| |
| |||||||
Plagegeister aller Art und deren Bekämpfung: sshnas21.dll - TR/Crypt.XPACK.gen3 - win7/64bit -- weiß nicht weiter ?Windows 7 Wenn Du nicht sicher bist, ob Du dir Malware oder Trojaner eingefangen hast, erstelle hier ein Thema. Ein Experte wird sich mit weiteren Anweisungen melden und Dir helfen die Malware zu entfernen oder Unerwünschte Software zu deinstallieren bzw. zu löschen. Bitte schildere dein Problem so genau wie möglich. Sollte es ein Trojaner oder Viren Problem sein wird ein Experte Dir bei der Beseitigug der Infektion helfen. |
 |
| |
12.11.2010, 03:19
| #1 | |
 |  sshnas21.dll - TR/Crypt.XPACK.gen3 - win7/64bit -- weiß nicht weiter ? Hallo Leute, ich brauch mal wieder eure Hilfe  Hatte vorhin eine Virus-Warnung nach der anderen von AntiVir, das ging im Minutentakt, bestimmt 15 Meldungen waren das. Immer dieser "TR/Crypt.XPACK.gen3" und immer im selben Ordner war die Datei, die hatte immer nur einen anderen Namen: Anfangs "Oxx.exe" und dann mal "Oxt.exe" und immer so weiter ... zwischendrin kamen mal 2 andere Viren Meldungen, habe die natürlich wie empfohlen alle in die Quarantäne gesteckt. Hab dann den Rechner neu hochgefahren und aufeinmal kam die Meldung: Problem mit "sshnas21.dll" (Genauen Wortlaut weiß ich nicht mehr) ... und meine Minianwendungen von Win7 funktionieren nicht mehr (Uhr, Kalender, etc. ). Habe darauf hin Malwarebytes laufen lassen, hat 8 Infizierungen gefunden, neu gestartet und siehe da, die Meldung ist weg ABER meine Minianwendungen funktionieren immer nocht nicht. Nicht das ich die brauche aber das bedeutet doch das immer noch was hier ist oder ??? Ich füge mal den Logfile von Malwarebytes, ein HiJackThis-File und die 2 OTL-Logs an (Ich hoffe es ist richtig das ich das als Zitat mache): HiJackthis Logfile: HiJackthis Logfile: Code:
ATTFilter Logfile of Trend Micro HijackThis v2.0.2 Scan saved at 03:14:11, on 12.11.2010 Platform: Unknown Windows (WinNT 6.01.3504) MSIE: Internet Explorer v8.00 (8.00.7600.16671) Boot mode: Normal Running processes: C:\Program Files (x86)\Common Files\LightScribe\LightScribeControlPanel.exe C:\ProgramData\Macrovision\FLEXnet Connect\6\ISUSPM.exe C:\Program Files (x86)\Hp\HP Software Update\hpwuschd2.exe C:\Program Files (x86)\DivX\DivX Update\DivXUpdate.exe C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe C:\Users\Tom Morris\AppData\Local\Google\Chrome\Application\chrome.exe C:\Users\Tom Morris\AppData\Local\Google\Chrome\Application\chrome.exe C:\Program Files (x86)\Trend Micro\HijackThis\HijackThis.exe R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://g.uk.msn.com/HPNOT/4 R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://go.microsoft.com/fwlink/?LinkId=54896 R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://g.uk.msn.com/HPNOT/4 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://g.uk.msn.com/HPNOT/4 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = hxxp://go.microsoft.com/fwlink/?LinkId=54896 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://go.microsoft.com/fwlink/?LinkId=54896 R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://g.uk.msn.com/HPNOT/4 R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch = R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = F2 - REG:system.ini: UserInit=C:\Windows\system32\userinit.exe O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll O2 - BHO: Search Helper - {6EBF7485-159F-4bff-A14F-B9E3AAC4465B} - C:\Program Files (x86)\Microsoft\Search Enhancement Pack\Search Helper\SEPsearchhelperie.dll O2 - BHO: SkypeIEPluginBHO - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll O2 - BHO: (no name) - {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - (no file) O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll O3 - Toolbar: (no name) - {8dcb7100-df86-4384-8842-8fa844297b3f} - (no file) O4 - HKLM\..\Run: [StartCCC] "C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" MSRun O4 - HKLM\..\Run: [Microsoft Default Manager] "C:\Program Files (x86)\Microsoft\Search Enhancement Pack\Default Manager\DefMgr.exe" -resume O4 - HKLM\..\Run: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe" O4 - HKLM\..\Run: [HP Software Update] C:\Program Files (x86)\Hp\HP Software Update\HPWuSchd2.exe O4 - HKLM\..\Run: [DivXUpdate] "C:\Program Files (x86)\DivX\DivX Update\DivXUpdate.exe" /CHECKNOW O4 - HKLM\..\Run: [avgnt] "C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe" /min O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe" O4 - HKCU\..\Run: [LightScribe Control Panel] C:\Program Files (x86)\Common Files\LightScribe\LightScribeControlPanel.exe -hidden O4 - HKCU\..\Run: [ISUSPM] "C:\ProgramData\Macrovision\FLEXnet Connect\6\ISUSPM.exe" -scheduler O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun (User 'LOKALER DIENST') O4 - HKUS\S-1-5-19\..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (User 'LOKALER DIENST') O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun (User 'NETZWERKDIENST') O4 - HKUS\S-1-5-20\..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (User 'NETZWERKDIENST') O9 - Extra button: @C:\Windows\WindowsMobile\INetRepl.dll,-222 - {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - C:\Windows\WindowsMobile\INetRepl.dll O9 - Extra button: (no name) - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\Windows\WindowsMobile\INetRepl.dll O9 - Extra 'Tools' menuitem: @C:\Windows\WindowsMobile\INetRepl.dll,-223 - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\Windows\WindowsMobile\INetRepl.dll O9 - Extra button: Skype add-on for Internet Explorer - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll O9 - Extra 'Tools' menuitem: Skype add-on for Internet Explorer - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll O13 - Gopher Prefix: O18 - Protocol: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~2\COMMON~1\Skype\SKYPE4~1.DLL O23 - Service: SAS Core Service (!SASCORE) - Unknown owner - C:\Program Files\SUPERAntiSpyware\SASCORE64.EXE (file missing) O23 - Service: Andrea RT Filters Service (AERTFilters) - Andrea Electronics Corporation - C:\Program Files\Realtek\Audio\HDA\AERTSr64.exe O23 - Service: @%SystemRoot%\system32\Alg.exe,-112 (ALG) - Unknown owner - C:\Windows\System32\alg.exe (file missing) O23 - Service: AMD External Events Utility - Unknown owner - C:\Windows\system32\atiesrxx.exe (file missing) O23 - Service: Avira AntiVir Planer (AntiVirSchedulerService) - Avira GmbH - C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe O23 - Service: Avira AntiVir Guard (AntiVirService) - Avira GmbH - C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe O23 - Service: @%SystemRoot%\system32\efssvc.dll,-100 (EFS) - Unknown owner - C:\Windows\System32\lsass.exe (file missing) O23 - Service: Easybits Services for Windows (ezSharedSvc) - EasyBits Software AS - C:\Windows\System32\ezSharedSvcHost.exe O23 - Service: @%systemroot%\system32\fxsresm.dll,-118 (Fax) - Unknown owner - C:\Windows\system32\fxssvc.exe (file missing) O23 - Service: HP Health Check Service - Hewlett-Packard - C:\Program Files (x86)\Hewlett-Packard\HP Health Check\hphc_service.exe O23 - Service: HP Wireless Assistant Service - Hewlett-Packard - C:\Program Files\Hewlett-Packard\HP Wireless Assistant\HPWA_Service.exe O23 - Service: HP Quick Synchronization Service (HPDrvMntSvc.exe) - Hewlett-Packard Company - C:\Program Files (x86)\Hewlett-Packard\Shared\HPDrvMntSvc.exe O23 - Service: HP Software Framework Service (hpqwmiex) - Hewlett-Packard Company - C:\Program Files (x86)\Hewlett-Packard\Shared\hpqwmiex.exe O23 - Service: HPWMISVC - Unknown owner - C:\Program Files\Hewlett-Packard\HP Quick Launch\HPWMISVC.exe O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files (x86)\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe O23 - Service: @keyiso.dll,-100 (KeyIso) - Unknown owner - C:\Windows\system32\lsass.exe (file missing) O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files (x86)\Common Files\LightScribe\LSSrvc.exe O23 - Service: @comres.dll,-2797 (MSDTC) - Unknown owner - C:\Windows\System32\msdtc.exe (file missing) O23 - Service: @%SystemRoot%\System32\netlogon.dll,-102 (Netlogon) - Unknown owner - C:\Windows\system32\lsass.exe (file missing) O23 - Service: @%systemroot%\system32\psbase.dll,-300 (ProtectedStorage) - Unknown owner - C:\Windows\system32\lsass.exe (file missing) O23 - Service: @%systemroot%\system32\Locator.exe,-2 (RpcLocator) - Unknown owner - C:\Windows\system32\locator.exe (file missing) O23 - Service: @%SystemRoot%\system32\samsrv.dll,-1 (SamSs) - Unknown owner - C:\Windows\system32\lsass.exe (file missing) O23 - Service: @%SystemRoot%\system32\snmptrap.exe,-3 (SNMPTRAP) - Unknown owner - C:\Windows\System32\snmptrap.exe (file missing) O23 - Service: @%systemroot%\system32\spoolsv.exe,-1 (Spooler) - Unknown owner - C:\Windows\System32\spoolsv.exe (file missing) O23 - Service: @%SystemRoot%\system32\sppsvc.exe,-101 (sppsvc) - Unknown owner - C:\Windows\system32\sppsvc.exe (file missing) O23 - Service: @%SystemRoot%\system32\ui0detect.exe,-101 (UI0Detect) - Unknown owner - C:\Windows\system32\UI0Detect.exe (file missing) O23 - Service: @%SystemRoot%\system32\vaultsvc.dll,-1003 (VaultSvc) - Unknown owner - C:\Windows\system32\lsass.exe (file missing) O23 - Service: @%SystemRoot%\system32\vds.exe,-100 (vds) - Unknown owner - C:\Windows\System32\vds.exe (file missing) O23 - Service: @%systemroot%\system32\vssvc.exe,-102 (VSS) - Unknown owner - C:\Windows\system32\vssvc.exe (file missing) O23 - Service: @%systemroot%\system32\wbengine.exe,-104 (wbengine) - Unknown owner - C:\Windows\system32\wbengine.exe (file missing) O23 - Service: @%Systemroot%\system32\wbem\wmiapsrv.exe,-110 (wmiApSrv) - Unknown owner - C:\Windows\system32\wbem\WmiApSrv.exe (file missing) O23 - Service: @%PROGRAMFILES%\Windows Media Player\wmpnetwk.exe,-101 (WMPNetworkSvc) - Unknown owner - C:\Program Files (x86)\Windows Media Player\wmpnetwk.exe (file missing) -- End of file - 9473 bytes --- --- --- Zitat:
Code:
ATTFilter OTL logfile created on: 12.11.2010 03:37:13 - Run 1 OTL by OldTimer - Version 3.2.9.1 Folder = C:\Users\Tom Morris\Desktop 64bit- Home Premium Edition (Version = 6.1.7600) - Type = NTWorkstation Internet Explorer (Version = 8.0.7600.16385) Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy 4,00 Gb Total Physical Memory | 3,00 Gb Available Physical Memory | 68,00% Memory free 8,00 Gb Paging File | 7,00 Gb Available in Paging File | 81,00% Paging File free Paging file location(s): ?:\pagefile.sys [binary data] %SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86) Drive C: | 451,46 Gb Total Space | 167,50 Gb Free Space | 37,10% Space Free | Partition Type: NTFS Drive D: | 14,00 Gb Total Space | 2,01 Gb Free Space | 14,34% Space Free | Partition Type: NTFS Drive E: | 99,02 Mb Total Space | 91,86 Mb Free Space | 92,76% Space Free | Partition Type: FAT32 F: Drive not present or media not loaded G: Drive not present or media not loaded H: Drive not present or media not loaded I: Drive not present or media not loaded Computer Name: TOMMORRIS-PC Current User Name: Tom Morris Logged in as Administrator. Current Boot Mode: Normal Scan Mode: Current user Include 64bit Scans Company Name Whitelist: Off Skip Microsoft Files: Off File Age = 30 Days Output = Minimal ========== Processes (SafeList) ========== PRC - C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe (Avira GmbH) PRC - C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe (Avira GmbH) PRC - C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe (Avira GmbH) PRC - C:\Program Files (x86)\DivX\DivX Update\DivXUpdate.exe () PRC - C:\Users\Tom Morris\Desktop\OTL.exe (OldTimer Tools) PRC - C:\Program Files (x86)\Hewlett-Packard\Shared\HPDrvMntSvc.exe (Hewlett-Packard Company) PRC - C:\Windows\SysWOW64\ezSharedSvcHost.exe (EasyBits Software AS) PRC - C:\Program Files (x86)\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe (Microsoft Corporation) PRC - C:\ProgramData\Macrovision\FLEXnet Connect\6\ISUSPM.exe (Macrovision Corporation) ========== Modules (SafeList) ========== MOD - C:\Windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7600.16661_none_420fe3fa2b8113bd\comctl32.dll (Microsoft Corporation) MOD - C:\Users\Tom Morris\Desktop\OTL.exe (OldTimer Tools) MOD - C:\Windows\SysWOW64\msscript.ocx (Microsoft Corporation) ========== Win32 Services (SafeList) ========== SRV:64bit: - (ezSharedSvc) -- C:\Windows\SysNative\ezSharedSvcHost.exe File not found SRV:64bit: - (!SASCORE) -- C:\Program Files\SUPERAntiSpyware\SASCORE64.EXE File not found SRV:64bit: - (AMD External Events Utility) -- C:\Windows\SysNative\atiesrxx.exe (AMD) SRV:64bit: - (HP Wireless Assistant Service) -- C:\Program Files\Hewlett-Packard\HP Wireless Assistant\HPWA_Service.exe (Hewlett-Packard) SRV - (AntiVirService) -- C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe (Avira GmbH) SRV - (AntiVirSchedulerService) -- C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe (Avira GmbH) SRV - (HPDrvMntSvc.exe) -- C:\Program Files (x86)\Hewlett-Packard\Shared\HPDrvMntSvc.exe (Hewlett-Packard Company) SRV - (HPWMISVC) -- C:\Programme\Hewlett-Packard\HP Quick Launch\HPWMISVC.exe () SRV - (SeaPort) -- C:\Program Files (x86)\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe (Microsoft Corporation) SRV - (AERTFilters) -- C:\Programme\Realtek\Audio\HDA\AERTSr64.exe (Andrea Electronics Corporation) SRV - (WcesComm) -- C:\Windows\WindowsMobile\wcescomm.dll (Microsoft Corporation) SRV - (RapiMgr) -- C:\Windows\WindowsMobile\rapimgr.dll (Microsoft Corporation) ========== Driver Services (SafeList) ========== DRV:64bit: - (avgntflt) -- C:\Windows\SysNative\drivers\avgntflt.sys (Avira GmbH) DRV:64bit: - (BCM43XX) -- C:\Windows\SysNative\drivers\BCMWL664.SYS (Broadcom Corporation) DRV:64bit: - (amdkmdag) -- C:\Windows\SysNative\drivers\atipmdag.sys (ATI Technologies Inc.) DRV:64bit: - (amdkmdap) -- C:\Windows\SysNative\drivers\atikmpag.sys (Advanced Micro Devices, Inc.) DRV:64bit: - (SynTP) -- C:\Windows\SysNative\drivers\SynTP.sys (Synaptics Incorporated) DRV:64bit: - (SL3) -- C:\Windows\SysNative\drivers\Sl3.sys (Cristalink Ltd) DRV:64bit: - (RTL8167) -- C:\Windows\SysNative\drivers\Rt64win7.sys (Realtek ) DRV:64bit: - (AtiHdmiService) -- C:\Windows\SysNative\drivers\AtiHdmi.sys (ATI Technologies, Inc.) DRV:64bit: - (avipbb) -- C:\Windows\SysNative\drivers\avipbb.sys (Avira GmbH) DRV:64bit: - (usbfilter) -- C:\Windows\SysNative\drivers\usbfilter.sys (Advanced Micro Devices) DRV:64bit: - (amdsata) -- C:\Windows\SysNative\drivers\amdsata.sys (Advanced Micro Devices) DRV:64bit: - (amdxata) -- C:\Windows\SysNative\drivers\amdxata.sys (Advanced Micro Devices) DRV:64bit: - (MADFUCONECTIV) -- C:\Windows\SysNative\drivers\MAudioConectiv_DFU.sys (M-Audio) DRV:64bit: - (MAUSBCONECTIV) -- C:\Windows\SysNative\drivers\MAudioConectiv.sys (Avid Technology, Inc.) DRV:64bit: - (RSUSBSTOR) -- C:\Windows\SysNative\drivers\RtsUStor.sys (Realtek Semiconductor Corp.) DRV:64bit: - (AtiPcie) AMD PCI Express (3GIO) -- C:\Windows\SysNative\drivers\AtiPcie.sys (Advanced Micro Devices Inc.) DRV:64bit: - (amdsbs) -- C:\Windows\SysNative\drivers\amdsbs.sys (AMD Technologies Inc.) DRV:64bit: - (LSI_SAS2) -- C:\Windows\SysNative\drivers\lsi_sas2.sys (LSI Corporation) DRV:64bit: - (HpSAMD) -- C:\Windows\SysNative\drivers\HpSAMD.sys (Hewlett-Packard Company) DRV:64bit: - (stexstor) -- C:\Windows\SysNative\drivers\stexstor.sys (Promise Technology) DRV:64bit: - (usb_rndisx) -- C:\Windows\SysNative\drivers\usb8023x.sys (Microsoft Corporation) DRV:64bit: - (sdbus) -- C:\Windows\SysNative\drivers\sdbus.sys (Microsoft Corporation) DRV:64bit: - (SrvHsfV92) -- C:\Windows\SysNative\drivers\VSTDPV6.SYS (Conexant Systems, Inc.) DRV:64bit: - (SrvHsfWinac) -- C:\Windows\SysNative\drivers\VSTCNXT6.SYS (Conexant Systems, Inc.) DRV:64bit: - (SrvHsfHDA) -- C:\Windows\SysNative\drivers\VSTAZL6.SYS (Conexant Systems, Inc.) DRV:64bit: - (Ntfs) -- C:\Windows\SysNative\wbem\ntfs.mof () DRV:64bit: - (igfx) -- C:\Windows\SysNative\drivers\igdkmd64.sys (Intel Corporation) DRV:64bit: - (netr28x) -- C:\Windows\SysNative\drivers\netr28x.sys (Ralink Technology, Corp.) DRV:64bit: - (yukonw7) -- C:\Windows\SysNative\drivers\yk62x64.sys (Marvell) DRV:64bit: - (netw5v64) Intel(R) -- C:\Windows\SysNative\drivers\netw5v64.sys (Intel Corporation) DRV:64bit: - (ebdrv) -- C:\Windows\SysNative\drivers\evbda.sys (Broadcom Corporation) DRV:64bit: - (b06bdrv) -- C:\Windows\SysNative\drivers\bxvbda.sys (Broadcom Corporation) DRV:64bit: - (b57nd60a) -- C:\Windows\SysNative\drivers\b57nd60a.sys (Broadcom Corporation) DRV:64bit: - (hcw85cir) -- C:\Windows\SysNative\drivers\hcw85cir.sys (Hauppauge Computer Works, Inc.) DRV:64bit: - (hwdatacard) -- C:\Windows\SysNative\drivers\ewusbmdm.sys (Huawei Technologies Co., Ltd.) DRV - (RSUSBSTOR) -- C:\Windows\SysWOW64\drivers\RtsUStor.sys (Realtek Semiconductor Corp.) ========== Standard Registry (SafeList) ========== ========== Internet Explorer ========== IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://g.uk.msn.com/HPNOT/4 IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://g.uk.msn.com/HPNOT/4 IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://g.uk.msn.com/HPNOT/4 IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://g.uk.msn.com/HPNOT/4 IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 ========== FireFox ========== FF - prefs.js..browser.startup.homepage: "hxxp://www.dancetrippin.tv/" FF - prefs.js..extensions.enabledItems: {27182e60-b5f3-411c-b545-b44205977502}:1.0 FF - prefs.js..extensions.enabledItems: {BBDA0591-3099-440a-AA10-41764D9DB4DB}:2.0 FF - prefs.js..extensions.enabledItems: {2D3F3651-74B9-4795-BDEC-6DA2F431CB62}:4.6 FF - prefs.js..extensions.enabledItems: {c50ca3c4-5656-43c2-a061-13e717f73fc8}:3.2.3 FF - prefs.js..extensions.enabledItems: {35379F86-8CCB-4724-AE33-4278DE266C70}:1.0.5 FF - HKLM\software\mozilla\Firefox\Extensions\\msntoolbar@msn.com: C:\Program Files (x86)\MSN Toolbar\Platform\4.0.0369.0\Firefox FF - HKLM\software\mozilla\Firefox\Extensions\\{27182e60-b5f3-411c-b545-b44205977502}: C:\Program Files (x86)\Microsoft\Search Enhancement Pack\Search Helper\firefoxextension\SearchHelperExtension\ [2010.07.07 05:05:03 | 000,000,000 | ---D | M] FF - HKLM\software\mozilla\Mozilla Firefox 3.6.8\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2010.08.30 12:19:01 | 000,000,000 | ---D | M] FF - HKLM\software\mozilla\Mozilla Firefox 3.6.8\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins [2010.10.10 00:58:03 | 000,000,000 | ---D | M] [2010.08.30 12:20:07 | 000,000,000 | ---D | M] -- C:\Users\Tom Morris\AppData\Roaming\mozilla\Extensions [2010.10.28 15:53:13 | 000,000,000 | ---D | M] -- C:\Users\Tom Morris\AppData\Roaming\mozilla\Firefox\Profiles\f2akp1hm.default\extensions [2010.08.30 12:22:15 | 000,000,000 | ---D | M] (Fast Video Download (with SearchMenu)) -- C:\Users\Tom Morris\AppData\Roaming\mozilla\Firefox\Profiles\f2akp1hm.default\extensions\{c50ca3c4-5656-43c2-a061-13e717f73fc8} [2010.11.07 16:01:20 | 000,000,000 | ---D | M] -- C:\Program Files (x86)\Mozilla Firefox\extensions [2010.10.12 17:03:47 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA} [2010.11.07 16:01:20 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA} [2010.09.15 04:50:38 | 000,472,808 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files (x86)\Mozilla Firefox\plugins\npdeployJava1.dll [2010.07.23 01:48:56 | 000,001,392 | ---- | M] () -- C:\Program Files (x86)\Mozilla Firefox\searchplugins\amazondotcom-de.xml [2010.07.23 01:48:56 | 000,002,344 | ---- | M] () -- C:\Program Files (x86)\Mozilla Firefox\searchplugins\eBay-de.xml [2010.07.23 01:48:56 | 000,006,805 | ---- | M] () -- C:\Program Files (x86)\Mozilla Firefox\searchplugins\leo_ende_de.xml [2010.07.23 01:48:56 | 000,001,178 | ---- | M] () -- C:\Program Files (x86)\Mozilla Firefox\searchplugins\wikipedia-de.xml [2010.07.23 01:48:56 | 000,001,105 | ---- | M] () -- C:\Program Files (x86)\Mozilla Firefox\searchplugins\yahoo-de.xml O1 HOSTS File: ([2009.06.10 22:00:26 | 000,000,824 | ---- | M]) - C:\Windows\SysNative\drivers\etc\hosts O2:64bit: - BHO: (no name) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - No CLSID value found. O2 - BHO: (Search Helper) - {6EBF7485-159F-4bff-A14F-B9E3AAC4465B} - C:\Program Files (x86)\Microsoft\Search Enhancement Pack\Search Helper\SEPsearchhelperie.dll (Microsoft Corporation) O2 - BHO: (Skype add-on for Internet Explorer) - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.) O2 - BHO: (no name) - {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - No CLSID value found. O3 - HKLM\..\Toolbar: (no name) - {8dcb7100-df86-4384-8842-8fa844297b3f} - No CLSID value found. O4:64bit: - HKLM..\Run: [HP Quick Launch] C:\Programme\Hewlett-Packard\HP Quick Launch\HPMSGSVC.exe (Hewlett-Packard Company) O4:64bit: - HKLM..\Run: [HPWirelessAssistant] C:\Program Files\Hewlett-Packard\HP Wireless Assistant\DelayedAppStarter.exe () O4:64bit: - HKLM..\Run: [M-Audio Taskbar Icon] C:\Windows\SysNative\M-AudioTaskBarIcon.exe (Avid Technology, Inc.) O4:64bit: - HKLM..\Run: [RTHDVCPL] C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe (Realtek Semiconductor) O4:64bit: - HKLM..\Run: [RtkOSD] C:\Program Files (x86)\Realtek\Audio\OSD\RtVOsd64.exe (Realtek Semiconductor Corp.) O4:64bit: - HKLM..\Run: [Windows Mobile Device Center] C:\Windows\WindowsMobile\wmdc.exe (Microsoft Corporation) O4 - HKLM..\Run: [] File not found O4 - HKLM..\Run: [avgnt] C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe (Avira GmbH) O4 - HKLM..\Run: [DivXUpdate] C:\Program Files (x86)\DivX\DivX Update\DivXUpdate.exe () O4 - HKLM..\Run: [Microsoft Default Manager] C:\Program Files (x86)\Microsoft\Search Enhancement Pack\Default Manager\DefMgr.exe (Microsoft Corporation) O4 - HKLM..\Run: [StartCCC] C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe (Advanced Micro Devices, Inc.) O4 - HKCU..\Run: [ISUSPM] C:\ProgramData\Macrovision\FLEXnet Connect\6\ISUSPM.exe (Macrovision Corporation) O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktopChanges = 1 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: EnableShellExecuteHooks = 1 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3 O9 - Extra Button: @C:\Windows\WindowsMobile\INetRepl.dll,-222 - {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - C:\Windows\WindowsMobile\INetRepl.dll (Microsoft Corporation) O9 - Extra 'Tools' menuitem : @C:\Windows\WindowsMobile\INetRepl.dll,-223 - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\Windows\WindowsMobile\INetRepl.dll (Microsoft Corporation) O9 - Extra Button: Skype add-on for Internet Explorer - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.) O9 - Extra 'Tools' menuitem : Skype add-on for Internet Explorer - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.) O13 - gopher Prefix: missing O13 - gopher Prefix: missing O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab (Java Plug-in 1.6.0_22) O16 - DPF: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab (Java Plug-in 1.6.0_22) O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab (Java Plug-in 1.6.0_22) O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.178.1 O18:64bit: - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - Reg Error: Key error. File not found O18:64bit: - Protocol\Handler\skype-ie-addon-data {91774881-D725-4E58-B298-07617B9B86A8} - Reg Error: Key error. File not found O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll (Skype Technologies) O18 - Protocol\Handler\skype-ie-addon-data {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.) O20:64bit: - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation) O20:64bit: - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\Windows\SysNative\SystemPropertiesPerformance.exe (Microsoft Corporation) O20:64bit: - HKLM Winlogon: VMApplet - (/pagefile) - File not found O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation) O20 - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\Windows\SysWow64\SystemPropertiesPerformance.exe (Microsoft Corporation) O20 - HKLM Winlogon: VMApplet - (/pagefile) - File not found O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - CLSID or File not found. O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - CLSID or File not found. O32 - HKLM CDRom: AutoRun - 1 O33 - MountPoints2\{620fad7a-b6b3-11df-8ef0-90fba6aafb2f}\Shell - "" = AutoRun O33 - MountPoints2\{620fad7a-b6b3-11df-8ef0-90fba6aafb2f}\Shell\AutoRun\command - "" = G:\StartVMCLite.exe -- File not found O33 - MountPoints2\{620fad7c-b6b3-11df-8ef0-90fba6aafb2f}\Shell - "" = AutoRun O33 - MountPoints2\{620fad7c-b6b3-11df-8ef0-90fba6aafb2f}\Shell\AutoRun\command - "" = G:\StartVMCLite.exe -- File not found O33 - MountPoints2\{b03966dc-d4ab-11df-b304-90fba6aafb2f}\Shell - "" = AutoRun O33 - MountPoints2\{b03966dc-d4ab-11df-b304-90fba6aafb2f}\Shell\AutoRun\command - "" = G:\StartVMCLite.exe -- File not found O33 - MountPoints2\{b03966de-d4ab-11df-b304-90fba6aafb2f}\Shell - "" = AutoRun O33 - MountPoints2\{b03966de-d4ab-11df-b304-90fba6aafb2f}\Shell\AutoRun\command - "" = G:\StartVMCLite.exe -- File not found O33 - MountPoints2\{d7200668-a4aa-11df-b7e0-c4461903cd31}\Shell - "" = AutoRun O33 - MountPoints2\{d7200668-a4aa-11df-b7e0-c4461903cd31}\Shell\AutoRun\command - "" = G:\StartVMCLite.exe -- File not found O33 - MountPoints2\{d7200678-a4aa-11df-b7e0-c4461903cd31}\Shell - "" = AutoRun O33 - MountPoints2\{d7200678-a4aa-11df-b7e0-c4461903cd31}\Shell\AutoRun\command - "" = G:\StartVMCLite.exe -- File not found O33 - MountPoints2\G\Shell - "" = AutoRun O33 - MountPoints2\G\Shell\AutoRun\command - "" = G:\StartVMCLite.exe -- File not found O34 - HKLM BootExecute: (autocheck autochk *) - File not found O35:64bit: - HKLM\..comfile [open] -- "%1" %* O35:64bit: - HKLM\..exefile [open] -- "%1" %* O35 - HKLM\..comfile [open] -- "%1" %* O35 - HKLM\..exefile [open] -- "%1" %* O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %* O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %* O37 - HKLM\...com [@ = comfile] -- "%1" %* O37 - HKLM\...exe [@ = exefile] -- "%1" %* ========== Files/Folders - Created Within 30 Days ========== [2010.11.12 03:13:58 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Trend Micro [2010.11.12 01:17:19 | 000,000,000 | ---D | C] -- C:\ProgramData\SUPERAntiSpyware.com [2010.11.12 01:17:14 | 000,000,000 | ---D | C] -- C:\ProgramData\!SASCORE [2010.11.12 01:00:27 | 000,000,000 | ---D | C] -- C:\Programme\CCleaner [2010.11.11 03:53:49 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Synth1 [2010.11.11 03:47:54 | 000,000,000 | ---D | C] -- C:\Windows\Sun [2010.11.11 00:48:33 | 000,000,000 | ---D | C] -- C:\Users\Tom Morris\AppData\Roaming\Malwarebytes [2010.11.11 00:48:27 | 000,038,224 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\SysWow64\drivers\mbamswissarmy.sys [2010.11.11 00:48:25 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Malwarebytes' Anti-Malware [2010.11.11 00:48:25 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes [2010.11.07 16:01:19 | 000,153,376 | ---- | C] (Sun Microsystems, Inc.) -- C:\Windows\SysWow64\javaws.exe [2010.11.07 16:01:19 | 000,145,184 | ---- | C] (Sun Microsystems, Inc.) -- C:\Windows\SysWow64\javaw.exe [2010.11.07 16:01:19 | 000,145,184 | ---- | C] (Sun Microsystems, Inc.) -- C:\Windows\SysWow64\java.exe [2010.10.31 06:34:08 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Ableton Plugins [2010.10.28 16:55:21 | 000,000,000 | R--D | C] -- C:\Users\Tom Morris\Eigene Producing [2010.10.28 16:06:45 | 000,000,000 | ---D | C] -- C:\Users\Tom Morris\AppData\Roaming\FMZilla [2010.10.28 16:06:37 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Free Music Zilla [2010.10.27 09:53:56 | 000,961,024 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\CPFilters.dll [2010.10.27 09:53:56 | 000,641,536 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\CPFilters.dll [2010.10.27 09:53:56 | 000,552,960 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\msdri.dll [2010.10.27 09:53:56 | 000,288,256 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\MSNP.ax [2010.10.27 09:53:56 | 000,258,560 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\mpg2splt.ax [2010.10.27 09:53:56 | 000,204,288 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\MSNP.ax [2010.10.27 09:53:56 | 000,199,680 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\mpg2splt.ax [2010.10.27 09:50:45 | 000,027,008 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\Diskdump.sys [2010.10.25 22:26:58 | 000,511,496 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\XAudio2_1.dll [2010.10.25 22:26:58 | 000,507,400 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\XAudio2_1.dll [2010.10.25 22:26:58 | 000,068,104 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\XAPOFX1_0.dll [2010.10.25 22:26:58 | 000,065,032 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\XAPOFX1_0.dll [2010.10.25 22:26:57 | 004,991,496 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\D3DX9_38.dll [2010.10.25 22:26:57 | 003,850,760 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\D3DX9_38.dll [2010.10.25 22:26:57 | 001,941,528 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\D3DCompiler_38.dll [2010.10.25 22:26:57 | 001,491,992 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\D3DCompiler_38.dll [2010.10.25 22:26:57 | 000,540,688 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\d3dx10_38.dll [2010.10.25 22:26:57 | 000,467,984 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\d3dx10_38.dll [2010.10.25 22:26:57 | 000,238,088 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\xactengine3_1.dll [2010.10.25 22:26:57 | 000,177,672 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\xactengine3_1.dll [2010.10.25 22:26:57 | 000,028,168 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\X3DAudio1_4.dll [2010.10.25 22:26:57 | 000,025,608 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\X3DAudio1_4.dll [2010.10.25 22:26:56 | 001,860,120 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\D3DCompiler_37.dll [2010.10.25 22:26:56 | 001,420,824 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\D3DCompiler_37.dll [2010.10.25 22:26:56 | 000,529,424 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\d3dx10_37.dll [2010.10.25 22:26:56 | 000,489,480 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\XAudio2_0.dll [2010.10.25 22:26:56 | 000,479,752 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\XAudio2_0.dll [2010.10.25 22:26:56 | 000,462,864 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\d3dx10_37.dll [2010.10.25 22:26:56 | 000,238,088 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\xactengine3_0.dll [2010.10.25 22:26:56 | 000,177,672 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\xactengine3_0.dll [2010.10.25 22:26:56 | 000,028,168 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\X3DAudio1_3.dll [2010.10.25 22:26:56 | 000,025,608 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\X3DAudio1_3.dll [2010.10.25 22:26:55 | 004,910,088 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\D3DX9_37.dll [2010.10.25 22:26:55 | 003,786,760 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\D3DX9_37.dll [2010.10.25 22:26:55 | 002,006,552 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\D3DCompiler_36.dll [2010.10.25 22:26:55 | 001,374,232 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\D3DCompiler_36.dll [2010.10.25 22:26:55 | 000,508,264 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\d3dx10_36.dll [2010.10.25 22:26:55 | 000,444,776 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\d3dx10_36.dll [2010.10.25 22:26:55 | 000,411,656 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\xactengine2_10.dll [2010.10.25 22:26:55 | 000,267,272 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\xactengine2_10.dll [2010.10.25 22:26:54 | 005,081,608 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\d3dx9_36.dll [2010.10.25 22:26:54 | 003,734,536 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\d3dx9_36.dll [2010.10.25 22:26:54 | 001,985,904 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\D3DCompiler_35.dll [2010.10.25 22:26:54 | 001,358,192 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\D3DCompiler_35.dll [2010.10.25 22:26:54 | 000,508,264 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\d3dx10_35.dll [2010.10.25 22:26:54 | 000,444,776 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\d3dx10_35.dll [2010.10.25 22:26:54 | 000,411,496 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\xactengine2_9.dll [2010.10.25 22:26:54 | 000,267,112 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\xactengine2_9.dll [2010.10.25 22:26:53 | 005,073,256 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\d3dx9_35.dll [2010.10.25 22:26:53 | 003,727,720 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\d3dx9_35.dll [2010.10.25 22:26:53 | 000,409,960 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\xactengine2_8.dll [2010.10.25 22:26:53 | 000,266,088 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\xactengine2_8.dll [2010.10.25 22:26:53 | 000,021,000 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\X3DAudio1_2.dll [2010.10.25 22:26:53 | 000,017,928 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\X3DAudio1_2.dll [2010.10.25 02:08:22 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Serato [2010.10.22 17:39:27 | 000,000,000 | R--D | C] -- C:\Users\Tom Morris\Unbenannt Project [2010.10.14 02:08:55 | 002,441,216 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\iertutil.dll [2010.10.14 02:08:54 | 000,702,976 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\msfeeds.dll [2010.10.14 02:08:54 | 000,599,040 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\msfeeds.dll [2010.10.14 02:08:54 | 000,097,280 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\mshtmled.dll [2010.10.14 02:08:54 | 000,057,856 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\licmgr10.dll [2010.10.14 02:08:54 | 000,044,544 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\licmgr10.dll [2010.10.14 02:08:53 | 000,482,816 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\html.iec [2010.10.14 02:08:53 | 000,386,048 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\html.iec [2010.10.14 02:08:53 | 000,256,000 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\iepeers.dll [2010.10.14 02:08:53 | 000,247,808 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ieui.dll [2010.10.14 02:08:53 | 000,185,856 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\iepeers.dll [2010.10.14 02:08:53 | 000,176,640 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ieui.dll [2010.10.14 02:08:53 | 000,067,072 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\mshtmled.dll [2010.10.14 02:08:53 | 000,012,800 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\msfeedssync.exe [2010.10.14 02:08:53 | 000,012,288 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\msfeedssync.exe [2010.10.14 02:08:36 | 014,627,840 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\wmp.dll [2010.10.14 02:08:36 | 011,406,848 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\wmp.dll [2010.10.14 02:08:35 | 012,625,408 