| |
| |||||||
Log-Analyse und Auswertung: Kann mal jemand in mein HiJack blicken .....Windows 7 Wenn Du Dir einen Trojaner eingefangen hast oder ständig Viren Warnungen bekommst, kannst Du hier die Logs unserer Diagnose Tools zwecks Auswertung durch unsere Experten posten. Um Viren und Trojaner entfernen zu können, muss das infizierte System zuerst untersucht werden: Erste Schritte zur Hilfe. Beachte dass ein infiziertes System nicht vertrauenswürdig ist und bis zur vollständigen Entfernung der Malware nicht verwendet werden sollte.XML |
 |
03.09.2010, 22:33
| #1 |
| |  Kann mal jemand in mein HiJack blicken ..... Servus alle zusammen, habe mir gestern eine Antispyware eingefangen (bin mir aber nicht ganz sicher). Nun habe ich schon mit vielen Programmen (Spybot/Malwarebytes/SpyHunter4) meinen Rechner gescannt und gereinigt.Nun stellt sich bei mir die Frage ob mein Rechner wirklich CLEAN  ist. Dazu wollte ich mein HiJack posten: HiJackthis Logfile: Code:
ATTFilter Logfile of Trend Micro HijackThis v2.0.4 Scan saved at 23:23:25, on 03.09.2010 Platform: Windows XP SP3 (WinNT 5.01.2600) MSIE: Internet Explorer v8.00 (8.00.6001.18702) Boot mode: Normal Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\nvsvc32.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\system32\svchost.exe C:\Programme\AVG\AVG9\avgchsvx.exe C:\Programme\AVG\AVG9\avgrsx.exe C:\Programme\AVG\AVG9\avgcsrvx.exe C:\WINDOWS\system32\spoolsv.exe C:\PROGRA~1\AVG\AVG9\avgtray.exe C:\WINDOWS\system32\ctfmon.exe C:\Programme\iTunes\iTunesHelper.exe C:\WINDOWS\System32\svchost.exe C:\Programme\Gemeinsame Dateien\Apple\Mobile Device Support\AppleMobileDeviceService.exe C:\Programme\AVG\AVG9\avgwdsvc.exe C:\Programme\Bonjour\mDNSResponder.exe C:\WINDOWS\system32\svchost.exe C:\Programme\AVG\AVG9\avgnsx.exe C:\Programme\Java\jre6\bin\jqs.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\system32\svchost.exe C:\Programme\NVIDIA Corporation\NetworkAccessManager\bin32\nSvcAppFlt.exe C:\Programme\NVIDIA Corporation\NetworkAccessManager\bin32\nSvcIp.exe C:\Programme\iPod\bin\iPodService.exe C:\WINDOWS\system32\wbem\wmiapsrv.exe C:\WINDOWS\explorer.exe C:\Programme\Spybot - Search & Destroy\SpybotSD.exe C:\Programme\Spybot - Search & Destroy\TeaTimer.exe C:\PROGRA~1\ENIGMA~1\SPYHUN~1\SH4SER~1.EXE C:\Programme\Enigma Software Group\SpyHunter\SpyHunter4.exe C:\Programme\Mozilla Firefox\firefox.exe C:\Programme\Mozilla Firefox\plugin-container.exe C:\Dokumente und Einstellungen\****************\Desktop\HiJackThis204.exe R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://qip.ru R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = hxxp://search.qip.ru R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = hxxp://search.qip.ru/ie R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://search.qip.ru R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://qip.ru R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://go.microsoft.com/fwlink/?LinkId=69157 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = hxxp://go.microsoft.com/fwlink/?LinkId=54896 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://go.microsoft.com/fwlink/?LinkId=54896 R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://go.microsoft.com/fwlink/?LinkId=69157 R1 - HKCU\Software\Microsoft\Internet Explorer\Search,SearchAssistant = hxxp://search.qip.ru/ie R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = http=127.0.0.1:6092 R3 - URLSearchHook: QIPBHO Class - {A55F9C95-2BB1-4EA2-BC77-DFAAB78832CE} - C:\Dokumente und Einstellungen\****************\Anwendungsdaten\Microsoft\Internet Explorer\qipsearchbar.dll R3 - URLSearchHook: (no name) - - (no file) O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup O4 - HKLM\..\Run: [AVG9_TRAY] C:\PROGRA~1\AVG\AVG9\avgtray.exe O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Programme\Adobe\Reader 9.0\Reader\Reader_sl.exe" O4 - HKLM\..\Run: [Adobe ARM] "C:\Programme\Gemeinsame Dateien\Adobe\ARM\1.0\AdobeARM.exe" O4 - HKLM\..\Run: [iTunesHelper] "C:\Programme\iTunes\iTunesHelper.exe" O4 - HKLM\..\Run: [QuickTime Task] "C:\Programme\QuickTime\QTTask.exe" -atboottime O4 - HKLM\..\Run: [oaxmcserwn.tmp] "C:\DOKUME~1\****************~1\LOKALE~1\Temp\oaxmcserwn.tmp" O4 - HKLM\..\Run: [oxsacwmner.tmp] "C:\DOKUME~1\****************~1\LOKALE~1\Temp\oxsacwmner.tmp" O4 - HKLM\..\Run: [dflkfejl] C:\Dokumente und Einstellungen\****************\Lokale Einstellungen\Anwendungsdaten\otreowegr\eufbgsnshdw.exe O4 - HKLM\..\Run: [xtndoquq] C:\Dokumente und Einstellungen\****************\Lokale Einstellungen\Anwendungsdaten\mgneoorxf\edstovpshdw.exe O4 - HKLM\..\Run: [HPUHRQURsSS] C:\DOKUME~1\****************~1\LOKALE~1\Temp\w0r9muo6.exe O4 - HKLM\..\Run: [HPUHRQURqkL] C:\DOKUME~1\****************~1\LOKALE~1\Temp\rz3vnh3.exe O4 - HKLM\..\Run: [HPUHRQURmjP] C:\DOKUME~1\****************~1\LOKALE~1\Temp\btz0pz1.exe O4 - HKLM\..\Run: [HPUHRQURrta] C:\DOKUME~1\****************~1\LOKALE~1\Temp\services.exe O4 - HKLM\..\Run: [HPUHRQURose] C:\DOKUME~1\****************~1\LOKALE~1\Temp\gzraco.exe O4 - HKLM\..\Run: [HPUHRQURpw+] C:\DOKUME~1\****************~1\LOKALE~1\Temp\nvsvc32.exe O4 - HKLM\..\Run: [HPUHRQURsPc] C:\DOKUME~1\****************~1\LOKALE~1\Temp\win32.exe O4 - HKLM\..\Run: [HPUHRQURme] C:\DOKUME~1\****************~1\LOKALE~1\Temp\avp.exe O4 - HKLM\..\Run: [HPUHRQURrrb] C:\DOKUME~1\****************~1\LOKALE~1\Temp\taskmgr.exe O4 - HKLM\..\Run: [HPUHRQURnsc] C:\DOKUME~1\****************~1\LOKALE~1\Temp\drweb.exe O4 - HKLM\..\Run: [HPUHRQURsre] C:\DOKUME~1****************~1\LOKALE~1\Temp\wininst.exe O4 - HKLM\..\Run: [HPUHRQURrta (Windows; U; Windows NT 6.1; en-US) AppleWebKit/532.5 (KHTML, like Gecko) Chrome/4.0.249.89 Safari/532.5] C:\DOKUME~1\****************~1\LOKALE~1\Temp\services.exe O4 - HKLM\..\Run: [HPUHRQURnlPc] C:\DOKUME~1\****************~1\LOKALE~1\Temp\ct5sxm4c8.exe O4 - HKLM\..\Run: [HPUHRQURrjY] C:\DOKUME~1\****************~1\LOKALE~1\Temp\vj4xyjai.exe O4 - HKLM\..\Run: [HPUHRQURsDwg] C:\DOKUME~1\****************~1\LOKALE~1\Temp\z22s6wbqvx.exe O4 - HKLM\..\Run: [HPUHRQURpjY] C:\DOKUME~1\****************~1\LOKALE~1\Temp\lf5xyfj.exe O4 - HKLM\..\Run: [HPUHRQURrvc] C:\DOKUME~1\****************~1\LOKALE~1\Temp\slsxe.exe O4 - HKLM\..\Run: [HPUHRQURqdd] C:\DOKUME~1\****************~1\LOKALE~1\Temp\pfe7ugze.exe O4 - HKLM\..\Run: [ Malwarebytes Anti-Malware (reboot)] "C:\Programme\Malwarebytes' Anti-Malware\mbam.exe" /runcleanupscript O4 - HKLM\..\Run: [SpyHunter Security Suite] C:\Programme\Enigma Software Group\SpyHunter\SpyHunter4.exe O4 - HKLM\..\RunOnce: [SpybotDeletingA4339] command.com /c del "c:\WINDOWS\system32\winsrv32.exe" O4 - HKLM\..\RunOnce: [SpybotDeletingC5911] cmd.exe /c del "c:\WINDOWS\system32\winsrv32.exe" O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe O4 - HKCU\..\Run: [dflkfejl] C:\Dokumente und Einstellungen\****************\Lokale Einstellungen\Anwendungsdaten\otreowegr\eufbgsnshdw.exe O4 - HKCU\..\Run: [xtndoquq] C:\Dokumente und Einstellungen\****************\Lokale Einstellungen\Anwendungsdaten\mgneoorxf\edstovpshdw.exe O4 - HKCU\..\Run: [Windows - Update] C:\Dokumente und Einstellungen\****************\Startmenü\Programme\Autostart\winsrv32.exe O4 - HKCU\..\Run: [HPUHRQURsSS] C:\DOKUME~1\****************~1\LOKALE~1\Temp\w0r9muo6.exe O4 - HKCU\..\Run: [HPUHRQURqkL] C:\DOKUME~1\****************~1\LOKALE~1\Temp\rz3vnh3.exe O4 - HKCU\..\Run: [HPUHRQURmjP] C:\DOKUME~1\****************~1\LOKALE~1\Temp\btz0pz1.exe O4 - HKCU\..\Run: [HPUHRQURrta] C:\DOKUME~1\****************~1\LOKALE~1\Temp\services.exe O4 - HKCU\..\Run: [HPUHRQURose] C:\DOKUME~1\****************~1\LOKALE~1\Temp\gzraco.exe O4 - HKCU\..\Run: [HPUHRQURpw+] C:\DOKUME~1\****************~1\LOKALE~1\Temp\nvsvc32.exe O4 - HKCU\..\Run: [HPUHRQURsPc] C:\DOKUME~1\****************~1\LOKALE~1\Temp\win32.exe O4 - HKCU\..\Run: [HPUHRQURme] C:\DOKUME~1\****************~1\LOKALE~1\Temp\avp.exe O4 - HKCU\..\Run: [HPUHRQURrrb] C:\DOKUME~1\****************~1\LOKALE~1\Temp\taskmgr.exe O4 - HKCU\..\Run: [HPUHRQURnsc] C:\DOKUME~1\****************~1\LOKALE~1\Temp\drweb.exe O4 - HKCU\..\Run: [HPUHRQURsre] C:\DOKUME~1\****************~1\LOKALE~1\Temp\wininst.exe O4 - HKCU\..\Run: [HPUHRQURrta (Windows; U; Windows NT 6.1; en-US) AppleWebKit/532.5 (KHTML, like Gecko) Chrome/4.0.249.89 Safari/532.5] C:\DOKUME~1\****************~1\LOKALE~1\Temp\services.exe O4 - HKCU\..\Run: [HPUHRQURnlPc] C:\DOKUME~1\****************~1\LOKALE~1\Temp\ct5sxm4c8.exe O4 - HKCU\..\Run: [HPUHRQURrjY] C:\DOKUME~1\****************~1\LOKALE~1\Temp\vj4xyjai.exe O4 - HKCU\..\Run: [HPUHRQURsDwg] C:\DOKUME~1\****************~1\LOKALE~1\Temp\z22s6wbqvx.exe O4 - HKCU\..\Run: [HPUHRQURpjY] C:\DOKUME~1\****************~1\LOKALE~1\Temp\lf5xyfj.exe O4 - HKCU\..\Run: [HPUHRQURrvc] C:\DOKUME~1\****************~1\LOKALE~1\Temp\slsxe.exe O4 - HKCU\..\Run: [HPUHRQURqdd] C:\DOKUME~1\****************~1\LOKALE~1\Temp\pfe7ugze.exe O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Programme\Spybot - Search & Destroy\TeaTimer.exe O4 - HKCU\..\RunOnce: [SpybotDeletingB4469] command.com /c del "c:\WINDOWS\system32\winsrv32.exe" O4 - HKCU\..\RunOnce: [SpybotDeletingD2220] cmd.exe /c del "c:\WINDOWS\system32\winsrv32.exe" O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'LOKALER DIENST') O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'NETZWERKDIENST') O4 - HKUS\S-1-5-21-682003330-1637723038-725345543-500\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe (User 'Administrator') O4 - HKUS\S-1-5-21-682003330-1637723038-725345543-500\..\RunOnce: [NeroHomeFirstStart] C:\Programme\Gemeinsame Dateien\Ahead\Lib\NeroScoutOptions.exe (User 'Administrator') O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM') O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user') O8 - Extra context menu item: Add to Google Photos Screensa&ver - res://C:\WINDOWS\system32\GPhotos.scr/200 O8 - Extra context menu item: Free YouTube to Mp3 Converter - C:\Dokumente und Einstellungen\****************\Anwendungsdaten\DVDVideoSoftIEHelpers\youtubetomp3.htm O8 - Extra context menu item: Nach Microsoft E&xel exportieren - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000 O8 - Extra context menu item: Save YouTube Video as MP3 - res://C:\Programme\Gemeinsame Dateien\DVDVideoSoft\Dll\IEContextMenuY.dll/scriptY2MP3.htm O9 - Extra button: An OneNote senden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll O9 - Extra 'Tools' menuitem: An OneNote s&enden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll O9 - Extra button: HP Sammelmappe - {58ECB495-38F0-49cb-A538-10282ABF65E7} - C:\Programme\HP\Smart Web Printing\hpswp_extensions.dll O9 - Extra button: HP Intelligente Auswahl - {700259D7-1666-479a-93B1-3250410481E8} - C:\Programme\HP\Smart Web Printing\hpswp_extensions.dll O9 - Extra button: ICQ7.1 - {71BFC818-0CED-42D6-9C87-5142918957EE} - C:\Programme\ICQ7.1\ICQ.exe O9 - Extra 'Tools' menuitem: ICQ7.1 - {71BFC818-0CED-42D6-9C87-5142918957EE} - C:\Programme\ICQ7.1\ICQ.exe O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programme\Messenger\msmsgs.exe O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programme\Messenger\msmsgs.exe O10 - Unknown file in Winsock LSP: c:\programme\nvidia corporation\networkaccessmanager\bin32\nvlsp.dll O10 - Unknown file in Winsock LSP: c:\programme\nvidia corporation\networkaccessmanager\bin32\nvlsp.dll O10 - Unknown file in Winsock LSP: c:\programme\nvidia corporation\networkaccessmanager\bin32\nvlsp.dll O10 - Unknown file in Winsock LSP: c:\programme\nvidia corporation\networkaccessmanager\bin32\nvlsp.dll O17 - HKLM\System\CCS\Services\Tcpip\..