|
Log-Analyse und Auswertung: Internet Explorer öffnet sich automatisch und lässt sich nicht mehr schließenWindows 7 Wenn Du Dir einen Trojaner eingefangen hast oder ständig Viren Warnungen bekommst, kannst Du hier die Logs unserer Diagnose Tools zwecks Auswertung durch unsere Experten posten. Um Viren und Trojaner entfernen zu können, muss das infizierte System zuerst untersucht werden: Erste Schritte zur Hilfe. Beachte dass ein infiziertes System nicht vertrauenswürdig ist und bis zur vollständigen Entfernung der Malware nicht verwendet werden sollte.XML |
26.08.2010, 15:24 | #1 |
| Internet Explorer öffnet sich automatisch und lässt sich nicht mehr schließen Hallo zusammen, Ich hab seit gestern ein Problem und zwar öffnet sich mein Internet Explorer von selbst und lässt sich danach nicht mehr schließen. Ich surfe nur mit dem Firefox. Wäre nett wenn ihr mir helfen könntet Sorry falls ich irgendetwas falsch gemacht habe aber es ist mein erster Eintrag hier in diesem Forum. Ausserdem hatte ich heute erstmals eine Fehlermeldung C:\Windows\system32\sshnas.dll wäre fehlerhaft... schonmal HiJackthis Logfile: Code:
ATTFilter Logfile of Trend Micro HijackThis v2.0.2 Scan saved at 16:18:12, on 26.08.2010 Platform: Unknown Windows (WinNT 6.01.3504) MSIE: Internet Explorer v8.00 (8.00.7600.16385) Boot mode: Normal Running processes: C:\Users\Admin\AppData\Local\Temp\Nvq.exe C:\Program Files (x86)\Intel\Intel Matrix Storage Manager\IAAnotif.exe C:\Program Files (x86)\Windows Live\Messenger\msnmsgr.exe C:\Program Files (x86)\HP\Digital Imaging\bin\hpqtra08.exe C:\Program Files (x86)\McAfee Security Scan\2.0.181\SSScheduler.exe C:\Program Files (x86)\Dell DataSafe Online\DataSafeOnline.exe C:\Program Files (x86)\CyberLink\PowerDVD DX\PDVDDXSrv.exe C:\Program Files (x86)\Roxio\Roxio Burn\RoxioBurnLauncher.exe C:\Program Files (x86)\McAfee.com\Agent\mcagent.exe C:\Program Files (x86)\Dell Support Center\bin\sprtcmd.exe C:\Program Files (x86)\HP\HP Software Update\hpwuSchd2.exe C:\Program Files (x86)\SlySoft\CloneCD\CloneCDTray.exe C:\Program Files (x86)\DivX\DivX Update\DivXUpdate.exe C:\Program Files (x86)\Roxio\Roxio Burn\Roxio Burn.exe C:\Program Files (x86)\HP\Digital Imaging\bin\hpqSTE08.exe C:\Program Files (x86)\HP\Digital Imaging\bin\hpqbam08.exe C:\Program Files (x86)\HP\Digital Imaging\bin\hpqgpc01.exe C:\Program Files (x86)\Windows Live\Contacts\wlcomm.exe C:\Program Files (x86)\Mozilla Firefox\firefox.exe C:\Users\Admin\AppData\Local\Temp\Nvr.exe C:\Users\Admin\Desktop\HijackThis.exe C:\Program Files (x86)\Mozilla Firefox\plugin-container.exe C:\Users\Admin\AppData\Local\Temp\Nvq.exe C:\Windows\SysWOW64\DllHost.exe R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://g.uk.msn.com/USCON/8 R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://go.microsoft.com/fwlink/?LinkId=54896 R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://search.conduit.com?SearchSource=10&ctid=CT2567732 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://go.microsoft.com/fwlink/?LinkId=69157 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = hxxp://go.microsoft.com/fwlink/?LinkId=54896 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://go.microsoft.com/fwlink/?LinkId=54896 R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://go.microsoft.com/fwlink/?LinkId=69157 R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch = R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = R3 - URLSearchHook: Messenger Plus Live Germany Toolbar - {542e4d79-1970-4e95-9862-fdb96f61b280} - C:\Program Files (x86)\Messenger_Plus_Live_Germany\tbMess.dll F2 - REG:system.ini: UserInit=userinit.exe O2 - BHO: HP Print Enhancer - {0347C33E-8762-4905-BF09-768834316C61} - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\hpswp_printenhancer.dll O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll O2 - BHO: McAfee Phishing Filter - {27B4851A-3207-45A2-B947-BE8AFE6163AB} - c:\progra~2\mcafee\msk\mskapbho.dll O2 - BHO: Messenger Plus Live Germany Toolbar - {542e4d79-1970-4e95-9862-fdb96f61b280} - C:\Program Files (x86)\Messenger_Plus_Live_Germany\tbMess.dll O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - (no file) O2 - BHO: Search Helper - {6EBF7485-159F-4bff-A14F-B9E3AAC4465B} - C:\Program Files (x86)\Microsoft\Search Enhancement Pack\Search Helper\SEPsearchhelperie.dll O2 - BHO: scriptproxy - {7DB2D5A0-7241-4E79-B68D-6309F01C5231} - C:\Program Files (x86)\McAfee\VirusScan\scriptsn.dll O2 - BHO: Windows Live ID-Anmelde-Hilfsprogramm - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll O2 - BHO: Windows Live Toolbar Helper - {E15A8DC0-8516-42A1-81EA-DC94EC1ACF10} - C:\Program Files (x86)\Windows Live\Toolbar\wltcore.dll O2 - BHO: HP Smart BHO Class - {FFFFFFFF-CF4E-4F2B-BDC2-0E72E116A856} - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\hpswp_BHO.dll O3 - Toolbar: &Windows Live Toolbar - {21FA44EF-376D-4D53-9B0F-8A89D3229068} - C:\Program Files (x86)\Windows Live\Toolbar\wltcore.dll O3 - Toolbar: Messenger Plus Live Germany Toolbar - {542e4d79-1970-4e95-9862-fdb96f61b280} - C:\Program Files (x86)\Messenger_Plus_Live_Germany\tbMess.dll O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe" O4 - HKLM\..\Run: [Dell DataSafe Online] "C:\Program Files (x86)\Dell DataSafe Online\DataSafeOnline.exe" /m O4 - HKLM\..\Run: [PDVDDXSrv] "C:\Program Files (x86)\CyberLink\PowerDVD DX\PDVDDXSrv.exe" O4 - HKLM\..\Run: [Dell Webcam Central] "C:\Program Files (x86)\Dell Webcam\Dell Webcam Central\WebcamDell2.exe" /mode2 O4 - HKLM\..\Run: [Desktop Disc Tool] "c:\Program Files (x86)\Roxio\Roxio Burn\RoxioBurnLauncher.exe" O4 - HKLM\..\Run: [mcagent_exe] "C:\Program Files (x86)\McAfee.com\Agent\mcagent.exe" /runkey O4 - HKLM\..\Run: [DellSupportCenter] "C:\Program Files (x86)\Dell Support Center\bin\sprtcmd.exe" /P DellSupportCenter O4 - HKLM\..\Run: [hpqSRMon] C:\Program Files (x86)\HP\Digital Imaging\bin\hpqSRMon.exe O4 - HKLM\..\Run: [HP Software Update] C:\Program Files (x86)\HP\HP Software Update\HPWuSchd2.exe O4 - HKLM\..\Run: [CloneCDTray] "C:\Program Files (x86)\SlySoft\CloneCD\CloneCDTray.exe" /s O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe" O4 - HKLM\..\Run: [MobileConnect] %programfiles%\Vodafone\Vodafone Mobile Connect\Bin\MobileConnect.exe /silent O4 - HKLM\..\Run: [DivXUpdate] "C:\Program Files (x86)\DivX\DivX Update\DivXUpdate.exe" /CHECKNOW O4 - HKLM\..\Run: [Application Layer Gateway] C:\Program Files (x86)\Common Files\alg.exe O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files (x86)\Windows Live\Messenger\msnmsgr.exe" /background O4 - HKCU\..\Run: [Display Driver] C:\Users\Admin\AppData\Local\Temp\dispdrv.exe O4 - HKCU\..\Run: [Audio HD Driver] C:\Users\Admin\AppData\Local\Temp\XiWdB2oVblL.exe O4 - HKCU\..\Run: [AlcoholAutomount] "C:\Program Files (x86)\Alcohol Soft\Alcohol 120\axcmd.exe" /automount O4 - HKCU\..\Run: [EA Core] "C:\Program Files (x86)\Electronic Arts\EADM\Core.exe" -silent O4 - HKCU\..\Run: [Metropolis] rundll32.exe C:\Users\Admin\AppData\Local\Temp\sshnas21.dll,GetHandle O4 - HKCU\..\Run: [XBV6RD5SZF] C:\Users\Admin\AppData\Local\Temp\Nvr.exe O4 - HKCU\..\Run: [ICQ] "C:\Program Files (x86)\ICQ7.1\ICQ.exe" silent loginmode=4 O4 - .DEFAULT User Startup: Dell Dock First Run.lnk = C:\Program Files\Dell\DellDock\DellDock.exe (User 'Default user') O4 - Startup: Dell Dock.lnk = C:\Program Files\Dell\DellDock\DellDock.exe O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files (x86)\HP\Digital Imaging\bin\hpqtra08.exe O4 - Global Startup: McAfee Security Scan Plus.lnk = ? O8 - Extra context menu item: Free YouTube Download - C:\Users\Admin\AppData\Roaming\DVDVideoSoftIEHelpers\youtubedownload.htm O8 - Extra context menu item: Free YouTube to Mp3 Converter - C:\Users\Admin\AppData\Roaming\DVDVideoSoftIEHelpers\youtubetomp3.htm O8 - Extra context menu item: Nach Microsoft E&xel exportieren - res://C:\PROGRA~2\MICROS~2\Office12\EXCEL.EXE/3000 O9 - Extra button: In Blog veröffentlichen - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll O9 - Extra 'Tools' menuitem: In Windows Live Writer in Blog veröffentliche&n - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll O9 - Extra button: ICQ7.1 - {71BFC818-0CED-42D6-9C87-5142918957EE} - C:\Program Files (x86)\ICQ7.1\ICQ.exe O9 - Extra 'Tools' menuitem: ICQ7.1 - {71BFC818-0CED-42D6-9C87-5142918957EE} - C:\Program Files (x86)\ICQ7.1\ICQ.exe O9 - Extra button: HP Smart Web Printing ein- oder ausblenden - {DDE87865-83C5-48c4-8357-2F5B1AA84522} - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\hpswp_BHO.dll O10 - Unknown file in Winsock LSP: c:\program files (x86)\common files\microsoft shared\windows live\wlidnsp.dll O10 - Unknown file in Winsock LSP: c:\program files (x86)\common files\microsoft shared\windows live\wlidnsp.dll O13 - Gopher Prefix: O16 - DPF: {5C051655-FCD5-4969-9182-770EA5AA5565} (Solitaire Showdown Class) - hxxp://messenger.zone.msn.com/binary/SolitaireShowdown.cab56986.cab O16 - DPF: {5D6F45B3-9043-443D-A792-115447494D24} (UnoCtrl Class) - hxxp://messenger.zone.msn.com/MessengerGamesContent/GameContent/de/uno1/GAME_UNO1.cab O16 - DPF: {C345E174-3E87-4F41-A01C-B066A90A49B4} (WRC Class) - hxxp://trial.trymicrosoftoffice.com/trialoaa/buymsoffice_assets/framework/microsoft/wrc32.ocx O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - hxxp://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab56907.cab O16 - DPF: {F5A7706B-B9C0-4C89-A715-7A0C6B05DD48} (Minesweeper Flags Class) - hxxp://messenger.zone.msn.com/binary/MineSweeper.cab56986.cab O23 - Service: @%SystemRoot%\system32\Alg.exe,-112 (ALG) - Unknown owner - C:\Windows\System32\alg.exe (file missing) O23 - Service: Dock Login Service (DockLoginService) - Stardock Corporation - C:\Program Files\Dell\DellDock\DockLogin.exe O23 - Service: @%SystemRoot%\system32\efssvc.dll,-100 (EFS) - Unknown owner - C:\Windows\System32\lsass.exe (file missing) O23 - Service: @%systemroot%\system32\fxsresm.dll,-118 (Fax) - Unknown owner - C:\Windows\system32\fxssvc.exe (file missing) O23 - Service: GameConsoleService - WildTangent, Inc. - C:\Program Files (x86)\WildTangent\Dell Games\Dell Game Console\GameConsoleService.exe O23 - Service: HASP License Manager (hasplms) - Unknown owner - C:\Windows\system32\hasplms.exe (file missing) O23 - Service: Intel(R) Matrix Storage Event Monitor (IAANTMON) - Intel Corporation - C:\Program Files (x86)\Intel\Intel Matrix Storage Manager\IAANTMon.exe O23 - Service: @keyiso.dll,-100 (KeyIso) - Unknown owner - C:\Windows\system32\lsass.exe (file missing) O23 - Service: McAfee Security Scan Component Host Service (McComponentHostService) - McAfee, Inc. - C:\Program Files (x86)\McAfee Security Scan\2.0.181\McCHSvc.exe O23 - Service: McAfee Services (mcmscsvc) - McAfee, Inc. - C:\PROGRA~2\McAfee\MSC\mcmscsvc.exe O23 - Service: McAfee Network Agent (McNASvc) - McAfee, Inc. - C:\Program Files (x86)\Common Files\mcafee\mna\mcnasvc.exe O23 - Service: McAfee Scanner (McODS) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\mcods.exe O23 - Service: McAfee Proxy Service (McProxy) - McAfee, Inc. - C:\PROGRA~2\COMMON~1\McAfee\McProxy\McProxy.exe O23 - Service: McAfee Real-time Scanner (McShield) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\mcshield.exe O23 - Service: McAfee SystemGuards (McSysmon) - McAfee, Inc. - C:\PROGRA~2\McAfee\VIRUSS~1\mcsysmon.exe O23 - Service: McAfee Personal Firewall Service (MpfService) - McAfee, Inc. - C:\Program Files (x86)\McAfee\MPF\MPFSrv.exe O23 - Service: @comres.dll,-2797 (MSDTC) - Unknown owner - C:\Windows\System32\msdtc.exe (file missing) O23 - Service: McAfee Anti-Spam Service (MSK80Service) - McAfee, Inc. - C:\Program Files (x86)\McAfee\MSK\MskSrver.exe O23 - Service: @%SystemRoot%\System32\netlogon.dll,-102 (Netlogon) - Unknown owner - C:\Windows\system32\lsass.exe (file missing) O23 - Service: NMSAccess - Unknown owner - C:\Program Files (x86)\CDBurnerXP\NMSAccessU.exe O23 - Service: @%systemroot%\system32\psbase.dll,-300 (ProtectedStorage) - Unknown owner - C:\Windows\system32\lsass.exe (file missing) O23 - Service: @%systemroot%\system32\Locator.exe,-2 (RpcLocator) - Unknown owner - C:\Windows\system32\locator.exe (file missing) O23 - Service: @%SystemRoot%\system32\samsrv.dll,-1 (SamSs) - Unknown owner - C:\Windows\system32\lsass.exe (file missing) O23 - Service: SoftThinks Agent Service (SftService) - SoftThinks - C:\Program Files (x86)\Dell DataSafe Local Backup\sftservice.EXE O23 - Service: @%SystemRoot%\system32\snmptrap.exe,-3 (SNMPTRAP) - Unknown owner - C:\Windows\System32\snmptrap.exe (file missing) O23 - Service: @%systemroot%\system32\spoolsv.exe,-1 (Spooler) - Unknown owner - C:\Windows\System32\spoolsv.exe (file missing) O23 - Service: @%SystemRoot%\system32\sppsvc.exe,-101 (sppsvc) - Unknown owner - C:\Windows\system32\sppsvc.exe (file missing) O23 - Service: SupportSoft Sprocket Service (DellSupportCenter) (sprtsvc_DellSupportCenter) - SupportSoft, Inc. - C:\Program Files (x86)\Dell Support Center\bin\sprtsvc.exe O23 - Service: Audio Service (STacSV) - IDT, Inc. - C:\Windows\System32\DriverStore\FileRepository\stwrt64.inf_amd64_neutral_afc3018f8cfedd20\STacSV64.exe O23 - Service: StarWind AE Service (StarWindServiceAE) - Rocket Division Software - C:\Program Files (x86)\Alcohol Soft\Alcohol 120\StarWind\StarWindServiceAE.exe O23 - Service: TeamViewer 5 (TeamViewer5) - TeamViewer GmbH - C:\Program Files (x86)\TeamViewer\Version5\TeamViewer_Service.exe O23 - Service: @%SystemRoot%\system32\ui0detect.exe,-101 (UI0Detect) - Unknown owner - C:\Windows\system32\UI0Detect.exe (file missing) O23 - Service: @%SystemRoot%\system32\vaultsvc.dll,-1003 (VaultSvc) - Unknown owner - C:\Windows\system32\lsass.exe (file missing) O23 - Service: @%SystemRoot%\system32\vds.exe,-100 (vds) - Unknown owner - C:\Windows\System32\vds.exe (file missing) O23 - Service: Vodafone Mobile Connect Service (VMCService) - Vodafone - C:\Program Files (x86)\Vodafone\Vodafone Mobile Connect\Bin\VMCService.exe O23 - Service: @%systemroot%\system32\vssvc.exe,-102 (VSS) - Unknown owner - C:\Windows\system32\vssvc.exe (file missing) O23 - Service: @%systemroot%\system32\wbengine.exe,-104 (wbengine) - Unknown owner - C:\Windows\system32\wbengine.exe (file missing) O23 - Service: Dell Wireless WLAN Tray Service (wltrysvc) - Unknown owner - C:\Program Files\Dell\Dell Wireless WLAN Card\WLTRYSVC.EXE O23 - Service: @%Systemroot%\system32\wbem\wmiapsrv.exe,-110 (wmiApSrv) - Unknown owner - C:\Windows\system32\wbem\WmiApSrv.exe (file missing) O23 - Service: @%PROGRAMFILES%\Windows Media Player\wmpnetwk.exe,-101 (WMPNetworkSvc) - Unknown owner - C:\Program Files (x86)\Windows Media Player\wmpnetwk.exe (file missing) -- End of file - 14587 bytes Malwarebytes' Anti-Malware 1.46 Malwarebytes Datenbank Version: 4483 Windows 6.1.7600 Internet Explorer 8.0.7600.16385 26.08.2010 17:35:01 mbam-log-2010-08-26 (17-35-01).txt Art des Suchlaufs: Quick-Scan Durchsuchte Objekte: 137275 Laufzeit: 7 Minute(n), 54 Sekunde(n) Infizierte Speicherprozesse: 1 Infizierte Speichermodule: 0 Infizierte Registrierungsschlüssel: 3 Infizierte Registrierungswerte: 1 Infizierte Dateiobjekte der Registrierung: 0 Infizierte Verzeichnisse: 0 Infizierte Dateien: 4 Infizierte Speicherprozesse: C:\Users\Admin\AppData\Local\Temp\Nvr.exe (Trojan.Agent.Gen) -> Unloaded process successfully. Infizierte Speichermodule: (Keine bösartigen Objekte gefunden) Infizierte Registrierungsschlüssel: HKEY_CURRENT_USER\SOFTWARE\XBV6RD5SZF (Trojan.FakeAlert) -> Quarantined and deleted successfully. HKEY_CURRENT_USER\SOFTWARE\Microsoft\Handle (Malware.Trace) -> Quarantined and deleted successfully. HKEY_CURRENT_USER\SOFTWARE\XML (Trojan.FakeAlert) -> Quarantined and deleted successfully. Infizierte Registrierungswerte: HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\xbv6rd5szf (Trojan.Agent.Gen) -> Quarantined and deleted successfully. Infizierte Dateiobjekte der Registrierung: (Keine bösartigen Objekte gefunden) Infizierte Verzeichnisse: (Keine bösartigen Objekte gefunden) Infizierte Dateien: C:\Users\Admin\AppData\Local\Temp\Nvr.exe (Trojan.Agent.Gen) -> Quarantined and deleted successfully. C:\Users\Admin\downloads\TuneUp.2010.Keygen.exe (Trojan.Agent.CK) -> Quarantined and deleted successfully. C:\Windows\Tasks\{22116563-108C-42c0-A7CE-60161B75E508}.job (Trojan.Downloader) -> Quarantined and deleted successfully. C:\Windows\Tasks\{62C40AA6-4406-467a-A5A5-DFDF1B559B7A}.job (Trojan.FakeAlert) -> Quarantined and deleted successfully. |
26.08.2010, 17:13 | #2 |
| Internet Explorer öffnet sich automatisch und lässt sich nicht mehr schließen OTL.TXTOTL Logfile:
__________________Code:
ATTFilter OTL logfile created on: 26.08.2010 17:50:10 - Run 1 OTL by OldTimer - Version 3.2.10.0 Folder = C:\Users\Admin\Downloads 64bit- Home Premium Edition (Version = 6.1.7600) - Type = NTWorkstation Internet Explorer (Version = 8.0.7600.16385) Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy 4,00 Gb Total Physical Memory | 2,00 Gb Available Physical Memory | 61,00% Memory free 8,00 Gb Paging File | 6,00 Gb Available in Paging File | 78,00% Paging File free Paging file location(s): ?:\pagefile.sys [binary data] %SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86) Drive C: | 218,20 Gb Total Space | 158,67 Gb Free Space | 72,72% Space Free | Partition Type: NTFS D: Drive not present or media not loaded E: Drive not present or media not loaded F: Drive not present or media not loaded G: Drive not present or media not loaded H: Drive not present or media not loaded I: Drive not present or media not loaded Computer Name: ADMIN-LAP Current User Name: Admin Logged in as Administrator. Current Boot Mode: Normal Scan Mode: All users Include 64bit Scans Company Name Whitelist: Off Skip Microsoft Files: Off File Age = 30 Days Output = Minimal ========== Processes (SafeList) ========== PRC - C:\Windows\SysWow64\hasplms.exe File not found PRC - C:\Users\Admin\Downloads\OTL.exe (OldTimer Tools) PRC - C:\Program Files (x86)\Mozilla Firefox\firefox.exe (Mozilla Corporation) PRC - C:\PROGRA~2\McAfee\MSC\mcmscsvc.exe (McAfee, Inc.) PRC - C:\Program Files (x86)\DivX\DivX Update\DivXUpdate.exe () PRC - C:\Program Files (x86)\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe (Microsoft Corporation) PRC - C:\Program Files (x86)\TeamViewer\Version5\TeamViewer_Service.exe (TeamViewer GmbH) PRC - C:\Program Files (x86)\CDBurnerXP\NMSAccessU.exe () PRC - C:\Program Files (x86)\Dell DataSafe Local Backup\sftservice.EXE (SoftThinks) PRC - c:\PROGRA~2\mcafee.com\agent\mcagent.exe (McAfee, Inc.) PRC - C:\Program Files (x86)\Dell DataSafe Online\DataSafeOnline.exe () PRC - C:\Program Files (x86)\McAfee Security Scan\2.0.181\SSScheduler.exe (McAfee, Inc.) PRC - C:\PROGRA~2\McAfee\VIRUSS~1\mcsysmon.exe (McAfee, Inc.) PRC - C:\Program Files (x86)\McAfee\MPF\MPFSrv.exe (McAfee, Inc.) PRC - C:\Program Files (x86)\Roxio\Roxio Burn\RoxioBurnLauncher.exe () PRC - C:\Program Files (x86)\McAfee\MSK\MskSrver.exe (McAfee, Inc.) PRC - C:\Program Files (x86)\Common Files\Microsoft Shared\Virtualization Handler\CVHSVC.EXE (Microsoft Corporation) PRC - C:\Program Files (x86)\Microsoft Application Virtualization Client\sftlist.exe (Microsoft Corporation) PRC - C:\Program Files (x86)\Microsoft Application Virtualization Client\sftvsa.exe (Microsoft Corporation) PRC - C:\Program Files (x86)\Vodafone\Vodafone Mobile Connect\Bin\VMCService.exe (Vodafone) PRC - C:\Program Files (x86)\Windows Live\Messenger\msnmsgr.exe (Microsoft Corporation) PRC - C:\PROGRA~2\COMMON~1\McAfee\McProxy\McProxy.exe (McAfee, Inc.) PRC - C:\Program Files (x86)\Common Files\mcafee\mna\mcnasvc.exe (McAfee, Inc.) PRC - C:\Program Files (x86)\CyberLink\PowerDVD DX\PDVDDXSrv.exe (CyberLink Corp.) PRC - C:\Programme\Dell\DellDock\DockLogin.exe (Stardock Corporation) PRC - C:\Program Files (x86)\Intel\Intel Matrix Storage Manager\IAAnotif.exe (Intel Corporation) PRC - C:\Program Files (x86)\Intel\Intel Matrix Storage Manager\IAANTMon.exe (Intel Corporation) PRC - C:\Program Files (x86)\Dell Support Center\bin\sprtsvc.exe (SupportSoft, Inc.) PRC - C:\Program Files (x86)\Dell Support Center\bin\sprtcmd.exe (SupportSoft, Inc.) PRC - C:\Program Files (x86)\Windows Live\Contacts\wlcomm.exe (Microsoft Corporation) PRC - C:\Program Files (x86)\SlySoft\CloneCD\CloneCDTray.exe (SlySoft, Inc.) PRC - C:\Program Files (x86)\Alcohol Soft\Alcohol 120\StarWind\StarWindServiceAE.exe (Rocket Division Software) ========== Modules (SafeList) ========== MOD - C:\Users\Admin\Downloads\OTL.exe (OldTimer Tools) MOD - C:\Windows\SysWOW64\msscript.ocx (Microsoft Corporation) MOD - C:\Windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7600.16385_none_421189da2b7fabfc\comctl32.dll (Microsoft Corporation) ========== Win32 Services (SafeList) ========== SRV:64bit: - (wlidsvc) -- C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE (Microsoft Corporation) SRV:64bit: - (wltrysvc) -- C:\Program Files\Dell\Dell Wireless WLAN Card\WLTRYSVC.EXE () SRV:64bit: - (STacSV) -- C:\Windows\SysNative\DriverStore\FileRepository\stwrt64.inf_amd64_neutral_afc3018f8cfedd20\stacsv64.exe (IDT, Inc.) SRV:64bit: - (hasplms) -- C:\Windows\SysNative\hasplms.exe (Aladdin Knowledge Systems Ltd.) SRV - (mcmscsvc) -- C:\PROGRA~2\McAfee\MSC\mcmscsvc.exe (McAfee, Inc.) SRV - (SeaPort) -- C:\Program Files (x86)\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe (Microsoft Corporation) SRV - (TeamViewer5) -- C:\Program Files (x86)\TeamViewer\Version5\TeamViewer_Service.exe (TeamViewer GmbH) SRV - (GameConsoleService) -- C:\Program Files (x86)\WildTangent\Dell Games\Dell Game Console\GameConsoleService.exe (WildTangent, Inc.) SRV - (NMSAccess) -- C:\Program Files (x86)\CDBurnerXP\NMSAccessU.exe () SRV - (SftService) -- C:\Program Files (x86)\Dell DataSafe Local Backup\sftservice.EXE (SoftThinks) SRV - (McODS) -- C:\Programme\McAfee\VirusScan\mcods.exe (McAfee, Inc.) SRV - (McComponentHostService) -- C:\Program Files (x86)\McAfee Security Scan\2.0.181\McCHSvc.exe (McAfee, Inc.) SRV - (McShield) -- C:\Programme\McAfee\VirusScan\Mcshield.exe (McAfee, Inc.) SRV - (McSysmon) -- C:\PROGRA~2\McAfee\VIRUSS~1\mcsysmon.exe (McAfee, Inc.) SRV - (MpfService) -- C:\Program Files (x86)\McAfee\MPF\MPFSrv.exe (McAfee, Inc.) SRV - (MSK80Service) -- C:\Program Files (x86)\McAfee\MSK\MskSrver.exe (McAfee, Inc.) SRV - (cvhsvc) -- C:\Program Files (x86)\Common Files\Microsoft Shared\Virtualization Handler\CVHSVC.EXE (Microsoft Corporation) SRV - (sftlist) -- C:\Program Files (x86)\Microsoft Application Virtualization Client\sftlist.exe (Microsoft Corporation) SRV - (sftvsa) -- C:\Program Files (x86)\Microsoft Application Virtualization Client\sftvsa.exe (Microsoft Corporation) SRV - (VMCService) -- C:\Program Files (x86)\Vodafone\Vodafone Mobile Connect\Bin\VMCService.exe (Vodafone) SRV - (McProxy) -- C:\PROGRA~2\COMMON~1\McAfee\McProxy\McProxy.exe (McAfee, Inc.) SRV - (McNASvc) -- C:\Program Files (x86)\Common Files\mcafee\mna\mcnasvc.exe (McAfee, Inc.) SRV - (DockLoginService) -- C:\Programme\Dell\DellDock\DockLogin.exe (Stardock Corporation) SRV - (IAANTMON) Intel(R) -- C:\Program Files (x86)\Intel\Intel Matrix Storage Manager\IAANTMon.exe (Intel Corporation) SRV - (sprtsvc_DellSupportCenter) SupportSoft Sprocket Service (DellSupportCenter) -- C:\Program Files (x86)\Dell Support Center\bin\sprtsvc.exe (SupportSoft, Inc.) SRV - (StarWindServiceAE) -- C:\Program Files (x86)\Alcohol Soft\Alcohol 120\StarWind\StarWindServiceAE.exe (Rocket Division Software) ========== Driver Services (SafeList) ========== DRV:64bit: - (MPFP) -- C:\Windows\SysNative\drivers\Mpfp.sys (McAfee, Inc.) DRV:64bit: - (sptd) -- C:\Windows\SysNative\drivers\sptd.sys () DRV:64bit: - (aksfridge) -- C:\Windows\SysNative\drivers\aksfridge.sys (Aladdin Knowledge Systems Ltd.) DRV:64bit: - (aksdf) -- C:\Windows\SysNative\drivers\aksdf.sys (Aladdin Knowledge Systems Ltd.) DRV:64bit: - (akshasp) -- C:\Windows\SysNative\drivers\akshasp.sys (Aladdin Knowledge Systems Ltd.) DRV:64bit: - (hardlock) -- C:\Windows\SysNative\drivers\hardlock.sys (Aladdin Knowledge Systems Ltd.) DRV:64bit: - (aksusb) -- C:\Windows\SysNative\drivers\aksusb.sys (Aladdin Knowledge Systems Ltd.) DRV:64bit: - (mfehidk) -- C:\Windows\SysNative\drivers\mfehidk.sys (McAfee, Inc.) DRV:64bit: - (mfeavfk) -- C:\Windows\SysNative\drivers\mfeavfk.sys (McAfee, Inc.) DRV:64bit: - (mfesmfk) -- C:\Windows\SysNative\drivers\mfesmfk.sys (McAfee, Inc.) DRV:64bit: - (mferkdk) -- C:\Windows\SysNative\drivers\mferkdk.sys (McAfee, Inc.) DRV:64bit: - (yukonw7) -- C:\Windows\SysNative\drivers\yk62x64.sys () DRV:64bit: - (Sftredir) -- C:\Windows\SysNative\drivers\Sftredirlh.sys (Microsoft Corporation) DRV:64bit: - (ZTEusbnet) -- C:\Windows\SysNative\drivers\ZTEusbnet.sys (ZTE Corporation) DRV:64bit: - (ZTEusbvoice) -- C:\Windows\SysNative\drivers\zteusbvoice.sys (ZTE Incorporated) DRV:64bit: - (ZTEusbser6k) -- C:\Windows\SysNative\drivers\ZTEusbser6k.sys (ZTE Incorporated) DRV:64bit: - (ZTEusbnmea) -- C:\Windows\SysNative\drivers\ZTEusbnmea.sys (ZTE Incorporated) DRV:64bit: - (ZTEusbmdm6k) -- C:\Windows\SysNative\drivers\ZTEusbmdm6k.sys (ZTE Incorporated) DRV:64bit: - (BCM42RLY) -- C:\Windows\SysNative\drivers\bcm42rly.sys (Broadcom Corporation) DRV:64bit: - (BCM43XX) -- C:\Windows\SysNative\drivers\BCMWL664.SYS (Broadcom Corporation) DRV:64bit: - (amdsata) -- C:\Windows\SysNative\drivers\amdsata.sys (Advanced Micro Devices) DRV:64bit: - (amdxata) -- C:\Windows\SysNative\drivers\amdxata.sys (Advanced Micro Devices) DRV:64bit: - (amdsbs) -- C:\Windows\SysNative\drivers\amdsbs.sys (AMD Technologies Inc.) DRV:64bit: - (LSI_SAS2) -- C:\Windows\SysNative\drivers\lsi_sas2.sys (LSI Corporation) DRV:64bit: - (HpSAMD) -- C:\Windows\SysNative\drivers\HpSAMD.sys (Hewlett-Packard Company) DRV:64bit: - (stexstor) -- C:\Windows\SysNative\drivers\stexstor.sys (Promise Technology) DRV:64bit: - (PxHlpa64) -- C:\Windows\SysNative\drivers\PxHlpa64.sys (Sonic Solutions) DRV:64bit: - (massfilter) -- C:\Windows\SysNative\drivers\massfilter.sys (ZTE Incorporated) DRV:64bit: - (STHDA) -- C:\Windows\SysNative\drivers\stwrt64.sys (IDT, Inc.) DRV:64bit: - (mfebopk) -- C:\Windows\SysNative\drivers\mfebopk.sys (McAfee, Inc.) DRV:64bit: - (CtClsFlt) -- C:\Windows\SysNative\drivers\CtClsFlt.sys (Creative Technology Ltd.) DRV:64bit: - (Ntfs) -- C:\Windows\SysNative\wbem\ntfs.mof () DRV:64bit: - (ebdrv) -- C:\Windows\SysNative\drivers\evbda.sys (Broadcom Corporation) DRV:64bit: - (b06bdrv) -- C:\Windows\SysNative\drivers\bxvbda.sys (Broadcom Corporation) DRV:64bit: - (b57nd60a) -- C:\Windows\SysNative\drivers\b57nd60a.sys (Broadcom Corporation) DRV:64bit: - (hcw85cir) -- C:\Windows\SysNative\drivers\hcw85cir.sys (Hauppauge Computer Works, Inc.) DRV:64bit: - (iaStor) -- C:\Windows\SysNative\drivers\iaStor.sys (Intel Corporation) DRV:64bit: - (igfx) -- C:\Windows\SysNative\drivers\igdkmd64.sys (Intel Corporation) DRV:64bit: - (RSUSBSTOR) -- C:\Windows\SysNative\drivers\RtsUStor.sys (Realtek Semiconductor Corp.) DRV:64bit: - (ElbyCDIO) -- C:\Windows\SysNative\drivers\ElbyCDIO.sys (Elaborate Bytes AG) DRV:64bit: - (ApfiltrService) -- C:\Windows\SysNative\drivers\Apfiltr.sys (Alps Electric Co., Ltd.) DRV:64bit: - (ElbyCDFL) -- C:\Windows\SysNative\drivers\ElbyCDFL.sys (SlySoft, Inc.) DRV:64bit: - (WimFltr) -- C:\Windows\SysNative\drivers\WimFltr.sys (Microsoft Corporation) DRV - (StarOpen) -- C:\Windows\SysWow64\drivers\StarOpen.sys () DRV - (sftplay) -- C:\Program Files (x86)\Microsoft Application Virtualization Client\drivers\sftplaylh.sys (Microsoft Corporation) DRV - (sftvol) -- C:\Program Files (x86)\Microsoft Application Virtualization Client\drivers\sftvollh.sys (Microsoft Corporation) DRV - (sftfs) -- C:\Program Files (x86)\Microsoft Application Virtualization Client\drivers\sftfslh.sys (Microsoft Corporation) DRV - (ElbyCDFL) -- C:\Windows\SysWOW64\drivers\ElbyCDFL.sys (SlySoft, Inc.) ========== Standard Registry (SafeList) ========== ========== Internet Explorer ========== IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm IE - HKLM\..\URLSearchHook: {542e4d79-1970-4e95-9862-fdb96f61b280} - C:\Program Files (x86)\Messenger_Plus_Live_Germany\tbMess.dll (Conduit Ltd.) IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 IE - HKU\S-1-5-21-683569300-42502393-3336166826-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = Dell und MSN IE - HKU\S-1-5-21-683569300-42502393-3336166826-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = Search IE - HKU\S-1-5-21-683569300-42502393-3336166826-1000\..\URLSearchHook: {542e4d79-1970-4e95-9862-fdb96f61b280} - C:\Program Files (x86)\Messenger_Plus_Live_Germany\tbMess.dll (Conduit Ltd.) IE - HKU\S-1-5-21-683569300-42502393-3336166826-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 ========== FireFox ========== FF - prefs.js..browser.search.defaultthis.engineName: "Search" FF - prefs.js..browser.search.defaulturl: "hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT2269050&SearchSource=3&q={searchTerms}" FF - prefs.js..browser.search.selectedEngine: "Search" FF - prefs.js..browser.startup.homepage: "hxxp://de.start3.mozilla.com/firefox?client=firefox-a&rls=org.mozilla:de:official" FF - prefs.js..extensions.enabledItems: personas@christopher.beard:1.6 FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}:6.0.20 FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA}:6.0.21 FF - prefs.js..extensions.enabledItems: {635abd67-4fe9-1b23-4f01-e679fa7484c1}:1.5.4.20081105 FF - prefs.js..keyword.URL: "hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT2269050&q=" FF - HKLM\software\mozilla\Firefox\Extensions\\smartwebprinting@hp.com: C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3 [2010.03.31 22:57:24 | 000,000,000 | ---D | M] FF - HKLM\software\mozilla\Mozilla Firefox 3.6.8\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2010.07.25 00:31:30 | 000,000,000 | ---D | M] FF - HKLM\software\mozilla\Mozilla Firefox 3.6.8\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins [2010.07.25 00:31:30 | 000,000,000 | ---D | M] [2010.03.24 21:46:20 | 000,000,000 | ---D | M] -- C:\Users\Admin\AppData\Roaming\mozilla\Extensions [2010.08.26 17:28:01 | 000,000,000 | ---D | M] -- C:\Users\Admin\AppData\Roaming\mozilla\Firefox\Profiles\wl4zcllm.default\extensions [2010.08.26 17:16:00 | 000,000,000 | ---D | M] (Yahoo! Toolbar) -- C:\Users\Admin\AppData\Roaming\mozilla\Firefox\Profiles\wl4zcllm.default\extensions\{635abd67-4fe9-1b23-4f01-e679fa7484c1} [2010.08.25 21:20:48 | 000,000,000 | ---D | M] -- C:\Users\Admin\AppData\Roaming\mozilla\Firefox\Profiles\wl4zcllm.default\extensions\personas@christopher.beard [2010.07.28 20:20:03 | 000,000,873 | ---- | M] () -- C:\Users\Admin\AppData\Roaming\Mozilla\FireFox\Profiles\wl4zcllm.default\searchplugins\conduit.xml [2010.08.03 16:52:37 | 000,000,000 | ---D | M] -- C:\Program Files (x86)\mozilla firefox\extensions [2010.06.07 16:29:09 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files (x86)\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA} [2010.08.03 16:52:37 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files (x86)\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA} [2010.07.17 05:00:04 | 000,423,656 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files (x86)\mozilla firefox\plugins\npdeployJava1.dll [2010.06.25 16:40:02 | 000,001,392 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\amazondotcom-de.xml [2010.06.25 16:40:02 | 000,002,344 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\eBay-de.xml [2010.06.25 16:40:02 | 000,006,805 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\leo_ende_de.xml [2010.06.25 16:40:02 | 000,001,178 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\wikipedia-de.xml [2010.06.25 16:40:02 | 000,001,105 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\yahoo-de.xml O1 HOSTS File: ([2009.06.10 23:00:26 | 000,000,824 | ---- | M]) - C:\Windows\SysNative\drivers\etc\hosts O2:64bit: - BHO: (McAfee Phishing Filter) - {27B4851A-3207-45A2-B947-BE8AFE6163AB} - c:\PROGRA~2\mcafee\msk\MSKAPB~1.DLL () O2:64bit: - BHO: (scriptproxy) - {7DB2D5A0-7241-4E79-B68D-6309F01C5231} - C:\Programme\McAfee\VirusScan\scriptsn.dll (McAfee, Inc.) O2:64bit: - BHO: (Windows Live ID-Anmelde-Hilfsprogramm) - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Programme\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corporation) O2 - BHO: (HP Print Enhancer) - {0347C33E-8762-4905-BF09-768834316C61} - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\hpswp_printenhancer.dll (Hewlett-Packard Co.) O2 - BHO: (McAfee Phishing Filter) - {27B4851A-3207-45A2-B947-BE8AFE6163AB} - c:\progra~2\mcafee\msk\mskapbho.dll () O2 - BHO: (Messenger Plus Live Germany Toolbar) - {542e4d79-1970-4e95-9862-fdb96f61b280} - C:\Program Files (x86)\Messenger_Plus_Live_Germany\tbMess.dll (Conduit Ltd.) O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - No CLSID value found. O2 - BHO: (Search Helper) - {6EBF7485-159F-4bff-A14F-B9E3AAC4465B} - C:\Program Files (x86)\Microsoft\Search Enhancement Pack\Search Helper\SEPsearchhelperie.dll (Microsoft Corporation) O2 - BHO: (scriptproxy) - {7DB2D5A0-7241-4E79-B68D-6309F01C5231} - C:\Program Files (x86)\McAfee\VirusScan\scriptsn.dll (McAfee, Inc.) O2 - BHO: (Windows Live Toolbar Helper) - {E15A8DC0-8516-42A1-81EA-DC94EC1ACF10} - C:\Program Files (x86)\Windows Live\Toolbar\wltcore.dll (Microsoft Corporation) O2 - BHO: (HP Smart BHO Class) - {FFFFFFFF-CF4E-4F2B-BDC2-0E72E116A856} - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\hpswp_BHO.dll (Hewlett-Packard Co.) O3:64bit: - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found. O3 - HKLM\..\Toolbar: (&Windows Live Toolbar) - {21FA44EF-376D-4D53-9B0F-8A89D3229068} - C:\Program Files (x86)\Windows Live\Toolbar\wltcore.dll (Microsoft Corporation) O3 - HKLM\..\Toolbar: (Messenger Plus Live Germany Toolbar) - {542e4d79-1970-4e95-9862-fdb96f61b280} - C:\Program Files (x86)\Messenger_Plus_Live_Germany\tbMess.dll (Conduit Ltd.) O3 - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found. O3 - HKU\S-1-5-21-683569300-42502393-3336166826-1000\..\Toolbar\WebBrowser: (&Windows Live Toolbar) - {21FA44EF-376D-4D53-9B0F-8A89D3229068} - C:\Program Files (x86)\Windows Live\Toolbar\wltcore.dll (Microsoft Corporation) O3 - HKU\S-1-5-21-683569300-42502393-3336166826-1000\..\Toolbar\WebBrowser: (Messenger Plus Live Germany Toolbar) - {542E4D79-1970-4E95-9862-FDB96F61B280} - C:\Program Files (x86)\Messenger_Plus_Live_Germany\tbMess.dll (Conduit Ltd.) O4:64bit: - HKLM..\Run: [Apoint] C:\Programme\DellTPad\Apoint.exe (Alps Electric Co., Ltd.) O4:64bit: - HKLM..\Run: [Broadcom Wireless Manager UI] C:\Programme\Dell\Dell Wireless WLAN Card\WLTRAY.EXE (Dell Inc.) O4:64bit: - HKLM..\Run: [HotKeysCmds] C:\Windows\SysNative\hkcmd.exe (Intel Corporation) O4:64bit: - HKLM..\Run: [IAAnotif] C:\Program Files (x86)\Intel\Intel Matrix Storage Manager\iaanotif.exe (Intel Corporation) O4:64bit: - HKLM..\Run: [IgfxTray] C:\Windows\SysNative\igfxtray.exe (Intel Corporation) O4:64bit: - HKLM..\Run: [LifeChat] C:\Program Files\Microsoft LifeChat\LifeChat.exe (Microsoft Corporation) O4:64bit: - HKLM..\Run: [Persistence] C:\Windows\SysNative\igfxpers.exe (Intel Corporation) O4:64bit: - HKLM..\Run: [QuickSet] C:\Programme\Dell\QuickSet\quickset.exe (Dell Inc.) O4:64bit: - HKLM..\Run: [SysTrayApp] C:\Programme\IDT\WDM\sttray64.exe (IDT, Inc.) O4 - HKLM..\Run: [CloneCDTray] C:\Program Files (x86)\SlySoft\CloneCD\CloneCDTray.exe (SlySoft, Inc.) O4 - HKLM..\Run: [Dell DataSafe Online] C:\Program Files (x86)\Dell DataSafe Online\DataSafeOnline.exe () O4 - HKLM..\Run: [Dell Webcam Central] C:\Program Files (x86)\Dell Webcam\Dell Webcam Central\WebcamDell2.exe (Creative Technology Ltd) O4 - HKLM..\Run: [DellSupportCenter] C:\Program Files (x86)\Dell Support Center\bin\sprtcmd.exe (SupportSoft, Inc.) O4 - HKLM..\Run: [Desktop Disc Tool] c:\Program Files (x86)\Roxio\Roxio Burn\RoxioBurnLauncher.exe () O4 - HKLM..\Run: [DivXUpdate] C:\Program Files (x86)\DivX\DivX Update\DivXUpdate.exe () O4 - HKLM..\Run: [mcagent_exe] C:\Program Files (x86)\McAfee.com\Agent\mcagent.exe (McAfee, Inc.) O4 - HKLM..\Run: [PDVDDXSrv] C:\Program Files (x86)\CyberLink\PowerDVD DX\PDVDDXSrv.exe (CyberLink Corp.) O4 - HKU\S-1-5-19..\Run: [Sidebar] C:\Program Files (x86)\Windows Sidebar\Sidebar.exe (Microsoft Corporation) O4 - HKU\S-1-5-20..\Run: [Sidebar] C:\Program Files (x86)\Windows Sidebar\Sidebar.exe (Microsoft Corporation) O4 - HKU\S-1-5-21-683569300-42502393-3336166826-1000..\Run: [AlcoholAutomount] C:\Program Files (x86)\Alcohol Soft\Alcohol 120\axcmd.exe (Alcohol Soft Development Team) O4 - HKU\S-1-5-21-683569300-42502393-3336166826-1000..\Run: [msnmsgr] C:\Program Files (x86)\Windows Live\Messenger\msnmsgr.exe (Microsoft Corporation) O4 - HKU\S-1-5-19..\RunOnce: [mctadmin] C:\Windows\SysWow64\mctadmin.exe File not found O4 - HKU\S-1-5-20..