| |
| |||||||
Plagegeister aller Art und deren Bekämpfung: explorer.exe (TR/Spy.2614272.4) und wininit.exe (TR/Spy96256.33) bereiten ProblemeWindows 7 Wenn Du nicht sicher bist, ob Du dir Malware oder Trojaner eingefangen hast, erstelle hier ein Thema. Ein Experte wird sich mit weiteren Anweisungen melden und Dir helfen die Malware zu entfernen oder Unerwünschte Software zu deinstallieren bzw. zu löschen. Bitte schildere dein Problem so genau wie möglich. Sollte es ein Trojaner oder Viren Problem sein wird ein Experte Dir bei der Beseitigug der Infektion helfen. |
 |
22.10.2010, 14:41
| #16 |
| /// Winkelfunktion /// TB-Süch-Tiger™   |  explorer.exe (TR/Spy.2614272.4) und wininit.exe (TR/Spy96256.33) bereiten Probleme Häh? Ich schrieb was von nicht aktuellem Malwarebytes und Du postest mit (neue) OTL-Logs! 
__________________ Logfiles bitte immer in CODE-Tags posten  |
|
22.10.2010, 17:04
| #17 |
 | explorer.exe (TR/Spy.2614272.4) und wininit.exe (TR/Spy96256.33) bereiten Probleme Malwarebytes' Anti-Malware 1.46
__________________Malwarebytes Datenbank Version: 4907 Windows 6.1.7600 Internet Explorer 8.0.7600.16385 22.10.2010 18:02:25 mbam-log-2010-10-22 (18-02-25).txt Art des Suchlaufs: Vollständiger Suchlauf (C:\|F:\|G:\|H:\|) Durchsuchte Objekte: 364336 Laufzeit: 6 Stunde(n), 42 Minute(n), 35 Sekunde(n) Infizierte Speicherprozesse: 0 Infizierte Speichermodule: 0 Infizierte Registrierungsschlüssel: 0 Infizierte Registrierungswerte: 4 Infizierte Dateiobjekte der Registrierung: 0 Infizierte Verzeichnisse: 0 Infizierte Dateien: 16 Infizierte Speicherprozesse: (Keine bösartigen Objekte gefunden) Infizierte Speichermodule: (Keine bösartigen Objekte gefunden) Infizierte Registrierungsschlüssel: (Keine bösartigen Objekte gefunden) Infizierte Registrierungswerte: HKEY_CURRENT_USER\Software\Microsoft\bk (Malware.Trace) -> Quarantined and deleted successfully. HKEY_CURRENT_USER\Software\Microsoft\idln2 (Malware.Trace) -> Quarantined and deleted successfully. HKEY_CURRENT_USER\SOFTWARE\24d1ca9a-a864-4f7b-86fe-495eb56529d8 (Malware.Trace) -> Quarantined and deleted successfully. HKEY_CURRENT_USER\SOFTWARE\7bde84a2-f58f-46ec-9eac-f1f90fead080 (Malware.Trace) -> Quarantined and deleted successfully. Infizierte Dateiobjekte der Registrierung: (Keine bösartigen Objekte gefunden) Infizierte Verzeichnisse: (Keine bösartigen Objekte gefunden) Infizierte Dateien: F:\Dokumente und Einstellungen\Mudimu\Lokale Einstellungen\Temp\pdfupd.exe (Spyware.Zbot) -> Quarantined and deleted successfully. F:\Dokumente und Einstellungen\Mudimu\Lokale Einstellungen\Temp\0.9923040617720125.exe (Spyware.Zbot) -> Quarantined and deleted successfully. F:\Dokumente und Einstellungen\Mudimu\Lokale Einstellungen\Temporary Internet Files\Content.IE5\OAPJ55MD\myexebr[1].exe (Spyware.Zbot) -> Quarantined and deleted successfully. F:\Users\Mudimu\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\7Z3ECLUH\1143001287[1].tmp (Spyware.Passwords.XGen) -> Quarantined and deleted successfully. F:\Users\Mudimu\AppData\Local\Temp\eapp32hst.dll (Trojan.FakeAV) -> Quarantined and deleted successfully. F:\Users\Mudimu\AppData\Local\Temp\topwesitjh (Trojan.FakeAlert) -> Quarantined and deleted successfully. F:\Users\Mudimu\AppData\Local\Temp\tvr.exe (Worm.Palevo) -> Quarantined and deleted successfully. F:\Users\Mudimu\AppData\Roaming\Microsoft\Windows\Templates\memory.tmp (Spyware.Passwords.XGen) -> Quarantined and deleted successfully. F:\Windows.old\Windows\system32\sdra64.exe (Spyware.Zbot) -> Quarantined and deleted successfully. F:\Windows.old\Windows\Temp\22D.tmp (Rootkit.TDSS.Gen) -> Quarantined and deleted successfully. F:\Windows.old\Windows\Temp\306.tmp (Rootkit.TDSS.Gen) -> Quarantined and deleted successfully. F:\Windows.old\Windows\Temp\379.tmp (Rootkit.TDSS.Gen) -> Quarantined and deleted successfully. F:\Users\Mudimu\AppData\Roaming\jsfhjjsd.bat (Malware.Trace) -> Quarantined and deleted successfully. F:\Users\Public\Documents\Server\admin.txt (Malware.Trace) -> Quarantined and deleted successfully. F:\Users\Public\Documents\Server\server.dat (Malware.Trace) -> Quarantined and deleted successfully. F:\Users\Mudimu\AppData\Roaming\dsfsds.bat (Malware.Trace) -> Quarantined and deleted successfully. |
|
22.10.2010, 17:14
| #18 |
| | explorer.exe (TR/Spy.2614272.4) und wininit.exe (TR/Spy96256.33) bereiten Probleme OTL EXTRAS Logfile:
__________________Code:
ATTFilter OTL Extras logfile created on: 22.10.2010 18:04:33 - Run 2
OTL by OldTimer - Version 3.2.16.0 Folder = F:\Users\Mudimu\Downloads
An unknown product (Version = 6.1.7600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.7600.16385)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
1.023,00 Mb Total Physical Memory | 461,00 Mb Available Physical Memory | 45,00% Memory free
2,00 Gb Paging File | 1,00 Gb Available in Paging File | 55,00% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
%SystemDrive% = F: | %SystemRoot% = F:\Windows | %ProgramFiles% = F:\Program Files
Drive C: | 2,00 Gb Total Space | 0,01 Gb Free Space | 0,64% Space Free | Partition Type: NTFS
Drive F: | 97,65 Gb Total Space | 7,41 Gb Free Space | 7,58% Space Free | Partition Type: NTFS
Drive G: | 24,41 Gb Total Space | 0,02 Gb Free Space | 0,07% Space Free | Partition Type: NTFS
Drive H: | 11,72 Gb Total Space | 10,46 Gb Free Space | 89,26% Space Free | Partition Type: NTFS
Computer Name: MUDIMU-PC | User Name: Mudimu | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
========== Extra Registry (SafeList) ==========
========== File Associations ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- F:\Windows\System32\control.exe (Microsoft Corporation)
.hlp [@ = hlpfile] -- F:\Windows\winhlp32.exe (Microsoft Corporation)
[HKEY_CURRENT_USER\SOFTWARE\Classes\<extension>]
.html [@ = FirefoxHTML] -- F:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation)
========== Shell Spawning ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
hlpfile [open] -- %SystemRoot%\winhlp32.exe %1 (Microsoft Corporation)
http [open] -- Reg Error: Key error.
https [open] -- Reg Error: Key error.
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l (Microsoft Corporation)
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
========== Security Center Settings ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"VistaSp1" = Reg Error: Unknown registry data type -- File not found
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]
========== Firewall Settings ==========
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
========== Authorized Applications List ==========
========== HKEY_LOCAL_MACHINE Uninstall List ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{048298C9-A4D3-490B-9FF9-AB023A9238F3}" = Steam
"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
"{205C6BDD-7B73-42DE-8505-9A093F35A238}" = Windows Live-Uploadtool
"{22B775E7-6C42-4FC5-8E10-9A5E3257BD94}" = MSVCRT
"{26A24AE4-039D-4CA4-87B4-2F83216018FF}" = Java(TM) 6 Update 18
"{2BD2FA21-B51D-4F01-94A7-AC16737B2163}" = Adobe Flash Player 10 ActiveX
"{2CE5A2E7-3437-4CE7-BCF4-85ED6EEFF9E4}" = iTunes
"{3175E049-F9A9-4A3D-8F19-AC9FB04514D1}" = Windows Live Communications Platform
"{3C3901C5-3455-3E0A-A214-0B093A5070A6}" = Microsoft .NET Framework 4 Client Profile
"{452473D3-1D26-4E61-8060-3B216620D60C}_is1" = Fahren Lernen Offline 1.2
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{52B97218-98CB-4B8B-9283-D213C85E1AA4}" = Windows Live Anmelde-Assistent
"{5EE7D259-D137-4438-9A5F-42F432EC0421}" = VC80CRTRedist - 8.0.50727.4053
"{69FDFBB6-351D-4B8C-89D8-867DC9D0A2A4}" = Windows Media Player Firefox Plugin
"{770657D0-A123-3C07-8E44-1C83EC895118}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{8E5233E1-7495-44FB-8DEB-4BE906D59619}" = Junk Mail filter update
"{90120000-001F-0407-0000-0000000FF1CE}" = Microsoft Office Proof (German) 2007
"{90120000-001F-0407-0000-0000000FF1CE}_VISPRO_{A0516415-ED61-419A-981D-93596DA74165}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2007
"{90120000-001F-0409-0000-0000000FF1CE}_GROOVE_{ABDDE972-355B-4AF1-89A8-DA50B7B5C045}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-001F-0409-0000-0000000FF1CE}_VISPRO_{ABDDE972-355B-4AF1-89A8-DA50B7B5C045}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2007
"{90120000-001F-040C-0000-0000000FF1CE}_GROOVE_{F580DDD5-8D37-4998-968E-EBB76BB86787}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-001F-040C-0000-0000000FF1CE}_VISPRO_{F580DDD5-8D37-4998-968E-EBB76BB86787}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-001F-0410-0000-0000000FF1CE}" = Microsoft Office Proof (Italian) 2007
"{90120000-001F-0410-0000-0000000FF1CE}_VISPRO_{322296D4-1EAE-4030-9FBC-D2787EB25FA2}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-001F-0C0A-0000-0000000FF1CE}" = Microsoft Office Proof (Spanish) 2007
"{90120000-001F-0C0A-0000-0000000FF1CE}_GROOVE_{187308AB-5FA7-4F14-9AB9-D290383A10D9}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-0020-0409-0000-0000000FF1CE}" = Compatibility Pack for the 2007 Office system
"{90120000-002C-0407-0000-0000000FF1CE}" = Microsoft Office Proofing (German) 2007
"{90120000-002C-0409-0000-0000000FF1CE}" = Microsoft Office Proofing (English) 2007
"{90120000-0051-0000-0000-0000000FF1CE}" = Microsoft Office Visio Professional 2007
"{90120000-0051-0000-0000-0000000FF1CE}_VISPRO_{0FD405D3-CAF8-4CA6-8BFD-911D2F8A6585}" = Microsoft Office Visio 2007 Service Pack 2 (SP2)
"{90120000-0051-0000-0000-0000000FF1CE}_VISPRO_{3D019598-7B59-447A-80AE-815B703B84FF}" = Security Update for Microsoft Office system 2007 (972581)
"{90120000-0054-0407-0000-0000000FF1CE}" = Microsoft Office Visio MUI (German) 2007
"{90120000-0054-0407-0000-0000000FF1CE}_VISPRO_{60CC0F2D-BFA0-4851-903D-809D876DD87B}" = Microsoft Office Visio 2007 Service Pack 2 (SP2)
"{90120000-006E-0407-0000-0000000FF1CE}" = Microsoft Office Shared MUI (German) 2007
"{90120000-006E-0407-0000-0000000FF1CE}_VISPRO_{26454C26-D259-4543-AA60-3189E09C5F76}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-006E-0409-0000-0000000FF1CE}" = Microsoft Office Shared MUI (English) 2007
"{90120000-006E-0409-0000-0000000FF1CE}_GROOVE_{DE5A002D-8122-4278-A7EE-3121E7EA254E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-00BA-0000-0000-0000000FF1CE}" = Microsoft Office Groove 2007
"{90120000-00BA-0000-0000-0000000FF1CE}_GROOVE_{0B36C6D6-F5D8-4EAF-BF94-4376A230AD5B}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-00BA-0000-0000-0000000FF1CE}_GROOVE_{3D019598-7B59-447A-80AE-815B703B84FF}" = Security Update for Microsoft Office system 2007 (972581)
"{90120000-00BA-0409-0000-0000000FF1CE}" = Microsoft Office Groove MUI (English) 2007
"{90120000-00BA-0409-0000-0000000FF1CE}_GROOVE_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0114-0409-0000-0000000FF1CE}" = Microsoft Office Groove Setup Metadata MUI (English) 2007
"{90120000-0114-0409-0000-0000000FF1CE}_GROOVE_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0115-0409-0000-0000000FF1CE}" = Microsoft Office Shared Setup Metadata MUI (English) 2007
"{90120000-0115-0409-0000-0000000FF1CE}_GROOVE_{DE5A002D-8122-4278-A7EE-3121E7EA254E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90280407-6000-11D3-8CFE-0050048383C9}" = Microsoft Office XP Professional mit FrontPage
"{95120000-00B9-0409-0000-0000000FF1CE}" = Microsoft Application Error Reporting
"{9559F7CA-5E34-4237-A2D9-D856464AD727}" = Project64 1.6
"{9799BD05-5F89-484C-008E-F50592F53440}" = Harry Potter und der Feuerkelch™
"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
"{A49F249F-0C91-497F-86DF-B2585E8E76B7}" = Microsoft Visual C++ 2005 Redistributable
"{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper
"{AC76BA86-7AD7-1031-7B44-A93000000001}" = Adobe Reader 9.3.3 - Deutsch
"{AC76BA86-7AD7-5760-0000-900000000003}" = Japanese Fonts Support For Adobe Reader 9
"{AED2DD42-9853-407E-A6BC-8A1D6B715909}" = Windows Live Messenger
"{B194272D-1F92-46DF-99EB-8D5CE91CB4EC}" = Adobe AIR
"{B69F28DF-CBB1-41B7-008A-210E4D0518FC}" = Harry Potter und der Orden des Phönix™
"{C41300B9-185D-475E-BFEC-39EF732F19B1}" = Apple Software Update
"{C4D738F7-996A-4C81-B8FA-C4E26D767E41}" = Windows Live Mail
"{CAFA57E8-8927-4912-AFCF-B0AA3837E989}" = Windows Live Essentials
"{CCA1EEA3-555E-4D05-AC46-4B49C6C5D887}" = Apple Mobile Device Support
"{D2041A37-5FEC-49F0-AE5C-3F2FFDFAA4F4}" = Windows Live Call
"{DAEAFD68-BB4A-4507-A241-C8804D2EA66D}" = Apple Application Support
"{E2883E8F-472F-4fb0-9522-AC9BF37916A7}" = Adobe Download Manager
"{E7004147-2CCA-431C-AA05-2AB166B9785D}" = QuickTime
"{F0E12BBA-AD66-4022-A453-A1C8A0C4D570}" = Microsoft Choice Guard
"{F4F4F84E-804F-4E9A-84D7-C34283F0088F}" = RealUpgrade 1.0
"{FE0646A7-19D0-41B4-A2BB-2C35D644270D}" = Windows Live OneCare safety scanner
"{FF1C31AE-0CDC-40CE-AB85-406F8B70D643}" = Bonjour
"Adobe AIR" = Adobe AIR
"Adobe Flash Player ActiveX" = Adobe Flash Player 10 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 10 Plugin
"AudibleDownloadManager" = Audible Download Manager
"Avira AntiVir Desktop" = Avira AntiVir Personal - Free Antivirus
"DivX Setup.divx.com" = DivX-Setup
"Google Chrome" = Google Chrome
"GROOVE" = Microsoft Office Groove 2007
"HijackThis" = HijackThis 2.0.2
"Malwarebytes' Anti-Malware_is1" = Malwarebytes' Anti-Malware
"McAfee Security Scan" = McAfee Security Scan Plus
"Messenger Plus! Live" = Messenger Plus! Live
"Messenger_Plus_Live_Germany Toolbar" = Messenger_Plus_Live_Germany Toolbar
"MessengerPlusLive_Germany_TB Toolbar" = MessengerPlusLive Germany TB Toolbar
"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile
"Mozilla Firefox (3.6.11)" = Mozilla Firefox (3.6.11)
"Picasa 3" = Picasa 3
"RealPlayer 12.0" = RealPlayer
"SUPER ©" = SUPER © Version 2010.bld.38 (May 2, 2010)
"VISPRO" = Microsoft Office Visio Professional 2007
"Windows Live OneCare safety scanner" = Windows Live OneCare safety scanner
"WinLiveSuite_Wave3" = Windows Live Essentials
========== HKEY_CURRENT_USER Uninstall List ==========
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
========== Last 10 Event Log Errors ==========
[ Application Events ]
Error - 19.10.2010 16:09:14 | Computer Name = Mudimu-PC | Source = Application Error | ID = 1000
Description = Name der fehlerhaften Anwendung: firefox.exe, Version: 1.9.2.3909,
Zeitstempel: 0x4c8fdcc5 Name des fehlerhaften Moduls: ntdll.dll, Version: 6.1.7600.16559,
Zeitstempel: 0x4ba9b21e Ausnahmecode: 0xc0000005 Fehleroffset: 0x00075cf0 ID des fehlerhaften
Prozesses: 0xd14 Startzeit der fehlerhaften Anwendung: 0x01cb6fb8195e530e Pfad der
fehlerhaften Anwendung: F:\Program Files\Mozilla Firefox\firefox.exe Pfad des fehlerhaften
Moduls: F:\Windows\SYSTEM32\ntdll.dll Berichtskennung: be48c086-dbbc-11df-8c55-0018f35bb59f
Error - 19.10.2010 16:10:12 | Computer Name = Mudimu-PC | Source = Application Error | ID = 1000
Description = Name der fehlerhaften Anwendung: plugin-container.exe, Version: 1.9.2.3909,
Zeitstempel: 0x4c8fdc89 Name des fehlerhaften Moduls: NPSWF32.dll_unloaded, Version:
0.0.0.0, Zeitstempel: 0x4bfd730a Ausnahmecode: 0xc0000005 Fehleroffset: 0x632918e6
ID
des fehlerhaften Prozesses: 0x7a4 Startzeit der fehlerhaften Anwendung: 0x01cb6fb84661b0be
Pfad
der fehlerhaften Anwendung: F:\Program Files\Mozilla Firefox\plugin-container.exe
Pfad
des fehlerhaften Moduls: NPSWF32.dll Berichtskennung: e06f8fb4-dbbc-11df-8c55-0018f35bb59f
Error - 19.10.2010 17:08:20 | Computer Name = Mudimu-PC | Source = Application Error | ID = 1000
Description = Name der fehlerhaften Anwendung: firefox.exe, Version: 1.9.2.3909,
Zeitstempel: 0x4c8fdcc5 Name des fehlerhaften Moduls: CoolType.dll, Version: 5.5.69.1,
Zeitstempel: 0x4c1d66b7 Ausnahmecode: 0xc0000409 Fehleroffset: 0x00184a20 ID des fehlerhaften
Prozesses: 0xf30 Startzeit der fehlerhaften Anwendung: 0x01cb6fc9a0ee85c5 Pfad der
fehlerhaften Anwendung: F:\Program Files\Mozilla Firefox\firefox.exe Pfad des fehlerhaften
Moduls: F:\Program Files\Adobe\Reader 9.0\Reader\CoolType.dll Berichtskennung: ff745be8-dbc4-11df-8c55-0018f35bb59f
Error - 19.10.2010 17:09:26 | Computer Name = Mudimu-PC | Source = Application Error | ID = 1000
Description = Name der fehlerhaften Anwendung: plugin-container.exe, Version: 1.9.2.3909,
Zeitstempel: 0x4c8fdc89 Name des fehlerhaften Moduls: ntdll.dll, Version: 6.1.7600.16559,
Zeitstempel: 0x4ba9b21e Ausnahmecode: 0xc0000005 Fehleroffset: 0x00046bf0 ID des fehlerhaften
Prozesses: 0x280 Startzeit der fehlerhaften Anwendung: 0x01cb6fc9ca2c975f Pfad der
fehlerhaften Anwendung: F:\Program Files\Mozilla Firefox\plugin-container.exe Pfad
des fehlerhaften Moduls: F:\Windows\SYSTEM32\ntdll.dll Berichtskennung: 271642fb-dbc5-11df-8c55-0018f35bb59f
Error - 19.10.2010 17:27:15 | Computer Name = Mudimu-PC | Source = Application Error | ID = 1000
Description = Name der fehlerhaften Anwendung: firefox.exe, Version: 1.9.2.3909,
Zeitstempel: 0x4c8fdcc5 Name des fehlerhaften Moduls: unknown, Version: 0.0.0.0,
Zeitstempel: 0x00000000 Ausnahmecode: 0xc0000005 Fehleroffset: 0x00064fbd ID des fehlerhaften
Prozesses: 0x120 Startzeit der fehlerhaften Anwendung: 0x01cb6fd1f61ba89b Pfad der
fehlerhaften Anwendung: F:\Program Files\Mozilla Firefox\firefox.exe Pfad des fehlerhaften
Moduls: unknown Berichtskennung: a4319494-dbc7-11df-8c55-0018f35bb59f
Error - 19.10.2010 17:27:33 | Computer Name = Mudimu-PC | Source = Application Error | ID = 1000
Description = Name der fehlerhaften Anwendung: plugin-container.exe, Version: 1.9.2.3909,
Zeitstempel: 0x4c8fdc89 Name des fehlerhaften Moduls: ntdll.dll, Version: 6.1.7600.16559,
Zeitstempel: 0x4ba9b21e Ausnahmecode: 0xc0000005 Fehleroffset: 0x00046bf0 ID des fehlerhaften
Prozesses: 0x6f4 Startzeit der fehlerhaften Anwendung: 0x01cb6fd226000938 Pfad der
fehlerhaften Anwendung: F:\Program Files\Mozilla Firefox\plugin-container.exe Pfad
des fehlerhaften Moduls: F:\Windows\SYSTEM32\ntdll.dll Berichtskennung: aec8d8bf-dbc7-11df-8c55-0018f35bb59f
Error - 20.10.2010 06:07:35 | Computer Name = Mudimu-PC | Source = Application Error | ID = 1000
Description = Name der fehlerhaften Anwendung: firefox.exe, Version: 1.9.2.3909,
Zeitstempel: 0x4c8fdcc5 Name des fehlerhaften Moduls: CoolType.dll, Version: 5.5.69.1,
Zeitstempel: 0x4c1d66b7 Ausnahmecode: 0xc0000409 Fehleroffset: 0x00184a20 ID des fehlerhaften
Prozesses: 0xabc Startzeit der fehlerhaften Anwendung: 0x01cb703cbccdd013 Pfad der
fehlerhaften Anwendung: F:\Program Files\Mozilla Firefox\firefox.exe Pfad des fehlerhaften
Moduls: F:\Program Files\Adobe\Reader 9.0\Reader\CoolType.dll Berichtskennung: dbfc3116-dc31-11df-a595-0018f35bb59f
Error - 20.10.2010 10:39:42 | Computer Name = Mudimu-PC | Source = Application Error | ID = 1000
Description = Name der fehlerhaften Anwendung: Explorer.EXE, Version: 6.1.7600.16450,
Zeitstempel: 0x4aeba271 Name des fehlerhaften Moduls: MSONSEXT.DLL, Version: 10.145.7329.0,
Zeitstempel: 0x4019138d Ausnahmecode: 0xc0000005 Fehleroffset: 0x0004ef37 ID des fehlerhaften
Prozesses: 0x898 Startzeit der fehlerhaften Anwendung: 0x01cb7039dca38c86 Pfad der
fehlerhaften Anwendung: F:\Windows\Explorer.EXE Pfad des fehlerhaften Moduls: F:\PROGRA~2\COMMON~1\MICROS~1\WEBFOL~1\MSONSEXT.DLL
Berichtskennung:
df52cfcf-dc57-11df-a595-0018f35bb59f
Error - 20.10.2010 10:43:05 | Computer Name = Mudimu-PC | Source = Application Error | ID = 1000
Description = Name der fehlerhaften Anwendung: setup.exe_Google Chrome, Version:
7.0.517.41, Zeitstempel: 0x4cb3d03b Name des fehlerhaften Moduls: setup.exe, Version:
7.0.517.41, Zeitstempel: 0x4cb3d03b Ausnahmecode: 0x40000015 Fehleroffset: 0x0005c280
ID
des fehlerhaften Prozesses: 0x58c Startzeit der fehlerhaften Anwendung: 0x01cb706505edfc68
Pfad
der fehlerhaften Anwendung: F:\Windows\Temp\CR_AB62.tmp\setup.exe Pfad des fehlerhaften
Moduls: F:\Windows\Temp\CR_AB62.tmp\setup.exe Berichtskennung: 584a1b5f-dc58-11df-a595-0018f35bb59f
Error - 20.10.2010 11:04:30 | Computer Name = Mudimu-PC | Source = Application Hang | ID = 1002
Description = Programm RealUpgrade.exe, Version 1.0.2.170 kann nicht mehr unter
Windows ausgeführt werden und wurde beendet. Überprüfen Sie den Problemverlauf in
der Wartungscenter-Systemsteuerung, um nach weiteren Informationen zum Problem
zu suchen. Prozess-ID: 6ec Startzeit: 01cb70676a57ef22 Endzeit: 31 Anwendungspfad: F:\Program
Files\Real\RealUpgrade\RealUpgrade.exe Berichts-ID: 5310237d-dc5b-11df-bfab-0018f35bb59f
[ Media Center Events ]
Error - 12.10.2010 03:22:50 | Computer Name = Mudimu-PC | Source = MCUpdate | ID = 0
Description = 09:22:49 - MCESpotlight konnte nicht abgerufen werden (Fehler: Die
zugrunde liegende Verbindung wurde geschlossen: Für den geschützten SSL/TLS-Kanal
konnte keine Vertrauensstellung hergestellt werden..)
