Zurück   Trojaner-Board > Malware entfernen > Log-Analyse und Auswertung

Log-Analyse und Auswertung: Security Suite befällt alle neu installiereten Hilfsprogramme

Windows 7 Wenn Du Dir einen Trojaner eingefangen hast oder ständig Viren Warnungen bekommst, kannst Du hier die Logs unserer Diagnose Tools zwecks Auswertung durch unsere Experten posten. Um Viren und Trojaner entfernen zu können, muss das infizierte System zuerst untersucht werden: Erste Schritte zur Hilfe. Beachte dass ein infiziertes System nicht vertrauenswürdig ist und bis zur vollständigen Entfernung der Malware nicht verwendet werden sollte.XML.

Antwort
Alt 13.08.2010, 16:53   #1
Michael5
 
Security Suite befällt alle neu installiereten Hilfsprogramme - Standard

Security Suite befällt alle neu installiereten Hilfsprogramme



Hallo zusammen,
ich hoffe mal, dass der Text im richtigen Bereich ist.
Also ich habe folgendes Problem.
Gestern hab ich abends meinen PC hochgefahren und sofort nach dem Start wurde ich von diesem Programm namens Security Suite befallen. Heute morgen ist mir aufgefallen, dass ich fast keine Anwendung mehr benutzen kann (email, explorer, word...). Dann habe ich Euer super Forum gefunden und habe alle beschriebenen Schritte ausgeführt. Leider hat dieser "Virus" gemerkt, dass es sich um Antivirus-Programm handelt. Auch das umbenennen hat nichts gebracht, weil dieser Virus eine kleine Markierung an das Programm (an die Weiterleitung auf dem Desktop zum Beispiel) geheftet hat. Dann habe ich das ganze im abgesicherten Modus gemacht und siehe da, es funktioniert. Dann habe ich gelesen, dass man nach dem Scanen den Bericht posten soll.
Wer kann dort was erkennen bzw. ist alles ok?


Malwarebytes' Anti-Malware 1.46
www.malwarebytes.org

Datenbank Version: 4424

Windows 6.0.6002 Service Pack 2 (Safe Mode)
Internet Explorer 8.0.6001.18943

13.08.2010 16:47:17
mbam-log-2010-08-13 (16-47-17).txt

Art des Suchlaufs: Vollständiger Suchlauf (C:\|D:\|)
Durchsuchte Objekte: 321218
Laufzeit: 1 Stunde(n), 11 Minute(n), 30 Sekunde(n)

Infizierte Speicherprozesse: 0
Infizierte Speichermodule: 0
Infizierte Registrierungsschlüssel: 3
Infizierte Registrierungswerte: 4
Infizierte Dateiobjekte der Registrierung: 0
Infizierte Verzeichnisse: 0
Infizierte Dateien: 22

Infizierte Speicherprozesse:
(Keine bösartigen Objekte gefunden)

Infizierte Speichermodule:
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungsschlüssel:
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\{19127ad2-394b-70f5-c650-b97867baa1f7} (Backdoor.Bot) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\Software\Antimalware Doctor Inc (Rogue.AntimalwareDoctor) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Uninstall\Antimalware Doctor (Rogue.AntimalwareDoctor) -> Quarantined and deleted successfully.

Infizierte Registrierungswerte:
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\secureapp70700.exe (Trojan.Agent.Gen) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\userinit (Spyware.Zbot) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\ldgoorck (Trojan.FakeAlert.Gen) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce\*upd_debug.exe (Trojan.FakeAlert) -> Quarantined and deleted successfully.

Infizierte Dateiobjekte der Registrierung:
(Keine bösartigen Objekte gefunden)

Infizierte Verzeichnisse:
(Keine bösartigen Objekte gefunden)

Infizierte Dateien:
C:\Users\MW\AppData\Roaming\D61ECBE1425E89958F94523894DC4F72\secureapp70700.exe (Trojan.Agent.Gen) -> Quarantined and deleted successfully.
C:\Users\MW\AppData\Roaming\sdra64.exe (Spyware.Zbot) -> Quarantined and deleted successfully.
C:\Users\MW\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\2RPUGLSD\imhbjepxrz[2].htm (Malware.Packer.Gen) -> Quarantined and deleted successfully.
C:\Users\MW\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\ILSZ10I5\jjelg[1].htm (Spyware.Zbot) -> Quarantined and deleted successfully.
C:\Users\MW\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\ILSZ10I5\sjnvpnidk[1].htm (Malware.Packer.Gen) -> Quarantined and deleted successfully.
C:\Users\MW\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\QNB88JHR\aaidkfmhfa[1].htm (Adware.BHO) -> Quarantined and deleted successfully.
C:\Users\MW\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\QNB88JHR\secureapp70700[1].exe (Trojan.Agent.Gen) -> Quarantined and deleted successfully.
C:\Users\MW\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\SJ6EPO3B\aaidkfmhfa[1].htm (Adware.BHO) -> Quarantined and deleted successfully.
C:\Users\MW\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\SJ6EPO3B\jjelg[1].htm (Spyware.Zbot) -> Quarantined and deleted successfully.
C:\Users\MW\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\SJ6EPO3B\sjnvpnidk[1].htm (Malware.Packer.Gen) -> Quarantined and deleted successfully.
C:\Users\MW\AppData\Local\Temp\acorsnmewx.exe (Rootkit.Dropper) -> Quarantined and deleted successfully.
C:\Users\MW\AppData\Local\Temp\osewamxnrc.exe (Trojan.Dropper) -> Quarantined and deleted successfully.
C:\Users\MW\AppData\Local\Temp\otnnhn.exe (Malware.Packer.Gen) -> Quarantined and deleted successfully.
C:\Users\MW\AppData\Local\Temp\ukdoi.exe (Adware.BHO) -> Quarantined and deleted successfully.
C:\Users\MW\AppData\Local\Temp\umqkpf.exe (Spyware.Zbot) -> Quarantined and deleted successfully.
C:\Users\MW\AppData\Local\bcrcjuvjd\rvfmqekshdw.exe (Trojan.FakeAlert.Gen) -> Quarantined and deleted successfully.
C:\Users\MW\AppData\Roaming\D61ECBE1425E89958F94523894DC4F72\upd_debug.exe (Trojan.FakeAlert) -> Quarantined and deleted successfully.
C:\Users\MW\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Antimalware Doctor.lnk (Rogue.AntimalwareDoctor) -> Quarantined and deleted successfully.
C:\Users\MW\AppData\Roaming\Microsoft\Windows\Start Menu\Antimalware Doctor.lnk (Rogue.AntimalwareDoctor) -> Quarantined and deleted successfully.
C:\Users\MW\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Antimalware Doctor.lnk (Rogue.AntiMalwareDoctor) -> Quarantined and deleted successfully.
C:\Users\MW\ctfmon.exe (Trojan.Agent) -> Quarantined and deleted successfully.
C:\Users\MW\downloads\eXplorer.exe (Heuristics.Reserved.Word.Exploit) -> Quarantined and deleted successfully.

Alt 13.08.2010, 18:15   #2
cosinus
/// Winkelfunktion
/// TB-Süch-Tiger™
 
Security Suite befällt alle neu installiereten Hilfsprogramme - Standard

Security Suite befällt alle neu installiereten Hilfsprogramme



Systemscan mit OTL

Lade Dir bitte OTL von Oldtimer herunter und speichere es auf Deinem Desktop
  • Doppelklick auf die OTL.exe
  • Vista User: Rechtsklick auf die OTL.exe und "als Administrator ausführen" wählen
  • Oben findest Du ein Kästchen mit Output. Wähle bitte Minimal Output
  • Unter Extra Registry, wähle bitte Use SafeList
  • Klicke nun auf Run Scan links oben
  • Wenn der Scan beendet wurde werden 2 Logfiles erstellt
  • Poste die Logfiles hier in den Thread.
__________________

__________________

Alt 13.08.2010, 18:46   #3
Michael5
 
Security Suite befällt alle neu installiereten Hilfsprogramme - Standard

Security Suite befällt alle neu installiereten Hilfsprogramme



Hallo Arne,

vielen Dank für Deine Hilfe!
Hier die Logfiles:OTL Logfile:
Code:
ATTFilter
OTL Extras logfile created on: 13.08.2010 19:36:51 - Run 1
OTL by OldTimer - Version 3.2.9.1     Folder = C:\Users\MW\Downloads
Windows Vista Home Premium Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18943)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
 
3,00 Gb Total Physical Memory | 1,00 Gb Available Physical Memory | 44,00% Memory free
6,00 Gb Paging File | 4,00 Gb Available in Paging File | 70,00% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 287,03 Gb Total Space | 172,91 Gb Free Space | 60,24% Space Free | Partition Type: NTFS
Drive D: | 11,06 Gb Total Space | 1,83 Gb Free Space | 16,56% Space Free | Partition Type: NTFS
E: Drive not present or media not loaded
F: Drive not present or media not loaded
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded
 
Computer Name: MW-PC
Current User Name: MW
Logged in as Administrator.
 
Current Boot Mode: Normal
Scan Mode: Current user
Company Name Whitelist: Off
Skip Microsoft Files: Off
File Age = 30 Days
Output = Minimal
 
========== Extra Registry (SafeList) ==========
 
 
========== File Associations ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- C:\Windows\System32\control.exe (Microsoft Corporation)
.hlp [@ = hlpfile] -- C:\Windows\winhlp32.exe (Microsoft Corporation)
 
[HKEY_CURRENT_USER\SOFTWARE\Classes\<extension>]
.html [@ = FirefoxHTML] -- C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation)
 
========== Shell Spawning ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
hlpfile [open] -- %SystemRoot%\winhlp32.exe %1 (Microsoft Corporation)
htmlfile [edit] -- "C:\Program Files\Microsoft Office\Office12\msohtmed.exe" %1 (Microsoft Corporation)
htmlfile [print] -- "C:\Program Files\Microsoft Office\Office12\msohtmed.exe" /p %1 (Microsoft Corporation)
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l (Microsoft Corporation)
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [AddToPlaylistVLC] -- "C:\Program Files\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" ()
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [OneNote.Open] -- C:\PROGRA~1\MICROS~3\Office12\ONENOTE.EXE "%L" (Microsoft Corporation)
Directory [PlayWithVLC] -- "C:\Program Files\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" ()
Folder [open] -- %SystemRoot%\Explorer.exe /separate,/idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /separate,/e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
 
========== Security Center Settings ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0
"VistaSp1" = Reg Error: Unknown registry data type -- File not found
"VistaSp2" = Reg Error: Unknown registry data type -- File not found
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0
 
========== Authorized Applications List ==========
 
 
========== Vista Active Open Ports Exception List ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{0230D100-C8DC-4949-BADE-D0E9A576E6E2}" = rport=139 | protocol=6 | dir=out | app=system | 
"{24F4D4A9-BFC5-4701-916C-AE7937BC6C24}" = rport=2177 | protocol=6 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe | 
"{3C389DB3-E83E-4229-B3E1-D91C065729C4}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=svchost.exe | 
"{48DA815F-06A7-4BD8-A6AD-2C49E364902D}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe | 
"{50F36DF3-923E-4ACC-9303-4968726406ED}" = rport=137 | protocol=17 | dir=out | app=system | 
"{70492019-4AE7-4E77-9FCA-CCE3B757C103}" = lport=2869 | protocol=6 | dir=in | app=system | 
"{7B2B65B1-8C79-47AC-9DCB-FEB5D465E117}" = lport=rpc-epmap | protocol=6 | dir=in | svc=rpcss | name=@firewallapi.dll,-28539 | 
"{A4389990-BE7F-4A77-AAB8-A7708B759317}" = lport=rpc | protocol=6 | dir=in | svc=spooler | app=%systemroot%\system32\spoolsv.exe | 
"{A58CC367-305E-4A4A-963E-480AA265DDA9}" = rport=445 | protocol=6 | dir=out | app=system | 
"{A9C34A91-E054-4141-87D6-6FB1546F11D5}" = lport=2869 | protocol=6 | dir=in | app=system | 
"{BA933B76-3F53-469B-A06C-F9E5BDF8555E}" = rport=138 | protocol=17 | dir=out | app=system | 
"{DD0FA3CF-0FD6-40B2-8093-CBC17A4982CB}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe | 
"{E65425F2-F824-4EDE-B6D3-112ADB957715}" = lport=445 | protocol=6 | dir=in | app=system | 
"{EEF52D36-8C2A-4196-9DB9-C71B33DC755C}" = lport=2177 | protocol=6 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe | 
"{EF1B76B8-E305-4963-8AFA-CB33A5BC0DC8}" = lport=139 | protocol=6 | dir=in | app=system | 
"{F1A7ED69-A2B0-4311-A9E8-0F387CAC4996}" = lport=138 | protocol=17 | dir=in | app=system | 
"{F5922F8C-B6E7-4532-9D1F-F7E7F5D34E64}" = lport=10243 | protocol=6 | dir=in | app=system | 
"{FA8570EB-1F5D-43A4-8B42-507A2331E5B9}" = lport=137 | protocol=17 | dir=in | app=system | 
"{FB31B25A-4476-48E2-8907-C87B9B332C3D}" = rport=2177 | protocol=17 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe | 
"{FBBACE6E-2E34-44A4-8D74-FFCF84D7772E}" = rport=10243 | protocol=6 | dir=out | app=system | 
"{FEE214F6-85FB-4579-B7DB-2FCFA1CA2CD3}" = lport=2177 | protocol=17 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe | 
 
========== Vista Active Application Exception List ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{00B052FA-D30B-452B-B80B-01CDDF489420}" = dir=in | app=c:\program files\hewlett-packard\media\dvd\hptouchsmartphoto.exe | 
"{0182BC57-4E49-4584-AF17-74D1BBC0554B}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe | 
"{03171676-F0BC-464C-9035-ADCDE708A7DA}" = dir=in | app=c:\program files\hewlett-packard\media\dvd\hptouchsmartvideo.exe | 
"{1031BAF5-977E-4CE3-9B68-D6BD8EE24A1C}" = dir=in | app=c:\program files\msn messenger\livecall.exe | 
"{107006DA-BF57-4C80-A518-C79CF1A75B48}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe | 
"{11BCE8B7-03A7-4F6A-8858-2E052B6FE0FD}" = protocol=6 | dir=in | app=c:\program files\microsoft office\office12\onenote.exe | 
"{16834077-9029-4C27-BF8E-6FE3A35241DE}" = dir=in | app=c:\program files\hewlett-packard\touchsmart\media\tsmagent.exe | 
"{39A2304A-0B95-404F-9ABB-8E844B6866CC}" = dir=in | app=c:\program files\hewlett-packard\media\dvd\tsmagent.exe | 
"{435303A7-31CB-4950-91A3-06CA727C511E}" = protocol=6 | dir=in | app=c:\users\mw\appdata\local\microsoft\windows\temporary internet files\content.ie5\70xsgzad\dndhandle[1].exe | 
"{53410B68-0FA3-4B3C-889E-8BD68509860B}" = dir=in | app=c:\program files\hewlett-packard\touchsmart\media\kernel\clml\clmlsvc.exe | 
"{581D78FA-102B-4658-B292-928BB539D79E}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe | 
"{5A3A3F3B-6E0A-4EBB-B2C5-8C6FFE2F8478}" = dir=in | app=c:\program files\hewlett-packard\media\tv\qp.exe | 
"{5B0391AD-003E-4D32-9C60-5E04A66701F9}" = dir=in | app=c:\program files\hewlett-packard\media\dvd\hptouchsmartmusic.exe | 
"{64F4DBFB-B4B6-44CA-A8E2-A7D40E5EA6FF}" = dir=in | app=c:\program files\hewlett-packard\media\dvd\kernel\clml\clmlsvc.exe | 
"{665F69C3-8F00-40C6-87A3-C6498896D2E4}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe | 
"{67FFEC9F-EE44-41C9-9BC6-230CB1D2019B}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe | 
"{6C3C72AE-559A-4CF6-8252-7DC17A96A240}" = protocol=6 | dir=out | svc=upnphost | app=%systemroot%\system32\svchost.exe | 
"{6D56BCDA-74B0-4944-A823-72126833AD35}" = protocol=17 | dir=in | app=c:\users\mw\appdata\local\microsoft\windows\temporary internet files\content.ie5\70xsgzad\dndhandle[1].exe | 
"{71D55440-7FFE-45BC-A889-86777BFC07A5}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe | 
"{72C5B8E6-7472-46F3-A47C-48503B28BB57}" = dir=in | app=c:\program files\hewlett-packard\media\dvd\hpdvdsmart.exe | 
"{7448F0F4-E31E-4389-9C3D-7D6199F0E042}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe | 
"{7E67197D-9E3D-4FB1-841F-805D05FC3B9A}" = dir=in | app=c:\program files\hewlett-packard\media\tv\qpservice.exe | 
"{89E7038F-242B-4CFC-AC9A-C3ECDDB8485C}" = protocol=6 | dir=out | app=system | 
"{8DCC8863-1257-45A0-B00D-00DB4E4B2D54}" = protocol=58 | dir=out | name=@firewallapi.dll,-28546 | 
"{95F3B823-F0E3-42FA-93C2-4C85CA001984}" = protocol=1 | dir=in | name=@firewallapi.dll,-28543 | 
"{9A00201A-FCD0-4EF5-A6D0-C3E7C3DEF64E}" = dir=in | app=c:\program files\msn messenger\msnmsgr.exe | 
"{A3D93688-256F-4D38-B038-62DF7B552CE1}" = protocol=1 | dir=out | name=@firewallapi.dll,-28544 | 
"{A42C7833-A799-40E1-8FD8-4EA95AEC412E}" = protocol=58 | dir=in | name=@firewallapi.dll,-28545 | 
"{B17D97B7-D727-4845-9C70-D6651D2F1086}" = dir=in | app=c:\program files\hewlett-packard\touchsmart\media\hptouchsmartmusic.exe | 
"{BB3F23C6-267C-497F-89E2-483F33676548}" = dir=in | app=c:\program files\hewlett-packard\touchsmart\media\hptouchsmartphoto.exe | 
"{CC73667A-B19C-4077-9F11-D3FFB515F603}" = dir=in | app=c:\program files\cyberlink\powerdirector\pdr.exe | 
"{E463A2F5-B320-4E9F-84C4-73AB49881349}" = protocol=6 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe | 
"{E4DC8BAD-0800-48BC-8AB2-C0F36D9CE24D}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe | 
"{E88C4106-0409-4D1D-9F87-27AA5B82EABD}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe | 
"{E9458154-598B-4135-9419-8C3EE746E64E}" = protocol=17 | dir=in | app=c:\program files\microsoft office\office12\onenote.exe | 
"{FB5A6764-B674-44A4-954D-87E2ACC930E5}" = dir=in | app=c:\program files\hewlett-packard\touchsmart\media\hptouchsmartvideo.exe | 
"TCP Query User{3C96991F-D0E0-4D2A-B715-0F5B09F1BBF2}C:\windows\explorer.exe" = protocol=6 | dir=in | app=c:\windows\explorer.exe | 
"TCP Query User{95BCA522-02A5-4392-91F4-F8E794C13659}C:\program files\internet explorer\iexplore.exe" = protocol=6 | dir=in | app=c:\program files\internet explorer\iexplore.exe | 
"TCP Query User{C9A15645-92A6-4184-9D10-2CAF56B4F67B}C:\program files\icq6.5\icq.exe" = protocol=6 | dir=in | app=c:\program files\icq6.5\icq.exe | 
"TCP Query User{DA654AEE-A450-41C6-BC58-49E97F96CEA2}C:\program files\icq6.5\icq.exe" = protocol=6 | dir=in | app=c:\program files\icq6.5\icq.exe | 
"UDP Query User{113FFF6C-A775-4387-BF56-8E8278B4FE8C}C:\program files\internet explorer\iexplore.exe" = protocol=17 | dir=in | app=c:\program files\internet explorer\iexplore.exe | 
"UDP Query User{41CD13DE-D487-4A3E-9472-4E3F588E8636}C:\program files\icq6.5\icq.exe" = protocol=17 | dir=in | app=c:\program files\icq6.5\icq.exe | 
"UDP Query User{8A2EBF83-CE9F-4312-963F-D6026309D42F}C:\windows\explorer.exe" = protocol=17 | dir=in | app=c:\windows\explorer.exe | 
"UDP Query User{DB6455D4-F736-448A-98A6-254E34745170}C:\program files\icq6.5\icq.exe" = protocol=17 | dir=in | app=c:\program files\icq6.5\icq.exe | 
 
