| |
| |||||||
Plagegeister aller Art und deren Bekämpfung: Security ToolWindows 7 Wenn Du nicht sicher bist, ob Du dir Malware oder Trojaner eingefangen hast, erstelle hier ein Thema. Ein Experte wird sich mit weiteren Anweisungen melden und Dir helfen die Malware zu entfernen oder Unerwünschte Software zu deinstallieren bzw. zu löschen. Bitte schildere dein Problem so genau wie möglich. Sollte es ein Trojaner oder Viren Problem sein wird ein Experte Dir bei der Beseitigug der Infektion helfen. |
 |
03.09.2010, 13:47
| #1 |
| |  Security Tool Hi. Hatte seit vorgestern einen Trojaner, der sich Security Tool nannte und eigentlich nur ein fake-virus programm ist. Da ich den mit den hier beschriebenen Mitteln nicht wirklich losbekam, habe ich eine Systemwiederherstellung gemacht. Und dann noch mal die hier beschriebenen Programme neu durchlaufen lassen. Wobei mir Malwarebytes immer infizierte dateien angezeigt hat-.- (allerdings weiß ich nicht ob es von security tool ist . deshalb wäre es nett, wenn ihr euch das mal anschauen könntet  )Zuerst Malwarebytes: Code:
ATTFilter Malwarebytes' Anti-Malware 1.46
www.malwarebytes.org
Datenbank Version: 4532
Windows 6.0.6000
Internet Explorer 7.0.6000.16809
02.09.2010 23:22:43
mbam-log-2010-09-02 (23-22-43).txt
Art des Suchlaufs: Vollständiger Suchlauf (C:\|D:\|Z:\|)
Durchsuchte Objekte: 404288
Laufzeit: 2 Stunde(n), 18 Minute(n), 53 Sekunde(n)
Infizierte Speicherprozesse: 0
Infizierte Speichermodule: 0
Infizierte Registrierungsschlüssel: 2
Infizierte Registrierungswerte: 0
Infizierte Dateiobjekte der Registrierung: 0
Infizierte Verzeichnisse: 0
Infizierte Dateien: 5
Infizierte Speicherprozesse:
(Keine bösartigen Objekte gefunden)
Infizierte Speichermodule:
(Keine bösartigen Objekte gefunden)
Infizierte Registrierungsschlüssel:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{055fd26d-3a88-4e15-963d-dc8493744b1d} (Trojan.BHO) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{055fd26d-3a88-4e15-963d-dc8493744b1d} (Trojan.BHO) -> Quarantined and deleted successfully.
Infizierte Registrierungswerte:
(Keine bösartigen Objekte gefunden)
Infizierte Dateiobjekte der Registrierung:
(Keine bösartigen Objekte gefunden)
Infizierte Verzeichnisse:
(Keine bösartigen Objekte gefunden)
Infizierte Dateien:
C:\$Recycle.Bin\S-1-5-21-1054673845-2891796712-3211906163-1000\$RMJ8GD7\netload.in\asmCaptcha\test.exe (Malware.Packer) -> Quarantined and deleted successfully.
C:\Users\Fabian\AppData\Local\Temp\F7E7.tmp (Rootkit.Dropper) -> Quarantined and deleted successfully.
C:\Users\Fabian\AppData\Local\Temp\upd258C.tmp (Spyware.Passwords.XGen) -> Quarantined and deleted successfully.
C:\Users\Fabian\Desktop\keygen.exe (Hacktool.Keygen) -> Quarantined and deleted successfully.
C:\Program Files\ICQToolbar\toolbaru.dll (Trojan.BHO) -> Quarantined and deleted successfully.
und auch rsit. log: Code:
ATTFilter Logfile of random's system information tool 1.08 (written by random/random) Run by Fabian at 2010-09-03 14:24:03 Microsoft® Windows Vista™ Home Premium System drive C: has 144 GB (46%) free of 311 GB Total RAM: 3071 MB (60% free) Logfile of Trend Micro HijackThis v2.0.4 Scan saved at 14:24:15, on 03.09.2010 Platform: Windows Vista (WinNT 6.00.1904) MSIE: Internet Explorer v7.00 (7.00.6000.16809) Boot mode: Normal Running processes: C:\Windows\system32\Dwm.exe C:\Windows\Explorer.EXE C:\Windows\system32\taskeng.exe C:\Program Files\Windows Defender\MSASCui.exe C:\Windows\RtHDVCpl.exe C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe C:\Program Files\Common Files\Java\Java Update\jusched.exe C:\Program Files\Common Files\Real\Update_OB\realsched.exe C:\Windows\System32\rundll32.exe C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe C:\Program Files\HP\HP Software Update\hpwuSchd2.exe C:\Windows\System32\mobsync.exe C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe C:\Windows\System32\wpcumi.exe C:\Program Files\DivX\DivX Update\DivXUpdate.exe C:\Program Files\iTunes\iTunesHelper.exe C:\Program Files\Windows Sidebar\sidebar.exe C:\Windows\ehome\ehtray.exe C:\Windows\System32\rundll32.exe C:\Windows\ehome\ehmsas.exe C:\Program Files\Pando Networks\Media Booster\PMB.exe C:\Program Files\Windows Sidebar\sidebar.exe C:\Program Files\ICQ7.2\ICQ.exe C:\Program Files\iTunes\iTunes.exe C:\Program Files\Last.fm\LastFM.exe C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceHelper.exe C:\Program Files\Common Files\Apple\Apple Application Support\distnoted.exe C:\Program Files\Common Files\Java\Java Update\jucheck.exe C:\Windows\system32\SearchFilterHost.exe C:\Users\Fabian\Downloads\RSIT.exe C:\Program Files\trend micro\Fabian.exe R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://go.microsoft.com/fwlink/?LinkId=54896 R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://start.icq.com/ R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch = R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local R3 - URLSearchHook: ICQToolBar - {855F3B16-6D32-4fe6-8A56-BBB695989046} - C:\Program Files\ICQ6Toolbar\ICQToolBar.dll R3 - URLSearchHook: Softonic Deutsch Toolbar - {8dbb6d8e-e4a6-4e3b-9753-af78b226441c} - C:\Program Files\Softonic_Deutsch\tbSof1.dll R3 - URLSearchHook: (no name) - - (no file) R3 - URLSearchHook: DVDVideoSoftTB Toolbar - {872b5b88-9db5-4310-bdd0-ac189557e5f5} - C:\Program Files\DVDVideoSoftTB\tbDVDV.dll O2 - BHO: HP Print Clips - {053F9267-DC04-4294-A72C-58F732D338C0} - C:\Program Files\HP\Smart Web Printing\hpswp_framework.dll O2 - BHO: Adobe PDF Reader - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll O2 - BHO: (no name) - {1E8A6170-7264-4D0F-BEAE-D42A53123C75} - (no file) O2 - BHO: RealPlayer Download and Record Plugin for Internet Explorer - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\Program Files\Real\RealPlayer\rpbrowserrecordplugin.dll O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll O2 - BHO: DVDVideoSoftTB Toolbar - {872b5b88-9db5-4310-bdd0-ac189557e5f5} - C:\Program Files\DVDVideoSoftTB\tbDVDV.dll O2 - BHO: Softonic Deutsch Toolbar - {8dbb6d8e-e4a6-4e3b-9753-af78b226441c} - C:\Program Files\Softonic_Deutsch\tbSof1.dll O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll O3 - Toolbar: ICQToolBar - {855F3B16-6D32-4fe6-8A56-BBB695989046} - C:\Program Files\ICQ6Toolbar\ICQToolBar.dll O3 - Toolbar: Softonic Deutsch Toolbar - {8dbb6d8e-e4a6-4e3b-9753-af78b226441c} - C:\Program Files\Softonic_Deutsch\tbSof1.dll O3 - Toolbar: DVDVideoSoftTB Toolbar - {872b5b88-9db5-4310-bdd0-ac189557e5f5} - C:\Program Files\DVDVideoSoftTB\tbDVDV.dll O4 - HKLM\..\Run: [Windows Defender] %ProgramFiles%\Windows Defender\MSASCui.exe -hide O4 - HKLM\..\Run: [RtHDVCpl] RtHDVCpl.exe O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe" O4 - HKLM\..\Run: [NeroFilterCheck] C:\Program Files\Common Files\Ahead\Lib\NeroCheck.exe O4 - HKLM\..\Run: [avgnt] "C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe" /min O4 - HKLM\..\Run: [DAEMON Tools] "C:\Program Files\DAEMON Tools\daemon.exe" -lang 1033 O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Common Files\Java\Java Update\jusched.exe" O4 - HKLM\..\Run: [HCWemmon] HCWemmon.exe O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot O4 - HKLM\..\Run: [zzzHPSETUP] E:\Setup.exe O4 - HKLM\..\Run: [NvSvc] RUNDLL32.EXE C:\Windows\system32\nvsvc.dll,nvsvcStart O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\Windows\system32\NvCpl.dll,NvStartup O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\Windows\system32\NvMcTray.dll,NvTaskbarInit O4 - HKLM\..\Run: [Symantec PIF AlertEng] "C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe" /a /m "C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\AlertEng.dll" O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\HP\HP Software Update\HPWuSchd2.exe O4 - HKLM\..\Run: [PWRISOVM.EXE] C:\Program Files\PowerISO\PWRISOVM.EXE O4 - HKLM\..\Run: [GrooveMonitor] "C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe" O4 - HKLM\..\Run: [WPCUMI] C:\Windows\system32\WpcUmi.exe O4 - HKLM\..\Run: [AdobeCS4ServiceManager] "C:\Program Files\Common Files\Adobe\CS4ServiceManager\CS4ServiceManager.exe" -launchedbylogin O4 - HKLM\..\Run: [DivXUpdate] "C:\Program Files\DivX\DivX Update\DivXUpdate.exe" /CHECKNOW O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe" O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime O4 - HKCU\..\Run: [Sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun O4 - HKCU\..\Run: [ehTray.exe] C:\Windows\ehome\ehTray.exe O4 - HKCU\..\Run: [DAEMON Tools] "C:\Program Files\DAEMON Tools\daemon.exe" -lang 1033 O4 - HKCU\..\Run: [AlcoholAutomount] "C:\Program Files\Alcohol Soft\Alcohol 120\axcmd.exe" /automount O4 - HKCU\..\Run: [Pando Media Booster] C:\Program Files\Pando Networks\Media Booster\PMB.exe O4 - HKCU\..\Run: [EA Core] "C:\Program Files\Electronic Arts\EADM\Core.exe" -silent O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'LOKALER DIENST') O4 - HKUS\S-1-5-19\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter (User 'LOKALER DIENST') O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'NETZWERKDIENST') O4 - Startup: Adobe Gamma.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe O4 - Startup: OneNote 2007 Bildschirmausschnitt- und Startprogramm.lnk = C:\Program Files\Microsoft Office\Office12\ONENOTEM.EXE O8 - Extra context menu item: Free YouTube to Mp3 Converter - C:\Users\Fabian\AppData\Roaming\DVDVideoSoftIEHelpers\youtubetomp3.htm O8 - Extra context menu item: Nach Microsoft E&xel exportieren - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000 O9 - Extra button: An OneNote senden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll O9 - Extra 'Tools' menuitem: An OneNote s&enden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll O9 - Extra button: HP Sammelmappe - {58ECB495-38F0-49cb-A538-10282ABF65E7} - C:\Program Files\HP\Smart Web Printing\hpswp_extensions.dll O9 - Extra button: HP Intelligente Auswahl - {700259D7-1666-479a-93B1-3250410481E8} - C:\Program Files\HP\Smart Web Printing\hpswp_extensions.dll O9 - Extra button: ICQ7.2 - {72EFBFE4-C74F-4187-AEFD-73EA3BE968D6} - C:\Program Files\ICQ7.2\ICQ.exe O9 - Extra 'Tools' menuitem: ICQ7.2 - {72EFBFE4-C74F-4187-AEFD-73EA3BE968D6} - C:\Program Files\ICQ7.2\ICQ.exe O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL O10 - Unknown file in Winsock LSP: c:\windows\system32\wpclsp.dll O10 - Unknown file in Winsock LSP: c:\windows\system32\wpclsp.dll O10 - Unknown file in Winsock LSP: c:\windows\system32\wpclsp.dll O10 - Unknown file in Winsock LSP: c:\windows\system32\wpclsp.dll O10 - Unknown file in Winsock LSP: c:\windows\system32\wpclsp.dll O10 - Unknown file in Winsock LSP: c:\windows\system32\wpclsp.dll O10 - Unknown file in Winsock LSP: c:\windows\system32\wpclsp.dll O10 - Unknown file in Winsock LSP: c:\windows\system32\wpclsp.dll O10 - Unknown file in Winsock LSP: c:\windows\system32\wpclsp.dll O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\Program Files\Microsoft Office\Office12\GrooveSystemServices.dll O22 - SharedTaskScheduler: Component Categories cache daemon - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\Windows\system32\browseui.dll O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe O23 - Service: AntiVir PersonalEdition Classic Planer (AntiVirScheduler) - Avira GmbH - C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe O23 - Service: AntiVir PersonalEdition Classic Guard (AntiVirService) - Avira GmbH - C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe O23 - Service: Automatisches LiveUpdate - Scheduler - Symantec Corporation - C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe O23 - Service: Dienst "Bonjour" (Bonjour Service) - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe O23 - Service: Symantec Lic NetConnect service (CLTNetCnService) - Unknown owner - c:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe (file missing) O23 - Service: FLEXnet Licensing Service - Acresso Software Inc. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe O23 - Service: Google Update Service (gupdate) (gupdate) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe O23 - Service: ICQ Service - Unknown owner - C:\Program Files\ICQ6Toolbar\ICQ Service.exe O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe O23 - Service: iPod-Dienst (iPod Service) - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe O23 - Service: LckFldService - Unknown owner - C:\Windows\system32\LckFldService.exe (file missing) O23 - Service: LiveUpdate - Symantec Corporation - C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE O23 - Service: LiveUpdate Notice Service Ex (LiveUpdate Notice Ex) - Unknown owner - c:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe (file missing) O23 - Service: LiveUpdate Notice Service - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe O23 - Service: NMIndexingService - Nero AG - C:\Program Files\Common Files\Ahead\Lib\NMIndexingService.exe O23 - Service: Visibroker Activation Daemon (oad) - Unknown owner - C:\PROGRA~1\Borland\vbroker\bin\oad.exe (file missing) O23 - Service: VisiBroker Smart Agent (osagent) - Unknown owner - C:\PROGRA~1\Borland\vbroker\bin\osagent.exe (file missing) O23 - Service: PC Tools Auxiliary Service (sdAuxService) - Unknown owner - C:\Program Files\Spyware Doctor\svcntaux.exe (file missing) O23 - Service: PC Tools Security Service (sdCoreService) - Unknown owner - C:\Program Files\Spyware Doctor\swdsvc.exe (file missing) O23 - Service: StarWind AE Service (StarWindServiceAE) - Rocket Division Software - C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindServiceAE.exe O23 - Service: Fujitsu Siemens Computers Diagnostic Testhandler (TestHandler) - Fujitsu Siemens Computers - C:\firststeps\OnlineDiagnostic\TestManager\TestHandler.exe -- End of file - 12192 bytes ======Scheduled tasks folder====== C:\Windows\tasks\GoogleUpdateTaskMachineCore.job C:\Windows\tasks\GoogleUpdateTaskMachineUA.job C:\Windows\tasks\Norton Security Scan for Fabian.job C:\Windows\tasks\User_Feed_Synchronization-{C27515C3-4436-493B-94A2-3C3CF69BDCC9}.job ======Registry dump====== [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{053F9267-DC04-4294-A72C-58F732D338C0}] HP Print Clips - C:\Program Files\HP\Smart Web Printing\hpswp_framework.dll [2007-03-02 177768] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{06849E9F-C8D7-4D59-B87D-784B7D6BE0B3}] Adobe PDF Reader - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll [2006-10-23 62080] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{1E8A6170-7264-4D0F-BEAE-D42A53123C75}] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{3049C3E9-B461-4BC5-8870-4C09146192CA}] RealPlayer Download and Record Plugin for Internet Explorer - C:\Program Files\Real\RealPlayer\rpbrowserrecordplugin.dll [2008-01-18 370296] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{72853161-30C5-4D22-B7F9-0BBC1D38A37E}] Groove GFS Browser Helper - C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll [2009-02-12 2217848] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{872b5b88-9db5-4310-bdd0-ac189557e5f5}] DVDVideoSoftTB Toolbar - C:\Program Files\DVDVideoSoftTB\tbDVDV.dll [2010-04-15 2515552] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{8dbb6d8e-e4a6-4e3b-9753-af78b226441c}] Softonic Deutsch Toolbar - C:\Program Files\Softonic_Deutsch\tbSof1.dll [2009-06-11 2094616] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{DBC80044-A445-435b-BC74-9C25C1C588A9}] Java(tm) Plug-In 2 SSV Helper - C:\Program Files\Java\jre6\bin\jp2ssv.dll [2010-04-02 41760] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar] {855F3B16-6D32-4fe6-8A56-BBB695989046} - ICQToolBar - C:\Program Files\ICQ6Toolbar\ICQToolBar.dll [2010-06-02 1018616] {8dbb6d8e-e4a6-4e3b-9753-af78b226441c} - Softonic Deutsch Toolbar - C:\Program Files\Softonic_Deutsch\tbSof1.dll [2009-06-11 2094616] {872b5b88-9db5-4310-bdd0-ac189557e5f5} - DVDVideoSoftTB Toolbar - C:\Program Files\DVDVideoSoftTB\tbDVDV.dll [2010-04-15 2515552] [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run] "Windows Defender"=C:\Program Files\Windows Defender\MSASCui.exe [2007-01-01 1006264] "RtHDVCpl"=C:\Windows\RtHDVCpl.exe [2008-02-26 4939776] "Adobe Reader Speed Launcher"=C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe [2007-10-10 39792] "NeroFilterCheck"=C:\Program Files\Common Files\Ahead\Lib\NeroCheck.exe [2007-02-26 153136] "avgnt"=C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe [2008-07-21 266497] "DAEMON Tools"=C:\Program Files\DAEMON Tools\daemon.exe [2007-04-04 165784] "SunJavaUpdateSched"=C:\Program Files\Common Files\Java\Java Update\jusched.exe [2010-02-18 248040] "HCWemmon"=C:\Windows\HCWemmon.exe [2007-03-29 61440] "TkBellExe"=C:\Program Files\Common Files\Real\Update_OB\realsched.exe [2008-01-18 185896] "zzzHPSETUP"=E:\Setup.exe [] "NvSvc"=C:\Windows\system32\nvsvc.dll [2007-12-05 86016] "NvCplDaemon"=C:\Windows\system32\NvCpl.dll [2007-12-05 8530464] "NvMediaCenter"=C:\Windows\system32\NvMcTray.dll [2007-12-05 81920] "Symantec PIF AlertEng"=C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe [2008-01-29 583048] "HP Software Update"=C:\Program Files\HP\HP Software Update\HPWuSchd2.exe [2007-03-11 49152] "PWRISOVM.EXE"=C:\Program Files\PowerISO\PWRISOVM.EXE [2009-11-09 180224] "GrooveMonitor"=C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe [2008-10-25 31072] "WPCUMI"=C:\Windows\system32\WpcUmi.exe [2006-11-02 176128] "AdobeCS4ServiceManager"=C:\Program Files\Common Files\Adobe\CS4ServiceManager\CS4ServiceManager.exe [2008-08-14 611712] "DivXUpdate"=C:\Program Files\DivX\DivX Update\DivXUpdate.exe [2010-04-13 1135912] "iTunesHelper"=C:\Program Files\iTunes\iTunesHelper.exe [2010-07-21 141608] "QuickTime Task"=C:\Program Files\QuickTime\QTTask.exe [2010-08-10 421888] [HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run] "Sidebar"=C:\Program Files\Windows Sidebar\sidebar.exe [2008-01-09 1232896] "ehTray.exe"=C:\Windows\ehome\ehTray.exe [2006-11-02 125440] "DAEMON Tools"=C:\Program Files\DAEMON Tools\daemon.exe [2007-04-04 165784] "AlcoholAutomount"=C:\Program Files\Alcohol Soft\Alcohol 120\axcmd.exe [2007-07-02 219520] "Pando Media Booster"=C:\Program Files\Pando Networks\Media Booster\PMB.exe [2009-11-03 2923192] "EA Core"=C:\Program Files\Electronic Arts\EADM\Core.exe [2009-03-28 3325952] C:\Users\Fabian\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup Adobe Gamma.lnk - C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe OneNote 2007 Bildschirmausschnitt- und Startprogramm.lnk - C:\Program Files\Microsoft Office\Office12\ONENOTEM.EXE [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks] "{B5A7F190-DDA6-4420-B3BA-52453494E6CD}"=C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll [2009-02-12 2217848] [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\sdauxservice] [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\sdcoreservice] [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\sdauxservice] [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\sdcoreservice] [HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\System] "LogonHoursAction"=2 "DontDisplayLogonHoursWarnings"=1 [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System] "EnableLUA"=0 "dontdisplaylastusername"=0 "legalnoticecaption"= "legalnoticetext"= "shutdownwithoutlogon"=1 "undockwithoutlogon"=1 [HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\explorer] "NoDriveTypeAutoRun"=145 [HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list] [HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list] ======List of files/folders created in the last 1 months====== 2010-09-03 14:24:03 ----D---- C:\rsit 2010-09-03 14:09:49 ----D---- C:\Program Files\CCleaner 2010-09-02 21:02:32 ----A---- C:\Windows\system32\drivers\mbamswissarmy.sys 2010-09-02 21:02:28 ----A---- C:\Windows\system32\drivers\mbam.sys 2010-09-01 19:10:10 ----D---- C:\Users\Fabian\AppData\Roaming\Malwarebytes 2010-09-01 19:09:56 ----D---- C:\ProgramData\Malwarebytes 2010-09-01 19:09:56 ----D---- C:\Program Files\Malwarebytes' Anti-Malware 2010-08-19 19:25:15 ----D---- C:\ProgramData\Last(56).fm 2010-08-10 13:50:14 ----D---- C:\Users\Fabian\AppData\Roaming\foobar2000 2010-08-10 13:50:01 ----D---- C:\Program Files\foobar2000 2010-08-10 13:45:08 ----D---- C:\Users\Fabian\AppData\Roaming\Spesoft Audio Converter 2010-08-10 13:44:52 ----D---- C:\Program Files\Spesoft Audio Converter 2010-08-10 13:41:52 ----D---- C:\Program Files\FLAC to MP3 Converter ======List of files/folders modified in the last 1 months====== 2010-09-03 14:24:15 ----D---- C:\Program Files\Trend Micro 2010-09-03 14:24:10 ----D---- C:\Windows\Temp 2010-09-03 14:09:49 ----RD---- C:\Program Files 2010-09-03 13:17:19 ----D---- C:\Windows\System32 2010-09-03 13:17:19 ----A---- C:\Windows\system32\PerfStringBackup.INI 2010-09-03 13:17:18 ----D---- C:\Windows\inf 2010-09-03 13:12:39 ----D---- C:\Users\Fabian\AppData\Roaming\ICQ 2010-09-03 13:12:32 ----D---- C:\Program Files\ICQ7.2 2010-09-03 05:44:01 ----D---- C:\Windows\system32\config 2010-09-03 05:43:39 ----D---- C:\Windows\Tasks 2010-09-03 05:43:39 ----D---- C:\Windows\system32\Tasks 2010-09-03 05:43:39 ----D---- C:\Windows\system32\spool 2010-09-03 05:43:39 ----D---- C:\Windows\system32\drivers\etc 2010-09-03 05:43:39 ----D---- C:\Windows\system32\CodeIntegrity 2010-09-03 05:43:39 ----D---- C:\Windows\system32\catroot2 2010-09-03 05:43:39 ----D---- C:\Windows 2010-09-03 05:43:34 ----D---- C:\ProgramData\PMB Files 2010-09-03 05:43:34 ----D---- C:\ProgramData\FLEXnet 2010-09-03 05:43:34 ----D---- C:\Program Files\Streamripper 2010-09-03 05:43:34 ----D---- C:\Program Files\Softonic_Deutsch 2010-09-03 05:43:34 ----D---- C:\Program Files\Safari 2010-09-03 05:43:34 ----D---- C:\Program Files\Last.fm 2010-09-03 05:43:33 ----D---- C:\Program Files\iTunes 2010-09-03 05:43:32 ----D---- C:\Program Files\FolderAccess 2010-09-03 05:43:27 ----HD---- C:\ProgramData 2010-09-03 05:43:26 ----D---- C:\Windows\system32\wbem 2010-09-03 05:43:26 ----D---- C:\Windows\registration 2010-09-03 05:43:26 ----D---- C:\Program Files\Common Files\Adobe 2010-09-03 05:43:26 ----D---- C:\Program Files\Adobe 2010-09-03 05:43:26 ----D---- C:\Big Fish Games 2010-09-03 05:40:19 ----D---- C:\ProgramData\Last.fm 2010-09-02 23:24:35 ----RSD---- C:\Windows\Fonts 2010-09-02 23:24:35 ----D---- C:\Windows\system32\drivers 2010-09-02 23:22:43 ----D---- C:\Program Files\ICQToolbar 2010-09-02 21:26:20 ----D---- C:\Users\Fabian\AppData\Roaming\OpenOffice.org2 2010-09-02 20:49:37 ----SHD---- C:\System Volume Information 2010-09-02 19:56:00 ----SHD---- C:\Windows\Installer 2010-09-02 19:55:41 ----D---- C:\Program Files\QuickTime 2010-09-02 19:03:29 ----D---- C:\Program Files\ICQ6Toolbar 2010-09-02 18:59:58 ----D---- C:\Windows\Prefetch 2010-09-02 18:56:32 ----D---- C:\Users\Fabian\AppData\Roaming\Adobe 2010-09-02 18:47:54 ----D---- C:\ProgramData\Adobe 2010-09-01 22:24:59 ----D---- C:\Windows\tracing 2010-09-01 19:04:29 ----D---- C:\Windows\Minidump 2010-08-17 19:10:06 ----D---- C:\Dephi 2010-08-17 14:29:05 ----A---- C:\Windows\NeroDigital.ini ======List of drivers (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)====== R0 AtiPcie;ATI PCI Express (3GIO) Filter; C:\Windows\system32\DRIVERS\AtiPcie.sys [2006-10-30 8192] R0 IKFileSec;File Security Driver; C:\Windows\system32\drivers\ikfilesec.sys [2007-10-18 41288] R0 sptd;sptd; C:\Windows\System32\Drivers\sptd.sys [2008-05-28 716272] R1 avgio;avgio; \??\C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgio.sys [2007-02-27 11840] R1 avipbb;avipbb; C:\Windows\system32\DRIVERS\avipbb.sys [2008-07-21 75072] R1 eeCtrl;Symantec Eraser Control driver; \??\C:\Program Files\Common Files\Symantec Shared\EENGINE\eeCtrl.sys [2010-05-31 371248] R1 GRD;G DATA Rootkit Detector Driver; \??\C:\Windows\system32\drivers\GRD.sys [2007-12-26 16712] R1 IKSysFlt;System Filter Driver; C:\Windows\system32\drivers\iksysflt.sys [2007-10-18 62280] R1 IKSysSec;System Security Driver; C:\Windows\system32\drivers\iksyssec.sys [2007-10-18 79688] R1 SCDEmu;SCDEmu; C:\Windows\system32\drivers\SCDEmu.sys [2009-11-09 59388] R1 ssmdrv;ssmdrv; C:\Windows\system32\DRIVERS\ssmdrv.sys [2008-04-30 21248] R1 vmm;Virtual Machine Monitor; \??\C:\Windows\system32\Drivers\vmm.sys [2007-02-18 232816] R2 enodpl;enodpl; C:\Windows\System32\drivers\enodpl.sys [2003-03-02 7552] R2 tandpl;tandpl; C:\Windows\System32\drivers\tandpl.sys [2003-04-19 4736] R3 avgntflt;avgntflt; \??\C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgntflt.sys [2008-06-03 52032] R3 GEARAspiWDM;GEAR ASPI Filter Driver; C:\Windows\system32\DRIVERS\GEARAspiWDM.sys [2009-05-18 26600] R3 IntcAzAudAddService;Service for Realtek HD Audio (WDM); C:\Windows\system32\drivers\RTKVHDA.sys [2008-02-26 2070304] R3 nvlddmkm;nvlddmkm; C:\Windows\system32\DRIVERS\nvlddmkm.sys [2007-12-05 8238720] R3 RTL8169;Realtek 8169 NT Driver; C:\Windows\system32\DRIVERS\Rtlh86.sys [2008-02-14 118784] R3 VPCNetS2;Virtual Machine Network Services Driver; C:\Windows\system32\DRIVERS\VMNetSrv.sys [2007-01-29 59280] R3 WUDFRd;WUDFRd; C:\Windows\system32\DRIVERS\WUDFRd.sys [2007-01-01 82688] S3 abihkc2h;abihkc2h; C:\Windows\system32\drivers\abihkc2h.sys [] S3 akxo4wjo;akxo4wjo; C:\Windows\system32\drivers\akxo4wjo.sys [] S3 ASPI;Advanced SCSI Programming Interface Driver; \??\C:\Windows\System32\DRIVERS\ASPI32.sys [2002-07-17 84832] S3 drmkaud;Microsoft Kernel-DRM-Audioentschlüsselung; C:\Windows\system32\drivers\drmkaud.sys [2006-11-02 5632] S3 HdAudAddService;Microsoft 1.1 UAA-Funktionstreiber für High Definition Audio-Dienst; C:\Windows\system32\drivers\HdAudio.sys [2006-11-02 235520] S3 MSKSSRV;Microsoft Streaming Service Proxy; C:\Windows\system32\drivers\MSKSSRV.sys [2006-11-02 8192] S3 MSPCLOCK;Microsoft Proxy für Streaming Clock; C:\Windows\system32\drivers\MSPCLOCK.sys [2006-11-02 5888] S3 MSPQM;Microsoft Proxy für Streaming Quality Manager; C:\Windows\system32\drivers\MSPQM.sys [2006-11-02 5504] S3 MSTEE;Microsoft Streaming Tee/Sink-to-Sink-Konvertierung; C:\Windows\system32\drivers\MSTEE.sys [2006-11-02 6016] S3 USB28xxBGA;WinTV HVR-900; C:\Windows\system32\DRIVERS\emBDA.sys [2007-01-30 361728] S3 USB28xxOEM;WinTV OEM Filter; C:\Windows\system32\DRIVERS\emOEM.sys [2007-01-30 39680] S3 USBAAPL;Apple Mobile USB Driver; C:\Windows\System32\Drivers\usbaapl.sys [2010-04-19 41984] S3 usbscan;USB-Scannertreiber; C:\Windows\system32\DRIVERS\usbscan.sys [2006-11-02 35328] S3 VBoxNetAdp;VirtualBox Host-Only Ethernet Adapter; C:\Windows\system32\DRIVERS\VBoxNetAdp.sys [2010-03-25 99728] S3 VBoxNetFlt;VBoxNetFlt Service; C:\Windows\system32\DRIVERS\VBoxNetFlt.sys [] S3 WpdUsb;WpdUsb; C:\Windows\system32\DRIVERS\wpdusb.sys [2006-11-02 39936] S4 iaStor;Intel RAID Controller; C:\Windows\system32\drivers\iastor.sys [2007-07-12 305176] S4 JRAID;JRAID; C:\Windows\system32\drivers\jraid.sys [2007-06-13 48256] S4 nvrd32;NVIDIA nForce RAID Driver; C:\Windows\system32\drivers\nvrd32.sys [2007-07-02 131616] S4 nvstor32;nvstor32; C:\Windows\system32\drivers\nvstor32.sys [2007-07-02 110112] S4 viamraid;viamraid; C:\Windows\system32\drivers\viamraid.sys [2006-11-08 102912] ======List of services (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)====== R2 AntiVirScheduler;AntiVir PersonalEdition Classic Planer; C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe [2008-07-21 68865] R2 AntiVirService;AntiVir PersonalEdition Classic Guard; C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe [2008-07-21 149761] R2 Apple Mobile Device;Apple Mobile Device; C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe [2010-06-10 144176] R2 Automatisches LiveUpdate - Scheduler;Automatisches LiveUpdate - Scheduler; C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe [2007-09-26 554352] R2 Bonjour Service;Dienst "Bonjour"; C:\Program Files\Bonjour\mDNSResponder.exe [2010-05-18 345376] R2 ICQ Service;ICQ Service; C:\Program Files\ICQ6Toolbar\ICQ Service.exe [2010-06-02 246520] R2 LiveUpdate Notice Service;LiveUpdate Notice Service; C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe [2008-01-29 583048] R2 MDM;Machine Debug Manager; C:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.exe [2003-03-19 335872] R2 StarWindServiceAE;StarWind AE Service; C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindServiceAE.exe [2007-05-28 275968] R2 TestHandler;Fujitsu Siemens Computers Diagnostic Testhandler; C:\firststeps\OnlineDiagnostic\TestManager\TestHandler.exe [2006-12-08 204800] R3 iPod Service;iPod-Dienst; C:\Program Files\iPod\bin\iPodService.exe [2010-07-21 540968] S2 CLTNetCnService;Symantec Lic NetConnect service; c:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe /h ccCommon [] S2 gupdate;Google Update Service (gupdate); C:\Program Files\Google\Update\GoogleUpdate.exe [2010-04-16 135664] S2 LckFldService;LckFldService; C:\Windows\system32\LckFldService.exe [] S2 LiveUpdate Notice Ex;LiveUpdate Notice Service Ex; c:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe /h ccCommon [] S2 sdAuxService;PC Tools Auxiliary Service; C:\Program Files\Spyware Doctor\svcntaux.exe [] S2 sdCoreService;PC Tools Security Service; C:\Program Files\Spyware Doctor\swdsvc.exe [] S3 Adobe LM Service;Adobe LM Service; C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe [2009-06-18 72704] S3 FLEXnet Licensing Service;FLEXnet Licensing Service; C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe [2010-05-01 655624] S3 IDriverT;InstallDriver Table Manager; C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe [2004-10-22 73728] S3 LiveUpdate;LiveUpdate; C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE [2007-09-26 2999664] S3 Microsoft Office Groove Audit Service;Microsoft Office Groove Audit Service; C:\Program Files\Microsoft Office\Office12\GrooveAuditService.exe [2008-10-25 65888] S3 NMIndexingService;NMIndexingService; C:\Program Files\Common Files\Ahead\Lib\NMIndexingService.exe [2007-02-26 267824] S3 oad;Visibroker Activation Daemon; C:\PROGRA~1\Borland\vbroker\bin\oad.exe [] S3 odserv;Microsoft Office Diagnostics Service; C:\Program Files\Common Files\Microsoft Shared\OFFICE12\ODSERV.EXE [2008-11-04 441712] S3 osagent;VisiBroker Smart Agent; C:\PROGRA~1\Borland\vbroker\bin\osagent.exe [] S3 ose;Office Source Engine; C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE [2006-10-26 145184] S3 usprserv;User Privilege Service; C:\Windows\System32\svchost.exe [2006-11-02 22016] -----------------EOF----------------- und info Code:
ATTFilter info.txt logfile of random's system information tool 1.08 2010-09-03 14:24:19
======Uninstall list======
-->C:\Program Files\Common Files\Real\Update_OB\r1puninst.exe RealNetworks|RealPlayer|6.0
-->C:\Program Files\Nero\Nero 7\nero\uninstall\UNNERO.exe /UNINSTALL
-->C:\ProgramData\DivX\DivX7\DivX Converter\DivXConverterUninstall.exe /CONVERTER
-->C:\Windows\UNNeroMediaHome.exe /UNINSTALL
-->C:\Windows\UNNeroShowTime.exe /UNINSTALL
-->C:\Windows\UNNeroVision.exe /UNINSTALL
-->C:\Windows\UNRecode.exe /UNINSTALL
-->msiexec /package {90120000-0030-0000-0000-0000000FF1CE} /uninstall {926CC8AE-8414-43DF-8EB4-CF26D9C3C663}
-->MsiExec /X{45235788-142C-44BE-8A4D-DDE9A84492E5}
2007 Microsoft Office Suite Service Pack 2 (SP2)-->msiexec /package {90120000-0015-0409-0000-0000000FF1CE} /uninstall {2FC4457D-409E-466F-861F-FB0CB796B53E}
2007 Microsoft Office Suite Service Pack 2 (SP2)-->msiexec /package {90120000-0016-0409-0000-0000000FF1CE} /uninstall {2FC4457D-409E-466F-861F-FB0CB796B53E}
2007 Microsoft Office Suite Service Pack 2 (SP2)-->msiexec /package {90120000-0018-0409-0000-0000000FF1CE} /uninstall {2FC4457D-409E-466F-861F-FB0CB796B53E}
2007 Microsoft Office Suite Service Pack 2 (SP2)-->msiexec /package {90120000-0019-0409-0000-0000000FF1CE} /uninstall {2FC4457D-409E-466F-861F-FB0CB796B53E}
2007 Microsoft Office Suite Service Pack 2 (SP2)-->msiexec /package {90120000-001A-0409-0000-0000000FF1CE} /uninstall {2FC4457D-409E-466F-861F-FB0CB796B53E}
2007 Microsoft Office Suite Service Pack 2 (SP2)-->msiexec /package {90120000-001B-0409-0000-0000000FF1CE} /uninstall {2FC4457D-409E-466F-861F-FB0CB796B53E}
2007 Microsoft Office Suite Service Pack 2 (SP2)-->msiexec /package {90120000-001F-0409-0000-0000000FF1CE} /uninstall {ABDDE972-355B-4AF1-89A8-DA50B7B5C045}
2007 Microsoft Office Suite Service Pack 2 (SP2)-->msiexec /package {90120000-001F-0409-0000-0000000FF1CE} /uninstall {ABDDE972-355B-4AF1-89A8-DA50B7B5C045}
2007 Microsoft Office Suite Service Pack 2 (SP2)-->msiexec /package {90120000-001F-040C-0000-0000000FF1CE} /uninstall {F580DDD5-8D37-4998-968E-EBB76BB86787}
2007 Microsoft Office Suite Service Pack 2 (SP2)-->msiexec /package {90120000-001F-040C-0000-0000000FF1CE} /uninstall {F580DDD5-8D37-4998-968E-EBB76BB86787}
2007 Microsoft Office Suite Service Pack 2 (SP2)-->msiexec /package {90120000-001F-0C0A-0000-0000000FF1CE} /uninstall {187308AB-5FA7-4F14-9AB9-D290383A10D9}
2007 Microsoft Office Suite Service Pack 2 (SP2)-->msiexec /package {90120000-0030-0000-0000-0000000FF1CE} /uninstall {0B36C6D6-F5D8-4EAF-BF94-4376A230AD5B}
2007 Microsoft Office Suite Service Pack 2 (SP2)-->msiexec /package {90120000-0044-0409-0000-0000000FF1CE} /uninstall {2FC4457D-409E-466F-861F-FB0CB796B53E}
2007 Microsoft Office Suite Service Pack 2 (SP2)-->msiexec /package {90120000-006E-0409-0000-0000000FF1CE} /uninstall {DE5A002D-8122-4278-A7EE-3121E7EA254E}
2007 Microsoft Office Suite Service Pack 2 (SP2)-->msiexec /package {90120000-00A1-0409-0000-0000000FF1CE} /uninstall {2FC4457D-409E-466F-861F-FB0CB796B53E}
2007 Microsoft Office Suite Service Pack 2 (SP2)-->msiexec /package {90120000-00BA-0409-0000-0000000FF1CE} /uninstall {2FC4457D-409E-466F-861F-FB0CB796B53E}
2007 Microsoft Office Suite Service Pack 2 (SP2)-->msiexec /package {90120000-0114-0409-0000-0000000FF1CE} /uninstall {2FC4457D-409E-466F-861F-FB0CB796B53E}
2007 Microsoft Office Suite Service Pack 2 (SP2)-->msiexec /package {90120000-0115-0409-0000-0000000FF1CE} /uninstall {DE5A002D-8122-4278-A7EE-3121E7EA254E}
2007 Microsoft Office Suite Service Pack 2 (SP2)-->msiexec /package {90120000-0117-0409-0000-0000000FF1CE} /uninstall {2FC4457D-409E-466F-861F-FB0CB796B53E}
2007 Microsoft Office Suite Service Pack 2 (SP2)-->msiexec /package {91120000-002F-0000-0000-0000000FF1CE} /uninstall {0B36C6D6-F5D8-4EAF-BF94-4376A230AD5B}
AC3Filter (remove only)-->C:\Program Files\AC3Filter\uninstall.exe
Activation Assistant for the 2007 Microsoft Office suites-->"C:\ProgramData\{174892B1-CBE7-44F5-86FF-AB555EFD73A3}\Microsoft Office Activation Assistant.exe" REMOVE=TRUE MODIFY=FALSE
Adobe Anchor Service CS4-->MsiExec.exe /I{1618734A-3957-4ADD-8199-F973763109A8}
Adobe Bridge 1.0-->MsiExec.exe /I{B74D4E10-1033-0000-0000-000000000001}
Adobe Bridge CS4-->MsiExec.exe /I{83877DB1-8B77-45BC-AB43-2BAC22E093E0}
Adobe CMaps CS4-->MsiExec.exe /I{94D398EB-D2FD-4FD1-B8C4-592635E8A191}
Adobe Color - Photoshop Specific CS4-->MsiExec.exe /I{3D2C9DE6-9ADE-4252-A241-E43723B0CE02}
Adobe Color EU Recommended Settings CS4-->MsiExec.exe /I{0DC0E85F-36E4-463B-B3EA-4CD8ED2222A1}
Adobe Color JA Extra Settings CS4-->MsiExec.exe /I{0D6013AB-A0C7-41DC-973C-E93129C9A29F}
Adobe Color NA Extra Settings CS4-->MsiExec.exe /I{098A2A49-7CF3-4F08-A38D-FB879117152A}
Adobe Color Video Profiles CS CS4-->MsiExec.exe /I{63C24A08-70F3-4C8E-B9FB-9F21A903801D}
Adobe Common File Installer-->MsiExec.exe /I{8EDBA74D-0686-4C99-BFDD-F894678E5B39}
Adobe CSI CS4-->MsiExec.exe /I{0F723FC1-7606-4867-866C-CE80AD292DAF}
Adobe Default Language CS4-->MsiExec.exe /I{C52E3EC1-048C-45E1-8D53-10B0C6509683}
Adobe ExtendScript Toolkit CS4-->MsiExec.exe /I{F8EF2B3F-C345-4F20-8FE4-791A20333CD5}
Adobe Flash Player 10 ActiveX-->C:\Windows\system32\Macromed\Flash\uninstall_activeX.exe
Adobe Flash Player 10 Plugin-->C:\Windows\system32\Macromed\Flash\uninstall_plugin.exe
Adobe Fonts All-->MsiExec.exe /I{FCDD51BB-CAD0-4BB1-B7DF-CE86D1032794}
Adobe Help Center 1.0-->MsiExec.exe /I{E9787678-1033-0000-8E67-000000000001}
Adobe Linguistics CS4-->MsiExec.exe /I{931AB7EA-3656-4BB7-864D-022B09E3DD67}
Adobe Output Module-->MsiExec.exe /I{BB4E33EC-8181-4685-96F7-8554293DEC6A}
Adobe PDF Library Files CS4-->MsiExec.exe /I{F93C84A6-0DC6-42AF-89FA-776F7C377353}
Adobe Photoshop CS2-->msiexec /I {236BB7C4-4419-42FD-0409-1E257A25E34D}
Adobe Photoshop CS4 Support-->MsiExec.exe /I{63E5CDBF-8214-4F03-84F8-CD3CE48639AD}
Adobe Photoshop CS4-->C:\Program Files\Common Files\Adobe\Installers\faf656ef605427ee2f42989c3ad31b8\Setup.exe --uninstall=1
Adobe Photoshop CS4-->MsiExec.exe /I{B65BA85C-0A27-4BC0-A22D-A66F0E5B9494}
Adobe Photoshop CS4-->MsiExec.exe /I{E4848436-0345-47E2-B648-8B522FCDA623}
Adobe Photoshop Elements 6.0-->msiexec /I {F54AC413-D2C6-4A24-B324-370C223C6250}
Adobe Reader 8.1.1 - Deutsch-->MsiExec.exe /I{AC76BA86-7AD7-1031-7B44-A81000000003}
Adobe Search for Help-->MsiExec.exe /I{F0E64E2E-3A60-40D8-A55D-92F6831875DA}
Adobe Service Manager Extension-->MsiExec.exe /I{4943EFF5-229F-435D-BEA9-BE3CAEA783A7}
Adobe Setup-->MsiExec.exe /I{0D67A4E4-5BE0-4C9A-8AD8-AB552B433F23}
Adobe Stock Photos 1.0-->MsiExec.exe /I{786C5747-1033-0000-B58E-000000000001}
Adobe Type Support CS4-->MsiExec.exe /I{820D3F45-F6EE-4AAF-81EF-CE21FF21D230}
Adobe Update Manager CS4-->MsiExec.exe /I{05308C4E-7285-4066-BAE3-6B50DA6ED755}
Adobe WinSoft Linguistics Plugin-->MsiExec.exe /I{3DA8DF9A-044E-46C4-8531-DEDBB0EE37FF}
Adobe XMP Panels CS4-->MsiExec.exe /I{3A4E8896-C2E7-4084-A4A4-B8FD1894E739}
AdobeColorCommonSetCMYK-->MsiExec.exe /I{68243FF8-83CA-466B-B2B8-9F99DA5479C4}
AdobeColorCommonSetRGB-->MsiExec.exe /I{16E6D2C1-7C90-4309-8EC4-D2212690AAA4}
AGEIA PhysX v7.09.13-->MsiExec.exe /X{45235788-142C-44BE-8A4D-DDE9A84492E5}
AnyToISO-->"C:\Program Files\AnyToISO\unins000.exe"
Apple Application Support-->MsiExec.exe /I{A93944F2-D2D4-4750-BFE7-9A288FEAF2CF}
Apple Mobile Device Support-->MsiExec.exe /I{85991ED2-010C-4930-96FA-52F43C2CE98A}
Apple Software Update-->MsiExec.exe /I{6956856F-B6B3-4BE0-BA0B-8F495BE32033}
Audacity 1.2.6-->"C:\Program Files\Audacity\unins000.exe"
Avira AntiVir Personal - Free Antivirus-->C:\Program Files\Avira\AntiVir PersonalEdition Classic\SETUP.EXE /REMOVE
Bananarama-->c:\natomic\bananarama\Uninstal.exe
Bonjour-->MsiExec.exe /X{0CB9668D-F979-4F31-B8B8-67FE90F929F8}
Borland Delphi 5-->C:\Windows\IsUn0407.exe -f"C:\Program Files\Borland\Delphi5\Uninst.isu" -cC:\Windows\system32\D5UNINST.DLL
Borland Delphi 7-->MsiExec.exe /I{72263053-50D1-4598-9502-51ED64E54C51}
CCleaner-->"C:\Program Files\CCleaner\uninst.exe"
Cheat Engine 5.5-->"C:\Program Files\Cheat Engine\unins000.exe"
Colour Options 2.0 (beta) for The Sims 2 (and Sims 2 University-->"C:\Windows\unins000.exe"
Compact&Easy-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{28F11027-A8BC-44D3-A59A-CA018ED73E8C}\Setup.exe" -uninst
Compatibility Pack für 2007 Office System-->MsiExec.exe /X{90120000-0020-0407-0000-0000000FF1CE}
Connect-->MsiExec.exe /I{B29AD377-CC12-490A-A480-1452337C618D}
Die Sims 2: Family Fun - Accessoires-->C:\Program Files\EA GAMES\Die Sims 2 Family Fun - Accessoires\EAUninstall.exe
Die Sims 2: Nightlife-->C:\Program Files\EA GAMES\Die Sims 2 Nightlife\EAUninstall.exe
Die Sims 2: Open For Business-->C:\Program Files\EA GAMES\Die Sims 2 Open For Business\EAUninstall.exe
Die Sims 2: Wilde Campus-Jahre-->C:\Program Files\EA GAMES\Die Sims 2 Wilde Campus-Jahre\EAUninstall.exe
Die Sims™ 2 Apartment-Leben-->C:\Program Files\EA GAMES\Die Sims 2 Apartment-Leben\EAUninstall.exe
Die Sims™ 2 Freizeit-Spaß-->C:\Program Files\EA GAMES\Die Sims 2 Freizeit-Spaß\EAUninstall.exe
Die Sims™ 2 Gute Reise-->C:\Program Files\EA GAMES\Die Sims 2 Gute Reise\EAUninstall.exe
Die Sims™ 2 H&M®-Fashion-Accessoires-->C:\Program Files\EA GAMES\Die Sims 2 H&M®-Fashion-Accessoires\EAUninstall.exe
Die Sims™ 2 Haustiere-->C:\Program Files\EA GAMES\Die Sims 2 Haustiere\EAUninstall.exe
Die Sims™ 2 Küchen- und Bad-Einrichtungs-Accessoires-->C:\Program Files\EA GAMES\Die Sims 2 Küchen- und Bad-Einrichtungs-Accessoires\EAUninstall.exe
Die Sims™ 2 Party-Accessoires-->C:\Program Files\EA GAMES\Die Sims 2 Party-Accessoires\EAUninstall.exe
Die Sims™ 2 Vier Jahreszeiten-->C:\Program Files\EA GAMES\Die Sims 2 Vier Jahreszeiten\EAUninstall.exe
Die Sims™ 2: Glamour-Accessoires-->C:\Program Files\EA GAMES\Die Sims 2 Glamour-Accessoires\EAUninstall.exe
Die Sims™ 3-->"C:\Program Files\InstallShield Installation Information\{C05D8CDB-417D-4335-A38C-A0659EDFD6B8}\setup.exe" -runfromtemp -l0x0007 -removeonly
DivX Converter-->C:\ProgramData\DivX\DivX7\DivX Converter\DivXConverterUninstall.exe /CONVERTER
