| |
| |||||||
Log-Analyse und Auswertung: Windows/Browser ProblemeWindows 7 Wenn Du Dir einen Trojaner eingefangen hast oder ständig Viren Warnungen bekommst, kannst Du hier die Logs unserer Diagnose Tools zwecks Auswertung durch unsere Experten posten. Um Viren und Trojaner entfernen zu können, muss das infizierte System zuerst untersucht werden: Erste Schritte zur Hilfe. Beachte dass ein infiziertes System nicht vertrauenswürdig ist und bis zur vollständigen Entfernung der Malware nicht verwendet werden sollte.XML. |
 |
02.05.2010, 11:55
| #1 |
| |  Windows/Browser Probleme Hallo, mein Computer verhält sich seid meiner Abwesenheit ziemlich merkwürdig. Problem 1: Firefox: Es wird in regelmäßigen abständen (~15 Minuten) ein Tab automatisch geöffnet, der Werbung und unter Umständen auch wahrscheinlich Viren enthält. Problem 2: Hat man Windows längere Zeit laufen, so verschwindet plötzlich das Vista Design - und alles sieht dann nach dem Sandfarbenen Windwos Classic Design aus. Problem 3: Der Google Chrome Browser lässt sich zwar öffnen, er ladet aber keine Seiten mehr. (Proxy Einstellungen wurden überprüft). Ich habe einen Antivirenscan mit AVG 9 ausgeführt. Dieser hat folgendes gefunden und entfernt: Code:
ATTFilter "C:\Users\***\AppData\Local\Mozilla\Firefox\Profiles\57xf2nqy.profile\Cache\26BB0292d01";"Virus gefunden: JS/Obfuscated";"In Virenquarantäne verschoben"
Trotz meiner zahlreichen Versuche, konnte ich das Problem nicht beheben. Deswegen wende ich mich nun an euch Experten. HiJackThis v2.0.2 Log: Code:
ATTFilter Logfile of Trend Micro HijackThis v2.0.2 Scan saved at 12:06:57, on 02.05.2010 Platform: Windows Vista SP2 (WinNT 6.00.1906) MSIE: Internet Explorer v7.00 (7.00.6002.18005) Boot mode: Normal Running processes: C:\Windows\system32\Dwm.exe C:\Windows\Explorer.EXE C:\Windows\system32\taskeng.exe C:\Program Files\TortoiseSVN\bin\TSVNCache.exe C:\Program Files\HomeCinema\Power2Go\CLMLSvc.exe C:\Program Files\Realtek\Audio\HDA\RtHDVCpl.exe C:\Program Files\PC Tools Firewall Plus\FirewallGUI.exe C:\Program Files\AVG\AVG9\avgtray.exe C:\Program Files\Common Files\Hewlett-Packard\HP Device Communication Services\AppInterfaces\HPDeviceService.exe C:\Program Files\Hp\HP Software Update\hpwuSchd2.exe C:\Windows\ehome\ehtray.exe C:\Users\Berger\AppData\Local\Autobahn\mlb-nexdef-autobahn.exe C:\Program Files\Common Files\Hewlett-Packard\HP Device Communication Services\AppInterfaces\HPDeviceHost.exe C:\Windows\ehome\ehmsas.exe C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\MOM.exe C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CCC.exe C:\Windows\System32\mobsync.exe C:\Program Files\Windows Media Player\wmpnscfg.exe C:\Program Files\Trend Micro\HijackThis\HijackThis.exe R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://search.qip.ru R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = hxxp://search.qip.ru R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = hxxp://search.qip.ru/ie R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.telekom.at/suche R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://google.at/ R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://www.hofer.at/ R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = hxxp://go.microsoft.com/fwlink/?LinkId=54896 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://go.microsoft.com/fwlink/?LinkId=54896 R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://go.microsoft.com/fwlink/?LinkId=69157 R1 - HKCU\Software\Microsoft\Internet Explorer\Search,SearchAssistant = hxxp://search.qip.ru/ie R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch = R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = Root: HKCU; Subkey: Software\Microsoft\Internet Explorer\SearchUrl; ValueType: string; ValueName: '; ValueData: '; Flags: createvalueifdoesntexist noerror; Tasks: AddSearchQip R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Telekom Austria TA AG R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = R3 - URLSearchHook: QIPBHO Class - {A55F9C95-2BB1-4EA2-BC77-DFAAB78832CE} - C:\Users\Berger\AppData\Roaming\Microsoft\Internet Explorer\qipsearchbar.dll R3 - URLSearchHook: (no name) - - (no file) O1 - Hosts: ::1 localhost O2 - BHO: (no name) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - (no file) O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll O2 - BHO: WormRadar.com IESiteBlocker.NavFilter - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files\AVG\AVG9\avgssie.dll O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\PROGRA~1\MI1933~1\Office12\GRA8E1~1.DLL O2 - BHO: Windows Live Anmelde-Hilfsprogramm - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll O2 - BHO: QIPBHO - {A55F9C95-2BB1-4EA2-BC77-DFAAB78832CE} - C:\Users\Berger\AppData\Roaming\Microsoft\Internet Explorer\qipsearchbar.dll O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll O2 - BHO: Hotspot Shield Class - {F9E4A054-E9B1-4BC3-83A3-76A1AE736170} - C:\Program Files\Hotspot Shield\hssie\HssIE.dll O4 - HKLM\..\Run: [Windows Defender] %ProgramFiles%\Windows Defender\MSASCui.exe -hide O4 - HKLM\..\Run: [CLMLServer] "C:\Program Files\HomeCinema\Power2Go\CLMLSvc.exe" O4 - HKLM\..\Run: [StartCCC] "C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" MSRun O4 - HKLM\..\Run: [RtHDVCpl] C:\Program Files\Realtek\Audio\HDA\RtHDVCpl.exe O4 - HKLM\..\Run: [00PCTFW] "C:\Program Files\PC Tools Firewall Plus\FirewallGUI.exe" -s O4 - HKLM\..\Run: [AVG9_TRAY] C:\PROGRA~1\AVG\AVG9\avgtray.exe O4 - HKLM\..\Run: [KnexStarter] C:\Program Files\Common Files\Hewlett-Packard\HP Device Communication Services\Appinterfaces\HPDeviceService.exe O4 - HKLM\..\Run: [RunTasktray] "C:\Program Files\Hewlett-Packard\HP Easy Printer Care\HPPRun.exe" --regkeypath=Software\Hewlett-Packard\HP Easy Printer Care\HPPRun --valuename=InstallTTM O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\Hp\HP Software Update\HPWuSchd2.exe O4 - HKCU\..\Run: [ehTray.exe] C:\Windows\ehome\ehTray.exe O4 - HKCU\..\Run: [Google Update] "C:\Users\Berger\AppData\Local\Google\Update\GoogleUpdate.exe" /c O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'LOKALER DIENST') O4 - HKUS\S-1-5-19\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter (User 'LOKALER DIENST') O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'NETZWERKDIENST') O4 - Startup: Dropbox.lnk = C:\Users\Berger\AppData\Roaming\Dropbox\bin\Dropbox.exe O4 - Startup: MLB.TV NexDef Plug-in.lnk = C:\Users\Berger\AppData\Local\Autobahn\mlb-nexdef-autobahn.exe O4 - Global Startup: Microtek Scanner Finder.lnk = C:\Program Files\Microtek\ScanWizard 5\ScannerFinder.exe O8 - Extra context menu item: Nach Microsoft E&xel exportieren - res://C:\PROGRA~1\MI1933~1\Office12\EXCEL.EXE/3000 O9 - Extra button: eBay - Der weltweite Online-Marktplatz - {0B65DCC9-1740-43dc-B19C-4F309FB6A6CA} - hxxp://rover.ebay.com/rover/1/5221-29898-17534-1/4 (file missing) O9 - Extra 'Tools' menuitem: eBay - {0B65DCC9-1740-43dc-B19C-4F309FB6A6CA} - hxxp://rover.ebay.com/rover/1/5221-29898-17534-1/4 (file missing) O9 - Extra button: In Blog veröffentlichen - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll O9 - Extra 'Tools' menuitem: In Windows Live Writer in Blog veröffentliche&n - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll O9 - Extra button: An OneNote senden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MI1933~1\Office12\ONBttnIE.dll O9 - Extra 'Tools' menuitem: An OneNote s&enden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MI1933~1\Office12\ONBttnIE.dll O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MI1933~1\Office12\REFIEBAR.DLL O9 - Extra button: eBay - Der weltweite Online-Marktplatz - {0B65DCC9-1740-43dc-B19C-4F309FB6A6CA} - hxxp://rover.ebay.com/rover/1/5221-29898-17534-1/4 (file missing) (HKCU) O9 - Extra 'Tools' menuitem: eBay - {0B65DCC9-1740-43dc-B19C-4F309FB6A6CA} - hxxp://rover.ebay.com/rover/1/5221-29898-17534-1/4 (file missing) (HKCU) O9 - Extra button: QIP 2005 - {1EF681F7-A04B-4D6D-9012-A307CCA55610} - C:\Program Files\QIP\qip.exe (HKCU) O10 - Unknown file in Winsock LSP: c:\program files\vmware\vmware player\vsocklib.dll O10 - Unknown file in Winsock LSP: c:\program files\vmware\vmware player\vsocklib.dll O13 - Gopher Prefix: O15 - Trusted Zone: hxxp://*.hp.com (HKLM) O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\PROGRA~1\MI1933~1\Office12\GR99D3~1.DLL O18 - Protocol: HPDCS - {BA135F49-A12C-4E26-A2C4-6EA945999072} - C:\Program Files\Common Files\Hewlett-Packard\HP Device Communication Services\APP\hpdcsapp.dll O18 - Protocol: hppfile - {C4E2084B-ED27-4893-A43D-488CA3F370E2} - C:\Program Files\Hewlett-Packard\HP Easy Printer Care\HPPCtrls.dll O18 - Protocol: hppsam - {C4E2084B-ED27-4893-A43D-488CA3F370E2} - C:\Program Files\Hewlett-Packard\HP Easy Printer Care\HPPCtrls.dll O18 - Protocol: hppzip - {C4E2084B-ED27-4893-A43D-488CA3F370E2} - C:\Program Files\Hewlett-Packard\HP Easy Printer Care\HPPCtrls.dll O18 - Protocol: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG9\avgpp.dll O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL O20 - AppInit_DLLs: avgrsstx.dll O23 - Service: AMD External Events Utility - AMD - C:\Windows\system32\atiesrxx.exe O23 - Service: AVG Free WatchDog (avg9wd) - AVG Technologies CZ, s.r.o. - C:\Program Files\AVG\AVG9\avgwdsvc.exe O23 - Service: Hotspot Shield Service (HotspotShieldService) - Unknown owner - C:\Program Files\Hotspot Shield\bin\openvpnas.exe O23 - Service: Hotspot Shield Routing Service (HssSrv) - AnchorFree Inc. - C:\Program Files\Hotspot Shield\HssWPR\hsssrv.exe O23 - Service: Hotspot Shield Tray Service (HssTrayService) - Unknown owner - C:\Program Files\Hotspot Shield\bin\HssTrayService.EXE O23 - Service: Hotspot Shield Monitoring Service (HssWd) - Unknown owner - C:\Program Files\Hotspot Shield\bin\hsswd.exe O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe O23 - Service: Lavasoft Ad-Aware Service - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe O23 - Service: MySQL - Unknown owner - C:\Program.exe (file missing) O23 - Service: PC Tools Firewall Plus (PCToolsFirewallPlus) - PC Tools - C:\Program Files\PC Tools Firewall Plus\FWService.exe O23 - Service: Sandboxie Service (SbieSvc) - tzuk - C:\Program Files\Sandboxie\SbieSvc.exe O23 - Service: SBSD Security Center Service (SBSDWSCService) - Safer Networking Ltd. - C:\Program Files\Spybot - Search & Destroy\SDWinSec.exe O23 - Service: ServiceLayer - Nokia - C:\Program Files\PC Connectivity Solution\ServiceLayer.exe O23 - Service: SpeedTouch 330 Manager (st330service) - THOMSON Telecom Belgium - C:\Program Files/Thomson/ST330/service/st330service.exe O23 - Service: VMware Agent Service (ufad-ws60) - VMware, Inc. - C:\Program Files\VMware\VMware Player\vmware-ufad.exe O23 - Service: VMware Authorization Service (VMAuthdService) - VMware, Inc. - C:\Program Files\VMware\VMware Player\vmware-authd.exe O23 - Service: VMware DHCP Service (VMnetDHCP) - VMware, Inc. - C:\Windows\system32\vmnetdhcp.exe O23 - Service: VMware USB Arbitration Service (VMUSBArbService) - VMware, Inc. - C:\Program Files\Common Files\VMware\USB\vmware-usbarbitrator.exe O23 - Service: VMware NAT Service - VMware, Inc. - C:\Windows\system32\vmnat.exe -- End of file - 10782 bytes Leider konnte ich in der Log nicht wirklich etwas verdächtiges auffinden - aber das hat nichts zu bedeuten, da ich mich nicht allzu gut darin auskenne  Ich hoffe das ihr mir da weiterhelfen könnt und danke euch im Vorraus! Danke und LG, Networx |
|
03.05.2010, 18:31
| #2 |
| /// Winkelfunktion /// TB-Süch-Tiger™   | Windows/Browser Probleme Hallo und
__________________ bitte nen Vollscan mit Malwarebytes machen und Log posten. Danach OTL: Systemscan mit OTL Lade Dir bitte OTL von Oldtimer herunter und speichere es auf Deinem Desktop
__________________ |
|
07.05.2010, 18:15
| #3 |
| | Windows/Browser Probleme Hallo!