========== HKEY_LOCAL_MACHINE Uninstall List ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{0054A0F6-00C9-4498-B821-B5C9578F433E}" = HP Help and Support
"{018A980E-99CC-E6E1-1103-460538A91B39}" = CCC Help Dutch
"{01FB4998-33C4-4431-85ED-079E3EEFE75D}" = HP MediaSmart Webcam
"{04758F02-79E9-A64D-6C95-65EF84E435EA}" = ccc-core-static
"{052FDD78-A6EA-3187-8386-C82F4CA3A929}" = Microsoft .NET Framework 3.5 Language Pack SP1 - deu
"{0C1EBF39-FB4C-106D-56C6-91F926F5E283}" = Catalyst Control Center Graphics Light
"{0E7DBD52-B097-4F2B-A7C7-F105B0D20FDB}" = LightScribe System Software  1.14.17.1
"{0F2C3198-6FA0-78E7-48CF-82F766D0AD60}" = Catalyst Control Center Core Implementation
"{154A4184-1A3D-4BF9-A5AE-4FA1660445F3}" = HP Total Care Advisor
"{179C56A4-F57F-4561-8BBF-F911D26EB435}" = WebReg
"{187817E2-6407-461C-B59B-56CE73363D34}" = Catalyst Control Center - Branding
"{1E8FDA17-C7AB-4610-1F54-B5A6695E8B6F}" = CCC Help Danish
"{1FBF6C24-C1FD-4101-A42B-0C564F9E8E79}" = CyberLink DVD Suite
"{228C6B46-64E2-404E-898A-EF0830603EF4}" = HPNetworkAssistant
"{254C37AA-6B72-4300-84F6-98A82419187E}" = ActiveCheck component for HP Active Support Library
"{26604C7E-A313-4D12-867F-7C6E7820BE4C}" = JMicron Flash Media Controller Driver
"{26A24AE4-039D-4CA4-87B4-2F83216011FF}" = Java(TM) 6 Update 18
"{26B878A8-5704-3B64-BDBC-4F0EACA38121}" = Google Talk Plugin
"{279DB581-239C-4E13-97F8-0F48E40BE75C}" = Windows Live Messenger
"{2FD8E82F-55A4-358A-D74A-DA017F011200}" = Catalyst Control Center Graphics Previews Vista
"{34D2AB40-150D-475D-AE32-BD23FB5EE355}" = HP Quick Launch Buttons 6.40 L1
"{34FB8E02-74B4-8018-A2D3-ADB69E06A24A}" = Catalyst Control Center Graphics Previews Common
"{367BC374-0115-EEF1-8471-6EC87AF0D8C3}" = CCC Help Norwegian
"{36E90C09-EB23-4EAC-8B47-12C0CA5DBD3A}" = HP User Guides 0126
"{37BD3ECA-C926-8CF1-4FFF-BC473CF892E1}" = Catalyst Control Center Graphics Full Existing
"{37D31156-0666-0A8B-1313-6120E0FA40D0}" = CCC Help Italian
"{3877C901-7B90-4727-A639-B6ED2DD59D43}" = ESU for Microsoft Vista
"{39D0E034-1042-4905-BECB-5502909FCB7C}" = Microsoft Works
"{3C3901C5-3455-3E0A-A214-0B093A5070A6}" = Microsoft .NET Framework 4 Client Profile
"{3C3D696B-0DB7-3C6D-A356-3DB8CE541918}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729
"{3FA73E2A-50B6-DCAE-0BDD-FAA128934EE8}" = Catalyst Control Center Graphics Full New
"{40A594D0-1490-4979-9382-D2B764F949C6}" = BlackBerry® Media Sync
"{40BF1E83-20EB-11D8-97C5-0009C5020658}" = Power2Go
"{478FAEA5-00EB-F676-89C1-3822B94B09A7}" = CCC Help Japanese
"{47F36D92-E58E-456D-B73C-3382737E4C42}" = HP Update
"{490951ED-21E8-0B65-0BF5-32F1A3242F28}" = CCC Help English
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{57A5AEC1-97FC-474D-92C4-908FCC2253D4}" = HP Customer Experience Enhancements
"{5BAB951D-956E-4D20-CCD5-10BB8E1D4AF0}" = CCC Help Czech
"{6009F2FC-EC56-4e28-B91C-0BA5104D6419}" = SF_CDA_Software
"{60DE4033-9503-48D1-A483-7846BD217CA9}" = ICQ6.5
"{632240E4-0BC9-704E-D71F-4C5D396D2CCF}" = CCC Help Chinese Standard
"{65DA2EC9-0642-47E9-AAE2-B5267AA14D75}" = Activation Assistant for the 2007 Microsoft Office suites
"{669D4A35-146B-4314-89F1-1AC3D7B88367}" = HPAsset component for HP Active Support Library
"{66E6CE0C-5A1E-430C-B40A-0C90FF1804A8}" = eSupportQFolder
"{67626E09-5366-4480-8F1E-93FADF50CA15}" = HP MediaSmart TV
"{67D3F1A0-A1F2-49b7-B9EE-011277B170CD}" = HPProductAssistant
"{6811CAA0-BF12-11D4-9EA1-0050BAE317E1}" = PowerDVD
"{6F5E2F4A-377D-4700-B0E3-8F7F7507EA15}" = CustomerResearchQFolder
"{720FEF0C-7CE6-C8F6-2CF1-41FBB8846700}" = ATI Catalyst Install Manager
"{7299052b-02a4-4627-81f2-1818da5d550d}" = Microsoft Visual C++ 2005 Redistributable
"{732A3F80-008B-4350-BD58-EC5AE98707B8}" = HP Common Access Service Library
"{767CC44C-9BBC-438D-BAD3-FD4595DD148B}" = VC80CRTRedist - 8.0.50727.762
"{78605EFA-1076-A2B3-AA59-526536BA93E3}" = CCC Help Polish
"{79CB708A-AD4F-A11B-4CA0-713A152C1705}" = CCC Help Portuguese
"{7A9531EF-11A2-D53C-FCB9-8DFCCAD7F2B7}" = CCC Help Spanish
"{7B15D70E-9449-4CFB-B9BC-798465B2BD5C}" = Norton Internet Security
"{7EE873AF-46BB-4B5D-BA6F-CFE4B0566E22}" = TuneUp Utilities Language Pack (de-DE)
"{8833FFB6-5B0C-4764-81AA-06DFEED9A476}" = Realtek 8169 8168 8101E 8102E Ethernet Driver
"{90120000-0016-0407-0000-0000000FF1CE}" = Microsoft Office Excel MUI (German) 2007
"{90120000-0018-0407-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (German) 2007
"{90120000-001B-0407-0000-0000000FF1CE}" = Microsoft Office Word MUI (German) 2007
"{90120000-001F-0407-0000-0000000FF1CE}" = Microsoft Office Proof (German) 2007
"{90120000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2007
"{90120000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2007
"{90120000-001F-0410-0000-0000000FF1CE}" = Microsoft Office Proof (Italian) 2007
"{90120000-0020-0407-0000-0000000FF1CE}" = Compatibility Pack für 2007 Office System
"{90120000-002C-0407-0000-0000000FF1CE}" = Microsoft Office Proofing (German) 2007
"{90120000-006E-0407-0000-0000000FF1CE}" = Microsoft Office Shared MUI (German) 2007
"{90120000-00A1-0407-0000-0000000FF1CE}" = Microsoft Office OneNote MUI (German) 2007
"{90EB79E8-6A0F-1660-86C2-9E36A8B01D4A}" = CCC Help Korean
"{91120000-002F-0000-0000-0000000FF1CE}" = Microsoft Office Home and Student 2007
"{95120000-00AF-0407-0000-0000000FF1CE}" = Microsoft Office PowerPoint Viewer 2007 (German)
"{95A747E0-DF19-46CB-A622-20A0107201BD}" = HP Total Care Setup
"{95D08F4E-DFC2-4ce3-ACB7-8C8E206217E9}" = MarketResearch
"{9718521B-A345-4ad9-A52B-74D1435FB708}" = SF_CDA_ProductContext
"{978C25EE-5777-46e4-8988-732C297CBDBD}" = Status
"{981DE354-9301-440f-AAFC-025AA2354A93}" = HP Deskjet & Photosmart Printer Driver Software 8.0.A
"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
"{9B1FD9CE-0776-4f0b-A6F5-C6AB7B650CDF}" = Destinations
"{9DE3F260-B88E-42CE-90E7-73C78C37D95E}" = 32 Bit HP BiDi Channel Components Installer
"{A1D37D8A-876C-5A1E-AC00-454D0C024C9B}" = Skins
"{A36CD345-625C-4d6c-B3E2-76E1248CB451}" = SolutionCenter
"{A3AB35FA-943E-4799-99DC-46EFD59E998F}" = AMD USB Audio Driver Filter
"{A49F249F-0C91-497F-86DF-B2585E8E76B7}" = Microsoft Visual C++ 2005 Redistributable
"{A7AC8E69-01FF-494E-9A2C-423B82CEA604}" = HP MediaSmart SmartMenu
"{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper
"{AB5D51AE-EBC3-438D-872C-705C7C2084B0}" = DeviceManagementQFolder
"{AC76BA86-7AD7-1031-7B44-A93000000001}" = Adobe Reader 9.3 - Deutsch
"{AD72CFB4-C2BF-424E-9DF0-C7BAD1F30A11}" = Adobe Shockwave Player
"{B2AD681E-6741-AB24-90BC-51B2326F8680}" = CCC Help Russian
"{B2EE25B9-5B00-4ACF-94F0-92433C28C39E}" = HP MediaSmart Music/Photo/Video
"{B7050CBDB2504B34BC2A9CA0A692CC29}" = DivX Web Player
"{BA3733E3-CABE-EA21-F351-69BCFC30CF88}" = CCC Help Hungarian
"{BDFA1F29-03E7-C59F-F9A5-E727F6E1A857}" = ccc-utility
"{BE77A81F-B315-4666-9BF3-AE70C0ADB057}" = BufferChm
"{C3A32068-8AB1-4327-BB16-BED9C6219DC7}" = Atheros Driver Installation Program
"{C59C179C-668D-49A9-B6EA-0121CCFC1243}" = LabelPrint
"{C716522C-3731-4667-8579-40B098294500}" = Toolbox
"{CAE7D1D9-3794-4169-B4DD-964ADBC534EE}" = HP Product Detection
"{CB099890-1D5F-11D5-9EA9-0050BAE317E1}" = PowerDirector
"{CB71A20E-B1B4-4562-81FA-33E1DBD0342F}" = ProtectSmart Hard Drive Protection
"{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1
"{CE7E3BE0-2DD3-4416-A690-F9E4A99A8CFF}" = HP Active Support Library
"{CE86E2F5-850C-4207-94A3-A58D647B1733}" = BlackBerry Desktop Software 5.0.1
"{D0379E71-7CB9-893E-1A20-9581E10999EC}" = Catalyst Control Center InstallProxy
"{D2F31CF3-F83D-6863-4F8A-C8502802E0DD}" = CCC Help Thai
"{D3742F82-1C1A-4DCC-ABBD-0E7C3C0185CC}" = TuneUp Utilities
"{D3887E31-A821-9D46-48B2-240E0613EB12}" = CCC Help Chinese Traditional
"{DB5B22F8-D4C2-A320-5151-B3D4CFEF733C}" = CCC Help German
"{DCCAD079-F92C-44DA-B258-624FC6517A5A}" = HP MediaSmart DVD
"{DD35C328-F115-BEDA-6EEE-E00C5AACCCBC}" = muvee Reveal
"{DD74F03D-8DDC-E124-C971-C3217832EE19}" = CCC Help Turkish
"{E06F04B9-45E6-4AC0-8083-85F7515F40F7}" = UnloadSupport
"{E1060959-A299-9D88-60EC-187A55809145}" = CCC Help Swedish
"{E3A5A8AB-58F6-45FF-AFCB-C9AE18C05001}" = IDT Audio
"{E551D855-4EE6-852E-5AB8-E9AE95F73B37}" = CCC Help French
"{E5E29403-3D25-40C6-892B-F9FEE2A95585}" = HP Wireless Assistant
"{E6B042BC-3F10-609E-CDC1-2DE2AEB2552F}" = CCC Help Greek
"{EB21A812-671B-4D08-B974-2A347F0D8F70}" = HP Photosmart Essential
"{EB75DE50-5754-4F6F-875D-126EDF8E4CB3}" = HPSSupply
"{ECEE0279-785F-4CB3-9F28-E69813234BF8}" = SPORE Creature Creator Trial Edition
"{EE656C90-7D67-ECAA-B2E4-F4A768CDA1D0}" = CCC Help Finnish
"{EFB7727F-76AF-43B0-E9AC-3F89181A188B}" = Catalyst Control Center Localization All
"{F1E63043-54FC-429B-AB2C-31AF9FBA4BC7}" = 32 Bit HP CIO Components Installer
"{F4F4F84E-804F-4E9A-84D7-C34283F0088F}" = RealUpgrade 1.0
"{F750C986-5310-3A5A-95F8-4EC71C8AC01C}" = Microsoft .NET Framework 4 Client Profile DEU Language Pack
"{F7B0939E-58DF-11DF-B3A6-005056806466}" = Google Earth
"{FF075778-6E50-47ed-991D-3B07FD4E3250}" = TrayApp
"7DE39862CC26DCE2446838AAF7CD5C163F835A57" = Windows-Treiberpaket - ENE (enecir) HIDClass  (09/04/2008 2.6.0.0)
"Activation Assistant for the 2007 Microsoft Office suites" = Activation Assistant for the 2007 Microsoft Office suites
"Adobe Flash Player ActiveX" = Adobe Flash Player 10 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 10 Plugin
"AOL Toolbar" = AOL Toolbar 5.0
"Babylon" = Babylon
"BlackBerry_{CE86E2F5-850C-4207-94A3-A58D647B1733}" = BlackBerry Desktop Software 5.0.1
"Google Chrome" = Google Chrome
"HFSExplorer" = HFSExplorer 0.20.1
"HOMESTUDENTR" = Microsoft Office Home and Student 2007
"HP Imaging Device Functions" = HP Imaging Device Functions 8.0
"HP Solution Center & Imaging Support Tools" = HP Solution Center 8.0
"HPExtendedCapabilities" = HP Customer Participation Program 8.0
"ICQToolbar" = ICQ Toolbar
"InstallShield_{01FB4998-33C4-4431-85ED-079E3EEFE75D}" = HP MediaSmart Webcam
"InstallShield_{1FBF6C24-C1FD-4101-A42B-0C564F9E8E79}" = CyberLink DVD Suite
"InstallShield_{40BF1E83-20EB-11D8-97C5-0009C5020658}" = Power2Go
"InstallShield_{67626E09-5366-4480-8F1E-93FADF50CA15}" = HP MediaSmart TV
"InstallShield_{B2EE25B9-5B00-4ACF-94F0-92433C28C39E}" = HP MediaSmart Music/Photo/Video
"InstallShield_{C59C179C-668D-49A9-B6EA-0121CCFC1243}" = LabelPrint
"InstallShield_{CB099890-1D5F-11D5-9EA9-0050BAE317E1}" = PowerDirector
"InstallShield_{DCCAD079-F92C-44DA-B258-624FC6517A5A}" = HP MediaSmart DVD
"Malwarebytes' Anti-Malware_is1" = Malwarebytes' Anti-Malware
"Microsoft .NET Framework 3.5 Language Pack SP1 - deu" = Microsoft .NET Framework 3.5 Language Pack SP1 - DEU
"Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1
"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile
"Microsoft .NET Framework 4 Client Profile DEU Language Pack" = Microsoft .NET Framework 4 Client Profile DEU Language Pack
"Mobile Partner" = Mobile Partner
"Mozilla Firefox (3.5.9)" = Mozilla Firefox (3.5.9)
"myBabylon_English Toolbar" = myBabylon_English Toolbar
"NIS" = Norton Internet Security
"RealPlayer 12.0" = RealPlayer
"softonic-de3 Toolbar" = softonic-de3 Toolbar
"Surf & E-Mail-Stick" = Surf & E-Mail-Stick
"SynTPDeinstKey" = Synaptics Pointing Device Driver
"TOEFL Official Guide" = TOEFL Official Guide 2.05.0021
"TuneUp Utilities" = TuneUp Utilities
"VLC media player" = VLC media player 1.0.2
"WildTangent hp Master Uninstall" = My HP Games
"WinRAR archiver" = WinRAR
 
========== HKEY_CURRENT_USER Uninstall List ==========
 
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
 
========== Last 10 Event Log Errors ==========
 
[ Application Events ]
Error - 17.07.2010 05:45:51 | Computer Name = MW-PC | Source = WinMgmt | ID = 10
Description = 
 
Error - 17.07.2010 06:12:05 | Computer Name = MW-PC | Source = Google Update | ID = 20
Description = 
 
Error - 17.07.2010 06:31:06 | Computer Name = MW-PC | Source = Google Update | ID = 20
Description = 
 
Error - 20.07.2010 09:51:04 | Computer Name = MW-PC | Source = Windows Search Service | ID = 3013
Description = 
 
Error - 20.07.2010 09:51:04 | Computer Name = MW-PC | Source = Windows Search Service | ID = 3013
Description = 
 
Error - 22.07.2010 07:55:29 | Computer Name = MW-PC | Source = Application Error | ID = 1000
Description = Fehlerhafte Anwendung iexplore.exe, Version 8.0.6001.18928, Zeitstempel
 0x4bdfa327, fehlerhaftes Modul Flash10a.ocx, Version 10.0.12.36, Zeitstempel 0x48e83175,
 Ausnahmecode 0xc0000005, Fehleroffset 0x00129cb0,  Prozess-ID 0x1bc4, Anwendungsstartzeit
 01cb2990fe32e990.
 
