Zurück   Trojaner-Board > Malware entfernen > Plagegeister aller Art und deren Bekämpfung

Plagegeister aller Art und deren Bekämpfung: Hab ich einen Keylogger ?

Windows 7 Wenn Du nicht sicher bist, ob Du dir Malware oder Trojaner eingefangen hast, erstelle hier ein Thema. Ein Experte wird sich mit weiteren Anweisungen melden und Dir helfen die Malware zu entfernen oder Unerwünschte Software zu deinstallieren bzw. zu löschen. Bitte schildere dein Problem so genau wie möglich. Sollte es ein Trojaner oder Viren Problem sein wird ein Experte Dir bei der Beseitigug der Infektion helfen.

Thema geschlossen
Alt 17.12.2010, 20:39   #1
Sonnentau
 
Hab ich einen Keylogger ? - Standard

Hab ich einen Keylogger ?



Hallo,

Ich habe den Verdacht, dass sich jemand Zugang zu meinen E-mailkonten verschafft hat. Habe gehört, dass dafür ein Keylogger verantwortlich sein kann.
Könnt ihr bitte meine Logfiles (laut Anleitung erstellt) anschauen und mir sagen ob ich einen solchen Keylogger habe?

Grüße Sonnentau

HiJack:

HiJackthis Logfile:
Code:
ATTFilter
Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 20:21:59, on 17.12.2010
Platform: Windows Vista SP2 (WinNT 6.00.1906)
MSIE: Internet Explorer v8.00 (8.00.6001.18975)
Boot mode: Normal
 
Running processes:
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Program Files\Symantec\Symantec Endpoint Protection\SmcGui.exe
C:\Program Files\TuneUp Utilities 2010\TuneUpUtilitiesApp32.exe
C:\Program Files\Windows Defender\MSASCui.exe
C:\Program Files\DellTPad\Apoint.exe
C:\Windows\OEM02Mon.exe
C:\Program Files\Intel\Intel Matrix Storage Manager\IAAnotif.exe
C:\Windows\System32\rundll32.exe
C:\Windows\System32\rundll32.exe
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\Program Files\Sigmatel\C-Major Audio\WDM\sttray.exe
C:\Windows\system32\taskeng.exe
C:\Program Files\DivX\DivX Update\DivXUpdate.exe
C:\Windows\ehome\ehtray.exe
C:\Program Files\Windows Media Player\wmpnscfg.exe
C:\Windows\ehome\ehmsas.exe
C:\Windows\System32\rundll32.exe
C:\Program Files\DellTPad\ApMsgFwd.exe
C:\Program Files\DellTPad\Apntex.exe
C:\Program Files\DellTPad\HidFind.exe
C:\Program Files\HiJackThis\Trend Micro\HiJackThis\HiJackThis.exe
 
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = h**p://search.conduit.com?SearchSource=10&ctid=CT2431245
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = h**p://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = h**p://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = h**p://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = 
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch = 
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Internet Explorer bereitgestellt von Dell
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = 
R3 - URLSearchHook: (no name) - - (no file)
R3 - URLSearchHook: DVDVideoSoft Toolbar - {e9911ec6-1bcc-40b0-9993-e0eea7f6953f} - C:\Program Files\DVDVideoSoft\tbDVDV.dll
R3 - URLSearchHook: DVDVideoSoftTB Toolbar - {872b5b88-9db5-4310-bdd0-ac189557e5f5} - C:\Program Files\DVDVideoSoftTB\tbDVDV.dll
R3 - URLSearchHook: softonic-de3 Toolbar - {cc05a3e3-64c3-4af2-bfc1-af0d66b69065} - C:\Program Files\softonic-de3\tbsoft.dll
O1 - Hosts: ::1 localhost
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: RealPlayer Download and Record Plugin for Internet Explorer - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\IE\rpbrowserrecordplugin.dll
O2 - BHO: Search Helper - {6EBF7485-159F-4bff-A14F-B9E3AAC4465B} - C:\Program Files\Microsoft\Search Enhancement Pack\Search Helper\SEPsearchhelperie.dll
O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll
O2 - BHO: DVDVideoSoftTB Toolbar - {872b5b88-9db5-4310-bdd0-ac189557e5f5} - C:\Program Files\DVDVideoSoftTB\tbDVDV.dll
O2 - BHO: Windows Live Anmelde-Hilfsprogramm - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.4.4525.1752\swg.dll
O2 - BHO: Browser Address Error Redirector - {CA6319C0-31B7-401E-A518-A07C3DB8F777} - C:\Program Files\Dell\BAE\BAE.dll
O2 - BHO: softonic-de3 Toolbar - {cc05a3e3-64c3-4af2-bfc1-af0d66b69065} - C:\Program Files\softonic-de3\tbsoft.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: Windows Live Toolbar Helper - {E15A8DC0-8516-42A1-81EA-DC94EC1ACF10} - C:\Program Files\Windows Live\Toolbar\wltcore.dll
O2 - BHO: DVDVideoSoft Toolbar - {e9911ec6-1bcc-40b0-9993-e0eea7f6953f} - C:\Program Files\DVDVideoSoft\tbDVDV.dll
O3 - Toolbar: DVDVideoSoft Toolbar - {e9911ec6-1bcc-40b0-9993-e0eea7f6953f} - C:\Program Files\DVDVideoSoft\tbDVDV.dll
O3 - Toolbar: DVDVideoSoftTB Toolbar - {872b5b88-9db5-4310-bdd0-ac189557e5f5} - C:\Program Files\DVDVideoSoftTB\tbDVDV.dll
O3 - Toolbar: &Windows Live Toolbar - {21FA44EF-376D-4D53-9B0F-8A89D3229068} - C:\Program Files\Windows Live\Toolbar\wltcore.dll
O3 - Toolbar: softonic-de3 Toolbar - {cc05a3e3-64c3-4af2-bfc1-af0d66b69065} - C:\Program Files\softonic-de3\tbsoft.dll
O4 - HKLM\..\Run: [Windows Defender] %ProgramFiles%\Windows Defender\MSASCui.exe -hide
O4 - HKLM\..\Run: [Apoint] C:\Program Files\DellTPad\Apoint.exe
O4 - HKLM\..\Run: [OEM02Mon.exe] C:\Windows\OEM02Mon.exe
O4 - HKLM\..\Run: [DELL Webcam Manager] "C:\Program Files\Dell\Dell Webcam Manager\DellWMgr.exe" /s
O4 - HKLM\..\Run: [IAAnotif] C:\Program Files\Intel\Intel Matrix Storage Manager\iaanotif.exe
O4 - HKLM\..\Run: [NvSvc] RUNDLL32.EXE C:\Windows\system32\nvsvc.dll,nvsvcStart
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\Windows\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\Windows\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [NVHotkey] rundll32.exe C:\Windows\system32\nvHotkey.dll,Start
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [SigmatelSysTrayApp] %ProgramFiles%\SigmaTel\C-Major Audio\WDM\sttray.exe
O4 - HKLM\..\Run: [DivXUpdate] "C:\Program Files\DivX\DivX Update\DivXUpdate.exe" /CHECKNOW
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [Adobe ARM] "C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
O4 - HKLM\..\Run: [Malwarebytes' Anti-Malware (reboot)] "C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe" /runcleanupscript
O4 - HKCU\..\Run: [ehTray.exe] C:\Windows\ehome\ehTray.exe
O4 - HKCU\..\Run: [WMPNSCFG] C:\Program Files\Windows Media Player\WMPNSCFG.exe
O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'LOKALER DIENST')
O4 - HKUS\S-1-5-19\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter (User 'LOKALER DIENST')
O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'NETZWERKDIENST')
O4 - HKUS\S-1-5-18\..\RunOnce: [RealUpgradeHelper] "C:\Program Files\Common Files\Real\Update_OB\upgrdhlp.exe" "RealNetworks|RealPlayer|12.0" (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\RunOnce: [RealUpgradeHelper] "C:\Program Files\Common Files\Real\Update_OB\upgrdhlp.exe" "RealNetworks|RealPlayer|12.0" (User 'Default user')
O8 - Extra context menu item: Add to Google Photos Screensa&ver - res://C:\Windows\system32\GPhotos.scr/200
O8 - Extra context menu item: Bild an &Bluetooth-Gerät senden... - c:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm
O8 - Extra context menu item: Free YouTube to Mp3 Converter - C:\Users\Untinulla\AppData\Roaming\DVDVideoSoftIEHelpers\youtubetomp3.htm
O8 - Extra context menu item: Nach Microsoft &Excel exportieren - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O8 - Extra context menu item: Nach Microsoft E&xel exportieren - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000
O8 - Extra context menu item: Seite an &Bluetooth-Gerät senden... - c:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
O9 - Extra button: In Blog veröffentlichen - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra 'Tools' menuitem: In Windows Live Writer in Blog veröffentliche&n - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra button: An OneNote senden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: An OneNote s&enden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL
O9 - Extra button: @btrez.dll,-4015 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - c:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
O9 - Extra 'Tools' menuitem: @btrez.dll,-12650 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - c:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
O9 - Extra button: ICQ6 - {E59EB121-F339-4851-A3BA-FE49C35617C2} - C:\Program Files\ICQ6.5\ICQ.exe
O9 - Extra 'Tools' menuitem: ICQ6 - {E59EB121-F339-4851-A3BA-FE49C35617C2} - C:\Program Files\ICQ6.5\ICQ.exe
O17 - HKLM\System\CCS\Services\Tcpip\..\{B1824C8D-07D2-4EA6-8982-09B4DE7DD406}: NameServer = 132.230.200.200,132.230.201.111
O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\Program Files\Microsoft Office\Office12\GrooveSystemServices.dll
O22 - SharedTaskScheduler: Component Categories cache daemon - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\Windows\system32\browseui.dll
O23 - Service: Andrea ST Filters Service (AESTFilters) - Andrea Electronics Corporation - C:\Windows\system32\aestsrv.exe
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
O23 - Service: Dienst "Bonjour" (Bonjour Service) - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
O23 - Service: Intel(R) PROSet/Wireless Event Log (EvtEng) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
O23 - Service: Google Update Service (gupdate) (gupdate) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe
O23 - Service: Google Software Updater (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: Intel(R) Matrix Storage Event Monitor (IAANTMON) - Intel Corporation - C:\Program Files\Intel\Intel Matrix Storage Manager\Iaantmon.exe
O23 - Service: iPod-Dienst (iPod Service) - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Lavasoft Ad-Aware Service - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe
O23 - Service: LiveUpdate - Symantec Corporation - C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE
O23 - Service: O&O Defrag - O&O Software GmbH - C:\Program Files\OO Software\Defrag\oodag.exe
O23 - Service: Sony Ericsson OMSI download service (OMSI download service) - Unknown owner - C:\Program Files\Sony Ericsson\Sony Ericsson PC Suite\SupServ.exe
O23 - Service: Intel(R) PROSet/Wireless Registry Service (RegSrvc) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
O23 - Service: Symantec Management Client (SmcService) - Symantec Corporation - C:\Program Files\Symantec\Symantec Endpoint Protection\Smc.exe
O23 - Service: SigmaTel Audio Service (STacSV) - IDT, Inc. - C:\Windows\system32\STacSV.exe
O23 - Service: stllssvr - MicroVision Development, Inc. - C:\Program Files\Common Files\SureThing Shared\stllssvr.exe
O23 - Service: Symantec Endpoint Protection (Symantec AntiVirus) - Symantec Corporation - C:\Program Files\Symantec\Symantec Endpoint Protection\Rtvscan.exe
O23 - Service: @C:\Program Files\TuneUp Utilities 2010\TuneUpDefragService.exe,-1 (TuneUp.Defrag) - TuneUp Software - C:\Program Files\TuneUp Utilities 2010\TuneUpDefragService.exe
O23 - Service: @%SystemRoot%\System32\TUProgSt.exe,-1 (TuneUp.ProgramStatisticsSvc) - TuneUp Software - C:\Windows\System32\TUProgSt.exe
O23 - Service: TuneUp Utilities Service (TuneUp.UtilitiesSvc) - TuneUp Software - C:\Program Files\TuneUp Utilities 2010\TuneUpUtilitiesService32.exe
 
--
End of file - 12122 bytes
         
--- --- ---




Malewarebytes MBAM:


Malwarebytes' Anti-Malware 1.50
www.malwarebytes.org

Datenbank Version: 5322

Windows 6.0.6002 Service Pack 2
Internet Explorer 8.0.6001.18975

17.12.2010 20:34:50
mbam-log-2010-12-17 (20-34-49).txt

Art des Suchlaufs: Quick-Scan
Durchsuchte Objekte: 152866
Laufzeit: 4 Minute(n), 54 Sekunde(n)

Infizierte Speicherprozesse: 0
Infizierte Speichermodule: 0
Infizierte Registrierungsschlüssel: 0
Infizierte Registrierungswerte: 0
Infizierte Dateiobjekte der Registrierung: 0
Infizierte Verzeichnisse: 0
Infizierte Dateien: 0

Infizierte Speicherprozesse:
(Keine bösartigen Objekte gefunden)

Infizierte Speichermodule:
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungsschlüssel:
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungswerte:
(Keine bösartigen Objekte gefunden)

Infizierte Dateiobjekte der Registrierung:
(Keine bösartigen Objekte gefunden)

Infizierte Verzeichnisse:
(Keine bösartigen Objekte gefunden)

Infizierte Dateien:
(Keine bösartigen Objekte gefunden)



Defogger

defogger_disable by jpshortstuff (23.02.10.1)
Log created at 21:20 on 15/12/2010 (***)

Checking for autostart values...
HKCU\~\Run values retrieved.
HKLM\~\Run values retrieved.

Checking for services/drivers...
Unable to read sptd.sys
SPTD -> Disabled (Service running -> reboot required)


-=E.O.F=-



GMER

GMER Logfile:
Code:
ATTFilter
GMER 1.0.15.15530 - hxxp://www.gmer.net
Rootkit scan 2010-12-15 22:36:14
Windows 6.0.6002 Service Pack 2 Harddisk0\DR0 -> \Device\Ide\IAAStorageDevice-0 SAMSUNG_ rev.HS10
Running: gmer.exe; Driver: C:\Users\***\AppData\Local\Temp\pflyquod.sys
 
 
---- System - GMER 1.0.15 ----
 
SSDT 91DB0A28 ZwAlertResumeThread
SSDT 91DB0B08 ZwAlertThread
SSDT 90AC9378 ZwAllocateVirtualMemory
SSDT 90A46AA8 ZwConnectPort
SSDT 91DB0778 ZwCreateMutant
SSDT 91DA7050 ZwCreateThread
SSDT 91DA75A8 ZwFreeVirtualMemory
SSDT 91DB0868 ZwImpersonateAnonymousToken
SSDT 91DB0948 ZwImpersonateThread
SSDT 91DA74A8 ZwMapViewOfSection
SSDT 91DB0698 ZwOpenEvent
SSDT 91DA6350 ZwOpenProcessToken
SSDT 91DB0FC0 ZwOpenThreadToken
SSDT \??\C:\Windows\system32\drivers\wpsdrvnt.sys ZwProtectVirtualMemory [0x90DB5880]
SSDT 90AC9268 ZwResumeThread
SSDT 91DB0F00 ZwSetContextThread
SSDT 91DA72D8 ZwSetInformationProcess
SSDT 91DB0E10 ZwSetInformationThread
SSDT 91DB05B8 ZwSuspendProcess
SSDT 91DB0C50 ZwSuspendThread
SSDT 90AC97F0 ZwTerminateProcess
SSDT 91DB0D30 ZwTerminateThread
SSDT 91DA73C8 ZwUnmapViewOfSection
SSDT 91DA7678 ZwWriteVirtualMemory
 
---- Kernel code sections - GMER 1.0.15 ----
 
.text ntkrnlpa.exe!KeSetEvent + 11D 83ABC880 8 Bytes [28, 0A, DB, 91, 08, 0B, DB, ...] {SUB [EDX], CL; FIST DWORD [ECX-0x6e24f4f8]}
.text ntkrnlpa.exe!KeSetEvent + 131 83ABC894 4 Bytes [78, 93, AC, 90] {JS 0xffffffffffffff95; LODSB ; NOP }
.text ntkrnlpa.exe!KeSetEvent + 1C1 83ABC924 4 Bytes [A8, 6A, A4, 90] {TEST AL, 0x6a; MOVSB ; NOP }
.text ntkrnlpa.exe!KeSetEvent + 1F5 83ABC958 4 Bytes [78, 07, DB, 91]
.text ntkrnlpa.exe!KeSetEvent + 221 83ABC984 4 Bytes [50, 70, DA, 91] {PUSH EAX; JO 0xffffffffffffffdd; XCHG ECX, EAX}
.text ... 
.text C:\Windows\system32\DRIVERS\nvlddmkm.sys section is writeable [0x8DE03360, 0x359BA2, 0xE8000020]
 
---- Devices - GMER 1.0.15 ----
 
AttachedDevice \Driver\tdx \Device\Tcp wpsdrvnt.sys
AttachedDevice \Driver\tdx \Device\Udp wpsdrvnt.sys
AttachedDevice \FileSystem\fastfat \Fat fltmgr.sys (Microsoft Dateisystem-Filter-Manager/Microsoft Corporation)
 
---- Registry - GMER 1.0.15 ----
 
Reg HKLM\SYSTEM\CurrentControlSet\Services\BTHPORT\Parameters\Keys\001e4ce4d048 
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4 
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4@p0 C:\Program Files\DAEMON Tools Lite\
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4@h0 0
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4@khjeh 0x01 0xD1 0x53 0x82 ...
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001 
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001@a0 0x20 0x01 0x00 0x00 ...
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001@khjeh 0x6C 0xC0 0xC0 0x0A ...
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf40 
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf40@khjeh 0xE5 0x53 0x31 0x05 ...
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf41 
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf41@khjeh 0xE5 0x53 0x31 0x05 ...
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf42 
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf42@khjeh 0xE5 0x53 0x31 0x05 ...
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf43 
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf43@khjeh 0xE5 0x53 0x31 0x05 ...
Reg HKLM\SYSTEM\ControlSet002\Services\BTHPORT\Parameters\Keys\001e4ce4d048 (not active ControlSet) 
Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4 (not active ControlSet) 
Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4@p0 C:\Program Files\DAEMON Tools Lite\
Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4@h0 0
Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4@khjeh 0x01 0xD1 0x53 0x82 ...
Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001 (not active ControlSet) 
Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001@a0 0x20 0x01 0x00 0x00 ...
Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001@khjeh 0x6C 0xC0 0xC0 0x0A ...
Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf40 (not active ControlSet) 
Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf40@khjeh 0xE5 0x53 0x31 0x05 ...
Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf41 (not active ControlSet) 
Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf41@khjeh 0xE5 0x53 0x31 0x05 ...
Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf42 (not active ControlSet) 
Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf42@khjeh 0xE5 0x53 0x31 0x05 ...
Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf43 (not active ControlSet) 
Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf43@khjeh 0xE5 0x53 0x31 0x05 ...
Reg HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\System 
Reg HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\System@OODEFRAG12.00.00.01PROFESSIONAL F451686F2E92EAD3989DCB18450899EAF1054038023D898B5E7B3A78DED219E2F2E1C0D437E4F83A461F8E3CCEDCD27FCD17C18B7B7FFDA543E516CED45C48CC24F4B9D2F5854D423956FEBC9E127BECC74CFEBC9E127BECC74CFEBC9E127BECC74CFEBC9E127BECC74CFEBC9E127BECC74CFEBC9E127BECC74CA6A0AC4980AC7933A6171C11EC38DE3DFEBC9E127BECC74CC038D530D6EB3452DB05CA2879A4EFF299A612AA56A4ED4205C843783E85CE258BD607636D0D5328A3B2EC0A7EF7A62919CAB6183F766737EC7C21C898F844C844C94CC2834EA3366761ACBE918BDF10CE6A0D02815092B940B22325E6CB6D5D821BAF2ADF9B23AB17E2B06DDEFA66ED8A36A655F8BCF263D098E4DCD515A3F23992F370233CA4AD663D061115D8269CE011775086372D62B30E6296995F68AD9D2E403DECE621F2CB2B1DF669283088A9125A878EB48A7A412900CAE329DCC22AA020116648B44A011C4A4491E2393301060BE27B19FA0018B002C57167C8809CCC03BAB77F9D9108B145ED4B751AB2C66BAC1D37400F5E98A19528FE001643F7CEBB629221C1BE2243ABBE554250AE2175444834F6FC14E6ACC7E7CE4ED50081F38380A735A75957DAFDD6F21DFBE5F40D3945E6FE9EB1EC378A4C2521B7BDC33DF3E3ADB7FB7C72361F27EC506328F0CCDB4E488E71DFD7D9B3F2CBBA94180D5F0CAC60188E5B03C858780D9
 
---- EOF - GMER 1.0.15 ----
         
--- --- ---


OTLOTL Logfile:
Code:
ATTFilter
OTL logfile created on: 15.12.2010 22:41:10 - Run 1
OTL by OldTimer - Version 3.2.17.3 Folder = C:\Users\Public\Desktop\MFtools
Windows Vista Home Premium Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18975)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
 
2,00 Gb Total Physical Memory | 1,00 Gb Available Physical Memory | 39,00% Memory free
4,00 Gb Paging File | 3,00 Gb Available in Paging File | 72,00% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 220,27 Gb Total Space | 124,56 Gb Free Space | 56,55% Space Free | Partition Type: NTFS
Drive D: | 10,00 Gb Total Space | 5,77 Gb Free Space | 57,65% Space Free | Partition Type: NTFS
 
Computer Name: ***-PC | User Name: *** | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days
 
========== Processes (SafeList) ==========
 
PRC - [2010.12.15 20:36:21 | 000,575,488 | ---- | M] (OldTimer Tools) -- C:\Users\Public\Desktop\MFtools\OTL.exe
PRC - [2010.10.21 17:41:29 | 000,134,808 | ---- | M] (Google Inc.) -- C:\Programme\Google\Update\1.2.183.39\GoogleCrashHandler.exe
PRC - [2010.09.16 21:04:06 | 001,164,584 | ---- | M] () -- C:\Programme\DivX\DivX Update\DivXUpdate.exe
PRC - [2010.07.06 12:25:14 | 000,720,704 | ---- | M] (TuneUp Software) -- C:\Programme\TuneUp Utilities 2010\TuneUpUtilitiesApp32.exe
PRC - [2010.07.06 12:23:40 | 001,051,968 | ---- | M] (TuneUp Software) -- C:\Programme\TuneUp Utilities 2010\TuneUpUtilitiesService32.exe
PRC - [2010.04.16 07:33:40 | 000,144,672 | ---- | M] (Apple Inc.) -- C:\Programme\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
PRC - [2009.09.17 17:56:00 | 002,477,304 | ---- | M] (Symantec Corporation) -- C:\Programme\Symantec\Symantec Endpoint Protection\Rtvscan.exe
PRC - [2009.09.17 17:38:00 | 001,864,888 | ---- | M] (Symantec Corporation) -- C:\Programme\Symantec\Symantec Endpoint Protection\Smc.exe
PRC - [2009.09.17 17:27:00 | 001,455,432 | ---- | M] (Symantec Corporation) -- C:\Programme\Symantec\Symantec Endpoint Protection\SmcGui.exe
PRC - [2009.09.12 00:34:12 | 001,488,128 | ---- | M] (O&O Software GmbH) -- C:\Programme\OO Software\Defrag\oodag.exe
PRC - [2009.07.08 20:14:40 | 000,115,560 | ---- | M] (Symantec Corporation) -- C:\Programme\Common Files\Symantec Shared\ccApp.exe
PRC - [2009.07.08 20:14:20 | 000,108,392 | ---- | M] (Symantec Corporation) -- C:\Programme\Common Files\Symantec Shared\ccSvcHst.exe
PRC - [2009.06.04 19:03:32 | 000,186,904 | ---- | M] (Intel Corporation) -- C:\Programme\Intel\Intel Matrix Storage Manager\IAAnotif.exe
PRC - [2009.06.04 19:03:06 | 000,354,840 | ---- | M] (Intel Corporation) -- C:\Programme\Intel\Intel Matrix Storage Manager\IAANTmon.exe
PRC - [2009.05.19 10:36:18 | 000,240,512 | ---- | M] (Microsoft Corporation) -- C:\Programme\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe
PRC - [2009.04.30 12:23:26 | 000,090,112 | ---- | M] () -- C:\Programme\Sony Ericsson\Sony Ericsson PC Suite\SupServ.exe
PRC - [2009.04.11 07:27:36 | 002,926,592 | ---- | M] (Microsoft Corporation) -- C:\Windows\explorer.exe
PRC - [2008.01.18 23:38:40 | 001,008,184 | ---- | M] (Microsoft Corporation) -- C:\Programme\Windows Defender\MSASCui.exe
PRC - [2008.01.18 23:33:40 | 000,896,512 | ---- | M] (Microsoft Corporation) -- C:\Programme\Windows Media Player\wmpnetwk.exe
PRC - [2008.01.18 23:33:40 | 000,202,240 | ---- | M] (Microsoft Corporation) -- C:\Programme\Windows Media Player\wmpnscfg.exe
PRC - [2007.12.03 05:28:06 | 000,405,504 | ---- | M] (IDT, Inc.) -- C:\Programme\Sigmatel\C-Major Audio\WDM\sttray.exe
PRC - [2007.12.03 05:27:58 | 000,102,400 | ---- | M] (IDT, Inc.) -- C:\Windows\System32\stacsv.exe
PRC - [2007.12.03 05:27:54 | 000,073,728 | ---- | M] (Andrea Electronics Corporation) -- C:\Windows\System32\AEstSrv.exe
PRC - [2007.09.07 09:51:00 | 000,040,960 | ---- | M] (Alps Electric Co., Ltd.) -- C:\Programme\DellTPad\hidfind.exe
PRC - [2007.09.07 09:50:56 | 000,159,744 | ---- | M] (Alps Electric Co., Ltd.) -- C:\Programme\DellTPad\Apoint.exe
PRC - [2007.09.07 09:50:56 | 000,049,152 | ---- | M] (Alps Electric Co., Ltd.) -- C:\Programme\DellTPad\ApntEx.exe
PRC - [2007.09.07 09:50:54 | 000,050,736 | ---- | M] (Alps Electric Co., Ltd.) -- C:\Programme\DellTPad\ApMsgFwd.exe
PRC - [2007.08.28 06:51:42 | 000,036,864 | ---- | M] (Creative Technology Ltd.) -- C:\Windows\OEM02Mon.exe
PRC - [2007.07.25 17:41:42 | 000,647,168 | ---- | M] (Intel Corporation) -- C:\Programme\Intel\Wireless\Bin\EvtEng.exe
PRC - [2007.07.25 17:22:44 | 000,327,680 | ---- | M] (Intel Corporation) -- C:\Programme\Intel\Wireless\Bin\RegSrvc.exe
PRC - [2007.03.28 20:47:34 | 000,021,504 | ---- | M] (UPEK Inc.) -- C:\Programme\Protector Suite QL\upeksvr.exe
PRC - [2003.06.19 22:25:00 | 000,322,120 | ---- | M] (Microsoft Corporation) -- C:\Programme\Common Files\microsoft shared\VS7Debug\MDM.EXE
 
 
========== Modules (SafeList) ==========
 
MOD - [2010.12.15 20:36:21 | 000,575,488 | ---- | M] (OldTimer Tools) -- C:\Users\Public\Desktop\MFtools\OTL.exe
MOD - [2010.08.31 16:43:52 | 001,686,016 | ---- | M] (Microsoft Corporation) -- C:\Windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.6002.18305_none_5cb72f2a088b0ed3\comctl32.dll
MOD - [2010.05.04 20:13:07 | 000,231,424 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\msshsq.dll
MOD - [2010.01.06 16:41:07 | 000,632,656 | ---- | M] (Microsoft Corporation) -- C:\Windows\winsxs\x86_microsoft.vc80.crt_1fc8b3b9a1e18e3b_8.0.50727.4053_none_d08d7da0442a985d\msvcr80.dll
MOD - [2009.09.25 03:10:10 | 000,974,848 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\WindowsCodecs.dll
MOD - [2009.07.30 18:00:12 | 000,097,280 | ---- | M] (Microsoft Corporation) -- C:\Windows\winsxs\x86_microsoft.vc80.atl_1fc8b3b9a1e18e3b_8.0.50727.4053_none_d1c738ec43578ea1\ATL80.dll
MOD - [2009.04.11 07:28:24 | 000,380,416 | ---- | M] (Microsoft Corporation) -- C:\Programme\Common Files\microsoft shared\ink\tiptsf.dll
MOD - [2009.04.11 07:28:23 | 000,228,352 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\SLC.dll
MOD - [2009.04.11 07:28:19 | 000,114,176 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\EhStorShell.dll
MOD - [2009.04.11 07:28:18 | 000,031,744 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\cscapi.dll
MOD - [2009.04.11 07:27:47 | 000,241,128 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\rsaenh.dll
MOD - [2009.04.11 07:21:38 | 001,748,992 | ---- | M] (Microsoft Corporation) -- C:\Windows\winsxs\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6002.18005_none_9e50b396ca17ae07\GdiPlus.dll
MOD - [2009.03.06 03:33:26 | 000,961,888 | ---- | M] (Microsoft Corporation) -- C:\Programme\Microsoft Office\Office12\GrooveUtil.dll
MOD - [2009.02.12 14:19:38 | 000,178,040 | ---- | M] (Microsoft Corporation) -- C:\Programme\Microsoft Office\Office12\GrooveSystemServices.dll
MOD - [2009.02.12 14:19:32 | 002,217,848 | ---- | M] (Microsoft Corporation) -- C:\Programme\Microsoft Office\Office12\GrooveShellExtensions.dll
MOD - [2008.10.25 10:44:34 | 000,022,872 | ---- | M] (Microsoft Corporation) -- C:\Programme\Microsoft Office\Office12\GrooveNew.dll
MOD - [2008.01.18 23:36:42 | 000,080,384 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\thumbcache.dll
MOD - [2008.01.18 23:34:08 | 000,183,808 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\duser.dll
MOD - [2008.01.18 23:33:44 | 000,326,656 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\actxprxy.dll
MOD - [2007.03.28 20:59:10 | 002,953,216 | ---- | M] (UPEK Inc.) -- C:\Programme\Protector Suite QL\farchns.dll
MOD - [2007.03.28 20:14:34 | 000,296,960 | ---- | M] (UPEK Inc.) -- C:\Programme\Protector Suite QL\infra.dll
 
