| |
| |||||||
Plagegeister aller Art und deren Bekämpfung: Security Tool nicht gelöschtWindows 7 Wenn Du nicht sicher bist, ob Du dir Malware oder Trojaner eingefangen hast, erstelle hier ein Thema. Ein Experte wird sich mit weiteren Anweisungen melden und Dir helfen die Malware zu entfernen oder Unerwünschte Software zu deinstallieren bzw. zu löschen. Bitte schildere dein Problem so genau wie möglich. Sollte es ein Trojaner oder Viren Problem sein wird ein Experte Dir bei der Beseitigug der Infektion helfen. |
 |
16.11.2010, 21:51
| #1 | |||
 |  Security Tool nicht gelöscht Hallo allerseits, ich habe mir gestern den Virus Security Tool eingefangen und habe dann im abgesicherten Modus versucht Security Tool zu entfernen wie hier beschrieben http://www.trojaner-board.de/81432-s...entfernen.html Leider nicht erfolgreich, nachdem es beim dritten Versuch u.a. mit Vollscan nicht geklappt hat, frage ich nun hier nach Hilfe. Ich füge mal die 3. Logs ein ich hoffe das reicht. Wie muss ich nun weiter vorgehen? So wie hier: http://www.trojaner-board.de/92697-s...rpruefung.html Danke vielmals schon mal im Voraus. 1. Log Zitat:
2. Log Zitat:
3. Log Zitat:
Code:
ATTFilter OTL logfile created on: 16.11.2010 22:49:35 - Run 1 OTL by OldTimer - Version 3.2.17.3 Folder = C:\Users\***\Downloads Windows Vista Home Premium Edition (Version = 6.0.6000) - Type = NTWorkstation Internet Explorer (Version = 7.0.6000.17037) Locale: 00000807 | Country: Schweiz | Language: DES | Date Format: dd.MM.yyyy 2.00 Gb Total Physical Memory | 1.00 Gb Available Physical Memory | 66.00% Memory free 4.00 Gb Paging File | 4.00 Gb Available in Paging File | 88.00% Paging File free Paging file location(s): ?:\pagefile.sys [binary data] %SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files Drive C: | 141.60 Gb Total Space | 40.44 Gb Free Space | 28.56% Space Free | Partition Type: NTFS Drive D: | 7.45 Gb Total Space | 2.52 Gb Free Space | 33.78% Space Free | Partition Type: NTFS Computer Name: ***-*** | User Name: *** | Logged in as Administrator. Boot Mode: SafeMode with Networking | Scan Mode: Current user Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days ========== Processes (SafeList) ========== PRC - C:\Users\***\Downloads\OTL.exe (OldTimer Tools) PRC - C:\Programme\Mozilla Firefox\plugin-container.exe (Mozilla Corporation) PRC - C:\Programme\Mozilla Firefox\firefox.exe (Mozilla Corporation) PRC - C:\Programme\Malwarebytes' Anti-Malware\mbam.exe (Malwarebytes Corporation) PRC - C:\WINDOWS\explorer.exe (Microsoft Corporation) ========== Modules (SafeList) ========== MOD - C:\Users\***\Downloads\OTL.exe (OldTimer Tools) MOD - C:\WINDOWS\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.6000.16386_none_5d07289e07e1d100\comctl32.dll (Microsoft Corporation) ========== Win32 Services (SafeList) ========== SRV - (SpyHunter 4 Service) -- C:\Programme\Enigma Software Group\SpyHunter\SH4Service.exe (Enigma Software Group USA, LLC.) SRV - (AntiVirScheduler) -- C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe (Avira GmbH) SRV - (AntiVirService) -- C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe (Avira GmbH) SRV - (WinDefend) -- C:\Programme\Windows Defender\MpSvc.dll (Microsoft Corporation) SRV - (CLSched) CyberLink Task Scheduler (CTS) -- C:\Program Files\HP\QuickPlay\Kernel\TV\CLSched.exe () SRV - (CLCapSvc) CyberLink Background Capture Service (CBCS) -- C:\Program Files\HP\QuickPlay\Kernel\TV\CLCapSvc.exe () SRV - (IAANTMON) Intel(R) -- C:\Programme\Intel\Intel Matrix Storage Manager\IAANTmon.exe (Intel Corporation) ========== Driver Services (SafeList) ========== DRV - (NwlnkFwd) -- C:\Windows\System32\DRIVERS\nwlnkfwd.sys File not found DRV - (NwlnkFlt) -- C:\Windows\System32\DRIVERS\nwlnkflt.sys File not found DRV - (IpInIp) -- C:\Windows\System32\DRIVERS\ipinip.sys File not found DRV - (blbdrive) -- C:\Windows\System32\drivers\blbdrive.sys File not found DRV - (nvlddmkm) -- C:\WINDOWS\System32\drivers\nvlddmkm.sys (NVIDIA Corporation) DRV - (avipbb) -- C:\WINDOWS\System32\drivers\avipbb.sys (Avira GmbH) DRV - (avgntflt) -- C:\Programme\Avira\AntiVir PersonalEdition Classic\avgntflt.sys (Avira GmbH) DRV - (avgio) -- C:\Programme\Avira\AntiVir PersonalEdition Classic\avgio.sys (Avira GmbH) DRV - (ssmdrv) -- C:\WINDOWS\System32\drivers\ssmdrv.sys (AVIRA GmbH) DRV - (ATSWPDRV) AuthenTec TruePrint USB Driver (SwipeSensor) -- C:\WINDOWS\System32\drivers\atswpdrv.sys (AuthenTec, Inc.) DRV - (IntcAzAudAddService) Service for Realtek HD Audio (WDM) -- C:\WINDOWS\System32\drivers\RTKVHDA.sys (Realtek Semiconductor Corp.) DRV - (RTL8169) -- C:\WINDOWS\System32\drivers\Rtlh86.sys (Realtek Corporation ) DRV - (NETw4v32) Intel(R) -- C:\WINDOWS\System32\drivers\NETw4v32.sys (Intel Corporation) DRV - (rimmptsk) -- C:\WINDOWS\System32\drivers\rimmptsk.sys (REDC) DRV - (iaStor) -- C:\Windows\system32\DRIVERS\iaStor.sys (Intel Corporation) DRV - (rismxdp) -- C:\WINDOWS\System32\drivers\rixdptsk.sys (REDC) DRV - (rimsptsk) -- C:\WINDOWS\System32\drivers\rimsptsk.sys (REDC) DRV - (SynTP) -- C:\WINDOWS\System32\drivers\SynTP.sys (Synaptics, Inc.) DRV - (btwavdt) -- C:\WINDOWS\System32\drivers\btwavdt.sys (Broadcom Corporation.) DRV - (eabfiltr) -- C:\WINDOWS\System32\drivers\eabfiltr.sys (Hewlett-Packard Development Company, L.P.) DRV - (ql2300) -- C:\Windows\system32\drivers\ql2300.sys (QLogic Corporation) DRV - (adp94xx) -- C:\Windows\system32\drivers\adp94xx.sys (Adaptec, Inc.) DRV - (elxstor) -- C:\Windows\system32\drivers\elxstor.sys (Emulex) DRV - (adpahci) -- C:\Windows\system32\drivers\adpahci.sys (Adaptec, Inc.) DRV - (uliahci) -- C:\Windows\system32\drivers\uliahci.sys (ULi Electronics Inc.) DRV - (iaStorV) -- C:\Windows\system32\drivers\iastorv.sys (Intel Corporation) DRV - (adpu320) -- C:\Windows\system32\drivers\adpu320.sys (Adaptec, Inc.) DRV - (ulsata2) -- C:\Windows\system32\drivers\ulsata2.sys (Promise Technology, Inc.) DRV - (vsmraid) -- C:\Windows\system32\drivers\vsmraid.sys (VIA Technologies Inc.,Ltd) DRV - (ql40xx) -- C:\Windows\system32\drivers\ql40xx.sys (QLogic Corporation) DRV - (UlSata) -- C:\Windows\system32\drivers\ulsata.sys (Promise Technology, Inc.) DRV - (adpu160m) -- C:\Windows\system32\drivers\adpu160m.sys (Adaptec, Inc.) DRV - (nvraid) -- C:\Windows\system32\drivers\nvraid.sys (NVIDIA Corporation) DRV - (nfrd960) -- C:\Windows\system32\drivers\nfrd960.sys (IBM Corporation) DRV - (iirsp) -- C:\Windows\system32\drivers\iirsp.sys (Intel Corp./ICP vortex GmbH) DRV - (SiSRaid4) -- C:\Windows\system32\drivers\sisraid4.sys (Silicon Integrated Systems) DRV - (nvstor) -- C:\Windows\system32\drivers\nvstor.sys (NVIDIA Corporation) DRV - (aic78xx) -- C:\Windows\system32\drivers\djsvs.sys (Adaptec, Inc.) DRV - (arcsas) -- C:\Windows\system32\drivers\arcsas.sys (Adaptec, Inc.) DRV - (LSI_SCSI) -- C:\Windows\system32\drivers\lsi_scsi.sys (LSI Logic) DRV - (SiSRaid2) -- C:\Windows\system32\drivers\sisraid2.sys (Silicon Integrated Systems Corp.) DRV - (HpCISSs) -- C:\Windows\system32\drivers\hpcisss.sys (Hewlett-Packard Company) DRV - (arc) -- C:\Windows\system32\drivers\arc.sys (Adaptec, Inc.) DRV - (iteraid) -- C:\Windows\system32\drivers\iteraid.sys (Integrated Technology Express, Inc.) DRV - (iteatapi) -- C:\Windows\system32\drivers\iteatapi.sys (Integrated Technology Express, Inc.) DRV - (LSI_SAS) -- C:\Windows\system32\drivers\lsi_sas.sys (LSI Logic) DRV - (Symc8xx) -- C:\Windows\system32\drivers\symc8xx.sys (LSI Logic) DRV - (LSI_FC) -- C:\Windows\system32\drivers\lsi_fc.sys (LSI Logic) DRV - (Sym_u3) -- C:\Windows\system32\drivers\sym_u3.sys (LSI Logic) DRV - (Mraid35x) -- C:\Windows\system32\drivers\mraid35x.sys (LSI Logic Corporation) DRV - (Sym_hi) -- C:\Windows\system32\drivers\sym_hi.sys (LSI Logic) DRV - (megasas) -- C:\Windows\system32\drivers\megasas.sys (LSI Logic Corporation) DRV - (viaide) -- C:\Windows\system32\drivers\viaide.sys (VIA Technologies, Inc.) DRV - (cmdide) -- C:\Windows\system32\drivers\cmdide.sys (CMD Technology, Inc.) DRV - (aliide) -- C:\Windows\system32\drivers\aliide.sys (Acer Laboratories Inc.) DRV - (usbaudio) USB-Audiotreiber (WDM) -- C:\WINDOWS\System32\drivers\USBAUDIO.sys (Microsoft Corporation) DRV - (Brserid) Brother MFC Serial Port Interface Driver (WDM) -- C:\Windows\system32\drivers\brserid.sys (Brother Industries Ltd.) DRV - (BrUsbSer) -- C:\Windows\system32\drivers\brusbser.sys (Brother Industries Ltd.) DRV - (BrFiltUp) -- C:\Windows\system32\drivers\brfiltup.sys (Brother Industries, Ltd.) DRV - (BrFiltLo) -- C:\Windows\system32\drivers\brfiltlo.sys (Brother Industries, Ltd.) DRV - (BrSerWdm) -- C:\Windows\system32\drivers\brserwdm.sys (Brother Industries Ltd.) DRV - (BrUsbMdm) -- C:\Windows\system32\drivers\brusbmdm.sys (Brother Industries Ltd.) DRV - (HSF_DPV) -- C:\WINDOWS\System32\drivers\VSTDPV3.SYS (Conexant Systems, Inc.) DRV - (HSFHWAZL) -- C:\WINDOWS\System32\drivers\VSTAZL3.SYS (Conexant Systems, Inc.) DRV - (winachsf) -- C:\WINDOWS\System32\drivers\VSTCNXT3.SYS (Conexant Systems, Inc.) DRV - (ntrigdigi) -- C:\Windows\system32\drivers\ntrigdigi.sys (N-trig Innovative Technologies) DRV - (E1G60) Intel(R) -- C:\WINDOWS\System32\drivers\E1G60I32.sys (Intel Corporation) DRV - (BCM43XV) -- C:\WINDOWS\System32\drivers\BCMWL6.SYS (Broadcom Corporation) DRV - (ialm) -- C:\WINDOWS\System32\drivers\igdkmd32.sys (Intel Corporation) DRV - (smserial) -- C:\WINDOWS\System32\drivers\smserial.sys (Motorola Inc.) DRV - (HBtnKey) -- C:\WINDOWS\System32\drivers\CPQBttn.sys (Hewlett-Packard Development Company, L.P.) ========== Standard Registry (SafeList) ========== ========== Internet Explorer ========== IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=DE_CH&c=73&bd=Pavilion&pf=laptop IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = %SystemRoot%\system32\blank.htm IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=DE_CH&c=73&bd=Pavilion&pf=laptop IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=DE_CH&c=73&bd=Pavilion&pf=laptop IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.google.com/webhp?hl=de&tab=iw/ IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,StartPageCache = 1 IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = <local> IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyServer" = http=127.0.0.1:29775 ========== FireFox ========== FF - prefs.js..extensions.enabledItems: firefox@tvunetworks.com:2 FF - prefs.js..extensions.enabledItems: 4 FF - prefs.js..extensions.enabledItems: 9 FF - prefs.js..extensions.enabledItems: 1 FF - prefs.js..extensions.enabledItems: {8AA36F4F-6DC7-4c06-77AF-5035170634FE}:2010.01.21 FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}:6.0.20 FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA}:6.0.21 FF - HKLM\software\mozilla\Mozilla Firefox 3.6.12\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2010.11.04 07:52:23 | 000,000,000 | ---D | M] FF - HKLM\software\mozilla\Mozilla Firefox 3.6.12\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2010.11.04 07:52:23 | 000,000,000 | ---D | M] [2008.11.17 22:32:41 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\mozilla\Extensions [2010.11.15 22:39:51 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\mozilla\Firefox\Profiles\obcgsj7d.default\extensions [2010.09.17 23:24:45 | 000,000,000 | ---D | M] (Microsoft .NET Framework Assistant) -- C:\Users\***\AppData\Roaming\mozilla\Firefox\Profiles\obcgsj7d.default\extensions\{20a82645-c095-46ed-80e3-08825760534b} [2010.09.17 23:24:45 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\mozilla\Firefox\Profiles\obcgsj7d.default\extensions\firefox@tvunetworks.com [2010.11.15 22:39:51 | 000,000,000 | ---D | M] -- C:\Programme\Mozilla Firefox\extensions [2010.07.14 13:28:43 | 000,000,000 | ---D | M] (No name found) -- C:\Programme\Mozilla Firefox\extensions\{8AA36F4F-6DC7-4c06-77AF-5035170634FE} [2010.07.29 16:54:53 | 000,000,000 | ---D | M] (Java Console) -- C:\Programme\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA} [2010.07.29 16:51:49 | 000,000,000 | ---D | M] (Java Console) -- C:\Programme\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA} [2010.07.29 16:50:59 | 000,423,656 | ---- | M] (Sun Microsystems, Inc.) -- C:\Programme\Mozilla Firefox\plugins\npdeployJava1.dll [2010.01.13 23:46:00 | 000,063,488 | ---- | M] (Nullsoft, Inc.) -- C:\Programme\Mozilla Firefox\plugins\npwachk.dll [2010.07.26 16:08:04 | 000,001,392 | ---- | M] () -- C:\Programme\Mozilla Firefox\searchplugins\amazondotcom-de.xml [2010.07.26 16:08:04 | 000,002,344 | ---- | M] () -- C:\Programme\Mozilla Firefox\searchplugins\eBay-de.xml [2010.07.26 16:08:04 | 000,006,805 | ---- | M] () -- C:\Programme\Mozilla Firefox\searchplugins\leo_ende_de.xml [2010.07.26 16:08:04 | 000,001,178 | ---- | M] () -- C:\Programme\Mozilla Firefox\searchplugins\wikipedia-de.xml [2010.07.26 16:08:04 | 000,001,105 | ---- | M] () -- C:\Programme\Mozilla Firefox\searchplugins\yahoo-de.xml O1 HOSTS File: ([2010.10.18 19:46:53 | 000,000,698 | ---- | M]) - C:\WINDOWS\System32\drivers\etc\hosts O1 - Hosts: 127.0.0.1 localhost O2 - BHO: (Adobe PDF Reader) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Programme\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll (Adobe Systems Incorporated) O2 - BHO: (Groove GFS Browser Helper) - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Programme\Microsoft Office\Office12\GrooveShellExtensions.dll (Microsoft Corporation) O2 - BHO: (PDFCreator Toolbar Helper) - {C451C08A-EC37-45DF-AAAD-18B51AB5E837} - C:\Programme\PDFCreator Toolbar\v3.3.0.1\PDFCreator_Toolbar.dll () O3 - HKLM\..\Toolbar: (PDFCreator Toolbar) - {31CF9EBE-5755-4A1D-AC25-2834D952D9B4} - C:\Programme\PDFCreator Toolbar\v3.3.0.1\PDFCreator_Toolbar.dll () O3 - HKCU\..\Toolbar\WebBrowser: (PDFCreator Toolbar) - {31CF9EBE-5755-4A1D-AC25-2834D952D9B4} - C:\Programme\PDFCreator Toolbar\v3.3.0.1\PDFCreator_Toolbar.dll () O4 - HKLM..\Run: [MSConfig] C:\Windows\System32\msconfig.exe (Microsoft Corporation) O4 - HKLM..\RunOnce: [Launcher] C:\WINDOWS\SMINST\Launcher.exe (soft thinks) O4 - HKCU..\RunOnce: [372618] C:\Users\***\AppData\Local\372618.exe () O4 - HKCU..\RunOnce: [FlashPlayerUpdate] C:\Windows\System32\Macromed\Flash\FlashUtil10h_Plugin.exe (Adobe Systems, Inc.) O8 - Extra context menu item: &Citavi Picker... - C:\Program Files\Internet Explorer\PLUGINS\Citavi Picker\ShowContextMenu.html () O8 - Extra context menu item: Nach Microsoft E&xel exportieren - C:\Programme\Microsoft Office\Office12\EXCEL.EXE (Microsoft Corporation) O9 - Extra Button: An OneNote senden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Programme\Microsoft Office\Office12\ONBttnIE.dll (Microsoft Corporation) O9 - Extra 'Tools' menuitem : An OneNote s&enden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Programme\Microsoft Office\Office12\ONBttnIE.dll (Microsoft Corporation) O9 - Extra Button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\Programme\Microsoft Office\Office12\REFIEBAR.DLL (Microsoft Corporation) O13 - gopher Prefix: missing O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_21-windows-i586.cab (Java Plug-in 1.6.0_21) O16 - DPF: {CAFEEFAC-0016-0000-0000-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0-windows-i586.cab (Java Plug-in 1.6.0) O16 - DPF: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_20-windows-i586.cab (Java Plug-in 1.6.0_20) O16 - DPF: {CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_21-windows-i586.cab (Java Plug-in 1.6.0_21) O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_21-windows-i586.cab (Java Plug-in 1.6.0_21) O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} hxxp://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab (Shockwave Flash Object) O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.2.1 O18 - Protocol\Handler\grooveLocalGWS {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\Programme\Microsoft Office\Office12\GrooveSystemServices.dll (Microsoft Corporation) O18 - Protocol\Handler\ms-help {314111c7-a502-11d2-bbca-00c04f8ec294} - C:\Programme\Common Files\microsoft shared\Help\hxds.dll (Microsoft Corporation) O18 - Protocol\Handler\ms-itss {0A9007C0-4076-11D3-8789-0000F8105754} - C:\Programme\Common Files\microsoft shared\Information Retrieval\msitss.dll (Microsoft Corporation) O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Programme\Common Files\Skype\Skype4COM.dll (Skype Technologies) O18 - Protocol\Filter\text/xml {807563E5-5146-11D5-A672-00B0D022E945} - C:\Programme\Common Files\microsoft shared\OFFICE12\MSOXMLMF.DLL (Microsoft Corporation) O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation) O24 - Desktop WallPaper: C:\WINDOWS\Web\Wallpaper\HPRadiance.jpg O24 - Desktop BackupWallPaper: C:\WINDOWS\Web\Wallpaper\HPRadiance.jpg O28 - HKLM ShellExecuteHooks: {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - C:\Programme\Microsoft Office\Office12\GrooveShellExtensions.dll (Microsoft Corporation) O32 - HKLM CDRom: AutoRun - 1 O32 - AutoRun File - [2005.09.11 16:18:54 | 000,000,340 | -HS- | M] () - D:\AUTOMODE -- [ NTFS ] O34 - HKLM BootExecute: (autocheck autochk *) - File not found O35 - HKLM\..comfile [open] -- "%1" %* O35 - HKLM\..exefile [open] -- "%1" %* O37 - HKLM\...com [@ = comfile] -- "%1" %* O37 - HKLM\...exe [@ = exefile] -- "%1" %* ========== Files/Folders - Created Within 30 Days ========== [2010.11.16 21:04:52 | 000,000,000 | ---D | C] -- C:\Windows\pss [2010.11.16 20:40:50 | 000,000,000 | ---D | C] -- C:\sh4ldr [2010.11.16 20:40:50 | 000,000,000 | ---D | C] -- C:\Programme\Enigma Software Group [2010.11.16 20:39:50 | 000,000,000 | ---D | C] -- C:\Windows\3636C9237AD64DE3978A09609AEE8ECF.TMP [2010.11.16 08:03:03 | 000,000,000 | ---D | C] -- C:\Programme\CCleaner [2010.11.15 21:04:12 | 000,000,000 | R--D | C] -- C:\Users\***\Documents\My Dropbox [2010.11.15 21:01:07 | 000,000,000 | ---D | C] -- C:\Users\***\AppData\Roaming\Dropbox [2010.11.15 20:57:25 | 000,000,000 | ---D | C] -- C:\Users\***\Desktop\1110 Berlin [2010.11.11 00:10:02 | 000,000,000 | ---D | C] -- C:\Users\***\Desktop\1110 München [2010.10.23 22:37:50 | 000,000,000 | ---D | C] -- C:\Users\***\Desktop\australia [2010.10.18 19:46:30 | 000,000,000 | ---D | C] -- C:\Users\***\Desktop\HostsXpert [2010.10.18 18:39:20 | 000,000,000 | ---D | C] -- C:\Users\***\AppData\Roaming\Malwarebytes [2010.10.18 18:38:38 | 000,038,224 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbamswissarmy.sys [2010.10.18 18:38:37 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes [2010.10.18 18:38:36 | 000,020,952 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbam.sys [2010.10.18 18:38:36 | 000,000,000 | ---D | C] -- C:\Programme\Malwarebytes' Anti-Malware [3 C:\Users\***\Desktop\*.tmp files -> C:\Users\***\Desktop\*.tmp -> ] [1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ] ========== Files - Modified Within 30 Days ========== [2010.11.16 21:17:47 | 000,640,358 | ---- | M] () -- C:\Windows\System32\perfh007.dat [2010.11.16 21:17:47 | 000,609,532 | ---- | M] () -- C:\Windows\System32\perfh009.dat [2010.11.16 21:17:47 | 000,116,122 | ---- | M] () -- C:\Windows\System32\perfc007.dat [2010.11.16 21:17:47 | 000,103,314 | ---- | M] () -- C:\Windows\System32\perfc009.dat [2010.11.16 21:13:10 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat [2010.11.16 21:06:35 | 000,003,072 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0 [2010.11.16 21:06:35 | 000,003,072 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0 [2010.11.16 21:06:33 | 000,077,291 | ---- | M] () -- C:\ProgramData\nvModes.dat [2010.11.16 21:06:33 | 000,077,291 | ---- | M] () -- C:\ProgramData\nvModes.001 [2010.11.16 20:40:52 | 000,002,077 | ---- | M] () -- C:\Users\***\Desktop\SpyHunter.lnk [2010.11.16 08:09:51 | 000,067,086 | ---- | M] () -- C:\Users\***\Documents\cc_20101116_080932.reg [2010.11.16 08:03:03 | 000,000,804 | ---- | M] () -- C:\Users\Public\Desktop\CCleaner.lnk [2010.11.15 22:58:08 | 000,364,032 | ---- | M] () -- C:\Users\***\Desktop\iExplore.exe [2010.11.15 22:22:55 | 000,000,836 | ---- | M] () -- C:\Windows\bthservsdp.dat [2010.11.15 22:19:33 | 000,992,256 | ---- | M] () -- C:\Users\***\AppData\Local\372618.exe [2010.11.15 21:04:12 | 000,000,983 | ---- | M] () -- C:\Users\***\Desktop\Dropbox.lnk [2010.11.08 19:18:55 | 000,137,216 | ---- | M] () -- C:\Users\***\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini [2010.10.24 23:03:35 | 000,031,744 | ---- | M] () -- C:\Users\***\Desktop\filmliste(2).xls [2010.10.23 15:32:24 | 000,013,192 | ---- | M] () -- C:\Users\***\Desktop\München Todo.docx [2010.10.19 10:41:44 | 000,222,080 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\MpSigStub.exe [2010.10.18 18:38:40 | 000,000,818 | ---- | M] () -- C:\Users\Public\Desktop\herbert.lnk [3 C:\Users\***\Desktop\*.tmp files -> C:\Users\***\Desktop\*.tmp -> ] [1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ] ========== Files Created - No Company Name ========== [2010.11.16 20:40:52 | 000,002,077 | ---- | C] () -- C:\Users\***\Desktop\SpyHunter.lnk [2010.11.16 08:09:38 | 000,067,086 | ---- | C] () -- C:\Users\***\Documents\cc_20101116_080932.reg [2010.11.16 08:03:03 | 000,000,804 | ---- | C] () -- C:\Users\Public\Desktop\CCleaner.lnk [2010.11.16 07:56:52 | 000,001,401 | ---- | C] () -- C:\Users\***\mbam-log-2010-11-15 (22-48-16).txt [2010.11.16 07:56:42 | 000,001,278 | ---- | C] () -- C:\Users\***\mbam-log-2010-11-16 (00-57-59).txt [2010.11.15 22:59:46 | 000,364,032 | ---- | C] () -- C:\Users\***\Desktop\iExplore.exe [2010.11.15 22:19:33 | 000,992,256 | ---- | C] () -- C:\Users\***\AppData\Local\372618.exe [2010.11.15 21:04:12 | 000,000,983 | ---- | C] () -- C:\Users\***\Desktop\Dropbox.lnk [2010.10.18 18:38:40 | 000,000,818 | ---- | C] () -- C:\Users\Public\Desktop\herbert.lnk [2010.09.09 19:11:43 | 000,110,080 | ---- | C] () -- C:\Windows\System32\advd.dll [2010.09.09 19:11:43 | 000,023,040 | ---- | C] () -- C:\Windows\System32\auth.dll [2010.09.09 19:11:42 | 000,237,568 | ---- | C] () -- C:\Windows\System32\lame_enc.dll [2010.08.06 14:31:08 | 000,001,356 | ---- | C] () -- C:\Users\***\AppData\Local\d3d9caps.dat [2010.07.05 19:26:02 | 000,000,056 | -H-- | C] () -- C:\ProgramData\ezsidmv.dat [2009.12.04 14:08:55 | 000,077,291 | ---- | C] () -- C:\ProgramData\nvModes.001 [2009.12.04 14:08:54 | 000,077,291 | ---- | C] () -- C:\ProgramData\nvModes.dat [2009.07.25 11:32:03 | 000,000,000 | ---- | C] () -- C:\Users\***\AppData\Local\FnF4.txt [2009.04.07 22:44:12 | 000,217,088 | ---- | C] () -- C:\Windows\System32\libmySQL.dll [2009.03.17 21:41:58 | 000,000,126 | ---- | C] () -- C:\Windows\wininit.ini [2009.03.17 19:49:24 | 000,000,525 | ---- | C] () -- C:\Windows\QIII.INI [2009.03.16 20:58:48 | 000,000,342 | ---- | C] () -- C:\Windows\SIERRA.INI [2008.12.03 10:55:42 | 000,000,025 | ---- | C] () -- C:\Windows\CDE DX4400DEFGIPS.ini [2008.11.22 18:16:01 | 000,000,117 | ---- | C] () -- C:\Windows\civ.ini [2008.11.17 22:09:37 | 000,137,216 | ---- | C] () -- C:\Users\***\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini [2008.11.17 22:03:21 | 000,027,335 | ---- | C] () -- C:\Users\***\AppData\Roaming\nvModes.001 [2008.11.17 21:47:28 | 000,027,335 | ---- | C] () -- C:\Users\***\AppData\Roaming\nvModes.dat [2008.11.17 21:30:08 | 000,000,000 | ---- | C] () -- C:\Users\***\AppData\Local\QSwitch.txt [2008.11.17 21:30:08 | 000,000,000 | ---- | C] () -- C:\Users\***\AppData\Local\DSwitch.txt [2008.11.17 21:30:08 | 000,000,000 | ---- | C] () -- C:\Users\***\AppData\Local\AtStart.txt [2007.06.27 08:00:00 | 001,777,664 | ---- | C] () -- C:\Windows\System32\ZHP1600R.DLL [2007.06.27 08:00:00 | 000,749,568 | ---- | C] () -- C:\Windows\System32\AGI1600.DLL [2007.06.04 21:23:47 | 000,001,789 | ---- | C] () -- C:\ProgramData\hpzinstall.log [2007.02.27 21:43:02 | 000,000,000 | ---- | C] () -- C:\Windows\System32\px.ini [2006.12.14 07:01:36 | 000,520,192 | ---- | C] () -- C:\Windows\System32\CddbPlaylist2Roxio.dll [2006.12.14 07:01:36 | 000,204,800 | ---- | C] () -- C:\Windows\System32\CddbFileTaggerRoxio.dll [2006.11.02 13:35:32 | 000,005,632 | ---- | C] () -- C:\Windows\System32\sysprepMCE.dll [2006.11.02 11:25:21 | 000,061,440 | ---- | C] () -- C:\Windows\System32\igfxTMM.dll [2006.11.02 08:40:29 | 000,013,750 | ---- | C] () -- C:\Windows\System32\pacerprf.ini [2006.03.10 01:58:00 | 001,060,424 | ---- | C] () -- C:\Windows\System32\WdfCoInstaller01000.dll [2005.05.07 13:06:00 | 000,016,480 | ---- | C] () -- C:\Windows\System32\rixdicon.dll [2005.04.03 21:30:00 | 000,110,592 | R--- | C] () -- C:\Windows\System32\scardsyn.dll [1998.05.07 02:10:00 | 000,069,632 | R--- | C] () -- C:\Windows\System32\ODMA32.dll [1997.06.14 09:56:08 | 000,056,832 | ---- | C] () -- C:\Windows\System32\iyvu9_32.dll < End of report > C:\rsit\info.txt [CODE]info.txtRSIT Logfile: Code:
ATTFilter logfile of random's system information tool 1.08 2010-11-16 22:59:34
======Uninstall list======
-->C:\ProgramData\DivX\DivX7\DivX Converter\DivXConverterUninstall.exe /CONVERTER
µTorrent-->"C:\Program Files\uTorrent\uTorrent.exe" /UNINSTALL
32 Bit HP CIO Components Installer-->MsiExec.exe /I{F1E63043-54FC-429B-AB2C-31AF9FBA4BC7}
AC3Filter 1.62b-->"C:\Program Files\AC3Filter\unins000.exe"
Adobe Flash Player 10 ActiveX-->C:\Windows\system32\Macromed\Flash\uninstall_activeX.exe
Adobe Flash Player 10 Plugin-->C:\Windows\system32\Macromed\Flash\FlashUtil10h_Plugin.exe -maintain plugin
Adobe Flash Player 9 ActiveX-->C:\Windows\system32\Macromed\Flash\FlashUtil9b.exe -uninstallDelete
Adobe Reader 8 - Deutsch-->MsiExec.exe /I{AC76BA86-7AD7-1031-7B44-A80000000002}
Apple Application Support-->MsiExec.exe /I{0C34B801-6AEC-4667-B053-03A67E2D0415}
Apple Mobile Device Support-->MsiExec.exe /I{AADEA55D-C834-4BCB-98A3-4B8D1C18F4EE}
Apple Software Update-->MsiExec.exe /I{6956856F-B6B3-4BE0-BA0B-8F495BE32033}
Audacity 1.3.9 (Unicode)-->"C:\Program Files\Audacity 1.3 Beta (Unicode)\unins000.exe"
AuthenTec Fingerprint Sensor Minimum Install-->MsiExec.exe /I{B61B6668-A674-4A06-8405-51944D5CCDDD}
Avira AntiVir Personal - Free Antivirus-->C:\Program Files\Avira\AntiVir PersonalEdition Classic\SETUP.EXE /REMOVE
CCleaner-->"C:\Program Files\CCleaner\uninst.exe"
CDex extraction audio-->"C:\Program Files\CDex_150\uninstall.exe"
Citavi 2.5-->C:\Program Files\Citavi\Deinstallieren.exe
DivX Converter-->C:\ProgramData\DivX\DivX7\DivX Converter\DivXConverterUninstall.exe /CONVERTER
DivX Plus DirectShow Filters-->C:\ProgramData\DivX\DivX7\DivX Plus DirectShow Filters\DivXDSFiltersUninstall.exe /DSFILTERS
DivX-Setup-->C:\ProgramData\DivX\Setup\DivXSetup.exe /uninstall /bundleGroupId divx.com
EPSON Scan-->C:\Program Files\epson\escndv\setup\setup.exe /r
EPSON-Drucker-Software-->C:\Windows\system32\spool\DRIVERS\W32X86\3\EPUPDATE.EXE /R
ESU for Microsoft Vista-->MsiExec.exe /X{7968EB30-5580-4955-8925-4A17CD625118}
Full Tilt Poker-->"C:\Program Files\InstallShield Installation Information\{D4C9692E-4EFA-4DA0-8B7F-9439466D9E31}\setup.exe" -runfromtemp -l0x0007 -removeonly
Hewlett-Packard Active Check-->MsiExec.exe /X{254C37AA-6B72-4300-84F6-98A82419187E}
Hewlett-Packard Asset Agent-->MsiExec.exe /X{669D4A35-146B-4314-89F1-1AC3D7B88367}
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB953595)-->C:\Windows\system32\msiexec.exe /package {CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9} /uninstall /qb+ REBOOTPROMPT=""
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB958484)-->C:\Windows\system32\msiexec.exe /package {CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9} /uninstall {A7EEA2F2-BFCD-4A54-A575-7B81A786E658} /qb+ REBOOTPROMPT=""
HP Active Support Library 32 bit components-->MsiExec.exe /I{FAB0C302-CB18-4A7A-BA03-C3DC23101A68}
HP Active Support Library-->C:\Program Files\InstallShield Installation Information\{290B83AA-093A-45BF-A917-D1C4A1E8D917}\setup.exe -runfromtemp -l0x0409
HP Customer Experience Enhancements-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\11\00\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{AB5E289E-76BF-4251-9F3F-9B763F681AE0}\setup.exe" -l0x9 -removeonly
HP Customer Participation Program 8.0-->C:\Program Files\HP\Digital Imaging\ExtCapUninstall\hpzscr01.exe -datfile hpqhsc01.dat
HP Doc Viewer-->MsiExec.exe /I{082702D5-5DD8-4600-BCE5-48B15174687F}
HP Easy Setup - Frontend-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\11\00\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{40F7AED3-0C7D-4582-99F6-484A515C73F2}\setup.exe" -l0x9 -removeonly
HP Help and Support-->MsiExec.exe /I{9061CEF2-51F5-42C9-8A70-9ED351C6597A}
HP Imaging Device Functions 8.0-->C:\Program Files\HP\Digital Imaging\DeviceManagement\hpzscr01.exe -datfile hpqbud01.dat
HP OCR Software 8.0-->C:\Program Files\HP\Digital Imaging\OCR\hpzscr01.exe -datfile hpqbud11.dat
HP Photosmart Essential 2.0-->C:\Program Files\HP\Digital Imaging\PhotoSmartEssential\hpzscr01.exe -datfile hpqbud13.dat
HP Photosmart Essential-->MsiExec.exe /X{EB21A812-671B-4D08-B974-2A347F0D8F70}
HP Photosmart.All-In-One Driver Software 8.0 .A-->C:\Program Files\HP\Digital Imaging\{282E5AB2-8E47-4571-B6FA-6B512555B557}\setup\hpzscr01.exe -datfile hposcr18.dat -onestop -showdisconnect -forcereboot
HP Quick Launch Buttons 6.20 B1-->C:\Program Files\InstallShield Installation Information\{34D2AB40-150D-475D-AE32-BD23FB5EE355}\setup.exe -runfromtemp -l0x0007 uninst
HP QuickPlay 3.2-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{45D707E9-F3C4-11D9-A373-0050BAE317E1}\setup.exe" -uninstall
HP Solution Center 8.0-->C:\Program Files\HP\Digital Imaging\eSupport\hpzscr01.exe -datfile hpqbud05.dat
HP Update-->MsiExec.exe /X{8C6027FD-53DC-446D-BB75-CACD7028A134}
HP User Guides 0057-->MsiExec.exe /I{DDFD9BA2-8E26-4E49-92AE-882424DAB1BC}
HP Wireless Assistant-->MsiExec.exe /I{D32067CD-7409-4792-BFA0-1469BCD8F0C8}
HPSSupply-->MsiExec.exe /X{EB75DE50-5754-4F6F-875D-126EDF8E4CB3}
Intel Matrix Storage Manager-->C:\Windows\system32\imsmudlg.exe -uninstall
iPhone-Konfigurationsprogramm-->MsiExec.exe /I{FA54AFB1-5745-4389-B8C1-9F7509672ED1}
IrfanView (remove only)-->C:\Program Files\IrfanView\iv_uninstall.exe
iTunes-->MsiExec.exe /I{EC2A8F27-4FBF-4E41-B27B-FE822511B761}
Java(TM) 6 Update 20-->MsiExec.exe /X{26A24AE4-039D-4CA4-87B4-2F83216020F0}
Java(TM) 6 Update 21-->MsiExec.exe /X{26A24AE4-039D-4CA4-87B4-2F83216021FF}
Java(TM) SE Runtime Environment 6-->MsiExec.exe /I{3248F0A8-6813-11D6-A77B-00B0D0160000}
LAME v3.98.2 for Audacity-->"C:\Program Files\Lame for Audacity\unins000.exe"
Malwarebytes' Anti-Malware-->"C:\Program Files\Malwarebytes' Anti-Malware\unins000.exe"
Microsoft .NET Framework 3.5 Language Pack SP1 - DEU-->c:\Windows\Microsoft.NET\Framework\v3.5\Microsoft .NET Framework 3.5 Language Pack SP1 - deu\setup.exe
Microsoft .NET Framework 3.5 Language Pack SP1 - deu-->MsiExec.exe /I{052FDD78-A6EA-3187-8386-C82F4CA3A929}
Microsoft .NET Framework 3.5 SP1-->c:\Windows\Microsoft.NET\Framework\v3.5\Microsoft .NET Framework 3.5 SP1\setup.exe
Microsoft .NET Framework 3.5 SP1-->MsiExec.exe /I{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}
Microsoft Age of Empires II-->"C:\Program Files\Microsoft Games\Age of Empires II\UNINSTAL.EXE" /runtemp /uninstall
Microsoft Office 2007 Service Pack 2 (SP2)-->msiexec /package {90120000-0015-0407-0000-0000000FF1CE} /uninstall {9BD40163-B95D-4B07-8991-0AB775B6D88B}
Microsoft Office 2007 Service Pack 2 (SP2)-->msiexec /package {90120000-0016-0407-0000-0000000FF1CE} /uninstall {9BD40163-B95D-4B07-8991-0AB775B6D88B}
Microsoft Office 2007 Service Pack 2 (SP2)-->msiexec /package {90120000-0018-0407-0000-0000000FF1CE} /uninstall {9BD40163-B95D-4B07-8991-0AB775B6D88B}
Microsoft Office 2007 Service Pack 2 (SP2)-->msiexec /package {90120000-0019-0407-0000-0000000FF1CE} /uninstall {9BD40163-B95D-4B07-8991-0AB775B6D88B}
Microsoft Office 2007 Service Pack 2 (SP2)-->msiexec /package {90120000-001A-0407-0000-0000000FF1CE} /uninstall {9BD40163-B95D-4B07-8991-0AB775B6D88B}
Microsoft Office 2007 Service Pack 2 (SP2)-->msiexec /package {90120000-001B-0407-0000-0000000FF1CE} /uninstall {9BD40163-B95D-4B07-8991-0AB775B6D88B}
Microsoft Office 2007 Service Pack 2 (SP2)-->msiexec /package {90120000-0030-0000-0000-0000000FF1CE} /uninstall {0B36C6D6-F5D8-4EAF-BF94-4376A230AD5B}
Microsoft Office 2007 Service Pack 2 (SP2)-->msiexec /package {90120000-0044-0407-0000-0000000FF1CE} /uninstall {9BD40163-B95D-4B07-8991-0AB775B6D88B}
Microsoft Office 2007 Service Pack 2 (SP2)-->msiexec /package {90120000-006E-0407-0000-0000000FF1CE} /uninstall {26454C26-D259-4543-AA60-3189E09C5F76}
Microsoft Office 2007 Service Pack 2 (SP2)-->msiexec /package {90120000-00A1-0407-0000-0000000FF1CE} /uninstall {9BD40163-B95D-4B07-8991-0AB775B6D88B}
Microsoft Office 2007 Service Pack 2 (SP2)-->msiexec /package {90120000-00BA-0407-0000-0000000FF1CE} /uninstall {9BD40163-B95D-4B07-8991-0AB775B6D88B}
Microsoft Office Access MUI (German) 2007-->MsiExec.exe /X{90120000-0015-0407-0000-0000000FF1CE}
Microsoft Office Enterprise 2007-->"C:\Program Files\Common Files\Microsoft Shared\OFFICE12\Office Setup Controller\setup.exe" /uninstall ENTERPRISE /dll OSETUP.DLL
Microsoft Office Enterprise 2007-->MsiExec.exe /X{90120000-0030-0000-0000-0000000FF1CE}
Microsoft Office Excel MUI (German) 2007-->MsiExec.exe /X{90120000-0016-0407-0000-0000000FF1CE}
Microsoft Office Groove MUI (German) 2007-->MsiExec.exe /X{90120000-00BA-0407-0000-0000000FF1CE}
Microsoft Office InfoPath MUI (German) 2007-->MsiExec.exe /X{90120000-0044-0407-0000-0000000FF1CE}
Microsoft Office OneNote MUI (German) 2007-->MsiExec.exe /X{90120000-00A1-0407-0000-0000000FF1CE}
Microsoft Office Outlook MUI (German) 2007-->MsiExec.exe /X{90120000-001A-0407-0000-0000000FF1CE}
Microsoft Office PowerPoint MUI (German) 2007-->MsiExec.exe /X{90120000-0018-0407-0000-0000000FF1CE}
Microsoft Office Proof (English) 2007-->MsiExec.exe /X{90120000-001F-0409-0000-0000000FF1CE}
Microsoft Office Proof (French) 2007-->MsiExec.exe /X{90120000-001F-040C-0000-0000000FF1CE}
Microsoft Office Proof (German) 2007-->MsiExec.exe /X{90120000-001F-0407-0000-0000000FF1CE}
Microsoft Office Proof (Italian) 2007-->MsiExec.exe /X{90120000-001F-0410-0000-0000000FF1CE}
Microsoft Office Proofing (German) 2007-->MsiExec.exe /X{90120000-002C-0407-0000-0000000FF1CE}
Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)-->msiexec /package {90120000-001F-0407-0000-0000000FF1CE} /uninstall {A0516415-ED61-419A-981D-93596DA74165}
Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)-->msiexec /package {90120000-001F-0409-0000-0000000FF1CE} /uninstall {ABDDE972-355B-4AF1-89A8-DA50B7B5C045}
Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)-->msiexec /package {90120000-001F-040C-0000-0000000FF1CE} /uninstall {F580DDD5-8D37-4998-968E-EBB76BB86787}
Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)-->msiexec /package {90120000-001F-0410-0000-0000000FF1CE} /uninstall {322296D4-1EAE-4030-9FBC-D2787EB25FA2}
Microsoft Office Publisher MUI (German) 2007-->MsiExec.exe /X{90120000-0019-0407-0000-0000000FF1CE}
Microsoft Office Shared MUI (German) 2007-->MsiExec.exe /X{90120000-006E-0407-0000-0000000FF1CE}
Microsoft Office Word MUI (German) 2007-->MsiExec.exe /X{90120000-001B-0407-0000-0000000FF1CE}
Microsoft Visual C++ 2008 ATL Update kb973924 - x86 9.0.30729.4148-->MsiExec.exe /X{002D9D5E-29BA-3E6D-9BC4-3D7D6DBC735C}
Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022-->MsiExec.exe /X{FF66E9F6-83E7-3A3E-AF14-8DE9A809A6A4}
Microsoft Works-->MsiExec.exe /I{4EA2F95F-A537-4D17-9E7F-6B3FF8D9BBE3}
MonkeyJam 3_050529-->"C:\Program Files\MonkeyJam\unins000.exe"
Motorola SM56 Data Fax Modem-->rundll32.exe sm56co6a.dll,SM56UnInstaller
Mozilla Firefox (3.6.12)-->C:\Program Files\Mozilla Firefox\uninstall\helper.exe
MSCU for Microsoft Vista-->MsiExec.exe /X{194C14D5-3CB0-4977-8886-A79DFC00E820}
MSXML 4.0 SP2 (KB954430)-->MsiExec.exe /I{86493ADD-824D-4B8E-BD72-8C5DCDC52A71}
MSXML 4.0 SP2 (KB973688)-->MsiExec.exe /I{F662A8E6-F4DC-41A2-901E-8C11F044BDEC}
NVIDIA Drivers-->C:\Windows\system32\nvuninst.exe UninstallGUI
PDF24 Creator-->"C:\Program Files\pdf24\unins000.exe"
PDFCreator Toolbar-->"C:\Windows\PDFCreator_Toolbar_Uninstaller_9730.exe" _?=C:\Program Files\PDFCreator Toolbar
PDFCreator-->"C:\Windows\PDFCreator_Toolbar_Uninstaller_9730.exe" -hu _?=C:\Program Files\PDFCreator Toolbar
PVSonyDll-->MsiExec.exe /I{3D3E663D-4E7E-4577-A560-7ECDDD45548A}
QuickTime-->MsiExec.exe /I{A429C2AE-EBF1-4F81-A221-1C115CAADDAD}
Realtek High Definition Audio Driver-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\11\50\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}\Setup.exe" -l0x7 -removeonly
Roxio Activation Module-->MsiExec.exe /I{35E1EC43-D4FC-4E4A-AAB3-20DDA27E8BB0}
Roxio Creator Audio-->MsiExec.exe /I{83FFCFC7-88C6-41c6-8752-958A45325C82}
Roxio Creator Basic v9-->MsiExec.exe /I{C8B0680B-CDAE-4809-9F91-387B6DE00F7C}
Roxio Creator Copy-->MsiExec.exe /I{619CDD8A-14B6-43a1-AB6C-0F4EE48CE048}
Roxio Creator Data-->MsiExec.exe /I{0D397393-9B50-4c52-84D5-77E344289F87}
Roxio Creator EasyArchive-->MsiExec.exe /I{11F93B4B-48F0-4A4E-AE77-DFA96A99664B}
Roxio Creator Tools-->MsiExec.exe /I{0394CDC8-FABD-4ed8-B104-03393876DFDF}
Roxio Express Labeler 3-->MsiExec.exe /I{6675CA7F-E51B-4F6A-99D4-F8F0124C6EAA}
Roxio MyDVD Basic v9-->MsiExec.exe /I{33C65B6A-5D73-4E3E-A1F9-127C27BD3F72}
