WORM/Koobface.cc u.a. gefunden

Larusso · 01.12.2009, 13:04

schritt 1

Deinstalliere bitte
Freeware_DE Toolbar
ASK Toolbar
Bonjour

Ich würde Dir auch ans Herz legen, die Finger von TuneUp zu lassen. Das hat schon mehr Rechner zerstört als geheilt

Deine Entscheidung.

schritt 2

Fixen mit OTL

Starte bitte die OTL.exe.
Vista-User mit Rechtsklick "als Administrator starten"
Kopiere nun den Inhalt in die Textbox.

Code:

ATTFilter

:OTL
O3 - HKLM\..\Toolbar: (Ask Toolbar) - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Programme\Ask.com\GenericAskToolbar.dll (Ask.com)
O3 - HKCU\..\Toolbar\WebBrowser: (Freeware DE Toolbar) - {26647CA4-A2A7-4EAC-8A72-761AA9141DE7} - C:\Programme\Freeware_DE\tbFree.dll (Conduit Ltd.)
O3 - HKCU\..\Toolbar\WebBrowser: (Ask Toolbar) - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Programme\Ask.com\GenericAskToolbar.dll (Ask.com)
O3 - HKLM\..\Toolbar: (Freeware DE Toolbar) - {26647ca4-a2a7-4eac-8a72-761aa9141de7} - C:\Programme\Freeware_DE\tbFree.dll (Conduit Ltd.)
:Services
MyWebSearchService
:Reg
:Files
C:\Programme\Ask.com
C:\Programme\Freeware_DE
C:\Windows\Tasks\1-Klick-Wartung.job
:Commands
[purity]
[emptytemp]
[start explorer]
[Reboot]

Schliesse bitte nun alle Programme.
Klicke nun bitte auf den Run Fix Button.
Klick auf .
OTL kann gegebenfalls einen Neustart verlangen. Bitte dies zulassen.
Nach dem Neustart findest Du ein Textdokument.
Kopiere nun den Inhalt hier in Code-Tags in Deinen Thread

schritt 3

Deinstalliere bitte deine aktuelle Version von Adobe Reader
Start--> Systemsteuerung--> Software--> Adobe Reader
und lade dir die neue Version von Hier herunter
Als alternative würde ich dir den schlankeren Foxit Reader empfehlen

schritt 4

Java aktualisieren

Deine Javaversion ist veraltet. Da einige Schädlinge (z. B. Vundo) über Java-Exploits in das System eindringen, muss Java aktualisiert werden und alte Versionen müssen vom System entfernt werden, da die alten Versionen ein Sicherheitsrisiko darstellen. Lade JavaRa von prm753 herunter und entpacke es auf den Desktop. JavaRA ist geeignet für Windows 9x, 2k, XP und Vista (mit deaktivierter Benuterkontensteuerung).

Schließe alle Browserfenster.
Doppelklicke die JavaRa.exe, um das Programm zu starten.
Die Sprache auswählen, nimm Englisch und klicke "Select".
Klicke auf Additional Task, mache Haken bei Remove Useless JRE Files und [b]Remove Sun Download Manager[b].
Klicke auf Go und jeweils auf Ok und schließe das Fenster "Additional Tasks" wieder.
Klicke auf Remove Older Versions, um alte Java-Versionen, die auf dem Rechner installiert sind, zu entfernen.
Klicke auf Yes wenn es verlangt wird. Wenn JavaRa fertig, erscheint eine Notiz, dass ein Logfile erstellt wurde, klicke OK.
Das Logfile wird im Editor geöffnet, bitte speichern und später hier posten.
Kontrolliere in Systemsteuerung => Programme, ob noch Java-Versionen vorhanden sind und deinstalliere diese.
Rechner neu starten.

Downloade nun Java (Java Runtime Environment (JRE) 6 Update 17) von http://www.trojaner-board.de/105213-java-update-einstellungen.html]SUN[/url] und installiere es. Vor dem Download musst Du die Lizenzbedingungen akzeptieren, indem Du "Accept License Agreement" aktivierst. Erweiterte Optionen anhaken, Sponsoren-Programm (Toolbar oder ähnliches) ggfs. abwählen.

schritt 5

Systemscan mit OTL

Lade Dir bitte OTL von Oldtimer herunter und speichere es auf Deinem Desktop ( falls noch nicht vorhanden)

Doppelklick auf die OTL.exe
Vista User: Rechtsklick auf die OTL.exe und "als Administrator ausführen" wählen
Oben findest Du ein Kästchen mit Output. Wähle bitte Minimal Output
Unter Extra Registry, wähle bitte Use SafeList
Klicke nun auf Run Scan links oben
Wenn der Scan beendet wurde werden 2 Logfiles erstellt
Poste die Logfiles in Code-Tags hier in den Thread.

Bitte poste in Deiner nächsten Antwort
Log von OTL Fix
Logs von OTL Scan
Berichte wie der Rechner läuft.

alex1009 · 01.12.2009, 19:24

Code:

ATTFilter

All processes killed
========== OTL ==========
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Toolbar\\{D4027C7F-154A-4066-A1AD-4243D8127440} not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{D4027C7F-154A-4066-A1AD-4243D8127440}\ not found.
File C:\Programme\Ask.com\GenericAskToolbar.dll not found.
Registry value HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{26647CA4-A2A7-4EAC-8A72-761AA9141DE7} not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{26647CA4-A2A7-4EAC-8A72-761AA9141DE7}\ not found.
File C:\Programme\Freeware_DE\tbFree.dll not found.
Registry value HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{D4027C7F-154A-4066-A1AD-4243D8127440} not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{D4027C7F-154A-4066-A1AD-4243D8127440}\ not found.
File C:\Programme\Ask.com\GenericAskToolbar.dll not found.
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Toolbar\\{26647ca4-a2a7-4eac-8a72-761aa9141de7} not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{26647ca4-a2a7-4eac-8a72-761aa9141de7}\ not found.
File C:\Programme\Freeware_DE\tbFree.dll not found.
========== SERVICES/DRIVERS ==========
No service named MyWebSearchService was found to stop!
Unable to stop service MyWebSearchService!
========== REGISTRY ==========
========== FILES ==========
File\Folder C:\Programme\Ask.com not found.
File\Folder C:\Programme\Freeware_DE not found.
File\Folder C:\Windows\Tasks\1-Klick-Wartung.job not found.
========== COMMANDS ==========
 
[EMPTYTEMP]
 
User: All Users
 
User: Default
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
 
User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
 
User: Hank
->Temp folder emptied: 31832 bytes
->Temporary Internet Files folder emptied: 414708 bytes
->Java cache emptied: 0 bytes
->Google Chrome cache emptied: 0 bytes
->Apple Safari cache emptied: 0 bytes
 
User: Public
 
User: TEMP
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
 
%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 0 bytes
%systemroot%\System32 .tmp files removed: 0 bytes
Windows Temp folder emptied: 8935545 bytes
RecycleBin emptied: 465298 bytes
 
Total Files Cleaned = 9,39 mb
 
 
OTL by OldTimer - Version 3.1.11.2 log created on 12012009_191955

Files\Folders moved on Reboot...
File move failed. C:\Windows\temp\hlktmp scheduled to be moved on reboot.

Registry entries deleted on Reboot...

alex1009 · 01.12.2009, 20:04

hallo daniel,
es gibt so viele verschieden jre 6 update 17 mit zusatz bundels oder development kit oder runtime environment und und und welches soll ich denn herunterladen?
Grüße Alexandra

alex1009 · 01.12.2009, 20:13

Ok, wer lesen kann ist klar im Vorteil, sorry.
Müsste wohl der Download unter Java SE Runtime Environment sein, allerdings komme ich dann nicht weiter ...

Als Platform habe ich Windows eingegeben, Language ist vorgegeben als Multi-language, nun kommt aber einmal Available Files (zum anclicken Windows Offline Installation) und Optional Files zum anclicken (Windows Kernel Installation oder Windows Online Installation) . Was soll ich nun machen?

Larusso · 01.12.2009, 22:07

Java aktualisieren

Deine Javaversion ist nicht aktuell. Da einige Schädlinge (z. B. Vundo) über Java-Exploits in das System eindringen, deinstalliere zunächst alle vorhandenen Java-Versionen über Systemsteuerung => Software => deinstallieren. Starte den Rechner neu.

Downloade nun die Offline-Version von Java (Java SE Runtime Environment (JRE) 6 Update 17) von http://www.trojaner-board.de/105213-java-update-einstellungen.html]SUN[/url]. Wenn Du auf Download geklickt hast, erscheint eine Seite, wo Du das Betriebssystem auswählen musst (also Windows) und ein Häkchen bei "I agree" setzen musst. Dann auf den Button "Continue" klicken. Dort die jre-6u17-windows-i586.exe downloaden und anschließend installieren, eventuell angebotene Toolbars (Yahoo Toolbar) nicht mitinstallieren.

alex1009 · 01.12.2009, 23:32

Java

Code:

ATTFilter

There was an error removing C:\Users\Hank\Start Menu\Programs\Sun Download Manager 2.0 (local). The error returned was 124.

JavaRa 1.15 Removal Log.

Report follows after line.

------------------------------------

The JavaRa removal process was started on Tue Dec 01 19:52:02 2009

Found and removed: SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0000-ABCDEFFEDCBA}

Found and removed: SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0000-ABCDEFFEDCBB}

Found and removed: SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0000-ABCDEFFEDCBC}

Found and removed: SOFTWARE\Classes\Installer\Features\8A0F842331866D117AB7000B0D610000

Found and removed: SOFTWARE\Classes\Installer\Products\8A0F842331866D117AB7000B0D610000

Found and removed: SOFTWARE\Classes\Installer\UpgradeCodes\7A0F842331866D117AB7000B0D610000

Found and removed: SOFTWARE\Classes\JavaPlugin.160

Found and removed: SOFTWARE\JavaSoft\Java Plug-in\1.6.0

Found and removed: SOFTWARE\JavaSoft\Java Runtime Environment\1.6.0

Found and removed: SOFTWARE\Microsoft\Code Store Database\Distribution Units\{CAFEEFAC-0016-0000-0000-ABCDEFFEDCBA}

Found and removed: SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UpgradeCodes\7A0F842331866D117AB7000B0D610000

Found and removed: SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\ACBB9B2318A96D117A58000B0D610000

Found and removed: SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\8A0F842331866D117AB7000B0D610000

Found and removed: SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{3248F0A8-6813-11D6-A77B-00B0D0160000}

Found and removed: SOFTWARE\JavaSoft\Java Web Start\1.0.1

Found and removed: SOFTWARE\JavaSoft\Java Web Start\1.0.1_02

Found and removed: SOFTWARE\JavaSoft\Java Web Start\1.0.1_03

Found and removed: SOFTWARE\JavaSoft\Java Web Start\1.0.1_04

Found and removed: SOFTWARE\JavaSoft\Java Web Start\1.2

Found and removed: SOFTWARE\JavaSoft\Java Web Start\1.2.0_01

Found and removed: SOFTWARE\JavaSoft\Java Web Start\1.6.0

Found and removed: Software\JavaSoft\Java2D\1.6.0

Found and removed: SOFTWARE\Microsoft\Active Setup\Installed Components\{08B0E5C0-4FCB-11CF-AAA5-00401C608500}

Found and removed: SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\Folders\\C:\Program Files\Java\jre1.6.0\

Found and removed: SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\Folders\\C:\Program Files\Java\jre1.6.0\bin\

------------------------------------

Finished reporting.

alex1009 · 01.12.2009, 23:36

OTL.Txt

Code:

ATTFilter

OTL logfile created on: 01.12.2009 22:48:52 - Run 2
OTL by OldTimer - Version 3.1.11.2     Folder = C:\Users\Hank\Downloads\OTL
Windows Vista Home Premium Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18828)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
 
1,99 Gb Total Physical Memory | 1,08 Gb Available Physical Memory | 54,03% Memory free
4,00 Gb Paging File | 2,91 Gb Available in Paging File | 72,85% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 220,29 Gb Total Space | 100,43 Gb Free Space | 45,59% Space Free | Partition Type: NTFS
Drive D: | 10,00 Gb Total Space | 5,39 Gb Free Space | 53,94% Space Free | Partition Type: NTFS
Drive E: | 1,57 Gb Total Space | 0,00 Gb Free Space | 0,00% Space Free | Partition Type: UDF
F: Drive not present or media not loaded
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded
 
Computer Name: HANK-LAPTOP
Current User Name: Hank
Logged in as Administrator.
 