 
========== Win32 Services (SafeList) ==========
 
SRV - [2010.11.25 19:26:32 | 001,375,992 | ---- | M] (Lavasoft) [Auto | Stopped] -- C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe -- (Lavasoft Ad-Aware Service)
SRV - [2010.07.30 16:10:24 | 000,435,008 | ---- | M] (TuneUp Software) [On_Demand | Stopped] -- C:\Programme\TuneUp Utilities 2010\TuneUpDefragService.exe -- (TuneUp.Defrag)
SRV - [2010.07.06 12:23:40 | 001,051,968 | ---- | M] (TuneUp Software) [Auto | Running] -- C:\Program Files\TuneUp Utilities 2010\TuneUpUtilitiesService32.exe -- (TuneUp.UtilitiesSvc)
SRV - [2010.07.06 12:20:38 | 000,030,016 | ---- | M] (TuneUp Software) [Auto | Running] -- C:\Windows\System32\uxtuneup.dll -- (UxTuneUp)
SRV - [2010.04.16 07:33:40 | 000,144,672 | ---- | M] (Apple Inc.) [Auto | Running] -- C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe -- (Apple Mobile Device)
SRV - [2010.03.18 12:16:28 | 000,753,504 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe -- (WPFFontCache_v0400)
SRV - [2010.03.18 12:16:28 | 000,130,384 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -- (clr_optimization_v4.0.30319_32)
SRV - [2009.09.25 02:27:04 | 000,793,088 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\FntCache.dll -- (FontCache)
SRV - [2009.09.17 17:56:00 | 002,477,304 | ---- | M] (Symantec Corporation) [Auto | Running] -- C:\Program Files\Symantec\Symantec Endpoint Protection\Rtvscan.exe -- (Symantec AntiVirus)
SRV - [2009.09.17 17:38:00 | 001,864,888 | ---- | M] (Symantec Corporation) [Auto | Running] -- C:\Program Files\Symantec\Symantec Endpoint Protection\Smc.exe -- (SmcService)
SRV - [2009.09.17 17:21:00 | 000,341,320 | ---- | M] (Symantec Corporation) [Disabled | Stopped] -- C:\Program Files\Symantec\Symantec Endpoint Protection\SNAC.EXE -- (SNAC)
SRV - [2009.09.12 00:34:12 | 001,488,128 | ---- | M] (O&O Software GmbH) [Auto | Running] -- C:\Program Files\OO Software\Defrag\oodag.exe -- (O&O Defrag)
SRV - [2009.08.18 18:23:16 | 003,093,880 | ---- | M] (Symantec Corporation) [On_Demand | Stopped] -- C:\Programme\Symantec\LiveUpdate\LuComServer_3_3.EXE -- (LiveUpdate)
SRV - [2009.07.08 20:14:20 | 000,108,392 | ---- | M] (Symantec Corporation) [Auto | Running] -- C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe -- (ccSetMgr)
SRV - [2009.07.08 20:14:20 | 000,108,392 | ---- | M] (Symantec Corporation) [Auto | Running] -- C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe -- (ccEvtMgr)
SRV - [2009.06.04 19:03:06 | 000,354,840 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Programme\Intel\Intel Matrix Storage Manager\IAANTmon.exe -- (IAANTMON) Intel(R)
SRV - [2009.05.27 08:01:45 | 000,604,416 | ---- | M] (TuneUp Software) [Auto | Stopped] -- C:\Windows\System32\TUProgSt.exe -- (TuneUp.ProgramStatisticsSvc)
SRV - [2009.05.19 10:36:18 | 000,240,512 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe -- (SeaPort)
SRV - [2009.04.30 12:23:26 | 000,090,112 | ---- | M] () [Auto | Running] -- C:\Programme\Sony Ericsson\Sony Ericsson PC Suite\SupServ.exe -- (OMSI download service)
SRV - [2008.01.18 23:38:26 | 000,272,952 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Programme\Windows Defender\MpSvc.dll -- (WinDefend)
SRV - [2007.12.03 05:27:58 | 000,102,400 | ---- | M] (IDT, Inc.) [Auto | Running] -- C:\Windows\System32\stacsv.exe -- (STacSV)
SRV - [2007.12.03 05:27:54 | 000,073,728 | ---- | M] (Andrea Electronics Corporation) [Auto | Running] -- C:\Windows\System32\AEstSrv.exe -- (AESTFilters)
SRV - [2007.07.25 17:41:42 | 000,647,168 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Programme\Intel\Wireless\Bin\EvtEng.exe -- (EvtEng) Intel(R)
SRV - [2007.07.25 17:22:44 | 000,327,680 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Programme\Intel\Wireless\Bin\RegSrvc.exe -- (RegSrvc) Intel(R)
 
 
========== Driver Services (SafeList) ==========
 
DRV - File not found [Kernel | On_Demand | Stopped] -- C:\Windows\System32\DRIVERS\nwlnkfwd.sys -- (NwlnkFwd)
DRV - File not found [Kernel | On_Demand | Stopped] -- C:\Windows\System32\DRIVERS\nwlnkflt.sys -- (NwlnkFlt)
DRV - File not found [Kernel | On_Demand | Stopped] -- C:\Windows\System32\DRIVERS\ipinip.sys -- (IpInIp)
DRV - File not found [Kernel | Disabled | Stopped] -- C:\Windows\System32\drivers\blbdrive.sys -- (blbdrive)
DRV - [2010.12.08 10:00:00 | 001,360,248 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\ProgramData\Symantec\Definitions\VirusDefs\20101215.003\NAVEX15.SYS -- (NAVEX15)
DRV - [2010.12.08 10:00:00 | 000,086,136 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\ProgramData\Symantec\Definitions\VirusDefs\20101215.003\NAVENG.SYS -- (NAVENG)
DRV - [2010.11.06 21:45:21 | 000,015,264 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\Programme\Lavasoft\Ad-Aware\kernexplorer.sys -- (Lavasoft Kernexplorer)
DRV - [2010.09.10 22:32:20 | 000,167,936 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\wpshelper.sys -- (WpsHelper)
DRV - [2010.07.12 09:55:39 | 000,064,288 | ---- | M] (Lavasoft AB) [File_System | Boot | Running] -- C:\Windows\system32\DRIVERS\Lbd.sys -- (Lbd)
DRV - [2010.05.29 09:00:00 | 000,371,248 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\Programme\Common Files\Symantec Shared\EENGINE\eeCtrl.sys -- (eeCtrl)
DRV - [2010.05.29 09:00:00 | 000,102,448 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\Programme\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys -- (EraserUtilRebootDrv)
DRV - [2010.02.24 13:41:50 | 000,010,064 | ---- | M] (TuneUp Software) [Kernel | On_Demand | Running] -- C:\Programme\TuneUp Utilities 2010\TuneUpUtilitiesDriver32.sys -- (TuneUpUtilitiesDrv)
DRV - [2009.12.16 11:39:49 | 000,124,976 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\SYMEVENT.SYS -- (SymEvent)
DRV - [2009.09.17 17:38:00 | 000,092,488 | ---- | M] (Symantec Corporation) [Kernel | Disabled | Stopped] -- C:\Windows\SYSTEM32\Drivers\SysPlant.sys -- (SysPlant)
DRV - [2009.09.17 17:31:00 | 000,042,312 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\Windows\System32\drivers\WPSDRVnt.sys -- (WPS)
DRV - [2009.09.03 16:03:48 | 000,188,080 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\Windows\System32\Drivers\SYMTDI.SYS -- (SYMTDI)
DRV - [2009.09.03 16:03:48 | 000,026,416 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\Drivers\SYMREDRV.SYS -- (SYMREDRV)
DRV - [2009.08.26 11:54:38 | 000,421,424 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\Programme\Common Files\Symantec Shared\SPBBC\SPBBCDrv.sys -- (SPBBCDrv)
DRV - [2009.08.25 20:05:44 | 000,043,696 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\Windows\System32\drivers\srtspx.sys -- (SRTSPX)
DRV - [2009.08.25 20:05:42 | 000,320,560 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\srtspl.sys -- (SRTSPL)
DRV - [2009.08.25 20:05:42 | 000,281,648 | ---- | M] (Symantec Corporation) [File_System | System | Running] -- C:\Windows\System32\drivers\srtsp.sys -- (SRTSP)
DRV - [2009.07.14 12:51:12 | 000,023,888 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\COH_Mon.sys -- (COH_Mon)
DRV - [2009.06.04 18:43:16 | 000,330,264 | ---- | M] (Intel Corporation) [Kernel | Boot | Running] -- C:\Windows\system32\drivers\iastor.sys -- (iaStor)
DRV - [2009.05.27 13:31:00 | 000,050,064 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\Teefer2.sys -- (Teefer2)
DRV - [2009.05.11 09:12:20 | 000,028,520 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\Windows\System32\drivers\ssmdrv.sys -- (ssmdrv)
DRV - [2008.04.11 19:12:35 | 000,717,296 | ---- | M] (Duplex Secure Ltd.) [Kernel | Disabled | Stopped] -- C:\Windows\System32\Drivers\sptd.sys -- (sptd)
DRV - [2008.03.14 07:45:26 | 000,020,152 | ---- | M] (VIA Technologies, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\viaide.sys -- (viaide)
DRV - [2008.03.14 07:45:26 | 000,019,128 | ---- | M] (CMD Technology, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\cmdide.sys -- (cmdide)
DRV - [2008.03.14 07:45:26 | 000,017,592 | ---- | M] (Acer Laboratories Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\aliide.sys -- (aliide)
DRV - [2008.01.09 12:28:34 | 000,027,632 | ---- | M] (Sony Ericsson Mobile Communications) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\seehcri.sys -- (seehcri)
DRV - [2007.12.10 14:22:22 | 000,110,120 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\s3017unic.sys -- (s3017unic) Sony Ericsson Device 3017 USB Ethernet Emulation SEMC3017 (WDM)
DRV - [2007.12.10 14:22:22 | 000,100,648 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\s3017obex.sys -- (s3017obex)
DRV - [2007.12.10 14:22:20 | 000,104,616 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\s3017mgmt.sys -- (s3017mgmt) Sony Ericsson Device 3017 USB WMC Device Management Drivers (WDM)
DRV - [2007.12.10 14:22:20 | 000,025,512 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\s3017nd5.sys -- (s3017nd5) Sony Ericsson Device 3017 USB Ethernet Emulation SEMC3017 (NDIS)
DRV - [2007.12.10 14:22:18 | 000,110,632 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\s3017mdm.sys -- (s3017mdm)
DRV - [2007.12.10 14:22:18 | 000,015,016 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\s3017mdfl.sys -- (s3017mdfl)
DRV - [2007.12.10 14:22:14 | 000,083,880 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\s3017bus.sys -- (s3017bus) Sony Ericsson Device 3017 driver (WDM)
DRV - [2007.12.03 05:28:08 | 000,330,240 | ---- | M] (IDT, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\stwrt.sys -- (STHDA)
DRV - [2007.09.28 07:40:24 | 000,278,528 | ---- | M] (Marvell) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\yk60x86.sys -- (yukonwlh)
DRV - [2007.09.28 07:24:16 | 007,620,704 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\nvlddmkm.sys -- (nvlddmkm)
DRV - [2007.09.07 10:27:32 | 000,209,408 | ---- | M] (Intel Corporation) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\ianvstor.sys -- (iaNvStor) Intel(R)
DRV - [2007.09.07 09:50:54 | 000,155,136 | ---- | M] (Alps Electric Co., Ltd.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\Apfiltr.sys -- (ApfiltrService)
DRV - [2007.09.07 07:35:46 | 000,037,376 | ---- | M] (REDC) [Kernel | Auto | Running] -- C:\Windows\System32\drivers\rixdptsk.sys -- (rismxdp)
DRV - [2007.09.07 07:35:44 | 000,039,936 | ---- | M] (REDC) [Kernel | Auto | Running] -- C:\Windows\System32\drivers\rimmptsk.sys -- (rimmptsk)
DRV - [2007.09.07 07:35:42 | 000,042,496 | ---- | M] (REDC) [Kernel | Auto | Running] -- C:\Windows\System32\drivers\rimsptsk.sys -- (rimsptsk)
DRV - [2007.08.28 06:51:44 | 000,007,424 | ---- | M] (EyePower Games Pte. Ltd.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\OEM02Vfx.sys -- (OEM02Vfx)
DRV - [2007.08.28 06:51:40 | 000,235,520 | ---- | M] (Creative Technology Ltd.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\OEM02Dev.sys -- (OEM02Dev)
DRV - [2007.08.13 10:44:26 | 002,226,688 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\NETw4v32.sys -- (NETw4v32) Intel(R)
DRV - [2007.03.28 20:15:34 | 000,046,992 | ---- | M] (UPEK Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\tcusb.sys -- (TcUsb)
DRV - [2006.11.07 02:37:16 | 000,078,128 | ---- | M] (Broadcom Corporation.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\btwaudio.sys -- (btwaudio)
DRV - [2006.11.07 00:13:52 | 000,016,560 | ---- | M] (Broadcom Corporation.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\btwrchid.sys -- (btwrchid)
DRV - [2006.11.07 00:13:50 | 000,080,176 | ---- | M] (Broadcom Corporation.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\btwavdt.sys -- (btwavdt)
DRV - [2006.11.02 10:51:45 | 000,900,712 | ---- | M] (QLogic Corporation) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\ql2300.sys -- (ql2300)
DRV - [2006.11.02 10:51:38 | 000,420,968 | ---- | M] (Adaptec, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\adp94xx.sys -- (adp94xx)
DRV - [2006.11.02 10:51:34 | 000,316,520 | ---- | M] (Emulex) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\elxstor.sys -- (elxstor)
DRV - [2006.11.02 10:51:32 | 000,297,576 | ---- | M] (Adaptec, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\adpahci.sys -- (adpahci)
DRV - [2006.11.02 10:51:25 | 000,235,112 | ---- | M] (ULi Electronics Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\uliahci.sys -- (uliahci)
DRV - [2006.11.02 10:51:25 | 000,232,040 | ---- | M] (Intel Corporation) [Kernel | Boot | Running] -- C:\Windows\system32\drivers\iastorv.sys -- (iaStorV)
DRV - [2006.11.02 10:51:00 | 000,147,048 | ---- | M] (Adaptec, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\adpu320.sys -- (adpu320)
DRV - [2006.11.02 10:50:45 | 000,115,816 | ---- | M] (Promise Technology, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\ulsata2.sys -- (ulsata2)
DRV - [2006.11.02 10:50:41 | 000,112,232 | ---- | M] (VIA Technologies Inc.,Ltd) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\vsmraid.sys -- (vsmraid)
DRV - [2006.11.02 10:50:35 | 000,106,088 | ---- | M] (QLogic Corporation) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\ql40xx.sys -- (ql40xx)
DRV - [2006.11.02 10:50:35 | 000,098,408 | ---- | M] (Promise Technology, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\ulsata.sys -- (UlSata)
DRV - [2006.11.02 10:50:35 | 000,098,408 | ---- | M] (Adaptec, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\adpu160m.sys -- (adpu160m)
DRV - [2006.11.02 10:50:24 | 000,088,680 | ---- | M] (NVIDIA Corporation) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\nvraid.sys -- (nvraid)
DRV - [2006.11.02 10:50:19 | 000,045,160 | ---- | M] (IBM Corporation) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\nfrd960.sys -- (nfrd960)
DRV - [2006.11.02 10:50:17 | 000,041,576 | ---- | M] (Intel Corp./ICP vortex GmbH) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\iirsp.sys -- (iirsp)
DRV - [2006.11.02 10:50:16 | 000,071,784 | ---- | M] (Silicon Integrated Systems) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\sisraid4.sys -- (SiSRaid4)
DRV - [2006.11.02 10:50:13 | 000,040,040 | ---- | M] (NVIDIA Corporation) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\nvstor.sys -- (nvstor)
DRV - [2006.11.02 10:50:11 | 000,071,272 | ---- | M] (Adaptec, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\djsvs.sys -- (aic78xx)
DRV - [2006.11.02 10:50:10 | 000,067,688 | ---- | M] (Adaptec, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\arcsas.sys -- (arcsas)
DRV - [2006.11.02 10:50:10 | 000,065,640 | ---- | M] (LSI Logic) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\lsi_scsi.sys -- (LSI_SCSI)
DRV - [2006.11.02 10:50:10 | 000,038,504 | ---- | M] (Silicon Integrated Systems Corp.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\sisraid2.sys -- (SiSRaid2)
DRV - [2006.11.02 10:50:10 | 000,037,480 | ---- | M] (Hewlett-Packard Company) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\hpcisss.sys -- (HpCISSs)
DRV - [2006.11.02 10:50:09 | 000,067,688 | ---- | M] (Adaptec, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\arc.sys -- (arc)
DRV - [2006.11.02 10:50:09 | 000,035,944 | ---- | M] (Integrated Technology Express, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\iteraid.sys -- (iteraid)
DRV - [2006.11.02 10:50:07 | 000,035,944 | ---- | M] (Integrated Technology Express, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\iteatapi.sys -- (iteatapi)
DRV - [2006.11.02 10:50:05 | 000,065,640 | ---- | M] (LSI Logic) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\lsi_sas.sys -- (LSI_SAS)
DRV - [2006.11.02 10:50:05 | 000,035,944 | ---- | M] (LSI Logic) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\symc8xx.sys -- (Symc8xx)
DRV - [2006.11.02 10:50:04 | 000,065,640 | ---- | M] (LSI Logic) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\lsi_fc.sys -- (LSI_FC)
DRV - [2006.11.02 10:50:03 | 000,034,920 | ---- | M] (LSI Logic) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\sym_u3.sys -- (Sym_u3)
DRV - [2006.11.02 10:49:59 | 000,033,384 | ---- | M] (LSI Logic Corporation) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\mraid35x.sys -- (Mraid35x)
DRV - [2006.11.02 10:49:56 | 000,031,848 | ---- | M] (LSI Logic) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\sym_hi.sys -- (Sym_hi)
DRV - [2006.11.02 10:49:53 | 000,028,776 | ---- | M] (LSI Logic Corporation) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\megasas.sys -- (megasas)
DRV - [2006.11.02 09:25:24 | 000,071,808 | ---- | M] (Brother Industries Ltd.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\brserid.sys -- (Brserid) Brother MFC Serial Port Interface Driver (WDM)
DRV - [2006.11.02 09:24:47 | 000,011,904 | ---- | M] (Brother Industries Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\drivers\brusbser.sys -- (BrUsbSer)
DRV - [2006.11.02 09:24:46 | 000,005,248 | ---- | M] (Brother Industries, Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\drivers\brfiltup.sys -- (BrFiltUp)
DRV - [2006.11.02 09:24:45 | 000,013,568 | ---- | M] (Brother Industries, Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\drivers\brfiltlo.sys -- (BrFiltLo)
DRV - [2006.11.02 09:24:44 | 000,062,336 | ---- | M] (Brother Industries Ltd.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\brserwdm.sys -- (BrSerWdm)
DRV - [2006.11.02 09:24:44 | 000,012,160 | ---- | M] (Brother Industries Ltd.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\brusbmdm.sys -- (BrUsbMdm)
DRV - [2006.11.02 08:36:50 | 000,020,608 | ---- | M] (N-trig Innovative Technologies) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\ntrigdigi.sys -- (ntrigdigi)
DRV - [2006.11.02 08:36:43 | 002,028,032 | ---- | M] (ATI Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\atikmdag.sys -- (R300)
DRV - [2006.11.02 08:30:55 | 000,200,704 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\e1e6032.sys -- (e1express) Intel(R)
DRV - [2006.11.02 08:30:54 | 000,117,760 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\E1G60I32.sys -- (E1G60) Intel(R)
 
 
========== Standard Registry (SafeList) ==========
 
 
========== Internet Explorer ==========
 
IE - HKLM\..\URLSearchHook: {872b5b88-9db5-4310-bdd0-ac189557e5f5} - C:\Programme\DVDVideoSoftTB\tbDVDV.dll (Conduit Ltd.)
IE - HKLM\..\URLSearchHook: {cc05a3e3-64c3-4af2-bfc1-af0d66b69065} - C:\Programme\softonic-de3\tbsoft.dll (Conduit Ltd.)
IE - HKLM\..\URLSearchHook: {e9911ec6-1bcc-40b0-9993-e0eea7f6953f} - C:\Programme\DVDVideoSoft\tbDVDV.dll (Conduit Ltd.)
 
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Search_URL = h**p://www.google.com/ie
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = h**p://www.google.com
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = h**p://search.conduit.com?SearchSource=10&ctid=CT2431245
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = h**p://de.msn.com/?ocid=iehp
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = de
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 50 ED 69 31 60 0E CB 01 [binary data]
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,StartPageCache = 1
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Search,Default_Search_URL = h**p://www.google.com/ie
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = h**p://www.google.com/ie
IE - HKCU\..\URLSearchHook: - Reg Error: Key error. File not found
IE - HKCU\..\URLSearchHook: {872b5b88-9db5-4310-bdd0-ac189557e5f5} - C:\Programme\DVDVideoSoftTB\tbDVDV.dll (Conduit Ltd.)
IE - HKCU\..\URLSearchHook: {cc05a3e3-64c3-4af2-bfc1-af0d66b69065} - C:\Programme\softonic-de3\tbsoft.dll (Conduit Ltd.)
IE - HKCU\..\URLSearchHook: {e9911ec6-1bcc-40b0-9993-e0eea7f6953f} - C:\Programme\DVDVideoSoft\tbDVDV.dll (Conduit Ltd.)
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local
 
========== FireFox ==========
 
FF - prefs.js..browser.search.defaultenginename: "ICQ Search"
FF - prefs.js..browser.search.defaultthis.engineName: "softonic-de3 Customized Web Search"
FF - prefs.js..browser.search.defaulturl: "h**p://search.conduit.com/ResultsExt.aspx?ctid=CT2431245&SearchSource=3&q={searchTerms}"
FF - prefs.js..browser.search.selectedEngine: "ICQ Search"
FF - prefs.js..browser.search.useDBForOrder: true
FF - prefs.js..browser.startup.homepage: "h**p://www.google.de/"
FF - prefs.js..extensions.enabledItems: {d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}:1.2.2
FF - prefs.js..extensions.enabledItems: {e9911ec6-1bcc-40b0-9993-e0eea7f6953f}:2.5.6.0
FF - prefs.js..extensions.enabledItems: {800b5000-a755-47e1-992b-48a1c1357f07}:1.1.5
FF - prefs.js..extensions.enabledItems: {ACAA314B-EEBA-48e4-AD47-84E31C44796C}:1.0.1
FF - prefs.js..extensions.enabledItems: {ABDE892B-13A8-4d1b-88E6-365A6E755758}:1.1.4
FF - prefs.js..extensions.enabledItems: {872b5b88-9db5-4310-bdd0-ac189557e5f5}:2.7.2.0
FF - prefs.js..extensions.enabledItems: {cc05a3e3-64c3-4af2-bfc1-af0d66b69065}:2.7.1.3
FF - prefs.js..keyword.URL: "h**p://search.conduit.com/ResultsExt.aspx?ctid=CT2431245&q="
FF - prefs.js..network.proxy.backup.ftp: "proxy1.ruf.uni-freiburg.de"
FF - prefs.js..network.proxy.backup.ftp_port: 80
FF - prefs.js..network.proxy.backup.gopher: "proxy1.ruf.uni-freiburg.de"
FF - prefs.js..network.proxy.backup.gopher_port: 80
FF - prefs.js..network.proxy.backup.socks: "proxy1.ruf.uni-freiburg.de"
FF - prefs.js..network.proxy.backup.socks_port: 80
FF - prefs.js..network.proxy.backup.ssl: "proxy1.ruf.uni-freiburg.de"
FF - prefs.js..network.proxy.backup.ssl_port: 80
FF - prefs.js..network.proxy.ftp: "proxy1.ruf.uni-freiburg.de"
FF - prefs.js..network.proxy.ftp_port: 80
FF - prefs.js..network.proxy.gopher: "proxy1.ruf.uni-freiburg.de"
FF - prefs.js..network.proxy.gopher_port: 80
FF - prefs.js..network.proxy.h**p: "proxy1.ruf.uni-freiburg.de"
FF - prefs.js..network.proxy.h**p_port: 80
FF - prefs.js..network.proxy.no_proxies_on: "localhost, 127.0.0.1, uni-freiburg.de"
FF - prefs.js..network.proxy.share_proxy_settings: true
FF - prefs.js..network.proxy.socks: "proxy1.ruf.uni-freiburg.de"
FF - prefs.js..network.proxy.socks_port: 80
FF - prefs.js..network.proxy.ssl: "proxy1.ruf.uni-freiburg.de"
FF - prefs.js..network.proxy.ssl_port: 80
 
 
FF - HKLM\software\mozilla\Firefox\Extensions\\{ABDE892B-13A8-4d1b-88E6-365A6E755758}: C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\Firefox\Ext [2010.06.17 22:10:43 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.6.13\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2010.12.11 02:58:52 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.6.13\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2010.12.11 02:58:54 | 000,000,000 | ---D | M]
 
[2008.08.26 15:58:04 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\mozilla\Extensions
[2010.12.15 21:00:59 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\mozilla\Firefox\Profiles\2tvx7mw8.default\extensions
[2010.09.07 08:26:37 | 000,000,000 | ---D | M] (DVDVideoSoftTB Toolbar) -- C:\Users\***\AppData\Roaming\mozilla\Firefox\Profiles\2tvx7mw8.default\extensions\{872b5b88-9db5-4310-bdd0-ac189557e5f5}
[2010.05.22 11:01:43 | 000,000,000 | ---D | M] (No name found) -- C:\Users\***\AppData\Roaming\mozilla\Firefox\Profiles\2tvx7mw8.default\extensions\{ACAA314B-EEBA-48e4-AD47-84E31C44796C}
[2010.08.12 20:50:16 | 000,000,000 | ---D | M] (softonic-de3 Toolbar) -- C:\Users\***\AppData\Roaming\mozilla\Firefox\Profiles\2tvx7mw8.default\extensions\{cc05a3e3-64c3-4af2-bfc1-af0d66b69065}
[2010.09.07 08:26:37 | 000,000,000 | ---D | M] (Adblock Plus) -- C:\Users\***\AppData\Roaming\mozilla\Firefox\Profiles\2tvx7mw8.default\extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}
[2010.02.03 08:51:02 | 000,000,000 | ---D | M] (DVDVideoSoft Toolbar) -- C:\Users\***\AppData\Roaming\mozilla\Firefox\Profiles\2tvx7mw8.default\extensions\{e9911ec6-1bcc-40b0-9993-e0eea7f6953f}
[2010.05.30 20:01:52 | 000,001,819 | ---- | M] () -- C:\Users\***\AppData\Roaming\Mozilla\FireFox\Profiles\2tvx7mw8.default\searchplugins\bing.xml
[2010.06.08 10:29:10 | 000,000,927 | ---- | M] () -- C:\Users\***\AppData\Roaming\Mozilla\FireFox\Profiles\2tvx7mw8.default\searchplugins\conduit.xml
[2010.12.10 13:54:35 | 000,000,950 | ---- | M] () -- C:\Users\***\AppData\Roaming\Mozilla\FireFox\Profiles\2tvx7mw8.default\searchplugins\icqplugin-1.xml
[2010.08.13 08:12:31 | 000,000,950 | ---- | M] () -- C:\Users\***\AppData\Roaming\Mozilla\FireFox\Profiles\2tvx7mw8.default\searchplugins\icqplugin-10.xml
[2010.09.19 23:44:41 | 000,000,950 | ---- | M] () -- C:\Users\***\AppData\Roaming\Mozilla\FireFox\Profiles\2tvx7mw8.default\searchplugins\icqplugin-11.xml
[2010.12.11 02:59:31 | 000,000,950 | ---- | M] () -- C:\Users\***\AppData\Roaming\Mozilla\FireFox\Profiles\2tvx7mw8.default\searchplugins\icqplugin-12.xml
[2010.07.24 12:10:39 | 000,000,950 | ---- | M] () -- C:\Users\***\AppData\Roaming\Mozilla\FireFox\Profiles\2tvx7mw8.default\searchplugins\icqplugin-2.xml
[2009.12.17 21:07:41 | 000,000,961 | ---- | M] () -- C:\Users\***\AppData\Roaming\Mozilla\FireFox\Profiles\2tvx7mw8.default\searchplugins\icqplugin-3.xml
[2009.12.30 22:27:29 | 000,000,961 | ---- | M] () -- C:\Users\***\AppData\Roaming\Mozilla\FireFox\Profiles\2tvx7mw8.default\searchplugins\icqplugin-4.xml
[2010.01.15 18:08:27 | 000,000,961 | ---- | M] () -- C:\Users\***\AppData\Roaming\Mozilla\FireFox\Profiles\2tvx7mw8.default\searchplugins\icqplugin-5.xml
[2010.02.24 21:52:47 | 000,000,961 | ---- | M] () -- C:\Users\***\AppData\Roaming\Mozilla\FireFox\Profiles\2tvx7mw8.default\searchplugins\icqplugin-6.xml
[2010.03.24 18:11:22 | 000,000,950 | ---- | M] () -- C:\Users\***\AppData\Roaming\Mozilla\FireFox\Profiles\2tvx7mw8.default\searchplugins\icqplugin-7.xml
[2010.07.03 17:04:10 | 000,000,950 | ---- | M] () -- C:\Users\***\AppData\Roaming\Mozilla\FireFox\Profiles\2tvx7mw8.default\searchplugins\icqplugin-8.xml
[2010.07.24 14:16:49 | 000,000,950 | ---- | M] () -- C:\Users\***\AppData\Roaming\Mozilla\FireFox\Profiles\2tvx7mw8.default\searchplugins\icqplugin-9.xml
[2008.03.31 09:52:00 | 000,000,168 | ---- | M] () -- C:\Users\***\AppData\Roaming\Mozilla\FireFox\Profiles\2tvx7mw8.default\searchplugins\icqplugin.gif
[2008.03.31 09:52:00 | 000,000,618 | ---- | M] () -- C:\Users\***\AppData\Roaming\Mozilla\FireFox\Profiles\2tvx7mw8.default\searchplugins\icqplugin.src
[2009.07.13 17:12:02 | 000,000,944 | ---- | M] () -- C:\Users\***\AppData\Roaming\Mozilla\FireFox\Profiles\2tvx7mw8.default\searchplugins\icqplugin.xml
[2010.07.31 08:46:59 | 000,000,000 | ---D | M] -- C:\Programme\Mozilla Firefox\extensions
[2009.10.28 19:08:25 | 000,000,000 | ---D | M] (No name found) -- C:\Programme\Mozilla Firefox\extensions\{800b5000-a755-47e1-992b-48a1c1357f07}
[2008.07.10 10:40:04 | 000,000,000 | ---D | M] (BearShare MediaBar) -- C:\Programme\Mozilla Firefox\extensions\{D3DEE18F-DB64-4BEB-9FF1-E1F0A5033E4A}
[2010.11.02 14:42:48 | 000,001,392 | ---- | M] () -- C:\Programme\Mozilla Firefox\searchplugins\amazondotcom-de.xml
[2010.11.02 14:42:48 | 000,002,344 | ---- | M] () -- C:\Programme\Mozilla Firefox\searchplugins\eBay-de.xml
[2010.11.02 14:42:49 | 000,006,805 | ---- | M] () -- C:\Programme\Mozilla Firefox\searchplugins\leo_ende_de.xml
[2010.11.02 14:42:49 | 000,001,178 | ---- | M] () -- C:\Programme\Mozilla Firefox\searchplugins\wikipedia-de.xml
[2010.11.02 14:42:49 | 000,001,105 | ---- | M] () -- C:\Programme\Mozilla Firefox\searchplugins\yahoo-de.xml
 
