| |
| |||||||
Plagegeister aller Art und deren Bekämpfung: Malwarebytes-Scan-Ergebnisse LOG-Datei......wer kann helfen? Wie soll ich fortfahren?Windows 7 Wenn Du nicht sicher bist, ob Du dir Malware oder Trojaner eingefangen hast, erstelle hier ein Thema. Ein Experte wird sich mit weiteren Anweisungen melden und Dir helfen die Malware zu entfernen oder Unerwünschte Software zu deinstallieren bzw. zu löschen. Bitte schildere dein Problem so genau wie möglich. Sollte es ein Trojaner oder Viren Problem sein wird ein Experte Dir bei der Beseitigug der Infektion helfen. |
 |
08.09.2010, 22:07
| #1 |
| |  Malwarebytes-Scan-Ergebnisse LOG-Datei......wer kann helfen? Wie soll ich fortfahren? Hier meine Log-Datei.....hinzu kommt noch dass ich in der Avira-Quarantäne 5 Trojaner habe. Die habe ich aber einfach mal seit Tagen dort drin gelassen....was soll ich mit denen anstellen??? Ich freue mich über baldinge Hilfestellung.....habe von PC etc. sehr wenig Ahnung Malwarebytes' Anti-Malware 1.46 www.malwarebytes.org Datenbank Version: 4572 Windows 6.0.6001 Service Pack 1 Internet Explorer 7.0.6001.18000 08.09.2010 21:29:19 mbam-log-2010-09-08 (21-29-19).txt Art des Suchlaufs: Quick-Scan Durchsuchte Objekte: 141513 Laufzeit: 1 Stunde(n), 24 Minute(n), 19 Sekunde(n) Infizierte Speicherprozesse: 1 Infizierte Speichermodule: 0 Infizierte Registrierungsschlüssel: 0 Infizierte Registrierungswerte: 2 Infizierte Dateiobjekte der Registrierung: 0 Infizierte Verzeichnisse: 0 Infizierte Dateien: 5 Infizierte Speicherprozesse: C:\Users\Zauberfee\AppData\Roaming\877769BCEAF1CBC6670B3ACF9D165F68\mediafix70700en02.exe (Trojan.Agent.Gen) -> Unloaded process successfully. Infizierte Speichermodule: (Keine bösartigen Objekte gefunden) Infizierte Registrierungsschlüssel: (Keine bösartigen Objekte gefunden) Infizierte Registrierungswerte: HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\mediafix70700en02.exe (Trojan.Agent.Gen) -> Quarantined and deleted successfully. HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce\*upd_debug.exe (Malware.Packer.Gen) -> Quarantined and deleted successfully. Infizierte Dateiobjekte der Registrierung: (Keine bösartigen Objekte gefunden) Infizierte Verzeichnisse: (Keine bösartigen Objekte gefunden) Infizierte Dateien: C:\Users\Zauberfee\AppData\Roaming\877769BCEAF1CBC6670B3ACF9D165F68\mediafix70700en02.exe (Trojan.Agent.Gen) -> Quarantined and deleted successfully. C:\Users\Zauberfee\AppData\Roaming\A72302177F1C79EDD227F5C974FD260B\upd_debug.exe (Malware.Packer.Gen) -> Quarantined and deleted successfully. C:\ProgramData\sysReserve.ini (Malware.Trace) -> Quarantined and deleted successfully. C:\Users\Zauberfee\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Antimalware Doctor.lnk (Rogue.AntimalwareDoctor) -> Quarantined and deleted successfully. C:\Users\Zauberfee\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Antimalware Doctor.lnk (Rogue.AntiMalwareDoctor) -> Quarantined and deleted successfully. So...wer kann mir nun helfen....ich verzweifle!!! Zum heulen ists mit diesen Viren.....kann man rausfinden wo ich mir das alles eingefangen habe?  schon mal im Voraus !!! |
|
09.09.2010, 12:03
| #2 |
| /// Malware-holic   | Malwarebytes-Scan-Ergebnisse LOG-Datei......wer kann helfen? Wie soll ich fortfahren? ja, ich sehe in dem log schon mal 2 komplett veraltete dinge.
__________________1. keine windows updates. 2. alter internet explorer. update mal malwarebytes, starte nen komplett scan, funde bitte löschen, log posten. ootl: Systemscan mit OTL download otl: http://filepony.de/download-otl/ Doppelklick auf die OTL.exe (user von Windows 7 und Vista: Rechtsklick als Administrator ausführen) 1. Oben findest Du ein Kästchen mit Output. Wähle bitte Minimal Output 2. Hake an "scan all users" 3. Unter "Extra Registry wähle: "Use Safelist" "LOP Check" "Purity Check" 4. Kopiere in die Textbox: netsvcs msconfig safebootminimal safebootnetwork activex drivers32 %ALLUSERSPROFILE%\Application Data\*. %ALLUSERSPROFILE%\Application Data\*.exe /s %APPDATA%\*. %APPDATA%\*.exe /s %SYSTEMDRIVE%\*.exe /md5start userinit.exe eventlog.dll scecli.dll netlogon.dll cngaudit.dll ws2ifsl.sys sceclt.dll ntelogon.dll winlogon.exe logevent.dll user32.DLL iaStor.sys nvstor.sys atapi.sys IdeChnDr.sys viasraid.sys AGP440.sys vaxscsi.sys nvatabus.sys viamraid.sys nvata.sys nvgts.sys iastorv.sys ViPrt.sys eNetHook.dll ahcix86.sys KR10N.sys nvstor32.sys ahcix86s.sys /md5stop %systemroot%\system32\drivers\*.sys /lockedfiles %systemroot%\System32\config\*.sav %systemroot%\*. /mp /s %systemroot%\system32\*.dll /lockedfiles CREATERESTOREPOINT 5. Klicke "Scan" 6. 2 reporte werden erstellt: OTL.Txt Extras.Txt beide logs posten. |
|
09.09.2010, 12:07
| #3 |
| | Malwarebytes-Scan-Ergebnisse LOG-Datei......wer kann helfen? Wie soll ich fortfahren? So hier habe ich nun die Ergebnisse von heute.....habe einfach nochmal einen Quick-Scan gemacht.....aber wie solls weitergehen???
__________________KANN MIR BITTE JEMAND HELFEN ????  Malwarebytes' Anti-Malware 1.46 www.malwarebytes.org Datenbank Version: 4572 Windows 6.0.6001 Service Pack 1 Internet Explorer 7.0.6001.18000 09.09.2010 12:49:29 mbam-log-2010-09-09 (12-49-29).txt Art des Suchlaufs: Quick-Scan Durchsuchte Objekte: 141043 Laufzeit: 1 Stunde(n), 39 Minute(n), 47 Sekunde(n) Infizierte Speicherprozesse: 0 Infizierte Speichermodule: 0 Infizierte Registrierungsschlüssel: 0 Infizierte Registrierungswerte: 1 Infizierte Dateiobjekte der Registrierung: 0 Infizierte Verzeichnisse: 0 Infizierte Dateien: 1 Infizierte Speicherprozesse: (Keine bösartigen Objekte gefunden) Infizierte Speichermodule: (Keine bösartigen Objekte gefunden) Infizierte Registrierungsschlüssel: (Keine bösartigen Objekte gefunden) Infizierte Registrierungswerte: HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce\*proxymgrsrv.exe (Malware.Packer.Gen) -> Quarantined and deleted successfully. Infizierte Dateiobjekte der Registrierung: (Keine bösartigen Objekte gefunden) Infizierte Verzeichnisse: (Keine bösartigen Objekte gefunden) Infizierte Dateien: C:\ProgramData\proxymgrsrv.exe (Malware.Packer.Gen) -> Quarantined and deleted successfully. ICH WÄRE SEHR DANKBAR FÜR HILFESTELLUNGEN !!! |
|
09.09.2010, 12:08
| #4 |
| /// Malware-holic | Malwarebytes-Scan-Ergebnisse LOG-Datei......wer kann helfen? Wie soll ich fortfahren? lies meinen post :-) steht über deinem |
|
09.09.2010, 12:14
| #5 |
| | Malwarebytes-Scan-Ergebnisse LOG-Datei......wer kann helfen? Wie soll ich fortfahren? JA DANKE......hat sich überschnitten....ich hatte nich gesehen dass du geantwortet hattest!!! Ich werde jetzt mal dieses OTL downloaden und dann alles befolgen und dann wirst du mir vielleicht weiterhelfen können.......VIELEN DANK !!! |
|
09.09.2010, 14:32
| #6 |
| | Malwarebytes-Scan-Ergebnisse LOG-Datei......wer kann helfen? Wie soll ich fortfahren? So nach einigen Stunden nun endlich die Logs nach OTL.......ich hoffe mir ist zu helfen !!!! ich werde schon blöd vor lauter virus  OTL Logfile: Code:
ATTFilter OTL logfile created on: 09.09.2010 14:53:43 - Run 1 OTL by OldTimer - Version 3.2.11.0 Folder = C:\Users\Zauberfee\Downloads Windows Vista Home Basic Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation Internet Explorer (Version = 7.0.6002.18005) Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy 2,00 Gb Total Physical Memory | 1,00 Gb Available Physical Memory | 39,00% Memory free 4,00 Gb Paging File | 2,00 Gb Available in Paging File | 64,00% Paging File free Paging file location(s): ?:\pagefile.sys [binary data] %SystemDrive% = C: | %SystemRoot% = C:\windows | %ProgramFiles% = C:\Program Files Drive C: | 139,05 Gb Total Space | 111,06 Gb Free Space | 79,87% Space Free | Partition Type: NTFS Drive D: | 9,00 Gb Total Space | 1,89 Gb Free Space | 20,99% Space Free | Partition Type: NTFS E: Drive not present or media not loaded Drive F: | 1020,00 Mb Total Space | 1017,75 Mb Free Space | 99,78% Space Free | Partition Type: FAT32 G: Drive not present or media not loaded H: Drive not present or media not loaded I: Drive not present or media not loaded Computer Name: ZAUBERFEE-PC Current User Name: Zauberfee Logged in as Administrator. Current Boot Mode: Normal Scan Mode: All users Company Name Whitelist: Off Skip Microsoft Files: Off File Age = 30 Days Output = Minimal ========== Processes (SafeList) ========== PRC - C:\Users\Zauberfee\Downloads\OTL.exe (OldTimer Tools) PRC - C:\Programme\Avira\AntiVir Desktop\sched.exe (Avira GmbH) PRC - C:\Programme\Avira\AntiVir Desktop\avshadow.exe (Avira GmbH) PRC - C:\Programme\Avira\AntiVir Desktop\avguard.exe (Avira GmbH) PRC - C:\Programme\Avira\AntiVir Desktop\avgnt.exe (Avira GmbH) PRC - C:\Programme\Avira\AntiVir Desktop\avfwsvc.exe (Avira GmbH) PRC - C:\Programme\Mozilla Firefox\firefox.exe (Mozilla Corporation) PRC - C:\Programme\DivX\DivX Update\DivXUpdate.exe () PRC - C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe (Microsoft Corporation) PRC - C:\Windows\System32\rpcnet.exe (Absolute Software Corp.) PRC - C:\Programme\Java\jre6\bin\jucheck.exe (Sun Microsystems, Inc.) PRC - C:\Programme\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe (Microsoft Corporation) PRC - C:\Programme\OpenOffice.org 3\program\soffice.bin (OpenOffice.org) PRC - C:\Programme\OpenOffice.org 3\program\soffice.exe (OpenOffice.org) PRC - C:\Programme\Windows Sidebar\sidebar.exe (Microsoft Corporation) PRC - C:\Windows\explorer.exe (Microsoft Corporation) PRC - C:\Programme\Spybot - Search & Destroy\SDWinSec.exe (Safer Networking Ltd.) PRC - C:\Programme\Hewlett-Packard\HP ProtectTools Security Manager\pthosttr.exe (Hewlett-Packard Development Company, L.P.) PRC - c:\Programme\Hewlett-Packard\HP ProtectTools Security Manager\PTChangeFilterService.exe (Hewlett-Packard Development Company, L.P) PRC - c:\Programme\Hewlett-Packard\Drive Encryption\HpFkCrypt.exe (SafeBoot International) PRC - c:\Programme\Hewlett-Packard\IAM\Bin\asghost.exe (Bioscrypt Inc.) PRC - C:\Programme\Hewlett-Packard\File Sanitizer\HPFSService.exe (Hewlett-Packard) PRC - C:\Programme\Hewlett-Packard\File Sanitizer\CoreShredder.exe (Hewlett-Packard) PRC - C:\Programme\WIDCOMM\Bluetooth Software\BTStackServer.exe (Broadcom Corporation.) PRC - C:\Programme\WIDCOMM\Bluetooth Software\BTTray.exe (Broadcom Corporation.) PRC - C:\Programme\PDF Complete\pdfsvc.exe (PDF Complete Inc) PRC - C:\Programme\Analog Devices\Core\smax4pnp.exe (Analog Devices, Inc.) PRC - C:\Programme\Hewlett-Packard\HP Quick Launch Buttons\VolCtrl.exe ( Hewlett-Packard Development Company, L.P.) PRC - C:\Windows\System32\mcbuilder.exe (Microsoft Corporation) PRC - C:\Programme\Windows Defender\MSASCui.exe (Microsoft Corporation) PRC - C:\Windows\System32\agrsmsvc.exe (Agere Systems) PRC - C:\Windows\System32\AEADISRV.EXE (Andrea Electronics Corporation) PRC - c:\Programme\ActivIdentity\ActivClient\accoca.exe (ActivIdentity) PRC - c:\Programme\ActivIdentity\ActivClient\acevents.exe (ActivIdentity) PRC - C:\Programme\ActivIdentity\ActivClient\accrdsub.exe (ActivIdentity) PRC - C:\Programme\Common Files\InterVideo\RegMgr\iviRegMgr.exe (InterVideo) ========== Modules (SafeList) ========== MOD - C:\Users\Zauberfee\Downloads\OTL.exe (OldTimer Tools) MOD - C:\Windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.6002.18005_none_5cb72f96088b0de0\comctl32.dll (Microsoft Corporation) MOD - C:\Windows\System32\APSHook.dll (Bioscrypt Inc.) MOD - C:\Windows\System32\msscript.ocx (Microsoft Corporation) ========== Win32 Services (SafeList) ========== SRV - (AntiVirSchedulerService) -- C:\Program Files\Avira\AntiVir Desktop\sched.exe (Avira GmbH) SRV - (AntiVirService) -- C:\Program Files\Avira\AntiVir Desktop\avguard.exe (Avira GmbH) SRV - (AntiVirFirewallService) -- C:\Program Files\Avira\AntiVir Desktop\avfwsvc.exe (Avira GmbH) SRV - (WPFFontCache_v0400) -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe (Microsoft Corporation) SRV - (clr_optimization_v4.0.30319_32) -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe (Microsoft Corporation) SRV - (rpcnet) Remote Procedure Call (RPC) -- C:\Windows\System32\rpcnet.exe (Absolute