Zurück   Trojaner-Board > Malware entfernen > Log-Analyse und Auswertung

Log-Analyse und Auswertung: Internet Explorer 8.0 (Vista) öffnet sich völlig unkontrolliert zigfach

Windows 7 Wenn Du Dir einen Trojaner eingefangen hast oder ständig Viren Warnungen bekommst, kannst Du hier die Logs unserer Diagnose Tools zwecks Auswertung durch unsere Experten posten. Um Viren und Trojaner entfernen zu können, muss das infizierte System zuerst untersucht werden: Erste Schritte zur Hilfe. Beachte dass ein infiziertes System nicht vertrauenswürdig ist und bis zur vollständigen Entfernung der Malware nicht verwendet werden sollte.XML

Antwort
Alt 06.07.2010, 14:59   #1
Manuel1304
 
Internet Explorer 8.0 (Vista) öffnet sich völlig unkontrolliert zigfach - Ausrufezeichen

Internet Explorer 8.0 (Vista) öffnet sich völlig unkontrolliert zigfach



Hallo liebes Board,

ich bin einigermassen verzweifelt. Seit ca. 1 Woche plagt mich irgendwelches Ungeziefer auf meinem PC. Ich hoffe, dass Ihr mir möglichst schnell weiterhelfen könnt. Ich bin bezüglich Viren (glücklicherweise) noch relativ unerfahren. Ich habe AVG eigentlich sehr regelmässig laufen. Jedoch findet er nichts, was auf meinen derzeitigen Befall hindeuten könnte. Mein Internet Explorer öffnet sich immer öfter völlig unkontrolliert sobald ich eine Taste drücke (zumeist die Entertaste). Anschliessend hab ich zwischen 20 und 100 InternetExplorer-Instanzen (nicht Tabs) geöffnet, die ich nur durch den Taskmanager geschlossen bekomme.

Ich habe hier mit HiJackThis (v.2.0.4) den Report ausgefüllt und poste ihn nun hier. Es wäre lieb, wenn ihr mir noch ein paar Hinweise oder Links geben könnt wie ich mit euren Antworten dann weiter verfahre, da ich mich noch nicht wirlich auskenne.

Vielen Dank schon im voraus für eure Antworten.

Viele Grüsse
Manuel1304

P.S. Sollten noch Infos fehlen gebt mir bitte Rückmeldung.

Code:
ATTFilter
Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 15:42:33, on 06.07.2010
Platform: Windows Vista SP2 (WinNT 6.00.1906)
MSIE: Internet Explorer v8.00 (8.00.6001.18928)
Boot mode: Normal

Running processes:
E:\***\PCSuite.exe
E:\***\WebCam Software\LWS.exe
C:\***\Install\WN111v2.exe
C:\***\jusched.exe
E:\***\Install\avgtray.exe
C:\***\COCIManager.exe
C:\***\SetPoint32.exe
E:\***\ExpressionWeb.exe
E:\***\Install\filezilla.exe
E:\***\thunderbird.exe
E:\***\firefox.exe
E:\***\HiJackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = h**p://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = h**p://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = h**p://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = h**p://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = h**p://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = 
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch = 
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = 
F2 - REG:system.ini: UserInit=userinit.exe
O1 - Hosts: ::1 localhost
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: WormRadar.com IESiteBlocker.NavFilter - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - E:\Sicherheit\AntiVirus\AVG\Install\avgssie.dll
O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - (no file)
O2 - BHO: Windows Live ID-Anmelde-Hilfsprogramm - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files (x86)\Google\GoogleToolbarNotifier\5.1.1309.3572\swg.dll
O2 - BHO: Google Dictionary Compression sdch - {C84D72FE-E17D-4195-BB24-76C02E2E7C4E} - C:\Program Files (x86)\Google\Google Toolbar\Component\fastsearch_A8904FB862BD9564.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - E:\Programmierung\Java\JRE\Install\bin\jp2ssv.dll
O3 - Toolbar: Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar.dll
O4 - HKLM\..\Run: [jswtrayutil] C:\Treiber\Netzwerk\WLAN\WN111v2\SmartWizard\Install\jswtrayutil.exe
O4 - HKLM\..\Run: [LogitechQuickCamRibbon] "E:\Kamera\Webkamera\QuickCam Sphere AF\QuickCam\Install\Logitech WebCam Software\LWS.exe" /hide
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"
O4 - HKLM\..\Run: [AVG9_TRAY] E:\SICHER~1\ANTIVI~1\AVG\Install\avgtray.exe
O4 - HKCU\..\Run: [ehTray.exe] C:\Windows\ehome\ehTray.exe
O4 - HKCU\..\Run: [PC Suite Tray] "E:\Mobil\Handy\E71\PCSuite\Install\Nokia PC Suite 7\PCSuite.exe" -onlytray
O4 - Global Startup: Logitech SetPoint.lnk = ?
O4 - Global Startup: Microsoft Office.lnk = E:\Office\XP\Install\Office10\OSA.EXE
O4 - Global Startup: NETGEAR WN111v2 Setup-Assistent.lnk = C:\Treiber\Netzwerk\WLAN\WN111v2\SmartWizard\Install\WN111v2.exe
O8 - Extra context menu item: Nach Microsoft &Excel exportieren - res://E:\Office\XP\Install\Office10\EXCEL.EXE/3000
O9 - Extra button: ICQ6 - {E59EB121-F339-4851-A3BA-FE49C35617C2} - E:\Kommunikation\Messenger\ICQ\Install\ICQ6.5\ICQ.exe
O9 - Extra 'Tools' menuitem: ICQ6 - {E59EB121-F339-4851-A3BA-FE49C35617C2} - E:\Kommunikation\Messenger\ICQ\Install\ICQ6.5\ICQ.exe
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - h**p://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - h**p://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
O18 - Protocol: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - E:\Sicherheit\AntiVirus\AVG\Install\avgpp.dll
O18 - Filter: x-sdch - {B1759355-3EEC-4C1E-B0F1-B719FE26E377} - C:\Program Files (x86)\Google\Google Toolbar\Component\fastsearch_A8904FB862BD9564.dll
O22 - SharedTaskScheduler: Component Categories cache daemon - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\Windows\system32\browseui.dll
O23 - Service: @%SystemRoot%\system32\Alg.exe,-112 (ALG) - Unknown owner - C:\Windows\System32\alg.exe (file missing)
O23 - Service: AMD External Events Utility - Unknown owner - C:\Windows\system32\atiesrxx.exe (file missing)
O23 - Service: AVG Free E-mail Scanner (avg9emc) - AVG Technologies CZ, s.r.o. - E:\Sicherheit\AntiVirus\AVG\Install\avgemc.exe
O23 - Service: AVG Free WatchDog (avg9wd) - AVG Technologies CZ, s.r.o. - E:\Sicherheit\AntiVirus\AVG\Install\avgwdsvc.exe
O23 - Service: @dfsrres.dll,-101 (DFSR) - Unknown owner - C:\Windows\system32\DFSR.exe (file missing)
O23 - Service: @%systemroot%\system32\fxsresm.dll,-118 (Fax) - Unknown owner - C:\Windows\system32\fxssvc.exe (file missing)
O23 - Service: Google Software Updater (gusvc) - Google - C:\Program Files (x86)\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: Jumpstart Wifi Protected Setup (jswpsapi) - Atheros Communications, Inc. - C:\Treiber\Netzwerk\WLAN\WN111v2\SmartWizard\Install\jswpsapi.exe
O23 - Service: @keyiso.dll,-100 (KeyIso) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: Logitech Bluetooth Service (LBTServ) - Logitech, Inc. - C:\Program Files\Common Files\LogiShrd\Bluetooth\LBTServ.exe
O23 - Service: Process Monitor (LVPrcS64) - Logitech Inc. - C:\Program Files\Common Files\LogiShrd\LVMVFM\LVPrcSrv.exe
O23 - Service: @comres.dll,-2797 (MSDTC) - Unknown owner - C:\Windows\System32\msdtc.exe (file missing)
O23 - Service: Nero BackItUp Scheduler 4.0 - Nero AG - C:\Program Files (x86)\Common Files\Nero\Nero BackItUp 4\NBService.exe
O23 - Service: @%SystemRoot%\System32\netlogon.dll,-102 (Netlogon) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: PnkBstrA - Unknown owner - C:\Windows\system32\PnkBstrA.exe
O23 - Service: PnkBstrB - Unknown owner - C:\Windows\system32\PnkBstrB.exe
O23 - Service: @%systemroot%\system32\psbase.dll,-300 (ProtectedStorage) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: @%systemroot%\system32\Locator.exe,-2 (RpcLocator) - Unknown owner - C:\Windows\system32\locator.exe (file missing)
O23 - Service: @%SystemRoot%\system32\samsrv.dll,-1 (SamSs) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: ServiceLayer - Nokia - C:\Program Files (x86)\PC Connectivity Solution\ServiceLayer.exe
O23 - Service: @%SystemRoot%\system32\SLsvc.exe,-101 (slsvc) - Unknown owner - C:\Windows\system32\SLsvc.exe (file missing)
O23 - Service: @%SystemRoot%\system32\snmptrap.exe,-3 (SNMPTRAP) - Unknown owner - C:\Windows\System32\snmptrap.exe (file missing)
O23 - Service: @%systemroot%\system32\spoolsv.exe,-1 (Spooler) - Unknown owner - C:\Windows\System32\spoolsv.exe (file missing)
O23 - Service: Steam Client Service - Valve Corporation - C:\Program Files (x86)\Common Files\Steam\SteamService.exe
O23 - Service: @%SystemRoot%\system32\ui0detect.exe,-101 (UI0Detect) - Unknown owner - C:\Windows\system32\UI0Detect.exe (file missing)
O23 - Service: @%SystemRoot%\system32\vds.exe,-100 (vds) - Unknown owner - C:\Windows\System32\vds.exe (file missing)
O23 - Service: @%systemroot%\system32\vssvc.exe,-102 (VSS) - Unknown owner - C:\Windows\system32\vssvc.exe (file missing)
O23 - Service: @%systemroot%\system32\wbengine.exe,-104 (wbengine) - Unknown owner - C:\Windows\system32\wbengine.exe (file missing)
O23 - Service: @%Systemroot%\system32\wbem\wmiapsrv.exe,-110 (wmiApSrv) - Unknown owner - C:\Windows\system32\wbem\WmiApSrv.exe (file missing)
O23 - Service: @%ProgramFiles%\Windows Media Player\wmpnetwk.exe,-101 (WMPNetworkSvc) - Unknown owner - C:\Program Files (x86)\Windows Media Player\wmpnetwk.exe (file missing)

--
End of file - 9202 bytes
         

Alt 06.07.2010, 15:19   #2
markusg
/// Malware-holic
 
Internet Explorer 8.0 (Vista) öffnet sich völlig unkontrolliert zigfach - Standard

Internet Explorer 8.0 (Vista) öffnet sich völlig unkontrolliert zigfach



download malwarebytes:
Malwarebytes
instalieren, dann öffnen, registerkarte aktualisierung, programm updaten.
dann registerkarte scanner, komplett scan, funde löschen, log posten.
ootl:
Systemscan mit OTL
download otl:
http://filepony.de/download-otl/

Doppelklick auf die OTL.exe
(user von Windows 7 und Vista: Rechtsklick als Administrator ausführen)
1. Oben findest Du ein Kästchen mit Output. Wähle bitte Minimal Output
2. Hake an "scan all users"
3. Unter "Extra Registry wähle:
"Use Safelist" "LOP Check" "Purity Check"
4. Kopiere in die Textbox:
netsvcs
msconfig
safebootminimal
safebootnetwork
activex
drivers32
%ALLUSERSPROFILE%\Application Data\*.
%ALLUSERSPROFILE%\Application Data\*.exe /s
%APPDATA%\*.
%APPDATA%\*.exe /s
%SYSTEMDRIVE%\*.exe
/md5start
userinit.exe
eventlog.dll
scecli.dll
netlogon.dll
cngaudit.dll
ws2ifsl.sys
sceclt.dll
ntelogon.dll
logevent.dll
iaStor.sys
nvstor.sys
atapi.sys
IdeChnDr.sys
viasraid.sys
AGP440.sys
vaxscsi.sys
nvatabus.sys
viamraid.sys
nvata.sys
nvgts.sys
iastorv.sys
ViPrt.sys
eNetHook.dll
ahcix86.sys
KR10N.sys
nvstor32.sys
ahcix86s.sys
/md5stop
%systemroot%\system32\drivers\*.sys /lockedfiles
%systemroot%\System32\config\*.sav
%systemroot%\*. /mp /s
%systemroot%\system32\*.dll /lockedfiles
CREATERESTOREPOINT
5. Klicke "Scan"
6. 2 reporte werden erstellt:
OTL.Txt
Extras.Txt
bitte poste beide
__________________


Alt 06.07.2010, 21:34   #3
Manuel1304
 
Internet Explorer 8.0 (Vista) öffnet sich völlig unkontrolliert zigfach - Standard

Internet Explorer 8.0 (Vista) öffnet sich völlig unkontrolliert zigfach



Hallo,

ich habe mit Malware einen Komplettscann laufen lassen.

Anbei das Ergebnis. Es scheint jedoch alles in Ordnung zu sein. Den OTL-Scan lasse ich jetzt laufen.

Code:
ATTFilter
Malwarebytes' Anti-Malware 1.46
www.malwarebytes.org

Datenbank Version: 4282

Windows 6.0.6002 Service Pack 2
Internet Explorer 8.0.6001.18928

06.07.2010 17:51:21
mbam-log-2010-07-06 (17-51-21).txt

Art des Suchlaufs: Vollständiger Suchlauf (C:\|D:\|E:\|F:\|G:\|H:\|I:\|J:\|K:\|L:\|Q:\|V:\|W:\|X:\|Y:\|)
Durchsuchte Objekte: 336062
Laufzeit: 49 Minute(n), 51 Sekunde(n)

Infizierte Speicherprozesse: 0
Infizierte Speichermodule: 0
Infizierte Registrierungsschlüssel: 0
Infizierte Registrierungswerte: 0
Infizierte Dateiobjekte der Registrierung: 0
Infizierte Verzeichnisse: 0
Infizierte Dateien: 0

Infizierte Speicherprozesse:
(Keine bösartigen Objekte gefunden)

Infizierte Speichermodule:
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungsschlüssel:
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungswerte:
(Keine bösartigen Objekte gefunden)

Infizierte Dateiobjekte der Registrierung:
(Keine bösartigen Objekte gefunden)

Infizierte Verzeichnisse:
(Keine bösartigen Objekte gefunden)

Infizierte Dateien:
(Keine bösartigen Objekte gefunden)
         
__________________

Alt 06.07.2010, 21:46   #4
Manuel1304
 
Internet Explorer 8.0 (Vista) öffnet sich völlig unkontrolliert zigfach - Standard

Internet Explorer 8.0 (Vista) öffnet sich völlig unkontrolliert zigfach



Ok...hier sind nun die Antworten des OTL-Scans. Die Outputs sind jedoch etwas grösser...

OTL.txt:

Code:
ATTFilter
OTL logfile created on: 06.07.2010 22:37:26 - Run 1
OTL by OldTimer - Version 3.2.7.1     Folder = K:\Eingehend
64bit-Windows Vista Ultimate Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18928)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
 
4,00 Gb Total Physical Memory | 1,00 Gb Available Physical Memory | 34,00% Memory free
8,00 Gb Paging File | 5,00 Gb Available in Paging File | 66,00% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 97,66 Gb Total Space | 44,70 Gb Free Space | 45,77% Space Free | Partition Type: NTFS
Drive D: | 78,12 Gb Total Space | 78,03 Gb Free Space | 99,87% Space Free | Partition Type: NTFS
Drive E: | 195,31 Gb Total Space | 191,69 Gb Free Space | 98,15% Space Free | Partition Type: NTFS
Drive F: | 488,28 Gb Total Space | 423,76 Gb Free Space | 86,79% Space Free | Partition Type: NTFS
Drive G: | 68,36 Gb Total Space | 68,26 Gb Free Space | 99,85% Space Free | Partition Type: NTFS
Drive H: | 80,69 Gb Total Space | 80,59 Gb Free Space | 99,88% Space Free | Partition Type: NTFS
Drive I: | 292,97 Gb Total Space | 272,57 Gb Free Space | 93,04% Space Free | Partition Type: NTFS
Drive J: | 150,26 Gb Total Space | 150,16 Gb Free Space | 99,93% Space Free | Partition Type: NTFS
Drive K: | 94,67 Gb Total Space | 94,52 Gb Free Space | 99,85% Space Free | Partition Type: NTFS
Drive Q: | 931,51 Gb Total Space | 849,09 Gb Free Space | 91,15% Space Free | Partition Type: NTFS
Drive V: | 1,88 Gb Total Space | 1,88 Gb Free Space | 99,96% Space Free | Partition Type: FAT
 
Computer Name: MBU-PC-01
Current User Name: Manuel Burkhardt
Logged in as Administrator.
 
