| |
| |||||||
Log-Analyse und Auswertung: Internet Explorer 8.0 (Vista) öffnet sich völlig unkontrolliert zigfachWindows 7 Wenn Du Dir einen Trojaner eingefangen hast oder ständig Viren Warnungen bekommst, kannst Du hier die Logs unserer Diagnose Tools zwecks Auswertung durch unsere Experten posten. Um Viren und Trojaner entfernen zu können, muss das infizierte System zuerst untersucht werden: Erste Schritte zur Hilfe. Beachte dass ein infiziertes System nicht vertrauenswürdig ist und bis zur vollständigen Entfernung der Malware nicht verwendet werden sollte.XML. |
 |
| |
06.07.2010, 14:59
| #1 |
 |  Internet Explorer 8.0 (Vista) öffnet sich völlig unkontrolliert zigfach Hallo liebes Board, ich bin einigermassen verzweifelt. Seit ca. 1 Woche plagt mich irgendwelches Ungeziefer auf meinem PC. Ich hoffe, dass Ihr mir möglichst schnell weiterhelfen könnt. Ich bin bezüglich Viren (glücklicherweise) noch relativ unerfahren. Ich habe AVG eigentlich sehr regelmässig laufen. Jedoch findet er nichts, was auf meinen derzeitigen Befall hindeuten könnte. Mein Internet Explorer öffnet sich immer öfter völlig unkontrolliert sobald ich eine Taste drücke (zumeist die Entertaste). Anschliessend hab ich zwischen 20 und 100 InternetExplorer-Instanzen (nicht Tabs) geöffnet, die ich nur durch den Taskmanager geschlossen bekomme. Ich habe hier mit HiJackThis (v.2.0.4) den Report ausgefüllt und poste ihn nun hier. Es wäre lieb, wenn ihr mir noch ein paar Hinweise oder Links geben könnt wie ich mit euren Antworten dann weiter verfahre, da ich mich noch nicht wirlich auskenne. Vielen Dank schon im voraus für eure Antworten. Viele Grüsse Manuel1304 P.S. Sollten noch Infos fehlen gebt mir bitte Rückmeldung. Code:
ATTFilter Logfile of Trend Micro HijackThis v2.0.4 Scan saved at 15:42:33, on 06.07.2010 Platform: Windows Vista SP2 (WinNT 6.00.1906) MSIE: Internet Explorer v8.00 (8.00.6001.18928) Boot mode: Normal Running processes: E:\***\PCSuite.exe E:\***\WebCam Software\LWS.exe C:\***\Install\WN111v2.exe C:\***\jusched.exe E:\***\Install\avgtray.exe C:\***\COCIManager.exe C:\***\SetPoint32.exe E:\***\ExpressionWeb.exe E:\***\Install\filezilla.exe E:\***\thunderbird.exe E:\***\firefox.exe E:\***\HiJackThis.exe R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = h**p://go.microsoft.com/fwlink/?LinkId=54896 R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = h**p://go.microsoft.com/fwlink/?LinkId=69157 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = h**p://go.microsoft.com/fwlink/?LinkId=54896 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = h**p://go.microsoft.com/fwlink/?LinkId=54896 R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = h**p://go.microsoft.com/fwlink/?LinkId=69157 R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch = R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = F2 - REG:system.ini: UserInit=userinit.exe O1 - Hosts: ::1 localhost O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll O2 - BHO: WormRadar.com IESiteBlocker.NavFilter - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - E:\Sicherheit\AntiVirus\AVG\Install\avgssie.dll O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - (no file) O2 - BHO: Windows Live ID-Anmelde-Hilfsprogramm - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar.dll O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files (x86)\Google\GoogleToolbarNotifier\5.1.1309.3572\swg.dll O2 - BHO: Google Dictionary Compression sdch - {C84D72FE-E17D-4195-BB24-76C02E2E7C4E} - C:\Program Files (x86)\Google\Google Toolbar\Component\fastsearch_A8904FB862BD9564.dll O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - E:\Programmierung\Java\JRE\Install\bin\jp2ssv.dll O3 - Toolbar: Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar.dll O4 - HKLM\..\Run: [jswtrayutil] C:\Treiber\Netzwerk\WLAN\WN111v2\SmartWizard\Install\jswtrayutil.exe O4 - HKLM\..\Run: [LogitechQuickCamRibbon] "E:\Kamera\Webkamera\QuickCam Sphere AF\QuickCam\Install\Logitech WebCam Software\LWS.exe" /hide O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe" O4 - HKLM\..\Run: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe" O4 - HKLM\..\Run: [AVG9_TRAY] E:\SICHER~1\ANTIVI~1\AVG\Install\avgtray.exe O4 - HKCU\..\Run: [ehTray.exe] C:\Windows\ehome\ehTray.exe O4 - HKCU\..\Run: [PC Suite Tray] "E:\Mobil\Handy\E71\PCSuite\Install\Nokia PC Suite 7\PCSuite.exe" -onlytray O4 - Global Startup: Logitech SetPoint.lnk = ? O4 - Global Startup: Microsoft Office.lnk = E:\Office\XP\Install\Office10\OSA.EXE O4 - Global Startup: NETGEAR WN111v2 Setup-Assistent.lnk = C:\Treiber\Netzwerk\WLAN\WN111v2\SmartWizard\Install\WN111v2.exe O8 - Extra context menu item: Nach Microsoft &Excel exportieren - res://E:\Office\XP\Install\Office10\EXCEL.EXE/3000 O9 - Extra button: ICQ6 - {E59EB121-F339-4851-A3BA-FE49C35617C2} - E:\Kommunikation\Messenger\ICQ\Install\ICQ6.5\ICQ.exe O9 - Extra 'Tools' menuitem: ICQ6 - {E59EB121-F339-4851-A3BA-FE49C35617C2} - E:\Kommunikation\Messenger\ICQ\Install\ICQ6.5\ICQ.exe O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - h**p://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - h**p://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab O18 - Protocol: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - E:\Sicherheit\AntiVirus\AVG\Install\avgpp.dll O18 - Filter: x-sdch - {B1759355-3EEC-4C1E-B0F1-B719FE26E377} - C:\Program Files (x86)\Google\Google Toolbar\Component\fastsearch_A8904FB862BD9564.dll O22 - SharedTaskScheduler: Component Categories cache daemon - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\Windows\system32\browseui.dll O23 - Service: @%SystemRoot%\system32\Alg.exe,-112 (ALG) - Unknown owner - C:\Windows\System32\alg.exe (file missing) O23 - Service: AMD External Events Utility - Unknown owner - C:\Windows\system32\atiesrxx.exe (file missing) O23 - Service: AVG Free E-mail Scanner (avg9emc) - AVG Technologies CZ, s.r.o. - E:\Sicherheit\AntiVirus\AVG\Install\avgemc.exe O23 - Service: AVG Free WatchDog (avg9wd) - AVG Technologies CZ, s.r.o. - E:\Sicherheit\AntiVirus\AVG\Install\avgwdsvc.exe O23 - Service: @dfsrres.dll,-101 (DFSR) - Unknown owner - C:\Windows\system32\DFSR.exe (file missing) O23 - Service: @%systemroot%\system32\fxsresm.dll,-118 (Fax) - Unknown owner - C:\Windows\system32\fxssvc.exe (file missing) O23 - Service: Google Software Updater (gusvc) - Google - C:\Program Files (x86)\Google\Common\Google Updater\GoogleUpdaterService.exe O23 - Service: Jumpstart Wifi Protected Setup (jswpsapi) - Atheros Communications, Inc. - C:\Treiber\Netzwerk\WLAN\WN111v2\SmartWizard\Install\jswpsapi.exe O23 - Service: @keyiso.dll,-100 (KeyIso) - Unknown owner - C:\Windows\system32\lsass.exe (file missing) O23 - Service: Logitech Bluetooth Service (LBTServ) - Logitech, Inc. - C:\Program Files\Common Files\LogiShrd\Bluetooth\LBTServ.exe O23 - Service: Process Monitor (LVPrcS64) - Logitech Inc. - C:\Program Files\Common Files\LogiShrd\LVMVFM\LVPrcSrv.exe O23 - Service: @comres.dll,-2797 (MSDTC) - Unknown owner - C:\Windows\System32\msdtc.exe (file missing) O23 - Service: Nero BackItUp Scheduler 4.0 - Nero AG - C:\Program Files (x86)\Common Files\Nero\Nero BackItUp 4\NBService.exe O23 - Service: @%SystemRoot%\System32\netlogon.dll,-102 (Netlogon) - Unknown owner - C:\Windows\system32\lsass.exe (file missing) O23 - Service: PnkBstrA - Unknown owner - C:\Windows\system32\PnkBstrA.exe O23 - Service: PnkBstrB - Unknown owner - C:\Windows\system32\PnkBstrB.exe O23 - Service: @%systemroot%\system32\psbase.dll,-300 (ProtectedStorage) - Unknown owner - C:\Windows\system32\lsass.exe (file missing) O23 - Service: @%systemroot%\system32\Locator.exe,-2 (RpcLocator) - Unknown owner - C:\Windows\system32\locator.exe (file missing) O23 - Service: @%SystemRoot%\system32\samsrv.dll,-1 (SamSs) - Unknown owner - C:\Windows\system32\lsass.exe (file missing) O23 - Service: ServiceLayer - Nokia - C:\Program Files (x86)\PC Connectivity Solution\ServiceLayer.exe O23 - Service: @%SystemRoot%\system32\SLsvc.exe,-101 (slsvc) - Unknown owner - C:\Windows\system32\SLsvc.exe (file missing) O23 - Service: @%SystemRoot%\system32\snmptrap.exe,-3 (SNMPTRAP) - Unknown owner - C:\Windows\System32\snmptrap.exe (file missing) O23 - Service: @%systemroot%\system32\spoolsv.exe,-1 (Spooler) - Unknown owner - C:\Windows\System32\spoolsv.exe (file missing) O23 - Service: Steam Client Service - Valve Corporation - C:\Program Files (x86)\Common Files\Steam\SteamService.exe O23 - Service: @%SystemRoot%\system32\ui0detect.exe,-101 (UI0Detect) - Unknown owner - C:\Windows\system32\UI0Detect.exe (file missing) O23 - Service: @%SystemRoot%\system32\vds.exe,-100 (vds) - Unknown owner - C:\Windows\System32\vds.exe (file missing) O23 - Service: @%systemroot%\system32\vssvc.exe,-102 (VSS) - Unknown owner - C:\Windows\system32\vssvc.exe (file missing) O23 - Service: @%systemroot%\system32\wbengine.exe,-104 (wbengine) - Unknown owner - C:\Windows\system32\wbengine.exe (file missing) O23 - Service: @%Systemroot%\system32\wbem\wmiapsrv.exe,-110 (wmiApSrv) - Unknown owner - C:\Windows\system32\wbem\WmiApSrv.exe (file missing) O23 - Service: @%ProgramFiles%\Windows Media Player\wmpnetwk.exe,-101 (WMPNetworkSvc) - Unknown owner - C:\Program Files (x86)\Windows Media Player\wmpnetwk.exe (file missing) -- End of file - 9202 bytes |
|
06.07.2010, 15:19
| #2 |
| /// Malware-holic   |  Internet Explorer 8.0 (Vista) öffnet sich völlig unkontrolliert zigfach download malwarebytes:
__________________Malwarebytes instalieren, dann öffnen, registerkarte aktualisierung, programm updaten. dann registerkarte scanner, komplett scan, funde löschen, log posten. ootl: Systemscan mit OTL download otl: http://filepony.de/download-otl/ Doppelklick auf die OTL.exe (user von Windows 7 und Vista: Rechtsklick als Administrator ausführen) 1. Oben findest Du ein Kästchen mit Output. Wähle bitte Minimal Output 2. Hake an "scan all users" 3. Unter "Extra Registry wähle: "Use Safelist" "LOP Check" "Purity Check" 4. Kopiere in die Textbox: netsvcs msconfig safebootminimal safebootnetwork activex drivers32 %ALLUSERSPROFILE%\Application Data\*. %ALLUSERSPROFILE%\Application Data\*.exe /s %APPDATA%\*. %APPDATA%\*.exe /s %SYSTEMDRIVE%\*.exe /md5start userinit.exe eventlog.dll scecli.dll netlogon.dll cngaudit.dll ws2ifsl.sys sceclt.dll ntelogon.dll logevent.dll iaStor.sys nvstor.sys atapi.sys IdeChnDr.sys viasraid.sys AGP440.sys vaxscsi.sys nvatabus.sys viamraid.sys nvata.sys nvgts.sys iastorv.sys ViPrt.sys eNetHook.dll ahcix86.sys KR10N.sys nvstor32.sys ahcix86s.sys /md5stop %systemroot%\system32\drivers\*.sys /lockedfiles %systemroot%\System32\config\*.sav %systemroot%\*. /mp /s %systemroot%\system32\*.dll /lockedfiles CREATERESTOREPOINT 5. Klicke "Scan" 6. 2 reporte werden erstellt: OTL.Txt Extras.Txt bitte poste beide |
|
06.07.2010, 21:34
| #3 |
| | Internet Explorer 8.0 (Vista) öffnet sich völlig unkontrolliert zigfach Hallo,
__________________ich habe mit Malware einen Komplettscann laufen lassen. Anbei das Ergebnis. Es scheint jedoch alles in Ordnung zu sein. Den OTL-Scan lasse ich jetzt laufen. Code:
ATTFilter Malwarebytes' Anti-Malware 1.46
www.malwarebytes.org
Datenbank Version: 4282
Windows 6.0.6002 Service Pack 2
Internet Explorer 8.0.6001.18928
06.07.2010 17:51:21
mbam-log-2010-07-06 (17-51-21).txt
Art des Suchlaufs: Vollständiger Suchlauf (C:\|D:\|E:\|F:\|G:\|H:\|I:\|J:\|K:\|L:\|Q:\|V:\|W:\|X:\|Y:\|)
Durchsuchte Objekte: 336062
Laufzeit: 49 Minute(n), 51 Sekunde(n)
Infizierte Speicherprozesse: 0
Infizierte Speichermodule: 0
Infizierte Registrierungsschlüssel: 0
Infizierte Registrierungswerte: 0
Infizierte Dateiobjekte der Registrierung: 0
Infizierte Verzeichnisse: 0
Infizierte Dateien: 0
Infizierte Speicherprozesse:
(Keine bösartigen Objekte gefunden)
Infizierte Speichermodule:
(Keine bösartigen Objekte gefunden)
Infizierte Registrierungsschlüssel:
(Keine bösartigen Objekte gefunden)
Infizierte Registrierungswerte:
(Keine bösartigen Objekte gefunden)
Infizierte Dateiobjekte der Registrierung:
(Keine bösartigen Objekte gefunden)
Infizierte Verzeichnisse:
(Keine bösartigen Objekte gefunden)
Infizierte Dateien:
(Keine bösartigen Objekte gefunden)
|
|
06.07.2010, 21:46
| #4 |
| | Internet Explorer 8.0 (Vista) öffnet sich völlig unkontrolliert zigfach Ok...hier sind nun die Antworten des OTL-Scans. Die Outputs sind jedoch etwas grösser... OTL.txt: Code:
ATTFilter OTL logfile created on: 06.07.2010 22:37:26 - Run 1 OTL by OldTimer - Version 3.2.7.1 Folder = K:\Eingehend 64bit-Windows Vista Ultimate Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation Internet Explorer (Version = 8.0.6001.18928) Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy 4,00 Gb Total Physical Memory | 1,00 Gb Available Physical Memory | 34,00% Memory free 8,00 Gb Paging File | 5,00 Gb Available in Paging File | 66,00% Paging File free Paging file location(s): ?:\pagefile.sys [binary data] %SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86) Drive C: | 97,66 Gb Total Space | 44,70 Gb Free Space | 45,77% Space Free | Partition Type: NTFS Drive D: | 78,12 Gb Total Space | 78,03 Gb Free Space | 99,87% Space Free | Partition Type: NTFS Drive E: | 195,31 Gb Total Space | 191,69 Gb Free Space | 98,15% Space Free | Partition Type: NTFS Drive F: | 488,28 Gb Total Space | 423,76 Gb Free Space | 86,79% Space Free | Partition Type: NTFS Drive G: | 68,36 Gb Total Space | 68,26 Gb Free Space | 99,85% Space Free | Partition Type: NTFS Drive H: | 80,69 Gb Total Space | 80,59 Gb Free Space | 99,88% Space Free | Partition Type: NTFS Drive I: | 292,97 Gb Total Space | 272,57 Gb Free Space | 93,04% Space Free | Partition Type: NTFS Drive J: | 150,26 Gb Total Space | 150,16 Gb Free Space | 99,93% Space Free | Partition Type: NTFS Drive K: | 94,67 Gb Total Space | 94,52 Gb Free Space | 99,85% Space Free | Partition Type: NTFS Drive Q: | 931,51 Gb Total Space | 849,09 Gb Free Space | 91,15% Space Free | Partition Type: NTFS Drive V: | 1,88 Gb Total Space | 1,88 Gb Free Space | 99,96% Space Free | Partition Type: FAT Computer Name: MBU-PC-01 Current User Name: Manuel Burkhardt Logged in as Administrator. Current Boot Mode: Normal Scan Mode: All users Include 64bit Scans Company Name Whitelist: Off Skip Microsoft Files: Off File Age = 30 Days Output = Minimal ========== Processes (SafeList) ========== PRC - K:\Eingehend\OTL.exe (OldTimer Tools) PRC - E:\Tools\Internet\FTP\FileZilla\Client\Install\filezilla.exe (FileZilla Project) PRC - E:\Sicherheit\AntiVirus\AVG\Install\avgtray.exe (AVG Technologies CZ, s.r.o.) PRC - E:\Sicherheit\AntiVirus\AVG\Install\avgcsrvx.exe (AVG Technologies CZ, s.r.o.) PRC - E:\Sicherheit\AntiVirus\AVG\Install\avgemc.exe (AVG Technologies CZ, s.r.o.) PRC - E:\Sicherheit\AntiVirus\AVG\Install\avgwdsvc.exe (AVG Technologies CZ, s.r.o.) PRC - E:\Sicherheit\AntiVirus\Anti-Malware\Install\mbam.exe (Malwarebytes Corporation) PRC - E:\Sicherheit\AntiVirus\HiJackThis\Install\Trend Micro\HiJackThis\HiJackThis.exe (Trend Micro Inc.) PRC - C:\Windows\SysWOW64\Macromed\Flash\FlashUtil10e.exe (Adobe Systems, Inc.) PRC - C:\Program Files (x86)\PC Connectivity Solution\ServiceLayer.exe (Nokia) PRC - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbarUser.exe (Google Inc.) PRC - E:\Programmierung\Web\Expression Web\Install\Web 3\ExpressionWeb.exe (Microsoft Corporation) PRC - E:\Mobil\Handy\E71\PCSuite\Install\Nokia PC Suite 7\PCSuite.exe (Nokia) PRC - C:\Program Files (x86)\PC Connectivity Solution\Transports\NclRSSrv.exe (Nokia) PRC - C:\Windows\SysWOW64\PnkBstrB.exe () PRC - C:\Windows\SysWOW64\PnkBstrA.exe () PRC - E:\Kamera\Webkamera\QuickCam Sphere AF\QuickCam\Install\Logitech WebCam Software\LWS.exe () PRC - C:\Program Files (x86)\Common Files\Logishrd\LQCVFX\COCIManager.exe () PRC - C:\Program Files (x86)\Common Files\LogiShrd\LVMVFM\LVPrS64H.exe (Logitech Inc.) PRC - C:\Treiber\Netzwerk\WLAN\WN111v2\SmartWizard\Install\WN111v2.exe (NETGEAR) PRC - C:\Treiber\Eingabe\Cordless Desktop Wave Pro\SetPoint\Install\SetPoint\x86\SetPoint32.exe () PRC - C:\Program Files (x86)\Common Files\Nero\Nero BackItUp 4\NBService.exe (Nero AG) ========== Modules (SafeList) ========== MOD - K:\Eingehend\OTL.exe (OldTimer Tools) MOD - C:\Windows\SysWOW64\msscript.ocx (Microsoft Corporation) ========== Win32 Services (SafeList) ========== SRV:64bit: - (PnkBstrB) -- C:\Windows\SysNative\PnkBstrB.exe File not found SRV:64bit: - (PnkBstrA) -- C:\Windows\SysNative\PnkBstrA.exe File not found SRV:64bit: - (wlidsvc) -- C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE (Microsoft Corporation) SRV:64bit: - (LVPrcS64) -- C:\Program Files\Common Files\LogiShrd\LVMVFM\LVPrcSrv.exe (Logitech Inc.) SRV:64bit: - (AMD External Events Utility) -- C:\Windows\SysNative\atiesrxx.exe (AMD) SRV:64bit: - (UmRdpService) -- C:\Windows\SysNative\umrdp.dll (Microsoft Corporation) SRV:64bit: - (CscService) -- C:\Windows\SysNative\cscsvc.dll (Microsoft Corporation) SRV:64bit: - (AppMgmt) -- C:\Windows\SysNative\appmgmts.dll (Microsoft Corporation) SRV - (avg9emc) -- E:\Sicherheit\AntiVirus\AVG\Install\avgemc.exe (AVG Technologies CZ, s.r.o.) SRV - (avg9wd) -- E:\Sicherheit\AntiVirus\AVG\Install\avgwdsvc.exe (AVG Technologies CZ, s.r.o.) SRV - (Steam Client Service) -- C:\Program Files (x86)\Common Files\Steam\SteamService.exe (Valve Corporation) SRV - (ServiceLayer) -- C:\Program Files (x86)\PC Connectivity Solution\ServiceLayer.exe (Nokia) SRV - (PnkBstrB) -- C:\Windows\SysWOW64\PnkBstrB.exe () SRV - (PnkBstrA) -- C:\Windows\SysWOW64\PnkBstrA.exe () SRV - (LBTServ) -- C:\Programme\Common Files\LogiShrd\Bluetooth\LBTServ.exe (Logitech, Inc.) SRV - (Nero BackItUp Scheduler 4.0) -- C:\Program Files (x86)\Common Files\Nero\Nero BackItUp 4\NBService.exe (Nero AG) SRV - (jswpsapi) -- C:\Treiber\Netzwerk\WLAN\WN111v2\SmartWizard\Install\jswpsapi.exe (Atheros Communications, Inc.) ========== Driver Services (SafeList) ========== DRV:64bit: - (PCAMp50a64) -- C:\Windows\SysNative\Drivers\PCAMp50a64.sys File not found DRV:64bit: - (NwlnkFwd) -- C:\Windows\SysNative\DRIVERS\nwlnkfwd.sys File not found DRV:64bit: - (NwlnkFlt) -- C:\Windows\SysNative\DRIVERS\nwlnkflt.sys File not found DRV:64bit: - (IpInIp) -- C:\Windows\SysNative\DRIVERS\ipinip.sys File not found DRV:64bit: - (DgiVecp) -- C:\Windows\SysNative\Drivers\DgiVecp.sys File not found DRV:64bit: - (AvgTdiA) -- C:\Windows\SysNative\Drivers\avgtdia.sys (AVG Technologies CZ, s.r.o.) DRV:64bit: - (AvgMfx64) -- C:\Windows\SysNative\Drivers\avgmfx64.sys (AVG Technologies CZ, s.r.o.) DRV:64bit: - (AvgLdx64) -- C:\Windows\SysNative\Drivers\avgldx64.sys (AVG Technologies CZ, s.r.o.) DRV:64bit: - (nmwcdx64) -- C:\Windows\SysNative\drivers\ccdcmbx64.sys (Nokia) DRV:64bit: - (UsbserFilt) -- C:\Windows\SysNative\DRIVERS\usbser_lowerfltx64j.sys (Nokia) DRV:64bit: - (nmwcdcx64) -- C:\Windows\SysNative\drivers\ccdcmbox64.sys (Nokia) DRV:64bit: - (upperdev) -- C:\Windows\SysNative\DRIVERS\usbser_lowerfltx64.sys (Nokia) DRV:64bit: - (nmwcdnsux64) -- C:\Windows\SysNative\drivers\nmwcdnsux64.sys (Nokia) DRV:64bit: - (nmwcdnsucx64) -- C:\Windows\SysNative\drivers\nmwcdnsucx64.sys (Nokia) DRV:64bit: - (WpdUsb) -- C:\Windows\SysNative\DRIVERS\wpdusb.sys (Microsoft Corporation) DRV:64bit: - (atksgt) -- C:\Windows\SysNative\DRIVERS\atksgt.sys () DRV:64bit: - (lirsgt) -- C:\Windows\SysNative\DRIVERS\lirsgt.sys () DRV:64bit: - (LVUVC64) QuickCam Orbit/Sphere AF(UVC) -- C:\Windows\SysNative\DRIVERS\lvuvc64.sys (Logitech Inc.) DRV:64bit: - (lvsels64) -- C:\Windows\SysNative\DRIVERS\lvsels64.sys (Logitech Inc.) DRV:64bit: - (LVRS64) -- C:\Windows\SysNative\DRIVERS\lvrs64.sys (Logitech Inc.) DRV:64bit: - (LVPr2Mon) -- C:\Windows\SysNative\DRIVERS\LVPr2M64.sys () DRV:64bit: - (LVPr2M64) -- C:\Windows\SysNative\DRIVERS\LVPr2M64.sys () DRV:64bit: - (atikmdag) -- C:\Windows\SysNative\DRIVERS\atikmdag.sys (ATI Technologies Inc.) DRV:64bit: - (usbser) -- C:\Windows\SysNative\drivers\usbser.sys (Microsoft Corporation) DRV:64bit: - (CSC) -- C:\Windows\SysNative\drivers\csc.sys (Microsoft Corporation) DRV:64bit: - (WN111v2) -- C:\Windows\SysNative\DRIVERS\WN111v2x.sys (Atheros Communications, Inc.) DRV:64bit: - (LMouFilt) -- C:\Windows\SysNative\DRIVERS\LMouFilt.Sys (Logitech, Inc.) DRV:64bit: - (LHidFilt) -- C:\Windows\SysNative\DRIVERS\LHidFilt.Sys (Logitech, Inc.) DRV:64bit: - (LVUSBS64) -- C:\Windows\SysNative\drivers\LVUSBS64.sys (Logitech Inc.) DRV:64bit: - (JSWPSLWF) -- C:\Windows\SysNative\DRIVERS\jswpslwfx.sys (Atheros Communications, Inc.) DRV:64bit: - (pccsmcfd) -- C:\Windows\SysNative\DRIVERS\pccsmcfdx64.sys (Nokia) DRV:64bit: - (AtiPcie) ATI PCI Express (3GIO) -- C:\Windows\SysNative\DRIVERS\AtiPcie.sys (ATI Technologies Inc.) DRV:64bit: - (SSPORT) -- C:\Windows\SysNative\Drivers\SSPORT.sys (Samsung Electronics) DRV:64bit: - (PCASp50a64) -- C:\Windows\SysNative\Drivers\PCASp50a64.sys (Printing Communications Assoc., Inc. (PCAUSA)) DRV:64bit: - (RTL8169) -- C:\Windows\SysNative\DRIVERS\Rtlh64.sys (Realtek Corporation) DRV:64bit: - (Ntfs) -- C:\Windows\SysNative\Wbem\ntfs.mof () ========== Standard Registry (SafeList) ========== ========== Internet Explorer ========== IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 IE - HKU\S-1-5-21-4181750598-3240758953-3275519497-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = about:blank IE - HKU\S-1-5-21-4181750598-3240758953-3275519497-1000\SOFTWARE\Microsoft\Internet Explorer\Main,StartPageCache = 1 IE - HKU\S-1-5-21-4181750598-3240758953-3275519497-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 ========== FireFox ========== FF - prefs.js..browser.startup.homepage: "about:blank" FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}:6.0.20 FF - prefs.js..extensions.enabledItems: firebug@software.joehewitt.com:1.5.4 FF - prefs.js..extensions.enabledItems: {3f963a5b-e555-4543-90e2-c3908898db71}:9.0.0.825 FF - HKLM\software\mozilla\Firefox\Extensions\\{3f963a5b-e555-4543-90e2-c3908898db71}: E:\Sicherheit\AntiVirus\AVG\Install\Firefox [2010.06.04 00:24:16 | 000,000,000 | ---D | M] FF - HKLM\software\mozilla\Mozilla Firefox 3.6.3\extensions\\Components: E:\Internet\Browser\Firefox\Install\components [2010.06.28 22:31:27 | 000,000,000 | ---D | M] FF - HKLM\software\mozilla\Mozilla Firefox 3.6.3\extensions\\Plugins: E:\Internet\Browser\Firefox\Install\plugins [2010.07.04 17:43:05 | 000,000,000 | ---D | M] FF - HKLM\software\mozilla\Mozilla Thunderbird 3.0.4\extensions\\Components: E:\Kommunikation\Mail\Thunderbird\Install\components [2010.06.18 21:19:31 | 000,000,000 | ---D | M] FF - HKLM\software\mozilla\Mozilla Thunderbird 3.0.4\extensions\\Plugins: E:\Kommunikation\Mail\Thunderbird\Install\plugins [2010.06.16 22:51:43 | 000,000,000 | ---D | M] -- C:\Users\Manuel Burkhardt\AppData\Roaming\mozilla\Extensions [2010.06.16 22:51:43 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Manuel Burkhardt\AppData\Roaming\mozilla\Extensions\{3550f703-e582-4d05-9a08-453d09bdfdc6} [2010.07.05 20:11:47 | 000,000,000 | ---D | M] -- C:\Users\Manuel Burkhardt\AppData\Roaming\mozilla\Firefox\Profiles\77lm4xpc.default\extensions [2010.06.10 22:17:30 | 000,000,000 | ---D | M] (Microsoft .NET Framework Assistant) -- C:\Users\Manuel Burkhardt\AppData\Roaming\mozilla\Firefox\Profiles\77lm4xpc.default\extensions\{20a82645-c095-46ed-80e3-08825760534b} [2010.06.02 23:27:01 | 000,000,000 | ---D | M] -- C:\Users\Manuel Burkhardt\AppData\Roaming\mozilla\Firefox\Profiles\77lm4xpc.default\extensions\firebug@software.joehewitt.com O1 HOSTS File: ([2006.09.18 23:37:24 | 000,000,761 | ---- | M]) - C:\Windows\SysNative\drivers\etc\Hosts O1 - Hosts: 127.0.0.1 localhost O1 - Hosts: ::1 localhost O2:64bit: - BHO: (AVG Safe Search) - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - E:\Sicherheit\AntiVirus\AVG\Install\avgssiea.dll (AVG Technologies CZ, s.r.o.) O2:64bit: - BHO: (Windows Live ID-Anmelde-Hilfsprogramm) - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Programme\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corporation) O2 - BHO: (AVG Safe Search) - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - E:\Sicherheit\AntiVirus\AVG\Install\avgssie.dll (AVG Technologies CZ, s.r.o.) O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - No CLSID value found. O2 - BHO: (Google Toolbar Helper) - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar.dll (Google Inc.) O2 - BHO: (Google Toolbar Notifier BHO) - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files (x86)\Google\GoogleToolbarNotifier\5.1.1309.3572\swg.dll (Google Inc.) O2 - BHO: (Google Dictionary Compression sdch) - {C84D72FE-E17D-4195-BB24-76C02E2E7C4E} - C:\Program Files (x86)\Google\Google Toolbar\Component\fastsearch_A8904FB862BD9564.dll (Google Inc.) O2 - BHO: (Java(tm) Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - E:\Programmierung\Java\JRE\Install\bin\jp2ssv.dll (Sun Microsystems, Inc.) O3 - HKLM\..\Toolbar: (Google Toolbar) - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar.dll (Google Inc.) O3 - HKU\S-1-5-21-4181750598-3240758953-3275519497-1000\..\Toolbar\WebBrowser: (Google Toolbar) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar.dll (Google Inc.) O4:64bit: - HKLM..\Run: [Kernel and Hardware Abstraction Layer] C:\Windows\KHALMNPR.Exe (Logitech, Inc.) O4:64bit: - HKLM..\Run: [RtHDVCpl] C:\Programme\Realtek\Audio\HDA\RAVCpl64.exe (Realtek Semiconductor) O4:64bit: - HKLM..\Run: [Skytel] C:\Programme\Realtek\Audio\HDA\SkyTel.exe (Realtek Semiconductor Corp.) O4:64bit: - HKLM..\Run: [Windows Defender] C:\Program Files\Windows Defender\MSASCui.exe (Microsoft Corporation) O4 - HKLM..\Run: [AVG9_TRAY] E:\Sicherheit\AntiVirus\AVG\Install\avgtray.exe (AVG Technologies CZ, s.r.o.) O4 - HKLM..\Run: [jswtrayutil] C:\Treiber\Netzwerk\WLAN\WN111v2\SmartWizard\Install\jswtrayutil.exe File not found O4 - HKLM..\Run: [LogitechQuickCamRibbon] E:\Kamera\Webkamera\QuickCam Sphere AF\QuickCam\Install\Logitech WebCam Software\LWS.exe () O4 - HKU\S-1-5-19..\Run: [Sidebar] C:\Program Files (x86)\Windows Sidebar\Sidebar.exe (Microsoft Corporation) O4 - HKU\S-1-5-19..\Run: [WindowsWelcomeCenter] C:\Windows\SysWow64\oobefldr.dll (Microsoft Corporation) O4 - HKU\S-1-5-20..\Run: [Sidebar] C:\Program Files (x86)\Windows Sidebar\Sidebar.exe (Microsoft Corporation) O4 - HKU\S-1-5-20..