\{8E8460DA-D705-46E1-9F99-BBDCC674B9D6}: NameServer = 192.168.178.1 O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\Programme\Microsoft Office\Office12\GrooveSystemServices.dll O18 - Protocol: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Programme\AVG\AVG9\avgpp.dll O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\GEMEIN~1\Skype\SKYPE4~1.DLL O20 - Winlogon Notify: avgrsstarter - avgrsstx.dll (file missing) O22 - SharedTaskScheduler: Browseui preloader - {438755C2-A8BA-11D1-B96B-00A0C90312E1} - C:\WINDOWS\system32\browseui.dll O22 - SharedTaskScheduler: Component Categories cache daemon - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\WINDOWS\system32\browseui.dll O23 - Service: Apple Mobile Device - Apple Inc. - C:\Programme\Gemeinsame Dateien\Apple\Mobile Device Support\AppleMobileDeviceService.exe O23 - Service: AVG Free WatchDog (avg9wd) - AVG Technologies CZ, s.r.o. - C:\Programme\AVG\AVG9\avgwdsvc.exe O23 - Service: Dienst "Bonjour" (Bonjour Service) - Apple Inc. - C:\Programme\Bonjour\mDNSResponder.exe O23 - Service: ForceWare Intelligent Application Manager (IAM) - Unknown owner - C:\Programme\NVIDIA Corporation\NetworkAccessManager\bin32\nSvcAppFlt.exe O23 - Service: Google Updater Service (gusvc) - Google - C:\Programme\Google\Common\Google Updater\GoogleUpdaterService.exe O23 - Service: iPod-Dienst (iPod Service) - Apple Inc. - C:\Programme\iPod\bin\iPodService.exe O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Programme\Java\jre6\bin\jqs.exe O23 - Service: ForceWare IP service (nSvcIp) - Unknown owner - C:\Programme\NVIDIA Corporation\NetworkAccessManager\bin32\nSvcIp.exe O23 - Service: NVIDIA Display Driver Service (nvsvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe O23 - Service: SolidWorks Licensing Service - SolidWorks - C:\Programme\Gemeinsame Dateien\SolidWorks Shared\Service\SolidWorksLicensing.exe O23 - Service: SpyHunter 4 Service - Enigma Software Group USA, LLC. - C:\PROGRA~1\ENIGMA~1\SPYHUN~1\SH4SER~1.EXE -- End of file - 13840 bytes  Danke schonmal im voraus |
|
04.09.2010, 16:17
| #2 | |
| /// Winkelfunktion /// TB-Süch-Tiger™   |  Kann mal jemand in mein HiJack blicken .....Zitat:
__________________ |
|
04.09.2010, 23:40
| #3 |
| | Kann mal jemand in mein HiJack blicken ..... Sry ...
__________________Hier nochmal der Malwarebytes-LOG Malwarebytes' Anti-Malware 1.46 www.malwarebytes.org Datenbank Version: 4545 Windows 5.1.2600 Service Pack 3 Internet Explorer 8.0.6001.18702 05.09.2010 00:28:27 mbam-log-2010-09-05 (00-28-27).txt Art des Suchlaufs: Quick-Scan Durchsuchte Objekte: 148500 Laufzeit: 2 Minute(n), 55 Sekunde(n) Infizierte Speicherprozesse: 0 Infizierte Speichermodule: 0 Infizierte Registrierungsschlüssel: 0 Infizierte Registrierungswerte: 0 Infizierte Dateiobjekte der Registrierung: 0 Infizierte Verzeichnisse: 0 Infizierte Dateien: 0 Infizierte Speicherprozesse: (Keine bösartigen Objekte gefunden) Infizierte Speichermodule: (Keine bösartigen Objekte gefunden) Infizierte Registrierungsschlüssel: (Keine bösartigen Objekte gefunden) Infizierte Registrierungswerte: (Keine bösartigen Objekte gefunden) Infizierte Dateiobjekte der Registrierung: (Keine bösartigen Objekte gefunden) Infizierte Verzeichnisse: (Keine bösartigen Objekte gefunden) Infizierte Dateien: (Keine bösartigen Objekte gefunden) Leider ist bei mir heute noch ein folgendes Problem aufgetreten und zwar das AVG Anti-Virus manchmal anschlägt , mit der Begründung "Generic Worm" oder so ähnlich. Wie mache ich nun am besten diesen Wurm platt ?.Weil es mit AVG anscheinend nich funktioniert. |
|
05.09.2010, 15:53
| #4 | |
| /// Winkelfunktion /// TB-Süch-Tiger™ | Kann mal jemand in mein HiJack blicken ..... Bitte routinemäßig einen Vollscan mit Malwarebytes machen und Log posten. Denk daran, dass Malwarebytes vor jedem Scan manuell aktualisiert werden muss! Zitat:
__________________ Logfiles bitte immer in CODE-Tags posten  |
|
05.09.2010, 18:38
| #5 |
| | Kann mal jemand in mein HiJack blicken ..... AVG Meldung "Screenshot" hxxp://s10.directupload.net/file/d/2273/7qdm3xo4_jpg.htm Malwarebytes' Anti-Malware 1.46 www.malwarebytes.org Datenbank Version: 4550 Windows 5.1.2600 Service Pack 3 Internet Explorer 8.0.6001.18702 05.09.2010 19:26:58 mbam-log-2010-09-05 (19-26-58).txt Art des Suchlaufs: Vollständiger Suchlauf (C:\|) Durchsuchte Objekte: 242044 Laufzeit: 52 Minute(n), 3 Sekunde(n) Infizierte Speicherprozesse: 0 Infizierte Speichermodule: 0 Infizierte Registrierungsschlüssel: 0 Infizierte Registrierungswerte: 0 Infizierte Dateiobjekte der Registrierung: 0 Infizierte Verzeichnisse: 0 Infizierte Dateien: 1 Infizierte Speicherprozesse: (Keine bösartigen Objekte gefunden) Infizierte Speichermodule: (Keine bösartigen Objekte gefunden) Infizierte Registrierungsschlüssel: (Keine bösartigen Objekte gefunden) Infizierte Registrierungswerte: (Keine bösartigen Objekte gefunden) Infizierte Dateiobjekte der Registrierung: (Keine bösartigen Objekte gefunden) Infizierte Verzeichnisse: (Keine bösartigen Objekte gefunden) Infizierte Dateien: C:\System Volume Information\_restore{1C908DA4-7F15-4862-8D7B-AB713A5562E0}\RP3\A0000130.exe (Trojan.Downloader) -> Quarantined and deleted successfully. Was kann ich nun tun ? Letztens hat mir AVG einen anderen Generic Wurm angezeigt ! Wäre das Formatieren des Rechners die beste Lösung ? |
|
05.09.2010, 18:44
| #6 |
| /// Winkelfunktion /// TB-Süch-Tiger™ | Kann mal jemand in mein HiJack blicken ..... Systemscan mit OTL Lade Dir bitte OTL von Oldtimer herunter und speichere es auf Deinem Desktop
__________________ --> Kann mal jemand in mein HiJack blicken ..... |
|
05.09.2010, 21:20
| #7 |
| | Kann mal jemand in mein HiJack blicken ..... OTL Logfile: Code:
ATTFilter OTL Extras logfile created on: 05.09.2010 22:17:34 - Run 1
OTL by OldTimer - Version 3.2.11.0 Folder = C:\Dokumente und Einstellungen\****\Desktop
Windows XP Home Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
3,00 Gb Total Physical Memory | 2,00 Gb Available Physical Memory | 72,00% Memory free
4,00 Gb Paging File | 3,00 Gb Available in Paging File | 84,00% Paging File free
Paging file location(s): C:\pagefile.sys 1536 3072 [binary data]
%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Programme
Drive C: | 232,88 Gb Total Space | 140,73 Gb Free Space | 60,43% Space Free | Partition Type: NTFS
Unable to calculate disk information.
E: Drive not present or media not loaded
F: Drive not present or media not loaded
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded
Computer Name: ****
Current User Name: ****
Logged in as Administrator.
Current Boot Mode: Normal
Scan Mode: Current user
Company Name Whitelist: Off
Skip Microsoft Files: Off
File Age = 30 Days
Output = Minimal
========== Extra Registry (SafeList) ==========
========== File Associations ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.html [@ = FirefoxHTML] -- C:\Programme\Mozilla Firefox\firefox.exe (Mozilla Corporation)
========== Shell Spawning ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
exefile [open] -- "%1" %*
htafile [open] -- "%1" %*
htmlfile [edit] -- Reg Error: Key error.
http [open] -- "C:\Programme\Mozilla Firefox\firefox.exe" -requestPending -osint -url "%1" (Mozilla Corporation)
https [open] -- "C:\Programme\Mozilla Firefox\firefox.exe" -requestPending -osint -url "%1" (Mozilla Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l (Microsoft Corporation)
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [AddToPlaylistVLC] -- C:\Programme\VideoLAN\VLC\vlc.exe --started-from-file --playlist-enqueue "%1" ()
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [OneNote.Open] -- C:\PROGRA~1\MICROS~2\Office12\ONENOTE.EXE "%L" (Microsoft Corporation)
Directory [PlayWithVLC] -- C:\Programme\VideoLAN\VLC\vlc.exe --started-from-file --no-playlist-enqueue "%1" ()
Folder [open] -- %SystemRoot%\Explorer.exe /idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
========== Security Center Settings ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"FirstRunDisabled" = 1
"AntiVirusDisableNotify" = 0
"FirewallDisableNotify" = 0
"UpdatesDisableNotify" = 0
"AntiVirusOverride" = 0
"FirewallOverride" = 0
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\AhnlabAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ComputerAssociatesAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\KasperskyAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeFirewall]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaFirewall]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SophosAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TinyFirewall]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendFirewall]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ZoneLabsFirewall]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\GloballyOpenPorts\List]
"139:TCP" = 139:TCP:*:Enabled:@xpsp2res.dll,-22004
"445:TCP" = 445:TCP:*:Enabled:@xpsp2res.dll,-22005
"137:UDP" = 137:UDP:*:Enabled:@xpsp2res.dll,-22001
"138:UDP" = 138:UDP:*:Enabled:@xpsp2res.dll,-22002
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall" = 1
"DoNotAllowExceptions" = 0
"DisableNotifications" = 0
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]
"1900:UDP" = 1900:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22007
"2869:TCP" = 2869:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22008
"3724:TCP" = 3724:TCP:*:Enabled:Blizzard Downloader: 3724
"139:TCP" = 139:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22004
"445:TCP" = 445:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22005
"137:UDP" = 137:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22001
"138:UDP" = 138:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22002
"6112:TCP" = 6112:TCP:*:Enabled:Blizzard Downloader
"1119:TCP" = 1119:TCP:*:Enabled:Blizzard Downloader
"1034:TCP" = 1034:TCP:*:Enabled:Akamai NetSession Interface
"5000:UDP" = 5000:UDP:*:Enabled:Akamai NetSession Interface
========== Authorized Applications List ==========
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]
"C:\Programme\ICQ7.1\ICQ.exe" = C:\Programme\ICQ7.1\ICQ.exe:*:Enabled:ICQ7.1 -- (ICQ, LLC.)