O1 HOSTS File: ([2006.09.18 22:41:30 | 000,000,761 | ---- | M]) - C:\Windows\System32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O1 - Hosts: ::1 localhost
O2 - BHO: (RealPlayer Download and Record Plugin for Internet Explorer) - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\IE\rpbrowserrecordplugin.dll (RealPlayer)
O2 - BHO: (Search Helper) - {6EBF7485-159F-4bff-A14F-B9E3AAC4465B} - C:\Programme\Microsoft\Search Enhancement Pack\Search Helper\SEPsearchhelperie.dll (Microsoft Corporation)
O2 - BHO: (Groove GFS Browser Helper) - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Programme\Microsoft Office\Office12\GrooveShellExtensions.dll (Microsoft Corporation)
O2 - BHO: (DVDVideoSoftTB Toolbar) - {872b5b88-9db5-4310-bdd0-ac189557e5f5} - C:\Programme\DVDVideoSoftTB\tbDVDV.dll (Conduit Ltd.)
O2 - BHO: (Windows Live Anmelde-Hilfsprogramm) - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Programme\Common Files\microsoft shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corporation)
O2 - BHO: (Google Toolbar Notifier BHO) - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Programme\Google\GoogleToolbarNotifier\5.4.4525.1752\swg.dll (Google Inc.)
O2 - BHO: (CBrowserHelperObject Object) - {CA6319C0-31B7-401E-A518-A07C3DB8F777} - C:\Programme\Dell\BAE\BAE.dll (Dell Inc.)
O2 - BHO: (softonic-de3 Toolbar) - {cc05a3e3-64c3-4af2-bfc1-af0d66b69065} - C:\Programme\softonic-de3\tbsoft.dll (Conduit Ltd.)
O2 - BHO: (Windows Live Toolbar Helper) - {E15A8DC0-8516-42A1-81EA-DC94EC1ACF10} - C:\Programme\Windows Live\Toolbar\wltcore.dll (Microsoft Corporation)
O2 - BHO: (DVDVideoSoft Toolbar) - {e9911ec6-1bcc-40b0-9993-e0eea7f6953f} - C:\Programme\DVDVideoSoft\tbDVDV.dll (Conduit Ltd.)
O3 - HKLM\..\Toolbar: (&Windows Live Toolbar) - {21FA44EF-376D-4D53-9B0F-8A89D3229068} - C:\Programme\Windows Live\Toolbar\wltcore.dll (Microsoft Corporation)
O3 - HKLM\..\Toolbar: (DVDVideoSoftTB Toolbar) - {872b5b88-9db5-4310-bdd0-ac189557e5f5} - C:\Programme\DVDVideoSoftTB\tbDVDV.dll (Conduit Ltd.)
O3 - HKLM\..\Toolbar: (softonic-de3 Toolbar) - {cc05a3e3-64c3-4af2-bfc1-af0d66b69065} - C:\Programme\softonic-de3\tbsoft.dll (Conduit Ltd.)
O3 - HKLM\..\Toolbar: (DVDVideoSoft Toolbar) - {e9911ec6-1bcc-40b0-9993-e0eea7f6953f} - C:\Programme\DVDVideoSoft\tbDVDV.dll (Conduit Ltd.)
O3 - HKCU\..\Toolbar\WebBrowser: (&Windows Live Toolbar) - {21FA44EF-376D-4D53-9B0F-8A89D3229068} - C:\Programme\Windows Live\Toolbar\wltcore.dll (Microsoft Corporation)
O3 - HKCU\..\Toolbar\WebBrowser: (DVDVideoSoftTB Toolbar) - {872B5B88-9DB5-4310-BDD0-AC189557E5F5} - C:\Programme\DVDVideoSoftTB\tbDVDV.dll (Conduit Ltd.)
O3 - HKCU\..\Toolbar\WebBrowser: (softonic-de3 Toolbar) - {CC05A3E3-64C3-4AF2-BFC1-AF0D66B69065} - C:\Programme\softonic-de3\tbsoft.dll (Conduit Ltd.)
O3 - HKCU\..\Toolbar\WebBrowser: (DVDVideoSoft Toolbar) - {E9911EC6-1BCC-40B0-9993-E0EEA7F6953F} - C:\Programme\DVDVideoSoft\tbDVDV.dll (Conduit Ltd.)
O4 - HKLM..\Run: [Apoint] C:\Programme\DellTPad\Apoint.exe (Alps Electric Co., Ltd.)
O4 - HKLM..\Run: [ccApp] C:\Program Files\Common Files\Symantec Shared\ccApp.exe (Symantec Corporation)
O4 - HKLM..\Run: [DELL Webcam Manager] C:\Program Files\Dell\Dell Webcam Manager\DellWMgr.exe (Creative Technology Ltd.)
O4 - HKLM..\Run: [DivXUpdate] C:\Program Files\DivX\DivX Update\DivXUpdate.exe ()
O4 - HKLM..\Run: [IAAnotif] C:\Programme\Intel\Intel Matrix Storage Manager\IAAnotif.exe (Intel Corporation)
O4 - HKLM..\Run: [Malwarebytes' Anti-Malware (reboot)] C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe (Malwarebytes Corporation)
O4 - HKLM..\Run: [NvCplDaemon] C:\Windows\System32\NvCpl.DLL (NVIDIA Corporation)
O4 - HKLM..\Run: [NVHotkey] C:\Windows\System32\nvHotkey.DLL (NVIDIA Corporation)
O4 - HKLM..\Run: [NvMediaCenter] C:\Windows\System32\NvMcTray.DLL (NVIDIA Corporation)
O4 - HKLM..\Run: [NvSvc] C:\Windows\System32\nvsvc.DLL (NVIDIA Corporation)
O4 - HKLM..\Run: [OEM02Mon.exe] C:\Windows\OEM02Mon.exe (Creative Technology Ltd.)
O4 - HKLM..\Run: [SigmatelSysTrayApp] C:\Programme\Sigmatel\C-Major Audio\WDM\sttray.exe (IDT, Inc.)
O4 - HKLM..\Run: [Windows Defender] C:\Program Files\Windows Defender\MSASCui.exe (Microsoft Corporation)
O4 - HKCU..\Run: [WMPNSCFG] C:\Programme\Windows Media Player\wmpnscfg.exe (Microsoft Corporation)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: DisableCAD = 1
O8 - Extra context menu item: Add to Google Photos Screensa&ver - C:\Windows\System32\GPhotos.scr (Google Inc.)
O8 - Extra context menu item: Bild an &Bluetooth-Gerät senden... - c:\Programme\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm ()
O8 - Extra context menu item: Free YouTube to Mp3 Converter - C:\Users\***\AppData\Roaming\DVDVideoSoftIEHelpers\youtubetomp3.htm ()
O8 - Extra context menu item: Nach Microsoft E&xel exportieren - C:\Programme\Microsoft Office\Office12\EXCEL.EXE (Microsoft Corporation)
O8 - Extra context menu item: Seite an &Bluetooth-Gerät senden... - c:\Programme\WIDCOMM\Bluetooth Software\btsendto_ie.htm ()
O9 - Extra Button: In Blog veröffentlichen - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Programme\Windows Live\Writer\WriterBrowserExtension.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : In Windows Live Writer in Blog veröffentliche&n - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Programme\Windows Live\Writer\WriterBrowserExtension.dll (Microsoft Corporation)
O9 - Extra Button: An OneNote senden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Programme\Microsoft Office\Office12\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : An OneNote s&enden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Programme\Microsoft Office\Office12\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra Button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\Programme\Microsoft Office\Office12\REFIEBAR.DLL (Microsoft Corporation)
O9 - Extra Button: @btrez.dll,-4015 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - c:\Programme\WIDCOMM\Bluetooth Software\btsendto_ie.htm ()
O9 - Extra 'Tools' menuitem : @btrez.dll,-12650 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - c:\Programme\WIDCOMM\Bluetooth Software\btsendto_ie.htm ()
O9 - Extra Button: ICQ6 - {E59EB121-F339-4851-A3BA-FE49C35617C2} - C:\Programme\ICQ6.5\ICQ.exe (ICQ, LLC.)
O9 - Extra 'Tools' menuitem : ICQ6 - {E59EB121-F339-4851-A3BA-FE49C35617C2} - C:\Programme\ICQ6.5\ICQ.exe (ICQ, LLC.)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000008 [] - C:\Programme\Bonjour\mdnsNSP.dll (Apple Inc.)
O13 - gopher Prefix: missing
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} h**p://java.sun.com/update/1.6.0/jinstall-1_6_0_17-windows-i586.cab (Java Plug-in 1.6.0_17)
O16 - DPF: {CAFEEFAC-0016-0000-0000-ABCDEFFEDCBA} h**p://java.sun.com/update/1.6.0/jinstall-1_6_0-windows-i586.cab (Java Plug-in 1.6.0)
O16 - DPF: {CAFEEFAC-0016-0000-0017-ABCDEFFEDCBA} h**p://java.sun.com/update/1.6.0/jinstall-1_6_0_17-windows-i586.cab (Java Plug-in 1.6.0_17)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} h**p://java.sun.com/update/1.6.0/jinstall-1_6_0_17-windows-i586.cab (Java Plug-in 1.6.0_17)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.2.1
O18 - Protocol\Handler\grooveLocalGWS {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\Programme\Microsoft Office\Office12\GrooveSystemServices.dll (Microsoft Corporation)
O18 - Protocol\Handler\h**p\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\h**p\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\h**ps\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\h**ps\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\msdaipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\msdaipp\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\ms-help {314111c7-a502-11d2-bbca-00c04f8ec294} - C:\Programme\Common Files\microsoft shared\Help\hxds.dll (Microsoft Corporation)
O18 - Protocol\Filter\text/xml {807563E5-5146-11D5-A672-00B0D022E945} - C:\Programme\Common Files\microsoft shared\OFFICE12\MSOXMLMF.DLL (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: GinaDLL - (vrlogon.dll) - C:\Windows\System32\vrlogon.dll (UPEK Inc.)
O20 - Winlogon\Notify\psfus: DllName - C:\Windows\system32\psqlpwd.dll - C:\Windows\System32\psqlpwd.dll (UPEK Inc.)
O24 - Desktop WallPaper: C:\Users\Public\Pictures\Sample Pictures\Tree.jpg
O24 - Desktop BackupWallPaper: C:\Users\Public\Pictures\Sample Pictures\Tree.jpg
O28 - HKLM ShellExecuteHooks: {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - C:\Programme\Microsoft Office\Office12\GrooveShellExtensions.dll (Microsoft Corporation)
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2006.09.18 22:43:36 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]
O33 - MountPoints2\{1117d410-d1ff-11de-aeec-001d093f7ba2}\Shell - "" = AutoRun
O33 - MountPoints2\{1117d410-d1ff-11de-aeec-001d093f7ba2}\Shell\AutoRun\command - "" = H:\LaunchU3.exe -- File not found
O33 - MountPoints2\{3c61228d-7489-11df-ba45-001d093f7ba2}\Shell\AutoRun\command - "" = usecure/usecure32.exe
O33 - MountPoints2\{3c61228d-7489-11df-ba45-001d093f7ba2}\Shell\explore\command - "" = usecure/usecure32.exe
O33 - MountPoints2\{3c61228d-7489-11df-ba45-001d093f7ba2}\Shell\open\command - "" = usecure/usecure32.exe
O33 - MountPoints2\{4ca78a45-d207-11df-90d8-db78d1d910ca}\Shell - "" = AutoRun
O33 - MountPoints2\{4ca78a45-d207-11df-90d8-db78d1d910ca}\Shell\AutoRun\command - "" = H:\LaunchU3.exe -- File not found
O34 - HKLM BootExecute: (autocheck autochk *) - File not found
O34 - HKLM BootExecute: (OODBS) - C:\Windows\System32\OODBS.exe (O&O Software GmbH)
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
 
NetSvcs: UxTuneUp - C:\Windows\System32\uxtuneup.dll (TuneUp Software)
NetSvcs: FastUserSwitchingCompatibility - File not found
NetSvcs: Ias - File not found
NetSvcs: Nla - File not found
NetSvcs: Ntmssvc - File not found
NetSvcs: NWCWorkstation - File not found
NetSvcs: Nwsapagent - File not found
NetSvcs: SRService - File not found
NetSvcs: WmdmPmSp - File not found
NetSvcs: LogonHours - File not found
NetSvcs: PCAudit - File not found
NetSvcs: helpsvc - File not found
NetSvcs: uploadmgr - File not found
 
MsConfig - StartUpFolder: C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^BTTray.lnk - C:\Programme\WIDCOMM\Bluetooth Software\BTTray.exe - (Broadcom Corporation.)
MsConfig - StartUpFolder: C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^PHOTOfunSTUDIO 5.0.lnk - C:\Programme\Common Files\Panasonic\PHOTOfunSTUDIO AutoStart\AutoStartupService.exe - (Panasonic Corporation)
MsConfig - StartUpFolder: C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^QuickSet.lnk - C:\Programme\Dell\QuickSet\quickset.exe - (Dell Inc.)
MsConfig - StartUpReg: DivXUpdate - hkey= - key= - C:\Program Files\DivX\DivX Update\DivXUpdate.exe ()
MsConfig - StartUpReg: FreePDF Assistant - hkey= - key= - C:\Programme\FreePDF_XP\fpassist.exe (shbox.de)
MsConfig - StartUpReg: GrooveMonitor - hkey= - key= - C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe (Microsoft Corporation)
MsConfig - StartUpReg: NeroFilterCheck - hkey= - key= - File not found
MsConfig - StartUpReg: OODefragTray - hkey= - key= - C:\Programme\OO Software\Defrag\oodtray.exe (O&O Software GmbH)
MsConfig - StartUpReg: swg - hkey= - key= - C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe (Google Inc.)
MsConfig - State: "startup" - 2
 
Drivers32: midi - C:\Windows\System32\wdmaud.drv (Microsoft Corporation)
Drivers32: midi1 - C:\Windows\System32\wdmaud.drv (Microsoft Corporation)
Drivers32: midi2 - C:\Windows\System32\wdmaud.drv (Microsoft Corporation)
Drivers32: midimapper - C:\Windows\System32\midimap.dll (Microsoft Corporation)
Drivers32: mixer - C:\Windows\System32\wdmaud.drv (Microsoft Corporation)
Drivers32: mixer1 - C:\Windows\System32\wdmaud.drv (Microsoft Corporation)
Drivers32: mixer2 - C:\Windows\System32\wdmaud.drv (Microsoft Corporation)
Drivers32: msacm.imaadpcm - C:\Windows\System32\imaadp32.acm (Microsoft Corporation)
Drivers32: msacm.l3acm - C:\Windows\System32\l3codeca.acm (Fraunhofer Institut Integrierte Schaltungen IIS)
Drivers32: msacm.msadpcm - C:\Windows\System32\msadp32.acm (Microsoft Corporation)
Drivers32: msacm.msg711 - C:\Windows\System32\msg711.acm (Microsoft Corporation)
Drivers32: msacm.msgsm610 - C:\Windows\System32\msgsm32.acm (Microsoft Corporation)
Drivers32: MSVideo8 - C:\Windows\System32\vfwwdm32.dll (Microsoft Corporation)
Drivers32: vidc.cvid - C:\Windows\System32\iccvid.dll (Radius Inc.)
Drivers32: vidc.DIVX - C:\Windows\System32\DivX.dll (DivX, Inc.)
Drivers32: vidc.i420 - C:\Windows\System32\i420vfw.dll (www.helixcommunity.org)
Drivers32: VIDC.IYUV - C:\Windows\System32\iyuv_32.dll (Microsoft Corporation)
Drivers32: vidc.mrle - C:\Windows\System32\msrle32.dll (Microsoft Corporation)
Drivers32: vidc.msvc - C:\Windows\System32\msvidc32.dll (Microsoft Corporation)
Drivers32: VIDC.UYVY - C:\Windows\System32\msyuv.dll (Microsoft Corporation)
Drivers32: VIDC.YUY2 - C:\Windows\System32\msyuv.dll (Microsoft Corporation)
Drivers32: vidc.yv12 - C:\Windows\System32\yv12vfw.dll (www.helixcommunity.org)
Drivers32: VIDC.YVU9 - C:\Windows\System32\tsbyuv.dll (Microsoft Corporation)
Drivers32: VIDC.YVYU - C:\Windows\System32\msyuv.dll (Microsoft Corporation)
Drivers32: wave - C:\Windows\System32\wdmaud.drv (Microsoft Corporation)
Drivers32: wave1 - C:\Windows\System32\wdmaud.drv (Microsoft Corporation)
Drivers32: wave2 - C:\Windows\System32\wdmaud.drv (Microsoft Corporation)
Drivers32: wavemapper - C:\Windows\System32\msacm32.drv (Microsoft Corporation)
 
CREATERESTOREPOINT
Error creating restore point.
 
========== Files/Folders - Created Within 30 Days ==========
 
[2010.12.15 21:13:46 | 000,000,000 | ---D | C] -- C:\Users\***\Desktop\Virus
[2010.12.15 20:55:01 | 000,000,000 | ---D | C] -- C:\Windows\ERDNT
[2010.12.15 20:54:24 | 000,000,000 | ---D | C] -- C:\Programme\ERUNT
[2010.12.15 20:39:34 | 000,000,000 | ---D | C] -- C:\Users\***\AppData\Roaming\Malwarebytes
[2010.12.15 20:38:38 | 000,038,224 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbamswissarmy.sys
[2010.12.15 20:38:30 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes
[2010.12.15 20:38:19 | 000,020,952 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbam.sys
[2010.12.15 20:38:18 | 000,000,000 | ---D | C] -- C:\Programme\Malwarebytes' Anti-Malware
[2010.12.15 20:35:33 | 000,000,000 | ---D | C] -- C:\Users\Public\Desktop\MFtools
[2010.11.29 10:02:37 | 000,000,000 | ---D | C] -- C:\Users\***\AppData\Local\FreePDF_XP
[2010.01.12 16:09:19 | 000,148,736 | ---- | C] (Avanquest Software) -- C:\ProgramData\hpeCB63.dll
[2008.07.10 10:38:30 | 008,897,064 | ---- | C] (Musiclab, LLC) -- C:\Programme\BearShareV6.exe
[1 C:\Users\***\Desktop\*.tmp files -> C:\Users\***\Desktop\*.tmp -> ]
 
========== Files - Modified Within 30 Days ==========
 
[2010.12.15 22:45:00 | 000,000,434 | -H-- | M] () -- C:\Windows\tasks\User_Feed_Synchronization-{DBD29A69-2A2F-4BDF-A6E9-EBF5645E58B7}.job
[2010.12.15 21:46:06 | 000,001,096 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
[2010.12.15 21:41:23 | 000,130,413 | ---- | M] () -- C:\Users\***\AppData\Roaming\nvModes.001
[2010.12.15 21:39:56 | 000,001,092 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
[2010.12.15 21:36:40 | 000,001,052 | ---- | M] () -- C:\Windows\tasks\Google Software Updater.job
[2010.12.15 21:34:42 | 000,000,370 | ---- | M] () -- C:\Windows\tasks\Ad-Aware Update (Weekly).job
[2010.12.15 21:34:09 | 000,003,568 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0
[2010.12.15 21:34:08 | 000,003,568 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0
[2010.12.15 21:33:56 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2010.12.15 21:33:16 | 2145,452,032 | -HS- | M] () -- C:\hiberfil.sys
[2010.12.15 21:33:12 | 334,986,597 | ---- | M] () -- C:\Windows\MEMORY.DMP
[2010.12.15 21:33:12 | 000,400,664 | ---- | M] () -- C:\Windows\System32\oodbs.lor
[2010.12.15 21:21:39 | 000,000,012 | ---- | M] () -- C:\Windows\bthservsdp.dat
[2010.12.15 21:21:10 | 000,000,020 | ---- | M] () -- C:\Users\***\defogger_reenable
[2010.12.15 20:54:32 | 000,000,735 | ---- | M] () -- C:\Users\***\Desktop\NTREGOPT.lnk
[2010.12.15 20:54:32 | 000,000,716 | ---- | M] () -- C:\Users\***\Desktop\ERUNT.lnk
[2010.12.15 20:35:42 | 000,050,477 | ---- | M] () -- C:\Users\***\Desktop\defogger.exe
[2010.12.15 20:35:40 | 000,288,107 | ---- | M] () -- C:\Users\***\Desktop\Gmer.zip
[2010.12.15 09:21:02 | 000,054,405 | ---- | M] () -- C:\Users\***\Desktop\Wohnungssuche.pdf
[2010.12.09 12:40:48 | 000,031,744 | ---- | M] () -- C:\Users\***\Desktop\Internet.doc
[2010.12.09 10:49:33 | 002,828,288 | ---- | M] () -- C:\Users\***\Desktop\Wohnung Zürich.doc
[2010.12.08 12:19:02 | 000,000,162 | -H-- | M] () -- C:\Users\***\Desktop\~$hnung Zürich.doc
[2010.12.08 12:00:10 | 000,014,814 | ---- | M] () -- C:\Users\***\Desktop\Anschaffungen Wohnung.docx
[2010.12.05 16:10:41 | 000,001,889 | ---- | M] () -- C:\Users\Public\Desktop\Adobe Reader 9.lnk
[2010.12.03 14:05:58 | 000,068,348 | ---- | M] () -- C:\Users\***\Desktop\ticketdirect379881525.pdf
[2010.11.30 19:04:02 | 000,626,790 | ---- | M] () -- C:\Windows\System32\perfh007.dat
[2010.11.30 19:04:02 | 000,594,224 | ---- | M] () -- C:\Windows\System32\perfh009.dat
[2010.11.30 19:04:02 | 000,126,194 | ---- | M] () -- C:\Windows\System32\perfc007.dat
[2010.11.30 19:04:02 | 000,104,038 | ---- | M] () -- C:\Windows\System32\perfc009.dat
[2010.11.29 17:42:18 | 000,038,224 | ---- | M] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbamswissarmy.sys
[2010.11.29 17:42:06 | 000,020,952 | ---- | M] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbam.sys
[2010.11.22 23:02:58 | 000,010,417 | ---- | M] () -- C:\Users\***\Desktop\Ebay.xlsx
[2010.11.16 20:37:30 | 000,001,400 | ---- | M] () -- C:\Users\***\Desktop\DivX Movies.lnk
[2010.11.16 20:36:44 | 000,000,919 | ---- | M] () -- C:\Users\Public\Desktop\DivX Plus Player.lnk
[1 C:\Users\***\Desktop\*.tmp files -> C:\Users\***\Desktop\*.tmp -> ]
 
========== Files Created - No Company Name ==========
 
[2010.12.15 21:34:42 | 000,000,370 | ---- | C] () -- C:\Windows\tasks\Ad-Aware Update (Weekly).job
[2010.12.15 21:33:12 | 334,986,597 | ---- | C] () -- C:\Windows\MEMORY.DMP
[2010.12.15 21:26:24 | 000,296,448 | ---- | C] () -- C:\Users\***\Desktop\gmer.exe
[2010.12.15 21:20:45 | 000,000,020 | ---- | C] () -- C:\Users\***\defogger_reenable
[2010.12.15 20:54:32 | 000,000,735 | ---- | C] () -- C:\Users\***\Desktop\NTREGOPT.lnk
[2010.12.15 20:54:32 | 000,000,716 | ---- | C] () -- C:\Users\***\Desktop\ERUNT.lnk
[2010.12.15 20:35:41 | 000,050,477 | ---- | C] () -- C:\Users\***\Desktop\defogger.exe
[2010.12.15 20:35:37 | 000,288,107 | ---- | C] () -- C:\Users\***\Desktop\Gmer.zip
[2010.12.15 09:20:56 | 000,054,405 | ---- | C] () -- C:\Users\***\Desktop\Wohnungssuche.pdf
[2010.12.09 12:09:13 | 000,031,744 | ---- | C] () -- C:\Users\***\Desktop\Internet.doc
[2010.12.08 12:19:02 | 000,000,162 | -H-- | C] () -- C:\Users\***\Desktop\~$hnung Zürich.doc
[2010.12.08 12:00:10 | 000,014,814 | ---- | C] () -- C:\Users\***\Desktop\Anschaffungen Wohnung.docx
[2010.12.07 21:14:01 | 002,828,288 | ---- | C] () -- C:\Users\***\Desktop\Wohnung Zürich.doc
[2010.12.05 16:10:00 | 000,001,889 | ---- | C] () -- C:\Users\Public\Desktop\Adobe Reader 9.lnk
[2010.12.03 14:05:58 | 000,068,348 | ---- | C] () -- C:\Users\***\Desktop\ticketdirect379881525.pdf
[2010.11.22 23:02:58 | 000,010,417 | ---- | C] () -- C:\Users\***\Desktop\Ebay.xlsx
[2010.11.16 20:36:44 | 000,000,919 | ---- | C] () -- C:\Users\Public\Desktop\DivX Plus Player.lnk
[2010.09.08 09:57:16 | 000,000,112 | ---- | C] () -- C:\Windows\ActiveSkin.INI
[2010.07.30 16:08:13 | 000,027,648 | ---- | C] () -- C:\Windows\System32\AVSredirect.dll
[2010.04.25 11:36:30 | 000,000,097 | ---- | C] () -- C:\Windows\System32\PICSDK.ini
[2009.12.13 22:54:14 | 000,117,248 | ---- | C] () -- C:\Windows\System32\EhStorAuthn.dll
[2009.04.03 18:57:18 | 000,000,332 | ---- | C] () -- C:\Users\***\AppData\Local\wquskyg_navps.dat
[2009.04.03 18:57:17 | 000,313,542 | ---- | C] () -- C:\Users\***\AppData\Local\wquskyg_nav.dat
[2009.04.03 18:57:17 | 000,003,116 | ---- | C] () -- C:\Users\***\AppData\Local\wquskyg.dat
[2009.03.15 22:15:20 | 000,000,094 | ---- | C] () -- C:\Users\***\AppData\Local\kkimimo.bat
[2009.02.25 16:27:22 | 000,116,224 | ---- | C] () -- C:\Windows\System32\redmonnt.dll
[2009.02.03 10:47:59 | 000,237,568 | ---- | C] () -- C:\Windows\System32\rmc_rtspdl.dll
[2009.02.03 09:58:44 | 000,005,073 | ---- | C] () -- C:\ProgramData\nmpmeswb.lkq
[2009.01.03 00:29:38 | 000,000,680 | ---- | C] () -- C:\Users\***\AppData\Local\d3d9caps.dat
[2008.09.18 17:21:46 | 000,000,032 | ---- | C] () -- C:\ProgramData\ezsid.dat
[2008.04.14 19:53:02 | 000,004,096 | -H-- | C] () -- C:\Users\***\AppData\Local\keyfile3.drm
[2008.04.10 18:43:35 | 000,000,400 | ---- | C] () -- C:\Windows\ODBC.INI
[2008.04.04 23:19:32 | 000,000,305 | ---- | C] () -- C:\ProgramData\addr_file.html
[2008.03.18 19:31:00 | 000,130,413 | ---- | C] () -- C:\Users\***\AppData\Roaming\nvModes.001
[2008.03.18 18:41:08 | 000,038,400 | ---- | C] () -- C:\Users\***\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2008.03.18 18:39:30 | 000,130,413 | ---- | C] () -- C:\Users\***\AppData\Roaming\nvModes.dat
[2008.03.18 12:33:42 | 000,049,964 | ---- | C] () -- C:\Users\***\AppData\Roaming\wklnhst.dat
[2008.03.14 07:45:57 | 000,167,936 | ---- | C] () -- C:\Windows\System32\nvccoin.dll
[2008.03.14 07:45:56 | 000,016,480 | ---- | C] () -- C:\Windows\System32\rixdicon.dll
[2007.07.25 17:40:02 | 000,999,424 | ---- | C] () -- C:\Windows\System32\WLIHVUI.dll
[2006.11.03 18:25:56 | 000,389,120 | ---- | C] () -- C:\Windows\System32\btwhidcs.dll
[2006.11.02 13:35:32 | 000,005,632 | ---- | C] () -- C:\Windows\System32\sysprepMCE.dll
[2006.11.02 11:25:44 | 000,159,744 | ---- | C] () -- C:\Windows\System32\atitmmxx.dll
[2006.11.02 08:40:29 | 000,013,750 | ---- | C] () -- C:\Windows\System32\pacerprf.ini
[2001.11.14 13:56:00 | 001,802,240 | ---- | C] () -- C:\Windows\System32\lcppn21.dll
 