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\wmploc.DLL [2010.10.14 02:08:34 | 012,625,920 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\wmploc.DLL [2010.10.14 02:07:34 | 000,954,752 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\mfc40.dll [2010.10.14 02:07:33 | 000,954,288 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\mfc40u.dll [2010.10.14 02:00:32 | 002,085,376 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ole32.dll [2010.10.14 02:00:05 | 001,024,512 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\wmpmde.dll [2010.10.14 02:00:05 | 000,738,816 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\wmpmde.dll [2010.10.14 01:33:52 | 000,633,856 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\comctl32.dll [2010.10.14 01:19:58 | 000,009,728 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\sscore.dll [2010.10.14 01:13:19 | 000,148,992 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\t2embed.dll [2010.10.14 01:13:19 | 000,109,056 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\t2embed.dll [2010.10.14 01:12:46 | 000,483,840 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\StructuredQuery.dll [2010.10.14 01:12:46 | 000,363,520 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\StructuredQuery.dll [1 C:\Users\Tom Morris\Documents\*.tmp files -> C:\Users\Tom Morris\Documents\*.tmp -> ] ========== Files - Modified Within 30 Days ========== [2010.11.12 03:38:13 | 002,097,152 | -HS- | M] () -- C:\Users\Tom Morris\NTUSER.DAT [2010.11.12 03:13:58 | 000,002,115 | ---- | M] () -- C:\Users\Tom Morris\Desktop\HijackThis.lnk [2010.11.12 01:20:12 | 000,023,024 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0 [2010.11.12 01:20:12 | 000,023,024 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0 [2010.11.12 01:17:22 | 001,472,002 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI [2010.11.12 01:17:22 | 000,643,866 | ---- | M] () -- C:\Windows\SysNative\perfh007.dat [2010.11.12 01:17:22 | 000,607,190 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat [2010.11.12 01:17:22 | 000,126,394 | ---- | M] () -- C:\Windows\SysNative\perfc007.dat [2010.11.12 01:17:22 | 000,103,568 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat [2010.11.12 01:12:49 | 000,000,006 | -H-- | M] () -- C:\Windows\tasks\SA.DAT [2010.11.12 01:12:48 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat [2010.11.12 01:12:39 | 3217,211,392 | -HS- | M] () -- C:\hiberfil.sys [2010.11.12 01:11:58 | 005,490,779 | -H-- | M] () -- C:\Users\Tom Morris\AppData\Local\IconCache.db [2010.11.12 01:00:27 | 000,000,822 | ---- | M] () -- C:\Users\Public\Desktop\CCleaner.lnk [2010.11.11 00:48:29 | 000,001,031 | ---- | M] () -- C:\Users\Public\Desktop\Malwarebytes' Anti-Malware.lnk [2010.11.10 23:20:56 | 000,000,352 | ---- | M] () -- C:\Windows\tasks\HPCeeScheduleForTom Morris.job [2010.11.09 06:57:07 | 000,000,790 | ---- | M] () -- C:\Users\Public\Documents\sven v..rtf [2010.11.02 14:51:08 | 000,081,584 | ---- | M] (Avira GmbH) -- C:\Windows\SysNative\drivers\avgntflt.sys [2010.10.28 16:16:35 | 000,017,212 | ---- | M] () -- C:\Users\Tom Morris\AppData\Roaming\UserTile.png [2010.10.28 16:06:37 | 000,001,080 | ---- | M] () -- C:\Users\Tom Morris\Desktop\Free Music Zilla.lnk [2010.10.25 02:08:24 | 000,002,174 | ---- | M] () -- C:\Users\Tom Morris\Desktop\Scratch Live.lnk [2010.10.24 15:16:53 | 000,001,165 | ---- | M] () -- C:\Users\Tom Morris\Desktop\Live 8.0.3.lnk [2010.10.15 02:19:25 | 000,334,264 | ---- | M] () -- C:\Windows\SysNative\FNTCACHE.DAT [1 C:\Users\Tom Morris\Documents\*.tmp files -> C:\Users\Tom Morris\Documents\*.tmp -> ] ========== Files Created - No Company Name ========== [2010.11.12 03:13:58 | 000,002,115 | ---- | C] () -- C:\Users\Tom Morris\Desktop\HijackThis.lnk [2010.11.12 01:00:27 | 000,000,822 | ---- | C] () -- C:\Users\Public\Desktop\CCleaner.lnk [2010.11.11 00:48:29 | 000,001,031 | ---- | C] () -- C:\Users\Public\Desktop\Malwarebytes' Anti-Malware.lnk [2010.11.10 22:54:59 | 000,000,352 | ---- | C] () -- C:\Windows\tasks\HPCeeScheduleForTom Morris.job [2010.11.09 06:57:07 | 000,000,790 | ---- | C] () -- C:\Users\Public\Documents\sven v..rtf [2010.10.28 16:19:42 | 000,024,064 | -HS- | C] () -- C:\Users\Tom Morris\AppData\Roaming\Thumbs.db [2010.10.28 16:16:35 | 000,017,212 | ---- | C] () -- C:\Users\Tom Morris\AppData\Roaming\UserTile.png [2010.10.28 16:06:37 | 000,001,080 | ---- | C] () -- C:\Users\Tom Morris\Desktop\Free Music Zilla.lnk [2010.10.24 15:16:53 | 000,001,165 | ---- | C] () -- C:\Users\Tom Morris\Desktop\Live 8.0.3.lnk [2010.08.24 11:05:55 | 000,000,084 | ---- | C] () -- C:\Windows\winamp.ini [2010.08.12 19:11:03 | 000,027,648 | ---- | C] () -- C:\Windows\SysWow64\AVSredirect.dll [2010.08.12 18:30:01 | 000,000,331 | ---- | C] () -- C:\Windows\game.ini [2010.07.07 04:54:31 | 000,000,268 | ---- | C] () -- C:\Windows\SysWow64\RStoneLog2.ini [2010.07.07 04:54:31 | 000,000,209 | ---- | C] () -- C:\Windows\SysWow64\RStoneLog.ini [2010.05.17 22:38:25 | 000,000,202 | ---- | C] () -- C:\Windows\SysWow64\HPWA.ini [2010.02.09 17:58:12 | 000,012,800 | ---- | C] () -- C:\Windows\LPRES.DLL [2009.07.14 00:42:10 | 000,064,000 | ---- | C] () -- C:\Windows\SysWow64\BWContextHandler.dll [2009.07.13 22:03:59 | 000,364,544 | ---- | C] () -- C:\Windows\SysWow64\msjetoledb40.dll < End of report > OTL Logfile: Code:
ATTFilter OTL Extras logfile created on: 12.11.2010 03:37:14 - Run 1
OTL by OldTimer - Version 3.2.9.1 Folder = C:\Users\Tom Morris\Desktop
64bit- Home Premium Edition (Version = 6.1.7600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.7600.16385)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
4,00 Gb Total Physical Memory | 3,00 Gb Available Physical Memory | 68,00% Memory free
8,00 Gb Paging File | 7,00 Gb Available in Paging File | 81,00% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 451,46 Gb Total Space | 167,50 Gb Free Space | 37,10% Space Free | Partition Type: NTFS
Drive D: | 14,00 Gb Total Space | 2,01 Gb Free Space | 14,34% Space Free | Partition Type: NTFS
Drive E: | 99,02 Mb Total Space | 91,86 Mb Free Space | 92,76% Space Free | Partition Type: FAT32
F: Drive not present or media not loaded
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded
Computer Name: TOMMORRIS-PC
Current User Name: Tom Morris
Logged in as Administrator.
Current Boot Mode: Normal
Scan Mode: Current user
Include 64bit Scans
Company Name Whitelist: Off
Skip Microsoft Files: Off
File Age = 30 Days
Output = Minimal
========== Extra Registry (SafeList) ==========
========== File Associations ==========
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- C:\Windows\SysWow64\control.exe (Microsoft Corporation)
[HKEY_CURRENT_USER\SOFTWARE\Classes\<extension>]
.html [@ = ChromeHTML] -- C:\Users\Tom Morris\AppData\Local\Google\Chrome\Application\chrome.exe (Google Inc.)
========== Shell Spawning ==========
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %* File not found
cmdfile [open] -- "%1" %* File not found
comfile [open] -- "%1" %* File not found
exefile [open] -- "%1" %* File not found
helpfile [open] -- Reg Error: Key error.
htmlfile [edit] -- Reg Error: Key error.
htmlfile [print] -- rundll32.exe %windir%\system32\mshtml.dll,PrintHTML "%1" File not found
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
InternetShortcut [print] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\mshtml.dll",PrintHTML "%1" (Microsoft Corporation)
piffile [open] -- "%1" %* File not found
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1" File not found
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l (Microsoft Corporation)
scrfile [open] -- "%1" /S File not found
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1 File not found
Directory [AddToPlaylistVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" ()
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [PlayWithVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" ()
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
htmlfile [edit] -- Reg Error: Key error.
htmlfile [print] -- rundll32.exe %windir%\system32\mshtml.dll,PrintHTML "%1"
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
InternetShortcut [print] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\mshtml.dll",PrintHTML "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l (Microsoft Corporation)
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [AddToPlaylistVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" ()
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [PlayWithVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" ()
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
========== Security Center Settings ==========
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"VistaSp1" = 28 4D B2 76 41 04 CA 01 [binary data]
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
========== Authorized Applications List ==========
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
"C:\Program Files (x86)\Free Music Zilla\FMZilla.exe" = C:\Program Files (x86)\Free Music Zilla\FMZilla.exe:*:Enabled:FMZilla -- ()
"C:\Program Files (x86)\Free Music Zilla\FMZilla.exe" = C:\Program Files (x86)\Free Music Zilla\FMZilla.exe:*:Enabled:FMZilla -- ()
========== HKEY_LOCAL_MACHINE Uninstall List ==========
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{0D8EB424-63C1-4F63-BA0F-0597DD3DFF71}" = M-Audio Conectiv Driver 6.0.1 (x64)
"{10F539B1-31AF-43BF-9F0C-0EB66E918922}" = HP Quick Launch
"{4B6C7001-C7D6-3710-913E-5BC23FCE91E6}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148
"{626672CD-BFCF-49A9-AEFE-AB0FED3BFC5B}" = Windows Mobile-Gerätecenter
"{7B93A118-A01C-10F7-EBC6-4C7413D9A36B}" = ATI Catalyst Install Manager
"{8220EEFE-38CD-377E-8595-13398D740ACE}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17
"{B2FDEA1B-9B78-41CE-8A80-01D99D687D09}" = HP Wireless Assistant
"{E87A0FD7-DFFE-D12B-DFDE-8FE049D3FDA2}" = ccc-utility64
"Broadcom 802.11 Wireless LAN Adapter" = Broadcom 802.11 Wireless LAN Adapter
"CCleaner" = CCleaner
"SynTPDeinstKey" = Synaptics Pointing Device Driver
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{00FD5887-7557-5A6E-E9EF-ABAF7AA2E2AF}" = CCC Help Finnish
"{01FB4998-33C4-4431-85ED-079E3EEFE75D}" = CyberLink YouCam
"{07FA4960-B038-49EB-891B-9F95930AA544}" = HP Customer Experience Enhancements
"{08E7C2D0-A423-7568-61DB-11B3F745332D}" = Catalyst Control Center Graphics Previews Common
"{0C4F05FC-1BC4-90F7-66E5-911D443739AD}" = Catalyst Control Center Core Implementation
"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
"{1FBF6C24-C1FD-4101-A42B-0C564F9E8E79}" = CyberLink DVD Suite
"{254C37AA-6B72-4300-84F6-98A82419187E}" = ActiveCheck component for HP Active Support Library
"{26A24AE4-039D-4CA4-87B4-2F83216021FF}" = Java(TM) 6 Update 22
"{287ECFA4-719A-2143-A09B-D6A12DE54E40}" = Acrobat.com
"{2BC45853-3FDB-7352-7E93-0756D0759958}" = CCC Help French
"{2CDA6553-EF28-308F-EDAF-75989C168C71}" = CCC Help Thai
"{338DAD71-9CE7-4D63-B729-7E91C07A4D7D}" = Microsoft Search Enhancement Pack
"{3877C901-7B90-4727-A639-B6ED2DD59D43}" = ESU for Microsoft Windows 7
"{38A26A35-B8D5-C90C-DB36-2519827C7747}" = Catalyst Control Center Graphics Full Existing
"{40BF1E83-20EB-11D8-97C5-0009C5020658}" = Power2Go
"{40FB8D7C-6FF8-4AF2-BC8B-0B1DB32AF04B}" = HP Advisor
"{4123BE4D-C65C-467E-8071-232FB1FBF3B8}" = MSN Toolbar Platform
"{42654BC2-76C6-5F8A-73D8-8D2EDE4BB1A4}" = CCC Help Hungarian
"{44B2A0AB-412E-4F8C-B058-D1E8AECCDFF5}" = Recovery Manager
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{55FD7D2C-C1B6-6FF5-ED2C-D8F599DE3557}" = CCC Help Swedish
"{5EE7D259-D137-4438-9A5F-42F432EC0421}" = VC80CRTRedist - 8.0.50727.4053
"{60FA1132-0486-41F9-B747-6D308C284D1C}" = Catalyst Control Center - Branding
"{61BEA823-ECAF-49F1-8378-A59B3B8AD247}" = Microsoft Default Manager
"{6419476A-6230-4646-A2FE-C8860737F2A2}" = Scratch Live 2.1.1 (21122)
"{669D4A35-146B-4314-89F1-1AC3D7B88367}" = HPAsset component for HP Active Support Library
"{68FDE621-DC47-3864-859A-4CFF359DA3EE}" = CCC Help German
"{69FDFBB6-351D-4B8C-89D8-867DC9D0A2A4}" = Windows Media Player Firefox Plugin
"{6A2055DE-D7E0-7908-19FD-07032E1050FE}" = CCC Help Korean
"{6AFDE3BE-BC01-45A4-9D06-BBF5AD207313}" = LightScribe System Software
"{6C4E4BAA-4825-3D82-A536-586687A78A58}" = CCC Help Norwegian
"{7299052b-02a4-4627-81f2-1818da5d550d}" = Microsoft Visual C++ 2005 Redistributable
"{75D177CA-B0E1-9C2C-A035-7778FA6F9278}" = CCC Help English
"{8833FFB6-5B0C-4764-81AA-06DFEED9A476}" = Realtek Ethernet Controller Driver For Windows 7
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{8A15B7D9-908A-4EF9-BA84-5AEDE61743EE}" = Call of Duty(R) 4 - Modern Warfare(TM) 1.6 Patch
"{8DB77BE4-629D-458D-BD68-9F36667C2177}" = TubeBox!
"{931C37FC-594D-43A9-B10F-A2F2B1F03498}" = Call of Duty(R) 4 - Modern Warfare(TM) 1.7 Patch
"{943E29F5-10EA-E1F7-8828-80391BE9081B}" = CCC Help Italian
"{96AE7E41-E34E-47D0-AC07-1091A8127911}" = Realtek USB 2.0 Card Reader
"{96B2B177-D6F0-B452-547E-25A40AA6D73F}" = Catalyst Control Center Graphics Light
"{981029E0-7FC9-4CF3-AB39-6F133621921A}" = Skype Toolbars
"{987B04C4-B5AC-4AD6-A7E9-8D681085B850}" = AMD USB Filter Driver
"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
"{A2BCA9F1-566C-4805-97D1-7FDC93386723}" = Adobe AIR
"{A61C6212-AB09-615D-3302-B87318476A9E}" = CCC Help Greek
"{A8516AC9-AAF1-47F9-9766-03E2D4CDBCF8}" = CyberLink PowerDVD 9
"{A9B24899-3D76-1512-8006-5D8D9379E603}" = CCC Help Polish
"{AB6F3C84-C5F4-EB19-6C11-A73B695609D5}" = CCC Help Turkish
"{AC76BA86-7AD7-FFFF-7B44-A91000000001}" = Adobe Reader 9.4.0 MUI
"{B2582D47-3572-DED1-9468-00325C6987E6}" = Catalyst Control Center Graphics Previews Vista
"{B5761811-28F3-4257-B537-815C5EEF472C}" = Vodafone Mobile Connect Lite
"{B60DCA15-56A3-4D2D-8747-22CF7D7B588B}" = HP Support Assistant
"{C30558BD-247B-2BF8-BFEE-7EA2B46156AA}" = CCC Help Czech
"{C59C179C-668D-49A9-B6EA-0121CCFC1243}" = LabelPrint
"{C6F4F35D-D570-ABFB-24F3-0EA35E403FF1}" = Catalyst Control Center InstallProxy
"{C827BB33-ECAC-0EF7-9B86-630A15A25230}" = Catalyst Control Center Graphics Full New
"{CB099890-1D5F-11D5-9EA9-0050BAE317E1}" = PowerDirector
"{CB8D0FA8-A475-9841-7409-F4B3CFBF4E55}" = CCC Help Japanese
"{D103C4BA-F905-437A-8049-DB24763BBE36}" = Skype™ 4.2
"{D36DD326-7280-11D8-97C8-000129760CBE}" = PhotoNow!
"{D3AEA71C-D1DB-7CBB-9D8D-3C2333601A20}" = CCC Help Chinese Standard
"{D46D081B-F60E-467E-A7C4-117B70D76731}" = HP Update
"{D8DFA46A-39F7-4368-810D-18AFCFDDAEAF}" = Adobe Shockwave Player
"{DED123AE-5A57-E3FD-CC7F-8D1E736B9B71}" = ccc-core-static
"{E2831862-F131-4327-B9CC-FA30F587EB6C}" = HP Setup
"{E451BFA8-044A-F549-EAB5-CE8D39812421}" = CCC Help Portuguese
"{E48469CC-635E-4FD5-A122-1497C286D217}" = Call of Duty(R) 4 - Modern Warfare(TM)
"{E8E660DD-3CF7-4143-B7BF-D44E9ACF2DC1}" = HP Software Framework
"{EDDFC55B-A7D5-5D3D-0B77-860E89E2B137}" = CCC Help Danish
"{EF6BD645-0E5B-3584-691B-BB109D0402CA}" = CCC Help Russian
"{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver
"{F16954E1-FF14-AA8E-33B0-92A4CCD66265}" = CCC Help Dutch
"{F17301AF-CE56-063A-04D4-0CE460CD67BC}" = CCC Help Chinese Traditional
"{F37935A0-AFC8-47F9-8B7D-D09E88FCA0B8}" = HP User Guides 0211
"{F62607DD-8A27-2740-497A-CD6DF31434C7}" = CCC Help Spanish
"{F6B6A150-08FA-46D5-808A-EB638269551D}" = HP Power Plan Utility
"{F798D7E4-B39B-69C4-A8B3-1D412630B306}" = Catalyst Control Center Localization All
"Adobe AIR" = Adobe AIR
"Adobe Flash Player Plugin" = Adobe Flash Player 10 Plugin
"Audacity_is1" = Audacity 1.2.6
"Avira AntiVir Desktop" = Avira AntiVir Personal - Free Antivirus
"DivX Setup.divx.com" = DivX-Setup
"Free Music Zilla_is1" = Free Music Zilla
"HijackThis" = HijackThis 2.0.2
"InstallShield_{01FB4998-33C4-4431-85ED-079E3EEFE75D}" = CyberLink YouCam
"InstallShield_{1FBF6C24-C1FD-4101-A42B-0C564F9E8E79}" = CyberLink DVD Suite
"InstallShield_{40BF1E83-20EB-11D8-97C5-0009C5020658}" = Power2Go
"InstallShield_{8A15B7D9-908A-4EF9-BA84-5AEDE61743EE}" = Call of Duty(R) 4 - Modern Warfare(TM) 1.6 Patch
"InstallShield_{931C37FC-594D-43A9-B10F-A2F2B1F03498}" = Call of Duty(R) 4 - Modern Warfare(TM) 1.7 Patch
"InstallShield_{A8516AC9-AAF1-47F9-9766-03E2D4CDBCF8}" = CyberLink PowerDVD 9
"InstallShield_{C59C179C-668D-49A9-B6EA-0121CCFC1243}" = LabelPrint
"InstallShield_{CB099890-1D5F-11D5-9EA9-0050BAE317E1}" = PowerDirector
"InstallShield_{D36DD326-7280-11D8-97C8-000129760CBE}" = PhotoNow!
"InstallShield_{E48469CC-635E-4FD5-A122-1497C286D217}" = Call of Duty(R) 4 - Modern Warfare(TM)
"JDownloader" = JDownloader
"Live 8.0.3" = Live 8.0.3
"Malwarebytes' Anti-Malware_is1" = Malwarebytes' Anti-Malware
"Mozilla Firefox (3.6.8)" = Mozilla Firefox (3.6.8)
"SUPER ©" = SUPER © Version 2010.bld.38 (May 2, 2010)
"TagScanner_is1" = TagScanner 5.1 build 592
"Torq_is1" = Torq Torq 1.5.2 (Build 009) - 8 July 2009
"Uninstall_is1" = Uninstall 1.0.0.1
"VLC media player" = VLC media player 1.1.4
"WinRAR archiver" = WinRAR Archivierer
========== HKEY_CURRENT_USER Uninstall List ==========
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"Google Chrome" = Google Chrome
========== Last 10 Event Log Errors ==========
[ Application Events ]
Error - 06.10.2010 21:46:34 | Computer Name = TomMorris-PC | Source = SideBySide | ID = 16842815
Description = Fehler beim Generieren des Aktivierungskontextes für "c:\Program Files
(x86)\Common Files\Adobe AIR\Versions\1.0\Adobe AIR.dll". Fehler in Manifest- oder
Richtliniendatei "c:\Program Files (x86)\Common Files\Adobe AIR\Versions\1.0\Adobe
AIR.dll" in Zeile 3. Der Wert "MAJOR_VERSION.MINOR_VERSION.BUILD_NUMBER_MAJOR.BUILD_NUMBER_MINOR"
des "version"-Attributs im assemblyIdentity-Element ist ungültig.