Error - 25.07.2010 10:36:40 | Computer Name = MW-PC | Source = Application Error | ID = 1000
Description = Fehlerhafte Anwendung RecordingManager.exe, Version 1.0.1.704, Zeitstempel
 0x4b87064e, fehlerhaftes Modul rpshellextension.dll, Version 1.0.2.110, Zeitstempel
 0x4b860d56, Ausnahmecode 0xc0000005, Fehleroffset 0x0000c3a6,  Prozess-ID 0x4d4, 
Anwendungsstartzeit 01cb2c06c113d740.
 
Error - 25.07.2010 15:57:31 | Computer Name = MW-PC | Source = WinMgmt | ID = 10
Description = 
 
Error - 29.07.2010 07:37:48 | Computer Name = MW-PC | Source = Application Error | ID = 1000
Description = Fehlerhafte Anwendung WINWORD.EXE, Version 12.0.4518.1014, Zeitstempel
 0x45428028, fehlerhaftes Modul hpz3r4v2.dll, Version 61.63.248.0, Zeitstempel 0x45bdb917,
 Ausnahmecode 0xc0000005, Fehleroffset 0x00046038,  Prozess-ID 0x15e4, Anwendungsstartzeit
 01cb2f0c4dccc6d0.
 
Error - 29.07.2010 17:53:50 | Computer Name = MW-PC | Source = Application Error | ID = 1000
Description = Fehlerhafte Anwendung iexplore.exe, Version 8.0.6001.18928, Zeitstempel
 0x4bdfa327, fehlerhaftes Modul mshtml.dll, Version 8.0.6001.18928, Zeitstempel 
0x4bdfb76d, Ausnahmecode 0xc0000005, Fehleroffset 0x000a0e20,  Prozess-ID 0x1cf8, 
Anwendungsstartzeit 01cb2f66841e77b0.
 
[ OSession Events ]
Error - 04.05.2010 08:38:14 | Computer Name = MW-PC | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 0, Application Name: Microsoft Office Word, Application Version:
 12.0.4518.1014, Microsoft Office Version: 12.0.4518.1014. This session lasted 352263
 seconds with 6120 seconds of active time.  This session ended with a crash.
 
Error - 05.08.2010 05:58:30 | Computer Name = MW-PC | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 0, Application Name: Microsoft Office Word, Application Version:
 12.0.4518.1014, Microsoft Office Version: 12.0.4518.1014. This session lasted 79258
 seconds with 180 seconds of active time.  This session ended with a crash.
 
[ System Events ]
Error - 13.02.2010 14:36:15 | Computer Name = MW-PC | Source = Service Control Manager | ID = 7000
Description = 
 
Error - 14.02.2010 17:38:45 | Computer Name = MW-PC | Source = EventLog | ID = 6008
Description = Das System wurde zuvor am 14.02.2010 um 19:30:51 unerwartet heruntergefahren.
 
Error - 14.02.2010 17:40:06 | Computer Name = MW-PC | Source = Service Control Manager | ID = 7000
Description = 
 
Error - 16.02.2010 06:17:11 | Computer Name = MW-PC | Source = EventLog | ID = 6008
Description = Das System wurde zuvor am 14.02.2010 um 22:49:30 unerwartet heruntergefahren.
 
Error - 16.02.2010 06:18:14 | Computer Name = MW-PC | Source = Service Control Manager | ID = 7000
Description = 
 
Error - 17.02.2010 06:09:59 | Computer Name = MW-PC | Source = EventLog | ID = 6008
Description = Das System wurde zuvor am 16.02.2010 um 23:26:01 unerwartet heruntergefahren.
 
Error - 17.02.2010 06:11:00 | Computer Name = MW-PC | Source = Service Control Manager | ID = 7000
Description = 
 
Error - 17.02.2010 06:19:36 | Computer Name = MW-PC | Source = Service Control Manager | ID = 7000
Description = 
 
Error - 17.02.2010 15:16:59 | Computer Name = MW-PC | Source = DCOM | ID = 10010
Description = 
 
Error - 17.02.2010 18:22:47 | Computer Name = MW-PC | Source = Service Control Manager | ID = 7000
Description = 
 
 
< End of report >
         
--- --- ---





Und hier der zweite:
OTL Logfile:
Code:
ATTFilter
OTL logfile created on: 13.08.2010 19:36:51 - Run 1
OTL by OldTimer - Version 3.2.9.1     Folder = C:\Users\MW\Downloads
Windows Vista Home Premium Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18943)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
 
3,00 Gb Total Physical Memory | 1,00 Gb Available Physical Memory | 44,00% Memory free
6,00 Gb Paging File | 4,00 Gb Available in Paging File | 70,00% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 287,03 Gb Total Space | 172,91 Gb Free Space | 60,24% Space Free | Partition Type: NTFS
Drive D: | 11,06 Gb Total Space | 1,83 Gb Free Space | 16,56% Space Free | Partition Type: NTFS
E: Drive not present or media not loaded
F: Drive not present or media not loaded
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded
 
Computer Name: MW-PC
Current User Name: MW
Logged in as Administrator.
 
Current Boot Mode: Normal
Scan Mode: Current user
Company Name Whitelist: Off
Skip Microsoft Files: Off
File Age = 30 Days
Output = Minimal
 
========== Processes (SafeList) ==========
 
PRC - C:\Users\MW\Downloads\OTL.exe (OldTimer Tools)
PRC - C:\Programme\Mozilla Firefox\firefox.exe (Mozilla Corporation)
PRC - C:\Programme\Common Files\Real\Update_OB\realsched.exe (RealNetworks, Inc.)
PRC - C:\Programme\Common Files\Research In Motion\Auto Update\RIMAutoUpdate.exe (Research In Motion Limited)
PRC - C:\Programme\PDF Reader 9.1\SumatraPDF.exe ()
PRC - C:\Programme\Babylon\Babylon-Pro\Babylon.exe (Babylon Ltd.)
PRC - C:\Programme\TuneUp Utilities 2010\TuneUpUtilitiesApp32.exe (TuneUp Software)
PRC - C:\Programme\TuneUp Utilities 2010\TuneUpUtilitiesService32.exe (TuneUp Software)
PRC - C:\Programme\Common Files\Java\Java Update\jucheck.exe (Sun Microsystems, Inc.)
PRC - C:\Programme\Adobe\Reader 9.0\Reader\AcroRd32.exe (Adobe Systems Incorporated)
PRC - C:\Programme\Norton Internet Security\Engine\16.8.0.41\ccSvcHst.exe (Symantec Corporation)
PRC - C:\Programme\IDT\WDM\sttray.exe (IDT, Inc.)
PRC - C:\Windows\System32\DriverStore\FileRepository\stwrt.inf_827e372d\stacsv.exe (IDT, Inc.)
PRC - C:\Programme\Hewlett-Packard\Media\TV\TVAgent.exe (CyberLink Corp.)
PRC - C:\Windows\explorer.exe (Microsoft Corporation)
PRC - C:\Windows\System32\conime.exe (Microsoft Corporation)
PRC - C:\Windows\System32\DriverStore\FileRepository\stwrt.inf_827e372d\AEstSrv.exe (Andrea Electronics Corporation)
PRC - C:\Programme\Hewlett-Packard\TouchSmart\Media\Kernel\CLML\CLMLSvc.exe (CyberLink)
PRC - C:\Programme\Hewlett-Packard\TouchSmart\Media\TSMAgent.exe (CyberLink Corp.)
PRC - C:\Programme\SMINST\BLService.exe ()
PRC - C:\Programme\Hewlett-Packard\Media\DVD\DVDAgent.exe (CyberLink Corp.)
PRC - C:\Programme\Hewlett-Packard\Media\TV\Kernel\TV\TVCapSvc.exe ()
PRC - C:\Programme\Hewlett-Packard\Media\TV\Kernel\TV\TVSched.exe ()
PRC - C:\Programme\Hewlett-Packard\HP MediaSmart\SmartMenu.exe (Hewlett-Packard)
PRC - C:\Programme\ICQ6Toolbar\ICQ Service.exe ()
PRC - C:\Programme\Windows Media Player\wmpnetwk.exe (Microsoft Corporation)
PRC - C:\Programme\Windows Media Player\wmpnscfg.exe (Microsoft Corporation)
PRC - C:\Programme\Windows Defender\MSASCui.exe (Microsoft Corporation)
PRC - C:\Programme\Windows Mail\WinMail.exe (Microsoft Corporation)
PRC - C:\Programme\MSN Messenger\msnmsgr.exe (Microsoft Corporation)
 
 
========== Modules (SafeList) ==========
 
MOD - C:\Users\MW\Downloads\OTL.exe (OldTimer Tools)
MOD - C:\Windows\System32\IPHLPAPI.DLL (Microsoft Corporation)
MOD - C:\Windows\System32\dhcpcsvc6.dll (Microsoft Corporation)
MOD - C:\Windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.6002.18005_none_5cb72f96088b0de0\comctl32.dll (Microsoft Corporation)
MOD - C:\Windows\System32\winnsi.dll (Microsoft Corporation)
MOD - C:\Windows\System32\msscript.ocx (Microsoft Corporation)
 
 
========== Win32 Services (SafeList) ==========
 
SRV - (WPFFontCache_v0400) -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe (Microsoft Corporation)
SRV - (clr_optimization_v4.0.30319_32) -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe (Microsoft Corporation)
SRV - (TuneUp.Defrag) -- C:\Programme\TuneUp Utilities 2010\TuneUpDefragService.exe (TuneUp Software)
SRV - (TuneUp.UtilitiesSvc) -- C:\Program Files\TuneUp Utilities 2010\TuneUpUtilitiesService32.exe (TuneUp Software)
SRV - (UxTuneUp) -- C:\Windows\System32\uxtuneup.dll (TuneUp Software)
SRV - (FontCache) -- C:\Windows\System32\FntCache.dll (Microsoft Corporation)
SRV - (Norton Internet Security) -- C:\Program Files\Norton Internet Security\Engine\16.8.0.41\ccSvcHst.exe (Symantec Corporation)
SRV - (WinHttpAutoProxySvc) -- winhttp.dll (Microsoft Corporation)
SRV - (STacSV) -- C:\Windows\System32\DriverStore\FileRepository\stwrt.inf_827e372d\stacsv.exe (IDT, Inc.)
SRV - (AESTFilters) -- C:\Windows\System32\DriverStore\FileRepository\stwrt.inf_827e372d\AEstSrv.exe (Andrea Electronics Corporation)
SRV - (Recovery Service for Windows) -- C:\Programme\SMINST\BLService.exe ()
SRV - (TVCapSvc) TV Background Capture Service (TVBCS) -- C:\Program Files\Hewlett-Packard\Media\TV\Kernel\TV\TVCapSvc.exe ()
SRV - (TVSched) TV Task Scheduler (TVTS) -- C:\Program Files\Hewlett-Packard\Media\TV\Kernel\TV\TVSched.exe ()
SRV - (ICQ Service) -- C:\Programme\ICQ6Toolbar\ICQ Service.exe ()
SRV - (ezSharedSvc) -- C:\Windows\System32\ezsvc7.dll (EasyBits Sofware AS)
SRV - (WinDefend) -- C:\Programme\Windows Defender\MpSvc.dll (Microsoft Corporation)
SRV - (usnjsvc) -- C:\Program Files\MSN Messenger\usnsvc.exe (Microsoft Corporation)
 
 
========== Driver Services (SafeList) ==========
 
DRV - (SYMREDRV) -- C:\Windows\System32\drivers\NIS\1000000.07D\SYMREDRV.SYS File not found
DRV - (SYMNDISV) -- C:\Windows\System32\drivers\NIS\1000000.07D\SYMNDISV.SYS File not found
DRV - (SYMFW) -- C:\Windows\System32\drivers\NIS\1000000.07D\SYMFW.SYS File not found
DRV - (SYMDNS) -- C:\Windows\System32\drivers\NIS\1000000.07D\SYMDNS.SYS File not found
DRV - (NwlnkFwd) -- C:\Windows\System32\DRIVERS\nwlnkfwd.sys File not found
DRV - (NwlnkFlt) -- C:\Windows\System32\DRIVERS\nwlnkflt.sys File not found
DRV - (NAVEX15) -- C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\Definitions\VirusDefs\20091001.037\NAVEX15.SYS File not found
DRV - (NAVENG) -- C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\Definitions\VirusDefs\20091001.037\NAVENG.SYS File not found
DRV - (IpInIp) -- C:\Windows\System32\DRIVERS\ipinip.sys File not found
DRV - (ccHP) -- C:\Windows\System32\Drivers\NIS\1008000.029\ccHPx86.sys (Symantec Corporation)
DRV - (SymEvent) -- C:\Windows\System32\drivers\SYMEVENT.SYS (Symantec Corporation)
DRV - (TuneUpUtilitiesDrv) -- C:\Programme\TuneUp Utilities 2010\TuneUpUtilitiesDriver32.sys (TuneUp Software)
DRV - (eeCtrl) -- C:\Programme\Common Files\Symantec Shared\EENGINE\eeCtrl.sys (Symantec Corporation)
DRV - (EraserUtilRebootDrv) -- C:\Programme\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys (Symantec Corporation)
DRV - (IDSVix86) -- C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\Definitions\IPSDefs\20090916.003\IDSvix86.sys (Symantec Corporation)
DRV - (SymEFA) -- C:\Windows\system32\drivers\NIS\1008000.029\SYMEFA.SYS (Symantec Corporation)
DRV - (SRTSP) -- C:\Windows\System32\Drivers\NIS\1008000.029\SRTSP.SYS (Symantec Corporation)
DRV - (BHDrvx86) -- C:\Windows\System32\Drivers\NIS\1008000.029\BHDrvx86.sys (Symantec Corporation)
DRV - (SYMTDI) -- C:\Windows\System32\Drivers\NIS\1008000.029\SYMTDI.SYS (Symantec Corporation)
DRV - (SRTSPX) Symantec Real Time Storage Protection (PEL) -- C:\Windows\system32\drivers\NIS\1008000.029\SRTSPX.SYS (Symantec Corporation)
DRV - (SymIM) -- C:\Windows\System32\drivers\SymIMV.sys (Symantec Corporation)
DRV - (STHDA) -- C:\Windows\System32\drivers\stwrt.sys (IDT, Inc.)
DRV - (viaide) -- C:\Windows\system32\drivers\viaide.sys (VIA Technologies, Inc.)
DRV - (cmdide) -- C:\Windows\system32\drivers\cmdide.sys (CMD Technology, Inc.)
DRV - (aliide) -- C:\Windows\system32\drivers\aliide.sys (Acer Laboratories Inc.)
DRV - (atikmdag) -- C:\Windows\System32\drivers\atikmdag.sys (ATI Technologies Inc.)
DRV - (RTL8169) -- C:\Windows\System32\drivers\Rtlh86.sys (Realtek Corporation                                            )
DRV - (athr) -- C:\Windows\System32\drivers\athr.sys (Atheros Communications, Inc.)
DRV - (JMCR) -- C:\Windows\System32\drivers\jmcr.sys (JMicron Technology Corporation)
DRV - (SynTP) -- C:\Windows\System32\drivers\SynTP.sys (Synaptics, Inc.)
DRV - ({55662437-DA8C-40c0-AADA-2C816A897A49}) -- C:\Programme\Hewlett-Packard\Media\DVD\000.fcl (CyberLink Corp.)
DRV - (hwdatacard) -- C:\Windows\System32\drivers\ewusbmdm.sys (Huawei Technologies Co., Ltd.)
DRV - (KMWDFILTER) -- C:\Windows\System32\drivers\KMWDFILTER.sys (Windows (R) Codename Longhorn DDK provider)
DRV - (enecir) -- C:\Windows\System32\drivers\enecir.sys (ENE TECHNOLOGY INC.)
DRV - (usbfilter) -- C:\Windows\System32\drivers\usbfilter.sys (Advanced Micro Devices Inc.)
DRV - (AtiPcie) ATI PCI Express (3GIO) -- C:\Windows\system32\DRIVERS\AtiPcie.sys (ATI Technologies Inc.)
DRV - (hpdskflt) -- C:\Windows\system32\DRIVERS\hpdskflt.sys (Hewlett-Packard Corporation)
DRV - (Accelerometer) -- C:\Windows\System32\drivers\Accelerometer.sys (Hewlett-Packard Corporation)
DRV - (MegaSR) -- C:\Windows\system32\drivers\megasr.sys (LSI Corporation, Inc.)
DRV - (adpu320) -- C:\Windows\system32\drivers\adpu320.sys (Adaptec, Inc.)
DRV - (megasas) -- C:\Windows\system32\drivers\megasas.sys (LSI Corporation)
DRV - (adpu160m) -- C:\Windows\system32\drivers\adpu160m.sys (Adaptec, Inc.)
DRV - (SiSRaid4) -- C:\Windows\system32\drivers\sisraid4.sys (Silicon Integrated Systems)
DRV - (HpCISSs) -- C:\Windows\system32\drivers\hpcisss.sys (Hewlett-Packard Company)
DRV - (adpahci) -- C:\Windows\system32\drivers\adpahci.sys (Adaptec, Inc.)
DRV - (LSI_SAS) -- C:\Windows\system32\drivers\lsi_sas.sys (LSI Logic)
DRV - (ql2300) -- C:\Windows\system32\drivers\ql2300.sys (QLogic Corporation)
DRV - (E1G60) Intel(R) -- C:\Windows\System32\drivers\E1G60I32.sys (Intel Corporation)
DRV - (arcsas) -- C:\Windows\system32\drivers\arcsas.sys (Adaptec, Inc.)
DRV - (iaStorV) -- C:\Windows\system32\drivers\iastorv.sys (Intel Corporation)
DRV - (vsmraid) -- C:\Windows\system32\drivers\vsmraid.sys (VIA Technologies Inc.,Ltd)
DRV - (ulsata2) -- C:\Windows\system32\drivers\ulsata2.sys (Promise Technology, Inc.)
DRV - (LSI_SCSI) -- C:\Windows\system32\drivers\lsi_scsi.sys (LSI Logic)
DRV - (LSI_FC) -- C:\Windows\system32\drivers\lsi_fc.sys (LSI Logic)
DRV - (arc) -- C:\Windows\system32\drivers\arc.sys (Adaptec, Inc.)
DRV - (elxstor) -- C:\Windows\system32\drivers\elxstor.sys (Emulex)
DRV - (adp94xx) -- C:\Windows\system32\drivers\adp94xx.sys (Adaptec, Inc.)
DRV - (nvraid) -- C:\Windows\system32\drivers\nvraid.sys (NVIDIA Corporation)
DRV - (nvstor) -- C:\Windows\system32\drivers\nvstor.sys (NVIDIA Corporation)
DRV - (NETw3v32) Intel(R) -- C:\Windows\System32\drivers\NETw3v32.sys (Intel Corporation)
DRV - (uliahci) -- C:\Windows\system32\drivers\uliahci.sys (ULi Electronics Inc.)
DRV - (HpqKbFiltr) -- C:\Windows\System32\drivers\HpqKbFiltr.sys (Hewlett-Packard Development Company, L.P.)
DRV - (ql40xx) -- C:\Windows\system32\drivers\ql40xx.sys (QLogic Corporation)
DRV - (UlSata) -- C:\Windows\system32\drivers\ulsata.sys (Promise Technology, Inc.)
DRV - (nfrd960) -- C:\Windows\system32\drivers\nfrd960.sys (IBM Corporation)
DRV - (iirsp) -- C:\Windows\system32\drivers\iirsp.sys (Intel Corp./ICP vortex GmbH)
DRV - (aic78xx) -- C:\Windows\system32\drivers\djsvs.sys (Adaptec, Inc.)
DRV - (iteraid) -- C:\Windows\system32\drivers\iteraid.sys (Integrated Technology Express, Inc.)
DRV - (iteatapi) -- C:\Windows\system32\drivers\iteatapi.sys (Integrated Technology Express, Inc.)
DRV - (Symc8xx) -- C:\Windows\system32\drivers\symc8xx.sys (LSI Logic)
DRV - (Sym_u3) -- C:\Windows\system32\drivers\sym_u3.sys (LSI Logic)
DRV - (Mraid35x) -- C:\Windows\system32\drivers\mraid35x.sys (LSI Logic Corporation)
DRV - (Sym_hi) -- C:\Windows\system32\drivers\sym_hi.sys (LSI Logic)
DRV - (Brserid) Brother MFC Serial Port Interface Driver (WDM) -- C:\Windows\system32\drivers\brserid.sys (Brother Industries Ltd.)
DRV - (BrUsbSer) -- C:\Windows\system32\drivers\brusbser.sys (Brother Industries Ltd.)
DRV - (BrFiltUp) -- C:\Windows\system32\drivers\brfiltup.sys (Brother Industries, Ltd.)
DRV - (BrFiltLo) -- C:\Windows\system32\drivers\brfiltlo.sys (Brother Industries, Ltd.)
DRV - (BrSerWdm) -- C:\Windows\system32\drivers\brserwdm.sys (Brother Industries Ltd.)
DRV - (BrUsbMdm) -- C:\Windows\system32\drivers\brusbmdm.sys (Brother Industries Ltd.)
DRV - (ntrigdigi) -- C:\Windows\system32\drivers\ntrigdigi.sys (N-trig Innovative Technologies)
DRV - (yukonwlh) -- C:\Windows\System32\drivers\yk60x86.sys (Marvell)
 
