Zurück   Trojaner-Board > Malware entfernen > Plagegeister aller Art und deren Bekämpfung
Zwei Trojaner durch Malwarebytes Anti-Malware gefunden

Zwei Trojaner durch Malwarebytes Anti-Malware gefunden


Plagegeister aller Art und deren Bekämpfung: Zwei Trojaner durch Malwarebytes Anti-Malware gefunden

Windows 7 Wenn Du nicht sicher bist, ob Du dir Malware oder Trojaner eingefangen hast, erstelle hier ein Thema. Ein Experte wird sich mit weiteren Anweisungen melden und Dir helfen die Malware zu entfernen oder Unerwünschte Software zu deinstallieren bzw. zu löschen. Bitte schildere dein Problem so genau wie möglich. Sollte es ein Trojaner oder Viren Problem sein wird ein Experte Dir bei der Beseitigug der Infektion helfen.

Antwort
Seite 2 von 3 1 2 3
Alt 30.08.2010, 18:31   #16
Klio
 
Zwei Trojaner durch Malwarebytes Anti-Malware gefunden - Standard

Zwei Trojaner durch Malwarebytes Anti-Malware gefunden


Jo die Kiste läuft nach wie vor ohne Probleme.
Hin und wieder lasse ich einfach Malwarebytes im Quickscan durchlaufen und beim letzten Mal hat es eben diese zwei Trojaner gefunden.

Sind die jetzt weg? wurde noch mehr gefunden?
Hab da nicht so den durchblick

Alt 30.08.2010, 18:51   #17
Swisstreasure
/// Malwareteam
 
Zwei Trojaner durch Malwarebytes Anti-Malware gefunden - Standard

Zwei Trojaner durch Malwarebytes Anti-Malware gefunden


Schritt 1

ESET Online Scanner
Bitte während der Online-Scans evtl. vorhandene externe Festplatten einschalten! Bitte während der Scans alle Hintergrundwächter (Anti-Virus-Programm, Firewall, Skriptblocking und ähnliches) abstellen und nicht vergessen, alles hinterher wieder einzuschalten.
  • Anmerkung für Vista und Win7 User: Bitte den Browser unbedingt als Administrator starten.
  • Dein Anti-Virus-Programm während des Scans deaktivieren.
  • Button drücken.
    • Firefox-User: Bitte esetsmartinstaller_enu.exe downloaden.Das Firefox-Addon auf dem Desktop speichern und dann installieren.
    • IE-User: müssen das Installieren eines ActiveX Elements erlauben.
  • Setze den einen Hacken bei Yes, i accept the Terms of Use.
  • Drücke den Button.
  • Warte bis die Komponenten herunter geladen wurden.
  • Setze einen Haken bei "Remove found threads" und "Scan archives".
  • drücken.
  • Die Signaturen werden herunter geladen.Der Scan beginnt automatisch.
Wenn der Scan beendet wurde
  • Klicke Finish.
  • Browser schließen.
  • Explorer öffnen.
  • C:\Programme\Eset\EsetOnlineScanner\log.txt suchen und mit Deinem Editor öffnen.
  • Logfile hier posten.

Schritt 2

Erneuter Systemscan mit OTL
  • Doppelklick auf die OTL.exe
  • Vista User: Rechtsklick auf die OTL.exe und "als Administrator ausführen" wählen
  • Oben findest Du ein Kästchen mit Output. Wähle bitte Minimal Output
  • Unter Extra Registry, wähle bitte Use SafeList
  • Klicke nun auf Run Scan links oben
  • Wenn der Scan beendet wurde werden 2 Logfiles erstellt
  • Poste die Logfiles in Code-Tags hier in den Thread.
__________________
Alt 30.08.2010, 19:20   #18
Klio
 
Zwei Trojaner durch Malwarebytes Anti-Malware gefunden - Standard

Zwei Trojaner durch Malwarebytes Anti-Malware gefunden


Zitat:
Anmerkung für Vista und Win7 User: Bitte den Browser unbedingt als Administrator starten.
Ist hiermit der Webbrowser gemeint? Oder wie muss ich das verstehen?
Sorry für die blöde Frage
__________________
Alt 30.08.2010, 19:25   #19
Swisstreasure
/// Malwareteam
 
Zwei Trojaner durch Malwarebytes Anti-Malware gefunden - Standard

Zwei Trojaner durch Malwarebytes Anti-Malware gefunden


Ja Also IE rechtsklick, ausführen als Admin

Alt 30.08.2010, 23:55   #20
Klio
 
Zwei Trojaner durch Malwarebytes Anti-Malware gefunden - Standard

Zwei Trojaner durch Malwarebytes Anti-Malware gefunden


ESET Online Scaner: Bin Firefox-User
Code:
ATTFilter
ESETSmartInstaller@High as downloader log:
all ok
# version=7
# OnlineScannerApp.exe=1.0.0.1
# OnlineScanner.ocx=1.0.0.6211
# api_version=3.0.2
# EOSSerial=4694456805f2184f93d65e18351dd340
# end=finished
# remove_checked=true
# archives_checked=true
# unwanted_checked=true
# unsafe_checked=false
# antistealth_checked=true
# utc_time=2010-08-30 10:08:06
# local_time=2010-08-31 12:08:06 (+0100, Mitteleuropäische Sommerzeit)
# country="Switzerland"
# lang=1033
# osver=6.0.6002 NT Service Pack 2
# compatibility_mode=1280 16777215 100 0 0 0 0 0
# compatibility_mode=1797 16775165 100 94 985597 42294276 1033401 0
# compatibility_mode=5892 16776573 100 100 274496 120733911 0 0
# compatibility_mode=8192 67108863 100 0 202 202 0 0
# scanned=195349
# found=0
# cleaned=0
# scan_time=4902
OTL:
Code:
ATTFilter
OTL logfile created on: 31.08.2010 00:26:12 - Run 2
OTL by OldTimer - Version 3.2.11.0     Folder = D:\Desktop\Desktop
Windows Vista Home Premium Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18943)
Locale: 00000807 | Country: Schweiz | Language: DES | Date Format: dd.MM.yyyy
 
3.00 Gb Total Physical Memory | 2.00 Gb Available Physical Memory | 60.00% Memory free
6.00 Gb Paging File | 5.00 Gb Available in Paging File | 79.00% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 221.32 Gb Total Space | 147.26 Gb Free Space | 66.54% Space Free | Partition Type: NTFS
Drive D: | 232.88 Gb Total Space | 210.66 Gb Free Space | 90.46% Space Free | Partition Type: NTFS
Drive E: | 11.56 Gb Total Space | 1.88 Gb Free Space | 16.26% Space Free | Partition Type: NTFS
F: Drive not present or media not loaded
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded
 
Computer Name: ***-PC
Current User Name: ***
Logged in as Administrator.
 
Current Boot Mode: Normal
Scan Mode: Current user
Company Name Whitelist: Off
Skip Microsoft Files: Off
File Age = 30 Days
Output = Minimal
 
========== Processes (SafeList) ==========
 
PRC - D:\Desktop\Desktop\OTL.exe (OldTimer Tools)
PRC - C:\Program Files\DivX\DivX Update\DivXUpdate.exe ()
PRC - C:\Program Files\Avira\AntiVir Desktop\avguard.exe (Avira GmbH)
PRC - C:\Program Files\Avira\AntiVir Desktop\avgnt.exe (Avira GmbH)
PRC - C:\Program Files\Avira\AntiVir Desktop\sched.exe (Avira GmbH)
PRC - C:\Program Files\Avira\AntiVir Desktop\avshadow.exe (Avira GmbH)
PRC - C:\Program Files\DigitalPersona\Bin\DpHostW.exe (DigitalPersona, Inc.)
PRC - C:\Program Files\DigitalPersona\Bin\DpAgent.exe (DigitalPersona, Inc.)
PRC - C:\Windows\explorer.exe (Microsoft Corporation)
PRC - C:\Windows\System32\conime.exe (Microsoft Corporation)
PRC - C:\Program Files\Hewlett-Packard\Media\TV\Kernel\TV\TVCapSvc.exe ()
PRC - C:\Program Files\Hewlett-Packard\Media\TV\Kernel\TV\TVSched.exe ()
PRC - C:\Program Files\Hewlett-Packard\Media\TV\TVAgent.exe (CyberLink Corp.)
PRC - C:\Program Files\Hewlett-Packard\TouchSmart\Media\Kernel\CLML\CLMLSvc.exe (CyberLink)
PRC - C:\Program Files\Hewlett-Packard\TouchSmart\Media\TSMAgent.exe (CyberLink Corp.)
PRC - C:\Program Files\SMINST\BLService.exe ()
PRC - C:\Program Files\Hewlett-Packard\Media\DVD\DVDAgent.exe (CyberLink Corp.)
PRC - C:\Program Files\Hewlett-Packard\HP MediaSmart\SmartMenu.exe (Hewlett-Packard)
PRC - C:\Windows\System32\vfsFPService.exe (Validity Sensors, Inc.)
PRC - C:\Windows\System32\DriverStore\FileRepository\stwrt.inf_52c73ccb\stacsv.exe (IDT, Inc.)
PRC - C:\Program Files\IDT\WDM\sttray.exe (IDT, Inc.)
PRC - C:\Windows\System32\DriverStore\FileRepository\stwrt.inf_52c73ccb\AEstSrv.exe (Andrea Electronics Corporation)
PRC - C:\Program Files\Windows Defender\MSASCui.exe (Microsoft Corporation)
PRC - C:\Program Files\RocketDock\RocketDock.exe ()
 
 
========== Modules (SafeList) ==========
 
MOD - D:\Desktop\Desktop\OTL.exe (OldTimer Tools)
MOD - C:\Windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.6002.18005_none_5cb72f96088b0de0\comctl32.dll (Microsoft Corporation)
MOD - C:\Windows\System32\msscript.ocx (Microsoft Corporation)
 
 
========== Win32 Services (SafeList) ==========
 
SRV - (AntiVirService) -- C:\Program Files\Avira\AntiVir Desktop\avguard.exe (Avira GmbH)
SRV - (WPFFontCache_v0400) -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe (Microsoft Corporation)
SRV - (clr_optimization_v4.0.30319_32) -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe (Microsoft Corporation)
SRV - (AntiVirSchedulerService) -- C:\Program Files\Avira\AntiVir Desktop\sched.exe (Avira GmbH)
SRV - (DpHost) -- C:\Program Files\DigitalPersona\Bin\DpHostW.exe (DigitalPersona, Inc.)
SRV - (FontCache) -- C:\Windows\System32\FntCache.dll (Microsoft Corporation)
SRV - (TVCapSvc) TV Background Capture Service (TVBCS) -- C:\Program Files\Hewlett-Packard\Media\TV\Kernel\TV\TVCapSvc.exe ()
SRV - (TVSched) TV Task Scheduler (TVTS) -- C:\Program Files\Hewlett-Packard\Media\TV\Kernel\TV\TVSched.exe ()
SRV - (Recovery Service for Windows) -- C:\Program Files\SMINST\BLService.exe ()
SRV - (vfsFPService) -- C:\Windows\System32\vfsFPService.exe (Validity Sensors, Inc.)
SRV - (STacSV) -- C:\Windows\System32\DriverStore\FileRepository\stwrt.inf_52c73ccb\stacsv.exe (IDT, Inc.)
SRV - (AESTFilters) -- C:\Windows\System32\DriverStore\FileRepository\stwrt.inf_52c73ccb\AEstSrv.exe (Andrea Electronics Corporation)
SRV - (ezSharedSvc) -- C:\Windows\System32\ezsvc7.dll (EasyBits Sofware AS)
SRV - (WinDefend) -- C:\Program Files\Windows Defender\MpSvc.dll (Microsoft Corporation)
 