DivX Plus DirectShow Filters-->C:\ProgramData\DivX\DivX7\DivX Plus DirectShow Filters\DivXDSFiltersUninstall.exe /DSFILTERS
DivX-Setup-->C:\ProgramData\DivX\Setup\DivXSetup.exe /uninstall /bundleGroupId divx.com
Dungeon Keeper 2-->C:\Program Files\Bullfrog\Dungeon Keeper II\Uninstall.exe
DVDVideoSoftTB Toolbar-->C:\PROGRA~1\DVDVID~2\UNWISE.EXE /U C:\PROGRA~1\DVDVID~2\INSTALL.LOG
EA Download Manager-->C:\Program Files\Electronic Arts\EADM\Uninstall.exe
Efficient WMA MP3 Converter v0.99.2-->"C:\Program Files\Efficient WMA MP3 Converter\unins000.exe"
Elecard MPEG-2 Decoder&Streaming Plug-in for WMP-->"C:\Program Files\Elecard\Elecard MPEG-2 Decoder&Streaming Plug-in for WMP\Uninstall.exe" "C:\Program Files\Elecard\Elecard MPEG-2 Decoder&Streaming Plug-in for WMP\install.log" -u
Electronic Arts Product Registration-->C:\PROGRA~1\COMMON~1\INSTAL~1\Driver\7\INTEL3~1\IDriver.exe /M{D7D50E0C-27DD-4999-BC05-E026B580F93A} /l1031
FirstSteps Diagnostics-->MsiExec.exe /X{94D66D71-12F0-48A5-B46A-D4B835A0F1B7}
Folder Access 2.1 Free Version-->C:\PROGRA~1\FOLDER~1\UNWISE.EXE C:\PROGRA~1\FOLDER~1\INSTALL.LOG
foobar2000 v1.0.3-->"C:\Program Files\foobar2000\uninstall.exe" _?=C:\Program Files\foobar2000
Fraps-->"C:\Fraps\uninstall.exe"
Free Audio CD Burner version 1.3-->"C:\Program Files\DVDVideoSoft\Free Audio CD Burner\unins000.exe"
Free YouTube to MP3 Converter version 3.5-->"C:\Program Files\DVDVideoSoft\Free YouTube to MP3 Converter\unins001.exe"
FreeMind-->"C:\Program Files\FreeMind\unins000.exe"
Freez FLV to MP3 Converter-->"C:\Program Files\Smallvideosoft\Freez FLV to MP3 Converter\unins000.exe"
FSCLounge-->MsiExec.exe /I{9A3BC157-B94F-4EFD-ABA9-1E56DEB00655}
GeoGebra-->"C:\Program Files\GeoGebra\UninstallerData\Uninstaller.exe"
GIMP 2.6.6-->"C:\Program Files\GIMP-2.0\setup\unins000.exe"
Google Chrome-->"C:\Program Files\Google\Chrome\Application\5.0.375.126\Installer\setup.exe" --uninstall --system-level
Google Earth-->MsiExec.exe /X{F7B0939E-58DF-11DF-B3A6-005056806466}
Google Update Helper-->MsiExec.exe /I{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}
Grand Theft Auto San Andreas-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\10\50\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{086BADF8-9B1F-4E89-B207-2EDA520972D6}\setup.exe" -l0x7 -removeonly
GTA2-->C:\Windows\IsUn0407.exe -f"C:\Program Files\GTA2\Uninst.isu"
Hama Double Action Air Grip-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\11\00\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{975E4CAE-D408-48DA-9346-65D7DB72B7DE}\setup.exe" -l0x7 -removeonly
HP Smart Web Printing-->MsiExec.exe /X{415CDA53-9100-476F-A7B2-476691E117C7}
HP Update-->MsiExec.exe /X{AB40272D-92AB-4F30-B36B-22EDE16F8FE5}
HPSSupply-->MsiExec.exe /X{487B0B9B-DCD4-440D-89A0-A6EDE1A545A3}
HyperCam 2-->"C:\Program Files\HyCam2\UnHyCam2.exe"
ICQ Toolbar-->C:\Program Files\ICQ6Toolbar\ICQUnToolbar.exe
ICQ7.2-->"C:\Program Files\InstallShield Installation Information\{72EFBFE4-C74F-4187-AEFD-73EA3BE968D6}\ICQ7.exe" -runfromtemp -l0x0009 -removeonly
ISO Commander 1.6 (remove only)-->C:\Program Files\ISO Commander\uninst.exe
iTunes-->MsiExec.exe /I{91F7F3F3-CE80-48C3-8327-7D24A0A5716A}
Java DB 10.2.2.0-->MsiExec.exe /X{0ECB59D5-A3FC-4D61-AD3B-6CE679B3F852}
Java(TM) 6 Update 19-->MsiExec.exe /X{26A24AE4-039D-4CA4-87B4-2F83216019FF}
Java(TM) 6 Update 3-->MsiExec.exe /I{3248F0A8-6813-11D6-A77B-00B0D0160030}
Java(TM) SE Development Kit 6 Update 3-->MsiExec.exe /I{32A3A4F4-B792-11D6-A78A-00B0D0160030}
kuler-->MsiExec.exe /I{098727E1-775A-4450-B573-3F441F1CA243}
Last.fm 1.5.4.24567-->"C:\Program Files\Last.fm\unins000.exe"
LEGO Star Wars 2 DEMO-->C:\PROGRA~1\COMMON~1\INSTAL~1\Driver\11\INTEL3~1\IDriver.exe /M{150FEA49-4039-4458-B9D0-F19CC17229FE} /l1031
LEGO Star Wars Demo Disc-->C:\PROGRA~1\COMMON~1\INSTAL~1\Driver\1050\INTEL3~1\IDriver.exe /M{F7D1D93A-B17A-41F8-9070-0B2A544C6165} /l1031
LEGO Star Wars-->C:\PROGRA~1\COMMON~1\INSTAL~1\Driver\1050\INTEL3~1\IDriver.exe /M{E914A24F-2412-4374-B420-86D21D6D444A} /l1031
Lern-o-Mat-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{AC816492-1A38-47FA-975E-D5BDAD8ADCAB}\Setup.exe" -uninst
LiveUpdate 3.2 (Symantec Corporation)-->"C:\Program Files\Symantec\LiveUpdate\LSETUP.EXE" /U
LiveUpdate Notice (Symantec Corporation)-->MsiExec.exe /X{DBA4DB9D-EE51-4944-A419-98AB1F1249C8}
Luxor Amun Rising (remove only)-->C:\Big Fish Games\Luxor Amun Rising\Uninstall.exe
Macro Express 3-->C:\PROGRA~1\MACROE~1\UNWISE.EXE C:\PROGRA~1\MACROE~1\INSTALL.LOG
Magic FLAC to MP3 Converter 3.72-->"C:\Program Files\FLAC to MP3 Converter\unins000.exe"
Mahjong Towers Eternity EU (remove only)-->C:\Big Fish Games\Mahjong Towers Eternity EU\Uninstall.exe
Malwarebytes' Anti-Malware-->"C:\Program Files\Malwarebytes' Anti-Malware\unins000.exe"
Master 2.3 Freeware-->"C:\Program Files\Master\unins000.exe"
Microsoft .NET Framework 1.1 Hotfix (KB929729)-->"C:\Windows\Microsoft.NET\Framework\v1.1.4322\Updates\hotfix.exe" "C:\Windows\Microsoft.NET\Framework\v1.1.4322\Updates\M929729\M929729Uninstall.msp"
Microsoft .NET Framework 1.1-->msiexec.exe /X {CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}
Microsoft .NET Framework 1.1-->MsiExec.exe /X{CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}
Microsoft .NET Framework 3.5 Language Pack - DEU-->c:\Windows\Microsoft.NET\Framework\v3.5\Microsoft .NET Framework 3.5 Language Pack - deu\setup.exe
Microsoft .NET Framework 3.5 Language Pack - deu-->MsiExec.exe /I{1545207E-C6F3-31D7-9918-BDBB65075FBF}
Microsoft .NET Framework 3.5-->C:\Windows\Microsoft.NET\Framework\v3.5\Microsoft .NET Framework 3.5\setup.exe
Microsoft .NET Framework 3.5-->MsiExec.exe /I{2FC099BD-AC9B-33EB-809C-D332E1B27C40}
Microsoft .NET Framework SDK (German) 1.1-->MsiExec.exe /X{63E921D9-799A-44F9-A742-DE3DC968AFEF}
Microsoft Age of Empires II-->"C:\Program Files\Microsoft Games\Age of Empires II\UNINSTAL.EXE" /runtemp /uninstall
Microsoft Office Access MUI (English) 2007-->MsiExec.exe /X{90120000-0015-0409-0000-0000000FF1CE}
Microsoft Office Access Setup Metadata MUI (English) 2007-->MsiExec.exe /X{90120000-0117-0409-0000-0000000FF1CE}
Microsoft Office Enterprise 2007-->"C:\Program Files\Common Files\Microsoft Shared\OFFICE12\Office Setup Controller\setup.exe" /uninstall ENTERPRISE /dll OSETUP.DLL
Microsoft Office Enterprise 2007-->MsiExec.exe /X{90120000-0030-0000-0000-0000000FF1CE}
Microsoft Office Excel MUI (English) 2007-->MsiExec.exe /X{90120000-0016-0409-0000-0000000FF1CE}
Microsoft Office Excel MUI (German) 2007-->MsiExec.exe /X{90120000-0016-0407-0000-0000000FF1CE}
Microsoft Office Groove MUI (English) 2007-->MsiExec.exe /X{90120000-00BA-0409-0000-0000000FF1CE}
Microsoft Office Groove Setup Metadata MUI (English) 2007-->MsiExec.exe /X{90120000-0114-0409-0000-0000000FF1CE}
Microsoft Office Home and Student 2007-->"C:\Program Files\Common Files\Microsoft Shared\OFFICE12\Office Setup Controller\setup.exe" /uninstall HOMESTUDENTR /dll OSETUP.DLL
Microsoft Office Home and Student 2007-->MsiExec.exe /X{91120000-002F-0000-0000-0000000FF1CE}
Microsoft Office InfoPath MUI (English) 2007-->MsiExec.exe /X{90120000-0044-0409-0000-0000000FF1CE}
Microsoft Office OneNote MUI (English) 2007-->MsiExec.exe /X{90120000-00A1-0409-0000-0000000FF1CE}
Microsoft Office OneNote MUI (German) 2007-->MsiExec.exe /X{90120000-00A1-0407-0000-0000000FF1CE}
Microsoft Office Outlook MUI (English) 2007-->MsiExec.exe /X{90120000-001A-0409-0000-0000000FF1CE}
Microsoft Office PowerPoint MUI (English) 2007-->MsiExec.exe /X{90120000-0018-0409-0000-0000000FF1CE}
Microsoft Office PowerPoint MUI (German) 2007-->MsiExec.exe /X{90120000-0018-0407-0000-0000000FF1CE}
Microsoft Office PowerPoint Viewer 2007 (German)-->MsiExec.exe /X{95120000-00AF-0407-0000-0000000FF1CE}
Microsoft Office Proof (English) 2007-->MsiExec.exe /X{90120000-001F-0409-0000-0000000FF1CE}
Microsoft Office Proof (French) 2007-->MsiExec.exe /X{90120000-001F-040C-0000-0000000FF1CE}
Microsoft Office Proof (German) 2007-->MsiExec.exe /X{90120000-001F-0407-0000-0000000FF1CE}
Microsoft Office Proof (Italian) 2007-->MsiExec.exe /X{90120000-001F-0410-0000-0000000FF1CE}
Microsoft Office Proof (Spanish) 2007-->MsiExec.exe /X{90120000-001F-0C0A-0000-0000000FF1CE}
Microsoft Office Proofing (English) 2007-->MsiExec.exe /X{90120000-002C-0409-0000-0000000FF1CE}
Microsoft Office Proofing (German) 2007-->MsiExec.exe /X{90120000-002C-0407-0000-0000000FF1CE}
Microsoft Office Publisher MUI (English) 2007-->MsiExec.exe /X{90120000-0019-0409-0000-0000000FF1CE}
Microsoft Office Shared MUI (English) 2007-->MsiExec.exe /X{90120000-006E-0409-0000-0000000FF1CE}
Microsoft Office Shared MUI (German) 2007-->MsiExec.exe /X{90120000-006E-0407-0000-0000000FF1CE}
Microsoft Office Shared Setup Metadata MUI (English) 2007-->MsiExec.exe /X{90120000-0115-0409-0000-0000000FF1CE}
Microsoft Office Word MUI (English) 2007-->MsiExec.exe /X{90120000-001B-0409-0000-0000000FF1CE}
Microsoft Office Word MUI (German) 2007-->MsiExec.exe /X{90120000-001B-0407-0000-0000000FF1CE}
Microsoft Silverlight-->MsiExec.exe /X{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}
Microsoft SQL Server Compact 3.5 Design Tools DEU-->MsiExec.exe /X{E32260E7-0B10-43C7-9B77-AB9F4184676D}
Microsoft SQL Server Compact 3.5 DEU-->MsiExec.exe /I{159098AF-4EB8-4C10-B0C6-24CDA32B45F9}
Microsoft Virtual PC 2007-->MsiExec.exe /X{8A7CAA24-7B23-410B-A7C3-F994B0944160}
Microsoft Visual Basic 2005 Express Edition - DEU-->C:\Program Files\Microsoft Visual Studio 8\Microsoft Visual Basic 2005 Express Edition - DEU\setup.exe
Microsoft Visual Basic 2008 Express Edition - DEU-->C:\Program Files\Microsoft Visual Studio 9.0\Microsoft Visual Basic 2008 Express Edition - DEU\setup.exe
Microsoft Visual Basic 2008 Express Edition - DEU-->MsiExec.exe /X{56403FFF-145E-35C5-A090-96598BE57FB8}
Microsoft Visual C++ 2005 Redistributable-->MsiExec.exe /X{7299052b-02a4-4627-81f2-1818da5d550d}
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17-->MsiExec.exe /X{9A25302D-30C0-39D9-BD6F-21E6EC160475}
Microsoft Visual J# 2.0 Redistributable Package-->C:\Windows\Microsoft.NET\Framework\v2.0.50727\Microsoft Visual J# 2.0 Redistributable Package\install.exe
Microsoft Windows SDK for Visual Studio 2008 Express Tools for .NET Framework-->MsiExec.exe /X{C07B8BC4-AFD9-3AA4-BDF5-330A07591FDE}
Microsoft Windows SDK for Visual Studio 2008 Express Tools for Win32-->MsiExec.exe /X{07FCBED5-94C3-4F94-B9D3-360FA27C7B06}
Microsoft Works-->MsiExec.exe /I{39D0E034-1042-4905-BECB-5502909FCB7C}
Microsoft WSE 3.0 Runtime-->MsiExec.exe /X{E3E71D07-CD27-46CB-8448-16D4FB29AA13}
Movavi VideoSuite 5-->MsiExec.exe /I{7BE667F1-6643-4469-A830-6C360B1A036F}
Mozilla Firefox (3.6.8)-->C:\Program Files\Mozilla Firefox\uninstall\helper.exe
MSXML 4.0 SP2 (KB941833)-->MsiExec.exe /I{C523D256-313D-4866-B36A-F3DE528246EF}
MSXML 4.0 SP2 (KB954430)-->MsiExec.exe /I{86493ADD-824D-4B8E-BD72-8C5DCDC52A71}
Mystery Case Files - Prime Suspects (remove only)-->C:\Big Fish Games\Mystery Case Files - Prime Suspects\Uninstall.exe
Nero 7 Essentials-->MsiExec.exe /X{81CD6232-10F5-4832-B3DA-1B88B1571031}
Netscape Navigator (9.0.0.6)-->C:\Program Files\Netscape\Navigator 9\uninstall\helper.exe
Norton Security Scan-->C:\Program Files\NortonInstaller\{397E31AA-0D78-4649-A01C-339D73A2ED35}\NSS\LicenseType\2.7.3.34\InstStub.exe /X
NVIDIA Drivers-->C:\Windows\system32\nvuninst.exe UninstallGUI
OpenAL-->"C:\Program Files\OpenAL\oalinst.exe" /U
OpenOffice.org 2.4-->MsiExec.exe /I{CCD90636-D97D-4130-A44A-3AD4E63B9220}
Opera 9.26-->MsiExec.exe /X{FB706A00-C234-4716-AB1F-27DCB192C664}
Pando Media Booster-->C:\Program Files\Pando Networks\Media Booster\uninst.exe
PCSX2 - Playstation 2 Emulator-->C:\Program Files\PCSX2 0.9.7\Uninst-pcsx2-r3113.exe
Pcsx2 0.9.6-->MsiExec.exe /I{0E2B767B-EA6A-489B-BF83-8083FE1DB661}
PDF Settings CS4-->MsiExec.exe /I{35D94F92-1D3A-43C5-8605-EA268B1A7BD9}
Photoshop Camera Raw-->MsiExec.exe /I{CC75AB5C-2110-4A7F-AF52-708680D22FE8}
Poker Superstars II (remove only)-->C:\Big Fish Games\Poker Superstars II\Uninstall.exe
PowerISO-->"C:\Program Files\PowerISO\uninstall.exe"
QuickTime-->MsiExec.exe /I{EB900AF8-CC61-4E15-871B-98D1EA3E8025}
RealPlayer-->C:\Program Files\Common Files\Real\Update_OB\r1puninst.exe RealNetworks|RealPlayer|6.0
Realtek High Definition Audio Driver-->RtlUpd.exe -r -m
Safari-->MsiExec.exe /X{0AFC9710-5DD6-4C6A-BA52-91AE992B2C9D}
Softonic_Deutsch Toolbar-->C:\PROGRA~1\SOFTON~1\UNWISE.EXE C:\PROGRA~1\SOFTON~1\INSTALL.LOG
Spesoft Audio Converter 2.30-->"C:\Program Files\Spesoft Audio Converter\unins000.exe"
Streamripper (Remove only)-->C:\Program Files\Streamripper\Uninstall.exe
Suite Shared Configuration CS4-->MsiExec.exe /I{842B4B72-9E8F-4962-B3C1-1C422A5C4434}
Super nude patch II 2.8-->C:\Windows\iun6002.exe "C:\Users\Fabian\Documents\EA Games\The Sims 2\irunin.ini"
TIPP10 Version 2.0.3-->"C:\Program Files\Tipp10\unins000.exe"
Uninstall 1.0.0.1-->"C:\Program Files\Common Files\DVDVideoSoft\unins000.exe"
VC Runtimes MSI-->MsiExec.exe /X{FF29527A-44CD-3422-945E-981A13584000}
VC80CRTRedist - 8.0.50727.4053-->MsiExec.exe /I{5EE7D259-D137-4438-9A5F-42F432EC0421}
VideoLAN VLC media player 0.8.6h-->C:\Program Files\VideoLAN\VLC\uninstall.exe
VoiceOver Kit-->MsiExec.exe /I{FB26A501-6BA6-459B-89AA-9736730752FB}
WAV to MP3-->C:\WAVTOMP3\Uninstal.exe
Winamp-->"C:\Program Files\Winamp\UninstWA.exe"
WinRAR-->C:\Program Files\WinRAR\uninstall.exe
Yu-Gi-Oh! Power of Chaos YUGI THE DESTINY-->MsiExec.exe /I{3571656A-575D-4CED-809D-5547587121FF}
======Hosts File======
127.0.0.1 localhost
======Security center information======
AV: Avira AntiVir PersonalEdition (outdated)
AV: Kaspersky Internet Security
FW: Kaspersky Internet Security (disabled)
AS: Spyware Doctor
AS: Avira AntiVir PersonalEdition
AS: Windows-Defender (outdated)
AS: Kaspersky Internet Security
======System event log======
Computer Name: Fabian-PC
Event Code: 10029
Message: DCOM hat den Dienst LiveUpdate mit den Argumenten "" gestartet, um den Server auszuführen:
{03E0E6C2-363B-11D3-B536-00902771A435}
Record Number: 302491
Source Name: Microsoft-Windows-DistributedCOM
Time Written: 20100903111602.000000-000
Event Type: Informationen
User:
Computer Name: Fabian-PC
Event Code: 7036
Message: Dienst "LiveUpdate" befindet sich jetzt im Status "Ausgeführt".
Record Number: 302492
Source Name: Service Control Manager
Time Written: 20100903111602.000000-000
Event Type: Informationen
User:
Computer Name: Fabian-PC
Event Code: 7036
Message: Dienst "LiveUpdate" befindet sich jetzt im Status "Beendet".
Record Number: 302493
Source Name: Service Control Manager
Time Written: 20100903111626.000000-000
Event Type: Informationen
User:
Computer Name: Fabian-PC
Event Code: 7036
Message: Dienst "WinHTTP-Web Proxy Auto-Discovery-Dienst" befindet sich jetzt im Status "Beendet".
Record Number: 302494
Source Name: Service Control Manager
Time Written: 20100903112745.000000-000
Event Type: Informationen
User:
Computer Name: Fabian-PC
Event Code: 3004
Message: Vom Windows-Defender-Echtzeitschutz-Agent wurden Änderungen erkannt. Microsoft empfiehlt, die Software, die diese Änderungen vorgenommen hat, zu analysieren, um potenzielle Risiken festzustellen. Sie können anhand der Informationen über die Funktionsweise dieser Programme entscheiden, ob die Software ausgeführt werden kann oder vom Computer entfernt werden soll. Lassen Sie nur Änderungen zu, wenn das Programm oder der Softwareherausgeber vertrauenswürdig ist. Windows-Defender kann Änderungen, die Sie zugelassen haben, nicht mehr rückgängig machen.
Weitere Informationen finden Sie im Folgenden:
Nicht zutreffend
Scan-ID: {9549D09A-5633-4795-BB16-42D9FFD8AE52}
Benutzer: Fabian-PC\Fabian
Name: Unknown
ID:
Schweregrad-ID:
Kategorie-ID:
Gefundener Pfad: file:C:\Windows\system32\drivers\etc\hosts
Warnungsart: Nicht klassifizierte Software
Feststellungstyp:
Record Number: 302495
Source Name: Microsoft-Windows-Windows Defender
Time Written: 20100903120806.000000-000
Event Type: Warnung
User:
=====Application event log=====
Computer Name: Fabian-PC
Event Code: 5007
Message: Die Zieldatei für die Windows-Feedbackplattform (eine DLL-Datei, die eine Liste der auf diesem Computer aufgetretenen Probleme enthält, für deren Diagnose das Sammeln zusätzlicher Daten erforderlich ist) konnte nicht analysiert werden. Fehlercode 8014FFF9.
Record Number: 107594
Source Name: WerSvc
Time Written: 20100903111718.000000-000
Event Type: Fehler
User:
Computer Name: Fabian-PC
Event Code: 1001
Message: Die Leistungsindikatoren für den Dienst WmiApRpl (WmiApRpl) wurden entfernt. Die Daten enthalten die neuen Werte der Registrierungseinträge "Last Counter" und "Last Help".
Record Number: 107595
Source Name: Microsoft-Windows-LoadPerf
Time Written: 20100903111718.000000-000
Event Type: Informationen
User:
Computer Name: Fabian-PC
Event Code: 1000
Message: Die Leistungsindikatoren für den Dienst WmiApRpl (WmiApRpl) wurden erfolgreich geladen. Die Eintragsdaten im Datenbereich enthalten die neuen Indexwerte, die diesem Dienst zugeordnet sind.
Record Number: 107596
Source Name: Microsoft-Windows-LoadPerf
Time Written: 20100903111719.000000-000
Event Type: Informationen
User:
Computer Name: Fabian-PC
Event Code: 6000
Message: Der Winlogon-Benachrichtigungsabonnent <SessionEnv> war nicht verfügbar, um das Benachrichtigungsereignis zu verarbeiten.
Record Number: 107597
Source Name: Microsoft-Windows-Winlogon
Time Written: 20100903112209.000000-000
Event Type: Informationen
User:
Computer Name: Fabian-PC
Event Code: 6000
Message: Der Winlogon-Benachrichtigungsabonnent <SessionEnv> war nicht verfügbar, um das Benachrichtigungsereignis zu verarbeiten.
Record Number: 107598
Source Name: Microsoft-Windows-Winlogon
Time Written: 20100903113149.000000-000
Event Type: Informationen
User:
=====Security event log=====
Computer Name: Fabian-PC
Event Code: 4672
Message: Einer neuen Anmeldung wurden besondere Rechte zugewiesen.
Antragsteller:
Sicherheits-ID: S-1-5-18
Kontoname: SYSTEM
Kontodomäne: NT-AUTORITÄT
Anmelde-ID: 0x3e7
Berechtigungen: SeAssignPrimaryTokenPrivilege
SeTcbPrivilege
SeSecurityPrivilege
SeTakeOwnershipPrivilege
SeLoadDriverPrivilege
SeBackupPrivilege
SeRestorePrivilege
SeDebugPrivilege
SeAuditPrivilege
SeSystemEnvironmentPrivilege
SeImpersonatePrivilege
Record Number: 132016
Source Name: Microsoft-Windows-Security-Auditing
Time Written: 20100903111546.166984-000
Event Type: Überwachung erfolgreich
User:
Computer Name: Fabian-PC
Event Code: 4648
Message: Anmeldeversuch mit expliziten Anmeldeinformationen.
Antragsteller:
Sicherheits-ID: S-1-5-18
Kontoname: FABIAN-PC$
Kontodomäne: WORKGROUP
Anmelde-ID: 0x3e7
Anmelde-GUID: {00000000-0000-0000-0000-000000000000}
Konto, dessen Anmeldeinformationen verwendet wurden:
Kontoname: Fabian
Kontodomäne: Fabian-PC
Anmelde-GUID: {00000000-0000-0000-0000-000000000000}
Zielserver:
Zielservername: localhost
Weitere Informationen: localhost
Prozessinformationen:
Prozess-ID: 0x1638
Prozessname: C:\Windows\System32\winlogon.exe
Netzwerkinformationen:
Netzwerkadresse: 127.0.0.1
Port: 0
Dieses Ereignis wird bei einem Anmeldeversuch durch einen Prozess generiert, wenn ausdrücklich die Anmeldeinformationen des Kontos angegeben werden. Dies ist normalerweise der Fall in Batch-Konfigurationen, z. B. bei geplanten Aufgaben oder wenn der Befehl "runas" verwendet wird.
Record Number: 132017
Source Name: Microsoft-Windows-Security-Auditing
Time Written: 20100903113147.186984-000
Event Type: Überwachung erfolgreich
User:
Computer Name: Fabian-PC
Event Code: 4624
Message: Ein Konto wurde erfolgreich angemeldet.
Antragsteller:
Sicherheits-ID: S-1-5-18
Kontoname: FABIAN-PC$
Kontodomäne: WORKGROUP
Anmelde-ID: 0x3e7
Anmeldetyp: 2
Neue Anmeldung:
Sicherheits-ID: S-1-5-21-1054673845-2891796712-3211906163-1000
Kontoname: Fabian
Kontodomäne: Fabian-PC
Anmelde-ID: 0x21ade1
Anmelde-GUID: {00000000-0000-0000-0000-000000000000}
Prozessinformationen:
Prozess-ID: 0x1638
Prozessname: C:\Windows\System32\winlogon.exe
Netzwerkinformationen:
Arbeitsstationsname: FABIAN-PC
Quellnetzwerkadresse: 127.0.0.1
Quellport: 0
Detaillierte Authentifizierungsinformationen:
Anmeldeprozess: User32
Authentifizierungspaket: Negotiate
Übertragene Dienste: -
Paketname (nur NTLM): -
Schlüssellänge: 0
Dieses Ereignis wird beim Erstellen einer Anmeldesitzung generiert. Es wird auf dem Computer generiert, auf den zugegriffen wurde.