Security Update for 2007 Microsoft Office System (KB2288621)-->msiexec /package {90120000-0030-0000-0000-0000000FF1CE} /uninstall {5C497F0B-2061-4CC9-A61C-6B45B867354D}
Security Update for 2007 Microsoft Office System (KB2289158)-->msiexec /package {90120000-0030-0000-0000-0000000FF1CE} /uninstall {210B16C0-CEBD-4DE9-B474-04A7E8735E16}
Security Update for 2007 Microsoft Office System (KB2344875)-->msiexec /package {90120000-0030-0000-0000-0000000FF1CE} /uninstall {6FC5C4C1-D7AE-44C3-94B7-6424FC3E752F}
Security Update for 2007 Microsoft Office System (KB2345043)-->msiexec /package {90120000-0030-0000-0000-0000000FF1CE} /uninstall {536FB502-775F-4494-BACE-C02CC90B7A5B}
Security Update for 2007 Microsoft Office System (KB969559)-->msiexec /package {90120000-0030-0000-0000-0000000FF1CE} /uninstall {69F52148-9BF6-4CDC-BF76-103DEAF3DD08}
Security Update for 2007 Microsoft Office System (KB976321)-->msiexec /package {90120000-0030-0000-0000-0000000FF1CE} /uninstall {7F207DCA-3399-40CB-A968-6E5991B1421A}
Security Update for CAPICOM (KB931906)-->MsiExec.exe /I{0EFDF2F9-836D-4EB7-A32D-038BD3F1FB2A}
Security Update for CAPICOM (KB931906)-->MsiExec.exe /X{0EFDF2F9-836D-4EB7-A32D-038BD3F1FB2A}
Security Update for Microsoft Office Access 2007 (KB979440)-->msiexec /package {90120000-0030-0000-0000-0000000FF1CE} /uninstall {1142CCEC-ACA9-484B-BA90-C3A5CA1988C5}
Security Update for Microsoft Office Access 2007 (KB979440)-->msiexec /package {90120000-0030-0000-0000-0000000FF1CE} /uninstall {5A4E43D5-858F-49BD-BA72-8F30E1793060}
Security Update for Microsoft Office Excel 2007 (KB2345035)-->msiexec /package {90120000-0030-0000-0000-0000000FF1CE} /uninstall {B23002DD-34EC-4988-B810-A5E2A0BF04F1}
Security Update for Microsoft Office InfoPath 2007 (KB979441)-->msiexec /package {90120000-0030-0000-0000-0000000FF1CE} /uninstall {1109D0B3-EFA3-4553-AAED-4C3E9AD130E8}
Security Update for Microsoft Office InfoPath 2007 (KB979441)-->msiexec /package {90120000-0030-0000-0000-0000000FF1CE} /uninstall {8CCB781A-CF6B-4FCB-B6D8-59C64DF5C6DB}
Security Update for Microsoft Office Outlook 2007 (KB2288953)-->msiexec /package {90120000-0030-0000-0000-0000000FF1CE} /uninstall {8B772E1C-7C05-42D2-839D-3EC2D39EFF22}
Security Update for Microsoft Office PowerPoint 2007 (KB982158)-->msiexec /package {90120000-0030-0000-0000-0000000FF1CE} /uninstall {F5B70033-E79C-4569-90BF-BC9B4E4F3F46}
Security Update for Microsoft Office PowerPoint Viewer (KB2413381)-->msiexec /package {90120000-0030-0000-0000-0000000FF1CE} /uninstall {3DED0A62-44C8-4E00-A785-5212F297A9D9}
Security Update for Microsoft Office Publisher 2007 (KB982124)-->msiexec /package {90120000-0030-0000-0000-0000000FF1CE} /uninstall {289FA8BC-6A8E-4341-B194-EB26B49E9F5D}
Security Update for Microsoft Office system 2007 (972581)-->msiexec /package {90120000-0030-0000-0000-0000000FF1CE} /uninstall {3D019598-7B59-447A-80AE-815B703B84FF}
Security Update for Microsoft Office system 2007 (KB974234)-->msiexec /package {90120000-0030-0000-0000-0000000FF1CE} /uninstall {FCD742B9-7A55-44BC-A776-F795F21FEDDC}
Security Update for Microsoft Office Visio Viewer 2007 (KB973709)-->msiexec /package {90120000-0030-0000-0000-0000000FF1CE} /uninstall {71127777-8B2C-4F97-AF7A-6CF8CAC8224D}
Security Update for Microsoft Office Word 2007 (KB2344993)-->msiexec /package {90120000-0030-0000-0000-0000000FF1CE} /uninstall {7A5B74FA-7A92-4FC9-821A-2DD5D4E73E48}
Sierra Utilities-->C:\Program Files\Sierra On-Line\sutil32.exe uninstall
Skype™ 4.2-->MsiExec.exe /X{D103C4BA-F905-437A-8049-DB24763BBE36}
SopCast 3.0.3-->C:\Program Files\SopCast\uninst.exe
SpyHunter-->MsiExec.exe /X{3636C923-7AD6-4DE3-978A-09609AEE8ECF}
Streamripper (Remove only)-->C:\Program Files\Streamripper\Uninstall.exe
Synaptics Pointing Device Driver-->rundll32.exe "C:\Program Files\Synaptics\SynTP\SynISDLL.dll",standAloneUninstall
Update for 2007 Microsoft Office System (KB967642)-->msiexec /package {90120000-0030-0000-0000-0000000FF1CE} /uninstall {C444285D-5E4F-48A4-91DD-47AAAA68E92D}
Update for Microsoft .NET Framework 3.5 SP1 (KB963707)-->C:\Windows\system32\msiexec.exe /package {CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9} /uninstall {B2AE9C82-DC7B-3641-BFC8-87275C4F3607} /qb+ REBOOTPROMPT=""
Update for Microsoft Office OneNote 2007 (KB980729)-->msiexec /package {90120000-0030-0000-0000-0000000FF1CE} /uninstall {329050A9-EF80-40F9-B633-74508F54C1FF}
Update for Outlook 2007 Junk Email Filter (KB2443839)-->msiexec /package {90120000-0030-0000-0000-0000000FF1CE} /uninstall {E8CFA21A-2D44-446D-8324-ADFA3C9FCAD2}
Update für Microsoft Office Excel 2007 Help (KB963678)-->msiexec /package {90120000-0016-0407-0000-0000000FF1CE} /uninstall {BEC163EC-7A83-48A1-BFB6-3BF47CC2F8CF}
Update für Microsoft Office Outlook 2007 Help (KB963677)-->msiexec /package {90120000-001A-0407-0000-0000000FF1CE} /uninstall {F6828576-6F79-470D-AB50-69D1BBADBD30}
Update für Microsoft Office Powerpoint 2007 Help (KB963669)-->msiexec /package {90120000-0018-0407-0000-0000000FF1CE} /uninstall {EA160DA3-E9B5-4D03-A518-21D306665B96}
Update für Microsoft Office Word 2007 Help (KB963665)-->msiexec /package {90120000-001B-0407-0000-0000000FF1CE} /uninstall {38472199-D7B6-4833-A949-10E4EE6365A1}
VC80CRTRedist - 8.0.50727.4053-->MsiExec.exe /I{5EE7D259-D137-4438-9A5F-42F432EC0421}
VLC media player 0.9.8a-->C:\Program Files\VideoLAN\VLC\uninstall.exe
VSO Image Resizer 4.0.0.46-->"C:\Program Files\VSO\Image Resizer 4\unins000.exe"
Winamp-->"C:\Program Files\Winamp\UninstWA.exe"
Windows Media Player Firefox Plugin-->MsiExec.exe /I{69FDFBB6-351D-4B8C-89D8-867DC9D0A2A4}
WinRAR Archivierer-->C:\Program Files\WinRAR\uninstall.exe
YouTube Downloader 2.5.6-->"C:\Program Files\YouTube Downloader\uninstall.exe"
======Hosts File======
127.0.0.1 localhost
======Security center information======
AV: Avira AntiVir PersonalEdition
AS: Windows-Defender (disabled)
======System event log======
Computer Name: ***-***
Event Code: 7026
Message: Das Laden folgender Boot- oder Systemstarttreiber ist fehlgeschlagen:
avgio
avipbb
spldr
ssmdrv
Wanarpv6
Record Number: 216070
Source Name: Service Control Manager
Time Written: 20101116201422.000000-000
Event Type: Fehler
User:
Computer Name: ***-***
Event Code: 7036
Message: Dienst "Netzwerkverbindungen" befindet sich jetzt im Status "Ausgeführt".
Record Number: 216071
Source Name: Service Control Manager
Time Written: 20101116201422.000000-000
Event Type: Informationen
User:
Computer Name: ***-***
Event Code: 4201
Message: Netzwerkadapter "Drahtlosnetzwerkverbindung" wurde mit dem Netzwerk verbunden, und das System im normalen Zustand gestartet.
Record Number: 216072
Source Name: Tcpip
Time Written: 20101116202641.661174-000
Event Type: Informationen
User:
Computer Name: ***-***
Event Code: 4201
Message: Netzwerkadapter "Drahtlosnetzwerkverbindung" wurde mit dem Netzwerk verbunden, und das System im normalen Zustand gestartet.
Record Number: 216073
Source Name: Tcpip
Time Written: 20101116202641.661174-000
Event Type: Informationen
User:
Computer Name: ***-***
Event Code: 1103
Message: Dem Computer wurde erfolgreich eine Netzwerkadresse zugeteilt. Eine Verbindung mit anderen Computern kann nun hergestellt werden.
Record Number: 216074
Source Name: Microsoft-Windows-Dhcp-Client
Time Written: 20101116202645.000000-000
Event Type: Informationen
User:
=====Application event log=====
Computer Name: ***-***
Event Code: 8211
Message: Volumeschattenkopie-Dienstfehler: Verfasser namens "WMI Writer" und Kennung "{a6ad56c2-b509-4e6c-bb19-49d8f43532f0}" hat versucht, ein Abonnement im abgesicherten Modus zu erstellen.
Vorgang:
Generator wird initialisiert
Kontext:
Generatorklassen-ID: {a6ad56c2-b509-4e6c-bb19-49d8f43532f0}
Generatorname: WMI Writer
Record Number: 41444
Source Name: VSS
Time Written: 20101116201338.000000-000
Event Type: Informationen
User:
Computer Name: ***-***
Event Code: 5617
Message: Die Subsysteme des Windows-Verwaltungsinstrumentationsdienstes wurden erfolgreich initialisiert.
Record Number: 41445
Source Name: Microsoft-Windows-WMI
Time Written: 20101116201343.000000-000
Event Type: Informationen
User:
Computer Name: ***-***
Event Code: 4609
Message: Das COM+-Ereignissystem hat einen ungültigen Rückgabecode während der internen Verarbeitung erkannt. HRESULT war 8007043c von Zeile 45 von d:\vista_gdr\com\complus\src\events\tier1\eventsystemobj.cpp. Wenden Sie sich an den Microsoft-Produktsupport.
Record Number: 41446
Source Name: Microsoft-Windows-EventSystem
Time Written: 20101116201344.000000-000
Event Type: Fehler
User:
Computer Name: ***-***
Event Code: 1001
Message: Die Leistungsindikatoren für den Dienst WmiApRpl (WmiApRpl) wurden entfernt. Die Daten enthalten die neuen Werte der Registrierungseinträge "Last Counter" und "Last Help".
Record Number: 41447
Source Name: Microsoft-Windows-LoadPerf
Time Written: 20101116201747.000000-000
Event Type: Informationen
User:
Computer Name: ***-***
Event Code: 1000
Message: Die Leistungsindikatoren für den Dienst WmiApRpl (WmiApRpl) wurden erfolgreich geladen. Die Eintragsdaten im Datenbereich enthalten die neuen Indexwerte, die diesem Dienst zugeordnet sind.
Record Number: 41448
Source Name: Microsoft-Windows-LoadPerf
Time Written: 20101116201747.000000-000
Event Type: Informationen
User:
=====Security event log=====
Computer Name: ***-***
Event Code: 5033
Message: Der Windows-Firewalltreiber wurde erfolgreich gestartet.
Record Number: 68000
Source Name: Microsoft-Windows-Security-Auditing
Time Written: 20101116201318.582359-000
Event Type: Überwachung erfolgreich
User:
Computer Name: ***-***
Event Code: 5024
Message: Der Windows-Firewalldienst wurde erfolgreich gestartet.
Record Number: 68001
Source Name: Microsoft-Windows-Security-Auditing
Time Written: 20101116201321.138174-000
Event Type: Überwachung erfolgreich
User:
Computer Name: ***-***
Event Code: 5032
Message: Der Windows-Firewalldienst konnte den Benutzer nicht darüber benachrichtigen, dass eine Anwendung blockiert wurde und keine eingehenden Verbindungen im Netzwerk annehmen kann.
Fehlercode: 2
Record Number: 68002
Source Name: Microsoft-Windows-Security-Auditing
Time Written: 20101116202641.723574-000
Event Type: Überwachung gescheitert
User:
Computer Name: ***-***
Event Code: 5032
Message: Der Windows-Firewalldienst konnte den Benutzer nicht darüber benachrichtigen, dass eine Anwendung blockiert wurde und keine eingehenden Verbindungen im Netzwerk annehmen kann.
Fehlercode: 2
Record Number: 68003
Source Name: Microsoft-Windows-Security-Auditing
Time Written: 20101116202641.723574-000
Event Type: Überwachung gescheitert
User:
Computer Name: ***-***
Event Code: 5032
Message: Der Windows-Firewalldienst konnte den Benutzer nicht darüber benachrichtigen, dass eine Anwendung blockiert wurde und keine eingehenden Verbindungen im Netzwerk annehmen kann.
Fehlercode: 2
Record Number: 68004
Source Name: Microsoft-Windows-Security-Auditing
Time Written: 20101116202641.723574-000
Event Type: Überwachung gescheitert
User:
======Environment variables======
"ComSpec"=%SystemRoot%\system32\cmd.exe
"FP_NO_HOST_CHECK"=NO
"OS"=Windows_NT
"Path"=%SystemRoot%\system32;%SystemRoot%;%SystemRoot%\System32\Wbem;C:\Program Files\Common Files\Roxio Shared\DLLShared\;C:\Program Files\Common Files\Roxio Shared\DLLShared\;C:\Program Files\Common Files\Roxio Shared\9.0\DLLShared\;C:\Program Files\QuickTime\QTSystem\;C:\Program Files\Common Files\DivX Shared\
"PATHEXT"=.COM;.EXE;.BAT;.CMD;.VBS;.VBE;.JS;.JSE;.WSF;.WSH;.MSC
"PROCESSOR_ARCHITECTURE"=x86
"TEMP"=%SystemRoot%\TEMP
"TMP"=%SystemRoot%\TEMP
"USERNAME"=SYSTEM
"windir"=%SystemRoot%
"PROCESSOR_LEVEL"=6
"PROCESSOR_IDENTIFIER"=x86 Family 6 Model 15 Stepping 10, GenuineIntel
"PROCESSOR_REVISION"=0f0a
"NUMBER_OF_PROCESSORS"=2
"PLATFORM"=MCD
"PCBRAND"=Pavilion
"OnlineServices"=Online-Dienste
"RoxioCentral"=C:\Program Files\Common Files\Roxio Shared\9.0\Roxio Central33\
"CLASSPATH"=.;C:\Program Files\Java\jre1.6.0\lib\ext\QTJava.zip
"QTJAVA"=C:\Program Files\Java\jre1.6.0\lib\ext\QTJava.zip
"SAFEBOOT_OPTION"=NETWORK
-----------------EOF-----------------
C:\rsit\log.txt RSIT Logfile: Code:
ATTFilter Logfile of random's system information tool 1.08 (written by random/random) Run by *** at 2010-11-16 22:59:28 Microsoft® Windows Vista™ Home Premium System drive C: has 41 GB (29%) free of 145 GB Total RAM: 2046 MB (64% free) Logfile of Trend Micro HijackThis v2.0.4 Scan saved at 22:59:32, on 16.11.2010 Platform: Windows Vista (WinNT 6.00.1904) MSIE: Internet Explorer v7.00 (7.00.6000.17037) Boot mode: Safe mode with network support Running processes: C:\Windows\Explorer.EXE C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe C:\Users\***\Downloads\OTL.exe C:\Windows\notepad.exe C:\Users\***\Downloads\RSIT.exe C:\Program Files\trend micro\***.exe R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=DE_CH&c=73&bd=Pavilion&pf=laptop R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://go.microsoft.com/fwlink/?LinkId=54896 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=DE_CH&c=73&bd=Pavilion&pf=laptop R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = hxxp://go.microsoft.com/fwlink/?LinkId=54896 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://go.microsoft.com/fwlink/?LinkId=54896 R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=DE_CH&c=73&bd=Pavilion&pf=laptop R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch = R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = http=127.0.0.1:29775 R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = O2 - BHO: Adobe PDF Reader - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll O2 - BHO: Asz.Citavi.IEPicker.IEPickerButton - {609D670F-B735-4da7-AC6D-F3BD358E325E} - C:\Windows\system32\mscoree.dll O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll O2 - BHO: PDFCreator Toolbar Helper - {C451C08A-EC37-45DF-AAAD-18B51AB5E837} - C:\Program Files\PDFCreator Toolbar\v3.3.0.1\PDFCreator_Toolbar.dll O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll O3 - Toolbar: PDFCreator Toolbar - {31CF9EBE-5755-4A1D-AC25-2834D952D9B4} - C:\Program Files\PDFCreator Toolbar\v3.3.0.1\PDFCreator_Toolbar.dll O4 - HKLM\..\Run: [MSConfig] "C:\Windows\system32\msconfig.exe" /auto O4 - HKLM\..\RunOnce: [Launcher] %WINDIR%\SMINST\launcher.exe O4 - HKCU\..\RunOnce: [372618] "C:\Users\***\AppData\Local\372618.exe" 0 29 O4 - HKCU\..\RunOnce: [FlashPlayerUpdate] C:\Windows\system32\Macromed\Flash\FlashUtil10h_Plugin.exe -update plugin O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'LOKALER DIENST') O4 - HKUS\S-1-5-19\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter (User 'LOKALER DIENST') O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'NETZWERKDIENST') O8 - Extra context menu item: &Citavi Picker... - file://C:\Program Files\Internet Explorer\PLUGINS\Citavi Picker\ShowContextMenu.html O8 - Extra context menu item: Nach Microsoft E&xel exportieren - res://C:\PROGRA~1\MICROS~3\Office12\EXCEL.EXE/3000 O9 - Extra button: An OneNote senden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~3\Office12\ONBttnIE.dll O9 - Extra 'Tools' menuitem: An OneNote s&enden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~3\Office12\ONBttnIE.dll O9 - Extra button: Citavi Picker - {619D670F-B735-4da7-AC6D-F3BD358E325E} - C:\Windows\system32\mscoree.dll O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~3\Office12\REFIEBAR.DLL O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - hxxp://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\Program Files\Microsoft Office\Office12\GrooveSystemServices.dll O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL O22 - SharedTaskScheduler: Component Categories cache daemon - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\Windows\system32\browseui.dll O23 - Service: Avira AntiVir Personal - Free Antivirus Planer (AntiVirScheduler) - Avira GmbH - C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe O23 - Service: Avira AntiVir Personal - Free Antivirus Guard (AntiVirService) - Avira GmbH - C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe O23 - Service: CyberLink Background Capture Service (CBCS) (CLCapSvc) - Unknown owner - C:\Program Files\HP\QuickPlay\Kernel\TV\CLCapSvc.exe O23 - Service: CyberLink Task Scheduler (CTS) (CLSched) - Unknown owner - C:\Program Files\HP\QuickPlay\Kernel\TV\CLSched.exe O23 - Service: HP Health Check Service - Hewlett-Packard - C:\Program Files\Hewlett-Packard\HP Health Check\hphc_service.exe O23 - Service: hpqwmiex - Hewlett-Packard Development Company, L.P. - C:\Program Files\Hewlett-Packard\Shared\hpqwmiex.exe O23 - Service: Intel(R) Matrix Storage Event Monitor (IAANTMON) - Intel Corporation - C:\Program Files\Intel\Intel Matrix Storage Manager\IAANTMon.exe O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe O23 - Service: iPod-Dienst (iPod Service) - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Common Files\LightScribe\LSSrvc.exe O23 - Service: NVIDIA Display Driver Service (nvsvc) - NVIDIA Corporation - C:\Windows\system32\nvvsvc.exe O23 - Service: RoxMediaDB9 - Sonic Solutions - C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxMediaDB9.exe O23 - Service: SpyHunter 4 Service - Enigma Software Group USA, LLC. - C:\PROGRA~1\ENIGMA~1\SPYHUN~1\SH4SER~1.EXE O23 - Service: stllssvr - MicroVision Development, Inc. - C:\Program Files\Common Files\SureThing Shared\stllssvr.exe -- End of file - 6498 bytes ======Registry dump====== [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{06849E9F-C8D7-4D59-B87D-784B7D6BE0B3}] Adobe PDF Reader - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll [2006-10-23 62080] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{609D670F-B735-4da7-AC6D-F3BD358E325E}] Asz.Citavi.IEPicker.IEPickerButton - C:\Windows\system32\mscoree.dll [2008-07-27 282112] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{72853161-30C5-4D22-B7F9-0BBC1D38A37E}] Groove GFS Browser Helper - C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll [2009-02-12 2217848] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{C451C08A-EC37-45DF-AAAD-18B51AB5E837}] PDFCreator Toolbar Helper - C:\Program Files\PDFCreator Toolbar\v3.3.0.1\PDFCreator_Toolbar.dll [2008-12-09 806912] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{DBC80044-A445-435b-BC74-9C25C1C588A9}] Java(tm) Plug-In 2 SSV Helper - C:\Program Files\Java\jre6\bin\jp2ssv.dll [2010-07-29 41760] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar] {31CF9EBE-5755-4A1D-AC25-2834D952D9B4} - PDFCreator Toolbar - C:\Program Files\PDFCreator Toolbar\v3.3.0.1\PDFCreator_Toolbar.dll [2008-12-09 806912] [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run] "MSConfig"=C:\Windows\system32\msconfig.exe [2006-11-02 222208] [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\RunOnce] "Launcher"=C:\Windows\SMINST\launcher.exe [2006-11-08 44128] [HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\RunOnce] "372618"=C:\Users\***\AppData\Local\372618.exe [2010-11-15 992256] "FlashPlayerUpdate"=C:\Windows\system32\Macromed\Flash\FlashUtil10h_Plugin.exe [2010-06-27 231888] [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\avgnt] C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe [2008-06-12 266497] [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DivXUpdate] C:\Program Files\DivX\DivX Update\DivXUpdate.exe [2010-09-01 1164584] [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\EPSON Stylus DX4400 Series] C:\Windows\system32\spool\DRIVERS\W32X86\3\E_FATICAE.EXE [2007-01-25 179200] [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\EPSON Stylus DX4400 Series (Kopie 1)] C:\Windows\system32\spool\DRIVERS\W32X86\3\E_FATICAE.EXE [2007-01-25 179200] [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\GrooveMonitor] C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe [2008-10-25 31072] [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HP Software Update] C:\Program Files\HP\HP Software Update\HPWuSchd2.exe [2006-12-10 49152] [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\hpWirelessAssistant] C:\Program Files\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe [2007-03-01 472776] [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\IAAnotif] C:\Program Files\Intel\Intel Matrix Storage Manager\iaanotif.exe [2007-02-12 174872] [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\iTunesHelper] C:\Program Files\iTunes\iTunesHelper.exe [2009-09-08 305440] [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ Malwarebytes Anti-Malware (reboot)] C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe [2010-04-29 1090952] [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NvCplDaemon] C:\Windows\system32\NvCpl.dll [2009-10-03 13826664] [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PDFPrint] C:\Program Files\pdf24\pdf24.exe [2009-12-15 207504] [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QlbCtrl] C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\QlbCtrl.exe [2007-02-13 159744] [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task] C:\Program Files\QuickTime\QTTask.exe [2009-09-05 417792] [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RtHDVCpl] C:\Windows\RtHDVCpl.exe [2007-03-09 4390912] [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Sidebar] C:\Program Files\Windows Sidebar\sidebar.exe [2008-11-17 1232896] [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched] C:\Program Files\Common Files\Java\Java Update\jusched.exe [2010-05-14 248552] [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [2007-01-13 827392] [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\WAWifiMessage] C:\Program Files\Hewlett-Packard\HP Wireless Assistant\WiFiMsg.exe [2007-01-11 317128] [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Windows Defender] C:\Program Files\Windows Defender\MSASCui.exe [2008-11-17 1006264] [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^Adobe Reader Synchronizer.lnk] C:\PROGRA~1\Adobe\READER~1.0\Reader\ADOBEC~1.EXE [2006-10-23 734872] [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^HP Digital Imaging Monitor.lnk] C:\PROGRA~1\HP\DIGITA~1\bin\hpqtra08.exe [2007-01-02 210520] [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^PDFCreator.lnk] C:\PROGRA~1\PDFCRE~1\PDFCRE~1.EXE [2008-12-09 2641920] [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Users^***^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^Dropbox.lnk] C:\Users\***\AppData\Roaming\Dropbox\bin\Dropbox.exe [2010-02-26 21979992] [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Users^***^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^OneNote 2007 Bildschirmausschnitt- und Startprogramm.lnk] C:\PROGRA~1\MICROS~3\Office12\ONENOTEM.EXE [2009-02-26 97680] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks] "{B5A7F190-DDA6-4420-B3BA-52453494E6CD}"=C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll [2009-02-12 2217848] [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MSIServer] [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\MSIServer] [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System] "dontdisplaylastusername"=0 "legalnoticecaption"= "legalnoticetext"= "shutdownwithoutlogon"=1 "undockwithoutlogon"=1 [HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list] [HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list] ======List of files/folders created in the last 1 months====== 2010-11-16 22:59:29 ----D---- C:\Program Files\trend micro 2010-11-16 22:59:28 ----D---- C:\rsit 2010-11-16 21:04:52 ----D---- C:\Windows\pss 2010-11-16 20:40:50 ----D---- C:\sh4ldr 2010-11-16 20:40:50 ----D---- C:\Program Files\Enigma Software Group 2010-11-16 20:39:50 ----D---- C:\Windows\3636C9237AD64DE3978A09609AEE8ECF.TMP 2010-11-16 08:09:11 ----A---- C:\Windows\ntbtlog.txt 2010-11-16 08:03:03 ----D---- C:\Program Files\CCleaner 2010-11-15 21:01:07 ----D---- C:\Users\***\AppData\Roaming\Dropbox 2010-10-18 18:39:20 ----D---- C:\Users\***\AppData\Roaming\Malwarebytes 2010-10-18 18:38:38 ----A---- C:\Windows\system32\drivers\mbamswissarmy.sys 2010-10-18 18:38:37 ----D---- C:\ProgramData\Malwarebytes 2010-10-18 18:38:36 ----D---- C:\Program Files\Malwarebytes' Anti-Malware 2010-10-18 18:38:36 ----A---- C:\Windows\system32\drivers\mbam.sys 2010-10-17 22:03:39 ----D---- C:\Program Files\Common Files\Wise Installation Wizard ======List of files/folders modified in the last 1 months====== 2010-11-16 22:59:29 ----RD---- C:\Program Files 2010-11-16 21:17:47 ----D---- C:\Windows\System32 2010-11-16 21:17:47 ----D---- C:\Windows\inf 2010-11-16 21:17:47 ----A---- C:\Windows\system32\PerfStringBackup.INI 2010-11-16 21:11:46 ----D---- C:\Windows\Temp 2010-11-16 21:09:25 ----D---- C:\WINDOWS 2010-11-16 21:07:04 ----D---- C:\Windows\SMINST 2010-11-16 20:40:56 ----SHD---- C:\Windows\Installer 2010-11-16 20:40:53 ----SD---- C:\Users\***\AppData\Roaming\Microsoft 2010-11-16 08:08:18 ----D---- C:\Users\***\AppData\Roaming\Winamp 2010-11-16 08:05:41 ----D---- C:\Windows\Minidump 2010-11-16 08:05:41 ----D---- C:\Windows\Debug 2010-11-15 22:49:18 ----D---- C:\Windows\system32\drivers 2010-11-15 22:49:18 ----D---- C:\Windows\Help 2010-11-15 22:19:37 ----D---- C:\Windows\Prefetch 2010-11-14 21:00:51 ----SHD---- C:\System Volume Information 2010-11-10 19:52:58 ----D---- C:\ProgramData\Microsoft Help 2010-11-10 19:45:56 ----A---- C:\Windows\system32\mrt.exe 2010-11-09 21:39:04 ----D---- C:\Users\***\AppData\Roaming\dvdcss 2010-11-06 10:27:51 ----D---- C:\Windows\system32\catroot2 2010-11-04 07:52:24 ----D---- C:\Program Files\Mozilla Firefox 2010-10-25 22:28:34 ----D---- C:\Users\***\AppData\Roaming\Skype 2010-10-25 19:59:13 ----D---- C:\Users\***\AppData\Roaming\skypePM 2010-10-19 10:41:44 ----N---- C:\Windows\system32\MpSigStub.exe 2010-10-18 19:47:56 ----D---- C:\Windows\Branding 2010-10-18 18:38:37 ----HD---- C:\ProgramData 2010-10-17 22:03:39 ----D---- C:\Program Files\Common Files 2010-10-17 20:49:36 ----D---- C:\Program Files\TrackMania United ======List of drivers (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)====== R0 iaStor;Intel AHCI Controller; C:\Windows\system32\DRIVERS\iaStor.sys [2007-02-12 277784] R0 PxHelp20;PxHelp20; C:\Windows\System32\Drivers\PxHelp20.sys [2007-02-02 43528] R2 rimmptsk;rimmptsk; C:\Windows\system32\DRIVERS\rimmptsk.sys [2007-02-24 39936] R2 rimsptsk;rimsptsk; C:\Windows\system32\DRIVERS\rimsptsk.sys [2007-01-23 42496] R2 rismxdp;Ricoh xD-Picture Card Driver; C:\Windows\system32\DRIVERS\rixdptsk.sys [2007-01-23 37376] R3 GEARAspiWDM;GEAR ASPI Filter Driver; C:\Windows\system32\DRIVERS\GEARAspiWDM.sys [2009-05-18 26600] R3 HBtnKey;HBtnKey; C:\Windows\system32\DRIVERS\cpqbttn.sys [2006-06-28 9472] R3 NETw4v32;Intel(R) Wireless WiFi Link Adaptertreiber für Windows Vista 32 Bit; C:\Windows\system32\DRIVERS\NETw4v32.sys [2007-03-01 2216448] R3 RTL8169;Realtek 8169 NT Driver; C:\Windows\system32\DRIVERS\Rtlh86.sys [2007-03-05 76288] R3 SynTP;Synaptics TouchPad Driver; C:\Windows\system32\DRIVERS\SynTP.sys [2007-01-13 181432] S1 avgio;avgio; \??\C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgio.sys [2009-05-28 11608] S1 avipbb;avipbb; C:\Windows\system32\DRIVERS\avipbb.sys [2009-05-28 75096] S1 eabfiltr;eabfiltr; C:\Windows\system32\DRIVERS\eabfiltr.sys [2006-11-30 8192] S1 ssmdrv;ssmdrv; C:\Windows\system32\DRIVERS\ssmdrv.sys [2007-11-08 21248] S3 ATSWPDRV;AuthenTec TruePrint USB Driver (SwipeSensor); C:\Windows\system32\DRIVERS\ATSwpDrv.sys [2007-03-28 140424] S3 avgntflt;avgntflt; \??\C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgntflt.sys [2009-05-28 52056] S3 BCM43XV;Broadcom Extensible 802.11-Netzwerkadaptertreiber; C:\Windows\system32\DRIVERS\bcmwl6.sys [2006-11-02 464384] S3 BthEnum;Bluetooth-Auflistungsdienst; C:\Windows\system32\DRIVERS\BthEnum.sys [2008-11-17 19456] S3 BthPan;Bluetooth-Gerät (PAN); C:\Windows\system32\DRIVERS\bthpan.sys [2006-11-02 92160] S3 BTHPORT;Bluetooth-Porttreiber; C:\Windows\System32\Drivers\BTHport.sys [2008-11-17 220160] S3 BTHUSB;USB-Treiber für Bluetooth-Funkgerät; C:\Windows\System32\Drivers\BTHUSB.sys [2008-11-17 29184] S3 btwavdt;Bluetooth AVDT Service; C:\Windows\system32\DRIVERS\btwavdt.sys [2007-01-02 80688] S3 drmkaud;Microsoft Kernel-DRM-Audioentschlüsselung; C:\Windows\system32\drivers\drmkaud.sys [2006-11-02 5632] S3 E100B;Intel(R) PRO-Adaptertreiber; C:\Windows\system32\DRIVERS\e100b325.sys [2006-11-02 163328] S3 HdAudAddService;Microsoft 1.1 UAA-Funktionstreiber für High Definition Audio-Dienst; C:\Windows\system32\drivers\HdAudio.sys [2006-11-02 235520] S3 HSF_DPV;HSF_DPV; C:\Windows\system32\DRIVERS\VSTDPV3.SYS [2006-11-02 987648] S3 HSFHWAZL;HSFHWAZL; C:\Windows\system32\DRIVERS\VSTAZL3.SYS [2006-11-02 200704] S3 ialm;ialm; C:\Windows\system32\DRIVERS\igdkmd32.sys [2006-10-19 1380864] S3 IntcAzAudAddService;Service for Realtek HD Audio (WDM); C:\Windows\system32\drivers\RTKVHDA.sys [2007-03-12 1747936] S3 MSKSSRV;Microsoft Streaming Service Proxy; C:\Windows\system32\drivers\MSKSSRV.sys [2006-11-02 8192] S3 MSPCLOCK;Microsoft Proxy für Streaming Clock; C:\Windows\system32\drivers\MSPCLOCK.sys [2006-11-02 5888] S3 MSPQM;Microsoft Proxy für Streaming Quality Manager; C:\Windows\system32\drivers\MSPQM.sys [2006-11-02 5504] S3 MSTEE;Microsoft Streaming Tee/Sink-to-Sink-Konvertierung; C:\Windows\system32\drivers\MSTEE.sys [2006-11-02 6016] S3 nvlddmkm;nvlddmkm; C:\Windows\system32\DRIVERS\nvlddmkm.sys [2009-10-03 9905096] S3 RFCOMM;Bluetooth-Gerät (RFCOMM-Protokoll-TDI); C:\Windows\system32\DRIVERS\rfcomm.sys [2006-11-02 49664] S3 sdbus;sdbus; C:\Windows\system32\DRIVERS\sdbus.sys [2008-11-17 82432] S3 smserial;smserial; C:\Windows\system32\DRIVERS\smserial.sys [2006-10-09 981504] S3 StillCam;Treiber für serielle Digitalkamera; C:\Windows\system32\DRIVERS\serscan.sys [2006-11-02 9216] S3 USBAAPL;Apple Mobile USB Driver; C:\Windows\System32\Drivers\usbaapl.sys [2009-08-28 40448] S3 usbaudio;USB-Audiotreiber (WDM); C:\Windows\system32\drivers\usbaudio.sys [2006-11-02 71552] S3 usbscan;USB-Scannertreiber; C:\Windows\system32\DRIVERS\usbscan.sys [2006-11-02 35328] S3 usbvideo;USB-Videogerät (WDM); C:\Windows\System32\Drivers\usbvideo.sys [2006-11-02 132352] S3 winachsf;winachsf; C:\Windows\system32\DRIVERS\VSTCNXT3.SYS [2006-11-02 654336] S3 WpdUsb;WpdUsb; C:\Windows\system32\DRIVERS\wpdusb.sys [2006-11-02 39936] S3 WUDFRd;WUDFRd; C:\Windows\system32\DRIVERS\WUDFRd.sys [2006-11-02 82560] ======List of services (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)====== S2 AntiVirScheduler;Avira AntiVir Personal - Free Antivirus Planer; C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe [2008-11-18 68865] S2 AntiVirService;Avira AntiVir Personal - Free Antivirus Guard; C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe [2008-11-18 151297] S2 Apple Mobile Device;Apple Mobile Device; C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe [2009-08-28 144672] S2 BthServ;@%SystemRoot%\System32\bthserv.dll,-101; C:\Windows\system32\svchost.exe [2006-11-02 22016] S2 CLCapSvc;CyberLink Background Capture Service (CBCS); C:\Program Files\HP\QuickPlay\Kernel\TV\CLCapSvc.exe [2007-04-24 262243] S2 CLSched;CyberLink Task Scheduler (CTS); C:\Program Files\HP\QuickPlay\Kernel\TV\CLSched.exe [2007-04-24 106593] S2 HP Health Check Service;HP Health Check Service; C:\Program Files\Hewlett-Packard\HP Health Check\hphc_service.exe [2007-03-14 62984] S2 hpqddsvc;HP CUE DeviceDiscovery Service; C:\Windows\system32\svchost.exe [2006-11-02 22016] S2 hpqwmiex;hpqwmiex; C:\Program Files\Hewlett-Packard\Shared\hpqwmiex.exe [2006-05-02 135168] S2 HPSLPSVC;HP Network Devices Support; C:\Windows\system32\svchost.exe [2006-11-02 22016] S2 IAANTMON;Intel(R) Matrix Storage Event Monitor; C:\Program Files\Intel\Intel Matrix Storage Manager\IAANTMon.exe [2007-02-12 355096] S2 LightScribeService;LightScribeService Direct Disc Labeling Service; C:\Program Files\Common Files\LightScribe\LSSrvc.exe [2006-12-15 61440] S2 Net Driver HPZ12;Net Driver HPZ12; C:\Windows\System32\svchost.exe [2006-11-02 22016] S2 nvsvc;NVIDIA Display Driver Service; C:\Windows\system32\nvvsvc.exe [2009-10-03 219752] S2 Pml Driver HPZ12;Pml Driver HPZ12; C:\Windows\System32\svchost.exe [2006-11-02 22016] S2 SpyHunter 4 Service;SpyHunter 4 Service; C:\PROGRA~1\ENIGMA~1\SPYHUN~1\SH4SER~1.EXE [2010-11-05 327000] S3 hpqcxs08;hpqcxs08; C:\Windows\system32\svchost.exe [2006-11-02 22016] S3 IDriverT;InstallDriver Table Manager; C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe [2004-10-22 73728] S3 iPod Service;iPod-Dienst; C:\Program Files\iPod\bin\iPodService.exe [2009-09-08 545568] S3 Microsoft Office Groove Audit Service;Microsoft Office Groove Audit Service; C:\Program Files\Microsoft Office\Office12\GrooveAuditService.exe [2008-10-25 65888] S3 odserv;Microsoft Office Diagnostics Service; C:\Program Files\Common Files\Microsoft Shared\OFFICE12\ODSERV.EXE [2008-11-04 441712] S3 ose;Office Source Engine; C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE [2006-10-26 145184] S3 RoxMediaDB9;RoxMediaDB9; C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxMediaDB9.exe [2007-02-12 880640] S3 stllssvr;stllssvr; C:\Program Files\Common Files\SureThing Shared\stllssvr.exe [2007-02-17 74656] -----------------EOF----------------- |
|
17.11.2010, 08:47
| #2 | ||
| /// Helfer-Team    | Security Tool nicht gelöscht Hallo und Herzlich Willkommen!
__________________ Bevor wir unsere Zusammenarbeit beginnen, [Bitte Vollständig lesen]: Zitat:
Im Normalen Modus laufen lassen! ** Update Malwarebytes Anti-Malware, lass es nochmal anhand der folgenden Anleitung laufen:
2. - Lade dir RSIT - rsit.exe herunter - an einen Ort deiner Wahl und führe die rsit.exe aus - wird "Hijackthis" auch von RSIT installiert und ausgeführt - RSIT erstellt 2 Logfiles (C:\rsit\log.txt und C:\rsit\info.txt) mit erweiterten Infos von deinem System - diese beide bitte komplett hier posten 3. Bitte Versteckte - und Systemdateien sichtbar machen den Link hier anklicken: System-Dateien und -Ordner unter XP und Vista sichtbar machen Am Ende unserer Arbeit, kannst wieder rückgängig machen! 4. → Lade Dir HJTscanlist.zip herunter → entpacke die Datei auf deinem Desktop → Bei WindowsXP Home musst vor dem Scan zusätzlich tasklist.zip installieren → per Doppelklick starten → Wähle dein Betriebsystem aus - bei Win7 wähle Vista → Wenn Du gefragt wirst, die Option "Einstellung" (1) - scanlist" wählen → Nach kurzer Zeit sollte sich Dein Editor öffnen und die Datei hjtscanlist.txt präsentieren → Bitte kopiere den Inhalt hier in Deinen Thread. ** Falls es klappt auf einmal nicht, kannst den Text in mehrere Teile teilen und so posten 5. Ich würde gerne noch all deine installierten Programme sehen: Lade dir das Tool Ccleaner herunter → "Download"→ " Download from FileHippo.com" installieren (Software-Lizenzvereinbarung lesen, falls angeboten wird "Füge CCleaner Yahoo! Toolbar hinzu" abwählen)→ starten→ falls nötig - unter Options settings-> "german" einstellen dann klick auf "Extra (um die installierten Programme auch anzuzeigen)→ weiter auf "Als Textdatei speichern..." wird eine Textdatei (*.txt) erstellt, kopiere dazu den Inhalt und füge ihn da ein Zitat:
Coverflow |
|
17.11.2010, 15:13
| #3 |
| | Security Tool nicht gelöscht Hi Coverflow,
__________________danke für die Antwort und die Tipps. Ich bin gerade auf Arbeit werde deine Anweisung am Abend dann durchführen. Muss ich alles im Normalmodus laufen lassen? Den das Secuirty Tool blockt mir alles, auch das rkill Tool um es zu schliessen. Ich versuchs sonst nochmals mit der umbenannten Version. Aber nicht im abgesicherten Modus? Thx & Gruss Grischuna |
|
17.11.2010, 20:00
| #4 |
| | Security Tool nicht gelöscht Also im Normalmodus kommt immer direkt eine Sicherheitswarnung von Security Tool, die mir rkill schliesst. Ich lasse nun Malwarebytes im abgesicherten Modus laufen, oder bringt das nichts? |
|
17.11.2010, 21:44
| #5 |
| | Security Tool nicht gelöscht Ich habe Malwarebytes jetzt nochmals im abgesicherten Modus laufen lassen, hier die Logs Code:
ATTFilter Malwarebytes' Anti-Malware 1.46
www.malwarebytes.org
Datenbank Version: 5138
Windows 6.0.6000 (Safe Mode)
Internet Explorer 7.0.6000.17037
17.11.2010 21:41:28
mbam-log-2010-11-17 (21-41-28).txt
Art des Suchlaufs: Vollständiger Suchlauf (C:\|D:\|E:\|)
Durchsuchte Objekte: 307961
Laufzeit: 1 Stunde(n), 3 Minute(n), 8 Sekunde(n)
Infizierte Speicherprozesse: 0
Infizierte Speichermodule: 0
Infizierte Registrierungsschlüssel: 0
Infizierte Registrierungswerte: 1
Infizierte Dateiobjekte der Registrierung: 0
Infizierte Verzeichnisse: 0
Infizierte Dateien: 2
Infizierte Speicherprozesse:
(Keine bösartigen Objekte gefunden)
Infizierte Speichermodule:
(Keine bösartigen Objekte gefunden)
Infizierte Registrierungsschlüssel:
(Keine bösartigen Objekte gefunden)
Infizierte Registrierungswerte:
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce\372618 (Rogue.SecurityTool) -> Quarantined and deleted successfully.
Infizierte Dateiobjekte der Registrierung:
(Keine bösartigen Objekte gefunden)
Infizierte Verzeichnisse:
(Keine bösartigen Objekte gefunden)
Infizierte Dateien:
C:\Users\***\AppData\Local\372618.exe (Rogue.SecurityTool) -> Quarantined and deleted successfully.
C:\Users\***\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Security Tool.LNK (Rogue.SecurityTool) -> Quarantined and deleted successfully.
