Schwarzes Fenster öffnet sich kurz, Roaming?

#0
05.03.2011, 12:06
Member

Beiträge: 56
#1 Hallo, ich habe gestern über Msn eine Datei erhalten und geöffnet. Laut Absender eine Slideshow von Fotos. Seit dem Erhalt öffnet sich aber beim Neustart immer kurz ein schwarzes Fenster, wie es aus MS-DOS zu kennen ist. Mein Laptop scheint unverändert, aber dennoch gefällt mir das nicht. AntiVir habe ich laufen lassen, hat aber nichts gefunden. Was kann ich machen? Was ist das für ein Problem?
Vielen Dank für die Hilfe und liebe Grüsse,
Seitenanfang Seitenende
06.03.2011, 10:16
Passwort: gast
Avatar Gastaccount

Beiträge: 0
#2 Arbeite bitte folgendes ab:
http://board.protecus.de/t40182.htm

Mache erst bitte ein Mbam scan, lasse alle Funde loeschen und poste den Report
http://www.trojaner-board.de/51187-anleitung-malwarebytes-anti-malware.html
Seitenanfang Seitenende
06.03.2011, 14:30
Member

Themenstarter

Beiträge: 56
#3 Hier der Mbam Scan, sieht schon mal gut aus.

Malwarebytes' Anti-Malware 1.50.1.1100
www.malwarebytes.org

Datenbank Version: 5972

Windows 6.1.7600
Internet Explorer 8.0.7600.16385

06.03.2011 14:29:13
mbam-log-2011-03-06 (14-29-13).txt

Art des Suchlaufs: Quick-Scan
Durchsuchte Objekte: 163578
Laufzeit: 4 Minute(n), 36 Sekunde(n)

Infizierte Speicherprozesse: 0
Infizierte Speichermodule: 0
Infizierte Registrierungsschlüssel: 0
Infizierte Registrierungswerte: 1
Infizierte Dateiobjekte der Registrierung: 0
Infizierte Verzeichnisse: 0
Infizierte Dateien: 4

Infizierte Speicherprozesse:
(Keine bösartigen Objekte gefunden)

Infizierte Speichermodule:
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungsschlüssel:
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungswerte:
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\HKCU (Trojan.Downloader) -> Value: HKCU -> Quarantined and deleted successfully.

Infizierte Dateiobjekte der Registrierung:
(Keine bösartigen Objekte gefunden)

Infizierte Verzeichnisse:
(Keine bösartigen Objekte gefunden)

Infizierte Dateien:
c:\Users\marc\AppData\Roaming\logs.dat (Bifrose.Trace) -> Quarantined and deleted successfully.
c:\Users\marc\AppData\Local\Temp\UuU.uUu (Malware.Trace) -> Quarantined and deleted successfully.
c:\Users\marc\AppData\Local\Temp\XxX.xXx (Malware.Trace) -> Quarantined and deleted successfully.
c:\Users\marc\AppData\Roaming\com\server.exe (Trojan.Downloader) -> Quarantined and deleted successfully.













Und hier OTL:

Extra.txt

OTL Extras logfile created on: 06.03.2011 19:48:16 - Run 1
OTL by OldTimer - Version 3.2.22.2 Folder = C:\Users\marc\Downloads
64bit- Home Premium Edition (Version = 6.1.7600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.7600.16385)
Locale: 00000407 | Country: Schweiz | Language: DES | Date Format: dd.MM.yyyy

4,00 Gb Total Physical Memory | 2,00 Gb Available Physical Memory | 62,00% Memory free
8,00 Gb Paging File | 6,00 Gb Available in Paging File | 77,00% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 280,99 Gb Total Space | 199,02 Gb Free Space | 70,83% Space Free | Partition Type: NTFS
Drive D: | 16,81 Gb Total Space | 2,43 Gb Free Space | 14,46% Space Free | Partition Type: NTFS
Drive E: | 99,34 Mb Total Space | 89,69 Mb Free Space | 90,29% Space Free | Partition Type: FAT32
Drive F: | 327,38 Mb Total Space | 0,00 Mb Free Space | 0,00% Space Free | Partition Type: CDFS

Computer Name: MR_MOJITO | User Name: marc | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Include 64bit Scans
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

[color=#E56717]========== Extra Registry (SafeList) ==========[/color]


[color=#E56717]========== File Associations ==========[/color]

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.url[@ = InternetShortcut] -- C:\Windows\SysNative\rundll32.exe (Microsoft Corporation)

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- C:\Windows\SysWow64\control.exe (Microsoft Corporation)

[HKEY_CURRENT_USER\SOFTWARE\Classes\<extension>]
.html [@ = FirefoxHTML] -- C:\Program Files (x86)\Mozilla Firefox\firefox.exe (Mozilla Corporation)

[color=#E56717]========== Shell Spawning ==========[/color]

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %* File not found
cmdfile [open] -- "%1" %* File not found
comfile [open] -- "%1" %* File not found
exefile [open] -- "%1" %* File not found
helpfile [open] -- Reg Error: Key error.
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
InternetShortcut [open] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\ieframe.dll",OpenURL %l (Microsoft Corporation)
InternetShortcut [print] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\mshtml.dll",PrintHTML "%1" (Microsoft Corporation)
piffile [open] -- "%1" %* File not found
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1" File not found
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l File not found
scrfile [open] -- "%1" /S File not found
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1 File not found
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

[color=#E56717]========== Security Center Settings ==========[/color]

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"VistaSp1" = 28 4D B2 76 41 04 CA 01 [binary data]
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]

[color=#E56717]========== Firewall Settings ==========[/color]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1

[color=#E56717]========== Authorized Applications List ==========[/color]


[color=#E56717]========== HKEY_LOCAL_MACHINE Uninstall List ==========[/color]

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{0C682623-8F66-46A8-B9B3-93FE1E66A001}" = iTunes
"{0E3DAF3D-FF69-345A-A99E-1FED304CA083}" = Microsoft .NET Framework 4 Client Profile DEU Language Pack
"{10F539B1-31AF-43BF-9F0C-0EB66E918922}" = HP Quick Launch
"{1B8ABA62-74F0-47ED-B18C-A43128E591B8}" = Windows Live ID Sign-in Assistant
"{26A24AE4-039D-4CA4-87B4-2F86416017FF}" = Java(TM) 6 Update 17 (64-bit)
"{41BF0DE4-5BAE-4B88-AFD3-86A30B222186}" = Bonjour
"{4B6C7001-C7D6-3710-913E-5BC23FCE91E6}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148
"{55A4978B-CC3A-E5C2-5567-95B70A1D1432}" = ccc-utility64
"{8220EEFE-38CD-377E-8595-13398D740ACE}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17
"{9068B2BE-D93A-4C0A-861C-5E35E2C0E09E}" = Intel® Matrix Storage Manager
"{95120000-00B9-0409-1000-0000000FF1CE}" = Microsoft Application Error Reporting
"{963BFE7E-C350-4346-B43C-B02358306A45}" = Apple Mobile Device Support
"{9E9D49A4-1DF4-4138-B7DB-5D87A893088E}" = Broadcom 2070 Bluetooth 2.1 + EDR
"{B2FDEA1B-9B78-41CE-8A80-01D99D687D09}" = HP Wireless Assistant
"{C9083B9D-9092-FF22-DDCC-9776E69BE816}" = ATI Catalyst Install Manager
"{D07A61E5-A59C-433C-BCBD-22025FA2287B}" = Windows Live Language Selector
"{F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4}" = Microsoft .NET Framework 4 Client Profile
"3BA80AB4C7E9F8497C115C844953A3D4BEB84D21" = Windows Driver Package - Broadcom HIDClass (07/28/2009 6.2.0.9800)
"6B6B5E96843E55CF5CF8C7E45FB457F1FE642FF1" = Windows Driver Package - Broadcom Bluetooth (07/30/2009 6.2.0.9405)
"7E38E30BB92ED94B21CF062A7386554CBA991FEB" = Windows Driver Package - Broadcom Bluetooth (12/16/2009 6.2.0.9414)
"Broadcom 802.11 Wireless LAN Adapter" = Broadcom 802.11 Wireless LAN Adapter
"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile
"Microsoft .NET Framework 4 Client Profile DEU Language Pack" = Microsoft .NET Framework 4 Client Profile DEU Language Pack
"SynTPDeinstKey" = Synaptics Pointing Device Driver