Current Boot Mode: Normal
Scan Mode: Current user
Company Name Whitelist: Off
Skip Microsoft Files: Off
File Age = 30 Days
Output = Minimal
 
========== Processes (SafeList) ==========
 
PRC - C:\Users\Hank\Downloads\OTL\OTL.exe (OldTimer Tools)
PRC - C:\Programme\iTunes\iTunesHelper.exe (Apple Inc.)
PRC - C:\Programme\iPod\bin\iPodService.exe (Apple Inc.)
PRC - C:\Programme\Skype\Phone\Skype.exe (Skype Technologies S.A.)
PRC - C:\Programme\Skype\Plugin Manager\skypePM.exe (Skype Technologies)
PRC - C:\Programme\Avira\AntiVir Desktop\avguard.exe (Avira GmbH)
PRC - C:\Programme\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe (Apple Inc.)
PRC - C:\Programme\Microsoft SQL Server\MSSQL.1\MSSQL\Binn\sqlservr.exe (Microsoft Corporation)
PRC - C:\Programme\Dell Support Center\bin\sprtcmd.exe (SupportSoft, Inc.)
PRC - C:\Programme\Avira\AntiVir Desktop\sched.exe (Avira GmbH)
PRC - C:\Windows\explorer.exe (Microsoft Corporation)
PRC - C:\Programme\Avira\AntiVir Desktop\avgnt.exe (Avira GmbH)
PRC - C:\Programme\Microsoft SQL Server\90\Shared\sqlwriter.exe (Microsoft Corporation)
PRC - C:\Programme\Microsoft SQL Server\90\Shared\sqlbrowser.exe (Microsoft Corporation)
PRC - C:\DATEV\PROGRAMM\B0001442\PSNTServ.exe (DATEV eG)
PRC - C:\DATEV\PROGRAMM\Install\DvInesASDSvc.Exe (DATEV eG)
PRC - C:\Programme\Akademische Arbeitsgemeinschaft\AAVUpdateManager\aavus.exe ()
PRC - C:\Programme\Dell Support Center\bin\sprtsvc.exe (SupportSoft, Inc.)
PRC - C:\Programme\CDBurnerXP\NMSAccessU.exe ()
PRC - C:\Programme\Windows Defender\MSASCui.exe (Microsoft Corporation)
PRC - C:\Programme\Windows Media Player\wmpnetwk.exe (Microsoft Corporation)
PRC - C:\Programme\Windows Media Player\wmpnscfg.exe (Microsoft Corporation)
PRC - C:\Programme\DellTPad\hidfind.exe (Alps Electric Co., Ltd.)
PRC - C:\Programme\DellTPad\Apoint.exe (Alps Electric Co., Ltd.)
PRC - C:\Programme\DellTPad\ApMsgFwd.exe (Alps Electric Co., Ltd.)
PRC - C:\Programme\DellTPad\ApntEx.exe (Alps Electric Co., Ltd.)
PRC - C:\Windows\OEM02Mon.exe (Creative Technology Ltd.)
PRC - C:\Programme\Intel\Wireless\Bin\EvtEng.exe (Intel Corporation)
PRC - C:\Programme\Intel\Wireless\Bin\RegSrvc.exe (Intel Corporation)
PRC - C:\Programme\Intel\Intel Matrix Storage Manager\IAANTmon.exe (Intel Corporation)
PRC - C:\Programme\Intel\Intel Matrix Storage Manager\IAAnotif.exe (Intel Corporation)
PRC - C:\Windows\System32\drivers\XAudio.exe (Conexant Systems, Inc.)
 
 
========== Modules (SafeList) ==========
 
MOD - C:\Users\Hank\Downloads\OTL\OTL.exe (OldTimer Tools)
MOD - C:\Windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.6002.18005_none_5cb72f96088b0de0\comctl32.dll (Microsoft Corporation)
 
 
========== Win32 Services (SafeList) ==========
 
SRV - (AESTFilters) --  File not found
SRV - (iPod Service) -- C:\Program Files\iPod\bin\iPodService.exe (Apple Inc.)
SRV - (FontCache) -- C:\Windows\System32\FntCache.dll (Microsoft Corporation)
SRV - (AntiVirService) -- C:\Program Files\Avira\AntiVir Desktop\avguard.exe (Avira GmbH)
SRV - (ServiceLayer) -- C:\Program Files\PC Connectivity Solution\ServiceLayer.exe (Nokia.)
SRV - (Apple Mobile Device) -- C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe (Apple Inc.)
SRV - (MSSQL$DATEV_CL_DE01) SQL Server (DATEV_CL_DE01) -- C:\Program Files\Microsoft SQL Server\MSSQL.1\MSSQL\Binn\sqlservr.exe (Microsoft Corporation)
SRV - (AntiVirSchedulerService) -- C:\Program Files\Avira\AntiVir Desktop\sched.exe (Avira GmbH)
SRV - (gupdate1c98bbc9b0497fd) Google Update Service (gupdate1c98bbc9b0497fd) -- C:\Program Files\Google\Update\GoogleUpdate.exe (Google Inc.)
SRV - (GoogleDesktopManager-061008-081103) -- C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe (Google)
SRV - (SQLWriter) -- C:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe (Microsoft Corporation)
SRV - (SQLBrowser) -- C:\Program Files\Microsoft SQL Server\90\Shared\sqlbrowser.exe (Microsoft Corporation)
SRV - (MSSQLServerADHelper) -- C:\Program Files\Microsoft SQL Server\90\Shared\sqladhlp90.exe (Microsoft Corporation)
SRV - (DatevPrintService) -- C:\DATEV\PROGRAMM\B0001442\PSNTServ.exe (DATEV eG)
SRV - (DATEV Update-Service) -- C:\DATEV\PROGRAMM\INSTALL\DvInesASDSvc.Exe (DATEV eG)
SRV - (odserv) -- C:\Program Files\Common Files\Microsoft Shared\OFFICE12\ODSERV.EXE (Microsoft Corporation)
SRV - (AAV UpdateService) -- C:\Programme\Akademische Arbeitsgemeinschaft\AAVUpdateManager\aavus.exe ()
SRV - (sprtsvc_dellsupportcenter) SupportSoft Sprocket Service (dellsupportcenter) -- C:\Program Files\Dell Support Center\bin\sprtsvc.exe (SupportSoft, Inc.)
SRV - (hasplms) -- C:\Windows\System32\hasplms.exe (Aladdin Knowledge Systems Ltd.)
SRV - (NMSAccessU) -- C:\Programme\CDBurnerXP\NMSAccessU.exe ()
SRV - (WinDefend) -- C:\Programme\Windows Defender\MpSvc.dll (Microsoft Corporation)
SRV - (stllssvr) -- C:\Program Files\Common Files\SureThing Shared\stllssvr.exe (MicroVision Development, Inc.)
SRV - (EvtEng) Intel(R) -- C:\Programme\Intel\Wireless\Bin\EvtEng.exe (Intel Corporation)
SRV - (RegSrvc) Intel(R) -- C:\Programme\Intel\Wireless\Bin\RegSrvc.exe (Intel Corporation)
SRV - (IAANTMON) Intel(R) -- C:\Programme\Intel\Intel Matrix Storage Manager\IAANTmon.exe (Intel Corporation)
SRV - (ehstart) -- C:\Windows\ehome\ehstart.dll (Microsoft Corporation)
SRV - (ose) -- C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE (Microsoft Corporation)
SRV - (XAudioService) -- C:\Windows\System32\drivers\XAudio.exe (Conexant Systems, Inc.)
 
 
========== Driver Services (SafeList) ==========
 
DRV - (USBAAPL) -- C:\Windows\System32\drivers\usbaapl.sys (Apple, Inc.)
DRV - (avgntflt) -- C:\Windows\System32\drivers\avgntflt.sys (Avira GmbH)
DRV - (GEARAspiWDM) -- C:\Windows\System32\drivers\GEARAspiWDM.sys (GEAR Software Inc.)
DRV - (ssmdrv) -- C:\Windows\System32\drivers\ssmdrv.sys (Avira GmbH)
DRV - (usbser) -- C:\Windows\System32\drivers\usbser.sys (Microsoft Corporation)
DRV - (avipbb) -- C:\Windows\System32\drivers\avipbb.sys (Avira GmbH)
DRV - (nmwcdnsu) -- C:\Windows\System32\drivers\nmwcdnsu.sys (Nokia)
DRV - (avgio) -- C:\Programme\Avira\AntiVir Desktop\avgio.sys (Avira GmbH)
DRV - (UsbserFilt) -- C:\Windows\System32\drivers\usbser_lowerfltj.sys (Nokia)
DRV - (upperdev) -- C:\Windows\System32\drivers\usbser_lowerflt.sys (Nokia)
DRV - (nmwcdc) -- C:\Windows\System32\drivers\ccdcmbo.sys (Nokia)
DRV - (nmwcd) -- C:\Windows\System32\drivers\ccdcmb.sys (Nokia)
DRV - (pccsmcfd) -- C:\Windows\System32\drivers\pccsmcfd.sys (Nokia)
DRV - (viaide) -- C:\Windows\system32\drivers\viaide.sys (VIA Technologies, Inc.)
DRV - (cmdide) -- C:\Windows\system32\drivers\cmdide.sys (CMD Technology, Inc.)
DRV - (aliide) -- C:\Windows\system32\drivers\aliide.sys (Acer Laboratories Inc.)
DRV - (aksfridge) -- C:\Windows\system32\drivers\aksfridge.sys (Aladdin Knowledge Systems Ltd.)
DRV - (Hardlock) -- C:\Windows\system32\drivers\hardlock.sys (Aladdin Knowledge Systems Ltd.)
DRV - (igfx) -- C:\Windows\System32\drivers\igdkmd32.sys (Intel Corporation)
DRV - (yukonwlh) -- C:\Windows\System32\drivers\yk60x86.sys (Marvell)
DRV - (PxHelp20) -- C:\Windows\System32\Drivers\PxHelp20.sys (Sonic Solutions)
DRV - (OEM02Dev) -- C:\Windows\System32\drivers\OEM02Dev.sys (Creative Technology Ltd.)
DRV - (NETw4v32) Intel(R) -- C:\Windows\System32\drivers\NETw4v32.sys (Intel Corporation)
DRV - (ApfiltrService) -- C:\Windows\System32\drivers\Apfiltr.sys (Alps Electric Co., Ltd.)
DRV - (iaStor) -- C:\Windows\system32\drivers\iastor.sys (Intel Corporation)
DRV - (rismxdp) -- C:\Windows\System32\drivers\rixdptsk.sys (REDC)
DRV - (rimmptsk) -- C:\Windows\System32\drivers\rimmptsk.sys (REDC)
DRV - (rimsptsk) -- C:\Windows\System32\drivers\rimsptsk.sys (REDC)
DRV - (OEM02Vfx) -- C:\Windows\System32\drivers\OEM02Vfx.sys (EyePower Games Pte. Ltd.)
DRV - (IntcHdmiAddService) Intel(R) -- C:\Windows\System32\drivers\IntcHdmi.sys (Intel(R) Corporation)
DRV - (btwaudio) -- C:\Windows\System32\drivers\btwaudio.sys (Broadcom Corporation.)
DRV - (btwrchid) -- C:\Windows\System32\drivers\btwrchid.sys (Broadcom Corporation.)
DRV - (btwavdt) -- C:\Windows\System32\drivers\btwavdt.sys (Broadcom Corporation.)
DRV - (HSF_DPV) -- C:\Windows\System32\drivers\HSX_DPV.sys (Conexant Systems, Inc.)
DRV - (HSXHWAZL) -- C:\Windows\System32\drivers\HSXHWAZL.sys (Conexant Systems, Inc.)
DRV - (winachsf) -- C:\Windows\System32\drivers\HSX_CNXT.sys (Conexant Systems, Inc.)
DRV - (ql2300) -- C:\Windows\system32\drivers\ql2300.sys (QLogic Corporation)
DRV - (adp94xx) -- C:\Windows\system32\drivers\adp94xx.sys (Adaptec, Inc.)
DRV - (elxstor) -- C:\Windows\system32\drivers\elxstor.sys (Emulex)
DRV - (adpahci) -- C:\Windows\system32\drivers\adpahci.sys (Adaptec, Inc.)
DRV - (uliahci) -- C:\Windows\system32\drivers\uliahci.sys (ULi Electronics Inc.)
DRV - (iaStorV) -- C:\Windows\system32\drivers\iastorv.sys (Intel Corporation)
DRV - (adpu320) -- C:\Windows\system32\drivers\adpu320.sys (Adaptec, Inc.)
DRV - (ulsata2) -- C:\Windows\system32\drivers\ulsata2.sys (Promise Technology, Inc.)
DRV - (vsmraid) -- C:\Windows\system32\drivers\vsmraid.sys (VIA Technologies Inc.,Ltd)
DRV - (ql40xx) -- C:\Windows\system32\drivers\ql40xx.sys (QLogic Corporation)
DRV - (UlSata) -- C:\Windows\system32\drivers\ulsata.sys (Promise Technology, Inc.)
DRV - (adpu160m) -- C:\Windows\system32\drivers\adpu160m.sys (Adaptec, Inc.)
DRV - (nvraid) -- C:\Windows\system32\drivers\nvraid.sys (NVIDIA Corporation)
DRV - (nfrd960) -- C:\Windows\system32\drivers\nfrd960.sys (IBM Corporation)
DRV - (iirsp) -- C:\Windows\system32\drivers\iirsp.sys (Intel Corp./ICP vortex GmbH)
DRV - (SiSRaid4) -- C:\Windows\system32\drivers\sisraid4.sys (Silicon Integrated Systems)
DRV - (nvstor) -- C:\Windows\system32\drivers\nvstor.sys (NVIDIA Corporation)
DRV - (aic78xx) -- C:\Windows\system32\drivers\djsvs.sys (Adaptec, Inc.)
DRV - (arcsas) -- C:\Windows\system32\drivers\arcsas.sys (Adaptec, Inc.)
DRV - (LSI_SCSI) -- C:\Windows\system32\drivers\lsi_scsi.sys (LSI Logic)
DRV - (SiSRaid2) -- C:\Windows\system32\drivers\sisraid2.sys (Silicon Integrated Systems Corp.)
DRV - (HpCISSs) -- C:\Windows\system32\drivers\hpcisss.sys (Hewlett-Packard Company)
DRV - (arc) -- C:\Windows\system32\drivers\arc.sys (Adaptec, Inc.)
DRV - (iteraid) -- C:\Windows\system32\drivers\iteraid.sys (Integrated Technology Express, Inc.)
DRV - (iteatapi) -- C:\Windows\system32\drivers\iteatapi.sys (Integrated Technology Express, Inc.)
DRV - (LSI_SAS) -- C:\Windows\system32\drivers\lsi_sas.sys (LSI Logic)
DRV - (Symc8xx) -- C:\Windows\system32\drivers\symc8xx.sys (LSI Logic)
DRV - (LSI_FC) -- C:\Windows\system32\drivers\lsi_fc.sys (LSI Logic)
DRV - (Sym_u3) -- C:\Windows\system32\drivers\sym_u3.sys (LSI Logic)
DRV - (Mraid35x) -- C:\Windows\system32\drivers\mraid35x.sys (LSI Logic Corporation)
DRV - (Sym_hi) -- C:\Windows\system32\drivers\sym_hi.sys (LSI Logic)
DRV - (megasas) -- C:\Windows\system32\drivers\megasas.sys (LSI Logic Corporation)
DRV - (Brserid) Brother MFC-Seriellschnittstellentreiber (WDM) -- C:\Windows\System32\drivers\BrSerId.sys (Brother Industries Ltd.)
DRV - (BrUsbSer) Brother MFC-WDM-Treiber (USB,seriell) -- C:\Windows\System32\drivers\BrUsbSer.sys (Brother Industries Ltd.)
DRV - (BrFiltUp) -- C:\Windows\system32\drivers\brfiltup.sys (Brother Industries, Ltd.)
DRV - (BrFiltLo) -- C:\Windows\system32\drivers\brfiltlo.sys (Brother Industries, Ltd.)
DRV - (BrSerWdm) -- C:\Windows\system32\drivers\brserwdm.sys (Brother Industries Ltd.)
DRV - (BrUsbMdm) -- C:\Windows\system32\drivers\brusbmdm.sys (Brother Industries Ltd.)
DRV - (ntrigdigi) -- C:\Windows\system32\drivers\ntrigdigi.sys (N-trig Innovative Technologies)
DRV - (R300) -- C:\Windows\System32\drivers\atikmdag.sys (ATI Technologies Inc.)
DRV - (e1express) Intel(R) -- C:\Windows\System32\drivers\e1e6032.sys (Intel Corporation)
DRV - (E1G60) Intel(R) -- C:\Windows\System32\drivers\E1G60I32.sys (Intel Corporation)
DRV - (secdrv) -- C:\Windows\System32\drivers\secdrv.sys (Macrovision Corporation, Macrovision Europe Limited, and Macrovision Japan and Asia K.K.)
DRV - (XAudio) -- C:\Windows\System32\drivers\XAudio.sys (Conexant Systems, Inc.)
DRV - (mdmxsdk) -- C:\Windows\System32\drivers\mdmxsdk.sys (Conexant)
 