Current Boot Mode: Normal
Scan Mode: All users
Include 64bit Scans
Company Name Whitelist: Off
Skip Microsoft Files: Off
File Age = 30 Days
Output = Minimal
 
========== Processes (SafeList) ==========
 
PRC - K:\Eingehend\OTL.exe (OldTimer Tools)
PRC - E:\Tools\Internet\FTP\FileZilla\Client\Install\filezilla.exe (FileZilla Project)
PRC - E:\Sicherheit\AntiVirus\AVG\Install\avgtray.exe (AVG Technologies CZ, s.r.o.)
PRC - E:\Sicherheit\AntiVirus\AVG\Install\avgcsrvx.exe (AVG Technologies CZ, s.r.o.)
PRC - E:\Sicherheit\AntiVirus\AVG\Install\avgemc.exe (AVG Technologies CZ, s.r.o.)
PRC - E:\Sicherheit\AntiVirus\AVG\Install\avgwdsvc.exe (AVG Technologies CZ, s.r.o.)
PRC - E:\Sicherheit\AntiVirus\Anti-Malware\Install\mbam.exe (Malwarebytes Corporation)
PRC - E:\Sicherheit\AntiVirus\HiJackThis\Install\Trend Micro\HiJackThis\HiJackThis.exe (Trend Micro Inc.)
PRC - C:\Windows\SysWOW64\Macromed\Flash\FlashUtil10e.exe (Adobe Systems, Inc.)
PRC - C:\Program Files (x86)\PC Connectivity Solution\ServiceLayer.exe (Nokia)
PRC - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbarUser.exe (Google Inc.)
PRC - E:\Programmierung\Web\Expression Web\Install\Web 3\ExpressionWeb.exe (Microsoft Corporation)
PRC - E:\Mobil\Handy\E71\PCSuite\Install\Nokia PC Suite 7\PCSuite.exe (Nokia)
PRC - C:\Program Files (x86)\PC Connectivity Solution\Transports\NclRSSrv.exe (Nokia)
PRC - C:\Windows\SysWOW64\PnkBstrB.exe ()
PRC - C:\Windows\SysWOW64\PnkBstrA.exe ()
PRC - E:\Kamera\Webkamera\QuickCam Sphere AF\QuickCam\Install\Logitech WebCam Software\LWS.exe ()
PRC - C:\Program Files (x86)\Common Files\Logishrd\LQCVFX\COCIManager.exe ()
PRC - C:\Program Files (x86)\Common Files\LogiShrd\LVMVFM\LVPrS64H.exe (Logitech Inc.)
PRC - C:\Treiber\Netzwerk\WLAN\WN111v2\SmartWizard\Install\WN111v2.exe (NETGEAR)
PRC - C:\Treiber\Eingabe\Cordless Desktop Wave Pro\SetPoint\Install\SetPoint\x86\SetPoint32.exe ()
PRC - C:\Program Files (x86)\Common Files\Nero\Nero BackItUp 4\NBService.exe (Nero AG)
 
 
========== Modules (SafeList) ==========
 
MOD - K:\Eingehend\OTL.exe (OldTimer Tools)
MOD - C:\Windows\SysWOW64\msscript.ocx (Microsoft Corporation)
 
 
========== Win32 Services (SafeList) ==========
 
SRV:64bit: - (PnkBstrB) -- C:\Windows\SysNative\PnkBstrB.exe File not found
SRV:64bit: - (PnkBstrA) -- C:\Windows\SysNative\PnkBstrA.exe File not found
SRV:64bit: - (wlidsvc) -- C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE (Microsoft Corporation)
SRV:64bit: - (LVPrcS64) -- C:\Program Files\Common Files\LogiShrd\LVMVFM\LVPrcSrv.exe (Logitech Inc.)
SRV:64bit: - (AMD External Events Utility) -- C:\Windows\SysNative\atiesrxx.exe (AMD)
SRV:64bit: - (UmRdpService) -- C:\Windows\SysNative\umrdp.dll (Microsoft Corporation)
SRV:64bit: - (CscService) -- C:\Windows\SysNative\cscsvc.dll (Microsoft Corporation)
SRV:64bit: - (AppMgmt) -- C:\Windows\SysNative\appmgmts.dll (Microsoft Corporation)
SRV - (avg9emc) -- E:\Sicherheit\AntiVirus\AVG\Install\avgemc.exe (AVG Technologies CZ, s.r.o.)
SRV - (avg9wd) -- E:\Sicherheit\AntiVirus\AVG\Install\avgwdsvc.exe (AVG Technologies CZ, s.r.o.)
SRV - (Steam Client Service) -- C:\Program Files (x86)\Common Files\Steam\SteamService.exe (Valve Corporation)
SRV - (ServiceLayer) -- C:\Program Files (x86)\PC Connectivity Solution\ServiceLayer.exe (Nokia)
SRV - (PnkBstrB) -- C:\Windows\SysWOW64\PnkBstrB.exe ()
SRV - (PnkBstrA) -- C:\Windows\SysWOW64\PnkBstrA.exe ()
SRV - (LBTServ) -- C:\Programme\Common Files\LogiShrd\Bluetooth\LBTServ.exe (Logitech, Inc.)
SRV - (Nero BackItUp Scheduler 4.0) -- C:\Program Files (x86)\Common Files\Nero\Nero BackItUp 4\NBService.exe (Nero AG)
SRV - (jswpsapi) -- C:\Treiber\Netzwerk\WLAN\WN111v2\SmartWizard\Install\jswpsapi.exe (Atheros Communications, Inc.)
 
 
========== Driver Services (SafeList) ==========
 
DRV:64bit: - (PCAMp50a64) -- C:\Windows\SysNative\Drivers\PCAMp50a64.sys File not found
DRV:64bit: - (NwlnkFwd) -- C:\Windows\SysNative\DRIVERS\nwlnkfwd.sys File not found
DRV:64bit: - (NwlnkFlt) -- C:\Windows\SysNative\DRIVERS\nwlnkflt.sys File not found
DRV:64bit: - (IpInIp) -- C:\Windows\SysNative\DRIVERS\ipinip.sys File not found
DRV:64bit: - (DgiVecp) -- C:\Windows\SysNative\Drivers\DgiVecp.sys File not found
DRV:64bit: - (AvgTdiA) -- C:\Windows\SysNative\Drivers\avgtdia.sys (AVG Technologies CZ, s.r.o.)
DRV:64bit: - (AvgMfx64) -- C:\Windows\SysNative\Drivers\avgmfx64.sys (AVG Technologies CZ, s.r.o.)
DRV:64bit: - (AvgLdx64) -- C:\Windows\SysNative\Drivers\avgldx64.sys (AVG Technologies CZ, s.r.o.)
DRV:64bit: - (nmwcdx64) -- C:\Windows\SysNative\drivers\ccdcmbx64.sys (Nokia)
DRV:64bit: - (UsbserFilt) -- C:\Windows\SysNative\DRIVERS\usbser_lowerfltx64j.sys (Nokia)
DRV:64bit: - (nmwcdcx64) -- C:\Windows\SysNative\drivers\ccdcmbox64.sys (Nokia)
DRV:64bit: - (upperdev) -- C:\Windows\SysNative\DRIVERS\usbser_lowerfltx64.sys (Nokia)
DRV:64bit: - (nmwcdnsux64) -- C:\Windows\SysNative\drivers\nmwcdnsux64.sys (Nokia)
DRV:64bit: - (nmwcdnsucx64) -- C:\Windows\SysNative\drivers\nmwcdnsucx64.sys (Nokia)
DRV:64bit: - (WpdUsb) -- C:\Windows\SysNative\DRIVERS\wpdusb.sys (Microsoft Corporation)
DRV:64bit: - (atksgt) -- C:\Windows\SysNative\DRIVERS\atksgt.sys ()
DRV:64bit: - (lirsgt) -- C:\Windows\SysNative\DRIVERS\lirsgt.sys ()
DRV:64bit: - (LVUVC64) QuickCam Orbit/Sphere AF(UVC) -- C:\Windows\SysNative\DRIVERS\lvuvc64.sys (Logitech Inc.)
DRV:64bit: - (lvsels64) -- C:\Windows\SysNative\DRIVERS\lvsels64.sys (Logitech Inc.)
DRV:64bit: - (LVRS64) -- C:\Windows\SysNative\DRIVERS\lvrs64.sys (Logitech Inc.)
DRV:64bit: - (LVPr2Mon) -- C:\Windows\SysNative\DRIVERS\LVPr2M64.sys ()
DRV:64bit: - (LVPr2M64) -- C:\Windows\SysNative\DRIVERS\LVPr2M64.sys ()
DRV:64bit: - (atikmdag) -- C:\Windows\SysNative\DRIVERS\atikmdag.sys (ATI Technologies Inc.)
DRV:64bit: - (usbser) -- C:\Windows\SysNative\drivers\usbser.sys (Microsoft Corporation)
DRV:64bit: - (CSC) -- C:\Windows\SysNative\drivers\csc.sys (Microsoft Corporation)
DRV:64bit: - (WN111v2) -- C:\Windows\SysNative\DRIVERS\WN111v2x.sys (Atheros Communications, Inc.)
DRV:64bit: - (LMouFilt) -- C:\Windows\SysNative\DRIVERS\LMouFilt.Sys (Logitech, Inc.)
DRV:64bit: - (LHidFilt) -- C:\Windows\SysNative\DRIVERS\LHidFilt.Sys (Logitech, Inc.)
DRV:64bit: - (LVUSBS64) -- C:\Windows\SysNative\drivers\LVUSBS64.sys (Logitech Inc.)
DRV:64bit: - (JSWPSLWF) -- C:\Windows\SysNative\DRIVERS\jswpslwfx.sys (Atheros Communications, Inc.)
DRV:64bit: - (pccsmcfd) -- C:\Windows\SysNative\DRIVERS\pccsmcfdx64.sys (Nokia)
DRV:64bit: - (AtiPcie) ATI PCI Express (3GIO) -- C:\Windows\SysNative\DRIVERS\AtiPcie.sys (ATI Technologies Inc.)
DRV:64bit: - (SSPORT) -- C:\Windows\SysNative\Drivers\SSPORT.sys (Samsung Electronics)
DRV:64bit: - (PCASp50a64) -- C:\Windows\SysNative\Drivers\PCASp50a64.sys (Printing Communications Assoc., Inc. (PCAUSA))
DRV:64bit: - (RTL8169) -- C:\Windows\SysNative\DRIVERS\Rtlh64.sys (Realtek Corporation)
DRV:64bit: - (Ntfs) -- C:\Windows\SysNative\Wbem\ntfs.mof ()
 
========== Standard Registry (SafeList) ==========
 
 
========== Internet Explorer ==========
 
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
 
 
IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
 
 
IE - HKU\S-1-5-21-4181750598-3240758953-3275519497-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = about:blank
IE - HKU\S-1-5-21-4181750598-3240758953-3275519497-1000\SOFTWARE\Microsoft\Internet Explorer\Main,StartPageCache = 1
IE - HKU\S-1-5-21-4181750598-3240758953-3275519497-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
========== FireFox ==========
 
FF - prefs.js..browser.startup.homepage: "about:blank"
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}:6.0.20
FF - prefs.js..extensions.enabledItems: firebug@software.joehewitt.com:1.5.4
FF - prefs.js..extensions.enabledItems: {3f963a5b-e555-4543-90e2-c3908898db71}:9.0.0.825
 
FF - HKLM\software\mozilla\Firefox\Extensions\\{3f963a5b-e555-4543-90e2-c3908898db71}: E:\Sicherheit\AntiVirus\AVG\Install\Firefox [2010.06.04 00:24:16 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.6.3\extensions\\Components: E:\Internet\Browser\Firefox\Install\components [2010.06.28 22:31:27 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.6.3\extensions\\Plugins: E:\Internet\Browser\Firefox\Install\plugins [2010.07.04 17:43:05 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Thunderbird 3.0.4\extensions\\Components: E:\Kommunikation\Mail\Thunderbird\Install\components [2010.06.18 21:19:31 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Thunderbird 3.0.4\extensions\\Plugins: E:\Kommunikation\Mail\Thunderbird\Install\plugins
 
[2010.06.16 22:51:43 | 000,000,000 | ---D | M] -- C:\Users\Manuel Burkhardt\AppData\Roaming\mozilla\Extensions
[2010.06.16 22:51:43 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Manuel Burkhardt\AppData\Roaming\mozilla\Extensions\{3550f703-e582-4d05-9a08-453d09bdfdc6}
[2010.07.05 20:11:47 | 000,000,000 | ---D | M] -- C:\Users\Manuel Burkhardt\AppData\Roaming\mozilla\Firefox\Profiles\77lm4xpc.default\extensions
[2010.06.10 22:17:30 | 000,000,000 | ---D | M] (Microsoft .NET Framework Assistant) -- C:\Users\Manuel Burkhardt\AppData\Roaming\mozilla\Firefox\Profiles\77lm4xpc.default\extensions\{20a82645-c095-46ed-80e3-08825760534b}
[2010.06.02 23:27:01 | 000,000,000 | ---D | M] -- C:\Users\Manuel Burkhardt\AppData\Roaming\mozilla\Firefox\Profiles\77lm4xpc.default\extensions\firebug@software.joehewitt.com
 
O1 HOSTS File: ([2006.09.18 23:37:24 | 000,000,761 | ---- | M]) - C:\Windows\SysNative\drivers\etc\Hosts
O1 - Hosts: 127.0.0.1       localhost
O1 - Hosts: ::1             localhost
O2:64bit: - BHO: (AVG Safe Search) - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - E:\Sicherheit\AntiVirus\AVG\Install\avgssiea.dll (AVG Technologies CZ, s.r.o.)
O2:64bit: - BHO: (Windows Live ID-Anmelde-Hilfsprogramm) - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Programme\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corporation)
O2 - BHO: (AVG Safe Search) - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - E:\Sicherheit\AntiVirus\AVG\Install\avgssie.dll (AVG Technologies CZ, s.r.o.)
O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - No CLSID value found.
O2 - BHO: (Google Toolbar Helper) - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar.dll (Google Inc.)
O2 - BHO: (Google Toolbar Notifier BHO) - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files (x86)\Google\GoogleToolbarNotifier\5.1.1309.3572\swg.dll (Google Inc.)
O2 - BHO: (Google Dictionary Compression sdch) - {C84D72FE-E17D-4195-BB24-76C02E2E7C4E} - C:\Program Files (x86)\Google\Google Toolbar\Component\fastsearch_A8904FB862BD9564.dll (Google Inc.)
O2 - BHO: (Java(tm) Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - E:\Programmierung\Java\JRE\Install\bin\jp2ssv.dll (Sun Microsystems, Inc.)
O3 - HKLM\..\Toolbar: (Google Toolbar) - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar.dll (Google Inc.)
O3 - HKU\S-1-5-21-4181750598-3240758953-3275519497-1000\..\Toolbar\WebBrowser: (Google Toolbar) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar.dll (Google Inc.)
O4:64bit: - HKLM..\Run: [Kernel and Hardware Abstraction Layer] C:\Windows\KHALMNPR.Exe (Logitech, Inc.)
O4:64bit: - HKLM..\Run: [RtHDVCpl] C:\Programme\Realtek\Audio\HDA\RAVCpl64.exe (Realtek Semiconductor)
O4:64bit: - HKLM..\Run: [Skytel] C:\Programme\Realtek\Audio\HDA\SkyTel.exe (Realtek Semiconductor Corp.)
O4:64bit: - HKLM..\Run: [Windows Defender] C:\Program Files\Windows Defender\MSASCui.exe (Microsoft Corporation)
O4 - HKLM..\Run: [AVG9_TRAY] E:\Sicherheit\AntiVirus\AVG\Install\avgtray.exe (AVG Technologies CZ, s.r.o.)
O4 - HKLM..\Run: [jswtrayutil] C:\Treiber\Netzwerk\WLAN\WN111v2\SmartWizard\Install\jswtrayutil.exe File not found
O4 - HKLM..\Run: [LogitechQuickCamRibbon] E:\Kamera\Webkamera\QuickCam Sphere AF\QuickCam\Install\Logitech WebCam Software\LWS.exe ()
O4 - HKU\S-1-5-19..\Run: [Sidebar] C:\Program Files (x86)\Windows Sidebar\Sidebar.exe (Microsoft Corporation)
O4 - HKU\S-1-5-19..\Run: [WindowsWelcomeCenter] C:\Windows\SysWow64\oobefldr.dll (Microsoft Corporation)
O4 - HKU\S-1-5-20..\Run: [Sidebar] C:\Program Files (x86)\Windows Sidebar\Sidebar.exe (Microsoft Corporation)
O4 - HKU\S-1-5-20..\Run: [WindowsWelcomeCenter] C:\Windows\SysWow64\oobefldr.dll (Microsoft Corporation)
O4 - HKU\S-1-5-21-4181750598-3240758953-3275519497-1000..\Run: [PC Suite Tray] E:\Mobil\Handy\E71\PCSuite\Install\Nokia PC Suite 7\PCSuite.exe (Nokia)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktopChanges = 1
O8:64bit: - Extra context menu item: Nach Microsoft &Excel exportieren - E:\Office\XP\Install\Office10\EXCEL.EXE (Microsoft Corporation)
O8 - Extra context menu item: Nach Microsoft &Excel exportieren - E:\Office\XP\Install\Office10\EXCEL.EXE (Microsoft Corporation)
O9 - Extra Button: ICQ6 - {E59EB121-F339-4851-A3BA-FE49C35617C2} - E:\Kommunikation\Messenger\ICQ\Install\ICQ6.5\ICQ.exe (ICQ, LLC.)
O9 - Extra 'Tools' menuitem : ICQ6 - {E59EB121-F339-4851-A3BA-FE49C35617C2} - E:\Kommunikation\Messenger\ICQ\Install\ICQ6.5\ICQ.exe (ICQ, LLC.)
O13 - gopher Prefix: missing
O13 - gopher Prefix: missing
O16 - DPF: {166B1BCA-3F9C-11CF-8075-444553540000} hxxp://download.macromedia.com/pub/shockwave/cabs/director/sw.cab (Shockwave ActiveX Control)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_20-windows-i586.cab (Java Plug-in 1.6.0_20)
O16 - DPF: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_20-windows-i586.cab (Java Plug-in 1.6.0_20)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_20-windows-i586.cab (Java Plug-in 1.6.0_20)
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} hxxp://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab (Shockwave Flash Object)
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab (Reg Error: Key error.)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.2.1
O18:64bit: - Protocol\Handler\http\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - Reg Error: Key error. File not found
O18:64bit: - Protocol\Handler\http\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - Reg Error: Key error. File not found
O18:64bit: - Protocol\Handler\https\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - Reg Error: Key error. File not found
O18:64bit: - Protocol\Handler\https\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - Reg Error: Key error. File not found
O18:64bit: - Protocol\Handler\linkscanner {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - E:\Sicherheit\AntiVirus\AVG\Install\avgppa.dll (AVG Technologies CZ, s.r.o.)
O18:64bit: - Protocol\Handler\livecall {828030A1-22C1-4009-854F-8E305202313F} - Reg Error: Key error. File not found
O18:64bit: - Protocol\Handler\msdaipp - No CLSID value found
O18:64bit: - Protocol\Handler\msdaipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - Reg Error: Key error. File not found
O18:64bit: - Protocol\Handler\msdaipp\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - Reg Error: Key error. File not found
O18:64bit: - Protocol\Handler\ms-itss {0A9007C0-4076-11D3-8789-0000F8105754} - Reg Error: Key error. File not found
O18:64bit: - Protocol\Handler\msnim {828030A1-22C1-4009-854F-8E305202313F} - Reg Error: Key error. File not found
O18:64bit: - Protocol\Handler\mso-offdap {3D9F03FA-7A94-11D3-BE81-0050048385D1} - Reg Error: Key error. File not found
O18:64bit: - Protocol\Handler\wlmailhtml {03C514A3-1EFB-4856-9F99-10D7BE1653C0} - Reg Error: Key error. File not found
O18 - Protocol\Handler\http\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\System\OLE DB\msdaipp.dll (Microsoft Corporation)
O18 - Protocol\Handler\http\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\System\OLE DB\msdaipp.dll (Microsoft Corporation)
O18 - Protocol\Handler\https\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\System\OLE DB\msdaipp.dll (Microsoft Corporation)
O18 - Protocol\Handler\https\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\System\OLE DB\msdaipp.dll (Microsoft Corporation)
O18 - Protocol\Handler\linkscanner {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - E:\Sicherheit\AntiVirus\AVG\Install\avgpp.dll (AVG Technologies CZ, s.r.o.)
O18 - Protocol\Handler\livecall {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~2\WI1F86~1\MESSEN~1\MSGRAP~1.DLL (Microsoft Corporation)
O18 - Protocol\Handler\msdaipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\System\OLE DB\msdaipp.dll (Microsoft Corporation)
O18 - Protocol\Handler\msdaipp\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\System\OLE DB\msdaipp.dll (Microsoft Corporation)
O18 - Protocol\Handler\msnim {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~2\WI1F86~1\MESSEN~1\MSGRAP~1.DLL (Microsoft Corporation)
O18 - Protocol\Handler\mso-offdap {3D9F03FA-7A94-11D3-BE81-0050048385D1} - C:\PROGRA~2\COMMON~1\MICROS~1\WEBCOM~1\10\OWC10.DLL (Microsoft Corporation)
O18:64bit: - Protocol\Filter\x-sdch {B1759355-3EEC-4C1E-B0F1-B719FE26E377} - Reg Error: Key error. File not found
O18 - Protocol\Filter\x-sdch {B1759355-3EEC-4C1E-B0F1-B719FE26E377} - C:\Program Files (x86)\Google\Google Toolbar\Component\fastsearch_A8904FB862BD9564.dll (Google Inc.)
O20:64bit: - AppInit_DLLs: (avgrssta.dll) - C:\Windows\SysNative\avgrssta.dll (AVG Technologies CZ, s.r.o.)
O20:64bit: - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation)
O22:64bit: - SharedTaskScheduler: {E31004D1-A431-41B8-826F-E902F9D95C81} - Windows DreamScene - C:\Windows\SysNative\DreamScene.dll (Microsoft Corporation)
O24 - Desktop WallPaper: C:\Users\Manuel Burkhardt\AppData\Roaming\Microsoft\Windows Photo Gallery\Hintergrundbild der Windows-Fotogalerie.jpg
O24 - Desktop BackupWallPaper: C:\Users\Manuel Burkhardt\AppData\Roaming\Microsoft\Windows Photo Gallery\Hintergrundbild der Windows-Fotogalerie.jpg
O32 - HKLM CDRom: AutoRun - 1
O33 - MountPoints2\{69273f32-4242-11de-b3db-806e6f6e6963}\Shell - "" = AutoRun
O33 - MountPoints2\{69273f32-4242-11de-b3db-806e6f6e6963}\Shell\AutoRun\command - "" = Z:\autorun.exe -- File not found
O33 - MountPoints2\{69273f32-4242-11de-b3db-806e6f6e6963}\Shell\install\command - "" = Z:\autorun.exe -- File not found
O34 - HKLM BootExecute: (autocheck autochk *) -  File not found
O35:64bit: - HKLM\..comfile [open] -- "%1" %*
O35:64bit: - HKLM\..exefile [open] -- "%1" %*
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %*
O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
 