"C:\Programme\ICQ7.1\aolload.exe" = C:\Programme\ICQ7.1\aolload.exe:*:Enabled:aolload.exe -- (AOL LLC)
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
"C:\Programme\Armagetron Advanced\armagetronad.exe" = C:\Programme\Armagetron Advanced\armagetronad.exe:*:Enabled:armagetronad -- ()
"C:\Programme\Microsoft Office\Office12\OUTLOOK.EXE" = C:\Programme\Microsoft Office\Office12\OUTLOOK.EXE:*:Enabled:Microsoft Office Outlook -- (Microsoft Corporation)
"C:\Programme\Microsoft Office\Office12\GROOVE.EXE" = C:\Programme\Microsoft Office\Office12\GROOVE.EXE:*:Enabled:Microsoft Office Groove -- (Microsoft Corporation)
"C:\Programme\Microsoft Office\Office12\ONENOTE.EXE" = C:\Programme\Microsoft Office\Office12\ONENOTE.EXE:*:Enabled:Microsoft Office OneNote -- (Microsoft Corporation)
"C:\Dokumente und Einstellungen\****\Desktop\WoW-BurningCrusade-deDE-Installer-downloader.exe" = C:\Dokumente und Einstellungen\****\Desktop\WoW-BurningCrusade-deDE-Installer-downloader.exe:*:Enabled:Blizzard Downloader -- File not found
"C:\Programme\Steam\steamapps\****\day of defeat source\hl2.exe" = C:\Programme\Steam\steamapps\comptonjocker\day of defeat source\hl2.exe:*:Enabled:hl2 -- ()
"C:\Programme\Teamspeak2E_RC2\server_windows.exe" = C:\Programme\Teamspeak2E_RC2\server_windows.exe:*:Enabled:Server -- ()
"C:\Programme\TmNationsForever\TmForever.exe" = C:\Programme\TmNationsForever\TmForever.exe:*:Enabled:TmForever -- ()
"C:\Programme\Zattoo\zattood.exe" = C:\Programme\Zattoo\zattood.exe:*:Enabled:zattood -- File not found
"C:\Programme\Zattoo\Zattoo1.exe" = C:\Programme\Zattoo\Zattoo1.exe:*:Enabled: -- File not found
"C:\Programme\World of Warcraft\BackgroundDownloader.exe" = C:\Programme\World of Warcraft\BackgroundDownloader.exe:*:Enabled:Blizzard Downloader -- (Blizzard Entertainment)
"C:\Programme\World of Warcraft\WoW-2.4.3-to-3.0.2-deDE-Win-Final-downloader.exe" = C:\Programme\World of Warcraft\WoW-2.4.3-to-3.0.2-deDE-Win-Final-downloader.exe:*:Enabled:Blizzard Downloader -- File not found
"C:\Programme\GOA\Gunbound\GunBound.gme" = C:\Programme\GOA\Gunbound\GunBound.gme:*:Enabled:GunBound -- File not found
"C:\WINDOWS\system32\dpvsetup.exe" = C:\WINDOWS\system32\dpvsetup.exe:*:Enabled:Microsoft DirectPlay Voice Test -- (Microsoft Corporation)
"C:\Dokumente und Einstellungen\****\Lokale Einstellungen\Temp\Blizzard Launcher Temporary - 1f782da8\Launcher.exe" = C:\Dokumente und Einstellungen\****\Lokale Einstellungen\Temp\Blizzard Launcher Temporary - 1f782da8\Launcher.exe:*:Enabled:Blizzard Launcher -- File not found
"C:\Dokumente und Einstellungen\****\Lokale Einstellungen\Temp\Blizzard Launcher Temporary - 446af038\Launcher.exe" = C:\Dokumente und Einstellungen\****\Lokale Einstellungen\Temp\Blizzard Launcher Temporary - 446af038\Launcher.exe:*:Enabled:Blizzard Launcher -- File not found
"C:\Programme\Unreal Tournament 2004\System\UT2004.exe" = C:\Programme\Unreal Tournament 2004\System\UT2004.exe:*:Enabled:UT2004 -- ()
"C:\Programme\Valve\hl.exe" = C:\Programme\Valve\hl.exe:*:Enabled:Half-Life Launcher -- (Valve)
"C:\Programme\World of Warcraft\Launcher.exe" = C:\Programme\World of Warcraft\Launcher.exe:*:Enabled:Blizzard Launcher -- (Blizzard Entertainment)
"C:\Programme\World of Warcraft\WoW-3.0.9.9551-to-3.1.0.9767-deDE-downloader.exe" = C:\Programme\World of Warcraft\WoW-3.0.9.9551-to-3.1.0.9767-deDE-downloader.exe:*:Enabled:Blizzard Downloader -- File not found
"C:\Programme\Steam\steamapps\****\half-life 2 deathmatch\hl2.exe" = C:\Programme\Steam\steamapps\comptonjocker\half-life 2 deathmatch\hl2.exe:*:Enabled:hl2 -- ()
"C:\Programme\Mozilla Firefox\firefox.exe" = C:\Programme\Mozilla Firefox\firefox.exe:*:Enabled:Firefox -- (Mozilla Corporation)
"C:\Programme\World of Warcraft\WoW-3.1.3.9947-to-3.2.0.10192-deDE-downloader.exe" = C:\Programme\World of Warcraft\WoW-3.1.3.9947-to-3.2.0.10192-deDE-downloader.exe:*:Enabled:Blizzard Downloader -- File not found
"C:\Programme\World of Warcraft\WoW-3.2.0.10192-to-3.2.0.10314-deDE-downloader.exe" = C:\Programme\World of Warcraft\WoW-3.2.0.10192-to-3.2.0.10314-deDE-downloader.exe:*:Enabled:Blizzard Downloader -- File not found
"C:\Programme\World of Warcraft\WoW-3.2.0.10314-to-3.2.2.10482-deDE-downloader.exe" = C:\Programme\World of Warcraft\WoW-3.2.0.10314-to-3.2.2.10482-deDE-downloader.exe:*:Enabled:Blizzard Downloader -- File not found
"C:\Programme\World of Warcraft\WoW-3.2.2.10482-to-3.2.2.10505-deDE-downloader.exe" = C:\Programme\World of Warcraft\WoW-3.2.2.10482-to-3.2.2.10505-deDE-downloader.exe:*:Enabled:Blizzard Downloader -- File not found
"C:\Programme\Java\jre6\bin\javaw.exe" = C:\Programme\Java\jre6\bin\javaw.exe:*:Enabled:Java(TM) Platform SE binary -- (Sun Microsystems, Inc.)
"C:\CCProxy\CCProxy.exe" = C:\CCProxy\CCProxy.exe:*:Enabled:CCProxy -- File not found
"C:\Programme\uTorrent\uTorrent.exe" = C:\Programme\uTorrent\uTorrent.exe:*:Enabled:µTorrent -- File not found
"C:\Programme\World of Warcraft\WoW-3.2.0-deDE-downloader.exe" = C:\Programme\World of Warcraft\WoW-3.2.0-deDE-downloader.exe:*:Enabled:Blizzard Downloader -- (Blizzard Entertainment)
"C:\Programme\AVG\AVG9\avgupd.exe" = C:\Programme\AVG\AVG9\avgupd.exe:*:Enabled:avgupd.exe -- (AVG Technologies CZ, s.r.o.)
"C:\Programme\AVG\AVG9\avgnsx.exe" = C:\Programme\AVG\AVG9\avgnsx.exe:*:Enabled:avgnsx.exe -- (AVG Technologies CZ, s.r.o.)
"C:\Programme\Warcraft III Frozen Throne\Warcraft III.exe" = C:\Programme\Warcraft III Frozen Throne\Warcraft III.exe:*:Enabled:Warcraft III -- File not found
"C:\Programme\QuickTime\QuickTimePlayer.exe" = C:\Programme\QuickTime\QuickTimePlayer.exe:*:Enabled:QuickTime Player -- (Apple Inc.)
"C:\Programme\ICQ7.1\ICQ.exe" = C:\Programme\ICQ7.1\ICQ.exe:*:Enabled:ICQ7.1 -- (ICQ, LLC.)
"C:\Programme\ICQ7.1\aolload.exe" = C:\Programme\ICQ7.1\aolload.exe:*:Enabled:aolload.exe -- (AOL LLC)
"C:\Programme\Java\jre6\bin\java.exe" = C:\Programme\Java\jre6\bin\java.exe:*:Enabled:Java(TM) Platform SE binary -- (Sun Microsystems, Inc.)
"C:\Programme\Steam\steamapps\comptonjocker\counter-strike source\hl2.exe" = C:\Programme\Steam\steamapps\comptonjocker\counter-strike source\hl2.exe:*:Enabled:Counter-Strike: Source -- ()
"C:\Dokumente und Einstellungen\****\Lokale Einstellungen\Temp\7zS5.tmp\SymNRT.exe" = C:\Dokumente und Einstellungen\****\Lokale Einstellungen\Temp\7zS5.tmp\SymNRT.exe:*:Enabled:Norton Removal Tool -- (Symantec Corporation)
"C:\Dokumente und Einstellungen\****\Lokale Einstellungen\Temp\7zS7.tmp\SymNRT.exe" = C:\Dokumente und Einstellungen\****\Lokale Einstellungen\Temp\7zS7.tmp\SymNRT.exe:*:Enabled:Norton Removal Tool -- File not found
"C:\Dokumente und Einstellungen\****\Lokale Einstellungen\Temp\7zS9.tmp\SymNRT.exe" = C:\Dokumente und Einstellungen\****\Lokale Einstellungen\Temp\7zS9.tmp\SymNRT.exe:*:Enabled:Norton Removal Tool -- (Symantec Corporation)
"C:\Dokumente und Einstellungen\****\Lokale Einstellungen\Temp\7zSB.tmp\SymNRT.exe" = C:\Dokumente und Einstellungen\****\Lokale Einstellungen\Temp\7zSB.tmp\SymNRT.exe:*:Enabled:Norton Removal Tool -- (Symantec Corporation)
"C:\Dokumente und Einstellungen\****\Lokale Einstellungen\Temp\7zSD.tmp\SymNRT.exe" = C:\Dokumente und Einstellungen\****
\Lokale Einstellungen\Temp\7zSD.tmp\SymNRT.exe:*:Enabled:Norton Removal Tool -- (Symantec Corporation)
"C:\Dokumente und Einstellungen\****\Lokale Einstellungen\Temp\7zSF.tmp\SymNRT.exe" = C:\Dokumente und Einstellungen\****\Lokale Einstellungen\Temp\7zSF.tmp\SymNRT.exe:*:Enabled:Norton Removal Tool -- File not found
"C:\Programme\iTunes\iTunes.exe" = C:\Programme\iTunes\iTunes.exe:*:Enabled:iTunes -- (Apple Inc.)