 
========== Driver Services (SafeList) ==========
 
DRV - (avipbb) -- C:\Windows\System32\drivers\avipbb.sys (Avira GmbH)
DRV - (avgntflt) -- C:\Windows\System32\drivers\avgntflt.sys (Avira GmbH)
DRV - (ssmdrv) -- C:\Windows\System32\drivers\ssmdrv.sys (Avira GmbH)
DRV - (WinUSB) -- C:\Windows\System32\drivers\winusb.sys (Microsoft Corporation)
DRV - (viaide) -- C:\Windows\system32\drivers\viaide.sys (VIA Technologies, Inc.)
DRV - (cmdide) -- C:\Windows\system32\drivers\cmdide.sys (CMD Technology, Inc.)
DRV - (aliide) -- C:\Windows\system32\drivers\aliide.sys (Acer Laboratories Inc.)
DRV - (atikmdag) -- C:\Windows\System32\drivers\atikmdag.sys (ATI Technologies Inc.)
DRV - ({55662437-DA8C-40c0-AADA-2C816A897A49}) -- C:\Program Files\Hewlett-Packard\Media\DVD\000.fcl (CyberLink Corp.)
DRV - (STHDA) -- C:\Windows\System32\drivers\stwrt.sys (IDT, Inc.)
DRV - (JMCR) -- C:\Windows\System32\drivers\jmcr.sys (JMicron Technology Corporation)
DRV - (enecir) -- C:\Windows\System32\drivers\enecir.sys (ENE TECHNOLOGY INC.)
DRV - (NETw5v32) Intel(R) -- C:\Windows\System32\drivers\NETw5v32.sys (Intel Corporation)
DRV - (RTL8169) -- C:\Windows\System32\drivers\Rtlh86.sys (Realtek Corporation                                            )
DRV - (SynTP) -- C:\Windows\System32\drivers\SynTP.sys (Synaptics, Inc.)
DRV - (AVerAF15) -- C:\Windows\System32\drivers\AVerAF15.sys (AVerMedia TECHNOLOGIES, Inc.)
DRV - (btwavdt) -- C:\Windows\System32\drivers\btwavdt.sys (Broadcom Corporation.)
DRV - (btwaudio) -- C:\Windows\System32\drivers\btwaudio.sys (Broadcom Corporation.)
DRV - (btwrchid) -- C:\Windows\System32\drivers\btwrchid.sys (Broadcom Corporation.)
DRV - (UsbserFilt) -- C:\Windows\System32\drivers\usbser_lowerfltj.sys (Windows (R) Codename Longhorn DDK provider)
DRV - (nmwcdc) -- C:\Windows\System32\drivers\ccdcmbo.sys (Nokia)
DRV - (upperdev) -- C:\Windows\System32\drivers\usbser_lowerflt.sys (Windows (R) Codename Longhorn DDK provider)
DRV - (nmwcd) -- C:\Windows\System32\drivers\ccdcmb.sys (Nokia)
DRV - (hpdskflt) -- C:\Windows\system32\DRIVERS\hpdskflt.sys (Hewlett-Packard Corporation)
DRV - (Accelerometer) -- C:\Windows\System32\drivers\Accelerometer.sys (Hewlett-Packard Corporation)
DRV - (MegaSR) -- C:\Windows\system32\drivers\megasr.sys (LSI Corporation, Inc.)
DRV - (adpu320) -- C:\Windows\system32\drivers\adpu320.sys (Adaptec, Inc.)
DRV - (megasas) -- C:\Windows\system32\drivers\megasas.sys (LSI Corporation)
DRV - (adpu160m) -- C:\Windows\system32\drivers\adpu160m.sys (Adaptec, Inc.)
DRV - (SiSRaid4) -- C:\Windows\system32\drivers\sisraid4.sys (Silicon Integrated Systems)
DRV - (HpCISSs) -- C:\Windows\system32\drivers\hpcisss.sys (Hewlett-Packard Company)
DRV - (adpahci) -- C:\Windows\system32\drivers\adpahci.sys (Adaptec, Inc.)
DRV - (LSI_SAS) -- C:\Windows\system32\drivers\lsi_sas.sys (LSI Logic)
DRV - (ql2300) -- C:\Windows\system32\drivers\ql2300.sys (QLogic Corporation)
DRV - (E1G60) Intel(R) -- C:\Windows\System32\drivers\E1G60I32.sys (Intel Corporation)
DRV - (arcsas) -- C:\Windows\system32\drivers\arcsas.sys (Adaptec, Inc.)
DRV - (iaStorV) -- C:\Windows\system32\drivers\iastorv.sys (Intel Corporation)
DRV - (vsmraid) -- C:\Windows\system32\drivers\vsmraid.sys (VIA Technologies Inc.,Ltd)
DRV - (ulsata2) -- C:\Windows\system32\drivers\ulsata2.sys (Promise Technology, Inc.)
DRV - (LSI_SCSI) -- C:\Windows\system32\drivers\lsi_scsi.sys (LSI Logic)
DRV - (LSI_FC) -- C:\Windows\system32\drivers\lsi_fc.sys (LSI Logic)
DRV - (arc) -- C:\Windows\system32\drivers\arc.sys (Adaptec, Inc.)
DRV - (elxstor) -- C:\Windows\system32\drivers\elxstor.sys (Emulex)
DRV - (adp94xx) -- C:\Windows\system32\drivers\adp94xx.sys (Adaptec, Inc.)
DRV - (nvraid) -- C:\Windows\system32\drivers\nvraid.sys (NVIDIA Corporation)
DRV - (nvstor) -- C:\Windows\system32\drivers\nvstor.sys (NVIDIA Corporation)
DRV - (NETw3v32) Intel(R) -- C:\Windows\System32\drivers\NETw3v32.sys (Intel Corporation)
DRV - (uliahci) -- C:\Windows\system32\drivers\uliahci.sys (ULi Electronics Inc.)
DRV - (HpqKbFiltr) -- C:\Windows\System32\drivers\HpqKbFiltr.sys (Hewlett-Packard Development Company, L.P.)
DRV - (ql40xx) -- C:\Windows\system32\drivers\ql40xx.sys (QLogic Corporation)
DRV - (UlSata) -- C:\Windows\system32\drivers\ulsata.sys (Promise Technology, Inc.)
DRV - (nfrd960) -- C:\Windows\system32\drivers\nfrd960.sys (IBM Corporation)
DRV - (iirsp) -- C:\Windows\system32\drivers\iirsp.sys (Intel Corp./ICP vortex GmbH)
DRV - (aic78xx) -- C:\Windows\system32\drivers\djsvs.sys (Adaptec, Inc.)
DRV - (iteraid) -- C:\Windows\system32\drivers\iteraid.sys (Integrated Technology Express, Inc.)
DRV - (iteatapi) -- C:\Windows\system32\drivers\iteatapi.sys (Integrated Technology Express, Inc.)
DRV - (Symc8xx) -- C:\Windows\system32\drivers\symc8xx.sys (LSI Logic)
DRV - (Sym_u3) -- C:\Windows\system32\drivers\sym_u3.sys (LSI Logic)
DRV - (Mraid35x) -- C:\Windows\system32\drivers\mraid35x.sys (LSI Logic Corporation)
DRV - (Sym_hi) -- C:\Windows\system32\drivers\sym_hi.sys (LSI Logic)
DRV - (Brserid) Brother MFC Serial Port Interface Driver (WDM) -- C:\Windows\system32\drivers\brserid.sys (Brother Industries Ltd.)
DRV - (BrUsbSer) -- C:\Windows\system32\drivers\brusbser.sys (Brother Industries Ltd.)
DRV - (BrFiltUp) -- C:\Windows\system32\drivers\brfiltup.sys (Brother Industries, Ltd.)
DRV - (BrFiltLo) -- C:\Windows\system32\drivers\brfiltlo.sys (Brother Industries, Ltd.)
DRV - (BrSerWdm) -- C:\Windows\system32\drivers\brserwdm.sys (Brother Industries Ltd.)
DRV - (BrUsbMdm) -- C:\Windows\system32\drivers\brusbmdm.sys (Brother Industries Ltd.)
DRV - (ntrigdigi) -- C:\Windows\system32\drivers\ntrigdigi.sys (N-trig Innovative Technologies)
DRV - (yukonwlh) -- C:\Windows\System32\drivers\yk60x86.sys (Marvell)
DRV - (giveio) -- C:\Windows\system32\giveio.sys ()
 
 
========== Standard Registry (SafeList) ==========
 
 
========== Internet Explorer ==========
 
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=de_ch&c=91&bd=Pavilion&pf=cnnb
 
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.google.ch/
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,StartPageCache = 1
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local
 
========== FireFox ==========
 
FF - prefs.js..browser.search.selectedEngine: "Wikipedia (de)"
FF - prefs.js..browser.search.useDBForOrder: true
FF - prefs.js..browser.startup.homepage: "hxxp://www.google.ch/"
FF - prefs.js..extensions.enabledItems: otis@digitalpersona.com:5.0.0.3790
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}:6.0.20
FF - prefs.js..extensions.enabledItems: {6614d11d-d21d-b211-ae23-815234e1ebb5}:1.0.21
FF - prefs.js..extensions.enabledItems: ck@everygain.com:1.0.4
FF - prefs.js..extensions.enabledItems: {1018e4d6-728f-4b20-ad56-37578a4de76b}:4.0.8
FF - prefs.js..extensions.enabledItems: locationbar2@design-noir.de:1.0.5
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA}:6.0.21
FF - prefs.js..extensions.enabledItems: {6AC85730-7D0F-4de0-B3FA-21142DD85326}:2.0.2
FF - prefs.js..extensions.enabledItems: iTunesFox@sjcmankimo.tw:0.3.2
FF - prefs.js..extensions.enabledItems: {6e00410e-1176-11dc-8314-0800200c9a66}:1.6.2
FF - prefs.js..extensions.enabledItems: {113c2360-15a3-11de-8c30-0800200c9a66}:0.9
FF - prefs.js..network.proxy.no_proxies_on: "*.local"
 
 
FF - HKLM\software\mozilla\Firefox\Extensions\\otis@digitalpersona.com: C:\Program Files\DigitalPersona\Bin\FirefoxExt\ [2010.04.13 17:00:01 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.6.8\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2010.08.12 11:36:38 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.6.8\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2010.08.23 11:57:10 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Sunbird 1.0b1\extensions\\Components: C:\Program Files\Mozilla Sunbird\components [2010.04.11 01:38:00 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Sunbird 1.0b1\extensions\\Plugins: C:\Program Files\Mozilla Sunbird\plugins [2010.08.23 11:57:10 | 000,000,000 | ---D | M]
 