NetSvcs:64bit: AppMgmt - C:\Windows\SysNative\appmgmts.dll (Microsoft Corporation)
 
 
SafeBootMin:64bit: AppMgmt - C:\Windows\SysNative\appmgmts.dll (Microsoft Corporation)
SafeBootMin:64bit: Base - Driver Group
SafeBootMin:64bit: Boot Bus Extender - Driver Group
SafeBootMin:64bit: Boot file system - Driver Group
SafeBootMin:64bit: File system - Driver Group
SafeBootMin:64bit: Filter - Driver Group
SafeBootMin:64bit: HelpSvc - Service
SafeBootMin:64bit: PCI Configuration - Driver Group
SafeBootMin:64bit: PNP Filter - Driver Group
SafeBootMin:64bit: Primary disk - Driver Group
SafeBootMin:64bit: sacsvr - Service
SafeBootMin:64bit: SCSI Class - Driver Group
SafeBootMin:64bit: System Bus Extender - Driver Group
SafeBootMin:64bit: {36FC9E60-C465-11CF-8056-444553540000} - Universal Serial Bus controllers
SafeBootMin:64bit: {4D36E965-E325-11CE-BFC1-08002BE10318} - CD-ROM Drive
SafeBootMin:64bit: {4D36E967-E325-11CE-BFC1-08002BE10318} - DiskDrive
SafeBootMin:64bit: {4D36E969-E325-11CE-BFC1-08002BE10318} - Standard floppy disk controller
SafeBootMin:64bit: {4D36E96A-E325-11CE-BFC1-08002BE10318} - Hdc
SafeBootMin:64bit: {4D36E96B-E325-11CE-BFC1-08002BE10318} - Keyboard
SafeBootMin:64bit: {4D36E96F-E325-11CE-BFC1-08002BE10318} - Mouse
SafeBootMin:64bit: {4D36E977-E325-11CE-BFC1-08002BE10318} - PCMCIA Adapters
SafeBootMin:64bit: {4D36E97B-E325-11CE-BFC1-08002BE10318} - SCSIAdapter
SafeBootMin:64bit: {4D36E97D-E325-11CE-BFC1-08002BE10318} - System
SafeBootMin:64bit: {4D36E980-E325-11CE-BFC1-08002BE10318} - Floppy disk drive
SafeBootMin:64bit: {533C5B84-EC70-11D2-9505-00C04F79DEAF} - Volume shadow copy
SafeBootMin:64bit: {6BDD1FC1-810F-11D0-BEC7-08002BE2092F} - IEEE 1394 Bus host controllers
SafeBootMin:64bit: {71A27CDD-812A-11D0-BEC7-08002BE2092F} - Volume
SafeBootMin:64bit: {745A17A0-74D3-11D0-B6FE-00A0C90F57DA} - Human Interface Devices
SafeBootMin:64bit: {D48179BE-EC20-11D1-B6B8-00C04FA372A7} - SBP2 IEEE 1394 Devices
SafeBootMin:64bit: {D94EE5D8-D189-4994-83D2-F68D7D41B0E6} - SecurityDevices
SafeBootMin: Base - Driver Group
SafeBootMin: Boot Bus Extender - Driver Group
SafeBootMin: Boot file system - Driver Group
SafeBootMin: File system - Driver Group
SafeBootMin: Filter - Driver Group
SafeBootMin: HelpSvc - Service
SafeBootMin: PCI Configuration - Driver Group
SafeBootMin: PNP Filter - Driver Group
SafeBootMin: Primary disk - Driver Group
SafeBootMin: sacsvr - Service
SafeBootMin: SCSI Class - Driver Group
SafeBootMin: System Bus Extender - Driver Group
SafeBootMin: {36FC9E60-C465-11CF-8056-444553540000} - Universal Serial Bus controllers
SafeBootMin: {4D36E965-E325-11CE-BFC1-08002BE10318} - CD-ROM Drive
SafeBootMin: {4D36E967-E325-11CE-BFC1-08002BE10318} - DiskDrive
SafeBootMin: {4D36E969-E325-11CE-BFC1-08002BE10318} - Standard floppy disk controller
SafeBootMin: {4D36E96A-E325-11CE-BFC1-08002BE10318} - Hdc
SafeBootMin: {4D36E96B-E325-11CE-BFC1-08002BE10318} - Keyboard
SafeBootMin: {4D36E96F-E325-11CE-BFC1-08002BE10318} - Mouse
SafeBootMin: {4D36E977-E325-11CE-BFC1-08002BE10318} - PCMCIA Adapters
SafeBootMin: {4D36E97B-E325-11CE-BFC1-08002BE10318} - SCSIAdapter
SafeBootMin: {4D36E97D-E325-11CE-BFC1-08002BE10318} - System
SafeBootMin: {4D36E980-E325-11CE-BFC1-08002BE10318} - Floppy disk drive
SafeBootMin: {533C5B84-EC70-11D2-9505-00C04F79DEAF} - Volume shadow copy
SafeBootMin: {6BDD1FC1-810F-11D0-BEC7-08002BE2092F} - IEEE 1394 Bus host controllers
SafeBootMin: {71A27CDD-812A-11D0-BEC7-08002BE2092F} - Volume
SafeBootMin: {745A17A0-74D3-11D0-B6FE-00A0C90F57DA} - Human Interface Devices
SafeBootMin: {D48179BE-EC20-11D1-B6B8-00C04FA372A7} - SBP2 IEEE 1394 Devices
SafeBootMin: {D94EE5D8-D189-4994-83D2-F68D7D41B0E6} - SecurityDevices
 
SafeBootNet:64bit: AppMgmt - C:\Windows\SysNative\appmgmts.dll (Microsoft Corporation)
SafeBootNet:64bit: Base - Driver Group
SafeBootNet:64bit: Boot Bus Extender - Driver Group
SafeBootNet:64bit: Boot file system - Driver Group
SafeBootNet:64bit: File system - Driver Group
SafeBootNet:64bit: Filter - Driver Group
SafeBootNet:64bit: HelpSvc - Service
SafeBootNet:64bit: NDIS Wrapper - Driver Group
SafeBootNet:64bit: NetBIOSGroup - Driver Group
SafeBootNet:64bit: NetDDEGroup - Driver Group
SafeBootNet:64bit: Network - Driver Group
SafeBootNet:64bit: NetworkProvider - Driver Group
SafeBootNet:64bit: PCI Configuration - Driver Group
SafeBootNet:64bit: PNP Filter - Driver Group
SafeBootNet:64bit: PNP_TDI - Driver Group
SafeBootNet:64bit: Primary disk - Driver Group
SafeBootNet:64bit: rdsessmgr - Service
SafeBootNet:64bit: sacsvr - Service
SafeBootNet:64bit: SCSI Class - Driver Group
SafeBootNet:64bit: Streams Drivers - Driver Group
SafeBootNet:64bit: System Bus Extender - Driver Group
SafeBootNet:64bit: TDI - Driver Group
SafeBootNet:64bit: WudfPf - Driver
SafeBootNet:64bit: WudfUsbccidDriver - Driver
SafeBootNet:64bit: {36FC9E60-C465-11CF-8056-444553540000} - Universal Serial Bus controllers
SafeBootNet:64bit: {4D36E965-E325-11CE-BFC1-08002BE10318} - CD-ROM Drive
SafeBootNet:64bit: {4D36E967-E325-11CE-BFC1-08002BE10318} - DiskDrive
SafeBootNet:64bit: {4D36E969-E325-11CE-BFC1-08002BE10318} - Standard floppy disk controller
SafeBootNet:64bit: {4D36E96A-E325-11CE-BFC1-08002BE10318} - Hdc
SafeBootNet:64bit: {4D36E96B-E325-11CE-BFC1-08002BE10318} - Keyboard
SafeBootNet:64bit: {4D36E96F-E325-11CE-BFC1-08002BE10318} - Mouse
SafeBootNet:64bit: {4D36E972-E325-11CE-BFC1-08002BE10318} - Net
SafeBootNet:64bit: {4D36E973-E325-11CE-BFC1-08002BE10318} - NetClient
SafeBootNet:64bit: {4D36E974-E325-11CE-BFC1-08002BE10318} - NetService
SafeBootNet:64bit: {4D36E975-E325-11CE-BFC1-08002BE10318} - NetTrans
SafeBootNet:64bit: {4D36E977-E325-11CE-BFC1-08002BE10318} - PCMCIA Adapters
SafeBootNet:64bit: {4D36E97B-E325-11CE-BFC1-08002BE10318} - SCSIAdapter
SafeBootNet:64bit: {4D36E97D-E325-11CE-BFC1-08002BE10318} - System
SafeBootNet:64bit: {4D36E980-E325-11CE-BFC1-08002BE10318} - Floppy disk drive
SafeBootNet:64bit: {50DD5230-BA8A-11D1-BF5D-0000F805F530} - Smart card readers
SafeBootNet:64bit: {533C5B84-EC70-11D2-9505-00C04F79DEAF} - Volume shadow copy
SafeBootNet:64bit: {6BDD1FC1-810F-11D0-BEC7-08002BE2092F} - IEEE 1394 Bus host controllers
SafeBootNet:64bit: {71A27CDD-812A-11D0-BEC7-08002BE2092F} - Volume
SafeBootNet:64bit: {745A17A0-74D3-11D0-B6FE-00A0C90F57DA} - Human Interface Devices
SafeBootNet:64bit: {D48179BE-EC20-11D1-B6B8-00C04FA372A7} - SBP2 IEEE 1394 Devices
SafeBootNet:64bit: {D94EE5D8-D189-4994-83D2-F68D7D41B0E6} - SecurityDevices
SafeBootNet: Base - Driver Group
SafeBootNet: Boot Bus Extender - Driver Group
SafeBootNet: Boot file system - Driver Group
SafeBootNet: File system - Driver Group
SafeBootNet: Filter - Driver Group
SafeBootNet: HelpSvc - Service
SafeBootNet: NDIS Wrapper - Driver Group
SafeBootNet: NetBIOSGroup - Driver Group
SafeBootNet: NetDDEGroup - Driver Group
SafeBootNet: Network - Driver Group
SafeBootNet: NetworkProvider - Driver Group
SafeBootNet: PCI Configuration - Driver Group
SafeBootNet: PNP Filter - Driver Group
SafeBootNet: PNP_TDI - Driver Group
SafeBootNet: Primary disk - Driver Group
SafeBootNet: rdsessmgr - Service
SafeBootNet: sacsvr - Service
SafeBootNet: SCSI Class - Driver Group
SafeBootNet: Streams Drivers - Driver Group
SafeBootNet: System Bus Extender - Driver Group
SafeBootNet: TDI - Driver Group
SafeBootNet: WudfPf - Driver
SafeBootNet: WudfUsbccidDriver - Driver
SafeBootNet: {36FC9E60-C465-11CF-8056-444553540000} - Universal Serial Bus controllers
SafeBootNet: {4D36E965-E325-11CE-BFC1-08002BE10318} - CD-ROM Drive
SafeBootNet: {4D36E967-E325-11CE-BFC1-08002BE10318} - DiskDrive
SafeBootNet: {4D36E969-E325-11CE-BFC1-08002BE10318} - Standard floppy disk controller
SafeBootNet: {4D36E96A-E325-11CE-BFC1-08002BE10318} - Hdc
SafeBootNet: {4D36E96B-E325-11CE-BFC1-08002BE10318} - Keyboard
SafeBootNet: {4D36E96F-E325-11CE-BFC1-08002BE10318} - Mouse
SafeBootNet: {4D36E972-E325-11CE-BFC1-08002BE10318} - Net
SafeBootNet: {4D36E973-E325-11CE-BFC1-08002BE10318} - NetClient
SafeBootNet: {4D36E974-E325-11CE-BFC1-08002BE10318} - NetService
SafeBootNet: {4D36E975-E325-11CE-BFC1-08002BE10318} - NetTrans
SafeBootNet: {4D36E977-E325-11CE-BFC1-08002BE10318} - PCMCIA Adapters
SafeBootNet: {4D36E97B-E325-11CE-BFC1-08002BE10318} - SCSIAdapter
SafeBootNet: {4D36E97D-E325-11CE-BFC1-08002BE10318} - System
SafeBootNet: {4D36E980-E325-11CE-BFC1-08002BE10318} - Floppy disk drive
SafeBootNet: {50DD5230-BA8A-11D1-BF5D-0000F805F530} - Smart card readers
SafeBootNet: {533C5B84-EC70-11D2-9505-00C04F79DEAF} - Volume shadow copy
SafeBootNet: {6BDD1FC1-810F-11D0-BEC7-08002BE2092F} - IEEE 1394 Bus host controllers
SafeBootNet: {71A27CDD-812A-11D0-BEC7-08002BE2092F} - Volume
SafeBootNet: {745A17A0-74D3-11D0-B6FE-00A0C90F57DA} - Human Interface Devices
SafeBootNet: {D48179BE-EC20-11D1-B6B8-00C04FA372A7} - SBP2 IEEE 1394 Devices
SafeBootNet: {D94EE5D8-D189-4994-83D2-F68D7D41B0E6} - SecurityDevices
 
