Trojaner-Board - Hijacker / HiJackThis Logs posten http://www.trojaner-board.de/ Hier könnt Ihr HiJackThis Logs zwecks Auswertung posten. Ebenso allgemeine Fragen zu Hijackern. de Thu, 09 Sep 2010 00:53:48 GMT vBulletin 60 http://www.trojaner-board.de/images/misc/rss.jpg Trojaner-Board - Hijacker / HiJackThis Logs posten http://www.trojaner-board.de/ Offen BDS/Papras.PK in Windows\system21\jvienify.dll http://www.trojaner-board.de/90567-bds-papras-pk-windows-system21-jvienify-dll.html Wed, 08 Sep 2010 21:14:37 GMT Hallo, habe folgendes Problem: Beim Online-Banking der Postbank wurde ich am Montag dazu aufgefordert 30 unverbrauchte Tans einzugeben. Dies unterließ ich natürlich, rief die Postbank an, welche mir mitteilte, ich hätte einen Trojaner und den Zugang sperrte. Als Virenschutz habe ich Avira... Hallo,
habe folgendes Problem:
Beim Online-Banking der Postbank wurde ich am Montag dazu aufgefordert 30 unverbrauchte Tans einzugeben. Dies unterließ ich natürlich, rief die Postbank an, welche mir mitteilte, ich hätte einen Trojaner und den Zugang sperrte.
Als Virenschutz habe ich Avira Antivir ständig automatisch aktualisiert laufen. Nach erstellen einer Boot-CD am Montag konnte diese keinen Schädling finden. Heute als ich nach der Arbeit nach Hause kam, hatte sich der Rechner aufgehängt, als letztes Bild kam die Fundmeldung des BDS/Papras.PK in Windows\system21\jvienify.dll. Nach Neustart des Rechners mußte ich ca 25x den Fund durch Antivir bestätigen und "Ignorieren", damit der Rechner sich nicht aufhängt.
Meine Frage: Ist es damit getan die jvienify.dll zu löschen? Diese DLL ist unter google nicht bekannt. Kann das Löschen der jvienify.dll zu schwereren Schäden führen? Was wäre das sinnvollste vorgehen?
Hat noch irgendjemand in Kombination mit Postbank diesen Trojaner?
Danke für eine Rückmeldung
Viele Grüße
paniev ]]> Hijacker / HiJackThis Logs posten Paniev http://www.trojaner-board.de/90567-bds-papras-pk-windows-system21-jvienify-dll.html Offen Aufrufen von google.de führt zu Phishing Seite http://www.trojaner-board.de/90559-aufrufen-von-google-de-fuehrt-zu-phishing-seite.html Wed, 08 Sep 2010 19:42:09 GMT Guten Abend,

gestern als ich auf Arbeit war installierte sich auf meinem Notebook auf einmal selbständig eine Malware namens "Antivirus Security 2010". Im Netz habe ich dann gelesen wie man diese löscht, jedoch habe ich trotzdem immernoch das Problem, dass die google Seite bei mir nicht funktioniert. Wenn ich google.de aufrufe, dann erscheint eine Seite die aussieht wie die englische google Website, ist bei der Suche jedoch total langsam, kommt nicht mit Umlauten klar und die Links will ich gar nicht erst anklicken.

Um mein Problem zu lösen habe ich bis jetzt folgendes gemacht:
-Komplettscan mit Avira Antivir
-Komplettscan mit Spybot S&D
-Komplettscan Malwarebytes

Es wurden einige Sachen gefunden, jedoch löst das nicht mein kleines google Problem. Wie fahre ich jetzt am besten fort?

Anbei mein HijackThis Log:

Code:
Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 21:29:08, on 08.09.2010
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v8.00 (8.00.6001.18702)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Programme\-=Security=-\Avira\AntiVir Desktop\sched.exe
C:\WINDOWS\Explorer.EXE
C:\Programme\-=Security=-\Avira\AntiVir Desktop\avgnt.exe
C:\Programme\Apoint\Apoint.exe
C:\Program Files\Sony\ISB Utility\ISBMgr.exe
C:\Programme\Sony\Wireless Switch Setting Utility\Switcher.exe
C:\Programme\Gemeinsame Dateien\Java\Java Update\jusched.exe
C:\Programme\Microsoft Office\Office12\GrooveMonitor.exe
C:\Programme\FreePDF_XP\fpassist.exe
C:\Programme\DivX\DivX Update\DivXUpdate.exe
C:\WINDOWS\system32\RUNDLL32.EXE
C:\WINDOWS\system32\ctfmon.exe
C:\Programme\-=Media=-\DAEMON Tools Lite\DTLite.exe
C:\Programme\Spybot - Search & Destroy\TeaTimer.exe
C:\Programme\-=Security=-\Avira\AntiVir Desktop\avguard.exe
C:\xampp\apache\bin\httpd.exe
C:\Programme\Bonjour\mDNSResponder.exe
C:\Programme\Java\jre6\bin\jqs.exe
C:\xampp\mysql\bin\mysqld.exe
C:\WINDOWS\system32\svchost.exe
C:\Programme\Sony\VAIO Event Service\VESMgr.exe
C:\Programme\Apoint\Apntex.exe
C:\xampp\apache\bin\httpd.exe
C:\Programme\-=Media=-\ICQ7.0\ICQ.exe
C:\Programme\-=Office=-\Mozilla Firefox\firefox.exe
C:\WINDOWS\system32\msiexec.exe
C:\Programme\Trend Micro\HiJackThis\HiJackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = hxxp://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
O1 - Hosts: 212.95.49.48 www.google.com
O1 - Hosts: 212.95.49.48 us.search.yahoo.com
O1 - Hosts: 212.95.49.48 uk.search.yahoo.com
O1 - Hosts: 212.95.49.48 search.yahoo.com
O1 - Hosts: 212.95.49.48 www.google.com.br
O1 - Hosts: 212.95.49.48 www.google.it
O1 - Hosts: 212.95.49.48 www.google.es
O1 - Hosts: 212.95.49.48 www.google.co.jp
O1 - Hosts: 212.95.49.48 www.google.com.mx
O1 - Hosts: 212.95.49.48 www.google.ca
O1 - Hosts: 212.95.49.48 www.google.com.au
O1 - Hosts: 212.95.49.48 www.google.nl
O1 - Hosts: 212.95.49.48 www.google.co.za
O1 - Hosts: 212.95.49.48 www.google.be
O1 - Hosts: 212.95.49.48 www.google.gr
O1 - Hosts: 212.95.49.48 www.google.at
O1 - Hosts: 212.95.49.48 www.google.se
O1 - Hosts: 212.95.49.48 www.google.ch
O1 - Hosts: 212.95.49.48 www.google.pt
O1 - Hosts: 212.95.49.48 www.google.dk
O1 - Hosts: 212.95.49.48 www.google.fi
O1 - Hosts: 212.95.49.48 www.google.ie
O1 - Hosts: 212.95.49.48 www.google.no
O1 - Hosts: 212.95.49.48 www.google.de
O1 - Hosts: 212.95.49.48 www.google.fr
O1 - Hosts: 212.95.49.48 www.google.co.uk
O1 - Hosts: 212.95.49.48 www.bing.com
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\PROGRA~1\MICROS~2\Office12\GRA8E1~1.DLL
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Programme\Java\jre6\bin\jp2ssv.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Programme\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O4 - HKLM\..\Run: [avgnt] "C:\Programme\-=Security=-\Avira\AntiVir Desktop\avgnt.exe" /min
O4 - HKLM\..\Run: [igfxtray] C:\WINDOWS\system32\igfxtray.exe
O4 - HKLM\..\Run: [igfxhkcmd] C:\WINDOWS\system32\hkcmd.exe
O4 - HKLM\..\Run: [igfxpers] C:\WINDOWS\system32\igfxpers.exe
O4 - HKLM\..\Run: [Mouse Suite 98 Daemon] ICO.EXE
O4 - HKLM\..\Run: [Apoint] C:\Programme\Apoint\Apoint.exe
O4 - HKLM\..\Run: [ISBMgr.exe] C:\Program Files\Sony\ISB Utility\ISBMgr.exe
O4 - HKLM\..\Run: [Switcher.exe] C:\Programme\Sony\Wireless Switch Setting Utility\Switcher.exe
O4 - HKLM\..\Run: [VAIOCameraUtility] "C:\Program Files\Sony\VAIO Camera Utility\VCUServe.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Programme\Gemeinsame Dateien\Java\Java Update\jusched.exe"
O4 - HKLM\..\Run: [GrooveMonitor] "C:\Programme\Microsoft Office\Office12\GrooveMonitor.exe"
O4 - HKLM\..\Run: [FreePDF Assistant] C:\Programme\FreePDF_XP\fpassist.exe
O4 - HKLM\..\Run: [DivXUpdate] "C:\Programme\DivX\DivX Update\DivXUpdate.exe" /CHECKNOW
O4 - HKLM\..\Run: [AdobeAAMUpdater-1.0] "C:\Programme\Gemeinsame Dateien\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe"
O4 - HKLM\..\Run: [SwitchBoard] C:\Programme\Gemeinsame Dateien\Adobe\SwitchBoard\SwitchBoard.exe
O4 - HKLM\..\Run: [AdobeCS5ServiceManager] "C:\Programme\Gemeinsame Dateien\Adobe\CS5ServiceManager\CS5ServiceManager.exe" -launchedbylogin
O4 - HKLM\..\Run: [nwiz] nwiz.exe /installquiet
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [DAEMON Tools Lite] "C:\Programme\-=Media=-\DAEMON Tools Lite\DTLite.exe" -autorun
O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Programme\Spybot - Search & Destroy\TeaTimer.exe
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'LOKALER DIENST')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'NETZWERKDIENST')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O8 - Extra context menu item: Nach Microsoft E&xel exportieren - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000
O9 - Extra button: An OneNote senden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: An OneNote s&enden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra button: ICQ7 - {88EB38EF-4D2C-436D-ABD3-56B232674062} - C:\Programme\-=Media=-\ICQ7.0\ICQ.exe
O9 - Extra 'Tools' menuitem: ICQ7 - {88EB38EF-4D2C-436D-ABD3-56B232674062} - C:\Programme\-=Media=-\ICQ7.0\ICQ.exe
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programme\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programme\Messenger\msmsgs.exe
O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\PROGRA~1\MICROS~2\Office12\GR99D3~1.DLL
O22 - SharedTaskScheduler: Browseui preloader - {438755C2-A8BA-11D1-B96B-00A0C90312E1} - C:\WINDOWS\system32\browseui.dll
O22 - SharedTaskScheduler: Component Categories cache daemon - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\WINDOWS\system32\browseui.dll
O23 - Service: Avira AntiVir Planer (AntiVirSchedulerService) - Avira GmbH - C:\Programme\-=Security=-\Avira\AntiVir Desktop\sched.exe
O23 - Service: Avira AntiVir Guard (AntiVirService) - Avira GmbH - C:\Programme\-=Security=-\Avira\AntiVir Desktop\avguard.exe
O23 - Service: Apache2.2 - Apache Software Foundation - C:\xampp\apache\bin\httpd.exe
O23 - Service: ##Id_String1.6844F930_1628_4223_B5CC_5BB94B879762## (Bonjour Service) - Apple Computer, Inc. - C:\Programme\Bonjour\mDNSResponder.exe
O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Programme\Gemeinsame Dateien\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Programme\Java\jre6\bin\jqs.exe
O23 - Service: MySQL - MySQL AB - C:\xampp\mysql\bin\mysqld.exe
O23 - Service: NVIDIA Display Driver Service (nvsvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: SwitchBoard - Adobe Systems Incorporated - C:\Programme\Gemeinsame Dateien\Adobe\SwitchBoard\SwitchBoard.exe
O23 - Service: VAIO Event Service - Sony Corporation - C:\Programme\Sony\VAIO Event Service\VESMgr.exe

--
End of file - 9196 bytes
]]> Hijacker / HiJackThis Logs posten Ducksoul http://www.trojaner-board.de/90559-aufrufen-von-google-de-fuehrt-zu-phishing-seite.html Offen TR/Dropper.Gen was ist zu tun? http://www.trojaner-board.de/90556-tr-dropper-gen-ist-zu-tun.html Wed, 08 Sep 2010 18:50:31 GMT Hallo, ich bin der SmaXh14 und bin neu hier. Ich habe mich deshalb angemeldet weil ich mir offenbar den Virus TR/Dropper.Gen eingefangen habe und jetzt wissen möchte wie ich den entfernen kann. Ich hoffe ihr könnt mir helfen. Hier mein Hijackthis-Log: Logfile of Trend Micro HijackThis v2.0.4... Hallo,

ich bin der SmaXh14 und bin neu hier. Ich habe mich deshalb angemeldet weil ich mir offenbar den Virus TR/Dropper.Gen eingefangen habe und jetzt wissen möchte wie ich den entfernen kann. Ich hoffe ihr könnt mir helfen. Hier mein Hijackthis-Log:

Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 20:49:20, on 08.09.2010
Platform: Windows Vista SP2 (WinNT 6.00.1906)
MSIE: Internet Explorer v8.00 (8.00.6001.18943)
Boot mode: Normal

Running processes:
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Windows\system32\taskeng.exe
C:\Program Files\Windows Defender\MSASCui.exe
C:\Program Files\Acer\Empowering Technology\eDataSecurity\x86\eDSLoader.exe
C:\Program Files\Acer\Empowering Technology\eAudio\eAudio.exe
C:\Program Files\Launch Manager\QtZgAcer.EXE
C:\Program Files\Avira\AntiVir Desktop\avgnt.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files\Windows Media Player\wmpnscfg.exe
C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
C:\Users\Max\Desktop\Virus Removal Tool\setup_9.0.0.722_01.09.2010_10-16\setup_9.0.0.722_01.09.2010_10-16.exe
C:\program files\avira\antivir desktop\avcenter.exe
C:\program files\avira\antivir desktop\avscan.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Windows\system32\SearchFilterHost.exe
C:\Program Files\Mozilla Firefox\plugin-container.exe
C:\Users\Max\Downloads\HiJackThis204.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://homepage.acer.com/rdr.aspx?b=ACAW&l=0407&s=2&o=vp32&d=0510&m=aspire_6530g
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.google.de/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://homepage.acer.com/rdr.aspx?b=ACAW&l=0407&s=2&o=vp32&d=0510&m=aspire_6530g
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = hxxp://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://homepage.acer.com/rdr.aspx?b=ACAW&l=0407&s=2&o=vp32&d=0510&m=aspire_6530g
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
O1 - Hosts: ::1 localhost
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: ShowBarObj Class - {83A2F9B1-01A2-4AA5-87D1-45B6B8505E96} - C:\Program Files\Acer\Empowering Technology\eDataSecurity\x86\ActiveToolBand.dll
O2 - BHO: Windows Live Anmelde-Hilfsprogramm - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: SkypeIEPluginBHO - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O3 - Toolbar: (no name) - {0BF43445-2F28-4351-9252-17FE6E806AA0} - (no file)
O3 - Toolbar: Acer eDataSecurity Management - {5CBE3B7C-1E47-477e-A7DD-396DB0476E29} - C:\Program Files\Acer\Empowering Technology\eDataSecurity\x86\eDStoolbar.dll
O3 - Toolbar: (no name) - {D4027C7F-154A-4066-A1AD-4243D8127440} - (no file)
O4 - HKLM\..\Run: [Windows Defender] %ProgramFiles%\Windows Defender\MSASCui.exe -hide
O4 - HKLM\..\Run: [ePower_DMC] C:\Program Files\Acer\Empowering Technology\ePower\ePower_DMC.exe
O4 - HKLM\..\Run: [eDataSecurity Loader] C:\Program Files\Acer\Empowering Technology\eDataSecurity\x86\eDSloader.exe
O4 - HKLM\..\Run: [eAudio] "C:\Program Files\Acer\Empowering Technology\eAudio\eAudio.exe"
O4 - HKLM\..\Run: [LManager] C:\PROGRA~1\LAUNCH~1\QtZgAcer.EXE
O4 - HKLM\..\Run: [avgnt] "C:\Program Files\Avira\AntiVir Desktop\avgnt.exe" /min
O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [Eraser] "C:\PROGRA~1\Eraser\Eraser.exe" --atRestart
O4 - HKCU\..\Run: [WMPNSCFG] C:\Program Files\Windows Media Player\WMPNSCFG.exe
O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'LOKALER DIENST')
O4 - HKUS\S-1-5-19\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter (User 'LOKALER DIENST')
O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'NETZWERKDIENST')
O4 - Startup: setup_9.0.0.722_01.09.2010_10-16.lnk = C:\Users\Max\Desktop\Virus Removal Tool\setup_9.0.0.722_01.09.2010_10-16\startup.exe
O8 - Extra context menu item: Nach Microsoft E&xel exportieren - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000
O9 - Extra button: Quick-Launching Area - {10954C80-4F0F-11d3-B17C-00C0DFE39736} - C:\Program Files\Acer\Acer Bio Protection\PwdBank.exe
O9 - Extra 'Tools' menuitem: Quick-Launching Area - {10954C80-4F0F-11d3-B17C-00C0DFE39736} - C:\Program Files\Acer\Acer Bio Protection\PwdBank.exe
O9 - Extra button: An OneNote senden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: An OneNote s&enden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra button: Skype add-on for Internet Explorer - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
O9 - Extra 'Tools' menuitem: Skype add-on for Internet Explorer - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL
O18 - Protocol: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O20 - AppInit_DLLs: C:\PROGRA~1\Google\GOOGLE~3\GOEC62~1.DLL
O20 - Winlogon Notify: AWinNotifyVitaKey MC3000 - C:\Program Files\Acer\Acer Bio Protection\WinNotify.dll
O20 - Winlogon Notify: spba - C:\Program Files\Common Files\SPBA\homefus2.dll
O22 - SharedTaskScheduler: Component Categories cache daemon - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\Windows\system32\browseui.dll
O23 - Service: Agere Modem Call Progress Audio (AgereModemAudio) - Agere Systems - C:\Windows\system32\agrsmsvc.exe
O23 - Service: AMD External Events Utility - AMD - C:\Windows\system32\atiesrxx.exe
O23 - Service: Avira AntiVir Planer (AntiVirSchedulerService) - Avira GmbH - C:\Program Files\Avira\AntiVir Desktop\sched.exe
O23 - Service: Avira AntiVir Guard (AntiVirService) - Avira GmbH - C:\Program Files\Avira\AntiVir Desktop\avguard.exe
O23 - Service: CLHNService - Unknown owner - C:\Program Files\Acer Arcade Deluxe\HomeMedia\Kernel\DMP\CLHNService.exe
O23 - Service: eDataSecurity Service - Egis Incorporated - C:\Program Files\Acer\Empowering Technology\eDataSecurity\x86\eDSService.exe
O23 - Service: Google Desktop Manager 5.9.911.3589 (GoogleDesktopManager-110309-193829) - Unknown owner - C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe (file missing)
O23 - Service: LogMeIn Hamachi 2.0 Tunneling Engine (Hamachi2Svc) - LogMeIn Inc. - C:\Program Files\LogMeIn Hamachi\hamachi-2.exe
O23 - Service: iGroupTec Service (IGBASVC) - Unknown owner - C:\Program Files\Acer\Acer Bio Protection\BASVC.exe
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Common Files\LightScribe\LSSrvc.exe
O23 - Service: NMSAccess - Unknown owner - C:\Program Files\CDBurnerXP\NMSAccessU.exe
O23 - Service: PnkBstrA - Unknown owner - C:\Windows\system32\PnkBstrA.exe
O23 - Service: Remote Packet Capture Protocol v.0 (experimental) (rpcapd) - CACE Technologies, Inc. - C:\Program Files\WinPcap\rpcapd.exe

--
End of file - 7992 bytes


Danke schonmal im Vorraus

SmaXh14 ]]> Hijacker / HiJackThis Logs posten SmaXh14 http://www.trojaner-board.de/90556-tr-dropper-gen-ist-zu-tun.html Offen Backdooprogramm BDS/Papras.PK http://www.trojaner-board.de/90554-backdooprogramm-bds-papras-pk.html Wed, 08 Sep 2010 17:42:48 GMT Hallo! Ich habe seit 2 Tagen folgendes Problem: Beim Start des PCs sowie beim Öffnen verschiedener Programme (Firefox, Läutstärkeregelung, ...) meldet mir der Avira Guard das Backdooprogramm BDS/Papras.PK. Ich habe nach Anleitung mal die Scans durchgeführt, anbei also zu erst die Logdatei... Hallo!

Ich habe seit 2 Tagen folgendes Problem:
Beim Start des PCs sowie beim Öffnen verschiedener Programme (Firefox, Läutstärkeregelung, ...) meldet mir der Avira Guard das Backdooprogramm BDS/Papras.PK.

Ich habe nach Anleitung mal die Scans durchgeführt, anbei also zu erst die Logdatei von Malwarebyte, danach die beiden Dateien von OTL.

Vielen Dank schonmal im Vorraus für eure Hilfe!


Code:
Malwarebytes' Anti-Malware 1.46
www.malwarebytes.org

Datenbank Version: 4572

Windows 6.0.6002 Service Pack 2
Internet Explorer 7.0.6002.18005

08.09.2010 19:12:37
mbam-log-2010-09-08 (19-12-37).txt

Art des Suchlaufs: Quick-Scan
Durchsuchte Objekte: 133204
Laufzeit: 9 Minute(n), 27 Sekunde(n)

Infizierte Speicherprozesse: 0
Infizierte Speichermodule: 0
Infizierte Registrierungsschlüssel: 6
Infizierte Registrierungswerte: 6
Infizierte Dateiobjekte der Registrierung: 0
Infizierte Verzeichnisse: 0
Infizierte Dateien: 2

Infizierte Speicherprozesse:
(Keine bösartigen Objekte gefunden)

Infizierte Speichermodule:
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungsschlüssel:
HKEY_CURRENT_USER\Software\avsoft (Trojan.Fraudpack) -> No action taken.
HKEY_CURRENT_USER\Software\avsuite (Rogue.AntivirusSuite) -> No action taken.
HKEY_CURRENT_USER\Software\M5T8QL3YW3 (Trojan.FakeAlert) -> No action taken.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Handle (Malware.Trace) -> No action taken.
HKEY_CURRENT_USER\SOFTWARE\QZAIB7KITK (Trojan.FakeAlert) -> No action taken.
HKEY_CURRENT_USER\SOFTWARE\XML (Trojan.FakeAlert) -> No action taken.

Infizierte Registrierungswerte:
HKEY_CLASSES_ROOT\.exe\shell\open\command\(default) (Hijack.ExeFile) -> No action taken.
HKEY_CLASSES_ROOT\secfile\shell\open\command\(default) (Rogue.MultipleAV) -> No action taken.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\winid (Malware.Trace) -> No action taken.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\evenconv (Trojan.Agent.U) -> No action taken.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\hsfg9w8gujsokgahi8gysgnsdgefshyjy (Trojan.Downloader) -> No action taken.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\userinit (Trojan.Agent) -> No action taken.

Infizierte Dateiobjekte der Registrierung:
(Keine bösartigen Objekte gefunden)

Infizierte Verzeichnisse:
(Keine bösartigen Objekte gefunden)

Infizierte Dateien:
C:\Users\***\AppData\Roaming\avdrn.dat (Malware.Trace) -> No action taken.
C:\Users\***\AppData\Roaming\dhxiuw.dat (Malware.Trace) -> No action taken.

OTL.txt:
Code:
OTL logfile created on: 08.09.2010 19:27:25 - Run 1
OTL by OldTimer - Version 3.2.11.0    Folder = C:\Users\***\Downloads
Windows Vista Home Premium Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation
Internet Explorer (Version = 7.0.6002.18005)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
 
2,00 Gb Total Physical Memory | 1,00 Gb Available Physical Memory | 63,00% Memory free
4,00 Gb Paging File | 3,00 Gb Available in Paging File | 77,00% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 104,95 Gb Total Space | 1,71 Gb Free Space | 1,63% Space Free | Partition Type: NTFS
D: Drive not present or media not loaded
E: Drive not present or media not loaded
F: Drive not present or media not loaded
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded
 
Computer Name: ***
Current User Name: ***
Logged in as Administrator.
 
Current Boot Mode: Normal
Scan Mode: Current user
Company Name Whitelist: Off
Skip Microsoft Files: Off
File Age = 30 Days
Output = Minimal
 
========== Processes (SafeList) ==========
 
PRC - C:\Users\***\Downloads\OTL.exe (OldTimer Tools)
PRC - C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation)
PRC - C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe (Apple Inc.)
PRC - C:\Users\Pe\AppData\Roaming\QipGuard\QipGuard.exe ()
PRC - C:\Program Files\Avira\AntiVir Desktop\avguard.exe (Avira GmbH)
PRC - C:\Program Files\Avira\AntiVir Desktop\sched.exe (Avira GmbH)
PRC - C:\Windows\explorer.exe (Microsoft Corporation)
PRC - C:\Program Files\Avira\AntiVir Desktop\avgnt.exe (Avira GmbH)
PRC - C:\Program Files\CDBurnerXP\NMSAccessU.exe ()
PRC - C:\Program Files\Windows Defender\MSASCui.exe (Microsoft Corporation)
PRC - C:\Windows\RtHDVCpl.exe (Realtek Semiconductor)
PRC - C:\Program Files\ATK Hotkey\HControl.exe (ATK0100)
PRC - C:\Program Files\ATK Hotkey\ASLDRSrv.exe ()
PRC - C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtMng.exe (TOSHIBA CORPORATION.)
PRC - C:\Program Files\ASUS\Splendid\ACMON.exe (ATK)
PRC - C:\Program Files\ATKOSD2\ATKOSD2.exe ()
PRC - C:\Program Files\P4G\BatteryLife.exe (ATK)
PRC - C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosA2dp.exe (TOSHIBA CORPORATION.)
PRC - C:\Program Files\ASUS\NB Probe\SPM\spmgr.exe ()
PRC - C:\Program Files\Wireless Console 2\wcourier.exe ()
PRC - C:\Program Files\ATK Hotkey\ATKOSD.exe ()
PRC - C:\Windows\System32\StkCSrv.exe (Syntek America Inc.)
PRC - C:\Program Files\ASUS\Net4Switch\Net4Switch.exe (ASUS)
PRC - C:\Program Files\Motorola\SMSERIAL\sm56hlpr.exe (Motorola Inc.)
PRC - C:\Program Files\ASUS\ATK Media\DMedia.exe (ASUSTeK Computer INC.)
PRC - C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtSrv.exe (TOSHIBA CORPORATION)
PRC - C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtHSP.exe (TOSHIBA CORPORATION.)
PRC - C:\Program Files\Apoint2K\Apvfb.exe (ALPS)
PRC - C:\Program Files\Apoint2K\hidfind.exe (Alps Electric Co., Ltd.)
PRC - C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtHid.exe (TOSHIBA CORPORATION.)
PRC - C:\Windows\System32\ACEngSvr.exe (ASUSTeK)
 
 
========== Modules (SafeList) ==========
 
MOD - C:\Users\***\Downloads\OTL.exe (OldTimer Tools)
MOD - C:\Windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.6002.18005_none_5cb72f96088b0de0\comctl32.dll (Microsoft Corporation)
MOD - C:\Windows\System32\msscript.ocx (Microsoft Corporation)
 
 
========== Win32 Services (SafeList) ==========
 
SRV - (CLTNetCnService) -- C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe File not found
SRV - (Apple Mobile Device) -- C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe (Apple Inc.)
SRV - (FontCache) -- C:\Windows\System32\FntCache.dll (Microsoft Corporation)
SRV - (AntiVirService) -- C:\Program Files\Avira\AntiVir Desktop\avguard.exe (Avira GmbH)
SRV - (AntiVirSchedulerService) -- C:\Program Files\Avira\AntiVir Desktop\sched.exe (Avira GmbH)
SRV - (NMSAccessU) -- C:\Program Files\CDBurnerXP\NMSAccessU.exe ()
SRV - (WinDefend) -- C:\Program Files\Windows Defender\MpSvc.dll (Microsoft Corporation)
SRV - (ASLDRService) -- C:\Program Files\ATK Hotkey\ASLDRSrv.exe ()
SRV - (spmgr) -- C:\Program Files\ASUS\NB Probe\SPM\spmgr.exe ()
SRV - (StkSSrv) -- C:\Windows\System32\StkCSrv.exe (Syntek America Inc.)
SRV - (TOSHIBA Bluetooth Service) -- C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtSrv.exe (TOSHIBA CORPORATION)
 
 
========== Driver Services (SafeList) ==========
 
DRV - (NwlnkFwd) -- C:\Windows\System32\DRIVERS\nwlnkfwd.sys File not found
DRV - (NwlnkFlt) -- C:\Windows\System32\DRIVERS\nwlnkflt.sys File not found
DRV - (ipswuio) -- C:\Windows\System32\DRIVERS\ipswuio.sys File not found
DRV - (IpInIp) -- C:\Windows\System32\DRIVERS\ipinip.sys File not found
DRV - (cpuz129) -- C:\Users\***\AppData\Local\Temp\cpuz_x32.sys File not found
DRV - (blbdrive) -- C:\Windows\System32\drivers\blbdrive.sys File not found
DRV - (avgntflt) -- C:\Windows\System32\drivers\avgntflt.sys (Avira GmbH)
DRV - (BCD3000) -- C:\Windows\System32\drivers\BCD3000.SYS (Behringer Spezielle Studiotechnik GmbH)
DRV - (BCD3000WDM) -- C:\Windows\System32\drivers\BCD3000WDM.SYS (Behringer Spezielle Studiotechnik GmbH)
DRV - (athr) -- C:\Windows\System32\drivers\athr.sys (Atheros Communications, Inc.)
DRV - (ssmdrv) -- C:\Windows\System32\drivers\ssmdrv.sys (Avira GmbH)
DRV - (usbaudio) USB-Audiotreiber (WDM) -- C:\Windows\System32\drivers\USBAUDIO.sys (Microsoft Corporation)
DRV - (avipbb) -- C:\Windows\System32\drivers\avipbb.sys (Avira GmbH)
DRV - (avgio) -- C:\Program Files\Avira\AntiVir Desktop\avgio.sys (Avira GmbH)
DRV - (sptd) -- C:\Windows\System32\Drivers\sptd.sys ()
DRV - (MODEMCSA) -- C:\Windows\System32\drivers\MODEMCSA.sys (Microsoft Corporation)
DRV - (Sntnlusb) -- C:\Windows\System32\drivers\SNTNLUSB.SYS (Rainbow Technologies Inc.)
DRV - (Sentinel) -- C:\Windows\System32\Drivers\SENTINEL.SYS (Rainbow Technologies, Inc.)
DRV - (IntcAzAudAddService) Service for Realtek HD Audio (WDM) -- C:\Windows\System32\drivers\RTKVHDA.sys (Realtek Semiconductor Corp.)
DRV - (nvstor32) -- C:\Windows\system32\DRIVERS\nvstor32.sys (NVIDIA Corporation)
DRV - (StkCMini) -- C:\Windows\System32\drivers\StkCMini.sys (Syntek)
DRV - (nvlddmkm) -- C:\Windows\System32\drivers\nvlddmkm.sys (NVIDIA Corporation)
DRV - (NVENETFD) -- C:\Windows\System32\drivers\nvmfdx32.sys (NVIDIA Corporation)
DRV - (WCPU) -- C:\Program Files\P4G\WCPU.sys (Windows (R) Codename Longhorn DDK provider)
DRV - (ghaio) -- C:\Program Files\ASUS\NB Probe\SPM\ghaio.sys ()
DRV - (MTsensor) -- C:\Windows\System32\drivers\ATKACPI.sys (ATK0100)
DRV - (tosrfbd) -- C:\Windows\System32\drivers\tosrfbd.sys (TOSHIBA CORPORATION)
DRV - (smserial) -- C:\Windows\System32\drivers\smserial.sys (Motorola Inc.)
DRV - (tosrfbnp) -- C:\Windows\System32\drivers\tosrfbnp.sys (TOSHIBA Corporation)
DRV - (rimmptsk) -- C:\Windows\System32\drivers\rimmptsk.sys (REDC)
DRV - (rimsptsk) -- C:\Windows\System32\drivers\rimsptsk.sys (REDC)
DRV - (ql2300) -- C:\Windows\system32\drivers\ql2300.sys (QLogic Corporation)
DRV - (adp94xx) -- C:\Windows\system32\drivers\adp94xx.sys (Adaptec, Inc.)
DRV - (elxstor) -- C:\Windows\system32\drivers\elxstor.sys (Emulex)
DRV - (adpahci) -- C:\Windows\system32\drivers\adpahci.sys (Adaptec, Inc.)
DRV - (uliahci) -- C:\Windows\system32\drivers\uliahci.sys (ULi Electronics Inc.)
DRV - (iaStorV) -- C:\Windows\system32\drivers\iastorv.sys (Intel Corporation)
DRV - (adpu320) -- C:\Windows\system32\drivers\adpu320.sys (Adaptec, Inc.)
DRV - (ulsata2) -- C:\Windows\system32\drivers\ulsata2.sys (Promise Technology, Inc.)
DRV - (vsmraid) -- C:\Windows\system32\drivers\vsmraid.sys (VIA Technologies Inc.,Ltd)
DRV - (ql40xx) -- C:\Windows\system32\drivers\ql40xx.sys (QLogic Corporation)
DRV - (UlSata) -- C:\Windows\system32\drivers\ulsata.sys (Promise Technology, Inc.)
DRV - (adpu160m) -- C:\Windows\system32\drivers\adpu160m.sys (Adaptec, Inc.)
DRV - (nvraid) -- C:\Windows\system32\drivers\nvraid.sys (NVIDIA Corporation)
DRV - (nfrd960) -- C:\Windows\system32\drivers\nfrd960.sys (IBM Corporation)
DRV - (iirsp) -- C:\Windows\system32\drivers\iirsp.sys (Intel Corp./ICP vortex GmbH)
DRV - (TPM) -- C:\Windows\System32\drivers\tpm.sys (Microsoft Corporation)
DRV - (SiSRaid4) -- C:\Windows\system32\drivers\sisraid4.sys (Silicon Integrated Systems)
DRV - (nvstor) -- C:\Windows\system32\drivers\nvstor.sys (NVIDIA Corporation)
DRV - (aic78xx) -- C:\Windows\system32\drivers\djsvs.sys (Adaptec, Inc.)
DRV - (arcsas) -- C:\Windows\system32\drivers\arcsas.sys (Adaptec, Inc.)
DRV - (LSI_SCSI) -- C:\Windows\system32\drivers\lsi_scsi.sys (LSI Logic)
DRV - (SiSRaid2) -- C:\Windows\system32\drivers\sisraid2.sys (Silicon Integrated Systems Corp.)
DRV - (HpCISSs) -- C:\Windows\system32\drivers\hpcisss.sys (Hewlett-Packard Company)
DRV - (arc) -- C:\Windows\system32\drivers\arc.sys (Adaptec, Inc.)
DRV - (iteraid) -- C:\Windows\system32\drivers\iteraid.sys (Integrated Technology Express, Inc.)
DRV - (iteatapi) -- C:\Windows\system32\drivers\iteatapi.sys (Integrated Technology Express, Inc.)
DRV - (LSI_SAS) -- C:\Windows\system32\drivers\lsi_sas.sys (LSI Logic)
DRV - (Symc8xx) -- C:\Windows\system32\drivers\symc8xx.sys (LSI Logic)
DRV - (LSI_FC) -- C:\Windows\system32\drivers\lsi_fc.sys (LSI Logic)
DRV - (Sym_u3) -- C:\Windows\system32\drivers\sym_u3.sys (LSI Logic)
DRV - (Mraid35x) -- C:\Windows\system32\drivers\mraid35x.sys (LSI Logic Corporation)
DRV - (Sym_hi) -- C:\Windows\system32\drivers\sym_hi.sys (LSI Logic)
DRV - (megasas) -- C:\Windows\system32\drivers\megasas.sys (LSI Logic Corporation)
DRV - (viaide) -- C:\Windows\system32\drivers\viaide.sys (VIA Technologies, Inc.)
DRV - (cmdide) -- C:\Windows\system32\drivers\cmdide.sys (CMD Technology, Inc.)
DRV - (aliide) -- C:\Windows\system32\drivers\aliide.sys (Acer Laboratories Inc.)
DRV - (Brserid) Brother MFC Serial Port Interface Driver (WDM) -- C:\Windows\system32\drivers\brserid.sys (Brother Industries Ltd.)
DRV - (BrUsbSer) -- C:\Windows\system32\drivers\brusbser.sys (Brother Industries Ltd.)
DRV - (BrFiltUp) -- C:\Windows\system32\drivers\brfiltup.sys (Brother Industries, Ltd.)
DRV - (BrFiltLo) -- C:\Windows\system32\drivers\brfiltlo.sys (Brother Industries, Ltd.)
DRV - (BrSerWdm) -- C:\Windows\system32\drivers\brserwdm.sys (Brother Industries Ltd.)
DRV - (BrUsbMdm) -- C:\Windows\system32\drivers\brusbmdm.sys (Brother Industries Ltd.)
DRV - (ntrigdigi) -- C:\Windows\system32\drivers\ntrigdigi.sys (N-trig Innovative Technologies)
DRV - (RTL8169) -- C:\Windows\System32\drivers\Rtlh86.sys (Realtek Corporation)
DRV - (NETw3v32) Intel(R) -- C:\Windows\System32\drivers\NETw3v32.sys (Intel® Corporation)
DRV - (E1G60) Intel(R) -- C:\Windows\System32\drivers\E1G60I32.sys (Intel Corporation)
DRV - (Tosrfusb) -- C:\Windows\System32\drivers\tosrfusb.sys (TOSHIBA CORPORATION)
DRV - (tosporte) -- C:\Windows\System32\drivers\tosporte.sys (TOSHIBA Corporation)
DRV - (Tosrfhid) -- C:\Windows\System32\drivers\Tosrfhid.sys (TOSHIBA Corporation.)
DRV - (ApfiltrService) -- C:\Windows\System32\drivers\Apfiltr.sys (Alps Electric Co., Ltd.)
DRV - (Tosrfcom) -- C:\Windows\System32\drivers\tosrfcom.sys (TOSHIBA Corporation)
DRV - (tosrfnds) -- C:\Windows\System32\drivers\tosrfnds.sys (TOSHIBA Corporation.)
DRV - (sfdrv01) StarForce Protection Environment Driver (version 1.x) -- C:\Windows\System32\drivers\sfdrv01.sys (Protection Technology)
DRV - (sfhlp02) StarForce Protection Helper Driver (version 2.x) -- C:\Windows\System32\drivers\sfhlp02.sys (Protection Technology)
 
 
========== Standard Registry (SafeList) ==========
 
 
========== Internet Explorer ==========
 
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = %SystemRoot%\system32\blank.htm
 
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://qip.ru
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Search_URL = hxxp://search.qip.ru
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = hxxp://search.qip.ru
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://qip.ru
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,StartPageCache = 1
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = hxxp://search.qip.ru/ie
IE - HKCU\..\URLSearchHook:  - Reg Error: Key error. File not found
IE - HKCU\..\URLSearchHook: {855F3B16-6D32-4fe6-8A56-BBB695989046} - C:\Program Files\ICQ6Toolbar\ICQToolBar.dll (ICQ)
IE - HKCU\..\URLSearchHook: {A55F9C95-2BB1-4EA2-BC77-DFAAB78832CE} - C:\Users\***\AppData\Roaming\Microsoft\Internet Explorer\qipsearchbar.dll (qip.ru)
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local
 
========== FireFox ==========
 
FF - prefs.js..browser.search.defaultenginename: "QIP Search"
FF - prefs.js..browser.search.selectedEngine: "Wikipedia (en)"
FF - prefs.js..browser.search.useDBForOrder: true
FF - prefs.js..browser.startup.homepage: "hxxp://www.spiegel.de/"
FF - prefs.js..extensions.enabledItems: searchdictcc@roughael:1.0
FF - prefs.js..extensions.enabledItems: OpenXMLViewer@Codeplex.com:1.0.0.0
FF - prefs.js..extensions.enabledItems: firefox@tvunetworks.com:2
FF - prefs.js..extensions.enabledItems: 4
FF - prefs.js..extensions.enabledItems: 9
FF - prefs.js..extensions.enabledItems: 1
FF - prefs.js..keyword.URL: "hxxp://search.qip.ru/search?from=FF&query="
FF - prefs.js..network.proxy.backup.ftp: ""
FF - prefs.js..network.proxy.backup.ftp_port: 0
FF - prefs.js..network.proxy.backup.gopher: ""
FF - prefs.js..network.proxy.backup.gopher_port: 0
FF - prefs.js..network.proxy.backup.socks: ""
FF - prefs.js..network.proxy.backup.socks_port: 0
FF - prefs.js..network.proxy.backup.ssl: ""
FF - prefs.js..network.proxy.backup.ssl_port: 0
FF - prefs.js..network.proxy.ftp: "143.93.243.1"
FF - prefs.js..network.proxy.ftp_port: 3128
FF - prefs.js..network.proxy.gopher: "143.93.243.1"
FF - prefs.js..network.proxy.gopher_port: 3128
FF - prefs.js..network.proxy.http: "143.93.243.1"
FF - prefs.js..network.proxy.http_port: 3128
FF - prefs.js..network.proxy.share_proxy_settings: true
FF - prefs.js..network.proxy.socks: "143.93.243.1"
FF - prefs.js..network.proxy.socks_port: 3128
FF - prefs.js..network.proxy.ssl: "143.93.243.1"
FF - prefs.js..network.proxy.ssl_port: 3128
 
 
FF - HKLM\software\mozilla\Mozilla Firefox 3.5.11\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2010.08.04 20:19:44 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.5.11\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2010.08.04 20:19:44 | 000,000,000 | ---D | M]
 
[2008.10.27 18:08:32 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\mozilla\Extensions
[2010.09.07 21:37:20 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\mozilla\Firefox\Profiles\tu3325ox.default\extensions
[2009.09.02 21:03:36 | 000,000,000 | ---D | M] (Microsoft .NET Framework Assistant) -- C:\Users\Pe\AppData\Roaming\mozilla\Firefox\Profiles\tu3325ox.default\extensions\{20a82645-c095-46ed-80e3-08825760534b}
[2009.11.10 21:22:16 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\mozilla\Firefox\Profiles\tu3325ox.default\extensions\firefox@tvunetworks.com
[2010.05.03 13:29:13 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\mozilla\Firefox\Profiles\tu3325ox.default\extensions\OpenXMLViewer@Codeplex.com
[2010.03.28 21:16:49 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\mozilla\Firefox\Profiles\tu3325ox.default\extensions\searchdictcc@roughael
[2010.08.22 16:46:35 | 000,001,340 | ---- | M] () -- C:\Users\***\AppData\Roaming\Mozilla\FireFox\Profiles\tu3325ox.default\searchplugins\wikipedia-en.xml
[2010.03.15 15:12:01 | 000,000,000 | ---D | M] -- C:\Program Files\Mozilla Firefox\extensions
[2009.07.16 20:13:43 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\extensions\{800b5000-a755-47e1-992b-48a1c1357f07}
[2008.09.04 02:11:24 | 000,054,600 | ---- | M] (BitTorrent, Inc.) -- C:\Program Files\Mozilla Firefox\plugins\npbittorrent.dll
[2008.08.07 15:53:06 | 001,271,760 | ---- | M] (1 mal 1 Software GmbH) -- C:\Program Files\Mozilla Firefox\plugins\NpFv501.dll
[2010.02.19 16:26:07 | 000,001,392 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\amazondotcom-de.xml
[2010.02.19 16:26:07 | 000,002,344 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\eBay-de.xml
[2010.02.19 16:26:07 | 000,006,805 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\leo_ende_de.xml
[2010.02.19 16:26:07 | 000,001,178 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\wikipedia-de.xml
[2010.02.19 16:26:07 | 000,000,801 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\yahoo-de.xml
 
O1 HOSTS File: ([2006.09.18 23:41:30 | 000,000,761 | ---- | M]) - C:\Windows\System32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1      localhost
O1 - Hosts: ::1            localhost
O2 - BHO: (Java(tm) Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre6\bin\ssv.dll (Sun Microsystems, Inc.)
O2 - BHO: (QIPBHO Class) - {A55F9C95-2BB1-4EA2-BC77-DFAAB78832CE} - C:\Users\Pe\AppData\Roaming\Microsoft\Internet Explorer\qipsearchbar.dll (qip.ru)
O3 - HKLM\..\Toolbar: (ICQToolBar) - {855F3B16-6D32-4fe6-8A56-BBB695989046} - C:\Program Files\ICQ6Toolbar\ICQToolBar.dll (ICQ)
O4 - HKLM..\Run: [ATKMEDIA] C:\Program Files\ASUS\ATK Media\DMedia.exe (ASUSTeK Computer INC.)
O4 - HKLM..\Run: [avgnt] C:\Program Files\Avira\AntiVir Desktop\avgnt.exe (Avira GmbH)
O4 - HKLM..\Run: [BCD3000] C:\Windows\System32\bcd3kcpan.exe File not found
O4 - HKLM..\Run: [ Malwarebytes Anti-Malware (reboot)] C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe (Malwarebytes Corporation)
O4 - HKLM..\Run: [MSConfig] C:\Windows\System32\msconfig.exe (Microsoft Corporation)
O4 - HKLM..\Run: [NvCplDaemon] C:\Windows\System32\NvCpl.DLL (NVIDIA Corporation)
O4 - HKLM..\Run: [NvMediaCenter] C:\Windows\System32\NvMcTray.DLL (NVIDIA Corporation)
O4 - HKLM..\Run: [NvSvc] C:\Windows\System32\nvsvc.DLL (NVIDIA Corporation)
O4 - HKLM..\Run: [RtHDVCpl] C:\Windows\RtHDVCpl.exe (Realtek Semiconductor)
O4 - HKLM..\Run: [SMSERIAL] C:\Program Files\Motorola\SMSERIAL\sm56hlpr.exe (Motorola Inc.)
O4 - HKLM..\Run: [Windows Defender] C:\Program Files\Windows Defender\MSASCui.exe (Microsoft Corporation)
O4 - HKCU..\Run: [Driver Updater]  File not found
O4 - HKCU..\Run: [QIP Internet Guardian] C:\Users\***\AppData\Roaming\QipGuard\QipGuard.exe ()
O8 - Extra context menu item: Nach Microsoft &Excel exportieren - C:\Program Files\Microsoft Office\Office10\EXCEL.EXE (Microsoft Corporation)
O9 - Extra Button: ICQ6 - {E59EB121-F339-4851-A3BA-FE49C35617C2} - C:\Program Files\ICQ6.5\ICQ.exe (ICQ, LLC.)
O9 - Extra 'Tools' menuitem : ICQ6 - {E59EB121-F339-4851-A3BA-FE49C35617C2} - C:\Program Files\ICQ6.5\ICQ.exe (ICQ, LLC.)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000008 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O13 - gopher Prefix: missing
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_11-windows-i586.cab (Java Plug-in 1.6.0_11)
O16 - DPF: {CAFEEFAC-0016-0000-0011-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_11-windows-i586.cab (Java Plug-in 1.6.0_11)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_11-windows-i586.cab (Java Plug-in 1.6.0_11)
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} hxxp://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab (Shockwave Flash Object)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.2.1
O18 - Protocol\Handler\ms-help {314111c7-a502-11d2-bbca-00c04f8ec294} - C:\Program Files\Common Files\microsoft shared\Help\hxds.dll (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O24 - Desktop WallPaper: C:\Users\***\AppData\Roaming\Microsoft\Windows Photo Gallery\Hintergrundbild der Windows-Fotogalerie.jpg
O24 - Desktop BackupWallPaper: C:\Users\Pe\AppData\Roaming\Microsoft\Windows Photo Gallery\Hintergrundbild der Windows-Fotogalerie.jpg
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2006.09.18 23:43:36 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]
O33 - MountPoints2\{656d6693-d735-11dd-af09-002215297035}\Shell - "" = AutoRun
O33 - MountPoints2\{656d6693-d735-11dd-af09-002215297035}\Shell\AutoRun\command - "" = F:\LaunchU3.exe -- File not found
O33 - MountPoints2\{7d503b4c-8ada-11dd-9ca3-001bfc12d2b7}\Shell\AutoRun\command - "" = E:\programs\nu2menu\nu2menu.exe -- File not found
O33 - MountPoints2\{84734a14-5364-11de-9a45-002215297035}\Shell\AutoRun\command - "" = E:\HEILER.EXE -- File not found
O33 - MountPoints2\{84734a14-5364-11de-9a45-002215297035}\Shell\dismount\command - "" = E:\HEILER.EXE -- File not found
O33 - MountPoints2\{84734a14-5364-11de-9a45-002215297035}\Shell\open\command - "" = E:\HEILER.EXE -- File not found
O33 - MountPoints2\{84734a14-5364-11de-9a45-002215297035}\Shell\sz\command - "" = E:\HEILER.EXE -- File not found
O33 - MountPoints2\F\Shell - "" = AutoRun
O33 - MountPoints2\F\Shell\AutoRun\command - "" = F:\LaunchU3.exe -- File not found
O34 - HKLM BootExecute: (autocheck autochk *) -  File not found
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKCU\...exe [@ = exefile] -- Reg Error: Key error. File not found
 
========== Files/Folders - Created Within 30 Days ==========
 
[2010.09.02 14:44:54 | 000,000,000 | ---D | C] -- C:\Program Files\Kazaa Lite
[2010.09.02 14:40:11 | 000,000,000 | ---D | C] -- C:\Program Files\K-Lite
[2010.08.30 20:59:04 | 000,000,000 | ---D | C] -- C:\Users\Pe\AppData\Roaming\EB-Edit
[2010.08.30 20:59:03 | 000,000,000 | ---D | C] -- C:\Program Files\EB-Edit
[2010.08.18 22:09:26 | 000,000,000 | ---D | C] -- C:\Program Files\Cyanide
[2010.08.18 16:18:12 | 000,000,000 | ---D | C] -- C:\Users\Pe\Desktop\ebay
[2010.08.15 19:23:26 | 000,081,920 | ---- | C] (Radius Inc.) -- C:\Windows\System32\iccvid.dll
[2010.08.15 19:23:11 | 000,193,024 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\iepeers.dll
[2010.08.15 19:23:11 | 000,078,336 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ieencode.dll
[2010.08.15 19:23:10 | 000,380,928 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ieapfltr.dll
[2010.08.15 19:22:35 | 002,037,760 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\win32k.sys
[2010.08.15 19:22:26 | 000,036,864 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\rtutils.dll
[2010.08.15 19:21:58 | 003,600,768 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ntkrnlpa.exe
[2010.08.15 19:21:58 | 003,548,040 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ntoskrnl.exe
[1 C:\Users\Pe\*.tmp files -> C:\Users\Pe\*.tmp -> ]
 