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{00FF3F93-F2CE-BFBE-347E-C49F3A1780D9}" = CCC Help Dutch
"{01FB4998-33C4-4431-85ED-079E3EEFE75D}" = CyberLink YouCam
"{07FA4960-B038-49EB-891B-9F95930AA544}" = HP Customer Experience Enhancements
"{08DB3902-2CE0-474D-BCE3-0177766CE9F1}" = HP Support Assistant
"{0B0F231F-CE6A-483D-AA23-77B364F75917}" = Windows Live Installer
"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
"{1FBF6C24-C1FD-4101-A42B-0C564F9E8E79}" = CyberLink DVD Suite
"{200FEC62-3C34-4D60-9CE8-EC372E01C08F}" = Windows Live SOXE Definitions
"{223B6018-B8A2-7090-7BA9-4E2002DCAB86}" = Catalyst Control Center InstallProxy
"{254C37AA-6B72-4300-84F6-98A82419187E}" = ActiveCheck component for HP Active Support Library
"{26A24AE4-039D-4CA4-87B4-2F83216017FF}" = Java(TM) 6 Update 24
"{287ECFA4-719A-2143-A09B-D6A12DE54E40}" = Acrobat.com
"{2BC0D0E6-13E7-4CCB-98ED-1D8CDF89D96B}" = HP Software Framework
"{37B33B16-2535-49E7-8990-32668708A0A3}" = Windows Live UX Platform Language Pack
"{3877C901-7B90-4727-A639-B6ED2DD59D43}" = ESU for Microsoft Windows 7
"{3ECBC47D-7913-8D9D-8703-DC1969CB252A}" = CCC Help Danish
"{40BF1E83-20EB-11D8-97C5-0009C5020658}" = Power2Go
"{40FB8D7C-6FF8-4AF2-BC8B-0B1DB32AF04B}" = HP Advisor
"{43861B2A-0548-46B7-56E3-F2AB01311C7E}" = CCC Help Greek
"{44B2A0AB-412E-4F8C-B058-D1E8AECCDFF5}" = Recovery Manager
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{4EDCB0CC-305A-2D52-E9A5-E6CA59DFF2F7}" = CCC Help Turkish
"{4F80ACED-DE98-ECF3-0559-098936A13994}" = Catalyst Control Center Graphics Full New
"{51343725-98F7-D613-E46D-3C2198DF0162}" = Catalyst Control Center Core Implementation
"{57752979-A1C9-4C02-856B-FBB27AC4E02C}" = QuickTime
"{5EE7D259-D137-4438-9A5F-42F432EC0421}" = VC80CRTRedist - 8.0.50727.4053
"{621E909B-9AD0-8E66-336F-5B0284145719}" = CCC Help Japanese
"{63CE9AEA-F3F7-C1DC-EC4E-27A0DF0B9261}" = Catalyst Control Center Graphics Previews Common
"{65153EA5-8B6E-43B6-857B-C6E4FC25798A}" = Intel(R) Management Engine Components
"{669D4A35-146B-4314-89F1-1AC3D7B88367}" = HPAsset component for HP Active Support Library
"{682B3E4F-696A-42DE-A41C-4C07EA1678B4}" = Windows Live SOXE
"{6AFDE3BE-BC01-45A4-9D06-BBF5AD207313}" = LightScribe System Software
"{6B78BA3C-795D-C47D-5DD3-BEA98FF7CD6C}" = CCC Help Norwegian
"{6F4B5D6B-6FA4-ACDE-F89C-BF437D2302AF}" = Catalyst Control Center Graphics Light
"{76618402-179D-4699-A66B-D351C59436BC}" = Windows Live Sync
"{76E108BF-C1B2-A945-9EFC-FFA030D20E1E}" = CCC Help Russian
"{770657D0-A123-3C07-8E44-1C83EC895118}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
"{8354E8D3-B6FF-079F-E82F-73128A84A354}" = CCC Help Hungarian
"{837b34e3-7c30-493c-8f6a-2b0f04e2912c}" = Microsoft Visual C++ 2005 Redistributable
"{83C292B7-38A5-440B-A731-07070E81A64F}" = Windows Live PIMT Platform
"{873E4648-6F6E-47F6-A7B2-A6F8DFABDCE6}" = Windows Live Messenger
"{8833FFB6-5B0C-4764-81AA-06DFEED9A476}" = Realtek Ethernet Controller Driver For Windows 7
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{8DD46C6A-0056-4FEC-B70A-28BB16A1F11F}" = MSVCRT
"{90110407-6000-11D3-8CFE-0150048383C9}" = Microsoft Office Professional Edition 2003
"{90120000-0020-0407-0000-0000000FF1CE}" = Compatibility Pack für 2007 Office System
"{90170407-6000-11D3-8CFE-0150048383C9}" = Microsoft Office FrontPage 2003
"{90510407-6000-11D3-8CFE-0150048383C9}" = Microsoft Office Visio Professional 2003
"{90A10407-6000-11D3-8CFE-0150048383C9}" = Microsoft Office OneNote 2003
"{934B3B9F-8B5F-AA7F-770E-117C9B7B4DCA}" = CCC Help Czech
"{96AE7E41-E34E-47D0-AC07-1091A8127911}" = Realtek USB 2.0 Card Reader
"{99CFB83D-D10A-F740-2EE5-02BB86F79BBB}" = CCC Help Chinese Standard
"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
"{9B90C530-7A5F-7997-6275-A66AB973148B}" = CCC Help Italian
"{A2BCA9F1-566C-4805-97D1-7FDC93386723}" = Adobe AIR
"{A8516AC9-AAF1-47F9-9766-03E2D4CDBCF8}" = CyberLink PowerDVD 9
"{A9BDCA6B-3653-467B-AC83-94367DA3BFE3}" = Windows Live Photo Common
"{AAC22E56-5466-8E1E-4533-81E0AC51120B}" = CCC Help Spanish
"{AB4CE98A-220A-1F05-A513-6CA5C9F34A8A}" = Catalyst Control Center Graphics Previews Vista
"{AC76BA86-7AD7-FFFF-7B44-A91000000001}" = Adobe Reader 9.4.2 MUI
"{C1A0D5F7-02F3-4D95-872A-0E56CF968DC6}" = Catalyst Control Center - Branding
"{C2483D27-D725-95FD-6EBF-8AAE23A8342C}" = CCC Help Portuguese
"{C2AB7DC4-489E-4BE9-887A-52262FBADBE0}" = Windows Live Photo Common
"{C388F68C-5AA9-ECE2-6FD7-73EB09FD5130}" = CCC Help Korean
"{C41300B9-185D-475E-BFEC-39EF732F19B1}" = Apple Software Update
"{C57BCDE1-7CB9-467D-B3BA-7E119916CDC1}" = Norton Online Backup
"{C59C179C-668D-49A9-B6EA-0121CCFC1243}" = LabelPrint
"{C829AA7D-3113-0942-06D1-1A2CFA850920}" = CCC Help French
"{CB099890-1D5F-11D5-9EA9-0050BAE317E1}" = PowerDirector
"{CC639DE4-356A-B032-BE59-52ED46879591}" = CCC Help Thai
"{CE95A79E-E4FC-4FFF-8A75-29F04B942FF2}" = Windows Live UX Platform
"{D3058349-D2ED-4A3B-651B-9882B3BD7F8D}" = Catalyst Control Center Localization All
"{D36DD326-7280-11D8-97C8-000129760CBE}" = PhotoNow!
"{D3E9CA09-20E8-F218-15F3-3E1CA0EEFB4D}" = PX Profile Update
"{D45240D3-B6B3-4FF9-B243-54ECE3E10066}" = Windows Live Communications Platform
"{D46D081B-F60E-467E-A7C4-117B70D76731}" = HP Update
"{D6C630BF-8DBB-4042-8562-DC9A52CB6E7E}" = Intel(R) Turbo Boost Technology Driver
"{D895ACBB-697F-1C12-6E3F-3A6229D19857}" = CCC Help German
"{D8DFA46A-39F7-4368-810D-18AFCFDDAEAF}" = Adobe Shockwave Player
"{D9ABACA0-5C8B-6D8E-6881-65EF2F13B987}" = CCC Help Polish
"{DE22695F-CB6A-B64F-8477-275C1FCF3001}" = Catalyst Control Center Graphics Full Existing
"{E09C4DB7-630C-4F06-A631-8EA7239923AF}" = D3DX10
"{E10AD9B8-1A7C-87E9-2ABE-8F852A89A369}" = CCC Help English
"{E2831862-F131-4327-B9CC-FA30F587EB6C}" = HP Setup
"{EAA941D9-93E7-2C0B-0754-0806755CD5F3}" = ccc-core-static
"{EB4DF488-AAEF-406F-A341-CB2AAA315B90}" = Windows Live Messenger
"{EE6097DD-05F4-4178-9719-D3170BF098E8}" = Apple Application Support
"{EF0970F3-19FE-CDA9-837B-C9EA53D5DBED}" = CCC Help Finnish
"{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver
"{F37935A0-AFC8-47F9-8B7D-D09E88FCA0B8}" = HP User Guides 0211
"{F580D6C2-140E-143A-1013-3C3A4FCCB3A1}" = CCC Help Chinese Traditional
"{F95E4EE0-0C6E-4273-B6B9-91FD6F071D76}" = Windows Live Essentials
"{F9842DD1-81B6-AF2C-72C2-F28B56A5B6DF}" = CCC Help Swedish
"{FF66E9F6-83E7-3A3E-AF14-8DE9A809A6A4}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022
"Adobe AIR" = Adobe AIR
"Adobe Flash Player ActiveX" = Adobe Flash Player 10 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 10 Plugin
"Age of Empires 2.0" = Microsoft Age of Empires II
"Applian Director2.0" = Applian Director
"Avira AntiVir Desktop" = Avira AntiVir Personal - Free Antivirus
"BitTorrent" = BitTorrent
"DivX Setup.divx.com" = DivX-Setup
"EasyBits Magic Desktop" = Magic Desktop
"FLV-Media Player" = FLV-Media Player 1.8
"Free Audio CD Burner_is1" = Free Audio CD Burner version 1.4
"Free YouTube to MP3 Converter_is1" = Free YouTube to MP3 Converter version 3.8
"InstallShield_{01FB4998-33C4-4431-85ED-079E3EEFE75D}" = CyberLink YouCam
"InstallShield_{1FBF6C24-C1FD-4101-A42B-0C564F9E8E79}" = CyberLink DVD Suite
"InstallShield_{40BF1E83-20EB-11D8-97C5-0009C5020658}" = Power2Go
"InstallShield_{A8516AC9-AAF1-47F9-9766-03E2D4CDBCF8}" = CyberLink PowerDVD 9
"InstallShield_{C59C179C-668D-49A9-B6EA-0121CCFC1243}" = LabelPrint
"InstallShield_{CB099890-1D5F-11D5-9EA9-0050BAE317E1}" = PowerDirector
"InstallShield_{D36DD326-7280-11D8-97C8-000129760CBE}" = PhotoNow!
"Malwarebytes' Anti-Malware_is1" = Malwarebytes' Anti-Malware
"Mozilla Firefox (3.6.14)" = Mozilla Firefox (3.6.14)
"My HP Game Console" = HP Game Console
"Nero8Lite_is1" = Nero 8 Lite
"NIS" = Norton Internet Security
"Replay Video Capture4.2" = Replay Video Capture
"Uninstall_is1" = Uninstall 1.0.0.1
"WildTangent hp Master Uninstall" = HP Games
"WinGimp-2.0_is1" = GIMP 2.6.11
"WinLiveSuite" = Windows Live Essentials
"WinRAR archiver" = WinRAR
"WT082124" = Blasterball 3
"WT082141" = FATE
"WT082168" = Penguins!
"WT082172" = Polar Bowler
"WT082192" = Bejeweled 2 Deluxe
"WT082200" = Chuzzle Deluxe
"WT082222" = Insaniquarium Deluxe
"WT082241" = Virtual Villagers - The Secret City
"WT082246" = Zuma Deluxe
"WT082396" = Diner Dash 2 Restaurant Rescue
"WT082409" = Mahjongg Artifacts
"WT082414" = Mystery P.I. - The Vegas Heist
"WT082422" = Wedding Dash
"WT082427" = Slingo Deluxe
"WT082439" = Bus Driver
"WT083492" = Agatha Christie - Death on the Nile
"WT083510" = Jewel Quest Solitaire
"WT083514" = Jewel Quest II
"WT083521" = Dream Chronicles
"WT083529" = Gem Shop