========== HKEY_LOCAL_MACHINE Uninstall List ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{001E7FB6-BB6B-4ED0-BEDC-B5404ED96D4E}" = DocProc
"{002D9D5E-29BA-3E6D-9BC4-3D7D6DBC735C}" = Microsoft Visual C++ 2008 ATL Update kb973924 - x86 9.0.30729.4148
"{0289B35E-DC07-4c7a-9710-BBD686EA4B7D}" = Status
"{048298C9-A4D3-490B-9FF9-AB023A9238F3}" = Steam
"{0CB9668D-F979-4F31-B8B8-67FE90F929F8}" = Bonjour
"{13B792AA-C078-43A4-8A3A-8B12D629940D}" = Counter-Strike 1.6
"{13F00518-807A-4B3A-83B0-A7CD90F3A398}" = MarketResearch
"{13F3917B56CD4C25848BDC69916971BB}" = DivX Converter
"{1545207E-C6F3-31D7-9918-BDBB65075FBF}" = Microsoft .NET Framework 3.5 Language Pack - deu
"{1753255A-0AEB-4220-8C75-607B73F0C133}" = Copy
"{18D10072035C4515918F7E37EAFAACFC}" = AutoUpdate
"{197A3012-8C85-4FD3-AB66-9EC7E13DB92E}" = Adobe AIR
"{2614F54E-A828-49FA-93BA-45A3F756BFAA}" = 32 Bit HP CIO Components Installer
"{26A24AE4-039D-4CA4-87B4-2F83216011FF}" = Java(TM) 6 Update 15
"{29FA38B4-0AE4-4D0D-8A51-6165BB990BB0}" = WebReg
"{2F28B3C9-2C89-4206-8B33-8ADC9577C49B}" = Scan
"{3248F0A8-6813-11D6-A77B-00B0D0160070}" = Java(TM) 6 Update 7
"{350C97B3-3D7C-4EE8-BAA9-00BCB3D54227}" = WebFldrs XP
"{350FB27C-CF62-4EF3-AF9D-70FF313FE221}" = iTunes
"{36FDBE6E-6684-462B-AE98-9A39A1B200CC}" = HP Product Assistant
"{394DC0BC-5476-4260-B52C-BDE1BDEFA958}" = Unreal Tournament 2004
"{3FC7CBBC4C1E11DCA1A752EA55D89593}" = DivX Version Checker
"{415CDA53-9100-476F-A7B2-476691E117C7}" = HP Smart Web Printing
"{4781569D-5404-1F26-4B2B-6DF444441031}" = Nero 7 Ultra Edition
"{487B0B9B-DCD4-440D-89A0-A6EDE1A545A3}" = HPSSupply
"{543E938C-BDC4-4933-A612-01293996845F}" = UnloadSupport
"{5C82DAE5-6EB0-4374-9254-BE3319BA4E82}" = Skype™ 3.8
"{5EE7D259-D137-4438-9A5F-42F432EC0421}" = VC80CRTRedist - 8.0.50727.4053
"{66E6CE0C-5A1E-430C-B40A-0C90FF1804A8}" = eSupportQFolder
"{6956856F-B6B3-4BE0-BA0B-8F495BE32033}" = Apple Software Update
"{6F5E2F4A-377D-4700-B0E3-8F7F7507EA15}" = CustomerResearchQFolder
"{71BFC818-0CED-42D6-9C87-5142918957EE}" = ICQ7.1
"{7299052b-02a4-4627-81f2-1818da5d550d}" = Microsoft Visual C++ 2005 Redistributable
"{770657D0-A123-3C07-8E44-1C83EC895118}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
"{7B63B2922B174135AFC0E1377DD81EC2}" = DivX Codec
"{7CFA46E3-CC2F-4355-82AE-6012DC3633FD}" = NVIDIA ForceWare Network Access Manager
"{7E20EFE6-E604-48C6-8B39-BA4742F2CDB4}" = Zune Desktop Theme
"{824D3839-DAA1-4315-A822-7AE3E620E528}" = VideoToolkit01
"{837b34e3-7c30-493c-8f6a-2b0f04e2912c}" = Microsoft Visual C++ 2005 Redistributable
"{8389382B-53BA-4A87-8854-91E3D80A5AC7}" = HP Photosmart Essential2.01
"{87E2B986-07E8-477a-93DC-AF0B6758B192}" = DocProcQFolder
"{8ADFC4160D694100B5B8A22DE9DCABD9}" = DivX Player
"{90120000-0010-0407-0000-0000000FF1CE}" = Microsoft Software Update for Web Folders (German) 12
"{90120000-0015-0407-0000-0000000FF1CE}" = Microsoft Office Access MUI (German) 2007
"{90120000-0015-0407-0000-0000000FF1CE}_ENTERPRISE_{9BD40163-B95D-4B07-8991-0AB775B6D88B}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0016-0407-0000-0000000FF1CE}" = Microsoft Office Excel MUI (German) 2007
"{90120000-0016-0407-0000-0000000FF1CE}_ENTERPRISE_{9BD40163-B95D-4B07-8991-0AB775B6D88B}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0018-0407-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (German) 2007
"{90120000-0018-0407-0000-0000000FF1CE}_ENTERPRISE_{9BD40163-B95D-4B07-8991-0AB775B6D88B}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0019-0407-0000-0000000FF1CE}" = Microsoft Office Publisher MUI (German) 2007
"{90120000-0019-0407-0000-0000000FF1CE}_ENTERPRISE_{9BD40163-B95D-4B07-8991-0AB775B6D88B}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-001A-0407-0000-0000000FF1CE}" = Microsoft Office Outlook MUI (German) 2007
"{90120000-001A-0407-0000-0000000FF1CE}_ENTERPRISE_{9BD40163-B95D-4B07-8991-0AB775B6D88B}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-001B-0407-0000-0000000FF1CE}" = Microsoft Office Word MUI (German) 2007
"{90120000-001B-0407-0000-0000000FF1CE}_ENTERPRISE_{9BD40163-B95D-4B07-8991-0AB775B6D88B}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-001F-0407-0000-0000000FF1CE}" = Microsoft Office Proof (German) 2007
"{90120000-001F-0407-0000-0000000FF1CE}_ENTERPRISE_{A0516415-ED61-419A-981D-93596DA74165}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2007
"{90120000-001F-0409-0000-0000000FF1CE}_ENTERPRISE_{ABDDE972-355B-4AF1-89A8-DA50B7B5C045}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2007
"{90120000-001F-040C-0000-0000000FF1CE}_ENTERPRISE_{F580DDD5-8D37-4998-968E-EBB76BB86787}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-001F-0410-0000-0000000FF1CE}" = Microsoft Office Proof (Italian) 2007
"{90120000-001F-0410-0000-0000000FF1CE}_ENTERPRISE_{322296D4-1EAE-4030-9FBC-D2787EB25FA2}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-002C-0407-0000-0000000FF1CE}" = Microsoft Office Proofing (German) 2007
"{90120000-0030-0000-0000-0000000FF1CE}" = Microsoft Office Enterprise 2007
"{90120000-0030-0000-0000-0000000FF1CE}_ENTERPRISE_{0B36C6D6-F5D8-4EAF-BF94-4376A230AD5B}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0030-0000-0000-0000000FF1CE}_ENTERPRISE_{3D019598-7B59-447A-80AE-815B703B84FF}" = Security Update for Microsoft Office system 2007 (972581)
"{90120000-0044-0407-0000-0000000FF1CE}" = Microsoft Office InfoPath MUI (German) 2007
"{90120000-0044-0407-0000-0000000FF1CE}_ENTERPRISE_{9BD40163-B95D-4B07-8991-0AB775B6D88B}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-006E-0407-0000-0000000FF1CE}" = Microsoft Office Shared MUI (German) 2007
"{90120000-006E-0407-0000-0000000FF1CE}_ENTERPRISE_{26454C26-D259-4543-AA60-3189E09C5F76}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-00A1-0407-0000-0000000FF1CE}" = Microsoft Office OneNote MUI (German) 2007
"{90120000-00A1-0407-0000-0000000FF1CE}_ENTERPRISE_{9BD40163-B95D-4B07-8991-0AB775B6D88B}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-00BA-0407-0000-0000000FF1CE}" = Microsoft Office Groove MUI (German) 2007
"{90120000-00BA-0407-0000-0000000FF1CE}_ENTERPRISE_{9BD40163-B95D-4B07-8991-0AB775B6D88B}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{9309DD7E-EBFE-3C95-8B47-30D3A012F606}" = Microsoft .NET Framework 2.0 Service Pack 1 Language Pack - DEU
"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
"{9C2D4047-0E40-499a-AC7A-C4B9BB12FE03}" = TrayApp
"{A036E231-5A03-4d63-94F6-7864CC77EC48}" = PS_AIO_ProductContext
"{A1071AEB-B0EF-3F5F-BC84-83A270EBE496}" = Microsoft .NET Framework 3.0 Service Pack 1 Language Pack - DEU
"{A3051CD0-2F64-3813-A88D-B8DCCDE8F8C7}" = Microsoft .NET Framework 3.0 Service Pack 2
"{A96E97134CA649888820BCDE5E300BBD}" = H.264 Decoder
"{AAC389499AEF40428987B3D30CFC76C9}" = MKV Splitter
"{AB5D51AE-EBC3-438D-872C-705C7C2084B0}" = DeviceManagementQFolder
"{AC76BA86-7AD7-1031-7B44-A93000000001}" = Adobe Reader 9.3.4 - Deutsch
"{AEA07F97-9088-497c-8821-0F36BD5DC251}" = HPProductAssistant
"{AEF9DC35ADDF4825B049ACBFD1C6EB37}" = AAC Decoder
"{AF7FC1CA-79DF-43c3-90A3-33EFEB9294CE}" = AIO_Scan
"{B0069CFA-5BB9-4C03-B1C6-89CE290E5AFE}" = HP Update
"{B040FEFE-B45F-4e30-B3C6-035F53F544A9}" = c4200_Help
"{B13A7C41581B411290FBC0395694E2A9}" = DivX Converter
"{B22C19AE-6A67-4f28-B541-5AE72FB17A25}" = HP Photosmart All-In-One Software 9.0
"{B4092C6D-E886-4CB2-BA68-FE5A88D31DE6}_is1" = Spybot - Search & Destroy
"{B7050CBDB2504B34BC2A9CA0A692CC29}" = DivX Plus Web Player
"{B9F3A6E6-9C77-4535-9ED9-B16C1EBDFEC2}" = C4200
"{BCD6CD1A-0DBE-412E-9F25-3B500D1E6BA1}" = SolutionCenter
"{C05D8CDB-417D-4335-A38C-A0659EDFD6B8}" = Die*Sims™*3
"{C09FB3CD-3D0C-3F2D-899A-6A1D67F2073F}" = Microsoft .NET Framework 2.0 Service Pack 2
"{C5C1C0F0-D62F-4DBF-81D4-D7EF397C228B}" = NVIDIA PhysX
"{C9EAEE6B-741F-421D-B9CE-9FA300DA92AD}_is1" = Super Mario Bros. X version 1.2.2
"{CCA1EEA3-555E-4D05-AC46-4B49C6C5D887}" = Apple Mobile Device Support
"{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1
"{CF40ACC5-E1BB-4aff-AC72-04C2F616BCA7}" = getPlus(R)
"{D0E39A1D-0CEE-4D85-B4A2-E3BE990D075E}" = Destination Component
"{D719E8F1-6931-40b4-AC0B-5FE2C097F995}" = C4200_doccd
"{DAEAFD68-BB4A-4507-A241-C8804D2EA66D}" = Apple Application Support
"{DCD786A9-31EF-4D35-B7CC-EFB8F548AEE2}" = O&O SafeErase
"{E2662C24-B31E-4349-A084-32EB76E8B760}" = BufferChm
"{E39A3770-3DDE-404c-B91F-3522947874A3}" = PS_AIO_Software_min
"{E3E71D07-CD27-46CB-8448-16D4FB29AA13}" = Microsoft WSE 3.0 Runtime
"{E9C18EBD-85BE-47D0-AA73-3FEDCC976B04}" = Toolbox
"{EB900AF8-CC61-4E15-871B-98D1EA3E8025}" = QuickTime
"{EF1ADA5A-0B1A-4662-8C55-7475A61D8B65}" = DeviceDiscovery
"{F0312AC6-988B-11DA-9C49-000476F770CC}" = CIB pdf brewer 2.5.29
"{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver
"{F216C9C6-23F7-47B4-B57E-9878DE2E8534}" = QIP Infium 9033.6 Jeak-Edition
"{F72E2DDC-3DB8-4190-A21D-63883D955FE7}" = PSSWCORE
"{FA4FA322-5C90-4d2b-A019-9E588273DED5}" = PS_AIO_Software
"{FA54AFB1-5745-4389-B8C1-9F7509672ED1}" = iPhone-Konfigurationsprogramm
"Adobe AIR" = Adobe AIR
"Adobe Flash Player ActiveX" = Adobe Flash Player 10 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 10 Plugin
"Akamai" = Akamai NetSession Interface
"Armagetron Advanced" = Armagetron Advanced 0.2.8.2.1.gcc
"AudibleDownloadManager" = Audible Download Manager
"AVG9Uninstall" = AVG Free 9.0
"AviSynth" = AviSynth 2.5
"CCleaner" = CCleaner
"CloneDVD2" = CloneDVD2
"CPUID CPU-Z_is1" = CPUID CPU-Z 1.52.2
"DivX Plus DirectShow Filters" = DivX Plus DirectShow Filters
"Dream Aquarium_is1" = Dream Aquarium
"DVD Shrink_is1" = DVD Shrink 3.2
"ENTERPRISE" = Microsoft Office Enterprise 2007
"Free YouTube to MP3 Converter_is1" = Free YouTube to MP3 Converter version 3.7
"HP Imaging Device Functions" = HP Imaging Device Functions 9.0
"HP Photosmart Essential" = HP Photosmart Essential 2.01
"HP Solution Center & Imaging Support Tools" = HP Solution Center 9.0
"HPExtendedCapabilities" = HP Customer Participation Program 9.0
"HPOCR" = HP OCR Software 9.0
"ie8" = Windows Internet Explorer 8
"Inkscape" = Inkscape 0.47
"InstallShield_{7CFA46E3-CC2F-4355-82AE-6012DC3633FD}" = NVIDIA ForceWare Network Access Manager
"Malwarebytes' Anti-Malware_is1" = Malwarebytes' Anti-Malware
"Microsoft .NET Framework 3.5 Language Pack - deu" = Microsoft .NET Framework 3.5 Language Pack - DEU
"Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1
"Mozilla Firefox (3.6.8)" = Mozilla Firefox (3.6.8)
"MSCompPackV1" = Microsoft Compression Client Pack 1.0 for Windows XP
"NVIDIA Display Control Panel" = NVIDIA Display Control Panel
"NVIDIA Drivers" = NVIDIA Drivers
"NVIDIA nView Desktop Manager" = NVIDIA nView Desktop Manager
"PandoraRecovery" = PandoraRecovery (Remove Only)
"PC-Trainer Metall" = PC-Trainer Metall
"Picasa 3" = Picasa 3
"Replay Director1.0" = Replay Director
"Replay Media Catcher 3.11" = Replay Media Catcher 3.11
"Steam App 240" = Counter-Strike: Source
"Steam App 300" = Day of Defeat: Source
"Steam App 320" = Half-Life 2: Deathmatch
"Teamspeak 2 RC2_is1" = TeamSpeak 2 RC2
"TeamSpeak 2 Server_is1" = TeamSpeak 2 Server RC2
"TmNationsForever_is1" = TmNationsForever Update 2010-03-15
"Uninstall_is1" = Uninstall 1.0.0.1
"Videora iPod touch Converter" = Videora iPod touch Converter 5.04
"VLC media player" = VideoLAN VLC media player 0.8.6i
"Windows Media Format Runtime" = Windows Media Format 11 runtime
"Windows Media Player" = Windows Media Player 11
"Windows XP Service Pack" = Windows XP Service Pack 3
"WinGimp-2.0_is1" = GIMP 2.6.6
"WinRAR archiver" = WinRAR
"WMFDist11" = Windows Media Format 11 runtime
"wmp11" = Windows Media Player 11
"World of Warcraft" = World of Warcraft
"Wudf01000" = Microsoft User-Mode Driver Framework Feature Pack 1.0
"XpsEPSC" = XML Paper Specification Shared Components Pack 1.0
"XPSEPSCLP" = XML Paper Specification Shared Components Language Pack 1.0
========== HKEY_CURRENT_USER Uninstall List ==========
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"Move Networks Player - IE" = Move Networks Media Player for Internet Explorer
========== Last 10 Event Log Errors ==========
[ Application Events ]
Error - 04.09.2010 11:27:42 | Computer Name = HOME-C60F8FC674 | Source = Application Error | ID = 1000
Description = Fehlgeschlagene Anwendung inkscape.exe, Version 0.47.0.0, fehlgeschlagenes
Modul inkscape.exe, Version 0.47.0.0, Fehleradresse 0x004f6ca7.