========== Files - Modified Within 30 Days ==========
 
[2010.09.08 19:27:34 | 003,407,872 | -HS- | M] () -- C:\Users\***\NTUSER.DAT
[2010.09.08 19:15:57 | 000,012,884 | ---- | M] () -- C:\Users\***\AppData\Roaming\nvModes.dat
[2010.09.08 19:15:48 | 000,012,884 | ---- | M] () -- C:\Users\***\AppData\Roaming\nvModes.001
[2010.09.08 19:14:51 | 000,003,168 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0
[2010.09.08 19:14:51 | 000,003,168 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0
[2010.09.08 19:14:50 | 000,000,006 | -H-- | M] () -- C:\Windows\tasks\SA.DAT
[2010.09.08 19:14:43 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2010.09.08 19:14:35 | 2146,689,024 | -HS- | M] () -- C:\hiberfil.sys
[2010.09.08 19:13:28 | 000,000,012 | ---- | M] () -- C:\Windows\bthservsdp.dat
[2010.09.08 19:13:18 | 000,524,288 | -HS- | M] () -- C:\Users\***\NTUSER.DAT{3a539871-6a70-11db-887c-d362bd253390}.TMContainer00000000000000000001.regtrans-ms
[2010.09.08 19:13:18 | 000,065,536 | -HS- | M] () -- C:\Users\***\NTUSER.DAT{3a539871-6a70-11db-887c-d362bd253390}.TM.blf
[2010.09.08 19:13:17 | 006,291,456 | -H-- | M] () -- C:\Users\***\AppData\Local\IconCache.db
[2010.09.08 18:47:51 | 000,045,056 | ---- | M] () -- C:\Windows\System32\acovcnt.exe
[2010.09.08 18:44:15 | 000,000,785 | ---- | M] () -- C:\Users\Public\Desktop\Malwarebytes' Anti-Malware.lnk
[2010.09.08 18:05:18 | 000,000,412 | -H-- | M] () -- C:\Windows\tasks\User_Feed_Synchronization-{D39855D2-C632-4CEC-BD8A-2FE67603F96A}.job
[2010.09.05 16:27:49 | 000,217,088 | ---- | M] () -- C:\Users\***\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2010.09.04 15:59:24 | 000,016,896 | ---- | M] () -- C:\Users\***\Desktop\Aufgaben Barentin.xls
[2010.09.02 14:21:00 | 000,025,600 | ---- | M] () -- C:\Users\***\Desktop\Artikel DJK Andernach - RC Barentin.doc
[2010.09.01 15:16:45 | 001,432,288 | ---- | M] () -- C:\Windows\System32\PerfStringBackup.INI
[2010.09.01 15:16:45 | 000,623,280 | ---- | M] () -- C:\Windows\System32\perfh007.dat
[2010.09.01 15:16:45 | 000,591,320 | ---- | M] () -- C:\Windows\System32\perfh009.dat
[2010.09.01 15:16:45 | 000,125,184 | ---- | M] () -- C:\Windows\System32\perfc007.dat
[2010.09.01 15:16:45 | 000,103,194 | ---- | M] () -- C:\Windows\System32\perfc009.dat
[2010.08.31 12:33:59 | 000,003,123 | ---- | M] () -- C:\Users\***\Documents\jeah.axp
[2010.08.31 00:33:49 | 000,060,432 | ---- | M] () -- C:\Users\***\AppData\Roaming\GDIPFONTCACHEV1.DAT
[2010.08.24 19:19:19 | 000,099,030 | ---- | M] () -- C:\Users\***\Desktop\40082_1588716194922_1146335417_31745850_5035355_n.jpg
[2010.08.23 17:01:05 | 000,032,256 | ---- | M] () -- C:\Users\***\Desktop\Mannschaftskader DJK Andernach 2010-2011.xls
[2010.08.22 13:14:08 | 000,001,702 | ---- | M] () -- C:\Users\***\Documents\eah.axp
[2010.08.16 16:23:33 | 000,271,040 | ---- | M] () -- C:\Windows\System32\FNTCACHE.DAT
[1 C:\Users\Pe\*.tmp files -> C:\Users\Pe\*.tmp -> ]
 
========== Files Created - No Company Name ==========
 
[2010.09.08 18:44:15 | 000,000,785 | ---- | C] () -- C:\Users\Public\Desktop\Malwarebytes' Anti-Malware.lnk
[2010.09.04 15:59:24 | 000,016,896 | ---- | C] () -- C:\Users\***\Desktop\***.xls
[2010.09.02 02:32:24 | 000,025,600 | ---- | C] () -- C:\Users\***\Desktop\***.doc
[2010.08.31 12:32:46 | 000,003,123 | ---- | C] () -- C:\Users\***\Documents\jeah.axp
[2010.08.24 19:18:55 | 000,099,030 | ---- | C] () -- C:\Users\***\Desktop\40082_1588716194922_1146335417_31745850_5035355_n.jpg
[2010.08.23 00:53:27 | 000,032,256 | ---- | C] () -- C:\Users\***\Desktop\***.xls
[2010.08.22 13:14:08 | 000,001,702 | ---- | C] () -- C:\Users\***\Documents\eah.axp
[2010.03.22 22:49:02 | 000,000,008 | ---- | C] () -- C:\Users\***\AppData\Roaming\jasltw.dat
[2010.03.04 00:16:50 | 000,011,286 | -HS- | C] () -- C:\Users\***\AppData\Local\5720XLfeqCs
[2010.02.03 16:42:23 | 000,004,940 | ---- | C] () -- C:\ProgramData\mtbjfghn.xbe
[2010.01.26 03:44:59 | 000,000,116 | ---- | C] () -- C:\Windows\System32\applet.ini
[2009.11.18 18:08:21 | 000,005,378 | ---- | C] () -- C:\Windows\PSPICEEV.INI
[2009.11.18 18:08:17 | 000,176,128 | ---- | C] () -- C:\Windows\System32\lffax60n.dll
[2009.11.18 18:08:17 | 000,141,824 | ---- | C] () -- C:\Windows\System32\lfcmp60n.dll
[2009.11.18 18:08:17 | 000,110,080 | ---- | C] () -- C:\Windows\System32\lfpng60n.dll
[2009.11.18 18:08:17 | 000,046,080 | ---- | C] () -- C:\Windows\System32\lftif60n.dll
[2009.11.18 18:08:17 | 000,043,008 | ---- | C] () -- C:\Windows\System32\ltfil60n.dll
[2009.11.18 18:08:17 | 000,023,552 | ---- | C] () -- C:\Windows\System32\lfpcx60n.dll
[2009.11.18 18:08:17 | 000,022,528 | ---- | C] () -- C:\Windows\System32\lfpct60n.dll
[2009.11.18 18:08:17 | 000,022,528 | ---- | C] () -- C:\Windows\System32\lfeps60n.dll
[2009.11.18 18:08:17 | 000,022,016 | ---- | C] () -- C:\Windows\System32\lfbmp60n.dll
[2009.11.18 18:08:17 | 000,020,480 | ---- | C] () -- C:\Windows\System32\lfpsd60n.dll
[2009.11.18 18:08:17 | 000,019,968 | ---- | C] () -- C:\Windows\System32\lftga60n.dll
[2009.11.18 18:08:17 | 000,019,456 | ---- | C] () -- C:\Windows\System32\lfwpg60n.dll
[2009.11.18 18:08:17 | 000,019,456 | ---- | C] () -- C:\Windows\System32\lfwmf60n.dll
[2009.11.18 18:08:17 | 000,018,432 | ---- | C] () -- C:\Windows\System32\lfmsp60n.dll
[2009.11.18 18:08:17 | 000,017,920 | ---- | C] () -- C:\Windows\System32\lfmac60n.dll
[2009.11.18 18:08:17 | 000,017,920 | ---- | C] () -- C:\Windows\System32\implode.dll
[2009.11.12 20:27:20 | 000,000,410 | ---- | C] () -- C:\Users\***\AppData\Roaming\Solve Elec 2.5 Prefs
[2009.09.01 20:41:37 | 000,022,016 | ---- | C] () -- C:\Windows\System32\prospeed_bmp2jpg.dll
[2009.07.22 20:19:52 | 000,117,248 | ---- | C] () -- C:\Windows\System32\EhStorAuthn.dll
[2008.11.30 18:07:55 | 000,000,400 | ---- | C] () -- C:\Windows\ODBC.INI
[2008.11.30 17:56:36 | 000,639,224 | ---- | C] () -- C:\Windows\System32\drivers\sptd.sys
[2008.11.02 17:00:59 | 000,000,680 | ---- | C] () -- C:\Users\***\AppData\Local\d3d9caps.dat
[2008.10.04 02:02:30 | 000,027,648 | ---- | C] () -- C:\Windows\System32\AVSredirect.dll
[2008.10.01 22:22:08 | 000,217,088 | ---- | C] () -- C:\Users\***\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2008.09.18 20:37:44 | 000,012,884 | ---- | C] () -- C:\Users\***\AppData\Roaming\nvModes.001
[2008.09.18 20:37:42 | 000,012,884 | ---- | C] () -- C:\Users\***\AppData\Roaming\nvModes.dat
[2008.09.17 17:48:41 | 000,012,288 | ---- | C] () -- C:\Windows\impborl.dll
[2007.04.18 11:06:01 | 000,000,010 | ---- | C] () -- C:\Windows\System32\ABLKSR.ini
[2007.03.12 18:41:22 | 000,010,752 | ---- | C] () -- C:\Windows\System32\ff_vfw.dll
[2007.02.06 02:05:26 | 000,000,038 | ---- | C] () -- C:\Windows\AviSplitter.INI
[2006.12.05 22:05:06 | 000,114,688 | ---- | C] () -- C:\Windows\System32\TosBtAcc.dll
[2006.11.02 14:35:32 | 000,005,632 | ---- | C] () -- C:\Windows\System32\sysprepMCE.dll
[2006.11.02 09:40:29 | 000,013,750 | ---- | C] () -- C:\Windows\System32\pacerprf.ini
[2006.11.01 21:54:30 | 000,180,224 | ---- | C] () -- C:\Windows\System32\xvidvfw.dll
[2006.11.01 21:52:38 | 000,765,952 | ---- | C] () -- C:\Windows\System32\xvidcore.dll
[2005.11.08 00:32:46 | 003,088,384 | ---- | C] () -- C:\Windows\System32\erdmpg-4.dll
[2005.11.05 04:57:14 | 000,258,048 | ---- | C] () -- C:\Windows\System32\Manipulate.dll
[2005.07.23 06:30:20 | 000,065,536 | ---- | C] () -- C:\Windows\System32\TosCommAPI.dll
[2003.08.07 21:01:50 | 000,237,568 | ---- | C] () -- C:\Windows\System32\lame_enc.dll
< End of report >
Extras.txt
Code:
OTL Extras logfile created on: 08.09.2010 19:27:25 - Run 1
OTL by OldTimer - Version 3.2.11.0    Folder = C:\Users\OTL logfile created on: 08.09.2010 19:27:25 - Run 1
OTL by OldTimer - Version 3.2.11.0    Folder = C:\Users\***\Downloads
Windows Vista Home Premium Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation
Internet Explorer (Version = 7.0.6002.18005)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
 
2,00 Gb Total Physical Memory | 1,00 Gb Available Physical Memory | 63,00% Memory free
4,00 Gb Paging File | 3,00 Gb Available in Paging File | 77,00% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 104,95 Gb Total Space | 1,71 Gb Free Space | 1,63% Space Free | Partition Type: NTFS
D: Drive not present or media not loaded
E: Drive not present or media not loaded
F: Drive not present or media not loaded
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded
 
Computer Name: ***
Current User Name: ***
Logged in as Administrator.
 
Current Boot Mode: Normal
Scan Mode: Current user
Company Name Whitelist: Off
Skip Microsoft Files: Off
File Age = 30 Days
Output = Minimal
 
========== Processes (SafeList) ==========
 
PRC - C:\Users\***\Downloads\OTL.exe (OldTimer Tools)
PRC - C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation)
PRC - C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe (Apple Inc.)
PRC - C:\Users\Pe\AppData\Roaming\QipGuard\QipGuard.exe ()
PRC - C:\Program Files\Avira\AntiVir Desktop\avguard.exe (Avira GmbH)
PRC - C:\Program Files\Avira\AntiVir Desktop\sched.exe (Avira GmbH)
PRC - C:\Windows\explorer.exe (Microsoft Corporation)
PRC - C:\Program Files\Avira\AntiVir Desktop\avgnt.exe (Avira GmbH)
PRC - C:\Program Files\CDBurnerXP\NMSAccessU.exe ()
PRC - C:\Program Files\Windows Defender\MSASCui.exe (Microsoft Corporation)
PRC - C:\Windows\RtHDVCpl.exe (Realtek Semiconductor)
PRC - C:\Program Files\ATK Hotkey\HControl.exe (ATK0100)
PRC - C:\Program Files\ATK Hotkey\ASLDRSrv.exe ()
PRC - C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtMng.exe (TOSHIBA CORPORATION.)
PRC - C:\Program Files\ASUS\Splendid\ACMON.exe (ATK)
PRC - C:\Program Files\ATKOSD2\ATKOSD2.exe ()
PRC - C:\Program Files\P4G\BatteryLife.exe (ATK)
PRC - C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosA2dp.exe (TOSHIBA CORPORATION.)
PRC - C:\Program Files\ASUS\NB Probe\SPM\spmgr.exe ()
PRC - C:\Program Files\Wireless Console 2\wcourier.exe ()
PRC - C:\Program Files\ATK Hotkey\ATKOSD.exe ()
PRC - C:\Windows\System32\StkCSrv.exe (Syntek America Inc.)
PRC - C:\Program Files\ASUS\Net4Switch\Net4Switch.exe (ASUS)
PRC - C:\Program Files\Motorola\SMSERIAL\sm56hlpr.exe (Motorola Inc.)
PRC - C:\Program Files\ASUS\ATK Media\DMedia.exe (ASUSTeK Computer INC.)
PRC - C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtSrv.exe (TOSHIBA CORPORATION)
PRC - C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtHSP.exe (TOSHIBA CORPORATION.)
PRC - C:\Program Files\Apoint2K\Apvfb.exe (ALPS)
PRC - C:\Program Files\Apoint2K\hidfind.exe (Alps Electric Co., Ltd.)
PRC - C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtHid.exe (TOSHIBA CORPORATION.)
PRC - C:\Windows\System32\ACEngSvr.exe (ASUSTeK)
 
 
========== Modules (SafeList) ==========
 
MOD - C:\Users\***\Downloads\OTL.exe (OldTimer Tools)
MOD - C:\Windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.6002.18005_none_5cb72f96088b0de0\comctl32.dll (Microsoft Corporation)
MOD - C:\Windows\System32\msscript.ocx (Microsoft Corporation)
 
 
========== Win32 Services (SafeList) ==========
 
SRV - (CLTNetCnService) -- C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe File not found
SRV - (Apple Mobile Device) -- C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe (Apple Inc.)
SRV - (FontCache) -- C:\Windows\System32\FntCache.dll (Microsoft Corporation)
SRV - (AntiVirService) -- C:\Program Files\Avira\AntiVir Desktop\avguard.exe (Avira GmbH)
SRV - (AntiVirSchedulerService) -- C:\Program Files\Avira\AntiVir Desktop\sched.exe (Avira GmbH)
SRV - (NMSAccessU) -- C:\Program Files\CDBurnerXP\NMSAccessU.exe ()
SRV - (WinDefend) -- C:\Program Files\Windows Defender\MpSvc.dll (Microsoft Corporation)
SRV - (ASLDRService) -- C:\Program Files\ATK Hotkey\ASLDRSrv.exe ()
SRV - (spmgr) -- C:\Program Files\ASUS\NB Probe\SPM\spmgr.exe ()
SRV - (StkSSrv) -- C:\Windows\System32\StkCSrv.exe (Syntek America Inc.)
SRV - (TOSHIBA Bluetooth Service) -- C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtSrv.exe (TOSHIBA CORPORATION)
 
 
========== Driver Services (SafeList) ==========
 
DRV - (NwlnkFwd) -- C:\Windows\System32\DRIVERS\nwlnkfwd.sys File not found
DRV - (NwlnkFlt) -- C:\Windows\System32\DRIVERS\nwlnkflt.sys File not found
DRV - (ipswuio) -- C:\Windows\System32\DRIVERS\ipswuio.sys File not found
DRV - (IpInIp) -- C:\Windows\System32\DRIVERS\ipinip.sys File not found
DRV - (cpuz129) -- C:\Users\***\AppData\Local\Temp\cpuz_x32.sys File not found
DRV - (blbdrive) -- C:\Windows\System32\drivers\blbdrive.sys File not found
DRV - (avgntflt) -- C:\Windows\System32\drivers\avgntflt.sys (Avira GmbH)
DRV - (BCD3000) -- C:\Windows\System32\drivers\BCD3000.SYS (Behringer Spezielle Studiotechnik GmbH)
DRV - (BCD3000WDM) -- C:\Windows\System32\drivers\BCD3000WDM.SYS (Behringer Spezielle Studiotechnik GmbH)
DRV - (athr) -- C:\Windows\System32\drivers\athr.sys (Atheros Communications, Inc.)
DRV - (ssmdrv) -- C:\Windows\System32\drivers\ssmdrv.sys (Avira GmbH)
DRV - (usbaudio) USB-Audiotreiber (WDM) -- C:\Windows\System32\drivers\USBAUDIO.sys (Microsoft Corporation)
DRV - (avipbb) -- C:\Windows\System32\drivers\avipbb.sys (Avira GmbH)
DRV - (avgio) -- C:\Program Files\Avira\AntiVir Desktop\avgio.sys (Avira GmbH)
DRV - (sptd) -- C:\Windows\System32\Drivers\sptd.sys ()
DRV - (MODEMCSA) -- C:\Windows\System32\drivers\MODEMCSA.sys (Microsoft Corporation)
DRV - (Sntnlusb) -- C:\Windows\System32\drivers\SNTNLUSB.SYS (Rainbow Technologies Inc.)
DRV - (Sentinel) -- C:\Windows\System32\Drivers\SENTINEL.SYS (Rainbow Technologies, Inc.)
DRV - (IntcAzAudAddService) Service for Realtek HD Audio (WDM) -- C:\Windows\System32\drivers\RTKVHDA.sys (Realtek Semiconductor Corp.)
DRV - (nvstor32) -- C:\Windows\system32\DRIVERS\nvstor32.sys (NVIDIA Corporation)
DRV - (StkCMini) -- C:\Windows\System32\drivers\StkCMini.sys (Syntek)
DRV - (nvlddmkm) -- C:\Windows\System32\drivers\nvlddmkm.sys (NVIDIA Corporation)
DRV - (NVENETFD) -- C:\Windows\System32\drivers\nvmfdx32.sys (NVIDIA Corporation)
DRV - (WCPU) -- C:\Program Files\P4G\WCPU.sys (Windows (R) Codename Longhorn DDK provider)
DRV - (ghaio) -- C:\Program Files\ASUS\NB Probe\SPM\ghaio.sys ()
DRV - (MTsensor) -- C:\Windows\System32\drivers\ATKACPI.sys (ATK0100)
DRV - (tosrfbd) -- C:\Windows\System32\drivers\tosrfbd.sys (TOSHIBA CORPORATION)
DRV - (smserial) -- C:\Windows\System32\drivers\smserial.sys (Motorola Inc.)
DRV - (tosrfbnp) -- C:\Windows\System32\drivers\tosrfbnp.sys (TOSHIBA Corporation)
DRV - (rimmptsk) -- C:\Windows\System32\drivers\rimmptsk.sys (REDC)
DRV - (rimsptsk) -- C:\Windows\System32\drivers\rimsptsk.sys (REDC)
DRV - (ql2300) -- C:\Windows\system32\drivers\ql2300.sys (QLogic Corporation)
DRV - (adp94xx) -- C:\Windows\system32\drivers\adp94xx.sys (Adaptec, Inc.)
DRV - (elxstor) -- C:\Windows\system32\drivers\elxstor.sys (Emulex)
DRV - (adpahci) -- C:\Windows\system32\drivers\adpahci.sys (Adaptec, Inc.)
DRV - (uliahci) -- C:\Windows\system32\drivers\uliahci.sys (ULi Electronics Inc.)
DRV - (iaStorV) -- C:\Windows\system32\drivers\iastorv.sys (Intel Corporation)
DRV - (adpu320) -- C:\Windows\system32\drivers\adpu320.sys (Adaptec, Inc.)
DRV - (ulsata2) -- C:\Windows\system32\drivers\ulsata2.sys (Promise Technology, Inc.)
DRV - (vsmraid) -- C:\Windows\system32\drivers\vsmraid.sys (VIA Technologies Inc.,Ltd)
DRV - (ql40xx) -- C:\Windows\system32\drivers\ql40xx.sys (QLogic Corporation)
DRV - (UlSata) -- C:\Windows\system32\drivers\ulsata.sys (Promise Technology, Inc.)
DRV - (adpu160m) -- C:\Windows\system32\drivers\adpu160m.sys (Adaptec, Inc.)
DRV - (nvraid) -- C:\Windows\system32\drivers\nvraid.sys (NVIDIA Corporation)
DRV - (nfrd960) -- C:\Windows\system32\drivers\nfrd960.sys (IBM Corporation)
DRV - (iirsp) -- C:\Windows\system32\drivers\iirsp.sys (Intel Corp./ICP vortex GmbH)
DRV - (TPM) -- C:\Windows\System32\drivers\tpm.sys (Microsoft Corporation)
DRV - (SiSRaid4) -- C:\Windows\system32\drivers\sisraid4.sys (Silicon Integrated Systems)
DRV - (nvstor) -- C:\Windows\system32\drivers\nvstor.sys (NVIDIA Corporation)
DRV - (aic78xx) -- C:\Windows\system32\drivers\djsvs.sys (Adaptec, Inc.)
DRV - (arcsas) -- C:\Windows\system32\drivers\arcsas.sys (Adaptec, Inc.)
DRV - (LSI_SCSI) -- C:\Windows\system32\drivers\lsi_scsi.sys (LSI Logic)
DRV - (SiSRaid2) -- C:\Windows\system32\drivers\sisraid2.sys (Silicon Integrated Systems Corp.)
DRV - (HpCISSs) -- C:\Windows\system32\drivers\hpcisss.sys (Hewlett-Packard Company)
DRV - (arc) -- C:\Windows\system32\drivers\arc.sys (Adaptec, Inc.)
DRV - (iteraid) -- C:\Windows\system32\drivers\iteraid.sys (Integrated Technology Express, Inc.)
DRV - (iteatapi) -- C:\Windows\system32\drivers\iteatapi.sys (Integrated Technology Express, Inc.)
DRV - (LSI_SAS) -- C:\Windows\system32\drivers\lsi_sas.sys (LSI Logic)
DRV - (Symc8xx) -- C:\Windows\system32\drivers\symc8xx.sys (LSI Logic)
DRV - (LSI_FC) -- C:\Windows\system32\drivers\lsi_fc.sys (LSI Logic)
DRV - (Sym_u3) -- C:\Windows\system32\drivers\sym_u3.sys (LSI Logic)
DRV - (Mraid35x) -- C:\Windows\system32\drivers\mraid35x.sys (LSI Logic Corporation)
DRV - (Sym_hi) -- C:\Windows\system32\drivers\sym_hi.sys (LSI Logic)
DRV - (megasas) -- C:\Windows\system32\drivers\megasas.sys (LSI Logic Corporation)
DRV - (viaide) -- C:\Windows\system32\drivers\viaide.sys (VIA Technologies, Inc.)
DRV - (cmdide) -- C:\Windows\system32\drivers\cmdide.sys (CMD Technology, Inc.)
DRV - (aliide) -- C:\Windows\system32\drivers\aliide.sys (Acer Laboratories Inc.)
DRV - (Brserid) Brother MFC Serial Port Interface Driver (WDM) -- C:\Windows\system32\drivers\brserid.sys (Brother Industries Ltd.)
DRV - (BrUsbSer) -- C:\Windows\system32\drivers\brusbser.sys (Brother Industries Ltd.)
DRV - (BrFiltUp) -- C:\Windows\system32\drivers\brfiltup.sys (Brother Industries, Ltd.)
DRV - (BrFiltLo) -- C:\Windows\system32\drivers\brfiltlo.sys (Brother Industries, Ltd.)
DRV - (BrSerWdm) -- C:\Windows\system32\drivers\brserwdm.sys (Brother Industries Ltd.)
DRV - (BrUsbMdm) -- C:\Windows\system32\drivers\brusbmdm.sys (Brother Industries Ltd.)
DRV - (ntrigdigi) -- C:\Windows\system32\drivers\ntrigdigi.sys (N-trig Innovative Technologies)
DRV - (RTL8169) -- C:\Windows\System32\drivers\Rtlh86.sys (Realtek Corporation)
DRV - (NETw3v32) Intel(R) -- C:\Windows\System32\drivers\NETw3v32.sys (Intel® Corporation)
DRV - (E1G60) Intel(R) -- C:\Windows\System32\drivers\E1G60I32.sys (Intel Corporation)
DRV - (Tosrfusb) -- C:\Windows\System32\drivers\tosrfusb.sys (TOSHIBA CORPORATION)
DRV - (tosporte) -- C:\Windows\System32\drivers\tosporte.sys (TOSHIBA Corporation)
DRV - (Tosrfhid) -- C:\Windows\System32\drivers\Tosrfhid.sys (TOSHIBA Corporation.)
DRV - (ApfiltrService) -- C:\Windows\System32\drivers\Apfiltr.sys (Alps Electric Co., Ltd.)
DRV - (Tosrfcom) -- C:\Windows\System32\drivers\tosrfcom.sys (TOSHIBA Corporation)
DRV - (tosrfnds) -- C:\Windows\System32\drivers\tosrfnds.sys (TOSHIBA Corporation.)
DRV - (sfdrv01) StarForce Protection Environment Driver (version 1.x) -- C:\Windows\System32\drivers\sfdrv01.sys (Protection Technology)
DRV - (sfhlp02) StarForce Protection Helper Driver (version 2.x) -- C:\Windows\System32\drivers\sfhlp02.sys (Protection Technology)
 
 
========== Standard Registry (SafeList) ==========
 
 
========== Internet Explorer ==========
 
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = %SystemRoot%\system32\blank.htm
 
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://qip.ru
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Search_URL = hxxp://search.qip.ru
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = hxxp://search.qip.ru
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://qip.ru
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,StartPageCache = 1
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = hxxp://search.qip.ru/ie
IE - HKCU\..\URLSearchHook:  - Reg Error: Key error. File not found
IE - HKCU\..\URLSearchHook: {855F3B16-6D32-4fe6-8A56-BBB695989046} - C:\Program Files\ICQ6Toolbar\ICQToolBar.dll (ICQ)
IE - HKCU\..\URLSearchHook: {A55F9C95-2BB1-4EA2-BC77-DFAAB78832CE} - C:\Users\***\AppData\Roaming\Microsoft\Internet Explorer\qipsearchbar.dll (qip.ru)
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local
 
========== FireFox ==========
 
FF - prefs.js..browser.search.defaultenginename: "QIP Search"
FF - prefs.js..browser.search.selectedEngine: "Wikipedia (en)"
FF - prefs.js..browser.search.useDBForOrder: true
FF - prefs.js..browser.startup.homepage: "hxxp://www.spiegel.de/"
FF - prefs.js..extensions.enabledItems: searchdictcc@roughael:1.0
FF - prefs.js..extensions.enabledItems: OpenXMLViewer@Codeplex.com:1.0.0.0
FF - prefs.js..extensions.enabledItems: firefox@tvunetworks.com:2
FF - prefs.js..extensions.enabledItems: 4
FF - prefs.js..extensions.enabledItems: 9
FF - prefs.js..extensions.enabledItems: 1
FF - prefs.js..keyword.URL: "hxxp://search.qip.ru/search?from=FF&query="
FF - prefs.js..network.proxy.backup.ftp: ""
FF - prefs.js..network.proxy.backup.ftp_port: 0
FF - prefs.js..network.proxy.backup.gopher: ""
FF - prefs.js..network.proxy.backup.gopher_port: 0
FF - prefs.js..network.proxy.backup.socks: ""
FF - prefs.js..network.proxy.backup.socks_port: 0
FF - prefs.js..network.proxy.backup.ssl: ""
FF - prefs.js..network.proxy.backup.ssl_port: 0
FF - prefs.js..network.proxy.ftp: "143.93.243.1"
FF - prefs.js..network.proxy.ftp_port: 3128
FF - prefs.js..network.proxy.gopher: "143.93.243.1"
FF - prefs.js..network.proxy.gopher_port: 3128
FF - prefs.js..network.proxy.http: "143.93.243.1"
FF - prefs.js..network.proxy.http_port: 3128
FF - prefs.js..network.proxy.share_proxy_settings: true
FF - prefs.js..network.proxy.socks: "143.93.243.1"
FF - prefs.js..network.proxy.socks_port: 3128
FF - prefs.js..network.proxy.ssl: "143.93.243.1"
FF - prefs.js..network.proxy.ssl_port: 3128
 
 
FF - HKLM\software\mozilla\Mozilla Firefox 3.5.11\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2010.08.04 20:19:44 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.5.11\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2010.08.04 20:19:44 | 000,000,000 | ---D | M]
 
[2008.10.27 18:08:32 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\mozilla\Extensions
[2010.09.07 21:37:20 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\mozilla\Firefox\Profiles\tu3325ox.default\extensions
[2009.09.02 21:03:36 | 000,000,000 | ---D | M] (Microsoft .NET Framework Assistant) -- C:\Users\Pe\AppData\Roaming\mozilla\Firefox\Profiles\tu3325ox.default\extensions\{20a82645-c095-46ed-80e3-08825760534b}
[2009.11.10 21:22:16 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\mozilla\Firefox\Profiles\tu3325ox.default\extensions\firefox@tvunetworks.com
[2010.05.03 13:29:13 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\mozilla\Firefox\Profiles\tu3325ox.default\extensions\OpenXMLViewer@Codeplex.com
[2010.03.28 21:16:49 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\mozilla\Firefox\Profiles\tu3325ox.default\extensions\searchdictcc@roughael
[2010.08.22 16:46:35 | 000,001,340 | ---- | M] () -- C:\Users\***\AppData\Roaming\Mozilla\FireFox\Profiles\tu3325ox.default\searchplugins\wikipedia-en.xml
[2010.03.15 15:12:01 | 000,000,000 | ---D | M] -- C:\Program Files\Mozilla Firefox\extensions
[2009.07.16 20:13:43 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\extensions\{800b5000-a755-47e1-992b-48a1c1357f07}
[2008.09.04 02:11:24 | 000,054,600 | ---- | M] (BitTorrent, Inc.) -- C:\Program Files\Mozilla Firefox\plugins\npbittorrent.dll
[2008.08.07 15:53:06 | 001,271,760 | ---- | M] (1 mal 1 Software GmbH) -- C:\Program Files\Mozilla Firefox\plugins\NpFv501.dll
[2010.02.19 16:26:07 | 000,001,392 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\amazondotcom-de.xml
[2010.02.19 16:26:07 | 000,002,344 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\eBay-de.xml
[2010.02.19 16:26:07 | 000,006,805 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\leo_ende_de.xml
[2010.02.19 16:26:07 | 000,001,178 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\wikipedia-de.xml
[2010.02.19 16:26:07 | 000,000,801 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\yahoo-de.xml
 
O1 HOSTS File: ([2006.09.18 23:41:30 | 000,000,761 | ---- | M]) - C:\Windows\System32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1      localhost
O1 - Hosts: ::1            localhost
O2 - BHO: (Java(tm) Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre6\bin\ssv.dll (Sun Microsystems, Inc.)
O2 - BHO: (QIPBHO Class) - {A55F9C95-2BB1-4EA2-BC77-DFAAB78832CE} - C:\Users\Pe\AppData\Roaming\Microsoft\Internet Explorer\qipsearchbar.dll (qip.ru)
O3 - HKLM\..\Toolbar: (ICQToolBar) - {855F3B16-6D32-4fe6-8A56-BBB695989046} - C:\Program Files\ICQ6Toolbar\ICQToolBar.dll (ICQ)
O4 - HKLM..\Run: [ATKMEDIA] C:\Program Files\ASUS\ATK Media\DMedia.exe (ASUSTeK Computer INC.)
O4 - HKLM..\Run: [avgnt] C:\Program Files\Avira\AntiVir Desktop\avgnt.exe (Avira GmbH)
O4 - HKLM..\Run: [BCD3000] C:\Windows\System32\bcd3kcpan.exe File not found
O4 - HKLM..\Run: [ Malwarebytes Anti-Malware (reboot)] C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe (Malwarebytes Corporation)
O4 - HKLM..\Run: [MSConfig] C:\Windows\System32\msconfig.exe (Microsoft Corporation)
O4 - HKLM..\Run: [NvCplDaemon] C:\Windows\System32\NvCpl.DLL (NVIDIA Corporation)
O4 - HKLM..\Run: [NvMediaCenter] C:\Windows\System32\NvMcTray.DLL (NVIDIA Corporation)
O4 - HKLM..\Run: [NvSvc] C:\Windows\System32\nvsvc.DLL (NVIDIA Corporation)
O4 - HKLM..\Run: [RtHDVCpl] C:\Windows\RtHDVCpl.exe (Realtek Semiconductor)
O4 - HKLM..\Run: [SMSERIAL] C:\Program Files\Motorola\SMSERIAL\sm56hlpr.exe (Motorola Inc.)
O4 - HKLM..\Run: [Windows Defender] C:\Program Files\Windows Defender\MSASCui.exe (Microsoft Corporation)
O4 - HKCU..\Run: [Driver Updater]  File not found
O4 - HKCU..\Run: [QIP Internet Guardian] C:\Users\***\AppData\Roaming\QipGuard\QipGuard.exe ()
O8 - Extra context menu item: Nach Microsoft &Excel exportieren - C:\Program Files\Microsoft Office\Office10\EXCEL.EXE (Microsoft Corporation)
O9 - Extra Button: ICQ6 - {E59EB121-F339-4851-A3BA-FE49C35617C2} - C:\Program Files\ICQ6.5\ICQ.exe (ICQ, LLC.)
O9 - Extra 'Tools' menuitem : ICQ6 - {E59EB121-F339-4851-A3BA-FE49C35617C2} - C:\Program Files\ICQ6.5\ICQ.exe (ICQ, LLC.)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000008 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O13 - gopher Prefix: missing
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_11-windows-i586.cab (Java Plug-in 1.6.0_11)
O16 - DPF: {CAFEEFAC-0016-0000-0011-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_11-windows-i586.cab (Java Plug-in 1.6.0_11)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_11-windows-i586.cab (Java Plug-in 1.6.0_11)
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} hxxp://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab (Shockwave Flash Object)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.2.1
O18 - Protocol\Handler\ms-help {314111c7-a502-11d2-bbca-00c04f8ec294} - C:\Program Files\Common Files\microsoft shared\Help\hxds.dll (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O24 - Desktop WallPaper: C:\Users\***\AppData\Roaming\Microsoft\Windows Photo Gallery\Hintergrundbild der Windows-Fotogalerie.jpg
O24 - Desktop BackupWallPaper: C:\Users\Pe\AppData\Roaming\Microsoft\Windows Photo Gallery\Hintergrundbild der Windows-Fotogalerie.jpg
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2006.09.18 23:43:36 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]
O33 - MountPoints2\{656d6693-d735-11dd-af09-002215297035}\Shell - "" = AutoRun
O33 - MountPoints2\{656d6693-d735-11dd-af09-002215297035}\Shell\AutoRun\command - "" = F:\LaunchU3.exe -- File not found
O33 - MountPoints2\{7d503b4c-8ada-11dd-9ca3-001bfc12d2b7}\Shell\AutoRun\command - "" = E:\programs\nu2menu\nu2menu.exe -- File not found
O33 - MountPoints2\{84734a14-5364-11de-9a45-002215297035}\Shell\AutoRun\command - "" = E:\HEILER.EXE -- File not found
O33 - MountPoints2\{84734a14-5364-11de-9a45-002215297035}\Shell\dismount\command - "" = E:\HEILER.EXE -- File not found
O33 - MountPoints2\{84734a14-5364-11de-9a45-002215297035}\Shell\open\command - "" = E:\HEILER.EXE -- File not found
O33 - MountPoints2\{84734a14-5364-11de-9a45-002215297035}\Shell\sz\command - "" = E:\HEILER.EXE -- File not found
O33 - MountPoints2\F\Shell - "" = AutoRun
O33 - MountPoints2\F\Shell\AutoRun\command - "" = F:\LaunchU3.exe -- File not found
O34 - HKLM BootExecute: (autocheck autochk *) -  File not found
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKCU\...exe [@ = exefile] -- Reg Error: Key error. File not found
 
========== Files/Folders - Created Within 30 Days ==========
 
[2010.09.02 14:44:54 | 000,000,000 | ---D | C] -- C:\Program Files\Kazaa Lite
[2010.09.02 14:40:11 | 000,000,000 | ---D | C] -- C:\Program Files\K-Lite
[2010.08.30 20:59:04 | 000,000,000 | ---D | C] -- C:\Users\Pe\AppData\Roaming\EB-Edit
[2010.08.30 20:59:03 | 000,000,000 | ---D | C] -- C:\Program Files\EB-Edit
[2010.08.18 22:09:26 | 000,000,000 | ---D | C] -- C:\Program Files\Cyanide
[2010.08.18 16:18:12 | 000,000,000 | ---D | C] -- C:\Users\Pe\Desktop\ebay
[2010.08.15 19:23:26 | 000,081,920 | ---- | C] (Radius Inc.) -- C:\Windows\System32\iccvid.dll
[2010.08.15 19:23:11 | 000,193,024 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\iepeers.dll
[2010.08.15 19:23:11 | 000,078,336 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ieencode.dll
[2010.08.15 19:23:10 | 000,380,928 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ieapfltr.dll
[2010.08.15 19:22:35 | 002,037,760 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\win32k.sys
[2010.08.15 19:22:26 | 000,036,864 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\rtutils.dll
[2010.08.15 19:21:58 | 003,600,768 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ntkrnlpa.exe
[2010.08.15 19:21:58 | 003,548,040 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ntoskrnl.exe
[1 C:\Users\Pe\*.tmp files -> C:\Users\Pe\*.tmp -> ]
 
========== Files - Modified Within 30 Days ==========
 
[2010.09.08 19:27:34 | 003,407,872 | -HS- | M] () -- C:\Users\***\NTUSER.DAT
[2010.09.08 19:15:57 | 000,012,884 | ---- | M] () -- C:\Users\***\AppData\Roaming\nvModes.dat
[2010.09.08 19:15:48 | 000,012,884 | ---- | M] () -- C:\Users\***\AppData\Roaming\nvModes.001
[2010.09.08 19:14:51 | 000,003,168 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0
[2010.09.08 19:14:51 | 000,003,168 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0
[2010.09.08 19:14:50 | 000,000,006 | -H-- | M] () -- C:\Windows\tasks\SA.DAT
[2010.09.08 19:14:43 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2010.09.08 19:14:35 | 2146,689,024 | -HS- | M] () -- C:\hiberfil.sys
[2010.09.08 19:13:28 | 000,000,012 | ---- | M] () -- C:\Windows\bthservsdp.dat
[2010.09.08 19:13:18 | 000,524,288 | -HS- | M] () -- C:\Users\***\NTUSER.DAT{3a539871-6a70-11db-887c-d362bd253390}.TMContainer00000000000000000001.regtrans-ms
[2010.09.08 19:13:18 | 000,065,536 | -HS- | M] () -- C:\Users\***\NTUSER.DAT{3a539871-6a70-11db-887c-d362bd253390}.TM.blf
[2010.09.08 19:13:17 | 006,291,456 | -H-- | M] () -- C:\Users\***\AppData\Local\IconCache.db
[2010.09.08 18:47:51 | 000,045,056 | ---- | M] () -- C:\Windows\System32\acovcnt.exe
[2010.09.08 18:44:15 | 000,000,785 | ---- | M] () -- C:\Users\Public\Desktop\Malwarebytes' Anti-Malware.lnk
[2010.09.08 18:05:18 | 000,000,412 | -H-- | M] () -- C:\Windows\tasks\User_Feed_Synchronization-{D39855D2-C632-4CEC-BD8A-2FE67603F96A}.job
[2010.09.05 16:27:49 | 000,217,088 | ---- | M] () -- C:\Users\***\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2010.09.04 15:59:24 | 000,016,896 | ---- | M] () -- C:\Users\***\Desktop\Aufgaben Barentin.xls
[2010.09.02 14:21:00 | 000,025,600 | ---- | M] () -- C:\Users\***\Desktop\Artikel DJK Andernach - RC Barentin.doc
[2010.09.01 15:16:45 | 001,432,288 | ---- | M] () -- C:\Windows\System32\PerfStringBackup.INI
[2010.09.01 15:16:45 | 000,623,280 | ---- | M] () -- C:\Windows\System32\perfh007.dat
[2010.09.01 15:16:45 | 000,591,320 | ---- | M] () -- C:\Windows\System32\perfh009.dat
[2010.09.01 15:16:45 | 000,125,184 | ---- | M] () -- C:\Windows\System32\perfc007.dat
[2010.09.01 15:16:45 | 000,103,194 | ---- | M] () -- C:\Windows\System32\perfc009.dat
[2010.08.31 12:33:59 | 000,003,123 | ---- | M] () -- C:\Users\***\Documents\jeah.axp
[2010.08.31 00:33:49 | 000,060,432 | ---- | M] () -- C:\Users\***\AppData\Roaming\GDIPFONTCACHEV1.DAT
[2010.08.24 19:19:19 | 000,099,030 | ---- | M] () -- C:\Users\***\Desktop\40082_1588716194922_1146335417_31745850_5035355_n.jpg
[2010.08.23 17:01:05 | 000,032,256 | ---- | M] () -- C:\Users\***\Desktop\Mannschaftskader DJK Andernach 2010-2011.xls
[2010.08.22 13:14:08 | 000,001,702 | ---- | M] () -- C:\Users\***\Documents\eah.axp
[2010.08.16 16:23:33 | 000,271,040 | ---- | M] () -- C:\Windows\System32\FNTCACHE.DAT
[1 C:\Users\Pe\*.tmp files -> C:\Users\Pe\*.tmp -> ]
 
========== Files Created - No Company Name ==========
 
[2010.09.08 18:44:15 | 000,000,785 | ---- | C] () -- C:\Users\Public\Desktop\Malwarebytes' Anti-Malware.lnk
[2010.09.04 15:59:24 | 000,016,896 | ---- | C] () -- C:\Users\***\Desktop\***.xls
[2010.09.02 02:32:24 | 000,025,600 | ---- | C] () -- C:\Users\***\Desktop\***.doc
[2010.08.31 12:32:46 | 000,003,123 | ---- | C] () -- C:\Users\***\Documents\jeah.axp
[2010.08.24 19:18:55 | 000,099,030 | ---- | C] () -- C:\Users\***\Desktop\40082_1588716194922_1146335417_31745850_5035355_n.jpg
[2010.08.23 00:53:27 | 000,032,256 | ---- | C] () -- C:\Users\***\Desktop\***.xls
[2010.08.22 13:14:08 | 000,001,702 | ---- | C] () -- C:\Users\***\Documents\eah.axp
[2010.03.22 22:49:02 | 000,000,008 | ---- | C] () -- C:\Users\***\AppData\Roaming\jasltw.dat
[2010.03.04 00:16:50 | 000,011,286 | -HS- | C] () -- C:\Users\***\AppData\Local\5720XLfeqCs
[2010.02.03 16:42:23 | 000,004,940 | ---- | C] () -- C:\ProgramData\mtbjfghn.xbe
[2010.01.26 03:44:59 | 000,000,116 | ---- | C] () -- C:\Windows\System32\applet.ini
[2009.11.18 18:08:21 | 000,005,378 | ---- | C] () -- C:\Windows\PSPICEEV.INI
[2009.11.18 18:08:17 | 000,176,128 | ---- | C] () -- C:\Windows\System32\lffax60n.dll
[2009.11.18 18:08:17 | 000,141,824 | ---- | C] () -- C:\Windows\System32\lfcmp60n.dll
[2009.11.18 18:08:17 | 000,110,080 | ---- | C] () -- C:\Windows\System32\lfpng60n.dll
[2009.11.18 18:08:17 | 000,046,080 | ---- | C] () -- C:\Windows\System32\lftif60n.dll
[2009.11.18 18:08:17 | 000,043,008 | ---- | C] () -- C:\Windows\System32\ltfil60n.dll
[2009.11.18 18:08:17 | 000,023,552 | ---- | C] () -- C:\Windows\System32\lfpcx60n.dll
[2009.11.18 18:08:17 | 000,022,528 | ---- | C] () -- C:\Windows\System32\lfpct60n.dll
[2009.11.18 18:08:17 | 000,022,528 | ---- | C] () -- C:\Windows\System32\lfeps60n.dll
[2009.11.18 18:08:17 | 000,022,016 | ---- | C] () -- C:\Windows\System32\lfbmp60n.dll
[2009.11.18 18:08:17 | 000,020,480 | ---- | C] () -- C:\Windows\System32\lfpsd60n.dll
[2009.11.18 18:08:17 | 000,019,968 | ---- | C] () -- C:\Windows\System32\lftga60n.dll
[2009.11.18 18:08:17 | 000,019,456 | ---- | C] () -- C:\Windows\System32\lfwpg60n.dll
[2009.11.18 18:08:17 | 000,019,456 | ---- | C] () -- C:\Windows\System32\lfwmf60n.dll
[2009.11.18 18:08:17 | 000,018,432 | ---- | C] () -- C:\Windows\System32\lfmsp60n.dll
[2009.11.18 18:08:17 | 000,017,920 | ---- | C] () -- C:\Windows\System32\lfmac60n.dll
[2009.11.18 18:08:17 | 000,017,920 | ---- | C] () -- C:\Windows\System32\implode.dll
[2009.11.12 20:27:20 | 000,000,410 | ---- | C] () -- C:\Users\***\AppData\Roaming\Solve Elec 2.5 Prefs
[2009.09.01 20:41:37 | 000,022,016 | ---- | C] () -- C:\Windows\System32\prospeed_bmp2jpg.dll
[2009.07.22 20:19:52 | 000,117,248 | ---- | C] () -- C:\Windows\System32\EhStorAuthn.dll
[2008.11.30 18:07:55 | 000,000,400 | ---- | C] () -- C:\Windows\ODBC.INI
[2008.11.30 17:56:36 | 000,639,224 | ---- | C] () -- C:\Windows\System32\drivers\sptd.sys
[2008.11.02 17:00:59 | 000,000,680 | ---- | C] () -- C:\Users\***\AppData\Local\d3d9caps.dat
[2008.10.04 02:02:30 | 000,027,648 | ---- | C] () -- C:\Windows\System32\AVSredirect.dll
[2008.10.01 22:22:08 | 000,217,088 | ---- | C] () -- C:\Users\***\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2008.09.18 20:37:44 | 000,012,884 | ---- | C] () -- C:\Users\***\AppData\Roaming\nvModes.001
[2008.09.18 20:37:42 | 000,012,884 | ---- | C] () -- C:\Users\***\AppData\Roaming\nvModes.dat
[2008.09.17 17:48:41 | 000,012,288 | ---- | C] () -- C:\Windows\impborl.dll
[2007.04.18 11:06:01 | 000,000,010 | ---- | C] () -- C:\Windows\System32\ABLKSR.ini
[2007.03.12 18:41:22 | 000,010,752 | ---- | C] () -- C:\Windows\System32\ff_vfw.dll
[2007.02.06 02:05:26 | 000,000,038 | ---- | C] () -- C:\Windows\AviSplitter.INI
[2006.12.05 22:05:06 | 000,114,688 | ---- | C] () -- C:\Windows\System32\TosBtAcc.dll
[2006.11.02 14:35:32 | 000,005,632 | ---- | C] () -- C:\Windows\System32\sysprepMCE.dll
[2006.11.02 09:40:29 | 000,013,750 | ---- | C] () -- C:\Windows\System32\pacerprf.ini
[2006.11.01 21:54:30 | 000,180,224 | ---- | C] () -- C:\Windows\System32\xvidvfw.dll
[2006.11.01 21:52:38 | 000,765,952 | ---- | C] () -- C:\Windows\System32\xvidcore.dll
[2005.11.08 00:32:46 | 003,088,384 | ---- | C] () -- C:\Windows\System32\erdmpg-4.dll
[2005.11.05 04:57:14 | 000,258,048 | ---- | C] () -- C:\Windows\System32\Manipulate.dll
[2005.07.23 06:30:20 | 000,065,536 | ---- | C] () -- C:\Windows\System32\TosCommAPI.dll
[2003.08.07 21:01:50 | 000,237,568 | ---- | C] () -- C:\Windows\System32\lame_enc.dll
< End of report >
\Downloads
Windows Vista Home Premium Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation
Internet Explorer (Version = 7.0.6002.18005)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
 
2,00 Gb Total Physical Memory | 1,00 Gb Available Physical Memory | 63,00% Memory free
4,00 Gb Paging File | 3,00 Gb Available in Paging File | 77,00% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 104,95 Gb Total Space | 1,71 Gb Free Space | 1,63% Space Free | Partition Type: NTFS
D: Drive not present or media not loaded
E: Drive not present or media not loaded
F: Drive not present or media not loaded
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded
 
Computer Name: PE-PC
Current User Name: Pe
Logged in as Administrator.
 
Current Boot Mode: Normal
Scan Mode: Current user
Company Name Whitelist: Off
Skip Microsoft Files: Off
File Age = 30 Days
Output = Minimal
 
========== Extra Registry (SafeList) ==========
 
 
========== File Associations ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- C:\Windows\System32\control.exe (Microsoft Corporation)
.hlp [@ = hlpfile] -- C:\Windows\winhlp32.exe (Microsoft Corporation)
 
[HKEY_CURRENT_USER\SOFTWARE\Classes\<extension>]
.exe [@ = exefile] -- Reg Error: Key error. File not found
.html [@ = FirefoxHTML] -- C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation)
 
========== Shell Spawning ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
hlpfile [open] -- %SystemRoot%\winhlp32.exe %1 (Microsoft Corporation)
htmlfile [edit] -- "C:\Program Files\Microsoft Office\Office10\msohtmed.exe" %1 (Microsoft Corporation)
htmlfile [print] -- "C:\Program Files\Microsoft Office\Office10\msohtmed.exe" /p %1 (Microsoft Corporation)
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l (Microsoft Corporation)
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [AddToPlaylistVLC] -- "C:\Program Files\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" ()
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [PlayWithVLC] -- "C:\Program Files\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" ()
Folder [open] -- %SystemRoot%\Explorer.exe /separate,/idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /separate,/e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
 
========== Security Center Settings ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1
"UacDisableNotify" = 0
"InternetSettingsDisableNotify" = 0
"AutoUpdateDisableNotify" = 0
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
"DisableMonitoring" = 1
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus]
"DisableMonitoring" = 1
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall]
"DisableMonitoring" = 1
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0
"VistaSp1" = Reg Error: Unknown registry data type -- File not found
"VistaSp2" = Reg Error: Unknown registry data type -- File not found
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
 
========== Authorized Applications List ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
"C:\Program Files\BitTorrent\bittorrent.exe" = C:\Program Files\BitTorrent\bittorrent.exe:*:Enabled:BitTorrent -- (BitTorrent, Inc.)
 