 
========== Standard Registry (SafeList) ==========
 
 
========== Internet Explorer ==========
 
 
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.google.de/webhp?sourceid=navclient&hl=de&ie=UTF-8
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,StartPageCache = 1
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
FF - HKLM\software\mozilla\Firefox\Extensions\\bkmrksync@nokia.com: C:\Program Files\Nokia\Nokia PC Suite 7\bkmrksync\ [2009.10.31 17:08:01 | 00,000,000 | ---D | M]
 
 
O1 HOSTS File: (761 bytes) - C:\Windows\System32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1       localhost
O1 - Hosts: ::1             localhost
O2 - BHO: (Skype add-on (mastermind)) - {22BF413B-C6D2-4d91-82A9-A0F997BA588C} - C:\Programme\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll (Skype Technologies S.A.)
O2 - BHO: (eBay Toolbar Helper) - {22D8E815-4A5E-4DFB-845E-AAB64207F5BD} - C:\Programme\eBay\eBay Toolbar2\eBayTb.dll (eBay Inc.)
O2 - BHO: (Google Toolbar Helper) - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Programme\Google\Google Toolbar\GoogleToolbar.dll ()
O2 - BHO: (Google Toolbar Notifier BHO) - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Programme\Google\GoogleToolbarNotifier\5.0.926.3450\swg.dll (Google Inc.)
O2 - BHO: (Google Dictionary Compression sdch) - {C84D72FE-E17D-4195-BB24-76C02E2E7C4E} - C:\Programme\Google\Google Toolbar\Component\fastsearch_219B3E1547538286.dll (Google Inc.)
O2 - BHO: (CBrowserHelperObject Object) - {CA6319C0-31B7-401E-A518-A07C3DB8F777} - C:\Programme\Dell\BAE\BAE.dll (Dell Inc.)
O2 - BHO: (Java(tm) Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Programme\Java\jre6\bin\jp2ssv.dll (Sun Microsystems, Inc.)
O3 - HKLM\..\Toolbar: (no name) -  - No CLSID value found.
O3 - HKLM\..\Toolbar: (&Google Toolbar) - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Programme\Google\Google Toolbar\GoogleToolbar.dll ()
O3 - HKLM\..\Toolbar: (eBay Toolbar) - {92085AD4-F48A-450D-BD93-B28CC7DF67CE} - C:\Programme\eBay\eBay Toolbar2\eBayTb.dll (eBay Inc.)
O3 - HKCU\..\Toolbar\WebBrowser: (&Google Toolbar) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - C:\Programme\Google\Google Toolbar\GoogleToolbar.dll ()
O4 - HKLM..\Run: [Apoint] C:\Program Files\DellTPad\Apoint.exe (Alps Electric Co., Ltd.)
O4 - HKLM..\Run: [avgnt] C:\Program Files\Avira\AntiVir Desktop\avgnt.exe (Avira GmbH)
O4 - HKLM..\Run: [dellsupportcenter] C:\Program Files\Dell Support Center\bin\sprtcmd.exe (SupportSoft, Inc.)
O4 - HKLM..\Run: [dscactivate] C:\Program Files\Dell Support Center\gs_agent\custom\dsca.exe ( )
O4 - HKLM..\Run: [eBayToolbar] C:\Program Files\eBay\eBay Toolbar2\eBayTBDaemon.exe (eBay Inc.)
O4 - HKLM..\Run: [IAAnotif] C:\Program Files\Intel\Intel Matrix Storage Manager\Iaanotif.exe (Intel Corporation)
O4 - HKLM..\Run: [IgfxTray] C:\Windows\System32\igfxtray.exe (Intel Corporation)
O4 - HKLM..\Run: [iTunesHelper] C:\Program Files\iTunes\iTunesHelper.exe (Apple Inc.)
O4 - HKLM..\Run: [ Malwarebytes Anti-Malware  (reboot)] C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe (Malwarebytes Corporation)
O4 - HKLM..\Run: [OEM02Mon.exe] C:\Windows\OEM02Mon.exe (Creative Technology Ltd.)
O4 - HKLM..\Run: [QuickTime Task] C:\Program Files\QuickTime\QTTask.exe (Apple Inc.)
O4 - HKLM..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre6\bin\jusched.exe (Sun Microsystems, Inc.)
O4 - HKLM..\Run: [Windows Defender] C:\Program Files\Windows Defender\MSASCui.exe (Microsoft Corporation)
O4 - HKCU..\Run: [DellSupportCenter] C:\Program Files\Dell Support Center\bin\sprtcmd.exe (SupportSoft, Inc.)
O4 - HKCU..\Run: [Skype] C:\Program Files\Skype\Phone\Skype.exe (Skype Technologies S.A.)
O4 - HKCU..\Run: [WMPNSCFG] C:\Programme\Windows Media Player\wmpnscfg.exe (Microsoft Corporation)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: BindDirectlyToPropertySetStorage = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableInstallerDetection = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableLUA = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableSecureUIAPaths = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableVirtualization = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: PromptOnSecureDesktop = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ValidateAdminCodeSignatures = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: scforceoption = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: FilterAdministratorToken = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableLinkedConnections = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableUIADesktopToggle = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\UIPI\Clipboard\ExceptionFormats: CF_TEXT = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\UIPI\Clipboard\ExceptionFormats: CF_BITMAP = 2
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\UIPI\Clipboard\ExceptionFormats: CF_OEMTEXT = 7
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\UIPI\Clipboard\ExceptionFormats: CF_DIB = 8
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\UIPI\Clipboard\ExceptionFormats: CF_PALETTE = 9
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\UIPI\Clipboard\ExceptionFormats: CF_UNICODETEXT = 13
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\UIPI\Clipboard\ExceptionFormats: CF_DIBV5 = 17
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: LinkResolveIgnoreLinkInfo = 1
O8 - Extra context menu item: Bild an &Bluetooth-Gerät senden... - c:\Programme\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm ()
O8 - Extra context menu item: Nach Microsoft E&xel exportieren - C:\Programme\Microsoft Office\Office12\EXCEL.EXE (Microsoft Corporation)
O8 - Extra context menu item: Save YouTube Video as MP3 - C:\Program Files\Common Files\DVDVideoSoft\Dll\IEContextMenuY.dll (DVSTeam)
O8 - Extra context menu item: Seite an &Bluetooth-Gerät senden... - c:\Programme\WIDCOMM\Bluetooth Software\btsendto_ie.htm ()
O8 - Extra context menu item: Suche - C:\Program Files\eBay\eBay Toolbar2\eBayTb.dll (eBay Inc.)
O9 - Extra 'Tools' menuitem : Skype add-on for Internet Explorer - {5067A26B-1337-4436-8AFE-EE169C2DA79F} - C:\Programme\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll (Skype Technologies S.A.)
O9 - Extra Button: Skype - {77BF5300-1474-4EC7-9980-D32B190E9B07} - C:\Programme\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll (Skype Technologies S.A.)
O9 - Extra Button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\Programme\Microsoft Office\Office12\REFIEBAR.DLL (Microsoft Corporation)
O9 - Extra Button: @btrez.dll,-4015 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - c:\Programme\WIDCOMM\Bluetooth Software\btsendto_ie.htm ()
O9 - Extra 'Tools' menuitem : @btrez.dll,-12650 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - c:\Programme\WIDCOMM\Bluetooth Software\btsendto_ie.htm ()
O13 - gopher Prefix: missing
O15 - HKCU\..Trusted Ranges: GD ([http] in Lokales Intranet)
O16 - DPF: {0742B9EF-8C83-41CA-BFBA-830A59E23533} https://oas.support.microsoft.com/ActiveX/MSDcode.cab (Microsoft Data Collection Control)
O16 - DPF: {166B1BCA-3F9C-11CF-8075-444553540000} http://download.macromedia.com/pub/shockwave/cabs/director/sw.cab (Shockwave ActiveX Control)
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} http://download.microsoft.com/download/8/b/d/8bd77752-5704-4d68-a152-f7252adaa4f2/LegitCheckControl.cab (Windows Genuine Advantage Validation Tool)
O16 - DPF: {5727FF4C-EF4E-4d96-A96C-03AD91910448} http://www.srtest.com/srl_bin/sysreqlab_ind.cab (System Requirements Lab Class)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-1_6_0_17-windows-i586.cab (Java Plug-in 1.6.0_17)
O16 - DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} http://fpdownload.macromedia.com/get/flashplayer/current/ultrashim.cab (Reg Error: Key error.)
O16 - DPF: {99FE5072-78AA-4FEE-89BA-69A5FA55343F} http://download.microsoft.com/download/B/3/A/B3A2EA73-793D-4ABE-992D-C81140384044/igdtoolx.cab (IGDTester Class)
O16 - DPF: {C1FDEE68-98D5-4F42-A4DD-D0BECF5077EB} http://tools.ebayimg.com/eps/wl/activex/eBay_Enhanced_Picture_Control_v1-0-27-0.cab (EPUImageControl Class)
O16 - DPF: {CAFEEFAC-0016-0000-0017-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_17-windows-i586.cab (Java Plug-in 1.6.0_17)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_17-windows-i586.cab (Java Plug-in 1.6.0_17)
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab (Shockwave Flash Object)
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab (Reg Error: Key error.)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.44.252
O18 - Protocol\Handler\ms-help {314111c7-a502-11d2-bbca-00c04f8ec294} - C:\Programme\Common Files\microsoft shared\Help\hxds.dll (Microsoft Corporation)
O18 - Protocol\Handler\mso-offdap {3D9F03FA-7A94-11D3-BE81-0050048385D1} - C:\Programme\Common Files\microsoft shared\Web Components\10\OWC10.DLL (Microsoft Corporation)
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Programme\Common Files\Skype\Skype4COM.dll (Skype Technologies)
O18 - Protocol\Filter\text/xml {807563E5-5146-11D5-A672-00B0D022E945} - C:\Programme\Common Files\microsoft shared\OFFICE12\MSOXMLMF.DLL (Microsoft Corporation)
O20 - AppInit_DLLs: (C:\PROGRA~1\Google\GOOGLE~2\GOEC62~1.DLL) - C:\Programme\Google\Google Desktop Search\GoogleDesktopNetwork3.dll (Google)
O20 - AppInit_DLLs: (C:\PROGRA~1\Google\GOOGLE~2\GOEC62~1.DLL) - C:\Programme\Google\Google Desktop Search\GoogleDesktopNetwork3.dll (Google)
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20 - Winlogon\Notify\igfxcui: DllName - igfxdev.dll - C:\Windows\System32\igfxdev.dll (Intel Corporation)
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2006.09.18 22:43:36 | 00,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]
O34 - HKLM BootExecute: (autocheck) -  File not found
O34 - HKLM BootExecute: (*) -  File not found
O35 - comfile [open] -- "%1" %* File not found
O35 - exefile [open] -- "%1" %* File not found