Error - 04.09.2010 17:35:14 | Computer Name = HOME-C60F8FC674 | Source = Application Hang | ID = 1002
Description = Stillstehende Anwendung SpyHunter4.exe, Version 4.2.24.3011, Stillstandmodul
hungapp, Version 0.0.0.0, Stillstandadresse 0x00000000.
Error - 05.09.2010 06:58:47 | Computer Name = HOME-C60F8FC674 | Source = Application Hang | ID = 1002
Description = Stillstehende Anwendung inkscape.exe, Version 0.47.0.0, Stillstandmodul
hungapp, Version 0.0.0.0, Stillstandadresse 0x00000000.
Error - 05.09.2010 09:23:47 | Computer Name = HOME-C60F8FC674 | Source = Bonjour Service | ID = 100
Description = 316: ERROR: read_msg errno 10054 (Eine vorhandene Verbindung wurde
vom Remotehost geschlossen.)
Error - 05.09.2010 09:23:47 | Computer Name = HOME-C60F8FC674 | Source = Bonjour Service | ID = 100
Description = 312: ERROR: read_msg errno 10054 (Eine vorhandene Verbindung wurde
vom Remotehost geschlossen.)
Error - 05.09.2010 09:23:47 | Computer Name = HOME-C60F8FC674 | Source = Bonjour Service | ID = 100
Description = 480: ERROR: read_msg errno 10054 (Eine vorhandene Verbindung wurde
vom Remotehost geschlossen.)
Error - 05.09.2010 09:23:47 | Computer Name = HOME-C60F8FC674 | Source = Bonjour Service | ID = 100
Description = 472: ERROR: read_msg errno 10054 (Eine vorhandene Verbindung wurde
vom Remotehost geschlossen.)
Error - 05.09.2010 09:23:47 | Computer Name = HOME-C60F8FC674 | Source = Bonjour Service | ID = 100
Description = 492: ERROR: read_msg errno 10054 (Eine vorhandene Verbindung wurde
vom Remotehost geschlossen.)
Error - 05.09.2010 09:23:47 | Computer Name = HOME-C60F8FC674 | Source = Bonjour Service | ID = 100
Description = 504: ERROR: read_msg errno 10054 (Eine vorhandene Verbindung wurde
vom Remotehost geschlossen.)
Error - 05.09.2010 09:23:47 | Computer Name = HOME-C60F8FC674 | Source = Bonjour Service | ID = 100
Description = 516: ERROR: read_msg errno 10054 (Eine vorhandene Verbindung wurde
vom Remotehost geschlossen.)
[ OSession Events ]
Error - 15.12.2008 07:21:41 | Computer Name = HOME-C60F8FC674 | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 3, Application Name: Microsoft Office PowerPoint, Application
Version: 12.0.4518.1014, Microsoft Office Version: 12.0.4518.1014. This session
lasted 8 seconds with 0 seconds of active time. This session ended with a crash.
Error - 18.10.2009 12:56:25 | Computer Name = HOME-C60F8FC674 | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 1, Application Name: Microsoft Office Excel, Application Version:
12.0.4518.1014, Microsoft Office Version: 12.0.4518.1014. This session lasted 147
seconds with 120 seconds of active time. This session ended with a crash.
Error - 18.10.2009 12:56:33 | Computer Name = HOME-C60F8FC674 | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 1, Application Name: Microsoft Office Excel, Application Version:
12.0.4518.1014, Microsoft Office Version: 12.0.4518.1014. This session lasted 2
seconds with 0 seconds of active time. This session ended with a crash.
Error - 18.10.2009 12:56:38 | Computer Name = HOME-C60F8FC674 | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 1, Application Name: Microsoft Office Excel, Application Version:
12.0.4518.1014, Microsoft Office Version: 12.0.4518.1014. This session lasted 4
seconds with 0 seconds of active time. This session ended with a crash.
Error - 18.10.2009 12:56:47 | Computer Name = HOME-C60F8FC674 | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 1, Application Name: Microsoft Office Excel, Application Version:
12.0.4518.1014, Microsoft Office Version: 12.0.4518.1014. This session lasted 6
seconds with 0 seconds of active time. This session ended with a crash.
Error - 18.10.2009 12:56:58 | Computer Name = HOME-C60F8FC674 | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 1, Application Name: Microsoft Office Excel, Application Version:
12.0.4518.1014, Microsoft Office Version: 12.0.4518.1014. This session lasted 7
seconds with 0 seconds of active time. This session ended with a crash.
[ System Events ]
Error - 04.09.2010 18:25:14 | Computer Name = HOME-C60F8FC674 | Source = Service Control Manager | ID = 7023
Description = Der Dienst "Anwendungsverwaltung" wurde mit folgendem Fehler beendet:
%%126
Error - 05.09.2010 04:28:04 | Computer Name = HOME-C60F8FC674 | Source = Service Control Manager | ID = 7000
Description = Der Dienst "adfs" wurde aufgrund folgenden Fehlers nicht gestartet:
%%2
Error - 05.09.2010 04:29:34 | Computer Name = HOME-C60F8FC674 | Source = Service Control Manager | ID = 7022
Description = Der Dienst "HP CUE DeviceDiscovery Service" wurde nicht ordnungsgemäß
gestartet.
Error - 05.09.2010 06:42:55 | Computer Name = HOME-C60F8FC674 | Source = Service Control Manager | ID = 7000
Description = Der Dienst "adfs" wurde aufgrund folgenden Fehlers nicht gestartet:
%%2
Error - 05.09.2010 06:44:09 | Computer Name = HOME-C60F8FC674 | Source = Service Control Manager | ID = 7022
Description = Der Dienst "HP CUE DeviceDiscovery Service" wurde nicht ordnungsgemäß
gestartet.
Error - 05.09.2010 12:27:58 | Computer Name = HOME-C60F8FC674 | Source = Service Control Manager | ID = 7000
Description = Der Dienst "adfs" wurde aufgrund folgenden Fehlers nicht gestartet:
%%2
Error - 05.09.2010 12:29:21 | Computer Name = HOME-C60F8FC674 | Source = Service Control Manager | ID = 7022
Description = Der Dienst "HP CUE DeviceDiscovery Service" wurde nicht ordnungsgemäß
gestartet.
Error - 05.09.2010 13:29:06 | Computer Name = HOME-C60F8FC674 | Source = Service Control Manager | ID = 7000
Description = Der Dienst "adfs" wurde aufgrund folgenden Fehlers nicht gestartet:
%%2
Error - 05.09.2010 13:29:13 | Computer Name = HOME-C60F8FC674 | Source = sr | ID = 1
Description = Beim Verarbeiten der Datei "" auf Volume "HarddiskVolume1" ist im
Wiederherstellungsfilter der unerwartete Fehler "0xC0000001" aufgetreten. Die Volumeüberwachung
wurde angehalten.
Error - 05.09.2010 13:30:28 | Computer Name = HOME-C60F8FC674 | Source = Service Control Manager | ID = 7022
Description = Der Dienst "HP CUE DeviceDiscovery Service" wurde nicht ordnungsgemäß
gestartet.
< End of report >
OTL Logfile: Code:
ATTFilter OTL logfile created on: 05.09.2010 22:17:34 - Run 1 OTL by OldTimer - Version 3.2.11.0 Folder = C:\Dokumente und Einstellungen\****\Desktop Windows XP Home Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation Internet Explorer (Version = 8.0.6001.18702) Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy 3,00 Gb Total Physical Memory | 2,00 Gb Available Physical Memory | 72,00% Memory free 4,00 Gb Paging File | 3,00 Gb Available in Paging File | 84,00% Paging File free Paging file location(s): C:\pagefile.sys 1536 3072 [binary data] %SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Programme Drive C: | 232,88 Gb Total Space | 140,73 Gb Free Space | 60,43% Space Free | Partition Type: NTFS Unable to calculate disk information. E: Drive not present or media not loaded F: Drive not present or media not loaded G: Drive not present or media not loaded H: Drive not present or media not loaded I: Drive not present or media not loaded Computer Name: **** Current User Name: **** Logged in as Administrator. Current Boot Mode: Normal Scan Mode: Current user Company Name Whitelist: Off Skip Microsoft Files: Off File Age = 30 Days Output = Minimal ========== Processes (SafeList) ========== PRC - C:\Dokumente und Einstellungen\****\Desktop\OTL.exe (OldTimer Tools) PRC - C:\Programme\Gemeinsame Dateien\Apple\Mobile Device Support\AppleMobileDeviceService.exe (Apple Inc.) PRC - C:\Programme\Mozilla Firefox\firefox.exe (Mozilla Corporation) PRC - C:\Programme\AVG\AVG9\avgtray.exe (AVG Technologies CZ, s.r.o.) PRC - C:\Programme\AVG\AVG9\avgnsx.exe (AVG Technologies CZ, s.r.o.) PRC - C:\Programme\AVG\AVG9\avgrsx.exe (AVG Technologies CZ, s.r.o.) PRC - C:\Programme\AVG\AVG9\avgwdsvc.exe (AVG Technologies CZ, s.r.o.) PRC - C:\Programme\AVG\AVG9\avgcsrvx.exe (AVG Technologies CZ, s.r.o.) PRC - C:\Programme\AVG\AVG9\avgchsvx.exe (AVG Technologies CZ, s.r.o.) PRC - C:\Programme\NVIDIA Corporation\NetworkAccessManager\bin32\nSvcAppFlt.exe () PRC - C:\Programme\NVIDIA Corporation\NetworkAccessManager\bin32\nSvcIp.exe () PRC - C:\Programme\Spybot - Search & Destroy\TeaTimer.exe (Safer-Networking Ltd.) PRC - C:\WINDOWS\explorer.exe (Microsoft Corporation) ========== Modules (SafeList) ========== MOD - C:\Dokumente und Einstellungen\****\Desktop\OTL.exe (OldTimer Tools) MOD - C:\WINDOWS\system32\msscript.ocx (Microsoft Corporation) ========== Win32 Services (SafeList) ========== SRV - (AppMgmt) -- C:\WINDOWS\System32\appmgmts.dll File not found SRV - (Akamai) -- c:\Programme\Gemeinsame Dateien\Akamai\rswin_3745.dll () SRV - (Apple Mobile Device) -- C:\Programme\Gemeinsame Dateien\Apple\Mobile Device Support\AppleMobileDeviceService.exe (Apple Inc.) SRV - (avg9wd) -- C:\Programme\AVG\AVG9\avgwdsvc.exe (AVG Technologies CZ, s.r.o.) SRV - (ForceWare Intelligent Application Manager (IAM)) ForceWare Intelligent Application Manager (IAM) -- C:\Programme\NVIDIA Corporation\NetworkAccessManager\bin32\nSvcAppFlt.exe () SRV - (nSvcIp) -- C:\Programme\NVIDIA Corporation\NetworkAccessManager\bin32\nSvcIp.exe () SRV - (SolidWorks Licensing Service) -- C:\Programme\Gemeinsame Dateien\SolidWorks Shared\Service\SolidWorksLicensing.exe (SolidWorks) SRV - (odserv) -- C:\Programme\Gemeinsame Dateien\Microsoft Shared\OFFICE12\ODSERV.EXE (Microsoft Corporation) SRV - (ose) -- C:\Programme\Gemeinsame Dateien\Microsoft Shared\Source Engine\OSE.EXE (Microsoft Corporation) ========== Driver Services (SafeList) ========== DRV - (Mach3) -- C:\WINDOWS\System32\Drivers\Mach3.sys File not found DRV - (InCDRm) -- C:\WINDOWS\System32\drivers\InCDRm.sys File not found DRV - (InCDPass) -- C:\WINDOWS\System32\drivers\InCDPass.sys File not found DRV - (InCDFs) -- C:\WINDOWS\System32\drivers\InCDFs.sys File not found DRV - (esgiguard) -- C:\Programme\Enigma Software Group\SpyHunter\esgiguard.sys File not found DRV - (ALSysIO) -- C:\DOKUME~1\****~1\LOKALE~1\Temp\ALSysIO.sys File not found DRV - (AvgTdiX) -- C:\WINDOWS\System32\Drivers\avgtdix.sys (AVG Technologies CZ, s.r.o.) DRV - (AvgLdx86) -- C:\WINDOWS\System32\Drivers\avgldx86.sys (AVG Technologies CZ, s.r.o.) DRV - (AvgMfx86) -- C:\WINDOWS\System32\Drivers\avgmfx86.sys (AVG Technologies CZ, s.r.o.) DRV - (nv) -- C:\WINDOWS\system32\drivers\nv4_mini.sys (NVIDIA Corporation) DRV - (hamachi) -- C:\WINDOWS\system32\drivers\hamachi.sys (LogMeIn, Inc.) DRV - (nvnetbus) -- C:\WINDOWS\system32\drivers\nvnetbus.sys (NVIDIA Corporation) DRV - (NVENETFD) -- C:\WINDOWS\system32\drivers\NVENETFD.sys (NVIDIA Corporation) DRV - (nvgts) -- C:\WINDOWS\system32\DRIVERS\nvgts.sys (NVIDIA Corporation) DRV - (ssmdrv) -- C:\WINDOWS\system32\drivers\ssmdrv.sys (Avira GmbH) DRV - (cpuz132) -- C:\WINDOWS\system32\drivers\cpuz132_x32.sys (Windows (R) Codename Longhorn DDK provider) DRV - (ElbyCDIO) -- C:\WINDOWS\system32\drivers\ElbyCDIO.sys (Elaborate Bytes AG) DRV - (HDAudBus) -- C:\WINDOWS\system32\drivers\hdaudbus.sys (Windows (R) Server 2003 DDK provider) DRV - (AR5523) -- C:\WINDOWS\system32\drivers\ar5523.sys ( ) DRV - (IntcAzAudAddService) Service for Realtek HD Audio (WDM) -- C:\WINDOWS\system32\drivers\RtkHDAud.sys (Realtek Semiconductor Corp.) DRV - (QV2KUX) -- C:\WINDOWS\system32\drivers\qv2kux.sys (Microsoft Corporation) ========== Standard Registry (SafeList) ========== ========== Internet Explorer ========== IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://qip.ru IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Search_URL = hxxp://search.qip.ru IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = hxxp://search.qip.ru IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.google.com/ IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Search,Default_Search_URL = hxxp://www.google.com/ie IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = hxxp://search.qip.ru/ie IE - HKCU\..