ActiveX:64bit: {2179C5D3-EBFF-11CF-B6FD-00AA00B4E220} - 
ActiveX:64bit: {22d6f312-b0f6-11d0-94ab-0080c74c7e95} - Microsoft Windows Media Player 11.0
ActiveX:64bit: {2C7339CF-2B09-4501-B3F3-F3508C9228ED} - %SystemRoot%\system32\regsvr32.exe /s /n /i:/UserInstall %SystemRoot%\system32\themeui.dll
ActiveX:64bit: {3af36230-a269-11d1-b5bf-0000f8051515} - Offline Browsing Pack
ActiveX:64bit: {44BBA840-CC51-11CF-AAFA-00AA00B6015C} - "%ProgramFiles%\Windows Mail\WinMail.exe" OCInstallUserConfigOE
ActiveX:64bit: {44BBA848-CC51-11CF-AAFA-00AA00B6015C} - 
ActiveX:64bit: {44BBA855-CC51-11CF-AAFA-00AA00B6015F} - DirectDrawEx
ActiveX:64bit: {45ea75a0-a269-11d1-b5bf-0000f8051515} - Internet Explorer Help
ActiveX:64bit: {4f645220-306d-11d2-995d-00c04f98bbc9} - Microsoft Windows Script 5.8
ActiveX:64bit: {5fd399c0-a70a-11d1-9948-00c04f98bbc9} - Internet Explorer Setup Tools
ActiveX:64bit: {630b1da0-b465-11d1-9948-00c04f98bbc9} - Browsing Enhancements
ActiveX:64bit: {6BF52A52-394A-11d3-B153-00C04F79FAA6} - Microsoft Windows Media Player
ActiveX:64bit: {6fab99d0-bab8-11d1-994a-00c04f98bbc9} - MSN Site Access
ActiveX:64bit: {7070D8E0-650A-46b3-B03C-9497582E6A74} - %SystemRoot%\system32\soundschemes.exe /AddRegistration
ActiveX:64bit: {7790769C-0471-11d2-AF11-00C04FA35D02} - Address Book 7
ActiveX:64bit: {89820200-ECBD-11cf-8B85-00AA005B4340} - regsvr32.exe /s /n /i:U shell32.dll
ActiveX:64bit: {89820200-ECBD-11cf-8B85-00AA005B4383} - C:\Windows\system32\ie4uinit.exe -BaseSettings
ActiveX:64bit: {89B4C1CD-B018-4511-B0A1-5476DBF70820} - C:\Windows\system32\Rundll32.exe C:\Windows\system32\mscories.dll,Install
ActiveX:64bit: {9381D8F2-0288-11D0-9501-00AA00B911A5} - Dynamic HTML Data Binding
ActiveX:64bit: {B3688A53-AB2A-4b1d-8CEF-8F93D8C51C24} - %SystemRoot%\system32\soundschemes2.exe /AddRegistration
ActiveX:64bit: {C9E9A340-D1F1-11D0-821E-444553540600} - Internet Explorer Core Fonts
ActiveX:64bit: {CDD7975E-60F8-41d5-8149-19E51D6F71D0} - Windows Movie Maker v2.1
ActiveX:64bit: {de5aed00-a4bf-11d1-9948-00c04f98bbc9} - HTML Help
ActiveX:64bit: {E92B03AB-B707-11d2-9CBD-0000F87A369E} - Active Directory Service Interface
ActiveX:64bit: {FEBEF00C-046D-438D-8A88-BF94A6C9E703} - .NET Framework
ActiveX:64bit: >{22d6f312-b0f6-11d0-94ab-0080c74c7e95} - C:\Windows\system32\unregmp2.exe /ShowWMP
ActiveX:64bit: >{26923b43-4d38-484f-9b9e-de460746276c} - C:\Windows\system32\ie4uinit.exe -UserIconConfig
ActiveX:64bit: >{60B49E34-C7CC-11D0-8953-00A0C90347FF} - "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\iedkcs32.dll",BrandIEActiveSetup SIGNUP
ActiveX: {08B0E5C0-4FCB-11CF-AAA5-00401C608500} - Java (Sun)
ActiveX: {22d6f312-b0f6-11d0-94ab-0080c74c7e95} - Microsoft Windows Media Player
ActiveX: {25FFAAD0-F4A3-4164-95FF-4461E9F35D51} - .NET Framework
ActiveX: {2C7339CF-2B09-4501-B3F3-F3508C9228ED} - %SystemRoot%\system32\regsvr32.exe /s /n /i:/UserInstall %SystemRoot%\system32\themeui.dll
ActiveX: {3af36230-a269-11d1-b5bf-0000f8051515} - Offline Browsing Pack
ActiveX: {44BBA840-CC51-11CF-AAFA-00AA00B6015C} - "%ProgramFiles(x86)%\Windows Mail\WinMail.exe" OCInstallUserConfigOE
ActiveX: {44BBA855-CC51-11CF-AAFA-00AA00B6015F} - DirectDrawEx
ActiveX: {45ea75a0-a269-11d1-b5bf-0000f8051515} - Internet Explorer Help
ActiveX: {4f645220-306d-11d2-995d-00c04f98bbc9} - Microsoft Windows Script 5.6
ActiveX: {5fd399c0-a70a-11d1-9948-00c04f98bbc9} - Internet Explorer Setup Tools
ActiveX: {630b1da0-b465-11d1-9948-00c04f98bbc9} - Browsing Enhancements
ActiveX: {6BF52A52-394A-11d3-B153-00C04F79FAA6} - Microsoft Windows Media Player
ActiveX: {6fab99d0-bab8-11d1-994a-00c04f98bbc9} - MSN Site Access
ActiveX: {73FA19D0-2D75-11D2-995D-00C04F98BBC9} - Webordner
ActiveX: {7790769C-0471-11d2-AF11-00C04FA35D02} - Address Book 7
ActiveX: {7C028AF8-F614-47B3-82DA-BA94E41B1089} - .NET Framework
ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4340} - regsvr32.exe /s /n /i:U shell32.dll
ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4383} - C:\Windows\SysWOW64\ie4uinit.exe -BaseSettings
ActiveX: {89B4C1CD-B018-4511-B0A1-5476DBF70820} - C:\Windows\SysWOW64\Rundll32.exe C:\Windows\SysWOW64\mscories.dll,Install
ActiveX: {9381D8F2-0288-11D0-9501-00AA00B911A5} - Dynamic HTML Data Binding
ActiveX: {C9E9A340-D1F1-11D0-821E-444553540600} - Internet Explorer Core Fonts
ActiveX: {D27CDB6E-AE6D-11CF-96B8-444553540000} - Adobe Flash Player
ActiveX: {de5aed00-a4bf-11d1-9948-00c04f98bbc9} - HTML Help
ActiveX: {E92B03AB-B707-11d2-9CBD-0000F87A369E} - Active Directory Service Interface
ActiveX: >{22d6f312-b0f6-11d0-94ab-0080c74c7e95} - %SystemRoot%\system32\unregmp2.exe /ShowWMP
ActiveX: >{26923b43-4d38-484f-9b9e-de460746276c} - C:\Windows\SysWOW64\ie4uinit.exe -UserIconConfig
ActiveX: >{60B49E34-C7CC-11D0-8953-00A0C90347FF} - "C:\Windows\SysWOW64\rundll32.exe" "C:\Windows\SysWOW64\iedkcs32.dll",BrandIEActiveSetup SIGNUP
 
Drivers32:64bit: msacm.l3acm - C:\Windows\System32\l3codeca.acm (Fraunhofer Institut Integrierte Schaltungen IIS)
Drivers32:64bit: vidc.i420 - lvcod64.dll (Logitech Inc.)
Drivers32: msacm.l3acm - C:\Windows\SysWOW64\l3codeca.acm (Fraunhofer Institut Integrierte Schaltungen IIS)
Drivers32: msacm.sl_anet - C:\Windows\SysWow64\SL_ANET.ACM (Sipro Lab Telecom Inc.)
Drivers32: vidc.cvid - C:\Windows\SysWow64\iccvid.dll (Radius Inc.)
Drivers32: vidc.i420 - C:\Windows\SysWow64\lvcodec2.dll (Logitech Inc.)
Drivers32: VIDC.MP42 - C:\Windows\SysWow64\MPG4C32.DLL (Microsoft Corporation)
Drivers32: VIDC.MPG4 - C:\Windows\SysWow64\MPG4C32.DLL (Microsoft Corporation)
 
CREATERESTOREPOINT
Restore point Set: OTL Restore Point
 
========== Files/Folders - Created Within 30 Days ==========
 
[2010.07.05 20:27:34 | 000,000,000 | ---D | C] -- C:\Users\Manuel Burkhardt\AppData\Roaming\Malwarebytes
[2010.07.05 20:27:27 | 000,038,224 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\SysWow64\drivers\mbamswissarmy.sys
[2010.07.05 20:27:26 | 000,024,664 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\SysNative\drivers\mbam.sys
[2010.07.05 20:27:26 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes
[2010.07.05 20:06:32 | 000,000,000 | ---D | C] -- C:\ProgramData\TEMP
[2010.06.23 00:02:17 | 001,942,856 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\dfshim.dll
[2010.06.23 00:02:17 | 001,130,824 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\dfshim.dll
[2010.06.23 00:02:17 | 000,320,352 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\PresentationHost.exe
[2010.06.23 00:02:17 | 000,295,264 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\PresentationHost.exe
[2010.06.23 00:02:17 | 000,109,912 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\PresentationHostProxy.dll
[2010.06.23 00:02:17 | 000,099,176 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\PresentationHostProxy.dll
[2010.06.23 00:02:17 | 000,049,472 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\netfxperf.dll
[2010.06.23 00:02:17 | 000,048,960 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\netfxperf.dll
[2010.06.22 20:11:53 | 004,240,384 | ---- | C] (Microsoft) -- C:\Windows\SysWow64\GameUXLegacyGDFs.dll
[2010.06.22 20:11:53 | 004,240,384 | ---- | C] (Microsoft) -- C:\Windows\SysNative\GameUXLegacyGDFs.dll
[2010.06.22 20:11:53 | 000,032,256 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\Apphlpdm.dll
[2010.06.22 20:11:53 | 000,028,672 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\Apphlpdm.dll
[2010.06.21 13:33:04 | 000,000,000 | ---D | C] -- C:\Users\Manuel Burkhardt\Aptana Rubles
[2010.06.11 23:52:50 | 000,366,080 | ---- | C] (Adobe Systems Incorporated) -- C:\Windows\SysNative\atmfd.dll
[2010.06.11 23:52:50 | 000,289,792 | ---- | C] (Adobe Systems Incorporated) -- C:\Windows\SysWow64\atmfd.dll
[2010.06.11 23:52:50 | 000,048,128 | ---- | C] (Adobe Systems) -- C:\Windows\SysNative\atmlib.dll
[2010.06.11 23:52:50 | 000,034,304 | ---- | C] (Adobe Systems) -- C:\Windows\SysWow64\atmlib.dll
[2010.06.11 23:52:45 | 002,334,208 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\iertutil.dll
[2010.06.11 23:52:44 | 000,599,040 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\msfeeds.dll
[2010.06.11 23:52:44 | 000,243,712 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\occache.dll
[2010.06.11 23:52:44 | 000,206,848 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\occache.dll
[2010.06.11 23:52:43 | 001,538,560 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\inetcpl.cpl
[2010.06.11 23:52:43 | 001,469,440 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\inetcpl.cpl
[2010.06.11 23:52:43 | 000,706,048 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\msfeeds.dll
[2010.06.11 23:52:43 | 000,252,416 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\iepeers.dll
[2010.06.11 23:52:43 | 000,219,136 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ieui.dll
[2010.06.11 23:52:43 | 000,184,320 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\iepeers.dll
[2010.06.11 23:52:43 | 000,173,056 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ie4uinit.exe
[2010.06.11 23:52:43 | 000,164,352 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ieui.dll
[2010.06.11 23:52:43 | 000,162,816 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ieUnatt.exe
[2010.06.11 23:52:43 | 000,133,632 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ieUnatt.exe
[2010.06.11 23:52:43 | 000,132,096 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\iesysprep.dll
[2010.06.11 23:52:43 | 000,109,056 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\iesysprep.dll
[2010.06.11 23:52:43 | 000,077,312 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\iesetup.dll
[2010.06.11 23:52:43 | 000,072,192 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\iernonce.dll
[2010.06.11 23:52:43 | 000,071,680 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\iesetup.dll
[2010.06.11 23:52:43 | 000,070,656 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ie4uinit.exe
[2010.06.11 23:52:43 | 000,055,808 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\iernonce.dll
[2010.06.11 23:52:43 | 000,013,312 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\msfeedssync.exe
[2010.06.11 23:52:43 | 000,012,288 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\msfeedssync.exe
[2010.06.07 23:42:19 | 000,000,000 | ---D | C] -- C:\Users\Manuel Burkhardt\Documents\Expression
[2010.06.07 23:11:00 | 000,000,000 | --SD | C] -- C:\Users\Manuel Burkhardt\Documents\Meine Websites
[2010.06.07 23:04:45 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Microsoft Visual Studio 8
 
========== Files - Modified Within 30 Days ==========
 
[2010.07.06 22:38:05 | 002,097,152 | -HS- | M] () -- C:\Users\Manuel Burkhardt\NTUSER.DAT
[2010.07.06 22:31:20 | 000,004,048 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0
[2010.07.06 22:31:20 | 000,004,048 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0
[2010.07.06 15:41:53 | 000,002,677 | ---- | M] () -- C:\Users\Manuel Burkhardt\Desktop\HiJackThis.lnk
[2010.07.06 11:03:07 | 061,677,838 | ---- | M] () -- C:\Windows\SysNative\drivers\Avg\incavi.avm
[2010.07.06 11:01:57 | 001,418,612 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI
[2010.07.06 11:01:57 | 000,618,204 | ---- | M] () -- C:\Windows\SysNative\perfh007.dat
[2010.07.06 11:01:57 | 000,586,980 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat
[2010.07.06 11:01:57 | 000,122,442 | ---- | M] () -- C:\Windows\SysNative\perfc007.dat
[2010.07.06 11:01:57 | 000,101,052 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat
[2010.07.06 10:55:25 | 000,000,006 | -H-- | M] () -- C:\Windows\tasks\SA.DAT
[2010.07.06 10:55:24 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2010.07.06 10:55:20 | 4294,303,744 | -HS- | M] () -- C:\hiberfil.sys
[2010.07.06 10:55:00 | 000,000,000 | ---- | M] () -- C:\Windows\SysNative\drivers\lvuvc.hs
[2010.07.06 00:09:53 | 000,524,288 | -HS- | M] () -- C:\Users\Manuel Burkhardt\NTUSER.DAT{243a06cc-4268-11de-8fd8-002185fbbc62}.TMContainer00000000000000000001.regtrans-ms
[2010.07.06 00:09:53 | 000,065,536 | -HS- | M] () -- C:\Users\Manuel Burkhardt\NTUSER.DAT{243a06cc-4268-11de-8fd8-002185fbbc62}.TM.blf
[2010.07.06 00:09:48 | 003,281,892 | -H-- | M] () -- C:\Users\Manuel Burkhardt\AppData\Local\IconCache.db
[2010.07.05 20:27:29 | 000,000,754 | ---- | M] () -- C:\Users\Public\Desktop\Malwarebytes' Anti-Malware.lnk
[2010.07.05 00:18:04 | 000,002,063 | ---- | M] () -- C:\Users\Public\Desktop\Logitech WebCam Software.lnk
[2010.07.04 17:43:05 | 000,001,923 | ---- | M] () -- C:\Users\Public\Desktop\Adobe Reader 9.lnk
[2010.06.24 22:37:24 | 000,000,000 | -H-- | M] () -- C:\Windows\SysNative\drivers\Msft_User_WpdMtpDr_01_07_00.Wdf
[2010.06.21 14:52:36 | 000,000,824 | ---- | M] () -- C:\Users\Manuel Burkhardt\Desktop\Aptana Studio 2.0.lnk
[2010.06.17 22:13:37 | 000,001,111 | ---- | M] () -- C:\Users\Manuel Burkhardt\Desktop\FileZilla Client.lnk
[2010.06.14 22:32:31 | 000,000,680 | ---- | M] () -- C:\Users\Manuel Burkhardt\AppData\Local\d3d9caps.dat
[2010.06.12 03:28:57 | 000,249,856 | ---- | M] () -- C:\Windows\SysNative\FNTCACHE.DAT
[2010.06.07 23:10:40 | 000,054,792 | ---- | M] () -- C:\Users\Manuel Burkhardt\AppData\Local\GDIPFONTCACHEV1.DAT
 
========== Files Created - No Company Name ==========
 
[2010.07.06 15:41:37 | 000,002,677 | ---- | C] () -- C:\Users\Manuel Burkhardt\Desktop\HiJackThis.lnk
[2010.07.05 20:27:29 | 000,000,754 | ---- | C] () -- C:\Users\Public\Desktop\Malwarebytes' Anti-Malware.lnk
[2010.07.05 20:07:22 | 000,435,200 | ---- | C] () -- C:\Users\Manuel Burkhardt\AppData\Local\dd_vcredistMSI49EE.txt
[2010.07.05 20:07:21 | 000,013,586 | ---- | C] () -- C:\Users\Manuel Burkhardt\AppData\Local\dd_vcredistUI49EE.txt
[2010.07.05 20:07:21 | 000,012,838 | ---- | C] () -- C:\Users\Manuel Burkhardt\AppData\Local\dd_vcredistUI49EF.txt
[2010.07.05 00:18:04 | 000,002,063 | ---- | C] () -- C:\Users\Public\Desktop\Logitech WebCam Software.lnk
[2010.07.04 17:43:05 | 000,001,923 | ---- | C] () -- C:\Users\Public\Desktop\Adobe Reader 9.lnk
[2010.06.24 22:37:24 | 000,000,000 | -H-- | C] () -- C:\Windows\SysNative\drivers\Msft_User_WpdMtpDr_01_07_00.Wdf
[2010.06.21 14:52:36 | 000,000,824 | ---- | C] () -- C:\Users\Manuel Burkhardt\Desktop\Aptana Studio 2.0.lnk
[2010.06.17 22:13:37 | 000,001,111 | ---- | C] () -- C:\Users\Manuel Burkhardt\Desktop\FileZilla Client.lnk
[2010.03.16 01:14:06 | 000,000,340 | ---- | C] () -- C:\Windows\doom3.ini
[2009.09.24 21:14:08 | 000,117,248 | ---- | C] () -- C:\Windows\SysWow64\EhStorAuthn.dll
[2009.09.24 21:13:06 | 000,368,640 | ---- | C] () -- C:\Windows\SysWow64\msjetoledb40.dll
[2009.08.07 20:19:08 | 000,000,299 | ---- | C] () -- C:\Windows\game.ini
[2009.06.12 19:12:25 | 000,000,400 | ---- | C] () -- C:\Windows\ODBC.INI
[2009.05.16 23:05:32 | 000,060,124 | ---- | C] () -- C:\Windows\SysWow64\tcpmon.ini
[2008.10.07 10:13:30 | 000,197,912 | ---- | C] () -- C:\Windows\SysWow64\physxcudart_20.dll
[2008.10.07 10:13:22 | 000,058,648 | ---- | C] () -- C:\Windows\SysWow64\AgCPanelTraditionalChinese.dll
[2008.10.07 10:13:20 | 000,058,648 | ---- | C] () -- C:\Windows\SysWow64\AgCPanelSwedish.dll
[2008.10.07 10:13:20 | 000,058,648 | ---- | C] () -- C:\Windows\SysWow64\AgCPanelSpanish.dll
[2008.10.07 10:13:20 | 000,058,648 | ---- | C] () -- C:\Windows\SysWow64\AgCPanelSimplifiedChinese.dll
[2008.10.07 10:13:20 | 000,058,648 | ---- | C] () -- C:\Windows\SysWow64\AgCPanelPortugese.dll
[2008.10.07 10:13:20 | 000,058,648 | ---- | C] () -- C:\Windows\SysWow64\AgCPanelKorean.dll
[2008.10.07 10:13:20 | 000,058,648 | ---- | C] () -- C:\Windows\SysWow64\AgCPanelJapanese.dll
[2008.10.07 10:13:20 | 000,058,648 | ---- | C] () -- C:\Windows\SysWow64\AgCPanelGerman.dll
[2008.10.07 10:13:20 | 000,058,648 | ---- | C] () -- C:\Windows\SysWow64\AgCPanelFrench.dll
 