|
|
17.11.2010, 23:31
| #6 |
| | Security Tool nicht gelöscht Nachdem ich Malwarebytes im abgesicherten Modus durchgeführt habe, kam Security Tool nicht mehr. Ich hab nun nochmals einen Quickscan mit Malwarebytes durchgeführt: Mwblog: Code:
ATTFilter Malwarebytes' Anti-Malware 1.46
www.malwarebytes.org
Datenbank Version: 5138
Windows 6.0.6000
Internet Explorer 7.0.6000.17037
17.11.2010 23:07:20
mbam-log-2010-11-17 (23-07-20).txt
Art des Suchlaufs: Quick-Scan
Durchsuchte Objekte: 144083
Laufzeit: 15 Minute(n), 40 Sekunde(n)
Infizierte Speicherprozesse: 0
Infizierte Speichermodule: 0
Infizierte Registrierungsschlüssel: 0
Infizierte Registrierungswerte: 0
Infizierte Dateiobjekte der Registrierung: 0
Infizierte Verzeichnisse: 0
Infizierte Dateien: 0
Infizierte Speicherprozesse:
(Keine bösartigen Objekte gefunden)
Infizierte Speichermodule:
(Keine bösartigen Objekte gefunden)
Infizierte Registrierungsschlüssel:
(Keine bösartigen Objekte gefunden)
Infizierte Registrierungswerte:
(Keine bösartigen Objekte gefunden)
Infizierte Dateiobjekte der Registrierung:
(Keine bösartigen Objekte gefunden)
Infizierte Verzeichnisse:
(Keine bösartigen Objekte gefunden)
Infizierte Dateien:
(Keine bösartigen Objekte gefunden)
2. RSIT RSIT hat jedoch nur einen Log erstellt. Den RSIT habe ich gestern auch schon laufen lassen (siehe oben) Code:
ATTFilter Logfile of random's system information tool 1.08 (written by random/random) Run by *** at 2010-11-17 23:19:14 Microsoft® Windows Vista™ Home Premium System drive C: has 39 GB (27%) free of 145 GB Total RAM: 2046 MB (48% free) Logfile of Trend Micro HijackThis v2.0.4 Scan saved at 23:19:17, on 17.11.2010 Platform: Windows Vista (WinNT 6.00.1904) MSIE: Internet Explorer v7.00 (7.00.6000.17037) Boot mode: Normal Running processes: C:\Windows\system32\Dwm.exe C:\Windows\system32\taskeng.exe C:\Windows\system32\conime.exe C:\Windows\explorer.exe C:\Windows\system32\wuauclt.exe C:\Program Files\Microsoft Office\Office12\WINWORD.EXE C:\Program Files\Mozilla Firefox\firefox.exe C:\Users\***\Downloads\RSIT.exe C:\Program Files\trend micro\***.exe R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=DE_CH&c=73&bd=Pavilion&pf=laptop R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://go.microsoft.com/fwlink/?LinkId=54896 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=DE_CH&c=73&bd=Pavilion&pf=laptop R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = hxxp://go.microsoft.com/fwlink/?LinkId=54896 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://go.microsoft.com/fwlink/?LinkId=54896 R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=DE_CH&c=73&bd=Pavilion&pf=laptop R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch = R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = http=127.0.0.1:29775 R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = O2 - BHO: Adobe PDF Reader - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll O2 - BHO: Asz.Citavi.IEPicker.IEPickerButton - {609D670F-B735-4da7-AC6D-F3BD358E325E} - C:\Windows\system32\mscoree.dll O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll O2 - BHO: PDFCreator Toolbar Helper - {C451C08A-EC37-45DF-AAAD-18B51AB5E837} - C:\Program Files\PDFCreator Toolbar\v3.3.0.1\PDFCreator_Toolbar.dll O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll O3 - Toolbar: PDFCreator Toolbar - {31CF9EBE-5755-4A1D-AC25-2834D952D9B4} - C:\Program Files\PDFCreator Toolbar\v3.3.0.1\PDFCreator_Toolbar.dll O4 - HKLM\..\Run: [MSConfig] "C:\Windows\system32\msconfig.exe" /auto O4 - HKLM\..\Run: [ Malwarebytes Anti-Malware (reboot)] "C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe" /runcleanupscript O4 - HKLM\..\RunOnce: [Launcher] %WINDIR%\SMINST\launcher.exe O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'LOKALER DIENST') O4 - HKUS\S-1-5-19\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter (User 'LOKALER DIENST') O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'NETZWERKDIENST') O8 - Extra context menu item: &Citavi Picker... - file://C:\Program Files\Internet Explorer\PLUGINS\Citavi Picker\ShowContextMenu.html O8 - Extra context menu item: Nach Microsoft E&xel exportieren - res://C:\PROGRA~1\MICROS~3\Office12\EXCEL.EXE/3000 O9 - Extra button: An OneNote senden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~3\Office12\ONBttnIE.dll O9 - Extra 'Tools' menuitem: An OneNote s&enden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~3\Office12\ONBttnIE.dll O9 - Extra button: Citavi Picker - {619D670F-B735-4da7-AC6D-F3BD358E325E} - C:\Windows\system32\mscoree.dll O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~3\Office12\REFIEBAR.DLL O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - hxxp://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\Program Files\Microsoft Office\Office12\GrooveSystemServices.dll O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL O22 - SharedTaskScheduler: Component Categories cache daemon - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\Windows\system32\browseui.dll O23 - Service: Avira AntiVir Personal - Free Antivirus Planer (AntiVirScheduler) - Avira GmbH - C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe O23 - Service: Avira AntiVir Personal - Free Antivirus Guard (AntiVirService) - Avira GmbH - C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe O23 - Service: CyberLink Background Capture Service (CBCS) (CLCapSvc) - Unknown owner - C:\Program Files\HP\QuickPlay\Kernel\TV\CLCapSvc.exe O23 - Service: CyberLink Task Scheduler (CTS) (CLSched) - Unknown owner - C:\Program Files\HP\QuickPlay\Kernel\TV\CLSched.exe O23 - Service: HP Health Check Service - Hewlett-Packard - C:\Program Files\Hewlett-Packard\HP Health Check\hphc_service.exe O23 - Service: hpqwmiex - Hewlett-Packard Development Company, L.P. - C:\Program Files\Hewlett-Packard\Shared\hpqwmiex.exe O23 - Service: Intel(R) Matrix Storage Event Monitor (IAANTMON) - Intel Corporation - C:\Program Files\Intel\Intel Matrix Storage Manager\IAANTMon.exe O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe O23 - Service: iPod-Dienst (iPod Service) - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Common Files\LightScribe\LSSrvc.exe O23 - Service: NVIDIA Display Driver Service (nvsvc) - NVIDIA Corporation - C:\Windows\system32\nvvsvc.exe O23 - Service: RoxMediaDB9 - Sonic Solutions - C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxMediaDB9.exe O23 - Service: SpyHunter 4 Service - Enigma Software Group USA, LLC. - C:\PROGRA~1\ENIGMA~1\SPYHUN~1\SH4SER~1.EXE O23 - Service: stllssvr - MicroVision Development, Inc. - C:\Program Files\Common Files\SureThing Shared\stllssvr.exe -- End of file - 6477 bytes ======Registry dump====== [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{06849E9F-C8D7-4D59-B87D-784B7D6BE0B3}] Adobe PDF Reader - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll [2006-10-23 62080] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{609D670F-B735-4da7-AC6D-F3BD358E325E}] Asz.Citavi.IEPicker.IEPickerButton - C:\Windows\system32\mscoree.dll [2008-07-27 282112] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{72853161-30C5-4D22-B7F9-0BBC1D38A37E}] Groove GFS Browser Helper - C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll [2009-02-12 2217848] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{C451C08A-EC37-45DF-AAAD-18B51AB5E837}] PDFCreator Toolbar Helper - C:\Program Files\PDFCreator Toolbar\v3.3.0.1\PDFCreator_Toolbar.dll [2008-12-09 806912] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{DBC80044-A445-435b-BC74-9C25C1C588A9}] Java(tm) Plug-In 2 SSV Helper - C:\Program Files\Java\jre6\bin\jp2ssv.dll [2010-07-29 41760] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar] {31CF9EBE-5755-4A1D-AC25-2834D952D9B4} - PDFCreator Toolbar - C:\Program Files\PDFCreator Toolbar\v3.3.0.1\PDFCreator_Toolbar.dll [2008-12-09 806912] [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run] "MSConfig"=C:\Windows\system32\msconfig.exe [2006-11-02 222208] " Malwarebytes Anti-Malware (reboot)"=C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe [2010-04-29 1090952] [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\RunOnce] "Launcher"=C:\Windows\SMINST\launcher.exe [2006-11-08 44128] [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\avgnt] C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe [2008-06-12 266497] [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DivXUpdate] C:\Program Files\DivX\DivX Update\DivXUpdate.exe [2010-09-01 1164584] [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\EPSON Stylus DX4400 Series] C:\Windows\system32\spool\DRIVERS\W32X86\3\E_FATICAE.EXE [2007-01-25 179200] [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\EPSON Stylus DX4400 Series (Kopie 1)] C:\Windows\system32\spool\DRIVERS\W32X86\3\E_FATICAE.EXE [2007-01-25 179200] [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\GrooveMonitor] C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe [2008-10-25 31072] [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HP Software Update] C:\Program Files\HP\HP Software Update\HPWuSchd2.exe [2006-12-10 49152] [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\hpWirelessAssistant] C:\Program Files\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe [2007-03-01 472776] [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\IAAnotif] C:\Program Files\Intel\Intel Matrix Storage Manager\iaanotif.exe [2007-02-12 174872] [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\iTunesHelper] C:\Program Files\iTunes\iTunesHelper.exe [2009-09-08 305440] [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ Malwarebytes Anti-Malware (reboot)] C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe [2010-04-29 1090952] [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NvCplDaemon] C:\Windows\system32\NvCpl.dll [2009-10-03 13826664] [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PDFPrint] C:\Program Files\pdf24\pdf24.exe [2009-12-15 207504] [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QlbCtrl] C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\QlbCtrl.exe [2007-02-13 159744] [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task] C:\Program Files\QuickTime\QTTask.exe [2009-09-05 417792] [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RtHDVCpl] C:\Windows\RtHDVCpl.exe [2007-03-09 4390912] [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Sidebar] C:\Program Files\Windows Sidebar\sidebar.exe [2008-11-17 1232896] [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched] C:\Program Files\Common Files\Java\Java Update\jusched.exe [2010-05-14 248552] [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [2007-01-13 827392] [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\WAWifiMessage] C:\Program Files\Hewlett-Packard\HP Wireless Assistant\WiFiMsg.exe [2007-01-11 317128] [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Windows Defender] C:\Program Files\Windows Defender\MSASCui.exe [2008-11-17 1006264] [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^Adobe Reader Synchronizer.lnk] C:\PROGRA~1\Adobe\READER~1.0\Reader\ADOBEC~1.EXE [2006-10-23 734872] [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^HP Digital Imaging Monitor.lnk] C:\PROGRA~1\HP\DIGITA~1\bin\hpqtra08.exe [2007-01-02 210520] [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^PDFCreator.lnk] C:\PROGRA~1\PDFCRE~1\PDFCRE~1.EXE [2008-12-09 2641920] [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Users^***^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^Dropbox.lnk] C:\Users\***\AppData\Roaming\Dropbox\bin\Dropbox.exe [2010-02-26 21979992] [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Users^***^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^OneNote 2007 Bildschirmausschnitt- und Startprogramm.lnk] C:\PROGRA~1\MICROS~3\Office12\ONENOTEM.EXE [2009-02-26 97680] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks] "{B5A7F190-DDA6-4420-B3BA-52453494E6CD}"=C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll [2009-02-12 2217848] [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MSIServer] [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\MSIServer] [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System] "dontdisplaylastusername"=0 "legalnoticecaption"= "legalnoticetext"= "shutdownwithoutlogon"=1 "undockwithoutlogon"=1 [HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list] [HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list] ======List of files/folders created in the last 1 months====== 2010-11-17 22:47:51 ----ASH---- C:\hiberfil.sys 2010-11-16 22:59:29 ----D---- C:\Program Files\trend micro 2010-11-16 22:59:28 ----D---- C:\rsit 2010-11-16 21:04:52 ----D---- C:\Windows\pss 2010-11-16 20:40:50 ----D---- C:\sh4ldr 2010-11-16 20:40:50 ----D---- C:\Program Files\Enigma Software Group 2010-11-16 20:39:50 ----D---- C:\Windows\3636C9237AD64DE3978A09609AEE8ECF.TMP 2010-11-16 08:09:11 ----A---- C:\Windows\ntbtlog.txt 2010-11-16 08:03:03 ----D---- C:\Program Files\CCleaner 2010-11-15 21:01:07 ----D---- C:\Users\***\AppData\Roaming\Dropbox 2010-10-18 18:39:20 ----D---- C:\Users\***\AppData\Roaming\Malwarebytes 2010-10-18 18:38:38 ----A---- C:\Windows\system32\drivers\mbamswissarmy.sys 2010-10-18 18:38:37 ----D---- C:\ProgramData\Malwarebytes 2010-10-18 18:38:36 ----D---- C:\Program Files\Malwarebytes' Anti-Malware 2010-10-18 18:38:36 ----A---- C:\Windows\system32\drivers\mbam.sys ======List of files/folders modified in the last 1 months====== 2010-11-17 23:19:12 ----D---- C:\Windows\Temp 2010-11-17 22:57:08 ----SHD---- C:\System Volume Information 2010-11-17 22:55:49 ----D---- C:\Windows\System32 2010-11-17 22:55:49 ----D---- C:\Windows\inf 2010-11-17 22:55:49 ----A---- C:\Windows\system32\PerfStringBackup.INI 2010-11-17 22:49:07 ----D---- C:\Windows\SMINST 2010-11-17 22:43:09 ----D---- C:\Windows\system32\drivers 2010-11-16 22:59:29 ----RD---- C:\Program Files 2010-11-16 21:09:25 ----D---- C:\WINDOWS 2010-11-16 20:40:56 ----SHD---- C:\Windows\Installer 2010-11-16 20:40:53 ----SD---- C:\Users\***\AppData\Roaming\Microsoft 2010-11-16 20:39:46 ----D---- C:\Program Files\Common Files\Wise Installation Wizard 2010-11-16 08:08:18 ----D---- C:\Users\***\AppData\Roaming\Winamp 2010-11-16 08:05:41 ----D---- C:\Windows\Minidump 2010-11-16 08:05:41 ----D---- C:\Windows\Debug 2010-11-15 22:49:18 ----D---- C:\Windows\Help 2010-11-15 22:19:37 ----D---- C:\Windows\Prefetch 2010-11-10 19:52:58 ----D---- C:\ProgramData\Microsoft Help 2010-11-10 19:45:56 ----A---- C:\Windows\system32\mrt.exe 2010-11-09 21:39:04 ----D---- C:\Users\***\AppData\Roaming\dvdcss 2010-11-06 10:27:51 ----D---- C:\Windows\system32\catroot2 2010-11-04 07:52:24 ----D---- C:\Program Files\Mozilla Firefox 2010-10-25 22:28:34 ----D---- C:\Users\***\AppData\Roaming\Skype 2010-10-25 19:59:13 ----D---- C:\Users\***\AppData\Roaming\skypePM 2010-10-19 10:41:44 ----N---- C:\Windows\system32\MpSigStub.exe 2010-10-18 19:47:56 ----D---- C:\Windows\Branding 2010-10-18 18:38:37 ----HD---- C:\ProgramData ======List of drivers (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)====== R0 iaStor;Intel AHCI Controller; C:\Windows\system32\DRIVERS\iaStor.sys [2007-02-12 277784] R0 PxHelp20;PxHelp20; C:\Windows\System32\Drivers\PxHelp20.sys [2007-02-02 43528] R1 avgio;avgio; \??\C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgio.sys [2009-05-28 11608] R1 avipbb;avipbb; C:\Windows\system32\DRIVERS\avipbb.sys [2009-05-28 75096] R1 eabfiltr;eabfiltr; C:\Windows\system32\DRIVERS\eabfiltr.sys [2006-11-30 8192] R1 ssmdrv;ssmdrv; C:\Windows\system32\DRIVERS\ssmdrv.sys [2007-11-08 21248] R2 rimmptsk;rimmptsk; C:\Windows\system32\DRIVERS\rimmptsk.sys [2007-02-24 39936] R2 rimsptsk;rimsptsk; C:\Windows\system32\DRIVERS\rimsptsk.sys [2007-01-23 42496] R2 rismxdp;Ricoh xD-Picture Card Driver; C:\Windows\system32\DRIVERS\rixdptsk.sys [2007-01-23 37376] R3 ATSWPDRV;AuthenTec TruePrint USB Driver (SwipeSensor); C:\Windows\system32\DRIVERS\ATSwpDrv.sys [2007-03-28 140424] R3 avgntflt;avgntflt; \??\C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgntflt.sys [2009-05-28 52056] R3 BthEnum;Bluetooth-Auflistungsdienst; C:\Windows\system32\DRIVERS\BthEnum.sys [2008-11-17 19456] R3 BthPan;Bluetooth-Gerät (PAN); C:\Windows\system32\DRIVERS\bthpan.sys [2006-11-02 92160] R3 BTHUSB;USB-Treiber für Bluetooth-Funkgerät; C:\Windows\System32\Drivers\BTHUSB.sys [2008-11-17 29184] R3 btwavdt;Bluetooth AVDT Service; C:\Windows\system32\DRIVERS\btwavdt.sys [2007-01-02 80688] R3 GEARAspiWDM;GEAR ASPI Filter Driver; C:\Windows\system32\DRIVERS\GEARAspiWDM.sys [2009-05-18 26600] R3 HBtnKey;HBtnKey; C:\Windows\system32\DRIVERS\cpqbttn.sys [2006-06-28 9472] R3 IntcAzAudAddService;Service for Realtek HD Audio (WDM); C:\Windows\system32\drivers\RTKVHDA.sys [2007-03-12 1747936] R3 NETw4v32;Intel(R) Wireless WiFi Link Adaptertreiber für Windows Vista 32 Bit; C:\Windows\system32\DRIVERS\NETw4v32.sys [2007-03-01 2216448] R3 nvlddmkm;nvlddmkm; C:\Windows\system32\DRIVERS\nvlddmkm.sys [2009-10-03 9905096] R3 RFCOMM;Bluetooth-Gerät (RFCOMM-Protokoll-TDI); C:\Windows\system32\DRIVERS\rfcomm.sys [2006-11-02 49664] R3 RTL8169;Realtek 8169 NT Driver; C:\Windows\system32\DRIVERS\Rtlh86.sys [2007-03-05 76288] R3 sdbus;sdbus; C:\Windows\system32\DRIVERS\sdbus.sys [2008-11-17 82432] R3 smserial;smserial; C:\Windows\system32\DRIVERS\smserial.sys [2006-10-09 981504] R3 SynTP;Synaptics TouchPad Driver; C:\Windows\system32\DRIVERS\SynTP.sys [2007-01-13 181432] R3 usbvideo;USB-Videogerät (WDM); C:\Windows\System32\Drivers\usbvideo.sys [2006-11-02 132352] S0 dwghna;dwghna; C:\Windows\System32\drivers\ensgn.sys [] S3 BCM43XV;Broadcom Extensible 802.11-Netzwerkadaptertreiber; C:\Windows\system32\DRIVERS\bcmwl6.sys [2006-11-02 464384] S3 BTHPORT;Bluetooth-Porttreiber; C:\Windows\System32\Drivers\BTHport.sys [2008-11-17 220160] S3 drmkaud;Microsoft Kernel-DRM-Audioentschlüsselung; C:\Windows\system32\drivers\drmkaud.sys [2006-11-02 5632] S3 E100B;Intel(R) PRO-Adaptertreiber; C:\Windows\system32\DRIVERS\e100b325.sys [2006-11-02 163328] S3 HdAudAddService;Microsoft 1.1 UAA-Funktionstreiber für High Definition Audio-Dienst; C:\Windows\system32\drivers\HdAudio.sys [2006-11-02 235520] S3 HSF_DPV;HSF_DPV; C:\Windows\system32\DRIVERS\VSTDPV3.SYS [2006-11-02 987648] S3 HSFHWAZL;HSFHWAZL; C:\Windows\system32\DRIVERS\VSTAZL3.SYS [2006-11-02 200704] S3 ialm;ialm; C:\Windows\system32\DRIVERS\igdkmd32.sys [2006-10-19 1380864] S3 MSKSSRV;Microsoft Streaming Service Proxy; C:\Windows\system32\drivers\MSKSSRV.sys [2006-11-02 8192] S3 MSPCLOCK;Microsoft Proxy für Streaming Clock; C:\Windows\system32\drivers\MSPCLOCK.sys [2006-11-02 5888] S3 MSPQM;Microsoft Proxy für Streaming Quality Manager; C:\Windows\system32\drivers\MSPQM.sys [2006-11-02 5504] S3 MSTEE;Microsoft Streaming Tee/Sink-to-Sink-Konvertierung; C:\Windows\system32\drivers\MSTEE.sys [2006-11-02 6016] S3 StillCam;Treiber für serielle Digitalkamera; C:\Windows\system32\DRIVERS\serscan.sys [2006-11-02 9216] S3 USBAAPL;Apple Mobile USB Driver; C:\Windows\System32\Drivers\usbaapl.sys [2009-08-28 40448] S3 usbaudio;USB-Audiotreiber (WDM); C:\Windows\system32\drivers\usbaudio.sys [2006-11-02 71552] S3 usbscan;USB-Scannertreiber; C:\Windows\system32\DRIVERS\usbscan.sys [2006-11-02 35328] S3 winachsf;winachsf; C:\Windows\system32\DRIVERS\VSTCNXT3.SYS [2006-11-02 654336] S3 WpdUsb;WpdUsb; C:\Windows\system32\DRIVERS\wpdusb.sys [2006-11-02 39936] S3 WUDFRd;WUDFRd; C:\Windows\system32\DRIVERS\WUDFRd.sys [2006-11-02 82560] ======List of services (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)====== R2 AntiVirScheduler;Avira AntiVir Personal - Free Antivirus Planer; C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe [2008-11-18 68865] R2 AntiVirService;Avira AntiVir Personal - Free Antivirus Guard; C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe [2008-11-18 151297] R2 Apple Mobile Device;Apple Mobile Device; C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe [2009-08-28 144672] R2 BthServ;@%SystemRoot%\System32\bthserv.dll,-101; C:\Windows\system32\svchost.exe [2006-11-02 22016] R2 CLCapSvc;CyberLink Background Capture Service (CBCS); C:\Program Files\HP\QuickPlay\Kernel\TV\CLCapSvc.exe [2007-04-24 262243] R2 CLSched;CyberLink Task Scheduler (CTS); C:\Program Files\HP\QuickPlay\Kernel\TV\CLSched.exe [2007-04-24 106593] R2 HP Health Check Service;HP Health Check Service; C:\Program Files\Hewlett-Packard\HP Health Check\hphc_service.exe [2007-03-14 62984] R2 hpqddsvc;HP CUE DeviceDiscovery Service; C:\Windows\system32\svchost.exe [2006-11-02 22016] R2 hpqwmiex;hpqwmiex; C:\Program Files\Hewlett-Packard\Shared\hpqwmiex.exe [2006-05-02 135168] R2 HPSLPSVC;HP Network Devices Support; C:\Windows\system32\svchost.exe [2006-11-02 22016] R2 IAANTMON;Intel(R) Matrix Storage Event Monitor; C:\Program Files\Intel\Intel Matrix Storage Manager\IAANTMon.exe [2007-02-12 355096] R2 LightScribeService;LightScribeService Direct Disc Labeling Service; C:\Program Files\Common Files\LightScribe\LSSrvc.exe [2006-12-15 61440] R2 Net Driver HPZ12;Net Driver HPZ12; C:\Windows\System32\svchost.exe [2006-11-02 22016] R2 nvsvc;NVIDIA Display Driver Service; C:\Windows\system32\nvvsvc.exe [2009-10-03 219752] R2 Pml Driver HPZ12;Pml Driver HPZ12; C:\Windows\System32\svchost.exe [2006-11-02 22016] R2 SpyHunter 4 Service;SpyHunter 4 Service; C:\PROGRA~1\ENIGMA~1\SPYHUN~1\SH4SER~1.EXE [2010-11-05 327000] R3 hpqcxs08;hpqcxs08; C:\Windows\system32\svchost.exe [2006-11-02 22016] S3 IDriverT;InstallDriver Table Manager; C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe [2004-10-22 73728] S3 iPod Service;iPod-Dienst; C:\Program Files\iPod\bin\iPodService.exe [2009-09-08 545568] S3 Microsoft Office Groove Audit Service;Microsoft Office Groove Audit Service; C:\Program Files\Microsoft Office\Office12\GrooveAuditService.exe [2008-10-25 65888] S3 odserv;Microsoft Office Diagnostics Service; C:\Program Files\Common Files\Microsoft Shared\OFFICE12\ODSERV.EXE [2008-11-04 441712] S3 ose;Office Source Engine; C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE [2006-10-26 145184] S3 RoxMediaDB9;RoxMediaDB9; C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxMediaDB9.exe [2007-02-12 880640] S3 stllssvr;stllssvr; C:\Program Files\Common Files\SureThing Shared\stllssvr.exe [2007-02-17 74656] -----------------EOF----------------- 4. HJTscanlist Code:
ATTFilter
$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$
º º
hjtscanlist v2.0
º º
$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$
Microsoft Windows [Version 6.0.6000]
C:
17.11.2010 23:26 C:\System Volume Information --------- 24576
17.11.2010 22:51 C:\rkill.log --------- 377
C:\hiberfil.sys ---------
C:\pagefile.sys ---------
16.11.2010 22:59 C:\rsit --------- 0
16.11.2010 22:59 C:\Program Files --------- 20480
16.11.2010 21:09 C:\WINDOWS --------- 32768
16.11.2010 20:40 C:\sh4ldr --------- 0
18.10.2010 18:38 C:\ProgramData --------- 8192
07.04.2009 23:02 C:\SAVE --------- 0
07.04.2009 22:38 C:\SIERRA --------- 0
31.03.2009 21:29 C:\Games --------- 0
16.03.2009 20:58 C:\IO.SYS --------- 0
16.03.2009 20:58 C:\MSDOS.SYS --------- 0
15.03.2009 23:15 C:\AILog.txt --------- 0
22.11.2008 18:17 C:\~MSSTFQF.T --------- 0
22.11.2008 18:15 C:\MPS --------- 0
17.11.2008 21:35 C:\MSOCache --------- 0
17.11.2008 21:29 C:\$RECYCLE.BIN --------- 0
17.11.2008 21:29 C:\System.sav --------- 0
17.11.2008 21:29 C:\SwSetup --------- 8192
17.11.2008 21:22 C:\Users --------- 4096
17.11.2008 21:19 C:\Programme --------- 0
17.11.2008 21:19 C:\Dokumente und Einstellungen --------- 0
07.11.2007 07:12 C:\VC_RED.MSI --------- 232960
07.11.2007 07:09 C:\VC_RED.cab --------- 1442522
07.11.2007 07:03 C:\install.res.1041.dll --------- 81424
07.11.2007 07:03 C:\install.res.1040.dll --------- 95248
07.11.2007 07:03 C:\install.res.2052.dll --------- 75792
07.11.2007 07:03 C:\install.res.3082.dll --------- 96272
07.11.2007 07:03 C:\install.res.1036.dll --------- 97296
07.11.2007 07:03 C:\install.res.1033.dll --------- 91152
07.11.2007 07:03 C:\install.res.1031.dll --------- 96272
07.11.2007 07:03 C:\install.res.1028.dll --------- 76304
07.11.2007 07:03 C:\install.exe --------- 562688
07.11.2007 07:03 C:\install.res.1042.dll --------- 79888
07.11.2007 07:00 C:\eula.2052.txt --------- 17734
07.11.2007 07:00 C:\eula.1041.txt --------- 118
07.11.2007 07:00 C:\eula.1040.txt --------- 17734
07.11.2007 07:00 C:\eula.3082.txt --------- 17734
07.11.2007 07:00 C:\eula.1036.txt --------- 17734
07.11.2007 07:00 C:\eula.1033.txt --------- 10134
07.11.2007 07:00 C:\eula.1031.txt --------- 17734