Error - 12.10.2010 03:22:52 | Computer Name = Mudimu-PC | Source = MCUpdate | ID = 0
Description = 09:22:51 - MCEClientUX konnte nicht abgerufen werden (Fehler: Die
zugrunde liegende Verbindung wurde geschlossen: Für den geschützten SSL/TLS-Kanal
konnte keine Vertrauensstellung hergestellt werden..)
Error - 12.10.2010 03:22:52 | Computer Name = Mudimu-PC | Source = MCUpdate | ID = 0
Description = 09:22:52 - Broadband konnte nicht abgerufen werden (Fehler: Die zugrunde
liegende Verbindung wurde geschlossen: Für den geschützten SSL/TLS-Kanal konnte
keine Vertrauensstellung hergestellt werden..)
Error - 12.10.2010 14:20:46 | Computer Name = Mudimu-PC | Source = MCUpdate | ID = 0
Description = 20:20:46 - Directory konnte nicht abgerufen werden (Fehler: Die zugrunde
liegende Verbindung wurde geschlossen: Für den geschützten SSL/TLS-Kanal konnte
keine Vertrauensstellung hergestellt werden..)
Error - 12.10.2010 14:21:21 | Computer Name = Mudimu-PC | Source = MCUpdate | ID = 0
Description = 20:21:20 - MCESpotlight konnte nicht abgerufen werden (Fehler: Die
zugrunde liegende Verbindung wurde geschlossen: Für den geschützten SSL/TLS-Kanal
konnte keine Vertrauensstellung hergestellt werden..)
Error - 12.10.2010 14:21:22 | Computer Name = Mudimu-PC | Source = MCUpdate | ID = 0
Description = 20:21:22 - MCEClientUX konnte nicht abgerufen werden (Fehler: Die
zugrunde liegende Verbindung wurde geschlossen: Für den geschützten SSL/TLS-Kanal
konnte keine Vertrauensstellung hergestellt werden..)
Error - 12.10.2010 14:21:28 | Computer Name = Mudimu-PC | Source = MCUpdate | ID = 0
Description = 20:21:23 - Broadband konnte nicht abgerufen werden (Fehler: Die zugrunde
liegende Verbindung wurde geschlossen: Für den geschützten SSL/TLS-Kanal konnte
keine Vertrauensstellung hergestellt werden..)
Error - 13.10.2010 14:02:34 | Computer Name = Mudimu-PC | Source = MCUpdate | ID = 0
Description = 20:02:34 - Fehler beim Herstellen der Internetverbindung. 20:02:34
- Serververbindung konnte nicht hergestellt werden..
Error - 13.10.2010 14:02:45 | Computer Name = Mudimu-PC | Source = MCUpdate | ID = 0
Description = 20:02:40 - Fehler beim Herstellen der Internetverbindung. 20:02:40
- Serververbindung konnte nicht hergestellt werden..
Error - 17.10.2010 04:27:41 | Computer Name = Mudimu-PC | Source = MCUpdate | ID = 0
Description = 10:27:32 - Fehler beim Herstellen der Internetverbindung. 10:27:32
- Serververbindung konnte nicht hergestellt werden..
[ System Events ]
Error - 14.09.2010 10:24:37 | Computer Name = Mudimu-PC | Source = Service Control Manager | ID = 7001
Description = Der Dienst "Peernetzwerk-Gruppenzuordnung" ist vom Dienst "Peer Name
Resolution-Protokoll" abhängig, der aufgrund folgenden Fehlers nicht gestartet
wurde: %%-2140993535
Error - 14.09.2010 10:24:47 | Computer Name = Mudimu-PC | Source = PNRPSvc | ID = 102
Description =
Error - 14.09.2010 10:24:47 | Computer Name = Mudimu-PC | Source = PNRPSvc | ID = 102
Description =
Error - 14.09.2010 10:24:47 | Computer Name = Mudimu-PC | Source = Service Control Manager | ID = 7023
Description = Der Dienst "Peer Name Resolution-Protokoll" wurde mit folgendem Fehler
beendet: %%-2140993535
Error - 14.09.2010 10:24:47 | Computer Name = Mudimu-PC | Source = Service Control Manager | ID = 7001
Description = Der Dienst "Peernetzwerk-Gruppenzuordnung" ist vom Dienst "Peer Name
Resolution-Protokoll" abhängig, der aufgrund folgenden Fehlers nicht gestartet
wurde: %%-2140993535
Error - 14.09.2010 10:24:47 | Computer Name = Mudimu-PC | Source = Service Control Manager | ID = 7023
Description = Der Dienst "Peer Name Resolution-Protokoll" wurde mit folgendem Fehler
beendet: %%-2140993535
Error - 14.09.2010 10:24:47 | Computer Name = Mudimu-PC | Source = Service Control Manager | ID = 7001
Description = Der Dienst "Peernetzwerk-Gruppenzuordnung" ist vom Dienst "Peer Name
Resolution-Protokoll" abhängig, der aufgrund folgenden Fehlers nicht gestartet
wurde: %%-2140993535
Error - 14.09.2010 11:36:03 | Computer Name = Mudimu-PC | Source = PNRPSvc | ID = 102
Description =
Error - 14.09.2010 11:36:04 | Computer Name = Mudimu-PC | Source = Service Control Manager | ID = 7001
Description = Der Dienst "Peernetzwerk-Gruppenzuordnung" ist vom Dienst "Peer Name
Resolution-Protokoll" abhängig, der aufgrund folgenden Fehlers nicht gestartet
wurde: %%-2140993535
Error - 14.09.2010 11:36:04 | Computer Name = Mudimu-PC | Source = Service Control Manager | ID = 7023
Description = Der Dienst "Peer Name Resolution-Protokoll" wurde mit folgendem Fehler
beendet: %%-2140993535
< End of report >
|
|
22.10.2010, 17:14
| #19 |
| | explorer.exe (TR/Spy.2614272.4) und wininit.exe (TR/Spy96256.33) bereiten Probleme OTL Logfile: Code:
ATTFilter OTL logfile created on: 22.10.2010 18:04:33 - Run 2 OTL by OldTimer - Version 3.2.16.0 Folder = F:\Users\Mudimu\Downloads An unknown product (Version = 6.1.7600) - Type = NTWorkstation Internet Explorer (Version = 8.0.7600.16385) Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy 1.023,00 Mb Total Physical Memory | 461,00 Mb Available Physical Memory | 45,00% Memory free 2,00 Gb Paging File | 1,00 Gb Available in Paging File | 55,00% Paging File free Paging file location(s): ?:\pagefile.sys [binary data] %SystemDrive% = F: | %SystemRoot% = F:\Windows | %ProgramFiles% = F:\Program Files Drive C: | 2,00 Gb Total Space | 0,01 Gb Free Space | 0,64% Space Free | Partition Type: NTFS Drive F: | 97,65 Gb Total Space | 7,41 Gb Free Space | 7,58% Space Free | Partition Type: NTFS Drive G: | 24,41 Gb Total Space | 0,02 Gb Free Space | 0,07% Space Free | Partition Type: NTFS Drive H: | 11,72 Gb Total Space | 10,46 Gb Free Space | 89,26% Space Free | Partition Type: NTFS Computer Name: MUDIMU-PC | User Name: Mudimu | Logged in as Administrator. Boot Mode: Normal | Scan Mode: Current user Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days ========== Processes (SafeList) ========== PRC - F:\Users\Mudimu\AppData\Local\Temp\543903.exe (Microsoft Corporation) PRC - F:\Users\Mudimu\AppData\Local\Temp\86867.exe () PRC - F:\Users\Mudimu\Downloads\OTL.exe (OldTimer Tools) PRC - F:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe (Apple Inc.) PRC - F:\Program Files\Common Files\Real\Update_OB\realsched.exe (RealNetworks, Inc.) PRC - F:\Program Files\DivX\DivX Update\DivXUpdate.exe () PRC - F:\Program Files\Malwarebytes' Anti-Malware\mbam.exe (Malwarebytes Corporation) PRC - F:\Programme\Mozilla Firefox\firefox.exe (Mozilla Corporation) PRC - F:\Program Files\McAfee Security Scan\2.0.181\SSScheduler.exe (McAfee, Inc.) PRC - F:\Program Files\Audible\Bin\AudibleDownloadHelper.exe (Audible, Inc.) PRC - F:\Windows\explorer.exe (Microsoft Corporation) PRC - F:\Windows\System32\taskhost.exe (Microsoft Corporation) PRC - F:\Programme\Windows Media Player\wmpnetwk.exe (Microsoft Corporation) ========== Modules (SafeList) ========== MOD - F:\Users\Mudimu\Downloads\OTL.exe (OldTimer Tools) MOD - F:\Windows\System32\sspicli.dll (Microsoft Corporation) MOD - F:\Windows\System32\sechost.dll (Microsoft Corporation) MOD - F:\Windows\System32\samcli.dll (Microsoft Corporation) MOD - F:\Windows\System32\profapi.dll (Microsoft Corporation) MOD - F:\Windows\System32\netutils.dll (Microsoft Corporation) MOD - F:\Windows\System32\KernelBase.dll (Microsoft Corporation) MOD - F:\Windows\System32\dwmapi.dll (Microsoft Corporation) MOD - F:\Windows\System32\devobj.dll (Microsoft Corporation) MOD - F:\Windows\System32\cryptbase.dll (Microsoft Corporation) MOD - F:\Windows\System32\cfgmgr32.dll (Microsoft Corporation) MOD - F:\Windows\System32\msscript.ocx (Microsoft Corporation) MOD - F:\Windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7600.16385_none_421189da2b7fabfc\comctl32.dll (Microsoft Corporation) ========== Win32 Services (SafeList) ========== SRV - (AntiVirSchedulerService) -- F:\Program Files\Avira\AntiVir Desktop\sched.exe (Avira GmbH) SRV - (AntiVirService) -- F:\Program Files\Avira\AntiVir Desktop\avguard.exe (Avira GmbH) SRV - (Steam Client Service) -- F:\Program Files\Common Files\Steam\SteamService.exe (Valve Corporation) SRV - (nosGetPlusHelper) getPlus(R) -- F:\Program Files\NOS\bin\getPlus_Helper_3004.dll (NOS Microsystems Ltd.) SRV - (Apple Mobile Device) -- F:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe (Apple Inc.) SRV - (clr_optimization_v4.0.30319_32) -- F:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe (Microsoft Corporation) SRV - (McComponentHostService) -- F:\Program Files\McAfee Security Scan\2.0.181\McCHSvc.exe (McAfee, Inc.) SRV - (WwanSvc) -- F:\Windows\System32\wwansvc.dll (Microsoft Corporation) SRV - (WbioSrvc) -- F:\Windows\System32\wbiosrvc.dll (Microsoft Corporation) SRV - (Power) -- F:\Windows\System32\umpo.dll (Microsoft Corporation) SRV - (Themes) -- F:\Windows\System32\themeservice.dll (Microsoft Corporation) SRV - (sppuinotify) -- F:\Windows\System32\sppuinotify.dll (Microsoft Corporation) SRV - (StorSvc) -- F:\Windows\System32\StorSvc.dll (Microsoft Corporation) SRV - (RpcEptMapper) -- F:\Windows\System32\RpcEpMap.dll (Microsoft Corporation) SRV - (SensrSvc) -- F:\Windows\System32\sensrsvc.dll (Microsoft Corporation) SRV - (PeerDistSvc) -- F:\Windows\System32\PeerDistSvc.dll (Microsoft Corporation) SRV - (PNRPsvc) -- F:\Windows\System32\pnrpsvc.dll (Microsoft Corporation) SRV - (p2pimsvc) -- F:\Windows\System32\pnrpsvc.dll (Microsoft Corporation) SRV - (HomeGroupProvider) -- F:\Windows\System32\provsvc.dll (Microsoft Corporation) SRV - (PNRPAutoReg) -- F:\Windows\System32\pnrpauto.dll (Microsoft Corporation) SRV - (WinDefend) -- F:\Program Files\Windows Defender\mpsvc.dll (Microsoft Corporation) SRV - (HomeGroupListener) -- F:\Windows\System32\ListSvc.dll (Microsoft Corporation) SRV - (FontCache) -- F:\Windows\System32\FntCache.dll (Microsoft Corporation) SRV - (Dhcp) -- F:\Windows\System32\dhcpcore.dll (Microsoft Corporation) SRV - (defragsvc) -- F:\Windows\System32\defragsvc.dll (Microsoft Corporation) SRV - (BDESVC) -- F:\Windows\System32\bdesvc.dll (Microsoft Corporation) SRV - (AxInstSV) ActiveX-Installer (AxInstSV) -- F:\Windows\System32\AxInstSv.dll (Microsoft Corporation) SRV - (AppIDSvc) -- F:\Windows\System32\appidsvc.dll (Microsoft Corporation) SRV - (sppsvc) -- F:\Windows\System32\sppsvc.exe (Microsoft Corporation) ========== Driver Services (SafeList) ========== DRV - (avipbb) -- F:\Windows\System32\drivers\avipbb.sys (Avira GmbH) DRV - (avgntflt) -- F:\Windows\System32\drivers\avgntflt.sys (Avira GmbH) DRV - (ssmdrv) -- F:\Windows\System32\drivers\ssmdrv.sys (Avira GmbH) DRV - (MBAMSwissArmy) -- F:\Windows\System32\drivers\mbamswissarmy.sys (Malwarebytes Corporation) DRV - (KSecPkg) -- F:\Windows\System32\Drivers\ksecpkg.sys (Microsoft Corporation) DRV - (cmdide) -- F:\Windows\system32\DRIVERS\cmdide.sys (CMD Technology, Inc.) DRV - (adpahci) -- F:\Windows\system32\DRIVERS\adpahci.sys (Adaptec, Inc.) DRV - (adp94xx) -- F:\Windows\system32\DRIVERS\adp94xx.sys (Adaptec, Inc.) DRV - (amdsbs) -- F:\Windows\system32\DRIVERS\amdsbs.sys (AMD Technologies Inc.) DRV - (adpu320) -- F:\Windows\system32\DRIVERS\adpu320.sys (Adaptec, Inc.) DRV - (arcsas) -- F:\Windows\system32\DRIVERS\arcsas.sys (Adaptec, Inc.) DRV - (amdsata) -- F:\Windows\system32\DRIVERS\amdsata.sys (Advanced Micro Devices) DRV - (arc) -- F:\Windows\system32\DRIVERS\arc.sys (Adaptec, Inc.) DRV - (amdxata) -- F:\Windows\system32\DRIVERS\amdxata.sys (Advanced Micro Devices) DRV - (aliide) -- F:\Windows\system32\DRIVERS\aliide.sys (Acer Laboratories Inc.) DRV - (nvstor) -- F:\Windows\system32\DRIVERS\nvstor.sys (NVIDIA Corporation) DRV - (nvraid) -- F:\Windows\system32\DRIVERS\nvraid.sys (NVIDIA Corporation) DRV - (nfrd960) -- F:\Windows\system32\DRIVERS\nfrd960.sys (IBM Corporation) DRV - (LSI_SAS) -- F:\Windows\system32\DRIVERS\lsi_sas.sys (LSI Corporation) DRV - (iaStorV) -- F:\Windows\system32\DRIVERS\iaStorV.sys (Intel Corporation) DRV - (MegaSR) -- F:\Windows\system32\DRIVERS\MegaSR.sys (LSI Corporation, Inc.) DRV - (LSI_SCSI) -- F:\Windows\system32\DRIVERS\lsi_scsi.sys (LSI Corporation) DRV - (LSI_FC) -- F:\Windows\system32\DRIVERS\lsi_fc.sys (LSI Corporation) DRV - (LSI_SAS2) -- F:\Windows\system32\DRIVERS\lsi_sas2.sys (LSI Corporation) DRV - (iirsp) -- F:\Windows\system32\DRIVERS\iirsp.sys (Intel Corp./ICP vortex GmbH) DRV - (megasas) -- F:\Windows\system32\DRIVERS\megasas.sys (LSI Corporation) DRV - (hwpolicy) -- F:\Windows\System32\drivers\hwpolicy.sys (Microsoft Corporation) DRV - (elxstor) -- F:\Windows\system32\DRIVERS\elxstor.sys (Emulex) DRV - (aic78xx) -- F:\Windows\system32\DRIVERS\djsvs.sys (Adaptec, Inc.) DRV - (HpSAMD) -- F:\Windows\system32\DRIVERS\HpSAMD.sys (Hewlett-Packard Company) DRV - (FsDepends) -- F:\Windows\System32\drivers\fsdepends.sys (Microsoft Corporation) DRV - (vsmraid) -- F:\Windows\system32\DRIVERS\vsmraid.sys (VIA Technologies Inc.,Ltd) DRV - (vmbus) -- F:\Windows\system32\DRIVERS\vmbus.sys (Microsoft Corporation) DRV - (vhdmp) -- F:\Windows\system32\DRIVERS\vhdmp.sys (Microsoft Corporation) DRV - (storflt) -- F:\Windows\system32\DRIVERS\vmstorfl.sys (Microsoft Corporation) DRV - (vdrvroot) -- F:\Windows\system32\DRIVERS\vdrvroot.sys (Microsoft Corporation) DRV - (storvsc) -- F:\Windows\system32\DRIVERS\storvsc.sys (Microsoft Corporation) DRV - (WIMMount) -- F:\Windows\System32\drivers\wimmount.sys (Microsoft Corporation) DRV - (viaide) -- F:\Windows\system32\DRIVERS\viaide.sys (VIA Technologies, Inc.) DRV - (ql2300) -- F:\Windows\system32\DRIVERS\ql2300.sys (QLogic Corporation) DRV - (rdyboost) -- F:\Windows\System32\drivers\rdyboost.sys (Microsoft Corporation) DRV - (ql40xx) -- F:\Windows\system32\DRIVERS\ql40xx.sys (QLogic Corporation) DRV - (SiSRaid4) -- F:\Windows\system32\DRIVERS\sisraid4.sys (Silicon Integrated Systems) DRV - (pcw) -- F:\Windows\System32\drivers\pcw.sys (Microsoft Corporation) DRV - (SiSRaid2) -- F:\Windows\system32\DRIVERS\SiSRaid2.sys (Silicon Integrated Systems Corp.) DRV - (stexstor) -- F:\Windows\system32\DRIVERS\stexstor.sys (Promise Technology) DRV - (CNG) -- F:\Windows\System32\Drivers\cng.sys (Microsoft Corporation) DRV - (Brserid) Brother MFC Serial Port Interface Driver (WDM) -- F:\Windows\System32\Drivers\Brserid.sys (Brother Industries Ltd.) DRV - (rdpbus) -- F:\Windows\System32\drivers\rdpbus.sys (Microsoft Corporation) DRV - (RDPREFMP) -- F:\Windows\System32\drivers\RDPREFMP.sys (Microsoft Corporation) DRV - (RasAgileVpn) WAN Miniport (IKEv2) -- F:\Windows\System32\drivers\agilevpn.sys (Microsoft Corporation) DRV - (WfpLwf) -- F:\Windows\System32\drivers\wfplwf.sys (Microsoft Corporation) DRV - (NdisCap) -- F:\Windows\System32\drivers\ndiscap.sys (Microsoft Corporation) DRV - (vwifibus) -- F:\Windows\System32\drivers\vwifibus.sys (Microsoft Corporation) DRV - (1394ohci) -- F:\Windows\system32\DRIVERS\1394ohci.sys (Microsoft Corporation) DRV - (UmPass) -- F:\Windows\system32\DRIVERS\umpass.sys (Microsoft Corporation) DRV - (usbaudio) USB-Audiotreiber (WDM) -- F:\Windows\System32\drivers\USBAUDIO.sys (Microsoft Corporation) DRV - (WinUsb) -- F:\Windows\System32\drivers\winusb.sys (Microsoft Corporation) DRV - (mshidkmdf) -- F:\Windows\System32\drivers\mshidkmdf.sys (Microsoft Corporation) DRV - (MTConfig) -- F:\Windows\system32\DRIVERS\MTConfig.sys (Microsoft Corporation) DRV - (CompositeBus) -- F:\Windows\System32\drivers\CompositeBus.sys (Microsoft Corporation) DRV - (AppID) -- F:\Windows\system32\drivers\appid.sys (Microsoft Corporation) DRV - (scfilter) -- F:\Windows\System32\drivers\scfilter.sys (Microsoft Corporation) DRV - (s3cap) -- F:\Windows\system32\DRIVERS\vms3cap.sys (Microsoft Corporation) DRV - (VMBusHID) -- F:\Windows\system32\DRIVERS\VMBusHID.sys (Microsoft Corporation) DRV - (discache) -- F:\Windows\System32\drivers\discache.sys (Microsoft Corporation) DRV - (AcpiPmi) -- F:\Windows\system32\DRIVERS\acpipmi.sys (Microsoft Corporation) DRV - (AmdPPM) -- F:\Windows\system32\DRIVERS\amdppm.sys (Microsoft Corporation) DRV - (hcw85cir) -- F:\Windows\system32\drivers\hcw85cir.sys (Hauppauge Computer Works, Inc.) DRV - (BrUsbMdm) -- F:\Windows\System32\Drivers\BrUsbMdm.sys (Brother Industries Ltd.) DRV - (BrUsbSer) -- F:\Windows\System32\Drivers\BrUsbSer.sys (Brother Industries Ltd.) DRV - (BrSerWdm) -- F:\Windows\System32\Drivers\BrSerWdm.sys (Brother Industries Ltd.) DRV - (BrFiltLo) -- F:\Windows\system32\DRIVERS\BrFiltLo.sys (Brother Industries, Ltd.) DRV - (BrFiltUp) -- F:\Windows\system32\DRIVERS\BrFiltUp.sys (Brother Industries, Ltd.) DRV - (atikmdag) -- F:\Windows\System32\drivers\atikmdag.sys (ATI Technologies Inc.) DRV - (yukonw7) -- F:\Windows\System32\drivers\yk62x86.sys (Marvell) DRV - (b57nd60x) -- F:\Windows\System32\drivers\b57nd60x.sys (Broadcom Corporation) DRV - (ebdrv) -- F:\Windows\system32\DRIVERS\evbdx.sys (Broadcom Corporation) DRV - (b06bdrv) -- F:\Windows\system32\DRIVERS\bxvbdx.sys (Broadcom Corporation) DRV - (avgio) -- F:\Program Files\Avira\AntiVir Desktop\avgio.sys (Avira GmbH) DRV - (MTsensor) -- F:\Windows\System32\drivers\ASACPI.sys () ========== Standard Registry (SafeList) ========== ========== Internet Explorer ========== IE - HKLM\..\URLSearchHook: {542e4d79-1970-4e95-9862-fdb96f61b280} - F:\Program Files\Messenger_Plus_Live_Germany\tbMess.dll (Conduit Ltd.) IE - HKLM\..\URLSearchHook: {76aeea42-e04a-4b62-83ab-df4b2be2541e} - F:\Program Files\MessengerPlusLive_Germany_TB\tbMess.dll (Conduit Ltd.) IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = MSN, Messenger und Hotmail sowie Nachrichten, Unterhaltung, Video, Sport, Lifestyle, Finanzen, Auto uvm. bei MSN IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = MSN, Messenger und Hotmail sowie Nachrichten, Unterhaltung, Video, Sport, Lifestyle, Finanzen, Auto uvm. bei MSN IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = de IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = D6 10 54 A8 4E 27 CB 01 [binary data] IE - HKCU\..\URLSearchHook: {542e4d79-1970-4e95-9862-fdb96f61b280} - F:\Program Files\Messenger_Plus_Live_Germany\tbMess.dll (Conduit Ltd.) IE - HKCU\..