Die Antragstellerfelder geben das Konto auf dem lokalen System an, von dem die Anmeldung angefordert wurde. Dies ist meistens ein Dienst wie der Serverdienst oder ein lokaler Prozess wie "Winlogon.exe" oder "Services.exe".
Das Anmeldetypfeld gibt den jeweiligen Anmeldetyp an. Die häufigsten Typen sind 2 (interaktiv) und 3 (Netzwerk).
Die Felder für die neue Anmeldung geben das Konto an, für das die Anmeldung erstellt wurde, d. h. das angemeldete Konto.
Die Netzwerkfelder geben die Quelle einer Remoteanmeldeanforderung an. der Arbeitsstationsname ist nicht immer verfügbar und kann in manchen Fällen leer bleiben.
Die Felder für die Authentifizierungsinformationen enthalten detaillierte Informationen zu dieser speziellen Anmeldeanforderung.
- Die Anmelde-GUID ist ein eindeutiger Bezeichner, der verwendet werden kann, um dieses Ereignis mit einem KDC-Ereignis zu korrelieren.
- Die übertragenen Dienste geben an, welche Zwischendienste an der Anmeldeanforderung beteiligt waren.
- Der Paketname gibt das in den NTLM-Protokollen verwendete Unterprotokoll an.
- Die Schlüssellänge gibt die Länge des generierten Sitzungsschlüssels an. Wenn kein Sitzungsschlüssel angefordert wurde, ist dieser Wert 0.
Record Number: 132018
Source Name: Microsoft-Windows-Security-Auditing
Time Written: 20100903113147.186984-000
Event Type: Überwachung erfolgreich
User:
Computer Name: Fabian-PC
Event Code: 4672
Message: Einer neuen Anmeldung wurden besondere Rechte zugewiesen.
Antragsteller:
Sicherheits-ID: S-1-5-21-1054673845-2891796712-3211906163-1000
Kontoname: Fabian
Kontodomäne: Fabian-PC
Anmelde-ID: 0x21ade1
Berechtigungen: SeSecurityPrivilege
SeBackupPrivilege
SeRestorePrivilege
SeTakeOwnershipPrivilege
SeDebugPrivilege
SeSystemEnvironmentPrivilege
SeLoadDriverPrivilege
SeImpersonatePrivilege
Record Number: 132019
Source Name: Microsoft-Windows-Security-Auditing
Time Written: 20100903113147.186984-000
Event Type: Überwachung erfolgreich
User:
Computer Name: Fabian-PC
Event Code: 4634
Message: Ein Konto wurde abgemeldet.
Antragsteller:
Sicherheits-ID: S-1-5-21-1054673845-2891796712-3211906163-1000
Kontoname: Fabian
Kontodomäne: Fabian-PC
Anmelde-ID: 0x21ade1
Anmeldetyp: 2
Dieses Ereignis wird generiert, wenn eine Anmeldesitzung zerstört wird. Es kann anhand des Wertes der Anmelde-ID positiv mit einem Anmeldeereignis korreliert werden. Anmelde-IDs sind nur zwischen Neustarts auf demselben Computer eindeutig.
Record Number: 132020
Source Name: Microsoft-Windows-Security-Auditing
Time Written: 20100903113149.371984-000
Event Type: Überwachung erfolgreich
User:
======Environment variables======
"ComSpec"=%SystemRoot%\system32\cmd.exe
"FP_NO_HOST_CHECK"=NO
"OS"=Windows_NT
"Path"=C:\Dephi\Bin;C:\Dephi\Projects\Bpl\;C:\PROGRA~1\Borland\Delphi5\Projects\Bpl;C:\PROGRA~1\Borland\vbroker\jre\Bin;C:\PROGRA~1\Borland\vbroker\Bin;C:\PROGRA~1\Borland\Delphi5\Bin;%SystemRoot%\system32;%SystemRoot%;%SystemRoot%\System32\Wbem;C:\Program Files\Common Files\DivX Shared\;C:\Program Files\Common Files\Adobe\AGL;C:\Program Files\QuickTime\QTSystem\
"PATHEXT"=.COM;.EXE;.BAT;.CMD;.VBS;.VBE;.JS;.JSE;.WSF;.WSH;.MSC
"PROCESSOR_ARCHITECTURE"=x86
"TEMP"=%SystemRoot%\TEMP
"TMP"=%SystemRoot%\TEMP
"USERNAME"=SYSTEM
"windir"=%SystemRoot%
"PROCESSOR_LEVEL"=15
"PROCESSOR_IDENTIFIER"=x86 Family 15 Model 67 Stepping 3, AuthenticAMD
"PROCESSOR_REVISION"=4303
"NUMBER_OF_PROCESSORS"=2
"asl.log"=Destination=file;OnFirstLog=command,environment,parent
"CLASSPATH"=.;C:\Program Files\Java\jre6\lib\ext\QTJava.zip
"QTJAVA"=C:\Program Files\Java\jre6\lib\ext\QTJava.zip
-----------------EOF-----------------
LG |
|
03.09.2010, 15:25
| #2 |
| /// Malware-holic   | Security Tool sorry wer keine windows updates macht, sollte sich nicht wundern!
__________________ootl: Systemscan mit OTL download otl: http://filepony.de/download-otl/ Doppelklick auf die OTL.exe (user von Windows 7 und Vista: Rechtsklick als Administrator ausführen) 1. Oben findest Du ein Kästchen mit Output. Wähle bitte Minimal Output 2. Hake an "scan all users" 3. Unter "Extra Registry wähle: "Use Safelist" "LOP Check" "Purity Check" 4. Kopiere in die Textbox: netsvcs msconfig safebootminimal safebootnetwork activex drivers32 %ALLUSERSPROFILE%\Application Data\*. %ALLUSERSPROFILE%\Application Data\*.exe /s %APPDATA%\*. %APPDATA%\*.exe /s %SYSTEMDRIVE%\*.exe /md5start userinit.exe eventlog.dll scecli.dll netlogon.dll cngaudit.dll ws2ifsl.sys sceclt.dll ntelogon.dll winlogon.exe logevent.dll user32.DLL iaStor.sys nvstor.sys atapi.sys IdeChnDr.sys viasraid.sys AGP440.sys vaxscsi.sys nvatabus.sys viamraid.sys nvata.sys nvgts.sys iastorv.sys ViPrt.sys eNetHook.dll ahcix86.sys KR10N.sys nvstor32.sys ahcix86s.sys /md5stop %systemroot%\system32\drivers\*.sys /lockedfiles %systemroot%\System32\config\*.sav %systemroot%\*. /mp /s %systemroot%\system32\*.dll /lockedfiles CREATERESTOREPOINT 5. Klicke "Scan" 6. 2 reporte werden erstellt: OTL.Txt Extras.Txt poste beide |
|
03.09.2010, 17:15
| #3 |
| | Security Tool Also bei mir wurde nur einer ersetllt ._.
__________________Code:
ATTFilter OTL logfile created on: 03.09.2010 17:44:49 - Run 1 OTL by OldTimer - Version 3.2.11.0 Folder = C:\Users\Fabian\Downloads Windows Vista Home Premium Edition (Version = 6.0.6000) - Type = NTWorkstation Internet Explorer (Version = 7.0.6000.16809) Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy 3,00 Gb Total Physical Memory | 2,00 Gb Available Physical Memory | 62,00% Memory free 6,00 Gb Paging File | 5,00 Gb Available in Paging File | 81,00% Paging File free Paging file location(s): ?:\pagefile.sys [binary data] %SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files Drive C: | 303,35 Gb Total Space | 140,34 Gb Free Space | 46,26% Space Free | Partition Type: NTFS Drive D: | 149,72 Gb Total Space | 28,87 Gb Free Space | 19,28% Space Free | Partition Type: NTFS E: Drive not present or media not loaded F: Drive not present or media not loaded G: Drive not present or media not loaded H: Drive not present or media not loaded I: Drive not present or media not loaded Drive Z: | 995,00 Mb Total Space | 994,99 Mb Free Space | 100,00% Space Free | Partition Type: FAT32 Computer Name: FABIAN-PC Current User Name: Fabian Logged in as Administrator. Current Boot Mode: Normal Scan Mode: All users Company Name Whitelist: On Skip Microsoft Files: Off File Age = 30 Days Output = Minimal ========== Processes (SafeList) ========== PRC - C:\Users\Fabian\Downloads\OTL.exe (OldTimer Tools) PRC - C:\Programme\ICQ7.2\ICQ.exe (ICQ, LLC.) PRC - C:\Programme\Mozilla Firefox\plugin-container.exe (Mozilla Corporation) PRC - C:\Programme\Mozilla Firefox\firefox.exe (Mozilla Corporation) PRC - C:\Programme\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe (Apple Inc.) PRC - C:\Programme\ICQ6Toolbar\ICQ Service.exe () PRC - C:\Programme\DivX\DivX Update\DivXUpdate.exe () PRC - C:\Programme\PowerISO\PWRISOVM.EXE (PowerISO Computing, Inc.) PRC - C:\Programme\Pando Networks\Media Booster\PMB.exe () PRC - C:\Windows\explorer.exe (Microsoft Corporation) PRC - C:\Programme\Microsoft Office\Office12\GrooveMonitor.exe (Microsoft Corporation) PRC - C:\Programme\Avira\AntiVir PersonalEdition Classic\sched.exe (Avira GmbH) PRC - C:\Programme\Avira\AntiVir PersonalEdition Classic\avgnt.exe (Avira GmbH) PRC - C:\Programme\Avira\AntiVir PersonalEdition Classic\avguard.exe (Avira GmbH) PRC - C:\Windows\RtHDVCpl.exe (Realtek Semiconductor) PRC - C:\Programme\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe (Symantec Corporation) PRC - C:\Programme\Common Files\Real\Update_OB\realsched.exe (RealNetworks, Inc.) PRC - C:\Programme\Windows Sidebar\sidebar.exe (Microsoft Corporation) PRC - C:\Programme\Adobe\Reader 8.0\Reader\Reader_SL.exe (Adobe Systems Incorporated) PRC - C:\Programme\Symantec\LiveUpdate\AluSchedulerSvc.exe (Symantec Corporation) PRC - C:\Programme\Alcohol Soft\Alcohol 120\StarWind\StarWindServiceAE.exe (Rocket Division Software) PRC - C:\Programme\Windows Defender\MSASCui.exe (Microsoft Corporation) PRC - C:\FirstSteps\OnlineDiagnostic\TestManager\TestHandler.exe (Fujitsu Siemens Computers) PRC - C:\Windows\System32\wpcumi.exe (Microsoft Corporation) PRC - C:\Programme\Common Files\microsoft shared\VS7Debug\mdm.exe (Microsoft Corporation) ========== Modules (SafeList) ========== MOD - C:\Users\Fabian\Downloads\OTL.exe (OldTimer Tools) MOD - C:\Windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.6000.20656_none_463680b8218be5a3\comctl32.dll (Microsoft Corporation) MOD - C:\Windows\System32\msscript.ocx (Microsoft Corporation) ========== Win32 Services (SafeList) ========== SRV - (sdCoreService) -- C:\Program Files\Spyware Doctor\swdsvc.exe File not found SRV - (sdAuxService) -- C:\Program Files\Spyware Doctor\svcntaux.exe File not found SRV - (osagent) -- C:\PROGRA~1\Borland\vbroker\bin\osagent.exe File not found SRV - (oad) -- C:\PROGRA~1\Borland\vbroker\bin\oad.exe File not found SRV - (LiveUpdate Notice Ex) -- c:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe File not found SRV - (LckFldService) -- C:\Windows\System32\LckFldService.exe File not found SRV - (CLTNetCnService) -- c:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe File not found SRV - (Apple Mobile Device) -- C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe (Apple Inc.) SRV - (ICQ Service) -- C:\Programme\ICQ6Toolbar\ICQ Service.exe () SRV - (FLEXnet Licensing Service) -- C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe (Acresso Software Inc.) SRV - (AntiVirScheduler) -- C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe (Avira GmbH) SRV - (AntiVirService) -- C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe (Avira GmbH) SRV - (LiveUpdate Notice Service) -- C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe (Symantec Corporation) SRV - (LiveUpdate) -- C:\Programme\Symantec\LiveUpdate\LuComServer_3_2.EXE (Symantec Corporation) SRV - (Automatisches LiveUpdate - Scheduler) -- C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe (Symantec Corporation) SRV - (StarWindServiceAE) -- C:\Programme\Alcohol Soft\Alcohol 120\StarWind\StarWindServiceAE.exe (Rocket Division Software) SRV - (WinDefend) -- C:\Programme\Windows Defender\MpSvc.dll (Microsoft Corporation) SRV - (TestHandler) -- C:\FirstSteps\OnlineDiagnostic\TestManager\TestHandler.exe (Fujitsu Siemens Computers) ========== Driver Services (SafeList) ========== DRV - (VBoxNetFlt) -- C:\Windows\System32\DRIVERS\VBoxNetFlt.sys File not found DRV - (NwlnkFwd) -- C:\Windows\System32\DRIVERS\nwlnkfwd.sys File not found DRV - (NwlnkFlt) -- C:\Windows\System32\DRIVERS\nwlnkflt.sys File not found DRV - (IpInIp) -- C:\Windows\System32\DRIVERS\ipinip.sys File not found DRV - (blbdrive) -- C:\Windows\System32\drivers\blbdrive.sys File not found DRV - (eeCtrl) -- C:\Programme\Common Files\Symantec Shared\EENGINE\eeCtrl.sys (Symantec Corporation) DRV - (VBoxNetAdp) -- C:\Windows\System32\drivers\VBoxNetAdp.sys (Sun Microsystems, Inc.) DRV - (SCDEmu) -- C:\Windows\System32\drivers\scdemu.sys (PowerISO Computing, Inc.) DRV - (avipbb) -- C:\Windows\System32\drivers\avipbb.sys (Avira GmbH) DRV - (avgntflt) -- C:\Programme\Avira\AntiVir PersonalEdition Classic\avgntflt.sys (Avira GmbH) DRV - (sptd) -- C:\Windows\System32\Drivers\sptd.sys () DRV - (ssmdrv) -- C:\Windows\System32\drivers\ssmdrv.sys (AVIRA GmbH) DRV - (IntcAzAudAddService) Service for Realtek HD Audio (WDM) -- C:\Windows\System32\drivers\RTKVHDA.sys (Realtek Semiconductor Corp.) DRV - (RTL8169) -- C:\Windows\System32\drivers\Rtlh86.sys (Realtek Corporation ) DRV - (GRD) -- C:\Windows\System32\drivers\GRD.sys (G DATA Software) DRV - (nvlddmkm) -- C:\Windows\System32\drivers\nvlddmkm.sys (NVIDIA Corporation) DRV - (IKSysSec) -- C:\Windows\System32\drivers\iksyssec.sys (PCTools Research Pty Ltd.) DRV - (IKSysFlt) -- C:\Windows\System32\drivers\iksysflt.sys (PCTools Research Pty Ltd.) DRV - (IKFileSec) -- C:\Windows\system32\drivers\ikfilesec.sys (PCTools Research Pty Ltd.) DRV - (iaStor) -- C:\Windows\system32\drivers\iastor.sys (Intel Corporation) DRV - (nvrd32) -- C:\Windows\system32\drivers\nvrd32.sys (NVIDIA Corporation) DRV - (nvstor32) -- C:\Windows\system32\drivers\nvstor32.sys (NVIDIA Corporation) DRV - (JRAID) -- C:\Windows\system32\drivers\jraid.sys (JMicron Technology Corp.) DRV - (avgio) -- C:\Programme\Avira\AntiVir PersonalEdition Classic\avgio.sys (Avira GmbH) DRV - (vmm) -- C:\Windows\System32\drivers\VMM.sys (Microsoft Corporation) DRV - (USB28xxBGA) -- C:\Windows\System32\drivers\emBDA.sys (eMPIA Technology, Inc.) DRV - (USB28xxOEM) -- C:\Windows\System32\drivers\emOEM.sys (eMPIA Technology, Inc.) DRV - (VPCNetS2) -- C:\Windows\System32\drivers\VMNetSrv.sys (Microsoft Corporation) DRV - (ql2300) -- C:\Windows\system32\drivers\ql2300.sys (QLogic Corporation) DRV - (adp94xx) -- C:\Windows\system32\drivers\adp94xx.sys (Adaptec, Inc.) DRV - (elxstor) -- C:\Windows\system32\drivers\elxstor.sys (Emulex) DRV - (adpahci) -- C:\Windows\system32\drivers\adpahci.sys (Adaptec, Inc.) DRV - (uliahci) -- C:\Windows\system32\drivers\uliahci.sys (ULi Electronics Inc.) DRV - (iaStorV) -- C:\Windows\system32\drivers\iastorv.sys (Intel Corporation) DRV - (adpu320) -- C:\Windows\system32\drivers\adpu320.sys (Adaptec, Inc.) DRV - (ulsata2) -- C:\Windows\system32\drivers\ulsata2.sys (Promise Technology, Inc.) DRV - (vsmraid) -- C:\Windows\system32\drivers\vsmraid.sys (VIA Technologies Inc.,Ltd) DRV - (ql40xx) -- C:\Windows\system32\drivers\ql40xx.sys (QLogic Corporation) DRV - (UlSata) -- C:\Windows\system32\drivers\ulsata.sys (Promise Technology, Inc.) DRV - (adpu160m) -- C:\Windows\system32\drivers\adpu160m.sys (Adaptec, Inc.) DRV - (nvraid) -- C:\Windows\system32\drivers\nvraid.sys (NVIDIA Corporation) DRV - (nfrd960) -- C:\Windows\system32\drivers\nfrd960.sys (IBM Corporation) DRV - (iirsp) -- C:\Windows\system32\drivers\iirsp.sys (Intel Corp./ICP vortex GmbH) DRV - (SiSRaid4) -- C:\Windows\system32\drivers\sisraid4.sys (Silicon Integrated Systems) DRV - (nvstor) -- C:\Windows\system32\drivers\nvstor.sys (NVIDIA Corporation) DRV - (aic78xx) -- C:\Windows\system32\drivers\djsvs.sys (Adaptec, Inc.) DRV - (arcsas) -- C:\Windows\system32\drivers\arcsas.sys (Adaptec, Inc.) DRV - (LSI_SCSI) -- C:\Windows\system32\drivers\lsi_scsi.sys (LSI Logic) DRV - (SiSRaid2) -- C:\Windows\system32\drivers\sisraid2.sys (Silicon Integrated Systems Corp.) DRV - (HpCISSs) -- C:\Windows\system32\drivers\hpcisss.sys (Hewlett-Packard Company) DRV - (arc) -- C:\Windows\system32\drivers\arc.sys (Adaptec, Inc.) DRV - (iteraid) -- C:\Windows\system32\drivers\iteraid.sys (Integrated Technology Express, Inc.) DRV - (iteatapi) -- C:\Windows\system32\drivers\iteatapi.sys (Integrated Technology Express, Inc.) DRV - (LSI_SAS) -- C:\Windows\system32\drivers\lsi_sas.sys (LSI Logic) DRV - (Symc8xx) -- C:\Windows\system32\drivers\symc8xx.sys (LSI Logic) DRV - (LSI_FC) -- C:\Windows\system32\drivers\lsi_fc.sys (LSI Logic) DRV - (Sym_u3) -- C:\Windows\system32\drivers\sym_u3.sys (LSI Logic) DRV - (Mraid35x) -- C:\Windows\system32\drivers\mraid35x.sys (LSI Logic Corporation) DRV - (Sym_hi) -- C:\Windows\system32\drivers\sym_hi.sys (LSI Logic) DRV - (megasas) -- C:\Windows\system32\drivers\megasas.sys (LSI Logic Corporation) DRV - (viaide) -- C:\Windows\system32\drivers\viaide.sys (VIA Technologies, Inc.) DRV - (cmdide) -- C:\Windows\system32\drivers\cmdide.sys (CMD Technology, Inc.) DRV - (aliide) -- C:\Windows\system32\drivers\aliide.sys (Acer Laboratories Inc.) DRV - (Brserid) Brother MFC Serial Port Interface Driver (WDM) -- C:\Windows\system32\drivers\brserid.sys (Brother Industries Ltd.) DRV - (BrUsbSer) -- C:\Windows\system32\drivers\brusbser.sys (Brother Industries Ltd.) DRV - (BrFiltUp) -- C:\Windows\system32\drivers\brfiltup.sys (Brother Industries, Ltd.) DRV - (BrFiltLo) -- C:\Windows\system32\drivers\brfiltlo.sys (Brother Industries, Ltd.) DRV - (BrSerWdm) -- C:\Windows\system32\drivers\brserwdm.sys (Brother Industries Ltd.) DRV - (BrUsbMdm) -- C:\Windows\system32\drivers\brusbmdm.sys (Brother Industries Ltd.) DRV - (ntrigdigi) -- C:\Windows\system32\drivers\ntrigdigi.sys (N-trig Innovative Technologies) DRV - (E1G60) Intel(R) -- C:\Windows\System32\drivers\E1G60I32.sys (Intel Corporation) DRV - (AtiPcie) ATI PCI Express (3GIO) -- C:\Windows\system32\DRIVERS\AtiPcie.sys (ATI Technologies Inc.) DRV - (tandpl) -- C:\Windows\System32\drivers\tandpl.sys () DRV - (enodpl) -- C:\Windows\System32\drivers\enodpl.sys () DRV - (ASPI) -- C:\Windows\System32\drivers\ASPI32.SYS (Adaptec) ========== Standard Registry (SafeList) ========== ========== Internet Explorer ========== IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = %SystemRoot%\system32\blank.htm IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.msn.com/ IE - HKLM\..\URLSearchHook: - Reg Error: Key error. File not found IE - HKLM\..\URLSearchHook: {855F3B16-6D32-4fe6-8A56-BBB695989046} - C:\Programme\ICQ6Toolbar\ICQToolBar.dll (ICQ) IE - HKLM\..\URLSearchHook: {872b5b88-9db5-4310-bdd0-ac189557e5f5} - C:\Programme\DVDVideoSoftTB\tbDVDV.dll (Conduit Ltd.) IE - HKLM\..\URLSearchHook: {8dbb6d8e-e4a6-4e3b-9753-af78b226441c} - C:\Programme\Softonic_Deutsch\tbSof1.dll (Conduit Ltd.) IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 IE - HKU\S-1-5-21-1054673845-2891796712-3211906163-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://start.icq.com/ IE - HKU\S-1-5-21-1054673845-2891796712-3211906163-1000\SOFTWARE\Microsoft\Internet Explorer\Main,StartPageCache = 1 IE - HKU\S-1-5-21-1054673845-2891796712-3211906163-1000\..\URLSearchHook: - Reg Error: Key error. File not found IE - HKU\S-1-5-21-1054673845-2891796712-3211906163-1000\..\URLSearchHook: {855F3B16-6D32-4fe6-8A56-BBB695989046} - C:\Programme\ICQ6Toolbar\ICQToolBar.dll (ICQ) IE - HKU\S-1-5-21-1054673845-2891796712-3211906163-1000\..\URLSearchHook: {872b5b88-9db5-4310-bdd0-ac189557e5f5} - C:\Programme\DVDVideoSoftTB\tbDVDV.dll (Conduit Ltd.) IE - HKU\S-1-5-21-1054673845-2891796712-3211906163-1000\..