07.11.2007 07:00 C:\eula.1028.txt --------- 17734
07.11.2007 07:00 C:\globdata.ini --------- 1110
07.11.2007 07:00 C:\eula.1042.txt --------- 17734
07.11.2007 07:00 C:\install.ini --------- 843
07.11.2007 07:00 C:\vcredist.bmp --------- 5686
05.06.2007 09:14 C:\boot --------- 4096
04.06.2007 21:49 C:\HP --------- 0
04.06.2007 20:36 C:\Intel --------- 0
30.03.2007 15:35 C:\MCPP --------- 0
01.02.2007 09:24 C:\hpzids01.dll --------- 258048
02.11.2006 10:53 C:\bootmgr --------- 438840
----------------------------------------
C:\Windows
17.11.2010 22:58 C:\Windows\WindowsUpdate.log --------- 45653
17.11.2010 22:47 C:\Windows\bootstat.dat --------- 67584
17.11.2010 19:48 C:\Windows\ntbtlog.txt --------- 318068
15.11.2010 22:22 C:\Windows\bthservsdp.dat --------- 836
29.01.2010 18:44 C:\Windows\hpoins18.dat --------- 146191
29.01.2010 18:43 C:\Windows\win.ini --------- 302
15.08.2009 15:52 C:\Windows\ocsetup_install_NetFx3.etl --------- 43974656
15.08.2009 15:52 C:\Windows\ocsetup_cbs_install_NetFx3.perf --------- 196608
15.08.2009 15:52 C:\Windows\ocsetup_cbs_install_NetFx3.dpx --------- 65536
04.05.2009 18:51 C:\Windows\QIII.INI --------- 525
07.04.2009 22:38 C:\Windows\SIERRA.INI --------- 342
07.04.2009 22:28 C:\Windows\wininit.ini --------- 126
15.12.2008 11:11 C:\Windows\WindowsShell.Manifest --------- 749
09.12.2008 21:33 C:\Windows\PDFCreator_Toolbar_Uninstaller_9730.exe --------- 253116
03.12.2008 10:55 C:\Windows\CDE DX4400DEFGIPS.ini --------- 25
25.11.2008 20:35 C:\Windows\UninstVeetleTVPlayer.exe --------- 48396
22.11.2008 18:16 C:\Windows\civ.ini --------- 117
29.10.2008 07:20 C:\Windows\explorer.exe --------- 2923520
04.06.2007 21:30 C:\Windows\DIFxAPI.dll --------- 319456
04.06.2007 21:30 C:\Windows\HideWin.exe --------- 315392
04.06.2007 21:24 C:\Windows\hpqins13.dat --------- 111045
04.06.2007 21:10 C:\Windows\CSUP.txt --------- 12
09.03.2007 18:50 C:\Windows\RtHDVCpl.exe --------- 4390912
01.03.2007 01:05 C:\Windows\hpomdl18.dat --------- 6600
08.02.2007 02:57 C:\Windows\WMPrfDeu.prx --------- 33820
16.01.2007 11:39 C:\Windows\RtlUpd.exe --------- 1191936
12.01.2007 17:54 C:\Windows\RtlExUpd.dll --------- 520192
02.01.2007 17:27 C:\Windows\Twunk_16.dll --------- 12288
02.01.2007 17:27 C:\Windows\Twunk_32.dll --------- 12288
02.11.2006 13:35 C:\Windows\WMSysPr9.prx --------- 316640
02.11.2006 13:34 C:\Windows\twunk_16.exe --------- 49680
02.11.2006 13:34 C:\Windows\twunk_32.exe --------- 31232
02.11.2006 13:34 C:\Windows\twain_32.dll --------- 50688
02.11.2006 13:34 C:\Windows\twain.dll --------- 94784
02.11.2006 13:34 C:\Windows\notepad.exe --------- 151040
02.11.2006 10:45 C:\Windows\winhlp32.exe --------- 9216
02.11.2006 10:45 C:\Windows\regedit.exe --------- 134656
02.11.2006 10:45 C:\Windows\HelpPane.exe --------- 497152
02.11.2006 10:45 C:\Windows\hh.exe --------- 14848
02.11.2006 10:45 C:\Windows\fveupdate.exe --------- 13312
02.11.2006 10:44 C:\Windows\bfsvc.exe --------- 50176
02.11.2006 08:46 C:\Windows\mib.bin --------- 43131
19.09.2006 12:41 C:\Windows\HomePremium.xml --------- 8328
18.09.2006 22:46 C:\Windows\system.ini --------- 219
18.09.2006 22:43 C:\Windows\_default.pif --------- 707
18.09.2006 22:43 C:\Windows\winhelp.exe --------- 256192
18.09.2006 22:30 C:\Windows\msdfmap.ini --------- 1405
29.10.1998 15:45 C:\Windows\IsUninst.exe --------- 306688
21.10.1998 17:43 C:\Windows\IsUn0407.exe --------- 328704
----------------------------------------
C:\Windows\System
17.11.2008 21:26 C:\Windows\System\hpsysdrv.dat --------- 44
02.11.2006 13:34 C:\Windows\System\mciwave.drv --------- 28160
02.11.2006 13:34 C:\Windows\System\mciseq.drv --------- 25264
02.11.2006 13:34 C:\Windows\System\avifile.dll --------- 109456
02.11.2006 13:34 C:\Windows\System\avicap.dll --------- 69584
02.11.2006 13:34 C:\Windows\System\mciavi.drv --------- 73376
02.11.2006 13:34 C:\Windows\System\msvideo.dll --------- 126912
02.11.2006 08:10 C:\Windows\System\OLESVR.DLL --------- 24064
02.11.2006 08:10 C:\Windows\System\WFWNET.DRV --------- 12704
02.11.2006 08:10 C:\Windows\System\COMMDLG.DLL --------- 32816
02.11.2006 08:10 C:\Windows\System\TIMER.DRV --------- 4048
02.11.2006 08:10 C:\Windows\System\MMSYSTEM.DLL --------- 68992
02.11.2006 08:10 C:\Windows\System\mmtask.tsk --------- 1152
02.11.2006 08:10 C:\Windows\System\mouse.drv --------- 2032
02.11.2006 08:10 C:\Windows\System\vga.drv --------- 2176
02.11.2006 08:10 C:\Windows\System\sound.drv --------- 1744
02.11.2006 08:10 C:\Windows\System\keyboard.drv --------- 2000
02.11.2006 08:10 C:\Windows\System\SHELL.DLL --------- 5120
02.11.2006 08:10 C:\Windows\System\system.drv --------- 3360
18.09.2006 22:43 C:\Windows\System\ver.dll --------- 9008
18.09.2006 22:43 C:\Windows\System\olecli.dll --------- 82944
18.09.2006 22:43 C:\Windows\System\lzexpand.dll --------- 9936
18.09.2006 22:35 C:\Windows\System\stdole.tlb --------- 5532
09.11.1995 00:00 C:\Windows\System\IR41.DLL --------- 774960
20.10.1995 00:00 C:\Windows\System\IR32.DLL --------- 151744
22.03.1995 00:00 C:\Windows\System\IYVU9.DLL --------- 50096
21.09.1994 00:00 C:\Windows\System\WINGPAL.WND --------- 5024
21.09.1994 00:00 C:\Windows\System\WING.DLL --------- 92208
21.09.1994 00:00 C:\Windows\System\WINGDIB.DRV --------- 6736
02.09.1994 00:00 C:\Windows\System\IMAADPCM.ACM --------- 17936
02.09.1994 00:00 C:\Windows\System\ICCVID.DRV --------- 65408
02.09.1994 00:00 C:\Windows\System\DVA.386 --------- 5195
24.08.1994 00:00 C:\Windows\System\WINGDE.DLL --------- 188960
19.11.1993 00:00 C:\Windows\System\MSADPCM.ACM --------- 15104
19.11.1993 00:00 C:\Windows\System\MSACM.DLL --------- 49616
19.11.1993 00:00 C:\Windows\System\MSRLE.DRV --------- 11776
19.11.1993 00:00 C:\Windows\System\ACMCMPRS.DLL --------- 12800
19.11.1993 00:00 C:\Windows\System\MSVIDC.DRV --------- 43520
19.11.1993 00:00 C:\Windows\System\CTL3D.DLL --------- 14208
19.11.1993 00:00 C:\Windows\System\MSACM.DRV --------- 22816
19.11.1993 00:00 C:\Windows\System\MAP_WIN.HLP --------- 16548
19.11.1993 00:00 C:\Windows\System\DISPDIB.DLL --------- 7168
----------------------------------------
C:\Windows\System32
17.11.2010 22:55 C:\Windows\system32\perfh009.dat --------- 610142
17.11.2010 22:55 C:\Windows\system32\perfh007.dat --------- 641344
17.11.2010 22:55 C:\Windows\system32\perfc009.dat --------- 103924
17.11.2010 22:55 C:\Windows\system32\perfc007.dat --------- 116706
17.11.2010 22:55 C:\Windows\system32\PerfStringBackup.INI --------- 1461736
17.11.2010 22:48 C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0 --------- 3072
17.11.2010 22:48 C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0 --------- 3072
17.11.2010 22:43 C:\Windows\system32\drivers --------- 65536
10.11.2010 19:45 C:\Windows\system32\mrt.exe --------- 35758536
06.11.2010 10:27 C:\Windows\system32\catroot2 --------- 8192
19.10.2010 10:41 C:\Windows\system32\MpSigStub.exe --------- 222080
12.08.2010 05:07 C:\Windows\system32\pxinsa64.exe --------- 68592
12.08.2010 05:07 C:\Windows\system32\pxhpinst.exe --------- 72176
12.08.2010 05:07 C:\Windows\system32\PxSFS.DLL --------- 2120176
12.08.2010 05:07 C:\Windows\system32\PxWave.dll --------- 440816
12.08.2010 05:07 C:\Windows\system32\pxcpya64.exe --------- 68080
12.08.2010 05:07 C:\Windows\system32\PxAFS.DLL --------- 133616
12.08.2010 05:07 C:\Windows\system32\VXBLOCK.dll --------- 100848
12.08.2010 05:07 C:\Windows\system32\Px.dll --------- 698864
12.08.2010 05:07 C:\Windows\system32\PxMas.dll --------- 219632
12.08.2010 05:07 C:\Windows\system32\pxdrv.dll --------- 567792
29.07.2010 16:50 C:\Windows\system32\javaws.exe --------- 153376
29.07.2010 16:50 C:\Windows\system32\javaw.exe --------- 145184
29.07.2010 16:50 C:\Windows\system32\java.exe --------- 145184
29.07.2010 16:50 C:\Windows\system32\deployJava1.dll --------- 423656
18.07.2010 21:50 C:\Windows\system32\catroot --------- 4096
05.07.2010 19:25 C:\Windows\system32\Tasks --------- 4096
26.06.2010 11:23 C:\Windows\system32\config --------- 12288
26.06.2010 11:23 C:\Windows\system32\spool --------- 4096
26.06.2010 11:23 C:\Windows\system32\wbem --------- 73728
26.06.2010 11:18 C:\Windows\system32\LogFiles --------- 0
26.04.2010 23:04 C:\Windows\system32\DivXControlPanelApplet.cpl --------- 353592
15.04.2010 08:51 C:\Windows\system32\migration --------- 0
13.03.2010 18:34 C:\Windows\system32\WDI --------- 4096
09.03.2010 17:54 C:\Windows\system32\wininet.dll --------- 832512
09.03.2010 17:54 C:\Windows\system32\urlmon.dll --------- 1168384
09.03.2010 17:54 C:\Windows\system32\pngfilt.dll --------- 44544
09.03.2010 17:53 C:\Windows\system32\occache.dll --------- 102912
09.03.2010 17:52 C:\Windows\system32\mstime.dll --------- 671232
09.03.2010 17:52 C:\Windows\system32\mshtmled.dll --------- 477696
09.03.2010 17:52 C:\Windows\system32\mshtml.dll --------- 3599872
09.03.2010 17:52 C:\Windows\system32\msfeeds.dll --------- 459264
09.03.2010 17:51 C:\Windows\system32\jsproxy.dll --------- 27648
09.03.2010 17:50 C:\Windows\system32\inetcpl.cpl --------- 1830912
09.03.2010 17:50 C:\Windows\system32\ieui.dll --------- 180736
09.03.2010 17:50 C:\Windows\system32\iesetup.dll --------- 56320
09.03.2010 17:50 C:\Windows\system32\iertutil.dll --------- 268288
09.03.2010 17:50 C:\Windows\system32\iernonce.dll --------- 44544
09.03.2010 17:50 C:\Windows\system32\iepeers.dll --------- 192512
09.03.2010 17:50 C:\Windows\system32\ieframe.dll --------- 6067200
09.03.2010 17:50 C:\Windows\system32\ieencode.dll --------- 78336
09.03.2010 17:50 C:\Windows\system32\iedkcs32.dll --------- 385024
09.03.2010 17:50 C:\Windows\system32\ieapfltr.dll --------- 380928
09.03.2010 17:50 C:\Windows\system32\ieakui.dll --------- 161792
09.03.2010 17:50 C:\Windows\system32\ieaksie.dll --------- 230400
09.03.2010 17:50 C:\Windows\system32\icardie.dll --------- 63488
09.03.2010 17:49 C:\Windows\system32\dxtrans.dll --------- 214528
09.03.2010 17:49 C:\Windows\system32\dxtmsft.dll --------- 347136
09.03.2010 17:48 C:\Windows\system32\advpack.dll --------- 124928
09.03.2010 17:48 C:\Windows\system32\admparse.dll --------- 72704
09.03.2010 15:50 C:\Windows\system32\html.iec --------- 389120
09.03.2010 15:17 C:\Windows\system32\ieUnatt.exe --------- 26624
09.03.2010 15:17 C:\Windows\system32\ie4uinit.exe --------- 70656
09.03.2010 13:43 C:\Windows\system32\mshtmler.dll --------- 48128
09.03.2010 13:37 C:\Windows\system32\mshtml.tlb --------- 1383424
04.03.2010 20:24 C:\Windows\system32\vbscript.dll --------- 434176
25.02.2010 11:14 C:\Windows\system32\FNTCACHE.DAT --------- 430784
25.02.2010 11:13 C:\Windows\system32\de-DE --------- 524288
21.02.2010 00:54 C:\Windows\system32\nshhttp.dll --------- 24064
21.02.2010 00:51 C:\Windows\system32\httpapi.dll --------- 31232
19.02.2010 20:27 C:\Windows\system32\DivX.dll --------- 720384
19.02.2010 20:27 C:\Windows\system32\divx_xx16.dll --------- 843776
19.02.2010 20:27 C:\Windows\system32\divx_xx11.dll --------- 839680
19.02.2010 20:27 C:\Windows\system32\divx_xx0c.dll --------- 856064
19.02.2010 20:27 C:\Windows\system32\divx_xx0a.dll --------- 847872
19.02.2010 20:27 C:\Windows\system32\divx_xx07.dll --------- 856064
18.02.2010 15:54 C:\Windows\system32\ntkrnlpa.exe --------- 3502480
18.02.2010 15:54 C:\Windows\system32\ntoskrnl.exe --------- 3468168
18.02.2010 15:22 C:\Windows\system32\tcpipcfg.dll --------- 167424
18.02.2010 15:19 C:\Windows\system32\iphlpsvc.dll --------- 179712
18.02.2010 13:04 C:\Windows\system32\netiougc.exe --------- 22016
12.02.2010 11:49 C:\Windows\system32\browserchoice.exe --------- 293376
05.02.2010 20:16 C:\Windows\system32\dpl100.dll --------- 94208
25.01.2010 13:58 C:\Windows\system32\secproc_ssp_isv.dll --------- 154624
25.01.2010 13:58 C:\Windows\system32\secproc_ssp.dll --------- 154112
25.01.2010 13:58 C:\Windows\system32\secproc_isv.dll --------- 473088
25.01.2010 13:58 C:\Windows\system32\secproc.dll --------- 472576
25.01.2010 13:56 C:\Windows\system32\msdrm.dll --------- 312320
25.01.2010 09:36 C:\Windows\system32\RMActivate_ssp.exe --------- 435712
25.01.2010 09:36 C:\Windows\system32\RMActivate.exe --------- 515584
25.01.2010 09:36 C:\Windows\system32\RMActivate_ssp_isv.exe --------- 431104
25.01.2010 09:35 C:\Windows\system32\RMActivate_isv.exe --------- 523776
23.01.2010 09:05 C:\Windows\system32\tzres.dll --------- 2048
21.01.2010 17:02 C:\Windows\system32\l3codecp.acm --------- 220672
21.01.2010 17:02 C:\Windows\system32\l3codeca.acm --------- 62464
13.01.2010 19:23 C:\Windows\system32\cabview.dll --------- 97792
28.12.2009 13:36 C:\Windows\system32\tsbyuv.dll --------- 11776
28.12.2009 13:35 C:\Windows\system32\quartz.dll --------- 1327616
28.12.2009 13:34 C:\Windows\system32\msyuv.dll --------- 22528
28.12.2009 13:34 C:\Windows\system32\msvidc32.dll --------- 31232
----------------------------------------
C:\Windows\Prefetch
----------------------------------------
C:\Windows\Tasks
17.11.2010 22:48 C:\Windows\Tasks\SA.DAT --------- 6
15.11.2010 22:23 C:\Windows\Tasks\SCHEDLGU.TXT --------- 32614
----------------------------------------
C:\Windows\Temp
17.11.2010 23:06 C:\Windows\Temp\lpksetup-20101117-230604-0.log --------- 632
17.11.2010 23:06 C:\Windows\Temp\lpksetup-20101117-230306-0.log --------- 30362
17.11.2010 22:58 C:\Windows\Temp\MpSigStub.log --------- 3206
17.11.2010 22:49 C:\Windows\Temp\hpqddsvc.log --------- 8135
17.11.2010 22:49 C:\Windows\Temp\HPSLPS004.log --------- 1601
17.11.2010 19:35 C:\Windows\Temp\HPSLPS003.log --------- 3315
16.11.2010 21:07 C:\Windows\Temp\HPSLPS002.log --------- 2134
16.11.2010 20:29 C:\Windows\Temp\TMP0000000C4D728C8E553D3809 --------- 524288
16.11.2010 20:29 C:\Windows\Temp\HPSLPS001.log --------- 1601
16.11.2010 20:17 C:\Windows\Temp\TMP0000000A9031A48B10B4AAE5 --------- 524288
16.11.2010 20:17 C:\Windows\Temp\iExDEE9.tmp --------- 364032
16.11.2010 20:16 C:\Windows\Temp\TMP00000006676CA5496F4AADF1 --------- 524288
16.11.2010 20:15 C:\Windows\Temp\HPSLPS000.log --------- 2134
15.11.2010 23:08 C:\Windows\Temp\TMP000000458158D7815F53C437 --------- 524288
15.11.2010 23:04 C:\Windows\Temp\HPSLPS475.log --------- 1601
15.11.2010 22:51 C:\Windows\Temp\TMP00000003B46023B5DDE884D0 --------- 524288
15.11.2010 22:51 C:\Windows\Temp\TMP000000016FEE3FCA37E08B30 --------- 524288
15.11.2010 22:50 C:\Windows\Temp\HPSLPS474.log --------- 1601
15.11.2010 22:25 C:\Windows\Temp\HPSLPS473.log --------- 890
15.11.2010 19:25 C:\Windows\Temp\lpksetup-20101115-192510-0.log --------- 632
15.11.2010 19:25 C:\Windows\Temp\lpksetup-20101115-192444-0.log --------- 30362
15.11.2010 19:10 C:\Windows\Temp\HPSLPS472.log --------- 2134
----------------------------------------
C:\Users\***\AppData\Local\Temp
17.11.2010 23:09 C:\Users\***\AppData\Local\Temp\~DFCEDD.tmp --------- 512
17.11.2010 23:09 C:\Users\***\AppData\Local\Temp\1291376.od --------- 134
17.11.2010 23:09 C:\Users\***\AppData\Local\Temp\CVRB431.tmp.cvr --------- 0
17.11.2010 22:51 C:\Users\***\AppData\Local\Temp\WPDNSE --------- 0
17.11.2010 22:51 C:\Users\***\AppData\Local\Temp\3D4D.tmp --------- 4096
17.11.2010 22:50 C:\Users\***\AppData\Local\Temp\C6D7.tmp --------- 4096
17.11.2010 22:50 C:\Users\***\AppData\Local\Temp\3957.tmp --------- 4096
17.11.2010 22:49 C:\Users\***\AppData\Local\Temp\AEE4.tmp --------- 4096
17.11.2010 21:45 C:\Users\***\AppData\Local\Temp\msohtmlclip1 --------- 0
17.11.2010 21:43 C:\Users\***\AppData\Local\Temp\WordCitaviTrace.txt --------- 179
17.11.2010 19:46 C:\Users\***\AppData\Local\Temp\30C.tmp --------- 4096
17.11.2010 19:45 C:\Users\***\AppData\Local\Temp\A939.tmp --------- 4096
17.11.2010 19:45 C:\Users\***\AppData\Local\Temp\16F9.tmp --------- 4096
17.11.2010 19:44 C:\Users\***\AppData\Local\Temp\CDF8.tmp --------- 4096
17.11.2010 19:44 C:\Users\***\AppData\Local\Temp\B6D0.tmp --------- 0
17.11.2010 19:44 C:\Users\***\AppData\Local\Temp\925F.tmp --------- 4096
17.11.2010 19:44 C:\Users\***\AppData\Local\Temp\844B.tmp --------- 4096
17.11.2010 19:44 C:\Users\***\AppData\Local\Temp\7619.tmp --------- 4096
17.11.2010 19:44 C:\Users\***\AppData\Local\Temp\5BD5.tmp --------- 4096
17.11.2010 19:44 C:\Users\***\AppData\Local\Temp\1B4D.tmp --------- 4096
17.11.2010 19:44 C:\Users\***\AppData\Local\Temp\8F5.tmp --------- 4096
17.11.2010 19:43 C:\Users\***\AppData\Local\Temp\CB2A.tmp --------- 4096
17.11.2010 19:43 C:\Users\***\AppData\Local\Temp\B9BD.tmp --------- 4096
17.11.2010 19:43 C:\Users\***\AppData\Local\Temp\5BB6.tmp --------- 4096
17.11.2010 19:43 C:\Users\***\AppData\Local\Temp\2D27.tmp --------- 4096
17.11.2010 19:42 C:\Users\***\AppData\Local\Temp\~DF7034.tmp --------- 16384
17.11.2010 19:42 C:\Users\***\AppData\Local\Temp\A6BA.tmp --------- 4096
17.11.2010 19:42 C:\Users\***\AppData\Local\Temp\83EE.tmp --------- 4096
17.11.2010 19:42 C:\Users\***\AppData\Local\Temp\7251.tmp --------- 4096
17.11.2010 19:42 C:\Users\***\AppData\Local\Temp\669E.tmp --------- 4096
17.11.2010 19:42 C:\Users\***\AppData\Local\Temp\4E9C.tmp --------- 4096
17.11.2010 19:41 C:\Users\***\AppData\Local\Temp\FC8.tmp --------- 4096
17.11.2010 19:40 C:\Users\***\AppData\Local\Temp\C2A2.tmp --------- 4096
16.11.2010 23:51 C:\Users\***\AppData\Local\Temp\msohtmlclip --------- 0
16.11.2010 22:56 C:\Users\***\AppData\Local\Temp\VBE --------- 0
16.11.2010 21:26 C:\Users\***\AppData\Local\Temp\~DF5FF0.tmp --------- 65536
16.11.2010 20:40 C:\Users\***\AppData\Local\Temp\***.bmp --------- 31832
16.11.2010 20:39 C:\Users\***\AppData\Local\Temp\SHSetup.exe --------- 18942808
16.11.2010 20:34 C:\Users\***\AppData\Local\Temp\365B.tmp --------- 4096
16.11.2010 20:30 C:\Users\***\AppData\Local\Temp\~DF65BA.tmp --------- 65536
16.11.2010 20:30 C:\Users\***\AppData\Local\Temp\div9E31.tmp --------- 0
16.11.2010 20:30 C:\Users\***\AppData\Local\Temp\hpqddusr.log --------- 311
16.11.2010 20:30 C:\Users\***\AppData\Local\Temp\MAR2607.tmp --------- 1285
16.11.2010 20:29 C:\Users\***\AppData\Local\Temp\MARF160.tmp --------- 1342
16.11.2010 20:19 C:\Users\***\AppData\Local\Temp\DA18.tmp --------- 4096
16.11.2010 20:17 C:\Users\***\AppData\Local\Temp\~DF35AC.tmp --------- 65536
16.11.2010 20:17 C:\Users\***\AppData\Local\Temp\MARF584.tmp --------- 1342
16.11.2010 20:17 C:\Users\***\AppData\Local\Temp\div9896.tmp --------- 0
16.11.2010 08:05 C:\Users\***\AppData\Local\Temp\Low --------- 0
15.11.2010 23:10 C:\Users\***\AppData\Local\Temp\B3D3.tmp --------- 4096
15.11.2010 23:06 C:\Users\***\AppData\Local\Temp\~DFE3C8.tmp --------- 65536
15.11.2010 23:06 C:\Users\***\AppData\Local\Temp\MAR10B3.tmp --------- 1285
15.11.2010 23:06 C:\Users\***\AppData\Local\Temp\MARF5B.tmp --------- 1342
15.11.2010 23:06 C:\Users\***\AppData\Local\Temp\div4614.tmp --------- 0
15.11.2010 22:59 C:\Users\***\AppData\Local\Temp\5FEA.tmp --------- 4096
15.11.2010 22:55 C:\Users\***\AppData\Local\Temp\C8F9.tmp --------- 4096
15.11.2010 22:52 C:\Users\***\AppData\Local\Temp\div9EDD.tmp --------- 0
15.11.2010 22:52 C:\Users\***\AppData\Local\Temp\MARAD9D.tmp --------- 1285
15.11.2010 22:52 C:\Users\***\AppData\Local\Temp\MARAB6B.tmp --------- 1342
15.11.2010 22:51 C:\Users\***\AppData\Local\Temp\~DFE586.tmp --------- 65536
15.11.2010 22:32 C:\Users\***\AppData\Local\Temp\B460.tmp --------- 4096
15.11.2010 22:17 C:\Users\***\AppData\Local\Temp\AcrBF10.tmp --------- 358
15.11.2010 21:01 C:\Users\***\AppData\Local\Temp\comtypes_cache --------- 0
15.11.2010 19:11 C:\Users\***\AppData\Local\Temp\MARB9CD.tmp --------- 1285
15.11.2010 19:11 C:\Users\***\AppData\Local\Temp\MARB8C4.tmp --------- 1342
15.11.2010 19:11 C:\Users\***\AppData\Local\Temp\div8120.tmp --------- 0
15.11.2010 19:10 C:\Users\***\AppData\Local\Temp\~DFD238.tmp --------- 65536
----------------------------------------
C:\Program Files
17.11.2010 23:19 C:\Program Files\trend micro --------- 4096
16.11.2010 20:40 C:\Program Files\Enigma Software Group --------- 0
16.11.2010 08:03 C:\Program Files\CCleaner --------- 0
04.11.2010 07:52 C:\Program Files\Mozilla Firefox --------- 32768
18.10.2010 18:38 C:\Program Files\Malwarebytes' Anti-Malware --------- 4096
17.10.2010 22:03 C:\Program Files\Common Files --------- 4096
17.10.2010 20:49 C:\Program Files\TrackMania United --------- 0
20.09.2010 19:45 C:\Program Files\AC3Filter --------- 4096
20.09.2010 17:59 C:\Program Files\DivX --------- 8192
09.09.2010 19:24 C:\Program Files\concept design --------- 0
03.08.2010 10:06 C:\Program Files\VSO --------- 0
03.08.2010 10:01 C:\Program Files\MonkeyJam --------- 4096
29.07.2010 16:54 C:\Program Files\Java --------- 0
28.07.2010 20:54 C:\Program Files\YouTube Downloader --------- 4096
14.07.2010 14:56 C:\Program Files\Citavi --------- 4096
05.07.2010 19:25 C:\Program Files\Skype --------- 0
29.04.2010 16:52 C:\Program Files\Winamp --------- 4096
29.04.2010 16:52 C:\Program Files\Winamp Detect --------- 0
15.04.2010 08:51 C:\Program Files\Windows Mail --------- 4096
01.04.2010 12:07 C:\Program Files\Internet Explorer --------- 4096
30.03.2010 16:19 C:\Program Files\Streamripper --------- 4096
12.03.2010 13:10 C:\Program Files\Movie Maker --------- 8192
10.02.2010 20:05 C:\Program Files\uTorrent --------- 0
29.01.2010 18:42 C:\Program Files\HP --------- 4096
27.01.2010 14:59 C:\Program Files\PDF Blender --------- 0
08.01.2010 14:04 C:\Program Files\pdf24 --------- 4096
01.12.2009 22:15 C:\Program Files\Hewlett-Packard --------- 4096
21.11.2009 13:52 C:\Program Files\Lame for Audacity --------- 0
21.11.2009 13:51 C:\Program Files\Audacity 1.3 Beta (Unicode) --------- 4096
29.10.2009 09:38 C:\Program Files\Windows Media Player --------- 4096
28.10.2009 17:28 C:\Program Files\Microsoft Works --------- 28672
13.10.2009 14:58 C:\Program Files\InstallJammer Registry --------- 0
18.09.2009 16:29 C:\Program Files\iPhone-Konfigurationsprogramm --------- 0
18.09.2009 16:27 C:\Program Files\iTunes --------- 4096
18.09.2009 16:26 C:\Program Files\iPod --------- 0
18.09.2009 16:24 C:\Program Files\QuickTime --------- 4096
03.08.2009 14:15 C:\Program Files\Full Tilt Poker --------- 8192
04.05.2009 19:17 C:\Program Files\InstallShield Installation Information --------- 4096
07.04.2009 22:33 C:\Program Files\Sierra On-Line --------- 4096
10.03.2009 19:41 C:\Program Files\Microsoft Games --------- 4096
15.12.2008 11:11 C:\Program Files\desktop.ini --------- 174
09.12.2008 21:33 C:\Program Files\PDFCreator --------- 4096
09.12.2008 21:33 C:\Program Files\PDFCreator Toolbar --------- 0
08.12.2008 23:02 C:\Program Files\Apple Software Update --------- 4096
03.12.2008 10:57 C:\Program Files\epson --------- 0
30.11.2008 18:34 C:\Program Files\SopCast --------- 4096
27.11.2008 10:27 C:\Program Files\IrfanView --------- 4096
25.11.2008 18:35 C:\Program Files\Microsoft CAPICOM 2.1.0.2 --------- 0
18.11.2008 22:17 C:\Program Files\Avira --------- 0
18.11.2008 00:58 C:\Program Files\Google --------- 0
17.11.2008 23:37 C:\Program Files\Windows Calendar --------- 0
17.11.2008 23:37 C:\Program Files\Windows Defender --------- 4096
17.11.2008 23:37 C:\Program Files\Windows Sidebar --------- 4096
17.11.2008 22:51 C:\Program Files\MSXML 4.0 --------- 0
17.11.2008 21:58 C:\Program Files\VideoLAN --------- 0
17.11.2008 21:57 C:\Program Files\CDex_150 --------- 4096
17.11.2008 21:42 C:\Program Files\WinRAR --------- 4096
17.11.2008 21:39 C:\Program Files\MSBuild --------- 0
17.11.2008 21:39 C:\Program Files\Microsoft Office --------- 4096
17.11.2008 21:39 C:\Program Files\Microsoft Visual Studio --------- 0
17.11.2008 21:38 C:\Program Files\Microsoft.NET --------- 0
17.11.2008 21:37 C:\Program Files\Microsoft Visual Studio 8 --------- 0
17.11.2008 21:27 C:\Program Files\Fingerprint Sensor --------- 0
17.11.2008 21:19 C:\Program Files\Windows NT --------- 4096
17.11.2008 21:19 C:\Program Files\Gemeinsame Dateien --------- 0
04.06.2007 21:32 C:\Program Files\HPQ --------- 0
04.06.2007 21:30 C:\Program Files\Realtek --------- 0
04.06.2007 21:26 C:\Program Files\Online-Dienste --------- 4096
04.06.2007 21:24 C:\Program Files\Adobe --------- 0
04.06.2007 20:57 C:\Program Files\Roxio --------- 0
04.06.2007 20:36 C:\Program Files\Intel --------- 0
04.06.2007 20:20 C:\Program Files\Synaptics --------- 0
04.06.2007 20:13 C:\Program Files\Motorola --------- 0
02.11.2006 14:01 C:\Program Files\Uninstall Information --------- 0
02.11.2006 13:42 C:\Program Files\Windows Collaboration --------- 4096
02.11.2006 13:42 C:\Program Files\Windows Photo Gallery --------- 4096
02.11.2006 13:42 C:\Program Files\Windows Journal --------- 4096
02.11.2006 13:37 C:\Program Files\MSN --------- 0
02.11.2006 13:37 C:\Program Files\Reference Assemblies --------- 0
----------------------------------------
C:\ProgramData\..