Error - 06.10.2010 21:47:59 | Computer Name = TomMorris-PC | Source = SideBySide | ID = 16842811
Description = Fehler beim Generieren des Aktivierungskontextes für "c:\program files
(x86)\microsoft\search enhancement pack\search helper\sepsearchhelperie.dll". Fehler
in Manifest- oder Richtliniendatei "c:\program files (x86)\microsoft\search enhancement
pack\search helper\sepsearchhelperie.dll" in Zeile 2. Ungültige XML-Syntax.
Error - 08.10.2010 10:34:11 | Computer Name = TomMorris-PC | Source = Application Hang | ID = 1002
Description = Programm ScratchLive.exe, Version 2.1.0.57 kann nicht mehr unter Windows
ausgeführt werden und wurde beendet. Überprüfen Sie den Problemverlauf in der Wartungscenter-Systemsteuerung,
um nach weiteren Informationen zum Problem zu suchen. Prozess-ID: 9b8 Startzeit:
01cb66f30500325f Endzeit: 62 Anwendungspfad: C:\Program Files (x86)\Serato\ScratchLIVE\ScratchLive.exe
Berichts-ID:
1b2b71df-d2e9-11df-9ce3-90fba6aafb2f
Error - 09.10.2010 20:52:30 | Computer Name = TomMorris-PC | Source = SideBySide | ID = 16842815
Description = Fehler beim Generieren des Aktivierungskontextes für "c:\Program Files
(x86)\Common Files\Adobe AIR\Versions\1.0\Adobe AIR.dll". Fehler in Manifest- oder
Richtliniendatei "c:\Program Files (x86)\Common Files\Adobe AIR\Versions\1.0\Adobe
AIR.dll" in Zeile 3. Der Wert "MAJOR_VERSION.MINOR_VERSION.BUILD_NUMBER_MAJOR.BUILD_NUMBER_MINOR"
des "version"-Attributs im assemblyIdentity-Element ist ungültig.
Error - 09.10.2010 20:53:54 | Computer Name = TomMorris-PC | Source = SideBySide | ID = 16842811
Description = Fehler beim Generieren des Aktivierungskontextes für "c:\program files
(x86)\microsoft\search enhancement pack\search helper\sepsearchhelperie.dll". Fehler
in Manifest- oder Richtliniendatei "c:\program files (x86)\microsoft\search enhancement
pack\search helper\sepsearchhelperie.dll" in Zeile 2. Ungültige XML-Syntax.
Error - 10.10.2010 18:49:55 | Computer Name = TomMorris-PC | Source = SideBySide | ID = 16842815
Description = Fehler beim Generieren des Aktivierungskontextes für "c:\Program Files
(x86)\Common Files\Adobe AIR\Versions\1.0\Adobe AIR.dll". Fehler in Manifest- oder
Richtliniendatei "c:\Program Files (x86)\Common Files\Adobe AIR\Versions\1.0\Adobe
AIR.dll" in Zeile 3. Der Wert "MAJOR_VERSION.MINOR_VERSION.BUILD_NUMBER_MAJOR.BUILD_NUMBER_MINOR"
des "version"-Attributs im assemblyIdentity-Element ist ungültig.
Error - 10.10.2010 18:50:53 | Computer Name = TomMorris-PC | Source = SideBySide | ID = 16842811
Description = Fehler beim Generieren des Aktivierungskontextes für "c:\program files
(x86)\microsoft\search enhancement pack\search helper\sepsearchhelperie.dll". Fehler
in Manifest- oder Richtliniendatei "c:\program files (x86)\microsoft\search enhancement
pack\search helper\sepsearchhelperie.dll" in Zeile 2. Ungültige XML-Syntax.
Error - 11.10.2010 13:40:11 | Computer Name = TomMorris-PC | Source = Application Error | ID = 1000
Description = Name der fehlerhaften Anwendung: PhoneConnectorVMC.exe, Version: 3.1.2.104,
Zeitstempel: 0x46f273a8 Name des fehlerhaften Moduls: PhoneConnectorVMC.exe, Version:
3.1.2.104, Zeitstempel: 0x46f273a8 Ausnahmecode: 0xc0000005 Fehleroffset: 0x00016eda
ID
des fehlerhaften Prozesses: 0xcb0 Startzeit der fehlerhaften Anwendung: 0x01cb696b509284e9
Pfad
der fehlerhaften Anwendung: G:\PhoneConnectorVMC.exe Pfad des fehlerhaften Moduls:
G:\PhoneConnectorVMC.exe Berichtskennung: 98809d95-d55e-11df-bd97-90fba6aafb2f
Error - 11.10.2010 21:01:34 | Computer Name = TomMorris-PC | Source = SideBySide | ID = 16842815
Description = Fehler beim Generieren des Aktivierungskontextes für "c:\Program Files
(x86)\Common Files\Adobe AIR\Versions\1.0\Adobe AIR.dll". Fehler in Manifest- oder
Richtliniendatei "c:\Program Files (x86)\Common Files\Adobe AIR\Versions\1.0\Adobe
AIR.dll" in Zeile 3. Der Wert "MAJOR_VERSION.MINOR_VERSION.BUILD_NUMBER_MAJOR.BUILD_NUMBER_MINOR"
des "version"-Attributs im assemblyIdentity-Element ist ungültig.
Error - 11.10.2010 21:02:59 | Computer Name = TomMorris-PC | Source = SideBySide | ID = 16842811
Description = Fehler beim Generieren des Aktivierungskontextes für "c:\program files
(x86)\microsoft\search enhancement pack\search helper\sepsearchhelperie.dll". Fehler
in Manifest- oder Richtliniendatei "c:\program files (x86)\microsoft\search enhancement
pack\search helper\sepsearchhelperie.dll" in Zeile 2. Ungültige XML-Syntax.
[ Hewlett-Packard Events ]
Error - 01.09.2010 06:48:55 | Computer Name = TomMorris-PC | Source = Hewlett-Packard | ID = 0
Description = de-DE Die Datei "C:\Program Files (x86)\Hewlett-Packard\HP Support
Framework\Logs\SystemInfoAA.xml" konnte nicht gefunden werden. mscorlib bei System.IO.__Error.WinIOError(Int32
errorCode, String maybeFullPath) bei System.IO.FileStream.Init(String path, FileMode
mode, FileAccess access, Int32 rights, Boolean useRights, FileShare share, Int32
bufferSize, FileOptions options, SECURITY_ATTRIBUTES secAttrs, String msgPath,
Boolean bFromProxy) bei System.IO.FileStream..ctor(String path, FileMode mode,
FileAccess access, FileShare share, Int32 bufferSize, FileOptions options, String
msgPath, Boolean bFromProxy) bei System.IO.FileStream..ctor(String path, FileMode
mode, FileAccess access, FileShare share, Int32 bufferSize, FileOptions options)
bei System.IO.StreamReader..ctor(String path, Encoding encoding, Boolean detectEncodingFromByteOrderMarks,
Int32 bufferSize) bei System.IO.StreamReader..ctor(String path, Encoding encoding)
bei System.IO.File.ReadAllText(String path, Encoding encoding) bei n.a()
Error - 22.09.2010 17:09:25 | Computer Name = TomMorris-PC | Source = Hewlett-Packard | ID = 0
Description = de-DE Die Datei "C:\Program Files (x86)\Hewlett-Packard\HP Support
Framework\Logs\SystemInfoAA.xml" konnte nicht gefunden werden. mscorlib bei System.IO.__Error.WinIOError(Int32
errorCode, String maybeFullPath) bei System.IO.FileStream.Init(String path, FileMode
mode, FileAccess access, Int32 rights, Boolean useRights, FileShare share, Int32
bufferSize, FileOptions options, SECURITY_ATTRIBUTES secAttrs, String msgPath,
Boolean bFromProxy) bei System.IO.FileStream..ctor(String path, FileMode mode,
FileAccess access, FileShare share, Int32 bufferSize, FileOptions options, String
msgPath, Boolean bFromProxy) bei System.IO.FileStream..ctor(String path, FileMode
mode, FileAccess access, FileShare share, Int32 bufferSize, FileOptions options)
bei System.IO.StreamReader..ctor(String path, Encoding encoding, Boolean detectEncodingFromByteOrderMarks,
Int32 bufferSize) bei System.IO.StreamReader..ctor(String path, Encoding encoding)
bei System.IO.File.ReadAllText(String path, Encoding encoding) bei n.a()
Error - 29.09.2010 06:55:29 | Computer Name = TomMorris-PC | Source = Hewlett-Packard | ID = 0
Description = de-DE Die Datei "C:\Program Files (x86)\Hewlett-Packard\HP Support
Framework\Logs\SystemInfoAA.xml" konnte nicht gefunden werden. mscorlib bei System.IO.__Error.WinIOError(Int32
errorCode, String maybeFullPath) bei System.IO.FileStream.Init(String path, FileMode
mode, FileAccess access, Int32 rights, Boolean useRights, FileShare share, Int32
bufferSize, FileOptions options, SECURITY_ATTRIBUTES secAttrs, String msgPath,
Boolean bFromProxy) bei System.IO.FileStream..ctor(String path, FileMode mode,
FileAccess access, FileShare share, Int32 bufferSize, FileOptions options, String
msgPath, Boolean bFromProxy) bei System.IO.FileStream..ctor(String path, FileMode
mode, FileAccess access, FileShare share, Int32 bufferSize, FileOptions options)
bei System.IO.StreamReader..ctor(String path, Encoding encoding, Boolean detectEncodingFromByteOrderMarks,
Int32 bufferSize) bei System.IO.StreamReader..ctor(String path, Encoding encoding)
bei System.IO.File.ReadAllText(String path, Encoding encoding) bei n.a()
[ HP Wireless Assistant Events ]
Error - 10.11.2010 06:10:18 | Computer Name = TomMorris-PC | Source = HP WA Service | ID = 0
Description = Unable to access panel brightness tables.
Error - 10.11.2010 07:49:36 | Computer Name = TomMorris-PC | Source = HP WA Service | ID = 0
Description = GetPanelBrightnessTables() failed : e_BIOS_INVALID_COMMAND_TYPE
Error - 10.11.2010 07:49:36 | Computer Name = TomMorris-PC | Source = HP WA Service | ID = 0
Description = Unable to access panel brightness tables.
Error - 10.11.2010 18:23:07 | Computer Name = TomMorris-PC | Source = HP WA Service | ID = 0
Description = GetPanelBrightnessTables() failed : e_BIOS_INVALID_COMMAND_TYPE
Error - 11.11.2010 12:29:41 | Computer Name = TomMorris-PC | Source = HP WA Service | ID = 0
Description = GetPanelBrightnessTables() failed : e_BIOS_INVALID_COMMAND_TYPE
Error - 11.11.2010 12:29:41 | Computer Name = TomMorris-PC | Source = HP WA Service | ID = 0
Description = Unable to access panel brightness tables.
Error - 11.11.2010 17:29:39 | Computer Name = TomMorris-PC | Source = HP WA Service | ID = 0
Description = GetPanelBrightnessTables() failed : e_BIOS_INVALID_COMMAND_TYPE
Error - 11.11.2010 17:29:39 | Computer Name = TomMorris-PC | Source = HP WA Service | ID = 0
Description = Unable to access panel brightness tables.
Error - 11.11.2010 18:57:36 | Computer Name = TomMorris-PC | Source = HP WA Service | ID = 0
Description = GetPanelBrightnessTables() failed : e_BIOS_INVALID_COMMAND_TYPE
Error - 11.11.2010 19:50:52 | Computer Name = TomMorris-PC | Source = HP WA Service | ID = 0
Description = GetPanelBrightnessTables() failed : e_BIOS_INVALID_COMMAND_TYPE
[ Media Center Events ]
Error - 25.08.2010 04:01:36 | Computer Name = TomMorris-PC | Source = MCUpdate | ID = 0
Description = 10:01:36 - Fehler beim Herstellen der Internetverbindung. 10:01:36
- Serververbindung konnte nicht hergestellt werden..
Error - 25.08.2010 04:01:46 | Computer Name = TomMorris-PC | Source = MCUpdate | ID = 0
Description = 10:01:41 - Fehler beim Herstellen der Internetverbindung. 10:01:41
- Serververbindung konnte nicht hergestellt werden..
Error - 30.08.2010 04:56:52 | Computer Name = TomMorris-PC | Source = MCUpdate | ID = 0
Description = 10:56:52 - Fehler beim Herstellen der Internetverbindung. 10:56:52
- Serververbindung konnte nicht hergestellt werden..
Error - 30.08.2010 04:56:59 | Computer Name = TomMorris-PC | Source = MCUpdate | ID = 0
Description = 10:56:57 - Fehler beim Herstellen der Internetverbindung. 10:56:57
- Serververbindung konnte nicht hergestellt werden..
Error - 25.09.2010 14:55:37 | Computer Name = TomMorris-PC | Source = MCUpdate | ID = 0
Description = 20:55:37 - Fehler beim Herstellen der Internetverbindung. 20:55:37
- Serververbindung konnte nicht hergestellt werden..
Error - 25.09.2010 14:55:47 | Computer Name = TomMorris-PC | Source = MCUpdate | ID = 0
Description = 20:55:42 - Fehler beim Herstellen der Internetverbindung. 20:55:42
- Serververbindung konnte nicht hergestellt werden..
Error - 25.09.2010 15:55:52 | Computer Name = TomMorris-PC | Source = MCUpdate | ID = 0
Description = 21:55:52 - Fehler beim Herstellen der Internetverbindung. 21:55:52
- Serververbindung konnte nicht hergestellt werden..
Error - 25.09.2010 15:55:58 | Computer Name = TomMorris-PC | Source = MCUpdate | ID = 0
Description = 21:55:57 - Fehler beim Herstellen der Internetverbindung. 21:55:57
- Serververbindung konnte nicht hergestellt werden..
Error - 26.09.2010 02:35:55 | Computer Name = TomMorris-PC | Source = MCUpdate | ID = 0
Description = 08:35:55 - Fehler beim Herstellen der Internetverbindung. 08:35:55
- Serververbindung konnte nicht hergestellt werden..
Error - 26.09.2010 02:36:00 | Computer Name = TomMorris-PC | Source = MCUpdate | ID = 0
Description = 08:36:00 - Fehler beim Herstellen der Internetverbindung. 08:36:00
- Serververbindung konnte nicht hergestellt werden..
[ System Events ]
Error - 14.10.2010 10:28:49 | Computer Name = TomMorris-PC | Source = cdrom | ID = 262155
Description = Der Treiber hat einen Controllerfehler auf \Device\CdRom0 gefunden.
Error - 14.10.2010 10:28:58 | Computer Name = TomMorris-PC | Source = cdrom | ID = 262155
Description = Der Treiber hat einen Controllerfehler auf \Device\CdRom0 gefunden.
Error - 14.10.2010 10:29:06 | Computer Name = TomMorris-PC | Source = cdrom | ID = 262155
Description = Der Treiber hat einen Controllerfehler auf \Device\CdRom0 gefunden.
Error - 14.10.2010 10:29:15 | Computer Name = TomMorris-PC | Source = cdrom | ID = 262155
Description = Der Treiber hat einen Controllerfehler auf \Device\CdRom0 gefunden.
Error - 14.10.2010 10:29:23 | Computer Name = TomMorris-PC | Source = cdrom | ID = 262155
Description = Der Treiber hat einen Controllerfehler auf \Device\CdRom0 gefunden.
Error - 14.10.2010 10:29:32 | Computer Name = TomMorris-PC | Source = cdrom | ID = 262155
Description = Der Treiber hat einen Controllerfehler auf \Device\CdRom0 gefunden.
Error - 14.10.2010 10:29:40 | Computer Name = TomMorris-PC | Source = cdrom | ID = 262151
Description = Fehlerhafter Block bei Gerät \Device\CdRom0.
Error - 24.10.2010 21:07:15 | Computer Name = TomMorris-PC | Source = DCOM | ID = 10001
Description =
Error - 27.10.2010 13:05:07 | Computer Name = TomMorris-PC | Source = DCOM | ID = 10010
Description =
Error - 27.10.2010 13:05:07 | Computer Name = TomMorris-PC | Source = Microsoft-Windows-WindowsUpdateClient | ID = 20
Description = Installationsfehler: Die Installation des folgenden Updates ist mit
Fehler 0x80080005 fehlgeschlagen: Update für Windows 7 für x64-basierte Systeme
(KB2388210)
< End of report >
Geändert von Maschi (12.11.2010 um 03:50 Uhr) |
|
12.11.2010, 08:12
| #2 | ||
| /// Helfer-Team    | sshnas21.dll - TR/Crypt.XPACK.gen3 - win7/64bit -- weiß nicht weiter ? Hallo und Herzlich Willkommen!
