated Systems)
DRV - (nvstor) -- C:\Windows\system32\drivers\nvstor.sys (NVIDIA Corporation)
DRV - (aic78xx) -- C:\Windows\system32\drivers\djsvs.sys (Adaptec, Inc.)
DRV - (arcsas) -- C:\Windows\system32\drivers\arcsas.sys (Adaptec, Inc.)
DRV - (LSI_SCSI) -- C:\Windows\system32\drivers\lsi_scsi.sys (LSI Logic)
DRV - (SiSRaid2) -- C:\Windows\system32\drivers\sisraid2.sys (Silicon Integrated Systems Corp.)
DRV - (HpCISSs) -- C:\Windows\system32\drivers\hpcisss.sys (Hewlett-Packard Company)
DRV - (arc) -- C:\Windows\system32\drivers\arc.sys (Adaptec, Inc.)
DRV - (iteraid) -- C:\Windows\system32\drivers\iteraid.sys (Integrated Technology Express, Inc.)
DRV - (iteatapi) -- C:\Windows\system32\drivers\iteatapi.sys (Integrated Technology Express, Inc.)
DRV - (LSI_SAS) -- C:\Windows\system32\drivers\lsi_sas.sys (LSI Logic)
DRV - (Symc8xx) -- C:\Windows\system32\drivers\symc8xx.sys (LSI Logic)
DRV - (LSI_FC) -- C:\Windows\system32\drivers\lsi_fc.sys (LSI Logic)
DRV - (Sym_u3) -- C:\Windows\system32\drivers\sym_u3.sys (LSI Logic)
DRV - (Mraid35x) -- C:\Windows\system32\drivers\mraid35x.sys (LSI Logic Corporation)
DRV - (Sym_hi) -- C:\Windows\system32\drivers\sym_hi.sys (LSI Logic)
DRV - (megasas) -- C:\Windows\system32\drivers\megasas.sys (LSI Logic Corporation)
DRV - (viaide) -- C:\Windows\system32\drivers\viaide.sys (VIA Technologies, Inc.)
DRV - (cmdide) -- C:\Windows\system32\drivers\cmdide.sys (CMD Technology, Inc.)
DRV - (aliide) -- C:\Windows\system32\drivers\aliide.sys (Acer Laboratories Inc.)
DRV - (Brserid) Brother MFC Serial Port Interface Driver (WDM) -- C:\Windows\system32\drivers\brserid.sys (Brother Industries Ltd.)
DRV - (BrUsbSer) -- C:\Windows\system32\drivers\brusbser.sys (Brother Industries Ltd.)
DRV - (BrFiltUp) -- C:\Windows\system32\drivers\brfiltup.sys (Brother Industries, Ltd.)
DRV - (BrFiltLo) -- C:\Windows\system32\drivers\brfiltlo.sys (Brother Industries, Ltd.)
DRV - (BrSerWdm) -- C:\Windows\system32\drivers\brserwdm.sys (Brother Industries Ltd.)
DRV - (BrUsbMdm) -- C:\Windows\system32\drivers\brusbmdm.sys (Brother Industries Ltd.)
DRV - (ntrigdigi) -- C:\Windows\system32\drivers\ntrigdigi.sys (N-trig Innovative Technologies)
DRV - (yukonwlh) -- C:\Windows\System32\drivers\yk60x86.sys (Marvell)
DRV - (E1G60) Intel(R) -- C:\Windows\System32\drivers\E1G60I32.sys (Intel Corporation)
DRV - (AsIO) -- C:\Windows\System32\drivers\AsIO.sys ()
DRV - (MTsensor) -- C:\Windows\System32\drivers\ASACPI.sys ()
DRV - (speedfan) -- C:\Windows\system32\speedfan.sys (Windows (R) 2000 DDK provider)
DRV - (sfsync02) StarForce Protection Synchronization Driver (version 2.x) -- C:\Windows\System32\drivers\sfsync02.sys (Protection Technology)
DRV - (sfdrv01a) StarForce Protection Environment Driver (version 1.x.a) -- C:\Windows\System32\drivers\sfdrv01a.sys (Protection Technology (StarForce))
DRV - (sfhlp02) StarForce Protection Helper Driver (version 2.x) -- C:\Windows\System32\drivers\sfhlp02.sys (Protection Technology (StarForce))
DRV - (giveio) -- C:\Windows\system32\giveio.sys ()
========== Standard Registry (SafeList) ==========
========== Internet Explorer ==========
IE - HKLM\..\URLSearchHook: {872b5b88-9db5-4310-bdd0-ac189557e5f5} - C:\Programme\DVDVideoSoftTB\tbDVDV.dll (Conduit Ltd.)
IE - HKLM\..\URLSearchHook: {e9911ec6-1bcc-40b0-9993-e0eea7f6953f} - C:\Programme\DVDVideoSoft\tbDVDV.dll (Conduit Ltd.)
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Prev Search Page = hxxp://www.google.com
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = hxxp://google.icq.com
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://de.ask.com?o=15506&l=dis
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = hxxp://de.msn.com/?ocid=iehp
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = de
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 0E 43 C9 81 10 F8 C9 01 [binary data]
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,StartPageCache = 1
IE - HKCU\..\URLSearchHook: {872b5b88-9db5-4310-bdd0-ac189557e5f5} - C:\Programme\DVDVideoSoftTB\tbDVDV.dll (Conduit Ltd.)
IE - HKCU\..\URLSearchHook: {e9911ec6-1bcc-40b0-9993-e0eea7f6953f} - C:\Programme\DVDVideoSoft\tbDVDV.dll (Conduit Ltd.)
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
========== FireFox ==========
FF - prefs.js..browser.search.defaultengine: "Ask.com"
FF - prefs.js..browser.search.defaultenginename: "Ask.com"
FF - prefs.js..browser.search.defaultthis.engineName: "Search"
FF - prefs.js..browser.search.defaulturl: "hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT2269050&SearchSource=3&q={searchTerms}"
FF - prefs.js..browser.search.order.1: "Ask.com"
FF - prefs.js..browser.search.selectedEngine: "Ask.com"
FF - prefs.js..browser.search.useDBForOrder: true
FF - prefs.js..browser.startup.homepage: "hxxp://de.ask.com?o=15506&l=dis"
FF - prefs.js..extensions.enabledItems: linky@gemal.dk:3.0.0
FF - prefs.js..extensions.enabledItems: {FFA36170-80B1-4535-B0E3-A4569E497DD0}:3.0.0
FF - prefs.js..extensions.enabledItems: {888d99e7-e8b5-46a3-851e-1ec45da1e644}:4.0.0
FF - prefs.js..extensions.enabledItems: text2voice@vik.josh:1.04
FF - prefs.js..extensions.enabledItems: {872b5b88-9db5-4310-bdd0-ac189557e5f5}:2.7.2.0
FF - prefs.js..extensions.enabledItems: {ACAA314B-EEBA-48e4-AD47-84E31C44796C}:1.0.1
FF - prefs.js..extensions.enabledItems: firefox@tvunetworks.com:2
FF - prefs.js..extensions.enabledItems: 5
FF - prefs.js..extensions.enabledItems: 3
FF - prefs.js..extensions.enabledItems: 1
FF - prefs.js..keyword.URL: "hxxp://websearch.ask.com/redirect?client=ff&src=kw&tb=PTF&o=15503&locale=de_DE&apn_uid=11CD7CE0-0802-4096-9918-2B79D823DDB1&apn_ptnrs=LH&apn_sauid=57F84CA6-02ED-4AF7-AF74-0E3E54CEB7FC&apn_dtid=YYYYYYYYDE&q="
FF - HKLM\software\mozilla\3B\Extensions\\Plugins: C:\Program Files\3B\3B Browser\plugins
FF - HKLM\software\mozilla\3B\Extensions\\Components: C:\Program Files\3B\3B Browser\components
FF - HKLM\software\mozilla\Mozilla Firefox 3.6.12\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2010.11.17 18:07:00 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.6.12\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2010.11.17 18:07:00 | 000,000,000 | ---D | M]
[2009.05.28 17:40:55 | 000,000,000 | ---D | M] -- C:\Users\Fabian\AppData\Roaming\mozilla\Extensions
[2009.05.28 17:40:55 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Fabian\AppData\Roaming\mozilla\Extensions\{a463f10c-3994-11da-9945-000d60ca027b}
[2010.11.22 20:17:36 | 000,000,000 | ---D | M] -- C:\Users\Fabian\AppData\Roaming\mozilla\Firefox\Profiles\b87ycbqn.default\extensions
[2010.10.13 10:23:34 | 000,000,000 | ---D | M] (DVDVideoSoftTB Toolbar) -- C:\Users\Fabian\AppData\Roaming\mozilla\Firefox\Profiles\b87ycbqn.default\extensions\{872b5b88-9db5-4310-bdd0-ac189557e5f5}
[2010.07.25 13:37:28 | 000,000,000 | ---D | M] (ReloadEvery) -- C:\Users\Fabian\AppData\Roaming\mozilla\Firefox\Profiles\b87ycbqn.default\extensions\{888d99e7-e8b5-46a3-851e-1ec45da1e644}
[2010.07.30 13:32:46 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Fabian\AppData\Roaming\mozilla\Firefox\Profiles\b87ycbqn.default\extensions\{ACAA314B-EEBA-48e4-AD47-84E31C44796C}
[2009.11.01 21:00:22 | 000,000,000 | ---D | M] (Mouse Gestures Redox) -- C:\Users\Fabian\AppData\Roaming\mozilla\Firefox\Profiles\b87ycbqn.default\extensions\{FFA36170-80B1-4535-B0E3-A4569E497DD0}
