| |
| |||||||
Log-Analyse und Auswertung: C:\Windows\system32\Winbooterr\Svchost.exeWindows 7 Wenn Du Dir einen Trojaner eingefangen hast oder ständig Viren Warnungen bekommst, kannst Du hier die Logs unserer Diagnose Tools zwecks Auswertung durch unsere Experten posten. Um Viren und Trojaner entfernen zu können, muss das infizierte System zuerst untersucht werden: Erste Schritte zur Hilfe. Beachte dass ein infiziertes System nicht vertrauenswürdig ist und bis zur vollständigen Entfernung der Malware nicht verwendet werden sollte.XML. |
 |
18.11.2010, 23:46
| #1 |
| |  C:\Windows\system32\Winbooterr\Svchost.exe Servus, ich hab mir anscheinend irgend so einen Internetrotz eingefangen. Hab auch schon diverse Foren durchgelesen, bin mir aber nicht sicher, inwieweit das mein Problem betrifft. Dabei scheint es sich auf jedenfall um Malware bzw. einen Trojaner zu handeln. Seit heute poppen immer wieder ungewollt unzählige Tabs in FireFox auf. Vor ner Stunde etwa waren es an die 80 Tabs... Wie auch immer. HijackThis: Code:
ATTFilter Logfile of Trend Micro HijackThis v2.0.2 Scan saved at 22:43:52, on 18.11.2010 Platform: Unknown Windows (WinNT 6.01.3504) MSIE: Internet Explorer v8.00 (8.00.7600.16671) Boot mode: Normal Running processes: C:\Program Files (x86)\Common Files\Ahead\Lib\NMBgMonitor.exe C:\Program Files (x86)\HP\Digital Imaging\bin\hpqtra08.exe C:\Program Files (x86)\CyberLink\PowerDVD9\PDVD9Serv.exe C:\Program Files (x86)\CyberLink\Shared Files\brs.exe C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe C:\Program Files (x86)\HP\HP Software Update\hpwuSchd2.exe C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe C:\Program Files (x86)\HTC\HTC Sync 3.0\htcUPCTLoader.exe C:\Program Files (x86)\Adobe\Reader 9.0\Reader\reader_sl.exe C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe C:\Program Files (x86)\DivX\DivX Update\DivXUpdate.exe C:\Program Files (x86)\Common Files\Ahead\Lib\NMIndexStoreSvr.exe C:\Program Files (x86)\Trend Micro\HijackThis\HijackThis.exe C:\Program Files (x86)\HP\Digital Imaging\bin\hpqSTE08.exe C:\Program Files (x86)\HP\Digital Imaging\bin\hpqbam08.exe C:\Program Files (x86)\HP\Digital Imaging\bin\hpqgpc01.exe R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://go.microsoft.com/fwlink/?LinkId=54896 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://go.microsoft.com/fwlink/?LinkId=69157 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = hxxp://go.microsoft.com/fwlink/?LinkId=54896 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://go.microsoft.com/fwlink/?LinkId=54896 R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://go.microsoft.com/fwlink/?LinkId=69157 R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch = R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = R3 - URLSearchHook: ICQToolBar - {855F3B16-6D32-4fe6-8A56-BBB695989046} - C:\Program Files (x86)\ICQ6Toolbar\ICQToolBar.dll (file missing) R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files (x86)\Yahoo!\Companion\Installs\cpn\yt.dll (file missing) F2 - REG:system.ini: UserInit=userinit.exe O2 - BHO: HP Print Enhancer - {0347C33E-8762-4905-BF09-768834316C61} - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\hpswp_printenhancer.dll O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll O2 - BHO: Search Helper - {6EBF7485-159F-4bff-A14F-B9E3AAC4465B} - C:\Program Files (x86)\Microsoft\Search Enhancement Pack\Search Helper\SEPsearchhelperie.dll O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files (x86)\Microsoft Office\Office12\GrooveShellExtensions.dll O2 - BHO: Windows Live ID-Anmelde-Hilfsprogramm - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll O2 - BHO: Windows Live Messenger Companion Helper - {9FDDE16B-836F-4806-AB1F-1455CBEFF289} - C:\Program Files (x86)\Windows Live\Companion\companioncore.dll O2 - BHO: Bing Bar BHO - {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - C:\Program Files (x86)\MSN Toolbar\Platform\6.3.2322.0\npwinext.dll O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll O2 - BHO: Microsoft-Webtestaufzeichnung 10.0-Hilfsprogramm - {DDA57003-0068-4ed2-9D32-4D1EC707D94D} - C:\Program Files (x86)\Microsoft Visual Studio 10.0\Common7\IDE\PrivateAssemblies\Microsoft.VisualStudio.QualityTools.RecorderBarBHO100.dll O2 - BHO: HP Smart BHO Class - {FFFFFFFF-CF4E-4F2B-BDC2-0E72E116A856} - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\hpswp_BHO.dll O3 - Toolbar: @C:\Program Files (x86)\MSN Toolbar\Platform\6.3.2322.0\npwinext.dll,-100 - {8dcb7100-df86-4384-8842-8fa844297b3f} - C:\Program Files (x86)\MSN Toolbar\Platform\6.3.2322.0\npwinext.dll O4 - HKLM\..\Run: [hpqSRMon] C:\Program Files (x86)\HP\Digital Imaging\bin\hpqSRMon.exe O4 - HKLM\..\Run: [RemoteControl9] "C:\Program Files (x86)\CyberLink\PowerDVD9\PDVD9Serv.exe" O4 - HKLM\..\Run: [PDVD9LanguageShortcut] "C:\Program Files (x86)\CyberLink\PowerDVD9\Language\Language.exe" O4 - HKLM\..\Run: [BDRegion] C:\Program Files (x86)\Cyberlink\Shared Files\brs.exe O4 - HKLM\..\Run: [avgnt] "C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe" /min O4 - HKLM\..\Run: [GrooveMonitor] "C:\Program Files (x86)\Microsoft Office\Office12\GrooveMonitor.exe" O4 - HKLM\..\Run: [HP Software Update] C:\Program Files (x86)\HP\HP Software Update\HPWuSchd2.exe O4 - HKLM\..\Run: [Microsoft Default Manager] "C:\Program Files (x86)\Microsoft\Search Enhancement Pack\Default Manager\DefMgr.exe" -resume O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe" O4 - HKLM\..\Run: [HTC Sync Loader] "C:\Program Files (x86)\HTC\HTC Sync 3.0\htcUPCTLoader.exe" -startup O4 - HKLM\..\Run: [F5D7050v3] C:\Program Files (x86)\Belkin\F5D7050v3\Belkinwcui.exe O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe" O4 - HKLM\..\Run: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" O4 - HKLM\..\Run: [DivXUpdate] "C:\Program Files (x86)\DivX\DivX Update\DivXUpdate.exe" /CHECKNOW O4 - HKLM\..\Run: [HKLM] C:\Windows\system32\Winbooterr\Svchost.exe O4 - HKCU\..\Run: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Program Files (x86)\Common Files\Ahead\Lib\NMBgMonitor.exe" O4 - HKCU\..\Run: [EA Core] "C:\Program Files (x86)\Electronic Arts\EADM\Core.exe" -silent O4 - HKCU\..\Run: [HKCU] C:\Windows\system32\Winbooterr\Svchost.exe O4 - HKLM\..\Policies\Explorer\Run: [Policies] C:\Windows\system32\Winbooterr\Svchost.exe O4 - HKCU\..\Policies\Explorer\Run: [Policies] C:\Windows\system32\Winbooterr\Svchost.exe O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun (User 'LOKALER DIENST') O4 - HKUS\S-1-5-19\..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (User 'LOKALER DIENST') O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun (User 'NETZWERKDIENST') O4 - HKUS\S-1-5-20\..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (User 'NETZWERKDIENST') O4 - Startup: Adobe Gamma.lnk = C:\Program Files (x86)\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files (x86)\HP\Digital Imaging\bin\hpqtra08.exe O8 - Extra context menu item: In 1&&1 SoftPhone wählen - C:\ProgramData\1&1\1&1 SoftPhone\ContextMenuHandler.html O8 - Extra context menu item: Nach Microsoft E&xel exportieren - res://C:\PROGRA~2\MICROS~1\Office12\EXCEL.EXE/3000 O9 - Extra button: @C:\Program Files (x86)\Windows Live\Companion\companionlang.dll,-600 - {0000036B-C524-4050-81A0-243669A86B9F} - C:\Program Files (x86)\Windows Live\Companion\companioncore.dll O9 - Extra button: @C:\Program Files (x86)\Windows Live\Writer\WindowsLiveWriterShortcuts.dll,-1004 - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll O9 - Extra 'Tools' menuitem: @C:\Program Files (x86)\Windows Live\Writer\WindowsLiveWriterShortcuts.dll,-1003 - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll O9 - Extra button: An OneNote senden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~2\MICROS~1\Office12\ONBttnIE.dll O9 - Extra 'Tools' menuitem: An OneNote s&enden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~2\MICROS~1\Office12\ONBttnIE.dll O9 - Extra button: @C:\Windows\WindowsMobile\INetRepl.dll,-222 - {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - C:\Windows\WindowsMobile\INetRepl.dll O9 - Extra button: (no name) - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\Windows\WindowsMobile\INetRepl.dll O9 - Extra 'Tools' menuitem: @C:\Windows\WindowsMobile\INetRepl.dll,-223 - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\Windows\WindowsMobile\INetRepl.dll O9 - Extra button: PokerStars - {3AD14F0C-ED16-4e43-B6D8-661B03F6A1EF} - C:\Program Files (x86)\PokerStars\PokerStarsUpdate.exe O9 - Extra button: ICQ7 - {88EB38EF-4D2C-436D-ABD3-56B232674062} - C:\Program Files (x86)\ICQ7.0\ICQ.exe O9 - Extra 'Tools' menuitem: ICQ7 - {88EB38EF-4D2C-436D-ABD3-56B232674062} - C:\Program Files (x86)\ICQ7.0\ICQ.exe O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~2\MICROS~1\Office12\REFIEBAR.DLL O9 - Extra button: HP Smart Web Printing ein- oder ausblenden - {DDE87865-83C5-48c4-8357-2F5B1AA84522} - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\hpswp_BHO.dll O9 - Extra button: PokerStars.net - {FA9B9510-9FCB-4ca0-818C-5D0987B47C4D} - C:\Program Files (x86)\PokerStars.NET\PokerStarsUpdate.exe O10 - Unknown file in Winsock LSP: c:\program files (x86)\common files\microsoft shared\windows live\wlidnsp.dll O10 - Unknown file in Winsock LSP: c:\program files (x86)\common files\microsoft shared\windows live\wlidnsp.dll O13 - Gopher Prefix: O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\Program Files (x86)\Microsoft Office\Office12\GrooveSystemServices.dll O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~2\COMMON~1\Skype\SKYPE4~1.DLL O18 - Protocol: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - C:\Program Files (x86)\Windows Live\Photo Gallery\AlbumDownloadProtocolHandler.dll O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files (x86)\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe O23 - Service: @%SystemRoot%\system32\Alg.exe,-112 (ALG) - Unknown owner - C:\Windows\System32\alg.exe (file missing) O23 - Service: Avira AntiVir Planer (AntiVirSchedulerService) - Avira GmbH - C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe O23 - Service: Avira AntiVir Guard (AntiVirService) - Avira GmbH - C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe O23 - Service: @%SystemRoot%\system32\efssvc.dll,-100 (EFS) - Unknown owner - C:\Windows\System32\lsass.exe (file missing) O23 - Service: @%systemroot%\system32\fxsresm.dll,-118 (Fax) - Unknown owner - C:\Windows\system32\fxssvc.exe (file missing) O23 - Service: Google Update Service (gupdate) (gupdate) - Google Inc. - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe O23 - Service: ICQ Service - Unknown owner - C:\Program Files (x86)\ICQ6Toolbar\ICQ Service.exe O23 - Service: @keyiso.dll,-100 (KeyIso) - Unknown owner - C:\Windows\system32\lsass.exe (file missing) O23 - Service: Logitech Bluetooth Service (LBTServ) - Logitech, Inc. - C:\Program Files\Common Files\LogiShrd\Bluetooth\lbtserv.exe O23 - Service: @comres.dll,-2797 (MSDTC) - Unknown owner - C:\Windows\System32\msdtc.exe (file missing) O23 - Service: @C:\Program Files (x86)\Nero\Update\NASvc.exe,-200 (NAUpdate) - Nero AG - C:\Program Files (x86)\Nero\Update\NASvc.exe O23 - Service: NBService - Nero AG - C:\Program Files (x86)\Nero\Nero 7\Nero BackItUp\NBService.exe O23 - Service: @%SystemRoot%\System32\netlogon.dll,-102 (Netlogon) - Unknown owner - C:\Windows\system32\lsass.exe (file missing) O23 - Service: NMIndexingService - Nero AG - C:\Program Files (x86)\Common Files\Ahead\Lib\NMIndexingService.exe O23 - Service: NVIDIA Display Driver Service (nvsvc) - Unknown owner - C:\Windows\system32\nvvsvc.exe (file missing) O23 - Service: @%systemroot%\system32\psbase.dll,-300 (ProtectedStorage) - Unknown owner - C:\Windows\system32\lsass.exe (file missing) O23 - Service: @%systemroot%\system32\Locator.exe,-2 (RpcLocator) - Unknown owner - C:\Windows\system32\locator.exe (file missing) O23 - Service: @%SystemRoot%\system32\samsrv.dll,-1 (SamSs) - Unknown owner - C:\Windows\system32\lsass.exe (file missing) O23 - Service: ServiceLayer - Nokia - C:\Program Files (x86)\PC Connectivity Solution\ServiceLayer.exe O23 - Service: @%SystemRoot%\system32\snmptrap.exe,-3 (SNMPTRAP) - Unknown owner - C:\Windows\System32\snmptrap.exe (file missing) O23 - Service: @%systemroot%\system32\spoolsv.exe,-1 (Spooler) - Unknown owner - C:\Windows\System32\spoolsv.exe (file missing) O23 - Service: @%SystemRoot%\system32\sppsvc.exe,-101 (sppsvc) - Unknown owner - C:\Windows\system32\sppsvc.exe (file missing) O23 - Service: StarWind AE Service (StarWindServiceAE) - Rocket Division Software - C:\Program Files (x86)\Alcohol Soft\Alcohol 120\StarWind\StarWindServiceAE.exe O23 - Service: Steam Client Service - Valve Corporation - C:\Program Files (x86)\Common Files\Steam\SteamService.exe O23 - Service: NVIDIA Stereoscopic 3D Driver Service (Stereo Service) - NVIDIA Corporation - C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe O23 - Service: @%SystemRoot%\system32\ui0detect.exe,-101 (UI0Detect) - Unknown owner - C:\Windows\system32\UI0Detect.exe (file missing) O23 - Service: @%SystemRoot%\system32\vaultsvc.dll,-1003 (VaultSvc) - Unknown owner - C:\Windows\system32\lsass.exe (file missing) O23 - Service: @%SystemRoot%\system32\vds.exe,-100 (vds) - Unknown owner - C:\Windows\System32\vds.exe (file missing) O23 - Service: @%systemroot%\system32\vssvc.exe,-102 (VSS) - Unknown owner - C:\Windows\system32\vssvc.exe (file missing) O23 - Service: @%systemroot%\system32\wbengine.exe,-104 (wbengine) - Unknown owner - C:\Windows\system32\wbengine.exe (file missing) O23 - Service: @%Systemroot%\system32\wbem\wmiapsrv.exe,-110 (wmiApSrv) - Unknown owner - C:\Windows\system32\wbem\WmiApSrv.exe (file missing) O23 - Service: @%PROGRAMFILES%\Windows Media Player\wmpnetwk.exe,-101 (WMPNetworkSvc) - Unknown owner - C:\Program Files (x86)\Windows Media Player\wmpnetwk.exe (file missing) -- End of file - 14078 bytes Code:
ATTFilter OTL: OTL logfile created on: 18.11.2010 22:47:45 - Run 1 OTL by OldTimer - Version 3.2.17.3 Folder = C:\Users\O****w\Desktop 64bit- Home Premium Edition (Version = 6.1.7600) - Type = NTWorkstation Internet Explorer (Version = 8.0.7600.16385) Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy 4,00 Gb Total Physical Memory | 2,00 Gb Available Physical Memory | 62,00% Memory free 7,00 Gb Paging File | 5,00 Gb Available in Paging File | 76,00% Paging File free Paging file location(s): c:\pagefile.sys 3072 4096 [binary data] %SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86) Drive C: | 235,44 Gb Total Space | 60,61 Gb Free Space | 25,74% Space Free | Partition Type: NTFS Drive D: | 230,32 Gb Total Space | 89,56 Gb Free Space | 38,89% Space Free | Partition Type: NTFS Drive E: | 7,34 Gb Total Space | 0,00 Gb Free Space | 0,00% Space Free | Partition Type: UDF Computer Name: OUTLAW-DESKTOP | User Name: O***w | Logged in as Administrator. Boot Mode: Normal | Scan Mode: Current user | Include 64bit Scans Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days ========== Processes (SafeList) ========== PRC - C:\Users\O***w\Desktop\OTL.exe (OldTimer Tools) PRC - C:\Program Files (x86)\Trend Micro\HijackThis\HijackThis.exe (Trend Micro Inc.) PRC - C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe (Avira GmbH) PRC - C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe (Avira GmbH) PRC - C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe (Avira GmbH) PRC - C:\Program Files (x86)\DivX\DivX Update\DivXUpdate.exe () PRC - C:\Program Files (x86)\HTC\HTC Sync 3.0\htcUPCTLoader.exe () PRC - C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe (NVIDIA Corporation) PRC - C:\Program Files (x86)\Nero\Update\NASvc.exe (Nero AG) PRC - C:\Program Files (x86)\Mozilla Firefox\firefox.exe (Mozilla Corporation) PRC - C:\Program Files (x86)\CyberLink\Shared Files\brs.exe (cyberlink) PRC - C:\Program Files (x86)\CyberLink\PowerDVD9\PDVD9Serv.exe (CyberLink Corp.) PRC - C:\Program Files (x86)\Common Files\Ahead\Lib\NMIndexStoreSvr.exe (Nero AG) PRC - C:\Program Files (x86)\Common Files\Ahead\Lib\NMBgMonitor.exe (Nero AG) PRC - C:\Program Files (x86)\Alcohol Soft\Alcohol 120\StarWind\StarWindServiceAE.exe (Rocket Division Software) ========== Modules (SafeList) ========== MOD - C:\Users\O***w\Desktop\OTL.exe (OldTimer Tools) MOD - C:\Windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7600.16661_none_420fe3fa2b8113bd\comctl32.dll (Microsoft Corporation) ========== Win32 Services (SafeList) ========== SRV:64bit: - (wlcrasvc) -- C:\Program Files\Windows Live\Mesh\wlcrasvc.exe (Microsoft Corporation) SRV:64bit: - (LBTServ) -- C:\Program Files\Common Files\LogiShrd\Bluetooth\lbtserv.exe (Logitech, Inc.) SRV:64bit: - (WinDefend) -- C:\Program Files\Windows Defender\mpsvc.dll (Microsoft Corporation) SRV - (AntiVirSchedulerService) -- C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe (Avira GmbH) SRV - (AntiVirService) -- C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe (Avira GmbH) SRV - (Stereo Service) -- C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe (NVIDIA Corporation) SRV - (ServiceLayer) -- C:\Program Files (x86)\PC Connectivity Solution\ServiceLayer.exe (Nokia) SRV - (NAUpdate) -- C:\Program Files (x86)\Nero\Update\NASvc.exe (Nero AG) SRV - (clr_optimization_v4.0.30319_32) -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe (Microsoft Corporation) SRV - (ICQ Service) -- C:\Program Files (x86)\ICQ6Toolbar\ICQ Service.exe () SRV - (Steam Client Service) -- C:\Program Files (x86)\Common Files\Steam\SteamService.exe (Valve Corporation) SRV - (clr_optimization_v2.0.50727_32) -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe (Microsoft Corporation) SRV - (WcesComm) -- C:\Windows\WindowsMobile\wcescomm.dll (Microsoft Corporation) SRV - (RapiMgr) -- C:\Windows\WindowsMobile\rapimgr.dll (Microsoft Corporation) SRV - (StarWindServiceAE) -- C:\Program Files (x86)\Alcohol Soft\Alcohol 120\StarWind\StarWindServiceAE.exe (Rocket Division Software) ========== Driver Services (SafeList) ========== DRV:64bit: - (avgntflt) -- C:\Windows\SysNative\drivers\avgntflt.sys (Avira GmbH) DRV:64bit: - (fssfltr) -- C:\Windows\SysNative\drivers\fssfltr.sys (Microsoft Corporation) DRV:64bit: - (netr7364) -- C:\Windows\SysNative\drivers\netr7364.sys (Ralink Technology, Corp.) DRV:64bit: - (sptd) -- C:\Windows\SysNative\drivers\sptd.sys () DRV:64bit: - (atksgt) -- C:\Windows\SysNative\drivers\atksgt.sys () DRV:64bit: - (lirsgt) -- C:\Windows\SysNative\drivers\lirsgt.sys () DRV:64bit: - (RTL8167) -- C:\Windows\SysNative\drivers\Rt64win7.sys (Realtek ) DRV:64bit: - (avipbb) -- C:\Windows\SysNative\drivers\avipbb.sys (Avira GmbH) DRV:64bit: - (LUsbFilt) -- C:\Windows\SysNative\drivers\LUsbFilt.sys (Logitech, Inc.) DRV:64bit: - (LMouFilt) -- C:\Windows\SysNative\drivers\LMouFilt.Sys (Logitech, Inc.) DRV:64bit: - (LHidFilt) -- C:\Windows\SysNative\drivers\LHidFilt.Sys (Logitech, Inc.) DRV:64bit: - (HTCAND64) -- C:\Windows\SysNative\drivers\ANDROIDUSB.sys (HTC, Corporation) DRV:64bit: - (amdsata) -- C:\Windows\SysNative\drivers\amdsata.sys (Advanced Micro Devices) DRV:64bit: - (amdxata) -- C:\Windows\SysNative\drivers\amdxata.sys (Advanced Micro Devices) DRV:64bit: - (amdsbs) -- C:\Windows\SysNative\drivers\amdsbs.sys (AMD Technologies Inc.) DRV:64bit: - (LSI_SAS2) -- C:\Windows\SysNative\drivers\lsi_sas2.sys (LSI Corporation) DRV:64bit: - (HpSAMD) -- C:\Windows\SysNative\drivers\HpSAMD.sys (Hewlett-Packard Company) DRV:64bit: - (stexstor) -- C:\Windows\SysNative\drivers\stexstor.sys (Promise Technology) DRV:64bit: - (usb_rndisx) -- C:\Windows\SysNative\drivers\usb8023x.sys (Microsoft Corporation) DRV:64bit: - (Ntfs) -- C:\Windows\SysNative\wbem\ntfs.mof () DRV:64bit: - (ebdrv) -- C:\Windows\SysNative\drivers\evbda.sys (Broadcom Corporation) DRV:64bit: - (b06bdrv) -- C:\Windows\SysNative\drivers\bxvbda.sys (Broadcom Corporation) DRV:64bit: - (b57nd60a) -- C:\Windows\SysNative\drivers\b57nd60a.sys (Broadcom Corporation) DRV:64bit: - (hcw85cir) -- C:\Windows\SysNative\drivers\hcw85cir.sys (Hauppauge Computer Works, Inc.) DRV:64bit: - (fwlanusbn) -- C:\Windows\SysNative\drivers\fwlanusbn.sys (AVM GmbH) DRV:64bit: - (avmeject) -- C:\Windows\SysNative\drivers\avmeject.sys (AVM Berlin) DRV:64bit: - (pccsmcfd) -- C:\Windows\SysNative\drivers\pccsmcfdx64.sys (Nokia) DRV:64bit: - (PAC207) -- C:\Windows\SysNative\drivers\PFC027.SYS (PixArt Imaging Inc.) DRV - ({B154377D-700F-42cc-9474-23858FBDF4BD}) -- C:\Program Files (x86)\CyberLink\PowerDVD9\000.fcl (CyberLink Corp.) ========== Standard Registry (SafeList) ========== ========== Internet Explorer ========== IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.msn.com/ IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,StartPageCache = 1 IE - HKCU\..\URLSearchHook: {855F3B16-6D32-4fe6-8A56-BBB695989046} - C:\Program Files (x86)\ICQ6Toolbar\ICQToolBar.dll File not found IE - HKCU\..\URLSearchHook: {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files (x86)\Yahoo!\Companion\Installs\cpn\yt.dll File not found IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 ========== FireFox ========== FF - prefs.js..browser.search.defaultenginename: "ICQ Search" FF - prefs.js..browser.search.defaulturl: "hxxp://www.google.com/search?lr=&ie=UTF-8&oe=UTF-8&q=" FF - prefs.js..browser.search.selectedEngine: "ICQ Search" FF - prefs.js..browser.startup.homepage: "" FF - prefs.js..extensions.enabledItems: videofinder@veoh.com:1.3 FF - prefs.js..extensions.enabledItems: {635abd67-4fe9-1b23-4f01-e679fa7484c1}:1.5.1.20080205 FF - prefs.js..keyword.URL: "hxxp://search.icq.com/search/afe_results.php?ch_id=afex&q=" FF - HKLM\software\mozilla\Firefox\Extensions\\{5FE7198A-5950-4068-9FBF-1A60395CC4E9}: C:\Program Files (x86)\1&1\1&1 SoftPhone\Firefox [2010.04.23 22:09:34 | 000,000,000 | ---D | M] FF - HKLM\software\mozilla\Firefox\Extensions\\{3252b9ae-c69a-4eaf-9502-dc9c1f6c009e}: C:\Program Files (x86)\Microsoft\Search Enhancement Pack\Default Manager\DMExtension\ [2010.07.24 12:44:55 | 000,000,000 | ---D | M] FF - HKLM\software\mozilla\Firefox\Extensions\\smartwebprinting@hp.com: C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3 [2010.08.16 15:12:31 | 000,000,000 | ---D | M] FF - HKLM\software\mozilla\Mozilla Firefox 3.6.2pre\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2010.05.04 23:58:02 | 000,000,000 | ---D | M] FF - HKLM\software\mozilla\Mozilla Firefox 3.6.2pre\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins [2010.11.18 22:44:50 | 000,000,000 | ---D | M] FF - HKLM\software\mozilla\Mozilla Thunderbird 3.1.6\extensions\\Components: C:\Program Files (x86)\Mozilla Thunderbird\components [2010.11.05 16:44:29 | 000,000,000 | ---D | M] FF - HKLM\software\mozilla\Mozilla Thunderbird 3.1.6\extensions\\Plugins: C:\Program Files (x86)\Mozilla Thunderbird\plugins [2010.11.18 22:44:50 | 000,000,000 | ---D | M] [2010.09.08 22:07:53 | 000,000,000 | ---D | M] -- C:\Users\O***w\AppData\Roaming\mozilla\Extensions [2010.09.08 22:07:53 | 000,000,000 | ---D | M] (No name found) -- C:\Users\O****w\AppData\Roaming\mozilla\Extensions\{3550f703-e582-4d05-9a08-453d09bdfdc6} [2009.11.04 14:19:09 | 000,000,000 | ---D | M] -- C:\Users\O****w\AppData\Roaming\mozilla\Extensions\MediaCoder [2010.10.05 12:49:06 | 000,000,000 | ---D | M] -- C:\Users\O***w\AppData\Roaming\mozilla\Firefox\Profiles\be6r9k60.default\extensions [2010.03.02 23:44:15 | 000,000,000 | ---D | M] (Yahoo! Toolbar) -- C:\Users\O****w\AppData\Roaming\mozilla\Firefox\Profiles\be6r9k60.default\extensions\{635abd67-4fe9-1b23-4f01-e679fa7484c1} [2010.03.02 23:44:15 | 000,000,000 | ---D | M] (No name found) -- C:\Users\O****w\AppData\Roaming\mozilla\Firefox\Profiles\be6r9k60.default\extensions\{800b5000-a755-47e1-992b-48a1c1357f07} [2010.10.05 12:49:07 | 000,000,000 | ---D | M] -- C:\Users\O****w\AppData\Roaming\mozilla\Firefox\Profiles\be6r9k60.default\extensions\toolbar@ask.com [2010.03.02 23:44:16 | 000,000,000 | ---D | M] -- C:\Users\O***w\AppData\Roaming\mozilla\Firefox\Profiles\be6r9k60.default - Kopie\extensions [2010.03.02 23:44:16 | 000,000,000 | ---D | M] (Yahoo! Toolbar) -- C:\Users\O***w\AppData\Roaming\mozilla\Firefox\Profiles\be6r9k60.default - Kopie\extensions\{635abd67-4fe9-1b23-4f01-e679fa7484c1} [2010.03.02 23:44:16 | 000,000,000 | ---D | M] (No name found) -- C:\Users\O****w\AppData\Roaming\mozilla\Firefox\Profiles\be6r9k60.default - Kopie\extensions\{800b5000-a755-47e1-992b-48a1c1357f07} [2009.01.07 14:26:35 | 000,000,950 | ---- | M] () -- C:\Users\O***w\AppData\Roaming\Mozilla\FireFox\Profiles\be6r9k60.default - Kopie\searchplugins\icqplugin-1.xml [2008.07.26 19:59:23 | 000,000,950 | ---- | M] () -- C:\Users\O***w\AppData\Roaming\Mozilla\FireFox\Profiles\be6r9k60.default - Kopie\searchplugins\icqplugin-2.xml [2008.02.19 17:16:46 | 000,000,951 | ---- | M] () -- C:\Users\O***w\AppData\Roaming\Mozilla\FireFox\Profiles\be6r9k60.default - Kopie\searchplugins\icqplugin.xml [2010.11.17 01:36:50 | 000,000,000 | ---D | M] -- C:\Program Files (x86)\mozilla firefox\extensions [2010.07.13 05:36:43 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files (x86)\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA} [2010.08.17 14:54:05 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files (x86)\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA} [2010.11.10 22:11:22 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files (x86)\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA} [2010.09.15 04:50:38 | 000,472,808 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files (x86)\mozilla firefox\plugins\npdeployJava1.dll [2010.06.29 05:01:22 | 000,012,800 | ---- | M] (Nullsoft, Inc.) -- C:\Program Files (x86)\mozilla firefox\plugins\npwachk.dll [2010.01.16 02:15:29 | 000,001,392 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\amazondotcom-de.xml [2010.01.16 02:15:29 | 000,002,344 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\eBay-de.xml [2010.01.16 02:15:29 | 000,006,805 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\leo_ende_de.xml [2010.01.16 02:15:29 | 000,001,178 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\wikipedia-de.xml [2010.01.16 02:15:29 | 000,001,105 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\yahoo-de.xml O1 HOSTS File: ([2009.06.10 22:00:26 | 000,000,824 | ---- | M]) - C:\Windows\SysNative\drivers\etc\hosts O2 - BHO: (HP Print Enhancer) - {0347C33E-8762-4905-BF09-768834316C61} - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\hpswp_printenhancer.dll (Hewlett-Packard Co.) O2 - BHO: (Bing Bar BHO) - {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - C:\Program Files (x86)\MSN Toolbar\Platform\6.3.2322.0\npwinext.dll (Microsoft Corporation) O2 - BHO: (HP Smart BHO Class) - {FFFFFFFF-CF4E-4F2B-BDC2-0E72E116A856} - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\hpswp_BHO.dll (Hewlett-Packard Co.) O3 - HKLM\..