 
========== Standard Registry (SafeList) ==========
 
 
========== Internet Explorer ==========
 
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=de_de&c=91&bd=Pavilion&pf=cnnb
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=de_de&c=91&bd=Pavilion&pf=cnnb
IE - HKLM\..\URLSearchHook: {b2e293ee-fd7e-4c71-a714-5f4750d8d7b7} - C:\Programme\myBabylon_English\tbmyBa.dll (Conduit Ltd.)
IE - HKLM\..\URLSearchHook: {cc05a3e3-64c3-4af2-bfc1-af0d66b69065} - C:\Programme\softonic-de3\tbsoft.dll (Conduit Ltd.)
 
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=de_de&c=91&bd=Pavilion&pf=cnnb
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://search.babylon.com/home/?ai=13054
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,StartPageCache = 1
IE - HKCU\..\URLSearchHook:  - Reg Error: Key error. File not found
IE - HKCU\..\URLSearchHook: {855F3B16-6D32-4fe6-8A56-BBB695989046} - C:\Programme\ICQ6Toolbar\ICQToolBar.dll (ICQ)
IE - HKCU\..\URLSearchHook: {b2e293ee-fd7e-4c71-a714-5f4750d8d7b7} - C:\Programme\myBabylon_English\tbmyBa.dll (Conduit Ltd.)
IE - HKCU\..\URLSearchHook: {cc05a3e3-64c3-4af2-bfc1-af0d66b69065} - C:\Programme\softonic-de3\tbsoft.dll (Conduit Ltd.)
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = download.bleepingcomputer.com;*.bleepingcomputer.com;<local>
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyServer" = http=127.0.0.1:6522
 
========== FireFox ==========
 
FF - prefs.js..browser.search.defaultenginename: "ICQ Search"
FF - prefs.js..browser.search.defaultthis.engineName: "softonic-de3 Customized Web Search"
FF - prefs.js..browser.search.defaulturl: "hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT2431245&SearchSource=3&q={searchTerms}"
FF - prefs.js..browser.search.selectedEngine: "softonic-de3 Customized Web Search"
FF - prefs.js..browser.startup.homepage: "hxxp://www.google.de/"
FF - prefs.js..extensions.enabledItems: {d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}:1.1.3
FF - prefs.js..extensions.enabledItems: {b2e293ee-fd7e-4c71-a714-5f4750d8d7b7}:2.5.6.0
FF - prefs.js..extensions.enabledItems: {ABDE892B-13A8-4d1b-88E6-365A6E755758}:1.1.1
FF - prefs.js..extensions.enabledItems: {cc05a3e3-64c3-4af2-bfc1-af0d66b69065}:2.5.8.6
FF - prefs.js..extensions.enabledItems: {635abd67-4fe9-1b23-4f01-e679fa7484c1}:1.6.6.20090220
FF - prefs.js..keyword.URL: "hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT2431245&q="
 
 
FF - HKLM\software\mozilla\Firefox\Extensions\\{7BA52691-1876-45ce-9EE6-54BCB3B04BBC}: C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\coFFPlgn\ [2010.04.25 20:43:17 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Firefox\Extensions\\{ABDE892B-13A8-4d1b-88E6-365A6E755758}: C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\Firefox\Ext [2010.03.16 00:06:27 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.5.9\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2010.08.11 15:30:21 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.5.9\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2010.04.15 03:20:53 | 000,000,000 | ---D | M]
 
[2009.09.24 21:33:09 | 000,000,000 | ---D | M] -- C:\Users\MW\AppData\Roaming\mozilla\Extensions
[2010.08.13 16:56:01 | 000,000,000 | ---D | M] -- C:\Users\MW\AppData\Roaming\mozilla\Firefox\Profiles\4l69do44.default\extensions
[2009.09.28 12:36:10 | 000,000,000 | ---D | M] (Microsoft .NET Framework Assistant) -- C:\Users\MW\AppData\Roaming\mozilla\Firefox\Profiles\4l69do44.default\extensions\{20a82645-c095-46ed-80e3-08825760534b}
[2010.04.15 09:26:44 | 000,000,000 | ---D | M] (Yahoo! Toolbar) -- C:\Users\MW\AppData\Roaming\mozilla\Firefox\Profiles\4l69do44.default\extensions\{635abd67-4fe9-1b23-4f01-e679fa7484c1}
[2010.05.05 16:28:10 | 000,000,000 | ---D | M] (myBabylon English Toolbar) -- C:\Users\MW\AppData\Roaming\mozilla\Firefox\Profiles\4l69do44.default\extensions\{b2e293ee-fd7e-4c71-a714-5f4750d8d7b7}
[2010.04.23 14:02:49 | 000,000,000 | ---D | M] (softonic-de3 Toolbar) -- C:\Users\MW\AppData\Roaming\mozilla\Firefox\Profiles\4l69do44.default\extensions\{cc05a3e3-64c3-4af2-bfc1-af0d66b69065}
[2010.02.12 12:03:05 | 000,000,000 | ---D | M] (Adblock Plus) -- C:\Users\MW\AppData\Roaming\mozilla\Firefox\Profiles\4l69do44.default\extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}
[2010.04.11 15:20:38 | 000,000,000 | ---D | M] (No name found) -- C:\Users\MW\AppData\Roaming\mozilla\Firefox\Profiles\4l69do44.default\extensions\{E2883E8F-472F-4fb0-9522-AC9BF37916A7}
[2010.04.11 15:20:38 | 000,000,000 | ---D | M] -- C:\Users\MW\AppData\Roaming\mozilla\Firefox\Profiles\4l69do44.default\extensions\staged-xpis
[2010.03.16 11:42:56 | 000,000,927 | ---- | M] () -- C:\Users\MW\AppData\Roaming\Mozilla\FireFox\Profiles\4l69do44.default\searchplugins\conduit.xml
[2010.08.13 11:50:50 | 000,000,955 | ---- | M] () -- C:\Users\MW\AppData\Roaming\Mozilla\FireFox\Profiles\4l69do44.default\searchplugins\icqplugin.xml
[2010.08.13 16:50:17 | 000,000,000 | ---D | M] -- C:\Programme\Mozilla Firefox\extensions
[2009.12.28 21:55:25 | 000,001,392 | ---- | M] () -- C:\Programme\Mozilla Firefox\searchplugins\amazondotcom-de.xml
[2010.05.05 16:28:07 | 000,002,226 | ---- | M] () -- C:\Programme\Mozilla Firefox\searchplugins\babylon.xml
[2009.12.28 21:55:25 | 000,002,344 | ---- | M] () -- C:\Programme\Mozilla Firefox\searchplugins\eBay-de.xml
[2009.12.28 21:55:25 | 000,006,805 | ---- | M] () -- C:\Programme\Mozilla Firefox\searchplugins\leo_ende_de.xml
[2009.12.28 21:55:25 | 000,001,178 | ---- | M] () -- C:\Programme\Mozilla Firefox\searchplugins\wikipedia-de.xml
[2009.12.28 21:55:25 | 000,000,801 | ---- | M] () -- C:\Programme\Mozilla Firefox\searchplugins\yahoo-de.xml
 