[2010.10.15 21:11:52 | 000,000,000 | ---D | M] -- C:\Users\Fabian\AppData\Roaming\mozilla\Firefox\Profiles\b87ycbqn.default\extensions\firefox@tvunetworks.com
[2010.02.25 21:53:55 | 000,000,000 | ---D | M] -- C:\Users\Fabian\AppData\Roaming\mozilla\Firefox\Profiles\b87ycbqn.default\extensions\linky@gemal.dk
[2010.07.25 13:37:28 | 000,000,000 | ---D | M] -- C:\Users\Fabian\AppData\Roaming\mozilla\Firefox\Profiles\b87ycbqn.default\extensions\text2voice@vik.josh
[2009.05.28 18:26:47 | 000,000,000 | ---D | M] -- C:\Users\Fabian\AppData\Roaming\mozilla\Webview\Profiles\5lew9xis.default\extensions
[2010.11.01 20:56:43 | 000,002,393 | ---- | M] () -- C:\Users\Fabian\AppData\Roaming\Mozilla\FireFox\Profiles\b87ycbqn.default\searchplugins\askcom.xml
[2010.02.12 20:44:49 | 000,000,881 | ---- | M] () -- C:\Users\Fabian\AppData\Roaming\Mozilla\FireFox\Profiles\b87ycbqn.default\searchplugins\conduit.xml
[2010.01.08 23:36:25 | 000,001,067 | ---- | M] () -- C:\Users\Fabian\AppData\Roaming\Mozilla\FireFox\Profiles\b87ycbqn.default\searchplugins\icqplugin-1.xml
[2010.01.08 23:36:25 | 000,001,067 | ---- | M] () -- C:\Users\Fabian\AppData\Roaming\Mozilla\FireFox\Profiles\b87ycbqn.default\searchplugins\icqplugin-2.xml
[2010.01.08 23:36:25 | 000,001,067 | ---- | M] () -- C:\Users\Fabian\AppData\Roaming\Mozilla\FireFox\Profiles\b87ycbqn.default\searchplugins\icqplugin-3.xml
[2010.01.08 23:36:25 | 000,001,067 | ---- | M] () -- C:\Users\Fabian\AppData\Roaming\Mozilla\FireFox\Profiles\b87ycbqn.default\searchplugins\icqplugin-4.xml
[2010.01.08 23:36:25 | 000,001,067 | ---- | M] () -- C:\Users\Fabian\AppData\Roaming\Mozilla\FireFox\Profiles\b87ycbqn.default\searchplugins\icqplugin-5.xml
[2010.01.08 23:36:25 | 000,001,067 | ---- | M] () -- C:\Users\Fabian\AppData\Roaming\Mozilla\FireFox\Profiles\b87ycbqn.default\searchplugins\icqplugin-6.xml
[2010.01.08 23:36:25 | 000,001,067 | ---- | M] () -- C:\Users\Fabian\AppData\Roaming\Mozilla\FireFox\Profiles\b87ycbqn.default\searchplugins\icqplugin-7.xml
[2010.01.08 23:36:25 | 000,001,067 | ---- | M] () -- C:\Users\Fabian\AppData\Roaming\Mozilla\FireFox\Profiles\b87ycbqn.default\searchplugins\icqplugin-8.xml
[2009.03.01 13:02:44 | 000,000,944 | ---- | M] () -- C:\Users\Fabian\AppData\Roaming\Mozilla\FireFox\Profiles\b87ycbqn.default\searchplugins\icqplugin.xml
[2010.01.08 23:36:25 | 000,001,990 | ---- | M] () -- C:\Users\Fabian\AppData\Roaming\Mozilla\FireFox\Profiles\b87ycbqn.default\searchplugins\live-search.xml
[2010.01.08 23:36:25 | 000,002,152 | ---- | M] () -- C:\Users\Fabian\AppData\Roaming\Mozilla\FireFox\Profiles\b87ycbqn.default\searchplugins\{16D7952D-520A-443C-A9BB-076AD285EC24}.xml
[2010.01.08 23:36:25 | 000,002,041 | ---- | M] () -- C:\Users\Fabian\AppData\Roaming\Mozilla\FireFox\Profiles\b87ycbqn.default\searchplugins\{D40089CC-F1EC-4A72-8AC0-DF5721AE9DC7}.xml
[2010.01.08 23:36:25 | 000,002,486 | ---- | M] () -- C:\Users\Fabian\AppData\Roaming\Mozilla\FireFox\Profiles\b87ycbqn.default\searchplugins\{E01D02BC-4AD7-45DE-B6B5-8044C43F0042}.xml
[2010.01.08 23:36:25 | 000,001,834 | ---- | M] () -- C:\Users\Fabian\AppData\Roaming\Mozilla\FireFox\Profiles\b87ycbqn.default\searchplugins\{F53BF450-400E-4A03-A9DE-735D1BE6B555}.xml
[2010.03.17 17:15:06 | 000,000,000 | ---D | M] -- C:\Programme\Mozilla Firefox\extensions
[2010.01.10 16:10:55 | 000,000,000 | ---D | M] (No name found) -- C:\Programme\Mozilla Firefox\extensions\{800b5000-a755-47e1-992b-48a1c1357f07}
[2008.11.11 08:38:54 | 000,663,552 | ---- | M] (BitComet) -- C:\Programme\Mozilla Firefox\plugins\npBitCometAgent.dll
[2010.11.17 18:06:57 | 000,001,392 | ---- | M] () -- C:\Programme\Mozilla Firefox\searchplugins\amazondotcom-de.xml
[2010.11.17 18:06:57 | 000,002,344 | ---- | M] () -- C:\Programme\Mozilla Firefox\searchplugins\eBay-de.xml
[2010.11.17 18:06:57 | 000,006,805 | ---- | M] () -- C:\Programme\Mozilla Firefox\searchplugins\leo_ende_de.xml
[2010.11.17 18:06:57 | 000,001,178 | ---- | M] () -- C:\Programme\Mozilla Firefox\searchplugins\wikipedia-de.xml
[2010.11.17 18:06:57 | 000,001,105 | ---- | M] () -- C:\Programme\Mozilla Firefox\searchplugins\yahoo-de.xml
O1 HOSTS File: ([2006.09.18 22:41:30 | 000,000,761 | ---- | M]) - C:\Windows\System32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O1 - Hosts: ::1 localhost
O2 - BHO: (Spybot-S&D IE Protection) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Programme\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited)
O2 - BHO: (Groove GFS Browser Helper) - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Programme\Microsoft Office\Office12\GrooveShellExtensions.dll (Microsoft Corporation)
O2 - BHO: (DVDVideoSoftTB Toolbar) - {872b5b88-9db5-4310-bdd0-ac189557e5f5} - C:\Programme\DVDVideoSoftTB\tbDVDV.dll (Conduit Ltd.)
O2 - BHO: (Windows Live Anmelde-Hilfsprogramm) - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Programme\Common Files\microsoft shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corporation)
O2 - BHO: (TBSB03968 Class) - {AA61DE26-FA67-4575-9033-918671094293} - C:\Users\Fabian\AppData\Roaming\Toolbars\Toolbar fuer eBay\ebay.dll ()
O2 - BHO: (MSN Toolbar Helper) - {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - C:\Programme\MSN\Toolbar\3.0.0744.0\msneshellx.dll (Microsoft Corp.)
O2 - BHO: (DVDVideoSoft Toolbar) - {e9911ec6-1bcc-40b0-9993-e0eea7f6953f} - C:\Programme\DVDVideoSoft\tbDVDV.dll (Conduit Ltd.)
O3 - HKLM\..\Toolbar: (Toolbar fuer eBay) - {000E148C-F7A7-445A-9044-93BF6CE09ECB} - C:\Users\Fabian\AppData\Roaming\Toolbars\Toolbar fuer eBay\ebay.dll ()
O3 - HKLM\..\Toolbar: (MSN Toolbar) - {1E61ED7C-7CB8-49d6-B9E9-AB4C880C8414} - C:\Programme\MSN\Toolbar\3.0.0744.0\msneshellx.dll (Microsoft Corp.)
O3 - HKLM\..\Toolbar: (DVDVideoSoftTB Toolbar) - {872b5b88-9db5-4310-bdd0-ac189557e5f5} - C:\Programme\DVDVideoSoftTB\tbDVDV.dll (Conduit Ltd.)
O3 - HKLM\..\Toolbar: (no name) - {D4027C7F-154A-4066-A1AD-4243D8127440} - No CLSID value found.
O3 - HKLM\..\Toolbar: (DVDVideoSoft Toolbar) - {e9911ec6-1bcc-40b0-9993-e0eea7f6953f} - C:\Programme\DVDVideoSoft\tbDVDV.dll (Conduit Ltd.)
O3 - HKCU\..\Toolbar\WebBrowser: (Toolbar fuer eBay) - {000E148C-F7A7-445A-9044-93BF6CE09ECB} - C:\Users\Fabian\AppData\Roaming\Toolbars\Toolbar fuer eBay\ebay.dll ()
O3 - HKCU\..\Toolbar\WebBrowser: (DVDVideoSoftTB Toolbar) - {872B5B88-9DB5-4310-BDD0-AC189557E5F5} - C:\Programme\DVDVideoSoftTB\tbDVDV.dll (Conduit Ltd.)
O3 - HKCU\..\Toolbar\WebBrowser: (DVDVideoSoft Toolbar) - {E9911EC6-1BCC-40B0-9993-E0EEA7F6953F} - C:\Programme\DVDVideoSoft\tbDVDV.dll (Conduit Ltd.)
O4 - HKLM..\Run: [avgnt] C:\Program Files\Avira\AntiVir Desktop\avgnt.exe (Avira GmbH)
O4 - HKLM..\Run: [Malwarebytes Anti-Malware (reboot)] C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe (Malwarebytes Corporation)
O4 - HKLM..\Run: [NvCplDaemon] C:\Windows\System32\NvCpl.DLL (NVIDIA Corporation)
O4 - HKLM..\Run: [NvMediaCenter] C:\Windows\System32\NvMcTray.DLL (NVIDIA Corporation)
O4 - HKLM..\Run: [Ocs_SM] C:\Users\Fabian\AppData\Roaming\OCS\SM\SearchAnonymizer.exe ()
O4 - HKLM..\Run: [Salmosa] C:\Programme\Razer\Salmosa\razerhid.exe ()
O4 - HKLM..\Run: [Start WingMan Profiler] C:\Program Files\Logitech\Gaming Software\LWEMon.exe (Logitech Inc.)