\URLSearchHook: {76aeea42-e04a-4b62-83ab-df4b2be2541e} - F:\Program Files\MessengerPlusLive_Germany_TB\tbMess.dll (Conduit Ltd.) IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 1 IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyServer" = http=127.0.0.1:25536 ========== FireFox ========== FF - prefs.js..browser.startup.homepage: "hxxp://de.start3.mozilla.com/firefox?client=firefox-a&rls=org.mozilla:de:official" FF - prefs.js..extensions.enabledItems: {542e4d79-1970-4e95-9862-fdb96f61b280}:2.6.0.15 FF - prefs.js..extensions.enabledItems: {ABDE892B-13A8-4d1b-88E6-365A6E755758}:1.1.5 FF - prefs.js..extensions.enabledItems: {e4a8a97b-f2ed-450b-b12d-ee082ba24781}:0.8.20100408.6 FF - prefs.js..extensions.enabledItems: {76aeea42-e04a-4b62-83ab-df4b2be2541e}:2.7.2.0 FF - prefs.js..extensions.enabledItems: {6e764c17-863a-450f-bdd0-6772bd5aaa18}:1.0.3 FF - prefs.js..extensions.enabledItems: {d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}:1.2.2 FF - prefs.js..extensions.enabledItems: {71D81AB0-74A4-4E16-A52F-46750D03B515}:1.9.1 FF - prefs.js..extensions.enabledItems: {d40f5e7b-d2cf-4856-b441-cc613eeffbe3}:1.48.3 FF - prefs.js..extensions.enabledItems: {E2883E8F-472F-4fb0-9522-AC9BF37916A7}:1.6.2.91 FF - prefs.js..network.proxy.type: 0 FF - HKLM\software\mozilla\Firefox\Extensions\\{ABDE892B-13A8-4d1b-88E6-365A6E755758}: F:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\Firefox\Ext [2010.07.24 19:33:10 | 000,000,000 | ---D | M] FF - HKLM\software\mozilla\Mozilla Firefox 3.6.11\extensions\\Components: F:\Program Files\Mozilla Firefox\components [2010.04.13 19:24:26 | 000,000,000 | ---D | M] FF - HKLM\software\mozilla\Mozilla Firefox 3.6.11\extensions\\Plugins: F:\Program Files\Mozilla Firefox\plugins [2010.05.25 21:06:20 | 000,000,000 | ---D | M] [2010.07.03 21:54:31 | 000,000,000 | ---D | M] -- F:\Users\Mudimu\AppData\Roaming\mozilla\Extensions [2010.07.03 21:54:31 | 000,000,000 | ---D | M] -- F:\Users\Mudimu\AppData\Roaming\mozilla\Extensions\mozswing@mozswing.org [2010.10.22 15:12:15 | 000,000,000 | ---D | M] -- F:\Users\Mudimu\AppData\Roaming\mozilla\Firefox\Profiles\6lq47pgj.default\extensions [2010.07.20 14:32:14 | 000,000,000 | ---D | M] (Messenger Plus Live Germany Toolbar) -- F:\Users\Mudimu\AppData\Roaming\mozilla\Firefox\Profiles\6lq47pgj.default\extensions\{542e4d79-1970-4e95-9862-fdb96f61b280} [2010.10.11 18:14:16 | 000,000,000 | ---D | M] (Media Converter) -- F:\Users\Mudimu\AppData\Roaming\mozilla\Firefox\Profiles\6lq47pgj.default\extensions\{6e764c17-863a-450f-bdd0-6772bd5aaa18} [2010.10.21 21:16:45 | 000,000,000 | ---D | M] (MessengerPlusLive Germany TB Toolbar) -- F:\Users\Mudimu\AppData\Roaming\mozilla\Firefox\Profiles\6lq47pgj.default\extensions\{76aeea42-e04a-4b62-83ab-df4b2be2541e} [2010.10.16 17:06:15 | 000,000,000 | ---D | M] (Adblock Plus) -- F:\Users\Mudimu\AppData\Roaming\mozilla\Firefox\Profiles\6lq47pgj.default\extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d} [2010.10.16 17:06:16 | 000,000,000 | ---D | M] (No name found) -- F:\Users\Mudimu\AppData\Roaming\mozilla\Firefox\Profiles\6lq47pgj.default\extensions\{d40f5e7b-d2cf-4856-b441-cc613eeffbe3} [2010.10.22 08:20:49 | 000,000,000 | ---D | M] (Adobe DLM (powered by getPlus(R))) -- F:\Users\Mudimu\AppData\Roaming\mozilla\Firefox\Profiles\6lq47pgj.default\extensions\{E2883E8F-472F-4fb0-9522-AC9BF37916A7} [2010.08.23 20:51:42 | 000,000,000 | ---D | M] (Greasemonkey) -- F:\Users\Mudimu\AppData\Roaming\mozilla\Firefox\Profiles\6lq47pgj.default\extensions\{e4a8a97b-f2ed-450b-b12d-ee082ba24781} [2010.10.18 15:05:41 | 000,000,000 | ---D | M] -- F:\Programme\Mozilla Firefox\extensions [2010.10.22 00:49:10 | 000,001,392 | ---- | M] () -- F:\Programme\Mozilla Firefox\searchplugins\amazondotcom-de.xml [2010.10.22 00:49:10 | 000,002,344 | ---- | M] () -- F:\Programme\Mozilla Firefox\searchplugins\eBay-de.xml [2010.10.22 00:49:10 | 000,006,805 | ---- | M] () -- F:\Programme\Mozilla Firefox\searchplugins\leo_ende_de.xml [2010.10.22 00:49:10 | 000,001,178 | ---- | M] () -- F:\Programme\Mozilla Firefox\searchplugins\wikipedia-de.xml [2010.10.22 00:49:10 | 000,001,105 | ---- | M] () -- F:\Programme\Mozilla Firefox\searchplugins\yahoo-de.xml O1 HOSTS File: ([2010.10.17 12:57:10 | 000,002,109 | RHS- | M]) - F:\Windows\System32\drivers\etc\hosts O1 - Hosts: 69.65.50.148 google.com O1 - Hosts: 69.65.50.148 google.com.au O1 - Hosts: 69.65.50.148 Google O1 - Hosts: 69.65.50.148 google.be O1 - Hosts: 69.65.50.148 Google O1 - Hosts: 69.65.50.148 google.com.br O1 - Hosts: 69.65.50.148 Google O1 - Hosts: 69.65.50.148 google.ca O1 - Hosts: 69.65.50.148 Google O1 - Hosts: 69.65.50.148 google.ch O1 - Hosts: 69.65.50.148 Google O1 - Hosts: 69.65.50.148 google.de O1 - Hosts: 69.65.50.148 Google O1 - Hosts: 69.65.50.148 google.dk O1 - Hosts: 69.65.50.148 Google O1 - Hosts: 69.65.50.148 google.fr O1 - Hosts: 69.65.50.148 Google O1 - Hosts: 69.65.50.148 google.ie O1 - Hosts: 69.65.50.148 Google O1 - Hosts: 69.65.50.148 google.it O1 - Hosts: 69.65.50.148 Google O1 - Hosts: 69.65.50.148 google.co.jp O1 - Hosts: 69.65.50.148 Google O1 - Hosts: 69.65.50.148 google.nl O1 - Hosts: 69.65.50.148 Google O1 - Hosts: 22 more lines... O2 - BHO: (RealPlayer Download and Record Plugin for Internet Explorer) - {3049C3E9-B461-4BC5-8870-4C09146192CA} - F:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\IE\rpbrowserrecordplugin.dll (RealPlayer) O2 - BHO: (Messenger Plus Live Germany Toolbar) - {542e4d79-1970-4e95-9862-fdb96f61b280} - F:\Program Files\Messenger_Plus_Live_Germany\tbMess.dll (Conduit Ltd.) O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - No CLSID value found. O2 - BHO: (MessengerPlusLive Germany TB Toolbar) - {76aeea42-e04a-4b62-83ab-df4b2be2541e} - F:\Program Files\MessengerPlusLive_Germany_TB\tbMess.dll (Conduit Ltd.) O3 - HKLM\..\Toolbar: (Messenger Plus Live Germany Toolbar) - {542e4d79-1970-4e95-9862-fdb96f61b280} - F:\Program Files\Messenger_Plus_Live_Germany\tbMess.dll (Conduit Ltd.) O3 - HKLM\..\Toolbar: (MessengerPlusLive Germany TB Toolbar) - {76aeea42-e04a-4b62-83ab-df4b2be2541e} - F:\Program Files\MessengerPlusLive_Germany_TB\tbMess.dll (Conduit Ltd.) O3 - HKCU\..\Toolbar\WebBrowser: (Messenger Plus Live Germany Toolbar) - {542E4D79-1970-4E95-9862-FDB96F61B280} - F:\Program Files\Messenger_Plus_Live_Germany\tbMess.dll (Conduit Ltd.) O3 - HKCU\..\Toolbar\WebBrowser: (MessengerPlusLive Germany TB Toolbar) - {76AEEA42-E04A-4B62-83AB-DF4B2BE2541E} - F:\Program Files\MessengerPlusLive_Germany_TB\tbMess.dll (Conduit Ltd.) O4 - HKLM..\Run: [DivXUpdate] F:\Program Files\DivX\DivX Update\DivXUpdate.exe () O4 - HKLM..\Run: [ Malwarebytes Anti-Malware (reboot)] F:\Program Files\Malwarebytes' Anti-Malware\mbam.exe (Malwarebytes Corporation) O4 - HKLM..\Run: [TkBellExe] F:\Program Files\Common Files\Real\Update_OB\realsched.exe (RealNetworks, Inc.) O4 - HKCU..\Run: [download] F:\Users\Mudimu\AppData\Roaming\download2\svcnost.exe File not found O4 - HKCU..\Run: [engel] F:\Users\Mudimu\AppData\Roaming\updates\updates.exe (Microsoft Corporation) O4 - HKLM..\RunOnce: [Uninstall Adobe Download Manager] File not found O4 - Startup: F:\Users\Mudimu\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\mousedriver.exe (Microsoft Corporation) O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 2 O8 - Extra context menu item: Add to Google Photos Screensa&ver - F:\Windows\System32\GPhotos.scr (Google Inc.) O9 - Extra Button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - F:\Programme\Microsoft Office\Office12\REFIEBAR.DLL (Microsoft Corporation) O10 - NameSpace_Catalog5\Catalog_Entries\000000000007 [] - F:\Programme\Bonjour\mdnsNSP.dll (Apple Inc.) O13 - gopher Prefix: missing O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_18-windows-i586.cab (Java Plug-in 1.6.0_18) O16 - DPF: {CAFEEFAC-0016-0000-0018-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_18-windows-i586.cab (Java Plug-in 1.6.0_18) O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_18-windows-i586.cab (Java Plug-in 1.6.0_18) O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab (get_atlcom Class) O16 - DPF: {E77F23EB-E7AB-4502-8F37-247DBAF1A147} hxxp://gfx2.hotmail.com/mail/w4/pr01/photouploadcontrol/VistaMSNPUpldde-de.cab (Windows Live Hotmail Photo Upload Tool) O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.0.1 O18 - Protocol\Handler\livecall {828030A1-22C1-4009-854F-8E305202313F} - F:\PROGRA~2\WIC4A1~1\MESSEN~1\MSGRAP~1.DLL (Microsoft Corporation) O18 - Protocol\Handler\msnim {828030A1-22C1-4009-854F-8E305202313F} - F:\PROGRA~2\WIC4A1~1\MESSEN~1\MSGRAP~1.DLL (Microsoft Corporation) O18 - Protocol\Handler\mso-offdap {3D9F03FA-7A94-11D3-BE81-0050048385D1} - F:\PROGRA~2\COMMON~1\MICROS~1\WEBCOM~1\10\OWC10.DLL (Microsoft Corporation) O18 - Protocol\Handler\wlmailhtml {03C514A3-1EFB-4856-9F99-10D7BE1653C0} - F:\Programme\Windows Live\Mail\mailcomm.dll (Microsoft Corporation) O18 - Protocol\Filter\text/xml {807563E5-5146-11D5-A672-00B0D022E945} - F:\PROGRA~2\COMMON~1\MICROS~1\OFFICE12\MSOXMLMF.DLL (Microsoft Corporation) O20 - HKLM Winlogon: Shell - (explorer.exe) - F:\Windows\explorer.exe (Microsoft Corporation) O20 - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - F:\Windows\System32\SystemPropertiesPerformance.exe (Microsoft Corporation) O20 - HKLM Winlogon: VMApplet - (/pagefile) - File not found O20 - HKCU Winlogon: Shell - (explorer.exe) - F:\Windows\explorer.exe (Microsoft Corporation) O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - CLSID or File not found. O30 - LSA: Security Packages - (pku2u) - F:\Windows\System32\pku2u.dll (Microsoft Corporation) O32 - HKLM CDRom: AutoRun - 1 O32 - AutoRun File - [2006.10.27 21:37:40 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ] O32 - AutoRun File - [2009.06.10 23:42:20 | 000,000,024 | ---- | M] () - F:\autoexec.bat -- [ NTFS ] O34 - HKLM BootExecute: (autocheck autochk *) - File not found O35 - HKLM\..comfile [open] -- "%1" %* O35 - HKLM\..exefile [open] -- "%1" %* O37 - HKLM\...com [@ = comfile] -- "%1" %* O37 - HKLM\...exe [@ = exefile] -- "%1" %* ========== Files/Folders - Created Within 30 Days ========== [2010.10.22 16:58:37 | 000,107,520 | ---- | C] (Microsoft Corporation) -- F:\Users\Mudimu\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\mousedriver.exe [2010.10.22 16:58:37 | 000,000,000 | ---D | C] -- F:\Users\Mudimu\AppData\Roaming\updates [2010.10.20 17:54:25 | 000,000,000 | ---D | C] -- F:\Users\Mudimu\Desktop\Numba [2010.10.20 17:02:09 | 000,000,000 | ---D | C] -- F:\ProgramData\NOS [2010.10.20 17:02:08 | 000,000,000 | ---D | C] -- F:\Program Files\NOS [2010.10.19 23:49:43 | 000,000,000 | ---D | C] -- F:\Users\Mudimu\AppData\Roaming\Malwarebytes [2010.10.19 23:49:32 | 000,038,224 | ---- | C] (Malwarebytes Corporation) -- F:\Windows\System32\drivers\mbamswissarmy.sys [2010.10.19 23:49:31 | 000,020,952 | ---- | C] (Malwarebytes Corporation) -- F:\Windows\System32\drivers\mbam.sys [2010.10.19 23:49:31 | 000,000,000 | ---D | C] -- F:\ProgramData\Malwarebytes [2010.10.19 23:49:30 | 000,000,000 | ---D | C] -- F:\Program Files\Malwarebytes' Anti-Malware [2010.10.18 19:32:46 | 000,000,000 | ---D | C] -- F:\Windows\System32\appmgmt [2010.10.18 10:25:31 | 000,000,000 | ---D | C] -- F:\Windows\pss [2010.10.17 19:15:27 | 000,000,000 | -H-D | C] -- F:\Users\Mudimu\Desktop\.picasaoriginals [2010.10.16 21:59:37 | 000,000,000 | -HSD | C] -- F:\ProgramData\SMHGCYE [2010.10.16 21:59:37 | 000,000,000 | -HSD | C] -- F:\Users\Mudimu\AppData\Roaming\Smart Engine [2010.10.16 17:12:59 | 000,000,000 | ---D | C] -- F:\Program Files\Trend Micro [2010.10.15 23:20:49 | 000,000,000 | ---D | C] -- F:\Programme\MSECache [2010.10.14 20:53:43 | 000,000,000 | ---D | C] -- F:\Users\Mudimu\AppData\Local\{71D81AB0-74A4-4E16-A52F-46750D03B515} [2010.10.13 17:00:29 | 000,363,520 | ---- | C] (Microsoft Corporation) -- F:\Windows\System32\StructuredQuery.dll [2010.10.13 12:36:44 | 000,096,104 | ---- | C] (Avira GmbH) -- F:\Windows\System32\drivers\avipbb.sys [2010.10.13 12:36:44 | 000,056,816 | ---- | C] (Avira GmbH) -- F:\Windows\System32\drivers\avgntflt.sys [2010.10.13 12:36:44 | 000,028,520 | ---- | C] (Avira GmbH) -- F:\Windows\System32\drivers\ssmdrv.sys [2010.10.13 12:36:25 | 000,000,000 | ---D | C] -- F:\ProgramData\Avira [2010.10.13 12:36:25 | 000,000,000 | ---D | C] -- F:\Program Files\Avira [2010.10.13 11:49:45 | 000,000,000 | ---D | C] -- F:\Users\Mudimu\AppData\Roaming\download [2010.10.13 11:12:01 | 000,000,000 | ---D | C] -- F:\ProgramData\Grisoft [2010.10.12 23:49:13 | 000,000,000 | ---D | C] -- F:\Users\Mudimu\AppData\Roaming\download2 [2010.10.11 21:33:06 | 000,000,000 | -H-D | C] -- F:\Users\Public\Documents\Server [2010.10.11 18:41:57 | 000,719,872 | ---- | C] (Abysmal Software) -- F:\Windows\System32\devil.dll [2010.10.11 18:41:57 | 000,369,152 | ---- | C] (The Public) -- F:\Windows\System32\avisynth.dll [2010.10.11 18:41:56 | 000,070,656 | ---- | C] (www.helixcommunity.org) -- F:\Windows\System32\yv12vfw.dll [2010.10.11 18:41:56 | 000,070,656 | ---- | C] (www.helixcommunity.org) -- F:\Windows\System32\i420vfw.dll [2010.10.11 18:41:55 | 000,000,000 | ---D | C] -- F:\Program Files\AviSynth 2.5 [2010.10.11 18:40:23 | 000,090,112 | RHS- | C] (-) -- F:\Windows\System32\TTADSSplitter.ax [2010.10.11 18:40:22 | 000,092,672 | RHS- | C] (RadLight) -- F:\Windows\System32\RLVorbisDec.ax [2010.10.11 18:40:22 | 000,090,112 | RHS- | C] (-) -- F:\Windows\System32\TTADSDecoder.ax [2010.10.11 18:40:22 | 000,067,584 | RHS- | C] (RadLight, LLC) -- F:\Windows\System32\RLTheoraDec.ax [2010.10.11 18:40:21 | 000,186,880 | RHS- | C] (RadLight) -- F:\Windows\System32\RLOgg.ax [2010.10.11 18:40:20 | 000,161,792 | RHS- | C] (Gabest) -- F:\Windows\System32\RealMediaDX.ax [2010.10.11 18:40:19 | 000,216,064 | RHS- | C] (MONOGRAM Multimedia, s.r.o.) -- F:\Windows\System32\nbDX.dll [2010.10.11 18:40:19 | 000,169,472 | RHS- | C] (Gabest) -- F:\Windows\System32\MatroskaDX.ax [2010.10.11 18:40:19 | 000,031,232 | RHS- | C] (Hans Mayerl) -- F:\Windows\System32\msfDX.dll [2010.10.11 18:40:18 | 000,179,200 | RHS- | C] (Gabest) -- F:\Windows\System32\DiracSplitter.ax [2010.10.11 18:40:18 | 000,163,328 | RHS- | C] (Gabest) -- F:\Windows\System32\flvDX.dll [2010.10.11 18:40:17 | 000,123,904 | RHS- | C] (CoreCodec) -- F:\Windows\System32\AVCDX.ax [2010.10.11 18:39:00 | 000,000,000 | ---D | C] -- F:\Program Files\eRightSoft [2010.10.10 21:52:51 | 000,000,000 | ---D | C] -- F:\ProgramData\AntiVir PersonalEdition Classic [2010.10.08 16:13:25 | 000,000,000 | ---D | C] -- F:\Program Files\iPod [2010.10.08 16:13:11 | 000,000,000 | ---D | C] -- F:\Program Files\iTunes [2010.10.08 15:57:28 | 000,000,000 | ---D | C] -- F:\Programme\QuickTime [2010.10.08 15:54:09 | 000,000,000 | ---D | C] -- F:\Programme\Bonjour [1 F:\Users\Mudimu\*.tmp files -> F:\Users\Mudimu\*.tmp -> ] ========== Files - Modified Within 30 Days ========== [2010.10.22 17:41:00 | 000,001,096 | ---- | M] () -- F:\Windows\tasks\GoogleUpdateTaskMachineUA.job [2010.10.22 16:58:32 | 000,107,520 | ---- | M] (Microsoft Corporation) -- F:\Users\Mudimu\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\mousedriver.exe [2010.10.22 16:09:53 | 000,067,584 | --S- | M] () -- F:\Windows\bootstat.dat [2010.10.22 13:42:49 | 000,002,290 | ---- | M] () -- F:\Users\Public\Desktop\Google Chrome.lnk [2010.10.22 13:41:04 | 000,001,092 | ---- | M] () -- F:\Windows\tasks\GoogleUpdateTaskMachineCore.job [2010.10.22 08:21:16 | 000,014,752 | -H-- | M] () -- F:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0 [2010.10.22 08:21:16 | 000,014,752 | -H-- | M] () -- F:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0 [2010.10.22 08:13:39 | 804,659,200 | -HS- | M] () -- F:\hiberfil.sys [2010.10.19 23:49:34 | 000,000,983 | ---- | M] () -- F:\Users\Public\Desktop\Malwarebytes' Anti-Malware.lnk [2010.10.19 23:15:28 | 000,000,217 | ---- | M] () -- F:\Users\Mudimu\AppData\Roaming\18719.bat [2010.10.19 11:41:44 | 000,222,080 | ---- | M] (Microsoft Corporation) -- F:\Windows\System32\MpSigStub.exe [2010.10.18 15:24:56 | 000,023,552 | ---- | M] () -- F:\Users\Mudimu\Documents\Remove Wininit.doc [2010.10.17 23:57:23 | 000,000,006 | ---- | M] () -- F:\Users\Mudimu\AppData\Roaming\start [2010.10.17 23:50:51 | 000,000,010 | ---- | M] () -- F:\Users\Mudimu\AppData\Roaming\install [2010.10.17 23:42:31 | 000,096,104 | ---- | M] (Avira GmbH) -- F:\Windows\System32\drivers\avipbb.sys [2010.10.17 23:42:31 | 000,056,816 | ---- | M] (Avira GmbH) -- F:\Windows\System32\drivers\avgntflt.sys [2010.10.17 23:42:31 | 000,028,520 | ---- | M] (Avira GmbH) -- F:\Windows\System32\drivers\ssmdrv.sys [2010.10.17 23:32:56 | 000,000,185 | ---- | M] () -- F:\Users\Mudimu\AppData\Roaming\23311.bat [2010.10.17 19:15:28 | 000,143,976 | ---- | M] () -- F:\Users\Mudimu\Desktop\101013_171857.jpg [2010.10.17 17:40:16 | 000,648,466 | ---- | M] () -- F:\Windows\System32\perfh007.dat [2010.10.17 17:40:16 | 000,611,134 | ---- | M] () -- F:\Windows\System32\perfh009.dat [2010.10.17 17:40:16 | 000,128,724 | ---- | M] () -- F:\Windows\System32\perfc007.dat [2010.10.17 17:40:16 | 000,105,314 | ---- | M] () -- F:\Windows\System32\perfc009.dat [2010.10.17 12:57:10 | 000,002,109 | RHS- | M] () -- F:\Windows\System32\drivers\etc\hosts [2010.10.16 17:13:27 | 000,002,043 | ---- | M] () -- F:\Users\Mudimu\Desktop\HijackThis.lnk [2010.10.16 12:59:52 | 000,000,120 | ---- | M] () -- F:\Users\Mudimu\AppData\Local\Cperafujahoza.dat [2010.10.16 12:59:37 | 000,000,000 | ---- | M] () -- F:\Users\Mudimu\AppData\Local\Ksavegaqabiheba.bin [2010.10.13 22:04:19 | 001,991,640 | ---- | M] () -- F:\Users\Mudimu\Desktop\SPB_TV_2.0.ipa [2010.10.13 12:51:30 | 000,002,016 | ---- | M] () -- F:\Users\Public\Desktop\Avira AntiVir Control Center.lnk [2010.10.11 18:40:24 | 000,001,998 | ---- | M] () -- F:\Users\Public\Desktop\SUPER © Uninstall.lnk [2010.10.11 18:40:24 | 000,001,974 | ---- | M] () -- F:\Users\Public\Desktop\SUPER ©.lnk [2010.10.10 15:45:16 | 000,001,284 | ---- | M] () -- F:\Users\Public\Desktop\Fahren Lernen Offline.lnk [2010.10.08 16:16:40 | 000,002,429 | ---- | M] () -- F:\Users\Public\Desktop\iTunes.lnk [2010.10.08 15:58:20 | 000,001,815 | ---- | M] () -- F:\Users\Public\Desktop\QuickTime Player.lnk [2010.09.25 18:08:24 | 000,102,020 | ---- | M] () -- F:\Users\Mudimu\Desktop\fvwt34wb9xs.jpg [1 F:\Users\Mudimu\*.tmp files -> F:\Users\Mudimu\*.tmp -> ] ========== Files Created - No Company Name ========== [2010.10.19 23:49:34 | 000,000,983 | ---- | C] () -- F:\Users\Public\Desktop\Malwarebytes' Anti-Malware.lnk [2010.10.19 23:15:28 | 000,000,217 | ---- | C] () -- F:\Users\Mudimu\AppData\Roaming\18719.bat [2010.10.18 15:24:56 | 000,023,552 | ---- | C] () -- F:\Users\Mudimu\Documents\Remove Wininit.doc [2010.10.17 23:57:23 | 000,000,006 | ---- | C] () -- F:\Users\Mudimu\AppData\Roaming\start [2010.10.17 23:50:51 | 000,000,010 | ---- | C] () -- F:\Users\Mudimu\AppData\Roaming\install [2010.10.17 23:32:56 | 000,000,185 | ---- | C] () -- F:\Users\Mudimu\AppData\Roaming\23311.bat [2010.10.17 19:15:28 | 000,143,976 | ---- | C] () -- F:\Users\Mudimu\Desktop\101013_171857.jpg [2010.10.16 17:13:01 | 000,002,043 | ---- | C] () -- F:\Users\Mudimu\Desktop\HijackThis.lnk [2010.10.14 20:53:44 | 000,000,120 | ---- | C] () -- F:\Users\Mudimu\AppData\Local\Cperafujahoza.dat [2010.10.14 20:53:44 | 000,000,000 | ---- | C] () -- F:\Users\Mudimu\AppData\Local\Ksavegaqabiheba.bin [2010.10.13 22:04:16 | 001,991,640 | ---- | C] () -- F:\Users\Mudimu\Desktop\SPB_TV_2.0.ipa [2010.10.13 12:51:30 | 000,002,016 | ---- | C] () -- F:\Users\Public\Desktop\Avira AntiVir Control Center.lnk [2010.10.11 18:41:56 | 000,027,648 | ---- | C] () -- F:\Windows\System32\AVSredirect.dll [2010.10.11 18:40:24 | 000,001,998 | ---- | C] () -- F:\Users\Public\Desktop\SUPER © Uninstall.lnk [2010.10.11 18:40:24 | 000,001,974 | ---- | C] () -- F:\Users\Public\Desktop\SUPER ©.lnk [2010.10.11 18:40:22 | 000,051,712 | RHS- | C] () -- F:\Windows\System32\RLSpeexDec.ax [2010.10.11 18:40:21 | 000,107,520 | RHS- | C] () -- F:\Windows\System32\RLMPCDec.ax [2010.10.11 18:40:21 | 000,070,656 | RHS- | C] () -- F:\Windows\System32\RLAPEDec.ax [2010.10.11 18:40:19 | 000,120,832 | RHS- | C] () -- F:\Windows\System32\MPCDx.ax [2010.10.11 18:40:18 | 000,097,280 | RHS- | C] () -- F:\Windows\System32\FLACDX.ax [2010.10.11 18:40:17 | 000,175,104 | RHS- | C] () -- F:\Windows\System32\CoreAAC.ax [2010.10.11 18:40:16 | 000,227,328 | RHS- | C] () -- F:\Windows\System32\ac3DX.ax [2010.10.11 18:40:16 | 000,081,920 | RHS- | C] () -- F:\Windows\System32\aac_parser.ax [2010.10.08 16:16:40 | 000,002,429 | ---- | C] () -- F:\Users\Public\Desktop\iTunes.lnk [2010.10.08 15:58:20 | 000,001,815 | ---- | C] () -- F:\Users\Public\Desktop\QuickTime Player.lnk [2010.09.25 18:08:12 | 000,102,020 | ---- | C] () -- F:\Users\Mudimu\Desktop\fvwt34wb9xs.jpg [2010.08.16 23:54:41 | 000,007,168 | ---- | C] () -- F:\Users\Mudimu\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini [2010.06.13 10:32:52 | 000,000,534 | ---- | C] () -- F:\Windows\ODBC.INI [2009.07.14 01:51:43 | 000,073,728 | ---- | C] () -- F:\Windows\System32\BthpanContextHandler.dll [2009.07.14 01:42:10 | 000,064,000 | ---- | C] () -- F:\Windows\System32\BWContextHandler.dll [2004.08.13 09:56:20 | 000,005,810 | ---- | C] () -- F:\Windows\System32\drivers\ASACPI.sys < End of report > |