\URLSearchHook: - Reg Error: Key error. File not found IE - HKCU\..\URLSearchHook: {A55F9C95-2BB1-4EA2-BC77-DFAAB78832CE} - C:\Dokumente und Einstellungen\****\Anwendungsdaten\Microsoft\Internet Explorer\qipsearchbar.dll (qip.ru) IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyServer" = http=127.0.0.1:6092 ========== FireFox ========== FF - prefs.js..browser.search.defaultenginename: "QIP Search" FF - prefs.js..browser.search.defaulturl: "hxxp://www.google.com/search?lr=&ie=UTF-8&oe=UTF-8&q=" FF - prefs.js..browser.search.selectedEngine: "Google" FF - prefs.js..browser.startup.homepage: "hxxp://google.de" FF - prefs.js..extensions.enabledItems: {3f963a5b-e555-4543-90e2-c3908898db71}:9.0.0.845 FF - prefs.js..extensions.enabledItems: dvscontextmenuy@dvdvideosoft.com:1.0 FF - prefs.js..extensions.enabledItems: jqs@sun.com:1.0 FF - prefs.js..extensions.enabledItems: moveplayer@movenetworks.com:1.0.0.071303000004 FF - prefs.js..extensions.enabledItems: {32a1fd71-835e-4b11-8e54-886fda0b4c89}:1.1 FF - prefs.js..extensions.enabledItems: {ACAA314B-EEBA-48e4-AD47-84E31C44796C}:1.0.1 FF - prefs.js..keyword.URL: "hxxp://search.qip.ru/search?from=FF&query=" FF - HKLM\software\mozilla\Firefox\extensions\\{3f963a5b-e555-4543-90e2-c3908898db71}: C:\Programme\AVG\AVG9\Firefox [2010.07.21 19:16:08 | 000,000,000 | ---D | M] FF - HKLM\software\mozilla\Mozilla Firefox 3.6.8\extensions\\Components: C:\Programme\Mozilla Firefox\components [2010.08.20 17:06:15 | 000,000,000 | ---D | M] FF - HKLM\software\mozilla\Mozilla Firefox 3.6.8\extensions\\Plugins: C:\Programme\Mozilla Firefox\plugins [2010.08.20 17:06:15 | 000,000,000 | ---D | M] [2008.08.29 15:56:26 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\****\Anwendungsdaten\Mozilla\Extensions [2010.09.04 23:45:13 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\****\Anwendungsdaten\Mozilla\Firefox\Profiles\1bkcn93s.default\extensions [2010.04.29 16:08:31 | 000,000,000 | ---D | M] (Microsoft .NET Framework Assistant) -- C:\Dokumente und Einstellungen\****\Anwendungsdaten\Mozilla\Firefox\Profiles\1bkcn93s.default\extensions\{20a82645-c095-46ed-80e3-08825760534b} [2010.04.29 16:08:27 | 000,000,000 | ---D | M] (Google Toolbar for Firefox) -- C:\Dokumente und Einstellungen\****\Anwendungsdaten\Mozilla\Firefox\Profiles\1bkcn93s.default\extensions\{3112ca9c-de6d-4884-a869-9855de68056c} [2010.03.16 20:46:04 | 000,000,000 | ---D | M] (QipAuthorizer) -- C:\Dokumente und Einstellungen\****\Anwendungsdaten\Mozilla\Firefox\Profiles\1bkcn93s.default\extensions\{32a1fd71-835e-4b11-8e54-886fda0b4c89} [2010.06.26 14:16:22 | 000,000,000 | ---D | M] (No name found) -- C:\Dokumente und Einstellungen\****\Anwendungsdaten\Mozilla\Firefox\Profiles\1bkcn93s.default\extensions\{ACAA314B-EEBA-48e4-AD47-84E31C44796C} [2008.07.19 20:06:23 | 000,000,000 | ---D | M] (Adobe DLM (powered by getPlus(R))) -- C:\Dokumente und Einstellungen\****\Anwendungsdaten\Mozilla\Firefox\Profiles\1bkcn93s.default\extensions\{CF40ACC5-E1BB-4aff-AC72-04C2F616BCA7} [2009.06.11 21:13:49 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\****\Anwendungsdaten\Mozilla\Firefox\Profiles\1bkcn93s.default\extensions\moveplayer@movenetworks.com [2009.10.31 20:42:44 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\****\Anwendungsdaten\Mozilla\Firefox\Profiles\1bkcn93s.default\extensions\OberonGameHost@OberonGames.com [2010.09.03 16:16:45 | 000,000,950 | ---- | M] () -- C:\Dokumente und Einstellungen\****\Anwendungsdaten\Mozilla\Firefox\Profiles\1bkcn93s.default\searchplugins\icqplugin-1.xml [2009.03.29 19:59:51 | 000,000,950 | ---- | M] () -- C:\Dokumente und Einstellungen\****\Anwendungsdaten\Mozilla\Firefox\Profiles\1bkcn93s.default\searchplugins\icqplugin-2.xml [2009.04.22 18:16:14 | 000,000,950 | ---- | M] () -- C:\Dokumente und Einstellungen\****\Anwendungsdaten\Mozilla\Firefox\Profiles\1bkcn93s.default\searchplugins\icqplugin-3.xml [2009.04.30 16:58:42 | 000,000,950 | ---- | M] () -- C:\Dokumente und Einstellungen\****\Anwendungsdaten\Mozilla\Firefox\Profiles\1bkcn93s.default\searchplugins\icqplugin-4.xml [2009.06.13 20:24:16 | 000,000,950 | ---- | M] () -- C:\Dokumente und Einstellungen\****\Anwendungsdaten\Mozilla\Firefox\Profiles\1bkcn93s.default\searchplugins\icqplugin-5.xml [2009.07.25 11:29:25 | 000,000,950 | ---- | M] () -- C:\Dokumente und Einstellungen\****\Anwendungsdaten\Mozilla\Firefox\Profiles\1bkcn93s.default\searchplugins\icqplugin-6.xml [2009.03.01 14:02:44 | 000,000,944 | ---- | M] () -- C:\Dokumente und Einstellungen\****\Anwendungsdaten\Mozilla\Firefox\Profiles\1bkcn93s.default\searchplugins\icqplugin.xml [2010.03.22 21:16:32 | 000,002,062 | ---- | M] () -- C:\Dokumente und Einstellungen\****\Anwendungsdaten\Mozilla\Firefox\Profiles\1bkcn93s.default\searchplugins\qip-search.xml [2010.09.04 23:45:13 | 000,000,000 | ---D | M] -- C:\Programme\Mozilla Firefox\extensions [2008.07.17 19:24:35 | 000,000,000 | ---D | M] (Google Toolbar for Firefox) -- C:\Programme\Mozilla Firefox\extensions\{3112ca9c-de6d-4884-a869-9855de68056c} [2010.03.25 18:15:55 | 000,001,392 | ---- | M] () -- C:\Programme\Mozilla Firefox\searchplugins\amazondotcom-de.xml [2010.03.25 18:15:55 | 000,002,344 | ---- | M] () -- C:\Programme\Mozilla Firefox\searchplugins\eBay-de.xml [2010.03.25 18:15:56 | 000,006,805 | ---- | M] () -- C:\Programme\Mozilla Firefox\searchplugins\leo_ende_de.xml [2010.03.25 18:15:56 | 000,001,178 | ---- | M] () -- C:\Programme\Mozilla Firefox\searchplugins\wikipedia-de.xml [2010.03.25 18:15:56 | 000,001,105 | ---- | M] () -- C:\Programme\Mozilla Firefox\searchplugins\yahoo-de.xml O1 HOSTS File: ([2010.09.04 18:29:51 | 000,000,820 | ---- | M]) - C:\WINDOWS\system32\drivers\etc\hosts O1 - Hosts: 127.0.0.1 loc O2 - BHO: (Spybot-S&D IE Protection) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Programme\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited) O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {855F3B16-6D32-4FE6-8A56-BBB695989046} - No CLSID value found. O4 - HKLM..\Run: [Adobe ARM] C:\Programme\Gemeinsame Dateien\Adobe\ARM\1.0\AdobeARM.exe (Adobe Systems Incorporated) O4 - HKLM..\Run: [AVG9_TRAY] C:\Programme\AVG\AVG9\avgtray.exe (AVG Technologies CZ, s.r.o.) O4 - HKLM..\Run: [NvCplDaemon] C:\WINDOWS\System32\NvCpl.DLL (NVIDIA Corporation) O4 - HKCU..\Run: [AdobeBridge] File not found O4 - HKCU..\Run: [SpybotSD TeaTimer] C:\Programme\Spybot - Search & Destroy\TeaTimer.exe (Safer-Networking Ltd.) O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1 O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145 O8 - Extra context menu item: Add to Google Photos Screensa&ver - C:\WINDOWS\System32\GPhotos.scr (Google Inc.) O8 - Extra context menu item: Free YouTube to Mp3 Converter - C:\Dokumente und Einstellungen\****\Anwendungsdaten\DVDVideoSoftIEHelpers\youtubetomp3.htm () O8 - Extra context menu item: Nach Microsoft E&xel exportieren - C:\Programme\Microsoft Office\Office12\EXCEL.EXE (Microsoft Corporation) O8 - Extra context menu item: Save YouTube Video as MP3 - C:\Programme\Gemeinsame Dateien\DVDVideoSoft\Dll\IEContextMenuY.dll (DVSTeam) O9 - Extra Button: An OneNote senden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Programme\Microsoft Office\Office12\ONBttnIE.dll (Microsoft Corporation) O9 - Extra 'Tools' menuitem : An OneNote s&enden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Programme\Microsoft Office\Office12\ONBttnIE.dll (Microsoft Corporation) O9 - Extra Button: HP Sammelmappe - {58ECB495-38F0-49cb-A538-10282ABF65E7} - C:\Programme\HP\Smart Web Printing\hpswp_extensions.dll (Hewlett-Packard Co.) O9 - Extra Button: HP Intelligente Auswahl - {700259D7-1666-479a-93B1-3250410481E8} - C:\Programme\HP\Smart Web Printing\hpswp_extensions.dll (Hewlett-Packard Co.) O9 - Extra Button: ICQ7.1 - {71BFC818-0CED-42D6-9C87-5142918957EE} - C:\Programme\ICQ7.1\ICQ.exe (ICQ, LLC.) O9 - Extra 'Tools' menuitem : ICQ7.1 - {71BFC818-0CED-42D6-9C87-5142918957EE} - C:\Programme\ICQ7.1\ICQ.exe (ICQ, LLC.) O9 - Extra Button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\Programme\Microsoft Office\Office12\REFIEBAR.DLL (Microsoft Corporation) O9 - Extra 'Tools' menuitem : Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Programme\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited) O10 - NameSpace_Catalog5\Catalog_Entries\000000000004 [] - C:\Programme\Bonjour\mdnsNSP.dll (Apple Inc.) O10 - Protocol_Catalog9\Catalog_Entries\000000000001 - C:\Programme\NVIDIA Corporation\NetworkAccessManager\bin32\nvLsp.dll (NVIDIA) O10 - Protocol_Catalog9\Catalog_Entries\000000000002 - C:\Programme\NVIDIA Corporation\NetworkAccessManager\bin32\nvLsp.dll (NVIDIA) O10 - Protocol_Catalog9\Catalog_Entries\000000000003 - C:\Programme\NVIDIA Corporation\NetworkAccessManager\bin32\nvLsp.dll (NVIDIA) O10 - Protocol_Catalog9\Catalog_Entries\000000000009 - C:\Programme\NVIDIA Corporation\NetworkAccessManager\bin32\nvLsp.dll (NVIDIA) O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_15-windows-i586.cab (Java Plug-in 1.6.0_15) O16 - DPF: {CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_07-windows-i586.cab (Reg Error: Key error.) O16 - DPF: {CAFEEFAC-0016-0000-0015-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_15-windows-i586.cab (Java Plug-in 1.6.0_15) O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_15-windows-i586.cab (Java Plug-in 1.6.0_15) O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.178.1 O18 - Protocol\Handler\grooveLocalGWS {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\Programme\Microsoft Office\Office12\GrooveSystemServices.dll (Microsoft Corporation) O18 - Protocol\Handler\http\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Gemeinsame Dateien\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation) O18 - Protocol\Handler\http\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Gemeinsame Dateien\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation) O18 - Protocol\Handler\https\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Gemeinsame Dateien\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation) O18 - Protocol\Handler\https\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Gemeinsame Dateien\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation) O18 - Protocol\Handler\ipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Gemeinsame Dateien\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation) O18 - Protocol\Handler\linkscanner {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Programme\AVG\AVG9\avgpp.dll (AVG Technologies CZ, s.r.o.) O18 - Protocol\Handler\msdaipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Gemeinsame Dateien\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation) O18 - Protocol\Handler\msdaipp\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Gemeinsame Dateien\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation) O18 - Protocol\Handler\ms-help {314111c7-a502-11d2-bbca-00c04f8ec294} - C:\Programme\Gemeinsame Dateien\Microsoft Shared\Help\hxds.dll (Microsoft Corporation) O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Programme\Gemeinsame Dateien\Skype\Skype4COM.dll (Skype Technologies) O18 - Protocol\Filter\text/xml {807563E5-5146-11D5-A672-00B0D022E945} - C:\Programme\Gemeinsame Dateien\Microsoft Shared\OFFICE12\MSOXMLMF.DLL (Microsoft Corporation) O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation) O20 - Winlogon\Notify\avgrsstarter: DllName - avgrsstx.dll - C:\WINDOWS\System32\avgrsstx.dll (AVG Technologies CZ, s.r.o.) O24 - Desktop Components:0 (Die derzeitige Homepage) - About:Home O24 - Desktop WallPaper: C:\Dokumente und Einstellungen\****\Eigene Dateien\Eigene Bilder\Neuer Ordner (2)\I Menek JUNIOR Negativ x.png O24 - Desktop BackupWallPaper: C:\Dokumente und Einstellungen\****\Eigene Dateien\Eigene Bilder\Neuer Ordner (2)\I Menek JUNIOR 2.bmp O28 - HKLM ShellExecuteHooks: {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - C:\Programme\Microsoft Office\Office12\GrooveShellExtensions.dll (Microsoft Corporation) O32 - HKLM CDRom: AutoRun - 1 O32 - AutoRun File - [2008.07.17 18:16:37 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ] O33 - MountPoints2\{c81f09c9-5a50-11dd-b006-00044b01d788}\Shell - "" = AutoRun O33 - MountPoints2\{c81f09c9-5a50-11dd-b006-00044b01d788}\Shell\1\Command - "" = .\recycled\info.exe O33 - MountPoints2\{c81f09c9-5a50-11dd-b006-00044b01d788}\Shell\AutoRun - "" = Auto&Play O34 - HKLM BootExecute: (autocheck autochk *) - File not found O35 - HKLM\..comfile [open] -- "%1" %* O35 - HKLM\..exefile [open] -- "%1" %* O37 - HKLM\...com [@ = comfile] -- "%1" %* O37 - HKLM\...exe [@ = exefile] -- "%1" %* ========== Files/Folders - Created Within 30 Days ========== [2010.09.05 22:15:30 | 000,574,976 | ---- | C] (OldTimer Tools) -- C:\Dokumente und Einstellungen\****\Desktop\OTL.exe [2010.09.05 15:26:23 | 000,000,000 | ---D | C] -- C:\Programme\iPod [2010.09.05 15:26:19 | 000,000,000 | ---D | C] -- C:\Programme\iTunes [2010.09.05 15:19:09 | 000,000,000 | RH-D | C] -- C:\Dokumente und Einstellungen\****\Recent [2010.09.05 00:25:02 | 000,038,224 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbamswissarmy.sys [2010.09.05 00:25:01 | 000,020,952 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbam.sys [2010.09.05 00:25:00 | 000,000,000 | ---D | C] -- C:\Programme\Malwarebytes' Anti-Malware [2010.09.04 16:17:16 | 007,516,167 | ---- | C] (McAfee Inc.) -- C:\Dokumente und Einstellungen\****\Desktop\stinger1010995.exe [2010.09.04 13:00:10 | 000,000,000 | ---D | C] -- C:\WINDOWS\95431C66CF9A4913BFFF6050785AFB65.TMP [2010.09.04 10:45:06 | 000,216,400 | ---- | C] (AVG Technologies CZ, s.r.o.) -- C:\WINDOWS\System32\drivers\wdgjvzdp.sys [2010.09.04 10:41:52 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\MpEngineStore [2010.09.03 23:04:28 | 000,000,000 | ---D | C] -- C:\Programme\Enigma Software Group [2010.09.03 22:27:32 | 000,000,000 | ---D | C] -- C:\Programme\Spybot - Search & Destroy [2010.09.03 22:27:32 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Spybot - Search & Destroy [2010.09.03 16:03:52 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\****\Anwendungsdaten\Malwarebytes [2010.09.03 16:03:44 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Malwarebytes [2010.09.03 01:31:02 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\NetworkService\Lokale Einstellungen\Anwendungsdaten\PCHealth [2010.09.02 22:22:03 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\NetworkService\Anwendungsdaten\Macromedia [2010.09.02 22:22:00 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\NetworkService\Anwendungsdaten\Adobe [2010.09.02 21:46:10 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\****\Anwendungsdaten\A929FC40BE13998741439A16B4AE4486 [2010.08.20 17:05:52 | 000,000,000 | ---D | C] -- C:\Programme\QuickTime [2010.08.10 05:15:58 | 000,094,208 | ---- | C] (Apple Inc.) -- C:\WINDOWS\System32\QuickTimeVR.qtx [2010.08.10 05:15:58 | 000,069,632 | ---- | C] (Apple Inc.) -- C:\WINDOWS\System32\QuickTime.qts [2010.08.08 19:30:26 | 000,000,000 | ---D | C] -- C:\Programme\Audible [2010.08.08 19:30:26 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\****\Eigene Dateien\Audible [2008.09.17 16:52:55 | 000,379,584 | R--- | C] ( ) -- C:\WINDOWS\System32\drivers\ar5523.sys [6 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ] [1 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ] ========== Files - Modified Within 30 Days ========== [2010.09.05 22:15:31 | 000,574,976 | ---- | M] (OldTimer Tools) -- C:\Dokumente und Einstellungen\****\Desktop\OTL.exe [2010.09.05 19:33:21 | 000,044,386 | ---- | M] () -- C:\Dokumente und Einstellungen\****\Desktop\Generic.JPG [2010.09.05 19:29:08 | 000,272,291 | ---- | M] () -- C:\WINDOWS\System32\NvApps.xml [2010.09.05 19:28:48 | 000,012,598 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl [2010.09.05 19:28:48 | 000,000,006 | -H-- | M] () -- C:\WINDOWS\tasks\SA.DAT [2010.09.05 19:28:46 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat [2010.09.05 19:27:53 | 011,796,480 | ---- | M] () -- C:\Dokumente und Einstellungen\****\ntuser.dat [2010.09.05 18:44:16 | 064,339,327 | ---- | M] () -- C:\WINDOWS\System32\drivers\Avg\incavi.avm [2010.09.05 14:57:25 | 000,020,832 | ---- | M] () -- C:\Dokumente und Einstellungen\****\Desktop\m00_2.JPG [2010.09.05 14:57:25 | 000,018,212 | ---- | M] () -- C:\Dokumente und Einstellungen\****\.recently-used.xbel [2010.09.05 14:54:14 | 000,149,102 | ---- | M] () -- C:\Dokumente und Einstellungen\****\Desktop\m00_1.JPG [2010.09.05 14:44:56 | 003,330,888 | ---- | M] () -- C:\Dokumente und Einstellungen\****\Desktop\designerinfos_DE.zip [2010.09.05 14:38:34 | 000,398,929 | ---- | M] () -- C:\Dokumente und Einstellungen\****\Eigene Dateien\m00_1.png [2010.09.05 13:14:25 | 007,487,055 | ---- | M] () -- C:\Dokumente und Einstellungen\****\Neues Dokument 2.2010_09_05_13_14_24.0.svg [2010.09.05 00:25:04 | 000,000,676 | ---- | M] () -- C:\Dokumente und Einstellungen\All Users\Desktop\Malwarebytes' Anti-Malware.lnk [2010.09.04 17:26:48 | 000,949,029 | ---- | M] () -- C:\Dokumente und Einstellungen\****\Neues Dokument 1.2010_09_04_17_26_48.0.svg [2010.09.04 17:20:55 | 000,000,017 | ---- | M] () -- C:\Dokumente und Einstellungen\****\Desktop\stinger1010995.opt [2010.09.04 17:07:10 | 002,073,599 | ---- | M] () -- C:\Dokumente und Einstellungen\****\Desktop\Negativ 99.png [2010.09.04 16:17:25 | 007,516,167 | ---- | M] (McAfee Inc.) -- C:\Dokumente und Einstellungen\****\Desktop\stinger1010995.exe [2010.09.04 12:03:12 | 000,000,105 | ---- | M] () -- C:\Dokumente und Einstellungen\****\default.pls [2010.09.04 12:03:09 | 000,000,116 | ---- | M] () -- C:\WINDOWS\NeroDigital.ini [2010.09.04 10:45:06 | 000,216,400 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\WINDOWS\System32\drivers\wdgjvzdp.sys [2010.09.03 23:40:44 | 000,000,145 | ---- | M] () -- C:\WINDOWS\wininit.ini [2010.09.03 22:11:27 | 000,000,190 | -HS- | M] () -- C:\Dokumente und Einstellungen\****\ntuser.ini [2010.09.03 16:52:39 | 000,000,803 | ---- | M] () -- C:\Dokumente und Einstellungen\****\Desktop\CoreTemp.ini [2010.09.02 21:46:26 | 000,014,336 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\svchost.exe [2010.09.02 07:11:15 | 000,619,081 | ---- | M] () -- C:\Dokumente und Einstellungen\****\Desktop\charfile.jpg [2010.08.29 22:47:59 | 044,755,113 | ---- | M] () -- C:\Dokumente und Einstellungen\****\Neues Dokument 6.2010_08_29_22_47_54.0.svg [2010.08.29 22:39:38 | 000,504,811 | ---- | M] () -- C:\Dokumente und Einstellungen\****\Desktop\Negativ 2.png [2010.08.29 22:27:31 | 001,571,369 | ---- | M] () -- C:\Dokumente und Einstellungen\****\Desktop\Negativ.png [2010.08.27 17:04:00 | 000,000,276 | ---- | M] () -- C:\WINDOWS\tasks\AppleSoftwareUpdate.job [2010.08.26 18:04:30 | 008,528,000 | ---- | M] () -- C:\Dokumente und Einstellungen\****\Desktop\MARTERIA - VERSTRAHLT feat. Yasha.mp3 [2010.08.18 20:29:43 | 000,000,011 | ---- | M] () -- C:\Dokumente und Einstellungen\****\Desktop\Plugins.ini [2010.08.14 14:20:56 | 002,210,992 | ---- | M] () -- C:\WINDOWS\System32\FNTCACHE.DAT [2010.08.13 22:33:25 | 001,005,750 | ---- | M] () -- C:\WINDOWS\System32\PerfStringBackup.INI [2010.08.13 22:33:25 | 000,452,310 | ---- | M] () -- C:\WINDOWS\System32\perfh007.dat [2010.08.13 22:33:25 | 000,435,396 | ---- | M] () -- C:\WINDOWS\System32\perfh009.dat [2010.08.13 22:33:25 | 000,081,118 | ---- | M] () -- C:\WINDOWS\System32\perfc007.dat [2010.08.13 22:33:25 | 000,068,292 | ---- | M] () -- C:\WINDOWS\System32\perfc009.dat [2010.08.12 18:56:42 | 000,228,864 | ---- | M] () -- C:\Dokumente und Einstellungen\****\Desktop\mfu.xls [2010.08.10 05:15:58 | 000,094,208 | ---- | M] (Apple Inc.) -- C:\WINDOWS\System32\QuickTimeVR.qtx [2010.08.10 05:15:58 | 000,069,632 | ---- | M] (Apple Inc.) -- C:\WINDOWS\System32\QuickTime.qts [2010.08.07 15:17:39 | 000,029,184 | ---- | M] () -- C:\Dokumente und Einstellungen\****\Lokale Einstellungen\Anwendungsdaten\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini [6 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ] [1 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ] ========== Files Created - No Company Name ========== [2010.09.05 19:33:21 | 000,044,386 | ---- | C] () -- C:\Dokumente und Einstellungen\****Desktop\Generic.JPG [2010.09.05 14:57:25 | 000,020,832 | ---- | C] () -- C:\Dokumente und Einstellungen\****\Desktop\m00_2.JPG [2010.09.05 14:57:25 | 000,018,212 | ---- | C] () -- C:\Dokumente und Einstellungen\****\.recently-used.xbel [2010.09.05 14:44:57 | 003,330,888 | ---- | C] () -- C:\Dokumente und Einstellungen\****\Desktop\designerinfos_DE.zip [2010.09.05 14:39:35 | 000,149,102 | ---- | C] () -- C:\Dokumente und Einstellungen\****\Desktop\m00_1.JPG [2010.09.05 14:37:52 | 000,398,929 | ---- | C] () -- C:\Dokumente und Einstellungen\****\Eigene Dateien\m00_1.png [2010.09.05 13:14:24 | 007,487,055 | ---- | C] () -- C:\Dokumente und