O4 - HKCU..\Run: [WMPNSCFG] C:\Programme\Windows Media Player\wmpnscfg.exe (Microsoft Corporation)
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 149
O8 - Extra context menu item: Nach Microsoft E&xel exportieren - C:\Programme\Microsoft Office\Office12\EXCEL.EXE (Microsoft Corporation)
O9 - Extra Button: In Blog veröffentlichen - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Programme\Windows Live\Writer\WriterBrowserExtension.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : In Windows Live Writer in Blog veröffentliche&n - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Programme\Windows Live\Writer\WriterBrowserExtension.dll (Microsoft Corporation)
O9 - Extra Button: An OneNote senden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Programme\Microsoft Office\Office12\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : An OneNote s&enden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Programme\Microsoft Office\Office12\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra Button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\Programme\Microsoft Office\Office12\REFIEBAR.DLL (Microsoft Corporation)
O9 - Extra Button: ICQ Lite - {B863453A-26C3-4e1f-A54D-A2CD196348E9} - C:\Program Files\ICQLite\ICQLite.exe File not found
O9 - Extra 'Tools' menuitem : ICQ Lite - {B863453A-26C3-4e1f-A54D-A2CD196348E9} - C:\Program Files\ICQLite\ICQLite.exe File not found
O9 - Extra 'Tools' menuitem : Spybot - Search && Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Programme\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited)
O9 - Extra Button: ICQ6 - {E59EB121-F339-4851-A3BA-FE49C35617C2} - C:\Programme\ICQ6.5\ICQ.exe (ICQ, LLC.)
O9 - Extra 'Tools' menuitem : ICQ6 - {E59EB121-F339-4851-A3BA-FE49C35617C2} - C:\Programme\ICQ6.5\ICQ.exe (ICQ, LLC.)
O13 - gopher Prefix: missing
O16 - DPF: {5D6F45B3-9043-443D-A792-115447494D24} hxxp://messenger.zone.msn.com/DE-DE/a-UNO1/GAME_UNO1.cab (UnoCtrl Class)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_17-windows-i586.cab (Java Plug-in 1.6.0_17)
O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} hxxp://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab56907.cab (MessengerStatsClient Class)
O16 - DPF: {CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_07-windows-i586.cab (Java Plug-in 1.6.0_07)
O16 - DPF: {CAFEEFAC-0016-0000-0017-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_17-windows-i586.cab (Java Plug-in 1.6.0_17)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_17-windows-i586.cab (Java Plug-in 1.6.0_17)
O16 - DPF: {D0C0F75C-683A-4390-A791-1ACFD5599AB8} hxxp://icq.oberon-media.com/Gameshell/GameHost/1.0/OberonGameHost.cab (Oberon Flash Game Host)
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} hxxp://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab (Shockwave Flash Object)
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab (Reg Error: Key error.)
O18 - Protocol\Handler\grooveLocalGWS {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\Programme\Microsoft Office\Office12\GrooveSystemServices.dll (Microsoft Corporation)
O18 - Protocol\Handler\http\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\http\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\https\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\https\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\livecall {828030A1-22C1-4009-854F-8E305202313F} - C:\Programme\Windows Live\Messenger\msgrapp.14.0.8089.0726.dll (Microsoft Corporation)
O18 - Protocol\Handler\msdaipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\msdaipp\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\ms-help {314111c7-a502-11d2-bbca-00c04f8ec294} - C:\Programme\Common Files\microsoft shared\Help\hxds.dll (Microsoft Corporation)
O18 - Protocol\Handler\ms-itss {0A9007C0-4076-11D3-8789-0000F8105754} - C:\Programme\Common Files\microsoft shared\Information Retrieval\msitss.dll (Microsoft Corporation)
O18 - Protocol\Handler\msnim {828030A1-22C1-4009-854F-8E305202313F} - C:\Programme\Windows Live\Messenger\msgrapp.14.0.8089.0726.dll (Microsoft Corporation)
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Programme\Common Files\Skype\Skype4COM.dll (Skype Technologies)
O18 - Protocol\Handler\wlmailhtml {03C514A3-1EFB-4856-9F99-10D7BE1653C0} - C:\Programme\Windows Live\Mail\mailcomm.dll (Microsoft Corporation)
O18 - Protocol\Filter\text/xml {807563E5-5146-11D5-A672-00B0D022E945} - C:\Programme\Common Files\microsoft shared\OFFICE12\MSOXMLMF.DLL (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O24 - Desktop WallPaper: C:\Users\Fabian\Pictures\Opel\astra_opc_07.jpg
O24 - Desktop BackupWallPaper: C:\Users\Fabian\Pictures\Opel\astra_opc_07.jpg
O28 - HKLM ShellExecuteHooks: {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - C:\Programme\Microsoft Office\Office12\GrooveShellExtensions.dll (Microsoft Corporation)
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2006.09.18 22:43:36 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]
O32 - AutoRun File - [2008.03.13 21:39:50 | 000,000,070 | R--- | M] () - E:\Autorun.inf -- [ CDFS ]
O33 - MountPoints2\{36bd1806-9d03-11dd-9b6b-0015af0f71e4}\Shell - "" = AutoRun
O33 - MountPoints2\{36bd1806-9d03-11dd-9b6b-0015af0f71e4}\Shell\AutoRun\command - "" = E:\setup.exe -- [2008.03.13 19:33:06 | 000,323,584 | R--- | M] (Vodafone)
O33 - MountPoints2\{437a1e9b-1821-11dc-86fa-0015af0f71e4}\Shell - "" = AutoRun
O33 - MountPoints2\{437a1e9b-1821-11dc-86fa-0015af0f71e4}\Shell\AutoRun\command - "" = F:\autorun.exe -- File not found
O33 - MountPoints2\{5242290c-ddb7-11dd-b17f-806e6f6e6963}\Shell - "" = AutoRun
O33 - MountPoints2\{5242290c-ddb7-11dd-b17f-806e6f6e6963}\Shell\AutoRun\command - "" = E:\setup.exe -- [2008.03.13 19:33:06 | 000,323,584 | R--- | M] (Vodafone)
O33 - MountPoints2\{717be4ed-fdf1-11de-9557-806e6f6e6963}\Shell - "" = AutoRun
O33 - MountPoints2\{717be4ed-fdf1-11de-9557-806e6f6e6963}\Shell\AutoRun\command - "" = G:\setup.exe -- File not found
O33 - MountPoints2\{74df503e-58cf-11de-b5f1-002215817f78}\Shell - "" = AutoRun
O33 - MountPoints2\{74df503e-58cf-11de-b5f1-002215817f78}\Shell\AutoRun\command - "" = F:\setup.exe -- File not found
O33 - MountPoints2\{74df503f-58cf-11de-b5f1-002215817f78}\Shell - "" = AutoRun
O33 - MountPoints2\{74df503f-58cf-11de-b5f1-002215817f78}\Shell\AutoRun\command - "" = E:\setup.exe -- [2008.03.13 19:33:06 | 000,323,584 | R--- | M] (Vodafone)
O33 - MountPoints2\{76221c49-1a42-11de-8110-0022156ea7d8}\Shell\Open\command - "" = resycled\ntldr.com g:
O33 - MountPoints2\{81506faf-008e-11d6-b7d2-af3a5cb6d4fa}\Shell - "" = AutoRun
O33 - MountPoints2\{81506faf-008e-11d6-b7d2-af3a5cb6d4fa}\Shell\AutoRun\command - "" = F:\setup.exe -- File not found
O33 - MountPoints2\{81506fb0-008e-11d6-b7d2-af3a5cb6d4fa}\Shell - "" = AutoRun
O33 - MountPoints2\{81506fb0-008e-11d6-b7d2-af3a5cb6d4fa}\Shell\AutoRun\command - "" = F:\setup.exe -- File not found
O33 - MountPoints2\{82fa176f-62c9-11dc-9cf2-806e6f6e6963}\Shell - "" = AutoRun
O33 - MountPoints2\{82fa176f-62c9-11dc-9cf2-806e6f6e6963}\Shell\AutoRun\command - "" = D:\autorun.exe -- File not found
