| |
| |||||||
Plagegeister aller Art und deren Bekämpfung: Security Tool lässt sich nicht entfernenWindows 7 Wenn Du nicht sicher bist, ob Du dir Malware oder Trojaner eingefangen hast, erstelle hier ein Thema. Ein Experte wird sich mit weiteren Anweisungen melden und Dir helfen die Malware zu entfernen oder Unerwünschte Software zu deinstallieren bzw. zu löschen. Bitte schildere dein Problem so genau wie möglich. Sollte es ein Trojaner oder Viren Problem sein wird ein Experte Dir bei der Beseitigug der Infektion helfen. |
15.08.2010, 13:22
| #1 |
 |  Security Tool lässt sich nicht entfernen Hi, ich habe mir wie diverse andere Leute hier im Forum auch dieses SecurityTool eingefangen. Jetzt lässt sich keine Anwendung mehr starten. Und es kommen ständig diese "Fake Viren Warnungen". Ich habe alle Scans die in einem anderen Thema stehen durchgeführt. Konnte das aber alles nur im Abgesicherten Modus machen da ich wenn ich Windows normal starte ja keine Programme ausführen kann. mbam log mit Virenfund: Code:
ATTFilter Malwarebytes' Anti-Malware 1.46
w.malwarebytes.org
Datenbank Version: 4418
Windows 6.1.7600 (Safe Mode)
Internet Explorer 8.0.7600.16385
14.08.2010 19:05:40
mbam-log-2010-08-14 (19-05-40).txt
Art des Suchlaufs: Vollständiger Suchlauf (A:\|C:\|D:\|E:\|F:\|J:\|)
Durchsuchte Objekte: 322615
Laufzeit: 33 Minute(n), 44 Sekunde(n)
Infizierte Speicherprozesse: 0
Infizierte Speichermodule: 0
Infizierte Registrierungsschlüssel: 0
Infizierte Registrierungswerte: 0
Infizierte Dateiobjekte der Registrierung: 0
Infizierte Verzeichnisse: 0
Infizierte Dateien: 1
Infizierte Speicherprozesse:
(Keine bösartigen Objekte gefunden)
Infizierte Speichermodule:
(Keine bösartigen Objekte gefunden)
Infizierte Registrierungsschlüssel:
(Keine bösartigen Objekte gefunden)
Infizierte Registrierungswerte:
(Keine bösartigen Objekte gefunden)
Infizierte Dateiobjekte der Registrierung:
(Keine bösartigen Objekte gefunden)
Infizierte Verzeichnisse:
(Keine bösartigen Objekte gefunden)
Infizierte Dateien:
C:\Users\***\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Security Tool.LNK (Rogue.SecurityTool) -> No action taken.
Code:
ATTFilter Malwarebytes' Anti-Malware 1.46
w.malwarebytes.org
Datenbank Version: 4418
Windows 6.1.7600 (Safe Mode)
Internet Explorer 8.0.7600.16385
14.08.2010 20:04:41
mbam-log-2010-08-14 (20-04-41).txt
Art des Suchlaufs: Vollständiger Suchlauf (A:\|C:\|D:\|E:\|F:\|)
Durchsuchte Objekte: 325077
Laufzeit: 34 Minute(n), 27 Sekunde(n)
Infizierte Speicherprozesse: 0
Infizierte Speichermodule: 0
Infizierte Registrierungsschlüssel: 0
Infizierte Registrierungswerte: 0
Infizierte Dateiobjekte der Registrierung: 0
Infizierte Verzeichnisse: 0
Infizierte Dateien: 0
Infizierte Speicherprozesse:
(Keine bösartigen Objekte gefunden)
Infizierte Speichermodule:
(Keine bösartigen Objekte gefunden)
Infizierte Registrierungsschlüssel:
(Keine bösartigen Objekte gefunden)
Infizierte Registrierungswerte:
(Keine bösartigen Objekte gefunden)
Infizierte Dateiobjekte der Registrierung:
(Keine bösartigen Objekte gefunden)
Infizierte Verzeichnisse:
(Keine bösartigen Objekte gefunden)
Infizierte Dateien:
(Keine bösartigen Objekte gefunden)
hijackthis Log: Code:
ATTFilter Logfile of Trend Micro HijackThis v2.0.4 Scan saved at 20:07:52, on 14.08.2010 Platform: Windows 7 (WinNT 6.00.3504) MSIE: Internet Explorer v8.00 (8.00.7600.16385) Boot mode: Safe mode Running processes: C:\Windows\Explorer.EXE C:\Windows\system32\ctfmon.exe C:\Users\***\Desktop\HiJackThis204.exe R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://go.microsoft.com/fwlink/?LinkId=54896 R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://go.microsoft.com/fwlink/?LinkId=69157 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://go.microsoft.com/fwlink/?LinkId=69157 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = hxxp://go.microsoft.com/fwlink/?LinkId=54896 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://go.microsoft.com/fwlink/?LinkId=54896 R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://go.microsoft.com/fwlink/?LinkId=69157 R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch = R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = O2 - BHO: ContributeBHO Class - {074C1DC5-9320-4A9A-947D-C042949C6216} - D:\Programme\Adobe CS5\Adobe Contribute CS5\Plugins\IEPlugin\contributeieplugin.dll O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\PROGRA~1\MICROS~2\Office14\GROOVEEX.DLL O2 - BHO: URLRedirectionBHO - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\PROGRA~1\MICROS~2\Office14\URLREDIR.DLL O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll O3 - Toolbar: DAEMON Tools Toolbar - {32099AAC-C132-4136-9E9A-4E364A424E17} - C:\Program Files\DAEMON Tools Toolbar\DTToolbar.dll O3 - Toolbar: Contribute Toolbar - {517BDDE4-E3A7-4570-B21E-2B52B6139FC7} - D:\Programme\Adobe CS5\Adobe Contribute CS5\Plugins\IEPlugin\contributeieplugin.dll O4 - HKLM\..\Run: [avgnt] "D:\Programme\Avira\AntiVir Desktop\avgnt.exe" /min O4 - HKLM\..\Run: [RtHDVCpl] C:\Program Files\Realtek\Audio\HDA\RtHDVCpl.exe -s O4 - HKLM\..\Run: [ Malwarebytes Anti-Malware (reboot)] "D:\Programme\Malwarebytes' Anti-Malware\mbam.exe" /runcleanupscript O4 - HKLM\..\Run: [VC10Player] D:\Programe\Virtual CD v10\System\VC10Play.exe O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime O4 - HKLM\..\Run: [DivXUpdate] "C:\Program Files\DivX\DivX Update\DivXUpdate.exe" /CHECKNOW O4 - HKCU\..\Run: [BdeUtvol] rundll32 "C:\Users\***\AppData\Local\Temp\hwrcsass.dll",DllEntryPoint O4 - HKCU\..\Run: [\\EDE\EPSON Stylus DX5000 Series] C:\Windows\system32\spool\DRIVERS\W32X86\3\E_FATIBVE.EXE /FU "C:\Users\***\AppData\Local\Temp\E_S3E38.tmp" /EF "HKCU" O4 - HKCU\..\Run: [{AA8ACD96-912D-4EA1-15C0-257FDE060C83}] C:\Users\***\AppData\Roaming\Cinya\asmau.exe O4 - HKCU\..\Run: [{B43C4100-3CD8-7317-A747-864313D88DF2}] C:\Users\***\AppData\Roaming\Abuliw\dedy.exe O4 - HKCU\..\Run: [{570F1A73-FAE0-56F4-048F-6E8B5F70184A}] C:\Users\***\AppData\Roaming\Igsuw\sofo.exe O4 - HKCU\..\RunOnce: [1686579041] "C:\Users\***\AppData\Local\1686579041.exe" 9 48 O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun (User 'LOKALER DIENST') O4 - HKUS\S-1-5-19\..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (User 'LOKALER DIENST') O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun (User 'NETZWERKDIENST') O4 - HKUS\S-1-5-20\..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (User 'NETZWERKDIENST') O4 - Startup: PdaNet Desktop.lnk = C:\Program Files\PdaNet for Android\PdaNetPC.exe O4 - Global Startup: STIMON.lnk = ? O8 - Extra context menu item: An OneNote s&enden - res://C:\PROGRA~1\MICROS~2\Office14\ONBttnIE.dll/105 O8 - Extra context menu item: Nach Microsoft E&xcel exportieren - res://C:\PROGRA~1\MICROS~2\Office14\EXCEL.EXE/3000 O9 - Extra button: An OneNote senden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files\Microsoft Office\Office14\ONBttnIE.dll O9 - Extra 'Tools' menuitem: An OneNote s&enden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files\Microsoft Office\Office14\ONBttnIE.dll O9 - Extra button: Verknüpfte &OneNote-Notizen - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Program Files\Microsoft Office\Office14\ONBttnIELinkedNotes.dll O9 - Extra 'Tools' menuitem: Verknüpfte &OneNote-Notizen - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Program Files\Microsoft Office\Office14\ONBttnIELinkedNotes.dll O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - hxxp://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab O18 - Filter hijack: text/xml - {807573E5-5146-11D5-A672-00B0D022E945} - C:\Program Files\Common Files\Microsoft Shared\OFFICE14\MSOXMLMF.DLL O23 - Service: Avira AntiVir Planer (AntiVirSchedulerService) - Avira GmbH - D:\Programme\Avira\AntiVir Desktop\sched.exe O23 - Service: Avira AntiVir Guard (AntiVirService) - Avira GmbH - D:\Programme\Avira\AntiVir Desktop\avguard.exe O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe O23 - Service: Ati External Event Utility - ATI Technologies Inc. - C:\Windows\system32\Ati2evxx.exe O23 - Service: Dienst "Bonjour" (Bonjour Service) - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe O23 - Service: Google Update Service (gupdate) (gupdate) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe O23 - Service: iPod-Dienst (iPod Service) - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe O23 - Service: KMService - Unknown owner - C:\Windows\system32\srvany.exe O23 - Service: MotoConnect Service - Unknown owner - C:\Program Files\Motorola\MotoConnectService\MotoConnectService.exe O23 - Service: @C:\Program Files\Nero\Update\NASvc.exe,-200 (NAUpdate) - Nero AG - C:\Program Files\Nero\Update\NASvc.exe O23 - Service: SpyHunter 4 Service - Unknown owner - C:\PROGRA~1\ENIGMA~1\SPYHUN~1\SH4SER~1.EXE (file missing) O23 - Service: SwitchBoard - Adobe Systems Incorporated - C:\Program Files\Common Files\Adobe\SwitchBoard\SwitchBoard.exe O23 - Service: @D:\Programme\TuneUp Utilities 2010\TuneUpDefragService.exe,-1 (TuneUp.Defrag) - TuneUp Software - D:\Programme\TuneUp Utilities 2010\TuneUpDefragService.exe O23 - Service: TuneUp Utilities Service (TuneUp.UtilitiesSvc) - TuneUp Software - D:\Programme\TuneUp Utilities 2010\TuneUpUtilitiesService32.exe O23 - Service: Virtual CD v10 Management Service (VC10SecS) - H+H Software GmbH - D:\Programe\Virtual CD v10\System\VC10SecS.exe -- End of file - 7038 bytes gmer Log: Code:
ATTFilter GMER 1.0.15.15281 - hxxp://www.gmer.net
Rootkit scan 2010-08-15 11:36:54
Windows 6.1.7600
Running: fy6e1c85.exe; Driver: C:\Users\***\AppData\Local\Temp\pwtdyfog.sys
---- System - GMER 1.0.15 ----
INT 0x1F \SystemRoot\system32\halmacpi.dll (Hardware Abstraction Layer DLL/Microsoft Corporation) 8202AAF8
INT 0x37 \SystemRoot\system32\halmacpi.dll (Hardware Abstraction Layer DLL/Microsoft Corporation) 8202A104
INT 0xC1 \SystemRoot\system32\halmacpi.dll (Hardware Abstraction Layer DLL/Microsoft Corporation) 8202A3F4
INT 0xD1 \SystemRoot\system32\halmacpi.dll (Hardware Abstraction Layer DLL/Microsoft Corporation) 82012634
INT 0xD2 \SystemRoot\system32\halmacpi.dll (Hardware Abstraction Layer DLL/Microsoft Corporation) 82012898
INT 0xDF \SystemRoot\system32\halmacpi.dll (Hardware Abstraction Layer DLL/Microsoft Corporation) 8202A1DC
INT 0xE1 \SystemRoot\system32\halmacpi.dll (Hardware Abstraction Layer DLL/Microsoft Corporation) 8202A958
INT 0xE3 \SystemRoot\system32\halmacpi.dll (Hardware Abstraction Layer DLL/Microsoft Corporation) 8202A6F8
INT 0xFD \SystemRoot\system32\halmacpi.dll (Hardware Abstraction Layer DLL/Microsoft Corporation) 8202AF2C
INT 0xFE \SystemRoot\system32\halmacpi.dll (Hardware Abstraction Layer DLL/Microsoft Corporation) 8202B1A8
---- Kernel code sections - GMER 1.0.15 ----
.text ntoskrnl.exe!ZwSaveKeyEx + 13B1 8207C8E9 1 Byte [06]
.text ntoskrnl.exe!KiDispatchInterrupt + 5A2 8209C3D2 19 Bytes [E0, 0F, BA, F0, 07, 73, 09, ...] {LOOPNZ 0x11; MOV EDX, 0x97307f0; MOV CR4, EAX; OR AL, 0x80; MOV CR4, EAX; RET ; MOV ECX, CR3}
? System32\drivers\eqiiv.sys Das System kann den angegebenen Pfad nicht finden. !