***
desktop.ini
All Users
Default User
Default
Public
----------------------------------------
C:\Windows\system32\drivers\etc\hosts
127.0.0.1 localhost
----------------------------------------
Abbildname PID Sitzungsname Sitz.-Nr. Speichernutzung
========================= ======== ================ =========== ===============
System Idle Process 0 Services 0 28 K
System 4 Services 0 25'420 K
smss.exe 452 Services 0 564 K
csrss.exe 592 Services 0 4'840 K
wininit.exe 640 Services 0 2'984 K
csrss.exe 652 Console 1 12'328 K
services.exe 684 Services 0 4'692 K
lsass.exe 696 Services 0 2'212 K
lsm.exe 704 Services 0 3'224 K
winlogon.exe 804 Console 1 4'464 K
svchost.exe 900 Services 0 5'564 K
SH4SER~1.EXE 940 Services 0 2'488 K
nvvsvc.exe 952 Services 0 2'964 K
svchost.exe 980 Services 0 5'824 K
svchost.exe 1012 Services 0 41'068 K
svchost.exe 1096 Services 0 10'596 K
svchost.exe 1132 Services 0 67'336 K
svchost.exe 1192 Services 0 63'408 K
audiodg.exe 1276 Services 0 17'396 K
svchost.exe 1292 Services 0 3'844 K
SLsvc.exe 1308 Services 0 9'152 K
nvvsvc.exe 1368 Console 1 4'912 K
svchost.exe 1384 Services 0 10'880 K
svchost.exe 1496 Services 0 17'516 K
spoolsv.exe 1756 Services 0 8'280 K
sched.exe 1788 Services 0 1'244 K
svchost.exe 1800 Services 0 9'876 K
dwm.exe 2004 Console 1 78'944 K
taskeng.exe 676 Console 1 9'288 K
avguard.exe 760 Services 0 18'900 K
AppleMobileDeviceService. 844 Services 0 2'936 K
svchost.exe 1964 Services 0 3'192 K
CLCapSvc.exe 1808 Services 0 7'204 K
svchost.exe 1720 Services 0 5'996 K
IAANTmon.exe 1856 Services 0 4'496 K
LSSrvc.exe 2060 Services 0 2'936 K
svchost.exe 2080 Services 0 2'384 K
svchost.exe 2124 Services 0 2'368 K
svchost.exe 2136 Services 0 3'688 K
svchost.exe 2192 Services 0 4'896 K
svchost.exe 2224 Services 0 2'004 K
SearchIndexer.exe 2256 Services 0 34'352 K
hpqwmiex.exe 2344 Services 0 3'728 K
CLSched.exe 2712 Services 0 4'524 K
svchost.exe 2940 Services 0 4'560 K
taskeng.exe 2968 Services 0 4'500 K
conime.exe 3724 Console 1 3'056 K
HPHC_Service.exe 4032 Services 0 10'664 K
explorer.exe 3012 Console 1 71'148 K
wuauclt.exe 3540 Console 1 5'216 K
WINWORD.EXE 3712 Console 1 89'812 K
firefox.exe 3324 Console 1 84'728 K
SearchProtocolHost.exe 2736 Services 0 8'508 K
SearchFilterHost.exe 2244 Services 0 4'488 K
cmd.exe 3340 Console 1 2'896 K
dllhost.exe 3028 Console 1 4'068 K
tasklist.exe 2472 Console 1 4'516 K
WmiPrvSE.exe 3956 Services 0 5'628 K
***** Ende des Scans 17.11.2010 um 23:27:11.43 ***
Code:
ATTFilter AC3Filter 1.62b Alexander Vigovsky 19.09.2010 1.67MB 1.62b
Adobe Flash Player 10 ActiveX Adobe Systems Incorporated 24.02.2009 10.0.22.87
Adobe Flash Player 10 Plugin Adobe Systems Incorporated 26.06.2010 10.1.53.64
Adobe Flash Player 9 ActiveX Adobe Systems Incorporated 17.11.2008 9
Adobe Reader 8 - Deutsch Adobe Systems Incorporated 03.06.2007 90.9MB 8.0.0
Apple Application Support Apple Inc. 17.09.2009 32.2MB 1.0
Apple Mobile Device Support Apple Inc. 17.09.2009 40.3MB 2.6.0.32
Apple Software Update Apple Inc. 07.12.2008 2.16MB 2.1.1.116
Audacity 1.3.9 (Unicode) Audacity Team 20.11.2009 30.8MB
Avira AntiVir Personal - Free Antivirus Avira GmbH 17.11.2008 53.1MB
CCleaner Piriform 15.11.2010 3.13MB 3.00
CDex extraction audio 16.11.2008 3.02MB
Citavi 2.5 Academic Software Zurich 13.07.2010 59.3MB 2.5.2.0
DivX Converter DivX, Inc. 18.09.2010 45.3MB 7.1.0
DivX Plus DirectShow Filters DivX, Inc. 18.09.2010 1.58MB
DivX-Setup DivX, Inc. 18.09.2010 2.27MB 2.0.4.2
Dropbox 14.11.2010 24.0MB 0.7.110
EPSON Scan 02.12.2008 12.1MB
EPSON-Drucker-Software SEIKO EPSON Corporation 02.12.2008
ESU for Microsoft Vista Hewlett-Packard 03.06.2007 3.39MB 2.0.3.1
Full Tilt Poker Full Tilt Poker 02.04.2009 22.1MB 4.17.11.WIN.FullTilt.Real
HP Customer Experience Enhancements Hewlett-Packard 03.06.2007 0.98MB 5.1.0.2278
HP Customer Participation Program 8.0 HP 28.01.2010 352MB 8.0
HP Easy Setup - Frontend Hewlett-Packard 03.06.2007 1.94MB 5.1.0.2279
HP Help and Support Hewlett-Packard 03.06.2007 50.5MB 1.1.0
HP Imaging Device Functions 8.0 HP 28.01.2010 1.54MB 8.0
HP OCR Software 8.0 HP 28.01.2010 1.53MB 8.0
HP Photosmart Essential HP 28.01.2010 10.2MB 1.12.0.46
HP Photosmart Essential 2.0 HP 17.11.2008 1.37MB 2.0
HP Photosmart.All-In-One Driver Software 8.0 .A HP 28.01.2010 30.7MB 8.0
HP Quick Launch Buttons 6.20 B1 Hewlett-Packard 03.06.2007 16.8MB 6.20 B1
HP QuickPlay 3.2 17.11.2008 7.68MB
HP Solution Center 8.0 HP 28.01.2010 1.53MB 8.0
HP Update Hewlett-Packard 03.06.2007 3.57MB 4.000.005.007
HP Wireless Assistant Hewlett-Packard 03.06.2007 3.94MB 3.00 F1
HPSSupply Ihr Firmenname 28.01.2010 0.96MB 2.1.3.0000
Intel Matrix Storage Manager 17.11.2008 37.1MB
iPhone-Konfigurationsprogramm Apple Inc. 17.09.2009 22.4MB 2.1.0.163
IrfanView (remove only) 26.11.2008 1.38MB
iTunes Apple Inc. 17.09.2009 132.6MB 9.0.0.70
Java(TM) 6 Update 20 Sun Microsystems, Inc. 28.07.2010 94.5MB 6.0.200
Java(TM) 6 Update 21 Oracle 28.07.2010 94.9MB 6.0.210
Java(TM) SE Runtime Environment 6 Sun Microsystems, Inc. 03.06.2007 115.2MB 1.6.0.0
LAME v3.98.2 for Audacity 20.11.2009 1.18MB
Malwarebytes' Anti-Malware Malwarebytes Corporation 17.10.2010 3.90MB
Microsoft .NET Framework 3.5 Language Pack SP1 - DEU Microsoft Corporation 16.08.2009 37.0MB
Microsoft .NET Framework 3.5 SP1 Microsoft Corporation 14.08.2009 37.0MB
Microsoft Age of Empires II 09.03.2009 173.3MB
Microsoft Office Enterprise 2007 Microsoft Corporation 27.10.2009 619MB 12.0.6425.1000
Microsoft Visual C++ 2008 ATL Update kb973924 - x86 9.0.30729.4148 Microsoft Corporation 14.07.2010 0.19MB 9.0.30729.4148
Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022 Microsoft Corporation 13.07.2010 2.06MB 9.0.21022
Microsoft Works Microsoft Corporation 09.12.2009 288MB 08.05.0822
MonkeyJam 3_050529 GiantScreamingRobotMonkeys 02.08.2010 3.21MB
Motorola SM56 Data Fax Modem 03.06.2007 1.82MB
Mozilla Firefox (3.6.12) Mozilla 03.11.2010 29.9MB 3.6.12 (de)
MSCU for Microsoft Vista Hewlett-Packard 03.06.2007 24.3MB 1.0.1.1
MSXML 4.0 SP2 (KB954430) Microsoft Corporation 16.11.2008 1.28MB 4.20.9870.0
MSXML 4.0 SP2 (KB973688) Microsoft Corporation 24.11.2009 1.34MB 4.20.9876.0
NVIDIA Drivers NVIDIA Corporation 17.07.2010 1.10
PDF24 Creator PDF24.org 07.01.2010 38.0MB
PDFCreator Frank Heindörfer, Philip Chinery 08.12.2008 30.2MB 0.9.5
PDFCreator Toolbar 08.12.2008 1.03MB 3.3.0.1
QuickTime Apple Inc. 17.09.2009 76.5MB 7.64.17.73
Realtek High Definition Audio Driver Realtek Semiconductor Corp. 03.06.2007 11.2MB 6.0.1.5384
Roxio Creator Audio Roxio 03.06.2007 3.79MB 3.4.0
Roxio Creator Basic v9 Roxio 03.06.2007 25.9MB 3.4.0
Roxio Creator Copy Roxio 03.06.2007 0.65MB 3.4.0
Roxio Creator Data Roxio 03.06.2007 0.88MB 3.4.0
Roxio Creator EasyArchive Roxio 03.06.2007 1.50MB 3.4.0
Roxio Creator Tools Roxio 03.06.2007 0.35MB 3.4.0
Roxio Express Labeler 3 Roxio 03.06.2007 18.1MB 3.2.1
Roxio MyDVD Basic v9 Roxio 03.06.2007 302MB 9.0.551
Sierra Utilities 06.04.2009
Skype™ 4.2 Skype Technologies S.A. 04.07.2010 31.8MB 4.2.169
SopCast 3.0.3 SopCast.com 29.11.2008 8.32MB 3.0.3
SpyHunter Enigma Software Group USA, LLC 15.11.2010 19.8MB 4.3.32.3239
Streamripper (Remove only) 29.03.2010 6.30MB
Synaptics Pointing Device Driver Synaptics 03.06.2007 12.8MB 9.1.11.0
VLC media player 0.9.8a VideoLAN Team 20.12.2008 17.5MB 0.9.8a
VSO Image Resizer 4.0.0.46 VSO-Software 02.08.2010 28.1MB 4.0.0.46
Winamp Nullsoft, Inc 28.04.2010 27.9MB 5.572
Winamp Detector Plug-in Nullsoft, Inc 28.04.2010 0.13MB 1.0.0.1
Windows Media Player Firefox Plugin Microsoft Corp 16.10.2009 0.29MB 1.0.0.8
WinRAR Archivierer 16.11.2008 2.84MB
YouTube Downloader 2.5.6 BienneSoft 27.07.2010 6.93MB
µTorrent 09.02.2010 0.30MB 2.0.0
|
|
18.11.2010, 07:59
| #7 |
| | Security Tool nicht gelöscht Der Vollscan im Normalmodus: Code:
ATTFilter Malwarebytes' Anti-Malware 1.46
www.malwarebytes.org
Datenbank Version: 5138
Windows 6.0.6000
Internet Explorer 7.0.6000.17037
18.11.2010 01:58:03
mbam-log-2010-11-18 (01-58-03).txt
Art des Suchlaufs: Vollständiger Suchlauf (C:\|D:\|E:\|)
Durchsuchte Objekte: 301050
Laufzeit: 1 Stunde(n), 49 Minute(n), 21 Sekunde(n)
Infizierte Speicherprozesse: 0
Infizierte Speichermodule: 0
Infizierte Registrierungsschlüssel: 0
Infizierte Registrierungswerte: 0
Infizierte Dateiobjekte der Registrierung: 0
Infizierte Verzeichnisse: 0
Infizierte Dateien: 0
Infizierte Speicherprozesse:
(Keine bösartigen Objekte gefunden)
Infizierte Speichermodule:
(Keine bösartigen Objekte gefunden)
Infizierte Registrierungsschlüssel:
(Keine bösartigen Objekte gefunden)
Infizierte Registrierungswerte:
(Keine bösartigen Objekte gefunden)
Infizierte Dateiobjekte der Registrierung:
(Keine bösartigen Objekte gefunden)
Infizierte Verzeichnisse:
(Keine bösartigen Objekte gefunden)
Infizierte Dateien:
(Keine bösartigen Objekte gefunden)
|
|
18.11.2010, 08:14
| #8 |
| /// Helfer-Team | Security Tool nicht gelöscht 1. Ich würde deinstallieren, nicht nötig! Bei vermuteten Malwarebefall gezielt vorgehen!: Code:
ATTFilter SpyHunter
Schliesse alle Programme einschliesslich Internet Explorer und fixe mit Hijackthis die Einträge aus der nachfolgenden Codebox (HijackThis starten→ "Do a system scan only"→ Einträge auswählen→ Häckhen setzen→ "Fix checked" klicken→ PC neu aufstarten): HijackThis erstellt ein Backup, Falls bei "Fixen" etwas schief geht, kann man unter "View the list of backups"- die Objekte wiederherstellen Code:
ATTFilter R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = http=127.0.0.1:29775
O4 - HKLM\..\RunOnce: [Launcher] %WINDIR%\SMINST\launcher.exe
O4 - HKUS\S-1-5-19\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter (User 'LOKALER DIENST')
Windows und die installierten Programme auf den neuesten Stand zu halten,sind Garanten für eine erhöhte Sicherheit! Java aktualisieren `Start→ Systemsteuereung→ Java→ Aktualisierung... danach die Alte Version deinstallieren`Systemsteuerung → Software → Ändern/Entfernen...` 4. den Java-Cache leeren - wie unter Punkt 7. u. 8. beschrieben *klick über Systemsteuerung -> Java... 5. Adobe Reader aktualisieren : Adobe Reader Oder: Adobe starten-> gehe auf "Hilfe"-> "Nach Update suchen..." 6. alle Anwendungen schließen → Ordner für temporäre Dateien bitte leeren **Der Temp Ordner,ist für temporäre Dateien,also der Inhalt kann man ohne weiteres löschen.- Dateien, die noch in Benutzung sind, nicht löschbar. **Lösche nur den Inhalt der Ordner, nicht die Ordner selbst!