|
22.10.2010, 17:15
| #20 |
| | explorer.exe (TR/Spy.2614272.4) und wininit.exe (TR/Spy96256.33) bereiten Probleme OTL Logfile: Code:
ATTFilter OTL logfile created on: 22.10.2010 18:04:33 - Run 2 OTL by OldTimer - Version 3.2.16.0 Folder = F:\Users\Mudimu\Downloads An unknown product (Version = 6.1.7600) - Type = NTWorkstation Internet Explorer (Version = 8.0.7600.16385) Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy 1.023,00 Mb Total Physical Memory | 461,00 Mb Available Physical Memory | 45,00% Memory free 2,00 Gb Paging File | 1,00 Gb Available in Paging File | 55,00% Paging File free Paging file location(s): ?:\pagefile.sys [binary data] %SystemDrive% = F: | %SystemRoot% = F:\Windows | %ProgramFiles% = F:\Program Files Drive C: | 2,00 Gb Total Space | 0,01 Gb Free Space | 0,64% Space Free | Partition Type: NTFS Drive F: | 97,65 Gb Total Space | 7,41 Gb Free Space | 7,58% Space Free | Partition Type: NTFS Drive G: | 24,41 Gb Total Space | 0,02 Gb Free Space | 0,07% Space Free | Partition Type: NTFS Drive H: | 11,72 Gb Total Space | 10,46 Gb Free Space | 89,26% Space Free | Partition Type: NTFS Computer Name: MUDIMU-PC | User Name: Mudimu | Logged in as Administrator. Boot Mode: Normal | Scan Mode: Current user Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days ========== Processes (SafeList) ========== PRC - F:\Users\Mudimu\AppData\Local\Temp\543903.exe (Microsoft Corporation) PRC - F:\Users\Mudimu\AppData\Local\Temp\86867.exe () PRC - F:\Users\Mudimu\Downloads\OTL.exe (OldTimer Tools) PRC - F:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe (Apple Inc.) PRC - F:\Program Files\Common Files\Real\Update_OB\realsched.exe (RealNetworks, Inc.) PRC - F:\Program Files\DivX\DivX Update\DivXUpdate.exe () PRC - F:\Program Files\Malwarebytes' Anti-Malware\mbam.exe (Malwarebytes Corporation) PRC - F:\Programme\Mozilla Firefox\firefox.exe (Mozilla Corporation) PRC - F:\Program Files\McAfee Security Scan\2.0.181\SSScheduler.exe (McAfee, Inc.) PRC - F:\Program Files\Audible\Bin\AudibleDownloadHelper.exe (Audible, Inc.) PRC - F:\Windows\explorer.exe (Microsoft Corporation) PRC - F:\Windows\System32\taskhost.exe (Microsoft Corporation) PRC - F:\Programme\Windows Media Player\wmpnetwk.exe (Microsoft Corporation) ========== Modules (SafeList) ========== MOD - F:\Users\Mudimu\Downloads\OTL.exe (OldTimer Tools) MOD - F:\Windows\System32\sspicli.dll (Microsoft Corporation) MOD - F:\Windows\System32\sechost.dll (Microsoft Corporation) MOD - F:\Windows\System32\samcli.dll (Microsoft Corporation) MOD - F:\Windows\System32\profapi.dll (Microsoft Corporation) MOD - F:\Windows\System32\netutils.dll (Microsoft Corporation) MOD - F:\Windows\System32\KernelBase.dll (Microsoft Corporation) MOD - F:\Windows\System32\dwmapi.dll (Microsoft Corporation) MOD - F:\Windows\System32\devobj.dll (Microsoft Corporation) MOD - F:\Windows\System32\cryptbase.dll (Microsoft Corporation) MOD - F:\Windows\System32\cfgmgr32.dll (Microsoft Corporation) MOD - F:\Windows\System32\msscript.ocx (Microsoft Corporation) MOD - F:\Windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7600.16385_none_421189da2b7fabfc\comctl32.dll (Microsoft Corporation) ========== Win32 Services (SafeList) ========== SRV - (AntiVirSchedulerService) -- F:\Program Files\Avira\AntiVir Desktop\sched.exe (Avira GmbH) SRV - (AntiVirService) -- F:\Program Files\Avira\AntiVir Desktop\avguard.exe (Avira GmbH) SRV - (Steam Client Service) -- F:\Program Files\Common Files\Steam\SteamService.exe (Valve Corporation) SRV - (nosGetPlusHelper) getPlus(R) -- F:\Program Files\NOS\bin\getPlus_Helper_3004.dll (NOS Microsystems Ltd.) SRV - (Apple Mobile Device) -- F:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe (Apple Inc.) SRV - (clr_optimization_v4.0.30319_32) -- F:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe (Microsoft Corporation) SRV - (McComponentHostService) -- F:\Program Files\McAfee Security Scan\2.0.181\McCHSvc.exe (McAfee, Inc.) SRV - (WwanSvc) -- F:\Windows\System32\wwansvc.dll (Microsoft Corporation) SRV - (WbioSrvc) -- F:\Windows\System32\wbiosrvc.dll (Microsoft Corporation) SRV - (Power) -- F:\Windows\System32\umpo.dll (Microsoft Corporation) SRV - (Themes) -- F:\Windows\System32\themeservice.dll (Microsoft Corporation) SRV - (sppuinotify) -- F:\Windows\System32\sppuinotify.dll (Microsoft Corporation) SRV - (StorSvc) -- F:\Windows\System32\StorSvc.dll (Microsoft Corporation) SRV - (RpcEptMapper) -- F:\Windows\System32\RpcEpMap.dll (Microsoft Corporation) SRV - (SensrSvc) -- F:\Windows\System32\sensrsvc.dll (Microsoft Corporation) SRV - (PeerDistSvc) -- F:\Windows\System32\PeerDistSvc.dll (Microsoft Corporation) SRV - (PNRPsvc) -- F:\Windows\System32\pnrpsvc.dll (Microsoft Corporation) SRV - (p2pimsvc) -- F:\Windows\System32\pnrpsvc.dll (Microsoft Corporation) SRV - (HomeGroupProvider) -- F:\Windows\System32\provsvc.dll (Microsoft Corporation) SRV - (PNRPAutoReg) -- F:\Windows\System32\pnrpauto.dll (Microsoft Corporation) SRV - (WinDefend) -- F:\Program Files\Windows Defender\mpsvc.dll (Microsoft Corporation) SRV - (HomeGroupListener) -- F:\Windows\System32\ListSvc.dll (Microsoft Corporation) SRV - (FontCache) -- F:\Windows\System32\FntCache.dll (Microsoft Corporation) SRV - (Dhcp) -- F:\Windows\System32\dhcpcore.dll (Microsoft Corporation) SRV - (defragsvc) -- F:\Windows\System32\defragsvc.dll (Microsoft Corporation) SRV - (BDESVC) -- F:\Windows\System32\bdesvc.dll (Microsoft Corporation) SRV - (AxInstSV) ActiveX-Installer (AxInstSV) -- F:\Windows\System32\AxInstSv.dll (Microsoft Corporation) SRV - (AppIDSvc) -- F:\Windows\System32\appidsvc.dll (Microsoft Corporation) SRV - (sppsvc) -- F:\Windows\System32\sppsvc.exe (Microsoft Corporation) ========== Driver Services (SafeList) ========== DRV - (avipbb) -- F:\Windows\System32\drivers\avipbb.sys (Avira GmbH) DRV - (avgntflt) -- F:\Windows\System32\drivers\avgntflt.sys (Avira GmbH) DRV - (ssmdrv) -- F:\Windows\System32\drivers\ssmdrv.sys (Avira GmbH) DRV - (MBAMSwissArmy) -- F:\Windows\System32\drivers\mbamswissarmy.sys (Malwarebytes Corporation) DRV - (KSecPkg) -- F:\Windows\System32\Drivers\ksecpkg.sys (Microsoft Corporation) DRV - (cmdide) -- F:\Windows\system32\DRIVERS\cmdide.sys (CMD Technology, Inc.) DRV - (adpahci) -- F:\Windows\system32\DRIVERS\adpahci.sys (Adaptec, Inc.) DRV - (adp94xx) -- F:\Windows\system32\DRIVERS\adp94xx.sys (Adaptec, Inc.) DRV - (amdsbs) -- F:\Windows\system32\DRIVERS\amdsbs.sys (AMD Technologies Inc.) DRV - (adpu320) -- F:\Windows\system32\DRIVERS\adpu320.sys (Adaptec, Inc.) DRV - (arcsas) -- F:\Windows\system32\DRIVERS\arcsas.sys (Adaptec, Inc.) DRV - (amdsata) -- F:\Windows\system32\DRIVERS\amdsata.sys (Advanced Micro Devices) DRV - (arc) -- F:\Windows\system32\DRIVERS\arc.sys (Adaptec, Inc.) DRV - (amdxata) -- F:\Windows\system32\DRIVERS\amdxata.sys (Advanced Micro Devices) DRV - (aliide) -- F:\Windows\system32\DRIVERS\aliide.sys (Acer Laboratories Inc.) DRV - (nvstor) -- F:\Windows\system32\DRIVERS\nvstor.sys (NVIDIA Corporation) DRV - (nvraid) -- F:\Windows\system32\DRIVERS\nvraid.sys (NVIDIA Corporation) DRV - (nfrd960) -- F:\Windows\system32\DRIVERS\nfrd960.sys (IBM Corporation) DRV - (LSI_SAS) -- F:\Windows\system32\DRIVERS\lsi_sas.sys (LSI Corporation) DRV - (iaStorV) -- F:\Windows\system32\DRIVERS\iaStorV.sys (Intel Corporation) DRV - (MegaSR) -- F:\Windows\system32\DRIVERS\MegaSR.sys (LSI Corporation, Inc.) DRV - (LSI_SCSI) -- F:\Windows\system32\DRIVERS\lsi_scsi.sys (LSI Corporation) DRV - (LSI_FC) -- F:\Windows\system32\DRIVERS\lsi_fc.sys (LSI Corporation) DRV - (LSI_SAS2) -- F:\Windows\system32\DRIVERS\lsi_sas2.sys (LSI Corporation) DRV - (iirsp) -- F:\Windows\system32\DRIVERS\iirsp.sys (Intel Corp./ICP vortex GmbH) DRV - (megasas) -- F:\Windows\system32\DRIVERS\megasas.sys (LSI Corporation) DRV - (hwpolicy) -- F:\Windows\System32\drivers\hwpolicy.sys (Microsoft Corporation) DRV - (elxstor) -- F:\Windows\system32\DRIVERS\elxstor.sys (Emulex) DRV - (aic78xx) -- F:\Windows\system32\DRIVERS\djsvs.sys (Adaptec, Inc.) DRV - (HpSAMD) -- F:\Windows\system32\DRIVERS\HpSAMD.sys (Hewlett-Packard Company) DRV - (FsDepends) -- F:\Windows\System32\drivers\fsdepends.sys (Microsoft Corporation) DRV - (vsmraid) -- F:\Windows\system32\DRIVERS\vsmraid.sys (VIA Technologies Inc.,Ltd) DRV - (vmbus) -- F:\Windows\system32\DRIVERS\vmbus.sys (Microsoft Corporation) DRV - (vhdmp) -- F:\Windows\system32\DRIVERS\vhdmp.sys (Microsoft Corporation) DRV - (storflt) -- F:\Windows\system32\DRIVERS\vmstorfl.sys (Microsoft Corporation) DRV - (vdrvroot) -- F:\Windows\system32\DRIVERS\vdrvroot.sys (Microsoft Corporation) DRV - (storvsc) -- F:\Windows\system32\DRIVERS\storvsc.sys (Microsoft Corporation) DRV - (WIMMount) -- F:\Windows\System32\drivers\wimmount.sys (Microsoft Corporation) DRV - (viaide) -- F:\Windows\system32\DRIVERS\viaide.sys (VIA Technologies, Inc.) DRV - (ql2300) -- F:\Windows\system32\DRIVERS\ql2300.sys (QLogic Corporation) DRV - (rdyboost) -- F:\Windows\System32\drivers\rdyboost.sys (Microsoft Corporation) DRV - (ql40xx) -- F:\Windows\system32\DRIVERS\ql40xx.sys (QLogic Corporation) DRV - (SiSRaid4) -- F:\Windows\system32\DRIVERS\sisraid4.sys (Silicon Integrated Systems) DRV - (pcw) -- F:\Windows\System32\drivers\pcw.sys (Microsoft Corporation) DRV - (SiSRaid2) -- F:\Windows\system32\DRIVERS\SiSRaid2.sys (Silicon Integrated Systems Corp.) DRV - (stexstor) -- F:\Windows\system32\DRIVERS\stexstor.sys (Promise Technology) DRV - (CNG) -- F:\Windows\System32\Drivers\cng.sys (Microsoft Corporation) DRV - (Brserid) Brother MFC Serial Port Interface Driver (WDM) -- F:\Windows\System32\Drivers\Brserid.sys (Brother Industries Ltd.) DRV - (rdpbus) -- F:\Windows\System32\drivers\rdpbus.sys (Microsoft Corporation) DRV - (RDPREFMP) -- F:\Windows\System32\drivers\RDPREFMP.sys (Microsoft Corporation) DRV - (RasAgileVpn) WAN Miniport (IKEv2) -- F:\Windows\System32\drivers\agilevpn.sys (Microsoft Corporation) DRV - (WfpLwf) -- F:\Windows\System32\drivers\wfplwf.sys (Microsoft Corporation) DRV - (NdisCap) -- F:\Windows\System32\drivers\ndiscap.sys (Microsoft Corporation) DRV - (vwifibus) -- F:\Windows\System32\drivers\vwifibus.sys (Microsoft Corporation) DRV - (1394ohci) -- F:\Windows\system32\DRIVERS\1394ohci.sys (Microsoft Corporation) DRV - (UmPass) -- F:\Windows\system32\DRIVERS\umpass.sys (Microsoft Corporation) DRV - (usbaudio) USB-Audiotreiber (WDM) -- F:\Windows\System32\drivers\USBAUDIO.sys (Microsoft Corporation) DRV - (WinUsb) -- F:\Windows\System32\drivers\winusb.sys (Microsoft Corporation) DRV - (mshidkmdf) -- F:\Windows\System32\drivers\mshidkmdf.sys (Microsoft Corporation) DRV - (MTConfig) -- F:\Windows\system32\DRIVERS\MTConfig.sys (Microsoft Corporation) DRV - (CompositeBus) -- F:\Windows\System32\drivers\CompositeBus.sys (Microsoft Corporation) DRV - (AppID) -- F:\Windows\system32\drivers\appid.sys (Microsoft Corporation) DRV - (scfilter) -- F:\Windows\System32\drivers\scfilter.sys (Microsoft Corporation) DRV - (s3cap) -- F:\Windows\system32\DRIVERS\vms3cap.sys (Microsoft Corporation) DRV - (VMBusHID) -- F:\Windows\system32\DRIVERS\VMBusHID.sys (Microsoft Corporation) DRV - (discache) -- F:\Windows\System32\drivers\discache.sys (Microsoft Corporation) DRV - (AcpiPmi) -- F:\Windows\system32\DRIVERS\acpipmi.sys (Microsoft Corporation) DRV - (AmdPPM) -- F:\Windows\system32\DRIVERS\amdppm.sys (Microsoft Corporation) DRV - (hcw85cir) -- F:\Windows\system32\drivers\hcw85cir.sys (Hauppauge Computer Works, Inc.) DRV - (BrUsbMdm) -- F:\Windows\System32\Drivers\BrUsbMdm.sys (Brother Industries Ltd.) DRV - (BrUsbSer) -- F:\Windows\System32\Drivers\BrUsbSer.sys (Brother Industries Ltd.) DRV - (BrSerWdm) -- F:\Windows\System32\Drivers\BrSerWdm.sys (Brother Industries Ltd.) DRV - (BrFiltLo) -- F:\Windows\system32\DRIVERS\BrFiltLo.sys (Brother Industries, Ltd.) DRV - (BrFiltUp) -- F:\Windows\system32\DRIVERS\BrFiltUp.sys (Brother Industries, Ltd.) DRV - (atikmdag) -- F:\Windows\System32\drivers\atikmdag.sys (ATI Technologies Inc.) DRV - (yukonw7) -- F:\Windows\System32\drivers\yk62x86.sys (Marvell) DRV - (b57nd60x) -- F:\Windows\System32\drivers\b57nd60x.sys (Broadcom Corporation) DRV - (ebdrv) -- F:\Windows\system32\DRIVERS\evbdx.sys (Broadcom Corporation) DRV - (b06bdrv) -- F:\Windows\system32\DRIVERS\bxvbdx.sys (Broadcom Corporation) DRV - (avgio) -- F:\Program Files\Avira\AntiVir Desktop\avgio.sys (Avira GmbH) DRV - (MTsensor) -- F:\Windows\System32\drivers\ASACPI.sys () ========== Standard Registry (SafeList) ========== ========== Internet Explorer ========== IE - HKLM\..\URLSearchHook: {542e4d79-1970-4e95-9862-fdb96f61b280} - F:\Program Files\Messenger_Plus_Live_Germany\tbMess.dll (Conduit Ltd.) IE - HKLM\..\URLSearchHook: {76aeea42-e04a-4b62-83ab-df4b2be2541e} - F:\Program Files\MessengerPlusLive_Germany_TB\tbMess.dll (Conduit Ltd.) IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = MSN, Messenger und Hotmail sowie Nachrichten, Unterhaltung, Video, Sport, Lifestyle, Finanzen, Auto uvm. bei MSN IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = MSN, Messenger und Hotmail sowie Nachrichten, Unterhaltung, Video, Sport, Lifestyle, Finanzen, Auto uvm. bei MSN IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = de IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = D6 10 54 A8 4E 27 CB 01 [binary data] IE - HKCU\..\URLSearchHook: {542e4d79-1970-4e95-9862-fdb96f61b280} - F:\Program Files\Messenger_Plus_Live_Germany\tbMess.dll (Conduit Ltd.) IE - HKCU\..\URLSearchHook: {76aeea42-e04a-4b62-83ab-df4b2be2541e} - F:\Program Files\MessengerPlusLive_Germany_TB\tbMess.dll (Conduit Ltd.) IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 1 IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyServer" = http=127.0.0.1:25536 ========== FireFox ========== FF - prefs.js..browser.startup.homepage: "hxxp://de.start3.mozilla.com/firefox?client=firefox-a&rls=org.mozilla:de:official" FF - prefs.js..extensions.enabledItems: {542e4d79-1970-4e95-9862-fdb96f61b280}:2.6.0.15 FF - prefs.js..extensions.enabledItems: {ABDE892B-13A8-4d1b-88E6-365A6E755758}:1.1.5 FF - prefs.js..extensions.enabledItems: {e4a8a97b-f2ed-450b-b12d-ee082ba24781}:0.8.20100408.6 FF - prefs.js..extensions.enabledItems: {76aeea42-e04a-4b62-83ab-df4b2be2541e}:2.7.2.0 FF - prefs.js..extensions.enabledItems: {6e764c17-863a-450f-bdd0-6772bd5aaa18}:1.0.3 FF - prefs.js..extensions.enabledItems: {d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}:1.2.2 FF - prefs.js..extensions.enabledItems: {71D81AB0-74A4-4E16-A52F-46750D03B515}:1.9.1 FF - prefs.js..extensions.enabledItems: {d40f5e7b-d2cf-4856-b441-cc613eeffbe3}:1.48.3 FF - prefs.js..extensions.enabledItems: {E2883E8F-472F-4fb0-9522-AC9BF37916A7}:1.6.2.91 FF - prefs.js..network.proxy.type: 0 FF - HKLM\software\mozilla\Firefox\Extensions\\{ABDE892B-13A8-4d1b-88E6-365A6E755758}: F:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\Firefox\Ext [2010.07.24 19:33:10 | 000,000,000 | ---D | M] FF - HKLM\software\mozilla\Mozilla Firefox 3.6.11\extensions\\Components: F:\Program Files\Mozilla Firefox\components [2010.04.13 19:24:26 | 000,000,000 | ---D | M] FF - HKLM\software\mozilla\Mozilla Firefox 3.6.11\extensions\\Plugins: F:\Program Files\Mozilla Firefox\plugins [2010.05.25 21:06:20 | 000,000,000 | ---D | M] [2010.07.03 21:54:31 | 000,000,000 | ---D | M] -- F:\Users\Mudimu\AppData\Roaming\mozilla\Extensions [2010.07.03 21:54:31 | 000,000,000 | ---D | M] -- F:\Users\Mudimu\AppData\Roaming\mozilla\Extensions\mozswing@mozswing.org [2010.10.22 15:12:15 | 000,000,000 | ---D | M] -- F:\Users\Mudimu\AppData\Roaming\mozilla\Firefox\Profiles\6lq47pgj.default\extensions [2010.07.20 14:32:14 | 000,000,000 | ---D | M] (Messenger Plus Live Germany Toolbar) -- F:\Users\Mudimu\AppData\Roaming\mozilla\Firefox\Profiles\6lq47pgj.default\extensions\{542e4d79-1970-4e95-9862-fdb96f61b280} [2010.10.11 18:14:16 | 000,000,000 | ---D | M] (Media Converter) -- F:\Users\Mudimu\AppData\Roaming\mozilla\Firefox\Profiles\6lq47pgj.default\extensions\{6e764c17-863a-450f-bdd0-6772bd5aaa18} [2010.10.21 21:16:45 | 000,000,000 | ---D | M] (MessengerPlusLive Germany TB Toolbar) -- F:\Users\Mudimu\AppData\Roaming\mozilla\Firefox\Profiles\6lq47pgj.default\extensions\{76aeea42-e04a-4b62-83ab-df4b2be2541e} [2010.10.16 17:06:15 | 000,000,000 | ---D | M] (Adblock Plus) -- F:\Users\Mudimu\AppData\Roaming\mozilla\Firefox\Profiles\6lq47pgj.default\extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d} [2010.10.16 17:06:16 | 000,000,000 | ---D | M] (No name found) -- F:\Users\Mudimu\AppData\Roaming\mozilla\Firefox\Profiles\6lq47pgj.default\extensions\{d40f5e7b-d2cf-4856-b441-cc613eeffbe3} [2010.10.22 08:20:49 | 000,000,000 | ---D | M] (Adobe DLM (powered by getPlus(R))) -- F:\Users\Mudimu\AppData\Roaming\mozilla\Firefox\Profiles\6lq47pgj.default\extensions\{E2883E8F-472F-4fb0-9522-AC9BF37916A7} [2010.08.23 20:51:42 | 000,000,000 | ---D | M] (Greasemonkey) -- F:\Users\Mudimu\AppData\Roaming\mozilla\Firefox\Profiles\6lq47pgj.default\extensions\{e4a8a97b-f2ed-450b-b12d-ee082ba24781} [2010.10.18 15:05:41 | 000,000,000 | ---D | M] -- F:\Programme\Mozilla Firefox\extensions [2010.10.22 00:49:10 | 000,001,392 | ---- | M] () -- F:\Programme\Mozilla Firefox\searchplugins\amazondotcom-de.xml [2010.10.22 00:49:10 | 000,002,344 | ---- | M] () -- F:\Programme\Mozilla Firefox\searchplugins\eBay-de.xml [2010.10.22 00:49:10 | 000,006,805 | ---- | M] () -- F:\Programme\Mozilla Firefox\searchplugins\leo_ende_de.xml [2010.10.22 00:49:10 | 000,001,178 | ---- | M] () -- F:\Programme\Mozilla Firefox\searchplugins\wikipedia-de.xml [2010.10.22 00:49:10 | 000,001,105 | ---- | M] () -- F:\Programme\Mozilla Firefox\searchplugins\yahoo-de.xml O1 HOSTS File: ([2010.10.17 12:57:10 | 000,002,109 | RHS- | M]) - F:\Windows\System32\drivers\etc\hosts O1 - Hosts: 69.65.50.148 google.com O1 - Hosts: 69.65.50.148 google.com.au O1 - Hosts: 69.65.50.148 Google O1 - Hosts: 69.65.50.148 google.be O1 - Hosts: 69.65.50.148 Google O1 - Hosts: 69.65.50.148 google.com.br O1 - Hosts: 69.65.50.148 Google O1 - Hosts: 69.65.50.148 google.ca O1 - Hosts: 69.65.50.148 Google O1 - Hosts: 69.65.50.148 google.ch O1 - Hosts: 69.65.50.148 Google O1 - Hosts: 69.65.50.148 google.de O1 - Hosts: 69.65.50.148 Google O1 - Hosts: 69.65.50.148 google.dk O1 - Hosts: 69.65.50.148 Google O1 - Hosts: 69.65.50.148 google.fr O1 - Hosts: 69.65.50.148 Google O1 - Hosts: 69.65.50.148 google.ie O1 - Hosts: 69.65.50.148 Google O1 - Hosts: 69.65.50.148 google.it O1 - Hosts: 69.65.50.148 Google O1 - Hosts: 69.65.50.148 google.co.jp O1 - Hosts: 69.65.50.148 Google O1 - Hosts: 69.65.50.148 google.nl O1 - Hosts: 69.65.50.148 Google O1 - Hosts: 22 more lines... O2 - BHO: (RealPlayer Download and Record Plugin for Internet Explorer) - {3049C3E9-B461-4BC5-8870-4C09146192CA} - F:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\IE\rpbrowserrecordplugin.dll (RealPlayer) O2 - BHO: (Messenger Plus Live Germany Toolbar) - {542e4d79-1970-4e95-9862-fdb96f61b280} - F:\Program Files\Messenger_Plus_Live_Germany\tbMess.dll (Conduit Ltd.) O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - No CLSID value found. O2 - BHO: (MessengerPlusLive Germany TB Toolbar) - {76aeea42-e04a-4b62-83ab-df4b2be2541e} - F:\Program Files\MessengerPlusLive_Germany_TB\tbMess.dll (Conduit Ltd.) O3 - HKLM\..