---- Devices - GMER 1.0.15 ----
AttachedDevice \Driver\volmgr \Device\HarddiskVolume1 fvevol.sys (BitLocker Drive Encryption Driver/Microsoft Corporation)
AttachedDevice \Driver\volmgr \Device\HarddiskVolume1 rdyboost.sys (ReadyBoost Driver/Microsoft Corporation)
AttachedDevice \Driver\volmgr \Device\HarddiskVolume2 fvevol.sys (BitLocker Drive Encryption Driver/Microsoft Corporation)
AttachedDevice \Driver\volmgr \Device\HarddiskVolume2 rdyboost.sys (ReadyBoost Driver/Microsoft Corporation)
AttachedDevice \Driver\volmgr \Device\HarddiskVolume3 fvevol.sys (BitLocker Drive Encryption Driver/Microsoft Corporation)
AttachedDevice \Driver\volmgr \Device\HarddiskVolume3 rdyboost.sys (ReadyBoost Driver/Microsoft Corporation)
Device \Driver\ACPI_HAL \Device\0000004f halmacpi.dll (Hardware Abstraction Layer DLL/Microsoft Corporation)
AttachedDevice \FileSystem\fastfat \Fat fltmgr.sys (Microsoft Dateisystem-Filter-Manager/Microsoft Corporation)
---- Registry - GMER 1.0.15 ----
Reg HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC
Reg HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@p0 D:\Programme\DAEMON Tools Lite\
Reg HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@u0 0x00 0x00 0x00 0x00 ...
Reg HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@h0 0
Reg HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@hdf12 0x80 0xB6 0x44 0x61 ...
Reg HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001
Reg HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001@a0 0x20 0x01 0x00 0x00 ...
Reg HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001@hdf12 0x07 0x0F 0xEC 0x15 ...
Reg HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001\gdq0
Reg HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001\gdq0@hdf12 0x8A 0xDD 0xDF 0xC6 ...
Reg HKLM\SYSTEM\CurrentControlSet\services\vdrv1000@ServiceBinary C:\Windows\system32\drivers\VDRV1000.SYS
Reg HKLM\SYSTEM\CurrentControlSet\services\vdrv1000@Group SCSI Miniport
Reg HKLM\SYSTEM\CurrentControlSet\services\vdrv1000@ImagePath system32\DRIVERS\vdrv1000.sys
Reg HKLM\SYSTEM\CurrentControlSet\services\vdrv1000@ErrorControl 1
Reg HKLM\SYSTEM\CurrentControlSet\services\vdrv1000@Start 1
Reg HKLM\SYSTEM\CurrentControlSet\services\vdrv1000@Type 1
Reg HKLM\SYSTEM\CurrentControlSet\services\vdrv1000@Tag 65
Reg HKLM\SYSTEM\CurrentControlSet\services\vdrv1000\Enum
Reg HKLM\SYSTEM\CurrentControlSet\services\vdrv1000\Enum@0 ROOT\SCSIADAPTER\0000
Reg HKLM\SYSTEM\CurrentControlSet\services\vdrv1000\Enum@Count 1
Reg HKLM\SYSTEM\CurrentControlSet\services\vdrv1000\Enum@NextInstance 1
Reg HKLM\SYSTEM\CurrentControlSet\services\vdrv1000\Enum@INITSTARTFAILED 1
Reg HKLM\SYSTEM\CurrentControlSet\services\vdrv1000\parameters
Reg HKLM\SYSTEM\CurrentControlSet\services\vdrv1000\parameters\pnpinterface
Reg HKLM\SYSTEM\CurrentControlSet\services\vdrv1000\parameters\pnpinterface@1 1
Reg HKLM\SYSTEM\CurrentControlSet\services\vdrv1000\security
Reg HKLM\SYSTEM\ControlSet002\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet002\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@p0 D:\Programme\DAEMON Tools Lite\
Reg HKLM\SYSTEM\ControlSet002\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@u0 0x00 0x00 0x00 0x00 ...
Reg HKLM\SYSTEM\ControlSet002\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@h0 0
Reg HKLM\SYSTEM\ControlSet002\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@hdf12 0x80 0xB6 0x44 0x61 ...
Reg HKLM\SYSTEM\ControlSet002\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001 (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet002\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001@a0 0x20 0x01 0x00 0x00 ...
Reg HKLM\SYSTEM\ControlSet002\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001@hdf12 0x07 0x0F 0xEC 0x15 ...
Reg HKLM\SYSTEM\ControlSet002\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001\gdq0 (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet002\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001\gdq0@hdf12 0x8A 0xDD 0xDF 0xC6 ...
Reg HKLM\SYSTEM\ControlSet002\services\vdrv1000@ServiceBinary C:\Windows\system32\drivers\VDRV1000.SYS
Reg HKLM\SYSTEM\ControlSet002\services\vdrv1000@Group SCSI Miniport
Reg HKLM\SYSTEM\ControlSet002\services\vdrv1000@ImagePath system32\DRIVERS\vdrv1000.sys
Reg HKLM\SYSTEM\ControlSet002\services\vdrv1000@ErrorControl 1
Reg HKLM\SYSTEM\ControlSet002\services\vdrv1000@Start 1
Reg HKLM\SYSTEM\ControlSet002\services\vdrv1000@Type 1
Reg HKLM\SYSTEM\ControlSet002\services\vdrv1000@Tag 65
Reg HKLM\SYSTEM\ControlSet002\services\vdrv1000\Enum (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet002\services\vdrv1000\Enum@0 ROOT\SCSIADAPTER\0000
Reg HKLM\SYSTEM\ControlSet002\services\vdrv1000\Enum@Count 1
Reg HKLM\SYSTEM\ControlSet002\services\vdrv1000\Enum@NextInstance 1
Reg HKLM\SYSTEM\ControlSet002\services\vdrv1000\Enum@INITSTARTFAILED 1
Reg HKLM\SYSTEM\ControlSet002\services\vdrv1000\parameters (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet002\services\vdrv1000\parameters\pnpinterface (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet002\services\vdrv1000\parameters\pnpinterface@1 1
Reg HKLM\SYSTEM\ControlSet002\services\vdrv1000\security (not active ControlSet)
---- EOF - GMER 1.0.15 ----
Extras Log: Code:
ATTFilter OTL Extras logfile created on: 14.08.2010 20:09:10 - Run 1
OTL by OldTimer - Version 3.2.9.1 Folder = C:\Users\***\Desktop
Ultimate Edition (Version = 6.1.7600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.7600.16385)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
2,00 Gb Total Physical Memory | 1,00 Gb Available Physical Memory | 64,00% Memory free
4,00 Gb Paging File | 3,00 Gb Available in Paging File | 87,00% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 29,20 Gb Total Space | 9,00 Gb Free Space | 30,83% Space Free | Partition Type: NTFS
Drive D: | 203,59 Gb Total Space | 67,98 Gb Free Space | 33,39% Space Free | Partition Type: NTFS
E: Drive not present or media not loaded
F: Drive not present or media not loaded
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded
Drive J: | 3,60 Gb Total Space | 3,58 Gb Free Space | 99,54% Space Free | Partition Type: FAT32
Computer Name: ***-PC
Current User Name: ***
Logged in as Administrator.
Current Boot Mode: SafeMode
Scan Mode: Current user
Company Name Whitelist: Off
Skip Microsoft Files: Off
File Age = 30 Days
Output = Minimal
========== Extra Registry (SafeList) ==========
========== File Associations ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- C:\Windows\System32\control.exe (Microsoft Corporation)
.hlp [@ = hlpfile] -- C:\Windows\winhlp32.exe (Microsoft Corporation)
[HKEY_CURRENT_USER\SOFTWARE\Classes\<extension>]
.html [@ = FirefoxHTML] -- D:\Programme\Mozilla Firefox\firefox.exe (Mozilla Corporation)
========== Shell Spawning ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
hlpfile [open] -- %SystemRoot%\winhlp32.exe %1 (Microsoft Corporation)
htafile [open] -- "%1" %*
htmlfile [edit] -- "C:\Program Files\Microsoft Office\Office14\msohtmed.exe" %1 (Microsoft Corporation)
htmlfile [print] -- "C:\Program Files\Microsoft Office\Office14\msohtmed.exe" /p %1 (Microsoft Corporation)
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l (Microsoft Corporation)
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [ACDSee Photo Manager 12.Manage] -- "D:\Programme\ACD Systems\ACDSee\12.0\ACDSeeQV12.exe" "%1" (ACD Systems International Inc.)
Directory [AddToPlaylistVLC] -- "D:\Programme\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" ()
Directory [Bridge] -- D:\Programme\Adobe CS5\Adobe Bridge CS5\Bridge.exe "%L" (Adobe Systems, Inc.)