\URLSearchHook: {8dbb6d8e-e4a6-4e3b-9753-af78b226441c} - C:\Programme\Softonic_Deutsch\tbSof1.dll (Conduit Ltd.) IE - HKU\S-1-5-21-1054673845-2891796712-3211906163-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 IE - HKU\S-1-5-21-1054673845-2891796712-3211906163-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local ========== FireFox ========== FF - prefs.js..browser.search.defaultengine: "Ask.com" FF - prefs.js..browser.search.defaultenginename: "ICQ Search" FF - prefs.js..browser.search.defaultthis.engineName: "Search" FF - prefs.js..browser.search.defaulturl: "hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT2269050&SearchSource=3&q={searchTerms}" FF - prefs.js..browser.search.order.1: "Ask.com" FF - prefs.js..browser.search.selectedEngine: "Google" FF - prefs.js..browser.search.useDBForOrder: true FF - prefs.js..browser.startup.homepage: "hxxp://de.start3.mozilla.com/firefox?client=firefox-a&rls=org.mozilla:de:official" FF - prefs.js..extensions.enabledItems: {800b5000-a755-47e1-992b-48a1c1357f07}:1.1.6 FF - prefs.js..extensions.enabledItems: personas@christopher.beard:1.5.1 FF - prefs.js..extensions.enabledItems: {635abd67-4fe9-1b23-4f01-e679fa7484c1}:1.6.6.20090220 FF - prefs.js..extensions.enabledItems: {ACAA314B-EEBA-48e4-AD47-84E31C44796C}:1.0.1 FF - prefs.js..extensions.enabledItems: {e9911ec6-1bcc-40b0-9993-e0eea7f6953f}:2.5.8.6 FF - prefs.js..keyword.URL: "hxxp://search.icq.com/search/afe_results.php?ch_id=afex&tb_ver=1.1.6&q=" FF - HKLM\software\mozilla\Firefox\Extensions\\{3112ca9c-de6d-4884-a869-9855de68056c}: C:\ProgramData\Mozilla\Firefox Extensions\{3112ca9c-de6d-4884-a869-9855de68056c} [2007.11.02 22:05:49 | 000,000,000 | ---D | M] FF - HKLM\software\mozilla\Firefox\Extensions\\{ABDE892B-13A8-4d1b-88E6-365A6E755758}: C:\Program Files\Real\RealPlayer\browserrecord [2008.01.18 15:26:39 | 000,000,000 | ---D | M] FF - HKLM\software\mozilla\Mozilla Firefox 3.6.8\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2010.09.02 19:55:44 | 000,000,000 | ---D | M] FF - HKLM\software\mozilla\Mozilla Firefox 3.6.8\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2010.09.02 19:55:43 | 000,000,000 | ---D | M] FF - HKLM\software\mozilla\Netscape Navigator 9.0.0.6\extensions\\Components: C:\Program Files\Netscape\Navigator 9\components [2010.09.02 19:55:44 | 000,000,000 | ---D | M] FF - HKLM\software\mozilla\Netscape Navigator 9.0.0.6\extensions\\Plugins: C:\Program Files\Netscape\Navigator 9\plugins [2010.09.02 19:55:44 | 000,000,000 | ---D | M] [2008.02.22 19:36:11 | 000,000,000 | ---D | M] -- C:\Users\Fabian\AppData\Roaming\mozilla\Extensions [2010.09.02 20:08:19 | 000,000,000 | ---D | M] -- C:\Users\Fabian\AppData\Roaming\mozilla\Firefox\Profiles\5vl12vjn.default\extensions [2007.11.22 22:14:16 | 000,000,000 | ---D | M] (Adblock) -- C:\Users\Fabian\AppData\Roaming\mozilla\Firefox\Profiles\5vl12vjn.default\extensions\{34274bf4-1d97-a289-e984-17e546307e4f} [2010.04.02 13:34:00 | 000,000,000 | ---D | M] (Yahoo! Toolbar) -- C:\Users\Fabian\AppData\Roaming\mozilla\Firefox\Profiles\5vl12vjn.default\extensions\{635abd67-4fe9-1b23-4f01-e679fa7484c1} [2010.06.20 12:30:48 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Fabian\AppData\Roaming\mozilla\Firefox\Profiles\5vl12vjn.default\extensions\{800b5000-a755-47e1-992b-48a1c1357f07} [2008.04.05 21:40:09 | 000,000,000 | ---D | M] (ReloadEvery) -- C:\Users\Fabian\AppData\Roaming\mozilla\Firefox\Profiles\5vl12vjn.default\extensions\{888d99e7-e8b5-46a3-851e-1ec45da1e644} [2010.05.30 19:37:16 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Fabian\AppData\Roaming\mozilla\Firefox\Profiles\5vl12vjn.default\extensions\{ACAA314B-EEBA-48e4-AD47-84E31C44796C} [2007.11.18 18:58:29 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Fabian\AppData\Roaming\mozilla\Firefox\Profiles\5vl12vjn.default\extensions\{b69a9db4-d0a1-4722-b56b-f20757a29cdf} [2010.05.31 21:41:40 | 000,000,000 | ---D | M] (DVDVideoSoft Toolbar) -- C:\Users\Fabian\AppData\Roaming\mozilla\Firefox\Profiles\5vl12vjn.default\extensions\{e9911ec6-1bcc-40b0-9993-e0eea7f6953f} [2010.01.31 12:29:04 | 000,000,000 | ---D | M] -- C:\Users\Fabian\AppData\Roaming\mozilla\Firefox\Profiles\5vl12vjn.default\extensions\personas@christopher.beard [2010.05.01 14:52:26 | 000,000,000 | ---D | M] -- C:\Users\Fabian\AppData\Roaming\mozilla\Firefox\Profiles\5vl12vjn.default\extensions\staged-xpis [2010.05.25 19:15:26 | 000,005,318 | ---- | M] () -- C:\Users\Fabian\AppData\Roaming\Mozilla\FireFox\Profiles\5vl12vjn.default\searchplugins\alle-notende.xml [2010.02.04 17:45:40 | 000,002,254 | ---- | M] () -- C:\Users\Fabian\AppData\Roaming\Mozilla\FireFox\Profiles\5vl12vjn.default\searchplugins\askcom.xml [2010.05.31 22:22:14 | 000,000,873 | ---- | M] () -- C:\Users\Fabian\AppData\Roaming\Mozilla\FireFox\Profiles\5vl12vjn.default\searchplugins\conduit.xml [2010.08.30 21:25:16 | 000,000,950 | ---- | M] () -- C:\Users\Fabian\AppData\Roaming\Mozilla\FireFox\Profiles\5vl12vjn.default\searchplugins\icqplugin-1.xml [2007.11.05 23:42:58 | 000,000,949 | ---- | M] () -- C:\Users\Fabian\AppData\Roaming\Mozilla\FireFox\Profiles\5vl12vjn.default\searchplugins\icqplugin-2.xml [2007.11.27 22:45:15 | 000,000,949 | ---- | M] () -- C:\Users\Fabian\AppData\Roaming\Mozilla\FireFox\Profiles\5vl12vjn.default\searchplugins\icqplugin-3.xml [2009.05.13 19:07:53 | 000,000,950 | ---- | M] () -- C:\Users\Fabian\AppData\Roaming\Mozilla\FireFox\Profiles\5vl12vjn.default\searchplugins\icqplugin-4.xml [2010.06.23 20:00:54 | 000,000,950 | ---- | M] () -- C:\Users\Fabian\AppData\Roaming\Mozilla\FireFox\Profiles\5vl12vjn.default\searchplugins\icqplugin-5.xml [2010.06.28 00:08:50 | 000,000,950 | ---- | M] () -- C:\Users\Fabian\AppData\Roaming\Mozilla\FireFox\Profiles\5vl12vjn.default\searchplugins\icqplugin-6.xml [2010.07.22 13:15:12 | 000,000,950 | ---- | M] () -- C:\Users\Fabian\AppData\Roaming\Mozilla\FireFox\Profiles\5vl12vjn.default\searchplugins\icqplugin-7.xml [2010.07.26 10:58:21 | 000,000,950 | ---- | M] () -- C:\Users\Fabian\AppData\Roaming\Mozilla\FireFox\Profiles\5vl12vjn.default\searchplugins\icqplugin-8.xml [2010.06.20 12:30:48 | 000,000,168 | ---- | M] () -- C:\Users\Fabian\AppData\Roaming\Mozilla\FireFox\Profiles\5vl12vjn.default\searchplugins\icqplugin.gif [2010.06.20 12:30:48 | 000,000,618 | ---- | M] () -- C:\Users\Fabian\AppData\Roaming\Mozilla\FireFox\Profiles\5vl12vjn.default\searchplugins\icqplugin.src [2010.05.12 18:40:06 | 000,001,042 | ---- | M] () -- C:\Users\Fabian\AppData\Roaming\Mozilla\FireFox\Profiles\5vl12vjn.default\searchplugins\icqplugin.xml [2010.09.02 20:08:19 | 000,000,000 | ---D | M] -- C:\Programme\Mozilla Firefox\extensions [2009.06.12 13:58:33 | 000,000,000 | ---D | M] (No name found) -- C:\Programme\Mozilla Firefox\extensions\{800b5000-a755-47e1-992b-48a1c1357f07} [2007.11.27 22:26:07 | 000,000,000 | ---D | M] -- C:\Programme\Mozilla Firefox\extensions\google-cjk@partners.mozilla.com [2009.11.03 16:42:01 | 000,238,776 | ---- | M] (Pando Networks) -- C:\Programme\Mozilla Firefox\plugins\npPandoWebInst.dll [2005.04.27 22:10:49 | 000,102,400 | ---- | M] (RealNetworks) -- C:\Programme\Mozilla Firefox\plugins\npracplug.dll [2010.03.14 13:40:44 | 000,001,392 | ---- | M] () -- C:\Programme\Mozilla Firefox\searchplugins\amazondotcom-de.xml [2010.03.14 13:40:44 | 000,002,344 | ---- | M] () -- C:\Programme\Mozilla Firefox\searchplugins\eBay-de.xml [2010.03.14 13:40:44 | 000,006,805 | ---- | M] () -- C:\Programme\Mozilla Firefox\searchplugins\leo_ende_de.xml [2010.03.14 13:40:44 | 000,001,178 | ---- | M] () -- C:\Programme\Mozilla Firefox\searchplugins\wikipedia-de.xml [2010.03.14 13:40:44 | 000,001,105 | ---- | M] () -- C:\Programme\Mozilla Firefox\searchplugins\yahoo-de.xml O1 HOSTS File: ([2010.09.03 14:08:04 | 000,000,698 | ---- | M]) - C:\Windows\System32\drivers\etc\hosts O1 - Hosts: 127.0.0.1 localhost O2 - BHO: (HP Print Clips) - {053F9267-DC04-4294-A72C-58F732D338C0} - C:\Programme\HP\Smart Web Printing\hpswp_framework.dll (Hewlett-Packard Co.) O2 - BHO: (Adobe PDF Reader) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Programme\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll (Adobe Systems Incorporated) O2 - BHO: (no name) - {1E8A6170-7264-4D0F-BEAE-D42A53123C75} - No CLSID value found. O2 - BHO: (RealPlayer Download and Record Plugin for Internet Explorer) - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\Programme\Real\RealPlayer\rpbrowserrecordplugin.dll (RealPlayer) O2 - BHO: (Groove GFS Browser Helper) - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Programme\Microsoft Office\Office12\GrooveShellExtensions.dll (Microsoft Corporation) O2 - BHO: (DVDVideoSoftTB Toolbar) - {872b5b88-9db5-4310-bdd0-ac189557e5f5} - C:\Programme\DVDVideoSoftTB\tbDVDV.dll (Conduit Ltd.) O2 - BHO: (Softonic Deutsch Toolbar) - {8dbb6d8e-e4a6-4e3b-9753-af78b226441c} - C:\Programme\Softonic_Deutsch\tbSof1.dll (Conduit Ltd.) O3 - HKLM\..\Toolbar: (ICQToolBar) - {855F3B16-6D32-4fe6-8A56-BBB695989046} - C:\Programme\ICQ6Toolbar\ICQToolBar.dll (ICQ) O3 - HKLM\..\Toolbar: (DVDVideoSoftTB Toolbar) - {872b5b88-9db5-4310-bdd0-ac189557e5f5} - C:\Programme\DVDVideoSoftTB\tbDVDV.dll (Conduit Ltd.) O3 - HKLM\..\Toolbar: (Softonic Deutsch Toolbar) - {8dbb6d8e-e4a6-4e3b-9753-af78b226441c} - C:\Programme\Softonic_Deutsch\tbSof1.dll (Conduit Ltd.) O3 - HKU\S-1-5-21-1054673845-2891796712-3211906163-1000\..\Toolbar\WebBrowser: (ICQToolBar) - {855F3B16-6D32-4FE6-8A56-BBB695989046} - C:\Programme\ICQ6Toolbar\ICQToolBar.dll (ICQ) O3 - HKU\S-1-5-21-1054673845-2891796712-3211906163-1000\..\Toolbar\WebBrowser: (DVDVideoSoftTB Toolbar) - {872B5B88-9DB5-4310-BDD0-AC189557E5F5} - C:\Programme\DVDVideoSoftTB\tbDVDV.dll (Conduit Ltd.) O3 - HKU\S-1-5-21-1054673845-2891796712-3211906163-1000\..\Toolbar\WebBrowser: (Softonic Deutsch Toolbar) - {8DBB6D8E-E4A6-4E3B-9753-AF78B226441C} - C:\Programme\Softonic_Deutsch\tbSof1.dll (Conduit Ltd.) O4 - HKLM..\Run: [Adobe Reader Speed Launcher] C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe (Adobe Systems Incorporated) O4 - HKLM..\Run: [AdobeCS4ServiceManager] C:\Program Files\Common Files\Adobe\CS4ServiceManager\CS4ServiceManager.exe (Adobe Systems Incorporated) O4 - HKLM..\Run: [avgnt] C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe (Avira GmbH) O4 - HKLM..\Run: [DAEMON Tools] C:\Program Files\DAEMON Tools\daemon.exe (DT Soft Ltd.) O4 - HKLM..\Run: [DivXUpdate] C:\Program Files\DivX\DivX Update\DivXUpdate.exe () O4 - HKLM..\Run: [HCWemmon] C:\Windows\HCWemmon.exe (eMPIA Technology, Inc.) O4 - HKLM..\Run: [NeroFilterCheck] C:\Programme\Common Files\Ahead\Lib\NeroCheck.exe (Nero AG) O4 - HKLM..\Run: [NvCplDaemon] C:\Windows\System32\NvCpl.DLL (NVIDIA Corporation) O4 - HKLM..\Run: [NvMediaCenter] C:\Windows\System32\NvMcTray.DLL (NVIDIA Corporation) O4 - HKLM..\Run: [NvSvc] C:\Windows\System32\nvsvc.DLL (NVIDIA Corporation) O4 - HKLM..\Run: [PWRISOVM.EXE] C:\Programme\PowerISO\PWRISOVM.EXE (PowerISO Computing, Inc.) O4 - HKLM..\Run: [RtHDVCpl] C:\Windows\RtHDVCpl.exe (Realtek Semiconductor) O4 - HKLM..\Run: [Symantec PIF AlertEng] C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe (Symantec Corporation) O4 - HKLM..\Run: [TkBellExe] C:\Program Files\Common Files\Real\Update_OB\realsched.exe (RealNetworks, Inc.) O4 - HKLM..\Run: [Windows Defender] C:\Program Files\Windows Defender\MSASCui.exe (Microsoft Corporation) O4 - HKLM..\Run: [WPCUMI] C:\Windows\System32\wpcumi.exe (Microsoft Corporation) O4 - HKLM..\Run: [zzzHPSETUP] E:\Setup.exe File not found O4 - HKU\S-1-5-19..\Run: [WindowsWelcomeCenter] C:\Windows\System32\oobefldr.dll (Microsoft Corporation) O4 - HKU\S-1-5-20..\Run: [WindowsWelcomeCenter] C:\Windows\System32\oobefldr.dll (Microsoft Corporation) O4 - HKU\S-1-5-21-1054673845-2891796712-3211906163-1000..\Run: [AlcoholAutomount] C:\Program Files\Alcohol Soft\Alcohol 120\axcmd.exe (Alcohol Soft Development Team) O4 - HKU\S-1-5-21-1054673845-2891796712-3211906163-1000..\Run: [DAEMON Tools] C:\Program Files\DAEMON Tools\daemon.exe (DT Soft Ltd.) O4 - HKU\S-1-5-21-1054673845-2891796712-3211906163-1000..\Run: [EA Core] C:\Program Files\Electronic Arts\EADM\Core.exe (Electronic Arts) O4 - HKU\S-1-5-21-1054673845-2891796712-3211906163-1000..\Run: [Pando Media Booster] C:\Programme\Pando Networks\Media Booster\PMB.exe () O4 - Startup: C:\Users\Fabian\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Adobe Gamma.lnk = C:\Programme\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe (Adobe Systems, Inc.) O4 - Startup: C:\Users\Fabian\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OneNote 2007 Bildschirmausschnitt- und Startprogramm.lnk = C:\Programme\Microsoft Office\Office12\ONENOTEM.EXE (Microsoft Corporation) O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableLUA = 0 O7 - HKU\S-1-5-21-1054673845-2891796712-3211906163-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145 O7 - HKU\S-1-5-21-1054673845-2891796712-3211906163-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: LogonHoursAction = 2 O7 - HKU\S-1-5-21-1054673845-2891796712-3211906163-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: DontDisplayLogonHoursWarnings = 1 O8 - Extra context menu item: Free YouTube to Mp3 Converter - C:\Users\Fabian\AppData\Roaming\DVDVideoSoftIEHelpers\youtubetomp3.htm () O8 - Extra context menu item: Nach Microsoft E&xel exportieren - C:\Programme\Microsoft Office\Office12\EXCEL.EXE (Microsoft Corporation) O9 - Extra Button: An OneNote senden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Programme\Microsoft Office\Office12\ONBttnIE.dll (Microsoft Corporation) O9 - Extra 'Tools' menuitem : An OneNote s&enden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Programme\Microsoft Office\Office12\ONBttnIE.dll (Microsoft Corporation) O9 - Extra Button: HP Sammelmappe - {58ECB495-38F0-49cb-A538-10282ABF65E7} - C:\Programme\HP\Smart Web Printing\hpswp_extensions.dll (Hewlett-Packard Co.) O9 - Extra Button: HP Intelligente Auswahl - {700259D7-1666-479a-93B1-3250410481E8} - C:\Programme\HP\Smart Web Printing\hpswp_extensions.dll (Hewlett-Packard Co.) O9 - Extra Button: ICQ7.2 - {72EFBFE4-C74F-4187-AEFD-73EA3BE968D6} - C:\Programme\ICQ7.2\ICQ.exe (ICQ, LLC.) O9 - Extra 'Tools' menuitem : ICQ7.2 - {72EFBFE4-C74F-4187-AEFD-73EA3BE968D6} - C:\Programme\ICQ7.2\ICQ.exe (ICQ, LLC.) O9 - Extra Button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\Programme\Microsoft Office\Office12\REFIEBAR.DLL (Microsoft Corporation) O10 - NameSpace_Catalog5\Catalog_Entries\000000000007 [] - C:\Programme\Bonjour\mdnsNSP.dll (Apple Inc.) O10 - Protocol_Catalog9\Catalog_Entries\000000000001 - C:\Windows\System32\wpclsp.dll (Microsoft Corporation) O10 - Protocol_Catalog9\Catalog_Entries\000000000002 - C:\Windows\System32\wpclsp.dll (Microsoft Corporation) O10 - Protocol_Catalog9\Catalog_Entries\000000000003 - C:\Windows\System32\wpclsp.dll (Microsoft Corporation) O10 - Protocol_Catalog9\Catalog_Entries\000000000004 - C:\Windows\System32\wpclsp.dll (Microsoft Corporation) O10 - Protocol_Catalog9\Catalog_Entries\000000000005 - C:\Windows\System32\wpclsp.dll (Microsoft Corporation) O10 - Protocol_Catalog9\Catalog_Entries\000000000006 - C:\Windows\System32\wpclsp.dll (Microsoft Corporation) O10 - Protocol_Catalog9\Catalog_Entries\000000000007 - C:\Windows\System32\wpclsp.dll (Microsoft Corporation) O10 - Protocol_Catalog9\Catalog_Entries\000000000008 - C:\Windows\System32\wpclsp.dll (Microsoft Corporation) O10 - Protocol_Catalog9\Catalog_Entries\000000000023 - C:\Windows\System32\wpclsp.dll (Microsoft Corporation) O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_19-windows-i586.cab (Java Plug-in 1.6.0_19) O16 - DPF: {CAFEEFAC-0016-0000-0003-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_03-windows-i586.cab (Java Plug-in 1.6.0_03) O16 - DPF: {CAFEEFAC-0016-0000-0019-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_19-windows-i586.cab (Java Plug-in 1.6.0_19) O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_19-windows-i586.cab (Java Plug-in 1.6.0_19) O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.0.1 O18 - Protocol\Handler\grooveLocalGWS {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\Programme\Microsoft Office\Office12\GrooveSystemServices.dll (Microsoft Corporation) O18 - Protocol\Handler\ms-help {314111c7-a502-11d2-bbca-00c04f8ec294} - C:\Programme\Common Files\microsoft shared\Help\hxds.dll (Microsoft Corporation) O18 - Protocol\Handler\ms-itss {0A9007C0-4076-11D3-8789-0000F8105754} - C:\Programme\Common Files\microsoft shared\Information Retrieval\msitss.dll (Microsoft Corporation) O18 - Protocol\Filter\text/xml {807563E5-5146-11D5-A672-00B0D022E945} - C:\Programme\Common Files\microsoft shared\OFFICE12\MSOXMLMF.DLL (Microsoft Corporation) O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation) O24 - Desktop WallPaper: C:\Users\Fabian\AppData\Roaming\Microsoft\Windows Photo Gallery\Hintergrundbild der Windows-Fotogalerie.jpg O24 - Desktop BackupWallPaper: C:\Users\Fabian\AppData\Roaming\Microsoft\Windows Photo Gallery\Hintergrundbild der Windows-Fotogalerie.jpg O28 - HKLM ShellExecuteHooks: {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - C:\Programme\Microsoft Office\Office12\GrooveShellExtensions.dll (Microsoft Corporation) O32 - HKLM CDRom: AutoRun - 1 O32 - AutoRun File - [2006.09.18 23:43:36 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ] O33 - MountPoints2\{6693ac76-b17a-11dc-82e0-0019214505fe}\Shell - "" = AutoRun O33 - MountPoints2\{6693ac76-b17a-11dc-82e0-0019214505fe}\Shell\AutoRun\command - "" = F:\AUTORUN.EXE -- File not found O33 - MountPoints2\{6693ad3b-b17a-11dc-82e0-0019214505fe}\Shell - "" = AutoRun O33 - MountPoints2\{6693ad3b-b17a-11dc-82e0-0019214505fe}\Shell\AutoRun\command - "" = L:\aoesetup.exe -- File not found O33 - MountPoints2\{6693ad3b-b17a-11dc-82e0-0019214505fe}\Shell\directx\command - "" = L:\DirectX\dxsetup.exe -- File not found O33 - MountPoints2\{6693ad3b-b17a-11dc-82e0-0019214505fe}\Shell\dplay\command - "" = L:\DirectX\dplay61a.exe -- File not found O33 - MountPoints2\{6693ad3b-b17a-11dc-82e0-0019214505fe}\Shell\dxdiag\command - "" = L:\goodies\ar40deu.exe -- File not found O33 - MountPoints2\{6693ad3b-b17a-11dc-82e0-0019214505fe}\Shell\dxinfo\command - "" = L:\goodies\DirectX\dxinfo.exe -- File not found O33 - MountPoints2\{6693ad3b-b17a-11dc-82e0-0019214505fe}\Shell\dxtest\command - "" = L:\DirectX\dxdiag.exe -- File not found O33 - MountPoints2\{6693ad3b-b17a-11dc-82e0-0019214505fe}\Shell\dxtool\command - "" = L:\goodies\DirectX\dxtool.exe -- File not found O33 - MountPoints2\{6693ad3b-b17a-11dc-82e0-0019214505fe}\Shell\log\command - "" = L:\goodies\machine\machine.exe -- File not found O33 - MountPoints2\{6693ad3b-b17a-11dc-82e0-0019214505fe}\Shell\machine\command - "" = L:\goodies\machine\machine.exe -- File not found O33 - MountPoints2\{6693ad3b-b17a-11dc-82e0-0019214505fe}\Shell\setup\command - "" = L:\aoesetup.exe -- File not found O33 - MountPoints2\{6693ad3b-b17a-11dc-82e0-0019214505fe}\Shell\zone\command - "" = L:\goodies\mszone\zonea600.exe -- File not found O33 - MountPoints2\N\Shell - "" = AutoRun O33 - MountPoints2\N\Shell\AutoRun\command - "" = N:\Setup.exe -- File not found O34 - HKLM BootExecute: (autocheck autochk *) - File not found O35 - HKLM\..comfile [open] -- "%1" %* O35 - HKLM\..exefile [open] -- "%1" %* O37 - HKLM\...com [@ = comfile] -- "%1" %* O37 - HKLM\...exe [@ = exefile] -- "%1" %* NetSvcs: FastUserSwitchingCompatibility - File not found NetSvcs: Ias - File not found NetSvcs: Nla - File not found NetSvcs: Ntmssvc - File not found NetSvcs: NWCWorkstation - File not found NetSvcs: Nwsapagent - File not found NetSvcs: SRService - File not found NetSvcs: Wmi - C:\Windows\System32\wmi.dll (Microsoft Corporation) NetSvcs: WmdmPmSp - File not found NetSvcs: LogonHours - File not found NetSvcs: PCAudit - File not found NetSvcs: helpsvc - File not found NetSvcs: uploadmgr - File not found SafeBootMin: AppMgmt - Service SafeBootMin: Base - Driver Group SafeBootMin: Boot Bus Extender - Driver Group SafeBootMin: Boot file system - Driver Group SafeBootMin: File system - Driver Group SafeBootMin: Filter - Driver Group SafeBootMin: HelpSvc - Service SafeBootMin: NTDS - File not found SafeBootMin: PCI Configuration - Driver Group SafeBootMin: PNP Filter - Driver Group SafeBootMin: Primary disk - Driver Group SafeBootMin: sacsvr - Service SafeBootMin: SCSI Class - Driver Group SafeBootMin: sdauxservice - C:\Program Files\Spyware Doctor\svcntaux.exe File not found SafeBootMin: sdcoreservice - C:\Program Files\Spyware Doctor\swdsvc.exe File not found SafeBootMin: System Bus Extender - Driver Group SafeBootMin: WinDefend - C:\Programme\Windows Defender\MpSvc.dll (Microsoft Corporation) SafeBootMin: {36FC9E60-C465-11CF-8056-444553540000} - Universal Serial Bus controllers SafeBootMin: {4D36E965-E325-11CE-BFC1-08002BE10318} - CD-ROM Drive SafeBootMin: {4D36E967-E325-11CE-BFC1-08002BE10318} - DiskDrive SafeBootMin: {4D36E969-E325-11CE-BFC1-08002BE10318} - Standard floppy disk controller SafeBootMin: {4D36E96A-E325-11CE-BFC1-08002BE10318} - Hdc SafeBootMin: {4D36E96B-E325-11CE-BFC1-08002BE10318} - Keyboard SafeBootMin: {4D36E96F-E325-11CE-BFC1-08002BE10318} - Mouse SafeBootMin: {4D36E977-E325-11CE-BFC1-08002BE10318} - PCMCIA Adapters SafeBootMin: {4D36E97B-E325-11CE-BFC1-08002BE10318} - SCSIAdapter SafeBootMin: {4D36E97D-E325-11CE-BFC1-08002BE10318} - System SafeBootMin: {4D36E980-E325-11CE-BFC1-08002BE10318} - Floppy disk drive SafeBootMin: {533C5B84-EC70-11D2-9505-00C04F79DEAF} - Volume shadow copy SafeBootMin: {6BDD1FC1-810F-11D0-BEC7-08002BE2092F} - IEEE 1394 Bus host controllers SafeBootMin: {71A27CDD-812A-11D0-BEC7-08002BE2092F} - Volume SafeBootMin: {745A17A0-74D3-11D0-B6FE-00A0C90F57DA} - Human Interface Devices SafeBootMin: {D48179BE-EC20-11D1-B6B8-00C04FA372A7} - SBP2 IEEE 