__________________Danke für deine Antwort. Hier die gewünschten Log Files: Code:
ATTFilter Malwarebytes' Anti-Malware 1.46
www.malwarebytes.org
Datenbank Version: 4075
Windows 6.0.6002 Service Pack 2
Internet Explorer 7.0.6002.18005
07.05.2010 18:39:43
mbam-log-2010-05-07 (18-39-43).txt
Art des Suchlaufs: Quick-Scan
Durchsuchte Objekte: 134301
Laufzeit: 7 Minute(n), 45 Sekunde(n)
Infizierte Speicherprozesse: 0
Infizierte Speichermodule: 0
Infizierte Registrierungsschlüssel: 0
Infizierte Registrierungswerte: 0
Infizierte Dateiobjekte der Registrierung: 0
Infizierte Verzeichnisse: 0
Infizierte Dateien: 0
Infizierte Speicherprozesse:
(Keine bösartigen Objekte gefunden)
Infizierte Speichermodule:
(Keine bösartigen Objekte gefunden)
Infizierte Registrierungsschlüssel:
(Keine bösartigen Objekte gefunden)
Infizierte Registrierungswerte:
(Keine bösartigen Objekte gefunden)
Infizierte Dateiobjekte der Registrierung:
(Keine bösartigen Objekte gefunden)
Infizierte Verzeichnisse:
(Keine bösartigen Objekte gefunden)
Infizierte Dateien:
(Keine bösartigen Objekte gefunden)
Code:
ATTFilter OTL logfile created on: 07.05.2010 18:43:19 - Run 1 OTL by OldTimer - Version 3.2.4.1 Folder = C:\Users\...\Downloads Windows Vista Home Premium Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation Internet Explorer (Version = 7.0.6002.18005) Locale: 00000C07 | Country: Deutschland | Language: DEA | Date Format: dd.MM.yyyy 3,00 Gb Total Physical Memory | 2,00 Gb Available Physical Memory | 55,00% Memory free 7,00 Gb Paging File | 5,00 Gb Available in Paging File | 73,00% Paging File free Paging file location(s): ?:\pagefile.sys [binary data] %SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files Drive C: | 576,17 Gb Total Space | 22,17 Gb Free Space | 3,85% Space Free | Partition Type: NTFS Drive D: | 19,99 Gb Total Space | 8,88 Gb Free Space | 44,39% Space Free | Partition Type: FAT32 E: Drive not present or media not loaded F: Drive not present or media not loaded G: Drive not present or media not loaded Drive H: | 14,37 Mb Total Space | 0,00 Mb Free Space | 0,00% Space Free | Partition Type: CDFS I: Drive not present or media not loaded Computer Name: XXXX-PC Current User Name: XXXX Logged in as Administrator. Current Boot Mode: Normal Scan Mode: Current user Company Name Whitelist: Off Skip Microsoft Files: Off File Age = 30 Days Output = Minimal ========== Processes (SafeList) ========== PRC - C:\Users\...\Downloads\OTL.exe (OldTimer Tools) PRC - C:\Programme\Malwarebytes' Anti-Malware\mbam.exe (Malwarebytes Corporation) PRC - C:\Programme\AVG\AVG9\avgtray.exe (AVG Technologies CZ, s.r.o.) PRC - C:\Programme\AVG\AVG9\avgnsx.exe (AVG Technologies CZ, s.r.o.) PRC - C:\Programme\Mozilla Firefox\firefox.exe (Mozilla Corporation) PRC - C:\Programme\AVG\AVG9\avgchsvx.exe (AVG Technologies CZ, s.r.o.) PRC - C:\Users\...\AppData\Local\Autobahn\mlb-nexdef-autobahn.exe () PRC - C:\Programme\AVG\AVG9\avgrsx.exe (AVG Technologies CZ, s.r.o.) PRC - C:\Programme\AVG\AVG9\avgwdsvc.exe (AVG Technologies CZ, s.r.o.) PRC - C:\Programme\AVG\AVG9\avgcsrvx.exe (AVG Technologies CZ, s.r.o.) PRC - C:\Users\...\AppData\Roaming\Dropbox\bin\Dropbox.exe () PRC - C:\Programme\PC Tools Firewall Plus\FirewallGUI.exe (PC Tools) PRC - C:\Programme\Hotspot Shield\bin\openvpnas.exe () PRC - C:\Programme\Hotspot Shield\bin\hsswd.exe () PRC - C:\Programme\Hotspot Shield\HssWPR\hsssrv.exe (AnchorFree Inc.) PRC - C:\Programme\PC Tools Firewall Plus\FWService.exe (PC Tools) PRC - C:\Windows\System32\vmnat.exe (VMware, Inc.) PRC - C:\Programme\VMware\VMware Player\vmware-authd.exe (VMware, Inc.) PRC - C:\Windows\System32\vmnetdhcp.exe (VMware, Inc.) PRC - C:\Programme\Common Files\VMware\USB\vmware-usbarbitrator.exe (VMware, Inc.) PRC - C:\Programme\TortoiseSVN\bin\TSVNCache.exe (hxxp://tortoisesvn.net) PRC - C:\Programme\Thomson\ST330\service\st330service.exe (THOMSON Telecom Belgium) PRC - C:\Programme\Notepad++\notepad++.exe (Don HO don.h@free.fr) PRC - C:\Programme\Sandboxie\SbieSvc.exe (tzuk) PRC - C:\Windows\System32\atieclxx.exe (AMD) PRC - C:\Windows\System32\atiesrxx.exe (AMD) PRC - C:\Windows\explorer.exe (Microsoft Corporation) PRC - C:\Programme\Hewlett-Packard\HP Easy Printer Care\HPPRun.exe (Hewlett-Packard Company) PRC - C:\Programme\Common Files\Hewlett-Packard\HP Device Communication Services\AppInterfaces\HPDeviceService.exe (Hewlett-Packard Company) PRC - C:\Programme\Common Files\Hewlett-Packard\HP Device Communication Services\AppInterfaces\HPDeviceHost.exe (Hewlett-Packard Company) PRC - C:\Programme\Spybot - Search & Destroy\SDWinSec.exe (Safer Networking Ltd.) PRC - C:\Programme\Realtek\Audio\HDA\RtHDVCpl.exe (Realtek Semiconductor) PRC - C:\Programme\HomeCinema\Power2Go\CLMLSvc.exe (CyberLink) PRC - C:\Programme\Windows Media Player\wmpnetwk.exe (Microsoft Corporation) PRC - C:\Programme\Windows Media Player\wmpnscfg.exe (Microsoft Corporation) PRC - C:\Windows\StiD1690.exe () PRC - C:\Programme\Microsoft SQL Server\90\Shared\sqlwriter.exe (Microsoft Corporation) PRC - C:\Programme\Microsoft SQL Server\MSSQL.1\MSSQL\Binn\sqlservr.exe (Microsoft Corporation) PRC - C:\Programme\Microtek\ScanWizard 5\ScannerFinder.exe () ========== Modules (SafeList) ========== MOD - C:\Users\...\Downloads\OTL.exe (OldTimer Tools) MOD - C:\Windows\System32\avgrsstx.dll (AVG Technologies CZ, s.r.o.) MOD - C:\Windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.6002.18005_none_5cb72f96088b0de0\comctl32.dll (Microsoft Corporation) MOD - C:\Windows\System32\msscript.ocx (Microsoft Corporation) ========== Win32 Services (SafeList) ========== SRV - (Lavasoft Ad-Aware Service) -- C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe (Lavasoft) SRV - (avg9wd) -- C:\Program Files\AVG\AVG9\avgwdsvc.exe (AVG Technologies CZ, s.r.o.) SRV - (ServiceLayer) -- C:\Program Files\PC Connectivity Solution\ServiceLayer.exe (Nokia) SRV - (HssTrayService) -- C:\Programme\Hotspot Shield\bin\HssTrayService.exe () SRV - (HotspotShieldService) -- C:\Programme\Hotspot Shield\bin\openvpnas.exe () SRV - (HssWd) -- C:\Programme\Hotspot Shield\bin\hsswd.exe () SRV - (HssSrv) -- C:\Programme\Hotspot Shield\HssWPR\hsssrv.exe (AnchorFree Inc.) SRV - (TuneUp.Defrag) -- C:\Programme\TuneUp Utilities 2010\TuneUpDefragService.exe (TuneUp Software) SRV - (TuneUp.UtilitiesSvc) -- C:\Program Files\TuneUp Utilities 2010\TuneUpUtilitiesService32.exe (TuneUp Software) SRV - (UxTuneUp) -- C:\Windows\System32\uxtuneup.dll (TuneUp Software) SRV - (PCToolsFirewallPlus) -- C:\Programme\PC Tools Firewall Plus\FWService.exe (PC Tools) SRV - (VMware NAT Service) -- C:\Windows\System32\vmnat.exe (VMware, Inc.) SRV - (VMAuthdService) -- C:\Program Files\VMware\VMware Player\vmware-authd.exe (VMware, Inc.) SRV - (VMnetDHCP) -- C:\Windows\System32\vmnetdhcp.exe (VMware, Inc.) SRV - (VMUSBArbService) -- C:\Programme\Common Files\VMware\USB\vmware-usbarbitrator.exe (VMware, Inc.) SRV - (ufad-ws60) -- C:\Program Files\VMware\VMware Player\vmware-ufad.exe (VMware, Inc.) SRV - (FLEXnet Licensing Service) -- C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe (Acresso Software Inc.) SRV - (st330service) -- C:\Program Files\Thomson\ST330\service\st330service.exe (THOMSON Telecom Belgium) SRV - (SbieSvc) -- C:\Program Files\Sandboxie\SbieSvc.exe (tzuk) SRV - (AMD External Events Utility) -- C:\Windows\System32\atiesrxx.exe (AMD) SRV - (SBSDWSCService) -- C:\Programme\Spybot - Search & Destroy\SDWinSec.exe (Safer Networking Ltd.) SRV - (YahooAUService) -- C:\Program Files\Yahoo!\SoftwareUpdate\YahooAUService.exe (Yahoo! Inc.) SRV - (WinDefend) -- C:\Programme\Windows Defender\MpSvc.dll (Microsoft Corporation) SRV - (WcesComm) -- C:\Windows\WindowsMobile\wcescomm.dll (Microsoft Corporation) SRV - (RapiMgr) -- C:\Windows\WindowsMobile\rapimgr.dll (Microsoft Corporation) SRV - (SQLWriter) -- C:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe (Microsoft Corporation) SRV - (MSSQL$SENT4EXPRESS) SQL Server (SENT4EXPRESS) -- C:\Program Files\Microsoft SQL Server\MSSQL.1\MSSQL\Binn\sqlservr.exe (Microsoft Corporation) SRV - (SQLBrowser) -- C:\Program Files\Microsoft SQL Server\90\Shared\sqlbrowser.exe (Microsoft Corporation) SRV - (MSSQLServerADHelper) -- C:\Program Files\Microsoft SQL Server\90\Shared\sqladhlp90.exe (Microsoft Corporation) ========== Driver Services (SafeList) ========== DRV - (MBAMSwissArmy) -- C:\Windows\System32\drivers\mbamswissarmy.sys (Malwarebytes Corporation) DRV - (AvgTdiX) -- C:\Windows\System32\Drivers\avgtdix.sys (AVG Technologies CZ, s.r.o.) DRV - (AvgMfx86) -- C:\Windows\System32\Drivers\avgmfx86.sys (AVG Technologies CZ, s.r.o.) DRV - (AvgLdx86) -- C:\Windows\System32\Drivers\avgldx86.sys (AVG Technologies CZ, s.r.o.) DRV - (pctplfw) -- C:\Windows\System32\drivers\pctplfw.sys (PC Tools) DRV - (pctNDIS) -- C:\Windows\System32\drivers\pctNdis.sys (PC Tools) DRV - (pctgntdi) -- C:\Windows\System32\drivers\pctgntdi.sys (PC Tools) DRV - (PCTFW-PacketFilter) -- C:\Windows\System32\drivers\pctNdis-PacketFilter.sys (PC Tools) DRV - (PCTFW-DNS) -- C:\Windows\System32\drivers\pctNdis-DNS.sys (PC Tools) DRV - (PCTAppEvent) -- C:\Windows\System32\drivers\PCTAppEvent.sys (PC Tools) DRV - (vmx86) -- C:\Windows\System32\drivers\vmx86.sys (VMware, Inc.) DRV - (vmci) -- C:\Windows\System32\drivers\vmci.sys (VMware, Inc.) DRV - (vmkbd) -- C:\Windows\System32\drivers\VMkbd.sys (VMware, Inc.) DRV - (VMnetuserif) -- C:\Windows\System32\drivers\vmnetuserif.sys (VMware, Inc.) DRV - (hcmon) -- C:\Windows\System32\drivers\hcmon.sys (VMware, Inc.) DRV - (vmusb) -- C:\Windows\System32\drivers\vmusb.sys (VMware, Inc.) DRV - (VMnetBridge) -- C:\Windows\System32\drivers\vmnetbridge.sys (VMware, Inc.) DRV - (VMnetAdapter) -- C:\Windows\System32\drivers\vmnetadapter.sys (VMware, Inc.) DRV - (TuneUpUtilitiesDrv) -- C:\Programme\TuneUp Utilities 2010\TuneUpUtilitiesDriver32.sys (TuneUp Software) DRV - (vstor2-ws60) -- C:\Programme\VMware\VMware Player\vstor2-ws60.sys (VMware, Inc.) DRV - (HssDrv) -- C:\Windows\System32\drivers\hssdrv.sys (AnchorFree Inc.) DRV - (taphss) -- C:\Windows\System32\drivers\taphss.sys (AnchorFree Inc) DRV - (androidusb) -- C:\Windows\System32\drivers\androidusb.sys (Google Inc) DRV - (tap0901) -- C:\Windows\System32\drivers\tap0901.sys (The OpenVPN Project) DRV - (sptd) -- C:\Windows\System32\Drivers\sptd.sys () DRV - (stppp) -- C:\Windows\System32\drivers\stppp.sys (THOMSON Telecom Belgium) DRV - (STETH) -- C:\Windows\System32\drivers\steth.sys (THOMSON Telecom Belgium) DRV - (ST330) -- C:\Windows\System32\drivers\st330.sys (THOMSON Telecom Belgium) DRV - (STBUS) -- C:\Windows\System32\drivers\stbus.sys (THOMSON Telecom Belgium) DRV - (Lbd) -- C:\Windows\system32\DRIVERS\Lbd.sys (Lavasoft AB) DRV - (SbieDrv) -- C:\Programme\Sandboxie\SbieDrv.sys (tzuk) DRV - (RTHDMIAzAudService) -- C:\Windows\System32\drivers\RtHDMIV.sys (Realtek Semiconductor Corp.) DRV - (atikmdag) -- C:\Windows\System32\drivers\atikmdag.sys (ATI Technologies Inc.) DRV - (massfilter) -- C:\Windows\System32\drivers\massfilter.sys (ZTE Incorporated) DRV - (usbaudio) USB-Audiotreiber (WDM) -- C:\Windows\System32\drivers\USBAUDIO.sys (Microsoft Corporation) DRV - (IntcAzAudAddService) Service for Realtek HD Audio (WDM) -- C:\Windows\System32\drivers\RTKVHDA.sys (Realtek Semiconductor Corp.) DRV - (ahcix86s) -- C:\Windows\system32\DRIVERS\ahcix86s.sys (Advanced Micro Devices, Inc) DRV - (pccsmcfd) -- C:\Windows\System32\drivers\pccsmcfd.sys (Nokia) DRV - (adfs) -- C:\Windows\System32\drivers\adfs.sys (Adobe Systems, Inc.) DRV - (AtiPcie) ATI PCI Express (3GIO) -- C:\Windows\system32\DRIVERS\AtiPcie.sys (ATI Technologies Inc.) DRV - (RTL8169) -- C:\Windows\System32\drivers\Rtlh86.sys (Realtek Corporation ) DRV - (MegaSR) -- C:\Windows\system32\drivers\megasr.sys (LSI