\Run: [WindowsWelcomeCenter] C:\Windows\SysWow64\oobefldr.dll (Microsoft Corporation) O4 - HKU\S-1-5-21-4181750598-3240758953-3275519497-1000..\Run: [PC Suite Tray] E:\Mobil\Handy\E71\PCSuite\Install\Nokia PC Suite 7\PCSuite.exe (Nokia) O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktopChanges = 1 O8:64bit: - Extra context menu item: Nach Microsoft &Excel exportieren - E:\Office\XP\Install\Office10\EXCEL.EXE (Microsoft Corporation) O8 - Extra context menu item: Nach Microsoft &Excel exportieren - E:\Office\XP\Install\Office10\EXCEL.EXE (Microsoft Corporation) O9 - Extra Button: ICQ6 - {E59EB121-F339-4851-A3BA-FE49C35617C2} - E:\Kommunikation\Messenger\ICQ\Install\ICQ6.5\ICQ.exe (ICQ, LLC.) O9 - Extra 'Tools' menuitem : ICQ6 - {E59EB121-F339-4851-A3BA-FE49C35617C2} - E:\Kommunikation\Messenger\ICQ\Install\ICQ6.5\ICQ.exe (ICQ, LLC.) O13 - gopher Prefix: missing O13 - gopher Prefix: missing O16 - DPF: {166B1BCA-3F9C-11CF-8075-444553540000} hxxp://download.macromedia.com/pub/shockwave/cabs/director/sw.cab (Shockwave ActiveX Control) O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_20-windows-i586.cab (Java Plug-in 1.6.0_20) O16 - DPF: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_20-windows-i586.cab (Java Plug-in 1.6.0_20) O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_20-windows-i586.cab (Java Plug-in 1.6.0_20) O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} hxxp://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab (Shockwave Flash Object) O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab (Reg Error: Key error.) O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.2.1 O18:64bit: - Protocol\Handler\http\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - Reg Error: Key error. File not found O18:64bit: - Protocol\Handler\http\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - Reg Error: Key error. File not found O18:64bit: - Protocol\Handler\https\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - Reg Error: Key error. File not found O18:64bit: - Protocol\Handler\https\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - Reg Error: Key error. File not found O18:64bit: - Protocol\Handler\linkscanner {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - E:\Sicherheit\AntiVirus\AVG\Install\avgppa.dll (AVG Technologies CZ, s.r.o.) O18:64bit: - Protocol\Handler\livecall {828030A1-22C1-4009-854F-8E305202313F} - Reg Error: Key error. File not found O18:64bit: - Protocol\Handler\msdaipp - No CLSID value found O18:64bit: - Protocol\Handler\msdaipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - Reg Error: Key error. File not found O18:64bit: - Protocol\Handler\msdaipp\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - Reg Error: Key error. File not found O18:64bit: - Protocol\Handler\ms-itss {0A9007C0-4076-11D3-8789-0000F8105754} - Reg Error: Key error. File not found O18:64bit: - Protocol\Handler\msnim {828030A1-22C1-4009-854F-8E305202313F} - Reg Error: Key error. File not found O18:64bit: - Protocol\Handler\mso-offdap {3D9F03FA-7A94-11D3-BE81-0050048385D1} - Reg Error: Key error. File not found O18:64bit: - Protocol\Handler\wlmailhtml {03C514A3-1EFB-4856-9F99-10D7BE1653C0} - Reg Error: Key error. File not found O18 - Protocol\Handler\http\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\System\OLE DB\msdaipp.dll (Microsoft Corporation) O18 - Protocol\Handler\http\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\System\OLE DB\msdaipp.dll (Microsoft Corporation) O18 - Protocol\Handler\https\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\System\OLE DB\msdaipp.dll (Microsoft Corporation) O18 - Protocol\Handler\https\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\System\OLE DB\msdaipp.dll (Microsoft Corporation) O18 - Protocol\Handler\linkscanner {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - E:\Sicherheit\AntiVirus\AVG\Install\avgpp.dll (AVG Technologies CZ, s.r.o.) O18 - Protocol\Handler\livecall {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~2\WI1F86~1\MESSEN~1\MSGRAP~1.DLL (Microsoft Corporation) O18 - Protocol\Handler\msdaipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\System\OLE DB\msdaipp.dll (Microsoft Corporation) O18 - Protocol\Handler\msdaipp\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\System\OLE DB\msdaipp.dll (Microsoft Corporation) O18 - Protocol\Handler\msnim {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~2\WI1F86~1\MESSEN~1\MSGRAP~1.DLL (Microsoft Corporation) O18 - Protocol\Handler\mso-offdap {3D9F03FA-7A94-11D3-BE81-0050048385D1} - C:\PROGRA~2\COMMON~1\MICROS~1\WEBCOM~1\10\OWC10.DLL (Microsoft Corporation) O18:64bit: - Protocol\Filter\x-sdch {B1759355-3EEC-4C1E-B0F1-B719FE26E377} - Reg Error: Key error. File not found O18 - Protocol\Filter\x-sdch {B1759355-3EEC-4C1E-B0F1-B719FE26E377} - C:\Program Files (x86)\Google\Google Toolbar\Component\fastsearch_A8904FB862BD9564.dll (Google Inc.) O20:64bit: - AppInit_DLLs: (avgrssta.dll) - C:\Windows\SysNative\avgrssta.dll (AVG Technologies CZ, s.r.o.) O20:64bit: - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation) O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation) O22:64bit: - SharedTaskScheduler: {E31004D1-A431-41B8-826F-E902F9D95C81} - Windows DreamScene - C:\Windows\SysNative\DreamScene.dll (Microsoft Corporation) O24 - Desktop WallPaper: C:\Users\Manuel Burkhardt\AppData\Roaming\Microsoft\Windows Photo Gallery\Hintergrundbild der Windows-Fotogalerie.jpg O24 - Desktop BackupWallPaper: C:\Users\Manuel Burkhardt\AppData\Roaming\Microsoft\Windows Photo Gallery\Hintergrundbild der Windows-Fotogalerie.jpg O32 - HKLM CDRom: AutoRun - 1 O33 - MountPoints2\{69273f32-4242-11de-b3db-806e6f6e6963}\Shell - "" = AutoRun O33 - MountPoints2\{69273f32-4242-11de-b3db-806e6f6e6963}\Shell\AutoRun\command - "" = Z:\autorun.exe -- File not found O33 - MountPoints2\{69273f32-4242-11de-b3db-806e6f6e6963}\Shell\install\command - "" = Z:\autorun.exe -- File not found O34 - HKLM BootExecute: (autocheck autochk *) - File not found O35:64bit: - HKLM\..comfile [open] -- "%1" %* O35:64bit: - HKLM\..exefile [open] -- "%1" %* O35 - HKLM\..comfile [open] -- "%1" %* O35 - HKLM\..exefile [open] -- "%1" %* O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %* O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %* O37 - HKLM\...com [@ = comfile] -- "%1" %* O37 - HKLM\...exe [@ = exefile] -- "%1" %* NetSvcs:64bit: AppMgmt - C:\Windows\SysNative\appmgmts.dll (Microsoft Corporation) SafeBootMin:64bit: AppMgmt - C:\Windows\SysNative\appmgmts.dll (Microsoft Corporation) SafeBootMin:64bit: Base - Driver Group SafeBootMin:64bit: Boot Bus Extender - Driver Group SafeBootMin:64bit: Boot file system - Driver Group SafeBootMin:64bit: File system - Driver Group SafeBootMin:64bit: Filter - Driver Group SafeBootMin:64bit: HelpSvc - Service SafeBootMin:64bit: PCI Configuration - Driver Group SafeBootMin:64bit: PNP Filter - Driver Group SafeBootMin:64bit: Primary disk - Driver Group SafeBootMin:64bit: sacsvr - Service SafeBootMin:64bit: SCSI Class - Driver Group SafeBootMin:64bit: System Bus Extender - Driver Group SafeBootMin:64bit: {36FC9E60-C465-11CF-8056-444553540000} - Universal Serial Bus controllers SafeBootMin:64bit: {4D36E965-E325-11CE-BFC1-08002BE10318} - CD-ROM Drive SafeBootMin:64bit: {4D36E967-E325-11CE-BFC1-08002BE10318} - DiskDrive SafeBootMin:64bit: {4D36E969-E325-11CE-BFC1-08002BE10318} - Standard floppy disk controller SafeBootMin:64bit: {4D36E96A-E325-11CE-BFC1-08002BE10318} - Hdc SafeBootMin:64bit: {4D36E96B-E325-11CE-BFC1-08002BE10318} - Keyboard SafeBootMin:64bit: {4D36E96F-E325-11CE-BFC1-08002BE10318} - Mouse SafeBootMin:64bit: {4D36E977-E325-11CE-BFC1-08002BE10318} - PCMCIA Adapters SafeBootMin:64bit: {4D36E97B-E325-11CE-BFC1-08002BE10318} - SCSIAdapter SafeBootMin:64bit: {4D36E97D-E325-11CE-BFC1-08002BE10318} - System SafeBootMin:64bit: {4D36E980-E325-11CE-BFC1-08002BE10318} - Floppy disk drive SafeBootMin:64bit: {533C5B84-EC70-11D2-9505-00C04F79DEAF} - Volume shadow copy SafeBootMin:64bit: {6BDD1FC1-810F-11D0-BEC7-08002BE2092F} - IEEE 1394 Bus host controllers SafeBootMin:64bit: {71A27CDD-812A-11D0-BEC7-08002BE2092F} - Volume SafeBootMin:64bit: {745A17A0-74D3-11D0-B6FE-00A0C90F57DA} - Human Interface Devices SafeBootMin:64bit: {D48179BE-EC20-11D1-B6B8-00C04FA372A7} - SBP2 IEEE 1394 Devices SafeBootMin:64bit: {D94EE5D8-D189-4994-83D2-F68D7D41B0E6} - SecurityDevices SafeBootMin: Base - Driver Group SafeBootMin: Boot Bus Extender - Driver Group SafeBootMin: Boot file system - Driver Group SafeBootMin: File system - Driver Group SafeBootMin: Filter - Driver Group SafeBootMin: HelpSvc - Service SafeBootMin: PCI Configuration - Driver Group SafeBootMin: PNP Filter - Driver Group SafeBootMin: Primary disk - Driver Group SafeBootMin: sacsvr - Service SafeBootMin: SCSI Class - Driver Group SafeBootMin: System Bus Extender - Driver Group SafeBootMin: {36FC9E60-C465-11CF-8056-444553540000} - Universal Serial Bus controllers SafeBootMin: {4D36E965-E325-11CE-BFC1-08002BE10318} - CD-ROM Drive SafeBootMin: {4D36E967-E325-11CE-BFC1-08002BE10318} - DiskDrive SafeBootMin: {4D36E969-E325-11CE-BFC1-08002BE10318} - Standard floppy disk controller SafeBootMin: {4D36E96A-E325-11CE-BFC1-08002BE10318} - Hdc SafeBootMin: {4D36E96B-E325-11CE-BFC1-08002BE10318} - Keyboard SafeBootMin: {4D36E96F-E325-11CE-BFC1-08002BE10318} - Mouse SafeBootMin: {4D36E977-E325-11CE-BFC1-08002BE10318} - PCMCIA Adapters SafeBootMin: {4D36E97B-E325-11CE-BFC1-08002BE10318} - SCSIAdapter SafeBootMin: {4D36E97D-E325-11CE-BFC1-08002BE10318} - System SafeBootMin: {4D36E980-E325-11CE-BFC1-08002BE10318} - Floppy disk drive SafeBootMin: {533C5B84-EC70-11D2-9505-00C04F79DEAF} - Volume shadow copy SafeBootMin: {6BDD1FC1-810F-11D0-BEC7-08002BE2092F} - IEEE 1394 Bus host controllers SafeBootMin: {71A27CDD-812A-11D0-BEC7-08002BE2092F} - Volume SafeBootMin: {745A17A0-74D3-11D0-B6FE-00A0C90F57DA} - Human Interface Devices SafeBootMin: {D48179BE-EC20-11D1-B6B8-00C04FA372A7} - SBP2 IEEE 1394 Devices SafeBootMin: {D94EE5D8-D189-4994-83D2-F68D7D41B0E6} - SecurityDevices SafeBootNet:64bit: AppMgmt - C:\Windows\SysNative\appmgmts.dll (Microsoft Corporation) SafeBootNet:64bit: Base - Driver Group SafeBootNet:64bit: Boot Bus Extender - Driver Group SafeBootNet:64bit: Boot file system - Driver Group SafeBootNet:64bit: File system - Driver Group SafeBootNet:64bit: Filter - Driver Group SafeBootNet:64bit: HelpSvc - Service SafeBootNet:64bit: NDIS Wrapper - Driver Group SafeBootNet:64bit: NetBIOSGroup - Driver Group SafeBootNet:64bit: NetDDEGroup - Driver Group SafeBootNet:64bit: Network - Driver Group SafeBootNet:64bit: NetworkProvider - Driver Group SafeBootNet:64bit: PCI Configuration - Driver Group SafeBootNet:64bit: PNP Filter - Driver Group SafeBootNet:64bit: PNP_TDI - Driver Group SafeBootNet:64bit: Primary disk - Driver Group SafeBootNet:64bit: rdsessmgr - Service SafeBootNet:64bit: sacsvr - Service SafeBootNet:64bit: SCSI Class - Driver Group SafeBootNet:64bit: Streams Drivers - Driver Group SafeBootNet:64bit: System Bus Extender - Driver Group SafeBootNet:64bit: TDI - Driver Group SafeBootNet:64bit: WudfPf - Driver SafeBootNet:64bit: WudfUsbccidDriver - Driver SafeBootNet:64bit: {36FC9E60-C465-11CF-8056-444553540000} - Universal Serial Bus controllers SafeBootNet:64bit: {4D36E965-E325-11CE-BFC1-08002BE10318} - CD-ROM Drive SafeBootNet:64bit: {4D36E967-E325-11CE-BFC1-08002BE10318} - DiskDrive SafeBootNet:64bit: {4D36E969-E325-11CE-BFC1-08002BE10318} - Standard floppy disk controller SafeBootNet:64bit: {4D36E96A-E325-11CE-BFC1-08002BE10318} - Hdc SafeBootNet:64bit: {4D36E96B-E325-11CE-BFC1-08002BE10318} - Keyboard SafeBootNet:64bit: {4D36E96F-E325-11CE-BFC1-08002BE10318} - Mouse SafeBootNet:64bit: {4D36E972-E325-11CE-BFC1-08002BE10318} - Net SafeBootNet:64bit: {4D36E973-E325-11CE-BFC1-08002BE10318} - NetClient SafeBootNet:64bit: {4D36E974-E325-11CE-BFC1-08002BE10318} - NetService SafeBootNet:64bit: {4D36E975-E325-11CE-BFC1-08002BE10318} - NetTrans SafeBootNet:64bit: {4D36E977-E325-11CE-BFC1-08002BE10318} - PCMCIA Adapters SafeBootNet:64bit: {4D36E97B-E325-11CE-BFC1-08002BE10318} - SCSIAdapter SafeBootNet:64bit: {4D36E97D-E325-11CE-BFC1-08002BE10318} - System SafeBootNet:64bit: {4D36E980-E325-11CE-BFC1-08002BE10318} - Floppy disk drive SafeBootNet:64bit: {50DD5230-BA8A-11D1-BF5D-0000F805F530} - Smart card readers SafeBootNet:64bit: {533C5B84-EC70-11D2-9505-00C04F79DEAF} - Volume shadow copy SafeBootNet:64bit: {6BDD1FC1-810F-11D0-BEC7-08002BE2092F} - IEEE 1394 Bus host controllers SafeBootNet:64bit: {71A27CDD-812A-11D0-BEC7-08002BE2092F} - Volume SafeBootNet:64bit: {745A17A0-74D3-11D0-B6FE-00A0C90F57DA} - Human Interface Devices SafeBootNet:64bit: {D48179BE-EC20-11D1-B6B8-00C04FA372A7} - SBP2 IEEE 1394 Devices SafeBootNet:64bit: {D94EE5D8-D189-4994-83D2-F68D7D41B0E6} - SecurityDevices SafeBootNet: Base - Driver Group SafeBootNet: Boot Bus Extender - Driver Group SafeBootNet: Boot file system - Driver Group SafeBootNet: File system - Driver Group SafeBootNet: Filter - Driver Group SafeBootNet: HelpSvc - Service SafeBootNet: NDIS Wrapper - Driver Group SafeBootNet: NetBIOSGroup - Driver Group SafeBootNet: NetDDEGroup - Driver Group