========== LOP Check ==========
 
[2010.01.15 12:34:05 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\Advanced Chemistry Development
[2009.02.03 20:26:19 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\Any Video Converter
[2008.04.11 19:12:17 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\DAEMON Tools
[2010.05.22 11:01:40 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\DVDVideoSoftIEHelpers
[2010.05.01 17:16:20 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\gtk-2.0
[2008.05.17 12:00:19 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\ICQ
[2008.04.04 22:46:33 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\ICQ Toolbar
[2009.02.25 17:04:35 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\OpenOffice.org
[2009.01.24 20:49:45 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\Sony
[2008.03.18 12:34:05 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\Template
[2009.04.29 21:40:28 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\TuneUp Software
[2010.06.03 13:05:52 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\Windows Live Writer
[2010.12.15 21:34:42 | 000,000,370 | ---- | M] () -- C:\Windows\Tasks\Ad-Aware Update (Weekly).job
[2010.12.15 21:21:39 | 000,032,614 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT
[2010.12.15 22:45:00 | 000,000,434 | -H-- | M] () -- C:\Windows\Tasks\User_Feed_Synchronization-{DBD29A69-2A2F-4BDF-A6E9-EBF5645E58B7}.job
 
========== Purity Check ==========
 
 
 
========== Custom Scans ==========
 
 
< %SYSTEMDRIVE%\*.* >
[2009.12.16 11:16:46 | 000,010,572 | ---- | M] () -- C:\aaw7boot.log
[2006.09.18 22:43:36 | 000,000,024 | ---- | M] () -- C:\autoexec.bat
[2009.04.11 07:36:36 | 000,333,257 | RHS- | M] () -- C:\bootmgr
[2006.09.18 22:43:37 | 000,000,010 | ---- | M] () -- C:\config.sys
[2008.03.14 07:46:06 | 000,004,576 | RH-- | M] () -- C:\dell.sdr
[2010.11.29 10:02:37 | 000,005,184 | ---- | M] () -- C:\fpRedmon.log
[2010.12.15 21:33:16 | 2145,452,032 | -HS- | M] () -- C:\hiberfil.sys
[2010.09.08 09:57:20 | 000,001,256 | ---- | M] () -- C:\INSTALL.LOG
[2008.05.19 12:36:33 | 000,000,000 | RHS- | M] () -- C:\IO.SYS
[2008.05.19 12:36:33 | 000,000,000 | RHS- | M] () -- C:\MSDOS.SYS
[2010.12.15 21:33:12 | 2459,258,880 | -HS- | M] () -- C:\pagefile.sys
[2009.12.16 12:19:59 | 000,000,268 | -H-- | M] () -- C:\sqmdata00.sqm
[2009.12.16 12:57:16 | 000,000,268 | -H-- | M] () -- C:\sqmdata01.sqm
[2009.12.16 18:47:58 | 000,000,268 | -H-- | M] () -- C:\sqmdata02.sqm
[2009.12.16 22:54:16 | 000,000,268 | -H-- | M] () -- C:\sqmdata03.sqm
[2009.12.17 12:14:24 | 000,000,268 | -H-- | M] () -- C:\sqmdata04.sqm
[2009.12.17 22:55:23 | 000,000,268 | -H-- | M] () -- C:\sqmdata05.sqm
[2009.12.19 09:04:57 | 000,000,268 | -H-- | M] () -- C:\sqmdata06.sqm
[2009.12.19 09:41:49 | 000,000,268 | -H-- | M] () -- C:\sqmdata07.sqm
[2009.12.20 12:08:23 | 000,000,268 | -H-- | M] () -- C:\sqmdata08.sqm
[2009.12.20 22:53:46 | 000,000,268 | -H-- | M] () -- C:\sqmdata09.sqm
[2009.12.21 23:04:08 | 000,000,268 | -H-- | M] () -- C:\sqmdata10.sqm
[2009.12.22 16:07:57 | 000,000,268 | -H-- | M] () -- C:\sqmdata11.sqm
[2009.12.22 16:13:52 | 000,000,268 | -H-- | M] () -- C:\sqmdata12.sqm
[2009.12.16 12:19:59 | 000,000,244 | -H-- | M] () -- C:\sqmnoopt00.sqm
[2009.12.16 12:57:16 | 000,000,244 | -H-- | M] () -- C:\sqmnoopt01.sqm
[2009.12.16 18:47:58 | 000,000,244 | -H-- | M] () -- C:\sqmnoopt02.sqm
[2009.12.16 22:54:16 | 000,000,244 | -H-- | M] () -- C:\sqmnoopt03.sqm
[2009.12.17 12:14:24 | 000,000,244 | -H-- | M] () -- C:\sqmnoopt04.sqm
[2009.12.17 22:55:23 | 000,000,244 | -H-- | M] () -- C:\sqmnoopt05.sqm
[2009.12.19 09:04:57 | 000,000,244 | -H-- | M] () -- C:\sqmnoopt06.sqm
[2009.12.19 09:41:49 | 000,000,244 | -H-- | M] () -- C:\sqmnoopt07.sqm
[2009.12.20 12:08:23 | 000,000,244 | -H-- | M] () -- C:\sqmnoopt08.sqm
[2009.12.20 22:53:46 | 000,000,244 | -H-- | M] () -- C:\sqmnoopt09.sqm
[2009.12.21 23:04:08 | 000,000,244 | -H-- | M] () -- C:\sqmnoopt10.sqm
[2009.12.22 16:07:57 | 000,000,244 | -H-- | M] () -- C:\sqmnoopt11.sqm
[2009.12.22 16:13:52 | 000,000,244 | -H-- | M] () -- C:\sqmnoopt12.sqm
[2010.06.17 07:11:34 | 000,000,000 | ---- | M] () -- C:\t1ek.2
[2010.08.09 23:17:23 | 000,000,000 | ---- | M] () -- C:\t1fg.2
[2001.05.24 11:59:30 | 000,162,304 | ---- | M] () -- C:\UNWISE.EXE
 
< %systemroot%\system32\*.wt >
 
< %systemroot%\system32\*.ruy >
 
< %systemroot%\Fonts\*.com >
[2006.11.02 13:37:12 | 000,026,040 | ---- | M] () -- C:\Windows\Fonts\GlobalMonospace.CompositeFont
[2006.11.02 13:37:12 | 000,026,489 | ---- | M] () -- C:\Windows\Fonts\GlobalSansSerif.CompositeFont
[2006.11.02 13:37:12 | 000,029,779 | ---- | M] () -- C:\Windows\Fonts\GlobalSerif.CompositeFont
[2009.12.16 12:50:30 | 000,037,665 | ---- | M] () -- C:\Windows\Fonts\GlobalUserInterface.CompositeFont
 
< %systemroot%\Fonts\*.dll >
 
< %systemroot%\Fonts\*.ini >
[2006.09.18 22:37:34 | 000,000,065 | ---- | M] () -- C:\Windows\Fonts\desktop.ini
 
< %systemroot%\Fonts\*.ini2 >
 
< %systemroot%\system32\spool\prtprocs\w32x86\*.* >
[2006.11.02 10:46:03 | 000,070,144 | ---- | M] (CANON INC.) -- C:\Windows\System32\spool\prtprocs\w32x86\CNBPP3.DLL
[2006.11.02 13:35:48 | 000,022,528 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\spool\prtprocs\w32x86\jnwppr.dll
[2003.06.18 16:31:48 | 000,018,944 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\spool\prtprocs\w32x86\mdippr.dll
[2006.10.26 18:56:12 | 000,033,104 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\spool\prtprocs\w32x86\msonpppr.dll
 
< %systemroot%\REPAIR\*.bak1 >
 
< %systemroot%\REPAIR\*.ini >
 
< %systemroot%\system32\*.jpg >
 
< %systemroot%\*.scr >
[2010.04.17 00:45:28 | 000,307,056 | ---- | M] (Microsoft Corporation) -- C:\Windows\WLXPGSS.SCR
 
< %systemroot%\*._sy >
 
< %APPDATA%\Adobe\Update\*.* >
 
< %ALLUSERSPROFILE%\Favorites\*.* >
 
< %APPDATA%\Microsoft\*.* >
 
< %PROGRAMFILES%\*.* >
[2008.07.10 10:39:09 | 008,897,064 | ---- | M] (Musiclab, LLC) -- C:\Programme\BearShareV6.exe
[2009.12.12 22:52:29 | 000,000,174 | -HS- | M] () -- C:\Programme\desktop.ini
 
< %APPDATA%\Update\*.* >
 
< %systemroot%\*. /mp /s >
 
< %systemroot%\system32\*.dll /lockedfiles >
[2009.09.17 17:28:00 | 000,087,368 | ---- | M] (Symantec Corporation) Unable to obtain MD5 -- C:\Windows\System32\FwsVpn.dll
[2009.04.11 07:27:47 | 000,241,128 | ---- | M] (Microsoft Corporation) Unable to obtain MD5 -- C:\Windows\System32\rsaenh.dll
[2009.04.11 07:28:23 | 000,228,352 | ---- | M] (Microsoft Corporation) Unable to obtain MD5 -- C:\Windows\System32\SLC.dll
[2009.09.17 17:30:00 | 000,107,848 | ---- | M] (Symantec Corporation) Unable to obtain MD5 -- C:\Windows\System32\SymVPN.dll
[2009.09.17 17:30:00 | 000,357,704 | ---- | M] (Symantec Corporation) Unable to obtain MD5 -- C:\Windows\System32\sysfer.dll
 
< %systemroot%\Tasks\*.job /lockedfiles >
 
< %systemroot%\System32\config\*.sav >
[2006.11.02 11:34:05 | 000,008,192 | ---- | M] () -- C:\Windows\System32\config\COMPONENTS.SAV
[2006.11.02 11:34:05 | 000,020,480 | ---- | M] () -- C:\Windows\System32\config\DEFAULT.SAV
[2006.11.02 11:34:05 | 000,008,192 | ---- | M] () -- C:\Windows\System32\config\SECURITY.SAV
[2006.11.02 11:34:08 | 010,133,504 | ---- | M] () -- C:\Windows\System32\config\SOFTWARE.SAV
[2006.11.02 11:34:08 | 001,826,816 | ---- | M] () -- C:\Windows\System32\config\SYSTEM.SAV
 
< %systemroot%\system32\user32.dll /md5 >
[2009.04.11 07:28:25 | 000,627,712 | ---- | M] (Microsoft Corporation) Unable to obtain MD5 -- C:\Windows\System32\user32.dll
 
< %systemroot%\system32\ws2_32.dll /md5 >
[2008.01.18 23:37:10 | 000,179,200 | ---- | M] (Microsoft Corporation) Unable to obtain MD5 -- C:\Windows\System32\ws2_32.dll
 
< %systemroot%\system32\ws2help.dll /md5 >
[2006.11.02 10:44:30 | 000,004,608 | ---- | M] (Microsoft Corporation) MD5=17C0671BF57057108A6D949510EE42C8 -- C:\Windows\System32\ws2help.dll
 
 
< MD5 for: EXPLORER.EXE >
[2008.10.29 07:20:29 | 002,923,520 | ---- | M] (Microsoft Corporation) MD5=37440D09DEAE0B672A04DCCF7ABF06BE -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.0.6000.16771_none_4f83bb287ccdb7e3\explorer.exe
[2008.10.29 07:29:41 | 002,927,104 | ---- | M] (Microsoft Corporation) MD5=4F554999D7D5F05DAAEBBA7B5BA1089D -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.0.6001.18164_none_5177ca9879e978e8\explorer.exe
[2008.10.30 04:59:17 | 002,927,616 | ---- | M] (Microsoft Corporation) MD5=50BA5850147410CDE89C523AD3BC606E -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.0.6001.22298_none_51e4f8c7931bd1e1\explorer.exe
[2008.03.14 07:35:54 | 002,923,520 | ---- | M] (Microsoft Corporation) MD5=6D06CD98D954FE87FB2DB8108793B399 -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.0.6000.16549_none_4fac29707cae347a\explorer.exe
[2008.03.14 07:35:53 | 002,923,520 | ---- | M] (Microsoft Corporation) MD5=BD06F0BF753BC704B653C3A50F89D362 -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.0.6000.20668_none_501f261995dcf2cf\explorer.exe
[2009.04.11 07:27:36 | 002,926,592 | ---- | M] (Microsoft Corporation) MD5=D07D4C3038F3578FFCE1C0237F2A1253 -- C:\Windows\explorer.exe
[2009.04.11 07:27:36 | 002,926,592 | ---- | M] (Microsoft Corporation) MD5=D07D4C3038F3578FFCE1C0237F2A1253 -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.0.6002.18005_none_53a0201e76de3a0b\explorer.exe
[2008.10.28 03:15:02 | 002,923,520 | ---- | M] (Microsoft Corporation) MD5=E7156B0B74762D9DE0E66BDCDE06E5FB -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.0.6000.20947_none_5033cb5995cd990b\explorer.exe
[2006.11.02 10:45:07 | 002,923,520 | ---- | M] (Microsoft Corporation) MD5=FD8C53FB002217F6F888BCF6F5D7084D -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.0.6000.16386_none_4f7de5167cd15deb\explorer.exe
[2008.01.19 08:33:10 | 002,927,104 | ---- | M] (Microsoft Corporation) MD5=FFA764631CB70A30065C12EF8E174F9F -- C:\Windows\SoftwareDistribution\Download\a58fa8f1a78b89e6c2a670e288053b8b\x86_microsoft-windows-explorer_31bf3856ad364e35_6.0.6001.18000_none_51b4a71279bc6ebf\explorer.exe
[2008.01.19 08:33:10 | 002,927,104 | ---- | M] (Microsoft Corporation) MD5=FFA764631CB70A30065C12EF8E174F9F -- C:\Windows\SoftwareDistribution\Download\c91af43e301542f65a88d59517636d32\x86_microsoft-windows-explorer_31bf3856ad364e35_6.0.6001.18000_none_51b4a71279bc6ebf\explorer.exe
[2008.01.18 23:33:12 | 002,927,104 | ---- | M] (Microsoft Corporation) MD5=FFA764631CB70A30065C12EF8E174F9F -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.0.6001.18000_none_51b4a71279bc6ebf\explorer.exe
 
< MD5 for: WININIT.EXE >
[2008.01.19 08:33:37 | 000,096,768 | ---- | M] (Microsoft Corporation) MD5=101BA3EA053480BB5D957EF37C06B5ED -- C:\Windows\SoftwareDistribution\Download\a58fa8f1a78b89e6c2a670e288053b8b\x86_microsoft-windows-wininit_31bf3856ad364e35_6.0.6001.18000_none_30f2b8cf0450a6a2\wininit.exe
[2008.01.19 08:33:37 | 000,096,768 | ---- | M] (Microsoft Corporation) MD5=101BA3EA053480BB5D957EF37C06B5ED -- C:\Windows\SoftwareDistribution\Download\c91af43e301542f65a88d59517636d32\x86_microsoft-windows-wininit_31bf3856ad364e35_6.0.6001.18000_none_30f2b8cf0450a6a2\wininit.exe
[2008.01.18 23:33:38 | 000,096,768 | ---- | M] (Microsoft Corporation) MD5=101BA3EA053480BB5D957EF37C06B5ED -- C:\Windows\System32\wininit.exe
[2008.01.18 23:33:38 | 000,096,768 | ---- | M] (Microsoft Corporation) MD5=101BA3EA053480BB5D957EF37C06B5ED -- C:\Windows\winsxs\x86_microsoft-windows-wininit_31bf3856ad364e35_6.0.6001.18000_none_30f2b8cf0450a6a2\wininit.exe
[2006.11.02 10:45:57 | 000,095,744 | ---- | M] (Microsoft Corporation) MD5=D4385B03E8CCCEE6F0EE249F827C1F3E -- C:\Windows\winsxs\x86_microsoft-windows-wininit_31bf3856ad364e35_6.0.6000.16386_none_2ebbf6d3076595ce\wininit.exe
 
< MD5 for: WINLOGON.EXE >
[2009.04.11 07:28:13 | 000,314,368 | ---- | M] (Microsoft Corporation) MD5=898E7C06A350D4A1A64A9EA264D55452 -- C:\Windows\System32\winlogon.exe
[2009.04.11 07:28:13 | 000,314,368 | ---- | M] (Microsoft Corporation) MD5=898E7C06A350D4A1A64A9EA264D55452 -- C:\Windows\winsxs\x86_microsoft-windows-winlogon_31bf3856ad364e35_6.0.6002.18005_none_71ae7a22d2134741\winlogon.exe
[2006.11.02 10:45:57 | 000,308,224 | ---- | M] (Microsoft Corporation) MD5=9F75392B9128A91ABAFB044EA350BAAD -- C:\Windows\winsxs\x86_microsoft-windows-winlogon_31bf3856ad364e35_6.0.6000.16386_none_6d8c3f1ad8066b21\winlogon.exe
[2008.01.19 08:33:37 | 000,314,880 | ---- | M] (Microsoft Corporation) MD5=C2610B6BDBEFC053BBDAB4F1B965CB24 -- C:\Windows\SoftwareDistribution\Download\a58fa8f1a78b89e6c2a670e288053b8b\x86_microsoft-windows-winlogon_31bf3856ad364e35_6.0.6001.18000_none_6fc30116d4f17bf5\winlogon.exe
[2008.01.19 08:33:37 | 000,314,880 | ---- | M] (Microsoft Corporation) MD5=C2610B6BDBEFC053BBDAB4F1B965CB24 -- C:\Windows\SoftwareDistribution\Download\c91af43e301542f65a88d59517636d32\x86_microsoft-windows-winlogon_31bf3856ad364e35_6.0.6001.18000_none_6fc30116d4f17bf5\winlogon.exe
[2008.01.18 23:33:38 | 000,314,880 | ---- | M] (Microsoft Corporation) MD5=C2610B6BDBEFC053BBDAB4F1B965CB24 -- C:\Windows\winsxs\x86_microsoft-windows-winlogon_31bf3856ad364e35_6.0.6001.18000_none_6fc30116d4f17bf5\winlogon.exe
 
< HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\WindowsUpdate\AU >
 
< HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WindowsUpdate\Auto Update\Results\Install|LastSuccessTime /rs >
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WindowsUpdate\Auto Update\Results\Install\\LastSuccessTime: 2010-12-14 08:13:00
 
========== Alternate Data Streams ==========
 
@Alternate Data Stream - 183 bytes -> C:\ProgramData\TEMP:0888F409
@Alternate Data Stream - 114 bytes -> C:\ProgramData\TEMP:FA5F15C4
@Alternate Data Stream - 110 bytes -> C:\ProgramData\TEMP:DFC5A2B2
 
< End of report >
         
--- --- ---



WEITER IN BEITRAG 2

Logfile von:

EXTRASOTL EXTRAS Logfile:
OTL Logfile:
Code:
ATTFilter
OTL Extras logfile created on: 15.12.2010 22:41:10 - Run 1
OTL by OldTimer - Version 3.2.17.3     Folder = C:\Users\Public\Desktop\MFtools
Windows Vista Home Premium Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18975)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
 
2,00 Gb Total Physical Memory | 1,00 Gb Available Physical Memory | 39,00% Memory free
4,00 Gb Paging File | 3,00 Gb Available in Paging File | 72,00% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 220,27 Gb Total Space | 124,56 Gb Free Space | 56,55% Space Free | Partition Type: NTFS
Drive D: | 10,00 Gb Total Space | 5,77 Gb Free Space | 57,65% Space Free | Partition Type: NTFS
 
Computer Name: *** | User Name: *** | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days
 
========== Extra Registry (SafeList) ==========
 
 
========== File Associations ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- C:\Windows\System32\control.exe (Microsoft Corporation)
.hlp [@ = hlpfile] -- C:\Windows\winhlp32.exe (Microsoft Corporation)
.html [@ = ChromeHTML] -- C:\Program Files\Google\Chrome\Application\chrome.exe (Google Inc.)
 
[HKEY_CURRENT_USER\SOFTWARE\Classes\<extension>]
.html [@ = FirefoxHTML] -- C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation)
 
========== Shell Spawning ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
hlpfile [open] -- %SystemRoot%\winhlp32.exe %1 (Microsoft Corporation)
h**p [open] -- "C:\Program Files\Google\Chrome\Application\chrome.exe" -- "%1" (Google Inc.)
h**ps [open] -- "C:\Program Files\Google\Chrome\Application\chrome.exe" -- "%1" (Google Inc.)
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l (Microsoft Corporation)
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [AddToPlaylistVLC] -- "C:\Program Files\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" ()
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [OneNote.Open] -- C:\PROGRA~1\MICROS~2\Office12\ONENOTE.EXE "%L" (Microsoft Corporation)
Directory [PlayWithVLC] -- "C:\Program Files\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" ()
Directory [Winamp.Bookmark] -- "C:\Program Files\Winamp\winamp.exe" /BOOKMARK "%1" (Nullsoft)
Directory [Winamp.Enqueue] -- "C:\Program Files\Winamp\winamp.exe" /ADD "%1" (Nullsoft)
Directory [Winamp.Play] -- "C:\Program Files\Winamp\winamp.exe" "%1" (Nullsoft)
Folder [open] -- %SystemRoot%\Explorer.exe /separate,/idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /separate,/e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
 
========== Security Center Settings ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeAntiSpyware]
"DisableMonitoring" = 1
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus]
"DisableMonitoring" = 1
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0
"VistaSp1" = Reg Error: Unknown registry data type -- File not found
"VistaSp2" = Reg Error: Unknown registry data type -- File not found
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\S-1-5-21-2336589524-1286039754-184768401-1000]
"EnableNotifications" = 0
"EnableNotificationsRef" = 1
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]
 
========== Firewall Settings ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"DisableNotifications" = 0
"EnableFirewall" = 0
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"DisableNotifications" = 0
"EnableFirewall" = 0
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"DisableNotifications" = 0
"EnableFirewall" = 0
 
========== Authorized Applications List ==========
 
 
========== Vista Active Open Ports Exception List ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{9676643C-9082-41F6-95D4-CE7CE079940F}" = lport=6004 | protocol=17 | dir=in | app=c:\program files\microsoft office\office12\outlook.exe | 
 
========== Vista Active Application Exception List ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{0DDAA938-E81F-44A3-BF37-A900A85A0C74}" = protocol=6 | dir=in | app=c:\program files\itunes\itunes.exe | 
"{22A6DBB0-6097-4069-A3A8-77B55142E652}" = dir=in | app=c:\program files\dell\mediadirect\kernel\dmp\clbrowserengine.exe | 
"{252B6FAB-EF1E-45D3-804C-3B391D623051}" = dir=in | app=c:\program files\dell\mediadirect\mediadirect.exe | 
"{26807CFF-D130-4908-819A-D1A47E680095}" = dir=in | app=c:\program files\dell\mediadirect\pcmservice.exe | 
"{289CEFF5-844E-4A61-976A-63B46A361BE2}" = protocol=6 | dir=in | app=c:\program files\common files\symantec shared\ccapp.exe | 
"{30505613-5550-4E61-933D-EC6990187F18}" = dir=in | app=c:\program files\dell\mediadirect\kernel\dms\clmsservice.exe | 
"{3BAA1AA9-6CC1-462D-9913-41B1F5093B0E}" = protocol=6 | dir=in | app=c:\program files\symantec\symantec endpoint protection\smc.exe | 
"{53257B3D-B4E9-4B6E-8DD8-142639BA5644}" = protocol=17 | dir=in | app=c:\program files\sony ericsson\sony ericsson media manager\mediamanager.exe | 
"{653D501B-42BA-42D1-8D5C-B1B55FE16B9A}" = protocol=17 | dir=in | app=c:\program files\itunes\itunes.exe | 
"{683C01BB-D61F-4372-88CC-D8D806361E8F}" = protocol=6 | dir=in | app=c:\program files\microsoft office\office12\onenote.exe | 
"{7B3E85FF-99A1-47F2-9CC1-90C5FBBB1EDE}" = protocol=17 | dir=in | app=c:\program files\common files\symantec shared\ccapp.exe | 
"{81B5949C-2847-4A6C-892D-EA7B87BFAF54}" = dir=in | app=c:\program files\skype\phone\skype.exe | 
"{942307B9-ACF6-43CD-B7B3-87FF4953D672}" = protocol=17 | dir=in | app=c:\program files\microsoft office\office12\groove.exe | 
"{9643A62A-CF99-40B7-A2CC-E85A7C0376EF}" = protocol=6 | dir=in | app=c:\program files\symantec\symantec endpoint protection\snac.exe | 
"{A32ADC64-4234-4650-A25F-D18B0961CA12}" = protocol=17 | dir=in | app=c:\program files\symantec\symantec endpoint protection\smc.exe | 
"{C2B51633-3E57-4F73-A159-BB0D70E821B7}" = protocol=6 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe | 
"{C83F4ADE-1FC8-49D6-9A70-20B8193CB99C}" = protocol=17 | dir=in | app=c:\program files\microsoft office\office12\onenote.exe | 
"{CD420B64-E3F5-4076-A79B-C8FB6D1B72BB}" = protocol=6 | dir=in | app=c:\program files\sony ericsson\sony ericsson media manager\mediamanager.exe | 
"{D5E1A241-CABD-471D-9325-CB0A319C735E}" = protocol=6 | dir=in | app=c:\program files\microsoft office\office12\groove.exe | 
"{E791ED1C-1A6A-49B4-8780-C006FFFC7F39}" = protocol=17 | dir=in | app=c:\program files\symantec\symantec endpoint protection\snac.exe | 
"{EAF24414-B49E-4B13-972F-C0B8CF99A764}" = protocol=17 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe | 
"{EE609BA7-7D5D-4C5F-9CC1-33BC91C5214C}" = dir=in | app=c:\program files\windows live\sync\windowslivesync.exe | 
"TCP Query User{521536D9-445D-4307-8E73-EA3896D0F7BF}C:\program files\sony ericsson\update service\update service.exe" = protocol=6 | dir=in | app=c:\program files\sony ericsson\update service\update service.exe | 
"TCP Query User{54DEAB12-B3B5-4F90-947E-BC70115E26DD}C:\program files\skype\phone\skype.exe" = protocol=6 | dir=in | app=c:\program files\skype\phone\skype.exe | 
"TCP Query User{77996B5F-04BF-484E-BF43-B0803D11C037}C:\program files\mozilla firefox\firefox.exe" = protocol=6 | dir=in | app=c:\program files\mozilla firefox\firefox.exe | 
"TCP Query User{FA23FEEC-84ED-48DF-9967-C5850CF00BA9}C:\program files\icq6.5\icq.exe" = protocol=6 | dir=in | app=c:\program files\icq6.5\icq.exe | 
"UDP Query User{1B124316-5C54-4BA5-AEA0-936EF5C82C70}C:\program files\skype\phone\skype.exe" = protocol=17 | dir=in | app=c:\program files\skype\phone\skype.exe | 
"UDP Query User{25289295-2966-41FE-8D22-A070D2526620}C:\program files\sony ericsson\update service\update service.exe" = protocol=17 | dir=in | app=c:\program files\sony ericsson\update service\update service.exe | 
"UDP Query User{533FC26F-4B18-49A3-8DE0-DFC01E531401}C:\program files\icq6.5\icq.exe" = protocol=17 | dir=in | app=c:\program files\icq6.5\icq.exe | 
"UDP Query User{5CCD29CA-0270-4A14-AD09-D8D2F60AD378}C:\program files\mozilla firefox\firefox.exe" = protocol=17 | dir=in | app=c:\program files\mozilla firefox\firefox.exe | 
 