O33 - MountPoints2\{9cdc8d64-4655-11df-a7f2-a435c0b612f3}\Shell - "" = AutoRun
O33 - MountPoints2\{9cdc8d64-4655-11df-a7f2-a435c0b612f3}\Shell\AutoRun\command - "" = E:\setup.exe -- [2008.03.13 19:33:06 | 000,323,584 | R--- | M] (Vodafone)
O33 - MountPoints2\{9cdc8d66-4655-11df-a7f2-a435c0b612f3}\Shell - "" = AutoRun
O33 - MountPoints2\{9cdc8d66-4655-11df-a7f2-a435c0b612f3}\Shell\AutoRun\command - "" = E:\setup.exe -- [2008.03.13 19:33:06 | 000,323,584 | R--- | M] (Vodafone)
O33 - MountPoints2\{af13677f-a8cf-11dd-83f2-0015af0f71e4}\Shell - "" = AutoRun
O33 - MountPoints2\{af13677f-a8cf-11dd-83f2-0015af0f71e4}\Shell\AutoRun\command - "" = F:\setup.exe -- File not found
O33 - MountPoints2\{af1367d7-a8cf-11dd-83f2-0015af0f71e4}\Shell - "" = AutoRun
O33 - MountPoints2\{af1367d7-a8cf-11dd-83f2-0015af0f71e4}\Shell\AutoRun\command - "" = F:\setup.exe -- File not found
O33 - MountPoints2\{aff9b0a2-24b0-11dc-a864-001a929e05cc}\Shell\AutoRun\command - "" = F:\.\Recycled\Driveinfo.exe -- File not found
O33 - MountPoints2\{aff9b0a2-24b0-11dc-a864-001a929e05cc}\Shell\Open\Command - "" = F:\.\Recycled\Driveinfo.exe -- File not found
O33 - MountPoints2\{eaefd989-fe44-11d5-a49b-002215817f78}\Shell - "" = AutoRun
O33 - MountPoints2\{eaefd989-fe44-11d5-a49b-002215817f78}\Shell\AutoRun\command - "" = E:\setup.exe -- [2008.03.13 19:33:06 | 000,323,584 | R--- | M] (Vodafone)
O33 - MountPoints2\{fad34269-a452-11de-b2c3-002215817f78}\Shell - "" = AutoRun
O33 - MountPoints2\{fad34269-a452-11de-b2c3-002215817f78}\Shell\AutoRun\command - "" = E:\setup.exe -- [2008.03.13 19:33:06 | 000,323,584 | R--- | M] (Vodafone)
O33 - MountPoints2\E\Shell - "" = AutoRun
O33 - MountPoints2\E\Shell\AutoRun\command - "" = E:\setup.exe -- [2008.03.13 19:33:06 | 000,323,584 | R--- | M] (Vodafone)
O33 - MountPoints2\F\Shell - "" = AutoRun
O33 - MountPoints2\F\Shell\AutoRun\command - "" = F:\setup.exe -- File not found
O33 - MountPoints2\G\Shell - "" = AutoRun
O33 - MountPoints2\G\Shell\AutoRun\command - "" = G:\setup.exe -- File not found
O34 - HKLM BootExecute: (autocheck autochk *) - File not found
O34 - HKLM BootExecute: (OODBS) - C:\Windows\System32\OODBS.exe (O&O Software GmbH)
O34 - HKLM BootExecute: (lsdelete) - C:\Windows\System32\lsdelete.exe ()
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
========== Files/Folders - Created Within 30 Days ==========
[2010.11.23 12:34:27 | 000,575,488 | ---- | C] (OldTimer Tools) -- C:\Users\Fabian\Desktop\OTL.exe
[2010.11.23 12:21:44 | 000,388,608 | ---- | C] (Trend Micro Inc.) -- C:\Users\Fabian\Desktop\HiJackThis204.exe
[2010.11.22 20:33:21 | 000,000,000 | ---D | C] -- C:\Users\Fabian\Desktop\Musik
[2010.11.20 00:55:43 | 000,038,224 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbamswissarmy.sys
[2010.11.20 00:55:42 | 000,020,952 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbam.sys
[2010.11.20 00:54:05 | 006,153,352 | ---- | C] (Malwarebytes Corporation ) -- C:\Users\Fabian\Desktop\mbam146-setup.exe
[2010.11.19 21:14:30 | 000,064,288 | ---- | C] (Lavasoft AB) -- C:\Windows\System32\drivers\Lbd.sys
[2010.11.19 21:14:27 | 000,098,392 | ---- | C] (Sunbelt Software) -- C:\Windows\System32\drivers\SBREDrv.sys
[2010.11.19 21:08:59 | 000,000,000 | ---D | C] -- C:\Users\Fabian\AppData\Local\Sunbelt Software
[2010.11.19 20:59:21 | 000,000,000 | -H-D | C] -- C:\ProgramData\{E961CE1B-C3EA-4882-9F67-F859B555D097}
[2010.11.19 20:58:57 | 000,000,000 | ---D | C] -- C:\Programme\Lavasoft
[2010.11.19 20:58:57 | 000,000,000 | ---D | C] -- C:\ProgramData\Lavasoft
[2010.11.19 20:53:05 | 133,432,520 | ---- | C] (Lavasoft ) -- C:\Users\Fabian\Desktop\Ad-AwareInstall-833.exe
[2010.11.19 17:24:06 | 016,409,960 | ---- | C] (Safer Networking Limited ) -- C:\Users\Fabian\Desktop\spybotsd162.exe
[2010.11.18 22:50:55 | 000,000,000 | ---D | C] -- C:\Users\Fabian\Desktop\1224146592hqlm2
[2010.11.18 22:49:14 | 000,000,000 | ---D | C] -- C:\Users\Fabian\Desktop\1167043196_71_amc_matador_taxi
[2010.11.18 22:42:37 | 000,000,000 | ---D | C] -- C:\Users\Fabian\Desktop\1250783604_SA_1994_Ford_Crown_Victoria_Taxi_by_BR
[2010.11.18 22:42:14 | 000,000,000 | ---D | C] -- C:\Users\Fabian\Desktop\BackUp
[2010.11.18 20:30:33 | 000,000,000 | ---D | C] -- C:\Users\Fabian\Desktop\Mods
[2010.11.18 20:26:26 | 000,224,016 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\TabCtl32.ocx
[2010.11.18 20:22:55 | 000,000,000 | ---D | C] -- C:\Users\Fabian\Desktop\San_Andreas_Control_Center_v211
[2010.11.17 18:54:55 | 000,000,000 | ---D | C] -- C:\Users\Fabian\Desktop\SAStreamMemFix v.3
[2010.11.17 18:39:30 | 000,000,000 | ---D | C] -- C:\Users\Fabian\Desktop\asiloader
[2010.11.17 18:30:33 | 000,000,000 | ---D | C] -- C:\Users\Fabian\AppData\Local\Mato_Technologies
[2010.11.17 18:26:47 | 000,000,000 | ---D | C] -- C:\Users\Fabian\Desktop\IMG-Manager-V.1.5
[2010.11.17 18:21:48 | 000,000,000 | ---D | C] -- C:\Programme\SRT3 V1.7
[2010.11.16 22:41:06 | 660,927,285 | ---- | C] (BLITZ ARCADE ) -- C:\Users\Fabian\Desktop\2010_03_22_SRT3_MOD.exe
[2010.10.29 16:13:47 | 000,000,000 | ---D | C] -- C:\Users\Fabian\Tracing
[2010.10.28 23:23:34 | 000,000,000 | ---D | C] -- C:\Users\Fabian\Desktop\Foto
[2010.10.28 22:04:54 | 000,000,000 | ---D | C] -- C:\Users\Fabian\Desktop\Papa Stick
[2010.10.28 21:07:50 | 000,000,000 | ---D | C] -- C:\Users\Fabian\Desktop\Kunst
[2010.10.28 20:59:21 | 000,000,000 | ---D | C] -- C:\Users\Fabian\AppData\Roaming\PhotoFiltre
[2010.10.28 20:58:54 | 000,000,000 | ---D | C] -- C:\Programme\PhotoFiltre
[2010.10.28 18:25:51 | 000,000,000 | ---D | C] -- C:\Users\Fabian\Desktop\Neuer Ordner
[2010.10.28 18:25:42 | 000,000,000 | ---D | C] -- C:\Users\Fabian\Desktop\Fabi
[2010.10.28 18:15:43 | 000,000,000 | -HSD | C] -- C:\Users\Fabian\AppData\Roaming\jh87uhnoe3
[2010.06.22 17:37:07 | 000,072,224 | ---- | C] (Martin Pesch) -- C:\Programme\mp3DirectCut.exe
[2010.01.09 13:48:43 | 000,184,320 | ---- | C] ( ) -- C:\Windows\System32\rsnp2uvc.dll
[2010.01.09 13:48:43 | 000,176,128 | ---- | C] ( ) -- C:\Windows\System32\csnp2uvc.dll
[2008.12.09 15:04:28 | 027,580,296 | ---- | C] ( ) -- C:\Programme\AdbeRdr90_de_DE.exe
[2007.08.13 17:46:00 | 000,102,912 | ---- | C] (Albert L Faber) -- C:\Users\Fabian\AppData\Local\CDRip.dll
[2007.01.18 21:09:54 | 000,623,616 | ---- | C] (Ivan Bischof ©2003 - 2005) -- C:\Users\Fabian\AppData\Local\No23 Recorder.exe
[2006.12.11 19:13:14 | 000,013,872 | ---- | C] (Un4seen Developments) -- C:\Users\Fabian\AppData\Local\basscd.dll
[2006.12.11 19:13:12 | 000,097,336 | ---- | C] (Un4seen Developments) -- C:\Users\Fabian\AppData\Local\bass.dll
[2 C:\Windows\System32\*.tmp files -> C:\Windows\System32\*.tmp -> ]
========== Files - Modified Within 30 Days ==========
[2010.11.23 13:04:24 | 003,757,489 | ---- | M] () -- C:\Users\Fabian\Desktop\PB230066.JPG
[2010.11.23 12:45:15 | 000,000,420 | -H-- | M] () -- C:\Windows\tasks\User_Feed_Synchronization-{96A16510-0F25-41F6-A1C5-B3B8D56AE797}.job
[2010.11.23 12:44:59 | 000,000,394 | -H-- | M] () -- C:\Windows\tasks\User_Feed_Synchronization-{60E70999-78D0-41AB-8805-04CC34877BB3}.job
