| |
| |||||||
Plagegeister aller Art und deren Bekämpfung: Icq-Bild-VirusWindows 7 Wenn Du nicht sicher bist, ob Du dir Malware oder Trojaner eingefangen hast, erstelle hier ein Thema. Ein Experte wird sich mit weiteren Anweisungen melden und Dir helfen die Malware zu entfernen oder Unerwünschte Software zu deinstallieren bzw. zu löschen. Bitte schildere dein Problem so genau wie möglich. Sollte es ein Trojaner oder Viren Problem sein wird ein Experte Dir bei der Beseitigug der Infektion helfen. |
 |
08.06.2010, 20:06
| #1 |
 |  Icq-Bild-Virus Guten Abend, als ich mich vorhing in ICQ einloggte, versendete der Rechner automatisch lauter Nachrichten alá "wie findest du dieses Bild?". Habe dann durch meinen Bruder erfahren, dass er solch einen Link angeklickt hat. Ich habe nun mit CCleaner System gereinigt, Avira Scan gemacht (1 Fund: 'JAVA/Dldr.Agent.D' [virus]. in Quarantäne gesetzt und dann gelöscht), Quick Scan mit MAB, morgen folgt Full-Scan. Keine Infektionen. Und ICQ deinstalliert  -> Versendet immer noch Nachrichten, will mich nicht mehr einloggen, nicht, dass alle Freunde das auch noch anklicken. ->Habe nun mit RSIT gemacht (Anhang wäre zu groß-> Code) Hoffe es findet sich ein Netter, der sich das mal anschaut und der Virus entfernt wird. [CODE]info.txtRSIT Logfile: Code:
ATTFilter logfile of random's system information tool 1.06 2010-06-08 20:33:19
======Uninstall list======
-->C:\Program Files\Nero\Nero 7\nero\uninstall\UNNERO.exe /UNINSTALL
-->C:\Windows\IsUninst.exe -f"C:\Program Files\Total War\Medieval - Total War (Demo Version)\Uninst.isu"
-->C:\Windows\UNNeroBackItUp.exe /UNINSTALL
-->C:\Windows\UNNeroMediaHome.exe /UNINSTALL
-->C:\Windows\UNNeroShowTime.exe /UNINSTALL
-->C:\Windows\UNNeroVision.exe /UNINSTALL
-->C:\Windows\UNRecode.exe /UNINSTALL
-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{2638924D-DC58-4C40-BB1C-48C2B24B7B1B}\Setup.exe" -L0x7
-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{52739387-B81C-4C55-9593-EB7A1044A657}\Setup.exe" -L0x7
32 Bit HP CIO Components Installer-->MsiExec.exe /I{2614F54E-A828-49FA-93BA-45A3F756BFAA}
3D TippTrainer-->"C:\Program Files\Franzis\3D TippTrainer\unins000.exe"
7-Zip 4.57-->"C:\Program Files\7-Zip\Uninstall.exe"
Activation Assistant for the 2007 Microsoft Office suites-->"C:\ProgramData\{174892B1-CBE7-44F5-86FF-AB555EFD73A3}\Microsoft Office Activation Assistant.exe" REMOVE=TRUE MODIFY=FALSE
Adobe Flash Player 10 ActiveX-->C:\Windows\system32\Macromed\Flash\uninstall_activeX.exe
Adobe Flash Player 10 Plugin-->C:\Windows\system32\Macromed\Flash\uninstall_plugin.exe
Adobe Reader 9.3.2 - Deutsch-->MsiExec.exe /I{AC76BA86-7AD7-1031-7B44-A93000000001}
Adobe Shockwave Player 11.5-->"C:\Windows\system32\Adobe\Shockwave 11\uninstaller.exe"
Advanced SystemCare 3-->"C:\Program Files\IObit\Advanced SystemCare 3\unins000.exe"
Apple Mobile Device Support-->MsiExec.exe /I{C337BDAF-CB4E-47E2-BE1A-CB31BB7DD0E3}
Apple Software Update-->MsiExec.exe /I{6956856F-B6B3-4BE0-BA0B-8F495BE32033}
ArchiCrypt Rescue-Master 2008 Version 1.0.6.1293-->"F:\Rescue Master 2008\unins000.exe"
ArcSoft PhotoStudio Suite v2.0-->C:\Windows\IsUn0407.exe -f"C:\Program Files\ArcSoft\PhotoStudio Suite\Uninst.isu"
Avira AntiVir Personal - Free Antivirus-->C:\Program Files\Avira\AntiVir Desktop\setup.exe /REMOVE
Bonjour-->MsiExec.exe /I{07287123-B8AC-41CE-8346-3D777245C35B}
Brain Workshop 4.12-->"C:\Program Files\Brain Workshop\unins000.exe"
CCleaner-->"C:\Program Files\CCleaner\uninst.exe"
Compatibility Pack für 2007 Office System-->MsiExec.exe /X{90120000-0020-0407-0000-0000000FF1CE}
DHTML Editing Component-->MsiExec.exe /I{2EA870FA-585F-4187-903D-CB9FFD21E2E0}
Disc2Phone-->MsiExec.exe /I{FFAB5ABB-8AAB-42E2-847F-1743E51E01E9}
DivX-Setup-->C:\ProgramData\DivX\Setup\DivXSetup.exe /uninstall /bundleGroupId divx.com
DVDVideoSoft Toolbar-->C:\PROGRA~1\DVDVID~1\UNWISE.EXE /U C:\PROGRA~1\DVDVID~1\INSTALL.LOG
Eisenbahn.exe Professional 2.43 Premium-->C:\PROGRA~1\Trend\EEP243\Unwise.exe /U C:\PROGRA~1\Trend\EEP243\install.log
Favorit-->c:\users\mühlhauser\appdata\local\ykuykyw.bat
FileZilla Client 3.3.2.1-->C:\Program Files\FileZilla FTP Client\uninstall.exe
Finale Allegro 2007 Demo-->C:\Program Files\Finale Allegro 2007 Demo\uninstallAllegro.exe
Forte Free 2.0-->C:\Program Files\Lugert Verlag\Forte Free\Unwise32.EXE C:\PROGRA~1\LUGERT~1\FORTEF~1\Install.LOG
Free Studio version 4.3-->"C:\Program Files\DVDVideoSoft\Free Studio\unins000.exe"
Free Video to Flash Converter version 3.2-->"C:\Program Files\DVDVideoSoft\Free Video to Flash Converter\unins000.exe"
Free Video to Mp3 Converter version 2.9-->"C:\Program Files\DVDVideoSoft\Free Video to Mp3 Converter\unins000.exe"
Free YouTube Download 2.2-->"C:\Program Files\DVDVideoSoft\Free YouTube Download\unins000.exe"
Free YouTube to Mp3 Converter version 2.5-->"C:\Program Files\DVDVideoSoft\Free YouTube to Mp3 Converter\unins000.exe"
FujiFilm iX-1 Camera Driver-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{64F38F19-7E12-4364-B00D-508EE72BE34D}\setup.exe"
FujiFilm iX-1-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{59A97880-A591-447B-879A-F27D75DD79A5}\Setup.exe"
GIMP 2.6.7-->"C:\Program Files\GIMP-2.0\setup\unins000.exe"
GNU Solfege 3.16.0-->"C:\Program Files\GNU Solfege\unins000.exe"
Google Desktop-->C:\Program Files\Google\Google Desktop Search\GoogleDesktopSetup.exe -uninstall
Google Earth-->MsiExec.exe /X{F7B0939E-58DF-11DF-B3A6-005056806466}
Google Toolbar for Internet Explorer-->"C:\Program Files\Google\Google Toolbar\Component\GoogleToolbarManager_E85CDE7661A53A6A.exe" /uninstall
Google Toolbar for Internet Explorer-->MsiExec.exe /I{18455581-E099-4BA8-BC6B-F34B2F06600C}
Google Update Helper-->MsiExec.exe /I{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}
Google Updater-->"C:\Program Files\Google\Google Updater\GoogleUpdater.exe" -uninstall
GraphCalc v4.0.1-->"C:\Program Files\GraphCalc\unins000.exe"
Haufe iDesk-Browser-->MsiExec.exe /X{F48AAE0F-52F4-11DD-B1F7-0050560400B1}
Haufe iDesk-Service-->MsiExec.exe /X{D5C8E140-6E6F-11DD-9AA9-0050560400B1}
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB953595)-->C:\Windows\system32\msiexec.exe /package {CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9} /uninstall /qb+ REBOOTPROMPT=""
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB958484)-->C:\Windows\system32\msiexec.exe /package {CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9} /uninstall {A7EEA2F2-BFCD-4A54-A575-7B81A786E658} /qb+ REBOOTPROMPT=""
HP Customer Participation Program 8.0-->C:\Program Files\HP\Digital Imaging\ExtCapUninstall\hpzscr01.exe -datfile hpqhsc01.dat
HP Imaging Device Functions 8.0-->C:\Program Files\HP\Digital Imaging\DeviceManagement\hpzscr01.exe -datfile hpqbud01.dat
HP OCR Software 8.0-->C:\Program Files\HP\Digital Imaging\OCR\hpzscr01.exe -datfile hpqbud11.dat
HP Photosmart Essential-->MsiExec.exe /X{EB21A812-671B-4D08-B974-2A347F0D8F70}
HP Photosmart, Officejet, PSC and Deskjet All-In-One Driver Software 8.0.B-->C:\Program Files\HP\Digital Imaging\{C916D86C-AB76-49c7-B0E4-A946E0FD9BC2}\setup\hpzscr01.exe -datfile hposcr19.dat -onestop -showdisconnect -forcereboot
HP Product Assistant-->MsiExec.exe /I{36FDBE6E-6684-462B-AE98-9A39A1B200CC}
HP Solution Center 8.0-->C:\Program Files\HP\Digital Imaging\eSupport\hpzscr01.exe -datfile hpqbud05.dat
HP Update-->MsiExec.exe /X{74DC0593-6BC6-4001-AD5F-D810AFB68D86}
Indeo® software-->C:\Windows\IsUninst.exe -f"C:\Program Files\Intel\Indeo\Uninst.isu" -c"C:\Program Files\Intel\Indeo\SavedSystemFiles\indounin.dll"
Internet Explorer Developer Toolbar-->MsiExec.exe /I{E7081891-BC7F-43F9-9CE6-B5DD2F497156}
IObitCom Toolbar-->C:\PROGRA~1\IObitCom\UNWISE.EXE /U C:\PROGRA~1\IObitCom\INSTALL.LOG
iTunes-->MsiExec.exe /I{99ECF41F-5CCA-42BD-B8B8-A8333E2E2944}
Japanese Fonts Support For Adobe Reader 8-->MsiExec.exe /I{AC76BA86-7AD7-5760-0000-800000000003}
Java(TM) 6 Update 20-->MsiExec.exe /X{26A24AE4-039D-4CA4-87B4-2F83216011FF}
Java(TM) 6 Update 3-->MsiExec.exe /I{3248F0A8-6813-11D6-A77B-00B0D0160030}
Java(TM) 6 Update 5-->MsiExec.exe /I{3248F0A8-6813-11D6-A77B-00B0D0160050}
Java(TM) 6 Update 7-->MsiExec.exe /I{3248F0A8-6813-11D6-A77B-00B0D0160070}
Lexware buchhalter 2008-->C:\Program Files\InstallShield Installation Information\{E98371BD-6C0D-463E-B004-E6303F9A34A7}\setup.exe -runfromtemp -l0x0007 -removeonly
Lexware buchhalter Servicepack 2008, Version 13.50-->C:\Program Files\InstallShield Installation Information\{FF1B3317-EADD-4AC3-BE54-37265FC9A133}\setup.exe -runfromtemp -l0x0007 -removeonly
Lexware Info Service-->MsiExec.exe /X{59624372-3B85-47f4-9B04-4911E551DF1E}
Lexware reisekosten 2008-->C:\Program Files\InstallShield Installation Information\{8CE37484-B5C2-497E-8501-D339F1D828CC}\Setup.exe -runfromtemp -l0x0007 -removeonly
Malwarebytes' Anti-Malware-->"C:\Program Files\Malwarebytes' Anti-Malware\unins000.exe"
MEDIONbox-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\10\50\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{27FDF949-69CE-435A-8372-339F72336AC5}\setup.exe" -l0x7 -removeonly
Microsoft .NET Framework 1.1 German Language Pack-->MsiExec.exe /X{E78BFA60-5393-4C38-82AB-E8019E464EB4}
Microsoft .NET Framework 1.1 Security Update (KB953297)-->"C:\Windows\Microsoft.NET\Framework\v1.1.4322\Updates\hotfix.exe" "C:\Windows\Microsoft.NET\Framework\v1.1.4322\Updates\M953297\M953297Uninstall.msp"
Microsoft .NET Framework 1.1-->msiexec.exe /X {CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}
Microsoft .NET Framework 1.1-->MsiExec.exe /X{CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}
Microsoft .NET Framework 3.5 Language Pack SP1 - DEU-->c:\Windows\Microsoft.NET\Framework\v3.5\Microsoft .NET Framework 3.5 Language Pack SP1 - deu\setup.exe
Microsoft .NET Framework 3.5 Language Pack SP1 - deu-->MsiExec.exe /I{052FDD78-A6EA-3187-8386-C82F4CA3A929}
Microsoft .NET Framework 3.5 SP1-->c:\Windows\Microsoft.NET\Framework\v3.5\Microsoft .NET Framework 3.5 SP1\setup.exe
Microsoft .NET Framework 3.5 SP1-->MsiExec.exe /I{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}
Microsoft Encarta 99 Enzyklopädie-->RunDll32 C:\PROGRA~1\MICROS~4\ENCART~1\UNENC99.DLL,Uninstall C:\PROGRA~1\MICROS~4\ENCART~1\SETUP99D\INST99D.LOG
Microsoft Mathe 3.0-->MsiExec.exe /I{07103848-8EBE-4287-85D8-8EC76D88B906}
Microsoft Office 2007 Service Pack 2 (SP2)-->msiexec /package {90120000-0016-0407-0000-0000000FF1CE} /uninstall {9BD40163-B95D-4B07-8991-0AB775B6D88B}
Microsoft Office 2007 Service Pack 2 (SP2)-->msiexec /package {90120000-0018-0407-0000-0000000FF1CE} /uninstall {9BD40163-B95D-4B07-8991-0AB775B6D88B}
Microsoft Office 2007 Service Pack 2 (SP2)-->msiexec /package {90120000-001B-0407-0000-0000000FF1CE} /uninstall {9BD40163-B95D-4B07-8991-0AB775B6D88B}
Microsoft Office 2007 Service Pack 2 (SP2)-->msiexec /package {90120000-006E-0407-0000-0000000FF1CE} /uninstall {26454C26-D259-4543-AA60-3189E09C5F76}
Microsoft Office 2007 Service Pack 2 (SP2)-->msiexec /package {90120000-00A1-0407-0000-0000000FF1CE} /uninstall {9BD40163-B95D-4B07-8991-0AB775B6D88B}
Microsoft Office 2007 Service Pack 2 (SP2)-->msiexec /package {91120000-002F-0000-0000-0000000FF1CE} /uninstall {0B36C6D6-F5D8-4EAF-BF94-4376A230AD5B}
Microsoft Office Excel MUI (German) 2007-->MsiExec.exe /X{90120000-0016-0407-0000-0000000FF1CE}
Microsoft Office Home and Student 2007-->"C:\Program Files\Common Files\Microsoft Shared\OFFICE12\Office Setup Controller\setup.exe" /uninstall HOMESTUDENTR /dll OSETUP.DLL
Microsoft Office Home and Student 2007-->MsiExec.exe /X{91120000-002F-0000-0000-0000000FF1CE}
Microsoft Office Live Add-in 1.5-->MsiExec.exe /I{F40BBEC7-C2A4-4A00-9B24-7A055A2C5262}
Microsoft Office OneNote MUI (German) 2007-->MsiExec.exe /X{90120000-00A1-0407-0000-0000000FF1CE}
Microsoft Office PowerPoint MUI (German) 2007-->MsiExec.exe /X{90120000-0018-0407-0000-0000000FF1CE}
Microsoft Office PowerPoint Viewer 2007 (German)-->MsiExec.exe /X{95120000-00AF-0407-0000-0000000FF1CE}
Microsoft Office Proof (English) 2007-->MsiExec.exe /X{90120000-001F-0409-0000-0000000FF1CE}
Microsoft Office Proof (French) 2007-->MsiExec.exe /X{90120000-001F-040C-0000-0000000FF1CE}
Microsoft Office Proof (German) 2007-->MsiExec.exe /X{90120000-001F-0407-0000-0000000FF1CE}
Microsoft Office Proof (Italian) 2007-->MsiExec.exe /X{90120000-001F-0410-0000-0000000FF1CE}
Microsoft Office Proofing (German) 2007-->MsiExec.exe /X{90120000-002C-0407-0000-0000000FF1CE}
Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)-->msiexec /package {90120000-001F-0407-0000-0000000FF1CE} /uninstall {A0516415-ED61-419A-981D-93596DA74165}
Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)-->msiexec /package {90120000-001F-0409-0000-0000000FF1CE} /uninstall {ABDDE972-355B-4AF1-89A8-DA50B7B5C045}
Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)-->msiexec /package {90120000-001F-040C-0000-0000000FF1CE} /uninstall {F580DDD5-8D37-4998-968E-EBB76BB86787}
Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)-->msiexec /package {90120000-001F-0410-0000-0000000FF1CE} /uninstall {322296D4-1EAE-4030-9FBC-D2787EB25FA2}
Microsoft Office Shared MUI (German) 2007-->MsiExec.exe /X{90120000-006E-0407-0000-0000000FF1CE}
Microsoft Office Word MUI (German) 2007-->MsiExec.exe /X{90120000-001B-0407-0000-0000000FF1CE}
Microsoft Silverlight-->MsiExec.exe /X{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}
Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053-->MsiExec.exe /X{770657D0-A123-3C07-8E44-1C83EC895118}
Microsoft Visual C++ 2005 Redistributable-->MsiExec.exe /X{7299052b-02a4-4627-81f2-1818da5d550d}
Microsoft Visual C++ 2008 ATL Update kb973924 - x86 9.0.30729.4148-->MsiExec.exe /X{002D9D5E-29BA-3E6D-9BC4-3D7D6DBC735C}
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17-->MsiExec.exe /X{9A25302D-30C0-39D9-BD6F-21E6EC160475}
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148-->MsiExec.exe /X{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}
Microsoft Visual J# .NET Redistributable Package 1.1-->MsiExec.exe /X{1A655D51-1423-48A3-B748-8F5A0BE294C8}
Microsoft Works-->MsiExec.exe /I{39D0E034-1042-4905-BECB-5502909FCB7C}
mIRC-->C:\Program Files\mIRC\uninstall.exe _?=C:\Program Files\mIRC
Mozilla Firefox (3.6.3)-->C:\Program Files\Mozilla Firefox\uninstall\helper.exe
MSXML 4.0 SP2 (KB925672)-->MsiExec.exe /I{A9CF9052-F4A0-475D-A00F-A8388C62DD63}
MSXML 4.0 SP2 (KB927978)-->MsiExec.exe /I{37477865-A3F1-4772-AD43-AAFC6BCFF99F}
MSXML 4.0 SP2 (KB936181)-->MsiExec.exe /I{C04E32E0-0416-434D-AFB9-6969D703A9EF}
MSXML 4.0 SP2 (KB941833)-->MsiExec.exe /I{C523D256-313D-4866-B36A-F3DE528246EF}
MSXML 4.0 SP2 (KB954430)-->MsiExec.exe /I{86493ADD-824D-4B8E-BD72-8C5DCDC52A71}
MSXML 4.0 SP2 (KB973688)-->MsiExec.exe /I{F662A8E6-F4DC-41A2-901E-8C11F044BDEC}
Nero 7 Essentials-->MsiExec.exe /I{37BA50EE-C851-4394-93DD-A0A611891031}
OGA Notifier 2.0.0048.0-->MsiExec.exe /I{B2544A03-10D0-4E5E-BA69-0362FFC20D18}
Optical Mousemate V1.0-->C:\PROGRA~1\OPTICA~1\UNINSTAL.EXE
Picasa 3-->"C:\Program Files\Picasa2\Uninstall.exe"
QuickSteuer Deluxe 2008-->C:\Program Files\InstallShield Installation Information\{A9358EEE-34F1-4553-9382-7914D6A4B42C}\Setup.exe -runfromtemp -l0x0007 -removeonly
QuickSteuer Deluxe 2009-->C:\Program Files\InstallShield Installation Information\{89863727-B08E-401F-995B-14398B28DE3D}\Setup.exe -runfromtemp -l0x0007 -removeonly
QuickSteuer Deluxe 2010-->MsiExec.exe /X{DEE03A90-C723-4E3D-A661-86651D6F0668}
QuickSteuer DELUXE Wissens-Center 2008-->MsiExec.exe /X{07B64A55-B552-4F34-A904-DBFD810B752B}
QuickSteuer DELUXE Wissens-Center 2009-->MsiExec.exe /X{353EA50E-26A0-4ADD-A12A-3FE2E59E5BB3}
QuickTime-->MsiExec.exe /I{C78EAC6F-7A73-452E-8134-DBB2165C5A68}
RealPlayer-->C:\Program Files\Common Files\Real\Update_OB\r1puninst.exe RealNetworks|RealPlayer|12.0
Realtek High Definition Audio Driver-->RtlUpd.exe -r -m
Rome - Total War - Gold Edition-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\11\50\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{2E97F7E8-ABDE-4E0D-B0AD-B6B4BAD89E24}\setup.exe" -l0x7 -removeonly
Samsung Mobile phone USB driver Software-->C:\Windows\system32\Samsung_USB_Drivers\5\SSSDUninstall.exe
SAMSUNG Mobile USB Modem 1.0 Software-->C:\Windows\system32\Samsung_USB_Drivers\1\SS_Uninstall.exe
SAMSUNG Mobile USB Modem Software-->C:\Windows\system32\Samsung_USB_Drivers\2\SSM_Uninstall.exe
Samsung PC Studio 3-->"C:\Program Files\InstallShield Installation Information\{C4A4722E-79F9-417C-BD72-8D359A090C97}\setup.exe" -runfromtemp -l0x0007 -removeonly
Schnell Schreiben 3.4.4-->"C:\Program Files\AB-Tools.com\Schnell Schreiben\unins000.exe"
Security Update for 2007 Microsoft Office System (KB969559)-->msiexec /package {91120000-002F-0000-0000-0000000FF1CE} /uninstall {69F52148-9BF6-4CDC-BF76-103DEAF3DD08}
Security Update for 2007 Microsoft Office System (KB976321)-->msiexec /package {91120000-002F-0000-0000-0000000FF1CE} /uninstall {7F207DCA-3399-40CB-A968-6E5991B1421A}
Security Update for 2007 Microsoft Office System (KB978380)-->msiexec /package {91120000-002F-0000-0000-0000000FF1CE} /uninstall {667A88D1-0369-4070-A62A-70672D68A9BF}
Security Update for Microsoft Office Excel 2007 (KB978382)-->msiexec /package {91120000-002F-0000-0000-0000000FF1CE} /uninstall {6DE3DABF-0203-426B-B330-7287D1003E86}
Security Update for Microsoft Office PowerPoint 2007 (KB957789)-->msiexec /package {91120000-002F-0000-0000-0000000FF1CE} /uninstall {7559E742-FF9F-4FAE-B279-008ED296CB4D}
Security Update for Microsoft Office system 2007 (972581)-->msiexec /package {91120000-002F-0000-0000-0000000FF1CE} /uninstall {3D019598-7B59-447A-80AE-815B703B84FF}
Security Update for Microsoft Office system 2007 (KB969613)-->msiexec /package {91120000-002F-0000-0000-0000000FF1CE} /uninstall {5ECEB317-CBE9-4E08-AB10-756CB6F0FB6C}
Security Update for Microsoft Office system 2007 (KB974234)-->msiexec /package {91120000-002F-0000-0000-0000000FF1CE} /uninstall {FCD742B9-7A55-44BC-A776-F795F21FEDDC}
Security Update for Microsoft Office Visio Viewer 2007 (KB973709)-->msiexec /package {91120000-002F-0000-0000-0000000FF1CE} /uninstall {71127777-8B2C-4F97-AF7A-6CF8CAC8224D}
Shop for HP Supplies-->C:\Program Files\HP\Digital Imaging\HPSSupply\hpzscr01.exe -datfile hpqbud16.dat
Skype™ 4.1-->MsiExec.exe /X{D103C4BA-F905-437A-8049-DB24763BBE36}
SopCast 3.2.4-->C:\Program Files\SopCast\uninst.exe
Spelling Dictionaries Support For Adobe Reader 9-->MsiExec.exe /I{AC76BA86-7AD7-5464-3428-900000000004}
StarOffice 8 Product Update 11-->MsiExec.exe /X{3D15064D-4371-4FCC-B9E6-F79D6CBFDDD4}
StarOffice 8-->MsiExec.exe /I{87E01B1B-92A0-416F-9F8E-9BE921A05F9F}
Stronghold-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{C917BA70-28A3-4C74-B163-41FD8C8E1A5A}\Setup.exe"
System Explorer 1.5-->"C:\Program Files\System Explorer\unins000.exe"
T-Online 6.0-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{B1275E23-717A-4D52-997A-1AD1E24BC7F3}\Setup.exe" CPAS
TVAnts 1.0-->C:\PROGRA~1\TVAnts\UNWISE.EXE C:\PROGRA~1\TVAnts\INSTALL.LOG
TVUPlayer 2.5.0.1-->C:\Program Files\TVUPlayer\uninst.exe
UEFA 2008 (en) Screen Saver-->C:\Windows\system32\UEFA 2008 (en).scr /u
Uniblue ProcessScanner-->"C:\Program Files\Uniblue\ProcessScanner\unins000.exe"
Uninstall 1.0.0.0-->"C:\Program Files\Common Files\DVDVideoSoft\unins000.exe"
Update for 2007 Microsoft Office System (KB967642)-->msiexec /package {91120000-002F-0000-0000-0000000FF1CE} /uninstall {C444285D-5E4F-48A4-91DD-47AAAA68E92D}
Update for 2007 Microsoft Office System (KB981715)-->msiexec /package {91120000-002F-0000-0000-0000000FF1CE} /uninstall {661B3F32-FFE4-4606-AE3A-DFA11DCC0D79}
Update for Microsoft .NET Framework 3.5 SP1 (KB963707)-->C:\Windows\system32\msiexec.exe /package {CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9} /uninstall {B2AE9C82-DC7B-3641-BFC8-87275C4F3607} /qb+ REBOOTPROMPT=""
Update for Microsoft Office InfoPath 2007 (KB976416)-->msiexec /package {91120000-002F-0000-0000-0000000FF1CE} /uninstall {432C5EE4-8096-4FF1-95E1-65219365DFF7}
Update for Microsoft Office OneNote 2007 (KB980729)-->msiexec /package {91120000-002F-0000-0000-0000000FF1CE} /uninstall {329050A9-EF80-40F9-B633-74508F54C1FF}
Update for Microsoft Office Word 2007 (KB974561)-->msiexec /package {91120000-002F-0000-0000-0000000FF1CE} /uninstall {0CDDBAA2-2111-4A0E-A1B0-76C40C635331}
Update für Microsoft Office Excel 2007 Help (KB963678)-->msiexec /package {90120000-0016-0407-0000-0000000FF1CE} /uninstall {BEC163EC-7A83-48A1-BFB6-3BF47CC2F8CF}
Update für Microsoft Office Powerpoint 2007 Help (KB963669)-->msiexec /package {90120000-0018-0407-0000-0000000FF1CE} /uninstall {EA160DA3-E9B5-4D03-A518-21D306665B96}
Update für Microsoft Office Word 2007 Help (KB963665)-->msiexec /package {90120000-001B-0407-0000-0000000FF1CE} /uninstall {38472199-D7B6-4833-A949-10E4EE6365A1}
VC80CRTRedist - 8.0.50727.4053-->MsiExec.exe /I{5EE7D259-D137-4438-9A5F-42F432EC0421}
Video Creator-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{3BF20AC5-767D-4FCA-B7DF-6EEDA2937BED}\setup.exe"
Windows Live ID-Anmelde-Assistent-->MsiExec.exe /X{0840B4D6-7DD1-4187-8523-E6FC0007EFB7}
Windows Live-Uploadtool-->MsiExec.exe /I{205C6BDD-7B73-42DE-8505-9A093F35A238}
Windows Media Player Firefox Plugin-->MsiExec.exe /I{69FDFBB6-351D-4B8C-89D8-867DC9D0A2A4}
Worms 3D-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{E7C25968-B418-4529-A389-E5DFCE792917}\setup.exe" -l0x7
======Security center information======
AS: Windows-Defender (disabled)
======System event log======
Computer Name: XXX-PC
Event Code: 4374
Message: Windows-Wartung hat erkannt, dass das Paket KB979306(Update) nicht für dieses System geeignet ist.