========== HKEY_LOCAL_MACHINE Uninstall List ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{002D9D5E-29BA-3E6D-9BC4-3D7D6DBC735C}" = Microsoft Visual C++ 2008 ATL Update kb973924 - x86 9.0.30729.4148
"{04B45310-A5FE-4425-BFCA-1A6D8920DE74}" = OpenOffice.org 3.0
"{052FDD78-A6EA-3187-8386-C82F4CA3A929}" = Microsoft .NET Framework 3.5 Language Pack SP1 - deu
"{08E81ABD-79F7-49C2-881F-FD6CB0975693}" = Roxio Creator Data
"{09760D42-E223-42AD-8C3E-55B47D0DDAC3}" = Roxio Creator DE
"{1D5E29AD-39A9-4D0A-A8B6-46A6FCD8C995}" = Live! Cam Avatar
"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
"{1F54DAFA-9261-4A62-B59D-6C9F26B48FE4}" = Roxio Creator Tools
"{205C6BDD-7B73-42DE-8505-9A093F35A238}" = Windows Live-Uploadtool
"{22B775E7-6C42-4FC5-8E10-9A5E3257BD94}" = MSVCRT
"{26A24AE4-039D-4CA4-87B4-2F83216017FF}" = Java(TM) 6 Update 17
"{28BE306E-5DA6-4F9C-BDB0-DBA3C8C6FFFD}" = QuickTime
"{2EFCC193-D915-4CCB-9201-31773A27BC06}" = Symantec Endpoint Protection
"{2FFE93F0-BB72-4E52-8761-354D1AAA9387}" = Sony Ericsson PC Suite 6.009.00
"{30465B6C-B53F-49A1-9EBA-A3F187AD502E}" = Roxio Update Manager
"{3175E049-F9A9-4A3D-8F19-AC9FB04514D1}" = Windows Live Communications Platform
"{3248F0A8-6813-11D6-A77B-00B0D0160000}" = Java(TM) SE Runtime Environment 6
"{3C3901C5-3455-3E0A-A214-0B093A5070A6}" = Microsoft .NET Framework 4 Client Profile
"{4286E640-B5FB-11DF-AC4B-005056C00008}" = Google Earth
"{4CBA3D4C-8F51-4D60-B27E-F6B641C571E7}" = Microsoft Search Enhancement Pack
"{4EAD2E21-1D4A-4E2B-A082-8D08961539C9}" = Microsoft Works Suite-Add-Ins für Microsoft Word
"{52B97218-98CB-4B8B-9283-D213C85E1AA4}" = Windows Live Anmelde-Assistent
"{553255F3-78FD-40F1-A6F8-6882140265FE}" = Apple Application Support
"{55A29068-F2CE-456C-9148-C869879E2357}" = TuneUp Utilities 2009
"{57F0ED40-8F11-41AA-B926-4A66D0D1A9CC}" = Microsoft Office Live Add-in 1.3
"{586509F0-350D-48B5-B763-9CC2F8D96C4C}" = Windows Live Sync
"{5B680750-760B-49E4-81E7-21B2B337F9F7}" = Microsoft Works
"{5CD29180-A95E-11D3-A4EB-00C04F7BDB2C}" = Benutzerhandbuch
"{5ECB3A3C-980B-4D12-9724-25DCB07A1F47}" = iTunes
"{5EE7D259-D137-4438-9A5F-42F432EC0421}" = VC80CRTRedist - 8.0.50727.4053
"{60DE4033-9503-48D1-A483-7846BD217CA9}" = ICQ6.5
"{62230596-37E5-4618-A329-0D21F529A86F}" = Browser Address Error Redirector
"{63DB9CCD-2B56-4217-9A3D-507AC78320CA}" = mWMI
"{65D0C510-D7B6-4438-9FC8-E6B91115AB0D}" = Live! Cam Avatar Creator
"{6675CA7F-E51B-4F6A-99D4-F8F0124C6EAA}" = Roxio Express Labeler 3
"{6956856F-B6B3-4BE0-BA0B-8F495BE32033}" = Apple Software Update
"{69FDFBB6-351D-4B8C-89D8-867DC9D0A2A4}" = Windows Media Player Firefox Plugin
"{70AA9B4F-64F7-4B0D-ADD8-05802D61AF72}" = Windows Live Toolbar
"{73A4F29F-31AC-4EBD-AA1B-0CC5F18C8F83}" = Roxio Creator Audio
"{76E41F43-59D2-4F30-BA42-9A762EE1E8DE}" = Avanquest update
"{770657D0-A123-3C07-8E44-1C83EC895118}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
"{7E910FDA-CBBE-4451-8728-235E6A4DE162}" = Sony Ericsson Media Manager 1.1
"{7EE873AF-46BB-4B5D-BA6F-CFE4B0566E22}" = TuneUp Utilities Language Pack (de-DE)
"{837b34e3-7c30-493c-8f6a-2b0f04e2912c}" = Microsoft Visual C++ 2005 Redistributable
"{850C7BD3-9F3F-46AD-9396-E7985B38C55E}" = Windows Live Fotogalerie
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{8A253629-0511-4854-8B4E-46E57E66005C}" = Bonjour
"{8A74E887-8F0F-4017-AF53-CBA42211AAA5}" = Microsoft Sync Framework Runtime Native v1.0 (x86)
"{8B928BA1-EDEC-4227-A2DA-DD83026C36F5}" = mPfMgr
"{8C6BB412-D3A8-4AAE-A01B-35B681789D68}" = mHelp
"{90120000-0015-0407-0000-0000000FF1CE}" = Microsoft Office Access MUI (German) 2007
"{90120000-0015-0407-0000-0000000FF1CE}_ENTERPRISE_{9BD40163-B95D-4B07-8991-0AB775B6D88B}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0016-0407-0000-0000000FF1CE}" = Microsoft Office Excel MUI (German) 2007
"{90120000-0016-0407-0000-0000000FF1CE}_ENTERPRISE_{9BD40163-B95D-4B07-8991-0AB775B6D88B}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0018-0407-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (German) 2007
"{90120000-0018-0407-0000-0000000FF1CE}_ENTERPRISE_{9BD40163-B95D-4B07-8991-0AB775B6D88B}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0019-0407-0000-0000000FF1CE}" = Microsoft Office Publisher MUI (German) 2007
"{90120000-0019-0407-0000-0000000FF1CE}_ENTERPRISE_{9BD40163-B95D-4B07-8991-0AB775B6D88B}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-001A-0407-0000-0000000FF1CE}" = Microsoft Office Outlook MUI (German) 2007
"{90120000-001A-0407-0000-0000000FF1CE}_ENTERPRISE_{9BD40163-B95D-4B07-8991-0AB775B6D88B}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-001B-0407-0000-0000000FF1CE}" = Microsoft Office Word MUI (German) 2007
"{90120000-001B-0407-0000-0000000FF1CE}_ENTERPRISE_{9BD40163-B95D-4B07-8991-0AB775B6D88B}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-001F-0407-0000-0000000FF1CE}" = Microsoft Office Proof (German) 2007
"{90120000-001F-0407-0000-0000000FF1CE}_ENTERPRISE_{A0516415-ED61-419A-981D-93596DA74165}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2007
"{90120000-001F-0409-0000-0000000FF1CE}_ENTERPRISE_{ABDDE972-355B-4AF1-89A8-DA50B7B5C045}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2007
"{90120000-001F-040C-0000-0000000FF1CE}_ENTERPRISE_{F580DDD5-8D37-4998-968E-EBB76BB86787}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-001F-0410-0000-0000000FF1CE}" = Microsoft Office Proof (Italian) 2007
"{90120000-001F-0410-0000-0000000FF1CE}_ENTERPRISE_{322296D4-1EAE-4030-9FBC-D2787EB25FA2}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-0020-0407-0000-0000000FF1CE}" = Compatibility Pack für 2007 Office System
"{90120000-002C-0407-0000-0000000FF1CE}" = Microsoft Office Proofing (German) 2007
"{90120000-0030-0000-0000-0000000FF1CE}" = Microsoft Office Enterprise 2007
"{90120000-0030-0000-0000-0000000FF1CE}_ENTERPRISE_{0B36C6D6-F5D8-4EAF-BF94-4376A230AD5B}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0030-0000-0000-0000000FF1CE}_ENTERPRISE_{3D019598-7B59-447A-80AE-815B703B84FF}" = Security Update for Microsoft Office system 2007 (972581)
"{90120000-0044-0407-0000-0000000FF1CE}" = Microsoft Office InfoPath MUI (German) 2007
"{90120000-0044-0407-0000-0000000FF1CE}_ENTERPRISE_{9BD40163-B95D-4B07-8991-0AB775B6D88B}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-006E-0407-0000-0000000FF1CE}" = Microsoft Office Shared MUI (German) 2007
"{90120000-006E-0407-0000-0000000FF1CE}_ENTERPRISE_{26454C26-D259-4543-AA60-3189E09C5F76}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-00A1-0407-0000-0000000FF1CE}" = Microsoft Office OneNote MUI (German) 2007
"{90120000-00A1-0407-0000-0000000FF1CE}_ENTERPRISE_{9BD40163-B95D-4B07-8991-0AB775B6D88B}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-00B2-0407-0000-0000000FF1CE}" = Microsoft – Speichern als PDF oder XPS – Add-In für 2007 Microsoft Office-Programme
"{90120000-00BA-0407-0000-0000000FF1CE}" = Microsoft Office Groove MUI (German) 2007
"{90120000-00BA-0407-0000-0000000FF1CE}_ENTERPRISE_{9BD40163-B95D-4B07-8991-0AB775B6D88B}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{9068B2BE-D93A-4C0A-861C-5E35E2C0E09E}" = Intel® Matrix Storage Manager
"{95120000-00AF-0409-0000-0000000FF1CE}" = Microsoft Office PowerPoint Viewer 2007 (English)
"{95120000-00B9-0409-0000-0000000FF1CE}" = Microsoft Application Error Reporting
"{95140000-007A-0407-0000-0000000FF1CE}" = Microsoft Office Outlook Connector
"{959282E3-55A9-49D8-B885-D27CF8A2FD82}" = PHOTOfunSTUDIO 5.0
"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
"{9BDEF074-020E-458D-ADC5-8FF68E0C9B56}" = OutlookAddinSetup
"{9C6978E8-B6D0-4AB7-A7A0-D81A74FBF745}" = MediaDirect
"{9DE1BE03-AFE2-4CDB-BFEB-D06D736CD01A}" = Apple Mobile Device Support
"{9F72EF8B-AEC9-4CA5-B483-143980AFD6FD}" = Dell Touchpad
"{A13E07E1-A423-44FB-9DEE-B24C75C1BAF2}" = WIDCOMM Bluetooth Software 6.0.1.3100
"{A2289997-10A3-48F2-AA03-99180D761661}" = Protector Suite QL 5.6
"{A7496F46-78AE-4DB2-BCF5-95F210FA6F96}" = Windows Live Movie Maker
"{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper
"{AC76BA86-7AD7-1031-7B44-A94000000001}" = Adobe Reader 9.4.1 - Deutsch
"{B13A7C41581B411290FBC0395694E2A9}" = DivX Converter
"{B3DAF54F-DB25-4586-9EF1-96D24BB14088}" = Windows Movie Maker 2.6
"{B6A26DE5-F2B5-4D58-9570-4FC760E00FCD}" = Roxio Creator Copy
"{BD64AF4A-8C80-4152-AD77-FCDDF05208AB}" = Microsoft Sync Framework Services Native v1.0 (x86)
"{C4972073-2BFE-475D-8441-564EA97DA161}" = QuickSet
"{C7E1449D-7638-6832-426D-589655951031}" = Nero 7 Demo
"{CAFA57E8-8927-4912-AFCF-B0AA3837E989}" = Windows Live Essentials
"{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1
"{D3742F82-1C1A-4DCC-ABBD-0E7C3C0185CC}" = TuneUp Utilities
"{D75814C1-5AA5-4198-BFF6-093A226D9F0D}" = O&O Defrag Professional
"{DED53B0B-B67C-4244-AE6A-D6FD3C28D1EF}" = Ad-Aware
"{E0A4805D-280A-4DD7-9E74-3A5F85E302A1}" = Windows Live Writer
"{E3BFEE55-39E2-4BE0-B966-89FE583822C1}" = Dell Support Center
"{E59113EB-0285-4BFD-A37A-B79EAC6B8F4B}" = Microsoft SQL Server Compact 3.5 SP1 English
"{E633D396-5188-4E9D-8F6B-BFB8BF3467E8}" = Skype™ 5.0
"{ED439A64-F018-4DD4-8BA5-328D85AB09AB}" = Roxio Creator DE
"{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}" = Microsoft SQL Server 2005 Compact Edition [ENU]
"{F0BFC7EF-9CF8-44EE-91B0-158884CD87C5}" = mMHouse
"{F0E12BBA-AD66-4022-A453-A1C8A0C4D570}" = Microsoft Choice Guard
"{F333A33D-125C-32A2-8DCE-5C5D14231E27}" = Visual C++ 2008 x86 Runtime - (v9.0.30729)
"{F333A33D-125C-32A2-8DCE-5C5D14231E27}.vc_x86runtime_30729_01" = Visual C++ 2008 x86 Runtime - v9.0.30729.01
"{F4F4F84E-804F-4E9A-84D7-C34283F0088F}" = RealUpgrade 1.0
"{F5D7FAB5-A1FD-4DD3-983E-4155B09D7102}" = mCore
"{FD023F61-65E9-465C-B558-7C64EB2B97E6}" = Dell Handbuch zum Einstieg
"7-Zip" = 7-Zip 4.65
"ACDLabs in C__Program_Files_ACDFREE12_" = ACD/Labs Software in C:\Program Files\ACDFREE12\
"Ad-Aware" = Ad-Aware
"Adobe Flash Player ActiveX" = Adobe Flash Player 10 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 10 Plugin
"Advanced Audio FX Engine" = Advanced Audio FX Engine
"Advanced Video FX Engine" = Advanced Video FX Engine
"CCleaner" = CCleaner
"Creative OEM002" = Laptop Integrated Webcam Driver (1.03.02.0719)  
"Dell Webcam Center" = Dell Webcam Center
"Dell Webcam Manager" = Dell Webcam Manager
"DivX Plus DirectShow Filters" = DivX Plus DirectShow Filters
"DivX Setup.divx.com" = DivX-Setup
"DVDVideoSoft Toolbar" = DVDVideoSoft Toolbar
"DVDVideoSoftTB Toolbar" = DVDVideoSoftTB Toolbar
"eMule" = eMule
"ENTERPRISE" = Microsoft Office Enterprise 2007
"ERUNT_is1" = ERUNT 1.1j
"Free Audio CD Burner_is1" = Free Audio CD Burner version 1.4
"Free YouTube to MP3 Converter_is1" = Free YouTube to MP3 Converter version 3.7
"FreePDF_XP" = FreePDF (Remove only)
"Google Chrome" = Google Chrome
"Google Updater" = Google Updater
"GPL Ghostscript 8.62" = GPL Ghostscript 8.62
"GPL Ghostscript Fonts" = GPL Ghostscript Fonts
"ImageJ_is1" = ImageJ 1.43u
"JabRef 2.6" = JabRef 2.6
"kkimimo" = Favorit
"LiveUpdate" = LiveUpdate 3.3 (Symantec Corporation)
"Malwarebytes' Anti-Malware_is1" = Malwarebytes' Anti-Malware
"Microsoft .NET Framework 3.5 Language Pack SP1 - deu" = Microsoft .NET Framework 3.5 Language Pack SP1 - DEU
"Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1
"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile
"Mozilla Firefox (3.6.13)" = Mozilla Firefox (3.6.13)
"MSNIACC" = MSN Connection Center
"NVIDIA Drivers" = NVIDIA Drivers
"Picasa 3" = Picasa 3
"ProInst" = Intel(R) PROSet/Wireless Software
"PyMOL" = PyMOL
"RealPlayer 12.0" = RealPlayer
"Redirection Port Monitor" = RedMon - Redirection Port Monitor
"softonic-de3 Toolbar" = softonic-de3 Toolbar
"SUPER ©" = SUPER © Version 2010.bld.38 (May 2, 2010)
"TuneUp Utilities" = TuneUp Utilities
"Uninstall_is1" = Uninstall 1.0.0.1
"Update Service" = Update Service
"VLC media player" = VLC media player 1.0.1
"Winamp" = Winamp
"WinGimp-2.0_is1" = GIMP 2.6.8
"WinLiveSuite_Wave3" = Windows Live Essentials
"WinRAR archiver" = WinRAR
"Works2004Setup" = Setup-Start von Microsoft Works 2004
 
========== HKEY_CURRENT_USER Uninstall List ==========
 
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"f031ef6ac137efc5" = Dell Driver Download Manager
"Move Media Player" = Move Media Player
"Muziic Player & Encoder" = Muziic Player & Encoder
 
========== Last 10 Event Log Errors ==========
 
[ Application Events ]
Error - 15.03.2010 17:37:46 | Computer Name = *** | Source = Perflib | ID = 1010
Description = 
 
Error - 15.03.2010 17:37:51 | Computer Name = ***-PC | Source = Perflib | ID = 1008
Description = 
 
Error - 17.03.2010 14:24:21 | Computer Name = ***-PC | Source = Perflib | ID = 1010
Description = 
 
Error - 17.03.2010 14:24:23 | Computer Name = ***-PC | Source = Perflib | ID = 1008
Description = 
 
Error - 19.03.2010 14:16:49 | Computer Name = ***-PC | Source = Perflib | ID = 1010
Description = 
 
Error - 19.03.2010 14:16:50 | Computer Name = ***-PC | Source = Perflib | ID = 1008
Description = 
 
Error - 22.03.2010 14:12:16 | Computer Name = ***-PC | Source = Perflib | ID = 1010
Description = 
 
Error - 22.03.2010 14:12:17 | Computer Name = ***-PC | Source = Perflib | ID = 1008
Description = 
 
Error - 23.03.2010 18:18:00 | Computer Name = ***-PC | Source = Perflib | ID = 1010
Description = 
 
Error - 23.03.2010 18:18:02 | Computer Name = ***-PC | Source = Perflib | ID = 1008
Description = 
 
[ OSession Events ]
Error - 03.10.2010 16:26:17 | Computer Name = ***-PC | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 6, Application Name: Microsoft Office Outlook, Application Version:
 12.0.6539.5000, Microsoft Office Version: 12.0.6425.1000. This session lasted 29
 seconds with 0 seconds of active time.  This session ended with a crash.
 
Error - 05.10.2010 00:54:58 | Computer Name = ***-PC | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 6, Application Name: Microsoft Office Outlook, Application Version:
 12.0.6539.5000, Microsoft Office Version: 12.0.6425.1000. This session lasted 1888
 seconds with 60 seconds of active time.  This session ended with a crash.
 
Error - 07.10.2010 08:56:34 | Computer Name = ***-PC | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 6, Application Name: Microsoft Office Outlook, Application Version:
 12.0.6539.5000, Microsoft Office Version: 12.0.6425.1000. This session lasted 308
 seconds with 180 seconds of active time.  This session ended with a crash.
 
Error - 07.10.2010 11:08:13 | Computer Name = ***-PC | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 6, Application Name: Microsoft Office Outlook, Application Version:
 12.0.6539.5000, Microsoft Office Version: 12.0.6425.1000. This session lasted 1131
 seconds with 120 seconds of active time.  This session ended with a crash.
 
Error - 07.10.2010 18:01:25 | Computer Name = ***-PC | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 6, Application Name: Microsoft Office Outlook, Application Version:
 12.0.6539.5000, Microsoft Office Version: 12.0.6425.1000. This session lasted 1835
 seconds with 1440 seconds of active time.  This session ended with a crash.
 
Error - 10.10.2010 13:05:00 | Computer Name = ***-PC | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 6, Application Name: Microsoft Office Outlook, Application Version:
 12.0.6539.5000, Microsoft Office Version: 12.0.6425.1000. This session lasted 1903
 seconds with 60 seconds of active time.  This session ended with a crash.
 
Error - 03.11.2010 03:35:33 | Computer Name = ***-PC | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 6, Application Name: Microsoft Office Outlook, Application Version:
 12.0.6539.5000, Microsoft Office Version: 12.0.6425.1000. This session lasted 109
 seconds with 0 seconds of active time.  This session ended with a crash.
 
Error - 08.11.2010 14:39:00 | Computer Name = ***-PC | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 6, Application Name: Microsoft Office Outlook, Application Version:
 12.0.6539.5000, Microsoft Office Version: 12.0.6425.1000. This session lasted 278
 seconds with 180 seconds of active time.  This session ended with a crash.
 
Error - 17.11.2010 01:10:09 | Computer Name = ***-PC | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 6, Application Name: Microsoft Office Outlook, Application Version:
 12.0.6539.5000, Microsoft Office Version: 12.0.6425.1000. This session lasted 704
 seconds with 240 seconds of active time.  This session ended with a crash.
 
Error - 24.11.2010 03:06:59 | Computer Name = ***-PC | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 6, Application Name: Microsoft Office Outlook, Application Version:
 12.0.6539.5000, Microsoft Office Version: 12.0.6425.1000. This session lasted 385
 seconds with 180 seconds of active time.  This session ended with a crash.
 
[ System Events ]
Error - 02.12.2010 06:51:20 | Computer Name = ***-PC | Source = EventLog | ID = 6008
Description = Das System wurde zuvor am 02.12.2010 um 11:48:02 unerwartet heruntergefahren.
 
Error - 02.12.2010 07:26:41 | Computer Name = ***-PC | Source = EventLog | ID = 6008
Description = Das System wurde zuvor am 02.12.2010 um 12:07:13 unerwartet heruntergefahren.
 
Error - 03.12.2010 08:20:56 | Computer Name = ***-PC | Source = Service Control Manager | ID = 7034
Description = 
 
Error - 08.12.2010 04:46:43 | Computer Name = ***-PC | Source = DCOM | ID = 10010
Description = 
 
Error - 08.12.2010 04:46:51 | Computer Name = ***-PC | Source = Service Control Manager | ID = 7011
Description = 
 
Error - 08.12.2010 20:02:27 | Computer Name = ***-PC | Source = EventLog | ID = 6008
Description = Das System wurde zuvor am 08.12.2010 um 13:16:13 unerwartet heruntergefahren.
 
Error - 11.12.2010 06:02:11 | Computer Name = ***-PC | Source = EventLog | ID = 6008
Description = Das System wurde zuvor am 11.12.2010 um 10:05:45 unerwartet heruntergefahren.
 
Error - 12.12.2010 06:27:51 | Computer Name = ***-PC | Source = Service Control Manager | ID = 7011
Description = 
 
Error - 15.12.2010 15:40:55 | Computer Name = ***-PC | Source = Service Control Manager | ID = 7031
Description = 
 
Error - 15.12.2010 16:33:57 | Computer Name = ***-PC | Source = EventLog | ID = 6008
Description = Das System wurde zuvor am 15.12.2010 um 21:31:24 unerwartet heruntergefahren.
 
[ TuneUp Events ]
Error - 08.12.2010 20:03:03 | Computer Name = ***-PC | Source = TuneUp Program Statistics | ID = 131840
Description = SQL Error: database disk image is malformed; when executing SQL:  ATTACH
  DATABASE ':memory:' AS MemDB;  CREATE TABLE IF NOT EXISTS Config(Name TEXT UNIQUE
 PRIMARY KEY, Value TEXT);  INSERT OR IGNORE INTO Config Values('DBVersion', '1005');
  CREATE TABLE IF NOT EXISTS MemDB.MemApplications (id INTEGER PRIMARY KEY AUTOINCREMENT,
 Exe TEXT, Started DATE, Ended DATE, State INTEGER, Resumed INTEGER(1));  CREATE 
TABLE IF NOT EXISTS Applications (id INTEGER PRIMARY KEY AUTOINCREMENT, Exe TEXT,
 Started DATE, Ended DATE, State INTEGER, Resumed INTEGER(1));  CREATE TABLE IF NOT
 EXISTS MemDB.ActiveApps (id INTEGER PRIMARY KEY AUTOINCREMENT, Exe TEXT, Started
 DATE, ProcID INTEGER, Resumed INTEGER(1));  CREATE TABLE IF NOT EXISTS ExeFiles 
(Exe TEXT UNIQUE PRIMARY KEY, ProductID TEXT, AnalyzeTime DATE);  CREATE TABLE IF
 NOT EXISTS Products (Date DATE, ProductID TEXT, StartCounter INTEGER, RunningTime
 INTEGER, GUIActivateCount INTEGER, GUIIdleFocusTime INTEGER, GUIVisibleTime INTEGER,
 GUIAvgScreenCoverage INTEGER);  CREATE
 
Error - 11.12.2010 05:03:24 | Computer Name = ***-PC | Source = TuneUp Program Statistics | ID = 131840
Description = SQL Error: database disk image is malformed; when executing SQL:  ATTACH
  DATABASE ':memory:' AS MemDB;  CREATE TABLE IF NOT EXISTS Config(Name TEXT UNIQUE
 PRIMARY KEY, Value TEXT);  INSERT OR IGNORE INTO Config Values('DBVersion', '1005');
  CREATE TABLE IF NOT EXISTS MemDB.MemApplications (id INTEGER PRIMARY KEY AUTOINCREMENT,
 Exe TEXT, Started DATE, Ended DATE, State INTEGER, Resumed INTEGER(1));  CREATE 
TABLE IF NOT EXISTS Applications (id INTEGER PRIMARY KEY AUTOINCREMENT, Exe TEXT,
 Started DATE, Ended DATE, State INTEGER, Resumed INTEGER(1));  CREATE TABLE IF NOT
 EXISTS MemDB.ActiveApps (id INTEGER PRIMARY KEY AUTOINCREMENT, Exe TEXT, Started
 DATE, ProcID INTEGER, Resumed INTEGER(1));  CREATE TABLE IF NOT EXISTS ExeFiles 
(Exe TEXT UNIQUE PRIMARY KEY, ProductID TEXT, AnalyzeTime DATE);  CREATE TABLE IF
 NOT EXISTS Products (Date DATE, ProductID TEXT, StartCounter INTEGER, RunningTime
 INTEGER, GUIActivateCount INTEGER, GUIIdleFocusTime INTEGER, GUIVisibleTime INTEGER,
 GUIAvgScreenCoverage INTEGER);  CREATE
 
Error - 11.12.2010 06:02:37 | Computer Name = ***-PC | Source = TuneUp Program Statistics | ID = 131840
Description = SQL Error: database disk image is malformed; when executing SQL:  ATTACH
  DATABASE ':memory:' AS MemDB;  CREATE TABLE IF NOT EXISTS Config(Name TEXT UNIQUE
 PRIMARY KEY, Value TEXT);  INSERT OR IGNORE INTO Config Values('DBVersion', '1005');
  CREATE TABLE IF NOT EXISTS MemDB.MemApplications (id INTEGER PRIMARY KEY AUTOINCREMENT,
 Exe TEXT, Started DATE, Ended DATE, State INTEGER, Resumed INTEGER(1));  CREATE 
TABLE IF NOT EXISTS Applications (id INTEGER PRIMARY KEY AUTOINCREMENT, Exe TEXT,
 Started DATE, Ended DATE, State INTEGER, Resumed INTEGER(1));  CREATE TABLE IF NOT
 EXISTS MemDB.ActiveApps (id INTEGER PRIMARY KEY AUTOINCREMENT, Exe TEXT, Started
 DATE, ProcID INTEGER, Resumed INTEGER(1));  CREATE TABLE IF NOT EXISTS ExeFiles 
(Exe TEXT UNIQUE PRIMARY KEY, ProductID TEXT, AnalyzeTime DATE);  CREATE TABLE IF
 NOT EXISTS Products (Date DATE, ProductID TEXT, StartCounter INTEGER, RunningTime
 INTEGER, GUIActivateCount INTEGER, GUIIdleFocusTime INTEGER, GUIVisibleTime INTEGER,
 GUIAvgScreenCoverage INTEGER);  CREATE
 
Error - 11.12.2010 07:02:41 | Computer Name = ***-PC | Source = TuneUp.UtilitiesSvc | ID = 300
Description = 
 
Error - 15.12.2010 15:49:47 | Computer Name = ***-PC | Source = TuneUp Program Statistics | ID = 131840
Description = SQL Error: database disk image is malformed; when executing SQL:  ATTACH
  DATABASE ':memory:' AS MemDB;  CREATE TABLE IF NOT EXISTS Config(Name TEXT UNIQUE
 PRIMARY KEY, Value TEXT);  INSERT OR IGNORE INTO Config Values('DBVersion', '1005');
  CREATE TABLE IF NOT EXISTS MemDB.MemApplications (id INTEGER PRIMARY KEY AUTOINCREMENT,
 Exe TEXT, Started DATE, Ended DATE, State INTEGER, Resumed INTEGER(1));  CREATE 
TABLE IF NOT EXISTS Applications (id INTEGER PRIMARY KEY AUTOINCREMENT, Exe TEXT,
 Started DATE, Ended DATE, State INTEGER, Resumed INTEGER(1));  CREATE TABLE IF NOT
 EXISTS MemDB.ActiveApps (id INTEGER PRIMARY KEY AUTOINCREMENT, Exe TEXT, Started
 DATE, ProcID INTEGER, Resumed INTEGER(1));  CREATE TABLE IF NOT EXISTS ExeFiles 
(Exe TEXT UNIQUE PRIMARY KEY, ProductID TEXT, AnalyzeTime DATE);  CREATE TABLE IF
 NOT EXISTS Products (Date DATE, ProductID TEXT, StartCounter INTEGER, RunningTime
 INTEGER, GUIActivateCount INTEGER, GUIIdleFocusTime INTEGER, GUIVisibleTime INTEGER,
 GUIAvgScreenCoverage INTEGER);  CREATE
 
Error - 15.12.2010 16:15:20 | Computer Name = ***-PC | Source = TuneUp.UtilitiesSvc | ID = 300
Description = 
 
Error - 15.12.2010 16:17:41 | Computer Name = ***-PC | Source = TuneUp Program Statistics | ID = 131840
Description = SQL Error: database disk image is malformed; when executing SQL:  ATTACH
  DATABASE ':memory:' AS MemDB;  CREATE TABLE IF NOT EXISTS Config(Name TEXT UNIQUE
 PRIMARY KEY, Value TEXT);  INSERT OR IGNORE INTO Config Values('DBVersion', '1005');
  CREATE TABLE IF NOT EXISTS MemDB.MemApplications (id INTEGER PRIMARY KEY AUTOINCREMENT,
 Exe TEXT, Started DATE, Ended DATE, State INTEGER, Resumed INTEGER(1));  CREATE 
TABLE IF NOT EXISTS Applications (id INTEGER PRIMARY KEY AUTOINCREMENT, Exe TEXT,
 Started DATE, Ended DATE, State INTEGER, Resumed INTEGER(1));  CREATE TABLE IF NOT
 EXISTS MemDB.ActiveApps (id INTEGER PRIMARY KEY AUTOINCREMENT, Exe TEXT, Started
 DATE, ProcID INTEGER, Resumed INTEGER(1));  CREATE TABLE IF NOT EXISTS ExeFiles 
(Exe TEXT UNIQUE PRIMARY KEY, ProductID TEXT, AnalyzeTime DATE);  CREATE TABLE IF
 NOT EXISTS Products (Date DATE, ProductID TEXT, StartCounter INTEGER, RunningTime
 INTEGER, GUIActivateCount INTEGER, GUIIdleFocusTime INTEGER, GUIVisibleTime INTEGER,
 GUIAvgScreenCoverage INTEGER);  CREATE
 
Error - 15.12.2010 16:21:39 | Computer Name = ***-PC | Source = TuneUp.UtilitiesSvc | ID = 300
Description = 
 
Error - 15.12.2010 16:23:04 | Computer Name = ***-PC | Source = TuneUp Program Statistics | ID = 131840
Description = SQL Error: database disk image is malformed; when executing SQL:  ATTACH
  DATABASE ':memory:' AS MemDB;  CREATE TABLE IF NOT EXISTS Config(Name TEXT UNIQUE
 PRIMARY KEY, Value TEXT);  INSERT OR IGNORE INTO Config Values('DBVersion', '1005');
  CREATE TABLE IF NOT EXISTS MemDB.MemApplications (id INTEGER PRIMARY KEY AUTOINCREMENT,
 Exe TEXT, Started DATE, Ended DATE, State INTEGER, Resumed INTEGER(1));  CREATE 
TABLE IF NOT EXISTS Applications (id INTEGER PRIMARY KEY AUTOINCREMENT, Exe TEXT,
 Started DATE, Ended DATE, State INTEGER, Resumed INTEGER(1));  CREATE TABLE IF NOT
 EXISTS MemDB.ActiveApps (id INTEGER PRIMARY KEY AUTOINCREMENT, Exe TEXT, Started
 DATE, ProcID INTEGER, Resumed INTEGER(1));  CREATE TABLE IF NOT EXISTS ExeFiles 
(Exe TEXT UNIQUE PRIMARY KEY, ProductID TEXT, AnalyzeTime DATE);  CREATE TABLE IF
 NOT EXISTS Products (Date DATE, ProductID TEXT, StartCounter INTEGER, RunningTime
 INTEGER, GUIActivateCount INTEGER, GUIIdleFocusTime INTEGER, GUIVisibleTime INTEGER,
 GUIAvgScreenCoverage INTEGER);  CREATE
 
Error - 15.12.2010 16:34:27 | Computer Name = ***-PC | Source = TuneUp Program Statistics | ID = 131840
Description = SQL Error: database disk image is malformed; when executing SQL:  ATTACH
  DATABASE ':memory:' AS MemDB;  CREATE TABLE IF NOT EXISTS Config(Name TEXT UNIQUE
 PRIMARY KEY, Value TEXT);  INSERT OR IGNORE INTO Config Values('DBVersion', '1005');
  CREATE TABLE IF NOT EXISTS MemDB.MemApplications (id INTEGER PRIMARY KEY AUTOINCREMENT,
 Exe TEXT, Started DATE, Ended DATE, State INTEGER, Resumed INTEGER(1));  CREATE 
TABLE IF NOT EXISTS Applications (id INTEGER PRIMARY KEY AUTOINCREMENT, Exe TEXT,
 Started DATE, Ended DATE, State INTEGER, Resumed INTEGER(1));  CREATE TABLE IF NOT
 EXISTS MemDB.ActiveApps (id INTEGER PRIMARY KEY AUTOINCREMENT, Exe TEXT, Started
 DATE, ProcID INTEGER, Resumed INTEGER(1));  CREATE TABLE IF NOT EXISTS ExeFiles 
(Exe TEXT UNIQUE PRIMARY KEY, ProductID TEXT, AnalyzeTime DATE);  CREATE TABLE IF
 NOT EXISTS Products (Date DATE, ProductID TEXT, StartCounter INTEGER, RunningTime
 INTEGER, GUIActivateCount INTEGER, GUIIdleFocusTime INTEGER, GUIVisibleTime INTEGER,
 GUIAvgScreenCoverage INTEGER);  CREATE
 
 
< End of report >
         
--- --- ---

--- --- ---





Vielen Dank für eure Hilfe

Alt 18.12.2010, 20:57   #2
kira
/// Helfer-Team
 
Hab ich einen Keylogger ? - Standard

Hab ich einen Keylogger ?