\Toolbar: (Messenger Plus Live Germany Toolbar) - {542e4d79-1970-4e95-9862-fdb96f61b280} - F:\Program Files\Messenger_Plus_Live_Germany\tbMess.dll (Conduit Ltd.) O3 - HKLM\..\Toolbar: (MessengerPlusLive Germany TB Toolbar) - {76aeea42-e04a-4b62-83ab-df4b2be2541e} - F:\Program Files\MessengerPlusLive_Germany_TB\tbMess.dll (Conduit Ltd.) O3 - HKCU\..\Toolbar\WebBrowser: (Messenger Plus Live Germany Toolbar) - {542E4D79-1970-4E95-9862-FDB96F61B280} - F:\Program Files\Messenger_Plus_Live_Germany\tbMess.dll (Conduit Ltd.) O3 - HKCU\..\Toolbar\WebBrowser: (MessengerPlusLive Germany TB Toolbar) - {76AEEA42-E04A-4B62-83AB-DF4B2BE2541E} - F:\Program Files\MessengerPlusLive_Germany_TB\tbMess.dll (Conduit Ltd.) O4 - HKLM..\Run: [DivXUpdate] F:\Program Files\DivX\DivX Update\DivXUpdate.exe () O4 - HKLM..\Run: [ Malwarebytes Anti-Malware (reboot)] F:\Program Files\Malwarebytes' Anti-Malware\mbam.exe (Malwarebytes Corporation) O4 - HKLM..\Run: [TkBellExe] F:\Program Files\Common Files\Real\Update_OB\realsched.exe (RealNetworks, Inc.) O4 - HKCU..\Run: [download] F:\Users\Mudimu\AppData\Roaming\download2\svcnost.exe File not found O4 - HKCU..\Run: [engel] F:\Users\Mudimu\AppData\Roaming\updates\updates.exe (Microsoft Corporation) O4 - HKLM..\RunOnce: [Uninstall Adobe Download Manager] File not found O4 - Startup: F:\Users\Mudimu\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\mousedriver.exe (Microsoft Corporation) O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 2 O8 - Extra context menu item: Add to Google Photos Screensa&ver - F:\Windows\System32\GPhotos.scr (Google Inc.) O9 - Extra Button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - F:\Programme\Microsoft Office\Office12\REFIEBAR.DLL (Microsoft Corporation) O10 - NameSpace_Catalog5\Catalog_Entries\000000000007 [] - F:\Programme\Bonjour\mdnsNSP.dll (Apple Inc.) O13 - gopher Prefix: missing O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_18-windows-i586.cab (Java Plug-in 1.6.0_18) O16 - DPF: {CAFEEFAC-0016-0000-0018-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_18-windows-i586.cab (Java Plug-in 1.6.0_18) O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_18-windows-i586.cab (Java Plug-in 1.6.0_18) O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab (get_atlcom Class) O16 - DPF: {E77F23EB-E7AB-4502-8F37-247DBAF1A147} hxxp://gfx2.hotmail.com/mail/w4/pr01/photouploadcontrol/VistaMSNPUpldde-de.cab (Windows Live Hotmail Photo Upload Tool) O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.0.1 O18 - Protocol\Handler\livecall {828030A1-22C1-4009-854F-8E305202313F} - F:\PROGRA~2\WIC4A1~1\MESSEN~1\MSGRAP~1.DLL (Microsoft Corporation) O18 - Protocol\Handler\msnim {828030A1-22C1-4009-854F-8E305202313F} - F:\PROGRA~2\WIC4A1~1\MESSEN~1\MSGRAP~1.DLL (Microsoft Corporation) O18 - Protocol\Handler\mso-offdap {3D9F03FA-7A94-11D3-BE81-0050048385D1} - F:\PROGRA~2\COMMON~1\MICROS~1\WEBCOM~1\10\OWC10.DLL (Microsoft Corporation) O18 - Protocol\Handler\wlmailhtml {03C514A3-1EFB-4856-9F99-10D7BE1653C0} - F:\Programme\Windows Live\Mail\mailcomm.dll (Microsoft Corporation) O18 - Protocol\Filter\text/xml {807563E5-5146-11D5-A672-00B0D022E945} - F:\PROGRA~2\COMMON~1\MICROS~1\OFFICE12\MSOXMLMF.DLL (Microsoft Corporation) O20 - HKLM Winlogon: Shell - (explorer.exe) - F:\Windows\explorer.exe (Microsoft Corporation) O20 - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - F:\Windows\System32\SystemPropertiesPerformance.exe (Microsoft Corporation) O20 - HKLM Winlogon: VMApplet - (/pagefile) - File not found O20 - HKCU Winlogon: Shell - (explorer.exe) - F:\Windows\explorer.exe (Microsoft Corporation) O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - CLSID or File not found. O30 - LSA: Security Packages - (pku2u) - F:\Windows\System32\pku2u.dll (Microsoft Corporation) O32 - HKLM CDRom: AutoRun - 1 O32 - AutoRun File - [2006.10.27 21:37:40 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ] O32 - AutoRun File - [2009.06.10 23:42:20 | 000,000,024 | ---- | M] () - F:\autoexec.bat -- [ NTFS ] O34 - HKLM BootExecute: (autocheck autochk *) - File not found O35 - HKLM\..comfile [open] -- "%1" %* O35 - HKLM\..exefile [open] -- "%1" %* O37 - HKLM\...com [@ = comfile] -- "%1" %* O37 - HKLM\...exe [@ = exefile] -- "%1" %* ========== Files/Folders - Created Within 30 Days ========== [2010.10.22 16:58:37 | 000,107,520 | ---- | C] (Microsoft Corporation) -- F:\Users\Mudimu\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\mousedriver.exe [2010.10.22 16:58:37 | 000,000,000 | ---D | C] -- F:\Users\Mudimu\AppData\Roaming\updates [2010.10.20 17:54:25 | 000,000,000 | ---D | C] -- F:\Users\Mudimu\Desktop\Numba [2010.10.20 17:02:09 | 000,000,000 | ---D | C] -- F:\ProgramData\NOS [2010.10.20 17:02:08 | 000,000,000 | ---D | C] -- F:\Program Files\NOS [2010.10.19 23:49:43 | 000,000,000 | ---D | C] -- F:\Users\Mudimu\AppData\Roaming\Malwarebytes [2010.10.19 23:49:32 | 000,038,224 | ---- | C] (Malwarebytes Corporation) -- F:\Windows\System32\drivers\mbamswissarmy.sys [2010.10.19 23:49:31 | 000,020,952 | ---- | C] (Malwarebytes Corporation) -- F:\Windows\System32\drivers\mbam.sys [2010.10.19 23:49:31 | 000,000,000 | ---D | C] -- F:\ProgramData\Malwarebytes [2010.10.19 23:49:30 | 000,000,000 | ---D | C] -- F:\Program Files\Malwarebytes' Anti-Malware [2010.10.18 19:32:46 | 000,000,000 | ---D | C] -- F:\Windows\System32\appmgmt [2010.10.18 10:25:31 | 000,000,000 | ---D | C] -- F:\Windows\pss [2010.10.17 19:15:27 | 000,000,000 | -H-D | C] -- F:\Users\Mudimu\Desktop\.picasaoriginals [2010.10.16 21:59:37 | 000,000,000 | -HSD | C] -- F:\ProgramData\SMHGCYE [2010.10.16 21:59:37 | 000,000,000 | -HSD | C] -- F:\Users\Mudimu\AppData\Roaming\Smart Engine [2010.10.16 17:12:59 | 000,000,000 | ---D | C] -- F:\Program Files\Trend Micro [2010.10.15 23:20:49 | 000,000,000 | ---D | C] -- F:\Programme\MSECache [2010.10.14 20:53:43 | 000,000,000 | ---D | C] -- F:\Users\Mudimu\AppData\Local\{71D81AB0-74A4-4E16-A52F-46750D03B515} [2010.10.13 17:00:29 | 000,363,520 | ---- | C] (Microsoft Corporation) -- F:\Windows\System32\StructuredQuery.dll [2010.10.13 12:36:44 | 000,096,104 | ---- | C] (Avira GmbH) -- F:\Windows\System32\drivers\avipbb.sys [2010.10.13 12:36:44 | 000,056,816 | ---- | C] (Avira GmbH) -- F:\Windows\System32\drivers\avgntflt.sys [2010.10.13 12:36:44 | 000,028,520 | ---- | C] (Avira GmbH) -- F:\Windows\System32\drivers\ssmdrv.sys [2010.10.13 12:36:25 | 000,000,000 | ---D | C] -- F:\ProgramData\Avira [2010.10.13 12:36:25 | 000,000,000 | ---D | C] -- F:\Program Files\Avira [2010.10.13 11:49:45 | 000,000,000 | ---D | C] -- F:\Users\Mudimu\AppData\Roaming\download [2010.10.13 11:12:01 | 000,000,000 | ---D | C] -- F:\ProgramData\Grisoft [2010.10.12 23:49:13 | 000,000,000 | ---D | C] -- F:\Users\Mudimu\AppData\Roaming\download2 [2010.10.11 21:33:06 | 000,000,000 | -H-D | C] -- F:\Users\Public\Documents\Server [2010.10.11 18:41:57 | 000,719,872 | ---- | C] (Abysmal Software) -- F:\Windows\System32\devil.dll [2010.10.11 18:41:57 | 000,369,152 | ---- | C] (The Public) -- F:\Windows\System32\avisynth.dll [2010.10.11 18:41:56 | 000,070,656 | ---- | C] (www.helixcommunity.org) -- F:\Windows\System32\yv12vfw.dll [2010.10.11 18:41:56 | 000,070,656 | ---- | C] (www.helixcommunity.org) -- F:\Windows\System32\i420vfw.dll [2010.10.11 18:41:55 | 000,000,000 | ---D | C] -- F:\Program Files\AviSynth 2.5 [2010.10.11 18:40:23 | 000,090,112 | RHS- | C] (-) -- F:\Windows\System32\TTADSSplitter.ax [2010.10.11 18:40:22 | 000,092,672 | RHS- | C] (RadLight) -- F:\Windows\System32\RLVorbisDec.ax [2010.10.11 18:40:22 | 000,090,112 | RHS- | C] (-) -- F:\Windows\System32\TTADSDecoder.ax [2010.10.11 18:40:22 | 000,067,584 | RHS- | C] (RadLight, LLC) -- F:\Windows\System32\RLTheoraDec.ax [2010.10.11 18:40:21 | 000,186,880 | RHS- | C] (RadLight) -- F:\Windows\System32\RLOgg.ax [2010.10.11 18:40:20 | 000,161,792 | RHS- | C] (Gabest) -- F:\Windows\System32\RealMediaDX.ax [2010.10.11 18:40:19 | 000,216,064 | RHS- | C] (MONOGRAM Multimedia, s.r.o.) -- F:\Windows\System32\nbDX.dll [2010.10.11 18:40:19 | 000,169,472 | RHS- | C] (Gabest) -- F:\Windows\System32\MatroskaDX.ax [2010.10.11 18:40:19 | 000,031,232 | RHS- | C] (Hans Mayerl) -- F:\Windows\System32\msfDX.dll [2010.10.11 18:40:18 | 000,179,200 | RHS- | C] (Gabest) -- F:\Windows\System32\DiracSplitter.ax [2010.10.11 18:40:18 | 000,163,328 | RHS- | C] (Gabest) -- F:\Windows\System32\flvDX.dll [2010.10.11 18:40:17 | 000,123,904 | RHS- | C] (CoreCodec) -- F:\Windows\System32\AVCDX.ax [2010.10.11 18:39:00 | 000,000,000 | ---D | C] -- F:\Program Files\eRightSoft [2010.10.10 21:52:51 | 000,000,000 | ---D | C] -- F:\ProgramData\AntiVir PersonalEdition Classic [2010.10.08 16:13:25 | 000,000,000 | ---D | C] -- F:\Program Files\iPod [2010.10.08 16:13:11 | 000,000,000 | ---D | C] -- F:\Program Files\iTunes [2010.10.08 15:57:28 | 000,000,000 | ---D | C] -- F:\Programme\QuickTime [2010.10.08 15:54:09 | 000,000,000 | ---D | C] -- F:\Programme\Bonjour [1 F:\Users\Mudimu\*.tmp files -> F:\Users\Mudimu\*.tmp -> ] ========== Files - Modified Within 30 Days ========== [2010.10.22 17:41:00 | 000,001,096 | ---- | M] () -- F:\Windows\tasks\GoogleUpdateTaskMachineUA.job [2010.10.22 16:58:32 | 000,107,520 | ---- | M] (Microsoft Corporation) -- F:\Users\Mudimu\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\mousedriver.exe [2010.10.22 16:09:53 | 000,067,584 | --S- | M] () -- F:\Windows\bootstat.dat [2010.10.22 13:42:49 | 000,002,290 | ---- | M] () -- F:\Users\Public\Desktop\Google Chrome.lnk [2010.10.22 13:41:04 | 000,001,092 | ---- | M] () -- F:\Windows\tasks\GoogleUpdateTaskMachineCore.job [2010.10.22 08:21:16 | 000,014,752 | -H-- | M] () -- F:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0 [2010.10.22 08:21:16 | 000,014,752 | -H-- | M] () -- F:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0 [2010.10.22 08:13:39 | 804,659,200 | -HS- | M] () -- F:\hiberfil.sys [2010.10.19 23:49:34 | 000,000,983 | ---- | M] () -- F:\Users\Public\Desktop\Malwarebytes' Anti-Malware.lnk [2010.10.19 23:15:28 | 000,000,217 | ---- | M] () -- F:\Users\Mudimu\AppData\Roaming\18719.bat [2010.10.19 11:41:44 | 000,222,080 | ---- | M] (Microsoft Corporation) -- F:\Windows\System32\MpSigStub.exe [2010.10.18 15:24:56 | 000,023,552 | ---- | M] () -- F:\Users\Mudimu\Documents\Remove Wininit.doc [2010.10.17 23:57:23 | 000,000,006 | ---- | M] () -- F:\Users\Mudimu\AppData\Roaming\start [2010.10.17 23:50:51 | 000,000,010 | ---- | M] () -- F:\Users\Mudimu\AppData\Roaming\install [2010.10.17 23:42:31 | 000,096,104 | ---- | M] (Avira GmbH) -- F:\Windows\System32\drivers\avipbb.sys [2010.10.17 23:42:31 | 000,056,816 | ---- | M] (Avira GmbH) -- F:\Windows\System32\drivers\avgntflt.sys [2010.10.17 23:42:31 | 000,028,520 | ---- | M] (Avira GmbH) -- F:\Windows\System32\drivers\ssmdrv.sys [2010.10.17 23:32:56 | 000,000,185 | ---- | M] () -- F:\Users\Mudimu\AppData\Roaming\23311.bat [2010.10.17 19:15:28 | 000,143,976 | ---- | M] () -- F:\Users\Mudimu\Desktop\101013_171857.jpg [2010.10.17 17:40:16 | 000,648,466 | ---- | M] () -- F:\Windows\System32\perfh007.dat [2010.10.17 17:40:16 | 000,611,134 | ---- | M] () -- F:\Windows\System32\perfh009.dat [2010.10.17 17:40:16 | 000,128,724 | ---- | M] () -- F:\Windows\System32\perfc007.dat [2010.10.17 17:40:16 | 000,105,314 | ---- | M] () -- F:\Windows\System32\perfc009.dat [2010.10.17 12:57:10 | 000,002,109 | RHS- | M] () -- F:\Windows\System32\drivers\etc\hosts [2010.10.16 17:13:27 | 000,002,043 | ---- | M] () -- F:\Users\Mudimu\Desktop\HijackThis.lnk [2010.10.16 12:59:52 | 000,000,120 | ---- | M] () -- F:\Users\Mudimu\AppData\Local\Cperafujahoza.dat [2010.10.16 12:59:37 | 000,000,000 | ---- | M] () -- F:\Users\Mudimu\AppData\Local\Ksavegaqabiheba.bin [2010.10.13 22:04:19 | 001,991,640 | ---- | M] () -- F:\Users\Mudimu\Desktop\SPB_TV_2.0.ipa [2010.10.13 12:51:30 | 000,002,016 | ---- | M] () -- F:\Users\Public\Desktop\Avira AntiVir Control Center.lnk [2010.10.11 18:40:24 | 000,001,998 | ---- | M] () -- F:\Users\Public\Desktop\SUPER © Uninstall.lnk [2010.10.11 18:40:24 | 000,001,974 | ---- | M] () -- F:\Users\Public\Desktop\SUPER ©.lnk [2010.10.10 15:45:16 | 000,001,284 | ---- | M] () -- F:\Users\Public\Desktop\Fahren Lernen Offline.lnk [2010.10.08 16:16:40 | 000,002,429 | ---- | M] () -- F:\Users\Public\Desktop\iTunes.lnk [2010.10.08 15:58:20 | 000,001,815 | ---- | M] () -- F:\Users\Public\Desktop\QuickTime Player.lnk [2010.09.25 18:08:24 | 000,102,020 | ---- | M] () -- F:\Users\Mudimu\Desktop\fvwt34wb9xs.jpg [1 F:\Users\Mudimu\*.tmp files -> F:\Users\Mudimu\*.tmp -> ] ========== Files Created - No Company Name ========== [2010.10.19 23:49:34 | 000,000,983 | ---- | C] () -- F:\Users\Public\Desktop\Malwarebytes' Anti-Malware.lnk [2010.10.19 23:15:28 | 000,000,217 | ---- | C] () -- F:\Users\Mudimu\AppData\Roaming\18719.bat [2010.10.18 15:24:56 | 000,023,552 | ---- | C] () -- F:\Users\Mudimu\Documents\Remove Wininit.doc [2010.10.17 23:57:23 | 000,000,006 | ---- | C] () -- F:\Users\Mudimu\AppData\Roaming\start [2010.10.17 23:50:51 | 000,000,010 | ---- | C] () -- F:\Users\Mudimu\AppData\Roaming\install [2010.10.17 23:32:56 | 000,000,185 | ---- | C] () -- F:\Users\Mudimu\AppData\Roaming\23311.bat [2010.10.17 19:15:28 | 000,143,976 | ---- | C] () -- F:\Users\Mudimu\Desktop\101013_171857.jpg [2010.10.16 17:13:01 | 000,002,043 | ---- | C] () -- F:\Users\Mudimu\Desktop\HijackThis.lnk [2010.10.14 20:53:44 | 000,000,120 | ---- | C] () -- F:\Users\Mudimu\AppData\Local\Cperafujahoza.dat [2010.10.14 20:53:44 | 000,000,000 | ---- | C] () -- F:\Users\Mudimu\AppData\Local\Ksavegaqabiheba.bin [2010.10.13 22:04:16 | 001,991,640 | ---- | C] () -- F:\Users\Mudimu\Desktop\SPB_TV_2.0.ipa [2010.10.13 12:51:30 | 000,002,016 | ---- | C] () -- F:\Users\Public\Desktop\Avira AntiVir Control Center.lnk [2010.10.11 18:41:56 | 000,027,648 | ---- | C] () -- F:\Windows\System32\AVSredirect.dll [2010.10.11 18:40:24 | 000,001,998 | ---- | C] () -- F:\Users\Public\Desktop\SUPER © Uninstall.lnk [2010.10.11 18:40:24 | 000,001,974 | ---- | C] () -- F:\Users\Public\Desktop\SUPER ©.lnk [2010.10.11 18:40:22 | 000,051,712 | RHS- | C] () -- F:\Windows\System32\RLSpeexDec.ax [2010.10.11 18:40:21 | 000,107,520 | RHS- | C] () -- F:\Windows\System32\RLMPCDec.ax [2010.10.11 18:40:21 | 000,070,656 | RHS- | C] () -- F:\Windows\System32\RLAPEDec.ax [2010.10.11 18:40:19 | 000,120,832 | RHS- | C] () -- F:\Windows\System32\MPCDx.ax [2010.10.11 18:40:18 | 000,097,280 | RHS- | C] () -- F:\Windows\System32\FLACDX.ax [2010.10.11 18:40:17 | 000,175,104 | RHS- | C] () -- F:\Windows\System32\CoreAAC.ax [2010.10.11 18:40:16 | 000,227,328 | RHS- | C] () -- F:\Windows\System32\ac3DX.ax [2010.10.11 18:40:16 | 000,081,920 | RHS- | C] () -- F:\Windows\System32\aac_parser.ax [2010.10.08 16:16:40 | 000,002,429 | ---- | C] () -- F:\Users\Public\Desktop\iTunes.lnk [2010.10.08 15:58:20 | 000,001,815 | ---- | C] () -- F:\Users\Public\Desktop\QuickTime Player.lnk [2010.09.25 18:08:12 | 000,102,020 | ---- | C] () -- F:\Users\Mudimu\Desktop\fvwt34wb9xs.jpg [2010.08.16 23:54:41 | 000,007,168 | ---- | C] () -- F:\Users\Mudimu\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini [2010.06.13 10:32:52 | 000,000,534 | ---- | C] () -- F:\Windows\ODBC.INI [2009.07.14 01:51:43 | 000,073,728 | ---- | C] () -- F:\Windows\System32\BthpanContextHandler.dll [2009.07.14 01:42:10 | 000,064,000 | ---- | C] () -- F:\Windows\System32\BWContextHandler.dll [2004.08.13 09:56:20 | 000,005,810 | ---- | C] () -- F:\Windows\System32\drivers\ASACPI.sys < End of report > |
|
23.10.2010, 18:47
| #21 |
| /// Winkelfunktion /// TB-Süch-Tiger™ | explorer.exe (TR/Spy.2614272.4) und wininit.exe (TR/Spy96256.33) bereiten Probleme Beende alle Programme, starte OTL und kopiere folgenden Text in die "Custom Scan/Fixes" Box (unten in OTL): (das ":OTL" muss mitkopiert werden!!!) Code:
ATTFilter :OTL
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 1
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyServer" = http=127.0.0.1:25536
O4 - HKCU..\Run: [download] F:\Users\Mudimu\AppData\Roaming\download2\svcnost.exe File not found
O4 - HKCU..\Run: [engel] F:\Users\Mudimu\AppData\Roaming\updates\updates.exe (Microsoft Corporation)
O4 - HKLM..\RunOnce: [Uninstall Adobe Download Manager] File not found
[2010.10.22 16:58:37 | 000,107,520 | ---- | C] (Microsoft Corporation) -- F:\Users\Mudimu\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\mousedriver.exe
[2010.10.22 16:58:37 | 000,000,000 | ---D | C] -- F:\Users\Mudimu\AppData\Roaming\updates
[2010.10.16 21:59:37 | 000,000,000 | -HSD | C] -- F:\ProgramData\SMHGCYE
[2010.10.11 21:33:06 | 000,000,000 | -H-D | C] -- F:\Users\Public\Documents\Server
[2010.10.19 23:15:28 | 000,000,217 | ---- | M] () -- F:\Users\Mudimu\AppData\Roaming\18719.bat
[2010.10.17 23:57:23 | 000,000,006 | ---- | M] () -- F:\Users\Mudimu\AppData\Roaming\start
[2010.10.17 23:50:51 | 000,000,010 | ---- | M] () -- F:\Users\Mudimu\AppData\Roaming\install
[2010.10.17 23:32:56 | 000,000,185 | ---- | M] () -- F:\Users\Mudimu\AppData\Roaming\23311.bat
[2010.10.16 12:59:52 | 000,000,120 | ---- | M] () -- F:\Users\Mudimu\AppData\Local\Cperafujahoza.dat
[2010.10.16 12:59:37 | 000,000,000 | ---- | M] () -- F:\Users\Mudimu\AppData\Local\Ksavegaqabiheba.bin
:Commands
[purity]
[resethosts]
[emptytemp]
Das Logfile müsste geöffnet werden, wenn Du nach dem Fixen auf ok klickst, poste das bitte. Evtl. wird der Rechner neu gestartet.