Corporation, Inc.) DRV - (adpu320) -- C:\Windows\system32\drivers\adpu320.sys (Adaptec, Inc.) DRV - (megasas) -- C:\Windows\system32\drivers\megasas.sys (LSI Corporation) DRV - (adpu160m) -- C:\Windows\system32\drivers\adpu160m.sys (Adaptec, Inc.) DRV - (SiSRaid4) -- C:\Windows\system32\drivers\sisraid4.sys (Silicon Integrated Systems) DRV - (HpCISSs) -- C:\Windows\system32\drivers\hpcisss.sys (Hewlett-Packard Company) DRV - (adpahci) -- C:\Windows\system32\drivers\adpahci.sys (Adaptec, Inc.) DRV - (LSI_SAS) -- C:\Windows\system32\drivers\lsi_sas.sys (LSI Logic) DRV - (ql2300) -- C:\Windows\system32\drivers\ql2300.sys (QLogic Corporation) DRV - (E1G60) Intel(R) -- C:\Windows\System32\drivers\E1G60I32.sys (Intel Corporation) DRV - (arcsas) -- C:\Windows\system32\drivers\arcsas.sys (Adaptec, Inc.) DRV - (iaStorV) -- C:\Windows\system32\drivers\iastorv.sys (Intel Corporation) DRV - (vsmraid) -- C:\Windows\system32\drivers\vsmraid.sys (VIA Technologies Inc.,Ltd) DRV - (ulsata2) -- C:\Windows\system32\drivers\ulsata2.sys (Promise Technology, Inc.) DRV - (LSI_SCSI) -- C:\Windows\system32\drivers\lsi_scsi.sys (LSI Logic) DRV - (LSI_FC) -- C:\Windows\system32\drivers\lsi_fc.sys (LSI Logic) DRV - (arc) -- C:\Windows\system32\drivers\arc.sys (Adaptec, Inc.) DRV - (elxstor) -- C:\Windows\system32\drivers\elxstor.sys (Emulex) DRV - (adp94xx) -- C:\Windows\system32\drivers\adp94xx.sys (Adaptec, Inc.) DRV - (nvraid) -- C:\Windows\system32\drivers\nvraid.sys (NVIDIA Corporation) DRV - (nvstor) -- C:\Windows\system32\drivers\nvstor.sys (NVIDIA Corporation) DRV - (uliahci) -- C:\Windows\system32\drivers\uliahci.sys (ULi Electronics Inc.) DRV - (viaide) -- C:\Windows\system32\drivers\viaide.sys (VIA Technologies, Inc.) DRV - (cmdide) -- C:\Windows\system32\drivers\cmdide.sys (CMD Technology, Inc.) DRV - (aliide) -- C:\Windows\system32\drivers\aliide.sys (Acer Laboratories Inc.) DRV - (amdide) -- C:\Windows\system32\DRIVERS\amdide.sys (Advanced Micro Devices) DRV - (netr28u) -- C:\Windows\System32\drivers\netr28u.sys (Ralink Technology Corp.) DRV - (CAM1690) -- C:\Windows\System32\drivers\cam1690.sys () DRV - (pgfilter) -- C:\Programme\PeerGuardian2\pgfilter.sys () DRV - (ql40xx) -- C:\Windows\system32\drivers\ql40xx.sys (QLogic Corporation) DRV - (UlSata) -- C:\Windows\system32\drivers\ulsata.sys (Promise Technology, Inc.) DRV - (nfrd960) -- C:\Windows\system32\drivers\nfrd960.sys (IBM Corporation) DRV - (iirsp) -- C:\Windows\system32\drivers\iirsp.sys (Intel Corp./ICP vortex GmbH) DRV - (aic78xx) -- C:\Windows\system32\drivers\djsvs.sys (Adaptec, Inc.) DRV - (iteraid) -- C:\Windows\system32\drivers\iteraid.sys (Integrated Technology Express, Inc.) DRV - (iteatapi) -- C:\Windows\system32\drivers\iteatapi.sys (Integrated Technology Express, Inc.) DRV - (Symc8xx) -- C:\Windows\system32\drivers\symc8xx.sys (LSI Logic) DRV - (Sym_u3) -- C:\Windows\system32\drivers\sym_u3.sys (LSI Logic) DRV - (Mraid35x) -- C:\Windows\system32\drivers\mraid35x.sys (LSI Logic Corporation) DRV - (Sym_hi) -- C:\Windows\system32\drivers\sym_hi.sys (LSI Logic) DRV - (Brserid) Brother MFC Serial Port Interface Driver (WDM) -- C:\Windows\system32\drivers\brserid.sys (Brother Industries Ltd.) DRV - (BrUsbSer) -- C:\Windows\system32\drivers\brusbser.sys (Brother Industries Ltd.) DRV - (BrFiltUp) -- C:\Windows\system32\drivers\brfiltup.sys (Brother Industries, Ltd.) DRV - (BrFiltLo) -- C:\Windows\system32\drivers\brfiltlo.sys (Brother Industries, Ltd.) DRV - (BrSerWdm) -- C:\Windows\system32\drivers\brserwdm.sys (Brother Industries Ltd.) DRV - (BrUsbMdm) -- C:\Windows\system32\drivers\brusbmdm.sys (Brother Industries Ltd.) DRV - (ntrigdigi) -- C:\Windows\system32\drivers\ntrigdigi.sys (N-trig Innovative Technologies) DRV - (alcan5wn) Alcatel SpeedTouch USB ADSL PPP Networking Driver (NDISWAN) -- C:\Windows\System32\drivers\alcan5wn.sys (THOMSON multimedia) DRV - (alcaudsl) -- C:\Windows\System32\drivers\alcaudsl.sys (THOMSON multimedia) ========== Standard Registry (SafeList) ========== ========== Internet Explorer ========== IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://www.hofer.at/ IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = %SystemRoot%\system32\blank.htm IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://search.qip.ru IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Search_URL = hxxp://search.qip.ru IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.telekom.at/suche IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://google.at/ IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,StartPageCache = 1 IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = hxxp://search.qip.ru/ie IE - HKCU\..\URLSearchHook: - Reg Error: Key error. File not found IE - HKCU\..\URLSearchHook: {A55F9C95-2BB1-4EA2-BC77-DFAAB78832CE} - C:\Users\...\AppData\Roaming\Microsoft\Internet Explorer\qipsearchbar.dll (qip.ru) IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 FF - HKLM\software\mozilla\Firefox\Extensions\\{A27F3FEF-1113-4cfb-A032-8E12D7D8EE70}: C:\Program Files\Nokia\Nokia Ovi Suite\Connectors\Bookmarks Connector\FirefoxExtension\ [2010.02.13 14:28:40 | 000,000,000 | ---D | M] FF - HKLM\software\mozilla\Firefox\Extensions\\{3f963a5b-e555-4543-90e2-c3908898db71}: C:\Program Files\AVG\AVG9\Firefox [2010.04.21 12:52:45 | 000,000,000 | ---D | M] FF - HKLM\software\mozilla\Mozilla Firefox 3.6.3\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2010.05.02 20:53:00 | 000,000,000 | ---D | M] FF - HKLM\software\mozilla\Mozilla Firefox 3.6.3\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2010.04.06 00:44:43 | 000,000,000 | ---D | M] FF - HKLM\software\mozilla\Mozilla Thunderbird 2.0.0.22\extensions\\Components: C:\Program Files\Mozilla Thunderbird\components [2009.11.02 00:59:12 | 000,000,000 | ---D | M] FF - HKLM\software\mozilla\Thunderbird\Extensions\\{CCB7D94B-CA92-4E3F-B79D-ADE0F07ADC74}: C:\Program Files\Nokia\Nokia Ovi Suite\Connectors\Thunderbird Connector\ThunderbirdExtension\ [2010.02.13 14:28:41 | 000,000,000 | ---D | M] [2009.07.20 14:54:06 | 000,000,000 | ---D | M] -- C:\Users\...\AppData\Roaming\mozilla\Extensions [2010.05.07 17:36:07 | 000,000,000 | ---D | M] -- C:\Users\...\AppData\Roaming\mozilla\Firefox\Profiles\57xf2nqy.profile\extensions [2009.08.13 04:28:25 | 000,000,000 | ---D | M] (No name found) -- C:\Users\...\AppData\Roaming\mozilla\Firefox\Profiles\57xf2nqy.profile\extensions\{3eaacb33-878f-44fa-b4cd-6e67cbaf828b} [2009.07.20 14:53:55 | 000,000,000 | ---D | M] (oldbar) -- C:\Users\...\AppData\Roaming\mozilla\Firefox\Profiles\57xf2nqy.profile\extensions\{46868735-c3fa-47ce-8ce7-cce51a66aceb} [2010.01.25 02:50:55 | 000,000,000 | ---D | M] (No name found) -- C:\Users\...\AppData\Roaming\mozilla\Firefox\Profiles\57xf2nqy.profile\extensions\{77b819fa-95ad-4f2c-ac7c-486b356188a9} [2010.03.29 17:04:03 | 000,000,000 | ---D | M] (mediaplayerconnectivity) -- C:\Users\...\AppData\Roaming\mozilla\Firefox\Profiles\57xf2nqy.profile\extensions\{84b24861-62f6-364b-eba5-2e5e2061d7e6} [2010.03.29 17:04:02 | 000,000,000 | ---D | M] (FireFTP) -- C:\Users\...\AppData\Roaming\mozilla\Firefox\Profiles\57xf2nqy.profile\extensions\{a7c6cf7f-112c-4500-a7ea-39801a327e5f} [2010.03.29 17:04:03 | 000,000,000 | ---D | M] (gTranslate) -- C:\Users\...\AppData\Roaming\mozilla\Firefox\Profiles\57xf2nqy.profile\extensions\{aff87fa2-a58e-4edd-b852-0a20203c1e17} [2009.08.11 17:47:44 | 000,000,000 | ---D | M] (No name found) -- C:\Users\...\AppData\Roaming\mozilla\Firefox\Profiles\57xf2nqy.profile\extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d} [2010.03.29 17:04:02 | 000,000,000 | ---D | M] -- C:\Users\...\AppData\Roaming\mozilla\Firefox\Profiles\57xf2nqy.profile\extensions\de-AT@dictionaries.addons.mozilla.org [2010.03.29 17:04:04 | 000,000,000 | ---D | M] -- C:\Users\...\AppData\Roaming\mozilla\Firefox\Profiles\57xf2nqy.profile\extensions\en-US@dictionaries.addons.mozilla.org [2010.03.29 17:04:03 | 000,000,000 | ---D | M] -- C:\Users\...\AppData\Roaming\mozilla\Firefox\Profiles\57xf2nqy.profile\extensions\firefox@tvunetworks.com [2009.07.20 14:53:54 | 000,000,000 | ---D | M] -- C:\Users\...\AppData\Roaming\mozilla\Firefox\Profiles\57xf2nqy.profile\extensions\moveplayer@movenetworks.com [2010.03.29 17:04:04 | 000,000,000 | ---D | M] -- C:\Users\...\AppData\Roaming\mozilla\Firefox\Profiles\57xf2nqy.profile\extensions\staged-xpis [2010.05.01 03:18:42 | 000,000,000 | ---D | M] -- C:\Users\...\AppData\Roaming\mozilla\Firefox\Profiles\57xf2nqy.profile\extensions\toolbar@ask.com [2010.05.01 00:11:58 | 000,000,000 | ---D | M] -- C:\Programme\Mozilla Firefox\extensions [2009.11.02 00:58:54 | 000,221,184 | ---- | M] (CNN) -- C:\Programme\Mozilla Firefox\plugins\NPTURNMED.dll [2010.03.13 20:08:32 | 000,001,392 | ---- | M] () -- C:\Programme\Mozilla Firefox\searchplugins\amazondotcom-de.xml [2010.03.13 20:08:32 | 000,002,344 | ---- | M] () -- C:\Programme\Mozilla Firefox\searchplugins\eBay-de.xml [2010.03.13 20:08:32 | 000,006,805 | ---- | M] () -- C:\Programme\Mozilla Firefox\searchplugins\leo_ende_de.xml [2010.03.13 20:08:32 | 000,001,178 | ---- | M] () -- C:\Programme\Mozilla Firefox\searchplugins\wikipedia-de.xml [2010.03.13 20:08:32 | 000,001,105 | ---- | M] () -- C:\Programme\Mozilla Firefox\searchplugins\yahoo-de.xml [2009.10.27 17:41:05 | 000,002,380 | ---- | M] () -- C:\Programme\Mozilla Firefox\searchplugins\zwunzi118.xml [2009.10.27 19:41:41 | 000,002,380 | ---- | M] () -- C:\Programme\Mozilla Firefox\searchplugins\zwunzi119.xml [2009.10.29 08:02:01 | 000,002,380 | ---- | M] () -- C:\Programme\Mozilla Firefox\searchplugins\zwunzi121.xml O1 HOSTS File: ([2009.09.25 01:21:34 | 000,335,252 | R--- | M]) - C:\Windows\System32\drivers\etc\hosts O1 - Hosts: 127.0.0.1 localhost O1 - Hosts: ::1 localhost O1 - Hosts: 127.0.0.1 www.007guard.com O1 - Hosts: 127.0.0.1 007guard.com O1 - Hosts: 127.0.0.1 008i.com O1 - Hosts: 127.0.0.1 www.008k.com O1 - Hosts: 127.0.0.1 008k.com O1 - Hosts: 127.0.0.1 www.00hq.com O1 - Hosts: 127.0.0.1 00hq.com O1 - Hosts: 127.0.0.1 010402.com O1 - Hosts: 127.0.0.1 www.032439.com O1 - Hosts: 127.0.0.1 032439.com O1 - Hosts: 127.0.0.1 www.0scan.com O1 - Hosts: 127.0.0.1 0scan.com O1 - Hosts: 127.0.0.1 www.1000gratisproben.com O1 - Hosts: 127.0.0.1 1000gratisproben.com O1 - Hosts: 127.0.0.1 www.1001namen.com O1 - Hosts: 127.0.0.1 1001namen.com O1 - Hosts: 127.0.0.1 100888290cs.com O1 - Hosts: 127.0.0.1 www.100888290cs.com O1 - Hosts: 127.0.0.1 100sexlinks.com O1 - Hosts: 127.0.0.1 www.100sexlinks.com O1 - Hosts: 127.0.0.1 10sek.com O1 - Hosts: 127.0.0.1 www.10sek.com O1 - Hosts: 127.0.0.1 www.1-2005-search.com O1 - Hosts: 11489 more lines... O2 - BHO: (no name) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - No CLSID value found. O2 - BHO: (AVG Safe Search) - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Programme\AVG\AVG9\avgssie.dll (AVG Technologies CZ, s.r.o.) O2 - BHO: (Groove GFS Browser Helper) - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Programme\Microsoft Office\Office12\GrooveShellExtensions.dll (Microsoft Corporation) O2 - BHO: (Windows Live Anmelde-Hilfsprogramm) - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Programme\Common Files\microsoft shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corporation) O2 - BHO: (QIPBHO Class) - {A55F9C95-2BB1-4EA2-BC77-DFAAB78832CE} - C:\Users\...\AppData\Roaming\Microsoft\Internet Explorer\qipsearchbar.dll (qip.ru) O2 - BHO: (Hotspot Shield Class) - {F9E4A054-E9B1-4BC3-83A3-76A1AE736170} - C:\Programme\Hotspot Shield\hssie\HssIE.dll (AnchorFree Inc.) O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {D4027C7F-154A-4066-A1AD-4243D8127440} - No CLSID value found. O4 - HKLM..\Run: [00PCTFW] C:\Program Files\PC Tools Firewall Plus\FirewallGUI.exe (PC Tools) O4 - HKLM..