[2010.04.11 01:38:10 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\mozilla\Extensions
[2010.04.11 01:38:10 | 000,000,000 | ---D | M] (No name found) -- C:\Users\***\AppData\Roaming\mozilla\Extensions\{718e30fb-e89b-41dd-9da7-e25a45638b28}
[2010.08.30 01:32:51 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\mozilla\Firefox\Profiles\v1z4ljmb.default\extensions
[2010.05.19 04:40:24 | 000,000,000 | ---D | M] (No name found) -- C:\Users\***\AppData\Roaming\mozilla\Firefox\Profiles\v1z4ljmb.default\extensions\{07b2a769-ed19-4483-87ce-c643914c9626}
[2010.08.13 14:30:09 | 000,000,000 | ---D | M] (Flagfox) -- C:\Users\***\AppData\Roaming\mozilla\Firefox\Profiles\v1z4ljmb.default\extensions\{1018e4d6-728f-4b20-ad56-37578a4de76b}
[2010.06.03 01:32:20 | 000,000,000 | ---D | M] (No name found) -- C:\Users\***\AppData\Roaming\mozilla\Firefox\Profiles\v1z4ljmb.default\extensions\{113c2360-15a3-11de-8c30-0800200c9a66}
[2010.05.19 04:54:08 | 000,000,000 | ---D | M] (No name found) -- C:\Users\***\AppData\Roaming\mozilla\Firefox\Profiles\v1z4ljmb.default\extensions\{1a46a8a0-3278-11dd-bd11-0800200c9a66}
[2010.06.02 02:29:48 | 000,000,000 | ---D | M] (Microsoft .NET Framework Assistant) -- C:\Users\***\AppData\Roaming\mozilla\Firefox\Profiles\v1z4ljmb.default\extensions\{20a82645-c095-46ed-80e3-08825760534b}
[2010.05.19 05:10:25 | 000,000,000 | ---D | M] (No name found) -- C:\Users\***\AppData\Roaming\mozilla\Firefox\Profiles\v1z4ljmb.default\extensions\{239c61a8-e55f-11db-8314-0800200c9a66}
[2010.08.13 14:33:16 | 000,000,000 | ---D | M] (No name found) -- C:\Users\***\AppData\Roaming\mozilla\Firefox\Profiles\v1z4ljmb.default\extensions\{48e23fba-bb14-4745-b768-382150cd83fb}
[2010.08.13 14:25:34 | 000,000,000 | ---D | M] (Dr.Web anti-virus link checker) -- C:\Users\***\AppData\Roaming\mozilla\Firefox\Profiles\v1z4ljmb.default\extensions\{6614d11d-d21d-b211-ae23-815234e1ebb5}
[2010.08.13 14:34:38 | 000,000,000 | ---D | M] (No name found) -- C:\Users\***\AppData\Roaming\mozilla\Firefox\Profiles\v1z4ljmb.default\extensions\{69D30031-F4A8-452a-A5B3-5D6787C3C5CF}
[2010.08.26 17:28:46 | 000,000,000 | ---D | M] (ColorZilla) -- C:\Users\***\AppData\Roaming\mozilla\Firefox\Profiles\v1z4ljmb.default\extensions\{6AC85730-7D0F-4de0-B3FA-21142DD85326}
[2010.05.19 05:13:27 | 000,000,000 | ---D | M] (SKY) -- C:\Users\***\AppData\Roaming\mozilla\Firefox\Profiles\v1z4ljmb.default\extensions\{6e00410e-1176-11dc-8314-0800200c9a66}
[2010.05.19 04:44:51 | 000,000,000 | ---D | M] (No name found) -- C:\Users\***\AppData\Roaming\mozilla\Firefox\Profiles\v1z4ljmb.default\extensions\{6E1A2A2E-AE2A-4A26-A812-46F54288379E}
[2010.05.19 04:35:58 | 000,000,000 | ---D | M] (No name found) -- C:\Users\***\AppData\Roaming\mozilla\Firefox\Profiles\v1z4ljmb.default\extensions\{a45e6b3a-725d-4b20-afde-e7486bfe317c}
[2010.08.13 14:34:07 | 000,000,000 | ---D | M] (No name found) -- C:\Users\***\AppData\Roaming\mozilla\Firefox\Profiles\v1z4ljmb.default\extensions\{b5dd1cb0-1888-11df-8a39-0800200c9a66}
[2010.05.19 04:52:25 | 000,000,000 | ---D | M] (No name found) -- C:\Users\***\AppData\Roaming\mozilla\Firefox\Profiles\v1z4ljmb.default\extensions\{c9c58820-7bd4-11da-a72b-0800200c9a66}
[2010.05.20 05:54:25 | 000,000,000 | ---D | M] (No name found) -- C:\Users\***\AppData\Roaming\mozilla\Firefox\Profiles\v1z4ljmb.default\extensions\{de5809e0-2b07-11dd-bd0b-0800200c9a66}
[2010.08.13 14:32:27 | 000,000,000 | ---D | M] (No name found) -- C:\Users\***\AppData\Roaming\mozilla\Firefox\Profiles\v1z4ljmb.default\extensions\{e2c58150-9d72-11dd-ad8b-0800200c9a66}
[2010.05.20 05:54:45 | 000,000,000 | ---D | M] (No name found) -- C:\Users\***\AppData\Roaming\mozilla\Firefox\Profiles\v1z4ljmb.default\extensions\{fd2f951f-77ea-4938-9493-0c892c027a13}
[2010.08.13 14:28:24 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\mozilla\Firefox\Profiles\v1z4ljmb.default\extensions\ck@everygain.com
[2010.08.18 22:18:22 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\mozilla\Firefox\Profiles\v1z4ljmb.default\extensions\iTunesFox@sjcmankimo.tw
[2010.05.19 04:56:06 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\mozilla\Firefox\Profiles\v1z4ljmb.default\extensions\kempelton-fx@arvidaxelsson.se
[2010.08.13 14:30:58 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\mozilla\Firefox\Profiles\v1z4ljmb.default\extensions\locationbar2@design-noir.de
[2010.06.03 17:57:32 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\mozilla\Firefox\Profiles\v1z4ljmb.default\extensions\piclens@cooliris.com-trash
[2010.04.11 01:38:10 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\mozilla\Sunbird\Profiles\zqq1d95i.default\extensions
[2010.04.12 03:27:48 | 000,001,421 | ---- | M] () -- C:\Users\***\AppData\Roaming\Mozilla\FireFox\Profiles\v1z4ljmb.default\searchplugins\google-search-for-friendbar-toolbar.xml
[2010.04.17 00:04:24 | 000,002,079 | ---- | M] () -- C:\Users\***\AppData\Roaming\Mozilla\FireFox\Profiles\v1z4ljmb.default\searchplugins\google.xml
[2010.04.12 03:27:48 | 000,001,186 | ---- | M] () -- C:\Users\***\AppData\Roaming\Mozilla\FireFox\Profiles\v1z4ljmb.default\searchplugins\twitter-search.xml
[2010.08.24 16:44:34 | 000,000,000 | ---D | M] -- C:\Program Files\Mozilla Firefox\extensions
[2010.04.24 09:42:55 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}
[2010.08.24 16:44:34 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA}
[2010.07.17 05:00:04 | 000,423,656 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\Mozilla Firefox\plugins\npdeployJava1.dll
[2010.07.23 02:48:56 | 000,001,392 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\amazondotcom-de.xml
[2010.07.23 02:48:56 | 000,002,344 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\eBay-de.xml
[2010.07.23 02:48:56 | 000,006,805 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\leo_ende_de.xml
[2010.07.23 02:48:56 | 000,001,178 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\wikipedia-de.xml
[2010.07.23 02:48:56 | 000,001,105 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\yahoo-de.xml
 
O1 HOSTS File: ([2010.08.28 23:15:32 | 000,000,027 | ---- | M]) - C:\Windows\System32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1       localhost
O2 - BHO: (DigitalPersona Personal Extension) - {395610AE-C624-4f58-B89E-23733EA00F9A} - C:\Program Files\DigitalPersona\Bin\DpOtsPluginIe8.dll (DigitalPersona, Inc.)
O2 - BHO: (Groove GFS Browser Helper) - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll (Microsoft Corporation)
O4 - HKLM..\Run: [avgnt] C:\Program Files\Avira\AntiVir Desktop\avgnt.exe (Avira GmbH)
O4 - HKLM..\Run: [CLMLServer for HP TouchSmart] C:\Program Files\Hewlett-Packard\TouchSmart\Media\Kernel\CLML\CLMLSvc.exe (CyberLink)
O4 - HKLM..\Run: [DivXUpdate] C:\Program Files\DivX\DivX Update\DivXUpdate.exe ()
O4 - HKLM..\Run: [DpAgent] C:\Program Files\DigitalPersona\Bin\DpAgent.exe (DigitalPersona, Inc.)
O4 - HKLM..\Run: [DVDAgent] C:\Program Files\Hewlett-Packard\Media\DVD\DVDAgent.exe (CyberLink Corp.)
O4 - HKLM..\Run: [HP Health Check Scheduler] c:\Program Files\Hewlett-Packard\HP Health Check\HPHC_Scheduler.exe (Hewlett-Packard)
O4 - HKLM..\Run: [SmartMenu] C:\Program Files\Hewlett-Packard\HP MediaSmart\SmartMenu.exe (Hewlett-Packard)
O4 - HKLM..\Run: [StartCCC] C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe (Advanced Micro Devices, Inc.)
O4 - HKLM..\Run: [SysTrayApp] C:\Program Files\IDT\WDM\sttray.exe (IDT, Inc.)
O4 - HKLM..\Run: [TSMAgent] C:\Program Files\Hewlett-Packard\TouchSmart\Media\TSMAgent.exe (CyberLink Corp.)
O4 - HKLM..\Run: [TVAgent] C:\Program Files\Hewlett-Packard\Media\TV\TVAgent.exe (CyberLink Corp.)
O4 - HKLM..\Run: [UCam_Menu] C:\Program Files\Hewlett-Packard\Media\Webcam\MUITransfer\MUIStartMenu.exe (CyberLink Corp.)
O4 - HKLM..\Run: [UpdateLBPShortCut] C:\Program Files\CyberLink\LabelPrint\MUITransfer\MUIStartMenu.exe (CyberLink Corp.)
O4 - HKLM..\Run: [UpdateP2GoShortCut] C:\Program Files\CyberLink\Power2Go\MUITransfer\MUIStartMenu.exe (CyberLink Corp.)
O4 - HKLM..\Run: [UpdatePDIRShortCut] C:\Program Files\CyberLink\PowerDirector\MUITransfer\MUIStartMenu.exe (CyberLink Corp.)
O4 - HKLM..\Run: [UpdatePSTShortCut] C:\Program Files\CyberLink\DVD Suite\MUITransfer\MUIStartMenu.exe (CyberLink Corp.)
O4 - HKLM..\Run: [Windows Defender] C:\Program Files\Windows Defender\MSASCui.exe (Microsoft Corporation)
O4 - HKCU..\Run: [RocketDock] C:\Program Files\RocketDock\RocketDock.exe ()
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O8 - Extra context menu item: Bild an &Bluetooth-Gerät senden... - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm ()
O8 - Extra context menu item: Nach Microsoft E&xel exportieren - C:\Program Files\Microsoft Office\Office12\EXCEL.EXE (Microsoft Corporation)
O8 - Extra context menu item: Seite an &Bluetooth-Gerät senden... - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm ()
O9 - Extra Button: An OneNote senden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files\Microsoft Office\Office12\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : An OneNote s&enden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files\Microsoft Office\Office12\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra Button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\Program Files\Microsoft Office\Office12\REFIEBAR.DLL (Microsoft Corporation)
O9 - Extra Button: @btrez.dll,-4015 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm ()
O9 - Extra 'Tools' menuitem : @btrez.dll,-12650 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm ()
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_21-windows-i586.cab (Java Plug-in 1.6.0_21)
O16 - DPF: {CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_07-windows-i586.cab (Java Plug-in 1.6.0_07)
O16 - DPF: {CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_21-windows-i586.cab (Java Plug-in 1.6.0_21)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_21-windows-i586.cab (Java Plug-in 1.6.0_21)
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab (Reg Error: Key error.)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.1
O18 - Protocol\Handler\grooveLocalGWS {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\Program Files\Microsoft Office\Office12\GrooveSystemServices.dll (Microsoft Corporation)
O18 - Protocol\Handler\ms-help {314111c7-a502-11d2-bbca-00c04f8ec294} - C:\Program Files\Common Files\microsoft shared\Help\hxds.dll (Microsoft Corporation)
O18 - Protocol\Handler\wlmailhtml {03C514A3-1EFB-4856-9F99-10D7BE1653C0} - C:\Program Files\Windows Live\Mail\mailcomm.dll (Microsoft Corporation)
O18 - Protocol\Filter\text/xml {807563E5-5146-11D5-A672-00B0D022E945} - C:\Program Files\Common Files\microsoft shared\OFFICE12\MSOXMLMF.DLL (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O24 - Desktop WallPaper: D:\Bilder\Wallpaper\real-strong-car-1680x1050.jpg
O24 - Desktop BackupWallPaper: D:\Bilder\Wallpaper\real-strong-car-1680x1050.jpg
O28 - HKLM ShellExecuteHooks: {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll (Microsoft Corporation)
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2006.09.18 23:43:36 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]
O34 - HKLM BootExecute: (autocheck autochk *) -  File not found
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = ComFile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
 
========== Files/Folders - Created Within 30 Days ==========
 
[2010.08.30 22:43:01 | 000,000,000 | ---D | C] -- C:\Program Files\ESET
[2010.08.30 15:05:27 | 000,038,224 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbamswissarmy.sys
[2010.08.30 15:05:26 | 000,020,952 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbam.sys
[2010.08.30 15:05:26 | 000,000,000 | ---D | C] -- C:\Program Files\Malwarebytes' Anti-Malware
[2010.08.30 15:03:00 | 006,153,648 | ---- | C] (Malwarebytes Corporation                                    ) -- D:\Desktop\Desktop\mbam-setup.exe
[2010.08.29 18:13:21 | 000,574,976 | ---- | C] (OldTimer Tools) -- D:\Desktop\Desktop\OTL.exe
[2010.08.28 23:18:57 | 000,000,000 | -HSD | C] -- C:\$RECYCLE.BIN
[2010.08.28 23:18:53 | 000,000,000 | ---D | C] -- C:\Windows\temp
[2010.08.28 23:03:02 | 000,161,792 | ---- | C] (SteelWerX) -- C:\Windows\SWREG.exe
[2010.08.28 23:03:02 | 000,136,704 | ---- | C] (SteelWerX) -- C:\Windows\SWSC.exe
[2010.08.28 23:03:02 | 000,031,232 | ---- | C] (NirSoft) -- C:\Windows\NIRCMD.exe
[2010.08.28 23:02:56 | 000,000,000 | ---D | C] -- C:\Windows\ERDNT
[2010.08.28 23:02:55 | 000,000,000 | ---D | C] -- C:\Combo-Fix
[2010.08.28 23:00:35 | 000,000,000 | ---D | C] -- C:\Qoobox
[2010.08.28 23:00:19 | 000,212,480 | ---- | C] (SteelWerX) -- C:\Windows\SWXCACLS.exe
[2010.08.25 00:21:02 | 000,000,000 | ---D | C] -- C:\Users\***\AppData\Roaming\vlc
[2010.08.24 16:44:32 | 000,153,376 | ---- | C] (Sun Microsystems, Inc.) -- C:\Windows\System32\javaws.exe
[2010.08.24 16:44:32 | 000,145,184 | ---- | C] (Sun Microsystems, Inc.) -- C:\Windows\System32\javaw.exe
[2010.08.24 16:44:32 | 000,145,184 | ---- | C] (Sun Microsystems, Inc.) -- C:\Windows\System32\java.exe
[2010.08.20 15:44:53 | 000,000,000 | ---D | C] -- C:\ProgramData\Spybot - Search & Destroy
[2010.08.15 01:42:26 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\DivX Shared
[2010.08.15 01:41:56 | 000,000,000 | ---D | C] -- C:\Program Files\DivX
[2010.08.15 00:46:34 | 000,000,000 | ---D | C] -- C:\ProgramData\DivX
[2010.08.11 12:20:33 | 000,036,864 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\rtutils.dll
[2010.08.11 12:19:12 | 003,600,768 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ntkrnlpa.exe
[2010.08.11 12:19:11 | 003,548,040 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ntoskrnl.exe
[2010.08.11 12:18:58 | 000,599,040 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msfeeds.dll
[2010.08.11 12:18:58 | 000,173,056 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ie4uinit.exe
[2010.08.11 12:18:57 | 001,469,440 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\inetcpl.cpl
[2010.08.11 12:18:57 | 000,611,840 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mstime.dll
[2010.08.11 12:18:57 | 000,387,584 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\iedkcs32.dll
[2010.08.11 12:18:57 | 000,184,320 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\iepeers.dll
[2010.08.11 12:18:57 | 000,164,352 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ieui.dll
[2010.08.11 12:18:56 | 000,109,056 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\iesysprep.dll
[2010.08.11 12:18:55 | 000,133,632 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ieUnatt.exe
[2010.08.11 12:18:54 | 000,071,680 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\iesetup.dll
[2010.08.11 12:18:54 | 000,055,808 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\iernonce.dll
[2010.08.11 12:18:54 | 000,055,296 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msfeedsbs.dll
[2010.08.11 12:18:54 | 000,025,600 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\jsproxy.dll
[2010.08.11 12:18:53 | 001,638,912 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mshtml.tlb
[2010.08.11 12:18:53 | 000,013,312 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msfeedssync.exe
[2010.08.11 12:18:48 | 000,081,920 | ---- | C] (Radius Inc.) -- C:\Windows\System32\iccvid.dll
[2010.08.11 12:18:20 | 002,037,760 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\win32k.sys
[2010.08.03 19:28:58 | 000,000,000 | R--D | C] -- C:\Users\***\Music
 