Einstellungen\****\Neues Dokument 2.2010_09_05_13_14_24.0.svg [2010.09.05 00:25:04 | 000,000,676 | ---- | C] () -- C:\Dokumente und Einstellungen\All Users\Desktop\Malwarebytes' Anti-Malware.lnk [2010.09.04 17:26:48 | 000,949,029 | ---- | C] () -- C:\Dokumente und Einstellungen\****\Neues Dokument 1.2010_09_04_17_26_48.0.svg [2010.09.04 17:20:55 | 000,000,017 | ---- | C] () -- C:\Dokumente und Einstellungen\****\Desktop\stinger1010995.opt [2010.09.04 16:36:52 | 002,073,599 | ---- | C] () -- C:\Dokumente und Einstellungen\****\Desktop\Negativ 99.png [2010.09.03 23:06:38 | 000,000,145 | ---- | C] () -- C:\WINDOWS\wininit.ini [2010.09.02 07:11:13 | 000,619,081 | ---- | C] () -- C:\Dokumente und Einstellungen\****\Desktop\charfile.jpg [2010.08.29 22:47:54 | 044,755,113 | ---- | C] () -- C:\Dokumente und Einstellungen\****\Neues Dokument 6.2010_08_29_22_47_54.0.svg [2010.08.29 22:39:31 | 000,504,811 | ---- | C] () -- C:\Dokumente und Einstellungen\****\Desktop\Negativ 2.png [2010.08.29 22:27:22 | 001,571,369 | ---- | C] () -- C:\Dokumente und Einstellungen\****\Desktop\Negativ.png [2010.08.20 18:29:31 | 008,528,000 | ---- | C] () -- C:\Dokumente und Einstellungen\****\Desktop\MARTERIA - VERSTRAHLT feat. Yasha.mp3 [2010.08.18 20:29:43 | 000,000,011 | ---- | C] () -- C:\Dokumente und Einstellungen\****\Desktop\Plugins.ini [2010.08.18 20:29:42 | 000,000,803 | ---- | C] () -- C:\Dokumente und Einstellungen\****\Desktop\CoreTemp.ini [2010.08.12 18:55:01 | 000,228,864 | ---- | C] () -- C:\Dokumente und Einstellungen\****\Desktop\mfu.xls [2010.04.12 21:46:49 | 000,000,440 | ---- | C] () -- C:\WINDOWS\CTL3D991.DLL [2010.03.24 20:12:49 | 000,053,248 | ---- | C] () -- C:\WINDOWS\System32\unrar.dll [2010.03.16 21:31:38 | 000,000,059 | ---- | C] () -- C:\WINDOWS\UserUtil.INI [2010.03.16 21:30:34 | 000,000,024 | ---- | C] () -- C:\WINDOWS\MachProcess.INI [2010.03.16 21:29:31 | 000,000,024 | ---- | C] () -- C:\WINDOWS\ToolUtil.INI [2010.03.16 20:53:22 | 000,000,050 | ---- | C] () -- C:\WINDOWS\ptmetall.INI [2009.12.20 21:59:26 | 000,000,116 | ---- | C] () -- C:\WINDOWS\System32\applet.ini [2009.11.26 22:40:18 | 000,237,568 | ---- | C] () -- C:\WINDOWS\System32\rmc_rtspdl.dll [2009.08.03 01:21:54 | 000,197,912 | ---- | C] () -- C:\WINDOWS\System32\physxcudart_20.dll [2009.08.03 01:21:54 | 000,058,648 | ---- | C] () -- C:\WINDOWS\System32\AgCPanelTraditionalChinese.dll [2009.08.03 01:21:54 | 000,058,648 | ---- | C] () -- C:\WINDOWS\System32\AgCPanelSwedish.dll [2009.08.03 01:21:54 | 000,058,648 | ---- | C] () -- C:\WINDOWS\System32\AgCPanelSpanish.dll [2009.08.03 01:21:54 | 000,058,648 | ---- | C] () -- C:\WINDOWS\System32\AgCPanelSimplifiedChinese.dll [2009.08.03 01:21:54 | 000,058,648 | ---- | C] () -- C:\WINDOWS\System32\AgCPanelPortugese.dll [2009.08.03 01:21:54 | 000,058,648 | ---- | C] () -- C:\WINDOWS\System32\AgCPanelKorean.dll [2009.08.03 01:21:54 | 000,058,648 | ---- | C] () -- C:\WINDOWS\System32\AgCPanelJapanese.dll [2009.08.03 01:21:52 | 000,058,648 | ---- | C] () -- C:\WINDOWS\System32\AgCPanelGerman.dll [2009.08.03 01:21:52 | 000,058,648 | ---- | C] () -- C:\WINDOWS\System32\AgCPanelFrench.dll [2009.07.05 00:10:58 | 000,000,053 | ---- | C] () -- C:\WINDOWS\fcad5lt.ini [2009.05.31 23:43:12 | 000,003,403 | ---- | C] () -- C:\WINDOWS\messer.ini [2009.05.31 20:10:38 | 000,000,015 | ---- | C] () -- C:\WINDOWS\DME32.INI [2009.05.26 17:53:55 | 000,000,000 | ---- | C] () -- C:\WINDOWS\eDrawingOfficeAutomator.INI [2009.04.30 23:09:46 | 000,000,067 | ---- | C] () -- C:\WINDOWS\SpotAuditor.INI [2008.12.23 20:03:04 | 000,000,085 | -HS- | C] () -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\.zreglib [2008.12.05 19:09:30 | 000,002,653 | ---- | C] () -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\hpzinstall.log [2008.11.03 19:13:28 | 000,027,648 | ---- | C] () -- C:\WINDOWS\System32\AVSredirect.dll [2008.08.01 14:46:36 | 000,000,151 | ---- | C] () -- C:\WINDOWS\PhotoSnapViewer.INI [2008.07.18 09:23:03 | 000,000,116 | ---- | C] () -- C:\WINDOWS\NeroDigital.ini [2008.07.17 19:57:10 | 000,029,184 | ---- | C] () -- C:\Dokumente und Einstellungen\****\Lokale Einstellungen\Anwendungsdaten\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini [2008.07.17 19:12:40 | 000,143,360 | R--- | C] () -- C:\WINDOWS\System32\RtlCPAPI.dll ========== Alternate Data Streams ========== @Alternate Data Stream - 48 bytes -> C:\WINDOWS:EE47199619CAF6A0 @Alternate Data Stream - 115 bytes -> C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\TEMP:73F8B3C1 @Alternate Data Stream - 114 bytes -> C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\TEMP:6FE816BE < End of report > Geändert von G0_M30 (05.09.2010 um 21:31 Uhr) |
|
05.09.2010, 21:44
| #8 |
| /// Winkelfunktion /// TB-Süch-Tiger™ | Kann mal jemand in mein HiJack blicken ..... Beende alle Programme, starte OTL und kopiere folgenden Text in die "Custom Scan/Fixes" Box (unten in OTL): (das ":OTL" muss mitkopiert werden!!!) Hinweis: Falls Du Deinen Benutzernamen unkenntlich gemacht hast, musst Du das Ausgesternte in Deinen richtigen Benutzernamen wieder verwandeln, sonst funktioniert das Script nicht!! Code:
ATTFilter :OTL
O4 - HKCU..\Run: [AdobeBridge] File not found
O4 - HKCU..\Run: [SpybotSD TeaTimer] C:\Programme\Spybot - Search & Destroy\TeaTimer.exe (Safer-Networking Ltd.)
O33 - MountPoints2\{c81f09c9-5a50-11dd-b006-00044b01d788}\Shell - "" = AutoRun
O33 - MountPoints2\{c81f09c9-5a50-11dd-b006-00044b01d788}\Shell\1\Command - "" = .\recycled\info.exe
O33 - MountPoints2\{c81f09c9-5a50-11dd-b006-00044b01d788}\Shell\AutoRun - "" = Auto&Play
[2010.09.04 13:00:10 | 000,000,000 | ---D | C] -- C:\WINDOWS\95431C66CF9A4913BFFF6050785AFB65.TMP
@Alternate Data Stream - 48 bytes -> C:\WINDOWS:EE47199619CAF6A0
@Alternate Data Stream - 115 bytes -> C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\TEMP:73F8B3C1
@Alternate Data Stream - 114 bytes -> C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\TEMP:6FE816BE
:Commands
[purity]
[resethosts]
[emptytemp]
Das Logfile müsste geöffnet werden, wenn Du nach dem Fixen auf ok klickst, poste das bitte. Evtl. wird der Rechner neu gestartet.
__________________ Logfiles bitte immer in CODE-Tags posten |
|
06.09.2010, 16:24
| #9 |
| | Kann mal jemand in mein HiJack blicken ..... All processes killed ========== OTL ========== Registry value HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run\\AdobeBridge deleted successfully. Registry value HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run\\SpybotSD TeaTimer deleted successfully. C:\Programme\Spybot - Search & Destroy\TeaTimer.exe moved successfully. Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{c81f09c9-5a50-11dd-b006-00044b01d788}\ deleted successfully. Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{c81f09c9-5a50-11dd-b006-00044b01d788}\ not found. Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{c81f09c9-5a50-11dd-b006-00044b01d788}\ not found. Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{c81f09c9-5a50-11dd-b006-00044b01d788}\ not found. File .\recycled\info.exe not found. Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{c81f09c9-5a50-11dd-b006-00044b01d788}\ not found. Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{c81f09c9-5a50-11dd-b006-00044b01d788}\ not found. C:\WINDOWS\95431C66CF9A4913BFFF6050785AFB65.TMP folder moved successfully. ADS C:\WINDOWS:EE47199619CAF6A0 deleted successfully. ADS C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\TEMP:73F8B3C1 deleted successfully. ADS C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\TEMP:6FE816BE deleted successfully. ========== COMMANDS ========== C:\WINDOWS\System32\drivers\etc\Hosts moved successfully. HOSTS file reset successfully [EMPTYTEMP] User: Administrator ->Temp folder emptied: 12 bytes ->Temporary Internet Files folder emptied: 0 bytes User: All Users User: Default User ->Temp folder emptied: 0 bytes ->Temporary Internet Files folder emptied: 33170 bytes User: *** ->Temp folder emptied: 67858000 bytes ->Temporary Internet Files folder emptied: 33170 bytes ->Java cache emptied: 0 bytes ->FireFox cache emptied: 70454222 bytes ->Apple Safari cache emptied: 1106944 bytes ->Flash cache emptied: 5226 bytes User: LocalService ->Temp folder emptied: 80263 bytes ->Temporary Internet Files folder emptied: 65743 bytes User: NetworkService ->Temp folder emptied: 298322 bytes ->Temporary Internet Files folder emptied: 5402562 bytes ->Flash cache emptied: 927 bytes %systemdrive% .tmp files removed: 0 bytes %systemroot% .tmp files removed: 2148906 bytes %systemroot%\System32 .tmp files removed: 2951 bytes %systemroot%\System32\dllcache .tmp files removed: 0 bytes %systemroot%\System32\drivers .tmp files removed: 0 bytes Windows Temp folder emptied: 804087 bytes RecycleBin emptied: 897790 bytes Total Files Cleaned = 142,00 mb OTL by OldTimer - Version 3.2.11.0 log created on 09062010_171932 Files\Folders moved on Reboot... C:\Dokumente und Einstellungen\NetworkService\Lokale Einstellungen\Temporary Internet Files\Content.IE5\ZAWL2QA0\ad[1].htm moved successfully. C:\Dokumente und Einstellungen\NetworkService\Lokale Einstellungen\Temporary Internet Files\Content.IE5\ZAWL2QA0\ad[2].htm moved successfully. C:\Dokumente und Einstellungen\NetworkService\Lokale Einstellungen\Temporary Internet Files\Content.IE5\ZAWL2QA0\ad[3].htm moved successfully. C:\Dokumente und Einstellungen\NetworkService\Lokale Einstellungen\Temporary Internet Files\Content.IE5\CAF5XR0Q\AzEgboltSzineiFenyei[1].txt moved successfully. C:\Dokumente und Einstellungen\NetworkService\Lokale Einstellungen\Temporary Internet Files\Content.IE5\CAF5XR0Q\prdhp[1].txt moved successfully. C:\Dokumente und Einstellungen\NetworkService\Lokale Einstellungen\Temporary Internet Files\Content.IE5\87OZXEV3\news[1].txt moved successfully. C:\Dokumente und Einstellungen\NetworkService\Lokale Einstellungen\Temporary Internet Files\Content.IE5\87OZXEV3\openhand[1].bmp moved successfully. C:\Dokumente und Einstellungen\NetworkService\Lokale Einstellungen\Temporary Internet Files\Content.IE5\4HWI43VM\books[2].txt moved successfully. File\Folder C:\WINDOWS\temp\Perflib_Perfdata_2a4.dat not found! Registry entries deleted on Reboot... |
|
06.09.2010, 17:54
| #10 |
| /// Winkelfunktion /// TB-Süch-Tiger™ | Kann mal jemand in mein HiJack blicken ..... Dann bitte jetzt CF ausführen: ComboFix Ein Leitfaden und Tutorium zur Nutzung von ComboFix
Combofix darf ausschließlich ausgeführt werden, wenn ein Kompetenzler dies ausdrücklich empfohlen hat!
__________________ Logfiles bitte immer in CODE-Tags posten |
|
| Themen zu Kann mal jemand in mein HiJack blicken ..... |
| 0 bytes, adobe, antispyware, avg, avg free, bonjour, converter, desktop, einstellungen, enigma, explorer, firefox, frage, google, hijack, hijackthis, hkus\s-1-5-18, internet, internet explorer, mozilla, mp3, rundll, security, senden, software, spyhunter 4, system, temp, windows, windows xp |
Linear-Darstellung