\Run: [AVG9_TRAY] C:\Programme\AVG\AVG9\avgtray.exe (AVG Technologies CZ, s.r.o.) O4 - HKLM..\Run: [CLMLServer] C:\Program Files\HomeCinema\Power2Go\CLMLSvc.exe (CyberLink) O4 - HKLM..\Run: [KnexStarter] C:\Programme\Common Files\Hewlett-Packard\HP Device Communication Services\AppInterfaces\HPDeviceService.exe (Hewlett-Packard Company) O4 - HKLM..\Run: [RtHDVCpl] C:\Programme\Realtek\Audio\HDA\RtHDVCpl.exe (Realtek Semiconductor) O4 - HKLM..\Run: [RunTasktray] File not found O4 - HKLM..\Run: [StartCCC] C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe (Advanced Micro Devices, Inc.) O4 - HKLM..\Run: [Waiting1690] C:\Windows\StiD1690.exe () O4 - HKLM..\Run: [Windows Defender] C:\Program Files\Windows Defender\MSASCui.exe (Microsoft Corporation) O4 - HKCU..\Run: [] File not found O4 - Startup: C:\Users\...\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk = C:\Users\...\AppData\Roaming\Dropbox\bin\Dropbox.exe () O4 - Startup: C:\Users\...\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\MLB.TV NexDef Plug-in.lnk = C:\Users\...\AppData\Local\Autobahn\mlb-nexdef-autobahn.exe () O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 255 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableLUA = 0 O8 - Extra context menu item: Nach Microsoft E&xel exportieren - C:\Programme\Microsoft Office\Office12\EXCEL.EXE (Microsoft Corporation) O9 - Extra Button: eBay - Der weltweite Online-Marktplatz - {0B65DCC9-1740-43dc-B19C-4F309FB6A6CA} - File not found O9 - Extra 'Tools' menuitem : eBay - {0B65DCC9-1740-43dc-B19C-4F309FB6A6CA} - File not found O9 - Extra Button: In Blog veröffentlichen - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Programme\Windows Live\Writer\WriterBrowserExtension.dll (Microsoft Corporation) O9 - Extra 'Tools' menuitem : In Windows Live Writer in Blog veröffentliche&n - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Programme\Windows Live\Writer\WriterBrowserExtension.dll (Microsoft Corporation) O9 - Extra Button: An OneNote senden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Programme\Microsoft Office\Office12\ONBttnIE.dll (Microsoft Corporation) O9 - Extra 'Tools' menuitem : An OneNote s&enden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Programme\Microsoft Office\Office12\ONBttnIE.dll (Microsoft Corporation) O9 - Extra Button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\Programme\Microsoft Office\Office12\REFIEBAR.DLL (Microsoft Corporation) O10 - Protocol_Catalog9\Catalog_Entries\000000000048 - C:\Program Files\VMware\VMware Player\vsocklib.dll (VMware, Inc.) O10 - Protocol_Catalog9\Catalog_Entries\000000000049 - C:\Program Files\VMware\VMware Player\vsocklib.dll (VMware, Inc.) O13 - gopher Prefix: missing O15 - HKLM\..Trusted Domains: hp.com ([]http in Trusted sites) O15 - HKLM\..Trusted Domains: hp.com ([]https in Trusted sites) O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} hxxp://download.microsoft.com/download/C/0/C/C0CBBA88-A6F2-48D9-9B0E-1719D1177202/LegitCheckControl.cab (Windows Genuine Advantage Validation Tool) O16 - DPF: {233C1507-6A77-46A4-9443-F871F945D258} hxxp://download.macromedia.com/pub/shockwave/cabs/director/sw.cab (Shockwave ActiveX Control) O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_14-windows-i586.cab (Java Plug-in 1.6.0_14) O16 - DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} hxxp://fpdownload.macromedia.com/get/flashplayer/current/polarbear/ultrashim.cab (Reg Error: Key error.) O16 - DPF: {CAFEEFAC-0016-0000-0014-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_14-windows-i586.cab (Java Plug-in 1.6.0_14) O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_14-windows-i586.cab (Reg Error: Key error.) O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.1 O18 - Protocol\Handler\grooveLocalGWS {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\Programme\Microsoft Office\Office12\GrooveSystemServices.dll (Microsoft Corporation) O18 - Protocol\Handler\HPDCS {ba135f49-a12c-4e26-a2c4-6ea945999072} - C:\Programme\Common Files\Hewlett-Packard\HP Device Communication Services\APP\hpdcsapp.dll (Hewlett-Packard Company) O18 - Protocol\Handler\hppfile {C4E2084B-ED27-4893-A43D-488CA3F370E2} - C:\Programme\Hewlett-Packard\HP Easy Printer Care\HPPCtrls.dll (Hewlett-Packard Company) O18 - Protocol\Handler\hppsam {C4E2084B-ED27-4893-A43D-488CA3F370E2} - C:\Programme\Hewlett-Packard\HP Easy Printer Care\HPPCtrls.dll (Hewlett-Packard Company) O18 - Protocol\Handler\hppzip {C4E2084B-ED27-4893-A43D-488CA3F370E2} - C:\Programme\Hewlett-Packard\HP Easy Printer Care\HPPCtrls.dll (Hewlett-Packard Company) O18 - Protocol\Handler\linkscanner {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Programme\AVG\AVG9\avgpp.dll (AVG Technologies CZ, s.r.o.) O18 - Protocol\Handler\livecall {828030A1-22C1-4009-854F-8E305202313F} - C:\Programme\Windows Live\Messenger\msgrapp.14.0.8089.0726.dll (Microsoft Corporation) O18 - Protocol\Handler\ms-help {314111c7-a502-11d2-bbca-00c04f8ec294} - C:\Programme\Common Files\microsoft shared\Help\hxds.dll (Microsoft Corporation) O18 - Protocol\Handler\ms-itss {0A9007C0-4076-11D3-8789-0000F8105754} - C:\Programme\Common Files\microsoft shared\Information Retrieval\msitss.dll (Microsoft Corporation) O18 - Protocol\Handler\msnim {828030A1-22C1-4009-854F-8E305202313F} - C:\Programme\Windows Live\Messenger\msgrapp.14.0.8089.0726.dll (Microsoft Corporation) O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Programme\Common Files\Skype\Skype4COM.dll (Skype Technologies) O18 - Protocol\Handler\wlmailhtml {03C514A3-1EFB-4856-9F99-10D7BE1653C0} - C:\Programme\Windows Live\Mail\mailcomm.dll (Microsoft Corporation) O18 - Protocol\Filter\text/xml {807563E5-5146-11D5-A672-00B0D022E945} - C:\Programme\Common Files\microsoft shared\OFFICE12\MSOXMLMF.DLL (Microsoft Corporation) O20 - AppInit_DLLs: (avgrsstx.dll) - C:\Windows\System32\avgrsstx.dll (AVG Technologies CZ, s.r.o.) O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation) O24 - Desktop WallPaper: C:\Windows\Web\Wallpaper\img24.jpg O24 - Desktop BackupWallPaper: C:\Windows\Web\Wallpaper\img24.jpg O28 - HKLM ShellExecuteHooks: {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - C:\Programme\Microsoft Office\Office12\GrooveShellExtensions.dll (Microsoft Corporation) O32 - HKLM CDRom: AutoRun - 1 O32 - AutoRun File - [2006.09.18 23:43:36 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ] O33 - MountPoints2\{00ea35e0-7532-11de-a6dd-000000000000}\Shell - "" = AutoRun O33 - MountPoints2\{00ea35e0-7532-11de-a6dd-000000000000}\Shell\AutoRun\command - "" = J:\lernkurs.exe -- File not found O33 - MountPoints2\{6ae2a5ab-7628-11de-8df5-000000000000}\Shell\AutoRun\command - "" = K:\hc3hvi0.exe -- File not found O33 - MountPoints2\{6ae2a5ab-7628-11de-8df5-000000000000}\Shell\open\Command - "" = K:\hc3hvi0.exe -- File not found O34 - HKLM BootExecute: (autocheck autochk *) - File not found O34 - HKLM BootExecute: (lsdelete) - C:\Windows\System32\lsdelete.exe () O35 - HKLM\..comfile [open] -- "%1" %* O35 - HKLM\..exefile [open] -- "%1" %* O37 - HKLM\...com [@ = comfile] -- "%1" %* O37 - HKLM\...exe [@ = exefile] -- "%1" %* ========== Files/Folders - Created Within 30 Days ========== [2010.05.04 18:02:51 | 000,000,000 | ---D | C] -- C:\Programme\USB PC CAMERA 211 [2010.05.04 18:02:02 | 000,000,000 | ---D | C] -- C:\Users\...\AppData\Local\JPEG Cam [2010.05.02 12:20:45 | 000,000,000 | ---D | C] -- C:\ProgramData\Hitman Pro [2010.05.02 12:20:41 | 000,000,000 | ---D | C] -- C:\Programme\Hitman Pro 3.5 [2010.05.02 00:59:10 | 000,000,000 | ---D | C] -- C:\Users\...\Desktop\DnB Stems [2010.04.30 18:13:36 | 000,000,000 | ---D | C] -- C:\Users\...\AppData\Roaming\8628B0CE530DF8231493C970831E54D3 [2010.04.27 06:31:37 | 000,000,000 | ---D | C] -- C:\Users\...\AppData\Local\Yahoo [2010.04.27 06:31:00 | 000,000,000 | ---D | C] -- C:\Users\...\AppData\Roaming\Yahoo! [2010.04.27 06:29:10 | 000,000,000 | ---D | C] -- C:\ProgramData\Yahoo! [2010.04.27 06:25:05 | 000,000,000 | ---D | C] -- C:\Programme\Yahoo! [2010.04.26 00:21:25 | 000,000,000 | R--D | C] -- C:\Users\...\Documents\My Dropbox [2010.04.26 00:18:48 | 000,000,000 | ---D | C] -- C:\Users\...\AppData\Roaming\Dropbox [2010.04.24 19:59:30 | 000,000,000 | -HSD | C] -- C:\Windows\ftpcache [2010.04.11 09:51:19 | 000,000,000 | ---D | C] -- C:\Users\...\AppData\Local\Hewlett-Packard [2010.04.11 09:51:02 | 000,000,000 | ---D | C] -- C:\Users\...\AppData\Roaming\Hewlett-Packard [2010.04.11 09:50:41 | 000,000,000 | ---D | C] -- C:\Programme\Hp [2010.04.11 09:48:58 | 000,000,000 | ---D | C] -- C:\Programme\Hewlett-Packard [2010.04.11 09:46:55 | 000,000,000 | ---D | C] -- C:\Programme\Common Files\Hewlett-Packard [1 C:\Windows\System32\drivers\*.tmp files -> C:\Windows\System32\drivers\*.tmp -> ] ========== Files - Modified Within 30 Days ========== [2010.05.07 18:43:35 | 009,699,328 | -HS- | M] () -- C:\Users\...\NTUSER.DAT [2010.05.07 18:33:00 | 000,001,122 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-3079852786-3012575058-2838919547-1000UA.job [2010.05.07 17:42:26 | 000,000,420 | -H-- | M] () -- C:\Windows\tasks\User_Feed_Synchronization-{12ED8C18-2148-409D-87B0-EF41F0CD85DF}.job [2010.05.07 17:29:09 | 001,596,184 | ---- | M] () -- C:\Windows\System32\PerfStringBackup.INI [2010.05.07 17:29:09 | 000,681,574 | ---- | M] () -- C:\Windows\System32\perfh007.dat [2010.05.07 17:29:09 | 000,648,044 | ---- | M] () -- C:\Windows\System32\perfh009.dat [2010.05.07 17:29:09 | 000,147,382 | ---- | M] () -- C:\Windows\System32\perfc007.dat [2010.05.07 17:29:09 | 000,124,894 | ---- | M] () -- C:\Windows\System32\perfc009.dat [2010.05.07 17:24:37 | 000,015,944 | ---- | M] () -- C:\Windows\System32\drivers\hitmanpro35.sys [2010.05.07 17:22:28 | 000,003,744 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0 [2010.05.07 17:22:28 | 000,003,744 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0 [2010.05.07 17:22:28 | 000,000,006 | -H-- | M] () -- C:\Windows\tasks\SA.DAT [2010.05.07 17:22:13 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat [2010.05.07 17:15:50 | 000,000,012 | ---- | M] () -- C:\Windows\bthservsdp.dat [2010.05.07 17:15:42 | 003,572,869 | -H-- | M] () -- C:\Users\...\AppData\Local\IconCache.db [2010.05.07 11:33:56 | 059,673,903 | ---- | M] () -- C:\Windows\System32\drivers\Avg\incavi.avm [2010.05.07 06:48:07 | 000,524,288 | -HS- | M] () -- C:\Users\...\NTUSER.DAT{3a539871-6a70-11db-887c-d362bd253390}.TMContainer00000000000000000001.regtrans-ms [2010.05.07 06:48:07 | 000,065,536 | -HS- | M] () -- C:\Users\...\NTUSER.DAT{3a539871-6a70-11db-887c-d362bd253390}.TM.blf [2010.05.05 19:33:00 | 000,001,070 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-3079852786-3012575058-2838919547-1000Core.job [2010.05.02 16:13:12 | 372,993,495 | ---- | M] () -- C:\Windows\MEMORY.DMP [2010.05.02 12:21:19 | 000,001,796 | ---- | M] () -- C:\Users\Public\Desktop\Hitman Pro 3.5.lnk [2010.05.01 11:09:58 | 002,322,384 | ---- | M] () -- C:\Windows\System32\FNTCACHE.DAT [2010.05.01 02:54:07 | 000,105,816 | ---- | M] () -- C:\Users\...\AppData\Local\GDIPFONTCACHEV1.DAT [2010.04.30 20:01:56 | 000,015,688 | ---- | M] () -- C:\Windows\System32\lsdelete.exe [2010.04.29 15:39:38 | 000,038,224 | ---- | M] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbamswissarmy.sys [2010.04.29 15:39:26 | 000,020,952 | ---- | M] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbam.sys [2010.04.27 06:29:59 | 000,000,946 | ---- | M] () -- C:\Users\Public\Desktop\Yahoo! Messenger.lnk [2010.04.26 00:21:25 | 000,000,946 | ---- | M] () -- C:\Users\...\Desktop\Dropbox.lnk [2010.04.26 00:21:25 | 000,000,926 | ---- | M] () -- C:\Users\...\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk [2010.04.25 23:27:32 | 000,172,032 | ---- | M] () -- C:\Users\...