Record Number: 482680
Source Name: Microsoft-Windows-Servicing
Time Written: 20100224123140.000000-000
Event Type: Warnung
User: NT-AUTORITÄT\SYSTEM
Computer Name: XXX-PC
Event Code: 4374
Message: Windows-Wartung hat erkannt, dass das Paket KB979306(Update) nicht für dieses System geeignet ist.
Record Number: 482679
Source Name: Microsoft-Windows-Servicing
Time Written: 20100224123140.000000-000
Event Type: Warnung
User: NT-AUTORITÄT\SYSTEM
Computer Name: XXX-PC
Event Code: 4374
Message: Windows-Wartung hat erkannt, dass das Paket KB979306(Update) nicht für dieses System geeignet ist.
Record Number: 482678
Source Name: Microsoft-Windows-Servicing
Time Written: 20100224123140.000000-000
Event Type: Warnung
User: NT-AUTORITÄT\SYSTEM
Computer Name: XXX-PC
Event Code: 4374
Message: Windows-Wartung hat erkannt, dass das Paket KB979306(Update) nicht für dieses System geeignet ist.
Record Number: 482677
Source Name: Microsoft-Windows-Servicing
Time Written: 20100224123140.000000-000
Event Type: Warnung
User: NT-AUTORITÄT\SYSTEM
Computer Name: XXX-PC
Event Code: 4371
Message: Windows-Wartung hat begonnen, den Status des Pakets KB979306(Update) von Nicht vorhanden(Absent) in Bereitgestellt(Staged) zu ändern.
Record Number: 482676
Source Name: Microsoft-Windows-Servicing
Time Written: 20100224123139.000000-000
Event Type: Informationen
User: NT-AUTORITÄT\SYSTEM
=====Application event log=====
Computer Name: XXX-PC
Event Code: 1001
Message: Die Leistungsindikatoren für den Dienst WmiApRpl (WmiApRpl) wurden entfernt. Die Daten enthalten die neuen Werte der Registrierungseinträge "Last Counter" und "Last Help".
Record Number: 87739
Source Name: Microsoft-Windows-LoadPerf
Time Written: 20090719171604.000000-000
Event Type: Informationen
User:
Computer Name: XXX-PC
Event Code: 0
Message:
Record Number: 87738
Source Name: gusvc
Time Written: 20090719171536.000000-000
Event Type: Informationen
User:
Computer Name: XXX-PC
Event Code: 1
Message: Der Windows-Sicherheitscenterdienst wurde gestartet.
Record Number: 87737
Source Name: SecurityCenter
Time Written: 20090719171436.000000-000
Event Type: Informationen
User:
Computer Name: XXX-PC
Event Code: 0
Message:
Record Number: 87736
Source Name: gusvc
Time Written: 20090719171435.000000-000
Event Type: Informationen
User:
Computer Name: XXX-PC
Event Code: 0
Message:
Record Number: 87735
Source Name: hpqddsvc
Time Written: 20090719171236.000000-000
Event Type: Informationen
User:
Code:
ATTFilter Logfile of random's system information tool 1.07 (written by random/random) Run by XXX at 2010-06-08 20:39:41 Microsoft® Windows Vista™ Home Premium Service Pack 2 System drive C: has 279 GB (85%) free of 328 GB Total RAM: 1919 MB (41% free) Logfile of Trend Micro HijackThis v2.0.4 Scan saved at 20:39:49, on 08.06.2010 Platform: Windows Vista SP2 (WinNT 6.00.1906) MSIE: Internet Explorer v8.00 (8.00.6001.18904) Boot mode: Normal Running processes: C:\Windows\system32\Dwm.exe C:\Windows\Explorer.EXE C:\Windows\system32\taskeng.exe C:\Program Files\Windows Defender\MSASCui.exe C:\Windows\RtHDVCpl.exe C:\Program Files\Common Files\Gnab\Service\GnabTray.exe C:\Program Files\HP\HP Software Update\hpwuSchd2.exe C:\Program Files\Avira\AntiVir Desktop\avgnt.exe C:\Program Files\Common Files\Java\Java Update\jusched.exe C:\Windows\System32\wpcumi.exe C:\Program Files\DivX\DivX Update\DivXUpdate.exe C:\Program Files\Common Files\Lexware\Update Manager\LxUpdateManager.exe C:\Windows\ehome\ehtray.exe C:\Program Files\System Explorer\SystemExplorer.exe C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\MOM.EXE C:\Windows\ehome\ehmsas.exe C:\Users\Public\winscdvn.exe C:\Program Files\HP\Digital Imaging\bin\hpqSTE08.exe C:\Program Files\HP\Digital Imaging\bin\hpqbam08.exe C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CCC.exe C:\Windows\system32\conime.exe C:\Users\Mühlhauser\Downloads\RSIT.exe C:\Program Files\trend micro\XXX.exe R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = xttp://go.microsoft.com/fwlink/?LinkId=54896 R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = xttp://www.google.de/ R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = xttp://www.medion.com/ R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = xttp://go.microsoft.com/fwlink/?LinkId=54896 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = xttp://go.microsoft.com/fwlink/?LinkId=54896 R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = xttp://go.microsoft.com/fwlink/?LinkId=69157 R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch = R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = R3 - URLSearchHook: Yahoo! Toolbar mit Pop-Up-Blocker - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - (no file) R3 - URLSearchHook: PHPNukeDE Toolbar - {c9508125-4747-4733-b048-e4b82dc9716d} - (no file) R3 - URLSearchHook: (no name) - - (no file) R3 - URLSearchHook: IObitCom Toolbar - {31c7d459-9cc3-44f2-9dca-fc11795309b4} - C:\Program Files\IObitCom\tbIObi.dll R3 - URLSearchHook: DVDVideoSoft Toolbar - {e9911ec6-1bcc-40b0-9993-e0eea7f6953f} - C:\Program Files\DVDVideoSoft\tbDVDV.dll O1 - Hosts: ::1 localhost O2 - BHO: XTTBPos00 Class - {055FD26D-3A88-4e15-963D-DC8493744B1D} - (no file) O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll O2 - BHO: RealPlayer Download and Record Plugin for Internet Explorer - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\Program Files\Real\RealPlayer\rpbrowserrecordplugin.dll O2 - BHO: IObitCom Toolbar - {31c7d459-9cc3-44f2-9dca-fc11795309b4} - C:\Program Files\IObitCom\tbIObi.dll O2 - BHO: Windows Live ID-Anmelde-Hilfsprogramm - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.5.4723.1820\swg.dll O2 - BHO: PHPNukeDE Toolbar - {c9508125-4747-4733-b048-e4b82dc9716d} - (no file) O2 - BHO: IE Developer Toolbar BHO - {CC7E636D-39AA-49b6-B511-65413DA137A1} - C:\Program Files\Microsoft\Internet Explorer Developer Toolbar\IEDevToolbar.dll O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll O2 - BHO: DVDVideoSoft Toolbar - {e9911ec6-1bcc-40b0-9993-e0eea7f6953f} - C:\Program Files\DVDVideoSoft\tbDVDV.dll O3 - Toolbar: PHPNukeDE Toolbar - {c9508125-4747-4733-b048-e4b82dc9716d} - (no file) O3 - Toolbar: DVDVideoSoft Toolbar - {e9911ec6-1bcc-40b0-9993-e0eea7f6953f} - C:\Program Files\DVDVideoSoft\tbDVDV.dll O3 - Toolbar: Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll O4 - HKLM\..\Run: [Windows Defender] %ProgramFiles%\Windows Defender\MSASCui.exe -hide O4 - HKLM\..\Run: [RtHDVCpl] RtHDVCpl.exe O4 - HKLM\..\Run: [GnabTray] C:\Program Files\Common Files\Gnab\Service\GnabTray.exe -checkstart O4 - HKLM\..\Run: [Skytel] Skytel.exe O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\HP\HP Software Update\HPWuSchd2.exe O4 - HKLM\..\Run: [NeroFilterCheck] C:\Program Files\Common Files\Ahead\Lib\NeroCheck.exe O4 - HKLM\..\Run: [avgnt] "C:\Program Files\Avira\AntiVir Desktop\avgnt.exe" /min O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Common Files\Java\Java Update\jusched.exe" O4 - HKLM\..\Run: [WPCUMI] C:\Windows\system32\WpcUmi.exe O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe" O4 - HKLM\..\Run: [Adobe ARM] "C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot O4 - HKLM\..\Run: [DivXUpdate] "C:\Program Files\DivX\DivX Update\DivXUpdate.exe" /CHECKNOW O4 - HKLM\..\Run: [LexwareInfoService] C:\Program Files\Common Files\Lexware\Update Manager\LxUpdateManager.exe /autostart O4 - HKCU\..\Run: [StartCCC] C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe O4 - HKCU\..\Run: [ehTray.exe] C:\Windows\ehome\ehTray.exe O4 - HKCU\..\Run: [Google Update] "C:\Users\XXX\AppData\Local\Google\Update\GoogleUpdate.exe" /c O4 - HKCU\..\Run: [SystemExplorer] "C:\Program Files\System Explorer\SystemExplorer.exe" /TRAY O4 - HKCU\..\Run: [swg] "C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" O4 - HKCU\..\Run: [Windows Firewall Updates] C:\Users\Public\winscdvn.exe O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'LOKALER DIENST') O4 - HKUS\S-1-5-19\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter (User 'LOKALER DIENST') O4 - HKUS\S-1-5-19\..\Run: [InfoCockpit] C:\Program Files\T-Online\T-Online_Software_6\Info-Cockpit\IC_START.EXE /nosplash (User 'LOKALER DIENST') O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'NETZWERKDIENST') O4 - HKUS\S-1-5-18\..\Run: [InfoCockpit] C:\Program Files\T-Online\T-Online_Software_6\Info-Cockpit\IC_START.EXE /nosplash (User 'SYSTEM') O4 - HKUS\.DEFAULT\..\Run: [InfoCockpit] C:\Program Files\T-Online\T-Online_Software_6\Info-Cockpit\IC_START.EXE /nosplash (User 'Default user') O4 - Startup: AutorunsDisabled O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe O8 - Extra context menu item: Add to Google Photos Screensa&ver - res://C:\Windows\system32\GPhotos.scr/200 O8 - Extra context menu item: Google Sidewiki... - res://C:\Program Files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_96D6FF0C6D236BF8.dll/cmsidewiki.html O8 - Extra context menu item: Nach Microsoft &Excel exportieren - res://C:\PROGRA~1\MICROS~3\OFFICE11\EXCEL.EXE/3000 O8 - Extra context menu item: Nach Microsoft E&xel exportieren - res://C:\PROGRA~1\MICROS~3\Office12\EXCEL.EXE/3000 O9 - Extra button: (no name) - AutorunsDisabled - (no file) O9 - Extra button: An OneNote senden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~3\Office12\ONBttnIE.dll O9 - Extra 'Tools' menuitem: An OneNote s&enden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~3\Office12\ONBttnIE.dll O9 - Extra button: IE Developer Toolbar - {48FFE35F-36D9-44bd-A6CC-1D34414EAC0D} - C:\Program Files\Microsoft\Internet Explorer Developer Toolbar\IEDevToolbar.dll O10 - Unknown file in Winsock LSP: c:\windows\system32\wpclsp.dll O10 - Unknown file in Winsock LSP: c:\windows\system32\wpclsp.dll O10 - Unknown file in Winsock LSP: c:\windows\system32\wpclsp.dll O10 - Unknown file in Winsock LSP: c:\windows\system32\wpclsp.dll O10 - Unknown file in Winsock LSP: c:\windows\system32\wpclsp.dll O10 - Unknown file in Winsock LSP: c:\windows\system32\wpclsp.dll O10 - Unknown file in Winsock LSP: c:\windows\system32\wpclsp.dll O10 - Unknown file in Winsock LSP: c:\windows\system32\wpclsp.dll O10 - Unknown file in Winsock LSP: c:\windows\system32\wpclsp.dll O16 - DPF: {02BF25D5-8C17-4B23-BC80-D3488ABDDC6B} (QuickTime Object) - xttp://appldnld.apple.com.edgesuite.net/content.info.apple.com/QuickTime/qtactivex/qtplugin.cab O16 - DPF: {5D6F45B3-9043-443D-A792-115447494D24} (UnoCtrl Class) - http://messenger.zone.msn.com/DE-DE/a-UNO1/GAME_UNO1.cab O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - xttp://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab56907.cab O16 - DPF: {D0C0F75C-683A-4390-A791-1ACFD5599AB8} (Oberon Flash Game Host) - xttp://icq.oberon-media.com/Gameshell/GameHost/1.0/OberonGameHost.cab O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - xttp://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab O17 - HKLM\System\CCS\Services\Tcpip\..\{F025EAFD-A26D-4098-A476-9699D0CA24BB}: NameServer = 192.168.2.1 O18 - Protocol: haufereader - (no CLSID) - (no file) O20 - AppInit_DLLs: C:\PROGRA~1\Google\GOOGLE~2\GOEC62~1.DLL O22 - SharedTaskScheduler: Component Categories cache daemon - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\Windows\system32\browseui.dll O23 - Service: Avira AntiVir Planer (AntiVirSchedulerService) - Avira GmbH - C:\Program Files\Avira\AntiVir Desktop\sched.exe O23 - Service: Avira AntiVir Guard (AntiVirService) - Avira GmbH - C:\Program Files\Avira\AntiVir Desktop\avguard.exe O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe O23 - Service: Ati External Event Utility - ATI Technologies Inc. - C:\Windows\system32\Ati2evxx.exe O23 - Service: Bonjour-Dienst (Bonjour Service) - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe O23 - Service: Google Update Service (gupdate) (gupdate) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe O23 - Service: Google Software Updater (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe O23 - Service: iPod-Dienst (iPod Service) - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Common Files\LightScribe\LSSrvc.exe O23 - Service: NBService - Nero AG - C:\Program Files\Nero\Nero 7\Nero BackItUp\NBService.exe -- End of file - 11336 bytes ======Scheduled tasks folder====== C:\Windows\tasks\Google Software Updater.job C:\Windows\tasks\GoogleUpdateTaskMachineCore.job C:\Windows\tasks\GoogleUpdateTaskMachineUA.job C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-2172357726-1718783292-1392186010-1002Core.job C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-2172357726-1718783292-1392186010-1002UA.job C:\Windows\tasks\NSSstub.job C:\Windows\tasks\User_Feed_Synchronization-{1F89915D-5E81-4867-9ABF-51447C132B47}.job C:\Windows\tasks\User_Feed_Synchronization-{88D7508A-E19D-4251-9830-70FC4DCAA041}.job ======Registry dump====== [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{055FD26D-3A88-4e15-963D-DC8493744B1D}] XTTBPos00 Class [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{18DF081C-E8AD-4283-A596-FA578C2EBDC3}] Adobe PDF Link Helper - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll [2010-04-04 75200] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{3049C3E9-B461-4BC5-8870-4C09146192CA}] RealPlayer Download and Record Plugin for Internet Explorer - C:\Program Files\Real\RealPlayer\rpbrowserrecordplugin.dll [2010-02-09 329312] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{31c7d459-9cc3-44f2-9dca-fc11795309b4}] IObitCom Toolbar - C:\Program Files\IObitCom\tbIObi.dll [2009-10-01 2166296] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{9030D464-4C02-4ABF-8ECC-5164760863C6}] Windows Live ID-Anmelde-Hilfsprogramm - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll [2009-08-18 403840] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{AA58ED58-01DD-4d91-8333-CF10577473F7}] Google Toolbar Helper - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll [2010-03-30 279664] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{AF69DE43-7D58-4638-B6FA-CE66B5AD205D}] Google Toolbar Notifier BHO - C:\Program Files\Google\GoogleToolbarNotifier\5.5.4723.1820\swg.dll [2010-03-30 812528] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{c9508125-4747-4733-b048-e4b82dc9716d}] PHPNukeDE Toolbar [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{CC7E636D-39AA-49b6-B511-65413DA137A1}] IE Developer Toolbar BHO - C:\Program Files\Microsoft\Internet Explorer Developer Toolbar\IEDevToolbar.dll [2007-03-01 623992] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{DBC80044-A445-435b-BC74-9C25C1C588A9}] Java(tm) Plug-In 2 SSV Helper - C:\Program Files\Java\jre6\bin\jp2ssv.dll [2010-04-12 41760] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{e9911ec6-1bcc-40b0-9993-e0eea7f6953f}] DVDVideoSoft Toolbar - C:\Program Files\DVDVideoSoft\tbDVDV.dll [2009-12-31 2349080] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar] {c9508125-4747-4733-b048-e4b82dc9716d} - [] {e9911ec6-1bcc-40b0-9993-e0eea7f6953f} - DVDVideoSoft Toolbar - C:\Program Files\DVDVideoSoft\tbDVDV.dll [2009-12-31 2349080] {2318C2B1-4965-11d4-9B18-009027A5CD4F} - Google Toolbar - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll [2010-03-30 279664] [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run] "Windows Defender"=C:\Program Files\Windows Defender\MSASCui.exe [2008-01-19 1008184] "RtHDVCpl"=C:\Windows\RtHDVCpl.exe [2007-08-17 4702208] "GnabTray"=C:\Program Files\Common Files\Gnab\Service\GnabTray.exe [2007-04-13 327680] "Skytel"=C:\Windows\Skytel.exe [2007-08-03 1826816] "HP Software Update"=C:\Program Files\HP\HP Software Update\HPWuSchd2.exe [2006-12-10 49152] "NeroFilterCheck"=C:\Program Files\Common Files\Ahead\Lib\NeroCheck.exe [2006-01-12 155648] "avgnt"=C:\Program Files\Avira\AntiVir Desktop\avgnt.exe [2009-03-02 209153] "QuickTime Task"=C:\Program Files\QuickTime\QTTask.exe [2009-05-26 413696] "SunJavaUpdateSched"=C:\Program Files\Common Files\Java\Java Update\jusched.exe [2010-02-18 248040] "WPCUMI"=C:\Windows\system32\WpcUmi.exe [2006-11-02 176128] "Adobe Reader Speed Launcher"=C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe [2010-04-04 36272] "Adobe ARM"=C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe [2010-03-24 952768] "TkBellExe"=C:\Program Files\Common Files\Real\Update_OB\realsched.exe [2010-02-09 198160] "DivXUpdate"=C:\Program Files\DivX\DivX Update\DivXUpdate.exe [2010-03-05 1135912] "LexwareInfoService"=C:\Program Files\Common Files\Lexware\Update Manager\LxUpdateManager.exe [2008-11-03 339240] [HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run] "StartCCC"=C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe [2006-11-10 90112] "ehTray.exe"=C:\Windows\ehome\ehTray.exe [2008-01-19 125952] "Google Update"=C:\Users\XXX\AppData\Local\Google\Update\GoogleUpdate.exe [2008-09-03 133104] "SystemExplorer"=C:\Program Files\System Explorer\SystemExplorer.exe [2008-08-25 1833472] "swg"=C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe [2008-03-07 68856] "Windows Firewall Updates"=C:\Users\Public\winscdvn.exe [2010-06-08 85504] [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\iTunesHelper] C:\Program Files\iTunes\iTunesHelper.exe [2009-07-13 292128] C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup HP Digital Imaging Monitor.lnk - C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe C:\Users\XXX\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup AutorunsDisabled [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows] "AppInit_DLLS"="C:\PROGRA~1\Google\GOOGLE~2\GOEC62~1.DLL" [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\WudfPf] [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\WudfRd] [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\WudfSvc] [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\WudfUsbccidDriver] [HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\System] "LogonHoursAction"=2 "DontDisplayLogonHoursWarnings"=1 [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System] "dontdisplaylastusername"=0 "legalnoticecaption"= "legalnoticetext"= "shutdownwithoutlogon"=1 "undockwithoutlogon"=1 "EnableUIADesktopToggle"=0 [HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\explorer] "NoDriveTypeAutoRun"=145 [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\explorer] "BindDirectlyToPropertySetStorage"= [HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list] [HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list] [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{5060ceea-8ad6-11dc-944e-806e6f6e6963}] shell\AutoRun\command - E:\setup.exe ======File associations====== .js - edit - C:\Windows\System32\Notepad.exe %1 .js - open - C:\Windows\System32\WScript.exe "%1" %* ======List of files/folders created in the last 1 months====== 2010-06-08 20:33:09 ----D---- C:\rsit 2010-06-08 20:15:41 ----A---- C:\Windows\isRS-000.tmp 2010-06-08 20:10:23 ----D---- C:\Program Files\CCleaner 2010-05-27 12:19:02 ----A---- C:\Windows\system32\_TraceLog.txt 2010-05-26 16:13:38 ----A---- C:\Windows\system32\tzres.dll 2010-05-21 10:37:36 ----A---- C:\Windows\system32\zvkonline80VC8.dll 2010-05-21 10:37:36 ----A---- C:\Windows\system32\PXTTool80VC8.dll 2010-05-21 10:37:36 ----A---- C:\Windows\system32\LxXtreme70VC8.dll 2010-05-21 10:37:36 ----A---- C:\Windows\system32\LxUISettings20Native.dll 2010-05-21 10:37:36 ----A---- C:\Windows\system32\LXTPSW20VC8.dll 2010-05-21 10:37:36 ----A---- C:\Windows\system32\LXTool80VC8.dll 2010-05-21 10:37:36 ----A---- C:\Windows\system32\lxter20VC8.dll 2010-05-21 10:37:34 ----A---- C:\Windows\system32\LxMail30VC8.dll 2010-05-21 10:37:34 ----A---- C:\Windows\system32\LxImport80VC8.dll 2010-05-21 10:37:34 ----A---- C:\Windows\system32\LXDasi80VC8.dll 2010-05-21 10:37:34 ----A---- C:\Windows\system32\LXBtr80VC8.dll 2010-05-21 10:37:34 ----A---- C:\Windows\system32\LxBasics80VC8.dll 2010-05-12 14:06:55 ----A---- C:\Windows\system32\inetcomm.dll 2010-05-09 13:30:37 ----D---- C:\Program Files\ICQ7.0 2010-05-09 13:26:05 ----D---- C:\Program Files\ICQ6Toolbar ======List of files/folders modified in the last 1 months====== 2010-06-08 20:39:48 ----D---- C:\Windows\Temp 2010-06-08 20:39:48 ----D---- C:\Program Files\Trend Micro 2010-06-08 20:39:23 ----D---- C:\Windows\Prefetch 2010-06-08 20:25:04 ----D---- C:\Windows 2010-06-08 20:23:53 ----RD---- C:\Program Files 2010-06-08 20:22:25 ----D---- C:\Windows\System32 2010-06-08 20:22:25 ----D---- C:\Windows\inf 2010-06-08 20:22:25 ----A---- C:\Windows\system32\PerfStringBackup.INI 2010-06-08 20:21:06 ----D---- C:\Windows\Tasks 2010-06-08 20:17:09 ----D---- C:\Program Files\Malwarebytes' Anti-Malware 2010-06-08 20:15:38 ----D---- C:\Windows\system32\drivers 2010-06-08 20:11:28 ----D---- C:\Windows\Debug 2010-06-08 20:05:09 ----D---- C:\Users\Mühlhauser\AppData\Roaming\mIRC 2010-06-08 19:55:36 ----HD---- C:\Program Files\InstallShield Installation Information 2010-06-08 18:28:07 ----D---- C:\Users\Mühlhauser\AppData\Roaming\StarOffice8 2010-06-08 16:04:30 ----D---- C:\ProgramData\Google Updater 2010-06-04 16:42:02 ----D---- C:\Program Files\Microsoft Silverlight 2010-06-04 15:32:48 ----D---- C:\Users\Mühlhauser\AppData\Roaming\FileZilla 2010-06-04 12:38:15 ----SHD---- C:\Windows\Installer 2010-06-04 12:38:15 ----SD---- C:\ProgramData\Microsoft 2010-06-04 12:38:15 ----HD---- C:\Config.Msi 2010-06-03 17:37:08 ----D---- C:\Users\XXX\AppData\Roaming\Skype 2010-06-02 15:12:26 ----D---- C:\Windows\system32\catroot2 2010-06-02 14:28:47 ----D---- C:\Users\Mühlhauser\AppData\Roaming\gtk-2.0 2010-05-29 13:01:50 ----D---- C:\Program Files\Common Files\microsoft shared 2010-05-29 13:01:43 ----D---- C:\Program Files\Microsoft 2010-05-26 20:12:05 ----D---- C:\Windows\rescache 2010-05-26 17:30:50 ----D---- C:\Windows\winsxs 2010-05-26 17:30:50 ----D---- C:\Windows\system32\de-DE 2010-05-26 17:30:37 ----D---- C:\Program Files\Internet Explorer 2010-05-26 16:13:15 ----D---- C:\Windows\system32\catroot 2010-05-22 11:47:01 ----D---- C:\Program Files\Google 2010-05-12 14:54:44 ----D---- C:\Program Files\Windows Mail 2010-05-12 14:54:35 ----D---- C:\ProgramData\Microsoft Help 2010-05-12 11:21:16 ----N---- C:\Windows\system32\MpSigStub.exe 2010-05-11 15:05:45 ----D---- C:\Users\XXX\AppData\Roaming\Image Zone Express 2010-05-09 13:26:03 ----D---- C:\ProgramData\ICQ ======List of drivers (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)====== R1 avgio;avgio; \??\C:\Program Files\Avira\AntiVir Desktop\avgio.sys [2009-02-13 11608] R1 avipbb;avipbb; C:\Windows\system32\DRIVERS\avipbb.sys [2009-03-30 96104] R1 ssmdrv;ssmdrv; C:\Windows\system32\DRIVERS\ssmdrv.sys [2009-05-11 28520] R1 StarOpen;StarOpen; C:\Windows\system32\drivers\StarOpen.sys [2006-07-24 5632] R2 avgntflt;avgntflt; C:\Windows\system32\DRIVERS\avgntflt.sys [2009-12-07 56816] R3 GEARAspiWDM;GEAR ASPI Filter Driver; C:\Windows\system32\DRIVERS\GEARAspiWDM.sys [2009-03-19 23400] R3 IntcAzAudAddService;Service for Realtek HD Audio (WDM); C:\Windows\system32\drivers\RTKVHDA.sys [2007-08-22 1950552] R3 KMWDFILTER;HIDUASDesc; C:\Windows\system32\DRIVERS\KMWDFILTER.sys [2008-10-09 17408] R3 R300;R300; C:\Windows\system32\DRIVERS\atikmdag.sys [2007-02-10 2377728] R3 RTL8169;Realtek 8169-NT-Treiber; C:\Windows\system32\DRIVERS\Rtlh86.sys [2006-11-02 44544] S3 Dot4;MS IEEE-1284.4-Treiber; C:\Windows\system32\DRIVERS\Dot4.sys [2008-01-19 131584] S3 Dot4Print;Druckerklassentreiber für IEEE-1284.4; C:\Windows\system32\DRIVERS\Dot4Prt.sys [2008-01-19 16384] S3 dot4usb;MS Dot4USB Filter Dot4USB Filter; C:\Windows\system32\DRIVERS\dot4usb.sys [2008-01-19 36864] S3 drmkaud;Microsoft Kernel-DRM-Audioentschlüsselung; C:\Windows\system32\drivers\drmkaud.sys [2008-01-19 5632] S3 FETNDIS;VIA Rhine-Familie--Fast-Ethernet-Adaptertreiberdienst; C:\Windows\system32\DRIVERS\fetnd5.sys [2006-11-02 45568] S3 HdAudAddService;Microsoft 1.1 UAA-Funktionstreiber für High Definition Audio-Dienst; C:\Windows\system32\drivers\HdAudio.sys [2006-11-02 235520] S3 MSKSSRV;Microsoft Streaming Service Proxy; C:\Windows\system32\drivers\MSKSSRV.sys [2008-01-19 8192] S3 MSPCLOCK;Microsoft Proxy für Streaming Clock; C:\Windows\system32\drivers\MSPCLOCK.sys [2008-01-19 5888] S3 MSPQM;Microsoft Proxy für Streaming Quality Manager; C:\Windows\system32\drivers\MSPQM.sys [2008-01-19 5504] S3 MSTEE;Microsoft Streaming Tee/Sink-to-Sink-Konvertierung; C:\Windows\system32\drivers\MSTEE.sys [2008-01-19 6016] S3 MTOnlPktAlyX;MTOnlPktAlyX NDIS Protocol Driver; \??\C:\PROGRA~1\T-Online\T-ONLI~1\BASIS-~1\Basis1\MTOnlPktAlyX.SYS [2006-10-09 17536] S3 nsysaudm;nsysaudm; \??\C:\Users\MHLHAU~1\AppData\Local\Temp\nsysaudm.sys [] S3 RTHDMIAzAudService;Service for HDMI; C:\Windows\system32\drivers\RtHDMIV.sys [2007-05-14 135400] S3 sscdbus;SAMSUNG USB Composite Device driver (WDM); C:\Windows\system32\DRIVERS\sscdbus.sys [2005-08-17 58352] S3 sscdmdfl;SAMSUNG CDMA Modem Filter; C:\Windows\system32\DRIVERS\sscdmdfl.sys [2005-08-17 8272] S3 sscdmdm;SAMSUNG CDMA Modem Drivers; C:\Windows\system32\DRIVERS\sscdmdm.sys [2005-08-17 93872] S3 usbscan;USB-Scannertreiber; C:\Windows\system32\DRIVERS\usbscan.sys [2008-01-19 35328] S3 WpdUsb;WpdUsb; C:\Windows\system32\DRIVERS\wpdusb.sys [2009-10-01 40448] S3 WUDFRd;WUDFRd; C:\Windows\system32\DRIVERS\WUDFRd.sys [2008-01-19 83328] S4 WmiAcpi;Microsoft Windows Management Interface for ACPI; C:\Windows\system32\drivers\wmiacpi.sys [2006-11-02 11264] ======List of services (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)====== R2 AntiVirSchedulerService;Avira AntiVir Planer; C:\Program Files\Avira\AntiVir Desktop\sched.exe [2009-05-13 108289] R2 AntiVirService;Avira AntiVir Guard; C:\Program Files\Avira\AntiVir Desktop\avguard.exe [2009-07-21 185089] R2 Apple Mobile Device;Apple Mobile Device; C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe [2009-07-09 144712] R2 Ati External Event Utility;Ati External Event Utility; C:\Windows\system32\Ati2evxx.exe [2007-02-10 565248] R2 Bonjour Service;Bonjour-Dienst; C:\Program Files\Bonjour\mDNSResponder.exe [2008-12-12 238888] R2 hpqddsvc;HP CUE DeviceDiscovery Service; C:\Windows\system32\svchost.exe [2008-01-19 21504] R2 LightScribeService;LightScribeService Direct Disc Labeling Service; C:\Program Files\Common Files\LightScribe\LSSrvc.exe [2006-10-19 61440] R2 Net Driver HPZ12;Net Driver HPZ12; C:\Windows\System32\svchost.exe [2008-01-19 21504] R2 Pml Driver HPZ12;Pml Driver HPZ12; C:\Windows\System32\svchost.exe [2008-01-19 21504] R2 wlidsvc;Windows Live ID Sign-in Assistant; C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE [2009-08-18 1529728] R3 hpqcxs08;hpqcxs08; C:\Windows\system32\svchost.exe [2008-01-19 21504] S2 gupdate;Google Update Service (gupdate); C:\Program Files\Google\Update\GoogleUpdate.exe [2010-01-06 135664] S2 gusvc;Google Software Updater; C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe [2009-03-24 183280] S3 FontCache;@%systemroot%\system32\FntCache.dll,-100; C:\Windows\system32\svchost.exe [2008-01-19 21504] S3 iPod Service;iPod-Dienst; C:\Program Files\iPod\bin\iPodService.exe [2009-07-13 542496] S3 NBService;NBService; C:\Program Files\Nero\Nero 7\Nero BackItUp\NBService.exe [2006-11-10 774144] S3 odserv;Microsoft Office Diagnostics Service; C:\Program Files\Common Files\Microsoft Shared\OFFICE12\ODSERV.EXE [2008-11-04 441712] S3 ose;Office Source Engine; C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE [2006-10-26 145184] S4 GnabService;GnabService; c:\program files\common files\gnab\service\servicecontroller.exe [2007-04-13 36864] S4 GoogleDesktopManager-061008-081103;Google Desktop Manager 5.7.806.10245; C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe [2008-10-21 29744] S4 IDriverT;InstallDriver Table Manager; C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe [2004-10-22 73728] S4 NMIndexingService;NMIndexingService; C:\Program Files\Common Files\Ahead\Lib\NMIndexingService.exe [] -----------------EOF----------------- |
|
08.06.2010, 20:10
| #2 |
| /// Malware-holic   | Icq-Bild-Virus Du und dein bruder, ihr habt malware auf dem pc und versendet diese, sagt eueren kontakten bescheid, jeder der das geöffnet hat, sollte nen thread hier eröffnen.