Software Corp.) SRV - (SeaPort) -- C:\Program Files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe (Microsoft Corporation) SRV - (SBSDWSCService) -- C:\Programme\Spybot - Search & Destroy\SDWinSec.exe (Safer Networking Ltd.) SRV - (HP ProtectTools Service) -- c:\Program Files\Hewlett-Packard\HP ProtectTools Security Manager\PTChangeFilterService.exe (Hewlett-Packard Development Company, L.P) SRV - (HpFkCryptService) -- c:\Program Files\Hewlett-Packard\Drive Encryption\HpFkCrypt.exe (SafeBoot International) SRV - (ASBroker) -- c:\Programme\Hewlett-Packard\IAM\Bin\ASWLNPkg.dll (Bioscrypt Inc.) SRV - (ASChannel) -- c:\Programme\Hewlett-Packard\IAM\Bin\ASChnl.dll (Bioscrypt Inc.) SRV - (HPFSService) -- C:\Programme\Hewlett-Packard\File Sanitizer\HPFSService.exe (Hewlett-Packard) SRV - (pdfcDispatcher) -- C:\Program Files\PDF Complete\pdfsvc.exe (PDF Complete Inc) SRV - (WinDefend) -- C:\Programme\Windows Defender\MpSvc.dll (Microsoft Corporation) SRV - (AgereModemAudio) -- C:\Windows\System32\agrsmsvc.exe (Agere Systems) SRV - (AEADIFilters) -- C:\Windows\System32\AEADISRV.EXE (Andrea Electronics Corporation) SRV - (accoca) -- c:\Program Files\ActivIdentity\ActivClient\accoca.exe (ActivIdentity) SRV - (IviRegMgr) -- C:\Programme\Common Files\InterVideo\RegMgr\iviRegMgr.exe (InterVideo) ========== Driver Services (SafeList) ========== DRV - (NwlnkFwd) -- C:\windows\System32\DRIVERS\nwlnkfwd.sys File not found DRV - (NwlnkFlt) -- C:\windows\System32\DRIVERS\nwlnkflt.sys File not found DRV - (IpInIp) -- C:\windows\System32\DRIVERS\ipinip.sys File not found DRV - (ssmdrv) -- C:\Windows\System32\drivers\ssmdrv.sys (Avira GmbH) DRV - (avipbb) -- C:\Windows\System32\drivers\avipbb.sys (Avira GmbH) DRV - (avgntflt) -- C:\Windows\System32\drivers\avgntflt.sys (Avira GmbH) DRV - (avfwot) -- C:\Windows\System32\drivers\avfwot.sys (Avira GmbH) DRV - (avfwim) -- C:\Windows\System32\drivers\avfwim.sys (Avira GmbH) DRV - (avgio) -- C:\Programme\Avira\AntiVir Desktop\avgio.sys (Avira GmbH) DRV - (SbAlg) -- C:\windows\System32\drivers\SbAlg.sys (SafeBoot N.V.) DRV - (SbFsLock) -- C:\windows\System32\drivers\SbFsLock.sys (SafeBoot International) DRV - (RsvLock) -- C:\windows\System32\drivers\rsvlock.sys (SafeBoot International) DRV - (SafeBoot) -- C:\windows\System32\drivers\SafeBoot.sys () DRV - (btwrchid) -- C:\Windows\System32\drivers\btwrchid.sys (Broadcom Corporation.) DRV - (btwavdt) -- C:\Windows\System32\drivers\btwavdt.sys (Broadcom Corporation.) DRV - (btwaudio) -- C:\Windows\System32\drivers\btwaudio.sys (Broadcom Corporation.) DRV - (atikmdag) -- C:\Windows\System32\drivers\atikmdag.sys (ATI Technologies Inc.) DRV - (AtiPcie) ATI PCI Express (3GIO) -- C:\windows\system32\DRIVERS\AtiPcie.sys (ATI Technologies Inc.) DRV - (HBtnKey) -- C:\Windows\System32\drivers\CPQBttn.sys (Hewlett-Packard Development Company, L.P.) DRV - (ADIHdAudAddService) -- C:\Windows\System32\drivers\ADIHdAud.sys (Analog Devices, Inc.) DRV - (SNP2UVC) USB2.0 PC Camera (SNP2UVC) -- C:\Windows\System32\drivers\snp2uvc.sys () DRV - (hpdskflt) -- C:\windows\system32\DRIVERS\hpdskflt.sys (Hewlett-Packard Corporation) DRV - (Accelerometer) -- C:\Windows\System32\drivers\Accelerometer.sys (Hewlett-Packard Corporation) DRV - (yukonwlh) -- C:\Windows\System32\drivers\yk60x86.sys (Marvell) DRV - (SynTP) -- C:\Windows\System32\drivers\SynTP.sys (Synaptics, Inc.) DRV - (BCM43XX) -- C:\Windows\System32\drivers\BCMWL6.SYS (Broadcom Corporation) DRV - (AgereSoftModem) -- C:\Windows\System32\drivers\AGRSM.sys (Agere Systems) DRV - (adpu320) -- C:\windows\system32\drivers\adpu320.sys (Adaptec, Inc.) DRV - (megasas) -- C:\windows\system32\drivers\megasas.sys (LSI Corporation) DRV - (MegaSR) -- C:\windows\system32\drivers\megasr.sys (LSI Corporation, Inc.) DRV - (adpu160m) -- C:\windows\system32\drivers\adpu160m.sys (Adaptec, Inc.) DRV - (SiSRaid4) -- C:\windows\system32\drivers\sisraid4.sys (Silicon Integrated Systems) DRV - (TPM) -- C:\Windows\System32\drivers\tpm.sys (Microsoft Corporation) DRV - (HpCISSs) -- C:\windows\system32\drivers\hpcisss.sys (Hewlett-Packard Company) DRV - (adpahci) -- C:\windows\system32\drivers\adpahci.sys (Adaptec, Inc.) DRV - (LSI_SAS) -- C:\windows\system32\drivers\lsi_sas.sys (LSI Logic) DRV - (ql2300) -- C:\windows\system32\drivers\ql2300.sys (QLogic Corporation) DRV - (E1G60) Intel(R) -- C:\Windows\System32\drivers\E1G60I32.sys (Intel Corporation) DRV - (arcsas) -- C:\windows\system32\drivers\arcsas.sys (Adaptec, Inc.) DRV - (iaStorV) -- C:\windows\system32\drivers\iastorv.sys (Intel Corporation) DRV - (vsmraid) -- C:\windows\system32\drivers\vsmraid.sys (VIA Technologies Inc.,Ltd) DRV - (ulsata2) -- C:\windows\system32\drivers\ulsata2.sys (Promise Technology, Inc.) DRV - (LSI_FC) -- C:\windows\system32\drivers\lsi_fc.sys (LSI Logic) DRV - (arc) -- C:\windows\system32\drivers\arc.sys (Adaptec, Inc.) DRV - (elxstor) -- C:\windows\system32\drivers\elxstor.sys (Emulex) DRV - (LSI_SCSI) -- C:\windows\system32\drivers\lsi_scsi.sys (LSI Logic) DRV - (nvraid) -- C:\windows\system32\drivers\nvraid.sys (NVIDIA Corporation) DRV - (nvstor) -- C:\windows\system32\drivers\nvstor.sys (NVIDIA Corporation) DRV - (adp94xx) -- C:\windows\system32\drivers\adp94xx.sys (Adaptec, Inc.) DRV - (uliahci) -- C:\windows\system32\drivers\uliahci.sys (ULi Electronics Inc.) DRV - (b57nd60x) -- C:\Windows\System32\drivers\b57nd60x.sys (Broadcom Corporation) DRV - (viaide) -- C:\windows\system32\drivers\viaide.sys (VIA Technologies, Inc.) DRV - (cmdide) -- C:\windows\system32\drivers\cmdide.sys (CMD Technology, Inc.) DRV - (aliide) -- C:\windows\system32\drivers\aliide.sys (Acer Laboratories Inc.) DRV - (HpqKbFiltr) -- C:\Windows\System32\drivers\HpqKbFiltr.sys (Hewlett-Packard Development Company, L.P.) DRV - (ql40xx) -- C:\windows\system32\drivers\ql40xx.sys (QLogic Corporation) DRV - (UlSata) -- C:\windows\system32\drivers\ulsata.sys (Promise Technology, Inc.) DRV - (nfrd960) -- C:\windows\system32\drivers\nfrd960.sys (IBM Corporation) DRV - (iirsp) -- C:\windows\system32\drivers\iirsp.sys (Intel Corp./ICP vortex GmbH) DRV - (aic78xx) -- C:\windows\system32\drivers\djsvs.sys (Adaptec, Inc.) DRV - (iteraid) -- C:\windows\system32\drivers\iteraid.sys (Integrated Technology Express, Inc.) DRV - (iteatapi) -- C:\windows\system32\drivers\iteatapi.sys (Integrated Technology Express, Inc.) DRV - (Symc8xx) -- C:\windows\system32\drivers\symc8xx.sys (LSI Logic) DRV - (Sym_u3) -- C:\windows\system32\drivers\sym_u3.sys (LSI Logic) DRV - (Mraid35x) -- C:\windows\system32\drivers\mraid35x.sys (LSI Logic Corporation) DRV - (Sym_hi) -- C:\windows\system32\drivers\sym_hi.sys (LSI Logic) DRV - (Brserid) Brother MFC Serial Port Interface Driver (WDM) -- C:\windows\system32\drivers\brserid.sys (Brother Industries Ltd.) DRV - (BrUsbSer) -- C:\windows\system32\drivers\brusbser.sys (Brother Industries Ltd.) DRV - (BrFiltUp) -- C:\windows\system32\drivers\brfiltup.sys (Brother Industries, Ltd.) DRV - (BrFiltLo) -- C:\windows\system32\drivers\brfiltlo.sys (Brother Industries, Ltd.) DRV - (BrSerWdm) -- C:\windows\system32\drivers\brserwdm.sys (Brother Industries Ltd.) DRV - (BrUsbMdm) -- C:\windows\system32\drivers\brusbmdm.sys (Brother Industries Ltd.) DRV - (ntrigdigi) -- C:\windows\system32\drivers\ntrigdigi.sys (N-trig Innovative Technologies) ========== Standard Registry (SafeList) ========== ========== Internet Explorer ========== IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=de_de&c=83&bd=all&pf=cmnb IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = %SystemRoot%\system32\blank.htm IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=de_de&c=83&bd=all&pf=cmnb IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 IE - HKU\S-1-5-21-2673789067-3255766219-3600544113-1004\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=de_de&c=83&bd=all&pf=cmnb IE - HKU\S-1-5-21-2673789067-3255766219-3600544113-1004\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=de_de&c=83&bd=all&pf=cmnb IE - HKU\S-1-5-21-2673789067-3255766219-3600544113-1004\SOFTWARE\Microsoft\Internet Explorer\Main,StartPageCache = 1 IE - HKU\S-1-5-21-2673789067-3255766219-3600544113-1004\..\URLSearchHook: - Reg Error: Key error. File not found IE - HKU\S-1-5-21-2673789067-3255766219-3600544113-1004\..\URLSearchHook: {855F3B16-6D32-4fe6-8A56-BBB695989046} - C:\Programme\ICQ6Toolbar\ICQToolBar.dll (ICQ) IE - HKU\S-1-5-21-2673789067-3255766219-3600544113-1004\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 ========== FireFox ========== FF - HKLM\software\mozilla\Mozilla Firefox 3.5.11\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2010.07.21 13:59:29 | 000,000,000 | ---D | M] FF - HKLM\software\mozilla\Mozilla Firefox 3.5.11\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2010.07.21 13:59:29 | 000,000,000 | ---D | M] [2009.07.12 11:18:27 | 000,000,000 | ---D | M] -- C:\Users\Zauberfee\AppData\Roaming\mozilla\Extensions [2010.09.08 17:04:47 | 000,000,000 | ---D | M] -- C:\Users\Zauberfee\AppData\Roaming\mozilla\Firefox\Profiles\shl8ee18.default\extensions [2009.08.30 21:47:38 | 000,000,000 | ---D | M] (Microsoft .NET Framework Assistant) -- C:\Users\Zauberfee\AppData\Roaming\mozilla\Firefox\Profiles\shl8ee18.default\extensions\{20a82645-c095-46ed-80e3-08825760534b} [2010.02.10 21:19:14 | 000,000,000 | ---D | M] -- C:\Users\Zauberfee\AppData\Roaming\mozilla\Firefox\Profiles\shl8ee18.default\extensions\firefox@tvunetworks.com [2009.07.17 02:12:39 | 000,000,000 | ---D | M] -- C:\Programme\Mozilla Firefox\extensions [2009.07.12 14:12:26 | 000,000,000 | ---D | M] (No name found) -- C:\Programme\Mozilla Firefox\extensions\{800b5000-a755-47e1-992b-48a1c1357f07} [2010.02.20 14:15:17 | 000,001,392 | ---- | M] () -- C:\Programme\Mozilla Firefox\searchplugins\amazondotcom-de.xml [2010.02.20 14:15:17 | 000,002,344 | ---- | M] () -- C:\Programme\Mozilla Firefox\searchplugins\eBay-de.xml [2010.02.20 14:15:17 | 000,006,805 | ---- | M] () -- C:\Programme\Mozilla Firefox\searchplugins\leo_ende_de.xml [2010.02.20 14:15:18 | 000,001,178 | ---- | M] () -- C:\Programme\Mozilla Firefox\searchplugins\wikipedia-de.xml [2010.02.20 14:15:18 | 000,000,801 | ---- | M] () -- C:\Programme\Mozilla Firefox\searchplugins\yahoo-de.xml O1 HOSTS File: ([2006.09.18 23:41:30 | 000,000,761 | ---- | M]) - C:\Windows\System32\drivers\etc\hosts O1 - Hosts: 127.0.0.1 localhost O1 - Hosts: ::1 localhost O2 - BHO: (BHO_Startup Class) - {3134413B-49B4-425C-98A5-893C1F195601} - C:\Programme\Hewlett-Packard\File Sanitizer\IEBHO.dll (Hewlett-Packard) O2 - BHO: (Spybot-S&D IE Protection) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Programme\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited) O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - No CLSID value found. O2 - BHO: (Search Helper) - {6EBF7485-159F-4bff-A14F-B9E3AAC4465B} - C:\Programme\Microsoft\Search Enhancement Pack\Search Helper\SEPsearchhelperie.dll (Microsoft Corporation) O2 - BHO: (AOL Toolbar BHO) - {7C554162-8CB7-45A4-B8F4-8EA1C75885F9} - C:\Programme\AOL\AOL Toolbar 5.0\aoltb.dll (AOL LLC) O2 - BHO: (Windows Live Anmelde-Hilfsprogramm) - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Programme\Common Files\microsoft shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corporation) O2 - BHO: (Credential Manager for HP ProtectTools) - {DF21F1DB-80C6-11D3-9483-B03D0EC10000} - c:\Programme\Hewlett-Packard\IAM\Bin\ItIEAddIn.dll (Bioscrypt Inc.) O2 - BHO: (Windows Live Toolbar Helper) - {E15A8DC0-8516-42A1-81EA-DC94EC1ACF10} - C:\Programme\Windows Live\Toolbar\wltcore.dll (Microsoft Corporation) O3 - HKLM\..\Toolbar: (no name) - {0BF43445-2F28-4351-9252-17FE6E806AA0} - No CLSID value found. O3 - HKLM\..\Toolbar: (&Windows Live Toolbar) - {21FA44EF-376D-4D53-9B0F-8A89D3229068} - C:\Programme\Windows Live\Toolbar\wltcore.dll (Microsoft Corporation) O3 - HKLM\..\Toolbar: (ICQToolBar) - {855F3B16-6D32-4fe6-8A56-BBB695989046} - C:\Programme\ICQ6Toolbar\ICQToolBar.dll (ICQ) O3 - HKLM\..\Toolbar: (AOL Toolbar) - {DE9C389F-3316-41A7-809B-AA305ED9D922} - C:\Programme\AOL\AOL Toolbar 5.0\aoltb.dll (AOL LLC) O3 - HKU\S-1-5-21-2673789067-3255766219-3600544113-1004\..