\RunOnce: [mctadmin] C:\Windows\SysWow64\mctadmin.exe File not found O4 - Startup: C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dell Dock.lnk = C:\Program Files (x86)\Dell\DellDock\DellDock.exe File not found O4 - Startup: C:\Users\Default\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dell Dock First Run.lnk = C:\Program Files (x86)\Dell\DellDock\DellDock.exe File not found O4 - Startup: C:\Users\Default User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dell Dock First Run.lnk = C:\Program Files (x86)\Dell\DellDock\DellDock.exe File not found O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktopChanges = 1 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3 O8:64bit: - Extra context menu item: Free YouTube Download - C:\Users\Admin\AppData\Roaming\DVDVideoSoftIEHelpers\youtubedownload.htm () O8:64bit: - Extra context menu item: Free YouTube to Mp3 Converter - C:\Users\Admin\AppData\Roaming\DVDVideoSoftIEHelpers\youtubetomp3.htm () O8 - Extra context menu item: Free YouTube Download - C:\Users\Admin\AppData\Roaming\DVDVideoSoftIEHelpers\youtubedownload.htm () O8 - Extra context menu item: Free YouTube to Mp3 Converter - C:\Users\Admin\AppData\Roaming\DVDVideoSoftIEHelpers\youtubetomp3.htm () O9 - Extra Button: In Blog veröffentlichen - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll (Microsoft Corporation) O9 - Extra 'Tools' menuitem : In Windows Live Writer in Blog veröffentliche&n - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll (Microsoft Corporation) O9 - Extra Button: ICQ7.1 - {71BFC818-0CED-42D6-9C87-5142918957EE} - C:\Program Files (x86)\ICQ7.1\ICQ.exe (ICQ, LLC.) O9 - Extra 'Tools' menuitem : ICQ7.1 - {71BFC818-0CED-42D6-9C87-5142918957EE} - C:\Program Files (x86)\ICQ7.1\ICQ.exe (ICQ, LLC.) O9 - Extra Button: HP Smart Web Printing ein- oder ausblenden - {DDE87865-83C5-48c4-8357-2F5B1AA84522} - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\hpswp_BHO.dll (Hewlett-Packard Co.) O10:64bit: - NameSpace_Catalog5\Catalog_Entries\000000000007 [] - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL (Microsoft Corporation) O10:64bit: - NameSpace_Catalog5\Catalog_Entries\000000000008 [] - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL (Microsoft Corporation) O10 - NameSpace_Catalog5\Catalog_Entries\000000000007 [] - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL (Microsoft Corporation) O10 - NameSpace_Catalog5\Catalog_Entries\000000000008 [] - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL (Microsoft Corporation) O13 - gopher Prefix: missing O13 - gopher Prefix: missing O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_17-windows-i586.cab (Java Plug-in 1.6.0_17) O16 - DPF: {CAFEEFAC-0016-0000-0017-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_17-windows-i586.cab (Java Plug-in 1.6.0_17) O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_17-windows-i586.cab (Reg Error: Key error.) O16 - DPF: {5C051655-FCD5-4969-9182-770EA5AA5565} hxxp://messenger.zone.msn.com/binary/SolitaireShowdown.cab56986.cab (Solitaire Showdown Class) O16 - DPF: {5D6F45B3-9043-443D-A792-115447494D24} hxxp://messenger.zone.msn.com/MessengerGamesContent/GameContent/de/uno1/GAME_UNO1.cab (UnoCtrl Class) O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_21-windows-i586.cab (Java Plug-in 1.6.0_21) O16 - DPF: {C345E174-3E87-4F41-A01C-B066A90A49B4} hxxp://trial.trymicrosoftoffice.com/trialoaa/buymsoffice_assets/framework/microsoft/wrc32.ocx (WRC Class) O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} hxxp://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab56907.cab (MessengerStatsClient Class) O16 - DPF: {CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_21-windows-i586.cab (Java Plug-in 1.6.0_21) O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_21-windows-i586.cab (Java Plug-in 1.6.0_21) O16 - DPF: {F5A7706B-B9C0-4C89-A715-7A0C6B05DD48} hxxp://messenger.zone.msn.com/binary/MineSweeper.cab56986.cab (Minesweeper Flags Class) O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 83.169.186.161 192.168.0.1 O18:64bit: - Protocol\Handler\livecall {828030A1-22C1-4009-854F-8E305202313F} - Reg Error: Key error. File not found O18:64bit: - Protocol\Handler\ms-itss {0A9007C0-4076-11D3-8789-0000F8105754} - Reg Error: Key error. File not found O18:64bit: - Protocol\Handler\msnim {828030A1-22C1-4009-854F-8E305202313F} - Reg Error: Key error. File not found O18:64bit: - Protocol\Handler\wlmailhtml {03C514A3-1EFB-4856-9F99-10D7BE1653C0} - Reg Error: Key error. File not found O18 - Protocol\Handler\livecall {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~2\WIC4A1~1\MESSEN~1\MSGRAP~1.DLL (Microsoft Corporation) O18 - Protocol\Handler\msnim {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~2\WIC4A1~1\MESSEN~1\MSGRAP~1.DLL (Microsoft Corporation) O20:64bit: - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation) O20:64bit: - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\Windows\SysNative\SystemPropertiesPerformance.exe (Microsoft Corporation) O20:64bit: - HKLM Winlogon: VMApplet - (/pagefile) - File not found O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation) O20 - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\Windows\SysWow64\SystemPropertiesPerformance.exe (Microsoft Corporation) O20 - HKLM Winlogon: VMApplet - (/pagefile) - File not found O20:64bit: - Winlogon\Notify\igfxcui: DllName - Reg Error: Key error. - C:\Windows\SysNative\igfxdev.dll (Intel Corporation) O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - CLSID or File not found. O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - CLSID or File not found. O30:64bit: - LSA: Security Packages - (livessp) - C:\Windows\SysNative\livessp.dll (Microsoft Corporation) O30 - LSA: Security Packages - (livessp) - C:\Windows\SysWow64\livessp.dll (Microsoft Corporation) O32 - HKLM CDRom: AutoRun - 1 O33 - MountPoints2\{ab0ebd04-a0d5-11df-b5e3-a4badbae48c3}\Shell - "" = AutoRun O33 - MountPoints2\{ab0ebd04-a0d5-11df-b5e3-a4badbae48c3}\Shell\AutoRun\command - "" = F:\setup_vmc_lite.exe -- File not found O33 - MountPoints2\{d155d571-7caa-11df-b178-a4badbae48c3}\Shell - "" = AutoRun O33 - MountPoints2\{d155d571-7caa-11df-b178-a4badbae48c3}\Shell\AutoRun\command - "" = E:\AutoRun.exe setup.exe -- File not found O34 - HKLM BootExecute: (autocheck autochk *) - File not found O35:64bit: - HKLM\..comfile [open] -- "%1" %* O35:64bit: - HKLM\..exefile [open] -- "%1" %* O35 - HKLM\..comfile [open] -- "%1" %* O35 - HKLM\..exefile [open] -- "%1" %* O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %* O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %* O37 - HKLM\...com [@ = comfile] -- "%1" %* O37 - HKLM\...exe [@ = exefile] -- "%1" %* SafeBootMin:64bit: AppMgmt - Service SafeBootMin:64bit: Base - Driver Group SafeBootMin:64bit: Boot Bus Extender - Driver Group SafeBootMin:64bit: Boot file system - Driver Group SafeBootMin:64bit: File system - Driver Group SafeBootMin:64bit: Filter - Driver Group SafeBootMin:64bit: HelpSvc - Service SafeBootMin:64bit: PCI Configuration - Driver Group SafeBootMin:64bit: PNP Filter - Driver Group SafeBootMin:64bit: Primary disk - Driver Group SafeBootMin:64bit: sacsvr - Service SafeBootMin:64bit: SCSI Class - Driver Group SafeBootMin:64bit: System Bus Extender - Driver Group SafeBootMin:64bit: vmms - Service SafeBootMin:64bit: {36FC9E60-C465-11CF-8056-444553540000} - Universal Serial Bus controllers SafeBootMin:64bit: {4D36E965-E325-11CE-BFC1-08002BE10318} - CD-ROM Drive SafeBootMin:64bit: {4D36E967-E325-11CE-BFC1-08002BE10318} - DiskDrive SafeBootMin:64bit: {4D36E969-E325-11CE-BFC1-08002BE10318} - Standard floppy disk controller SafeBootMin:64bit: {4D36E96A-E325-11CE-BFC1-08002BE10318} - Hdc SafeBootMin:64bit: {4D36E96B-E325-11CE-BFC1-08002BE10318} - Keyboard SafeBootMin:64bit: {4D36E96F-E325-11CE-BFC1-08002BE10318} - Mouse SafeBootMin:64bit: {4D36E977-E325-11CE-BFC1-08002BE10318} - PCMCIA Adapters SafeBootMin:64bit: {4D36E97B-E325-11CE-BFC1-08002BE10318} - SCSIAdapter SafeBootMin:64bit: {4D36E97D-E325-11CE-BFC1-08002BE10318} - System SafeBootMin:64bit: {4D36E980-E325-11CE-BFC1-08002BE10318} - Floppy disk drive SafeBootMin:64bit: {533C5B84-EC70-11D2-9505-00C04F79DEAF} - Volume shadow copy SafeBootMin:64bit: {6BDD1FC1-810F-11D0-BEC7-08002BE2092F} - IEEE 1394 Bus host controllers SafeBootMin:64bit: {71A27CDD-812A-11D0-BEC7-08002BE2092F} - Volume SafeBootMin:64bit: {745A17A0-74D3-11D0-B6FE-00A0C90F57DA} - Human Interface Devices SafeBootMin:64bit: {D48179BE-EC20-11D1-B6B8-00C04FA372A7} - SBP2 IEEE 1394 Devices SafeBootMin:64bit: {D94EE5D8-D189-4994-83D2-F68D7D41B0E6} - SecurityDevices SafeBootMin: AppMgmt - Service SafeBootMin: Base - Driver Group SafeBootMin: Boot Bus Extender - Driver Group SafeBootMin: Boot file system - Driver Group SafeBootMin: File system - Driver Group SafeBootMin: Filter - Driver Group SafeBootMin: HelpSvc - Service SafeBootMin: mcmscsvc - C:\PROGRA~2\McAfee\MSC\mcmscsvc.exe (McAfee, Inc.) SafeBootMin: MCODS - C:\Programme\McAfee\VirusScan\mcods.exe (McAfee, Inc.) SafeBootMin: PCI Configuration - Driver Group SafeBootMin: PNP Filter - Driver Group SafeBootMin: Primary disk - Driver Group SafeBootMin: sacsvr - Service SafeBootMin: SCSI Class - Driver Group SafeBootMin: System Bus Extender - Driver Group SafeBootMin: vmms - Service SafeBootMin: {36FC9E60-C465-11CF-8056-444553540000} - Universal Serial Bus controllers SafeBootMin: {4D36E965-E325-11CE-BFC1-08002BE10318} - CD-ROM Drive SafeBootMin: {4D36E967-E325-11CE-BFC1-08002BE10318} - DiskDrive SafeBootMin: {4D36E969-E325-11CE-BFC1-08002BE10318} - Standard floppy disk controller SafeBootMin: {4D36E96A-E325-11CE-BFC1-08002BE10318} - Hdc SafeBootMin: {4D36E96B-E325-11CE-BFC1-08002BE10318} - Keyboard SafeBootMin: {4D36E96F-E325-11CE-BFC1-08002BE10318} - Mouse SafeBootMin: {4D36E977-E325-11CE-BFC1-08002BE10318} - PCMCIA Adapters SafeBootMin: {4D36E97B-E325-11CE-BFC1-08002BE10318} - SCSIAdapter SafeBootMin: {4D36E97D-E325-11CE-BFC1-08002BE10318} - System SafeBootMin: {4D36E980-E325-11CE-BFC1-08002BE10318} - Floppy disk drive SafeBootMin: {533C5B84-EC70-11D2-9505-00C04F79DEAF} - Volume shadow copy SafeBootMin: {6BDD1FC1-810F-11D0-BEC7-08002BE2092F} - IEEE 1394 Bus host controllers SafeBootMin: {71A27CDD-812A-11D0-BEC7-08002BE2092F} - Volume SafeBootMin: {745A17A0-74D3-11D0-B6FE-00A0C90F57DA} - Human Interface Devices SafeBootMin: {D48179BE-EC20-11D1-B6B8-00C04FA372A7} - SBP2 IEEE 1394 Devices SafeBootMin: {D94EE5D8-D189-4994-83D2-F68D7D41B0E6} - SecurityDevices SafeBootNet:64bit: AppMgmt - Service SafeBootNet:64bit: Base - Driver Group SafeBootNet:64bit: Boot Bus Extender - Driver Group SafeBootNet:64bit: Boot file system - Driver Group SafeBootNet:64bit: File system - Driver Group SafeBootNet:64bit: Filter - Driver Group SafeBootNet:64bit: HelpSvc - Service SafeBootNet:64bit: Messenger - Service SafeBootNet:64bit: NDIS Wrapper - Driver Group SafeBootNet:64bit: NetBIOSGroup - Driver Group SafeBootNet:64bit: NetDDEGroup - Driver Group SafeBootNet:64bit: Network - Driver Group SafeBootNet:64bit: NetworkProvider - Driver Group SafeBootNet:64bit: PCI Configuration - Driver Group SafeBootNet:64bit: PNP Filter - Driver Group SafeBootNet:64bit: PNP_TDI - Driver Group SafeBootNet:64bit: Primary disk - Driver Group SafeBootNet:64bit: rdsessmgr - Service SafeBootNet:64bit: sacsvr - Service SafeBootNet:64bit: SCSI Class - Driver Group SafeBootNet:64bit: Streams Drivers - Driver Group SafeBootNet:64bit: System Bus Extender - Driver Group SafeBootNet:64bit: TDI - Driver Group SafeBootNet:64bit: vmms - Service SafeBootNet:64bit: WudfUsbccidDriver - Driver SafeBootNet:64bit: {36FC9E60-C465-11CF-8056-444553540000} - Universal Serial Bus controllers SafeBootNet:64bit: {4D36E965-E325-11CE-BFC1-08002BE10318} - CD-ROM Drive SafeBootNet:64bit: {4D36E967-E325-11CE-BFC1-08002BE10318} - DiskDrive SafeBootNet:64bit: {4D36E969-E325-11CE-BFC1-08002BE10318} - Standard floppy disk controller SafeBootNet:64bit: {4D36E96A-E325-11CE-BFC1-08002BE10318} - Hdc SafeBootNet:64bit: {4D36E96B-E325-11CE-BFC1-08002BE10318} - Keyboard SafeBootNet:64bit: {4D36E96F-E325-11CE-BFC1-08002BE10318} - Mouse SafeBootNet:64bit: {4D36E972-E325-11CE-BFC1-08002BE10318} - Net SafeBootNet:64bit: {4D36E973-E325-11CE-BFC1-08002BE10318} - NetClient SafeBootNet:64bit: {4D36E974-E325-11CE-BFC1-08002BE10318} - NetService SafeBootNet:64bit: {4D36E975-E325-11CE-BFC1-08002BE10318} - NetTrans SafeBootNet:64bit: {4D36E977-E325-11CE-BFC1-08002BE10318} - PCMCIA Adapters SafeBootNet:64bit: {4D36E97B-E325-11CE-BFC1-08002BE10318} - SCSIAdapter SafeBootNet:64bit: {4D36E97D-E325-11CE-BFC1-08002BE10318} - System SafeBootNet:64bit: {4D36E980-E325-11CE-BFC1-08002BE10318} - Floppy disk drive SafeBootNet:64bit: {50DD5230-BA8A-11D1-BF5D-0000F805F530} - Smart card readers SafeBootNet:64bit: {533C5B84-EC70-11D2-9505-00C04F79DEAF} - Volume shadow copy SafeBootNet:64bit: {6BDD1FC1-810F-11D0-BEC7-08002BE2092F} - IEEE 1394 Bus host controllers SafeBootNet:64bit: {71A27CDD-812A-11D0-BEC7-08002BE2092F} - Volume SafeBootNet:64bit: {745A17A0-74D3-11D0-B6FE-00A0C90F57DA} - Human Interface Devices SafeBootNet:64bit: {D48179BE-EC20-11D1-B6B8-00C04FA372A7} - SBP2 IEEE 1394 Devices SafeBootNet:64bit: {D94EE5D8-D189-4994-83D2-F68D7D41B0E6} - SecurityDevices