Zurück   Trojaner-Board > Malware entfernen > Log-Analyse und Auswertung
Hijack zur Überprüfung nach Entfernung von AV Security

Hijack zur Überprüfung nach Entfernung von AV Security


Log-Analyse und Auswertung: Hijack zur Überprüfung nach Entfernung von AV Security

Windows 7 Wenn Du Dir einen Trojaner eingefangen hast oder ständig Viren Warnungen bekommst, kannst Du hier die Logs unserer Diagnose Tools zwecks Auswertung durch unsere Experten posten. Um Viren und Trojaner entfernen zu können, muss das infizierte System zuerst untersucht werden: Erste Schritte zur Hilfe. Beachte dass ein infiziertes System nicht vertrauenswürdig ist und bis zur vollständigen Entfernung der Malware nicht verwendet werden sollte.XML.

Antwort
Seite 2 von 2 1 2
Alt 20.06.2010, 15:51   #16
castol
 
Hijack zur Überprüfung nach Entfernung von AV Security - Standard

Hijack zur Überprüfung nach Entfernung von AV Security


Ok...

OTL.txt:

OTL Logfile:
Code:
ATTFilter
OTL logfile created on: 20.06.2010 16:46:51 - Run 1
OTL by OldTimer - Version 3.2.6.0     Folder = C:\Users\Carsten u. Jessi\Desktop
Windows Vista Home Premium Edition Service Pack 1 (Version = 6.0.6001) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18928)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
 
3,00 Gb Total Physical Memory | 2,00 Gb Available Physical Memory | 52,00% Memory free
6,00 Gb Paging File | 5,00 Gb Available in Paging File | 78,00% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 71,88 Gb Total Space | 33,32 Gb Free Space | 46,35% Space Free | Partition Type: NTFS
Drive D: | 75,55 Gb Total Space | 56,17 Gb Free Space | 74,34% Space Free | Partition Type: NTFS
Drive E: | 75,44 Gb Total Space | 37,07 Gb Free Space | 49,14% Space Free | Partition Type: NTFS
F: Drive not present or media not loaded
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded
 
Computer Name: CARSTENUNDJESSI
Current User Name: Carsten u. Jessi
Logged in as Administrator.
 
Current Boot Mode: Normal
Scan Mode: Current user
Company Name Whitelist: Off
Skip Microsoft Files: Off
File Age = 30 Days
Output = Minimal
 
========== Processes (SafeList) ==========
 
PRC - C:\Users\Carsten u. Jessi\Desktop\OTL.exe (OldTimer Tools)
PRC - C:\Programme\DivX\DivX Update\DivXUpdate.exe ()
PRC - D:\Mozilla Firefox\firefox.exe (Mozilla Corporation)
PRC - C:\Programme\Lavasoft\Ad-Aware\AAWTray.exe (Lavasoft)
PRC - C:\Programme\Lavasoft\Ad-Aware\AAWService.exe (Lavasoft)
PRC - D:\Avira\AntiVir Desktop\avguard.exe (Avira GmbH)
PRC - D:\Nokia\Nokia PC Suite 7\PCSuite.exe (Nokia)
PRC - D:\Avira\AntiVir Desktop\sched.exe (Avira GmbH)
PRC - C:\Programme\PC Connectivity Solution\ServiceLayer.exe (Nokia.)
PRC - C:\Programme\PC Connectivity Solution\Transports\NclUSBSrv.exe (Nokia)
PRC - C:\Programme\PC Connectivity Solution\Transports\NclRSSrv.exe (Nokia)
PRC - D:\Avira\AntiVir Desktop\avgnt.exe (Avira GmbH)
PRC - C:\Windows\explorer.exe (Microsoft Corporation)
PRC - C:\Programme\ICQ6Toolbar\ICQ Service.exe ()
PRC - C:\Programme\Samsung\EasySpeedUpManager\EasySpeedUpManager.exe (Samsung Electronics Co., Ltd.)
PRC - C:\Programme\Samsung\Easy Display Manager\dmhkcore.exe (SAMSUNG Electronics)
PRC - C:\Programme\Samsung\Samsung Magic Doctor\MagicDoctorKbdHk.exe (Samsung Electronics Co., Ltd.)
PRC - C:\Programme\Samsung\EBM\EasyBatteryMgr3.exe (SAMSUNG Electronics co., LTD.)
PRC - C:\Programme\Intel\WiFi\bin\EvtEng.exe (Intel(R) Corporation)
PRC - C:\Programme\Common Files\Intel\WirelessCommon\RegSrvc.exe (Intel(R) Corporation)
PRC - C:\Windows\RtHDVCpl.exe (Realtek Semiconductor)
PRC - C:\Programme\WIDCOMM\Bluetooth Software\BTTray.exe (Broadcom Corporation.)
PRC - C:\Programme\Windows Media Player\wmpnetwk.exe (Microsoft Corporation)
PRC - C:\Programme\Windows Media Player\wmpnscfg.exe (Microsoft Corporation)
PRC - C:\Windows\System32\conime.exe (Microsoft Corporation)
PRC - C:\Programme\Windows Defender\MSASCui.exe (Microsoft Corporation)
PRC - C:\Programme\Windows Sidebar\sidebar.exe (Microsoft Corporation)
 
 
========== Modules (SafeList) ==========
 
MOD - C:\Users\Carsten u. Jessi\Desktop\OTL.exe (OldTimer Tools)
MOD - C:\Windows\System32\msscript.ocx (Microsoft Corporation)
MOD - C:\Windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.6001.18000_none_5cdbaa5a083979cc\comctl32.dll (Microsoft Corporation)
 
 
========== Win32 Services (SafeList) ==========
 
SRV - (Lavasoft Ad-Aware Service) -- C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe (Lavasoft)
SRV - (AntiVirService) -- D:\Avira\AntiVir Desktop\avguard.exe (Avira GmbH)
SRV - (AntiVirSchedulerService) -- D:\Avira\AntiVir Desktop\sched.exe (Avira GmbH)
SRV - (ServiceLayer) -- C:\Program Files\PC Connectivity Solution\ServiceLayer.exe (Nokia.)
SRV - (FLEXnet Licensing Service) -- C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe (Macrovision Europe Ltd.)
SRV - (ICQ Service) -- C:\Programme\ICQ6Toolbar\ICQ Service.exe ()
SRV - (EvtEng) -- C:\Programme\Intel\WiFi\bin\EvtEng.exe (Intel(R) Corporation)
SRV - (RegSrvc) -- C:\Programme\Common Files\Intel\WirelessCommon\RegSrvc.exe (Intel(R) Corporation)
SRV - (Samsung Update Plus) -- C:\Program Files\Samsung\Samsung Update Plus\SLUBackgroundService.exe ()
SRV - (WinDefend) -- C:\Programme\Windows Defender\MpSvc.dll (Microsoft Corporation)
SRV - (SQLWriter) -- C:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe (Microsoft Corporation)
 