\Toolbar: (@C:\Program Files (x86)\MSN Toolbar\Platform\6.3.2322.0\npwinext.dll,-100) - {8dcb7100-df86-4384-8842-8fa844297b3f} - C:\Program Files (x86)\MSN Toolbar\Platform\6.3.2322.0\npwinext.dll (Microsoft Corporation) O4:64bit: - HKLM..\Run: [EvtMgr6] C:\Program Files\Logitech\SetPointP\SetPoint.exe (Logitech, Inc.) O4:64bit: - HKLM..\Run: [Monitor] C:\Windows\PixArt\PAC207\Monitor.exe File not found O4:64bit: - HKLM..\Run: [Windows Mobile Device Center] C:\Windows\WindowsMobile\wmdc.exe (Microsoft Corporation) O4 - HKLM..\Run: [avgnt] C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe (Avira GmbH) O4 - HKLM..\Run: [BDRegion] C:\Program Files (x86)\Cyberlink\Shared Files\brs.exe (cyberlink) O4 - HKLM..\Run: [DivXUpdate] C:\Program Files (x86)\DivX\DivX Update\DivXUpdate.exe () O4 - HKLM..\Run: [F5D7050v3] C:\Program Files (x86)\Belkin\F5D7050v3\Belkinwcui.exe File not found O4 - HKLM..\Run: [HKLM] C:\Windows\SysWOW64\Winbooterr\Svchost.exe (Microsoft Corporation) O4 - HKLM..\Run: [hpqSRMon] C:\Program Files (x86)\HP\Digital Imaging\bin\hpqSRMon.exe File not found O4 - HKLM..\Run: [HTC Sync Loader] C:\Program Files (x86)\HTC\HTC Sync 3.0\htcUPCTLoader.exe () O4 - HKLM..\Run: [PDVD9LanguageShortcut] C:\Program Files (x86)\CyberLink\PowerDVD9\Language\Language.exe (CyberLink Corp.) O4 - HKLM..\Run: [RemoteControl9] C:\Program Files (x86)\CyberLink\PowerDVD9\PDVD9Serv.exe (CyberLink Corp.) O4 - HKCU..\Run: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] C:\Program Files (x86)\Common Files\Ahead\Lib\NMBgMonitor.exe (Nero AG) O4 - HKCU..\Run: [EA Core] C:\Program Files (x86)\Electronic Arts\EADM\Core.exe File not found O4 - HKCU..\Run: [HKCU] C:\Windows\SysWOW64\Winbooterr\Svchost.exe (Microsoft Corporation) O4 - Startup: C:\Users\O***w\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Adobe Gamma.lnk = C:\Program Files (x86)\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe (Adobe Systems, Inc.) O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktopChanges = 1 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\Run: Policies = C:\Windows\system32\Winbooterr\Svchost.exe (Microsoft Corporation) O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 0 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableLUA = 0 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: PromptOnSecureDesktop = 0 O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 91 00 00 00 [binary data] O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\Run: Policies = C:\Windows\system32\Winbooterr\Svchost.exe (Microsoft Corporation) O8:64bit: - Extra context menu item: In 1&&1 SoftPhone wählen - C:\ProgramData\1&1\1&1 SoftPhone\ContextMenuHandler.html () O8 - Extra context menu item: In 1&&1 SoftPhone wählen - C:\ProgramData\1&1\1&1 SoftPhone\ContextMenuHandler.html () O9 - Extra Button: An OneNote senden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~2\MICROS~1\Office12\ONBttnIE.dll (Microsoft Corporation) O9 - Extra 'Tools' menuitem : An OneNote s&enden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~2\MICROS~1\Office12\ONBttnIE.dll (Microsoft Corporation) O9 - Extra Button: @C:\Windows\WindowsMobile\INetRepl.dll,-222 - {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - C:\Windows\WindowsMobile\INetRepl.dll (Microsoft Corporation) O9 - Extra 'Tools' menuitem : @C:\Windows\WindowsMobile\INetRepl.dll,-223 - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\Windows\WindowsMobile\INetRepl.dll (Microsoft Corporation) O9 - Extra Button: PokerStars - {3AD14F0C-ED16-4e43-B6D8-661B03F6A1EF} - C:\Program Files (x86)\PokerStars\PokerStarsUpdate.exe (PokerStars) O9 - Extra Button: ICQ7 - {88EB38EF-4D2C-436D-ABD3-56B232674062} - C:\Program Files (x86)\ICQ7.0\ICQ.exe (ICQ, LLC.) O9 - Extra 'Tools' menuitem : ICQ7 - {88EB38EF-4D2C-436D-ABD3-56B232674062} - C:\Program Files (x86)\ICQ7.0\ICQ.exe (ICQ, LLC.) O9 - Extra Button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~2\MICROS~1\Office12\REFIEBAR.DLL (Microsoft Corporation) O9 - Extra Button: HP Smart Web Printing ein- oder ausblenden - {DDE87865-83C5-48c4-8357-2F5B1AA84522} - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\hpswp_BHO.dll (Hewlett-Packard Co.) O9 - Extra Button: PokerStars.net - {FA9B9510-9FCB-4ca0-818C-5D0987B47C4D} - C:\Program Files (x86)\PokerStars.NET\PokerStarsUpdate.exe (PokerStars) O13 - gopher Prefix: missing O13 - gopher Prefix: missing O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_18-windows-i586.cab (Java Plug-in 1.6.0_18) O16 - DPF: {CAFEEFAC-0016-0000-0018-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_18-windows-i586.cab (Java Plug-in 1.6.0_18) O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_18-windows-i586.cab (Java Plug-in 1.6.0_18) O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab (Java Plug-in 1.6.0_22) O16 - DPF: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab (Java Plug-in 1.6.0_22) O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab (Java Plug-in 1.6.0_22) O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.1 O18:64bit: - Protocol\Handler\grooveLocalGWS {88FED34C-F0CA-4636-A375-3CB6248B04CD} - Reg Error: Key error. File not found O18:64bit: - Protocol\Handler\livecall {828030A1-22C1-4009-854F-8E305202313F} - Reg Error: Key error. File not found O18:64bit: - Protocol\Handler\ms-help {314111c7-a502-11d2-bbca-00c04f8ec294} - Reg Error: Key error. File not found O18:64bit: - Protocol\Handler\msnim {828030A1-22C1-4009-854F-8E305202313F} - Reg Error: Key error. File not found O18:64bit: - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - Reg Error: Key error. File not found O18:64bit: - Protocol\Handler\wlmailhtml {03C514A3-1EFB-4856-9F99-10D7BE1653C0} - Reg Error: Key error. File not found O18:64bit: - Protocol\Handler\wlpg {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - Reg Error: Key error. File not found O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~2\COMMON~1\Skype\SKYPE4~1.DLL (Skype Technologies) O18:64bit: - Protocol\Filter\text/xml {807563E5-5146-11D5-A672-00B0D022E945} - C:\PROGRA~1\COMMON~1\MICROS~1\OFFICE12\MSOXMLMF.DLL (Microsoft Corporation) O18 - Protocol\Filter\text/xml {807563E5-5146-11D5-A672-00B0D022E945} - C:\PROGRA~2\COMMON~1\MICROS~1\OFFICE12\MSOXMLMF.DLL (Microsoft Corporation) O20:64bit: - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation) O20:64bit: - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\Windows\SysNative\SystemPropertiesPerformance.exe (Microsoft Corporation) O20:64bit: - HKLM Winlogon: VMApplet - (/pagefile) - File not found O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation) O20 - HKLM Winlogon: VMApplet - (/pagefile) - File not found O20:64bit: - Winlogon\Notify\LBTWlgn: DllName - Reg Error: Key error. - c:\program files\common files\logishrd\bluetooth\LBTWlgn.dll (Logitech, Inc.) O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - CLSID or File not found. O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - CLSID or File not found. O32 - HKLM CDRom: AutoRun - 1 O32 - AutoRun File - [2006.09.18 22:43:36 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ] O32 - AutoRun File - [2010.10.12 12:42:53 | 000,000,000 | R--D | M] - E:\AutoPlay -- [ UDF ] O32 - AutoRun File - [2008.04.11 18:52:28 | 002,404,352 | R--- | M] () - E:\autorun.exe -- [ UDF ] O32 - AutoRun File - [2008.11.06 17:33:09 | 000,000,043 | R--- | M] () - E:\Autorun.inf -- [ UDF ] O33 - MountPoints2\{73cbddc5-bb6a-11df-bdfa-001c255ef5b6}\Shell - "" = AutoRun O33 - MountPoints2\{73cbddc5-bb6a-11df-bdfa-001c255ef5b6}\Shell\AutoRun\command - "" = L:\pushinst.exe -- File not found O33 - MountPoints2\{c8c776aa-2648-11df-b357-806e6f6e6963}\Shell - "" = AutoRun O33 - MountPoints2\{c8c776aa-2648-11df-b357-806e6f6e6963}\Shell\AutoRun\command - "" = E:\Start.exe -- [2006.01.10 14:49:24 | 000,492,032 | R--- | M] () O34 - HKLM BootExecute: (autocheck autochk *) - File not found O35:64bit: - HKLM\..comfile [open] -- "%1" %* O35:64bit: - HKLM\..exefile [open] -- "%1" %* O35 - HKLM\..comfile [open] -- "%1" %* O35 - HKLM\..exefile [open] -- "%1" %* O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %* O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %* O37 - HKLM\...com [@ = comfile] -- "%1" %* O37 - HKLM\...exe [@ = exefile] -- "%1" %* ========== Files/Folders - Created Within 30 Days ========== [2010.11.18 22:46:34 | 000,575,488 | ---- | C] (OldTimer Tools) -- C:\Users\O***w\Desktop\OTL.exe [2010.11.18 22:35:39 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Trend Micro [2010.11.18 22:35:32 | 000,812,344 | ---- | C] (Trend Micro Inc.) -- C:\Users\O***w\Desktop\HJTInstall.exe [2010.11.14 16:35:12 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Die Gilde 2 - Gold Edition [2010.11.13 01:29:46 | 000,000,000 | ---D | C] -- C:\Windows\SysWow64\explorer [2010.11.10 22:11:20 | 000,153,376 | ---- | C] (Sun Microsystems, Inc.) -- C:\Windows\SysWow64\javaws.exe [2010.11.10 22:11:20 | 000,145,184 | ---- | C] (Sun Microsystems, Inc.) -- C:\Windows\SysWow64\javaw.exe [2010.11.10 22:11:20 | 000,145,184 | ---- | C] (Sun Microsystems, Inc.) -- C:\Windows\SysWow64\java.exe [2010.11.10 11:22:00 | 000,000,000 | ---D | C] -- C:\Windows\de [2010.11.10 11:16:32 | 000,048,488 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\fssfltr.sys [2010.11.10 11:16:15 | 000,000,000 | ---D | C] -- C:\Program Files\Windows Live [2010.11.10 11:15:29 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\MSN Toolbar [2010.11.10 11:15:21 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Bing Bar Installer [2010.11.10 11:14:59 | 000,523,088 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\d3dx10_42.dll [2010.11.10 11:14:59 | 000,515,416 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\XAudio2_5.dll [2010.11.10 11:14:59 | 000,453,456 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\d3dx10_42.dll [2010.11.10 11:14:59 | 000,069,464 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\XAPOFX1_3.dll [2010.11.10 11:14:54 | 004,398,360 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\d3dx9_32.dll [2010.11.10 11:14:54 | 003,426,072 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\d3dx9_32.dll [2010.11.10 11:13:42 | 000,257,024 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\mfreadwrite.dll [2010.11.10 11:13:42 | 000,206,848 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\mfps.dll [2010.11.10 11:13:42 | 000,196,608 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\mfreadwrite.dll [2010.11.10 11:13:41 | 004,068,864 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\mf.dll [2010.11.10 11:13:41 | 001,888,256 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\WMVDECOD.DLL [2010.11.10 11:13:41 | 001,619,456 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\WMVDECOD.DLL [2010.11.10 11:13:40 | 003,181,568 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\mf.dll [2010.11.02 00:58:01 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\StreamTorrent 1.0 [2010.11.02 00:58:01 | 000,000,000 | ---D | C] -- C:\Users\O***w\AppData\Roaming\StreamTorrent [2010.11.01 19:05:25 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\DivX [2010.11.01 19:04:41 | 000,000,000 | ---D | C] -- C:\ProgramData\DivX [2010.10.27 04:25:54 | 000,961,024 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\CPFilters.dll [2010.10.27 04:25:54 | 000,641,536 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\CPFilters.dll [2010.10.27 04:25:54 | 000,552,960 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\msdri.dll [2010.10.27 04:25:54 | 000,288,256 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\MSNP.ax [2010.10.27 04:25:54 | 000,258,560 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\mpg2splt.ax [2010.10.27 04:25:54 | 000,204,288 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\MSNP.ax [2010.10.27 04:25:54 | 000,199,680 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\mpg2splt.ax [2010.10.27 04:25:49 | 000,027,008 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\Diskdump.sys [2010.10.24 11:43:38 | 000,000,000 | ---D | C] -- C:\Users\O***w\AppData\Roaming\DVDVideoSoft [2010.10.23 18:34:44 | 000,000,000 | ---D | C] -- C:\Users\O***w\AppData\Roaming\Outlook [2010.10.23 18:34:12 | 000,000,000 | ---D | C] -- C:\Users\O***w\Documents\My Photos [2010.10.23 18:34:12 | 000,000,000 | ---D | C] -- C:\Users\O***w\Documents\My Documents [2 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ] [1 C:\Windows\SysWow64\*.tmp files -> C:\Windows\SysWow64\*.tmp -> ] ========== Files - Modified Within 30 Days ========== [2010.11.18 22:50:38 | 000,013,216 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0 [2010.11.18 22:50:38 | 000,013,216 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0 [2010.11.18 22:47:41 | 001,805,958 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI [2010.11.18 22:47:41 | 000,765,838 | ---- | M] () -- C:\Windows\SysNative\perfh007.dat [2010.11.18 22:47:41 | 000,720,550 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat [2010.11.18 22:47:41 | 000,173,724 | ---- | M] () -- C:\Windows\SysNative\perfc007.dat [2010.11.18 22:47:41 | 000,146,512 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat [2010.11.18 22:46:37 | 000,575,488 | ---- | M] (OldTimer Tools) -- C:\Users\O***w\Desktop\OTL.exe [2010.11.18 22:44:51 | 000,002,014 | ---- | M] () -- C:\Users\Public\Desktop\Adobe Reader 9.lnk [2010.11.18 22:43:16 | 000,001,104 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job [2010.11.18 22:42:55 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat [2010.11.18 22:42:48 | 3220,676,608 | -HS- | M] () -- C:\hiberfil.sys [2010.11.18 22:39:54 | 000,472,410 | -H-- | M] () -- C:\Users\O***w\AppData\Roaming\O****wlog.dat [2010.11.18 22:35:52 | 000,002,093 | ---- | M] () -- C:\Users\O***w\Desktop\HijackThis.lnk [2010.11.18 22:35:33 | 000,812,344 | ---- | M] (Trend Micro Inc.) -- C:\Users\O***w\Desktop\HJTInstall.exe [2010.11.18 22:02:10 | 000,158,720 | ---- | M] () -- C:\Users\O***w\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini [2010.11.18 22:01:02 | 000,001,108 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job [2010.11.18 14:05:33 | 000,000,000 | ---- | M] () -- C:\Users\O***w\NortonAV.exe [2010.11.16 22:43:05 | 000,056,548 | ---- | M] () -- C:\Users\O***w\Desktop\he-man-400ds0702.jpg [2010.11.14 16:43:56 | 000,001,126 | ---- | M] () -- C:\Users\Public\Desktop\Die Gilde 2 - Gold Edition.lnk [2010.11.13 16:06:52 | 000,001,570 | ---- | M] () -- C:\Users\O***w\Desktop\Thunderbird.lnk [2010.11.11 14:04:29 | 003,150,965 | ---- | M] () -- C:\Users\O***w\Desktop\scoresheets0001.pdf [2010.11.10 11:19:25 | 000,000,020 | ---- | M] () -- C:\Windows\0ö^ [2010.11.06 19:42:32 | 002,738,950 | ---- | M] () -- C:\Users\O***w\Desktop\dream.psd [2010.11.03 21:31:29 | 000,015,748 | ---- | M] () -- C:\Users\O***w\Documents\konto.xlsx [2010.11.02 13:05:06 | 000,081,584 | ---- | M] (Avira GmbH) -- C:\Windows\SysNative\drivers\avgntflt.sys [2010.10.29 10:55:40 | 000,026,624 | ---- | M] () -- C:\Users\O***w\Desktop\widerspruch_gez.doc [2010.10.29 10:45:30 | 000,000,000 | ---- | M] () -- C:\Users\O***w\Desktop\widerspruch_gez.docx [2010.10.24 11:47:01 | 004,712,776 | ---- | M] () -- C:\Users\O***w\Desktop\raikos_strip_vorbereitung.avi [2010.10.24 11:46:55 | 037,861,250 | ---- | M] () -- C:\Users\O***w\Desktop\raikos_strip_01.avi [2010.10.24 11:43:43 | 000,001,239 | ---- | M] () -- C:\Users\O***w\Desktop\DVDVideoSoft Free Studio.lnk [2 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ] [1 C:\Windows\SysWow64\*.tmp files -> C:\Windows\SysWow64\*.tmp -> ] ========== Files Created - No Company Name ========== [2010.11.18 22:35:39 | 000,002,093 | ---- | C] () -- C:\Users\O***w\Desktop\HijackThis.lnk [2010.11.16 22:43:03 | 000,056,548 | ---- | C] () -- C:\Users\O***w\Desktop\he-man-400ds0702.jpg [2010.11.14 16:43:56 | 000,001,126 | ---- | C] () -- C:\Users\Public\Desktop\Die Gilde 2 - Gold Edition.lnk [2010.11.13 16:06:52 | 000,001,570 | ---- | C] () -- C:\Users\O***w\Desktop\Thunderbird.lnk [2010.11.13 01:30:03 | 000,000,000 | ---- | C] () -- C:\Users\O***w\NortonAV.exe [2010.11.11 14:04:29 | 003,150,965 | ---- | C] () -- C:\Users\O***w\Desktop\scoresheets0001.pdf [2010.11.10 11:19:25 | 000,000,020 | ---- | C] () -- C:\Windows\0ö^ [2010.11.06 19:42:30 | 002,738,950 | ---- | C] () -- C:\Users\O***w\Desktop\dream.psd [2010.10.29 10:55:36 | 000,026,624 | ---- | C] () -- C:\Users\O***w\Desktop\widerspruch_gez.doc [2010.10.29 10:45:30 | 000,000,000 | ---- | C] () -- C:\Users\O***w\Desktop\widerspruch_gez.docx [2010.10.24 18:31:55 | 000,002,014 | ---- | C] () -- C:\Users\Public\Desktop\Adobe Reader 9.lnk [2010.10.24 11:46:55 | 004,712,776 | ---- | C] () -- C:\Users\O***w\Desktop\raikos_strip_vorbereitung.avi [2010.10.24 11:46:04 | 037,861,250 | ---- | C] () -- C:\Users\O***w\Desktop\raikos_strip_01.avi [2010.09.13 19:28:27 | 000,005,224 | ---- | C] () -- C:\Windows\SysWow64\ucuiinfo.ini [2010.09.08 18:20:52 | 000,000,126 | -HS- | C] () -- C:\ProgramData\.zreglib [2010.07.30 14:15:17 | 000,000,089 | ---- | C] () -- C:\Windows\SysWow64\MSBII.dll [2010.07.30 14:12:28 | 000,338,944 | ---- | C] () -- C:\Windows\SysWow64\lffpx7.dll [2010.07.30 14:12:28 | 000,118,784 | ---- | C] () -- C:\Windows\SysWow64\lfkodak.dll [2010.07.30 14:12:28 | 000,032,768 | ---- | C] () -- C:\Windows\SysWow64\WKAuxil.dll [2010.07.30 14:12:26 | 000,017,920 | ---- | C] () -- C:\Windows\SysWow64\implode.dll [2010.07.30 14:12:25 | 003,782,416 | ---- | C] () -- C:\Windows\SysWow64\mso97.dll [2010.06.22 18:11:35 | 000,000,032 | ---- | C] () -- C:\Windows\Menu.INI [2010.03.03 12:40:11 | 001,782,004 | ---- | C] () -- C:\Windows\SysWow64\PerfStringBackup.INI [2010.03.03 01:03:45 | 000,008,814 | ---- | C] () -- C:\ProgramData\hpzinstall.log [2010.03.03 00:50:33 | 000,000,306 | RHS- | C] () -- C:\ProgramData\ntuser.pol [2010.01.29 21:11:35 | 000,004,041 | ---- | C] () -- C:\Users\O***w\AppData\Roaming\SQLite3.dll [2010.01.15 00:14:24 | 004,612,300 | -H-- | C] () -- C:\Users\O***w\AppData\Local\IconCache (1).db [2009.07.14 00:42:10 | 000,064,000 | ---- | C] () -- C:\Windows\SysWow64\BWContextHandler.dll [2009.07.13 22:03:59 | 000,364,544 | ---- | C] () -- C:\Windows\SysWow64\msjetoledb40.dll [2008.07.25 00:19:19 | 000,158,720 | ---- | C] () -- C:\Users\O***w\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini [2008.07.24 19:57:07 | 000,101,224 | ---- | C] () -- C:\Users\O***w\AppData\Local\GDIPFONTCACHEV1 (1).DAT [2008.07.24 19:57:07 | 000,000,680 | ---- | C] () -- C:\Users\O***w\AppData\Local\d3d9caps.dat [2006.11.02 09:27:46 | 000,000,566 | ---- | C] () -- C:\Windows\SysWow64\SP207.ini [2005.04.08 03:16:43 | 001,432,904 | -H-- | C] () -- C:\Users\O***w\AppData\Roaming\logs.dat [2005.04.08 03:16:43 | 000,472,410 | -H-- | C] () -- C:\Users\O***w\AppData\Roaming\O***wlog.dat [2004.01.26 16:15:29 | 000,233,472 | R--- | C] () -- C:\Users\O***w\AppData\Roaming\MafiaSetup.exe ========== Alternate Data Streams ========== @Alternate Data Stream - 24 bytes -> C:\Windows:7AC689116CCF149D < End of report > Code:
ATTFilter OTL Extras logfile created on: 18.11.2010 22:47:45 - Run 1
OTL by OldTimer - Version 3.2.17.3 Folder = C:\Users\O***w\Desktop
64bit- Home Premium Edition (Version = 6.1.7600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.7600.16385)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
4,00 Gb Total Physical Memory | 2,00 Gb Available Physical Memory | 62,00% Memory free
7,00 Gb Paging File | 5,00 Gb Available in Paging File | 76,00% Paging File free
Paging file location(s): c:\pagefile.sys 3072 4096 [binary data]
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 235,44 Gb Total Space | 60,61 Gb Free Space | 25,74% Space Free | Partition Type: NTFS
Drive D: | 230,32 Gb Total Space | 89,56 Gb Free Space | 38,89% Space Free | Partition Type: NTFS
Drive E: | 7,34 Gb Total Space | 0,00 Gb Free Space | 0,00% Space Free | Partition Type: UDF
Computer Name: OUTLAW-DESKTOP | User Name: O***w | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Include 64bit Scans
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
========== Extra Registry (SafeList) ==========
========== File Associations ==========
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.url[@ = InternetShortcut] -- C:\Windows\System32\ieframe.DLL (Microsoft Corporation)
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- C:\Windows\SysWow64\control.exe (Microsoft Corporation)
.url [@ = InternetShortcut] -- C:\Windows\System32\ieframe.DLL (Microsoft Corporation)
[HKEY_CURRENT_USER\SOFTWARE\Classes\<extension>]
.html [@ = FirefoxHTML] -- C:\Program Files (x86)\Mozilla Firefox\firefox.exe (Mozilla Corporation)
========== Shell Spawning ==========
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %* File not found
cmdfile [open] -- "%1" %* File not found
comfile [open] -- "%1" %* File not found
exefile [open] -- "%1" %* File not found
helpfile [open] -- Reg Error: Key error.
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
InternetShortcut [open] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\ieframe.dll",OpenURL %l (Microsoft Corporation)
InternetShortcut [print] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\mshtml.dll",PrintHTML "%1" (Microsoft Corporation)
piffile [open] -- "%1" %* File not found
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1" File not found
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l (Microsoft Corporation)
scrfile [open] -- "%1" /S File not found
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1 File not found
Directory [Browse with &IrfanView] -- "C:\Program Files (x86)\IrfanView\i_view32.exe" "%1 /thumbs" (Irfan Skiljan)
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [OneNote.Open] -- C:\PROGRA~2\MICROS~1\Office12\ONENOTE.EXE "%L" File not found
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
InternetShortcut [open] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\ieframe.dll",OpenURL %l (Microsoft Corporation)
InternetShortcut [print] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\mshtml.dll",PrintHTML "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l (Microsoft Corporation)
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [Browse with &IrfanView] -- "C:\Program Files (x86)\IrfanView\i_view32.exe" "%1 /thumbs" (Irfan Skiljan)
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [OneNote.Open] -- C:\PROGRA~2\MICROS~1\Office12\ONENOTE.EXE "%L" File not found
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
========== Security Center Settings ==========
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"VistaSp1" = 28 4D B2 76 41 04 CA 01 [binary data]
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
========== Firewall Settings ==========
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"DisableNotifications" = 1
"EnableFirewall" = 0
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"DisableNotifications" = 0
"EnableFirewall" = 0
========== Authorized Applications List ==========
========== HKEY_LOCAL_MACHINE Uninstall List ==========
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{02382870-19C7-3ACD-BBAE-F6E3760947DC}" = Microsoft .NET Framework 4 Extended DEU Language Pack
"{09782D89-1CA6-4B7D-82C5-2DE01AF5601B}" = Microsoft SQL Server 2008 Common Files
"{0ADF605D-2D94-4467-91F7-D75C71CF328D}" = Microsoft SQL Server 2008 Database Engine Shared
"{0E3DAF3D-FF69-345A-A99E-1FED304CA083}" = Microsoft .NET Framework 4 Client Profile DEU Language Pack
"{0F37D969-1260-419E-B308-EF7D29ABDE20}" = Web Deployment Tool
"{11EB3D68-A5BE-43EA-8D31-43B08ADB0DA4}" = Microsoft Sync Services for ADO.NET v2.0 SP1 (x64) de
"{197B3774-B7E6-4D50-AD0D-7F99B1E264D2}" = Microsoft SQL Server System CLR Types (x64)
"{1B8ABA62-74F0-47ED-B18C-A43128E591B8}" = Windows Live ID Sign-in Assistant
"{1C55470A-7C9E-4C63-B466-6AFFC69E94E9}" = Windows Live Family Safety
"{1CB6C387-65A7-327F-B4A5-7DDC75A291AF}" = Microsoft Visual Studio 2010 Office Developer Tools (x64)
"{26A24AE4-039D-4CA4-87B4-2F86416018FF}" = Java(TM) 6 Update 18 (64-bit)
"{28D06854-572C-4A65-83E5-F8CAF26B9FDC}" = Microsoft SQL Server VSS Writer
"{2DF4C5DD-7417-301D-935D-939D3B7B5997}" = Microsoft Help Viewer 1.0 Language Pack - DEU
"{2F14965D-567B-4E59-ADEB-0A2CC1E3ADDF}" = Sql Server Customer Experience Improvement Program
"{3D3E663D-4E7E-4577-A560-7ECDDD45548A}" = PVSonyDll
"{440668AA-7524-40DB-966A-60BE535E1B3F}" = Microsoft SQL Server 2008 Database Engine Services
"{46A5FBE9-ADB3-4493-A1CC-B4CFFD24D26A}" = Windows Live Family Safety
"{47BA3A3A-6B4E-307F-A43B-724079FE90C6}" = Microsoft Visual Studio 2010 Tools for Office Runtime (x64) Language Pack - DEU
"{4D668D4F-FAA2-4726-834C-31F4614F312E}" = MSVC80_x64_v2
"{5340A3B5-3853-4745-BED2-DD9FF5371331}" = Microsoft SQL Server 2008 Common Files
"{53952792-BF16-300E-ADF2-E7E4367E00CF}" = Visual Studio 2010 Prerequisites - English
"{55D55008-E5F6-47D6-B16F-B2A40D4D145F}" = 64 Bit HP CIO Components Installer
"{5EB6F3CB-46F4-451F-A028-7F6D8D35D7D0}" = Windows Live Language Selector
"{626672CD-BFCF-49A9-AEFE-AB0FED3BFC5B}" = Windows Mobile-Gerätecenter
"{6AF73222-EE90-434C-AE7E-B96F70A68D89}" = Unterstützungsdateien für Microsoft SQL Server 2008-Setup
"{7AC5FFA7-6815-4AED-B16D-8E0D7CC4B221}" = Microsoft Sync Framework Runtime v1.0 SP1 (x64) de
"{7ACE202B-1B01-4B43-B6AE-03D66D621CDE}" = Microsoft SQL Server 2008 RsFx Driver
"{8325FD0C-2FDB-46C3-921A-3A78385EA972}" = Microsoft SQL Server 2008 Native Client
"{8476A22A-405F-3DCB-96CA-D98C6418C89B}" = Microsoft Visual Studio 2010 Performance Collection Tools - DEU
"{8583E7E3-2237-4981-B957-E28E5E9AB678}" = Microsoft SQL Server 2008 R2 Management Objects (x64)
"{8E34682C-8118-31F1-BC4C-98CD9675E1C2}" = Microsoft .NET Framework 4 Extended
"{90120000-002A-0000-1000-0000000FF1CE}" = Microsoft Office Office 64-bit Components 2007
"{90120000-002A-0407-1000-0000000FF1CE}" = Microsoft Office Shared 64-bit MUI (German) 2007
"{92DBCA36-9B41-4DD1-941A-AED149DD37F0}" = Windows Mobile-Gerätecenter: Treiberupdate
"{94D70749-4281-39AC-AD90-B56A0E0A402E}" = Microsoft Visual C++ 2010 x64 Runtime - 10.0.30319
"{95120000-00B9-0409-1000-0000000FF1CE}" = Microsoft Application Error Reporting
"{95A2AD24-BD44-3E39-A31F-CE928276577E}" = Microsoft Visual C++ 2010 x64 Designtime - 10.0.30319
"{A1F50E06-E514-393D-AAEB-2F989F0B7C68}" = Microsoft Team Foundation Server 2010 Object Model - DEU
"{AB071C8B-873C-459F-ACA9-9EBE03C3E89B}" = MSVC90_x64