SafeBootNet: AppMgmt - Service SafeBootNet: Base - Driver Group SafeBootNet: Boot Bus Extender - Driver Group SafeBootNet: Boot file system - Driver Group SafeBootNet: File system - Driver Group SafeBootNet: Filter - Driver Group SafeBootNet: HelpSvc - Service SafeBootNet: mcmscsvc - C:\PROGRA~2\McAfee\MSC\mcmscsvc.exe (McAfee, Inc.) SafeBootNet: MCODS - C:\Programme\McAfee\VirusScan\mcods.exe (McAfee, Inc.) SafeBootNet: Messenger - Service SafeBootNet: MpfService - C:\Program Files (x86)\McAfee\MPF\MPFSrv.exe (McAfee, Inc.) SafeBootNet: NDIS Wrapper - Driver Group SafeBootNet: NetBIOSGroup - Driver Group SafeBootNet: NetDDEGroup - Driver Group SafeBootNet: Network - Driver Group SafeBootNet: NetworkProvider - Driver Group SafeBootNet: PCI Configuration - Driver Group SafeBootNet: PNP Filter - Driver Group SafeBootNet: PNP_TDI - Driver Group SafeBootNet: Primary disk - Driver Group SafeBootNet: rdsessmgr - Service SafeBootNet: sacsvr - Service SafeBootNet: SCSI Class - Driver Group SafeBootNet: Streams Drivers - Driver Group SafeBootNet: System Bus Extender - Driver Group SafeBootNet: TDI - Driver Group SafeBootNet: vmms - Service SafeBootNet: WudfUsbccidDriver - Driver SafeBootNet: {36FC9E60-C465-11CF-8056-444553540000} - Universal Serial Bus controllers SafeBootNet: {4D36E965-E325-11CE-BFC1-08002BE10318} - CD-ROM Drive SafeBootNet: {4D36E967-E325-11CE-BFC1-08002BE10318} - DiskDrive SafeBootNet: {4D36E969-E325-11CE-BFC1-08002BE10318} - Standard floppy disk controller SafeBootNet: {4D36E96A-E325-11CE-BFC1-08002BE10318} - Hdc SafeBootNet: {4D36E96B-E325-11CE-BFC1-08002BE10318} - Keyboard SafeBootNet: {4D36E96F-E325-11CE-BFC1-08002BE10318} - Mouse SafeBootNet: {4D36E972-E325-11CE-BFC1-08002BE10318} - Net SafeBootNet: {4D36E973-E325-11CE-BFC1-08002BE10318} - NetClient SafeBootNet: {4D36E974-E325-11CE-BFC1-08002BE10318} - NetService SafeBootNet: {4D36E975-E325-11CE-BFC1-08002BE10318} - NetTrans SafeBootNet: {4D36E977-E325-11CE-BFC1-08002BE10318} - PCMCIA Adapters SafeBootNet: {4D36E97B-E325-11CE-BFC1-08002BE10318} - SCSIAdapter SafeBootNet: {4D36E97D-E325-11CE-BFC1-08002BE10318} - System SafeBootNet: {4D36E980-E325-11CE-BFC1-08002BE10318} - Floppy disk drive SafeBootNet: {50DD5230-BA8A-11D1-BF5D-0000F805F530} - Smart card readers SafeBootNet: {533C5B84-EC70-11D2-9505-00C04F79DEAF} - Volume shadow copy SafeBootNet: {6BDD1FC1-810F-11D0-BEC7-08002BE2092F} - IEEE 1394 Bus host controllers SafeBootNet: {71A27CDD-812A-11D0-BEC7-08002BE2092F} - Volume SafeBootNet: {745A17A0-74D3-11D0-B6FE-00A0C90F57DA} - Human Interface Devices SafeBootNet: {D48179BE-EC20-11D1-B6B8-00C04FA372A7} - SBP2 IEEE 1394 Devices SafeBootNet: {D94EE5D8-D189-4994-83D2-F68D7D41B0E6} - SecurityDevices ActiveX:64bit: {08B0E5C0-4FCB-11CF-AAA5-00401C608500} - Java (Sun) ActiveX:64bit: {22d6f312-b0f6-11d0-94ab-0080c74c7e95} - Microsoft Windows Media Player 12.0 ActiveX:64bit: {2C7339CF-2B09-4501-B3F3-F3508C9228ED} - %SystemRoot%\system32\regsvr32.exe /s /n /i:/UserInstall %SystemRoot%\system32\themeui.dll ActiveX:64bit: {3af36230-a269-11d1-b5bf-0000f8051515} - Offline Browsing Pack ActiveX:64bit: {44BBA840-CC51-11CF-AAFA-00AA00B6015C} - "%ProgramFiles%\Windows Mail\WinMail.exe" OCInstallUserConfigOE ActiveX:64bit: {44BBA855-CC51-11CF-AAFA-00AA00B6015F} - DirectDrawEx ActiveX:64bit: {45ea75a0-a269-11d1-b5bf-0000f8051515} - Internet Explorer Help ActiveX:64bit: {4f645220-306d-11d2-995d-00c04f98bbc9} - Microsoft Windows Script 5.6 ActiveX:64bit: {5fd399c0-a70a-11d1-9948-00c04f98bbc9} - Internet Explorer Setup Tools ActiveX:64bit: {630b1da0-b465-11d1-9948-00c04f98bbc9} - Browsing Enhancements ActiveX:64bit: {6BF52A52-394A-11d3-B153-00C04F79FAA6} - Microsoft Windows Media Player ActiveX:64bit: {6fab99d0-bab8-11d1-994a-00c04f98bbc9} - MSN Site Access ActiveX:64bit: {7790769C-0471-11d2-AF11-00C04FA35D02} - Address Book 7 ActiveX:64bit: {89820200-ECBD-11cf-8B85-00AA005B4340} - regsvr32.exe /s /n /i:U shell32.dll ActiveX:64bit: {89820200-ECBD-11cf-8B85-00AA005B4383} - C:\Windows\System32\ie4uinit.exe -BaseSettings ActiveX:64bit: {89B4C1CD-B018-4511-B0A1-5476DBF70820} - C:\Windows\system32\Rundll32.exe C:\Windows\system32\mscories.dll,Install ActiveX:64bit: {9381D8F2-0288-11D0-9501-00AA00B911A5} - Dynamic HTML Data Binding ActiveX:64bit: {C9E9A340-D1F1-11D0-821E-444553540600} - Internet Explorer Core Fonts ActiveX:64bit: {de5aed00-a4bf-11d1-9948-00c04f98bbc9} - HTML Help ActiveX:64bit: {E92B03AB-B707-11d2-9CBD-0000F87A369E} - Active Directory Service Interface ActiveX:64bit: {FEBEF00C-046D-438D-8A88-BF94A6C9E703} - .NET Framework ActiveX:64bit: >{22d6f312-b0f6-11d0-94ab-0080c74c7e95} - %SystemRoot%\system32\unregmp2.exe /ShowWMP ActiveX:64bit: >{26923b43-4d38-484f-9b9e-de460746276c} - C:\Windows\System32\ie4uinit.exe -UserIconConfig ActiveX:64bit: >{60B49E34-C7CC-11D0-8953-00A0C90347FF} - "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\iedkcs32.dll",BrandIEActiveSetup SIGNUP ActiveX: {08B0E5C0-4FCB-11CF-AAA5-00401C608500} - Java (Sun) ActiveX: {22d6f312-b0f6-11d0-94ab-0080c74c7e95} - Microsoft Windows Media Player 12.0 ActiveX: {25FFAAD0-F4A3-4164-95FF-4461E9F35D51} - .NET Framework ActiveX: {2C7339CF-2B09-4501-B3F3-F3508C9228ED} - %SystemRoot%\system32\regsvr32.exe /s /n /i:/UserInstall %SystemRoot%\system32\themeui.dll ActiveX: {3af36230-a269-11d1-b5bf-0000f8051515} - Offline Browsing Pack ActiveX: {44BBA840-CC51-11CF-AAFA-00AA00B6015C} - "%ProgramFiles(x86)%\Windows Mail\WinMail.exe" OCInstallUserConfigOE ActiveX: {44BBA855-CC51-11CF-AAFA-00AA00B6015F} - DirectDrawEx ActiveX: {45ea75a0-a269-11d1-b5bf-0000f8051515} - Internet Explorer Help ActiveX: {4f645220-306d-11d2-995d-00c04f98bbc9} - Microsoft Windows Script 5.6 ActiveX: {5fd399c0-a70a-11d1-9948-00c04f98bbc9} - Internet Explorer Setup Tools ActiveX: {630b1da0-b465-11d1-9948-00c04f98bbc9} - Browsing Enhancements ActiveX: {6BF52A52-394A-11d3-B153-00C04F79FAA6} - Microsoft Windows Media Player ActiveX: {6fab99d0-bab8-11d1-994a-00c04f98bbc9} - MSN Site Access ActiveX: {7790769C-0471-11d2-AF11-00C04FA35D02} - Address Book 7 ActiveX: {7C028AF8-F614-47B3-82DA-BA94E41B1089} - .NET Framework ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4340} - regsvr32.exe /s /n /i:U shell32.dll ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4383} - C:\Windows\SysWOW64\ie4uinit.exe -BaseSettings ActiveX: {89B4C1CD-B018-4511-B0A1-5476DBF70820} - C:\Windows\SysWOW64\Rundll32.exe C:\Windows\SysWOW64\mscories.dll,Install ActiveX: {9381D8F2-0288-11D0-9501-00AA00B911A5} - Dynamic HTML Data Binding ActiveX: {C9E9A340-D1F1-11D0-821E-444553540600} - Internet Explorer Core Fonts ActiveX: {D27CDB6E-AE6D-11CF-96B8-444553540000} - Adobe Flash Player ActiveX: {de5aed00-a4bf-11d1-9948-00c04f98bbc9} - HTML Help ActiveX: {E92B03AB-B707-11d2-9CBD-0000F87A369E} - Active Directory Service Interface ActiveX: >{22d6f312-b0f6-11d0-94ab-0080c74c7e95} - %SystemRoot%\system32\unregmp2.exe /ShowWMP ActiveX: >{26923b43-4d38-484f-9b9e-de460746276c} - C:\Windows\SysWOW64\ie4uinit.exe -UserIconConfig ActiveX: >{60B49E34-C7CC-11D0-8953-00A0C90347FF} - "C:\Windows\SysWOW64\rundll32.exe" "C:\Windows\SysWOW64\iedkcs32.dll",BrandIEActiveSetup SIGNUP Drivers32:64bit: msacm.l3acm - C:\Windows\System32\l3codeca.acm (Fraunhofer Institut Integrierte Schaltungen IIS) Drivers32: msacm.l3acm - C:\Windows\SysWOW64\l3codeca.acm (Fraunhofer Institut Integrierte Schaltungen IIS) Drivers32: vidc.cvid - C:\Windows\SysWow64\iccvid.dll (Radius Inc.) Drivers32: vidc.DIVX - C:\Windows\SysWow64\DivX.dll (DivX, Inc.) Drivers32: vidc.VP60 - C:\Windows\SysWOW64\vp6vfw.dll (On2.com) Drivers32: vidc.VP61 - C:\Windows\SysWOW64\vp6vfw.dll (On2.com) Drivers32: vidc.yv12 - C:\Windows\SysWow64\DivX.dll (DivX, Inc.) CREATERESTOREPOINT Restore point Set: OTL Restore Point ========== Files/Folders - Created Within 30 Days ========== [2010.08.26 17:23:09 | 000,000,000 | ---D | C] -- C:\Users\Admin\AppData\Roaming\Malwarebytes [2010.08.26 17:19:49 | 000,038,224 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\SysWow64\drivers\mbamswissarmy.sys [2010.08.26 17:19:48 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes [2010.08.26 17:19:47 | 000,024,664 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\SysNative\drivers\mbam.sys [2010.08.26 17:19:47 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Malwarebytes' Anti-Malware [2010.08.26 17:15:49 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\CCleaner [2010.08.26 16:10:57 | 000,401,720 | ---- | C] (Trend Micro Inc.) -- C:\Users\Admin\Desktop\HijackThis.exe [2010.08.25 16:51:39 | 000,861,184 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\oleaut32.dll [2010.08.13 16:27:33 | 005,507,968 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ntoskrnl.exe [2010.08.13 16:27:31 | 003,955,080 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ntkrnlpa.exe [2010.08.13 16:27:31 | 003,899,784 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ntoskrnl.exe [2010.08.13 16:27:20 | 000,256,000 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\iepeers.dll [2010.08.13 16:27:20 | 000,247,808 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ieui.dll [2010.08.13 16:27:20 | 000,185,856 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\iepeers.dll [2010.08.13 16:27:20 | 000,176,640 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ieui.dll [2010.08.13 16:27:20 | 000,012,800 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\msfeedssync.exe [2010.08.13 16:27:20 | 000,012,288 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\msfeedssync.exe [2010.08.13 16:27:05 | 000,052,224 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\rtutils.dll [2010.08.13 16:27:05 | 000,037,376 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\rtutils.dll [2010.08.13 16:27:03 | 000,082,944 | ---- | C] (Radius Inc.) -- C:\Windows\SysWow64\iccvid.dll [2010.08.12 15:55:29 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Adobe AIR [2010.08.10 18:43:32 | 000,000,000 | ---D | C] -- C:\ProgramData\Electronic Arts [2010.08.10 18:43:28 | 000,000,000 | ---D | C] -- C:\Users\Admin\Documents\Electronic Arts [2010.08.10 18:42:23 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Microsoft WSE [2010.08.10 18:22:47 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Electronic Arts [2010.08.06 00:00:52 | 000,000,000 | ---D | C] -- C:\Users\Admin\AppData\Roaming\FLEXnet [2010.08.05 23:52:45 | 000,000,000 | ---D | C] -- C:\Users\Admin\AppData\Roaming\Vodafone [2010.08.05 23:52:34 | 000,119,680 | ---- | C] (ZTE Incorporated) -- C:\Windows\SysNative\drivers\zteusbvoice.sys [2010.08.05 23:52:33 | 000,119,680 | ---- | C] (ZTE Incorporated) -- C:\Windows\SysNative\drivers\ZTEusbnmea.sys [2010.08.05 23:52:32 | 000,135,168 | ---- | C] (ZTE Corporation) -- C:\Windows\SysNative\drivers\ZTEusbnet.sys [2010.08.05 23:52:31 | 000,119,680 | ---- | C] (ZTE Incorporated) -- C:\Windows\SysNative\drivers\ZTEusbmdm6k.sys [2010.08.05 23:52:30 | 000,119,680 | ---- | C] (ZTE Incorporated) -- C:\Windows\SysNative\drivers\ZTEusbser6k.sys [2010.08.05 23:52:05 | 000,000,000 | ---D | C] -- C:\ProgramData\Vodafone [2010.08.05 23:51:55 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Vodafone [2010.08.05 23:51:55 | 000,000,000 | ---D | C] -- C:\ProgramData\FLEXnet [2010.08.05 23:51:22 | 000,000,000 | ---D | C] -- C:\Users\Admin\AppData\Local\{460B8D94-E5AF-4A67-B475-D079D5805431} [2010.08.05 23:14:32 | 000,000,000 | ---D | C] -- C:\Users\Admin\AppData\Local\ElevatedDiagnostics [2010.08.03 20:26:32 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Festo didactic [2010.08.03 20:04:20 | 000,000,000 | ---D | C] -- C:\Users\Admin\AppData\Roaming\Software Informer [2010.08.03 20:04:20 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Software Informer [2010.08.03 16:53:15 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Java [2010.08.03 16:52:35 | 000,153,376 | ---- | C] (Sun Microsystems, Inc.) -- C:\Windows\SysWow64\javaws.exe [2010.08.03 16:52:35 | 000,145,184 | ---- | C] (Sun Microsystems, Inc.) -- C:\Windows\SysWow64\javaw.exe [2010.08.03 16:52:35 | 000,145,184 | ---- | C] (Sun Microsystems, Inc.) -- C:\Windows\SysWow64\java.exe [2010.08.01 10:55:43 | 000,000,000 | ---D | C] -- C:\Users\Admin\AppData\Local\Apps [2010.07.28 21:52:25 | 000,000,000 | ---D | C] -- C:\Users\Admin\AppData\Local\DVDVideoSoft_Ltd [2010.07.28 21:52:22 | 000,000,000 | ---D | C] -- C:\Users\Admin\AppData\Roaming\DVDVideoSoft [2010.04.28 18:51:35 | 008,656,832 | ---- | C] (Dell, Inc. ) -- C:\Users\Admin\AppData\Roaming\DataSafeDotNet.exe [1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ] ========== Files - Modified Within 30 Days ========== [2010.08.26 17:57:09 | 002,097,152 | -HS- | M] () -- C:\Users\Admin\ntuser.dat [2010.08.26 17:53:42 | 000,014,016 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0 [2010.08.26 17:53:42 | 000,014,016 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0 [2010.08.26 17:46:50 | 000,033,734 | ---- | M] () -- C:\Windows\SysNative\Config.MPF [2010.08.26 17:46:08 | 000,000,006 | -H-- | M] () -- C:\Windows\tasks\SA.DAT [2010.08.26 17:46:03 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat [2010.08.26 17:45:57 | 3190,050,816 | -HS- | M] () -- C:\hiberfil.sys [2010.08.26 17:45:08 | 013,037,869 | -H-- | M] () -- C:\Users\Admin\AppData\Local\IconCache.db [2010.08.26 17:25:58 | 000,031,036 | ---- | M] () -- C:\Users\Admin\Documents\cc_20100826_172549.reg [2010.08.26 17:19:52 | 000,001,007 | ---- | M] () -- C:\Users\Public\Desktop\Malwarebytes' Anti-Malware.lnk [2010.08.26 17:15:54 | 000,001,005 | ---- | M] () -- C:\Users\Admin\Desktop\CCleaner.lnk [2010.08.23 20:37:26 | 000,001,610 | ---- | M] () -- C:\Users\Admin\Desktop\DivX Movies.lnk [2010.08.23 20:36:49 | 000,001,110 | ---- | M] () -- C:\Users\Public\Desktop\DivX Plus Player.lnk [2010.08.23 20:36:30 | 000,001,150 | ---- | M] () -- C:\Users\Public\Desktop\DivX Plus Converter.lnk [2010.08.21 13:07:53 | 000,002,242 | ---- | M] () -- C:\Users\Public\Desktop\Die Sims™ 3 Traumkarrieren.lnk [2010.08.19 19:18:06 | 001,487,190 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI [2010.08.19 19:18:06 | 000,649,148 | ---- | M] () -- C:\Windows\SysNative\perfh007.dat [2010.08.19 19:18:06 | 000,611,776 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat [2010.08.19 19:18:06 | 000,129,116 | ---- | M] () -- C:\Windows\SysNative\perfc007.dat [2010.08.19 19:18:06 | 000,105,698 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat [2010.08.14 12:26:21 | 000,002,264 | ---- | M] () -- C:\Users\Public\Desktop\EA Download Manager.lnk [2010.08.14 12:22:10 | 000,341,440 | ---- | M] () -- C:\Windows\SysNative\FNTCACHE.DAT [2010.08.13 22:28:45 | 000,524,288 | -HS- | M] () -- C:\Users\Admin\ntuser.dat{043ccffe-a6e5-11df-9d73-a4badbae48c3}.TMContainer00000000000000000002.regtrans-ms [2010.08.13 22:28:45 | 000,524,288 | -HS- | M] () -- C:\Users\Admin\ntuser.dat{043ccffe-a6e5-11df-9d73-a4badbae48c3}.TMContainer00000000000000000001.regtrans-ms [2010.08.13 22:28:45 | 000,065,536 | -HS- | M] () -- C:\Users\Admin\ntuser.dat{043ccffe-a6e5-11df-9d73-a4badbae48c3}.TM.blf [2010.08.13 19:18:36 | 000,002,082 | ---- | M] () -- C:\Users\Public\Desktop\Die*Sims™*3.lnk [2010.08.12 20:33:31 | 000,078,704 | ---- | M] () -- C:\Users\Admin\AppData\Local\GDIPFONTCACHEV1.DAT [2010.08.05 23:52:08 | 000,002,767 | ---- | M] () -- C:\Users\Public\Desktop\Vodafone SMS.lnk [2010.08.05 23:52:08 | 000,002,767 | ---- | M] () -- C:\Users\Public\Desktop\Vodafone Mobile Connect.lnk [2010.08.03 20:26:42 | 000,002,767 | ---- | M] () -- C:\Users\Public\Desktop\Festo FluidSIM.lnk [2010.07.29 08:30:34 | 000,082,944 | ---- | M] (Radius Inc.) -- C:\Windows\SysWow64\iccvid.dll [1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ] ========== Files Created - No Company Name ========== [2010.08.26 17:25:52 | 000,031,036 | ---- | C] () -- C:\Users\Admin\Documents\cc_20100826_172549.reg [2010.08.26 17:19:52 | 000,001,007 | ---- | C] () -- C:\Users\Public\Desktop\Malwarebytes' Anti-Malware.lnk [2010.08.26 17:15:54 | 000,001,005 | ---- | C] () -- C:\Users\Admin\Desktop\CCleaner.lnk [2010.08.23 20:36:49 | 000,001,110 | ---- | C] () -- C:\Users\Public\Desktop\DivX Plus Player.lnk [2010.08.21 13:07:53 | 000,002,242 | ---- | C] () -- C:\Users\Public\Desktop\Die Sims™ 3 Traumkarrieren.lnk [2010.08.14 12:26:21 | 000,002,264 | ---- | C] () -- C:\Users\Public\Desktop\EA Download Manager.lnk [2010.08.13 19:18:36 | 000,002,082 | ---- | C] () -- C:\Users\Public\Desktop\Die*Sims™*3.lnk [2010.08.13 16:14:37 | 000,524,288 | -HS- | C] () -- C:\Users\Admin\ntuser.dat{043ccffe-a6e5-11df-9d73-a4badbae48c3}.TMContainer00000000000000000002.regtrans-ms [2010.08.13 16:14:37 | 000,524,288 | -HS- | C] () -- C:\Users\Admin\ntuser.dat{043ccffe-a6e5-11df-9d73-a4badbae48c3}.TMContainer00000000000000000001.regtrans-ms [2010.08.13 16:14:37 | 000,065,536 | -HS- | C] () -- C:\Users\Admin\ntuser.dat{043ccffe-a6e5-11df-9d73-a4badbae48c3}.TM.blf [2010.08.05 23:52:08 | 000,002,767 | ---- | C] () -- C:\Users\Public\Desktop\Vodafone SMS.lnk [2010.08.05 23:52:08 | 000,002,767 | ---- | C] () -- C:\Users\Public\Desktop\Vodafone Mobile Connect.lnk [2010.08.03 20:26:42 | 000,002,767 | ---- | C] () -- C:\Users\Public\Desktop\Festo FluidSIM.lnk [2010.06.20 20:09:25 | 000,007,168 | ---- | C] () -- C:\Windows\SysWow64\drivers\StarOpen.sys [2010.06.04 18:40:15 | 000,000,041 | -HS- | C] () -- C:\ProgramData\.zreglib [2010.05.09 21:51:59 | 000,327,680 | ---- | C] () -- C:\Windows\SysWow64\pythoncom25.dll [2010.05.09 21:51:59 | 000,102,400 | ---- | C] () -- C:\Windows\SysWow64\pywintypes25.dll [2010.04.12 20:49:05 | 001,500,444 | ---- | C] () -- C:\Windows\SysWow64\PerfStringBackup.INI [2010.03.24 22:35:58 | 000,001,573 | ---- | C] () -- C:\ProgramData\hpzinstall.log [2009.10.15 19:17:10 | 000,130,520 | R--- | C] () -- C:\ProgramData\DeviceManager.xml.rc4 [2009.07.14 01:42:10 | 000,064,000 | ---- | C] () -- C:\Windows\SysWow64\BWContextHandler.dll [2009.07.13 23:03:59 | 000,364,544 | ---- | C] () -- C:\Windows\SysWow64\msjetoledb40.dll ========== LOP Check ========== [2010.08.22 22:34:51 | 000,000,000 | ---D | M] -- C:\Users\Admin\AppData\Roaming\BitTorrent [2010.06.20 20:09:32 | 000,000,000 | ---D | M] -- C:\Users\Admin\AppData\Roaming\Canneverbe Limited [2010.07.28 21:52:22 | 000,000,000 | ---D | M] -- C:\Users\Admin\AppData\Roaming\DVDVideoSoft [2010.05.06 15:45:41 | 000,000,000 | ---D | M] -- C:\Users\Admin\AppData\Roaming\DVDVideoSoftIEHelpers [2010.08.24 18:22:35 | 000,000,000 | ---D | M] -- C:\Users\Admin\AppData\Roaming\ICQ [2010.04.12 20:52:38 | 000,000,000 | ---D | M] -- C:\Users\Admin\AppData\Roaming\NVD [2010.03.27 10:37:48 | 000,000,000 | ---D | M] -- C:\Users\Admin\AppData\Roaming\PlayFirst [2010.08.22 22:38:57 | 000,000,000 | ---D | M] -- C:\Users\Admin\AppData\Roaming\SoftGrid Client [2010.08.03 20:34:39 | 000,000,000 | ---D | M] -- C:\Users\Admin\AppData\Roaming\Software Informer [2010.05.06 16:38:59 | 000,000,000 | ---D | M] -- C:\Users\Admin\AppData\Roaming\TeamViewer [2010.05.16 18:36:27 | 000,000,000 | ---D | M] -- C:\Users\Admin\AppData\Roaming\TP [2010.08.05 23:52:45 | 000,000,000 | ---D | M] -- C:\Users\Admin\AppData\Roaming\Vodafone [2010.03.24 00:31:13 | 000,000,000 | ---D | M] -- C:\Users\Admin\AppData\Roaming\WildTangent [2010.07.24 02:00:06 | 000,032,640 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT ========== Purity Check ========== ========== Custom Scans ========== < %ALLUSERSPROFILE%\Application Data\*. > < %ALLUSERSPROFILE%\Application Data\*.exe /s > < %APPDATA%\*. > [2010.03.27 20:32:05 | 000,000,000 | ---D | M] -- C:\Users\Admin\AppData\Roaming\Adobe [2010.08.22 22:34:51 | 000,000,000 | ---D | M] -- C:\Users\Admin\AppData\Roaming\BitTorrent [2010.06.20 20:09:32 | 000,000,000 | ---D | M] -- C:\Users\Admin\AppData\Roaming\Canneverbe Limited [2010.03.24 22:07:25 | 000,000,000 | ---D | M] -- C:\Users\Admin\AppData\Roaming\Creative [2010.03.24 18:30:17 | 000,000,000 | ---D | M] -- C:\Users\Admin\AppData\Roaming\CyberLink [2010.03.24 00:07:41 | 000,000,000 | ---D | M] -- C:\Users\Admin\AppData\Roaming\Dell [2010.07.28 21:52:23 | 000,000,000 | ---D | M] -- C:\Users\Admin\AppData\Roaming\DivX [2010.07.28 21:52:22 | 000,000,000 | ---D | M] -- C:\Users\Admin\AppData\Roaming\DVDVideoSoft [2010.05.06 15:45:41 | 000,000,000 | ---D | M] -- C:\Users\Admin\AppData\Roaming\DVDVideoSoftIEHelpers [2010.08.06 00:00:52 | 000,000,000 | ---D | M] -- C:\Users\Admin\AppData\Roaming\FLEXnet [2010.04.02 22:59:23 | 000,000,000 | ---D | M] -- C:\Users\Admin\AppData\Roaming\HP [2010.08.24 18:22:35 | 000,000,000 | ---D | M] -- C:\Users\Admin\AppData\Roaming\ICQ [2010.03.24 00:06:26 | 000,000,000 | ---D | M] -- C:\Users\Admin\AppData\Roaming\Identities [2010.03.27 10:37:48 | 000,000,000 | ---D | M] -- C:\Users\Admin\AppData\Roaming\Macromedia [2010.05.07 15:04:47 | 000,000,000 | ---D | M] -- C:\Users\Admin\AppData\Roaming\Macrovision [2010.08.26 17:23:09 | 000,000,000 | ---D | M] -- C:\Users\Admin\AppData\Roaming\Malwarebytes [2009.07.14 20:18:18 | 000,000,000 | ---D | M] -- C:\Users\Admin\AppData\Roaming\Media Center Programs [2010.08.13 19:18:58 | 000,000,000 | --SD | M] -- C:\Users\Admin\AppData\Roaming\Microsoft [2010.03.24 21:46:20 | 000,000,000 | ---D | M] -- C:\Users\Admin\AppData\Roaming\Mozilla [2010.04.12 20:52:38 | 000,000,000 | ---D | M] -- C:\Users\Admin\AppData\Roaming\NVD [2010.03.27 10:37:48 | 000,000,000 | ---D | M] -- C:\Users\Admin\AppData\Roaming\PlayFirst [2010.03.24 22:10:00 | 000,000,000 | ---D | M] -- C:\Users\Admin\AppData\Roaming\Reallusion [2010.03.24 00:07:16 | 000,000,000 | ---D | M] -- C:\Users\Admin\AppData\Roaming\Roxio [2010.08.22 22:38:57 | 000,000,000 | ---D | M] -- C:\Users\Admin\AppData\Roaming\SoftGrid Client [2010.08.03 20:34:39 | 000,000,000 | ---D | M] -- C:\Users\Admin\AppData\Roaming\Software Informer [2010.05.06 16:38:59 | 000,000,000 | ---D | M] -- C:\Users\Admin\AppData\Roaming\TeamViewer [2010.05.16 18:36:27 | 000,000,000 | ---D | M] -- C:\Users\Admin\AppData\Roaming\TP [2010.08.05 23:52:45 | 000,000,000 | ---D | M] -- C:\Users\Admin\AppData\Roaming\Vodafone [2010.03.24 00:31:13 | 000,000,000 | ---D | M] -- C:\Users\Admin\AppData\Roaming\WildTangent [2010.04.01 12:55:29 | 000,000,000 | ---D | M] -- C:\Users\Admin\AppData\Roaming\WinRAR < %APPDATA%\*.exe /s > [2010.04.28 18:55:54 | 008,656,832 | ---- | M] (Dell, Inc. ) -- C:\Users\Admin\AppData\Roaming\DataSafeDotNet.exe [2010.08.14 12:25:21 | 000,053,632 | ---- | M] (Adobe Systems Inc.) -- C:\Users\Admin\AppData\Roaming\Macromedia\Flash Player\www.macromedia.com\bin\airappinstaller\airappinstaller.exe [2010.08.13 19:18:58 | 000,010,134 | R--- | M] () -- C:\Users\Admin\AppData\Roaming\Microsoft\Installer\{E3E71D07-CD27-46CB-8448-16D4FB29AA13}\ARPPRODUCTICON.exe < %SYSTEMDRIVE%\*.exe > < MD5 for: AGP440.SYS > [2009.07.14 03:52:21 | 000,061,008 | ---- | M] (Microsoft Corporation) MD5=608C14DBA7299D8CB6ED035A68A15799 -- C:\Windows\SysWow64\DriverStore\FileRepository\machine.inf_amd64_neutral_9e6bb86c3b39a3e9\AGP440.sys [2009.07.14 03:52:21 | 000,061,008 | ---- | M] (Microsoft Corporation) MD5=608C14DBA7299D8CB6ED035A68A15799 -- C:\Windows\winsxs\amd64_machine.inf_31bf3856ad364e35_6.1.7600.16385_none_1607dee2d861e021\AGP440.sys < MD5 for: ATAPI.SYS > [2009.07.14 03:52:21 | 000,024,128 | ---- | M] (Microsoft Corporation) MD5=02062C0B390B7729EDC9E69C680A6F3C -- C:\Windows\SysWow64\DriverStore\FileRepository\mshdc.inf_amd64_neutral_a69a58a4286f0b22\atapi.sys [2009.07.14 03:52:21 | 000,024,128 | ---- | M] (Microsoft Corporation) MD5=02062C0B390B7729EDC9E69C680A6F3C -- C:\Windows\winsxs\amd64_mshdc.inf_31bf3856ad364e35_6.1.7600.16385_none_392d19c13b3ad543\atapi.sys < MD5 for: CNGAUDIT.DLL > [2009.07.14 03:15:06 | 000,012,288 | ---- | M] (Microsoft Corporation) MD5=50BA656134F78AF64E4DD3C8B6FEFD7E -- C:\Windows\SysWOW64\cngaudit.dll [2009.07.14 03:15:06 | 000,012,288 | ---- | M] (Microsoft Corporation) MD5=50BA656134F78AF64E4DD3C8B6FEFD7E -- C:\Windows\SysWOW64\cngaudit.dll [2009.07.14 03:15:06 | 000,012,288 | ---- | M] (Microsoft Corporation) MD5=50BA656134F78AF64E4DD3C8B6FEFD7E -- C:\Windows\winsxs\x86_microsoft-windows-cngaudit-dll_31bf3856ad364e35_6.1.7600.16385_none_e83a414890e8132b\cngaudit.dll [2009.07.14 03:40:20 | 000,018,944 | ---- | M] (Microsoft Corporation) MD5=86FE1B1F8FD42CD0DB641AB1CDB13093 -- C:\Windows\winsxs\amd64_microsoft-windows-cngaudit-dll_31bf3856ad364e35_6.1.7600.16385_none_4458dccc49458461\cngaudit.dll < MD5 for: IASTOR.SYS > [2009.06.04 12:54:36 | 000,408,600 | ---- | M] (Intel Corporation) MD5=1D004CB1DA6323B1F55CAEF7F94B61D9 -- C:\Drivers\storage\R228436\f6flpy64\IaStor.sys [2009.06.05 01:54:36 | 000,408,600 | ---- | M] (Intel Corporation) MD5=1D004CB1DA6323B1F55CAEF7F94B61D9 -- C:\Program Files (x86)\Intel\Intel Matrix Storage Manager\driver64\IaStor.sys [2009.06.05 01:54:36 | 000,408,600 | ---- | M] (Intel Corporation) MD5=1D004CB1DA6323B1F55CAEF7F94B61D9 -- C:\Windows\SysWow64\DriverStore\FileRepository\iaahci.inf_amd64_neutral_7fb62b08f6b7117a\iaStor.sys [2009.06.04 12:54:36 | 000,408,600 | ---- | M] (Intel