Hallo und Herzlich Willkommen!

Bevor wir unsere Zusammenarbeit beginnen, [Bitte Vollständig lesen]:
Zitat:
  • "Fernbehandlungen/Fernhilfe" und die damit verbundenen Haftungsrisken:
    - da die Fehlerprüfung und Handlung werden über große Entfernungen durchgeführt, besteht keine Haftung unsererseits für die daraus entstehenden Folgen.
    - also, jede Haftung für die daraus entstandene Schäden wird ausgeschlossen, ANWEISUNGEN UND DEREN BEFOLGUNG, ERFOLGT AUF DEINE EIGENE VERANTWORTUNG!
  • Charakteristische Merkmale/Profilinformationen:
    - aus der verwendeten Loglisten oder Logdateien - wie z.B. deinen Realnamen, Seriennummer in Programm etc)- kannst Du herauslöschen oder durch [X] ersetzen
  • Die Systemprüfung und Bereinigung:
    - kann einige Zeit in Anspruch nehmen (je nach Art der Infektion), kann aber sogar so stark kompromittiert sein, so dass eine wirkungsvolle technische Säuberung ist nicht mehr möglich bzw Du es neu installieren musst
  • Innerhalb der Betreuungszeit:
    - ohne Abspräche bitte nicht auf eigene Faust handeln!- bei Problemen nachfragen.
  • Die Reihenfolge:
    - genau so wie beschrieben bitte einhalten, nicht selbst die Reihenfolge wählen!
  • Ansonsten unsere Forumsregeln:
    - Bitte erst lesen, dann posten!-> Für alle Hilfesuchenden! Was muss ich vor der Eröffnung eines Themas beachten?
  • Alle Logfile mit einem vB Code Tag eingefügen, das bietet hier eine gute Übersicht, erleichtert mir die Arbeit! Falls das Logfile zu groß, teile es in mehrere Teile auf.

Sobald Du diesen Einführungstext gelesen hast, kannst Du beginnen
1.
** Update Malwarebytes Anti-Malware, lass es nochmal anhand der folgenden Anleitung laufen:
  • per Doppelklick starten.
  • gleich mal die Datenbanken zu aktualisieren - online updaten
  • Vollständiger Suchlauf wählen (überall Haken setzen)
  • wenn der Scanvorgang beendet ist, klicke auf "Zeige Resultate"
  • alle Funde bis auf - falls MBAM meldet in C:\System Volume Information - den Haken bitte entfernen - markieren und auf "Löschen" - "Ausgewähltes entfernen") klicken.
  • Poste das Ergebnis hier in den Thread - den Bericht findest Du unter "Scan-Berichte"
eine bebilderte Anleitung findest Du hier: Anleitung

2.
Schliesse alle Programme einschliesslich Internet Explorer und fixe mit Hijackthis die Einträge aus der nachfolgenden Codebox (HijackThis starten→ "Do a system scan only"→ Einträge auswählenHäckhen setzen→ "Fix checked" klicken→ PC neu aufstarten):
HijackThis erstellt ein Backup, Falls bei "Fixen" etwas schief geht, kann man unter "View the list of backups"- die Objekte wiederherstellen
Code:
ATTFilter
R3 - URLSearchHook: (no name) - - (no file)
         
3.
Ich würde gerne noch all deine installierten Programme sehen:
Lade dir das Tool Ccleaner herunter
→ "Download"→ " [COLOR="Blue"]
installieren (Software-Lizenzvereinbarung lesen, falls angeboten wird "Füge CCleaner Yahoo! Toolbar hinzu" abwählen)→ starten→ falls nötig - unter Options settings-> "german" einstellen
dann klick auf "Extra (um die installierten Programme auch anzuzeigen)→ weiter auf "Als Textdatei speichern..."
wird eine Textdatei (*.txt) erstellt, kopiere dazu den Inhalt und füge ihn da ein

4.
Bitte Versteckte - und Systemdateien sichtbar machen den Link hier anklicken:
System-Dateien und -Ordner unter XP und Vista sichtbar machen
Am Ende unserer Arbeit, kannst wieder rückgängig machen!

5.
alle Anwendungen schließen → Ordner für temporäre Dateien bitte leeren
lösche nur den Inhalt der Ordner, nicht die Ordner selbst! - Dateien, die noch in Benutzung sind,nicht löschbar.
c:\windows\temp
- anschließend den Papierkorb leeren

6.
reinige dein System mit Ccleaner:
  • "Cleaner"→ "Analysieren"→ Klick auf den Button "Start CCleaner"
  • "Registry""Fehler suchen"→ "Fehler beheben"→ "Alle beheben"
  • Starte dein System neu auf

7.
→ Lade Dir HJTscanlist.zip herunter
→ entpacke die Datei auf deinem Desktop
→ Bei WindowsXP Home musst vor dem Scan zusätzlich tasklist.zip installieren
→ per Doppelklick starten
→ Wähle dein Betriebsystem aus - bei Win7 wähle Vista
→ Wenn Du

wirst, die Option "Einstellung" (1) - scanlist" wählen
→ Nach kurzer Zeit sollte sich Dein Editor öffnen und die Datei hjtscanlist.txt präsentieren
→ Bitte kopiere den Inhalt hier in Deinen Thread.
** Falls es klappt auf einmal nicht, kannst den Text in mehrere Teile teilen und so posten

8.
poste erneut - nach der vorgenommenen Reinigungsaktion:
TrendMicro™ HijackThis™ -Logfile - Keine offenen Fenster, solang bis HijackThis läuft!!

Zitat:
Damit dein Thread übersichtlicher und schön lesbar bleibt, am besten nutze den Code-Tags für deinen Post:
→ vor dein Log schreibst Du (also am Anfang des Logfiles):[code]
hier kommt dein Logfile rein - z.B hjtsanlist o. sonstiges
→ dahinter - also am Ende der Logdatei: [/code]
gruß
Coverflow
__________________


Alt 20.12.2010, 23:41   #3
Sonnentau
 
Hab ich einen Keylogger ? - Standard

Hab ich einen Keylogger ?



Hallo Coverflow,

vielen Dank für deine Hilfe!
Das Wichtigste für mich ist, zu erfahren ob ich einen Keylogger installiert habe. Das zu wissen ist mir noch wichtiger, als dass er entfernt wird.

Hier die Logs:

Malwarebytes:

Code:
ATTFilter
Malwarebytes' Anti-Malware 1.50
www.malwarebytes.org

Datenbank Version: 5363

Windows 6.0.6002 Service Pack 2
Internet Explorer 8.0.6001.18999

20.12.2010 23:36:12
mbam-log-2010-12-20 (23-36-12).txt

Art des Suchlaufs: Vollständiger Suchlauf (C:\|D:\|E:\|)
Durchsuchte Objekte: 325527
Laufzeit: 1 Stunde(n), 39 Minute(n), 48 Sekunde(n)

Infizierte Speicherprozesse: 0
Infizierte Speichermodule: 0
Infizierte Registrierungsschlüssel: 0
Infizierte Registrierungswerte: 0
Infizierte Dateiobjekte der Registrierung: 0
Infizierte Verzeichnisse: 0
Infizierte Dateien: 1

Infizierte Speicherprozesse:
(Keine bösartigen Objekte gefunden)

Infizierte Speichermodule:
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungsschlüssel:
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungswerte:
(Keine bösartigen Objekte gefunden)

Infizierte Dateiobjekte der Registrierung:
(Keine bösartigen Objekte gefunden)

Infizierte Verzeichnisse:
(Keine bösartigen Objekte gefunden)

Infizierte Dateien:
c:\Users\documents\downloads\oo_defragprofessional120197\o&o_defragprofessional.12.0.197\keygen(zwt)\keygen.exe (Backdoor.RBot) -> Quarantined and deleted successfully.
         

Ccleaner: Installierte Programme

Code:
ATTFilter
7-Zip 4.65		24.02.2009	3,13MB	
ACD/Labs Software in C:\Program Files\ACDFREE12\	ACD/Labs	01.08.2010	79,7MB	v12.00, FREE
Ad-Aware	Lavasoft	29.07.2010	85,6MB	
Adobe Flash Player 10 ActiveX	Adobe Systems Incorporated	16.06.2010		10.1.53.64
Adobe Flash Player 10 Plugin	Adobe Systems Incorporated	01.10.2010		10.1.85.3
Adobe Reader 9.4.1 - Deutsch	Adobe Systems Incorporated	04.12.2010	167,4MB	9.4.1
Advanced Audio FX Engine		13.03.2008		
Advanced Video FX Engine		13.03.2008		
Apple Application Support	Apple Inc.	14.06.2010	39,7MB	1.2.1
Apple Mobile Device Support	Apple Inc.	14.06.2010	19,7MB	3.0.1.3
Apple Software Update	Apple Inc.	24.04.2010	2,16MB	2.1.1.116
Avanquest update	Avanquest Software	11.01.2010	2,33MB	1.21
Benutzerhandbuch		13.03.2008	0,82MB	
Bonjour	Apple Inc.	14.06.2010	0,76MB	2.0.1.2
Browser Address Error Redirector	Dell	12.03.2008		1.00.0000
CCleaner	Piriform	20.12.2010	2,80MB	3.01
Compatibility Pack für 2007 Office System	Microsoft Corporation	10.11.2010	56,2MB	12.0.6425.1000
Dell Driver Download Manager	Dell Inc.	07.10.2010		2.1.0.0
Dell Handbuch zum Einstieg	Dell Inc.	12.03.2008		1.00.0000
Dell Support Center	Dell	12.03.2008		2.0.07311
Dell Touchpad	Alps Electric	12.03.2008	7,66MB	7.1.102.7
Dell Webcam Center		13.03.2008	14,1MB	
Dell Webcam Manager		13.03.2008	0,77MB	
DivX Converter	DivX, Inc.	08.05.2010	30,4MB	7.1.0
DivX Plus DirectShow Filters	DivX, Inc.	08.05.2010	1,58MB	
DivX-Setup	DivX, Inc. 	15.11.2010	2,12MB	2.1.2.2
DVDVideoSoft Toolbar		02.01.2010	8,45MB	
DVDVideoSoftTB Toolbar		21.05.2010	2,61MB	
eMule		29.07.2010	11,1MB	
ERUNT 1.1j	Lars Hederer	14.12.2010	0,67MB	
Favorit		14.03.2009		
Free Audio CD Burner version 1.4	DVDVideoSoft Limited.	24.07.2010	2,58MB	
Free YouTube to MP3 Converter version 3.7	DVDVideoSoft Limited.	24.07.2010	5,34MB	
FreePDF (Remove only)		29.07.2010	3,01MB	
GIMP 2.6.8		30.04.2010	98,6MB	
Google Chrome	Google Inc.	08.05.2010	79,2MB	8.0.552.224
Google Earth	Google	25.09.2010	85,4MB	5.2.1.1588
Google Updater	Google Inc.	25.03.2009	3,96MB	2.4.1536.6592
GPL Ghostscript 8.62		24.02.2009	28,7MB	
GPL Ghostscript Fonts		24.02.2009	4,81MB	
HiJackThis	Trend Micro	16.12.2010	0,36MB	1.0.0
ICQ6.5	ICQ	27.10.2009	44,4MB	6.5
ImageJ 1.43u	NIH	20.05.2010	107,0MB	
Intel(R) PROSet/Wireless Software	Intel Corporation	13.03.2008		11.01.0000
Intel® Matrix Storage Manager	Intel Corporation	15.12.2009	3,77MB	
iTunes	Apple Inc.	14.06.2010	160,0MB	9.1.1.12
JabRef 2.6	JabRef Team	25.04.2010	7,02MB	2.6
Java(TM) 6 Update 17	Sun Microsystems, Inc.	12.12.2009	95,0MB	6.0.170
Java(TM) SE Runtime Environment 6	Sun Microsystems, Inc.	12.03.2008		1.6.0.0
Laptop Integrated Webcam Driver (1.03.02.0719)		14.03.2008		
Live! Cam Avatar	Creative Technology Ltd.	12.03.2008	14,0MB	1.0
Live! Cam Avatar Creator	Creative Technology Ltd.	12.03.2008	183,2MB	4.6.0817.1
LiveUpdate 3.3 (Symantec Corporation)	Symantec Corporation	15.12.2009	16,1MB	3.3.0.92
Malwarebytes' Anti-Malware	Malwarebytes Corporation	14.12.2010	4,80MB	
MediaDirect	Dell	12.03.2008	124,7MB	3.5
Microsoft .NET Framework 3.5 Language Pack SP1 - DEU	Microsoft Corporation	09.08.2009	37,0MB	
Microsoft .NET Framework 3.5 SP1	Microsoft Corporation	08.08.2009	37,0MB	
Microsoft .NET Framework 4 Client Profile	Microsoft Corporation	24.06.2010	120,3MB	4.0.30319
Microsoft Office Enterprise 2007	Microsoft Corporation	19.10.2009	619MB	12.0.6425.1000
Microsoft Office Live Add-in 1.3	Microsoft Corporation	29.05.2010	0,48MB	2.0.2313.0
Microsoft Office Outlook Connector	Microsoft Corporation	28.09.2010	3,36MB	14.0.5118.5000
Microsoft Office PowerPoint Viewer 2007 (English)	Microsoft Corporation	10.11.2010	50,8MB	12.0.6425.1000
Microsoft Silverlight	Microsoft Corporation	28.09.2010	14,9MB	4.0.50917.0
Microsoft SQL Server 2005 Compact Edition [ENU]	Microsoft Corporation	29.05.2010	1,74MB	3.1.0000
Microsoft SQL Server Compact 3.5 SP1 English	Microsoft Corporation	24.04.2010	2,60MB	3.5.5692.0
Microsoft Sync Framework Runtime Native v1.0 (x86)	Microsoft Corporation	29.05.2010	0,61MB	1.0.1215.0
Microsoft Sync Framework Services Native v1.0 (x86)	Microsoft Corporation	29.05.2010	1,45MB	1.0.1215.0
Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053	Microsoft Corporation	29.07.2009	0,25MB	8.0.50727.4053
Microsoft Visual C++ 2005 Redistributable	Microsoft Corporation	24.04.2010	0,33MB	8.0.59193
Microsoft Visual C++ 2008 ATL Update kb973924 - x86 9.0.30729.4148	Microsoft Corporation	29.07.2009	0,19MB	9.0.30729.4148
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17	Microsoft Corporation	18.05.2009	0,58MB	9.0.30729
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148	Microsoft Corporation	24.04.2010	0,58MB	9.0.30729.4148
Microsoft Works	Microsoft Corporation	09.04.2008	248MB	07.03.0512
Microsoft Works Suite-Add-Ins für Microsoft Word	Microsoft Corporation	09.04.2008	1,44MB	7.0.0.0000
Microsoft – Speichern als PDF oder XPS – Add-In für 2007 Microsoft Office-Programme	Microsoft Corporation	03.08.2010	0,13MB	12.0.4518.1014
Move Media Player	Move Networks	09.03.2010		
Mozilla Firefox (3.6.13)	Mozilla	10.12.2010	45,8MB	3.6.13 (de)
MSN Connection Center	Microsoft Corporation	08.12.2008	6,53MB	1.8
Muziic Player & Encoder		19.04.2009	28,4MB	
Nero 7 Demo	Nero AG	30.04.2010	275MB	7.00.1466
NVIDIA Drivers		11.12.2009		
O&O Defrag Professional	O&O Software GmbH	15.12.2009	36,8MB	12.0.197
OpenOffice.org 3.0	OpenOffice.org	24.02.2009	333MB	3.0.9379
OutlookAddinSetup	CyberLink	12.03.2008	0,99MB	1.0.0
PHOTOfunSTUDIO 5.0	Panasonic Corporation	24.04.2010	76,7MB	5.00.012
Picasa 3	Google, Inc.	02.03.2010	54,8MB	3.6
Protector Suite QL 5.6	UPEK Inc.	12.03.2008		5.6.2.3447
PyMOL		18.05.2008	33,1MB	
QuickSet	Dell Inc.	12.03.2008		8.2.17
QuickTime	Apple Inc.	14.06.2010	73,8MB	7.66.71.0
RealPlayer	RealNetworks	16.06.2010	72,5MB	
RedMon - Redirection Port Monitor		24.02.2009		
Roxio Creator DE		13.03.2008	18,1MB	10.1
Setup-Start von Microsoft Works 2004		09.04.2008	7,49MB	
Skype™ 5.0	Skype Technologies S.A.	12.12.2010	15,2MB	5.0.152
softonic-de3 Toolbar	softonic-de3	11.08.2010	2,84MB	5.7.1.1
Sony Ericsson Media Manager 1.1	Sony Ericsson	23.01.2009	62,5MB	1.1.550
Sony Ericsson PC Suite 6.009.00	Sony Ericsson	11.01.2010	55,3MB	6.009.00
SUPER © Version 2010.bld.38 (May 2, 2010)	eRightSoft	29.07.2010	27,7MB	Version 2010.bld.38 (May 2, 2010)
SweetIM for Messenger 2.6		12.03.2008	3,56MB	
SweetIM Toolbar for Internet Explorer 3.3		12.03.2008	2,61MB	
Symantec Endpoint Protection	*Symantec Corporation	15.12.2009	449MB	11.0.5002.333
TuneUp Utilities	TuneUp Software	29.07.2010	61,0MB	9.0.4400.15
TuneUp Utilities 2009	TuneUp Software	26.05.2009	46,9MB	8.0.3100.31
Uninstall 1.0.0.1		24.07.2010	17,3MB	
Update Service	Sony Ericsson Mobile Communications AB	23.01.2009	102,7MB	2.9.1.10
VLC media player 1.0.1	VideoLAN Team	08.08.2009	72,4MB	1.0.1
WIDCOMM Bluetooth Software 6.0.1.3100	Dell	12.03.2008		6.0.1.3100
Winamp	Nullsoft, Inc	17.12.2008	29,2MB	5.541 
Windows Live Anmelde-Assistent	Microsoft Corporation	21.12.2009	1,93MB	5.000.818.5
Windows Live Essentials	Microsoft Corporation	29.05.2010	73,5MB	14.0.8117.0416
Windows Live Sync	Microsoft Corporation	29.05.2010	2,79MB	14.0.8117.416
Windows Live-Uploadtool	Microsoft Corporation	21.12.2009	0,22MB	14.0.8014.1029
Windows Media Player Firefox Plugin	Microsoft Corp	01.06.2008	0,29MB	1.0.0.8
Windows Movie Maker 2.6	Microsoft Corporation	16.12.2010	8,92MB	2.6.4040.0
WinRAR		20.01.2009	3,73MB
         

hjtscanlist.txt

Code:
ATTFilter
                        $$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$ 
                        º                                    º 
                                    hjtscanlist v2.0              
                        º                                    º 
                        $$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$ 

Microsoft Windows [Version 6.0.6002]
 
 
C:

       C:\hiberfil.sys ---------    
       C:\pagefile.sys ---------    
  21.12.2010 00:14     C:\Windows --------- 32768   
  17.12.2010 20:17     C:\Config.Msi --------- 81920   
  17.12.2010 20:17     C:\Program Files --------- 28672   
  15.12.2010 20:38     C:\ProgramData --------- 12288   
  13.12.2010 11:49     C:\DVDVideoSoft --------- 163840   
  29.11.2010 10:02     C:\fpRedmon.log --------- 5184   
  08.09.2010 09:57     C:\INSTALL.LOG --------- 1256   
  09.08.2010 23:17     C:\t1fg.2 --------- 0   
  02.08.2010 12:09     C:\Temp --------- 0   
  17.06.2010 07:11     C:\t1ek.2 --------- 0   
  08.02.2010 10:32     C:\System Volume Information --------- 32768   
  18.01.2010 16:23     C:\Casino --------- 0   
  16.01.2010 16:56     C:\Users --------- 4096   
  16.01.2010 16:55     C:\DELL --------- 0   
  22.12.2009 16:13     C:\sqmdata12.sqm --------- 268   
  22.12.2009 16:13     C:\sqmnoopt12.sqm --------- 244   
  22.12.2009 16:07     C:\sqmdata11.sqm --------- 268   
  22.12.2009 16:07     C:\sqmnoopt11.sqm --------- 244   
  21.12.2009 23:04     C:\sqmdata10.sqm --------- 268   
  21.12.2009 23:04     C:\sqmnoopt10.sqm --------- 244   
  20.12.2009 22:53     C:\sqmdata09.sqm --------- 268   
  20.12.2009 22:53     C:\sqmnoopt09.sqm --------- 244   
  20.12.2009 12:08     C:\sqmdata08.sqm --------- 268   
  20.12.2009 12:08     C:\sqmnoopt08.sqm --------- 244   
  19.12.2009 09:41     C:\sqmnoopt07.sqm --------- 244   
  19.12.2009 09:41     C:\sqmdata07.sqm --------- 268   
  19.12.2009 09:04     C:\sqmdata06.sqm --------- 268   
  19.12.2009 09:04     C:\sqmnoopt06.sqm --------- 244   
  17.12.2009 22:55     C:\sqmdata05.sqm --------- 268   
  17.12.2009 22:55     C:\sqmnoopt05.sqm --------- 244   
  17.12.2009 12:14     C:\sqmdata04.sqm --------- 268   
  17.12.2009 12:14     C:\sqmnoopt04.sqm --------- 244   
  16.12.2009 22:54     C:\sqmdata03.sqm --------- 268   
  16.12.2009 22:54     C:\sqmnoopt03.sqm --------- 244   
  16.12.2009 18:47     C:\sqmdata02.sqm --------- 268   
  16.12.2009 18:47     C:\sqmnoopt02.sqm --------- 244   
  16.12.2009 13:12     C:\Boot --------- 4096   
  16.12.2009 12:57     C:\sqmdata01.sqm --------- 268   
  16.12.2009 12:57     C:\sqmnoopt01.sqm --------- 244   
  16.12.2009 12:19     C:\sqmdata00.sqm --------- 268   
  16.12.2009 12:19     C:\sqmnoopt00.sqm --------- 244   
  16.12.2009 11:48     C:\Intel --------- 0   
  16.12.2009 11:16     C:\aaw7boot.log --------- 10572   
  12.12.2009 22:33     C:\PerfLogs --------- 0   
  12.12.2009 21:49     C:\3f70dd46c01c7eba96af6556032035e1 --------- 0   
  11.04.2009 07:36     C:\bootmgr --------- 333257   
  15.03.2009 22:19     C:\Downloads --------- 0   
  25.02.2009 16:45     C:\My Downloads --------- 0   
  19.05.2008 12:36     C:\MSDOS.SYS --------- 0   
  19.05.2008 12:36     C:\IO.SYS --------- 0   
  11.04.2008 19:21     C:\MSOCache --------- 0   
  18.03.2008 19:21     C:\kav --------- 0   
  18.03.2008 12:22     C:\$Recycle.Bin --------- 4096   
  18.03.2008 12:17     C:\Programme --------- 0   
  18.03.2008 12:17     C:\Dokumente und Einstellungen --------- 0   
  14.03.2008 07:46     C:\dell.sdr --------- 4576   
  14.03.2008 07:29     C:\doctemp --------- 0   
  14.03.2008 07:29     C:\Drivers --------- 0   
  14.03.2008 00:07     C:\Documents and Settings --------- 0   
  18.09.2006 22:43     C:\config.sys --------- 10   
  18.09.2006 22:43     C:\autoexec.bat --------- 24   
  24.05.2001 11:59     C:\UNWISE.EXE --------- 162304   
----------------------------------------

 
C:\Windows

  21.12.2010 00:20     C:\Windows\bootstat.dat --------- 67584   
  21.12.2010 00:17     C:\Windows\bthservsdp.dat --------- 12   
  21.12.2010 00:17     C:\Windows\WindowsUpdate.log --------- 1938750   
  17.04.2010 00:45     C:\Windows\WLXPGSS.SCR --------- 307056   
  24.02.2010 22:02     C:\Windows\nsreg.dat --------- 0   
  12.12.2009 22:52     C:\Windows\WindowsShell.Manifest --------- 749   
  12.12.2009 21:51     C:\Windows\SPInstall.etl --------- 196608   
  20.10.2009 23:16     C:\Windows\win.ini --------- 240   
  09.08.2009 15:17     C:\Windows\ocsetup_install_NetFx3.etl --------- 48955392   
  09.08.2009 15:17     C:\Windows\ocsetup_cbs_install_NetFx3.perf --------- 196608   
  09.08.2009 15:17     C:\Windows\ocsetup_cbs_install_NetFx3.dpx --------- 65536   
  11.04.2009 07:27     C:\Windows\explorer.exe --------- 2926592   
  08.05.2008 15:29     C:\Windows\ODBC.INI --------- 400   
  14.03.2008 07:46     C:\Windows\csup.txt --------- 12   
  14.03.2008 00:07     C:\Windows\CT4CET.bin --------- 76   
  14.03.2008 00:02     C:\Windows\ocsetup_install_OEMHelpCustomization.etl --------- 10682368   
  14.03.2008 00:02     C:\Windows\ocsetup_cbs_install_OEMHelpCustomization.perf --------- 196608   
  14.03.2008 00:02     C:\Windows\ocsetup_cbs_install_OEMHelpCustomization.dpx --------- 65536   
  18.01.2008 23:33     C:\Windows\regedit.exe --------- 134656   
  18.01.2008 23:33     C:\Windows\notepad.exe --------- 151040   
  18.01.2008 23:33     C:\Windows\fveupdate.exe --------- 13312   
  18.01.2008 23:33     C:\Windows\HelpPane.exe --------- 498176   
  18.01.2008 23:33     C:\Windows\bfsvc.exe --------- 58880   
  28.08.2007 06:51     C:\Windows\OEM02Mon.exe --------- 36864   
  28.08.2007 06:51     C:\Windows\OEM02Cfg.exe --------- 28672   
  28.08.2007 06:51     C:\Windows\OEM002.uns --------- 4510   
  28.08.2007 06:48     C:\Windows\CtDrvIns.exe --------- 90112   
  02.11.2006 13:35     C:\Windows\WMSysPr9.prx --------- 316640   
  02.11.2006 13:34     C:\Windows\twunk_16.exe --------- 49680   
  02.11.2006 13:34     C:\Windows\twain_32.dll --------- 50688   
  02.11.2006 13:34     C:\Windows\twunk_32.exe --------- 31232   
  02.11.2006 13:34     C:\Windows\twain.dll --------- 94784   
  02.11.2006 10:45     C:\Windows\winhlp32.exe --------- 9216   
  02.11.2006 10:45     C:\Windows\hh.exe --------- 14848   
  02.11.2006 08:46     C:\Windows\mib.bin --------- 43131   
  19.09.2006 12:41     C:\Windows\HomePremium.xml --------- 8328   
  18.09.2006 22:46     C:\Windows\system.ini --------- 219   
  18.09.2006 22:43     C:\Windows\_default.pif --------- 707   
  18.09.2006 22:43     C:\Windows\winhelp.exe --------- 256192   
  18.09.2006 22:30     C:\Windows\msdfmap.ini --------- 1405   
  15.09.2005 12:35     C:\Windows\UNNeroMediaHome.cfg --------- 50   
  12.09.2005 14:13     C:\Windows\UNNeroBackItUp.exe --------- 233472   
  12.09.2005 14:13     C:\Windows\UNNeroShowTime.exe --------- 233472   
  12.09.2005 14:13     C:\Windows\UNNeroMediaHome.exe --------- 233472   
  12.09.2005 14:13     C:\Windows\UNRecode.exe --------- 233472   
  12.09.2005 14:13     C:\Windows\UNNeroVision.exe --------- 233472   
  30.08.2005 19:37     C:\Windows\UNNeroVision.cfg --------- 50   
  30.08.2005 19:37     C:\Windows\UNNeroShowTime.cfg --------- 50   
  30.08.2005 19:36     C:\Windows\UNRecode.cfg --------- 50   
  30.08.2005 19:33     C:\Windows\UNNeroBackItUp.cfg --------- 50   
  18.01.2002 17:12     C:\Windows\ActiveSkin.INI --------- 112   
  19.11.1997 14:49     C:\Windows\IsUninst.exe --------- 303616   
----------------------------------------