"{BD430C50-784F-32CD-87E7-A8C47EE6107F}" = Microsoft Visual Studio 2010 Tools for Office Runtime (x64)
"{C3EAE456-7E7A-451F-80EF-F34C7A13C558}" = Microsoft SQL Server Compact 3.5 SP2 x64 DEU
"{CC8BA866-16A7-4667-BA0C-C494A1E7B2BF}" = Microsoft SQL Server 2008 Database Engine Shared
"{D5876F0A-B2E9-4376-B9F5-CD47B7B8D820}" = Windows Live Remote Client Resources
"{D930AF5C-5193-4616-887D-B974CEFC4970}" = Windows Live Remote Service Resources
"{DA54F80E-261C-41A2-A855-549A144F2F59}" = Windows Live MIME IFilter
"{DF6D988A-EEA0-4277-AAB8-158E086E439B}" = Windows Live Remote Client
"{E02A6548-6FDE-40E2-8ED9-119D7D7E641F}" = Windows Live Remote Service
"{E1C1D175-C23E-38F4-9AC1-ABE5167022CF}" = Microsoft Visual Studio 2010 IntelliTrace Collection (x64)
"{E802A021-0F24-3484-97F7-D74D74CB93A0}" = Microsoft Visual Studio 2010 Office Developer Tools (x64) Language Pack - DEU
"{EB773820-0871-46A8-9B96-F2B04F8B34F0}" = HP Deskjet All-In-One Driver Software 13.0 Rel. 1
"{EE936C7A-EA40-31D5-9B65-8E3E089C3828}" = Microsoft Visual C++ 2008 ATL Update kb973924 - x64 9.0.30729.4148
"{EF9A1373-9238-4E11-8FF8-7B83996F5BE5}" = Microsoft Sync Framework Services v1.0 SP1 (x64) de
"{F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4}" = Microsoft .NET Framework 4 Client Profile
"{FBD367D1-642F-47CF-B79B-9BE48FB34007}" = Microsoft SQL Server 2008 Database Engine Services
"{FCADA26A-5672-31DD-BF0E-BA76ECF9B02D}" = Microsoft Help Viewer 1.0
"FCEC33AD40CEA5E0FC4CEE6E42041A0DA189652D" = Windows-Treiberpaket - Nokia pccsmcfd (08/22/2008 7.0.0.0)
"HP Smart Web Printing" = HP Smart Web Printing 4.51
"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile
"Microsoft .NET Framework 4 Client Profile DEU Language Pack" = Microsoft .NET Framework 4 Client Profile DEU Language Pack
"Microsoft .NET Framework 4 Extended" = Microsoft .NET Framework 4 Extended
"Microsoft .NET Framework 4 Extended DEU Language Pack" = Microsoft .NET Framework 4 Extended DEU Language Pack
"Microsoft Help Viewer 1.0" = Microsoft Help Viewer 1.0
"Microsoft Help Viewer 1.0 Language Pack - DEU" = Microsoft Help Viewer 1.0 Language Pack - DEU
"Microsoft SQL Server 10" = Microsoft SQL Server 2008 (64-bit)
"Microsoft SQL Server 10 Release" = Microsoft SQL Server 2008 (64-bit)
"Microsoft Team Foundation Server 2010 Object Model - DEU" = Microsoft Team Foundation Server 2010-Objektmodell - DEU
"Microsoft Visual Studio 2010 Tools for Office Runtime (x64)" = Microsoft Visual Studio 2010 Tools for Office Runtime (x64)
"Microsoft Visual Studio 2010 Tools for Office Runtime (x64) Language Pack - DEU" = Microsoft Visual Studio 2010-Tools für Office-Laufzeit (x64) Language Pack - DEU
"NVIDIA Display Control Panel" = NVIDIA Display Control Panel
"NVIDIA Drivers" = NVIDIA Drivers
"Shop for HP Supplies" = Shop for HP Supplies
"SP6" = Logitech SetPoint 6.0
"TeamSpeak 3 Client" = TeamSpeak 3 Client
"WinRAR archiver" = WinRAR
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{002D9D5E-29BA-3E6D-9BC4-3D7D6DBC735C}" = Microsoft Visual C++ 2008 ATL Update kb973924 - x86 9.0.30729.4148
"{0125D081-30D0-4A97-82A8-C28D444B6256}" = Microsoft SQL Server Compact 3.5 SP2 DEU
"{0481A2EA-DA1D-4D10-A7C3-F8237948F6B5}" = Messenger Companion
"{06A1D88C-E102-4527-AF70-29FFD7AF215A}" = Scan
"{08234a0d-cf39-4dca-99f0-0c5cb496da81}" = Bing Bar
"{089DD780-DB3F-4CDB-A0C2-111360247298}" = PC Connectivity Solution
"{08DA8E46-ED67-451A-9246-50E0FF6959C9}" = Microsoft Sync Framework SDK v1.0 SP1 de
"{0B0F231F-CE6A-483D-AA23-77B364F75917}" = Windows Live Installer
"{0EF5BEA9-B9D3-46d7-8958-FB69A0BAEACC}" = Status
"{13F3917B56CD4C25848BDC69916971BB}" = DivX Converter
"{155F4A0E-76ED-45A2-91FB-FF2A2133C31A}" = Risen
"{175F0111-2968-4935-8F70-33108C6A4DE3}" = MarketResearch
"{1803A630-3C38-4D2B-9B9A-0CB37243539C}" = Microsoft ASP.NET MVC 2
"{196467F1-C11F-4F76-858B-5812ADC83B94}" = MSXML 4.0 SP3 Parser
"{1B9B5B3B-28E7-4E59-A80D-D670AA984514}" = Nokia Connectivity Cable Driver
"{1CAC7A41-583B-4483-9FA5-3E5465AFF8C2}" = Microsoft Default Manager
"{1DDB95A4-FD7B-4517-B3F1-2BCAA96879E6}" = Windows Live Writer Resources
"{1EC71BFB-01A3-4239-B6AF-B1AE656B15C0}" = TrayApp
"{1F6AB0E7-8CDD-4B93-8A23-AA9EB2FEFCE4}" = Junk Mail filter update
"{200FEC62-3C34-4D60-9CE8-EC372E01C08F}" = Windows Live SOXE Definitions
"{236BB7C4-4419-42FD-0409-1E257A25E34D}" = Adobe Photoshop CS2
"{2436F2A8-4B7E-4B6C-AE4E-604C84AA6A4F}" = Nero Core Components 10
"{2640314A-2D9A-4F58-B501-DB109CD9DBA2}" = DJ_AIO_ProductContext
"{26A24AE4-039D-4CA4-87B4-2F83216018FF}" = Java(TM) 6 Update 22
"{2EEA7AA4-C203-4b90-A34F-19FB7EF1C81C}" = BufferChm
"{2FF8C687-DB7D-4adc-A5DC-57983EC25046}" = DeviceDiscovery
"{30837A37-8F9F-4817-8B52-C501B67DC3BE}" = Trust WB-1400T Webcam
"{30D1F3D2-54CF-481D-A005-F94B0E98FEEC}" = Sid Meier's Civilization 4 Complete
"{31C3C6EA-E991-405F-A3AA-2C070CCCC47C}" = Microsoft ASP.NET MVC 2 - Visual Studio 2010 Tools - DEU
"{32DACAC3-6538-405D-915E-8F2D026F199C}" = DJ_AIO_Software_min
"{3336F667-9049-4D46-98B6-4C743EEBC5B1}" = Windows Live Photo Gallery
"{3C92B2E6-380D-4fef-B4DF-4A3B4B669771}" = Copy
"{3EE9BCAE-E9A9-45E5-9B1C-83A4D357E05C}" = eReg
"{3F290582-3F4E-4B96-009C-E0BABAA40C42}" = Die Schlacht um Mittelerde(tm)
"{3FC7CBBC4C1E11DCA1A752EA55D89593}" = DivX Version Checker
"{40416836-56CC-4C0E-A6AF-5C34BADCE483}" = Microsoft ASP.NET MVC 2 - Visual Studio 2010 Tools
"{4135C790-0387-36D7-9C2A-1B09A5900460}" = Microsoft Visual Studio 2010 Ultimate - DEU
"{41B31ABE-5A6E-498A-8F28-3BA3B8779A41}" = Dotfuscator Software Services - Community Edition
"{4286E640-B5FB-11DF-AC4B-005056C00008}" = Google Earth
"{43CDF946-F5D9-4292-B006-BA0D92013021}" = WebReg
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{4A70EF07-7F88-4434-BB61-D1DE8AE93DD4}" = SolutionCenter
"{4AF2248C-B3DF-46FB-9596-87F5DB193689}" = Microsoft SQL Server 2008 Browser
"{4CBABDFD-49F8-47FD-BE7D-ECDE7270525A}" = Windows Live PIMT Platform
"{4E7C28C7-D5DA-4E9F-A1CA-60490B54AE35}" = UnloadSupport
"{523B2B1B-D8DB-4B41-90FF-C4D799E2758A}" = Nero ControlCenter 10 Help (CHM)
"{5242B252-01BB-4F2E-BBF4-5C01BC3B6619}" = Microsoft SQL Server 2008 R2 Data-Tier Application Project
"{56C049BE-79E9-4502-BEA7-9754A3E60F9B}" = neroxml
"{57ABE5FC-9E26-49E0-00A3-CF45D750B1AB}" = MVP Baseball 2005
"{5A08C9D1-37AD-4A8D-90D3-33F92C578AA5}" = Microsoft SQL Server System CLR Types
"{5EE7D259-D137-4438-9A5F-42F432EC0421}" = VC80CRTRedist - 8.0.50727.4053
"{616C6F39-4CE1-3434-A665-2F6A04C09A7F}" = Microsoft Visual Studio 2010 ADO.NET Entity Framework Tools
"{63FF21C9-A810-464F-B60A-3111747B1A6D}" = GPBaseService2
"{65BB0407-4CC8-4DC7-952E-3EEFDF05602A}" = Nero Update
"{65C0025A-2CDE-43C5-82D0-C7A56EF0DB39}" = Bing Bar Platform
"{66EBD70F-A42C-475F-AEDF-277378151031}" = Nero 7 Essentials
"{681B698F-C997-42C3-B184-B489C6CA24C9}" = HPPhotoSmartDiscLabelContent1
"{681F4E9F-34E0-36BD-BF2C-100554E403A5}" = Microsoft Visual F# 2.0 Runtime Language Pack - DEU
"{682B3E4F-696A-42DE-A41C-4C07EA1678B4}" = Windows Live SOXE
"{6A86554B-8928-30E4-A53C-D7337689134D}" = Microsoft Visual C++ 2010 x86 Runtime - 10.0.30319
"{6B2FFB21-AC88-45C3-9A7D-4BB3E744EC91}" = HPSSupply
"{6BBA26E9-AB03-4FE7-831A-3535584CA002}" = Toolbox
"{6CDEAD7E-F8D8-37F7-AB6F-1E22716E30F3}" = Microsoft Visual Studio Macro Tools
"{6D3245B1-8DB8-4A23-9CD2-2C90F40ABAF6}" = MSVC80_x86_v2
"{6D6664A9-3342-4948-9B7E-034EFE366F0F}" = HTC Driver Installer
"{6DFB899F-17A2-48F0-A533-ED8D6866CF38}" = Nero Control Center 10
"{7059BDA7-E1DB-442C-B7A1-6144596720A4}" = HP Update
"{716E0306-8318-4364-8B8F-0CC4E9376BAC}" = MSXML 4.0 SP2 Parser and SDK
"{729A3000-BC8A-3B74-BA5D-5068FE12D70C}" = Microsoft Visual F# 2.0 Runtime
"{74A84478-70A5-4F7A-966C-FA2771FF91A5}_is1" = Patch v2.2
"{75C14F0A-EAA4-43CD-AA81-32FDB1686329}" = TubeBox!
"{770657D0-A123-3C07-8E44-1C83EC895118}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
"{786C5747-1033-0000-B58E-000000000001}" = Adobe Stock Photos 1.0
"{78A96B4C-A643-4D0F-98C2-A8E16A6669F9}" = Windows Live Messenger Companion Core
"{7B63B2922B174135AFC0E1377DD81EC2}" =
"{7BEC151D-ADA9-3EA9-9273-99BA82881971}" = Microsoft Visual Studio 2010 SharePoint Developer Tools
"{837b34e3-7c30-493c-8f6a-2b0f04e2912c}" = Microsoft Visual C++ 2005 Redistributable
"{842BEE12-CCCB-43F4-ABAF-CBA6DFE2583D}" = Nero BurnLite 10
"{859D4022-B76D-40DE-96EF-C90CDA263F44}" = Windows Live Writer
"{86D4B82A-ABED-442A-BE86-96357B70F4FE}" = Ask Toolbar
"{873E4648-6F6E-47F6-A7B2-A6F8DFABDCE6}" = Windows Live Messenger
"{88EB38EF-4D2C-436D-ABD3-56B232674062}" = ICQ7
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{8A809006-C25A-4A3A-9DAB-94659BCDB107}" = NVIDIA PhysX
"{8ADFC4160D694100B5B8A22DE9DCABD9}" = DivX Player
"{8C6D6116-B724-4810-8F2D-D047E6B7D68E}" = Mesh Runtime
"{8DD46C6A-0056-4FEC-B70A-28BB16A1F11F}" = MSVCRT
"{8EDBA74D-0686-4C99-BFDD-F894678E5B39}" = Adobe Common File Installer
"{90120000-0015-0407-0000-0000000FF1CE}" = Microsoft Office Access MUI (German) 2007
"{90120000-0015-0407-0000-0000000FF1CE}_ENTERPRISE_{9BD40163-B95D-4B07-8991-0AB775B6D88B}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0016-0407-0000-0000000FF1CE}" = Microsoft Office Excel MUI (German) 2007
"{90120000-0016-0407-0000-0000000FF1CE}_ENTERPRISE_{9BD40163-B95D-4B07-8991-0AB775B6D88B}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0018-0407-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (German) 2007
"{90120000-0018-0407-0000-0000000FF1CE}_ENTERPRISE_{9BD40163-B95D-4B07-8991-0AB775B6D88B}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0019-0407-0000-0000000FF1CE}" = Microsoft Office Publisher MUI (German) 2007
"{90120000-0019-0407-0000-0000000FF1CE}_ENTERPRISE_{9BD40163-B95D-4B07-8991-0AB775B6D88B}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-001A-0407-0000-0000000FF1CE}" = Microsoft Office Outlook MUI (German) 2007
"{90120000-001A-0407-0000-0000000FF1CE}_ENTERPRISE_{9BD40163-B95D-4B07-8991-0AB775B6D88B}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-001B-0407-0000-0000000FF1CE}" = Microsoft Office Word MUI (German) 2007
"{90120000-001B-0407-0000-0000000FF1CE}_ENTERPRISE_{9BD40163-B95D-4B07-8991-0AB775B6D88B}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-001F-0407-0000-0000000FF1CE}" = Microsoft Office Proof (German) 2007
"{90120000-001F-0407-0000-0000000FF1CE}_ENTERPRISE_{A0516415-ED61-419A-981D-93596DA74165}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2007
"{90120000-001F-0409-0000-0000000FF1CE}_ENTERPRISE_{ABDDE972-355B-4AF1-89A8-DA50B7B5C045}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2007
"{90120000-001F-040C-0000-0000000FF1CE}_ENTERPRISE_{F580DDD5-8D37-4998-968E-EBB76BB86787}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-001F-0410-0000-0000000FF1CE}" = Microsoft Office Proof (Italian) 2007
"{90120000-001F-0410-0000-0000000FF1CE}_ENTERPRISE_{322296D4-1EAE-4030-9FBC-D2787EB25FA2}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-002A-0000-1000-0000000FF1CE}_ENTERPRISE_{E64BA721-2310-4B55-BE5A-2925F9706192}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-002A-0407-1000-0000000FF1CE}_ENTERPRISE_{26454C26-D259-4543-AA60-3189E09C5F76}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-002C-0407-0000-0000000FF1CE}" = Microsoft Office Proofing (German) 2007
"{90120000-0030-0000-0000-0000000FF1CE}" = Microsoft Office Enterprise 2007
"{90120000-0030-0000-0000-0000000FF1CE}_ENTERPRISE_{0B36C6D6-F5D8-4EAF-BF94-4376A230AD5B}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0030-0000-0000-0000000FF1CE}_ENTERPRISE_{3D019598-7B59-447A-80AE-815B703B84FF}" = Security Update for Microsoft Office system 2007 (972581)
"{90120000-0044-0407-0000-0000000FF1CE}" = Microsoft Office InfoPath MUI (German) 2007
"{90120000-0044-0407-0000-0000000FF1CE}_ENTERPRISE_{9BD40163-B95D-4B07-8991-0AB775B6D88B}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-006E-0407-0000-0000000FF1CE}" = Microsoft Office Shared MUI (German) 2007
"{90120000-006E-0407-0000-0000000FF1CE}_ENTERPRISE_{26454C26-D259-4543-AA60-3189E09C5F76}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-00A1-0407-0000-0000000FF1CE}" = Microsoft Office OneNote MUI (German) 2007
"{90120000-00A1-0407-0000-0000000FF1CE}_ENTERPRISE_{9BD40163-B95D-4B07-8991-0AB775B6D88B}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-00BA-0407-0000-0000000FF1CE}" = Microsoft Office Groove MUI (German) 2007
"{90120000-00BA-0407-0000-0000000FF1CE}_ENTERPRISE_{9BD40163-B95D-4B07-8991-0AB775B6D88B}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{91F54E1D-804A-46D8-A56C-53EA9C4B3177}" = Microsoft Silverlight 3 SDK - Deutsch
"{92C5C058-E941-47C3-B7E8-38A79C605969}" = Microsoft SQL Server 2008 R2 Transact-SQL Language Service
"{92EA4134-10D1-418A-91E1-5A0453131A38}" = Windows Live Movie Maker
"{95120000-00B9-0409-0000-0000000FF1CE}" = Microsoft Application Error Reporting
"{95140000-007A-0407-0000-0000000FF1CE}" = Microsoft Office Outlook Connector
"{9C3B8582-A72A-4835-8903-877A834407BB}" = Microsoft SQL Server 2008 R2-Datenebenenanwendungs-Framework
"{9D56775A-93F3-44A3-8092-840E3826DE30}" = Windows Live Mail
"{9E48FF52-082C-4CC2-BB67-6E10D09C0431}" = Windows Live UX Platform Language Pack
"{A106D33E-6B43-42C0-9BFC-D03303261FA7}" = Microsoft SQL Server 2008 R2 Management Objects
"{A589DA26-51BD-475D-8C32-E19E34145842}" = Camtasia Studio 6
"{A6B90148-02C5-4fd3-8D7A-EF2386835CB9}" = F4100_Help