========== LOP Check ==========
 
[2010.07.06 11:11:06 | 000,000,000 | ---D | M] -- C:\Users\Manuel Burkhardt\AppData\Roaming\FileZilla
[2010.04.03 00:44:33 | 000,000,000 | ---D | M] -- C:\Users\Manuel Burkhardt\AppData\Roaming\Grand Ages Rome
[2010.06.03 00:56:36 | 000,000,000 | ---D | M] -- C:\Users\Manuel Burkhardt\AppData\Roaming\Hemera
[2010.06.06 23:10:29 | 000,000,000 | ---D | M] -- C:\Users\Manuel Burkhardt\AppData\Roaming\ICQ
[2009.05.17 01:26:33 | 000,000,000 | ---D | M] -- C:\Users\Manuel Burkhardt\AppData\Roaming\Leadertech
[2010.04.04 00:37:31 | 000,000,000 | ---D | M] -- C:\Users\Manuel Burkhardt\AppData\Roaming\My Games
[2009.10.11 17:36:11 | 000,000,000 | ---D | M] -- C:\Users\Manuel Burkhardt\AppData\Roaming\Nokia
[2009.08.19 19:10:46 | 000,000,000 | ---D | M] -- C:\Users\Manuel Burkhardt\AppData\Roaming\PC Suite
[2010.06.16 22:51:42 | 000,000,000 | ---D | M] -- C:\Users\Manuel Burkhardt\AppData\Roaming\Thunderbird
[2010.07.06 00:10:09 | 000,032,530 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT
 
========== Purity Check ==========
 
 
 
========== Custom Scans ==========
 
 
< %ALLUSERSPROFILE%\Application Data\*. >
 
< %ALLUSERSPROFILE%\Application Data\*.exe /s >
 
< %APPDATA%\*. >
[2009.07.10 18:34:43 | 000,000,000 | ---D | M] -- C:\Users\Manuel Burkhardt\AppData\Roaming\Adobe
[2010.07.06 11:11:06 | 000,000,000 | ---D | M] -- C:\Users\Manuel Burkhardt\AppData\Roaming\FileZilla
[2009.11.30 23:04:49 | 000,000,000 | ---D | M] -- C:\Users\Manuel Burkhardt\AppData\Roaming\Google
[2010.04.03 00:44:33 | 000,000,000 | ---D | M] -- C:\Users\Manuel Burkhardt\AppData\Roaming\Grand Ages Rome
[2010.06.03 00:56:36 | 000,000,000 | ---D | M] -- C:\Users\Manuel Burkhardt\AppData\Roaming\Hemera
[2010.06.06 23:10:29 | 000,000,000 | ---D | M] -- C:\Users\Manuel Burkhardt\AppData\Roaming\ICQ
[2009.05.16 20:34:41 | 000,000,000 | ---D | M] -- C:\Users\Manuel Burkhardt\AppData\Roaming\Identities
[2009.07.19 21:58:42 | 000,000,000 | ---D | M] -- C:\Users\Manuel Burkhardt\AppData\Roaming\InstallShield
[2009.05.17 01:26:33 | 000,000,000 | ---D | M] -- C:\Users\Manuel Burkhardt\AppData\Roaming\Leadertech
[2009.05.17 01:35:16 | 000,000,000 | ---D | M] -- C:\Users\Manuel Burkhardt\AppData\Roaming\Logitech
[2009.05.16 21:26:13 | 000,000,000 | ---D | M] -- C:\Users\Manuel Burkhardt\AppData\Roaming\Macromedia
[2010.07.05 20:27:34 | 000,000,000 | ---D | M] -- C:\Users\Manuel Burkhardt\AppData\Roaming\Malwarebytes
[2006.11.02 17:06:33 | 000,000,000 | ---D | M] -- C:\Users\Manuel Burkhardt\AppData\Roaming\Media Center Programs
[2010.06.21 12:57:45 | 000,000,000 | --SD | M] -- C:\Users\Manuel Burkhardt\AppData\Roaming\Microsoft
[2010.04.22 21:49:01 | 000,000,000 | ---D | M] -- C:\Users\Manuel Burkhardt\AppData\Roaming\Mozilla
[2010.04.04 00:37:31 | 000,000,000 | ---D | M] -- C:\Users\Manuel Burkhardt\AppData\Roaming\My Games
[2009.08.06 22:00:13 | 000,000,000 | ---D | M] -- C:\Users\Manuel Burkhardt\AppData\Roaming\Nero
[2009.10.11 17:36:11 | 000,000,000 | ---D | M] -- C:\Users\Manuel Burkhardt\AppData\Roaming\Nokia
[2009.08.19 19:10:46 | 000,000,000 | ---D | M] -- C:\Users\Manuel Burkhardt\AppData\Roaming\PC Suite
[2009.05.17 19:23:05 | 000,000,000 | RH-D | M] -- C:\Users\Manuel Burkhardt\AppData\Roaming\SecuROM
[2010.07.05 15:53:00 | 000,000,000 | ---D | M] -- C:\Users\Manuel Burkhardt\AppData\Roaming\Skype
[2009.05.17 16:34:37 | 000,000,000 | ---D | M] -- C:\Users\Manuel Burkhardt\AppData\Roaming\Talkback
[2010.06.16 22:51:42 | 000,000,000 | ---D | M] -- C:\Users\Manuel Burkhardt\AppData\Roaming\Thunderbird
[2009.08.06 21:27:10 | 000,000,000 | ---D | M] -- C:\Users\Manuel Burkhardt\AppData\Roaming\WinRAR
 
< %APPDATA%\*.exe /s >
[2010.07.06 15:41:37 | 000,388,096 | R--- | M] (Trend Micro Inc.) -- C:\Users\Manuel Burkhardt\AppData\Roaming\Microsoft\Installer\{45A66726-69BC-466B-A7A4-12FCBA4883D7}\HiJackThis.exe
[2009.07.02 21:02:14 | 000,010,134 | R--- | M] () -- C:\Users\Manuel Burkhardt\AppData\Roaming\Microsoft\Installer\{BCB313A5-1AD0-4829-9D6F-EB41C3CFCD4B}\Foren.exe
[2009.07.02 21:02:14 | 000,000,766 | R--- | M] () -- C:\Users\Manuel Burkhardt\AppData\Roaming\Microsoft\Installer\{BCB313A5-1AD0-4829-9D6F-EB41C3CFCD4B}\htmledit.exe
[2009.05.16 21:53:16 | 000,009,158 | R--- | M] () -- C:\Users\Manuel Burkhardt\AppData\Roaming\Microsoft\Installer\{D1EF69B7-7A97-40FC-9AF1-6D6656FF874F}\ARPPRODUCTICON.exe
 
< %SYSTEMDRIVE%\*.exe >
[2010.06.03 00:52:38 | 000,040,960 | ---- | M] () -- C:\HTGD0003.exe
[2010.06.03 00:52:38 | 000,036,864 | ---- | M] () -- C:\HTGD0005.exe
[2010.06.03 00:52:39 | 000,509,984 | ---- | M] (Microsoft Corporation) -- C:\HTGD0006.exe
 
 
< MD5 for: AGP440.SYS  >
[2008.01.19 00:09:10 | 000,064,568 | ---- | M] (Microsoft Corporation) MD5=F6F6793B7F17B550ECFDBD3B229173F7 -- C:\Windows\winsxs\amd64_machine.inf_31bf3856ad364e35_6.0.6001.18000_none_163188bf770e4ab0\AGP440.sys
[2008.01.19 00:09:10 | 000,064,568 | ---- | M] (Microsoft Corporation) MD5=F6F6793B7F17B550ECFDBD3B229173F7 -- C:\Windows\winsxs\amd64_machine.inf_31bf3856ad364e35_6.0.6002.18005_none_181d01cb743015fc\AGP440.sys
 
< MD5 for: ATAPI.SYS  >
[2008.01.19 00:07:48 | 000,022,584 | ---- | M] (Microsoft Corporation) MD5=1898FAE8E07D97F2F6C2D5326C633FAC -- C:\Windows\winsxs\amd64_mshdc.inf_31bf3856ad364e35_6.0.6001.18000_none_3956c39dd9e73fd2\atapi.sys
[2009.04.11 09:15:00 | 000,020,952 | ---- | M] (Microsoft Corporation) MD5=E68D9B3A3905619732F7FE039466A623 -- C:\Windows\winsxs\amd64_mshdc.inf_31bf3856ad364e35_6.0.6002.18005_none_3b423ca9d7090b1e\atapi.sys
 
< MD5 for: CNGAUDIT.DLL  >
[2006.11.02 13:16:48 | 000,014,848 | ---- | M] (Microsoft Corporation) MD5=21322B1A2AD337C579F4A65EA0D25193 -- C:\Windows\winsxs\amd64_microsoft-windows-cngaudit-dll_31bf3856ad364e35_6.0.6000.16386_none_424bc4aceb06de1c\cngaudit.dll
[2006.11.02 11:46:03 | 000,011,776 | ---- | M] (Microsoft Corporation) MD5=7F15B4953378C8B5161D65C26D5FED4D -- C:\Windows\SysWOW64\cngaudit.dll
[2006.11.02 11:46:03 | 000,011,776 | ---- | M] (Microsoft Corporation) MD5=7F15B4953378C8B5161D65C26D5FED4D -- C:\Windows\SysWOW64\cngaudit.dll
[2006.11.02 11:46:03 | 000,011,776 | ---- | M] (Microsoft Corporation) MD5=7F15B4953378C8B5161D65C26D5FED4D -- C:\Windows\winsxs\x86_microsoft-windows-cngaudit-dll_31bf3856ad364e35_6.0.6000.16386_none_e62d292932a96ce6\cngaudit.dll
 
< MD5 for: IASTORV.SYS  >
[2008.01.19 00:11:32 | 000,290,872 | ---- | M] (Intel Corporation) MD5=3E3BF3627D886736D0B4E90054F929F6 -- C:\Windows\winsxs\amd64_iastorv.inf_31bf3856ad364e35_6.0.6001.18000_none_0b2fedfc40256bc5\iaStorV.sys
 
< MD5 for: NETLOGON.DLL  >
[2008.01.19 00:03:02 | 000,716,800 | ---- | M] (Microsoft Corporation) MD5=5D0A4891F8CD0E9E64FF57A6A34044F5 -- C:\Windows\winsxs\amd64_microsoft-windows-security-netlogon_31bf3856ad364e35_6.0.6001.18000_none_59d652c6f057598d\netlogon.dll
[2006.11.02 11:46:11 | 000,559,616 | ---- | M] (Microsoft Corporation) MD5=889A2C9F2AACCD8F64EF50AC0B3D553B -- C:\Windows\winsxs\wow64_microsoft-windows-security-netlogon_31bf3856ad364e35_6.0.6000.16386_none_61f43b1d27cd0ab4\netlogon.dll
[2009.04.11 08:28:23 | 000,592,896 | ---- | M] (Microsoft Corporation) MD5=95DAECF0FB120A7B5DA679CC54E37DDE -- C:\Windows\SysWOW64\netlogon.dll
[2009.04.11 08:28:23 | 000,592,896 | ---- | M] (Microsoft Corporation) MD5=95DAECF0FB120A7B5DA679CC54E37DDE -- C:\Windows\SysWOW64\netlogon.dll
[2009.04.11 08:28:23 | 000,592,896 | ---- | M] (Microsoft Corporation) MD5=95DAECF0FB120A7B5DA679CC54E37DDE -- C:\Windows\winsxs\wow64_microsoft-windows-security-netlogon_31bf3856ad364e35_6.0.6002.18005_none_6616762521d9e6d4\netlogon.dll
[2009.04.11 09:11:16 | 000,717,312 | ---- | M] (Microsoft Corporation) MD5=A3F1B171702CA04744EE514243B45BFB -- C:\Windows\winsxs\amd64_microsoft-windows-security-netlogon_31bf3856ad364e35_6.0.6002.18005_none_5bc1cbd2ed7924d9\netlogon.dll
[2008.01.18 23:35:38 | 000,592,384 | ---- | M] (Microsoft Corporation) MD5=A8EFC0B6E75B789F7FD3BA5025D4E37F -- C:\Windows\winsxs\wow64_microsoft-windows-security-netlogon_31bf3856ad364e35_6.0.6001.18000_none_642afd1924b81b88\netlogon.dll
[2006.11.02 13:18:47 | 000,684,032 | ---- | M] (Microsoft Corporation) MD5=BFAB28B54DF41208CF3490FF26E53FD9 -- C:\Windows\winsxs\amd64_microsoft-windows-security-netlogon_31bf3856ad364e35_6.0.6000.16386_none_579f90caf36c48b9\netlogon.dll
 
< MD5 for: NVSTOR.SYS  >
[2008.01.19 00:08:52 | 000,054,328 | ---- | M] (NVIDIA Corporation) MD5=F7EA0FE82842D05EDA3EFDD376DBFDBA -- C:\Windows\winsxs\amd64_nvraid.inf_31bf3856ad364e35_6.0.6001.18000_none_95f95eab775c159d\nvstor.sys
 
< MD5 for: SCECLI.DLL  >
[2008.01.18 23:36:20 | 000,177,152 | ---- | M] (Microsoft Corporation) MD5=28B84EB538F7E8A0FE8B9299D591E0B9 -- C:\Windows\winsxs\wow64_microsoft-windows-s..urationengineclient_31bf3856ad364e35_6.0.6001.18000_none_9e812831c5d9a243\scecli.dll
[2006.11.02 13:19:09 | 000,239,616 | ---- | M] (Microsoft Corporation) MD5=32EF13F20B28966D29DE5EABE036431D -- C:\Windows\winsxs\amd64_microsoft-windows-s..urationengineclient_31bf3856ad364e35_6.0.6000.16386_none_91f5bbe3948dcf74\scecli.dll
[2008.01.19 00:03:56 | 000,235,520 | ---- | M] (Microsoft Corporation) MD5=35F1DD99F9903BC267C2AF16B09F9BF7 -- C:\Windows\winsxs\amd64_microsoft-windows-s..urationengineclient_31bf3856ad364e35_6.0.6001.18000_none_942c7ddf9178e048\scecli.dll
[2006.11.02 11:46:12 | 000,176,640 | ---- | M] (Microsoft Corporation) MD5=80E2839D05CA5970A86D7BE2A08BFF61 -- C:\Windows\winsxs\wow64_microsoft-windows-s..urationengineclient_31bf3856ad364e35_6.0.6000.16386_none_9c4a6635c8ee916f\scecli.dll
[2009.04.11 08:28:24 | 000,177,152 | ---- | M] (Microsoft Corporation) MD5=8FC182167381E9915651267044105EE1 -- C:\Windows\SysWOW64\scecli.dll
[2009.04.11 08:28:24 | 000,177,152 | ---- | M] (Microsoft Corporation) MD5=8FC182167381E9915651267044105EE1 -- C:\Windows\SysWOW64\scecli.dll
[2009.04.11 08:28:24 | 000,177,152 | ---- | M] (Microsoft Corporation) MD5=8FC182167381E9915651267044105EE1 -- C:\Windows\winsxs\wow64_microsoft-windows-s..urationengineclient_31bf3856ad364e35_6.0.6002.18005_none_a06ca13dc2fb6d8f\scecli.dll
[2009.04.11 09:11:23 | 000,235,520 | ---- | M] (Microsoft Corporation) MD5=9922ADB6DCA8F0F5EA038BEFF339C08B -- C:\Windows\winsxs\amd64_microsoft-windows-s..urationengineclient_31bf3856ad364e35_6.0.6002.18005_none_9617f6eb8e9aab94\scecli.dll
 
< MD5 for: USERINIT.EXE  >
[2008.01.18 23:33:34 | 000,025,088 | ---- | M] (Microsoft Corporation) MD5=0E135526E9785D085BCD9AEDE6FBCBF9 -- C:\Windows\SysWOW64\userinit.exe
[2008.01.18 23:33:34 | 000,025,088 | ---- | M] (Microsoft Corporation) MD5=0E135526E9785D085BCD9AEDE6FBCBF9 -- C:\Windows\SysWOW64\userinit.exe
[2008.01.18 23:33:34 | 000,025,088 | ---- | M] (Microsoft Corporation) MD5=0E135526E9785D085BCD9AEDE6FBCBF9 -- C:\Windows\winsxs\x86_microsoft-windows-userinit_31bf3856ad364e35_6.0.6001.18000_none_dc28ba15d1aff80b\userinit.exe
[2006.11.02 11:45:50 | 000,024,576 | ---- | M] (Microsoft Corporation) MD5=22027835939F86C3E47AD8E3FBDE3D11 -- C:\Windows\winsxs\x86_microsoft-windows-userinit_31bf3856ad364e35_6.0.6000.16386_none_d9f1f819d4c4e737\userinit.exe
[2006.11.02 13:16:15 | 000,028,160 | ---- | M] (Microsoft Corporation) MD5=46D5B6B80E4A5997F508F938F96B7628 -- C:\Windows\winsxs\amd64_microsoft-windows-userinit_31bf3856ad364e35_6.0.6000.16386_none_3610939d8d22586d\userinit.exe
[2008.01.19 00:00:42 | 000,028,160 | ---- | M] (Microsoft Corporation) MD5=A0AB2BB9A92293D9CE66E252719AB5FE -- C:\Windows\winsxs\amd64_microsoft-windows-userinit_31bf3856ad364e35_6.0.6001.18000_none_384755998a0d6941\userinit.exe
 