\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini [2010.04.24 15:21:43 | 000,000,016 | ---- | M] () -- C:\Windows\System32\w3data.vss [2010.04.24 15:21:43 | 000,000,016 | ---- | M] () -- C:\Windows\System32\msvcsv60.dll [2010.04.24 15:21:43 | 000,000,016 | ---- | M] () -- C:\Windows\msocreg32.dat [2010.04.24 04:00:31 | 000,000,005 | ---- | M] () -- C:\Windows\ikaoilfk.ini [2010.04.21 12:46:36 | 000,242,896 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Windows\System32\drivers\avgtdix.sys [2010.04.13 12:03:05 | 000,000,035 | ---- | M] () -- C:\Windows\Ulead32.INI [2010.04.12 10:14:57 | 000,290,044 | ---- | M] () -- C:\Users\...\Desktop\new 2 [2010.04.11 09:50:57 | 000,082,628 | ---- | M] () -- C:\Windows\HPEasyPrinterCare.his [2010.04.11 09:48:59 | 000,002,300 | ---- | M] () -- C:\Users\Public\Desktop\HP Easy Printer Care.lnk [2010.04.11 09:44:44 | 000,001,985 | ---- | M] () -- C:\Windows\sounder.his [1 C:\Windows\System32\drivers\*.tmp files -> C:\Windows\System32\drivers\*.tmp -> ] ========== Files Created - No Company Name ========== [2010.05.02 16:14:42 | 000,015,944 | ---- | C] () -- C:\Windows\System32\drivers\hitmanpro35.sys [2010.05.02 12:20:42 | 000,001,796 | ---- | C] () -- C:\Users\Public\Desktop\Hitman Pro 3.5.lnk [2010.04.27 06:29:59 | 000,000,946 | ---- | C] () -- C:\Users\Public\Desktop\Yahoo! Messenger.lnk [2010.04.26 00:21:25 | 000,000,946 | ---- | C] () -- C:\Users\...\Desktop\Dropbox.lnk [2010.04.26 00:21:25 | 000,000,926 | ---- | C] () -- C:\Users\...\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk [2010.04.24 04:00:31 | 000,000,005 | ---- | C] () -- C:\Windows\ikaoilfk.ini [2010.04.24 03:55:51 | 000,149,504 | ---- | C] () -- C:\Windows\System32\UNWISE.EXE [2010.04.11 09:48:59 | 000,002,300 | ---- | C] () -- C:\Users\Public\Desktop\HP Easy Printer Care.lnk [2010.04.11 09:44:44 | 000,001,985 | ---- | C] () -- C:\Windows\sounder.his [2010.04.11 09:43:50 | 000,082,628 | ---- | C] () -- C:\Windows\HPEasyPrinterCare.his [2010.01.18 21:52:31 | 000,163,840 | ---- | C] () -- C:\Windows\System32\ArtFfct.dll [2009.12.19 21:30:30 | 000,000,005 | ---- | C] () -- C:\Windows\lnnbdcon.ini [2009.12.19 21:30:24 | 000,000,005 | ---- | C] () -- C:\Windows\lnnbdcmk.ini [2009.12.05 03:27:11 | 000,000,005 | ---- | C] () -- C:\Windows\ikaoilnb.ini [2009.11.20 23:12:13 | 000,000,005 | ---- | C] () -- C:\Windows\ikaoilga.ini [2009.11.11 02:38:26 | 000,000,005 | ---- | C] () -- C:\Windows\ikaoilmd.ini [2009.11.11 02:36:27 | 000,000,005 | ---- | C] () -- C:\Windows\ikaoillf.ini [2009.11.11 02:36:27 | 000,000,005 | ---- | C] () -- C:\Windows\ikaoiljc.ini [2009.11.11 02:36:27 | 000,000,005 | ---- | C] () -- C:\Windows\ikaoilee.ini [2009.11.11 02:36:27 | 000,000,005 | ---- | C] () -- C:\Windows\ikaoildd.ini [2009.11.11 02:36:27 | 000,000,005 | ---- | C] () -- C:\Windows\ikaoilab.ini [2009.09.18 21:33:45 | 000,000,016 | ---- | C] () -- C:\Windows\System32\msvcsv60.dll [2009.09.12 16:25:42 | 000,484,352 | ---- | C] () -- C:\Windows\System32\lame_enc.dll [2009.09.10 17:42:35 | 000,000,122 | ---- | C] () -- C:\Windows\msmmdx9.ini [2009.08.10 23:18:19 | 000,001,628 | ---- | C] () -- C:\Windows\Sandboxie.ini [2009.08.09 14:19:22 | 000,413,696 | ---- | C] () -- C:\Windows\System32\jsound.dll [2009.08.09 14:19:21 | 000,380,928 | ---- | C] () -- C:\Windows\System32\jmmpa.dll [2009.08.09 14:19:21 | 000,282,624 | ---- | C] () -- C:\Windows\System32\jmh261.dll [2009.08.09 14:19:21 | 000,184,320 | ---- | C] () -- C:\Windows\System32\jmvh263.dll [2009.08.09 14:19:21 | 000,143,360 | ---- | C] () -- C:\Windows\System32\jmjpeg.dll [2009.08.09 14:19:21 | 000,106,496 | ---- | C] () -- C:\Windows\System32\jmh263enc.dll [2009.08.09 14:19:21 | 000,098,304 | ---- | C] () -- C:\Windows\System32\jmg723.dll [2009.08.09 14:19:21 | 000,077,824 | ---- | C] () -- C:\Windows\System32\jmmpegv.dll [2009.08.09 14:19:21 | 000,073,728 | ---- | C] () -- C:\Windows\System32\jmutil.dll [2009.08.09 14:19:21 | 000,057,344 | ---- | C] () -- C:\Windows\System32\jmgsm.dll [2009.08.09 14:19:21 | 000,045,056 | ---- | C] () -- C:\Windows\System32\jmvfw.dll [2009.08.09 14:19:21 | 000,036,864 | ---- | C] () -- C:\Windows\System32\jmvcm.dll [2009.08.09 14:19:21 | 000,036,864 | ---- | C] () -- C:\Windows\System32\jmgdi.dll [2009.08.09 14:19:21 | 000,032,768 | ---- | C] () -- C:\Windows\System32\jmfjawt.dll [2009.08.09 14:19:21 | 000,032,768 | ---- | C] () -- C:\Windows\System32\jmddraw.dll [2009.08.09 14:19:21 | 000,028,672 | ---- | C] () -- C:\Windows\System32\jmmci.dll [2009.08.09 14:19:21 | 000,028,672 | ---- | C] () -- C:\Windows\System32\jmdaudc.dll [2009.08.09 14:19:20 | 000,053,248 | ---- | C] () -- C:\Windows\System32\jmam.dll [2009.08.09 14:19:20 | 000,049,152 | ---- | C] () -- C:\Windows\System32\jmcvid.dll [2009.08.09 14:19:20 | 000,049,152 | ---- | C] () -- C:\Windows\System32\jmacm.dll [2009.08.09 14:19:20 | 000,040,960 | ---- | C] () -- C:\Windows\System32\jmdaud.dll [2009.07.27 20:52:07 | 000,168,448 | ---- | C] () -- C:\Windows\System32\unrar.dll [2009.07.22 17:39:26 | 000,000,035 | ---- | C] () -- C:\Windows\Ulead32.INI [2009.07.22 04:07:09 | 000,000,044 | ---- | C] () -- C:\Windows\MSYS.INI [2009.07.21 23:48:49 | 000,285,216 | ---- | C] () -- C:\Windows\System32\drivers\Onsio.sys [2009.07.21 23:48:49 | 000,007,680 | ---- | C] () -- C:\Windows\System32\drivers\Onsreged.sys [2009.07.20 15:32:48 | 000,717,296 | ---- | C] () -- C:\Windows\System32\drivers\sptd.sys [2009.07.20 12:31:09 | 000,005,607 | ---- | C] () -- C:\Windows\System32\stci.dll [2009.06.02 13:38:57 | 000,117,248 | ---- | C] () -- C:\Windows\System32\EhStorAuthn.dll [2009.05.16 05:22:50 | 000,159,744 | ---- | C] () -- C:\Windows\System32\atitmmxx.dll [2009.02.10 14:33:16 | 000,181,248 | ---- | C] () -- C:\Windows\System32\HPEPCEnm.dll [2009.02.10 14:33:02 | 000,163,840 | ---- | C] () -- C:\Windows\System32\hppatusg01.dll [2009.01.14 17:54:58 | 003,661,824 | ---- | C] () -- C:\Windows\System32\mkl_wavearts.dll [2007.10.31 15:09:48 | 000,065,217 | ---- | C] () -- C:\Windows\cam1690a.ini [2007.10.09 12:39:40 | 000,065,527 | ---- | C] () -- C:\Windows\cam1690b.ini [2007.10.08 10:12:14 | 000,130,965 | ---- | C] () -- C:\Windows\cam1690.ini [2007.09.20 18:03:10 | 000,177,664 | ---- | C] () -- C:\Windows\System32\drivers\cam1690.sys [2007.09.19 21:11:52 | 000,041,472 | ---- | C] () -- C:\Windows\System32\cam1690.dll [2007.08.29 15:40:38 | 000,045,056 | ---- | C] () -- C:\Windows\System32\cam1690m.dll [2006.11.02 14:35:32 | 000,005,632 | ---- | C] () -- C:\Windows\System32\sysprepMCE.dll [2006.11.02 09:40:29 | 000,013,750 | ---- | C] () -- C:\Windows\System32\pacerprf.ini ========== Alternate Data Streams ========== @Alternate Data Stream - 110 bytes -> C:\ProgramData\Temp:C31F31E6 < End of report > Fortsetzung folgt - weil zu lang für einen Post. |
|
07.05.2010, 18:16
| #4 |
| | Windows/Browser Probleme Extras.txt Code:
ATTFilter OTL Extras logfile created on: 07.05.2010 18:43:19 - Run 1
OTL by OldTimer - Version 3.2.4.1 Folder = C:\Users\...\Downloads
Windows Vista Home Premium Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation
Internet Explorer (Version = 7.0.6002.18005)
Locale: 00000C07 | Country: Deutschland | Language: DEA | Date Format: dd.MM.yyyy
3,00 Gb Total Physical Memory | 2,00 Gb Available Physical Memory | 55,00% Memory free
7,00 Gb Paging File | 5,00 Gb Available in Paging File | 73,00% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 576,17 Gb Total Space | 22,17 Gb Free Space | 3,85% Space Free | Partition Type: NTFS
Drive D: | 19,99 Gb Total Space | 8,88 Gb Free Space | 44,39% Space Free | Partition Type: FAT32
E: Drive not present or media not loaded
F: Drive not present or media not loaded
G: Drive not present or media not loaded
Drive H: | 14,37 Mb Total Space | 0,00 Mb Free Space | 0,00% Space Free | Partition Type: CDFS
I: Drive not present or media not loaded
Computer Name: ...-PC
Current User Name: ...
Logged in as Administrator.
Current Boot Mode: Normal
Scan Mode: Current user
Company Name Whitelist: Off
Skip Microsoft Files: Off
File Age = 30 Days
Output = Minimal
========== Extra Registry (SafeList) ==========
========== File Associations ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- C:\Windows\System32\control.exe (Microsoft Corporation)
.hlp [@ = hlpfile] -- C:\Windows\winhlp32.exe (Microsoft Corporation)
[HKEY_CURRENT_USER\SOFTWARE\Classes\<extension>]
.html [@ = ChromeHTML] -- Reg Error: Key error. File not found
========== Shell Spawning ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
hlpfile [open] -- %SystemRoot%\winhlp32.exe %1 (Microsoft Corporation)
htmlfile [edit] -- "C:\Program Files\Microsoft Office\Office12\msohtmed.exe" %1 (Microsoft Corporation)
htmlfile [print] -- "C:\Program Files\Microsoft Office\Office12\msohtmed.exe" /p %1 (Microsoft Corporation)
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l (Microsoft Corporation)
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [AddToPlaylistVLC] -- "C:\Program Files\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" ()
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [OneNote.Open] -- C:\PROGRA~1\MI1933~1\Office12\ONENOTE.EXE "%L" (Microsoft Corporation)
Directory [PlayWithVLC] -- "C:\Program Files\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" ()
Folder [open] -- %SystemRoot%\Explorer.exe /separate,/idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /separate,/e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
========== Security Center Settings ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0
"VistaSp1" = Reg Error: Unknown registry data type -- File not found
"VistaSp2" = Reg Error: Unknown registry data type -- File not found
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"EnableFirewall" = 0
"DisableNotifications" = 0
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall" = 0
"DisableNotifications" = 0
"DoNotAllowExceptions" = 0
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"EnableFirewall" = 0
"DisableNotifications" = 0
"DoNotAllowExceptions" = 0
========== Authorized Applications List ==========
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]
"C:\Program Files\Hewlett-Packard\HP Easy Printer Care\HPPRun.exe" = C:\Program Files\Hewlett-Packard\HP Easy Printer Care\HPPRun.exe:*:Enabled:HP Easy Printer Care HPPRun -- (Hewlett-Packard Company)
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
"C:\Program Files\Hewlett-Packard\HP Easy Printer Care\HPPRun.exe" = C:\Program Files\Hewlett-Packard\HP Easy Printer Care\HPPRun.exe:*:Enabled:HP Easy Printer Care HPPRun -- (Hewlett-Packard Company)
========== Vista Active Open Ports Exception List ==========
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{02168D5F-1DC9-408B-BBD6-15413069EFA8}" = rport=445 | protocol=6 | dir=out | app=system |
"{0464E10E-9F0D-4C18-8AED-BB7D30D33295}" = lport=67 | protocol=17 | dir=in | svc=sharedaccess | app=%systemroot%\system32\svchost.exe |
"{0E81316A-381F-494C-93A4-561BD85FB197}" = lport=2869 | protocol=6 | dir=in | app=system |
"{172D11D5-1705-494D-AF2F-9DD6CBDBB0F6}" = lport=68 | protocol=17 | dir=in | svc=sharedaccess | app=%systemroot%\system32\svchost.exe |
"{19D52958-82A0-49E5-A7D0-5B0ABB4D9BD5}" = lport=rpc | protocol=6 | dir=in | svc=spooler | app=%systemroot%\system32\spoolsv.exe |
"{28E32F2C-D2AD-4BC3-8FB3-9F27D0B971D7}" = lport=5353 | protocol=6 | dir=in | name=adobe csi cs4 |
"{2D24BB1B-45DA-427F-8BB2-57038C6114AE}" = rport=137 | protocol=17 | dir=out | app=system |
"{43A7A43F-31CC-44BD-9190-A147717D727B}" = lport=445 | protocol=6 | dir=in | app=system |
"{4467E1F4-D580-482A-AD64-6C31BDEE2163}" = lport=547 | protocol=17 | dir=in | svc=sharedaccess | app=%systemroot%\system32\svchost.exe |
"{44B23C6B-9857-49B0-AF14-FABE73F70E65}" = lport=990 | protocol=6 | dir=in | svc=rapimgr | app=%systemroot%\system32\svchost.exe |