 
========== Driver Services (SafeList) ==========
 
DRV - (avgntflt) -- C:\Windows\System32\drivers\avgntflt.sys (Avira GmbH)
DRV - (ssmdrv) -- C:\Windows\System32\drivers\ssmdrv.sys (Avira GmbH)
DRV - (avipbb) -- C:\Windows\System32\drivers\avipbb.sys (Avira GmbH)
DRV - (Lbd) -- C:\Windows\system32\DRIVERS\Lbd.sys (Lavasoft AB)
DRV - (nmwcdnsu) -- C:\Windows\System32\drivers\nmwcdnsu.sys (Nokia)
DRV - (nmwcdnsuc) -- C:\Windows\System32\drivers\nmwcdnsuc.sys (Nokia)
DRV - (sptd) -- C:\Windows\System32\Drivers\sptd.sys ()
DRV - (avgio) -- D:\Avira\AntiVir Desktop\avgio.sys (Avira GmbH)
DRV - (UsbserFilt) -- C:\Windows\System32\drivers\usbser_lowerfltj.sys (Nokia)
DRV - (upperdev) -- C:\Windows\System32\drivers\usbser_lowerflt.sys (Nokia)
DRV - (nmwcdc) -- C:\Windows\System32\drivers\ccdcmbo.sys (Nokia)
DRV - (nmwcd) -- C:\Windows\System32\drivers\ccdcmb.sys (Nokia)
DRV - (pccsmcfd) -- C:\Windows\System32\drivers\pccsmcfd.sys (Nokia)
DRV - (NVHDA) -- C:\Windows\System32\drivers\nvhda32v.sys (NVIDIA Corporation)
DRV - (nvlddmkm) -- C:\Windows\System32\drivers\nvlddmkm.sys (NVIDIA Corporation)
DRV - (iaStor) -- C:\Windows\system32\DRIVERS\iaStor.sys (Intel Corporation)
DRV - (VMC302) -- C:\Windows\System32\drivers\vmc302.sys (Vimicro Corporation)
DRV - (VMC326) -- C:\Windows\System32\VMC326.ax (vimicro)
DRV - (athr) -- C:\Windows\System32\drivers\athr.sys (Atheros Communications, Inc.)
DRV - (IntcAzAudAddService) Service for Realtek HD Audio (WDM) -- C:\Windows\System32\drivers\RTKVHDA.sys (Realtek Semiconductor Corp.)
DRV - (btwaudio) -- C:\Windows\System32\drivers\btwaudio.sys (Broadcom Corporation.)
DRV - (MegaSR) -- C:\Windows\system32\drivers\megasr.sys (LSI Corporation, Inc.)
DRV - (adpu320) -- C:\Windows\system32\drivers\adpu320.sys (Adaptec, Inc.)
DRV - (megasas) -- C:\Windows\system32\drivers\megasas.sys (LSI Corporation)
DRV - (adpu160m) -- C:\Windows\system32\drivers\adpu160m.sys (Adaptec, Inc.)
DRV - (SiSRaid4) -- C:\Windows\system32\drivers\sisraid4.sys (Silicon Integrated Systems)
DRV - (HpCISSs) -- C:\Windows\system32\drivers\hpcisss.sys (Hewlett-Packard Company)
DRV - (adpahci) -- C:\Windows\system32\drivers\adpahci.sys (Adaptec, Inc.)
DRV - (LSI_SAS) -- C:\Windows\system32\drivers\lsi_sas.sys (LSI Logic)
DRV - (ql2300) -- C:\Windows\system32\drivers\ql2300.sys (QLogic Corporation)
DRV - (E1G60) Intel(R) -- C:\Windows\System32\drivers\E1G60I32.sys (Intel Corporation)
DRV - (arcsas) -- C:\Windows\system32\drivers\arcsas.sys (Adaptec, Inc.)
DRV - (iaStorV) -- C:\Windows\system32\drivers\iastorv.sys (Intel Corporation)
DRV - (vsmraid) -- C:\Windows\system32\drivers\vsmraid.sys (VIA Technologies Inc.,Ltd)
DRV - (ulsata2) -- C:\Windows\system32\drivers\ulsata2.sys (Promise Technology, Inc.)
DRV - (LSI_SCSI) -- C:\Windows\system32\drivers\lsi_scsi.sys (LSI Logic)
DRV - (LSI_FC) -- C:\Windows\system32\drivers\lsi_fc.sys (LSI Logic)
DRV - (arc) -- C:\Windows\system32\drivers\arc.sys (Adaptec, Inc.)
DRV - (elxstor) -- C:\Windows\system32\drivers\elxstor.sys (Emulex)
DRV - (adp94xx) -- C:\Windows\system32\drivers\adp94xx.sys (Adaptec, Inc.)
DRV - (nvraid) -- C:\Windows\system32\drivers\nvraid.sys (NVIDIA Corporation)
DRV - (nvstor) -- C:\Windows\system32\drivers\nvstor.sys (NVIDIA Corporation)
DRV - (NETw3v32) Intel(R) -- C:\Windows\System32\drivers\NETw3v32.sys (Intel Corporation)
DRV - (uliahci) -- C:\Windows\system32\drivers\uliahci.sys (ULi Electronics Inc.)
DRV - (viaide) -- C:\Windows\system32\drivers\viaide.sys (VIA Technologies, Inc.)
DRV - (cmdide) -- C:\Windows\system32\drivers\cmdide.sys (CMD Technology, Inc.)
DRV - (aliide) -- C:\Windows\system32\drivers\aliide.sys (Acer Laboratories Inc.)
DRV - (yukonwlh) -- C:\Windows\System32\drivers\yk60x86.sys (Marvell)
DRV - (SynTP) -- C:\Windows\System32\drivers\SynTP.sys (Synaptics, Inc.)
DRV - (btwrchid) -- C:\Windows\System32\drivers\btwrchid.sys (Broadcom Corporation.)
DRV - (btwavdt) -- C:\Windows\System32\drivers\btwavdt.sys (Broadcom Corporation.)
DRV - (KMDFMEMIO) -- C:\Windows\System32\drivers\KMDFMEMIO.sys (SAMSUNG ELECTRONICS CO., LTD.)
DRV - (AgereSoftModem) -- C:\Windows\System32\drivers\AGRSM.sys (Agere Systems)
DRV - (ql40xx) -- C:\Windows\system32\drivers\ql40xx.sys (QLogic Corporation)
DRV - (UlSata) -- C:\Windows\system32\drivers\ulsata.sys (Promise Technology, Inc.)
DRV - (nfrd960) -- C:\Windows\system32\drivers\nfrd960.sys (IBM Corporation)
DRV - (iirsp) -- C:\Windows\system32\drivers\iirsp.sys (Intel Corp./ICP vortex GmbH)
DRV - (aic78xx) -- C:\Windows\system32\drivers\djsvs.sys (Adaptec, Inc.)
DRV - (iteraid) -- C:\Windows\system32\drivers\iteraid.sys (Integrated Technology Express, Inc.)
DRV - (iteatapi) -- C:\Windows\system32\drivers\iteatapi.sys (Integrated Technology Express, Inc.)
DRV - (Symc8xx) -- C:\Windows\system32\drivers\symc8xx.sys (LSI Logic)
DRV - (Sym_u3) -- C:\Windows\system32\drivers\sym_u3.sys (LSI Logic)
DRV - (Mraid35x) -- C:\Windows\system32\drivers\mraid35x.sys (LSI Logic Corporation)
DRV - (Sym_hi) -- C:\Windows\system32\drivers\sym_hi.sys (LSI Logic)
DRV - (Brserid) Brother MFC Serial Port Interface Driver (WDM) -- C:\Windows\system32\drivers\brserid.sys (Brother Industries Ltd.)
DRV - (BrUsbSer) -- C:\Windows\system32\drivers\brusbser.sys (Brother Industries Ltd.)
DRV - (BrFiltUp) -- C:\Windows\system32\drivers\brfiltup.sys (Brother Industries, Ltd.)
DRV - (BrFiltLo) -- C:\Windows\system32\drivers\brfiltlo.sys (Brother Industries, Ltd.)
DRV - (BrSerWdm) -- C:\Windows\system32\drivers\brserwdm.sys (Brother Industries Ltd.)
DRV - (BrUsbMdm) -- C:\Windows\system32\drivers\brusbmdm.sys (Brother Industries Ltd.)
DRV - (ntrigdigi) -- C:\Windows\system32\drivers\ntrigdigi.sys (N-trig Innovative Technologies)
DRV - (bcm4sbxp) -- C:\Windows\System32\drivers\bcm4sbxp.sys (Broadcom Corporation)
DRV - (ialm) -- C:\Windows\System32\drivers\igdkmd32.sys (Intel Corporation)
 
 
========== Standard Registry (SafeList) ==========
 
 
========== Internet Explorer ==========
 
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http:\\www.samsungcomputer.com
 
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http:\\www.samsungcomputer.com
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://start.icq.com/
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,StartPageCache = 1
IE - HKCU\..\URLSearchHook:  - Reg Error: Key error. File not found
IE - HKCU\..\URLSearchHook: {855F3B16-6D32-4fe6-8A56-BBB695989046} - C:\Programme\ICQ6Toolbar\ICQToolBar.dll (ICQ)
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = <local>
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyServer" = http=127.0.0.1:5555
 
========== FireFox ==========
 
FF - prefs.js..browser.search.defaultenginename: "ICQ Search"
FF - prefs.js..browser.search.param.yahoo-fr: "chr-greentree_ff&type=302398"
FF - prefs.js..browser.search.selectedEngine: "ICQ Search"
FF - prefs.js..browser.search.update: false
FF - prefs.js..browser.startup.homepage: "hxxp://www.google.de/"
FF - prefs.js..extensions.enabledItems: firefox@tvunetworks.com:2
FF - prefs.js..extensions.enabledItems: 5
FF - prefs.js..extensions.enabledItems: 2
FF - prefs.js..extensions.enabledItems: 2
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}:6.0.20
FF - prefs.js..keyword.URL: "hxxp://search.icq.com/search/afe_results.php?ch_id=afex&q="
FF - prefs.js..network.proxy.type: 4
 
FF - HKLM\software\mozilla\Firefox\Extensions\\bkmrksync@nokia.com: D:\Nokia\Nokia PC Suite 7\bkmrksync\ [2009.08.02 09:42:36 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.6.3\extensions\\Components: d:\Mozilla Firefox\components [2010.04.14 17:18:27 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.6.3\extensions\\Plugins: d:\Mozilla Firefox\plugins [2010.06.20 09:30:22 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Thunderbird 2.0.0.24\extensions\\Components: D:\Mozilla Thunderbird\components [2010.04.01 19:12:02 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Thunderbird 2.0.0.24\extensions\\Plugins: D:\Mozilla Thunderbird\plugins [2010.05.27 21:07:07 | 000,000,000 | ---D | M]
 
[2009.03.11 17:04:04 | 000,000,000 | ---D | M] -- C:\Users\Carsten u. Jessi\AppData\Roaming\mozilla\Extensions
[2010.06.20 09:31:02 | 000,000,000 | ---D | M] -- C:\Users\Carsten u. Jessi\AppData\Roaming\mozilla\Firefox\Profiles\hk1wbmnq.default\extensions
[2009.06.25 19:28:57 | 000,000,000 | ---D | M] (Microsoft .NET Framework Assistant) -- C:\Users\Carsten u. Jessi\AppData\Roaming\mozilla\Firefox\Profiles\hk1wbmnq.default\extensions\{20a82645-c095-46ed-80e3-08825760534b}
[2010.03.02 22:04:19 | 000,000,000 | ---D | M] -- C:\Users\Carsten u. Jessi\AppData\Roaming\mozilla\Firefox\Profiles\hk1wbmnq.default\extensions\firefox@tvunetworks.com
[2009.07.18 20:26:13 | 000,000,944 | ---- | M] () -- C:\Users\Carsten u. Jessi\AppData\Roaming\Mozilla\FireFox\Profiles\hk1wbmnq.default\searchplugins\icqplugin.xml
 