O1 HOSTS File: ([2006.09.18 23:41:30 | 000,000,761 | ---- | M]) - C:\Windows\System32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1       localhost
O1 - Hosts: ::1             localhost
O2 - BHO: (RealPlayer Download and Record Plugin for Internet Explorer) - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\IE\rpbrowserrecordplugin.dll (RealPlayer)
O2 - BHO: (Symantec NCO BHO) - {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} - C:\Programme\Norton Internet Security\Engine\16.8.0.41\CoIEPlg.dll (Symantec Corporation)
O2 - BHO: (Symantec Intrusion Prevention) - {6D53EC84-6AAE-4787-AEEE-F4628F01010C} - C:\Programme\Norton Internet Security\Engine\16.8.0.41\IPSBHO.dll (Symantec Corporation)
O2 - BHO: (AOL Toolbar BHO) - {7C554162-8CB7-45A4-B8F4-8EA1C75885F9} - C:\Programme\AOL\AOL Toolbar 5.0\aoltb.dll (AOL LLC)
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - No CLSID value found.
O2 - BHO: (Babylon IE plugin) - {9CFACCB6-2F3F-4177-94EA-0D2B72D384C1} - C:\Programme\Babylon\Babylon-Pro\Utils\BabylonIEPI.dll (Babylon Ltd.)
O2 - BHO: (myBabylon English Toolbar) - {b2e293ee-fd7e-4c71-a714-5f4750d8d7b7} - C:\Programme\myBabylon_English\tbmyBa.dll (Conduit Ltd.)
O2 - BHO: (softonic-de3 Toolbar) - {cc05a3e3-64c3-4af2-bfc1-af0d66b69065} - C:\Programme\softonic-de3\tbsoft.dll (Conduit Ltd.)
O3 - HKLM\..\Toolbar: (Norton Toolbar) - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Programme\Norton Internet Security\Engine\16.8.0.41\CoIEPlg.dll (Symantec Corporation)
O3 - HKLM\..\Toolbar: (ICQToolBar) - {855F3B16-6D32-4fe6-8A56-BBB695989046} - C:\Programme\ICQ6Toolbar\ICQToolBar.dll (ICQ)
O3 - HKLM\..\Toolbar: (myBabylon English Toolbar) - {b2e293ee-fd7e-4c71-a714-5f4750d8d7b7} - C:\Programme\myBabylon_English\tbmyBa.dll (Conduit Ltd.)
O3 - HKLM\..\Toolbar: (softonic-de3 Toolbar) - {cc05a3e3-64c3-4af2-bfc1-af0d66b69065} - C:\Programme\softonic-de3\tbsoft.dll (Conduit Ltd.)
O3 - HKLM\..\Toolbar: (AOL Toolbar) - {DE9C389F-3316-41A7-809B-AA305ED9D922} - C:\Programme\AOL\AOL Toolbar 5.0\aoltb.dll (AOL LLC)
O3 - HKCU\..\Toolbar\WebBrowser: (Norton Toolbar) - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Programme\Norton Internet Security\Engine\16.8.0.41\CoIEPlg.dll (Symantec Corporation)
O3 - HKCU\..\Toolbar\WebBrowser: (myBabylon English Toolbar) - {B2E293EE-FD7E-4C71-A714-5F4750D8D7B7} - C:\Program Files\myBabylon_English\tbmyBa.dll (Conduit Ltd.)
O3 - HKCU\..\Toolbar\WebBrowser: (softonic-de3 Toolbar) - {CC05A3E3-64C3-4AF2-BFC1-AF0D66B69065} - C:\Programme\softonic-de3\tbsoft.dll (Conduit Ltd.)
O3 - HKCU\..\Toolbar\WebBrowser: (AOL Toolbar) - {DE9C389F-3316-41A7-809B-AA305ED9D922} - C:\Programme\AOL\AOL Toolbar 5.0\aoltb.dll (AOL LLC)
O4 - HKLM..\Run: [Babylon Client] C:\Program Files\Babylon\Babylon-Pro\Babylon.exe (Babylon Ltd.)
O4 - HKLM..\Run: [BlackBerryAutoUpdate] C:\Program Files\Common Files\Research In Motion\Auto Update\RIMAutoUpdate.exe (Research In Motion Limited)
O4 - HKLM..\Run: [CLMLServer for HP TouchSmart] C:\Program Files\Hewlett-Packard\TouchSmart\Media\Kernel\CLML\CLMLSvc.exe (CyberLink)
O4 - HKLM..\Run: [DVDAgent] C:\Program Files\Hewlett-Packard\Media\DVD\DVDAgent.exe (CyberLink Corp.)
O4 - HKLM..\Run: [HP Health Check Scheduler] c:\Programme\Hewlett-Packard\HP Health Check\HPHC_Scheduler.exe (Hewlett-Packard)
O4 - HKLM..\Run: [ Malwarebytes Anti-Malware  (reboot)] C:\Program Files\Herbert.exe\mbam.exe (Malwarebytes Corporation)
O4 - HKLM..\Run: [SmartMenu] C:\Programme\Hewlett-Packard\HP MediaSmart\SmartMenu.exe (Hewlett-Packard)
O4 - HKLM..\Run: [StartCCC] C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe (Advanced Micro Devices, Inc.)
O4 - HKLM..\Run: [SysTrayApp] C:\Programme\IDT\WDM\sttray.exe (IDT, Inc.)
O4 - HKLM..\Run: [TkBellExe] C:\Program Files\Common Files\Real\Update_OB\realsched.exe (RealNetworks, Inc.)
O4 - HKLM..\Run: [TSMAgent] C:\Program Files\Hewlett-Packard\TouchSmart\Media\TSMAgent.exe (CyberLink Corp.)
O4 - HKLM..\Run: [TVAgent] C:\Program Files\Hewlett-Packard\Media\TV\TVAgent.exe (CyberLink Corp.)
O4 - HKLM..\Run: [UCam_Menu] C:\Program Files\Hewlett-Packard\Media\Webcam\MUITransfer\MUIStartMenu.exe (CyberLink Corp.)
O4 - HKLM..\Run: [UpdateLBPShortCut] C:\Program Files\CyberLink\LabelPrint\MUITransfer\MUIStartMenu.exe (CyberLink Corp.)
O4 - HKLM..\Run: [UpdateP2GoShortCut] C:\Program Files\CyberLink\Power2Go\MUITransfer\MUIStartMenu.exe (CyberLink Corp.)
O4 - HKLM..\Run: [UpdatePDIRShortCut] C:\Program Files\CyberLink\PowerDirector\MUITransfer\MUIStartMenu.exe (CyberLink Corp.)
O4 - HKLM..\Run: [UpdatePSTShortCut] C:\Program Files\CyberLink\DVD Suite\MUITransfer\MUIStartMenu.exe (CyberLink Corp.)
O4 - HKLM..\Run: [Windows Defender] C:\Program Files\Windows Defender\MSASCui.exe (Microsoft Corporation)
O4 - HKCU..\Run: [ICQ] C:\Program Files\ICQ6.5\ICQ.exe (ICQ, LLC.)
O4 - HKCU..\Run: [msnmsgr] C:\Programme\MSN Messenger\msnmsgr.exe (Microsoft Corporation)
O4 - HKCU..\Run: [Speech Recognition] C:\Windows\Speech\Common\sapisvr.exe (Microsoft Corporation)
O4 - HKCU..\Run: [WMPNSCFG] C:\Programme\Windows Media Player\wmpnscfg.exe (Microsoft Corporation)
O4 - HKLM..\RunOnce: [*evtscabpack.exe] C:\ProgramData\evtscabpack.exe ()
O4 - HKCU..\RunOnce: [*evtscabpack.exe] C:\ProgramData\evtscabpack.exe ()
O8 - Extra context menu item: &AOL Toolbar-Suche - C:\ProgramData\AOL\ieToolbar\resources\de-DE\local\search.html ()
O8 - Extra context menu item: Nach Microsoft E&xel exportieren - C:\Programme\Microsoft Office\Office12\EXCEL.EXE (Microsoft Corporation)
O8 - Extra context menu item: Translate this web page with Babylon - C:\Program Files\Babylon\Babylon-Pro\Utils\BabylonIEPI.dll (Babylon Ltd.)
O8 - Extra context menu item: Translate with Babylon - C:\Program Files\Babylon\Babylon-Pro\Utils\BabylonIEPI.dll (Babylon Ltd.)
O9 - Extra Button: An OneNote senden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Programme\Microsoft Office\Office12\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : An OneNote s&enden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Programme\Microsoft Office\Office12\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra Button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\Programme\Microsoft Office\Office12\REFIEBAR.DLL (Microsoft Corporation)
O9 - Extra Button: ICQ6 - {E59EB121-F339-4851-A3BA-FE49C35617C2} - C:\Programme\ICQ6.5\ICQ.exe (ICQ, LLC.)
O9 - Extra 'Tools' menuitem : ICQ6 - {E59EB121-F339-4851-A3BA-FE49C35617C2} - C:\Programme\ICQ6.5\ICQ.exe (ICQ, LLC.)
O9 - Extra Button: Translate this web page with Babylon - {F72841F0-4EF1-4df5-BCE5-B3AC8ACF5478} - C:\Program Files\Babylon\Babylon-Pro\Utils\BabylonIEPI.dll (Babylon Ltd.)
O9 - Extra 'Tools' menuitem : Translate this web page with Babylon - {F72841F0-4EF1-4df5-BCE5-B3AC8ACF5478} - C:\Program Files\Babylon\Babylon-Pro\Utils\BabylonIEPI.dll (Babylon Ltd.)
O13 - gopher Prefix: missing
O15 - HKCU\..Trusted Domains: adobe.comhttp ([get] http in Trusted sites)
O15 - HKCU\..Trusted Domains: hp.com ([www] http in Trusted sites)
O15 - HKCU\..Trusted Domains: radio.de ([freshhouse] http in Trusted sites)
O15 - HKCU\..Trusted Domains: fh-koeln.de ([www] * in Trusted sites)
O15 - HKCU\..Trusted Domains: fh-koeln.de ([www.intern] http in Trusted sites)
O15 - HKCU\..Trusted Domains: t-mobile.de ([www] http in Trusted sites)
O15 - HKCU\..Trusted Domains: t-mobile.de ([www] https in Trusted sites)
O15 - HKCU\..Trusted Ranges: Range1 ([http] in Local intranet)
O16 - DPF: {02BF25D5-8C17-4B23-BC80-D3488ABDDC6B} hxxp://appldnld.apple.com.edgesuite.net/content.info.apple.com/QuickTime/qtactivex/qtplugin.cab (QuickTime Plugin Control)
O16 - DPF: {33415AC7-AFFA-4D55-B41C-C64C0D07DFCA} hxxp://h50203.www5.hp.com/HPISWeb/Customer/cabs/HPISWebManager.CAB (Hewlett-Packard Printer Diagnostics)
O16 - DPF: {67DABFBF-D0AB-41FA-9C46-CC0F21721616} hxxp://download.divx.com/player/DivXBrowserPlugin.cab (DivXBrowserPlugin Object)
O16 - DPF: {73ECB3AA-4717-450C-A2AB-D00DAD9EE203} hxxp://h20270.www2.hp.com/ediags/gmn2/install/HPProductDetection2.cab (GMNRev Class)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_18-windows-i586.cab (Java Plug-in 1.6.0_18)
O16 - DPF: {CAFEEFAC-0016-0000-0018-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_18-windows-i586.cab (Java Plug-in 1.6.0_18)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_18-windows-i586.cab (Java Plug-in 1.6.0_18)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.0.1
O18 - Protocol\Handler\livecall {828030A1-22C1-4009-854F-8E305202313F} - C:\Programme\MSN Messenger\msgrapp.8.1.0178.00.dll (Microsoft Corporation)
O18 - Protocol\Handler\ms-help {314111c7-a502-11d2-bbca-00c04f8ec294} - C:\Programme\Common Files\microsoft shared\Help\hxds.dll (Microsoft Corporation)
O18 - Protocol\Handler\ms-itss {0A9007C0-4076-11D3-8789-0000F8105754} - C:\Programme\Common Files\microsoft shared\Information Retrieval\msitss.dll (Microsoft Corporation)
O18 - Protocol\Handler\msnim {828030A1-22C1-4009-854F-8E305202313F} - C:\Programme\MSN Messenger\msgrapp.8.1.0178.00.dll (Microsoft Corporation)
O18 - Protocol\Handler\symres {AA1061FE-6C41-421f-9344-69640C9732AB} - C:\Programme\Norton Internet Security\Engine\16.8.0.41\CoIEPlg.dll (Symantec Corporation)
O18 - Protocol\Filter\application/octet-stream {1E66F26B-79EE-11D2-8710-00C04F79ED0D} - mscoree.dll (Microsoft Corporation)
O18 - Protocol\Filter\application/x-complus {1E66F26B-79EE-11D2-8710-00C04F79ED0D} - mscoree.dll (Microsoft Corporation)
O18 - Protocol\Filter\application/x-msdownload {1E66F26B-79EE-11D2-8710-00C04F79ED0D} - mscoree.dll (Microsoft Corporation)
O18 - Protocol\Filter\text/xml {807563E5-5146-11D5-A672-00B0D022E945} - C:\Programme\Common Files\microsoft shared\OFFICE12\MSOXMLMF.DLL (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20 - HKCU Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20 - HKCU Winlogon: Shell - (C:\Users\MW\ctfmon.exe) - C:\Users\MW\ctfmon.exe File not found
O24 - Desktop WallPaper: C:\Users\Public\Pictures\Sample Pictures\Dock.jpg
O24 - Desktop BackupWallPaper: C:\Users\Public\Pictures\Sample Pictures\Dock.jpg
O29 - HKLM SecurityProviders - (credssp.dll) - credssp.dll (Microsoft Corporation)
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2006.09.18 23:43:36 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]
O33 - MountPoints2\{2ec6c07e-c099-11de-a26d-00269e130426}\Shell - "" = AutoRun
O33 - MountPoints2\{2ec6c07e-c099-11de-a26d-00269e130426}\Shell\AutoRun\command - "" = G:\AutoRun.exe -- File not found
O33 - MountPoints2\{7a2fcecb-cd29-11de-b52e-00269e130426}\Shell - "" = AutoRun
O33 - MountPoints2\{7a2fcecb-cd29-11de-b52e-00269e130426}\Shell\AutoRun\command - "" = I:\LaunchU3.exe -- File not found
O33 - MountPoints2\{8c1d4917-a835-11de-84e8-00269e130426}\Shell - "" = AutoRun
O33 - MountPoints2\{8c1d4917-a835-11de-84e8-00269e130426}\Shell\AutoRun\command - "" = F:\AutoRun.exe -- File not found
O33 - MountPoints2\{8c1d4919-a835-11de-84e8-00269e130426}\Shell - "" = AutoRun
O33 - MountPoints2\{8c1d4919-a835-11de-84e8-00269e130426}\Shell\AutoRun\command - "" = F:\AutoRun.exe -- File not found
O33 - MountPoints2\{8c1d4956-a835-11de-84e8-00269e130426}\Shell - "" = AutoRun
O33 - MountPoints2\{8c1d4956-a835-11de-84e8-00269e130426}\Shell\AutoRun\command - "" = F:\AutoRun.exe -- File not found
O33 - MountPoints2\{8dc56a14-578b-11df-a9a2-00269e130426}\Shell - "" = AutoRun
O33 - MountPoints2\{8dc56a14-578b-11df-a9a2-00269e130426}\Shell\AutoRun\command - "" = G:\AutoRun.exe -- File not found
O33 - MountPoints2\{d3f6fb2c-781c-11df-af97-d9cd2768b43f}\Shell\AutoRun\command - "" = F:\selomoje\sranje.exe -- File not found
O33 - MountPoints2\{d3f6fb2c-781c-11df-af97-d9cd2768b43f}\Shell\explore\command - "" = F:\selomoje\\sranje.exe -- File not found
O33 - MountPoints2\{d3f6fb2c-781c-11df-af97-d9cd2768b43f}\Shell\open\command - "" = F:\selomoje\\sranje.exe -- File not found
O33 - MountPoints2\{d608bc94-a7a6-11de-ab99-00269e130426}\Shell - "" = AutoRun
O33 - MountPoints2\{d608bc94-a7a6-11de-ab99-00269e130426}\Shell\AutoRun\command - "" = F:\AutoRun.exe -- File not found
O33 - MountPoints2\{d608bc95-a7a6-11de-ab99-00269e130426}\Shell - "" = AutoRun
O33 - MountPoints2\{d608bc95-a7a6-11de-ab99-00269e130426}\Shell\AutoRun\command - "" = F:\AutoRun.exe -- File not found
O33 - MountPoints2\{f34c66da-63e3-11df-a657-00269e130426}\Shell - "" = AutoRun
O33 - MountPoints2\{f34c66da-63e3-11df-a657-00269e130426}\Shell\AutoRun\command - "" = F:\AutoRun.exe -- File not found
O33 - MountPoints2\{f34c66dc-63e3-11df-a657-00269e130426}\Shell - "" = AutoRun
O33 - MountPoints2\{f34c66dc-63e3-11df-a657-00269e130426}\Shell\AutoRun\command - "" = F:\AutoRun.exe -- File not found
O33 - MountPoints2\F\Shell - "" = AutoRun
O33 - MountPoints2\F\Shell\AutoRun\command - "" = F:\AutoRun.exe -- File not found
O34 - HKLM BootExecute: (autocheck autochk *) -  File not found
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
 
========== Files/Folders - Created Within 30 Days ==========
 
[2010.08.13 14:26:55 | 000,258,560 | ---- | C] (OldTimer Tools) -- C:\Users\MW\Desktop\OTH.scr
[2010.08.13 14:00:05 | 000,000,000 | ---D | C] -- C:\Programme\Herbert.exe
[2010.08.13 12:13:30 | 000,000,000 | ---D | C] -- C:\Users\MW\AppData\Roaming\Malwarebytes
[2010.08.13 12:08:31 | 000,038,224 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbamswissarmy.sys
[2010.08.13 12:08:29 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes
[2010.08.13 12:08:28 | 000,020,952 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbam.sys
[2010.08.13 12:08:28 | 000,000,000 | ---D | C] -- C:\Programme\Malwarebytes' Anti-Malware
[2010.08.12 22:45:09 | 000,000,000 | ---D | C] -- C:\Users\MW\AppData\Local\bcrcjuvjd
[2010.08.12 22:44:47 | 000,000,000 | -HSD | C] -- C:\Users\MW\AppData\Roaming\lowsec
[2010.08.12 22:44:38 | 000,000,000 | ---D | C] -- C:\Users\MW\AppData\Roaming\D61ECBE1425E89958F94523894DC4F72
[2010.08.12 11:10:20 | 000,599,040 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msfeeds.dll
[2010.08.12 11:10:20 | 000,173,056 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ie4uinit.exe
[2010.08.12 11:10:19 | 001,469,440 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\inetcpl.cpl
[2010.08.12 11:10:19 | 000,611,840 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mstime.dll
[2010.08.12 11:10:19 | 000,387,584 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\iedkcs32.dll
[2010.08.12 11:10:19 | 000,184,320 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\iepeers.dll
[2010.08.12 11:10:19 | 000,164,352 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ieui.dll
[2010.08.12 11:10:19 | 000,133,632 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ieUnatt.exe
[2010.08.12 11:10:19 | 000,109,056 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\iesysprep.dll
[2010.08.12 11:10:19 | 000,071,680 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\iesetup.dll
[2010.08.12 11:10:18 | 000,055,808 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\iernonce.dll
[2010.08.12 11:10:18 | 000,055,296 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msfeedsbs.dll
[2010.08.12 11:10:18 | 000,025,600 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\jsproxy.dll
[2010.08.12 11:10:17 | 001,638,912 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mshtml.tlb
[2010.08.12 11:10:17 | 000,013,312 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msfeedssync.exe
[2010.08.12 11:10:05 | 000,081,920 | ---- | C] (Radius Inc.) -- C:\Windows\System32\iccvid.dll
[2010.08.12 11:09:57 | 002,037,760 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\win32k.sys
[2010.08.12 11:09:55 | 000,036,864 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\rtutils.dll
[2010.08.12 11:09:36 | 003,600,768 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ntkrnlpa.exe
[2010.08.12 11:09:35 | 003,548,040 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ntoskrnl.exe
[2010.07.25 21:59:14 | 000,000,000 | ---D | C] -- C:\Users\MW\AppData\Roaming\HP
[2010.07.20 18:10:23 | 000,000,000 | ---D | C] -- C:\ProgramData\HPSSUPPLY
[2010.07.20 18:04:49 | 000,000,000 | ---D | C] -- C:\Programme\Common Files\HP
[2010.07.20 17:58:55 | 000,117,760 | ---- | C] (Hewlett-Packard Company) -- C:\Windows\System32\hpzll4v2.dll
[2010.07.20 17:57:18 | 000,000,000 | -H-D | C] -- C:\Config.Msi
[2010.07.20 17:56:21 | 000,000,000 | ---D | C] -- C:\ProgramData\HP
[2010.07.20 17:56:11 | 000,258,048 | ---- | C] (Hewlett-Packard) -- C:\Windows\System32\hpzids01.dll
[1 C:\Users\MW\Desktop\*.tmp files -> C:\Users\MW\Desktop\*.tmp -> ]
 
========== Files - Modified Within 30 Days ==========
 
[2010.08.13 19:39:28 | 003,407,872 | -HS- | M] () -- C:\Users\MW\ntuser.dat
[2010.08.13 19:31:01 | 000,001,088 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
[2010.08.13 19:12:00 | 000,001,106 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-2040538803-1614266194-2998483818-1000UA.job
[2010.08.13 18:50:06 | 000,003,216 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0
[2010.08.13 18:50:06 | 000,003,216 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0
[2010.08.13 18:31:00 | 000,158,827 | ---- | M] () -- C:\Users\MW\Desktop\IMG_2502-16.jpg
[2010.08.13 16:50:27 | 000,001,084 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
[2010.08.13 16:50:27 | 000,000,350 | ---- | M] () -- C:\Windows\tasks\SLOW-PCfighter-MW-Startup.job
[2010.08.13 16:50:08 | 000,000,006 | -H-- | M] () -- C:\Windows\tasks\SA.DAT
[2010.08.13 16:50:01 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2010.08.13 16:49:53 | 3216,875,520 | -HS- | M] () -- C:\hiberfil.sys
[2010.08.13 16:48:56 | 000,524,288 | -HS- | M] () -- C:\Users\MW\ntuser.dat{388eb758-1c76-11df-a3c6-00269e130426}.TMContainer00000000000000000001.regtrans-ms
[2010.08.13 16:48:56 | 000,065,536 | -HS- | M] () -- C:\Users\MW\ntuser.dat{388eb758-1c76-11df-a3c6-00269e130426}.TM.blf
[2010.08.13 16:47:17 | 000,154,112 | ---- | M] () -- C:\ProgramData\evtscabpack.exe
[2010.08.13 15:30:15 | 000,000,745 | ---- | M] () -- C:\Users\Public\Desktop\Malwarebytes' Anti-Malware.lnk
[2010.08.13 15:28:45 | 000,050,688 | ---- | M] () -- C:\Users\MW\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2010.08.13 14:26:56 | 000,258,560 | ---- | M] (OldTimer Tools) -- C:\Users\MW\Desktop\OTH.scr
[2010.08.13 14:05:50 | 000,000,745 | ---- | M] () -- C:\Users\Public\Desktop\mbam-setup.com.lnk
[2010.08.13 13:41:00 | 000,211,323 | ---- | M] () -- C:\Users\MW\Desktop\ Schulung Esprit Promotion am 16.08.2010.eml
[2010.08.13 13:40:13 | 000,048,783 | ---- | M] () -- C:\Users\MW\Documents\USB
[2010.08.13 12:39:10 | 000,044,818 | ---- | M] () -- C:\Users\MW\Desktop\Einsätze Esprit Düsseldorf.eml
[2010.08.13 11:30:10 | 000,312,848 | ---- | M] () -- C:\Windows\System32\FNTCACHE.DAT
[2010.08.13 11:24:00 | 000,001,054 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-2040538803-1614266194-2998483818-1000Core.job
[2010.08.09 14:47:59 | 000,000,680 | ---- | M] () -- C:\Users\MW\AppData\Local\d3d9caps.dat
[2010.08.04 13:57:36 | 000,000,162 | -H-- | M] () -- C:\Users\MW\Desktop\~$stingbogen.docx
[2010.08.04 11:11:19 | 000,029,289 | ---- | M] () -- C:\Users\MW\Desktop\Castingbogen.docx
[2010.07.25 20:25:36 | 000,080,335 | ---- | M] () -- C:\Users\MW\Desktop\d853e72881.jpg
[2010.07.24 19:35:28 | 001,445,310 | ---- | M] () -- C:\Windows\System32\PerfStringBackup.INI
[2010.07.24 19:35:28 | 000,628,742 | ---- | M] () -- C:\Windows\System32\perfh007.dat
[2010.07.24 19:35:28 | 000,595,996 | ---- | M] () -- C:\Windows\System32\perfh009.dat
[2010.07.24 19:35:28 | 000,126,454 | ---- | M] () -- C:\Windows\System32\perfc007.dat
[2010.07.24 19:35:28 | 000,104,070 | ---- | M] () -- C:\Windows\System32\perfc009.dat
[2010.07.20 18:10:38 | 000,001,353 | ---- | M] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\hpzsetup.LNK
[2010.07.20 18:08:02 | 000,148,697 | ---- | M] () -- C:\Windows\hppins20.dat
[2010.07.20 18:06:03 | 000,001,972 | ---- | M] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\HP Digital Imaging Monitor.lnk
[1 C:\Users\MW\Desktop\*.tmp files -> C:\Users\MW\Desktop\*.tmp -> ]
 