[2010.11.23 12:34:28 | 000,575,488 | ---- | M] (OldTimer Tools) -- C:\Users\Fabian\Desktop\OTL.exe
[2010.11.23 12:26:01 | 000,001,122 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-600222665-2756014500-3235698655-1001UA.job
[2010.11.23 12:21:46 | 000,388,608 | ---- | M] (Trend Micro Inc.) -- C:\Users\Fabian\Desktop\HiJackThis204.exe
[2010.11.23 12:00:36 | 000,376,692 | ---- | M] () -- C:\Windows\System32\perfh009.dat
[2010.11.23 12:00:36 | 000,264,200 | ---- | M] () -- C:\Windows\System32\perfh007.dat
[2010.11.23 12:00:36 | 000,079,724 | ---- | M] () -- C:\Windows\System32\perfc007.dat
[2010.11.23 12:00:36 | 000,061,200 | ---- | M] () -- C:\Windows\System32\perfc009.dat
[2010.11.23 11:55:15 | 000,000,250 | ---- | M] () -- C:\Windows\tasks\RtlVistaStart.job
[2010.11.23 11:55:05 | 000,000,370 | ---- | M] () -- C:\Windows\tasks\Ad-Aware Update (Weekly).job
[2010.11.23 11:54:50 | 000,004,432 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0
[2010.11.23 11:54:50 | 000,004,432 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0
[2010.11.23 11:54:38 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2010.11.23 11:54:35 | 2146,484,224 | -HS- | M] () -- C:\hiberfil.sys
[2010.11.23 11:54:34 | 000,127,600 | ---- | M] () -- C:\Windows\System32\oodbs.lor
[2010.11.22 20:26:00 | 000,001,070 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-600222665-2756014500-3235698655-1001Core.job
[2010.11.21 18:21:49 | 000,010,758 | ---- | M] () -- C:\Users\Fabian\Desktop\GELD!!!.xlsx
[2010.11.20 01:12:51 | 000,062,831 | ---- | M] () -- C:\Users\Fabian\Desktop\Aufzeichnen.JPG
[2010.11.20 00:55:46 | 000,000,818 | ---- | M] () -- C:\Users\Public\Desktop\Malwarebytes' Anti-Malware.lnk
[2010.11.20 00:54:16 | 006,153,352 | ---- | M] (Malwarebytes Corporation ) -- C:\Users\Fabian\Desktop\mbam146-setup.exe
[2010.11.19 21:14:27 | 000,098,392 | ---- | M] (Sunbelt Software) -- C:\Windows\System32\drivers\SBREDrv.sys
[2010.11.19 21:10:50 | 004,309,540 | ---- | M] () -- C:\Users\Fabian\Desktop\STEG USRMAN 2CH.pdf
[2010.11.19 20:59:18 | 000,001,015 | ---- | M] () -- C:\Users\Public\Desktop\Ad-Aware.lnk
[2010.11.19 20:57:47 | 133,432,520 | ---- | M] (Lavasoft ) -- C:\Users\Fabian\Desktop\Ad-AwareInstall-833.exe
[2010.11.19 17:30:52 | 005,535,216 | ---- | M] () -- C:\Users\Fabian\Desktop\San_Andreas_Control_Center_v211.zip
[2010.11.19 17:29:50 | 000,293,184 | ---- | M] () -- C:\Users\Fabian\Desktop\SoftonicDownloader_fuer_ad-aware-free-internet-security.exe
[2010.11.19 17:29:20 | 000,001,055 | ---- | M] () -- C:\Users\Fabian\Desktop\Spybot - Search & Destroy.lnk
[2010.11.19 17:24:58 | 016,409,960 | ---- | M] (Safer Networking Limited ) -- C:\Users\Fabian\Desktop\spybotsd162.exe
[2010.11.19 17:17:16 | 000,000,392 | ---- | M] () -- C:\Windows\tasks\1-Klick-Wartung.job
[2010.11.19 00:11:09 | 000,079,684 | ---- | M] () -- C:\Users\Fabian\Desktop\Postident_Basic_Hitmeister.pdf
[2010.11.19 00:00:28 | 000,000,372 | ---- | M] () -- C:\Windows\tasks\NeroLiveEpgUpdate-Fabian-PC_Fabian.job
[2010.11.18 22:50:48 | 001,315,898 | ---- | M] () -- C:\Users\Fabian\Desktop\1224146592hqlm2.rar
[2010.11.18 22:47:06 | 000,914,787 | ---- | M] () -- C:\Users\Fabian\Desktop\1196595824_SA_AMC_Matador71Final.rar
[2010.11.18 22:46:18 | 002,006,443 | ---- | M] () -- C:\Users\Fabian\Desktop\1167043196_71_amc_matador_taxi.rar
[2010.11.18 22:42:03 | 001,883,346 | ---- | M] () -- C:\Users\Fabian\Desktop\1250783604_SA_1994_Ford_Crown_Victoria_Taxi_by_BR.rar
[2010.11.18 22:07:51 | 000,012,052 | ---- | M] () -- C:\Users\Fabian\Desktop\23rjpsy.jpg
[2010.11.17 21:28:27 | 000,051,200 | ---- | M] () -- C:\Users\Fabian\Desktop\Inhaltsangabe 3.0.doc
[2010.11.17 18:53:53 | 004,819,921 | ---- | M] () -- C:\Users\Fabian\Desktop\SAStreamMemFix v.3.rar
[2010.11.17 18:39:15 | 000,039,768 | ---- | M] () -- C:\Users\Fabian\Desktop\asiloader.rar
[2010.11.17 18:25:11 | 000,483,670 | ---- | M] () -- C:\Users\Fabian\Desktop\IMG-Manager-V.1.5.rar
[2010.11.16 23:15:10 | 660,927,285 | ---- | M] (BLITZ ARCADE ) -- C:\Users\Fabian\Desktop\2010_03_22_SRT3_MOD.exe
[2010.11.16 22:39:13 | 152,698,058 | ---- | M] () -- C:\Users\Fabian\Desktop\2010_03_22_SRT3_MOD[gta-worldmods.de].rar
[2010.11.15 20:29:33 | 000,231,936 | ---- | M] () -- C:\Users\Fabian\Desktop\Verhältnissen in Deutschland zwischen 1898 1.0.doc
[2010.11.15 20:29:17 | 000,070,144 | ---- | M] () -- C:\Users\Fabian\Desktop\Inhaltsangabe 2.0.doc
[2010.11.15 18:45:34 | 000,000,162 | -H-- | M] () -- C:\Users\Fabian\Desktop\~$r gute Mensch.docx
[2010.11.15 18:31:38 | 000,069,632 | ---- | M] () -- C:\Users\Fabian\Desktop\Inhaltsangabe 1.1.doc
[2010.11.15 18:03:00 | 000,050,688 | ---- | M] () -- C:\Users\Fabian\Desktop\Inhaltsangabe.doc
[2010.11.14 21:18:41 | 000,032,545 | ---- | M] () -- C:\Users\Fabian\Desktop\Der gute Mensch.docx
[2010.11.10 20:55:20 | 000,062,232 | ---- | M] () -- C:\Users\Fabian\Desktop\janno.JPG
[2010.11.09 21:04:30 | 003,156,480 | ---- | M] () -- C:\Users\Fabian\Desktop\sadasdfsdgdfhzugkyddfgudfhgfhbhghhthjk.doc
[2010.11.07 21:15:19 | 000,009,893 | ---- | M] () -- C:\Users\Fabian\Desktop\Musikerkennung.docx
[2010.11.07 20:05:05 | 000,111,328 | ---- | M] () -- C:\Users\Fabian\Desktop\Fktuntesuch. bei realen Prozessen.pdf
[2010.11.07 20:04:41 | 000,045,489 | ---- | M] () -- C:\Users\Fabian\Desktop\Extremwertaufgaben.pdf
[2010.11.06 00:32:34 | 000,010,842 | ---- | M] () -- C:\Users\Fabian\Documents\Hi.docx
[2010.11.04 20:45:17 | 000,023,552 | ---- | M] () -- C:\Users\Fabian\Desktop\Khanh.doc
[2010.10.31 18:47:29 | 000,022,755 | ---- | M] () -- C:\Users\Fabian\Desktop\Raveland.JPG
[2010.10.29 18:28:12 | 000,171,838 | ---- | M] () -- C:\Users\Fabian\Desktop\FUN.jpg
[2010.10.29 18:26:59 | 000,031,295 | ---- | M] () -- C:\Users\Fabian\Desktop\aroute.JPG
[2010.10.29 18:24:32 | 000,166,656 | ---- | M] () -- C:\Users\Fabian\Desktop\richtige karte.JPG
[2010.10.29 17:05:54 | 000,089,740 | ---- | M] () -- C:\Users\Fabian\Desktop\bfsnj.jpg
[2010.10.28 22:43:20 | 000,179,200 | ---- | M] () -- C:\Users\Fabian\Desktop\Dok1.doc
[2010.10.28 20:58:55 | 000,000,840 | ---- | M] () -- C:\Users\Fabian\Desktop\PhotoFiltre.lnk
[2010.10.28 20:58:13 | 004,118,294 | ---- | M] () -- C:\Users\Fabian\Desktop\pf-setup-en.exe
[2010.10.28 20:54:09 | 002,880,162 | ---- | M] () -- C:\Users\Fabian\Desktop\PA280145.JPG
[2010.10.28 20:53:22 | 003,104,142 | ---- | M] () -- C:\Users\Fabian\Desktop\PA280142.JPG
[2010.10.28 19:59:10 | 000,679,424 | ---- | M] () -- C:\Users\Fabian\Desktop\Collage.doc
[2010.10.28 19:53:26 | 000,008,158 | ---- | M] () -- C:\Users\Fabian\Desktop\studio-kugel-geschaeftsmann_~jl_012150_6924.jpg
[2010.10.28 18:28:35 | 000,002,430 | ---- | M] () -- C:\Users\Fabian\Desktop\raus.jpg
[2010.10.24 15:47:41 | 000,053,658 | ---- | M] () -- C:\Users\Fabian\Desktop\Steg K2.01.JPG
[2 C:\Windows\System32\*.tmp files -> C:\Windows\System32\*.tmp -> ]
========== Files Created - No Company Name ==========
[2010.11.23 13:04:24 | 003,757,489 | ---- | C] () -- C:\Users\Fabian\Desktop\PB230066.JPG
[2010.11.23 11:55:05 | 000,000,370 | ---- | C] () -- C:\Windows\tasks\Ad-Aware Update (Weekly).job