< MD5 for: WS2IFSL.SYS  >
[2008.01.18 22:37:48 | 000,020,992 | ---- | M] (Microsoft Corporation) MD5=8A900348370E359B6BFF6A550E4649E1 -- C:\Windows\winsxs\amd64_microsoft-windows-w..rastructure-ws2ifsl_31bf3856ad364e35_6.0.6001.18000_none_aba53c58802b1777\ws2ifsl.sys
[2006.11.02 11:47:52 | 000,020,992 | ---- | M] (Microsoft Corporation) MD5=C4EE49DB7EADC812DBC0ECCF2E7FB929 -- C:\Windows\winsxs\amd64_microsoft-windows-w..rastructure-ws2ifsl_31bf3856ad364e35_6.0.6000.16386_none_a96e7a5c834006a3\ws2ifsl.sys
 
< %systemroot%\system32\drivers\*.sys /lockedfiles >
 
< %systemroot%\System32\config\*.sav >
 
< %systemroot%\*. /mp /s >
 
< %systemroot%\system32\*.dll /lockedfiles >
[2009.03.08 13:31:42 | 000,348,160 | ---- | M] (Microsoft Corporation) Unable to obtain MD5 -- C:\Windows\SysWOW64\dxtmsft.dll
[2009.03.08 13:31:37 | 000,216,064 | ---- | M] (Microsoft Corporation) Unable to obtain MD5 -- C:\Windows\SysWOW64\dxtrans.dll
 
========== Alternate Data Streams ==========
 
@Alternate Data Stream - 122 bytes -> C:\ProgramData\TEMP:A8ADE5D8
@Alternate Data Stream - 121 bytes -> C:\ProgramData\TEMP:DFC5A2B2
< End of report >
         

Alt 06.07.2010, 21:48   #5
Manuel1304
 
Internet Explorer 8.0 (Vista) öffnet sich völlig unkontrolliert zigfach - Standard

Internet Explorer 8.0 (Vista) öffnet sich völlig unkontrolliert zigfach



... und hier die Antwort der Extras.txt. Ich hoffe, ihr könnt damit etwas anfangen und mir weiterhelfen. Vielen Dank schon mal im voraus.

Extras.txt

Code:
ATTFilter
OTL Extras logfile created on: 06.07.2010 22:37:26 - Run 1
OTL by OldTimer - Version 3.2.7.1     Folder = K:\Eingehend
64bit-Windows Vista Ultimate Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18928)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
 
4,00 Gb Total Physical Memory | 1,00 Gb Available Physical Memory | 34,00% Memory free
8,00 Gb Paging File | 5,00 Gb Available in Paging File | 66,00% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 97,66 Gb Total Space | 44,70 Gb Free Space | 45,77% Space Free | Partition Type: NTFS
Drive D: | 78,12 Gb Total Space | 78,03 Gb Free Space | 99,87% Space Free | Partition Type: NTFS
Drive E: | 195,31 Gb Total Space | 191,69 Gb Free Space | 98,15% Space Free | Partition Type: NTFS
Drive F: | 488,28 Gb Total Space | 423,76 Gb Free Space | 86,79% Space Free | Partition Type: NTFS
Drive G: | 68,36 Gb Total Space | 68,26 Gb Free Space | 99,85% Space Free | Partition Type: NTFS
Drive H: | 80,69 Gb Total Space | 80,59 Gb Free Space | 99,88% Space Free | Partition Type: NTFS
Drive I: | 292,97 Gb Total Space | 272,57 Gb Free Space | 93,04% Space Free | Partition Type: NTFS
Drive J: | 150,26 Gb Total Space | 150,16 Gb Free Space | 99,93% Space Free | Partition Type: NTFS
Drive K: | 94,67 Gb Total Space | 94,52 Gb Free Space | 99,85% Space Free | Partition Type: NTFS
Drive Q: | 931,51 Gb Total Space | 849,09 Gb Free Space | 91,15% Space Free | Partition Type: NTFS
Drive V: | 1,88 Gb Total Space | 1,88 Gb Free Space | 99,96% Space Free | Partition Type: FAT
 
Computer Name: MBU-PC-01
Current User Name: Manuel Burkhardt
Logged in as Administrator.
 
Current Boot Mode: Normal
Scan Mode: All users
Include 64bit Scans
Company Name Whitelist: Off
Skip Microsoft Files: Off
File Age = 30 Days
Output = Minimal
 
========== Extra Registry (SafeList) ==========
 
 
========== File Associations ==========
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.js[@ = JSFile] -- E:\Programmierung\Web\Aptana\Install\AptanaStudio.exe ()
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- C:\Windows\SysWow64\control.exe (Microsoft Corporation)
.js [@ = JSFile] -- E:\Programmierung\Web\Aptana\Install\AptanaStudio.exe ()
 
[HKEY_USERS\S-1-5-21-4181750598-3240758953-3275519497-1000\SOFTWARE\Classes\<extension>]
.html [@ = FirefoxHTML] -- E:\Internet\Browser\Firefox\Install\firefox.exe (Mozilla Corporation)
 
========== Shell Spawning ==========
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %* File not found
cmdfile [open] -- "%1" %* File not found
comfile [open] -- "%1" %* File not found
exefile [open] -- "%1" %* File not found
helpfile [open] -- Reg Error: Key error.
htmlfile [edit] -- "E:\Office\XP\Install\Office10\msohtmed.exe" %1 (Microsoft Corporation)
htmlfile [print] -- "E:\Office\XP\Install\Office10\msohtmed.exe" /p %1 (Microsoft Corporation)
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
InternetShortcut [print] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\mshtml.dll",PrintHTML "%1" (Microsoft Corporation)
jsfile [open] -- "E:\Programmierung\Web\Aptana\Install\AptanaStudio.exe" "%1" ()
piffile [open] -- "%1" %* File not found
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1" File not found
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l (Microsoft Corporation)
scrfile [open] -- "%1" /S File not found
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1 File not found
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe /separate,/idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /separate,/e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
htmlfile [edit] -- "E:\Office\XP\Install\Office10\msohtmed.exe" %1 (Microsoft Corporation)
htmlfile [print] -- "E:\Office\XP\Install\Office10\msohtmed.exe" /p %1 (Microsoft Corporation)
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
jsfile [open] -- "E:\Programmierung\Web\Aptana\Install\AptanaStudio.exe" "%1" ()
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l (Microsoft Corporation)
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe /separate,/idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /separate,/e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
 
========== Security Center Settings ==========
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"AntiVirusOverride" = 1
"AntiSpywareOverride" = 0
"FirewallOverride" = 0
"VistaSp1" = AB 1B CD E9 6E D6 C9 01  [binary data]
"VistaSp2" = 3F 24 64 8E 65 40 CA 01  [binary data]
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"oobe_av" = 1
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
 
========== Authorized Applications List ==========
 
 
========== Vista Active Open Ports Exception List ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{4E922366-0429-465B-B2FC-53F28B80E152}" = lport=2869 | protocol=6 | dir=in | app=system | 
"{EE9A7409-CBD5-4B14-B51B-AEC0EE4BC026}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=svchost.exe | 
 
========== Vista Active Application Exception List ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{09BFF4EF-ACC3-4A59-AAB9-90C8B1AFEA21}" = dir=in | app=e:\sicherheit\antivirus\avg\install\avgupd.exe | 
"{22EF59B8-5997-4BB3-8274-2AC4BE0727A0}" = protocol=6 | dir=in | app=f:\strategie\civilisation iv\install\civilization4.exe | 
"{2657B900-30F3-4FA2-AE5F-5128EEEABA09}" = protocol=6 | dir=in | app=f:\shooter\farcry2\install\far cry 2\bin\farcry2.exe | 
"{2ADE5833-0221-4AFC-AA46-FF430BF81CC9}" = protocol=17 | dir=in | app=f:\strategie\colonisation\install\colonization.exe | 
"{2E74B1DC-4CAD-4D68-808B-F542DD306462}" = protocol=6 | dir=in | app=e:\kamera\webkamera\quickcam sphere af\quickcam\install\logitech vid\vid.exe | 
"{3EDD9713-3341-4744-86B0-4CAA7582A579}" = protocol=17 | dir=in | app=f:\shooter\enemy territory\install\etqwded.exe | 
"{403C7C08-649C-491B-9C07-502031B4A6F3}" = protocol=17 | dir=in | app=f:\shooter\farcry2\install\far cry 2\bin\fc2editor.exe | 
"{4645D705-81F4-4976-AED9-62C35A5F315C}" = protocol=6 | dir=in | app=f:\strategie\colonisation\install\colonization.exe | 
"{47025B52-F2CA-455A-95D4-27D336FBEF24}" = protocol=17 | dir=in | app=f:\shooter\farcry2\install\far cry 2\bin\farcry2.exe | 
"{518448AE-4625-413F-92D2-B082318F6EE0}" = protocol=17 | dir=in | app=e:\kamera\webkamera\quickcam sphere af\quickcam\install\logitech vid\vid.exe | 
"{54204D0A-5CBA-40A1-90F9-E62CB5A0279D}" = dir=in | app=c:\program files (x86)\windows live\messenger\msnmsgr.exe | 
"{58289ADF-5F3E-4A9D-BBDE-E528658095E4}" = protocol=6 | dir=in | app=f:\shooter\farcry2\install\far cry 2\bin\fc2editor.exe | 
"{5B6CE7CD-00DD-4771-9AF2-B4219FF4E98A}" = protocol=6 | dir=in | app=f:\shooter\enemy territory\install\etqw.exe | 
"{5F569C1B-0021-4288-9AE4-E5E276F82927}" = protocol=17 | dir=in | app=f:\shooter\enemy territory\install\etqw.exe | 
"{7D772FAD-9A79-4FAD-A3A1-6B263ECABD34}" = protocol=17 | dir=in | app=f:\strategie\civilisation iv\install\civilization4.exe | 
"{80FAD662-3DDF-4F43-A669-9515173D80E3}" = dir=in | app=e:\kommunikation\messenger\skype\install\phone\skype.exe | 
"{AD431003-70BB-4A70-9D25-CF9F4C9B2F15}" = protocol=17 | dir=in | app=c:\windows\syswow64\pnkbstra.exe | 
"{B52425E8-DC04-4116-9726-3B74216F3E04}" = protocol=6 | dir=in | app=c:\windows\syswow64\pnkbstrb.exe | 
"{B89B5613-F606-479D-8D19-336C32D63615}" = protocol=6 | dir=in | app=f:\tools\steam\install\steamapps\common\silent hill homecoming\bin\silenthill.exe | 
"{C8E3C2E7-2C22-492F-8086-E06B815EEC44}" = protocol=6 | dir=in | app=c:\windows\syswow64\pnkbstra.exe | 
"{D52DAE6F-DEA3-4D51-858F-8EA4428A8B58}" = dir=in | app=e:\sicherheit\antivirus\avg\install\avgemc.exe | 
"{D5A14F3C-3448-49ED-9D8A-C7972FD97C85}" = protocol=17 | dir=in | app=f:\tools\steam\install\steamapps\common\silent hill homecoming\bin\silenthill.exe | 
"{DF21BE10-1E88-4F2D-BF87-EC89632AE06C}" = dir=in | app=e:\sicherheit\antivirus\avg\install\avgnsa.exe | 
"{F00A8086-551E-43FB-811E-2299DC4F1376}" = protocol=6 | dir=in | app=f:\shooter\farcry2\install\far cry 2\bin\fc2launcher.exe | 
"{F477006A-3A4D-44BF-96CD-16023C8089BA}" = protocol=6 | dir=in | app=f:\shooter\enemy territory\install\etqwded.exe | 
"{F74EF554-DAF0-40F1-A68D-9321131D511F}" = protocol=17 | dir=in | app=c:\windows\syswow64\pnkbstrb.exe | 
"{FE83D849-88B4-4BC4-B3CF-B0BA018F222D}" = protocol=17 | dir=in | app=f:\shooter\farcry2\install\far cry 2\bin\fc2launcher.exe | 
"TCP Query User{091D429F-BFE6-4204-81FD-ACF38104CA92}C:\program files (x86)\nokia\nokia software updater\nsu_ui_client.exe" = protocol=6 | dir=in | app=c:\program files (x86)\nokia\nokia software updater\nsu_ui_client.exe | 
"TCP Query User{249CFC30-D630-455E-9E2A-F9E5B8E64F40}E:\programmierung\web\aptana\install\aptanastudio.exe" = protocol=6 | dir=in | app=e:\programmierung\web\aptana\install\aptanastudio.exe | 
"TCP Query User{42F6A585-35F8-4582-95BC-425A8E84E597}C:\program files (x86)\internet explorer\iexplore.exe" = protocol=6 | dir=in | app=c:\program files (x86)\internet explorer\iexplore.exe | 
"TCP Query User{489144C2-CF54-4652-A4C5-CEB5967F9F6F}E:\internet\browser\firefox\install\firefox.exe" = protocol=6 | dir=in | app=e:\internet\browser\firefox\install\firefox.exe | 
"TCP Query User{9627F6CA-ECBF-4665-A3BB-88FE1EB0B277}E:\kommunikation\messenger\icq\install\icq6.5\icq.exe" = protocol=6 | dir=in | app=e:\kommunikation\messenger\icq\install\icq6.5\icq.exe | 
"TCP Query User{9D116753-BECD-49B4-AFB5-ECB1860134EB}C:\program files (x86)\common files\nokia\service layer\a\nsl_host_process.exe" = protocol=6 | dir=in | app=c:\program files (x86)\common files\nokia\service layer\a\nsl_host_process.exe | 
"TCP Query User{ED6728C7-EE39-4691-8E80-D46FEB78A8A8}E:\programmierung\web\aptana\install\aptanastudio3.exe" = protocol=6 | dir=in | app=e:\programmierung\web\aptana\install\aptanastudio3.exe | 
"UDP Query User{0C1FE627-4360-474A-947E-594BE47E20DD}C:\program files (x86)\internet explorer\iexplore.exe" = protocol=17 | dir=in | app=c:\program files (x86)\internet explorer\iexplore.exe | 
"UDP Query User{11DC3AE7-A945-4180-9246-B81D16F84BDF}E:\internet\browser\firefox\install\firefox.exe" = protocol=17 | dir=in | app=e:\internet\browser\firefox\install\firefox.exe | 
"UDP Query User{3BB9CA62-BB9A-406C-AF99-486529738DA9}C:\program files (x86)\nokia\nokia software updater\nsu_ui_client.exe" = protocol=17 | dir=in | app=c:\program files (x86)\nokia\nokia software updater\nsu_ui_client.exe | 
"UDP Query User{9DCD3623-81B7-433B-B0FC-59A499877D6A}E:\programmierung\web\aptana\install\aptanastudio3.exe" = protocol=17 | dir=in | app=e:\programmierung\web\aptana\install\aptanastudio3.exe | 
"UDP Query User{A43EBB0A-B9BC-4B3E-8577-45BA83CB185F}E:\programmierung\web\aptana\install\aptanastudio.exe" = protocol=17 | dir=in | app=e:\programmierung\web\aptana\install\aptanastudio.exe | 
"UDP Query User{C968B7F9-E504-4B28-BDDD-8854BDD88048}C:\program files (x86)\common files\nokia\service layer\a\nsl_host_process.exe" = protocol=17 | dir=in | app=c:\program files (x86)\common files\nokia\service layer\a\nsl_host_process.exe | 
"UDP Query User{CDD479D9-A06F-4E4F-AD99-77526C9440AB}E:\kommunikation\messenger\icq\install\icq6.5\icq.exe" = protocol=17 | dir=in | app=e:\kommunikation\messenger\icq\install\icq6.5\icq.exe | 
 