__________________ Bevor wir unsere Zusammenarbeit beginnen, [Bitte Vollständig lesen]: Zitat:
- Lade dir Random's System Information Tool (RSIT) von random/random herunter - an einen Ort deiner Wahl und führe die rsit.exe aus - wird "Hijackthis" auch von RSIT installiert und ausgeführt - RSIT erstellt 2 Logfiles (C:\rsit\log.txt und C:\rsit\info.txt) mit erweiterten Infos von deinem System - diese beide bitte komplett hier posten **Kannst Du das Log in Textdatei speichern und hier anhängen (auf "Erweitert" klicken) 2. Bitte Versteckte - und Systemdateien sichtbar machen den Link hier anklicken: System-Dateien und -Ordner unter XP und Vista sichtbar machen Am Ende unserer Arbeit, kannst wieder rückgängig machen! 3. → Lade Dir HJTscanlist.zip herunter → entpacke die Datei auf deinem Desktop → Bei WindowsXP Home musst vor dem Scan zusätzlich tasklist.zip installieren → per Doppelklick starten → Wähle dein Betriebsystem aus - bei Win7 wähle Vista → Wenn Du gefragt wirst, die Option "Einstellung" (1) - scanlist" wählen → Nach kurzer Zeit sollte sich Dein Editor öffnen und die Datei hjtscanlist.txt präsentieren → Bitte kopiere den Inhalt hier in Deinen Thread. Falls es klappt auf einmal nicht, kannst den Text in mehrere Teile teilen und so posten 4. Ich würde gerne noch all deine installierten Programme sehen: Lade dir das Tool "Ccleaner" herunter → "Download"→ " Download from FileHippo.com" installieren (Software-Lizenzvereinbarung lesen, falls angeboten wird "Füge CCleaner Yahoo! Toolbar hinzu" abwählen)→ starten→ falls nötig - unter Options settings-> "german" einstellen dann klick auf "Extra (um die installierten Programme auch anzuzeigen)→ weiter auf "Als Textdatei speichern..." wird eine Textdatei (*.txt) erstellt, kopiere dazu den Inhalt und füge ihn da ein 5. Rechtsklick auf den AntiVir-Schirm in der Taskleiste => AntiVir starten => Übersicht => Ereignisse jeden Fund markieren => Rechtsklick auf Funde => Ereignis(se) exportieren und als Ereignisse.txt auf dem Desktop speichern und den Inhalt hier posten. Zitat:
Coverflow |
|
12.11.2010, 12:11
| #3 |
| | sshnas21.dll - TR/Crypt.XPACK.gen3 - win7/64bit -- weiß nicht weiter ? Hallo,
__________________danke für die schnelle Antwort  Okay, hab alles gemacht, hier die Logfiles: Gruß, Thomas Code:
ATTFilter logfile of random's system information tool 1.08 2010-11-12 11:57:59
======Uninstall list======
-->"C:\Program Files (x86)\InstallShield Installation Information\{44B2A0AB-412E-4F8C-B058-D1E8AECCDFF5}\setup.exe" /z-uninstall
Acrobat.com-->MsiExec.exe /X{287ECFA4-719A-2143-A09B-D6A12DE54E40}
ActiveCheck component for HP Active Support Library-->MsiExec.exe /X{254C37AA-6B72-4300-84F6-98A82419187E}
Adobe AIR-->c:\Program Files (x86)\Common Files\Adobe AIR\Versions\1.0\Resources\Adobe AIR Updater.exe -arp:uninstall
Adobe AIR-->MsiExec.exe /I{A2BCA9F1-566C-4805-97D1-7FDC93386723}
Adobe Flash Player 10 Plugin-->C:\Windows\SysWOW64\Macromed\Flash\FlashUtil10i_Plugin.exe -maintain plugin
Adobe Reader 9.4.0 MUI-->MsiExec.exe /I{AC76BA86-7AD7-FFFF-7B44-A91000000001}
Adobe Shockwave Player-->MsiExec.exe /X{D8DFA46A-39F7-4368-810D-18AFCFDDAEAF}
AMD USB Filter Driver-->MsiExec.exe /X{987B04C4-B5AC-4AD6-A7E9-8D681085B850}
Audacity 1.2.6-->"C:\Program Files (x86)\Audacity\unins000.exe"
Avira AntiVir Personal - Free Antivirus-->C:\Program Files (x86)\Avira\AntiVir Desktop\setup.exe /REMOVE
Call of Duty(R) 4 - Modern Warfare(TM) 1.6 Patch-->C:\Program Files (x86)\InstallShield Installation Information\{8A15B7D9-908A-4EF9-BA84-5AEDE61743EE}\setup.exe -runfromtemp -l0x0409
Call of Duty(R) 4 - Modern Warfare(TM) 1.7 Patch-->C:\Program Files (x86)\InstallShield Installation Information\{931C37FC-594D-43A9-B10F-A2F2B1F03498}\setup.exe -runfromtemp -l0x0409
Call of Duty(R) 4 - Modern Warfare(TM)-->C:\Program Files (x86)\InstallShield Installation Information\{E48469CC-635E-4FD5-A122-1497C286D217}\setup.exe -runfromtemp -l0x0407
Catalyst Control Center - Branding-->MsiExec.exe /I{60FA1132-0486-41F9-B747-6D308C284D1C}
CyberLink DVD Suite-->"C:\Program Files (x86)\InstallShield Installation Information\{1FBF6C24-C1FD-4101-A42B-0C564F9E8E79}\Setup.exe" /z-uninstall
CyberLink DVD Suite-->"C:\Program Files (x86)\InstallShield Installation Information\{1FBF6C24-C1FD-4101-A42B-0C564F9E8E79}\Setup.exe" /z-uninstall
CyberLink PowerDVD 9-->"C:\Program Files (x86)\InstallShield Installation Information\{A8516AC9-AAF1-47F9-9766-03E2D4CDBCF8}\setup.exe" /z-uninstall
CyberLink PowerDVD 9-->"C:\Program Files (x86)\InstallShield Installation Information\{A8516AC9-AAF1-47F9-9766-03E2D4CDBCF8}\setup.exe" /z-uninstall
CyberLink YouCam-->"C:\Program Files (x86)\InstallShield Installation Information\{01FB4998-33C4-4431-85ED-079E3EEFE75D}\setup.exe" /z-uninstall
CyberLink YouCam-->"C:\Program Files (x86)\InstallShield Installation Information\{01FB4998-33C4-4431-85ED-079E3EEFE75D}\setup.exe" /z-uninstall
DivX-Setup-->C:\ProgramData\DivX\Setup\DivXSetup.exe /uninstall /bundleGroupId divx.com
ESU for Microsoft Windows 7-->MsiExec.exe /I{3877C901-7B90-4727-A639-B6ED2DD59D43}
Free Music Zilla-->"C:\Program Files (x86)\Free Music Zilla\unins000.exe"
HijackThis 2.0.2-->"C:\Program Files (x86)\Trend Micro\HijackThis\HijackThis.exe" /uninstall
HP Advisor-->MsiExec.exe /X{40FB8D7C-6FF8-4AF2-BC8B-0B1DB32AF04B}
HP Customer Experience Enhancements-->MsiExec.exe /X{07FA4960-B038-49EB-891B-9F95930AA544}
HP Power Plan Utility-->MsiExec.exe /I{F6B6A150-08FA-46D5-808A-EB638269551D}
HP Setup-->RunDll32 C:\PROGRA~2\COMMON~1\INSTAL~1\PROFES~1\RunTime\11\00\Intel32\Ctor.dll,LaunchSetup "C:\Program Files (x86)\InstallShield Installation Information\{E2831862-F131-4327-B9CC-FA30F587EB6C}\setup.exe" -l0x9 -removeonly
HP Software Framework-->MsiExec.exe /X{E8E660DD-3CF7-4143-B7BF-D44E9ACF2DC1}
HP Support Assistant-->"C:\Program Files (x86)\InstallShield Installation Information\{B60DCA15-56A3-4D2D-8747-22CF7D7B588B}\setup.exe" -runfromtemp -l0x0409 -removeonly
HP Update-->MsiExec.exe /X{D46D081B-F60E-467E-A7C4-117B70D76731}
HP User Guides 0211-->MsiExec.exe /X{F37935A0-AFC8-47F9-8B7D-D09E88FCA0B8}
HPAsset component for HP Active Support Library-->MsiExec.exe /X{669D4A35-146B-4314-89F1-1AC3D7B88367}
Java(TM) 6 Update 22-->MsiExec.exe /X{26A24AE4-039D-4CA4-87B4-2F83216021FF}
JDownloader-->C:\Program Files (x86)\JDownloader\uninstall.exe
LabelPrint-->"C:\Program Files (x86)\InstallShield Installation Information\{C59C179C-668D-49A9-B6EA-0121CCFC1243}\Setup.exe" /z-uninstall
LabelPrint-->"C:\Program Files (x86)\InstallShield Installation Information\{C59C179C-668D-49A9-B6EA-0121CCFC1243}\Setup.exe" /z-uninstall
LightScribe System Software-->MsiExec.exe /X{6AFDE3BE-BC01-45A4-9D06-BBF5AD207313}
Live 8.0.3-->C:\PROGRA~2\Ableton\LIVE80~1.3\Install\UNWISE.EXE C:\PROGRA~2\Ableton\LIVE80~1.3\Install\INSTALL.LOG
Malwarebytes' Anti-Malware-->"C:\Program Files (x86)\Malwarebytes' Anti-Malware\unins000.exe"
Microsoft Default Manager-->MsiExec.exe /X{61BEA823-ECAF-49F1-8378-A59B3B8AD247}
Microsoft Search Enhancement Pack-->MsiExec.exe /X{338DAD71-9CE7-4D63-B729-7E91C07A4D7D}
Microsoft Silverlight-->MsiExec.exe /X{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}
Microsoft Visual C++ 2005 Redistributable-->MsiExec.exe /X{7299052b-02a4-4627-81f2-1818da5d550d}
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17-->MsiExec.exe /X{9A25302D-30C0-39D9-BD6F-21E6EC160475}
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148-->MsiExec.exe /X{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}
Mozilla Firefox (3.6.8)-->C:\Program Files (x86)\Mozilla Firefox\uninstall\helper.exe
MSN Toolbar Platform-->MsiExec.exe /I{4123BE4D-C65C-467E-8071-232FB1FBF3B8}
PhotoNow!-->"C:\Program Files (x86)\InstallShield Installation Information\{D36DD326-7280-11D8-97C8-000129760CBE}\Setup.exe" /z-uninstall
PhotoNow!-->"C:\Program Files (x86)\InstallShield Installation Information\{D36DD326-7280-11D8-97C8-000129760CBE}\Setup.exe" /z-uninstall
Power2Go-->"C:\Program Files (x86)\InstallShield Installation Information\{40BF1E83-20EB-11D8-97C5-0009C5020658}\Setup.exe" /z-uninstall
Power2Go-->"C:\Program Files (x86)\InstallShield Installation Information\{40BF1E83-20EB-11D8-97C5-0009C5020658}\Setup.exe" /z-uninstall
PowerDirector-->"C:\Program Files (x86)\InstallShield Installation Information\{CB099890-1D5F-11D5-9EA9-0050BAE317E1}\Setup.exe" /z-uninstall
PowerDirector-->"C:\Program Files (x86)\InstallShield Installation Information\{CB099890-1D5F-11D5-9EA9-0050BAE317E1}\Setup.exe" /z-uninstall
Realtek Ethernet Controller Driver For Windows 7-->C:\Program Files (x86)\InstallShield Installation Information\{8833FFB6-5B0C-4764-81AA-06DFEED9A476}\setup.exe -runfromtemp -removeonly
Realtek High Definition Audio Driver-->RunDll32 C:\PROGRA~2\COMMON~1\INSTAL~1\PROFES~1\RunTime\11\50\Intel32\Ctor.dll,LaunchSetup "C:\Program Files (x86)\InstallShield Installation Information\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}\Setup.exe" -removeonly
Realtek USB 2.0 Card Reader-->"C:\Program Files (x86)\InstallShield Installation Information\{96AE7E41-E34E-47D0-AC07-1091A8127911}\setup.exe" -runfromtemp -l0x0007 -removeonly
Recovery Manager-->"C:\Program Files (x86)\InstallShield Installation Information\{44B2A0AB-412E-4F8C-B058-D1E8AECCDFF5}\setup.exe" /z-uninstall
Scratch Live 2.1.1 (21122)-->MsiExec.exe /I{6419476A-6230-4646-A2FE-C8860737F2A2}
Skype Toolbars-->MsiExec.exe /I{981029E0-7FC9-4CF3-AB39-6F133621921A}
Skype™ 4.2-->MsiExec.exe /X{D103C4BA-F905-437A-8049-DB24763BBE36}
SUPER © Version 2010.bld.38 (May 2, 2010)-->C:\PROGRA~2\ERIGHT~1\SUPER\Setup.exe /remove /q0
TagScanner 5.1 build 592-->"C:\Program Files (x86)\TagScanner\unins000.exe"
Torq Torq 1.5.2 (Build 009) - 8 July 2009-->"C:\Program Files (x86)\M-Audio\Torq\unins000.exe"
TubeBox!-->MsiExec.exe /I{8DB77BE4-629D-458D-BD68-9F36667C2177}
Uninstall 1.0.0.1-->"C:\Program Files (x86)\Common Files\DVDVideoSoft\unins000.exe"
VC80CRTRedist - 8.0.50727.4053-->MsiExec.exe /I{5EE7D259-D137-4438-9A5F-42F432EC0421}
VLC media player 1.1.4-->C:\Program Files (x86)\VideoLAN\VLC\uninstall.exe
Vodafone Mobile Connect Lite-->MsiExec.exe /X{B5761811-28F3-4257-B537-815C5EEF472C}
Windows Media Player Firefox Plugin-->MsiExec.exe /I{69FDFBB6-351D-4B8C-89D8-867DC9D0A2A4}
WinRAR Archivierer-->C:\Program Files (x86)\WinRAR\uninstall.exe
======System event log======
Computer Name: TomMorris-PC
Event Code: 10009
Message: DCOM konnte mit dem Computer "WIN-GRPG2DQ76BN" unter Verwendung eines beliebigen, konfigurierten Protokolls keine Daten austauschen.
Record Number: 2581
Source Name: Microsoft-Windows-DistributedCOM
Time Written: 20100807154512.000000-000
Event Type: Fehler
User:
Computer Name: TomMorris-PC
Event Code: 7036
Message: Dienst "Telefonie" befindet sich jetzt im Status "Ausgeführt".
Record Number: 2580
Source Name: Service Control Manager
Time Written: 20100807154506.027955-000
Event Type: Informationen
User:
Computer Name: TomMorris-PC
Event Code: 10009
Message: DCOM konnte mit dem Computer "WIN-GRPG2DQ76BN" unter Verwendung eines beliebigen, konfigurierten Protokolls keine Daten austauschen.
Record Number: 2579
Source Name: Microsoft-Windows-DistributedCOM
Time Written: 20100807154507.000000-000
Event Type: Fehler
User:
Computer Name: TomMorris-PC
Event Code: 10009
Message: DCOM konnte mit dem Computer "WIN-GRPG2DQ76BN" unter Verwendung eines beliebigen, konfigurierten Protokolls keine Daten austauschen.
Record Number: 2578
Source Name: Microsoft-Windows-DistributedCOM
Time Written: 20100807154500.000000-000
Event Type: Fehler
User:
Computer Name: TomMorris-PC
Event Code: 104
Message: Die Protokolldatei "System" wurde gelöscht.
Record Number: 2577
Source Name: Microsoft-Windows-Eventlog
Time Written: 20100807154500.521145-000
Event Type: Informationen
User: TomMorris-PC\Tom Morris
=====Application event log=====
Computer Name: TomMorris-PC
Event Code: 0
Message: Requires:C:\Program Files (x86)\Hewlett-Packard\HP Setup
Record Number: 1277
Source Name: HP Total Care Setup Updater
Time Written: 20100807154515.000000-000
Event Type: Informationen
User:
Computer Name: TomMorris-PC
Event Code: 0
Message: Expanded Env:CORESYSTEMPATH
Record Number: 1276
Source Name: HP Total Care Setup Updater
Time Written: 20100807154515.000000-000
Event Type: Informationen
User:
Computer Name: TomMorris-PC
Event Code: 0
Message: Current:C:\ProgramData\Hewlett-Packard\HP Setup
Record Number: 1275
Source Name: HP Total Care Setup Updater
Time Written: 20100807154515.000000-000
Event Type: Informationen
User:
Computer Name: TomMorris-PC
Event Code: 0
Message: Requires:C:\ProgramData\Hewlett-Packard\HP Setup
Record Number: 1274
Source Name: HP Total Care Setup Updater
Time Written: 20100807154515.000000-000
Event Type: Informationen
User:
Computer Name: TomMorris-PC
Event Code: 0
Message: Expanded Env:COREALLUSERPATH
Record Number: 1273
Source Name: HP Total Care Setup Updater
Time Written: 20100807154515.000000-000
Event Type: Informationen
User:
=====Security event log=====
Computer Name: TomMorris-PC
Event Code: 4648
Message: Anmeldeversuch mit expliziten Anmeldeinformationen.
Antragsteller:
Sicherheits-ID: S-1-5-18
Kontoname: WIN-GRPG2DQ76BN$
Kontodomäne: WORKGROUP
Anmelde-ID: 0x3e7
Anmelde-GUID: {00000000-0000-0000-0000-000000000000}
Konto, dessen Anmeldeinformationen verwendet wurden:
Kontoname: Tom Morris
Kontodomäne: TomMorris-PC
Anmelde-GUID: {00000000-0000-0000-0000-000000000000}
Zielserver:
Zielservername: localhost
Weitere Informationen: localhost
Prozessinformationen:
Prozess-ID: 0x1d8
Prozessname: C:\Windows\System32\winlogon.exe
Netzwerkinformationen:
Netzwerkadresse: 127.0.0.1
Port: 0
Dieses Ereignis wird bei einem Anmeldeversuch durch einen Prozess generiert, wenn ausdrücklich die Anmeldeinformationen des Kontos angegeben werden. Dies ist normalerweise der Fall in Batch-Konfigurationen, z. B. bei geplanten Aufgaben oder wenn der Befehl "runas" verwendet wird.
Record Number: 524
Source Name: Microsoft-Windows-Security-Auditing
Time Written: 20100807155651.470187-000
Event Type: Überwachung erfolgreich
User:
Computer Name: TomMorris-PC
Event Code: 6406
Message: "NORTON FIREWALL PROVIDER" wurde in der Windows-Firewall registriert, um die Filterung nach Folgendem zu steuern:
BootTimeRuleCategory, StealthRuleCategory, FirewallRuleCategory.
Record Number: 523
Source Name: Microsoft-Windows-Security-Auditing
Time Written: 20100807155224.418321-000
Event Type: Überwachung erfolgreich
User:
Computer Name: TomMorris-PC
Event Code: 4905
Message: Es wurde versucht, die Registrierung einer Sicherheitsereignisquelle aufzuheben.
Antragsteller:
Sicherheits-ID: S-1-5-18
Kontoname: WIN-GRPG2DQ76BN$
Kontodomäne: WORKGROUP
Anmelde-ID: 0x3e7
Prozess:
Prozess-ID: 0x5fc
Prozessname: C:\Windows\System32\VSSVC.exe
Ereignisquelle:
Quellenname: VSSAudit
Ereignisquellen-ID: 0xb1f56
Record Number: 522
Source Name: Microsoft-Windows-Security-Auditing
Time Written: 20100807154505.669154-000
Event Type: Überwachung erfolgreich
User:
Computer Name: TomMorris-PC
Event Code: 4904
Message: Es wurde versucht, eine Sicherheitsereignisquelle zu registrieren.
Antragsteller:
Sicherheits-ID: S-1-5-18
Kontoname: WIN-GRPG2DQ76BN$
Kontodomäne: WORKGROUP
Anmelde-ID: 0x3e7
Prozess:
Prozess-ID: 0x5fc
Prozessname: C:\Windows\System32\VSSVC.exe
Ereignisquelle:
Quellenname: VSSAudit
Ereignisquellen-ID: 0xb1f56
Record Number: 521
Source Name: Microsoft-Windows-Security-Auditing
Time Written: 20100807154505.669154-000
Event Type: Überwachung erfolgreich
User:
Computer Name: TomMorris-PC
Event Code: 1102
Message: Das Überwachungsprotokoll wurde gelöscht.