__________________ --> explorer.exe (TR/Spy.2614272.4) und wininit.exe (TR/Spy96256.33) bereiten Probleme |
|
25.10.2010, 17:50
| #22 |
| | explorer.exe (TR/Spy.2614272.4) und wininit.exe (TR/Spy96256.33) bereiten Probleme es kam leider kein logfile nach dem Fix |
|
25.10.2010, 17:51
| #23 |
| | explorer.exe (TR/Spy.2614272.4) und wininit.exe (TR/Spy96256.33) bereiten Probleme hab OTL nochmal laufen lassen, hier mein Logfile: |
|
25.10.2010, 17:51
| #24 |
| | explorer.exe (TR/Spy.2614272.4) und wininit.exe (TR/Spy96256.33) bereiten Probleme OTL Logfile: Code:
ATTFilter OTL logfile created on: 25.10.2010 18:45:35 - Run 3 OTL by OldTimer - Version 3.2.16.0 Folder = F:\Users\Mudimu\Downloads An unknown product (Version = 6.1.7600) - Type = NTWorkstation Internet Explorer (Version = 8.0.7600.16385) Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy 1.023,00 Mb Total Physical Memory | 349,00 Mb Available Physical Memory | 34,00% Memory free 2,00 Gb Paging File | 1,00 Gb Available in Paging File | 63,00% Paging File free Paging file location(s): ?:\pagefile.sys [binary data] %SystemDrive% = F: | %SystemRoot% = F:\Windows | %ProgramFiles% = F:\Program Files Drive C: | 2,00 Gb Total Space | 0,01 Gb Free Space | 0,64% Space Free | Partition Type: NTFS Drive E: | 2,82 Gb Total Space | 0,00 Gb Free Space | 0,00% Space Free | Partition Type: CDFS Drive F: | 97,65 Gb Total Space | 9,21 Gb Free Space | 9,43% Space Free | Partition Type: NTFS Drive G: | 24,41 Gb Total Space | 0,02 Gb Free Space | 0,07% Space Free | Partition Type: NTFS Drive H: | 11,72 Gb Total Space | 10,46 Gb Free Space | 89,26% Space Free | Partition Type: NTFS Drive I: | 488,84 Mb Total Space | 162,55 Mb Free Space | 33,25% Space Free | Partition Type: FAT Computer Name: MUDIMU-PC | User Name: Mudimu | Logged in as Administrator. Boot Mode: Normal | Scan Mode: Current user Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days ========== Processes (SafeList) ========== PRC - F:\Users\Mudimu\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\mousedriver.exe (Microsoft Corporation) PRC - F:\Users\Mudimu\Downloads\OTL.exe (OldTimer Tools) PRC - F:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe (Apple Inc.) PRC - F:\Program Files\Common Files\Real\Update_OB\realsched.exe (RealNetworks, Inc.) PRC - F:\Program Files\DivX\DivX Update\DivXUpdate.exe () PRC - F:\Programme\Mozilla Firefox\firefox.exe (Mozilla Corporation) PRC - F:\Program Files\McAfee Security Scan\2.0.181\SSScheduler.exe (McAfee, Inc.) PRC - F:\Program Files\Audible\Bin\AudibleDownloadHelper.exe (Audible, Inc.) PRC - F:\Windows\explorer.exe (Microsoft Corporation) PRC - F:\Programme\Windows Live\Messenger\msnmsgr.exe (Microsoft Corporation) PRC - F:\Windows\System32\taskhost.exe (Microsoft Corporation) PRC - F:\Windows\System32\sppsvc.exe (Microsoft Corporation) PRC - F:\Programme\Windows Media Player\wmpnetwk.exe (Microsoft Corporation) ========== Modules (SafeList) ========== MOD - F:\Users\Mudimu\Downloads\OTL.exe (OldTimer Tools) MOD - F:\Windows\System32\sspicli.dll (Microsoft Corporation) MOD - F:\Windows\System32\sechost.dll (Microsoft Corporation) MOD - F:\Windows\System32\samcli.dll (Microsoft Corporation) MOD - F:\Windows\System32\profapi.dll (Microsoft Corporation) MOD - F:\Windows\System32\netutils.dll (Microsoft Corporation) MOD - F:\Windows\System32\KernelBase.dll (Microsoft Corporation) MOD - F:\Windows\System32\dwmapi.dll (Microsoft Corporation) MOD - F:\Windows\System32\devobj.dll (Microsoft Corporation) MOD - F:\Windows\System32\cryptbase.dll (Microsoft Corporation) MOD - F:\Windows\System32\cfgmgr32.dll (Microsoft Corporation) MOD - F:\Windows\System32\msscript.ocx (Microsoft Corporation) MOD - F:\Windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7600.16385_none_421189da2b7fabfc\comctl32.dll (Microsoft Corporation) ========== Win32 Services (SafeList) ========== SRV - (AntiVirSchedulerService) -- F:\Program Files\Avira\AntiVir Desktop\sched.exe (Avira GmbH) SRV - (AntiVirService) -- F:\Program Files\Avira\AntiVir Desktop\avguard.exe (Avira GmbH) SRV - (Steam Client Service) -- F:\Program Files\Common Files\Steam\SteamService.exe (Valve Corporation) SRV - (Apple Mobile Device) -- F:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe (Apple Inc.) SRV - (clr_optimization_v4.0.30319_32) -- F:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe (Microsoft Corporation) SRV - (McComponentHostService) -- F:\Program Files\McAfee Security Scan\2.0.181\McCHSvc.exe (McAfee, Inc.) SRV - (WwanSvc) -- F:\Windows\System32\wwansvc.dll (Microsoft Corporation) SRV - (WbioSrvc) -- F:\Windows\System32\wbiosrvc.dll (Microsoft Corporation) SRV - (Power) -- F:\Windows\System32\umpo.dll (Microsoft Corporation) SRV - (Themes) -- F:\Windows\System32\themeservice.dll (Microsoft Corporation) SRV - (sppuinotify) -- F:\Windows\System32\sppuinotify.dll (Microsoft Corporation) SRV - (StorSvc) -- F:\Windows\System32\StorSvc.dll (Microsoft Corporation) SRV - (RpcEptMapper) -- F:\Windows\System32\RpcEpMap.dll (Microsoft Corporation) SRV - (SensrSvc) -- F:\Windows\System32\sensrsvc.dll (Microsoft Corporation) SRV - (PeerDistSvc) -- F:\Windows\System32\PeerDistSvc.dll (Microsoft Corporation) SRV - (PNRPsvc) -- F:\Windows\System32\pnrpsvc.dll (Microsoft Corporation) SRV - (p2pimsvc) -- F:\Windows\System32\pnrpsvc.dll (Microsoft Corporation) SRV - (HomeGroupProvider) -- F:\Windows\System32\provsvc.dll (Microsoft Corporation) SRV - (PNRPAutoReg) -- F:\Windows\System32\pnrpauto.dll (Microsoft Corporation) SRV - (WinDefend) -- F:\Program Files\Windows Defender\mpsvc.dll (Microsoft Corporation) SRV - (HomeGroupListener) -- F:\Windows\System32\ListSvc.dll (Microsoft Corporation) SRV - (FontCache) -- F:\Windows\System32\FntCache.dll (Microsoft Corporation) SRV - (Dhcp) -- F:\Windows\System32\dhcpcore.dll (Microsoft Corporation) SRV - (defragsvc) -- F:\Windows\System32\defragsvc.dll (Microsoft Corporation) SRV - (BDESVC) -- F:\Windows\System32\bdesvc.dll (Microsoft Corporation) SRV - (AxInstSV) ActiveX-Installer (AxInstSV) -- F:\Windows\System32\AxInstSv.dll (Microsoft Corporation) SRV - (AppIDSvc) -- F:\Windows\System32\appidsvc.dll (Microsoft Corporation) SRV - (sppsvc) -- F:\Windows\System32\sppsvc.exe (Microsoft Corporation) ========== Driver Services (SafeList) ========== DRV - (avipbb) -- F:\Windows\System32\drivers\avipbb.sys (Avira GmbH) DRV - (avgntflt) -- F:\Windows\System32\drivers\avgntflt.sys (Avira GmbH) DRV - (ssmdrv) -- F:\Windows\System32\drivers\ssmdrv.sys (Avira GmbH) DRV - (KSecPkg) -- F:\Windows\System32\Drivers\ksecpkg.sys (Microsoft Corporation) DRV - (cmdide) -- F:\Windows\system32\DRIVERS\cmdide.sys (CMD Technology, Inc.) DRV - (adpahci) -- F:\Windows\system32\DRIVERS\adpahci.sys (Adaptec, Inc.) DRV - (adp94xx) -- F:\Windows\system32\DRIVERS\adp94xx.sys (Adaptec, Inc.) DRV - (amdsbs) -- F:\Windows\system32\DRIVERS\amdsbs.sys (AMD Technologies Inc.) DRV - (adpu320) -- F:\Windows\system32\DRIVERS\adpu320.sys (Adaptec, Inc.) DRV - (arcsas) -- F:\Windows\system32\DRIVERS\arcsas.sys (Adaptec, Inc.) DRV - (amdsata) -- F:\Windows\system32\DRIVERS\amdsata.sys (Advanced Micro Devices) DRV - (arc) -- F:\Windows\system32\DRIVERS\arc.sys (Adaptec, Inc.) DRV - (amdxata) -- F:\Windows\system32\DRIVERS\amdxata.sys (Advanced Micro Devices) DRV - (aliide) -- F:\Windows\system32\DRIVERS\aliide.sys (Acer Laboratories Inc.) DRV - (nvstor) -- F:\Windows\system32\DRIVERS\nvstor.sys (NVIDIA Corporation) DRV - (nvraid) -- F:\Windows\system32\DRIVERS\nvraid.sys (NVIDIA Corporation) DRV - (nfrd960) -- F:\Windows\system32\DRIVERS\nfrd960.sys (IBM Corporation) DRV - (LSI_SAS) -- F:\Windows\system32\DRIVERS\lsi_sas.sys (LSI Corporation) DRV - (iaStorV) -- F:\Windows\system32\DRIVERS\iaStorV.sys (Intel Corporation) DRV - (MegaSR) -- F:\Windows\system32\DRIVERS\MegaSR.sys (LSI Corporation, Inc.) DRV - (LSI_SCSI) -- F:\Windows\system32\DRIVERS\lsi_scsi.sys (LSI Corporation) DRV - (LSI_FC) -- F:\Windows\system32\DRIVERS\lsi_fc.sys (LSI Corporation) DRV - (LSI_SAS2) -- F:\Windows\system32\DRIVERS\lsi_sas2.sys (LSI Corporation) DRV - (iirsp) -- F:\Windows\system32\DRIVERS\iirsp.sys (Intel Corp./ICP vortex GmbH) DRV - (megasas) -- F:\Windows\system32\DRIVERS\megasas.sys (LSI Corporation) DRV - (hwpolicy) -- F:\Windows\System32\drivers\hwpolicy.sys (Microsoft Corporation) DRV - (elxstor) -- F:\Windows\system32\DRIVERS\elxstor.sys (Emulex) DRV - (aic78xx) -- F:\Windows\system32\DRIVERS\djsvs.sys (Adaptec, Inc.) DRV - (HpSAMD) -- F:\Windows\system32\DRIVERS\HpSAMD.sys (Hewlett-Packard Company) DRV - (FsDepends) -- F:\Windows\System32\drivers\fsdepends.sys (Microsoft Corporation) DRV - (vsmraid) -- F:\Windows\system32\DRIVERS\vsmraid.sys (VIA Technologies Inc.,Ltd) DRV - (vmbus) -- F:\Windows\system32\DRIVERS\vmbus.sys (Microsoft Corporation) DRV - (vhdmp) -- F:\Windows\system32\DRIVERS\vhdmp.sys (Microsoft Corporation) DRV - (storflt) -- F:\Windows\system32\DRIVERS\vmstorfl.sys (Microsoft Corporation) DRV - (vdrvroot) -- F:\Windows\system32\DRIVERS\vdrvroot.sys (Microsoft Corporation) DRV - (storvsc) -- F:\Windows\system32\DRIVERS\storvsc.sys (Microsoft Corporation) DRV - (WIMMount) -- F:\Windows\System32\drivers\wimmount.sys (Microsoft Corporation) DRV - (viaide) -- F:\Windows\system32\DRIVERS\viaide.sys (VIA Technologies, Inc.) DRV - (ql2300) -- F:\Windows\system32\DRIVERS\ql2300.sys (QLogic Corporation) DRV - (rdyboost) -- F:\Windows\System32\drivers\rdyboost.sys (Microsoft Corporation) DRV - (ql40xx) -- F:\Windows\system32\DRIVERS\ql40xx.sys (QLogic Corporation) DRV - (SiSRaid4) -- F:\Windows\system32\DRIVERS\sisraid4.sys (Silicon Integrated Systems) DRV - (pcw) -- F:\Windows\System32\drivers\pcw.sys (Microsoft Corporation) DRV - (SiSRaid2) -- F:\Windows\system32\DRIVERS\SiSRaid2.sys (Silicon Integrated Systems Corp.) DRV - (stexstor) -- F:\Windows\system32\DRIVERS\stexstor.sys (Promise Technology) DRV - (CNG) -- F:\Windows\System32\Drivers\cng.sys (Microsoft Corporation) DRV - (Brserid) Brother MFC Serial Port Interface Driver (WDM) -- F:\Windows\System32\Drivers\Brserid.sys (Brother Industries Ltd.) DRV - (rdpbus) -- F:\Windows\System32\drivers\rdpbus.sys (Microsoft Corporation) DRV - (RDPREFMP) -- F:\Windows\System32\drivers\RDPREFMP.sys (Microsoft Corporation) DRV - (RasAgileVpn) WAN Miniport (IKEv2) -- F:\Windows\System32\drivers\agilevpn.sys (Microsoft Corporation) DRV - (WfpLwf) -- F:\Windows\System32\drivers\wfplwf.sys (Microsoft Corporation) DRV - (NdisCap) -- F:\Windows\System32\drivers\ndiscap.sys (Microsoft Corporation) DRV - (vwifibus) -- F:\Windows\System32\drivers\vwifibus.sys (Microsoft Corporation) DRV - (1394ohci) -- F:\Windows\system32\DRIVERS\1394ohci.sys (Microsoft Corporation) DRV - (UmPass) -- F:\Windows\system32\DRIVERS\umpass.sys (Microsoft Corporation) DRV - (usbaudio) USB-Audiotreiber (WDM) -- F:\Windows\System32\drivers\USBAUDIO.sys (Microsoft Corporation) DRV - (WinUsb) -- F:\Windows\System32\drivers\winusb.sys (Microsoft Corporation) DRV - (mshidkmdf) -- F:\Windows\System32\drivers\mshidkmdf.sys (Microsoft Corporation) DRV - (MTConfig) -- F:\Windows\system32\DRIVERS\MTConfig.sys (Microsoft Corporation) DRV - (CompositeBus) -- F:\Windows\System32\drivers\CompositeBus.sys (Microsoft Corporation) DRV - (AppID) -- F:\Windows\system32\drivers\appid.sys (Microsoft Corporation) DRV - (scfilter) -- F:\Windows\System32\drivers\scfilter.sys (Microsoft Corporation) DRV - (s3cap) -- F:\Windows\system32\DRIVERS\vms3cap.sys (Microsoft Corporation) DRV - (VMBusHID) -- F:\Windows\system32\DRIVERS\VMBusHID.sys (Microsoft Corporation) DRV - (discache) -- F:\Windows\System32\drivers\discache.sys (Microsoft Corporation) DRV - (AcpiPmi) -- F:\Windows\system32\DRIVERS\acpipmi.sys (Microsoft Corporation) DRV - (AmdPPM) -- F:\Windows\system32\DRIVERS\amdppm.sys (Microsoft Corporation) DRV - (hcw85cir) -- F:\Windows\system32\drivers\hcw85cir.sys (Hauppauge Computer Works, Inc.) DRV - (BrUsbMdm) -- F:\Windows\System32\Drivers\BrUsbMdm.sys (Brother Industries Ltd.) DRV - (BrUsbSer) -- F:\Windows\System32\Drivers\BrUsbSer.sys (Brother Industries Ltd.) DRV - (BrSerWdm) -- F:\Windows\System32\Drivers\BrSerWdm.sys (Brother Industries Ltd.) DRV - (BrFiltLo) -- F:\Windows\system32\DRIVERS\BrFiltLo.sys (Brother Industries, Ltd.) DRV - (BrFiltUp) -- F:\Windows\system32\DRIVERS\BrFiltUp.sys (Brother Industries, Ltd.) DRV - (atikmdag) -- F:\Windows\System32\drivers\atikmdag.sys (ATI Technologies Inc.) DRV - (yukonw7) -- F:\Windows\System32\drivers\yk62x86.sys (Marvell) DRV - (b57nd60x) -- F:\Windows\System32\drivers\b57nd60x.sys (Broadcom Corporation) DRV - (ebdrv) -- F:\Windows\system32\DRIVERS\evbdx.sys (Broadcom Corporation) DRV - (b06bdrv) -- F:\Windows\system32\DRIVERS\bxvbdx.sys (Broadcom Corporation) DRV - (avgio) -- F:\Program Files\Avira\AntiVir Desktop\avgio.sys (Avira GmbH) DRV - (MTsensor) -- F:\Windows\System32\drivers\ASACPI.sys () ========== Standard Registry (SafeList) ========== ========== Internet Explorer ========== IE - HKLM\..\URLSearchHook: {542e4d79-1970-4e95-9862-fdb96f61b280} - F:\Program Files\Messenger_Plus_Live_Germany\tbMess.dll (Conduit Ltd.) IE - HKLM\..\URLSearchHook: {76aeea42-e04a-4b62-83ab-df4b2be2541e} - F:\Program Files\MessengerPlusLive_Germany_TB\tbMess.dll (Conduit Ltd.) IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = MSN, Messenger und Hotmail sowie Nachrichten, Unterhaltung, Video, Sport, Lifestyle, Finanzen, Auto uvm. bei MSN IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = MSN, Messenger und Hotmail sowie Nachrichten, Unterhaltung, Video, Sport, Lifestyle, Finanzen, Auto uvm. bei MSN IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = de IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = D6 10 54 A8 4E 27 CB 01 [binary data] IE - HKCU\..\URLSearchHook: {542e4d79-1970-4e95-9862-fdb96f61b280} - F:\Program Files\Messenger_Plus_Live_Germany\tbMess.dll (Conduit Ltd.) IE - HKCU\..\URLSearchHook: {76aeea42-e04a-4b62-83ab-df4b2be2541e} - F:\Program Files\MessengerPlusLive_Germany_TB\tbMess.dll (Conduit Ltd.) IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 1 IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyServer" = http=127.0.0.1:25536 ========== FireFox ========== FF - prefs.js..browser.startup.homepage: "hxxp://de.start3.mozilla.com/firefox?client=firefox-a&rls=org.mozilla:de:official" FF - prefs.js..extensions.enabledItems: {542e4d79-1970-4e95-9862-fdb96f61b280}:2.6.0.15 FF - prefs.js..extensions.enabledItems: {ABDE892B-13A8-4d1b-88E6-365A6E755758}:1.1.5 FF - prefs.js..extensions.enabledItems: {e4a8a97b-f2ed-450b-b12d-ee082ba24781}:0.8.20100408.6 FF - prefs.js..extensions.enabledItems: {76aeea42-e04a-4b62-83ab-df4b2be2541e}:2.7.2.0 FF - prefs.js..extensions.enabledItems: {6e764c17-863a-450f-bdd0-6772bd5aaa18}:1.0.3 FF - prefs.js..extensions.enabledItems: {d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}:1.2.2 FF - prefs.js..extensions.enabledItems: {71D81AB0-74A4-4E16-A52F-46750D03B515}:1.9.1 FF - prefs.js..extensions.enabledItems: {d40f5e7b-d2cf-4856-b441-cc613eeffbe3}:1.48.3 FF - prefs.js..network.proxy.type: 0 FF - HKLM\software\mozilla\Firefox\Extensions\\{ABDE892B-13A8-4d1b-88E6-365A6E755758}: F:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\Firefox\Ext [2010.07.24 19:33:10 | 000,000,000 | ---D | M] FF - HKLM\software\mozilla\Mozilla Firefox 3.6.11\extensions\\Components: F:\Program Files\Mozilla Firefox\components [2010.04.13 19:24:26 | 000,000,000 | ---D | M] FF - HKLM\software\mozilla\Mozilla Firefox 3.6.11\extensions\\Plugins: F:\Program Files\Mozilla Firefox\plugins [2010.05.25 21:06:20 | 000,000,000 | ---D | M] [2010.07.03 21:54:31 | 000,000,000 | ---D | M] -- F:\Users\Mudimu\AppData\Roaming\mozilla\Extensions [2010.07.03 21:54:31 | 000,000,000 | ---D | M] -- F:\Users\Mudimu\AppData\Roaming\mozilla\Extensions\mozswing@mozswing.org [2010.10.24 15:47:00 | 000,000,000 | ---D | M] -- F:\Users\Mudimu\AppData\Roaming\mozilla\Firefox\Profiles\6lq47pgj.default\extensions [2010.07.20 14:32:14 | 000,000,000 | ---D | M] (Messenger Plus Live Germany Toolbar) -- F:\Users\Mudimu\AppData\Roaming\mozilla\Firefox\Profiles\6lq47pgj.default\extensions\{542e4d79-1970-4e95-9862-fdb96f61b280} [2010.10.11 18:14:16 | 000,000,000 | ---D | M] (Media Converter) -- F:\Users\Mudimu\AppData\Roaming\mozilla\Firefox\Profiles\6lq47pgj.default\extensions\{6e764c17-863a-450f-bdd0-6772bd5aaa18} [2010.10.21 21:16:45 | 000,000,000 | ---D | M] (MessengerPlusLive Germany TB Toolbar) -- F:\Users\Mudimu\AppData\Roaming\mozilla\Firefox\Profiles\6lq47pgj.default\extensions\{76aeea42-e04a-4b62-83ab-df4b2be2541e} [2010.10.16 17:06:15 | 000,000,000 | ---D | M] (Adblock Plus) -- F:\Users\Mudimu\AppData\Roaming\mozilla\Firefox\Profiles\6lq47pgj.default\extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d} [2010.10.16 17:06:16 | 000,000,000 | ---D | M] (No name found) -- F:\Users\Mudimu\AppData\Roaming\mozilla\Firefox\Profiles\6lq47pgj.default\extensions\{d40f5e7b-d2cf-4856-b441-cc613eeffbe3} [2010.08.23 20:51:42 | 000,000,000 | ---D | M] (Greasemonkey) -- F:\Users\Mudimu\AppData\Roaming\mozilla\Firefox\Profiles\6lq47pgj.default\extensions\{e4a8a97b-f2ed-450b-b12d-ee082ba24781} [2010.10.18 15:05:41 | 000,000,000 | ---D | M] -- F:\Programme\Mozilla Firefox\extensions [2010.10.22 00:49:10 | 000,001,392 | ---- | M] () -- F:\Programme\Mozilla Firefox\searchplugins\amazondotcom-de.xml [2010.10.22 00:49:10 | 000,002,344 | ---- | M] () -- F:\Programme\Mozilla Firefox\searchplugins\eBay-de.xml [2010.10.22 00:49:10 | 000,006,805 | ---- | M] () -- F:\Programme\Mozilla Firefox\searchplugins\leo_ende_de.xml [2010.10.22 00:49:10 | 000,001,178 | ---- | M] () -- F:\Programme\Mozilla Firefox\searchplugins\wikipedia-de.xml [2010.10.22 00:49:10 | 000,001,105 | ---- | M] () -- F:\Programme\Mozilla Firefox\searchplugins\yahoo-de.xml O1 HOSTS File: ([2010.10.17 12:57:10 | 000,002,109 | RHS- | M]) - F:\Windows\System32\drivers\etc\hosts O1 - Hosts: 69.65.50.148 google.com O1 - Hosts: 69.65.50.148 google.com.au O1 - Hosts: 69.65.50.148 Google O1 - Hosts: 69.65.50.148 google.be O1 - Hosts: 69.65.50.148 Google O1 - Hosts: 69.65.50.148 google.com.br O1 - Hosts: 69.65.50.148 Google O1 - Hosts: 69.65.50.148 google.ca O1 - Hosts: 69.65.50.148 Google O1 - Hosts: 69.65.50.148 google.ch O1 - Hosts: 69.65.50.148 Google O1 - Hosts: 69.65.50.148 google.de O1 - Hosts: 69.65.50.148 Google O1 - Hosts: 69.65.50.148 google.dk O1 - Hosts: 69.65.50.148 Google O1 - Hosts: 69.65.50.148 google.fr O1 - Hosts: 69.65.50.148 Google O1 - Hosts: 69.65.50.148 google.ie O1 - Hosts: 69.65.50.148 Google O1 - Hosts: 69.65.50.148 google.it O1 - Hosts: 69.65.50.148 Google O1 - Hosts: 69.65.50.148 google.co.jp O1 - Hosts: 69.65.50.148 Google O1 - Hosts: 69.65.50.148 google.nl O1 - Hosts: 69.65.50.148 Google O1 - Hosts: 22 more lines... O2 - BHO: (RealPlayer Download and Record Plugin for Internet Explorer) - {3049C3E9-B461-4BC5-8870-4C09146192CA} - F:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\IE\rpbrowserrecordplugin.dll (RealPlayer) O2 - BHO: (Messenger Plus Live Germany Toolbar) - {542e4d79-1970-4e95-9862-fdb96f61b280} - F:\Program Files\Messenger_Plus_Live_Germany\tbMess.dll (Conduit Ltd.) O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - No CLSID value found. O2 - BHO: (MessengerPlusLive Germany TB Toolbar) - {76aeea42-e04a-4b62-83ab-df4b2be2541e} - F:\Program Files\MessengerPlusLive_Germany_TB\tbMess.dll (Conduit Ltd.) O3 - HKLM\..