O1 HOSTS File: ([2006.09.18 23:41:30 | 000,000,761 | ---- | M]) - C:\Windows\System32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1       localhost
O1 - Hosts: ::1             localhost
O3 - HKLM\..\Toolbar: (ICQToolBar) - {855F3B16-6D32-4fe6-8A56-BBB695989046} - C:\Programme\ICQ6Toolbar\ICQToolBar.dll (ICQ)
O4 - HKLM..\Run: []  File not found
O4 - HKLM..\Run: [Ad-Watch] C:\Programme\Lavasoft\Ad-Aware\AAWTray.exe (Lavasoft)
O4 - HKLM..\Run: [avgnt] D:\Avira\AntiVir Desktop\avgnt.exe (Avira GmbH)
O4 - HKLM..\Run: [DivXUpdate] C:\Program Files\DivX\DivX Update\DivXUpdate.exe ()
O4 - HKLM..\Run: [LanguageShortcut] C:\Program Files\CyberLink\PowerDVD\Language\Language.exe ()
O4 - HKLM..\Run: [ Malwarebytes Anti-Malware  (reboot)] D:\Malwarebytes' Anti-Malware\mbam.exe (Malwarebytes Corporation)
O4 - HKLM..\Run: [NBKeyScan] D:\Nero\Nero8\Nero BackItUp\NBKeyScan.exe (Nero AG)
O4 - HKLM..\Run: [NvCplDaemon] C:\Windows\System32\NvCpl.DLL (NVIDIA Corporation)
O4 - HKLM..\Run: [NvMediaCenter] C:\Windows\System32\NvMcTray.DLL (NVIDIA Corporation)
O4 - HKLM..\Run: [NWEReboot]  File not found
O4 - HKLM..\Run: [RoxWatchTray] C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxWatchTray9.exe (Sonic Solutions)
O4 - HKLM..\Run: [RtHDVCpl] C:\Windows\RtHDVCpl.exe (Realtek Semiconductor)
O4 - HKLM..\Run: [TkBellExe] C:\Program Files\Common Files\Real\Update_OB\realsched.exe (RealNetworks, Inc.)
O4 - HKLM..\Run: [Windows Defender] C:\Program Files\Windows Defender\MSASCui.exe (Microsoft Corporation)
O4 - HKCU..\Run: [IndxStoreSvr_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] C:\Program Files\Common Files\Nero\Lib\NMIndexStoreSvr.exe (Nero AG)
O4 - HKCU..\Run: [PC Suite Tray] D:\Nokia\Nokia PC Suite 7\PCSuite.exe (Nokia)
O4 - HKCU..\Run: [WMPNSCFG] C:\Programme\Windows Media Player\wmpnscfg.exe (Microsoft Corporation)
O8 - Extra context menu item: Nach Microsoft &Excel exportieren - D:\Microsoft Office\OFFICE11\EXCEL.EXE (Microsoft Corporation)
O9 - Extra Button: Recherchieren - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - D:\Microsoft Office\OFFICE11\REFIEBAR.DLL (Microsoft Corporation)
O9 - Extra Button: @btrez.dll,-4015 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Programme\WIDCOMM\Bluetooth Software\btsendto_ie.htm ()
O9 - Extra 'Tools' menuitem : @btrez.dll,-12650 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Programme\WIDCOMM\Bluetooth Software\btsendto_ie.htm ()
O9 - Extra Button: ICQ6 - {E59EB121-F339-4851-A3BA-FE49C35617C2} - D:\ICQ6.5\ICQ.exe (ICQ, LLC.)
O9 - Extra 'Tools' menuitem : ICQ6 - {E59EB121-F339-4851-A3BA-FE49C35617C2} - D:\ICQ6.5\ICQ.exe (ICQ, LLC.)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000008 [] - C:\Programme\Bonjour\mdnsNSP.dll (Apple Computer, Inc.)
O13 - gopher Prefix: missing
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_20-windows-i586.cab (Java Plug-in 1.6.0_20)
O16 - DPF: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_20-windows-i586.cab (Java Plug-in 1.6.0_20)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_20-windows-i586.cab (Java Plug-in 1.6.0_20)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.178.1
O18 - Protocol\Handler\http\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\http\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\https\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\https\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\msdaipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\msdaipp\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\mso-offdap {3D9F03FA-7A94-11D3-BE81-0050048385D1} - C:\Programme\Common Files\microsoft shared\Web Components\10\OWC10.DLL (Microsoft Corporation)
O18 - Protocol\Handler\mso-offdap11 {32505114-5902-49B2-880A-1F7738E5A384} - C:\Programme\Common Files\microsoft shared\Web Components\11\OWC11.DLL (Microsoft Corporation)
O18 - Protocol\Filter\text/xml {807553E5-5146-11D5-A672-00B0D022E945} - C:\Programme\Common Files\microsoft shared\OFFICE11\MSOXMLMF.DLL (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O24 - Desktop WallPaper: C:\Users\Carsten u. Jessi\AppData\Roaming\Microsoft\Windows Photo Gallery\Hintergrundbild der Windows-Fotogalerie.jpg
O24 - Desktop BackupWallPaper: C:\Users\Carsten u. Jessi\AppData\Roaming\Microsoft\Windows Photo Gallery\Hintergrundbild der Windows-Fotogalerie.jpg
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2006.09.18 23:43:36 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]
O34 - HKLM BootExecute: (autocheck autochk *) -  File not found
O34 - HKLM BootExecute: (lsdelete) - C:\Windows\System32\lsdelete.exe ()
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
 
========== Files/Folders - Created Within 30 Days ==========
 
[2010.06.20 16:46:05 | 000,572,416 | ---- | C] (OldTimer Tools) -- C:\Users\Carsten u. Jessi\Desktop\OTL.exe
[2010.06.20 15:01:21 | 000,472,064 | ---- | C] ( ) -- C:\Users\Carsten u. Jessi\Desktop\RootRepeal.exe
[2010.06.20 14:12:08 | 000,000,000 | ---D | C] -- C:\Windows\System32\EventProviders
[2010.06.20 13:55:54 | 000,000,000 | ---D | C] -- C:\Programme\ESET
[2010.06.20 13:47:12 | 000,000,000 | -HSD | C] -- C:\Config.Msi
[2010.06.20 13:47:01 | 028,534,656 | ---- | C] (                                   ) -- C:\Users\Carsten u. Jessi\Desktop\AdbeRdr930_de_DE.exe
[2010.06.20 13:44:22 | 000,401,720 | ---- | C] (Trend Micro Inc.) -- C:\Users\Carsten u. Jessi\Desktop\HiJackThis.exe
[2010.06.20 09:51:14 | 000,000,000 | ---D | C] -- C:\Programme\trend micro
[2010.06.20 09:51:14 | 000,000,000 | ---D | C] -- C:\rsit
[2010.06.20 09:31:19 | 001,638,912 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mshtml.tlb
[2010.06.20 09:31:19 | 000,611,840 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mstime.dll
[2010.06.20 09:31:18 | 000,599,040 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msfeeds.dll
[2010.06.20 09:31:18 | 000,184,320 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\iepeers.dll
[2010.06.20 09:31:18 | 000,164,352 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ieui.dll
[2010.06.20 09:31:18 | 000,055,296 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msfeedsbs.dll
[2010.06.20 09:31:18 | 000,025,600 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\jsproxy.dll
[2010.06.20 09:31:17 | 000,387,584 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\iedkcs32.dll
[2010.06.20 09:31:17 | 000,071,680 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\iesetup.dll
[2010.06.20 09:31:17 | 000,055,808 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\iernonce.dll
[2010.06.20 09:31:16 | 000,173,056 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ie4uinit.exe
[2010.06.20 09:31:16 | 000,133,632 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ieUnatt.exe
[2010.06.20 09:31:16 | 000,109,056 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\iesysprep.dll
[2010.06.20 09:31:16 | 000,013,312 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msfeedssync.exe
[2010.06.20 09:31:15 | 001,469,440 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\inetcpl.cpl
[2010.06.20 09:30:52 | 000,000,000 | ---D | C] -- C:\ProgramData\Sun
[2010.06.20 09:30:51 | 000,000,000 | ---D | C] -- C:\Programme\Common Files\Java
[2010.06.20 09:30:22 | 000,411,368 | ---- | C] (Sun Microsystems, Inc.) -- C:\Windows\System32\deployJava1.dll
[2010.06.20 09:30:22 | 000,153,376 | ---- | C] (Sun Microsystems, Inc.) -- C:\Windows\System32\javaws.exe
[2010.06.20 09:30:22 | 000,145,184 | ---- | C] (Sun Microsystems, Inc.) -- C:\Windows\System32\javaw.exe
[2010.06.20 09:30:22 | 000,145,184 | ---- | C] (Sun Microsystems, Inc.) -- C:\Windows\System32\java.exe
[2010.06.20 09:29:04 | 000,156,160 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msls31.dll
[2010.06.20 09:29:04 | 000,072,704 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\admparse.dll
[2010.06.20 09:29:04 | 000,048,128 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mshtmler.dll
[2010.06.20 09:29:04 | 000,018,944 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\corpol.dll
[2010.06.20 09:29:03 | 000,348,160 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\dxtmsft.dll
[2010.06.20 09:29:03 | 000,216,064 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\dxtrans.dll
[2010.06.20 09:29:03 | 000,125,952 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ieakeng.dll
[2010.06.20 09:29:03 | 000,034,816 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\imgutil.dll
[2010.06.20 09:29:02 | 000,229,376 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ieaksie.dll
[2010.06.20 09:29:02 | 000,208,384 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\WinFXDocObj.exe
[2010.06.20 09:29:02 | 000,193,536 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msrating.dll
[2010.06.20 09:29:02 | 000,163,840 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ieakui.dll
[2010.06.20 09:29:02 | 000,094,720 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\inseng.dll
[2010.06.20 09:29:02 | 000,066,560 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\wextract.exe
[2010.06.20 09:29:02 | 000,043,008 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\licmgr10.dll
[2010.06.20 09:29:01 | 000,726,528 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\jscript.dll
[2010.06.20 09:29:01 | 000,445,952 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ieapfltr.dll
[2010.06.20 09:29:01 | 000,420,352 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\vbscript.dll
[2010.06.20 09:29:01 | 000,105,984 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\url.dll
[2010.06.20 09:29:01 | 000,046,592 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\pngfilt.dll
[2010.06.20 09:29:00 | 000,385,024 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\html.iec
[2010.06.20 09:29:00 | 000,169,472 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\iexpress.exe
[2010.06.20 09:28:59 | 003,698,584 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ieapfltr.dat
[2010.06.20 09:28:59 | 000,109,568 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\PDMSetup.exe
[2010.06.20 09:28:59 | 000,107,520 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\RegisterIEPKEYs.exe
[2010.06.20 09:28:59 | 000,107,008 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\SetIEInstalledDate.exe
[2010.06.20 09:28:59 | 000,103,936 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\SetDepNx.exe
[2010.06.19 18:19:35 | 000,000,000 | ---D | C] -- C:\Users\Carsten u. Jessi\AppData\Roaming\Malwarebytes
[2010.06.19 18:18:50 | 000,038,224 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbamswissarmy.sys
[2010.06.19 18:18:49 | 000,020,952 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbam.sys
[2010.06.19 18:18:49 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes
[2010.06.19 17:16:49 | 000,000,000 | ---D | C] -- C:\Users\Carsten u. Jessi\AppData\Local\nrbikqvak
[2010.06.12 15:23:27 | 000,000,000 | ---D | C] -- C:\Programme\Common Files\DivX Shared
[2010.06.09 07:06:17 | 000,067,072 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\asycfilt.dll
[2010.06.09 07:06:15 | 000,289,792 | ---- | C] (Adobe Systems Incorporated) -- C:\Windows\System32\atmfd.dll
[2010.06.09 07:06:15 | 000,034,304 | ---- | C] (Adobe Systems) -- C:\Windows\System32\atmlib.dll
[2010.06.09 07:05:35 | 001,314,816 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\quartz.dll
[2010.06.09 07:04:15 | 002,036,224 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\win32k.sys
[2010.05.27 21:03:14 | 000,000,000 | ---D | C] -- C:\ProgramData\DivX
[2010.05.26 07:02:05 | 000,002,048 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\tzres.dll
 