Subjekt:
Sicherheits-ID: S-1-5-21-1780871363-3919826489-3868904709-1000
Kontoname: Tom Morris
Domänenname: TomMorris-PC
Anmelde-ID: 0x6c30f
Record Number: 520
Source Name: Microsoft-Windows-Eventlog
Time Written: 20100807154501.285547-000
Event Type: Überwachung erfolgreich
User:
======Environment variables======
"ComSpec"=%SystemRoot%\system32\cmd.exe
"FP_NO_HOST_CHECK"=NO
"OS"=Windows_NT
"Path"=%SystemRoot%\system32;%SystemRoot%;%SystemRoot%\System32\Wbem;%SYSTEMROOT%\System32\WindowsPowerShell\v1.0\;C:\Program Files\Broadcom\Broadcom 802.11\Driver;C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static
"PATHEXT"=.COM;.EXE;.BAT;.CMD;.VBS;.VBE;.JS;.JSE;.WSF;.WSH;.MSC
"PROCESSOR_ARCHITECTURE"=AMD64
"TEMP"=%SystemRoot%\TEMP
"TMP"=%SystemRoot%\TEMP
"USERNAME"=SYSTEM
"windir"=%SystemRoot%
"PSModulePath"=%SystemRoot%\system32\WindowsPowerShell\v1.0\Modules\
"NUMBER_OF_PROCESSORS"=2
"PROCESSOR_LEVEL"=16
"PROCESSOR_IDENTIFIER"=AMD64 Family 16 Model 6 Stepping 3, AuthenticAMD
"PROCESSOR_REVISION"=0603
"OnlineServices"=Online Services
"Platform"=MCD
"PCBRAND"=Pavilion
-----------------EOF-----------------
RSIT Logfile: Code:
ATTFilter Logfile of random's system information tool 1.08 (written by random/random)
Run by Tom Morris at 2010-11-12 11:57:58
Microsoft Windows 7 Home Premium
System drive C: has 172 GB (37%) free of 462 GB
Total RAM: 4091 MB (71% free)
HijackThis download failed
======Scheduled tasks folder======
C:\Windows\tasks\HPCeeScheduleForTom Morris.job
C:\Windows\tasks\Install_NSS.job
======Registry dump======
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{18DF081C-E8AD-4283-A596-FA578C2EBDC3}]
Adobe PDF Link Helper - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll [2010-09-23 75200]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{6EBF7485-159F-4bff-A14F-B9E3AAC4465B}]
Search Helper - C:\Program Files (x86)\Microsoft\Search Enhancement Pack\Search Helper\SEPsearchhelperie.dll [2009-11-19 138624]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{AE805869-2E5C-4ED4-8F7B-F1F7851A4497}]
Skype add-on for Internet Explorer - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll [2010-02-08 804136]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{d2ce3e00-f94a-4740-988e-03dc2f38c34f}]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{DBC80044-A445-435b-BC74-9C25C1C588A9}]
Java(tm) Plug-In 2 SSV Helper - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll [2010-09-15 41760]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
{8dcb7100-df86-4384-8842-8fa844297b3f}
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
"StartCCC"=C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe [2010-03-29 98304]
"Microsoft Default Manager"=C:\Program Files (x86)\Microsoft\Search Enhancement Pack\Default Manager\DefMgr.exe [2009-07-17 288080]
"Adobe ARM"=C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [2010-09-21 932288]
"Adobe Reader Speed Launcher"=C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe [2010-09-23 35760]
"HP Software Update"=C:\Program Files (x86)\Hp\HP Software Update\HPWuSchd2.exe [2008-12-08 54576]
""= []
"DivXUpdate"=C:\Program Files (x86)\DivX\DivX Update\DivXUpdate.exe [2010-09-01 1164584]
"avgnt"=C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe [2010-11-02 281768]
"SunJavaUpdateSched"=C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [2010-05-14 248552]
[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
"LightScribe Control Panel"=C:\Program Files (x86)\Common Files\LightScribe\LightScribeControlPanel.exe [2010-02-22 2363392]
"ISUSPM"=C:\ProgramData\Macrovision\FLEXnet Connect\6\ISUSPM.exe [2007-03-29 222128]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad]
WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED}
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\securityproviders]
"SecurityProviders"=credssp.dll
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\!SASCORE]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\!SASCORE]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\AFD]
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System]
"ConsentPromptBehaviorAdmin"=5
"ConsentPromptBehaviorUser"=3
"EnableUIADesktopToggle"=0
"dontdisplaylastusername"=0
"legalnoticecaption"=
"legalnoticetext"=
"shutdownwithoutlogon"=1
"undockwithoutlogon"=1
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"NoActiveDesktop"=1
"NoActiveDesktopChanges"=1
"ForceActiveDesktopOn"=0
"EnableShellExecuteHooks"=1
[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]
"C:\Program Files (x86)\Free Music Zilla\FMZilla.exe"="C:\Program Files (x86)\Free Music Zilla\FMZilla.exe:*:Enabled:FMZilla"
[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]
======File associations======
.js - edit - C:\Windows\System32\Notepad.exe %1
.js - open - C:\Windows\System32\WScript.exe "%1" %*
======List of files/folders created in the last 1 months======
2010-11-12 11:57:58 ----D---- C:\rsit
2010-11-12 03:13:58 ----D---- C:\Program Files (x86)\Trend Micro
2010-11-12 01:17:19 ----D---- C:\ProgramData\SUPERAntiSpyware.com
2010-11-12 01:17:14 ----D---- C:\ProgramData\!SASCORE
2010-11-11 03:53:49 ----D---- C:\Program Files (x86)\Synth1
2010-11-11 03:47:54 ----D---- C:\Windows\Sun
2010-11-11 00:48:33 ----D---- C:\Users\Tom Morris\AppData\Roaming\Malwarebytes
2010-11-11 00:48:27 ----A---- C:\Windows\SysWOW64\drivers\mbamswissarmy.sys
2010-11-11 00:48:25 ----D---- C:\ProgramData\Malwarebytes
2010-11-11 00:48:25 ----D---- C:\Program Files (x86)\Malwarebytes' Anti-Malware
2010-11-07 16:01:19 ----A---- C:\Windows\SysWOW64\javaws.exe
2010-11-07 16:01:19 ----A---- C:\Windows\SysWOW64\javaw.exe
2010-11-07 16:01:19 ----A---- C:\Windows\SysWOW64\java.exe
2010-10-31 06:34:08 ----D---- C:\Program Files (x86)\Ableton Plugins
2010-10-28 16:06:45 ----D---- C:\Users\Tom Morris\AppData\Roaming\FMZilla
2010-10-28 16:06:37 ----D---- C:\Program Files (x86)\Free Music Zilla
2010-10-27 09:53:56 ----A---- C:\Windows\SysWOW64\CPFilters.dll
2010-10-25 22:26:58 ----A---- C:\Windows\SysWOW64\XAudio2_1.dll
2010-10-25 22:26:58 ----A---- C:\Windows\SysWOW64\XAPOFX1_0.dll
2010-10-25 22:26:57 ----A---- C:\Windows\SysWOW64\xactengine3_1.dll
2010-10-25 22:26:57 ----A---- C:\Windows\SysWOW64\X3DAudio1_4.dll
2010-10-25 22:26:57 ----A---- C:\Windows\SysWOW64\D3DX9_38.dll
2010-10-25 22:26:57 ----A---- C:\Windows\SysWOW64\d3dx10_38.dll
2010-10-25 22:26:57 ----A---- C:\Windows\SysWOW64\D3DCompiler_38.dll
2010-10-25 22:26:56 ----A---- C:\Windows\SysWOW64\XAudio2_0.dll
2010-10-25 22:26:56 ----A---- C:\Windows\SysWOW64\xactengine3_0.dll
2010-10-25 22:26:56 ----A---- C:\Windows\SysWOW64\X3DAudio1_3.dll
2010-10-25 22:26:56 ----A---- C:\Windows\SysWOW64\d3dx10_37.dll
2010-10-25 22:26:56 ----A---- C:\Windows\SysWOW64\D3DCompiler_37.dll
2010-10-25 22:26:55 ----A---- C:\Windows\SysWOW64\xactengine2_10.dll
2010-10-25 22:26:55 ----A---- C:\Windows\SysWOW64\D3DX9_37.dll
2010-10-25 22:26:55 ----A---- C:\Windows\SysWOW64\d3dx10_36.dll
2010-10-25 22:26:55 ----A---- C:\Windows\SysWOW64\D3DCompiler_36.dll
2010-10-25 22:26:54 ----A---- C:\Windows\SysWOW64\xactengine2_9.dll
2010-10-25 22:26:54 ----A---- C:\Windows\SysWOW64\d3dx9_36.dll
2010-10-25 22:26:54 ----A---- C:\Windows\SysWOW64\d3dx10_35.dll
2010-10-25 22:26:54 ----A---- C:\Windows\SysWOW64\D3DCompiler_35.dll
2010-10-25 22:26:53 ----A---- C:\Windows\SysWOW64\xactengine2_8.dll
2010-10-25 22:26:53 ----A---- C:\Windows\SysWOW64\X3DAudio1_2.dll
2010-10-25 22:26:53 ----A---- C:\Windows\SysWOW64\d3dx9_35.dll
2010-10-25 02:08:22 ----D---- C:\Program Files (x86)\Serato
2010-10-14 02:08:55 ----A---- C:\Windows\SysWOW64\mshtml.dll
2010-10-14 02:08:55 ----A---- C:\Windows\SysWOW64\iertutil.dll
2010-10-14 02:08:54 ----A---- C:\Windows\SysWOW64\urlmon.dll
2010-10-14 02:08:54 ----A---- C:\Windows\SysWOW64\msfeeds.dll
2010-10-14 02:08:54 ----A---- C:\Windows\SysWOW64\licmgr10.dll
2010-10-14 02:08:54 ----A---- C:\Windows\SysWOW64\ieframe.dll
2010-10-14 02:08:53 ----A---- C:\Windows\SysWOW64\wininet.dll
2010-10-14 02:08:53 ----A---- C:\Windows\SysWOW64\mstime.dll
2010-10-14 02:08:53 ----A---- C:\Windows\SysWOW64\mshtmled.dll
2010-10-14 02:08:53 ----A---- C:\Windows\SysWOW64\msfeedssync.exe
2010-10-14 02:08:53 ----A---- C:\Windows\SysWOW64\msfeedsbs.dll
2010-10-14 02:08:53 ----A---- C:\Windows\SysWOW64\jsproxy.dll
2010-10-14 02:08:53 ----A---- C:\Windows\SysWOW64\ieui.dll
2010-10-14 02:08:53 ----A---- C:\Windows\SysWOW64\iepeers.dll
2010-10-14 02:08:53 ----A---- C:\Windows\SysWOW64\iedkcs32.dll
2010-10-14 02:08:36 ----A---- C:\Windows\SysWOW64\wmp.dll
2010-10-14 02:08:35 ----A---- C:\Windows\SysWOW64\wmploc.DLL
2010-10-14 02:07:34 ----A---- C:\Windows\SysWOW64\mfc40.dll
2010-10-14 02:07:33 ----A---- C:\Windows\SysWOW64\mfc40u.dll
2010-10-14 02:00:32 ----A---- C:\Windows\SysWOW64\ole32.dll
2010-10-14 02:00:05 ----A---- C:\Windows\SysWOW64\wmpmde.dll
2010-10-14 01:33:52 ----A---- C:\Windows\SysWOW64\comctl32.dll
2010-10-14 01:19:58 ----A---- C:\Windows\SysWOW64\sscore.dll
2010-10-14 01:13:19 ----A---- C:\Windows\SysWOW64\t2embed.dll
2010-10-14 01:12:46 ----A---- C:\Windows\SysWOW64\StructuredQuery.dll
2010-10-14 01:12:38 ----A---- C:\Windows\SysWOW64\schannel.dll
======List of files/folders modified in the last 1 months======
2010-11-12 11:57:56 ----D---- C:\Windows\Temp
2010-11-12 11:49:38 ----D---- C:\Windows\System32
2010-11-12 11:49:38 ----D---- C:\Windows\inf
2010-11-12 11:45:28 ----D---- C:\Windows
2010-11-12 03:13:58 ----D---- C:\Program Files (x86)
2010-11-12 02:57:51 ----SHD---- C:\Windows\Installer
2010-11-12 02:57:51 ----D---- C:\Program Files (x86)\Activision
2010-11-12 02:57:31 ----SHD---- C:\System Volume Information
2010-11-12 02:56:10 ----RD---- C:\Program Files
2010-11-12 01:17:19 ----D---- C:\ProgramData
2010-11-12 01:05:18 ----D---- C:\Windows\debug
2010-11-12 00:47:26 ----D---- C:\Windows\Tasks
2010-11-12 00:01:48 ----D---- C:\Windows\SysWOW64
2010-11-11 23:45:48 ----D---- C:\Users\Tom Morris\AppData\Roaming\Ableton
2010-11-11 14:59:59 ----D---- C:\Program Files (x86)\JDownloader
2010-11-11 08:56:27 ----D---- C:\Windows\Prefetch
2010-11-11 02:29:44 ----D---- C:\Program Files (x86)\Ableton
2010-11-11 00:48:27 ----D---- C:\Windows\SysWOW64\drivers
2010-11-07 16:01:05 ----D---- C:\Program Files (x86)\Java
2010-10-31 04:50:18 ----D---- C:\Users\Tom Morris\AppData\Roaming\dvdcss
2010-10-29 22:43:47 ----D---- C:\Windows\rescache
2010-10-28 15:53:13 ----D---- C:\Users\Tom Morris\AppData\Roaming\Orbit
2010-10-28 02:00:46 ----D---- C:\Windows\winsxs
2010-10-28 02:00:40 ----D---- C:\Windows\AppPatch
2010-10-28 00:32:40 ----D---- C:\Windows\Microsoft.NET
2010-10-28 00:32:19 ----RSD---- C:\Windows\assembly
2010-10-27 18:05:26 ----D---- C:\Windows\ehome
2010-10-25 22:25:16 ----D---- C:\Windows\Logs
2010-10-25 22:25:11 ----HD---- C:\Program Files (x86)\InstallShield Installation Information
2010-10-25 02:07:14 ----D---- C:\Windows\Downloaded Installations
2010-10-15 02:18:30 ----D---- C:\Windows\SysWOW64\migration
2010-10-15 02:18:30 ----D---- C:\Program Files (x86)\Internet Explorer
2010-10-15 02:18:29 ----D---- C:\Program Files (x86)\Windows Media Player
======List of drivers (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======
R0 AtiPcie;AMD PCI Express (3GIO) Filter; C:\Windows\system32\DRIVERS\AtiPcie.sys []
R0 rdyboost;ReadyBoost; C:\Windows\System32\drivers\rdyboost.sys []
R1 avipbb;avipbb; C:\Windows\system32\DRIVERS\avipbb.sys []
R1 vwififlt;Virtual WiFi Filter Driver; C:\Windows\system32\DRIVERS\vwififlt.sys []
R2 avgntflt;avgntflt; C:\Windows\system32\DRIVERS\avgntflt.sys []
R3 amdkmdag;amdkmdag; C:\Windows\system32\DRIVERS\atipmdag.sys []
R3 amdkmdap;amdkmdap; C:\Windows\system32\DRIVERS\atikmpag.sys []
R3 AtiHdmiService;ATI Function Driver for High Definition Audio Service; C:\Windows\system32\drivers\AtiHdmi.sys []
R3 BCM43XX;Treiber für Broadcom 802.11-Netzwerkadapter; C:\Windows\system32\DRIVERS\bcmwl664.sys []
R3 IntcAzAudAddService;Service for Realtek HD Audio (WDM); C:\Windows\system32\drivers\RTKVHD64.sys []
R3 RTL8167;Realtek 8167 NT Driver; C:\Windows\system32\DRIVERS\Rt64win7.sys []
R3 SynTP;Synaptics TouchPad Driver; C:\Windows\system32\DRIVERS\SynTP.sys []
R3 usbfilter;AMD USB Filter Driver; C:\Windows\system32\DRIVERS\usbfilter.sys []
R3 vwifimp;Microsoft Virtual WiFi Miniport Service; C:\Windows\system32\DRIVERS\vwifimp.sys []
S3 BthEnum;Bluetooth-Auflistungsdienst; C:\Windows\system32\DRIVERS\BthEnum.sys []
S3 BthPan;Bluetooth-Gerät (PAN); C:\Windows\system32\DRIVERS\bthpan.sys []
S3 BTHPORT;Bluetooth-Porttreiber; C:\Windows\System32\Drivers\BTHport.sys []
S3 BTHUSB;USB-Treiber für Bluetooth-Funkgerät; C:\Windows\System32\Drivers\BTHUSB.sys []
S3 hwdatacard;Huawei DataCard USB Modem and USB Serial; C:\Windows\system32\DRIVERS\ewusbmdm.sys []
S3 igfx;igfx; C:\Windows\system32\DRIVERS\igdkmd64.sys []
S3 MADFUCONECTIV;Service for M-Audio Conectiv DFU; C:\Windows\system32\DRIVERS\MAudioConectiv_DFU.sys []
S3 MAUSBCONECTIV;Service for M-Audio Conectiv; C:\Windows\system32\DRIVERS\MAudioConectiv.sys []
S3 netr28x;Ralink 802.11n-Drahtlostreiber für Windows Vista; C:\Windows\system32\DRIVERS\netr28x.sys []
S3 netw5v64;Intel(R) Wireless WiFi Link 5000 Series Adapter Driver for Windows Vista 64 Bit; C:\Windows\system32\DRIVERS\netw5v64.sys []
S3 pciide;pciide; C:\Windows\system32\DRIVERS\pciide.sys []
S3 RFCOMM;Bluetooth-Gerät (RFCOMM-Protokoll-TDI); C:\Windows\system32\DRIVERS\rfcomm.sys []
S3 RSUSBSTOR;RtsUStor.Sys Realtek USB Card Reader; C:\Windows\System32\Drivers\RtsUStor.sys [2009-09-23 225280]
S3 sdbus;sdbus; C:\Windows\system32\DRIVERS\sdbus.sys []
S3 SL3;SL3 Driver; C:\Windows\System32\Drivers\Sl3.sys []
S3 SrvHsfHDA;SrvHsfHDA; C:\Windows\system32\DRIVERS\VSTAZL6.SYS []
S3 SrvHsfV92;SrvHsfV92; C:\Windows\system32\DRIVERS\VSTDPV6.SYS []
S3 SrvHsfWinac;SrvHsfWinac; C:\Windows\system32\DRIVERS\VSTCNXT6.SYS []
S3 usb_rndisx;USB-RNDIS-Adapter; C:\Windows\system32\DRIVERS\usb8023x.sys []
======List of services (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======
R2 AERTFilters;Andrea RT Filters Service; C:\Program Files\Realtek\Audio\HDA\AERTSr64.exe [2009-11-18 98208]
R2 AMD External Events Utility;AMD External Events Utility; C:\Windows\system32\atiesrxx.exe []
R2 AntiVirSchedulerService;Avira AntiVir Planer; C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe [2010-11-02 135336]
R2 AntiVirService;Avira AntiVir Guard; C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe [2010-11-02 267944]
R2 ezSharedSvc;Easybits Services for Windows; C:\Windows\System32\ezSharedSvcHost.exe [2010-01-25 514232]
R2 HP Health Check Service;HP Health Check Service; C:\Program Files (x86)\Hewlett-Packard\HP Health Check\hphc_service.exe [2010-03-24 121344]
R2 HP Wireless Assistant Service;HP Wireless Assistant Service; C:\Program Files\Hewlett-Packard\HP Wireless Assistant\HPWA_Service.exe [2010-01-27 102968]
R2 HPDrvMntSvc.exe;HP Quick Synchronization Service; C:\Program Files (x86)\Hewlett-Packard\Shared\HPDrvMntSvc.exe [2010-07-23 92216]
R2 HPWMISVC;HPWMISVC; C:\Program Files\Hewlett-Packard\HP Quick Launch\HPWMISVC.exe [2010-01-18 20480]
R2 LightScribeService;LightScribeService Direct Disc Labeling Service; C:\Program Files (x86)\Common Files\LightScribe\LSSrvc.exe [2010-02-22 73728]
R2 RapiMgr;@%windir%\WindowsMobile\rapimgr.dll,-104; C:\Windows\system32\svchost.exe [2009-07-14 20992]
R2 SeaPort;SeaPort; C:\Program Files (x86)\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe [2009-11-19 242048]
R2 WcesComm;@%windir%\WindowsMobile\wcescomm.dll,-40079; C:\Windows\system32\svchost.exe [2009-07-14 20992]
R3 hpqwmiex;HP Software Framework Service; C:\Program Files (x86)\Hewlett-Packard\Shared\hpqwmiex.exe [2010-07-23 703032]
S2 !SASCORE;SAS Core Service; C:\Program Files\SUPERAntiSpyware\SASCORE64.EXE []
S3 IDriverT;InstallDriver Table Manager; C:\Program Files (x86)\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe [2004-10-22 73728]
-----------------EOF-----------------
Code:
ATTFilter $$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$
º º
hjtscanlist v2.0
º º
$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$
Microsoft Windows [Version 6.1.7600]
C:
12.11.2010 11:58 C:\rsit --------- 0
12.11.2010 11:45 C:\Windows --------- 16384
C:\pagefile.sys ---------