\Toolbar\WebBrowser: (&Windows Live Toolbar) - {21FA44EF-376D-4D53-9B0F-8A89D3229068} - C:\Programme\Windows Live\Toolbar\wltcore.dll (Microsoft Corporation) O3 - HKU\S-1-5-21-2673789067-3255766219-3600544113-1004\..\Toolbar\WebBrowser: (AOL Toolbar) - {DE9C389F-3316-41A7-809B-AA305ED9D922} - C:\Programme\AOL\AOL Toolbar 5.0\aoltb.dll (AOL LLC) O4 - HKLM..\Run: [] File not found O4 - HKLM..\Run: [accrdsub] c:\Program Files\ActivIdentity\ActivClient\accrdsub.exe (ActivIdentity) O4 - HKLM..\Run: [avgnt] C:\Program Files\Avira\AntiVir Desktop\avgnt.exe (Avira GmbH) O4 - HKLM..\Run: [CognizanceTS] c:\Programme\Hewlett-Packard\IAM\Bin\ASTSVCC.dll (Bioscrypt Inc.) O4 - HKLM..\Run: [DivXUpdate] C:\Program Files\DivX\DivX Update\DivXUpdate.exe () O4 - HKLM..\Run: [File Sanitizer] C:\Programme\Hewlett-Packard\File Sanitizer\CoreShredder.exe (Hewlett-Packard) O4 - HKLM..\Run: [HP Health Check Scheduler] c:\Programme\Hewlett-Packard\HP Health Check\HPHC_Scheduler.exe (Hewlett-Packard) O4 - HKLM..\Run: [ Malwarebytes Anti-Malware (reboot)] C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe (Malwarebytes Corporation) O4 - HKLM..\Run: [PDF Complete] C:\Programme\PDF Complete\pdfsty.exe (PDF Complete Inc) O4 - HKLM..\Run: [PTHOSTTR] c:\Program Files\Hewlett-Packard\HP ProtectTools Security Manager\PTHOSTTR.EXE (Hewlett-Packard Development Company, L.P.) O4 - HKLM..\Run: [SoundMAX] C:\Program Files\Analog Devices\SoundMAX\soundmax.exe (Analog Devices, Inc.) O4 - HKLM..\Run: [SoundMAXPnP] C:\Programme\Analog Devices\Core\smax4pnp.exe (Analog Devices, Inc.) O4 - HKLM..\Run: [StartCCC] c:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe (Advanced Micro Devices, Inc.) O4 - HKLM..\Run: [WatchDog] C:\Programme\InterVideo\DVD Check\DVDCheck.exe (InterVideo Inc.) O4 - HKLM..\Run: [Windows Defender] C:\Program Files\Windows Defender\MSASCui.exe (Microsoft Corporation) O4 - HKU\S-1-5-19..\Run: [WindowsWelcomeCenter] C:\windows\System32\oobefldr.dll (Microsoft Corporation) O4 - HKU\S-1-5-20..\Run: [WindowsWelcomeCenter] C:\windows\System32\oobefldr.dll (Microsoft Corporation) O4 - HKU\S-1-5-21-2673789067-3255766219-3600544113-1004..\Run: [xwnemacosr.exe] C:\Users\Zauberfee\AppData\Local\Temp\xwnemacosr.exe File not found O4 - HKU\S-1-5-21-2673789067-3255766219-3600544113-1004..\RunOnce: [*cplcscsvc.exe] C:\Users\Zauberfee\AppData\Local\cplcscsvc.exe () O4 - Startup: C:\Users\Zauberfee\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OpenOffice.org 3.1.lnk = C:\Programme\OpenOffice.org 3\program\quickstart.exe () O8 - Extra context menu item: &AOL Toolbar-Suche - C:\ProgramData\AOL\ieToolbar\resources\de-DE\local\search.html () O8 - Extra context menu item: Bild an &Bluetooth-Gerät senden... - C:\Programme\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm () O8 - Extra context menu item: E&xport to Microsoft Excel - C:\Programme\Microsoft Office\Office12\EXCEL.EXE (Microsoft Corporation) O8 - Extra context menu item: Seite an &Bluetooth-Gerät senden... - C:\Programme\WIDCOMM\Bluetooth Software\btsendto_ie.htm () O9 - Extra Button: In Blog veröffentlichen - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Programme\Windows Live\Writer\WriterBrowserExtension.dll (Microsoft Corporation) O9 - Extra 'Tools' menuitem : In Windows Live Writer in Blog veröffentliche&n - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Programme\Windows Live\Writer\WriterBrowserExtension.dll (Microsoft Corporation) O9 - Extra Button: PokerStars - {3AD14F0C-ED16-4e43-B6D8-661B03F6A1EF} - C:\Programme\PokerStars\PokerStarsUpdate.exe (PokerStars) O9 - Extra Button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\Programme\Microsoft Office\Office12\REFIEBAR.DLL (Microsoft Corporation) O9 - Extra Button: @btrez.dll,-4015 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Programme\WIDCOMM\Bluetooth Software\btsendto_ie.htm () O9 - Extra 'Tools' menuitem : @btrez.dll,-12650 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Programme\WIDCOMM\Bluetooth Software\btsendto_ie.htm () O9 - Extra 'Tools' menuitem : Spybot - Search && Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Programme\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited) O9 - Extra Button: ICQ6 - {E59EB121-F339-4851-A3BA-FE49C35617C2} - C:\Programme\ICQ6.5\ICQ.exe (ICQ, LLC.) O9 - Extra 'Tools' menuitem : ICQ6 - {E59EB121-F339-4851-A3BA-FE49C35617C2} - C:\Programme\ICQ6.5\ICQ.exe (ICQ, LLC.) O13 - gopher Prefix: missing O16 - DPF: {CAFEEFAC-0016-0000-0013-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_13-windows-i586.cab (Java Plug-in 1.6.0_13) O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_13-windows-i586.cab (Java Plug-in 1.6.0_13) O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.2.1 O18 - Protocol\Handler\livecall {828030A1-22C1-4009-854F-8E305202313F} - C:\Programme\Windows Live\Messenger\msgrapp.14.0.8089.0726.dll (Microsoft Corporation) O18 - Protocol\Handler\ms-help {314111c7-a502-11d2-bbca-00c04f8ec294} - C:\Programme\Common Files\microsoft shared\Help\hxds.dll (Microsoft Corporation) O18 - Protocol\Handler\msnim {828030A1-22C1-4009-854F-8E305202313F} - C:\Programme\Windows Live\Messenger\msgrapp.14.0.8089.0726.dll (Microsoft Corporation) O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Programme\Common Files\Skype\Skype4COM.dll (Skype Technologies) O18 - Protocol\Handler\wlmailhtml {03C514A3-1EFB-4856-9F99-10D7BE1653C0} - C:\Programme\Windows Live\Mail\mailcomm.dll (Microsoft Corporation) O18 - Protocol\Filter\text/xml {807563E5-5146-11D5-A672-00B0D022E945} - C:\Programme\Common Files\microsoft shared\OFFICE12\MSOXMLMF.DLL (Microsoft Corporation) O20 - AppInit_DLLs: (APSHook.dll) - C:\windows\System32\APSHook.dll (Bioscrypt Inc.) O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\windows\explorer.exe (Microsoft Corporation) O24 - Desktop WallPaper: C:\Users\Zauberfee\AppData\Roaming\Microsoft\Windows Photo Gallery\Hintergrundbild der Windows-Fotogalerie.jpg O24 - Desktop BackupWallPaper: C:\Users\Zauberfee\AppData\Roaming\Microsoft\Windows Photo Gallery\Hintergrundbild der Windows-Fotogalerie.jpg O32 - HKLM CDRom: AutoRun - 1 O34 - HKLM BootExecute: (autocheck autochk /p \??\C:) - File not found O34 - HKLM BootExecute: (autocheck autochk *) - File not found O35 - HKLM\..comfile [open] -- "%1" %* O35 - HKLM\..exefile [open] -- "%1" %* O37 - HKLM\...com [@ = comfile] -- "%1" %* O37 - HKLM\...exe [@ = exefile] -- "%1" %* NetSvcs: FastUserSwitchingCompatibility - File not found NetSvcs: Ias - File not found NetSvcs: Nla - File not found NetSvcs: Ntmssvc - File not found NetSvcs: NWCWorkstation - File not found NetSvcs: Nwsapagent - File not found NetSvcs: SRService - File not found NetSvcs: Wmi - C:\windows\System32\wmi.dll (Microsoft Corporation) NetSvcs: WmdmPmSp - File not found NetSvcs: LogonHours - File not found NetSvcs: PCAudit - File not found NetSvcs: helpsvc - File not found NetSvcs: uploadmgr - File not found SafeBootMin: AppMgmt - Service SafeBootMin: Base - Driver Group SafeBootMin: Boot Bus Extender - Driver Group SafeBootMin: Boot file system - Driver Group SafeBootMin: File system - Driver Group SafeBootMin: Filter - Driver Group SafeBootMin: HelpSvc - Service SafeBootMin: NTDS - File not found SafeBootMin: PCI Configuration - Driver Group SafeBootMin: PNP Filter - Driver Group SafeBootMin: Primary disk - Driver Group SafeBootMin: sacsvr - Service SafeBootMin: SCSI Class - Driver Group SafeBootMin: System Bus Extender - Driver Group SafeBootMin: WinDefend - C:\Programme\Windows Defender\MpSvc.dll (Microsoft Corporation) SafeBootMin: {36FC9E60-C465-11CF-8056-444553540000} - Universal Serial Bus controllers SafeBootMin: {4D36E965-E325-11CE-BFC1-08002BE10318} - CD-ROM Drive SafeBootMin: {4D36E967-E325-11CE-BFC1-08002BE10318} - DiskDrive SafeBootMin: {4D36E969-E325-11CE-BFC1-08002BE10318} - Standard floppy disk controller SafeBootMin: {4D36E96A-E325-11CE-BFC1-08002BE10318} - Hdc SafeBootMin: {4D36E96B-E325-11CE-BFC1-08002BE10318} - Keyboard SafeBootMin: {4D36E96F-E325-11CE-BFC1-08002BE10318} - Mouse SafeBootMin: {4D36E977-E325-11CE-BFC1-08002BE10318} - PCMCIA Adapters SafeBootMin: {4D36E97B-E325-11CE-BFC1-08002BE10318} - SCSIAdapter SafeBootMin: {4D36E97D-E325-11CE-BFC1-08002BE10318} - System SafeBootMin: {4D36E980-E325-11CE-BFC1-08002BE10318} - Floppy disk drive SafeBootMin: {533C5B84-EC70-11D2-9505-00C04F79DEAF} - Volume shadow copy SafeBootMin: {6BDD1FC1-810F-11D0-BEC7-08002BE2092F} - IEEE 1394 Bus host controllers SafeBootMin: {71A27CDD-812A-11D0-BEC7-08002BE2092F} - Volume SafeBootMin: {745A17A0-74D3-11D0-B6FE-00A0C90F57DA} - Human Interface Devices SafeBootMin: {D48179BE-EC20-11D1-B6B8-00C04FA372A7} - SBP2 IEEE 1394 Devices SafeBootMin: {D94EE5D8-D189-4994-83D2-F68D7D41B0E6} - SecurityDevices SafeBootNet: AppMgmt - Service SafeBootNet: Base - Driver Group SafeBootNet: Boot Bus Extender - Driver Group SafeBootNet: Boot file system - Driver Group SafeBootNet: File system - Driver Group SafeBootNet: Filter - Driver Group SafeBootNet: HelpSvc - Service SafeBootNet: Messenger - Service SafeBootNet: NDIS Wrapper - Driver Group SafeBootNet: NetBIOSGroup - Driver Group SafeBootNet: NetDDEGroup - Driver Group SafeBootNet: Network - Driver Group SafeBootNet: NetworkProvider - Driver Group SafeBootNet: NTDS - File not found SafeBootNet: PCI Configuration - Driver Group SafeBootNet: PNP Filter - Driver Group SafeBootNet: PNP_TDI - Driver Group SafeBootNet: Primary disk - Driver Group SafeBootNet: rdsessmgr - Service SafeBootNet: sacsvr - Service SafeBootNet: SCSI Class - Driver Group SafeBootNet: Streams Drivers - Driver Group SafeBootNet: System Bus Extender - Driver Group SafeBootNet: TDI - Driver Group SafeBootNet: WinDefend - C:\Programme\Windows Defender\MpSvc.dll (Microsoft Corporation) SafeBootNet: WudfPf - Driver SafeBootNet: WudfUsbccidDriver - Driver SafeBootNet: {36FC9E60-C465-11CF-8056-444553540000} - Universal Serial Bus controllers SafeBootNet: {4D36E965-E325-11CE-BFC1-08002BE10318} - CD-ROM Drive SafeBootNet: {4D36E967-E325-11CE-BFC1-08002BE10318} - DiskDrive SafeBootNet: {4D36E969-E325-11CE-BFC1-08002BE10318} - Standard floppy disk controller SafeBootNet: {4D36E96A-E325-11CE-BFC1-08002BE10318} - Hdc SafeBootNet: {4D36E96B-E325-11CE-BFC1-08002BE10318} - Keyboard SafeBootNet: {4D36E96F-E325-11CE-BFC1-08002BE10318} - Mouse SafeBootNet: {4D36E972-E325-11CE-BFC1-08002BE10318} - Net SafeBootNet: {4D36E973-E325-11CE-BFC1-08002BE10318} - NetClient SafeBootNet: {4D36E974-E325-11CE-BFC1-08002BE10318} - NetService SafeBootNet: {4D36E975-E325-11CE-BFC1-08002BE10318} - NetTrans SafeBootNet: {4D36E977-E325-11CE-BFC1-08002BE10318} - PCMCIA Adapters SafeBootNet: {4D36E97B-E325-11CE-BFC1-08002BE10318} - SCSIAdapter SafeBootNet: {4D36E97D-E325-11CE-BFC1-08002BE10318} - System SafeBootNet: {4D36E980-E325-11CE-BFC1-08002BE10318} - Floppy disk drive SafeBootNet: {50DD5230-BA8A-11D1-BF5D-0000F805F530} - Smart card readers SafeBootNet: {533C5B84-EC70-11D2-9505-00C04F79DEAF} - Volume shadow copy SafeBootNet: {6BDD1FC1-810F-11D0-BEC7-08002BE2092F} - IEEE 1394 Bus host controllers SafeBootNet: {71A27CDD-812A-11D0-BEC7-08002BE2092F} - Volume SafeBootNet: {745A17A0-74D3-11D0-B6FE-00A0C90F57DA} - Human Interface Devices SafeBootNet: {D48179BE-EC20-11D1-B6B8-00C04FA372A7} - SBP2 IEEE 1394 Devices SafeBootNet: {D94EE5D8-D189-4994-83D2-F68D7D41B0E6} - SecurityDevices ActiveX: {08B0E5C0-4FCB-11CF-AAA5-00401C608500} - Java (Sun) ActiveX: {10880D85-AAD9-4558-ABDC-2AB1552D831F} - "C:\Program Files\Common Files\LightScribe\LSRunOnce.exe" ActiveX: {2179C5D3-EBFF-11CF-B6FD-00AA00B4E220} - ActiveX: {22d6f312-b0f6-11d0-94ab-0080c74c7e95} - Microsoft Windows Media Player 11.0 ActiveX: {25FFAAD0-F4A3-4164-95FF-4461E9F35D51} - .NET Framework ActiveX: {2A3320D6-C805-4280-B423-B665BDE33D8F} - Microsoft .NET Framework 1.1 Security Update (KB979906) ActiveX: {2C7339CF-2B09-4501-B3F3-F3508C9228ED} - %SystemRoot%\system32\regsvr32.exe /s /n /i:/UserInstall %SystemRoot%\system32\themeui.dll ActiveX: {3af36230-a269-11d1-b5bf-0000f8051515} - Offline