========== Files Created - No Company Name ==========
 
[2010.08.13 18:28:08 | 000,158,827 | ---- | C] () -- C:\Users\MW\Desktop\IMG_2502-16.jpg
[2010.08.13 16:49:53 | 3216,875,520 | -HS- | C] () -- C:\hiberfil.sys
[2010.08.13 16:47:17 | 000,154,112 | ---- | C] () -- C:\ProgramData\evtscabpack.exe
[2010.08.13 15:30:15 | 000,000,745 | ---- | C] () -- C:\Users\Public\Desktop\Malwarebytes' Anti-Malware.lnk
[2010.08.13 14:05:50 | 000,000,745 | ---- | C] () -- C:\Users\Public\Desktop\mbam-setup.com.lnk
[2010.08.13 13:40:58 | 000,211,323 | ---- | C] () -- C:\Users\MW\Desktop\ Schulung Esprit Promotion am 16.08.2010.eml
[2010.08.13 12:39:08 | 000,044,818 | ---- | C] () -- C:\Users\MW\Desktop\Einsätze Esprit Düsseldorf.eml
[2010.08.04 13:57:36 | 000,000,162 | -H-- | C] () -- C:\Users\MW\Desktop\~$stingbogen.docx
[2010.08.04 11:11:08 | 000,029,289 | ---- | C] () -- C:\Users\MW\Desktop\Castingbogen.docx
[2010.07.25 20:25:35 | 000,080,335 | ---- | C] () -- C:\Users\MW\Desktop\d853e72881.jpg
[2010.07.20 18:10:38 | 000,001,353 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\hpzsetup.LNK
[2010.07.20 18:06:03 | 000,001,972 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\HP Digital Imaging Monitor.lnk
[2010.07.20 17:56:37 | 000,000,316 | ---- | C] () -- C:\ProgramData\hpzinstall.log
[2010.07.20 17:56:33 | 000,148,697 | ---- | C] () -- C:\Windows\hppins20.dat
[2010.07.20 17:55:53 | 000,016,655 | ---- | C] () -- C:\Windows\hppmdl20.dat
[2010.05.19 14:01:58 | 000,540,672 | ---- | C] () -- C:\Windows\System32\Tx32.dll
[2010.05.19 14:01:57 | 000,000,478 | ---- | C] () -- C:\Windows\System32\ic32.ini
[2009.10.20 16:29:38 | 000,117,248 | ---- | C] () -- C:\Windows\System32\EhStorAuthn.dll
[2009.01.22 02:34:38 | 000,159,744 | ---- | C] () -- C:\Windows\System32\atitmmxx.dll
[2008.01.14 17:47:06 | 000,099,712 | ---- | C] () -- C:\Windows\HPBroker.dll
[2006.11.02 14:35:32 | 000,005,632 | ---- | C] () -- C:\Windows\System32\sysprepMCE.dll
[2006.11.02 09:40:29 | 000,013,750 | ---- | C] () -- C:\Windows\System32\pacerprf.ini
 
========== LOP Check ==========
 
[2010.05.05 19:25:30 | 000,000,000 | ---D | M] -- C:\Users\MW\AppData\Roaming\Babylon
[2009.10.30 10:34:44 | 000,000,000 | ---D | M] -- C:\Users\MW\AppData\Roaming\CoSoSys
[2010.08.13 16:47:17 | 000,000,000 | ---D | M] -- C:\Users\MW\AppData\Roaming\D61ECBE1425E89958F94523894DC4F72
[2010.03.31 14:13:54 | 000,000,000 | ---D | M] -- C:\Users\MW\AppData\Roaming\ICQ
[2010.08.13 15:12:49 | 000,000,000 | -HSD | M] -- C:\Users\MW\AppData\Roaming\lowsec
[2010.05.19 14:01:49 | 000,000,000 | ---D | M] -- C:\Users\MW\AppData\Roaming\M-HTOEFL
[2010.05.09 19:59:01 | 000,000,000 | ---D | M] -- C:\Users\MW\AppData\Roaming\Research In Motion
[2010.05.05 16:28:32 | 000,000,000 | ---D | M] -- C:\Users\MW\AppData\Roaming\SumatraPDF
[2009.09.18 18:54:45 | 000,000,000 | ---D | M] -- C:\Users\MW\AppData\Roaming\Template
[2010.02.12 11:51:43 | 000,000,000 | ---D | M] -- C:\Users\MW\AppData\Roaming\TuneUp Software
[2009.09.19 18:00:26 | 000,000,000 | ---D | M] -- C:\Users\MW\AppData\Roaming\WildTangent
[2010.08.13 15:18:43 | 000,032,590 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT
[2010.08.13 16:50:27 | 000,000,350 | ---- | M] () -- C:\Windows\Tasks\SLOW-PCfighter-MW-Startup.job
 
========== Purity Check ==========
 
 
 
========== Alternate Data Streams ==========
 
@Alternate Data Stream - 929 bytes -> C:\Users\MW\Desktop\ Schulung Esprit Promotion am 16.08.2010.eml:OECustomProperty
@Alternate Data Stream - 1069 bytes -> C:\Users\MW\Desktop\Einsätze Esprit Düsseldorf.eml:OECustomProperty
< End of report >
         
--- --- ---
__________________

Geändert von Michael5 (13.08.2010 um 18:58 Uhr)

Alt 13.08.2010, 19:05   #4
cosinus
/// Winkelfunktion
/// TB-Süch-Tiger™
 
Security Suite befällt alle neu installiereten Hilfsprogramme - Standard

Security Suite befällt alle neu installiereten Hilfsprogramme



Beende alle Programme, starte OTL und kopiere folgenden Text in die "Custom Scan/Fixes" Box (unten in OTL): (das ":OTL" muss mitkopiert werden!!!)

Code:
ATTFilter
:OTL
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = download.bleepingcomputer.com;*.bleepingcomputer.com;<local>
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyServer" = http=127.0.0.1:6522
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - No CLSID value found.
O4 - HKLM..\RunOnce: [*evtscabpack.exe] C:\ProgramData\evtscabpack.exe ()
O4 - HKCU..\RunOnce: [*evtscabpack.exe] C:\ProgramData\evtscabpack.exe ()
O33 - MountPoints2\{2ec6c07e-c099-11de-a26d-00269e130426}\Shell - "" = AutoRun
O33 - MountPoints2\{2ec6c07e-c099-11de-a26d-00269e130426}\Shell\AutoRun\command - "" = G:\AutoRun.exe -- File not found
O33 - MountPoints2\{7a2fcecb-cd29-11de-b52e-00269e130426}\Shell - "" = AutoRun
O33 - MountPoints2\{7a2fcecb-cd29-11de-b52e-00269e130426}\Shell\AutoRun\command - "" = I:\LaunchU3.exe -- File not found
O33 - MountPoints2\{8c1d4917-a835-11de-84e8-00269e130426}\Shell - "" = AutoRun
O33 - MountPoints2\{8c1d4917-a835-11de-84e8-00269e130426}\Shell\AutoRun\command - "" = F:\AutoRun.exe -- File not found
O33 - MountPoints2\{8c1d4919-a835-11de-84e8-00269e130426}\Shell - "" = AutoRun
O33 - MountPoints2\{8c1d4919-a835-11de-84e8-00269e130426}\Shell\AutoRun\command - "" = F:\AutoRun.exe -- File not found
O33 - MountPoints2\{8c1d4956-a835-11de-84e8-00269e130426}\Shell - "" = AutoRun
O33 - MountPoints2\{8c1d4956-a835-11de-84e8-00269e130426}\Shell\AutoRun\command - "" = F:\AutoRun.exe -- File not found
O33 - MountPoints2\{8dc56a14-578b-11df-a9a2-00269e130426}\Shell - "" = AutoRun
O33 - MountPoints2\{8dc56a14-578b-11df-a9a2-00269e130426}\Shell\AutoRun\command - "" = G:\AutoRun.exe -- File not found
O33 - MountPoints2\{d3f6fb2c-781c-11df-af97-d9cd2768b43f}\Shell\AutoRun\command - "" = F:\selomoje\sranje.exe -- File not found
O33 - MountPoints2\{d3f6fb2c-781c-11df-af97-d9cd2768b43f}\Shell\explore\command - "" = F:\selomoje\\sranje.exe -- File not found
O33 - MountPoints2\{d3f6fb2c-781c-11df-af97-d9cd2768b43f}\Shell\open\command - "" = F:\selomoje\\sranje.exe -- File not found
O33 - MountPoints2\{d608bc94-a7a6-11de-ab99-00269e130426}\Shell - "" = AutoRun
O33 - MountPoints2\{d608bc94-a7a6-11de-ab99-00269e130426}\Shell\AutoRun\command - "" = F:\AutoRun.exe -- File not found
O33 - MountPoints2\{d608bc95-a7a6-11de-ab99-00269e130426}\Shell - "" = AutoRun
O33 - MountPoints2\{d608bc95-a7a6-11de-ab99-00269e130426}\Shell\AutoRun\command - "" = F:\AutoRun.exe -- File not found
O33 - MountPoints2\{f34c66da-63e3-11df-a657-00269e130426}\Shell - "" = AutoRun
O33 - MountPoints2\{f34c66da-63e3-11df-a657-00269e130426}\Shell\AutoRun\command - "" = F:\AutoRun.exe -- File not found
O33 - MountPoints2\{f34c66dc-63e3-11df-a657-00269e130426}\Shell - "" = AutoRun
O33 - MountPoints2\{f34c66dc-63e3-11df-a657-00269e130426}\Shell\AutoRun\command - "" = F:\AutoRun.exe -- File not found
O33 - MountPoints2\F\Shell - "" = AutoRun
O33 - MountPoints2\F\Shell\AutoRun\command - "" = F:\AutoRun.exe -- File not found
[2010.08.12 22:45:09 | 000,000,000 | ---D | C] -- C:\Users\MW\AppData\Local\bcrcjuvjd
[2010.08.12 22:44:47 | 000,000,000 | -HSD | C] -- C:\Users\MW\AppData\Roaming\lowsec
[2010.08.12 22:44:38 | 000,000,000 | ---D | C] -- C:\Users\MW\AppData\Roaming\D61ECBE1425E89958F94523894DC4F72
[2010.08.13 16:47:17 | 000,154,112 | ---- | M] () -- C:\ProgramData\evtscabpack.exe
:Commands
[purity]
[resethosts]
[emptytemp]
         
Klick dann oben links auf den Button Fix!
Das Logfile müsste geöffnet werden, wenn Du nach dem Fixen auf ok klickst, poste das bitte. Evtl. wird der Rechner neu gestartet.
__________________
Logfiles bitte immer in CODE-Tags posten

Alt 14.08.2010, 10:35   #5
Michael5
 
Security Suite befällt alle neu installiereten Hilfsprogramme - Standard

Security Suite befällt alle neu installiereten Hilfsprogramme



Guten Morgen Arne,

also beim ersten Mal hat es nicht geklappt...Windows hat einen Fehler festgestellt oder so in etwa lautete die Fehlermeldung.
Hier das Logfile:

All processes killed
========== OTL ==========
HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\\ProxyOverride| /E : value set successfully!
HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\\ProxyServer| /E : value set successfully!
Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{7E853D72-626A-48EC-A868-BA8D5E23E045}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{7E853D72-626A-48EC-A868-BA8D5E23E045}\ not found.
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\RunOnce\\*evtscabpack.exe not found.
Invalid CLSID key: *evtscabpack.exe
File C:\ProgramData\evtscabpack.exe not found.
Registry value HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\RunOnce\\*evtscabpack.exe not found.
Invalid CLSID key: *evtscabpack.exe
File C:\ProgramData\evtscabpack.exe not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{2ec6c07e-c099-11de-a26d-00269e130426}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{2ec6c07e-c099-11de-a26d-00269e130426}\ not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{2ec6c07e-c099-11de-a26d-00269e130426}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{2ec6c07e-c099-11de-a26d-00269e130426}\ not found.
File G:\AutoRun.exe not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{7a2fcecb-cd29-11de-b52e-00269e130426}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{7a2fcecb-cd29-11de-b52e-00269e130426}\ not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{7a2fcecb-cd29-11de-b52e-00269e130426}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{7a2fcecb-cd29-11de-b52e-00269e130426}\ not found.
File I:\LaunchU3.exe not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{8c1d4917-a835-11de-84e8-00269e130426}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{8c1d4917-a835-11de-84e8-00269e130426}\ not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{8c1d4917-a835-11de-84e8-00269e130426}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{8c1d4917-a835-11de-84e8-00269e130426}\ not found.
File F:\AutoRun.exe not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{8c1d4919-a835-11de-84e8-00269e130426}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{8c1d4919-a835-11de-84e8-00269e130426}\ not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{8c1d4919-a835-11de-84e8-00269e130426}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{8c1d4919-a835-11de-84e8-00269e130426}\ not found.
File F:\AutoRun.exe not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{8c1d4956-a835-11de-84e8-00269e130426}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{8c1d4956-a835-11de-84e8-00269e130426}\ not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{8c1d4956-a835-11de-84e8-00269e130426}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{8c1d4956-a835-11de-84e8-00269e130426}\ not found.
File F:\AutoRun.exe not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{8dc56a14-578b-11df-a9a2-00269e130426}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{8dc56a14-578b-11df-a9a2-00269e130426}\ not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{8dc56a14-578b-11df-a9a2-00269e130426}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{8dc56a14-578b-11df-a9a2-00269e130426}\ not found.
File G:\AutoRun.exe not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{d3f6fb2c-781c-11df-af97-d9cd2768b43f}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{d3f6fb2c-781c-11df-af97-d9cd2768b43f}\ not found.
File F:\selomoje\sranje.exe not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{d3f6fb2c-781c-11df-af97-d9cd2768b43f}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{d3f6fb2c-781c-11df-af97-d9cd2768b43f}\ not found.
File F:\selomoje\\sranje.exe not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{d3f6fb2c-781c-11df-af97-d9cd2768b43f}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{d3f6fb2c-781c-11df-af97-d9cd2768b43f}\ not found.
File F:\selomoje\\sranje.exe not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{d608bc94-a7a6-11de-ab99-00269e130426}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{d608bc94-a7a6-11de-ab99-00269e130426}\ not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{d608bc94-a7a6-11de-ab99-00269e130426}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{d608bc94-a7a6-11de-ab99-00269e130426}\ not found.
File F:\AutoRun.exe not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{d608bc95-a7a6-11de-ab99-00269e130426}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{d608bc95-a7a6-11de-ab99-00269e130426}\ not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{d608bc95-a7a6-11de-ab99-00269e130426}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{d608bc95-a7a6-11de-ab99-00269e130426}\ not found.
File F:\AutoRun.exe not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{f34c66da-63e3-11df-a657-00269e130426}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{f34c66da-63e3-11df-a657-00269e130426}\ not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{f34c66da-63e3-11df-a657-00269e130426}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{f34c66da-63e3-11df-a657-00269e130426}\ not found.
File F:\AutoRun.exe not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{f34c66dc-63e3-11df-a657-00269e130426}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{f34c66dc-63e3-11df-a657-00269e130426}\ not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{f34c66dc-63e3-11df-a657-00269e130426}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{f34c66dc-63e3-11df-a657-00269e130426}\ not found.
File F:\AutoRun.exe not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\F\ not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\F\ not found.
File F:\AutoRun.exe not found.
Folder C:\Users\MW\AppData\Local\bcrcjuvjd\ not found.
Folder C:\Users\MW\AppData\Roaming\lowsec\ not found.
Folder C:\Users\MW\AppData\Roaming\D61ECBE1425E89958F94523894DC4F72\ not found.
File C:\ProgramData\evtscabpack.exe not found.
========== COMMANDS ==========
C:\Windows\System32\drivers\etc\Hosts moved successfully.
HOSTS file reset successfully

[EMPTYTEMP]

User: All Users

User: Default
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes

User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes

User: MW
->Temp folder emptied: 221930 bytes
->Temporary Internet Files folder emptied: 71817 bytes
->Java cache emptied: 0 bytes
->FireFox cache emptied: 9818705 bytes
->Flash cache emptied: 0 bytes

User: Public

%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 0 bytes
%systemroot%\System32 .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 149871789 bytes
RecycleBin emptied: 3547380130 bytes

Total Files Cleaned = 3.536,00 mb


OTL by OldTimer - Version 3.2.9.1 log created on 08142010_112028

Files\Folders moved on Reboot...
C:\Users\MW\AppData\Local\Temp\ehmsas.txt moved successfully.
File\Folder C:\Windows\temp\JETE7AF.tmp not found!

Registry entries deleted on Reboot...