========== Files - Modified Within 30 Days ==========
 
[2010.06.20 16:46:37 | 002,621,440 | -HS- | M] () -- C:\Users\Carsten u. Jessi\NTUSER.DAT
[2010.06.20 16:46:09 | 000,572,416 | ---- | M] (OldTimer Tools) -- C:\Users\Carsten u. Jessi\Desktop\OTL.exe
[2010.06.20 16:25:21 | 001,418,806 | ---- | M] () -- C:\Windows\System32\PerfStringBackup.INI
[2010.06.20 16:25:21 | 000,618,442 | ---- | M] () -- C:\Windows\System32\perfh007.dat
[2010.06.20 16:25:21 | 000,587,178 | ---- | M] () -- C:\Windows\System32\perfh009.dat
[2010.06.20 16:25:21 | 000,122,842 | ---- | M] () -- C:\Windows\System32\perfc007.dat
[2010.06.20 16:25:21 | 000,101,250 | ---- | M] () -- C:\Windows\System32\perfc009.dat
[2010.06.20 16:22:02 | 000,077,312 | ---- | M] () -- C:\Users\Carsten u. Jessi\Desktop\mbr.exe
[2010.06.20 16:21:05 | 000,327,908 | ---- | M] () -- C:\ProgramData\nvModes.001
[2010.06.20 15:44:13 | 000,004,784 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0
[2010.06.20 15:44:13 | 000,004,784 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0
[2010.06.20 15:02:19 | 000,000,000 | ---- | M] () -- C:\Users\Carsten u. Jessi\Desktop\settings.dat
[2010.06.20 15:01:25 | 000,472,064 | ---- | M] ( ) -- C:\Users\Carsten u. Jessi\Desktop\RootRepeal.exe
[2010.06.20 14:54:12 | 000,000,440 | -H-- | M] () -- C:\Windows\tasks\User_Feed_Synchronization-{68F84A87-B3CE-435E-BBC6-F28EA3C8E659}.job
[2010.06.20 14:30:49 | 000,054,016 | ---- | M] () -- C:\Windows\System32\drivers\vqsbxk.sys
[2010.06.20 13:48:59 | 028,534,656 | ---- | M] (                                   ) -- C:\Users\Carsten u. Jessi\Desktop\AdbeRdr930_de_DE.exe
[2010.06.20 13:44:23 | 000,401,720 | ---- | M] (Trend Micro Inc.) -- C:\Users\Carsten u. Jessi\Desktop\HiJackThis.exe
[2010.06.20 09:50:53 | 000,824,681 | ---- | M] () -- C:\Users\Carsten u. Jessi\Desktop\RSIT.exe
[2010.06.20 09:44:15 | 000,000,006 | -H-- | M] () -- C:\Windows\tasks\SA.DAT
[2010.06.20 09:44:12 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2010.06.20 09:43:42 | 3215,572,992 | -HS- | M] () -- C:\hiberfil.sys
[2010.06.20 09:43:06 | 000,524,288 | -HS- | M] () -- C:\Users\Carsten u. Jessi\NTUSER.DAT{3a539871-6a70-11db-887c-d362bd253390}.TMContainer00000000000000000001.regtrans-ms
[2010.06.20 09:43:06 | 000,065,536 | -HS- | M] () -- C:\Users\Carsten u. Jessi\NTUSER.DAT{3a539871-6a70-11db-887c-d362bd253390}.TM.blf
[2010.06.20 09:43:00 | 000,000,012 | ---- | M] () -- C:\Windows\bthservsdp.dat
[2010.06.20 09:42:32 | 001,889,292 | -H-- | M] () -- C:\Users\Carsten u. Jessi\AppData\Local\IconCache.db
[2010.06.20 09:41:38 | 000,001,310 | ---- | M] () -- C:\Users\Carsten u. Jessi\Documents\cc_20100620_094136.reg
[2010.06.20 09:41:19 | 000,212,262 | ---- | M] () -- C:\Users\Carsten u. Jessi\Documents\cc_20100620_094101.reg
[2010.06.19 18:11:42 | 000,000,680 | ---- | M] () -- C:\Users\Carsten u. Jessi\AppData\Local\d3d9caps.dat
[2010.06.17 20:09:15 | 000,000,474 | ---- | M] () -- C:\Windows\tasks\Ad-Aware Update (Weekly).job
[2010.06.12 13:53:19 | 000,119,296 | ---- | M] () -- C:\Users\Carsten u. Jessi\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2010.06.10 07:21:12 | 001,763,432 | ---- | M] () -- C:\Windows\System32\FNTCACHE.DAT
[2010.06.05 11:36:24 | 007,414,057 | ---- | M] () -- C:\Users\Carsten u. Jessi\Desktop\05062010054.mp4
[2010.06.04 15:39:34 | 000,349,176 | ---- | M] () -- C:\Users\Carsten u. Jessi\Desktop\04062010176.jpg
[2010.06.03 10:21:43 | 000,084,992 | ---- | M] () -- C:\Users\Carsten u. Jessi\Desktop\Taufe Enna.doc
[2010.06.03 10:07:26 | 000,014,340 | ---- | M] () -- C:\Users\Carsten u. Jessi\Desktop\taufkerze_motiv_engelkerzefliegend.jpg
[2010.06.03 09:55:15 | 000,060,467 | ---- | M] () -- C:\Users\Carsten u. Jessi\Desktop\Taufe.jpg
[2010.05.31 13:33:27 | 000,327,908 | ---- | M] () -- C:\ProgramData\nvModes.dat
[2010.05.26 18:16:50 | 000,034,304 | ---- | M] (Adobe Systems) -- C:\Windows\System32\atmlib.dll
[2010.05.26 16:25:15 | 000,289,792 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\System32\atmfd.dll
 
========== Files Created - No Company Name ==========
 
[2010.06.20 16:22:01 | 000,077,312 | ---- | C] () -- C:\Users\Carsten u. Jessi\Desktop\mbr.exe
[2010.06.20 15:02:19 | 000,000,000 | ---- | C] () -- C:\Users\Carsten u. Jessi\Desktop\settings.dat
[2010.06.20 14:30:49 | 000,054,016 | ---- | C] () -- C:\Windows\System32\drivers\vqsbxk.sys
[2010.06.20 09:50:50 | 000,824,681 | ---- | C] () -- C:\Users\Carsten u. Jessi\Desktop\RSIT.exe
[2010.06.20 09:41:37 | 000,001,310 | ---- | C] () -- C:\Users\Carsten u. Jessi\Documents\cc_20100620_094136.reg
[2010.06.20 09:41:06 | 000,212,262 | ---- | C] () -- C:\Users\Carsten u. Jessi\Documents\cc_20100620_094101.reg
[2010.06.20 09:31:17 | 000,057,667 | ---- | C] () -- C:\Windows\System32\ieuinit.inf
[2010.06.19 19:05:37 | 3215,572,992 | -HS- | C] () -- C:\hiberfil.sys
[2010.06.19 18:11:42 | 000,000,680 | ---- | C] () -- C:\Users\Carsten u. Jessi\AppData\Local\d3d9caps.dat
[2010.06.08 20:44:08 | 007,414,057 | ---- | C] () -- C:\Users\Carsten u. Jessi\Desktop\05062010054.mp4
[2010.06.04 15:38:56 | 000,349,176 | ---- | C] () -- C:\Users\Carsten u. Jessi\Desktop\04062010176.jpg
[2010.06.03 10:09:07 | 000,084,992 | ---- | C] () -- C:\Users\Carsten u. Jessi\Desktop\Taufe Enna.doc
[2010.06.03 10:00:33 | 000,014,340 | ---- | C] () -- C:\Users\Carsten u. Jessi\Desktop\taufkerze_motiv_engelkerzefliegend.jpg
[2010.06.03 09:55:15 | 000,060,467 | ---- | C] () -- C:\Users\Carsten u. Jessi\Desktop\Taufe.jpg
[2010.05.17 13:14:38 | 000,116,224 | ---- | C] () -- C:\Windows\System32\pdfcmnnt.dll
[2009.03.13 19:29:43 | 000,717,296 | ---- | C] () -- C:\Windows\System32\drivers\sptd.sys
[2009.03.11 16:27:40 | 000,000,093 | ---- | C] () -- C:\Windows\ktel.ini
[2009.03.11 16:05:43 | 000,000,025 | ---- | C] () -- C:\Windows\cdplayer.ini
[2009.03.11 15:46:44 | 000,000,400 | ---- | C] () -- C:\Windows\ODBC.INI
[2008.11.06 18:37:32 | 003,596,288 | ---- | C] () -- C:\Windows\System32\qt-dx331.dll
[2008.11.06 18:34:00 | 000,000,416 | ---- | C] () -- C:\Windows\System32\dtu100.dll.manifest
[2008.10.09 13:17:30 | 000,000,135 | R--- | C] () -- C:\Windows\System32\lngEng.ini
[2008.10.09 13:17:30 | 000,000,117 | ---- | C] () -- C:\Windows\System32\lngKor.ini
[2008.10.09 13:01:00 | 000,002,134 | ---- | C] () -- C:\Windows\HotFixList.ini
[2008.10.09 10:55:55 | 001,060,424 | ---- | C] () -- C:\Windows\System32\WdfCoInstaller01000.dll
[2006.11.02 14:35:32 | 000,005,632 | ---- | C] () -- C:\Windows\System32\sysprepMCE.dll
[2006.11.02 12:25:21 | 000,061,440 | ---- | C] () -- C:\Windows\System32\igfxTMM.dll
[2006.11.02 09:40:29 | 000,013,750 | ---- | C] () -- C:\Windows\System32\pacerprf.ini
[2003.02.20 18:53:42 | 000,005,702 | ---- | C] () -- C:\Windows\System32\OUTLPERF.INI
[2001.11.14 05:56:00 | 001,802,240 | ---- | C] () -- C:\Windows\System32\lcppn21.dll
< End of report >
--- --- ---