Browsing Pack ActiveX: {3C3901C5-3455-3E0A-A214-0B093A5070A6} - .NET Framework ActiveX: {411EDCF7-755D-414E-A74B-3DCD6583F589} - Microsoft .NET Framework 1.1 Service Pack 1 (KB867460) ActiveX: {44BBA840-CC51-11CF-AAFA-00AA00B6015C} - "%ProgramFiles%\Windows Mail\WinMail.exe" OCInstallUserConfigOE ActiveX: {44BBA848-CC51-11CF-AAFA-00AA00B6015C} - ActiveX: {44BBA855-CC51-11CF-AAFA-00AA00B6015F} - DirectDrawEx ActiveX: {45ea75a0-a269-11d1-b5bf-0000f8051515} - Internet Explorer Help ActiveX: {4f645220-306d-11d2-995d-00c04f98bbc9} - Microsoft Windows Script 5.7 ActiveX: {5fd399c0-a70a-11d1-9948-00c04f98bbc9} - Internet Explorer Setup Tools ActiveX: {630b1da0-b465-11d1-9948-00c04f98bbc9} - Browsing Enhancements ActiveX: {6BF52A52-394A-11d3-B153-00C04F79FAA6} - Microsoft Windows Media Player ActiveX: {6fab99d0-bab8-11d1-994a-00c04f98bbc9} - MSN Site Access ActiveX: {7790769C-0471-11d2-AF11-00C04FA35D02} - Address Book 7 ActiveX: {7C028AF8-F614-47B3-82DA-BA94E41B1089} - .NET Framework ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4340} - regsvr32.exe /s /n /i:U shell32.dll ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4383} - C:\Windows\system32\ie4uinit.exe -BaseSettings ActiveX: {89B4C1CD-B018-4511-B0A1-5476DBF70820} - C:\Windows\system32\Rundll32.exe C:\Windows\system32\mscories.dll,Install ActiveX: {9381D8F2-0288-11D0-9501-00AA00B911A5} - Dynamic HTML Data Binding ActiveX: {C9E9A340-D1F1-11D0-821E-444553540600} - Internet Explorer Core Fonts ActiveX: {CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1} - .NET Framework ActiveX: {CDD7975E-60F8-41d5-8149-19E51D6F71D0} - Windows Movie Maker v2.1 ActiveX: {D27CDB6E-AE6D-11CF-96B8-444553540000} - Adobe Flash Player ActiveX: {de5aed00-a4bf-11d1-9948-00c04f98bbc9} - HTML Help ActiveX: {E92B03AB-B707-11d2-9CBD-0000F87A369E} - Active Directory Service Interface ActiveX: >{22d6f312-b0f6-11d0-94ab-0080c74c7e95} - C:\Windows\system32\unregmp2.exe /ShowWMP ActiveX: >{26923b43-4d38-484f-9b9e-de460746276c} - C:\Windows\system32\ie4uinit.exe -UserIconConfig ActiveX: >{60B49E34-C7CC-11D0-8953-00A0C90347FF} - RunDLL32 IEDKCS32.DLL,BrandIE4 SIGNUP Drivers32: msacm.l3acm - C:\Windows\System32\l3codeca.acm (Fraunhofer Institut Integrierte Schaltungen IIS) Drivers32: msacm.siren - C:\windows\System32\sirenacm.dll (Microsoft Corporation) Drivers32: MSVideo8 - C:\windows\System32\vfwwdm32.dll (Microsoft Corporation) Drivers32: vidc.cvid - C:\windows\System32\iccvid.dll (Radius Inc.) Drivers32: vidc.DIVX - C:\windows\System32\DivX.dll (DivX, Inc.) Drivers32: vidc.yv12 - C:\windows\System32\DivX.dll (DivX, Inc.) CREATERESTOREPOINT Restore point Set: OTL Restore Point ========== Files/Folders - Created Within 30 Days ========== [2010.09.09 14:21:12 | 000,000,000 | ---D | C] -- C:\windows\System32\eu-ES [2010.09.09 14:21:12 | 000,000,000 | ---D | C] -- C:\windows\System32\ca-ES [2010.09.09 14:21:09 | 000,000,000 | ---D | C] -- C:\windows\System32\vi-VN [2010.09.09 13:12:13 | 000,000,000 | ---D | C] -- C:\windows\System32\EventProviders [2010.09.08 19:19:26 | 000,000,000 | ---D | C] -- C:\Users\Zauberfee\AppData\Roaming\Malwarebytes [2010.09.08 19:18:59 | 000,038,224 | ---- | C] (Malwarebytes Corporation) -- C:\windows\System32\drivers\mbamswissarmy.sys [2010.09.08 19:18:49 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes [2010.09.08 19:18:47 | 000,020,952 | ---- | C] (Malwarebytes Corporation) -- C:\windows\System32\drivers\mbam.sys [2010.09.08 19:18:46 | 000,000,000 | ---D | C] -- C:\Programme\Malwarebytes' Anti-Malware [2010.09.08 18:46:24 | 000,000,000 | -HSD | C] -- C:\Config.Msi [2010.09.08 18:34:18 | 000,000,000 | ---D | C] -- C:\Programme\Trend Micro [2010.09.08 15:46:07 | 000,000,000 | ---D | C] -- C:\Programme\Spybot - Search & Destroy [2010.09.08 15:46:07 | 000,000,000 | ---D | C] -- C:\ProgramData\Spybot - Search & Destroy [2010.09.06 19:12:24 | 000,000,000 | ---D | C] -- C:\Users\Zauberfee\AppData\Roaming\877769BCEAF1CBC6670B3ACF9D165F68 [2010.09.01 16:51:25 | 000,000,000 | ---D | C] -- C:\Users\Zauberfee\AppData\Roaming\Avira [2010.09.01 16:41:23 | 000,102,856 | ---- | C] (Avira GmbH) -- C:\windows\System32\drivers\avfwot.sys [2010.09.01 16:41:23 | 000,079,432 | ---- | C] (Avira GmbH) -- C:\windows\System32\drivers\avfwim.sys [2010.09.01 16:41:23 | 000,051,992 | ---- | C] (AVIRA GmbH) -- C:\windows\System32\drivers\avgntdd.sys [2010.09.01 16:41:23 | 000,017,016 | ---- | C] (AVIRA GmbH) -- C:\windows\System32\drivers\avgntmgr.sys [2010.09.01 15:44:55 | 000,000,000 | ---D | C] -- C:\Users\Zauberfee\AppData\Local\MigWiz [2010.08.31 23:26:45 | 000,000,000 | ---D | C] -- C:\Users\Zauberfee\AppData\Roaming\A72302177F1C79EDD227F5C974FD260B [2010.08.11 19:37:55 | 000,081,920 | ---- | C] (Radius Inc.) -- C:\windows\System32\iccvid.dll [2010.08.11 19:37:51 | 000,380,928 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\ieapfltr.dll [2010.08.11 19:37:49 | 000,193,024 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\iepeers.dll [2010.08.11 19:37:49 | 000,078,336 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\ieencode.dll [2010.08.11 19:37:37 | 002,037,760 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\win32k.sys [2010.08.11 19:37:36 | 000,036,864 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\rtutils.dll [2010.08.11 19:37:33 | 003,600,768 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\ntkrnlpa.exe [2010.08.11 19:37:32 | 003,548,040 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\ntoskrnl.exe [2009.07.10 10:24:12 | 000,180,224 | ---- | C] ( ) -- C:\windows\System32\rsnp2uvc.dll [2009.07.10 10:24:10 | 000,176,128 | ---- | C] ( ) -- C:\windows\System32\csnp2uvc.dll ========== Files - Modified Within 30 Days ========== [2010.09.09 15:01:44 | 006,291,456 | -HS- | M] () -- C:\Users\Zauberfee\ntuser.dat [2010.09.09 14:41:46 | 000,634,400 | ---- | M] () -- C:\windows\System32\perfh009.dat [2010.09.09 14:41:46 | 000,119,964 | ---- | M] () -- C:\windows\System32\perfc009.dat [2010.09.09 14:41:45 | 001,568,228 | ---- | M] () -- C:\windows\System32\PerfStringBackup.INI [2010.09.09 14:41:45 | 000,674,582 | ---- | M] () -- C:\windows\System32\perfh007.dat [2010.09.09 14:41:45 | 000,146,234 | ---- | M] () -- C:\windows\System32\perfc007.dat [2010.09.09 14:39:57 | 000,003,216 | -H-- | M] () -- C:\windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0 [2010.09.09 14:39:57 | 000,003,216 | -H-- | M] () -- C:\windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0 [2010.09.09 14:34:24 | 000,017,408 | ---- | M] () -- C:\windows\System32\rpcnetp.dll [2010.09.09 14:34:23 | 000,056,680 | ---- | M] (Absolute Software Corp.) -- C:\windows\System32\rpcnet.dll [2010.09.09 14:34:03 | 000,000,006 | -H-- | M] () -- C:\windows\tasks\SA.DAT [2010.09.09 14:33:48 | 000,067,584 | --S- | M] () -- C:\windows\bootstat.dat [2010.09.09 14:33:42 | 000,389,320 | ---- | M] () -- C:\windows\System32\FNTCACHE.DAT [2010.09.09 14:32:41 | 000,017,408 | ---- | M] () -- C:\windows\System32\rpcnetp.exe [2010.09.09 14:25:47 | 000,000,012 | ---- | M] () -- C:\windows\bthservsdp.dat [2010.09.09 14:05:16 | 000,524,288 | -HS- | M] () -- C:\Users\Zauberfee\ntuser.dat{5f235475-9d62-11de-936a-00247e52c67b}.TMContainer00000000000000000001.regtrans-ms [2010.09.09 14:05:16 | 000,065,536 | -HS- | M] () -- C:\Users\Zauberfee\ntuser.dat{5f235475-9d62-11de-936a-00247e52c67b}.TM.blf [2010.09.09 14:02:01 | 001,483,715 | -H-- | M] () -- C:\Users\Zauberfee\AppData\Local\IconCache.db [2010.09.09 12:49:29 | 000,154,112 | ---- | M] () -- C:\Users\Zauberfee\AppData\Local\cplcscsvc.exe [2010.09.08 19:19:02 | 000,000,818 | ---- | M] () -- C:\Users\Public\Desktop\Malwarebytes' Anti-Malware.lnk [2010.09.08 15:46:15 | 000,001,055 | ---- | M] () -- C:\Users\Zauberfee\Desktop\Spybot - Search & Destroy.lnk [2010.09.08 15:45:38 | 000,000,426 | -H-- | M] () -- C:\windows\tasks\User_Feed_Synchronization-{7174BDD7-DE20-4F5F-AB13-D4C6C7CBAF30}.job [2010.09.06 19:42:44 | 000,010,752 | ---- | M] () -- C:\Users\Zauberfee\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini [2010.09.01 16:38:11 | 000,028,520 | ---- | M] (Avira GmbH) -- C:\windows\System32\drivers\ssmdrv.sys [2010.09.01 16:38:10 | 000,124,784 | ---- | M] (Avira GmbH) -- C:\windows\System32\drivers\avipbb.sys [2010.09.01 16:38:10 | 000,017,016 | ---- | M] (AVIRA GmbH) -- C:\windows\System32\drivers\avgntmgr.sys [2010.09.01 16:38:09 | 000,060,936 | ---- | M] (Avira GmbH) -- C:\windows\System32\drivers\avgntflt.sys [2010.09.01 16:38:08 | 000,102,856 | ---- | M] (Avira GmbH) -- C:\windows\System32\drivers\avfwot.sys [2010.09.01 16:38:08 | 000,051,992 | ---- | M] (AVIRA GmbH) -- C:\windows\System32\drivers\avgntdd.sys [2010.09.01 16:38:07 | 000,079,432 | ---- | M] (Avira GmbH) -- C:\windows\System32\drivers\avfwim.sys ========== Files Created - No Company Name ========== [2010.09.09 12:49:29 | 000,154,112 | ---- | C] () -- C:\Users\Zauberfee\AppData\Local\cplcscsvc.exe [2010.09.08 19:19:02 | 000,000,818 | ---- | C] () -- C:\Users\Public\Desktop\Malwarebytes' Anti-Malware.lnk [2010.09.08 15:46:15 | 000,001,055 | ---- | C] () -- C:\Users\Zauberfee\Desktop\Spybot - Search & Destroy.lnk [2010.07.09 22:16:13 | 000,000,000 | ---- | C] () -- C:\Users\Zauberfee\AppData\Local\FnF4.txt [2009.09.24 20:11:29 | 000,117,248 | ---- | C] () -- C:\windows\System32\EhStorAuthn.dll [2009.08.22 16:28:13 | 000,017,408 | ---- | C] () -- C:\windows\System32\rpcnetp.dll [2009.07.29 03:26:50 | 000,010,752 | ---- | C] () -- C:\Users\Zauberfee\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini [2009.07.18 02:25:44 | 000,000,056 | -H-- | C] () -- C:\ProgramData\ezsidmv.dat [2009.07.10 10:33:15 | 000,000,000 | ---- | C] () -- C:\Users\Zauberfee\AppData\Local\QSwitch.txt [2009.07.10 10:33:15 | 000,000,000 | ---- | C] () -- C:\Users\Zauberfee\AppData\Local\DSwitch.txt [2009.07.10 10:33:14 | 000,000,000 | ---- | C] () -- C:\Users\Zauberfee\AppData\Local\AtStart.txt [2009.07.10 10:24:11 | 001,804,160 | ---- | C] () -- C:\windows\System32\drivers\snp2uvc.sys [2009.07.10 10:24:11 | 000,015,497 | ---- | C] () -- C:\windows\snp2uvc.ini [2009.07.10 10:24:10 | 000,028,160 | ---- | C] () -- C:\windows\System32\drivers\sncduvc.sys [2008.07.23 15:38:17 | 000,204,800 | ---- | C] () -- C:\windows\System32\IVIresizeW7.dll [2008.07.23 15:38:17 | 000,200,704 | ---- | C] () -- C:\windows\System32\IVIresizeA6.dll [2008.07.23 15:38:17 | 000,192,512 | ---- | C] () -- C:\windows\System32\IVIresizeP6.dll [2008.07.23 15:38:17 | 000,192,512 | ---- | C] () -- C:\windows\System32\IVIresizeM6.dll [2008.07.23 15:38:17 | 000,188,416 | ---- | C] () -- C:\windows\System32\IVIresizePX.dll [2008.07.23 15:38:17 | 000,020,480 | ---- | C] () -- C:\windows\System32\IVIresize.dll [2008.07.23 15:07:46 | 000,000,000 | ---- | C] () -- C:\windows\HPMProp.INI [2008.05.30 18:36:58 | 000,108,752 | ---- | C] () -- C:\windows\System32\drivers\SafeBoot.sys [2008.05.21 11:38:12 | 000,159,744 | ---- | C] () -- C:\windows\System32\atitmmxx.dll [2007.06.27 08:00:00 | 001,777,664 | ---- | C] () -- C:\windows\System32\ZHP1600R.DLL [2007.06.27 08:00:00 | 000,749,568 | ---- | C] () -- C:\windows\System32\AGI1600.DLL [2006.11.02 09:40:29 | 000,013,750 | ---- | C] () -- C:\windows\System32\pacerprf.ini [2006.03.09 11:58:00 | 001,060,424 | ---- | C] () -- C:\windows\System32\WdfCoInstaller01000.dll [2005.04.04 00:30:00 | 000,110,592 | ---- | C] () -- C:\windows\System32\scardsyn.dll [2001.11.14 13:56:00 | 001,802,240 | ---- | C] () -- C:\windows\System32\lcppn21.dll [1998.05.07 05:10:00 | 000,069,632 | ---- | C] () -- C:\windows\System32\ODMA32.dll ========== LOP Check ========== [2010.09.08 21:29:18 | 000,000,000 | ---D | M] -- C:\Users\Zauberfee\AppData\Roaming\877769BCEAF1CBC6670B3ACF9D165F68 [2010.09.08 21:29:19 | 000,000,000 | ---D | M] -- C:\Users\Zauberfee\AppData\Roaming\A72302177F1C79EDD227F5C974FD260B [2010.08.29 18:08:51 | 000,000,000 | ---D | M] -- C:\Users\Zauberfee\AppData\Roaming\ICQ [2010.06.14 21:45:43 | 000,000,000 | ---D | M] -- C:\Users\Zauberfee\AppData\Roaming\InterVideo [2009.07.12 14:35:10 | 000,000,000 | ---D | M] -- C:\Users\Zauberfee\AppData\Roaming\OpenOffice.org [2010.09.09 14:26:02 | 000,032,628 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT [2010.09.08 15:45:38 | 000,000,426 | -H-- | M] () -- C:\Windows\Tasks\User_Feed_Synchronization-{7174BDD7-DE20-4F5F-AB13-D4C6C7CBAF30}.job ========== Purity Check ========== ========== Custom Scans ========== < %ALLUSERSPROFILE%\Application Data\*. > < %ALLUSERSPROFILE%\Application Data\*.exe /s > < %APPDATA%\*. > [2010.09.08 21:29:18 | 000,000,000 | ---D | M] -- C:\Users\Zauberfee\AppData\Roaming\877769BCEAF1CBC6670B3ACF9D165F68 [2010.09.08 21:29:19 | 000,000,000 | ---D | M] -- C:\Users\Zauberfee\AppData\Roaming\A72302177F1C79EDD227F5C974FD260B [2009.07.10 10:28:53 | 000,000,000 | ---D | M] -- C:\Users\Zauberfee\AppData\Roaming\Adobe [2009.07.10 10:33:36 | 000,000,000 | ---D | M] -- C:\Users\Zauberfee\AppData\Roaming\ATI [2010.09.01 16:51:25 | 000,000,000 | ---D | M] -- C:\Users\Zauberfee\AppData\Roaming\Avira [2010.07.16 11:12:13 | 000,000,000 | ---D | M] -- C:\Users\Zauberfee\AppData\Roaming\DivX [2009.10.10 17:25:43 | 000,000,000 | ---D | M] -- C:\Users\Zauberfee\AppData\Roaming\Hewlett-Packard [2009.07.12 15:17:46 | 000,000,000 | ---D | M] -- C:\Users\Zauberfee\AppData\Roaming\HPQLOG [2010.08.29 18:08:51 | 000,000,000 | ---D | M] -- C:\Users\Zauberfee\AppData\Roaming\ICQ [2009.07.10 10:32:15 | 000,000,000 | ---D | M] -- C:\Users\Zauberfee\AppData\Roaming\Identities [2009.07.10 10:17:43 | 000,000,000 | ---D | M] -- C:\Users\Zauberfee\AppData\Roaming\InstallShield [2010.06.14 21:45:43 | 000,000,000 | ---D | M] -- C:\Users\Zauberfee\AppData\Roaming\InterVideo [2009.07.10 10:29:05 | 000,000,000 | ---D | M] -- C:\Users\Zauberfee\AppData\Roaming\Macromedia [2010.09.08 19:19:26 | 000,000,000 | ---D | M] -- C:\Users\Zauberfee\AppData\Roaming\Malwarebytes [2010.09.08 18:46:27 | 000,000,000 | --SD | M] -- C:\Users\Zauberfee\AppData\Roaming\Microsoft [2009.07.12 11:18:27 | 000,000,000 | ---D | M] -- C:\Users\Zauberfee\AppData\Roaming\Mozilla [2009.07.12 14:35:10 | 000,000,000 | ---D | M] -- C:\Users\Zauberfee\AppData\Roaming\OpenOffice.org [2010.06.14 22:53:51 | 000,000,000 | ---D | M] -- C:\Users\Zauberfee\AppData\Roaming\Skype [2009.11.12 22:25:08 | 000,000,000 | ---D | M] -- C:\Users\Zauberfee\AppData\Roaming\skypePM < %APPDATA%\*.exe /s > [2010.09.01 17:30:27 | 001,063,424 | ---- | M] (MS) -- C:\Users\Zauberfee\AppData\Roaming\A72302177F1C79EDD227F5C974FD260B\mediafix70700en02.exe < %SYSTEMDRIVE%\*.exe > < MD5 for: AGP440.SYS > [2008.01.21 04:32:22 | 000,056,376 | ---- | M] (Microsoft Corporation) MD5=13F9E33747E6B41A3FF305C37DB0D360 -- C:\Windows\System32\drivers\AGP440.sys [2008.01.21 04:32:22 | 000,056,376 | ---- | M] (Microsoft Corporation) MD5=13F9E33747E6B41A3FF305C37DB0D360 -- C:\Windows\System32\DriverStore\FileRepository\machine.inf_51b95d75\AGP440.sys [2008.01.21 04:32:22 | 000,056,376 | ---- | M] (Microsoft Corporation) MD5=13F9E33747E6B41A3FF305C37DB0D360 -- C:\Windows\System32\DriverStore\FileRepository\machine.inf_f750e484\AGP440.sys [2008.01.21 04:32:22 | 000,056,376 | ---- | M] (Microsoft Corporation) MD5=13F9E33747E6B41A3FF305C37DB0D360 -- C:\Windows\winsxs\x86_machine.inf_31bf3856ad364e35_6.0.6001.18000_none_ba12ed3bbeb0d97a\AGP440.sys [2008.01.21 04:32:22 | 000,056,376 | ---- | M] (Microsoft Corporation) MD5=13F9E33747E6B41A3FF305C37DB0D360 -- C:\Windows\winsxs\x86_machine.inf_31bf3856ad364e35_6.0.6002.18005_none_bbfe6647bbd2a4c6\AGP440.sys [2006.11.02 11:49:52 | 000,053,864 | ---- | M] (Microsoft Corporation) MD5=EF23439CDD587F64C2C1B8825CEAD7D8 -- C:\Windows\System32\DriverStore\FileRepository\machine.inf_920a2c1f\AGP440.sys < MD5 for: ATAPI.SYS > [2009.04.11 08:32:26 | 000,019,944 | ---- | M] (Microsoft Corporation) MD5=1F05B78AB91C9075565A9D8A4B880BC4 -- C:\Windows\System32\drivers\atapi.sys [2009.04.11 08:32:26 | 000,019,944 | ---- | M] (Microsoft Corporation) MD5=1F05B78AB91C9075565A9D8A4B880BC4 -- C:\Windows\System32\DriverStore\FileRepository\mshdc.inf_b12d8e84\atapi.sys [2009.04.11 08:32:26 | 000,019,944 | ---- | M] (Microsoft Corporation) MD5=1F05B78AB91C9075565A9D8A4B880BC4 -- C:\Windows\winsxs\x86_mshdc.inf_31bf3856ad364e35_6.0.6002.18005_none_df23a1261eab99e8\atapi.sys [2008.01.21 04:32:21 | 000,021,560 | ---- | M] (Microsoft Corporation) MD5=2D9C903DC76A66813D350A562DE40ED9 -- C:\Windows\System32\DriverStore\FileRepository\mshdc.inf_cc18792d\atapi.sys [2008.01.21 04:32:21 | 000,021,560 | ---- | M] (Microsoft Corporation) MD5=2D9C903DC76A66813D350A562DE40ED9 -- C:\Windows\winsxs\x86_mshdc.inf_31bf3856ad364e35_6.0.6001.18000_none_dd38281a2189ce9c\atapi.sys [2006.11.02 11:49:36 | 000,019,048 | ---- | M] (Microsoft Corporation) MD5=4F4FCB8B6EA06784FB6D475B7EC7300F -- C:\Windows\System32\DriverStore\FileRepository\mshdc.inf_c6c2e699\atapi.sys < MD5 for: CNGAUDIT.DLL > [2006.11.02 11:46:03 | 000,011,776 | ---- | M] (Microsoft Corporation) MD5=7F15B4953378C8B5161D65C26D5FED4D -- C:\Windows\System32\cngaudit.dll [2006.11.02 11:46:03 | 000,011,776 | ---- | M] (Microsoft Corporation) MD5=7F15B4953378C8B5161D65C26D5FED4D -- C:\Windows\winsxs\x86_microsoft-windows-cngaudit-dll_31bf3856ad364e35_6.0.6000.16386_none_e62d292932a96ce6\cngaudit.dll < MD5 for: IASTORV.SYS > [2008.01.21 04:32:49 | 000,235,064 | ---- | M] (Intel Corporation) MD5=54155EA1B0DF185878E0FC9EC3AC3A14 -- C:\Windows\System32\drivers\iaStorV.sys [2008.01.21 04:32:49 | 000,235,064 | ---- | M] (Intel Corporation) MD5=54155EA1B0DF185878E0FC9EC3AC3A14 -- C:\Windows\System32\DriverStore\FileRepository\iastorv.inf_c9df7691\iaStorV.sys [2008.01.21 04:32:49 | 000,235,064 | ---- | M] (Intel Corporation) MD5=54155EA1B0DF185878E0FC9EC3AC3A14 -- C:\Windows\winsxs\x86_iastorv.inf_31bf3856ad364e35_6.0.6001.18000_none_af11527887c7fa8f\iaStorV.sys [2006.11.02 11:51:25 | 000,232,040 | ---- | M] (Intel Corporation) MD5=C957BF4B5D80B46C5017BF0101E6C906 -- C:\Windows\System32\DriverStore\FileRepository\iastorv.inf_37cdafa4\iaStorV.sys < MD5 for: NETLOGON.DLL > [2009.04.11 08:28:23 | 000,592,896 | ---- | M] (Microsoft Corporation) MD5=95DAECF0FB120A7B5DA679CC54E37DDE -- C:\Windows\System32\netlogon.dll [2009.04.11 08:28:23 | 000,592,896 | ---- | M] (Microsoft Corporation) MD5=95DAECF0FB120A7B5DA679CC54E37DDE -- C:\Windows\winsxs\x86_microsoft-windows-security-netlogon_31bf3856ad364e35_6.0.6002.18005_none_ffa3304f351bb3a3\netlogon.dll [2008.01.21 04:33:41 | 000,592,384 | ---- | M] (Microsoft Corporation) MD5=A8EFC0B6E75B789F7FD3BA5025D4E37F -- C:\Windows\winsxs\x86_microsoft-windows-security-netlogon_31bf3856ad364e35_6.0.6001.18000_none_fdb7b74337f9e857\netlogon.dll < MD5 for: NVSTOR.SYS > [2006.11.02 11:50:13 | 000,040,040 | ---- | M] (NVIDIA Corporation) MD5=9E0BA19A28C498A6D323D065DB76DFFC -- C:\Windows\System32\DriverStore\FileRepository\nvraid.inf_733654ff\nvstor.sys [2008.01.21 04:32:47 | 000,045,112 | ---- | M] (NVIDIA Corporation) MD5=ABED0C09758D1D97DB0042DBB2688177 -- C:\Windows\System32\drivers\nvstor.sys [2008.01.21 04:32:47 | 000,045,112 | ---- | M] (NVIDIA Corporation) MD5=ABED0C09758D1D97DB0042DBB2688177 -- C:\Windows\System32\DriverStore\FileRepository\nvraid.inf_31c3d71d\nvstor.sys [2008.01.21 04:32:47 | 000,045,112 | ---- | M] (NVIDIA Corporation) MD5=ABED0C09758D1D97DB0042DBB2688177 -- C:\Windows\winsxs\x86_nvraid.inf_31bf3856ad364e35_6.0.6001.18000_none_39dac327befea467\nvstor.sys < MD5 for: SCECLI.DLL > [2008.01.21 04:34:39 | 000,177,152 | ---- | M] (Microsoft Corporation) MD5=28B84EB538F7E8A0FE8B9299D591E0B9 -- C:\Windows\winsxs\x86_microsoft-windows-s..urationengineclient_31bf3856ad364e35_6.0.6001.18000_none_380de25bd91b6f12\scecli.dll [2009.04.11 08:28:24 | 000,177,152 | ---- | M] (Microsoft Corporation) MD5=8FC182167381E9915651267044105EE1 -- C:\Windows\System32\scecli.dll [2009.04.11 08:28:24 | 000,177,152 | ---- | M] (Microsoft Corporation) MD5=8FC182167381E9915651267044105EE1 -- C:\Windows\winsxs\x86_microsoft-windows-s..urationengineclient_31bf3856ad364e35_6.0.6002.18005_none_39f95b67d63d3a5e\scecli.dll < MD5 for: USER32.DLL > [2008.01.21 04:34:02 | 000,627,200 | ---- | M] (Microsoft Corporation) MD5=B974D9F06DC7D1908E825DC201681269 -- C:\Windows\winsxs\x86_microsoft-windows-user32_31bf3856ad364e35_6.0.6001.18000_none_cd386c416d5c7f32\user32.dll [2009.04.11 08:28:25 | 000,627,712 | ---- | M] (Microsoft Corporation) Unable to obtain MD5 -- C:\Windows\System32\user32.dll [2009.04.11 08:28:25 | 000,627,712 | ---- | M] (Microsoft Corporation) Unable to obtain MD5 -- C:\Windows\winsxs\x86_microsoft-windows-user32_31bf3856ad364e35_6.0.6002.18005_none_cf23e54d6a7e4a7e\user32.dll < MD5 for: USERINIT.EXE > [2008.01.21 04:34:37 | 000,025,088 | ---- | M] (Microsoft Corporation) MD5=0E135526E9785D085BCD9AEDE6FBCBF9 -- C:\Windows\System32\userinit.exe [2008.01.21 04:34:37 | 000,025,088 | ---- | M] (Microsoft Corporation) MD5=0E135526E9785D085BCD9AEDE6FBCBF9 -- C:\Windows\winsxs\x86_microsoft-windows-userinit_31bf3856ad364e35_6.0.6001.18000_none_dc28ba15d1aff80b\userinit.exe < MD5 for: WINLOGON.EXE > [2009.04.11 08:28:13 | 000,314,368 | ---- | M] (Microsoft Corporation) MD5=898E7C06A350D4A1A64A9EA264D55452 -- C:\Windows\System32\winlogon.exe [2009.04.11 08:28:13 | 000,314,368 | ---- | M] (Microsoft Corporation) MD5=898E7C06A350D4A1A64A9EA264D55452 -- C:\Windows\winsxs\x86_microsoft-windows-winlogon_31bf3856ad364e35_6.0.6002.18005_none_71ae7a22d2134741\winlogon.exe [2008.01.21 04:34:38 | 000,314,880 | ---- | M] (Microsoft Corporation) MD5=C2610B6BDBEFC053BBDAB4F1B965CB24 -- C:\Windows\winsxs\x86_microsoft-windows-winlogon_31bf3856ad364e35_6.0.6001.18000_none_6fc30116d4f17bf5\winlogon.exe < MD5 for: WS2IFSL.SYS > [2008.01.21 04:34:35 | 000,015,872 | ---- | M] (Microsoft Corporation) MD5=E3A3CB253C0EC2494D4A61F5E43A389C -- C:\Windows\System32\drivers\ws2ifsl.sys [2008.01.21 04:34:35 | 000,015,872 | ---- | M] (Microsoft Corporation) MD5=E3A3CB253C0EC2494D4A61F5E43A389C -- C:\Windows\winsxs\x86_microsoft-windows-w..rastructure-ws2ifsl_31bf3856ad364e35_6.0.6001.18000_none_4f86a0d4c7cda641\ws2ifsl.sys < %systemroot%\system32\drivers\*.sys /lockedfiles > [2008.05.30 18:36:58 | 000,108,752 | ---- | M] () Unable to obtain MD5 -- C:\Windows\System32\drivers\SafeBoot.sys < %systemroot%\System32\config\*.sav > [2008.01.21 05:31:11 | 015,716,352 | ---- | M] () -- C:\Windows\System32\config\COMPONENTS.SAV [2008.01.21 05:31:01 | 000,102,400 | ---- | M] () -- C:\Windows\System32\config\DEFAULT.SAV [2008.01.21 05:31:12 | 000,020,480 | ---- | M] () -- C:\Windows\System32\config\SECURITY.SAV [2006.11.02 12:34:08 | 010,133,504 | ---- | M] () -- C:\Windows\System32\config\SOFTWARE.SAV [2006.11.02 12:34:08 | 001,826,816 | ---- | M] () -- C:\Windows\System32\config\SYSTEM.SAV < %systemroot%\*. /mp /s > < %systemroot%\system32\*.dll /lockedfiles > [2009.04.11 08:27:47 | 000,241,128 | ---- | M] (Microsoft Corporation) Unable to obtain MD5 -- C:\Windows\System32\rsaenh.dll [2009.04.11 08:28:23 | 000,228,352 | ---- | M] (Microsoft Corporation) Unable to obtain MD5 -- C:\Windows\System32\SLC.dll < End of report > und Nummer 2..... OTL Logfile: Code:
ATTFilter OTL Extras logfile created on: 09.09.2010 14:53:43 - Run 1
OTL by OldTimer - Version 3.2.11.0 Folder = C:\Users\Zauberfee\Downloads
Windows Vista Home Basic Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation
Internet Explorer (Version = 7.0.6002.18005)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
2,00 Gb Total Physical Memory | 1,00 Gb Available Physical Memory | 39,00% Memory free
4,00 Gb Paging File | 2,00 Gb Available in Paging File | 64,00% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
%SystemDrive% = C: | %SystemRoot% = C:\windows | %ProgramFiles% = C:\Program Files
Drive C: | 139,05 Gb Total Space | 111,06 Gb Free Space | 79,87% Space Free | Partition Type: NTFS
Drive D: | 9,00 Gb Total Space | 1,89 Gb Free Space | 20,99% Space Free | Partition Type: NTFS
E: Drive not present or media not loaded
Drive F: | 1020,00 Mb Total Space | 1017,75 Mb Free Space | 99,78% Space Free | Partition Type: FAT32
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded
Computer Name: ZAUBERFEE-PC
Current User Name: Zauberfee
Logged in as Administrator.