SafeBootNet: Network - Driver Group SafeBootNet: NetworkProvider - Driver Group SafeBootNet: PCI Configuration - Driver Group SafeBootNet: PNP Filter - Driver Group SafeBootNet: PNP_TDI - Driver Group SafeBootNet: Primary disk - Driver Group SafeBootNet: rdsessmgr - Service SafeBootNet: sacsvr - Service SafeBootNet: SCSI Class - Driver Group SafeBootNet: Streams Drivers - Driver Group SafeBootNet: System Bus Extender - Driver Group SafeBootNet: TDI - Driver Group SafeBootNet: WudfPf - Driver SafeBootNet: WudfUsbccidDriver - Driver SafeBootNet: {36FC9E60-C465-11CF-8056-444553540000} - Universal Serial Bus controllers SafeBootNet: {4D36E965-E325-11CE-BFC1-08002BE10318} - CD-ROM Drive SafeBootNet: {4D36E967-E325-11CE-BFC1-08002BE10318} - DiskDrive SafeBootNet: {4D36E969-E325-11CE-BFC1-08002BE10318} - Standard floppy disk controller SafeBootNet: {4D36E96A-E325-11CE-BFC1-08002BE10318} - Hdc SafeBootNet: {4D36E96B-E325-11CE-BFC1-08002BE10318} - Keyboard SafeBootNet: {4D36E96F-E325-11CE-BFC1-08002BE10318} - Mouse SafeBootNet: {4D36E972-E325-11CE-BFC1-08002BE10318} - Net SafeBootNet: {4D36E973-E325-11CE-BFC1-08002BE10318} - NetClient SafeBootNet: {4D36E974-E325-11CE-BFC1-08002BE10318} - NetService SafeBootNet: {4D36E975-E325-11CE-BFC1-08002BE10318} - NetTrans SafeBootNet: {4D36E977-E325-11CE-BFC1-08002BE10318} - PCMCIA Adapters SafeBootNet: {4D36E97B-E325-11CE-BFC1-08002BE10318} - SCSIAdapter SafeBootNet: {4D36E97D-E325-11CE-BFC1-08002BE10318} - System SafeBootNet: {4D36E980-E325-11CE-BFC1-08002BE10318} - Floppy disk drive SafeBootNet: {50DD5230-BA8A-11D1-BF5D-0000F805F530} - Smart card readers SafeBootNet: {533C5B84-EC70-11D2-9505-00C04F79DEAF} - Volume shadow copy SafeBootNet: {6BDD1FC1-810F-11D0-BEC7-08002BE2092F} - IEEE 1394 Bus host controllers SafeBootNet: {71A27CDD-812A-11D0-BEC7-08002BE2092F} - Volume SafeBootNet: {745A17A0-74D3-11D0-B6FE-00A0C90F57DA} - Human Interface Devices SafeBootNet: {D48179BE-EC20-11D1-B6B8-00C04FA372A7} - SBP2 IEEE 1394 Devices SafeBootNet: {D94EE5D8-D189-4994-83D2-F68D7D41B0E6} - SecurityDevices ActiveX:64bit: {2179C5D3-EBFF-11CF-B6FD-00AA00B4E220} - ActiveX:64bit: {22d6f312-b0f6-11d0-94ab-0080c74c7e95} - Microsoft Windows Media Player 11.0 ActiveX:64bit: {2C7339CF-2B09-4501-B3F3-F3508C9228ED} - %SystemRoot%\system32\regsvr32.exe /s /n /i:/UserInstall %SystemRoot%\system32\themeui.dll ActiveX:64bit: {3af36230-a269-11d1-b5bf-0000f8051515} - Offline Browsing Pack ActiveX:64bit: {44BBA840-CC51-11CF-AAFA-00AA00B6015C} - "%ProgramFiles%\Windows Mail\WinMail.exe" OCInstallUserConfigOE ActiveX:64bit: {44BBA848-CC51-11CF-AAFA-00AA00B6015C} - ActiveX:64bit: {44BBA855-CC51-11CF-AAFA-00AA00B6015F} - DirectDrawEx ActiveX:64bit: {45ea75a0-a269-11d1-b5bf-0000f8051515} - Internet Explorer Help ActiveX:64bit: {4f645220-306d-11d2-995d-00c04f98bbc9} - Microsoft Windows Script 5.8 ActiveX:64bit: {5fd399c0-a70a-11d1-9948-00c04f98bbc9} - Internet Explorer Setup Tools ActiveX:64bit: {630b1da0-b465-11d1-9948-00c04f98bbc9} - Browsing Enhancements ActiveX:64bit: {6BF52A52-394A-11d3-B153-00C04F79FAA6} - Microsoft Windows Media Player ActiveX:64bit: {6fab99d0-bab8-11d1-994a-00c04f98bbc9} - MSN Site Access ActiveX:64bit: {7070D8E0-650A-46b3-B03C-9497582E6A74} - %SystemRoot%\system32\soundschemes.exe /AddRegistration ActiveX:64bit: {7790769C-0471-11d2-AF11-00C04FA35D02} - Address Book 7 ActiveX:64bit: {89820200-ECBD-11cf-8B85-00AA005B4340} - regsvr32.exe /s /n /i:U shell32.dll ActiveX:64bit: {89820200-ECBD-11cf-8B85-00AA005B4383} - C:\Windows\system32\ie4uinit.exe -BaseSettings ActiveX:64bit: {89B4C1CD-B018-4511-B0A1-5476DBF70820} - C:\Windows\system32\Rundll32.exe C:\Windows\system32\mscories.dll,Install ActiveX:64bit: {9381D8F2-0288-11D0-9501-00AA00B911A5} - Dynamic HTML Data Binding ActiveX:64bit: {B3688A53-AB2A-4b1d-8CEF-8F93D8C51C24} - %SystemRoot%\system32\soundschemes2.exe /AddRegistration ActiveX:64bit: {C9E9A340-D1F1-11D0-821E-444553540600} - Internet Explorer Core Fonts ActiveX:64bit: {CDD7975E-60F8-41d5-8149-19E51D6F71D0} - Windows Movie Maker v2.1 ActiveX:64bit: {de5aed00-a4bf-11d1-9948-00c04f98bbc9} - HTML Help ActiveX:64bit: {E92B03AB-B707-11d2-9CBD-0000F87A369E} - Active Directory Service Interface ActiveX:64bit: {FEBEF00C-046D-438D-8A88-BF94A6C9E703} - .NET Framework ActiveX:64bit: >{22d6f312-b0f6-11d0-94ab-0080c74c7e95} - C:\Windows\system32\unregmp2.exe /ShowWMP ActiveX:64bit: >{26923b43-4d38-484f-9b9e-de460746276c} - C:\Windows\system32\ie4uinit.exe -UserIconConfig ActiveX:64bit: >{60B49E34-C7CC-11D0-8953-00A0C90347FF} - "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\iedkcs32.dll",BrandIEActiveSetup SIGNUP ActiveX: {08B0E5C0-4FCB-11CF-AAA5-00401C608500} - Java (Sun) ActiveX: {22d6f312-b0f6-11d0-94ab-0080c74c7e95} - Microsoft Windows Media Player ActiveX: {25FFAAD0-F4A3-4164-95FF-4461E9F35D51} - .NET Framework ActiveX: {2C7339CF-2B09-4501-B3F3-F3508C9228ED} - %SystemRoot%\system32\regsvr32.exe /s /n /i:/UserInstall %SystemRoot%\system32\themeui.dll ActiveX: {3af36230-a269-11d1-b5bf-0000f8051515} - Offline Browsing Pack ActiveX: {44BBA840-CC51-11CF-AAFA-00AA00B6015C} - "%ProgramFiles(x86)%\Windows Mail\WinMail.exe" OCInstallUserConfigOE ActiveX: {44BBA855-CC51-11CF-AAFA-00AA00B6015F} - DirectDrawEx ActiveX: {45ea75a0-a269-11d1-b5bf-0000f8051515} - Internet Explorer Help ActiveX: {4f645220-306d-11d2-995d-00c04f98bbc9} - Microsoft Windows Script 5.6 ActiveX: {5fd399c0-a70a-11d1-9948-00c04f98bbc9} - Internet Explorer Setup Tools ActiveX: {630b1da0-b465-11d1-9948-00c04f98bbc9} - Browsing Enhancements ActiveX: {6BF52A52-394A-11d3-B153-00C04F79FAA6} - Microsoft Windows Media Player ActiveX: {6fab99d0-bab8-11d1-994a-00c04f98bbc9} - MSN Site Access ActiveX: {73FA19D0-2D75-11D2-995D-00C04F98BBC9} - Webordner ActiveX: {7790769C-0471-11d2-AF11-00C04FA35D02} - Address Book 7 ActiveX: {7C028AF8-F614-47B3-82DA-BA94E41B1089} - .NET Framework ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4340} - regsvr32.exe /s /n /i:U shell32.dll ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4383} - C:\Windows\SysWOW64\ie4uinit.exe -BaseSettings ActiveX: {89B4C1CD-B018-4511-B0A1-5476DBF70820} - C:\Windows\SysWOW64\Rundll32.exe C:\Windows\SysWOW64\mscories.dll,Install ActiveX: {9381D8F2-0288-11D0-9501-00AA00B911A5} - Dynamic HTML Data Binding ActiveX: {C9E9A340-D1F1-11D0-821E-444553540600} - Internet Explorer Core Fonts ActiveX: {D27CDB6E-AE6D-11CF-96B8-444553540000} - Adobe Flash Player ActiveX: {de5aed00-a4bf-11d1-9948-00c04f98bbc9} - HTML Help ActiveX: {E92B03AB-B707-11d2-9CBD-0000F87A369E} - Active Directory Service Interface ActiveX: >{22d6f312-b0f6-11d0-94ab-0080c74c7e95} - %SystemRoot%\system32\unregmp2.exe /ShowWMP ActiveX: >{26923b43-4d38-484f-9b9e-de460746276c} - C:\Windows\SysWOW64\ie4uinit.exe -UserIconConfig ActiveX: >{60B49E34-C7CC-11D0-8953-00A0C90347FF} - "C:\Windows\SysWOW64\rundll32.exe" "C:\Windows\SysWOW64\iedkcs32.dll",BrandIEActiveSetup SIGNUP Drivers32:64bit: msacm.l3acm - C:\Windows\System32\l3codeca.acm (Fraunhofer Institut Integrierte Schaltungen IIS) Drivers32:64bit: vidc.i420 - lvcod64.dll (Logitech Inc.) Drivers32: msacm.l3acm - C:\Windows\SysWOW64\l3codeca.acm (Fraunhofer Institut Integrierte Schaltungen IIS) Drivers32: msacm.sl_anet - C:\Windows\SysWow64\SL_ANET.ACM (Sipro Lab Telecom Inc.) Drivers32: vidc.cvid - C:\Windows\SysWow64\iccvid.dll (Radius Inc.) Drivers32: vidc.i420 - C:\Windows\SysWow64\lvcodec2.dll (Logitech Inc.) Drivers32: VIDC.MP42 - C:\Windows\SysWow64\MPG4C32.DLL (Microsoft Corporation) Drivers32: VIDC.MPG4 - C:\Windows\SysWow64\MPG4C32.DLL (Microsoft Corporation) CREATERESTOREPOINT Restore point Set: OTL Restore Point ========== Files/Folders - Created Within 30 Days ========== [2010.07.05 20:27:34 | 000,000,000 | ---D | C] -- C:\Users\Manuel Burkhardt\AppData\Roaming\Malwarebytes [2010.07.05 20:27:27 | 000,038,224 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\SysWow64\drivers\mbamswissarmy.sys [2010.07.05 20:27:26 | 000,024,664 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\SysNative\drivers\mbam.sys [2010.07.05 20:27:26 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes [2010.07.05 20:06:32 | 000,000,000 | ---D | C] -- C:\ProgramData\TEMP [2010.06.23 00:02:17 | 001,942,856 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\dfshim.dll [2010.06.23 00:02:17 | 001,130,824 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\dfshim.dll [2010.06.23 00:02:17 | 000,320,352 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\PresentationHost.exe [2010.06.23 00:02:17 | 000,295,264 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\PresentationHost.exe [2010.06.23 00:02:17 | 000,109,912 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\PresentationHostProxy.dll [2010.06.23 00:02:17 | 000,099,176 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\PresentationHostProxy.dll [2010.06.23 00:02:17 | 000,049,472 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\netfxperf.dll [2010.06.23 00:02:17 | 000,048,960 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\netfxperf.dll [2010.06.22 20:11:53 | 004,240,384 | ---- | C] (Microsoft) -- C:\Windows\SysWow64\GameUXLegacyGDFs.dll [2010.06.22 20:11:53 | 004,240,384 | ---- | C] (Microsoft) -- C:\Windows\SysNative\GameUXLegacyGDFs.dll [2010.06.22 20:11:53 | 000,032,256 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\Apphlpdm.dll [2010.06.22 20:11:53 | 000,028,672 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\Apphlpdm.dll [2010.06.21 13:33:04 | 000,000,000 | ---D | C] -- C:\Users\Manuel Burkhardt\Aptana Rubles [2010.06.11 23:52:50 | 000,366,080 | ---- | C] (Adobe Systems Incorporated) -- C:\Windows\SysNative\atmfd.dll [2010.06.11 23:52:50 | 000,289,792 | ---- | C] (Adobe Systems Incorporated) -- C:\Windows\SysWow64\atmfd.dll [2010.06.11 23:52:50 | 000,048,128 | ---- | C] (Adobe Systems) -- C:\Windows\SysNative\atmlib.dll [2010.06.11 23:52:50 | 000,034,304 | ---- | C] (Adobe Systems) -- C:\Windows\SysWow64\atmlib.dll [2010.06.11 23:52:45 | 002,334,208 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\iertutil.dll [2010.06.11 23:52:44 | 000,599,040 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\msfeeds.dll [2010.06.11 23:52:44 | 000,243,712 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\occache.dll [2010.06.11 23:52:44 | 000,206,848 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\occache.dll [2010.06.11 23:52:43 | 001,538,560 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\inetcpl.cpl [2010.06.11 23:52:43 | 001,469,440 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\inetcpl.cpl [2010.06.11 23:52:43 | 000,706,048 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\msfeeds.dll [2010.06.11 23:52:43 | 000,252,416 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\iepeers.dll [2010.06.11 23:52:43 | 000,219,136 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ieui.dll [2010.06.11 23:52:43 | 000,184,320 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\iepeers.dll [2010.06.11 23:52:43 | 000,173,056 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ie4uinit.exe [2010.06.11 23:52:43 | 000,164,352 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ieui.dll [2010.06.11 23:52:43 | 000,162,816 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ieUnatt.exe [2010.06.11 23:52:43 | 000,133,632 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ieUnatt.exe [2010.06.11 23:52:43 | 000,132,096 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\iesysprep.dll [2010.06.11 23:52:43 | 000,109,056 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\iesysprep.dll [2010.06.11 23:52:43 | 000,077,312 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\iesetup.dll [2010.06.11 23:52:43 | 000,072,192 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\iernonce.dll [2010.06.11 23:52:43 | 000,071,680 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\iesetup.dll [2010.06.11 23:52:43 | 000,070,656 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ie4uinit.exe [2010.06.11 23:52:43 | 000,055,808 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\iernonce.dll [2010.06.11 23:52:43 | 000,013,312 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\msfeedssync.exe [2010.06.11 23:52:43 | 000,012,288 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\msfeedssync.exe [2010.06.07 23:42:19 | 000,000,000 | ---D | C] -- C:\Users\Manuel Burkhardt\Documents\Expression [2010.06.07 23:11:00 | 000,000,000 | --SD | C] -- C:\Users\Manuel Burkhardt\Documents\Meine Websites [2010.06.07 23:04:45 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Microsoft Visual Studio 8 ========== Files - Modified Within 30 Days ========== [2010.07.06 22:38:05 | 002,097,152 | -HS- | M] () -- C:\Users\Manuel Burkhardt\NTUSER.DAT [2010.07.06 22:31:20 | 000,004,048 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0 [2010.07.06 22:31:20 | 000,004,048 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0 [2010.07.06 15:41:53 | 000,002,677 | ---- | M] () -- C:\Users\Manuel Burkhardt\Desktop\HiJackThis.lnk [2010.07.06 11:03:07 | 061,677,838 | ---- | M] () -- C:\Windows\SysNative\drivers\Avg\incavi.avm [2010.07.06 11:01:57 | 001,418,612 