Alt 14.08.2010, 17:21   #6
cosinus
/// Winkelfunktion
/// TB-Süch-Tiger™
 
Security Suite befällt alle neu installiereten Hilfsprogramme - Standard

Security Suite befällt alle neu installiereten Hilfsprogramme



Dann bitte jetzt CF ausführen:

ComboFix

Ein Leitfaden und Tutorium zur Nutzung von ComboFix
  • Lade dir ComboFix hier herunter auf deinen Desktop. Benenne es beim Runterladen um in cofi.exe.
  • Schliesse alle Programme, vor allem dein Antivirenprogramm und andere Hintergrundwächter sowie deinen Internetbrowser.
  • Starte cofi.exe von deinem Desktop aus, bestätige die Warnmeldungen, führe die Updates durch (falls vorgeschlagen), installiere die Wiederherstellungskonsole (falls vorgeschlagen) und lass dein System durchsuchen.
    Vermeide es auch während Combofix läuft die Maus und Tastatur zu benutzen.
  • Im Anschluss öffnet sich automatisch eine combofix.txt, diesen Inhalt bitte kopieren ([Strg]a, [Strg]c) und in deinen Beitrag einfügen ([Strg]v). Die Datei findest du außerdem unter: C:\ComboFix.txt.
Wichtiger Hinweis:
Combofix darf ausschließlich ausgeführt werden, wenn ein Kompetenzler dies ausdrücklich empfohlen hat!
Es sollte nie auf eigene Initiative hin ausgeführt werden! Eine falsche Benutzung kann ernsthafte Computerprobleme nach sich ziehen und eine Bereinigung der Infektion noch erschweren.
__________________
--> Security Suite befällt alle neu installiereten Hilfsprogramme

Alt 15.08.2010, 18:34   #7
Michael5
 
Security Suite befällt alle neu installiereten Hilfsprogramme - Standard

Security Suite befällt alle neu installiereten Hilfsprogramme



Hallo Arne,

wenn ich das Programm CF starte kommt dieses Fenster, was sich aber auch sofort wieder schließt und dann passiert nichts mehr....
In diesem blauen Fenster steht dann:" ComboFix wird vorbereitet, um ausgeführt zu werden."
Was kann ich da tun?
Dankt & Gruß
Michael

Alt 15.08.2010, 19:30   #8
cosinus
/// Winkelfunktion
/// TB-Süch-Tiger™
 
Security Suite befällt alle neu installiereten Hilfsprogramme - Standard

Security Suite befällt alle neu installiereten Hilfsprogramme



Starte Windows neu, lösch die alte cofi.exe und probier es erneut. CF neu als cofi.exe wieder runterladen und ausführen.
__________________
Logfiles bitte immer in CODE-Tags posten

Alt 15.08.2010, 20:56   #9
Michael5
 
Security Suite befällt alle neu installiereten Hilfsprogramme - Standard

Security Suite befällt alle neu installiereten Hilfsprogramme



Hi Arne,
das ganze hab ich jetzt 3 mal versucht und es funktioniert nicht...
Kann ich noch etwas anderes probieren?
Wie steht es denn um meinen pc?
vg

Alt 15.08.2010, 21:30   #10
cosinus
/// Winkelfunktion
/// TB-Süch-Tiger™
 
Security Suite befällt alle neu installiereten Hilfsprogramme - Standard

Security Suite befällt alle neu installiereten Hilfsprogramme



Dann müssen wir erstmal ohne CF auskommen...
Bitte nun Logs mit GMER und OSAM erstellen und posten. GMER stürzt häufiger ab, wenn das Tool auch beim 2. Mal nicht will, lass es einfach weg und führ nur OSAM aus

Anschließend den bootkit_remover herunterladen. Entpacke das Tool in einen eigenen Ordner auf dem Desktop und führe in diesem Ordner die Datei remove.exe aus.

Wenn Du Windows Vista oder Windows 7 verwendest, musst Du die remover.exe über ein Rechtsklick => als Administrator ausführen

Ein schwarzes Fenster wird sich öffnen und automatisch nach bösartigen Veränderungen im MBR suchen.
Poste dann bitte, ob es Veränderungen gibt und wenn ja in welchem device. Am besten alles posten was die remover.exe ausgibt.
__________________
Logfiles bitte immer in CODE-Tags posten

Alt 15.08.2010, 22:21   #11
Michael5
 
Security Suite befällt alle neu installiereten Hilfsprogramme - Standard

Security Suite befällt alle neu installiereten Hilfsprogramme



...also das OSAM klappt, aber der bootkit_remover funktioniert nicht auch wenn ich das Programm als Administrator ausführe.
Das schwarze Fenster schließt sich einfach und nichts passiert...

OSAM Logfile:
Code:
ATTFilter
Report of OSAM: Autorun Manager v5.0.11926.0
hxxp://www.online-solutions.ru/en/
Saved at 22:52:06 on 15.08.2010

OS: Windows Vista Home Premium Edition Service Pack 2 (Build 6002), 32-bit
Default Browser: Mozilla Corporation Firefox 3.5.11

Scanner Settings
[x] Rootkits detection (hidden registry)
[x] Rootkits detection (hidden files)
[x] Retrieve files information
[x] Check Microsoft signatures

Filters
[ ] Trusted entries
[ ] Empty entries
[x] Hidden registry entries (rootkit activity)
[x] Exclusively opened files
[x] Not found files
[x] Files without detailed information
[x] Existing files
[ ] Non-startable services
[ ] Non-startable drivers
[x] Active entries
[x] Disabled entries


[Common]
-----( %SystemRoot%\Tasks )-----
"GoogleUpdateTaskMachineCore.job" - "Google Inc." - C:\Program Files\Google\Update\GoogleUpdate.exe
"GoogleUpdateTaskMachineUA.job" - "Google Inc." - C:\Program Files\Google\Update\GoogleUpdate.exe
"GoogleUpdateTaskUserS-1-5-21-2040538803-1614266194-2998483818-1000Core.job" - "Google Inc." - C:\Users\MW\AppData\Local\Google\Update\GoogleUpdate.exe
"GoogleUpdateTaskUserS-1-5-21-2040538803-1614266194-2998483818-1000UA.job" - "Google Inc." - C:\Users\MW\AppData\Local\Google\Update\GoogleUpdate.exe
"SLOW-PCfighter-MW-Startup.job" - ? - C:\Program Files\Fighters\SLOW-PCfighter\SLOW-PCfighter.exe  (File not found)

[Control Panel Objects]
-----( %SystemRoot%\system32 )-----
"hpaccelerometercp.CPL" - "Hewlett-Packard Corporation" - C:\Windows\system32\hpaccelerometercp.CPL
-----( HKLM\Software\Microsoft\Windows\CurrentVersion\Control Panel\Cpls )-----
"ProtectSmart Hard Drive Protection" - "Hewlett-Packard Corporation" - C:\Windows\system32\hpaccelerometercp.CPL

[Drivers]
-----( HKLM\SYSTEM\CurrentControlSet\Services )-----
"AMD USB Filter Driver" (usbfilter) - "Advanced Micro Devices Inc." - C:\Windows\System32\DRIVERS\usbfilter.sys
"EraserUtilRebootDrv" (EraserUtilRebootDrv) - "Symantec Corporation" - C:\Program Files\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys
"IDSVix86" (IDSVix86) - "Symantec Corporation" - C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\Definitions\ipsdefs\20090916.003\IDSvix86.sys
"IP in IP Tunnel Driver" (IpInIp) - ? - C:\Windows\System32\DRIVERS\ipinip.sys  (File not found)
"IPX Traffic Filter Driver" (NwlnkFlt) - ? - C:\Windows\System32\DRIVERS\nwlnkflt.sys  (File not found)
"IPX Traffic Forwarder Driver" (NwlnkFwd) - ? - C:\Windows\System32\DRIVERS\nwlnkfwd.sys  (File not found)
"NAVENG" (NAVENG) - ? - C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\Definitions\VirusDefs\20091001.037\NAVENG.SYS  (File not found)
"NAVEX15" (NAVEX15) - ? - C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\Definitions\VirusDefs\20091001.037\NAVEX15.SYS  (File not found)
"Power Control [2009/07/19 03:13:52]" ({55662437-DA8C-40c0-AADA-2C816A897A49}) - ? - C:\Program Files\Hewlett-Packard\Media\DVD\000.fcl
"Symantec Eraser Control driver" (eeCtrl) - "Symantec Corporation" - C:\Program Files\Common Files\Symantec Shared\EENGINE\eeCtrl.sys
"Symantec Extended File Attributes" (SymEFA) - "Symantec Corporation" - C:\Windows\System32\drivers\NIS\1008000.029\SYMEFA.SYS
"Symantec Hash Provider" (ccHP) - "Symantec Corporation" - C:\Windows\System32\Drivers\NIS\1008000.029\ccHPx86.sys
"Symantec Heuristics Driver" (BHDrvx86) - "Symantec Corporation" - C:\Windows\System32\Drivers\NIS\1008000.029\BHDrvx86.sys
"Symantec Network Dispatch Driver" (SYMTDI) - "Symantec Corporation" - C:\Windows\System32\Drivers\NIS\1008000.029\SYMTDI.SYS
"Symantec Real Time Storage Protection" (SRTSP) - "Symantec Corporation" - C:\Windows\System32\Drivers\NIS\1008000.029\SRTSP.SYS
"Symantec Real Time Storage Protection (PEL)" (SRTSPX) - "Symantec Corporation" - C:\Windows\system32\drivers\NIS\1008000.029\SRTSPX.SYS
"SYMDNS" (SYMDNS) - ? - C:\Windows\system32\drivers\NIS\1000000.07D\SYMDNS.SYS  (File not found)
"SymEvent" (SymEvent) - "Symantec Corporation" - C:\Windows\system32\Drivers\SYMEVENT.SYS
"SYMFW" (SYMFW) - ? - C:\Windows\system32\drivers\NIS\1000000.07D\SYMFW.SYS  (File not found)
"SYMNDISV" (SYMNDISV) - ? - C:\Windows\system32\drivers\NIS\1000000.07D\SYMNDISV.SYS  (File not found)
"SYMREDRV" (SYMREDRV) - ? - C:\Windows\system32\drivers\NIS\1000000.07D\SYMREDRV.SYS  (File not found)
"TuneUpUtilitiesDrv" (TuneUpUtilitiesDrv) - "TuneUp Software" - C:\Program Files\TuneUp Utilities 2010\TuneUpUtilitiesDriver32.sys

[Explorer]
-----( HKLM\SOFTWARE\Microsoft\Active Setup\Installed Components )-----
{10880D85-AAD9-4558-ABDC-2AB1552D831F} "LightScribe Control Panel" - "Hewlett-Packard Company" - "C:\Program Files\Common Files\LightScribe\LSRunOnce.exe"
-----( HKLM\Software\Classes\Folder\shellex\ColumnHandlers )-----
{F9DB5320-233E-11D1-9F84-707F02C10627} "PDF Shell Extension" - "Adobe Systems, Inc." - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\PDFShell.dll
-----( HKLM\Software\Classes\Protocols\Filter )-----
{807563E5-5146-11D5-A672-00B0D022E945} "Microsoft Office InfoPath XML Mime Filter" - "Microsoft Corporation" - C:\PROGRA~1\COMMON~1\MICROS~1\OFFICE12\MSOXMLMF.DLL
-----( HKLM\Software\Classes\Protocols\Handler )-----
{314111c7-a502-11d2-bbca-00c04f8ec294} "HxProtocol Class" - "Microsoft Corporation" - C:\Program Files\Common Files\Microsoft Shared\Help\hxds.dll
{828030A1-22C1-4009-854F-8E305202313F} "livecall" - "Microsoft Corporation" - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
{0A9007C0-4076-11D3-8789-0000F8105754} "Microsoft Infotech Storage Protocol for IE 4.0" - "Microsoft Corporation" - C:\Program Files\Common Files\Microsoft Shared\Information Retrieval\msitss.dll
{828030A1-22C1-4009-854F-8E305202313F} "msnim" - "Microsoft Corporation" - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
{AA1061FE-6C41-421f-9344-69640C9732AB} "symres" - "Symantec Corporation" - C:\Program Files\Norton Internet Security\Engine\16.8.0.41\coIEPlg.dll
-----( HKLM\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved )-----
{911051fa-c21c-4246-b470-070cd8df6dc4} ".cab or .zip files" - ? -   (File not found | COM-object registry key not found)
{1b24a030-9b20-49bc-97ac-1be4426f9e59} "ActiveDirectory Folder" - ? -   (File not found | COM-object registry key not found)
{34449847-FD14-4fc8-A75A-7432F5181EFB} "ActiveDirectory Folder" - ? -   (File not found | COM-object registry key not found)
{0F8604A5-4ECE-4DE1-BA7D-CF10F8AA4F48} "Contacts folder" - ? -   (File not found | COM-object registry key not found)
{2C2577C2-63A7-40e3-9B7F-586602617ECB} "Explorer Query Band" - ? -   (File not found | COM-object registry key not found)
{FAC3CBF6-8697-43d0-BAB9-DCD1FCE19D75} "IE User Assist" - ? -   (File not found | COM-object registry key not found)
{00020d75-0000-0000-c000-000000000046} "lnkfile" - ? -   (File not found | COM-object registry key not found)
{FC9FB64A-1EB2-4CCF-AF5E-1A497A9B5C2D} "Meine freigegebenen Ordner" - "Microsoft Corporation" - C:\Program Files\MSN Messenger\fsshext.8.1.0178.00.dll
{42042206-2D85-11D3-8CFF-005004838597} "Microsoft Office HTML Icon Handler" - "Microsoft Corporation" - C:\Program Files\Microsoft Office\Office12\msohevi.dll
{993BE281-6695-4BA5-8A2A-7AACBFAAB69E} "Microsoft Office Metadata Handler" - "Microsoft Corporation" - C:\PROGRA~1\COMMON~1\MICROS~1\OFFICE12\msoshext.dll
{5858A72C-C2B4-4dd7-B2BF-B76DB1BD9F6C} "Microsoft Office OneNote Namespace Extension for Windows Desktop Search" - "Microsoft Corporation" - C:\PROGRA~1\MICROS~3\Office12\ONFILTER.DLL
{C41662BB-1FA0-4CE0-8DC5-9B7F8279FF97} "Microsoft Office Thumbnail Handler" - "Microsoft Corporation" - C:\PROGRA~1\COMMON~1\MICROS~1\OFFICE12\msoshext.dll
{F0CB00CD-5A07-4D91-97F5-A8C92CDA93E4} "RealOne Player Context Menu Class" - "RealNetworks, Inc." - C:\Program Files\Real\RealPlayer\rpshell.dll
{C8494E42-ACDD-4739-B0FB-217361E4894F} "Sam Account Folder" - ? -   (File not found | COM-object registry key not found)
{E29F9716-5C08-4FCD-955A-119FDB5A522D} "Sam Account Folder" - ? -   (File not found | COM-object registry key not found)
{7F67036B-66F1-411A-AD85-759FB9C5B0DB} "ShellViewRTF" - "XSS" - C:\Program Files\Sminst\ShellvRTF.dll
{5E2121EE-0300-11D4-8D3B-444553540000} "SimpleShlExt Class" - "Advanced Micro Devices, Inc." - C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\atiacmxx.dll
{4838CD50-7E5D-4811-9B17-C47A85539F28} "TuneUp Disk Space Explorer Shell Extension" - "TuneUp Software" - C:\Program Files\TuneUp Utilities 2010\DseShExt-x86.dll
{4858E7D9-8E12-45a3-B6A3-1CD128C9D403} "TuneUp Shredder Shell Extension" - "TuneUp Software" - C:\Program Files\TuneUp Utilities 2010\SDShelEx-win32.dll
{44440D00-FF19-4AFC-B765-9A0970567D97} "TuneUp Theme Extension" - "TuneUp Software" - C:\Windows\System32\uxtuneup.dll
{da67b8ad-e81b-4c70-9b91b417b5e33527} "Windows Search Shell Service" - ? -   (File not found | COM-object registry key not found)
{B41DB860-8EE4-11D2-9906-E49FADC173CA} "WinRAR" - "Alexander Roshal" - C:\Program Files\WinRAR\rarext.dll

[Internet Explorer]
-----( HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser )-----
<binary data> "AOL Toolbar" - "AOL LLC" - C:\Program Files\AOL\AOL Toolbar 5.0\aoltb.dll
ITBar7Height "ITBar7Height" - ? -   (File not found | COM-object registry key not found)
<binary data> "ITBar7Layout" - ? -   (File not found | COM-object registry key not found)
<binary data> "myBabylon English Toolbar" - "Conduit Ltd." - C:\Program Files\myBabylon_English\tbmyBa.dll
<binary data> "Norton Toolbar" - "Symantec Corporation" - C:\Program Files\Norton Internet Security\Engine\16.8.0.41\coIEPlg.dll
<binary data> "softonic-de3 Toolbar" - "Conduit Ltd." - C:\Program Files\softonic-de3\tbsoft.dll
-----( HKCU\Software\Microsoft\Internet Explorer\URLSearchHooks )-----
{855F3B16-6D32-4fe6-8A56-BBB695989046} "ICQToolBar" - "ICQ" - C:\Program Files\ICQ6Toolbar\ICQToolBar.dll
{b2e293ee-fd7e-4c71-a714-5f4750d8d7b7} "myBabylon English Toolbar" - "Conduit Ltd." - C:\Program Files\myBabylon_English\tbmyBa.dll
{cc05a3e3-64c3-4af2-bfc1-af0d66b69065} "softonic-de3 Toolbar" - "Conduit Ltd." - C:\Program Files\softonic-de3\tbsoft.dll
 "{855F3B16-6D32-4fe6-8A56-BBB695989046}" - ? -   (File not found | COM-object registry key not found)
-----( HKLM\SOFTWARE\Microsoft\Code Store Database\Distribution Units )-----
{67DABFBF-D0AB-41FA-9C46-CC0F21721616} "DivXBrowserPlugin Object" - "DivX,Inc." - C:\Program Files\DivX\DivX Web Player\npdivx32.dll / hxxp://download.divx.com/player/DivXBrowserPlugin.cab
{73ECB3AA-4717-450C-A2AB-D00DAD9EE203} "GMNRev Class" - "Hewlett-Packard" - C:\Program Files\HP\Common\HPGMNRev.dll / hxxp://h20270.www2.hp.com/ediags/gmn2/install/HPProductDetection2.cab
{33415AC7-AFFA-4D55-B41C-C64C0D07DFCA} "Hewlett-Packard Printer Diagnostics" - "Hewlett-Packard" - C:\Windows\DOWNLO~1\HPISWE~1.DLL / hxxp://h50203.www5.hp.com/HPISWeb/Customer/cabs/HPISWebManager.CAB
{8AD9C840-044E-11D1-B3E9-00805F499D93} "Java Plug-in 1.6.0_18" - "Sun Microsystems, Inc." - C:\Program Files\Java\jre6\bin\jp2iexp.dll / hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_18-windows-i586.cab
{CAFEEFAC-0016-0000-0018-ABCDEFFEDCBA} "Java Plug-in 1.6.0_18" - "Sun Microsystems, Inc." - C:\Program Files\Java\jre6\bin\jp2iexp.dll / hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_18-windows-i586.cab
{CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} "Java Plug-in 1.6.0_18" - "Sun Microsystems, Inc." - C:\Program Files\Java\jre6\bin\npjpi160_18.dll / hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_18-windows-i586.cab
{02BF25D5-8C17-4B23-BC80-D3488ABDDC6B} "QuickTime Plugin Control" - "Apple Inc." - C:\Program Files\QuickTime\QTPlugin.ocx / hxxp://appldnld.apple.com.edgesuite.net/content.info.apple.com/QuickTime/qtactivex/qtplugin.cab
-----( HKLM\SOFTWARE\Microsoft\Internet Explorer\Explorer Bars )-----
{855F3B16-6D32-4fe6-8A56-BBB695989046} "ICQToolBar" - "ICQ" - C:\Program Files\ICQ6Toolbar\ICQToolBar.dll
-----( HKLM\SOFTWARE\Microsoft\Internet Explorer\Extensions )-----
{48E73304-E1D6-4330-914C-F5F514E3486C} "An OneNote senden" - "Microsoft Corporation" - C:\PROGRA~1\MICROS~3\Office12\ONBttnIE.dll
"ICQ6" - "ICQ, LLC." - C:\Program Files\ICQ6.5\ICQ.exe
{FF059E31-CC5A-4E2E-BF3B-96E929D65503} "Research" - "Microsoft Corporation" - C:\PROGRA~1\MICROS~3\Office12\REFIEBAR.DLL
"Translate this web page with Babylon" - ? - res://C:\Program Files\Babylon\Babylon-Pro\Utils\BabylonIEPI.dll/ActionTU.htm  (File not found)
-----( HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar )-----
{DE9C389F-3316-41A7-809B-AA305ED9D922} "AOL Toolbar" - "AOL LLC" - C:\Program Files\AOL\AOL Toolbar 5.0\aoltb.dll
{855F3B16-6D32-4fe6-8A56-BBB695989046} "ICQToolBar" - "ICQ" - C:\Program Files\ICQ6Toolbar\ICQToolBar.dll
{b2e293ee-fd7e-4c71-a714-5f4750d8d7b7} "myBabylon English Toolbar" - "Conduit Ltd." - C:\Program Files\myBabylon_English\tbmyBa.dll
{7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} "Norton Toolbar" - "Symantec Corporation" - C:\Program Files\Norton Internet Security\Engine\16.8.0.41\coIEPlg.dll
{cc05a3e3-64c3-4af2-bfc1-af0d66b69065} "softonic-de3 Toolbar" - "Conduit Ltd." - C:\Program Files\softonic-de3\tbsoft.dll
-----( HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects )-----
{18DF081C-E8AD-4283-A596-FA578C2EBDC3} "Adobe PDF Link Helper" - "Adobe Systems Incorporated" - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
{7C554162-8CB7-45A4-B8F4-8EA1C75885F9} "AOL Toolbar BHO" - "AOL LLC" - C:\Program Files\AOL\AOL Toolbar 5.0\aoltb.dll
{9CFACCB6-2F3F-4177-94EA-0D2B72D384C1} "Babylon IE plugin" - "Babylon Ltd." - C:\Program Files\Babylon\Babylon-Pro\Utils\BabylonIEPI.dll
{DBC80044-A445-435b-BC74-9C25C1C588A9} "Java(tm) Plug-In 2 SSV Helper" - "Sun Microsystems, Inc." - C:\Program Files\Java\jre6\bin\jp2ssv.dll
{b2e293ee-fd7e-4c71-a714-5f4750d8d7b7} "myBabylon English Toolbar" - "Conduit Ltd." - C:\Program Files\myBabylon_English\tbmyBa.dll
{3049C3E9-B461-4BC5-8870-4C09146192CA} "RealPlayer Download and Record Plugin for Internet Explorer" - "RealPlayer" - C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\IE\rpbrowserrecordplugin.dll
{cc05a3e3-64c3-4af2-bfc1-af0d66b69065} "softonic-de3 Toolbar" - "Conduit Ltd." - C:\Program Files\softonic-de3\tbsoft.dll
{6D53EC84-6AAE-4787-AEEE-F4628F01010C} "Symantec Intrusion Prevention" - "Symantec Corporation" - C:\Program Files\Norton Internet Security\Engine\16.8.0.41\IPSBHO.DLL
{602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} "Symantec NCO BHO" - "Symantec Corporation" - C:\Program Files\Norton Internet Security\Engine\16.8.0.41\coIEPlg.dll