"{5CE1EF13-5AE1-4751-876B-1A2F15748B5F}" = lport=53 | protocol=17 | dir=in | svc=sharedaccess | app=%systemroot%\system32\svchost.exe |
"{667DD89B-11A7-46E1-ADEB-5647AC6A23B6}" = rport=2869 | protocol=6 | dir=out | app=system |
"{7D00B4AD-588A-436A-8B79-12425B3025ED}" = lport=139 | protocol=6 | dir=in | app=system |
"{8AC15729-7F19-4013-BC6E-CBD771A9C5CA}" = lport=138 | protocol=17 | dir=in | app=system |
"{9BA93F8A-CCC4-49D1-848B-083B31C9057A}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{A45B16B4-13E0-45BE-8886-8FC3DEEC727C}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{AC02AB76-1ED9-43E3-B54A-D05C0949B809}" = lport=2869 | protocol=6 | dir=in | app=system |
"{BB8FE194-C28E-4616-B216-DA7AB125E757}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=svchost.exe |
"{C88EB213-E944-4371-91CB-CD3AFBB441D6}" = lport=6004 | protocol=17 | dir=in | app=c:\program files\microsoft office\office12\outlook.exe |
"{D2E63D72-AF82-42DC-A99B-3E929AECE6FF}" = rport=138 | protocol=17 | dir=out | app=system |
"{E79498D0-5688-47EF-8A90-E78CADFE044B}" = lport=137 | protocol=17 | dir=in | app=system |
"{F2976C8C-31C5-43A9-AB63-5E416C3D1562}" = rport=5679 | protocol=17 | dir=out | svc=rapimgr | app=%systemroot%\system32\svchost.exe |
"{FBB36426-C494-4349-9A18-F4FB5AD91145}" = rport=139 | protocol=6 | dir=out | app=system |
"{FF648C95-EC9A-4D63-8B34-494CB8154996}" = lport=rpc-epmap | protocol=6 | dir=in | svc=rpcss | name=@firewallapi.dll,-28539 |
========== Vista Active Application Exception List ==========
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{01AC2F64-5D2B-43A2-8A8D-F188B82B8684}" = protocol=6 | dir=out | svc=upnphost | app=%systemroot%\system32\svchost.exe |
"{30451BD9-D97D-4783-B545-B378C7C1D123}" = dir=in | app=c:\program files\avg\avg9\avgupd.exe |
"{34892347-89EC-4492-A5CB-13B4D6EAB500}" = protocol=17 | dir=in | app=c:\program files\common files\adobe\cs4servicemanager\cs4servicemanager.exe |
"{3781E172-913C-4380-BD13-5DF4406867EA}" = protocol=6 | dir=in | app=c:\users\...\appdata\roaming\dropbox\bin\dropbox.exe |
"{53A739D7-8D65-4C43-9DEC-6CCC64A91FAB}" = protocol=6 | dir=in | app=c:\program files\skype\plugin manager\skypepm.exe |
"{53C52AFB-F1D4-4EC0-8730-8C57038872AD}" = protocol=17 | dir=in | app=c:\users\...\appdata\roaming\dropbox\bin\dropbox.exe |
"{584F6F98-699B-48A2-9F49-83475C0A1541}" = protocol=6 | dir=in | app=c:\program files\vmware\vmware player\vmware-authd.exe |
"{607C771A-D8A7-4B37-A112-E5F4BA17BABB}" = protocol=6 | dir=in | app=c:\telekom austria\breitband-internet-installation\mobile installer\aonflex.exe |
"{632A4D40-C00F-4303-91DB-D9B4515E8C84}" = protocol=17 | dir=in | app=c:\program files\microsoft office\office12\groove.exe |
"{7676A308-FB78-4549-9DFB-354BB0A30091}" = protocol=17 | dir=in | app=c:\program files\yahoo!\messenger\yahoomessenger.exe |
"{7C96DCDD-7757-490D-BD18-180933C7CCD7}" = protocol=17 | dir=in | app=c:\telekom austria\breitband-internet-installation\fixnet installer\installer.exe |
"{87F4EB7E-BE7A-4293-AB0F-A86DFD346F62}" = protocol=58 | dir=out | name=@firewallapi.dll,-28546 |
"{88F7227B-A3B5-422C-BA2B-A0A31DD261D8}" = dir=in | app=c:\program files\avg\avg9\avgnsx.exe |
"{8FCF42BB-913C-4422-9D0D-996090DAC2C7}" = protocol=1 | dir=out | name=@firewallapi.dll,-28544 |
"{A9F54F06-59A7-444E-AAF4-408015763EF1}" = protocol=6 | dir=in | app=c:\program files\yahoo!\messenger\yahoomessenger.exe |
"{AB3ED201-5268-442D-8BFD-7E60A6C1DEA4}" = protocol=17 | dir=in | app=c:\program files\skype\plugin manager\skypepm.exe |
"{ACEEE00B-AC72-46C5-BFEA-DABDB7BAAEB1}" = protocol=6 | dir=in | app=c:\program files\telekom austria\controller\aoncontroller.exe |
"{ADDD1838-02E6-45C4-AC41-355D4A10D5D8}" = protocol=1 | dir=in | name=@firewallapi.dll,-28543 |
"{B27FA6D3-3038-461F-9ECF-5FADF77DD9A9}" = protocol=6 | dir=in | app=c:\telekom austria\breitband-internet-installation\mobile installer\aonflex.exe |
"{B318B44C-8ED2-4605-86DE-C4FCD22DDE26}" = protocol=17 | dir=in | app=c:\telekom austria\breitband-internet-installation\mobile installer\aonflex.exe |
"{B4627B79-C182-40D6-8732-D5C312B1E212}" = protocol=6 | dir=in | app=c:\program files\smartftp client\smartftp.exe |
"{B6CD22B0-FE51-45AF-8E98-5B7966D6CBB3}" = protocol=17 | dir=in | app=c:\program files\vmware\vmware player\vmware-authd.exe |
"{B89F642D-C486-417D-8981-D38DCE5A4E39}" = dir=in | app=c:\program files\windows live\messenger\msnmsgr.exe |
"{BD702586-2602-41BA-9060-F06CB7EDCFCB}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{BE29A264-0900-4C94-AB3B-F39194970FE1}" = protocol=58 | dir=in | name=@firewallapi.dll,-28545 |
"{C096EE1C-A3F1-4D20-8444-DC4141757F94}" = protocol=17 | dir=in | app=c:\program files\telekom austria\controller\aoncontroller.exe |
"{C12856A5-7417-49F5-972C-8A2B86FB98D9}" = protocol=6 | dir=in | app=c:\program files\microsoft office\office12\onenote.exe |
"{C2C8BD06-42B6-4622-842F-E31F45AB7186}" = protocol=6 | dir=in | app=c:\program files\thomson\st330\service\st330service.exe |
"{C51D4761-FFB8-47DB-BF27-3D33145202F8}" = dir=in | app=c:\program files\windows live\sync\windowslivesync.exe |
"{CDFDF482-E6B0-40AF-A619-FB7E6ECD0224}" = protocol=6 | dir=in | app=c:\telekom austria\breitband-internet-installation\fixnet installer\installer.exe |
"{CEBEC542-2BF4-48FD-91C2-144E5F855B8A}" = protocol=17 | dir=in | app=c:\telekom austria\breitband-internet-installation\fixnet installer\installer.exe |
"{D3A3E2F6-7AE3-450B-9BC6-28BA19B4132F}" = protocol=6 | dir=in | app=c:\telekom austria\breitband-internet-installation\fixnet installer\installer.exe |
"{D86D8F7E-7B40-433E-AB88-361868A24AEB}" = protocol=17 | dir=in | app=c:\program files\smartftp client\smartftp.exe |
"{DBF4062A-88C9-48DB-A819-A943B62A3B30}" = protocol=6 | dir=in | app=c:\program files\microsoft office\office12\groove.exe |
"{DF198FCE-DE7A-4E43-87E9-4ADAE4FD4B7B}" = protocol=17 | dir=in | app=c:\program files\microsoft office\office12\onenote.exe |
"{E6679578-0068-473D-9C2C-F8FED87E4E93}" = dir=out | svc=sharedaccess | app=%systemroot%\system32\svchost.exe |
"{EA39AEAC-1D3C-43BC-A50D-6368CD89E4D6}" = protocol=17 | dir=in | app=c:\program files\thomson\st330\service\st330service.exe |
"{EE1C4241-E327-4DC7-823C-212678265277}" = protocol=58 | dir=in | name=@hnetcfg.dll,-148 |
"{F5DBFCAF-39AA-406A-8285-766B50A9690C}" = protocol=6 | dir=in | app=c:\program files\common files\adobe\cs4servicemanager\cs4servicemanager.exe |
"{F80AA40A-ECAA-4503-9A9D-A9225D33CF3D}" = protocol=17 | dir=in | app=c:\telekom austria\breitband-internet-installation\mobile installer\aonflex.exe |
========== HKEY_LOCAL_MACHINE Uninstall List ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{003BFBBD-6C67-419E-A24D-0DCAFC3A5249}" = tools-freebsd
"{00BADC8E-0A5A-1C41-A4C2-ADE2B26B78EF}" = CCC Help German
"{020CF65F-700F-4E55-AFB7-97024584A2B3}" = Komponenten der Ereigniskommunikation
"{052FDD78-A6EA-3187-8386-C82F4CA3A929}" = Microsoft .NET Framework 3.5 Language Pack SP1 - deu
"{098727E1-775A-4450-B573-3F441F1CA243}" = kuler
"{13515135-48BB-4184-8C1F-2FAE0138E200}" = TBS WMP Plug-in
"{1A655D51-1423-48A3-B748-8F5A0BE294C8}" = Microsoft Visual J# .NET Redistributable Package 1.1
"{1C86E05B-0668-4516-B93C-01703702C59E}" = Sun Java (TM) Wireless Toolkit 2.5.2_01 for CLDC
"{1E307673-A877-89FF-78DC-14EE9B90E36D}" = ATI Catalyst Install Manager
"{1ED31028-6D65-4CFD-AD03-8E484A052FE7}" = aonUpdate
"{205C6BDD-7B73-42DE-8505-9A093F35A238}" = Windows Live-Uploadtool
"{22B775E7-6C42-4FC5-8E10-9A5E3257BD94}" = MSVCRT
"{26A24AE4-039D-4CA4-87B4-2F83216014FF}" = Java(TM) 6 Update 14
"{2750B389-A2D2-4953-99CA-27C1F2A8E6FD}" = Microsoft SQL Server 2005 Tools Express Edition
"{2A0EDB2D-F27C-DFDD-C17C-F2E4B05F503D}" = CCC Help French
"{2AFFFDD7-ED85-4A90-8C52-5DA9EBDC9B8F}" = Microsoft SQL Server 2005 Express Edition (SENT4EXPRESS)
"{2BA722D1-48D1-406E-9123-8AE5431D63EF}" = Windows Live Fotogalerie
"{2DBB5E61-275B-46DB-8DB5-1629294B4A2F}" = S60 3rd Edition FP1 SDK for Symbian OS
"{321F2647-25B9-2909-E2F4-AC2770A358B9}" = Catalyst Control Center Graphics Full New
"{32A3A4F4-B792-11D6-A78A-00B0D0160140}" = Java(TM) SE Development Kit 6 Update 14
"{3429F980-7C10-BF80-84C0-06ACF39900CD}" = ccc-utility
"{35ED8B97-897C-4BD1-AEAE-6FD3404BA082}" = Ovi Desktop Sync Engine
"{383A2E3F-A462-1C60-7627-EFA7D3B140E7}" = CCC Help Finnish
"{398ED33A-6B97-9909-B91F-7A3ADEF08BEE}" = CCC Help Norwegian
"{39D0E034-1042-4905-BECB-5502909FCB7C}" = Microsoft Works
"{39F6E2B4-CFE8-C30A-66E8-489651F0F34C}" = Adobe Media Player
"{3A4E8896-C2E7-4084-A4A4-B8FD1894E739}" = Adobe XMP Panels CS4
"{3A567E16-3E64-39BB-0C07-8083E81D56F0}" = CCC Help Spanish
"{3B4E636E-9D65-4D67-BA61-189800823F52}" = Windows Live Communications Platform
"{3C3D696B-0DB7-3C6D-A356-3DB8CE541918}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729
"{40BF1E83-20EB-11D8-97C5-0009C5020658}" = CyberLink Power2Go
"{4150FD38-D474-4F31-A28D-C12B883EAEB1}" = S60 3rd Edition SDK for Symbian OS, Feature Pack 2 v1.1
"{41915A51-6F92-4F0E-87C4-8178785B96CC}" = HP Printer Settings Tools
"{41E654A9-26D0-4EAC-854B-0FA824FFFABB}" = Windows Live Messenger
"{43509E18-076E-40FE-AF38-CA5ED400A5A9}" = Pixel Bender Toolkit
"{437220AC-2A97-8338-E012-74B8DF30E9DA}" = Catalyst Control Center InstallProxy
"{4767A89A-F6A5-41B1-903C-734483739882}" = Highspeed-Internet-Installation
"{481C9A00-91AC-4065-870C-BD4E28186E5A}" = PC Connectivity Solution
"{49782B2F-49AE-423D-85D6-4EE7019CEA13}" = HP Easy Printer Care
"{4E1CD3D5-D4EE-4246-AE24-F0FD5A60390D}" = OviMPlatform
"{519EDA51-1048-2879-8005-5EF3F3EE4A99}" = CCC Help Japanese
"{5235D305-3A25-35E0-C8F4-0D07325B5449}" = CCC Help Italian
"{5383EF8A-150E-4EAB-2C1D-C3135DE70368}" = Catalyst Control Center Core Implementation
"{53F5C3EE-05ED-4830-994B-50B2F0D50FCE}" = Microsoft SQL Server Setup Support Files (English)
"{5aa47dba-b584-4d47-a626-76e53fc2987d}" = JavaFX(TM) 1.2 SDK
"{5EE7D259-D137-4438-9A5F-42F432EC0421}" = VC80CRTRedist - 8.0.50727.4053
"{5FC68772-6D56-41C6-9DF1-24E868198AE6}" = Windows Live Call
"{65DA2EC9-0642-47E9-AAE2-B5267AA14D75}" = Activation Assistant for the 2007 Microsoft Office suites
"{6B7FB3C4-E71B-478D-9E15-5AE97EAD67B8}" = aonFTP
"{6D3245B1-8DB8-4A23-9CD2-2C90F40ABAF6}" = MSVC80_x86_v2
"{7527CD9F-894E-47B3-9AFB-3E680E007051}" = HP Proactive Services
"{7533F0BC-DE32-4AE1-97D2-D58703B76D7D}" = SmartFTP Client
"{76618402-179D-4699-A66B-D351C59436BC}" = Windows Live Sync
"{7B63B2922B174135AFC0E1377DD81EC2}" = DivX Codec
"{81D4C4D1-881B-4E66-87A1-5DBD509E5981}" = NOKIA Plug-In Installer (C:\S60\devices\S60_3rd_FP2_SDK_v1.1)
"{837b34e3-7c30-493c-8f6a-2b0f04e2912c}" = Microsoft Visual C++ 2005 Redistributable
"{83E2CFA9-E0EB-4E08-9F85-43E577FF3D60}" = Windows Live Anmelde-Assistent
"{842B4B72-9E8F-4962-B3C1-1C422A5C4434}" = Suite Shared Configuration CS4
"{849EF876-F6A3-B14F-7FBE-35264E4D84A0}" = Catalyst Control Center Graphics Previews Vista
"{8527C3D5-BA1D-46E9-88D2-AF25544311A3}" = USB PC CAMERA 211
"{8833FFB6-5B0C-4764-81AA-06DFEED9A476}" = Realtek 8169, 8168, 8101E and 8102E Ethernet Network Card Driver for Windows Vista
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{8ADFC4160D694100B5B8A22DE9DCABD9}" = DivX Player
"{90120000-0015-0407-0000-0000000FF1CE}" = Microsoft Office Access MUI (German) 2007
"{90120000-0016-0407-0000-0000000FF1CE}" = Microsoft Office Excel MUI (German) 2007
"{90120000-0018-0407-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (German) 2007
"{90120000-0019-0407-0000-0000000FF1CE}" = Microsoft Office Publisher MUI (German) 2007
"{90120000-001A-0407-0000-0000000FF1CE}" = Microsoft Office Outlook MUI (German) 2007
"{90120000-001B-0407-0000-0000000FF1CE}" = Microsoft Office Word MUI (German) 2007
"{90120000-001F-0407-0000-0000000FF1CE}" = Microsoft Office Proof (German) 2007