1394 Devices SafeBootMin: {D94EE5D8-D189-4994-83D2-F68D7D41B0E6} - SecurityDevices SafeBootNet: AppMgmt - Service SafeBootNet: Base - Driver Group SafeBootNet: Boot Bus Extender - Driver Group SafeBootNet: Boot file system - Driver Group SafeBootNet: File system - Driver Group SafeBootNet: Filter - Driver Group SafeBootNet: HelpSvc - Service SafeBootNet: Messenger - File not found SafeBootNet: NDIS Wrapper - Driver Group SafeBootNet: NetBIOSGroup - Driver Group SafeBootNet: NetDDEGroup - Driver Group SafeBootNet: Network - Driver Group SafeBootNet: NetworkProvider - Driver Group SafeBootNet: NTDS - File not found SafeBootNet: PCI Configuration - Driver Group SafeBootNet: PNP Filter - Driver Group SafeBootNet: PNP_TDI - Driver Group SafeBootNet: Primary disk - Driver Group SafeBootNet: rdsessmgr - Service SafeBootNet: sacsvr - Service SafeBootNet: SCSI Class - Driver Group SafeBootNet: sdauxservice - C:\Program Files\Spyware Doctor\svcntaux.exe File not found SafeBootNet: sdcoreservice - C:\Program Files\Spyware Doctor\swdsvc.exe File not found SafeBootNet: Streams Drivers - Driver Group SafeBootNet: System Bus Extender - Driver Group SafeBootNet: TDI - Driver Group SafeBootNet: WinDefend - C:\Programme\Windows Defender\MpSvc.dll (Microsoft Corporation) SafeBootNet: {36FC9E60-C465-11CF-8056-444553540000} - Universal Serial Bus controllers SafeBootNet: {4D36E965-E325-11CE-BFC1-08002BE10318} - CD-ROM Drive SafeBootNet: {4D36E967-E325-11CE-BFC1-08002BE10318} - DiskDrive SafeBootNet: {4D36E969-E325-11CE-BFC1-08002BE10318} - Standard floppy disk controller SafeBootNet: {4D36E96A-E325-11CE-BFC1-08002BE10318} - Hdc SafeBootNet: {4D36E96B-E325-11CE-BFC1-08002BE10318} - Keyboard SafeBootNet: {4D36E96F-E325-11CE-BFC1-08002BE10318} - Mouse SafeBootNet: {4D36E972-E325-11CE-BFC1-08002BE10318} - Net SafeBootNet: {4D36E973-E325-11CE-BFC1-08002BE10318} - NetClient SafeBootNet: {4D36E974-E325-11CE-BFC1-08002BE10318} - NetService SafeBootNet: {4D36E975-E325-11CE-BFC1-08002BE10318} - NetTrans SafeBootNet: {4D36E977-E325-11CE-BFC1-08002BE10318} - PCMCIA Adapters SafeBootNet: {4D36E97B-E325-11CE-BFC1-08002BE10318} - SCSIAdapter SafeBootNet: {4D36E97D-E325-11CE-BFC1-08002BE10318} - System SafeBootNet: {4D36E980-E325-11CE-BFC1-08002BE10318} - Floppy disk drive SafeBootNet: {50DD5230-BA8A-11D1-BF5D-0000F805F530} - Smart card readers SafeBootNet: {533C5B84-EC70-11D2-9505-00C04F79DEAF} - Volume shadow copy SafeBootNet: {6BDD1FC1-810F-11D0-BEC7-08002BE2092F} - IEEE 1394 Bus host controllers SafeBootNet: {71A27CDD-812A-11D0-BEC7-08002BE2092F} - Volume SafeBootNet: {745A17A0-74D3-11D0-B6FE-00A0C90F57DA} - Human Interface Devices SafeBootNet: {D48179BE-EC20-11D1-B6B8-00C04FA372A7} - SBP2 IEEE 1394 Devices SafeBootNet: {D94EE5D8-D189-4994-83D2-F68D7D41B0E6} - SecurityDevices ActiveX: {08B0E5C0-4FCB-11CF-AAA5-00401C608500} - Java (Sun) ActiveX: {2179C5D3-EBFF-11CF-B6FD-00AA00B4E220} - ActiveX: {22d6f312-b0f6-11d0-94ab-0080c74c7e95} - Microsoft Windows Media Player 11.0 ActiveX: {25FFAAD0-F4A3-4164-95FF-4461E9F35D51} - .NET Framework ActiveX: {2C7339CF-2B09-4501-B3F3-F3508C9228ED} - %SystemRoot%\system32\regsvr32.exe /s /n /i:/UserInstall %SystemRoot%\system32\themeui.dll ActiveX: {3af36230-a269-11d1-b5bf-0000f8051515} - Offline Browsing Pack ActiveX: {411EDCF7-755D-414E-A74B-3DCD6583F589} - Microsoft .NET Framework 1.1 Service Pack 1 (KB867460) ActiveX: {44BBA840-CC51-11CF-AAFA-00AA00B6015C} - "%ProgramFiles%\Windows Mail\WinMail.exe" OCInstallUserConfigOE ActiveX: {44BBA848-CC51-11CF-AAFA-00AA00B6015C} - ActiveX: {44BBA855-CC51-11CF-AAFA-00AA00B6015F} - DirectDrawEx ActiveX: {45ea75a0-a269-11d1-b5bf-0000f8051515} - Internet Explorer Help ActiveX: {4f645220-306d-11d2-995d-00c04f98bbc9} - Microsoft Windows Script 5.6 ActiveX: {5fd399c0-a70a-11d1-9948-00c04f98bbc9} - Internet Explorer Setup Tools ActiveX: {630b1da0-b465-11d1-9948-00c04f98bbc9} - Browsing Enhancements ActiveX: {6BF52A52-394A-11d3-B153-00C04F79FAA6} - Microsoft Windows Media Player ActiveX: {6fab99d0-bab8-11d1-994a-00c04f98bbc9} - MSN Site Access ActiveX: {7790769C-0471-11d2-AF11-00C04FA35D02} - Address Book 7 ActiveX: {7C028AF8-F614-47B3-82DA-BA94E41B1089} - .NET Framework ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4340} - regsvr32.exe /s /n /i:U shell32.dll ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4383} - C:\Windows\system32\ie4uinit.exe -BaseSettings ActiveX: {89B4C1CD-B018-4511-B0A1-5476DBF70820} - C:\Windows\system32\Rundll32.exe C:\Windows\system32\mscories.dll,Install ActiveX: {9381D8F2-0288-11D0-9501-00AA00B911A5} - Dynamic HTML Data Binding ActiveX: {AAC3F1F0-5649-4670-A698-F1523729F015} - Microsoft .NET Framework 1.1 Hotfix (KB929729) ActiveX: {C9E9A340-D1F1-11D0-821E-444553540600} - Internet Explorer Core Fonts ActiveX: {CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1} - .NET Framework ActiveX: {CDD7975E-60F8-41d5-8149-19E51D6F71D0} - Windows Movie Maker v2.1 ActiveX: {D27CDB6E-AE6D-11CF-96B8-444553540000} - Adobe Flash Player ActiveX: {de5aed00-a4bf-11d1-9948-00c04f98bbc9} - HTML Help ActiveX: {E92B03AB-B707-11d2-9CBD-0000F87A369E} - Active Directory Service Interface ActiveX: >{22d6f312-b0f6-11d0-94ab-0080c74c7e95} - C:\Windows\system32\unregmp2.exe /ShowWMP ActiveX: >{26923b43-4d38-484f-9b9e-de460746276c} - C:\Windows\system32\ie4uinit.exe -UserIconConfig ActiveX: >{60B49E34-C7CC-11D0-8953-00A0C90347FF} - RunDLL32 IEDKCS32.DLL,BrandIE4 SIGNUP Drivers32: msacm.l3acm - C:\Windows\System32\l3codeca.acm (Fraunhofer Institut Integrierte Schaltungen IIS) Drivers32: MSVideo8 - C:\Windows\System32\vfwwdm32.dll (Microsoft Corporation) Drivers32: vidc.cvid - C:\Windows\System32\iccvid.dll (Radius Inc.) Drivers32: vidc.DIVX - C:\Windows\System32\DivX.dll (DivX, Inc.) Drivers32: vidc.dvsd - C:\Windows\System32\pdvcodec.dll (Matsushita Electric Industrial Co., Ltd.) Drivers32: VIDC.FPS1 - C:\Windows\System32\frapsvid.dll (Beepa P/L) Drivers32: VIDC.IV41 - C:\Windows\System32\ir41_32.ax (Intel Corporation) Drivers32: vidc.VP60 - C:\Windows\System32\vp6vfw.dll (On2.com) Drivers32: vidc.VP61 - C:\Windows\System32\vp6vfw.dll (On2.com) Drivers32: vidc.XVID - C:\Windows\System32\xvidvfw.dll () Drivers32: vidc.yv12 - C:\Windows\System32\DivX.dll (DivX, Inc.) CREATERESTOREPOINT Restore point Set: OTL Restore Point ========== Files/Folders - Created Within 30 Days ========== [2010.09.03 14:24:03 | 000,000,000 | ---D | C] -- C:\rsit [2010.09.03 14:09:49 | 000,000,000 | ---D | C] -- C:\Programme\CCleaner [2010.09.02 21:02:32 | 000,038,224 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbamswissarmy.sys [2010.09.02 21:02:28 | 000,020,952 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbam.sys [2010.09.02 18:57:59 | 000,000,000 | ---D | C] -- C:\Users\Fabian\AppData\Local\DVDVideoSoftTB [2010.09.01 22:29:37 | 000,000,000 | ---D | C] -- C:\Users\Fabian\Desktop\HostsXpert [2010.09.01 19:10:10 | 000,000,000 | ---D | C] -- C:\Users\Fabian\AppData\Roaming\Malwarebytes [2010.09.01 19:09:56 | 000,000,000 | ---D | C] -- C:\Programme\Malwarebytes' Anti-Malware [2010.09.01 19:09:56 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes [2010.08.29 17:38:32 | 000,000,000 | ---D | C] -- C:\Users\Fabian\Desktop\UFFIE =) [2010.08.19 19:25:15 | 000,000,000 | ---D | C] -- C:\ProgramData\Last(56).fm [2010.08.18 21:11:52 | 000,000,000 | ---D | C] -- C:\Users\Fabian\Desktop\Neuer Ordner [2010.08.15 14:35:29 | 000,000,000 | ---D | C] -- C:\Users\Fabian\Desktop\Staffel 2 [2010.08.11 21:18:25 | 000,000,000 | ---D | C] -- C:\Users\Fabian\Desktop\Staffel 1 [2010.08.10 13:50:14 | 000,000,000 | ---D | C] -- C:\Users\Fabian\AppData\Roaming\foobar2000 [2010.08.10 13:50:01 | 000,000,000 | ---D | C] -- C:\Programme\foobar2000 [2010.08.10 13:45:08 | 000,000,000 | ---D | C] -- C:\Users\Fabian\AppData\Roaming\Spesoft Audio Converter [2010.08.10 13:44:52 | 000,000,000 | ---D | C] -- C:\Programme\Spesoft Audio Converter [2010.08.10 13:41:52 | 000,000,000 | ---D | C] -- C:\Programme\FLAC to MP3 Converter [2 C:\Windows\System32\*.tmp files -> C:\Windows\System32\*.tmp -> ] [2 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ] ========== Files - Modified Within 30 Days ========== [2010.09.03 17:45:18 | 007,077,888 | -HS- | M] () -- C:\Users\Fabian\ntuser.dat [2010.09.03 17:41:00 | 000,001,096 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job [2010.09.03 17:40:03 | 001,496,932 | ---- | M] () -- C:\Windows\System32\PerfStringBackup.INI [2010.09.03 17:40:03 | 000,655,692 | ---- | M] () -- C:\Windows\System32\perfh007.dat [2010.09.03 17:40:03 | 000,621,850 | ---- | M] () -- C:\Windows\System32\perfh009.dat [2010.09.03 17:40:03 | 000,122,662 | ---- | M] () -- C:\Windows\System32\perfc007.dat [2010.09.03 17:40:03 | 000,108,934 | ---- | M] () -- C:\Windows\System32\perfc009.dat [2010.09.03 17:39:28 | 000,001,092 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job [2010.09.03 17:32:35 | 000,003,200 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0 [2010.09.03 17:32:34 | 000,003,200 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0 [2010.09.03 17:32:26 | 000,000,006 | -H-- | M] () -- C:\Windows\tasks\SA.DAT [2010.09.03 17:32:21 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat [2010.09.03 17:32:19 | 3220,692,992 | -HS- | M] () -- C:\hiberfil.sys [2010.09.03 15:22:21 | 002,982,003 | -H-- | M] () -- C:\Users\Fabian\AppData\Local\IconCache.db [2010.09.03 14:09:51 | 000,000,810 | ---- | M] () -- C:\Users\Fabian\Desktop\CCleaner.lnk [2010.09.03 14:08:04 | 000,000,698 | ---- | M] () -- C:\Windows\System32\drivers\etc\hosts [2010.09.03 13:15:32 | 000,002,231 | ---- | M] () -- C:\Users\Public\Desktop\iTunes.lnk [2010.09.02 21:44:08 | 000,000,420 | -H-- | M] () -- C:\Windows\tasks\User_Feed_Synchronization-{C27515C3-4436-493B-94A2-3C3CF69BDCC9}.job [2010.09.02 21:29:01 | 000,009,466 | ---- | M] () -- C:\Users\Fabian\Desktop\12-1.odt [2010.09.02 21:02:35 | 000,000,824 | ---- | M] () -- C:\Users\Public\Desktop\Malwarebytes' Anti-Malware.lnk [2010.09.02 19:55:23 | 000,001,732 | ---- | M] () -- C:\Users\Public\Desktop\QuickTime Player.lnk [2010.08.28 18:17:43 | 000,010,248 | ---- | M] () -- C:\Users\Fabian\Desktop\Gryphius.odt [2010.08.18 17:51:56 | 000,000,476 | -H-- | M] () -- C:\Windows\tasks\Norton Security Scan for Fabian.job [2010.08.17 14:29:05 | 000,000,069 | ---- | M] () -- C:\Windows\NeroDigital.ini [2010.08.17 14:29:04 | 000,206,848 | ---- | M] () -- C:\Users\Fabian\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini [2 C:\Windows\System32\*.tmp files -> C:\Windows\System32\*.tmp -> ] [2 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ] ========== Files Created - No Company Name ========== [2010.09.03 14:09:51 | 000,000,810 | ---- | C] () -- C:\Users\Fabian\Desktop\CCleaner.lnk [2010.09.02 21:02:35 | 000,000,824 | ---- | C] () -- C:\Users\Public\Desktop\Malwarebytes' Anti-Malware.lnk [2010.09.02 19:55:23 | 000,001,732 | ---- | C] () -- C:\Users\Public\Desktop\QuickTime Player.lnk [2010.08.28 18:17:42 | 000,010,248 | ---- | C] () -- C:\Users\Fabian\Desktop\Gryphius.odt [2010.08.22 18:25:59 | 000,009,466 | ---- | C] () -- C:\Users\Fabian\Desktop\12-1.odt [2010.08.10 13:56:50 | 000,581,120 | ---- | C] () -- C:\Users\Fabian\Desktop\lame.exe [2010.08.10 13:44:56 | 004,174,814 | ---- | C] () -- C:\Windows\System32\CT4MGM.SF2 [2009.11.02 19:48:01 | 008,676,883 | ---- | C] () -- C:\Windows\System32\mp3Media2.dll [2009.05.15 16:18:52 | 001,970,176 | ---- | C] () -- C:\Windows\System32\d3dx9.dll [2009.02.20 15:28:45 | 000,162,304 | ---- | C] () -- C:\Windows\System32\ztvunrar36.dll [2009.02.20 15:28:45 | 000,077,312 | ---- | C] () -- C:\Windows\System32\ztvunace26.dll [2008.12.22 13:10:46 | 000,009,509 | ---- | C] () -- C:\ProgramData\LUUnInstall.LiveUpdate [2008.10.18 16:40:43 | 000,004,984 | ---- | C] () -- C:\ProgramData\jexqjxsy.dne [2008.10.18 16:40:35 | 000,000,060 | ---- | C] () -- C:\Windows\IniFile1.ini [2008.09.13 14:45:28 | 000,004,753 | ---- | C] () -- C:\ProgramData\hpzinstall.log [2008.09.01 22:42:53 | 000,264,192 | ---- | C] () -- C:\Windows\System32\midas.dll [2008.09.01 22:41:14 | 000,179,712 | ---- | C] () -- C:\Windows\System32\D5uninst.dll [2008.09.01 22:41:14 | 000,036,864 | ---- | C] () -- C:\Windows\System32\IDUNINST.DLL [2008.08.13 14:34:20 | 000,000,094 | ---- | C] () -- C:\Users\Fabian\AppData\Local\fusioncache.dat [2008.05.28 18:15:27 | 000,716,272 | ---- | C] () -- C:\Windows\System32\drivers\sptd.sys [2008.01.14 19:44:19 | 000,032,825 | ---- | C] () -- C:\Windows\Irremote.ini [2008.01.14 19:44:09 | 000,065,536 | ---- | C] () -- C:\Windows\System32\dmcrypto.dll [2008.01.14 19:43:46 | 000,000,135 | ---- | C] () -- C:\Windows\ODBC.INI [2008.01.14 19:43:45 | 000,159,744 | ---- | C] () -- C:\Windows\System32\hcwChDB.dll [2008.01.14 19:43:14 | 000,002,075 | ---- | C] () -- C:\Windows\HCWPNP.INI [2008.01.14 19:42:12 | 000,040,960 | ---- | C] () -- C:\Windows\System32\bdadll.dll [2007.12.26 23:41:32 | 000,019,900 | ---- | C] () -- C:\Users\Fabian\AppData\Roaming\UserTile.png [2007.12.26 01:09:48 | 000,000,025 | ---- | C] () -- C:\Windows\SIERRA.INI [2007.12.26 01:04:15 | 000,156,160 | ---- | C] () -- C:\Windows\System32\unrar3.dll [2007.12.26 01:04:15 | 000,075,264 | ---- | C] () -- C:\Windows\System32\unacev2.dll [2007.12.08 11:27:15 | 000,001,356 | ---- | C] () -- C:\Users\Fabian\AppData\Local\d3d9caps.dat [2007.11.22 22:22:43 | 000,000,305 | ---- | C] () -- C:\ProgramData\addr_file.html [2007.11.20 18:43:04 | 000,321,265 | ---- | C] () -- C:\Users\Fabian\AppData\Local\ltjjcd_nav.dat [2007.11.20 18:43:04 | 000,020,048 | ---- | C] () -- C:\Users\Fabian\AppData\Local\ltjjcd.dat [2007.11.20 18:43:04 | 000,001,479 | ---- | C] () -- C:\Users\Fabian\AppData\Local\ltjjcd_navps.dat [2007.11.18 19:15:53 | 000,237,568 | ---- | C] () -- C:\Windows\System32\lame_enc.dll [2007.11.08 18:10:12 | 000,069,632 | R--- | C] () -- C:\Windows\System32\xmltok.dll [2007.11.08 18:10:12 | 000,036,864 | R--- | C] () -- C:\Windows\System32\xmlparse.dll [2007.11.08 17:52:59 | 000,007,552 | ---- | C] () -- C:\Windows\System32\drivers\enodpl.sys [2007.11.08 17:52:59 | 000,004,736 | ---- | C] () -- C:\Windows\System32\drivers\tandpl.sys [2007.11.06 21:36:09 | 000,005,784 | ---- | C] () -- C:\Users\Fabian\AppData\Roaming\wklnhst.dat [2007.11.02 20:41:38 | 000,000,069 | ---- | C] () -- C:\Windows\NeroDigital.ini [2007.11.02 20:41:36 | 000,206,848 | ---- | C] () -- C:\Users\Fabian\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini [2007.07.25 15:24:30 | 001,559,040 | ---- | C] () -- C:\Windows\System32\xvidcore.dll [2007.04.14 16:57:06 | 000,053,248 | ---- | C] () -- C:\Windows\System32\AgCPanelTraditionalChinese.dll [2007.04.14 16:57:06 | 000,053,248 | ---- | C] () -- C:\Windows\System32\AgCPanelSwedish.dll [2007.04.14 16:57:06 | 000,053,248 | ---- | C] () -- C:\Windows\System32\AgCPanelSpanish.dll [2007.04.14 16:57:04 | 000,053,248 | ---- | C] () -- C:\Windows\System32\AgCPanelSimplifiedChinese.dll [2007.04.14 16:57:04 | 000,053,248 | ---- | C] () -- C:\Windows\System32\AgCPanelPortugese.dll [2007.04.14 16:57:04 | 000,053,248 | ---- | C] () -- C:\Windows\System32\AgCPanelKorean.dll [2007.04.14 16:57:04 | 000,053,248 | ---- | C] () -- C:\Windows\System32\AgCPanelJapanese.dll [2007.04.14 16:57:04 | 000,053,248 | ---- | C] () -- C:\Windows\System32\AgCPanelGerman.dll [2007.04.14 16:57:04 | 000,053,248 | ---- | C] () -- C:\Windows\System32\AgCPanelFrench.dll [2007.01.01 03:49:06 | 000,000,342 | ---- | C] () -- C:\Windows\{9A3BC157-B94F-4EFD-ABA9-1E56DEB00655}_WiseFW.ini [2006.11.02 14:35:32 | 000,005,632 | ---- | C] () -- C:\Windows\System32\sysprepMCE.dll [2006.11.02 09:40:29 | 000,013,750 | ---- | C] () -- C:\Windows\System32\pacerprf.ini [2006.08.11 10:52:02 | 000,012,288 | ---- | C] () -- C:\Windows\System32\EvOnlDiag.dll [2006.02.26 16:08:28 | 000,585,728 | ---- | C] () -- C:\Windows\System32\xvidvfw.dll [2002.07.31 18:32:03 | 000,056,832 | ---- | C] () -- C:\Windows\System32\iyvu9_32.dll [2000.04.14 17:50:02 | 000,343,040 | ---- | C] () -- C:\Windows\System32\Lffpx7.dll [1998.06.11 14:08:06 | 000,095,232 | ---- | C] () -- C:\Windows\System32\Lfkodak.dll ========== LOP Check ========== [2007.11.27 22:09:51 | 000,000,000 | ---D | M] -- C:\Users\Fabian\AppData\Roaming\Application Data [2007.11.29 16:14:08 | 000,000,000 | ---D | M] -- C:\Users\Fabian\AppData\Roaming\Atari [2007.12.29 21:09:12 | 000,000,000 | ---D | M] -- C:\Users\Fabian\AppData\Roaming\Azureus [2007.12.23 21:13:22 | 000,000,000 | ---D | M] -- C:\Users\Fabian\AppData\Roaming\Command & Conquer 3 Tiberium Wars [2007.11.23 19:34:22 | 000,000,000 | ---D | M] -- C:\Users\Fabian\AppData\Roaming\concept design [2008.06.21 14:36:08 | 000,000,000 | ---D | M] -- C:\Users\Fabian\AppData\Roaming\Crystal Player [2007.12.26 21:43:16 | 000,000,000 | ---D | M] -- C:\Users\Fabian\AppData\Roaming\DeepBurner [2010.05.30 19:37:16 | 000,000,000 | ---D | M] -- C:\Users\Fabian\AppData\Roaming\DVDVideoSoftIEHelpers [2009.11.10 09:56:37 | 000,000,000 | ---D | M] -- C:\Users\Fabian\AppData\Roaming\FMZilla [2010.08.10 14:04:03 | 000,000,000 | ---D | M] -- C:\Users\Fabian\AppData\Roaming\foobar2000 [2010.04.25 00:02:38 | 000,000,000 | ---D | M] -- C:\Users\Fabian\AppData\Roaming\gtk-2.0 [2010.09.03 17:40:54 | 000,000,000 | ---D | M] -- C:\Users\Fabian\AppData\Roaming\ICQ [2007.11.03 00:21:25 | 000,000,000 | ---D | M] -- C:\Users\Fabian\AppData\Roaming\ICQ Toolbar [2008.01.09 21:33:16 | 000,000,000 | ---D | M] -- C:\Users\Fabian\AppData\Roaming\JLC's Software [2008.03.12 13:21:29 | 000,000,000 | ---D | M] -- C:\Users\Fabian\AppData\Roaming\Jägermeister RadioPlayer [2009.06.23 13:31:36 | 000,000,000 | ---D | M] -- C:\Users\Fabian\AppData\Roaming\Lern-o-Mat [2007.11.18 19:21:23 | 000,000,000 | ---D | M] -- C:\Users\Fabian\AppData\Roaming\lexiCan 2 [2008.03.28 15:28:14 | 000,000,000 | ---D | M] -- C:\Users\Fabian\AppData\Roaming\Netscape [2008.03.12 21:40:21 | 000,000,000 | ---D | M] -- C:\Users\Fabian\AppData\Roaming\Opera [2008.01.27 22:57:11 | 000,000,000 | ---D | M] -- C:\Users\Fabian\AppData\Roaming\Ordner HP Share-to-Web [2007.11.16 21:45:09 | 000,000,000 | ---D | M] -- C:\Users\Fabian\AppData\Roaming\Participatory Culture Foundation [2007.11.17 00:00:14 | 000,000,000 | ---D | M] -- C:\Users\Fabian\AppData\Roaming\PCF-VLC [2007.12.26 23:41:32 | 000,000,000 | ---D | M] -- C:\Users\Fabian\AppData\Roaming\PeerNetworking [2008.07.01 09:12:45 | 000,000,000 | ---D | M] -- C:\Users\Fabian\AppData\Roaming\Recorder [2009.11.02 21:11:08 | 000,000,000 | ---D | M] -- C:\Users\Fabian\AppData\Roaming\Softplicity [2010.08.10 13:45:08 | 000,000,000 | ---D | M] -- C:\Users\Fabian\AppData\Roaming\Spesoft Audio Converter [2009.11.08 16:04:31 | 000,000,000 | ---D | M] -- C:\Users\Fabian\AppData\Roaming\streamripper [2009.08.19 11:37:07 | 000,000,000 | ---D | M] -- C:\Users\Fabian\AppData\Roaming\Teeworlds [2007.11.17 17:36:15 | 000,000,000 | ---D | M] -- C:\Users\Fabian\AppData\Roaming\Template [2007.11.23 15:41:43 | 000,000,000 | ---D | M] -- C:\Users\Fabian\AppData\Roaming\TrojanHunter [2007.11.25 19:49:19 | 000,000,000 | ---D | M] -- C:\Users\Gast\AppData\Roaming\Application Data [2010.09.03 15:22:33 | 000,032,634 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT [2010.09.02 21:44:08 | 000,000,420 | -H-- | M] () -- C:\Windows\Tasks\User_Feed_Synchronization-{C27515C3-4436-493B-94A2-3C3CF69BDCC9}.job ========== Purity Check ========== ========== Custom Scans ========== < %ALLUSERSPROFILE%\Application Data\*. > < %ALLUSERSPROFILE%\Application Data\*.exe /s > < %APPDATA%\*. > [2010.09.02 18:56:32 | 000,000,000 | ---D | M] -- C:\Users\Fabian\AppData\Roaming\Adobe [2007.11.03 00:16:08 | 000,000,000 | ---D | M] -- C:\Users\Fabian\AppData\Roaming\Ahead [2009.12.21 14:37:01 | 000,000,000 | ---D | M] -- C:\Users\Fabian\AppData\Roaming\Apple Computer [2007.11.27 22:09:51 | 000,000,000 | ---D | M] -- C:\Users\Fabian\AppData\Roaming\Application Data [2007.11.29 16:14:08 | 