Current Boot Mode: Normal
Scan Mode: All users
Company Name Whitelist: Off
Skip Microsoft Files: Off
File Age = 30 Days
Output = Minimal
========== Extra Registry (SafeList) ==========
========== File Associations ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- C:\windows\System32\control.exe (Microsoft Corporation)
.hlp [@ = hlpfile] -- C:\windows\winhlp32.exe (Microsoft Corporation)
[HKEY_USERS\S-1-5-21-2673789067-3255766219-3600544113-1004\SOFTWARE\Classes\<extension>]
.html [@ = FirefoxHTML] -- C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation)
========== Shell Spawning ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
hlpfile [open] -- %SystemRoot%\winhlp32.exe %1 (Microsoft Corporation)
htmlfile [edit] -- "C:\Program Files\Microsoft Office\Office12\msohtmed.exe" %1 (Microsoft Corporation)
htmlfile [print] -- "C:\Program Files\Microsoft Office\Office12\msohtmed.exe" /p %1 (Microsoft Corporation)
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l (Microsoft Corporation)
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe /separate,/idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /separate,/e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
========== Security Center Settings ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0
"VistaSp1" = Reg Error: Unknown registry data type -- File not found
"VistaSp2" = Reg Error: Unknown registry data type -- File not found
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\S-1-5-21-2673789067-3255766219-3600544113-1004]
"EnableNotificationsRef" = 1
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"EnableFirewall" = 0
"DisableNotifications" = 0
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall" = 0
"DisableNotifications" = 0
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"EnableFirewall" = 0
"DisableNotifications" = 0
========== Authorized Applications List ==========
========== Vista Active Open Ports Exception List ==========
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{0BA6008B-8D85-451C-AC9D-3EE293CC56C0}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=svchost.exe |
"{44511208-0329-4EC5-B367-5574C3138068}" = lport=6004 | protocol=17 | dir=in | app=c:\program files\microsoft office\office12\outlook.exe |
"{70B53806-147C-4489-ABD3-8207D5DAA83F}" = lport=2869 | protocol=6 | dir=in | app=system |
========== Vista Active Application Exception List ==========
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{2A1051F2-D16A-4299-9C10-0408D1B33BF2}" = dir=in | app=c:\program files\windows live\sync\windowslivesync.exe |
"{42A7AAA1-8989-4F7C-87B9-813409682481}" = dir=in | app=c:\program files\windows live\messenger\wlcsdk.exe |
"{4A92D7F8-EBE7-4782-B368-C18780928055}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{650B48D8-9F2A-4A35-86A1-82FF2E1EC37C}" = dir=in | app=c:\program files\windows live\messenger\wlcsdk.exe |
"{C12BABB0-D21E-40C1-8C4D-D975EDEFDC86}" = dir=in | app=c:\program files\windows live\messenger\msnmsgr.exe |
"TCP Query User{0C7F9D46-BCBE-4611-9913-FD99C7743C8A}C:\program files\icq6.5\icq.exe" = protocol=6 | dir=in | app=c:\program files\icq6.5\icq.exe |
"TCP Query User{1311AB3C-2939-4651-8CC5-D64B50AA3EE6}C:\program files\mozilla firefox\firefox.exe" = protocol=6 | dir=in | app=c:\program files\mozilla firefox\firefox.exe |
"UDP Query User{D1BB4FC8-38BC-453B-97BF-7887A06E73C4}C:\program files\icq6.5\icq.exe" = protocol=17 | dir=in | app=c:\program files\icq6.5\icq.exe |
"UDP Query User{FC95CEC0-9138-4F34-9445-5F8B3457279E}C:\program files\mozilla firefox\firefox.exe" = protocol=17 | dir=in | app=c:\program files\mozilla firefox\firefox.exe |
========== HKEY_LOCAL_MACHINE Uninstall List ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{002D9D5E-29BA-3E6D-9BC4-3D7D6DBC735C}" = Microsoft Visual C++ 2008 ATL Update kb973924 - x86 9.0.30729.4148
"{004C5DA2-2051-4D25-94BA-51CF810C91EB}" = LightScribe System Software 1.12.37.1
"{01F81577-D786-49D7-BAAF-B8A8B44CE251}" = ESU for Microsoft Vista SP1
"{03D1988F-469F-4843-8E6E-E5FE9D17889D}" = HP Integrated Module with Bluetooth wireless technology 6.0.1.6202
"{052FDD78-A6EA-3187-8386-C82F4CA3A929}" = Microsoft .NET Framework 3.5 Language Pack SP1 - deu
"{082702D5-5DD8-4600-BCE5-48B15174687F}" = HP Doc Viewer
"{084D80A0-A897-F435-CE63-A3A7CDB46D9A}" = CCC Help Danish
"{0E485D10-139A-21B6-471C-7856AF893F42}" = Catalyst Control Center Localization Spanish
"{0F98662A-EA83-414F-8766-3FCE46A32641}" = Credential Manager for HP ProtectTools
"{12D61C9C-5E84-47F0-BD81-A48DF61A86D7}" = Vista Default Settings
"{154E4F71-DFC0-4B31-8D99-F97615031B02}" = HP Webcam Application
"{196A2093-817C-7237-9FB8-7223FF8D3424}" = Catalyst Control Center Localization Portuguese
"{19C6BC99-B7D0-E36A-3F72-24501D2FF8F0}" = Catalyst Control Center Localization Thai
"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
"{205C6BDD-7B73-42DE-8505-9A093F35A238}" = Windows Live-Uploadtool
"{228C6B46-64E2-404E-898A-EF0830603EF4}" = HPNetworkAssistant
"{22B775E7-6C42-4FC5-8E10-9A5E3257BD94}" = MSVCRT
"{2462B5A9-CDE0-A51C-5646-6863B445B717}" = CCC Help Dutch
"{2472CC23-7C6E-F1A5-F439-B93CC198D0E2}" = Catalyst Control Center Graphics Light
"{254C37AA-6B72-4300-84F6-98A82419187E}" = Hewlett-Packard Active Check for Health Check
"{2614F54E-A828-49FA-93BA-45A3F756BFAA}" = 32 Bit HP CIO Components Installer
"{26A24AE4-039D-4CA4-87B4-2F83216013FF}" = Java(TM) 6 Update 13
"{27AB9B63-70B4-3444-7FE7-EAAF837286B6}" = Catalyst Control Center Localization Turkish
"{2ACA66D0-7C67-4235-90B5-7AB382FF8633}" = HP 3D DriveGuard
"{2B01122D-645A-7A29-5F98-025F3F920EEE}" = CCC Help Thai
"{2BA722D1-48D1-406E-9123-8AE5431D63EF}" = Windows Live Fotogalerie
"{2E8A56E1-8421-623F-7D27-5B0D64052D35}" = CCC Help Swedish
"{3032FE9D-1EF0-2B28-E28F-D14123A54091}" = CCC Help Norwegian
"{30BF4E6C-D866-46F7-A4F6-81A45E97706E}" = Catalyst Control Center - Branding
"{31216452-5540-4C96-B754-94890A63D5AB}" = HP Help and Support
"{3248F0A8-6813-11D6-A77B-00B0D0160060}" = Java(TM) 6 Update 6
"{32D95F2D-17A3-9457-667D-DC603227295F}" = ATI Catalyst Install Manager
"{34D2AB40-150D-475D-AE32-BD23FB5EE355}" = HP Quick Launch Buttons 6.40 E1
"{399C37FB-08AF-493B-BFED-20FBD85EDF7F}" = HP Webcam
"{3B4E636E-9D65-4D67-BA61-189800823F52}" = Windows Live Communications Platform
"{3C3901C5-3455-3E0A-A214-0B093A5070A6}" = Microsoft .NET Framework 4 Client Profile
"{3EFEF049-23D4-4B46-8903-4592FEA51018}" = Windows Live Movie Maker
"{3FE45683-E0A6-8887-BA46-93846D76A571}" = Catalyst Control Center Localization Japanese
"{41E654A9-26D0-4EAC-854B-0FA824FFFABB}" = Windows Live Messenger
"{420BBA1D-B275-4891-838C-EA88FE87A632}" = HP Customer Experience Enhancements
"{4B8CE04B-567D-A6D1-C8C3-55151585051A}" = Catalyst Control Center Localization Hungarian
"{4BBB1697-A0C0-C00D-CC3B-2A3D8D7ED8E1}" = CCC Help Czech
"{4BDBFEB0-784B-8FBB-E323-17F4B8C3450D}" = Catalyst Control Center Core Implementation
"{4CBA3D4C-8F51-4D60-B27E-F6B641C571E7}" = Microsoft Search Enhancement Pack
"{4DEB1738-EE2D-9415-B1F3-99FE75519BB8}" = Catalyst Control Center Localization Norwegian
"{52B97218-98CB-4B8B-9283-D213C85E1AA4}" = Windows Live Anmelde-Assistent
"{57F0ED40-8F11-41AA-B926-4A66D0D1A9CC}" = Microsoft Office Live Add-in 1.3
"{5D97A4A7-C274-4B63-86D9-07A33435F505}" = InterVideo DVD Check
"{5EE7D259-D137-4438-9A5F-42F432EC0421}" = VC80CRTRedist - 8.0.50727.4053
"{5FC68772-6D56-41C6-9DF1-24E868198AE6}" = Windows Live Call
"{5FEB063B-B9A0-7677-8D4B-5DE1397BBC7F}" = Catalyst Control Center Localization Swedish
"{6079977A-C216-0ED5-7E82-5E94A7683EB1}" = Catalyst Control Center Localization Chinese Traditional
"{609C59C0-2920-B88F-AC4E-8434CEEA093F}" = CCC Help Chinese Standard
"{60DE4033-9503-48D1-A483-7846BD217CA9}" = ICQ6.5
"{62A07DAC-EE36-7C2D-28D4-18A4B8F55EC9}" = Catalyst Control Center Localization Greek
"{669D4A35-146B-4314-89F1-1AC3D7B88367}" = Hewlett-Packard Asset Agent for Health Check
"{6716796A-DD6E-8B10-AF22-D30ECB25C682}" = CCC Help Portuguese
"{69333A04-5134-40A5-A055-9166A7AA1EC8}" =
"{6F854740-01D1-46A4-C809-D73B14F9FAA2}" = ccc-utility
"{70B7A167-0B88-445D-A3EA-97C73AA88CAC}" = Windows Live Toolbar
"{70CEFEBA-F757-4DBE-8A21-027C326137CE}" = HP Software Setup 5.00.A.7
"{7299052b-02a4-4627-81f2-1818da5d550d}" = Microsoft Visual C++ 2005 Redistributable
"{75D7BB3A-9AB7-4ad1-AD5E-0059B90C624B}" = HP ProtectTools Security Manager Suite
"{76618402-179D-4699-A66B-D351C59436BC}" = Windows Live Sync
"{770657D0-A123-3C07-8E44-1C83EC895118}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
"{789C97CE-9E17-4126-BDF4-11FF458BF705}" = File Sanitizer For HP ProtectTools
"{7BE6A272-9078-5035-FB61-D2D1C15D1EA0}" = Catalyst Control Center Localization Russian
"{8253DB6F-C883-93A4-435F-9526DC07C17F}" = CCC Help Italian
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{8A74E887-8F0F-4017-AF53-CBA42211AAA5}" = Microsoft Sync Framework Runtime Native v1.0 (x86)
"{8BB128BE-2670-485D-A221-B00715BCEBCF}" = HP Easy Setup - Frontend
"{8EC7AB5C-7128-B1CD-CA1D-74190D31313E}" = Catalyst Control Center Localization Chinese Standard
"{90120000-0015-0407-0000-0000000FF1CE}" = Microsoft Office Access MUI (German) 2007
"{90120000-0015-0407-0000-0000000FF1CE}_PROHYBRIDR_{9BD40163-B95D-4B07-8991-0AB775B6D88B}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0015-0409-0000-0000000FF1CE}" = Microsoft Office Access MUI (English) 2007
"{90120000-0015-0409-0000-0000000FF1CE}_PROHYBRIDR_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0015-040C-0000-0000000FF1CE}" = Microsoft Office Access MUI (French) 2007
"{90120000-0015-040C-0000-0000000FF1CE}_PROHYBRIDR_{AE187E0D-EBA5-4EE1-A397-BF1A577CB24C}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0015-0410-0000-0000000FF1CE}" = Microsoft Office Access MUI (Italian) 2007
"{90120000-0015-0410-0000-0000000FF1CE}_PROHYBRIDR_{71CCE0F1-A3B4-49C9-A328-1DABE845E0C4}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0015-0413-0000-0000000FF1CE}" = Microsoft Office Access MUI (Dutch) 2007
"{90120000-0015-0413-0000-0000000FF1CE}_PROHYBRIDR_{DC387AA5-94A6-4920-B004-D59846526D81}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0016-0407-0000-0000000FF1CE}" = Microsoft Office Excel MUI (German) 2007
"{90120000-0016-0407-0000-0000000FF1CE}_PROHYBRIDR_{9BD40163-B95D-4B07-8991-0AB775B6D88B}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0016-0409-0000-0000000FF1CE}" = Microsoft Office Excel MUI (English) 2007
"{90120000-0016-0409-0000-0000000FF1CE}_PROHYBRIDR_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0016-040C-0000-0000000FF1CE}" = Microsoft Office Excel MUI (French) 2007
"{90120000-0016-040C-0000-0000000FF1CE}_PROHYBRIDR_{AE187E0D-EBA5-4EE1-A397-BF1A577CB24C}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0016-0410-0000-0000000FF1CE}" = Microsoft Office Excel MUI (Italian) 2007
"{90120000-0016-0410-0000-0000000FF1CE}_PROHYBRIDR_{71CCE0F1-A3B4-49C9-A328-1DABE845E0C4}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0016-0413-0000-0000000FF1CE}" = Microsoft Office Excel MUI (Dutch) 2007
"{90120000-0016-0413-0000-0000000FF1CE}_PROHYBRIDR_{DC387AA5-94A6-4920-B004-D59846526D81}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0018-0407-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (German) 2007
"{90120000-0018-0407-0000-0000000FF1CE}_PROHYBRIDR_{9BD40163-B95D-4B07-8991-0AB775B6D88B}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0018-0409-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (English) 2007
"{90120000-0018-0409-0000-0000000FF1CE}_PROHYBRIDR_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0018-040C-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (French) 2007
"{90120000-0018-040C-0000-0000000FF1CE}_PROHYBRIDR_{AE187E0D-EBA5-4EE1-A397-BF1A577CB24C}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0018-0410-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (Italian) 2007
"{90120000-0018-0410-0000-0000000FF1CE}_PROHYBRIDR_{71CCE0F1-A3B4-49C9-A328-1DABE845E0C4}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0018-0413-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (Dutch) 2007
"{90120000-0018-0413-0000-0000000FF1CE}_PROHYBRIDR_{DC387AA5-94A6-4920-B004-D59846526D81}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0019-0407-0000-0000000FF1CE}" = Microsoft Office Publisher MUI (German) 2007