[color=#E56717]========== Last 10 Event Log Errors ==========[/color]

[ Application Events ]
Error - 18.02.2011 16:15:52 | Computer Name = mr_mojito | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: m->NextScheduledEvent 1372

Error - 18.02.2011 16:15:52 | Computer Name = mr_mojito | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: m->NextScheduledSPRetry 1372

Error - 18.02.2011 16:15:53 | Computer Name = mr_mojito | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: Continuously busy for more than a second

Error - 18.02.2011 16:15:53 | Computer Name = mr_mojito | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: m->NextScheduledEvent 2402

Error - 18.02.2011 16:15:53 | Computer Name = mr_mojito | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: m->NextScheduledSPRetry 2402

Error - 19.02.2011 14:55:45 | Computer Name = mr_mojito | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: Continuously busy for more than a second

Error - 19.02.2011 14:55:45 | Computer Name = mr_mojito | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: m->NextScheduledEvent 16006

Error - 19.02.2011 14:55:45 | Computer Name = mr_mojito | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: m->NextScheduledSPRetry 16006

Error - 20.02.2011 08:30:32 | Computer Name = mr_mojito | Source = SideBySide | ID = 16842815
Description = Fehler beim Generieren des Aktivierungskontextes für "c:\Program Files
(x86)\Common Files\Adobe AIR\Versions\1.0\Adobe AIR.dll". Fehler in Manifest- oder
Richtliniendatei "c:\Program Files (x86)\Common Files\Adobe AIR\Versions\1.0\Adobe
AIR.dll" in Zeile 3. Der Wert "MAJOR_VERSION.MINOR_VERSION.BUILD_NUMBER_MAJOR.BUILD_NUMBER_MINOR"
des "version"-Attributs im assemblyIdentity-Element ist ungültig.

Error - 20.02.2011 08:31:25 | Computer Name = mr_mojito | Source = SideBySide | ID = 16842832
Description = Fehler beim Generieren des Aktivierungskontexts für "c:\program files
(x86)\Nero\nero toolkit\nero discspeed\DiscSpeed.exe". Fehler in Manifest- oder
Richtliniendatei "" in Zeile . Eine für die Anwendung erforderliche Komponentenversion
steht in Konflikt mit einer anderen, bereits aktiven Komponentenversion. In Konflikt
stehende Komponenten:. Komponente 1: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7600.16661_none_fa62ad231704eab7.manifest.
Komponente
2: C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7600.16661_none_420fe3fa2b8113bd.manifest.

[ Hewlett-Packard Events ]
Error - 03.10.2010 06:28:36 | Computer Name = mr_mojito | Source = Hewlett-Packard | ID = 0
Description = de-CH Die Datei "C:\Program Files (x86)\Hewlett-Packard\HP Support
Framework\Logs\SystemInfoAA.xml" konnte nicht gefunden werden. mscorlib bei System.IO.__Error.WinIOError(Int32
errorCode, String maybeFullPath) bei System.IO.FileStream.Init(String path, FileMode
mode, FileAccess access, Int32 rights, Boolean useRights, FileShare share, Int32
bufferSize, FileOptions options, SECURITY_ATTRIBUTES secAttrs, String msgPath,
Boolean bFromProxy) bei System.IO.FileStream..ctor(String path, FileMode mode,
FileAccess access, FileShare share, Int32 bufferSize, FileOptions options, String
msgPath, Boolean bFromProxy) bei System.IO.FileStream..ctor(String path, FileMode
mode, FileAccess access, FileShare share, Int32 bufferSize, FileOptions options)

bei System.IO.StreamReader..ctor(String path, Encoding encoding, Boolean detectEncodingFromByteOrderMarks,
Int32 bufferSize) bei System.IO.StreamReader..ctor(String path, Encoding encoding)

bei System.IO.File.ReadAllText(String path, Encoding encoding) bei n.a()

Error - 24.10.2010 11:00:52 | Computer Name = mr_mojito | Source = Hewlett-Packard | ID = 0
Description = de-CH Die Datei "C:\Program Files (x86)\Hewlett-Packard\HP Support
Framework\Logs\SystemInfoAA.xml" konnte nicht gefunden werden. mscorlib bei System.IO.__Error.WinIOError(Int32
errorCode, String maybeFullPath) bei System.IO.FileStream.Init(String path, FileMode
mode, FileAccess access, Int32 rights, Boolean useRights, FileShare share, Int32
bufferSize, FileOptions options, SECURITY_ATTRIBUTES secAttrs, String msgPath,
Boolean bFromProxy) bei System.IO.FileStream..ctor(String path, FileMode mode,
FileAccess access, FileShare share, Int32 bufferSize, FileOptions options, String
msgPath, Boolean bFromProxy) bei System.IO.FileStream..ctor(String path, FileMode
mode, FileAccess access, FileShare share, Int32 bufferSize, FileOptions options)

bei System.IO.StreamReader..ctor(String path, Encoding encoding, Boolean detectEncodingFromByteOrderMarks,
Int32 bufferSize) bei System.IO.StreamReader..ctor(String path, Encoding encoding)

bei System.IO.File.ReadAllText(String path, Encoding encoding) bei n.a()

Error - 07.11.2010 05:20:16 | Computer Name = mr_mojito | Source = Hewlett-Packard | ID = 0
Description = de-CH Die Datei "C:\Program Files (x86)\Hewlett-Packard\HP Support
Framework\Logs\SystemInfoAA.xml" konnte nicht gefunden werden. mscorlib bei System.IO.__Error.WinIOError(Int32
errorCode, String maybeFullPath) bei System.IO.FileStream.Init(String path, FileMode
mode, FileAccess access, Int32 rights, Boolean useRights, FileShare share, Int32
bufferSize, FileOptions options, SECURITY_ATTRIBUTES secAttrs, String msgPath,
Boolean bFromProxy) bei System.IO.FileStream..ctor(String path, FileMode mode,
FileAccess access, FileShare share, Int32 bufferSize, FileOptions options, String
msgPath, Boolean bFromProxy) bei System.IO.FileStream..ctor(String path, FileMode
mode, FileAccess access, FileShare share, Int32 bufferSize, FileOptions options)

bei System.IO.StreamReader..ctor(String path, Encoding encoding, Boolean detectEncodingFromByteOrderMarks,
Int32 bufferSize) bei System.IO.StreamReader..ctor(String path, Encoding encoding)

bei System.IO.File.ReadAllText(String path, Encoding encoding) bei n.a()

Error - 14.11.2010 15:12:06 | Computer Name = mr_mojito | Source = Hewlett-Packard | ID = 0
Description = de-CH Die Datei "C:\Program Files (x86)\Hewlett-Packard\HP Support
Framework\Logs\SystemInfoAA.xml" konnte nicht gefunden werden. mscorlib bei System.IO.__Error.WinIOError(Int32
errorCode, String maybeFullPath) bei System.IO.FileStream.Init(String path, FileMode
mode, FileAccess access, Int32 rights, Boolean useRights, FileShare share, Int32
bufferSize, FileOptions options, SECURITY_ATTRIBUTES secAttrs, String msgPath,
Boolean bFromProxy) bei System.IO.FileStream..ctor(String path, FileMode mode,
FileAccess access, FileShare share, Int32 bufferSize, FileOptions options, String
msgPath, Boolean bFromProxy) bei System.IO.FileStream..ctor(String path, FileMode
mode, FileAccess access, FileShare share, Int32 bufferSize, FileOptions options)

bei System.IO.StreamReader..ctor(String path, Encoding encoding, Boolean detectEncodingFromByteOrderMarks,
Int32 bufferSize) bei System.IO.StreamReader..ctor(String path, Encoding encoding)

bei System.IO.File.ReadAllText(String path, Encoding encoding) bei n.a()

Error - 21.11.2010 13:58:34 | Computer Name = mr_mojito | Source = Hewlett-Packard | ID = 0
Description = de-CH Der Objektverweis wurde nicht auf eine Objektinstanz festgelegt.
Configurator

bei Configurator.ConfiguratorClass.loadXML() bei Configurator.ConfiguratorClass..ctor(Boolean
loadxml) bei HPSFConfigReader.ConfigHelper..ctor() bei HPAssistant.csSettings.loadApplicationResources(Boolean
isOnAppLoad)

Error - 12.12.2010 06:09:31 | Computer Name = mr_mojito | Source = Hewlett-Packard | ID = 0
Description = de-CH Die Datei "C:\Program Files (x86)\Hewlett-Packard\HP Support
Framework\Logs\SystemInfoAA.xml" konnte nicht gefunden werden. mscorlib bei System.IO.__Error.WinIOError(Int32
errorCode, String maybeFullPath) bei System.IO.FileStream.Init(String path, FileMode
mode, FileAccess access, Int32 rights, Boolean useRights, FileShare share, Int32
bufferSize, FileOptions options, SECURITY_ATTRIBUTES secAttrs, String msgPath,
Boolean bFromProxy) bei System.IO.FileStream..ctor(String path, FileMode mode,
FileAccess access, FileShare share, Int32 bufferSize, FileOptions options, String
msgPath, Boolean bFromProxy) bei System.IO.FileStream..ctor(String path, FileMode
mode, FileAccess access, FileShare share, Int32 bufferSize, FileOptions options)

bei System.IO.StreamReader..ctor(String path, Encoding encoding, Boolean detectEncodingFromByteOrderMarks,
Int32 bufferSize) bei System.IO.StreamReader..ctor(String path, Encoding encoding)

bei System.IO.File.ReadAllText(String path, Encoding encoding) bei n.a()

[ HP Wireless Assistant Events ]
Error - 02.03.2011 11:55:58 | Computer Name = mr_mojito | Source = HP WA Service | ID = 0
Description = GetPanelBrightnessTables() failed : e_BIOS_INVALID_COMMAND_TYPE

Error - 02.03.2011 11:55:58 | Computer Name = mr_mojito | Source = HP WA Service | ID = 0
Description = Unable to access panel brightness tables.