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI [2010.07.06 11:01:57 | 000,618,204 | ---- | M] () -- C:\Windows\SysNative\perfh007.dat [2010.07.06 11:01:57 | 000,586,980 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat [2010.07.06 11:01:57 | 000,122,442 | ---- | M] () -- C:\Windows\SysNative\perfc007.dat [2010.07.06 11:01:57 | 000,101,052 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat [2010.07.06 10:55:25 | 000,000,006 | -H-- | M] () -- C:\Windows\tasks\SA.DAT [2010.07.06 10:55:24 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat [2010.07.06 10:55:20 | 4294,303,744 | -HS- | M] () -- C:\hiberfil.sys [2010.07.06 10:55:00 | 000,000,000 | ---- | M] () -- C:\Windows\SysNative\drivers\lvuvc.hs [2010.07.06 00:09:53 | 000,524,288 | -HS- | M] () -- C:\Users\Manuel Burkhardt\NTUSER.DAT{243a06cc-4268-11de-8fd8-002185fbbc62}.TMContainer00000000000000000001.regtrans-ms [2010.07.06 00:09:53 | 000,065,536 | -HS- | M] () -- C:\Users\Manuel Burkhardt\NTUSER.DAT{243a06cc-4268-11de-8fd8-002185fbbc62}.TM.blf [2010.07.06 00:09:48 | 003,281,892 | -H-- | M] () -- C:\Users\Manuel Burkhardt\AppData\Local\IconCache.db [2010.07.05 20:27:29 | 000,000,754 | ---- | M] () -- C:\Users\Public\Desktop\Malwarebytes' Anti-Malware.lnk [2010.07.05 00:18:04 | 000,002,063 | ---- | M] () -- C:\Users\Public\Desktop\Logitech WebCam Software.lnk [2010.07.04 17:43:05 | 000,001,923 | ---- | M] () -- C:\Users\Public\Desktop\Adobe Reader 9.lnk [2010.06.24 22:37:24 | 000,000,000 | -H-- | M] () -- C:\Windows\SysNative\drivers\Msft_User_WpdMtpDr_01_07_00.Wdf [2010.06.21 14:52:36 | 000,000,824 | ---- | M] () -- C:\Users\Manuel Burkhardt\Desktop\Aptana Studio 2.0.lnk [2010.06.17 22:13:37 | 000,001,111 | ---- | M] () -- C:\Users\Manuel Burkhardt\Desktop\FileZilla Client.lnk [2010.06.14 22:32:31 | 000,000,680 | ---- | M] () -- C:\Users\Manuel Burkhardt\AppData\Local\d3d9caps.dat [2010.06.12 03:28:57 | 000,249,856 | ---- | M] () -- C:\Windows\SysNative\FNTCACHE.DAT [2010.06.07 23:10:40 | 000,054,792 | ---- | M] () -- C:\Users\Manuel Burkhardt\AppData\Local\GDIPFONTCACHEV1.DAT ========== Files Created - No Company Name ========== [2010.07.06 15:41:37 | 000,002,677 | ---- | C] () -- C:\Users\Manuel Burkhardt\Desktop\HiJackThis.lnk [2010.07.05 20:27:29 | 000,000,754 | ---- | C] () -- C:\Users\Public\Desktop\Malwarebytes' Anti-Malware.lnk [2010.07.05 20:07:22 | 000,435,200 | ---- | C] () -- C:\Users\Manuel Burkhardt\AppData\Local\dd_vcredistMSI49EE.txt [2010.07.05 20:07:21 | 000,013,586 | ---- | C] () -- C:\Users\Manuel Burkhardt\AppData\Local\dd_vcredistUI49EE.txt [2010.07.05 20:07:21 | 000,012,838 | ---- | C] () -- C:\Users\Manuel Burkhardt\AppData\Local\dd_vcredistUI49EF.txt [2010.07.05 00:18:04 | 000,002,063 | ---- | C] () -- C:\Users\Public\Desktop\Logitech WebCam Software.lnk [2010.07.04 17:43:05 | 000,001,923 | ---- | C] () -- C:\Users\Public\Desktop\Adobe Reader 9.lnk [2010.06.24 22:37:24 | 000,000,000 | -H-- | C] () -- C:\Windows\SysNative\drivers\Msft_User_WpdMtpDr_01_07_00.Wdf [2010.06.21 14:52:36 | 000,000,824 | ---- | C] () -- C:\Users\Manuel Burkhardt\Desktop\Aptana Studio 2.0.lnk [2010.06.17 22:13:37 | 000,001,111 | ---- | C] () -- C:\Users\Manuel Burkhardt\Desktop\FileZilla Client.lnk [2010.03.16 01:14:06 | 000,000,340 | ---- | C] () -- C:\Windows\doom3.ini [2009.09.24 21:14:08 | 000,117,248 | ---- | C] () -- C:\Windows\SysWow64\EhStorAuthn.dll [2009.09.24 21:13:06 | 000,368,640 | ---- | C] () -- C:\Windows\SysWow64\msjetoledb40.dll [2009.08.07 20:19:08 | 000,000,299 | ---- | C] () -- C:\Windows\game.ini [2009.06.12 19:12:25 | 000,000,400 | ---- | C] () -- C:\Windows\ODBC.INI [2009.05.16 23:05:32 | 000,060,124 | ---- | C] () -- C:\Windows\SysWow64\tcpmon.ini [2008.10.07 10:13:30 | 000,197,912 | ---- | C] () -- C:\Windows\SysWow64\physxcudart_20.dll [2008.10.07 10:13:22 | 000,058,648 | ---- | C] () -- C:\Windows\SysWow64\AgCPanelTraditionalChinese.dll [2008.10.07 10:13:20 | 000,058,648 | ---- | C] () -- C:\Windows\SysWow64\AgCPanelSwedish.dll [2008.10.07 10:13:20 | 000,058,648 | ---- | C] () -- C:\Windows\SysWow64\AgCPanelSpanish.dll [2008.10.07 10:13:20 | 000,058,648 | ---- | C] () -- C:\Windows\SysWow64\AgCPanelSimplifiedChinese.dll [2008.10.07 10:13:20 | 000,058,648 | ---- | C] () -- C:\Windows\SysWow64\AgCPanelPortugese.dll [2008.10.07 10:13:20 | 000,058,648 | ---- | C] () -- C:\Windows\SysWow64\AgCPanelKorean.dll [2008.10.07 10:13:20 | 000,058,648 | ---- | C] () -- C:\Windows\SysWow64\AgCPanelJapanese.dll [2008.10.07 10:13:20 | 000,058,648 | ---- | C] () -- C:\Windows\SysWow64\AgCPanelGerman.dll [2008.10.07 10:13:20 | 000,058,648 | ---- | C] () -- C:\Windows\SysWow64\AgCPanelFrench.dll ========== LOP Check ========== [2010.07.06 11:11:06 | 000,000,000 | ---D | M] -- C:\Users\Manuel Burkhardt\AppData\Roaming\FileZilla [2010.04.03 00:44:33 | 000,000,000 | ---D | M] -- C:\Users\Manuel Burkhardt\AppData\Roaming\Grand Ages Rome [2010.06.03 00:56:36 | 000,000,000 | ---D | M] -- C:\Users\Manuel Burkhardt\AppData\Roaming\Hemera [2010.06.06 23:10:29 | 000,000,000 | ---D | M] -- C:\Users\Manuel Burkhardt\AppData\Roaming\ICQ [2009.05.17 01:26:33 | 000,000,000 | ---D | M] -- C:\Users\Manuel Burkhardt\AppData\Roaming\Leadertech [2010.04.04 00:37:31 | 000,000,000 | ---D | M] -- C:\Users\Manuel Burkhardt\AppData\Roaming\My Games [2009.10.11 17:36:11 | 000,000,000 | ---D | M] -- C:\Users\Manuel Burkhardt\AppData\Roaming\Nokia [2009.08.19 19:10:46 | 000,000,000 | ---D | M] -- C:\Users\Manuel Burkhardt\AppData\Roaming\PC Suite [2010.06.16 22:51:42 | 000,000,000 | ---D | M] -- C:\Users\Manuel Burkhardt\AppData\Roaming\Thunderbird [2010.07.06 00:10:09 | 000,032,530 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT ========== Purity Check ========== ========== Custom Scans ========== < %ALLUSERSPROFILE%\Application Data\*. > < %ALLUSERSPROFILE%\Application Data\*.exe /s > < %APPDATA%\*. > [2009.07.10 18:34:43 | 000,000,000 | ---D | M] -- C:\Users\Manuel Burkhardt\AppData\Roaming\Adobe [2010.07.06 11:11:06 | 000,000,000 | ---D | M] -- C:\Users\Manuel Burkhardt\AppData\Roaming\FileZilla [2009.11.30 23:04:49 | 000,000,000 | ---D | M] -- C:\Users\Manuel Burkhardt\AppData\Roaming\Google [2010.04.03 00:44:33 | 000,000,000 | ---D | M] -- C:\Users\Manuel Burkhardt\AppData\Roaming\Grand Ages Rome [2010.06.03 00:56:36 | 000,000,000 | ---D | M] -- C:\Users\Manuel Burkhardt\AppData\Roaming\Hemera [2010.06.06 23:10:29 | 000,000,000 | ---D | M] -- C:\Users\Manuel Burkhardt\AppData\Roaming\ICQ [2009.05.16 20:34:41 | 000,000,000 | ---D | M] -- C:\Users\Manuel Burkhardt\AppData\Roaming\Identities [2009.07.19 21:58:42 | 000,000,000 | ---D | M] -- C:\Users\Manuel Burkhardt\AppData\Roaming\InstallShield [2009.05.17 01:26:33 | 000,000,000 | ---D | M] -- C:\Users\Manuel Burkhardt\AppData\Roaming\Leadertech [2009.05.17 01:35:16 | 000,000,000 | ---D | M] -- C:\Users\Manuel Burkhardt\AppData\Roaming\Logitech [2009.05.16 21:26:13 | 000,000,000 | ---D | M] -- C:\Users\Manuel Burkhardt\AppData\Roaming\Macromedia [2010.07.05 20:27:34 | 000,000,000 | ---D | M] -- C:\Users\Manuel Burkhardt\AppData\Roaming\Malwarebytes [2006.11.02 17:06:33 | 000,000,000 | ---D | M] -- C:\Users\Manuel Burkhardt\AppData\Roaming\Media Center Programs [2010.06.21 12:57:45 | 000,000,000 | --SD | M] -- C:\Users\Manuel Burkhardt\AppData\Roaming\Microsoft [2010.04.22 21:49:01 | 000,000,000 | ---D | M] -- C:\Users\Manuel Burkhardt\AppData\Roaming\Mozilla [2010.04.04 00:37:31 | 000,000,000 | ---D | M] -- C:\Users\Manuel Burkhardt\AppData\Roaming\My Games [2009.08.06 22:00:13 | 000,000,000 | ---D | M] -- C:\Users\Manuel Burkhardt\AppData\Roaming\Nero [2009.10.11 17:36:11 | 000,000,000 | ---D | M] -- C:\Users\Manuel Burkhardt\AppData\Roaming\Nokia [2009.08.19 19:10:46 | 000,000,000 | ---D | M] -- C:\Users\Manuel Burkhardt\AppData\Roaming\PC Suite [2009.05.17 19:23:05 | 000,000,000 | RH-D | M] -- C:\Users\Manuel Burkhardt\AppData\Roaming\SecuROM [2010.07.05 15:53:00 | 000,000,000 | ---D | M] -- C:\Users\Manuel Burkhardt\AppData\Roaming\Skype [2009.05.17 16:34:37 | 000,000,000 | ---D | M] -- C:\Users\Manuel Burkhardt\AppData\Roaming\Talkback [2010.06.16 22:51:42 | 000,000,000 | ---D | M] -- C:\Users\Manuel Burkhardt\AppData\Roaming\Thunderbird [2009.08.06 21:27:10 | 000,000,000 | ---D | M] -- C:\Users\Manuel Burkhardt\AppData\Roaming\WinRAR < %APPDATA%\*.exe /s > [2010.07.06 15:41:37 | 000,388,096 | R--- | M] (Trend Micro Inc.) -- C:\Users\Manuel Burkhardt\AppData\Roaming\Microsoft\Installer\{45A66726-69BC-466B-A7A4-12FCBA4883D7}\HiJackThis.exe [2009.07.02 21:02:14 | 000,010,134 | R--- | M] () -- C:\Users\Manuel Burkhardt\AppData\Roaming\Microsoft\Installer\{BCB313A5-1AD0-4829-9D6F-EB41C3CFCD4B}\Foren.exe [2009.07.02 21:02:14 | 000,000,766 | R--- | M] () -- C:\Users\Manuel Burkhardt\AppData\Roaming\Microsoft\Installer\{BCB313A5-1AD0-4829-9D6F-EB41C3CFCD4B}\htmledit.exe [2009.05.16 21:53:16 | 000,009,158 | R--- | M] () -- C:\Users\Manuel Burkhardt\AppData\Roaming\Microsoft\Installer\{D1EF69B7-7A97-40FC-9AF1-6D6656FF874F}\ARPPRODUCTICON.exe < %SYSTEMDRIVE%\*.exe > [2010.06.03 00:52:38 | 000,040,960 | ---- | M] () -- C:\HTGD0003.exe [2010.06.03 00:52:38 | 000,036,864 | ---- | M] () -- C:\HTGD0005.exe [2010.06.03 00:52:39 | 000,509,984 | ---- | M] (Microsoft Corporation) -- C:\HTGD0006.exe < MD5 for: AGP440.SYS > [2008.01.19 00:09:10 | 000,064,568 | ---- | M] (Microsoft Corporation) MD5=F6F6793B7F17B550ECFDBD3B229173F7 -- C:\Windows\winsxs\amd64_machine.inf_31bf3856ad364e35_6.0.6001.18000_none_163188bf770e4ab0\AGP440.sys [2008.01.19 00:09:10 | 000,064,568 | ---- | M] (Microsoft Corporation) MD5=F6F6793B7F17B550ECFDBD3B229173F7 -- C:\Windows\winsxs\amd64_machine.inf_31bf3856ad364e35_6.0.6002.18005_none_181d01cb743015fc\AGP440.sys < MD5 for: ATAPI.SYS > [2008.01.19 00:07:48 | 000,022,584 | ---- | M] (Microsoft Corporation) MD5=1898FAE8E07D97F2F6C2D5326C633FAC -- C:\Windows\winsxs\amd64_mshdc.inf_31bf3856ad364e35_6.0.6001.18000_none_3956c39dd9e73fd2\atapi.sys [2009.04.11 09:15:00 | 000,020,952 | ---- | M] (Microsoft Corporation) MD5=E68D9B3A3905619732F7FE039466A623 -- C:\Windows\winsxs\amd64_mshdc.inf_31bf3856ad364e35_6.0.6002.18005_none_3b423ca9d7090b1e\atapi.sys < MD5 for: CNGAUDIT.DLL > [2006.11.02 13:16:48 | 000,014,848 | ---- | M] (Microsoft Corporation) MD5=21322B1A2AD337C579F4A65EA0D25193 -- C:\Windows\winsxs\amd64_microsoft-windows-cngaudit-dll_31bf3856ad364e35_6.0.6000.16386_none_424bc4aceb06de1c\cngaudit.dll [2006.11.02 11:46:03 | 000,011,776 | ---- | M] (Microsoft Corporation) MD5=7F15B4953378C8B5161D65C26D5FED4D -- C:\Windows\SysWOW64\cngaudit.dll [2006.11.02 11:46:03 | 000,011,776 | ---- | M] (Microsoft Corporation) MD5=7F15B4953378C8B5161D65C26D5FED4D -- C:\Windows\SysWOW64\cngaudit.dll [2006.11.02 11:46:03 | 000,011,776 | ---- | M] (Microsoft Corporation) MD5=7F15B4953378C8B5161D65C26D5FED4D -- C:\Windows\winsxs\x86_microsoft-windows-cngaudit-dll_31bf3856ad364e35_6.0.6000.16386_none_e62d292932a96ce6\cngaudit.dll < MD5 for: IASTORV.SYS > [2008.01.19 00:11:32 | 000,290,872 | ---- | M] (Intel Corporation) MD5=3E3BF3627D886736D0B4E90054F929F6 -- C:\Windows\winsxs\amd64_iastorv.inf_31bf3856ad364e35_6.0.6001.18000_none_0b2fedfc40256bc5\iaStorV.sys < MD5 for: NETLOGON.DLL > [2008.01.19 00:03:02 | 000,716,800 | ---- | M] (Microsoft Corporation) MD5=5D0A4891F8CD0E9E64FF57A6A34044F5 -- C:\Windows\winsxs\amd64_microsoft-windows-security-netlogon_31bf3856ad364e35_6.0.6001.18000_none_59d652c6f057598d\netlogon.dll [2006.11.02 11:46:11 | 000,559,616 | ---- | M] (Microsoft Corporation) MD5=889A2C9F2AACCD8F64EF50AC0B3D553B -- C:\Windows\winsxs\wow64_microsoft-windows-security-netlogon_31bf3856ad364e35_6.0.6000.16386_none_61f43b1d27cd0ab4\netlogon.dll [2009.04.11 08:28:23 | 000,592,896 | ---- | M] (Microsoft Corporation) MD5=95DAECF0FB120A7B5DA679CC54E37DDE -- C:\Windows\SysWOW64\netlogon.dll [2009.04.11 08:28:23 | 000,592,896 | ---- | M] (Microsoft Corporation) MD5=95DAECF0FB120A7B5DA679CC54E37DDE -- C:\Windows\SysWOW64\netlogon.dll [2009.04.11 08:28:23 | 000,592,896 | ---- | M] (Microsoft Corporation) MD5=95DAECF0FB120A7B5DA679CC54E37DDE -- C:\Windows\winsxs\wow64_microsoft-windows-security-netlogon_31bf3856ad364e35_6.0.6002.18005_none_6616762521d9e6d4\netlogon.dll [2009.04.11 09:11:16 | 000,717,312 | ---- | M] (Microsoft Corporation) MD5=A3F1B171702CA04744EE514243B45BFB -- C:\Windows\winsxs\amd64_microsoft-windows-security-netlogon_31bf3856ad364e35_6.0.6002.18005_none_5bc1cbd2ed7924d9\netlogon.dll [2008.01.18 23:35:38 | 000,592,384 | ---- | M] (Microsoft Corporation) MD5=A8EFC0B6E75B789F7FD3BA5025D4E37F -- C:\Windows\winsxs\wow64_microsoft-windows-security-netlogon_31bf3856ad364e35_6.0.6001.18000_none_642afd1924b81b88\netlogon.dll [2006.11.02 13:18:47 | 000,684,032 | ---- | M] (Microsoft Corporation) MD5=BFAB28B54DF41208CF3490FF26E53FD9 -- C:\Windows\winsxs\amd64_microsoft-windows-security-netlogon_31bf3856ad364e35_6.0.6000.16386_none_579f90caf36c48b9\netlogon.dll < MD5 for: NVSTOR.SYS > [2008.01.19 00:08:52 | 000,054,328 | ---- | M] (NVIDIA Corporation) MD5=F7EA0FE82842D05EDA3EFDD376DBFDBA -- C:\Windows\winsxs\amd64_nvraid.inf_31bf3856ad364e35_6.0.6001.18000_none_95f95eab775c159d\nvstor.sys < MD5 for: SCECLI.DLL > [2008.01.18 23:36:20 | 000,177,152 | ---- | M] (Microsoft Corporation) MD5=28B84EB538F7E8A0FE8B9299D591E0B9 -- C:\Windows\winsxs\wow64_microsoft-windows-s..urationengineclient_31bf3856ad364e35_6.0.6001.18000_none_9e812831c5d9a243\scecli.dll [2006.11.02 13:19:09 | 000,239,616 | ---- | M] (Microsoft Corporation) MD5=32EF13F20B28966D29DE5EABE036431D -- C:\Windows\winsxs\amd64_microsoft-windows-s..urationengineclient_31bf3856ad364e35_6.0.6000.16386_none_91f5bbe3948dcf74\scecli.dll [2008.01.19 00:03:56 | 000,235,520 | ---- | M] (Microsoft Corporation) MD5=35F1DD99F9903BC267C2AF16B09F9BF7 -- C:\Windows\winsxs\amd64_microsoft-windows-s..urationengineclient_31bf3856ad364e35_6.0.6001.18000_none_942c7ddf9178e048\scecli.dll [2006.11.02 11:46:12 | 000,176,640 | ---- | M] (Microsoft Corporation) MD5=80E2839D05CA5970A86D7BE2A08BFF61 -- C:\Windows\winsxs\wow64_microsoft-windows-s..urationengineclient_31bf3856ad364e35_6.0.6000.16386_none_9c4a6635c8ee916f\scecli.dll [2009.04.11 08:28:24 | 000,177,152 | ---- | M] (Microsoft Corporation) MD5=8FC182167381E9915651267044105EE1 -- C:\Windows\SysWOW64\scecli.dll [2009.04.11 08:28:24 | 000,177,152 | ---- | M] (Microsoft Corporation) MD5=8FC182167381E9915651267044105EE1 -- C:\Windows\SysWOW64\scecli.dll [2009.04.11 08:28:24 | 000,177,152 | ---- | M] (Microsoft Corporation) MD5=8FC182167381E9915651267044105EE1 -- C:\Windows\winsxs\wow64_microsoft-windows-s..urationengineclient_31bf3856ad364e35_6.0.6002.18005_none_a06ca13dc2fb6d8f\scecli.dll [2009.04.11 09:11:23 | 000,235,520 | ---- | M] (Microsoft Corporation) MD5=9922ADB6DCA8F0F5EA038BEFF339C08B -- C:\Windows\winsxs\amd64_microsoft-windows-s..urationengineclient_31bf3856ad364e35_6.0.6002.18005_none_9617f6eb8e9aab94\scecli.dll < MD5 for: USERINIT.EXE > [2008.01.18 23:33:34 | 000,025,088 | ---- | M] (Microsoft Corporation) MD5=0E135526E9785D085BCD9AEDE6FBCBF9 -- C:\Windows\SysWOW64\userinit.exe [2008.01.18 23:33:34 | 000,025,088 | ---- | M] (Microsoft Corporation) MD5=0E135526E9785D085BCD9AEDE6FBCBF9 -- C:\Windows\SysWOW64\userinit.exe [2008.01.18 23:33:34 | 000,025,088 | ---- | M] (Microsoft Corporation) MD5=0E135526E9785D085BCD9AEDE6FBCBF9 -- C:\Windows\winsxs\x86_microsoft-windows-userinit_31bf3856ad364e35_6.0.6001.18000_none_dc28ba15d1aff80b\userinit.exe [2006.11.02 11:45:50 | 000,024,576 | ---- | M] (Microsoft Corporation) MD5=22027835939F86C3E47AD8E3FBDE3D11 -- C:\Windows\winsxs\x86_microsoft-windows-userinit_31bf3856ad364e35_6.0.6000.16386_none_d9f1f819d4c4e737\userinit.exe [2006.11.02 13:16:15 | 000,028,160 | ---- | M] (Microsoft Corporation) MD5=46D5B6B80E4A5997F508F938F96B7628 -- C:\Windows\winsxs\amd64_microsoft-windows-userinit_31bf3856ad364e35_6.0.6000.16386_none_3610939d8d22586d\userinit.exe [2008.01.19 00:00:42 | 000,028,160 | ---- | M] (Microsoft Corporation) MD5=A0AB2BB9A92293D9CE66E252719AB5FE -- C:\Windows\winsxs\amd64_microsoft-windows-userinit_31bf3856ad364e35_6.0.6001.18000_none_384755998a0d6941\userinit.exe < MD5 for: WS2IFSL.SYS > [2008.01.18 22:37:48 | 000,020,992 | ---- | M] (Microsoft Corporation) MD5=8A900348370E359B6BFF6A550E4649E1 -- C:\Windows\winsxs\amd64_microsoft-windows-w..rastructure-ws2ifsl_31bf3856ad364e35_6.0.6001.18000_none_aba53c58802b1777\ws2ifsl.sys [2006.11.02 11:47:52 | 000,020,992 | ---- | M] (Microsoft Corporation) MD5=C4EE49DB7EADC812DBC0ECCF2E7FB929 -- C:\Windows\winsxs\amd64_microsoft-windows-w..rastructure-ws2ifsl_31bf3856ad364e35_6.0.6000.16386_none_a96e7a5c834006a3\ws2ifsl.sys < %systemroot%\system32\drivers\*.sys /lockedfiles > < %systemroot%\System32\config\*.sav > < %systemroot%\*. /mp /s > < %systemroot%\system32\*.dll /lockedfiles > [2009.03.08 13:31:42 | 000,348,160 | ---- | M] (Microsoft Corporation) Unable to obtain MD5 -- C:\Windows\SysWOW64\dxtmsft.dll [2009.03.08 13:31:37 | 000,216,064 | ---- | M] (Microsoft Corporation) Unable to obtain MD5 -- C:\Windows\SysWOW64\dxtrans.dll ========== Alternate Data Streams ========== @Alternate Data Stream - 122 bytes -> C:\ProgramData\TEMP:A8ADE5D8 @Alternate Data Stream - 121 bytes -> C:\ProgramData\TEMP:DFC5A2B2 < End of report > |
|
06.07.2010, 21:48
| #5 |
| | Internet Explorer 8.0 (Vista) öffnet sich völlig unkontrolliert zigfach ... und hier die Antwort der Extras.txt. Ich hoffe, ihr könnt damit etwas anfangen und mir weiterhelfen. Vielen Dank schon mal im voraus. Extras.txt Code:
ATTFilter OTL Extras logfile created on: 06.07.2010 22:37:26 - Run 1
OTL by OldTimer - Version 3.2.7.1 Folder = K:\Eingehend
64bit-Windows Vista Ultimate Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18928)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
4,00 Gb Total Physical Memory | 1,00 Gb Available Physical Memory | 34,00% Memory free
8,00 Gb Paging File | 5,00 Gb Available in Paging File | 66,00% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 97,66 Gb Total Space | 44,70 Gb Free Space | 45,77% Space Free | Partition Type: NTFS
Drive D: | 78,12 Gb Total Space | 78,03 Gb Free Space | 99,87% Space Free | Partition Type: NTFS
Drive E: | 195,31 Gb Total Space | 191,69 Gb Free Space | 98,15% Space Free | Partition Type: NTFS
Drive F: | 488,28 Gb Total Space | 423,76 Gb Free Space | 86,79% Space Free | Partition Type: NTFS
Drive G: | 68,36 Gb Total Space | 68,26 Gb Free Space | 99,85% Space Free | Partition Type: NTFS
Drive H: | 80,69 Gb Total Space | 80,59 Gb Free Space | 99,88% Space Free | Partition Type: NTFS
Drive I: | 292,97 Gb Total Space | 272,57 Gb Free Space | 93,04% Space Free | Partition Type: NTFS
Drive J: | 150,26 Gb Total Space | 150,16 Gb Free Space | 99,93% Space Free | Partition Type: NTFS
Drive K: | 94,67 Gb Total Space | 94,52 Gb Free Space | 99,85% Space Free | Partition Type: NTFS
Drive Q: | 931,51 Gb Total Space | 849,09 Gb Free Space | 91,15% Space Free | Partition Type: NTFS
Drive V: | 1,88 Gb Total Space | 1,88 Gb Free Space | 99,96% Space Free | Partition Type: FAT
Computer Name: MBU-PC-01
Current User Name: Manuel Burkhardt
Logged in as Administrator.
Current Boot Mode: Normal
Scan Mode: All users
Include 64bit Scans
Company Name Whitelist: Off
Skip Microsoft Files: Off
File Age = 30 Days
Output = Minimal
========== Extra Registry (SafeList) ==========
========== File Associations ==========
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.js[@ = JSFile] -- E:\Programmierung\Web\Aptana\Install\AptanaStudio.exe ()
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- C:\Windows\SysWow64\control.exe (Microsoft Corporation)
.js [@ = JSFile] -- E:\Programmierung\Web\Aptana\Install\AptanaStudio.exe ()
[HKEY_USERS\S-1-5-21-4181750598-3240758953-3275519497-1000\SOFTWARE\Classes\<extension>]
.html [@ = FirefoxHTML] -- E:\Internet\Browser\Firefox\Install\firefox.exe (Mozilla Corporation)
========== Shell Spawning ==========
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %* File not found
cmdfile [open] -- "%1" %* File not found
comfile [open] -- "%1" %* File not found
exefile [open] -- "%1" %* File not found
helpfile [open] -- Reg Error: Key error.
htmlfile [edit] -- "E:\Office\XP\Install\Office10\msohtmed.exe" %1 (Microsoft Corporation)
htmlfile [print] -- "E:\Office\XP\Install\Office10\msohtmed.exe" /p %1 (Microsoft Corporation)
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
InternetShortcut [print] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\mshtml.dll",PrintHTML "%1" (Microsoft Corporation)
jsfile [open] -- "E:\Programmierung\Web\Aptana\Install\AptanaStudio.exe" "%1" ()
piffile [open] -- "%1" %* File not found
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1" File not found
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l (Microsoft Corporation)
scrfile [open] -- "%1" /S File not found
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1 File not found
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe /separate,/idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /separate,/e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
htmlfile [edit] -- "E:\Office\XP\Install\Office10\msohtmed.exe" %1 (Microsoft Corporation)
htmlfile [print] -- "E:\Office\XP\Install\Office10\msohtmed.exe" /p %1 (Microsoft Corporation)
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
jsfile [open] -- "E:\Programmierung\Web\Aptana\Install\AptanaStudio.exe" "%1" ()
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l (Microsoft Corporation)
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe /separate,/idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /separate,/e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
========== Security Center Settings ==========
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"AntiVirusOverride" = 1
"AntiSpywareOverride" = 0
"FirewallOverride" = 0
"VistaSp1" = AB 1B CD E9 6E D6 C9 01 [binary data]
"VistaSp2" = 3F 24 64 8E 65 40 CA 01 [binary data]
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"oobe_av" = 1
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
========== Authorized Applications List ==========
========== Vista Active Open Ports Exception List ==========
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{4E922366-0429-465B-B2FC-53F28B80E152}" = lport=2869 | protocol=6 | dir=in | app=system |
"{EE9A7409-CBD5-4B14-B51B-AEC0EE4BC026}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=svchost.exe |
========== Vista Active Application Exception List ==========
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{09BFF4EF-ACC3-4A59-AAB9-90C8B1AFEA21}" = dir=in | app=e:\sicherheit\antivirus\avg\install\avgupd.exe |
"{22EF59B8-5997-4BB3-8274-2AC4BE0727A0}" = protocol=6 | dir=in | app=f:\strategie\civilisation iv\install\civilization4.exe |
"{2657B900-30F3-4FA2-AE5F-5128EEEABA09}" = protocol=6 | dir=in | app=f:\shooter\farcry2\install\far cry 2\bin\farcry2.exe |
"{2ADE5833-0221-4AFC-AA46-FF430BF81CC9}" = protocol=17 | dir=in | app=f:\strategie\colonisation\install\colonization.exe |
"{2E74B1DC-4CAD-4D68-808B-F542DD306462}" = protocol=6 | dir=in | app=e:\kamera\webkamera\quickcam sphere af\quickcam\install\logitech vid\vid.exe |
"{3EDD9713-3341-4744-86B0-4CAA7582A579}" = protocol=17 | dir=in | app=f:\shooter\enemy territory\install\etqwded.exe |
"{403C7C08-649C-491B-9C07-502031B4A6F3}" = protocol=17 | dir=in | app=f:\shooter\farcry2\install\far cry 2\bin\fc2editor.exe |
"{4645D705-81F4-4976-AED9-62C35A5F315C}" = protocol=6 | dir=in | app=f:\strategie\colonisation\install\colonization.exe |
"{47025B52-F2CA-455A-95D4-27D336FBEF24}" = protocol=17 | dir=in | app=f:\shooter\farcry2\install\far cry 2\bin\farcry2.exe |
"{518448AE-4625-413F-92D2-B082318F6EE0}" = protocol=17 | dir=in | app=e:\kamera\webkamera\quickcam sphere af\quickcam\install\logitech vid\vid.exe |
"{54204D0A-5CBA-40A1-90F9-E62CB5A0279D}" = dir=in | app=c:\program files (x86)\windows live\messenger\msnmsgr.exe |
"{58289ADF-5F3E-4A9D-BBDE-E528658095E4}" = protocol=6 | dir=in | app=f:\shooter\farcry2\install\far cry 2\bin\fc2editor.exe |
"{5B6CE7CD-00DD-4771-9AF2-B4219FF4E98A}" = protocol=6 | dir=in | app=f:\shooter\enemy territory\install\etqw.exe |
"{5F569C1B-0021-4288-9AE4-E5E276F82927}" = protocol=17 | dir=in | app=f:\shooter\enemy territory\install\etqw.exe |
"{7D772FAD-9A79-4FAD-A3A1-6B263ECABD34}" = protocol=17 | dir=in | app=f:\strategie\civilisation iv\install\civilization4.exe |
"{80FAD662-3DDF-4F43-A669-9515173D80E3}" = dir=in | app=e:\kommunikation\messenger\skype\install\phone\skype.exe |
"{AD431003-70BB-4A70-9D25-CF9F4C9B2F15}" = protocol=17 | dir=in | app=c:\windows\syswow64\pnkbstra.exe |
"{B52425E8-DC04-4116-9726-3B74216F3E04}" = protocol=6 | dir=in | app=c:\windows\syswow64\pnkbstrb.exe |
"{B89B5613-F606-479D-8D19-336C32D63615}" = protocol=6 | dir=in | app=f:\tools\steam\install\steamapps\common\silent hill homecoming\bin\silenthill.exe |
"{C8E3C2E7-2C22-492F-8086-E06B815EEC44}" = protocol=6 | dir=in | app=c:\windows\syswow64\pnkbstra.exe |
"{D52DAE6F-DEA3-4D51-858F-8EA4428A8B58}" = dir=in | app=e:\sicherheit\antivirus\avg\install\avgemc.exe |
"{D5A14F3C-3448-49ED-9D8A-C7972FD97C85}" = protocol=17 | dir=in | app=f:\tools\steam\install\steamapps\common\silent hill homecoming\bin\silenthill.exe |
"{DF21BE10-1E88-4F2D-BF87-EC89632AE06C}" = dir=in | app=e:\sicherheit\antivirus\avg\install\avgnsa.exe |
"{F00A8086-551E-43FB-811E-2299DC4F1376}" = protocol=6 | dir=in | app=f:\shooter\farcry2\install\far cry 2\bin\fc2launcher.exe |
"{F477006A-3A4D-44BF-96CD-16023C8089BA}" = protocol=6 | dir=in | app=f:\shooter\enemy territory\install\etqwded.exe |
"{F74EF554-DAF0-40F1-A68D-9321131D511F}" = protocol=17 | dir=in | app=c:\windows\syswow64\pnkbstrb.exe |
"{FE83D849-88B4-4BC4-B3CF-B0BA018F222D}" = protocol=17 | dir=in | app=f:\shooter\farcry2\install\far cry 2\bin\fc2launcher.exe |
"TCP Query User{091D429F-BFE6-4204-81FD-ACF38104CA92}C:\program files (x86)\nokia\nokia software updater\nsu_ui_client.exe" = protocol=6 | dir=in | app=c:\program files (x86)\nokia\nokia software updater\nsu_ui_client.exe |
"TCP Query User{249CFC30-D630-455E-9E2A-F9E5B8E64F40}E:\programmierung\web\aptana\install\aptanastudio.exe" = protocol=6 | dir=in | app=e:\programmierung\web\aptana\install\aptanastudio.exe |