"{A726AE06-AAA3-43D1-87E3-70F510314F04}" = Windows Live Writer
"{A8516AC9-AAF1-47F9-9766-03E2D4CDBCF8}" = CyberLink PowerDVD 9
"{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper
"{A9BDCA6B-3653-467B-AC83-94367DA3BFE3}" = Windows Live Photo Common
"{AAAFC670-569B-4A2F-82B4-42945E0DE3EF}" = Windows Live Writer
"{AB627AF2-9C7E-4DBD-816B-3B2646B81E89}" = Nero BurnLite 10
"{AC41D924-8C68-4BD5-A7A1-0AE4176C31A6}" = Crystal Reports for Visual Studio
"{AC76BA86-7AD7-1031-7B44-A94000000001}" = Adobe Reader 9.4.1 - Deutsch
"{ACE28263-76A4-4BF5-B6F4-8BD719595969}" = Microsoft SQL Server Database Publishing Wizard 1.4
"{ACFBE99B-6981-4513-B17E-A2683CEB9EE5}" = Windows Live Mesh
"{AD99B476-6FB7-4985-A3C3-E40595A7E6DE}" = DJ_AIO_Software
"{AE3CF174-872C-46C6-B9F6-C0593F3BC7B8}" = Microsoft Office Live Add-in 1.4
"{AF111648-99A1-453E-81DD-80DBBF6DAD0D}" = MSVC90_x86
"{B113D18C-67B0-4FB7-B329-E89B66194AE6}" = Windows Live Fotogalerie
"{B1239994-A850-44E2-BED8-E70A21124E16}" = Windows Live Mail
"{B13A7C41581B411290FBC0395694E2A9}" = DivX Converter
"{B194272D-1F92-46DF-99EB-8D5CE91CB4EC}" = Adobe AIR
"{B74D4E10-1033-0000-0000-000000000001}" = Adobe Bridge 1.0
"{B7E38540-E355-3503-AFD7-635B2F2F76E1}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4974
"{BBD3BDF5-056A-4FB5-91B6-E317DB669FB0}" = HTC Sync
"{BD7204BA-DD64-499E-9B55-6A282CDF4FA4}" = Destinations
"{C05D8CDB-417D-4335-A38C-A0659EDFD6B8}" = Die Sims™ 3
"{C2AB7DC4-489E-4BE9-887A-52262FBADBE0}" = Windows Live Photo Common
"{C43326F5-F135-4551-8270-7F7ABA0462E1}" = HPProductAssistant
"{C5398A89-516C-4DAF-BA07-EE7949090E56}" = Windows Live Mesh ActiveX control for remote connections
"{CAE4213F-F797-439D-BD9E-79B71D115BE3}" = HPPhotoGadget
"{CE95A79E-E4FC-4FFF-8A75-29F04B942FF2}" = Windows Live UX Platform
"{CE9BAD6E-60FC-46CC-82A2-5B0F2B1A0E36}" = Dotfuscator Software Services - Community Edition - DEU
"{CFCB8616-A5D1-4281-80E8-389F685BFAE2}" = Visual Studio 2010 Tools for SQL Server Compact 3.5 SP2 DEU
"{CFEF48A8-BFB8-3EAC-8BA5-DE4F8AA267CE}" = Microsoft .NET Framework 4 Multi-Targeting Pack
"{CFF8B8E8-E086-4DE0-935F-FE22CAB54F80}" = Microsoft Search Enhancement Pack
"{d05a1414-a955-4c5c-9716-b7777ef86e85}" = F4100
"{D0B44725-3666-492D-BEF6-587A14BD9BD9}" = MSVCRT_amd64
"{D103C4BA-F905-437A-8049-DB24763BBE36}" = Skype™ 4.2
"{D3F80A98-05AB-4D8C-9272-766CCFA6A48D}" = DIE SIEDLER - Aufstieg eines Königreichs
"{D45240D3-B6B3-4FF9-B243-54ECE3E10066}" = Windows Live Communications Platform
"{D5A9DA4B-E4F9-FB49-017D-769FC540F1F0}" = EA Download Manager UI
"{D79113E7-274C-470B-BD46-01B10219DF6A}" = HPPhotosmartEssential
"{D86B0E2E-DF9A-441C-AF77-8D1A0FF00FA6}" = AIO_Scan
"{DC635845-46D3-404B-BCB1-FC4A91091AFA}" = SmartWebPrinting
"{DECDCB7C-58CC-4865-91AF-627F9798FE48}" = Windows Live Mesh
"{E09C4DB7-630C-4F06-A631-8EA7239923AF}" = D3DX10
"{E3E71D07-CD27-46CB-8448-16D4FB29AA13}" = Microsoft WSE 3.0 Runtime
"{E4E88B54-4777-4659-967A-2EED1E6AFD83}" = Windows Live Movie Maker
"{E4E9CBC9-1CF5-48E3-AF6F-1AB44A856346}" = Microsoft ASP.NET MVC 2 - DEU
"{E9787678-1033-0000-8E67-000000000001}" = Adobe Help Center 1.0
"{EB4DF488-AAEF-406F-A341-CB2AAA315B90}" = Windows Live Messenger
"{EC66418E-DAA2-36D5-809E-40BEC94E622A}" = Microsoft Visual Studio Macro Tools - DEU Language Pack
"{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}" = Microsoft SQL Server 2005 Compact Edition [ENU]
"{F3759A9F-7AFA-4FB4-8DF1-53F26B979DEE}" = Belkin 54Mbps Wireless Network Adapter
"{F95E4EE0-0C6E-4273-B6B9-91FD6F071D76}" = Windows Live Essentials
"1&1 SoftPhone" = 1&1 SoftPhone
"Adobe AIR" = Adobe AIR
"Adobe Flash Player ActiveX" = Adobe Flash Player 10 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 10 Plugin
"Adobe Photoshop CS2 - {236BB7C4-4419-42FD-0409-1E257A25E34D}" = Adobe Photoshop CS2
"Alarm_is1" = Alarm 2.0.4
"A-PDF Image to PDF_is1" = A-PDF Image to PDF 4.1
"Avira AntiVir Desktop" = Avira AntiVir Personal - Free Antivirus
"Civilization III" = Civilization III
"Civilization III Conquests " = Civilization III Conquests
"com.ea.Vault.919CACB699904AC5D41B606703500DD39747C02D.1" = EA Download Manager UI
"Die Gilde 2 - Gold Edition" = Die Gilde 2 - Gold Edition
"DivX Plus DirectShow Filters" = DivX Plus DirectShow Filters
"DivX Setup.divx.com" = DivX-Setup
"EA Download Manager" = EA Download Manager
"ENTERPRISE" = Microsoft Office Enterprise 2007
"Free 3GP Video Converter_is1" = Free 3GP Video Converter version 3.6
"Free Audio CD Burner_is1" = Free Audio CD Burner version 1.2
"Free YouTube to MP3 Converter_is1" = Free YouTube to MP3 Converter version 3.2
"HijackThis" = HijackThis 2.0.2
"InstallShield_{30837A37-8F9F-4817-8B52-C501B67DC3BE}" = Trust WB-1400T Webcam
"InstallShield_{A8516AC9-AAF1-47F9-9766-03E2D4CDBCF8}" = CyberLink PowerDVD 9
"IrfanView" = IrfanView (remove only)
"KPS Click & design_is1" = KPS Click & design 3.1
"meinHausplaner" = meinHausplaner
"Messenger Plus! Live" = Messenger Plus! Live
"Microsoft Visual Studio 2010 Ultimate - DEU" = Microsoft Visual Studio 2010 Ultimate - DEU
"Microsoft Visual Studio Macro Tools" = Microsoft Visual Studio Macro Tools
"Microsoft Visual Studio Macro Tools - DEU Language Pack" = Microsoft Visual Studio Macro Tools - DEU Language Pack
"Mozilla Firefox (3.6.2pre)" = Mozilla Firefox (3.6.2pre)
"Mozilla Thunderbird (3.1.6)" = Mozilla Thunderbird (3.1.6)
"NVIDIAStereo" = NVIDIA Stereoscopic 3D Driver
"PokerStars" = PokerStars
"PokerStars.net" = PokerStars.net
"PowerISO" = PowerISO
"StreamTorrent 1.0" = StreamTorrent 1.0
"Sweet Home 3D_is1" = Sweet Home 3D version 2.4
"Uninstall_is1" = Uninstall 1.0.0.1
"WaSaKu" = WaSaKu
"Winamp" = Winamp
"WinLiveSuite" = Windows Live Essentials
"World of Warcraft" = World of Warcraft
"Yahoo! Messenger" = Yahoo! Messenger
========== HKEY_CURRENT_USER Uninstall List ==========
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"Winamp Detect" = Winamp Erkennungs-Plug-in
========== Last 10 Event Log Errors ==========
[ Application Events ]
Error - 23.10.2010 13:20:29 | Computer Name = Outlaw-Desktop | Source = RapiMgr | ID = 8
Description = communication (0x80072745)-Fehler beim Verbinden des Windows Mobile-basierten
Geräts. (Die Daten enthalten den Fehlercode.).
Error - 24.10.2010 19:14:51 | Computer Name = Outlaw-Desktop | Source = SideBySide | ID = 16842811
Description = Fehler beim Generieren des Aktivierungskontextes für "c:\program files
(x86)\microsoft\search enhancement pack\search helper\searchhelper.dll". Fehler
in Manifest- oder Richtliniendatei "c:\program files (x86)\microsoft\search enhancement
pack\search helper\searchhelper.dll" in Zeile 2. Ungültige XML-Syntax.
Error - 29.10.2010 18:33:27 | Computer Name = Outlaw-Desktop | Source = SideBySide | ID = 16842811
Description = Fehler beim Generieren des Aktivierungskontextes für "c:\program files
(x86)\microsoft\search enhancement pack\search helper\searchhelper.dll". Fehler
in Manifest- oder Richtliniendatei "c:\program files (x86)\microsoft\search enhancement
pack\search helper\searchhelper.dll" in Zeile 2. Ungültige XML-Syntax.
Error - 02.11.2010 09:00:27 | Computer Name = Outlaw-Desktop | Source = SideBySide | ID = 16842811
Description = Fehler beim Generieren des Aktivierungskontextes für "c:\program files
(x86)\microsoft\search enhancement pack\search helper\searchhelper.dll". Fehler
in Manifest- oder Richtliniendatei "c:\program files (x86)\microsoft\search enhancement
pack\search helper\searchhelper.dll" in Zeile 2. Ungültige XML-Syntax.
Error - 03.11.2010 14:12:41 | Computer Name = Outlaw-Desktop | Source = SideBySide | ID = 16842811
Description = Fehler beim Generieren des Aktivierungskontextes für "c:\program files
(x86)\microsoft\search enhancement pack\search helper\searchhelper.dll". Fehler
in Manifest- oder Richtliniendatei "c:\program files (x86)\microsoft\search enhancement
pack\search helper\searchhelper.dll" in Zeile 2. Ungültige XML-Syntax.
Error - 06.11.2010 20:00:53 | Computer Name = Outlaw-Desktop | Source = Application Error | ID = 1000
Description = Name der fehlerhaften Anwendung: msnmsgr.exe, Version: 14.0.8117.416,
Zeitstempel: 0x4bc935af Name des fehlerhaften Moduls: LiveTransport.dll, Version:
14.0.8117.416, Zeitstempel: 0x4bc9353e Ausnahmecode: 0xc0000005 Fehleroffset: 0x0004bfe7
ID
des fehlerhaften Prozesses: 0x15e4 Startzeit der fehlerhaften Anwendung: 0x01cb7df6b8e7b83b
Pfad
der fehlerhaften Anwendung: C:\Program Files (x86)\Windows Live\Messenger\msnmsgr.exe
Pfad
des fehlerhaften Moduls: C:\Program Files (x86)\Windows Live\Messenger\LiveTransport.dll
Berichtskennung:
15ca23e4-ea02-11df-b148-8bb272e01aa8
Error - 08.11.2010 06:24:23 | Computer Name = Outlaw-Desktop | Source = SideBySide | ID = 16842811
Description = Fehler beim Generieren des Aktivierungskontextes für "c:\program files
(x86)\microsoft\search enhancement pack\search helper\searchhelper.dll". Fehler
in Manifest- oder Richtliniendatei "c:\program files (x86)\microsoft\search enhancement
pack\search helper\searchhelper.dll" in Zeile 2. Ungültige XML-Syntax.
Error - 10.11.2010 19:51:05 | Computer Name = Outlaw-Desktop | Source = Application Error | ID = 1000
Description = Name der fehlerhaften Anwendung: firefox.exe, Version: 1.9.2.3727,
Zeitstempel: 0x4b9fb052 Name des fehlerhaften Moduls: KERNELBASE.dll, Version: 6.1.7600.16385,
Zeitstempel: 0x4a5bdbdf Ausnahmecode: 0x0eedfade Fehleroffset: 0x0000b727 ID des fehlerhaften
Prozesses: 0x6f0 Startzeit der fehlerhaften Anwendung: 0x01cb811bed137bcc Pfad der
fehlerhaften Anwendung: C:\Program Files (x86)\Mozilla Firefox\firefox.exe Pfad
des fehlerhaften Moduls: C:\Windows\syswow64\KERNELBASE.dll Berichtskennung: 6180c1f0-ed25-11df-b909-d36099f9e2fc
Error - 10.11.2010 20:30:12 | Computer Name = Outlaw-Desktop | Source = Application Error | ID = 1000
Description = Name der fehlerhaften Anwendung: skypePM.exe, Version: 2.0.0.67, Zeitstempel:
0x2a425e19 Name des fehlerhaften Moduls: unknown, Version: 0.0.0.0, Zeitstempel:
0x00000000 Ausnahmecode: 0xc0000005 Fehleroffset: 0x00000000 ID des fehlerhaften Prozesses:
0x1b0 Startzeit der fehlerhaften Anwendung: 0x01cb812fe7ef249f Pfad der fehlerhaften
Anwendung: C:\Program Files (x86)\Skype\Plugin Manager\skypePM.exe Pfad des fehlerhaften
Moduls: unknown Berichtskennung: d7d75587-ed2a-11df-b909-d36099f9e2fc
Error - 18.11.2010 17:43:46 | Computer Name = Outlaw-Desktop | Source = MsiInstaller | ID = 11721
Description =
[ Media Center Events ]
Error - 04.09.2010 12:32:58 | Computer Name = Outlaw-Desktop | Source = MCUpdate | ID = 0
Description = 18:32:58 - Fehler beim Herstellen der Internetverbindung. 18:32:58
- Serververbindung konnte nicht hergestellt werden..
Error - 08.09.2010 13:06:14 | Computer Name = Outlaw-Desktop | Source = MCUpdate | ID = 0
Description = 19:06:14 - Fehler beim Herstellen der Internetverbindung. 19:06:14
- Serververbindung konnte nicht hergestellt werden..
[ OSession Events ]
Error - 18.05.2010 06:14:06 | Computer Name = Outlaw-Desktop | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 1, Application Name: Microsoft Office Excel, Application Version:
12.0.6524.5003, Microsoft Office Version: 12.0.6425.1000. This session lasted 576
seconds with 480 seconds of active time. This session ended with a crash.
Error - 08.06.2010 08:49:56 | Computer Name = Outlaw-Desktop | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 1, Application Name: Microsoft Office Excel, Application Version:
12.0.6524.5003, Microsoft Office Version: 12.0.6425.1000. This session lasted 626
seconds with 180 seconds of active time. This session ended with a crash.
[ System Events ]
Error - 16.11.2010 02:09:53 | Computer Name = Outlaw-Desktop | Source = atapi | ID = 262155
Description = Der Treiber hat einen Controllerfehler auf \Device\Ide\IdePort3 gefunden.
Error - 16.11.2010 02:09:53 | Computer Name = Outlaw-Desktop | Source = cdrom | ID = 262159
Description = Das Gerät \Device\CdRom3 ist für den Zugriff noch nicht bereit.
Error - 16.11.2010 17:11:20 | Computer Name = Outlaw-Desktop | Source = cdrom | ID = 262159
Description = Das Gerät \Device\CdRom4 ist für den Zugriff noch nicht bereit.
Error - 16.11.2010 17:11:51 | Computer Name = Outlaw-Desktop | Source = cdrom | ID = 262159
Description = Das Gerät \Device\CdRom4 ist für den Zugriff noch nicht bereit.
Error - 16.11.2010 17:11:51 | Computer Name = Outlaw-Desktop | Source = cdrom | ID = 262159
Description = Das Gerät \Device\CdRom4 ist für den Zugriff noch nicht bereit.
Error - 16.11.2010 17:11:52 | Computer Name = Outlaw-Desktop | Source = cdrom | ID = 262159
Description = Das Gerät \Device\CdRom4 ist für den Zugriff noch nicht bereit.
Error - 16.11.2010 17:11:53 | Computer Name = Outlaw-Desktop | Source = cdrom | ID = 262159
Description = Das Gerät \Device\CdRom4 ist für den Zugriff noch nicht bereit.
Error - 16.11.2010 17:11:54 | Computer Name = Outlaw-Desktop | Source = atapi | ID = 262155
Description = Der Treiber hat einen Controllerfehler auf \Device\Ide\IdePort3 gefunden.
Error - 16.11.2010 17:11:54 | Computer Name = Outlaw-Desktop | Source = cdrom | ID = 262159
Description = Das Gerät \Device\CdRom4 ist für den Zugriff noch nicht bereit.
Error - 18.11.2010 17:43:31 | Computer Name = Outlaw-Desktop | Source = Service Control Manager | ID = 7009
Description = Das Zeitlimit (30000 ms) wurde beim Verbindungsversuch mit dem Dienst
ICQ Service erreicht.