Error - 02.03.2011 11:55:59 | Computer Name = mr_mojito | Source = HP WA Service | ID = 0
Description = System.Management.ManagementException Nicht unterstützt bei System.Management.ManagementException.ThrowWithExtendedInfo(ManagementStatus
errorCode) bei System.Management.ManagementObjectCollection.ManagementObjectEnumerator.MoveNext()

bei HPPA_Service.CurrentConfiguration.GetPanelBrightnessPercentage()

Error - 03.03.2011 02:20:46 | Computer Name = mr_mojito | Source = HP WA Service | ID = 0
Description = GetPanelBrightnessTables() failed : e_BIOS_INVALID_COMMAND_TYPE

Error - 03.03.2011 10:17:13 | Computer Name = mr_mojito | Source = HP WA Service | ID = 0
Description = GetPanelBrightnessTables() failed : e_BIOS_INVALID_COMMAND_TYPE

Error - 04.03.2011 20:12:56 | Computer Name = mr_mojito | Source = HP WA Service | ID = 0
Description = GetPanelBrightnessTables() failed : e_BIOS_INVALID_COMMAND_TYPE

Error - 05.03.2011 05:12:09 | Computer Name = mr_mojito | Source = HP WA Service | ID = 0
Description = GetPanelBrightnessTables() failed : e_BIOS_INVALID_COMMAND_TYPE

Error - 05.03.2011 10:44:33 | Computer Name = mr_mojito | Source = HP WA Service | ID = 0
Description = GetPanelBrightnessTables() failed : e_BIOS_INVALID_COMMAND_TYPE

Error - 06.03.2011 08:41:15 | Computer Name = mr_mojito | Source = HP WA Service | ID = 0
Description = GetPanelBrightnessTables() failed : e_BIOS_INVALID_COMMAND_TYPE

Error - 06.03.2011 09:34:12 | Computer Name = mr_mojito | Source = HP WA Service | ID = 0
Description = GetPanelBrightnessTables() failed : e_BIOS_INVALID_COMMAND_TYPE

[ System Events ]
Error - 13.12.2010 02:56:59 | Computer Name = mr_mojito | Source = Service Control Manager | ID = 7011
Description = Das Zeitlimit (30000 ms) wurde beim Warten auf eine Transaktionsrückmeldung
von Dienst HPWMISVC erreicht.

Error - 13.12.2010 08:05:49 | Computer Name = mr_mojito | Source = Service Control Manager | ID = 7030
Description = Der Dienst "ICQ Service" ist als interaktiver Dienst gekennzeichnet.
Das System wurde jedoch so konfiguriert, dass interaktive Dienste nicht möglich
sind. Der Dienst wird möglicherweise nicht richtig funktionieren.

Error - 13.12.2010 08:05:49 | Computer Name = mr_mojito | Source = Service Control Manager | ID = 7030
Description = Der Dienst "ICQ Service" ist als interaktiver Dienst gekennzeichnet.
Das System wurde jedoch so konfiguriert, dass interaktive Dienste nicht möglich
sind. Der Dienst wird möglicherweise nicht richtig funktionieren.


< End of report >








OTL logfile created on: 06.03.2011 19:48:16 - Run 1
OTL by OldTimer - Version 3.2.22.2 Folder = C:\Users\marc\Downloads
64bit- Home Premium Edition (Version = 6.1.7600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.7600.16385)
Locale: 00000407 | Country: Schweiz | Language: DES | Date Format: dd.MM.yyyy

4,00 Gb Total Physical Memory | 2,00 Gb Available Physical Memory | 62,00% Memory free
8,00 Gb Paging File | 6,00 Gb Available in Paging File | 77,00% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 280,99 Gb Total Space | 199,02 Gb Free Space | 70,83% Space Free | Partition Type: NTFS
Drive D: | 16,81 Gb Total Space | 2,43 Gb Free Space | 14,46% Space Free | Partition Type: NTFS
Drive E: | 99,34 Mb Total Space | 89,69 Mb Free Space | 90,29% Space Free | Partition Type: FAT32
Drive F: | 327,38 Mb Total Space | 0,00 Mb Free Space | 0,00% Space Free | Partition Type: CDFS

Computer Name: MR_MOJITO | User Name: marc | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Include 64bit Scans
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

[color=#E56717]========== Processes (SafeList) ==========[/color]

PRC - C:\Users\marc\Downloads\OTL.exe (OldTimer Tools)
PRC - C:\Program Files (x86)\Mozilla Firefox\firefox.exe (Mozilla Corporation)
PRC - C:\Windows\SysWOW64\Macromed\Flash\FlashUtil10n_ActiveX.exe (Adobe Systems, Inc.)
PRC - C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe (Avira GmbH)
PRC - C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe (Avira GmbH)
PRC - C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe (Avira GmbH)
PRC - C:\Program Files (x86)\Hewlett-Packard\Shared\HPDrvMntSvc.exe (Hewlett-Packard Company)
PRC - C:\Program Files (x86)\NortonInstaller\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS\A5E82D02\17.0.0.136\InstStub.exe (Symantec Corporation)
PRC - C:\Windows\SysWOW64\explorer.exe (Microsoft Corporation)
PRC - C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe (Intel Corporation)
PRC - C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe (Intel Corporation)
PRC - C:\Windows\SysWOW64\ezSharedSvcHost.exe (EasyBits Software AS)
PRC - C:\Programme\WIDCOMM\Bluetooth Software\BluetoothHeadsetProxy.exe (Broadcom Corporation.)
PRC - C:\Program Files (x86)\Intel\Intel Matrix Storage Manager\IAAnotif.exe (Intel Corporation)
PRC - C:\Program Files (x86)\Intel\Intel Matrix Storage Manager\IAANTMon.exe (Intel Corporation)
PRC - C:\Program Files (x86)\Norton Internet Security\Engine\17.0.0.136\ccSvcHst.exe (Symantec Corporation)


[color=#E56717]========== Modules (SafeList) ==========[/color]

MOD - C:\Users\marc\Downloads\OTL.exe (OldTimer Tools)
MOD - C:\Windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7600.16661_none_420fe3fa2b8113bd\comctl32.dll (Microsoft Corporation)


[color=#E56717]========== Win32 Services (SafeList) ==========[/color]

SRV:64bit: - (AMD External Events Utility) -- C:\Windows\SysNative\atiesrxx.exe (AMD)
SRV:64bit: - (HP Wireless Assistant Service) -- C:\Program Files\Hewlett-Packard\HP Wireless Assistant\HPWA_Service.exe (Hewlett-Packard)
SRV - (AntiVirService) -- C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe (Avira GmbH)
SRV - (AntiVirSchedulerService) -- C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe (Avira GmbH)
SRV - (HPDrvMntSvc.exe) -- C:\Program Files (x86)\Hewlett-Packard\Shared\HPDrvMntSvc.exe (Hewlett-Packard Company)
SRV - (UNS) Intel(R) -- C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe (Intel Corporation)
SRV - (LMS) Intel(R) -- C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe (Intel Corporation)
SRV - (clr_optimization_v4.0.30319_32) -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe (Microsoft Corporation)
SRV - (HPWMISVC) -- C:\Programme\Hewlett-Packard\HP Quick Launch\HPWMISVC.exe ()
SRV - (GameConsoleService) -- C:\Program Files (x86)\HP Games\HP Game Console\GameConsoleService.exe (WildTangent, Inc.)
SRV - (btwdins) -- C:\Programme\WIDCOMM\Bluetooth Software\btwdins.exe (Broadcom Corporation.)
SRV - (AERTFilters) -- C:\Programme\Realtek\Audio\HDA\AERTSr64.exe (Andrea Electronics Corporation)
SRV - (IAANTMON) Intel(R) -- C:\Program Files (x86)\Intel\Intel Matrix Storage Manager\IAANTMon.exe (Intel Corporation)
SRV - (NIS) -- C:\Program Files (x86)\Norton Internet Security\Engine\17.0.0.136\ccSvcHst.exe (Symantec Corporation)
SRV - (clr_optimization_v2.0.50727_32) -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe (Microsoft Corporation)


[color=#E56717]========== Driver Services (SafeList) ==========[/color]