========== Files - Modified Within 30 Days ==========
 
[2010.08.31 00:25:46 | 003,670,016 | -HS- | M] () -- C:\Users\***\ntuser.dat
[2010.08.31 00:16:53 | 000,003,216 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0
[2010.08.31 00:16:53 | 000,003,216 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0
[2010.08.31 00:16:51 | 000,000,006 | -H-- | M] () -- C:\Windows\tasks\SA.DAT
[2010.08.31 00:16:46 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2010.08.31 00:15:50 | 000,000,012 | ---- | M] () -- C:\Windows\bthservsdp.dat
[2010.08.31 00:15:48 | 000,524,288 | -HS- | M] () -- C:\Users\***\NTUSER.DAT{3a539871-6a70-11db-887c-d362bd253390}.TMContainer00000000000000000001.regtrans-ms
[2010.08.31 00:15:48 | 000,065,536 | -HS- | M] () -- C:\Users\***\NTUSER.DAT{3a539871-6a70-11db-887c-d362bd253390}.TM.blf
[2010.08.31 00:15:44 | 005,384,227 | -H-- | M] () -- C:\Users\***\AppData\Local\IconCache.db
[2010.08.30 22:41:27 | 002,672,312 | ---- | M] () -- D:\Desktop\Desktop\esetsmartinstaller_enu.exe
[2010.08.30 15:03:11 | 006,153,648 | ---- | M] (Malwarebytes Corporation                                    ) -- D:\Desktop\Desktop\mbam-setup.exe
[2010.08.30 14:47:56 | 000,000,420 | -H-- | M] () -- C:\Windows\tasks\User_Feed_Synchronization-{71A62245-2136-4B52-88BD-D74422CF57E4}.job
[2010.08.29 22:22:07 | 000,000,000 | ---- | M] () -- C:\Users\***\defogger_reenable
[2010.08.29 22:17:36 | 000,293,376 | ---- | M] () -- D:\Desktop\Desktop\v6f69tls.exe
[2010.08.29 22:16:39 | 000,050,477 | ---- | M] () -- D:\Desktop\Desktop\Defogger.exe
[2010.08.29 18:13:23 | 000,574,976 | ---- | M] (OldTimer Tools) -- D:\Desktop\Desktop\OTL.exe
[2010.08.29 02:16:54 | 000,032,737 | ---- | M] () -- C:\Users\***\.recently-used.xbel
[2010.08.28 23:15:41 | 000,000,215 | ---- | M] () -- C:\Windows\system.ini
[2010.08.28 23:15:32 | 000,000,027 | ---- | M] () -- C:\Windows\System32\drivers\etc\hosts
[2010.08.28 22:56:39 | 003,830,469 | R--- | M] () -- D:\Desktop\Desktop\Combo-Fix.exe
[2010.08.25 16:31:33 | 000,026,112 | ---- | M] () -- C:\Users\***\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2010.08.21 22:38:57 | 000,006,836 | ---- | M] () -- C:\Users\***\AppData\Local\d3d9caps.dat
[2010.08.20 16:58:38 | 000,035,840 | ---- | M] () -- D:\Dokumente\How I Met Your Mother.doc
[2010.08.11 12:54:18 | 001,774,976 | ---- | M] () -- C:\Windows\System32\FNTCACHE.DAT
 
========== Files Created - No Company Name ==========
 
[2010.08.30 22:41:25 | 002,672,312 | ---- | C] () -- D:\Desktop\Desktop\esetsmartinstaller_enu.exe
[2010.08.29 22:22:07 | 000,000,000 | ---- | C] () -- C:\Users\***\defogger_reenable
[2010.08.29 22:17:35 | 000,293,376 | ---- | C] () -- D:\Desktop\Desktop\v6f69tls.exe
[2010.08.29 22:16:38 | 000,050,477 | ---- | C] () -- D:\Desktop\Desktop\Defogger.exe
[2010.08.29 02:16:54 | 000,032,737 | ---- | C] () -- C:\Users\***\.recently-used.xbel
[2010.08.28 23:03:02 | 000,256,512 | ---- | C] () -- C:\Windows\PEV.exe
[2010.08.28 23:03:02 | 000,098,816 | ---- | C] () -- C:\Windows\sed.exe
[2010.08.28 23:03:02 | 000,080,412 | ---- | C] () -- C:\Windows\grep.exe
[2010.08.28 23:03:02 | 000,077,312 | ---- | C] () -- C:\Windows\MBR.exe
[2010.08.28 23:03:02 | 000,068,096 | ---- | C] () -- C:\Windows\zip.exe
[2010.08.28 22:56:21 | 003,830,469 | R--- | C] () -- D:\Desktop\Desktop\Combo-Fix.exe
[2010.08.04 11:53:12 | 000,035,840 | ---- | C] () -- D:\Dokumente\How I Met Your Mother.doc
[2010.05.08 17:26:27 | 000,006,836 | ---- | C] () -- C:\Users\***\AppData\Local\d3d9caps.dat
[2010.04.14 19:35:44 | 000,138,328 | ---- | C] () -- C:\Windows\System32\drivers\PnkBstrK.sys
[2009.10.11 23:47:44 | 000,173,207 | ---- | C] () -- C:\Users\***\AppData\Roaming\.gmic_def.1328
[2009.10.04 18:09:25 | 000,001,191 | ---- | C] () -- C:\ProgramData\hpzinstall.log
[2009.08.24 13:52:26 | 000,117,248 | ---- | C] () -- C:\Windows\System32\EhStorAuthn.dll
[2009.08.03 16:07:42 | 000,403,816 | ---- | C] () -- C:\Windows\System32\OGACheckControl.dll
[2009.07.18 02:02:21 | 000,076,407 | ---- | C] () -- C:\Users\***\AppData\Roaming\Smiley.ico
[2009.06.17 22:16:07 | 000,026,112 | ---- | C] () -- C:\Users\***\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2009.06.17 22:11:26 | 000,027,553 | ---- | C] () -- C:\Users\***\AppData\Roaming\UserTile.png
[2009.06.16 16:10:09 | 000,000,000 | ---- | C] () -- C:\Users\***\AppData\Local\QSwitch.txt
[2009.06.16 16:10:09 | 000,000,000 | ---- | C] () -- C:\Users\***\AppData\Local\DSwitch.txt
[2009.06.16 16:10:09 | 000,000,000 | ---- | C] () -- C:\Users\***\AppData\Local\AtStart.txt
[2009.06.16 16:10:04 | 000,009,289 | ---- | C] () -- C:\ProgramData\HPWALog.txt
[2009.04.23 04:21:11 | 000,000,105 | ---- | C] () -- C:\ProgramData\{d36dd326-7280-11d8-97c8-000129760cbe}.log
[2009.04.23 04:21:04 | 000,000,032 | ---- | C] () -- C:\ProgramData\{051B9612-4D82-42AC-8C63-CD2DCEDC1CB3}.log
[2009.04.23 04:20:36 | 000,000,032 | ---- | C] () -- C:\ProgramData\{9867824A-C86D-4A83-8F3C-E7A86BE0AFD3}.log
[2009.04.23 04:20:09 | 000,000,032 | ---- | C] () -- C:\ProgramData\{23F3DA62-2D9E-4A69-B8D5-BE8E9E148092}.log
[2009.04.23 04:18:59 | 000,000,032 | ---- | C] () -- C:\ProgramData\{4FC670EB-5F02-4B07-90DB-022B86BFEFD0}.log
[2009.02.21 04:32:00 | 000,000,109 | ---- | C] () -- C:\ProgramData\{1FBF6C24-C1FD-4101-A42B-0C564F9E8E79}.log
[2009.02.21 04:27:49 | 000,000,110 | ---- | C] () -- C:\ProgramData\{CB099890-1D5F-11D5-9EA9-0050BAE317E1}.log
[2009.02.21 04:26:27 | 000,000,105 | ---- | C] () -- C:\ProgramData\{40BF1E83-20EB-11D8-97C5-0009C5020658}.log
[2009.02.21 04:25:28 | 000,000,107 | ---- | C] () -- C:\ProgramData\{C59C179C-668D-49A9-B6EA-0121CCFC1243}.log
[2008.12.31 14:36:16 | 000,159,744 | ---- | C] () -- C:\Windows\System32\atitmmxx.dll
[2008.10.07 09:13:30 | 000,197,912 | ---- | C] () -- C:\Windows\System32\physxcudart_20.dll
[2008.10.07 09:13:22 | 000,058,648 | ---- | C] () -- C:\Windows\System32\AgCPanelTraditionalChinese.dll
[2008.10.07 09:13:20 | 000,058,648 | ---- | C] () -- C:\Windows\System32\AgCPanelSwedish.dll
[2008.10.07 09:13:20 | 000,058,648 | ---- | C] () -- C:\Windows\System32\AgCPanelSpanish.dll
[2008.10.07 09:13:20 | 000,058,648 | ---- | C] () -- C:\Windows\System32\AgCPanelSimplifiedChinese.dll
[2008.10.07 09:13:20 | 000,058,648 | ---- | C] () -- C:\Windows\System32\AgCPanelPortugese.dll
[2008.10.07 09:13:20 | 000,058,648 | ---- | C] () -- C:\Windows\System32\AgCPanelKorean.dll
[2008.10.07 09:13:20 | 000,058,648 | ---- | C] () -- C:\Windows\System32\AgCPanelJapanese.dll
[2008.10.07 09:13:20 | 000,058,648 | ---- | C] () -- C:\Windows\System32\AgCPanelGerman.dll
[2008.10.07 09:13:20 | 000,058,648 | ---- | C] () -- C:\Windows\System32\AgCPanelFrench.dll
[2007.11.14 15:17:34 | 000,204,800 | ---- | C] () -- C:\Windows\System32\CogentBioSDK.dll
[2006.11.02 14:35:32 | 000,005,632 | ---- | C] () -- C:\Windows\System32\sysprepMCE.dll
[2006.11.02 09:40:29 | 000,013,750 | ---- | C] () -- C:\Windows\System32\pacerprf.ini
[2001.11.14 13:56:00 | 001,802,240 | ---- | C] () -- C:\Windows\System32\lcppn21.dll
[1996.04.03 21:33:26 | 000,005,248 | ---- | C] () -- C:\Windows\System32\giveio.sys
< End of report >
Extras:
Code:
ATTFilter
OTL Extras logfile created on: 31.08.2010 00:26:12 - Run 2
OTL by OldTimer - Version 3.2.11.0     Folder = D:\Desktop\Desktop
Windows Vista Home Premium Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18943)
Locale: 00000807 | Country: Schweiz | Language: DES | Date Format: dd.MM.yyyy
 
3.00 Gb Total Physical Memory | 2.00 Gb Available Physical Memory | 60.00% Memory free
6.00 Gb Paging File | 5.00 Gb Available in Paging File | 79.00% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 221.32 Gb Total Space | 147.26 Gb Free Space | 66.54% Space Free | Partition Type: NTFS
Drive D: | 232.88 Gb Total Space | 210.66 Gb Free Space | 90.46% Space Free | Partition Type: NTFS
Drive E: | 11.56 Gb Total Space | 1.88 Gb Free Space | 16.26% Space Free | Partition Type: NTFS
F: Drive not present or media not loaded
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded
 
Computer Name: ***-PC
Current User Name: ***
Logged in as Administrator.
 