 
C:\Windows\System

 02.11.2006 13:34      C:\Windows\System\mciseq.drv --------- 25264 
 02.11.2006 13:34      C:\Windows\System\mciwave.drv --------- 28160 
 02.11.2006 13:34      C:\Windows\System\avifile.dll --------- 109456 
 02.11.2006 13:34      C:\Windows\System\avicap.dll --------- 69584 
 02.11.2006 13:34      C:\Windows\System\mciavi.drv --------- 73376 
 02.11.2006 13:34      C:\Windows\System\msvideo.dll --------- 126912 
 02.11.2006 08:10      C:\Windows\System\OLESVR.DLL --------- 24064 
 02.11.2006 08:10      C:\Windows\System\WFWNET.DRV --------- 12704 
 02.11.2006 08:10      C:\Windows\System\COMMDLG.DLL --------- 32816 
 02.11.2006 08:10      C:\Windows\System\TIMER.DRV --------- 4048 
 02.11.2006 08:10      C:\Windows\System\MMSYSTEM.DLL --------- 68992 
 02.11.2006 08:10      C:\Windows\System\mmtask.tsk --------- 1152 
 02.11.2006 08:10      C:\Windows\System\mouse.drv --------- 2032 
 02.11.2006 08:10      C:\Windows\System\vga.drv --------- 2176 
 02.11.2006 08:10      C:\Windows\System\sound.drv --------- 1744 
 02.11.2006 08:10      C:\Windows\System\keyboard.drv --------- 2000 
 02.11.2006 08:10      C:\Windows\System\SHELL.DLL --------- 5120 
 02.11.2006 08:10      C:\Windows\System\system.drv --------- 3360 
 18.09.2006 22:43      C:\Windows\System\ver.dll --------- 9008 
 18.09.2006 22:43      C:\Windows\System\olecli.dll --------- 82944 
 18.09.2006 22:43      C:\Windows\System\lzexpand.dll --------- 9936 
 18.09.2006 22:35      C:\Windows\System\stdole.tlb --------- 5532 
----------------------------------------

 
C:\Windows\System32

 21.12.2010 00:26     C:\Windows\system32\Tasks --------- 8192  
 21.12.2010 00:20     C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0 --------- 3568  
 21.12.2010 00:20     C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0 --------- 3568  
 21.12.2010 00:19     C:\Windows\system32\oodbs.lor --------- 412148  
 21.12.2010 00:14     C:\Windows\system32\LogFiles --------- 0  
 20.12.2010 23:40     C:\Windows\system32\drivers --------- 65536  
 20.12.2010 21:37     C:\Windows\system32\FNTCACHE.DAT --------- 399816  
 20.12.2010 09:43     C:\Windows\system32\migration --------- 4096  
 17.12.2010 21:22     C:\Windows\system32\perfh009.dat --------- 594224  
 17.12.2010 21:22     C:\Windows\system32\perfh007.dat --------- 626790  
 17.12.2010 21:22     C:\Windows\system32\perfc009.dat --------- 104038  
 17.12.2010 21:22     C:\Windows\system32\perfc007.dat --------- 126194  
 17.12.2010 21:22     C:\Windows\system32\PerfStringBackup.INI --------- 1441294  
 17.12.2010 19:51     C:\Windows\system32\de-DE --------- 266240  
 17.12.2010 19:49     C:\Windows\system32\catroot --------- 4096  
 16.12.2010 14:19     C:\Windows\system32\catroot2 --------- 24576  
 16.12.2010 14:13     C:\Windows\system32\mrt.exe --------- 37366216  
 04.11.2010 19:56     C:\Windows\system32\wmicmiplugin.dll --------- 345600  
 04.11.2010 19:55     C:\Windows\system32\taskschd.dll --------- 352768  
 04.11.2010 19:55     C:\Windows\system32\taskcomp.dll --------- 270336  
 04.11.2010 19:55     C:\Windows\system32\schedsvc.dll --------- 601600  
 04.11.2010 17:34     C:\Windows\system32\taskeng.exe --------- 171520  
 02.11.2010 07:01     C:\Windows\system32\wininet.dll --------- 916480  
 02.11.2010 07:01     C:\Windows\system32\urlmon.dll --------- 1210880  
 02.11.2010 07:00     C:\Windows\system32\occache.dll --------- 206848  
 02.11.2010 06:58     C:\Windows\system32\mstime.dll --------- 611840  
 02.11.2010 06:58     C:\Windows\system32\mshtmled.dll --------- 66560  
 02.11.2010 06:58     C:\Windows\system32\mshtml.dll --------- 5959168  
 02.11.2010 06:58     C:\Windows\system32\msfeeds.dll --------- 602112  
 02.11.2010 06:58     C:\Windows\system32\msfeedsbs.dll --------- 55296  
 02.11.2010 06:57     C:\Windows\system32\licmgr10.dll --------- 43520  
 02.11.2010 06:57     C:\Windows\system32\jsproxy.dll --------- 25600  
 02.11.2010 06:57     C:\Windows\system32\inetcpl.cpl --------- 1469440  
 02.11.2010 06:57     C:\Windows\system32\ieui.dll --------- 164352  
 02.11.2010 06:57     C:\Windows\system32\iesysprep.dll --------- 109056  
 02.11.2010 06:57     C:\Windows\system32\iesetup.dll --------- 71680  
 02.11.2010 06:57     C:\Windows\system32\iertutil.dll --------- 1991680  
 02.11.2010 06:57     C:\Windows\system32\iernonce.dll --------- 55808  
 02.11.2010 06:57     C:\Windows\system32\iepeers.dll --------- 184320  
 02.11.2010 06:57     C:\Windows\system32\ieframe.dll --------- 11080704  
 02.11.2010 06:57     C:\Windows\system32\iedkcs32.dll --------- 387584  
 02.11.2010 06:01     C:\Windows\system32\html.iec --------- 385024  
 02.11.2010 05:26     C:\Windows\system32\ieUnatt.exe --------- 133632  
 02.11.2010 05:25     C:\Windows\system32\ie4uinit.exe --------- 173568  
 02.11.2010 05:25     C:\Windows\system32\msfeedssync.exe --------- 13312  
 02.11.2010 05:24     C:\Windows\system32\mshtml.tlb --------- 1638912  
 28.10.2010 16:44     C:\Windows\system32\atmlib.dll --------- 34304  
 28.10.2010 14:27     C:\Windows\system32\atmfd.dll --------- 292352  
 28.10.2010 14:20     C:\Windows\system32\tzres.dll --------- 2048  
 19.10.2010 10:41     C:\Windows\system32\MpSigStub.exe --------- 222080  
 18.10.2010 14:37     C:\Windows\system32\consent.exe --------- 81920  
 18.10.2010 14:31     C:\Windows\system32\win32k.sys --------- 2038272  
 12.10.2010 05:16     C:\Windows\system32\WDI --------- 8192  
 13.09.2010 16:46     C:\Windows\system32\wmp.dll --------- 10628096  
 13.09.2010 14:56     C:\Windows\system32\wmploc.DLL --------- 8147456  
 06.09.2010 17:20     C:\Windows\system32\srvsvc.dll --------- 125952  
 06.09.2010 17:19     C:\Windows\system32\netevent.dll --------- 17920  
 31.08.2010 16:46     C:\Windows\system32\mfc40u.dll --------- 954288  
 31.08.2010 16:46     C:\Windows\system32\mfc40.dll --------- 954752  
 31.08.2010 16:44     C:\Windows\system32\comctl32.dll --------- 531968  
 26.08.2010 17:37     C:\Windows\system32\t2embed.dll --------- 157184  
 26.08.2010 17:34     C:\Windows\system32\gameux.dll --------- 1696256  
 26.08.2010 17:33     C:\Windows\system32\Apphlpdm.dll --------- 28672  
 26.08.2010 15:23     C:\Windows\system32\GameUXLegacyGDFs.dll --------- 4240384  
 20.08.2010 17:05     C:\Windows\system32\wmpmde.dll --------- 867328  
 17.08.2010 15:11     C:\Windows\system32\spoolsv.exe --------- 128000  
 10.08.2010 16:53     C:\Windows\system32\schannel.dll --------- 274944  
 30.07.2010 17:01     C:\Windows\system32\DRVSTORE --------- 0  
 26.07.2010 16:51     C:\Windows\system32\shell32.dll --------- 11584512  
 06.07.2010 12:26     C:\Windows\system32\TURegOpt.exe --------- 30528  
 06.07.2010 12:20     C:\Windows\system32\authuitu.dll --------- 21312  
 06.07.2010 12:20     C:\Windows\system32\uxtuneup.dll --------- 30016  
 28.06.2010 18:00     C:\Windows\system32\ole32.dll --------- 1316864  
 25.06.2010 23:47     C:\Windows\system32\en-US --------- 8192  
 18.06.2010 18:31     C:\Windows\system32\rtutils.dll --------- 36864  
 17.06.2010 22:10     C:\Windows\system32\rmoc3260.dll --------- 185920  
 17.06.2010 22:10     C:\Windows\system32\pndx5032.dll --------- 5632  
 17.06.2010 22:10     C:\Windows\system32\pndx5016.dll --------- 6656  
 17.06.2010 22:09     C:\Windows\system32\pncrt.dll --------- 278528  
 16.06.2010 16:30     C:\Windows\system32\fontsub.dll --------- 72704  
 11.06.2010 17:15     C:\Windows\system32\msxml3.dll --------- 1248768  
 11.06.2010 08:43     C:\Windows\system32\wbem --------- 61440  
 08.06.2010 18:35     C:\Windows\system32\ntoskrnl.exe --------- 3548040  
 08.06.2010 18:35     C:\Windows\system32\ntkrnlpa.exe --------- 3600768  
 03.06.2010 03:41     C:\Windows\system32\GPhotos.scr --------- 3600384  
 27.05.2010 21:08     C:\Windows\system32\inetcomm.dll --------- 739328  
 27.05.2010 21:08     C:\Windows\system32\iccvid.dll --------- 81920  
 04.05.2010 20:13     C:\Windows\system32\msshsq.dll --------- 231424  
 26.04.2010 23:04     C:\Windows\system32\DivXControlPanelApplet.cpl --------- 353592  
 16.04.2010 17:46     C:\Windows\system32\usp10.dll --------- 502272  
 08.04.2010 12:20     C:\Windows\system32\dnssd.dll --------- 91424  
 08.04.2010 12:20     C:\Windows\system32\dns-sd.exe --------- 107808  
 05.04.2010 18:02     C:\Windows\system32\MP4SDECD.DLL --------- 317952  
 05.04.2010 18:01     C:\Windows\system32\asycfilt.dll --------- 67072  
 31.03.2010 02:58     C:\Windows\system32\px.dll --------- 678384  
 31.03.2010 02:58     C:\Windows\system32\pxafs.dll --------- 133616  
 31.03.2010 02:58     C:\Windows\system32\pxcpya64.exe --------- 68080  
 31.03.2010 02:58     C:\Windows\system32\vxblock.dll --------- 100848  
 31.03.2010 02:58     C:\Windows\system32\pxdrv.dll --------- 559600  
 31.03.2010 02:58     C:\Windows\system32\pxsfs.dll --------- 2083312  
----------------------------------------

 
C:\Windows\Prefetch

----------------------------------------

 
C:\Windows\Tasks

 21.12.2010 00:25     C:\Windows\Tasks\User_Feed_Synchronization-{DBD29A69-2A2F-4BDF-A6E9-EBF5645E58B7}.job --------- 434  
 21.12.2010 00:23     C:\Windows\Tasks\Google Software Updater.job --------- 1052  
 21.12.2010 00:22     C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job --------- 1092  
 21.12.2010 00:20     C:\Windows\Tasks\SA.DAT --------- 6  
 21.12.2010 00:17     C:\Windows\Tasks\SCHEDLGU.TXT --------- 32614  
 20.12.2010 23:46     C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job --------- 1096  
----------------------------------------

 
C:\Windows\Temp

----------------------------------------

 
C:\Users\UNTINU~1\AppData\Local\Temp

 21.12.2010 00:25     C:\Users\UNTINU~1\AppData\Local\Temp\hjtscanlist.zip --------- 2097  
 21.12.2010 00:23     C:\Users\UNTINU~1\AppData\Local\Temp\divBE3F.tmp --------- 0  
 21.12.2010 00:23     C:\Users\UNTINU~1\AppData\Local\Temp\AdobeARM.log --------- 807  
 21.12.2010 00:22     C:\Users\UNTINU~1\AppData\Local\Temp\WPDNSE --------- 0  
 21.12.2010 00:22     C:\Users\UNTINU~1\AppData\Local\Temp\Untinulla.bmp --------- 31832  
 20.12.2010 23:58     C:\Users\UNTINU~1\AppData\Local\Temp\div379.tmp --------- 0  
 20.12.2010 23:44     C:\Users\UNTINU~1\AppData\Local\Temp\~DFB334.tmp --------- 114688  
 20.12.2010 23:44     C:\Users\UNTINU~1\AppData\Local\Temp\div9423.tmp --------- 0  
 20.12.2010 22:09     C:\Users\UNTINU~1\AppData\Local\Temp\divBCF7.tmp --------- 0  
 20.12.2010 12:59     C:\Users\UNTINU~1\AppData\Local\Temp\jusched.log --------- 1336  
 20.12.2010 11:32     C:\Users\UNTINU~1\AppData\Local\Temp\java_install_reg.log --------- 291  
 20.12.2010 10:24     C:\Users\UNTINU~1\AppData\Local\Temp\drmtemp0025DCE7.htm --------- 28532  
 20.12.2010 09:46     C:\Users\UNTINU~1\AppData\Local\Temp\div1860.tmp --------- 0  
 15.12.2010 21:40     C:\Users\UNTINU~1\AppData\Local\Temp\Low --------- 0  
----------------------------------------

 
C:\Program Files

 21.12.2010 00:02     C:\Program Files\CCleaner --------- 0  
 20.12.2010 21:35     C:\Program Files\Windows Mail --------- 4096  
 20.12.2010 09:43     C:\Program Files\Internet Explorer --------- 4096  
 17.12.2010 20:17     C:\Program Files\HiJackThis --------- 0  
 17.12.2010 19:51     C:\Program Files\Movie Maker 2.6 --------- 4096  
 15.12.2010 20:54     C:\Program Files\ERUNT --------- 4096  
 15.12.2010 20:39     C:\Program Files\Malwarebytes' Anti-Malware --------- 4096  
 13.12.2010 18:27     C:\Program Files\Skype --------- 0  
 11.12.2010 02:58     C:\Program Files\Mozilla Firefox --------- 40960  
 16.11.2010 20:37     C:\Program Files\DivX --------- 8192  
 21.10.2010 08:01     C:\Program Files\Windows Media Player --------- 4096  
 29.09.2010 22:33     C:\Program Files\Microsoft Silverlight --------- 4096  
 26.09.2010 15:31     C:\Program Files\Google --------- 4096  
 12.08.2010 23:50     C:\Program Files\Movie Maker --------- 4096  
 12.08.2010 21:11     C:\Program Files\softonic-de3 --------- 0  
 04.08.2010 19:36     C:\Program Files\MSECache --------- 0  
 30.07.2010 18:08     C:\Program Files\FreePDF_XP --------- 8192  
 30.07.2010 16:11     C:\Program Files\eMule --------- 4096  
 30.07.2010 16:10     C:\Program Files\Windows Sidebar --------- 4096  
 30.07.2010 16:10     C:\Program Files\TuneUp Utilities 2010 --------- 49152  
 30.07.2010 16:08     C:\Program Files\AviSynth 2.5 --------- 0  
 30.07.2010 16:07     C:\Program Files\eRightSoft --------- 0  
 25.07.2010 20:57     C:\Program Files\DVDVideoSoftTB --------- 4096  
 25.06.2010 23:47     C:\Program Files\Microsoft.NET --------- 0  
 17.06.2010 22:10     C:\Program Files\Real --------- 0  
 17.06.2010 22:10     C:\Program Files\Common Files --------- 8192  
 15.06.2010 19:55     C:\Program Files\iTunes --------- 4096  
 15.06.2010 19:54     C:\Program Files\iPod --------- 0  
 15.06.2010 19:52     C:\Program Files\Bonjour --------- 4096  
 15.06.2010 19:31     C:\Program Files\QuickTime --------- 4096  
 03.06.2010 13:10     C:\Program Files\mp3DirectCut --------- 4096  
 30.05.2010 20:07     C:\Program Files\Windows Live --------- 4096  
 30.05.2010 19:57     C:\Program Files\Microsoft --------- 0  
 30.05.2010 19:56     C:\Program Files\Microsoft Sync Framework --------- 0  
 30.05.2010 19:55     C:\Program Files\Microsoft SQL Server Compact Edition --------- 0  
 21.05.2010 08:49     C:\Program Files\ImageJ --------- 4096  
 13.05.2010 22:42     C:\Program Files\DVDVideoSoft --------- 4096  
 01.05.2010 15:57     C:\Program Files\Nero --------- 0  
 01.05.2010 15:56     C:\Program Files\GIMP-2.0 --------- 0  
 28.04.2010 13:18     C:\Program Files\ICQ6.5 --------- 16384  
 26.04.2010 15:26     C:\Program Files\JabRef --------- 4096  
 25.04.2010 11:40     C:\Program Files\Apple Software Update --------- 4096  
 25.04.2010 11:34     C:\Program Files\Panasonic --------- 0  
 25.04.2010 11:34     C:\Program Files\InstallShield Installation Information --------- 8192  
 25.04.2010 11:34     C:\Program Files\Microsoft Synchronization Services --------- 0  
 08.02.2010 13:42     C:\Program Files\Adobe --------- 0  
 15.01.2010 12:34     C:\Program Files\ACDFREE12 --------- 24576  
 12.01.2010 16:07     C:\Program Files\Avanquest update --------- 0  
 03.01.2010 11:12     C:\Program Files\Conduit --------- 0  
 22.12.2009 23:05     C:\Program Files\Windows Live SkyDrive --------- 0  
 17.12.2009 09:13     C:\Program Files\Windows Portable Devices --------- 0  
 16.12.2009 13:02     C:\Program Files\Windows Calendar --------- 0  
 16.12.2009 13:02     C:\Program Files\Windows Collaboration --------- 4096  
 16.12.2009 13:02     C:\Program Files\Windows Journal --------- 4096  
 16.12.2009 13:02     C:\Program Files\Windows Photo Gallery --------- 4096  
 16.12.2009 13:02     C:\Program Files\Windows Defender --------- 4096  
 16.12.2009 12:54     C:\Program Files\OO Software --------- 0  
 16.12.2009 11:50     C:\Program Files\Intel --------- 4096  
 16.12.2009 11:39     C:\Program Files\Symantec --------- 0  
 13.12.2009 17:51     C:\Program Files\Java --------- 0  
 12.12.2009 22:52     C:\Program Files\desktop.ini --------- 174  
 08.12.2009 23:46     C:\Program Files\Lavasoft --------- 0  
 06.12.2009 15:01     C:\Program Files\Adobe(0) --------- 0  
 28.10.2009 19:08     C:\Program Files\ICQ6Toolbar --------- 0  
 28.10.2009 19:07     C:\Program Files\ICQ6 --------- 0  
 20.10.2009 23:19     C:\Program Files\Microsoft Works --------- 36864  
 09.08.2009 17:06     C:\Program Files\VideoLAN --------- 0  
 27.05.2009 08:01     C:\Program Files\TuneUp Utilities 2009 --------- 45056  
 20.04.2009 09:21     C:\Program Files\Muziic --------- 4096  
 25.02.2009 16:50     C:\Program Files\OpenOffice.org 3 --------- 4096  
 25.02.2009 16:29     C:\Program Files\7-Zip --------- 4096  
 25.02.2009 16:26     C:\Program Files\gs --------- 0  
 24.01.2009 20:46     C:\Program Files\Sony --------- 0  
 24.01.2009 20:46     C:\Program Files\Sony Ericsson --------- 4096  
 21.01.2009 19:18     C:\Program Files\WinRAR --------- 4096  
 18.12.2008 23:05     C:\Program Files\Winamp --------- 4096  
 09.12.2008 00:37     C:\Program Files\MSN --------- 0  
 17.10.2008 18:20     C:\Program Files\ICQToolbar --------- 0  
 10.07.2008 10:39     C:\Program Files\BearShareV6.exe --------- 8897064  
 21.06.2008 19:15     C:\Program Files\MSBuild --------- 0  
 21.06.2008 19:14     C:\Program Files\Microsoft Office --------- 4096  
 21.06.2008 19:05     C:\Program Files\Microsoft Visual Studio 8 --------- 0  
 19.05.2008 12:36     C:\Program Files\DeLano Scientific --------- 0  
 11.04.2008 22:22     C:\Program Files\DAEMON Tools Lite --------- 4096  
 11.04.2008 19:28     C:\Program Files\Microsoft Visual Studio --------- 0  
 10.04.2008 18:35     C:\Program Files\Microsoft Works Suite 2004 --------- 0  
 18.03.2008 12:17     C:\Program Files\Windows NT --------- 4096  
 18.03.2008 12:17     C:\Program Files\Gemeinsame Dateien --------- 0  
 14.03.2008 07:45     C:\Program Files\DellTPad --------- 4096  
 14.03.2008 00:25     C:\Program Files\Dell --------- 4096  
 14.03.2008 00:23     C:\Program Files\Roxio --------- 4096  
 14.03.2008 00:18     C:\Program Files\CyberLink --------- 0  
 14.03.2008 00:16     C:\Program Files\Dell Support Center --------- 4096  
 14.03.2008 00:12     C:\Program Files\WIDCOMM --------- 0  
 14.03.2008 00:07     C:\Program Files\Creative --------- 0  
 14.03.2008 00:06     C:\Program Files\Creative Live Cam --------- 0  
 14.03.2008 00:05     C:\Program Files\Protector Suite QL --------- 12288  
 14.03.2008 00:03     C:\Program Files\Intel, Inc --------- 0  
 13.03.2008 23:51     C:\Program Files\Sigmatel --------- 0  
 02.11.2006 14:01     C:\Program Files\Uninstall Information --------- 0  
 02.11.2006 13:37     C:\Program Files\Microsoft Games --------- 4096  
 02.11.2006 13:37     C:\Program Files\Reference Assemblies --------- 0  
----------------------------------------

 
C:\ProgramData\.. 
   
desktop.ini    
Public    
All Users    
Default User    
Default    
----------------------------------------

 
C:\Windows\system32\drivers\etc\hosts

127.0.0.1       localhost
::1             localhost

----------------------------------------

 

Abbildname                     PID Sitzungsname       Sitz.-Nr. Speichernutzung
========================= ======== ================ =========== ===============
System Idle Process              0 Services                   0            24 K
System                           4 Services                   0           840 K
smss.exe                       452 Services                   0         1.436 K
csrss.exe                      528 Services                   0         9.692 K
wininit.exe                    580 Services                   0        10.492 K
csrss.exe                      588 Console                    1         7.988 K
services.exe                   624 Services                   0        15.164 K
lsass.exe                      640 Services                   0        40.380 K
lsm.exe                        652 Services                   0        10.356 K
winlogon.exe                   716 Console                    1        14.344 K
svchost.exe                    832 Services                   0         5.752 K
svchost.exe                    892 Services                   0         5.808 K
svchost.exe                    940 Services                   0         7.572 K
svchost.exe                   1036 Services                   0        10.420 K
svchost.exe                   1116 Services                   0        67.776 K
svchost.exe                   1128 Services                   0        22.500 K
audiodg.exe                   1200 Services                   0         7.944 K
svchost.exe                   1240 Services                   0         4.100 K
SLsvc.exe                     1260 Services                   0         6.708 K
svchost.exe                   1292 Services                   0         9.148 K
upeksvr.exe                   1476 Console                    1         7.084 K
Smc.exe                       1664 Services                   0         8.084 K
svchost.exe                   1692 Services                   0        11.796 K
ccSvcHst.exe                  1896 Services                   0         4.160 K
wlanext.exe                   1960 Services                   0         8.376 K
AAWService.exe                 364 Services                   0        38.104 K
spoolsv.exe                    824 Services                   0        10.016 K
svchost.exe                   1396 Services                   0        10.852 K
AEstSrv.exe                   2060 Services                   0         1.356 K
AppleMobileDeviceService.     2072 Services                   0         3.392 K
mDNSResponder.exe             2104 Services                   0         4.452 K
svchost.exe                   2124 Services                   0         2.748 K
EvtEng.exe                    2280 Services                   0         7.608 K
IAANTmon.exe                  2324 Services                   0         4.616 K
MDM.EXE                       2380 Services                   0         3.732 K
oodag.exe                     2536 Services                   0         6.868 K
SupServ.exe                   2564 Services                   0         2.484 K
RegSrvc.exe                   2592 Services                   0         3.612 K
SeaPort.exe                   2668 Services                   0         7.440 K
stacsv.exe                    2708 Services                   0         4.620 K
svchost.exe                   2776 Services                   0         4.836 K
Rtvscan.exe                   2788 Services                   0         4.668 K
TuneUpUtilitiesService32.     2864 Services                   0         8.240 K
unsecapp.exe                  3204 Services                   0         3.424 K
WmiPrvSE.exe                  3468 Services                   0         5.540 K
taskeng.exe                   3900 Services                   0         5.708 K
taskeng.exe                   2620 Console                    1        10.540 K
TuneUpUtilitiesApp32.exe       856 Console                    1         6.452 K
dwm.exe                       3124 Console                    1        56.216 K
taskeng.exe                   1184 Console                    1         4.700 K
explorer.exe                  1056 Console                    1        42.800 K
SmcGui.exe                    3044 Console                    1         6.560 K
GoogleCrashHandler.exe        3316 Services                   0           724 K
MSASCui.exe                   2716 Console                    1         4.436 K
Apoint.exe                    3924 Console                    1         5.412 K
OEM02Mon.exe                  2952 Console                    1         4.508 K
IAAnotif.exe                  2828 Console                    1         5.616 K
rundll32.exe                  4004 Console                    1         5.376 K
rundll32.exe                  2524 Console                    1         3.740 K
ccApp.exe                     1020 Console                    1         1.396 K
sttray.exe                    3952 Console                    1        10.140 K
DivXUpdate.exe                2000 Console                    1        15.524 K
ehtray.exe                    1800 Console                    1           844 K
wmpnscfg.exe                  3664 Console                    1         4.604 K
rundll32.exe                   888 Console                    1         6.380 K
ehmsas.exe                    3696 Console                    1         3.808 K
wmpnetwk.exe                  2652 Services                   0         8.432 K
ApMsgFwd.exe                  4272 Console                    1         2.876 K
ApntEx.exe                    4304 Console                    1         3.796 K
hidfind.exe                   4312 Console                    1         3.476 K
firefox.exe                   4360 Console                    1        74.980 K
cmd.exe                       5220 Console                    1         2.848 K
AAWTray.exe                   5504 Console                    1           388 K
dllhost.exe                   5696 Console                    1         4.136 K
tasklist.exe                  5828 Console                    1         4.604 K
WmiPrvSE.exe                  5852 Services                   0         5.684 K

 
***** Ende des Scans 21.12.2010 um  0:26:42,47 ***
         

HijackThis:

Code:
ATTFilter
HiJackthis Logfile:
Code:
ATTFilter
Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 00:29:28, on 21.12.2010
Platform: Windows Vista SP2 (WinNT 6.00.1906)
MSIE: Internet Explorer v8.00 (8.00.6001.18999)
Boot mode: Normal