"{90120000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2007
"{90120000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2007
"{90120000-001F-0410-0000-0000000FF1CE}" = Microsoft Office Proof (Italian) 2007
"{90120000-0020-0407-0000-0000000FF1CE}" = Compatibility Pack für 2007 Office System
"{90120000-002C-0407-0000-0000000FF1CE}" = Microsoft Office Proofing (German) 2007
"{90120000-0030-0000-0000-0000000FF1CE}" = Microsoft Office Enterprise 2007
"{90120000-0044-0407-0000-0000000FF1CE}" = Microsoft Office InfoPath MUI (German) 2007
"{90120000-006E-0407-0000-0000000FF1CE}" = Microsoft Office Shared MUI (German) 2007
"{90120000-00A1-0407-0000-0000000FF1CE}" = Microsoft Office OneNote MUI (German) 2007
"{90120000-00B2-0407-0000-0000000FF1CE}" = Microsoft – Speichern als PDF oder XPS – Add-In für 2007 Microsoft Office-Programme
"{90120000-00BA-0407-0000-0000000FF1CE}" = Microsoft Office Groove MUI (German) 2007
"{904B64C4-49D8-4941-A2B6-D13D06C5CD8B}" = Controller
"{926C96FB-9D0A-4504-8000-C6D3A4A3118E}" = Java DB 10.4.2.1
"{927AA2A2-7631-4EA2-A1F9-252D27B9D0A2}" = Nokia Ovi Suite
"{95120000-00B9-0409-0000-0000000FF1CE}" = Microsoft Application Error Reporting
"{951B84FD-DAC6-4A49-AB86-1B09DEBECDFC}" = Carbide.c++ v2.0_1 (C:\Apps\Nokia\Carbide.c++ v2.0_1)
"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
"{9C19FFB1-25FC-43FC-AC78-919E5E2A6DD0}" = TortoiseSVN 1.6.6.17493 (32 bit)
"{9FF070B4-7A62-FEB7-2673-68A58166C9D5}" = Catalyst Control Center Localization All
"{A17DAE5C-E7A2-4A72-888E-3B4F94DD46F4}" = Sentinel Visualizer 4
"{A1E98303-102A-46FB-A2D0-3838C3F64DF2}" = Komponenten der Kernkommunikation
"{A429C2AE-EBF1-4F81-A221-1C115CAADDAD}" = QuickTime
"{A53A11EA-0095-493F-86FA-A15E8A86A405}" = VMware Player
"{A589DA26-51BD-475D-8C32-E19E34145842}" = Camtasia Studio 6
"{AC76BA86-7AD7-1031-7B44-A91000000001}" = Adobe Reader 9.1.2 - Deutsch
"{AC76BA86-7AD7-5464-3428-900000000004}" = Spelling Dictionaries Support For Adobe Reader 9
"{AC76BA86-7AD7-5670-0000-900000000003}" = Korean Fonts Support For Adobe Reader 9
"{AD976243-75CB-4A2B-809F-8C9EC4292377}" = Mobiles Internet für unterwegs
"{AF111648-99A1-453E-81DD-80DBBF6DAD0D}" = MSVC90_x86
"{AFAC4AF7-C3E4-4E15-8118-18CD0896DF3B}" = MySQL Server 5.1
"{B08D262E-D902-11D5-9C28-0080C85A0C2D}" = ScanWizard 5
"{B13A7C41581B411290FBC0395694E2A9}" = DivX Converter
"{B29AD377-CC12-490A-A480-1452337C618D}" = Connect
"{B4092C6D-E886-4CB2-BA68-FE5A88D31DE6}_is1" = Spybot - Search & Destroy
"{B7050CBDB2504B34BC2A9CA0A692CC29}" = DivX Plus Web Player
"{B80954EE-5CA9-4202-BB8C-0DC3E332F47F}" = Native Instruments Kontakt 3
"{B9C9DB4C-6D77-4AE9-AD1C-C708C23239A0}" = Nokia Connectivity Cable Driver
"{BA63348B-143D-4CAC-A355-3879402ED781}" = Nokia Ovi Suite Software Updater
"{BAC80EF3-E106-4AEA-8C57-F217F9BC7358}" = Microsoft SQL Server 2005 Compact Edition [DEU]
"{C0A8F64F-36C8-489F-B813-90D60B541D1E}" = Komponenten der Gerätedatenkommunikation
"{C4D738F7-996A-4C81-B8FA-C4E26D767E41}" = Windows Live Mail
"{C59C179C-668D-49A9-B6EA-0121CCFC1243}" = CyberLink LabelPrint
"{C8FD5BC1-92EF-4C15-92A9-F9AC7F61985F}" = HP Update
"{CA3D6234-7F8D-424D-B681-3C70E6052CC5}" = Power Suite 5
"{CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}" = Microsoft .NET Framework 1.1
"{CC75AB5C-2110-4A7F-AF52-708680D22FE8}" = Photoshop Camera Raw
"{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1
"{D048A3AD-31D3-44A5-9D12-C4ADD3253B00}" = ActivePerl 5.6.1 Build 638
"{D102611A-6466-4101-A51D-51069303AC65}" = tools-linux
"{D103C4BA-F905-437A-8049-DB24763BBE36}" = Skype™ 4.1
"{D3742F82-1C1A-4DCC-ABBD-0E7C3C0185CC}" = TuneUp Utilities
"{D4C9692E-4EFA-4DA0-8B7F-9439466D9E31}" = Full Tilt Poker
"{D5842AC3-59C7-4DDD-BB33-54FE544DB3DA}" = Komponenten der Betriebssystemkommunikation
"{DC507BF5-66C7-B876-F564-0E60CB91D0DF}" = Catalyst Control Center Graphics Full Existing
"{DCB39D37-F1EC-EC0B-AC38-F3ECC9B5F55D}" = CCC Help Swedish
"{DED53B0B-B67C-4244-AE6A-D6FD3C28D1EF}" = Ad-Aware
"{E0A4805D-280A-4DD7-9E74-3A5F85E302A1}" = Windows Live Writer
"{E1CEE7F9-90EF-19B9-75DE-8F8F2AA18131}" = Catalyst Control Center Graphics Light
"{E2DFE069-083E-4631-9B6C-43C48E991DE5}" = Junk Mail filter update
"{E3D04529-6EDB-11D8-A372-0050BAE317E1}" = CyberLink PowerDVD Copy
"{E5DF3476-26A4-A39E-52E1-33FFD2D7FEED}" = CCC Help Danish
"{E67038A6-1745-BFC1-65D5-01D833D8E932}" = ccc-core-static
"{E70E7159-93B1-470D-9FBD-D8E9EF34B538}" = Steinberg HALionOne
"{E7F088E0-6B7F-896B-4337-FC1617514152}" = CCC Help English
"{E9F44C98-B8B6-480F-AF7B-E42A0A46F4E3}" = Microsoft SQL Server VSS Writer
"{EBD522D7-6F90-4CB1-A955-ED38C90F5923}" = NOKIA Plug-In Installer (C:\Symbian\9.2\S60_3rd_FP1\)
"{ECB904FE-CB4D-40A4-A884-E278410F0CE1}" = HP Printer Usage Report
"{EF3D2EED-053B-9A14-B270-B62FB987EBC5}" = CCC Help Dutch
"{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}" = Microsoft SQL Server 2005 Compact Edition [ENU]
"{F0E12BBA-AD66-4022-A453-A1C8A0C4D570}" = Microsoft Choice Guard
"{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver
"{F333A33D-125C-32A2-8DCE-5C5D14231E27}" = Visual C++ 2008 x86 Runtime - (v9.0.30729)
"{F333A33D-125C-32A2-8DCE-5C5D14231E27}.vc_x86runtime_30729_01" = Visual C++ 2008 x86 Runtime - v9.0.30729.01
"{F428D0FB-765D-40EB-BDD8-A1E7F5C597FA}" = Update Manager
"{F7B0E599-C114-4493-BC4D-D8FC7CBBABBB}" = 32 Bit HP CIO Components Installer
"{F8FF18EE-264A-43FD-B2F6-5EAD40798C2F}" = Windows Live Essentials
"{F98A9659-65D5-856C-A163-1304D8355F72}" = Skins
"{F9B3DD02-B0B3-42E9-8650-030DFF0D133D}" = Microsoft SQL Server Native Client
"{FD9E03B5-AEEA-4D59-B512-6CE4AA0281D4}" = Byki
"{FE3997D3-6B56-4AC4-A99C-9DDFC45359BF}" = TuneUp Utilities Language Pack (en-US)
"{FF66E9F6-83E7-3A3E-AF14-8DE9A809A6A4}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022
"504244733D18C8F63FF584AEB290E3904E791693" = Windows-Treiberpaket - Nokia pccsmcfd (08/22/2008 7.0.0.0)
"Activation Assistant for the 2007 Microsoft Office suites" = Activation Assistant for the 2007 Microsoft Office suites
"Ad-Aware" = Ad-Aware
"Adobe AIR" = Adobe AIR
"Adobe Flash Player ActiveX" = Adobe Flash Player 10 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 10 Plugin
"Adobe Shockwave Player" = Adobe Shockwave Player 11.5
"Adobe_b2d6abde968e6f277ddbfd501383e02" = Adobe Creative Suite 4 Master Collection
"Amazon MP3 Downloader" = Amazon MP3 Downloader 1.0.5
"aonFTP" = aonFTP
"aonUpdate" = aonUpdate
"ASIO4ALL" = ASIO4ALL
"Aspell6-Dictionary-de" = Aspell 0.6 Dictionary (Language: de)
"Aspell6-Dictionary-en" = Aspell 0.6 Dictionary (Language: en)
"Audio Recorder for FREE_is1" = Audio Recorder for FREE 2009 v12.6.1
"Autobahn" = MLB.TV NexDef Plug-in
"AVConverter" = AVConverter 1.0
"AVG9Uninstall" = AVG Free 9.0
"AXE 3.4" = AXE 3.4
"BSPlayer1" = BSPlayer
"Byki Express" = Byki Express
"Cakewalk Dimension Pro_is1" = Dimension Pro
"com.adobe.amp.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1" = Adobe Media Player
"Controller" = Controller
"CSL Arm Toolchain (arm-symbianelf)_is1" = CSL ARM Toolchain (arm-symbianelf) 2005-Q1C
"dBpoweramp Music Converter" = dBpoweramp Music Converter
"DivX Plus DirectShow Filters" = DivX Plus DirectShow Filters
"doxygen_is1" = doxygen 1.6.2
"ENTERPRISE" = Microsoft Office Enterprise 2007
"Free Audio CD Burner_is1" = Free Audio CD Burner version 1.2
"Free Mp3 Wma Converter_is1" = Free Mp3 Wma Converter V 1.8.0
"Free YouTube to MP3 Converter_is1" = Free YouTube to MP3 Converter version 3.2
"Highspeed-Internet-Installation" = Highspeed-Internet-Installation
"HijackThis" = HijackThis 2.0.2
"HitmanPro35" = Hitman Pro 3.5
"HP Easy Printer Care" = HP Easy Printer Care
"ID3EDIT En" = ID3 Lyrics Editor
"IL Download Manager" = IL Download Manager
"InstallShield_{13515135-48BB-4184-8C1F-2FAE0138E200}" = TBS WMP Plug-in
"InstallShield_{40BF1E83-20EB-11D8-97C5-0009C5020658}" = CyberLink Power2Go
"InstallShield_{A17DAE5C-E7A2-4A72-888E-3B4F94DD46F4}" = Sentinel Visualizer 4
"InstallShield_{C59C179C-668D-49A9-B6EA-0121CCFC1243}" = CyberLink LabelPrint
"Java Media Framework 2.1.1e" = Java Media Framework 2.1.1e
"Java MP3 PlugIn" = Java MP3 PlugIn
"KLiteCodecPack_is1" = K-Lite Codec Pack 4.9.5 (Basic)
"Malwarebytes' Anti-Malware_is1" = Malwarebytes' Anti-Malware
"Microsoft .NET Framework 1.1 (1033)" = Microsoft .NET Framework 1.1
"Microsoft .NET Framework 3.5 Language Pack SP1 - deu" = Microsoft .NET Framework 3.5 Language Pack SP1 - DEU
"Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1
"Microsoft SQL Server 2005" = Microsoft SQL Server 2005
"Mobiles Internet für unterwegs" = Mobiles Internet für unterwegs
"MozBackup" = MozBackup 1.4.9
"Mozilla Firefox (3.6.3)" = Mozilla Firefox (3.6.3)
"Mozilla Thunderbird (2.0.0.22)" = Mozilla Thunderbird (2.0.0.22)
"MSYS-1.0_is1" = "Minimal SYStem 1.0.10"
"nbi-glassfish-mod-sun-3.0.0.28.20090708" = Sun GlassFish Enterprise Server v3 Prelude
"nbi-nb-base-6.7.1.0.0" = NetBeans IDE 6.7.1
"nbi-sjsas-2.1.60.20090309.0" = Sun GlassFish Enterprise Server v2.1
"Nokia Maps Updater_is1" = Nokia Maps Updater 1.0.12
"Nokia Ovi Suite" = Nokia Ovi Suite
"Notepad++" = Notepad++
"PC Tools Firewall Plus" = PC Tools Firewall Plus 6.0
"PoiZone" = PoiZone
"Power Sound Editor Free" = Power Sound Editor Free
"PSP 84 1.5.3 32bit" = PSP 84 1.5.3 32bit
"Qt for Symbian 4.6.0 - C:_Qt_4.6.0" = Qt for Symbian 4.6.0
"Sandboxie" = Sandboxie 3.38
"Sawer" = Sawer
"SmartFTP Client 4.0 Setup Files" = SmartFTP Client 4.0 Setup Files (remove only)
"SopCast" = SopCast 3.2.4
"SpeedTouch 330" = SpeedTouch 330
"TeXnicCenter_is1" = TeXnicCenter Version 1.0 Stable RC1
"The Blocklist Manager_is1" = BLM 2.6.5
"TuneUp Utilities" = TuneUp Utilities
"TVAnts 1.0" = TVAnts 1.0
"TVUPlayer" = TVUPlayer 2.4.9.1
"Uninstall_is1" = Uninstall 1.0.0.1
"Veetle TV" = Veetle TV 0.9.15
"VLC media player" = VLC media player 1.0.0
"VMware_Player" = VMware Player
"Winamp" = Winamp
"WinGimp-2.0_is1" = GIMP 2.6.8
"WinLiveSuite_Wave3" = Windows Live Essentials
"WinRAR archiver" = WinRAR
"XMind" = XMind
"Yahoo! Messenger" = Yahoo! Messenger
"Yahoo! Software Update" = Yahoo! Software Update
========== HKEY_CURRENT_USER Uninstall List ==========
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"309a46b1dc89b774" = Dell Driver Download Manager
"92e5834c8a3ea3c6" = bDule
"ArgoUML Latest Stable Release (0.28.1)" = ArgoUML Latest Stable Release (0.28.1)
"Aspell" = Aspell Data (Installed for Current User)
"BusyPainter Demo" = BusyPainter Demo
"Dropbox" = Dropbox
"Google Chrome" = Google Chrome
"JFreeChart 1.0.13 Demo" = JFreeChart 1.0.13 Demo
"JFXBuilder1" = JFXBuilder1
"LyX" = LyX 1.6.4-1 (Installed for Current User)
"OnlineFestplatte" = aon Online Festplatte (entfernen)
"QIP 2005" = QIP 2005 8095
"SwingX Demo" = SwingX Demo
========== Last 10 Event Log Errors ==========
[ Application Events ]
Error - 13.03.2010 09:10:25 | Computer Name = ...-PC | Source = Windows Search Service | ID = 3013
Description =
Error - 13.03.2010 09:10:25 | Computer Name = ...-PC | Source = Windows Search Service | ID = 3013
Description =
Error - 13.03.2010 10:06:44 | Computer Name = ...-PC | Source = Windows Search Service | ID = 3013
Description =
Error - 13.03.2010 11:27:06 | Computer Name = ...-PC | Source = WinMgmt | ID = 10
Description =
Error - 13.03.2010 18:20:46 | Computer Name = ...-PC | Source = WinMgmt | ID = 10
Description =
Error - 13.03.2010 19:08:04 | Computer Name = ...-PC | Source = SideBySide | ID = 16842785
Description = Fehler beim Generieren des Aktivierungskontextes für "C:\Program Files\VMware\VMware
Player\vssSnapVista64.exe". Die abhängige Assemblierung "Microsoft.VC80.CRT,processorArchitecture="amd64",publicKeyToken="1fc8b3b9a1e18e3b",type="win32",version="8.0.50727.762""
konnte nicht gefunden werden. Verwenden Sie für eine detaillierte Diagnose das Programm
"sxstrace.exe".