7. reinige dein System mit Ccleaner:
8. im normalen Modus starten lassen! ** Update Malwarebytes Anti-Malware, lass es nochmal anhand der folgenden Anleitung laufen:
9. poste erneut - nach der vorgenommenen Reinigungsaktion: TrendMicro™ HijackThis™ -Logfile - Keine offenen Fenster, solang bis HijackThis läuft!! |
|
18.11.2010, 21:39
| #9 |
| | Security Tool nicht gelöscht |
|
20.11.2010, 07:10
| #10 |
| /// Helfer-Team | Security Tool nicht gelöscht arbeite die Punkte vollständig ab:-> http://www.trojaner-board.de/92934-s...tml#post590566 Du musst alle Befehle als Admin ausführen (HijackThis auch!): Wichtig: Alle Befehle bitte als Administrator ausführen! rechte Maustaste auf die Eingabeaufforderung und "als Administrator ausführen" auswählen |
|
21.11.2010, 23:51
| #11 |
| | Security Tool nicht gelöscht 1. Hab ich 2. Folgender Eintrag hab ich nicht gefunden: Code:
ATTFilter O4 - HKUS\S-1-5-19\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter (User 'LOKALER DIENST')
Ich wollte den Adobe Reader aktualisieren und dann stürtzte mein Computer mit Bluescreen ab. Ich war während der aktualisierung auf kino.to. Dass ist in letzter Zeit schon das ein oder ander mal passiert. Ist diese Website eher zu meiden oder woran kann dass liegen? Das System rebooted danach sofort wieder, aber Adobe Reader war nicht mehr auf meinem Computer. 8. Logfile von Malwarebyte: Code:
ATTFilter Malwarebytes' Anti-Malware 1.46
www.malwarebytes.org
Datenbank Version: 5164
Windows 6.0.6000
Internet Explorer 7.0.6000.17037
21.11.2010 23:02:27
mbam-log-2010-11-21 (23-02-27).txt
Art des Suchlaufs: Vollständiger Suchlauf (C:\|E:\|)
Durchsuchte Objekte: 300985
Laufzeit: 3 Stunde(n), 0 Minute(n), 48 Sekunde(n)
Infizierte Speicherprozesse: 0
Infizierte Speichermodule: 0
Infizierte Registrierungsschlüssel: 0
Infizierte Registrierungswerte: 0
Infizierte Dateiobjekte der Registrierung: 0
Infizierte Verzeichnisse: 0
Infizierte Dateien: 0
Infizierte Speicherprozesse:
(Keine bösartigen Objekte gefunden)
Infizierte Speichermodule:
(Keine bösartigen Objekte gefunden)
Infizierte Registrierungsschlüssel:
(Keine bösartigen Objekte gefunden)
Infizierte Registrierungswerte:
(Keine bösartigen Objekte gefunden)
Infizierte Dateiobjekte der Registrierung:
(Keine bösartigen Objekte gefunden)
Infizierte Verzeichnisse:
(Keine bösartigen Objekte gefunden)
Infizierte Dateien:
(Keine bösartigen Objekte gefunden)
Hijackthis Logfile: Code:
ATTFilter Logfile of HijackThis v1.99.1 Scan saved at 23:39:08, on 21.11.2010 Platform: Unknown Windows (WinNT 6.00.1904) MSIE: Internet Explorer v7.00 (7.00.6000.17037) Running processes: C:\Windows\system32\Dwm.exe C:\Windows\Explorer.EXE C:\Windows\system32\taskeng.exe C:\Program Files\Synaptics\SynTP\SynTPEnh.exe C:\WINDOWS\RtHDVCpl.exe C:\Program Files\pdf24\pdf24.exe C:\Program Files\Intel\Intel Matrix Storage Manager\IAAnotif.exe C:\Program Files\HP\HP Software Update\hpwuSchd2.exe C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe C:\Program Files\DivX\DivX Update\DivXUpdate.exe C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe C:\Program Files\iTunes\iTunesHelper.exe C:\Program Files\Windows Sidebar\sidebar.exe C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe C:\Program Files\PDFCreator\PDFCreator.exe C:\Users\***\AppData\Roaming\Dropbox\bin\Dropbox.exe C:\Program Files\Microsoft Office\Office12\ONENOTEM.EXE C:\Program Files\Windows Sidebar\sidebar.exe C:\Windows\system32\wuauclt.exe C:\Program Files\trend micro\HiJackThis\HiJackThis.exe C:\Windows\system32\SearchFilterHost.exe C:\Users\***\Downloads\1_99_1.exe R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=DE_CH&c=73&bd=Pavilion&pf=laptop R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://go.microsoft.com/fwlink/?LinkId=54896 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=DE_CH&c=73&bd=Pavilion&pf=laptop R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = hxxp://go.microsoft.com/fwlink/?LinkId=54896 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://go.microsoft.com/fwlink/?LinkId=54896 R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=DE_CH&c=73&bd=Pavilion&pf=laptop R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch = R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll O2 - BHO: PDFCreator Toolbar Helper - {C451C08A-EC37-45DF-AAAD-18B51AB5E837} - C:\Program Files\PDFCreator Toolbar\v3.3.0.1\PDFCreator_Toolbar.dll O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll O3 - Toolbar: PDFCreator Toolbar - {31CF9EBE-5755-4A1D-AC25-2834D952D9B4} - C:\Program Files\PDFCreator Toolbar\v3.3.0.1\PDFCreator_Toolbar.dll O4 - HKLM\..\Run: [Windows Defender] %ProgramFiles%\Windows Defender\MSASCui.exe -hide O4 - HKLM\..\Run: [WAWifiMessage] %ProgramFiles%\Hewlett-Packard\HP Wireless Assistant\WiFiMsg.exe O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe O4 - HKLM\..\Run: [RtHDVCpl] RtHDVCpl.exe O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime O4 - HKLM\..\Run: [PDFPrint] C:\Program Files\pdf24\pdf24.exe O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\Windows\system32\NvCpl.dll,NvStartup O4 - HKLM\..\Run: [IAAnotif] C:\Program Files\Intel\Intel Matrix Storage Manager\iaanotif.exe O4 - HKLM\..\Run: [hpWirelessAssistant] %ProgramFiles%\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\HP\HP Software Update\HPWuSchd2.exe O4 - HKLM\..\Run: [GrooveMonitor] "C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe" O4 - HKLM\..\Run: [DivXUpdate] "C:\Program Files\DivX\DivX Update\DivXUpdate.exe" /CHECKNOW O4 - HKLM\..\Run: [avgnt] "C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe" /min O4 - HKLM\..\Run: [QlbCtrl] %ProgramFiles%\Hewlett-Packard\HP Quick Launch Buttons\QlbCtrl.exe /Start O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe" O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 10.0\Reader\Reader_sl.exe" O4 - HKLM\..\Run: [Adobe ARM] "C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" O4 - HKCU\..\Run: [Sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun O4 - Startup: Dropbox.lnk = ***\AppData\Roaming\Dropbox\bin\Dropbox.exe O4 - Startup: OneNote 2007 Bildschirmausschnitt- und Startprogramm.lnk = C:\Program Files\Microsoft Office\Office12\ONENOTEM.EXE O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe O4 - Global Startup: PDFCreator.lnk = C:\Program Files\PDFCreator\PDFCreator.exe O8 - Extra context menu item: Nach Microsoft E&xel exportieren - res://C:\PROGRA~1\MICROS~3\Office12\EXCEL.EXE/3000 O9 - Extra button: An OneNote senden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~3\Office12\ONBttnIE.dll O9 - Extra 'Tools' menuitem: An OneNote s&enden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~3\Office12\ONBttnIE.dll O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~3\Office12\REFIEBAR.DLL O10 - Unknown file in Winsock LSP: c:\windows\system32\nlaapi.dll O10 - Unknown file in Winsock LSP: c:\windows\system32\napinsp.dll O11 - Options group: [INTERNATIONAL] International* O13 - Gopher Prefix: O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\Program Files\Microsoft Office\Office12\GrooveSystemServices.dll O18 - Protocol: ms-help - {314111C7-A502-11D2-BBCA-00C04F8EC294} - C:\Program Files\Common Files\Microsoft Shared\Help\hxds.dll O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL O18 - Filter hijack: text/xml - {807563E5-5146-11D5-A672-00B0D022E945} - C:\PROGRA~1\COMMON~1\MICROS~1\OFFICE12\MSOXMLMF.DLL O23 - Service: Avira AntiVir Personal - Free Antivirus Planer (AntiVirScheduler) - Avira GmbH - C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe O23 - Service: Avira AntiVir Personal - Free Antivirus Guard (AntiVirService) - Avira GmbH - C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe O23 - Service: CyberLink Background Capture Service (CBCS) (CLCapSvc) - Unknown owner - C:\Program Files\HP\QuickPlay\Kernel\TV\CLCapSvc.exe O23 - Service: CyberLink Task Scheduler (CTS) (CLSched) - Unknown owner - C:\Program Files\HP\QuickPlay\Kernel\TV\CLSched.exe O23 - Service: @%SystemRoot%\ehome\ehstart.dll,-101 (ehstart) - Unknown owner - %windir%\system32\svchost.exe (file missing) O23 - Service: @gpapi.dll,-112 (gpsvc) - Unknown owner - %windir%\system32\svchost.exe (file missing) O23 - Service: HP Health Check Service - Hewlett-Packard - C:\Program Files\Hewlett-Packard\HP Health Check\hphc_service.exe O23 - Service: hpqwmiex - Hewlett-Packard Development Company, L.P. - C:\Program Files\Hewlett-Packard\Shared\hpqwmiex.exe O23 - Service: Intel(R) Matrix Storage Event Monitor (IAANTMON) - Intel Corporation - C:\Program Files\Intel\Intel Matrix Storage Manager\IAANTMon.exe O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe O23 - Service: iPod-Dienst (iPod Service) - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Common Files\LightScribe\LSSrvc.exe O23 - Service: NVIDIA Display Driver Service (nvsvc) - NVIDIA Corporation - C:\Windows\system32\nvvsvc.exe O23 - Service: @%SystemRoot%\system32\qwave.dll,-1 (QWAVE) - Unknown owner - %windir%\system32\svchost.exe (file missing) O23 - Service: RoxMediaDB9 - Sonic Solutions - C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxMediaDB9.exe O23 - Service: @%SystemRoot%\system32\seclogon.dll,-7001 (seclogon) - Unknown owner - %windir%\system32\svchost.exe (file missing) O23 - Service: stllssvr - MicroVision Development, Inc. - C:\Program Files\Common Files\SureThing Shared\stllssvr.exe O23 - Service: @%ProgramFiles%\Windows Media Player\wmpnetwk.exe,-101 (WMPNetworkSvc) - Unknown owner - %ProgramFiles%\Windows Media Player\wmpnetwk.exe (file missing) |
|
24.11.2010, 06:28
| #12 | |
| /// Helfer-Team | Security Tool nicht gelöschtZitat:
kino.to. ... ich würde die Seite vermeiden:-> Kino.to/Wikipedia sehr häufig der Besucher, kann nur die Webseite mit malware-verseuchten Rechnern verlassen... 2. bei Installation, Updates etc (immer) alle Anwendungen und fenster etc schließen, nix anders am PC machen! Neue Liste erstellen:
Geändert von kira (24.11.2010 um 06:39 Uhr) |
|
24.11.2010, 19:01
| #13 |
| | Security Tool nicht gelöscht Ok, werde ich mir merken. 2. Hier noch die Liste der Programme. Welche Programm von HP kann ich löschen? Da ich eigentlich nie mit denen Arbeite. Und was empfiehlst du mir sonst noch zu löschen? Code:
ATTFilter AC3Filter 1.62b Alexander Vigovsky 19.09.2010 1.67MB 1.62b
Adobe Flash Player 10 ActiveX Adobe Systems Incorporated 24.02.2009 10.0.22.87
Adobe Flash Player 10 Plugin Adobe Systems Incorporated 26.06.2010 10.1.53.64
Adobe Reader X - Deutsch Adobe Systems Incorporated 20.11.2010 115.1MB 10.0.0
Apple Application Support Apple Inc. 17.09.2009 32.2MB 1.0
Apple Mobile Device Support Apple Inc. 17.09.2009 40.3MB 2.6.0.32
Apple Software Update Apple Inc. 07.12.2008 2.16MB 2.1.1.116
Audacity 1.3.9 (Unicode) Audacity Team 20.11.2009 30.8MB
Avira AntiVir Personal - Free Antivirus Avira GmbH 17.11.2008 53.1MB
CCleaner Piriform 15.11.2010 3.13MB 3.00
CDex extraction audio 16.11.2008 3.02MB
DivX Converter DivX, Inc. 18.09.2010 45.3MB 7.1.0
DivX Plus DirectShow Filters DivX, Inc. 18.09.2010 1.58MB
DivX-Setup DivX, Inc. 20.11.2010 2.27MB 2.1.2.2
Dropbox 14.11.2010 24.0MB 0.7.110
EPSON Scan 02.12.2008 12.1MB
ESU for Microsoft Vista Hewlett-Packard 03.06.2007 3.39MB 2.0.3.1
Full Tilt Poker Full Tilt Poker 02.04.2009 22.1MB 4.17.11.WIN.FullTilt.Real
HijackThis 1.99.1 Soeperman Enterprises Ltd. 20.11.2010 1.99.1
HP Customer Experience Enhancements Hewlett-Packard 03.06.2007 0.98MB 5.1.0.2278
HP Customer Participation Program 8.0 HP 28.01.2010 352MB 8.0
HP Easy Setup - Frontend Hewlett-Packard 03.06.2007 1.94MB 5.1.0.2279
HP Help and Support Hewlett-Packard 03.06.2007 50.5MB 1.1.0
HP Imaging Device Functions 8.0 HP 28.01.2010 1.54MB 8.0
HP OCR Software 8.0 HP 28.01.2010 1.53MB 8.0
HP Photosmart Essential HP 28.01.2010 10.2MB 1.12.0.46
HP Photosmart Essential 2.0 HP 17.11.2008 1.37MB 2.0
HP Photosmart.All-In-One Driver Software 8.0 .A HP 28.01.2010 30.7MB 8.0
HP Quick Launch Buttons 6.20 B1 Hewlett-Packard 03.06.2007 16.8MB 6.20 B1
HP QuickPlay 3.2 17.11.2008 7.68MB
HP Solution Center 8.0 HP 28.01.2010 1.53MB 8.0
HP Update Hewlett-Packard 03.06.2007 3.57MB 4.000.005.007
HP Wireless Assistant Hewlett-Packard 03.06.2007 3.94MB 3.00 F1
HPSSupply Ihr Firmenname 28.01.2010 0.96MB 2.1.3.0000
Intel Matrix Storage Manager 17.11.2008 37.1MB
iPhone-Konfigurationsprogramm Apple Inc. 17.09.2009 22.4MB 2.1.0.163
IrfanView (remove only) 26.11.2008 1.38MB
iTunes Apple Inc. 17.09.2009 132.6MB 9.0.0.70
Java(TM) 6 Update 22 Oracle 28.07.2010 94.9MB 6.0.220
Java(TM) SE Runtime Environment 6 Sun Microsystems, Inc. 03.06.2007 115.2MB 1.6.0.0
LAME v3.98.2 for Audacity 20.11.2009 1.18MB
Malwarebytes' Anti-Malware Malwarebytes Corporation 17.10.2010 3.90MB
Microsoft .NET Framework 3.5 Language Pack SP1 - DEU Microsoft Corporation 16.08.2009 37.0MB
Microsoft .NET Framework 3.5 SP1 Microsoft Corporation 14.08.2009 37.0MB
Microsoft .NET Framework 4 Client Profile Microsoft Corporation 23.11.2010 120.3MB 4.0.30319
Microsoft Age of Empires II 09.03.2009 173.3MB
Microsoft Office Enterprise 2007 Microsoft Corporation 27.10.2009 619MB 12.0.6425.1000
Microsoft Visual C++ 2008 ATL Update kb973924 - x86 9.0.30729.4148 Microsoft Corporation 14.07.2010 0.19MB 9.0.30729.4148
Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022 Microsoft Corporation 13.07.2010 2.06MB 9.0.21022
Microsoft Works Microsoft Corporation 09.12.2009 288MB 08.05.0822
MonkeyJam 3_050529 GiantScreamingRobotMonkeys 02.08.2010 3.21MB
Motorola SM56 Data Fax Modem 03.06.2007 1.82MB
Mozilla Firefox (3.6.12) Mozilla 03.11.2010 29.9MB 3.6.12 (de)
MSCU for Microsoft Vista Hewlett-Packard 03.06.2007 24.3MB 1.0.1.1
MSXML 4.0 SP2 (KB954430) Microsoft Corporation 16.11.2008 1.28MB 4.20.9870.0
MSXML 4.0 SP2 (KB973688) Microsoft Corporation 24.11.2009 1.34MB 4.20.9876.0
NVIDIA Drivers NVIDIA Corporation 17.07.2010 1.10
PDF24 Creator PDF24.org 07.01.2010 38.0MB
PDFCreator Frank Heindörfer, Philip Chinery 08.12.2008 30.2MB 0.9.5
PDFCreator Toolbar 08.12.2008 1.03MB 3.3.0.1
QuickTime Apple Inc. 17.09.2009 76.5MB 7.64.17.73
Realtek High Definition Audio Driver Realtek Semiconductor Corp. 03.06.2007 11.2MB 6.0.1.5384
Roxio Creator Audio Roxio 03.06.2007 3.79MB 3.4.0
Roxio Creator Basic v9 Roxio 03.06.2007 25.9MB 3.4.0
Roxio Creator Copy Roxio 03.06.2007 0.65MB 3.4.0
Roxio Creator Data Roxio 03.06.2007 0.88MB 3.4.0
Roxio Creator EasyArchive Roxio 03.06.2007 1.50MB 3.4.0
Roxio Creator Tools Roxio 03.06.2007 0.35MB 3.4.0
Roxio Express Labeler 3 Roxio 03.06.2007 18.1MB 3.2.1
Roxio MyDVD Basic v9 Roxio 03.06.2007 302MB 9.0.551
Skype™ 4.2 Skype Technologies S.A. 04.07.2010 31.8MB 4.2.169
SopCast 3.0.3 SopCast.com 29.11.2008 8.32MB 3.0.3
Streamripper (Remove only) 29.03.2010 6.30MB
Synaptics Pointing Device Driver Synaptics 03.06.2007 12.8MB 9.1.11.0
VLC media player 0.9.8a VideoLAN Team 20.12.2008 17.5MB 0.9.8a
VSO Image Resizer 4.0.0.46 VSO-Software 02.08.2010 28.1MB 4.0.0.46
Winamp Nullsoft, Inc 28.04.2010 27.9MB 5.572
Winamp Detector Plug-in Nullsoft, Inc 28.04.2010 0.13MB 1.0.0.1
Windows Media Player Firefox Plugin Microsoft Corp 16.10.2009 0.29MB 1.0.0.8
WinRAR Archivierer 16.11.2008 2.84MB
YouTube Downloader 2.5.6 BienneSoft 27.07.2010 6.93MB
|
|
26.11.2010, 06:49
| #14 |
| /// Helfer-Team | Security Tool nicht gelöscht ALTE VERSION!!!: Code:
ATTFilter Logfile of HijackThis v1.99.1
ausserdem: Code:
ATTFilter Logfile of Trend Micro HijackThis v2.0.4 <- neue Version Scan saved at 22:59:32, on 16.11.2010 Platform: Windows Vista (WinNT 6.00.1904) MSIE: Internet Explorer v7.00 (7.00.6000.17037) Boot mode: Safe mode with network support also suche es und damit im normalen Modus eun Log bitte erstellen und posten! Geändert von kira (26.11.2010 um 06:55 Uhr) |
|
28.11.2010, 16:50
| #15 |
| | Security Tool nicht gelöscht Ah ok  Code:
ATTFilter Logfile of Trend Micro HijackThis v2.0.4 Scan saved at 16:47:01, on 28.11.2010 Platform: Windows Vista SP1 (WinNT 6.00.1905) MSIE: Internet Explorer v7.00 (7.00.6001.18527) Boot mode: Normal Running processes: C:\Windows\system32\Dwm.exe C:\Windows\system32\taskeng.exe C:\Program Files\Synaptics\SynTP\SynTPEnh.exe C:\WINDOWS\RtHDVCpl.exe C:\Program Files\pdf24\pdf24.exe C:\Program Files\Intel\Intel Matrix Storage Manager\IAAnotif.exe C:\Program Files\HP\HP Software Update\hpwuSchd2.exe C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe C:\Program Files\DivX\DivX Update\DivXUpdate.exe C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe C:\Program Files\iTunes\iTunesHelper.exe C:\Program Files\Windows Sidebar\sidebar.exe C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe C:\Program Files\PDFCreator\PDFCreator.exe C:\Users\***\AppData\Roaming\Dropbox\bin\Dropbox.exe C:\Program Files\Microsoft Office\Office12\ONENOTEM.EXE C:\Program Files\Windows Sidebar\sidebar.exe C:\Windows\explorer.exe C:\Windows\system32\conime.exe C:\Program Files\trend micro\hijackthis.exe R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=DE_CH&c=73&bd=Pavilion&pf=laptop R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://go.microsoft.com/fwlink/?LinkId=54896 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=DE_CH&c=73&bd=Pavilion&pf=laptop R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = hxxp://go.microsoft.com/fwlink/?LinkId=54896 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://go.microsoft.com/fwlink/?LinkId=54896 R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=DE_CH&c=73&bd=Pavilion&pf=laptop R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch = R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll O2 - BHO: PDFCreator Toolbar Helper - {C451C08A-EC37-45DF-AAAD-18B51AB5E837} - C:\Program Files\PDFCreator Toolbar\v3.3.0.1\PDFCreator_Toolbar.dll O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll O3 - Toolbar: PDFCreator Toolbar - {31CF9EBE-5755-4A1D-AC25-2834D952D9B4} - C:\Program Files\PDFCreator Toolbar\v3.3.0.1\PDFCreator_Toolbar.dll O4 - HKLM\..\Run: [Windows Defender] %ProgramFiles%\Windows Defender\MSASCui.exe -hide O4 - HKLM\..\Run: [WAWifiMessage] %ProgramFiles%\Hewlett-Packard\HP Wireless Assistant\WiFiMsg.exe O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe O4 - HKLM\..\Run: [RtHDVCpl] RtHDVCpl.exe O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime O4 - HKLM\..\Run: [PDFPrint] C:\Program Files\pdf24\pdf24.exe O4 - HKLM\..\Run: [IAAnotif] C:\Program Files\Intel\Intel Matrix Storage Manager\iaanotif.exe O4 - HKLM\..\Run: [hpWirelessAssistant] %ProgramFiles%\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\HP\HP Software Update\HPWuSchd2.exe O4 - HKLM\..\Run: [GrooveMonitor] "C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe" O4 - HKLM\..\Run: [DivXUpdate] "C:\Program Files\DivX\DivX Update\DivXUpdate.exe" /CHECKNOW O4 - HKLM\..\Run: [avgnt] "C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe" /min O4 - HKLM\..\Run: [QlbCtrl] %ProgramFiles%\Hewlett-Packard\HP Quick Launch Buttons\QlbCtrl.exe /Start O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe" O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 10.0\Reader\Reader_sl.exe" O4 - HKLM\..\Run: [Adobe ARM] "C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" O4 - HKCU\..\Run: [Sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'LOKALER DIENST') O4 - HKUS\S-1-5-19\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter (User 'LOKALER DIENST') O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'NETZWERKDIENST') O4 - Startup: Dropbox.lnk = ***\AppData\Roaming\Dropbox\bin\Dropbox.exe O4 - Startup: OneNote 2007 Bildschirmausschnitt- und Startprogramm.lnk = C:\Program Files\Microsoft Office\Office12\ONENOTEM.EXE O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe O4 - Global Startup: PDFCreator.lnk = C:\Program Files\PDFCreator\PDFCreator.exe O8 - Extra context menu item: Nach Microsoft E&xel exportieren - res://C:\PROGRA~1\MICROS~3\Office12\EXCEL.EXE/3000 O9 - Extra button: An OneNote senden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~3\Office12\ONBttnIE.dll O9 - Extra 'Tools' menuitem: An OneNote s&enden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~3\Office12\ONBttnIE.dll O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~3\Office12\REFIEBAR.DLL O17 - HKLM\System\CCS\Services\Tcpip\..\{E4FA0C15-A3A9-427C-8AFE-64204A2D7283}: NameServer = 80.254.79.157 80.254.77.39 O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\Program Files\Microsoft Office\Office12\GrooveSystemServices.dll O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL O22 - SharedTaskScheduler: Component Categories cache daemon - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\Windows\system32\browseui.dll O23 - Service: Avira AntiVir Personal - Free Antivirus Planer (AntiVirScheduler) - Avira GmbH - C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe O23 - Service: Avira AntiVir Personal - Free Antivirus Guard (AntiVirService) - Avira GmbH - C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe O23 - Service: CyberLink Background Capture Service (CBCS) (CLCapSvc) - Unknown owner - C:\Program Files\HP\QuickPlay\Kernel\TV\CLCapSvc.exe O23 - Service: CyberLink Task Scheduler (CTS) (CLSched) - Unknown owner - C:\Program Files\HP\QuickPlay\Kernel\TV\CLSched.exe O23 - Service: HP Health Check Service - Hewlett-Packard - C:\Program Files\Hewlett-Packard\HP Health Check\hphc_service.exe O23 - Service: hpqwmiex - Hewlett-Packard Development Company, L.P. - C:\Program Files\Hewlett-Packard\Shared\hpqwmiex.exe O23 - Service: Intel(R) Matrix Storage Event Monitor (IAANTMON) - Intel Corporation - C:\Program Files\Intel\Intel Matrix Storage Manager\IAANTMon.exe O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe O23 - Service: iPod-Dienst (iPod Service) - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Common Files\LightScribe\LSSrvc.exe O23 - Service: NVIDIA Display Driver Service (nvsvc) - NVIDIA Corporation - C:\Windows\system32\nvvsvc.exe O23 - Service: RoxMediaDB9 - Sonic Solutions - C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxMediaDB9.exe O23 - Service: stllssvr - MicroVision Development, Inc. - C:\Program Files\Common Files\SureThing Shared\stllssvr.exe -- End of file - 8088 bytes Code:
ATTFilter O4 - HKUS\S-1-5-19\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter (User 'LOKALER DIENST')
|
|
| Themen zu Security Tool nicht gelöscht |
| abgesicherten, abonnement, anti-malware, appdata, avgntflt.sys, backdoor.bot, bösartige, computern, corp./icp, dateien, diagnostics, drahtlos, eingefangen, enigma, entfernen, erfolgreich, excel.exe, explorer, firefox.exe, frage, gelöscht, gen, hdaudio.sys, home premium, iastor.sys, install.exe, jusched.exe, location, malwarebytes, microsoft, minute, modus, msiexec.exe, nvlddmkm.sys, nvstor.sys, office 2007, oldtimer, otl logfile, otl.exe, plug-in, programdata, roaming, sched.exe, searchplugins, security, start, start menu, startup, tool, usbvideo.sys, version, versucht, virus, vista 32, vista 32 bit, windows-defender, windows-firewall |
Linear-Darstellung