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [PlayWithVLC] -- "D:\Programme\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" ()
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
========== Security Center Settings ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"VistaSp1" = Reg Error: Unknown registry data type -- File not found
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
========== Authorized Applications List ==========
========== HKEY_LOCAL_MACHINE Uninstall List ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{0001B4FD-9EA3-4D90-A79E-FD14BA3AB01D}" = PDFCreator
"{024521CF-C07E-4F8E-8481-0D75695E03AF}" = PxMergeModule
"{033E378E-6AD3-4AD5-BDEB-CBD69B31046C}" = Microsoft_VC90_ATL_x86
"{08C8666B-C502-4AB3-B4CB-D74AC42D14FE}" = Nero BackItUp 10 Help (CHM)
"{08D2E121-7F6A-43EB-97FD-629B44903403}" = Microsoft_VC90_CRT_x86
"{09298F26-A95C-31E2-9D95-2C60F586F075}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022
"{0CB9668D-F979-4F31-B8B8-67FE90F929F8}" = Bonjour
"{0D2DBE8A-43D0-7830-7AE7-CA6C99A832E7}" = Adobe Community Help
"{0DD140D3-9563-481E-AA75-BA457CBDAEF2}" = PC Inspector File Recovery
"{0EDBEB2B-7C8D-42E6-8312-0F84394A3223}" = Windows Media Center Add-in for Silverlight
"{0F3647F8-E51D-4FCC-8862-9A8D0C5ACF25}" = Microsoft_VC80_ATL_x86
"{0FFAC7BB-50DC-CB54-6CA7-A8B74513280B}" = CCC Help Chinese Traditional
"{10C51313-A308-4B40-90E3-B368D5882660}" = Virtual CD v10
"{16987E99-C95C-4513-9239-7B44A0A71DB5}" = Nero SoundTrax 10 Help (CHM)
"{1BBD8D70-721A-41AD-AC8F-7308A0C8FA92}" = Adobe Creative Suite 5 Master Collection
"{1C802083-6D79-78ED-BF1C-601DDF908DD1}" = Catalyst Control Center Core Implementation
"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
"{1F7FB68F-52F6-46A3-B42F-38CE46295AE5}" = Nero MediaHub 10
"{237CCB62-8454-43E3-B158-3ACD0134852E}" = High-Definition Video Playback 10
"{2436F2A8-4B7E-4B6C-AE4E-604C84AA6A4F}" = Nero Core Components 10
"{26A24AE4-039D-4CA4-87B4-2F83216015FF}" = Java(TM) 6 Update 15
"{277C1559-4CF7-44FF-8D07-98AA9C13AABD}" = Nero Multimedia Suite 10
"{282C4EAA-F162-F52F-7BAF-C7B50DAAA00A}" = ccc-utility
"{28728178-FF15-218B-0B63-012692F42C28}" = CCC Help Danish
"{32851025-1E46-83A3-1320-471619254E39}" = Catalyst Control Center Localization All
"{329411A0-19F3-4740-874F-17400B126F27}" = Nero Vision 10 Help (CHM)
"{33643918-7957-4839-92C7-EA96CB621A98}" = Nero Express 10 Help (CHM)
"{34490F4E-48D0-492E-8249-B48BECF0537C}" = Nero DiscSpeed 10
"{3C3901C5-3455-3E0A-A214-0B093A5070A6}" = Microsoft .NET Framework 4 Client Profile
"{3D9892BB-A751-4E48-ADC8-E4289956CE1D}" = QuickTime
"{3EE51BAD-9916-49C7-90BA-3D500B031E0C}_is1" = VSO Image Resizer 3.0.1.76
"{40217B2F-462B-94A4-E84E-6A1C6EDBCE2F}" = CCC Help Swedish
"{47FDEFC7-BFE6-FD75-41D1-28DD572BD2D9}" = ATI Catalyst Install Manager
"{523B2B1B-D8DB-4B41-90FF-C4D799E2758A}" = Nero ControlCenter 10 Help (CHM)
"{5343A801-92E5-C234-9F27-AB27EC738BF6}" = CCC Help Japanese
"{555868C6-49FB-484F-BB43-8980651A1B00}" = Nero BurnRights 10 Help (CHM)
"{5D22226D-EBC1-C95F-7746-2E3A9F4C97BA}" = CCC Help Russian
"{5DA8F6CD-C70E-39D8-8430-3D9808D6BD17}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30411
"{5E7C721D-B008-4269-A1C4-2CE7E9757983}" = BoneTown
"{5EE7D259-D137-4438-9A5F-42F432EC0421}" = VC80CRTRedist - 8.0.50727.4053
"{5F548A02-80BC-404D-BAE6-F05F9BF6B449}" = Nero DiscCopyGadget 10 Help (CHM)
"{600C37F2-098B-A165-C1DB-6AE2B89D8D49}" = Catalyst Control Center Graphics Previews Common
"{61F8CA2C-9A80-8A1B-D3B9-347530CB387F}" = CCC Help Norwegian
"{635FED5B-2C6D-49BE-87E6-7A6FCD22BC5A}" = Microsoft_VC90_MFC_x86
"{63AA3EAB-23BB-48B2-9AD0-44F878075604}" = Nero 10 Menu TemplatePack Basic
"{65BB0407-4CC8-4DC7-952E-3EEFDF05602A}" = Nero Update
"{66049135-9659-4AAD-9169-9CCA269EBB3E}" = Nero InfoTool 10 Help (CHM)
"{674B407D-EAB1-B6B6-F9BF-C34CEE4CD83F}" = Catalyst Control Center Graphics Light
"{68AB6930-5BFF-4FF6-923B-516A91984FE6}" = Nero BackItUp 10
"{69F411C5-4851-6DA9-EA4C-160BEF8788AA}" = CCC Help French
"{69FDFBB6-351D-4B8C-89D8-867DC9D0A2A4}" = Windows Media Player Firefox Plugin
"{6DD27E54-2598-0FEC-7CE1-BE00924C0570}" = Catalyst Control Center Graphics Previews Vista
"{6DFB899F-17A2-48F0-A533-ED8D6866CF38}" = Nero Control Center 10
"{6E9EF98E-259E-416D-B5F8-0ABDB99942CE}" = Adobe Flash Player 10 ActiveX
"{70550193-1C22-445C-8FA4-564E155DB1A7}" = Nero Express 10
"{7299052b-02a4-4627-81f2-1818da5d550d}" = Microsoft Visual C++ 2005 Redistributable
"{75AE638F-750A-11DF-96D5-005056806466}" = Google Earth Plug-in
"{7A295D8F-484B-4FFB-89AB-C1FD497591FE}" = Nero WaveEditor 10 Help (CHM)
"{7A5D731D-B4B3-490E-B339-75685712BAAB}" = Nero Burning ROM 10
"{7C27114E-6FC8-21F5-E501-FE48F09243DF}" = CCC Help Dutch
"{7EE873AF-46BB-4B5D-BA6F-CFE4B0566E22}" = TuneUp Utilities Language Pack (de-DE)
"{80237C20-CBF3-F841-4AD5-E727AA86FBD1}" = CCC Help Italian
"{802EE127-D32A-1447-09DC-77419772BCDC}" = CCC Help Portuguese
"{836AFA32-7B8B-2C19-99D9-36EF32B42EB8}" = CCC Help Thai
"{837b34e3-7c30-493c-8f6a-2b0f04e2912c}" = Microsoft Visual C++ 2005 Redistributable
"{85991ED2-010C-4930-96FA-52F43C2CE98A}" = Apple Mobile Device Support
"{888F1505-C2B3-4FDE-835D-36353EBD4754}" = Ubisoft Game Launcher
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{8D1E61D1-1395-4E97-997F-D002DB3A5074}" = OpenOffice.org 3.2
"{8D7133DE-27D2-47E5-B248-4180278D32AA}" = Catalyst Control Center - Branding
"{8ECEC853-5C3D-4B10-B5C7-FF11FF724807}" = Nero Recode 10
"{90140000-0011-0000-0000-0000000FF1CE}" = Microsoft Office Professional Plus 2010
"{90140000-0015-0407-0000-0000000FF1CE}" = Microsoft Office Access MUI (German) 2010
"{90140000-0016-0407-0000-0000000FF1CE}" = Microsoft Office Excel MUI (German) 2010
"{90140000-0018-0407-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (German) 2010
"{90140000-0019-0407-0000-0000000FF1CE}" = Microsoft Office Publisher MUI (German) 2010
"{90140000-001A-0407-0000-0000000FF1CE}" = Microsoft Office Outlook MUI (German) 2010
"{90140000-001B-0407-0000-0000000FF1CE}" = Microsoft Office Word MUI (German) 2010
"{90140000-001F-0407-0000-0000000FF1CE}" = Microsoft Office Proof (German) 2010
"{90140000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2010
"{90140000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2010
"{90140000-001F-0410-0000-0000000FF1CE}" = Microsoft Office Proof (Italian) 2010
"{90140000-002C-0407-0000-0000000FF1CE}" = Microsoft Office Proofing (German) 2010
"{90140000-0044-0407-0000-0000000FF1CE}" = Microsoft Office InfoPath MUI (German) 2010
"{90140000-0054-0407-0000-0000000FF1CE}" = Microsoft Office Visio MUI (German) 2010
"{90140000-0057-0000-0000-0000000FF1CE}" = Microsoft Office Visio 2010
"{90140000-006E-0407-0000-0000000FF1CE}" = Microsoft Office Shared MUI (German) 2010
"{90140000-00A1-0407-0000-0000000FF1CE}" = Microsoft Office OneNote MUI (German) 2010
"{90140000-00BA-0407-0000-0000000FF1CE}" = Microsoft Office Groove MUI (German) 2010
"{91F7F3F3-CE80-48C3-8327-7D24A0A5716A}" = iTunes
"{92D58719-BBC1-4CC3-A08B-56C9E884CC2C}" = Microsoft_VC80_CRT_x86
"{92E25238-61A3-4ACD-A407-3C480EEF47A7}" = Nero RescueAgent 10 Help (CHM)
"{92EC1A84-7FFC-42DF-A8F6-79C21C4765A5}" = Nero DiscCopy Gadget 10
"{943CFD7D-5336-47AF-9418-E02473A5A517}" = Nero BurnRights 10
"{946942CB-D078-F33A-A3CD-27E0393507FD}" = CCC Help Turkish
"{9682B99B-BB28-AD37-CA50-C1CB5BFF0FA6}" = Catalyst Control Center Graphics Full New
"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
"{9A4297F3-2A51-4ED9-92CA-4BCB8380947E}" = Nero Vision 10
"{9B6B24BE-80E7-46C4-9FA5-B167D5E0F345}" = Nero BurningROM 10 Help (CHM)
"{9D318C86-AF4C-409F-A6AC-7183FF4CF424}" = Internet-TV für Windows Media Center
"{9DBCF44B-77AC-81D8-0F8E-1E60D6330AC2}" = Catalyst Control Center InstallProxy
"{A02CC93A-134F-0319-1438-B1E895B52577}" = CCC Help German
"{A2BCA9F1-566C-4805-97D1-7FDC93386723}" = Adobe AIR
"{A5CBD7C5-CF16-443F-A4F2-3503C9DE311B}" = ACDSee Foto-Manager 12
"{A78FE97A-C0C8-49CE-89D0-EDD524A17392}" = PDF Settings CS5
"{A7E1ADB8-162B-7C33-60FB-0561A17BD876}" = CCC Help Spanish
"{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper
"{A96EEF55-155C-552E-ABB1-6FDAEF5BD944}" = CCC Help Polish
"{AC5CEC91-F421-4D5F-86EA-5D51E815B8EC}" = Steganos Safe 11
"{AC76BA86-7AD7-1031-7B44-A93000000001}" = Adobe Reader 9.3.3 - Deutsch
"{ADB25FF0-AEC4-2CFB-130C-2C60D80C5934}" = CCC Help Greek
"{B04D5DA5-11DA-830C-85C6-0FF9185787E7}" = Skins
"{B2D328BE-45AD-4D92-96F9-2151490A203E}" = Apple Application Support
"{B83FC356-B7C0-441F-8A4D-D71E088E7974}" = NVIDIA PhysX
"{BB603E9F-ECE8-7713-B0AC-7E0614E8C058}" = Catalyst Control Center HydraVision Full
"{BE232D60-AEA5-502F-ACBF-9AC188A82C21}" = CCC Help Finnish
"{C15C4AB5-EF5D-5050-273C-4636E3FBE301}" = CCC Help Czech
"{C18A0418-442A-4186-AF98-D08F5054A2FC}" = Nero DiscSpeed 10 Help (CHM)
"{C3273C55-E1E4-41FF-8D69-0158090DB8D8}" = Nero CoverDesigner 10 Help (CHM)
"{C3580AC4-C827-4332-B935-9A282ED5BB97}" = Nero Dolby Files 10
"{C41300B9-185D-475E-BFEC-39EF732F19B1}" = Apple Software Update
"{C70C90D2-D197-40E9-B712-6828BDA5F74A}" = PdfMerge