Extras.txt:

OTL Logfile:
Code:
ATTFilter
OTL Extras logfile created on: 20.06.2010 16:46:51 - Run 1
OTL by OldTimer - Version 3.2.6.0     Folder = C:\Users\Carsten u. Jessi\Desktop
Windows Vista Home Premium Edition Service Pack 1 (Version = 6.0.6001) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18928)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
 
3,00 Gb Total Physical Memory | 2,00 Gb Available Physical Memory | 52,00% Memory free
6,00 Gb Paging File | 5,00 Gb Available in Paging File | 78,00% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 71,88 Gb Total Space | 33,32 Gb Free Space | 46,35% Space Free | Partition Type: NTFS
Drive D: | 75,55 Gb Total Space | 56,17 Gb Free Space | 74,34% Space Free | Partition Type: NTFS
Drive E: | 75,44 Gb Total Space | 37,07 Gb Free Space | 49,14% Space Free | Partition Type: NTFS
F: Drive not present or media not loaded
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded
 
Computer Name: CARSTENUNDJESSI
Current User Name: Carsten u. Jessi
Logged in as Administrator.
 
Current Boot Mode: Normal
Scan Mode: Current user
Company Name Whitelist: Off
Skip Microsoft Files: Off
File Age = 30 Days
Output = Minimal
 
========== Extra Registry (SafeList) ==========
 
 
========== File Associations ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- C:\Windows\System32\control.exe (Microsoft Corporation)
.hlp [@ = hlpfile] -- C:\Windows\winhlp32.exe (Microsoft Corporation)
 
[HKEY_CURRENT_USER\SOFTWARE\Classes\<extension>]
.html [@ = FirefoxHTML] -- d:\Mozilla Firefox\firefox.exe (Mozilla Corporation)
 
========== Shell Spawning ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
hlpfile [open] -- %SystemRoot%\winhlp32.exe %1 (Microsoft Corporation)
htmlfile [edit] -- "D:\Microsoft Office\OFFICE11\msohtmed.exe" %1 (Microsoft Corporation)
htmlfile [print] -- "D:\Microsoft Office\OFFICE11\msohtmed.exe" /p %1 (Microsoft Corporation)
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l (Microsoft Corporation)
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe /separate,/idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /separate,/e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
 
========== Security Center Settings ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeAntiSpyware]
"DisableMonitoring" = 1
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0
"VistaSp1" = Reg Error: Unknown registry data type -- File not found
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0
 
========== Authorized Applications List ==========
 
 
========== Vista Active Open Ports Exception List ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{1B2497C2-9244-4CE8-A7C7-51FE7E92B2A5}" = rport=139 | protocol=6 | dir=out | app=system | 
"{4A2B3146-08CE-40B8-BDF4-85836A8148BB}" = rport=445 | protocol=6 | dir=out | app=system | 
"{50C73B9D-C87F-49A7-8C66-51513B24B85A}" = rport=138 | protocol=17 | dir=out | app=system | 
"{5E182C44-84CC-4D3C-BF28-EE7C73C7B247}" = lport=139 | protocol=6 | dir=in | app=system | 
"{663AC32B-516A-418A-B91D-030082CDB9ED}" = rport=137 | protocol=17 | dir=out | app=system | 
"{68121BFD-7B52-43F1-B027-08CB466590EA}" = lport=138 | protocol=17 | dir=in | app=system | 
"{7602E6F3-3FA1-4A49-95F0-B7356C6FE12A}" = lport=rpc | protocol=6 | dir=in | svc=spooler | app=%systemroot%\system32\spoolsv.exe | 
"{77F9C8D6-8731-4178-9F50-1D16ABF5BAA1}" = lport=445 | protocol=6 | dir=in | app=system | 
"{F09ACBD6-A8A7-4FE8-881F-F24D647B4812}" = lport=137 | protocol=17 | dir=in | app=system | 
"{F760D1E4-0B50-4E51-B7A6-EB686E3976EF}" = lport=rpc-epmap | protocol=6 | dir=in | svc=rpcss | name=@firewallapi.dll,-28539 | 
 
========== Vista Active Application Exception List ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{16DD030B-2D4C-4902-8F72-FC25B96B7F7F}" = protocol=17 | dir=in | app=d:\avira\antivir personaledition classic\avcenter.exe | 
"{273F1C1E-D18B-47EB-BB4E-3FD3EF88481C}" = protocol=6 | dir=in | app=d:\avira\antivir personaledition classic\avcenter.exe | 
"{39C3A882-2EDD-4D76-9299-C7CAA9486F02}" = protocol=58 | dir=out | name=@firewallapi.dll,-28546 | 
"{3E740CEA-7484-441D-A42B-E8D40E8BF3DA}" = dir=in | app=c:\program files\cyberlink\powerdirector\pdr.exe | 
"{7B942282-C231-4B4E-B8FC-FF173651B04E}" = protocol=1 | dir=out | name=@firewallapi.dll,-28544 | 
"{B48A66D2-FC0B-4F1B-A130-227C8B9BD017}" = protocol=58 | dir=in | name=@firewallapi.dll,-28545 | 
"{BA7A9EDA-9D0E-4FFC-A9E8-2FE4DA8AFBA5}" = protocol=1 | dir=in | name=@firewallapi.dll,-28543 | 
"{DA7DD00D-18C6-4240-807B-D844DB8BA9C1}" = dir=in | app=c:\program files\cyberlink\powerdvd\powerdvd.exe | 
"TCP Query User{0B62ED25-29D4-4145-AAEF-F453BF1D4210}D:\mozilla firefox\firefox.exe" = protocol=6 | dir=in | app=d:\mozilla firefox\firefox.exe | 
"TCP Query User{445E972D-6B4B-405B-B0E8-A1E9E97E3A91}D:\icq6.5\icq.exe" = protocol=6 | dir=in | app=d:\icq6.5\icq.exe | 
"TCP Query User{4B1FCD2D-1761-4BD5-AD39-181FD6BF13E0}D:\mozilla firefox\firefox.exe" = protocol=6 | dir=in | app=d:\mozilla firefox\firefox.exe | 
"TCP Query User{743BF63D-B0F1-4A15-B077-5792D07554AB}D:\counter strike\hl.exe" = protocol=6 | dir=in | app=d:\counter strike\hl.exe | 
"TCP Query User{A0B6B1C9-402F-4DF9-81D5-16603024E2D8}D:\counter strike\hl.exe" = protocol=6 | dir=in | app=d:\counter strike\hl.exe | 
"TCP Query User{D60093F3-2675-4A37-BBF4-260C2576AB4B}C:\program files\nokia\nokia software updater\nsu_ui_client.exe" = protocol=6 | dir=in | app=c:\program files\nokia\nokia software updater\nsu_ui_client.exe | 
"TCP Query User{E08EFE5C-C626-4E07-8430-1C4D6F4B8976}C:\program files\common files\nokia\service layer\a\nsl_host_process.exe" = protocol=6 | dir=in | app=c:\program files\common files\nokia\service layer\a\nsl_host_process.exe | 
"UDP Query User{0B4BAB5A-100E-4091-969E-276089C46193}D:\mozilla firefox\firefox.exe" = protocol=17 | dir=in | app=d:\mozilla firefox\firefox.exe | 
"UDP Query User{21EA179D-6F11-4618-BF78-F0EFEBC2F53A}C:\program files\nokia\nokia software updater\nsu_ui_client.exe" = protocol=17 | dir=in | app=c:\program files\nokia\nokia software updater\nsu_ui_client.exe | 
"UDP Query User{8F75ABC2-7FDE-4598-8822-292C11702548}C:\program files\common files\nokia\service layer\a\nsl_host_process.exe" = protocol=17 | dir=in | app=c:\program files\common files\nokia\service layer\a\nsl_host_process.exe | 
"UDP Query User{B280F3F5-253A-4DF3-A779-3B21A367CE45}D:\mozilla firefox\firefox.exe" = protocol=17 | dir=in | app=d:\mozilla firefox\firefox.exe | 
"UDP Query User{BC6875AD-1DD4-49F2-8212-5FD9583D60C0}D:\counter strike\hl.exe" = protocol=17 | dir=in | app=d:\counter strike\hl.exe | 
"UDP Query User{CBA623DA-344A-4380-B073-C065BB7F3BB2}D:\icq6.5\icq.exe" = protocol=17 | dir=in | app=d:\icq6.5\icq.exe | 
"UDP Query User{D7FC8B8E-0D9A-4925-9170-60CFC0F2155D}D:\counter strike\hl.exe" = protocol=17 | dir=in | app=d:\counter strike\hl.exe | 
 