DRV:64bit: - (avgntflt) -- C:\Windows\SysNative\drivers\avgntflt.sys (Avira GmbH)
DRV:64bit: - (BCM43XX) -- C:\Windows\SysNative\drivers\BCMWL664.SYS (Broadcom Corporation)
DRV:64bit: - (SynTP) -- C:\Windows\SysNative\drivers\SynTP.sys (Synaptics Incorporated)
DRV:64bit: - (RTL8167) -- C:\Windows\SysNative\drivers\Rt64win7.sys (Realtek )
DRV:64bit: - (amdkmdag) -- C:\Windows\SysNative\drivers\atipmdag.sys (ATI Technologies Inc.)
DRV:64bit: - (intelkmd) -- C:\Windows\SysNative\drivers\igdpmd64.sys (Intel Corporation)
DRV:64bit: - (igfx) -- C:\Windows\SysNative\drivers\igdkmd64.sys (Intel Corporation)
DRV:64bit: - (amdkmdap) -- C:\Windows\SysNative\drivers\atikmpag.sys (Advanced Micro Devices, Inc.)
DRV:64bit: - (avipbb) -- C:\Windows\SysNative\drivers\avipbb.sys (Avira GmbH)
DRV:64bit: - (Impcd) -- C:\Windows\SysNative\drivers\Impcd.sys (Intel Corporation)
DRV:64bit: - (AtiHdmiService) -- C:\Windows\SysNative\drivers\AtiHdmi.sys (ATI Technologies, Inc.)
DRV:64bit: - (btwrchid) -- C:\Windows\SysNative\drivers\btwrchid.sys (Broadcom Corporation.)
DRV:64bit: - (btwl2cap) -- C:\Windows\SysNative\drivers\btwl2cap.sys (Broadcom Corporation.)
DRV:64bit: - (btwavdt) -- C:\Windows\SysNative\drivers\btwavdt.sys (Broadcom Corporation.)
DRV:64bit: - (btwaudio) -- C:\Windows\SysNative\drivers\btwaudio.sys (Broadcom Corporation.)
DRV:64bit: - (iaStor) -- C:\Windows\SysNative\drivers\iaStor.sys (Intel Corporation)
DRV:64bit: - (RSUSBSTOR) -- C:\Windows\SysNative\drivers\RtsUStor.sys (Realtek Semiconductor Corp.)
DRV:64bit: - (HECIx64) Intel(R) -- C:\Windows\SysNative\drivers\HECIx64.sys (Intel Corporation)
DRV:64bit: - (SRTSP) -- C:\Windows\SysNative\drivers\NISx64\1100000.088\srtsp64.sys (Symantec Corporation)
DRV:64bit: - (SRTSPX) Symantec Real Time Storage Protection (PEL) -- C:\Windows\SysNative\drivers\NISx64\1100000.088\srtspx64.sys (Symantec Corporation)
DRV:64bit: - (amdsata) -- C:\Windows\SysNative\drivers\amdsata.sys (Advanced Micro Devices)
DRV:64bit: - (amdxata) -- C:\Windows\SysNative\drivers\amdxata.sys (Advanced Micro Devices)
DRV:64bit: - (amdsbs) -- C:\Windows\SysNative\drivers\amdsbs.sys (AMD Technologies Inc.)
DRV:64bit: - (LSI_SAS2) -- C:\Windows\SysNative\drivers\lsi_sas2.sys (LSI Corporation)
DRV:64bit: - (HpSAMD) -- C:\Windows\SysNative\drivers\HpSAMD.sys (Hewlett-Packard Company)
DRV:64bit: - (stexstor) -- C:\Windows\SysNative\drivers\stexstor.sys (Promise Technology)
DRV:64bit: - (sdbus) -- C:\Windows\SysNative\drivers\sdbus.sys (Microsoft Corporation)
DRV:64bit: - (SrvHsfV92) -- C:\Windows\SysNative\drivers\VSTDPV6.SYS (Conexant Systems, Inc.)
DRV:64bit: - (SrvHsfWinac) -- C:\Windows\SysNative\drivers\VSTCNXT6.SYS (Conexant Systems, Inc.)
DRV:64bit: - (SrvHsfHDA) -- C:\Windows\SysNative\drivers\VSTAZL6.SYS (Conexant Systems, Inc.)
DRV:64bit: - (AgereSoftModem) -- C:\Windows\SysNative\drivers\agrsm64.sys (LSI Corp)
DRV:64bit: - (Ntfs) -- C:\Windows\SysNative\wbem\ntfs.mof ()
DRV:64bit: - (yukonw7) -- C:\Windows\SysNative\drivers\yk62x64.sys (Marvell)
DRV:64bit: - (netw5v64) Intel(R) -- C:\Windows\SysNative\drivers\netw5v64.sys (Intel Corporation)
DRV:64bit: - (ebdrv) -- C:\Windows\SysNative\drivers\evbda.sys (Broadcom Corporation)
DRV:64bit: - (b06bdrv) -- C:\Windows\SysNative\drivers\bxvbda.sys (Broadcom Corporation)
DRV:64bit: - (b57nd60a) -- C:\Windows\SysNative\drivers\b57nd60a.sys (Broadcom Corporation)
DRV:64bit: - (hcw85cir) -- C:\Windows\SysNative\drivers\hcw85cir.sys (Hauppauge Computer Works, Inc.)
DRV:64bit: - (GEARAspiWDM) -- C:\Windows\SysNative\drivers\GEARAspiWDM.sys (GEAR Software Inc.)
DRV:64bit: - (KMWDFILTER) -- C:\Windows\SysNative\drivers\KMWDFILTER.sys (Windows (R) Codename Longhorn DDK provider)
DRV - (RSUSBSTOR) -- C:\Windows\SysWOW64\drivers\RtsUStor.sys (Realtek Semiconductor Corp.)
DRV - (NAVEX15) -- C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_17.0.0.136\Definitions\VirusDefs\20090829.019\EX64.SYS (Symantec Corporation)
DRV - (NAVENG) -- C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_17.0.0.136\Definitions\VirusDefs\20090829.019\ENG64.SYS (Symantec Corporation)


[color=#E56717]========== Standard Registry (SafeList) ==========[/color]


[color=#E56717]========== Internet Explorer ==========[/color]

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://g.uk.msn.com/HPCON/12
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://g.uk.msn.com/HPCON/12

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://g.uk.msn.com/HPCON/12
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.google.de/
IE - HKCU\..\URLSearchHook: - Reg Error: Key error. File not found
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local

[color=#E56717]========== FireFox ==========[/color]

FF - prefs.js..browser.search.defaultenginename: "ICQ Search"
FF - prefs.js..browser.search.selectedEngine: "ICQ Search"
FF - prefs.js..browser.search.useDBForOrder: true
FF - prefs.js..browser.startup.homepage: "http://www.google.ch"
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}:6.0.22
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA}:6.0.23
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA}:6.0.24
FF - prefs.js..keyword.URL: "http://search.icq.com/search/afe_results.php?ch_id=afex&tb_ver=1.1.7&q="

FF - HKLM\software\mozilla\Firefox\Extensions\\{BBDA0591-3099-440a-AA10-41764D9DB4DB}: C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_17.0.0.136\IPSFFPlgn\
FF - HKLM\software\mozilla\Firefox\Extensions\\{4C0766D3-67A7-45a3-85A2-752F77312F32}: C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_17.0.0.136\coFFPlgn\
FF - HKLM\software\mozilla\Mozilla Firefox 3.6.14\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2011.03.05 01:07:22 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.6.14\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins [2011.03.05 01:07:22 | 000,000,000 | ---D | M]

[2010.09.01 12:33:54 | 000,000,000 | ---D | M] (No name found) -- C:\Users\marc\AppData\Roaming\mozilla\Extensions
[2011.02.07 10:43:13 | 000,000,000 | ---D | M] (No name found) -- C:\Users\marc\AppData\Roaming\mozilla\Firefox\Profiles\jh8lz2zq.default\extensions
[2011.02.21 08:09:32 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\mozilla firefox\extensions
[2010.09.30 19:13:36 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files (x86)\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}
[2010.11.20 12:56:26 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files (x86)\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}
[2010.12.29 13:37:01 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files (x86)\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA}
[2011.02.21 08:09:32 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files (x86)\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA}
[2011.02.02 21:40:24 | 000,472,808 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files (x86)\mozilla firefox\plugins\npdeployJava1.dll
[2010.10.06 16:31:22 | 000,001,392 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\amazondotcom-de.xml
[2010.10.06 16:31:22 | 000,002,344 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\eBay-de.xml
[2010.10.06 16:31:22 | 000,006,805 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\leo_ende_de.xml
[2010.10.06 16:31:22 | 000,001,178 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\wikipedia-de.xml
[2010.10.06 16:31:22 | 000,001,105 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\yahoo-de.xml