000,000,000 | ---D | M] -- C:\Users\Fabian\AppData\Roaming\Atari [2007.12.29 21:09:12 | 000,000,000 | ---D | M] -- C:\Users\Fabian\AppData\Roaming\Azureus [2007.12.23 21:13:22 | 000,000,000 | ---D | M] -- C:\Users\Fabian\AppData\Roaming\Command & Conquer 3 Tiberium Wars [2007.11.23 19:34:22 | 000,000,000 | ---D | M] -- C:\Users\Fabian\AppData\Roaming\concept design [2008.06.21 14:36:08 | 000,000,000 | ---D | M] -- C:\Users\Fabian\AppData\Roaming\Crystal Player [2007.12.26 21:43:16 | 000,000,000 | ---D | M] -- C:\Users\Fabian\AppData\Roaming\DeepBurner [2010.04.17 16:02:37 | 000,000,000 | ---D | M] -- C:\Users\Fabian\AppData\Roaming\DivX [2008.01.07 20:20:43 | 000,000,000 | ---D | M] -- C:\Users\Fabian\AppData\Roaming\dvdcss [2010.05.30 19:37:16 | 000,000,000 | ---D | M] -- C:\Users\Fabian\AppData\Roaming\DVDVideoSoftIEHelpers [2009.11.10 09:56:37 | 000,000,000 | ---D | M] -- C:\Users\Fabian\AppData\Roaming\FMZilla [2010.08.10 14:04:03 | 000,000,000 | ---D | M] -- C:\Users\Fabian\AppData\Roaming\foobar2000 [2007.11.04 02:12:13 | 000,000,000 | ---D | M] -- C:\Users\Fabian\AppData\Roaming\Google [2010.04.25 00:02:38 | 000,000,000 | ---D | M] -- C:\Users\Fabian\AppData\Roaming\gtk-2.0 [2008.09.13 14:58:45 | 000,000,000 | ---D | M] -- C:\Users\Fabian\AppData\Roaming\HP [2008.09.13 14:53:50 | 000,000,000 | ---D | M] -- C:\Users\Fabian\AppData\Roaming\HPAppData [2010.09.03 17:40:54 | 000,000,000 | ---D | M] -- C:\Users\Fabian\AppData\Roaming\ICQ [2007.11.03 00:21:25 | 000,000,000 | ---D | M] -- C:\Users\Fabian\AppData\Roaming\ICQ Toolbar [2007.11.02 20:25:03 | 000,000,000 | ---D | M] -- C:\Users\Fabian\AppData\Roaming\Identities [2007.11.03 00:19:50 | 000,000,000 | ---D | M] -- C:\Users\Fabian\AppData\Roaming\InstallShield [2008.01.09 21:33:16 | 000,000,000 | ---D | M] -- C:\Users\Fabian\AppData\Roaming\JLC's Software [2008.03.12 13:21:29 | 000,000,000 | ---D | M] -- C:\Users\Fabian\AppData\Roaming\Jägermeister RadioPlayer [2009.06.23 13:31:36 | 000,000,000 | ---D | M] -- C:\Users\Fabian\AppData\Roaming\Lern-o-Mat [2007.11.18 19:21:23 | 000,000,000 | ---D | M] -- C:\Users\Fabian\AppData\Roaming\lexiCan 2 [2007.11.02 21:54:53 | 000,000,000 | ---D | M] -- C:\Users\Fabian\AppData\Roaming\Macromedia [2010.09.01 19:10:10 | 000,000,000 | ---D | M] -- C:\Users\Fabian\AppData\Roaming\Malwarebytes [2006.11.02 14:37:34 | 000,000,000 | ---D | M] -- C:\Users\Fabian\AppData\Roaming\Media Center Programs [2010.04.03 13:31:41 | 000,000,000 | --SD | M] -- C:\Users\Fabian\AppData\Roaming\Microsoft [2008.02.22 19:36:11 | 000,000,000 | ---D | M] -- C:\Users\Fabian\AppData\Roaming\Mozilla [2008.03.28 15:28:14 | 000,000,000 | ---D | M] -- C:\Users\Fabian\AppData\Roaming\Netscape [2010.09.02 21:29:04 | 000,000,000 | ---D | M] -- C:\Users\Fabian\AppData\Roaming\OpenOffice.org2 [2008.03.12 21:40:21 | 000,000,000 | ---D | M] -- C:\Users\Fabian\AppData\Roaming\Opera [2008.01.27 22:57:11 | 000,000,000 | ---D | M] -- C:\Users\Fabian\AppData\Roaming\Ordner HP Share-to-Web [2007.11.16 21:45:09 | 000,000,000 | ---D | M] -- C:\Users\Fabian\AppData\Roaming\Participatory Culture Foundation [2007.11.24 13:09:56 | 000,000,000 | ---D | M] -- C:\Users\Fabian\AppData\Roaming\PC Tools [2007.11.17 00:00:14 | 000,000,000 | ---D | M] -- C:\Users\Fabian\AppData\Roaming\PCF-VLC [2007.12.26 23:41:32 | 000,000,000 | ---D | M] -- C:\Users\Fabian\AppData\Roaming\PeerNetworking [2009.12.07 18:43:59 | 000,000,000 | ---D | M] -- C:\Users\Fabian\AppData\Roaming\Real [2008.07.01 09:12:45 | 000,000,000 | ---D | M] -- C:\Users\Fabian\AppData\Roaming\Recorder [2009.11.02 21:11:08 | 000,000,000 | ---D | M] -- C:\Users\Fabian\AppData\Roaming\Softplicity [2010.08.10 13:45:08 | 000,000,000 | ---D | M] -- C:\Users\Fabian\AppData\Roaming\Spesoft Audio Converter [2009.11.08 16:04:31 | 000,000,000 | ---D | M] -- C:\Users\Fabian\AppData\Roaming\streamripper [2007.12.27 21:22:02 | 000,000,000 | ---D | M] -- C:\Users\Fabian\AppData\Roaming\Sun [2007.11.02 22:10:29 | 000,000,000 | ---D | M] -- C:\Users\Fabian\AppData\Roaming\Talkback [2009.08.19 11:37:07 | 000,000,000 | ---D | M] -- C:\Users\Fabian\AppData\Roaming\Teeworlds [2007.11.17 17:36:15 | 000,000,000 | ---D | M] -- C:\Users\Fabian\AppData\Roaming\Template [2007.11.23 15:41:43 | 000,000,000 | ---D | M] -- C:\Users\Fabian\AppData\Roaming\TrojanHunter [2007.11.02 22:04:03 | 000,000,000 | ---D | M] -- C:\Users\Fabian\AppData\Roaming\vlc [2008.01.12 21:26:54 | 000,000,000 | ---D | M] -- C:\Users\Fabian\AppData\Roaming\Winamp [2007.11.03 00:17:35 | 000,000,000 | ---D | M] -- C:\Users\Fabian\AppData\Roaming\WinRAR < %APPDATA%\*.exe /s > [2008.05.28 18:46:30 | 000,065,536 | R--- | M] (Macrovision Corporation) -- C:\Users\Fabian\AppData\Roaming\Microsoft\Installer\{0CE1A6C0-F3F7-49E6-8F9D-2431F9827441}\NewShortcut4_0CE1A6C0F3F749E68F9D2431F9827441.exe [2008.05.28 18:46:30 | 000,008,854 | R--- | M] () -- C:\Users\Fabian\AppData\Roaming\Microsoft\Installer\{0CE1A6C0-F3F7-49E6-8F9D-2431F9827441}\UNINST_Uninstall_G_0CE1A6C0F3F749E68F9D2431F9827441_1.exe [2010.07.23 14:35:59 | 000,012,862 | R--- | M] () -- C:\Users\Fabian\AppData\Roaming\Microsoft\Installer\{0E2B767B-EA6A-489B-BF83-8083FE1DB661}\_1EEFFF72773535163E4216.exe [2010.04.03 18:10:06 | 000,040,960 | R--- | M] (InstallShield Software Corp.) -- C:\Users\Fabian\AppData\Roaming\Microsoft\Installer\{3571656A-575D-4CED-809D-5547587121FF}\NewShortcut1.exe [2010.04.03 18:10:06 | 000,040,960 | R--- | M] (InstallShield Software Corp.) -- C:\Users\Fabian\AppData\Roaming\Microsoft\Installer\{3571656A-575D-4CED-809D-5547587121FF}\NewShortcut3.exe [2010.04.03 18:10:06 | 000,040,960 | R--- | M] (InstallShield Software Corp.) -- C:\Users\Fabian\AppData\Roaming\Microsoft\Installer\{3571656A-575D-4CED-809D-5547587121FF}\NewShortcut8.EXE [2008.10.18 16:40:38 | 000,040,886 | R--- | M] () -- C:\Users\Fabian\AppData\Roaming\Microsoft\Installer\{7BE667F1-6643-4469-A830-6C360B1A036F}\ARPPRODUCTICON.exe [2008.10.18 16:40:38 | 000,081,920 | R--- | M] (Macrovision Corporation) -- C:\Users\Fabian\AppData\Roaming\Microsoft\Installer\{7BE667F1-6643-4469-A830-6C360B1A036F}\NewShortcut41_60214528E736452FBFDCB09EE456E7DF.exe [2008.10.18 16:40:38 | 000,081,920 | R--- | M] (Macrovision Corporation) -- C:\Users\Fabian\AppData\Roaming\Microsoft\Installer\{7BE667F1-6643-4469-A830-6C360B1A036F}\NewShortcut4_9A092B0AAA624AF9B05FF418394CD307.exe [2008.10.18 16:40:38 | 000,131,072 | R--- | M] (Macrovision Corporation) -- C:\Users\Fabian\AppData\Roaming\Microsoft\Installer\{7BE667F1-6643-4469-A830-6C360B1A036F}\NewShortcut5_53A455E88AFE48C5A618B7DA9F7EFF69.exe [2008.10.18 16:40:38 | 000,040,886 | R--- | M] () -- C:\Users\Fabian\AppData\Roaming\Microsoft\Installer\{7BE667F1-6643-4469-A830-6C360B1A036F}\NewShortcut7_02EB4E8A30FD4EBB8EEC830B948219AA.exe [2010.07.12 19:44:57 | 000,010,134 | R--- | M] () -- C:\Users\Fabian\AppData\Roaming\Microsoft\Installer\{E3E71D07-CD27-46CB-8448-16D4FB29AA13}\ARPPRODUCTICON.exe [2008.03.12 21:40:17 | 000,061,440 | R--- | M] (InstallShield Software Corp.) -- C:\Users\Fabian\AppData\Roaming\Microsoft\Installer\{FB706A00-C234-4716-AB1F-27DCB192C664}\ARPPRODUCTICON.exe [2010.02.23 18:53:21 | 000,439,816 | ---- | M] (RealNetworks, Inc.) -- C:\Users\Fabian\AppData\Roaming\Real\Update\setup3.09\setup.exe [2010.05.25 17:59:38 | 000,443,912 | ---- | M] (RealNetworks, Inc.) -- C:\Users\Fabian\AppData\Roaming\Real\Update\setup3.10\setup.exe < %SYSTEMDRIVE%\*.exe > [2007.05.03 17:32:29 | 000,000,385 | ---- | M] () -- C:\10099.exe < MD5 for: AGP440.SYS > [2008.01.19 09:42:25 | 000,056,376 | ---- | M] (Microsoft Corporation) MD5=13F9E33747E6B41A3FF305C37DB0D360 -- C:\Windows\SoftwareDistribution\Download\b2ee164db645e6bc8d77bb51f082e3b3\x86_machine.inf_31bf3856ad364e35_6.0.6001.18000_none_ba12ed3bbeb0d97a\AGP440.sys [2007.01.01 02:36:07 | 000,056,504 | ---- | M] (Microsoft Corporation) MD5=198636E76971EBC96404547EC0FD5E75 -- C:\Windows\System32\DriverStore\FileRepository\machine.inf_cb7c81c7\AGP440.sys [2007.01.01 02:36:07 | 000,056,504 | ---- | M] (Microsoft Corporation) MD5=198636E76971EBC96404547EC0FD5E75 -- C:\Windows\winsxs\x86_machine.inf_31bf3856ad364e35_6.0.6000.20598_none_b85cfa98dae9b436\AGP440.sys [2006.11.02 11:49:52 | 000,053,864 | ---- | M] (Microsoft Corporation) MD5=EF23439CDD587F64C2C1B8825CEAD7D8 -- C:\Windows\System32\drivers\AGP440.sys [2006.11.02 11:49:52 | 000,053,864 | ---- | M] (Microsoft Corporation) MD5=EF23439CDD587F64C2C1B8825CEAD7D8 -- C:\Windows\System32\DriverStore\FileRepository\machine.inf_920a2c1f\AGP440.sys < MD5 for: ATAPI.SYS > [2007.01.01 03:25:09 | 000,021,688 | ---- | M] (Microsoft Corporation) MD5=28D0C21DB4FFED1BBFB42E9AA34E0C0D -- C:\Windows\System32\drivers\atapi.sys [2007.01.01 03:25:09 | 000,021,688 | ---- | M] (Microsoft Corporation) MD5=28D0C21DB4FFED1BBFB42E9AA34E0C0D -- C:\Windows\System32\DriverStore\FileRepository\mshdc.inf_37a5f048\atapi.sys [2007.01.01 03:25:09 | 000,021,688 | ---- | M] (Microsoft Corporation) MD5=28D0C21DB4FFED1BBFB42E9AA34E0C0D -- C:\Windows\winsxs\x86_mshdc.inf_31bf3856ad364e35_6.0.6000.20658_none_dbad770d3da236bb\atapi.sys [2008.01.19 09:41:30 | 000,021,560 | ---- | M] (Microsoft Corporation) MD5=2D9C903DC76A66813D350A562DE40ED9 -- C:\Windows\SoftwareDistribution\Download\b2ee164db645e6bc8d77bb51f082e3b3\x86_mshdc.inf_31bf3856ad364e35_6.0.6001.18000_none_dd38281a2189ce9c\atapi.sys [2006.11.02 11:49:36 | 000,019,048 | ---- | M] (Microsoft Corporation) MD5=4F4FCB8B6EA06784FB6D475B7EC7300F -- C:\Windows\System32\DriverStore\FileRepository\mshdc.inf_c6c2e699\atapi.sys < MD5 for: CNGAUDIT.DLL > [2006.11.02 11:46:03 | 000,011,776 | ---- | M] (Microsoft Corporation) MD5=7F15B4953378C8B5161D65C26D5FED4D -- C:\Windows\System32\cngaudit.dll [2006.11.02 11:46:03 | 000,011,776 | ---- | M] (Microsoft Corporation) MD5=7F15B4953378C8B5161D65C26D5FED4D -- C:\Windows\winsxs\x86_microsoft-windows-cngaudit-dll_31bf3856ad364e35_6.0.6000.16386_none_e62d292932a96ce6\cngaudit.dll < MD5 for: IASTOR.SYS > [2007.07.12 16:35:02 | 000,305,176 | ---- | M] (Intel Corporation) MD5=2358C53F30CB9DCD1D3843C4E2F299B2 -- C:\Windows\System32\drivers\iaStor.sys [2007.07.12 16:35:02 | 000,305,176 | ---- | M] (Intel Corporation) MD5=2358C53F30CB9DCD1D3843C4E2F299B2 -- C:\Windows\System32\DriverStore\FileRepository\iastor.inf_ec8a8d1b\iaStor.sys < MD5 for: IASTORV.SYS > [2008.01.19 09:42:51 | 000,235,064 | ---- | M] (Intel Corporation) MD5=54155EA1B0DF185878E0FC9EC3AC3A14 -- C:\Windows\SoftwareDistribution\Download\b2ee164db645e6bc8d77bb51f082e3b3\x86_iastorv.inf_31bf3856ad364e35_6.0.6001.18000_none_af11527887c7fa8f\iaStorV.sys [2006.11.02 11:51:25 | 000,232,040 | ---- | M] (Intel Corporation) MD5=C957BF4B5D80B46C5017BF0101E6C906 -- C:\Windows\System32\drivers\iaStorV.sys [2006.11.02 11:51:25 | 000,232,040 | ---- | M] (Intel Corporation) MD5=C957BF4B5D80B46C5017BF0101E6C906 -- C:\Windows\System32\DriverStore\FileRepository\iastorv.inf_37cdafa4\iaStorV.sys < MD5 for: NETLOGON.DLL > [2006.11.02 11:46:11 | 000,559,616 | ---- | M] (Microsoft Corporation) MD5=889A2C9F2AACCD8F64EF50AC0B3D553B -- C:\Windows\System32\netlogon.dll [2006.11.02 11:46:11 | 000,559,616 | ---- | M] (Microsoft Corporation) MD5=889A2C9F2AACCD8F64EF50AC0B3D553B -- C:\Windows\winsxs\x86_microsoft-windows-security-netlogon_31bf3856ad364e35_6.0.6000.16386_none_fb80f5473b0ed783\netlogon.dll [2008.01.19 09:35:36 | 000,592,384 | ---- | M] (Microsoft Corporation) MD5=A8EFC0B6E75B789F7FD3BA5025D4E37F -- C:\Windows\SoftwareDistribution\Download\b2ee164db645e6bc8d77bb51f082e3b3\x86_microsoft-windows-security-netlogon_31bf3856ad364e35_6.0.6001.18000_none_fdb7b74337f9e857\netlogon.dll < MD5 for: NVSTOR.SYS > [2006.11.02 11:50:13 | 000,040,040 | ---- | M] (NVIDIA Corporation) MD5=9E0BA19A28C498A6D323D065DB76DFFC -- C:\Windows\System32\drivers\nvstor.sys [2006.11.02 11:50:13 | 000,040,040 | ---- | M] (NVIDIA Corporation) MD5=9E0BA19A28C498A6D323D065DB76DFFC -- C:\Windows\System32\DriverStore\FileRepository\nvraid.inf_733654ff\nvstor.sys [2008.01.19 09:42:09 | 000,045,112 | ---- | M] (NVIDIA Corporation) MD5=ABED0C09758D1D97DB0042DBB2688177 -- C:\Windows\SoftwareDistribution\Download\b2ee164db645e6bc8d77bb51f082e3b3\x86_nvraid.inf_31bf3856ad364e35_6.0.6001.18000_none_39dac327befea467\nvstor.sys < MD5 for: NVSTOR32.SYS > [2007.07.02 17:37:08 | 000,110,112 | ---- | M] (NVIDIA Corporation) MD5=703E3A7093B0FAC0EEBADBB8E931ECAF -- C:\Windows\System32\drivers\nvstor32.sys [2007.07.02 17:37:08 | 000,110,112 | ---- | M] (NVIDIA Corporation) MD5=703E3A7093B0FAC0EEBADBB8E931ECAF -- C:\Windows\System32\DriverStore\FileRepository\nvrd32.inf_bbf77119\nvstor32.sys < MD5 for: SCECLI.DLL > [2008.01.19 09:36:19 | 000,177,152 | ---- | M] (Microsoft Corporation) MD5=28B84EB538F7E8A0FE8B9299D591E0B9 -- C:\Windows\SoftwareDistribution\Download\b2ee164db645e6bc8d77bb51f082e3b3\x86_microsoft-windows-s..urationengineclient_31bf3856ad364e35_6.0.6001.18000_none_380de25bd91b6f12\scecli.dll [2006.11.02 11:46:12 | 000,176,640 | ---- | M] (Microsoft Corporation) MD5=80E2839D05CA5970A86D7BE2A08BFF61 -- C:\Windows\System32\scecli.dll [2006.11.02 11:46:12 | 000,176,640 | ---- | M] (Microsoft Corporation) MD5=80E2839D05CA5970A86D7BE2A08BFF61 -- C:\Windows\winsxs\x86_microsoft-windows-s..urationengineclient_31bf3856ad364e35_6.0.6000.16386_none_35d7205fdc305e3e\scecli.dll < MD5 for: USER32.DLL > [2008.01.19 09:36:46 | 000,627,200 | ---- | M] (Microsoft Corporation) MD5=B974D9F06DC7D1908E825DC201681269 -- C:\Windows\SoftwareDistribution\Download\b2ee164db645e6bc8d77bb51f082e3b3\x86_microsoft-windows-user32_31bf3856ad364e35_6.0.6001.18000_none_cd386c416d5c7f32\user32.dll [2006.11.02 11:46:13 | 000,633,856 | ---- | M] (Microsoft Corporation) MD5=E698A5437B89A285ACA3FF022356810A -- C:\Windows\winsxs\x86_microsoft-windows-user32_31bf3856ad364e35_6.0.6000.16386_none_cb01aa4570716e5e\user32.dll [2007.01.01 02:03:03 | 000,633,856 | ---- | M] (Microsoft Corporation) Unable to obtain MD5 -- C:\Windows\System32\user32.dll [2007.01.01 02:03:03 | 000,633,856 | ---- | M] (Microsoft Corporation) Unable to obtain MD5 -- C:\Windows\winsxs\x86_microsoft-windows-user32_31bf3856ad364e35_6.0.6000.20587_none_cb8c4940898e24a6\user32.dll < MD5 for: USERINIT.EXE > [2008.01.19 09:33:33 | 000,025,088 | ---- | M] (Microsoft Corporation) MD5=0E135526E9785D085BCD9AEDE6FBCBF9 -- C:\Windows\SoftwareDistribution\Download\b2ee164db645e6bc8d77bb51f082e3b3\x86_microsoft-windows-userinit_31bf3856ad364e35_6.0.6001.18000_none_dc28ba15d1aff80b\userinit.exe [2006.11.02 11:45:50 | 000,024,576 | ---- | M] (Microsoft Corporation) MD5=22027835939F86C3E47AD8E3FBDE3D11 -- C:\Windows\System32\userinit.exe [2006.11.02 11:45:50 | 000,024,576 | ---- | M] (Microsoft Corporation) MD5=22027835939F86C3E47AD8E3FBDE3D11 -- C:\Windows\winsxs\x86_microsoft-windows-userinit_31bf3856ad364e35_6.0.6000.16386_none_d9f1f819d4c4e737\userinit.exe < MD5 for: VIAMRAID.SYS > [2006.11.08 15:23:52 | 000,102,912 | ---- | M] (VIA Technologies inc,.ltd) MD5=7DC3E1DC6E4F8BE381C31BFEA578412A -- C:\Windows\System32\drivers\viamraid.sys [2006.11.08 15:23:52 | 000,102,912 | ---- | M] (VIA Technologies inc,.ltd) MD5=7DC3E1DC6E4F8BE381C31BFEA578412A -- C:\Windows\System32\DriverStore\FileRepository\viamraid.inf_74a36694\viamraid.sys < MD5 for: WINLOGON.EXE > [2006.11.02 11:45:57 | 000,308,224 | ---- | M] (Microsoft Corporation) MD5=9F75392B9128A91ABAFB044EA350BAAD -- C:\Windows\winsxs\x86_microsoft-windows-winlogon_31bf3856ad364e35_6.0.6000.16386_none_6d8c3f1ad8066b21\winlogon.exe [2007.01.01 02:06:13 | 000,308,224 | ---- | M] (Microsoft Corporation) MD5=A3FEA6ED9FD3CF07219A632E4A716226 -- C:\Windows\System32\winlogon.exe [2007.01.01 02:06:13 | 000,308,224 | ---- | M] (Microsoft Corporation) MD5=A3FEA6ED9FD3CF07219A632E4A716226 -- C:\Windows\winsxs\x86_microsoft-windows-winlogon_31bf3856ad364e35_6.0.6000.20593_none_6e080d01f12ed7fe\winlogon.exe [2008.01.19 09:33:37 | 000,314,880 | ---- | M] (Microsoft Corporation) MD5=C2610B6BDBEFC053BBDAB4F1B965CB24 -- C:\Windows\SoftwareDistribution\Download\b2ee164db645e6bc8d77bb51f082e3b3\x86_microsoft-windows-winlogon_31bf3856ad364e35_6.0.6001.18000_none_6fc30116d4f17bf5\winlogon.exe < MD5 for: WS2IFSL.SYS > [2006.11.02 10:58:26 | 000,015,872 | ---- | M] (Microsoft Corporation) MD5=84620AECDCFD2A7A14E6263927D8C0ED -- C:\Windows\System32\drivers\ws2ifsl.sys [2006.11.02 10:58:26 | 000,015,872 | ---- | M] (Microsoft Corporation) MD5=84620AECDCFD2A7A14E6263927D8C0ED -- C:\Windows\winsxs\x86_microsoft-windows-w..rastructure-ws2ifsl_31bf3856ad364e35_6.0.6000.16386_none_4d4fded8cae2956d\ws2ifsl.sys [2008.01.19 07:56:49 | 000,015,872 | ---- | M] (Microsoft Corporation) MD5=E3A3CB253C0EC2494D4A61F5E43A389C -- C:\Windows\SoftwareDistribution\Download\b2ee164db645e6bc8d77bb51f082e3b3\x86_microsoft-windows-w..rastructure-ws2ifsl_31bf3856ad364e35_6.0.6001.18000_none_4f86a0d4c7cda641\ws2ifsl.sys < %systemroot%\system32\drivers\*.sys /lockedfiles > [2008.05.28 18:15:27 | 000,716,272 | ---- | M] () Unable to obtain MD5 -- C:\Windows\System32\drivers\sptd.sys < %systemroot%\System32\config\*.sav > [2007.10.16 08:29:22 | 006,664,192 | ---- | M] () -- C:\Windows\System32\config\COMPONENTS.SAV [2007.10.16 08:29:20 | 000,102,400 | ---- | M] () -- C:\Windows\System32\config\DEFAULT.SAV [2007.10.16 08:29:22 | 000,020,480 | ---- | M] () -- C:\Windows\System32\config\SECURITY.SAV [2007.10.16 08:29:28 | 015,720,448 | ---- | M] () -- C:\Windows\System32\config\SOFTWARE.SAV [2007.10.16 08:29:29 | 006,021,120 | ---- | M] () -- C:\Windows\System32\config\SYSTEM.SAV < %systemroot%\*. /mp /s > < %systemroot%\system32\*.dll /lockedfiles > [2006.11.02 11:47:18 | 000,228,968 | ---- | M] (Microsoft Corporation) Unable to obtain MD5 -- C:\Windows\System32\rsaenh.dll [2007.01.01 01:50:44 | 000,223,232 | ---- | M] (Microsoft Corporation) Unable to obtain MD5 -- C:\Windows\System32\SLC.dll [2 C:\Windows\system32\*.tmp files -> C:\Windows\system32\*.tmp -> ] ========== Alternate Data Streams ========== @Alternate Data Stream - 481 bytes -> C:\ProgramData\TEMP:05EE1EEF @Alternate Data Stream - 106 bytes -> C:\ProgramData\TEMP:DFC5A2B2 < End of report > |
|
03.09.2010, 17:19
| #4 |
| /// Malware-holic | Security Tool bitte erstelle und poste ein combofix log. Ein Leitfaden und Tutorium zur Nutzung von ComboFix |
|
03.09.2010, 17:29
| #5 |
| | Security Tool jetzt spinnt mein antivir total <.< C:/32788R22FWJFW/hidec.exe enthält erkennungsmuster des spr/Tool.HiteA.Programmes das ganze 3 mal und Die datei enthält ein ausführbares programm. dies wird jedoch durch eine harmlose dateierweiterung verschleiert (hiddentext/crypt ) was soll ich machen ?^^ edit : also das kam nach dem ich combofix installieren wollte |
|
03.09.2010, 17:36
| #6 |
| /// Malware-holic | Security Tool ja, rechtsklick avira schirm, guard deaktivieren ist dir eigendlich bewusst das du avira 8 benutzt, avira 10 aber aktuell ist? dir fehlen einige schutz komponennten, die dich evtl. gerettet hätten. bei deinem pc müssen wir nachher noch ordentlich updates einspielen.b |
|
03.09.2010, 18:11
| #7 |
| | Security Tool hm..ok so ? combofix.log Code:
ATTFilter ComboFix 10-09-02.04 - Fabian 03.09.2010 18:53:06.1.2 - x86
Microsoft® Windows Vista™ Home Premium 6.0.6000.0.1252.49.1031.18.3071.1991 [GMT 2:00]
ausgeführt von:: c:\users\Fabian\Downloads\ComboFix.exe
AV: Avira AntiVir PersonalEdition *On-access scanning disabled* (Outdated) {AD166499-45F9-482A-A743-FDD3350758C7}
AV: Kaspersky Internet Security *On-access scanning enabled* (Updated) {2C4D4BC6-0793-4956-A9F9-E252435469C0}
FW: Kaspersky Internet Security *disabled* {2C4D4BC6-0793-4956-A9F9-E252435469C0}
SP: Avira AntiVir PersonalEdition *enabled* (Updated) {AD166499-45F9-482A-A743-FDD3350758C7}
SP: Kaspersky Internet Security *enabled* (Updated) {2C4D4BC6-0793-4956-A9F9-E252435469C0}
SP: Spyware Doctor *enabled* (Updated) {1C3EDD79-273E-46ac-99F8-EFA9E7CBC301}
SP: Windows-Defender *enabled* (Outdated) {D68DDC3A-831F-4FAE-9E44-DA132C1ACF46}
.