Running processes:
C:\Windows\system32\taskeng.exe
C:\Program Files\TuneUp Utilities 2010\TuneUpUtilitiesApp32.exe
C:\Windows\system32\Dwm.exe
C:\Windows\system32\taskeng.exe
C:\Windows\Explorer.EXE
C:\Program Files\Symantec\Symantec Endpoint Protection\SmcGui.exe
C:\Program Files\Windows Defender\MSASCui.exe
C:\Program Files\DellTPad\Apoint.exe
C:\Windows\OEM02Mon.exe
C:\Program Files\Intel\Intel Matrix Storage Manager\IAAnotif.exe
C:\Windows\System32\rundll32.exe
C:\Windows\System32\rundll32.exe
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\Program Files\Sigmatel\C-Major Audio\WDM\sttray.exe
C:\Program Files\DivX\DivX Update\DivXUpdate.exe
C:\Windows\ehome\ehtray.exe
C:\Program Files\Windows Media Player\wmpnscfg.exe
C:\Windows\System32\rundll32.exe
C:\Windows\ehome\ehmsas.exe
C:\Program Files\DellTPad\ApMsgFwd.exe
C:\Program Files\DellTPad\Apntex.exe
C:\Program Files\DellTPad\HidFind.exe
C:\Program Files\Lavasoft\Ad-Aware\AAWTray.exe
C:\Program Files\HiJackThis\Trend Micro\HiJackThis\HiJackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = h**p://search.conduit.com?SearchSource=10&ctid=CT2431245
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = h**p://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = h**p://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = h**p://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = 
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch = 
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Internet Explorer bereitgestellt von Dell
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = 
R3 - URLSearchHook: DVDVideoSoft Toolbar - {e9911ec6-1bcc-40b0-9993-e0eea7f6953f} - C:\Program Files\DVDVideoSoft\tbDVDV.dll
R3 - URLSearchHook: DVDVideoSoftTB Toolbar - {872b5b88-9db5-4310-bdd0-ac189557e5f5} - C:\Program Files\DVDVideoSoftTB\tbDVDV.dll
R3 - URLSearchHook: softonic-de3 Toolbar - {cc05a3e3-64c3-4af2-bfc1-af0d66b69065} - C:\Program Files\softonic-de3\tbsoft.dll
O1 - Hosts: ::1 localhost
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: RealPlayer Download and Record Plugin for Internet Explorer - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\IE\rpbrowserrecordplugin.dll
O2 - BHO: Search Helper - {6EBF7485-159F-4bff-A14F-B9E3AAC4465B} - C:\Program Files\Microsoft\Search Enhancement Pack\Search Helper\SEPsearchhelperie.dll
O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll
O2 - BHO: DVDVideoSoftTB Toolbar - {872b5b88-9db5-4310-bdd0-ac189557e5f5} - C:\Program Files\DVDVideoSoftTB\tbDVDV.dll
O2 - BHO: Windows Live Anmelde-Hilfsprogramm - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.4.4525.1752\swg.dll
O2 - BHO: Browser Address Error Redirector - {CA6319C0-31B7-401E-A518-A07C3DB8F777} - C:\Program Files\Dell\BAE\BAE.dll
O2 - BHO: softonic-de3 Toolbar - {cc05a3e3-64c3-4af2-bfc1-af0d66b69065} - C:\Program Files\softonic-de3\tbsoft.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: Windows Live Toolbar Helper - {E15A8DC0-8516-42A1-81EA-DC94EC1ACF10} - C:\Program Files\Windows Live\Toolbar\wltcore.dll
O2 - BHO: DVDVideoSoft Toolbar - {e9911ec6-1bcc-40b0-9993-e0eea7f6953f} - C:\Program Files\DVDVideoSoft\tbDVDV.dll
O3 - Toolbar: DVDVideoSoft Toolbar - {e9911ec6-1bcc-40b0-9993-e0eea7f6953f} - C:\Program Files\DVDVideoSoft\tbDVDV.dll
O3 - Toolbar: DVDVideoSoftTB Toolbar - {872b5b88-9db5-4310-bdd0-ac189557e5f5} - C:\Program Files\DVDVideoSoftTB\tbDVDV.dll
O3 - Toolbar: &Windows Live Toolbar - {21FA44EF-376D-4D53-9B0F-8A89D3229068} - C:\Program Files\Windows Live\Toolbar\wltcore.dll
O3 - Toolbar: softonic-de3 Toolbar - {cc05a3e3-64c3-4af2-bfc1-af0d66b69065} - C:\Program Files\softonic-de3\tbsoft.dll
O4 - HKLM\..\Run: [Windows Defender] %ProgramFiles%\Windows Defender\MSASCui.exe -hide
O4 - HKLM\..\Run: [Apoint] C:\Program Files\DellTPad\Apoint.exe
O4 - HKLM\..\Run: [OEM02Mon.exe] C:\Windows\OEM02Mon.exe
O4 - HKLM\..\Run: [DELL Webcam Manager] "C:\Program Files\Dell\Dell Webcam Manager\DellWMgr.exe" /s
O4 - HKLM\..\Run: [IAAnotif] C:\Program Files\Intel\Intel Matrix Storage Manager\iaanotif.exe
O4 - HKLM\..\Run: [NvSvc] RUNDLL32.EXE C:\Windows\system32\nvsvc.dll,nvsvcStart
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\Windows\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\Windows\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [NVHotkey] rundll32.exe C:\Windows\system32\nvHotkey.dll,Start
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [SigmatelSysTrayApp] %ProgramFiles%\SigmaTel\C-Major Audio\WDM\sttray.exe
O4 - HKLM\..\Run: [DivXUpdate] "C:\Program Files\DivX\DivX Update\DivXUpdate.exe" /CHECKNOW
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [Adobe ARM] "C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
O4 - HKLM\..\Run: [Malwarebytes' Anti-Malware (reboot)] "C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe" /runcleanupscript
O4 - HKCU\..\Run: [ehTray.exe] C:\Windows\ehome\ehTray.exe
O4 - HKCU\..\Run: [WMPNSCFG] C:\Program Files\Windows Media Player\WMPNSCFG.exe
O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'LOKALER DIENST')
O4 - HKUS\S-1-5-19\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter (User 'LOKALER DIENST')
O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'NETZWERKDIENST')
O4 - HKUS\S-1-5-18\..\RunOnce: [RealUpgradeHelper] "C:\Program Files\Common Files\Real\Update_OB\upgrdhlp.exe" "RealNetworks|RealPlayer|12.0" (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\RunOnce: [RealUpgradeHelper] "C:\Program Files\Common Files\Real\Update_OB\upgrdhlp.exe" "RealNetworks|RealPlayer|12.0" (User 'Default user')
O8 - Extra context menu item: Add to Google Photos Screensa&ver - res://C:\Windows\system32\GPhotos.scr/200
O8 - Extra context menu item: Bild an &Bluetooth-Gerät senden... - c:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm
O8 - Extra context menu item: Free YouTube to Mp3 Converter - C:\Users\****nulla\AppData\Roaming\DVDVideoSoftIEHelpers\youtubetomp3.htm
O8 - Extra context menu item: Nach Microsoft &Excel exportieren - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O8 - Extra context menu item: Nach Microsoft E&xel exportieren - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000
O8 - Extra context menu item: Seite an &Bluetooth-Gerät senden... - c:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
O9 - Extra button: In Blog veröffentlichen - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra 'Tools' menuitem: In Windows Live Writer in Blog veröffentliche&n - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra button: An OneNote senden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: An OneNote s&enden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL
O9 - Extra button: @btrez.dll,-4015 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - c:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
O9 - Extra 'Tools' menuitem: @btrez.dll,-12650 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - c:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
O9 - Extra button: ICQ6 - {E59EB121-F339-4851-A3BA-FE49C35617C2} - C:\Program Files\ICQ6.5\ICQ.exe
O9 - Extra 'Tools' menuitem: ICQ6 - {E59EB121-F339-4851-A3BA-FE49C35617C2} - C:\Program Files\ICQ6.5\ICQ.exe
O17 - HKLM\System\CCS\Services\Tcpip\..\{B1824C8D-07D2-4EA6-8982-09B4DE7DD406}: NameServer = 132.230.200.200,132.230.201.111
O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\Program Files\Microsoft Office\Office12\GrooveSystemServices.dll
O22 - SharedTaskScheduler: Component Categories cache daemon - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\Windows\system32\browseui.dll
O23 - Service: Andrea ST Filters Service (AESTFilters) - Andrea Electronics Corporation - C:\Windows\system32\aestsrv.exe
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
O23 - Service: Dienst "Bonjour" (Bonjour Service) - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
O23 - Service: Intel(R) PROSet/Wireless Event Log (EvtEng) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
O23 - Service: Google Update Service (gupdate) (gupdate) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe
O23 - Service: Google Software Updater (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: Intel(R) Matrix Storage Event Monitor (IAANTMON) - Intel Corporation - C:\Program Files\Intel\Intel Matrix Storage Manager\Iaantmon.exe
O23 - Service: iPod-Dienst (iPod Service) - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Lavasoft Ad-Aware Service - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe
O23 - Service: LiveUpdate - Symantec Corporation - C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE
O23 - Service: O&O Defrag - O&O Software GmbH - C:\Program Files\OO Software\Defrag\oodag.exe
O23 - Service: Sony Ericsson OMSI download service (OMSI download service) - Unknown owner - C:\Program Files\Sony Ericsson\Sony Ericsson PC Suite\SupServ.exe
O23 - Service: Intel(R) PROSet/Wireless Registry Service (RegSrvc) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
O23 - Service: Symantec Management Client (SmcService) - Symantec Corporation - C:\Program Files\Symantec\Symantec Endpoint Protection\Smc.exe
O23 - Service: SigmaTel Audio Service (STacSV) - IDT, Inc. - C:\Windows\system32\STacSV.exe
O23 - Service: stllssvr - MicroVision Development, Inc. - C:\Program Files\Common Files\SureThing Shared\stllssvr.exe
O23 - Service: Symantec Endpoint Protection (Symantec AntiVirus) - Symantec Corporation - C:\Program Files\Symantec\Symantec Endpoint Protection\Rtvscan.exe
O23 - Service: @C:\Program Files\TuneUp Utilities 2010\TuneUpDefragService.exe,-1 (TuneUp.Defrag) - TuneUp Software - C:\Program Files\TuneUp Utilities 2010\TuneUpDefragService.exe
O23 - Service: @%SystemRoot%\System32\TUProgSt.exe,-1 (TuneUp.ProgramStatisticsSvc) - TuneUp Software - C:\Windows\System32\TUProgSt.exe
O23 - Service: TuneUp Utilities Service (TuneUp.UtilitiesSvc) - TuneUp Software - C:\Program Files\TuneUp Utilities 2010\TuneUpUtilitiesService32.exe

--
End of file - 12157 bytes
         
--- --- ---
Vielen Dank für deine Hilfe !

__________________

Alt 21.12.2010, 06:29   #4
kira
/// Helfer-Team
 
Hab ich einen Keylogger ? - Standard

Hab ich einen Keylogger ?



1.
Code:
ATTFilter
eMule
         
Zitat:
Internet-Tauschbörsen gehören leider zu den unseriösesten Anbietern, und dort werden sehr viele Schädlinge verbreitet, hierbei sollte deshalb, wenn überhaupt, nur ganz besonders vorsichtig umgegangen werden ! Laut Studien sind bei den Tauschbörsen bei 45% der zum Download angebotenen Dateien, Viren oder Würmer und sonstige Schädlinge enthalten!
Hinzu kommt noch, dass die meisten Downloads von diesen Tauschbörsen eh illegal sind, und damit die Nutzer verleitet werden, „Straftaten“ zu begehen!
Selbst wenn du ein „sicheres“ P2P Programm verwendest, ist es nur das Programm, das sicher ist.Du wirst Daten von "uncertified Quellen" teilen, und diese werden häufig angesteckt...
Ausserdem nicht nur trojanische Pferde oder andere Virentypen eine direkt Verbindung brauchen, sondern der Verwendung von µtorrent & Co, "telefonieren auch nach Hause", wenn auch noch keine Beweise vorliegen (zumindest teilweise nicht) und solchen Clients erlaubt, würde ich nicht empfehlen!

2.
Deinstalliere unter `Start→ Systemsteuereung→ Ändern/Entfernen...`
Code:
ATTFilter
Favorit - Adware -Toolbar
         
Über den normalen Weg oft klappt die Deinstallation nicht, daher einige Tipps:

- Gehe in den abgesicherten Modus [F8]
(drücke beim Hochfahren des Rechners [F8] solange, bis du eine Auswahlmöglichkeit hast, da "abgesicherten Modus " wählen)
und versuche dort

- kommst Du in den abgesicherten Modus wenn du beim Hochfahren des PC's [F8] drückst? Dort hast Du folgende Auswahlmöglichkeiten::
- Abgesicherter Modus

- oder:
starte HijackThis -> wähle unter "Open the Misc Tools section" den Button "Open Uninstall Manager" -> Eintrag auswählen - "Favorit" -> "Delete this entry"

- ist ein nochmaliger Versuch scheitert,wende bitte den CCleaner - bebilderte Anleitung an

- Revo Uninstaller

3.
Deinstalliere auch noch, da Du Avira verwendest:
Code:
ATTFilter
LiveUpdate 3.3 (Symantec Corporation)
         
Norton Antivirus vollständig zu deinstallieren - gehe auf der Symantec-Webseite und suche nach den speziellen Deinstallations-Tools, mit denen die letzten Reste (auch) entfernt werden sollten:► Norton Removal Tool (für alle Produkte ab 2003 bis 2008) von hier herunterladen
oder hier: ►Norton Removal Tool für alle Produkte ab 2003 bis 2010 / wintotal.de

4.
Doppelt besser? Ich würde nicht einmal installieren, dafür hast Du 2x installiert?
Code:
ATTFilter
TuneUp Utilities	TuneUp Software	29.07.2010	61,0MB	9.0.4400.15
TuneUp Utilities 2009	TuneUp Software	26.05.2009	46,9MB	8.0.3100.31
         
5.
Schliesse alle Programme einschliesslich Internet Explorer und fixe mit Hijackthis die Einträge aus der nachfolgenden Codebox (HijackThis starten→ "Do a system scan only"→ Einträge auswählenHäckhen setzen→ "Fix checked" klicken→ PC neu aufstarten):
HijackThis erstellt ein Backup, Falls bei "Fixen" etwas schief geht, kann man unter "View the list of backups"- die Objekte wiederherstellen
Code:
ATTFilter
O4 - HKUS\S-1-5-19\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter (User 'LOKALER DIENST')
         
6.
poste erneut - nach der vorgenommenen Reinigungsaktion:
TrendMicro™ HijackThis™ -Logfile - Keine offenen Fenster, solang bis HijackThis läuft!!
hjtscanlist v2.0 - Dateiliste

Alt 21.12.2010, 09:01   #5
cosinus
/// Winkelfunktion
/// TB-Süch-Tiger™
 
Hab ich einen Keylogger ? - Standard

Hab ich einen Keylogger ?



Zitat:
Infizierte Dateien:
c:\Users\documents\downloads\oo_defragprofessional120197\o&o_defragprofessional.12.0.197\keygen(zwt)\keygen.exe (Backdoor.RBot)


Alt 21.12.2010, 09:51   #6
Sonnentau
 
Hab ich einen Keylogger ? - Standard

Hab ich einen Keylogger ?



@ Coverflow: Danke, ich werde die weiteren Schritte gleich mal durchgehen.

@ cosinus: Was ist mit der infizierten Datei? Versteckt sich dahinter ein Key-Logger?

Grüße Sonnentau

Alt 21.12.2010, 10:08   #7
cosinus
/// Winkelfunktion
/// TB-Süch-Tiger™
 
Hab ich einen Keylogger ? - Standard

Hab ich einen Keylogger ?



Dateien, die crack.exe, keygen.exe oder patch.exe sind zu 99,9% gefährliche Schädlinge, mit denen man nicht Spaßen sollte. Ausserdem sind diese illegal und wir unterstützen die Verwendung von geklauter Software nicht. Somit beschränkt sich der Support auf Anleitung zum Neu aufsetzten

Alt 21.12.2010, 11:40   #8
Sonnentau
 
Hab ich einen Keylogger ? - Standard

Hab ich einen Keylogger ?



Hallo Coverflow,

Ich habe alle deine Anweisungen befolgt.

Hier der hijackthis.log:

HiJackthis Logfile:
Code:
ATTFilter
Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 12:33:13, on 21.12.2010
Platform: Windows Vista SP2 (WinNT 6.00.1906)
MSIE: Internet Explorer v8.00 (8.00.6001.18999)
Boot mode: Normal

Running processes:
C:\Windows\system32\Dwm.exe
C:\Windows\system32\taskeng.exe
C:\Windows\Explorer.EXE
C:\Program Files\Windows Defender\MSASCui.exe
C:\Program Files\DellTPad\Apoint.exe
C:\Windows\OEM02Mon.exe
C:\Program Files\Intel\Intel Matrix Storage Manager\IAAnotif.exe
C:\Windows\System32\rundll32.exe
C:\Windows\System32\rundll32.exe
C:\Program Files\Sigmatel\C-Major Audio\WDM\sttray.exe
C:\Program Files\DivX\DivX Update\DivXUpdate.exe
C:\Windows\ehome\ehtray.exe
C:\Program Files\Windows Media Player\wmpnscfg.exe
C:\Windows\ehome\ehmsas.exe
C:\Program Files\DellTPad\ApMsgFwd.exe
C:\Windows\System32\rundll32.exe
C:\Program Files\DellTPad\HidFind.exe
C:\Program Files\DellTPad\Apntex.exe
C:\Program Files\Lavasoft\Ad-Aware\AAWTray.exe
C:\Windows\system32\wuauclt.exe
C:\Program Files\HiJackThis\Trend Micro\HiJackThis\HiJackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = h**p://search.conduit.com?SearchSource=10&ctid=CT2431245
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = h**p://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = h**p://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = h**p://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = 
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch = 
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Internet Explorer bereitgestellt von Dell
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = 
R3 - URLSearchHook: DVDVideoSoft Toolbar - {e9911ec6-1bcc-40b0-9993-e0eea7f6953f} - C:\Program Files\DVDVideoSoft\tbDVDV.dll
R3 - URLSearchHook: DVDVideoSoftTB Toolbar - {872b5b88-9db5-4310-bdd0-ac189557e5f5} - C:\Program Files\DVDVideoSoftTB\tbDVDV.dll
R3 - URLSearchHook: softonic-de3 Toolbar - {cc05a3e3-64c3-4af2-bfc1-af0d66b69065} - C:\Program Files\softonic-de3\tbsoft.dll
O1 - Hosts: ::1 localhost
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: RealPlayer Download and Record Plugin for Internet Explorer - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\IE\rpbrowserrecordplugin.dll
O2 - BHO: Search Helper - {6EBF7485-159F-4bff-A14F-B9E3AAC4465B} - C:\Program Files\Microsoft\Search Enhancement Pack\Search Helper\SEPsearchhelperie.dll
O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll
O2 - BHO: DVDVideoSoftTB Toolbar - {872b5b88-9db5-4310-bdd0-ac189557e5f5} - C:\Program Files\DVDVideoSoftTB\tbDVDV.dll
O2 - BHO: Windows Live Anmelde-Hilfsprogramm - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.4.4525.1752\swg.dll
O2 - BHO: Browser Address Error Redirector - {CA6319C0-31B7-401E-A518-A07C3DB8F777} - C:\Program Files\Dell\BAE\BAE.dll
O2 - BHO: softonic-de3 Toolbar - {cc05a3e3-64c3-4af2-bfc1-af0d66b69065} - C:\Program Files\softonic-de3\tbsoft.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: Windows Live Toolbar Helper - {E15A8DC0-8516-42A1-81EA-DC94EC1ACF10} - C:\Program Files\Windows Live\Toolbar\wltcore.dll
O2 - BHO: DVDVideoSoft Toolbar - {e9911ec6-1bcc-40b0-9993-e0eea7f6953f} - C:\Program Files\DVDVideoSoft\tbDVDV.dll
O3 - Toolbar: DVDVideoSoft Toolbar - {e9911ec6-1bcc-40b0-9993-e0eea7f6953f} - C:\Program Files\DVDVideoSoft\tbDVDV.dll
O3 - Toolbar: DVDVideoSoftTB Toolbar - {872b5b88-9db5-4310-bdd0-ac189557e5f5} - C:\Program Files\DVDVideoSoftTB\tbDVDV.dll
O3 - Toolbar: &Windows Live Toolbar - {21FA44EF-376D-4D53-9B0F-8A89D3229068} - C:\Program Files\Windows Live\Toolbar\wltcore.dll
O3 - Toolbar: softonic-de3 Toolbar - {cc05a3e3-64c3-4af2-bfc1-af0d66b69065} - C:\Program Files\softonic-de3\tbsoft.dll
O4 - HKLM\..\Run: [Windows Defender] %ProgramFiles%\Windows Defender\MSASCui.exe -hide
O4 - HKLM\..\Run: [Apoint] C:\Program Files\DellTPad\Apoint.exe
O4 - HKLM\..\Run: [OEM02Mon.exe] C:\Windows\OEM02Mon.exe
O4 - HKLM\..\Run: [DELL Webcam Manager] "C:\Program Files\Dell\Dell Webcam Manager\DellWMgr.exe" /s
O4 - HKLM\..\Run: [IAAnotif] C:\Program Files\Intel\Intel Matrix Storage Manager\iaanotif.exe
O4 - HKLM\..\Run: [NvSvc] RUNDLL32.EXE C:\Windows\system32\nvsvc.dll,nvsvcStart
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\Windows\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\Windows\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [NVHotkey] rundll32.exe C:\Windows\system32\nvHotkey.dll,Start
O4 - HKLM\..\Run: [SigmatelSysTrayApp] %ProgramFiles%\SigmaTel\C-Major Audio\WDM\sttray.exe
O4 - HKLM\..\Run: [DivXUpdate] "C:\Program Files\DivX\DivX Update\DivXUpdate.exe" /CHECKNOW
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [Adobe ARM] "C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
O4 - HKLM\..\Run: [Malwarebytes' Anti-Malware (reboot)] "C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe" /runcleanupscript
O4 - HKCU\..\Run: [ehTray.exe] C:\Windows\ehome\ehTray.exe
O4 - HKCU\..\Run: [WMPNSCFG] C:\Program Files\Windows Media Player\WMPNSCFG.exe
O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'LOKALER DIENST')
O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'NETZWERKDIENST')
O4 - HKUS\S-1-5-18\..\RunOnce: [RealUpgradeHelper] "C:\Program Files\Common Files\Real\Update_OB\upgrdhlp.exe" "RealNetworks|RealPlayer|12.0" (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\RunOnce: [RealUpgradeHelper] "C:\Program Files\Common Files\Real\Update_OB\upgrdhlp.exe" "RealNetworks|RealPlayer|12.0" (User 'Default user')
O8 - Extra context menu item: Add to Google Photos Screensa&ver - res://C:\Windows\system32\GPhotos.scr/200
O8 - Extra context menu item: Bild an &Bluetooth-Gerät senden... - c:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm
O8 - Extra context menu item: Free YouTube to Mp3 Converter - C:\Users\****\AppData\Roaming\DVDVideoSoftIEHelpers\youtubetomp3.htm
O8 - Extra context menu item: Nach Microsoft &Excel exportieren - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O8 - Extra context menu item: Nach Microsoft E&xel exportieren - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000
O8 - Extra context menu item: Seite an &Bluetooth-Gerät senden... - c:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
O9 - Extra button: In Blog veröffentlichen - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra 'Tools' menuitem: In Windows Live Writer in Blog veröffentliche&n - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra button: An OneNote senden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: An OneNote s&enden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL
O9 - Extra button: @btrez.dll,-4015 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - c:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
O9 - Extra 'Tools' menuitem: @btrez.dll,-12650 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - c:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
O9 - Extra button: ICQ6 - {E59EB121-F339-4851-A3BA-FE49C35617C2} - C:\Program Files\ICQ6.5\ICQ.exe
O9 - Extra 'Tools' menuitem: ICQ6 - {E59EB121-F339-4851-A3BA-FE49C35617C2} - C:\Program Files\ICQ6.5\ICQ.exe
O17 - HKLM\System\CCS\Services\Tcpip\..\{B1824C8D-07D2-4EA6-8982-09B4DE7DD406}: NameServer = 132.230.200.200,132.230.201.111
O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\Program Files\Microsoft Office\Office12\GrooveSystemServices.dll
O22 - SharedTaskScheduler: Component Categories cache daemon - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\Windows\system32\browseui.dll
O23 - Service: Andrea ST Filters Service (AESTFilters) - Andrea Electronics Corporation - C:\Windows\system32\aestsrv.exe
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
O23 - Service: Dienst "Bonjour" (Bonjour Service) - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: Intel(R) PROSet/Wireless Event Log (EvtEng) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
O23 - Service: Google Update Service (gupdate) (gupdate) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe
O23 - Service: Google Software Updater (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: Intel(R) Matrix Storage Event Monitor (IAANTMON) - Intel Corporation - C:\Program Files\Intel\Intel Matrix Storage Manager\Iaantmon.exe
O23 - Service: iPod-Dienst (iPod Service) - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Lavasoft Ad-Aware Service - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe
O23 - Service: O&O Defrag - O&O Software GmbH - C:\Program Files\OO Software\Defrag\oodag.exe
O23 - Service: Sony Ericsson OMSI download service (OMSI download service) - Unknown owner - C:\Program Files\Sony Ericsson\Sony Ericsson PC Suite\SupServ.exe
O23 - Service: Intel(R) PROSet/Wireless Registry Service (RegSrvc) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
O23 - Service: SigmaTel Audio Service (STacSV) - IDT, Inc. - C:\Windows\system32\STacSV.exe
O23 - Service: stllssvr - MicroVision Development, Inc. - C:\Program Files\Common Files\SureThing Shared\stllssvr.exe

--
End of file - 10625 bytes
         
--- --- ---


Vielen Dank nochmal!

Grüße Sonnentau

Alt 21.12.2010, 11:42   #9
Sonnentau
 
Hab ich einen Keylogger ? - Standard

Hab ich einen Keylogger ?



@ cosinus: danke! Ich habe jedenfalls nicht wissentlich illegale Dateien auf meinem Pc.

Alt 21.12.2010, 11:47   #10
cosinus
/// Winkelfunktion
/// TB-Süch-Tiger™
 
Hab ich einen Keylogger ? - Standard

Hab ich einen Keylogger ?



Zitat:
Ich habe jedenfalls nicht wissentlich illegale Dateien auf meinem Pc.
Ja und wie erklärst du dir den keygen?

Alt 21.12.2010, 14:14   #11
Sonnentau
 
Hab ich einen Keylogger ? - Standard

Hab ich einen Keylogger ?



@ cosinus: keine Ahnung. Ich kann mir mittlerweile gar nichts mehr erklären. Ich möchte einfach nur herausfinden wer mir seit Monaten Mails schreibt, in denen mein komplettes Privatleben dargelegt wird. Es deutet eben alles darauf hin, dass sich jemand in mein Emailkonto und wahrscheinlich auch Skype-Konto gehackt hat.

Grüße Sonnentau

Alt 21.12.2010, 14:22   #12
Sonnentau
 
Hab ich einen Keylogger ? - Standard

Hab ich einen Keylogger ?



@ Cosinus: Keine Ahnung. Ich kann mir mittlerweile gar nichts mehr erklären. Ich weiß nur, dass ich seit Monaten Emails geschickt bekomme, in denen mein gesamtes Privatleben aufgedeckt wird. Deshalb vermute ich, dass sich jemand in meinen Email- und wahrscheinlich auch Skype-Account gehackt hat. Könnte man denn mit so einem Key-Logger auch Gespräche, die über Skype geführt werden, abhören?

Grüße Sonnentau

Alt 21.12.2010, 21:24   #13
cosinus
/// Winkelfunktion
/// TB-Süch-Tiger™
 
Hab ich einen Keylogger ? - Standard

Hab ich einen Keylogger ?



Zitat:
O23 - Service: O&O Defrag - O&O Software GmbH - C:\Program Files\OO Software\Defrag\oodag.exe
Jaja nix kann man erklären, O&O Defrag ist installiert und ein keygen ist auch vorhanden, kommt alles von allein rauf und dieser Kram installiert sich auch von allein

Das ganze Dummstellen und nach Ausreden suchen bringt da rein garnichts mehr, was du jetzt tun musst ist klar.


Thema geschlossen

Themen zu Hab ich einen Keylogger ?
.com, 0x00000001, 7-zip, ad-aware, adblock, alternate, antivirus, avira, bho, bonjour, converter, corp./icp, desktop, error, excel, firefox, firefox.exe, google, google chrome, hijack, hijackthis, hkus\s-1-5-18, home premium, iastor.sys, install.exe, internet, internet explorer, langs, location, microsoft office word, mozilla, mp3, nvlddmkm.sys, office 2007, oldtimer, picasa, programdata, registry, required, saver, searchplugins, security update, shell32.dll, skype.exe, software, start menu, studio, super, symantec, system, usb, vista, vlc media player, windows



Ähnliche Themen: Hab ich einen Keylogger ?


  1. Könnte ich einen Keylogger haben?
    Plagegeister aller Art und deren Bekämpfung - 27.12.2012 (11)
  2. Avira u malware bekommen trojaner u keylogger nicht unter einen hut
    Mülltonne - 11.06.2012 (1)
  3. Wurde mein Rapidshare-Account durch einen Keylogger, etc. "gehackt"?
    Plagegeister aller Art und deren Bekämpfung - 07.05.2012 (0)
  4. Habe ich einen Keylogger?
    Log-Analyse und Auswertung - 26.03.2012 (1)
  5. Wie kann ich einen Keylogger erkennen?
    Log-Analyse und Auswertung - 11.01.2012 (19)
  6. ich glaub ich hab einen keylogger virus
    Plagegeister aller Art und deren Bekämpfung - 04.12.2011 (27)
  7. bnk.win32.keylogger.gen - so gut wie nix geht mehr - ich bitte um Hilfe für einen "Laien"
    Log-Analyse und Auswertung - 15.06.2011 (1)
  8. Wow Account gehackt hab ich einen Keylogger oder Trojaner
    Log-Analyse und Auswertung - 18.04.2011 (1)
  9. Keylogger Trojan-Spy.Win32.KeyLogger.cqd in Windows32
    Plagegeister aller Art und deren Bekämpfung - 05.08.2010 (1)
  10. hallo ich habe einen keylogger gefunden er lässt sich nicht entfernen hier ist meine file
    Log-Analyse und Auswertung - 24.07.2010 (18)
  11. Komisches Programm - Hab Verdacht auf einen Keylogger.
    Plagegeister aller Art und deren Bekämpfung - 12.04.2010 (10)
  12. Habe ich einen Keylogger auf meinem Lappi?
    Log-Analyse und Auswertung - 04.02.2010 (0)
  13. Steamaccount gehackt, habe ich einen Keylogger?
    Log-Analyse und Auswertung - 02.01.2010 (5)
  14. Habe einen Keylogger
    Mülltonne - 05.01.2009 (0)
  15. Verdacht auf einen Keylogger
    Log-Analyse und Auswertung - 05.09.2008 (1)
  16. xp advanced keylogger Commercial KeyLogger
    Plagegeister aller Art und deren Bekämpfung - 03.08.2007 (4)
  17. Hey leute ich habe den verdacht einen keylogger auf meinen rechner zu haben
    Log-Analyse und Auswertung - 12.07.2007 (8)

Zum Thema Hab ich einen Keylogger ? - Hallo, Ich habe den Verdacht, dass sich jemand Zugang zu meinen E-mailkonten verschafft hat. Habe gehört, dass dafür ein Keylogger verantwortlich sein kann. Könnt ihr bitte meine Logfiles (laut Anleitung - Hab ich einen Keylogger ?...
Archiv
Du betrachtest: Hab ich einen Keylogger ? auf Trojaner-Board

Search Engine Optimization by vBSEO ©2011, Crawlability, Inc.