alex1009 · 01.12.2009, 23:37

OTL.Txt

Code:

ATTFilter

========== Files/Folders - Created Within 30 Days ==========
 
[2009.12.01 22:44:09 | 00,411,368 | ---- | C] (Sun Microsystems, Inc.) -- C:\Windows\System32\deploytk.dll
[2009.12.01 22:44:09 | 00,149,280 | ---- | C] (Sun Microsystems, Inc.) -- C:\Windows\System32\javaws.exe
[2009.12.01 22:44:09 | 00,145,184 | ---- | C] (Sun Microsystems, Inc.) -- C:\Windows\System32\javaw.exe
[2009.12.01 22:44:09 | 00,145,184 | ---- | C] (Sun Microsystems, Inc.) -- C:\Windows\System32\java.exe
[2009.12.01 22:37:06 | 16,672,544 | ---- | C] (Sun Microsystems, Inc.) -- C:\Users\Hank\Desktop\jre-6u17-windows-i586.exe
[2009.12.01 22:36:27 | 00,000,000 | ---D | C] -- C:\Users\Hank\.SunDownloadManager
[2009.12.01 19:13:12 | 00,000,000 | ---D | C] -- C:\_OTL
[2009.11.29 12:21:27 | 00,000,000 | ---D | C] -- C:\Programme\trend micro
[2009.11.29 12:21:26 | 00,000,000 | ---D | C] -- C:\rsit
[2009.11.29 11:53:49 | 00,192,512 | ---- | C] (Intel Corporation) -- C:\Windows\System32\igfxres.dll
[2009.11.29 11:53:49 | 00,000,000 | ---D | C] -- C:\Users\Hank\Desktop\Malware
[2009.11.29 09:59:13 | 00,000,000 | ---D | C] -- C:\Users\Hank\AppData\Roaming\Malwarebytes
[2009.11.29 09:59:07 | 00,038,224 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbamswissarmy.sys
[2009.11.29 09:59:05 | 00,019,160 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbam.sys
[2009.11.29 09:59:05 | 00,000,000 | ---D | C] -- C:\Programme\Malwarebytes' Anti-Malware
[2009.11.29 09:59:05 | 00,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes
[2009.11.29 09:46:24 | 00,000,000 | ---D | C] -- C:\Programme\CCleaner
[2009.11.25 03:01:30 | 00,002,048 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\tzres.dll
[2009.11.24 20:12:01 | 00,714,240 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\timedate.cpl
[2009.11.19 20:48:44 | 00,000,000 | ---D | C] -- C:\Programme\Windows Portable Devices
[2009.11.19 20:32:55 | 00,092,672 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\UIAnimation.dll
[2009.11.19 20:32:54 | 03,023,360 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\UIRibbon.dll
[2009.11.19 20:32:54 | 01,164,800 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\UIRibbonRes.dll
[2009.11.19 20:32:20 | 00,369,664 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\WMPhoto.dll
[2009.11.19 20:32:19 | 00,037,888 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\cdd.dll
[2009.11.19 20:32:17 | 00,829,440 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\d3d10warp.dll
[2009.11.19 20:32:16 | 01,554,432 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\xpsservices.dll
[2009.11.19 20:32:16 | 00,974,848 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\WindowsCodecs.dll
[2009.11.19 20:32:16 | 00,847,360 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\OpcServices.dll
[2009.11.19 20:32:16 | 00,828,928 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\d2d1.dll
[2009.11.19 20:32:16 | 00,793,088 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\FntCache.dll
[2009.11.19 20:32:16 | 00,667,648 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\printfilterpipelinesvc.exe
[2009.11.19 20:32:16 | 00,351,232 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\XpsPrint.dll
[2009.11.19 20:32:16 | 00,321,024 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\PhotoMetadataHandler.dll
[2009.11.19 20:32:16 | 00,280,064 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\XpsGdiConverter.dll
[2009.11.19 20:32:16 | 00,252,928 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\dxdiag.exe
[2009.11.19 20:32:16 | 00,195,584 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\dxdiagn.dll
[2009.11.19 20:32:16 | 00,189,440 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\WindowsCodecsExt.dll
[2009.11.19 20:32:16 | 00,135,680 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\XpsRasterService.dll
[2009.11.19 20:32:16 | 00,026,112 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\printfilterpipelineprxy.dll
[2009.11.19 20:32:15 | 01,064,448 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\DWrite.dll
[2009.11.19 20:32:15 | 01,030,144 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\d3d10.dll
[2009.11.19 20:32:15 | 00,519,680 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\d3d11.dll
[2009.11.19 20:32:15 | 00,486,912 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\d3d10level9.dll
[2009.11.19 20:32:15 | 00,481,792 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\dxgi.dll
[2009.11.19 20:32:15 | 00,218,112 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\d3d10_1core.dll
[2009.11.19 20:32:15 | 00,190,464 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\d3d10core.dll
[2009.11.19 20:32:15 | 00,161,280 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\d3d10_1.dll
[2009.11.19 20:31:28 | 00,031,232 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\BthMtpContextHandler.dll
[2009.11.19 20:31:28 | 00,030,208 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\WPDShextAutoplay.exe
[2009.11.19 20:31:23 | 00,060,928 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\PortableDeviceConnectApi.dll
[2009.11.19 20:31:20 | 00,546,816 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\wpd_ci.dll
[2009.11.19 20:31:20 | 00,334,848 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\PortableDeviceApi.dll
[2009.11.19 20:31:20 | 00,226,816 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\WpdMtp.dll
[2009.11.19 20:31:20 | 00,160,256 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\PortableDeviceTypes.dll
[2009.11.19 20:31:20 | 00,100,864 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\PortableDeviceClassExtension.dll
[2009.11.19 20:31:20 | 00,061,952 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\WpdMtpUS.dll
[2009.11.19 20:31:20 | 00,033,280 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\WpdConns.dll
[2009.11.19 20:31:19 | 00,350,208 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\WPDSp.dll
[2009.11.19 20:31:19 | 00,196,608 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\PortableDeviceWMDRM.dll
[2009.11.19 20:29:04 | 00,555,520 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\UIAutomationCore.dll
[2009.11.19 20:29:04 | 00,004,096 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\oleaccrc.dll
[2009.11.14 15:09:20 | 00,000,000 | ---D | C] -- C:\Users\Hank\AppData\Local\Powercinema
[2009.11.11 10:24:33 | 02,036,736 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\win32k.sys
[2009.11.11 10:23:54 | 00,355,328 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\WSDApi.dll
[2009.11.07 08:37:00 | 00,000,000 | ---D | C] -- C:\Programme\iPod
[2009.11.07 08:36:58 | 00,000,000 | ---D | C] -- C:\Programme\iTunes
[2009.11.06 14:01:59 | 00,000,000 | ---D | C] -- C:\Users\Hank\Desktop\Fahrtenbuch
[2009.11.06 13:43:30 | 00,000,000 | ---D | C] -- C:\Users\Hank\Desktop\DATEV
[2009.11.04 17:56:36 | 02,421,760 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\wucltux.dll
[2009.11.04 17:56:36 | 00,044,768 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\wups2.dll
[2009.11.04 17:56:11 | 00,575,704 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\wuapi.dll
[2009.11.04 17:56:11 | 00,087,552 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\wudriver.dll
[2009.11.04 17:56:11 | 00,035,552 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\wups.dll
[2009.11.04 17:55:53 | 00,171,608 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\wuwebv.dll
[2009.11.04 17:55:53 | 00,033,792 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\wuapp.exe
[2009.11.03 19:49:25 | 01,638,912 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mshtml.tlb
 
========== Files - Modified Within 30 Days ==========
 
[2009.12.01 22:49:37 | 04,456,448 | ---- | M] () -- C:\Users\Hank\ntuser.dat
[2009.12.01 22:43:43 | 00,149,280 | ---- | M] (Sun Microsystems, Inc.) -- C:\Windows\System32\javaws.exe
[2009.12.01 22:43:43 | 00,145,184 | ---- | M] (Sun Microsystems, Inc.) -- C:\Windows\System32\javaw.exe
[2009.12.01 22:43:43 | 00,145,184 | ---- | M] (Sun Microsystems, Inc.) -- C:\Windows\System32\java.exe
[2009.12.01 22:43:42 | 00,411,368 | ---- | M] (Sun Microsystems, Inc.) -- C:\Windows\System32\deploytk.dll
[2009.12.01 22:38:18 | 16,672,544 | ---- | M] (Sun Microsystems, Inc.) -- C:\Users\Hank\Desktop\jre-6u17-windows-i586.exe
[2009.12.01 22:22:00 | 00,001,096 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
[2009.12.01 21:57:24 | 00,003,696 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0
[2009.12.01 21:57:24 | 00,003,696 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0
[2009.12.01 19:57:33 | 00,001,092 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
[2009.12.01 19:57:25 | 00,000,006 | -H-- | M] () -- C:\Windows\tasks\SA.DAT
[2009.12.01 19:57:22 | 00,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2009.12.01 19:57:20 | 21,370,42944 | -HS- | M] () -- C:\hiberfil.sys
[2009.12.01 19:56:20 | 00,000,012 | ---- | M] () -- C:\Windows\bthservsdp.dat
[2009.12.01 19:56:15 | 00,524,288 | -HS- | M] () -- C:\Users\Hank\ntuser.dat{24b7e877-803c-11dd-bf0f-001d093f44ce}.TMContainer00000000000000000001.regtrans-ms
[2009.12.01 19:56:15 | 00,065,536 | -HS- | M] () -- C:\Users\Hank\ntuser.dat{24b7e877-803c-11dd-bf0f-001d093f44ce}.TM.blf
[2009.12.01 19:56:09 | 04,468,216 | -H-- | M] () -- C:\Users\Hank\AppData\Local\IconCache.db
[2009.12.01 18:26:23 | 00,002,075 | ---- | M] () -- C:\Users\Public\Desktop\Google Earth.lnk
[2009.12.01 12:57:00 | 00,000,868 | ---- | M] () -- C:\Windows\tasks\Google Software Updater.job
[2009.11.29 21:12:43 | 00,000,000 | ---- | M] () -- C:\Windows\System32\settings.dat
[2009.11.29 12:21:19 | 00,781,909 | ---- | M] () -- C:\Users\Hank\Desktop\RSIT.exe
[2009.11.29 09:59:10 | 00,000,820 | ---- | M] () -- C:\Users\Public\Desktop\Malwarebytes' Anti-Malware.lnk
[2009.11.29 09:46:25 | 00,001,672 | ---- | M] () -- C:\Users\Hank\Desktop\CCleaner.lnk
[2009.11.28 08:52:02 | 00,000,056 | -H-- | M] () -- C:\Windows\System32\ezsidmv.dat
[2009.11.27 16:43:27 | 00,003,808 | ---- | M] () -- C:\Windows\fs1235.dat
[2009.11.21 02:53:34 | 01,593,836 | ---- | M] () -- C:\Windows\System32\PerfStringBackup.INI
[2009.11.21 02:53:34 | 00,685,418 | ---- | M] () -- C:\Windows\System32\perfh007.dat
[2009.11.21 02:53:34 | 00,642,214 | ---- | M] () -- C:\Windows\System32\perfh009.dat
[2009.11.21 02:53:34 | 00,150,882 | ---- | M] () -- C:\Windows\System32\perfc007.dat
[2009.11.21 02:53:34 | 00,122,762 | ---- | M] () -- C:\Windows\System32\perfc009.dat
[2009.11.20 20:37:58 | 00,000,575 | ---- | M] () -- C:\Users\Hank\Desktop\2004_08_07 Grillen zu Hause - Verknüpfung.lnk
[2009.11.20 18:00:44 | 00,015,629 | ---- | M] () -- C:\Users\Hank\Reifen.docx
[2009.11.20 15:33:58 | 00,014,543 | ---- | M] () -- C:\Users\Hank\G Chat.docx
[2009.11.20 12:51:57 | 00,001,217 | ---- | M] () -- C:\Users\Hank\Desktop\Free YouTube to MP3 Converter.lnk
[2009.11.20 12:49:01 | 00,001,034 | ---- | M] () -- C:\Users\Hank\Desktop\DVDVideoSoft Free Studio.lnk
[2009.11.20 08:35:26 | 00,011,961 | ---- | M] () -- C:\Users\Hank\Guido.docx
[2009.11.20 05:54:38 | 00,002,631 | ---- | M] () -- C:\Users\Hank\Desktop\Microsoft Office Word 2007.lnk
[2009.11.19 21:22:34 | 00,001,973 | ---- | M] () -- C:\Users\Public\Desktop\Google Chrome.lnk
[2009.11.19 20:48:30 | 00,000,000 | -H-- | M] () -- C:\Windows\System32\drivers\Msft_User_WpdMtpDr_01_07_00.Wdf
[2009.11.19 20:48:22 | 00,000,000 | -H-- | M] () -- C:\Windows\System32\drivers\Msft_User_WpdFs_01_07_00.Wdf
[2009.11.12 03:24:08 | 00,260,856 | ---- | M] () -- C:\Windows\System32\FNTCACHE.DAT
[2009.11.07 19:35:14 | 00,043,008 | ---- | M] () -- C:\Users\Hank\Desktop\Wein_SA_Markus (Torben).xls
[2009.11.07 19:33:50 | 00,043,008 | ---- | M] () -- C:\Users\Hank\Desktop\Wein_SA_Markus.xls
[2009.11.07 08:37:55 | 00,001,804 | ---- | M] () -- C:\Users\Public\Desktop\iTunes.lnk
[2009.11.02 20:42:06 | 00,195,456 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\MpSigStub.exe
 