"TCP Query User{42F6A585-35F8-4582-95BC-425A8E84E597}C:\program files (x86)\internet explorer\iexplore.exe" = protocol=6 | dir=in | app=c:\program files (x86)\internet explorer\iexplore.exe |
"TCP Query User{489144C2-CF54-4652-A4C5-CEB5967F9F6F}E:\internet\browser\firefox\install\firefox.exe" = protocol=6 | dir=in | app=e:\internet\browser\firefox\install\firefox.exe |
"TCP Query User{9627F6CA-ECBF-4665-A3BB-88FE1EB0B277}E:\kommunikation\messenger\icq\install\icq6.5\icq.exe" = protocol=6 | dir=in | app=e:\kommunikation\messenger\icq\install\icq6.5\icq.exe |
"TCP Query User{9D116753-BECD-49B4-AFB5-ECB1860134EB}C:\program files (x86)\common files\nokia\service layer\a\nsl_host_process.exe" = protocol=6 | dir=in | app=c:\program files (x86)\common files\nokia\service layer\a\nsl_host_process.exe |
"TCP Query User{ED6728C7-EE39-4691-8E80-D46FEB78A8A8}E:\programmierung\web\aptana\install\aptanastudio3.exe" = protocol=6 | dir=in | app=e:\programmierung\web\aptana\install\aptanastudio3.exe |
"UDP Query User{0C1FE627-4360-474A-947E-594BE47E20DD}C:\program files (x86)\internet explorer\iexplore.exe" = protocol=17 | dir=in | app=c:\program files (x86)\internet explorer\iexplore.exe |
"UDP Query User{11DC3AE7-A945-4180-9246-B81D16F84BDF}E:\internet\browser\firefox\install\firefox.exe" = protocol=17 | dir=in | app=e:\internet\browser\firefox\install\firefox.exe |
"UDP Query User{3BB9CA62-BB9A-406C-AF99-486529738DA9}C:\program files (x86)\nokia\nokia software updater\nsu_ui_client.exe" = protocol=17 | dir=in | app=c:\program files (x86)\nokia\nokia software updater\nsu_ui_client.exe |
"UDP Query User{9DCD3623-81B7-433B-B0FC-59A499877D6A}E:\programmierung\web\aptana\install\aptanastudio3.exe" = protocol=17 | dir=in | app=e:\programmierung\web\aptana\install\aptanastudio3.exe |
"UDP Query User{A43EBB0A-B9BC-4B3E-8577-45BA83CB185F}E:\programmierung\web\aptana\install\aptanastudio.exe" = protocol=17 | dir=in | app=e:\programmierung\web\aptana\install\aptanastudio.exe |
"UDP Query User{C968B7F9-E504-4B28-BDDD-8854BDD88048}C:\program files (x86)\common files\nokia\service layer\a\nsl_host_process.exe" = protocol=17 | dir=in | app=c:\program files (x86)\common files\nokia\service layer\a\nsl_host_process.exe |
"UDP Query User{CDD479D9-A06F-4E4F-AD99-77526C9440AB}E:\kommunikation\messenger\icq\install\icq6.5\icq.exe" = protocol=17 | dir=in | app=e:\kommunikation\messenger\icq\install\icq6.5\icq.exe |
========== HKEY_LOCAL_MACHINE Uninstall List ==========
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{052FDD78-A6EA-3187-8386-C82F4CA3A929}" = Microsoft .NET Framework 3.5 Language Pack SP1 - deu
"{071c9b48-7c32-4621-a0ac-3f809523288f}" = Microsoft Visual C++ 2005 Redistributable (x64)
"{0C826C5B-B131-423A-A229-C71B3CACCD6A}" = CDDRV_Installer
"{4D668D4F-FAA2-4726-834C-31F4614F312E}" = MSVC80_x64_v2
"{68660049-8D48-427C-9FF7-139D8340CDC0}" = MSVC80_x64
"{95120000-00B9-0409-1000-0000000FF1CE}" = Microsoft Application Error Reporting
"{9B48B0AC-C813-4174-9042-476A887592C7}" = Windows Live ID-Anmelde-Assistent
"{B6E3757B-5E77-3915-866A-CCFC4B8D194C}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x64 8.0.50727.4053
"{BAE72B35-821F-6780-18C5-BE4EBDF8DC7A}" = ATI Catalyst Install Manager
"{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1
"{D1EF69B7-7A97-40FC-9AF1-6D6656FF874F}" = ATI AVIVO64 Codecs
"{D4DF3FD3-4467-47EF-8D4A-AF1E691E34F5}" = Logitech Webcam Software
"{F3F18612-7B5D-4C05-86C9-AB50F6F71727}" = KhalInstallWrapper
"FCEC33AD40CEA5E0FC4CEE6E42041A0DA189652D" = Windows-Treiberpaket - Nokia pccsmcfd (08/22/2008 7.0.0.0)
"lvdrivers_11.90" = Logitech QuickCam-Treiberpaket
"Microsoft .NET Framework 3.5 Language Pack SP1 - deu" = Microsoft .NET Framework 3.5 Language Pack SP1 - DEU
"Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1
"UltSounds" = Windows-Soundschemas
"UltSounds2" = Ultimate Extras sounds from Microsoft® Tinker™
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{021C4C4F-C93C-4425-BFFD-C2D16776BFAE}" = Visual C++ 8.0 Runtime Setup Package (x64)
"{02627ee5-eaca-4742-a9cc-e687631773e4}" = Nero ShowTime
"{02B244A2-7F6A-42E8-A36F-8C385D7A1625}" = Gothic III
"{048298C9-A4D3-490B-9FF9-AB023A9238F3}" = Steam
"{04830D0F-F980-4EC0-89F1-594F2FD2A1B5}" = ElsterFormular 2008/2009
"{086a7d8c-0a38-4c7f-819a-620275550d5c}" = Nero Burning ROM Help
"{0AD84416-63A4-4CF3-BDDF-8FA866711FB0}" = Civilization III
"{11C88EEC-23FC-4181-B6E4-22247E2ABD28}" = Microsoft Expression Web 3
"{18455581-E099-4BA8-BC6B-F34B2F06600C}" = Google Toolbar for Internet Explorer
"{19DC9559-9C20-4A46-A67D-7ECBA52A2788}" = Nokia PC Suite
"{1c00c7c5-e615-4139-b817-7f4003de68c0}" = Nero PhotoSnap Help
"{1C0E9C6B-D4D5-4D3C-8A10-F10A3E7BEEA5}" = WN111v2
"{20400dbd-e6db-45b8-9b6b-1dd7033818ec}" = Nero InfoTool
"{205C6BDD-7B73-42DE-8505-9A093F35A238}" = Windows Live-Uploadtool
"{212748BB-0DA5-46DE-82A1-403736DC9F27}" = MSVC80_x86
"{22B775E7-6C42-4FC5-8E10-9A5E3257BD94}" = MSVCRT
"{2318C2B1-4965-11d4-9B18-009027A5CD4F}" = Google Toolbar for Internet Explorer
"{2348b586-c9ae-46ce-936c-a68e9426e214}" = Nero StartSmart Help
"{26A24AE4-039D-4CA4-87B4-2F83216020FF}" = Java(TM) 6 Update 20
"{2FDBBCEA-62DB-45F4-B6E5-0E1FB2A1F29D}" = Visual C++ 8.0 Runtime Setup Package (x64)
"{3175E049-F9A9-4A3D-8F19-AC9FB04514D1}" = Windows Live Communications Platform
"{31E2413D-8AA1-43EC-8B8D-77B65ADA4611}" = Civilization III v1.21f
"{33cf58f5-48d8-4575-83d6-96f574e4d83a}" = Nero DriveSpeed
"{359cfc0a-beb1-440d-95ba-cf63a86da34f}" = Nero Recode
"{368ba326-73ad-4351-84ed-3c0a7a52cc53}" = Nero Rescue Agent
"{43e39830-1826-415d-8bae-86845787b54b}" = Nero Vision
"{45A66726-69BC-466B-A7A4-12FCBA4883D7}" = HiJackThis
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{4FBCEA31-5D18-4212-9231-DE7CF1BE7DBB}" = Logitech Vid
"{56aba277-ee53-4478-a607-fa42208ff5a9}" = Menu Templates - Pack 1
"{56C049BE-79E9-4502-BEA7-9754A3E60F9B}" = neroxml
"{57250e78-f6e2-4dce-9a84-50b28a70ab84}" = Menu Templates - Pack 3
"{595a3116-40bb-4e0f-a2e8-d7951da56270}" = NeroExpress
"{5d9be3c1-8ba4-4e7e-82fd-9f74fa6815d1}" = Nero Vision
"{5e08ecd1-c98e-4711-bf65-8fd736b3f969}" = Nero RescueAgent Help
"{60c731fb-c951-41ce-ad41-8e54c8594609}" = Nero Disc Copy Gadget Help
"{60DE4033-9503-48D1-A483-7846BD217CA9}" = ICQ6.5
"{62ac81f6-bdd3-4110-9d36-3e9eaab40999}" = Nero CoverDesigner
"{69FDFBB6-351D-4B8C-89D8-867DC9D0A2A4}" = Windows Media Player Firefox Plugin
"{6D3245B1-8DB8-4A23-9CD2-2C90F40ABAF6}" = MSVC80_x86_v2
"{7397EDED-F38A-4654-B669-BF61065803D0}" = PC Connectivity Solution
"{752E90AC-3F11-4EA3-88EA-96441047EC31}" = Microsoft Expression Web 3 SP1
"{770657D0-A123-3C07-8E44-1C83EC895118}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
"{7748ac8c-18e3-43bb-959b-088faea16fb2}" = Nero StartSmart
"{77e33d87-255e-413e-9c8d-eed2a7f9bebf}" = Nero Live Help
"{7829db6f-a066-4e40-8912-cb07887c20bb}" = Nero BurnRights
"{81C42533-F5A8-46CE-9013-ECF783A4CBD4}" = NVIDIA PhysX
"{83202942-84b3-4c50-8622-b8c0aa2d2885}" = Nero Express Help
"{837b34e3-7c30-493c-8f6a-2b0f04e2912c}" = Microsoft Visual C++ 2005 Redistributable
"{85243696-5e58-4357-9cf8-3498c609941d}" = NeroLiveGadget Help
"{857DA860-472D-483E-AC6E-B9D7DDCDB0BA}" = Microsoft Expression Design 3
"{869200db-287a-4dc0-b02b-2b6787fbcd4c}" = Nero DiscSpeed
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{8E5233E1-7495-44FB-8DEB-4BE906D59619}" = Junk Mail filter update
"{90120000-0020-0407-0000-0000000FF1CE}" = Compatibility Pack für 2007 Office System
"{91110407-6000-11D3-8CFE-0050048383C9}" = Microsoft Office XP Professional
"{98a67610-a3b5-4098-a423-3708040026d3}" = "Nero SoundTrax Help
"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
"{9ab8e6ce-ce6d-43a0-b54e-422425524ff9}" = Menu Templates - Pack 2
"{9e82b934-9a25-445b-b8df-8012808074ac}" = Nero PhotoSnap
"{9e9fdde6-2c26-492a-85a0-05646b3f2795}" = NeroLiveGadget
"{a209525b-3377-43f4-b886-32f6b6e7356f}" = Nero WaveEditor
"{A8F2089B-1F79-4BF6-B385-A2C2B0B9A74D}" = ImagXpress
"{AC76BA86-7AD7-1031-7B44-A93000000001}" = Adobe Reader 9.3.3 - Deutsch
"{AC76BA86-7AD7-5464-3428-900000000004}" = Spelling Dictionaries Support For Adobe Reader 9
"{ad6bc5cc-2ef0-49c4-b33d-cdc8b2c4dc80}" = Nero Recode Help
"{AED2DD42-9853-407E-A6BC-8A1D6B715909}" = Windows Live Messenger
"{b1adf008-e898-4fe2-8a1f-690d9a06acaf}" = DolbyFiles
"{b2ec4a38-b545-4a00-8214-13fe0e915e6d}" = Advertising Center
"{B6C2569C-E2AA-4AB9-8C26-AC2487A2BFFC}" = Sid Meier's Civilization 4
"{b78120a0-cf84-4366-a393-4d0a59bc546c}" = Menu Templates - Starter Kit
"{B7A585C8-CE4E-4150-84C6-A13C3CB1379F}" = Enemy Territory - QUAKE Wars(TM)
"{B9C9DB4C-6D77-4AE9-AD1C-C708C23239A0}" = Nokia Connectivity Cable Driver
"{BCB313A5-1AD0-4829-9D6F-EB41C3CFCD4B}" = Phase 5 HTML-Editor
"{bd5ca0da-71ad-43da-b19e-6eee0c9adc9a}" = Nero ControlCenter
"{C4D738F7-996A-4C81-B8FA-C4E26D767E41}" = Windows Live Mail
"{c5a7cb6c-e76d-408f-ba0e-85605420fe9d}" = SoundTrax
"{c84b9e76-648c-4082-a4af-79c32e01a9a7}" = Nero 9
"{CAFA57E8-8927-4912-AFCF-B0AA3837E989}" = Windows Live Essentials
"{cc019e3f-59d2-4486-8d4b-878105b62a71}" = Nero DiscSpeed
"{ce96f5a5-584d-4f8f-aa3e-9baed413db72}" = Nero CoverDesigner Help
"{CFBCE791-2D53-4FCE-B3FB-D6E01F4112E8}" = Sid Meier's Civilization 4
"{d025a639-b9c9-417d-8531-208859000af8}" = NeroBurningROM
"{D103C4BA-F905-437A-8049-DB24763BBE36}" = Skype™ 4.1
"{D2041A37-5FEC-49F0-AE5C-3F2FFDFAA4F4}" = Windows Live Call
"{D45EC259-4A19-4656-B588-C2C360DD18EA}" = Half-Life(R) 2
"{D8DDC00B-2881-407D-AAC2-44AEE70AF0B7}" = Nokia Software Updater
"{d9dcf92e-72eb-412d-ac71-3b01276e5f8b}" = Nero ShowTime
"{df6a95f5-adc1-406a-bdc6-2aa7cc0182aa}" = Nero Live
"{e498385e-1c51-459a-b45f-1721e37aa1a0}" = Movie Templates - Starter Kit
"{e5c7d048-f9b4-4219-b323-8bdb01a2563d}" = Nero DriveSpeed
"{e8631efb-6b9a-426c-b1ce-e7173ca26bf8}" = Nero WaveEditor Help
"{e8a80433-302b-4ff1-815d-fcc8eac482ff}" = Nero Installer
"{E8FC40D9-D7E5-49FC-B58C-D366A3F35874}" = Microsoft Expression Encoder 3
"{EEFB15EB-FE8B-47DF-A496-1C4D1420294A}" = Doom 3
"{EF36A836-BF89-4A4F-B079-057B0C68C1E0}" = Sid Meier's Civilization IV Colonization
"{F0E12BBA-AD66-4022-A453-A1C8A0C4D570}" = Microsoft Choice Guard
"{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver
"{f1861f30-3419-44db-b2a1-c274825698b3}" = Nero Disc Copy Gadget
"{F2835483-37F2-4123-B4FE-0E77D58447F2}" = Far Cry 2
"{F29B21BD-CAA6-445F-8EF7-A7E2B9D8B14E}" = Logitech SetPoint
"{f4041dce-3fe1-4e18-8a9e-9de65231ee36}" = Nero ControlCenter
"{F40BBEC7-C2A4-4A00-9B24-7A055A2C5262}" = Microsoft Office Live Add-in 1.5
"{f425dd1d-0097-41c3-b545-b79e3d51100e}" = Movie Templates - Pack 1
"{f6bdd7c5-89ed-4569-9318-469aa9732572}" = Nero BurnRights
"{FA1D3107-CE7C-48CE-B63F-EA7B2DB0911D}" = 250.000 ClipArts
"{fbcdfd61-7dcf-4e71-9226-873ba0053139}" = Nero InfoTool
"Adobe Flash Player ActiveX" = Adobe Flash Player 10 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 10 Plugin
"Adobe Shockwave Player" = Adobe Shockwave Player 11.5
"Aptana Studio 2.0" = Aptana Studio 2.0
"ArmA2" = ArmA2 Uninstall
"AVG9Uninstall" = AVG Free 9.0
"Civitas3" = Grand Ages Rome 1.01
"Design_6.0.1739.0" = Microsoft Expression Design 3
"Drakensang_is1" = Drakensang (Patch Version 1.1)
"Encoder_3.0.1332.0" = Microsoft Expression Encoder 3
"G3QP231012008_is1" = Questpaket 3 Deinstallation
"InstallShield_{1C0E9C6B-D4D5-4D3C-8A10-F10A3E7BEEA5}" = RangeMax Wireless-N USB Adapter WN111v2
"InstallShield_{B7A585C8-CE4E-4150-84C6-A13C3CB1379F}" = Enemy Territory - QUAKE Wars(TM)
"InstallShield_{EEFB15EB-FE8B-47DF-A496-1C4D1420294A}" = Doom 3
"InstallShield_{FA1D3107-CE7C-48CE-B63F-EA7B2DB0911D}" = 250.000 ClipArts
"IrfanView" = IrfanView (remove only)
"Malwarebytes' Anti-Malware_is1" = Malwarebytes' Anti-Malware
"Mozilla Firefox (3.6.3)" = Mozilla Firefox (3.6.3)
"Mozilla Thunderbird (3.0.4)" = Mozilla Thunderbird (3.0.4)
"Nokia PC Suite" = Nokia PC Suite
"Samsung CLX-3170 Series" = Samsung CLX-3170 Series
"Steam App 19000" = Silent Hill Homecoming
"Steam App 380" = Half-Life 2: Episode One
"Steam App 420" = Half-Life 2: Episode Two
"Tomb Raider: Underworld" = Tomb Raider: Underworld 1.1
"Velvet Assassin_is1" = Velvet Assassin
"Web_3.0.3813.0" = Microsoft Expression Web 3
"WinLiveSuite_Wave3" = Windows Live Essentials
"WinRAR archiver" = WinRAR
========== HKEY_USERS Uninstall List ==========
[HKEY_USERS\S-1-5-21-4181750598-3240758953-3275519497-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"FileZilla Client" = FileZilla Client 3.3.3
"Mozilla Firefox (3.6.6)" = Mozilla Firefox (3.6.6)
"Mozilla Thunderbird (3.0.5)" = Mozilla Thunderbird (3.0.5)
========== Last 10 Event Log Errors ==========
[ Application Events ]
Error - 21.06.2010 07:38:58 | Computer Name = MBu-PC-01 | Source = SideBySide | ID = 16842830
Description = Fehler beim Generieren des Aktivierungskontextes für "E:\CD\Brennen\Nero\Install\Nero
9\Nero PhotoSnap\PhotoSnapViewer.exe.Manifest". Fehler in Manifest- oder Richtliniendatei
"" in Zeile . Eine für die Anwendung erforderliche Komponentenversion steht in Konflikt
mit einer anderen bereits aktiven Komponentenversion. Die widersprüchlichen Komponenten
sind: Komponente 1: C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.6002.18005_none_5cb72f96088b0de0.manifest.