Corporation) MD5=1D004CB1DA6323B1F55CAEF7F94B61D9 -- C:\Windows\SysWow64\DriverStore\FileRepository\iastor.inf_amd64_neutral_c065a1006c648409\iaStor.sys [2009.06.05 01:43:16 | 000,330,264 | ---- | M] (Intel Corporation) MD5=D483687EACE0C065EE772481A96E05F5 -- C:\Program Files (x86)\Intel\Intel Matrix Storage Manager\driver\IaStor.sys < MD5 for: IASTORV.SYS > [2009.07.14 03:48:04 | 000,410,688 | ---- | M] (Intel Corporation) MD5=D83EFB6FD45DF9D55E9A1AFC63640D50 -- C:\Windows\SysWow64\DriverStore\FileRepository\iastorv.inf_amd64_neutral_18cccb83b34e1453\iaStorV.sys [2009.07.14 03:48:04 | 000,410,688 | ---- | M] (Intel Corporation) MD5=D83EFB6FD45DF9D55E9A1AFC63640D50 -- C:\Windows\winsxs\amd64_iastorv.inf_31bf3856ad364e35_6.1.7600.16385_none_0b06441fa1790136\iaStorV.sys < MD5 for: NETLOGON.DLL > [2009.07.14 03:41:52 | 000,692,736 | ---- | M] (Microsoft Corporation) MD5=956D030D375F207B22FB111E06EF9C35 -- C:\Windows\winsxs\amd64_microsoft-windows-security-netlogon_31bf3856ad364e35_6.1.7600.16385_none_59aca8ea51aaeefe\netlogon.dll [2009.07.14 03:16:02 | 000,563,712 | ---- | M] (Microsoft Corporation) MD5=EAA75D9000B71F10EEC04D2AE6C60E81 -- C:\Windows\SysWOW64\netlogon.dll [2009.07.14 03:16:02 | 000,563,712 | ---- | M] (Microsoft Corporation) MD5=EAA75D9000B71F10EEC04D2AE6C60E81 -- C:\Windows\SysWOW64\netlogon.dll [2009.07.14 03:16:02 | 000,563,712 | ---- | M] (Microsoft Corporation) MD5=EAA75D9000B71F10EEC04D2AE6C60E81 -- C:\Windows\winsxs\wow64_microsoft-windows-security-netlogon_31bf3856ad364e35_6.1.7600.16385_none_6401533c860bb0f9\netlogon.dll < MD5 for: NVSTOR.SYS > [2009.07.14 03:45:45 | 000,167,488 | ---- | M] (NVIDIA Corporation) MD5=477DC4D6DEB99BE37084C9AC6D013DA1 -- C:\Windows\SysWow64\DriverStore\FileRepository\nvraid.inf_amd64_neutral_5bde3fe2945bce9e\nvstor.sys [2009.07.14 03:45:45 | 000,167,488 | ---- | M] (NVIDIA Corporation) MD5=477DC4D6DEB99BE37084C9AC6D013DA1 -- C:\Windows\winsxs\amd64_nvraid.inf_31bf3856ad364e35_6.1.7600.16385_none_95cfb4ced8afab0e\nvstor.sys < MD5 for: SCECLI.DLL > [2009.07.14 03:16:13 | 000,175,616 | ---- | M] (Microsoft Corporation) MD5=26073302DAEA83CC5B944C546D6B47D2 -- C:\Windows\SysWOW64\scecli.dll [2009.07.14 03:16:13 | 000,175,616 | ---- | M] (Microsoft Corporation) MD5=26073302DAEA83CC5B944C546D6B47D2 -- C:\Windows\SysWOW64\scecli.dll [2009.07.14 03:16:13 | 000,175,616 | ---- | M] (Microsoft Corporation) MD5=26073302DAEA83CC5B944C546D6B47D2 -- C:\Windows\winsxs\wow64_microsoft-windows-s..urationengineclient_31bf3856ad364e35_6.1.7600.16385_none_9e577e55272d37b4\scecli.dll [2009.07.14 03:41:53 | 000,232,448 | ---- | M] (Microsoft Corporation) MD5=398712DDDAEFB85EDF61DF6A07B65C79 -- C:\Windows\winsxs\amd64_microsoft-windows-s..urationengineclient_31bf3856ad364e35_6.1.7600.16385_none_9402d402f2cc75b9\scecli.dll < MD5 for: USER32.DLL > [2009.07.14 03:41:56 | 001,008,640 | ---- | M] (Microsoft Corporation) MD5=72D7B3EA16946E8F0CF7458150031CC6 -- C:\Windows\winsxs\amd64_microsoft-windows-user32_31bf3856ad364e35_6.1.7600.16385_none_292d5de8870d85d9\user32.dll [2009.07.14 03:11:24 | 000,833,024 | ---- | M] (Microsoft Corporation) MD5=E8B0FFC209E504CB7E79FC24E6C085F0 -- C:\Windows\SysWOW64\user32.dll [2009.07.14 03:11:24 | 000,833,024 | ---- | M] (Microsoft Corporation) MD5=E8B0FFC209E504CB7E79FC24E6C085F0 -- C:\Windows\SysWOW64\user32.dll [2009.07.14 03:11:24 | 000,833,024 | ---- | M] (Microsoft Corporation) MD5=E8B0FFC209E504CB7E79FC24E6C085F0 -- C:\Windows\winsxs\wow64_microsoft-windows-user32_31bf3856ad364e35_6.1.7600.16385_none_3382083abb6e47d4\user32.dll < MD5 for: USERINIT.EXE > [2009.07.14 03:14:43 | 000,026,112 | ---- | M] (Microsoft Corporation) MD5=6DE80F60D7DE9CE6B8C2DDFDF79EF175 -- C:\Windows\SysWOW64\userinit.exe [2009.07.14 03:14:43 | 000,026,112 | ---- | M] (Microsoft Corporation) MD5=6DE80F60D7DE9CE6B8C2DDFDF79EF175 -- C:\Windows\SysWOW64\userinit.exe [2009.07.14 03:14:43 | 000,026,112 | ---- | M] (Microsoft Corporation) MD5=6DE80F60D7DE9CE6B8C2DDFDF79EF175 -- C:\Windows\winsxs\x86_microsoft-windows-userinit_31bf3856ad364e35_6.1.7600.16385_none_dbff103933038d7c\userinit.exe [2009.07.14 03:39:48 | 000,030,208 | ---- | M] (Microsoft Corporation) MD5=6F8F1376A13114CC10C0E69274F5A4DE -- C:\Windows\winsxs\amd64_microsoft-windows-userinit_31bf3856ad364e35_6.1.7600.16385_none_381dabbceb60feb2\userinit.exe < MD5 for: WINLOGON.EXE > [2009.07.14 03:39:52 | 000,389,120 | ---- | M] (Microsoft Corporation) MD5=132328DF455B0028F13BF0ABEE51A63A -- C:\Windows\winsxs\amd64_microsoft-windows-winlogon_31bf3856ad364e35_6.1.7600.16385_none_cbb7f2bdeea2829c\winlogon.exe [2009.10.28 09:01:57 | 000,389,632 | ---- | M] (Microsoft Corporation) MD5=A93D41A4D4B0D91C072D11DD8AF266DE -- C:\Windows\winsxs\amd64_microsoft-windows-winlogon_31bf3856ad364e35_6.1.7600.20560_none_cc522fd507b468f8\winlogon.exe [2009.10.28 08:24:40 | 000,389,632 | ---- | M] (Microsoft Corporation) MD5=DA3E2A6FA9660CC75B471530CE88453A -- C:\Windows\winsxs\amd64_microsoft-windows-winlogon_31bf3856ad364e35_6.1.7600.16447_none_cbe534e7ee8042ad\winlogon.exe < MD5 for: WS2IFSL.SYS > [2009.07.14 02:10:33 | 000,021,504 | ---- | M] (Microsoft Corporation) MD5=6BCC1D7D2FD2453957C5479A32364E52 -- C:\Windows\winsxs\amd64_microsoft-windows-w..rastructure-ws2ifsl_31bf3856ad364e35_6.1.7600.16385_none_ab7b927be17eace8\ws2ifsl.sys < %systemroot%\system32\drivers\*.sys /lockedfiles > < %systemroot%\System32\config\*.sav > < %systemroot%\*. /mp /s > < %systemroot%\system32\*.dll /lockedfiles > [2010.03.19 04:35:27 | 011,406,336 | ---- | M] (Microsoft Corporation) Unable to obtain MD5 -- C:\Windows\SysWOW64\wmp.dll ========== Alternate Data Streams ========== @Alternate Data Stream - 24 bytes -> C:\Windows:3AB556275BACBA70 < End of report > Extras.TXTOTL EXTRAS Logfile: OTL Logfile: Code:
ATTFilter OTL Extras logfile created on: 26.08.2010 17:50:10 - Run 1 OTL by OldTimer - Version 3.2.10.0 Folder = C:\Users\Admin\Downloads 64bit- Home Premium Edition (Version = 6.1.7600) - Type = NTWorkstation Internet Explorer (Version = 8.0.7600.16385) Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy 4,00 Gb Total Physical Memory | 2,00 Gb Available Physical Memory | 61,00% Memory free 8,00 Gb Paging File | 6,00 Gb Available in Paging File | 78,00% Paging File free Paging file location(s): ?:\pagefile.sys [binary data] %SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86) Drive C: | 218,20 Gb Total Space | 158,67 Gb Free Space | 72,72% Space Free | Partition Type: NTFS D: Drive not present or media not loaded E: Drive not present or media not loaded F: Drive not present or media not loaded G: Drive not present or media not loaded H: Drive not present or media not loaded I: Drive not present or media not loaded Computer Name: ADMIN-LAP Current User Name: Admin Logged in as Administrator. Current Boot Mode: Normal Scan Mode: All users Include 64bit Scans Company Name Whitelist: Off Skip Microsoft Files: Off File Age = 30 Days Output = Minimal ========== Extra Registry (SafeList) ========== ========== File Associations ========== 64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>] [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>] .cpl [@ = cplfile] -- C:\Windows\SysWow64\control.exe (Microsoft Corporation) [HKEY_USERS\S-1-5-21-683569300-42502393-3336166826-1000\SOFTWARE\Classes\<extension>] .html [@ = FirefoxHTML] -- C:\Program Files (x86)\Mozilla Firefox\firefox.exe (Mozilla Corporation) ========== Shell Spawning ========== 64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command] batfile [open] -- "%1" %* File not found cmdfile [open] -- "%1" %* File not found comfile [open] -- "%1" %* File not found exefile [open] -- "%1" %* File not found helpfile [open] -- Reg Error: Key error. htmlfile [edit] -- Reg Error: Key error. htmlfile [print] -- rundll32.exe %windir%\system32\mshtml.dll,PrintHTML "%1" File not found inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation) InternetShortcut [print] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\mshtml.dll",PrintHTML "%1" (Microsoft Corporation) piffile [open] -- "%1" %* File not found regfile [merge] -- Reg Error: Key error. scrfile [config] -- "%1" File not found scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l (Microsoft Corporation) scrfile [open] -- "%1" /S File not found txtfile [edit] -- Reg Error: Key error. Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1 File not found Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation) Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation) Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation) Folder [explore] -- Reg Error: Value error. Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation) [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command] batfile [open] -- "%1" %* cmdfile [open] -- "%1" %* comfile [open] -- "%1" %* cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation) exefile [open] -- "%1" %* helpfile [open] -- Reg Error: Key error. htmlfile [edit] -- Reg Error: Key error. htmlfile [print] -- rundll32.exe %windir%\system32\mshtml.dll,PrintHTML "%1" inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation) InternetShortcut [print] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\mshtml.dll",PrintHTML "%1" (Microsoft Corporation) piffile [open] -- "%1" %* regfile [merge] -- Reg Error: Key error. scrfile [config] -- "%1" scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l (Microsoft Corporation) scrfile [open] -- "%1" /S txtfile [edit] -- Reg Error: Key error. Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1 Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation) Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation) Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation) Folder [explore] -- Reg Error: Value error. Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation) ========== Security Center Settings ========== 64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center] "cval" = 1 64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring] 64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc] "VistaSp1" = 28 4D B2 76 41 04 CA 01 [binary data] "AntiVirusOverride" = 0 "AntiSpywareOverride" = 0 "FirewallOverride" = 0 64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc] [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile] "DisableNotifications" = 0 "EnableFirewall" = 1 [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile] "DisableNotifications" = 0 "EnableFirewall" = 1 [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile] "DisableNotifications" = 0 "EnableFirewall" = 1 ========== Authorized Applications List ========== ========== HKEY_LOCAL_MACHINE Uninstall List ========== 64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall] "{071c9b48-7c32-4621-a0ac-3f809523288f}" = Microsoft Visual C++ 2005 Redistributable (x64) "{20140000-006D-0407-1000-0000000FF1CE}" = Microsoft Office Click-to-Run 2010 (Beta) "{26A24AE4-039D-4CA4-87B4-2F86416017FF}" = Java(TM) 6 Update 17 (64-bit) "{3690900F-85EA-447F-BAD1-5CA25AA9B627}" = HP Deskjet F2200 All-In-One Driver Software 13.0 Rel. 3 "{55D55008-E5F6-47D6-B16F-B2A40D4D145F}" = 64 Bit HP CIO Components Installer "{8220EEFE-38CD-377E-8595-13398D740ACE}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 "{87CF757E-C1F1-4D22-865C-00C6950B5258}" = Quickset64 "{8EBA8727-ADC2-477B-9D9A-1A1836BE4E05}" = Dell Edoc Viewer "{9068B2BE-D93A-4C0A-861C-5E35E2C0E09E}" = Intel® Matrix Storage Manager "{95120000-00B9-0409-1000-0000000FF1CE}" = Microsoft Application Error Reporting "{9B48B0AC-C813-4174-9042-476A887592C7}" = Windows Live ID-Anmelde-Assistent "{9F72EF8B-AEC9-4CA5-B483-143980AFD6FD}" = Dell Touchpad "{B6E3757B-5E77-3915-866A-CCFC4B8D194C}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x64 8.0.50727.4053 "{BD198331-FF8A-4DEB-9F30-A0AC56625A3B}" = Microsoft LifeChat "{E60B7350-EA5F-41E0-9D6F-E508781E36D2}" = Dell Dock "{EE936C7A-EA40-31D5-9B65-8E3E089C3828}" = Microsoft Visual C++ 2008 ATL Update kb973924 - x64 9.0.30729.4148 "Dell Wireless WLAN Card Utility" = Dell Wireless WLAN Card Utility "HDMI" = Intel(R) Graphics Media Accelerator Driver "HP Imaging Device Functions" = HP Imaging Device Functions 13.0 "HP Photosmart Essential" = HP Photosmart Essential 3.5 "HP Smart Web Printing" = HP Smart Web Printing 4.60 "HP Solution Center & Imaging Support Tools" = HP Solution Center 13.0 "HPExtendedCapabilities" = HP Customer Participation Program 13.0 "Shop for HP Supplies" = Shop for HP Supplies [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall] "{002D9D5E-29BA-3E6D-9BC4-3D7D6DBC735C}" = Microsoft