========== Files Created - No Company Name ==========
 
[2009.12.01 18:26:23 | 00,002,075 | ---- | C] () -- C:\Users\Public\Desktop\Google Earth.lnk
[2009.11.29 21:12:43 | 00,000,000 | ---- | C] () -- C:\Windows\System32\settings.dat
[2009.11.29 12:20:55 | 00,781,909 | ---- | C] () -- C:\Users\Hank\Desktop\RSIT.exe
[2009.11.29 09:59:10 | 00,000,820 | ---- | C] () -- C:\Users\Public\Desktop\Malwarebytes' Anti-Malware.lnk
[2009.11.29 09:46:25 | 00,001,672 | ---- | C] () -- C:\Users\Hank\Desktop\CCleaner.lnk
[2009.11.28 08:52:02 | 00,000,056 | -H-- | C] () -- C:\Windows\System32\ezsidmv.dat
[2009.11.27 16:37:56 | 00,003,808 | ---- | C] () -- C:\Windows\fs1235.dat
[2009.11.20 20:37:58 | 00,000,575 | ---- | C] () -- C:\Users\Hank\Desktop\2004_08_07 Grillen zu Hause - Verknüpfung.lnk
[2009.11.20 18:00:40 | 00,015,629 | ---- | C] () -- C:\Users\Hank\Reifen.docx
[2009.11.20 15:33:57 | 00,014,543 | ---- | C] () -- C:\Users\Hank\G Chat.docx
[2009.11.20 12:51:57 | 00,001,217 | ---- | C] () -- C:\Users\Hank\Desktop\Free YouTube to MP3 Converter.lnk
[2009.11.20 08:33:30 | 00,011,961 | ---- | C] () -- C:\Users\Hank\Guido.docx
[2009.11.19 20:48:30 | 00,000,000 | -H-- | C] () -- C:\Windows\System32\drivers\Msft_User_WpdMtpDr_01_07_00.Wdf
[2009.11.19 20:48:22 | 00,000,000 | -H-- | C] () -- C:\Windows\System32\drivers\Msft_User_WpdFs_01_07_00.Wdf
[2009.11.07 19:34:29 | 00,043,008 | ---- | C] () -- C:\Users\Hank\Desktop\Wein_SA_Markus (Torben).xls
[2009.11.07 08:37:55 | 00,001,804 | ---- | C] () -- C:\Users\Public\Desktop\iTunes.lnk
[2009.11.06 13:48:03 | 00,043,008 | ---- | C] () -- C:\Users\Hank\Desktop\Wein_SA_Markus.xls
[2009.08.28 21:54:04 | 00,117,248 | ---- | C] () -- C:\Windows\System32\EhStorAuthn.dll
[2009.04.18 18:09:26 | 01,953,696 | ---- | C] () -- C:\Windows\System32\igklg400.dll
[2009.04.18 18:09:26 | 01,533,360 | ---- | C] () -- C:\Windows\System32\igklg450.dll
[2009.04.18 18:09:26 | 00,147,456 | ---- | C] () -- C:\Windows\System32\igfxCoIn_v1409.dll
[2009.04.18 18:09:26 | 00,104,636 | ---- | C] () -- C:\Windows\System32\igmedcompkrn.dll
[2009.04.08 13:51:00 | 00,000,021 | ---- | C] () -- C:\Windows\DvInesKurusOleServer003.INI
[2009.02.11 22:00:42 | 00,000,074 | ---- | C] () -- C:\Windows\tm.ini
[2009.01.17 13:18:37 | 00,087,552 | ---- | C] () -- C:\Windows\System32\cpwmon2k.dll
[2008.09.14 13:00:43 | 00,210,944 | ---- | C] () -- C:\Windows\System32\MSVCRT10.DLL
[2008.04.09 14:47:35 | 00,000,027 | ---- | C] () -- C:\Windows\VIPZKA.INI
[2008.04.09 14:02:24 | 00,000,151 | ---- | C] () -- C:\Windows\ODBC.INI
[2008.04.09 13:51:45 | 00,014,616 | ---- | C] () -- C:\Windows\System32\skypdfmonpro.dll
[2008.04.09 13:51:45 | 00,012,568 | ---- | C] () -- C:\Windows\System32\skypdfmonuipro.dll
[2008.04.09 13:19:35 | 00,000,092 | ---- | C] () -- C:\Users\Hank\AppData\Local\fusioncache.dat
[2008.04.09 13:00:56 | 00,000,021 | ---- | C] () -- C:\Windows\DvInesKurusOleServer002.INI
[2008.04.09 12:57:30 | 00,000,103 | ---- | C] () -- C:\Windows\dvinesinstalllocation001.INI
[2008.04.09 12:57:28 | 00,000,103 | ---- | C] () -- C:\Windows\dvinesinstart001.INI
[2008.04.09 12:55:00 | 00,000,021 | ---- | C] () -- C:\Windows\Startup.INI
[2008.04.03 14:57:52 | 00,116,224 | ---- | C] () -- C:\Windows\System32\redmonnt.dll
[2008.03.21 07:57:08 | 00,054,784 | ---- | C] () -- C:\Users\Hank\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2008.03.19 04:08:37 | 00,910,304 | ---- | C] () -- C:\Windows\System32\igmedkrn.dll
[2008.03.19 04:08:37 | 00,204,800 | ---- | C] () -- C:\Windows\System32\igfxCoIn_v1253.dll
[2008.03.19 04:08:35 | 00,004,608 | ---- | C] () -- C:\Windows\System32\HdmiCoin.dll
[2008.03.19 04:08:34 | 00,016,480 | ---- | C] () -- C:\Windows\System32\rixdicon.dll
[2007.07.25 17:40:02 | 00,999,424 | ---- | C] () -- C:\Windows\System32\WLIHVUI.dll
[2006.11.03 18:25:56 | 00,389,120 | ---- | C] () -- C:\Windows\System32\btwhidcs.dll
[2006.11.02 13:35:32 | 00,005,632 | ---- | C] () -- C:\Windows\System32\sysprepMCE.dll
[2006.11.02 11:25:44 | 00,159,744 | ---- | C] () -- C:\Windows\System32\atitmmxx.dll
[2006.11.02 08:40:29 | 00,013,750 | ---- | C] () -- C:\Windows\System32\pacerprf.ini
[2001.11.14 13:56:00 | 01,802,240 | ---- | C] () -- C:\Windows\System32\lcppn21.dll
[1999.01.19 14:18:30 | 00,110,080 | ---- | C] () -- C:\Windows\System32\LFPNG60N.DLL
[1999.01.19 14:18:30 | 00,046,080 | ---- | C] () -- C:\Windows\System32\LFTIF60N.DLL
[1999.01.19 14:18:30 | 00,043,008 | ---- | C] () -- C:\Windows\System32\LTFIL60N.DLL
[1999.01.19 14:18:30 | 00,020,480 | ---- | C] () -- C:\Windows\System32\LFPSD60N.DLL
[1999.01.19 14:18:30 | 00,019,968 | ---- | C] () -- C:\Windows\System32\LFTGA60N.DLL
[1999.01.19 14:18:30 | 00,019,456 | ---- | C] () -- C:\Windows\System32\LFWPG60N.DLL
[1999.01.19 14:18:30 | 00,019,456 | ---- | C] () -- C:\Windows\System32\LFWMF60N.DLL
[1999.01.19 14:18:28 | 00,176,128 | ---- | C] () -- C:\Windows\System32\LFFAX60N.DLL
[1999.01.19 14:18:28 | 00,141,824 | ---- | C] () -- C:\Windows\System32\LFCMP60N.DLL
[1999.01.19 14:18:28 | 00,023,552 | ---- | C] () -- C:\Windows\System32\LFPCX60N.DLL
[1999.01.19 14:18:28 | 00,022,528 | ---- | C] () -- C:\Windows\System32\LFPCT60N.DLL
[1999.01.19 14:18:28 | 00,022,528 | ---- | C] () -- C:\Windows\System32\LFEPS60N.DLL
[1999.01.19 14:18:28 | 00,022,016 | ---- | C] () -- C:\Windows\System32\LFBMP60N.DLL
[1999.01.19 14:18:28 | 00,018,432 | ---- | C] () -- C:\Windows\System32\LFMSP60N.DLL
[1999.01.19 14:18:28 | 00,017,920 | ---- | C] () -- C:\Windows\System32\LFMAC60N.DLL
[1995.02.14 23:11:00 | 00,017,920 | ---- | C] () -- C:\Windows\System32\IMPLODE.DLL
< End of report >

alex1009 · 01.12.2009, 23:39

Extras.Txt

Code:

ATTFilter

OTL Extras logfile created on: 01.12.2009 22:48:52 - Run 2
OTL by OldTimer - Version 3.1.11.2     Folder = C:\Users\Hank\Downloads\OTL
Windows Vista Home Premium Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18828)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
 
1,99 Gb Total Physical Memory | 1,08 Gb Available Physical Memory | 54,03% Memory free
4,00 Gb Paging File | 2,91 Gb Available in Paging File | 72,85% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 220,29 Gb Total Space | 100,43 Gb Free Space | 45,59% Space Free | Partition Type: NTFS
Drive D: | 10,00 Gb Total Space | 5,39 Gb Free Space | 53,94% Space Free | Partition Type: NTFS
Drive E: | 1,57 Gb Total Space | 0,00 Gb Free Space | 0,00% Space Free | Partition Type: UDF
F: Drive not present or media not loaded
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded
 
Computer Name: HANK-LAPTOP
Current User Name: Hank
Logged in as Administrator.
 