C:\hiberfil.sys ---------
12.11.2010 03:13 C:\Program Files (x86) --------- 20480
12.11.2010 02:57 C:\System Volume Information --------- 16384
12.11.2010 02:56 C:\Program Files --------- 8192
12.11.2010 01:17 C:\ProgramData --------- 12288
12.10.2010 16:31 C:\Downloads --------- 0
22.09.2010 22:11 C:\SwSetup --------- 12288
12.08.2010 15:08 C:\$Recycle.Bin --------- 4096
12.08.2010 14:17 C:\PFiles --------- 0
07.08.2010 16:44 C:\SYSTEM.SAV --------- 0
07.08.2010 16:44 C:\Recovery --------- 0
07.08.2010 16:44 C:\Users --------- 4096
07.08.2010 16:43 C:\Programme --------- 0
07.08.2010 16:43 C:\Dokumente und Einstellungen --------- 0
07.07.2010 05:12 C:\HP --------- 0
18.05.2010 08:54 C:\boot --------- 0
14.07.2009 06:08 C:\Documents and Settings --------- 0
14.07.2009 04:20 C:\PerfLogs --------- 0
14.07.2009 02:38 C:\bootmgr --------- 383562
----------------------------------------
C:\Windows
12.11.2010 12:03 C:\Windows\WindowsUpdate.log --------- 1235609
12.11.2010 11:45 C:\Windows\setupact.log --------- 56
12.11.2010 11:45 C:\Windows\setuperr.log --------- 0
12.11.2010 11:45 C:\Windows\bootstat.dat --------- 67584
12.11.2010 11:45 C:\Windows\PFRO.log --------- 348
24.08.2010 11:05 C:\Windows\winamp.ini --------- 84
12.08.2010 18:30 C:\Windows\game.ini --------- 331
07.07.2010 14:49 C:\Windows\CSUP.txt --------- 12
07.07.2010 05:01 C:\Windows\ativpsrm.bin --------- 0
18.05.2010 05:01 C:\Windows\explorer.exe --------- 2870272
02.03.2010 23:57 C:\Windows\atiogl.xml --------- 20692
26.02.2010 20:20 C:\Windows\RtlExUpd.dll --------- 1247776
09.02.2010 17:58 C:\Windows\LPRES.DLL --------- 12800
14.07.2009 06:09 C:\Windows\win.ini --------- 403
14.07.2009 05:54 C:\Windows\WindowsShell.Manifest --------- 749
14.07.2009 02:39 C:\Windows\write.exe --------- 10240
14.07.2009 02:39 C:\Windows\splwow64.exe --------- 61952
14.07.2009 02:39 C:\Windows\regedit.exe --------- 427008
14.07.2009 02:39 C:\Windows\notepad.exe --------- 193536
14.07.2009 02:39 C:\Windows\hh.exe --------- 16896
14.07.2009 02:39 C:\Windows\HelpPane.exe --------- 733696
14.07.2009 02:39 C:\Windows\fveupdate.exe --------- 15360
14.07.2009 02:38 C:\Windows\bfsvc.exe --------- 71168
14.07.2009 02:16 C:\Windows\twain_32.dll --------- 51200
14.07.2009 02:14 C:\Windows\winhlp32.exe --------- 9728
14.07.2009 02:14 C:\Windows\twunk_32.exe --------- 31232
14.07.2009 00:06 C:\Windows\mib.bin --------- 43131
10.06.2009 22:41 C:\Windows\twunk_16.exe --------- 49680
10.06.2009 22:41 C:\Windows\twain.dll --------- 94784
10.06.2009 22:08 C:\Windows\system.ini --------- 219
10.06.2009 21:52 C:\Windows\WMSysPr9.prx --------- 316640
10.06.2009 21:36 C:\Windows\msdfmap.ini --------- 1405
10.06.2009 21:31 C:\Windows\Starter.xml --------- 48201
10.06.2009 21:30 C:\Windows\HomePremium.xml --------- 48265
10.06.2009 21:30 C:\Windows\HomeBasic.xml --------- 48223
----------------------------------------
C:\Windows\System
----------------------------------------
C:\Windows\System32
12.11.2010 11:58 C:\Windows\system32\config --------- 16384
12.11.2010 11:52 C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0 --------- 23024
12.11.2010 11:52 C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0 --------- 23024
12.11.2010 11:49 C:\Windows\system32\perfh009.dat --------- 607190
12.11.2010 11:49 C:\Windows\system32\perfc009.dat --------- 103568
12.11.2010 11:49 C:\Windows\system32\perfh007.dat --------- 643866
12.11.2010 11:49 C:\Windows\system32\perfc007.dat --------- 126394
12.11.2010 11:49 C:\Windows\system32\PerfStringBackup.INI --------- 1472002
12.11.2010 00:47 C:\Windows\system32\Tasks --------- 4096
10.11.2010 23:20 C:\Windows\system32\catroot2 --------- 20480
10.11.2010 03:00 C:\Windows\system32\MRT.exe --------- 37628360
02.11.2010 14:52 C:\Windows\system32\catroot --------- 4096
29.10.2010 16:53 C:\Windows\system32\drivers --------- 65536
19.10.2010 10:41 C:\Windows\system32\MpSigStub.exe --------- 270720
18.10.2010 14:32 C:\Windows\system32\NDF --------- 0
15.10.2010 02:19 C:\Windows\system32\FNTCACHE.DAT --------- 334264
15.10.2010 02:18 C:\Windows\system32\migration --------- 0
09.10.2010 10:07 C:\Windows\system32\DriverStore --------- 4096
30.09.2010 02:16 C:\Windows\system32\de-DE --------- 262144
08.09.2010 06:36 C:\Windows\system32\wininet.dll --------- 1192960
08.09.2010 06:36 C:\Windows\system32\urlmon.dll --------- 1495040
08.09.2010 06:35 C:\Windows\system32\mstime.dll --------- 1026048
08.09.2010 06:35 C:\Windows\system32\mshtmled.dll --------- 97280
08.09.2010 06:35 C:\Windows\system32\mshtml.dll --------- 9296384
08.09.2010 06:35 C:\Windows\system32\msfeedsbs.dll --------- 82944
08.09.2010 06:35 C:\Windows\system32\msfeeds.dll --------- 702976
08.09.2010 06:34 C:\Windows\system32\licmgr10.dll --------- 57856
08.09.2010 06:34 C:\Windows\system32\jsproxy.dll --------- 64512
08.09.2010 06:34 C:\Windows\system32\ieui.dll --------- 247808
08.09.2010 06:34 C:\Windows\system32\iertutil.dll --------- 2441216
08.09.2010 06:34 C:\Windows\system32\iepeers.dll --------- 256000
08.09.2010 06:34 C:\Windows\system32\ieframe.dll --------- 12369408
08.09.2010 06:34 C:\Windows\system32\iedkcs32.dll --------- 445952
08.09.2010 06:31 C:\Windows\system32\msfeedssync.exe --------- 12288
08.09.2010 05:16 C:\Windows\system32\html.iec --------- 482816
08.09.2010 04:35 C:\Windows\system32\mshtml.tlb --------- 1638912
05.09.2010 14:21 C:\Windows\system32\LogFiles --------- 4096
01.09.2010 06:21 C:\Windows\system32\wmp.dll --------- 14627840
01.09.2010 06:12 C:\Windows\system32\wmploc.DLL --------- 12625920
01.09.2010 03:58 C:\Windows\system32\win32k.sys --------- 3123712
27.08.2010 07:14 C:\Windows\system32\srvsvc.dll --------- 236032
26.08.2010 06:27 C:\Windows\system32\t2embed.dll --------- 148992
21.08.2010 07:38 C:\Windows\system32\wmpmde.dll --------- 1024512
21.08.2010 07:36 C:\Windows\system32\schannel.dll --------- 340992
21.08.2010 07:31 C:\Windows\system32\comctl32.dll --------- 633856
21.08.2010 07:29 C:\Windows\system32\spoolsv.exe --------- 558592
12.08.2010 21:45 C:\Windows\system32\wdi --------- 4096
07.08.2010 16:44 C:\Windows\system32\restore --------- 0
07.08.2010 16:44 C:\Windows\system32\Recovery --------- 0
07.08.2010 14:43 C:\Windows\system32\license.rtf --------- 52870
04.08.2010 08:07 C:\Windows\system32\CPFilters.dll --------- 961024
04.08.2010 08:07 C:\Windows\system32\msdri.dll --------- 552960
04.08.2010 08:05 C:\Windows\system32\mpg2splt.ax --------- 258560
04.08.2010 08:05 C:\Windows\system32\MSNP.ax --------- 288256
27.07.2010 15:59 C:\Windows\system32\shell32.dll --------- 14162944
07.07.2010 14:50 C:\Windows\system32\psisdecd.dll --------- 613888
07.07.2010 14:48 C:\Windows\system32\wbem --------- 65536
07.07.2010 05:23 C:\Windows\system32\sysprep --------- 0
07.07.2010 05:00 C:\Windows\system32\DRVSTORE --------- 0
07.07.2010 04:55 C:\Windows\system32\oem1.inf --------- 1048812
07.07.2010 04:55 C:\Windows\system32\zh-HK --------- 0
07.07.2010 04:55 C:\Windows\system32\zh-TW --------- 0
07.07.2010 04:55 C:\Windows\system32\zh-CN --------- 0
07.07.2010 04:55 C:\Windows\system32\tr-TR --------- 0
07.07.2010 04:55 C:\Windows\system32\th-TH --------- 0
07.07.2010 04:55 C:\Windows\system32\sv-SE --------- 0
07.07.2010 04:55 C:\Windows\system32\sl-SI --------- 0
07.07.2010 04:55 C:\Windows\system32\sk-SK --------- 0
07.07.2010 04:55 C:\Windows\system32\ru-RU --------- 0
07.07.2010 04:55 C:\Windows\system32\ro-RO --------- 0
07.07.2010 04:55 C:\Windows\system32\pt-PT --------- 0
07.07.2010 04:55 C:\Windows\system32\pt-BR --------- 0
07.07.2010 04:55 C:\Windows\system32\pl-PL --------- 0
07.07.2010 04:55 C:\Windows\system32\nl-NL --------- 0
07.07.2010 04:55 C:\Windows\system32\nb-NO --------- 0
07.07.2010 04:55 C:\Windows\system32\lv-LV --------- 0
07.07.2010 04:55 C:\Windows\system32\lt-LT --------- 0
07.07.2010 04:55 C:\Windows\system32\ko-KR --------- 0
07.07.2010 04:55 C:\Windows\system32\ja-JP --------- 0
07.07.2010 04:55 C:\Windows\system32\it-IT --------- 0
07.07.2010 04:55 C:\Windows\system32\hu-HU --------- 0
07.07.2010 04:55 C:\Windows\system32\hr-HR --------- 0
07.07.2010 04:55 C:\Windows\system32\he-IL --------- 0
07.07.2010 04:55 C:\Windows\system32\fr-FR --------- 0
07.07.2010 04:55 C:\Windows\system32\fi-FI --------- 0
07.07.2010 04:55 C:\Windows\system32\et-EE --------- 0
07.07.2010 04:55 C:\Windows\system32\es-ES --------- 0
07.07.2010 04:55 C:\Windows\system32\en-US --------- 147456
07.07.2010 04:55 C:\Windows\system32\el-GR --------- 0
07.07.2010 04:55 C:\Windows\system32\da-DK --------- 0
07.07.2010 04:55 C:\Windows\system32\cs-CZ --------- 0
07.07.2010 04:55 C:\Windows\system32\bg-BG --------- 0
07.07.2010 04:55 C:\Windows\system32\ar-SA --------- 0
07.07.2010 04:55 C:\Windows\system32\bcmwlrc.dll --------- 6656
07.07.2010 04:55 C:\Windows\system32\bcmwlcoi.dll --------- 95472
07.07.2010 04:55 C:\Windows\system32\bcmihvui64.dll --------- 3555840
07.07.2010 04:55 C:\Windows\system32\bcmihvsrv64.dll --------- 3891200
29.06.2010 06:39 C:\Windows\system32\ole32.dll --------- 2085376
19.06.2010 08:05 C:\Windows\system32\ntoskrnl.exe --------- 5507968
19.06.2010 07:53 C:\Windows\system32\rtutils.dll --------- 52224
----------------------------------------
C:\Windows\Prefetch
----------------------------------------
C:\Windows\Tasks
12.11.2010 11:45 C:\Windows\Tasks\SA.DAT --------- 6
11.11.2010 23:53 C:\Windows\Tasks\SCHEDLGU.TXT --------- 32624
10.11.2010 23:20 C:\Windows\Tasks\HPCeeScheduleForTom Morris.job --------- 352
27.08.2010 19:11 C:\Windows\Tasks\Install_NSS.job --------- 398
----------------------------------------
C:\Windows\Temp
----------------------------------------
C:\Users\TOMMOR~1\AppData\Local\Temp
12.11.2010 12:04 C:\Users\TOMMOR~1\AppData\Local\Temp\etilqs_Nz6tnU6DfcadK5Npx2WJ --------- 0
12.11.2010 11:51 C:\Users\TOMMOR~1\AppData\Local\Temp\jusched.log --------- 734
12.11.2010 11:47 C:\Users\TOMMOR~1\AppData\Local\Temp\WPDNSE --------- 0
12.11.2010 11:46 C:\Users\TOMMOR~1\AppData\Local\Temp\divA4E5.tmp --------- 0
12.11.2010 11:46 C:\Users\TOMMOR~1\AppData\Local\Temp\AdobeARM.log --------- 1620
12.11.2010 04:09 C:\Users\TOMMOR~1\AppData\Local\Temp\~DF48DF248CD4FB4CCE.TMP --------- 312320
12.11.2010 04:09 C:\Users\TOMMOR~1\AppData\Local\Temp\CLW6585.tmp --------- 3516
12.11.2010 04:09 C:\Users\TOMMOR~1\AppData\Local\Temp\WC6574.tmp --------- 0
12.11.2010 04:09 C:\Users\TOMMOR~1\AppData\Local\Temp\~DF763D451A4A148EB9.TMP --------- 312320
12.11.2010 04:09 C:\Users\TOMMOR~1\AppData\Local\Temp\~DF1736E6DD351E4D00.TMP --------- 312320
12.11.2010 03:59 C:\Users\TOMMOR~1\AppData\Local\Temp\~DF799BC64818577DB2.TMP --------- 312320
12.11.2010 03:59 C:\Users\TOMMOR~1\AppData\Local\Temp\CLWED53.tmp --------- 3516
12.11.2010 03:59 C:\Users\TOMMOR~1\AppData\Local\Temp\WCED52.tmp --------- 0
12.11.2010 03:59 C:\Users\TOMMOR~1\AppData\Local\Temp\~DF2825DC324A63DDF9.TMP --------- 312320
12.11.2010 03:59 C:\Users\TOMMOR~1\AppData\Local\Temp\~DFCC76C6B97BB95AC7.TMP --------- 312320
12.11.2010 03:56 C:\Users\TOMMOR~1\AppData\Local\Temp\~DF8E56EAFF46D33D18.TMP --------- 312320
12.11.2010 03:56 C:\Users\TOMMOR~1\AppData\Local\Temp\CLW23A.tmp --------- 3516
12.11.2010 03:56 C:\Users\TOMMOR~1\AppData\Local\Temp\WC239.tmp --------- 0
12.11.2010 03:56 C:\Users\TOMMOR~1\AppData\Local\Temp\~DFDE30482E542F2972.TMP --------- 312320
12.11.2010 03:56 C:\Users\TOMMOR~1\AppData\Local\Temp\~DF0423A591DC5C221E.TMP --------- 312320
12.11.2010 01:13 C:\Users\TOMMOR~1\AppData\Local\Temp\div7213.tmp --------- 0
12.11.2010 01:08 C:\Users\TOMMOR~1\AppData\Local\Temp\ufliruob.sys --------- 93056
12.11.2010 00:48 C:\Users\TOMMOR~1\AppData\Local\Temp\div8709.tmp --------- 0
11.11.2010 23:55 C:\Users\TOMMOR~1\AppData\Local\Temp\div694C.tmp --------- 0
11.11.2010 23:53 C:\Users\TOMMOR~1\AppData\Local\Temp\div9A99.tmp --------- 0
11.11.2010 23:11 C:\Users\TOMMOR~1\AppData\Local\Temp\~DFEFF57FE935C68287.TMP --------- 312320
11.11.2010 23:11 C:\Users\TOMMOR~1\AppData\Local\Temp\CLWF292.tmp --------- 3516
11.11.2010 23:11 C:\Users\TOMMOR~1\AppData\Local\Temp\WCF291.tmp --------- 0
11.11.2010 23:11 C:\Users\TOMMOR~1\AppData\Local\Temp\~DF01650370C65EB5AA.TMP --------- 312320
11.11.2010 23:11 C:\Users\TOMMOR~1\AppData\Local\Temp\~DF2AFCAD11127D1277.TMP --------- 312320
11.11.2010 23:08 C:\Users\TOMMOR~1\AppData\Local\Temp\~DF42B042D90EBEC224.TMP --------- 312320
11.11.2010 23:08 C:\Users\TOMMOR~1\AppData\Local\Temp\CLW3F6C.tmp --------- 3516
11.11.2010 23:08 C:\Users\TOMMOR~1\AppData\Local\Temp\WC3F6B.tmp --------- 0
11.11.2010 23:08 C:\Users\TOMMOR~1\AppData\Local\Temp\~DF15B4720C5EF0C787.TMP --------- 312320
11.11.2010 23:08 C:\Users\TOMMOR~1\AppData\Local\Temp\~DFA4EC1A187383BBCC.TMP --------- 312320
11.11.2010 23:06 C:\Users\TOMMOR~1\AppData\Local\Temp\~DF8950E07D1772F76D.TMP --------- 312320
11.11.2010 23:06 C:\Users\TOMMOR~1\AppData\Local\Temp\CLWA18C.tmp --------- 3516
11.11.2010 23:06 C:\Users\TOMMOR~1\AppData\Local\Temp\WCA18B.tmp --------- 0
11.11.2010 23:06 C:\Users\TOMMOR~1\AppData\Local\Temp\~DF38E2F9D73518BCB6.TMP --------- 312320
11.11.2010 23:06 C:\Users\TOMMOR~1\AppData\Local\Temp\~DF58CADF0D51045634.TMP --------- 312320
11.11.2010 17:28 C:\Users\TOMMOR~1\AppData\Local\Temp\~DFC8B755B62429D82E.TMP --------- 312320
11.11.2010 17:28 C:\Users\TOMMOR~1\AppData\Local\Temp\CLW3CC7.tmp --------- 3516
11.11.2010 17:28 C:\Users\TOMMOR~1\AppData\Local\Temp\WC3CC6.tmp --------- 0
11.11.2010 17:28 C:\Users\TOMMOR~1\AppData\Local\Temp\~DF41DA76337AF4A60D.TMP --------- 312320
11.11.2010 17:28 C:\Users\TOMMOR~1\AppData\Local\Temp\~DFB4F72774825E4D26.TMP --------- 312320
11.11.2010 17:27 C:\Users\TOMMOR~1\AppData\Local\Temp\~DF4137B74B09B6C60A.TMP --------- 312320
11.11.2010 17:27 C:\Users\TOMMOR~1\AppData\Local\Temp\CLWD5.tmp --------- 3516
11.11.2010 17:27 C:\Users\TOMMOR~1\AppData\Local\Temp\WCD4.tmp --------- 0
11.11.2010 17:27 C:\Users\TOMMOR~1\AppData\Local\Temp\~DFC96A07D44E96BD99.TMP --------- 312320
11.11.2010 17:27 C:\Users\TOMMOR~1\AppData\Local\Temp\~DF0B7351CF89C4179F.TMP --------- 312320
11.11.2010 15:20 C:\Users\TOMMOR~1\AppData\Local\Temp\~DF11A80436921ED315.TMP --------- 312320
11.11.2010 15:20 C:\Users\TOMMOR~1\AppData\Local\Temp\CLW4DBE.tmp --------- 3516
11.11.2010 15:20 C:\Users\TOMMOR~1\AppData\Local\Temp\WC4DBD.tmp --------- 0
11.11.2010 15:20 C:\Users\TOMMOR~1\AppData\Local\Temp\~DFC36D8919C086238C.TMP --------- 312320
11.11.2010 15:20 C:\Users\TOMMOR~1\AppData\Local\Temp\~DF3538DFBDF74286DF.TMP --------- 312320
11.11.2010 03:00 C:\Users\TOMMOR~1\AppData\Local\Temp\Low --------- 0
07.08.2010 16:50 C:\Users\TOMMOR~1\AppData\Local\Temp\FXSAPIDebugLogFile.txt --------- 0
----------------------------------------
C:\Program Files
12.11.2010 01:00 C:\Program Files\CCleaner --------- 0
15.10.2010 02:18 C:\Program Files\Internet Explorer --------- 4096
15.10.2010 02:18 C:\Program Files\Windows Media Player --------- 4096
09.10.2010 10:07 C:\Program Files\M-Audio --------- 0
06.10.2010 17:07 C:\Program Files\Common Files --------- 4096
08.08.2010 14:18 C:\Program Files\Windows Mail --------- 0
07.08.2010 18:43 C:\Program Files\DivX --------- 0
07.08.2010 16:45 C:\Program Files\Windows Sidebar --------- 4096
07.08.2010 16:43 C:\Program Files\Windows NT --------- 4096
07.08.2010 16:43 C:\Program Files\Gemeinsame Dateien --------- 0
07.07.2010 14:48 C:\Program Files\DVD Maker --------- 4096
07.07.2010 14:48 C:\Program Files\Microsoft Games --------- 4096
07.07.2010 05:00 C:\Program Files\DIFX --------- 0
07.07.2010 04:59 C:\Program Files\ATI --------- 0
07.07.2010 04:58 C:\Program Files\Realtek --------- 0
07.07.2010 04:56 C:\Program Files\Synaptics --------- 0
07.07.2010 04:55 C:\Program Files\Broadcom --------- 0
18.05.2010 04:54 C:\Program Files\Windows Defender --------- 4096
18.05.2010 04:54 C:\Program Files\Windows Photo Viewer --------- 4096
17.05.2010 22:38 C:\Program Files\Hewlett-Packard --------- 0
14.07.2009 06:32 C:\Program Files\Windows Portable Devices --------- 0
14.07.2009 06:32 C:\Program Files\Reference Assemblies --------- 0
14.07.2009 06:32 C:\Program Files\MSBuild --------- 0
14.07.2009 06:09 C:\Program Files\Uninstall Information --------- 0
14.07.2009 05:54 C:\Program Files\desktop.ini --------- 174
----------------------------------------
C:\ProgramData\..