Visual C++ 2008 ATL Update kb973924 - x86 9.0.30729.4148 "{052bac4a-6f79-46d4-a024-1ce1b4f73cd4}" = Microsoft Visual C++ 2005 Redistributable "{06A1D88C-E102-4527-AF70-29FFD7AF215A}" = Scan "{06E6E30D-B498-442F-A943-07DE41D7F785}" = Microsoft Search Enhancement Pack "{0ED7EE95-6A97-47AA-AD73-152C08A15B04}" = Dell DataSafe Local Backup "{0EF5BEA9-B9D3-46d7-8958-FB69A0BAEACC}" = Status "{13766F76-6C8C-4E57-A9F3-3212D1C6E0D1}" = Dell DataSafe Online "{175F0111-2968-4935-8F70-33108C6A4DE3}" = MarketResearch "{1EC71BFB-01A3-4239-B6AF-B1AE656B15C0}" = TrayApp "{20140062-0062-0407-0000-0000000FF1CE}" = Microsoft Office Home and Business 2010 (Beta) - Deutsch "{205C6BDD-7B73-42DE-8505-9A093F35A238}" = Windows Live-Uploadtool "{22B775E7-6C42-4FC5-8E10-9A5E3257BD94}" = MSVCRT "{26A24AE4-039D-4CA4-87B4-2F83216020FF}" = Java(TM) 6 Update 21 "{2A414CBE-CDF3-48C6-A91B-D3D4522F8EB5}" = HASP SRM Run-time "{2BA722D1-48D1-406E-9123-8AE5431D63EF}" = Windows Live Fotogalerie "{2BB0BDFF-E193-42A0-90BE-2D59441E51D2}" = F2200 "{2EEA7AA4-C203-4b90-A34F-19FB7EF1C81C}" = BufferChm "{2FF8C687-DB7D-4adc-A5DC-57983EC25046}" = DeviceDiscovery "{39D0E034-1042-4905-BECB-5502909FCB7C}" = Microsoft Works "{3B4E636E-9D65-4D67-BA61-189800823F52}" = Windows Live Communications Platform "{3C92B2E6-380D-4fef-B4DF-4A3B4B669771}" = Copy "{3EFEF049-23D4-4B46-8903-4592FEA51018}" = Windows Live Movie Maker "{41E654A9-26D0-4EAC-854B-0FA824FFFABB}" = Windows Live Messenger "{43CDF946-F5D9-4292-B006-BA0D92013021}" = WebReg "{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater "{4A70EF07-7F88-4434-BB61-D1DE8AE93DD4}" = SolutionCenter "{4E7C28C7-D5DA-4E9F-A1CA-60490B54AE35}" = UnloadSupport "{51C7AD07-C3F6-4635-8E8A-231306D810FE}" = Cisco LEAP Module "{5EE7D259-D137-4438-9A5F-42F432EC0421}" = VC80CRTRedist - 8.0.50727.4053 "{5FC68772-6D56-41C6-9DF1-24E868198AE6}" = Windows Live Call "{63FF21C9-A810-464F-B60A-3111747B1A6D}" = GPBaseService2 "{64BF0187-F3D2-498B-99EA-163AF9AE6EC9}" = Cisco EAP-FAST Module "{65D0C510-D7B6-4438-9FC8-E6B91115AB0D}" = Live! Cam Avatar Creator "{6811CAA0-BF12-11D4-9EA1-0050BAE317E1}" = PowerDVD DX "{681B698F-C997-42C3-B184-B489C6CA24C9}" = HPPhotoSmartDiscLabelContent1 "{6AFCA4E1-9B78-3640-8F72-A7BF33448200}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729 "{6B2FFB21-AC88-45C3-9A7D-4BB3E744EC91}" = HPSSupply "{6BBA26E9-AB03-4FE7-831A-3535584CA002}" = Toolbox "{7059BDA7-E1DB-442C-B7A1-6144596720A4}" = HP Update "{70B7A167-0B88-445D-A3EA-97C73AA88CAC}" = Windows Live Toolbar "{71BFC818-0CED-42D6-9C87-5142918957EE}" = ICQ7.1 "{7299052b-02a4-4627-81f2-1818da5d550d}" = Microsoft Visual C++ 2005 Redistributable "{76618402-179D-4699-A66B-D351C59436BC}" = Windows Live Sync "{770657D0-A123-3C07-8E44-1C83EC895118}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053 "{7DB9F1E5-9ACB-410D-A7DC-7A3D023CE045}" = Dell Getting Started Guide "{7E265513-8CDA-4631-B696-F40D983F3B07}_is1" = CDBurnerXP "{888F1505-C2B3-4FDE-835D-36353EBD4754}" = Ubisoft Game Launcher "{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight "{8A74E887-8F0F-4017-AF53-CBA42211AAA5}" = Microsoft Sync Framework Runtime Native v1.0 (x86) "{8FF6F5CA-4E30-4E3B-B951-204CAAA2716A}" = SmartWebPrinting "{90120000-0020-0407-0000-0000000FF1CE}" = Compatibility Pack für 2007 Office System "{910F4A29-1134-49E0-AD8B-56E4A3152BD1}" = Die Sims™ 3 Traumkarrieren "{96B51C0B-D3BE-4DF3-959C-28B22C10CFBB}" = Vodafone Mobile Connect Lite "{98F8A617-1C3C-447C-ADD5-4FAFC84EDA72}" = Festo FluidSIM "{A33E7B0C-B99C-4EC9-B702-8A328B161AF9}" = Roxio Burn "{A9668246-FB70-4103-A1E3-66C9BC2EFB49}" = Dell DataSafe Local Backup - Support Software "{AC76BA86-7AD7-1031-7B44-A91000000001}" = Adobe Reader 9.1.2 - Deutsch "{B194272D-1F92-46DF-99EB-8D5CE91CB4EC}" = Adobe AIR "{B2E47DE7-800B-40BB-BD1F-9F221C3AEE87}" = Roxio Burn "{BD64AF4A-8C80-4152-AD77-FCDDF05208AB}" = Microsoft Sync Framework Services Native v1.0 (x86) "{C05D8CDB-417D-4335-A38C-A0659EDFD6B8}" = Die Sims™ 3 "{C222566F-1C50-4ECD-A01E-77F9C4B95458}" = DJ_AIO_03_F2200_Software_Min "{C43326F5-F135-4551-8270-7F7ABA0462E1}" = HPProductAssistant "{C4D738F7-996A-4C81-B8FA-C4E26D767E41}" = Windows Live Mail "{CAE4213F-F797-439D-BD9E-79B71D115BE3}" = HPPhotoGadget "{D79113E7-274C-470B-BD46-01B10219DF6A}" = HPPhotosmartEssential "{E0A4805D-280A-4DD7-9E74-3A5F85E302A1}" = Windows Live Writer "{E17141A6-211D-5854-61D9-69827A430D82}" = EA Download Manager UI "{E2DFE069-083E-4631-9B6C-43C48E991DE5}" = Junk Mail filter update "{E3BFEE55-39E2-4BE0-B966-89FE583822C1}" = Dell Support Center (Support Software) "{E3E71D07-CD27-46CB-8448-16D4FB29AA13}" = Microsoft WSE 3.0 Runtime "{ED5776D5-59B4-46B7-AF81-5F2D94D7C640}" = Cisco PEAP Module "{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}" = Microsoft SQL Server 2005 Compact Edition [ENU] "{F0E12BBA-AD66-4022-A453-A1C8A0C4D570}" = Microsoft Choice Guard "{F8FF18EE-264A-43FD-B2F6-5EAD40798C2F}" = Windows Live Essentials "{FF66E9F6-83E7-3A3E-AF14-8DE9A809A6A4}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022 "Adobe AIR" = Adobe AIR "Adobe Flash Player ActiveX" = Adobe Flash Player 10 ActiveX "Adobe Flash Player Plugin" = Adobe Flash Player 10 Plugin "Adobe Shockwave Player" = Adobe Shockwave Player 11.5 "Advanced Audio FX Engine" = Advanced Audio FX Engine "BitTorrent" = BitTorrent "CADdyMA2009 5-9-2010 21:49:04" = CADdy++ 2009.0.4872.74 - 5-9-2010 - 21:49:04 "CCleaner" = CCleaner "Chuzzle Deluxe" = Chuzzle Deluxe "CloneCD" = CloneCD "com.ea.Vault.919CACB699904AC5D41B606703500DD39747C02D.1" = EA Download Manager UI "Dell Webcam Central" = Dell Webcam Central "DivX Setup.divx.com" = DivX-Setup "EA Download Manager" = EA Download Manager "Free Studio_is1" = Free Studio version 4.8 "GAMEFORGE Nostale(DE)_is1" = Nostale Online DE (Remove) "Malwarebytes' Anti-Malware_is1" = Malwarebytes' Anti-Malware "McAfee Security Scan" = McAfee Security Scan Plus "Messenger Plus! Live" = Messenger Plus! Live "Messenger_Plus_Live_Germany Toolbar" = Messenger_Plus_Live_Germany Toolbar "Mozilla Firefox (3.6.8)" = Mozilla Firefox (3.6.8) "MSC" = McAfee SecurityCenter "Office14.Click2Run" = Microsoft Office Click-to-Run 2010 (Beta) "TeamViewer 5" = TeamViewer 5 "Uninstall_is1" = Uninstall 1.0.0.1 "WildTangent dell Master Uninstall" = WildTangent-Spiele "WinLiveSuite_Wave3" = Windows Live Essentials "WinRAR archiver" = WinRAR "WT087090" = Big Rig Europe "WT087310" = Virtual Villagers 4 - The Tree of Life ========== HKEY_USERS Uninstall List ========== [HKEY_USERS\S-1-5-21-683569300-42502393-3336166826-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall] ========== Last 10 Event Log Errors ========== [ Application Events ] Error - 21.08.2010 03:24:56 | Computer Name = Admin-Lap | Source = VMCService | ID = 0 Description = conflictManagerTypeValue Error - 21.08.2010 03:50:13 | Computer Name = Admin-Lap | Source = VMCService | ID = 0 Description = GetProcessOwner Error - 21.08.2010 03:51:14 | Computer Name = Admin-Lap | Source = VMCService | ID = 0 Description = conflictManagerTypeValue Error - 21.08.2010 05:49:02 | Computer Name = Admin-Lap | Source = VMCService | ID = 0 Description = GetProcessOwner Error - 21.08.2010 06:53:59 | Computer Name = Admin-Lap | Source = Application Error | ID = 1000 Description = Name der fehlerhaften Anwendung: STacSV64.exe, Version: 1.0.6217.0, Zeitstempel: 0x4a49023f Name des fehlerhaften Moduls: KERNELBASE.dll, Version: 6.1.7600.16385, Zeitstempel: 0x4a5bdfe0 Ausnahmecode: 0xc000001d Fehleroffset: 0x000000000000aa7d ID des fehlerhaften Prozesses: 0x11c Startzeit der fehlerhaften Anwendung: 0x01cb411f1f5a44db Pfad der fehlerhaften Anwendung: C:\Windows\System32\DriverStore\FileRepository\stwrt64.inf_amd64_neutral_afc3018f8cfedd20\STacSV64.exe Pfad des fehlerhaften Moduls: C:\Windows\system32\KERNELBASE.dll Berichtskennung: 66c3fb97-ad12-11df-9d30-a4badbae48c3 Error - 21.08.2010 06:54:00 | Computer Name = Admin-Lap | Source = Application Error | ID = 1005 Description = Aus einem der folgenden Gründe kann nicht auf die Datei "C:\Windows\System32\stapo64.dll" zugegriffen werden: Es besteht ein Problem mit der Netzwerkverbindung, dem Datenträger mit der gespeicherten Datei bzw. den auf dem Computer installierten Speichertreibern, oder der Datenträger fehlt. Das Programm IDT PC Audio wurde wegen dieses Fehlers geschlossen. Programm: IDT PC Audio Datei: C:\Windows\System32\stapo64.dll Der Fehlerwert ist im Abschnitt "Zusätzliche Dateien" aufgelistet. Benutzeraktion 1. Öffnen Sie die Datei erneut. Diese Situation ist eventuell ein temporäres Problem, das selbstständig behoben wird, wenn das Programm erneut ausgeführt wird. 2. Wenn Sie weiterhin nicht auf die Datei zugreifen können und - diese sich im Netzwerk befindet, dann sollte der Netzwerkadministrator überprüfen, dass kein Netzwerkproblem besteht und dass eine Verbindung mit dem Server hergestellt werden kann. - diese sich auf einem Wechseldatenträger, wie z. B. einer Diskette oder einer CD, befindet, überprüfen Sie, ob der Datenträger richtig in den Computer eingelegt ist. 3. Überprüfen und reparieren Sie das Dateisystem, indem Sie CHKDSK ausführen. Klicken Sie dazu im Menü "Start" auf "Ausführen", geben Sie CMD ein, und klicken Sie auf "OK". Geben Sie an der Eingabeaufforderung CHKDSK /F ein, und drücken Sie die EINGABETASTE. 4. Stellen Sie die Datei von einer Sicherungskopie wieder her, wenn das Problem weiterhin besteht. 5. Überprüfen Sie, ob andere Dateien auf demselben Datenträger geöffnet werden können. Falls dies nicht möglich ist, ist der Datenträger eventuell beschädigt. Wenden Sie sich an den Administrator oder den Hersteller der Computerhardware, um weitere Unterstützung zu erhalten, wenn es sich um eine Festplatte handelt. Zusätzliche Daten Fehlerwert: 00000000 Datenträgertyp: 3 Error - 21.08.2010 06:54:04 | Computer Name = Admin-Lap | Source = VMCService | ID = 0 Description = conflictManagerTypeValue Error - 21.08.2010 15:43:19 | Computer Name = Admin-Lap | Source = VMCService | ID = 0 Description = conflictManagerTypeValue Error - 21.08.2010 16:17:35 | Computer Name = Admin-Lap | Source = VMCService | ID = 0 Description = GetProcessOwner Error - 21.08.2010 16:17:36 | Computer Name = Admin-Lap | Source = EventSystem | ID = 4621 Description = [ System Events ] Error - 25.08.2010 10:46:04 | Computer Name = Admin-Lap | Source = VDS Basic Provider | ID = 33554433 Description = Error - 25.08.2010 10:49:59 | Computer Name = Admin-Lap | Source = DCOM | ID = 10010 Description = Error - 25.08.2010 13:01:55 | Computer Name = Admin-Lap | Source = Service Control Manager | ID = 7034 Description = Dienst "Audio Service" wurde unerwartet beendet. Dies ist bereits 1 Mal passiert. Error - 25.08.2010 13:01:58 | Computer Name = Admin-Lap | Source = VDS Basic Provider | ID = 33554433 Description = Error - 25.08.2010 15:18:29 | Computer Name = Admin-Lap | Source = VDS Basic Provider | ID = 33554433 Description = Error - 25.08.2010 15:21:30 | Computer Name = Admin-Lap | Source = DCOM | ID = 10010 Description = Error - 25.08.2010 15:21:41 | Computer Name = Admin-Lap | Source = Service Control Manager | ID = 7000 Description = Der Dienst "McAfee Inc. mferkdk" wurde aufgrund folgenden Fehlers nicht gestartet: %%127 Error - 26.08.2010 09:53:18 | Computer Name = Admin-Lap | Source = VDS Basic Provider | ID = 33554433 Description = Error - 26.08.2010 11:02:21 | Computer Name = Admin-Lap | Source = VDS Basic Provider | ID = 33554433 Description = Error - 26.08.2010 11:46:41 | Computer Name = Admin-Lap | Source = VDS Basic Provider | ID = 33554433 Description = < End of report > --- --- --- |
27.08.2010, 20:23 | #3 | |
/// Winkelfunktion /// TB-Süch-Tiger™ | Internet Explorer öffnet sich automatisch und lässt sich nicht mehr schließenZitat:
Für Dich geht es hier weiter => Neuaufsetzen des Systems Bitte auch alle Passwörter abändern (für E-Mail-Konten, StudiVZ, Ebay...einfach alles!) da nicht selten in dieser dubiosen Software auch Keylogger und Backdoorfunktionen stecken. Danach nie wieder sowas anrühren!
__________________ |
Themen zu Internet Explorer öffnet sich automatisch und lässt sich nicht mehr schließen |
adobe, bho, cdburnerxp, converter, desktop, download, explorer, firewall, hijack, hijackthis, internet, internet explorer, jusched.exe, local\temp, mozilla, mp3, phishing, plug-in, problem, proxy, rundll, schließen, security, security scan, sich automatisch, software, syswow64, temp, trojan.agent.ge, vodafone, von selbst, windows, wlan, wmp, öffnet, öffnet sich automatisch |