========== HKEY_LOCAL_MACHINE Uninstall List ==========
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{052FDD78-A6EA-3187-8386-C82F4CA3A929}" = Microsoft .NET Framework 3.5 Language Pack SP1 - deu
"{071c9b48-7c32-4621-a0ac-3f809523288f}" = Microsoft Visual C++ 2005 Redistributable (x64)
"{0C826C5B-B131-423A-A229-C71B3CACCD6A}" = CDDRV_Installer
"{4D668D4F-FAA2-4726-834C-31F4614F312E}" = MSVC80_x64_v2
"{68660049-8D48-427C-9FF7-139D8340CDC0}" = MSVC80_x64
"{95120000-00B9-0409-1000-0000000FF1CE}" = Microsoft Application Error Reporting
"{9B48B0AC-C813-4174-9042-476A887592C7}" = Windows Live ID-Anmelde-Assistent
"{B6E3757B-5E77-3915-866A-CCFC4B8D194C}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x64 8.0.50727.4053
"{BAE72B35-821F-6780-18C5-BE4EBDF8DC7A}" = ATI Catalyst Install Manager
"{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1
"{D1EF69B7-7A97-40FC-9AF1-6D6656FF874F}" = ATI AVIVO64 Codecs
"{D4DF3FD3-4467-47EF-8D4A-AF1E691E34F5}" = Logitech Webcam Software
"{F3F18612-7B5D-4C05-86C9-AB50F6F71727}" = KhalInstallWrapper
"FCEC33AD40CEA5E0FC4CEE6E42041A0DA189652D" = Windows-Treiberpaket - Nokia pccsmcfd  (08/22/2008 7.0.0.0)
"lvdrivers_11.90" = Logitech QuickCam-Treiberpaket
"Microsoft .NET Framework 3.5 Language Pack SP1 - deu" = Microsoft .NET Framework 3.5 Language Pack SP1 - DEU
"Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1
"UltSounds" = Windows-Soundschemas
"UltSounds2" = Ultimate Extras sounds from Microsoft® Tinker™
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{021C4C4F-C93C-4425-BFFD-C2D16776BFAE}" = Visual C++ 8.0 Runtime Setup Package (x64)
"{02627ee5-eaca-4742-a9cc-e687631773e4}" = Nero ShowTime
"{02B244A2-7F6A-42E8-A36F-8C385D7A1625}" = Gothic III
"{048298C9-A4D3-490B-9FF9-AB023A9238F3}" = Steam
"{04830D0F-F980-4EC0-89F1-594F2FD2A1B5}" = ElsterFormular 2008/2009
"{086a7d8c-0a38-4c7f-819a-620275550d5c}" = Nero Burning ROM Help
"{0AD84416-63A4-4CF3-BDDF-8FA866711FB0}" = Civilization III
"{11C88EEC-23FC-4181-B6E4-22247E2ABD28}" = Microsoft Expression Web 3
"{18455581-E099-4BA8-BC6B-F34B2F06600C}" = Google Toolbar for Internet Explorer
"{19DC9559-9C20-4A46-A67D-7ECBA52A2788}" = Nokia PC Suite
"{1c00c7c5-e615-4139-b817-7f4003de68c0}" = Nero PhotoSnap Help
"{1C0E9C6B-D4D5-4D3C-8A10-F10A3E7BEEA5}" = WN111v2
"{20400dbd-e6db-45b8-9b6b-1dd7033818ec}" = Nero InfoTool
"{205C6BDD-7B73-42DE-8505-9A093F35A238}" = Windows Live-Uploadtool
"{212748BB-0DA5-46DE-82A1-403736DC9F27}" = MSVC80_x86
"{22B775E7-6C42-4FC5-8E10-9A5E3257BD94}" = MSVCRT
"{2318C2B1-4965-11d4-9B18-009027A5CD4F}" = Google Toolbar for Internet Explorer
"{2348b586-c9ae-46ce-936c-a68e9426e214}" = Nero StartSmart Help
"{26A24AE4-039D-4CA4-87B4-2F83216020FF}" = Java(TM) 6 Update 20
"{2FDBBCEA-62DB-45F4-B6E5-0E1FB2A1F29D}" = Visual C++ 8.0 Runtime Setup Package (x64)
"{3175E049-F9A9-4A3D-8F19-AC9FB04514D1}" = Windows Live Communications Platform
"{31E2413D-8AA1-43EC-8B8D-77B65ADA4611}" = Civilization III v1.21f
"{33cf58f5-48d8-4575-83d6-96f574e4d83a}" = Nero DriveSpeed
"{359cfc0a-beb1-440d-95ba-cf63a86da34f}" = Nero Recode
"{368ba326-73ad-4351-84ed-3c0a7a52cc53}" = Nero Rescue Agent
"{43e39830-1826-415d-8bae-86845787b54b}" = Nero Vision
"{45A66726-69BC-466B-A7A4-12FCBA4883D7}" = HiJackThis
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{4FBCEA31-5D18-4212-9231-DE7CF1BE7DBB}" = Logitech Vid
"{56aba277-ee53-4478-a607-fa42208ff5a9}" = Menu Templates - Pack 1
"{56C049BE-79E9-4502-BEA7-9754A3E60F9B}" = neroxml
"{57250e78-f6e2-4dce-9a84-50b28a70ab84}" = Menu Templates - Pack 3
"{595a3116-40bb-4e0f-a2e8-d7951da56270}" = NeroExpress
"{5d9be3c1-8ba4-4e7e-82fd-9f74fa6815d1}" = Nero Vision
"{5e08ecd1-c98e-4711-bf65-8fd736b3f969}" = Nero RescueAgent Help
"{60c731fb-c951-41ce-ad41-8e54c8594609}" = Nero Disc Copy Gadget Help
"{60DE4033-9503-48D1-A483-7846BD217CA9}" = ICQ6.5
"{62ac81f6-bdd3-4110-9d36-3e9eaab40999}" = Nero CoverDesigner
"{69FDFBB6-351D-4B8C-89D8-867DC9D0A2A4}" = Windows Media Player Firefox Plugin
"{6D3245B1-8DB8-4A23-9CD2-2C90F40ABAF6}" = MSVC80_x86_v2
"{7397EDED-F38A-4654-B669-BF61065803D0}" = PC Connectivity Solution
"{752E90AC-3F11-4EA3-88EA-96441047EC31}" = Microsoft Expression Web 3 SP1
"{770657D0-A123-3C07-8E44-1C83EC895118}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
"{7748ac8c-18e3-43bb-959b-088faea16fb2}" = Nero StartSmart
"{77e33d87-255e-413e-9c8d-eed2a7f9bebf}" = Nero Live Help
"{7829db6f-a066-4e40-8912-cb07887c20bb}" = Nero BurnRights
"{81C42533-F5A8-46CE-9013-ECF783A4CBD4}" = NVIDIA PhysX
"{83202942-84b3-4c50-8622-b8c0aa2d2885}" = Nero Express Help
"{837b34e3-7c30-493c-8f6a-2b0f04e2912c}" = Microsoft Visual C++ 2005 Redistributable
"{85243696-5e58-4357-9cf8-3498c609941d}" = NeroLiveGadget Help
"{857DA860-472D-483E-AC6E-B9D7DDCDB0BA}" = Microsoft Expression Design 3
"{869200db-287a-4dc0-b02b-2b6787fbcd4c}" = Nero DiscSpeed
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{8E5233E1-7495-44FB-8DEB-4BE906D59619}" = Junk Mail filter update
"{90120000-0020-0407-0000-0000000FF1CE}" = Compatibility Pack für 2007 Office System
"{91110407-6000-11D3-8CFE-0050048383C9}" = Microsoft Office XP Professional
"{98a67610-a3b5-4098-a423-3708040026d3}" = "Nero SoundTrax Help
"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
"{9ab8e6ce-ce6d-43a0-b54e-422425524ff9}" = Menu Templates - Pack 2
"{9e82b934-9a25-445b-b8df-8012808074ac}" = Nero PhotoSnap
"{9e9fdde6-2c26-492a-85a0-05646b3f2795}" = NeroLiveGadget
"{a209525b-3377-43f4-b886-32f6b6e7356f}" = Nero WaveEditor
"{A8F2089B-1F79-4BF6-B385-A2C2B0B9A74D}" = ImagXpress
"{AC76BA86-7AD7-1031-7B44-A93000000001}" = Adobe Reader 9.3.3 - Deutsch
"{AC76BA86-7AD7-5464-3428-900000000004}" = Spelling Dictionaries Support For Adobe Reader 9
"{ad6bc5cc-2ef0-49c4-b33d-cdc8b2c4dc80}" = Nero Recode Help
"{AED2DD42-9853-407E-A6BC-8A1D6B715909}" = Windows Live Messenger
"{b1adf008-e898-4fe2-8a1f-690d9a06acaf}" = DolbyFiles
"{b2ec4a38-b545-4a00-8214-13fe0e915e6d}" = Advertising Center
"{B6C2569C-E2AA-4AB9-8C26-AC2487A2BFFC}" = Sid Meier's Civilization 4
"{b78120a0-cf84-4366-a393-4d0a59bc546c}" = Menu Templates - Starter Kit
"{B7A585C8-CE4E-4150-84C6-A13C3CB1379F}" = Enemy Territory - QUAKE Wars(TM)
"{B9C9DB4C-6D77-4AE9-AD1C-C708C23239A0}" = Nokia Connectivity Cable Driver
"{BCB313A5-1AD0-4829-9D6F-EB41C3CFCD4B}" = Phase 5 HTML-Editor
"{bd5ca0da-71ad-43da-b19e-6eee0c9adc9a}" = Nero ControlCenter
"{C4D738F7-996A-4C81-B8FA-C4E26D767E41}" = Windows Live Mail
"{c5a7cb6c-e76d-408f-ba0e-85605420fe9d}" = SoundTrax
"{c84b9e76-648c-4082-a4af-79c32e01a9a7}" = Nero 9
"{CAFA57E8-8927-4912-AFCF-B0AA3837E989}" = Windows Live Essentials
"{cc019e3f-59d2-4486-8d4b-878105b62a71}" = Nero DiscSpeed
"{ce96f5a5-584d-4f8f-aa3e-9baed413db72}" = Nero CoverDesigner Help
"{CFBCE791-2D53-4FCE-B3FB-D6E01F4112E8}" = Sid Meier's Civilization 4
"{d025a639-b9c9-417d-8531-208859000af8}" = NeroBurningROM
"{D103C4BA-F905-437A-8049-DB24763BBE36}" = Skype™ 4.1
"{D2041A37-5FEC-49F0-AE5C-3F2FFDFAA4F4}" = Windows Live Call
"{D45EC259-4A19-4656-B588-C2C360DD18EA}" = Half-Life(R) 2
"{D8DDC00B-2881-407D-AAC2-44AEE70AF0B7}" = Nokia Software Updater
"{d9dcf92e-72eb-412d-ac71-3b01276e5f8b}" = Nero ShowTime
"{df6a95f5-adc1-406a-bdc6-2aa7cc0182aa}" = Nero Live
"{e498385e-1c51-459a-b45f-1721e37aa1a0}" = Movie Templates - Starter Kit
"{e5c7d048-f9b4-4219-b323-8bdb01a2563d}" = Nero DriveSpeed
"{e8631efb-6b9a-426c-b1ce-e7173ca26bf8}" = Nero WaveEditor Help
"{e8a80433-302b-4ff1-815d-fcc8eac482ff}" = Nero Installer
"{E8FC40D9-D7E5-49FC-B58C-D366A3F35874}" = Microsoft Expression Encoder 3
"{EEFB15EB-FE8B-47DF-A496-1C4D1420294A}" = Doom 3
"{EF36A836-BF89-4A4F-B079-057B0C68C1E0}" = Sid Meier's Civilization IV Colonization
"{F0E12BBA-AD66-4022-A453-A1C8A0C4D570}" = Microsoft Choice Guard
"{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver
"{f1861f30-3419-44db-b2a1-c274825698b3}" = Nero Disc Copy Gadget
"{F2835483-37F2-4123-B4FE-0E77D58447F2}" = Far Cry 2
"{F29B21BD-CAA6-445F-8EF7-A7E2B9D8B14E}" = Logitech SetPoint
"{f4041dce-3fe1-4e18-8a9e-9de65231ee36}" = Nero ControlCenter
"{F40BBEC7-C2A4-4A00-9B24-7A055A2C5262}" = Microsoft Office Live Add-in 1.5
"{f425dd1d-0097-41c3-b545-b79e3d51100e}" = Movie Templates - Pack 1
"{f6bdd7c5-89ed-4569-9318-469aa9732572}" = Nero BurnRights
"{FA1D3107-CE7C-48CE-B63F-EA7B2DB0911D}" = 250.000 ClipArts
"{fbcdfd61-7dcf-4e71-9226-873ba0053139}" = Nero InfoTool
"Adobe Flash Player ActiveX" = Adobe Flash Player 10 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 10 Plugin
"Adobe Shockwave Player" = Adobe Shockwave Player 11.5
"Aptana Studio 2.0" = Aptana Studio 2.0
"ArmA2" = ArmA2 Uninstall
"AVG9Uninstall" = AVG Free 9.0
"Civitas3" = Grand Ages Rome 1.01
"Design_6.0.1739.0" = Microsoft Expression Design 3
"Drakensang_is1" = Drakensang (Patch Version 1.1)
"Encoder_3.0.1332.0" = Microsoft Expression Encoder 3
"G3QP231012008_is1" = Questpaket 3 Deinstallation
"InstallShield_{1C0E9C6B-D4D5-4D3C-8A10-F10A3E7BEEA5}" = RangeMax Wireless-N USB Adapter WN111v2
"InstallShield_{B7A585C8-CE4E-4150-84C6-A13C3CB1379F}" = Enemy Territory - QUAKE Wars(TM)
"InstallShield_{EEFB15EB-FE8B-47DF-A496-1C4D1420294A}" = Doom 3
"InstallShield_{FA1D3107-CE7C-48CE-B63F-EA7B2DB0911D}" = 250.000 ClipArts
"IrfanView" = IrfanView (remove only)
"Malwarebytes' Anti-Malware_is1" = Malwarebytes' Anti-Malware
"Mozilla Firefox (3.6.3)" = Mozilla Firefox (3.6.3)
"Mozilla Thunderbird (3.0.4)" = Mozilla Thunderbird (3.0.4)
"Nokia PC Suite" = Nokia PC Suite
"Samsung CLX-3170 Series" = Samsung CLX-3170 Series
"Steam App 19000" = Silent Hill Homecoming
"Steam App 380" = Half-Life 2: Episode One
"Steam App 420" = Half-Life 2: Episode Two
"Tomb Raider: Underworld" = Tomb Raider: Underworld 1.1
"Velvet Assassin_is1" = Velvet Assassin
"Web_3.0.3813.0" = Microsoft Expression Web 3
"WinLiveSuite_Wave3" = Windows Live Essentials
"WinRAR archiver" = WinRAR
 
========== HKEY_USERS Uninstall List ==========
 
[HKEY_USERS\S-1-5-21-4181750598-3240758953-3275519497-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"FileZilla Client" = FileZilla Client 3.3.3
"Mozilla Firefox (3.6.6)" = Mozilla Firefox (3.6.6)
"Mozilla Thunderbird (3.0.5)" = Mozilla Thunderbird (3.0.5)
 
========== Last 10 Event Log Errors ==========
 
[ Application Events ]
Error - 21.06.2010 07:38:58 | Computer Name = MBu-PC-01 | Source = SideBySide | ID = 16842830
Description = Fehler beim Generieren des Aktivierungskontextes für "E:\CD\Brennen\Nero\Install\Nero
 9\Nero PhotoSnap\PhotoSnapViewer.exe.Manifest". Fehler in Manifest- oder Richtliniendatei
 "" in Zeile .  Eine für die Anwendung erforderliche Komponentenversion steht in Konflikt
 mit einer anderen bereits aktiven Komponentenversion.  Die widersprüchlichen Komponenten
 sind:  Komponente 1: C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.6002.18005_none_5cb72f96088b0de0.manifest.
Komponente
 2: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.6002.18005_none_1509f8bef40ee4da.manifest.
 
Error - 21.06.2010 07:38:58 | Computer Name = MBu-PC-01 | Source = SideBySide | ID = 16842830
Description = Fehler beim Generieren des Aktivierungskontextes für "E:\CD\Brennen\Nero\Install\Nero
 9\Nero PhotoSnap\PhotoSnapViewer.exe.Manifest". Fehler in Manifest- oder Richtliniendatei
 "" in Zeile .  Eine für die Anwendung erforderliche Komponentenversion steht in Konflikt
 mit einer anderen bereits aktiven Komponentenversion.  Die widersprüchlichen Komponenten
 sind:  Komponente 1: C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.6002.18005_none_5cb72f96088b0de0.manifest.
Komponente
 2: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.6002.18005_none_1509f8bef40ee4da.manifest.
 
Error - 21.06.2010 07:38:59 | Computer Name = MBu-PC-01 | Source = SideBySide | ID = 16842830
Description = Fehler beim Generieren des Aktivierungskontextes für "E:\CD\Brennen\Nero\Install\Nero
 9\Nero Recode\Recode.exe.Manifest". Fehler in Manifest- oder Richtliniendatei ""
 in Zeile .  Eine für die Anwendung erforderliche Komponentenversion steht in Konflikt
 mit einer anderen bereits aktiven Komponentenversion.  Die widersprüchlichen Komponenten
 sind:  Komponente 1: C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.6002.18005_none_5cb72f96088b0de0.manifest.
Komponente
 2: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.6002.18005_none_1509f8bef40ee4da.manifest.
 
Error - 21.06.2010 07:38:59 | Computer Name = MBu-PC-01 | Source = SideBySide | ID = 16842830
Description = Fehler beim Generieren des Aktivierungskontextes für "E:\CD\Brennen\Nero\Install\Nero
 9\Nero Recode\Recode.exe.Manifest". Fehler in Manifest- oder Richtliniendatei ""
 in Zeile .  Eine für die Anwendung erforderliche Komponentenversion steht in Konflikt
 mit einer anderen bereits aktiven Komponentenversion.  Die widersprüchlichen Komponenten
 sind:  Komponente 1: C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.6002.18005_none_5cb72f96088b0de0.manifest.
Komponente
 2: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.6002.18005_none_1509f8bef40ee4da.manifest.
 
Error - 28.06.2010 16:30:34 | Computer Name = MBu-PC-01 | Source = SideBySide | ID = 16842830
Description = Fehler beim Generieren des Aktivierungskontextes für "F:\Shooter\Enemy
 Territory\Install\ServerLauncher.exe". Fehler in Manifest- oder Richtliniendatei
 "" in Zeile .  Eine für die Anwendung erforderliche Komponentenversion steht in Konflikt
 mit einer anderen bereits aktiven Komponentenversion.  Die widersprüchlichen Komponenten
 sind:  Komponente 1: C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.6002.18005_none_5cb72f96088b0de0.manifest.
Komponente
 2: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.6002.18005_none_1509f8bef40ee4da.manifest.
 
Error - 28.06.2010 16:30:36 | Computer Name = MBu-PC-01 | Source = SideBySide | ID = 16842830
Description = Fehler beim Generieren des Aktivierungskontextes für "E:\CD\Brennen\Nero\Install\Nero
 9\Nero PhotoSnap\PhotoSnapViewer.exe.Manifest". Fehler in Manifest- oder Richtliniendatei
 "" in Zeile .  Eine für die Anwendung erforderliche Komponentenversion steht in Konflikt
 mit einer anderen bereits aktiven Komponentenversion.  Die widersprüchlichen Komponenten
 sind:  Komponente 1: C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.6002.18005_none_5cb72f96088b0de0.manifest.
Komponente
 2: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.6002.18005_none_1509f8bef40ee4da.manifest.
 