Current Boot Mode: Normal
Scan Mode: Current user
Company Name Whitelist: Off
Skip Microsoft Files: Off
File Age = 30 Days
Output = Minimal
 
========== Extra Registry (SafeList) ==========
 
 
========== File Associations ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.chm [@ = chm.file] -- "%SystemRoot%\hh.exe" %1
.cpl [@ = cplfile] -- C:\Windows\System32\control.exe (Microsoft Corporation)
.hlp [@ = hlpfile] -- C:\Windows\winhlp32.exe (Microsoft Corporation)
.html [@ = htmlfile] -- C:\Program Files\Internet Explorer\IEXPLORE.EXE (Microsoft Corporation)
 
========== Shell Spawning ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %* File not found
chm.file [open] -- "%SystemRoot%\hh.exe" %1 File not found
cmdfile [open] -- "%1" %* File not found
comfile [open] -- "%1" %* File not found
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %* File not found
helpfile [open] -- Reg Error: Key error.
hlpfile [open] -- %SystemRoot%\winhlp32.exe %1 (Microsoft Corporation)
htmlfile [edit] -- "C:\Program Files\Microsoft Office\Office12\msohtmed.exe" %1 (Microsoft Corporation)
htmlfile [open] -- "C:\Program Files\Internet Explorer\IEXPLORE.EXE" -nohome (Microsoft Corporation)
htmlfile [opennew] -- "C:\Program Files\Internet Explorer\IEXPLORE.EXE" %1 (Microsoft Corporation)
htmlfile [print] -- "C:\Program Files\Microsoft Office\Office12\msohtmed.exe" /p %1 (Microsoft Corporation)
http [open] -- "C:\Program Files\Internet Explorer\IEXPLORE.EXE" -nohome (Microsoft Corporation)
https [open] -- "C:\Program Files\Internet Explorer\IEXPLORE.EXE" -nohome (Microsoft Corporation)
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
piffile [open] -- "%1" %* File not found
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1" File not found
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l (Microsoft Corporation)
scrfile [open] -- "%1" /S File not found
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1 File not found
Directory [Browse with &IrfanView] -- "C:\Program Files\IrfanView\i_view32.exe" "%1 /thumbs" (Irfan Skiljan)
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe /separate,/idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /separate,/e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Applications\iexplore.exe [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
CLSID\{871C5380-42A0-1069-A2EA-08002B30309D} [OpenHomePage] -- "C:\Program Files\Internet Explorer\iexplore.exe" (Microsoft Corporation)
 
========== Security Center Settings ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeAntiSpyware]
"DisableMonitoring" = 1
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"AntiVirusOverride" = 1
"AntiSpywareOverride" = 0
"FirewallOverride" = 0
"VistaSp1" = Reg Error: Unknown registry data type -- File not found
"VistaSp2" = Reg Error: Unknown registry data type -- File not found
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
 
========== Authorized Applications List ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]
"C:\DATEV\PROGRAMM\Numzus\NumZus.exe" = C:\DATEV\PROGRAMM\NUMZUS\NumZus.exe:*:Enabled:NumZus.exe -- (DATEV eG)
"C:\DATEV\SYSTEM\DvpExe.exe" = C:\DATEV\SYSTEM\DvpExe.exe:*:Enabled:DvpExe.exe -- (DATEV eG)
"C:\DATEV\SYSTEM\DcomSrv.exe" = C:\DATEV\SYSTEM\DcomSrv.exe:*:Enabled:DcomSrv.exe -- (DATEV eG)
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
"C:\DATEV\PROGRAMM\Numzus\NumZus.exe" = C:\DATEV\PROGRAMM\NUMZUS\NumZus.exe:*:Enabled:NumZus.exe -- (DATEV eG)
"C:\DATEV\SYSTEM\DvpExe.exe" = C:\DATEV\SYSTEM\DvpExe.exe:*:Enabled:DvpExe.exe -- (DATEV eG)
"C:\DATEV\SYSTEM\DcomSrv.exe" = C:\DATEV\SYSTEM\DcomSrv.exe:*:Enabled:DcomSrv.exe -- (DATEV eG)
 
 
========== Vista Active Open Ports Exception List ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{1458A39F-1388-4478-A330-61F59569A725}" = rport=137 | protocol=17 | dir=out | app=system | 
"{2361DE85-CBE5-4EB2-B111-241D9AA3623C}" = rport=139 | protocol=6 | dir=out | app=system | 
"{29C8941B-AF0B-46E2-B274-0E202A5016F0}" = rport=138 | protocol=17 | dir=out | app=system | 
"{30A1414A-25AC-43A7-BFDE-A16F2000D67F}" = lport=139 | protocol=6 | dir=in | app=system | 
"{77115824-BF2C-4923-932F-01484D00A8B2}" = lport=445 | protocol=6 | dir=in | app=system | 
"{819AFB05-6F1A-46A5-BA64-1AC53F2E69AB}" = lport=137 | protocol=17 | dir=in | app=system | 
"{838D9611-A199-4575-AB7C-6473C55DDCBF}" = lport=rpc | protocol=6 | dir=in | svc=spooler | app=%systemroot%\system32\spoolsv.exe | 
"{9D840014-B65B-4221-8041-72C5BFD50BB1}" = lport=138 | protocol=17 | dir=in | app=system | 
"{C2EC00FB-A3DC-47D5-B127-D649999F4680}" = rport=445 | protocol=6 | dir=out | app=system | 
"{C2ED6DAE-2585-4830-87B3-1AE951491AFC}" = lport=rpc-epmap | protocol=6 | dir=in | svc=rpcss | name=@firewallapi.dll,-28539 | 
"{CCB7B3FD-AF9E-4D7B-A704-82C05B923963}" = lport=58432 | protocol=6 | dir=in | app=c:\datev\programm\sws\limaservice.exe | 
"{D49E382B-39F2-4C8C-AC73-245CC334C1ED}" = lport=6004 | protocol=17 | dir=in | app=c:\program files\microsoft office\office12\outlook.exe | 
 
========== Vista Active Application Exception List ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{17E1D9BD-B7C5-4CB3-95CB-2C16AF9D53AC}" = protocol=6 | dir=in | app=c:\program files\itunes\itunes.exe | 
"{264B9AA1-0007-42E9-84C8-0E7207A3FAA7}" = protocol=6 | dir=in | app=c:\program files\itunes\itunes.exe | 
"{324A2A75-55E4-4CB0-AF46-8B93CB396BE9}" = protocol=6 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe | 
"{5C5C0E29-B67D-497C-ACD2-85A263D7FB0D}" = protocol=1 | dir=in | name=@firewallapi.dll,-28543 | 
"{5FF1682B-1DF6-4249-9914-7955695DD49E}" = dir=in | app=c:\program files\dell\mediadirect\kernel\dms\clmsservice.exe | 
"{608A9508-C752-4339-8983-423B733EDAEC}" = dir=in | app=c:\program files\skype\phone\skype.exe | 
"{61F30E5F-6544-4529-ABD9-13B26CEC092F}" = dir=in | app=c:\program files\dell\mediadirect\pcmservice.exe | 
"{70848236-7DB5-41B1-90B5-AA5B0E2763C3}" = protocol=58 | dir=out | name=@firewallapi.dll,-28546 | 
"{74613DA4-878D-4AD9-9978-98FEB921C33C}" = protocol=58 | dir=in | name=@firewallapi.dll,-28545 | 
"{79CEE58E-A87D-4449-B653-E4F4A535ACB6}" = protocol=17 | dir=in | app=c:\program files\itunes\itunes.exe | 
"{B7E62A9E-E5C2-4D44-AFAE-E88E11911025}" = protocol=1 | dir=out | name=@firewallapi.dll,-28544 | 
"{C3237EB0-3AFB-4ECA-8954-4C254CFC826A}" = protocol=17 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe | 
"{C4CB6E0B-A5ED-44FB-8A81-D87983859E9A}" = dir=in | app=c:\program files\dell\mediadirect\mediadirect.exe | 
"{CC2816EA-2A06-475E-BCB6-E9E4BD3056BB}" = protocol=17 | dir=in | app=c:\program files\itunes\itunes.exe | 
"{F0E99A04-E310-492B-8989-32AA484495AE}" = dir=in | app=c:\program files\dell\mediadirect\kernel\dmp\clbrowserengine.exe | 
"TCP Query User{01AE5334-2C22-4BFD-9868-FDE13458D679}C:\program files\real\realplayer\realplay.exe" = protocol=6 | dir=in | app=c:\program files\real\realplayer\realplay.exe | 
"TCP Query User{370867B2-19CC-4C99-872F-F97DA885364A}C:\kav\kav7.0\german\setup.exe" = protocol=6 | dir=in | app=c:\kav\kav7.0\german\setup.exe | 
"TCP Query User{56CF7609-5D1A-4A71-AE47-FDBCC7399012}C:\program files\common files\nokia\service layer\a\nsl_host_process.exe" = protocol=6 | dir=in | app=c:\program files\common files\nokia\service layer\a\nsl_host_process.exe | 
"TCP Query User{7887ACD1-5393-488F-9FF3-C4A1432E627B}C:\program files\internet explorer\iexplore.exe" = protocol=6 | dir=in | app=c:\program files\internet explorer\iexplore.exe | 
"TCP Query User{895AC4C8-10D4-4738-92D6-EF25573C2D02}C:\program files\nokia\nokia software updater\nsu_ui_client.exe" = protocol=6 | dir=in | app=c:\program files\nokia\nokia software updater\nsu_ui_client.exe | 
"TCP Query User{AE6419EA-E917-4DCA-8F6C-604B9A135F87}C:\program files\nokia\nokia software updater\nsu_ui_client.exe" = protocol=6 | dir=in | app=c:\program files\nokia\nokia software updater\nsu_ui_client.exe | 
"TCP Query User{B0CAD2F2-CDA2-4CEB-83CF-BD663812DE4C}C:\programdata\kaspersky lab setup files\kaspersky anti-virus 7.0.1.325\german\setup.exe" = protocol=6 | dir=in | app=c:\programdata\kaspersky lab setup files\kaspersky anti-virus 7.0.1.325\german\setup.exe | 
"TCP Query User{D7C3E385-4E8E-46D6-ACD0-449668D304A4}C:\program files\internet explorer\iexplore.exe" = protocol=6 | dir=in | app=c:\program files\internet explorer\iexplore.exe | 
"TCP Query User{E09527AC-7CDE-44CD-B354-DCA54255B17A}C:\program files\common files\nokia\service layer\a\nsl_host_process.exe" = protocol=6 | dir=in | app=c:\program files\common files\nokia\service layer\a\nsl_host_process.exe | 
"UDP Query User{0EBCC307-6292-4DDF-8CFB-4535EDCB4274}C:\programdata\kaspersky lab setup files\kaspersky anti-virus 7.0.1.325\german\setup.exe" = protocol=17 | dir=in | app=c:\programdata\kaspersky lab setup files\kaspersky anti-virus 7.0.1.325\german\setup.exe | 
"UDP Query User{35D65E36-4E4F-4AB0-B2DD-B0B9FFED91C9}C:\kav\kav7.0\german\setup.exe" = protocol=17 | dir=in | app=c:\kav\kav7.0\german\setup.exe | 
"UDP Query User{42607AD6-1774-4E09-BB47-D48F6F4AEB74}C:\program files\common files\nokia\service layer\a\nsl_host_process.exe" = protocol=17 | dir=in | app=c:\program files\common files\nokia\service layer\a\nsl_host_process.exe | 
"UDP Query User{578267D6-CB91-4303-84FF-6A3B784A71D7}C:\program files\nokia\nokia software updater\nsu_ui_client.exe" = protocol=17 | dir=in | app=c:\program files\nokia\nokia software updater\nsu_ui_client.exe | 
"UDP Query User{79440668-2BAD-4F05-A51E-95EB40FB8A90}C:\program files\internet explorer\iexplore.exe" = protocol=17 | dir=in | app=c:\program files\internet explorer\iexplore.exe | 
"UDP Query User{8F658A50-E3A7-4746-A15E-8B29A77430CC}C:\program files\internet explorer\iexplore.exe" = protocol=17 | dir=in | app=c:\program files\internet explorer\iexplore.exe | 
"UDP Query User{A2D6C540-D2ED-4A82-A207-C972BE831336}C:\program files\real\realplayer\realplay.exe" = protocol=17 | dir=in | app=c:\program files\real\realplayer\realplay.exe | 
"UDP Query User{BD7E1CCE-4D18-481B-95C0-3F9CD6350A97}C:\program files\nokia\nokia software updater\nsu_ui_client.exe" = protocol=17 | dir=in | app=c:\program files\nokia\nokia software updater\nsu_ui_client.exe | 
"UDP Query User{D1F0182D-8F63-4943-B728-BC873842DF89}C:\program files\common files\nokia\service layer\a\nsl_host_process.exe" = protocol=17 | dir=in | app=c:\program files\common files\nokia\service layer\a\nsl_host_process.exe | 
 