 
========== Vista Active Open Ports Exception List ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{00E6D16E-BA14-4C00-A51F-D69CC1282D00}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{0CA12054-255B-4675-855C-B8ADB118ED28}" = rport=445 | protocol=6 | dir=out | app=system |
"{11E5174A-5A0D-4BD1-9BC9-E826DA6C0478}" = lport=2869 | protocol=6 | dir=in | app=system |
"{125B846F-2101-4A50-8F26-37A3479FB677}" = lport=rpc-epmap | protocol=6 | dir=in | svc=rpcss | name=@firewallapi.dll,-28539 |
"{3A6096E3-2922-4AE0-883D-6642A9A03A0C}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{3FCCC298-439E-43F0-AC88-5642EE33C02D}" = lport=139 | protocol=6 | dir=in | app=system |
"{6D71E92E-DABA-4DC4-83D2-8719CDE08AA0}" = rport=139 | protocol=6 | dir=out | app=system |
"{70750F3B-3448-48B1-9DB9-B0ED70B2C4D9}" = rport=2177 | protocol=17 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{78FD3E14-2362-4D4C-AEE4-74673F6CC815}" = lport=138 | protocol=17 | dir=in | app=system |
"{9FDC462D-7DB6-4E5C-B53C-8F193CB5D2C8}" = rport=138 | protocol=17 | dir=out | app=system |
"{A0FD3061-C609-4F00-B7FB-A371F31E28B9}" = lport=rpc | protocol=6 | dir=in | svc=spooler | app=%systemroot%\system32\spoolsv.exe |
"{A659F963-5EFF-4AB6-B7FC-F6351D175E67}" = lport=3649 | protocol=6 | dir=in | name=217.86.167.3 |
"{A9A80D5C-8EE4-44A1-A999-C0BAB3A341DA}" = lport=10243 | protocol=6 | dir=in | app=system |
"{B09B0B89-8C7E-4D9C-9529-603F85994157}" = lport=137 | protocol=17 | dir=in | app=system |
"{B8F8E66C-5684-4567-AD38-39AEC6674B31}" = lport=2177 | protocol=6 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{BC71539D-F06F-486B-8E42-90C3C15059F3}" = lport=2177 | protocol=17 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{C6411E97-379E-4756-B6D4-A3E6BD0D9698}" = rport=2177 | protocol=6 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{DC5B2DBC-C5FE-4950-A2C3-0AB7968B4B85}" = rport=10243 | protocol=6 | dir=out | app=system |
"{EC078192-AC23-478B-9A00-D6ADA5BD8818}" = rport=137 | protocol=17 | dir=out | app=system |
"{F173E37D-9EE0-49F1-A997-CE32016F6341}" = lport=445 | protocol=6 | dir=in | app=system |
 
========== Vista Active Application Exception List ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{15FB0F2E-936B-48F4-A2F8-93F0179509C0}" = protocol=6 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe |
"{2E199D53-1461-443A-B546-91A82B9C1CD9}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe |
"{307045F9-8995-41E0-831F-4489C9128221}" = protocol=6 | dir=in | app=c:\program files\utorrent\utorrent.exe |
"{368E942A-37BA-4582-BA5B-4A8FBA467FDE}" = protocol=17 | dir=in | app=c:\program files\kazaa lite\klrun.exe |
"{3A8BC496-8162-497A-A275-02024ED27205}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe |
"{3B1CBA3B-FE39-48A2-BF6C-20A4A13A0B78}" = protocol=6 | dir=in | app=c:\program files\kazaa lite\kazupernodes.exe |
"{3EC0C517-3D3D-4541-9669-E6F808FF5707}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{43B1097B-D18B-4276-A417-A2F8A19557DB}" = protocol=17 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe |
"{4A906F26-EB50-4FE3-8E31-69F28A139D61}" = protocol=6 | dir=out | app=system |
"{4F486D76-D356-4F96-A913-142F15D57F07}" = protocol=17 | dir=in | app=c:\program files\sony ericsson\sony ericsson media manager\mediamanager.exe |
"{52B515D4-9CEA-4411-9748-775A416C667A}" = protocol=17 | dir=in | app=c:\program files\dna\btdna.exe |
"{5909977D-D3E6-4757-BC9A-468D87D1E502}" = protocol=6 | dir=in | app=c:\program files\sony ericsson\sony ericsson media manager\mediamanager.exe |
"{603044B3-1FDB-481D-9181-E4A20C626BDA}" = protocol=6 | dir=in | app=c:\program files\kazaa lite\kanat.exe |
"{6334E7D3-B87D-44C8-8601-CF85BAFEEEAB}" = protocol=6 | dir=in | app=c:\program files\dna\btdna.exe |
"{6AFC7A70-529B-4C1B-AF41-2D4139804A49}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe |
"{8729FC4A-35FE-4AF7-9E88-52E41D5ACAE7}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{880B326B-CC8E-46B0-81C7-7866FD4A8B6A}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe |
"{8859E349-94BA-4055-9B08-8611EBD95AD2}" = protocol=17 | dir=in | app=c:\program files\kazaa lite\kanat.exe |
"{8B55DE3D-5167-4204-BF33-2D1B9E0EEC97}" = protocol=6 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe |
"{8E996FC1-0807-498D-B79B-3565D1DA3B79}" = protocol=17 | dir=in | app=c:\program files\utorrent\utorrent.exe |
"{8F7B47CB-7C00-4264-AC67-60352D7CB4BC}" = protocol=58 | dir=in | name=@firewallapi.dll,-28545 |
"{91346376-126B-4BAE-A4E3-C6F7EFA07B47}" = protocol=6 | dir=in | app=c:\program files\kazaa lite\klrun.exe |
"{954944CA-1977-4D96-97CC-836E3738AED6}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe |
"{9639EE0A-9A61-4617-8BB9-0CAAF62D6E59}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{9AC72E4F-F21C-4341-9239-D3ACD1C35C26}" = protocol=1 | dir=out | name=@firewallapi.dll,-28544 |
"{A2B9C0CB-A8C8-42A0-8FEF-2A6C734DC478}" = protocol=1 | dir=in | name=@firewallapi.dll,-28543 |
"{A4366EBB-FE8D-4B07-9A4B-6F4F6CBDE7CB}" = protocol=6 | dir=out | svc=upnphost | app=%systemroot%\system32\svchost.exe |
"{A6FAFD37-A377-43FE-A3B6-C3F65E7AAE82}" = protocol=17 | dir=in | app=c:\program files\kazaa lite\kazupernodes.exe |
"{C3311FD0-C555-499B-8680-DF889C89261A}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{EBFEFBA7-C830-4FB7-A514-F60DC01C5D80}" = protocol=58 | dir=out | name=@firewallapi.dll,-28546 |
"TCP Query User{41F4B18F-58A2-40E5-BAF7-F6BFE1B06BB6}C:\program files\jeak.de\qip infium\infium.exe" = protocol=6 | dir=in | app=c:\program files\jeak.de\qip infium\infium.exe |
"TCP Query User{42853F57-1022-4984-A8FB-3FAC8F0E15C0}C:\program files\kazaa lite\clean.kmd" = protocol=6 | dir=in | app=c:\program files\kazaa lite\clean.kmd |
"TCP Query User{575A1AAF-BBD9-42D3-87B6-8B890CA61805}C:\program files\icq6.5\icq.exe" = protocol=6 | dir=in | app=c:\program files\icq6.5\icq.exe |
"TCP Query User{DC0CBDAF-07D0-4449-A9ED-EBA64F74F6D0}C:\windows\explorer.exe" = protocol=6 | dir=in | app=c:\windows\explorer.exe |
"TCP Query User{EE82756B-D1C6-42FB-A393-449567705CAD}C:\program files\icq6\icq.exe" = protocol=6 | dir=in | app=c:\program files\icq6\icq.exe |
"UDP Query User{470D66E6-F54C-4082-8C2C-134929FE0F52}C:\program files\icq6.5\icq.exe" = protocol=17 | dir=in | app=c:\program files\icq6.5\icq.exe |
"UDP Query User{836E3972-E9D2-41B0-B5FA-81C346037D41}C:\windows\explorer.exe" = protocol=17 | dir=in | app=c:\windows\explorer.exe |
"UDP Query User{BECD820D-1EB2-48CE-AFC0-43DF9FD61037}C:\program files\icq6\icq.exe" = protocol=17 | dir=in | app=c:\program files\icq6\icq.exe |
"UDP Query User{CF010F13-C495-4792-A9A4-0B5CE19D2339}C:\program files\kazaa lite\clean.kmd" = protocol=17 | dir=in | app=c:\program files\kazaa lite\clean.kmd |
"UDP Query User{F8F120C4-CE7A-4504-901D-51DCCF221648}C:\program files\jeak.de\qip infium\infium.exe" = protocol=17 | dir=in | app=c:\program files\jeak.de\qip infium\infium.exe |
 
========== HKEY_LOCAL_MACHINE Uninstall List ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{044F9133-B8D7-4d11-BF39-803FA20F5C8B}" = Microsoft Windows SDK for Visual Studio 2008 SP1 Express Tools for Win32
"{052FDD78-A6EA-3187-8386-C82F4CA3A929}" = Microsoft .NET Framework 3.5 Language Pack SP1 - deu
"{0A2A5039-B37F-489D-B1DC-A5258DF9E697}" = FIFA 08
"{0CB9668D-F979-4F31-B8B8-67FE90F929F8}" = Bonjour
"{0E592C31-09EF-3CA1-A7DE-05D13DFCF791}" = Microsoft Windows SDK for Visual Studio 2008 SP1 Express Tools for .NET Framework - deu
"{139B0FFA-187E-4BA1-BCA6-6B56B2B6AB8C}" = ATK Media
"{1DBD1F12-ED93-49C0-A7CC-56CBDE488158}" = LifeFrame2
"{232FDC0C-12DE-41F2-9701-27EFCA18BEF9}" = MediaJoin
"{26A24AE4-039D-4CA4-87B4-2F83216011FF}" = Java(TM) 6 Update 11
"{28006915-2739-4EBE-B5E8-49B25D32EB33}" = Atheros Client Installation Program
"{2FFE93F0-BB72-4E52-8761-354D1AAA9387}" = Sony Ericsson PC Suite
"{342D4AD7-EC4C-4EC8-AEA6-E70F5905A490}" = SQL Server System CLR Types
"{3912D529-02BC-4CA8-B5ED-0D0C20EB6003}" = ATK Hotkey
"{3C3D696B-0DB7-3C6D-A356-3DB8CE541918}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729
"{3D9892BB-A751-4E48-ADC8-E4289956CE1D}" = QuickTime
"{57B15AD4-8C9D-4164-82BB-E33D8644E757}" = ASUS InstantFun
"{5C1DB4ED-E9B4-402D-BB14-D75D97D6C1A6}" = ATKOSD2
"{5EE7D259-D137-4438-9A5F-42F432EC0421}" = VC80CRTRedist - 8.0.50727.4053
"{60DE4033-9503-48D1-A483-7846BD217CA9}" = ICQ6.5
"{6324A1EF-CEF4-43E3-8BCD-9EF3F67317FD}" = NB Probe
"{6B3CA80E-6AC0-4725-BABF-9B0FEF880CB3}" = Power Tab Editor 1.7
"{7299052b-02a4-4627-81f2-1818da5d550d}" = Microsoft Visual C++ 2005 Redistributable
"{7E265513-8CDA-4631-B696-F40D983F3B07}_is1" = CDBurnerXP
"{7E910FDA-CBBE-4451-8728-235E6A4DE162}" = Sony Ericsson Media Manager 1.1
"{83F73CB1-7705-49D1-9852-84D839CA2A45}" = Wireless Console 2
"{842FAF7C-50EF-4463-9B8F-6222E1384D7D}" = Microsoft Windows SDK for Visual Studio 2008 Headers and Libraries
"{85991ED2-010C-4930-96FA-52F43C2CE98A}" = Apple Mobile Device Support
"{8CFEBE9C-F29F-4C49-80E0-7106970F8734}" = Power4Gear eXtreme
"{90280407-6000-11D3-8CFE-0050048383C9}" = Microsoft Office XP Professional mit FrontPage
"{95120000-00B9-0409-0000-0000000FF1CE}" = Microsoft Application Error Reporting
"{99A4344A-C723-4661-A507-D9D939480358}" = Cisco LEAP Module
"{9A200E68-D5F4-4E70-910F-2871753A0E2B}" = Worms World Party
"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
"{9BFD5911-93E3-42BB-BFCD-50E4BA5B8D67}" = Cisco EAP-FAST Module
"{9D48531D-2135-49FC-BC29-ACCDA5396A76}" = Asus MultiFrame
"{9D6D7811-43B3-463C-BC79-5D1755269989}" = Net4Switch
"{9F72EF8B-AEC9-4CA5-B483-143980AFD6FD}" = ALPS Touch Pad Driver
"{AC76BA86-7AD7-1031-7B44-A91000000001}" = Adobe Reader 9.1.3 - Deutsch
"{B2D328BE-45AD-4D92-96F9-2151490A203E}" = Apple Application Support
"{B7050CBDB2504B34BC2A9CA0A692CC29}" = DivX Plus Web Player
"{C0FC1C14-4824-4A73-87A6-9E888C9C3102}" = ASUS Splendid Video Enhancement Technology
"{C41300B9-185D-475E-BFEC-39EF732F19B1}" = Apple Software Update
"{C91C4EF4-63E1-41EE-AE6A-5152628FDC21}" = Microsoft SQL Server 2008 Native Client
"{CD344FA5-6657-47CD-940F-8727EED35595}" = Cisco PEAP Module
"{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1
"{CEBB6BFB-D708-4F99-A633-BC2600E01EF6}" = Bluetooth Stack for Windows by Toshiba
"{D5A7D7AB-3093-3619-9261-74DB250ECF7B}" = Microsoft Visual C++ 2008 Express Edition with SP1 - DEU
"{D777D80E-13AE-4E6C-BCB2-9AEE10D9DEF1}" = Driver Updater
"{DE10AB76-4756-4913-BE25-55D1C1051F9A}" = WinFlash
"{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver
"{F216C9C6-23F7-47B4-B57E-9878DE2E8534}" = QIP Infium 9033.6 Jeak-Edition
"{F5E87B12-3C27-452F-8E78-21D42164FD83}" = Microsoft SQL Server 2008 Management Objects
"{F9FD80CE-0448-4D4F-8BCD-77FC514C3F99}" = Vista Codec Package
"{FC3D290D-79BE-44B7-ABF9-FDD110925930}" = PowerForPhone
"Adobe Flash Player ActiveX" = Adobe Flash Player ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 10 Plugin
"Adobe Shockwave Player" = Adobe Shockwave Player 11.5
"ASIO4ALL" = ASIO4ALL
"Asus_Camera_ScreenSaver" = Asus_Camera_ScreenSaver
"Avira AntiVir Desktop" = Avira AntiVir Personal - Free Antivirus
"BAE V7.2" = BAE V7.2
"Bolzplatz 2006_is1" = Bolzplatz 2006, v1.0.3
"CCleaner" = CCleaner
"Collab" = Collab
"EroBottle" = EroBottle 4.6
"FL Studio 8" = FL Studio 8
"Flatcast_is1" = Flatcast 5.0
"foobar2000" = foobar2000 v0.9.5.6
"ICQToolbar" = ICQ Toolbar
"IL Download Manager" = IL Download Manager
"ImgBurn" = ImgBurn
"LastFM_is1" = Last.fm 1.5.4.24567
"LM98Free 2.2a_is1" = LM98Free 2.2a
"Malwarebytes' Anti-Malware_is1" = Malwarebytes' Anti-Malware
"MatheGrafix 8_is1" = MatheGrafix Version 8 (build 03)
"MediaJoin" = MediaJoin
"Microsoft .NET Framework 3.5 Language Pack SP1 - deu" = Microsoft .NET Framework 3.5 Language Pack SP1 - DEU
"Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1
"Microsoft Visual C++ 2008 Express Edition with SP1 - DEU" = Microsoft Visual C++ 2008 Express Edition mit SP1 - DEU
"Mixxx" = Mixxx
"Mozilla Firefox (3.5.11)" = Mozilla Firefox (3.5.11)
"Native Instruments Service Center" = Native Instruments Service Center
"Native Instruments Traktor 3 LE" = Native Instruments Traktor 3 LE
"Native Instruments Traktor DJ Studio 3" = Native Instruments Traktor DJ Studio 3
"NI Service Center" = NI Service Center
"NVIDIA Drivers" = NVIDIA Drivers
"oggcodecs" = FLAC codecs
"OpenSSL Light (32-bit)_is1" = OpenSSL 0.9.8l Light (32-bit)
"PoiZone" = PoiZone
"PSpice Student" = PSpice Student 9.1
"Rainbow Sentinel Driver" = Sentinel System Driver
"SMSERIAL" = Motorola SM56 Speakerphone Modem
"Solve Elec_is1" = Solve Elec 2.5
"TurboPlot_is1" = TurboPlot v3.7a
"USB2.0 1.3M WebCam" = USB2.0 1.3M WebCam
"uTorrent" = µTorrent
"Virtual DJ - Atomix Productions" = Virtual DJ - Atomix Productions
"VLC media player" = VLC media player 1.0.5
"WinRAR archiver" = WinRAR
 
========== HKEY_CURRENT_USER Uninstall List ==========
 
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"EroBottle-Extensions-Editor Vers. 1.5" = EroBottle-Extensions-Editor Vers. 1.5
"QIP Infium" = QIP Infium 2.0.9034
"QipGuard" = QIP Internet Guardian
 
========== Last 10 Event Log Errors ==========
 
[ Application Events ]
Error - 17.01.2010 08:24:48 | Computer Name = Pe-PC | Source = Application Hang | ID = 1002
Description = Programm ICQ.exe, Version 6.5.0.2024 arbeitet nicht mehr mit Windows
 zusammen und wurde beendet. Überprüfen Sie den Problemverlauf im Applet "Lösungen
 für Probleme" in der Systemsteuerung, um nach weiteren Informationen über das Problem
 zu suchen.  Prozess-ID: 888  Anfangszeit: 01ca976fdd0b976d  Zeitpunkt der Beendigung:
 18
 
Error - 17.01.2010 08:33:01 | Computer Name = Pe-PC | Source = RasClient | ID = 20227
Description =
 
Error - 17.01.2010 14:22:37 | Computer Name = Pe-PC | Source = RasClient | ID = 20227
Description =
 
Error - 19.01.2010 11:14:47 | Computer Name = Pe-PC | Source = Application Error | ID = 1000
Description = Fehlerhafte Anwendung VCExpress.exe, Version 9.0.30729.1, Zeitstempel
 0x488f1715, fehlerhaftes Modul TosBtShell.dll_unloaded, Version 0.0.0.0, Zeitstempel
 0x4574fe0c, Ausnahmecode 0xc0000005, Fehleroffset 0x0be74680,  Prozess-ID 0x2c0,
Anwendungsstartzeit 01ca99076ed4c427.
 
Error - 19.01.2010 19:04:20 | Computer Name = Pe-PC | Source = Application Error | ID = 1000
Description = Fehlerhafte Anwendung wmplayer.exe, Version 11.0.6002.18111, Zeitstempel
 0x4aa91411, fehlerhaftes Modul flvDX.dll, Version 1.0.0.1, Zeitstempel 0x445872ae,
 Ausnahmecode 0xc000000d, Fehleroffset 0x00025ed0,  Prozess-ID 0x238, Anwendungsstartzeit
 01ca99599ff4df71.
 
Error - 21.01.2010 15:09:29 | Computer Name = Pe-PC | Source = RasClient | ID = 20227
Description =
 
Error - 24.01.2010 08:25:37 | Computer Name = Pe-PC | Source = Application Hang | ID = 1002
Description = Programm firefox.exe, Version 1.9.1.3642 arbeitet nicht mehr mit Windows
 zusammen und wurde beendet. Überprüfen Sie den Problemverlauf im Applet "Lösungen
 für Probleme" in der Systemsteuerung, um nach weiteren Informationen über das Problem
 zu suchen.  Prozess-ID: fd4  Anfangszeit: 01ca9cefbe005834  Zeitpunkt der Beendigung:
 24
 
Error - 24.01.2010 08:25:59 | Computer Name = Pe-PC | Source = Application Hang | ID = 1002
Description = Programm firefox.exe, Version 1.9.1.3642 arbeitet nicht mehr mit Windows
 zusammen und wurde beendet. Überprüfen Sie den Problemverlauf im Applet "Lösungen
 für Probleme" in der Systemsteuerung, um nach weiteren Informationen über das Problem
 zu suchen.  Prozess-ID: cec  Anfangszeit: 01ca9cf0566d5734  Zeitpunkt der Beendigung:
 29
 
Error - 24.01.2010 09:34:19 | Computer Name = Pe-PC | Source = Application Hang | ID = 1002
Description = Programm firefox.exe, Version 1.9.1.3642 arbeitet nicht mehr mit Windows
 zusammen und wurde beendet. Überprüfen Sie den Problemverlauf im Applet "Lösungen
 für Probleme" in der Systemsteuerung, um nach weiteren Informationen über das Problem
 zu suchen.  Prozess-ID: f00  Anfangszeit: 01ca9cf064759094  Zeitpunkt der Beendigung:
 21
 
Error - 27.01.2010 08:33:58 | Computer Name = Pe-PC | Source = Application Error | ID = 1000
Description = Fehlerhafte Anwendung Explorer.EXE, Version 6.0.6002.18005, Zeitstempel
 0x49e01da5, fehlerhaftes Modul SHELL32.dll, Version 6.0.6002.18005, Zeitstempel
 0x49e037ec, Ausnahmecode 0xc0000005, Fehleroffset 0x002d2c67,  Prozess-ID 0x9fc,
Anwendungsstartzeit 01ca9f4c519381af.
 
[ System Events ]
Error - 07.09.2010 15:08:43 | Computer Name = Pe-PC | Source = Service Control Manager | ID = 7026
Description =
 
Error - 08.09.2010 11:59:15 | Computer Name = Pe-PC | Source = Application Popup | ID = 875
Description = Treiber sfdrv01.sys konnte nicht geladen werden.
 
Error - 08.09.2010 12:01:10 | Computer Name = Pe-PC | Source = Service Control Manager | ID = 7000
Description =
 
Error - 08.09.2010 12:01:10 | Computer Name = Pe-PC | Source = Service Control Manager | ID = 7026
Description =
 
Error - 08.09.2010 12:47:04 | Computer Name = Pe-PC | Source = Application Popup | ID = 875
Description = Treiber sfdrv01.sys konnte nicht geladen werden.
 
Error - 08.09.2010 12:49:00 | Computer Name = Pe-PC | Source = Service Control Manager | ID = 7000
Description =
 
Error - 08.09.2010 12:49:00 | Computer Name = Pe-PC | Source = Service Control Manager | ID = 7026
Description =
 
Error - 08.09.2010 13:14:20 | Computer Name = Pe-PC | Source = Application Popup | ID = 875
Description = Treiber sfdrv01.sys konnte nicht geladen werden.
 
Error - 08.09.2010 13:15:54 | Computer Name = Pe-PC | Source = Service Control Manager | ID = 7000
Description =
 
Error - 08.09.2010 13:15:54 | Computer Name = Pe-PC | Source = Service Control Manager | ID = 7026
Description =
 
 
< End of report >
]]> Hijacker / HiJackThis Logs posten shawn77 http://www.trojaner-board.de/90554-backdooprogramm-bds-papras-pk.html Offen Win 7 Services: file missing... http://www.trojaner-board.de/90550-win-7-services-file-missing.html Wed, 08 Sep 2010 16:44:43 GMT Hallo, Ich habe HJT unter meinem neuen win7 mal ausprobiert. Was ich dabei seltsam finde, sind folgende Einträge: Code: --------- O23 - Service: @%SystemRoot%\system32\Alg.exe,-112 (ALG) - Unknown owner - C:\windows\System32\alg.exe (file missing) O23 - Service: Avira AntiVir Planer... Hallo,

Ich habe HJT unter meinem neuen win7 mal ausprobiert.
Was ich dabei seltsam finde, sind folgende Einträge:

Code:
O23 - Service: @%SystemRoot%\system32\Alg.exe,-112 (ALG) - Unknown owner - C:\windows\System32\alg.exe (file missing)
O23 - Service: Avira AntiVir Planer (AntiVirSchedulerService) - Avira GmbH - C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe
O23 - Service: Avira AntiVir Guard (AntiVirService) - Avira GmbH - C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe
O23 - Service: @%SystemRoot%\system32\efssvc.dll,-100 (EFS) - Unknown owner - C:\windows\System32\lsass.exe (file missing)
O23 - Service: @%systemroot%\system32\fxsresm.dll,-118 (Fax) - Unknown owner - C:\windows\system32\fxssvc.exe (file missing)
O23 - Service: Intel(R) Matrix Storage Event Monitor (IAANTMON) - Intel Corporation - C:\Program Files (x86)\Intel\Intel Matrix Storage Manager\IAANTMon.exe
O23 - Service: @keyiso.dll,-100 (KeyIso) - Unknown owner - C:\windows\system32\lsass.exe (file missing)
O23 - Service: @comres.dll,-2797 (MSDTC) - Unknown owner - C:\windows\System32\msdtc.exe (file missing)
O23 - Service: @%SystemRoot%\System32\netlogon.dll,-102 (Netlogon) - Unknown owner - C:\windows\system32\lsass.exe (file missing)
O23 - Service: NVIDIA Display Driver Service (nvsvc) - Unknown owner - C:\windows\system32\nvvsvc.exe (file missing)
O23 - Service: @%systemroot%\system32\psbase.dll,-300 (ProtectedStorage) - Unknown owner - C:\windows\system32\lsass.exe (file missing)
O23 - Service: @%systemroot%\system32\Locator.exe,-2 (RpcLocator) - Unknown owner - C:\windows\system32\locator.exe (file missing)
O23 - Service: @%SystemRoot%\system32\samsrv.dll,-1 (SamSs) - Unknown owner - C:\windows\system32\lsass.exe (file missing)
O23 - Service: @%SystemRoot%\system32\snmptrap.exe,-3 (SNMPTRAP) - Unknown owner - C:\windows\System32\snmptrap.exe (file missing)
O23 - Service: @%systemroot%\system32\spoolsv.exe,-1 (Spooler) - Unknown owner - C:\windows\System32\spoolsv.exe (file missing)
O23 - Service: @%SystemRoot%\system32\sppsvc.exe,-101 (sppsvc) - Unknown owner - C:\windows\system32\sppsvc.exe (file missing)
O23 - Service: @%SystemRoot%\system32\ui0detect.exe,-101 (UI0Detect) - Unknown owner - C:\windows\system32\UI0Detect.exe (file missing)
O23 - Service: @%SystemRoot%\system32\vaultsvc.dll,-1003 (VaultSvc) - Unknown owner - C:\windows\system32\lsass.exe (file missing)
O23 - Service: @%SystemRoot%\system32\vds.exe,-100 (vds) - Unknown owner - C:\windows\System32\vds.exe (file missing)
O23 - Service: @%systemroot%\system32\vssvc.exe,-102 (VSS) - Unknown owner - C:\windows\system32\vssvc.exe (file missing)
O23 - Service: @%systemroot%\system32\wbengine.exe,-104 (wbengine) - Unknown owner - C:\windows\system32\wbengine.exe (file missing)
O23 - Service: @%Systemroot%\system32\wbem\wmiapsrv.exe,-110 (wmiApSrv) - Unknown owner - C:\windows\system32\wbem\WmiApSrv.exe (file missing)
O23 - Service: @%PROGRAMFILES%\Windows Media Player\wmpnetwk.exe,-101 (WMPNetworkSvc) - Unknown owner - C:\Program Files (x86)\Windows Media Player\wmpnetwk.exe (file missing)
überall "unknown owner" und "file missing". Das ist doch etwas komisch, da die Dateien eigentlich alle windowsintern sind...

Kann ich die Einträge alle einfach fixen?

MfG, b6d ]]> Hijacker / HiJackThis Logs posten b6d http://www.trojaner-board.de/90550-win-7-services-file-missing.html Offen HiJackThis Logs zwecks Auswertung posten http://www.trojaner-board.de/90546-hijackthis-logs-zwecks-auswertung-posten.html Wed, 08 Sep 2010 16:14:01 GMT Hallo Ihr Lieben :D

Ich habe festgestellt, das mit meinem Lapi (Laptop) etwas nicht stimmt, da es mega-lahm wurde und so hat ein Bekannter mit "MalwareBytes" gescannt und prommt 6 Viren gefunden ... er hat sie, wie hier im Forum empfohlen, mit "HijackThis" unschädlich gemacht und gelöscht...
(oh Gott, sagt man das so ...??? Ich bin völlig unbeholfen in PC-Angelegenheiten :stirn: )

Na ja, auf jeden Fall, hat dieser Kollege mir geraten, den HijackThis.exe hier zu posten um einen netten Menschen zu finden, der mir sagen kann ob jetzt wieder alles Okay auf meinem Lapi ist ;) :huepp:

DAS IST DER REPORT: (original kopiert)
HiJackthis Logfile:
Code:
Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 17:12:13, on 08.09.2010
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v8.00 (8.00.6001.18702)
Boot mode: Normal
 
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Programme\Kaspersky Lab\Kaspersky Internet Security 2010\avp.exe
C:\Programme\Java\jre6\bin\jqs.exe
C:\Programme\CDBurnerXP\NMSAccessU.exe
C:\WINDOWS\system32\svchost.exe
C:\Programme\TuneUp Utilities 2010\TuneUpUtilitiesService32.exe
C:\Programme\Google\Update\GoogleUpdate.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\wbem\wmiapsrv.exe
C:\Programme\TuneUp Utilities 2010\TuneUpUtilitiesApp32.exe
C:\WINDOWS\RTHDCPL.EXE
C:\Programme\Synaptics\SynTP\SynTPEnh.exe
C:\Programme\Kaspersky Lab\Kaspersky Internet Security 2010\avp.exe
C:\WINDOWS\sm56hlpr.exe
C:\WINDOWS\ATK0100\HControl.exe
C:\Programme\ASUS\Power4 Gear\BatteryLife.exe
C:\WINDOWS\ATK0100\ATKOSD.exe
C:\Dokumente und Einstellungen\****\Desktop\This.com
C:\Programme\Mobile Partner\Mobile Partner.exe
C:\Programme\Mozilla Firefox\firefox.exe
C:\Programme\Kaspersky Lab\Kaspersky Internet Security 2010\klwtblfs.exe
C:\WINDOWS\system32\taskmgr.exe
C:\WINDOWS\system32\notepad.exe
 
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page =
 
hxxp://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL =
 
hxxp://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL =
 
hxxp://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page =
 
hxxp://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page =
 
hxxp://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext =
 
hxxp://go.microsoft.com/fwlink/?LinkId=74005
R3 - URLSearchHook: MessengerPlusLive Germany TB Toolbar -
 
{76aeea42-e04a-4b62-83ab-df4b2be2541e} -
 
C:\Programme\MessengerPlusLive_Germany_TB\tbMess.dll
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} -
 
C:\Programme\Gemeinsame Dateien\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: IEVkbdBHO - {59273AB4-E7D3-40F9-A1A8-6FA9CCA1862C} - C:\Programme\Kaspersky
 
Lab\Kaspersky Internet Security 2010\ievkbd.dll
O2 - BHO: MessengerPlusLive Germany TB Toolbar - {76aeea42-e04a-4b62-83ab-df4b2be2541e}
 
- C:\Programme\MessengerPlusLive_Germany_TB\tbMess.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} -
 
C:\Programme\Java\jre6\bin\jp2ssv.dll
O2 - BHO: link filter bho - {E33CF602-D945-461A-83F0-819F76A199F8} -
 
C:\Programme\Kaspersky Lab\Kaspersky Internet Security 2010\klwtbbho.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} -
 
C:\Programme\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O3 - Toolbar: (no name) - {CCC7A320-B3CA-4199-B1A6-9F516DD69829} - (no file)
O3 - Toolbar: (no name) - {DFEFCDEE-CF1A-4FC8-88AD-48514E463B27} - (no file)
O3 - Toolbar: MessengerPlusLive Germany TB Toolbar -
 
{76aeea42-e04a-4b62-83ab-df4b2be2541e} -
 
C:\Programme\MessengerPlusLive_Germany_TB\tbMess.dll
O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE
O4 - HKLM\..\Run: [Alcmtr] ALCMTR.EXE
O4 - HKLM\..\Run: [SynTPEnh] C:\Programme\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [AVP] "C:\Programme\Kaspersky Lab\Kaspersky Internet Security
 
2010\avp.exe"
O4 - HKLM\..\Run: [SMSERIAL] sm56hlpr.exe
O4 - HKLM\..\Run: [HControl] C:\WINDOWS\ATK0100\HControl.exe
O4 - HKCU\..\Run: [BatteryLife] C:\Programme\ASUS\Power4 Gear\BatteryLife.exe
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'LOKALER
 
DIENST')
O4 - HKUS\S-1-5-19\..\RunOnce: [_nltide_2] regsvr32 /s /n /i:U shell32 (User 'LOKALER
 
DIENST')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User
 
'NETZWERKDIENST')
O4 - HKUS\S-1-5-20\..\RunOnce: [_nltide_2] regsvr32 /s /n /i:U shell32 (User
 
'NETZWERKDIENST')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\S-1-5-18\..\RunOnce: [_nltide_2] regsvr32 /s /n /i:U shell32 (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default
 
user')
O4 - HKUS\.DEFAULT\..\RunOnce: [_nltide_2] regsvr32 /s /n /i:U shell32 (User 'Default
 
user')
O8 - Extra context menu item: Add to Google Photos Screensa&ver -
 
res://C:\WINDOWS\system32\GPhotos.scr/200
O8 - Extra context menu item: Free YouTube to Mp3 Converter - C:\Dokumente und
 
Einstellungen\****\Anwendungsdaten\DVDVideoSoftIEHelpers\youtubetomp3.htm
O8 - Extra context menu item: Hinzufügen zu Anti-Banner - C:\Programme\Kaspersky
 
Lab\Kaspersky Internet Security 2010\ie_banner_deny.htm
O9 - Extra button: &Virtuelle Tastatur - {4248FE82-7FCB-46AC-B270-339F08212110} -
 
C:\Programme\Kaspersky Lab\Kaspersky Internet Security 2010\klwtbbho.dll
O9 - Extra button: Li&nks untersuchen - {CCF151D8-D089-449F-A5A4-D9909053F20F} -
 
C:\Programme\Kaspersky Lab\Kaspersky Internet Security 2010\klwtbbho.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} -
 
C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 -
 
{e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} -
 
C:\Programme\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683}
 
- C:\Programme\Messenger\msmsgs.exe
O10 - Unknown file in Winsock LSP: c:\windows\system32\nwprovau.dll
O16 - DPF: {5C051655-FCD5-4969-9182-770EA5AA5565} (Solitaire Showdown Class) -
 
hxxp://messenger.zone.msn.com/binary/SolitaireShowdown.cab56986.cab
O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) -
 
hxxp://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab56907.cab
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) -
 
hxxp://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
O16 - DPF: {E77F23EB-E7AB-4502-8F37-247DBAF1A147} (Windows Live Hotmail Photo Upload
 
Tool) - hxxp://gfx2.hotmail.com/mail/w4/pr01/photouploadcontrol/MSNPUpld.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{F389915F-F243-48F4-BAC3-9C3A309D8CB7}:
 
NameServer = 193.189.244.225 193.189.244.206
O20 - AppInit_DLLs:
 
C:\PROGRA~1\KASPER~1\KASPER~1\mzvkbd3.dll,C:\PROGRA~1\KASPER~1\KASPER~1\kloehk.dll
O22 - SharedTaskScheduler: Browseui preloader - {438755C2-A8BA-11D1-B96B-00A0C90312E1} -
 
C:\WINDOWS\system32\browseui.dll
O22 - SharedTaskScheduler: Component Categories cache daemon -
 
{8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\WINDOWS\system32\browseui.dll
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. -
 
C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: Kaspersky Internet Security (AVP) - Kaspersky Lab -
 
C:\Programme\Kaspersky Lab\Kaspersky Internet Security 2010\avp.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. -
 
C:\Programme\Java\jre6\bin\jqs.exe
O23 - Service: NMSAccessU - Unknown owner - C:\Programme\CDBurnerXP\NMSAccessU.exe
O23 - Service: TuneUp Drive Defrag-Dienst (TuneUp.Defrag) - TuneUp Software -
 
C:\Programme\TuneUp Utilities 2010\TuneUpDefragService.exe
O23 - Service: TuneUp Utilities Service (TuneUp.UtilitiesSvc) - TuneUp Software -
 
C:\Programme\TuneUp Utilities 2010\TuneUpUtilitiesService32.exe
 
--
End of file - 7941 bytes
--- --- ---

XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX

BITTE IST JEMAND IM FORUM DER MIR AUS DIESEM DATEN-GULASCH SAGEN KANN OB ALLES "CLEAN" IST ??? :confused:

Lieben Gruß an alle :D

By Coolcat ]]> Hijacker / HiJackThis Logs posten Coolcat http://www.trojaner-board.de/90546-hijackthis-logs-zwecks-auswertung-posten.html Offen Antivirus 2010 Security Centre - wirklich vollständig entfernt? http://www.trojaner-board.de/90545-antivirus-2010-security-centre-wirklich-vollstaendig-entfernt.html Wed, 08 Sep 2010 15:19:15 GMT Hallo zusammen,

mein Vater hat sich den oben genannten Virus eingefangen. Leider habe ich das Board erst nachgelagert entdeckt und habe die "Software" per Softwareliste deinstalliert. Was auch auf anhieb klappte. Nur auf Google wurde ich permanent auf Werbeseiten verlinkt... Also war der Virus ja noch nicht ganz beseitigt.

Ich bin dann auf diese Seite gestoßen und habe die Anleitung genau befolgt. Wollte jetzt aber, wie auch in der Anleitung empfohlen, die Logs posten um auch sicherzugehen das mein System wirklich sauber ist.

Achja, mein Vater bestitz das Norton Internetsecurity Paket von t-online. Kostet ja bekanntlich eine monatliche Gebühr. Er fuhr auch immer zeitnah alle Updates. Kann mir mal bitte einer erklären warum Malwarebytes 14 Infizierungen findet und Norton nichts??????

Poste jetzt mal den Malware- und OTL-Log, wie in der Anleitung beschrieben.

Vielen Dank für eure Hilfe und Vielen Dank für diese Hammer Forum.. hat mir wahnsinnig viel geholfen!

Malwarebytes:
Code:
Malwarebytes' Anti-Malware 1.46
www.malwarebytes.org

Datenbank Version: 4570

Windows 5.1.2600 Service Pack 3
Internet Explorer 8.0.6001.18702

08.09.2010 16:35:02
mbam-log-2010-09-08 (16-35-02).txt

Art des Suchlaufs: Vollständiger Suchlauf (C:\|D:\|E:\|F:\|G:\|H:\|I:\|)
Durchsuchte Objekte: 230727
Laufzeit: 1 Stunde(n), 15 Minute(n), 58 Sekunde(n)

Infizierte Speicherprozesse: 0
Infizierte Speichermodule: 0
Infizierte Registrierungsschlüssel: 4
Infizierte Registrierungswerte: 1
Infizierte Dateiobjekte der Registrierung: 0
Infizierte Verzeichnisse: 0
Infizierte Dateien: 9

Infizierte Speicherprozesse:
(Keine bösartigen Objekte gefunden)

Infizierte Speichermodule:
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungsschlüssel:
HKEY_CURRENT_USER\SOFTWARE\BMIMZMHMFM (Trojan.FakeAlert) -> No action taken.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Handle (Malware.Trace) -> No action taken.
HKEY_CURRENT_USER\SOFTWARE\WS9E3IQBKY (Trojan.FakeAlert) -> No action taken.
HKEY_CURRENT_USER\SOFTWARE\XML (Trojan.FakeAlert) -> No action taken.

Infizierte Registrierungswerte:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\alcmtr (Trojan.Refroso.Gen) -> No action taken.

Infizierte Dateiobjekte der Registrierung:
(Keine bösartigen Objekte gefunden)

Infizierte Verzeichnisse:
(Keine bösartigen Objekte gefunden)

Infizierte Dateien:
C:\WINDOWS\Alcmtr.exe (Trojan.Refroso.Gen) -> No action taken.
C:\Dokumente und Einstellungen\***\Lokale Einstellungen\Temp\pft143~tmp\WDM\Alcmtr.exe (Trojan.Refroso.Gen) -> No action taken.
C:\masm32\examples\dialogs\calender\calender.exe (Malware.Packer) -> No action taken.
C:\masm32\examples\dialogs\tests\tests.exe (Malware.Packer) -> No action taken.
C:\masm32\examples\exampl05\qeplugin\qeplugin.dll (Spyware.Passwords) -> No action taken.
C:\masm32\examples\exampl06\regdemo\regdemo.exe (Trojan.Downloader) -> No action taken.
C:\masm32\tools\makecimp\vcrtdemo\vcrtdemo.exe (Trojan.Downloader) -> No action taken.
C:\masm32\tutorial\dlltute\dll\dlltute.dll (Spyware.Passwords) -> No action taken.
C:\Programme\Realtek\Audio\InstallShield\Alcmtr.exe (Trojan.Refroso.Gen) -> No action taken.
OTL:
Code:
OTL logfile created on: 08.09.2010 16:50:34 - Run 1
OTL by OldTimer - Version 3.2.11.0    Folder = C:\Dokumente und Einstellungen\****\Eigene Dateien\Downloads
Windows XP Professional Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
 
3,00 Gb Total Physical Memory | 2,00 Gb Available Physical Memory | 77,00% Memory free
5,00 Gb Paging File | 4,00 Gb Available in Paging File | 90,00% Paging File free
Paging file location(s): C:\pagefile.sys 2046 4092 [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Programme
Drive C: | 465,75 Gb Total Space | 439,83 Gb Free Space | 94,43% Space Free | Partition Type: NTFS
Drive D: | 186,54 Mb Total Space | 0,00 Mb Free Space | 0,00% Space Free | Partition Type: CDFS
Drive E: | 3,73 Gb Total Space | 3,44 Gb Free Space | 91,99% Space Free | Partition Type: FAT32
F: Drive not present or media not loaded
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded
 
Computer Name: KEINE-D302CAF42
Current User Name: ****
Logged in as Administrator.
 
Current Boot Mode: Normal
Scan Mode: Current user
Company Name Whitelist: Off
Skip Microsoft Files: Off
File Age = 30 Days
Output = Standard
 
========== Processes (SafeList) ==========
 
PRC - [2010.09.08 16:49:53 | 000,574,976 | ---- | M] (OldTimer Tools) -- C:\Dokumente und Einstellungen\**\Eigene Dateien\Downloads\OTL.exe
PRC - [2010.07.25 13:52:09 | 000,910,296 | ---- | M] (Mozilla Corporation) -- C:\Programme\Mozilla Firefox\firefox.exe
PRC - [2010.03.22 16:40:22 | 000,009,728 | ---- | M] (Deutsche Telekom AG) -- C:\Programme\Netzmanager\NMInfraIS2\Netzmanager_Service.exe
PRC - [2009.08.27 18:09:10 | 001,253,376 | ---- | M] (MAGIX AG) -- C:\Programme\Gemeinsame Dateien\MAGIX Services\Database\bin\FABS.exe
PRC - [2008.10.17 16:52:10 | 000,149,352 | ---- | M] (Symantec Corporation) -- C:\Programme\Gemeinsame Dateien\Symantec Shared\CCSVCHST.EXE
PRC - [2008.04.14 04:22:45 | 001,036,800 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\explorer.exe
PRC - [2008.04.08 17:49:18 | 000,671,796 | ---- | M] (Deutsche Telekom AG, Marmiko IT-Solutions GmbH) -- C:\Programme\T-Online\WLAN-Access Finder\ToWLaAcF.exe
PRC - [2007.08.31 11:49:50 | 000,243,064 | ---- | M] (Symantec Corporation) -- C:\Programme\Symantec\LiveUpdate\AluSchedulerSvc.exe
PRC - [2007.07.26 16:55:16 | 000,483,393 | ---- | M] (Deutsche Telekom AG, Marmiko IT-Solutions GmbH) -- C:\Programme\Gemeinsame Dateien\Marmiko Shared\MWLaMaS.exe
PRC - [2007.02.08 01:13:48 | 000,774,168 | ---- | M] () -- C:\Programme\Logitech\QuickCam10\QuickCam10.exe
PRC - [2007.02.08 01:12:48 | 000,488,984 | ---- | M] (Logitech Inc.) -- C:\Programme\Gemeinsame Dateien\LogiShrd\LComMgr\Communications_Helper.exe
PRC - [2007.02.08 01:12:20 | 000,230,936 | ---- | M] (Logitech Inc.) -- C:\Programme\Gemeinsame Dateien\LogiShrd\LQCVFX\COCIManager.exe
PRC - [2007.02.06 17:45:26 | 000,109,344 | ---- | M] (Logitech Inc.) -- c:\Programme\Gemeinsame Dateien\LogiShrd\LVMVFM\LVPrcSrv.exe
PRC - [2007.02.06 17:43:26 | 000,252,704 | ---- | M] (Logitech Inc.) -- C:\Programme\Gemeinsame Dateien\LogiShrd\LComMgr\LVComSX.exe
PRC - [2007.01.09 17:16:12 | 000,061,440 | ---- | M] (Deutsche Telekom AG, Marmiko IT-Solutions GmbH) -- C:\Programme\Gemeinsame Dateien\Marmiko Shared\MZCCntrl.exe
PRC - [2004.03.09 15:54:44 | 000,057,393 | ---- | M] (ScanSoft, Inc.) -- C:\Programme\ScanSoft\PaperPort\pptd40nt.exe
 
 
========== Modules (SafeList) ==========
 
MOD - [2010.09.08 16:49:53 | 000,574,976 | ---- | M] (OldTimer Tools) -- C:\Dokumente und Einstellungen\***\Eigene Dateien\Downloads\OTL.exe
MOD - [2008.04.14 04:21:06 | 000,110,592 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\msscript.ocx
MOD - [2007.08.25 05:21:58 | 000,144,728 | ---- | M] (Symantec Corporation) -- C:\Programme\Gemeinsame Dateien\Symantec Shared\auCOLPwd.dll
MOD - [2007.02.06 17:45:14 | 000,092,960 | ---- | M] (Logitech Inc.) -- C:\Programme\Gemeinsame Dateien\LogiShrd\LVMVFM\LVPrcInj.dll
MOD - [2006.05.03 22:53:54 | 000,174,592 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\framedyn.dll
 
 
========== Win32 Services (SafeList) ==========
 
SRV - [2010.03.22 16:40:22 | 000,009,728 | ---- | M] (Deutsche Telekom AG) [Auto | Running] -- C:\Programme\Netzmanager\NMInfraIS2\Netzmanager_Service.exe -- (Netzmanager Service)
SRV - [2009.11.03 18:39:55 | 000,654,848 | ---- | M] (Macrovision Europe Ltd.) [On_Demand | Stopped] -- C:\Programme\Gemeinsame Dateien\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe -- (FLEXnet Licensing Service)
SRV - [2009.08.27 18:09:10 | 001,253,376 | ---- | M] (MAGIX AG) [Unknown | Running] -- C:\Programme\Gemeinsame Dateien\MAGIX Services\Database\bin\FABS.exe -- (Fabs)
SRV - [2008.10.17 16:52:10 | 000,149,352 | ---- | M] (Symantec Corporation) [Auto | Running] -- C:\Programme\Gemeinsame Dateien\Symantec Shared\ccSvcHst.exe -- (LiveUpdate Notice)
SRV - [2008.10.17 16:52:10 | 000,149,352 | ---- | M] (Symantec Corporation) [Auto | Running] -- C:\Programme\Gemeinsame Dateien\Symantec Shared\ccSvcHst.exe -- (CLTNetCnService)
SRV - [2008.10.17 16:52:10 | 000,149,352 | ---- | M] (Symantec Corporation) [Auto | Running] -- C:\Programme\Gemeinsame Dateien\Symantec Shared\ccSvcHst.exe -- (ccSetMgr)
SRV - [2008.10.17 16:52:10 | 000,149,352 | ---- | M] (Symantec Corporation) [Auto | Running] -- C:\Programme\Gemeinsame Dateien\Symantec Shared\ccSvcHst.exe -- (ccEvtMgr)
SRV - [2008.08.07 12:10:02 | 003,276,800 | ---- | M] (MAGIX®) [On_Demand | Stopped] -- C:\Programme\Gemeinsame Dateien\MAGIX Services\Database\bin\fbserver.exe -- (FirebirdServerMAGIXInstance)
SRV - [2008.04.10 23:00:49 | 001,251,720 | ---- | M] () [On_Demand | Stopped] -- C:\Programme\Gemeinsame Dateien\Symantec Shared\CCPD-LC\symlcsvc.exe -- (Symantec Core LC)
SRV - [2007.08.31 11:49:50 | 000,243,064 | ---- | M] (Symantec Corporation) [Auto | Running] -- C:\Programme\Symantec\LiveUpdate\AluSchedulerSvc.exe -- (Automatic LiveUpdate Scheduler)
SRV - [2007.08.23 22:35:24 | 003,192,184 | ---- | M] (Symantec Corporation) [On_Demand | Stopped] -- C:\Programme\Symantec\LiveUpdate\LuComServer_3_4.EXE -- (LiveUpdate)
SRV - [2007.08.22 09:21:30 | 000,055,640 | ---- | M] (Symantec Corporation) [On_Demand | Stopped] -- C:\Programme\Gemeinsame Dateien\Symantec Shared\VAScanner\comHost.exe -- (comHost)
SRV - [2007.02.06 17:47:12 | 000,105,248 | ---- | M] (Logitech Inc.) [Auto | Stopped] -- C:\Programme\Gemeinsame Dateien\LogiShrd\SrvLnch\SrvLnch.exe -- (LVSrvLauncher)
SRV - [2007.02.06 17:45:26 | 000,109,344 | ---- | M] (Logitech Inc.) [Auto | Running] -- c:\Programme\Gemeinsame Dateien\LogiShrd\LVMVFM\LVPrcSrv.exe -- (LVPrcSrv)
SRV - [2007.01.09 17:16:12 | 000,061,440 | ---- | M] (Deutsche Telekom AG, Marmiko IT-Solutions GmbH) [Auto | Running] -- C:\Programme\Gemeinsame Dateien\Marmiko Shared\MZCCntrl.exe -- (MZCCntrl)
SRV - [2006.10.26 19:49:34 | 000,441,136 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Programme\Gemeinsame Dateien\Microsoft Shared\OFFICE12\ODSERV.EXE -- (odserv)
SRV - [2006.10.26 14:03:08 | 000,145,184 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Programme\Gemeinsame Dateien\Microsoft Shared\Source Engine\OSE.EXE -- (ose)
 