\Toolbar: (Messenger Plus Live Germany Toolbar) - {542e4d79-1970-4e95-9862-fdb96f61b280} - F:\Program Files\Messenger_Plus_Live_Germany\tbMess.dll (Conduit Ltd.) O3 - HKLM\..\Toolbar: (MessengerPlusLive Germany TB Toolbar) - {76aeea42-e04a-4b62-83ab-df4b2be2541e} - F:\Program Files\MessengerPlusLive_Germany_TB\tbMess.dll (Conduit Ltd.) O3 - HKCU\..\Toolbar\WebBrowser: (Messenger Plus Live Germany Toolbar) - {542E4D79-1970-4E95-9862-FDB96F61B280} - F:\Program Files\Messenger_Plus_Live_Germany\tbMess.dll (Conduit Ltd.) O3 - HKCU\..\Toolbar\WebBrowser: (MessengerPlusLive Germany TB Toolbar) - {76AEEA42-E04A-4B62-83AB-DF4B2BE2541E} - F:\Program Files\MessengerPlusLive_Germany_TB\tbMess.dll (Conduit Ltd.) O4 - HKLM..\Run: [DivXUpdate] F:\Program Files\DivX\DivX Update\DivXUpdate.exe () O4 - HKLM..\Run: [ Malwarebytes Anti-Malware (reboot)] F:\Program Files\Malwarebytes' Anti-Malware\mbam.exe (Malwarebytes Corporation) O4 - HKLM..\Run: [TkBellExe] F:\Program Files\Common Files\Real\Update_OB\realsched.exe (RealNetworks, Inc.) O4 - HKCU..\Run: [{04771518-AD31-B248-B999-5462D46FD854}] F:\Users\Mudimu\AppData\Roaming\Itlyvu\suyvi.exe File not found O4 - Startup: F:\Users\Mudimu\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\mousedriver.exe (Microsoft Corporation) O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 2 O8 - Extra context menu item: Add to Google Photos Screensa&ver - F:\Windows\System32\GPhotos.scr (Google Inc.) O9 - Extra Button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - F:\Programme\Microsoft Office\Office12\REFIEBAR.DLL (Microsoft Corporation) O10 - NameSpace_Catalog5\Catalog_Entries\000000000007 [] - F:\Programme\Bonjour\mdnsNSP.dll (Apple Inc.) O13 - gopher Prefix: missing O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_18-windows-i586.cab (Java Plug-in 1.6.0_18) O16 - DPF: {CAFEEFAC-0016-0000-0018-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_18-windows-i586.cab (Java Plug-in 1.6.0_18) O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_18-windows-i586.cab (Java Plug-in 1.6.0_18) O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab (Reg Error: Key error.) O16 - DPF: {E77F23EB-E7AB-4502-8F37-247DBAF1A147} hxxp://gfx2.hotmail.com/mail/w4/pr01/photouploadcontrol/VistaMSNPUpldde-de.cab (Windows Live Hotmail Photo Upload Tool) O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.0.1 O18 - Protocol\Handler\livecall {828030A1-22C1-4009-854F-8E305202313F} - F:\PROGRA~2\WIC4A1~1\MESSEN~1\MSGRAP~1.DLL (Microsoft Corporation) O18 - Protocol\Handler\msnim {828030A1-22C1-4009-854F-8E305202313F} - F:\PROGRA~2\WIC4A1~1\MESSEN~1\MSGRAP~1.DLL (Microsoft Corporation) O18 - Protocol\Handler\mso-offdap {3D9F03FA-7A94-11D3-BE81-0050048385D1} - F:\PROGRA~2\COMMON~1\MICROS~1\WEBCOM~1\10\OWC10.DLL (Microsoft Corporation) O18 - Protocol\Handler\wlmailhtml {03C514A3-1EFB-4856-9F99-10D7BE1653C0} - F:\Programme\Windows Live\Mail\mailcomm.dll (Microsoft Corporation) O18 - Protocol\Filter\text/xml {807563E5-5146-11D5-A672-00B0D022E945} - F:\PROGRA~2\COMMON~1\MICROS~1\OFFICE12\MSOXMLMF.DLL (Microsoft Corporation) O20 - HKLM Winlogon: Shell - (explorer.exe) - F:\Windows\explorer.exe (Microsoft Corporation) O20 - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - F:\Windows\System32\SystemPropertiesPerformance.exe (Microsoft Corporation) O20 - HKLM Winlogon: VMApplet - (/pagefile) - File not found O20 - HKCU Winlogon: Shell - (explorer.exe) - F:\Windows\explorer.exe (Microsoft Corporation) O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - CLSID or File not found. O30 - LSA: Security Packages - (pku2u) - F:\Windows\System32\pku2u.dll (Microsoft Corporation) O32 - HKLM CDRom: AutoRun - 1 O32 - AutoRun File - [2006.10.27 21:37:40 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ] O32 - AutoRun File - [2009.06.10 23:42:20 | 000,000,024 | ---- | M] () - F:\autoexec.bat -- [ NTFS ] O32 - AutoRun File - [2010.10.07 06:07:16 | 000,000,341 | RHS- | M] () - I:\autorun.inf -- [ FAT ] O34 - HKLM BootExecute: (autocheck autochk *) - File not found O35 - HKLM\..comfile [open] -- "%1" %* O35 - HKLM\..exefile [open] -- "%1" %* O37 - HKLM\...com [@ = comfile] -- "%1" %* O37 - HKLM\...exe [@ = exefile] -- "%1" %* ========== Files/Folders - Created Within 30 Days ========== [2010.10.25 18:14:34 | 000,000,000 | ---D | C] -- F:\_OTL [2010.10.22 23:13:18 | 003,181,568 | ---- | C] (Microsoft Corporation) -- F:\Windows\System32\mf.dll [2010.10.22 23:13:18 | 001,619,456 | ---- | C] (Microsoft Corporation) -- F:\Windows\System32\WMVDECOD.DLL [2010.10.22 23:13:18 | 000,196,608 | ---- | C] (Microsoft Corporation) -- F:\Windows\System32\mfreadwrite.dll [2010.10.22 22:06:08 | 000,000,000 | ---D | C] -- F:\Program Files\Feedback Tool [2010.10.22 22:04:14 | 020,698,424 | ---- | C] (Microsoft Corporation) -- F:\Users\Mudimu\Desktop\IE9-Windows7-x86-deu.exe [2010.10.22 16:58:37 | 000,107,520 | ---- | C] (Microsoft Corporation) -- F:\Users\Mudimu\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\mousedriver.exe [2010.10.22 16:58:37 | 000,000,000 | ---D | C] -- F:\Users\Mudimu\AppData\Roaming\updates [2010.10.20 17:54:25 | 000,000,000 | ---D | C] -- F:\Users\Mudimu\Desktop\Numba [2010.10.19 23:49:43 | 000,000,000 | ---D | C] -- F:\Users\Mudimu\AppData\Roaming\Malwarebytes [2010.10.19 23:49:32 | 000,038,224 | ---- | C] (Malwarebytes Corporation) -- F:\Windows\System32\drivers\mbamswissarmy.sys [2010.10.19 23:49:31 | 000,020,952 | ---- | C] (Malwarebytes Corporation) -- F:\Windows\System32\drivers\mbam.sys [2010.10.19 23:49:31 | 000,000,000 | ---D | C] -- F:\ProgramData\Malwarebytes [2010.10.19 23:49:30 | 000,000,000 | ---D | C] -- F:\Program Files\Malwarebytes' Anti-Malware [2010.10.18 19:32:46 | 000,000,000 | ---D | C] -- F:\Windows\System32\appmgmt [2010.10.18 10:25:31 | 000,000,000 | ---D | C] -- F:\Windows\pss [2010.10.17 19:15:27 | 000,000,000 | -H-D | C] -- F:\Users\Mudimu\Desktop\.picasaoriginals [2010.10.16 21:59:37 | 000,000,000 | -HSD | C] -- F:\ProgramData\SMHGCYE [2010.10.16 21:59:37 | 000,000,000 | -HSD | C] -- F:\Users\Mudimu\AppData\Roaming\Smart Engine [2010.10.16 17:12:59 | 000,000,000 | ---D | C] -- F:\Program Files\Trend Micro [2010.10.15 23:20:49 | 000,000,000 | ---D | C] -- F:\Programme\MSECache [2010.10.14 20:53:43 | 000,000,000 | ---D | C] -- F:\Users\Mudimu\AppData\Local\{71D81AB0-74A4-4E16-A52F-46750D03B515} [2010.10.13 17:00:29 | 000,363,520 | ---- | C] (Microsoft Corporation) -- F:\Windows\System32\StructuredQuery.dll [2010.10.13 12:36:44 | 000,096,104 | ---- | C] (Avira GmbH) -- F:\Windows\System32\drivers\avipbb.sys [2010.10.13 12:36:44 | 000,056,816 | ---- | C] (Avira GmbH) -- F:\Windows\System32\drivers\avgntflt.sys [2010.10.13 12:36:44 | 000,028,520 | ---- | C] (Avira GmbH) -- F:\Windows\System32\drivers\ssmdrv.sys [2010.10.13 12:36:25 | 000,000,000 | ---D | C] -- F:\ProgramData\Avira [2010.10.13 12:36:25 | 000,000,000 | ---D | C] -- F:\Program Files\Avira [2010.10.13 11:49:45 | 000,000,000 | ---D | C] -- F:\Users\Mudimu\AppData\Roaming\download [2010.10.13 11:12:01 | 000,000,000 | ---D | C] -- F:\ProgramData\Grisoft [2010.10.12 23:49:13 | 000,000,000 | ---D | C] -- F:\Users\Mudimu\AppData\Roaming\download2 [2010.10.11 18:41:57 | 000,719,872 | ---- | C] (Abysmal Software) -- F:\Windows\System32\devil.dll [2010.10.11 18:41:57 | 000,369,152 | ---- | C] (The Public) -- F:\Windows\System32\avisynth.dll [2010.10.11 18:41:56 | 000,070,656 | ---- | C] (www.helixcommunity.org) -- F:\Windows\System32\yv12vfw.dll [2010.10.11 18:41:56 | 000,070,656 | ---- | C] (www.helixcommunity.org) -- F:\Windows\System32\i420vfw.dll [2010.10.11 18:41:55 | 000,000,000 | ---D | C] -- F:\Program Files\AviSynth 2.5 [2010.10.11 18:40:23 | 000,090,112 | RHS- | C] (-) -- F:\Windows\System32\TTADSSplitter.ax [2010.10.11 18:40:22 | 000,092,672 | RHS- | C] (RadLight) -- F:\Windows\System32\RLVorbisDec.ax [2010.10.11 18:40:22 | 000,090,112 | RHS- | C] (-) -- F:\Windows\System32\TTADSDecoder.ax [2010.10.11 18:40:22 | 000,067,584 | RHS- | C] (RadLight, LLC) -- F:\Windows\System32\RLTheoraDec.ax [2010.10.11 18:40:21 | 000,186,880 | RHS- | C] (RadLight) -- F:\Windows\System32\RLOgg.ax [2010.10.11 18:40:20 | 000,161,792 | RHS- | C] (Gabest) -- F:\Windows\System32\RealMediaDX.ax [2010.10.11 18:40:19 | 000,216,064 | RHS- | C] (MONOGRAM Multimedia, s.r.o.) -- F:\Windows\System32\nbDX.dll [2010.10.11 18:40:19 | 000,169,472 | RHS- | C] (Gabest) -- F:\Windows\System32\MatroskaDX.ax [2010.10.11 18:40:19 | 000,031,232 | RHS- | C] (Hans Mayerl) -- F:\Windows\System32\msfDX.dll [2010.10.11 18:40:18 | 000,179,200 | RHS- | C] (Gabest) -- F:\Windows\System32\DiracSplitter.ax [2010.10.11 18:40:18 | 000,163,328 | RHS- | C] (Gabest) -- F:\Windows\System32\flvDX.dll [2010.10.11 18:40:17 | 000,123,904 | RHS- | C] (CoreCodec) -- F:\Windows\System32\AVCDX.ax [2010.10.11 18:39:00 | 000,000,000 | ---D | C] -- F:\Program Files\eRightSoft [2010.10.10 21:52:51 | 000,000,000 | ---D | C] -- F:\ProgramData\AntiVir PersonalEdition Classic [2010.10.08 16:13:25 | 000,000,000 | ---D | C] -- F:\Program Files\iPod [2010.10.08 16:13:11 | 000,000,000 | ---D | C] -- F:\Program Files\iTunes [2010.10.08 15:57:28 | 000,000,000 | ---D | C] -- F:\Programme\QuickTime [2010.10.08 15:54:09 | 000,000,000 | ---D | C] -- F:\Programme\Bonjour [1 F:\Users\Mudimu\*.tmp files -> F:\Users\Mudimu\*.tmp -> ] ========== Files - Modified Within 30 Days ========== [2010.10.25 18:42:16 | 000,001,092 | ---- | M] () -- F:\Windows\tasks\GoogleUpdateTaskMachineCore.job [2010.10.25 18:42:06 | 000,067,584 | --S- | M] () -- F:\Windows\bootstat.dat [2010.10.25 18:41:58 | 804,659,200 | -HS- | M] () -- F:\hiberfil.sys [2010.10.24 20:47:20 | 000,001,096 | ---- | M] () -- F:\Windows\tasks\GoogleUpdateTaskMachineUA.job [2010.10.24 15:43:11 | 000,014,752 | -H-- | M] () -- F:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0 [2010.10.24 15:43:11 | 000,014,752 | -H-- | M] () -- F:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0 [2010.10.23 12:46:36 | 000,648,466 | ---- | M] () -- F:\Windows\System32\perfh007.dat [2010.10.23 12:46:36 | 000,611,134 | ---- | M] () -- F:\Windows\System32\perfh009.dat [2010.10.23 12:46:36 | 000,128,724 | ---- | M] () -- F:\Windows\System32\perfc007.dat [2010.10.23 12:46:36 | 000,105,314 | ---- | M] () -- F:\Windows\System32\perfc009.dat [2010.10.23 01:47:54 | 000,000,217 | ---- | M] () -- F:\Users\Mudimu\AppData\Roaming\25969.bat [2010.10.22 23:05:52 | 000,000,134 | ---- | M] () -- F:\Users\Mudimu\Desktop\Internet Explorer-Problembehebung.url [2010.10.22 22:05:24 | 020,698,424 | ---- | M] (Microsoft Corporation) -- F:\Users\Mudimu\Desktop\IE9-Windows7-x86-deu.exe [2010.10.22 18:53:02 | 000,689,333 | ---- | M] () -- F:\Users\Mudimu\Desktop\830px-Ministrybreakin.png [2010.10.22 16:58:32 | 000,107,520 | ---- | M] (Microsoft Corporation) -- F:\Users\Mudimu\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\mousedriver.exe [2010.10.22 13:42:49 | 000,002,290 | ---- | M] () -- F:\Users\Public\Desktop\Google Chrome.lnk [2010.10.19 23:49:34 | 000,000,983 | ---- | M] () -- F:\Users\Public\Desktop\Malwarebytes' Anti-Malware.lnk [2010.10.19 23:15:28 | 000,000,217 | ---- | M] () -- F:\Users\Mudimu\AppData\Roaming\18719.bat [2010.10.19 11:41:44 | 000,222,080 | ---- | M] (Microsoft Corporation) -- F:\Windows\System32\MpSigStub.exe [2010.10.18 15:24:56 | 000,023,552 | ---- | M] () -- F:\Users\Mudimu\Documents\Remove Wininit.doc [2010.10.17 23:42:31 | 000,096,104 | ---- | M] (Avira GmbH) -- F:\Windows\System32\drivers\avipbb.sys [2010.10.17 23:42:31 | 000,056,816 | ---- | M] (Avira GmbH) -- F:\Windows\System32\drivers\avgntflt.sys [2010.10.17 23:42:31 | 000,028,520 | ---- | M] (Avira GmbH) -- F:\Windows\System32\drivers\ssmdrv.sys [2010.10.17 23:32:56 | 000,000,185 | ---- | M] () -- F:\Users\Mudimu\AppData\Roaming\23311.bat [2010.10.17 19:15:28 | 000,143,976 | ---- | M] () -- F:\Users\Mudimu\Desktop\101013_171857.jpg [2010.10.17 12:57:10 | 000,002,109 | RHS- | M] () -- F:\Windows\System32\drivers\etc\hosts [2010.10.16 17:13:27 | 000,002,043 | ---- | M] () -- F:\Users\Mudimu\Desktop\HijackThis.lnk [2010.10.13 22:04:19 | 001,991,640 | ---- | M] () -- F:\Users\Mudimu\Desktop\SPB_TV_2.0.ipa [2010.10.13 12:51:30 | 000,002,016 | ---- | M] () -- F:\Users\Public\Desktop\Avira AntiVir Control Center.lnk [2010.10.11 18:40:24 | 000,001,998 | ---- | M] () -- F:\Users\Public\Desktop\SUPER © Uninstall.lnk [2010.10.11 18:40:24 | 000,001,974 | ---- | M] () -- F:\Users\Public\Desktop\SUPER ©.lnk [2010.10.10 15:45:16 | 000,001,284 | ---- | M] () -- F:\Users\Public\Desktop\Fahren Lernen Offline.lnk [2010.10.08 16:16:40 | 000,002,429 | ---- | M] () -- F:\Users\Public\Desktop\iTunes.lnk [2010.10.08 15:58:20 | 000,001,815 | ---- | M] () -- F:\Users\Public\Desktop\QuickTime Player.lnk [1 F:\Users\Mudimu\*.tmp files -> F:\Users\Mudimu\*.tmp -> ] ========== Files Created - No Company Name ========== [2010.10.23 01:47:54 | 000,000,217 | ---- | C] () -- F:\Users\Mudimu\AppData\Roaming\25969.bat [2010.10.22 23:05:52 | 000,000,134 | ---- | C] () -- F:\Users\Mudimu\Desktop\Internet Explorer-Problembehebung.url [2010.10.22 18:52:55 | 000,689,333 | ---- | C] () -- F:\Users\Mudimu\Desktop\830px-Ministrybreakin.png [2010.10.19 23:49:34 | 000,000,983 | ---- | C] () -- F:\Users\Public\Desktop\Malwarebytes' Anti-Malware.lnk [2010.10.19 23:15:28 | 000,000,217 | ---- | C] () -- F:\Users\Mudimu\AppData\Roaming\18719.bat [2010.10.18 15:24:56 | 000,023,552 | ---- | C] () -- F:\Users\Mudimu\Documents\Remove Wininit.doc [2010.10.17 23:32:56 | 000,000,185 | ---- | C] () -- F:\Users\Mudimu\AppData\Roaming\23311.bat [2010.10.17 19:15:28 | 000,143,976 | ---- | C] () -- F:\Users\Mudimu\Desktop\101013_171857.jpg [2010.10.16 17:13:01 | 000,002,043 | ---- | C] () -- F:\Users\Mudimu\Desktop\HijackThis.lnk [2010.10.13 22:04:16 | 001,991,640 | ---- | C] () -- F:\Users\Mudimu\Desktop\SPB_TV_2.0.ipa [2010.10.13 12:51:30 | 000,002,016 | ---- | C] () -- F:\Users\Public\Desktop\Avira AntiVir Control Center.lnk [2010.10.11 18:41:56 | 000,027,648 | ---- | C] () -- F:\Windows\System32\AVSredirect.dll [2010.10.11 18:40:24 | 000,001,998 | ---- | C] () -- F:\Users\Public\Desktop\SUPER © Uninstall.lnk [2010.10.11 18:40:24 | 000,001,974 | ---- | C] () -- F:\Users\Public\Desktop\SUPER ©.lnk [2010.10.11 18:40:22 | 000,051,712 | RHS- | C] () -- F:\Windows\System32\RLSpeexDec.ax [2010.10.11 18:40:21 | 000,107,520 | RHS- | C] () -- F:\Windows\System32\RLMPCDec.ax [2010.10.11 18:40:21 | 000,070,656 | RHS- | C] () -- F:\Windows\System32\RLAPEDec.ax [2010.10.11 18:40:19 | 000,120,832 | RHS- | C] () -- F:\Windows\System32\MPCDx.ax [2010.10.11 18:40:18 | 000,097,280 | RHS- | C] () -- F:\Windows\System32\FLACDX.ax [2010.10.11 18:40:17 | 000,175,104 | RHS- | C] () -- F:\Windows\System32\CoreAAC.ax [2010.10.11 18:40:16 | 000,227,328 | RHS- | C] () -- F:\Windows\System32\ac3DX.ax [2010.10.11 18:40:16 | 000,081,920 | RHS- | C] () -- F:\Windows\System32\aac_parser.ax [2010.10.08 16:16:40 | 000,002,429 | ---- | C] () -- F:\Users\Public\Desktop\iTunes.lnk [2010.10.08 15:58:20 | 000,001,815 | ---- | C] () -- F:\Users\Public\Desktop\QuickTime Player.lnk [2010.08.16 23:54:41 | 000,007,168 | ---- | C] () -- F:\Users\Mudimu\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini [2010.06.13 10:32:52 | 000,000,534 | ---- | C] () -- F:\Windows\ODBC.INI [2009.07.14 01:51:43 | 000,073,728 | ---- | C] () -- F:\Windows\System32\BthpanContextHandler.dll [2009.07.14 01:42:10 | 000,064,000 | ---- | C] () -- F:\Windows\System32\BWContextHandler.dll [2004.08.13 09:56:20 | 000,005,810 | ---- | C] () -- F:\Windows\System32\drivers\ASACPI.sys < End of report > |
|
25.10.2010, 17:52
| #25 |
| | explorer.exe (TR/Spy.2614272.4) und wininit.exe (TR/Spy96256.33) bereiten Probleme OTL EXTRAS Logfile: Code:
ATTFilter OTL Extras logfile created on: 25.10.2010 18:45:35 - Run 3
OTL by OldTimer - Version 3.2.16.0 Folder = F:\Users\Mudimu\Downloads
An unknown product (Version = 6.1.7600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.7600.16385)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
1.023,00 Mb Total Physical Memory | 349,00 Mb Available Physical Memory | 34,00% Memory free
2,00 Gb Paging File | 1,00 Gb Available in Paging File | 63,00% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
%SystemDrive% = F: | %SystemRoot% = F:\Windows | %ProgramFiles% = F:\Program Files
Drive C: | 2,00 Gb Total Space | 0,01 Gb Free Space | 0,64% Space Free | Partition Type: NTFS
Drive E: | 2,82 Gb Total Space | 0,00 Gb Free Space | 0,00% Space Free | Partition Type: CDFS
Drive F: | 97,65 Gb Total Space | 9,21 Gb Free Space | 9,43% Space Free | Partition Type: NTFS
Drive G: | 24,41 Gb Total Space | 0,02 Gb Free Space | 0,07% Space Free | Partition Type: NTFS
Drive H: | 11,72 Gb Total Space | 10,46 Gb Free Space | 89,26% Space Free | Partition Type: NTFS
Drive I: | 488,84 Mb Total Space | 162,55 Mb Free Space | 33,25% Space Free | Partition Type: FAT
Computer Name: MUDIMU-PC | User Name: Mudimu | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
========== Extra Registry (SafeList) ==========
========== File Associations ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- F:\Windows\System32\control.exe (Microsoft Corporation)
.hlp [@ = hlpfile] -- F:\Windows\winhlp32.exe (Microsoft Corporation)
[HKEY_CURRENT_USER\SOFTWARE\Classes\<extension>]
.html [@ = FirefoxHTML] -- F:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation)
========== Shell Spawning ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
hlpfile [open] -- %SystemRoot%\winhlp32.exe %1 (Microsoft Corporation)
http [open] -- Reg Error: Key error.
https [open] -- Reg Error: Key error.