O1 HOSTS File: ([2009.06.10 22:00:26 | 000,000,824 | ---- | M]) - C:\Windows\SysNative\drivers\etc\hosts
O2:64bit: - BHO: (Windows Live ID Sign-in Helper) - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Programme\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)
O2 - BHO: (Symantec NCO BHO) - {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} - C:\Program Files (x86)\Norton Internet Security\Engine\17.0.0.136\coIEPlg.dll (Symantec Corporation)
O2 - BHO: (Symantec Intrusion Prevention) - {6D53EC84-6AAE-4787-AEEE-F4628F01010C} - C:\Program Files (x86)\Norton Internet Security\Engine\17.0.0.136\IPSBHO.DLL (Symantec Corporation)
O3 - HKLM\..\Toolbar: (Norton Toolbar) - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files (x86)\Norton Internet Security\Engine\17.0.0.136\coIEPlg.dll (Symantec Corporation)
O4:64bit: - HKLM..\Run: [HotKeysCmds] C:\Windows\SysNative\hkcmd.exe (Intel Corporation)
O4:64bit: - HKLM..\Run: [HP Quick Launch] C:\Programme\Hewlett-Packard\HP Quick Launch\HPMSGSVC.exe (Hewlett-Packard Company)
O4:64bit: - HKLM..\Run: [HPWirelessAssistant] C:\Program Files\Hewlett-Packard\HP Wireless Assistant\DelayedAppStarter.exe ()
O4:64bit: - HKLM..\Run: [IAAnotif] C:\Program Files (x86)\Intel\Intel Matrix Storage Manager\iaanotif.exe (Intel Corporation)
O4:64bit: - HKLM..\Run: [IgfxTray] C:\Windows\SysNative\igfxtray.exe (Intel Corporation)
O4:64bit: - HKLM..\Run: [Persistence] C:\Windows\SysNative\igfxpers.exe (Intel Corporation)
O4:64bit: - HKLM..\Run: [RTHDVCPL] C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe (Realtek Semiconductor)
O4:64bit: - HKLM..\Run: [RtkOSD] C:\Program Files (x86)\Realtek\Audio\OSD\RtVOsd64.exe (Realtek Semiconductor Corp.)
O4 - HKLM..\Run: [] File not found
O4 - HKLM..\Run: [avgnt] C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe (Avira GmbH)
O4 - HKLM..\Run: [DivXUpdate] C:\Program Files (x86)\DivX\DivX Update\DivXUpdate.exe ()
O4 - HKLM..\Run: [Easybits Recovery] C:\Program Files (x86)\EasyBits For Kids\ezRecover.exe (EasyBits Software AS)
O4 - HKLM..\Run: [NortonOnlineBackupReminder] C:\Program Files (x86)\Symantec\Norton Online Backup\Activation\NOBuActivation.exe (Symantec Corporation)
O4 - HKLM..\Run: [StartCCC] C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe (Advanced Micro Devices, Inc.)
O4 - HKCU..\Run: [HKCU] C:\Users\marc\AppData\Roaming\com\server.exe (Microsoft Corporation)
O4 - HKCU..\Run: [HPAdvisorDock] C:\Program Files (x86)\Hewlett-Packard\HP Advisor\DOCK\HPAdvisorDock.exe ()
O4 - HKCU..\Run: [Testing] C:\ProgramData\Svg64.exe (Elaborate Bytes AG)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktopChanges = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: EnableShellExecuteHooks = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O8:64bit: - Extra context menu item: Bild an &Bluetooth-Gerät senden... - C:\Programme\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm ()
O8:64bit: - Extra context menu item: Free YouTube to Mp3 Converter - C:\Users\marc\AppData\Roaming\DVDVideoSoftIEHelpers\youtubetomp3.htm ()
O8:64bit: - Extra context menu item: Seite an &Bluetooth-Gerät senden... - C:\Programme\WIDCOMM\Bluetooth Software\btsendto_ie.htm ()
O8 - Extra context menu item: Bild an &Bluetooth-Gerät senden... - C:\Programme\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm ()
O8 - Extra context menu item: Free YouTube to Mp3 Converter - C:\Users\marc\AppData\Roaming\DVDVideoSoftIEHelpers\youtubetomp3.htm ()
O8 - Extra context menu item: Seite an &Bluetooth-Gerät senden... - C:\Programme\WIDCOMM\Bluetooth Software\btsendto_ie.htm ()
O9:64bit: - Extra Button: @C:\Program Files\WIDCOMM\Bluetooth Software\btrez.dll,-4015 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Programme\WIDCOMM\Bluetooth Software\btsendto_ie.htm ()
O9:64bit: - Extra 'Tools' menuitem : @C:\Program Files\WIDCOMM\Bluetooth Software\btrez.dll,-12650 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Programme\WIDCOMM\Bluetooth Software\btsendto_ie.htm ()
O9 - Extra Button: Recherchieren - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~2\MICROS~1\OFFICE11\REFIEBAR.DLL (Microsoft Corporation)
O9 - Extra Button: Senden an Bluetooth - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Programme\WIDCOMM\Bluetooth Software\btsendto_ie.htm ()
O9 - Extra 'Tools' menuitem : Senden an &Bluetooth-Gerät... - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Programme\WIDCOMM\Bluetooth Software\btsendto_ie.htm ()
O10:64bit: - NameSpace_Catalog5\Catalog_Entries\000000000008 [] - C:\Program Files (x86)\Bonjour\mdnsNSP.dll (Apple Inc.)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000008 [] - C:\Program Files (x86)\Bonjour\mdnsNSP.dll (Apple Inc.)
O13 - gopher Prefix: missing
O13 - gopher Prefix: missing
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-1_6_0_17-windows-i586.cab (Java Plug-in 1.6.0_17)
O16 - DPF: {CAFEEFAC-0016-0000-0017-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_17-windows-i586.cab (Java Plug-in 1.6.0_17)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_17-windows-i586.cab (Java Plug-in 1.6.0_17)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-1_6_0_24-windows-i586.cab (Java Plug-in 1.6.0_24)
O16 - DPF: {CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_24-windows-i586.cab (Java Plug-in 1.6.0_24)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_24-windows-i586.cab (Java Plug-in 1.6.0_24)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.0.1
O18:64bit: - Protocol\Handler\http\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - Reg Error: Key error. File not found
O18:64bit: - Protocol\Handler\http\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - Reg Error: Key error. File not found
O18:64bit: - Protocol\Handler\https\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - Reg Error: Key error. File not found
O18:64bit: - Protocol\Handler\https\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - Reg Error: Key error. File not found
O18:64bit: - Protocol\Handler\livecall {828030A1-22C1-4009-854F-8E305202313F} - Reg Error: Key error. File not found
O18:64bit: - Protocol\Handler\msdaipp - No CLSID value found
O18:64bit: - Protocol\Handler\msdaipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - Reg Error: Key error. File not found
O18:64bit: - Protocol\Handler\msdaipp\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - Reg Error: Key error. File not found
O18:64bit: - Protocol\Handler\ms-itss {0A9007C0-4076-11D3-8789-0000F8105754} - Reg Error: Key error. File not found
O18:64bit: - Protocol\Handler\msnim {828030A1-22C1-4009-854F-8E305202313F} - Reg Error: Key error. File not found
O18:64bit: - Protocol\Handler\mso-offdap {3D9F03FA-7A94-11D3-BE81-0050048385D1} - Reg Error: Key error. File not found
O18:64bit: - Protocol\Handler\mso-offdap11 {32505114-5902-49B2-880A-1F7738E5A384} - Reg Error: Key error. File not found
O18 - Protocol\Handler\http\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\SYSTEM\OLE DB\msdaipp.dll (Microsoft Corporation)
O18 - Protocol\Handler\http\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\SYSTEM\OLE DB\msdaipp.dll (Microsoft Corporation)
O18 - Protocol\Handler\https\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\SYSTEM\OLE DB\msdaipp.dll (Microsoft Corporation)
O18 - Protocol\Handler\https\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\SYSTEM\OLE DB\msdaipp.dll (Microsoft Corporation)
O18 - Protocol\Handler\msdaipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\SYSTEM\OLE DB\msdaipp.dll (Microsoft Corporation)
O18 - Protocol\Handler\msdaipp\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\SYSTEM\OLE DB\msdaipp.dll (Microsoft Corporation)
O18 - Protocol\Handler\mso-offdap {3D9F03FA-7A94-11D3-BE81-0050048385D1} - C:\PROGRA~2\COMMON~1\MICROS~1\WEBCOM~1\10\OWC10.DLL (Microsoft Corporation)
O18 - Protocol\Handler\mso-offdap11 {32505114-5902-49B2-880A-1F7738E5A384} - C:\PROGRA~2\COMMON~1\MICROS~1\WEBCOM~1\11\OWC11.DLL (Microsoft Corporation)
O18:64bit: - Protocol\Filter\text/xml {807553E5-5146-11D5-A672-00B0D022E945} - Reg Error: Key error. File not found
O20:64bit: - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\Windows\SysNative\SystemPropertiesPerformance.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: VMApplet - (/pagefile) - File not found
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (/pagefile) - File not found
O20:64bit: - Winlogon\Notify\igfxcui: DllName - Reg Error: Key error. - C:\Windows\SysNative\igfxdev.dll (Intel Corporation)
O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - CLSID or File not found.
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - CLSID or File not found.
O28 - HKLM ShellExecuteHooks: {E54729E8-BB3D-4270-9D49-7389EA579090} - C:\Windows\SysWOW64\ezUPBHook.dll (EasyBits Software Corp.)
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [1999.09.25 17:28:22 | 000,000,971 | R--- | M] () - F:\AUTORUN.INF -- [ CDFS ]
O33 - MountPoints2\{a808627d-b502-11df-91b0-806e6f6e6963}\Shell - "" = AutoRun
O33 - MountPoints2\{a808627d-b502-11df-91b0-806e6f6e6963}\Shell\AutoRun\command - "" = F:\aoesetup.exe -- [2000.09.27 20:17:58 | 000,585,790 | R--- | M] (Microsoft Corporation)
O33 - MountPoints2\{a808627d-b502-11df-91b0-806e6f6e6963}\Shell\directx\command - "" = F:\DIRECTX\DXSETUP.EXE -- [1999.01.09 04:10:00 | 000,096,768 | R--- | M] (Microsoft Corporation)
O33 - MountPoints2\{a808627d-b502-11df-91b0-806e6f6e6963}\Shell\dplay\command - "" = F:\DIRECTX\DPLAY61A.EXE -- [1999.06.19 01:35:30 | 000,485,600 | R--- | M] (Microsoft Corporation)
O33 - MountPoints2\{a808627d-b502-11df-91b0-806e6f6e6963}\Shell\dxdiag\command - "" = F:\GOODIES\AR40DEU.EXE -- [1999.06.29 17:17:26 | 005,994,880 | R--- | M] (InstallShield Software Corporation)
O33 - MountPoints2\{a808627d-b502-11df-91b0-806e6f6e6963}\Shell\dxinfo\command - "" = F:\GOODIES\DIRECTX\DXINFO.EXE -- [1997.07.15 10:00:00 | 000,299,520 | R--- | M] (Microsoft Corp.)
O33 - MountPoints2\{a808627d-b502-11df-91b0-806e6f6e6963}\Shell\dxtest\command - "" = F:\DIRECTX\DXDIAG.EXE -- [1999.01.09 04:10:00 | 001,253,648 | R--- | M] (Microsoft Corporation)
O33 - MountPoints2\{a808627d-b502-11df-91b0-806e6f6e6963}\Shell\dxtool\command - "" = F:\GOODIES\DIRECTX\DXTOOL.EXE -- [1997.07.15 10:00:00 | 000,033,280 | R--- | M] (Microsoft Corporation)
O33 - MountPoints2\{a808627d-b502-11df-91b0-806e6f6e6963}\Shell\log\command - "" = F:\goodies\machine\machine.exe -- [1999.08.17 23:05:36 | 000,208,896 | R--- | M] (Microsoft Corporation)
O33 - MountPoints2\{a808627d-b502-11df-91b0-806e6f6e6963}\Shell\machine\command - "" = F:\GOODIES\MACHINE\MACHINE.EXE -- [1999.08.17 23:05:36 | 000,208,896 | R--- | M] (Microsoft Corporation)
O33 - MountPoints2\{a808627d-b502-11df-91b0-806e6f6e6963}\Shell\setup\command - "" = F:\aoesetup.exe -- [2000.09.27 20:17:58 | 000,585,790 | R--- | M] (Microsoft Corporation)
O33 - MountPoints2\{a808627d-b502-11df-91b0-806e6f6e6963}\Shell\zone\command - "" = F:\GOODIES\MSZONE\ZONEA600.EXE -- [1999.09.02 01:16:04 | 006,753,985 | R--- | M] ()
O34 - HKLM BootExecute: (autocheck autochk *) - File not found
O35:64bit: - HKLM\..comfile [open] -- "%1" %*
O35:64bit: - HKLM\..exefile [open] -- "%1" %*
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %*
O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*

[color=#E56717]========== Files/Folders - Created Within 30 Days ==========[/color]