"{D1A19B02-817E-4296-A45B-07853FD74D57}" = Microsoft_VC80_MFC_x86
"{D24DB8B9-BB6C-4334-9619-BA1C650E13D3}" = Microsoft Primary Interoperability Assemblies 2005
"{D3742F82-1C1A-4DCC-ABBD-0E7C3C0185CC}" = TuneUp Utilities
"{D92BBB52-82FF-42ED-8A3C-4E062F944AB7}" = Microsoft_VC80_MFCLOC_x86
"{DB7C1D4A-08BA-4C7E-A8AA-B7F9BB372DCF}" = Nero Recode 10 Help (CHM)
"{DE3A9DC5-9A5D-6485-9662-347162C7E4CA}" = Adobe Media Player
"{E09CD13D-7CE3-351C-1625-8DC7F21A99C0}" = ccc-core-static
"{E1EE5339-5D32-458F-BAAB-B19F6301BCE2}" = Nero SoundTrax 10
"{E337E787-CF61-4B7B-B84F-509202A54023}" = Nero RescueAgent 10
"{E373E0E2-20F5-90DF-B315-615EA6E52101}" = Catalyst Control Center Graphics Full Existing
"{E5FCCD4A-1619-48AB-AB37-E0A678FD3FF1}" = Motorola Software Update
"{E6DA746E-1175-88BD-2B16-1DC62018E060}" = CCC Help Chinese Standard
"{EDCDFAD5-DF80-4600-A493-E9DAD6810230}" = Nero WaveEditor 10
"{F053BFD9-4357-6A82-6042-CF919667448F}" = CCC Help English
"{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver
"{F17EB02C-DA0D-EDEF-2E16-501FB700A710}" = CCC Help Hungarian
"{F412B4AF-388C-4FF5-9B2F-33DB1C536953}" = Nero InfoTool 10
"{F467862A-D9CA-47ED-8D81-B4B3C9399272}" = Nero MediaHub 10 Help (CHM)
"{F5CB822F-B365-43D1-BCC0-4FDA1A2017A7}" = Nero 10 Movie ThemePack Basic
"{F5DDC0CD-F13A-83F0-5103-563A17EA306F}" = CCC Help Korean
"{F6117F9C-ADB5-4590-9BE4-12C7BEC28702}" = Nero StartSmart 10 Help (CHM)
"{F61D489E-6C44-49AC-AD02-7DA8ACA73A65}" = Nero StartSmart 10
"{F750C986-5310-3A5A-95F8-4EC71C8AC01C}" = Microsoft .NET Framework 4 Client Profile DEU Language Pack
"{FB26A501-6BA6-459B-89AA-9736730752FB}" = VoiceOver Kit
"{FCF00A6E-FB58-477A-ABE9-232907105521}" = Nero CoverDesigner 10
"{FE7AD27A-62B1-44F6-B69C-25D1ECA94F5D}" = USB2.0 UVC WebCam
"{FF66E9F6-83E7-3A3E-AF14-8DE9A809A6A4}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022
"7-Zip" = 7-Zip 4.65
"Adobe AIR" = Adobe AIR
"Adobe Flash Player Plugin" = Adobe Flash Player 10 Plugin
"Advanced ZIP Password Recovery" = Advanced ZIP Password Recovery (remove only)
"Audiograbber" = Audiograbber 1.83 SE
"Audiograbber-Lame" = Audiograbber Lame-MP3-Plugin
"Avira AntiVir Desktop" = Avira AntiVir Personal - Free Antivirus
"CCleaner" = CCleaner
"chc.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1" = Adobe Community Help
"com.adobe.amp.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1" = Adobe Media Player
"DAEMON Tools Toolbar" = DAEMON Tools Toolbar
"Divinity II - Ego Draconis_is1" = Divinity II - Ego Draconis
"DivX Setup.divx.com" = DivX-Setup
"Drakensang_TRoT_is1" = Drakensang - Am Fluss der Zeit
"FileZilla Client" = FileZilla Client 3.3.2.1
"Free Excel/Xls to Pdf Converter_is1" = Free Excel/Xls to Pdf Converter 5.5
"ImgBurn" = ImgBurn
"JDownloader" = JDownloader
"KLiteCodecPack_is1" = K-Lite Mega Codec Pack 6.0.4
"Malwarebytes' Anti-Malware_is1" = Malwarebytes' Anti-Malware
"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile
"Microsoft .NET Framework 4 Client Profile DEU Language Pack" = Microsoft .NET Framework 4 Client Profile DEU Language Pack
"Miranda IM" = Miranda IM 0.8.27
"Mozilla Firefox (3.6.3)" = Mozilla Firefox (3.6.3)
"Mozilla Thunderbird (3.0.4)" = Mozilla Thunderbird (3.0.4)
"Mp3tag" = Mp3tag v2.46a
"Office14.PROPLUS" = Microsoft Office Professional Plus 2010
"Office14.VISIO" = Microsoft Visio Premium 2010
"PdaNet_is1" = PdaNet for Android 2.42
"PDF Blender" = PDF Blender
"Recuva" = Recuva
"R-Studio 5.2NSIS" = R-Studio 5.2
"Smart Data Recovery_is1" = Smart Data Recovery v4.3
"TuneUp Utilities" = TuneUp Utilities
"VLC media player" = VLC media player 1.0.5
"WinGimp-2.0_is1" = GIMP 2.6.9
"WinRAR archiver" = WinRAR
========== HKEY_CURRENT_USER Uninstall List ==========
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"Mozilla Firefox (3.6.8)" = Mozilla Firefox (3.6.8)
"Mozilla Thunderbird (3.0.6)" = Mozilla Thunderbird (3.0.6)
========== Last 10 Event Log Errors ==========
[ Application Events ]
Error - 11.08.2010 18:32:15 | Computer Name = ***-PC | Source = SideBySide | ID = 16842815
Description = Fehler beim Generieren des Aktivierungskontextes für "C:\Program Files\Common
Files\Adobe AIR\Versions\1.0\Adobe AIR.dll". Fehler in Manifest- oder Richtliniendatei
"C:\Program Files\Common Files\Adobe AIR\Versions\1.0\Adobe AIR.dll" in Zeile 3.
Der
Wert "MAJOR_VERSION.MINOR_VERSION.BUILD_NUMBER_MAJOR.BUILD_NUMBER_MINOR" des "version"-Attributs
im assemblyIdentity-Element ist ungültig.
Error - 13.08.2010 04:06:50 | Computer Name = ***-PC | Source = SideBySide | ID = 16842815
Description = Fehler beim Generieren des Aktivierungskontextes für "C:\Program Files\Common
Files\Adobe AIR\Versions\1.0\Adobe AIR.dll". Fehler in Manifest- oder Richtliniendatei
"C:\Program Files\Common Files\Adobe AIR\Versions\1.0\Adobe AIR.dll" in Zeile 3.
Der
Wert "MAJOR_VERSION.MINOR_VERSION.BUILD_NUMBER_MAJOR.BUILD_NUMBER_MINOR" des "version"-Attributs
im assemblyIdentity-Element ist ungültig.
Error - 14.08.2010 06:06:33 | Computer Name = ***-PC | Source = Application Error | ID = 1000
Description = Name der fehlerhaften Anwendung: Explorer.EXE, Version: 6.1.7600.16450,
Zeitstempel: 0x4aeba271 Name des fehlerhaften Moduls: unknown, Version: 0.0.0.0,
Zeitstempel: 0x00000000 Ausnahmecode: 0xc0000005 Fehleroffset: 0x8fe885f1 ID des fehlerhaften
Prozesses: 0xe10 Startzeit der fehlerhaften Anwendung: 0x01cb3ab4649b73be Pfad der
fehlerhaften Anwendung: C:\Windows\Explorer.EXE Pfad des fehlerhaften Moduls: unknown
Berichtskennung:
9d2550bf-a78b-11df-8be0-0018f3c54812
Error - 14.08.2010 06:22:44 | Computer Name = ***-PC | Source = Application Error | ID = 1000
Description = Name der fehlerhaften Anwendung: Explorer.EXE, Version: 6.1.7600.16450,
Zeitstempel: 0x4aeba271 Name des fehlerhaften Moduls: unknown, Version: 0.0.0.0,
Zeitstempel: 0x00000000 Ausnahmecode: 0xc0000005 Fehleroffset: 0x960df19d ID des fehlerhaften
Prozesses: 0x8d4 Startzeit der fehlerhaften Anwendung: 0x01cb3b9a809ebe77 Pfad der
fehlerhaften Anwendung: C:\Windows\Explorer.EXE Pfad des fehlerhaften Moduls: unknown
Berichtskennung:
e016db25-a78d-11df-b5dd-0018f3c54812
Error - 14.08.2010 06:26:03 | Computer Name = ***-PC | Source = Application Hang | ID = 1002
Description = Programm firefox.exe, Version 1.9.2.3855 kann nicht mehr unter Windows
ausgeführt werden und wurde beendet. Überprüfen Sie den Problemverlauf in der Wartungscenter-Systemsteuerung,
um nach weiteren Informationen zum Problem zu suchen. Prozess-ID: 134 Startzeit:
01cb3b9ae3bcdba7 Endzeit: 7 Anwendungspfad: D:\Programme\Mozilla Firefox\firefox.exe
Berichts-ID:
53104d60-a78e-11df-b5dd-0018f3c54812
Error - 14.08.2010 08:10:18 | Computer Name = ***-PC | Source = Microsoft-Windows-RestartManager | ID = 10007
Description = Die Anwendung oder der Dienst "SpyHunter 4 Service" konnte nicht neu
gestartet werden.
Error - 14.08.2010 08:15:32 | Computer Name = ***-PC | Source = EventSystem | ID = 4621
Description =
Error - 14.08.2010 10:49:42 | Computer Name = ***-PC | Source = EventSystem | ID = 4621
Description =
Error - 14.08.2010 10:51:27 | Computer Name = ***-PC | Source = Application Error | ID = 1000
Description = Name der fehlerhaften Anwendung: taskhost.exe, Version: 6.1.7600.16385,
Zeitstempel: 0x4a5bc0f9 Name des fehlerhaften Moduls: SETUPAPI.dll, Version: 6.1.7600.16385,
Zeitstempel: 0x4a5bdafe Ausnahmecode: 0xc0000005 Fehleroffset: 0x000a3835 ID des fehlerhaften
Prozesses: 0x874 Startzeit der fehlerhaften Anwendung: 0x01cb3bc02435b00d Pfad der
fehlerhaften Anwendung: C:\Windows\system32\taskhost.exe Pfad des fehlerhaften Moduls:
C:\Windows\system32\SETUPAPI.dll Berichtskennung: 69dbcf59-a7b3-11df-b774-0018f3c54812
Error - 14.08.2010 11:07:17 | Computer Name = ***-PC | Source = Application Error | ID = 1000
Description = Name der fehlerhaften Anwendung: firefox.exe, Version: 1.9.2.3855,
Zeitstempel: 0x4c48d5ce Name des fehlerhaften Moduls: ole32.dll, Version: 6.1.7600.16385,
Zeitstempel: 0x4a5bdac7 Ausnahmecode: 0xc0000005 Fehleroffset: 0x0002f2c2 ID des fehlerhaften
Prozesses: 0x858 Startzeit der fehlerhaften Anwendung: 0x01cb3bc03bb8eaaf Pfad der
fehlerhaften Anwendung: D:\Programme\Mozilla Firefox\firefox.exe Pfad des fehlerhaften
Moduls: C:\Windows\system32\ole32.dll Berichtskennung: a0355768-a7b5-11df-b774-0018f3c54812
[ Media Center Events ]
Error - 11.07.2010 03:46:50 | Computer Name = ***-PC | Source = MCUpdate | ID = 0
Description = 09:46:49 - Fehler beim Herstellen der Internetverbindung. 09:46:50
- Serververbindung konnte nicht hergestellt werden..
Error - 11.07.2010 03:47:22 | Computer Name = ***-PC | Source = MCUpdate | ID = 0
Description = 09:47:19 - Fehler beim Herstellen der Internetverbindung. 09:47:19
- Serververbindung konnte nicht hergestellt werden..
Error - 11.07.2010 15:33:35 | Computer Name = ***-PC | Source = MCUpdate | ID = 0
Description = 21:33:32 - MCESpotlight konnte nicht abgerufen werden (Fehler: Die
zugrunde liegende Verbindung wurde geschlossen: Für den geschützten SSL/TLS-Kanal
konnte keine Vertrauensstellung hergestellt werden..)