========== HKEY_LOCAL_MACHINE Uninstall List ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{0001B4FD-9EA3-4D90-A79E-FD14BA3AB01D}" = PDFCreator
"{004C5DA2-2051-4D25-94BA-51CF810C91EB}" = LightScribe System Software  1.12.37.1
"{01521746-02A6-4A72-00BD-A285DF6B80C6}" = Die Sims 2: Wilde Campus-Jahre
"{03D1988F-469F-4843-8E6E-E5FE9D17889D}" = WIDCOMM Bluetooth Software 6.0.1.6300
"{04983D37-2202-4295-94A2-8B547C66133F}" = Atheros WLAN Client
"{04AF207D-9A77-465A-8B76-991F6AB66245}" = Adobe Help Viewer CS3
"{052FDD78-A6EA-3187-8386-C82F4CA3A929}" = Microsoft .NET Framework 3.5 Language Pack SP1 - deu
"{07629207-FAA0-4F1A-8092-BF5085BE511F}" = Unterstützungsdateien für das Microsoft SQL Server-Setup (Englisch)
"{08B32819-6EEF-4057-AEDA-5AB681A36A23}" = Adobe Bridge Start Meeting
"{0C973594-7DDF-4BD0-84ED-3517F7622037}" = PC Connectivity Solution
"{13B792AA-C078-43A4-8A3A-8B12D629940D}" = Counter-Strike 1.6
"{145DE957-0679-4A2A-BB5C-1D3E9808FAB2}" = Samsung Recovery Solution III
"{14AD69CE-B59F-4EC2-BC3A-DB56105F3D62}" = BlackBerry Desktop Software 4.6
"{17283B95-21A8-4996-97DA-547A48DB266F}" = Easy Display Manager
"{184CE391-7E0E-4C63-9935-D7A10EDFD3C6}" = Adobe WinSoft Linguistics Plugin
"{1FBF6C24-C1FD-4101-A42B-0C564F9E8E79}" = CyberLink DVD Suite
"{212748BB-0DA5-46DE-82A1-403736DC9F27}" = MSVC80_x86
"{26A24AE4-039D-4CA4-87B4-2F83216013FF}" = Java(TM) 6 Update 20
"{29E5EA97-5F74-4A57-B8B2-D4F169117183}" = Adobe Stock Photos CS3
"{29F05234-DCBB-4FE0-88DC-5160C9250312}" = Adobe Photoshop CS3
"{2DFB5485-A3EF-4298-9280-4AF80C9F4BE9}" = Microsoft SQL Server VSS Writer
"{32D6A58F-9659-446C-BBFC-E6F2B41F24DC}" = Samsung Magic Doctor
"{36BEAD11-8577-49AD-9250-E06A50AE87B0}" = Microsoft SOAP Toolkit 2.0 SP2
"{3D39E775-DDDA-4327-B747-0BDC5F191331}" = Nokia PC Suite
"{3FC7CBBC4C1E11DCA1A752EA55D89593}" = DivX Version Checker
"{40BF1E83-20EB-11D8-97C5-0009C5020658}" = CyberLink Power2Go
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{52D02A2B-03D2-4E34-A358-DC5D951FD296}" = Nokia Connectivity Cable Driver
"{54793AA1-5001-42F4-ABB6-C364617C6078}" = Adobe Linguistics CS3
"{547DCEC7-DD2A-47E9-82C7-5CF1EAB526DA}" = Microsoft SQL Server Native Client
"{56C049BE-79E9-4502-BEA7-9754A3E60F9B}" = neroxml
"{5EE7D259-D137-4438-9A5F-42F432EC0421}" = VC80CRTRedist - 8.0.50727.4053
"{60DE4033-9503-48D1-A483-7846BD217CA9}" = ICQ6.5
"{6522C636-B04C-4333-9BEB-9E0C0B6350D6}" = Die Sims™ 2 Küchen- und Bad-Einrichtungs-Accessoires
"{6811CAA0-BF12-11D4-9EA1-0050BAE317E1}" = PowerDVD
"{685707A4-911C-468D-BFC4-64A50E5E3A0C}" = Samsung Update Plus
"{6956856F-B6B3-4BE0-BA0B-8F495BE32033}" = Apple Software Update
"{69FDFBB6-351D-4B8C-89D8-867DC9D0A2A4}" = Windows Media Player Firefox Plugin
"{6ABE0BEE-D572-4FE8-B434-9E72A289431B}" = Adobe Fonts All
"{6BDD9CE6-D0A6-478A-BAD3-BA6945E89EB0}" = Die Sims 2: Family Fun - Accessoires
"{6E7DD182-9FC6-4651-0095-2E666CC6AF35}" = Die Sims 2
"{6F730513-8688-4C3C-90A3-6B9792CE2EF3}" = Easy Battery Manager
"{6FF5DD7A-FE28-4439-B8CF-1E9AF4EA0A61}" = Adobe Asset Services CS3
"{71A51B09-E7D3-11DB-A386-005056C00008}" = Vimicro UVC Camera
"{71A51B59-E7D3-11DB-A386-005056C00008}" = Namuga 1.3M Webcam
"{7299052b-02a4-4627-81f2-1818da5d550d}" = Microsoft Visual C++ 2005 Redistributable
"{73B5D990-04EA-4751-B10F-5534770B91F2}" = Adobe Color EU Recommended Settings
"{7B3577F5-1D82-4C9B-008B-69D026FD8BCA}" = Die Sims 2: Open For Business
"{802771A9-A856-4A41-ACF7-1450E523C923}" = Adobe XMP Panels CS3
"{804F1285-8CBF-408D-8CDC-D4D40003B2E4}" = PlayCamera
"{84DDE556-43EF-43ed-B2DF-37AF9E5DDD75}" = Die Sims™ 2 H&M®-Fashion-Accessoires
"{8D2BA474-F406-4710-9AE4-D4F22D21F0DD}" = Adobe Device Central CS3
"{8E106A57-A17E-431D-B48F-175E42EB9F74}" = imagine digital freedom - Samsung
"{8E6808E2-613D-4FCD-81A2-6C8FA8E03312}" = Adobe Type Support
"{90110407-6000-11D3-8CFE-0150048383C9}" = Microsoft Office Professional Edition 2003
"{90120000-0020-0407-0000-0000000FF1CE}" = Compatibility Pack für 2007 Office System
"{90176341-0A8B-4CCC-A78D-F862228A6B95}" = Adobe Anchor Service CS3
"{9068B2BE-D93A-4C0A-861C-5E35E2C0E09E}" = Intel® Matrix Storage Manager
"{95120000-00AF-0407-0000-0000000FF1CE}" = Microsoft Office PowerPoint Viewer 2007 (German)
"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
"{9C9824D9-9000-4373-A6A5-D0E5D4831394}" = Adobe Bridge CS3
"{9CDBC303-3EED-40b0-8E41-A7C65AA96C26}" = Die Sims™ 2: Glamour-Accessoires
"{A2B242BD-FF8D-4840-9DAA-9170EABEC59C}" = Adobe CMaps
"{A2D81E70-2A98-4A08-A628-94388B063C5E}" = Adobe Color - Photoshop Specific
"{AC5B0C19-D851-42F4-BDA0-410ECF7F70A5}" = PDF Settings
"{AED53CDF-1046-4C6B-B5E2-C195125ECDA0}" = Intel(R) PROSet/Wireless WiFi-Software
"{B3BF6689-A81D-40D8-9A86-4AC4ACD9FC1C}" = Adobe Camera Raw 4.0
"{B7A0CE06-068E-11D6-97FD-0050BACBF861}" = PowerProducer
"{B9B35331-B7E4-4E5C-BF4C-7BC87856124D}" = Adobe Default Language CS3
"{BAE68339-B0F6-4D33-9554-5A3DB2DFF5DA}" = User Guide
"{BB164546-0510-46A1-A8A0-A0C4749A4193}" = klickTel Telefon- und Branchenbuch Herbst 2007
"{C05D8CDB-417D-4335-A38C-A0659EDFD6B8}" = Die*Sims™*3
"{C2D69781-F392-4118-A5A7-C7E9C38DBFC2}" = Adobe ExtendScript Toolkit 2
"{C59C179C-668D-49A9-B6EA-0121CCFC1243}" = LabelPrint
"{C78EAC6F-7A73-452E-8134-DBB2165C5A68}" = QuickTime
"{CB099890-1D5F-11D5-9EA9-0050BAE317E1}" = PowerDirector
"{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1
"{D0DFF92A-492E-4C40-B862-A74A173C25C5}" = Adobe Version Cue CS3 Client
"{D2559B88-CC9D-4B48-81BB-F492BAA9C48C}" = Adobe PDF Library Files
"{D6C9AF27-9414-46C8-B9D8-D878BA041031}" = Nero 8
"{DADD7B8A-BCB0-44F5-967A-ECB6B4F2ECD9}" = Adobe Color Common Settings
"{DD6FA976-3F0A-4C6C-A30F-6E75DFC39DE9}" = MakeitOne - MP3AlbumMaker
"{DD7DB3C5-6FA3-4FA3-8A71-C2F2940EB029}" = Adobe Color JA Extra Settings
"{DED53B0B-B67C-4244-AE6A-D6FD3C28D1EF}" = Ad-Aware
"{E3E71D07-CD27-46CB-8448-16D4FB29AA13}" = Microsoft WSE 3.0 Runtime
"{E69AE897-9E0B-485C-8552-7841F48D42D8}" = Adobe Update Manager CS3
"{EF367AA4-070B-493C-9575-85BE59D789C9}" = Easy SpeedUp Manager
"{F01F79AD-1F47-4685-AE4E-CCFA4EA9FF7C}" = Adobe Setup
"{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver
"{F333A33D-125C-32A2-8DCE-5C5D14231E27}" = Visual C++ 2008 x86 Runtime - (v9.0.30729)
"{F333A33D-125C-32A2-8DCE-5C5D14231E27}.vc_x86runtime_30729_01" = Visual C++ 2008 x86 Runtime - v9.0.30729.01
"{F6377647-81AF-41C0-BC7E-06CF37E204AB}" = Roxio Media Manager
"{F983B4FE-547B-4C44-BAF7-4F4DBA93D548}" = Nokia Software Updater
"{FF29A7E2-FF40-4D07-B7E4-2093DE59E10A}" = Adobe Color NA Extra Settings
"504244733D18C8F63FF584AEB290E3904E791693" = Windows-Treiberpaket - Nokia pccsmcfd  (08/22/2008 7.0.0.0)
"Ad-Aware" = Ad-Aware
"Adobe Flash Player ActiveX" = Adobe Flash Player ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 10 Plugin
"Adobe_5f143314a5d434c8511097393d17397" = Adobe Photoshop CS3
"Agere Systems Soft Modem" = Agere Systems HDA Modem
"Avira AntiVir Desktop" = Avira AntiVir Personal - Free Antivirus
"BlackBerry_{14AD69CE-B59F-4EC2-BC3A-DB56105F3D62}" = BlackBerry Desktop Software 4.6
"CCleaner" = CCleaner
"Cool MP3 Splitter" = Cool MP3 Splitter
"dBpoweramp Music Converter" = dBpoweramp Music Converter
"DivX Setup.divx.com" = DivX-Setup
"E8A6D621B6D3FC5D43C68C549D959DE76EEF5D84" = Windows-Treiberpaket - Nokia Modem  (06/01/2009 4.1)
"ESET Online Scanner" = ESET Online Scanner v3
"F779F5541ABD99C95C03B0FD5E3C058B22DA0FF7" = Windows-Treiberpaket - Nokia Modem  (06/01/2009 7.01.0.3)
"FLV Player" = FLV Player 2.0 (build 25)
"ICQToolbar" = ICQ Toolbar
"InstallShield_{685707A4-911C-468D-BFC4-64A50E5E3A0C}" = Samsung Update Plus
"klickIdent 19_is1" = klickIdent 19
"Malwarebytes' Anti-Malware_is1" = Malwarebytes' Anti-Malware
"MediaMonkey_is1" = MediaMonkey 3.0
"Microsoft .NET Framework 3.5 Language Pack SP1 - deu" = Microsoft .NET Framework 3.5 Language Pack SP1 - DEU
"Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1
"Mozilla Firefox (3.6.3)" = Mozilla Firefox (3.6.3)
"Mozilla Thunderbird (2.0.0.24)" = Mozilla Thunderbird (2.0.0.24)
"Nokia PC Suite" = Nokia PC Suite
"NVIDIA Drivers" = NVIDIA Drivers
"ProInst" = Intel PROSet Wireless
"RealPlayer 6.0" = RealPlayer
"Skat 3000 Special Edition_is1" = Skat 3000 SE
"SynTPDeinstKey" = Synaptics Pointing Device Driver
"WinRAR archiver" = WinRAR Archivierer
 