[Logon]
-----( %APPDATA%\Microsoft\Windows\Start Menu\Programs\Startup )-----
"desktop.ini" - ? - C:\Users\MW\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\desktop.ini
-----( %AllUsersProfile%\Microsoft\Windows\Start Menu\Programs\Startup )-----
"desktop.ini" - ? - C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\desktop.ini
"HP Digital Imaging Monitor.lnk" - "Hewlett-Packard Co." - C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe  (Shortcut exists | File exists)
"hpzsetup.LNK" - "Hewlett-Packard" - C:\Program Files\HP\Temp\{981DE354-9301-440f-AAFC-025AA2354A93}\hpzstub.exe  (Shortcut exists | File exists)
-----( HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Run )-----
"Google Update" - "Google Inc." - "C:\Users\MW\AppData\Local\Google\Update\GoogleUpdate.exe" /c
"HPAdvisor" - "Hewlett-Packard" - C:\Program Files\Hewlett-Packard\HP Advisor\HPAdvisor.exe autorun=AUTORUN
"ICQ" - "ICQ, LLC." - "C:\Program Files\ICQ6.5\ICQ.exe" silent
"LightScribe Control Panel" - "Hewlett-Packard Company" - C:\Program Files\Common Files\LightScribe\LightScribeControlPanel.exe -hidden
"msnmsgr" - "Microsoft Corporation" - "C:\PROGRA~1\MSNMES~1\msnmsgr.exe" /background
-----( HKLM\SYSTEM\CurrentControlSet\Control\Terminal Server\Wds\rdpwd )-----
"StartupPrograms" - ? - rdpclip  (File not found)
-----( HKLM\Software\Microsoft\Windows\CurrentVersion\Run )-----
"Adobe ARM" - "Adobe Systems Incorporated" - "C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
"Adobe Reader Speed Launcher" - "Adobe Systems Incorporated" - "C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe"
"BlackBerryAutoUpdate" - "Research In Motion Limited" - C:\Program Files\Common Files\Research In Motion\Auto Update\RIMAutoUpdate.exe /background
"CLMLServer for HP TouchSmart" - "CyberLink" - "C:\Program Files\Hewlett-Packard\TouchSmart\Media\Kernel\CLML\CLMLSvc.exe"
"DVDAgent" - "CyberLink Corp." - "C:\Program Files\Hewlett-Packard\Media\DVD\DVDAgent.exe"
"HP Health Check Scheduler" - "Hewlett-Packard" - c:\Program Files\Hewlett-Packard\HP Health Check\HPHC_Scheduler.exe
"HP Software Update" - "Hewlett-Packard Co." - C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
" Malwarebytes Anti-Malware  (reboot)" - "Malwarebytes Corporation" - "C:\Program Files\Herbert.exe\mbam.exe" /runcleanupscript
"QlbCtrl.exe" - " Hewlett-Packard Development Company, L.P." - C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\QlbCtrl.exe /Start
"RemoteControl" - "Cyberlink Corp." - "C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe"
"SmartMenu" - "Hewlett-Packard" - %ProgramFiles%\Hewlett-Packard\HP MediaSmart\SmartMenu.exe
"StartCCC" - "Advanced Micro Devices, Inc." - "C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" MSRun
"SunJavaUpdateSched" - "Sun Microsystems, Inc." - "C:\Program Files\Common Files\Java\Java Update\jusched.exe"
"TkBellExe" - "RealNetworks, Inc." - "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
"TSMAgent" - "CyberLink Corp." - "C:\Program Files\Hewlett-Packard\TouchSmart\Media\TSMAgent.exe"
"TVAgent" - "CyberLink Corp." - "C:\Program Files\Hewlett-Packard\Media\TV\TVAgent.exe"
"UCam_Menu" - "CyberLink Corp." - "C:\Program Files\Hewlett-Packard\Media\Webcam\MUITransfer\MUIStartMenu.exe" "C:\Program Files\Hewlett-Packard\Media\Webcam" update "Software\Hewlett-Packard\Media\Webcam"
"UpdateLBPShortCut" - "CyberLink Corp." - "C:\Program Files\CyberLink\LabelPrint\MUITransfer\MUIStartMenu.exe" "C:\Program Files\CyberLink\LabelPrint" UpdateWithCreateOnce "Software\CyberLink\LabelPrint\2.5"
"UpdateP2GoShortCut" - "CyberLink Corp." - "C:\Program Files\CyberLink\Power2Go\MUITransfer\MUIStartMenu.exe" "C:\Program Files\CyberLink\Power2Go" UpdateWithCreateOnce "SOFTWARE\CyberLink\Power2Go\6.0"
"UpdatePDIRShortCut" - "CyberLink Corp." - "C:\Program Files\CyberLink\PowerDirector\MUITransfer\MUIStartMenu.exe" "C:\Program Files\CyberLink\PowerDirector" UpdateWithCreateOnce "SOFTWARE\CyberLink\PowerDirector\7.0"
"UpdatePSTShortCut" - "CyberLink Corp." - "C:\Program Files\CyberLink\DVD Suite\MUITransfer\MUIStartMenu.exe" "C:\Program Files\CyberLink\DVD Suite" UpdateWithCreateOnce "Software\CyberLink\PowerStarter"
"WirelessAssistant" - "Hewlett-Packard" - C:\Program Files\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe

[Print Monitors]
-----( HKLM\SYSTEM\CurrentControlSet\Control\Print\Monitors )-----
"LIDIL hpzll4v2" - "Hewlett-Packard Company" - C:\Windows\system32\hpzll4v2.dll
"Send To Microsoft OneNote Monitor" - "Microsoft Corporation" - C:\Windows\system32\msonpmon.dll

[Services]
-----( HKLM\SYSTEM\CurrentControlSet\Services )-----
"@%SystemRoot%\System32\uxtuneup.dll,-4096" (UxTuneUp) - "TuneUp Software" - C:\Windows\System32\uxtuneup.dll
"@C:\Program Files\TuneUp Utilities 2010\TuneUpDefragService.exe,-1" (TuneUp.Defrag) - "TuneUp Software" - C:\Program Files\TuneUp Utilities 2010\TuneUpDefragService.exe
"@C:\Windows\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe,-100" (WPFFontCache_v0400) - "Microsoft Corporation" - C:\Windows\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe
"Com4QLBEx" (Com4QLBEx) - "Hewlett-Packard Development Company, L.P." - C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\Com4QLBEx.exe
"Cyberlink RichVideo Service(CRVS)" (RichVideo) - ? - C:\Program Files\CyberLink\Shared files\RichVideo.exe
"Easybits Shared Services for Windows" (ezSharedSvc) - "EasyBits Sofware AS" - C:\Windows\System32\ezsvc7.dll
"GameConsoleService" (GameConsoleService) - "WildTangent, Inc." - C:\Program Files\HP Games\My HP Game Console\GameConsoleService.exe
"Google Update Service (gupdate)" (gupdate) - "Google Inc." - C:\Program Files\Google\Update\GoogleUpdate.exe
"HP CUE DeviceDiscovery Service" (hpqddsvc) - "Hewlett-Packard Co." - C:\Program Files\HP\Digital Imaging\bin\hpqddsvc.dll
"HP Health Check Service" (HP Health Check Service) - "Hewlett-Packard" - c:\Program Files\Hewlett-Packard\HP Health Check\hphc_service.exe
"hpqcxs08" (hpqcxs08) - "Hewlett-Packard Co." - C:\Program Files\HP\Digital Imaging\bin\hpqcxs08.dll
"hpqwmiex" (hpqwmiex) - "Hewlett-Packard Development Company, L.P." - C:\Program Files\Hewlett-Packard\Shared\hpqwmiex.exe
"ICQ Service" (ICQ Service) - ? - C:\Program Files\ICQ6Toolbar\ICQ Service.exe
"LightScribeService Direct Disc Labeling Service" (LightScribeService) - "Hewlett-Packard Company" - C:\Program Files\Common Files\LightScribe\LSSrvc.exe
"Messenger USN Journal Reader-Service für freigegebene Ordner" (usnjsvc) - "Microsoft Corporation" - C:\Program Files\MSN Messenger\usnsvc.exe
"Microsoft .NET Framework NGEN v4.0.30319_X86" (clr_optimization_v4.0.30319_32) - "Microsoft Corporation" - C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe
"Microsoft Office Diagnostics Service" (odserv) - "Microsoft Corporation" - C:\Program Files\Common Files\Microsoft Shared\OFFICE12\ODSERV.EXE
"Net Driver HPZ12" (Net Driver HPZ12) - "Hewlett-Packard" - C:\Windows\system32\HPZinw12.dll
"Norton Internet Security" (Norton Internet Security) - "Symantec Corporation" - C:\Program Files\Norton Internet Security\Engine\16.8.0.41\ccSvcHst.exe
"Office Source Engine" (ose) - "Microsoft Corporation" - C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE
"Pml Driver HPZ12" (Pml Driver HPZ12) - "Hewlett-Packard" - C:\Windows\system32\HPZipm12.dll
"Recovery Service for Windows" (Recovery Service for Windows) - ? - C:\Program Files\SMINST\BLService.exe
"TuneUp Utilities Service" (TuneUp.UtilitiesSvc) - "TuneUp Software" - C:\Program Files\TuneUp Utilities 2010\TuneUpUtilitiesService32.exe
"TV Background Capture Service (TVBCS)" (TVCapSvc) - ? - C:\Program Files\Hewlett-Packard\Media\TV\Kernel\TV\TVCapSvc.exe
"TV Task Scheduler (TVTS)" (TVSched) - ? - C:\Program Files\Hewlett-Packard\Media\TV\Kernel\TV\TVSched.exe

===[ Logfile end ]=========================================[ Logfile end ]===
         
--- --- ---

If You have questions or want to get some help, You can visit hxxp://forum.online-solutions.ru

Alt 15.08.2010, 22:32   #12
cosinus
/// Winkelfunktion
/// TB-Süch-Tiger™
 
Security Suite befällt alle neu installiereten Hilfsprogramme - Standard

Security Suite befällt alle neu installiereten Hilfsprogramme



Dann probier mbrcheck wenn der remover nicht will:

Downloade Dir bitte MBRCheck (by a_d_13) und speichere die Datei auf dem Desktop.
  • Doppelklick auf die MBRCheck.exe.
    Vista und Win7 User mit Rechtsklick "als Administrator starten"
  • Das Tool braucht nur eine Sekunde.
  • Danach solltest du eine MBRCheck_<Datum>_<Uhrzeit>.txt auf dem Desktop finden.
Poste mir bitte den Inhalt des .txt Dokumentes
__________________
Logfiles bitte immer in CODE-Tags posten

Alt 16.08.2010, 20:51   #13
Michael5
 
Security Suite befällt alle neu installiereten Hilfsprogramme - Standard

Security Suite befällt alle neu installiereten Hilfsprogramme



Guten Abend Arne,

wenn ich den MBRCheck ausführe, öffnet sich ein Fenster und nichts weiter passiert.
Wenn ich dann y und Enter klicke, kommt folgender Text im Fenster:
Miniaturansicht angehängter Grafiken
-fenster-1.jpg  

Alt 16.08.2010, 21:00   #14
cosinus
/// Winkelfunktion
/// TB-Süch-Tiger™
 
Security Suite befällt alle neu installiereten Hilfsprogramme - Standard

Security Suite befällt alle neu installiereten Hilfsprogramme



Ja, ist da keine Textdatei aufm Desktop wie beschrieben?
__________________
Logfiles bitte immer in CODE-Tags posten

Alt 18.08.2010, 10:15   #15
Michael5
 
Security Suite befällt alle neu installiereten Hilfsprogramme - Standard

Security Suite befällt alle neu installiereten Hilfsprogramme



Guten Morgen Arne,

da ist keine Textdatei....
Ich soll ja dann 1, 2 oder 3 eingeben, aber nichts weiter passiert.
Hast Du noch eine andere Lösung?
VG

Antwort

Themen zu Security Suite befällt alle neu installiereten Hilfsprogramme
adware.bho, anti-malware, antimalware, anwendung, appdata, backdoor.bot, bericht, dateien, desktop, email, explorer, explorer.exe, folge, forum, heuristics.reserved.word.exploit, launch, local\temp, microsoft, neu, programm, roaming, rogue.antimalwaredoctor, rootkit.dropper, runonce, security, service pack 2, software, start, start menu, super, trojan.agent.ge, userinit, virus, weiterleitung




Ähnliche Themen: Security Suite befällt alle neu installiereten Hilfsprogramme


  1. Windows 7: "HealthAlert" befällt alle Browser
    Log-Analyse und Auswertung - 25.01.2015 (13)
  2. Meldung Windows Security Alert / AV Security Suite / Antivirus Software Alert
    Plagegeister aller Art und deren Bekämpfung - 17.09.2010 (26)
  3. Security Suite
    Plagegeister aller Art und deren Bekämpfung - 13.09.2010 (22)
  4. Windows Security Alert / AV Security Suite / Antivirus Software Alert / gefakter AV lähmt PC
    Plagegeister aller Art und deren Bekämpfung - 09.09.2010 (3)
  5. Security Suite
    Plagegeister aller Art und deren Bekämpfung - 09.09.2010 (7)
  6. Trojaner/Virus befällt alle .exe Dateien / AntiVir ohne Wirkung / Malware?
    Plagegeister aller Art und deren Bekämpfung - 05.09.2010 (11)
  7. Trojaner befällt alle exe.dateien
    Plagegeister aller Art und deren Bekämpfung - 05.09.2010 (1)
  8. Security Suite
    Plagegeister aller Art und deren Bekämpfung - 02.09.2010 (24)
  9. Malware / Virus / Trojaner - "Windows Security Alert / Security Suite"
    Plagegeister aller Art und deren Bekämpfung - 31.08.2010 (11)
  10. Windows Security Alert / AV Security Suite / Antivirus Software Alert// Ohne Internet
    Plagegeister aller Art und deren Bekämpfung - 21.07.2010 (1)
  11. AV Security Suite
    Plagegeister aller Art und deren Bekämpfung - 20.07.2010 (11)
  12. AV Security Suite
    Log-Analyse und Auswertung - 15.07.2010 (7)
  13. AV Security Suite
    Log-Analyse und Auswertung - 14.07.2010 (18)
  14. AV Security Suite
    Plagegeister aller Art und deren Bekämpfung - 12.07.2010 (1)
  15. AV Security Suite
    Plagegeister aller Art und deren Bekämpfung - 24.06.2010 (1)
  16. av security suite
    Plagegeister aller Art und deren Bekämpfung - 23.06.2010 (5)
  17. AV security suite
    Plagegeister aller Art und deren Bekämpfung - 14.06.2010 (11)

Zum Thema Security Suite befällt alle neu installiereten Hilfsprogramme - Hallo zusammen, ich hoffe mal, dass der Text im richtigen Bereich ist. Also ich habe folgendes Problem. Gestern hab ich abends meinen PC hochgefahren und sofort nach dem Start wurde - Security Suite befällt alle neu installiereten Hilfsprogramme...
Archiv
Du betrachtest: Security Suite befällt alle neu installiereten Hilfsprogramme auf Trojaner-Board

Search Engine Optimization by vBSEO ©2011, Crawlability, Inc.