__________________kannst du mir mal als persönliche nachicht (pm) die links zukommen lassen, die ihr versendet, damit die dateien an die antivirus hersteller eingesendet werden können. ootl: Systemscan mit OTL download otl: http://filepony.de/download-otl/ Doppelklick auf die OTL.exe (user von Windows 7 und Vista: Rechtsklick als Administrator ausführen) 1. Oben findest Du ein Kästchen mit Output. Wähle bitte Minimal Output 2. Hake an "scan all users" 3. Unter "Extra Registry wähle: "Use Safelist" "LOP Check" "Purity Check" 4. Kopiere in die Textbox: netsvcs msconfig safebootminimal safebootnetwork activex drivers32 %ALLUSERSPROFILE%\Application Data\*. %ALLUSERSPROFILE%\Application Data\*.exe /s %APPDATA%\*. %APPDATA%\*.exe /s %SYSTEMDRIVE%\*.exe /md5start userinit.exe eventlog.dll scecli.dll netlogon.dll cngaudit.dll ws2ifsl.sys sceclt.dll ntelogon.dll logevent.dll iaStor.sys nvstor.sys atapi.sys IdeChnDr.sys viasraid.sys AGP440.sys vaxscsi.sys nvatabus.sys viamraid.sys nvata.sys nvgts.sys iastorv.sys ViPrt.sys eNetHook.dll ahcix86.sys KR10N.sys nvstor32.sys ahcix86s.sys /md5stop %systemroot%\system32\drivers\*.sys /lockedfiles %systemroot%\System32\config\*.sav %systemroot%\*. /mp /s %systemroot%\system32\*.dll /lockedfiles CREATERESTOREPOINT 5. Klicke "run Scan" 6. 2 reporte werden erstellt: OTL.Txt Extras.Txt poste beide, falls zu groß, teile sie auf. |
|
08.06.2010, 20:47
| #3 |
| | Icq-Bild-Virus So die Codes:
__________________Code:
ATTFilter OTL Extras logfile created on: 08.06.2010 21:14:33 - Run 1
OTL by OldTimer - Version 3.2.5.3 Folder = C:\Users\XXX\Downloads
Windows Vista Home Premium Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18904)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
2,00 Gb Total Physical Memory | 1,00 Gb Available Physical Memory | 45,00% Memory free
4,00 Gb Paging File | 3,00 Gb Available in Paging File | 65,00% Paging File free
Paging file location(s): ?:\pagefile.sys
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 320,70 Gb Total Space | 272,78 Gb Free Space | 85,06% Space Free | Partition Type: NTFS
Drive D: | 14,63 Gb Total Space | 9,11 Gb Free Space | 62,26% Space Free | Partition Type: FAT32
Drive E: | 345,63 Mb Total Space | 0,00 Mb Free Space | 0,00% Space Free | Partition Type: CDFS
F: Drive not present or media not loaded
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded
Computer Name: X-PC
Current User Name: X
Logged in as Administrator.
Current Boot Mode: Normal
Scan Mode: All users
Company Name Whitelist: Off
Skip Microsoft Files: Off
File Age = 30 Days
Output = Minimal
========== Extra Registry (SafeList) ==========
========== File Associations ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- C:\Windows\System32\control.exe (Microsoft Corporation)
.hlp [@ = hlpfile] -- C:\Windows\winhlp32.exe (Microsoft Corporation)
[HKEY_USERS\S-1-5-21-2172357726-1718783292-1392186010-1002\SOFTWARE\Classes\<extension>]
.html [@ = ChromeHTML] -- C:\Users\XXX\AppData\Local\Google\Chrome\Application\chrome.exe (Google Inc.)
========== Shell Spawning ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
hlpfile [open] -- %SystemRoot%\winhlp32.exe %1 (Microsoft Corporation)
htmlfile [edit] -- "C:\Program Files\Microsoft Office\Office12\msohtmed.exe" %1 (Microsoft Corporation)
htmlfile [opennew] -- C:\program files\t-online\t-online_software_6\browser\Browser.exe "%1" (Deutsche Telekom AG, T-Com)
htmlfile [print] -- "C:\Program Files\Microsoft Office\Office12\msohtmed.exe" /p %1 (Microsoft Corporation)
http [open] -- "C:\Program Files\Mozilla Firefox\firefox.exe" -requestPending -osint -url "%1" (Mozilla Corporation)
https [open] -- "C:\Program Files\Mozilla Firefox\firefox.exe" -requestPending -osint -url "%1" (Mozilla Corporation)
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l (Microsoft Corporation)
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [OneNote.Open] -- C:\PROGRA~1\MICROS~3\Office12\ONENOTE.EXE "%L" (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe /separate,/idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /separate,/e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
========== Security Center Settings ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0
"VistaSp1" = Reg Error: Unknown registry data type -- File not found
"VistaSp2" = Reg Error: Unknown registry data type -- File not found
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
========== Authorized Applications List ==========
========== Vista Active Open Ports Exception List ==========
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
========== Vista Active Application Exception List ==========
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{27273F32-E467-4522-8C99-E12B4D225D07}" = protocol=17 | dir=in | app=c:\program files\microsoft office\office12\onenote.exe |
"{277A6FD6-FBAC-4D31-8D5A-77D3ADCFFA49}" = protocol=6 | dir=in | app=c:\program files\itunes\itunes.exe |
"{41FB33FC-E264-4911-876E-C775B1A2A322}" = protocol=6 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe |
"{4B381F08-39A9-49C9-9FE3-DC80F745B199}" = protocol=17 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe |
"{999EAE65-B3BF-4CE3-9CA2-9D8FA0DDF0E0}" = protocol=6 | dir=in | app=c:\program files\microsoft office\office12\onenote.exe |
"{AD76C061-8BA8-499C-9F44-0E89C61E40E9}" = protocol=17 | dir=in | app=c:\program files\itunes\itunes.exe |
"{DEBDC2A7-CB2D-416E-BB2D-EA9A81091631}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{E9BD40E0-E7C2-4642-8EFA-52968737E1F8}" = protocol=17 | dir=in | app=c:\program files\firefly studios\stronghold 2\stronghold2.exe |
"{FF1EA31C-BF89-40A9-A868-7434179FE107}" = protocol=6 | dir=in | app=c:\program files\firefly studios\stronghold 2\stronghold2.exe |
"TCP Query User{025BA538-8A1A-4C08-866C-4712479D9FA6}C:\program files\franzis\3d tipptrainer\ttn.exe" = protocol=6 | dir=in | app=c:\program files\franzis\3d tipptrainer\ttn.exe |
"TCP Query User{13484E25-12AE-4D0D-8286-57BF9FE3DD86}C:\program files\common files\ahead\nero web\setupx.exe" = protocol=6 | dir=in | app=c:\program files\common files\ahead\nero web\setupx.exe |
"TCP Query User{1D08EFE7-DF61-471C-A932-A6A37EB5A7B7}C:\program files\sopcast\adv\sopadver.exe" = protocol=6 | dir=in | app=c:\program files\sopcast\adv\sopadver.exe |
"TCP Query User{39852FF7-30D0-4CDB-86FB-1B6710C0ABFF}C:\program files\skype\phone\skype.exe" = protocol=6 | dir=in | app=c:\program files\skype\phone\skype.exe |
"TCP Query User{3B8A0C1A-96F7-440D-A2F1-66E8307FF664}C:\program files\icq6.5\icq.exe" = protocol=6 | dir=in | app=c:\program files\icq6.5\icq.exe |
"TCP Query User{4EF444C9-0399-433F-A0EA-E24943750FBE}C:\program files\tvants\tvants.exe" = protocol=6 | dir=in | app=c:\program files\tvants\tvants.exe |
"TCP Query User{5E33B1F5-1415-4342-938E-ED4034797EB0}C:\program files\firefly studios\stronghold\stronghold.exe" = protocol=6 | dir=in | app=c:\program files\firefly studios\stronghold\stronghold.exe |
"TCP Query User{5EBB1251-C2BD-4998-8DC5-ACD217C80361}C:\program files\t-online\t-online_software_6\browser\browser.exe" = protocol=6 | dir=in | app=c:\program files\t-online\t-online_software_6\browser\browser.exe |
"TCP Query User{6381A72E-62C9-46E2-B45F-C287841DFB9E}C:\program files\mozilla firefox\firefox.exe" = protocol=6 | dir=in | app=c:\program files\mozilla firefox\firefox.exe |
"TCP Query User{69C9826E-0D43-43F0-AAF9-1CCB0EE9C8B0}C:\program files\tvuplayer\tvuplayer.exe" = protocol=6 | dir=in | app=c:\program files\tvuplayer\tvuplayer.exe |
"TCP Query User{72C3B1AA-22B4-43B7-9FF5-2FF46E4E0B67}C:\program files\internet explorer\iexplore.exe" = protocol=6 | dir=in | app=c:\program files\internet explorer\iexplore.exe |
"TCP Query User{76103346-6925-4DFD-AF12-803173040202}C:\program files\icq6\icq.exe" = protocol=6 | dir=in | app=c:\program files\icq6\icq.exe |
"TCP Query User{7F0073FF-D8BF-491D-AF68-FF5EA4B28133}C:\windows\system32\dplaysvr.exe" = protocol=6 | dir=in | app=c:\windows\system32\dplaysvr.exe |
"TCP Query User{86EA05C3-1FE6-4F03-BBA4-3BA392C722A2}C:\program files\sopcast\sopcast.exe" = protocol=6 | dir=in | app=c:\program files\sopcast\sopcast.exe |
"TCP Query User{98FE55E7-C39E-4836-BB1F-2DA20BBB8419}C:\users\mühlhauser\appdata\local\google\chrome\application\chrome.exe" = protocol=6 | dir=in | app=c:\users\mühlhauser\appdata\local\google\chrome\application\chrome.exe |
"TCP Query User{A97A1D4D-4B33-4650-9B31-18AA87B68C7C}C:\program files\real\realplayer\realplay.exe" = protocol=6 | dir=in | app=c:\program files\real\realplayer\realplay.exe |
"TCP Query User{C132CC23-71D3-4CBF-9607-C5796A224E58}C:\program files\t-online\t-online_software_6\info-cockpit\infocockpit.exe" = protocol=6 | dir=in | app=c:\program files\t-online\t-online_software_6\info-cockpit\infocockpit.exe |
"TCP Query User{ED2605F7-20F1-4EE6-9E7E-FDF81635C289}C:\program files\mirc\mirc.exe" = protocol=6 | dir=in | app=c:\program files\mirc\mirc.exe |
"TCP Query User{FA7406E5-53E2-4CC7-A15F-C51D72BFCE64}C:\program files\java\jre6\bin\java.exe" = protocol=6 | dir=in | app=c:\program files\java\jre6\bin\java.exe |
"UDP Query User{0EF05432-BA19-41A5-9BB7-FEBEA681A0C0}C:\program files\icq6\icq.exe" = protocol=17 | dir=in | app=c:\program files\icq6\icq.exe |
"UDP Query User{2B238D11-93A9-45D5-8338-7A10A2D93AB8}C:\program files\real\realplayer\realplay.exe" = protocol=17 | dir=in | app=c:\program files\real\realplayer\realplay.exe |
"UDP Query User{3209632E-A944-48E8-94F5-0EA216EDAA44}C:\program files\tvants\tvants.exe" = protocol=17 | dir=in | app=c:\program files\tvants\tvants.exe |
"UDP Query User{32A15787-7CA7-476A-8934-567DA7FD48B5}C:\program files\firefly studios\stronghold\stronghold.exe" = protocol=17 | dir=in | app=c:\program files\firefly studios\stronghold\stronghold.exe |
"UDP Query User{3901B10C-1B93-456A-AD0B-495330E42693}C:\program files\t-online\t-online_software_6\browser\browser.exe" = protocol=17 | dir=in | app=c:\program files\t-online\t-online_software_6\browser\browser.exe |
"UDP Query User{3A2E2231-22F0-4DD2-B5E1-A43BD3DC95E7}C:\users\mühlhauser\appdata\local\google\chrome\application\chrome.exe" = protocol=17 | dir=in | app=c:\users\mühlhauser\appdata\local\google\chrome\application\chrome.exe |
"UDP Query User{46E6B26B-A986-4DD8-959F-2063FA6D0D89}C:\program files\sopcast\sopcast.exe" = protocol=17 | dir=in | app=c:\program files\sopcast\sopcast.exe |
"UDP Query User{58706D8A-DDC1-459A-B23B-E115998A7163}C:\program files\franzis\3d tipptrainer\ttn.exe" = protocol=17 | dir=in | app=c:\program files\franzis\3d tipptrainer\ttn.exe |
"UDP Query User{64EB303D-B0E1-4692-9F13-58E1CB6AFC7A}C:\windows\system32\dplaysvr.exe" = protocol=17 | dir=in | app=c:\windows\system32\dplaysvr.exe |
"UDP Query User{6CE5EA06-42E7-44E7-BB5D-0B752665EA3A}C:\program files\tvuplayer\tvuplayer.exe" = protocol=17 | dir=in | app=c:\program files\tvuplayer\tvuplayer.exe |
"UDP Query User{7E9675F3-26AF-4BED-BA9B-35A493D6FD7D}C:\program files\sopcast\adv\sopadver.exe" = protocol=17 | dir=in | app=c:\program files\sopcast\adv\sopadver.exe |
"UDP Query User{86284F06-D443-49BD-8CF5-270A84647A05}C:\program files\t-online\t-online_software_6\info-cockpit\infocockpit.exe" = protocol=17 | dir=in | app=c:\program files\t-online\t-online_software_6\info-cockpit\infocockpit.exe |
"UDP Query User{88DA6D91-2B4B-4E2F-9ED8-873B4EBF85BF}C:\program files\icq6.5\icq.exe" = protocol=17 | dir=in | app=c:\program files\icq6.5\icq.exe |
"UDP Query User{99B8A0C3-E09F-4225-A2FF-273DAAAAF752}C:\program files\java\jre6\bin\java.exe" = protocol=17 | dir=in | app=c:\program files\java\jre6\bin\java.exe |
"UDP Query User{A273D04B-13FE-40F3-9DA0-DDD3F1B53E62}C:\program files\skype\phone\skype.exe" = protocol=17 | dir=in | app=c:\program files\skype\phone\skype.exe |
"UDP Query User{A361A9C1-F485-4CC6-B141-429DC7D54648}C:\program files\mirc\mirc.exe" = protocol=17 | dir=in | app=c:\program files\mirc\mirc.exe |
"UDP Query User{B604D7AA-0B67-4C45-B364-5C5FBCE265C3}C:\program files\mozilla firefox\firefox.exe" = protocol=17 | dir=in | app=c:\program files\mozilla firefox\firefox.exe |
"UDP Query User{BA70D44F-3A77-48FD-8CC6-78EE14B4801A}C:\program files\internet explorer\iexplore.exe" = protocol=17 | dir=in | app=c:\program files\internet explorer\iexplore.exe |
"UDP Query User{BDF20D66-9E98-4998-8DFF-E865467F2BA1}C:\program files\common files\ahead\nero web\setupx.exe" = protocol=17 | dir=in | app=c:\program files\common files\ahead\nero web\setupx.exe |
========== HKEY_LOCAL_MACHINE Uninstall List ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{002D9D5E-29BA-3E6D-9BC4-3D7D6DBC735C}" = Microsoft Visual C++ 2008 ATL Update kb973924 - x86 9.0.30729.4148
"{0289B35E-DC07-4c7a-9710-BBD686EA4B7D}" = Status
"{052FDD78-A6EA-3187-8386-C82F4CA3A929}" = Microsoft .NET Framework 3.5 Language Pack SP1 - deu
"{07103848-8EBE-4287-85D8-8EC76D88B906}" = Microsoft Mathe 3.0
"{07287123-B8AC-41CE-8346-3D777245C35B}" = Bonjour
"{07B64A55-B552-4F34-A904-DBFD810B752B}" = QuickSteuer DELUXE Wissens-Center 2008
"{0840B4D6-7DD1-4187-8523-E6FC0007EFB7}" = Windows Live ID-Anmelde-Assistent
"{08D864D1-9CAD-7D21-AAB6-4B9E3BC8D1A5}" = ccc-core-static
"{09BC9676-A36C-456C-A86B-AD42FF5ABD8F}" = Steuer Update 14.01
"{0D2E9DCB-9938-475E-B4DD-8851738852FF}" = AIO_Scan
"{0D738AF1-715D-D5B8-FED5-562FE611F738}" = Catalyst Control Center Localization German
"{0FE6B77F-54CD-45ED-BB64-A99477B0A8F1}" = 5600
"{1746EA69-DCB6-4408-B5A5-E75F55439CDF}" = Scan
"{179C56A4-F57F-4561-8BBF-F911D26EB435}" = WebReg
"{18455581-E099-4BA8-BC6B-F34B2F06600C}" = Google Toolbar for Internet Explorer
"{1A655D51-1423-48A3-B748-8F5A0BE294C8}" = Microsoft Visual J# .NET Redistributable Package 1.1
"{1B0098FF-1816-4F42-8203-FA29F5735596}" = Samsung PC Studio 3
"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
"{205C6BDD-7B73-42DE-8505-9A093F35A238}" = Windows Live-Uploadtool
"{2318C2B1-4965-11d4-9B18-009027A5CD4F}" = Google Toolbar for Internet Explorer
"{2605461E-AB2E-49F5-8A16-64B7F3595030}" = 5600Trb
"{2614F54E-A828-49FA-93BA-45A3F756BFAA}" = 32 Bit HP CIO Components Installer
"{26A24AE4-039D-4CA4-87B4-2F83216011FF}" = Java(TM) 6 Update 20
"{27FDF949-69CE-435A-8372-339F72336AC5}" = MEDIONbox
"{2949E300-133D-CD51-93DE-0F9A7F9B7047}" = CCC Help German
"{2E97F7E8-ABDE-4E0D-B0AD-B6B4BAD89E24}" = Rome - Total War - Gold Edition
"{2EA870FA-585F-4187-903D-CB9FFD21E2E0}" = DHTML Editing Component
"{3248F0A8-6813-11D6-A77B-00B0D0160030}" = Java(TM) 6 Update 3
"{3248F0A8-6813-11D6-A77B-00B0D0160050}" = Java(TM) 6 Update 5
"{3248F0A8-6813-11D6-A77B-00B0D0160070}" = Java(TM) 6 Update 7
"{33C9480C-12EE-34F1-82F5-74FF32B22787}" = ccc-utility
"{353EA50E-26A0-4ADD-A12A-3FE2E59E5BB3}" = QuickSteuer DELUXE Wissens-Center 2009
"{36FDBE6E-6684-462B-AE98-9A39A1B200CC}" = HP Product Assistant
"{37BA50EE-C851-4394-93DD-A0A611891031}" = Nero 7 Essentials
"{39CB30DB-27F8-4dd4-A294-CB4AE3B584FD}" = Copy
"{39D0E034-1042-4905-BECB-5502909FCB7C}" = Microsoft Works
"{3BF20AC5-767D-4FCA-B7DF-6EEDA2937BED}" = Video Creator
"{3D15064D-4371-4FCC-B9E6-F79D6CBFDDD4}" = StarOffice 8 Product Update 11
"{4160DC5B-4C56-D0C3-C5FD-F5BDAD3C882B}" = ATI Catalyst Install Manager
"{4315FBC5-9241-E978-EA6B-D7212900F3A7}" = Catalyst Control Center Graphics Full Existing
"{49F2B650-2D7B-4F59-B33D-346F63776BD3}" = DocProc
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{59624372-3B85-47f4-9B04-4911E551DF1E}" = Lexware Info Service
"{59A97880-A591-447B-879A-F27D75DD79A5}" = FujiFilm iX-1
"{5A98F915-3593-4A49-B5F8-C414DCA954AA}" = Steuer Update 14.01
"{5EE7D259-D137-4438-9A5F-42F432EC0421}" = VC80CRTRedist - 8.0.50727.4053
"{5F9E4DC9-4BC7-4C7A-96DB-D4471AAE6853}" = Steuer Update 14.01
"{64F38F19-7E12-4364-B00D-508EE72BE34D}" = FujiFilm iX-1 Camera Driver
"{65DA2EC9-0642-47E9-AAE2-B5267AA14D75}" = Activation Assistant for the 2007 Microsoft Office suites
"{66E6CE0C-5A1E-430C-B40A-0C90FF1804A8}" = eSupportQFolder
"{67D3F1A0-A1F2-49b7-B9EE-011277B170CD}" = HPProductAssistant
"{6956856F-B6B3-4BE0-BA0B-8F495BE32033}" = Apple Software Update
"{69FDFBB6-351D-4B8C-89D8-867DC9D0A2A4}" = Windows Media Player Firefox Plugin
"{6E9B276F-77BE-49F7-8676-C10017F9E20B}" = Lexware buchhalter Servicepack 2008, Version 13.50
"{6F5E2F4A-377D-4700-B0E3-8F7F7507EA15}" = CustomerResearchQFolder
"{7299052b-02a4-4627-81f2-1818da5d550d}" = Microsoft Visual C++ 2005 Redistributable
"{74DC0593-6BC6-4001-AD5F-D810AFB68D86}" = HP Update
"{770657D0-A123-3C07-8E44-1C83EC895118}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
"{7923F6DE-CF0D-40ED-AB5A-A792408EA7B5}" = QuickSteuer Deluxe 2008
"{7DCBC3D8-8954-491D-A1B9-8C61C563B004}" = 5600_Help
"{87E01B1B-92A0-416F-9F8E-9BE921A05F9F}" = StarOffice 8
"{87E2B986-07E8-477a-93DC-AF0B6758B192}" = DocProcQFolder
"{89863727-B08E-401F-995B-14398B28DE3D}" = QuickSteuer Deluxe 2009
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{8CE37484-B5C2-497E-8501-D339F1D828CC}" = Lexware reisekosten 2008
"{90120000-0016-0407-0000-0000000FF1CE}" = Microsoft Office Excel MUI (German) 2007
"{90120000-0016-0407-0000-0000000FF1CE}_HOMESTUDENTR_{9BD40163-B95D-4B07-8991-0AB775B6D88B}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0018-0407-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (German) 2007
"{90120000-0018-0407-0000-0000000FF1CE}_HOMESTUDENTR_{9BD40163-B95D-4B07-8991-0AB775B6D88B}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-001B-0407-0000-0000000FF1CE}" = Microsoft Office Word MUI (German) 2007
"{90120000-001B-0407-0000-0000000FF1CE}_HOMESTUDENTR_{9BD40163-B95D-4B07-8991-0AB775B6D88B}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-001F-0407-0000-0000000FF1CE}" = Microsoft Office Proof (German) 2007
"{90120000-001F-0407-0000-0000000FF1CE}_HOMESTUDENTR_{A0516415-ED61-419A-981D-93596DA74165}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2007
"{90120000-001F-0409-0000-0000000FF1CE}_HOMESTUDENTR_{ABDDE972-355B-4AF1-89A8-DA50B7B5C045}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2007
"{90120000-001F-040C-0000-0000000FF1CE}_HOMESTUDENTR_{F580DDD5-8D37-4998-968E-EBB76BB86787}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-001F-0410-0000-0000000FF1CE}" = Microsoft Office Proof (Italian) 2007
"{90120000-001F-0410-0000-0000000FF1CE}_HOMESTUDENTR_{322296D4-1EAE-4030-9FBC-D2787EB25FA2}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-0020-0407-0000-0000000FF1CE}" = Compatibility Pack für 2007 Office System
"{90120000-002C-0407-0000-0000000FF1CE}" = Microsoft Office Proofing (German) 2007
"{90120000-006E-0407-0000-0000000FF1CE}" = Microsoft Office Shared MUI (German) 2007
"{90120000-006E-0407-0000-0000000FF1CE}_HOMESTUDENTR_{26454C26-D259-4543-AA60-3189E09C5F76}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-00A1-0407-0000-0000000FF1CE}" = Microsoft Office OneNote MUI (German) 2007
"{90120000-00A1-0407-0000-0000000FF1CE}_HOMESTUDENTR_{9BD40163-B95D-4B07-8991-0AB775B6D88B}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{91120000-002F-0000-0000-0000000FF1CE}" = Microsoft Office Home and Student 2007
"{91120000-002F-0000-0000-0000000FF1CE}_HOMESTUDENTR_{0B36C6D6-F5D8-4EAF-BF94-4376A230AD5B}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{91120000-002F-0000-0000-0000000FF1CE}_HOMESTUDENTR_{3D019598-7B59-447A-80AE-815B703B84FF}" = Security Update for Microsoft Office system 2007 (972581)
"{95120000-00AF-0407-0000-0000000FF1CE}" = Microsoft Office PowerPoint Viewer 2007 (German)
"{95120000-00B9-0409-0000-0000000FF1CE}" = Microsoft Application Error Reporting
"{95D08F4E-DFC2-4ce3-ACB7-8C8E206217E9}" = MarketResearch
"{9800F872-AC4A-E014-3CD1-1EBDCAD06805}" = Catalyst Control Center Core Implementation
"{99ECF41F-5CCA-42BD-B8B8-A8333E2E2944}" = iTunes
"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
"{9C2D4047-0E40-499a-AC7A-C4B9BB12FE03}" = TrayApp
"{9C675B46-9998-9DA9-20FC-BAF19F340353}" = Catalyst Control Center Graphics Light
"{A36CD345-625C-4d6c-B3E2-76E1248CB451}" = SolutionCenter