Error - 14.07.2010 15:26:19 | Computer Name = ***-PC | Source = MCUpdate | ID = 0
Description = 21:26:19 - Fehler beim Herstellen der Internetverbindung. 21:26:19
- Serververbindung konnte nicht hergestellt werden..
Error - 14.07.2010 15:26:27 | Computer Name = ***-PC | Source = MCUpdate | ID = 0
Description = 21:26:24 - Fehler beim Herstellen der Internetverbindung. 21:26:24
- Serververbindung konnte nicht hergestellt werden..
Error - 14.07.2010 16:26:34 | Computer Name = ***-PC | Source = MCUpdate | ID = 0
Description = 22:26:34 - Fehler beim Herstellen der Internetverbindung. 22:26:34
- Serververbindung konnte nicht hergestellt werden..
Error - 14.07.2010 16:26:40 | Computer Name = ***-PC | Source = MCUpdate | ID = 0
Description = 22:26:39 - Fehler beim Herstellen der Internetverbindung. 22:26:39
- Serververbindung konnte nicht hergestellt werden..
Error - 14.07.2010 17:26:47 | Computer Name = ***-PC | Source = MCUpdate | ID = 0
Description = 23:26:47 - Fehler beim Herstellen der Internetverbindung. 23:26:47
- Serververbindung konnte nicht hergestellt werden..
Error - 14.07.2010 17:26:53 | Computer Name = ***-PC | Source = MCUpdate | ID = 0
Description = 23:26:52 - Fehler beim Herstellen der Internetverbindung. 23:26:52
- Serververbindung konnte nicht hergestellt werden..
[ System Events ]
Error - 14.08.2010 13:29:51 | Computer Name = ***-PC | Source = Service Control Manager | ID = 7001
Description = Der Dienst "Netzwerklistendienst" ist vom Dienst "NLA (Network Location
Awareness)" abhängig, der aufgrund folgenden Fehlers nicht gestartet wurde: %%1068
Error - 14.08.2010 13:29:51 | Computer Name = ***-PC | Source = Service Control Manager | ID = 7001
Description = Der Dienst "Netzwerklistendienst" ist vom Dienst "NLA (Network Location
Awareness)" abhängig, der aufgrund folgenden Fehlers nicht gestartet wurde: %%1068
Error - 14.08.2010 13:29:54 | Computer Name = ***-PC | Source = DCOM | ID = 10005
Description =
Error - 14.08.2010 13:29:54 | Computer Name = ***-PC | Source = DCOM | ID = 10005
Description =
Error - 14.08.2010 13:29:58 | Computer Name = ***-PC | Source = Service Control Manager | ID = 7001
Description = Der Dienst "Netzwerklistendienst" ist vom Dienst "NLA (Network Location
Awareness)" abhängig, der aufgrund folgenden Fehlers nicht gestartet wurde: %%1068
Error - 14.08.2010 13:29:58 | Computer Name = ***-PC | Source = Service Control Manager | ID = 7001
Description = Der Dienst "Netzwerklistendienst" ist vom Dienst "NLA (Network Location
Awareness)" abhängig, der aufgrund folgenden Fehlers nicht gestartet wurde: %%1068
Error - 14.08.2010 13:29:58 | Computer Name = ***-PC | Source = Service Control Manager | ID = 7001
Description = Der Dienst "Netzwerklistendienst" ist vom Dienst "NLA (Network Location
Awareness)" abhängig, der aufgrund folgenden Fehlers nicht gestartet wurde: %%1068
Error - 14.08.2010 13:29:58 | Computer Name = ***-PC | Source = Service Control Manager | ID = 7001
Description = Der Dienst "Netzwerklistendienst" ist vom Dienst "NLA (Network Location
Awareness)" abhängig, der aufgrund folgenden Fehlers nicht gestartet wurde: %%1068
Error - 14.08.2010 13:29:58 | Computer Name = ***-PC | Source = Service Control Manager | ID = 7001
Description = Der Dienst "Netzwerklistendienst" ist vom Dienst "NLA (Network Location
Awareness)" abhängig, der aufgrund folgenden Fehlers nicht gestartet wurde: %%1068
Error - 14.08.2010 13:29:58 | Computer Name = ***-PC | Source = Service Control Manager | ID = 7001
Description = Der Dienst "Netzwerklistendienst" ist vom Dienst "NLA (Network Location
Awareness)" abhängig, der aufgrund folgenden Fehlers nicht gestartet wurde: %%1068
< End of report >
OTL Log: Code:
ATTFilter OTL logfile created on: 14.08.2010 20:09:10 - Run 1 OTL by OldTimer - Version 3.2.9.1 Folder = C:\Users\***\Desktop Ultimate Edition (Version = 6.1.7600) - Type = NTWorkstation Internet Explorer (Version = 8.0.7600.16385) Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy 2,00 Gb Total Physical Memory | 1,00 Gb Available Physical Memory | 64,00% Memory free 4,00 Gb Paging File | 3,00 Gb Available in Paging File | 87,00% Paging File free Paging file location(s): ?:\pagefile.sys [binary data] %SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files Drive C: | 29,20 Gb Total Space | 9,00 Gb Free Space | 30,83% Space Free | Partition Type: NTFS Drive D: | 203,59 Gb Total Space | 67,98 Gb Free Space | 33,39% Space Free | Partition Type: NTFS E: Drive not present or media not loaded F: Drive not present or media not loaded G: Drive not present or media not loaded H: Drive not present or media not loaded I: Drive not present or media not loaded Drive J: | 3,60 Gb Total Space | 3,58 Gb Free Space | 99,54% Space Free | Partition Type: FAT32 Computer Name: ***-PC Current User Name: *** Logged in as Administrator. Current Boot Mode: SafeMode Scan Mode: Current user Company Name Whitelist: Off Skip Microsoft Files: Off File Age = 30 Days Output = Minimal ========== Processes (SafeList) ========== PRC - C:\Users\***\Desktop\OTL.exe (OldTimer Tools) PRC - C:\Windows\explorer.exe (Microsoft Corporation) ========== Modules (SafeList) ========== MOD - C:\Users\***\Desktop\OTL.exe (OldTimer Tools) MOD - C:\Windows\System32\sspicli.dll (Microsoft Corporation) MOD - C:\Windows\System32\sechost.dll (Microsoft Corporation) MOD - C:\Windows\System32\samcli.dll (Microsoft Corporation) MOD - C:\Windows\System32\profapi.dll (Microsoft Corporation) MOD - C:\Windows\System32\netutils.dll (Microsoft Corporation) MOD - C:\Windows\System32\KernelBase.dll (Microsoft Corporation) MOD - C:\Windows\System32\devobj.dll (Microsoft Corporation) MOD - C:\Windows\System32\cryptbase.dll (Microsoft Corporation) MOD - C:\Windows\System32\cfgmgr32.dll (Microsoft Corporation) MOD - C:\Windows\System32\msscript.ocx (Microsoft Corporation) MOD - C:\Windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7600.16385_none_421189da2b7fabfc\comctl32.dll (Microsoft Corporation) ========== Win32 Services (SafeList) ========== SRV - (SpyHunter 4 Service) -- C:\PROGRA~1\ENIGMA~1\SPYHUN~1\SH4SER~1.EXE File not found SRV - (Apple Mobile Device) -- C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe (Apple Inc.) SRV - (TuneUp.Defrag) -- D:\Programme\TuneUp Utilities 2010\TuneUpDefragService.exe (TuneUp Software) SRV - (TuneUp.UtilitiesSvc) -- D:\Programme\TuneUp Utilities 2010\TuneUpUtilitiesService32.exe (TuneUp Software) SRV - (UxTuneUp) -- C:\Windows\System32\uxtuneup.dll (TuneUp Software) SRV - (MotoConnect Service) -- C:\Programme\Motorola\MotoConnectService\MotoConnectService.exe () SRV - (AntiVirService) -- D:\Programme\Avira\AntiVir Desktop\avguard.exe (Avira GmbH) SRV - (NAUpdate) -- C:\Program Files\Nero\Update\NASvc.exe (Nero AG) SRV - (Microsoft SharePoint Workspace Audit Service) -- C:\Program Files\Microsoft Office\Office14\GROOVE.EXE (Microsoft Corporation) SRV - (clr_optimization_v4.0.30319_32) -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe (Microsoft Corporation) SRV - (AntiVirSchedulerService) -- D:\Programme\Avira\AntiVir Desktop\sched.exe (Avira GmbH) SRV - (SwitchBoard) -- C:\Program Files\Common Files\Adobe\SwitchBoard\SwitchBoard.exe (Adobe Systems Incorporated) SRV - (osppsvc) -- C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE (Microsoft Corporation) SRV - (VC10SecS) -- D:\Programe\Virtual CD v10\System\VC10SecS.exe (H+H Software GmbH) SRV - (WwanSvc) -- C:\Windows\System32\wwansvc.dll (Microsoft Corporation) SRV - (WbioSrvc) -- C:\Windows\System32\wbiosrvc.dll (Microsoft Corporation) SRV - (Power) -- C:\Windows\System32\umpo.dll (Microsoft Corporation) SRV - (Themes) -- C:\Windows\System32\themeservice.dll (Microsoft Corporation) SRV - (sppuinotify) -- C:\Windows\System32\sppuinotify.dll (Microsoft Corporation) SRV - (RpcEptMapper) -- C:\Windows\System32\RpcEpMap.dll (Microsoft Corporation) SRV - (SensrSvc) -- C:\Windows\System32\sensrsvc.dll (Microsoft Corporation) SRV - (PeerDistSvc) -- C:\Windows\System32\PeerDistSvc.dll (Microsoft Corporation) SRV - (PNRPsvc) -- C:\Windows\System32\pnrpsvc.dll (Microsoft Corporation) SRV - (p2pimsvc) -- C:\Windows\System32\pnrpsvc.dll (Microsoft Corporation) SRV - (HomeGroupProvider) -- C:\Windows\System32\provsvc.dll (Microsoft Corporation) SRV - (PNRPAutoReg) -- C:\Windows\System32\pnrpauto.dll (Microsoft Corporation) SRV - (WinDefend) -- C:\Programme\Windows Defender\MpSvc.dll (Microsoft Corporation) SRV - (HomeGroupListener) -- C:\Windows\System32\ListSvc.dll (Microsoft Corporation) SRV - (FontCache) -- C:\Windows\System32\FntCache.dll (Microsoft Corporation) SRV - (Dhcp) -- C:\Windows\System32\dhcpcore.dll (Microsoft Corporation) SRV - (defragsvc) -- C:\Windows\System32\defragsvc.dll (Microsoft Corporation) SRV - (BDESVC) -- C:\Windows\System32\bdesvc.dll (Microsoft Corporation) SRV - (AxInstSV) ActiveX-Installer (AxInstSV) -- C:\Windows\System32\AxInstSv.dll (Microsoft Corporation) SRV - (AppIDSvc) -- C:\Windows\System32\appidsvc.dll (Microsoft Corporation) SRV - (sppsvc) -- C:\Windows\System32\sppsvc.exe (Microsoft Corporation) SRV - (KMService) -- C:\Windows\System32\srvany.exe () ========== Driver Services (SafeList) ========== DRV - (esgiguard) -- C:\Program Files\Enigma Software Group\SpyHunter\esgiguard.sys File not found DRV - (hwpolicy) -- C:\Windows\System32\drivers\hwpolicy.sys (Microsoft Corporation) DRV - (sptd) -- C:\Windows\System32\Drivers\sptd.sys (Duplex Secure Ltd.) DRV - (IntcAzAudAddService) Service for Realtek HD Audio (WDM) -- C:\Windows\System32\drivers\RTKVHDA.sys (Realtek Semiconductor Corp.) DRV - (Motousbnet) -- C:\Windows\System32\drivers\Motousbnet.sys (Motorola) DRV - (avipbb) -- C:\Windows\System32\drivers\avipbb.sys (Avira GmbH) DRV - (TuneUpUtilitiesDrv) -- D:\Programme\TuneUp