Error - 14.03.2010 05:36:10 | Computer Name = ...-PC | Source = WinMgmt | ID = 10
Description =
Error - 14.03.2010 05:47:42 | Computer Name = ...-PC | Source = WinMgmt | ID = 10
Description =
Error - 14.03.2010 05:52:45 | Computer Name = ...-PC | Source = VSS | ID = 8194
Description =
Error - 14.03.2010 05:55:02 | Computer Name = ...-PC | Source = VSS | ID = 8194
Description =
[ Media Center Events ]
Error - 27.10.2009 11:48:36 | Computer Name = ...-PC | Source = Media Center Guide | ID = 0
Description = Ereignisinformationen: ERROR: SqmApiWrapper.SqmFlushSession failed;
Win32 GetLastError returned 0D Prozess: DefaultDomain Objektname: Media Center Guide
[ OSession Events ]
Error - 17.10.2009 18:59:50 | Computer Name = ...-PC | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 3, Application Name: Microsoft Office PowerPoint, Application
Version: 12.0.4518.1014, Microsoft Office Version: 12.0.6425.1000. This session
lasted 2829 seconds with 360 seconds of active time. This session ended with a
crash.
[ System Events ]
Error - 07.05.2010 00:33:12 | Computer Name = ...-PC | Source = DCOM | ID = 10010
Description =
Error - 07.05.2010 05:27:52 | Computer Name = ...-PC | Source = Print | ID = 19
Description = Der Druckspooler konnte den Drucker HP Deskjet D2300 series nicht
unter dem Namen HP Deskjet D2300 series freigeben. Fehler: 2114. Der Drucker kann
nicht von anderen Benutzern im Netzwerk verwendet werden.
Error - 07.05.2010 05:27:52 | Computer Name = ...-PC | Source = Print | ID = 19
Description = Der Druckspooler konnte den Drucker An OneNote 2007 senden nicht unter
dem Namen An OneNote 2007 senden freigeben. Fehler: 2114. Der Drucker kann nicht
von anderen Benutzern im Netzwerk verwendet werden.
Error - 07.05.2010 05:28:29 | Computer Name = ...-PC | Source = Service Control Manager | ID = 7000
Description =
Error - 07.05.2010 05:28:38 | Computer Name = ...-PC | Source = ipnathlp | ID = 30013
Description = Die DHCP-Zuweisung wurde für IP-Adresse 10.0.0.23 deaktiviert, da
die IP-Adresse außerhalb des Bereichs 192.168.0.0/255.255.255.0 liegt, von der die
Adressen DHCP-Clients zu gewiesen werden. Ändern Sie den Bereich, sodass die IP-Adresse
mit einbezogen wird, oder ändern Sie die IP-Adresse, sodass sie innerhalb dieses
Bereichs liegt, um die DHCP-Zuweisung zu aktivieren.
Error - 07.05.2010 05:48:57 | Computer Name = ...-PC | Source = DCOM | ID = 10010
Description =
Error - 07.05.2010 11:22:40 | Computer Name = ...-PC | Source = Print | ID = 19
Description = Der Druckspooler konnte den Drucker HP Deskjet D2300 series nicht
unter dem Namen HP Deskjet D2300 series freigeben. Fehler: 2114. Der Drucker kann
nicht von anderen Benutzern im Netzwerk verwendet werden.
Error - 07.05.2010 11:22:40 | Computer Name = ...-PC | Source = Print | ID = 19
Description = Der Druckspooler konnte den Drucker An OneNote 2007 senden nicht unter
dem Namen An OneNote 2007 senden freigeben. Fehler: 2114. Der Drucker kann nicht
von anderen Benutzern im Netzwerk verwendet werden.
Error - 07.05.2010 11:23:13 | Computer Name = ...-PC | Source = Service Control Manager | ID = 7000
Description =
Error - 07.05.2010 11:23:21 | Computer Name = ...-PC | Source = ipnathlp | ID = 30013
Description = Die DHCP-Zuweisung wurde für IP-Adresse 10.0.0.23 deaktiviert, da
die IP-Adresse außerhalb des Bereichs 192.168.0.0/255.255.255.0 liegt, von der die
Adressen DHCP-Clients zu gewiesen werden. Ändern Sie den Bereich, sodass die IP-Adresse
mit einbezogen wird, oder ändern Sie die IP-Adresse, sodass sie innerhalb dieses
Bereichs liegt, um die DHCP-Zuweisung zu aktivieren.
< End of report >
Ich habe einen Blick über die Files geworfen und frage mich ob dieser Prozess böswillig ist? PRC - C:\Windows\StiD1690.exe () Ich hoffe das Problem ist nicht allzu gravierend. Danke im Vorraus! LG, Networx |
|
07.05.2010, 21:10
| #5 |
| /// Winkelfunktion /// TB-Süch-Tiger™ | Windows/Browser Probleme Postest Du auch die vorherigen Logs von Malwarebytes da wurde ja was entfernt- will ich sehen!
__________________ Logfiles bitte immer in CODE-Tags posten  |
|
07.05.2010, 21:33
| #6 |
| | Windows/Browser Probleme Hallo, hier die letzte Suche mit einem Fund: Code:
ATTFilter Malwarebytes' Anti-Malware 1.46
www.malwarebytes.org
Datenbank Version: 4052
Windows 6.0.6002 Service Pack 2
Internet Explorer 7.0.6002.18005
30.04.2010 23:57:11
mbam-log-2010-04-30 (23-57-11).txt
Art des Suchlaufs: Quick-Scan
Durchsuchte Objekte: 132775
Laufzeit: 5 Minute(n), 59 Sekunde(n)
Infizierte Speicherprozesse: 0
Infizierte Speichermodule: 0
Infizierte Registrierungsschlüssel: 3
Infizierte Registrierungswerte: 1
Infizierte Dateiobjekte der Registrierung: 0
Infizierte Verzeichnisse: 6
Infizierte Dateien: 10
Infizierte Speicherprozesse:
(Keine bösartigen Objekte gefunden)
Infizierte Speichermodule:
(Keine bösartigen Objekte gefunden)
Infizierte Registrierungsschlüssel:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\zwunzi (Adware.Zwunzi) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Zwunzi (Adware.Zwunzi) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\zwunzi service (Adware.Zwunzi) -> Quarantined and deleted successfully.
Infizierte Registrierungswerte:
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\gotnewupdate.exe (Malware.Packer.Gen) -> Quarantined and deleted successfully.
Infizierte Dateiobjekte der Registrierung:
(Keine bösartigen Objekte gefunden)
Infizierte Verzeichnisse:
C:\ProgramData\Zwunzi (Adware.Zwunzi) -> Quarantined and deleted successfully.
C:\Program Files\Zwunzi (Adware.Zwunzi) -> Quarantined and deleted successfully.
C:\Program Files\Mozilla Firefox\extensions\{F270F1AF-34D6-41CB-A9F5-8200EF7DB41F} (Adware.Zwunzi) -> Quarantined and deleted successfully.
C:\Program Files\Mozilla Firefox\extensions\{F270F1AF-34D6-41CB-A9F5-8200EF7DB41F}\chrome (Adware.Zwunzi) -> Quarantined and deleted successfully.
C:\Program Files\Mozilla Firefox\extensions\{F270F1AF-34D6-41CB-A9F5-8200EF7DB41F}\defaults (Adware.Zwunzi) -> Quarantined and deleted successfully.
C:\Program Files\Mozilla Firefox\extensions\{F270F1AF-34D6-41CB-A9F5-8200EF7DB41F}\defaults\preferences (Adware.Zwunzi) -> Quarantined and deleted successfully.
Infizierte Dateien:
C:\Users\...\AppData\Roaming\8628B0CE530DF8231493C970831E54D3\gotnewupdate.exe (Malware.Packer.Gen) -> Quarantined and deleted successfully.
C:\Windows\Temp\9D7D.tmp (Rootkit.Dropper) -> Delete on reboot.
C:\Program Files\Zwunzi\uninstall.exe (Adware.Zwunzi) -> Quarantined and deleted successfully.
C:\Program Files\Mozilla Firefox\extensions\{F270F1AF-34D6-41CB-A9F5-8200EF7DB41F}\chrome.manifest (Adware.Zwunzi) -> Quarantined and deleted successfully.
C:\Program Files\Mozilla Firefox\extensions\{F270F1AF-34D6-41CB-A9F5-8200EF7DB41F}\install.rdf (Adware.Zwunzi) -> Quarantined and deleted successfully.
C:\Program Files\Mozilla Firefox\extensions\{F270F1AF-34D6-41CB-A9F5-8200EF7DB41F}\chrome\zwunzi.jar (Adware.Zwunzi) -> Quarantined and deleted successfully.
C:\Program Files\Mozilla Firefox\extensions\{F270F1AF-34D6-41CB-A9F5-8200EF7DB41F}\defaults\preferences\prefs.js (Adware.Zwunzi) -> Quarantined and deleted successfully.
C:\Users\...\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Antimalware Doctor.lnk (Rogue.AntimalwareDoctor) -> Quarantined and deleted successfully.
C:\Users\...\Desktop\Antimalware Doctor.lnk (Rogue.AntimalwareDoctor) -> Quarantined and deleted successfully.
C:\Users\...\AppData\Roaming\Microsoft\Windows\Start Menu\Antimalware Doctor.lnk (Rogue.AntimalwareDoctor) -> Quarantined and deleted successfully.
|
|
07.05.2010, 21:48
| #7 |
| /// Winkelfunktion /// TB-Süch-Tiger™ | Windows/Browser Probleme Beende alle Programme, starte OTL und kopiere folgenden Text in die "Custom Scan/Fixes" Box (unten in OTL): (das ":OTL" muss mitkopiert werden!!!) Außerdem musst Du den unkenntlichen gemachten Benutzernamen wieder in Deinen richtigen verwandeln, sonst funktioniert das Script nicht!! Code:
ATTFilter :OTL
PRC - C:\Windows\StiD1690.exe ()
O4 - HKLM..\Run: [Waiting1690] C:\Windows\StiD1690.exe ()
O4 - HKCU..\Run: [] File not found
O33 - MountPoints2\{00ea35e0-7532-11de-a6dd-000000000000}\Shell - "" = AutoRun
O33 - MountPoints2\{00ea35e0-7532-11de-a6dd-000000000000}\Shell\AutoRun\command - "" = J:\lernkurs.exe -- File not found
O33 - MountPoints2\{6ae2a5ab-7628-11de-8df5-000000000000}\Shell\AutoRun\command - "" = K:\hc3hvi0.exe -- File not found
O33 - MountPoints2\{6ae2a5ab-7628-11de-8df5-000000000000}\Shell\open\Command - "" = K:\hc3hvi0.exe -- File not found
[2010.04.30 18:13:36 | 000,000,000 | ---D | C] -- C:\Users\...\AppData\Roaming\8628B0CE530DF8231493C970831E54D3
[2010.05.07 17:22:28 | 000,003,744 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0
[2010.05.07 17:22:28 | 000,003,744 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0
[2010.04.24 04:00:31 | 000,000,005 | ---- | M] () -- C:\Windows\ikaoilfk.ini
:Commands
[purity]
[resethosts]
[emptytemp]
Das Logfile müsste geöffnet werden, wenn Du nach dem Fixen auf ok klickst, poste das bitte. Evtl. wird der Rechner neu gestartet.
__________________ Logfiles bitte immer in CODE-Tags posten |
|
07.05.2010, 22:10
| #8 |
| | Windows/Browser Probleme Danke für das Skript und die Anweisungen! Hier das Log File: Code:
ATTFilter All processes killed
========== OTL ==========
No active process named StiD1690.exe was found!
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\\Waiting1690 deleted successfully.
C:\Windows\StiD1690.exe moved successfully.
Registry value HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run\\ deleted successfully.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{00ea35e0-7532-11de-a6dd-000000000000}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{00ea35e0-7532-11de-a6dd-000000000000}\ not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{00ea35e0-7532-11de-a6dd-000000000000}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{00ea35e0-7532-11de-a6dd-000000000000}\ not found.
File J:\lernkurs.exe not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{6ae2a5ab-7628-11de-8df5-000000000000}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{6ae2a5ab-7628-11de-8df5-000000000000}\ not found.
File K:\hc3hvi0.exe not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{6ae2a5ab-7628-11de-8df5-000000000000}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{6ae2a5ab-7628-11de-8df5-000000000000}\ not found.
File K:\hc3hvi0.exe not found.
C:\Users\...\AppData\Roaming\8628B0CE530DF8231493C970831E54D3 folder moved successfully.
File move failed. C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0 scheduled to be moved on reboot.
File move failed. C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0 scheduled to be moved on reboot.
C:\Windows\ikaoilfk.ini moved successfully.
========== COMMANDS ==========
C:\Windows\System32\drivers\etc\Hosts moved successfully.
HOSTS file reset successfully
[EMPTYTEMP]
User: All Users
User: ...
->Temp folder emptied: 223304724 bytes
->Temporary Internet Files folder emptied: 40812801 bytes
->Java cache emptied: 55194550 bytes
->FireFox cache emptied: 95644839 bytes
->Google Chrome cache emptied: 121553358 bytes
->Flash cache emptied: 128731 bytes
User: Default
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
->Flash cache emptied: 83 bytes
User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
->Flash cache emptied: 0 bytes
User: Public
%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 0 bytes
%systemroot%\System32 .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 279440 bytes
Windows Temp folder emptied: 75510 bytes
Error loading Shell32.dll! Cannot empty RecycleBin.
RecycleBin emptied: 15199067702 bytes
Total Files Cleaned = 15.007,00 mb
OTL by OldTimer - Version 3.2.4.1 log created on 05072010_230020
Files\Folders moved on Reboot...
File move failed. C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0 scheduled to be moved on reboot.
File move failed. C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0 scheduled to be moved on reboot.
C:\Windows\temp\vmware-SYSTEM\vmware-usbarb-SYSTEM-4280.log moved successfully.
Registry entries deleted on Reboot...
Also war jetzt StiD1690.exe etwas verdächtiges? Danke und LG, Networx |
|
07.05.2010, 22:17
| #9 | |
| /// Winkelfunktion /// TB-Süch-Tiger™ | Windows/Browser ProblemeZitat:
Und lad die ZIP bei uns hoch => http://www.trojaner-board.de/54791-a...ner-board.html
__________________ Logfiles bitte immer in CODE-Tags posten |
|
07.05.2010, 22:24
| #10 |
| | Windows/Browser Probleme Aso, ok. Hab den gezippten Ordner hochgeladen. Danke, LG, Networx |
|
07.05.2010, 22:36
| #11 |
| /// Winkelfunktion /// TB-Süch-Tiger™ | Windows/Browser Probleme Die Datei scheint ok zu sein: => https://www.virustotal.com/de/analis...036-1271931517 copyright....: Copyright (C) 2007 product......: AStiDog Application description..: AStiDog Application original name: AStiDog1690.exe internal name: AStiDog1690
__________________ Logfiles bitte immer in CODE-Tags posten |
|
07.05.2010, 23:00
| #12 |
| | Windows/Browser Probleme Danke! Nur woran könnten sonst meine Probleme liegen? LG, Networx |
|
07.05.2010, 23:09
| #13 |
| /// Winkelfunktion /// TB-Süch-Tiger™ | Windows/Browser Probleme Mach nen Durchgang mit CF: ComboFix Ein Leitfaden und Tutorium zur Nutzung von ComboFix
Combofix darf ausschließlich ausgeführt werden, wenn ein Kompetenzler dies ausdrücklich empfohlen hat!
__________________ Logfiles bitte immer in CODE-Tags posten |
|
| Themen zu Windows/Browser Probleme |
| 5 minuten, ad-aware, antimaleware, antimaleware doctor, avg free, browser, computer, ebay, einstellungen, google, google chrome, hotspot, hotspot shield, internet, internet explorer, logfile, mozilla, plug-in, problem, proxy, realtek, rundll, safer networking, scan, security, senden, software, system, thomson, usb, viren, virenquarantäne, virus, virus gefunden, vista, werbung, windows |
Linear-Darstellung