[2010.11.20 01:12:47 | 000,062,831 | ---- | C] () -- C:\Users\Fabian\Desktop\Aufzeichnen.JPG
[2010.11.20 00:55:46 | 000,000,818 | ---- | C] () -- C:\Users\Public\Desktop\Malwarebytes' Anti-Malware.lnk
[2010.11.19 23:43:50 | 000,015,880 | ---- | C] () -- C:\Windows\System32\lsdelete.exe
[2010.11.19 21:10:30 | 004,309,540 | ---- | C] () -- C:\Users\Fabian\Desktop\STEG USRMAN 2CH.pdf
[2010.11.19 20:59:18 | 000,001,015 | ---- | C] () -- C:\Users\Public\Desktop\Ad-Aware.lnk
[2010.11.19 17:29:47 | 000,293,184 | ---- | C] () -- C:\Users\Fabian\Desktop\SoftonicDownloader_fuer_ad-aware-free-internet-security.exe
[2010.11.19 17:29:20 | 000,001,055 | ---- | C] () -- C:\Users\Fabian\Desktop\Spybot - Search & Destroy.lnk
[2010.11.19 00:11:09 | 000,079,684 | ---- | C] () -- C:\Users\Fabian\Desktop\Postident_Basic_Hitmeister.pdf
[2010.11.18 22:50:44 | 001,315,898 | ---- | C] () -- C:\Users\Fabian\Desktop\1224146592hqlm2.rar
[2010.11.18 22:47:05 | 000,914,787 | ---- | C] () -- C:\Users\Fabian\Desktop\1196595824_SA_AMC_Matador71Final.rar
[2010.11.18 22:46:13 | 002,006,443 | ---- | C] () -- C:\Users\Fabian\Desktop\1167043196_71_amc_matador_taxi.rar
[2010.11.18 22:41:58 | 001,883,346 | ---- | C] () -- C:\Users\Fabian\Desktop\1250783604_SA_1994_Ford_Crown_Victoria_Taxi_by_BR.rar
[2010.11.18 22:07:50 | 000,012,052 | ---- | C] () -- C:\Users\Fabian\Desktop\23rjpsy.jpg
[2010.11.18 20:22:33 | 005,535,216 | ---- | C] () -- C:\Users\Fabian\Desktop\San_Andreas_Control_Center_v211.zip
[2010.11.17 21:28:25 | 000,051,200 | ---- | C] () -- C:\Users\Fabian\Desktop\Inhaltsangabe 3.0.doc
[2010.11.17 18:53:25 | 004,819,921 | ---- | C] () -- C:\Users\Fabian\Desktop\SAStreamMemFix v.3.rar
[2010.11.17 18:37:14 | 000,039,768 | ---- | C] () -- C:\Users\Fabian\Desktop\asiloader.rar
[2010.11.17 18:23:50 | 000,483,670 | ---- | C] () -- C:\Users\Fabian\Desktop\IMG-Manager-V.1.5.rar
[2010.11.16 22:28:13 | 152,698,058 | ---- | C] () -- C:\Users\Fabian\Desktop\2010_03_22_SRT3_MOD[gta-worldmods.de].rar
[2010.11.15 20:29:32 | 000,231,936 | ---- | C] () -- C:\Users\Fabian\Desktop\Verhältnissen in Deutschland zwischen 1898 1.0.doc
[2010.11.15 20:29:17 | 000,070,144 | ---- | C] () -- C:\Users\Fabian\Desktop\Inhaltsangabe 2.0.doc
[2010.11.15 18:45:34 | 000,000,162 | -H-- | C] () -- C:\Users\Fabian\Desktop\~$r gute Mensch.docx
[2010.11.15 18:31:06 | 000,069,632 | ---- | C] () -- C:\Users\Fabian\Desktop\Inhaltsangabe 1.1.doc
[2010.11.15 18:03:00 | 000,050,688 | ---- | C] () -- C:\Users\Fabian\Desktop\Inhaltsangabe.doc
[2010.11.14 21:18:40 | 000,032,545 | ---- | C] () -- C:\Users\Fabian\Desktop\Der gute Mensch.docx
[2010.11.10 20:55:17 | 000,062,232 | ---- | C] () -- C:\Users\Fabian\Desktop\janno.JPG
[2010.11.09 21:04:28 | 003,156,480 | ---- | C] () -- C:\Users\Fabian\Desktop\sadasdfsdgdfhzugkyddfgudfhgfhbhghhthjk.doc
[2010.11.07 21:15:19 | 000,009,893 | ---- | C] () -- C:\Users\Fabian\Desktop\Musikerkennung.docx
[2010.11.07 20:05:05 | 000,111,328 | ---- | C] () -- C:\Users\Fabian\Desktop\Fktuntesuch. bei realen Prozessen.pdf
[2010.11.07 20:04:39 | 000,045,489 | ---- | C] () -- C:\Users\Fabian\Desktop\Extremwertaufgaben.pdf
[2010.11.06 00:32:33 | 000,010,842 | ---- | C] () -- C:\Users\Fabian\Documents\Hi.docx
[2010.11.04 20:45:15 | 000,023,552 | ---- | C] () -- C:\Users\Fabian\Desktop\Khanh.doc
[2010.10.31 18:47:26 | 000,022,755 | ---- | C] () -- C:\Users\Fabian\Desktop\Raveland.JPG
[2010.10.29 18:28:12 | 000,171,838 | ---- | C] () -- C:\Users\Fabian\Desktop\FUN.jpg
[2010.10.29 18:26:57 | 000,031,295 | ---- | C] () -- C:\Users\Fabian\Desktop\aroute.JPG
[2010.10.29 18:24:30 | 000,166,656 | ---- | C] () -- C:\Users\Fabian\Desktop\richtige karte.JPG
[2010.10.29 17:05:47 | 000,089,740 | ---- | C] () -- C:\Users\Fabian\Desktop\bfsnj.jpg
[2010.10.28 22:43:19 | 000,179,200 | ---- | C] () -- C:\Users\Fabian\Desktop\Dok1.doc
[2010.10.28 20:58:55 | 000,000,840 | ---- | C] () -- C:\Users\Fabian\Desktop\PhotoFiltre.lnk
[2010.10.28 20:56:32 | 004,118,294 | ---- | C] () -- C:\Users\Fabian\Desktop\pf-setup-en.exe
[2010.10.28 20:50:57 | 002,880,162 | ---- | C] () -- C:\Users\Fabian\Desktop\PA280145.JPG
[2010.10.28 20:50:48 | 003,104,142 | ---- | C] () -- C:\Users\Fabian\Desktop\PA280142.JPG
[2010.10.28 19:59:09 | 000,679,424 | ---- | C] () -- C:\Users\Fabian\Desktop\Collage.doc
[2010.10.28 19:53:25 | 000,008,158 | ---- | C] () -- C:\Users\Fabian\Desktop\studio-kugel-geschaeftsmann_~jl_012150_6924.jpg
[2010.10.28 18:28:34 | 000,002,430 | ---- | C] () -- C:\Users\Fabian\Desktop\raus.jpg
[2010.10.24 15:47:39 | 000,053,658 | ---- | C] () -- C:\Users\Fabian\Desktop\Steg K2.01.JPG
[2010.10.13 19:14:41 | 000,000,042 | ---- | C] () -- C:\Windows\oodjobd.INI
[2010.08.28 23:34:09 | 000,000,016 | ---- | C] () -- C:\Users\Fabian\AppData\Roaming\hngmfc.dat
[2010.06.22 17:37:07 | 000,026,299 | ---- | C] () -- C:\Programme\Manual.htm
[2010.06.22 17:37:07 | 000,013,887 | ---- | C] () -- C:\Programme\FAQ.htm
[2010.06.22 17:37:07 | 000,002,933 | ---- | C] () -- C:\Programme\Version.txt
[2010.06.22 17:37:07 | 000,001,672 | ---- | C] () -- C:\Programme\License.txt
[2010.04.23 21:04:49 | 000,000,540 | ---- | C] () -- C:\Users\Fabian\AppData\Roaming\AutoGK.ini
[2010.03.15 19:15:34 | 000,156,430 | R--- | C] () -- C:\ProgramData\DeviceManager.xml.rc4
[2010.02.26 18:51:45 | 000,722,416 | ---- | C] () -- C:\Windows\System32\drivers\sptd.sys
[2010.02.22 15:21:46 | 000,000,091 | ---- | C] () -- C:\ProgramData\PS.log
[2010.02.22 14:37:42 | 000,000,917 | ---- | C] () -- C:\Windows\System32\CLWatson.ini
[2010.02.20 18:26:19 | 000,027,648 | ---- | C] () -- C:\Windows\System32\AVSredirect.dll
[2010.02.18 16:16:09 | 000,001,472 | ---- | C] () -- C:\Users\Fabian\AppData\Local\RecConfig.xml
[2010.01.10 18:19:31 | 000,000,056 | -H-- | C] () -- C:\ProgramData\ezsidmv.dat
[2010.01.09 13:48:43 | 003,482,112 | ---- | C] () -- C:\Windows\System32\drivers\snp2uvc.sys
[2010.01.09 13:48:43 | 000,027,264 | ---- | C] () -- C:\Windows\System32\drivers\sncduvc.sys
[2010.01.09 13:48:43 | 000,015,497 | ---- | C] () -- C:\Windows\snp2uvc.ini
[2010.01.02 13:45:28 | 000,197,120 | ---- | C] () -- C:\Windows\patchw32.dll
[2009.10.22 17:29:34 | 000,053,299 | ---- | C] () -- C:\Windows\System32\pthreadVC.dll
[2009.09.13 15:26:17 | 000,017,920 | ---- | C] () -- C:\Windows\System32\implode.dll
[2009.09.13 15:26:16 | 000,009,136 | ---- | C] () -- C:\Windows\System32\INETWH16.DLL
[2009.05.14 10:00:39 | 000,003,972 | ---- | C] () -- C:\Windows\System32\drivers\PciBus.sys
[2009.04.09 15:47:02 | 000,013,824 | ---- | C] () -- C:\Windows\System32\CallSimReader.dll
[2009.04.09 15:46:02 | 000,055,808 | ---- | C] () -- C:\Windows\System32\SimReader.dll
[2009.03.02 11:33:32 | 000,067,584 | ---- | C] () -- C:\Windows\System32\ff_vfw.dll
[2009.02.25 01:16:05 | 000,000,069 | ---- | C] () -- C:\Windows\NeroDigital.ini
[2009.01.28 17:25:55 | 000,000,000 | ---- | C] () -- C:\Users\Fabian\AppData\Roaming\downloads.m3u
[2009.01.28 17:24:50 | 000,000,174 | ---- | C] () -- C:\Users\Fabian\AppData\Roaming\default.rss
[2009.01.27 21:24:08 | 000,004,767 | ---- | C] () -- C:\Windows\Irremote.ini