Utilities 2010\TuneUpUtilitiesDriver32.sys (TuneUp Software) DRV - (avgntflt) -- C:\Windows\System32\drivers\avgntflt.sys (Avira GmbH) DRV - (atikmdag) -- C:\Windows\System32\drivers\atikmdag.sys (ATI Technologies Inc.) DRV - (motusbdevice) -- C:\Windows\System32\drivers\motusbdevice.sys (Motorola Inc) DRV - (RTL8187) -- C:\Windows\System32\drivers\RTL8187.sys (Realtek Semiconductor Corporation ) DRV - (KSecPkg) -- C:\Windows\System32\Drivers\ksecpkg.sys (Microsoft Corporation) DRV - (motmodem) -- C:\Windows\System32\drivers\motmodem.sys (Motorola) DRV - (vdrv1000) -- C:\Windows\System32\drivers\vdrv1000.sys (H+H Software GmbH) DRV - (cmdide) -- C:\Windows\system32\DRIVERS\cmdide.sys (CMD Technology, Inc.) DRV - (adpahci) -- C:\Windows\system32\DRIVERS\adpahci.sys (Adaptec, Inc.) DRV - (adp94xx) -- C:\Windows\system32\DRIVERS\adp94xx.sys (Adaptec, Inc.) DRV - (amdsbs) -- C:\Windows\system32\DRIVERS\amdsbs.sys (AMD Technologies Inc.) DRV - (adpu320) -- C:\Windows\system32\DRIVERS\adpu320.sys (Adaptec, Inc.) DRV - (arcsas) -- C:\Windows\system32\DRIVERS\arcsas.sys (Adaptec, Inc.) DRV - (amdsata) -- C:\Windows\system32\DRIVERS\amdsata.sys (Advanced Micro Devices) DRV - (arc) -- C:\Windows\system32\DRIVERS\arc.sys (Adaptec, Inc.) DRV - (amdxata) -- C:\Windows\system32\DRIVERS\amdxata.sys (Advanced Micro Devices) DRV - (aliide) -- C:\Windows\system32\DRIVERS\aliide.sys (Acer Laboratories Inc.) DRV - (nvstor) -- C:\Windows\system32\DRIVERS\nvstor.sys (NVIDIA Corporation) DRV - (nvraid) -- C:\Windows\system32\DRIVERS\nvraid.sys (NVIDIA Corporation) DRV - (nfrd960) -- C:\Windows\system32\DRIVERS\nfrd960.sys (IBM Corporation) DRV - (LSI_SAS) -- C:\Windows\system32\DRIVERS\lsi_sas.sys (LSI Corporation) DRV - (iaStorV) -- C:\Windows\system32\DRIVERS\iaStorV.sys (Intel Corporation) DRV - (MegaSR) -- C:\Windows\system32\DRIVERS\MegaSR.sys (LSI Corporation, Inc.) DRV - (LSI_SCSI) -- C:\Windows\system32\DRIVERS\lsi_scsi.sys (LSI Corporation) DRV - (LSI_FC) -- C:\Windows\system32\DRIVERS\lsi_fc.sys (LSI Corporation) DRV - (LSI_SAS2) -- C:\Windows\system32\DRIVERS\lsi_sas2.sys (LSI Corporation) DRV - (iirsp) -- C:\Windows\system32\DRIVERS\iirsp.sys (Intel Corp./ICP vortex GmbH) DRV - (megasas) -- C:\Windows\system32\DRIVERS\megasas.sys (LSI Corporation) DRV - (elxstor) -- C:\Windows\system32\DRIVERS\elxstor.sys (Emulex) DRV - (aic78xx) -- C:\Windows\system32\DRIVERS\djsvs.sys (Adaptec, Inc.) DRV - (HpSAMD) -- C:\Windows\system32\DRIVERS\HpSAMD.sys (Hewlett-Packard Company) DRV - (FsDepends) -- C:\Windows\System32\drivers\fsdepends.sys (Microsoft Corporation) DRV - (vsmraid) -- C:\Windows\system32\DRIVERS\vsmraid.sys (VIA Technologies Inc.,Ltd) DRV - (vmbus) -- C:\Windows\system32\DRIVERS\vmbus.sys (Microsoft Corporation) DRV - (vhdmp) -- C:\Windows\system32\DRIVERS\vhdmp.sys (Microsoft Corporation) DRV - (storflt) -- C:\Windows\system32\DRIVERS\vmstorfl.sys (Microsoft Corporation) DRV - (vdrvroot) -- C:\Windows\system32\DRIVERS\vdrvroot.sys (Microsoft Corporation) DRV - (storvsc) -- C:\Windows\system32\DRIVERS\storvsc.sys (Microsoft Corporation) DRV - (WIMMount) -- C:\Windows\System32\drivers\wimmount.sys (Microsoft Corporation) DRV - (viaide) -- C:\Windows\system32\DRIVERS\viaide.sys (VIA Technologies, Inc.) DRV - (ql2300) -- C:\Windows\system32\DRIVERS\ql2300.sys (QLogic Corporation) DRV - (rdyboost) -- C:\Windows\System32\drivers\rdyboost.sys (Microsoft Corporation) DRV - (ql40xx) -- C:\Windows\system32\DRIVERS\ql40xx.sys (QLogic Corporation) DRV - (SiSRaid4) -- C:\Windows\system32\DRIVERS\sisraid4.sys (Silicon Integrated Systems) DRV - (pcw) -- C:\Windows\System32\drivers\pcw.sys (Microsoft Corporation) DRV - (SiSRaid2) -- C:\Windows\system32\DRIVERS\SiSRaid2.sys (Silicon Integrated Systems Corp.) DRV - (stexstor) -- C:\Windows\system32\DRIVERS\stexstor.sys (Promise Technology) DRV - (CNG) -- C:\Windows\System32\Drivers\cng.sys (Microsoft Corporation) DRV - (Brserid) Brother MFC Serial Port Interface Driver (WDM) -- C:\Windows\System32\Drivers\Brserid.sys (Brother Industries Ltd.) DRV - (rdpbus) -- C:\Windows\System32\drivers\rdpbus.sys (Microsoft Corporation) DRV - (RDPREFMP) -- C:\Windows\System32\drivers\RDPREFMP.sys (Microsoft Corporation) DRV - (RasAgileVpn) WAN Miniport (IKEv2) -- C:\Windows\System32\drivers\agilevpn.sys (Microsoft Corporation) DRV - (WfpLwf) -- C:\Windows\System32\drivers\wfplwf.sys (Microsoft Corporation) DRV - (NdisCap) -- C:\Windows\System32\drivers\ndiscap.sys (Microsoft Corporation) DRV - (vwifimp) -- C:\Windows\System32\drivers\vwifimp.sys (Microsoft Corporation) DRV - (vwififlt) -- C:\Windows\System32\drivers\vwififlt.sys (Microsoft Corporation) DRV - (vwifibus) -- C:\Windows\System32\drivers\vwifibus.sys (Microsoft Corporation) DRV - (1394ohci) -- C:\Windows\System32\drivers\1394ohci.sys (Microsoft Corporation) DRV - (UmPass) -- C:\Windows\system32\DRIVERS\umpass.sys (Microsoft Corporation) DRV - (WinUsb) -- C:\Windows\System32\drivers\winusb.sys (Microsoft Corporation) DRV - (mshidkmdf) -- C:\Windows\System32\drivers\mshidkmdf.sys (Microsoft Corporation) DRV - (MTConfig) -- C:\Windows\system32\DRIVERS\MTConfig.sys (Microsoft Corporation) DRV - (CompositeBus) -- C:\Windows\System32\drivers\CompositeBus.sys (Microsoft Corporation) DRV - (AppID) -- C:\Windows\system32\drivers\appid.sys (Microsoft Corporation) DRV - (scfilter) -- C:\Windows\System32\drivers\scfilter.sys (Microsoft Corporation) DRV - (s3cap) -- C:\Windows\system32\DRIVERS\vms3cap.sys (Microsoft Corporation) DRV - (VMBusHID) -- C:\Windows\system32\DRIVERS\VMBusHID.sys (Microsoft Corporation) DRV - (discache) -- C:\Windows\System32\drivers\discache.sys (Microsoft Corporation) DRV - (HidBatt) -- C:\Windows\system32\DRIVERS\HidBatt.sys (Microsoft Corporation) DRV - (AcpiPmi) -- C:\Windows\system32\DRIVERS\acpipmi.sys (Microsoft Corporation) DRV - (AmdPPM) -- C:\Windows\system32\DRIVERS\amdppm.sys (Microsoft Corporation) DRV - (hcw85cir) -- C:\Windows\system32\drivers\hcw85cir.sys (Hauppauge Computer Works, Inc.) DRV - (BrUsbMdm) -- C:\Windows\System32\Drivers\BrUsbMdm.sys (Brother Industries Ltd.) DRV - (BrUsbSer) -- C:\Windows\System32\Drivers\BrUsbSer.sys (Brother Industries Ltd.) DRV - (BrSerWdm) -- C:\Windows\System32\Drivers\BrSerWdm.sys (Brother Industries Ltd.) DRV - (BrFiltLo) -- C:\Windows\system32\DRIVERS\BrFiltLo.sys (Brother Industries, Ltd.) DRV - (BrFiltUp) -- C:\Windows\system32\DRIVERS\BrFiltUp.sys (Brother Industries, Ltd.) DRV - (yukonw7) -- C:\Windows\System32\drivers\yk62x86.sys (Marvell) DRV - (b57nd60x) -- C:\Windows\System32\drivers\b57nd60x.sys (Broadcom Corporation) DRV - (ebdrv) -- C:\Windows\system32\DRIVERS\evbdx.sys (Broadcom Corporation) DRV - (b06bdrv) -- C:\Windows\system32\DRIVERS\bxvbdx.sys (Broadcom Corporation) DRV - (motccgp) -- C:\Windows\System32\drivers\motccgp.sys (Motorola) DRV - (ssmdrv) -- C:\Windows\System32\drivers\ssmdrv.sys (Avira GmbH) DRV - (motccgpfl) -- C:\Windows\System32\drivers\motccgpfl.sys (Motorola) DRV - (BTCFilterService) -- C:\Windows\System32\drivers\motfilt.sys (Motorola Inc) DRV - (HH10Help.sys) -- C:\Windows\System32\drivers\HH10Help.sys (H+H Software GmbH) DRV - (MotoSwitchService) -- C:\Windows\System32\drivers\motswch.sys (Motorola) DRV - (SLEE_16_DRIVER) -- C:\Windows\System32\drivers\sleen16.sys (Softwareentwicklung Remus - ArchiCrypt ) DRV - (pnetmdm) -- C:\Windows\System32\drivers\pnetmdm.sys (June Fabrics Technology) DRV - (MTsensor) -- C:\Windows\System32\drivers\ASACPI.sys () ========== Standard Registry (SafeList) ========== ========== Internet Explorer ========== IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = hxxp://de.msn.com/?ocid=iehp IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = de IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 15 EA 6F 7E B7 03 CB 01 [binary data] IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local ========== FireFox ========== FF - prefs.js..browser.search.param.yahoo-fr: "chr-greentree_ff&type=302398" FF - prefs.js..browser.search.selectedEngine: "DAEMON Search" FF - prefs.js..browser.search.useDBForOrder: true FF - prefs.js..extensions.enabledItems: {d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}:1.2.1 FF - prefs.js..extensions.enabledItems: elemhidehelper@adblockplus.org:1.0.6 FF - prefs.js..extensions.enabledItems: {b9db16a4-6edc-47ec-a1f4-b86292ed211d}:4.8 FF - HKLM\software\mozilla\Firefox\Extensions\\{01A8CA0A-4C96-465b-A49B-65C46FAD54F9}: D:\Programme\Adobe CS5\Adobe Contribute CS5\Plugins\FirefoxPlugin\{01A8CA0A-4C96-465b-A49B-65C46FAD54F9} [2010.05.19 21:06:37 | 000,000,000 | ---D | M] FF - HKLM\software\mozilla\Mozilla Firefox 3.6.3\extensions\\Components: D:\Programme\Mozilla Firefox\components [2010.08.14 17:08:08 | 000,000,000 | ---D | M] FF - HKLM\software\mozilla\Mozilla Firefox 3.6.3\extensions\\Plugins: D:\Programme\Mozilla Firefox\plugins [2010.07.25 02:14:31 | 000,000,000 | ---D | M] FF - HKLM\software\mozilla\Mozilla Thunderbird 3.0.4\extensions\\Components: D:\Programme\Mozilla Thunderbird\components [2010.07.21 17:52:21 | 000,000,000 | ---D | M] [2010.05.31 10:24:26 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\mozilla\Extensions [2010.05.31 10:24:26 | 000,000,000 | ---D | M] (No name found) -- C:\Users\***\AppData\Roaming\mozilla\Extensions\{3550f703-e582-4d05-9a08-453d09bdfdc6} [2010.08.13 19:09:57 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\mozilla\Firefox\Profiles\iw51esi8.default\extensions [2010.07.26 21:11:57 | 000,000,000 | ---D | M] (DownloadHelper) -- C:\Users\***\AppData\Roaming\mozilla\Firefox\Profiles\iw51esi8.default\extensions\{b9db16a4-6edc-47ec-a1f4-b86292ed211d} [2010.07.13 17:25:09 | 000,000,000 | ---D | M] (Adblock Plus) -- C:\Users\***\AppData\Roaming\mozilla\Firefox\Profiles\iw51esi8.default\extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d} [2010.05.08 22:09:46 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\mozilla\Firefox\Profiles\iw51esi8.default\extensions\elemhidehelper@adblockplus.org O1 HOSTS File: ([2010.08.14 13:47:04 | 000,000,824 | ---- | M]) - C:\Windows\System32\drivers\etc\hosts O2 - BHO: (ContributeBHO Class) - {074C1DC5-9320-4A9A-947D-C042949C6216} - D:\Programme\Adobe CS5\Adobe Contribute CS5\Plugins\IEPlugin\contributeieplugin.dll (Adobe Systems, Inc.) O2 - BHO: (Groove GFS Browser Helper) - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Programme\Microsoft Office\Office14\GROOVEEX.DLL (Microsoft Corporation) O2 - BHO: (Office Document Cache Handler) - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Programme\Microsoft Office\Office14\URLREDIR.DLL (Microsoft Corporation) O3 - HKLM\..