Tom Morris
Public
Default
Default User
All Users
desktop.ini
----------------------------------------
C:\Windows\system32\drivers\etc\hosts
----------------------------------------
Abbildname PID Sitzungsname Sitz.-Nr. Speichernutzung
========================= ======== ================ =========== ===============
System Idle Process 0 Services 0 24 K
System 4 Services 0 796 K
smss.exe 264 Services 0 1.088 K
csrss.exe 388 Services 0 4.268 K
wininit.exe 460 Services 0 4.316 K
csrss.exe 492 Console 1 6.144 K
services.exe 524 Services 0 11.632 K
lsass.exe 540 Services 0 11.256 K
lsm.exe 548 Services 0 4.152 K
winlogon.exe 636 Console 1 6.732 K
svchost.exe 704 Services 0 9.572 K
svchost.exe 804 Services 0 8.584 K
atiesrxx.exe 848 Services 0 4.080 K
svchost.exe 928 Services 0 24.452 K
svchost.exe 972 Services 0 103.468 K
svchost.exe 112 Services 0 47.548 K
svchost.exe 544 Services 0 15.828 K
svchost.exe 1096 Services 0 15.484 K
atieclxx.exe 1188 Console 1 5.804 K
wlanext.exe 1276 Services 0 4.760 K
conhost.exe 1284 Services 0 2.528 K
spoolsv.exe 1404 Services 0 10.904 K
sched.exe 1436 Services 0 1.864 K
svchost.exe 1456 Services 0 15.080 K
svchost.exe 1584 Services 0 14.884 K
AERTSr64.exe 1620 Services 0 2.568 K
avguard.exe 1640 Services 0 17.276 K
ezSharedSvcHost.exe 1688 Services 0 8.516 K
HPDrvMntSvc.exe 1724 Services 0 3.464 K
HPWMISVC.exe 1756 Services 0 5.344 K
LSSrvc.exe 1792 Services 0 4.104 K
SeaPort.exe 1840 Services 0 8.060 K
avshadow.exe 1860 Services 0 3.920 K
conhost.exe 1868 Services 0 2.544 K
svchost.exe 1928 Services 0 5.276 K
taskhost.exe 2376 Console 1 9.680 K
dwm.exe 2480 Console 1 31.512 K
explorer.exe 2508 Console 1 66.408 K
SynTPEnh.exe 2688 Console 1 12.624 K
RtkNGUI64.exe 2696 Console 1 9.472 K
RtVOsd64.exe 2704 Console 1 7.532 K
HPMSGSVC.exe 2724 Console 1 6.352 K
wmdc.exe 2812 Console 1 6.756 K
M-AudioTaskBarIcon.exe 2824 Console 1 6.760 K
LightScribeControlPanel.e 2848 Console 1 10.796 K
ISUSPM.exe 2872 Console 1 6.344 K
svchost.exe 2968 Services 0 7.576 K
WmiPrvSE.exe 3064 Services 0 7.296 K
hpwuschd2.exe 696 Console 1 3.368 K
DivXUpdate.exe 2144 Console 1 10.328 K
avgnt.exe 1140 Console 1 7.504 K
SynTPHelper.exe 1824 Console 1 3.176 K
jusched.exe 1872 Console 1 4.228 K
SearchIndexer.exe 2316 Services 0 39.780 K
wmpnetwk.exe 3256 Services 0 19.012 K
svchost.exe 3668 Services 0 13.504 K
HPHC_Service.exe 3808 Services 0 14.104 K
HPWA_Service.exe 4020 Services 0 34.508 K
svchost.exe 1936 Services 0 28.724 K
hpqWmiEx.exe 3932 Services 0 5.936 K
WmiPrvSE.exe 3936 Services 0 10.920 K
MOM.exe 4412 Console 1 5.688 K
CCC.exe 4496 Console 1 19.876 K
HPWA_Main.exe 4320 Console 1 49.252 K
hpCaslNotification.exe 3040 Console 1 11.348 K
audiodg.exe 2240 Services 0 17.688 K
chrome.exe 4944 Console 1 45.184 K
chrome.exe 400 Console 1 25.424 K
cmd.exe 3708 Console 1 3.568 K
conhost.exe 2980 Console 1 5.768 K
SearchProtocolHost.exe 3264 Services 0 8.092 K
SearchFilterHost.exe 4004 Services 0 6.196 K
dllhost.exe 3268 Console 1 5.600 K
tasklist.exe 2164 Console 1 5.248 K
***** Ende des Scans 12.11.2010 um 12:05:27,43 ***
Code:
ATTFilter Acrobat.com Adobe Systems Incorporated 16.05.2010 1,61MB 1.6.65
Adobe AIR Adobe Systems Inc. 16.05.2010 1.5.0.7220
Adobe Flash Player 10 Plugin Adobe Systems Incorporated 29.08.2010 6,00MB 10.1.82.76
Adobe Reader 9.4.0 MUI Adobe Systems Incorporated 09.10.2010 691MB 9.4.0
ATI Catalyst Install Manager ATI Technologies, Inc. 06.07.2010 22,1MB 3.0.765.0
Audacity 1.2.6 06.08.2010
Avira AntiVir Personal - Free Antivirus Avira GmbH 01.11.2010 59,8MB 10.0.0.592
Broadcom 802.11 Wireless LAN Adapter Broadcom Corporation 07.07.2010 5.60.48.35
Call of Duty(R) 4 - Modern Warfare(TM) Activision 11.08.2010 2.281MB 1.7
CCleaner Piriform 11.11.2010 3.00
CyberLink DVD Suite CyberLink Corp. 16.05.2010 37,6MB 7.0.2527
CyberLink PowerDVD 9 CyberLink Corp. 06.07.2010 134,2MB 9.0.1.3810
CyberLink YouCam CyberLink Corp. 06.07.2010 129,9MB 3.0.2511
DivX-Setup DivX, Inc. 11.10.2010 2.1.2.2
Free Music Zilla FreeMusicZilla.com 27.10.2010
Google Chrome Google Inc. 06.08.2010 5.0.375.99
HijackThis 2.0.2 TrendMicro 11.11.2010 2.0.2
HP Advisor Hewlett-Packard 16.05.2010 54,9MB 3.4.10262.3295
HP Power Plan Utility Hewlett-Packard 06.07.2010 0,23MB 1.0.6
HP Quick Launch Hewlett-Packard 16.05.2010 4,29MB 1.0.18
HP Setup Hewlett-Packard 16.05.2010 1.2.3988.3281
HP Software Framework Hewlett-Packard Company 21.09.2010 2,38MB 4.0.55.1
HP Support Assistant Hewlett-Packard 16.05.2010 33,4MB 4.4.6.3
HP Update Hewlett-Packard 16.05.2010 2,97MB 5.001.000.014
HP User Guides 0211 Hewlett-Packard 16.05.2010 144,4MB 1.00.0000
HP Wireless Assistant Hewlett-Packard 16.05.2010 5,59MB 4.0.4.2
Java(TM) 6 Update 22 Oracle 11.10.2010 94,9MB 6.0.220
JDownloader AppWork UG (haftungsbeschränkt) 11.10.2010 0.89
LabelPrint CyberLink Corp. 16.05.2010 281MB 2.5.2515
LightScribe System Software LightScribe 06.07.2010 23,4MB 1.18.12.1
Live 8.0.3 01.09.2010
M-Audio Conectiv Driver 6.0.1 (x64) M-Audio 08.10.2010 3,84MB 6.0.1
Malwarebytes' Anti-Malware Malwarebytes Corporation 10.11.2010 8,51MB
Microsoft Silverlight Microsoft Corporation 06.07.2010 29,1MB 3.0.40818.0
Microsoft Visual C++ 2005 Redistributable Microsoft Corporation 16.05.2010 0,42MB 8.0.56336
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 Microsoft Corporation 16.05.2010 0,77MB 9.0.30729
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148 Microsoft Corporation 06.07.2010 0,77MB 9.0.30729.4148
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 Microsoft Corporation 16.05.2010 0,58MB 9.0.30729
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 Microsoft Corporation 06.07.2010 0,58MB 9.0.30729.4148
Mozilla Firefox (3.6.8) Mozilla 29.08.2010 3.6.8 (de)
PhotoNow! CyberLink Corp. 06.07.2010 39,4MB 1.1.6904
Power2Go CyberLink Corp. 16.05.2010 204MB 6.1.3715
PowerDirector CyberLink Corp. 16.05.2010 826MB 8.0.2514
Realtek Ethernet Controller Driver For Windows 7 Realtek 06.07.2010 7.11.1127.2009
Realtek High Definition Audio Driver Realtek Semiconductor Corp. 06.07.2010 6.0.1.6066
Realtek USB 2.0 Card Reader Realtek Semiconductor Corp. 06.07.2010 6.1.7600.30105
Scratch Live 2.1.1 (21122) Serato Audio Research 24.10.2010 27,1MB 2.1.1
Skype Toolbars Skype Technologies S.A. 07.08.2010 5,36MB 1.0.4051
Skype™ 4.2 Skype Technologies S.A. 07.08.2010 31,7MB 4.2.169
SUPER © Version 2010.bld.38 (May 2, 2010) eRightSoft 11.08.2010 Version 2010.bld.38 (May 2, 2010)
Synaptics Pointing Device Driver Synaptics Incorporated 06.07.2010 15.0.12.0
TagScanner 5.1 build 592 Sergey Serkov 29.09.2010 5,59MB
Torq Torq 1.5.2 (Build 009) - 8 July 2009 M-Audio 08.10.2010
TubeBox! Jens Lorek 11.10.2010 12,9MB 3.4.1
Uninstall 1.0.0.1 06.08.2010 10,5MB
VLC media player 1.1.4 VideoLAN 08.09.2010 1.1.4
Vodafone Mobile Connect Lite Vodafone 09.08.2010 12,3MB 3.1.2.104
Windows Media Player Firefox Plugin Microsoft Corp 11.08.2010 0,29MB 1.0.0.8
Windows Mobile-Gerätecenter Microsoft Corporation 04.09.2010 27,4MB 6.1.6965.0
WinRAR Archivierer 06.08.2010
Code:
ATTFilter
Typ: Datei
Quelle: C:\Users\Tom Morris\AppData\Local\Google\Chrome\User Data\Default\Cache\f_0002f9
Status: Infiziert
Quarantäne-Objekt: 49dadea6.qua
Wiederhergestellt: NEIN
Zu Avira hochgeladen: JA
Betriebssystem: Windows 2000/XP/VISTA Workstation
Suchengine: 8.02.04.92
Virendefinitionsdatei: 7.10.13.229
Meldung: Ist das Trojanische Pferd TR/Crypt.XPACK.Gen3
Datum/Uhrzeit: 12.11.2010, 00:18
|
|
12.11.2010, 14:16
| #4 |
| | sshnas21.dll - TR/Crypt.XPACK.gen3 - win7/64bit -- weiß nicht weiter ? Hab außerdem nochmal nen Scan mit Antivir gemacht und 2 Viren hat es gefunden (dachte ist vielleicht von Bedeutung): Code:
ATTFilter
Typ: Datei
Quelle: C:\Users\Tom Morris\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\38\5d0e15a6-60a8549a
Status: Infiziert
Quarantäne-Objekt: 5067bd79.qua
Wiederhergestellt: NEIN
Zu Avira hochgeladen: NEIN
Betriebssystem: Windows 2000/XP/VISTA Workstation
Suchengine: 8.02.04.92
Virendefinitionsdatei: 7.10.13.229
Meldung: Enthält Erkennungsmuster des Java-Virus JAVA/Agent.2212
Datum/Uhrzeit: 12.11.2010, 13:41
Code:
ATTFilter
Typ: Datei
Quelle: C:\Users\Tom Morris\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\4\33dff2c4-3a14acd9
Status: Infiziert
Quarantäne-Objekt: 48bc92ef.qua
Wiederhergestellt: NEIN
Zu Avira hochgeladen: NEIN
Betriebssystem: Windows 2000/XP/VISTA Workstation
Suchengine: 8.02.04.92
Virendefinitionsdatei: 7.10.13.229
Meldung: Enthält Erkennungsmuster des Java-Virus JAVA/Agent.2212
Datum/Uhrzeit: 12.11.2010, 13:41
|
|
12.11.2010, 22:20
| #5 | |
| /// Helfer-Team | sshnas21.dll - TR/Crypt.XPACK.gen3 - win7/64bit -- weiß nicht weiter ? 1. Schliesse alle Programme einschliesslich Internet Explorer und fixe mit Hijackthis die Einträge aus der nachfolgenden Codebox (HijackThis starten→ "Do a system scan only"→ Einträge auswählen→ Häckhen setzen→ "Fix checked" klicken→ PC neu aufstarten): HijackThis erstellt ein Backup, Falls bei "Fixen" etwas schief geht, kann man unter "View the list of backups"- die Objekte wiederherstellen Code:
ATTFilter O2 - BHO: (no name) - {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - (no file)
O3 - Toolbar: (no name) - {8dcb7100-df86-4384-8842-8fa844297b3f} - (no file)
O4 - HKUS\S-1-5-19\..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (User 'LOKALER DIENST')
O4 - HKUS\S-1-5-20\..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (User 'NETZWERKDIENST')
Zitat:
C:\Users\xxxxx\AppData\Local\Temp--> lösche nur den Inhalt der Ordner, nicht die Ordner selbst oder klicke auf Start-> Suche-> %temp% reinschreiben... 3. Öffne CCleaner
4. den Java-Cache leeren - wie unter Punkt 7. u. 8. beschrieben *klick über Systemsteuerung -> Java... 5. >>Du sollst das Programm nicht installieren, sondern dein System nur online scannen<< Auch auf USB-Sticks, selbstgebrannten Datenträgern, externen Festplatten und anderen Datenträgern können Viren transportiert werden. Man muss daher durch regelmäßige Prüfungen auf Schäden, die durch Malware ("Worm.Win32.Autorun") verursacht worden sein können, überwacht werden. Hierfür sind ser gut geegnet und empfohlen, die auf dem Speichermedium gesicherten Daten, mit Hilfe des kostenlosen Online Scanners zu prüfen. Schließe jetzt alle externe Datenträgeran (USB Sticks etc) Deinen Rechner an, dabei die Hochstell-Taste [Shift-Taste] gedrückt halten, damit die Autorun-Funktion nicht ausgeführt wird. (So verhindest Du die Ausführung der AUTORUN-Funktion) - Man kann die AUTORUN-Funktion aber auch generell abschalten.► [Sicherheit] Autorun Funktion für mehr Sicherheit auf allen Laufwerken deaktivieren /Avira Support Forum Führe dann einen Komplett-Systemcheck mit Nod32 durch - folgendes bitte anhaken > "Remove found threads" und "Scan archives" - die Scanergebnis als *.txt Dateien speichern) - meistens "C:\Programme\Eset\EsetOnlineScanner\log.txt" - "Link:-> ESET Online Scanner Vor dem Scan Einstellungen im Internet Explorer: - "Extras→ Internetoptionen→ Sicherheit": - alles auf Standardstufe stellen - Active X erlauben ** Gibt es noch Probleme mit dem Rechner? |
|
13.11.2010, 04:27
| #6 |
| | sshnas21.dll - TR/Crypt.XPACK.gen3 - win7/64bit -- weiß nicht weiter ? Hallo, erstmal großen Dank an dich für deine Hilfe Echt super !!! Also ich habe alle Schritte abgearbeitet, allerdings konnte ich den Temp-Ordner nicht komplett leeren (Objekte als Bild im Anhang). Mein Laptop funktioniert eigentlich genau wie vorher ganz normal, konnte bis jetz nix weiteres feststellen aber die Minianwendungen funktionieren nach wie vor nicht. Gruß, Thomas Hier die Eset-TXT: Code:
ATTFilter C:\Users\xxxx\Eigene Producing\Camel Audio CamelPhat 3.42\keygen.exe Variante von Win32/Keygen.AD Anwendung Gesäubert durch Löschen - in Quarantäne kopiert
 |
|
| Themen zu sshnas21.dll - TR/Crypt.XPACK.gen3 - win7/64bit -- weiß nicht weiter ? |
| .dll, adobe, antivir, antivir guard, askbar, audacity, avg, avgntflt.sys, avira, bho, c:\windows\system32\rundll32.exe, call of duty, desktop, explorer, google, google chrome, hijack, home premium, install.exe, internet, internet explorer, jdownloader, location, logfile, media center, microsoft, minianwendungen, neu, nicht gefunden, oldtimer, ordner, otl.exe, plug-in, programdata, realtek, richtlinie, saver, searchplugins, shell32.dll, shortcut, software, superantispyware, syswow64, tr/crypt.xpack.ge, tr/crypt.xpack.gen, tubebox, usb 2.0, viren, virus-warnung, vlc media player, vodafone, webcheck, windows, wmp |
Hybrid-Darstellung