Current Boot Mode: Normal
Scan Mode: Current user
Company Name Whitelist: Off
Skip Microsoft Files: Off
File Age = 30 Days
Output = Minimal
 
========== Extra Registry (SafeList) ==========
 
 
========== File Associations ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.hlp [@ = hlpfile] -- C:\Windows\winhlp32.exe (Microsoft Corporation)
 
[HKEY_CURRENT_USER\SOFTWARE\Classes\<extension>]
.html [@ = FirefoxHTML] -- C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation)
 
========== Shell Spawning ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
hlpfile [open] -- %SystemRoot%\winhlp32.exe %1 (Microsoft Corporation)
htmlfile [edit] -- "C:\Program Files\Microsoft Office\Office12\msohtmed.exe" %1 (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l (Microsoft Corporation)
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [AddToPlaylistVLC] -- "C:\Program Files\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" ()
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [OneNote.Open] -- C:\PROGRA~1\MICROS~2\Office12\ONENOTE.EXE "%L" (Microsoft Corporation)
Directory [PlayWithVLC] -- "C:\Program Files\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" ()
Folder [open] -- %SystemRoot%\Explorer.exe /separate,/idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /separate,/e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
 
========== Security Center Settings ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1
"FirewallDisableNotify" = 0
"AntiVirusDisableNotify" = 0
"UpdatesDisableNotify" = 0
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0
"VistaSp1" = Reg Error: Unknown registry data type -- File not found
"VistaSp2" = Reg Error: Unknown registry data type -- File not found
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"EnableFirewall" = 0
"DisableNotifications" = 0
 
========== Authorized Applications List ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
 
 
========== Vista Active Open Ports Exception List ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{798CC673-20AE-4F08-AD7D-0807918D12A6}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=svchost.exe | 
"{81A3BE79-E948-4EDF-A36B-C2B968D0245A}" = lport=2869 | protocol=6 | dir=in | app=system | 
"{910FE586-3E25-4443-9C05-0C6AB246EC7C}" = lport=6004 | protocol=17 | dir=in | app=c:\program files\microsoft office\office12\outlook.exe | 
 
========== Vista Active Application Exception List ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{01F4B2B8-8AEF-4D9C-8F2A-8358C816A68B}" = dir=in | app=c:\program files\hewlett-packard\touchsmart\media\hptouchsmartvideo.exe | 
"{092FD833-17D5-4D40-A189-A0E25ECD5B15}" = dir=in | app=c:\program files\hewlett-packard\touchsmart\media\hptouchsmartphoto.exe | 
"{0E09F405-E925-496A-9531-F280606AAA41}" = dir=in | app=c:\program files\pando networks\media booster\pmb.exe | 
"{165CFE23-3170-4F87-9E37-DFD128126A3D}" = protocol=17 | dir=in | app=c:\program files\microsoft office\office12\onenote.exe | 
"{17EE802A-A89A-4B2C-9E56-BFA4FBEFCD58}" = dir=in | app=c:\program files\hewlett-packard\touchsmart\media\tsmagent.exe | 
"{22C17BE3-9C43-4D9A-9A55-AA9CBB8972E0}" = dir=in | app=c:\program files\hewlett-packard\touchsmart\media\hptouchsmartmusic.exe | 
"{2362A74E-BF5C-4F1E-850B-A923F7A74DEA}" = protocol=6 | dir=in | app=c:\programdata\nexonus\ngm\ngm.exe | 
"{453ECC7C-48C9-4001-B7C9-B950E435B5BF}" = dir=in | app=c:\program files\hewlett-packard\media\dvd\hptouchsmartmusic.exe | 
"{50DC5432-A303-4C18-97F8-E55E8F3FAB1A}" = protocol=6 | dir=in | app=c:\program files\utorrent\utorrent.exe | 
"{575CFA87-F155-4CE7-BADD-A507C515008D}" = protocol=17 | dir=in | app=c:\program files\pando networks\media booster\pmb.exe | 
"{67EDFCD9-2EBD-4FC7-99F5-86302783390D}" = protocol=6 | dir=in | app=c:\program files\microsoft office\office12\onenote.exe | 
"{68817671-9511-4C7D-9126-1B6A627F69FB}" = dir=in | app=c:\program files\hewlett-packard\media\dvd\hptouchsmartphoto.exe | 
"{6F04CCCC-61EC-45A6-A6DC-CB7844E01955}" = protocol=6 | dir=in | app=c:\program files\gamigo ag\levelr\levelr.bin | 
"{76013B73-B916-4ECF-9979-BA2C9E3C9C9A}" = dir=in | app=c:\program files\cyberlink\powerdirector\pdr.exe | 
"{7BE1B789-B05F-4887-9187-067FEB5FFB8E}" = dir=in | app=c:\program files\windows live\messenger\wlcsdk.exe | 
"{800010D3-09CA-4983-8EAC-7C568DA8F776}" = protocol=6 | dir=in | app=c:\program files\microsoft office\office12\groove.exe | 
"{8C131306-4268-42D9-BE0C-AF85964556A3}" = protocol=17 | dir=in | app=c:\programdata\nexonus\ngm\ngm.exe | 
"{A1E0663E-3F17-47C6-B04B-F7E745B84850}" = dir=in | app=c:\program files\hewlett-packard\media\tv\qp.exe | 
"{AE28FC5C-D81D-4430-AD37-16FD1FC768BE}" = dir=in | app=c:\program files\windows live\messenger\msnmsgr.exe | 
"{B25E09E4-A503-4D85-A647-B99CEDDF866D}" = dir=in | app=c:\program files\skype\phone\skype.exe | 
"{C405185C-97DE-4E61-8786-E36DB0A98EBB}" = dir=in | app=c:\program files\hewlett-packard\touchsmart\media\kernel\clml\clmlsvc.exe | 
"{CDDF37E8-731F-4650-A72B-7EDC7C976ACA}" = protocol=17 | dir=in | app=c:\program files\gamigo ag\levelr\levelr.bin | 
"{CED85181-4AEC-4424-B88F-0D53C5F356D0}" = protocol=17 | dir=in | app=c:\program files\pando networks\media booster\pmb.exe | 
"{D1F7CEC7-B5BE-4AE7-B958-984B54E192B2}" = dir=in | app=c:\program files\hewlett-packard\media\dvd\kernel\clml\clmlsvc.exe | 
"{D5B09A2C-80C0-4C98-9A13-7FAB0D313D7D}" = dir=in | app=c:\program files\hewlett-packard\media\dvd\hptouchsmartvideo.exe | 
"{D8C8F124-A4DE-4E35-BAFF-195E314CD07C}" = protocol=6 | dir=in | app=c:\program files\pando networks\media booster\pmb.exe | 
"{E3E468C3-AAA0-4DAF-A07C-444CB893D5CA}" = dir=in | app=c:\program files\hewlett-packard\media\dvd\tsmagent.exe | 
"{EEF0508E-A93A-4585-9325-0EEDDB5E25A9}" = dir=in | app=c:\program files\hewlett-packard\media\dvd\hpdvdsmart.exe | 
"{F6681F1B-765D-489E-8F47-D9D7412A02BB}" = protocol=17 | dir=in | app=c:\program files\microsoft office\office12\groove.exe | 
"{F9B4B398-370F-46FC-AA4A-C9B6D294C38D}" = dir=in | app=c:\program files\hewlett-packard\media\tv\qpservice.exe | 
"{FDD576D7-CBF5-4B13-88F8-9E9D3811A5E6}" = protocol=6 | dir=in | app=c:\program files\pando networks\media booster\pmb.exe | 
"{FE195D56-1C11-4C25-AA54-F208259D8AE5}" = protocol=17 | dir=in | app=c:\program files\utorrent\utorrent.exe | 
"TCP Query User{1477C5E9-0096-4723-BB6C-CB459754AC51}C:\program files\windows sidebar\sidebar.exe" = protocol=6 | dir=in | app=c:\program files\windows sidebar\sidebar.exe | 
"TCP Query User{49F66E3D-00BF-4682-830E-7D36A2B30C67}C:\windows\explorer.exe" = protocol=6 | dir=in | app=c:\windows\explorer.exe | 
"TCP Query User{5D011AE0-BC81-43C0-BD01-3D13817C6188}C:\program files\videolan\vlc\vlc.exe" = protocol=6 | dir=in | app=c:\program files\videolan\vlc\vlc.exe | 
"TCP Query User{65433A3F-C161-4C53-A95D-2EF6AC3F9E83}C:\windows\system32\taskeng.exe" = protocol=6 | dir=in | app=c:\windows\system32\taskeng.exe | 
"TCP Query User{80FD9065-7A23-467B-BDF4-14C95F5B2162}C:\program files\wolfenstein - enemy territory\et.exe" = protocol=6 | dir=in | app=c:\program files\wolfenstein - enemy territory\et.exe | 
"TCP Query User{98E6FE2C-55AB-4E33-9E1B-58AD2C4C49FC}C:\programdata\kaspersky lab setup files\kaspersky anti-virus 2009\german\setup.exe" = protocol=6 | dir=in | app=c:\programdata\kaspersky lab setup files\kaspersky anti-virus 2009\german\setup.exe | 
"TCP Query User{D342B0E7-C801-449F-B4AA-3F82C7E96B4E}C:\program files\bearshare applications\bearshare\bearshare.exe" = protocol=6 | dir=in | app=c:\program files\bearshare applications\bearshare\bearshare.exe | 
"UDP Query User{139F5908-0ED4-4C9B-B9E4-BFB0365495D6}C:\program files\bearshare applications\bearshare\bearshare.exe" = protocol=17 | dir=in | app=c:\program files\bearshare applications\bearshare\bearshare.exe | 
"UDP Query User{30A2BE1D-2106-44A3-8DD5-9073BB3782FE}C:\program files\windows sidebar\sidebar.exe" = protocol=17 | dir=in | app=c:\program files\windows sidebar\sidebar.exe | 
"UDP Query User{431A84E8-ED78-4AFE-97B0-E04F1283298B}C:\programdata\kaspersky lab setup files\kaspersky anti-virus 2009\german\setup.exe" = protocol=17 | dir=in | app=c:\programdata\kaspersky lab setup files\kaspersky anti-virus 2009\german\setup.exe | 
"UDP Query User{9306B255-483B-4AF4-A80C-4003DD347A78}C:\program files\wolfenstein - enemy territory\et.exe" = protocol=17 | dir=in | app=c:\program files\wolfenstein - enemy territory\et.exe | 
"UDP Query User{C4247147-78CA-4F5D-A00E-25248794EEB2}C:\program files\videolan\vlc\vlc.exe" = protocol=17 | dir=in | app=c:\program files\videolan\vlc\vlc.exe | 
"UDP Query User{E51FE751-0ACA-425C-BBE1-DD3EFC4F4C70}C:\windows\system32\taskeng.exe" = protocol=17 | dir=in | app=c:\windows\system32\taskeng.exe | 
"UDP Query User{F415ED55-5D1E-48C5-874A-1E288DBF5D04}C:\windows\explorer.exe" = protocol=17 | dir=in | app=c:\windows\explorer.exe | 
 