"{90120000-0019-0407-0000-0000000FF1CE}_PROHYBRIDR_{9BD40163-B95D-4B07-8991-0AB775B6D88B}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0019-0409-0000-0000000FF1CE}" = Microsoft Office Publisher MUI (English) 2007
"{90120000-0019-0409-0000-0000000FF1CE}_PROHYBRIDR_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0019-040C-0000-0000000FF1CE}" = Microsoft Office Publisher MUI (French) 2007
"{90120000-0019-040C-0000-0000000FF1CE}_PROHYBRIDR_{AE187E0D-EBA5-4EE1-A397-BF1A577CB24C}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0019-0410-0000-0000000FF1CE}" = Microsoft Office Publisher MUI (Italian) 2007
"{90120000-0019-0410-0000-0000000FF1CE}_PROHYBRIDR_{71CCE0F1-A3B4-49C9-A328-1DABE845E0C4}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0019-0413-0000-0000000FF1CE}" = Microsoft Office Publisher MUI (Dutch) 2007
"{90120000-0019-0413-0000-0000000FF1CE}_PROHYBRIDR_{DC387AA5-94A6-4920-B004-D59846526D81}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-001A-0407-0000-0000000FF1CE}" = Microsoft Office Outlook MUI (German) 2007
"{90120000-001A-0407-0000-0000000FF1CE}_PROHYBRIDR_{9BD40163-B95D-4B07-8991-0AB775B6D88B}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-001A-0409-0000-0000000FF1CE}" = Microsoft Office Outlook MUI (English) 2007
"{90120000-001A-0409-0000-0000000FF1CE}_PROHYBRIDR_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-001A-040C-0000-0000000FF1CE}" = Microsoft Office Outlook MUI (French) 2007
"{90120000-001A-040C-0000-0000000FF1CE}_PROHYBRIDR_{AE187E0D-EBA5-4EE1-A397-BF1A577CB24C}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-001A-0410-0000-0000000FF1CE}" = Microsoft Office Outlook MUI (Italian) 2007
"{90120000-001A-0410-0000-0000000FF1CE}_PROHYBRIDR_{71CCE0F1-A3B4-49C9-A328-1DABE845E0C4}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-001A-0413-0000-0000000FF1CE}" = Microsoft Office Outlook MUI (Dutch) 2007
"{90120000-001A-0413-0000-0000000FF1CE}_PROHYBRIDR_{DC387AA5-94A6-4920-B004-D59846526D81}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-001B-0407-0000-0000000FF1CE}" = Microsoft Office Word MUI (German) 2007
"{90120000-001B-0407-0000-0000000FF1CE}_PROHYBRIDR_{9BD40163-B95D-4B07-8991-0AB775B6D88B}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-001B-0409-0000-0000000FF1CE}" = Microsoft Office Word MUI (English) 2007
"{90120000-001B-0409-0000-0000000FF1CE}_PROHYBRIDR_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-001B-040C-0000-0000000FF1CE}" = Microsoft Office Word MUI (French) 2007
"{90120000-001B-040C-0000-0000000FF1CE}_PROHYBRIDR_{AE187E0D-EBA5-4EE1-A397-BF1A577CB24C}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-001B-0410-0000-0000000FF1CE}" = Microsoft Office Word MUI (Italian) 2007
"{90120000-001B-0410-0000-0000000FF1CE}_PROHYBRIDR_{71CCE0F1-A3B4-49C9-A328-1DABE845E0C4}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-001B-0413-0000-0000000FF1CE}" = Microsoft Office Word MUI (Dutch) 2007
"{90120000-001B-0413-0000-0000000FF1CE}_PROHYBRIDR_{DC387AA5-94A6-4920-B004-D59846526D81}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-001F-0401-0000-0000000FF1CE}" = Microsoft Office Proof (Arabic) 2007
"{90120000-001F-0401-0000-0000000FF1CE}_PROHYBRIDR_{14809F99-C601-4D4A-9391-F1E8FAA964C5}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-001F-0407-0000-0000000FF1CE}" = Microsoft Office Proof (German) 2007
"{90120000-001F-0407-0000-0000000FF1CE}_PROHYBRIDR_{A0516415-ED61-419A-981D-93596DA74165}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2007
"{90120000-001F-0409-0000-0000000FF1CE}_PROHYBRIDR_{ABDDE972-355B-4AF1-89A8-DA50B7B5C045}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2007
"{90120000-001F-040C-0000-0000000FF1CE}_PROHYBRIDR_{F580DDD5-8D37-4998-968E-EBB76BB86787}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-001F-0410-0000-0000000FF1CE}" = Microsoft Office Proof (Italian) 2007
"{90120000-001F-0410-0000-0000000FF1CE}_PROHYBRIDR_{322296D4-1EAE-4030-9FBC-D2787EB25FA2}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-001F-0413-0000-0000000FF1CE}" = Microsoft Office Proof (Dutch) 2007
"{90120000-001F-0413-0000-0000000FF1CE}_PROHYBRIDR_{D66D5A44-E480-4BA4-B4F2-C554F6B30EBB}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-001F-0C0A-0000-0000000FF1CE}" = Microsoft Office Proof (Spanish) 2007
"{90120000-001F-0C0A-0000-0000000FF1CE}_PROHYBRIDR_{187308AB-5FA7-4F14-9AB9-D290383A10D9}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-002C-0407-0000-0000000FF1CE}" = Microsoft Office Proofing (German) 2007
"{90120000-002C-0409-0000-0000000FF1CE}" = Microsoft Office Proofing (English) 2007
"{90120000-002C-040C-0000-0000000FF1CE}" = Microsoft Office Proofing (French) 2007
"{90120000-002C-0410-0000-0000000FF1CE}" = Microsoft Office Proofing (Italian) 2007
"{90120000-002C-0413-0000-0000000FF1CE}" = Microsoft Office Proofing (Dutch) 2007
"{90120000-006E-0407-0000-0000000FF1CE}" = Microsoft Office Shared MUI (German) 2007
"{90120000-006E-0407-0000-0000000FF1CE}_PROHYBRIDR_{26454C26-D259-4543-AA60-3189E09C5F76}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-006E-0409-0000-0000000FF1CE}" = Microsoft Office Shared MUI (English) 2007
"{90120000-006E-0409-0000-0000000FF1CE}_PROHYBRIDR_{DE5A002D-8122-4278-A7EE-3121E7EA254E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-006E-040C-0000-0000000FF1CE}" = Microsoft Office Shared MUI (French) 2007
"{90120000-006E-040C-0000-0000000FF1CE}_PROHYBRIDR_{B165D3C2-40AE-4D39-86F7-E5C87C4264C0}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-006E-0410-0000-0000000FF1CE}" = Microsoft Office Shared MUI (Italian) 2007
"{90120000-006E-0410-0000-0000000FF1CE}_PROHYBRIDR_{0A75DA12-55CB-4DE5-8B6A-74D97847204E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-006E-0413-0000-0000000FF1CE}" = Microsoft Office Shared MUI (Dutch) 2007
"{90120000-006E-0413-0000-0000000FF1CE}_PROHYBRIDR_{89C8E56A-90D8-4598-B0E6-EB28F6270E07}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0115-0409-0000-0000000FF1CE}" = Microsoft Office Shared Setup Metadata MUI (English) 2007
"{90120000-0115-0409-0000-0000000FF1CE}_PROHYBRIDR_{DE5A002D-8122-4278-A7EE-3121E7EA254E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0117-0409-0000-0000000FF1CE}" = Microsoft Office Access Setup Metadata MUI (English) 2007
"{90120000-0117-0409-0000-0000000FF1CE}_PROHYBRIDR_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{91120000-0031-0000-0000-0000000FF1CE}" = Microsoft Office Professional Hybrid 2007
"{91120000-0031-0000-0000-0000000FF1CE}_PROHYBRIDR_{0B36C6D6-F5D8-4EAF-BF94-4376A230AD5B}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{91120000-0031-0000-0000-0000000FF1CE}_PROHYBRIDR_{3D019598-7B59-447A-80AE-815B703B84FF}" = Security Update for Microsoft Office system 2007 (972581)
"{91810AFC-A4F8-4EBA-A5AA-B198BBC81144}" = InterVideo WinDVD
"{9320B364-EF7F-90E6-63F8-C58EEB9AE517}" = Catalyst Control Center Graphics Full New
"{95120000-00B9-0409-0000-0000000FF1CE}" = Microsoft Application Error Reporting
"{95120000-0122-0407-0000-0000000FF1CE}" = Microsoft Office Outlook Connector
"{959B8759-D31A-CE42-6BA1-A8F7812C040B}" = CCC Help Finnish
"{959BAC64-7722-EBD6-660E-C74ED44CA0D3}" = Catalyst Control Center Localization Danish
"{99A5C123-2741-45BA-276A-8BDA52303CAD}" = CCC Help German
"{99E862CC-6F69-4D39-99AA-DBF71BF3B585}" = OpenOffice.org 3.1
"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
"{9ADABDDE-9644-461B-9E73-83FA3EFCAB50}" = HP Wireless Assistant
"{9CDB5063-D699-42BA-9135-7B8C4ECAC856}" = BIOS Configuration for HP ProtectTools
"{9DEE62F7-3C8A-A6E8-6D00-99BB99B0A19C}" = CCC Help French
"{9E2CCD5E-1990-4EF2-9B61-32F0BBACC29B}" = HP Active Support Library
"{A3EB6C7C-F959-9258-3A35-2A6EDB9CA176}" = CCC Help Hungarian
"{A4B50564-9B8D-49DF-4A90-C6EC349A6538}" = Catalyst Control Center Localization Korean
"{A55C2FF6-4217-F05B-E603-0544CB9EBD93}" = Catalyst Control Center Localization French
"{AC194855-F7AC-4D04-B4C9-07BA46FCB697}" = ActivClient 6.1 x86
"{B076BAB8-B78C-053A-FAC2-0A9CCD802E0A}" = CCC Help Korean
"{B1508FDD-AFC7-373B-8B96-6A6BEC48A9A8}" = Catalyst Control Center Localization Polish
"{B3B36E34-2E5A-20E8-AF99-A2D40E84CC6F}" = CCC Help Turkish
"{B4092C6D-E886-4CB2-BA68-FE5A88D31DE6}_is1" = Spybot - Search & Destroy
"{B57BC333-F983-C25E-4C04-834548DF8607}" = Catalyst Control Center Localization Italian
"{B79DB290-9F72-4B20-9776-848D7832705B}" = HP User Guides 0108
"{BD64AF4A-8C80-4152-AD77-FCDDF05208AB}" = Microsoft Sync Framework Services Native v1.0 (x86)
"{BECF6C08-ED85-7F05-E2CD-43A18DA0B3D7}" = CCC Help Spanish
"{BEEA5BCB-CCA1-6FBA-764C-625239FE0F50}" = CCC Help Polish
"{C09C13C7-B636-01CC-D5A1-A7411F858891}" = Catalyst Control Center Localization Czech
"{C19BD21C-AF1A-CBC1-3B73-938B37F6B0E6}" = CCC Help Chinese Traditional
"{C4D738F7-996A-4C81-B8FA-C4E26D767E41}" = Windows Live Mail
"{C8FD5BC1-92EF-4C15-92A9-F9AC7F61985F}" = HP Update
"{C9EF2D75-ECB0-602D-6700-977702AD7CCF}" = Catalyst Control Center Graphics Full Existing
"{CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}" = Microsoft .NET Framework 1.1
"{CBC24502-5EB5-45B6-9E56-E6A2F6AFA367}" = HP JavaCard for HP ProtectTools
"{CC8128C5-EC9A-0167-65F5-305E78F1A535}" = CCC Help Russian
"{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1
"{D0FF1E97-85BA-C735-1D4C-636293B0E9F0}" = CCC Help Greek
"{D103C4BA-F905-437A-8049-DB24763BBE36}" = Skype™ 4.1
"{D405A9E1-5D02-46FB-A2B3-796F1F218B32}" = HP ProtectTools Security Manager
"{D4C5185C-A8DF-8466-FE8A-1692E08ECBF7}" = Skins
"{D7FD9036-5EE1-A970-B981-BF46AF433380}" = Catalyst Control Center Localization German
"{E0A4805D-280A-4DD7-9E74-3A5F85E302A1}" = Windows Live Writer
"{E2DFE069-083E-4631-9B6C-43C48E991DE5}" = Junk Mail filter update
"{EF3C3C9A-C96B-051E-99D1-72D7CE823DA8}" = ccc-core-static
"{F0A37341-D692-11D4-A984-009027EC0A9C}" = SoundMAX
"{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}" = Microsoft SQL Server 2005 Compact Edition [ENU]
"{F0E12BBA-AD66-4022-A453-A1C8A0C4D570}" = Microsoft Choice Guard
"{F1362843-0E0E-4F74-8662-724CF101ADCE}" = Skype web features
"{F173C2B3-296F-458C-98FF-1676A42EBA02}" = HP Wallpaper
"{F18DB86D-BC16-4E01-BCCE-63F62B931D82}" = InterVideo Register Manager
"{F46CBAC2-20F4-98DA-D890-81F4DE2BF3BA}" = Catalyst Control Center Localization Finnish
"{F545FAC8-4D05-229A-E1A3-3DF671518DC3}" = CCC Help English
"{F657EF23-08BB-4C8D-B688-78C20FA657EA}" = Drive Encryption for HP ProtectTools
"{F750C986-5310-3A5A-95F8-4EC71C8AC01C}" = Microsoft .NET Framework 4 Client Profile DEU Language Pack
"{F8FF18EE-264A-43FD-B2F6-5EAD40798C2F}" = Windows Live Essentials
"{FF165D48-1562-B757-E006-69197226E903}" = CCC Help Japanese
"{FFCA8569-F139-54BF-A9EF-092A3DFDFB4B}" = Catalyst Control Center Localization Dutch
"Adobe Flash Player ActiveX" = Adobe Flash Player ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 10 Plugin
"Agere Systems Soft Modem" = Agere Systems HDA Modem
"AOL Toolbar" = AOL Toolbar 5.0
"Avira AntiVir Desktop" = Avira Premium Security Suite
"DivX Setup.divx.com" = DivX-Setup
"ICQToolbar" = ICQ Toolbar
"Lexmark i3" = Lexmark i3
"Malwarebytes' Anti-Malware_is1" = Malwarebytes' Anti-Malware
"Microsoft .NET Framework 1.1 (1033)" = Microsoft .NET Framework 1.1
"Microsoft .NET Framework 3.5 Language Pack SP1 - deu" = Microsoft .NET Framework 3.5 Language Pack SP1 - DEU
"Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1
"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile
"Microsoft .NET Framework 4 Client Profile DEU Language Pack" = Microsoft .NET Framework 4 Client Profile DEU Language Pack
"Mozilla Firefox (3.5.11)" = Mozilla Firefox (3.5.11)
"PDF Complete" = PDF Complete
"PokerStars" = PokerStars
"PROHYBRIDR" = 2007 Microsoft Office system
"SynTPDeinstKey" = Synaptics Pointing Device Driver
"Veetle TV" = Veetle TV 0.9.16
"WinLiveSuite_Wave3" = Windows Live Essentials
========== Last 10 Event Log Errors ==========
[ Application Events ]
Error - 09.09.2010 05:00:19 | Computer Name = Zauberfee-PC | Source = WinMgmt | ID = 10
Description =
Error - 09.09.2010 05:03:09 | Computer Name = Zauberfee-PC | Source = Application Error | ID = 1000
Description = Fehlerhafte Anwendung CCC.exe, Version 2.0.0.0, Zeitstempel 0x469cdc9c,
fehlerhaftes Modul mscorwks.dll, Version 2.0.50727.3615, Zeitstempel 0x4be902c7,
Ausnahmecode 0xc0000005, Fehleroffset 0x00097dda, Prozess-ID 0xŒC ŒC , Anwendungsstartzeit
ŒC ŒC .