(((((((((((((((((((((((((((((((((((( Weitere Löschungen ))))))))))))))))))))))))))))))))))))))))))))))))
.
C:\10099.exe
c:\programdata\Microsoft\Network\Downloader\qmgr0.dat
c:\programdata\Microsoft\Network\Downloader\qmgr1.dat
c:\users\Fabian\AppData\Local\ltjjcd.dat
c:\users\Fabian\AppData\Local\ltjjcd_nav.dat
c:\users\Fabian\AppData\Local\ltjjcd_navps.dat
c:\users\Fabian\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Videos.url
c:\users\Fabian\FAVORI~1\Videos.url
c:\users\Fabian\Favorites\Videos.url
c:\windows\system32\AutoRun.inf
----- BITS: Eventuell infizierte Webseiten -----
hxxp://cr-tools.clients.gooj+|Cv+@J:NGD_DQ{zZOmOd&EQi2=Silverlight Updater
.
((((((((((((((((((((((( Dateien erstellt von 2010-08-03 bis 2010-09-03 ))))))))))))))))))))))))))))))
.
2010-09-03 17:04 . 2010-09-03 17:04 -------- d-----w- c:\users\Default\AppData\Local\temp
2010-09-03 17:04 . 2010-09-03 17:04 -------- d-----w- c:\users\Gast\AppData\Local\temp
2010-09-03 12:24 . 2010-09-03 12:24 -------- d-----w- C:\rsit
2010-09-03 12:09 . 2010-09-03 12:09 -------- d-----w- c:\program files\CCleaner
2010-09-02 19:02 . 2010-04-29 10:19 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2010-09-02 19:02 . 2010-04-29 10:19 20952 ----a-w- c:\windows\system32\drivers\mbam.sys
2010-09-02 16:57 . 2010-09-02 16:57 -------- d-----w- c:\users\Fabian\AppData\Local\DVDVideoSoftTB
2010-09-01 17:10 . 2010-09-01 17:10 -------- d-----w- c:\users\Fabian\AppData\Roaming\Malwarebytes
2010-09-01 17:09 . 2010-09-02 19:02 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2010-09-01 17:09 . 2010-09-01 17:09 -------- d-----w- c:\programdata\Malwarebytes
2010-08-19 17:25 . 2010-08-19 17:25 -------- d-----w- c:\programdata\Last(56).fm
2010-08-10 11:50 . 2010-08-10 12:04 -------- d-----w- c:\users\Fabian\AppData\Roaming\foobar2000
2010-08-10 11:50 . 2010-08-10 11:50 -------- d-----w- c:\program files\foobar2000
2010-08-10 11:45 . 2010-08-10 11:45 -------- d-----w- c:\users\Fabian\AppData\Roaming\Spesoft Audio Converter
2010-08-10 11:44 . 2010-08-10 11:45 -------- d-----w- c:\program files\Spesoft Audio Converter
2010-08-10 11:41 . 2010-08-10 11:42 -------- d-----w- c:\program files\FLAC to MP3 Converter
.
(((((((((((((((((((((((((((((((((((( Find3M Bericht ))))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-09-03 16:52 . 2006-11-02 15:33 655692 ----a-w- c:\windows\system32\perfh007.dat
2010-09-03 16:52 . 2006-11-02 15:33 122662 ----a-w- c:\windows\system32\perfc007.dat
2010-09-03 16:43 . 2007-11-02 22:20 -------- d-----w- c:\users\Fabian\AppData\Roaming\ICQ
2010-09-03 12:24 . 2007-11-28 13:38 -------- d-----w- c:\program files\Trend Micro
2010-09-03 11:12 . 2010-06-20 10:23 -------- d-----w- c:\program files\ICQ7.2
2010-09-03 03:43 . 2010-07-02 13:57 -------- d-----w- c:\program files\Last.fm
2010-09-03 03:43 . 2010-02-25 21:37 -------- d-----w- c:\programdata\FLEXnet
2010-09-03 03:43 . 2009-11-07 19:02 -------- d-----w- c:\program files\Streamripper
2010-09-03 03:43 . 2009-11-03 14:42 -------- d-----w- c:\programdata\PMB Files
2010-09-03 03:43 . 2009-02-10 13:08 -------- d-----w- c:\program files\Softonic_Deutsch
2010-09-03 03:43 . 2008-03-28 13:18 -------- d-----w- c:\program files\Safari
2010-09-03 03:43 . 2009-11-29 11:28 -------- d-----w- c:\program files\iTunes
2010-09-03 03:43 . 2010-01-17 12:31 -------- d-----w- c:\program files\FolderAccess
2010-09-03 03:43 . 2007-01-01 01:47 -------- d-----w- c:\program files\Common Files\Adobe
2010-09-03 03:40 . 2010-07-02 13:58 -------- d-----w- c:\programdata\Last.fm
2010-09-02 21:22 . 2008-06-17 14:52 -------- d-----w- c:\program files\ICQToolbar
2010-09-02 19:29 . 2008-01-08 13:45 -------- d-----w- c:\users\Fabian\AppData\Roaming\OpenOffice.org2
2010-09-02 19:26 . 2008-01-08 13:46 1 ----a-w- c:\users\Fabian\AppData\Roaming\OpenOffice.org2\user\uno_packages\cache\stamp.sys
2010-09-02 17:55 . 2010-07-27 17:55 -------- d-----w- c:\program files\QuickTime
2010-09-02 17:03 . 2009-06-12 11:58 -------- d-----w- c:\program files\ICQ6Toolbar
2010-07-27 18:02 . 2010-07-27 18:00 -------- d-----w- c:\programdata\{429CAD59-35B1-4DBC-BB6D-1DB246563521}
2010-07-27 18:00 . 2010-07-27 18:00 -------- d-----w- c:\program files\iPod
2010-07-27 18:00 . 2008-01-09 21:16 -------- d-----w- c:\program files\Common Files\Apple
2010-07-27 17:49 . 2010-07-27 17:49 -------- d-----w- c:\program files\Bonjour
2010-07-27 17:46 . 2010-07-27 17:46 73000 ----a-w- c:\programdata\Apple Computer\Installer Cache\iTunes 9.2.1.5\SetupAdmin.exe
2010-07-23 21:00 . 2009-11-13 17:29 -------- d-----w- c:\program files\Microsoft Silverlight
2010-07-23 12:35 . 2010-07-23 12:35 12862 ----a-r- c:\users\Fabian\AppData\Roaming\Microsoft\Installer\{0E2B767B-EA6A-489B-BF83-8083FE1DB661}\_1EEFFF72773535163E4216.exe
2010-07-23 12:35 . 2010-04-07 18:43 -------- d-----w- c:\program files\Pcsx2
2010-07-23 11:57 . 2010-07-23 11:52 -------- d-----w- c:\program files\PCSX2 0.9.7
2010-07-13 16:39 . 2010-07-13 16:39 -------- d-----w- c:\programdata\Electronic Arts
2010-07-13 16:38 . 2007-12-23 17:56 -------- d-----w- c:\program files\Electronic Arts
2010-07-12 17:44 . 2010-07-12 17:44 10134 ----a-r- c:\users\Fabian\AppData\Roaming\Microsoft\Installer\{E3E71D07-CD27-46CB-8448-16D4FB29AA13}\ARPPRODUCTICON.exe
2010-07-12 17:44 . 2010-07-12 17:44 -------- d-----w- c:\program files\Microsoft WSE
2010-07-12 17:28 . 2007-12-25 21:52 -------- d--h--w- c:\program files\InstallShield Installation Information
2010-07-02 13:58 . 2010-07-02 13:58 108 ----a-w- c:\programdata\Last.fm\Client\uninst2.bat
2010-07-02 13:58 . 2010-07-02 13:58 683801 ----a-w- c:\programdata\Last.fm\Client\UninstWMP\unins000.exe
2010-07-02 13:58 . 2010-07-02 13:58 683801 ----a-w- c:\programdata\Last.fm\Client\UninstITW\unins000.exe
2010-06-15 16:02 . 2010-06-15 16:02 1079048 ----a-w- c:\programdata\Microsoft\eHome\Packages\MCESpotlight\MCESpotlight\SpotlightResources.dll
2010-06-13 21:45 . 2008-03-28 13:20 138024 ---ha-w- c:\windows\system32\mlfcache.dat
.
(((((((((((((((((((((((((((( Autostartpunkte der Registrierung ))))))))))))))))))))))))))))))))))))))))
.
.
*Hinweis* leere Einträge & legitime Standardeinträge werden nicht angezeigt.
REGEDIT4
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\URLSearchHooks]
"{8dbb6d8e-e4a6-4e3b-9753-af78b226441c}"= "c:\program files\Softonic_Deutsch\tbSof1.dll" [2009-06-11 2094616]
"{872b5b88-9db5-4310-bdd0-ac189557e5f5}"= "c:\program files\DVDVideoSoftTB\tbDVDV.dll" [2010-04-15 2515552]
[HKEY_CLASSES_ROOT\clsid\{8dbb6d8e-e4a6-4e3b-9753-af78b226441c}]
[HKEY_CLASSES_ROOT\clsid\{872b5b88-9db5-4310-bdd0-ac189557e5f5}]
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{872b5b88-9db5-4310-bdd0-ac189557e5f5}]
2010-04-15 10:33 2515552 ----a-w- c:\program files\DVDVideoSoftTB\tbDVDV.dll
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{8dbb6d8e-e4a6-4e3b-9753-af78b226441c}]
2009-06-11 12:56 2094616 ----a-w- c:\program files\Softonic_Deutsch\tbSof1.dll
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
"{8dbb6d8e-e4a6-4e3b-9753-af78b226441c}"= "c:\program files\Softonic_Deutsch\tbSof1.dll" [2009-06-11 2094616]
"{872b5b88-9db5-4310-bdd0-ac189557e5f5}"= "c:\program files\DVDVideoSoftTB\tbDVDV.dll" [2010-04-15 2515552]
[HKEY_CLASSES_ROOT\clsid\{8dbb6d8e-e4a6-4e3b-9753-af78b226441c}]
[HKEY_CLASSES_ROOT\clsid\{872b5b88-9db5-4310-bdd0-ac189557e5f5}]
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\Webbrowser]
"{8DBB6D8E-E4A6-4E3B-9753-AF78B226441C}"= "c:\program files\Softonic_Deutsch\tbSof1.dll" [2009-06-11 2094616]
"{872B5B88-9DB5-4310-BDD0-AC189557E5F5}"= "c:\program files\DVDVideoSoftTB\tbDVDV.dll" [2010-04-15 2515552]
[HKEY_CLASSES_ROOT\clsid\{8dbb6d8e-e4a6-4e3b-9753-af78b226441c}]
[HKEY_CLASSES_ROOT\clsid\{872b5b88-9db5-4310-bdd0-ac189557e5f5}]
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Sidebar"="c:\program files\Windows Sidebar\sidebar.exe" [2008-01-09 1232896]
"ehTray.exe"="c:\windows\ehome\ehTray.exe" [2006-11-02 125440]
"DAEMON Tools"="c:\program files\DAEMON Tools\daemon.exe" [2007-04-03 165784]
"AlcoholAutomount"="c:\program files\Alcohol Soft\Alcohol 120\axcmd.exe" [2007-07-02 219520]
"Pando Media Booster"="c:\program files\Pando Networks\Media Booster\PMB.exe" [2009-11-03 2923192]
"EA Core"="c:\program files\Electronic Arts\EADM\Core.exe" [2009-03-28 3325952]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Windows Defender"="c:\program files\Windows Defender\MSASCui.exe" [2006-12-31 1006264]
"RtHDVCpl"="RtHDVCpl.exe" [2008-02-26 4939776]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2007-10-10 39792]
"NeroFilterCheck"="c:\program files\Common Files\Ahead\Lib\NeroCheck.exe" [2007-02-26 153136]
"avgnt"="c:\program files\Avira\AntiVir PersonalEdition Classic\avgnt.exe" [2008-07-21 266497]
"DAEMON Tools"="c:\program files\DAEMON Tools\daemon.exe" [2007-04-03 165784]
"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2010-02-18 248040]
"HCWemmon"="HCWemmon.exe" [2007-03-29 61440]
"TkBellExe"="c:\program files\Common Files\Real\Update_OB\realsched.exe" [2008-01-18 185896]
"NvSvc"="c:\windows\system32\nvsvc.dll" [2007-12-05 86016]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2007-12-05 8530464]
"NvMediaCenter"="c:\windows\system32\NvMcTray.dll" [2007-12-05 81920]
"Symantec PIF AlertEng"="c:\program files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe" [2008-01-29 583048]
"HP Software Update"="c:\program files\HP\HP Software Update\HPWuSchd2.exe" [2007-03-11 49152]
"PWRISOVM.EXE"="c:\program files\PowerISO\PWRISOVM.EXE" [2009-11-09 180224]
"GrooveMonitor"="c:\program files\Microsoft Office\Office12\GrooveMonitor.exe" [2008-10-25 31072]
"WPCUMI"="c:\windows\system32\WpcUmi.exe" [2006-11-02 176128]
"AdobeCS4ServiceManager"="c:\program files\Common Files\Adobe\CS4ServiceManager\CS4ServiceManager.exe" [2008-08-14 611712]
"DivXUpdate"="c:\program files\DivX\DivX Update\DivXUpdate.exe" [2010-04-12 1135912]
"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2010-07-21 141608]
"QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2010-08-10 421888]
c:\users\Fabian\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
Adobe Gamma.lnk - c:\program files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe [2005-3-16 113664]
OneNote 2007 Bildschirmausschnitt- und Startprogramm.lnk - c:\program files\Microsoft Office\Office12\ONENOTEM.EXE [2008-10-25 98696]
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"EnableLUA"= 0 (0x0)
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"aux"=wdmaud.drv
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\sdauxservice]
@=""
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\sdcoreservice]
@=""
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WinDefend]
@="Service"
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring]
"DisableMonitoring"=dword:00000001
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]
"DisableMonitoring"=dword:00000001
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall]
"DisableMonitoring"=dword:00000001
R2 gupdate;Google Update Service (gupdate);c:\program files\Google\Update\GoogleUpdate.exe [2010-04-16 135664]
R2 sdAuxService;PC Tools Auxiliary Service;c:\program files\Spyware Doctor\svcntaux.exe [x]
R3 ASPI;Advanced SCSI Programming Interface Driver;c:\windows\System32\DRIVERS\ASPI32.sys [2002-07-17 84832]
R3 oad;Visibroker Activation Daemon;c:\progra~1\Borland\vbroker\bin\oad.exe [x]
R3 osagent;VisiBroker Smart Agent;c:\progra~1\Borland\vbroker\bin\osagent.exe [x]
R3 VBoxNetAdp;VirtualBox Host-Only Ethernet Adapter;c:\windows\system32\DRIVERS\VBoxNetAdp.sys [2010-03-25 99728]
R3 VBoxNetFlt;VBoxNetFlt Service;c:\windows\system32\DRIVERS\VBoxNetFlt.sys [x]
R4 sptd;sptd;c:\windows\system32\Drivers\sptd.sys [2008-05-28 716272]
S1 GRD;G DATA Rootkit Detector Driver;c:\windows\system32\drivers\GRD.sys [2007-12-26 16712]
S2 Automatisches LiveUpdate - Scheduler;Automatisches LiveUpdate - Scheduler;c:\program files\Symantec\LiveUpdate\ALUSchedulerSvc.exe [2007-09-26 554352]
S2 ICQ Service;ICQ Service;c:\program files\ICQ6Toolbar\ICQ Service.exe [2010-06-02 246520]
.
Inhalt des "geplante Tasks" Ordners
2010-09-03 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2010-04-16 14:50]
2010-09-03 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2010-04-16 14:50]
2010-08-18 c:\windows\Tasks\Norton Security Scan for Fabian.job
- c:\program files\Norton Security Scan\Engine\2.7.3.34\Nss.exe [2010-05-04 07:48]
2010-09-02 c:\windows\Tasks\User_Feed_Synchronization-{C27515C3-4436-493B-94A2-3C3CF69BDCC9}.job
- c:\windows\system32\msfeedssync.exe [2006-11-02 09:45]
.
.
------- Zusätzlicher Suchlauf -------
.
uStart Page = hxxp://start.icq.com/
uInternet Settings,ProxyOverride = *.local
IE: Free YouTube to Mp3 Converter - c:\users\Fabian\AppData\Roaming\DVDVideoSoftIEHelpers\youtubetomp3.htm
IE: Nach Microsoft E&xel exportieren - c:\progra~1\MICROS~2\Office12\EXCEL.EXE/3000
LSP: c:\windows\system32\wpclsp.dll
FF - ProfilePath - c:\users\Fabian\AppData\Roaming\Mozilla\Firefox\Profiles\5vl12vjn.default\
FF - prefs.js: browser.search.defaulturl - hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT2269050&SearchSource=3&q={searchTerms}
FF - prefs.js: browser.search.selectedEngine - Google
FF - prefs.js: browser.startup.homepage - hxxp://de.start3.mozilla.com/firefox?client=firefox-a&rls=org.mozilla:de:official
FF - prefs.js: keyword.URL - hxxp://search.icq.com/search/afe_results.php?ch_id=afex&tb_ver=1.1.6&q=
FF - component: c:\users\Fabian\AppData\Roaming\Mozilla\Firefox\Profiles\5vl12vjn.default\extensions\{e9911ec6-1bcc-40b0-9993-e0eea7f6953f}\components\FFExternalAlert.dll
FF - component: c:\users\Fabian\AppData\Roaming\Mozilla\Firefox\Profiles\5vl12vjn.default\extensions\{e9911ec6-1bcc-40b0-9993-e0eea7f6953f}\components\RadioWMPCore.dll
FF - plugin: c:\program files\DivX\DivX Plus Web Player\npdivx32.dll
FF - plugin: c:\program files\Google\Google Earth\plugin\npgeplugin.dll
FF - plugin: c:\program files\Google\Update\1.2.183.29\npGoogleOneClick8.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\npPandoWebInst.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\npracplug.dll
---- FIREFOX Richtlinien ----
FF - user.js: yahoo.homepage.dontask - truec:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgbaam7a8h", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgberp4a5d4ar", true);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled", false);
.
- - - - Entfernte verwaiste Registrierungseinträge - - - -
WebBrowser-{D4027C7F-154A-4066-A1AD-4243D8127440} - (no file)
HKLM-Run-zzzHPSETUP - E:\Setup.exe
**************************************************************************
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, hxxp://www.gmer.net
Rootkit scan 2010-09-03 19:05
Windows 6.0.6000 NTFS
Scanne versteckte Prozesse...
Scanne versteckte Autostarteinträge...
Scanne versteckte Dateien...
Scan erfolgreich abgeschlossen
versteckte Dateien: 0
**************************************************************************
.
--------------------- Gesperrte Registrierungsschluessel ---------------------
[HKEY_USERS\S-1-5-21-1054673845-2891796712-3211906163-1000\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved\{71A06FB0-4C3D-0389-5C06-1FB541F5D4B7}*]
"oabhnckpkkalloggejejeppkpomcdj"=hex:64,61,61,66,6e,6d,66,6d,00,ff
"oafimlmgandppomdmjhajbkjollaof"=hex:6a,61,66,66,70,63,6a,70,6a,6e,67,61,6c,65,
65,63,69,62,6a,61,00,fa
"naphkpapgopdcioehgjcbkckkdhi"=hex:6b,61,61,66,6c,70,61,68,6d,6c,6b,6e,64,69,
6c,6b,63,61,65,65,62,6c,00,00
[HKEY_USERS\S-1-5-21-1054673845-2891796712-3211906163-1000\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved\{A62E457B-77DF-2B5B-D39B-1C9A28D9FF5F}*]
@Allowed: (Read) (RestrictedCode)
[HKEY_USERS\S-1-5-21-1054673845-2891796712-3211906163-1000\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved\{F87ED1E6-97B2-3220-9702-AE471FEC7AA8}*]
"haclgmicdgfkepeh"=hex:6b,61,67,69,61,6e,6b,62,6c,61,6f,63,65,6a,6b,6c,67,68,
70,61,66,6a,00,00
.
Zeit der Fertigstellung: 2010-09-03 19:09:38
ComboFix-quarantined-files.txt 2010-09-03 17:09
Vor Suchlauf: 26 Verzeichnis(se), 154.737.594.368 Bytes frei
Nach Suchlauf: 30 Verzeichnis(se), 156.149.624.832 Bytes frei
- - End Of File - - 5D4642507E6D982510B32A5614517CF5
|
|
03.09.2010, 18:29
| #8 |
| /// Malware-holic | Security Tool nutzt du noch symantec programme? |
|
03.09.2010, 18:34
| #9 |
| | Security Tool ja, das ist aufm pc. und fehler-support steht auf ,, aus " wie ich gerade sehe. |
|
04.09.2010, 12:07
| #10 |
| | Security Tool ist das denn schlimm ? :/ |
|
06.09.2010, 11:27
| #11 | |
| /// Winkelfunktion /// TB-Süch-Tiger™ | Security ToolZitat:
__________________ Logfiles bitte immer in CODE-Tags posten |
|
Linear-Darstellung