========== HKEY_LOCAL_MACHINE Uninstall List ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{002D9D5E-29BA-3E6D-9BC4-3D7D6DBC735C}" = Microsoft Visual C++ 2008 ATL Update kb973924 - x86 9.0.30729.4148
"{0054A0F6-00C9-4498-B821-B5C9578F433E}" = HP Help and Support
"{01FB4998-33C4-4431-85ED-079E3EEFE75D}" = HP MediaSmart Webcam
"{03D1988F-469F-4843-8E6E-E5FE9D17889D}" = HP Integrated Module with Bluetooth wireless technology 6.0.1.6204
"{052FDD78-A6EA-3187-8386-C82F4CA3A929}" = Microsoft .NET Framework 3.5 Language Pack SP1 - deu
"{0C7F8FBE-435C-34D2-6813-2A632AAC0C92}" = Catalyst Control Center Localization Greek
"{0D2E9DCB-9938-475E-B4DD-8851738852FF}" = AIO_Scan
"{0E1F58B6-39BF-23FC-B4E5-3A2B4A0FADEB}" = CCC Help Turkish
"{0EEF3E07-3971-5080-2A3F-910691DA1135}" = Catalyst Control Center Graphics Previews Vista
"{114C14EE-652A-5EF6-59B8-3E5B33D6A4DF}" = Catalyst Control Center Graphics Full New
"{116C3B09-ADE0-1B8B-2F9F-C8B09A89F9AA}" = CCC Help Thai
"{119F5471-91A6-47CC-80AB-380845C08E27}" = LevelR
"{12C11B2C-00F3-AF06-94D4-1AAF70616507}" = Catalyst Control Center Graphics Light
"{1746EA69-DCB6-4408-B5A5-E75F55439CDF}" = Scan
"{179C56A4-F57F-4561-8BBF-F911D26EB435}" = WebReg
"{187817E2-6407-461C-B59B-56CE73363D34}" = Catalyst Control Center - Branding
"{1EC09CDB-0674-B3D6-FCB1-7B3CE2BFF3E8}" = Catalyst Control Center Localization Danish
"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
"{1FBF6C24-C1FD-4101-A42B-0C564F9E8E79}" = CyberLink DVD Suite
"{205C6BDD-7B73-42DE-8505-9A093F35A238}" = Windows Live-Uploadtool
"{228C6B46-64E2-404E-898A-EF0830603EF4}" = HPNetworkAssistant
"{22B775E7-6C42-4FC5-8E10-9A5E3257BD94}" = MSVCRT
"{254C37AA-6B72-4300-84F6-98A82419187E}" = ActiveCheck component for HP Active Support Library
"{255C206B-4776-1D14-9EDD-2F9458847739}" = ccc-core-static
"{26604C7E-A313-4D12-867F-7C6E7820BE4C}" = JMicron JMB38X Flash Media Controller Driver
"{26A24AE4-039D-4CA4-87B4-2F83216013FF}" = Java(TM) 6 Update 21
"{282E5AB2-8E47-4571-B6FA-6B512555B557}" = HP Photosmart.All-In-One Driver Software 8.0 .A
"{3248F0A8-6813-11D6-A77B-00B0D0160070}" = Java(TM) 6 Update 7
"{3260D61B-DCA6-4ec6-8A41-DCCE01BC6EE4}" = c4100_Help
"{34CFF761-7AD1-7C1A-4513-79B3E2F54290}" = CCC Help Greek
"{34D2AB40-150D-475D-AE32-BD23FB5EE355}" = HP Quick Launch Buttons 6.40 L1
"{3877C901-7B90-4727-A639-B6ED2DD59D43}" = ESU for Microsoft Vista
"{39D0E034-1042-4905-BECB-5502909FCB7C}" = Microsoft Works
"{3A6F3C3C-A83C-34D5-F80A-4FDA2FBBFE2F}" = Catalyst Control Center Localization Chinese Standard
"{3B4E636E-9D65-4D67-BA61-189800823F52}" = Windows Live Communications Platform
"{3C3901C5-3455-3E0A-A214-0B093A5070A6}" = Microsoft .NET Framework 4 Client Profile
"{3C3D696B-0DB7-3C6D-A356-3DB8CE541918}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729
"{3DFA31F1-4747-60E4-6CA9-0060CFB99E30}" = CCC Help Spanish
"{40BF1E83-20EB-11D8-97C5-0009C5020658}" = Power2Go
"{4198AAE5-A938-B0A0-9AD2-95C2F23ED677}" = Catalyst Control Center Localization Italian
"{41E654A9-26D0-4EAC-854B-0FA824FFFABB}" = Windows Live Messenger
"{44F5A980-8A6B-4aca-8D85-EFCE5D67D379}" = AIO_CDA_ProductContext
"{46345EA6-1608-2E99-B47F-D83725A5C4D9}" = CCC Help Hungarian
"{46ACB9C1-6109-088B-931F-B7A5CE735504}" = CCC Help Italian
"{47F36D92-E58E-456D-B73C-3382737E4C42}" = HP Update
"{47F3EDF5-C821-49E6-B9B3-D00BF0A9BAB8}" = DigitalPersona Personal 4.11
"{49F2B650-2D7B-4F59-B33D-346F63776BD3}" = DocProc
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{51B8CA01-3E68-9993-E6F3-7F8982A0F600}" = CCC Help Finnish
"{52B97218-98CB-4B8B-9283-D213C85E1AA4}" = Windows Live Anmelde-Assistent
"{57A5AEC1-97FC-474D-92C4-908FCC2253D4}" = HP Customer Experience Enhancements
"{5EE7D259-D137-4438-9A5F-42F432EC0421}" = VC80CRTRedist - 8.0.50727.4053
"{5FC68772-6D56-41C6-9DF1-24E868198AE6}" = Windows Live Call
"{650A275F-75B8-B71E-4C9D-04E952A63E5F}" = Catalyst Control Center Graphics Previews Common
"{669D4A35-146B-4314-89F1-1AC3D7B88367}" = HPAsset component for HP Active Support Library
"{66E6CE0C-5A1E-430C-B40A-0C90FF1804A8}" = eSupportQFolder
"{6756A967-2904-DE46-3265-4BB80B934904}" = Catalyst Control Center Localization Chinese Traditional
"{67626E09-5366-4480-8F1E-93FADF50CA15}" = HP MediaSmart TV
"{67D3F1A0-A1F2-49b7-B9EE-011277B170CD}" = HPProductAssistant
"{6ABE0E28-3A8E-4ADC-A050-784064B76236}" = HP User Guides 0134
"{6AEE2B0B-B3C1-4367-B1EF-FC4ED98DEED1}" = C4100
"{6F5E2F4A-377D-4700-B0E3-8F7F7507EA15}" = CustomerResearchQFolder
"{7299052b-02a4-4627-81f2-1818da5d550d}" = Microsoft Visual C++ 2005 Redistributable
"{732A3F80-008B-4350-BD58-EC5AE98707B8}" = HP Common Access Service Library
"{735DAC68-3FF4-2895-83A2-DBF135AB9F44}" = CCC Help German
"{770657D0-A123-3C07-8E44-1C83EC895118}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
"{7A7DC702-DEDE-42A8-8722-B3BA724D546F}" = Fax
"{87E2B986-07E8-477a-93DC-AF0B6758B192}" = DocProcQFolder
"{8833FFB6-5B0C-4764-81AA-06DFEED9A476}" = Realtek 8169 8168 8101E 8102E Ethernet Driver
"{8DAD42E6-BBE7-C12B-C78D-8AC8C87F4055}" = Catalyst Control Center Localization German
"{90120000-0015-0407-0000-0000000FF1CE}" = Microsoft Office Access MUI (German) 2007
"{90120000-0015-0407-0000-0000000FF1CE}_ENTERPRISE_{9BD40163-B95D-4B07-8991-0AB775B6D88B}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0016-0407-0000-0000000FF1CE}" = Microsoft Office Excel MUI (German) 2007
"{90120000-0016-0407-0000-0000000FF1CE}_ENTERPRISE_{9BD40163-B95D-4B07-8991-0AB775B6D88B}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0018-0407-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (German) 2007
"{90120000-0018-0407-0000-0000000FF1CE}_ENTERPRISE_{9BD40163-B95D-4B07-8991-0AB775B6D88B}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0019-0407-0000-0000000FF1CE}" = Microsoft Office Publisher MUI (German) 2007
"{90120000-0019-0407-0000-0000000FF1CE}_ENTERPRISE_{9BD40163-B95D-4B07-8991-0AB775B6D88B}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-001A-0407-0000-0000000FF1CE}" = Microsoft Office Outlook MUI (German) 2007
"{90120000-001A-0407-0000-0000000FF1CE}_ENTERPRISE_{9BD40163-B95D-4B07-8991-0AB775B6D88B}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-001B-0407-0000-0000000FF1CE}" = Microsoft Office Word MUI (German) 2007
"{90120000-001B-0407-0000-0000000FF1CE}_ENTERPRISE_{9BD40163-B95D-4B07-8991-0AB775B6D88B}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-001F-0407-0000-0000000FF1CE}" = Microsoft Office Proof (German) 2007
"{90120000-001F-0407-0000-0000000FF1CE}_ENTERPRISE_{A0516415-ED61-419A-981D-93596DA74165}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2007
"{90120000-001F-0409-0000-0000000FF1CE}_ENTERPRISE_{ABDDE972-355B-4AF1-89A8-DA50B7B5C045}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2007
"{90120000-001F-040C-0000-0000000FF1CE}_ENTERPRISE_{F580DDD5-8D37-4998-968E-EBB76BB86787}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-001F-0410-0000-0000000FF1CE}" = Microsoft Office Proof (Italian) 2007
"{90120000-001F-0410-0000-0000000FF1CE}_ENTERPRISE_{322296D4-1EAE-4030-9FBC-D2787EB25FA2}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-0020-0407-0000-0000000FF1CE}" = Compatibility Pack für 2007 Office System
"{90120000-002C-0407-0000-0000000FF1CE}" = Microsoft Office Proofing (German) 2007
"{90120000-0030-0000-0000-0000000FF1CE}" = Microsoft Office Enterprise 2007
"{90120000-0030-0000-0000-0000000FF1CE}_ENTERPRISE_{0B36C6D6-F5D8-4EAF-BF94-4376A230AD5B}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0030-0000-0000-0000000FF1CE}_ENTERPRISE_{3D019598-7B59-447A-80AE-815B703B84FF}" = Security Update for Microsoft Office system 2007 (972581)
"{90120000-0044-0407-0000-0000000FF1CE}" = Microsoft Office InfoPath MUI (German) 2007
"{90120000-0044-0407-0000-0000000FF1CE}_ENTERPRISE_{9BD40163-B95D-4B07-8991-0AB775B6D88B}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-006E-0407-0000-0000000FF1CE}" = Microsoft Office Shared MUI (German) 2007
"{90120000-006E-0407-0000-0000000FF1CE}_ENTERPRISE_{26454C26-D259-4543-AA60-3189E09C5F76}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-00A1-0407-0000-0000000FF1CE}" = Microsoft Office OneNote MUI (German) 2007
"{90120000-00A1-0407-0000-0000000FF1CE}_ENTERPRISE_{9BD40163-B95D-4B07-8991-0AB775B6D88B}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-00BA-0407-0000-0000000FF1CE}" = Microsoft Office Groove MUI (German) 2007
"{90120000-00BA-0407-0000-0000000FF1CE}_ENTERPRISE_{9BD40163-B95D-4B07-8991-0AB775B6D88B}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90EF242A-A2ED-FBBD-2F1F-A159DB0DDAC3}" = CCC Help Chinese Traditional
"{9198CC8F-8B08-6F7B-BF7D-A6594526B5DF}" = Catalyst Control Center Localization Hungarian
"{93DD8BC9-ADD5-D20B-22B5-1526E45CB6C8}" = CCC Help French
"{95120000-00B9-0409-0000-0000000FF1CE}" = Microsoft Application Error Reporting
"{95120000-0122-0407-0000-0000000FF1CE}" = Microsoft Office Outlook Connector
"{95A747E0-DF19-46CB-A622-20A0107201BD}" = HP Total Care Setup
"{95D08F4E-DFC2-4ce3-ACB7-8C8E206217E9}" = MarketResearch
"{978C25EE-5777-46e4-8988-732C297CBDBD}" = Status
"{980A182F-E0A2-4A40-94C1-AE0C1235902E}" = Pando Media Booster
"{99AF6670-F557-F4D3-3069-AE62DA675A70}" = Catalyst Control Center Localization French
"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
"{9B1FD9CE-0776-4f0b-A6F5-C6AB7B650CDF}" = Destinations
"{9B88930B-A7E7-03E5-1313-BED90FCCF72C}" = CCC Help Swedish
"{9F19486B-B187-5A51-189F-FCCEBBB70E2E}" = Catalyst Control Center Localization Dutch
"{A019B329-BFA8-3F59-6F80-6A3714104CE9}" = CCC Help English
"{A107F928-EED3-28FC-857F-ED33FEDBA02A}" = Catalyst Control Center Localization Korean
"{A15B2786-6F7E-0B96-A222-141202F9CECC}" = CCC Help Japanese
"{A36CD345-625C-4d6c-B3E2-76E1248CB451}" = SolutionCenter
"{A3B7C670-4A1E-4EE2-950E-C875BC1965D0}" = Copy
"{A49F249F-0C91-497F-86DF-B2585E8E76B7}" = Microsoft Visual C++ 2005 Redistributable
"{A5D5CC36-6A42-6FB6-882F-90C6262C8DCA}" = CCC Help Korean
"{A7AC8E69-01FF-494E-9A2C-423B82CEA604}" = HP MediaSmart SmartMenu
"{A9359BA2-B496-8E14-EDA9-923DBE8913CB}" = Catalyst Control Center Localization Thai
"{AB5D51AE-EBC3-438D-872C-705C7C2084B0}" = DeviceManagementQFolder
"{AC54E544-3E42-443C-A91D-A00A6974C592}" = NVIDIA PhysX v8.10.13
"{AC76BA86-7AD7-1031-7B44-A93000000001}" = Adobe Reader 9.3.4 - Deutsch
"{AC76BA86-7AD7-5464-3428-900000000004}" = Spelling Dictionaries Support For Adobe Reader 9
"{AD72CFB4-C2BF-424E-9DF0-C7BAD1F30A11}" = Adobe Shockwave Player
"{AF1C9345-B53D-4110-BFBF-A0DD83AEAB83}" = AIO_CDA_Software
"{B2544A03-10D0-4E5E-BA69-0362FFC20D18}" = OGA Notifier 2.0.0048.0
"{B2EE25B9-5B00-4ACF-94F0-92433C28C39E}" = HP MediaSmart Music/Photo/Video
"{B3D11644-94AB-17E7-D9CF-52EF943D9F52}" = Catalyst Control Center Localization Spanish
"{B4B199E3-4D33-4F08-688A-9BCE5920AAF6}" = Catalyst Control Center Localization Japanese
"{BC4AE628-81A4-4FC6-863A-7A9BA2E2531F}" = Nokia Connectivity Cable Driver
"{BDDB0932-2C7F-ABB3-ED54-6F045EEF14F7}" = Catalyst Control Center Localization Swedish
"{BE77A81F-B315-4666-9BF3-AE70C0ADB057}" = BufferChm
"{C2E52B6F-E4F1-B9D6-D671-D7E2FC60C7C0}" = CCC Help Chinese Standard
"{C3BB5992-04BD-5A27-A8A5-5D976DF8E743}" = ATI Catalyst Install Manager
"{C4D738F7-996A-4C81-B8FA-C4E26D767E41}" = Windows Live Mail
"{C58AED82-0DD9-DF4B-1CE7-F7EE9B1BBB83}" = CCC Help Danish
"{C59C179C-668D-49A9-B6EA-0121CCFC1243}" = LabelPrint
"{C61D8EF2-D9BF-B36F-4887-ADE39C924F3F}" = Catalyst Control Center Localization Polish
"{C716522C-3731-4667-8579-40B098294500}" = Toolbox
"{C7D02E19-07F2-8EE5-7C18-1617A656AF74}" = Catalyst Control Center Localization Turkish
"{C91CC841-7B39-9454-4A16-91C7FF300EC8}" = CCC Help Portuguese
"{CAAAB039-95E4-6F1C-36CC-2E6005E2540D}" = ccc-utility
"{CAE7D1D9-3794-4169-B4DD-964ADBC534EE}" = HP Product Detection
"{CB099890-1D5F-11D5-9EA9-0050BAE317E1}" = PowerDirector
"{CB71A20E-B1B4-4562-81FA-33E1DBD0342F}" = ProtectSmart Hard Drive Protection
"{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1
"{CE60D4C0-86A7-52C8-7C8A-AFD2E99A1790}" = Catalyst Control Center Graphics Full Existing
"{CE7E3BE0-2DD3-4416-A690-F9E4A99A8CFF}" = HP Active Support Library
"{D103C4BA-F905-437A-8049-DB24763BBE36}" = Skype™ 4.2
"{D36DD326-7280-11D8-97C8-000129760CBE}" = PhotoNow!
"{D6EA6018-0F5B-E4CC-C930-990412BED306}" = Catalyst Control Center Localization Czech
"{D80D6A7D-A6AA-019A-12D8-CA58F76FA313}" = Skins
"{DB7DE91F-AC23-7A23-B1A7-6FD3A05534E2}" = CCC Help Czech
"{DCCAD079-F92C-44DA-B258-624FC6517A5A}" = HP MediaSmart DVD
"{DFC21203-E063-A351-8027-F5D43162539D}" = CCC Help Norwegian
"{E06F04B9-45E6-4AC0-8083-85F7515F40F7}" = UnloadSupport
"{E0FE7850-04F8-D01A-971F-C7B00F8D003A}" = Catalyst Control Center Localization Russian
"{E18407AE-614D-5B0B-9C38-5A1853E8AB5D}" = Catalyst Control Center Core Implementation
"{E1B2BA63-4023-B582-0D88-ABB528E281D9}" = Catalyst Control Center InstallProxy
"{E2DFE069-083E-4631-9B6C-43C48E991DE5}" = Junk Mail filter update
"{E3A5A8AB-58F6-45FF-AFCB-C9AE18C05001}" = IDT Audio
"{E5E29403-3D25-40C6-892B-F9FEE2A95585}" = HP Wireless Assistant
"{E651B083-2904-8342-5C27-39800B39E03B}" = CCC Help Polish
"{E6695454-03CD-146E-4A10-75FCB5AFE3FB}" = Catalyst Control Center Localization Finnish
"{E9D045D8-E31E-E3D6-004D-9AD4EE6C2747}" = CCC Help Russian
"{E9EEB277-B66C-9A72-9CF0-90AC7BFC2095}" = Catalyst Control Center Localization Norwegian
"{EB21A812-671B-4D08-B974-2A347F0D8F70}" = HP Photosmart Essential
"{EB75DE50-5754-4F6F-875D-126EDF8E4CB3}" = HPSSupply
"{F0E12BBA-AD66-4022-A453-A1C8A0C4D570}" = Microsoft Choice Guard
"{F1E63043-54FC-429B-AB2C-31AF9FBA4BC7}" = 32 Bit HP CIO Components Installer
"{F65B8208-5221-43D9-AA12-DDEA64EC4AF6}" = Validity Sensors software
"{F750C986-5310-3A5A-95F8-4EC71C8AC01C}" = Microsoft .NET Framework 4 Client Profile DEU Language Pack
"{F8FF18EE-264A-43FD-B2F6-5EAD40798C2F}" = Windows Live Essentials
"{F98DF01D-F1C3-3878-FCE6-F749729A8949}" = CCC Help Dutch
"{FDBA2850-0054-7733-527B-A6286D639345}" = Catalyst Control Center Localization Portuguese
"{FF075778-6E50-47ed-991D-3B07FD4E3250}" = TrayApp
"7DE39862CC26DCE2446838AAF7CD5C163F835A57" = Windows-Treiberpaket - ENE (enecir) HIDClass  (09/04/2008 2.6.0.0)
"Adobe Flash Player ActiveX" = Adobe Flash Player 10 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 10 Plugin
"Audacity_is1" = Audacity 1.2.6
"Avira AntiVir Desktop" = Avira AntiVir Personal - Free Antivirus
"Bejeweled 2 Deluxe 1.0" = Bejeweled 2 Deluxe 1.0
"CCleaner" = CCleaner
"DivX Setup.divx.com" = DivX-Setup
"ENTERPRISE" = Microsoft Office Enterprise 2007
"ESET Online Scanner" = ESET Online Scanner v3
"Governor of Poker1.0" = Governor of Poker
"HP Imaging Device Functions" = HP Imaging Device Functions 8.0
"HP Solution Center & Imaging Support Tools" = HP Solution Center 8.0
"HPExtendedCapabilities" = HP Customer Participation Program 8.0
"HPOCR" = HP OCR Software 8.0
"Inkscape" = Inkscape 0.47
"InstallShield_{01FB4998-33C4-4431-85ED-079E3EEFE75D}" = HP MediaSmart Webcam
"InstallShield_{1FBF6C24-C1FD-4101-A42B-0C564F9E8E79}" = CyberLink DVD Suite
"InstallShield_{40BF1E83-20EB-11D8-97C5-0009C5020658}" = Power2Go
"InstallShield_{67626E09-5366-4480-8F1E-93FADF50CA15}" = HP MediaSmart TV
"InstallShield_{B2EE25B9-5B00-4ACF-94F0-92433C28C39E}" = HP MediaSmart Music/Photo/Video
"InstallShield_{C59C179C-668D-49A9-B6EA-0121CCFC1243}" = LabelPrint
"InstallShield_{CB099890-1D5F-11D5-9EA9-0050BAE317E1}" = PowerDirector
"InstallShield_{D36DD326-7280-11D8-97C8-000129760CBE}" = PhotoNow!
"InstallShield_{DCCAD079-F92C-44DA-B258-624FC6517A5A}" = HP MediaSmart DVD
"Malwarebytes' Anti-Malware_is1" = Malwarebytes' Anti-Malware
"Microsoft .NET Framework 3.5 Language Pack SP1 - deu" = Microsoft .NET Framework 3.5 Language Pack SP1 - DEU
"Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1
"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile
"Microsoft .NET Framework 4 Client Profile DEU Language Pack" = Microsoft .NET Framework 4 Client Profile DEU Language Pack
"Mozilla Firefox (3.6.8)" = Mozilla Firefox (3.6.8)
"OpenAL" = OpenAL
"RocketDock_is1" = RocketDock 1.3.5
"SynTPDeinstKey" = Synaptics Pointing Device Driver
"VLC media player" = VLC media player 1.1.3
"WinGimp-2.0_is1" = GIMP 2.6.7
"WinLiveSuite_Wave3" = Windows Live Essentials
"WinRAR archiver" = WinRAR
 