 
========== Driver Services (SafeList) ==========
 
DRV - File not found [Kernel | On_Demand | Stopped] -- C:\WINDOWS\System32\DRIVERS\VBoxNetFlt.sys -- (VBoxNetFlt)
DRV - [2010.07.13 10:00:00 | 001,362,608 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\Programme\Gemeinsame Dateien\Symantec Shared\VirusDefs\20100907.048\NAVEX15.SYS -- (NAVEX15)
DRV - [2010.07.13 10:00:00 | 000,085,424 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\Programme\Gemeinsame Dateien\Symantec Shared\VirusDefs\20100907.048\NAVENG.SYS -- (NAVENG)
DRV - [2010.06.23 21:37:11 | 000,264,568 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\Programme\Gemeinsame Dateien\Symantec Shared\SymcData\ipsdefs\20100901.003\SymIDSCo.sys -- (SYMIDSCO)
DRV - [2010.05.26 10:00:00 | 000,371,248 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\Programme\Gemeinsame Dateien\Symantec Shared\EENGINE\eeCtrl.sys -- (eeCtrl)
DRV - [2010.05.26 10:00:00 | 000,102,448 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\Programme\Gemeinsame Dateien\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys -- (EraserUtilRebootDrv)
DRV - [2009.05.29 20:13:40 | 000,079,888 | ---- | M] (Sun Microsystems, Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\VBoxNetAdp.sys -- (VBoxNetAdp)
DRV - [2009.02.19 12:31:42 | 000,031,280 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\SymIM.sys -- (SymIMMP)
DRV - [2009.02.19 12:31:42 | 000,031,280 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\SymIM.sys -- (SymIM)
DRV - [2009.02.19 12:31:16 | 000,184,496 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\WINDOWS\System32\Drivers\SYMTDI.SYS -- (SYMTDI)
DRV - [2009.02.19 12:31:16 | 000,096,560 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\System32\Drivers\SYMFW.SYS -- (SYMFW)
DRV - [2009.02.19 12:31:16 | 000,038,576 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\System32\Drivers\SYMIDS.SYS -- (SYMIDS)
DRV - [2009.02.19 12:31:16 | 000,037,424 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\System32\Drivers\SYMNDIS.SYS -- (SYMNDIS)
DRV - [2009.02.19 12:31:16 | 000,022,320 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\System32\Drivers\SYMREDRV.SYS -- (SYMREDRV)
DRV - [2009.02.19 12:31:16 | 000,013,616 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\System32\Drivers\SYMDNS.SYS -- (SYMDNS)
DRV - [2009.01.09 11:58:33 | 000,124,464 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\SYMEVENT.SYS -- (SymEvent)
DRV - [2008.11.09 10:24:13 | 000,005,632 | ---- | M] () [File_System | System | Running] -- C:\WINDOWS\System32\drivers\StarOpen.sys -- (StarOpen)
DRV - [2008.09.05 15:31:42 | 000,447,024 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\Programme\Gemeinsame Dateien\Symantec Shared\SPBBC\SPBBCDrv.sys -- (SPBBCDrv)
DRV - [2008.07.30 17:42:12 | 000,023,888 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\COH_Mon.sys -- (COH_Mon)
DRV - [2008.07.16 18:52:22 | 004,747,776 | ---- | M] (Realtek Semiconductor Corp.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\RtkHDAud.sys -- (IntcAzAudAddService) Service for Realtek HD Audio (WDM)
DRV - [2008.04.13 20:53:09 | 000,040,320 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\nmnt.sys -- (nm)
DRV - [2008.04.13 20:45:12 | 000,060,032 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\usbaudio.sys -- (usbaudio) USB-Audiotreiber (WDM)
DRV - [2008.04.13 18:36:05 | 000,144,384 | ---- | M] (Windows (R) Server 2003 DDK provider) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\hdaudbus.sys -- (HDAudBus)
DRV - [2007.12.05 01:41:00 | 007,435,392 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\nv4_mini.sys -- (nv)
DRV - [2007.11.30 23:57:12 | 000,317,616 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\srtspl.sys -- (SRTSPL)
DRV - [2007.11.30 23:57:12 | 000,279,088 | ---- | M] (Symantec Corporation) [File_System | System | Running] -- C:\WINDOWS\system32\drivers\srtsp.sys -- (SRTSP)
DRV - [2007.11.30 23:57:12 | 000,043,696 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\srtspx.sys -- (SRTSPX)
DRV - [2007.08.09 01:39:56 | 000,036,056 | ---- | M] (Symantec Corporation) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\CO_Mon.sys -- (CO_Mon)
DRV - [2007.02.06 17:45:04 | 000,025,632 | ---- | M] () [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\LVPr2Mon.sys -- (LVPr2Mon)
DRV - [2007.02.06 17:44:36 | 001,964,064 | ---- | M] (Logitech Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\LVMVdrv.sys -- (LVMVDrv)
DRV - [2007.02.06 17:42:40 | 001,691,808 | ---- | M] () [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\Lvckap.sys -- (LVcKap)
DRV - [2007.02.03 20:32:34 | 000,041,504 | R--- | M] (Logitech Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\LVUSBSta.sys -- (LVUSBSta)
DRV - [2007.02.03 20:27:27 | 000,938,272 | R--- | M] (Logitech Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\LV302V32.SYS -- (PID_PEPI) Logitech QuickCam IM(PID_PEPI)
DRV - [2007.02.03 20:27:15 | 000,014,240 | R--- | M] (Logitech Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\lv302af.sys -- (pepifilter)
DRV - [2006.10.09 15:03:56 | 000,017,152 | ---- | M] (Deutsche Telekom AG, Marmiko IT-Solutions GmbH) [Kernel | On_Demand | Stopped] -- C:\Programme\Gemeinsame Dateien\Marmiko Shared\MInfraIS\MIINPazx.sys -- (MIINPazX)
DRV - [2006.10.09 14:46:44 | 000,017,536 | ---- | M] (Deutsche Telekom AG AG, Marmiko IT-Solutions GmbH) [Kernel | On_Demand | Stopped] -- C:\Programme\T-Online\T-Online_Software_6\Basis-Software\Basis1\MTOnlPktAlyx.sys -- (MTOnlPktAlyX)
DRV - [2006.10.04 09:14:26 | 000,017,280 | ---- | M] (Marmiko IT-Solutions GmbH) [Kernel | On_Demand | Running] -- C:\Programme\Gemeinsame Dateien\Marmiko Shared\MAcNdis5.sys -- (MACNDIS5)
DRV - [2006.01.19 04:17:38 | 000,011,904 | ---- | M] (Brother Industries Ltd.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\BrUsbSer.sys -- (BrUsbSer)
DRV - [2006.01.18 23:44:46 | 000,053,248 | ---- | M] (Brother Industries Ltd.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\BrSerIf.sys -- (BrSerIf)
DRV - [2005.08.30 17:59:00 | 000,094,000 | ---- | M] (MCCI) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\ss_mdm.sys -- (ss_mdm)
DRV - [2005.08.30 17:58:56 | 000,008,304 | ---- | M] (MCCI) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\ss_mdfl.sys -- (ss_mdfl)
DRV - [2005.08.30 17:57:18 | 000,058,320 | ---- | M] (MCCI) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\ss_bus.sys -- (ss_bus) SAMSUNG Mobile USB Device 1.0 driver (WDM)
DRV - [2004.10.15 13:50:20 | 000,015,295 | ---- | M] (Brother Industries Ltd.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\BrScnUsb.sys -- (BrScnUsb)
DRV - [2004.08.03 23:31:34 | 000,020,992 | ---- | M] (Realtek Semiconductor Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\RTL8139.sys -- (rtl8139) NT-Treiber für Realtek RTL8139(A/B/C)
 
 
========== Standard Registry (SafeList) ==========
 
 
========== Internet Explorer ==========
 
 
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local
 
========== FireFox ==========
 
FF - prefs.js..browser.search.selectedEngine: "Wikipedia (de)"
FF - prefs.js..browser.startup.homepage: "www.t-online.de"
FF - prefs.js..extensions.enabledItems: jqs@sun.com:1.0
FF - prefs.js..extensions.enabledItems: {B13721C7-F507-4982-B2E5-502A71474FED}:2.2.0.102
 
FF - HKLM\software\mozilla\Mozilla Firefox 3.6.8\extensions\\Components: C:\Programme\Mozilla Firefox\components [2010.07.25 13:52:14 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.6.8\extensions\\Plugins: C:\Programme\Mozilla Firefox\plugins [2010.07.25 13:52:14 | 000,000,000 | ---D | M]
 
[2008.09.02 11:31:16 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\***\Anwendungsdaten\Mozilla\Extensions
[2010.09.04 10:30:25 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\***\Anwendungsdaten\Mozilla\Firefox\Profiles\b0qjm3u8.default\extensions
[2009.09.03 08:55:35 | 000,000,000 | ---D | M] (Microsoft .NET Framework Assistant) -- C:\Dokumente und Einstellungen\***\Anwendungsdaten\Mozilla\Firefox\Profiles\b0qjm3u8.default\extensions\{20a82645-c095-46ed-80e3-08825760534b}
[2010.09.08 16:40:28 | 000,000,000 | ---D | M] -- C:\Programme\Mozilla Firefox\extensions
[2007.08.25 05:52:00 | 000,300,400 | ---- | M] (Symantec Corporation) -- C:\Programme\Mozilla Firefox\components\coFFPlgn.dll
[2010.03.12 22:47:35 | 000,001,392 | ---- | M] () -- C:\Programme\Mozilla Firefox\searchplugins\amazondotcom-de.xml
[2010.03.12 22:47:35 | 000,002,344 | ---- | M] () -- C:\Programme\Mozilla Firefox\searchplugins\eBay-de.xml
[2010.03.12 22:47:35 | 000,006,805 | ---- | M] () -- C:\Programme\Mozilla Firefox\searchplugins\leo_ende_de.xml
[2010.03.12 22:47:35 | 000,001,178 | ---- | M] () -- C:\Programme\Mozilla Firefox\searchplugins\wikipedia-de.xml
[2010.03.12 22:47:35 | 000,001,105 | ---- | M] () -- C:\Programme\Mozilla Firefox\searchplugins\yahoo-de.xml
 
O1 HOSTS File: ([2010.09.07 05:46:00 | 000,001,843 | ---- | M]) - C:\WINDOWS\system32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1      localhost
O1 - Hosts: 212.95.49.48 www.google.com
O1 - Hosts: 212.95.49.48 us.search.yahoo.com
O1 - Hosts: 212.95.49.48 uk.search.yahoo.com
O1 - Hosts: 212.95.49.48 search.yahoo.com
O1 - Hosts: 212.95.49.48 www.google.com.br
O1 - Hosts: 212.95.49.48 www.google.it
O1 - Hosts: 212.95.49.48 www.google.es
O1 - Hosts: 212.95.49.48 www.google.co.jp
O1 - Hosts: 212.95.49.48 www.google.com.mx
O1 - Hosts: 212.95.49.48 www.google.ca
O1 - Hosts: 212.95.49.48 www.google.com.au
O1 - Hosts: 212.95.49.48 www.google.nl
O1 - Hosts: 212.95.49.48 www.google.co.za
O1 - Hosts: 212.95.49.48 www.google.be
O1 - Hosts: 212.95.49.48 www.google.gr
O1 - Hosts: 212.95.49.48 www.google.at
O1 - Hosts: 212.95.49.48 www.google.se
O1 - Hosts: 212.95.49.48 www.google.ch
O1 - Hosts: 212.95.49.48 www.google.pt
O1 - Hosts: 212.95.49.48 www.google.dk
O1 - Hosts: 212.95.49.48 www.google.fi
O1 - Hosts: 212.95.49.48 www.google.ie
O1 - Hosts: 212.95.49.48 www.google.no
O1 - Hosts: 212.95.49.48 www.google.de
O1 - Hosts: 3 more lines...
O2 - BHO: (Adobe PDF Link Helper) - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Programme\Gemeinsame Dateien\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll (Adobe Systems Incorporated)
O2 - BHO: (no name) - {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} - C:\Programme\Gemeinsame Dateien\Symantec Shared\coShared\Browser\2.0\CoIEPlg.dll (Symantec Corporation)
O2 - BHO: (Symantec Intrusion Prevention) - {6D53EC84-6AAE-4787-AEEE-F4628F01010C} - C:\Programme\Gemeinsame Dateien\Symantec Shared\IDS\IPSBHO.dll (Symantec Corporation)
O2 - BHO: (Groove GFS Browser Helper) - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Programme\Microsoft Office\Office12\GrooveShellExtensions.dll (Microsoft Corporation)
O3 - HKLM\..\Toolbar: (Norton-Symbolleiste anzeigen) - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Programme\Gemeinsame Dateien\Symantec Shared\coShared\Browser\2.0\CoIEPlg.dll (Symantec Corporation)
O3 - HKCU\..\Toolbar\WebBrowser: (Norton-Symbolleiste anzeigen) - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Programme\Gemeinsame Dateien\Symantec Shared\coShared\Browser\2.0\CoIEPlg.dll (Symantec Corporation)
O4 - HKLM..\Run: [ccApp] C:\Programme\Gemeinsame Dateien\Symantec Shared\ccApp.exe (Symantec Corporation)
O4 - HKLM..\Run: [ControlCenter2.0] C:\Programme\Brother\ControlCenter2\brctrcen.exe (Brother Industries, Ltd.)
O4 - HKLM..\Run: [IndexSearch] C:\Programme\ScanSoft\PaperPort\IndexSearch.exe (ScanSoft, Inc.)
O4 - HKLM..\Run: [LogitechCommunicationsManager] C:\Programme\Gemeinsame Dateien\LogiShrd\LComMgr\Communications_Helper.exe (Logitech Inc.)
O4 - HKLM..\Run: [LogitechQuickCamRibbon] C:\Programme\Logitech\QuickCam10\QuickCam10.exe ()
O4 - HKLM..\Run: [NvCplDaemon] C:\WINDOWS\System32\NvCpl.DLL (NVIDIA Corporation)
O4 - HKLM..\Run: [NvMediaCenter] C:\WINDOWS\System32\NvMcTray.DLL (NVIDIA Corporation)
O4 - HKLM..\Run: [nwiz] C:\WINDOWS\System32\nwiz.exe ()
O4 - HKLM..\Run: [osCheck] C:\Programme\Norton Internet Security\osCheck.exe (Symantec Corporation)
O4 - HKLM..\Run: [PaperPort PTD] C:\Programme\ScanSoft\PaperPort\pptd40nt.exe (ScanSoft, Inc.)
O4 - HKLM..\Run: [SetDefPrt] C:\Programme\Brother\Brmfl04g\BrStDvPt.exe (Brother Industories, Ltd.)
O4 - HKLM..\Run: [SSBkgdUpdate] C:\Programme\Gemeinsame Dateien\Scansoft Shared\SSBkgdUpdate\SSBkgdupdate.exe (Scansoft, Inc.)
O4 - HKCU..\Run: [T-Online_Software_6\WLAN-Access Finder] C:\Programme\T-Online\WLAN-Access Finder\ToWLaAcF.exe (Deutsche Telekom AG, Marmiko IT-Solutions GmbH)
O4 - Startup: C:\Dokumente und Einstellungen\All Users\Startmenü\Programme\Autostart\Lexware Info Service.lnk = C:\Programme\Gemeinsame Dateien\Lexware\Update Manager\LxUpdateManager.exe (Lexware GmbH & Co. KG)
O4 - Startup: C:\Dokumente und Einstellungen\***\Startmenü\Programme\Autostart\Netzmanager.lnk = C:\Programme\Netzmanager\netzmanager.exe (Deutsche Telekom AG)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O8 - Extra context menu item: Nach Microsoft E&xel exportieren - C:\Programme\Microsoft Office\Office12\EXCEL.EXE (Microsoft Corporation)
O9 - Extra Button: An OneNote senden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Programme\Microsoft Office\Office12\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : An OneNote s&enden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Programme\Microsoft Office\Office12\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra Button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\Programme\Microsoft Office\Office12\REFIEBAR.DLL (Microsoft Corporation)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000004 [] - C:\Programme\Bonjour\mdnsNSP.dll (Apple Computer, Inc.)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_13-windows-i586.cab (Java Plug-in 1.6.0_13)
O16 - DPF: {CAFEEFAC-0016-0000-0013-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_13-windows-i586.cab (Java Plug-in 1.6.0_13)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_13-windows-i586.cab (Java Plug-in 1.6.0_13)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.2.1
O18 - Protocol\Handler\grooveLocalGWS {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\Programme\Microsoft Office\Office12\GrooveSystemServices.dll (Microsoft Corporation)
O18 - Protocol\Handler\http\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Gemeinsame Dateien\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\http\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Gemeinsame Dateien\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\https\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Gemeinsame Dateien\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\https\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Gemeinsame Dateien\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\ipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Gemeinsame Dateien\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\msdaipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Gemeinsame Dateien\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\msdaipp\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Gemeinsame Dateien\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\ms-help {314111c7-a502-11d2-bbca-00c04f8ec294} - C:\Programme\Gemeinsame Dateien\Microsoft Shared\Help\hxds.dll (Microsoft Corporation)
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Programme\Gemeinsame Dateien\Skype\Skype4COM.dll (Skype Technologies)
O18 - Protocol\Filter\text/xml {807563E5-5146-11D5-A672-00B0D022E945} - C:\Programme\Gemeinsame Dateien\Microsoft Shared\OFFICE12\MSOXMLMF.DLL (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)
O24 - Desktop Components:0 (Die derzeitige Homepage) - About:Home
O24 - Desktop WallPaper: C:\WINDOWS\Web\Wallpaper\Grüne Idylle.bmp
O24 - Desktop BackupWallPaper: C:\WINDOWS\Web\Wallpaper\Grüne Idylle.bmp
O28 - HKLM ShellExecuteHooks: {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - C:\Programme\Microsoft Office\Office12\GrooveShellExtensions.dll (Microsoft Corporation)
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2008.04.10 17:50:24 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O32 - AutoRun File - [2003.01.11 16:03:44 | 000,000,053 | R--- | M] () - D:\AUTORUN.INF -- [ CDFS ]
O32 - AutoRun File - [2008.12.12 10:18:00 | 028,745,404 | ---- | M] () - E:\autorun.upg -- [ FAT32 ]
O34 - HKLM BootExecute: (autocheck autochk *) -  File not found
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
 
========== Files/Folders - Created Within 30 Days ==========
 
[2010.09.08 16:42:21 | 000,000,000 | ---D | C] -- C:\Programme\CCleaner
[2010.09.08 16:35:10 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\***\Desktop\virus log
[2010.09.08 15:14:34 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\***\Anwendungsdaten\Malwarebytes
[2010.09.08 15:14:26 | 000,038,224 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbamswissarmy.sys
[2010.09.08 15:14:26 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Malwarebytes
[2010.09.08 15:14:25 | 000,020,952 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbam.sys
[2010.09.08 15:14:25 | 000,000,000 | ---D | C] -- C:\Programme\Malwarebytes' Anti-Malware
[2010.09.08 15:13:39 | 006,153,648 | ---- | C] (Malwarebytes Corporation                                    ) -- C:\Dokumente und Einstellungen\***\Desktop\herbert.exe
[2010.08.15 17:45:57 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\**\Desktop\Walea 2010
[2010.08.12 09:32:22 | 000,000,000 | ---D | C] -- C:\Programme\Netzmanager
[2010.08.12 09:32:22 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Netzmanager
[2010.08.12 09:32:15 | 000,000,000 | -H-D | C] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\{290883D4-FF33-4C80-B8FB-E5D5A89C103B}
[2010.08.12 09:31:16 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\***\Lokale Einstellungen\Anwendungsdaten\PackageAware
[5 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]
[3 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]
 
========== Files - Modified Within 30 Days ==========
 
[2010.09.08 16:39:27 | 000,013,646 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2010.09.08 16:37:49 | 000,000,006 | -H-- | M] () -- C:\WINDOWS\tasks\SA.DAT
[2010.09.08 16:37:40 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2010.09.08 16:36:37 | 004,718,592 | -H-- | M] () -- C:\Dokumente und Einstellungen\***\NTUSER.DAT
[2010.09.08 16:36:18 | 000,000,190 | -HS- | M] () -- C:\Dokumente und Einstellungen\***\ntuser.ini
[2010.09.08 16:36:05 | 000,054,016 | ---- | M] () -- C:\WINDOWS\System32\drivers\ancsttvb.sys
[2010.09.08 15:12:02 | 006,153,648 | ---- | M] (Malwarebytes Corporation                                    ) -- C:\Dokumente und Einstellungen\***\Desktop\herbert.exe
[2010.09.08 15:11:12 | 000,363,520 | ---- | M] () -- C:\Dokumente und Einstellungen\***\Desktop\iExplorer.com
[2010.09.07 16:56:04 | 000,000,718 | ---- | M] () -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\.wtav
[2010.09.02 08:11:20 | 000,002,313 | ---- | M] () -- C:\Dokumente und Einstellungen\All Users\Desktop\KingBill 2009.lnk
[2010.08.31 09:37:17 | 000,000,676 | ---- | M] () -- C:\WINDOWS\tasks\Norton Internet Security Online - Systemprüfung ausführen - ***.job
[2010.08.27 12:59:24 | 000,002,285 | ---- | M] () -- C:\Dokumente und Einstellungen\All Users\Desktop\KingBill 2010.lnk
[2010.08.27 12:55:46 | 000,002,249 | ---- | M] () -- C:\Dokumente und Einstellungen\All Users\Desktop\KingNotes.lnk
[2010.08.26 17:30:31 | 000,011,149 | ---- | M] () -- C:\Dokumente und Einstellungen\***\Eigene Dateien\Herbstzauber 2009.docx
[2010.08.18 16:50:18 | 000,011,652 | ---- | M] () -- C:\Dokumente und Einstellungen\***\Eigene Dateien\Erbeersorten2.docx
[2010.08.15 19:01:31 | 000,000,000 | ---- | M] () -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\LauncherAccess.dt
[2010.08.14 12:14:13 | 000,013,312 | ---- | M] () -- C:\Dokumente und Einstellungen\**\Lokale Einstellungen\Anwendungsdaten\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2010.08.12 09:39:41 | 000,000,724 | ---- | M] () -- C:\Dokumente und Einstellungen\***\Startmenü\Programme\Autostart\Netzmanager.lnk
[2010.08.12 09:32:23 | 000,000,764 | ---- | M] () -- C:\Dokumente und Einstellungen\All Users\Desktop\Netzmanager.lnk
[2010.08.12 03:24:15 | 002,334,344 | ---- | M] () -- C:\WINDOWS\System32\FNTCACHE.DAT
[2010.08.12 03:05:00 | 001,033,712 | ---- | M] () -- C:\WINDOWS\System32\PerfStringBackup.INI
[2010.08.12 03:05:00 | 000,462,662 | ---- | M] () -- C:\WINDOWS\System32\perfh007.dat
[2010.08.12 03:05:00 | 000,444,164 | ---- | M] () -- C:\WINDOWS\System32\perfh009.dat
[2010.08.12 03:05:00 | 000,085,534 | ---- | M] () -- C:\WINDOWS\System32\perfc007.dat
[2010.08.12 03:05:00 | 000,072,040 | ---- | M] () -- C:\WINDOWS\System32\perfc009.dat
[5 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]
[3 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]
 
========== Files Created - No Company Name ==========
 
[2010.09.08 16:36:05 | 000,054,016 | ---- | C] () -- C:\WINDOWS\System32\drivers\ancsttvb.sys
[2010.09.08 15:13:39 | 000,363,520 | ---- | C] () -- C:\Dokumente und Einstellungen\***\Desktop\iExplorer.com
[2010.09.07 05:46:14 | 000,000,718 | ---- | C] () -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\.wtav
[2010.08.27 13:00:36 | 000,069,850 | ---- | C] () -- C:\Dokumente und Einstellungen\***\Anwendungsdaten\COMBIT.LOG
[2010.08.18 16:50:17 | 000,011,652 | ---- | C] () -- C:\Dokumente und Einstellungen\***\Eigene Dateien\Erbeersorten2.docx
[2010.08.12 09:39:41 | 000,000,724 | ---- | C] () -- C:\Dokumente und Einstellungen\***\Startmenü\Programme\Autostart\Netzmanager.lnk
[2010.08.12 09:32:23 | 000,000,764 | ---- | C] () -- C:\Dokumente und Einstellungen\All Users\Desktop\Netzmanager.lnk
[2010.07.27 22:05:53 | 000,195,392 | ---- | C] () -- C:\Dokumente und Einstellungen\LocalService\Lokale Einstellungen\Anwendungsdaten\FontCache3.0.0.0.dat
[2010.02.08 22:45:13 | 000,116,889 | ---- | C] () -- C:\Dokumente und Einstellungen\***\Anwendungsdaten\mdbu.bin
[2010.02.08 21:31:00 | 000,120,200 | ---- | C] () -- C:\WINDOWS\System32\DLLDEV32i.dll
[2009.10.18 18:43:09 | 000,116,224 | ---- | C] () -- C:\WINDOWS\System32\pdfcmnnt.dll
[2009.03.04 10:33:53 | 000,077,824 | ---- | C] () -- C:\WINDOWS\System32\BROSNMP.DLL
[2009.01.07 14:12:57 | 000,013,312 | ---- | C] () -- C:\Dokumente und Einstellungen\***\Lokale Einstellungen\Anwendungsdaten\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2008.10.15 11:45:08 | 000,000,034 | ---- | C] () -- C:\WINDOWS\Kassenbuch.INI
[2008.07.26 16:14:13 | 000,050,127 | R--- | C] () -- C:\WINDOWS\System32\lvcoinst.ini
[2008.05.01 17:57:48 | 000,000,051 | ---- | C] () -- C:\WINDOWS\brmx2001.ini
[2008.05.01 17:57:48 | 000,000,040 | ---- | C] () -- C:\WINDOWS\opt_2460.ini
[2008.04.18 22:27:07 | 000,000,400 | ---- | C] () -- C:\WINDOWS\ODBC.INI
[2008.04.18 16:06:02 | 000,106,496 | ---- | C] () -- C:\WINDOWS\System32\BrMuSNMP.dll
[2008.04.18 13:41:13 | 000,000,801 | ---- | C] () -- C:\WINDOWS\Brpfx04a.ini
[2008.04.18 13:41:13 | 000,000,148 | ---- | C] () -- C:\WINDOWS\brpcfx.ini
[2008.04.18 13:41:13 | 000,000,052 | ---- | C] () -- C:\WINDOWS\BRPP2KA.INI
[2008.04.14 20:12:32 | 000,208,896 | ---- | C] () -- C:\WINDOWS\System32\LXPrnUtil10.dll
[2008.04.14 20:12:32 | 000,090,112 | ---- | C] () -- C:\WINDOWS\System32\LxUtl10.dll
[2008.04.13 19:50:06 | 000,000,000 | ---- | C] () -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\LauncherAccess.dt
[2008.04.13 19:48:49 | 000,005,632 | ---- | C] () -- C:\WINDOWS\System32\drivers\StarOpen.sys
[2008.04.13 19:14:47 | 000,000,432 | ---- | C] () -- C:\WINDOWS\BRWMARK.INI
[2008.04.13 19:07:47 | 000,027,114 | ---- | C] () -- C:\WINDOWS\maxlink.ini
[2008.04.13 19:03:30 | 000,007,680 | ---- | C] () -- C:\WINDOWS\System32\CNMVS69.DLL
[2008.04.10 18:02:10 | 000,000,057 | ---- | C] () -- C:\WINDOWS\HBUser.ini
[2008.04.10 17:57:37 | 000,000,140 | ---- | C] () -- C:\Dokumente und Einstellungen\***\Lokale Einstellungen\Anwendungsdaten\fusioncache.dat
[2007.12.05 01:41:00 | 001,703,936 | ---- | C] () -- C:\WINDOWS\System32\nvwdmcpl.dll
[2007.12.05 01:41:00 | 001,474,560 | ---- | C] () -- C:\WINDOWS\System32\nview.dll
[2007.12.05 01:41:00 | 001,019,904 | ---- | C] () -- C:\WINDOWS\System32\nvwimg.dll
[2007.12.05 01:41:00 | 000,466,944 | ---- | C] () -- C:\WINDOWS\System32\nvshell.dll
[2007.12.05 01:41:00 | 000,286,720 | ---- | C] () -- C:\WINDOWS\System32\nvnt4cpl.dll
[2007.02.06 17:45:04 | 000,025,632 | ---- | C] () -- C:\WINDOWS\System32\drivers\LVPr2Mon.sys
[2007.02.06 17:42:40 | 001,691,808 | ---- | C] () -- C:\WINDOWS\System32\drivers\Lvckap.sys
[2006.09.29 16:12:12 | 000,303,104 | ---- | C] () -- C:\WINDOWS\System32\dnt27VC8.dll
[2006.09.24 22:04:42 | 000,090,112 | ---- | C] () -- C:\WINDOWS\System32\dntvmc27VC8.dll
[2006.09.24 22:03:32 | 000,086,016 | ---- | C] () -- C:\WINDOWS\System32\dntvm27VC8.dll
[2006.09.21 13:53:28 | 000,282,679 | ---- | C] () -- C:\WINDOWS\System32\dnt27.dll
[2006.09.21 13:52:24 | 000,077,882 | ---- | C] () -- C:\WINDOWS\System32\dntvmc27.dll
[2006.09.21 13:52:14 | 000,077,881 | ---- | C] () -- C:\WINDOWS\System32\dntvm27.dll
[2002.03.04 10:16:34 | 000,110,592 | R--- | C] () -- C:\WINDOWS\System32\Jpeg32.dll
[2001.10.10 08:57:58 | 000,073,786 | ---- | C] () -- C:\WINDOWS\System32\dntvmc23.dll
[2001.10.10 08:57:58 | 000,061,497 | ---- | C] () -- C:\WINDOWS\System32\dntvm23.dll
[2001.03.07 08:02:30 | 000,229,431 | ---- | C] () -- C:\WINDOWS\System32\dnt23.dll
 
========== LOP Check ==========
 
[2010.02.08 21:31:26 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\ALDI Sued Foto Service
[2010.02.08 21:33:07 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Aldi Sued Fotoservice
[2009.01.25 18:02:32 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Banking
[2008.06.27 20:01:02 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\BankingT-Online
[2008.04.14 20:16:38 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\BTrieve
[2008.04.14 20:16:23 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Lexware
[2010.02.08 21:32:37 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\MAGIX
[2010.08.24 14:17:01 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Netzmanager
[2008.04.13 19:07:35 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\ScanSoft
[2010.02.12 09:03:59 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\T-Online
[2010.08.12 09:32:35 | 000,000,000 | -H-D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\{290883D4-FF33-4C80-B8FB-E5D5A89C103B}
[2008.10.17 19:37:12 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\***\Anwendungsdaten\Kingston
[2008.04.14 20:17:04 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\**\Anwendungsdaten\Lexware
[2010.02.08 21:33:30 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\**\Anwendungsdaten\MAGIX
[2008.04.13 19:51:30 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\***\Anwendungsdaten\Samsung
[2008.04.13 19:13:14 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\***Anwendungsdaten\ScanSoft
[2008.04.10 17:58:22 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\***\Anwendungsdaten\T-Online
 
========== Purity Check ==========
 
 
< End of report >
]]> Hijacker / HiJackThis Logs posten dasuckoor http://www.trojaner-board.de/90545-antivirus-2010-security-centre-wirklich-vollstaendig-entfernt.html Offen Trojaner (Antimaleware Doctor) und eventuell auch mehr http://www.trojaner-board.de/90537-trojaner-antimaleware-doctor-und-eventuell-auch-mehr.html Wed, 08 Sep 2010 12:08:32 GMT Hallo Leute, habe wohl einen bzw meherere Trojaner auf dem PC. Hatte einen Suchdurchlauf mit Malwarebytes Aniti Malware und SuperAntiSpyware laufen lassen und alles gelöscht. Doch als ich vom Abgesicherten Modus wieder in den Normalen Modus gegangen bin war alles wieder da. Lasse jetzt... Hallo Leute,

habe wohl einen bzw meherere Trojaner auf dem PC. Hatte einen Suchdurchlauf mit Malwarebytes Aniti Malware und SUPERAntiSpyware laufen lassen und alles gelöscht. Doch als ich vom Abgesicherten Modus wieder in den Normalen Modus gegangen bin war alles wieder da.

Lasse jetzt Malwarebytes ein zweites Mal durchlaufen und habe einiges mit HijackThis entfernt, aber was muss ich machen um die Schädlinge permanent wegzukriegen?

Vielen Dank im Vorraus


HijackThis-,
RSIT-,
hjtscanlist logs im Anhang
Angehängte Dateien
Dateityp: zip trojaner.zip (37,5 KB)
]]> Hijacker / HiJackThis Logs posten http://www.trojaner-board.de/90537-trojaner-antimaleware-doctor-und-eventuell-auch-mehr.html Offen Antimaleware Doctor entfernt, Malewarebytes Anti-Maleware logs zur Überprüfung http://www.trojaner-board.de/90533-antimaleware-doctor-entfernt-malewarebytes-anti-maleware-logs-zur-uberpruefung.html Wed, 08 Sep 2010 09:18:03 GMT Hallo liebes trojaner-board Team,

gestern ist auf meinem Rechner der " Antimaleware Doctor" aufgetaucht. Das Programm kam mir sofort unseriös vor und ich habe es nicht ausgeführt. Heute habe ich dann ein bisschen gegoogelt und bin auch promt auf den Beitrag hier aus dem Forum gestoßen.

Das Tutorial habe ich dann Schritt für Schritt befolgt. ( Und bin nun beim Posten der Logs )

Als erstes habe ich rkill.com heruntergelanden und ausgeführt.

Anschließen habe ich mir dann Malewarebytes Anti-Maleware runter geladen und damit die weiteren Schritte des Tutorials befolgt.

Zu erst habe ich ein Quick-Scan durchgeführt und dabei wurden 11 infizierte Objekte gefunden.

Ich habs sie dann, wie erfordert, entfernt und ich bekam diesen log :

Code:
Malwarebytes' Anti-Malware 1.46
www.malwarebytes.org

Datenbank Version: 4567

Windows 6.1.7600
Internet Explorer 8.0.7600.16385

08.09.2010 08:52:05
mbam-log-2010-09-08 (08-52-05).txt

Art des Suchlaufs: Quick-Scan
Durchsuchte Objekte: 143331
Laufzeit: 4 Minute(n), 23 Sekunde(n)

Infizierte Speicherprozesse: 0
Infizierte Speichermodule: 0
Infizierte Registrierungsschlüssel: 2
Infizierte Registrierungswerte: 2
Infizierte Dateiobjekte der Registrierung: 0
Infizierte Verzeichnisse: 0
Infizierte Dateien: 7

Infizierte Speicherprozesse:
(Keine bösartigen Objekte gefunden)

Infizierte Speichermodule:
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungsschlüssel:
HKEY_CURRENT_USER\Software\Antimalware Doctor Inc (Rogue.AntimalwareDoctor) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Uninstall\Antimalware Doctor (Rogue.AntimalwareDoctor) -> Quarantined and deleted successfully.

Infizierte Registrierungswerte:
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\mediafix70700en02.exe (Trojan.Agent.Gen) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce\*upd_debug.exe (Trojan.FakeAlert) -> Quarantined and deleted successfully.

Infizierte Dateiobjekte der Registrierung:
(Keine bösartigen Objekte gefunden)

Infizierte Verzeichnisse:
(Keine bösartigen Objekte gefunden)

Infizierte Dateien:
C:\Users\Mastermind\AppData\Roaming\0DA290A88B8D12D3CBCCE50A39F1D66C\mediafix70700en02.exe (Trojan.Agent.Gen) -> Quarantined and deleted successfully.
C:\Users\Mastermind\AppData\Local\Temp\elev.exe (Trojan.Bamital.Gen) -> Quarantined and deleted successfully.
C:\Users\Mastermind\Desktop\Antimalware Doctor.lnk (Rogue.AntimalwareDoctor) -> Quarantined and deleted successfully.
C:\Users\Mastermind\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Antimalware Doctor.lnk (Rogue.AntimalwareDoctor) -> Quarantined and deleted successfully.
C:\Users\Mastermind\AppData\Roaming\Microsoft\Windows\Start Menu\Antimalware Doctor.lnk (Rogue.AntimalwareDoctor) -> Quarantined and deleted successfully.
C:\Users\Mastermind\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Antimalware Doctor.lnk (Rogue.AntiMalwareDoctor) -> Quarantined and deleted successfully.
C:\Users\Mastermind\AppData\Roaming\0DA290A88B8D12D3CBCCE50A39F1D66C\upd_debug.exe (Trojan.FakeAlert) -> Quarantined and deleted successfully.

Nachdem ich den Rechner neugestartet habe, war vom "Antimaleware Doctor" nichts mehr zu sehen. ( Zumindest sichbtar )

Ich habe dann mit Malewarebytes Anti-Maleware noch mal einen vollständigen Scan durchgeführt und er hat 1 infizierte Datei gefunden.

Hier der Log:

Code:
Malwarebytes' Anti-Malware 1.46
www.malwarebytes.org

Datenbank Version: 4567

Windows 6.1.7600
Internet Explorer 8.0.7600.16385

08.09.2010 10:01:40
mbam-log-2010-09-08 (10-01-40).txt

Art des Suchlaufs: Vollständiger Suchlauf (C:\|D:\|)
Durchsuchte Objekte: 268910
Laufzeit: 49 Minute(n), 42 Sekunde(n)

Infizierte Speicherprozesse: 0
Infizierte Speichermodule: 0
Infizierte Registrierungsschlüssel: 0
Infizierte Registrierungswerte: 0
Infizierte Dateiobjekte der Registrierung: 0
Infizierte Verzeichnisse: 0
Infizierte Dateien: 1

Infizierte Speicherprozesse:
(Keine bösartigen Objekte gefunden)

Infizierte Speichermodule:
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungsschlüssel:
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungswerte:
(Keine bösartigen Objekte gefunden)

Infizierte Dateiobjekte der Registrierung:
(Keine bösartigen Objekte gefunden)

Infizierte Verzeichnisse:
(Keine bösartigen Objekte gefunden)

Infizierte Dateien:
C:\Users\Mastermind\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\14N9RHU8\mediafix70700en02[1].exe (Trojan.Agent.Gen) -> Quarantined and deleted successfully.

Ist mein System jetzt wieder komplett bereinigt ? Und ich kann auch Online-banking wieder nutzen ohne Angst haben zu müssen, dass einer meine Daten klaut oder so ?

Vielen Dank im Voraus für die Antworten und Hilfen :dankeschoen: ]]> Hijacker / HiJackThis Logs posten Mastermind88 http://www.trojaner-board.de/90533-antimaleware-doctor-entfernt-malewarebytes-anti-maleware-logs-zur-uberpruefung.html Offen Objekt: Svchost.exe Fund:TR/stuby.438272 http://www.trojaner-board.de/90530-objekt-svchost-exe-fund-tr-stuby-438272-a.html Wed, 08 Sep 2010 08:01:11 GMT Guten Tag alle zusammen.

Seit eingen Tagen bringt mein Antivir immer folgende Meldung kurz nach dem Systemstart

Objekt: Svchost.exe Fund:TR/stuby.438272

Ich habe mir HijackThis runtergeladen und mein logfile checken lassen und tatsächlich:

"Dieser Eintrag ist ein Trojaner. Hierbei sind Programmname und Dateiname identisch:
O4 - HKLM\..\RunOnce: [iepy.exe] C:\WINDOWS\system32\iepy.exe"

Nun meine Frage an Sie, reicht ein einfaches "fixen" mit HijackThis oder kann ich evtl mein System neu aufsetzen?

Vielen Dank für Ihre Antwort.

Anbei mein Logfile.

Zitat:
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 09:54:37, on 08.09.2010
Platform: Unknown Windows (WinNT 6.01.3504)
MSIE: Internet Explorer v8.00 (8.00.7600.16385)
Boot mode: Normal

Running processes:
C:\Program Files (x86)\Analog Devices\SoundMAX\SoundMAX.exe
E:\Programme Win 7\Acrobat\acrotray.exe
C:\Windows\SysWOW64\explorer.exe
E:\Programme Win 7\VirtualCloneDrive\VCDDaemon.exe
C:\Program Files (x86)\Analog Devices\Core\smax4pnp.exe
C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe
C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
E:\Programme Win 7\iTunesHelper.exe
C:\Program Files (x86)\Mozilla Firefox\firefox.exe
C:\Program Files (x86)\Mozilla Firefox\firefox.exe
C:\Program Files (x86)\Trend Micro\HijackThis\HijackThis.exe
C:\Program Files (x86)\Mozilla Firefox\plugin-container.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.google.de/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = hxxp://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
F2 - REG:system.ini: UserInit=userinit.exe
O2 - BHO: (no name) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - (no file)
O2 - BHO: ContributeBHO Class - {074C1DC5-9320-4A9A-947D-C042949C6216} - E:\ADOBE CS 5\Adobe Contribute CS5\Plugins\IEPlugin\contributeieplugin.dll
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - (no file)
O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files (x86)\Microsoft Office\Office12\GrooveShellExtensions.dll
O2 - BHO: Windows Live Anmelde-Hilfsprogramm - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Adobe PDF Conversion Toolbar Helper - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll
O2 - BHO: SmartSelect - {F4971EE7-DAA0-4053-9964-665D8EE6A077} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll
O3 - Toolbar: Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll
O3 - Toolbar: Contribute Toolbar - {517BDDE4-E3A7-4570-B21E-2B52B6139FC7} - E:\ADOBE CS 5\Adobe Contribute CS5\Plugins\IEPlugin\contributeieplugin.dll
O4 - HKLM\..\Run: [JMB36X IDE Setup] C:\Windows\RaidTool\xInsIDE.exe
O4 - HKLM\..\Run: [Adobe Acrobat Speed Launcher] "E:\Programme Win 7\Acrobat\Acrobat_sl.exe"
O4 - HKLM\..\Run: [Acrobat Assistant 8.0] "E:\Programme Win 7\Acrobat\Acrotray.exe"
O4 - HKLM\..\Run: [VirtualCloneDrive] "E:\Programme Win 7\VirtualCloneDrive\VCDDaemon.exe" /s
O4 - HKLM\..\Run: [GrooveMonitor] "C:\Program Files (x86)\Microsoft Office\Office12\GrooveMonitor.exe"
O4 - HKLM\..\Run: [WinampAgent] "C:\Program Files (x86)\Winamp\winampa.exe"
O4 - HKLM\..\Run: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
O4 - HKLM\..\Run: [SoundMAXPnP] C:\Program Files (x86)\Analog Devices\Core\smax4pnp.exe
O4 - HKLM\..\Run: [AdobeCS5ServiceManager] "C:\Program Files (x86)\Common Files\Adobe\CS5ServiceManager\CS5ServiceManager.exe" -launchedbylogin
O4 - HKLM\..\Run: [SwitchBoard] C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe
O4 - HKLM\..\Run: [avgnt] "C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe" /min
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files (x86)\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "E:\Programme Win 7\iTunesHelper.exe"
O4 - HKCU\..\Run: [ICQ] "C:\Program Files (x86)\ICQ6.5\ICQ.exe" silent
O4 - HKCU\..\Run: [HKCU] C:\Users\*****\AppData\Roaming\Winbooterr\Svchost.exe
O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun (User 'LOKALER DIENST')
O4 - HKUS\S-1-5-19\..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (User 'LOKALER DIENST')
O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun (User 'NETZWERKDIENST')
O4 - HKUS\S-1-5-20\..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (User 'NETZWERKDIENST')
O4 - Global Startup: Adobe Reader - Schnellstart.lnk = C:\Program Files (x86)\Adobe\Reader 8.0\Reader\reader_sl.exe
O4 - Global Startup: Adobe Reader Synchronizer.lnk = C:\Program Files (x86)\Adobe\Reader 8.0\Reader\AdobeCollabSync.exe
O8 - Extra context menu item: An vorhandene PDF-Datei anfügen - res://C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: In Adobe PDF konvertieren - res://C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: Linkziel an vorhandene PDF-Datei anhängen - res://C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
O8 - Extra context menu item: Linkziel in Adobe PDF konvertieren - res://C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
O8 - Extra context menu item: Nach Microsoft E&xel exportieren - res://C:\PROGRA~2\MICROS~3\Office12\EXCEL.EXE/3000
O9 - Extra button: An OneNote senden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~2\MICROS~3\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: An OneNote s&enden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~2\MICROS~3\Office12\ONBttnIE.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~2\MICROS~3\Office12\REFIEBAR.DLL
O13 - Gopher Prefix:
O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\Program Files (x86)\Microsoft Office\Office12\GrooveSystemServices.dll
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~2\COMMON~1\Skype\SKYPE4~1.DLL
O20 - AppInit_DLLs: acaptuser32.dll
O23 - Service: Andrea ADI Filters Service (AEADIFilters) - Unknown owner - C:\Windows\system32\AEADISRV.EXE (file missing)
O23 - Service: @%SystemRoot%\system32\Alg.exe,-112 (ALG) - Unknown owner - C:\Windows\System32\alg.exe (file missing)
O23 - Service: Avira AntiVir Planer (AntiVirSchedulerService) - Avira GmbH - C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe
O23 - Service: Avira AntiVir Guard (AntiVirService) - Avira GmbH - C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
O23 - Service: Dienst "Bonjour" (Bonjour Service) - Apple Inc. - C:\Program Files (x86)\Bonjour\mDNSResponder.exe
O23 - Service: Dragon Age: Origins - Inhaltsupdater (DAUpdaterSvc) - BioWare - E:\Programme Win 7\Dragon Age\bin_ship\DAUpdaterSvc.Service.exe
O23 - Service: @%SystemRoot%\system32\efssvc.dll,-100 (EFS) - Unknown owner - C:\Windows\System32\lsass.exe (file missing)
O23 - Service: @%systemroot%\system32\fxsresm.dll,-118 (Fax) - Unknown owner - C:\Windows\system32\fxssvc.exe (file missing)
O23 - Service: FLEXnet Licensing Service - Acresso Software Inc. - C:\Program Files (x86)\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
O23 - Service: FLEXnet Licensing Service 64 - Macrovision Europe Ltd. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService64.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files (x86)\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: @%windir%\system32\inetsrv\iisres.dll,-30007 (IISADMIN) - Unknown owner - C:\Windows\system32\inetsrv\inetinfo.exe (file missing)
O23 - Service: iPod-Dienst (iPod Service) - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: @keyiso.dll,-100 (KeyIso) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: mental ray 3.7 Satellite for Autodesk 3ds Max Design 2010 64-bit 64-bit (mi-raysat_3dsmax2010_64) - Unknown owner - E:\Autodesk\mentalray\satellite\raysat_3dsmax2010_64server.exe
O23 - Service: @comres.dll,-2797 (MSDTC) - Unknown owner - C:\Windows\System32\msdtc.exe (file missing)
O23 - Service: @mqutil.dll,-6102 (MSMQ) - Unknown owner - C:\Windows\system32\mqsvc.exe (file missing)
O23 - Service: @mqutil.dll,-6203 (MSMQTriggers) - Unknown owner - C:\Windows\system32\mqtgsvc.exe (file missing)
O23 - Service: @%SystemRoot%\System32\netlogon.dll,-102 (Netlogon) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: NIHardwareService - Native Instruments GmbH - C:\Program Files\Common Files\Native Instruments\Hardware\NIHardwareService.exe
O23 - Service: NVIDIA Display Driver Service (nvsvc) - Unknown owner - C:\Windows\system32\nvvsvc.exe (file missing)
O23 - Service: @%systemroot%\system32\psbase.dll,-300 (ProtectedStorage) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: @%systemroot%\system32\Locator.exe,-2 (RpcLocator) - Unknown owner - C:\Windows\system32\locator.exe (file missing)
O23 - Service: @%SystemRoot%\system32\samsrv.dll,-1 (SamSs) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: ServiceLayer - Nokia. - C:\Program Files (x86)\PC Connectivity Solution\ServiceLayer.exe
O23 - Service: @%SystemRoot%\system32\snmptrap.exe,-3 (SNMPTRAP) - Unknown owner - C:\Windows\System32\snmptrap.exe (file missing)
O23 - Service: @%systemroot%\system32\spoolsv.exe,-1 (Spooler) - Unknown owner - C:\Windows\System32\spoolsv.exe (file missing)
O23 - Service: @%SystemRoot%\system32\sppsvc.exe,-101 (sppsvc) - Unknown owner - C:\Windows\system32\sppsvc.exe (file missing)
O23 - Service: SwitchBoard - Adobe Systems Incorporated - C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe
O23 - Service: TabletServicePen - Unknown owner - C:\Windows\system32\Pen_Tablet.exe (file missing)
O23 - Service: @%SystemRoot%\system32\ui0detect.exe,-101 (UI0Detect) - Unknown owner - C:\Windows\system32\UI0Detect.exe (file missing)
O23 - Service: @%SystemRoot%\system32\vaultsvc.dll,-1003 (VaultSvc) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: @%SystemRoot%\system32\vds.exe,-100 (vds) - Unknown owner - C:\Windows\System32\vds.exe (file missing)
O23 - Service: @%systemroot%\system32\vssvc.exe,-102 (VSS) - Unknown owner - C:\Windows\system32\vssvc.exe (file missing)
O23 - Service: @%systemroot%\system32\wbengine.exe,-104 (wbengine) - Unknown owner - C:\Windows\system32\wbengine.exe (file missing)
O23 - Service: @%Systemroot%\system32\wbem\wmiapsrv.exe,-110 (wmiApSrv) - Unknown owner - C:\Windows\system32\wbem\WmiApSrv.exe (file missing)
O23 - Service: @%PROGRAMFILES%\Windows Media Player\wmpnetwk.exe,-101 (WMPNetworkSvc) - Unknown owner - C:\Program Files (x86)\Windows Media Player\wmpnetwk.exe (file missing)
O23 - Service: WTouch Service (WTouchService) - Wacom Technology, Corp. - C:\Program Files\WTouch\WTouchService.exe

--
End of file - 12274 bytes
]]> Hijacker / HiJackThis Logs posten creativetif http://www.trojaner-board.de/90530-objekt-svchost-exe-fund-tr-stuby-438272-a.html Offen Trojan.Vundo.H und Disabled.SecurityCenter - erfolgreich gelöscht? http://www.trojaner-board.de/90527-trojan-vundo-h-und-disabled-securitycenter-erfolgreich-geloescht.html Wed, 08 Sep 2010 07:44:27 GMT Hallo, mein Rechner (Dell, Inspiron 1300 mit WindowsXP) ist schon seit einiger Zeit langsam und ich habe einiges versucht um ihn zu beschleunigen (Programme aus dem Autostart, einige Programme ganz gelöscht,...). Da ein Freund vor kurzem mit Malwarebytes etwas gefunden hat, habe ich gedacht das... Hallo,

mein Rechner (Dell, Inspiron 1300 mit WindowsXP) ist schon seit einiger Zeit langsam und ich habe einiges versucht um ihn zu beschleunigen (Programme aus dem Autostart, einige Programme ganz gelöscht,...). Da ein Freund vor kurzem mit Malwarebytes etwas gefunden hat, habe ich gedacht das lasse ich auch drüber laufen. Und prompt wurde was gefunden. Ich habe ansonsten Antivir und Zonealarm, die haben beide nichts gefunden.

Nun meine Frage - ist damit alles schädliche weg, oder hat Malwarebytes nicht ausgereicht? Danke!
Und evtl. die Zusatzfrage, ob jemand entdeckt, was ich noch machen kann um meinen Rechner wieder etwas schneller zu bekommen.