< End of report >
Code:
ATTFilter Malwarebytes' Anti-Malware 1.46
www.malwarebytes.org
Datenbank Version: 5148
Windows 6.1.7600
Internet Explorer 8.0.7600.16385
18.11.2010 23:35:06
mbam-log-2010-11-18 (23-35-06).txt
Art des Suchlaufs: Quick-Scan
Durchsuchte Objekte: 172710
Laufzeit: 7 Minute(n), 19 Sekunde(n)
Infizierte Speicherprozesse: 0
Infizierte Speichermodule: 0
Infizierte Registrierungsschlüssel: 2
Infizierte Registrierungswerte: 4
Infizierte Dateiobjekte der Registrierung: 0
Infizierte Verzeichnisse: 1
Infizierte Dateien: 8
Infizierte Speicherprozesse:
(Keine bösartigen Objekte gefunden)
Infizierte Speichermodule:
(Keine bösartigen Objekte gefunden)
Infizierte Registrierungsschlüssel:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{66f82msb-q0u7-174g-7ecm-bs836d2t786d} (Generic.Bot.H) -> No action taken.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{861npm6s-2683-03i5-u18t-tl47kg2f3x28} (Generic.Bot.H) -> No action taken.
Infizierte Registrierungswerte:
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\hkcu (Trojan.Backdoor) -> No action taken.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run\policies (Trojan.Backdoor) -> No action taken.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\hklm (Trojan.Backdoor) -> No action taken.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run\policies (Trojan.Backdoor) -> No action taken.
Infizierte Dateiobjekte der Registrierung:
(Keine bösartigen Objekte gefunden)
Infizierte Verzeichnisse:
C:\Windows\System32\Winbooterr (Trojan.Backdoor) -> No action taken.
Infizierte Dateien:
C:\Windows\System32\Winbooterr\Svchost.exe (Generic.Bot.H) -> No action taken.
C:\Windows\System32\explorer\explorer.exe (Generic.Bot.H) -> No action taken.
C:\Users\O***w\AppData\Local\Temp\cas4AB4.tmp (PUP.Casino.Gen) -> No action taken.
C:\Users\O***w\AppData\Roaming\logs.dat (Bifrose.Trace) -> No action taken.
C:\Users\O***w\AppData\Local\Temp\MSN.abc (Malware.Trace) -> No action taken.
C:\Users\O****w\AppData\Local\Temp\UuU.uUu (Malware.Trace) -> No action taken.
C:\Users\O***w\AppData\Local\Temp\XxX.xXx (Malware.Trace) -> No action taken.
C:\Users\O***w\AppData\Local\Temp\xxxyyyzzz.dat (Malware.Trace) -> No action taken.
Wäre schön, wenn ich das Problem mit Euerer Hilfe lösen kann. Merce |
|
19.11.2010, 12:17
| #2 | ||
| /// Winkelfunktion /// TB-Süch-Tiger™   | C:\Windows\system32\Winbooterr\Svchost.exe Hallo und
__________________ Zitat:
Zitat:
Denk daran, dass Malwarebytes vor jedem Scan manuell aktualisiert werden muss! Falls Logs aus älteren Scans mit Malwarebytes vorhanden sind, bitte auch davon alle posten!
__________________ |
|
19.11.2010, 16:14
| #3 |
| | C:\Windows\system32\Winbooterr\Svchost.exe reicht es aus, wenn ich die 14 teile einfach mit antimalware entferne? nicht, dass da nochwas drauf bleibt. in anderen threads hab ich gelesen, dass mit OTL ein fix durchgeführt worden ist.
__________________anbei das logfile. und es gibt keine vorherigen scans. der oben war der erste. der nachfolgende der zweite scan mit antimalware. Code:
ATTFilter Malwarebytes' Anti-Malware 1.46
www.malwarebytes.org
Datenbank Version: 5151
Windows 6.1.7600
Internet Explorer 8.0.7600.16385
19.11.2010 16:13:48
mbam-log-2010-11-19 (16-13-48).txt
Art des Suchlaufs: Vollständiger Suchlauf (C:\|D:\|)
Durchsuchte Objekte: 485227
Laufzeit: 1 Stunde(n), 14 Minute(n), 23 Sekunde(n)
Infizierte Speicherprozesse: 0
Infizierte Speichermodule: 0
Infizierte Registrierungsschlüssel: 0
Infizierte Registrierungswerte: 0
Infizierte Dateiobjekte der Registrierung: 0
Infizierte Verzeichnisse: 0
Infizierte Dateien: 0
Infizierte Speicherprozesse:
(Keine bösartigen Objekte gefunden)
Infizierte Speichermodule:
(Keine bösartigen Objekte gefunden)
Infizierte Registrierungsschlüssel:
(Keine bösartigen Objekte gefunden)
Infizierte Registrierungswerte:
(Keine bösartigen Objekte gefunden)
Infizierte Dateiobjekte der Registrierung:
(Keine bösartigen Objekte gefunden)
Infizierte Verzeichnisse:
(Keine bösartigen Objekte gefunden)
Infizierte Dateien:
(Keine bösartigen Objekte gefunden)
|
|
19.11.2010, 18:26
| #4 |
| /// Winkelfunktion /// TB-Süch-Tiger™ | C:\Windows\system32\Winbooterr\Svchost.exe Beende alle Programme, starte OTL und kopiere folgenden Text in die "Custom Scan/Fixes" Box (unten in OTL): (das ":OTL" muss mitkopiert werden!!!) Code:
ATTFilter :OTL
O4 - HKCU..\Run: [HKCU] C:\Windows\SysWOW64\Winbooterr\Svchost.exe (Microsoft Corporation)
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\Run: Policies = C:\Windows\system32\Winbooterr\Svchost.exe (Microsoft Corporation)
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2006.09.18 22:43:36 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]
O32 - AutoRun File - [2010.10.12 12:42:53 | 000,000,000 | R--D | M] - E:\AutoPlay -- [ UDF ]
O32 - AutoRun File - [2008.04.11 18:52:28 | 002,404,352 | R--- | M] () - E:\autorun.exe -- [ UDF ]
O32 - AutoRun File - [2008.11.06 17:33:09 | 000,000,043 | R--- | M] () - E:\Autorun.inf -- [ UDF ]
O33 - MountPoints2\{73cbddc5-bb6a-11df-bdfa-001c255ef5b6}\Shell - "" = AutoRun
O33 - MountPoints2\{73cbddc5-bb6a-11df-bdfa-001c255ef5b6}\Shell\AutoRun\command - "" = L:\pushinst.exe -- File not found
O33 - MountPoints2\{c8c776aa-2648-11df-b357-806e6f6e6963}\Shell - "" = AutoRun
O33 - MountPoints2\{c8c776aa-2648-11df-b357-806e6f6e6963}\Shell\AutoRun\command - "" = E:\Start.exe -- [2006.01.10 14:49:24 | 000,492,032 | R--- | M] ()
@Alternate Data Stream - 24 bytes -> C:\Windows:7AC689116CCF149D
:Files
C:\Windows\SysWOW64\Winbooterr
:Commands
[purity]
[resethosts]
[emptytemp]
Das Logfile müsste geöffnet werden, wenn Du nach dem Fixen auf ok klickst, poste das bitte. Evtl. wird der Rechner neu gestartet.
__________________ Logfiles bitte immer in CODE-Tags posten  |
|
19.11.2010, 20:20
| #5 |
| | C:\Windows\system32\Winbooterr\Svchost.exeCode:
ATTFilter All processes killed
========== OTL ==========
Registry value HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run\\HKCU not found.
File C:\Windows\SysWOW64\Winbooterr\Svchost.exe not found.
Registry value HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\Run\\Policies not found.
File C:\Windows\system32\Winbooterr\Svchost.exe not found.
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Cdrom\\AutoRun|DWORD:1 /E : value set successfully!
C:\autoexec.bat moved successfully.
File not found.
File move failed. E:\autorun.exe scheduled to be moved on reboot.
File move failed. E:\Autorun.inf scheduled to be moved on reboot.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{73cbddc5-bb6a-11df-bdfa-001c255ef5b6}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73cbddc5-bb6a-11df-bdfa-001c255ef5b6}\ not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{73cbddc5-bb6a-11df-bdfa-001c255ef5b6}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73cbddc5-bb6a-11df-bdfa-001c255ef5b6}\ not found.
File L:\pushinst.exe not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{c8c776aa-2648-11df-b357-806e6f6e6963}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{c8c776aa-2648-11df-b357-806e6f6e6963}\ not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{c8c776aa-2648-11df-b357-806e6f6e6963}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{c8c776aa-2648-11df-b357-806e6f6e6963}\ not found.
File move failed. E:\Start.exe scheduled to be moved on reboot.
ADS C:\Windows:7AC689116CCF149D deleted successfully.
========== FILES ==========
File\Folder C:\Windows\SysWOW64\Winbooterr not found.
========== COMMANDS ==========
C:\Windows\System32\drivers\etc\Hosts moved successfully.
HOSTS file reset successfully
[EMPTYTEMP]
User: All Users
User: Default
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 33170 bytes
->Flash cache emptied: 56504 bytes
User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
->Flash cache emptied: 0 bytes
User: Outlaw
->Temp folder emptied: 9693040555 bytes
->Temporary Internet Files folder emptied: 109224730 bytes
->Java cache emptied: 195034704 bytes
->FireFox cache emptied: 110691858 bytes
->Flash cache emptied: 441372 bytes
User: Public
%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 200704 bytes
%systemroot%\System32 .tmp files removed: 2580 bytes
%systemroot%\System32 (64bit) .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 102950671 bytes
%systemroot%\sysnative\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files folder emptied: 67832 bytes
%systemroot%\sysnative\config\systemprofile\AppData\LocalLow\Sun\Java\Deployment folder emptied: 749 bytes
RecycleBin emptied: 0 bytes
Total Files Cleaned = 9.739,00 mb
OTL by OldTimer - Version 3.2.17.3 log created on 11192010_200752
Files\Folders moved on Reboot...
File move failed. E:\autorun.exe scheduled to be moved on reboot.
File move failed. E:\Autorun.inf scheduled to be moved on reboot.
File move failed. E:\Start.exe scheduled to be moved on reboot.
C:\Users\Outlaw\AppData\Local\Temp\FXSAPIDebugLogFile.txt moved successfully.
Registry entries deleted on Reboot...
besten dank für die hilfe bisher. wars das dann? |
|
19.11.2010, 20:31
| #6 |
| /// Winkelfunktion /// TB-Süch-Tiger™ | C:\Windows\system32\Winbooterr\Svchost.exe Downloade Dir bitte MBRCheck (by a_d_13) und speichere die Datei auf dem Desktop.
__________________ --> C:\Windows\system32\Winbooterr\Svchost.exe |
|
19.11.2010, 22:34
| #7 |
| | C:\Windows\system32\Winbooterr\Svchost.exeCode:
ATTFilter MBRCheck, version 1.2.3
(c) 2010, AD
Command-line:
Windows Version: Windows 7 Home Premium Edition
Windows Information: (build 7600), 64-bit
Base Board Manufacturer: Foxconn
BIOS Manufacturer: American Megatrends Inc.
System Manufacturer: Foxconn
System Product Name: P35
Logical Drives Mask: 0x000003fc
Kernel Drivers (total 196):
0x02C4A000 \SystemRoot\system32\ntoskrnl.exe
0x02C01000 \SystemRoot\system32\hal.dll
0x00BB3000 \SystemRoot\system32\kdcom.dll
0x00CFA000 \SystemRoot\system32\mcupdate_GenuineIntel.dll
0x00D3E000 \SystemRoot\system32\PSHED.dll
0x00D52000 \SystemRoot\system32\CLFS.SYS
0x00C00000 \SystemRoot\system32\CI.dll
0x00E74000 \SystemRoot\system32\drivers\Wdf01000.sys
0x00F18000 \SystemRoot\system32\drivers\WDFLDR.SYS
0x010A2000 \SystemRoot\System32\Drivers\spxs.sys
0x011D6000 \SystemRoot\System32\Drivers\WMILIB.SYS
0x01000000 \SystemRoot\System32\Drivers\SCSIPORT.SYS
0x0102F000 \SystemRoot\system32\DRIVERS\ACPI.sys
0x01086000 \SystemRoot\system32\DRIVERS\msisadrv.sys
0x01090000 \SystemRoot\system32\DRIVERS\vdrvroot.sys
0x00F27000 \SystemRoot\system32\DRIVERS\pci.sys
0x011DF000 \SystemRoot\System32\drivers\partmgr.sys
0x00F5A000 \SystemRoot\system32\DRIVERS\volmgr.sys
0x00F6F000 \SystemRoot\System32\drivers\volmgrx.sys
0x011F4000 \SystemRoot\system32\DRIVERS\pciide.sys
0x00FCB000 \SystemRoot\system32\DRIVERS\PCIIDEX.SYS
0x00FDB000 \SystemRoot\System32\drivers\mountmgr.sys
0x00FF5000 \SystemRoot\system32\DRIVERS\atapi.sys
0x00E00000 \SystemRoot\system32\DRIVERS\ataport.SYS
0x00E2A000 \SystemRoot\system32\DRIVERS\amdxata.sys
0x00DB0000 \SystemRoot\system32\drivers\fltmgr.sys
0x00E35000 \SystemRoot\system32\drivers\fileinfo.sys
0x01257000 \SystemRoot\System32\Drivers\Ntfs.sys
0x0145E000 \SystemRoot\System32\Drivers\msrpc.sys
0x014BC000 \SystemRoot\System32\Drivers\ksecdd.sys
0x014D6000 \SystemRoot\System32\Drivers\cng.sys
0x01549000 \SystemRoot\System32\drivers\pcw.sys
0x0155A000 \SystemRoot\System32\Drivers\Fs_Rec.sys
0x01648000 \SystemRoot\system32\drivers\ndis.sys
0x0173A000 \SystemRoot\system32\drivers\NETIO.SYS
0x0179A000 \SystemRoot\System32\Drivers\ksecpkg.sys
0x01801000 \SystemRoot\System32\drivers\tcpip.sys
0x01564000 \SystemRoot\System32\drivers\fwpkclnt.sys
0x015AE000 \SystemRoot\system32\DRIVERS\volsnap.sys
0x017C5000 \SystemRoot\System32\Drivers\spldr.sys
0x01600000 \SystemRoot\System32\drivers\rdyboost.sys
0x017CD000 \SystemRoot\System32\Drivers\mup.sys
0x017DF000 \SystemRoot\System32\drivers\hwpolicy.sys
0x01400000 \SystemRoot\System32\DRIVERS\fvevol.sys
0x017E8000 \SystemRoot\system32\DRIVERS\disk.sys
0x01200000 \SystemRoot\system32\DRIVERS\CLASSPNP.SYS
0x00E49000 \SystemRoot\system32\DRIVERS\cdrom.sys
0x0144F000 \SystemRoot\System32\Drivers\Null.SYS
0x01243000 \SystemRoot\System32\Drivers\Beep.SYS
0x00CC0000 \SystemRoot\System32\drivers\vga.sys
0x00CCE000 \SystemRoot\System32\drivers\VIDEOPRT.SYS
0x03ADC000 \SystemRoot\System32\drivers\watchdog.sys
0x03AEC000 \SystemRoot\System32\DRIVERS\RDPCDD.sys
0x03AF5000 \SystemRoot\system32\drivers\rdpencdd.sys
0x03AFE000 \SystemRoot\system32\drivers\rdprefmp.sys