========== Last 10 Event Log Errors ==========
 
[ Application Events ]
Error - 27.08.2010 16:52:34 | Computer Name = ***-PC | Source = Application Error | ID = 1000
Description = Fehlerhafte Anwendung gradient-flare.exe, Version 0.0.0.0, Zeitstempel
 0x4a8495d7, fehlerhaftes Modul gradient-flare.exe, Version 0.0.0.0, Zeitstempel
 0x4a8495d7, Ausnahmecode 0xc0000005, Fehleroffset 0x0000320e,  Prozess-ID 0x1134,
 Anwendungsstartzeit 01cb4629c559b90b.
 
Error - 27.08.2010 19:09:49 | Computer Name = ***-PC | Source = Application Error | ID = 1000
Description = Fehlerhafte Anwendung resynthesizer.exe, Version 0.0.0.0, Zeitstempel
 0x4306b292, fehlerhaftes Modul intl.dll, Version 6.0.6002.18005, Zeitstempel 0x49e03821,
 Ausnahmecode 0xc0000135, Fehleroffset 0x00009eed,  Prozess-ID 0x15d8, Anwendungsstartzeit
 01cb463cf1afd76b.
 
Error - 27.08.2010 19:10:58 | Computer Name = ***-PC | Source = Application Error | ID = 1000
Description = Fehlerhafte Anwendung resynthesizer.exe, Version 0.0.0.0, Zeitstempel
 0x4306b292, fehlerhaftes Modul intl.dll, Version 6.0.6002.18005, Zeitstempel 0x49e03821,
 Ausnahmecode 0xc0000135, Fehleroffset 0x00009eed,  Prozess-ID 0x40c, Anwendungsstartzeit
 01cb463d18a0b6ab.
 
Error - 27.08.2010 19:12:10 | Computer Name = ***-PC | Source = Application Error | ID = 1000
Description = Fehlerhafte Anwendung resynthesizer.exe, Version 0.0.0.0, Zeitstempel
 0x4306b292, fehlerhaftes Modul intl.dll, Version 6.0.6002.18005, Zeitstempel 0x49e03821,
 Ausnahmecode 0xc0000135, Fehleroffset 0x00009eed,  Prozess-ID 0x164c, Anwendungsstartzeit
 01cb463d460d96db.
 
Error - 27.08.2010 19:12:25 | Computer Name = ***-PC | Source = Application Error | ID = 1000
Description = Fehlerhafte Anwendung resynthesizer.exe, Version 0.0.0.0, Zeitstempel
 0x4306b292, fehlerhaftes Modul intl.dll, Version 6.0.6002.18005, Zeitstempel 0x49e03821,
 Ausnahmecode 0xc0000135, Fehleroffset 0x00009eed,  Prozess-ID 0x140c, Anwendungsstartzeit
 01cb463d4831af5b.
 
Error - 28.08.2010 07:34:57 | Computer Name = ***-PC | Source = Microsoft-Windows-CAPI2 | ID = 131083
Description = 
 
Error - 28.08.2010 07:35:01 | Computer Name = ***-PC | Source = Microsoft-Windows-CAPI2 | ID = 131083
Description = 
 
Error - 28.08.2010 07:35:01 | Computer Name = ***-PC | Source = Microsoft-Windows-CAPI2 | ID = 131083
Description = 
 
Error - 28.08.2010 07:35:43 | Computer Name = ***-PC | Source = WinMgmt | ID = 10
Description = 
 
Error - 28.08.2010 11:44:42 | Computer Name = ***-PC | Source = EventSystem | ID = 4621
Description = 
 
[ OSession Events ]
Error - 29.01.2010 14:08:12 | Computer Name = ***-PC | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 1, Application Name: Microsoft Office Excel, Application Version:
 12.0.6514.5000, Microsoft Office Version: 12.0.6425.1000. This session lasted 123
 seconds with 120 seconds of active time.  This session ended with a crash.
 