========== HKEY_LOCAL_MACHINE Uninstall List ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{002D9D5E-29BA-3E6D-9BC4-3D7D6DBC735C}" = Microsoft Visual C++ 2008 ATL Update kb973924 - x86 9.0.30729.4148
"{028ED9C4-25EE-4DEE-9CF4-91034BC89B18}" = Microsoft SQL Server 2005 Express Edition (DATEV_CL_DE01)
"{052FDD78-A6EA-3187-8386-C82F4CA3A929}" = Microsoft .NET Framework 3.5 Language Pack SP1 - deu
"{07629207-FAA0-4F1A-8092-BF5085BE511F}" = Unterstützungsdateien für das Microsoft SQL Server-Setup (Englisch)
"{0881ECE5-DCA1-462D-B515-F1732875EC74}" = DATEV Infragistics Runtime V.3.2
"{08E81ABD-79F7-49C2-881F-FD6CB0975693}" = Roxio Creator Data
"{09760D42-E223-42AD-8C3E-55B47D0DDAC3}" = Roxio Creator DE
"{0C973594-7DDF-4BD0-84ED-3517F7622037}" = PC Connectivity Solution
"{0D410F4D-9009-43F8-9DF1-BDADCE7FC43F}" = AAVUpdateManager
"{1D5E29AD-39A9-4D0A-A8B6-46A6FCD8C995}" = Live! Cam Avatar
"{1F54DAFA-9261-4A62-B59D-6C9F26B48FE4}" = Roxio Creator Tools
"{212748BB-0DA5-46DE-82A1-403736DC9F27}" = MSVC80_x86
"{2318C2B1-4965-11d4-9B18-009027A5CD4F}" = Google Toolbar for Internet Explorer
"{26A24AE4-039D-4CA4-87B4-2F83216017FF}" = Java(TM) 6 Update 17
"{30465B6C-B53F-49A1-9EBA-A3F187AD502E}" = Roxio Update Manager
"{3D39E775-DDDA-4327-B747-0BDC5F191331}" = Nokia PC Suite
"{3DB5FD00-BB93-4AF3-B925-77DAA0E4E2F4}" = eBay Toolbar
"{3F92ABBB-6BBF-11D5-B229-002078017FBF}" = NetWaiting
"{4B6AD248-D3BF-426A-8D64-847288154F13}" = QuickSet
"{4C911A61-39EA-41CC-AB3C-FE3BFFDB5F78}" = Nokia Software Updater
"{50120000-1105-0000-0000-0000000FF1CE}" = Microsoft Office 2007 Primary Interop Assemblies
"{52D02A2B-03D2-4E34-A358-DC5D951FD296}" = Nokia Connectivity Cable Driver
"{541DEAC0-5F3D-45E6-B7CB-94ECF3B96748}" = Skype web features
"{59F6A514-9813-47A3-948C-8A155460CC2A}" = RICOH R5C83x/84x Flash Media Controller Driver Ver.3.51.01
"{5CD29180-A95E-11D3-A4EB-00C04F7BDB2C}" = Benutzerhandbuch
"{62230596-37E5-4618-A329-0D21F529A86F}" = Browser Address Error Redirector
"{63DB9CCD-2B56-4217-9A3D-507AC78320CA}" = mWMI
"{65D0C510-D7B6-4438-9FC8-E6B91115AB0D}" = Live! Cam Avatar Creator
"{6675CA7F-E51B-4F6A-99D4-F8F0124C6EAA}" = Roxio Express Labeler 3
"{6956856F-B6B3-4BE0-BA0B-8F495BE32033}" = Apple Software Update
"{6DA9102E-199F-43A0-A36B-6EF48081A658}" = Systemsteuerung "MobileMe"
"{735DEB9C-61BD-4D31-994B-92395BBB4E45}" = Microsoft XML Parser
"{73A4F29F-31AC-4EBD-AA1B-0CC5F18C8F83}" = Roxio Creator Audio
"{770657D0-A123-3C07-8E44-1C83EC895118}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
"{7E265513-8CDA-4631-B696-F40D983F3B07}_is1" = CDBurnerXP
"{7E3F4E29-823B-440A-9219-011452AAE502}" = Steuerprogramm2009
"{7FB12670-0F93-4E1E-B2F5-4F339199A03A}" = Microsoft SQL Server Native Client
"{837b34e3-7c30-493c-8f6a-2b0f04e2912c}" = Microsoft Visual C++ 2005 Redistributable
"{849A32C3-E75A-4791-9B11-E568BA3525A4}" = Microsoft SQL Server VSS Writer
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{8B928BA1-EDEC-4227-A2DA-DD83026C36F5}" = mPfMgr
"{8C6BB412-D3A8-4AAE-A01B-35B681789D68}" = mHelp
"{90120000-0016-0407-0000-0000000FF1CE}" = Microsoft Office Excel MUI (German) 2007
"{90120000-0016-0407-0000-0000000FF1CE}_BASICR_{9BD40163-B95D-4B07-8991-0AB775B6D88B}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-001A-0407-0000-0000000FF1CE}" = Microsoft Office Outlook MUI (German) 2007
"{90120000-001A-0407-0000-0000000FF1CE}_BASICR_{9BD40163-B95D-4B07-8991-0AB775B6D88B}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-001B-0407-0000-0000000FF1CE}" = Microsoft Office Word MUI (German) 2007
"{90120000-001B-0407-0000-0000000FF1CE}_BASICR_{9BD40163-B95D-4B07-8991-0AB775B6D88B}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-001F-0407-0000-0000000FF1CE}" = Microsoft Office Proof (German) 2007
"{90120000-001F-0407-0000-0000000FF1CE}_BASICR_{A0516415-ED61-419A-981D-93596DA74165}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2007
"{90120000-001F-0409-0000-0000000FF1CE}_BASICR_{ABDDE972-355B-4AF1-89A8-DA50B7B5C045}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2007
"{90120000-001F-040C-0000-0000000FF1CE}_BASICR_{F580DDD5-8D37-4998-968E-EBB76BB86787}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-001F-0410-0000-0000000FF1CE}" = Microsoft Office Proof (Italian) 2007
"{90120000-001F-0410-0000-0000000FF1CE}_BASICR_{322296D4-1EAE-4030-9FBC-D2787EB25FA2}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-002C-0407-0000-0000000FF1CE}" = Microsoft Office Proofing (German) 2007
"{90120000-006E-0407-0000-0000000FF1CE}" = Microsoft Office Shared MUI (German) 2007
"{90120000-006E-0407-0000-0000000FF1CE}_BASICR_{26454C26-D259-4543-AA60-3189E09C5F76}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-00B2-0407-0000-0000000FF1CE}" = Microsoft – Speichern als PDF oder XPS – Add-In für 2007 Microsoft Office-Programme
"{901C0407-6000-11D3-8CFE-0050048383C9}" = Microsoft Access 2002 Runtime
"{9068B2BE-D93A-4C0A-861C-5E35E2C0E09E}" = Intel(R) Matrix Storage Manager
"{9074AFC0-CFDA-11DE-B484-005056806466}" = Google Earth
"{91120000-0013-0000-0000-0000000FF1CE}" = Microsoft Office Basic 2007
"{91120000-0013-0000-0000-0000000FF1CE}_BASICR_{0B36C6D6-F5D8-4EAF-BF94-4376A230AD5B}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{91120000-0013-0000-0000-0000000FF1CE}_BASICR_{3D019598-7B59-447A-80AE-815B703B84FF}" = Security Update for Microsoft Office system 2007 (972581)
"{95120000-00AF-0407-0000-0000000FF1CE}" = Microsoft Office PowerPoint Viewer 2007 (German)
"{95120000-00AF-0409-0000-0000000FF1CE}" = Microsoft Office PowerPoint Viewer 2007 (English)
"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
"{9BDEF074-020E-458D-ADC5-8FF68E0C9B56}" = OutlookAddinSetup
"{9C6978E8-B6D0-4AB7-A7A0-D81A74FBF745}" = MediaDirect
"{9F72EF8B-AEC9-4CA5-B483-143980AFD6FD}" = Dell Touchpad
"{A13E07E1-A423-44FB-9DEE-B24C75C1BAF2}" = WIDCOMM Bluetooth Software 6.0.1.3100
"{A429C2AE-EBF1-4F81-A221-1C115CAADDAD}" = QuickTime
"{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper
"{AADEA55D-C834-4BCB-98A3-4B8D1C18F4EE}" = Apple Mobile Device Support
"{AC76BA86-7AD7-5464-3428-900000000004}" = Spelling Dictionaries Support For Adobe Reader 9
"{B480BD2A-F1BA-4FE6-8C8E-34C6111B72C9}" = ElsterFormular 2007/2008
"{B607C354-CD79-4D22-86D1-92DC94153F42}" = Apple Application Support
"{B6A26DE5-F2B5-4D58-9570-4FC760E00FCD}" = Roxio Creator Copy
"{BBE67B86-FCD7-4D3C-8B00-063DEAD8E30C}" = Steuer-Spar-Erklärung 2008
"{CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}" = Microsoft .NET Framework 1.1
"{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1
"{D103C4BA-F905-437A-8049-DB24763BBE36}" = Skype™ 4.1
"{D1A74FBB-CA8D-4CCA-9B89-BAAA436DB178}" = iTunes
"{E3BFEE55-39E2-4BE0-B966-89FE583822C1}" = Dell Support Center (Support Software)
"{E5BD02EF-36F1-478F-88B2-D3990C62C2CB}" = SQLXML4
"{E646DCF0-5A68-11D5-B229-002078017FBF}" = Digital Line Detect
"{E78BFA60-5393-4C38-82AB-E8019E464EB4}" = Microsoft .NET Framework 1.1 German Language Pack
"{ED439A64-F018-4DD4-8BA5-328D85AB09AB}" = Roxio Creator DE
"{F0BFC7EF-9CF8-44EE-91B0-158884CD87C5}" = mMHouse
"{F5D7FAB5-A1FD-4DD3-983E-4155B09D7102}" = mCore
"{F63A3748-B93D-4360-9AD4-B064481A5C7B}" = Modem-Diagnose-Tool
"{FD023F61-65E9-465C-B558-7C64EB2B97E6}" = Dell Handbuch zum Einstieg
"504244733D18C8F63FF584AEB290E3904E791693" = Windows-Treiberpaket - Nokia pccsmcfd  (08/22/2008 7.0.0.0)
"Adobe Flash Player ActiveX" = Adobe Flash Player 10 ActiveX
"Adobe Shockwave Player" = Adobe Shockwave Player
"Advanced Audio FX Engine" = Advanced Audio FX Engine
"Advanced Video FX Engine" = Advanced Video FX Engine
"AFPL Ghostscript 8.54" = AFPL Ghostscript 8.54
"AFPL Ghostscript Fonts" = AFPL Ghostscript Fonts
"Ashampoo Cover Studio 2_is1" = Ashampoo Cover Studio 2.01
"Audacity 1.3 Beta (Unicode)_is1" = Audacity 1.3.8 (Unicode)
"Avira AntiVir Desktop" = Avira AntiVir Personal - Free Antivirus
"AXIS Media Control Embedded" = AXIS Media Control Embedded
"BASICR" = Microsoft Office Basic 2007
"CCleaner" = CCleaner
"CDCover" = CDCover Cover Druckprogramm von Ulf Kiener Version 2.6
"CdCoverCreator" = CdCoverCreator 2.5.2
"CNXT_MODEM_HDAUDIO_VEN_14F1&DEV_2C06&SUBSYS_14F1000F" = Conexant HDA D330 MDC V.92 Modem
"Cool Edit Pro 2.0" = Cool Edit Pro 2.0
"Creative OEM002" = Laptop Integrated Webcam Driver (1.04.01.1011)  
"CutePDF Writer Installation" = CutePDF Writer 2.7
"DATEVB00000482.0" = DATEV Installation V.2.71
"Dell Webcam Center" = Dell Webcam Center
"Dell Webcam Manager" = Dell Webcam Manager
"E8A6D621B6D3FC5D43C68C549D959DE76EEF5D84" = Windows-Treiberpaket - Nokia Modem  (06/01/2009 4.1)
"F779F5541ABD99C95C03B0FD5E3C058B22DA0FF7" = Windows-Treiberpaket - Nokia Modem  (06/01/2009 7.01.0.3)
"Free Audio CD Burner_is1" = Free Audio CD Burner version 1.2
"Free Studio_is1" = Free Studio version 4.2
"Free YouTube to MP3 Converter_is1" = Free YouTube to MP3 Converter version 3.2
"FreePDF_XP" = FreePDF XP (Remove only)
"Google Chrome" = Google Chrome
"Google Desktop" = Google Desktop
"Google Updater" = Google Updater
"HDMI" = Intel(R) Graphics Media Accelerator Driver
"HijackThis" = HijackThis 2.0.2
"IrfanView" = IrfanView (remove only)
"LAME for Audacity_is1" = LAME v3.98.2 for Audacity
"LearnLincClient" = Dialogseminar online
"lgx4.lgx.server" = G DATA Logox4 Speechengine
"Malwarebytes' Anti-Malware_is1" = Malwarebytes' Anti-Malware
"Microsoft .NET Framework 1.1  (1033)" = Microsoft .NET Framework 1.1
"Microsoft .NET Framework 3.5 Language Pack SP1 - deu" = Microsoft .NET Framework 3.5 Language Pack SP1 - DEU
"Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1
"Microsoft SQL Server 2005" = Microsoft SQL Server 2005
"Nokia PC Suite" = Nokia PC Suite
"ProInst" = Intel(R) PROSet/Wireless Software
"RealPlayer 6.0" = RealPlayer
"Redirection Port Monitor" = RedMon - Redirection Port Monitor
"SystemRequirementsLab" = System Requirements Lab
"Uninstall_is1" = Uninstall 1.0.0.1

alex1009 · 01.12.2009, 23:44

Extras.Txt

Code:

ATTFilter

 
========== Last 10 Event Log Errors ==========
 
[ Application Events ]
Error - 02.06.2009 16:19:56 | Computer Name = Hank-Laptop | Source = Windows Search Service | ID = 3013
Description = 
 
Error - 02.06.2009 16:19:56 | Computer Name = Hank-Laptop | Source = Windows Search Service | ID = 3013
Description = 
 
Error - 02.06.2009 16:19:56 | Computer Name = Hank-Laptop | Source = Windows Search Service | ID = 3013
Description = 
 
Error - 02.06.2009 16:19:56 | Computer Name = Hank-Laptop | Source = Windows Search Service | ID = 3013
Description = 
 
Error - 02.06.2009 16:19:56 | Computer Name = Hank-Laptop | Source = Windows Search Service | ID = 3013
Description = 
 
Error - 02.06.2009 16:19:56 | Computer Name = Hank-Laptop | Source = Windows Search Service | ID = 3013
Description = 
 
Error - 02.06.2009 16:19:56 | Computer Name = Hank-Laptop | Source = Windows Search Service | ID = 3013
Description = 
 
Error - 02.06.2009 16:19:56 | Computer Name = Hank-Laptop | Source = Windows Search Service | ID = 3013
Description = 
 
Error - 02.06.2009 16:19:56 | Computer Name = Hank-Laptop | Source = Windows Search Service | ID = 3013
Description = 
 
Error - 04.06.2009 18:13:22 | Computer Name = Hank-Laptop | Source = Microsoft-Windows-CAPI2 | ID = 131083
Description = 
 
[ Media Center Events ]
Error - 17.04.2008 06:09:29 | Computer Name = Hank-Laptop | Source = MCUpdate | ID = 0
Description = DownloadPackgeTask.SubTasksComplete: Download von Paket MCESpotlight
 gescheitert.
 
[ ODiag Events ]
Error - 26.03.2008 09:38:35 | Computer Name = Hank-Laptop | Source = Microsoft Office 12 Diagnostics | ID = 320
Description = An unexpected error occurred. Tag: 2t0e. Error code: N/A
 
[ OSession Events ]
Error - 03.04.2008 10:34:24 | Computer Name = Hank-Laptop | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 6, Application Name: Microsoft Office Outlook, Application Version:
 12.0.6300.5000, Microsoft Office Version: 12.0.6215.1000. This session lasted 161
 seconds with 0 seconds of active time.  This session ended with a crash.
 
Error - 07.12.2008 16:31:26 | Computer Name = Hank-Laptop | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 1, Application Name: Microsoft Office Excel, Application Version:
 12.0.6324.5001, Microsoft Office Version: 12.0.6215.1000. This session lasted 21073
 seconds with 10380 seconds of active time.  This session ended with a crash.
 
Error - 06.01.2009 10:00:15 | Computer Name = Hank-Laptop | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 1, Application Name: Microsoft Office Excel, Application Version:
 12.0.6331.5000, Microsoft Office Version: 12.0.6215.1000. This session lasted 4604
 seconds with 1380 seconds of active time.  This session ended with a crash.
 
Error - 22.06.2009 08:13:35 | Computer Name = Hank-Laptop | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 6, Application Name: Microsoft Office Outlook, Application Version:
 12.0.6504.5000, Microsoft Office Version: 12.0.6215.1000. This session lasted 5
 seconds with 0 seconds of active time.  This session ended with a crash.
 
Error - 25.06.2009 16:32:03 | Computer Name = Hank-Laptop | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 6, Application Name: Microsoft Office Outlook, Application Version:
 12.0.6504.5000, Microsoft Office Version: 12.0.6215.1000. This session lasted 7
 seconds with 0 seconds of active time.  This session ended with a crash.
 
[ System Events ]
Error - 23.08.2009 11:53:24 | Computer Name = Hank-Laptop | Source = HTTP | ID = 15016
Description = 
 
Error - 23.08.2009 11:54:39 | Computer Name = Hank-Laptop | Source = Service Control Manager | ID = 7000
Description = 
 
Error - 23.08.2009 11:54:39 | Computer Name = Hank-Laptop | Source = Service Control Manager | ID = 7000
Description = 
 
Error - 23.08.2009 11:59:21 | Computer Name = Hank-Laptop | Source = Service Control Manager | ID = 7022
Description = 
 
Error - 23.08.2009 14:44:51 | Computer Name = Hank-Laptop | Source = Server | ID = 2505
Description = Aufgrund eines doppelten Netzwerknamens konnte zu der Transportschicht
 \Device\NetbiosSmb vom Serverdienst nicht gebunden werden. Der Serverdienst konnte
 nicht gestartet werden.
 
Error - 24.08.2009 02:55:00 | Computer Name = Hank-Laptop | Source = DCOM | ID = 10016
Description = 
 
Error - 25.08.2009 13:59:45 | Computer Name = Hank-Laptop | Source = HTTP | ID = 15016
Description = 
 
Error - 25.08.2009 14:00:43 | Computer Name = Hank-Laptop | Source = Service Control Manager | ID = 7000
Description = 
 
Error - 25.08.2009 14:00:43 | Computer Name = Hank-Laptop | Source = Service Control Manager | ID = 7000
Description = 
 
Error - 26.08.2009 13:43:04 | Computer Name = Hank-Laptop | Source = Service Control Manager | ID = 7011
Description = 
 
 
< End of report >

... ich hoffe, dass ich jetzt alles richtig gemacht habe

TuneUp hab ich auf Grund deines Hinweises deinstalliert. Hast du mir eine andere Empfehlung?

... weißt du vielleicht auch noch eine Lösung für mein Problem, mit dem stetig aufblinkenden "Hardware sicher entfernen"-Symbol? Es weder ein USB-Stick o.ä. angschlossen noch wird in dem Feld etwas angezeigt!

Grüße, Alex

Larusso · 02.12.2009, 00:10

schritt 1

CCleaner installieren und einstellen

CCleaner ist ein Bereinigungstool, welches für Windows 98/NT4/ME/2000/XP/2003/Vista geeignet ist.
CCleaner löscht unnötige Dateien und säubert die Registrierung.
Falls Du die aktuelle Version: 2.25.1025 schon hast, kannst Du den Download und die Installation natürlich überspringen.
CCleaner (Slim ohne Toolbar) herunterladen und installieren.
CCleaner starten und => unter options settings => german einstellen.
Gehe auf den Button links oben "Cleaner" => Reiter "Windows"
setze Häkchen wie folgt:
alle außer "Eingabefeld Verlauf" und bei
Erweitert nur ein Häkchen bei "Alte Prefetchdaten" und "Benutzerdefinierte Dateien und Ordner".
Wechsel zum Reiter "Anwendungen",
dort alle Häkchen setzen außer bei Firefox/Mozilla (falls vorhanden) "Gespeicherte Formulardaten".

Bestimmte Cookies von der Bereinigung ausschließen

Einstellungen => Cookies => Cookies, die Du behalten möchtest, mit dem Pfeilbutton in der Mitte nach rechts befördern. Auf diese Weise ist gesichert, dass wichtige Cookies bei der Bereinigung mit CCleaner nicht verloren gehen.

Temporäre Dateien und zusätzliche Ordner bereinigen lassen

Bitte sorgfältig darauf achten, dass die richtigen Ordner hinzugefügt werden!
Einstellungen => Benutzerdefiniert => Zu bereinigende Dateien und Ordner => Ordner hinzufügen =>

Bei WinXP

Code:

ATTFilter

C:\Dokumente und Einstellungen\Administrator\Lokale Einstellungen\Temp\*.* (falls vorhanden)
C:\Dokumente und Einstellungen\Default User\Lokale Einstellungen\Temp\*.*
C:\Dokumente und Einstellungen\DeinBenutzername\Lokale Einstellungen\Temp\*.*
C:\Windows\Temp\*.*

Bei Win Vista

Code:

ATTFilter

C:\Users\<DeinBenutzername>\AppData\Local\Temp\*.*
C:\Users\Default\AppData\Local\Temp\*.*
C:\Windows\Temp\*.*

Solltest Du die Ordner nicht finden, überprüfe, ob folgende Einstellungen zum Sichtbarmachen von Systemordnern und -Dateien richtig gesetzt sind.
Anstelle von "DeinBenutzername" nimmst Du den Usernamen, mit welchem Du Dich auf Deinem Rechner einloggst.

Starte nun die Bereinigung, indem Du auf den Button "Analysieren" klickst. Wenn die Analyse fertig ist, klicke auf den Button "Starte CCleaner". Achte hier mal darauf, wie viele MB bei der Bereinigung entfernt wurden und teile uns das mit.

Registry mit CCleaner bereinigen

Gehe links auf den Button "Einstellungen" und kontrolliere, ob bei "Erweitert" ein Haken bei "Zeige Aufforderung für ein Backup der Registry" vorhanden ist, falls nicht, bitte anhaken. Zur Registry-Bereinigung klicke links auf "Registry", setze alle Häkchen und starte die Suche unten mit dem Button "nach Fehlern suchen". Die gefundenen Fehler kannst Du durch den Button "Fehler beheben" entfernen lassen. Diesen Vorgang wiederholen, bis keine Fehler mehr gefunden werden. Den Rechner neu starten. Teile uns hier mit, wie viele Fehler bereinigt wurden.

schritt 2

ESET Online Scanner
- Unterstützte Betriebssysteme: Microsoft Windows 98/ME/NT 4.0/2000/XP und Windows Vista
- Anmerkung für Vista-User: Bitte den Browser unbedingt als Administrator starten.
- Dein Anti-Virus-Programm während des Scans deaktivieren.
- Button "ESET Online Scanner" drücken.
- Firefox-User müssen ein zusätzliches Addon (esetsmartinstaller_enu.exe) installieren.
- Das Firefox-Addon auf dem Desktop speichern und dann installieren.
- IE-User müssen das Installieren eines ActiveX Elements erlauben.
- Einen Haken bei "Remove found threads" und "Scan archives" machen.
- Start drücken.
- Signaturen werden heruntergeladen.
- Der Scan beginnt automatisch.
- Finish drücken.
- Browser schließen.
- Explorer öffnen.
- C:\Programme\Eset\EsetOnlineScanner\log.txt suchen und mit Deinem Editor öffnen.
- Logfile hier posten.
- Deinstallation: Systemsteuerung => Software => Eset Online Scanner V3 entfernen.
- Manuell folgenden Ordner löschen und Papierkorb leeren => C:\Programme\Eset
- IE-User zusätzlich: mit HJT folgenden Eintrag fixen:
- O16 - DPF: {7530BFB8-7293-4D34-9923-61A11451AFC5} (OnlineScanner Control)

Schritt 3

Schliesse alle laufenden Programme. Starte HJT --> do a systemscan and save a Logfile --> Poste mir die Logfile

Bitte poste in Deiner nächsten Antwort
Log von ESET
HJT Logfile
Berichte wie der Rechner läuft

alex1009 · 02.12.2009, 20:20

hallo daniel,

ich kann folgendes bei CCleaner nicht finden

Starte nun die Bereinigung, indem Du auf den Button "Analysieren" klickst. Wenn die Analyse fertig ist, klicke auf den Button "Starte CCleaner". Achte hier mal darauf, wie viele MB bei der Bereinigung entfernt wurden und teile uns das mit.

Die Ordner hab ich hinzugefügt, aber ich sehe keinen Button "Analysieren"???!!

alex1009 · 02.12.2009, 20:23

die Version von Cleaner, welche ich vorgestern installiert habe ist 2.26.1050, also nicht die selbe wie du schreibst. fehlt bei mir vielleicht deswegen der Analysieren Button?

alex1009 · 02.12.2009, 20:38

ich hab's, Analysieren war unter dem Register Cleaner und ich war noch auf Einstellungen -> Benutzerdefiniert

Es wurden 26,4 MB entfernt und 4 Fehler behoben

Larusso · 02.12.2009, 21:55

Das Tool wird ständig aktualisiert. Ich bin nicht immer ganz so schnell um mir die neuen Versionen anzusehen

HJT Logfile bitte und berichte wie der Rechner läuft.

WORM/Koobface.cc u.a. gefunden

Log-Analyse und Auswertung: WORM/Koobface.cc u.a. gefunden