0x03B07000 \SystemRoot\System32\Drivers\Msfs.SYS
0x03B12000 \SystemRoot\System32\Drivers\Npfs.SYS
0x03B23000 \SystemRoot\system32\DRIVERS\tdx.sys
0x03B41000 \SystemRoot\system32\DRIVERS\TDI.SYS
0x03B4E000 \SystemRoot\system32\drivers\afd.sys
0x03A00000 \SystemRoot\System32\DRIVERS\netbt.sys
0x03A45000 \SystemRoot\system32\DRIVERS\wfplwf.sys
0x03A4E000 \SystemRoot\system32\DRIVERS\pacer.sys
0x03A74000 \SystemRoot\system32\DRIVERS\netbios.sys
0x03A83000 \SystemRoot\system32\DRIVERS\serial.sys
0x03AA0000 \SystemRoot\system32\DRIVERS\wanarp.sys
0x03ABB000 \SystemRoot\system32\DRIVERS\termdd.sys
0x03BD8000 \SystemRoot\System32\Drivers\SCDEmu.SYS
0x04003000 \SystemRoot\system32\DRIVERS\rdbss.sys
0x04054000 \SystemRoot\system32\drivers\nsiproxy.sys
0x04060000 \SystemRoot\system32\DRIVERS\mssmbios.sys
0x0406B000 \SystemRoot\System32\drivers\discache.sys
0x0407A000 \SystemRoot\System32\Drivers\dfsc.sys
0x04098000 \SystemRoot\system32\DRIVERS\blbdrive.sys
0x040A9000 \SystemRoot\system32\DRIVERS\avipbb.sys
0x040CB000 \SystemRoot\system32\DRIVERS\tunnel.sys
0x040F1000 \SystemRoot\system32\DRIVERS\intelppm.sys
0x0FEE6000 \SystemRoot\system32\DRIVERS\nvlddmkm.sys
0x10B78000 \SystemRoot\system32\DRIVERS\nvBridge.kmd
0x04107000 \SystemRoot\System32\drivers\dxgkrnl.sys
0x10B7A000 \SystemRoot\System32\drivers\dxgmms1.sys
0x10BC0000 \SystemRoot\system32\DRIVERS\usbuhci.sys
0x0FE00000 \SystemRoot\system32\DRIVERS\USBPORT.SYS
0x0FE56000 \SystemRoot\system32\DRIVERS\usbehci.sys
0x0FE67000 \SystemRoot\system32\DRIVERS\HDAudBus.sys
0x0FE8B000 \SystemRoot\system32\DRIVERS\serenum.sys
0x0FE97000 \SystemRoot\system32\DRIVERS\parport.sys
0x0FEB4000 \SystemRoot\system32\DRIVERS\i8042prt.sys
0x0FED2000 \SystemRoot\system32\DRIVERS\kbdclass.sys
0x0422B000 \SystemRoot\System32\Drivers\a6rikkla.SYS
0x0426E000 \SystemRoot\system32\DRIVERS\CompositeBus.sys
0x0427E000 \SystemRoot\system32\DRIVERS\AgileVpn.sys
0x04294000 \SystemRoot\system32\DRIVERS\rasl2tp.sys
0x042B8000 \SystemRoot\system32\DRIVERS\ndistapi.sys
0x042C4000 \SystemRoot\system32\DRIVERS\ndiswan.sys
0x042F3000 \SystemRoot\system32\DRIVERS\raspppoe.sys
0x0430E000 \SystemRoot\system32\DRIVERS\raspptp.sys
0x0432F000 \SystemRoot\system32\DRIVERS\rassstp.sys
0x04349000 \SystemRoot\system32\DRIVERS\mouclass.sys
0x04358000 \SystemRoot\system32\DRIVERS\swenum.sys
0x0435A000 \SystemRoot\system32\DRIVERS\ks.sys
0x0439D000 \SystemRoot\system32\DRIVERS\circlass.sys
0x043AF000 \SystemRoot\system32\DRIVERS\umbus.sys
0x04838000 \SystemRoot\system32\DRIVERS\usbhub.sys
0x04892000 \SystemRoot\System32\Drivers\NDProxy.SYS
0x048A7000 \SystemRoot\system32\drivers\HdAudio.sys
0x04903000 \SystemRoot\system32\drivers\portcls.sys
0x04940000 \SystemRoot\system32\drivers\drmk.sys
0x04962000 \SystemRoot\system32\drivers\ksthunk.sys
0x00060000 \SystemRoot\System32\win32k.sys
0x04968000 \SystemRoot\System32\drivers\Dxapi.sys
0x04974000 \SystemRoot\system32\DRIVERS\USBSTOR.SYS
0x0498F000 \SystemRoot\system32\DRIVERS\USBD.SYS
0x04991000 \SystemRoot\system32\DRIVERS\monitor.sys
0x00530000 \SystemRoot\System32\TSDDD.dll
0x0466C000 \SystemRoot\system32\DRIVERS\netr7364.sys
0x00690000 \SystemRoot\System32\cdd.dll
0x04701000 \SystemRoot\system32\DRIVERS\usbcir.sys
0x04720000 \SystemRoot\system32\DRIVERS\PFC027.SYS
0x047B1000 \SystemRoot\system32\DRIVERS\STREAM.SYS
0x047C2000 \SystemRoot\System32\Drivers\LUsbFilt.Sys
0x047D2000 \SystemRoot\system32\DRIVERS\hidusb.sys
0x047E0000 \SystemRoot\system32\DRIVERS\HIDCLASS.SYS
0x04600000 \SystemRoot\system32\DRIVERS\HIDPARSE.SYS
0x04609000 \SystemRoot\system32\DRIVERS\LHidFilt.Sys
0x0461D000 \SystemRoot\system32\DRIVERS\mouhid.sys
0x0462A000 \SystemRoot\system32\DRIVERS\LMouFilt.Sys
0x0463E000 \SystemRoot\system32\DRIVERS\hidir.sys
0x0464F000 \SystemRoot\system32\DRIVERS\kbdhid.sys
0x0499F000 \SystemRoot\system32\DRIVERS\udfs.sys
0x0465D000 \SystemRoot\System32\Drivers\crashdmp.sys
0x049F3000 \SystemRoot\System32\Drivers\dump_dumpata.sys
0x04800000 \SystemRoot\System32\Drivers\dump_atapi.sys
0x04809000 \SystemRoot\System32\Drivers\dump_dumpfve.sys
0x043C1000 \SystemRoot\system32\drivers\luafv.sys
0x04200000 \SystemRoot\system32\DRIVERS\avgntflt.sys
0x10BCD000 \SystemRoot\system32\drivers\WudfPf.sys
0x0481C000 \SystemRoot\system32\DRIVERS\lltdio.sys
0x058E7000 \SystemRoot\system32\DRIVERS\nwifi.sys
0x0593A000 \SystemRoot\system32\DRIVERS\ndisuio.sys
0x0594D000 \SystemRoot\system32\DRIVERS\rspndr.sys
0x05800000 \SystemRoot\system32\drivers\HTTP.sys
0x058C8000 \SystemRoot\system32\DRIVERS\bowser.sys
0x05965000 \SystemRoot\System32\drivers\mpsdrv.sys
0x0597D000 \SystemRoot\system32\DRIVERS\mrxsmb.sys
0x059AA000 \SystemRoot\system32\DRIVERS\mrxsmb10.sys
0x05CB0000 \SystemRoot\system32\DRIVERS\mrxsmb20.sys
0x05CD3000 \SystemRoot\system32\DRIVERS\atksgt.sys
0x05D22000 \SystemRoot\system32\DRIVERS\lirsgt.sys
0x05D2F000 \SystemRoot\system32\drivers\peauth.sys
0x05DD5000 \SystemRoot\System32\Drivers\secdrv.SYS
0x05C00000 \SystemRoot\System32\DRIVERS\srvnet.sys
0x05C2D000 \SystemRoot\System32\drivers\tcpipreg.sys
0x05C3F000 \??\C:\Program Files (x86)\CyberLink\PowerDVD9\000.fcl
0x07642000 \SystemRoot\System32\DRIVERS\srv2.sys
0x076A9000 \SystemRoot\System32\DRIVERS\srv.sys
0x0773F000 \SystemRoot\system32\DRIVERS\WUDFRd.sys
0x077E1000 \SystemRoot\system32\DRIVERS\asyncmac.sys
0x776A0000 \Windows\System32\ntdll.dll
0x47A70000 \Windows\System32\smss.exe
0xFF9C0000 \Windows\System32\apisetschema.dll
0xFF0D0000 \Windows\System32\autochk.exe
0xFF930000 \Windows\System32\difxapi.dll
0x77870000 \Windows\System32\normaliz.dll
0xFF8E0000 \Windows\System32\ws2_32.dll
0xFF8D0000 \Windows\System32\lpk.dll
0xFF7F0000 \Windows\System32\oleaut32.dll
0xFF750000 \Windows\System32\msvcrt.dll
0xFF730000 \Windows\System32\imagehlp.dll
0xFF5B0000 \Windows\System32\urlmon.dll
0xFF590000 \Windows\System32\sechost.dll
0xFF520000 \Windows\System32\gdi32.dll
0xFF340000 \Windows\System32\setupapi.dll
0xFF260000 \Windows\System32\advapi32.dll
0xFF190000 \Windows\System32\usp10.dll
0xFF060000 \Windows\System32\rpcrt4.dll
0xFEF50000 \Windows\System32\msctf.dll
0xFEE20000 \Windows\System32\wininet.dll
0xFED80000 \Windows\System32\comdlg32.dll
0xFEB20000 \Windows\System32\iertutil.dll
0xFDD90000 \Windows\System32\shell32.dll
0xFDD40000 \Windows\System32\Wldap32.dll
0x77860000 \Windows\System32\psapi.dll
0x775A0000 \Windows\System32\user32.dll
0xFDD10000 \Windows\System32\imm32.dll
0xFDC70000 \Windows\System32\clbcatq.dll
0x77480000 \Windows\System32\kernel32.dll
0xFDBF0000 \Windows\System32\shlwapi.dll
0xFD9E0000 \Windows\System32\ole32.dll
0xFD9D0000 \Windows\System32\nsi.dll
0xFD930000 \Windows\System32\comctl32.dll
0xFD8F0000 \Windows\System32\wintrust.dll
0xFD880000 \Windows\System32\KernelBase.dll
0xFD840000 \Windows\System32\cfgmgr32.dll
0xFD820000 \Windows\System32\devobj.dll
0xFD6B0000 \Windows\System32\crypt32.dll
Processes (total 87):
0 System Idle Process
4 System
328 C:\Windows\System32\smss.exe
420 csrss.exe
480 C:\Windows\System32\wininit.exe
504 csrss.exe
564 C:\Windows\System32\winlogon.exe
604 C:\Windows\System32\services.exe
624 C:\Windows\System32\lsass.exe
632 C:\Windows\System32\lsm.exe
740 C:\Windows\System32\svchost.exe
840 C:\Windows\System32\nvvsvc.exe
880 C:\Windows\System32\svchost.exe
968 C:\Windows\System32\svchost.exe
1012 C:\Windows\System32\svchost.exe
364 C:\Windows\System32\svchost.exe
1036 C:\Windows\System32\svchost.exe
1112 C:\Windows\System32\nvvsvc.exe
1140 C:\Windows\System32\svchost.exe
1292 C:\Windows\System32\spoolsv.exe
1320 C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe
1340 C:\Windows\System32\svchost.exe
1464 C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe
1532 C:\Windows\System32\svchost.exe
1556 C:\Windows\SysWOW64\svchost.exe
1628 C:\Program Files (x86)\Avira\AntiVir Desktop\avshadow.exe
1636 C:\Windows\System32\conhost.exe
2016 C:\Windows\System32\dwm.exe
2040 C:\Windows\explorer.exe
1376 C:\Windows\System32\taskhost.exe
2132 C:\Program Files\Microsoft SQL Server\MSSQL10.SQLEXPRESS\MSSQL\Binn\sqlservr.exe
2160 C:\Windows\System32\svchost.exe
2200 C:\Windows\System32\svchost.exe
2224 C:\Program Files (x86)\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe
2340 C:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe
2364 C:\Program Files (x86)\Alcohol Soft\Alcohol 120\StarWind\StarWindServiceAE.exe
2388 C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe
2424 C:\Windows\System32\svchost.exe
2460 C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
2668 C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVCM.EXE
3064 C:\Windows\System32\svchost.exe
2156 WUDFHost.exe
3164 C:\Windows\System32\rundll32.exe
3296 C:\Windows\System32\SearchIndexer.exe
3560 C:\Windows\WindowsMobile\wmdc.exe
3592 C:\Program Files\Logitech\SetPointP\SetPoint.exe
3600 C:\Program Files (x86)\Common Files\Ahead\Lib\NMBgMonitor.exe
3608 C:\Windows\System32\svchost.exe
3684 C:\Program Files (x86)\HP\Digital Imaging\bin\hpqtra08.exe
3748 C:\Program Files (x86)\Common Files\Ahead\Lib\NMIndexingService.exe
3840 C:\Program Files (x86)\Common Files\Ahead\Lib\NMIndexStoreSvr.exe
3900 C:\Program Files (x86)\CyberLink\PowerDVD9\PDVD9Serv.exe
3944 C:\Program Files\Common Files\LogiShrd\KHAL3\KHALMNPR.exe
4068 C:\Program Files (x86)\CyberLink\Shared Files\brs.exe
4084 C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe
652 C:\Program Files (x86)\HP\HP Software Update\hpwuSchd2.exe
960 C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
3220 C:\Program Files (x86)\DivX\DivX Update\DivXUpdate.exe
4320 C:\Windows\System32\svchost.exe
4656 C:\Program Files\Windows Media Player\wmpnetwk.exe
4928 C:\Program Files (x86)\HP\Digital Imaging\bin\hpqste08.exe
4972 C:\Program Files (x86)\HP\Digital Imaging\bin\hpqbam08.exe
4992 C:\Program Files (x86)\HP\Digital Imaging\bin\hpqgpc01.exe
1968 dllhost.exe
2116 C:\Program Files (x86)\Nero\Update\NASvc.exe
4640 C:\Windows\System32\svchost.exe
5020 C:\Program Files (x86)\Mozilla Firefox\firefox.exe
388 C:\Program Files (x86)\HP\Digital Imaging\smart web printing\hpswp_clipbook.exe
2260 C:\Program Files (x86)\HTC\Internet Pass-Through\PassThruSvr.exe
4216 C:\Windows\System32\taskeng.exe
3908 C:\Program Files (x86)\HTC\HTC Sync 3.0\htcUPCTLoader.exe
4596 C:\Windows\System32\SearchProtocolHost.exe
3212 C:\Program Files (x86)\Java\jre6\bin\jp2launcher.exe
5044 C:\Program Files (x86)\Java\jre6\bin\java.exe
2108 C:\Windows\System32\conhost.exe
2500 C:\Program Files (x86)\Skype\Phone\Skype.exe
4964 WmiPrvSE.exe
2652 C:\Program Files (x86)\Windows Live\Messenger\msnmsgr.exe
4948 C:\Program Files (x86)\Yahoo!\Messenger\YahooMessenger.exe
3572 C:\Program Files (x86)\Skype\Plugin Manager\skypePM.exe
184 C:\Program Files (x86)\Windows Live\Contacts\wlcomm.exe
3532 C:\Windows\System32\audiodg.exe
5996 C:\Program Files (x86)\Mozilla Thunderbird\thunderbird.exe
964 C:\Windows\System32\SearchFilterHost.exe
4456 C:\Windows\System32\dllhost.exe
2168 C:\Users\Outlaw\Desktop\MBRCheck.exe
5140 C:\Windows\System32\conhost.exe
\\.\C: --> \\.\PhysicalDrive0 at offset 0x00000000`00007e00 (NTFS)
\\.\D: --> \\.\PhysicalDrive0 at offset 0x0000003a`dc500000 (NTFS)
PhysicalDrive0 Model Number: SAMSUNGHD501LJ, Rev: CR100-12
Size Device Name MBR Status
--------------------------------------------
465 GB \\.\PhysicalDrive0 Windows 7 MBR code detected
SHA1: 4379A3D43019B46FA357F7DD6A53B45A3CA8FB79
Done!
|
|
19.11.2010, 22:43
| #8 |
| /// Winkelfunktion /// TB-Süch-Tiger™ | C:\Windows\system32\Winbooterr\Svchost.exe Sieht ok aus. Mach bitte zur Kontrolle Vollscans mit Malwarebytes und SUPERAntiSpyware und poste die Logs. Denk dran beide Tools zu updaten vor dem Scan!!
__________________ Logfiles bitte immer in CODE-Tags posten |
|
| Themen zu C:\Windows\system32\Winbooterr\Svchost.exe |
| 64-bit, alternate, antivir, antivir guard, avgntflt.sys, avira, bho, bifrose.trace, browser, c:\windows\system32\rundll32.exe, desktop, error, firefox, firefox.exe, flash player, generic.bot.h, google, home, home premium, ieframe.dll, location, logfile, malware, media center, microsoft office word, mozilla thunderbird, mp3, msiinstaller, nicht sicher, office 2007, oldtimer, otl.exe, plug-in, poweriso, problem, programdata, realtek, richtlinie, saver, searchplugins, security, security update, senden, shell32.dll, software, sptd.sys, start menu, studio, svchost.exe, system, syswow64, teamspeak, trojan.backdoor, trojaner, tubebox, video converter, visual studio, webcheck, windows |
Linear-Darstellung