Hier die Logdatei vom ersten Scan:

Malwarebytes' Anti-Malware 1.46
www.malwarebytes.org

Datenbank Version: 4564

Windows 5.1.2600 Service Pack 3
Internet Explorer 8.0.6001.18702

08.09.2010 00:04:59
mbam-log-2010-09-08 (00-04-59).txt

Art des Suchlaufs: Quick-Scan
Durchsuchte Objekte: 142405
Laufzeit: 40 Minute(n), 12 Sekunde(n)

Infizierte Speicherprozesse: 0
Infizierte Speichermodule: 0
Infizierte Registrierungsschlüssel: 2
Infizierte Registrierungswerte: 0
Infizierte Dateiobjekte der Registrierung: 2
Infizierte Verzeichnisse: 0
Infizierte Dateien: 0

Infizierte Speicherprozesse:
(Keine bösartigen Objekte gefunden)

Infizierte Speichermodule:
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungsschlüssel:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{dd72ce7f-d1e0-4711-ba7b-6846a6f498ae} (Trojan.Vundo.H) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{dd72ce7f-d1e0-4711-ba7b-6846a6f498ae} (Trojan.Vundo.H) -> Quarantined and deleted successfully.

Infizierte Registrierungswerte:
(Keine bösartigen Objekte gefunden)

Infizierte Dateiobjekte der Registrierung:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\AntiVirusDisableNotify (Disabled.SecurityCenter) -> Bad: (1) Good: (0) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\FirewallDisableNotify (Disabled.SecurityCenter) -> Bad: (1) Good: (0) -> Quarantined and deleted successfully.

Infizierte Verzeichnisse:
(Keine bösartigen Objekte gefunden)

Infizierte Dateien:
(Keine bösartigen Objekte gefunden)


Hier die Logdatei vom zweiten Scan:

Malwarebytes' Anti-Malware 1.46
www.malwarebytes.org

Datenbank Version: 4564

Windows 5.1.2600 Service Pack 3
Internet Explorer 8.0.6001.18702

08.09.2010 01:33:58
mbam-log-2010-09-08 (01-33-58).txt

Art des Suchlaufs: Quick-Scan
Durchsuchte Objekte: 142500
Laufzeit: 48 Minute(n), 30 Sekunde(n)

Infizierte Speicherprozesse: 0
Infizierte Speichermodule: 0
Infizierte Registrierungsschlüssel: 0
Infizierte Registrierungswerte: 0
Infizierte Dateiobjekte der Registrierung: 0
Infizierte Verzeichnisse: 0
Infizierte Dateien: 0

Infizierte Speicherprozesse:
(Keine bösartigen Objekte gefunden)

Infizierte Speichermodule:
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungsschlüssel:
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungswerte:
(Keine bösartigen Objekte gefunden)

Infizierte Dateiobjekte der Registrierung:
(Keine bösartigen Objekte gefunden)

Infizierte Verzeichnisse:
(Keine bösartigen Objekte gefunden)

Infizierte Dateien:
(Keine bösartigen Objekte gefunden)


Lg, Swillswissen ]]> Hijacker / HiJackThis Logs posten Swillswissen http://www.trojaner-board.de/90527-trojan-vundo-h-und-disabled-securitycenter-erfolgreich-geloescht.html Offen DCOM Exploit und LSASS in Windows 7 http://www.trojaner-board.de/90514-dcom-exploit-und-lsass-windows-7-a.html Tue, 07 Sep 2010 20:07:35 GMT Hallo, das erste mal, dass sich mein PC einen Schädling zugezogen hat. Mein avast! Free Edition meldet mir seit heute Mittag ständig Angriffe. Erst waren es nur DCOM Exploit-Meldungen, grad eben kam auch auch eine LSASS-Meldungen hinzu. Ungefähr alle 5 Minuten ein Angriff. Sehr nervig! Habe mal... Hallo,

das erste mal, dass sich mein PC einen Schädling zugezogen hat. Mein avast! Free Edition meldet mir seit heute Mittag ständig Angriffe. Erst waren es nur DCOM Exploit-Meldungen, grad eben kam auch auch eine LSASS-Meldungen hinzu. Ungefähr alle 5 Minuten ein Angriff. Sehr nervig! Habe mal meine System-Partition gescannt, mit dem Ergebniss, das nichts gefunden wurde. Was kann man da denn machen?

Habe mal HijackThis drüberlaufen lassen. Hier das Ergebniss:
HiJackthis Logfile:
Code:
Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 21:48:55, on 07.09.2010
Platform: Windows 7 (WinNT 6.00.3504)
MSIE: Internet Explorer v8.00 (8.00.7600.16385)
Boot mode: Normal
 
Running processes:
C:\Program Files (x86)\DAEMON Tools Lite\DTLite.exe
C:\Program Files\Alwil Software\Avast5\AvastUI.exe
C:\Program Files (x86)\iTunes\iTunesHelper.exe
C:\Program Files (x86)\Adobe\Acrobat 9.0\Acrobat\acrotray.exe
C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
C:\Program Files (x86)\Mozilla Firefox\firefox.exe
C:\Program Files (x86)\Mozilla Firefox\plugin-container.exe
G:\Firefox\HiJackThis204.exe
 
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = hxxp://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
F2 - REG:system.ini: UserInit=userinit.exe
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: Adobe PDF Conversion Toolbar Helper - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll
O2 - BHO: SmartSelect - {F4971EE7-DAA0-4053-9964-665D8EE6A077} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll
O3 - Toolbar: Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll
O4 - HKLM\..\Run: [avast5] "C:\Program Files\Alwil Software\Avast5\avastUI.exe" /nogui
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files (x86)\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files (x86)\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [AdobeCS5ServiceManager] "C:\Program Files (x86)\Common Files\Adobe\CS5ServiceManager\CS5ServiceManager.exe" -launchedbylogin
O4 - HKLM\..\Run: [SwitchBoard] C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe
O4 - HKLM\..\Run: [Adobe Acrobat Speed Launcher] "C:\Program Files (x86)\Adobe\Acrobat 9.0\Acrobat\Acrobat_sl.exe"
O4 - HKLM\..\Run: [Acrobat Assistant 8.0] "C:\Program Files (x86)\Adobe\Acrobat 9.0\Acrobat\Acrotray.exe"
O4 - HKLM\..\Run: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
O4 - HKLM\..\Run: [StartCCC] "C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" MSRun
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"
O4 - HKLM\..\Run: [amd_dc_opt] C:\Program Files (x86)\AMD\Dual-Core Optimizer\amd_dc_opt.exe
O4 - HKCU\..\Run: [DAEMON Tools Lite] "C:\Program Files (x86)\DAEMON Tools Lite\DTLite.exe" -autorun
O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun (User 'LOKALER DIENST')
O4 - HKUS\S-1-5-19\..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (User 'LOKALER DIENST')
O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun (User 'NETZWERKDIENST')
O4 - HKUS\S-1-5-20\..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (User 'NETZWERKDIENST')
O4 - Startup: Locate32 Autorun.lnk = ?
O8 - Extra context menu item: An vorhandene PDF-Datei anfügen - res://C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: In Adobe PDF konvertieren - res://C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: Linkziel an vorhandene PDF-Datei anhängen - res://C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
O8 - Extra context menu item: Linkziel in Adobe PDF konvertieren - res://C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
O8 - Extra context menu item: Nach Microsoft &Excel exportieren - res://C:\PROGRA~2\MICROS~1\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: Recherchieren - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~2\MICROS~1\OFFICE11\REFIEBAR.DLL
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{6D4E30F6-32F8-41F2-BC69-70492B2742E9}: NameServer = 213.191.74.19 62.109.123.196
O17 - HKLM\System\CS1\Services\Tcpip\..\{6D4E30F6-32F8-41F2-BC69-70492B2742E9}: NameServer = 213.191.74.19 62.109.123.196
O17 - HKLM\System\CS2\Services\Tcpip\..\{6D4E30F6-32F8-41F2-BC69-70492B2742E9}: NameServer = 213.191.74.19 62.109.123.196
O23 - Service: @%SystemRoot%\system32\Alg.exe,-112 (ALG) - Unknown owner - C:\Windows\System32\alg.exe (file missing)
O23 - Service: AMD External Events Utility - Unknown owner - C:\Windows\system32\atiesrxx.exe (file missing)
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
O23 - Service: avast! Antivirus - AVAST Software - C:\Program Files\Alwil Software\Avast5\AvastSvc.exe
O23 - Service: avast! Mail Scanner - AVAST Software - C:\Program Files\Alwil Software\Avast5\AvastSvc.exe
O23 - Service: avast! Web Scanner - AVAST Software - C:\Program Files\Alwil Software\Avast5\AvastSvc.exe
O23 - Service: Dienst "Bonjour" (Bonjour Service) - Apple Inc. - C:\Program Files (x86)\Bonjour\mDNSResponder.exe
O23 - Service: @%SystemRoot%\system32\efssvc.dll,-100 (EFS) - Unknown owner - C:\Windows\System32\lsass.exe (file missing)
O23 - Service: @%systemroot%\system32\fxsresm.dll,-118 (Fax) - Unknown owner - C:\Windows\system32\fxssvc.exe (file missing)
O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Program Files (x86)\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
O23 - Service: iPod-Dienst (iPod Service) - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: @keyiso.dll,-100 (KeyIso) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: @comres.dll,-2797 (MSDTC) - Unknown owner - C:\Windows\System32\msdtc.exe (file missing)
O23 - Service: @%SystemRoot%\System32\netlogon.dll,-102 (Netlogon) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: PhenomMsrTweaker service (PhenomMsrTweaker) - Unknown owner - C:\Program Files\PhenomMsrTweaker\PhenomMsrTweakerService.exe
O23 - Service: @%systemroot%\system32\psbase.dll,-300 (ProtectedStorage) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: @%systemroot%\system32\Locator.exe,-2 (RpcLocator) - Unknown owner - C:\Windows\system32\locator.exe (file missing)
O23 - Service: @%SystemRoot%\system32\samsrv.dll,-1 (SamSs) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: @%SystemRoot%\system32\snmptrap.exe,-3 (SNMPTRAP) - Unknown owner - C:\Windows\System32\snmptrap.exe (file missing)
O23 - Service: @%systemroot%\system32\spoolsv.exe,-1 (Spooler) - Unknown owner - C:\Windows\System32\spoolsv.exe (file missing)
O23 - Service: @%SystemRoot%\system32\sppsvc.exe,-101 (sppsvc) - Unknown owner - C:\Windows\system32\sppsvc.exe (file missing)
O23 - Service: SwitchBoard - Adobe Systems Incorporated - C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe
O23 - Service: @%SystemRoot%\system32\ui0detect.exe,-101 (UI0Detect) - Unknown owner - C:\Windows\system32\UI0Detect.exe (file missing)
O23 - Service: @%SystemRoot%\system32\vaultsvc.dll,-1003 (VaultSvc) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: @%SystemRoot%\system32\vds.exe,-100 (vds) - Unknown owner - C:\Windows\System32\vds.exe (file missing)
O23 - Service: @%systemroot%\system32\vssvc.exe,-102 (VSS) - Unknown owner - C:\Windows\system32\vssvc.exe (file missing)
O23 - Service: @%systemroot%\system32\wbengine.exe,-104 (wbengine) - Unknown owner - C:\Windows\system32\wbengine.exe (file missing)
O23 - Service: @%Systemroot%\system32\wbem\wmiapsrv.exe,-110 (wmiApSrv) - Unknown owner - C:\Windows\system32\wbem\WmiApSrv.exe (file missing)
O23 - Service: @%PROGRAMFILES%\Windows Media Player\wmpnetwk.exe,-101 (WMPNetworkSvc) - Unknown owner - C:\Program Files (x86)\Windows Media Player\wmpnetwk.exe (file missing)
 
--
End of file - 9256 bytes
--- --- ---


Automatische Updates von Windows und avast! sind aktiv. Auch Java, Firefox, Thunderbird, Flash etc. halte ich stets auf dem neuesten Stand.

Bin jetzt unsicher, wie ich weiter vorgehen soll. Hatte noch nie nen Computer-Virus (wenns denn einer ist).

Vielen Dank fürs lesen ;-)

Grüsse ]]> Hijacker / HiJackThis Logs posten Relax12 http://www.trojaner-board.de/90514-dcom-exploit-und-lsass-windows-7-a.html Offen gefährliches Backdooprogramm BDS/Papras.PK http://www.trojaner-board.de/90513-gefaehrliches-backdooprogramm-bds-papras-pk.html Tue, 07 Sep 2010 19:58:58 GMT Hallo liebe Community,

bin neu hier und hab n Problem...

in der Datei C:\WINDOWS\attrnsta.dll wird das "gefährliche Backdooprogramm BDS/Papras.PK" von Avira gefunden...
Es taucht alle 10 Sekunden erneut auf, Quaratäne oder löschen funktioniert nicht.

Ich habe mich hier im Forum schonmal umgeschaut, das Problem gibt es ja öfters anscheinend...
Ich hab deshalb schonmal mit OTL n Scan durchgeführt^^ Ich hoffe dadurch wird es euch erleichtert, mir zu helfen...

Code:
OTL Extras logfile created on: 07.09.2010 21:06:29 - Run 1
OTL by OldTimer - Version 3.2.11.0 Folder = C:\Dokumente und Einstellungen\Stephan.ISABELLE\Eigene Dateien\Downloads
Windows XP Professional Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 6.0.2900.5512)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy

2,00 Gb Total Physical Memory | 1,00 Gb Available Physical Memory | 71,00% Memory free
3,00 Gb Paging File | 3,00 Gb Available in Paging File | 83,00% Paging File free
Paging file location(s): C:\pagefile.sys 1440 2880 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Programme
Drive C: | 149,04 Gb Total Space | 89,15 Gb Free Space | 59,82% Space Free | Partition Type: NTFS
D: Drive not present or media not loaded
Drive E: | 60,88 Mb Total Space | 0,00 Mb Free Space | 0,00% Space Free | Partition Type: CDFS
F: Drive not present or media not loaded
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded

Computer Name: ISABELLE
Current User Name: Stephan
Logged in as Administrator.

Current Boot Mode: Normal
Scan Mode: All users
Company Name Whitelist: Off
Skip Microsoft Files: Off
File Age = 30 Days
Output = Minimal

========== Extra Registry (SafeList) ==========


========== File Associations ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]

[HKEY_USERS\S-1-5-21-527237240-329068152-839522115-1004\SOFTWARE\Classes\<extension>]
.html [@ = FirefoxHTML] -- C:\Programme\Mozilla Firefox\firefox.exe (Mozilla Corporation)

========== Shell Spawning ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
exefile [open] -- "%1" %*
htmlfile [edit] -- "C:\Programme\Microsoft Office\Office12\msohtmed.exe" %1 (Microsoft Corporation)
htmlfile [print] -- "C:\Programme\Microsoft Office\Office12\msohtmed.exe" /p %1 (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l (Microsoft Corporation)
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [AddToPlaylistVLC] -- "C:\Programme\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" ()
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [OneNote.Open] -- C:\PROGRA~1\MICROS~2\Office12\ONENOTE.EXE "%L" (Microsoft Corporation)
Directory [PlayWithVLC] -- "C:\Programme\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" ()
Folder [open] -- %SystemRoot%\Explorer.exe /idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

========== Security Center Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"FirstRunDisabled" = 1
"AntiVirusDisableNotify" = 0
"FirewallDisableNotify" = 0
"UpdatesDisableNotify" = 0
"AntiVirusOverride" = 0
"FirewallOverride" = 0

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\AhnlabAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ComputerAssociatesAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\KasperskyAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SophosAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TinyFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ZoneLabsFirewall]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\GloballyOpenPorts\List]
"139:TCP" = 139:TCP:*:Enabled:@xpsp2res.dll,-22004
"445:TCP" = 445:TCP:*:Enabled:@xpsp2res.dll,-22005
"137:UDP" = 137:UDP:*:Enabled:@xpsp2res.dll,-22001
"138:UDP" = 138:UDP:*:Enabled:@xpsp2res.dll,-22002
"26675:TCP" = 26675:TCP:169.254.2.0/255.255.255.0:Enabled:ActiveSync Service
"1900:UDP" = 1900:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22007
"2869:TCP" = 2869:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22008

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall" = 1
"DoNotAllowExceptions" = 0
"DisableNotifications" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]
"1900:UDP" = 1900:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22007
"2869:TCP" = 2869:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22008
"139:TCP" = 139:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22004
"445:TCP" = 445:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22005
"137:UDP" = 137:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22001
"138:UDP" = 138:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22002
"26675:TCP" = 26675:TCP:169.254.2.0/255.255.255.0:Enabled:ActiveSync Service

========== Authorized Applications List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]
"C:\Programme\Microsoft ActiveSync\rapimgr.exe" = C:\Programme\Microsoft ActiveSync\rapimgr.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync RAPI Manager -- (Microsoft Corporation)
"C:\Programme\Microsoft ActiveSync\wcescomm.exe" = C:\Programme\Microsoft ActiveSync\wcescomm.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync Connection Manager -- (Microsoft Corporation)
"C:\Programme\Microsoft ActiveSync\WCESMgr.exe" = C:\Programme\Microsoft ActiveSync\WCESMgr.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync Application -- (Microsoft Corporation)
"C:\Programme\ICQ7.0\ICQ.exe" = C:\Programme\ICQ7.0\ICQ.exe:*:Enabled:ICQ7 -- (ICQ, Inc.)
"C:\Programme\ICQ7.0\aolload.exe" = C:\Programme\ICQ7.0\aolload.exe:*:Enabled:aolload.exe -- (AOL LLC)

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
"C:\Programme\NVIDIA Corporation\NetworkAccessManager\Apache Group\Apache2\bin\Apache.exe" = C:\Programme\NVIDIA Corporation\NetworkAccessManager\Apache Group\Apache2\bin\Apache.exe:*:Enabled:Apache HTTP Server -- (Apache Software Foundation)
"C:\Programme\TeamViewer\Version4\TeamViewer.exe" = C:\Programme\TeamViewer\Version4\TeamViewer.exe:*biggrin isabled:TeamViewer Remote Control Application -- File not found
"C:\Programme\Microsoft Office\Office12\OUTLOOK.EXE" = C:\Programme\Microsoft Office\Office12\OUTLOOK.EXE:*:Enabled:Microsoft Office Outlook -- (Microsoft Corporation)
"C:\Programme\Microsoft Office\Office12\GROOVE.EXE" = C:\Programme\Microsoft Office\Office12\GROOVE.EXE:*:Enabled:Microsoft Office Groove -- (Microsoft Corporation)
"C:\Programme\Microsoft Office\Office12\ONENOTE.EXE" = C:\Programme\Microsoft Office\Office12\ONENOTE.EXE:*:Enabled:Microsoft Office OneNote -- (Microsoft Corporation)
"C:\Dokumente und Einstellungen\Isa\temp\TeamViewer\Version4\TeamViewer.exe" = C:\Dokumente und Einstellungen\Isa\temp\TeamViewer\Version4\TeamViewer.exe:*biggrin isabled:TeamViewer Remote Control Application -- (TeamViewer GmbH)
"C:\Dokumente und Einstellungen\Isa\Desktop\Lancraft\Lancraft\lancraft.exe" = C:\Dokumente und Einstellungen\Isa\Desktop\Lancraft\Lancraft\lancraft.exe:*:Enabled:lancraft -- File not found
"C:\Program Files\Warcraft III\yawle.exe" = C:\Program Files\Warcraft III\yawle.exe:*:Enabled:yawle -- File not found
"C:\Programme\Kaspersky Lab\Kaspersky Internet Security 7.0\avp.exe" = C:\Programme\Kaspersky Lab\Kaspersky Internet Security 7.0\avp.exe:*:Enabled:Kaspersky Anti-Virus -- File not found
"C:\Programme\xerox\nwwia\XrxFTPLt.exe" = C:\Programme\xerox\nwwia\XrxFTPLt.exe:*:Enabledshutup rxFTPLt MFC Anwendung -- ()
"C:\Programme\Microsoft Games\Age of Empires II\empires2.exe" = C:\Programme\Microsoft Games\Age of Empires II\empires2.exe:*:Enabled:Age of Empires II -- File not found
"C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Kaspersky Lab Setup Files\Kaspersky Internet Security 7.0.1.325\German\setup.exe" = C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Kaspersky Lab Setup Files\Kaspersky Internet Security 7.0.1.325\German\setup.exe:*:Enabled:Installationsprogramm für Kaspersky Internet Security 7.0 -- (Kaspersky Lab)
"C:\Dokumente und Einstellungen\Isa\Desktop\YuLeech-RunesofMagic2_0_1_1821-de.exe" = C:\Dokumente und Einstellungen\Isa\Desktop\YuLeech-RunesofMagic2_0_1_1821-de.exe:*:Enabled:FOG Downloader -- File not found
"C:\Programme\Ubisoft\Heroes of Might and Magic V Collector Edition\bin\H5_Game.exe" = C:\Programme\Ubisoft\Heroes of Might and Magic V Collector Edition\bin\H5_Game.exe:*biggrin isabled:Heroes of Might and Magic V -- File not found
"C:\Programme\SiSoftware\SiSoftware Sandra Lite 2009.SP3c\RpcAgentSrv.exe" = C:\Programme\SiSoftware\SiSoftware Sandra Lite 2009.SP3c\RpcAgentSrv.exe:*:Enabled:SiSoftware Deployment Agent Service -- (SiSoftware)
"C:\Programme\TmNationsForever\TmForever.exe" = C:\Programme\TmNationsForever\TmForever.exe:*:Enabled:TmForever -- File not found
"C:\Programme\Java\jre6\bin\javaw.exe" = C:\Programme\Java\jre6\bin\javaw.exe:*:Enabled:Java(TM) Platform SE binary -- (Sun Microsystems, Inc.)
"C:\Programme\SiSoftware\SiSoftware Sandra Lite 2009.SP3c\WNt500x86\RpcSandraSrv.exe" = C:\Programme\SiSoftware\SiSoftware Sandra Lite 2009.SP3c\WNt500x86\RpcSandraSrv.exe:*:Enabled:SiSoftware Sandra Agent Service -- (SiSoftware)
"C:\Programme\Java\jre6\bin\java.exe" = C:\Programme\Java\jre6\bin\java.exe:*:Enabled:Java(TM) Platform SE binary -- (Sun Microsystems, Inc.)
"C:\Programme\Microsoft ActiveSync\rapimgr.exe" = C:\Programme\Microsoft ActiveSync\rapimgr.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync RAPI Manager -- (Microsoft Corporation)
"C:\Programme\Microsoft ActiveSync\wcescomm.exe" = C:\Programme\Microsoft ActiveSync\wcescomm.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync Connection Manager -- (Microsoft Corporation)
"C:\Programme\Microsoft ActiveSync\WCESMgr.exe" = C:\Programme\Microsoft ActiveSync\WCESMgr.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync Application -- (Microsoft Corporation)
"C:\Programme\Tunngle\tnglctrl.exe" = C:\Programme\Tunngle\tnglctrl.exe:*:Enabled:Tunngle Service -- (Tunngle.net GmbH)
"C:\Programme\Tunngle\tunngle.exe" = C:\Programme\Tunngle\tunngle.exe:*:Enabled:Tunngle Client -- (Tunngle.net GmbH)
"C:\Programme\ICQ7.0\ICQ.exe" = C:\Programme\ICQ7.0\ICQ.exe:*:Enabled:ICQ7 -- (ICQ, Inc.)
"C:\Programme\ICQ7.0\aolload.exe" = C:\Programme\ICQ7.0\aolload.exe:*:Enabled:aolload.exe -- (AOL LLC)
"C:\WINDOWS\explorer.exe" = C:\WINDOWS\explorer.exe:*biggrin isabled:Windows Explorer -- (Microsoft Corporation)


========== HKEY_LOCAL_MACHINE Uninstall List ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{002D9D5E-29BA-3E6D-9BC4-3D7D6DBC735C}" = Microsoft Visual C++ 2008 ATL Update kb973924 - x86 9.0.30729.4148
"{0323C306-8B8C-BB5F-E644-5BFE9A42A7BF}" = Catalyst Control Center Localization Hungarian
"{04AF207D-9A77-465A-8B76-991F6AB66245}" = Adobe Help Viewer CS3
"{054CCA19-DADE-A3C9-171A-8735E23CA6FA}" = Catalyst Control Center Localization Italian
"{055EE59D-217B-43A7-ABFF-507B966405D8}" = ATI Catalyst Control Center
"{08B21B7E-DC6F-69F0-780F-FE7918726A34}" = Catalyst Control Center Localization Korean
"{08B32819-6EEF-4057-AEDA-5AB681A36A23}" = Adobe Bridge Start Meeting
"{106E35DE-FFF3-033A-0D1B-288A231BDE64}" = Catalyst Control Center Localization Russian
"{13F3917B56CD4C25848BDC69916971BB}" = DivX Converter
"{184CE391-7E0E-4C63-9935-D7A10EDFD3C6}" = Adobe WinSoft Linguistics Plugin
"{193DDD97-B56A-511D-0CD6-78D5F421D5BD}" = Catalyst Control Center HydraVision Full
"{19CA0312-BD69-A0DE-D242-BD806E9D627A}" = CCC Help Dutch
"{1A8F390D-E05E-A124-3FB7-89E3E49F81E2}" = CCC Help Polish
"{1B4FC4DB-4ACD-77A1-BA99-C820E5CB68BC}" = CCC Help Chinese Standard
"{1C4551A6-4743-4093-91E4-1477CD655043}" = NVIDIA PhysX
"{1F6423DE-7959-4178-80E0-023C7EAA5347}" = NVIDIA ForceWare Network Access Manager
"{26A24AE4-039D-4CA4-87B4-2F83216010FF}" = Java(TM) 6 Update 20
"{29E5EA97-5F74-4A57-B8B2-D4F169117183}" = Adobe Stock Photos CS3
"{29F05234-DCBB-4FE0-88DC-5160C9250312}" = Adobe Photoshop CS3
"{2BE013D0-4CF4-AA57-05E1-19F9FACCF622}" = CCC Help English
"{2ED57AFF-081D-3B60-0C76-E51F68A9F0D8}" = Catalyst Control Center Localization Polish
"{332CC6BF-E6C7-48EE-BA3D-435E576AD67F}" = PaperPort Image Printer
"{336D9EAB-B952-6023-C94C-8DE52AD75E7D}" = Catalyst Control Center Localization German
"{350C97B3-3D7C-4EE8-BAA9-00BCB3D54227}" = WebFldrs XP
"{36753DE9-4B0F-1C39-D2C6-D9E9A1814FC3}" = CCC Help Hungarian
"{3FC7CBBC4C1E11DCA1A752EA55D89593}" = DivX Version Checker
"{4891561F-8CE7-1162-5967-E741306F7616}" = CCC Help Italian
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{4AE31F12-E34D-83C1-BA1A-D65AF3BBB95F}" = Catalyst Control Center Localization Spanish
"{4C8E4664-A6A1-4847-61D0-D4FA02C42BB0}" = Skins
"{4CACC1AC-7EDF-4E73-0019-A446CE2CA02B}" = Catalyst Control Center Localization Chinese Standard
"{4F28C8B9-E1A5-7BC1-915A-29913E129042}" = Catalyst Control Center Localization Japanese
"{54793AA1-5001-42F4-ABB6-C364617C6078}" = Adobe Linguistics CS3
"{57B2B2E4-A1D5-1097-C223-6A4E81554458}" = Catalyst Control Center Localization Danish
"{5BE36E29-4207-2D14-1413-DF103390CC19}" = CCC Help French
"{5C9530C0-957F-4CC4-ADA9-A7195BD9394C}" = AGEIA GAME System Software 2.8.0
"{5D2B8C32-D051-0DB0-D8BD-5CA32E13723B}" = CCC Help Swedish
"{5E85647B-DAF4-E174-9954-210D18B123E6}" = Catalyst Control Center Localization Thai
"{5EE7D259-D137-4438-9A5F-42F432EC0421}" = VC80CRTRedist - 8.0.50727.4053
"{63CA4C0D-7C03-69FE-AE5D-96319AD6AA08}" = CCC Help Norwegian
"{667B8F35-6242-50D3-D69E-69D3BE5445D5}" = Catalyst Control Center Localization Finnish
"{6A6818AD-60CE-9346-60BB-0717876E40F4}" = ccc-core-preinstall
"{6ABE0BEE-D572-4FE8-B434-9E72A289431B}" = Adobe Fonts All
"{6AFCA4E1-9B78-3640-8F72-A7BF33448200}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729
"{6DAC0917-50F5-7F70-9776-4215DA7E2D1B}" = CCC Help German
"{6FF5DD7A-FE28-4439-B8CF-1E9AF4EA0A61}" = Adobe Asset Services CS3
"{7299052b-02a4-4627-81f2-1818da5d550d}" = Microsoft Visual C++ 2005 Redistributable
"{73B5D990-04EA-4751-B10F-5534770B91F2}" = Adobe Color EU Recommended Settings
"{76E3C633-BC8E-E33D-8774-4A3DF581C8FE}" = CCC Help Portuguese
"{770657D0-A123-3C07-8E44-1C83EC895118}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
"{788F45B5-816D-2294-33DD-BF080093D54D}" = Catalyst Control Center Graphics Previews Common
"{79A636B4-3FA8-1E2F-A85D-6B6A4A0DA43D}" = CCC Help Russian
"{7A14BF33-11BF-033B-02CC-732A30C09314}" = Catalyst Control Center Localization Greek
"{7B63B2922B174135AFC0E1377DD81EC2}" =
"{7B9CC60A-9B81-46A3-A953-76B6BF9EEC97}" = Age of Empires III
"{7C7575F4-351D-8F62-5693-61D6E0171F85}" = CCC Help Korean
"{802771A9-A856-4A41-ACF7-1450E523C923}" = Adobe XMP Panels CS3
"{82D1C246-2D78-5311-8D3F-8214B94EEFA4}" = CCC Help Turkish
"{85B4D6CC-ADF6-A78F-1463-F70C2E274849}" = CCC Help Finnish
"{88EB38EF-4D2C-436D-ABD3-56B232674062}" = ICQ7
"{89DE67AD-08B8-4699-A55D-CA5C0AF82BF3}" = ATI AVIVO Codecs
"{8A183127-7EDB-B2DD-7D87-70FBFA3A33C1}" = Catalyst Control Center Localization Portuguese
"{8B35E3B4-0E9B-ED12-F102-EB8160DD1F46}" = Catalyst Control Center Localization Swedish
"{8D2BA474-F406-4710-9AE4-D4F22D21F0DD}" = Adobe Device Central CS3
"{8E6808E2-613D-4FCD-81A2-6C8FA8E03312}" = Adobe Type Support
"{8FD6CA17-DB2B-9411-CEF5-B899DCBAB685}" = CCC Help Danish
"{90120000-0010-0407-0000-0000000FF1CE}" = Microsoft Software Update for Web Folders (German) 12
"{90120000-0015-0407-0000-0000000FF1CE}" = Microsoft Office Access MUI (German) 2007
"{90120000-0015-0407-0000-0000000FF1CE}_ENTERPRISE_{9BD40163-B95D-4B07-8991-0AB775B6D88B}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0016-0407-0000-0000000FF1CE}" = Microsoft Office Excel MUI (German) 2007
"{90120000-0016-0407-0000-0000000FF1CE}_ENTERPRISE_{9BD40163-B95D-4B07-8991-0AB775B6D88B}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0018-0407-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (German) 2007
"{90120000-0018-0407-0000-0000000FF1CE}_ENTERPRISE_{9BD40163-B95D-4B07-8991-0AB775B6D88B}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0019-0407-0000-0000000FF1CE}" = Microsoft Office Publisher MUI (German) 2007
"{90120000-0019-0407-0000-0000000FF1CE}_ENTERPRISE_{9BD40163-B95D-4B07-8991-0AB775B6D88B}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-001A-0407-0000-0000000FF1CE}" = Microsoft Office Outlook MUI (German) 2007
"{90120000-001A-0407-0000-0000000FF1CE}_ENTERPRISE_{9BD40163-B95D-4B07-8991-0AB775B6D88B}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-001B-0407-0000-0000000FF1CE}" = Microsoft Office Word MUI (German) 2007
"{90120000-001B-0407-0000-0000000FF1CE}_ENTERPRISE_{9BD40163-B95D-4B07-8991-0AB775B6D88B}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-001F-0407-0000-0000000FF1CE}" = Microsoft Office Proof (German) 2007
"{90120000-001F-0407-0000-0000000FF1CE}_ENTERPRISE_{A0516415-ED61-419A-981D-93596DA74165}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2007
"{90120000-001F-0409-0000-0000000FF1CE}_ENTERPRISE_{ABDDE972-355B-4AF1-89A8-DA50B7B5C045}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2007
"{90120000-001F-040C-0000-0000000FF1CE}_ENTERPRISE_{F580DDD5-8D37-4998-968E-EBB76BB86787}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-001F-0410-0000-0000000FF1CE}" = Microsoft Office Proof (Italian) 2007
"{90120000-001F-0410-0000-0000000FF1CE}_ENTERPRISE_{322296D4-1EAE-4030-9FBC-D2787EB25FA2}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-002C-0407-0000-0000000FF1CE}" = Microsoft Office Proofing (German) 2007
"{90120000-0030-0000-0000-0000000FF1CE}" = Microsoft Office Enterprise 2007
"{90120000-0030-0000-0000-0000000FF1CE}_ENTERPRISE_{0B36C6D6-F5D8-4EAF-BF94-4376A230AD5B}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0030-0000-0000-0000000FF1CE}_ENTERPRISE_{3D019598-7B59-447A-80AE-815B703B84FF}" = Security Update for Microsoft Office system 2007 (972581)
"{90120000-0044-0407-0000-0000000FF1CE}" = Microsoft Office InfoPath MUI (German) 2007
"{90120000-0044-0407-0000-0000000FF1CE}_ENTERPRISE_{9BD40163-B95D-4B07-8991-0AB775B6D88B}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-006E-0407-0000-0000000FF1CE}" = Microsoft Office Shared MUI (German) 2007
"{90120000-006E-0407-0000-0000000FF1CE}_ENTERPRISE_{26454C26-D259-4543-AA60-3189E09C5F76}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-00A1-0407-0000-0000000FF1CE}" = Microsoft Office OneNote MUI (German) 2007
"{90120000-00A1-0407-0000-0000000FF1CE}_ENTERPRISE_{9BD40163-B95D-4B07-8991-0AB775B6D88B}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-00BA-0407-0000-0000000FF1CE}" = Microsoft Office Groove MUI (German) 2007
"{90120000-00BA-0407-0000-0000000FF1CE}_ENTERPRISE_{9BD40163-B95D-4B07-8991-0AB775B6D88B}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90176341-0A8B-4CCC-A78D-F862228A6B95}" = Adobe Anchor Service CS3
"{90D73DED-670E-BE24-C645-C4D546A1F2C3}" = CCC Help Spanish
"{9210C991-FE28-2B30-3E27-0F921AB5B9EC}" = Catalyst Control Center Localization Chinese Traditional
"{926D18B2-11B5-7210-621A-5231DC005705}" = CCC Help Czech
"{99052DB7-9592-4522-A558-5417BBAD48EE}" = Microsoft ActiveSync
"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
"{9B0CCE51-B328-D4F7-C4A4-65723AF20574}" = Catalyst Control Center Core Implementation
"{9C9824D9-9000-4373-A6A5-D0E5D4831394}" = Adobe Bridge CS3
"{A13C84F5-B2FC-823B-ADB2-6F5B2A6EE9DE}" = ccc-utility
"{A2B242BD-FF8D-4840-9DAA-9170EABEC59C}" = Adobe CMaps
"{A2D81E70-2A98-4A08-A628-94388B063C5E}" = Adobe Color - Photoshop Specific
"{A3051CD0-2F64-3813-A88D-B8DCCDE8F8C7}" = Microsoft .NET Framework 3.0 Service Pack 2
"{A3FEC306-FBFF-4B0D-95B9-F9C67C65079E}" = Brother MFL-Pro Suite
"{AC5B0C19-D851-42F4-BDA0-410ECF7F70A5}" = PDF Settings
"{B13A7C41581B411290FBC0395694E2A9}" = DivX Converter
"{B3BF6689-A81D-40D8-9A86-4AC4ACD9FC1C}" = Adobe Camera Raw 4.0
"{B6C89654-A6A2-477C-873B-724EC1C56407}" = ScanSoft PaperPort 11
"{B70E4F29-F9C9-4D32-80F3-6E24ED1DBCDF}" = Catalyst Control Center Localization Norwegian
"{B9B35331-B7E4-4E5C-BF4C-7BC87856124D}" = Adobe Default Language CS3
"{B9C149DB-E4F6-573A-DF3B-B9E392F1BA64}" = CCC Help Thai
"{BDC209E0-8D38-F913-5246-4376FC4C3EF5}" = Catalyst Control Center Localization French
"{C09FB3CD-3D0C-3F2D-899A-6A1D67F2073F}" = Microsoft .NET Framework 2.0 Service Pack 2
"{C2D69781-F392-4118-A5A7-C7E9C38DBFC2}" = Adobe ExtendScript Toolkit 2
"{C3113E55-7BCB-4de3-8EBF-60E6CE6B2196}_is1" = SiSoftware Sandra Lite 2009.SP3c
"{C73B3D3A-2FDC-EE8F-F0E5-0269A85014D3}" = Catalyst Control Center Graphics Light
"{C8C08FE3-05DC-7A8B-C23B-9276FFE21183}" = Catalyst Control Center Localization Dutch
"{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1
"{D00A7B31-C764-94AF-7915-87676458CC66}" = Catalyst Control Center Localization Turkish
"{D0DFF92A-492E-4C40-B862-A74A173C25C5}" = Adobe Version Cue CS3 Client
"{D103C4BA-F905-437A-8049-DB24763BBE36}" = Skype™ 4.2
"{D2559B88-CC9D-4B48-81BB-F492BAA9C48C}" = Adobe PDF Library Files
"{D3B1C799-CB73-42DE-BA0F-2344793A095C}" = Catalyst Control Center - Branding
"{D4B95A0D-CF13-633F-09A6-15D78B24F3AE}" = CCC Help Chinese Traditional
"{D9509DDD-74B4-A7CB-3669-7358BEE3C1AC}" = ccc-core-static
"{DADD7B8A-BCB0-44F5-967A-ECB6B4F2ECD9}" = Adobe Color Common Settings
"{DD7DB3C5-6FA3-4FA3-8A71-C2F2940EB029}" = Adobe Color JA Extra Settings
"{E3E71D07-CD27-46CB-8448-16D4FB29AA13}" = Microsoft WSE 3.0 Runtime
"{E46B244B-9BF2-EA75-2D4C-7BD0BA12860A}" = CCC Help Japanese
"{E69AE897-9E0B-485C-8552-7841F48D42D8}" = Adobe Update Manager CS3
"{EA5C28E2-3048-5BC5-67C4-E0BB33C60FDA}" = Catalyst Control Center Localization Czech
"{EBA29752-DDD2-4B62-B2E3-9841F92A3E3A}" = Samsung PC Studio 3 USB Driver Installer
"{ECA89BA0-1C9B-237D-F59E-EC62534831A5}" = Catalyst Control Center Graphics Full New
"{ECB29C3B-4D64-17C0-430D-DEB933D76834}" = CCC Help Greek
"{ED862528-0058-F09F-F4B3-3E3276A3F3C7}" = Catalyst Control Center Graphics Full Existing
"{F01F79AD-1F47-4685-AE4E-CCFA4EA9FF7C}" = Adobe Setup
"{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver
"{FF29A7E2-FF40-4D07-B7E4-2093DE59E10A}" = Adobe Color NA Extra Settings
"Adobe Flash Player ActiveX" = Adobe Flash Player 10 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 10 Plugin
"Adobe_5f143314a5d434c8511097393d17397" = Adobe Photoshop CS3
"All ATI Software" = ATI - Dienstprogramm zur Deinstallation der Software
"ALUpdate_is1" = ALUpdate
"ATI Display Driver" = ATI Display Driver
"Avira AntiVir Desktop" = Avira AntiVir Personal - Free Antivirus
"CCleaner" = CCleaner
"DivX Plus DirectShow Filters" = DivX Plus DirectShow Filters
"DivX Setup.divx.com" = DivX-Setup
"ENTERPRISE" = Microsoft Office Enterprise 2007
"Foxit Reader" = Foxit Reader
"Free Audio CD Burner_is1" = Free Audio CD Burner version 1.4
"Guild Wars" = GUILD WARS
"Heroes of Might and Magic IV" = Heroes of Might and Magic IV: Winds of War
"InstallShield_{1F6423DE-7959-4178-80E0-023C7EAA5347}" = NVIDIA ForceWare Network Access Manager
"InstallShield_{7B9CC60A-9B81-46A3-A953-76B6BF9EEC97}" = Age of Empires III
"InterActual Player" = InterActual Player
"Medion GoPal Assistant" = Medion GoPal Assistant 4.02.007
"Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1
"Mozilla Firefox (3.6.8)" = Mozilla Firefox (3.6.8)
"MSCompPackV1" = Microsoft Compression Client Pack 1.0 for Windows XP
"NVIDIA Drivers" = NVIDIA Drivers
"Plants vs. Zombies" = Plants vs. Zombies
"SAMSUNG Mobile Modem" = SAMSUNG Mobile Modem Driver Set
"Samsung Mobile phone USB driver" = Samsung Mobile phone USB driver Software
"SAMSUNG Mobile USB Modem" = SAMSUNG Mobile USB Modem Software
"SAMSUNG Mobile USB Modem 1.0" = SAMSUNG Mobile USB Modem 1.0 Software
"Trine_is1" = Trine
"Tunngle beta_is1" = Tunngle beta
"Uninstall_is1" = Uninstall 1.0.0.1
"VirtualCloneDrive" = VirtualCloneDrive
"VLC media player" = VLC media player 1.0.5
"Windows Media Format Runtime" = Windows Media Format 11 runtime
"Windows Media Player" = Windows Media Player 11
"Windows XP Service Pack" = Windows XP Service Pack 3
"WinRAR archiver" = WinRAR
"WMFDist11" = Windows Media Format 11 runtime
"wmp11" = Windows Media Player 11
"Wudf01000" = Microsoft User-Mode Driver Framework Feature Pack 1.0

========== HKEY_USERS Uninstall List ==========

[HKEY_USERS\S-1-5-21-527237240-329068152-839522115-1004\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"Yahoo! BrowserPlus" = Yahoo! BrowserPlus 2.7.1

========== Last 10 Event Log Errors ==========

[ Application Events ]
Error - 10.08.2010 11:01:18 | Computer Name = ISABELLE | Source = .NET Runtime 2.0 Error Reporting | ID = 1000
Description = Faulting application ccc.exe, version 2.0.0.0, stamp 48bd5e7d, faulting
module mscorwks.dll, version 2.0.50727.3603, stamp 4a7cd88e, debug? 0, fault address
0x00097d9a.

Error - 10.08.2010 11:01:19 | Computer Name = ISABELLE | Source = .NET Runtime 2.0 Error Reporting | ID = 1000
Description = Faulting application mom.exe, version 2.0.0.0, stamp 48bd603c, faulting
module mscorwks.dll, version 2.0.50727.3603, stamp 4a7cd88e, debug? 0, fault address
0x00097d9a.

Error - 11.08.2010 11:23:13 | Computer Name = ISABELLE | Source = .NET Runtime 2.0 Error Reporting | ID = 1000
Description = Faulting application ccc.exe, version 2.0.0.0, stamp 48bd5e7d, faulting
module mscorwks.dll, version 2.0.50727.3615, stamp 4be902c7, debug? 0, fault address
0x00097dda.

Error - 20.08.2010 07:47:41 | Computer Name = ISABELLE | Source = Application Error | ID = 1000
Description = Fehlgeschlagene Anwendung divxupdate.exe, Version 1.0.1.10, fehlgeschlagenes
Modul msvcp80.dll, Version 8.0.50727.4053, Fehleradresse 0x000100b5.

Error - 03.09.2010 11:53:27 | Computer Name = ISABELLE | Source = .NET Runtime 2.0 Error Reporting | ID = 1000
Description = Faulting application ccc.exe, version 2.0.0.0, stamp 48bd5e7d, faulting
module mscorwks.dll, version 2.0.50727.3615, stamp 4be902c7, debug? 0, fault address
0x00097dda.

Error - 03.09.2010 15:17:50 | Computer Name = ISABELLE | Source = Application Hang | ID = 1002
Description = Stillstehende Anwendung firefox.exe, Version 1.9.2.3855, Stillstandmodul
hungapp, Version 0.0.0.0, Stillstandadresse 0x00000000.

Error - 05.09.2010 12:38:03 | Computer Name = ISABELLE | Source = Application Hang | ID = 1002
Description = Stillstehende Anwendung firefox.exe, Version 1.9.2.3855, Stillstandmodul
hungapp, Version 0.0.0.0, Stillstandadresse 0x00000000.

Error - 06.09.2010 15:33:46 | Computer Name = ISABELLE | Source = .NET Runtime 2.0 Error Reporting | ID = 1000
Description = Faulting application ccc.exe, version 2.0.0.0, stamp 48bd5e7d, faulting
module mscorwks.dll, version 2.0.50727.3615, stamp 4be902c7, debug? 0, fault address
0x00097dda.

Error - 07.09.2010 14:39:23 | Computer Name = ISABELLE | Source = .NET Runtime 2.0 Error Reporting | ID = 1000
Description = Faulting application ccc.exe, version 2.0.0.0, stamp 48bd5e7d, faulting
module mscorwks.dll, version 2.0.50727.3615, stamp 4be902c7, debug? 0, fault address
0x00097dda.

Error - 07.09.2010 14:39:24 | Computer Name = ISABELLE | Source = .NET Runtime 2.0 Error Reporting | ID = 1000
Description = Faulting application mom.exe, version 2.0.0.0, stamp 48bd603c, faulting
module mscorwks.dll, version 2.0.50727.3615, stamp 4be902c7, debug? 0, fault address
0x00097dda.

[ System Events ]
Error - 01.08.2010 14:19:53 | Computer Name = ISABELLE | Source = DCOM | ID = 10010
Description = Der Server "{ED081F25-6A77-4C89-B689-C6E15C582EC1}" konnte innerhalb
des angegebenen Zeitabschnitts mit DCOM nicht registriert werden.

Error - 03.08.2010 15:10:50 | Computer Name = ISABELLE | Source = DCOM | ID = 10010
Description = Der Server "{ED081F25-6A77-4C89-B689-C6E15C582EC1}" konnte innerhalb
des angegebenen Zeitabschnitts mit DCOM nicht registriert werden.

Error - 07.08.2010 13:46:20 | Computer Name = ISABELLE | Source = DCOM | ID = 10010
Description = Der Server "{ED081F25-6A77-4C89-B689-C6E15C582EC1}" konnte innerhalb
des angegebenen Zeitabschnitts mit DCOM nicht registriert werden.

Error - 10.08.2010 04:46:24 | Computer Name = ISABELLE | Source = W32Time | ID = 39452689
Description = Zeitabieter "NtpClient": Beim DNS-Lookup für den manuell konfigurierten
Peer "time.windows.com,0x1" ist ein Fehler aufgetreten. Der DNS-Lookup wird in 15
Minuten wiederholt. Fehler: Der Host war bei einem Socketvorgang nicht erreichbar.
(0x80072751)

Error - 10.08.2010 04:46:24 | Computer Name = ISABELLE | Source = W32Time | ID = 39452701
Description = Der Zeitanbieter "NtpClient" wurde für die Zeiterfassung von mehreren
Zeitquellen konfiguriert. Es ist jedoch Keine der Quellen verfügbar. Innerhalb der
nächsten 14 Minuten wird kein Versuch unternommen, eine Verbindung mit der Quelle
herzustellen. Der NtpClient verfügt über keine Quelle mit genauer Zeit.

Error - 10.08.2010 04:46:24 | Computer Name = ISABELLE | Source = W32Time | ID = 39452689
Description = Zeitabieter "NtpClient": Beim DNS-Lookup für den manuell konfigurierten
Peer "time.windows.com,0x1" ist ein Fehler aufgetreten. Der DNS-Lookup wird in 15
Minuten wiederholt. Fehler: Der Host war bei einem Socketvorgang nicht erreichbar.
(0x80072751)

Error - 10.08.2010 04:46:24 | Computer Name = ISABELLE | Source = W32Time | ID = 39452701
Description = Der Zeitanbieter "NtpClient" wurde für die Zeiterfassung von mehreren
Zeitquellen konfiguriert. Es ist jedoch Keine der Quellen verfügbar. Innerhalb der
nächsten 14 Minuten wird kein Versuch unternommen, eine Verbindung mit der Quelle
herzustellen. Der NtpClient verfügt über keine Quelle mit genauer Zeit.

Error - 23.08.2010 15:05:14 | Computer Name = ISABELLE | Source = DCOM | ID = 10010
Description = Der Server "{ED081F25-6A77-4C89-B689-C6E15C582EC1}" konnte innerhalb
des angegebenen Zeitabschnitts mit DCOM nicht registriert werden.

Error - 26.08.2010 14:20:13 | Computer Name = ISABELLE | Source = DCOM | ID = 10010
Description = Der Server "{ED081F25-6A77-4C89-B689-C6E15C582EC1}" konnte innerhalb
des angegebenen Zeitabschnitts mit DCOM nicht registriert werden.

Error - 05.09.2010 13:25:03 | Computer Name = ISABELLE | Source = DCOM | ID = 10010
Description = Der Server "{ED081F25-6A77-4C89-B689-C6E15C582EC1}" konnte innerhalb
des angegebenen Zeitabschnitts mit DCOM nicht registriert werden.