"{A40ED506-EF86-48D7-B5F7-FF5F41CF1862}" = QuickSteuer Deluxe 2009
"{A8265601-91E9-4473-92D6-8C7EB2444852}" = Steuer Update 14.01
"{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper
"{A9358EEE-34F1-4553-9382-7914D6A4B42C}" = QuickSteuer Deluxe 2008
"{AB5D51AE-EBC3-438D-872C-705C7C2084B0}" = DeviceManagementQFolder
"{AC76BA86-7AD7-1031-7B44-A93000000001}" = Adobe Reader 9.3.2 - Deutsch
"{AC76BA86-7AD7-5464-3428-900000000004}" = Spelling Dictionaries Support For Adobe Reader 9
"{AC76BA86-7AD7-5760-0000-800000000003}" = Japanese Fonts Support For Adobe Reader 8
"{B1275E23-717A-4D52-997A-1AD1E24BC7F3}" = T-Online 6.0
"{B1A4CE9C-0D98-43D0-8815-2212F3752063}" = Lexware reisekosten 2008
"{B2544A03-10D0-4E5E-BA69-0362FFC20D18}" = OGA Notifier 2.0.0048.0
"{B8DBED1E-8BC3-4d08-B94A-F9D7D88E9BBF}" = HPSSupply
"{BC63A4AC-435D-4AAD-9881-D0ED60804D1A}" = Lexware buchhalter Aktualisierung Februar 2008, Version 13.10
"{BE77A81F-B315-4666-9BF3-AE70C0ADB057}" = BufferChm
"{C337BDAF-CB4E-47E2-BE1A-CB31BB7DD0E3}" = Apple Mobile Device Support
"{C4A4722E-79F9-417C-BD72-8D359A090C97}" = Samsung PC Studio 3
"{C716522C-3731-4667-8579-40B098294500}" = Toolbox
"{C78EAC6F-7A73-452E-8134-DBB2165C5A68}" = QuickTime
"{C916D86C-AB76-49c7-B0E4-A946E0FD9BC2}" = HP Photosmart, Officejet, PSC and Deskjet All-In-One Driver Software 8.0.B
"{C917BA70-28A3-4C74-B163-41FD8C8E1A5A}" = Stronghold
"{CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}" = Microsoft .NET Framework 1.1
"{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1
"{D083AB13-EFA7-8D0C-1472-4E0FBAC02549}" = Catalyst Control Center Graphics Full New
"{D0E39A1D-0CEE-4D85-B4A2-E3BE990D075E}" = Destination Component
"{D103C4BA-F905-437A-8049-DB24763BBE36}" = Skype™ 4.1
"{D5C8E140-6E6F-11DD-9AA9-0050560400B1}" = Haufe iDesk-Service
"{DEE03A90-C723-4E3D-A661-86651D6F0668}" = QuickSteuer Deluxe 2010
"{DF100337-9A0E-52BE-64D8-E4EA7B41E65F}" = Catalyst Control Center Graphics Previews Vista
"{E06F04B9-45E6-4AC0-8083-85F7515F40F7}" = UnloadSupport
"{E09575B2-498D-4C8B-A9D2-623F78574F29}" = AIO_CDB_Software
"{E1180142-3B31-4DCC-9D27-7AC2D37662BF}" = LightScribe 1.4.124.1
"{E7081891-BC7F-43F9-9CE6-B5DD2F497156}" = Internet Explorer Developer Toolbar
"{E7112940-5F8E-4918-B9FE-251F2F8DC81F}" = AIO_CDB_ProductContext
"{E78BFA60-5393-4C38-82AB-E8019E464EB4}" = Microsoft .NET Framework 1.1 German Language Pack
"{E7C25968-B418-4529-A389-E5DFCE792917}" = Worms 3D
"{E98371BD-6C0D-463E-B004-E6303F9A34A7}" = Lexware buchhalter 2008
"{EB21A812-671B-4D08-B974-2A347F0D8F70}" = HP Photosmart Essential
"{EC127C66-AF7B-D137-9878-B01A8A3ECE9B}" = Skins
"{EEEB604C-C1A7-4f8c-B03F-56F9C1C9C45F}" = Fax
"{EF1ADA5A-0B1A-4662-8C55-7475A61D8B65}" = DeviceDiscovery
"{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver
"{F40BBEC7-C2A4-4A00-9B24-7A055A2C5262}" = Microsoft Office Live Add-in 1.5
"{F48AAE0F-52F4-11DD-B1F7-0050560400B1}" = Haufe iDesk-Browser
"{F7B0939E-58DF-11DF-B3A6-005056806466}" = Google Earth
"{FE688026-1C8C-4E50-889D-4B6607CADC24}" = Lexware buchhalter 2008
"{FF1B3317-EADD-4AC3-BE54-37265FC9A133}" = Lexware buchhalter Servicepack 2008, Version 13.50
"{FFAB5ABB-8AAB-42E2-847F-1743E51E01E9}" = Disc2Phone
"3D TippTrainer_is1" = 3D TippTrainer
"7-Zip" = 7-Zip 4.57
"ACRM1_is1" = ArchiCrypt Rescue-Master 2008 Version 1.0.6.1293
"Activation Assistant for the 2007 Microsoft Office suites" = Activation Assistant for the 2007 Microsoft Office suites
"Adobe Flash Player ActiveX" = Adobe Flash Player 10 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 10 Plugin
"Adobe Shockwave Player" = Adobe Shockwave Player 11.5
"Advanced SystemCare 3_is1" = Advanced SystemCare 3
"ArcSoft PhotoStudio Suite 20" = ArcSoft PhotoStudio Suite v2.0
"Avira AntiVir Desktop" = Avira AntiVir Personal - Free Antivirus
"Brain Workshop_is1" = Brain Workshop 4.12
"CCleaner" = CCleaner
"DivX Setup.divx.com" = DivX-Setup
"DVDVideoSoft Toolbar" = DVDVideoSoft Toolbar
"Eisenbahn.exe Professional 2.43 Premium" = Eisenbahn.exe Professional 2.43 Premium
"Encarta99D" = Microsoft Encarta 99 Enzyklopädie
"FileZilla Client" = FileZilla Client 3.3.2.1
"Finale Allegro 2007 Demo" = Finale Allegro 2007 Demo
"Forte Free" = Forte Free 2.0
"Free Studio_is1" = Free Studio version 4.3
"Free Video to Flash Converter_is1" = Free Video to Flash Converter version 3.2
"Free Video to Mp3 Converter_is1" = Free Video to Mp3 Converter version 2.9
"Free YouTube Download_is1" = Free YouTube Download 2.2
"Free YouTube to Mp3 Converter_is1" = Free YouTube to Mp3 Converter version 2.5
"GNU Solfege_is1" = GNU Solfege 3.16.0
"Google Desktop" = Google Desktop
"Google Updater" = Google Updater
"GraphCalc v4.0.1_is1" = GraphCalc v4.0.1
"HOMESTUDENTR" = Microsoft Office Home and Student 2007
"HP Imaging Device Functions" = HP Imaging Device Functions 8.0
"HP Solution Center & Imaging Support Tools" = HP Solution Center 8.0
"HPExtendedCapabilities" = HP Customer Participation Program 8.0
"HPOCR" = HP OCR Software 8.0
"Indeo® software" = Indeo® software
"IObitCom Toolbar" = IObitCom Toolbar
"Malwarebytes' Anti-Malware_is1" = Malwarebytes' Anti-Malware
"Microsoft .NET Framework 1.1 (1033)" = Microsoft .NET Framework 1.1
"Microsoft .NET Framework 3.5 Language Pack SP1 - deu" = Microsoft .NET Framework 3.5 Language Pack SP1 - DEU
"Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1
"mIRC" = mIRC
"Mozilla Firefox (3.6.3)" = Mozilla Firefox (3.6.3)
"Picasa 3" = Picasa 3
"ProcessScanner_is1" = Uniblue ProcessScanner
"RealPlayer 12.0" = RealPlayer
"Samsung Mobile phone USB driver" = Samsung Mobile phone USB driver Software
"SAMSUNG Mobile USB Modem" = SAMSUNG Mobile USB Modem Software
"SAMSUNG Mobile USB Modem 1.0" = SAMSUNG Mobile USB Modem 1.0 Software
"Schnell Schreiben_is1" = Schnell Schreiben 3.4.4
"Shop for HP Supplies" = Shop for HP Supplies
"SopCast" = SopCast 3.2.4
"System Explorer_is1" = System Explorer 1.5
"TVAnts 1.0" = TVAnts 1.0
"TVUPlayer" = TVUPlayer 2.5.0.1
"UEFA 2008 (en)" = UEFA 2008 (en) Screen Saver
"Uninstall_is1" = Uninstall 1.0.0.0
"WheelMouse" = Optical Mousemate V1.0
"WinGimp-2.0_is1" = GIMP 2.6.7
"ykuykyw" = Favorit
========== HKEY_USERS Uninstall List ==========
[HKEY_USERS\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
========== HKEY_USERS Uninstall List ==========
[HKEY_USERS\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
========== HKEY_USERS Uninstall List ==========
[HKEY_USERS\S-1-5-21-2172357726-1718783292-1392186010-1002\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"Google Chrome" = Google Chrome
========== Last 10 Event Log Errors ==========
[ Application Events ]
Error - 06.06.2010 11:51:49 | Computer Name = XXX-PC | Source = Application Error | ID = 1000
Description = Fehlerhafte Anwendung AcroRd32.exe, Version 9.3.2.163, Zeitstempel
0x4bb82a58, fehlerhaftes Modul Updater.api_unloaded, Version 0.0.0.0, Zeitstempel
0x4bb80e83, Ausnahmecode 0xc0000005, Fehleroffset 0x6fafd577, Prozess-ID 0x13e8,
Anwendungsstartzeit 01cb05902549e77c.
Error - 06.06.2010 11:51:55 | Computer Name = XXX-PC | Source = Application Error | ID = 1000
Description = Fehlerhafte Anwendung AcroRd32.exe, Version 9.3.2.163, Zeitstempel
0x4bb82a58, fehlerhaftes Modul Updater.api_unloaded, Version 0.0.0.0, Zeitstempel
0x4bb80e83, Ausnahmecode 0xc0000005, Fehleroffset 0x6faea232, Prozess-ID 0x13e8,
Anwendungsstartzeit 01cb05902549e77c.
Error - 07.06.2010 10:42:47 | Computer Name = XXX-PC | Source = EventSystem | ID = 4621
Description =
Error - 07.06.2010 16:25:35 | Computer Name = XXX-PC | Source = EventSystem | ID = 4621
Description =
Error - 08.06.2010 10:04:37 | Computer Name = XXX-PC | Source = EventSystem | ID = 4621
Description =
Error - 08.06.2010 11:41:06 | Computer Name = X-PC | Source = Application Hang | ID = 1002
Description = Programm ICQ.exe, Version 7.1.0.2096 arbeitet nicht mehr mit Windows
zusammen und wurde beendet. Überprüfen Sie den Problemverlauf im Applet "Lösungen
für Probleme" in der Systemsteuerung, um nach weiteren Informationen über das Problem
zu suchen. Prozess-ID: 1108 Anfangszeit: 01cb071f709cd98d Zeitpunkt der Beendigung:
0
Error - 08.06.2010 11:54:38 | Computer Name = X-PC | Source = Application Hang | ID = 1002
Description = Programm ICQ.exe, Version 7.1.0.2096 arbeitet nicht mehr mit Windows
zusammen und wurde beendet. Überprüfen Sie den Problemverlauf im Applet "Lösungen
für Probleme" in der Systemsteuerung, um nach weiteren Informationen über das Problem
zu suchen. Prozess-ID: 13a0 Anfangszeit: 01cb072105abeb0d Zeitpunkt der Beendigung:
17
Error - 08.06.2010 12:05:06 | Computer Name = X-PC | Source = EventSystem | ID = 4609
Description =
Error - 08.06.2010 13:25:26 | Computer Name = X-PC | Source = VSS | ID = 12289
Description =
Error - 08.06.2010 14:39:22 | Computer Name = X-PC | Source = Application Hang | ID = 1002
Description = Programm RSIT.exe, Version 3.3.6.1 arbeitet nicht mehr mit Windows
zusammen und wurde beendet. Überprüfen Sie den Problemverlauf im Applet "Lösungen
für Probleme" in der Systemsteuerung, um nach weiteren Informationen über das Problem
zu suchen. Prozess-ID: d88 Anfangszeit: 01cb07390a26cfda Zeitpunkt der Beendigung:
2
[ OSession Events ]
Error - 30.05.2010 11:41:44 | Computer Name = X-PC | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 1, Application Name: Microsoft Office Excel, Application Version:
12.0.6524.5003, Microsoft Office Version: 12.0.6425.1000. This session lasted 10736
seconds with 0 seconds of active time. This session ended with a crash.
[ System Events ]
Error - 08.06.2010 12:20:24 | Computer Name = X-PC | Source = EventLog | ID = 6008
Description = Das System wurde zuvor am 08.06.2010 um 18:19:18 unerwartet heruntergefahren.
Error - 08.06.2010 12:20:13 | Computer Name = X-PC | Source = volmgr | ID = 262190
Description = Die Initialisierung des Speicherabbildes ist fehlgeschlagen.
Error - 08.06.2010 12:20:13 | Computer Name = X-PC | Source = Microsoft-Windows-Kernel-Processor-Power | ID = 6
Description =
Error - 08.06.2010 12:20:18 | Computer Name = X-PC | Source = volmgr | ID = 262190
Description = Die Initialisierung des Speicherabbildes ist fehlgeschlagen.
Error - 08.06.2010 12:22:38 | Computer Name = X-PC | Source = Service Control Manager | ID = 7022
Description =
Error - 08.06.2010 14:17:04 | Computer Name = X-PC | Source = volmgr | ID = 262190
Description = Die Initialisierung des Speicherabbildes ist fehlgeschlagen.
Error - 08.06.2010 14:17:04 | Computer Name = X-PC | Source = Microsoft-Windows-Kernel-Processor-Power | ID = 6
Description =
Error - 08.06.2010 14:17:09 | Computer Name = X-PC | Source = volmgr | ID = 262190
Description = Die Initialisierung des Speicherabbildes ist fehlgeschlagen.
Error - 08.06.2010 14:19:00 | Computer Name = X-PC | Source = Service Control Manager | ID = 7022
Description =
Error - 08.06.2010 14:22:10 | Computer Name = X-PC | Source = Service Control Manager | ID = 7034
Description =
< End of report >
|
|
08.06.2010, 20:47
| #4 |
| | Icq-Bild-VirusCode:
ATTFilter OTL logfile created on: 08.06.2010 21:14:33 - Run 1 OTL by OldTimer - Version 3.2.5.3 Folder = C:\Users\XXX\Downloads Windows Vista Home Premium Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation Internet Explorer (Version = 8.0.6001.18904) Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy 2,00 Gb Total Physical Memory | 1,00 Gb Available Physical Memory | 45,00% Memory free 4,00 Gb Paging File | 3,00 Gb Available in Paging File | 65,00% Paging File free Paging file location(s): ?:\pagefile.sys %SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files Drive C: | 320,70 Gb Total Space | 272,78 Gb Free Space | 85,06% Space Free | Partition Type: NTFS Drive D: | 14,63 Gb Total Space | 9,11 Gb Free Space | 62,26% Space Free | Partition Type: FAT32 Drive E: | 345,63 Mb Total Space | 0,00 Mb Free Space | 0,00% Space Free | Partition Type: CDFS F: Drive not present or media not loaded G: Drive not present or media not loaded H: Drive not present or media not loaded I: Drive not present or media not loaded Computer Name: XXX-PC Current User Name: Mühlhauser Logged in as Administrator. Current Boot Mode: Normal Scan Mode: All users Company Name Whitelist: Off Skip Microsoft Files: Off File Age = 30 Days Output = Minimal ========== Processes (SafeList) ========== PRC - C:\Users\XXX\Downloads\OTL.exe (OldTimer Tools) PRC - C:\Users\Public\winscdvn.exe () PRC - C:\Programme\Mozilla Firefox\firefox.exe (Mozilla Corporation) PRC - C:\Programme\Google\Google Toolbar\GoogleToolbarUser_32.exe (Google Inc.) PRC - C:\Programme\DivX\DivX Update\DivXUpdate.exe () PRC - C:\Programme\Internet Explorer\iexplore.exe (Microsoft Corporation) PRC - C:\Programme\Common Files\microsoft shared\Windows Live\WLIDSVC.EXE (Microsoft Corporation) PRC - C:\Programme\Common Files\microsoft shared\Windows Live\WLIDSVCM.EXE (Microsoft Corporation) PRC - C:\Programme\Avira\AntiVir Desktop\avguard.exe (Avira GmbH) PRC - C:\Programme\Avira\AntiVir Desktop\sched.exe (Avira GmbH) PRC - C:\Windows\explorer.exe (Microsoft Corporation) PRC - C:\Windows\System32\conime.exe (Microsoft Corporation) PRC - C:\Programme\Avira\AntiVir Desktop\avgnt.exe (Avira GmbH) PRC - C:\Windows\System32\Macromed\Flash\FlashUtil10b.exe (Adobe Systems, Inc.) PRC - C:\Programme\Common Files\Lexware\Update Manager\LxUpdateManager.exe (Lexware GmbH & Co. KG) PRC - C:\Programme\System Explorer\SystemExplorer.exe (Mister Group) PRC - C:\Programme\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe (Google Inc.) PRC - C:\Programme\Windows Defender\MSASCui.exe (Microsoft Corporation) PRC - C:\Windows\RtHDVCpl.exe (Realtek Semiconductor) PRC - C:\Programme\Common Files\Gnab\Service\GnabTray.exe (Empolis GmbH) PRC - C:\Windows\System32\wpcumi.exe (Microsoft Corporation) ========== Modules (SafeList) ========== MOD - C:\Users\XXX\Downloads\OTL.exe (OldTimer Tools) MOD - C:\Windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.6002.18005_none_5cb72f96088b0de0\comctl32.dll (Microsoft Corporation) MOD - C:\Windows\System32\msscript.ocx (Microsoft Corporation) ========== Win32 Services (SafeList) ========== SRV - (NMIndexingService) -- File not found SRV - (FontCache) -- C:\Windows\System32\FntCache.dll (Microsoft Corporation) SRV - (wlidsvc) -- C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE (Microsoft Corporation) SRV - (AntiVirService) -- C:\Program Files\Avira\AntiVir Desktop\avguard.exe (Avira GmbH) SRV - (AntiVirSchedulerService) -- C:\Program Files\Avira\AntiVir Desktop\sched.exe (Avira GmbH) SRV - (GoogleDesktopManager-061008-081103) -- C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe (Google) SRV - (WinDefend) -- C:\Programme\Windows Defender\MpSvc.dll (Microsoft Corporation) SRV - (GnabService) -- c:\Programme\Common Files\Gnab\Service\ServiceController.exe (Empolis GmbH) ========== Driver Services (SafeList) ========== DRV - (avgntflt) -- C:\Windows\System32\drivers\avgntflt.sys (Avira GmbH) DRV - (ssmdrv) -- C:\Windows\System32\drivers\ssmdrv.sys (Avira GmbH) DRV - (avipbb) -- C:\Windows\System32\drivers\avipbb.sys (Avira GmbH) DRV - (avgio) -- C:\Programme\Avira\AntiVir Desktop\avgio.sys (Avira GmbH) DRV - (KMWDFILTER) -- C:\Windows\System32\drivers\KMWDFILTER.sys (Windows (R) Codename Longhorn DDK provider) DRV - (IntcAzAudAddService) Service for Realtek HD Audio (WDM) -- C:\Windows\System32\drivers\RTKVHDA.sys (Realtek Semiconductor Corp.) DRV - (RTHDMIAzAudService) -- C:\Windows\System32\drivers\RtHDMIV.sys (Realtek Semiconductor Corp.) DRV - (viaide) -- C:\Windows\system32\drivers\viaide.sys (VIA Technologies, Inc.) DRV - (cmdide) -- C:\Windows\system32\drivers\cmdide.sys (CMD Technology, Inc.) DRV - (aliide) -- C:\Windows\system32\drivers\aliide.sys (Acer Laboratories Inc.) DRV - (R300) -- C:\Windows\System32\drivers\atikmdag.sys (ATI Technologies Inc.) DRV - (ql2300) -- C:\Windows\system32\drivers\ql2300.sys (QLogic Corporation) DRV - (adp94xx) -- C:\Windows\system32\drivers\adp94xx.sys (Adaptec, Inc.) DRV - (elxstor) -- C:\Windows\system32\drivers\elxstor.sys (Emulex) DRV - (adpahci) -- C:\Windows\system32\drivers\adpahci.sys (Adaptec, Inc.) DRV - (uliahci) -- C:\Windows\system32\drivers\uliahci.sys (ULi Electronics Inc.) DRV - (iaStorV) -- C:\Windows\system32\drivers\iastorv.sys (Intel Corporation) DRV - (adpu320) -- C:\Windows\system32\drivers\adpu320.sys (Adaptec, Inc.) DRV - (ulsata2) -- C:\Windows\system32\drivers\ulsata2.sys (Promise Technology, Inc.) DRV - (vsmraid) -- C:\Windows\system32\drivers\vsmraid.sys (VIA Technologies Inc.,Ltd) DRV - (ql40xx) -- C:\Windows\system32\drivers\ql40xx.sys (QLogic Corporation) DRV - (UlSata) -- C:\Windows\system32\drivers\ulsata.sys (Promise Technology, Inc.) DRV - (adpu160m) -- C:\Windows\system32\drivers\adpu160m.sys (Adaptec, Inc.) DRV - (nvraid) -- C:\Windows\system32\drivers\nvraid.sys (NVIDIA Corporation) DRV - (nfrd960) -- C:\Windows\system32\drivers\nfrd960.sys (IBM Corporation) DRV - (iirsp) -- C:\Windows\system32\drivers\iirsp.sys (Intel Corp./ICP vortex GmbH) DRV - (SiSRaid4) -- C:\Windows\system32\drivers\sisraid4.sys (Silicon Integrated Systems) DRV - (nvstor) -- C:\Windows\system32\drivers\nvstor.sys (NVIDIA Corporation) DRV - (aic78xx) -- C:\Windows\system32\drivers\djsvs.sys (Adaptec, Inc.) DRV - (arcsas) -- C:\Windows\system32\drivers\arcsas.sys (Adaptec, Inc.) DRV - (LSI_SCSI) -- C:\Windows\system32\drivers\lsi_scsi.sys (LSI Logic) DRV - (SiSRaid2) -- C:\Windows\system32\drivers\sisraid2.sys (Silicon Integrated Systems Corp.) DRV - (HpCISSs) -- C:\Windows\system32\drivers\hpcisss.sys (Hewlett-Packard Company) DRV - (arc) -- C:\Windows\system32\drivers\arc.sys (Adaptec, Inc.) DRV - (iteraid) -- C:\Windows\system32\drivers\iteraid.sys (Integrated Technology Express, Inc.) DRV - (iteatapi) -- C:\Windows\system32\drivers\iteatapi.sys (Integrated Technology Express, Inc.) DRV - (LSI_SAS) -- C:\Windows\system32\drivers\lsi_sas.sys (LSI Logic) DRV - (Symc8xx) -- C:\Windows\system32\drivers\symc8xx.sys (LSI Logic) DRV - (LSI_FC) -- C:\Windows\system32\drivers\lsi_fc.sys (LSI Logic) DRV - (Sym_u3) -- C:\Windows\system32\drivers\sym_u3.sys (LSI Logic) DRV - (Mraid35x) -- C:\Windows\system32\drivers\mraid35x.sys (LSI Logic Corporation) DRV - (Sym_hi) -- C:\Windows\system32\drivers\sym_hi.sys (LSI Logic) DRV - (megasas) -- C:\Windows\system32\drivers\megasas.sys (LSI Logic Corporation) DRV - (Brserid) Brother MFC Serial Port Interface Driver (WDM) -- C:\Windows\system32\drivers\brserid.sys (Brother Industries Ltd.) DRV - (BrUsbSer) -- C:\Windows\system32\drivers\brusbser.sys (Brother Industries Ltd.) DRV - (BrFiltUp) -- C:\Windows\system32\drivers\brfiltup.sys (Brother Industries, Ltd.) DRV - (BrFiltLo) -- C:\Windows\system32\drivers\brfiltlo.sys (Brother Industries, Ltd.) DRV - (BrSerWdm) -- C:\Windows\system32\drivers\brserwdm.sys (Brother Industries Ltd.) DRV - (BrUsbMdm) -- C:\Windows\system32\drivers\brusbmdm.sys (Brother Industries Ltd.) DRV - (ntrigdigi) -- C:\Windows\system32\drivers\ntrigdigi.sys (N-trig Innovative Technologies) DRV - (RTL8169) -- C:\Windows\System32\drivers\Rtlh86.sys (Realtek Corporation) DRV - (E1G60) Intel(R) -- C:\Windows\System32\drivers\E1G60I32.sys (Intel Corporation) DRV - (AtiPcie) ATI PCI Express (3GIO) -- C:\Windows\system32\DRIVERS\AtiPcie.sys (ATI Technologies Inc.) DRV - (MTOnlPktAlyX) -- C:\Programme\T-Online\T-Online_Software_6\Basis-Software\Basis1\MTOnlPktAlyx.sys (Deutsche Telekom AG AG, Marmiko IT-Solutions GmbH) DRV - (StarOpen) -- C:\Windows\System32\drivers\StarOpen.sys () DRV - (sscdmdm) -- C:\Windows\System32\drivers\sscdmdm.sys (MCCI) DRV - (sscdmdfl) -- C:\Windows\System32\drivers\sscdmdfl.sys (MCCI) DRV - (sscdbus) SAMSUNG USB Composite Device driver (WDM) -- C:\Windows\System32\drivers\sscdbus.sys (MCCI) ========== Standard Registry (SafeList) ========== ========== Internet Explorer ========== IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.medion.com/ IE - HKLM\..