\Toolbar: (DAEMON Tools Toolbar) - {32099AAC-C132-4136-9E9A-4E364A424E17} - C:\Programme\DAEMON Tools Toolbar\DTToolbar.dll () O3 - HKLM\..\Toolbar: (Contribute Toolbar) - {517BDDE4-E3A7-4570-B21E-2B52B6139FC7} - D:\Programme\Adobe CS5\Adobe Contribute CS5\Plugins\IEPlugin\contributeieplugin.dll (Adobe Systems, Inc.) O3 - HKCU\..\Toolbar\WebBrowser: (DAEMON Tools Toolbar) - {32099AAC-C132-4136-9E9A-4E364A424E17} - C:\Programme\DAEMON Tools Toolbar\DTToolbar.dll () O4 - HKLM..\Run: [avgnt] D:\Programme\Avira\AntiVir Desktop\avgnt.exe (Avira GmbH) O4 - HKLM..\Run: [DivXUpdate] C:\Program Files\DivX\DivX Update\DivXUpdate.exe () O4 - HKLM..\Run: [ Malwarebytes Anti-Malware (reboot)] D:\Programme\Malwarebytes' Anti-Malware\mbam.exe (Malwarebytes Corporation) O4 - HKLM..\Run: [RtHDVCpl] C:\Program Files\Realtek\Audio\HDA\RtHDVCpl.exe (Realtek Semiconductor) O4 - HKLM..\Run: [VC10Player] D:\Programe\Virtual CD v10\System\VC10Play.exe (H+H Software GmbH) O4 - HKCU..\Run: [\\EDE\EPSON Stylus DX5000 Series] C:\Windows\System32\spool\DRIVERS\W32X86\3\E_FATIBVE.EXE (SEIKO EPSON CORPORATION) O4 - HKCU..\Run: [{570F1A73-FAE0-56F4-048F-6E8B5F70184A}] C:\Users\***\AppData\Roaming\Igsuw\sofo.exe File not found O4 - HKCU..\Run: [{AA8ACD96-912D-4EA1-15C0-257FDE060C83}] C:\Users\***\AppData\Roaming\Cinya\asmau.exe () O4 - HKCU..\Run: [{B43C4100-3CD8-7317-A747-864313D88DF2}] C:\Users\***\AppData\Roaming\Abuliw\dedy.exe (tlfum) O4 - HKCU..\Run: [BdeUtvol] C:\Users\***\AppData\Local\Temp\hwrcsass.DLL File not found O4 - HKCU..\RunOnce: [1686579041] C:\Users\***\AppData\Local\1686579041.exe () O4 - Startup: C:\Users\***\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\PdaNet Desktop.lnk = C:\Programme\PdaNet for Android\PdaNetPC.exe () O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableLinkedConnections = 1 O8 - Extra context menu item: An OneNote s&enden - C:\Programme\Microsoft Office\Office14\ONBttnIE.dll (Microsoft Corporation) O8 - Extra context menu item: Nach Microsoft E&xcel exportieren - C:\Programme\Microsoft Office\Office14\EXCEL.EXE (Microsoft Corporation) O9 - Extra Button: An OneNote senden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Programme\Microsoft Office\Office14\ONBttnIE.dll (Microsoft Corporation) O9 - Extra 'Tools' menuitem : An OneNote s&enden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Programme\Microsoft Office\Office14\ONBttnIE.dll (Microsoft Corporation) O9 - Extra Button: Verknüpfte &OneNote-Notizen - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Programme\Microsoft Office\Office14\ONBttnIELinkedNotes.dll (Microsoft Corporation) O9 - Extra 'Tools' menuitem : Verknüpfte &OneNote-Notizen - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Programme\Microsoft Office\Office14\ONBttnIELinkedNotes.dll (Microsoft Corporation) O10 - NameSpace_Catalog5\Catalog_Entries\000000000007 [] - C:\Programme\Bonjour\mdnsNSP.dll (Apple Inc.) O13 - gopher Prefix: missing O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_15-windows-i586.cab (Java Plug-in 1.6.0_15) O16 - DPF: {CAFEEFAC-0016-0000-0015-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_15-windows-i586.cab (Java Plug-in 1.6.0_15) O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_15-windows-i586.cab (Java Plug-in 1.6.0_15) O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} hxxp://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab (Shockwave Flash Object) O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.1 O18 - Protocol\Handler\ms-help {314111c7-a502-11d2-bbca-00c04f8ec294} - C:\Programme\Common Files\microsoft shared\Help\hxds.dll (Microsoft Corporation) O18 - Protocol\Filter\text/xml {807573E5-5146-11D5-A672-00B0D022E945} - C:\Programme\Common Files\microsoft shared\OFFICE14\MSOXMLMF.DLL (Microsoft Corporation) O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation) O20 - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\Windows\System32\SystemPropertiesPerformance.exe (Microsoft Corporation) O20 - HKLM Winlogon: VMApplet - (/pagefile) - File not found O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - CLSID or File not found. O28 - HKLM ShellExecuteHooks: {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - C:\Programme\Microsoft Office\Office14\GROOVEEX.DLL (Microsoft Corporation) O30 - LSA: Security Packages - (pku2u) - C:\Windows\System32\pku2u.dll (Microsoft Corporation) O32 - HKLM CDRom: AutoRun - 1 O32 - AutoRun File - [2009.06.10 23:42:20 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ] O33 - MountPoints2\{fb4fb53d-6370-11df-b2d5-0018f3c54812}\Shell - "" = AutoRun O33 - MountPoints2\{fb4fb53d-6370-11df-b2d5-0018f3c54812}\Shell\AutoRun\command - "" = G:\autorun.exe {5E7C721D-B008-4269-A1C4-2CE7E9757983} Setup.msi -- File not found O34 - HKLM BootExecute: (autocheck autochk *) - File not found O35 - HKLM\..comfile [open] -- "%1" %* O35 - HKLM\..exefile [open] -- "%1" %* O37 - HKLM\...com [@ = comfile] -- "%1" %* O37 - HKLM\...exe [@ = exefile] -- "%1" %* ========== Files/Folders - Created Within 30 Days ========== [2010.08.14 20:07:27 | 000,388,608 | ---- | C] (Trend Micro Inc.) -- C:\Users\***\Desktop\HiJackThis204.exe [2010.08.14 20:06:28 | 000,000,000 | ---D | C] -- C:\Programme\trend micro [2010.08.14 20:06:28 | 000,000,000 | ---D | C] -- C:\rsit [2010.08.14 18:16:14 | 000,574,976 | ---- | C] (OldTimer Tools) -- C:\Users\***\Desktop\OTL.exe [2010.08.14 17:00:58 | 000,000,000 | ---D | C] -- C:\Programme\Panda Security [2010.08.14 14:10:18 | 000,000,000 | ---D | C] -- C:\Windows\System32\appmgmt [2010.08.14 14:10:15 | 000,000,000 | -HSD | C] -- C:\Config.Msi [2010.08.14 12:28:05 | 000,000,000 | ---D | C] -- C:\Programme\Enigma Software Group [2010.08.14 12:27:37 | 000,000,000 | ---D | C] -- C:\Windows\95431C66CF9A4913BFFF6050785AFB65.TMP [2010.08.14 12:21:34 | 000,000,000 | ---D | C] -- C:\Windows\Minidump [2010.08.11 12:44:34 | 000,037,376 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\rtutils.dll [2010.08.11 12:44:33 | 000,197,632 | ---- | C] (Intel(R) Corporation) -- C:\Windows\System32\ir32_32.dll [2010.08.11 12:44:33 | 000,082,944 | ---- | C] (Radius Inc.) -- C:\Windows\System32\iccvid.dll [2010.08.11 12:44:28 | 003,955,080 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ntkrnlpa.exe [2010.08.11 12:44:28 | 003,899,784 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ntoskrnl.exe [2010.08.11 12:44:25 | 001,638,912 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mshtml.tlb [2010.08.11 12:44:25 | 000,606,208 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mstime.dll [2010.08.11 12:44:25 | 000,381,440 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\iedkcs32.dll [2010.08.11 12:44:25 | 000,185,856 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\iepeers.dll [2010.08.11 12:44:25 | 000,176,640 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ieui.dll [2010.08.11 12:44:25 | 000,064,512 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msfeedsbs.dll [2010.08.11 12:44:25 | 000,048,128 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\jsproxy.dll [2010.08.11 12:44:25 | 000,012,800 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msfeedssync.exe [2010.08.11 12:44:16 | 002,326,016 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\win32k.sys [2010.08.10 18:05:18 | 000,000,000 | ---D | C] -- C:\Users\***\AppData\Roaming\Igsuw [2010.07.31 09:23:11 | 000,000,000 | ---D | C] -- C:\Users\***\Desktop\*** Jacke [2010.07.31 09:11:55 | 000,000,000 | -H-D | C] -- C:\Users\***\Desktop\[Originaldateien] [2010.07.30 22:11:57 | 000,000,000 | ---D | C] -- C:\Programme\Google [2010.07.30 22:11:43 | 000,000,000 | ---D | C] -- C:\Users\***\AppData\Local\Google [2010.07.28 15:45:45 | 000,000,000 | ---D | C] -- C:\Users\***\AppData\Roaming\TrafficMonitor [2010.07.28 15:45:45 | 000,000,000 | ---D | C] -- C:\ProgramData\TrafficMonitor [2010.07.28 15:22:31 | 000,000,000 | ---D | C] -- C:\Users\***\AppData\Roaming\RouterControl [2010.07.28 11:20:43 | 000,000,000 | ---D | C] -- C:\Programme\iPod [2010.07.25 13:30:26 | 000,000,000 | ---D | C] -- C:\Users\***\Desktop\MTB Touren [2010.07.24 09:02:24 | 000,000,000 | ---D | C] -- C:\Users\***\AppData\Roaming\Ohxawa [2010.07.20 14:26:40 | 000,000,000 | ---D | C] -- C:\Users\***\AppData\Roaming\Mobile Atlas Creator [2010.07.20 03:39:29 | 000,000,000 | ---D | C] -- C:\Users\***\AppData\Roaming\BoneTown [2010.07.20 03:33:23 | 000,000,000 | ---D | C] -- C:\Users\***\AppData\Roaming\Gyefyh [2010.07.18 19:27:38 | 000,000,000 | ---D | C] -- C:\Users\***\AppData\Roaming\Yszi [2010.07.16 17:40:40 | 000,000,000 | ---D | C] -- C:\Users\***\AppData\Roaming\Boilsoft [1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ] ========== Files - Modified Within 30 Days ========== [2010.08.14 20:08:28 | 003,932,160 | -HS- | M] () -- C:\Users\***\NTUSER.DAT [2010.08.14 20:07:06 | 000,653,928 | ---- | M] () -- C:\Windows\System32\perfh007.dat [2010.08.14 20:07:06 | 000,615,810 | ---- | M] () -- C:\Windows\System32\perfh009.dat [2010.08.14 20:07:06 | 000,129,800 | ---- | M] () -- C:\Windows\System32\perfc007.dat [2010.08.14 20:07:06 | 000,106,190 | ---- | M] () -- C:\Windows\System32\perfc009.dat [2010.08.14 20:07:05 | 001,498,506 | ---- | M] () -- C:\Windows\System32\PerfStringBackup.INI [2010.08.14 19:23:14 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat [2010.08.14 19:23:10 | 1609,916,416 | -HS- | M] () -- C:\hiberfil.sys [2010.08.14 18:34:10 | 000,388,608 | ---- | M] (Trend Micro Inc.) -- C:\Users\***\Desktop\HiJackThis204.exe [2010.08.14 18:22:12 | 000,574,976 | ---- | M] (OldTimer Tools) -- C:\Users\***\Desktop\OTL.exe [2010.08.14 18:01:06 | 000,050,477 | ---- | M] () -- C:\Users\***\Desktop\Defogger.exe [2010.08.14 17:37:30 | 000,001,094 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job [2010.08.14 17:17:30 | 000,016,944 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0 [2010.08.14 17:17:30 | 000,016,944 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0 [2010.08.14 17:17:02 | 000,001,098 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job [2010.08.14 17:10:17 | 000,000,006 | -H-- | M] () -- C:\Windows\tasks\SA.DAT [2010.08.14 13:20:32 | 000,013,904 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\drivers\hwpolicy.sys [2010.08.14 12:06:39 | 000,961,536 | ---- | M] () -- C:\Users\***\AppData\Local\1686579041.exe [2010.08.11 17:27:15 | 003,782,648 | ---- | M] () -- C:\Windows\System32\FNTCACHE.DAT [2010.08.11 16:26:18 | 000,464,257 | ---- | M] () -- C:\Users\***\Desktop\Zeugnisvorlage.pdf [2010.08.11 16:25:35 | 001,488,743 | ---- | M] () -- C:\Users\***\Desktop\Anlage 1.pdf [2010.08.11 11:18:38 | 000,000,662 | ---- | M] () -- C:\Users\***\Desktop\CCleaner.lnk [2010.07.29 08:30:49 | 000,197,632 | ---- | M] (Intel(R) Corporation) -- C:\Windows\System32\ir32_32.dll [2010.07.29 08:30:34 | 000,082,944 | ---- | M] (Radius Inc.) -- C:\Windows\System32\iccvid.dll [2010.07.28 11:21:00 | 000,002,429 | ---- | M] () -- C:\Users\Public\Desktop\iTunes.lnk [2010.07.22 12:32:55 | 000,438,862 | ---- | M] () -- C:\Users\***\Desktop\Zeugnis315.jpg [2010.07.22 12:16:48 | 000,000,301 | ---- | M] () -- C:\Users\***\Desktop\redir.asp.htm [2010.07.16 18:20:17 | 000,001,589 | ---- | M] () -- C:\Users\***\Desktop\DivX Movies.lnk [2010.07.16 18:19:56 | 000,001,082 | ---- | M] () -- C:\Users\Public\Desktop\DivX Plus Player.lnk [2010.07.16 18:19:52 | 000,001,122 | ---- | M] () -- C:\Users\Public\Desktop\DivX Plus Converter.lnk [1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ] ========== Files Created - No Company Name ========== [2010.08.14 20:06:52 | 000,781,909 | ---- | C] () -- C:\Users\***\Desktop\RSIT.exe [2010.08.14 18:03:39 | 000,050,477 | ---- | C] () -- C:\Users\***\Desktop\Defogger.exe [2010.08.14 12:06:39 | 000,961,536 | ---- | C] () -- C:\Users\***\AppData\Local\1686579041.exe [2010.08.11 16:26:17 | 000,464,257 | ---- | C] () -- C:\Users\***\Desktop\Zeugnisvorlage.pdf [2010.08.11 16:25:33 | 001,488,743 | ---- | C] () -- C:\Users\***\Desktop\Anlage 1.pdf [2010.07.30 22:12:26 | 000,001,098 | ---- | C] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job [2010.07.30 22:12:05 | 000,001,094 | ---- | C] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job [2010.07.28 11:21:00 | 000,002,429 | ---- | C] () -- C:\Users\Public\Desktop\iTunes.lnk [2010.07.22 12:45:29 | 000,438,862 | ---- | C] () -- C:\Users\***\Desktop\Zeugnis315.jpg [2010.07.22 12:16:48 | 000,000,301 | ---- | C] () -- C:\Users\***\Desktop\redir.asp.htm [2010.07.16 18:20:17 | 000,001,589 | ---- | C] () -- C:\Users\***\Desktop\DivX Movies.lnk [2010.07.16 18:19:56 | 000,001,082 | ---- | C] () -- C:\Users\Public\Desktop\DivX Plus Player.lnk [2010.07.16 18:19:52 | 000,001,122 | ---- | C] () -- C:\Users\Public\Desktop\DivX Plus Converter.lnk [2010.06.21 16:52:38 | 000,165,376 | ---- | C] () -- C:\Windows\System32\unrar.dll [2010.06.21 16:52:38 | 000,000,038 | ---- | C] () -- C:\Windows\avisplitter.ini [2010.06.21 16:52:36 | 000,881,664 | ---- | C] () -- C:\Windows\System32\xvidcore.dll [2010.06.21 16:52:36 | 000,205,824 | ---- | C] () -- C:\Windows\System32\xvidvfw.dll [2010.06.21 16:52:36 | 000,108,032 | ---- | C] () -- C:\Windows\System32\ff_vfw.dll [2010.06.21 16:52:36 | 000,000,547 | ---- | C] () -- C:\Windows\System32\ff_vfw.dll.manifest [2010.06.21 10:56:16 | 000,001,111 | ---- | C] () -- C:\Windows\AZPR3.INI [2010.06.15 23:07:37 | 000,116,224 | ---- | C] () -- C:\Windows\System32\pdfcmnnt.dll [2010.05.08 20:57:19 | 000,000,491 | ---- | C] () -- C:\Windows\Ascd_tmp.ini [2010.02.11 07:30:38 | 000,159,744 | ---- | C] () -- C:\Windows\System32\atitmmxx.dll [2009.07.14 01:51:43 | 000,073,728 | ---- | C] () -- C:\Windows\System32\BthpanContextHandler.dll [2009.07.14 01:42:10 | 000,064,000 | ---- | C] () -- C:\Windows\System32\BWContextHandler.dll [2008.10.07 09:13:30 | 000,197,912 | ---- | C] () -- C:\Windows\System32\physxcudart_20.dll [2008.10.07 09:13:22 | 000,058,648 | ---- | C] () -- C:\Windows\System32\AgCPanelTraditionalChinese.dll [2008.10.07 09:13:20 | 000,058,648 | ---- | C] () -- C:\Windows\System32\AgCPanelSwedish.dll [2008.10.07 09:13:20 | 000,058,648 | ---- | C] () -- C:\Windows\System32\AgCPanelSpanish.dll [2008.10.07 09:13:20 | 000,058,648 | ---- | C] () -- C:\Windows\System32\AgCPanelSimplifiedChinese.dll [2008.10.07 09:13:20 | 000,058,648 | ---- | C] () -- C:\Windows\System32\AgCPanelPortugese.dll [2008.10.07 09:13:20 | 000,058,648 | ---- | C] () -- C:\Windows\System32\AgCPanelKorean.dll [2008.10.07 09:13:20 | 000,058,648 | ---- | C] () -- C:\Windows\System32\AgCPanelJapanese.dll [2008.10.07 09:13:20 | 000,058,648 | ---- | C] () -- C:\Windows\System32\AgCPanelGerman.dll [2008.10.07 09:13:20 | 000,058,648 | ---- | C] () -- C:\Windows\System32\AgCPanelFrench.dll [2004.08.13 09:56:20 | 000,005,810 | ---- | C] () -- C:\Windows\System32\drivers\ASACPI.sys [2004.04.27 17:26:48 | 000,005,824 | ---- | C] () -- C:\Windows\System32\drivers\ASUSHWIO.SYS ========== LOP Check ========== [2010.05.14 06:50:59 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\Abuliw [2010.05.20 09:56:08 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\ACD Systems [2010.07.16 17:40:40 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\Boilsoft [2010.07.20 05:02:03 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\BoneTown [2010.06.25 08:17:25 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\Cinya [2010.05.19 20:17:02 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\DAEMON Tools Lite [2010.06.10 16:41:23 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\FileZilla [2010.06.30 20:07:28 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\gtk-2.0 [2010.08.14 17:46:13 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\Gyefyh [2010.08.14 13:44:40 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\Igsuw [2010.08.11 11:13:49 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\Iwik [2010.05.09 13:33:50 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\Miranda [2010.07.20 14:26:40 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\Mobile Atlas Creator [2010.06.03 11:13:18 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\Mp3tag [2010.07.14 01:03:47 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\MSA [2010.08.14 12:07:06 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\Ohxawa [2010.06.15 18:29:44 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\OpenOffice.org [2010.08.11 12:12:23 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\Oxnuim [2010.07.28 15:22:45 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\RouterControl [2010.08.14 17:46:13 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\Seekx [2010.05.09 11:36:00 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\Steganos [2010.06.02 16:48:28 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\TeamViewer [2010.05.31 10:24:26 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\Thunderbird [2010.07.28 15:46:18 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\TrafficMonitor [2010.05.08 23:38:31 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\TuneUp Software [2010.06.15 22:56:27 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\UDC Profiles [2010.07.03 11:42:58 | 000,000,000 | --SD | M] -- C:\Users\***\AppData\Roaming\Virtual CD v10 [2010.07.31 09:10:21 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\VSO [2010.06.21 17:00:26 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\Xilisoft [2010.08.11 14:08:40 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\Yszi [2010.07.04 04:05:58 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\Zaoxa [2009.07.14 06:53:46 | 000,029,608 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT ========== Purity Check ========== < End of report > Vielen Dank schonmal für eure Mühe =) |
| Themen zu Security Tool lässt sich nicht entfernen |
| 7-zip, anlage, antivir, antivir guard, audiograbber, avgnt, avgntflt.sys, avira, awareness, bho, bonjour, browser, components, controlset002, converter, corp./icp, data recovery, desktop, document, enigma, entfernen, failed, fehler, firefox.exe, flash player, fontcache, google, google earth, install.exe, jdownloader, keine programme, keine programme ausführen, langs, local\temp, location, locker, lässt sich nicht entfernen, media center, microsoft office word, mozilla, mozilla thunderbird, netzwerklistendienst, nvstor.sys, object, oldtimer, otl.exe, plug-in, programdata, realtek, recuva, registry, richtlinie, saver, security, senden, shell32.dll, software, sptd.sys, spyhunter 4, start menu, starten., system, taskhost.exe, usb, viren, vlc media player, webcheck, windows |
Baum-Darstellung