========== Last 10 Event Log Errors ==========
 
[ Application Events ]
Error - 27.05.2010 00:47:31 | Computer Name = CarstenundJessi | Source = Microsoft-Windows-CAPI2 | ID = 131083
Description = 
 
Error - 27.05.2010 00:47:31 | Computer Name = CarstenundJessi | Source = Microsoft-Windows-CAPI2 | ID = 131083
Description = 
 
Error - 27.05.2010 00:49:13 | Computer Name = CarstenundJessi | Source = Application Error | ID = 1000
Description = Fehlerhafte Anwendung NMIndexStoreSvr.exe, Version 3.3.8.0, Zeitstempel
 0x4860cce5, fehlerhaftes Modul unknown, Version 0.0.0.0, Zeitstempel 0x00000000,
 Ausnahmecode 0xc0000005, Fehleroffset 0x07070707,  Prozess-ID 0xdf0, Anwendungsstartzeit
 01cafd57f06e184a.
 
Error - 29.05.2010 03:48:07 | Computer Name = CarstenundJessi | Source = WinMgmt | ID = 10
Description = 
 
Error - 29.05.2010 03:49:27 | Computer Name = CarstenundJessi | Source = Microsoft-Windows-CAPI2 | ID = 131083
Description = 
 
Error - 29.05.2010 03:49:27 | Computer Name = CarstenundJessi | Source = Microsoft-Windows-CAPI2 | ID = 131083
Description = 
 
Error - 30.05.2010 04:40:29 | Computer Name = CarstenundJessi | Source = Application Error | ID = 1000
Description = Fehlerhafte Anwendung NMIndexStoreSvr.exe, Version 3.3.8.0, Zeitstempel
 0x4860cce5, fehlerhaftes Modul unknown, Version 0.0.0.0, Zeitstempel 0x00000000,
 Ausnahmecode 0xc0000005, Fehleroffset 0x02020202,  Prozess-ID 0xd94, Anwendungsstartzeit
 01caffd3b2dd02f2.
 
Error - 30.05.2010 04:41:21 | Computer Name = CarstenundJessi | Source = WinMgmt | ID = 10
Description = 
 
Error - 30.05.2010 04:42:03 | Computer Name = CarstenundJessi | Source = Microsoft-Windows-CAPI2 | ID = 131083
Description = 
 
Error - 30.05.2010 04:42:03 | Computer Name = CarstenundJessi | Source = Microsoft-Windows-CAPI2 | ID = 131083
Description = 
 
[ System Events ]
Error - 20.06.2010 03:25:35 | Computer Name = CarstenundJessi | Source = Microsoft-Windows-LanguagePackSetup | ID = 1001
Description = 
 
Error - 20.06.2010 03:44:21 | Computer Name = CarstenundJessi | Source = HTTP | ID = 15016
Description = 
 
Error - 20.06.2010 03:45:25 | Computer Name = CarstenundJessi | Source = Service Control Manager | ID = 7000
Description = 
 
Error - 20.06.2010 03:45:25 | Computer Name = CarstenundJessi | Source = Service Control Manager | ID = 7009
Description = 
 
Error - 20.06.2010 03:48:11 | Computer Name = CarstenundJessi | Source = Microsoft-Windows-LanguagePackSetup | ID = 1001
Description = 
 
Error - 20.06.2010 07:47:13 | Computer Name = CarstenundJessi | Source = DCOM | ID = 10005
Description = 
 
Error - 20.06.2010 07:47:13 | Computer Name = CarstenundJessi | Source = Service Control Manager | ID = 7009
Description = 
 
Error - 20.06.2010 07:47:13 | Computer Name = CarstenundJessi | Source = Service Control Manager | ID = 7000
Description = 
 
Error - 20.06.2010 08:14:40 | Computer Name = CarstenundJessi | Source = Microsoft-Windows-Service Pack Installer | ID = 8
Description = 
 
Error - 20.06.2010 08:15:34 | Computer Name = CarstenundJessi | Source = DCOM | ID = 10010
Description = 
 
 
< End of report >
--- --- ---
Alt 20.06.2010, 16:06   #17
MalwareHero
 
Hijack zur Überprüfung nach Entfernung von AV Security - Standard

Hijack zur Überprüfung nach Entfernung von AV Security


Wir führen jetzt eine Bereinigung mit OTL durch:

Schliesse alle Programme und
starte das Programm OTL.
* Kopiere den Inhalt im Codefenster (siehe unten) in die leere, weisse Textbox von OTL.

Zitat:
:OTL
O4 - HKLM..\Run: [] File not found
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_20-windows-i586.cab (Java Plug-in 1.6.0_20)
O16 - DPF: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_20-windows-i586.cab (Java Plug-in 1.6.0_20)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_20-windows-i586.cab (Java Plug-in 1.6.0_20)
[2010.06.19 17:16:49 | 000,000,000 | ---D | C] -- C:\Users\Carsten u. Jessi\AppData\Local\nrbikqvak
[2010.06.20 14:30:49 | 000,054,016 | ---- | M] () -- C:\Windows\System32\drivers\vqsbxk.sys
:Commands
[purity]
[EMPTYFLASH]
[emptytemp]
[resethosts]
* Klicke auf den roten Run Fix Button.
* OTL wird den PC neustarten! Bitte das zulassen und abwarten bis nach dem Neustart eine kleine Infobox hochkommt. Klicke "run" in die Box und das log kommt.
* Log posten.

************************
__________________

__________________
Alt 20.06.2010, 16:18   #18
castol
 
Hijack zur Überprüfung nach Entfernung von AV Security - Standard

Hijack zur Überprüfung nach Entfernung von AV Security


Also eine Infobox kam leider nicht aber eine Textdatei hat sich geöffnet:



All processes killed
========== OTL ==========
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\\ deleted successfully.
Starting removal of ActiveX control {8AD9C840-044E-11D1-B3E9-00805F499D93}
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{8AD9C840-044E-11D1-B3E9-00805F499D93}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{8AD9C840-044E-11D1-B3E9-00805F499D93}\ deleted successfully.
Registry key HKEY_CURRENT_USER\SOFTWARE\Classes\CLSID\{8AD9C840-044E-11D1-B3E9-00805F499D93}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{8AD9C840-044E-11D1-B3E9-00805F499D93}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{8AD9C840-044E-11D1-B3E9-00805F499D93}\ not found.
Starting removal of ActiveX control {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}\ deleted successfully.
Registry key HKEY_CURRENT_USER\SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}\ not found.
Starting removal of ActiveX control {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA}
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA}\ not found.
C:\Users\Carsten u. Jessi\AppData\Local\nrbikqvak folder moved successfully.
C:\Windows\System32\drivers\vqsbxk.sys moved successfully.
========== COMMANDS ==========

[EMPTYFLASH]

User: All Users

User: Carsten u. Jessi
->Flash cache emptied: 3855 bytes

User: Default

User: Default User

User: Party
->Flash cache emptied: 405 bytes

User: Public

Total Flash Files Cleaned = 0,00 mb


[EMPTYTEMP]

User: All Users

User: Carsten u. Jessi
->Temp folder emptied: 49895453 bytes
->Temporary Internet Files folder emptied: 69995 bytes
->Java cache emptied: 83520695 bytes
->FireFox cache emptied: 49121696 bytes
->Flash cache emptied: 0 bytes

User: Default
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 33170 bytes

User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes

User: Party
->Temp folder emptied: 81777 bytes
->Temporary Internet Files folder emptied: 2300625 bytes
->FireFox cache emptied: 5710905 bytes
->Flash cache emptied: 0 bytes

User: Public

%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 0 bytes
%systemroot%\System32 .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 117372 bytes
RecycleBin emptied: 2672312 bytes

Total Files Cleaned = 185,00 mb

C:\Windows\System32\drivers\etc\Hosts moved successfully.
HOSTS file reset successfully

OTL by OldTimer - Version 3.2.6.0 log created on 06202010_171134

Files\Folders moved on Reboot...