< End of report >
Code:
ActiveX: {5fd399c0-a70a-11d1-9948-00c04f98bbc9} - Internet Explorer Setup Tools
ActiveX: {630b1da0-b465-11d1-9948-00c04f98bbc9} - Browsererweiterungen
ActiveX: {6BF52A52-394A-11d3-B153-00C04F79FAA6} - Microsoft Windows Media Player
ActiveX: {6fab99d0-bab8-11d1-994a-00c04f98bbc9} - Zugang zu MSN Site
ActiveX: {7131646D-CD3C-40F4-97B9-CD9E4E6262EF} - .NET Framework
ActiveX: {73fa19d0-2d75-11d2-995d-00c04f98bbc9} - Web Folders
ActiveX: {7790769C-0471-11d2-AF11-00C04FA35D02} - "%ProgramFiles%\Outlook Express\setup50.exe" /APP:WAB /CALLER:WINNT /user /install
ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4340} - regsvr32.exe /s /n /i:U shell32.dll
ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4383} - %SystemRoot%\system32\ie4uinit.exe
ActiveX: {89B4C1CD-B018-4511-B0A1-5476DBF70820} - c:\WINDOWS\system32\Rundll32.exe c:\WINDOWS\system32\mscories.dll,Install
ActiveX: {9381D8F2-0288-11D0-9501-00AA00B911A5} - Dynamic HTML-Datenbindung
ActiveX: {C09FB3CD-3D0C-3F2D-899A-6A1D67F2073F} - .NET Framework
ActiveX: {C9E9A340-D1F1-11D0-821E-444553540600} - Internet Explorer-Hauptschriftarten
ActiveX: {CC2A9BA0-3BDD-11D0-821E-444553540000} - Taskplaner
ActiveX: {CDD7975E-60F8-41d5-8149-19E51D6F71D0} - Windows Movie Maker v2.1
ActiveX: {D27CDB6E-AE6D-11cf-96B8-444553540000} - Adobe Flash Player
ActiveX: {de5aed00-a4bf-11d1-9948-00c04f98bbc9} - HTML-Hilfe
ActiveX: {E92B03AB-B707-11d2-9CBD-0000F87A369E} - Active Directory Service Interface
ActiveX: >{22d6f312-b0f6-11d0-94ab-0080c74c7e95} - C:\WINDOWS\inf\unregmp2.exe /ShowWMP
ActiveX: >{26923b43-4d38-484f-9b9e-de460746276c} - %systemroot%\system32\shmgrate.exe OCInstallUserConfigIE
ActiveX: >{60B49E34-C7CC-11D0-8953-00A0C90347FF}MICROS - RunDLL32 IEDKCS32.DLL,BrandIE4 SIGNUP
ActiveX: >{881dd1c5-3dcf-431b-b061-f3f88e8be88a} - %systemroot%\system32\shmgrate.exe OCInstallUserConfigOE

Drivers32: msacm.iac2 - C:\WINDOWS\system32\iac25_32.ax (Intel Corporation)
Drivers32: msacm.l3acm - C:\WINDOWS\system32\l3codeca.acm (Fraunhofer Institut Integrierte Schaltungen IIS)
Drivers32: msacm.sl_anet - C:\WINDOWS\System32\sl_anet.acm (Sipro Lab Telecom Inc.)
Drivers32: msacm.trspch - C:\WINDOWS\System32\tssoft32.acm (DSP GROUP, INC.)
Drivers32: vidc.cvid - C:\WINDOWS\System32\iccvid.dll (Radius Inc.)
Drivers32: vidc.I420 - C:\WINDOWS\System32\i420vfw.dll (www.helixcommunity.org)
Drivers32: vidc.iv31 - C:\WINDOWS\System32\ir32_32.dll ()
Drivers32: vidc.iv32 - C:\WINDOWS\System32\ir32_32.dll ()
Drivers32: vidc.iv41 - C:\WINDOWS\System32\ir41_32.ax (Intel Corporation)
Drivers32: vidc.iv50 - C:\WINDOWS\System32\ir50_32.dll (Intel Corporation)
Drivers32: vidc.VP60 - C:\WINDOWS\system32\vp6vfw.dll (On2.com)
Drivers32: vidc.VP61 - C:\WINDOWS\system32\vp6vfw.dll (On2.com)

CREATERESTOREPOINT
Restore point Set: OTL Restore Point (59404830837309440)

========== Files/Folders - Created Within 30 Days ==========

File not found -- C:\WINDOWS\System32\attrnsta.dll
[2010.09.05 16:20:20 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\tmp
[2010.09.05 16:20:17 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\hps
[2010.09.05 16:17:46 | 000,000,000 | ---D | C] -- C:\Programme\CeWe Color
[2010.09.03 15:47:09 | 000,106,792 | ---- | C] (MCCI Corporation) -- C:\WINDOWS\System32\drivers\sscdmdm.sys
[2010.09.03 15:47:09 | 000,080,552 | ---- | C] (MCCI Corporation) -- C:\WINDOWS\System32\drivers\sscdbus.sys
[2010.09.03 15:47:09 | 000,011,944 | ---- | C] (MCCI Corporation) -- C:\WINDOWS\System32\drivers\sscdmdfl.sys
[2010.09.03 15:47:09 | 000,009,256 | ---- | C] (MCCI Corporation) -- C:\WINDOWS\System32\drivers\sscdwhnt.sys
[2010.09.03 15:47:09 | 000,009,256 | ---- | C] (MCCI Corporation) -- C:\WINDOWS\System32\drivers\sscdwh.sys
[2010.09.03 15:47:09 | 000,009,256 | ---- | C] (MCCI Corporation) -- C:\WINDOWS\System32\drivers\sscdcmnt.sys
[2010.09.03 15:47:09 | 000,009,256 | ---- | C] (MCCI Corporation) -- C:\WINDOWS\System32\drivers\sscdcm.sys
[2010.09.03 15:46:36 | 000,000,000 | ---D | C] -- C:\Programme\Samsung
[2010.09.03 13:59:27 | 000,004,352 | ---- | C] (AVM Berlin) -- C:\WINDOWS\System32\drivers\avmeject.sys
[2010.09.03 13:58:54 | 000,000,000 | ---D | C] -- C:\Programme\avmwlanstick
[2010.09.03 13:58:52 | 000,265,088 | ---- | C] (AVM GmbH) -- C:\WINDOWS\System32\drivers\fwlanusb.sys
[2010.09.03 13:58:52 | 000,074,752 | ---- | C] (AVM Berlin) -- C:\WINDOWS\System32\fwlanci.dll
[2010.09.03 13:58:52 | 000,000,000 | ---D | C] -- C:\WINDOWS\AVM_Driver
[2010.08.20 14:27:55 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\Stephan.ISABELLE\Anwendungsdaten\Helper
[6 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]
[6 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]
[6 C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\*.tmp files -> C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\*.tmp -> ]

========== Files - Modified Within 30 Days ==========

[2010.09.07 20:55:54 | 000,013,646 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2010.09.07 20:55:14 | 000,000,006 | -H-- | M] () -- C:\WINDOWS\tasks\SA.DAT
[2010.09.07 20:55:07 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2010.09.07 20:55:05 | 000,069,112 | ---- | M] () -- C:\WINDOWS\System32\ativvaxx.cap
[2010.09.07 20:53:07 | 000,000,000 | ---- | M] () -- C:\WINDOWS\System32\Access.dat
[2010.09.05 21:13:26 | 003,377,932 | -H-- | M] () -- C:\Dokumente und Einstellungen\Stephan.ISABELLE\Lokale Einstellungen\Anwendungsdaten\IconCache.db
[2010.09.05 19:13:28 | 004,218,880 | ---- | M] () -- C:\Dokumente und Einstellungen\Stephan.ISABELLE\ntuser.dat
[2010.09.03 21:40:37 | 000,000,190 | -HS- | M] () -- C:\Dokumente und Einstellungen\Stephan.ISABELLE\ntuser.ini
[2010.09.03 21:16:58 | 000,046,592 | ---- | M] () -- C:\WINDOWS\attrnsta.dll
[2010.09.03 15:48:32 | 000,435,260 | ---- | M] () -- C:\WINDOWS\System32\perfh009.dat
[2010.09.03 15:48:31 | 001,050,718 | ---- | M] () -- C:\WINDOWS\System32\PerfStringBackup.INI
[2010.09.03 15:48:31 | 000,451,980 | ---- | M] () -- C:\WINDOWS\System32\perfh007.dat
[2010.09.03 15:48:31 | 000,080,920 | ---- | M] () -- C:\WINDOWS\System32\perfc007.dat
[2010.09.03 15:48:31 | 000,068,156 | ---- | M] () -- C:\WINDOWS\System32\perfc009.dat
[2010.09.03 14:46:57 | 000,000,425 | ---- | M] () -- C:\WINDOWS\BRWMARK.INI
[2010.08.11 17:22:27 | 001,556,576 | ---- | M] () -- C:\WINDOWS\System32\FNTCACHE.DAT
[6 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]
[6 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]
[6 C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\*.tmp files -> C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\*.tmp -> ]

========== Files Created - No Company Name ==========

[2050.01.01 01:00:00 | 000,018,432 | ---- | C] () -- C:\Dokumente und Einstellungen\Stephan.ISABELLE\Eigene Dateien\RGF143433758.pdf
[2050.01.01 01:00:00 | 000,002,033 | ---- | C] () -- C:\Dokumente und Einstellungen\Stephan.ISABELLE\Eigene Dateien\RGF143433758.pdf.pkcs7
[2010.09.05 19:13:28 | 004,218,880 | ---- | C] () -- C:\Dokumente und Einstellungen\Stephan.ISABELLE\ntuser.dat
[2010.09.03 21:16:58 | 000,046,592 | ---- | C] () -- C:\WINDOWS\attrnsta.dll
[2010.09.03 13:58:52 | 000,097,360 | ---- | C] () -- C:\WINDOWS\System32\drivers\Fwusb1b.bin
[2010.07.12 17:49:17 | 000,000,004 | ---- | C] () -- C:\Dokumente und Einstellungen\Stephan.ISABELLE\Anwendungsdaten\avdrn.dat
[2010.06.03 16:08:51 | 000,000,032 | ---- | C] () -- C:\WINDOWS\PacWorld.ini
[2010.05.23 11:32:31 | 000,006,144 | ---- | C] () -- C:\Dokumente und Einstellungen\Stephan.ISABELLE\Lokale Einstellungen\Anwendungsdaten\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2010.03.03 15:50:24 | 000,354,816 | ---- | C] () -- C:\WINDOWS\System32\psisdecd.dll
[2010.01.10 16:53:13 | 000,000,000 | ---- | C] () -- C:\WINDOWS\iPlayer.INI
[2009.12.27 13:17:07 | 000,002,528 | ---- | C] () -- C:\Dokumente und Einstellungen\Stephan.ISABELLE\Anwendungsdaten\$_hpcst$.hpc
[2009.12.25 23:24:16 | 000,000,000 | ---- | C] () -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\LauncherAccess.dt
[2009.12.25 23:22:25 | 000,005,632 | ---- | C] () -- C:\WINDOWS\System32\drivers\StarOpen.sys
[2009.12.08 21:44:25 | 000,120,320 | ---- | C] () -- C:\WINDOWS\System32\drivers\SSHDRV65.sys
[2009.08.12 11:37:52 | 000,000,023 | ---- | C] () -- C:\WINDOWS\BlendSettings.ini
[2009.06.07 14:18:32 | 010,440,704 | ---- | C] () -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\sandra.mda
[2009.05.05 15:22:31 | 000,031,664 | ---- | C] () -- C:\WINDOWS\maxlink.ini
[2009.02.15 16:21:26 | 000,019,456 | ---- | C] () -- C:\WINDOWS\System32\xrxscnui.dll
[2009.01.01 21:39:29 | 000,000,425 | ---- | C] () -- C:\WINDOWS\BRWMARK.INI
[2009.01.01 21:39:29 | 000,000,027 | ---- | C] () -- C:\WINDOWS\BRPP2KA.INI
[2008.12.20 21:18:46 | 000,027,648 | ---- | C] () -- C:\WINDOWS\System32\AVSredirect.dll
[2008.10.07 09:13:30 | 000,197,912 | ---- | C] () -- C:\WINDOWS\System32\physxcudart_20.dll
[2008.10.07 09:13:22 | 000,058,648 | ---- | C] () -- C:\WINDOWS\System32\AgCPanelTraditionalChinese.dll
[2008.10.07 09:13:20 | 000,058,648 | ---- | C] () -- C:\WINDOWS\System32\AgCPanelSwedish.dll
[2008.10.07 09:13:20 | 000,058,648 | ---- | C] () -- C:\WINDOWS\System32\AgCPanelSpanish.dll
[2008.10.07 09:13:20 | 000,058,648 | ---- | C] () -- C:\WINDOWS\System32\AgCPanelSimplifiedChinese.dll
[2008.10.07 09:13:20 | 000,058,648 | ---- | C] () -- C:\WINDOWS\System32\AgCPanelPortugese.dll
[2008.10.07 09:13:20 | 000,058,648 | ---- | C] () -- C:\WINDOWS\System32\AgCPanelKorean.dll
[2008.10.07 09:13:20 | 000,058,648 | ---- | C] () -- C:\WINDOWS\System32\AgCPanelJapanese.dll
[2008.10.07 09:13:20 | 000,058,648 | ---- | C] () -- C:\WINDOWS\System32\AgCPanelGerman.dll
[2008.10.07 09:13:20 | 000,058,648 | ---- | C] () -- C:\WINDOWS\System32\AgCPanelFrench.dll
[2008.09.18 00:55:00 | 001,724,416 | ---- | C] () -- C:\WINDOWS\System32\nvwdmcpl.dll
[2008.09.18 00:55:00 | 001,503,232 | ---- | C] () -- C:\WINDOWS\System32\nview.dll
[2008.09.18 00:55:00 | 001,101,824 | ---- | C] () -- C:\WINDOWS\System32\nvwimg.dll
[2008.09.18 00:55:00 | 000,466,944 | ---- | C] () -- C:\WINDOWS\System32\nvshell.dll
[2008.09.18 00:55:00 | 000,286,720 | ---- | C] () -- C:\WINDOWS\System32\nvnt4cpl.dll
[2002.07.31 18:32:03 | 000,056,832 | ---- | C] () -- C:\WINDOWS\System32\iyvu9_32.dll

========== LOP Check ==========

[2009.06.06 12:08:02 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\2DBoy
[2008.12.19 17:48:10 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\ESET
[2008.12.20 17:29:13 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\ICQ
[2009.05.16 16:17:18 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\PopCap Games
[2009.05.05 15:22:30 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\ScanSoft
[2010.09.05 16:20:20 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\tmp
[2009.07.15 19:27:56 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Tunngle
[2009.07.07 15:15:41 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Isa\Anwendungsdaten\Braid
[2010.06.11 15:30:53 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Isa\Anwendungsdaten\DVDVideoSoftIEHelpers
[2009.03.31 21:24:00 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Isa\Anwendungsdaten\FOG Downloader
[2008.12.20 16:58:39 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Isa\Anwendungsdaten\Foxit
[2009.12.25 14:10:33 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Isa\Anwendungsdaten\FreeDoko
[2010.06.19 15:36:59 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Isa\Anwendungsdaten\ICQ
[2010.08.21 18:00:09 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Isa\Anwendungsdaten\PriceGong
[2009.12.26 00:08:17 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Isa\Anwendungsdaten\Samsung
[2009.06.24 18:05:14 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Isa\Anwendungsdaten\ScanSoft
[2008.12.21 22:51:56 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Isa\Anwendungsdaten\TeamViewer
[2009.11.09 22:15:52 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Isa\Anwendungsdaten\Teeworlds
[2010.01.24 23:02:12 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Isa\Anwendungsdaten\Tunngle
[2009.06.08 15:49:07 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Isa\Anwendungsdaten\Uniblue
[2009.02.15 16:21:39 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Isa\Anwendungsdaten\Xerox
[2009.03.03 21:20:28 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Stephan.ISABELLE\Anwendungsdaten\Alozwy
[2010.06.09 10:55:50 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Stephan.ISABELLE\Anwendungsdaten\Apiwe
[2009.09.07 10:31:33 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Stephan.ISABELLE\Anwendungsdaten\Cuecta
[2009.12.27 13:18:14 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Stephan.ISABELLE\Anwendungsdaten\GoPal Assistant
[2010.07.14 18:24:39 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Stephan.ISABELLE\Anwendungsdaten\Gumo
[2010.07.21 19:14:39 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Stephan.ISABELLE\Anwendungsdaten\Gylat
[2010.07.30 15:08:50 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Stephan.ISABELLE\Anwendungsdaten\Ihgeit
[2009.05.11 22:50:12 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Stephan.ISABELLE\Anwendungsdaten\Isiwc
[2009.10.09 16:46:52 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Stephan.ISABELLE\Anwendungsdaten\Ivwiuf
[2010.07.15 17:48:16 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Stephan.ISABELLE\Anwendungsdaten\Ivxyy
[2010.07.19 18:39:18 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Stephan.ISABELLE\Anwendungsdaten\Kumios
[2010.07.30 21:07:50 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Stephan.ISABELLE\Anwendungsdaten\Ogeci
[2009.01.12 17:24:10 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Stephan.ISABELLE\Anwendungsdaten\Ogonu
[2010.07.10 11:15:53 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Stephan.ISABELLE\Anwendungsdaten\Omquex
[2009.06.14 22:17:31 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Stephan.ISABELLE\Anwendungsdaten\Ovok
[2009.07.05 18:41:14 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Stephan.ISABELLE\Anwendungsdaten\ScanSoft
[2010.07.30 13:07:43 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Stephan.ISABELLE\Anwendungsdaten\Tyowy
[2010.05.14 02:52:15 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Stephan.ISABELLE\Anwendungsdaten\Umfux
[2010.03.11 11:03:15 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Stephan.ISABELLE\Anwendungsdaten\Vapaxe
[2010.07.30 13:07:44 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Stephan.ISABELLE\Anwendungsdaten\Ydobf
[2010.01.03 01:19:18 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Stephan.ISABELLE\Anwendungsdaten\Yftok
[2009.12.13 15:56:28 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Stephan.ISABELLE\Anwendungsdaten\Ylygd
[2010.07.29 19:38:52 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Stephan.ISABELLE\Anwendungsdaten\Zakyi

========== Purity Check ==========



========== Custom Scans ==========


< %ALLUSERSPROFILE%\Application Data\*. >

< %ALLUSERSPROFILE%\Application Data\*.exe /s >

< %APPDATA%\*. >
[2010.07.07 18:41:13 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Stephan.ISABELLE\Anwendungsdaten\Adobe
[2009.03.03 21:20:28 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Stephan.ISABELLE\Anwendungsdaten\Alozwy
[2010.06.09 10:55:50 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Stephan.ISABELLE\Anwendungsdaten\Apiwe
[2009.06.10 16:54:15 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Stephan.ISABELLE\Anwendungsdaten\ATI
[2010.05.23 23:17:03 | 000,000,000 | R--D | M] -- C:\Dokumente und Einstellungen\Stephan.ISABELLE\Anwendungsdaten\Brother
[2009.09.07 10:31:33 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Stephan.ISABELLE\Anwendungsdaten\Cuecta
[2010.07.03 11:48:42 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Stephan.ISABELLE\Anwendungsdaten\DivX
[2009.08.11 20:49:45 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Stephan.ISABELLE\Anwendungsdaten\ESTsoft
[2009.01.31 11:47:08 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Stephan.ISABELLE\Anwendungsdaten\Google
[2009.12.27 13:18:14 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Stephan.ISABELLE\Anwendungsdaten\GoPal Assistant
[2010.07.14 18:24:39 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Stephan.ISABELLE\Anwendungsdaten\Gumo
[2010.07.21 19:14:39 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Stephan.ISABELLE\Anwendungsdaten\Gylat
[2010.08.20 14:27:55 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Stephan.ISABELLE\Anwendungsdaten\Helper
[2008.12.19 19:22:21 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Stephan.ISABELLE\Anwendungsdaten\Identities
[2010.07.30 15:08:50 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Stephan.ISABELLE\Anwendungsdaten\Ihgeit
[2009.05.11 22:50:12 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Stephan.ISABELLE\Anwendungsdaten\Isiwc
[2009.10.09 16:46:52 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Stephan.ISABELLE\Anwendungsdaten\Ivwiuf
[2010.07.15 17:48:16 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Stephan.ISABELLE\Anwendungsdaten\Ivxyy
[2010.07.19 18:39:18 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Stephan.ISABELLE\Anwendungsdaten\Kumios
[2008.12.19 19:49:05 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Stephan.ISABELLE\Anwendungsdaten\Macromedia
[2009.12.27 13:30:32 | 000,000,000 | --SD | M] -- C:\Dokumente und Einstellungen\Stephan.ISABELLE\Anwendungsdaten\Microsoft
[2008.12.19 19:23:38 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Stephan.ISABELLE\Anwendungsdaten\Mozilla
[2010.07.30 21:07:50 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Stephan.ISABELLE\Anwendungsdaten\Ogeci
[2009.01.12 17:24:10 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Stephan.ISABELLE\Anwendungsdaten\Ogonu
[2010.07.10 11:15:53 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Stephan.ISABELLE\Anwendungsdaten\Omquex
[2009.06.14 22:17:31 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Stephan.ISABELLE\Anwendungsdaten\Ovok
[2009.07.05 18:41:14 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Stephan.ISABELLE\Anwendungsdaten\ScanSoft
[2010.05.16 19:04:46 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Stephan.ISABELLE\Anwendungsdaten\Skype
[2008.12.19 19:29:13 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Stephan.ISABELLE\Anwendungsdaten\Sun
[2010.07.30 13:07:43 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Stephan.ISABELLE\Anwendungsdaten\Tyowy
[2010.05.14 02:52:15 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Stephan.ISABELLE\Anwendungsdaten\Umfux
[2010.03.11 11:03:15 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Stephan.ISABELLE\Anwendungsdaten\Vapaxe
[2010.09.06 23:17:10 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Stephan.ISABELLE\Anwendungsdaten\vlc
[2010.07.30 13:07:44 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Stephan.ISABELLE\Anwendungsdaten\Ydobf
[2010.01.03 01:19:18 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Stephan.ISABELLE\Anwendungsdaten\Yftok
[2009.12.13 15:56:28 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Stephan.ISABELLE\Anwendungsdaten\Ylygd
[2010.07.29 19:38:52 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Stephan.ISABELLE\Anwendungsdaten\Zakyi

< %APPDATA%\*.exe /s >
[2009.03.03 21:20:28 | 000,165,888 | ---- | M] () -- C:\Dokumente und Einstellungen\Stephan.ISABELLE\Anwendungsdaten\Alozwy\etvic.exe
[2010.06.09 10:55:50 | 000,159,744 | ---- | M] () -- C:\Dokumente und Einstellungen\Stephan.ISABELLE\Anwendungsdaten\Apiwe\tuaf.exe
[2009.12.27 13:57:42 | 000,005,632 | ---- | M] () -- C:\Dokumente und Einstellungen\Stephan.ISABELLE\Anwendungsdaten\GoPal Assistant\Library\23A0B03D-F42B-4A4D-A64C-C4E946585B5E\AutoRunCE.exe
[2009.12.27 13:57:45 | 000,083,456 | ---- | M] () -- C:\Dokumente und Einstellungen\Stephan.ISABELLE\Anwendungsdaten\GoPal Assistant\Library\23A0B03D-F42B-4A4D-A64C-C4E946585B5E\1\module.exe
[2009.12.27 13:58:37 | 000,005,632 | ---- | M] () -- C:\Dokumente und Einstellungen\Stephan.ISABELLE\Anwendungsdaten\GoPal Assistant\Library\339E641C-73A4-44D0-AD2B-816E368225DF\AutoRunCE.exe
[2009.12.27 13:58:39 | 000,083,456 | ---- | M] () -- C:\Dokumente und Einstellungen\Stephan.ISABELLE\Anwendungsdaten\GoPal Assistant\Library\339E641C-73A4-44D0-AD2B-816E368225DF\1\module.exe
[2009.12.27 13:58:16 | 000,005,632 | ---- | M] () -- C:\Dokumente und Einstellungen\Stephan.ISABELLE\Anwendungsdaten\GoPal Assistant\Library\3EEA5F55-83AB-4448-98E4-C364B6DFAEF7\AutoRunCE.exe
[2009.12.27 13:58:17 | 000,083,456 | ---- | M] () -- C:\Dokumente und Einstellungen\Stephan.ISABELLE\Anwendungsdaten\GoPal Assistant\Library\3EEA5F55-83AB-4448-98E4-C364B6DFAEF7\1\module.exe
[2009.12.27 13:58:23 | 000,005,632 | ---- | M] () -- C:\Dokumente und Einstellungen\Stephan.ISABELLE\Anwendungsdaten\GoPal Assistant\Library\4F0ACCE4-F7AE-4923-A9F4-81C028596E55\AutoRunCE.exe
[2009.12.27 13:58:25 | 000,083,456 | ---- | M] () -- C:\Dokumente und Einstellungen\Stephan.ISABELLE\Anwendungsdaten\GoPal Assistant\Library\4F0ACCE4-F7AE-4923-A9F4-81C028596E55\1\module.exe
[2009.12.27 13:58:45 | 000,005,632 | ---- | M] () -- C:\Dokumente und Einstellungen\Stephan.ISABELLE\Anwendungsdaten\GoPal Assistant\Library\6274F28B-F345-4BA9-B53C-3E2E3D25E442\AutoRunCE.exe
[2009.12.27 13:58:46 | 000,083,456 | ---- | M] () -- C:\Dokumente und Einstellungen\Stephan.ISABELLE\Anwendungsdaten\GoPal Assistant\Library\6274F28B-F345-4BA9-B53C-3E2E3D25E442\1\module.exe
[2009.12.27 13:57:56 | 000,005,632 | ---- | M] () -- C:\Dokumente und Einstellungen\Stephan.ISABELLE\Anwendungsdaten\GoPal Assistant\Library\7AF495BA-85AD-4187-B21F-E26B6897C748\AutoRunCE.exe
[2009.12.27 13:57:59 | 000,083,456 | ---- | M] () -- C:\Dokumente und Einstellungen\Stephan.ISABELLE\Anwendungsdaten\GoPal Assistant\Library\7AF495BA-85AD-4187-B21F-E26B6897C748\1\module.exe
[2009.12.27 13:57:48 | 000,005,632 | ---- | M] () -- C:\Dokumente und Einstellungen\Stephan.ISABELLE\Anwendungsdaten\GoPal Assistant\Library\8BBB19C3-9C60-44CB-8A5E-BC8BCB78AC5D\AutoRunCE.exe
[2009.12.27 13:57:49 | 000,083,456 | ---- | M] () -- C:\Dokumente und Einstellungen\Stephan.ISABELLE\Anwendungsdaten\GoPal Assistant\Library\8BBB19C3-9C60-44CB-8A5E-BC8BCB78AC5D\1\module.exe
[2009.12.27 13:58:07 | 000,005,632 | ---- | M] () -- C:\Dokumente und Einstellungen\Stephan.ISABELLE\Anwendungsdaten\GoPal Assistant\Library\92746DE9-F77D-43A9-BAB3-87E12605CE35\AutoRunCE.exe
[2009.12.27 13:58:08 | 000,083,456 | ---- | M] () -- C:\Dokumente und Einstellungen\Stephan.ISABELLE\Anwendungsdaten\GoPal Assistant\Library\92746DE9-F77D-43A9-BAB3-87E12605CE35\1\module.exe
[2009.12.27 13:57:51 | 000,005,632 | ---- | M] () -- C:\Dokumente und Einstellungen\Stephan.ISABELLE\Anwendungsdaten\GoPal Assistant\Library\98B5E998-AD01-4E0C-A3D9-CC949E946A49\AutoRunCE.exe
[2009.12.27 13:57:53 | 000,083,456 | ---- | M] () -- C:\Dokumente und Einstellungen\Stephan.ISABELLE\Anwendungsdaten\GoPal Assistant\Library\98B5E998-AD01-4E0C-A3D9-CC949E946A49\1\module.exe
[2009.12.27 13:58:28 | 000,005,632 | ---- | M] () -- C:\Dokumente und Einstellungen\Stephan.ISABELLE\Anwendungsdaten\GoPal Assistant\Library\9F7A79D6-3A06-4F78-90D0-FA897A4FD783\AutoRunCE.exe
[2009.12.27 13:58:29 | 000,083,456 | ---- | M] () -- C:\Dokumente und Einstellungen\Stephan.ISABELLE\Anwendungsdaten\GoPal Assistant\Library\9F7A79D6-3A06-4F78-90D0-FA897A4FD783\1\module.exe
[2009.12.27 13:58:41 | 000,005,632 | ---- | M] () -- C:\Dokumente und Einstellungen\Stephan.ISABELLE\Anwendungsdaten\GoPal Assistant\Library\A2922E09-96FC-489E-B230-2712FFE6FE11\AutoRunCE.exe
[2009.12.27 13:58:43 | 000,083,456 | ---- | M] () -- C:\Dokumente und Einstellungen\Stephan.ISABELLE\Anwendungsdaten\GoPal Assistant\Library\A2922E09-96FC-489E-B230-2712FFE6FE11\1\module.exe
[2009.12.27 13:56:34 | 000,005,632 | ---- | M] () -- C:\Dokumente und Einstellungen\Stephan.ISABELLE\Anwendungsdaten\GoPal Assistant\Library\A7287F0A-05FE-408C-AB9A-5FEF470567C1\AutoRunCE.exe
[2009.12.27 13:57:21 | 000,083,456 | ---- | M] () -- C:\Dokumente und Einstellungen\Stephan.ISABELLE\Anwendungsdaten\GoPal Assistant\Library\A7287F0A-05FE-408C-AB9A-5FEF470567C1\1\module.exe
[2009.12.27 13:57:38 | 000,005,632 | ---- | M] () -- C:\Dokumente und Einstellungen\Stephan.ISABELLE\Anwendungsdaten\GoPal Assistant\Library\AD8325DB-A2BE-4F60-A78D-AB1748B0D4FA\AutoRunCE.exe
[2009.12.27 13:57:40 | 000,083,456 | ---- | M] () -- C:\Dokumente und Einstellungen\Stephan.ISABELLE\Anwendungsdaten\GoPal Assistant\Library\AD8325DB-A2BE-4F60-A78D-AB1748B0D4FA\1\module.exe
[2009.12.27 13:58:11 | 000,005,632 | ---- | M] () -- C:\Dokumente und Einstellungen\Stephan.ISABELLE\Anwendungsdaten\GoPal Assistant\Library\B77505EF-1AFD-46B9-B08A-036EF94F9AF4\AutoRunCE.exe
[2009.12.27 13:58:13 | 000,083,456 | ---- | M] () -- C:\Dokumente und Einstellungen\Stephan.ISABELLE\Anwendungsdaten\GoPal Assistant\Library\B77505EF-1AFD-46B9-B08A-036EF94F9AF4\1\module.exe
[2009.12.27 13:57:33 | 000,005,632 | ---- | M] () -- C:\Dokumente und Einstellungen\Stephan.ISABELLE\Anwendungsdaten\GoPal Assistant\Library\C31A8510-F49E-4961-A54B-F33A1BD80AFF\AutoRunCE.exe
[2009.12.27 13:57:36 | 000,083,456 | ---- | M] () -- C:\Dokumente und Einstellungen\Stephan.ISABELLE\Anwendungsdaten\GoPal Assistant\Library\C31A8510-F49E-4961-A54B-F33A1BD80AFF\1\module.exe
[2009.12.27 13:57:30 | 000,005,632 | ---- | M] () -- C:\Dokumente und Einstellungen\Stephan.ISABELLE\Anwendungsdaten\GoPal Assistant\Library\D14E9445-4543-4301-8AE3-CC56BC8D443D\AutoRunCE.exe
[2009.12.27 13:57:31 | 000,083,456 | ---- | M] () -- C:\Dokumente und Einstellungen\Stephan.ISABELLE\Anwendungsdaten\GoPal Assistant\Library\D14E9445-4543-4301-8AE3-CC56BC8D443D\1\module.exe
[2009.12.27 13:58:31 | 000,005,632 | ---- | M] () -- C:\Dokumente und Einstellungen\Stephan.ISABELLE\Anwendungsdaten\GoPal Assistant\Library\E57937F2-41B4-4D3C-B65A-D4A66F85A852\AutoRunCE.exe
[2009.12.27 13:58:33 | 000,083,456 | ---- | M] () -- C:\Dokumente und Einstellungen\Stephan.ISABELLE\Anwendungsdaten\GoPal Assistant\Library\E57937F2-41B4-4D3C-B65A-D4A66F85A852\1\module.exe
[2009.12.27 13:58:04 | 000,005,632 | ---- | M] () -- C:\Dokumente und Einstellungen\Stephan.ISABELLE\Anwendungsdaten\GoPal Assistant\Library\F504E7FB-12D2-4F6E-94B7-01FBA1B1985E\AutoRunCE.exe
[2009.12.27 13:58:05 | 000,083,456 | ---- | M] () -- C:\Dokumente und Einstellungen\Stephan.ISABELLE\Anwendungsdaten\GoPal Assistant\Library\F504E7FB-12D2-4F6E-94B7-01FBA1B1985E\1\module.exe
[2009.12.27 13:58:19 | 000,005,632 | ---- | M] () -- C:\Dokumente und Einstellungen\Stephan.ISABELLE\Anwendungsdaten\GoPal Assistant\Library\FDDB8B34-B577-41FB-98B9-AAC9D2A5FA75\AutoRunCE.exe
[2009.12.27 13:58:21 | 000,083,456 | ---- | M] () -- C:\Dokumente und Einstellungen\Stephan.ISABELLE\Anwendungsdaten\GoPal Assistant\Library\FDDB8B34-B577-41FB-98B9-AAC9D2A5FA75\1\module.exe
[2009.10.26 06:00:00 | 000,005,632 | ---- | M] () -- C:\Dokumente und Einstellungen\Stephan.ISABELLE\Anwendungsdaten\GoPal Assistant\Library\Import\gpa_nsv78\Installation\AutoRunCE.exe
[2009.10.26 06:00:00 | 000,083,456 | ---- | M] () -- C:\Dokumente und Einstellungen\Stephan.ISABELLE\Anwendungsdaten\GoPal Assistant\Library\Import\gpa_nsv78\Installation\1\module.exe
[2009.05.11 22:50:12 | 000,159,744 | ---- | M] () -- C:\Dokumente und Einstellungen\Stephan.ISABELLE\Anwendungsdaten\Isiwc\refe.exe
[2009.01.12 17:24:10 | 000,176,640 | ---- | M] () -- C:\Dokumente und Einstellungen\Stephan.ISABELLE\Anwendungsdaten\Ogonu\yler.exe
[2009.06.14 22:17:31 | 000,165,888 | ---- | M] () -- C:\Dokumente und Einstellungen\Stephan.ISABELLE\Anwendungsdaten\Ovok\siacs.exe

< %SYSTEMDRIVE%\*.exe >


< MD5 for: AGP440.SYS >
[2007.07.27 14:00:00 | 018,782,319 | ---- | M] () .cab file -- C:\WINDOWS\Driver Cache\i386\sp2.cab:AGP440.sys
[2009.01.31 13:20:16 | 023,898,261 | ---- | M] () .cab file -- C:\WINDOWS\Driver Cache\i386\sp3.cab:AGP440.sys
[2009.01.31 13:20:16 | 023,898,261 | ---- | M] () .cab file -- C:\WINDOWS\ServicePackFiles\i386\sp3.cab:AGP440.sys
[2008.04.13 20:36:38 | 000,042,368 | ---- | M] (Microsoft Corporation) MD5=08FD04AA961BDC77FB983F328334E3D7 -- C:\WINDOWS\ServicePackFiles\i386\agp440.sys
[2008.04.13 20:36:38 | 000,042,368 | ---- | M] (Microsoft Corporation) MD5=08FD04AA961BDC77FB983F328334E3D7 -- C:\WINDOWS\system32\drivers\agp440.sys

< MD5 for: ATAPI.SYS >
[2007.07.27 14:00:00 | 018,782,319 | ---- | M] () .cab file -- C:\WINDOWS\Driver Cache\i386\sp2.cab:atapi.sys
[2009.01.31 13:20:16 | 023,898,261 | ---- | M] () .cab file -- C:\WINDOWS\Driver Cache\i386\sp3.cab:atapi.sys
[2009.01.31 13:20:16 | 023,898,261 | ---- | M] () .cab file -- C:\WINDOWS\ServicePackFiles\i386\sp3.cab:atapi.sys
[2008.04.13 20:40:30 | 000,096,512 | ---- | M] (Microsoft Corporation) MD5=9F3A2F5AA6875C72BF062C712CFA2674 -- C:\WINDOWS\ServicePackFiles\i386\atapi.sys
[2008.04.13 20:40:30 | 000,096,512 | ---- | M] (Microsoft Corporation) MD5=9F3A2F5AA6875C72BF062C712CFA2674 -- C:\WINDOWS\system32\drivers\atapi.sys
[2007.07.27 14:00:00 | 000,095,360 | ---- | M] (Microsoft Corporation) MD5=CDFE4411A69C224BD1D11B2DA92DAC51 -- C:\WINDOWS\$NtServicePackUninstall$\atapi.sys
[2007.07.27 14:00:00 | 000,095,360 | ---- | M] (Microsoft Corporation) MD5=CDFE4411A69C224BD1D11B2DA92DAC51 -- C:\WINDOWS\system32\ReinstallBackups\0000\DriverFiles\i386\atapi.sys

< MD5 for: EVENTLOG.DLL >
[2008.04.14 04:22:10 | 000,056,320 | ---- | M] (Microsoft Corporation) MD5=04955AA695448C181B367D964AF158AA -- C:\WINDOWS\ServicePackFiles\i386\eventlog.dll
[2008.04.14 04:22:10 | 000,056,320 | ---- | M] (Microsoft Corporation) MD5=04955AA695448C181B367D964AF158AA -- C:\WINDOWS\system32\eventlog.dll
[2007.07.27 14:00:00 | 000,055,808 | ---- | M] (Microsoft Corporation) MD5=B932C077D5A65B71B4512544AC404CB4 -- C:\WINDOWS\$NtServicePackUninstall$\eventlog.dll

< MD5 for: NETLOGON.DLL >
[2008.04.14 04:22:19 | 000,407,040 | ---- | M] (Microsoft Corporation) MD5=0098D35F91DEAB9C127360A877F2CF84 -- C:\WINDOWS\ServicePackFiles\i386\netlogon.dll
[2008.04.14 04:22:19 | 000,407,040 | ---- | M] (Microsoft Corporation) MD5=0098D35F91DEAB9C127360A877F2CF84 -- C:\WINDOWS\system32\netlogon.dll
[2007.07.27 14:00:00 | 000,407,040 | ---- | M] (Microsoft Corporation) MD5=D27395EDCD3416AFD125A9370DCB585C -- C:\WINDOWS\$NtServicePackUninstall$\netlogon.dll

< MD5 for: NVATA.SYS >
[2006.08.14 14:51:28 | 000,105,344 | ---- | M] (NVIDIA Corporation) MD5=947C4A0E7B25BCECC3B40F0F1070378B -- C:\NVIDIA\nForceWinXP\11.09\MCP61\IDE\Win2K\sata_ide\nvata.sys
[2006.08.14 14:51:28 | 000,105,344 | ---- | M] (NVIDIA Corporation) MD5=947C4A0E7B25BCECC3B40F0F1070378B -- C:\NVIDIA\nForceWinXP\11.09\MCP61\IDE\WinXP\sata_ide\nvata.sys
[2006.08.14 14:51:28 | 000,105,344 | ---- | M] (NVIDIA Corporation) MD5=947C4A0E7B25BCECC3B40F0F1070378B -- C:\WINDOWS\system32\drivers\nvata.sys
[2006.04.24 18:52:28 | 000,100,736 | ---- | M] (NVIDIA Corporation) MD5=C03E15101F6D9E82CD9B0E7D715F5DE3 -- C:\NVIDIA\nForceWinXP\11.09\MCP51\IDE\Win2K\sata_ide\nvata.sys
[2006.04.24 18:52:28 | 000,100,736 | ---- | M] (NVIDIA Corporation) MD5=C03E15101F6D9E82CD9B0E7D715F5DE3 -- C:\NVIDIA\nForceWinXP\11.09\MCP51\IDE\WinXP\sata_ide\nvata.sys

< MD5 for: NVATABUS.SYS >
[2006.08.14 14:51:28 | 000,105,344 | ---- | M] (NVIDIA Corporation) MD5=947C4A0E7B25BCECC3B40F0F1070378B -- C:\NVIDIA\nForceWinXP\11.09\MCP61\IDE\Win2K\sataraid\nvatabus.sys
[2006.08.14 14:51:28 | 000,105,344 | ---- | M] (NVIDIA Corporation) MD5=947C4A0E7B25BCECC3B40F0F1070378B -- C:\NVIDIA\nForceWinXP\11.09\MCP61\IDE\WinXP\sataraid\nvatabus.sys
[2006.04.24 18:52:28 | 000,100,736 | ---- | M] (NVIDIA Corporation) MD5=C03E15101F6D9E82CD9B0E7D715F5DE3 -- C:\NVIDIA\nForceWinXP\11.09\MCP51\IDE\Win2K\sataraid\nvatabus.sys
[2006.04.24 18:52:28 | 000,100,736 | ---- | M] (NVIDIA Corporation) MD5=C03E15101F6D9E82CD9B0E7D715F5DE3 -- C:\NVIDIA\nForceWinXP\11.09\MCP51\IDE\WinXP\sataraid\nvatabus.sys

< MD5 for: SCECLI.DLL >
[2008.04.14 04:22:23 | 000,187,904 | ---- | M] (Microsoft Corporation) MD5=5132443DF6FC3771A17AB4AE55DCBC28 -- C:\WINDOWS\ServicePackFiles\i386\scecli.dll
[2008.04.14 04:22:23 | 000,187,904 | ---- | M] (Microsoft Corporation) MD5=5132443DF6FC3771A17AB4AE55DCBC28 -- C:\WINDOWS\system32\scecli.dll
[2007.07.27 14:00:00 | 000,186,880 | ---- | M] (Microsoft Corporation) MD5=64DC26B3CF7BCCAD431CE360A4C625D5 -- C:\WINDOWS\$NtServicePackUninstall$\scecli.dll

< MD5 for: USERINIT.EXE >
[2008.04.14 04:23:03 | 000,026,624 | ---- | M] (Microsoft Corporation) MD5=788F95312E26389D596C0FA55834E106 -- C:\WINDOWS\ServicePackFiles\i386\userinit.exe
[2008.04.14 04:23:03 | 000,026,624 | ---- | M] (Microsoft Corporation) MD5=788F95312E26389D596C0FA55834E106 -- C:\WINDOWS\system32\userinit.exe
[2007.07.27 14:00:00 | 000,025,088 | ---- | M] (Microsoft Corporation) MD5=D1E53DC57143F2584B1DD53B036C0633 -- C:\WINDOWS\$NtServicePackUninstall$\userinit.exe

< MD5 for: WS2IFSL.SYS >
[2007.07.27 14:00:00 | 000,012,032 | ---- | M] (Microsoft Corporation) MD5=6ABE6E225ADB5A751622A9CC3BC19CE8 -- C:\WINDOWS\system32\dllcache\ws2ifsl.sys
[2007.07.27 14:00:00 | 000,012,032 | ---- | M] (Microsoft Corporation) MD5=6ABE6E225ADB5A751622A9CC3BC19CE8 -- C:\WINDOWS\system32\drivers\ws2ifsl.sys

< %systemroot%\system32\drivers\*.sys /lockedfiles >

< %systemroot%\System32\config\*.sav >
[2008.12.19 17:46:38 | 000,094,208 | ---- | M] () -- C:\WINDOWS\system32\config\default.sav
[2008.12.19 17:46:38 | 000,663,552 | ---- | M] () -- C:\WINDOWS\system32\config\software.sav
[2008.12.19 17:46:37 | 000,438,272 | ---- | M] () -- C:\WINDOWS\system32\config\system.sav

< %systemroot%\*. /mp /s >

< %systemroot%\system32\*.dll /lockedfiles >
[2008.12.01 22:52:52 | 000,425,984 | R--- | M] (Advanced Micro Devices, Inc.) Unable to obtain MD5 -- C:\WINDOWS\system32\ATIDEMGX.dll
[6 C:\WINDOWS\system32\*.tmp files -> C:\WINDOWS\system32\*.tmp -> ]
< End of report >
So...das müssten die beiden Reports sein, die OTL ausgespuckt hat...
Ich hoffe, jemand hilft mir dabei, das Problem zu beseitigen...
Danke jetzt schonmal^^ ]]> Hijacker / HiJackThis Logs posten Ambro http://www.trojaner-board.de/90513-gefaehrliches-backdooprogramm-bds-papras-pk.html Offen Facebook Virus über skype bekommen http://www.trojaner-board.de/90497-facebook-virus-ueber-skype-bekommen.html Tue, 07 Sep 2010 13:41:21 GMT facebook.exe virus


Hallo! bin neu hier!
dies ist mein erster beitrag.
ich hab ein problem und zwar das hier:

Habe letztens nen link über skype bekommen "Foto :D P******* w*w.facebook.exe" hieß die datei.
habe sie runtergeladen und angeklickt, es stellte sich heraus, dass es ein virus war.
so. hab schon mit HijackThis logfiles gemacht und ausgewertet, war aber alles sicher.
dann hab ich mir mal die prozesse im task manager angeguckt und einen unbekannten beendet. es stellte sich heraus, dass dieser prozess so wie die datei hieß. hab dann auch mal nen blick in den autostart geworfen und auch dort einen "NVIDIA DRIVER" gelöscht. kann ja nicht sein, dass ich nen nvidia treiber hab, weil ich ja ne ATI grafikkarte hab.

1-3 tage war dann ruhe.
letztens, als ich mit nem anderen ne videounterhaltung geführt habe, um ihm zu helfen, den gleichen virus zu löschen, kam dann kurze zeit später bei mir ne meldung von antivir, dass malware gefunden wurde.
einmal in einem öffentlichen ordner und einmal auf der partition D.
hab dann beide male auf "entfernen" geklickt.
Ich bin mir aber jetzt nicht sicher, ob der virus wirklich verschwunden ist.
vorher hatte ich ihn ja auch gelöscht und war mir sicher, er wäre weg.
Mein Antivir und der Windows Defender finden nichts.
Spybot hat ein problem mit dem internetexplorer festgestellt, hab aber behoben.

Mein PC hat aber keine probleme, d.h. er stürzt nicht ab, die festplatte knattert nur bei nem virenscan, sonst eigentlich nichts.
Windows möchte ich aber nicht neu aufspielen, wenn das möglich ist.

Hier ist ein Logfile von mir:
HiJackthis Logfile:
Code:
Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 15:37:41, on 07.09.2010
Platform: Windows 7 (WinNT 6.00.3504)
MSIE: Internet Explorer v8.00 (8.00.7600.16385)
Boot mode: Normal
 
Running processes:
C:\Program Files (x86)\Intel\Intel Matrix Storage Manager\IAAnotif.exe
C:\Program Files\ASUS\TurboV EVO\TurboV_EVO.exe
C:\Program Files (x86)\avmwlanstick\WLanGUI.exe
D:\Programme\Avira AntiVir\Avira\AntiVir Desktop\avgnt.exe
D:\Programme\Skype\Phone\Skype.exe
D:\Programme\Mozilla Firefox\firefox.exe
D:\Programme\Mozilla Firefox\plugin-container.exe
D:\HiJackThis204.exe
C:\Windows\SysWOW64\DllHost.exe
 
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.t-online.de/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = hxxp://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
F2 - REG:system.ini: UserInit=userinit.exe
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: CBAbzockschutz.InitToolbarBHO - {2e250b90-0e7a-42a3-9d65-e39f9f227fa4} - mscoree.dll (file missing)
O2 - BHO: SBCONVERT - {3017FB3E-9A77-4396-88C5-0EC9548FB42F} - D:\Programme\Speedbit Video Downloader\SpeedBit Video Downloader\Toolbar\tbcore3.dll
O2 - BHO: SearchPredictObj Class - {389943B0-C3A2-4E69-82CB-8596A84CB3DC} - C:\PROGRA~2\SEARCH~1\SEARCH~1.DLL
O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - (no file)
O2 - BHO: Windows Live Anmelde-Hilfsprogramm - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll
O2 - BHO: GrabberObj Class - {FF7C3CF0-4B15-11D1-ABED-709549C10000} - D:\PROGRA~1\SPEEDB~1\SPEEDB~1\Toolbar\grabber.dll
O3 - Toolbar: COMPUTERBILD-Abzockschutz - {353e2a48-6254-4bd3-88f4-3b51a0ca7870} - mscoree.dll (file missing)
O3 - Toolbar: SpeedBit Video Downloader - {0329E7D6-6F54-462D-93F6-F5C3118BADF2} - D:\Programme\Speedbit Video Downloader\SpeedBit Video Downloader\Toolbar\tbcore3.dll
O4 - HKLM\..\Run: [JMB36X IDE Setup] C:\Windows\RaidTool\xInsIDE.exe
O4 - HKLM\..\Run: [TurboV EVO] "C:\Program Files\ASUS\TurboV EVO\TurboV_EVO.exe" -b
O4 - HKLM\..\Run: [StartCCC] "C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" MSRun
O4 - HKLM\..\Run: [HDAudDeck] C:\Program Files (x86)\VIA\VIAudioi\VDeck\VDeck.exe -r
O4 - HKLM\..\Run: [AVMWlanClient] C:\Program Files (x86)\avmwlanstick\wlangui.exe
O4 - HKLM\..\Run: [avgnt] "D:\Programme\Avira AntiVir\Avira\AntiVir Desktop\avgnt.exe" /min
O4 - HKCU\..\Run: [Sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun
O4 - HKCU\..\Run: [EPSON Stylus DX4400 Series] C:\Windows\system32\spool\DRIVERS\x64\3\E_IATICAE.EXE /FU "C:\Users\Internet\AppData\Local\Temp\E_S6C89.tmp" /EF "HKCU"
O8 - Extra context menu item: Nach Microsoft E&xel exportieren - res://D:\PROGRA~1\MICROS~1\Office12\EXCEL.EXE/3000
O9 - Extra button: An OneNote senden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - D:\PROGRA~1\MICROS~1\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: An OneNote s&enden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - D:\PROGRA~1\MICROS~1\Office12\ONBttnIE.dll
O9 - Extra button: ICQ7.1 - {71BFC818-0CED-42D6-9C87-5142918957EE} - D:\Programme\ICQ 7\ICQ7.1\ICQ.exe
O9 - Extra 'Tools' menuitem: ICQ7.1 - {71BFC818-0CED-42D6-9C87-5142918957EE} - D:\Programme\ICQ 7\ICQ7.1\ICQ.exe
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - D:\PROGRA~1\MICROS~1\Office12\REFIEBAR.DLL
O9 - Extra button: ICQ7.1 - {71BFC818-0CED-42D6-9C87-5142918957EE} - C:\Users\Internet\AppData\Roaming\ICQ\Application\ICQ7.1\ICQ.exe (HKCU)
O9 - Extra 'Tools' menuitem: ICQ7.1 - {71BFC818-0CED-42D6-9C87-5142918957EE} - C:\Users\Internet\AppData\Roaming\ICQ\Application\ICQ7.1\ICQ.exe (HKCU)
O23 - Service: ArcSoft Connect Daemon (ACDaemon) - ArcSoft Inc. - C:\Program Files (x86)\Common Files\ArcSoft\Connection Service\Bin\ACService.exe
O23 - Service: Adobe Active File Monitor V8 (AdobeActiveFileMonitor8.0) - Adobe Systems Incorporated - D:\Programme\Adobe Photoshop Elements 8.0\Elements Organizer 8.0\PhotoshopElementsFileAgent.exe
O23 - Service: @%SystemRoot%\system32\Alg.exe,-112 (ALG) - Unknown owner - C:\Windows\System32\alg.exe (file missing)
O23 - Service: AMD External Events Utility - Unknown owner - C:\Windows\system32\atiesrxx.exe (file missing)
O23 - Service: Avira AntiVir Planer (AntiVirSchedulerService) - Avira GmbH - D:\Programme\Avira AntiVir\Avira\AntiVir Desktop\sched.exe
O23 - Service: Avira AntiVir Guard (AntiVirService) - Avira GmbH - D:\Programme\Avira AntiVir\Avira\AntiVir Desktop\avguard.exe
O23 - Service: ASUS System Control Service (AsSysCtrlService) - ASUSTeK Computer Inc. - C:\Program Files (x86)\ASUS\AsSysCtrlService\1.00.02\AsSysCtrlService.exe
O23 - Service: AVM WLAN Connection Service - AVM Berlin - C:\Program Files (x86)\avmwlanstick\WlanNetService.exe
O23 - Service: DeviceVM Meta Data Export Service (DvmMDES) - DeviceVM, Inc. - C:\ASUS.SYS\config\DVMExportService.exe
O23 - Service: @%SystemRoot%\system32\efssvc.dll,-100 (EFS) - Unknown owner - C:\Windows\System32\lsass.exe (file missing)
O23 - Service: @%systemroot%\system32\fxsresm.dll,-118 (Fax) - Unknown owner - C:\Windows\system32\fxssvc.exe (file missing)
O23 - Service: Firebird Server - MAGIX Instance (FirebirdServerMAGIXInstance) - Unknown owner - D:\Programme\Magix Grabber\Common\Database\bin\fbserver.exe (file missing)
O23 - Service: FLEXnet Licensing Service - Acresso Software Inc. - C:\Program Files (x86)\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
O23 - Service: FLEXnet Licensing Service 64 - Acresso Software Inc. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService64.exe
O23 - Service: Google Update Service (gupdate) (gupdate) - Google Inc. - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
O23 - Service: Intel(R) Matrix Storage Event Monitor (IAANTMON) - Intel Corporation - C:\Program Files (x86)\Intel\Intel Matrix Storage Manager\IAANTMon.exe
O23 - Service: @keyiso.dll,-100 (KeyIso) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: @comres.dll,-2797 (MSDTC) - Unknown owner - C:\Windows\System32\msdtc.exe (file missing)
O23 - Service: Nero BackItUp Scheduler 4.0 - Nero AG - C:\Program Files (x86)\Common Files\Nero\Nero BackItUp 4\NBService.exe
O23 - Service: @%SystemRoot%\System32\netlogon.dll,-102 (Netlogon) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: PnkBstrA - Unknown owner - C:\Windows\system32\PnkBstrA.exe
O23 - Service: PnkBstrB - Unknown owner - C:\Windows\system32\PnkBstrB.exe
O23 - Service: @%systemroot%\system32\psbase.dll,-300 (ProtectedStorage) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: @%systemroot%\system32\Locator.exe,-2 (RpcLocator) - Unknown owner - C:\Windows\system32\locator.exe (file missing)
O23 - Service: @%SystemRoot%\system32\samsrv.dll,-1 (SamSs) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: ServiceLayer - Nokia - C:\Program Files (x86)\PC Connectivity Solution\ServiceLayer.exe
O23 - Service: @%SystemRoot%\system32\snmptrap.exe,-3 (SNMPTRAP) - Unknown owner - C:\Windows\System32\snmptrap.exe (file missing)
O23 - Service: @%systemroot%\system32\spoolsv.exe,-1 (Spooler) - Unknown owner - C:\Windows\System32\spoolsv.exe (file missing)
O23 - Service: @%SystemRoot%\system32\sppsvc.exe,-101 (sppsvc) - Unknown owner - C:\Windows\system32\sppsvc.exe (file missing)
O23 - Service: @%SystemRoot%\system32\ui0detect.exe,-101 (UI0Detect) - Unknown owner - C:\Windows\system32\UI0Detect.exe (file missing)
O23 - Service: @%SystemRoot%\system32\vaultsvc.dll,-1003 (VaultSvc) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: @%SystemRoot%\system32\vds.exe,-100 (vds) - Unknown owner - C:\Windows\System32\vds.exe (file missing)
O23 - Service: @%systemroot%\system32\vssvc.exe,-102 (VSS) - Unknown owner - C:\Windows\system32\vssvc.exe (file missing)
O23 - Service: @%systemroot%\system32\wbengine.exe,-104 (wbengine) - Unknown owner - C:\Windows\system32\wbengine.exe (file missing)
O23 - Service: @%Systemroot%\system32\wbem\wmiapsrv.exe,-110 (wmiApSrv) - Unknown owner - C:\Windows\system32\wbem\WmiApSrv.exe (file missing)
O23 - Service: @%PROGRAMFILES%\Windows Media Player\wmpnetwk.exe,-101 (WMPNetworkSvc) - Unknown owner - C:\Program Files (x86)\Windows Media Player\wmpnetwk.exe (file missing)
 
--
End of file - 9516 bytes
--- --- ---


Kann mir jemand helfen, den Virus, falls er noch da ist, zu löschen?

hab mal otl laufen lassen und hier sind die logs: könnt ihr mir denn erstmal sagen, ob ich überhaupt nen virus noch habe??