[ System Events ]
Error - 30.08.2010 12:44:18 | Computer Name = ***-PC | Source = Microsoft-Windows-LanguagePackSetup | ID = 1001
Description = 
 
Error - 30.08.2010 12:59:05 | Computer Name = ***-PC | Source = Microsoft-Windows-LanguagePackSetup | ID = 1003
Description = 
 
Error - 30.08.2010 12:59:10 | Computer Name = ***-PC | Source = Microsoft-Windows-LanguagePackSetup | ID = 1003
Description = 
 
Error - 30.08.2010 16:27:37 | Computer Name = ***-PC | Source = Dhcp | ID = 1002
Description = Die IP-Adresslease 192.168.1.33 für die Netzwerkkarte mit der Netzwerkadresse
 00238BBA278B wurde durch den DHCP-Server 192.168.1.1 abgelehnt (der DHCP-Server
 hat eine DHCPNACK-Meldung gesendet).
 
Error - 30.08.2010 16:28:04 | Computer Name = ***-PC | Source = Service Control Manager | ID = 7000
Description = 
 
Error - 30.08.2010 16:29:46 | Computer Name = ***-PC | Source = Microsoft-Windows-LanguagePackSetup | ID = 1001
Description = 
 
Error - 30.08.2010 16:43:29 | Computer Name = ***-PC | Source = Microsoft-Windows-LanguagePackSetup | ID = 1003
Description = 
 
Error - 30.08.2010 16:43:33 | Computer Name = ***-PC | Source = Microsoft-Windows-LanguagePackSetup | ID = 1003
Description = 
 
Error - 30.08.2010 18:17:47 | Computer Name = ***-PC | Source = Microsoft-Windows-LanguagePackSetup | ID = 1001
Description = 
 
Error - 30.08.2010 18:18:01 | Computer Name = ***-PC | Source = Service Control Manager | ID = 7000
Description = 
 
 
< End of report >


Alt 31.08.2010, 17:45   #21
Swisstreasure
/// Malwareteam
 
Zwei Trojaner durch Malwarebytes Anti-Malware gefunden - Standard

Zwei Trojaner durch Malwarebytes Anti-Malware gefunden


Schritt 1

Tool-Bereinigung mit OTL

Wir werden nun die CleanUp!-Funktion von OTL nutzen, um die meisten Programme, die wir zur Bereinigung installiert haben, wieder von Deinem System zu löschen.
  • Bitte lade Dir (falls noch nicht vorhanden) OTL von OldTimer herunter.
  • Speichere es auf Deinem Desktop.
  • Doppelklick auf OTL.exe um das Programm auszuführen.
  • Vista und Windows 7 User: Rechtsklick auf die OTL.exe und "als Administrator ausführen" wählen.
  • Klicke auf den Button "Bereinigung"
  • OTL fragt eventuell nach einem Neustart.
    Sollte es dies tun, so lasse dies bitte zu.
Anmerkung: Nach dem Neustart werden OTL und andere Helferprogramme, die Du im Laufe der Bereinigung heruntergeladen hast, nicht mehr vorhanden sein. Sie wurden entfernt. Es ist daher Ok, wenn diese Programme nicht mehr vorhanden sind. Sollten noch welche übrig geblieben sein, lösche sie manuell.

Schritt 2

Programme updaten

Du verwendest zum Teil veraltete Software, die Sicherheitslücken auf deinem System bildet, durch die Malware eindringen kann. Alle Software, die du auf deinem Rechner hast, muss regelmäßig geupdatet werden, auch dann, wenn du sie nicht verwendest. Eine einfache Möglichkeit, diese Software Updates zu überwachen, bietet der Secunia Inspektor.

Alt 31.08.2010, 18:28   #22
Klio
 
Zwei Trojaner durch Malwarebytes Anti-Malware gefunden - Standard

Zwei Trojaner durch Malwarebytes Anti-Malware gefunden


Programme sind gelöscht.

Zur Secunia Inspektor. Muss ich da einfach auf Scanner aufrufen klicken, oder PSI oder CSI downloaden?
Eigentlich komisch, ich mache immer Updates ... sofern mir angezeigt wird, dass ein Update vorliegt.

Alt 31.08.2010, 22:11   #23
Swisstreasure
/// Malwareteam
 
Zwei Trojaner durch Malwarebytes Anti-Malware gefunden - Standard

Zwei Trojaner durch Malwarebytes Anti-Malware gefunden


Du kannst einfach einmal den Scanner starten und schauen was der so meint

Alt 31.08.2010, 23:15   #24
Klio
 
Zwei Trojaner durch Malwarebytes Anti-Malware gefunden - Standard

Zwei Trojaner durch Malwarebytes Anti-Malware gefunden


hmm...
Also ich habe den Scan mal ausgeführt.
Den Haken bei "Tiefgreifende Systemprüfung einschalten" habe ich auch gesetzt.
Es hat mir 2 Ergebnisse angezeigt.
Beide habe ich auch gleich installiert. Danach ging ich nochmals drauf und hab noch einen Scan gemach, diesmal ohne den Haken zu setzten, und es kam zu den gleichen 2 Ergebnisse.
Ausserdem scheint noch ein Fehler aufgetreten zu sein.
Alt 31.08.2010, 23:53   #25
Swisstreasure
/// Malwareteam
 
Zwei Trojaner durch Malwarebytes Anti-Malware gefunden - Standard

Zwei Trojaner durch Malwarebytes Anti-Malware gefunden


Zitat:
Ausserdem scheint noch ein Fehler aufgetreten zu sein.
Welcher Fehler?

Alt 01.09.2010, 12:49   #26
Klio
 
Zwei Trojaner durch Malwarebytes Anti-Malware gefunden - Standard

Zwei Trojaner durch Malwarebytes Anti-Malware gefunden


Hi Swiss

Das kann ich dir leider nicht sagen.
Da gibts ja eine Statistik. Wieviele Programme gefunden wurden, wieviele unsicheren Programme, dauer des scans etc.
Und bei "Fehler beim Scan-Vorgang:" hat es mir einen Fehler angezeigt. Jedoch nicht was für einen.
Wenn ich den Haken bei "Tiefgreifende Systemprüfung einschalten" nicht setze, gibts kein Fehler.

Habe soeben noch einen Scan gemacht und konnte jetzt zumindest ein Update durchführen.
Das Andere Kann ich immernoch installieren aber bei einem weiteren scan tritt es wieder in der Liste auf.
Geändert von Klio (01.09.2010 um 13:11 Uhr)

Alt 01.09.2010, 14:33   #27
Swisstreasure
/// Malwareteam
 
Zwei Trojaner durch Malwarebytes Anti-Malware gefunden - Standard

Zwei Trojaner durch Malwarebytes Anti-Malware gefunden


Um welches Update handelt es sich?

Alt 01.09.2010, 15:11   #28
Klio
 
Zwei Trojaner durch Malwarebytes Anti-Malware gefunden - Standard

Zwei Trojaner durch Malwarebytes Anti-Malware gefunden


Sun Java. Ich kann es zwar ausführen und installieren, aber es wird halt immer wieder aufgelistet.

Adobe Flash Player konnte ich mittlerweile installieren, und es taucht beim scan nicht mehr auf.

Alt 01.09.2010, 20:02   #29
Swisstreasure
/// Malwareteam
 
Zwei Trojaner durch Malwarebytes Anti-Malware gefunden - Standard

Zwei Trojaner durch Malwarebytes Anti-Malware gefunden


Du hast die neuste Version. Aber prüfe einmal hier:
Java-Installation überprüfen

Alt 01.09.2010, 21:41   #30
Klio
 
Zwei Trojaner durch Malwarebytes Anti-Malware gefunden - Standard

Zwei Trojaner durch Malwarebytes Anti-Malware gefunden


Zitat:
Zitat von Swisstreasure Beitrag anzeigen
Aber prüfe einmal hier:
Java-Installation überprüfen
Code:
ATTFilter
Sie haben die empfohlene Java-Version installiert (Version 6 Update 21).
So sieht es nach dem Scan von Secunia Inspektor aus:
Miniaturansicht angehängter Grafiken
Zwei Trojaner durch Malwarebytes Anti-Malware gefunden-scan.jpg  

Antwort
Seite 2 von 3 1 2 3

Themen zu Zwei Trojaner durch Malwarebytes Anti-Malware gefunden
action, anti-malware, beachten, bösartige, code, current, dateien, ebook, explorer, gefunde, leute, löschen, malwarebytes, malwarebytes anti-malware, microsoft, minute, notebook, objekte, service, software, troja, trojan.fakealert, trojan.zbotr.gen, trojaner, version, verzeichnisse, zwei trojaner


« csrss.exe, atiedxx.exe, winlogon? | Fehlermeldungen beim Startup »


Ähnliche Themen: Zwei Trojaner durch Malwarebytes Anti-Malware gefunden


  1. Malwarebytes Anti-Malware Bedrohungen vorwiegend in Chrome gefunden
    Plagegeister aller Art und deren Bekämpfung - 19.10.2015 (15)
  2. Backdoor.Bot - gefunden durch Malewarebytes Anti Malware
    Plagegeister aller Art und deren Bekämpfung - 10.03.2015 (5)
  3. Verständnis Frage; Malwarebytes Anti-Malware vs. Malwarebytes Anti-Rootkit
    Antiviren-, Firewall- und andere Schutzprogramme - 21.12.2014 (3)
  4. PUP.globalupdate.T & andere malware durch malwarebytes gefunden.
    Log-Analyse und Auswertung - 19.07.2014 (11)
  5. Mit Malwarebytes-Anti Malware 39 Bedrohungen gefunden
    Lob, Kritik und Wünsche - 07.01.2014 (0)
  6. Mit Malwarebytes-Anti Malware 39 Bedrohungen gefunden
    Plagegeister aller Art und deren Bekämpfung - 07.01.2014 (7)
  7. Malwarebytes Anti-Malware hat mehrere infizierte Objekte gefunden
    Plagegeister aller Art und deren Bekämpfung - 03.01.2014 (6)
  8. Malwarebytes Anti-Malware Scan findet zwei Viren
    Log-Analyse und Auswertung - 07.12.2013 (25)
  9. Malware Yontoo // Malwarebytes-Anti-Malware-Programm keine identifizierte Datei gefunden
    Plagegeister aller Art und deren Bekämpfung - 23.03.2013 (14)
  10. Mehrere Trojaner durch Malwarebytes Anti Malware gefunden und ein Virus durch Avira gefunden (TR/Gendal.81920.6)
    Log-Analyse und Auswertung - 10.11.2012 (1)
  11. Pup.offerbundler.st und pup.bundlerinstaller.bi mit Malwarebytes Anti-Malware gefunden
    Plagegeister aller Art und deren Bekämpfung - 29.10.2012 (9)
  12. PUP.Blabbers bei Malwarebytes Anti-Malware Scan gefunden
    Plagegeister aller Art und deren Bekämpfung - 23.10.2012 (14)
  13. Ich habe 17 infizierte Objekte mit Malwarebytes' Anti-Malware gefunden
    Log-Analyse und Auswertung - 02.07.2012 (4)
  14. 17 Infizierung mit Malwarebytes' Anti-Malware gefunden - Und nun?
    Log-Analyse und Auswertung - 26.05.2010 (1)
  15. Malwarebytes Anti-Malware hat was gefunden
    Plagegeister aller Art und deren Bekämpfung - 27.01.2010 (26)
  16. Malwarebytes-Anti-Malware hat was gefunden bitte um Hilfe
    Log-Analyse und Auswertung - 02.11.2009 (84)
Anleitungen und Tipps

- Für alle Hilfesuchenden! Was beachten?

- Anleitung: MyStartSearch.com entfernen

- Anleitung: WebSearches löschen

- Hilfe: iStartSurf entfernen – so gehts!

- Anleitung: Omiga Plus richtig entfernen

- Browser Viren entfernen


Zum Thema Zwei Trojaner durch Malwarebytes Anti-Malware gefunden - Jo die Kiste läuft nach wie vor ohne Probleme. Hin und wieder lasse ich einfach Malwarebytes im Quickscan durchlaufen und beim letzten Mal hat es eben diese zwei Trojaner gefunden. - Zwei Trojaner durch Malwarebytes Anti-Malware gefunden...
Archiv
Du betrachtest: Zwei Trojaner durch Malwarebytes Anti-Malware gefunden auf Trojaner-Board

Search Engine Optimization by vBSEO ©2011, Crawlability, Inc.

1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32 33 34 35 36 37 38 39 40 41 42 43 44 45 46 47 48 49 50 51 52 53 54 55