Registry entries deleted on Reboot...
__________________
Alt 20.06.2010, 16:50   #19
MalwareHero
 
Hijack zur Überprüfung nach Entfernung von AV Security - Standard

Hijack zur Überprüfung nach Entfernung von AV Security


Zitat:
Zitat von castol Beitrag anzeigen
Also eine Infobox kam leider nicht aber eine Textdatei hat sich geöffnet:
Das ist Ok.

Abschliessend noch bitte durchführen und dann bist du durch:

1. OTL deinstallieren:

Schliesse alle Programme öffne OTL und klicke hier auf Bereinigung (englische Version: clean up) OTL wird sich und andere Analysetools jetzt selbst entfernen.
Warte ab bis eine kleine infobox hochkommt und Bescheid gibt, dass der PC neu gestartet wird.

2. Deaktiviere die Windows Systemwiederherstllung, PC auschalten, dann neustarten und aktiviere sie dann wieder. Setze einen neuen Systemwiederherstellungspunkt. Windows Vista - Systemwiederherstellung deaktivieren

3. Interneteinstellungen zurücksetzen:Zurücksetzen der Internet Explorer 8-Einstellungen

4. Firewalleinstellungen zurücksetzen: Windows-Firewall zurücksetzen auf Windows 7, Vista und XP ... ScareWare.de

5. Kontrollscans mit Dr. Web (nur schneller Scan) im abgesicherten Modus. (Fünde löschen und protokollieren.)
http://www.trojaner-board.de/59299-a...eb-cureit.html
Kontrollscan mit SuperAntiSpyware. Fünde löschen und Log posten.
http://www.trojaner-board.de/51871-a...tispyware.html


6. Windows Update ausführen > auf Servicepack 2 updaten!

JAVA/ Acrobat Reader/Adobe FLASHPLAYER deinstallieren und mit den neusten Versionen ersetzen:
Adobe - Adobe Reader herunterladen - Alle Versionen
Adobe - Adobe Flash Player
Alle Software updaten: http://secunia.com/
__________________
Arroganz ist das Selbstbewusstsein des Minderwertigkeitskomplexes.
(Jean Rostand)

Alt 20.06.2010, 18:59   #20
castol
 
Hijack zur Überprüfung nach Entfernung von AV Security - Standard

Hijack zur Überprüfung nach Entfernung von AV Security


Vielen Dank für deine SUPER Hilfe!!!! Ich werde deine Schritte durchgehen und mich wieder melden


Alt 21.06.2010, 05:17   #21
castol
 
Hijack zur Überprüfung nach Entfernung von AV Security - Standard

Hijack zur Überprüfung nach Entfernung von AV Security


Guten Morgen...

Dr. Web hatte keinen Fund und hier das Log von SuperAntiSpyware:

SUPERAntiSpyware Scan Log
hxxp://www.superantispyware.com

Generated 06/20/2010 at 10:25 PM

Application Version : 4.39.1002

Core Rules Database Version : 5093
Trace Rules Database Version: 2905

Scan type : Complete Scan
Total Scan Time : 01:46:42

Memory items scanned : 403
Memory threats detected : 0
Registry items scanned : 11071
Registry threats detected : 0
File items scanned : 171753
File threats detected : 1

Adware.Tracking Cookie
cdn5.specificclick.net [ C:\Users\Carsten u. Jessi\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\B9RVMRT8 ]

Alt 21.06.2010, 16:56   #22
MalwareHero
 
Hijack zur Überprüfung nach Entfernung von AV Security - Standard

Hijack zur Überprüfung nach Entfernung von AV Security


Zitat:
Zitat von castol Beitrag anzeigen
Guten Morgen...

Dr. Web hatte keinen Fund
Das sieht gut aus. Die Updates noch installieren.

> Secunia.com

> Super AntiSpyware deinstallieren

> http://www.trojaner-board.de/74052-s...-internet.html

lg.

*******************************
__________________
Arroganz ist das Selbstbewusstsein des Minderwertigkeitskomplexes.
(Jean Rostand)

Alt 21.06.2010, 20:42   #23
castol
 
Hijack zur Überprüfung nach Entfernung von AV Security - Standard

Hijack zur Überprüfung nach Entfernung von AV Security


VIELEN VIELEN DANK FÜR DEINE HILFE!!!!!!!

Bin ich denn jetzt wieder sicher im Netz unterwegs oder muss ich bein Online Banking usw. noch aufpassen?

Antwort
Seite 2 von 2 1 2

Themen zu Hijack zur Überprüfung nach Entfernung von AV Security
32 bit, ad-aware, ad-watch, ad-watch live, agere systems, antivir, antivir guard, avgntflt.sys, avira, bho, bonjour, browser, desktop, device driver, drvstore, error, excel, firefox, flash player, hdaudio.sys, hijack, hijackthis, home, home premium, install.exe, installation, mp3, msiexec.exe, notepad.exe, nvlddmkm.sys, pdfforge toolbar, plug-in, programdata, programm, realtek, registry, security, software, spigot, start menu, svchost.exe, system, usbvideo.sys, vista 32, vista 32 bit, windows, windows-sicherheitscenterdienst, wireless lan, wscript.exe


« 100% CPU Auslastung, PC sehr langsam, hängt immer wieder minutenlang | Internet Exploder öffnet sich automatisch! »


Ähnliche Themen: Hijack zur Überprüfung nach Entfernung von AV Security


  1. Binkiland Entfernung bzw Überprüfung
    Log-Analyse und Auswertung - 23.02.2015 (11)
  2. Vorgehen nach Live Security Platinum Entfernung?
    Plagegeister aller Art und deren Bekämpfung - 24.07.2012 (1)
  3. System nicht sauber nach XP Security 2012 Entfernung
    Log-Analyse und Auswertung - 06.02.2012 (20)
  4. [doppelt] GEMA Virus nach XP-Security-Entfernung auf unsicherem System eingefangen.
    Mülltonne - 02.02.2012 (2)
  5. Security Sphere 2012 - Immer noch Fehler nach Entfernung!
    Log-Analyse und Auswertung - 12.11.2011 (25)
  6. Startprobleme XP SP2 nach Entfernung von Microsoft Security Essentials Alert
    Plagegeister aller Art und deren Bekämpfung - 01.10.2010 (0)
  7. Ständige Norton Meldung nach Entfernung von microsoft security essentials alert
    Plagegeister aller Art und deren Bekämpfung - 08.09.2010 (3)
  8. Nach Entfernung der AV Security Suite kein Internet mehr....aber Ping geht
    Netzwerk und Hardware - 20.08.2010 (38)
  9. Probleme nach der "Entfernung" von AV Security Suite
    Plagegeister aller Art und deren Bekämpfung - 25.07.2010 (33)
  10. AV Security Suite - Nach Entfernung öffnen sich in Firefox ungewünschte Tabs
    Log-Analyse und Auswertung - 15.07.2010 (29)
  11. AV Security Suite - Systemprüfung nach Entfernung gemäß FAQ
    Plagegeister aller Art und deren Bekämpfung - 12.07.2010 (1)
  12. Datei dhcpcsvc.dll erstellt sich selbst neu nach entfernung von Security Essentials 2010
    Plagegeister aller Art und deren Bekämpfung - 03.07.2010 (7)
  13. Weitergehende Prüfung nach Entfernung von MY Security Engine
    Plagegeister aller Art und deren Bekämpfung - 27.05.2010 (7)
  14. Bitte um Überprüfung meiner Hijack Logfile
    Log-Analyse und Auswertung - 23.04.2009 (1)
  15. nach entfernung von antispy2009 bitte hijack check!
    Log-Analyse und Auswertung - 27.12.2008 (0)
  16. Bitte um Überprüfung vom logfile hijack und Escanlog
    Log-Analyse und Auswertung - 23.01.2005 (3)
  17. Trojaner Angriff Hijack Überprüfung
    Log-Analyse und Auswertung - 14.01.2005 (2)
Anleitungen und Tipps

- Für alle Hilfesuchenden! Was beachten?

- Anleitung: MyStartSearch.com entfernen

- Anleitung: WebSearches löschen

- Hilfe: iStartSurf entfernen – so gehts!

- Anleitung: Omiga Plus richtig entfernen

- Browser Viren entfernen


Zum Thema Hijack zur Überprüfung nach Entfernung von AV Security - Ok... OTL.txt: OTL Logfile: Code: Alles auswählen Aufklappen ATTFilter OTL logfile created on: 20.06.2010 16:46:51 - Run 1 OTL by OldTimer - Version 3.2.6.0 Folder = C:\Users\Carsten u. Jessi\Desktop Windows - Hijack zur Überprüfung nach Entfernung von AV Security...
Archiv
Du betrachtest: Hijack zur Überprüfung nach Entfernung von AV Security auf Trojaner-Board

Search Engine Optimization by vBSEO ©2011, Crawlability, Inc.

1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32 33 34 35 36 37 38 39 40 41 42 43 44 45 46 47 48 49 50 51 52 53 54 55 56 57 58 59 60 61 62 63 64 65 66 67 68 69 70 71 72 73 74 75 76 77 78 79 80 81 82 83 84 85 86 87 88 89 90 91 92 93 94 95 96 97 98 99 100 101 102 103 104 105 106 107 108 109 110 111 112 113 114 115 116 117 118 119 120 121 122 123 124 125 126 127 128 129 130 131