Log 1:OTL Logfile:
Code:
OTL Extras logfile created on: 07.09.2010 17:20:05 - Run 2
OTL by OldTimer - Version 3.2.11.0    Folder = D:\
64bit- Home Premium Edition  (Version = 6.1.7600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.7600.16385)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
 
8,00 Gb Total Physical Memory | 5,00 Gb Available Physical Memory | 67,00% Memory free
12,00 Gb Paging File | 9,00 Gb Available in Paging File | 78,00% Paging File free
Paging file location(s): c:\pagefile.sys 4096 4096 [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 97,66 Gb Total Space | 37,30 Gb Free Space | 38,20% Space Free | Partition Type: NTFS
Drive D: | 1299,51 Gb Total Space | 1177,60 Gb Free Space | 90,62% Space Free | Partition Type: NTFS
E: Drive not present or media not loaded
F: Drive not present or media not loaded
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded
 
Computer Name: **
Current User Name: **
Logged in as Administrator.
 
Current Boot Mode: Normal
Scan Mode: Current user
Include 64bit Scans
Company Name Whitelist: Off
Skip Microsoft Files: Off
File Age = 30 Days
Output = Minimal
 
========== Extra Registry (SafeList) ==========
 
 
========== File Associations ==========
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.js[@ = JSFile] -- C:\Windows\SysWow64\CScript.exe (Microsoft Corporation)
.jse[@ = JSEFile] -- C:\Windows\SysWow64\CScript.exe (Microsoft Corporation)
.vbe[@ = VBEFile] -- C:\Windows\SysWow64\CScript.exe (Microsoft Corporation)
.vbs[@ = VBSFile] -- C:\Windows\SysWow64\CScript.exe (Microsoft Corporation)
.wsf[@ = WSFFile] -- C:\Windows\SysWow64\CScript.exe (Microsoft Corporation)
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- C:\Windows\SysWow64\control.exe (Microsoft Corporation)
.js [@ = JSFile] -- C:\Windows\SysWow64\CScript.exe (Microsoft Corporation)
.jse [@ = JSEFile] -- C:\Windows\SysWow64\CScript.exe (Microsoft Corporation)
.vbe [@ = VBEFile] -- C:\Windows\SysWow64\CScript.exe (Microsoft Corporation)
.vbs [@ = VBSFile] -- C:\Windows\SysWow64\CScript.exe (Microsoft Corporation)
.wsf [@ = WSFFile] -- C:\Windows\SysWow64\CScript.exe (Microsoft Corporation)
 
[HKEY_CURRENT_USER\SOFTWARE\Classes\<extension>]
.html [@ = FirefoxHTML] -- D:\Programme\Mozilla Firefox\firefox.exe (Mozilla Corporation)
 
========== Shell Spawning ==========
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %* File not found
cmdfile [open] -- "%1" %* File not found
comfile [open] -- "%1" %* File not found
exefile [open] -- "%1" %* File not found
helpfile [open] -- Reg Error: Key error.
htmlfile [edit] -- "D:\Programme\Microsoft Office Home and Student 2007\Office12\msohtmed.exe" %1 (Microsoft Corporation)
htmlfile [print] -- "D:\Programme\Microsoft Office Home and Student 2007\Office12\msohtmed.exe" /p %1 (Microsoft Corporation)
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
InternetShortcut [print] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\mshtml.dll",PrintHTML "%1" (Microsoft Corporation)
jsfile [open] -- %SystemRoot%\SysWow64\CScript.exe "%1" %* (Microsoft Corporation)
jsefile [open] -- %SystemRoot%\SysWow64\CScript.exe "%1" %* (Microsoft Corporation)
piffile [open] -- "%1" %* File not found
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1" File not found
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l (Microsoft Corporation)
scrfile [open] -- "%1" /S File not found
txtfile [edit] -- Reg Error: Key error.
vbefile [open] -- %SystemRoot%\SysWow64\CScript.exe "%1" %* (Microsoft Corporation)
vbsfile [open] -- %SystemRoot%\SysWow64\CScript.exe "%1" %* (Microsoft Corporation)
wsffile [open] -- %SystemRoot%\SysWow64\CScript.exe "%1" %* (Microsoft Corporation)
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1 File not found
Directory [AddToPlaylistVLC] -- "D:\Programme\VLC Media Player\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" ()
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [OneNote.Open] -- D:\PROGRA~1\MICROS~1\Office12\ONENOTE.EXE "%L" (Microsoft Corporation)
Directory [PlayWithVLC] -- "D:\Programme\VLC Media Player\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" ()
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
htmlfile [edit] -- "D:\Programme\Microsoft Office Home and Student 2007\Office12\msohtmed.exe" %1 (Microsoft Corporation)
htmlfile [print] -- "D:\Programme\Microsoft Office Home and Student 2007\Office12\msohtmed.exe" /p %1 (Microsoft Corporation)
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
InternetShortcut [print] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\mshtml.dll",PrintHTML "%1" (Microsoft Corporation)
jsfile [open] -- %SystemRoot%\SysWow64\CScript.exe "%1" %* (Microsoft Corporation)
jsefile [open] -- %SystemRoot%\SysWow64\CScript.exe "%1" %* (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l (Microsoft Corporation)
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
vbefile [open] -- %SystemRoot%\SysWow64\CScript.exe "%1" %* (Microsoft Corporation)
vbsfile [open] -- %SystemRoot%\SysWow64\CScript.exe "%1" %* (Microsoft Corporation)
wsffile [open] -- %SystemRoot%\SysWow64\CScript.exe "%1" %* (Microsoft Corporation)
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [AddToPlaylistVLC] -- "D:\Programme\VLC Media Player\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" ()
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [OneNote.Open] -- D:\PROGRA~1\MICROS~1\Office12\ONENOTE.EXE "%L" (Microsoft Corporation)
Directory [PlayWithVLC] -- "D:\Programme\VLC Media Player\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" ()
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
 
========== Security Center Settings ==========
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"VistaSp1" = 28 4D B2 76 41 04 CA 01  [binary data]
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
 
========== Authorized Applications List ==========
 
 
========== HKEY_LOCAL_MACHINE Uninstall List ==========
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{071c9b48-7c32-4621-a0ac-3f809523288f}" = Microsoft Visual C++ 2005 Redistributable (x64)
"{0E3DAF3D-FF69-345A-A99E-1FED304CA083}" = Microsoft .NET Framework 4 Client Profile DEU Language Pack
"{19BDBFE9-0B6A-37F2-80F6-48AFD1EA582D}" = ATI AVIVO64 Codecs
"{28A0318C-B98D-B6B1-64D1-4E4755A8E668}" = AMD Drag and Drop Transcoding
"{295CFB7C-A57E-4313-93E7-68E7CE1D0332}" = Adobe WinSoft Linguistics Plugin x64
"{2D74E972-5A85-44DC-9193-8A302BA8C181}" = Photoshop Camera Raw_x64
"{350AA351-21FA-3270-8B7A-835434E766AD}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.21022
"{38145F6E-041F-69AE-59B4-37CA06F33D67}" = ccc-utility64
"{4B6C7001-C7D6-3710-913E-5BC23FCE91E6}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148
"{4D668D4F-FAA2-4726-834C-31F4614F312E}" = MSVC80_x64_v2
"{6245BC35-F4BE-1995-BB2E-7847D758504E}" = ATI Problem Report Wizard
"{6631325A-9B1B-4EE7-8E64-8CC4A6F10643}" = Adobe Fonts All x64
"{8875A1C0-6308-4790-8CF6-D34E89880052}" = Adobe Linguistics CS4 x64
"{887797BF-37A5-4199-B0C9-0D38D6196E9A}" = Adobe Anchor Service x64 CS4
"{8C8D673B-20FB-43E6-BCB7-9B3F78F2E762}" = Adobe Type Support x64 CS4
"{8DAA31EB-6830-4006-A99F-4DF8AB24714F}" = Adobe CSI CS4 x64
"{8E3FABF5-C3B9-7F7E-4AAE-977D77D48C51}" = ATI Catalyst Install Manager
"{90120000-002A-0000-1000-0000000FF1CE}" = Microsoft Office Office 64-bit Components 2007
"{90120000-002A-0407-1000-0000000FF1CE}" = Microsoft Office Shared 64-bit MUI (German) 2007
"{9068B2BE-D93A-4C0A-861C-5E35E2C0E09E}" = Intel® Matrix Storage Manager
"{90BA8112-80B3-4617-A3C1-BD2771B60F74}" = Adobe CMaps x64 CS4
"{95120000-00B9-0409-1000-0000000FF1CE}" = Microsoft Application Error Reporting
"{A3454894-144A-4D80-B605-C128FE0D7329}" = Adobe Drive CS4 x64
"{AB071C8B-873C-459F-ACA9-9EBE03C3E89B}" = MSVC90_x64
"{B6E3757B-5E77-3915-866A-CCFC4B8D194C}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x64 8.0.50727.4053
"{D40172D6-CE2D-4B72-BF5F-26A04A900B7B}" = Adobe Photoshop CS4 (64 Bit)
"{DFFABE78-8173-4E97-9C5C-22FB26192FC5}" = Adobe PDF Library Files x64 CS4
"{E6B7BD80-A921-4C72-A68B-44A9EB438BE4}" = Microsoft IntelliType Pro 7.1
"{F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4}" = Microsoft .NET Framework 4 Client Profile
"34EA302E7F4CBD17A19E33BBCB72363234956D7E" = Windows-Treiberpaket - Nokia Modem  (06/09/2010 4.5)
"EEEE705096F837B7907659F100C9FE6DA001970F" = Windows-Treiberpaket - Nokia Modem  (06/09/2010 7.01.0.7)
"EPSON Printer and Utilities" = EPSON-Drucker-Software
"FCEC33AD40CEA5E0FC4CEE6E42041A0DA189652D" = Windows-Treiberpaket - Nokia pccsmcfd  (08/22/2008 7.0.0.0)
"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile
"Microsoft .NET Framework 4 Client Profile DEU Language Pack" = Microsoft .NET Framework 4 Client Profile DEU Language Pack
"Recuva" = Recuva
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{002D9D5E-29BA-3E6D-9BC4-3D7D6DBC735C}" = Microsoft Visual C++ 2008 ATL Update kb973924 - x86 9.0.30729.4148
"{05308C4E-7285-4066-BAE3-6B50DA6ED755}" = Adobe Update Manager CS4
"{089DD780-DB3F-4CDB-A0C2-111360247298}" = PC Connectivity Solution
"{098727E1-775A-4450-B573-3F441F1CA243}" = kuler
"{098A2A49-7CF3-4F08-A38D-FB879117152A}" = Adobe Color NA Extra Settings CS4
"{0D6013AB-A0C7-41DC-973C-E93129C9A29F}" = Adobe Color JA Extra Settings CS4
"{0D67A4E4-5BE0-4C9A-8AD8-AB552B433F23}" = Adobe Setup
"{0DC0E85F-36E4-463B-B3EA-4CD8ED2222A1}" = Adobe Color EU Recommended Settings CS4
"{0EA7F867-D362-2E76-77B8-9396B9245B66}" = CCC Help Finnish
"{0F723FC1-7606-4867-866C-CE80AD292DAF}" = Adobe CSI CS4
"{1618734A-3957-4ADD-8199-F973763109A8}" = Adobe Anchor Service CS4
"{16CF7BB1-672E-BC9F-E5CE-5854112E2C35}" = CCC Help Japanese
"{16E6D2C1-7C90-4309-8EC4-D2212690AAA4}" = AdobeColorCommonSetRGB
"{1700FEE9-EB3D-35C8-28ED-0BE7860BA710}" = CCC Help Portuguese
"{17DFE37C-064E-4834-AD8F-A4B2B4DF68F8}" = Adobe Photoshop Elements 8.0
"{190CCE82-4867-B16E-F96A-3F21A058ED9B}" = CCC Help Korean
"{197A3012-8C85-4FD3-AB66-9EC7E13DB92E}" = Adobe AIR
"{1B9B5B3B-28E7-4E59-A80D-D670AA984514}" = Nokia Connectivity Cable Driver
"{1DA8594C-2F14-4491-B155-2BF3A999622D}" = Fire Department 2
"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
"{20400dbd-e6db-45b8-9b6b-1dd7033818ec}" = Nero InfoTool
"{205C6BDD-7B73-42DE-8505-9A093F35A238}" = Windows Live-Uploadtool
"{20D4A895-748C-4D88-871C-FDB1695B0169}" = Platform
"{225DB4AA-3CFF-47E8-B3C8-6DAD713E986E}" = Nokia PC Suite
"{22B0E143-2B0B-435B-9F56-136A3D16065F}" = No23 Recorder
"{22B775E7-6C42-4FC5-8E10-9A5E3257BD94}" = MSVCRT
"{2348b586-c9ae-46ce-936c-a68e9426e214}" = Nero StartSmart Help
"{26A24AE4-039D-4CA4-87B4-2F83216020FF}" = Java(TM) 6 Update 20
"{280E47E4-4EFB-D268-B042-F793EB2D8E4E}" = CCC Help Italian
"{28BE306E-5DA6-4F9C-BDB0-DBA3C8C6FFFD}" = QuickTime
"{2A7D1710-31EB-3B24-BF52-1755099CE2C0}" = CCC Help Chinese Traditional
"{2BA722D1-48D1-406E-9123-8AE5431D63EF}" = Windows Live Fotogalerie
"{2EC1A4D5-4217-4ABF-A783-3706EE405716}" = Mashed
"{33cf58f5-48d8-4575-83d6-96f574e4d83a}" = Nero DriveSpeed
"{35D94F92-1D3A-43C5-8605-EA268B1A7BD9}" = PDF Settings CS4
"{3A1B5D40-41E9-43FA-8C7B-A8667F5586EF}" = JMicron JMB36X Driver
"{3A4E8896-C2E7-4084-A4A4-B8FD1894E739}" = Adobe XMP Panels CS4
"{3A6B7222-A439-1BBE-58DD-76D1B632EEA8}" = CCC Help Turkish
"{3AC02D87-274C-BAE6-ACFA-B64B714A0083}" = Catalyst Control Center Core Implementation
"{3BD633E0-4BF8-4499-9149-88F0767D449C}" = Call of Duty(R) 4 - Modern Warfare(TM) 1.4 Patch
"{3D2C9DE6-9ADE-4252-A241-E43723B0CE02}" = Adobe Color - Photoshop Specific CS4
"{3DA8DF9A-044E-46C4-8531-DEDBB0EE37FF}" = Adobe WinSoft Linguistics Plugin
"{3EFEF049-23D4-4B46-8903-4592FEA51018}" = Windows Live Movie Maker
"{3F7BBDE9-79B4-4E77-B878-7E6B36F3A766}" = CCC Help French
"{411F3ABA-2AB5-4799-AA19-6ADF0A8F7424}" = Adobe Setup
"{41E654A9-26D0-4EAC-854B-0FA824FFFABB}" = Windows Live Messenger
"{43509E18-076E-40FE-AF38-CA5ED400A5A9}" = Pixel Bender Toolkit
"{44E240EC-2224-4078-A88B-2CEE0D3016EF}" = Adobe After Effects CS4 Presets
"{45D4F727-43B5-49CD-B474-B9866A8F4FB8}" = Nokia Map Loader
"{45EC816C-0771-4C14-AE6D-72D1B578F4C8}" = Adobe After Effects CS4
"{491D92A9-69CA-4EB4-81D3-0106F9337957}" = TurboV EVO
"{4943EFF5-229F-435D-BEA9-BE3CAEA783A7}" = Adobe Service Manager Extension
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{4E2FAB2F-9004-40D6-8BF8-DB2F2DA16DEC}" = Crashday Patch#2
"{52B97218-98CB-4B8B-9283-D213C85E1AA4}" = Windows Live Anmelde-Assistent
"{553255F3-78FD-40F1-A6F8-6882140265FE}" = Apple Application Support
"{556ea39f-26b9-4c8e-9343-0117dd17b8e4}" = Nero 9 Essentials
"{561968FD-56A1-49FD-9ED0-F55482C7C5BC}" = Adobe Media Encoder CS4 Exporter
"{56C049BE-79E9-4502-BEA7-9754A3E60F9B}" = neroxml
"{59E4543A-D49D-4489-B445-473D763C79AF}" = Microsoft Games for Windows - LIVE Redistributable
"{5FC68772-6D56-41C6-9DF1-24E868198AE6}" = Windows Live Call
"{605DDD7B-1521-423B-A654-E9A963573D82}" = Catalyst Control Center Graphics Light
"{60DB5894-B5A1-4B62-B0F3-669A22C0EE5D}" = Adobe Dynamiclink Support
"{63C24A08-70F3-4C8E-B9FB-9F21A903801D}" = Adobe Color Video Profiles CS CS4
"{63E5CDBF-8214-4F03-84F8-CD3CE48639AD}" = Adobe Photoshop CS4 Support
"{67A9747A-E1F5-4E9A-81CC-12B5D5B81B6E}" = Adobe After Effects CS4 Third Party Content
"{68243FF8-83CA-466B-B2B8-9F99DA5479C4}" = AdobeColorCommonSetCMYK
"{6956856F-B6B3-4BE0-BA0B-8F495BE32033}" = Apple Software Update
"{69FDFBB6-351D-4B8C-89D8-867DC9D0A2A4}" = Windows Media Player Firefox Plugin
"{6CF37701-7E02-873F-9543-183116AC905C}" = CCC Help Danish
"{6D3245B1-8DB8-4A23-9CD2-2C90F40ABAF6}" = MSVC80_x86_v2
"{6F1891DD-CEFE-4349-CFB3-172ED6C94A18}" = ccc-core-static
"{71BFC818-0CED-42D6-9C87-5142918957EE}" = ICQ7.1
"{74292F90-895A-4FC6-A692-9641532B1B63}" = ArcSoft TotalMedia 3.5
"{75CFBC87-1B8A-2DA8-4575-F50BD61E9368}" = Catalyst Control Center Graphics Previews Vista
"{76618402-179D-4699-A66B-D351C59436BC}" = Windows Live Sync
"{770657D0-A123-3C07-8E44-1C83EC895118}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
"{7748ac8c-18e3-43bb-959b-088faea16fb2}" = Nero StartSmart
"{7829db6f-a066-4e40-8912-cb07887c20bb}" = Nero BurnRights
"{7A587AD7-EDEF-BD63-C054-5E5FBC47105C}" = CCC Help Russian
"{8186FF34-D389-4B7E-9A2F-C197585BCFBD}" = Adobe Media Encoder CS4 Importer
"{820D3F45-F6EE-4AAF-81EF-CE21FF21D230}" = Adobe Type Support CS4
"{82130914-DF2E-4AD3-BC73-5DC2A180924C}" = CCC Help Thai
"{837b34e3-7c30-493c-8f6a-2b0f04e2912c}" = Microsoft Visual C++ 2005 Redistributable
"{83877DB1-8B77-45BC-AB43-2BAC22E093E0}" = Adobe Bridge CS4
"{842B4B72-9E8F-4962-B3C1-1C422A5C4434}" = Suite Shared Configuration CS4
"{869200db-287a-4dc0-b02b-2b6787fbcd4c}" = Nero DiscSpeed
"{8833FFB6-5B0C-4764-81AA-06DFEED9A476}" = Realtek 8136 8168 8169 Ethernet Driver
"{88F066D3-5662-95C4-AE4E-D39174ED8F43}" = CCC Help Dutch
"{896B238F-7CFE-4952-82EB-96E63E8E67B6}" = COMPUTERBILD-Abzockschutz
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{8A15B7D9-908A-4EF9-BA84-5AEDE61743EE}" = Call of Duty(R) 4 - Modern Warfare(TM) 1.6 Patch
"{8ACC73AA-6511-7C55-B1A9-8E5D1DEAFAA3}" = The Lord of the Rings FREE Trial
"{90120000-0016-0407-0000-0000000FF1CE}" = Microsoft Office Excel MUI (German) 2007
"{90120000-0016-0407-0000-0000000FF1CE}_HOMESTUDENTR_{9BD40163-B95D-4B07-8991-0AB775B6D88B}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0018-0407-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (German) 2007
"{90120000-0018-0407-0000-0000000FF1CE}_HOMESTUDENTR_{9BD40163-B95D-4B07-8991-0AB775B6D88B}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-001B-0407-0000-0000000FF1CE}" = Microsoft Office Word MUI (German) 2007
"{90120000-001B-0407-0000-0000000FF1CE}_HOMESTUDENTR_{9BD40163-B95D-4B07-8991-0AB775B6D88B}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-001F-0407-0000-0000000FF1CE}" = Microsoft Office Proof (German) 2007
"{90120000-001F-0407-0000-0000000FF1CE}_HOMESTUDENTR_{A0516415-ED61-419A-981D-93596DA74165}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2007
"{90120000-001F-0409-0000-0000000FF1CE}_HOMESTUDENTR_{ABDDE972-355B-4AF1-89A8-DA50B7B5C045}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2007
"{90120000-001F-040C-0000-0000000FF1CE}_HOMESTUDENTR_{F580DDD5-8D37-4998-968E-EBB76BB86787}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-001F-0410-0000-0000000FF1CE}" = Microsoft Office Proof (Italian) 2007
"{90120000-001F-0410-0000-0000000FF1CE}_HOMESTUDENTR_{322296D4-1EAE-4030-9FBC-D2787EB25FA2}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-002A-0000-1000-0000000FF1CE}_HOMESTUDENTR_{E64BA721-2310-4B55-BE5A-2925F9706192}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-002A-0407-1000-0000000FF1CE}_HOMESTUDENTR_{26454C26-D259-4543-AA60-3189E09C5F76}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-002C-0407-0000-0000000FF1CE}" = Microsoft Office Proofing (German) 2007
"{90120000-006E-0407-0000-0000000FF1CE}" = Microsoft Office Shared MUI (German) 2007
"{90120000-006E-0407-0000-0000000FF1CE}_HOMESTUDENTR_{26454C26-D259-4543-AA60-3189E09C5F76}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-00A1-0407-0000-0000000FF1CE}" = Microsoft Office OneNote MUI (German) 2007
"{90120000-00A1-0407-0000-0000000FF1CE}_HOMESTUDENTR_{9BD40163-B95D-4B07-8991-0AB775B6D88B}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{91120000-002F-0000-0000-0000000FF1CE}" = Microsoft Office Home and Student 2007
"{91120000-002F-0000-0000-0000000FF1CE}_HOMESTUDENTR_{0B36C6D6-F5D8-4EAF-BF94-4376A230AD5B}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{91120000-002F-0000-0000-0000000FF1CE}_HOMESTUDENTR_{3D019598-7B59-447A-80AE-815B703B84FF}" = Security Update for Microsoft Office system 2007 (972581)
"{931AB7EA-3656-4BB7-864D-022B09E3DD67}" = Adobe Linguistics CS4
"{931C37FC-594D-43A9-B10F-A2F2B1F03498}" = Call of Duty(R) 4 - Modern Warfare(TM) 1.7 Patch
"{94D398EB-D2FD-4FD1-B8C4-592635E8A191}" = Adobe CMaps CS4
"{99AD9D6D-A456-49EE-8360-F22EE7AA1272}" = Express Gate
"{9A200E68-D5F4-4E70-910F-2871753A0E2B}" = Worms World Party
"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
"{9C27ADE1-EAFB-4BB7-9FE3-5DD9BA9A3DD2}" = Crashday
"{9C49AB5C-A457-DEF0-0436-AADEB2062296}" = Catalyst Control Center Graphics Previews Common
"{9DFC3864-1C52-E552-B039-09AE59F35801}" = CCC Help Swedish
"{A43C0289-EE84-FEC7-595D-A6F8489B2C44}" = CCC Help Polish
"{A77B5C97-77AD-54E9-FB97-52F0A9EF72AC}" = CCC Help Spanish
"{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper
"{AA2E2EA3-D999-D8A0-7C6F-DF451DF9135C}" = CCC Help Greek
"{AC76BA86-7AD7-1031-7B44-A93000000001}" = Adobe Reader 9.3.3 - Deutsch
"{AF111648-99A1-453E-81DD-80DBBF6DAD0D}" = MSVC90_x86
"{B05DE7B7-0B40-4411-BD4B-222CAE2D8F15}" = Adobe MotionPicture Color Files CS4
"{B08201F3-AE80-58C6-E832-7DF5B87795FB}" = CCC Help Hungarian
"{B15381DD-FF97-4FCD-A881-ED4DB0975500}" = Adobe Color Video Profiles AE CS4
"{B29AD377-CC12-490A-A480-1452337C618D}" = Connect
"{b2ec4a38-b545-4a00-8214-13fe0e915e6d}" = Advertising Center
"{B4092C6D-E886-4CB2-BA68-FE5A88D31DE6}_is1" = Spybot - Search & Destroy
"{B569ACCD-8F95-53CE-AF51-70CB8EA34656}" = CCC Help German
"{B65BA85C-0A27-4BC0-A22D-A66F0E5B9494}" = Adobe Photoshop CS4
"{B9BDD486-EF12-B0BC-1C88-B3046092A8BD}" = CCC Help Chinese Standard
"{BB4E33EC-8181-4685-96F7-8554293DEC6A}" = Adobe Output Module
"{bd5ca0da-71ad-43da-b19e-6eee0c9adc9a}" = Nero ControlCenter
"{BE9CEAAA-F069-4331-BF2F-8D350F6504F4}" = Adobe Media Encoder CS4 Additional Exporter
"{C3C44248-B8F7-4B20-A5C7-994870B60F55}" = Hercules Webcam Station Evolution SE
"{C52E3EC1-048C-45E1-8D53-10B0C6509683}" = Adobe Default Language CS4
"{C54AE051-35E6-A421-164B-FDF2C3A8EE4E}" = Catalyst Control Center Graphics Full Existing
"{CA5290FD-1C71-D40D-E0B9-D44FF41007FA}" = Catalyst Control Center HydraVision Full
"{cc019e3f-59d2-4486-8d4b-878105b62a71}" = Nero DiscSpeed
"{CC75AB5C-2110-4A7F-AF52-708680D22FE8}" = Photoshop Camera Raw
"{CED2C398-A03E-A70D-6894-78C79C501296}" = CCC Help Czech
"{CF929EEB-CE39-4F06-B1BF-F51FC617A2B2}" = Catalyst Control Center - Branding
"{D103C4BA-F905-437A-8049-DB24763BBE36}" = Skype™ 4.2
"{D3CF1241-B6B9-C0F1-8D69-96A01360A07A}" = Catalyst Control Center Graphics Full New
"{D7410A39-66CA-C554-CB1D-EB53A6B8A289}" = HydraVision
"{dba84796-8503-4ff0-af57-1747dd9a166d}" = Nero Online Upgrade
"{DD7851B2-C277-204C-C414-797649FBFCAA}" = CCC Help English
"{DDBB7C89-1A09-441E-AA0F-6AA465755C17}" = REALTEK DTV USB DEVICE
"{DEB90B8E-0DCB-48CE-B90E-8842A2BD643E}" = Adobe Media Encoder CS4
"{E4848436-0345-47E2-B648-8B522FCDA623}" = Adobe Photoshop CS4
"{E4F4CB1F-5319-EECB-F758-A651DAF87D02}" = Catalyst Control Center Localization All
"{e5c7d048-f9b4-4219-b323-8bdb01a2563d}" = Nero DriveSpeed
"{e8a80433-302b-4ff1-815d-fcc8eac482ff}" = Nero Installer
"{ED00D08A-3C5F-488D-93A0-A04F21F23956}" = Windows Live Communications Platform
"{EF0D610C-92BE-4D8F-BD33-9F658F8754F1}" = GTI Racing
"{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}" = Microsoft SQL Server 2005 Compact Edition [ENU]
"{F0E12BBA-AD66-4022-A453-A1C8A0C4D570}" = Microsoft Choice Guard
"{F0E64E2E-3A60-40D8-A55D-92F6831875DA}" = Adobe Search for Help
"{F175273F-6F15-23E2-1DF9-D2A8DD477502}" = CCC Help Norwegian
"{f4041dce-3fe1-4e18-8a9e-9de65231ee36}" = Nero ControlCenter
"{f6bdd7c5-89ed-4569-9318-469aa9732572}" = Nero BurnRights
"{F7338FA3-DAB5-49B2-900D-0AFB5760C166}" = PC Probe II
"{F7B0939E-58DF-11DF-B3A6-005056806466}" = Google Earth
"{F8EF2B3F-C345-4F20-8FE4-791A20333CD5}" = Adobe ExtendScript Toolkit CS4
"{F8FF18EE-264A-43FD-B2F6-5EAD40798C2F}" = Windows Live Essentials
"{F93C84A6-0DC6-42AF-89FA-776F7C377353}" = Adobe PDF Library Files CS4
"{fbcdfd61-7dcf-4e71-9226-873ba0053139}" = Nero InfoTool
"{FC87BEA8-5582-476C-A754-41F3A9D976D4}" = FSCTV
"{FCDD51BB-CAD0-4BB1-B7DF-CE86D1032794}" = Adobe Fonts All
"Adobe AIR" = Adobe AIR
"Adobe Flash Player ActiveX" = Adobe Flash Player 10 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 10 Plugin
"Adobe Photoshop Elements 8.0" = Adobe Photoshop Elements 8.0
"Adobe_3dcb365ab9e01871fb8c6f27b0ea079" = Adobe After Effects CS4
"Adobe_faf656ef605427ee2f42989c3ad31b8" = Adobe Photoshop CS4
"Adventskalender" = Interaktiver Adventskalender
"Avira AntiVir Desktop" = Avira AntiVir Personal - Free Antivirus
"AVMWLANCLI" = AVM FRITZ!WLAN
"BurningWheels" = Cobra 11 - Burning Wheels (remove only)
"CCleaner" = CCleaner
"Cinergy T Stick Black" = Cinergy T Stick Black V86.001.0824.2009
"EPSON Scanner" = EPSON Scan
"Firebird SQL Server D" = Firebird SQL Server - MAGIX Edition
"FMSLogo" = FMSLogo
"FormatFactory" = FormatFactory 2.30
"Hamachi" = Hamachi 1.0.1.5
"HighwayNights" = Cobra 11 - Highway Nights (remove only)
"HOMESTUDENTR" = Microsoft Office Home and Student 2007
"HyperCam 2" = HyperCam 2
"InstallShield_{20D4A895-748C-4D88-871C-FDB1695B0169}" = VIA Plattform-Geräte-Manager
"InstallShield_{3BD633E0-4BF8-4499-9149-88F0767D449C}" = Call of Duty(R) 4 - Modern Warfare(TM) 1.4 Patch
"InstallShield_{8A15B7D9-908A-4EF9-BA84-5AEDE61743EE}" = Call of Duty(R) 4 - Modern Warfare(TM) 1.6 Patch
"InstallShield_{931C37FC-594D-43A9-B10F-A2F2B1F03498}" = Call of Duty(R) 4 - Modern Warfare(TM) 1.7 Patch
"InstallShield_{EF0D610C-92BE-4D8F-BD33-9F658F8754F1}" = GTI Racing
"InstallShield_{FC87BEA8-5582-476C-A754-41F3A9D976D4}" = FSCTV
"MAGIX Filme auf DVD TerraTec Edition D" = MAGIX Filme auf DVD TerraTec Edition 7.0.3.6 (D)
"Malwarebytes' Anti-Malware_is1" = Malwarebytes' Anti-Malware
"Mozilla Firefox (3.6.3)" = Mozilla Firefox (3.6.3)
"Nokia Maps Updater_is1" = Nokia Maps Updater 1.0.12
"Nokia PC Suite" = Nokia PC Suite
"ProtectDisc Driver 11" = ProtectDisc Driver, Version 11
"Revo Uninstaller" = Revo Uninstaller 1.89
"Slim Mobile USB DVB-T" = Slim Mobile USB DVB-T 1.0.64.29
"SpeedBit Video Downloader" = SpeedBit Video Downloader
"Stellarium_is1" = Stellarium 0.10.3
"TerraTec Grabby" = TerraTec Grabby V5.09.0813.00
"TmNationsForever_is1" = TmNationsForever
"Tunatic" = Tunatic
"VideoReDo TVSuite V4 w/H.264_is1" = VideoReDo TVSuite Version 4.20.5.600
"VLC media player" = VLC media player 1.1.0
"Window Hide Tool_is1" = Window Hide Tool 2.0
"WinLiveSuite_Wave3" = Windows Live Essentials
"WinRAR archiver" = WinRAR
 
========== Last 10 Event Log Errors ==========
 
[ Application Events ]
Error - 03.08.2010 14:10:47 | Computer Name = ANTEC-PC1 | Source = Application Error | ID = 1000
Description = Name der fehlerhaften Anwendung: HighwayNightsHi.exe, Version: 1.0.0.0,
 Zeitstempel: 0x4add4ed8  Name des fehlerhaften Moduls: HighwayNightsHi.exe, Version:
 1.0.0.0, Zeitstempel: 0x4add4ed8  Ausnahmecode: 0xc0000005  Fehleroffset: 0x00071da0
ID
 des fehlerhaften Prozesses: 0x17d4  Startzeit der fehlerhaften Anwendung: 0x01cb33372ca739c2
Pfad
 der fehlerhaften Anwendung: D:\Spiele\Alarm für Cobra 11 - Highway Nights\HighwayNightsHi.exe
Pfad
 des fehlerhaften Moduls: D:\Spiele\Alarm für Cobra 11 - Highway Nights\HighwayNightsHi.exe
Berichtskennung:
 70013c35-9f2a-11df-9db0-001f3f0c33d1
 
Error - 03.08.2010 14:25:40 | Computer Name = ** | Source = EventSystem | ID = 4622
Description =
 
Error - 04.08.2010 06:19:51 | Computer Name = ** | Source = Application Error | ID = 1000
Description = Name der fehlerhaften Anwendung: setupstb.exe, Version: 0.0.0.0, Zeitstempel:
 0x4af0e7cd  Name des fehlerhaften Moduls: ntdll.dll, Version: 6.1.7600.16559, Zeitstempel:
 0x4ba9b29c  Ausnahmecode: 0xc0000006  Fehleroffset: 0x00058563  ID des fehlerhaften Prozesses:
 0x10c8  Startzeit der fehlerhaften Anwendung: 0x01cb33be49d12d4c  Pfad der fehlerhaften
 Anwendung: E:\setupstb.exe  Pfad des fehlerhaften Moduls: C:\Windows\SysWOW64\ntdll.dll
Berichtskennung:
 d08f9fbd-9fb1-11df-ad9b-d2a0197c7f83
 
Error - 04.08.2010 06:19:51 | Computer Name = ** | Source = Application Error | ID = 1005
Description = Aus einem der folgenden Gründe kann nicht auf die Datei "" zugegriffen
 werden:  Es besteht ein Problem mit der Netzwerkverbindung, dem Datenträger mit der
 gespeicherten Datei bzw. den auf dem Computer installierten  Speichertreibern, oder
 der Datenträger fehlt.  Das Programm setupstb.exe wurde wegen dieses Fehlers geschlossen.
 
Programm:
 setupstb.exe  Datei:    Der Fehlerwert ist im Abschnitt "Zusätzliche Dateien" aufgelistet.
Benutzeraktion
1.
 Öffnen Sie die Datei erneut.  Diese Situation ist eventuell ein temporäres Problem,
 das selbstständig behoben wird, wenn das Programm erneut ausgeführt wird.  2.  Wenn
 Sie weiterhin nicht auf die Datei zugreifen können und  - diese sich im Netzwerk
befindet,  dann sollte der Netzwerkadministrator überprüfen, dass kein Netzwerkproblem
 besteht und dass eine Verbindung mit dem Server hergestellt werden kann.  - diese
 sich auf einem Wechseldatenträger, wie z. B. einer Diskette oder einer CD, befindet,
 überprüfen Sie, ob der Datenträger richtig in den Computer eingelegt ist.  3. Überprüfen
 und reparieren Sie das Dateisystem, indem Sie CHKDSK ausführen. Klicken Sie dazu
 im Menü "Start" auf "Ausführen", geben Sie CMD ein, und klicken Sie auf "OK". Geben
 Sie an der Eingabeaufforderung CHKDSK /F ein, und drücken Sie die EINGABETASTE.
4.
 Stellen Sie die Datei von einer Sicherungskopie wieder her, wenn das Problem weiterhin
 besteht.  5. Überprüfen Sie, ob andere Dateien auf demselben Datenträger geöffnet
 werden können. Falls dies nicht möglich ist, ist der Datenträger eventuell beschädigt.
  Wenden Sie sich an den Administrator oder den Hersteller der Computerhardware,
um weitere Unterstützung zu erhalten, wenn es sich um eine Festplatte handelt.    Zusätzliche
 Daten  Fehlerwert: C0000013  Datenträgertyp: 0
 
Error - 04.08.2010 08:08:34 | Computer Name = ** | Source = Application Error | ID = 1000
Description = Name der fehlerhaften Anwendung: iexplore.exe, Version: 8.0.7600.16385,
 Zeitstempel: 0x4a5bc69e  Name des fehlerhaften Moduls: SEARCH~1.DLL_unloaded, Version:
 0.0.0.0, Zeitstempel: 0x4bc59369  Ausnahmecode: 0xc0000005  Fehleroffset: 0x3599aa50
ID
 des fehlerhaften Prozesses: 0x1108  Startzeit der fehlerhaften Anwendung: 0x01cb33cdb476f603
Pfad
 der fehlerhaften Anwendung: C:\Program Files (x86)\Internet Explorer\iexplore.exe
Pfad
 des fehlerhaften Moduls: SEARCH~1.DLL  Berichtskennung: 00932649-9fc1-11df-ae2d-001f3f0c33d1
 
Error - 04.08.2010 09:03:58 | Computer Name = * | Source = Application Error | ID = 1000
Description = Name der fehlerhaften Anwendung: Fire.exe, Version: 0.0.0.0, Zeitstempel:
 0x41b82995  Name des fehlerhaften Moduls: Fire.exe, Version: 0.0.0.0, Zeitstempel:
 0x41b82995  Ausnahmecode: 0xc0000005  Fehleroffset: 0x00106440  ID des fehlerhaften Prozesses:
 0x11e0  Startzeit der fehlerhaften Anwendung: 0x01cb33d57c27dfc2  Pfad der fehlerhaften
 Anwendung: D:\Spiele\Fire Department 2\Fire.exe  Pfad des fehlerhaften Moduls: D:\Spiele\Fire
 Department 2\Fire.exe  Berichtskennung: be3cee01-9fc8-11df-ae2d-001f3f0c33d1
 
Error - 05.08.2010 17:00:05 | Computer Name =** | Source = Google Update | ID = 20
Description =
 
Error - 05.08.2010 18:00:05 | Computer Name = ** | Source = Google Update | ID = 20
Description =
 
Error - 06.08.2010 15:54:52 | Computer Name = ** | Source = EventSystem | ID = 4621
Description =
 
Error - 06.08.2010 17:00:05 | Computer Name = ** | Source = Google Update | ID = 20
Description =
 
[ OSession Events ]
Error - 14.06.2010 14:05:10 | Computer Name = ** | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 3, Application Name: Microsoft Office PowerPoint, Application
Version: 12.0.6500.5000, Microsoft Office Version: 12.0.6425.1000. This session
lasted 92870 seconds with 300 seconds of active time.  This session ended with a
 crash.
 
[ System Events ]
Error - 06.09.2010 08:47:41 | Computer Name = ** | Source = Disk | ID = 262155
Description = Der Treiber hat einen Controllerfehler auf \Device\Harddisk6\DR6 gefunden.
 
Error - 06.09.2010 08:47:41 | Computer Name = ** | Source = Disk | ID = 262155
Description = Der Treiber hat einen Controllerfehler auf \Device\Harddisk6\DR6 gefunden.
 
Error - 06.09.2010 08:47:42 | Computer Name = ** | Source = Disk | ID = 262155
Description = Der Treiber hat einen Controllerfehler auf \Device\Harddisk6\DR6 gefunden.
 
Error - 06.09.2010 08:47:42 | Computer Name = ANTEC-PC1 | Source = Disk | ID = 262155
Description = Der Treiber hat einen Controllerfehler auf \Device\Harddisk6\DR6 gefunden.
 
Error - 06.09.2010 08:47:43 | Computer Name = ** | Source = Disk | ID = 262155
Description = Der Treiber hat einen Controllerfehler auf \Device\Harddisk6\DR6 gefunden.
 
Error - 06.09.2010 13:30:04 | Computer Name = ** | Source = Disk | ID = 262155
Description = Der Treiber hat einen Controllerfehler auf \Device\Harddisk6\DR6 gefunden.
 
Error - 06.09.2010 13:35:45 | Computer Name = ** | Source = volsnap | ID = 393241
Description = Die Schattenkopien von Volume "M:" wurden gelöscht, weil der Schattenkopiespeicher
 nicht rechtzeitig vergrößert wurde. Sie sollten die E/A-Last auf dem System verringern
 oder ein Schattenkopie-Speichervolume, von dem keine Schattenkopie erstellt wird,
 auswählen.
 
Error - 06.09.2010 15:25:11 | Computer Name = ** | Source = Disk | ID = 262155
Description = Der Treiber hat einen Controllerfehler auf \Device\Harddisk5\DR5 gefunden.
 
Error - 07.09.2010 07:45:54 | Computer Name = ** | Source = Service Control Manager | ID = 7031
Description = Der Dienst "Microsoft Antimalware Service" wurde unerwartet beendet.
 Dies ist bereits 1 Mal vorgekommen. Folgende Korrekturmaßnahmen werden in 15000
 Millisekunden durchgeführt: Neustart des Diensts.
 
Error - 07.09.2010 07:46:09 | Computer Name = ** | Source = Service Control Manager | ID = 7032
Description = Der Versuch des Dienststeuerungs-Managers, nach dem unerwarteten Beenden
 des Dienstes "Microsoft Antimalware Service" Korrekturmaßnahmen (Neustart des Diensts)
 durchzuführen, ist fehlgeschlagen. Fehler:  %%1056
 
 
< End of report >
--- --- ---
OTL Logfile:
Code:
OTL logfile created on: 07.09.2010 17:20:05 - Run 2
OTL by OldTimer - Version 3.2.11.0    Folder = D:\
64bit- Home Premium Edition  (Version = 6.1.7600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.7600.16385)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
 
8,00 Gb Total Physical Memory | 5,00 Gb Available Physical Memory | 67,00% Memory free
12,00 Gb Paging File | 9,00 Gb Available in Paging File | 78,00% Paging File free
Paging file location(s): c:\pagefile.sys 4096 4096 [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 97,66 Gb Total Space | 37,30 Gb Free Space | 38,20% Space Free | Partition Type: NTFS
Drive D: | 1299,51 Gb Total Space | 1177,60 Gb Free Space | 90,62% Space Free | Partition Type: NTFS
E: Drive not present or media not loaded
F: Drive not present or media not loaded
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded
 
Computer Name: **
Current User Name: **
Logged in as Administrator.
 
Current Boot Mode: Normal
Scan Mode: Current user
Include 64bit Scans
Company Name Whitelist: Off
Skip Microsoft Files: Off
File Age = 30 Days
Output = Minimal
 
========== Processes (SafeList) ==========
 
PRC - D:\OTL.exe (OldTimer Tools)
PRC - D:\Programme\Mozilla Firefox\firefox.exe (Mozilla Corporation)
PRC - C:\Windows\SysWOW64\PnkBstrB.exe ()
PRC - C:\Windows\SysWOW64\PnkBstrA.exe ()
PRC - D:\0000000\Malwarebytes' Anti-Malware\mbam.exe (Malwarebytes Corporation)
PRC - D:\Programme\Avira AntiVir\Avira\AntiVir Desktop\avscan.exe (Avira GmbH)
PRC - D:\Programme\Avira AntiVir\Avira\AntiVir Desktop\avguard.exe (Avira GmbH)
PRC - D:\Programme\Avira AntiVir\Avira\AntiVir Desktop\avgnt.exe (Avira GmbH)
PRC - D:\Programme\Avira AntiVir\Avira\AntiVir Desktop\sched.exe (Avira GmbH)
PRC - C:\Program Files (x86)\ASUS\AASP\1.01.02\aaCenter.exe (ASUSTeK Computer Inc.)
PRC - D:\Programme\Adobe Photoshop Elements 8.0\Elements Organizer 8.0\PhotoshopElementsFileAgent.exe (Adobe Systems Incorporated)
PRC - C:\Programme\ASUS\TurboV EVO\TurboV_EVO.exe (ASUSTeK Computer Inc.)
PRC - C:\Programme\ASUS\TurboV EVO\TurboVHelp.exe (ASUSTeK Computer Inc.)
PRC - C:\Program Files (x86)\ASUS\AsSysCtrlService\1.00.02\AsSysCtrlService.exe (ASUSTeK Computer Inc.)
PRC - C:\ASUS.SYS\config\DVMExportService.exe (DeviceVM, Inc.)
PRC - C:\Program Files (x86)\Intel\Intel Matrix Storage Manager\IAAnotif.exe (Intel Corporation)
PRC - C:\Program Files (x86)\Intel\Intel Matrix Storage Manager\IAANTMon.exe (Intel Corporation)
PRC - C:\Program Files (x86)\Common Files\Nero\Nero BackItUp 4\NBService.exe (Nero AG)
PRC - C:\Program Files (x86)\avmwlanstick\WLanGUI.exe (AVM Berlin)
PRC - C:\Program Files (x86)\avmwlanstick\WlanNetService.exe (AVM Berlin)
PRC - C:\Program Files (x86)\Common Files\ArcSoft\Connection Service\Bin\ACService.exe (ArcSoft Inc.)
 