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l (Microsoft Corporation)
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
========== Security Center Settings ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"VistaSp1" = Reg Error: Unknown registry data type -- File not found
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]
========== Firewall Settings ==========
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
========== Authorized Applications List ==========
========== HKEY_LOCAL_MACHINE Uninstall List ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{048298C9-A4D3-490B-9FF9-AB023A9238F3}" = Steam
"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
"{205C6BDD-7B73-42DE-8505-9A093F35A238}" = Windows Live-Uploadtool
"{22B775E7-6C42-4FC5-8E10-9A5E3257BD94}" = MSVCRT
"{26A24AE4-039D-4CA4-87B4-2F83216018FF}" = Java(TM) 6 Update 18
"{2BD2FA21-B51D-4F01-94A7-AC16737B2163}" = Adobe Flash Player 10 ActiveX
"{2CE5A2E7-3437-4CE7-BCF4-85ED6EEFF9E4}" = iTunes
"{3175E049-F9A9-4A3D-8F19-AC9FB04514D1}" = Windows Live Communications Platform
"{3C3901C5-3455-3E0A-A214-0B093A5070A6}" = Microsoft .NET Framework 4 Client Profile
"{452473D3-1D26-4E61-8060-3B216620D60C}_is1" = Fahren Lernen Offline 1.2
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{52B97218-98CB-4B8B-9283-D213C85E1AA4}" = Windows Live Anmelde-Assistent
"{5EE7D259-D137-4438-9A5F-42F432EC0421}" = VC80CRTRedist - 8.0.50727.4053
"{69FDFBB6-351D-4B8C-89D8-867DC9D0A2A4}" = Windows Media Player Firefox Plugin
"{770657D0-A123-3C07-8E44-1C83EC895118}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{8E5233E1-7495-44FB-8DEB-4BE906D59619}" = Junk Mail filter update
"{90024193-9F13-4877-89D5-A1CDF0CBBF28}" = Feedback Tool
"{90120000-001F-0407-0000-0000000FF1CE}" = Microsoft Office Proof (German) 2007
"{90120000-001F-0407-0000-0000000FF1CE}_VISPRO_{A0516415-ED61-419A-981D-93596DA74165}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2007
"{90120000-001F-0409-0000-0000000FF1CE}_GROOVE_{ABDDE972-355B-4AF1-89A8-DA50B7B5C045}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-001F-0409-0000-0000000FF1CE}_VISPRO_{ABDDE972-355B-4AF1-89A8-DA50B7B5C045}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2007
"{90120000-001F-040C-0000-0000000FF1CE}_GROOVE_{F580DDD5-8D37-4998-968E-EBB76BB86787}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-001F-040C-0000-0000000FF1CE}_VISPRO_{F580DDD5-8D37-4998-968E-EBB76BB86787}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-001F-0410-0000-0000000FF1CE}" = Microsoft Office Proof (Italian) 2007
"{90120000-001F-0410-0000-0000000FF1CE}_VISPRO_{322296D4-1EAE-4030-9FBC-D2787EB25FA2}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-001F-0C0A-0000-0000000FF1CE}" = Microsoft Office Proof (Spanish) 2007
"{90120000-001F-0C0A-0000-0000000FF1CE}_GROOVE_{187308AB-5FA7-4F14-9AB9-D290383A10D9}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-0020-0409-0000-0000000FF1CE}" = Compatibility Pack for the 2007 Office system
"{90120000-002C-0407-0000-0000000FF1CE}" = Microsoft Office Proofing (German) 2007
"{90120000-002C-0409-0000-0000000FF1CE}" = Microsoft Office Proofing (English) 2007
"{90120000-0051-0000-0000-0000000FF1CE}" = Microsoft Office Visio Professional 2007
"{90120000-0051-0000-0000-0000000FF1CE}_VISPRO_{0FD405D3-CAF8-4CA6-8BFD-911D2F8A6585}" = Microsoft Office Visio 2007 Service Pack 2 (SP2)
"{90120000-0051-0000-0000-0000000FF1CE}_VISPRO_{3D019598-7B59-447A-80AE-815B703B84FF}" = Security Update for Microsoft Office system 2007 (972581)
"{90120000-0054-0407-0000-0000000FF1CE}" = Microsoft Office Visio MUI (German) 2007
"{90120000-0054-0407-0000-0000000FF1CE}_VISPRO_{60CC0F2D-BFA0-4851-903D-809D876DD87B}" = Microsoft Office Visio 2007 Service Pack 2 (SP2)
"{90120000-006E-0407-0000-0000000FF1CE}" = Microsoft Office Shared MUI (German) 2007
"{90120000-006E-0407-0000-0000000FF1CE}_VISPRO_{26454C26-D259-4543-AA60-3189E09C5F76}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-006E-0409-0000-0000000FF1CE}" = Microsoft Office Shared MUI (English) 2007
"{90120000-006E-0409-0000-0000000FF1CE}_GROOVE_{DE5A002D-8122-4278-A7EE-3121E7EA254E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-00BA-0000-0000-0000000FF1CE}" = Microsoft Office Groove 2007
"{90120000-00BA-0000-0000-0000000FF1CE}_GROOVE_{0B36C6D6-F5D8-4EAF-BF94-4376A230AD5B}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-00BA-0000-0000-0000000FF1CE}_GROOVE_{3D019598-7B59-447A-80AE-815B703B84FF}" = Security Update for Microsoft Office system 2007 (972581)
"{90120000-00BA-0409-0000-0000000FF1CE}" = Microsoft Office Groove MUI (English) 2007
"{90120000-00BA-0409-0000-0000000FF1CE}_GROOVE_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0114-0409-0000-0000000FF1CE}" = Microsoft Office Groove Setup Metadata MUI (English) 2007
"{90120000-0114-0409-0000-0000000FF1CE}_GROOVE_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0115-0409-0000-0000000FF1CE}" = Microsoft Office Shared Setup Metadata MUI (English) 2007
"{90120000-0115-0409-0000-0000000FF1CE}_GROOVE_{DE5A002D-8122-4278-A7EE-3121E7EA254E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90280407-6000-11D3-8CFE-0050048383C9}" = Microsoft Office XP Professional mit FrontPage
"{95120000-00B9-0409-0000-0000000FF1CE}" = Microsoft Application Error Reporting
"{9559F7CA-5E34-4237-A2D9-D856464AD727}" = Project64 1.6
"{9799BD05-5F89-484C-008E-F50592F53440}" = Harry Potter und der Feuerkelch™
"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
"{A49F249F-0C91-497F-86DF-B2585E8E76B7}" = Microsoft Visual C++ 2005 Redistributable
"{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper
"{AC76BA86-7AD7-1031-7B44-A93000000001}" = Adobe Reader 9.3.3 - Deutsch
"{AC76BA86-7AD7-5760-0000-900000000003}" = Japanese Fonts Support For Adobe Reader 9
"{AED2DD42-9853-407E-A6BC-8A1D6B715909}" = Windows Live Messenger
"{B194272D-1F92-46DF-99EB-8D5CE91CB4EC}" = Adobe AIR
"{B69F28DF-CBB1-41B7-008A-210E4D0518FC}" = Harry Potter und der Orden des Phönix™
"{C41300B9-185D-475E-BFEC-39EF732F19B1}" = Apple Software Update
"{C4D738F7-996A-4C81-B8FA-C4E26D767E41}" = Windows Live Mail
"{CAFA57E8-8927-4912-AFCF-B0AA3837E989}" = Windows Live Essentials
"{CCA1EEA3-555E-4D05-AC46-4B49C6C5D887}" = Apple Mobile Device Support
"{D2041A37-5FEC-49F0-AE5C-3F2FFDFAA4F4}" = Windows Live Call
"{DAEAFD68-BB4A-4507-A241-C8804D2EA66D}" = Apple Application Support
"{E7004147-2CCA-431C-AA05-2AB166B9785D}" = QuickTime
"{F0E12BBA-AD66-4022-A453-A1C8A0C4D570}" = Microsoft Choice Guard
"{F4F4F84E-804F-4E9A-84D7-C34283F0088F}" = RealUpgrade 1.0
"{FE0646A7-19D0-41B4-A2BB-2C35D644270D}" = Windows Live OneCare safety scanner
"{FF1C31AE-0CDC-40CE-AB85-406F8B70D643}" = Bonjour
"Adobe AIR" = Adobe AIR
"Adobe Flash Player ActiveX" = Adobe Flash Player 10 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 10 Plugin
"AudibleDownloadManager" = Audible Download Manager
"Avira AntiVir Desktop" = Avira AntiVir Personal - Free Antivirus
"DivX Setup.divx.com" = DivX-Setup
"Google Chrome" = Google Chrome
"GROOVE" = Microsoft Office Groove 2007
"HijackThis" = HijackThis 2.0.2
"Malwarebytes' Anti-Malware_is1" = Malwarebytes' Anti-Malware
"McAfee Security Scan" = McAfee Security Scan Plus
"Messenger Plus! Live" = Messenger Plus! Live
"Messenger_Plus_Live_Germany Toolbar" = Messenger_Plus_Live_Germany Toolbar
"MessengerPlusLive_Germany_TB Toolbar" = MessengerPlusLive Germany TB Toolbar
"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile
"Mozilla Firefox (3.6.11)" = Mozilla Firefox (3.6.11)
"Picasa 3" = Picasa 3
"RealPlayer 12.0" = RealPlayer
"SUPER ©" = SUPER © Version 2010.bld.38 (May 2, 2010)
"VISPRO" = Microsoft Office Visio Professional 2007
"Windows Live OneCare safety scanner" = Windows Live OneCare safety scanner
"WinLiveSuite_Wave3" = Windows Live Essentials
========== HKEY_CURRENT_USER Uninstall List ==========
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
========== Last 10 Event Log Errors ==========
[ Application Events ]
Error - 19.10.2010 16:09:14 | Computer Name = Mudimu-PC | Source = Application Error | ID = 1000
Description = Name der fehlerhaften Anwendung: firefox.exe, Version: 1.9.2.3909,
Zeitstempel: 0x4c8fdcc5 Name des fehlerhaften Moduls: ntdll.dll, Version: 6.1.7600.16559,
Zeitstempel: 0x4ba9b21e Ausnahmecode: 0xc0000005 Fehleroffset: 0x00075cf0 ID des fehlerhaften
Prozesses: 0xd14 Startzeit der fehlerhaften Anwendung: 0x01cb6fb8195e530e Pfad der
fehlerhaften Anwendung: F:\Program Files\Mozilla Firefox\firefox.exe Pfad des fehlerhaften
Moduls: F:\Windows\SYSTEM32\ntdll.dll Berichtskennung: be48c086-dbbc-11df-8c55-0018f35bb59f
Error - 19.10.2010 16:10:12 | Computer Name = Mudimu-PC | Source = Application Error | ID = 1000
Description = Name der fehlerhaften Anwendung: plugin-container.exe, Version: 1.9.2.3909,
Zeitstempel: 0x4c8fdc89 Name des fehlerhaften Moduls: NPSWF32.dll_unloaded, Version:
0.0.0.0, Zeitstempel: 0x4bfd730a Ausnahmecode: 0xc0000005 Fehleroffset: 0x632918e6
ID
des fehlerhaften Prozesses: 0x7a4 Startzeit der fehlerhaften Anwendung: 0x01cb6fb84661b0be
Pfad
der fehlerhaften Anwendung: F:\Program Files\Mozilla Firefox\plugin-container.exe
Pfad
des fehlerhaften Moduls: NPSWF32.dll Berichtskennung: e06f8fb4-dbbc-11df-8c55-0018f35bb59f
Error - 19.10.2010 17:08:20 | Computer Name = Mudimu-PC | Source = Application Error | ID = 1000
Description = Name der fehlerhaften Anwendung: firefox.exe, Version: 1.9.2.3909,
Zeitstempel: 0x4c8fdcc5 Name des fehlerhaften Moduls: CoolType.dll, Version: 5.5.69.1,
Zeitstempel: 0x4c1d66b7 Ausnahmecode: 0xc0000409 Fehleroffset: 0x00184a20 ID des fehlerhaften
Prozesses: 0xf30 Startzeit der fehlerhaften Anwendung: 0x01cb6fc9a0ee85c5 Pfad der
fehlerhaften Anwendung: F:\Program Files\Mozilla Firefox\firefox.exe Pfad des fehlerhaften
Moduls: F:\Program Files\Adobe\Reader 9.0\Reader\CoolType.dll Berichtskennung: ff745be8-dbc4-11df-8c55-0018f35bb59f
Error - 19.10.2010 17:09:26 | Computer Name = Mudimu-PC | Source = Application Error | ID = 1000
Description = Name der fehlerhaften Anwendung: plugin-container.exe, Version: 1.9.2.3909,
Zeitstempel: 0x4c8fdc89 Name des fehlerhaften Moduls: ntdll.dll, Version: 6.1.7600.16559,
Zeitstempel: 0x4ba9b21e Ausnahmecode: 0xc0000005 Fehleroffset: 0x00046bf0 ID des fehlerhaften
Prozesses: 0x280 Startzeit der fehlerhaften Anwendung: 0x01cb6fc9ca2c975f Pfad der
fehlerhaften Anwendung: F:\Program Files\Mozilla Firefox\plugin-container.exe Pfad
des fehlerhaften Moduls: F:\Windows\SYSTEM32\ntdll.dll Berichtskennung: 271642fb-dbc5-11df-8c55-0018f35bb59f
Error - 19.10.2010 17:27:15 | Computer Name = Mudimu-PC | Source = Application Error | ID = 1000
Description = Name der fehlerhaften Anwendung: firefox.exe, Version: 1.9.2.3909,
Zeitstempel: 0x4c8fdcc5 Name des fehlerhaften Moduls: unknown, Version: 0.0.0.0,
Zeitstempel: 0x00000000 Ausnahmecode: 0xc0000005 Fehleroffset: 0x00064fbd ID des fehlerhaften
Prozesses: 0x120 Startzeit der fehlerhaften Anwendung: 0x01cb6fd1f61ba89b Pfad der
fehlerhaften Anwendung: F:\Program Files\Mozilla Firefox\firefox.exe Pfad des fehlerhaften
Moduls: unknown Berichtskennung: a4319494-dbc7-11df-8c55-0018f35bb59f
Error - 19.10.2010 17:27:33 | Computer Name = Mudimu-PC | Source = Application Error | ID = 1000
Description = Name der fehlerhaften Anwendung: plugin-container.exe, Version: 1.9.2.3909,
Zeitstempel: 0x4c8fdc89 Name des fehlerhaften Moduls: ntdll.dll, Version: 6.1.7600.16559,
Zeitstempel: 0x4ba9b21e Ausnahmecode: 0xc0000005 Fehleroffset: 0x00046bf0 ID des fehlerhaften
Prozesses: 0x6f4 Startzeit der fehlerhaften Anwendung: 0x01cb6fd226000938 Pfad der
fehlerhaften Anwendung: F:\Program Files\Mozilla Firefox\plugin-container.exe Pfad
des fehlerhaften Moduls: F:\Windows\SYSTEM32\ntdll.dll Berichtskennung: aec8d8bf-dbc7-11df-8c55-0018f35bb59f
Error - 20.10.2010 06:07:35 | Computer Name = Mudimu-PC | Source = Application Error | ID = 1000
Description = Name der fehlerhaften Anwendung: firefox.exe, Version: 1.9.2.3909,
Zeitstempel: 0x4c8fdcc5 Name des fehlerhaften Moduls: CoolType.dll, Version: 5.5.69.1,
Zeitstempel: 0x4c1d66b7 Ausnahmecode: 0xc0000409 Fehleroffset: 0x00184a20 ID des fehlerhaften
Prozesses: 0xabc Startzeit der fehlerhaften Anwendung: 0x01cb703cbccdd013 Pfad der
fehlerhaften Anwendung: F:\Program Files\Mozilla Firefox\firefox.exe Pfad des fehlerhaften
Moduls: F:\Program Files\Adobe\Reader 9.0\Reader\CoolType.dll Berichtskennung: dbfc3116-dc31-11df-a595-0018f35bb59f
Error - 20.10.2010 10:39:42 | Computer Name = Mudimu-PC | Source = Application Error | ID = 1000
Description = Name der fehlerhaften Anwendung: Explorer.EXE, Version: 6.1.7600.16450,
Zeitstempel: 0x4aeba271 Name des fehlerhaften Moduls: MSONSEXT.DLL, Version: 10.145.7329.0,
Zeitstempel: 0x4019138d Ausnahmecode: 0xc0000005 Fehleroffset: 0x0004ef37 ID des fehlerhaften
Prozesses: 0x898 Startzeit der fehlerhaften Anwendung: 0x01cb7039dca38c86 Pfad der
fehlerhaften Anwendung: F:\Windows\Explorer.EXE Pfad des fehlerhaften Moduls: F:\PROGRA~2\COMMON~1\MICROS~1\WEBFOL~1\MSONSEXT.DLL
Berichtskennung:
df52cfcf-dc57-11df-a595-0018f35bb59f
Error - 20.10.2010 10:43:05 | Computer Name = Mudimu-PC | Source = Application Error | ID = 1000
Description = Name der fehlerhaften Anwendung: setup.exe_Google Chrome, Version:
7.0.517.41, Zeitstempel: 0x4cb3d03b Name des fehlerhaften Moduls: setup.exe, Version:
7.0.517.41, Zeitstempel: 0x4cb3d03b Ausnahmecode: 0x40000015 Fehleroffset: 0x0005c280
ID
des fehlerhaften Prozesses: 0x58c Startzeit der fehlerhaften Anwendung: 0x01cb706505edfc68
Pfad
der fehlerhaften Anwendung: F:\Windows\Temp\CR_AB62.tmp\setup.exe Pfad des fehlerhaften
Moduls: F:\Windows\Temp\CR_AB62.tmp\setup.exe Berichtskennung: 584a1b5f-dc58-11df-a595-0018f35bb59f
Error - 20.10.2010 11:04:30 | Computer Name = Mudimu-PC | Source = Application Hang | ID = 1002
Description = Programm RealUpgrade.exe, Version 1.0.2.170 kann nicht mehr unter
Windows ausgeführt werden und wurde beendet. Überprüfen Sie den Problemverlauf in
der Wartungscenter-Systemsteuerung, um nach weiteren Informationen zum Problem
zu suchen. Prozess-ID: 6ec Startzeit: 01cb70676a57ef22 Endzeit: 31 Anwendungspfad: F:\Program
Files\Real\RealUpgrade\RealUpgrade.exe Berichts-ID: 5310237d-dc5b-11df-bfab-0018f35bb59f
[ Media Center Events ]
Error - 12.10.2010 03:22:50 | Computer Name = Mudimu-PC | Source = MCUpdate | ID = 0
Description = 09:22:49 - MCESpotlight konnte nicht abgerufen werden (Fehler: Die
zugrunde liegende Verbindung wurde geschlossen: Für den geschützten SSL/TLS-Kanal
konnte keine Vertrauensstellung hergestellt werden..)
Error - 12.10.2010 03:22:52 | Computer Name = Mudimu-PC | Source = MCUpdate | ID = 0
Description = 09:22:51 - MCEClientUX konnte nicht abgerufen werden (Fehler: Die
zugrunde liegende Verbindung wurde geschlossen: Für den geschützten SSL/TLS-Kanal
konnte keine Vertrauensstellung hergestellt werden..)
Error - 12.10.2010 03:22:52 | Computer Name = Mudimu-PC | Source = MCUpdate | ID = 0
Description = 09:22:52 - Broadband konnte nicht abgerufen werden (Fehler: Die zugrunde
liegende Verbindung wurde geschlossen: Für den geschützten SSL/TLS-Kanal konnte
keine Vertrauensstellung hergestellt werden..)
Error - 12.10.2010 14:20:46 | Computer Name = Mudimu-PC | Source = MCUpdate | ID = 0
Description = 20:20:46 - Directory konnte nicht abgerufen werden (Fehler: Die zugrunde
liegende Verbindung wurde geschlossen: Für den geschützten SSL/TLS-Kanal konnte
keine Vertrauensstellung hergestellt werden..)
Error - 12.10.2010 14:21:21 | Computer Name = Mudimu-PC | Source = MCUpdate | ID = 0
Description = 20:21:20 - MCESpotlight konnte nicht abgerufen werden (Fehler: Die
zugrunde liegende Verbindung wurde geschlossen: Für den geschützten SSL/TLS-Kanal
konnte keine Vertrauensstellung hergestellt werden..)
Error - 12.10.2010 14:21:22 | Computer Name = Mudimu-PC | Source = MCUpdate | ID = 0
Description = 20:21:22 - MCEClientUX konnte nicht abgerufen werden (Fehler: Die
zugrunde liegende Verbindung wurde geschlossen: Für den geschützten SSL/TLS-Kanal
konnte keine Vertrauensstellung hergestellt werden..)
Error - 12.10.2010 14:21:28 | Computer Name = Mudimu-PC | Source = MCUpdate | ID = 0
Description = 20:21:23 - Broadband konnte nicht abgerufen werden (Fehler: Die zugrunde
liegende Verbindung wurde geschlossen: Für den geschützten SSL/TLS-Kanal konnte
keine Vertrauensstellung hergestellt werden..)
Error - 13.10.2010 14:02:34 | Computer Name = Mudimu-PC | Source = MCUpdate | ID = 0
Description = 20:02:34 - Fehler beim Herstellen der Internetverbindung. 20:02:34
- Serververbindung konnte nicht hergestellt werden..
Error - 13.10.2010 14:02:45 | Computer Name = Mudimu-PC | Source = MCUpdate | ID = 0
Description = 20:02:40 - Fehler beim Herstellen der Internetverbindung. 20:02:40
- Serververbindung konnte nicht hergestellt werden..
Error - 17.10.2010 04:27:41 | Computer Name = Mudimu-PC | Source = MCUpdate | ID = 0
Description = 10:27:32 - Fehler beim Herstellen der Internetverbindung. 10:27:32
- Serververbindung konnte nicht hergestellt werden..
[ System Events ]
Error - 13.09.2010 13:01:25 | Computer Name = Mudimu-PC | Source = Microsoft-Windows-Kernel-Processor-Power | ID = 6
Description = Einige Funktionen zur Energieverwaltung im Leistungsstatus wurden
im Prozessor aufgrund eines bekannten Firmwareproblems deaktiviert. Wenden Sie sich
an den Computerhersteller, um aktualisierte Firmware zu erhalten.
Error - 13.09.2010 13:02:16 | Computer Name = Mudimu-PC | Source = PNRPSvc | ID = 102
Description =
Error - 13.09.2010 13:02:16 | Computer Name = Mudimu-PC | Source = Service Control Manager | ID = 7023
Description = Der Dienst "Peer Name Resolution-Protokoll" wurde mit folgendem Fehler
beendet: %%-2140993535
Error - 13.09.2010 13:02:16 | Computer Name = Mudimu-PC | Source = Service Control Manager | ID = 7001
Description = Der Dienst "Peernetzwerk-Gruppenzuordnung" ist vom Dienst "Peer Name
Resolution-Protokoll" abhängig, der aufgrund folgenden Fehlers nicht gestartet
wurde: %%-2140993535
Error - 13.09.2010 13:02:27 | Computer Name = Mudimu-PC | Source = PNRPSvc | ID = 102
Description =
Error - 13.09.2010 13:02:27 | Computer Name = Mudimu-PC | Source = PNRPSvc | ID = 102
Description =
Error - 13.09.2010 13:02:27 | Computer Name = Mudimu-PC | Source = Service Control Manager | ID = 7023
Description = Der Dienst "Peer Name Resolution-Protokoll" wurde mit folgendem Fehler
beendet: %%-2140993535
Error - 13.09.2010 13:02:27 | Computer Name = Mudimu-PC | Source = Service Control Manager | ID = 7001
Description = Der Dienst "Peernetzwerk-Gruppenzuordnung" ist vom Dienst "Peer Name
Resolution-Protokoll" abhängig, der aufgrund folgenden Fehlers nicht gestartet
wurde: %%-2140993535
Error - 13.09.2010 13:02:27 | Computer Name = Mudimu-PC | Source = Service Control Manager | ID = 7023
Description = Der Dienst "Peer Name Resolution-Protokoll" wurde mit folgendem Fehler
beendet: %%-2140993535
Error - 13.09.2010 13:02:27 | Computer Name = Mudimu-PC | Source = Service Control Manager | ID = 7001
Description = Der Dienst "Peernetzwerk-Gruppenzuordnung" ist vom Dienst "Peer Name
Resolution-Protokoll" abhängig, der aufgrund folgenden Fehlers nicht gestartet
wurde: %%-2140993535
< End of report >
|
|
25.10.2010, 19:02
| #26 |
| /// Winkelfunktion /// TB-Süch-Tiger™ | explorer.exe (TR/Spy.2614272.4) und wininit.exe (TR/Spy96256.33) bereiten Probleme Das ist nicht das Fix-Log! Ich brauch den Quarantäneordner von OTL. Bitte folgendes machen: 1.) GANZ WICHTIG!! Virenscanner deaktivieren, der darf da nicht rummurksen! 2.) Ordner C:\_OTL in eine Datei zippen 3.) Die erstellte ZIP-Datei hier hochladen => http://www.trojaner-board.de/54791-a...ner-board.html 4.) Wenns erfolgreich war Bescheid sagen 5.) Erst dann wieder den Virenscanner einschalten
__________________ Logfiles bitte immer in CODE-Tags posten |
|
28.10.2010, 15:50
| #27 |
| | explorer.exe (TR/Spy.2614272.4) und wininit.exe (TR/Spy96256.33) bereiten Probleme Sorry, es scheint, als sei auf meinem Rechner kein _OTL unter C vorhanden! |
|
28.10.2010, 19:30
| #28 |
| /// Winkelfunktion /// TB-Süch-Tiger™ | explorer.exe (TR/Spy.2614272.4) und wininit.exe (TR/Spy96256.33) bereiten Probleme Dann machden Fix bitte nochmal.
__________________ Logfiles bitte immer in CODE-Tags posten |
|
| Themen zu explorer.exe (TR/Spy.2614272.4) und wininit.exe (TR/Spy96256.33) bereiten Probleme |
| alert, andere, angemeldet, avira, befinden, brauche, dinge, einfach, explorer.exe, explorer.exe wininit.exe trojaner, facharbeit, hoffe, malware, problem, probleme, richtig, security, security alert, seite, tr/spy., troja, trojaner, virus, virus?, windows, windows security, windows security alert |
Linear-Darstellung