Error - 09.09.2010 06:52:05 | Computer Name = Zauberfee-PC | Source = WinMgmt | ID = 10
Description =
Error - 09.09.2010 06:55:03 | Computer Name = Zauberfee-PC | Source = Application Error | ID = 1000
Description = Fehlerhafte Anwendung CCC.exe, Version 2.0.0.0, Zeitstempel 0x469cdc9c,
fehlerhaftes Modul mscorwks.dll, Version 2.0.50727.3615, Zeitstempel 0x4be902c7,
Ausnahmecode 0xc0000005, Fehleroffset 0x00097dda, Prozess-ID 0x O O , Anwendungsstartzeit
O O .
Error - 09.09.2010 06:56:05 | Computer Name = Zauberfee-PC | Source = Application Error | ID = 1000
Description = Fehlerhafte Anwendung CCC.exe, Version 2.0.0.0, Zeitstempel 0x469cdc9c,
fehlerhaftes Modul mscorwks.dll, Version 2.0.50727.3615, Zeitstempel 0x4be902c7,
Ausnahmecode 0xc0000005, Fehleroffset 0x00097dda, Prozess-ID 0x137c, Anwendungsstartzeit
01cb500d562fb097.
Error - 09.09.2010 07:07:39 | Computer Name = Zauberfee-PC | Source = Application Error | ID = 1000
Description = Fehlerhafte Anwendung AsGHost.exe, Version 3.0.0.61, Zeitstempel 0x4833c92a,
fehlerhaftes Modul ItSSO.dll, Version 3.0.0.464, Zeitstempel 0x4833c998, Ausnahmecode
0xc0000005, Fehleroffset 0x0001f29a, Prozess-ID 0xf18, Anwendungsstartzeit 01cb500d140ffc67.
Error - 09.09.2010 08:34:32 | Computer Name = Zauberfee-PC | Source = WinMgmt | ID = 10
Description =
Error - 09.09.2010 08:37:34 | Computer Name = Zauberfee-PC | Source = WinMgmt | ID = 10
Description =
Error - 09.09.2010 08:44:32 | Computer Name = Zauberfee-PC | Source = ESENT | ID = 215
Description = WinMail (4464) WindowsMail0: Die Sicherung wurde abgebrochen, weil
sie vom Client angehalten wurde, oder weil die Verbindung mit dem Client unterbrochen
wurde.
Error - 09.09.2010 08:46:06 | Computer Name = Zauberfee-PC | Source = Application Error | ID = 1000
Description = Fehlerhafte Anwendung CCC.exe, Version 2.0.0.0, Zeitstempel 0x469cdc9c,
fehlerhaftes Modul mscorwks.dll, Version 2.0.50727.4016, Zeitstempel 0x49cc5b00,
Ausnahmecode 0xc0000005, Fehleroffset 0x000d3a0a, Prozess-ID 0x,Y ,Y , Anwendungsstartzeit
,Y ,Y .
[ Credential Manager Events ]
Error - 05.06.2010 16:36:17 | Computer Name = Zauberfee-PC | Source = AuthServer | ID = 100811779
Description = The system failed to authenticate the submitted user credentials. Benutzer:
Zauberfee@Zauberfee-PC Client-GUID: {Password} Fehler: 0xC516020B Client-Host: localhost
Client-Adresse:
127.0.0.1 Authentifizierungsstelle: HP Server-Host: localhost Protokoll: HTTP
Error - 05.06.2010 16:36:17 | Computer Name = Zauberfee-PC | Source = AuthWiz | ID = 100796068
Description = The submitted credentials were rejected. Benutzer: Zauberfee@Zauberfee-PC
Anmeldeinformationen:
Kennwort Fehler: (0xC516020B) Anmeldung fehlgeschlagen. Überprüfen Sie, ob Benutzername
und Domäne korrekt sind, und geben Sie Ihr Kennwort erneut ein. Bei Kennwörtern
wird die Groß- und Kleinschreibung beachtet. Stellen Sie sicher, dass die Feststelltaste
nicht aktiviert ist.
Error - 26.06.2010 16:17:53 | Computer Name = Zauberfee-PC | Source = AuthServer | ID = 100811779
Description = The system failed to authenticate the submitted user credentials. Benutzer:
Zauberfee@Zauberfee-PC Client-GUID: {Password} Fehler: 0xC516020B Client-Host: localhost
Client-Adresse:
127.0.0.1 Authentifizierungsstelle: HP Server-Host: localhost Protokoll: HTTP
Error - 26.06.2010 16:17:53 | Computer Name = Zauberfee-PC | Source = AuthWiz | ID = 100796068
Description = The submitted credentials were rejected. Benutzer: Zauberfee@Zauberfee-PC
Anmeldeinformationen:
Kennwort Fehler: (0xC516020B) Anmeldung fehlgeschlagen. Überprüfen Sie, ob Benutzername
und Domäne korrekt sind, und geben Sie Ihr Kennwort erneut ein. Bei Kennwörtern
wird die Groß- und Kleinschreibung beachtet. Stellen Sie sicher, dass die Feststelltaste
nicht aktiviert ist.
Error - 05.07.2010 07:36:17 | Computer Name = Zauberfee-PC | Source = AuthServer | ID = 100811779
Description = The system failed to authenticate the submitted user credentials. Benutzer:
Zauberfee@Zauberfee-PC Client-GUID: {Password} Fehler: 0xC516020B Client-Host: localhost
Client-Adresse:
127.0.0.1 Authentifizierungsstelle: HP Server-Host: localhost Protokoll: HTTP
Error - 05.07.2010 07:36:17 | Computer Name = Zauberfee-PC | Source = AuthWiz | ID = 100796068
Description = The submitted credentials were rejected. Benutzer: Zauberfee@Zauberfee-PC
Anmeldeinformationen:
Kennwort Fehler: (0xC516020B) Anmeldung fehlgeschlagen. Überprüfen Sie, ob Benutzername
und Domäne korrekt sind, und geben Sie Ihr Kennwort erneut ein. Bei Kennwörtern
wird die Groß- und Kleinschreibung beachtet. Stellen Sie sicher, dass die Feststelltaste
nicht aktiviert ist.
[ System Events ]
Error - 03.10.2009 16:56:15 | Computer Name = Zauberfee-PC | Source = Microsoft-Windows-LanguagePackSetup | ID = 1001
Description =
Error - 03.10.2009 16:56:31 | Computer Name = Zauberfee-PC | Source = Service Control Manager | ID = 7000
Description =
Error - 04.10.2009 04:15:47 | Computer Name = Zauberfee-PC | Source = HTTP | ID = 15016
Description =
Error - 04.10.2009 04:16:25 | Computer Name = Zauberfee-PC | Source = Microsoft-Windows-LanguagePackSetup | ID = 1001
Description =
Error - 04.10.2009 04:17:14 | Computer Name = Zauberfee-PC | Source = Service Control Manager | ID = 7000
Description =
Error - 05.10.2009 07:26:07 | Computer Name = Zauberfee-PC | Source = HTTP | ID = 15016
Description =
Error - 05.10.2009 07:26:55 | Computer Name = Zauberfee-PC | Source = Microsoft-Windows-LanguagePackSetup | ID = 1001
Description =
Error - 05.10.2009 07:27:20 | Computer Name = Zauberfee-PC | Source = Service Control Manager | ID = 7000
Description =
Error - 05.10.2009 09:43:01 | Computer Name = Zauberfee-PC | Source = HTTP | ID = 15016
Description =
Error - 05.10.2009 09:43:39 | Computer Name = Zauberfee-PC | Source = Microsoft-Windows-LanguagePackSetup | ID = 1001
Description =
< End of report >
|
|
09.09.2010, 14:39
| #7 |
| /// Malware-holic | Malwarebytes-Scan-Ergebnisse LOG-Datei......wer kann helfen? Wie soll ich fortfahren? na davon gehe ich auf jeden fall mal aus. bitte erstelle und poste ein combofix log. Ein Leitfaden und Tutorium zur Nutzung von ComboFix |
|
10.09.2010, 00:39
| #8 |
| | Malwarebytes-Scan-Ergebnisse LOG-Datei......wer kann helfen? Wie soll ich fortfahren? Folgendes ist passiert: ich habe combofix runtergeladen und geöffnet.......soweit alles gut....dann öffnete sich ein blaues fenster. "Suche nach infizierten Dateien"......dauert 10 Minuten.....bei stark infizierten kanns länger gehen. Auf einmal wird der Bildschirm schwarz und bissel blau unten am Rand und der Computer stürzt ab und startet umgehend wieder neu. Habs paar mal versucht.... WAS SOLL ICH MACHEN ??? Dann kommt folgende Meldung von windows Problemsignatur: Problemereignisname: BlueScreen Betriebsystemversion: 6.0.6002.2.2.0.768.2 Gebietsschema-ID: 1031 Zusatzinformationen zum Problem: BCCode: 7a BCP1: C0440688 BCP2: C0000185 BCP3: 5A55C860 BCP4: 880D18B3 OS Version: 6_0_6002 Service Pack: 2_0 Product: 768_1 Dateien, die bei der Beschreibung des Problems hilfreich sind: C:\Windows\Minidump\Mini091010-02.dmp C:\Users\Zauberfee\AppData\Local\Temp\WER-107609-0.sysdata.xml C:\Users\Zauberfee\AppData\Local\Temp\WER2AA8.tmp.version.txt So n scheiß......was mach ich falsch mit diesem Combofix??? Ich habe davor das Antivirus deaktiviert so wie es in der Anleitung stand... wo liegt das Problem? |
|
10.09.2010, 10:37
| #9 |
| /// Malware-holic | Malwarebytes-Scan-Ergebnisse LOG-Datei......wer kann helfen? Wie soll ich fortfahren? nichts. kannst du es im abgesicherten modus versuchen, sollte beim pc start durch betätigen der f8-taste zu erreichen sein. dann abges.modus mit netzwerk wählen und erneut probieren. |
|
13.09.2010, 20:04
| #10 |
| | Malwarebytes-Scan-Ergebnisse LOG-Datei......wer kann helfen? Wie soll ich fortfahren? Also das mit Combofix klappt leider nicht....auch wenn ichs im abgesicherten modus versuche, stürzt der pc ab und fährt neu hoch. ich habe jetzt einfach mal weitergemacht mit malwarebytes.....Folgendes kam dabei raus: Malwarebytes' Anti-Malware 1.46 www.malwarebytes.org Datenbank Version: 4588 Windows 6.0.6002 Service Pack 2 Internet Explorer 7.0.6002.18005 11.09.2010 01:43:15 mbam-log-2010-09-11 (01-43-15).txt Art des Suchlaufs: Vollständiger Suchlauf (C:\|D:\|F:\|) Durchsuchte Objekte: 292112 Laufzeit: 1 Stunde(n), 55 Minute(n), 4 Sekunde(n) Infizierte Speicherprozesse: 0 Infizierte Speichermodule: 0 Infizierte Registrierungsschlüssel: 0 Infizierte Registrierungswerte: 0 Infizierte Dateiobjekte der Registrierung: 0 Infizierte Verzeichnisse: 0 Infizierte Dateien: 1 Infizierte Speicherprozesse: (Keine bösartigen Objekte gefunden) Infizierte Speichermodule: (Keine bösartigen Objekte gefunden) Infizierte Registrierungsschlüssel: (Keine bösartigen Objekte gefunden) Infizierte Registrierungswerte: (Keine bösartigen Objekte gefunden) Infizierte Dateiobjekte der Registrierung: (Keine bösartigen Objekte gefunden) Infizierte Verzeichnisse: (Keine bösartigen Objekte gefunden) Infizierte Dateien: C:\Users\Zauberfee\AppData\Roaming\A72302177F1C79EDD227F5C974FD260B\mediafix70700en02.exe (Malware.Packer.Gen) -> Quarantined and deleted successfully. und heute: Malwarebytes' Anti-Malware 1.46 www.malwarebytes.org Datenbank Version: 4594 Windows 6.0.6002 Service Pack 2 Internet Explorer 7.0.6002.18005 13.09.2010 18:02:40 mbam-log-2010-09-13 (18-02-40).txt Art des Suchlaufs: Quick-Scan Durchsuchte Objekte: 141251 Laufzeit: 14 Minute(n), 26 Sekunde(n) Infizierte Speicherprozesse: 0 Infizierte Speichermodule: 0 Infizierte Registrierungsschlüssel: 0 Infizierte Registrierungswerte: 0 Infizierte Dateiobjekte der Registrierung: 0 Infizierte Verzeichnisse: 0 Infizierte Dateien: 0 Infizierte Speicherprozesse: (Keine bösartigen Objekte gefunden) Infizierte Speichermodule: (Keine bösartigen Objekte gefunden) Infizierte Registrierungsschlüssel: (Keine bösartigen Objekte gefunden) Infizierte Registrierungswerte: (Keine bösartigen Objekte gefunden) Infizierte Dateiobjekte der Registrierung: (Keine bösartigen Objekte gefunden) Infizierte Verzeichnisse: (Keine bösartigen Objekte gefunden) Infizierte Dateien: (Keine bösartigen Objekte gefunden) wie soll ich fortfahren....gehts auch ohne dieses combofix??? ist der pc jetz sauber oder noch infiziert??? Danke für die Hilfe !!! |
|
13.09.2010, 20:13
| #11 |
| /// Malware-holic | Malwarebytes-Scan-Ergebnisse LOG-Datei......wer kann helfen? Wie soll ich fortfahren? bittemach mal n Malwarebytes update und dann nen komplett scan. |
|
15.09.2010, 12:31
| #12 |
| | Malwarebytes-Scan-Ergebnisse LOG-Datei......wer kann helfen? Wie soll ich fortfahren? Hallo ??? Hilfe ??? |
|
15.09.2010, 12:33
| #13 |
| | Malwarebytes-Scan-Ergebnisse LOG-Datei......wer kann helfen? Wie soll ich fortfahren? AHA OK....ja mach ich.... |
|
15.09.2010, 12:33
| #14 |
| | Malwarebytes-Scan-Ergebnisse LOG-Datei......wer kann helfen? Wie soll ich fortfahren? ok.....werd ich machen |
|
15.09.2010, 12:34
| #15 |
| /// Malware-holic | Malwarebytes-Scan-Ergebnisse LOG-Datei......wer kann helfen? Wie soll ich fortfahren? wie hallo hilfe? da steht doch was du machen sollst dann neue otl logs posten. |
|
| Themen zu Malwarebytes-Scan-Ergebnisse LOG-Datei......wer kann helfen? Wie soll ich fortfahren? |
| anti-malware, antimalware, appdata, bösartige, dateien, einfach, eingefangen, explorer, gefangen, launch, microsoft, minute, process, programdata, roaming, rogue.antimalwaredoctor, runonce, service, software, start, start menu, startup, stelle, troja, trojan.agent.ge, trojaner, version, verzeichnisse, verzweifle, wenig |
Linear-Darstellung