Error - 28.06.2010 16:30:36 | Computer Name = MBu-PC-01 | Source = SideBySide | ID = 16842830
Description = Fehler beim Generieren des Aktivierungskontextes für "E:\CD\Brennen\Nero\Install\Nero
 9\Nero Recode\Recode.exe.Manifest". Fehler in Manifest- oder Richtliniendatei ""
 in Zeile .  Eine für die Anwendung erforderliche Komponentenversion steht in Konflikt
 mit einer anderen bereits aktiven Komponentenversion.  Die widersprüchlichen Komponenten
 sind:  Komponente 1: C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.6002.18005_none_5cb72f96088b0de0.manifest.
Komponente
 2: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.6002.18005_none_1509f8bef40ee4da.manifest.
 
Error - 28.06.2010 17:08:00 | Computer Name = MBu-PC-01 | Source = SideBySide | ID = 16842830
Description = Fehler beim Generieren des Aktivierungskontextes für "F:\Shooter\Enemy
 Territory\Install\ServerLauncher.exe". Fehler in Manifest- oder Richtliniendatei
 "" in Zeile .  Eine für die Anwendung erforderliche Komponentenversion steht in Konflikt
 mit einer anderen bereits aktiven Komponentenversion.  Die widersprüchlichen Komponenten
 sind:  Komponente 1: C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.6002.18005_none_5cb72f96088b0de0.manifest.
Komponente
 2: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.6002.18005_none_1509f8bef40ee4da.manifest.
 
Error - 28.06.2010 17:08:08 | Computer Name = MBu-PC-01 | Source = SideBySide | ID = 16842830
Description = Fehler beim Generieren des Aktivierungskontextes für "E:\CD\Brennen\Nero\Install\Nero
 9\Nero PhotoSnap\PhotoSnapViewer.exe.Manifest". Fehler in Manifest- oder Richtliniendatei
 "" in Zeile .  Eine für die Anwendung erforderliche Komponentenversion steht in Konflikt
 mit einer anderen bereits aktiven Komponentenversion.  Die widersprüchlichen Komponenten
 sind:  Komponente 1: C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.6002.18005_none_5cb72f96088b0de0.manifest.
Komponente
 2: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.6002.18005_none_1509f8bef40ee4da.manifest.
 
Error - 28.06.2010 17:08:08 | Computer Name = MBu-PC-01 | Source = SideBySide | ID = 16842830
Description = Fehler beim Generieren des Aktivierungskontextes für "E:\CD\Brennen\Nero\Install\Nero
 9\Nero Recode\Recode.exe.Manifest". Fehler in Manifest- oder Richtliniendatei ""
 in Zeile .  Eine für die Anwendung erforderliche Komponentenversion steht in Konflikt
 mit einer anderen bereits aktiven Komponentenversion.  Die widersprüchlichen Komponenten
 sind:  Komponente 1: C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.6002.18005_none_5cb72f96088b0de0.manifest.
Komponente
 2: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.6002.18005_none_1509f8bef40ee4da.manifest.
 
[ System Events ]
Error - 04.10.2009 17:52:32 | Computer Name = MBu-PC-01 | Source = PlugPlayManager | ID = 12
Description = Das Gerät "SAMSUNG HD103UJ ATA Device" (IDE\DiskSAMSUNG_HD103UJ_________________________1AA01113\5&286e3393&0&1.0.0)
 wurde ohne vorbereitende Maßnahmen vom System entfernt.
 
Error - 05.10.2009 14:31:14 | Computer Name = MBu-PC-01 | Source = Service Control Manager | ID = 7000
Description = 
 
Error - 05.10.2009 14:31:14 | Computer Name = MBu-PC-01 | Source = Service Control Manager | ID = 7000
Description = 
 
Error - 05.10.2009 14:31:14 | Computer Name = MBu-PC-01 | Source = Service Control Manager | ID = 7000
Description = 
 
Error - 06.10.2009 16:28:18 | Computer Name = MBu-PC-01 | Source = Service Control Manager | ID = 7000
Description = 
 
Error - 06.10.2009 16:28:18 | Computer Name = MBu-PC-01 | Source = Service Control Manager | ID = 7000
Description = 
 
Error - 06.10.2009 16:28:18 | Computer Name = MBu-PC-01 | Source = Service Control Manager | ID = 7000
Description = 
 
Error - 07.10.2009 13:49:28 | Computer Name = MBu-PC-01 | Source = Service Control Manager | ID = 7000
Description = 
 
Error - 07.10.2009 13:49:28 | Computer Name = MBu-PC-01 | Source = Service Control Manager | ID = 7000
Description = 
 
Error - 07.10.2009 13:49:28 | Computer Name = MBu-PC-01 | Source = Service Control Manager | ID = 7000
Description = 
 
 
< End of report >
         


Alt 07.07.2010, 10:46   #6
Manuel1304
 
Internet Explorer 8.0 (Vista) öffnet sich völlig unkontrolliert zigfach - Standard

Internet Explorer 8.0 (Vista) öffnet sich völlig unkontrolliert zigfach



Hallo liebes Forum,

gibt es von den zuständigen Experten jemand der mir weiterhelfen kann in dem Thema? Ich habe beide geforderten Outputs hier veröffentlicht. Was ist weiter zu tun?

Vielen Dank im voraus und beste Grüsse

Alt 07.07.2010, 11:34   #7
markusg
/// Malware-holic
 
Internet Explorer 8.0 (Vista) öffnet sich völlig unkontrolliert zigfach - Standard

Internet Explorer 8.0 (Vista) öffnet sich völlig unkontrolliert zigfach



hi,
1. machen wir das in unserer freizeit, also bitte nicht gleich aufschreien wenn du mal nen halben tag nichts von, in dem falle mir, hörst.
2.

Fixen mit OTL

• Starte bitte die OTL.exe.
Vista-User mit Rechtsklick "als Administrator starten"
• Kopiere nun das Folgende in die Textbox.

:OTL
O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - No CLSID value found.

:Files
:Commands
[purity]
[EMPTYFLASH]
[emptytemp]
[Reboot]
@Alternate Data Stream - 122 bytes -> C:\ProgramData\TEMP:A8ADE5D8
@Alternate Data Stream - 121 bytes -> C:\ProgramData\TEMPFC5A2B2
• Schliesse bitte nun alle Programme.
• Klicke nun bitte auf den Fix Button.
• OTL kann gegebenfalls einen Neustart verlangen. Bitte dies zulassen.
• Nach dem Neustart findest Du ein Textdokument dieses posten

Alt 07.07.2010, 11:45   #8
Manuel1304
 
Internet Explorer 8.0 (Vista) öffnet sich völlig unkontrolliert zigfach - Standard

Internet Explorer 8.0 (Vista) öffnet sich völlig unkontrolliert zigfach



Hallo Markusg,

vorab sorry von meiner Seite. Das sollte in keinster Weise ein Vorwurf sein. Ich bin heilfroh, dass sich jemand mit dem Thema auseinander setzt. Ich bin sowieso ein wenig verwirrt, dass es so wenig Einträge im "www" gibt zu diesem Thema. Bzw. das die allermeisten irgendwo bei dem Thema "HiJackThis" landen.

Ich werde den Bericht gleich veröffentlichen, wenn ich durch bin. Vorab schon mal danke für die Hilfe.

Kannst Du mir ggf. noch folgende Frage beantworten?
  1. Wieso findet AVG & Co diese Infizierung nicht auf dem PC? Ist es kein Virus?
  2. Durch was können solche Infizierungen entstehen? Emails? Falsche Seiten angesurft? Ich bin zumeist eigentlich recht vorsichtig. Dachte ich jedenfalls.
  3. Was macht dieses Programm OTL bzw. HiJackThis genau?
  4. Gibt es eine Möglichkeit die vertraulichen Daten hier aus meinem Thread nach hoffentlich baldiger Genesung zu löschen?

Vielen Dank nochmals vorab.

Alt 07.07.2010, 11:47   #9
Manuel1304
 
Internet Explorer 8.0 (Vista) öffnet sich völlig unkontrolliert zigfach - Standard

Internet Explorer 8.0 (Vista) öffnet sich völlig unkontrolliert zigfach



Hallo erneut,

anbei nun der neue Bericht von OTL:

Vielen Dank weiterhin im voraus.

Code:
ATTFilter
ll processes killed
========== OTL ==========
Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{5C255C8A-E604-49b4-9D64-90988571CECB}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{5C255C8A-E604-49b4-9D64-90988571CECB}\ not found.
========== FILES ==========
========== COMMANDS ==========
 
[EMPTYFLASH]
 
User: All Users
 
User: Default
 
User: Default User
 
User: Manuel Burkhardt
->Flash cache emptied: 17476 bytes
 
User: Public
 
Total Flash Files Cleaned = 0,00 mb
 
 
[EMPTYTEMP]
 
User: All Users
 
User: Default
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 33170 bytes
 
User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
 
User: Manuel Burkhardt
->Temp folder emptied: 904275185 bytes
->Temporary Internet Files folder emptied: 119747411 bytes
->Java cache emptied: 0 bytes
->FireFox cache emptied: 92401489 bytes
->Flash cache emptied: 0 bytes
 
User: Public
 
%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 0 bytes
%systemroot%\System32 .tmp files removed: 0 bytes
%systemroot%\System32 (64bit) .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 20732364 bytes
%systemroot%\sysnative\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files folder emptied: 33170 bytes
RecycleBin emptied: 0 bytes
 
Total Files Cleaned = 1.085,00 mb
 
Error: Unable to interpret <@Alternate Data Stream - 122 bytes -> C:\ProgramData\TEMP:A8ADE5D8> in the current context!
Error: Unable to interpret <@Alternate Data Stream - 121 bytes -> C:\ProgramData\TEMPFC5A2B2> in the current context!
 
OTL by OldTimer - Version 3.2.7.1 log created on 07072010_123837

Files\Folders moved on Reboot...
C:\Users\Manuel Burkhardt\AppData\Local\Temp\FXSAPIDebugLogFile.txt moved successfully.
File move failed. C:\Windows\temp\logishrd\LVPrcInj01.dll scheduled to be moved on reboot.
File move failed. C:\Windows\temp\logishrd\LVPrcInj02.dll scheduled to be moved on reboot.

Registry entries deleted on Reboot...
         

Alt 07.07.2010, 12:10   #10
Manuel1304
 
Internet Explorer 8.0 (Vista) öffnet sich völlig unkontrolliert zigfach - Standard

Internet Explorer 8.0 (Vista) öffnet sich völlig unkontrolliert zigfach



Kann es sein, dass diese beiden Befehlszeilen nicht korrekt umgesetzt wurden?

@Alternate Data Stream - 122 bytes -> C:\ProgramData\TEMP:A8ADE5D8
@Alternate Data Stream - 121 bytes -> C:\ProgramData\TEMPFC5A2B2

Dazwischen hängt ein "Grinsegesicht" und ich habe es einfach per Copy und Paste rübergenommen. Im OTL wurde es dann in Buchtstaben umgesetzt. Ob korrekt weiss ich nicht.

Alt 07.07.2010, 12:34   #11
markusg
/// Malware-holic
 
Internet Explorer 8.0 (Vista) öffnet sich völlig unkontrolliert zigfach - Standard

Internet Explorer 8.0 (Vista) öffnet sich völlig unkontrolliert zigfach



istg erst mal kein prob.
kannst du mal avg updaten, scannen und das ergebniss posten?

Alt 07.07.2010, 12:38   #12
Manuel1304
 
Internet Explorer 8.0 (Vista) öffnet sich völlig unkontrolliert zigfach - Standard

Internet Explorer 8.0 (Vista) öffnet sich völlig unkontrolliert zigfach



Bin schon dabei. Dauert noch einen Moment. Werde das Ergebnis dann posten.

Habe heute bisher noch keine willkürlichen Popups gehabt. Vielleicht ist das Problem ja tatsächlich schon behoben. Ich kanns nicht wirklich einschätzen.

Kannst Du mir wenn Du einen Moment Zeit hast noch auf meine 4 Fragen antworten.

Wäre Dir sehr verbunden.

Vg
Manuel

Alt 07.07.2010, 12:46   #13
markusg
/// Malware-holic
 
Internet Explorer 8.0 (Vista) öffnet sich völlig unkontrolliert zigfach - Standard

Internet Explorer 8.0 (Vista) öffnet sich völlig unkontrolliert zigfach



die programme zeigen uns dateien etc die sich auf deinem pc befinden, nicht jedes antivirus kennt alle schädlichen dateien.
durch was sie entstehen, zb durch den besuch infizierter websites, anhänge in mails etc.
die daten können in so weit gelöscht werden, dass der name rausgenommen wird. die logs zu löschen finde ich nicht so gut auch wir helfer kennen nicht jede datei und der ein oder andere nutzt auch mal google so das die logs infos geben können, die sagen ja nichts persönliches über dich aus, nur dateinamen

Alt 07.07.2010, 13:06   #14
Manuel1304
 
Internet Explorer 8.0 (Vista) öffnet sich völlig unkontrolliert zigfach - Standard

Internet Explorer 8.0 (Vista) öffnet sich völlig unkontrolliert zigfach



Hallo markusg,

anbei noch der Bericht vom AVG:

Code:
ATTFilter
"Scan ""Gesamten Computer scannen"" wurde beendet."
"Bei diesem Scan wurde keine Infizierung gefunden"
"Für den Scanvorgang ausgewählte Ordner:";"Gesamten Computer scannen"
"Start des Scans:";"Mittwoch, 7. Juli 2010, 13:38:48"
"Scan beendet:";"Mittwoch, 7. Juli 2010, 14:02:47 (23 Minute(n) 58 Sekunde(n))"
"Gesamtanzahl gescannter Objekte:";"959689"
"Benutzer, der den Scan gestartet hat:";"***"
         
Scheint alles in Ordnung auszusehen, oder? Kannst Du mir jetzt noch sagen, was der Übeltäter gewesen ist? Oder sieht man das so nicht explizit?

Die wichtigste Frage jetzt noch:

Könnt ihr das mit den userbezogenen Daten ändern oder wie läuft das vonstatten?

Muss ich bezüglich dem Virus jetzt noch was beachten oder kann ich davon ausgehen, dass es vollständig bereinigt ist?

Vielen vielen Dank für die schnelle Hilfe!!!

Lg
Manuel

Alt 07.07.2010, 13:46   #15
markusg
/// Malware-holic
 
Internet Explorer 8.0 (Vista) öffnet sich völlig unkontrolliert zigfach - Standard

Internet Explorer 8.0 (Vista) öffnet sich völlig unkontrolliert zigfach



hmm ich habe keine schädliche dateie gesehen, evtl. war sie im temp verzeichniss. klicke mal auf "beitrag melden" und teile mit, das deine daten gelöscht werden sollen, da kümmert sich dann wer.
will ncoh abschließend nen online scan machen.
Free ESET Online Antivirus Scanner
die funde löschen, log posten.

Antwort

Themen zu Internet Explorer 8.0 (Vista) öffnet sich völlig unkontrolliert zigfach
adobe, antivirus, avg, avg free, bho, e-mail, excel, explorer, google, hijack, hijackthis, internet, internet explorer, logfile, monitor, netgear, netzwerk, object, plug-in, sicherheit, software, sphere, syswow64, taskmanager, viren, vista, windows, wlan, öffnet



Ähnliche Themen: Internet Explorer 8.0 (Vista) öffnet sich völlig unkontrolliert zigfach


  1. Internet Explorer öffnet sich von selbst
    Plagegeister aller Art und deren Bekämpfung - 24.06.2015 (11)
  2. Internet Explorer öffnet sich im Hintergrund, zieht Internet und Chrome öffnet nicht mehr
    Alles rund um Windows - 12.03.2015 (38)
  3. Linke Maustaste agiert völlig unkontrolliert
    Plagegeister aller Art und deren Bekämpfung - 26.04.2014 (1)
  4. Internet Explorer öffnet sich !
    Plagegeister aller Art und deren Bekämpfung - 13.02.2014 (4)
  5. Internet Explorer öffnet sich
    Plagegeister aller Art und deren Bekämpfung - 11.05.2012 (1)
  6. Internet Explorer öffnet sich automatisch
    Log-Analyse und Auswertung - 17.01.2011 (2)
  7. Internet Explorer öffnet sich automatisch und lässt sich nicht mehr schließen
    Log-Analyse und Auswertung - 27.08.2010 (2)
  8. Internet Explorer öffnet sich automatisch und öffnet Werbeseiten
    Log-Analyse und Auswertung - 18.06.2010 (1)
  9. Internet Explorer öffnet sich von selbst
    Log-Analyse und Auswertung - 16.06.2010 (15)
  10. Firefox öffnet Werbetabs&Internet Explorer öffnet sich selbstständig
    Log-Analyse und Auswertung - 09.05.2010 (64)
  11. HILFE: Firefox öffnet Werbetabs&Internet Explorer öffnet sich selbstständig
    Log-Analyse und Auswertung - 07.05.2010 (6)
  12. Internet Explorer öffnet sich von selbst!!
    Log-Analyse und Auswertung - 29.12.2008 (1)
  13. internet explorer öffnet sich ?
    Mülltonne - 22.10.2008 (1)
  14. TR/Dldr.HTML.Agent.IS - Virus öffnet sich zigfach
    Plagegeister aller Art und deren Bekämpfung - 18.02.2008 (3)
  15. Internet explorer öffnet sich
    Plagegeister aller Art und deren Bekämpfung - 05.01.2008 (19)
  16. Internet Explorer öffnet sich selbsständig, hängt sich auf
    Log-Analyse und Auswertung - 09.11.2007 (10)
  17. Internet Explorer öffnet sich automatisch, hängt sich auf
    Mülltonne - 06.11.2007 (0)

Zum Thema Internet Explorer 8.0 (Vista) öffnet sich völlig unkontrolliert zigfach - Hallo liebes Board, ich bin einigermassen verzweifelt. Seit ca. 1 Woche plagt mich irgendwelches Ungeziefer auf meinem PC. Ich hoffe, dass Ihr mir möglichst schnell weiterhelfen könnt. Ich bin bezüglich - Internet Explorer 8.0 (Vista) öffnet sich völlig unkontrolliert zigfach...
Archiv
Du betrachtest: Internet Explorer 8.0 (Vista) öffnet sich völlig unkontrolliert zigfach auf Trojaner-Board

Search Engine Optimization by vBSEO ©2011, Crawlability, Inc.