[2009.01.25 22:10:48 | 000,179,200 | ---- | C] () -- C:\Windows\System32\xvidvfw.dll
[2009.01.17 11:45:15 | 000,000,104 | ---- | C] () -- C:\Windows\Rumble2.ini
[2009.01.09 00:01:22 | 000,629,760 | ---- | C] () -- C:\Windows\System32\xvidcore.dll
[2008.12.31 12:55:47 | 000,000,094 | ---- | C] () -- C:\Users\Fabian\AppData\Local\fusioncache.dat
[2008.12.14 14:52:15 | 000,000,840 | ---- | C] () -- C:\Users\Fabian\AppData\Roaming\EasyToolz.ini
[2008.11.06 17:37:32 | 003,596,288 | ---- | C] () -- C:\Windows\System32\qt-dx331.dll
[2008.11.06 17:33:02 | 000,012,288 | ---- | C] () -- C:\Windows\System32\DivXWMPExtType.dll
[2008.10.07 09:13:22 | 000,058,648 | ---- | C] () -- C:\Windows\System32\AgCPanelTraditionalChinese.dll
[2008.10.07 09:13:20 | 000,058,648 | ---- | C] () -- C:\Windows\System32\AgCPanelSwedish.dll
[2008.10.07 09:13:20 | 000,058,648 | ---- | C] () -- C:\Windows\System32\AgCPanelSpanish.dll
[2008.10.07 09:13:20 | 000,058,648 | ---- | C] () -- C:\Windows\System32\AgCPanelSimplifiedChinese.dll
[2008.10.07 09:13:20 | 000,058,648 | ---- | C] () -- C:\Windows\System32\AgCPanelPortugese.dll
[2008.10.07 09:13:20 | 000,058,648 | ---- | C] () -- C:\Windows\System32\AgCPanelKorean.dll
[2008.10.07 09:13:20 | 000,058,648 | ---- | C] () -- C:\Windows\System32\AgCPanelJapanese.dll
[2008.10.07 09:13:20 | 000,058,648 | ---- | C] () -- C:\Windows\System32\AgCPanelGerman.dll
[2008.10.07 09:13:20 | 000,058,648 | ---- | C] () -- C:\Windows\System32\AgCPanelFrench.dll
[2008.10.04 13:33:21 | 000,026,340 | ---- | C] () -- C:\Users\Fabian\AppData\Roaming\UserTile.png
[2008.10.04 11:52:35 | 000,000,004 | ---- | C] () -- C:\Windows\msoffice.ini
[2008.10.04 10:41:39 | 000,000,558 | ---- | C] () -- C:\Windows\DFC.INI
[2008.10.04 10:23:29 | 000,000,025 | ---- | C] () -- C:\Windows\cdplayer.ini
[2008.06.05 07:58:26 | 000,197,912 | ---- | C] () -- C:\Windows\System32\physxcudart_20.dll
[2008.02.12 14:40:41 | 000,000,552 | ---- | C] () -- C:\Users\Fabian\AppData\Local\d3d8caps.dat
[2008.01.27 14:12:27 | 000,022,328 | ---- | C] () -- C:\Windows\System32\drivers\PnkBstrK.sys
[2008.01.14 19:50:44 | 000,049,152 | ---- | C] () -- C:\Windows\System32\ZSubTimer.dll
[2007.11.22 11:23:19 | 000,000,000 | ---- | C] () -- C:\Windows\iplayer.INI
[2007.10.28 21:51:35 | 000,014,018 | ---- | C] () -- C:\Users\Fabian\AppData\Roaming\wklnhst.dat
[2007.10.28 21:33:53 | 000,000,400 | ---- | C] () -- C:\Windows\ODBC.INI
[2007.09.15 16:44:59 | 000,000,301 | ---- | C] () -- C:\Windows\thug2.ini
[2007.09.15 10:55:49 | 000,000,725 | ---- | C] () -- C:\Windows\EF2.INI
[2007.08.13 17:46:00 | 000,155,136 | ---- | C] () -- C:\Users\Fabian\AppData\Local\lame_enc.dll
[2007.07.10 13:38:29 | 000,000,403 | ---- | C] () -- C:\Windows\SIERRA.INI
[2007.06.12 17:30:06 | 000,024,576 | R--- | C] () -- C:\Windows\System32\AsIO.dll
[2007.06.12 17:30:06 | 000,012,664 | R--- | C] () -- C:\Windows\System32\drivers\AsIO.sys
[2007.06.12 17:30:03 | 000,012,096 | ---- | C] () -- C:\Windows\System32\drivers\AsInsHelp64.sys
[2007.06.12 17:30:03 | 000,010,304 | ---- | C] () -- C:\Windows\System32\drivers\AsInsHelp32.sys
[2007.06.11 17:59:06 | 000,095,744 | ---- | C] () -- C:\Users\Fabian\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2007.06.11 15:35:02 | 000,271,360 | ---- | C] () -- C:\Windows\System32\drivers\atksgt.sys
[2007.06.11 15:35:01 | 000,018,048 | ---- | C] () -- C:\Windows\System32\drivers\lirsgt.sys
[2007.06.11 14:48:44 | 000,032,768 | ---- | C] () -- C:\Windows\TBPanelExt.dll
[2007.06.11 14:48:44 | 000,012,285 | ---- | C] () -- C:\Windows\Cadx3.ini
[2007.06.11 14:48:44 | 000,005,120 | ---- | C] () -- C:\Windows\TBManage.dll
[2007.06.11 14:48:43 | 000,007,698 | ---- | C] () -- C:\Windows\cadx2.ini
[2007.06.11 14:44:49 | 000,009,052 | ---- | C] () -- C:\Users\Fabian\AppData\Local\d3d9caps.dat
[2007.06.06 15:02:35 | 000,022,903 | ---- | C] () -- C:\Windows\Ascd_tmp.ini
[2007.06.06 15:02:35 | 000,007,680 | ---- | C] () -- C:\Windows\System32\drivers\ASACPI.sys
[2007.06.06 15:02:28 | 000,010,288 | ---- | C] () -- C:\Windows\System32\drivers\ASUSHWIO.SYS
[2007.06.06 14:54:56 | 000,001,970 | ---- | C] () -- C:\Windows\HCWPNP.INI
[2007.06.01 07:47:56 | 000,040,960 | ---- | C] () -- C:\Windows\System32\hcwxds.dll
[2007.04.13 21:40:03 | 000,143,360 | ---- | C] () -- C:\Windows\System32\USBaccess.dll
[2006.11.17 23:04:17 | 000,235,520 | ---- | C] () -- C:\Windows\System32\jangraphics.dll
[2006.11.02 13:35:32 | 000,005,632 | ---- | C] () -- C:\Windows\System32\sysprepMCE.dll
[2006.11.02 08:40:29 | 000,013,750 | ---- | C] () -- C:\Windows\System32\pacerprf.ini
[2006.10.26 01:06:48 | 000,064,000 | ---- | C] () -- C:\Users\Fabian\AppData\Local\vorbisenc.dll
[2006.10.26 01:06:48 | 000,019,456 | ---- | C] () -- C:\Users\Fabian\AppData\Local\vorbisfile.dll
[2006.10.26 01:06:46 | 000,143,872 | ---- | C] () -- C:\Users\Fabian\AppData\Local\vorbis.dll
[2006.10.26 01:06:36 | 000,015,872 | ---- | C] () -- C:\Users\Fabian\AppData\Local\ogg.dll
[2005.08.23 22:34:06 | 000,029,184 | ---- | C] () -- C:\Users\Fabian\AppData\Local\no23xwrapper.dll
[2002.10.15 23:54:04 | 000,153,088 | ---- | C] () -- C:\Windows\System32\unrar.dll
[1996.04.03 20:33:26 | 000,005,248 | ---- | C] () -- C:\Windows\System32\giveio.sys
========== LOP Check ==========
[2010.10.12 11:35:26 | 000,000,000 | ---D | M] -- C:\Users\Fabian\AppData\Roaming\10 Finger BreakOut
[2009.05.28 18:29:49 | 000,000,000 | ---D | M] -- C:\Users\Fabian\AppData\Roaming\3B
[2010.08.12 23:11:31 | 000,000,000 | ---D | M] -- C:\Users\Fabian\AppData\Roaming\4C91EC9C9460DC2A1C65CD6AD75C1395
[2010.04.07 14:19:51 | 000,000,000 | ---D | M] -- C:\Users\Fabian\AppData\Roaming\Amazon
[2008.12.23 11:34:51 | 000,000,000 | ---D | M] -- C:\Users\Fabian\AppData\Roaming\Ambient Design
[2010.03.09 22:07:47 | 000,000,000 | ---D | M] -- C:\Users\Fabian\AppData\Roaming\AnvSoft
[2010.01.30 11:26:12 | 000,000,000 | ---D | M] -- C:\Users\Fabian\AppData\Roaming\Ashampoo
[2008.12.26 09:50:01 | 000,000,000 | ---D | M] -- C:\Users\Fabian\AppData\Roaming\astragon Software GmbH
[2010.01.02 13:46:24 | 000,000,000 | ---D | M] -- C:\Users\Fabian\AppData\Roaming\Atari
[2010.10.13 17:34:42 | 000,000,000 | ---D | M] -- C:\Users\Fabian\AppData\Roaming\AudioMoves
[2010.10.12 16:13:38 | 000,000,000 | ---D | M] -- C:\Users\Fabian\AppData\Roaming\avidemux
[2009.01.16 20:58:09 | 000,000,000 | ---D | M] -- C:\Users\Fabian\AppData\Roaming\Blender Foundation
[2009.01.19 18:49:46 | 000,000,000 | ---D | M] -- C:\Users\Fabian\AppData\Roaming\Buhl Data Service
[2010.04.24 13:38:22 | 000,000,000 | ---D | M] -- C:\Users\Fabian\AppData\Roaming\CadSoft
[2010.01.25 17:40:57 | 000,000,000 | ---D | M] -- C:\Users\Fabian\AppData\Roaming\clickEXE
[2010.11.19 23:43:50 | 000,000,000 | ---D | M] -- C:\Users\Fabian\AppData\Roaming\Desktopicon
[2010.10.12 16:27:19 | 000,000,000 | ---D | M] -- C:\Users\Fabian\AppData\Roaming\Dr. DivX 2.0 OSS
[2010.07.30 13:32:46 | 000,000,000 | ---D | M] -- C:\Users\Fabian\AppData\Roaming\DVDVideoSoftIEHelpers
[2010.10.12 12:33:44 | 000,000,000 | ---D | M] -- C:\Users\Fabian\AppData\Roaming\Flock