\URLSearchHook: - Reg Error: Key error. File not found IE - HKLM\..\URLSearchHook: {31c7d459-9cc3-44f2-9dca-fc11795309b4} - C:\Programme\IObitCom\tbIObi.dll (Conduit Ltd.) IE - HKLM\..\URLSearchHook: {855F3B16-6D32-4fe6-8A56-BBB695989046} - Reg Error: Key error. File not found IE - HKLM\..\URLSearchHook: {c9508125-4747-4733-b048-e4b82dc9716d} - Reg Error: Value error. File not found IE - HKLM\..\URLSearchHook: {e9911ec6-1bcc-40b0-9993-e0eea7f6953f} - C:\Programme\DVDVideoSoft\tbDVDV.dll (Conduit Ltd.) IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 IE - HKU\S-1-5-21-2172357726-1718783292-1392186010-1002\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.google.de/ IE - HKU\S-1-5-21-2172357726-1718783292-1392186010-1002\SOFTWARE\Microsoft\Internet Explorer\Main,StartPageCache = 1 IE - HKU\S-1-5-21-2172357726-1718783292-1392186010-1002\..\URLSearchHook: - Reg Error: Key error. File not found IE - HKU\S-1-5-21-2172357726-1718783292-1392186010-1002\..\URLSearchHook: {31c7d459-9cc3-44f2-9dca-fc11795309b4} - C:\Programme\IObitCom\tbIObi.dll (Conduit Ltd.) IE - HKU\S-1-5-21-2172357726-1718783292-1392186010-1002\..\URLSearchHook: {c9508125-4747-4733-b048-e4b82dc9716d} - Reg Error: Value error. File not found IE - HKU\S-1-5-21-2172357726-1718783292-1392186010-1002\..\URLSearchHook: {e9911ec6-1bcc-40b0-9993-e0eea7f6953f} - C:\Programme\DVDVideoSoft\tbDVDV.dll (Conduit Ltd.) IE - HKU\S-1-5-21-2172357726-1718783292-1392186010-1002\..\URLSearchHook: {EF99BD32-C1FB-11D2-892F-0090271D4F88} - Reg Error: Key error. File not found IE - HKU\S-1-5-21-2172357726-1718783292-1392186010-1002\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 IE - HKU\S-1-5-21-2172357726-1718783292-1392186010-1002\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local ========== FireFox ========== FF - prefs.js..browser.search.defaultenginename: "ICQ Search" FF - prefs.js..browser.search.defaultthis.engineName: "Search" FF - prefs.js..browser.search.defaulturl: "http://search.conduit.com/ResultsExt.aspx?ctid=CT2269050&SearchSource=3&q={searchTerms}" FF - prefs.js..browser.search.selectedEngine: "Google" FF - prefs.js..browser.search.useDBForOrder: true FF - prefs.js..browser.startup.homepage: "http://de.start3.mozilla.com/firefox?client=firefox-a&rls=org.mozilla:de:official" FF - prefs.js..extensions.enabledItems: {d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}:1.2 FF - prefs.js..extensions.enabledItems: cfxHelper@Triton:1.2 FF - prefs.js..extensions.enabledItems: {71bfcce7-421d-4042-95d4-a585a821cbca}:2.3.4 FF - prefs.js..extensions.enabledItems: {e4a8a97b-f2ed-450b-b12d-ee082ba24781}:0.8.20100408.6 FF - prefs.js..extensions.enabledItems: {ABDE892B-13A8-4d1b-88E6-365A6E755758}:1.0 FF - prefs.js..extensions.enabledItems: {46551EC9-40F0-4e47-8E18-8E5CF550CFB8}:1.0.9 FF - prefs.js..extensions.enabledItems: firefox@tvunetworks.com:2 FF - prefs.js..extensions.enabledItems: 5 FF - prefs.js..extensions.enabledItems: 0 FF - prefs.js..extensions.enabledItems: 1 FF - prefs.js..extensions.enabledItems: {dc572301-7619-498c-a57d-39143191b318}:0.3.8.3 FF - prefs.js..extensions.enabledItems: {ef4e370e-d9f0-4e00-b93e-a4f274cfdd5a}:1.3 FF - prefs.js..extensions.enabledItems: {e9911ec6-1bcc-40b0-9993-e0eea7f6953f}:2.5.6.0 FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}:6.0.20 FF - prefs.js..extensions.enabledItems: foxgame2@foxgame.org:2.0 Beta FF - prefs.js..extensions.enabledItems: {3713a489-0634-4472-8456-dc7abd7eba00}:1.3.1 FF - prefs.js..extensions.enabledItems: {2458abc0-f443-11dd-87af-0800200c9a66}:3.6.3.1.03.04.10 FF - prefs.js..extensions.enabledItems: {241aae70-0022-11de-87af-0800200c9a66}:3.6.30.01.10 FF - prefs.js..extensions.enabledItems: cfxe@Triton:3.6.5 FF - prefs.js..extensions.enabledItems: nasanightlaunch@example.com:0.6.20100529 FF - prefs.js..extensions.enabledItems: {d650973c-0444-4ac7-9d00-19e3613c83b9}:3.6.7 FF - prefs.js..keyword.URL: "http://search.conduit.com/ResultsExt.aspx?ctid=CT2269050&q=" FF - HKLM\software\mozilla\Firefox\Extensions\\{3112ca9c-de6d-4884-a869-9855de68056c}: C:\ProgramData\Mozilla\Firefox Extensions\{3112ca9c-de6d-4884-a869-9855de68056c} [2008.03.07 23:35:36 | 000,000,000 | ---D | M] FF - HKLM\software\mozilla\Mozilla Firefox 3.6.3\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2010.04.02 14:55:03 | 000,000,000 | ---D | M] FF - HKLM\software\mozilla\Mozilla Firefox 3.6.3\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2010.04.29 16:46:02 | 000,000,000 | ---D | M] [2008.09.19 23:28:50 | 000,000,000 | ---D | M] -- C:\Users\X\AppData\Roaming\mozilla\Extensions [2010.06.08 19:02:00 | 000,000,000 | ---D | M] -- C:\Users\X\AppData\Roaming\mozilla\Firefox\Profiles\03ib11ez.default\extensions [2010.04.28 15:02:21 | 000,000,000 | ---D | M] (Microsoft .NET Framework Assistant) -- C:\Users\X\AppData\Roaming\mozilla\Firefox\Profiles\03ib11ez.default\extensions\{20a82645-c095-46ed-80e3-08825760534b} [2010.01.31 20:12:51 | 000,000,000 | ---D | M] (Blue Fox) -- C:\Users\X/AppData\Roaming\mozilla\Firefox\Profiles\03ib11ez.default\extensions\{241aae70-0022-11de-87af-0800200c9a66} [2010.04.09 14:33:46 | 000,000,000 | ---D | M] (Bloody Red) -- C:\Users\X\AppData\Roaming\mozilla\Firefox\Profiles\03ib11ez.default\extensions\{2458abc0-f443-11dd-87af-0800200c9a66} [2010.04.07 23:46:31 | 000,000,000 | ---D | M] (Google Toolbar for Firefox) -- C:\Users\X\AppData\Roaming\mozilla\Firefox\Profiles\03ib11ez.default\extensions\{3112ca9c-de6d-4884-a869-9855de68056c} [2010.04.07 23:46:30 | 000,000,000 | ---D | M] (Abaca classic) -- C:\Users\X\AppData\Roaming\mozilla\Firefox\Profiles\03ib11ez.default\extensions\{3713a489-0634-4472-8456-dc7abd7eba00} [2010.05.23 16:38:32 | 000,000,000 | ---D | M] (Stylish) -- C:\Users\XAppData\Roaming\mozilla\Firefox\Profiles\03ib11ez.default\extensions\{46551EC9-40F0-4e47-8E18-8E5CF550CFB8} [2010.06.07 16:24:53 | 000,000,000 | ---D | M] (No name found) -- C:\Users\X\AppData\Roaming\mozilla\Firefox\Profiles\03ib11ez.default\extensions\{71bfcce7-421d-4042-95d4-a585a821cbca} [2010.05.28 22:23:03 | 000,000,000 | ---D | M] (NoScript) -- C:\Users\X\AppData\Roaming\mozilla\Firefox\Profiles\03ib11ez.default\extensions\{73a6fe31-595d-460b-a920-fcc0f8843232} [2010.05.09 13:26:08 | 000,000,000 | ---D | M] (No name found) -- C:\Users\X\AppData\Roaming\mozilla\Firefox\Profiles\03ib11ez.default\extensions\{800b5000-a755-47e1-992b-48a1c1357f07} [2009.08.15 16:23:11 | 000,000,000 | ---D | M] (Phoenity Modern) -- C:\Users\X\AppData\Roaming\mozilla\Firefox\Profiles\03ib11ez.default\extensions\{8181B740-5255-11D9-9FF6-0090995D2DCA} [2009.08.15 16:13:48 | 000,000,000 | ---D | M] (Green Bay Packers Theme) -- C:\Users\X\AppData\Roaming\mozilla\Firefox\Profiles\03ib11ez.default\extensions\{84e5f4d0-7e2b-11de-8a39-0800200c9a66} [2010.04.30 19:59:26 | 000,000,000 | ---D | M] (Adblock Plus) -- C:\Users\X\AppData\Roaming\mozilla\Firefox\Profiles\03ib11ez.default\extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d} [2010.03.21 14:45:23 | 000,000,000 | ---D | M] (Whitehart) -- C:\Users\XAppData\Roaming\mozilla\Firefox\Profiles\03ib11ez.default\extensions\{d650973c-0444-4ac7-9d00-19e3613c83b9} [2010.05.26 16:22:39 | 000,000,000 | ---D | M] (No name found) -- C:\Users\X\AppData\Roaming\mozilla\Firefox\Profiles\03ib11ez.default\extensions\{dc572301-7619-498c-a57d-39143191b318} [2010.04.09 14:33:50 | 000,000,000 | ---D | M] (Greasemonkey) -- C:\Users\X\AppData\Roaming\mozilla\Firefox\Profiles\03ib11ez.default\extensions\{e4a8a97b-f2ed-450b-b12d-ee082ba24781} [2010.03.13 19:18:24 | 000,000,000 | ---D | M] (DVDVideoSoft Toolbar) -- C:\Users\X\AppData\Roaming\mozilla\Firefox\Profiles\03ib11ez.default\extensions\{e9911ec6-1bcc-40b0-9993-e0eea7f6953f} [2010.03.11 23:11:24 | 000,000,000 | ---D | M] (FoxTab) -- C:\Users\X\AppData\Roaming\mozilla\Firefox\Profiles\03ib11ez.default\extensions\{ef4e370e-d9f0-4e00-b93e-a4f274cfdd5a} [2010.05.12 13:59:05 | 000,000,000 | ---D | M] -- C:\Users\X\AppData\Roaming\mozilla\Firefox\Profiles\03ib11ez.default\extensions\cfxe@Triton [2010.05.12 13:59:12 | 000,000,000 | ---D | M] -- C:\Users\MX\AppData\Roaming\mozilla\Firefox\Profiles\03ib11ez.default\extensions\cfxHelper@Triton [2009.12.09 18:27:19 | 000,000,000 | ---D | M] -- C:\Users\X\AppData\Roaming\mozilla\Firefox\Profiles\03ib11ez.default\extensions\firefox@tvunetworks.com [2010.06.07 14:54:00 | 000,000,000 | ---D | M] -- C:\Users\X\AppData\Roaming\mozilla\Firefox\Profiles\03ib11ez.default\extensions\foxgame2@foxgame.org [2010.05.31 18:57:50 | 000,000,000 | ---D | M] -- C:\Users\X/AppData\Roaming\mozilla\Firefox\Profiles\03ib11ez.default\extensions\nasanightlaunch@example.com [2010.04.07 23:46:30 | 000,000,000 | ---D | M] (No name found) -- C:\Users\X\AppData\Roaming\mozilla\Firefox\Profiles\03ib11ez.default\extensions\{3713a489-0634-4472-8456-dc7abd7eba00}\chrome\mozapps\extensions [2009.08.15 16:13:59 | 000,000,000 | ---D | M] (No name found) -- C:\Users\X\AppData\Roaming\mozilla\Firefox\Profiles\03ib11ez.default\extensions\{84e5f4d0-7e2b-11de-8a39-0800200c9a66}\chrome\global\aero\mozapps\extensions [2009.08.15 16:13:58 | 000,000,000 | ---D | M] (No name found) -- C:\Users\X\AppData\Roaming\mozilla\Firefox\Profiles\03ib11ez.default\extensions\{84e5f4d0-7e2b-11de-8a39-0800200c9a66}\chrome\mozapps\extensions [2010.03.13 20:48:13 | 000,000,873 | ---- | M] () -- C:\Users\X\AppData\Roaming\Mozilla\FireFox\Profiles\03ib11ez.default\searchplugins\conduit.xml [2010.06.02 19:31:18 | 000,000,944 | ---- | M] () -- C:\Users\X\AppData\Roaming\Mozilla\FireFox\Profiles\03ib11ez.default\searchplugins\icqplugin.xml [2009.12.07 18:52:40 | 000,002,108 | ---- | M] () -- C:\Users\X\AppData\Roaming\Mozilla\FireFox\Profiles\03ib11ez.default\searchplugins\qtl.xml [2010.04.29 16:46:05 | 000,000,000 | ---D | M] -- C:\Programme\Mozilla Firefox\extensions [2009.07.14 18:11:02 | 000,000,000 | ---D | M] (No name found) -- C:\Programme\Mozilla Firefox\extensions\{800b5000-a755-47e1-992b-48a1c1357f07} [2009.01.18 14:34:12 | 000,000,000 | ---D | M] (PHPNukeDE Toolbar) -- C:\Programme\Mozilla Firefox\extensions\{c9508125-4747-4733-b048-e4b82dc9716d} [2010.04.29 16:46:05 | 000,000,000 | ---D | M] (Java Console) -- C:\Programme\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA} [2008.03.07 23:35:41 | 000,000,000 | ---D | M] -- C:\Programme\Mozilla Firefox\extensions\google-cjk@partners.mozilla.com [2010.04.12 17:29:19 | 000,411,368 | ---- | M] (Sun Microsystems, Inc.) -- C:\Programme\Mozilla Firefox\plugins\npdeployJava1.dll [2010.01.21 20:31:11 | 000,001,392 | ---- | M] () -- C:\Programme\Mozilla Firefox\searchplugins\amazondotcom-de.xml [2010.01.21 20:31:11 | 000,002,344 | ---- | M] () -- C:\Programme\Mozilla Firefox\searchplugins\eBay-de.xml [2008.10.21 14:19:29 | 000,000,686 | ---- | M] () -- C:\Programme\Mozilla Firefox\searchplugins\GoogleDesktopMozilla.png [2008.10.21 14:19:29 | 000,000,531 | ---- | M] () -- C:\Programme\Mozilla Firefox\searchplugins\GoogleDesktopMozilla.src [2010.01.21 20:31:11 | 000,006,805 | ---- | M] () -- C:\Programme\Mozilla Firefox\searchplugins\leo_ende_de.xml [2010.01.21 20:31:11 | 000,001,178 | ---- | M] () -- C:\Programme\Mozilla Firefox\searchplugins\wikipedia-de.xml [2010.01.21 20:31:11 | 000,001,105 | ---- | M] () -- C:\Programme\Mozilla Firefox\searchplugins\yahoo-de.xml O1 HOSTS File: ([2006.09.18 23:41:30 | 000,000,761 | ---- | M]) - C:\Windows\System32\drivers\etc\hosts O1 - Hosts: 127.0.0.1 localhost O1 - Hosts: ::1 localhost O2 - BHO: (XTTBPos00 Class) - {055FD26D-3A88-4e15-963D-DC8493744B1D} - Reg Error: Value error. File not found O2 - BHO: (RealPlayer Download and Record Plugin for Internet Explorer) - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\Programme\Real\RealPlayer\rpbrowserrecordplugin.dll (RealPlayer) O2 - BHO: (IObitCom Toolbar) - {31c7d459-9cc3-44f2-9dca-fc11795309b4} - C:\Programme\IObitCom\tbIObi.dll (Conduit Ltd.) O2 - BHO: (Windows Live ID-Anmelde-Hilfsprogramm) - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Programme\Common Files\microsoft shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corporation) O2 - BHO: (Google Toolbar Helper) - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Programme\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.) O2 - BHO: (Google Toolbar Notifier BHO) - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Programme\Google\GoogleToolbarNotifier\5.5.4723.1820\swg.dll (Google Inc.) O2 - BHO: (PHPNukeDE Toolbar) - {c9508125-4747-4733-b048-e4b82dc9716d} - Reg Error: Value error. File not found O2 - BHO: (IE Developer Toolbar BHO) - {CC7E636D-39AA-49b6-B511-65413DA137A1} - C:\Programme\Microsoft\Internet Explorer Developer Toolbar\IEDevToolbar.dll (Microsoft Corporation) O2 - BHO: (DVDVideoSoft Toolbar) - {e9911ec6-1bcc-40b0-9993-e0eea7f6953f} - C:\Programme\DVDVideoSoft\tbDVDV.dll (Conduit Ltd.) O3 - HKLM\..\Toolbar: (Google Toolbar) - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Programme\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.) O3 - HKLM\..\Toolbar: (PHPNukeDE Toolbar) - {c9508125-4747-4733-b048-e4b82dc9716d} - Reg Error: Value error. File not found O3 - HKLM\..\Toolbar: (DVDVideoSoft Toolbar) - {e9911ec6-1bcc-40b0-9993-e0eea7f6953f} - C:\Programme\DVDVideoSoft\tbDVDV.dll (Conduit Ltd.) O3 - HKU\S-1-5-21-2172357726-1718783292-1392186010-1002\..\Toolbar\WebBrowser: (Google Toolbar) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - C:\Programme\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.) O3 - HKU\S-1-5-21-2172357726-1718783292-1392186010-1002\..\Toolbar\WebBrowser: (IObitCom Toolbar) - {31C7D459-9CC3-44F2-9DCA-FC11795309B4} - C:\Programme\IObitCom\tbIObi.dll (Conduit Ltd.) O3 - HKU\S-1-5-21-2172357726-1718783292-1392186010-1002\..\Toolbar\WebBrowser: (PHPNukeDE Toolbar) - {C9508125-4747-4733-B048-E4B82DC9716D} - Reg Error: Value error. File not found O4 - HKLM..\Run: [avgnt] C:\Program Files\Avira\AntiVir Desktop\avgnt.exe (Avira GmbH) O4 - HKLM..\Run: [DivXUpdate] C:\Program Files\DivX\DivX Update\DivXUpdate.exe () O4 - HKLM..\Run: [GnabTray] C:\Program Files\Common Files\Gnab\Service\GnabTray.exe (Empolis GmbH) O4 - HKLM..\Run: [LexwareInfoService] C:\Program Files\Common Files\Lexware\Update Manager\LxUpdateManager.exe (Lexware GmbH & Co. KG) O4 - HKLM..\Run: [NeroFilterCheck] C:\Programme\Common Files\Ahead\Lib\NeroCheck.exe (Nero AG) O4 - HKLM..\Run: [RtHDVCpl] C:\Windows\RtHDVCpl.exe (Realtek Semiconductor) O4 - HKLM..\Run: [Skytel] C:\Windows\SkyTel.exe (Realtek Semiconductor Corp.) O4 - HKLM..\Run: [TkBellExe] C:\Program Files\Common Files\Real\Update_OB\realsched.exe (RealNetworks, Inc.) O4 - HKLM..\Run: [Windows Defender] C:\Program Files\Windows Defender\MSASCui.exe (Microsoft Corporation) O4 - HKLM..\Run: [WPCUMI] C:\Windows\System32\wpcumi.exe (Microsoft Corporation) O4 - HKU\.DEFAULT..\Run: [InfoCockpit] C:\Program Files\T-Online\T-Online_Software_6\Info-Cockpit\IC_START.EXE (Deutsche Telekom AG, T-Com) O4 - HKU\S-1-5-18..\Run: [InfoCockpit] C:\Program Files\T-Online\T-Online_Software_6\Info-Cockpit\IC_START.EXE (Deutsche Telekom AG, T-Com) O4 - HKU\S-1-5-19..\Run: [InfoCockpit] C:\Program Files\T-Online\T-Online_Software_6\Info-Cockpit\IC_START.EXE (Deutsche Telekom AG, T-Com) O4 - HKU\S-1-5-19..\Run: [WindowsWelcomeCenter] C:\Windows\System32\oobefldr.dll (Microsoft Corporation) O4 - HKU\S-1-5-20..\Run: [InfoCockpit] C:\Program Files\T-Online\T-Online_Software_6\Info-Cockpit\IC_START.EXE (Deutsche Telekom AG, T-Com) O4 - HKU\S-1-5-20..\Run: [WindowsWelcomeCenter] C:\Windows\System32\oobefldr.dll (Microsoft Corporation) O4 - HKU\S-1-5-21-2172357726-1718783292-1392186010-1002..\Run: [StartCCC] C:\Programme\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe () O4 - HKU\S-1-5-21-2172357726-1718783292-1392186010-1002..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe (Google Inc.) O4 - HKU\S-1-5-21-2172357726-1718783292-1392186010-1002..\Run: [SystemExplorer] C:\Program Files\System Explorer\SystemExplorer.exe (Mister Group) O4 - HKU\S-1-5-21-2172357726-1718783292-1392186010-1002..\Run: [Windows Firewall Updates] C:\Users\Public\winscdvn.exe () O4 - Startup: C:\Users\X\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\AutorunsDisabled [2008.12.07 18:58:17 | 000,000,000 | -H-D | M] O7 - HKU\S-1-5-21-2172357726-1718783292-1392186010-1002\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145 O7 - HKU\S-1-5-21-2172357726-1718783292-1392186010-1002\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: LogonHoursAction = 2 O7 - HKU\S-1-5-21-2172357726-1718783292-1392186010-1002\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: DontDisplayLogonHoursWarnings = 1 O8 - Extra context menu item: Add to Google Photos Screensa&ver - C:\Windows\System32\GPhotos.scr (Google Inc.) O8 - Extra context menu item: Google Sidewiki... - C:\Program Files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_96D6FF0C6D236BF8.dll (Google Inc.) O8 - Extra context menu item: Nach Microsoft E&xel exportieren - C:\Programme\Microsoft Office\Office12\EXCEL.EXE (Microsoft Corporation) O9 - Extra Button: An OneNote senden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Programme\Microsoft Office\Office12\ONBttnIE.dll (Microsoft Corporation) O9 - Extra 'Tools' menuitem : An OneNote s&enden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Programme\Microsoft Office\Office12\ONBttnIE.dll (Microsoft Corporation) O9 - Extra Button: IE Developer Toolbar - {48FFE35F-36D9-44bd-A6CC-1D34414EAC0D} - C:\Programme\Microsoft\Internet Explorer Developer Toolbar\IEDevToolbar.dll (Microsoft Corporation) O10 - NameSpace_Catalog5\Catalog_Entries\000000000007 [] - C:\Programme\Bonjour\mdnsNSP.dll (Apple Inc.) O10 - Protocol_Catalog9\Catalog_Entries\000000000001 - C:\Windows\System32\wpclsp.dll (Microsoft Corporation) O10 - Protocol_Catalog9\Catalog_Entries\000000000002 - C:\Windows\System32\wpclsp.dll (Microsoft Corporation) O10 - Protocol_Catalog9\Catalog_Entries\000000000003 - C:\Windows\System32\wpclsp.dll (Microsoft Corporation) O10 - Protocol_Catalog9\Catalog_Entries\000000000004 - C:\Windows\System32\wpclsp.dll (Microsoft Corporation) O10 - Protocol_Catalog9\Catalog_Entries\000000000005 - C:\Windows\System32\wpclsp.dll (Microsoft Corporation) O10 - Protocol_Catalog9\Catalog_Entries\000000000006 - C:\Windows\System32\wpclsp.dll (Microsoft Corporation) O10 - Protocol_Catalog9\Catalog_Entries\000000000007 - C:\Windows\System32\wpclsp.dll (Microsoft Corporation) O10 - Protocol_Catalog9\Catalog_Entries\000000000008 - C:\Windows\System32\wpclsp.dll (Microsoft Corporation) O10 - Protocol_Catalog9\Catalog_Entries\000000000019 - C:\Windows\System32\wpclsp.dll (Microsoft Corporation) O13 - gopher Prefix: missing O15 - HKU\S-1-5-21-2172357726-1718783292-1392186010-1002\..Trusted Ranges: GD ([http] in Local intranet) O16 - DPF: {02BF25D5-8C17-4B23-BC80-D3488ABDDC6B} xttp://appldnld.apple.com.edgesuite.net/content.info.apple.com/QuickTime/qtactivex/qtplugin.cab (QuickTime Object) O16 - DPF: {166B1BCA-3F9C-11CF-8075-444553540000} xttp://download.macromedia.com/pub/shockwave/cabs/director/sw.cab (Shockwave ActiveX Control) O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} xttp://download.microsoft.com/download/C/0/C/C0CBBA88-A6F2-48D9-9B0E-1719D1177202/LegitCheckControl.cab (Windows Genuine Advantage Validation Tool) O16 - DPF: {5D6F45B3-9043-443D-A792-115447494D24} xttp://messenger.zone.msn.com/DE-DE/a-UNO1/GAME_UNO1.cab (UnoCtrl Class) O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} xttp://java.sun.com/update/1.6.0/jinstall-1_6_0_20-windows-i586.cab (Java Plug-in 1.6.0_20) O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} xttp://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab56907.cab (MessengerStatsClient Class) O16 - DPF: {CAFEEFAC-0016-0000-0003-ABCDEFFEDCBA} xttp://java.sun.com/update/1.6.0/jinstall-1_6_0_03-windows-i586.cab (Java Plug-in 1.6.0_03) O16 - DPF: {CAFEEFAC-0016-0000-0005-ABCDEFFEDCBA} xttp://java.sun.com/update/1.6.0/jinstall-1_6_0_05-windows-i586.cab (Java Plug-in 1.6.0_05) O16 - DPF: {CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA} xttp://java.sun.com/update/1.6.0/jinstall-1_6_0_07-windows-i586.cab (Java Plug-in 1.6.0_07) O16 - DPF: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA} xttp://java.sun.com/update/1.6.0/jinstall-1_6_0_20-windows-i586.cab (Java Plug-in 1.6.0_20) O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} xttp://java.sun.com/update/1.6.0/jinstall-1_6_0_20-windows-i586.cab (Java Plug-in 1.6.0_20) O16 - DPF: {D0C0F75C-683A-4390-A791-1ACFD5599AB8} xttp://icq.oberon-media.com/Gameshell/GameHost/1.0/OberonGameHost.cab (Oberon Flash Game Host) O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab (Shockwave Flash Object) O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.2.1 O18 - Protocol\Handler\haufereader - No CLSID value found O18 - Protocol\Handler\http\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation) O18 - Protocol\Handler\http\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation) O18 - Protocol\Handler\https\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation) O18 - Protocol\Handler\https\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation) O18 - Protocol\Handler\msdaipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation) O18 - Protocol\Handler\msdaipp\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation) O18 - Protocol\Handler\ms-help {314111c7-a502-11d2-bbca-00c04f8ec294} - C:\Programme\Common Files\microsoft shared\Help\hxds.dll (Microsoft Corporation) O18 - Protocol\Handler\ms-itss {0A9007C0-4076-11D3-8789-0000F8105754} - C:\Programme\Common Files\microsoft shared\Information Retrieval\msitss.dll (Microsoft Corporation) O20 - AppInit_DLLs: (C:\PROGRA~1\Google\GOOGLE~2\GOEC62~1.DLL) - C:\Programme\Google\Google Desktop Search\GoogleDesktopNetwork3.dll (Google) O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation) O24 - Desktop WallPaper: C:\Users\X\AppData\Roaming\Microsoft\Windows Photo Gallery\Hintergrundbild der Windows-Fotogalerie.jpg O24 - Desktop BackupWallPaper: C:\Users\Mühlhauser\AppData\Roaming\Microsoft\Windows Photo Gallery\Hintergrundbild der Windows-Fotogalerie.jpg O32 - HKLM CDRom: AutoRun - 1 O32 - AutoRun File - [2006.09.18 23:43:36 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ] O32 - AutoRun File - [2007.11.21 13:08:00 | 000,000,044 | R--- | M] () - E:\AUTORUN.INF -- [ CDFS ] O32 - AutoRun File - [2005.04.28 16:15:50 | 000,006,972 | R--- | M] () - E:\AUTORUN.JMP -- [ CDFS ] O33 - MountPoints2\{5060ceea-8ad6-11dc-944e-806e6f6e6963}\Shell - "" = AutoRun O33 - MountPoints2\{5060ceea-8ad6-11dc-944e-806e6f6e6963}\Shell\AutoRun\command - "" = E:\SETUP.EXE -- [2007.11.21 13:13:00 | 032,234,283 | R--- | M] (Franzis Verlag GmbH ) O34 - HKLM BootExecute: (autocheck autochk *) - File not found O35 - HKLM\..comfile [open] -- "%1" %* O35 - HKLM\..exefile [open] -- "%1" %* O37 - HKLM\...com [@ = comfile] -- "%1" %* O37 - HKLM\...exe [@ = exefile] -- "%1" %* NetSvcs: FastUserSwitchingCompatibility - File not found NetSvcs: Ias - C:\Windows\System32\ias [2008.05.30 14:45:36 | 000,000,000 | ---D | M] NetSvcs: Nla - File not found NetSvcs: Ntmssvc - File not found NetSvcs: NWCWorkstation - File not found NetSvcs: Nwsapagent - File not found NetSvcs: SRService - File not found NetSvcs: Wmi - C:\Windows\System32\wmi.dll (Microsoft Corporation) NetSvcs: WmdmPmSp - File not found NetSvcs: LogonHours - File not found NetSvcs: PCAudit - File not found NetSvcs: helpsvc - File not found NetSvcs: uploadmgr - File not found MsConfig - StartUpReg: iTunesHelper - hkey= - key= - C:\Program Files\iTunes\iTunesHelper.exe (Apple Inc.) SafeBootMin: AppMgmt - File not found SafeBootMin: Base - Driver Group SafeBootMin: Boot Bus Extender - Driver Group SafeBootMin: Boot file system - Driver Group SafeBootMin: File system - Driver Group SafeBootMin: Filter - Driver Group SafeBootMin: HelpSvc - Service SafeBootMin: NTDS - File not found SafeBootMin: PCI Configuration - Driver Group SafeBootMin: PNP Filter - Driver Group SafeBootMin: Primary disk - Driver Group SafeBootMin: sacsvr - Service SafeBootMin: SCSI Class - Driver Group SafeBootMin: System Bus Extender - Driver Group SafeBootMin: WinDefend - C:\Programme\Windows Defender\MpSvc.dll (Microsoft Corporation) SafeBootMin: {36FC9E60-C465-11CF-8056-444553540000} - Universal Serial Bus controllers SafeBootMin: {4D36E965-E325-11CE-BFC1-08002BE10318} - CD-ROM Drive SafeBootMin: {4D36E967-E325-11CE-BFC1-08002BE10318} - DiskDrive SafeBootMin: {4D36E969-E325-11CE-BFC1-08002BE10318} - Standard floppy disk controller SafeBootMin: {4D36E96A-E325-11CE-BFC1-08002BE10318} - Hdc SafeBootMin: {4D36E96B-E325-11CE-BFC1-08002BE10318} - Keyboard SafeBootMin: {4D36E96F-E325-11CE-BFC1-08002BE10318} - Mouse SafeBootMin: {4D36E977-E325-11CE-BFC1-08002BE10318} - PCMCIA Adapters SafeBootMin: {4D36E97B-E325-11CE-BFC1-08002BE10318} - SCSIAdapter SafeBootMin: {4D36E97D-E325-11CE-BFC1-08002BE10318} - System SafeBootMin: {4D36E980-E325-11CE-BFC1-08002BE10318} - Floppy disk drive SafeBootMin: {533C5B84-EC70-11D2-9505-00C04F79DEAF} - Volume shadow copy SafeBootMin: {6BDD1FC1-810F-11D0-BEC7-08002BE2092F} - IEEE 1394 Bus host controllers SafeBootMin: {71A27CDD-812A-11D0-BEC7-08002BE2092F} - Volume SafeBootMin: {745A17A0-74D3-11D0-B6FE-00A0C90F57DA} - Human Interface Devices SafeBootMin: {D48179BE-EC20-11D1-B6B8-00C04FA372A7} - SBP2 IEEE 1394 Devices SafeBootMin: {D94EE5D8-D189-4994-83D2-F68D7D41B0E6} - SecurityDevices SafeBootNet: AppMgmt - File not found SafeBootNet: Base - Driver Group SafeBootNet: Boot Bus Extender - Driver Group SafeBootNet: Boot file system - Driver Group SafeBootNet: File system - Driver Group SafeBootNet: Filter - Driver Group SafeBootNet: HelpSvc - Service SafeBootNet: Messenger - File not found SafeBootNet: NDIS Wrapper - Driver Group SafeBootNet: NetBIOSGroup - Driver Group SafeBootNet: NetDDEGroup - Driver Group SafeBootNet: Network - Driver Group SafeBootNet: NetworkProvider - Driver Group SafeBootNet: NTDS - File not found SafeBootNet: PCI Configuration - Driver Group SafeBootNet: PNP Filter - Driver Group SafeBootNet: PNP_TDI - Driver Group SafeBootNet: Primary disk - Driver Group SafeBootNet: rdsessmgr - Service SafeBootNet: sacsvr - Service SafeBootNet: SCSI Class - Driver Group SafeBootNet: Streams Drivers - Driver Group SafeBootNet: System Bus Extender - Driver Group SafeBootNet: TDI - Driver Group SafeBootNet: WinDefend - C:\Programme\Windows Defender\MpSvc.dll (Microsoft Corporation) SafeBootNet: WudfPf - Driver SafeBootNet: WudfUsbccidDriver - Driver SafeBootNet: {36FC9E60-C465-11CF-8056-444553540000} - Universal Serial Bus controllers SafeBootNet: {4D36E965-E325-11CE-BFC1-08002BE10318} - CD-ROM Drive SafeBootNet: {4D36E967-E325-11CE-BFC1-08002BE10318} - DiskDrive SafeBootNet: {4D36E969-E325-11CE-BFC1-08002BE10318} - Standard floppy disk controller SafeBootNet: {4D36E96A-E325-11CE-BFC1-08002BE10318} - Hdc SafeBootNet: {4D36E96B-E325-11CE-BFC1-08002BE10318} - Keyboard SafeBootNet: {4D36E96F-E325-11CE-BFC1-08002BE10318} - Mouse SafeBootNet: {4D36E972-E325-11CE-BFC1-08002BE10318} - Net SafeBootNet: {4D36E973-E325-11CE-BFC1-08002BE10318} - NetClient SafeBootNet: {4D36E974-E325-11CE-BFC1-08002BE10318} - NetService SafeBootNet: {4D36E975-E325-11CE-BFC1-08002BE10318} - NetTrans SafeBootNet: {4D36E977-E325-11CE-BFC1-08002BE10318} - PCMCIA Adapters SafeBootNet: {4D36E97B-E325-11CE-BFC1-08002BE10318} - SCSIAdapter SafeBootNet: {4D36E97D-E325-11CE-BFC1-08002BE10318} - System SafeBootNet: {4D36E980-E325-11CE-BFC1-08002BE10318} - Floppy disk drive SafeBootNet: {50DD5230-BA8A-11D1-BF5D-0000F805F530} - Smart card readers SafeBootNet: {533C5B84-EC70-11D2-9505-00C04F79DEAF} - Volume shadow copy SafeBootNet: {6BDD1FC1-810F-11D0-BEC7-08002BE2092F} - IEEE 1394 Bus host controllers SafeBootNet: {71A27CDD-812A-11D0-BEC7-08002BE2092F} - Volume SafeBootNet: {745A17A0-74D3-11D0-B6FE-00A0C90F57DA} - Human Interface Devices SafeBootNet: {D48179BE-EC20-11D1-B6B8-00C04FA372A7} - SBP2 IEEE 1394 Devices SafeBootNet: {D94EE5D8-D189-4994-83D2-F68D7D41B0E6} - SecurityDevices ActiveX: {08B0E5C0-4FCB-11CF-AAA5-00401C608500} - Java (Sun) ActiveX: {166B1BCA-3F9C-11CF-8075-444553540000} - Macromedia Shockwave Director 6.0.1 ActiveX: {2179C5D3-EBFF-11CF-B6FD-00AA00B4E220} - ActiveX: {22d6f312-b0f6-11d0-94ab-0080c74c7e95} - Microsoft Windows Media Player 11.0 ActiveX: {233C1507-6A77-46A4-9443-F871F945D258} - Adobe Shockwave Director 10.4 ActiveX: {25FFAAD0-F4A3-4164-95FF-4461E9F35D51} - .NET Framework ActiveX: {2A202491-F00D-11cf-87CC-0020AFEECF20} - Adobe Shockwave Director 10.4 ActiveX: {2C7339CF-2B09-4501-B3F3-F3508C9228ED} - %SystemRoot%\system32\regsvr32.exe /s /n /i:/UserInstall %SystemRoot%\system32\themeui.dll ActiveX: {3af36230-a269-11d1-b5bf-0000f8051515} - Offline Browsing Pack ActiveX: {411EDCF7-755D-414E-A74B-3DCD6583F589} - Microsoft .NET Framework 1.1 Service Pack 1 (KB867460) ActiveX: {44BBA840-CC51-11CF-AAFA-00AA00B6015C} - "%ProgramFiles%\Windows Mail\WinMail.exe" OCInstallUserConfigOE ActiveX: {44BBA848-CC51-11CF-AAFA-00AA00B6015C} - ActiveX: {44BBA855-CC51-11CF-AAFA-00AA00B6015F} - DirectDrawEx ActiveX: {45ea75a0-a269-11d1-b5bf-0000f8051515} - Internet Explorer Help ActiveX: {4f645220-306d-11d2-995d-00c04f98bbc9} - Microsoft Windows Script 5.6 ActiveX: {5fd399c0-a70a-11d1-9948-00c04f98bbc9} - Internet Explorer Setup Tools ActiveX: {630b1da0-b465-11d1-9948-00c04f98bbc9} - Browsing Enhancements ActiveX: {6BF52A52-394A-11d3-B153-00C04F79FAA6} - Microsoft Windows Media Player ActiveX: {6fab99d0-bab8-11d1-994a-00c04f98bbc9} - MSN Site Access ActiveX: {73FA19D0-2D75-11D2-995D-00C04F98BBC9} - Webordner ActiveX: {7790769C-0471-11d2-AF11-00C04FA35D02} - Address Book 7 ActiveX: {7C028AF8-F614-47B3-82DA-BA94E41B1089} - .NET Framework ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4340} - regsvr32.exe /s /n /i:U shell32.dll ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4383} - C:\Windows\system32\ie4uinit.exe -BaseSettings ActiveX: {89B4C1CD-B018-4511-B0A1-5476DBF70820} - C:\Windows\system32\Rundll32.exe C:\Windows\system32\mscories.dll,Install ActiveX: {9381D8F2-0288-11D0-9501-00AA00B911A5} - Dynamic HTML Data Binding ActiveX: {C9E9A340-D1F1-11D0-821E-444553540600} - Internet Explorer Core Fonts ActiveX: {CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1} - .NET Framework ActiveX: {CDD7975E-60F8-41d5-8149-19E51D6F71D0} - Windows Movie Maker v2.1 ActiveX: {D27CDB6E-AE6D-11CF-96B8-444553540000} - Adobe Flash Player ActiveX: {DAA94A2A-2A8D-4D3B-9DB8-56FBECED082D} - Microsoft .NET Framework 1.1 Security Update (KB953297) ActiveX: {de5aed00-a4bf-11d1-9948-00c04f98bbc9} - HTML Help ActiveX: {E78BFA60-5393-4C38-82AB-E8019E464EB4} - .NET Framework ActiveX: {E92B03AB-B707-11d2-9CBD-0000F87A369E} - Active Directory Service Interface ActiveX: >{22d6f312-b0f6-11d0-94ab-0080c74c7e95} - C:\Windows\system32\unregmp2.exe /ShowWMP ActiveX: >{26923b43-4d38-484f-9b9e-de460746276c} - C:\Windows\system32\ie4uinit.exe -UserIconConfig ActiveX: >{60B49E34-C7CC-11D0-8953-00A0C90347FF} - "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\iedkcs32.dll",BrandIEActiveSetup SIGNUP ActiveX: ccc-core-static - msiexec /fums {08D864D1-9CAD-7D21-AAB6-4B9E3BC8D1A5} /qb Drivers32: msacm.l3acm - C:\Windows\System32\l3codeca.acm (Fraunhofer Institut Integrierte Schaltungen IIS) Drivers32: vidc.cvid - C:\Windows\System32\iccvid.dll (Radius Inc.) Drivers32: vidc.iv31 - C:\Windows\System32\ir32_32.dll (Intel(R) Corporation) Drivers32: vidc.iv32 - C:\Windows\System32\ir32_32.dll (Intel(R) Corporation) Drivers32: vidc.yvu9 - C:\Windows\System32\Iyvu9_32.dll () CREATERESTOREPOINT Error creating restore point. ========== Files/Folders - Created Within 30 Days ========== [2010.06.08 20:33:09 | 000,000,000 | ---D | C] -- C:\rsit [2010.06.08 20:10:23 | 000,000,000 | ---D | C] -- C:\Programme\CCleaner [2010.05.26 16:13:38 | 000,002,048 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\tzres.dll [2010.05.21 10:37:36 | 004,661,248 | ---- | C] (Haufe-Lexware GmbH & Co. KG) -- C:\Windows\System32\LxXtreme70VC8.dll [2010.05.21 10:37:36 | 001,347,584 | ---- | C] (Haufe-Lexware GmbH & Co. KG) -- C:\Windows\System32\LXTool80VC8.dll [2010.05.21 10:37:36 | 000,716,800 | ---- | C] (Haufe-Lexware GmbH & Co. KG) -- C:\Windows\System32\lxter20VC8.dll [2010.05.21 10:37:36 | 000,557,056 | ---- | C] (Haufe-Lexware GmbH & Co. KG) -- C:\Windows\System32\zvkonline80VC8.dll [2010.05.21 10:37:36 | 000,110,592 | ---- | C] (Haufe-Lexware GmbH & Co. KG) -- C:\Windows\System32\LxUISettings20Native.dll [2010.05.21 10:37:36 | 000,069,632 | ---- | C] (Haufe-Lexware GmbH & Co. KG) -- C:\Windows\System32\PXTTool80VC8.dll [2010.05.21 10:37:36 | 000,027,648 | ---- | C] (Haufe-Lexware GmbH & Co. KG) -- C:\Windows\System32\LXTPSW20VC8.dll [2010.05.21 10:37:34 | 000,323,584 | ---- | C] (Haufe-Lexware GmbH & Co. KG) -- C:\Windows\System32\LxImport80VC8.dll [2010.05.21 10:37:34 | 000,299,008 | ---- | C] (Haufe-Lexware GmbH & Co. KG) -- C:\Windows\System32\LXBtr80VC8.dll [2010.05.21 10:37:34 | 000,225,280 | ---- | C] (Haufe-Lexware GmbH & Co. KG) -- C:\Windows\System32\LxBasics80VC8.dll [2010.05.21 10:37:34 | 000,192,512 | ---- | C] (Haufe-Lexware GmbH & Co. KG) -- C:\Windows\System32\LXDasi80VC8.dll [2010.05.21 10:37:34 | 000,135,168 | ---- | C] (Haufe-Lexware GmbH & Co. KG) -- C:\Windows\System32\LxMail30VC8.dll [1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ] ========== Files - Modified Within 30 Days ========== [2010.06.08 21:16:02 | 006,029,312 | -HS- | M] () -- C:\Users\X\NTUSER.DAT [2010.06.08 21:15:06 | 000,000,436 | -H-- | M] () -- C:\Windows\tasks\User_Feed_Synchronization-{1F89915D-5E81-4867-9ABF-51447C132B47}.job [2010.06.08 21:14:59 | 000,000,428 | -H-- | M] () -- C:\Windows\tasks\User_Feed_Synchronization-{88D7508A-E19D-4251-9830-70FC4DCAA041}.job [2010.06.08 21:05:03 | 000,029,564 | ---- | M] () -- C:\Users\X\AppData\Roaming\wklnhst.dat [2010.06.08 20:51:13 | 000,001,138 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-2172357726-1718783292-1392186010-1002UA.job [2010.06.08 20:38:00 | 000,001,096 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job [2010.06.08 20:37:25 | 000,003,296 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0 [2010.06.08 20:37:25 | 000,003,296 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0 [2010.06.08 20:22:25 | 001,445,786 | ---- | M] () -- C:\Windows\System32\PerfStringBackup.INI [2010.06.08 20:22:25 | 000,628,210 | ---- | M] () -- C:\Windows\System32\perfh007.dat [2010.06.08 20:22:25 | 000,595,308 | ---- | M] () -- C:\Windows\System32\perfh009.dat [2010.06.08 20:22:25 | 000,126,850 | ---- | M] () -- C:\Windows\System32\perfc007.dat [2010.06.08 20:22:25 | 000,104,742 | ---- | M] () -- C:\Windows\System32\perfc009.dat [2010.06.08 20:21:06 | 000,001,052 | ---- | M] () -- C:\Windows\tasks\Google Software Updater.job [2010.06.08 20:17:24 | 000,001,092 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job [2010.06.08 20:17:16 | 000,000,006 | -H-- | M] () -- C:\Windows\tasks\SA.DAT [2010.06.08 20:17:14 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat [2010.06.08 20:17:10 | 2010,611,712 | -HS- | M] () -- C:\hiberfil.sys [2010.06.08 20:16:05 | 000,524,288 | -HS- | M] () -- C:\Users\X\NTUSER.DAT{cc1e9aa3-73a1-11de-8537-001d9202aad5}.TMContainer00000000000000000002.regtrans-ms [2010.06.08 20:16:05 | 000,065,536 | -HS- | M] () -- C:\Users\X\NTUSER.DAT{cc1e9aa3-73a1-11de-8537-001d9202aad5}.TM.blf [2010.06.08 20:16:02 | 003,102,259 | -H-- | M] () -- C:\Users\XAppData\Local\IconCache.db [2010.06.08 19:55:44 | 000,001,613 | ---- | M] () -- C:\Users\Public\Desktop\ICQ7.lnk [2010.06.08 18:51:01 | 000,001,086 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-2172357726-1718783292-1392186010-1002Core.job [2010.06.08 17:58:15 | 000,219,136 | ---- | M] () -- C:\Users\X\AppData\Roaming\chrtmp [2010.06.02 14:28:47 | 000,018,258 | ---- | M] () -- C:\Users\X\.recently-used.xbel [2010.05.22 11:47:40 | 000,002,077 | ---- | M] () -- C:\Users\Public\Desktop\Google Earth.lnk [2010.05.21 10:37:36 | 004,661,248 | ---- | M] (Haufe-Lexware GmbH & Co. KG) -- C:\Windows\System32\LxXtreme70VC8.dll [2010.05.21 10:37:36 | 001,347,584 | ---- | M] (Haufe-Lexware GmbH & Co. KG) -- C:\Windows\System32\LXTool80VC8.dll [2010.05.21 10:37:36 | 000,716,800 | ---- | M] (Haufe-Lexware GmbH & Co. KG) -- C:\Windows\System32\lxter20VC8.dll [2010.05.21 10:37:36 | 000,557,056 | ---- | M] (Haufe-Lexware GmbH & Co. KG) -- C:\Windows\System32\zvkonline80VC8.dll [2010.05.21 10:37:36 | 000,110,592 | ---- | M] (Haufe-Lexware GmbH & Co. KG) -- C:\Windows\System32\LxUISettings20Native.dll [2010.05.21 10:37:36 | 000,069,632 | ---- | M] (Haufe-Lexware GmbH & Co. KG) -- C:\Windows\System32\PXTTool80VC8.dll [2010.05.21 10:37:36 | 000,027,648 | ---- | M] (Haufe-Lexware GmbH & Co. KG) -- C:\Windows\System32\LXTPSW20VC8.dll [2010.05.21 10:37:34 | 000,323,584 | ---- | M] (Haufe-Lexware GmbH & Co. KG) -- C:\Windows\System32\LxImport80VC8.dll [2010.05.21 10:37:34 | 000,299,008 | ---- | M] (Haufe-Lexware GmbH & Co. KG) -- C:\Windows\System32\LXBtr80VC8.dll [2010.05.21 10:37:34 | 000,225,280 | ---- | M] (Haufe-Lexware GmbH & Co. KG) -- C:\Windows\System32\LxBasics80VC8.dll [2010.05.21 10:37:34 | 000,192,512 | ---- | M] (Haufe-Lexware GmbH & Co. KG) -- C:\Windows\System32\LXDasi80VC8.dll [2010.05.21 10:37:34 | 000,135,168 | ---- | M] (Haufe-Lexware GmbH & Co. KG) -- C:\Windows\System32\LxMail30VC8.dll [2010.05.12 11:21:16 | 000,221,568 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\MpSigStub.exe [2010.05.11 23:35:40 | 009,224,849 | ---- | M] () -- C:\Users\X\Documents\Russland folie.odt [2010.05.11 23:17:40 | 000,071,168 | ---- | M] () -- C:\Users\X\Documents\Franken Fragebogen.doc [2010.05.11 18:26:00 | 000,028,528 | ---- | M] () -- C:\Users\X\Documents\Referat Sozi Russland.odt [1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ] ========== Files Created - No Company Name ========== [2010.06.08 19:55:44 | 000,001,613 | ---- | C] () -- C:\Users\Public\Desktop\ICQ7.lnk [2010.06.08 18:12:20 | 2010,611,712 | -HS- | C] () -- C:\hiberfil.sys [2010.06.08 17:29:36 | 000,219,136 | ---- | C] () -- C:\Users\X\AppData\Roaming\chrtmp [2010.06.02 14:28:47 | 000,018,258 | ---- | C] () -- C:\Users\X\.recently-used.xbel [2010.05.22 11:47:40 | 000,002,077 | ---- | C] () -- C:\Users\Public\Desktop\Google Earth.lnk [2010.05.11 23:35:36 | 009,224,849 | ---- | C] () -- C:\Users\X\Documents\Russland folie.odt [2010.05.11 23:14:52 | 000,071,168 | ---- | C] () -- C:\Users\X\Documents\Franken Fragebogen.doc [2010.05.11 15:52:04 | 000,028,528 | ---- | C] () -- C:\Users\X\Documents\Referat Sozi Russland.odt [2009.08.03 15:07:42 | 000,403,816 | ---- | C] () -- C:\Windows\System32\OGACheckControl.dll [2009.07.15 14:34:48 | 000,117,248 | ---- | C] () -- C:\Windows\System32\EhStorAuthn.dll [2009.07.01 15:48:39 | 000,000,020 | ---- | C] () -- C:\Windows\TTN.INI [2009.07.01 14:45:10 | 000,056,832 | ---- | C] () -- C:\Windows\System32\Iyvu9_32.dll [2009.06.13 13:35:36 | 000,000,400 | ---- | C] () -- C:\Windows\ODBC.INI [2009.03.03 21:12:23 | 000,172,032 | ---- | C] () -- C:\Windows\System32\lame_enc.dll [2008.11.15 15:47:18 | 000,021,840 | ---- | C] () -- C:\Windows\System32\SIntfNT.dll [2008.11.15 15:47:18 | 000,017,212 | ---- | C] () -- C:\Windows\System32\SIntf32.dll [2008.11.15 15:47:18 | 000,012,067 | ---- | C] () -- C:\Windows\System32\SIntf16.dll [2008.11.15 15:35:05 | 000,000,239 | ---- | C] () -- C:\Windows\SIERRA.INI [2008.11.04 22:59:01 | 000,005,632 | ---- | C] () -- C:\Windows\System32\drivers\StarOpen.sys [2008.07.23 16:41:16 | 000,344,064 | ---- | C] () -- C:\Windows\System32\BH_DATA110VC8.dll [2008.03.15 13:03:35 | 000,043,520 | ---- | C] () -- C:\Windows\System32\CmdLineExt03.dll [2008.03.13 17:22:23 | 000,000,069 | ---- | C] () -- C:\Windows\NeroDigital.ini [2008.02.23 