Komponente
2: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.6002.18005_none_1509f8bef40ee4da.manifest.
Error - 21.06.2010 07:38:58 | Computer Name = MBu-PC-01 | Source = SideBySide | ID = 16842830
Description = Fehler beim Generieren des Aktivierungskontextes für "E:\CD\Brennen\Nero\Install\Nero
9\Nero PhotoSnap\PhotoSnapViewer.exe.Manifest". Fehler in Manifest- oder Richtliniendatei
"" in Zeile . Eine für die Anwendung erforderliche Komponentenversion steht in Konflikt
mit einer anderen bereits aktiven Komponentenversion. Die widersprüchlichen Komponenten
sind: Komponente 1: C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.6002.18005_none_5cb72f96088b0de0.manifest.
Komponente
2: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.6002.18005_none_1509f8bef40ee4da.manifest.
Error - 21.06.2010 07:38:59 | Computer Name = MBu-PC-01 | Source = SideBySide | ID = 16842830
Description = Fehler beim Generieren des Aktivierungskontextes für "E:\CD\Brennen\Nero\Install\Nero
9\Nero Recode\Recode.exe.Manifest". Fehler in Manifest- oder Richtliniendatei ""
in Zeile . Eine für die Anwendung erforderliche Komponentenversion steht in Konflikt
mit einer anderen bereits aktiven Komponentenversion. Die widersprüchlichen Komponenten
sind: Komponente 1: C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.6002.18005_none_5cb72f96088b0de0.manifest.
Komponente
2: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.6002.18005_none_1509f8bef40ee4da.manifest.
Error - 21.06.2010 07:38:59 | Computer Name = MBu-PC-01 | Source = SideBySide | ID = 16842830
Description = Fehler beim Generieren des Aktivierungskontextes für "E:\CD\Brennen\Nero\Install\Nero
9\Nero Recode\Recode.exe.Manifest". Fehler in Manifest- oder Richtliniendatei ""
in Zeile . Eine für die Anwendung erforderliche Komponentenversion steht in Konflikt
mit einer anderen bereits aktiven Komponentenversion. Die widersprüchlichen Komponenten
sind: Komponente 1: C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.6002.18005_none_5cb72f96088b0de0.manifest.
Komponente
2: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.6002.18005_none_1509f8bef40ee4da.manifest.
Error - 28.06.2010 16:30:34 | Computer Name = MBu-PC-01 | Source = SideBySide | ID = 16842830
Description = Fehler beim Generieren des Aktivierungskontextes für "F:\Shooter\Enemy
Territory\Install\ServerLauncher.exe". Fehler in Manifest- oder Richtliniendatei
"" in Zeile . Eine für die Anwendung erforderliche Komponentenversion steht in Konflikt
mit einer anderen bereits aktiven Komponentenversion. Die widersprüchlichen Komponenten
sind: Komponente 1: C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.6002.18005_none_5cb72f96088b0de0.manifest.
Komponente
2: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.6002.18005_none_1509f8bef40ee4da.manifest.
Error - 28.06.2010 16:30:36 | Computer Name = MBu-PC-01 | Source = SideBySide | ID = 16842830
Description = Fehler beim Generieren des Aktivierungskontextes für "E:\CD\Brennen\Nero\Install\Nero
9\Nero PhotoSnap\PhotoSnapViewer.exe.Manifest". Fehler in Manifest- oder Richtliniendatei
"" in Zeile . Eine für die Anwendung erforderliche Komponentenversion steht in Konflikt
mit einer anderen bereits aktiven Komponentenversion. Die widersprüchlichen Komponenten
sind: Komponente 1: C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.6002.18005_none_5cb72f96088b0de0.manifest.
Komponente
2: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.6002.18005_none_1509f8bef40ee4da.manifest.
Error - 28.06.2010 16:30:36 | Computer Name = MBu-PC-01 | Source = SideBySide | ID = 16842830
Description = Fehler beim Generieren des Aktivierungskontextes für "E:\CD\Brennen\Nero\Install\Nero
9\Nero Recode\Recode.exe.Manifest". Fehler in Manifest- oder Richtliniendatei ""
in Zeile . Eine für die Anwendung erforderliche Komponentenversion steht in Konflikt
mit einer anderen bereits aktiven Komponentenversion. Die widersprüchlichen Komponenten
sind: Komponente 1: C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.6002.18005_none_5cb72f96088b0de0.manifest.
Komponente
2: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.6002.18005_none_1509f8bef40ee4da.manifest.
Error - 28.06.2010 17:08:00 | Computer Name = MBu-PC-01 | Source = SideBySide | ID = 16842830
Description = Fehler beim Generieren des Aktivierungskontextes für "F:\Shooter\Enemy
Territory\Install\ServerLauncher.exe". Fehler in Manifest- oder Richtliniendatei
"" in Zeile . Eine für die Anwendung erforderliche Komponentenversion steht in Konflikt
mit einer anderen bereits aktiven Komponentenversion. Die widersprüchlichen Komponenten
sind: Komponente 1: C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.6002.18005_none_5cb72f96088b0de0.manifest.
Komponente
2: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.6002.18005_none_1509f8bef40ee4da.manifest.
Error - 28.06.2010 17:08:08 | Computer Name = MBu-PC-01 | Source = SideBySide | ID = 16842830
Description = Fehler beim Generieren des Aktivierungskontextes für "E:\CD\Brennen\Nero\Install\Nero
9\Nero PhotoSnap\PhotoSnapViewer.exe.Manifest". Fehler in Manifest- oder Richtliniendatei
"" in Zeile . Eine für die Anwendung erforderliche Komponentenversion steht in Konflikt
mit einer anderen bereits aktiven Komponentenversion. Die widersprüchlichen Komponenten
sind: Komponente 1: C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.6002.18005_none_5cb72f96088b0de0.manifest.
Komponente
2: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.6002.18005_none_1509f8bef40ee4da.manifest.
Error - 28.06.2010 17:08:08 | Computer Name = MBu-PC-01 | Source = SideBySide | ID = 16842830
Description = Fehler beim Generieren des Aktivierungskontextes für "E:\CD\Brennen\Nero\Install\Nero
9\Nero Recode\Recode.exe.Manifest". Fehler in Manifest- oder Richtliniendatei ""
in Zeile . Eine für die Anwendung erforderliche Komponentenversion steht in Konflikt
mit einer anderen bereits aktiven Komponentenversion. Die widersprüchlichen Komponenten
sind: Komponente 1: C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.6002.18005_none_5cb72f96088b0de0.manifest.
Komponente
2: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.6002.18005_none_1509f8bef40ee4da.manifest.
[ System Events ]
Error - 04.10.2009 17:52:32 | Computer Name = MBu-PC-01 | Source = PlugPlayManager | ID = 12
Description = Das Gerät "SAMSUNG HD103UJ ATA Device" (IDE\DiskSAMSUNG_HD103UJ_________________________1AA01113\5&286e3393&0&1.0.0)
wurde ohne vorbereitende Maßnahmen vom System entfernt.
Error - 05.10.2009 14:31:14 | Computer Name = MBu-PC-01 | Source = Service Control Manager | ID = 7000
Description =
Error - 05.10.2009 14:31:14 | Computer Name = MBu-PC-01 | Source = Service Control Manager | ID = 7000
Description =
Error - 05.10.2009 14:31:14 | Computer Name = MBu-PC-01 | Source = Service Control Manager | ID = 7000
Description =
Error - 06.10.2009 16:28:18 | Computer Name = MBu-PC-01 | Source = Service Control Manager | ID = 7000
Description =
Error - 06.10.2009 16:28:18 | Computer Name = MBu-PC-01 | Source = Service Control Manager | ID = 7000
Description =
Error - 06.10.2009 16:28:18 | Computer Name = MBu-PC-01 | Source = Service Control Manager | ID = 7000
Description =
Error - 07.10.2009 13:49:28 | Computer Name = MBu-PC-01 | Source = Service Control Manager | ID = 7000
Description =
Error - 07.10.2009 13:49:28 | Computer Name = MBu-PC-01 | Source = Service Control Manager | ID = 7000
Description =
Error - 07.10.2009 13:49:28 | Computer Name = MBu-PC-01 | Source = Service Control Manager | ID = 7000
Description =
< End of report >
|
|
07.07.2010, 10:46
| #6 |
| | Internet Explorer 8.0 (Vista) öffnet sich völlig unkontrolliert zigfach Hallo liebes Forum, gibt es von den zuständigen Experten jemand der mir weiterhelfen kann in dem Thema? Ich habe beide geforderten Outputs hier veröffentlicht. Was ist weiter zu tun?  Vielen Dank im voraus und beste Grüsse |
|
07.07.2010, 11:34
| #7 |
| /// Malware-holic | Internet Explorer 8.0 (Vista) öffnet sich völlig unkontrolliert zigfach hi, 1. machen wir das in unserer freizeit, also bitte nicht gleich aufschreien wenn du mal nen halben tag nichts von, in dem falle mir, hörst. 2. Fixen mit OTL • Starte bitte die OTL.exe. Vista-User mit Rechtsklick "als Administrator starten" • Kopiere nun das Folgende in die Textbox. :OTL O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - No CLSID value found. :Files :Commands [purity] [EMPTYFLASH] [emptytemp] [Reboot] @Alternate Data Stream - 122 bytes -> C:\ProgramData\TEMP:A8ADE5D8 @Alternate Data Stream - 121 bytes -> C:\ProgramData\TEMP  FC5A2B2• Schliesse bitte nun alle Programme. • Klicke nun bitte auf den Fix Button. • OTL kann gegebenfalls einen Neustart verlangen. Bitte dies zulassen. • Nach dem Neustart findest Du ein Textdokument dieses posten |
|
07.07.2010, 11:45
| #8 |
| | Internet Explorer 8.0 (Vista) öffnet sich völlig unkontrolliert zigfach Hallo Markusg, vorab sorry von meiner Seite. Das sollte in keinster Weise ein Vorwurf sein. Ich bin heilfroh, dass sich jemand mit dem Thema auseinander setzt. Ich bin sowieso ein wenig verwirrt, dass es so wenig Einträge im "www" gibt zu diesem Thema. Bzw. das die allermeisten irgendwo bei dem Thema "HiJackThis" landen. Ich werde den Bericht gleich veröffentlichen, wenn ich durch bin. Vorab schon mal danke für die Hilfe. Kannst Du mir ggf. noch folgende Frage beantworten?
Vielen Dank nochmals vorab. |
|
07.07.2010, 11:47
| #9 |
| | Internet Explorer 8.0 (Vista) öffnet sich völlig unkontrolliert zigfach Hallo erneut, anbei nun der neue Bericht von OTL: Vielen Dank weiterhin im voraus. Code:
ATTFilter ll processes killed
========== OTL ==========
Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{5C255C8A-E604-49b4-9D64-90988571CECB}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{5C255C8A-E604-49b4-9D64-90988571CECB}\ not found.
========== FILES ==========
========== COMMANDS ==========
[EMPTYFLASH]
User: All Users
User: Default
User: Default User
User: Manuel Burkhardt
->Flash cache emptied: 17476 bytes
User: Public
Total Flash Files Cleaned = 0,00 mb
[EMPTYTEMP]
User: All Users
User: Default
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 33170 bytes
User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
User: Manuel Burkhardt
->Temp folder emptied: 904275185 bytes
->Temporary Internet Files folder emptied: 119747411 bytes
->Java cache emptied: 0 bytes
->FireFox cache emptied: 92401489 bytes
->Flash cache emptied: 0 bytes
User: Public
%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 0 bytes
%systemroot%\System32 .tmp files removed: 0 bytes
%systemroot%\System32 (64bit) .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 20732364 bytes
%systemroot%\sysnative\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files folder emptied: 33170 bytes
RecycleBin emptied: 0 bytes
Total Files Cleaned = 1.085,00 mb
Error: Unable to interpret <@Alternate Data Stream - 122 bytes -> C:\ProgramData\TEMP:A8ADE5D8> in the current context!
Error: Unable to interpret <@Alternate Data Stream - 121 bytes -> C:\ProgramData\TEMPFC5A2B2> in the current context!
OTL by OldTimer - Version 3.2.7.1 log created on 07072010_123837
Files\Folders moved on Reboot...
C:\Users\Manuel Burkhardt\AppData\Local\Temp\FXSAPIDebugLogFile.txt moved successfully.
File move failed. C:\Windows\temp\logishrd\LVPrcInj01.dll scheduled to be moved on reboot.
File move failed. C:\Windows\temp\logishrd\LVPrcInj02.dll scheduled to be moved on reboot.
Registry entries deleted on Reboot...
|
|
07.07.2010, 12:10
| #10 |
| | Internet Explorer 8.0 (Vista) öffnet sich völlig unkontrolliert zigfach Kann es sein, dass diese beiden Befehlszeilen nicht korrekt umgesetzt wurden? @Alternate Data Stream - 122 bytes -> C:\ProgramData\TEMP:A8ADE5D8 @Alternate Data Stream - 121 bytes -> C:\ProgramData\TEMPFC5A2B2 Dazwischen hängt ein "Grinsegesicht" und ich habe es einfach per Copy und Paste rübergenommen. Im OTL wurde es dann in Buchtstaben umgesetzt. Ob korrekt weiss ich nicht. |
|
07.07.2010, 12:34
| #11 |
| /// Malware-holic | Internet Explorer 8.0 (Vista) öffnet sich völlig unkontrolliert zigfach istg erst mal kein prob. kannst du mal avg updaten, scannen und das ergebniss posten? |
|
07.07.2010, 12:38
| #12 |
| | Internet Explorer 8.0 (Vista) öffnet sich völlig unkontrolliert zigfach Bin schon dabei. Dauert noch einen Moment. Werde das Ergebnis dann posten. Habe heute bisher noch keine willkürlichen Popups gehabt. Vielleicht ist das Problem ja tatsächlich schon behoben. Ich kanns nicht wirklich einschätzen. Kannst Du mir wenn Du einen Moment Zeit hast noch auf meine 4 Fragen antworten. Wäre Dir sehr verbunden. Vg Manuel |
|
07.07.2010, 12:46
| #13 |
| /// Malware-holic | Internet Explorer 8.0 (Vista) öffnet sich völlig unkontrolliert zigfach die programme zeigen uns dateien etc die sich auf deinem pc befinden, nicht jedes antivirus kennt alle schädlichen dateien. durch was sie entstehen, zb durch den besuch infizierter websites, anhänge in mails etc. die daten können in so weit gelöscht werden, dass der name rausgenommen wird. die logs zu löschen finde ich nicht so gut auch wir helfer kennen nicht jede datei und der ein oder andere nutzt auch mal google so das die logs infos geben können, die sagen ja nichts persönliches über dich aus, nur dateinamen |
|
07.07.2010, 13:06
| #14 |
| | Internet Explorer 8.0 (Vista) öffnet sich völlig unkontrolliert zigfach Hallo markusg, anbei noch der Bericht vom AVG: Code:
ATTFilter "Scan ""Gesamten Computer scannen"" wurde beendet."
"Bei diesem Scan wurde keine Infizierung gefunden"
"Für den Scanvorgang ausgewählte Ordner:";"Gesamten Computer scannen"
"Start des Scans:";"Mittwoch, 7. Juli 2010, 13:38:48"
"Scan beendet:";"Mittwoch, 7. Juli 2010, 14:02:47 (23 Minute(n) 58 Sekunde(n))"
"Gesamtanzahl gescannter Objekte:";"959689"
"Benutzer, der den Scan gestartet hat:";"***"
Die wichtigste Frage jetzt noch: Könnt ihr das mit den userbezogenen Daten ändern oder wie läuft das vonstatten? Muss ich bezüglich dem Virus jetzt noch was beachten oder kann ich davon ausgehen, dass es vollständig bereinigt ist? Vielen vielen Dank für die schnelle Hilfe!!! Lg Manuel |
|
07.07.2010, 13:46
| #15 |
| /// Malware-holic | Internet Explorer 8.0 (Vista) öffnet sich völlig unkontrolliert zigfach hmm ich habe keine schädliche dateie gesehen, evtl. war sie im temp verzeichniss. klicke mal auf "beitrag melden" und teile mit, das deine daten gelöscht werden sollen, da kümmert sich dann wer. will ncoh abschließend nen online scan machen. Free ESET Online Antivirus Scanner die funde löschen, log posten. |
|
| Themen zu Internet Explorer 8.0 (Vista) öffnet sich völlig unkontrolliert zigfach |
| adobe, antivirus, avg, avg free, bho, e-mail, excel, explorer, google, hijack, hijackthis, internet, internet explorer, logfile, monitor, netgear, netzwerk, object, plug-in, sicherheit, software, sphere, syswow64, taskmanager, viren, vista, windows, wlan, öffnet |
Hybrid-Darstellung