 
========== Modules (SafeList) ==========
 
MOD - D:\OTL.exe (OldTimer Tools)
MOD - C:\Windows\SysWOW64\msscript.ocx (Microsoft Corporation)
MOD - C:\Windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7600.16385_none_421189da2b7fabfc\comctl32.dll (Microsoft Corporation)
 
 
========== Win32 Services (SafeList) ==========
 
SRV:64bit: - (PnkBstrB) -- C:\Windows\SysNative\PnkBstrB.exe File not found
SRV:64bit: - (PnkBstrA) -- C:\Windows\SysNative\PnkBstrA.exe File not found
SRV:64bit: - (AMD External Events Utility) -- C:\Windows\SysNative\atiesrxx.exe (AMD)
SRV:64bit: - (FLEXnet Licensing Service 64) -- C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService64.exe (Acresso Software Inc.)
SRV - (ServiceLayer) -- C:\Program Files (x86)\PC Connectivity Solution\ServiceLayer.exe (Nokia)
SRV - (PnkBstrB) -- C:\Windows\SysWOW64\PnkBstrB.exe ()
SRV - (PnkBstrA) -- C:\Windows\SysWOW64\PnkBstrA.exe ()
SRV - (AntiVirService) -- D:\Programme\Avira AntiVir\Avira\AntiVir Desktop\avguard.exe (Avira GmbH)
SRV - (clr_optimization_v4.0.30319_64) -- C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe (Microsoft Corporation)
SRV - (clr_optimization_v4.0.30319_32) -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe (Microsoft Corporation)
SRV - (AntiVirSchedulerService) -- D:\Programme\Avira AntiVir\Avira\AntiVir Desktop\sched.exe (Avira GmbH)
SRV - (FLEXnet Licensing Service) -- C:\Program Files (x86)\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe (Acresso Software Inc.)
SRV - (AdobeActiveFileMonitor8.0) -- D:\Programme\Adobe Photoshop Elements 8.0\Elements Organizer 8.0\PhotoshopElementsFileAgent.exe (Adobe Systems Incorporated)
SRV - (AsSysCtrlService) -- C:\Program Files (x86)\ASUS\AsSysCtrlService\1.00.02\AsSysCtrlService.exe (ASUSTeK Computer Inc.)
SRV - (DvmMDES) -- C:\ASUS.SYS\config\DVMExportService.exe (DeviceVM, Inc.)
SRV - (IAANTMON) Intel(R) -- C:\Program Files (x86)\Intel\Intel Matrix Storage Manager\IAANTMon.exe (Intel Corporation)
SRV - (Nero BackItUp Scheduler 4.0) -- C:\Program Files (x86)\Common Files\Nero\Nero BackItUp 4\NBService.exe (Nero AG)
SRV - (AVM WLAN Connection Service) -- C:\Program Files (x86)\avmwlanstick\WlanNetService.exe (AVM Berlin)
SRV - (ACDaemon) -- C:\Program Files (x86)\Common Files\ArcSoft\Connection Service\Bin\ACService.exe (ArcSoft Inc.)
 
 
========== Driver Services (SafeList) ==========
 
DRV:64bit: - (atikmdag) -- C:\Windows\SysNative\drivers\atikmdag.sys (ATI Technologies Inc.)
DRV:64bit: - (amdkmdag) -- C:\Windows\SysNative\drivers\atikmdag.sys (ATI Technologies Inc.)
DRV:64bit: - (amdkmdap) -- C:\Windows\SysNative\drivers\atikmpag.sys (Advanced Micro Devices, Inc.)
DRV:64bit: - (sptd) -- C:\Windows\SysNative\drivers\sptd.sys ()
DRV:64bit: - (hamachi) -- C:\Windows\SysNative\drivers\hamachi.sys (LogMeIn, Inc.)
DRV:64bit: - (RTL2832UBDA) -- C:\Windows\SysNative\drivers\RTL2832UBDA.sys (REALTEK SEMICONDUCTOR Corp.)
DRV:64bit: - (RTL2832UUSB) -- C:\Windows\SysNative\drivers\RTL2832UUSB.sys (REALTEK SEMICONDUCTOR Corp.)
DRV:64bit: - (RTL2832U_IRHID) -- C:\Windows\SysNative\drivers\RTL2832U_IRHID.sys (Realtek)
DRV:64bit: - (avipbb) -- C:\Windows\SysNative\drivers\avipbb.sys (Avira GmbH)
DRV:64bit: - (UsbserFilt) -- C:\Windows\SysNative\drivers\usbser_lowerfltx64j.sys (Nokia)
DRV:64bit: - (upperdev) -- C:\Windows\SysNative\drivers\usbser_lowerfltx64.sys (Nokia)
DRV:64bit: - (nmwcdcx64) -- C:\Windows\SysNative\drivers\ccdcmbox64.sys (Nokia)
DRV:64bit: - (nmwcdx64) -- C:\Windows\SysNative\drivers\ccdcmbx64.sys (Nokia)
DRV:64bit: - (avgntflt) -- C:\Windows\SysNative\drivers\avgntflt.sys (Avira GmbH)
DRV:64bit: - (RTL8167) -- C:\Windows\SysNative\drivers\Rt64win7.sys (Realtek                                            )
DRV:64bit: - (USB28xxBGA) -- C:\Windows\SysNative\drivers\emBDA64.sys (eMPIA Technology, Inc.)
DRV:64bit: - (USB28xxOEM) -- C:\Windows\SysNative\drivers\emOEM64.sys (eMPIA Technology, Inc.)
DRV:64bit: - (dc3d) MS Hardware Device Detection Driver (USB) -- C:\Windows\SysNative\drivers\dc3d.sys (Microsoft Corporation)
DRV:64bit: - (Point64) -- C:\Windows\SysNative\drivers\point64k.sys (Microsoft Corporation)
DRV:64bit: - (athr) -- C:\Windows\SysNative\drivers\athrx.sys (Atheros Communications, Inc.)
DRV:64bit: - (AtiHdmiService) -- C:\Windows\SysNative\drivers\AtiHdmi.sys (ATI Technologies, Inc.)
DRV:64bit: - (BthAvrcp) -- C:\Windows\SysNative\drivers\BthAvrcp.sys (CSR, plc)
DRV:64bit: - (JRAID) -- C:\Windows\SysNative\drivers\jraid.sys (JMicron Technology Corp.)
DRV:64bit: - (MTsensor) -- C:\Windows\SysNative\drivers\ASACPI.sys ()
DRV:64bit: - (amdsata) -- C:\Windows\SysNative\drivers\amdsata.sys (Advanced Micro Devices)
DRV:64bit: - (amdxata) -- C:\Windows\SysNative\drivers\amdxata.sys (Advanced Micro Devices)
DRV:64bit: - (amdsbs) -- C:\Windows\SysNative\drivers\amdsbs.sys (AMD Technologies Inc.)
DRV:64bit: - (LSI_SAS2) -- C:\Windows\SysNative\drivers\lsi_sas2.sys (LSI Corporation)
DRV:64bit: - (HpSAMD) -- C:\Windows\SysNative\drivers\HpSAMD.sys (Hewlett-Packard Company)
DRV:64bit: - (stexstor) -- C:\Windows\SysNative\drivers\stexstor.sys (Promise Technology)
DRV:64bit: - (usbser) -- C:\Windows\SysNative\drivers\usbser.sys (Microsoft Corporation)
DRV:64bit: - (VIAHdAudAddService) -- C:\Windows\SysNative\drivers\viahduaa.sys (VIA Technologies, Inc.)
DRV:64bit: - (Ntfs) -- C:\Windows\SysNative\wbem\ntfs.mof ()
DRV:64bit: - (ebdrv) -- C:\Windows\SysNative\drivers\evbda.sys (Broadcom Corporation)
DRV:64bit: - (b06bdrv) -- C:\Windows\SysNative\drivers\bxvbda.sys (Broadcom Corporation)
DRV:64bit: - (b57nd60a) -- C:\Windows\SysNative\drivers\b57nd60a.sys (Broadcom Corporation)
DRV:64bit: - (hcw85cir) -- C:\Windows\SysNative\drivers\hcw85cir.sys (Hauppauge Computer Works, Inc.)
DRV:64bit: - (iaStor) -- C:\Windows\SysNative\drivers\iaStor.sys (Intel Corporation)
DRV:64bit: - (SNP2UVC) -- C:\Windows\SysNative\drivers\snp2uvc.sys ()
DRV:64bit: - (fwlanusbn) -- C:\Windows\SysNative\drivers\fwlanusbn.sys (AVM GmbH)
DRV:64bit: - (avmeject) -- C:\Windows\SysNative\drivers\avmeject.sys (AVM Berlin)
DRV:64bit: - (hxctlflt) -- C:\Windows\SysNative\drivers\hxctlflt.sys (Guillemot Corporation)
DRV:64bit: - (acedrv11) -- C:\Windows\SysNative\drivers\acedrv11.sys (Protect Software GmbH)
DRV:64bit: - (pccsmcfd) -- C:\Windows\SysNative\drivers\pccsmcfdx64.sys (Nokia)
DRV:64bit: - (PxHlpa64) -- C:\Windows\SysNative\drivers\PxHlpa64.sys (Sonic Solutions)
DRV - (RTL2832U_IRHID) -- C:\Windows\SysWOW64\drivers\RTL2832U_IRHID.sys (Realtek)
DRV - (RTL2832UUSB) -- C:\Windows\SysWOW64\drivers\RTL2832UUSB.sys (REALTEK SEMICONDUCTOR Corp.)
DRV - (RTL2832UBDA) -- C:\Windows\SysWOW64\drivers\RTL2832UBDA.sys (REALTEK SEMICONDUCTOR Corp.)
 
 
========== Standard Registry (SafeList) ==========
 
 
========== Internet Explorer ==========
 
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
 
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page =
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = Nachrichten - Service - Shopping bei t-online.de
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = MSN, Messenger und Hotmail sowie Nachrichten, Unterhaltung, Video, Sport, Lifestyle, Finanzen, Auto uvm. bei MSN
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = de
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 5D A3 A5 EF B8 87 CA 01  [binary data]
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = fritz.box
 
========== FireFox ==========
 
FF - prefs.js..browser.startup.homepage: "hxxp://www.t-online.de"
FF - prefs.js..extensions.enabledItems: {d49175b3-3fd8-43b8-b28e-da5d47f3c398}:1.0.29
FF - prefs.js..extensions.enabledItems: fb_add_on@avm.de:1.5.5
FF - prefs.js..extensions.enabledItems: bkmrksync@nokia.com:1.0.0.732
FF - prefs.js..extensions.enabledItems: {a0d7ccb3-214d-498b-b4aa-0e8fda9a7bf7}:20100823
FF - prefs.js..extensions.enabledItems: {0329E7D6-6F54-462D-93F6-F5C3118BADF2}:2.2.4
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}:6.0.20
 
FF - HKLM\software\mozilla\Firefox\Extensions\\{0329E7D6-6F54-462D-93F6-F5C3118BADF2}: D:\Programme\Speedbit Video Downloader\SpeedBit Video Downloader\SPFireFox [2010.05.08 21:12:32 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Firefox\Extensions\\bkmrksync@nokia.com: D:\Programme\Nokia\Nokia PC Suite\Nokia PC Suite 7\bkmrksync\ [2010.07.08 15:26:32 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.6.3\extensions\\Components: D:\Programme\Mozilla Firefox\components [2010.08.06 00:36:31 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.6.3\extensions\\Plugins: D:\Programme\Mozilla Firefox\plugins [2010.08.05 18:16:35 | 000,000,000 | ---D | M]
 
[2009.12.31 13:24:54 | 000,000,000 | ---D | M] -- C:\Users\Antec\AppData\Roaming\mozilla\Extensions
[2010.09.04 21:02:08 | 000,000,000 | ---D | M] -- C:\Users\Antec\AppData\Roaming\mozilla\Firefox\Profiles\cgu9kj7n.default\extensions
[2010.04.15 20:13:41 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Antec\AppData\Roaming\mozilla\Firefox\Profiles\cgu9kj7n.default\extensions\{0329E7D6-6F54-462D-93F6-F5C3118BADF2}
[2010.08.31 20:23:35 | 000,000,000 | ---D | M] (WOT) -- C:\Users\Antec\AppData\Roaming\mozilla\Firefox\Profiles\cgu9kj7n.default\extensions\{a0d7ccb3-214d-498b-b4aa-0e8fda9a7bf7}
[2010.06.27 12:31:38 | 000,000,000 | ---D | M] (COMPUTERBILD-Abzockschutz) -- C:\Users\Antec\AppData\Roaming\mozilla\Firefox\Profiles\cgu9kj7n.default\extensions\{d49175b3-3fd8-43b8-b28e-da5d47f3c398}
[2010.01.11 20:33:08 | 000,000,000 | ---D | M] -- C:\Users\Antec\AppData\Roaming\mozilla\Firefox\Profiles\cgu9kj7n.default\extensions\fb_add_on@avm.de
 
O1 HOSTS File: ([2009.06.10 23:00:26 | 000,000,824 | ---- | M]) - C:\Windows\SysNative\drivers\etc\hosts
O2 - BHO: (SBCONVERT Class) - {3017FB3E-9A77-4396-88C5-0EC9548FB42F} - D:\Programme\Speedbit Video Downloader\SpeedBit Video Downloader\Toolbar\tbcore3.dll ()
O2 - BHO: (SearchPredictObj Class) - {389943B0-C3A2-4E69-82CB-8596A84CB3DC} - C:\PROGRA~2\SEARCH~1\SEARCH~1.DLL (Speedbit Ltd.)
O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - No CLSID value found.
O2 - BHO: (GrabberObj Class) - {FF7C3CF0-4B15-11D1-ABED-709549C10000} - D:\Programme\Speedbit Video Downloader\SpeedBit Video Downloader\Toolbar\Grabber.dll (Speedbit Ltd.)
O3 - HKLM\..\Toolbar: (SpeedBit Video Downloader) - {0329E7D6-6F54-462D-93F6-F5C3118BADF2} - D:\Programme\Speedbit Video Downloader\SpeedBit Video Downloader\Toolbar\tbcore3.dll ()
O3 - HKCU\..\Toolbar\WebBrowser: (SpeedBit Video Downloader) - {0329E7D6-6F54-462D-93F6-F5C3118BADF2} - D:\Programme\Speedbit Video Downloader\SpeedBit Video Downloader\Toolbar\tbcore3.dll ()
O4:64bit: - HKLM..\Run: [IAAnotif] C:\Program Files (x86)\Intel\Intel Matrix Storage Manager\iaanotif.exe (Intel Corporation)
O4:64bit: - HKLM..\Run: [itype] C:\Program Files\Microsoft IntelliType Pro\itype.exe (Microsoft Corporation)
O4 - HKLM..\Run: [avgnt] D:\Programme\Avira AntiVir\Avira\AntiVir Desktop\avgnt.exe (Avira GmbH)
O4 - HKLM..\Run: [AVMWlanClient] C:\Program Files (x86)\avmwlanstick\wlangui.exe (AVM Berlin)
O4 - HKLM..\Run: [HDAudDeck] C:\Program Files (x86)\VIA\VIAudioi\VDeck\VDeck.exe (VIA)
O4 - HKLM..\Run: [JMB36X IDE Setup] C:\Windows\RaidTool\xInsIDE.exe ()
O4 - HKLM..\Run: [StartCCC] C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe (Advanced Micro Devices, Inc.)
O4 - HKLM..\Run: [TurboV EVO] C:\Program Files\ASUS\TurboV EVO\TurboV_EVO.exe (ASUSTeK Computer Inc.)
O4 - HKCU..\Run: [EPSON Stylus DX4400 Series] C:\Windows\SysWow64\spool\DRIVERS\x64\3\E_IATICAE.EXE File not found
O4 - HKCU..\Run: [EPSON Stylus DX8400 Series] C:\Windows\SysWow64\spool\DRIVERS\x64\3\E_IATICEE.EXE File not found
O4 - HKCU..\Run: [SpybotSD TeaTimer] D:\Programme\Spybot\Spybot - Search & Destroy\TeaTimer.exe (Safer-Networking Ltd.)
O4 - HKLM..\RunOnce: [Malwarebytes' Anti-Malware] D:\0000000\Malwarebytes' Anti-Malware\mbamgui.exe (Malwarebytes Corporation)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktopChanges = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O8:64bit: - Extra context menu item: Nach Microsoft E&xel exportieren - D:\Programme\Microsoft Office Home and Student 2007\Office12\EXCEL.EXE (Microsoft Corporation)
O8 - Extra context menu item: Nach Microsoft E&xel exportieren - D:\Programme\Microsoft Office Home and Student 2007\Office12\EXCEL.EXE (Microsoft Corporation)
O9 - Extra Button: An OneNote senden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - D:\Programme\Microsoft Office Home and Student 2007\Office12\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : An OneNote s&enden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - D:\Programme\Microsoft Office Home and Student 2007\Office12\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra Button: ICQ7.1 - {71BFC818-0CED-42D6-9C87-5142918957EE} - D:\Programme\ICQ 7\ICQ7.1\ICQ.exe (ICQ, LLC.)
O9 - Extra 'Tools' menuitem : ICQ7.1 - {71BFC818-0CED-42D6-9C87-5142918957EE} - D:\Programme\ICQ 7\ICQ7.1\ICQ.exe (ICQ, LLC.)
O9 - Extra Button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - D:\Programme\Microsoft Office Home and Student 2007\Office12\REFIEBAR.DLL (Microsoft Corporation)
O13 - gopher Prefix: missing
O13 - gopher Prefix: missing
O15 - HKCU\..Trusted Domains: fritz.box ([]* in Lokales Intranet)
O15 - HKCU\..Trusted Ranges: Range1 ([*] in Lokales Intranet)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_20-windows-i586.cab (Java Plug-in 1.6.0_20)
O16 - DPF: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_20-windows-i586.cab (Java Plug-in 1.6.0_20)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_20-windows-i586.cab (Java Plug-in 1.6.0_20)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.178.1
O18:64bit: - Protocol\Handler\livecall {828030A1-22C1-4009-854F-8E305202313F} - Reg Error: Key error. File not found
O18:64bit: - Protocol\Handler\ms-help {314111c7-a502-11d2-bbca-00c04f8ec294} - Reg Error: Key error. File not found
O18:64bit: - Protocol\Handler\msnim {828030A1-22C1-4009-854F-8E305202313F} - Reg Error: Key error. File not found
O18 - Protocol\Handler\livecall {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~2\WIC4A1~1\MESSEN~1\MSGRAP~1.DLL (Microsoft Corporation)
O18 - Protocol\Handler\msnim {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~2\WIC4A1~1\MESSEN~1\MSGRAP~1.DLL (Microsoft Corporation)
O18:64bit: - Protocol\Filter\text/xml {807563E5-5146-11D5-A672-00B0D022E945} - C:\Programme\Common Files\Microsoft Shared\OFFICE12\MSOXMLMF.DLL (Microsoft Corporation)
O18 - Protocol\Filter\text/xml {807563E5-5146-11D5-A672-00B0D022E945} - C:\PROGRA~2\COMMON~1\MICROS~1\OFFICE12\MSOXMLMF.DLL (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\Windows\SysNative\SystemPropertiesPerformance.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: VMApplet - (/pagefile) -  File not found
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\Windows\SysWow64\SystemPropertiesPerformance.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (/pagefile) -  File not found
O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - CLSID or File not found.
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - CLSID or File not found.
O32 - HKLM CDRom: AutoRun - 1
O33 - MountPoints2\{30c049a3-f398-11de-be0a-806e6f6e6963}\Shell - "" = AutoRun
O33 - MountPoints2\{30c049a3-f398-11de-be0a-806e6f6e6963}\Shell\AutoRun\command - "" = E:\.\Bin\ASSETUP.exe -- File not found
O33 - MountPoints2\{cc05b800-fc8d-11de-9627-90e6ba155d30}\Shell - "" = AutoRun
O33 - MountPoints2\{cc05b800-fc8d-11de-9627-90e6ba155d30}\Shell\AutoRun\command - "" = L:\pushinst.exe -- File not found
O33 - MountPoints2\{fb09731c-f958-11de-ba03-90e6ba155d30}\Shell - "" = AutoRun
O33 - MountPoints2\{fb09731c-f958-11de-ba03-90e6ba155d30}\Shell\AutoRun\command - "" = J:\pushinst.exe -- File not found
O33 - MountPoints2\K\Shell - "" = AutoRun
O33 - MountPoints2\K\Shell\AutoRun\command - "" = K:\pushinst.exe -- File not found
O34 - HKLM BootExecute: (autocheck autochk *) -  File not found
O35:64bit: - HKLM\..comfile [open] -- "%1" %*
O35:64bit: - HKLM\..exefile [open] -- "%1" %*
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %*
O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
 
========== Files/Folders - Created Within 30 Days ==========
 
[2010.09.07 17:08:01 | 000,000,000 | ---D | C] -- C:\Users\Antec\AppData\Roaming\Malwarebytes
[2010.09.07 14:14:55 | 000,000,000 | ---D | C] -- C:\ProgramData\Spybot - Search & Destroy
[2010.09.06 21:50:52 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Microsoft Antimalware
[2010.09.06 20:23:05 | 000,038,224 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\SysWow64\drivers\mbamswissarmy.sys
[2010.09.06 20:23:03 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes
[2010.09.06 20:23:02 | 000,024,664 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\SysNative\drivers\mbam.sys
[2010.09.06 18:38:48 | 000,000,000 | ---D | C] -- C:\Users\Antec\AppData\Roaming\VideoReDo-TVSuite4
[2010.09.05 19:12:28 | 000,000,000 | ---D | C] -- C:\ProgramData\Kaspersky Lab Setup Files
[2010.08.25 15:32:04 | 000,861,184 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\oleaut32.dll
[2010.08.17 23:41:11 | 000,000,000 | ---D | C] -- C:\Users\Antec\Documents\MAGIX Downloads
[2010.08.15 03:17:56 | 000,000,000 | ---D | C] -- C:\Users\Antec\AppData\Local\Microsoft Games
[2010.08.14 23:15:59 | 000,000,000 | ---D | C] -- C:\Users\Antec\AppData\Roaming\Auslogics
[2010.08.14 13:07:54 | 001,712,128 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\gdiplus.dll
[2010.08.14 13:07:54 | 001,060,864 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\MFC71.dll
[2010.08.14 13:07:54 | 001,047,552 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\MFC71u.dll
[2010.08.14 13:07:54 | 000,065,536 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\MFC71DEU.DLL
[2010.08.14 13:07:54 | 000,061,440 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\MFC71ITA.DLL
[2010.08.14 13:07:54 | 000,061,440 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\MFC71FRA.DLL
[2010.08.14 13:07:54 | 000,061,440 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\MFC71ESP.DLL
[2010.08.14 13:07:54 | 000,057,344 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\MFC71ENU.DLL
[2010.08.14 13:07:54 | 000,049,152 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\MFC71KOR.DLL
[2010.08.14 13:07:54 | 000,049,152 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\MFC71JPN.DLL
[2010.08.14 13:07:54 | 000,045,056 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\MFC71CHT.DLL
[2010.08.14 13:07:54 | 000,040,960 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\MFC71CHS.DLL
[2010.08.10 22:20:01 | 005,507,968 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ntoskrnl.exe
[2010.08.10 22:20:01 | 003,955,080 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ntkrnlpa.exe
[2010.08.10 22:20:00 | 003,899,784 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ntoskrnl.exe
[2010.08.10 22:19:54 | 000,256,000 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\iepeers.dll
[2010.08.10 22:19:54 | 000,247,808 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ieui.dll
[2010.08.10 22:19:54 | 000,185,856 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\iepeers.dll
[2010.08.10 22:19:54 | 000,176,640 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ieui.dll
[2010.08.10 22:19:54 | 000,012,800 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\msfeedssync.exe
[2010.08.10 22:19:54 | 000,012,288 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\msfeedssync.exe
[2010.08.10 22:19:48 | 000,082,944 | ---- | C] (Radius Inc.) -- C:\Windows\SysWow64\iccvid.dll
[2010.08.10 22:19:48 | 000,052,224 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\rtutils.dll
[2010.08.10 22:19:48 | 000,037,376 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\rtutils.dll
[2010.08.09 12:58:23 | 000,719,872 | ---- | C] (Abysmal Software) -- C:\Windows\SysWow64\devil.dll
[2010.08.09 12:58:23 | 000,369,152 | ---- | C] (The Public) -- C:\Windows\SysWow64\avisynth.dll
[2010.08.09 12:58:22 | 000,070,656 | ---- | C] (www.helixcommunity.org) -- C:\Windows\SysWow64\yv12vfw.dll
[2010.08.09 12:58:22 | 000,070,656 | ---- | C] (www.helixcommunity.org) -- C:\Windows\SysWow64\i420vfw.dll
[2010.08.09 12:58:22 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\AviSynth 2.5
[2010.08.09 02:09:10 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\DVDVideoSoft
[2010.08.09 02:07:12 | 000,000,000 | ---D | C] -- C:\Users\Antec\AppData\Roaming\Cuttermaran
 
========== Files - Modified Within 30 Days ==========
 
[2010.09.07 17:19:32 | 002,621,440 | -HS- | M] () -- C:\Users\Antec\ntuser.dat
[2010.09.07 17:07:53 | 000,000,653 | ---- | M] () -- C:\Users\Public\Desktop\Malwarebytes' Anti-Malware.lnk
[2010.09.07 17:00:00 | 000,001,106 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
[2010.09.07 14:15:08 | 000,000,985 | ---- | M] () -- C:\Users\Antec\Desktop\Spybot - Search & Destroy.lnk
[2010.09.07 13:57:35 | 001,498,506 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI
[2010.09.07 13:57:35 | 000,653,928 | ---- | M] () -- C:\Windows\SysNative\perfh007.dat
[2010.09.07 13:57:35 | 000,615,810 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat
[2010.09.07 13:57:35 | 000,129,800 | ---- | M] () -- C:\Windows\SysNative\perfc007.dat
[2010.09.07 13:57:35 | 000,106,190 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat
[2010.09.07 13:53:28 | 000,000,177 | -H-- | M] () -- C:\dvmexp.idx
[2010.09.07 13:51:06 | 000,023,552 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2010.09.07 13:51:06 | 000,023,552 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2010.09.07 13:44:49 | 000,524,288 | -HS- | M] () -- C:\Users\Antec\ntuser.dat{0d327a79-ba75-11df-8cd0-001f3f0c33d1}.TMContainer00000000000000000002.regtrans-ms
[2010.09.07 13:44:49 | 000,065,536 | -HS- | M] () -- C:\Users\Antec\ntuser.dat{0d327a79-ba75-11df-8cd0-001f3f0c33d1}.TM.blf
[2010.09.07 13:44:48 | 000,524,288 | -HS- | M] () -- C:\Users\Antec\ntuser.dat{0d327a79-ba75-11df-8cd0-001f3f0c33d1}.TMContainer00000000000000000001.regtrans-ms
[2010.09.07 13:43:42 | 000,001,102 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
[2010.09.07 13:43:22 | 000,000,006 | -H-- | M] () -- C:\Windows\tasks\SA.DAT
[2010.09.07 13:43:11 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2010.09.07 13:43:00 | 2140,446,719 | -HS- | M] () -- C:\hiberfil.sys
[2010.09.06 15:24:03 | 002,780,633 | -H-- | M] () -- C:\Users\Antec\AppData\Local\IconCache.db
[2010.09.05 00:08:04 | 000,000,046 | ---- | M] () -- C:\Users\Antec\jagex_runescape_preferences.dat
[2010.09.05 00:04:07 | 000,000,099 | ---- | M] () -- C:\Users\Antec\jagex_runescape_preferences2.dat
[2010.08.29 16:57:15 | 000,004,096 | ---- | M] () -- C:\Users\Public\Documents\00000D34.LCS
[2010.08.27 10:53:05 | 000,004,096 | ---- | M] () -- C:\Users\Public\Documents\00001199.LCS
[2010.08.24 22:27:42 | 000,524,288 | -HS- | M] () -- C:\Users\Antec\ntuser.dat{88e65186-afbc-11df-93b8-dfb9091abe82}.TMContainer00000000000000000002.regtrans-ms
[2010.08.24 22:27:42 | 000,524,288 | -HS- | M] () -- C:\Users\Antec\ntuser.dat{88e65186-afbc-11df-93b8-dfb9091abe82}.TMContainer00000000000000000001.regtrans-ms
[2010.08.24 22:27:42 | 000,065,536 | -HS- | M] () -- C:\Users\Antec\ntuser.dat{88e65186-afbc-11df-93b8-dfb9091abe82}.TM.blf
[2010.08.24 18:03:54 | 000,524,288 | -HS- | M] () -- C:\Users\Antec\ntuser.dat{3a26c060-af98-11df-8f7e-fdcde1824b83}.TMContainer00000000000000000002.regtrans-ms
[2010.08.24 18:03:54 | 000,524,288 | -HS- | M] () -- C:\Users\Antec\ntuser.dat{3a26c060-af98-11df-8f7e-fdcde1824b83}.TMContainer00000000000000000001.regtrans-ms
[2010.08.24 18:03:54 | 000,065,536 | -HS- | M] () -- C:\Users\Antec\ntuser.dat{3a26c060-af98-11df-8f7e-fdcde1824b83}.TM.blf
[2010.08.24 17:04:45 | 000,524,288 | -HS- | M] () -- C:\Users\Antec\ntuser.dat{79981c64-af8f-11df-96bb-9f8548c4fb85}.TMContainer00000000000000000002.regtrans-ms
[2010.08.24 17:04:45 | 000,524,288 | -HS- | M] () -- C:\Users\Antec\ntuser.dat{79981c64-af8f-11df-96bb-9f8548c4fb85}.TMContainer00000000000000000001.regtrans-ms
[2010.08.24 17:04:45 | 000,065,536 | -HS- | M] () -- C:\Users\Antec\ntuser.dat{79981c64-af8f-11df-96bb-9f8548c4fb85}.TM.blf
[2010.08.23 16:10:37 | 000,524,288 | -HS- | M] () -- C:\Users\Antec\ntuser.dat{1069a3ae-aec0-11df-8cb8-f3407ef10b8a}.TMContainer00000000000000000002.regtrans-ms
[2010.08.23 16:10:37 | 000,524,288 | -HS- | M] () -- C:\Users\Antec\ntuser.dat{1069a3ae-aec0-11df-8cb8-f3407ef10b8a}.TMContainer00000000000000000001.regtrans-ms
[2010.08.23 16:10:37 | 000,065,536 | -HS- | M] () -- C:\Users\Antec\ntuser.dat{1069a3ae-aec0-11df-8cb8-f3407ef10b8a}.TM.blf
[2010.08.16 21:43:21 | 000,000,774 | ---- | M] () -- C:\Users\Antec\Desktop\PC Probe II V1.04.88.lnk
[2010.08.16 18:38:44 | 000,000,045 | ---- | M] () -- C:\Windows\SysWow64\initdebug.nfo
[2010.08.13 18:41:27 | 000,524,288 | -HS- | M] () -- C:\Users\Antec\NTUSER.DAT{8590155b-a6f9-11df-b097-d118d666e583}.TMContainer00000000000000000002.regtrans-ms
[2010.08.13 18:41:27 | 000,524,288 | -HS- | M] () -- C:\Users\Antec\NTUSER.DAT{8590155b-a6f9-11df-b097-d118d666e583}.TMContainer00000000000000000001.regtrans-ms
[2010.08.13 18:41:27 | 000,065,536 | -HS- | M] () -- C:\Users\Antec\NTUSER.DAT{8590155b-a6f9-11df-b097-d118d666e583}.TM.blf
[2010.08.10 23:46:12 | 000,524,288 | -HS- | M] () -- C:\Users\Antec\NTUSER.DAT{5c3c72e7-a4c8-11df-b305-001f3f0c33d1}.TMContainer00000000000000000002.regtrans-ms
[2010.08.10 23:46:12 | 000,524,288 | -HS- | M] () -- C:\Users\Antec\NTUSER.DAT{5c3c72e7-a4c8-11df-b305-001f3f0c33d1}.TMContainer00000000000000000001.regtrans-ms
[2010.08.10 23:46:12 | 000,065,536 | -HS- | M] () -- C:\Users\Antec\NTUSER.DAT{5c3c72e7-a4c8-11df-b305-001f3f0c33d1}.TM.blf
[2010.08.10 23:44:22 | 002,970,840 | ---- | M] () -- C:\Windows\SysNative\FNTCACHE.DAT
[2010.08.09 17:57:12 | 000,524,288 | -HS- | M] () -- C:\Users\Antec\NTUSER.DAT{46e31ddc-a3ce-11df-aaa7-001f3f0c33d1}.TMContainer00000000000000000002.regtrans-ms
[2010.08.09 17:57:12 | 000,524,288 | -HS- | M] () -- C:\Users\Antec\NTUSER.DAT{46e31ddc-a3ce-11df-aaa7-001f3f0c33d1}.TMContainer00000000000000000001.regtrans-ms
[2010.08.09 17:57:12 | 000,065,536 | -HS- | M] () -- C:\Users\Antec\NTUSER.DAT{46e31ddc-a3ce-11df-aaa7-001f3f0c33d1}.TM.blf
 
========== Files Created - No Company Name ==========
 
[2010.09.07 17:07:53 | 000,000,653 | ---- | C] () -- C:\Users\Public\Desktop\Malwarebytes' Anti-Malware.lnk
[2010.09.07 14:15:08 | 000,000,985 | ---- | C] () -- C:\Users\Antec\Desktop\Spybot - Search & Destroy.lnk
[2010.09.07 13:44:47 | 000,524,288 | -HS- | C] () -- C:\Users\Antec\ntuser.dat{0d327a79-ba75-11df-8cd0-001f3f0c33d1}.TMContainer00000000000000000002.regtrans-ms
[2010.09.07 13:44:47 | 000,524,288 | -HS- | C] () -- C:\Users\Antec\ntuser.dat{0d327a79-ba75-11df-8cd0-001f3f0c33d1}.TMContainer00000000000000000001.regtrans-ms
[2010.09.07 13:44:47 | 000,065,536 | -HS- | C] () -- C:\Users\Antec\ntuser.dat{0d327a79-ba75-11df-8cd0-001f3f0c33d1}.TM.blf
[2010.08.24 22:24:08 | 000,524,288 | -HS- | C] () -- C:\Users\Antec\ntuser.dat{88e65186-afbc-11df-93b8-dfb9091abe82}.TMContainer00000000000000000002.regtrans-ms
[2010.08.24 22:24:08 | 000,524,288 | -HS- | C] () -- C:\Users\Antec\ntuser.dat{88e65186-afbc-11df-93b8-dfb9091abe82}.TMContainer00000000000000000001.regtrans-ms
[2010.08.24 22:24:08 | 000,065,536 | -HS- | C] () -- C:\Users\Antec\ntuser.dat{88e65186-afbc-11df-93b8-dfb9091abe82}.TM.blf
[2010.08.24 18:02:04 | 000,524,288 | -HS- | C] () -- C:\Users\Antec\ntuser.dat{3a26c060-af98-11df-8f7e-fdcde1824b83}.TMContainer00000000000000000002.regtrans-ms
[2010.08.24 18:02:04 | 000,524,288 | -HS- | C] () -- C:\Users\Antec\ntuser.dat{3a26c060-af98-11df-8f7e-fdcde1824b83}.TMContainer00000000000000000001.regtrans-ms
[2010.08.24 18:02:04 | 000,065,536 | -HS- | C] () -- C:\Users\Antec\ntuser.dat{3a26c060-af98-11df-8f7e-fdcde1824b83}.TM.blf
[2010.08.24 17:03:25 | 000,524,288 | -HS- | C] () -- C:\Users\Antec\ntuser.dat{79981c64-af8f-11df-96bb-9f8548c4fb85}.TMContainer00000000000000000002.regtrans-ms
[2010.08.24 17:03:25 | 000,524,288 | -HS- | C] () -- C:\Users\Antec\ntuser.dat{79981c64-af8f-11df-96bb-9f8548c4fb85}.TMContainer00000000000000000001.regtrans-ms
[2010.08.24 17:03:25 | 000,065,536 | -HS- | C] () -- C:\Users\Antec\ntuser.dat{79981c64-af8f-11df-96bb-9f8548c4fb85}.TM.blf
[2010.08.23 16:10:11 | 000,524,288 | -HS- | C] () -- C:\Users\Antec\ntuser.dat{1069a3ae-aec0-11df-8cb8-f3407ef10b8a}.TMContainer00000000000000000002.regtrans-ms
[2010.08.23 16:10:11 | 000,524,288 | -HS- | C] () -- C:\Users\Antec\ntuser.dat{1069a3ae-aec0-11df-8cb8-f3407ef10b8a}.TMContainer00000000000000000001.regtrans-ms
[2010.08.23 16:10:11 | 000,065,536 | -HS- | C] () -- C:\Users\Antec\ntuser.dat{1069a3ae-aec0-11df-8cb8-f3407ef10b8a}.TM.blf
[2010.08.16 21:43:21 | 000,000,774 | ---- | C] () -- C:\Users\Antec\Desktop\PC Probe II V1.04.88.lnk
[2010.08.16 21:42:57 | 000,010,216 | ---- | C] () -- C:\Windows\SysWow64\drivers\AsInsHelp32.sys
[2010.08.16 21:42:56 | 000,011,832 | ---- | C] () -- C:\Windows\SysWow64\drivers\AsInsHelp64.sys
[2010.08.13 18:41:27 | 000,524,288 | -HS- | C] () -- C:\Users\Antec\NTUSER.DAT{8590155b-a6f9-11df-b097-d118d666e583}.TMContainer00000000000000000002.regtrans-ms
[2010.08.13 18:41:27 | 000,524,288 | -HS- | C] () -- C:\Users\Antec\NTUSER.DAT{8590155b-a6f9-11df-b097-d118d666e583}.TMContainer00000000000000000001.regtrans-ms
[2010.08.13 18:41:27 | 000,065,536 | -HS- | C] () -- C:\Users\Antec\NTUSER.DAT{8590155b-a6f9-11df-b097-d118d666e583}.TM.blf
[2010.08.10 23:46:12 | 000,524,288 | -HS- | C] () -- C:\Users\Antec\NTUSER.DAT{5c3c72e7-a4c8-11df-b305-001f3f0c33d1}.TMContainer00000000000000000002.regtrans-ms
[2010.08.10 23:46:12 | 000,524,288 | -HS- | C] () -- C:\Users\Antec\NTUSER.DAT{5c3c72e7-a4c8-11df-b305-001f3f0c33d1}.TMContainer00000000000000000001.regtrans-ms
[2010.08.10 23:46:12 | 000,065,536 | -HS- | C] () -- C:\Users\Antec\NTUSER.DAT{5c3c72e7-a4c8-11df-b305-001f3f0c33d1}.TM.blf
[2010.08.09 17:57:11 | 000,524,288 | -HS- | C] () -- C:\Users\Antec\NTUSER.DAT{46e31ddc-a3ce-11df-aaa7-001f3f0c33d1}.TMContainer00000000000000000002.regtrans-ms
[2010.08.09 17:57:11 | 000,524,288 | -HS- | C] () -- C:\Users\Antec\NTUSER.DAT{46e31ddc-a3ce-11df-aaa7-001f3f0c33d1}.TMContainer00000000000000000001.regtrans-ms
[2010.08.09 17:57:10 | 000,065,536 | -HS- | C] () -- C:\Users\Antec\NTUSER.DAT{46e31ddc-a3ce-11df-aaa7-001f3f0c33d1}.TM.blf
[2010.08.09 12:58:22 | 000,027,648 | ---- | C] () -- C:\Windows\SysWow64\AVSredirect.dll
[2010.05.26 14:36:49 | 000,034,308 | ---- | C] () -- C:\Windows\SysWow64\BASSMOD.dll
[2010.05.25 20:33:23 | 000,000,007 | ---- | C] () -- C:\Windows\treeskp.sys
[2010.05.25 14:37:54 | 000,110,080 | ---- | C] () -- C:\Windows\SysWow64\advd.dll
[2010.05.25 14:37:54 | 000,023,040 | ---- | C] () -- C:\Windows\SysWow64\auth.dll
[2010.05.25 14:37:53 | 000,237,568 | ---- | C] () -- C:\Windows\SysWow64\lame_enc.dll
[2010.05.25 14:36:48 | 000,017,408 | ---- | C] () -- C:\Users\Antec\AppData\Local\WebpageIcons.db
[2010.05.18 16:27:40 | 000,000,295 | ---- | C] () -- C:\Windows\game.ini
[2010.03.30 15:12:41 | 000,015,497 | ---- | C] () -- C:\Windows\snp2uvc.ini
[2010.03.21 18:13:15 | 000,554,496 | ---- | C] () -- C:\Windows\SysWow64\dvmsg.dll
[2010.02.21 13:53:50 | 000,120,200 | ---- | C] () -- C:\Windows\SysWow64\DLLDEV32i.dll
[2010.02.21 13:50:49 | 000,007,119 | ---- | C] () -- C:\Windows\mgxoschk.ini
[2010.02.11 18:41:30 | 000,049,152 | R--- | C] () -- C:\Windows\SysWow64\AVerIO.dll
[2010.02.11 18:41:30 | 000,003,456 | R--- | C] () -- C:\Windows\SysWow64\AVerIO.sys
[2010.02.11 18:41:25 | 000,258,048 | R--- | C] () -- C:\Windows\SysWow64\sptlib01.dll
[2010.02.11 18:41:25 | 000,253,952 | R--- | C] () -- C:\Windows\SysWow64\sptlib02.dll
[2010.02.01 12:30:55 | 000,000,096 | ---- | C] () -- C:\Users\Antec\AppData\Roaming\d3a10f4e.dat
[2010.01.10 12:16:04 | 000,013,824 | ---- | C] () -- C:\Users\Antec\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2010.01.03 23:06:02 | 000,127,085 | ---- | C] () -- C:\Windows\SysWow64\RTKFMSOURCE.dll
[2009.12.28 13:08:27 | 000,024,576 | ---- | C] () -- C:\Windows\SysWow64\AsIO.dll
[2009.12.28 13:08:27 | 000,013,440 | ---- | C] () -- C:\Windows\SysWow64\drivers\AsIO.sys
[2009.12.28 13:06:36 | 000,035,862 | ---- | C] () -- C:\Windows\Ascd_log.ini
[2009.12.28 13:00:35 | 000,001,769 | ---- | C] () -- C:\Windows\Language_trs.ini
[2009.12.28 13:00:30 | 000,024,648 | ---- | C] () -- C:\Windows\Ascd_tmp.ini
[2009.07.14 01:42:10 | 000,064,000 | ---- | C] () -- C:\Windows\SysWow64\BWContextHandler.dll
[2009.07.13 23:03:59 | 000,364,544 | ---- | C] () -- C:\Windows\SysWow64\msjetoledb40.dll
[2009.04.02 14:30:14 | 000,010,296 | ---- | C] () -- C:\Windows\SysWow64\drivers\ASUSHWIO.SYS
[2008.12.01 19:32:32 | 000,362,029 | ---- | C] () -- C:\Windows\SysWow64\sqlite3.dll
[2008.10.22 05:29:06 | 000,173,550 | ---- | C] () -- C:\Windows\SysWow64\xlive.dll.cat
 
========== Alternate Data Streams ==========
 
@Alternate Data Stream - 218 bytes -> C:\ProgramData\TEMP:3440EB47
@Alternate Data Stream - 178 bytes -> C:\ProgramData\TEMP:0888F409
@Alternate Data Stream - 136 bytes -> C:\ProgramData\TEMP:66633281
< End of report >
--- --- --- ]]> Hijacker / HiJackThis Logs posten technisat http://www.trojaner-board.de/90497-facebook-virus-ueber-skype-bekommen.html Offen Virus der Sich über Skype verschickt http://www.trojaner-board.de/90496-virus-der-sich-ueber-skype-verschickt.html Tue, 07 Sep 2010 13:39:26 GMT Hallo
Ich habe von meinem Freund vor 2 Tagen einen Link über Skype geschickt bekommen. Die Nachricht sah ca. so aus: "Foto :P w*w.facebook..." .Leider war das ein Downloadlink für einen Virus der sich selbstständig über skype verschickt :headbang:
Ich hab mit Malwarebytes einen Scan gemacht, weiß aber noch nicht ob der Virus jetzt weg ist.
Bitte um schnelle Hilfe

Hier ein Logfile von Hijackthis:

HiJackthis Logfile:
Code:
Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 15:33:05, on 07.09.2010
Platform: Windows Vista SP2 (WinNT 6.00.1906)
MSIE: Internet Explorer v8.00 (8.00.6001.18943)
Boot mode: Normal
 
Running processes:
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Windows\system32\taskeng.exe
C:\Program Files\Windows Defender\MSASCui.exe
C:\Program Files\TortoiseSVN\bin\TSVNCache.exe
C:\Windows\RtHDVCpl.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe
C:\Program Files\Common Files\Java\Java Update\jusched.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Windows Sidebar\sidebar.exe
C:\Program Files\Common Files\LightScribe\LightScribeControlPanel.exe
C:\Program Files\Window Hide Tool\Window Hide Tool.exe
C:\Program Files\Windows Media Player\wmpnscfg.exe
C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe
C:\Program Files\Windows Sidebar\sidebar.exe
C:\Program Files\Skype\Phone\Skype.exe
C:\Program Files\Skype\Plugin Manager\skypePM.exe
C:\ProgramData\Skype\Plugins\Plugins\9F9CE45F74274F5689DEAD48836386CA\MusicMaestro.exe
C:\Program Files\Opera\Opera.exe
C:\Users\*****\Desktop\HiJackThis204.exe
 
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http:\\www.samsungcomputer.com
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://fullarticles.net
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http:\\www.samsungcomputer.com
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = hxxp://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
R3 - URLSearchHook: (no name) - {855F3B16-6D32-4fe6-8A56-BBB695989046} - (no file)
R3 - URLSearchHook: SweetIM ToolbarURLSearchHook Class - {EEE6C35D-6118-11DC-9C72-001320C79847} - C:\Program Files\SweetIM\Toolbars\Internet Explorer\mgHelper.dll
O1 - Hosts: ÿþ127.0.0.1 localhost
O1 - Hosts: ::1 localhost
O2 - BHO: Adobe PDF Reader - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: Skype add-on (mastermind) - {22BF413B-C6D2-4d91-82A9-A0F997BA588C} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
O2 - BHO: Videoraptor_WebRipPlugin Class - {3C0372C2-04C3-4100-BAB1-1D42C552BC48} - C:\Program Files\RapidSolution\Videoraptor\plugins\IE\VR_WebRipIePlugin.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: SWEETIE - {EEE6C35C-6118-11DC-9C72-001320C79847} - C:\Program Files\SweetIM\Toolbars\Internet Explorer\mgToolbarIE.dll
O3 - Toolbar: (no name) - {855F3B16-6D32-4fe6-8A56-BBB695989046} - (no file)
O3 - Toolbar: SweetIM Toolbar for Internet Explorer - {EEE6C35B-6118-11DC-9C72-001320C79847} - C:\Program Files\SweetIM\Toolbars\Internet Explorer\mgToolbarIE.dll
O4 - HKLM\..\Run: [Windows Defender] %ProgramFiles%\Windows Defender\MSASCui.exe -hide
O4 - HKLM\..\Run: [RtHDVCpl] RtHDVCpl.exe
O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [RemoteControl] "C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe"
O4 - HKLM\..\Run: [LanguageShortcut] "C:\Program Files\CyberLink\PowerDVD\Language\Language.exe"
O4 - HKLM\..\Run: [AppleSyncNotifier] C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleSyncNotifier.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Common Files\Java\Java Update\jusched.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [AdobeCS4ServiceManager] "C:\Program Files\Common Files\Adobe\CS4ServiceManager\CS4ServiceManager.exe" -launchedbylogin
O4 - HKLM\..\Run: [LogMeIn Hamachi Ui] "C:\Program Files\LogMeIn Hamachi\hamachi-2-ui.exe" --auto-start
O4 - HKCU\..\Run: [Sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun
O4 - HKCU\..\Run: [LightScribe Control Panel] C:\Program Files\Common Files\LightScribe\LightScribeControlPanel.exe -hidden
O4 - HKCU\..\Run: [Window Hide Tool] C:\Program Files\Window Hide Tool\Window Hide Tool.exe
O4 - HKCU\..\Run: [DAEMON Tools Lite] C:\Program Files\DAEMON Tools Lite\DTLite.exe -autorun
O4 - HKCU\..\Run: [WMPNSCFG] C:\Program Files\Windows Media Player\WMPNSCFG.exe
O4 - Global Startup: BTTray.lnk = ?
O9 - Extra button: An OneNote senden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: An OneNote s&enden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra button: (no name) - {5067A26B-1337-4436-8AFE-EE169C2DA79F} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
O9 - Extra 'Tools' menuitem: Skype add-on for Internet Explorer - {5067A26B-1337-4436-8AFE-EE169C2DA79F} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
O9 - Extra button: Skype - {77BF5300-1474-4EC7-9980-D32B190E9B07} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
O9 - Extra button: @btrez.dll,-4015 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
O9 - Extra 'Tools' menuitem: @btrez.dll,-12650 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
O9 - Extra button: ICQ6 - {E59EB121-F339-4851-A3BA-FE49C35617C2} - C:\Program Files\ICQ6.5\ICQ.exe
O9 - Extra 'Tools' menuitem: ICQ6 - {E59EB121-F339-4851-A3BA-FE49C35617C2} - C:\Program Files\ICQ6.5\ICQ.exe
O16 - DPF: {1E54D648-B804-468d-BC78-4AFFED8E262F} (System Requirements Lab) - hxxp://www.nvidia.com/content/DriverDownload/srl/3.0.0.4/srl_bin/sysreqlab_nvd.cab
O16 - DPF: {4871A87A-BFDD-4106-8153-FFDE2BAC2967} (DLM Control) - hxxp://dlm.tools.akamai.com/dlmanager/versions/activex/dlm-activex-2.2.5.0.cab
O16 - DPF: {D0C0F75C-683A-4390-A791-1ACFD5599AB8} (Oberon Flash Game Host) - hxxp://icq.oberon-media.com/Gameshell/GameHost/1.0/OberonGameHost.cab
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - hxxp://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O22 - SharedTaskScheduler: Component Categories cache daemon - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\Windows\system32\browseui.dll
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: Bonjour-Dienst (Bonjour Service) - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: Intel® PROSet/Wireless Event Log (EvtEng) - Intel(R) Corporation - C:\Program Files\Intel\WiFi\bin\EvtEng.exe
O23 - Service: FLEXnet Licensing Service - Acresso Software Inc. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
O23 - Service: Google Update Service (gupdate1cb059687ea4443) (gupdate1cb059687ea4443) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe
O23 - Service: LogMeIn Hamachi 2.0 Tunneling Engine (Hamachi2Svc) - LogMeIn Inc. - C:\Program Files\LogMeIn Hamachi\hamachi-2.exe
O23 - Service: iPod-Dienst (iPod Service) - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Common Files\LightScribe\LSSrvc.exe
O23 - Service: nProtect GameGuard Service (npggsvc) - Unknown owner - C:\Windows\system32\GameMon.des.exe (file missing)
O23 - Service: NVIDIA Display Driver Service (nvsvc) - NVIDIA Corporation - C:\Windows\system32\nvvsvc.exe
O23 - Service: Intel® PROSet/Wireless Registry Service (RegSrvc) - Intel(R) Corporation - C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe
O23 - Service: Cyberlink RichVideo Service(CRVS) (RichVideo) - Unknown owner - C:\Program Files\CyberLink\Shared Files\RichVideo.exe
O23 - Service: Remote Packet Capture Protocol v.0 (experimental) (rpcapd) - CACE Technologies, Inc. - C:\Program Files\WinPcap\rpcapd.exe
O23 - Service: Samsung Update Plus - Unknown owner - C:\Program Files\Samsung\Samsung Update Plus\SLUBackgroundService.exe
 
--
End of file - 9043 bytes
--- --- ---
]]> Hijacker / HiJackThis Logs posten Lomoko http://www.trojaner-board.de/90496-virus-der-sich-ueber-skype-verschickt.html