[2011.03.06 14:07:41 | 000,000,000 | ---D | C] -- C:\Users\marc\AppData\Roaming\Malwarebytes
[2011.03.06 14:03:30 | 000,038,224 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\SysWow64\drivers\mbamswissarmy.sys
[2011.03.06 14:03:29 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes
[2011.03.06 14:03:26 | 000,024,152 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\SysNative\drivers\mbam.sys
[2011.03.06 14:03:25 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Malwarebytes' Anti-Malware
[2011.03.06 13:39:13 | 000,000,000 | ---D | C] -- C:\Users\marc\AppData\Local\{A492AC06-6D91-45AD-B95E-19895F3CC1A9}
[2011.03.05 22:10:42 | 000,000,000 | ---D | C] -- C:\Users\marc\AppData\Local\{293BD176-8775-43C1-A059-1A195111709F}
[2011.03.05 15:51:32 | 000,000,000 | ---D | C] -- C:\Users\marc\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Games
[2011.03.05 15:50:51 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Games
[2011.03.05 15:49:44 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Microsoft Games
[2011.03.05 12:03:52 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Elaborate Bytes
[2011.03.05 10:10:10 | 000,000,000 | ---D | C] -- C:\Users\marc\AppData\Local\{9894C2E4-BC81-4D1E-A14F-D412625A0C77}
[2011.03.05 00:56:14 | 000,000,000 | ---D | C] -- C:\Users\marc\AppData\Roaming\com
[2011.03.05 00:56:13 | 001,388,544 | ---- | C] (Elaborate Bytes AG) -- C:\ProgramData\Svg64.exe
[2011.03.04 15:47:49 | 000,000,000 | ---D | C] -- C:\Users\marc\AppData\Local\{B5532089-9716-498A-8345-DB9995B7C7A2}
[2011.03.04 15:44:37 | 000,000,000 | ---D | C] -- C:\Windows\PCHEALTH
[2011.02.27 14:29:51 | 000,000,000 | ---D | C] -- C:\Users\marc\AppData\Local\{D087D82C-97E9-443F-9740-F427DF7CE109}
[2011.02.25 13:52:42 | 000,000,000 | ---D | C] -- C:\Users\marc\AppData\Local\{71FD5A30-6726-4291-8EC4-8EE70886F23B}
[2011.02.23 13:14:54 | 000,662,528 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\XpsPrint.dll
[2011.02.23 13:14:54 | 000,475,648 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\XpsGdiConverter.dll
[2011.02.23 13:14:54 | 000,442,880 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\XpsPrint.dll
[2011.02.23 13:14:54 | 000,288,256 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\XpsGdiConverter.dll
[2011.02.22 21:04:40 | 000,000,000 | ---D | C] -- C:\Users\marc\AppData\Local\{31F1BBBE-8B28-4CA1-9F9B-A33BDD92F1D2}
[2011.02.21 08:09:42 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Java
[2011.02.21 08:09:29 | 000,157,472 | ---- | C] (Sun Microsystems, Inc.) -- C:\Windows\SysWow64\javaws.exe
[2011.02.21 08:09:29 | 000,145,184 | ---- | C] (Sun Microsystems, Inc.) -- C:\Windows\SysWow64\javaw.exe
[2011.02.21 08:09:29 | 000,145,184 | ---- | C] (Sun Microsystems, Inc.) -- C:\Windows\SysWow64\java.exe
[2011.02.16 15:42:44 | 000,000,000 | ---D | C] -- C:\Users\marc\AppData\Local\{8144DC00-4603-4571-B71A-EF8A468C8DD8}
[2011.02.12 22:16:07 | 000,000,000 | ---D | C] -- C:\Users\marc\AppData\Local\{3F203FE6-80C5-4CC8-B8F8-42F6B08F5979}
[2011.02.12 08:18:15 | 000,000,000 | ---D | C] -- C:\Users\marc\AppData\Local\{20E3AFB5-8CC7-4A31-AE93-C1FB5DC8E2BA}
[2011.02.11 15:28:32 | 000,000,000 | ---D | C] -- C:\Users\marc\AppData\Local\{29B2E0C2-B1CD-4A91-98B7-BDB28D776031}
[2011.02.09 19:58:07 | 000,599,040 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\msfeeds.dll
[2011.02.09 19:58:06 | 000,703,488 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\msfeeds.dll
[2011.02.09 19:58:05 | 000,256,000 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\iepeers.dll
[2011.02.09 19:58:05 | 000,185,856 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\iepeers.dll
[2011.02.09 19:58:05 | 000,097,280 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\mshtmled.dll
[2011.02.09 19:58:05 | 000,067,072 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\mshtmled.dll
[2011.02.09 19:58:05 | 000,057,856 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\licmgr10.dll
[2011.02.09 19:58:05 | 000,044,544 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\licmgr10.dll
[2011.02.09 19:58:05 | 000,012,800 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\msfeedssync.exe
[2011.02.09 19:58:05 | 000,012,288 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\msfeedssync.exe
[2011.02.09 19:58:04 | 000,482,816 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\html.iec
[2011.02.09 19:58:04 | 000,386,048 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\html.iec
[2011.02.09 19:57:55 | 000,264,192 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\upnp.dll
[2011.02.09 19:57:55 | 000,204,288 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\upnp.dll
[2011.02.09 19:57:52 | 000,100,864 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\davclnt.dll
[2011.02.09 19:57:51 | 000,062,976 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\wscapi.dll
[2011.02.09 19:57:50 | 000,080,384 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\davclnt.dll
[2011.02.09 19:57:50 | 000,051,200 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\wscapi.dll
[2011.02.09 19:57:50 | 000,015,360 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\slwga.dll
[2011.02.09 19:57:50 | 000,014,336 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\slwga.dll
[2011.02.09 19:57:49 | 000,214,016 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\winsrv.dll
[2011.02.09 19:57:47 | 000,265,088 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\dxgmms1.sys
[2011.02.09 19:57:47 | 000,144,384 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\cdd.dll
[2011.02.09 19:57:45 | 000,852,480 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\jscript.dll
[2011.02.09 19:57:45 | 000,716,800 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\jscript.dll
[2011.02.09 19:57:45 | 000,612,352 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\vbscript.dll
[2011.02.09 19:57:43 | 005,510,528 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ntoskrnl.exe
[2011.02.09 19:57:43 | 001,739,176 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ntdll.dll
[2011.02.09 19:57:42 | 003,957,120 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ntkrnlpa.exe
[2011.02.09 19:57:42 | 003,901,824 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ntoskrnl.exe
[2011.02.09 19:57:41 | 000,366,080 | ---- | C] (Adobe Systems Incorporated) -- C:\Windows\SysNative\atmfd.dll
[2011.02.09 19:57:41 | 000,294,400 | ---- | C] (Adobe Systems Incorporated) -- C:\Windows\SysWow64\atmfd.dll
[2011.02.09 19:57:41 | 000,046,080 | ---- | C] (Adobe Systems) -- C:\Windows\SysNative\atmlib.dll
[2011.02.09 19:57:41 | 000,034,304 | ---- | C] (Adobe Systems) -- C:\Windows\SysWow64\atmlib.dll

[color=#E56717]========== Files - Modified Within 30 Days ==========[/color]

[2011.03.06 19:42:54 | 000,024,183 | -H-- | M] () -- C:\Users\marc\AppData\Roaming\logs.dat
[2011.03.06 19:07:23 | 000,023,248 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2011.03.06 19:07:23 | 000,023,248 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2011.03.06 19:00:04 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2011.03.06 18:59:53 | 3062,255,616 | -HS- | M] () -- C:\hiberfil.sys
[2011.03.06 14:31:56 | 000,000,328 | ---- | M] () -- C:\Windows\tasks\HPCeeScheduleFormarc.job
[2011.03.06 13:38:08 | 000,427,464 | ---- | M] () -- C:\Windows\SysNative\FNTCACHE.DAT
[2011.03.05 15:26:42 | 000,000,085 | -HS- | M] () -- C:\ProgramData\.zreglib
[2011.03.05 00:56:13 | 001,388,544 | ---- | M] (Elaborate Bytes AG) -- C:\ProgramData\Svg64.exe
[2011.03.04 17:04:25 | 001,512,182 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI
[2011.03.04 17:04:25 | 000,659,004 | ---- | M] () -- C:\Windows\SysNative\perfh007.dat
[2011.03.04 17:04:25 | 000,620,150 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat
[2011.03.04 17:04:25 | 000,132,542 | ---- | M] () -- C:\Windows\SysNative\perfc007.dat
[2011.03.04 17:04:25 | 000,108,332 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat
[2011.03.03 18:52:58 | 000,000,877 | ---- | M] () -- C:\Users\marc\.recently-used.xbel
[2011.02.07 09:47:55 | 000,000,047 | ---- | M] () -- C:\Windows\NeroDigital.ini

[color=#E56717]========== Files Created - No Company Name ==========[/color]

[2011.03.05 15:26:42 | 000,000,085 | -HS- | C] () -- C:\ProgramData\.zreglib
[2011.03.04 15:46:11 | 000,002,495 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Windows Live Messenger.lnk
[2011.03.03 18:52:58 | 000,000,877 | ---- | C] () -- C:\Users\marc\.recently-used.xbel
[2011.02.07 09:47:55 | 000,000,047 | ---- | C] () -- C:\Windows\NeroDigital.ini
[2011.01.29 18:28:13 | 000,017,408 | ---- | C] () -- C:\Users\marc\AppData\Local\WebpageIcons.db
[2011.01.20 14:07:36 | 000,004,096 | -H-- | C] () -- C:\Users\marc\AppData\Local\keyfile3.drm
[2010.12.26 11:00:11 | 000,011,264 | ---- | C] () -- C:\Users\marc\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2010.12.26 02:41:45 | 000,000,056 | -H-- | C] () -- C:\ProgramData\ezsidmv.dat
[2010.09.11 12:28:41 | 000,000,400 | ---- | C] () -- C:\Windows\ODBC.INI
[2010.09.01 12:33:42 | 000,000,000 | ---- | C] () -- C:\Windows\nsreg.dat
[2010.07.10 21:49:05 | 000,000,000 | ---- | C] () -- C:\Windows\ativpsrm.bin
[2010.07.10 21:47:03 | 000,001,105 | ---- | C] () -- C:\Windows\SysWow64\atipblup.dat
[2010.07.10 21:38:31 | 000,000,268 | ---- | C] () -- C:\Windows\SysWow64\RStoneLog2.ini
[2010.07.10 21:38:31 | 000,000,209 | ---- | C] () -- C:\Windows\SysWow64\RStoneLog.ini
[2010.05.16 21:05:17 | 000,000,202 | ---- | C] () -- C:\Windows\SysWow64\HPWA.ini
[2010.05.16 20:06:19 | 000,009,988 | ---- | C] () -- C:\Windows\SysWow64\ezdigsgn.dat
[2010.03.03 07:08:14 | 000,870,544 | ---- | C] () -- C:\Windows\SysWow64\igkrng575.bin
[2010.03.03 07:08:14 | 000,208,896 | ---- | C] () -- C:\Windows\SysWow64\iglhsip32.dll
[2010.03.03 07:08:14 | 000,143,360 | ---- | C] () -- C:\Windows\SysWow64\iglhcp32.dll
[2010.03.03 07:08:12 | 000,051,068 | ---- | C] () -- C:\Windows\SysWow64\igfcg575m.bin
[2010.03.03 07:08:10 | 000,127,896 | ---- | C] () -- C:\Windows\SysWow64\igcompkrng575.bin
[2010.02.23 20:15:02 | 000,001,105 | ---- | C] () -- C:\Windows\SysWow64\atipblag.dat
[2010.02.09 17:58:12 | 000,012,800 | ---- | C] () -- C:\Windows\LPRES.DLL
[2009.07.14 06:38:36 | 000,067,584 | --S- | C] () -- C:\Windows\bootstat.dat
[2009.07.14 03:35:51 | 000,000,741 | ---- | C] () -- C:\Windows\SysWow64\NOISE.DAT
[2009.07.14 03:34:42 | 000,215,943 | ---- | C] () -- C:\Windows\SysWow64\dssec.dat
[2009.07.14 01:10:29 | 000,043,131 | ---- | C] () -- C:\Windows\mib.bin
[2009.07.14 00:42:10 | 000,064,000 | ---- | C] () -- C:\Windows\SysWow64\BWContextHandler.dll
[2009.07.13 22:59:36 | 001,498,564 | ---- | C] () -- C:\Windows\SysWow64\igkrng400.bin
[2009.07.13 22:03:59 | 000,364,544 | ---- | C] () -- C:\Windows\SysWow64\msjetoledb40.dll
[2009.06.10 22:26:10 | 000,673,088 | ---- | C] () -- C:\Windows\SysWow64\mlang.dat
[2005.04.08 03:16:43 | 000,024,183 | -H-- | C] () -- C:\Users\marc\AppData\Roaming\logs.dat
[2003.02.20 16:53:42 | 000,005,702 | ---- | C] () -- C:\Windows\SysWow64\OUTLPERF.INI
[1997.06.14 09:56:08 | 000,056,832 | ---- | C] () -- C:\Windows\SysWow64\iyvu9_32.dll