16:43:58 | 000,001,147 | ---- | C] () -- C:\Windows\maxlink.ini [2008.02.23 16:43:58 | 000,000,417 | ---- | C] () -- C:\Windows\fantasy2.ini [2008.02.23 16:43:58 | 000,000,300 | ---- | C] () -- C:\Windows\photoprn.ini [2008.02.23 16:43:58 | 000,000,251 | ---- | C] () -- C:\Windows\pmontage.ini [2008.02.23 16:43:58 | 000,000,139 | ---- | C] () -- C:\Windows\pstudio.ini [2008.02.23 16:43:48 | 000,000,021 | ---- | C] () -- C:\Windows\PS_SUITE.INI [2008.01.16 21:20:33 | 000,765,952 | ---- | C] () -- C:\Windows\System32\xvidcore.dll [2008.01.16 21:20:33 | 000,383,238 | ---- | C] () -- C:\Windows\System32\libmp3lame-0.dll [2007.11.15 21:31:34 | 000,208,896 | ---- | C] () -- C:\Windows\System32\LXPrnUtil10.dll [2007.11.15 21:27:40 | 000,303,104 | ---- | C] () -- C:\Windows\System32\dnt27VC8.dll [2007.11.15 21:25:28 | 000,090,112 | ---- | C] () -- C:\Windows\System32\dntvmc27VC8.dll [2007.11.15 21:25:12 | 000,086,016 | ---- | C] () -- C:\Windows\System32\dntvm27VC8.dll [2007.11.13 09:39:30 | 000,057,344 | ---- | C] () -- C:\Windows\System32\FKStampPainter20.dll [2007.09.21 09:00:33 | 000,159,744 | ---- | C] () -- C:\Windows\System32\atitmmxx.dll [2006.11.02 14:35:32 | 000,005,632 | ---- | C] () -- C:\Windows\System32\sysprepMCE.dll [2006.11.02 09:40:29 | 000,013,750 | ---- | C] () -- C:\Windows\System32\pacerprf.ini [2006.04.21 10:08:22 | 000,253,952 | ---- | C] () -- C:\Windows\System32\HtmlHelp.dll [2005.11.09 12:13:48 | 000,282,624 | ---- | C] () -- C:\Windows\System32\dnt27VC7.dll [2005.11.09 12:11:46 | 000,086,016 | ---- | C] () -- C:\Windows\System32\dntvmc27VC7.dll [2005.11.09 12:11:30 | 000,077,824 | ---- | C] () -- C:\Windows\System32\dntvm27VC7.dll [2001.10.10 08:57:58 | 000,073,786 | ---- | C] () -- C:\Windows\System32\dntvmc23.dll [2001.10.10 08:57:58 | 000,061,497 | ---- | C] () -- C:\Windows\System32\dntvm23.dll [2001.03.07 08:02:30 | 000,229,431 | ---- | C] () -- C:\Windows\System32\dnt23.dll [2000.11.29 05:47:50 | 000,000,460 | ---- | C] () -- C:\Windows\SCROLL.INI ========== LOP Check ========== [2009.06.11 19:51:22 | 000,000,000 | ---D | M] -- C:\Users\X\AppData\Roaming\ICQ [2008.11.22 19:57:11 | 000,000,000 | ---D | M] -- C:\Users\X\AppData\Roaming\Lexware [2009.02.06 20:37:27 | 000,000,000 | ---D | M] -- C:\Users\X\AppData\Roaming\T-Online [2009.01.16 20:23:28 | 000,000,000 | ---D | M] -- C:\Users\X\AppData\Roaming\ArchiCrypt Rescue Master [2010.06.04 15:32:48 | 000,000,000 | ---D | M] -- C:\Users\X\AppData\Roaming\FileZilla [2010.04.02 18:51:01 | 000,000,000 | ---D | M] -- C:\Users\X\AppData\Roaming\GNU Solfege [2010.06.02 14:28:47 | 000,000,000 | ---D | M] -- C:\Users\X\AppData\Roaming\gtk-2.0 [2008.05.12 18:46:21 | 000,000,000 | ---D | M] -- C:\Users\X\AppData\Roaming\Haufe [2007.12.01 21:20:03 | 000,000,000 | ---D | M] -- C:\Users\X\AppData\Roaming\ICQ Toolbar [2010.05.11 15:05:45 | 000,000,000 | ---D | M] -- C:\Users\X\AppData\Roaming\Image Zone Express [2009.12.11 20:28:58 | 000,000,000 | ---D | M] -- C:\Users\X\AppData\Roaming\IObit [2008.05.12 18:39:07 | 000,000,000 | ---D | M] -- C:\Users\X\AppData\Roaming\Lexware [2009.01.23 15:12:51 | 000,000,000 | ---D | M] -- C:\Users\X\AppData\Roaming\PeerNetworking [2009.10.24 21:58:37 | 000,000,000 | ---D | M] -- C:\Users\X\AppData\Roaming\Printer Info Cache [2008.11.04 23:02:48 | 000,000,000 | ---D | M] -- C:\Users\X\AppData\Roaming\Samsung [2010.06.08 18:28:07 | 000,000,000 | ---D | M] -- C:\Users\X\AppData\Roaming\StarOffice8 [2007.11.17 16:54:58 | 000,000,000 | ---D | M] -- C:\Users\X\AppData\Roaming\T-Online [2008.12.31 21:56:29 | 000,000,000 | ---D | M] -- C:\Users\X\AppData\Roaming\temp [2007.11.04 16:52:43 | 000,000,000 | ---D | M] -- C:\Users\X\AppData\Roaming\Template [2009.10.24 19:57:00 | 000,000,390 | ---- | M] () -- C:\Windows\Tasks\NSSstub.job [2010.06.08 20:16:17 | 000,032,632 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT [2010.06.08 21:15:06 | 000,000,436 | -H-- | M] () -- C:\Windows\Tasks\User_Feed_Synchronization-{1F89915D-5E81-4867-9ABF-51447C132B47}.job [2010.06.08 21:14:59 | 000,000,428 | -H-- | M] () -- C:\Windows\Tasks\User_Feed_Synchronization-{88D7508A-E19D-4251-9830-70FC4DCAA041}.job ========== Purity Check ========== ========== Custom Scans ========== < %ALLUSERSPROFILE%\Application Data\*. > < %ALLUSERSPROFILE%\Application Data\*.exe /s > < %APPDATA%\*. > [2008.03.24 23:14:24 | 000,000,000 | ---D | M] -- C:\Users\x\AppData\Roaming\Adobe [2008.01.20 00:18:38 | 000,000,000 | ---D | M] -- C:\Users\x\AppData\Roaming\Ahead [2008.11.13 17:03:11 | 000,000,000 | ---D | M] -- C:\Users\x\AppData\Roaming\Apple Computer [2009.01.16 20:23:28 | 000,000,000 | ---D | M] -- C:\Users\x\AppData\Roaming\ArchiCrypt Rescue Master [2007.11.04 15:21:20 | 000,000,000 | ---D | M] -- C:\Users\x\AppData\Roaming\ATI [2010.06.04 15:32:48 | 000,000,000 | ---D | M] -- C:\Users\x\AppData\Roaming\FileZilla [2010.04.02 18:51:01 | 000,000,000 | ---D | M] -- C:\Users\x\AppData\Roaming\GNU Solfege [2008.03.21 00:10:33 | 000,000,000 | ---D | M] -- C:\Users\x\AppData\Roaming\Google [2010.06.02 14:28:47 | 000,000,000 | ---D | M] -- C:\Users\x\AppData\Roaming\gtk-2.0 [2008.05.12 18:46:21 | 000,000,000 | ---D | M] -- C:\Users\x\AppData\Roaming\Haufe [2009.01.04 10:57:21 | 000,000,000 | ---D | M] -- C:\Users\x\AppData\Roaming\HP [2009.11.23 15:54:50 | 000,000,000 | ---D | M] -- C:\Users\x\AppData\Roaming\HpUpdate [2007.12.01 21:20:03 | 000,000,000 | ---D | M] -- C:\Users\x\AppData\Roaming\ICQ Toolbar [2007.11.04 15:20:40 | 000,000,000 | ---D | M] -- C:\Users\x\AppData\Roaming\Identities [2010.05.11 15:05:45 | 000,000,000 | ---D | M] -- C:\Users\x\AppData\Roaming\Image Zone Express [2009.07.15 19:51:18 | 000,000,000 | ---D | M] -- C:\Users\x\AppData\Roaming\InstallShield [2009.12.11 20:28:58 | 000,000,000 | ---D | M] -- C:\Users\x\AppData\Roaming\IObit [2008.05.12 18:39:07 | 000,000,000 | ---D | M] -- C:\Users\x\AppData\Roaming\Lexware [2007.11.24 17:45:25 | 000,000,000 | ---D | M] -- C:\Users\x\AppData\Roaming\Macromedia [2009.07.11 15:56:40 | 000,000,000 | ---D | M] -- C:\Users\x\AppData\Roaming\Malwarebytes [2006.11.02 14:37:34 | 000,000,000 | ---D | M] -- C:\Users\x\AppData\Roaming\Media Center Programs [2009.06.24 15:08:52 | 000,000,000 | --SD | M] -- C:\Users\x\AppData\Roaming\Microsoft [2010.06.08 20:05:09 | 000,000,000 | ---D | M] -- C:\Users\x\AppData\Roaming\mIRC [2008.09.19 23:28:50 | 000,000,000 | ---D | M] -- C:\Users\x\AppData\Roaming\Mozilla [2009.01.23 15:12:51 | 000,000,000 | ---D | M] -- C:\Users\x\AppData\Roaming\PeerNetworking [2009.10.24 21:58:37 | 000,000,000 | ---D | M] -- C:\Users\xr\AppData\Roaming\Printer Info Cache [2010.02.12 22:05:55 | 000,000,000 | ---D | M] -- C:\Users\x\AppData\Roaming\Real [2008.11.04 23:02:48 | 000,000,000 | ---D | M] -- C:\Users\x\AppData\Roaming\Samsung [2007.11.24 13:55:45 | 000,000,000 | RH-D | M] -- C:\Users\x\AppData\Roaming\SecuROM [2010.06.03 17:37:08 | 000,000,000 | ---D | M] -- C:\Users\x\AppData\Roaming\Skype [2009.04.22 14:51:43 | 000,000,000 | ---D | M] -- C:\Users\x\AppData\Roaming\skypePM [2010.06.08 18:28:07 | 000,000,000 | ---D | M] -- C:\Users\x\AppData\Roaming\StarOffice8 [2007.11.17 16:54:58 | 000,000,000 | ---D | M] -- C:\Users\x\AppData\Roaming\T-Online [2008.03.07 23:44:42 | 000,000,000 | ---D | M] -- C:\Users\x\AppData\Roaming\Talkback [2008.12.31 21:56:29 | 000,000,000 | ---D | M] -- C:\Users\x\AppData\Roaming\temp [2007.11.04 16:52:43 | 000,000,000 | ---D | M] -- C:\Users\x\AppData\Roaming\Template [2009.07.15 17:21:17 | 000,000,000 | ---D | M] -- C:\Users\x\AppData\Roaming\THQ [2010.02.28 18:46:32 | 000,000,000 | ---D | M] -- C:\Users\x\AppData\Roaming\TVU networks [2008.01.02 17:04:06 | 000,000,000 | ---D | M] -- C:\Users\x\AppData\Roaming\WinRAR < %APPDATA%\*.exe /s > [2009.11.04 17:49:36 | 000,635,664 | ---- | M] (IObit) -- C:\Users\x\AppData\Roaming\IObit\Common\TB_Helper.exe [2009.05.12 20:18:13 | 000,086,016 | R--- | M] (InstallShield Software Corp.) -- C:\Users\Mühlhauser\AppData\Roaming\Microsoft\Installer\{F48AAE0F-52F4-11DD-B1F7-0050560400B1}\ARPPRODUCTICON.exe [2010.02.28 19:20:47 | 005,514,304 | ---- | M] (TVU networks) -- C:\Users\x\AppData\Roaming\TVU networks\AutoUpgrade\TVUPlayer2.5.2.2.exe [2008.12.14 22:35:52 | 005,241,488 | ---- | M] (TVU networks) -- C:\Users\x\AppData\Roaming\TVU networks\TVU AutoUpgrade\TVUPlayer2.4.1.0.exe [2009.04.18 20:41:27 | 000,886,910 | ---- | M] (TVU networks) -- C:\Users\x\AppData\Roaming\TVU networks\TVU AutoUpgrade\TVUPlayer2.4.5.1.exe < %SYSTEMDRIVE%\*.exe > < MD5 for: AGP440.SYS > [2008.01.19 09:42:25 | 000,056,376 | ---- | M] (Microsoft Corporation) MD5=13F9E33747E6B41A3FF305C37DB0D360 -- C:\Windows\System32\DriverStore\FileRepository\machine.inf_51b95d75\AGP440.sys [2008.01.19 09:42:25 | 000,056,376 | ---- | M] (Microsoft Corporation) MD5=13F9E33747E6B41A3FF305C37DB0D360 -- C:\Windows\System32\DriverStore\FileRepository\machine.inf_f750e484\AGP440.sys [2008.01.19 09:42:25 | 000,056,376 | ---- | M] (Microsoft Corporation) MD5=13F9E33747E6B41A3FF305C37DB0D360 -- C:\Windows\winsxs\x86_machine.inf_31bf3856ad364e35_6.0.6001.18000_none_ba12ed3bbeb0d97a\AGP440.sys [2008.01.19 09:42:25 | 000,056,376 | ---- | M] (Microsoft Corporation) MD5=13F9E33747E6B41A3FF305C37DB0D360 -- C:\Windows\winsxs\x86_machine.inf_31bf3856ad364e35_6.0.6002.18005_none_bbfe6647bbd2a4c6\AGP440.sys [2006.11.02 11:49:52 | 000,053,864 | ---- | M] (Microsoft Corporation) MD5=EF23439CDD587F64C2C1B8825CEAD7D8 -- C:\Windows\System32\drivers\AGP440.sys [2006.11.02 11:49:52 | 000,053,864 | ---- | M] (Microsoft Corporation) MD5=EF23439CDD587F64C2C1B8825CEAD7D8 -- C:\Windows\System32\DriverStore\FileRepository\machine.inf_920a2c1f\AGP440.sys < MD5 for: ATAPI.SYS > [2009.04.11 08:32:26 | 000,019,944 | ---- | M] (Microsoft Corporation) MD5=1F05B78AB91C9075565A9D8A4B880BC4 -- C:\Windows\System32\drivers\atapi.sys [2009.04.11 08:32:26 | 000,019,944 | ---- | M] (Microsoft Corporation) MD5=1F05B78AB91C9075565A9D8A4B880BC4 -- C:\Windows\System32\DriverStore\FileRepository\mshdc.inf_b12d8e84\atapi.sys [2009.04.11 08:32:26 | 000,019,944 | ---- | M] (Microsoft Corporation) MD5=1F05B78AB91C9075565A9D8A4B880BC4 -- C:\Windows\winsxs\x86_mshdc.inf_31bf3856ad364e35_6.0.6002.18005_none_df23a1261eab99e8\atapi.sys [2008.01.19 09:41:30 | 000,021,560 | ---- | M] (Microsoft Corporation) MD5=2D9C903DC76A66813D350A562DE40ED9 -- C:\Windows\System32\DriverStore\FileRepository\mshdc.inf_cc18792d\atapi.sys [2008.01.19 09:41:30 | 000,021,560 | ---- | M] (Microsoft Corporation) MD5=2D9C903DC76A66813D350A562DE40ED9 -- C:\Windows\winsxs\x86_mshdc.inf_31bf3856ad364e35_6.0.6001.18000_none_dd38281a2189ce9c\atapi.sys [2006.11.02 11:49:36 | 000,019,048 | ---- | M] (Microsoft Corporation) MD5=4F4FCB8B6EA06784FB6D475B7EC7300F -- C:\Windows\System32\DriverStore\FileRepository\mshdc.inf_c6c2e699\atapi.sys [2007.04.17 10:30:38 | 000,021,688 | ---- | M] (Microsoft Corporation) MD5=78620BDA3EC87816E5D1FA86F920BC3A -- C:\Windows\System32\DriverStore\FileRepository\mshdc.inf_c2a1b5ae\atapi.sys [2007.04.17 10:30:38 | 000,021,688 | ---- | M] (Microsoft Corporation) MD5=78620BDA3EC87816E5D1FA86F920BC3A -- C:\Windows\winsxs\x86_mshdc.inf_31bf3856ad364e35_6.0.6000.20518_none_dbd8b4d73d81c9d0\atapi.sys [2008.02.13 22:55:05 | 000,021,560 | ---- | M] (Microsoft Corporation) MD5=B35CFCEF838382AB6490B321C87EDF17 -- C:\Windows\System32\DriverStore\FileRepository\mshdc.inf_7de13c21\atapi.sys [2008.02.13 22:55:05 | 000,021,560 | ---- | M] (Microsoft Corporation) MD5=B35CFCEF838382AB6490B321C87EDF17 -- C:\Windows\winsxs\x86_mshdc.inf_31bf3856ad364e35_6.0.6000.16632_none_db337a442479c42c\atapi.sys [2008.02.13 22:55:04 | 000,021,560 | ---- | M] (Microsoft Corporation) MD5=E03E8C99D15D0381E02743C36AFC7C6F -- C:\Windows\System32\DriverStore\FileRepository\mshdc.inf_64dfd8ea\atapi.sys [2008.02.13 22:55:04 | 000,021,560 | ---- | M] (Microsoft Corporation) MD5=E03E8C99D15D0381E02743C36AFC7C6F -- C:\Windows\winsxs\x86_mshdc.inf_31bf3856ad364e35_6.0.6000.20757_none_dbac78a93da31a8b\atapi.sys < MD5 for: CNGAUDIT.DLL > [2006.11.02 11:46:03 | 000,011,776 | ---- | M] (Microsoft Corporation) MD5=7F15B4953378C8B5161D65C26D5FED4D -- C:\Windows\System32\cngaudit.dll [2006.11.02 11:46:03 | 000,011,776 | ---- | M] (Microsoft Corporation) MD5=7F15B4953378C8B5161D65C26D5FED4D -- C:\Windows\winsxs\x86_microsoft-windows-cngaudit-dll_31bf3856ad364e35_6.0.6000.16386_none_e62d292932a96ce6\cngaudit.dll < MD5 for: IASTORV.SYS > [2008.01.19 09:42:51 | 000,235,064 | ---- | M] (Intel Corporation) MD5=54155EA1B0DF185878E0FC9EC3AC3A14 -- C:\Windows\System32\DriverStore\FileRepository\iastorv.inf_c9df7691\iaStorV.sys [2008.01.19 09:42:51 | 000,235,064 | ---- | M] (Intel Corporation) MD5=54155EA1B0DF185878E0FC9EC3AC3A14 -- C:\Windows\winsxs\x86_iastorv.inf_31bf3856ad364e35_6.0.6001.18000_none_af11527887c7fa8f\iaStorV.sys [2006.11.02 11:51:25 | 000,232,040 | ---- | M] (Intel Corporation) MD5=C957BF4B5D80B46C5017BF0101E6C906 -- C:\Windows\System32\drivers\iaStorV.sys [2006.11.02 11:51:25 | 000,232,040 | ---- | M] (Intel Corporation) MD5=C957BF4B5D80B46C5017BF0101E6C906 -- C:\Windows\System32\DriverStore\FileRepository\iastorv.inf_37cdafa4\iaStorV.sys < MD5 for: NETLOGON.DLL > [2006.11.02 11:46:11 | 000,559,616 | ---- | M] (Microsoft Corporation) MD5=889A2C9F2AACCD8F64EF50AC0B3D553B -- C:\Windows\winsxs\x86_microsoft-windows-security-netlogon_31bf3856ad364e35_6.0.6000.16386_none_fb80f5473b0ed783\netlogon.dll [2009.04.11 08:28:23 | 000,592,896 | ---- | M] (Microsoft Corporation) MD5=95DAECF0FB120A7B5DA679CC54E37DDE -- C:\Windows\System32\netlogon.dll [2009.04.11 08:28:23 | 000,592,896 | ---- | M] (Microsoft Corporation) MD5=95DAECF0FB120A7B5DA679CC54E37DDE -- C:\Windows\winsxs\x86_microsoft-windows-security-netlogon_31bf3856ad364e35_6.0.6002.18005_none_ffa3304f351bb3a3\netlogon.dll [2008.01.19 09:35:36 | 000,592,384 | ---- | M] (Microsoft Corporation) MD5=A8EFC0B6E75B789F7FD3BA5025D4E37F -- C:\Windows\winsxs\x86_microsoft-windows-security-netlogon_31bf3856ad364e35_6.0.6001.18000_none_fdb7b74337f9e857\netlogon.dll < MD5 for: NVSTOR.SYS > [2006.11.02 11:50:13 | 000,040,040 | ---- | M] (NVIDIA Corporation) MD5=9E0BA19A28C498A6D323D065DB76DFFC -- C:\Windows\System32\drivers\nvstor.sys [2006.11.02 11:50:13 | 000,040,040 | ---- | M] (NVIDIA Corporation) MD5=9E0BA19A28C498A6D323D065DB76DFFC -- C:\Windows\System32\DriverStore\FileRepository\nvraid.inf_733654ff\nvstor.sys [2008.01.19 09:42:09 | 000,045,112 | ---- | M] (NVIDIA Corporation) MD5=ABED0C09758D1D97DB0042DBB2688177 -- C:\Windows\System32\DriverStore\FileRepository\nvraid.inf_31c3d71d\nvstor.sys [2008.01.19 09:42:09 | 000,045,112 | ---- | M] (NVIDIA Corporation) MD5=ABED0C09758D1D97DB0042DBB2688177 -- C:\Windows\winsxs\x86_nvraid.inf_31bf3856ad364e35_6.0.6001.18000_none_39dac327befea467\nvstor.sys < MD5 for: SCECLI.DLL > [2008.01.19 09:36:19 | 000,177,152 | ---- | M] (Microsoft Corporation) MD5=28B84EB538F7E8A0FE8B9299D591E0B9 -- C:\Windows\winsxs\x86_microsoft-windows-s..urationengineclient_31bf3856ad364e35_6.0.6001.18000_none_380de25bd91b6f12\scecli.dll [2006.11.02 11:46:12 | 000,176,640 | ---- | M] (Microsoft Corporation) MD5=80E2839D05CA5970A86D7BE2A08BFF61 -- C:\Windows\winsxs\x86_microsoft-windows-s..urationengineclient_31bf3856ad364e35_6.0.6000.16386_none_35d7205fdc305e3e\scecli.dll [2009.04.11 08:28:24 | 000,177,152 | ---- | M] (Microsoft Corporation) MD5=8FC182167381E9915651267044105EE1 -- C:\Windows\System32\scecli.dll [2009.04.11 08:28:24 | 000,177,152 | ---- | M] (Microsoft Corporation) MD5=8FC182167381E9915651267044105EE1 -- C:\Windows\winsxs\x86_microsoft-windows-s..urationengineclient_31bf3856ad364e35_6.0.6002.18005_none_39f95b67d63d3a5e\scecli.dll < MD5 for: USERINIT.EXE > [2008.01.19 09:33:33 | 000,025,088 | ---- | M] (Microsoft Corporation) MD5=0E135526E9785D085BCD9AEDE6FBCBF9 -- C:\Windows\System32\userinit.exe [2008.01.19 09:33:33 | 000,025,088 | ---- | M] (Microsoft Corporation) MD5=0E135526E9785D085BCD9AEDE6FBCBF9 -- C:\Windows\winsxs\x86_microsoft-windows-userinit_31bf3856ad364e35_6.0.6001.18000_none_dc28ba15d1aff80b\userinit.exe [2006.11.02 11:45:50 | 000,024,576 | ---- | M] (Microsoft Corporation) MD5=22027835939F86C3E47AD8E3FBDE3D11 -- C:\Windows\winsxs\x86_microsoft-windows-userinit_31bf3856ad364e35_6.0.6000.16386_none_d9f1f819d4c4e737\userinit.exe < MD5 for: WS2IFSL.SYS > [2006.11.02 10:58:26 | 000,015,872 | ---- | M] (Microsoft Corporation) MD5=84620AECDCFD2A7A14E6263927D8C0ED -- C:\Windows\winsxs\x86_microsoft-windows-w..rastructure-ws2ifsl_31bf3856ad364e35_6.0.6000.16386_none_4d4fded8cae2956d\ws2ifsl.sys [2008.01.19 07:56:49 | 000,015,872 | ---- | M] (Microsoft Corporation) MD5=E3A3CB253C0EC2494D4A61F5E43A389C -- C:\Windows\System32\drivers\ws2ifsl.sys [2008.01.19 07:56:49 | 000,015,872 | ---- | M] (Microsoft Corporation) MD5=E3A3CB253C0EC2494D4A61F5E43A389C -- C:\Windows\winsxs\x86_microsoft-windows-w..rastructure-ws2ifsl_31bf3856ad364e35_6.0.6001.18000_none_4f86a0d4c7cda641\ws2ifsl.sys < %systemroot%\system32\drivers\*.sys /lockedfiles > < %systemroot%\System32\config\*.sav > [2006.11.02 12:34:05 | 000,008,192 | ---- | M] () -- C:\Windows\System32\config\COMPONENTS.SAV [2006.11.02 12:34:05 | 000,020,480 | ---- | M] () -- C:\Windows\System32\config\DEFAULT.SAV [2006.11.02 12:34:05 | 000,008,192 | ---- | M] () -- C:\Windows\System32\config\SECURITY.SAV [2006.11.02 12:34:08 | 010,133,504 | ---- | M] () -- C:\Windows\System32\config\SOFTWARE.SAV [2006.11.02 12:34:08 | 001,826,816 | ---- | M] () -- C:\Windows\System32\config\SYSTEM.SAV < %systemroot%\*. /mp /s > < %systemroot%\system32\*.dll /lockedfiles > [2009.04.11 08:27:47 | 000,241,128 | ---- | M] (Microsoft Corporation) Unable to obtain MD5 -- C:\Windows\System32\rsaenh.dll [2009.04.11 08:28:23 | 000,228,352 | ---- | M] (Microsoft Corporation) Unable to obtain MD5 -- C:\Windows\System32\SLC.dll ========== Alternate Data Streams ========== @Alternate Data Stream - 114 bytes -> C:\ProgramData\TEMP:FA5F15C4 @Alternate Data Stream - 110 bytes -> C:\ProgramData\TEMP:DFC5A2B2 < End of report > |
|
08.06.2010, 20:59
| #5 |
| /// Malware-holic | Icq-Bild-Virus Fixen mit OTL • Starte bitte die OTL.exe. Vista-User mit Rechtsklick "als Administrator starten" • Kopiere nun das Folgende in die Textbox. :OTL O2 - BHO: (XTTBPos00 Class) - {055FD26D-3A88-4e15-963D-DC8493744B1D} - Reg Error: Value error. File not found O2 - BHO: (PHPNukeDE Toolbar) - {c9508125-4747-4733-b048-e4b82dc9716d} - Reg Error: Value error. File not found PRC - C:\Users\Public\winscdvn.exe () O3 - HKLM\..\Toolbar: (PHPNukeDE Toolbar) - {c9508125-4747-4733-b048-e4b82dc9716d} - Reg Error: Value error. File not found O3 - HKU\S-1-5-21-2172357726-1718783292-1392186010-1002\..\Toolbar\WebBrowser: (PHPNukeDE Toolbar) - {C9508125-4747-4733-B048-E4B82DC9716D} - Reg Error: Value error. File not found O4 - HKU\S-1-5-21-2172357726-1718783292-1392186010-1002..\Run: [Windows Firewall Updates] C:\Users\Public\winscdvn.exe () @Alternate Data Stream - 114 bytes -> C:\ProgramData\TEMP:FA5F15C4 @Alternate Data Stream - 110 bytes -> C:\ProgramData\TEMP  FC5A2B2:Files C:\Users\Public\winscdvn.exe :Commands [purity] [EMPTYFLASH] [emptytemp] [start explorer] [Reboot] • Schliesse bitte nun alle Programme. • Klicke nun bitte auf den Run Fix Button. • OTL kann gegebenfalls einen Neustart verlangen. Bitte dies zulassen. • Nach dem Neustart findest Du ein Textdokument dieses posten |
|
08.06.2010, 21:19
| #6 |
| | Icq-Bild-Virus Auf dem Destkop und in anderen Ordnern erschienen Destkop.ini Dateien. War das so gewollt, oder ist das nen schlechtes Omen? Wird es noch eine schwere Geburt? Bin nun für heute mal weg, muss früh raus! Schonmal Danke bis hierher! Code:
ATTFilter All processes killed
========== OTL ==========
Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{055FD26D-3A88-4e15-963D-DC8493744B1D}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{055FD26D-3A88-4e15-963D-DC8493744B1D}\ not found.
Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{c9508125-4747-4733-b048-e4b82dc9716d}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{c9508125-4747-4733-b048-e4b82dc9716d}\ not found.
No active process named winscdvn.exe was found!
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Toolbar\\{c9508125-4747-4733-b048-e4b82dc9716d} not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{c9508125-4747-4733-b048-e4b82dc9716d}\ not found.
Registry value HKEY_USERS\S-1-5-21-2172357726-1718783292-1392186010-1002\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{C9508125-4747-4733-B048-E4B82DC9716D} not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{C9508125-4747-4733-B048-E4B82DC9716D}\ not found.
File Reg Error: not found.
Registry value HKEY_USERS\S-1-5-21-2172357726-1718783292-1392186010-1002\Software\Microsoft\Windows\CurrentVersion\Run\\Windows Firewall Updates not found.
File C:\Users\Public\winscdvn.exe not found.
Unable to delete ADS C:\ProgramData\TEMP:FA5F15C4 .
Unable to delete ADS C:\ProgramData\TEMPFC5A2B2 .
========== FILES ==========
File\Folder C:\Users\Public\winscdvn.exe not found.
========== COMMANDS ==========
[EMPTYFLASH]
User: All Users
User: XXX
->Flash cache emptied: 0 bytes
User: Default
->Flash cache emptied: 0 bytes
User: Default User
->Flash cache emptied: 0 bytes
User: XXX
->Flash cache emptied: 439 bytes
User: Public
User: Standard
Total Flash Files Cleaned = 0,00 mb
[EMPTYTEMP]
User: All Users
User: XXX
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 10607933 bytes
->Java cache emptied: 26560956 bytes
->FireFox cache emptied: 26540406 bytes
->Flash cache emptied: 0 bytes
User: Default
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 33170 bytes
->Flash cache emptied: 0 bytes
User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
->Flash cache emptied: 0 bytes
User: XXX
->Temp folder emptied: 11770475 bytes
->Temporary Internet Files folder emptied: 1283500 bytes
->Java cache emptied: 70567364 bytes
->FireFox cache emptied: 34384946 bytes
->Google Chrome cache emptied: 0 bytes
->Flash cache emptied: 0 bytes
User: Public
User: Standard
->Temporary Internet Files folder emptied: 32768 bytes
%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 0 bytes
%systemroot%\System32 .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 441702 bytes
RecycleBin emptied: 0 bytes
Total Files Cleaned = 174,00 mb
OTL by OldTimer - Version 3.2.5.3 log created on 06082010_221306
Files\Folders moved on Reboot...
Registry entries deleted on Reboot...
|
|
09.06.2010, 10:24
| #7 |
| /// Malware-holic | Icq-Bild-Virus |
|
09.06.2010, 14:45
| #8 |
| | Icq-Bild-Virus Malwarebytes' Anti-Malware 1.46 www.malwarebytes.org Datenbank Version: 4183 Windows 6.0.6002 Service Pack 2 Internet Explorer 8.0.6001.18904 09.06.2010 15:37:43 mbam-log-2010-06-09 (15-37-43).txt Art des Suchlaufs: Vollständiger Suchlauf (C:\|D:\|) Durchsuchte Objekte: 336663 Laufzeit: 1 Stunde(n), 18 Minute(n), 54 Sekunde(n) Infizierte Speicherprozesse: 0 Infizierte Speichermodule: 0 Infizierte Registrierungsschlüssel: 0 Infizierte Registrierungswerte: 0 Infizierte Dateiobjekte der Registrierung: 0 Infizierte Verzeichnisse: 0 Infizierte Dateien: 0 Infizierte Speicherprozesse: (Keine bösartigen Objekte gefunden) Infizierte Speichermodule: (Keine bösartigen Objekte gefunden) Infizierte Registrierungsschlüssel: (Keine bösartigen Objekte gefunden) Infizierte Registrierungswerte: (Keine bösartigen Objekte gefunden) Infizierte Dateiobjekte der Registrierung: (Keine bösartigen Objekte gefunden) Infizierte Verzeichnisse: (Keine bösartigen Objekte gefunden) Infizierte Dateien: (Keine bösartigen Objekte gefunden) |
|
09.06.2010, 14:47
| #9 |
| /// Malware-holic | Icq-Bild-Virus |
|
09.06.2010, 17:16
| #10 |
| | Icq-Bild-Virus Combofix Code:
ATTFilter ComboFix 10-06-08.05 - xxx 09.06.2010 17:55:07.2.2 - x86
Microsoft® Windows Vista™ Home Premium 6.0.6002.2.1252.49.1031.18.1919.1080 [GMT 2:00]
ausgeführt von:: c:\users\xxx\Downloads\ComboFix.exe
SP: Windows-Defender *disabled* (Updated) {D68DDC3A-831F-4FAE-9E44-DA132C1ACF46}
.
(((((((((((((((((((((((((((((((((((( Weitere Löschungen ))))))))))))))))))))))))))))))))))))))))))))))))
.
c:\users\xxx\AppData\Local\ykuykyw.dat
c:\users\xxx\AppData\Local\ykuykyw_nav.dat
c:\users\xxx\AppData\Local\ykuykyw_navps.dat
c:\users\xxx\AppData\Roaming\Microsoft\Windows\Recent\Comfy Cakes.pif
.
((((((((((((((((((((((( Dateien erstellt von 2010-05-09 bis 2010-06-09 ))))))))))))))))))))))))))))))
.
2010-06-09 16:00 . 2010-06-09 16:00 -------- d-----w- c:\users\Default\AppData\Local\temp
2010-06-09 16:00 . 2010-06-09 16:00 -------- d-----w- c:\users\xxx\AppData\Local\temp
2010-06-09 13:51 . 2010-06-09 13:53 -------- d-----w- c:\program files\ICQ7.2
2010-06-08 20:07 . 2010-06-08 20:07 -------- d-----w- C:\_OTL
2010-06-08 18:33 . 2010-06-08 18:33 -------- d-----w- C:\rsit
2010-06-08 18:10 . 2010-06-08 18:10 -------- d-----w- c:\program files\CCleaner
2010-05-26 14:13 . 2010-04-23 14:13 2048 ----a-w- c:\windows\system32\tzres.dll
2010-05-21 09:22 . 2010-05-21 09:22 7168 ----a-w- c:\programdata\Lexware\QuickSteuer Deluxe\2010\versionSteuerHtml.dll
2010-05-21 09:22 . 2010-05-21 09:22 7168 ----a-w- c:\programdata\Lexware\QuickSteuer Deluxe\2010\versionTaxAppData.dll
2010-05-21 09:22 . 2010-05-21 09:22 7168 ----a-w- c:\programdata\Lexware\QuickSteuer Deluxe\2010\Daten\versionTaxDB.dll
2010-05-21 08:37 . 2010-05-21 08:37 716800 ----a-w- c:\windows\system32\lxter20VC8.dll
2010-05-21 08:37 . 2010-05-21 08:37 69632 ----a-w- c:\windows\system32\PXTTool80VC8.dll
2010-05-21 08:37 . 2010-05-21 08:37 557056 ----a-w- c:\windows\system32\zvkonline80VC8.dll
2010-05-21 08:37 . 2010-05-21 08:37 4661248 ----a-w- c:\windows\system32\LxXtreme70VC8.dll
2010-05-21 08:37 . 2010-05-21 08:37 27648 ----a-w- c:\windows\system32\LXTPSW20VC8.dll
2010-05-21 08:37 . 2010-05-21 08:37 1347584 ----a-w- c:\windows\system32\LXTool80VC8.dll
2010-05-21 08:37 . 2010-05-21 08:37 110592 ----a-w- c:\windows\system32\LxUISettings20Native.dll
2010-05-21 08:37 . 2010-05-21 08:37 323584 ----a-w- c:\windows\system32\LxImport80VC8.dll
2010-05-21 08:37 . 2010-05-21 08:37 299008 ----a-w- c:\windows\system32\LXBtr80VC8.dll
2010-05-21 08:37 . 2010-05-21 08:37 225280 ----a-w- c:\windows\system32\LxBasics80VC8.dll
2010-05-21 08:37 . 2010-05-21 08:37 192512 ----a-w- c:\windows\system32\LXDasi80VC8.dll
2010-05-21 08:37 . 2010-05-21 08:37 135168 ----a-w- c:\windows\system32\LxMail30VC8.dll
2010-05-12 12:06 . 2010-01-29 15:40 738816 ----a-w- c:\windows\system32\inetcomm.dll
.
(((((((((((((((((((((((((((((((((((( Find3M Bericht ))))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-06-09 15:05 . 2008-03-07 21:28 -------- d-----w- c:\programdata\Google Updater
2010-06-09 12:08 . 2006-11-02 15:33 628210 ----a-w- c:\windows\system32\perfh007.dat
2010-06-09 12:08 . 2006-11-02 15:33 126850 ----a-w- c:\windows\system32\perfc007.dat
2010-06-08 18:39 . 2009-07-11 15:47 -------- d-----w- c:\program files\Trend Micro
2010-06-08 18:17 . 2009-07-11 13:56 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2010-06-08 17:55 . 2007-09-21 07:38 -------- d--h--w- c:\program files\InstallShield Installation Information
2010-06-08 17:14 . 2010-05-09 11:30 -------- d-----w- c:\program files\ICQ7.0
2010-06-04 14:42 . 2009-07-11 20:53 -------- d-----w- c:\program files\Microsoft Silverlight
2010-05-29 11:01 . 2008-01-15 20:39 -------- d-----w- c:\program files\Microsoft
2010-05-22 09:47 . 2007-09-21 12:41 -------- d-----w- c:\program files\Google
2010-05-12 12:54 . 2006-11-02 11:18 -------- d-----w- c:\program files\Windows Mail
2010-05-12 12:54 . 2007-09-21 10:04 -------- d-----w- c:\programdata\Microsoft Help
2010-05-12 09:21 . 2009-10-03 10:13 221568 ------w- c:\windows\system32\MpSigStub.exe
2010-05-09 11:26 . 2010-05-09 11:26 -------- d-----w- c:\program files\ICQ6Toolbar
2010-05-09 11:26 . 2009-03-15 14:19 -------- d-----w- c:\programdata\ICQ
2010-04-29 14:46 . 2008-03-08 00:10 -------- d-----w- c:\program files\Java
2010-04-29 13:39 . 2009-07-11 13:56 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2010-04-29 13:39 . 2009-07-11 13:56 20952 ----a-w- c:\windows\system32\drivers\mbam.sys
2010-04-12 15:29 . 2010-04-29 14:46 411368 ----a-w- c:\windows\system32\deployJava1.dll
2010-04-05 13:34 . 2010-04-05 13:34 680 ----a-w- c:\users\xxx\AppData\Local\d3d9caps.dat
2010-04-05 13:29 . 2008-11-22 17:56 110144 ----a-w- c:\users\xxxRef\AppData\Local\GDIPFONTCACHEV1.DAT
2010-03-30 21:14 . 2010-03-30 21:14 1232496 ----a-w- c:\programdata\Google\Google Toolbar\Component\GoogleCld_D9AEC8D4D1915047.dll
2010-03-29 11:03 . 2010-03-29 11:03 56978 ----a-w- c:\programdata\DivX\WebPlayer\Uninstaller.exe
2010-03-29 11:03 . 2010-03-29 11:03 56766 ----a-w- c:\programdata\DivX\DivXPlusShortcuts\Uninstaller.exe
2010-03-29 11:03 . 2010-03-29 11:03 53600 ----a-w- c:\programdata\DivX\Update\Uninstaller.exe
2010-03-29 11:03 . 2010-03-29 11:03 57409 ----a-w- c:\programdata\DivX\ControlPanel\Uninstaller.exe
2010-03-29 11:03 . 2010-03-29 11:03 52963 ----a-w- c:\programdata\DivX\MSVC80CRTRedist\Uninstaller.exe
2010-03-29 11:03 . 2010-03-29 11:03 54073 ----a-w- c:\programdata\DivX\Qt4.5\Uninstaller.exe
2010-03-29 10:59 . 2010-03-29 11:03 754984 ----a-w- c:\programdata\DivX\Setup\Resource.dll
2010-03-22 09:36 . 2010-03-29 11:03 986904 ----a-w- c:\programdata\DivX\Setup\DivXSetup.exe
2008-10-21 12:19 . 2008-03-07 22:37 122880 ----a-w- c:\program files\mozilla firefox\components\GoogleDesktopMozilla.dll
2007-04-17 08:30 . 2007-04-17 08:30 8192 --sha-w- c:\windows\Users\Default\NTUSER.DAT
.
(((((((((((((((((((((((((((( Autostartpunkte der Registrierung ))))))))))))))))))))))))))))))))))))))))
.
.
*Hinweis* leere Einträge & legitime Standardeinträge werden nicht angezeigt.
REGEDIT4
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\URLSearchHooks]
"{31c7d459-9cc3-44f2-9dca-fc11795309b4}"= "c:\program files\IObitCom\tbIObi.dll" [2009-10-01 2166296]
"{e9911ec6-1bcc-40b0-9993-e0eea7f6953f}"= "c:\program files\DVDVideoSoft\tbDVDV.dll" [2009-12-31 2349080]
[HKEY_CLASSES_ROOT\clsid\{31c7d459-9cc3-44f2-9dca-fc11795309b4}]
[HKEY_CLASSES_ROOT\clsid\{e9911ec6-1bcc-40b0-9993-e0eea7f6953f}]
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{31c7d459-9cc3-44f2-9dca-fc11795309b4}]
2009-10-01 16:29 2166296 ----a-w- c:\program files\IObitCom\tbIObi.dll
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{e9911ec6-1bcc-40b0-9993-e0eea7f6953f}]
2009-12-31 10:53 2349080 ----a-w- c:\program files\DVDVideoSoft\tbDVDV.dll
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
"{e9911ec6-1bcc-40b0-9993-e0eea7f6953f}"= "c:\program files\DVDVideoSoft\tbDVDV.dll" [2009-12-31 2349080]
[HKEY_CLASSES_ROOT\clsid\{e9911ec6-1bcc-40b0-9993-e0eea7f6953f}]
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\Webbrowser]
"{31C7D459-9CC3-44F2-9DCA-FC11795309B4}"= "c:\program files\IObitCom\tbIObi.dll" [2009-10-01 2166296]
[HKEY_CLASSES_ROOT\clsid\{31c7d459-9cc3-44f2-9dca-fc11795309b4}]
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"StartCCC"="c:\program files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2006-11-10 90112]
"ehTray.exe"="c:\windows\ehome\ehTray.exe" [2008-01-19 125952]
"Google Update"="c:\users\xxx\AppData\Local\Google\Update\GoogleUpdate.exe" [2008-09-03 133104]
"SystemExplorer"="c:\program files\System Explorer\SystemExplorer.exe" [2008-08-25 1833472]
"swg"="c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2008-03-07 68856]
"ICQ"="c:\program files\ICQ7.2\ICQ.exe" [2010-06-09 133368]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Windows Defender"="c:\program files\Windows Defender\MSASCui.exe" [2008-01-19 1008184]
"RtHDVCpl"="RtHDVCpl.exe" [2007-08-17 4702208]
"GnabTray"="c:\program files\Common Files\Gnab\Service\GnabTray.exe" [2007-04-13 327680]
"Skytel"="Skytel.exe" [2007-08-03 1826816]
"HP Software Update"="c:\program files\HP\HP Software Update\HPWuSchd2.exe" [2006-12-10 49152]
"NeroFilterCheck"="c:\program files\Common Files\Ahead\Lib\NeroCheck.exe" [2006-01-12 155648]
"avgnt"="c:\program files\Avira\AntiVir Desktop\avgnt.exe" [2009-03-02 209153]
"QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2009-05-26 413696]
"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2010-02-18 248040]
"WPCUMI"="c:\windows\system32\WpcUmi.exe" [2006-11-02 176128]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2010-04-04 36272]
"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2010-03-24 952768]
"TkBellExe"="c:\program files\Common Files\Real\Update_OB\realsched.exe" [2010-02-09 198160]
"DivXUpdate"="c:\program files\DivX\DivX Update\DivXUpdate.exe" [2010-03-05 1135912]
"LexwareInfoService"="c:\program files\Common Files\Lexware\Update Manager\LxUpdateManager.exe" [2008-11-03 339240]
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"InfoCockpit"="c:\program files\T-Online\T-Online_Software_6\Info-Cockpit\IC_START.EXE" [2007-07-30 176128]
c:\users\xxx\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\AutorunsDisabled
OneNote 2007 Bildschirmausschnitt- und Startprogramm.lnk - c:\program files\Microsoft Office\Office12\ONENOTEM.EXE [2009-2-26 97680]
c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
HP Digital Imaging Monitor.lnk - c:\program files\HP\Digital Imaging\bin\hpqtra08.exe [2008-3-25 214360]
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"EnableUIADesktopToggle"= 0 (0x0)
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
"AppInit_DLLs"=c:\progra~1\Google\GOOGLE~2\GoogleDesktopNetwork3.dll
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WinDefend]
@="Service"
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\iTunesHelper]
2009-07-13 12:03 292128 ----a-w- c:\program files\iTunes\iTunesHelper.exe
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Svc]
"VistaSp2"=hex(b):28,f9,16,ce,4c,05,ca,01
R2 gupdate;Google Update Service (gupdate);c:\program files\Google\Update\GoogleUpdate.exe [2010-01-06 135664]
R3 MTOnlPktAlyX;MTOnlPktAlyX NDIS Protocol Driver;c:\progra~1\T-Online\T-ONLI~1\BASIS-~1\Basis1\MTOnlPktAlyX.SYS [2006-10-09 17536]
R4 GnabService;GnabService;c:\program files\common files\gnab\service\servicecontroller.exe [2007-04-13 36864]
R4 GoogleDesktopManager-061008-081103;Google Desktop Manager 5.7.806.10245;c:\program files\Google\Google Desktop Search\GoogleDesktop.exe [2008-10-21 29744]
S2 AntiVirSchedulerService;Avira AntiVir Planer;c:\program files\Avira\AntiVir Desktop\sched.exe [2009-05-13 108289]
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
HPZ12 REG_MULTI_SZ Pml Driver HPZ12 Net Driver HPZ12
hpdevmgmt REG_MULTI_SZ hpqcxs08 hpqddsvc
LocalServiceAndNoImpersonation REG_MULTI_SZ FontCache
.
Inhalt des "geplante Tasks" Ordners
2010-06-09 c:\windows\Tasks\Google Software Updater.job
- c:\program files\Google\Common\Google Updater\GoogleUpdaterService.exe [2008-03-07 14:46]
2010-06-09 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2010-01-06 20:21]
2010-06-09 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2010-01-06 20:21]
2009-10-24 c:\windows\Tasks\NSSstub.job
- c:\windows\System32\Adobe\Shockwave 11\nssstub.exe [2009-09-22 05:33]
2010-06-09 c:\windows\Tasks\User_Feed_Synchronization-{1F89915D-5E81-4867-9ABF-51447C132B47}.job
- c:\windows\system32\msfeedssync.exe [2010-03-31 04:54]
2010-06-09 c:\windows\Tasks\User_Feed_Synchronization-{88D7508A-E19D-4251-9830-70FC4DCAA041}.job
- c:\windows\system32\msfeedssync.exe [2010-03-31 04:54]
.
.
------- Zusätzlicher Suchlauf -------
.
uStart Page = hxxp://www.google.de/
uInternet Settings,ProxyOverride = *.local
IE: Add to Google Photos Screensa&ver - c:\windows\system32\GPhotos.scr/200
IE: Google Sidewiki... - c:\program files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_96D6FF0C6D236BF8.dll/cmsidewiki.html
IE: Nach Microsoft &Excel exportieren - c:\progra~1\MICROS~3\OFFICE11\EXCEL.EXE/3000
IE: Nach Microsoft E&xel exportieren - c:\progra~1\MICROS~3\Office12\EXCEL.EXE/3000
IE: {{A103A693-F92C-4A81-8F7F-6C80799EFF3D} - c:\program files\Tomato\TubeDownload\TDIEPage.html
IE: {{72EFBFE4-C74F-4187-AEFD-73EA3BE968D6} - c:\program files\ICQ7.2\ICQ.exe
LSP: c:\windows\system32\wpclsp.dll
TCP: {F025EAFD-A26D-4098-A476-9699D0CA24BB} = 192.168.2.1
FF - ProfilePath - c:\users\xxx\AppData\Roaming\Mozilla\Firefox\Profiles\03ib11ez.default\
FF - prefs.js: browser.search.defaulturl - hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT2269050&SearchSource=3&q={searchTerms}
FF - prefs.js: browser.search.selectedEngine - Google
FF - prefs.js: browser.startup.homepage - hxxp://de.start3.mozilla.com/firefox?client=firefox-a&rls=org.mozilla:de:official
FF - prefs.js: keyword.URL - hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT2269050&q=
FF - component: c:\program files\Real\RealPlayer\browserrecord\firefox\ext\components\nprpffbrowserrecordext.dll
FF - component: c:\users\xxx\AppData\Roaming\Mozilla\Firefox\Profiles\03ib11ez.default\extensions\{e9911ec6-1bcc-40b0-9993-e0eea7f6953f}\components\FFExternalAlert.dll
FF - component: c:\users\xxxAppData\Roaming\Mozilla\Firefox\Profiles\03ib11ez.default\extensions\{e9911ec6-1bcc-40b0-9993-e0eea7f6953f}\components\RadioWMPCore.dll
FF - component: c:\users\xxx\AppData\Roaming\Mozilla\Firefox\Profiles\03ib11ez.default\extensions\cfxHelper@Triton\components\dwmxpcom.dll
FF - plugin: c:\program files\DivX\DivX Plus Web Player\npdivx32.dll
FF - plugin: c:\program files\Google\Google Earth\plugin\npgeplugin.dll
FF - plugin: c:\program files\Google\Google Updater\2.4.1536.6592\npCIDetect13.dll
FF - plugin: c:\program files\Google\Update\1.2.183.23\npGoogleOneClick8.dll
FF - plugin: c:\program files\Microsoft\Office Live\npOLW.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\np-mswmp.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\npdeployJava1.dll
FF - plugin: c:\program files\Picasa2\npPicasa2.dll
FF - plugin: c:\program files\Picasa2\npPicasa3.dll
FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\
---- FIREFOX Richtlinien ----
c:\program files\Mozilla Firefox\greprefs\all.js - pref("ui.use_native_colors", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.auth.force-generic-ntlm", false);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("svg.smil.enabled", false);
c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.allow_unrestricted_renego_everywhere__temporarily_available_pref", true);
c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.renego_unrestricted_hosts", "");
c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.treat_unsafe_negotiation_as_broken", false);
c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.require_safe_negotiation", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.name", "chrome://browser/locale/browser.properties");
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.description", "chrome://browser/locale/browser.properties");
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("plugins.update.notifyUser", false);
.
- - - - Entfernte verwaiste Registrierungseinträge - - - -
URLSearchHooks-{c9508125-4747-4733-b048-e4b82dc9716d} - (no file)
ActiveSetup-ccc-core-static - msiexec
AddRemove-ACRM1_is1 - f:\rescue master 2008\unins000.exe
**************************************************************************
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2010-06-09 18:01
Windows 6.0.6002 Service Pack 2 NTFS
Scanne versteckte Prozesse...
Scanne versteckte Autostarteinträge...
Scanne versteckte Dateien...
Scan erfolgreich abgeschlossen
versteckte Dateien: 0
**************************************************************************
.
--------------------- Gesperrte Registrierungsschluessel ---------------------
[HKEY_USERS\S-1-5-21-2172357726-1718783292-1392186010-1002\Software\SecuROM\!CAUTION! NEVER A OR CHANGE ANY KEY*]
"??"=hex:dc,d2,a4,19,a9,a9,09,cc,c9,e2,98,a6,e6,2f,7f,17,9a,2a,39,4e,d5,20,24,
5e,4b,fa,43,f9,35,e3,b0,b4,af,4f,7a,94,03,44,c5,52,48,a6,15,10,cb,30,e7,f3,\
"??"=hex:49,93,a4,55,8a,40,8c,12,34,e1,0f,92,d5,d6,e0,4d
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
Zeit der Fertigstellung: 2010-06-09 18:03:57
ComboFix-quarantined-files.txt 2010-06-09 16:03
Vor Suchlauf: 16 Verzeichnis(se), 292.939.489.280 Bytes frei
Nach Suchlauf: 21 Verzeichnis(se), 292.875.378.688 Bytes frei
- - End Of File - - 5027EFCF028224B13BF367045EDFFEBE
|
|
09.06.2010, 17:22
| #11 |
| /// Malware-holic | Icq-Bild-Virus öffne arbeitsplatz (mein computer) c: dort _otl rechtsklick wähle zu _otl.rar hinzufügen. lad sie hier hoch. http://www.trojaner-board.de/54791-a...ner-board.html wie unter punkt 2 gib bescheid wenn fertig |
|
09.06.2010, 17:32
| #12 |
| | Icq-Bild-Virus Ich hab Vista. Ich soll auf C:\_OTL mit Rechtsklick und dann? Erklär mal bitte etwas genauer. Edit: Dort ist nur zu _OTL.zip hinzufügen |
|
09.06.2010, 17:36
| #13 |
| /// Malware-holic | Icq-Bild-Virus dort solltest du "zu _otl.rar" hinzufügen auswählen, dann packt er das und du hast eine _otl.rar und die lädst du, wie in dem link geschrieben, zu uns hoch. |
|
09.06.2010, 17:49
| #14 |
| | Icq-Bild-Virus Ok hochgeladen. Hatte keinen Rar Entpacker! |
|
09.06.2010, 17:53
| #15 |
| /// Malware-holic | Icq-Bild-Virus nutze jetzt den ccleaner. http://www.trojaner-board.de/51464-a...-ccleaner.html wenn bereinigt, klicke extras, liste der instalierten programme, speichere die als txt ab. öffnen, nun schreibst du hinter jedes benötigte programm, benötigt, hinter nicht benötigte unnötig und hinter unbekannte, unbekannt. so sehen wir, was ein update braucht und was wir weg tun können. die liste posten. |
|