[2010.10.19 21:57:12 | 000,000,000 | ---D | M] -- C:\Users\Fabian\AppData\Roaming\gtk-2.0
[2010.10.18 23:26:48 | 000,000,000 | ---D | M] -- C:\Users\Fabian\AppData\Roaming\ICQ
[2010.01.10 15:35:42 | 000,000,000 | ---D | M] -- C:\Users\Fabian\AppData\Roaming\ICQLite
[2010.10.19 22:12:30 | 000,000,000 | ---D | M] -- C:\Users\Fabian\AppData\Roaming\IrfanView
[2010.10.28 22:37:57 | 000,000,000 | -HSD | M] -- C:\Users\Fabian\AppData\Roaming\jh87uhnoe3
[2007.09.15 15:13:27 | 000,000,000 | ---D | M] -- C:\Users\Fabian\AppData\Roaming\Leadertech
[2010.08.12 23:12:01 | 000,000,000 | ---D | M] -- C:\Users\Fabian\AppData\Roaming\lowsec
[2009.05.23 17:30:14 | 000,000,000 | ---D | M] -- C:\Users\Fabian\AppData\Roaming\MiniDm
[2010.06.23 17:22:45 | 000,000,000 | ---D | M] -- C:\Users\Fabian\AppData\Roaming\mp3DirectCut
[2010.04.04 13:42:57 | 000,000,000 | ---D | M] -- C:\Users\Fabian\AppData\Roaming\Mp3tag
[2010.01.08 23:36:06 | 000,000,000 | ---D | M] -- C:\Users\Fabian\AppData\Roaming\OCS
[2008.12.24 11:14:04 | 000,000,000 | ---D | M] -- C:\Users\Fabian\AppData\Roaming\OpenOffice.org
[2009.11.01 17:59:44 | 000,000,000 | ---D | M] -- C:\Users\Fabian\AppData\Roaming\Opera
[2008.10.04 13:33:21 | 000,000,000 | ---D | M] -- C:\Users\Fabian\AppData\Roaming\PeerNetworking
[2010.03.28 21:22:45 | 000,000,000 | ---D | M] -- C:\Users\Fabian\AppData\Roaming\Pegasys Inc
[2010.10.28 20:59:24 | 000,000,000 | ---D | M] -- C:\Users\Fabian\AppData\Roaming\PhotoFiltre
[2010.04.12 17:31:32 | 000,000,000 | ---D | M] -- C:\Users\Fabian\AppData\Roaming\PowerCinema
[2009.04.03 19:33:17 | 000,000,000 | ---D | M] -- C:\Users\Fabian\AppData\Roaming\ProtectDisc
[2010.02.20 17:49:05 | 000,000,000 | ---D | M] -- C:\Users\Fabian\AppData\Roaming\Red Kawa
[2010.02.20 23:53:01 | 000,000,000 | ---D | M] -- C:\Users\Fabian\AppData\Roaming\Regensoft
[2010.09.15 20:46:24 | 000,000,000 | ---D | M] -- C:\Users\Fabian\AppData\Roaming\Registry Mechanic
[2009.01.19 18:22:16 | 000,000,000 | ---D | M] -- C:\Users\Fabian\AppData\Roaming\S.A.D
[2007.08.12 14:16:44 | 000,000,000 | ---D | M] -- C:\Users\Fabian\AppData\Roaming\Sierra
[2010.10.12 12:40:11 | 000,000,000 | ---D | M] -- C:\Users\Fabian\AppData\Roaming\SlimBrowser
[2010.03.17 17:10:43 | 000,000,000 | ---D | M] -- C:\Users\Fabian\AppData\Roaming\soul.im
[2010.10.13 18:51:46 | 000,000,000 | ---D | M] -- C:\Users\Fabian\AppData\Roaming\Steganos
[2010.10.12 11:42:18 | 000,000,000 | ---D | M] -- C:\Users\Fabian\AppData\Roaming\Stellarium
[2009.05.28 17:09:57 | 000,000,000 | ---D | M] -- C:\Users\Fabian\AppData\Roaming\T-Online
[2010.10.19 21:43:47 | 000,000,000 | ---D | M] -- C:\Users\Fabian\AppData\Roaming\temp
[2009.12.22 14:51:35 | 000,000,000 | ---D | M] -- C:\Users\Fabian\AppData\Roaming\Toolbars
[2010.08.15 00:03:30 | 000,000,000 | ---D | M] -- C:\Users\Fabian\AppData\Roaming\Tracker Software
[2010.05.25 20:06:54 | 000,000,000 | ---D | M] -- C:\Users\Fabian\AppData\Roaming\TS3Client
[2009.05.24 14:14:00 | 000,000,000 | ---D | M] -- C:\Users\Fabian\AppData\Roaming\TuneUp Software
[2010.10.12 11:31:55 | 000,000,000 | ---D | M] -- C:\Users\Fabian\AppData\Roaming\TVcentral-Core
[2008.11.02 12:20:20 | 000,000,000 | ---D | M] -- C:\Users\Fabian\AppData\Roaming\Vodafone
[2010.09.15 20:32:47 | 000,000,000 | ---D | M] -- C:\Users\Fabian\AppData\Roaming\VS Revo Group
[2009.05.28 18:26:44 | 000,000,000 | ---D | M] -- C:\Users\Fabian\AppData\Roaming\Webview
[2010.01.18 20:28:17 | 000,000,000 | ---D | M] -- C:\Users\Fabian\AppData\Roaming\WhatPulse
[2010.11.19 17:17:16 | 000,000,392 | ---- | M] () -- C:\Windows\Tasks\1-Klick-Wartung.job
[2010.11.23 11:55:05 | 000,000,370 | ---- | M] () -- C:\Windows\Tasks\Ad-Aware Update (Weekly).job
[2010.11.23 11:55:15 | 000,000,250 | ---- | M] () -- C:\Windows\Tasks\RtlVistaStart.job
[2010.11.22 23:33:45 | 000,032,562 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT
[2010.11.23 12:44:59 | 000,000,394 | -H-- | M] () -- C:\Windows\Tasks\User_Feed_Synchronization-{60E70999-78D0-41AB-8805-04CC34877BB3}.job
[2010.11.23 12:45:15 | 000,000,420 | -H-- | M] () -- C:\Windows\Tasks\User_Feed_Synchronization-{96A16510-0F25-41F6-A1C5-B3B8D56AE797}.job
========== Purity Check ==========
========== Alternate Data Streams ==========
@Alternate Data Stream - 451 bytes -> C:\ProgramData\TEMP:05EE1EEF
@Alternate Data Stream - 104 bytes -> C:\ProgramData\TEMP:D1B5B4F1
< End of report >
Extras (2 Log-File von OTL) ist im Anhang:
So Freunde, dann hatte ich vorgestern nochmal nen Scan mit Anti-Malware gemacht und was gefunden: Code:
Malwarebytes' Anti-Malware 1.46
www.malwarebytes.org
Datenbank Version: 5154
Windows 6.0.6001 Service Pack 1
Internet Explorer 8.0.6001.18783
20.11.2010 01:03:56
mbam-log-2010-11-20 (01-03-56).txt
Art des Suchlaufs: Quick-Scan
Durchsuchte Objekte: 163357
Laufzeit: 6 Minute(n), 22 Sekunde(n)
Infizierte Speicherprozesse: 0
Infizierte Speichermodule: 0
Infizierte Registrierungsschlüssel: 1
Infizierte Registrierungswerte: 0
Infizierte Dateiobjekte der Registrierung: 0
Infizierte Verzeichnisse: 0
Infizierte Dateien: 1
Infizierte Speicherprozesse:
(Keine bösartigen Objekte gefunden)
Infizierte Speichermodule:
(Keine bösartigen Objekte gefunden)
Infizierte Registrierungsschlüssel:
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\{19127ad2-394b-70f5-c650-b97867baa1f7} (Backdoor.Bot) -> Quarantined and deleted successfully.
Infizierte Registrierungswerte:
(Keine bösartigen Objekte gefunden)
Infizierte Dateiobjekte der Registrierung:
(Keine bösartigen Objekte gefunden)
Infizierte Verzeichnisse:
(Keine bösartigen Objekte gefunden)
Infizierte Dateien:
C:\Users\Fabian\AppData\Roaming\avdrn.dat (Malware.Trace) -> Quarantined and deleted successfully.
Hier mal die aktuelle File: Code:
g-FMalwarebytes' Anti-Malware 1.46
www.malwarebytes.org
Datenbank Version: 5154
Windows 6.0.6001 Service Pack 1
Internet Explorer 8.0.6001.18783
23.11.2010 13:12:08
mbam-log-2010-11-23 (13-12-08).txt
Art des Suchlaufs: Quick-Scan
Durchsuchte Objekte: 162935
Laufzeit: 5 Minute(n), 13 Sekunde(n)
Infizierte Speicherprozesse: 0
Infizierte Speichermodule: 0
Infizierte Registrierungsschlüssel: 0
Infizierte Registrierungswerte: 0
Infizierte Dateiobjekte der Registrierung: 0
Infizierte Verzeichnisse: 0
Infizierte Dateien: 0
Infizierte Speicherprozesse:
(Keine bösartigen Objekte gefunden)
Infizierte Speichermodule:
(Keine bösartigen Objekte gefunden)
Infizierte Registrierungsschlüssel:
(Keine bösartigen Objekte gefunden)
Infizierte Registrierungswerte:
(Keine bösartigen Objekte gefunden)
Infizierte Dateiobjekte der Registrierung:
(Keine bösartigen Objekte gefunden)
Infizierte Verzeichnisse:
(Keine bösartigen Objekte gefunden)
Infizierte Dateien:
(Keine bösartigen Objekte gefunden)
Zum Schluß bleibt zu sagen, dass ich glaube auch mit Spybot was gefunden hatte, kann mich auch irren, denn ich kann mich 0 erinnern.
So, ich habe alles ausführlich gemacht, wie es in der Anleitung steht. Ich hoffe, ihr könnt mir helfen, denn wenn ich sehe, wie lang so ne Log-File ist, kann ich mir nicht vorstellen, dass da jemand durchsieht!?
Das wars erstmal, bin gespannt auf Antworten.
Gruß
Fabian |