[color=#E56717]========== LOP Check ==========[/color]

[2011.01.17 11:19:44 | 000,000,000 | ---D | M] -- C:\Users\marc\AppData\Roaming\BitTorrent
[2011.03.06 19:00:47 | 000,000,000 | ---D | M] -- C:\Users\marc\AppData\Roaming\com
[2010.09.01 12:33:31 | 000,000,000 | ---D | M] -- C:\Users\marc\AppData\Roaming\DVDVideoSoftIEHelpers
[2011.03.03 18:52:58 | 000,000,000 | ---D | M] -- C:\Users\marc\AppData\Roaming\gtk-2.0
[2010.12.26 10:59:18 | 000,000,000 | ---D | M] -- C:\Users\marc\AppData\Roaming\Video DVD Maker FREE
[2011.01.30 11:01:06 | 000,000,000 | ---D | M] -- C:\Users\marc\AppData\Roaming\Xilisoft
[2011.02.16 23:32:46 | 000,032,640 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT

[color=#E56717]========== Purity Check ==========[/color]



< End of report >








Den Rootkit-Scan mit gmer hab ich jetzt nur bei Service, Registry und Files gemacht. Reicht das? Hier:

GMER 1.0.15.15530 - http://www.gmer.net
Rootkit scan 2011-03-06 20:23:33
Windows 6.1.7600
Running: k3lfhrts.exe


---- Registry - GMER 1.0.15 ----

Reg HKLM\SYSTEM\CurrentControlSet\services\BTHPORT\Parameters\Keys\002713c305bf
Reg HKLM\SYSTEM\CurrentControlSet\services\BTHPORT\Parameters\Keys\70f3955ed82f
Reg HKLM\SYSTEM\ControlSet002\services\BTHPORT\Parameters\Keys\002713c305bf (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet002\services\BTHPORT\Parameters\Keys\70f3955ed82f (not active ControlSet)

---- EOF - GMER 1.0.15 ----
Dieser Beitrag wurde am 06.03.2011 um 20:24 Uhr von eric_oiseau editiert.
Seitenanfang Seitenende
12.03.2011, 09:07
Member

Themenstarter

Beiträge: 56
#4 Hallo? Kann mir jemand weiterhelfen?;)
Seitenanfang Seitenende
12.03.2011, 11:32
Moderator

Beiträge: 7805
#5 Zur Info:
Folgende Dateien sind von Malware gesammelte und bereits verschickte Passworte und aehnliches.

c:\Users\marc\AppData\Roaming\logs.dat (Bifrose.Trace) -> Quarantined and deleted successfully.
c:\Users\marc\AppData\Local\Temp\UuU.uUu (Malware.Trace) -> Quarantined and deleted successfully.
c:\Users\marc\AppData\Local\Temp\XxX.xXx (Malware.Trace) ->nstallie

Also ist es schon mal extrem wichtig, alle Passworte von einem sauberen Rechner aus zu aendern..
Aus welcher Quelle hast du Elaborate Bytes AG (clonecd/Clonedvd?)

SChau bitte, was sich in dem Ordner C:\Users\marc\AppData\Roaming\com noch alles befindet...

Es ist sicherer den REchner komplett neu aufzusetzen...
__________
MfG Ralf
SEO-Spam Hunter
Seitenanfang Seitenende
12.03.2011, 12:56
Member

Themenstarter

Beiträge: 56
#6 Danke raman.

Was heisst alle Passworte? Also auf meinem Rechner benutze ich nicht viele Passworte, nur für Portale wie hier z.B. Welche Passworte meinst du? Email z.B.?

Elaborate Bytes AG Clone CD habe ich glaube ich über chip.de oder über irgendeine Englische Seite, die aber einen seriösen Eindruck machte und vom CloneCd direkt schien.

Den Rechner komplett neu aufsetzen? Habe ich noch nie gemacht und weiss ich auch net wies geht... Das heisst alles formatieren?

In dem genannten Ordner befindet sich nur eine Anwendung "server", löschen?

danke nochmals.
Seitenanfang Seitenende
12.03.2011, 13:24
Moderator

Beiträge: 7805
#7 Ja, mit Passworte meine ich alle, sowie alles was mit Onlinebanking, Foren usw... zu tun hat.

Du kannst dich gerne einmal hier durchlesen:

http://www.trojaner-board.de/51262-anleitung-neuaufsetzen-des-systems-absicherung.html
http://forum.avira.com/wbb/index.php?page=Thread&threadID=6123
__________
MfG Ralf
SEO-Spam Hunter
Seitenanfang Seitenende
13.03.2011, 12:36
Member

Themenstarter

Beiträge: 56
#8 Danke.
Soll ich die Anwendung "server" im Ordner C:\Users\marc\AppData\Roaming\com löschen?
Seitenanfang Seitenende
18.03.2011, 17:43
Member

Themenstarter

Beiträge: 56
#9 Hallo? Ja oder nein?



Edit:

Ist das gut oder schlecht: Windows 7 Service Pack 1 für x64-basierte Systeme (KB976932)

Downloadgröße: 73.6 MB - 892.6 MB

Sie müssen ggf. den Computer neu starten, damit die Änderungen wirksam werden.

Updatetyp: Wichtig

Windows 7 Service Pack 1 ist eine empfohlene Sammlung von Updates und Verbesserungen für Windows, die zu einem einzigen, installierbaren Update zusammengefasst wurden. Mit dem Service Pack können Sicherheit und Zuverlässigkeit Ihres Computers verbessert werden. Eine normale Installation nimmt etwa 30Minuten in Anspruch, und Sie müssen den Computer neu starten, nachdem etwa die Hälfte des Installationsverfahrens abgeschlossen ist.

Weitere Informationen:
http://go.microsoft.com/fwlink/?LinkId=206783

Hilfe und Support:
http://go.microsoft.com/fwlink/?LinkId=206784
Dieser Beitrag wurde am 18.03.2011 um 18:59 Uhr von eric_oiseau editiert.
Seitenanfang Seitenende
19.03.2011, 09:02
Moderator

Beiträge: 7805
#10

Zitat

Soll ich die Anwendung "server" im Ordner C:\Users\marc\AppData\Roaming\com löschen?
Nein, du solltest das System neu aufsetzen! Siehe obige Links von mir.

.....und ja, nach dem neu aufsetzen sind alle Updates fuer Windows 7 incl. das SP1 zu installieren.
__________
MfG Ralf
SEO-Spam Hunter
Seitenanfang Seitenende
19.03.2011, 10:50
Member

Themenstarter

Beiträge: 56
#11 Falls ich ihn nicht neu aufsetze, was wären die Konsequenzen oder Gefahren?
Seitenanfang Seitenende
19.03.2011, 11:06
Moderator

Beiträge: 7805
#12 Das Problem dabei ist, das wir nicht wissen, was der Banker und Bifrose RAT alles sonst noch auf deinem Rechner veraendert und installiert hat.

Den Ordner C:\Users\marc\AppData\Roaming\com solltest du ganz loeschen und div. Scans mit Mbam, Antivir
KAV AVP Tool
http://board.protecus.de/t37785.htm

Drweb Cureit
http://board.protecus.de/t29350.htm

esets Onlinescanner
http://www.eset.de/onlinescanner

und Emsis Eek
http://www.emsisoft.de/de/software/eek/
__________
MfG Ralf
SEO-Spam Hunter
Seitenanfang Seitenende
15.08.2011, 13:50
Member

Beiträge: 15
#13 Ich rate dir dringenst dazu das System neu aufzusetzen sonst wirst du immer weiter ausspioniert etc... und wer weiss was die person mit deinen passwörtern und accounts anstellen will. Windows neu aufzusetzen ist eigentlich garnicht so schwer du befolgst einfach die schritte und kannst so eig. nix falsch machen.
Seitenanfang Seitenende
15.08.2011, 14:50
Moderator

Beiträge: 7805
#14 Wenn der User das nach 5 Monaten nicht gemacht hat, wird er es nun bestimmt nicht mehr machen....
__________
MfG Ralf
SEO-Spam Hunter
Seitenanfang Seitenende
15.08.2011, 15:50
Member

Beiträge: 15
#15 ist ja nicht nur für ihn den tipp sondern auch für leute die das selbe problem haben und auf den thread stoßen ;)
Seitenanfang Seitenende
Um auf dieses Thema zu ANTWORTEN
bitte erst » hier kostenlos registrieren!!

Folgende Themen könnten Dich auch interessieren: