| |
| |||||||
Plagegeister aller Art und deren Bekämpfung: Skype lässt sich nicht mehr startenWindows 7 Wenn Du nicht sicher bist, ob Du dir Malware oder Trojaner eingefangen hast, erstelle hier ein Thema. Ein Experte wird sich mit weiteren Anweisungen melden und Dir helfen die Malware zu entfernen oder Unerwünschte Software zu deinstallieren bzw. zu löschen. Bitte schildere dein Problem so genau wie möglich. Sollte es ein Trojaner oder Viren Problem sein wird ein Experte Dir bei der Beseitigug der Infektion helfen. |
 |
22.11.2010, 14:24
| #1 |
 |  Skype lässt sich nicht mehr starten Seit heute morgen kann ich mein Skype 4.x nicht mehr starten. Dann habe ich folgendes gemacht 1. Neue Skypeversion 5.0 runtergeladen und anscheinend korrekt installiert. Jedoch ließ sich Skype wiederum nicht öffnen 2. Ich habe das Verzeichnis von Skype (unter C:\Documents and Settings\All Users\Application Data) umbenannt, 3. dann über Einstellungen/Systemsteuerung/Software Skype entfernt 4. Skype 4.xx wieder installiert Problem besteht immer noch. Meine Virussoftware Avira AntiVir hat nix gemeldet. Wenn ich meinen Rechner runterfahre, bekomme ich die Meldung, dass Skype noch aktiv ist und beendet werden kann. Somit muss ich Skype abbrechen. Wer kann mir helfen? Leider bin ich technisch nicht so sehr beschlagen, d.h. wenn ihr Logfiles benötigt, mir bitte dazu schreiben, wie ich diese erstellt bzw auslese. Danke im Voraus M |
|
22.11.2010, 14:29
| #2 |
| /// Malware-holic   | Skype lässt sich nicht mehr starten ootl:
__________________Systemscan mit OTL download otl: http://filepony.de/download-otl/ Doppelklick auf die OTL.exe (user von Windows 7 und Vista: Rechtsklick als Administrator ausführen) 1. Oben findest Du ein Kästchen mit Output. Wähle bitte Minimal Output 2. Hake an "scan all users" 3. Unter "Extra Registry wähle: "Use Safelist" "LOP Check" "Purity Check" 4. Kopiere in die Textbox: netsvcs msconfig safebootminimal safebootnetwork activex drivers32 %ALLUSERSPROFILE%\Application Data\*. %ALLUSERSPROFILE%\Application Data\*.exe /s %APPDATA%\*. %APPDATA%\*.exe /s %SYSTEMDRIVE%\*.exe /md5start userinit.exe eventlog.dll scecli.dll netlogon.dll cngaudit.dll ws2ifsl.sys sceclt.dll ntelogon.dll winlogon.exe logevent.dll user32.DLL explorer.exe iaStor.sys nvstor.sys atapi.sys IdeChnDr.sys viasraid.sys AGP440.sys vaxscsi.sys nvatabus.sys viamraid.sys nvata.sys nvgts.sys iastorv.sys ViPrt.sys eNetHook.dll ahcix86.sys KR10N.sys nvstor32.sys ahcix86s.sys /md5stop %systemroot%\system32\drivers\*.sys /lockedfiles %systemroot%\System32\config\*.sav %systemroot%\*. /mp /s %systemroot%\system32\*.dll /lockedfiles CREATERESTOREPOINT 5. Klicke "Scan" 6. 2 reporte werden erstellt: OTL.Txt Extras.Txt beide posten
__________________ |
|
22.11.2010, 15:27
| #3 |
| | Skype lässt sich nicht mehr starten OTL Logfile:
__________________Code:
ATTFilter OTL Extras logfile created on: 22.11.2010 15:12:56 - Run 1
OTL by OldTimer - Version 3.2.17.3 Folder = C:\Documents and Settings
Windows XP Professional Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
1.015,00 Mb Total Physical Memory | 259,00 Mb Available Physical Memory | 26,00% Memory free
2,00 Gb Paging File | 1,00 Gb Available in Paging File | 43,00% Paging File free
Paging file location(s): C:\pagefile.sys 756 1522 [binary data]
%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 50,17 Gb Total Space | 1,99 Gb Free Space | 3,96% Space Free | Partition Type: NTFS
Drive D: | 5,72 Gb Total Space | 0,56 Gb Free Space | 9,78% Space Free | Partition Type: FAT32
Computer Name: YOUR-9E8503F508 | User Name: Administrator | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
========== Extra Registry (SafeList) ==========
========== File Associations ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.html [@ = FirefoxHTML] -- C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation)
========== Shell Spawning ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
exefile [open] -- "%1" %*
htmlfile [edit] -- Reg Error: Key error.
http [open] -- "C:\Program Files\Mozilla Firefox\firefox.exe" -requestPending -osint -url "%1" (Mozilla Corporation)
https [open] -- "C:\Program Files\Mozilla Firefox\firefox.exe" -requestPending -osint -url "%1" (Mozilla Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l (Microsoft Corporation)
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe /idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
========== Security Center Settings ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"FirstRunDisabled" = 1
"AntiVirusDisableNotify" = 1
"FirewallDisableNotify" = 1
"UpdatesDisableNotify" = 1
"AntiVirusOverride" = 0
"FirewallOverride" = 0
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\AhnlabAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ComputerAssociatesAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\KasperskyAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeFirewall]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaFirewall]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SophosAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TinyFirewall]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendFirewall]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ZoneLabsFirewall]
========== System Restore Settings ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRestore]
"DisableSR" = 0
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Sr]
"Start" = 0
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SrService]
"Start" = 2
========== Firewall Settings ==========
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\GloballyOpenPorts\List]
"3389:TCP" = 3389:TCP:*:Disabled:@xpsp2res.dll,-22009
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall" = 1
"DoNotAllowExceptions" = 0
"DisableNotifications" = 0
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]
"3389:TCP" = 3389:TCP:*:Disabled:@xpsp2res.dll,-22009
"1900:UDP" = 1900:UDP:LocalSubNet:Disabled:@xpsp2res.dll,-22007
"2869:TCP" = 2869:TCP:LocalSubNet:Disabled:@xpsp2res.dll,-22008
========== Authorized Applications List ==========
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
"C:\WINDOWS\SMINST\Scheduler.exe" = C:\WINDOWS\SMINST\Scheduler.exe:*:Enabled:Scheduler -- ()
"E:\fsetup.exe" = E:\fsetup.exe:*:Enabled:AVM FSetup Application -- File not found
"C:\Program Files\FRITZ!DSL\IGDCTRL.EXE" = C:\Program Files\FRITZ!DSL\IGDCTRL.EXE:*:Enabled:AVM FRITZ!DSL - igdctrl.exe -- (AVM Berlin)
"C:\Program Files\FRITZ!DSL\FBOXUPD.EXE" = C:\Program Files\FRITZ!DSL\FBOXUPD.EXE:*:Enabled:AVM FRITZ!DSL - fboxupd.exe -- (AVM Berlin)
"C:\Program Files\FRITZ!DSL\WebwaIgd.exe" = C:\Program Files\FRITZ!DSL\WebwaIgd.exe:*:Enabled:AVM FRITZ!DSL - webwaigd.exe -- (AVM Berlin)
"C:\Program Files\Google\Google Earth\plugin\geplugin.exe" = C:\Program Files\Google\Google Earth\plugin\geplugin.exe:*:Enabled:Google Earth -- (Google)
"E:\LF28\AllianzProgramm\azl\ltech\compass\firebird\bin\fbserver.exe" = E:\LF28\AllianzProgramm\azl\ltech\compass\firebird\bin\fbserver.exe:*:Enabled:Firebird SQL Server -- File not found
"E:\LF28\AllianzProgramm\azl\ltech\jre\1.6.0\bin\javaw.exe" = E:\LF28\AllianzProgramm\azl\ltech\jre\1.6.0\bin\javaw.exe:*:Enabled:Java(TM) Platform SE binary -- File not found
========== HKEY_LOCAL_MACHINE Uninstall List ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{00000407-78E1-11D2-B60F-006097C998E7}" = Microsoft Office 2000 SR-1 Premium
"{002D9D5E-29BA-3E6D-9BC4-3D7D6DBC735C}" = Microsoft Visual C++ 2008 ATL Update kb973924 - x86 9.0.30729.4148
"{04D5D8F8-7654-11d3-A50A-00C04F44A9DA}" = Visio
"{0515803B-5068-4599-8666-963E143C7381}" = HP Smart Card Security for ProtectTools 5.00 D4
"{09972336-9D07-11D3-B83B-00C04F58D527}" = Professional-Programmdateien
"{0997233B-9D07-11D3-B83B-00C04F58D527}" = Versionshinweise zu Professional
"{09972340-9D07-11D3-B83B-00C04F58D527}" = Erweiterte Netzwerkdiagramme
"{099723C0-9D07-11D3-B83B-00C04F58D527}" = Hilfe zur Erstellung erweiterter Netzwerkdiagramme
"{099723D5-9D07-11D3-B83B-00C04F58D527}" = Datenbankentwurf
"{0997245A-9D07-11D3-B83B-00C04F58D527}" = Hilfe zum Entwurf von Datenbanken
"{0997247C-9D07-11D3-B83B-00C04F58D527}" = Verzeichnisdienste
"{099724A3-9D07-11D3-B83B-00C04F58D527}" = Hilfe zu Verzeichnisdiensten
"{099724AF-9D07-11D3-B83B-00C04F58D527}" = Internet-Diagramme
"{099724C0-9D07-11D3-B83B-00C04F58D527}" = Hilfe zu Internet-Diagrammen
"{099724D2-9D07-11D3-B83B-00C04F58D527}" = Software-Entwurf
"{09972545-9D07-11D3-B83B-00C04F58D527}" = Hilfe zum Software-Entwurf
"{09972591-9D07-11D3-B83B-00C04F58D527}" = Hilfe zu Professional-Programmdateien
"{0DC86BEC-5CE3-413A-BB61-C40A3D186B24}" = Scan
"{171E6C1E-B5FC-11DF-B115-005056C00008}" = Google Earth Plug-in
"{17293791-C82E-476C-9997-9A0FF234A19B}" = HP Product Assistant
"{17E27BFC-BD58-11d2-AFC1-00C04F72FB3E}" = VBA (2816b)
"{1D14373E-7970-4F2F-A467-ACA4F0EA21E3}" = Google Earth
"{1E9678A0-B4C1-11D2-863F-00C04F6E09F2}" = Microsoft Project 2000
"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
"{205C6BDD-7B73-42DE-8505-9A093F35A238}" = Windows Live-Uploadtool
"{20F0F67B-CB0F-4C85-B6F2-133D9CB70614}" = Samsung PC Studio
"{2298055A-F5E6-4332-9A15-C5D99870E72F}" = HP Embedded Security for ProtectTools
"{22B775E7-6C42-4FC5-8E10-9A5E3257BD94}" = MSVCRT
"{2457326B-C110-40C3-89B0-889CC913871A}" = AVM FRITZ!DSL
"{26A24AE4-039D-4CA4-87B4-2F83216013FF}" = Java(TM) 6 Update 22
"{2D87E961-577B-492B-AD54-1368680FB9A7}" = Bing Maps 3D
"{2F0D3C9E-4FB6-4A14-B0C4-42328F570177}" = Fingerprint Sensor Minimum Install
"{3248F0A8-6813-11D6-A77B-00B0D0150060}" = J2SE Runtime Environment 5.0 Update 6
"{3248F0A8-6813-11D6-A77B-00B0D0160010}" = Java(TM) SE Runtime Environment 6 Update 1
"{3248F0A8-6813-11D6-A77B-00B0D0160020}" = Java(TM) 6 Update 2
"{3248F0A8-6813-11D6-A77B-00B0D0160030}" = Java(TM) 6 Update 3
"{3248F0A8-6813-11D6-A77B-00B0D0160050}" = Java(TM) 6 Update 5
"{3248F0A8-6813-11D6-A77B-00B0D0160070}" = Java(TM) 6 Update 7
"{350C97B0-3D7C-4EE8-BAA9-00BCB3D54227}" = WebFldrs XP
"{36FDBE6E-6684-462B-AE98-9A39A1B200CC}" = HP Product Assistant
"{3F4EC965-28EF-45C3-B063-04B25D4E9679}" = HP Integrated Module with Bluetooth wireless technology
"{3F9F7336-6DF8-476F-ABF6-C70A17FAF619}" = HP Backup and Recovery Manager Installer
"{41E654A9-26D0-4EAC-854B-0FA824FFFABB}" = Windows Live Messenger
"{4302B2DD-D958-40E3-BAF3-B07FFE1978CE}" = HP Wireless Assistant 2.00 E1
"{487295FC-6C5C-11d3-A508-00C04F44A9DA}" = Programmdateien
"{49D23765-6C69-11d3-A508-00C04F44A9DA}" = Microsoft Visio 2000 (DE)
"{49DCE5F5-0B70-466F-A800-583BB4688B2C}" = Grafikfilter
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{52B97218-98CB-4B8B-9283-D213C85E1AA4}" = Windows Live Anmelde-Assistent
"{539B0A82-CF4A-42CC-A46C-F417099FB0D7}" = Lexware online banking
"{5D97A4A7-C274-4B63-86D9-07A33435F505}" = InterVideo DVD Check
"{5FC68772-6D56-41C6-9DF1-24E868198AE6}" = Windows Live Call
"{61F619CD-BF1A-421D-A600-17E284659C71}" = Hilfe zu Developing Visio Solutions
"{6FBABF2B-2355-4839-91BF-C86D9DB16934}" = Lexware Abschreibungsrechner 2008
"{7299052b-02a4-4627-81f2-1818da5d550d}" = Microsoft Visual C++ 2005 Redistributable
"{75ECB75A-522C-4312-8DE7-597CDA9D96A3}" = HP Mobile Data Protection System
"{76B01EB2-622C-11D3-8F9E-00C04F8DD7E3}" = Projektpläne
"{76B01EB5-622C-11D3-8F9E-00C04F8DD7E3}" = Organigramme
"{76B01EB8-622C-11D3-8F9E-00C04F8DD7E3}" = Raumplan
"{76B01EBB-622C-11D3-8F9E-00C04F8DD7E3}" = Netzwerkdiagramme
"{76B01EBE-622C-11D3-8F9E-00C04F8DD7E3}" = Landkarten
"{76B01EC1-622C-11D3-8F9E-00C04F8DD7E3}" = Formulare und Diagramme
"{76B01EC4-622C-11D3-8F9E-00C04F8DD7E3}" = Flußdiagramme
"{76B01EC7-622C-11D3-8F9E-00C04F8DD7E3}" = Blockdiagramm
"{76B01EC8-622C-11D3-8F9E-00C04F8DD7E3}" = Lösungen
"{76B01ECC-622C-11D3-8F9E-00C04F8DD7E3}" = Shape-Explorer
"{76B01ECD-622C-11D3-8F9E-00C04F8DD7E3}" = Als HTML speichern
"{76B01ECE-622C-11D3-8F9E-00C04F8DD7E3}" = Datenfeld-Berichts-Assistent
"{76B01ED0-622C-11D3-8F9E-00C04F8DD7E3}" = Seitenlayout-Assistent
"{76B01ED2-622C-11D3-8F9E-00C04F8DD7E3}" = Datenbankassistent
"{76B01ED3-622C-11D3-8F9E-00C04F8DD7E3}" = Datenfeld-Editor
"{76B01ED4-622C-11D3-8F9E-00C04F8DD7E3}" = Hilfe zu Clipart und Symbolen
"{76B01ED5-622C-11D3-8F9E-00C04F8DD7E3}" = Clipart und Symbole
"{76B01ED6-622C-11D3-8F9E-00C04F8DD7E3}" = Hilfe zu Beschriftungen und Verbindern
"{76B01ED7-622C-11D3-8F9E-00C04F8DD7E3}" = Beschriftungen und Verbinder
"{76B01ED9-622C-11D3-8F9E-00C04F8DD7E3}" = Anzeige von CAD-Zeichnungen
"{76B01EDB-622C-11D3-8F9E-00C04F8DD7E3}" = Hilfe zu Rahmen und Hintergründen
"{76B01EDC-622C-11D3-8F9E-00C04F8DD7E3}" = Rahmen und Hintergrunde
"{76B01EDD-622C-11D3-8F9E-00C04F8DD7E3}" = Zusatzprogramme
"{770657D0-A123-3C07-8E44-1C83EC895118}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
"{7E265513-8CDA-4631-B696-F40D983F3B07}_is1" = CDBurnerXP
"{818ABC3C-635C-4651-8183-D0E9640B7DD1}" = HP Update
"{8777AC6D-89F9-4793-8266-DE406F343E89}" = QFolder
"{8A708DD8-A5E6-11D4-A706-000629E95E20}" = Intel(R) Graphics Media Accelerator Driver
"{8B50F367-2686-4256-BA05-708B299961DF}" = Lexware Elster
"{90120000-0010-0409-0000-0000000FF1CE}" = Microsoft Software Update for Web Folders (English) 12
"{90120000-0015-0409-0000-0000000FF1CE}" = Microsoft Office Access MUI (English) 2007
"{90120000-0015-0409-0000-0000000FF1CE}_ENTERPRISE_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0016-0409-0000-0000000FF1CE}" = Microsoft Office Excel MUI (English) 2007
"{90120000-0016-0409-0000-0000000FF1CE}_ENTERPRISE_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0018-0409-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (English) 2007
"{90120000-0018-0409-0000-0000000FF1CE}_ENTERPRISE_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0019-0409-0000-0000000FF1CE}" = Microsoft Office Publisher MUI (English) 2007
"{90120000-0019-0409-0000-0000000FF1CE}_ENTERPRISE_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-001A-0409-0000-0000000FF1CE}" = Microsoft Office Outlook MUI (English) 2007
"{90120000-001A-0409-0000-0000000FF1CE}_ENTERPRISE_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-001B-0409-0000-0000000FF1CE}" = Microsoft Office Word MUI (English) 2007
"{90120000-001B-0409-0000-0000000FF1CE}_ENTERPRISE_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2007
"{90120000-001F-0409-0000-0000000FF1CE}_ENTERPRISE_{ABDDE972-355B-4AF1-89A8-DA50B7B5C045}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2007
"{90120000-001F-040C-0000-0000000FF1CE}_ENTERPRISE_{F580DDD5-8D37-4998-968E-EBB76BB86787}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-001F-0C0A-0000-0000000FF1CE}" = Microsoft Office Proof (Spanish) 2007
"{90120000-001F-0C0A-0000-0000000FF1CE}_ENTERPRISE_{187308AB-5FA7-4F14-9AB9-D290383A10D9}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-0020-0407-0000-0000000FF1CE}" = Compatibility Pack für 2007 Office System
"{90120000-002C-0409-0000-0000000FF1CE}" = Microsoft Office Proofing (English) 2007
"{90120000-0030-0000-0000-0000000FF1CE}" = Microsoft Office Enterprise 2007
"{90120000-0030-0000-0000-0000000FF1CE}_ENTERPRISE_{0B36C6D6-F5D8-4EAF-BF94-4376A230AD5B}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0030-0000-0000-0000000FF1CE}_ENTERPRISE_{3D019598-7B59-447A-80AE-815B703B84FF}" = Security Update for Microsoft Office system 2007 (972581)
"{90120000-0044-0409-0000-0000000FF1CE}" = Microsoft Office InfoPath MUI (English) 2007
"{90120000-0044-0409-0000-0000000FF1CE}_ENTERPRISE_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-006E-0409-0000-0000000FF1CE}" = Microsoft Office Shared MUI (English) 2007
"{90120000-006E-0409-0000-0000000FF1CE}_ENTERPRISE_{DE5A002D-8122-4278-A7EE-3121E7EA254E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-00A1-0409-0000-0000000FF1CE}" = Microsoft Office OneNote MUI (English) 2007
"{90120000-00A1-0409-0000-0000000FF1CE}_ENTERPRISE_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-00BA-0409-0000-0000000FF1CE}" = Microsoft Office Groove MUI (English) 2007
"{90120000-00BA-0409-0000-0000000FF1CE}_ENTERPRISE_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0114-0409-0000-0000000FF1CE}" = Microsoft Office Groove Setup Metadata MUI (English) 2007
"{90120000-0114-0409-0000-0000000FF1CE}_ENTERPRISE_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0115-0409-0000-0000000FF1CE}" = Microsoft Office Shared Setup Metadata MUI (English) 2007
"{90120000-0115-0409-0000-0000000FF1CE}_ENTERPRISE_{DE5A002D-8122-4278-A7EE-3121E7EA254E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0117-0409-0000-0000000FF1CE}" = Microsoft Office Access Setup Metadata MUI (English) 2007
"{90120000-0117-0409-0000-0000000FF1CE}_ENTERPRISE_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{914E1AB1-DCA0-4A7D-935F-B58C4B887A2B}" = HP ProtectTools Security Manager 2.00 C3
"{91810AFC-A4F8-4EBA-A5AA-B198BBC81144}" = InterVideo WinDVD
"{95120000-00B9-0409-0000-0000000FF1CE}" = Microsoft Application Error Reporting
"{95A890AA-B3B1-44B6-9C18-A8F7AB3EE7FC}" = QuickTime
"{9688A8B4-7654-11d3-A50A-00C04F44A9DA}" = Visio Core Files
"{9688A8C2-7654-11d3-A50A-00C04F44A9DA}" = Hilfe fur Visio 2000 (HTML Help)
"{97DB378D-9F05-4974-B7BA-AD8B3DD9EB5A}" = Lexware büro easy
"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
"{A1F66FC9-11EE-4F2F-98C9-16F8D1E69FB7}" = Segoe UI
"{A3051CD0-2F64-3813-A88D-B8DCCDE8F8C7}" = Microsoft .NET Framework 3.0 Service Pack 2
"{A5386C02-6638-11D3-8F9F-00C04F8DD7E3}" = Hilfe zu Programmdateien
"{A5386C03-6638-11D3-8F9F-00C04F8DD7E3}" = Shape-Explorer-Hilfe
"{A5386C04-6638-11D3-8F9F-00C04F8DD7E3}" = Hilfe zu Blockdiagrammen
"{A5386C05-6638-11D3-8F9F-00C04F8DD7E3}" = Hilfe zu Flußdiagrammen
"{A5386C06-6638-11D3-8F9F-00C04F8DD7E3}" = Hilfe zu Formularen und Diagrammen
"{A5386C07-6638-11D3-8F9F-00C04F8DD7E3}" = Hilfe zu Landkarten
"{A5386C08-6638-11D3-8F9F-00C04F8DD7E3}" = Hilfe zu Netzwerkdiagrammen
"{A5386C09-6638-11D3-8F9F-00C04F8DD7E3}" = Hilfe zu Raumplänen
"{A5386C0A-6638-11D3-8F9F-00C04F8DD7E3}" = Hilfe zu Organigrammen
"{A5386C0B-6638-11D3-8F9F-00C04F8DD7E3}" = Hilfe zu Projektplänen
"{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper
"{A93C4E94-1005-489D-BEAA-B873C1AA6CFC}" = HP Help and Support
"{AB562530-921D-11DE-A208-005056C00008}" = Paragon Backup & Recovery™ 10 Free Edition
"{AC76BA86-1033-F400-7760-000000000001}" = Adobe Acrobat 6.0 Professional - English, Français, Deutsch
"{AC76BA86-7AD7-1033-7B44-A82000000003}" = Adobe Reader 8.2.5
"{ACF60000-22B9-4CE9-98D6-2CCF359BAC07}" = ABBYY FineReader 6.0 Sprint
"{B480BD2A-F1BA-4FE6-8C8E-34C6111B72C9}" = ElsterFormular 2007/2008
"{B6FA7BE5-6C3F-42AF-B3C1-C1F4536920C5}" = Lexware Abschreibungsrechner
"{BD29EBAC-AD7D-4b27-B727-4CC6AC52D36B}" = MarketResearch
"{BEDFB0D0-CA1E-4CBA-9664-B25A74019D0C}" = Lexware Info Service
"{C09FB3CD-3D0C-3F2D-899A-6A1D67F2073F}" = Microsoft .NET Framework 2.0 Service Pack 2
"{C20B2271-69D4-11D4-A951-08005AD260A8}" = VOLKSWOHL BUND - Angebotsprogramm Komfort
"{C4A4722E-79F9-417C-BD72-8D359A090C97}" = Samsung PC Studio
"{CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}" = Microsoft .NET Framework 1.1
"{CBBCBE04-EA5E-4201-A924-E7ED3E8686AE}" = ElsterFormular 2006/2007
"{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1
"{D01D4968-D20E-431D-859F-5CE139B2DF25}" = Versionshinweise
"{D103C4BA-F905-437A-8049-DB24763BBE36}" = Skype™ 4.2
"{D755C7A3-C03E-4460-8C00-AC6E55505FB5}" = LightScribe 1.4.74.1
"{DB518BA6-CB74-4EB6-9ABD-880B6D6E1F38}" = HpSdpAppCoreApp
"{E0DBC47C-ED3F-4A1B-A929-9A26DAAA14B3}" = Application Installer 4.00.B5
"{E8814A8F-3B06-11D3-8CD7-00C04F72C04D}" = Microsoft Visual Studio Service Pack 3
"{ED00D08A-3C5F-488D-93A0-A04F21F23956}" = Windows Live Communications Platform
"{F0E12BBA-AD66-4022-A453-A1C8A0C4D570}" = Microsoft Choice Guard
"{F8FF18EE-264A-43FD-B2F6-5EAD40798C2F}" = Windows Live Essentials
"Adobe Flash Player Plugin" = Adobe Flash Player 10 Plugin
"Adobe Photoshop 6.0" = Adobe Photoshop 6.0
"Agere Systems Soft Modem" = Agere Systems HDA Modem
"Avira AntiVir Desktop" = Avira AntiVir Personal - Free Antivirus
"AVMFBox" = AVM FRITZ!Box Dokumentation
"AVMFBoxPrinter" = AVM FRITZ!Box Druckeranschluss
"BulkMailer 2008" = BulkMailer 2008 6.1
"ENTERPRISE" = Microsoft Office Enterprise 2007
"EPSON Scanner" = EPSON Scan
"Epson Stylus SX210_SX410_TX210_TX410 Benutzerhandbuch" = Epson Stylus SX210_SX410_TX210_TX410 Handbuch
"EPSON SX410 Series" = EPSON SX410 Series Printer Uninstall
"Google Updater" = Google Updater
"HP Photo & Imaging" = HP Image Zone 4.7
"HPExtendedCapabilities" = HP Extended Capabilities 4.7
"ie8" = Windows Internet Explorer 8
"Microsoft .NET Framework 1.1 (1033)" = Microsoft .NET Framework 1.1
"Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1
"Migo" = Migo (remove only)
"Mobile Partner" = Mobile Partner
"Mozilla Firefox (3.6.12)" = Mozilla Firefox (3.6.12)
"MSCompPackV1" = Microsoft Compression Client Pack 1.0 for Windows XP
"MyDefrag v4.3.1_is1" = MyDefrag v4.3.1
"NeroMultiInstaller!UninstallKey" = Nero Suite
"RealPlayer 6.0" = RealPlayer
"SAMSUNG CDMA Modem" = SAMSUNG CDMA Modem Driver Set
"Samsung Mobile phone USB driver" = Samsung Mobile phone USB driver Software
"SAMSUNG Mobile USB Modem" = SAMSUNG Mobile USB Modem Software
"SAMSUNG Mobile USB Modem 1.0" = SAMSUNG Mobile USB Modem 1.0 Software
"ShockwaveFlash" = Adobe Flash Player 9 ActiveX
"SynTPDeinstKey" = Synaptics Pointing Device Driver
"Totalcmd" = Total Commander (Remove or Repair)
"WIC" = Windows Imaging Component
"Windows Media Format Runtime" = Windows Media Format 11 runtime
"Windows Media Player" = Windows Media Player 11
"Windows XP Service Pack" = Windows XP Service Pack 3
"WinLiveSuite_Wave3" = Windows Live Essentials
"WinRAR archiver" = WinRAR archiver
"WMFDist11" = Windows Media Format 11 runtime
"wmp11" = Windows Media Player 11
"Wudf01000" = Microsoft User-Mode Driver Framework Feature Pack 1.0
========== HKEY_USERS Uninstall List ==========
[HKEY_USERS\S-1-5-21-2553521504-1179346763-3355203267-500\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"Google Chrome" = Google Chrome
"Juniper Secure Meeting 6.3.0" = Juniper Networks Secure Meeting 6.3.0
========== Last 10 Event Log Errors ==========
[ Application Events ]
Error - 14.11.2010 12:02:12 | Computer Name = YOUR-9E8503F508 | Source = Application Error | ID = 1000
Description = Fehlgeschlagene Anwendung jaucheck.exe, Version 2.0.2.4, fehlgeschlagenes
Modul jaucheck.exe, Version 2.0.2.4, Fehleradresse 0x0000c940.
Error - 16.11.2010 08:21:25 | Computer Name = YOUR-9E8503F508 | Source = Application Error | ID = 1000
Description = Fehlgeschlagene Anwendung pdfview.exe, Version 10.7.0.2, fehlgeschlagenes
Modul dl91cooltype.dll, Version 9.1.0.1, Fehleradresse 0x00135140.
Error - 18.11.2010 13:00:52 | Computer Name = YOUR-9E8503F508 | Source = crypt32 | ID = 131083
Description = Die Extrahierung der Drittanbieterstammlisten aus der automatischen
Aktualisierungs-CAB-Datei bei <hxxp://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cab>
ist fehlgeschlagen mit dem Fehler: Ein erforderliches Zertifikat befindet sich
nicht im Gültigkeitszeitraum gemessen an der aktuellen Systemzeit oder dem Zeitstempel
in der signierten Datei. .
Error - 21.11.2010 09:35:43 | Computer Name = YOUR-9E8503F508 | Source = Application Error | ID = 1000
Description = Fehlgeschlagene Anwendung jaucheck.exe, Version 2.0.2.4, fehlgeschlagenes
Modul jaucheck.exe, Version 2.0.2.4, Fehleradresse 0x0000c940.
Error - 22.11.2010 07:20:57 | Computer Name = YOUR-9E8503F508 | Source = Application Error | ID = 1000
Description = Fehlgeschlagene Anwendung skype.exe, Version 4.2.0.187, fehlgeschlagenes
Modul skype.exe, Version 4.2.0.187, Fehleradresse 0x00a4dba2.
Error - 22.11.2010 07:27:50 | Computer Name = YOUR-9E8503F508 | Source = Application Error | ID = 1000
Description = Fehlgeschlagene Anwendung skype.exe, Version 4.2.0.187, fehlgeschlagenes
Modul skype.exe, Version 4.2.0.187, Fehleradresse 0x00a4dba2.
Error - 22.11.2010 07:31:33 | Computer Name = YOUR-9E8503F508 | Source = Application Error | ID = 1000
Description = Fehlgeschlagene Anwendung skype.exe, Version 4.2.0.187, fehlgeschlagenes
Modul skype.exe, Version 4.2.0.187, Fehleradresse 0x00a4dba2.
Error - 22.11.2010 07:57:35 | Computer Name = YOUR-9E8503F508 | Source = Application Error | ID = 1000
Description = Fehlgeschlagene Anwendung skype.exe, Version 5.0.0.152, fehlgeschlagenes
Modul skype.exe, Version 5.0.0.152, Fehleradresse 0x00c20126.
Error - 22.11.2010 08:03:17 | Computer Name = YOUR-9E8503F508 | Source = Application Error | ID = 1000
Description = Fehlgeschlagene Anwendung skype.exe, Version 5.0.0.152, fehlgeschlagenes
Modul skype.exe, Version 5.0.0.152, Fehleradresse 0x00c20126.
Error - 22.11.2010 08:46:43 | Computer Name = YOUR-9E8503F508 | Source = Application Error | ID = 1000
Description = Fehlgeschlagene Anwendung skype.exe, Version 4.2.0.187, fehlgeschlagenes
Modul skype.exe, Version 4.2.0.187, Fehleradresse 0x00a4dba2.
[ OSession Events ]
Error - 06.05.2008 09:56:44 | Computer Name = YOUR-9E8503F508 | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 6, Application Name: Microsoft Office Outlook, Application Version:
12.0.6300.5000, Microsoft Office Version: 12.0.6021.5000. This session lasted 27626
seconds with 7440 seconds of active time. This session ended with a crash.
Error - 06.04.2009 18:12:47 | Computer Name = YOUR-9E8503F508 | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 6, Application Name: Microsoft Office Outlook, Application Version:
12.0.6316.5000, Microsoft Office Version: 12.0.6215.1000. This session lasted 47732
seconds with 600 seconds of active time. This session ended with a crash.
Error - 08.04.2009 08:10:47 | Computer Name = YOUR-9E8503F508 | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 6, Application Name: Microsoft Office Outlook, Application Version:
12.0.6316.5000, Microsoft Office Version: 12.0.6215.1000. This session lasted 136661
seconds with 4680 seconds of active time. This session ended with a crash.
Error - 03.07.2009 05:17:55 | Computer Name = YOUR-9E8503F508 | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 6, Application Name: Microsoft Office Outlook, Application Version:
12.0.6504.5000, Microsoft Office Version: 12.0.6215.1000. This session lasted 696281
seconds with 21240 seconds of active time. This session ended with a crash.
Error - 22.07.2009 04:19:31 | Computer Name = YOUR-9E8503F508 | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 6, Application Name: Microsoft Office Outlook, Application Version:
12.0.6504.5000, Microsoft Office Version: 12.0.6215.1000. This session lasted 168667
seconds with 9180 seconds of active time. This session ended with a crash.
Error - 05.08.2009 14:07:21 | Computer Name = YOUR-9E8503F508 | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 6, Application Name: Microsoft Office Outlook, Application Version:
12.0.6504.5000, Microsoft Office Version: 12.0.6215.1000. This session lasted 10008
seconds with 780 seconds of active time. This session ended with a crash.
Error - 13.08.2009 08:24:40 | Computer Name = YOUR-9E8503F508 | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 6, Application Name: Microsoft Office Outlook, Application Version:
12.0.6504.5000, Microsoft Office Version: 12.0.6215.1000. This session lasted 188062
seconds with 4680 seconds of active time. This session ended with a crash.
Error - 22.09.2009 17:28:30 | Computer Name = YOUR-9E8503F508 | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 6, Application Name: Microsoft Office Outlook, Application Version:
12.0.6504.5000, Microsoft Office Version: 12.0.6215.1000. This session lasted 140972
seconds with 1620 seconds of active time. This session ended with a crash.
Error - 01.10.2009 16:02:08 | Computer Name = YOUR-9E8503F508 | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 6, Application Name: Microsoft Office Outlook, Application Version:
12.0.6504.5000, Microsoft Office Version: 12.0.6215.1000. This session lasted 2867
seconds with 600 seconds of active time. This session ended with a crash.
Error - 11.12.2009 11:31:36 | Computer Name = YOUR-9E8503F508 | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 6, Application Name: Microsoft Office Outlook, Application Version:
12.0.6514.5000, Microsoft Office Version: 12.0.6425.1000. This session lasted 612
seconds with 240 seconds of active time. This session ended with a crash.
[ System Events ]
Error - 12.11.2010 04:41:28 | Computer Name = YOUR-9E8503F508 | Source = System Error | ID = 1003
Description = Fehlercode 000000f4, 1. Parameter 00000003, 2. Parameter 86501b70,
3. Parameter 86501ce4, 4. Parameter 805d2954.
Error - 13.11.2010 13:02:00 | Computer Name = YOUR-9E8503F508 | Source = iaStor | ID = 262153
Description = Das Gerät \Device\Ide\iaStor0 hat innerhalb der Fehlerwartezeit nicht
geantwortet.
Error - 19.11.2010 05:09:03 | Computer Name = YOUR-9E8503F508 | Source = Service Control Manager | ID = 7011
Description = Zeitüberschreitung (30000 ms) beim Warten auf eine Transaktionsrückmeldung
von Dienst stisvc.
Error - 22.11.2010 07:06:21 | Computer Name = YOUR-9E8503F508 | Source = DCOM | ID = 10010
Description = Der Server "{98D9A6F1-4696-4B5E-A2E8-36B3F9C1E12C}" konnte innerhalb
des angegebenen Zeitabschnitts mit DCOM nicht registriert werden.
Error - 22.11.2010 07:06:51 | Computer Name = YOUR-9E8503F508 | Source = DCOM | ID = 10010
Description = Der Server "{98D9A6F1-4696-4B5E-A2E8-36B3F9C1E12C}" konnte innerhalb
des angegebenen Zeitabschnitts mit DCOM nicht registriert werden.
Error - 22.11.2010 07:07:21 | Computer Name = YOUR-9E8503F508 | Source = DCOM | ID = 10010
Description = Der Server "{98D9A6F1-4696-4B5E-A2E8-36B3F9C1E12C}" konnte innerhalb
des angegebenen Zeitabschnitts mit DCOM nicht registriert werden.
Error - 22.11.2010 07:07:51 | Computer Name = YOUR-9E8503F508 | Source = DCOM | ID = 10010
Description = Der Server "{98D9A6F1-4696-4B5E-A2E8-36B3F9C1E12C}" konnte innerhalb
des angegebenen Zeitabschnitts mit DCOM nicht registriert werden.
Error - 22.11.2010 07:08:21 | Computer Name = YOUR-9E8503F508 | Source = DCOM | ID = 10010
Description = Der Server "{98D9A6F1-4696-4B5E-A2E8-36B3F9C1E12C}" konnte innerhalb
des angegebenen Zeitabschnitts mit DCOM nicht registriert werden.
Error - 22.11.2010 07:08:51 | Computer Name = YOUR-9E8503F508 | Source = DCOM | ID = 10010
Description = Der Server "{98D9A6F1-4696-4B5E-A2E8-36B3F9C1E12C}" konnte innerhalb
des angegebenen Zeitabschnitts mit DCOM nicht registriert werden.
Error - 22.11.2010 07:09:22 | Computer Name = YOUR-9E8503F508 | Source = DCOM | ID = 10010
Description = Der Server "{98D9A6F1-4696-4B5E-A2E8-36B3F9C1E12C}" konnte innerhalb
des angegebenen Zeitabschnitts mit DCOM nicht registriert werden.
< End of report >
OTL Logfile: Code:
ATTFilter OTL logfile created on: 22.11.2010 15:12:56 - Run 1 OTL by OldTimer - Version 3.2.17.3 Folder = C:\Documents and Settings Windows XP Professional Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation Internet Explorer (Version = 8.0.6001.18702) Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy 1.015,00 Mb Total Physical Memory | 259,00 Mb Available Physical Memory | 26,00% Memory free 2,00 Gb Paging File | 1,00 Gb Available in Paging File | 43,00% Paging File free Paging file location(s): C:\pagefile.sys 756 1522 [binary data] %SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files Drive C: | 50,17 Gb Total Space | 1,99 Gb Free Space | 3,96% Space Free | Partition Type: NTFS Drive D: | 5,72 Gb Total Space | 0,56 Gb Free Space | 9,78% Space Free | Partition Type: FAT32 Computer Name: YOUR-9E8503F508 | User Name: Administrator | Logged in as Administrator. Boot Mode: Normal | Scan Mode: All users Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days ========== Processes (SafeList) ========== PRC - C:\Documents and Settings\OTL.exe (OldTimer Tools) PRC - C:\Program Files\Mozilla Firefox\plugin-container.exe (Mozilla Corporation) PRC - C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation) PRC - C:\Program Files\Avira\AntiVir Desktop\avscan.exe (Avira GmbH) PRC - C:\Program Files\Avira\AntiVir Desktop\avguard.exe (Avira GmbH) PRC - C:\Program Files\CDBurnerXP\NMSAccessU.exe () PRC - C:\Program Files\Avira\AntiVir Desktop\avgnt.exe (Avira GmbH) PRC - C:\Program Files\Avira\AntiVir Desktop\sched.exe (Avira GmbH) PRC - C:\Program Files\Avira\AntiVir Desktop\avshadow.exe (Avira GmbH) PRC - C:\WINDOWS\system32\inetsrv\inetinfo.exe (Microsoft Corporation) PRC - C:\WINDOWS\explorer.exe (Microsoft Corporation) PRC - C:\Program Files\Common Files\Lexware\Update Manager\LxUpdateManager.exe (Lexware GmbH & Co. KG) PRC - C:\Program Files\FRITZ!DSL\IGDCTRL.EXE (AVM Berlin) PRC - C:\WINDOWS\system32\HPZipm12.exe (HP) PRC - C:\WINDOWS\system32\UTSCSI.EXE (USBest) PRC - C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe (Broadcom Corporation.) PRC - C:\Program Files\WIDCOMM\Bluetooth Software\BTStackServer.exe (Broadcom Corporation.) PRC - C:\WINDOWS\SMINST\Scheduler.exe () PRC - C:\Program Files\HPQ\HP ProtectTools Security Manager\pthosttr.exe (Hewlett-Packard Development Company, L.P.) PRC - C:\Program Files\HPQ\HP ProtectTools Security Manager\PTServs.exe (Hewlett-Packard Development Company, L.P.) PRC - C:\WINDOWS\system32\accelerometerST.exe (Hewlett-Packard Corporation) PRC - C:\Program Files\ProtectTools\Embedded Security Software\PSDrt.exe (Infineon Technologies AG) PRC - C:\Program Files\HPQ\Shared\HpqToaster.exe () PRC - C:\Program Files\InterVideo\DVD Check\DVDCheck.exe (InterVideo Inc.) PRC - C:\Program Files\ProtectTools\Embedded Security Software\SpTNA.exe (Infineon Technologies AG) PRC - C:\Program Files\Analog Devices\Core\smax4pnp.exe (Analog Devices, Inc.) PRC - C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe (InstallShield Software Corporation) PRC - C:\Program Files\Adobe\Acrobat 6.0\Distillr\acrotray.exe (Adobe Systems Inc.) ========== Modules (SafeList) ========== MOD - C:\Documents and Settings\OTL.exe (OldTimer Tools) MOD - C:\WINDOWS\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.2600.6028_x-ww_61e65202\comctl32.dll (Microsoft Corporation) MOD - C:\WINDOWS\system32\cabinet.dll (Microsoft Corporation) MOD - C:\Program Files\Windows Desktop Search\MSNLNamespaceMgr.dll (Microsoft Corporation) MOD - C:\WINDOWS\system32\framedyn.dll (Microsoft Corporation) MOD - C:\Program Files\WIDCOMM\Bluetooth Software\BTKeyInd.dll () ========== Win32 Services (SafeList) ========== SRV - (AntiVirService) -- C:\Program Files\Avira\AntiVir Desktop\avguard.exe (Avira GmbH) SRV - (NMSAccess) -- C:\Program Files\CDBurnerXP\NMSAccessU.exe () SRV - (AntiVirSchedulerService) -- C:\Program Files\Avira\AntiVir Desktop\sched.exe (Avira GmbH) SRV - (W3SVC) -- C:\WINDOWS\system32\inetsrv\inetinfo.exe (Microsoft Corporation) SRV - (SMTPSVC) Simple Mail Transfer Protocol (SMTP) -- C:\WINDOWS\system32\inetsrv\inetinfo.exe (Microsoft Corporation) SRV - (IISADMIN) -- C:\WINDOWS\system32\inetsrv\inetinfo.exe (Microsoft Corporation) SRV - (IGDCTRL) -- C:\Program Files\FRITZ!DSL\IGDCTRL.EXE (AVM Berlin) SRV - (Pml Driver HPZ12) -- C:\WINDOWS\system32\HPZipm12.exe (HP) SRV - (UTSCSI) -- C:\WINDOWS\system32\UTSCSI.EXE (USBest) ========== Driver Services (SafeList) ========== DRV - (avipbb) -- C:\WINDOWS\system32\drivers\avipbb.sys (Avira GmbH) DRV - (avgntflt) -- C:\WINDOWS\system32\drivers\avgntflt.sys (Avira GmbH) DRV - (hotcore3) -- C:\WINDOWS\system32\DRIVERS\hotcore3.sys (Paragon Software Group) DRV - (StarOpen) -- C:\WINDOWS\System32\drivers\StarOpen.sys () DRV - (ssmdrv) -- C:\WINDOWS\system32\drivers\ssmdrv.sys (Avira GmbH) DRV - (avgio) -- C:\Program Files\Avira\AntiVir Desktop\avgio.sys (Avira GmbH) DRV - (hwdatacard) -- C:\WINDOWS\system32\drivers\ewusbmdm.sys (Huawei Technologies Co., Ltd.) DRV - (RMCAST) -- C:\WINDOWS\system32\drivers\rmcast.sys (Microsoft Corporation) DRV - (MQAC) -- C:\WINDOWS\system32\drivers\mqac.sys (Microsoft Corporation) DRV - (HDAudBus) -- C:\WINDOWS\system32\drivers\hdaudbus.sys (Windows (R) Server 2003 DDK provider) DRV - (pfc) -- C:\WINDOWS\system32\drivers\pfc.sys (Padus, Inc.) DRV - (dtscsi) -- C:\WINDOWS\System32\Drivers\dtscsi.sys (DT Soft Ltd.) DRV - (sptd) -- C:\WINDOWS\System32\Drivers\sptd.sys () DRV - (bsusbser) -- C:\WINDOWS\system32\drivers\bsusbser.sys (QUALCOMM Incorporated) DRV - (ATSWPDRV) AuthenTec TruePrint USB Driver (AES2500) -- C:\WINDOWS\system32\drivers\atswpdrv.sys (AuthenTec, Inc.) DRV - (SynTP) -- C:\WINDOWS\system32\drivers\SynTP.sys (Synaptics, Inc.) DRV - (GTIPCI21) -- C:\WINDOWS\system32\drivers\gtipci21.sys (Texas Instruments) DRV - (ADIHdAudAddService) -- C:\WINDOWS\system32\drivers\ADIHdAud.sys (Analog Devices, Inc.) DRV - (btaudio) -- C:\WINDOWS\system32\drivers\btaudio.sys (Broadcom Corporation.) DRV - (BTKRNL) -- C:\WINDOWS\system32\drivers\btkrnl.sys (Broadcom Corporation.) DRV - (BTDriver) -- C:\WINDOWS\system32\drivers\btport.sys (Broadcom Corporation.) DRV - (btwmodem) -- C:\WINDOWS\system32\drivers\btwmodem.sys (Broadcom Corporation.) DRV - (BTWUSB) -- C:\WINDOWS\system32\drivers\btwusb.sys (Broadcom Corporation.) DRV - (BTWDNDIS) -- C:\WINDOWS\system32\drivers\btwdndis.sys (Broadcom Corporation.) DRV - (b57w2k) -- C:\WINDOWS\system32\drivers\b57xp32.sys (Broadcom Corporation) DRV - (AgereSoftModem) -- C:\WINDOWS\system32\drivers\AGRSM.sys (Agere Systems) DRV - (w39n51) Intel(R) -- C:\WINDOWS\system32\drivers\w39n51.sys (Intel® Corporation) DRV - (Accelerometer) -- C:\WINDOWS\system32\drivers\Accelerometer.sys (Hewlett-Packard Corporation) DRV - (hpdskflt) -- C:\WINDOWS\system32\DRIVERS\hpdskflt.sys (Hewlett-Packard Corporation) DRV - (tifm21) -- C:\WINDOWS\system32\drivers\tifm21.sys (Texas Instruments) DRV - (PersonalSecureDrive) -- C:\WINDOWS\System32\drivers\psd.sys (Infineon Technologies AG) DRV - (iaStor) -- C:\WINDOWS\System32\DRIVERS\iaStor.sys (Intel Corporation) DRV - (eabusb) -- C:\WINDOWS\system32\drivers\EabUsb.sys (Hewlett-Packard Development Company, L.P.) DRV - (HBtnKey) -- C:\WINDOWS\system32\drivers\CPQBttn.sys (Hewlett-Packard Development Company, L.P.) DRV - (eabfiltr) -- C:\WINDOWS\system32\drivers\eabfiltr.sys (Hewlett-Packard Development Company, L.P.) DRV - (ssm_mdm) -- C:\WINDOWS\system32\drivers\ssm_mdm.sys (MCCI) DRV - (ssm_mdfl) -- C:\WINDOWS\system32\drivers\ssm_mdfl.sys (MCCI) DRV - (ssm_bus) SAMSUNG Mobile USB Device II 1.0 driver (WDM) -- C:\WINDOWS\system32\drivers\ssm_bus.sys (MCCI) DRV - (IFXTPM) -- C:\WINDOWS\system32\drivers\ifxtpm.sys (Infineon Technologies AG) DRV - (SMCIRDA) -- C:\WINDOWS\system32\drivers\smcirda.sys (SMC) DRV - (AliIde) -- C:\WINDOWS\system32\DRIVERS\aliide.sys (Acer Laboratories Inc.) ========== Standard Registry (SafeList) ========== ========== Internet Explorer ========== IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 IE - HKU\S-1-5-21-2553521504-1179346763-3355203267-500\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = Google IE - HKU\S-1-5-21-2553521504-1179346763-3355203267-500\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = about:blank IE - HKU\S-1-5-21-2553521504-1179346763-3355203267-500\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 IE - HKU\S-1-5-21-2553521504-1179346763-3355203267-500\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = <local> IE - HKU\S-1-5-21-2553521504-1179346763-3355203267-500\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyServer" = sec-fire.main.elektrokavshiri.ge:8080 ========== FireFox ========== FF - prefs.js..browser.search.defaultenginename: "ICQ Search" FF - prefs.js..browser.search.useDBForOrder: true FF - prefs.js..browser.startup.homepage: "" FF - prefs.js..extensions.enabledItems: jqs@sun.com:1.0 FF - prefs.js..extensions.enabledItems: {37E4D8EA-8BDA-4831-8EA1-89053939A250}:3.0.0.1 FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}:6.0.20 FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA}:6.0.21 FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}:6.0.22 FF - prefs.js..keyword.URL: "hxxp://search.icq.com/search/afe_results.php?ch_id=afex&q=" FF - HKLM\software\mozilla\Mozilla Firefox 3.6.12\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2010.10.28 21:28:19 | 000,000,000 | ---D | M] FF - HKLM\software\mozilla\Mozilla Firefox 3.6.12\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2010.10.28 21:28:19 | 000,000,000 | ---D | M] [2008.09.18 10:12:48 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Administrator\Application Data\mozilla\Extensions [2010.11.22 14:50:41 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Administrator\Application Data\mozilla\Firefox\Profiles\ys7ih1cc.default\extensions [2010.04.27 14:23:30 | 000,000,000 | ---D | M] (Microsoft .NET Framework Assistant) -- C:\Documents and Settings\Administrator\Application Data\mozilla\Firefox\Profiles\ys7ih1cc.default\extensions\{20a82645-c095-46ed-80e3-08825760534b} [2009.10.15 21:46:04 | 000,000,000 | ---D | M] (PDF Download) -- C:\Documents and Settings\Administrator\Application Data\mozilla\Firefox\Profiles\ys7ih1cc.default\extensions\{37E4D8EA-8BDA-4831-8EA1-89053939A250} [2010.11.22 14:50:41 | 000,000,000 | ---D | M] -- C:\Program Files\Mozilla Firefox\extensions [2010.06.06 07:57:00 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA} [2010.08.06 12:42:31 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA} [2010.11.06 00:05:38 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA} [2010.09.15 04:50:38 | 000,472,808 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\Mozilla Firefox\plugins\npdeployJava1.dll [2010.03.13 22:33:17 | 000,001,392 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\amazondotcom-de.xml [2010.03.13 22:33:17 | 000,002,344 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\eBay-de.xml [2010.03.13 22:33:17 | 000,006,805 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\leo_ende_de.xml [2010.03.13 22:33:17 | 000,001,178 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\wikipedia-de.xml [2010.03.13 22:33:17 | 000,001,105 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\yahoo-de.xml O1 HOSTS File: ([2004.08.04 09:00:00 | 000,000,734 | ---- | M]) - C:\WINDOWS\system32\drivers\etc\hosts O1 - Hosts: 127.0.0.1 localhost O2 - BHO: (Adobe PDF Reader Link Helper) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll (Adobe Systems Incorporated) O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - No CLSID value found. O2 - BHO: (AcroIEToolbarHelper Class) - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program Files\Adobe\Acrobat 6.0\Acrobat\AcroIEFavClient.dll () O2 - BHO: (Google Toolbar Notifier BHO) - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.1.1309.3572\swg.dll (Google Inc.) O3 - HKLM\..\Toolbar: (Adobe PDF) - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Adobe\Acrobat 6.0\Acrobat\AcroIEFavClient.dll () O3 - HKU\S-1-5-21-2553521504-1179346763-3355203267-500\..\Toolbar\WebBrowser: (Adobe PDF) - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Adobe\Acrobat 6.0\Acrobat\AcroIEFavClient.dll () O4 - HKLM..\Run: [] File not found O4 - HKLM..\Run: [AccelerometerSysTrayApplet] C:\WINDOWS\system32\accelerometerST.exe (Hewlett-Packard Corporation) O4 - HKLM..\Run: [Adobe Reader Speed Launcher] C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe (Adobe Systems Incorporated) O4 - HKLM..\Run: [avgnt] C:\Program Files\Avira\AntiVir Desktop\avgnt.exe (Avira GmbH) O4 - HKLM..\Run: [Cpqset] C:\Program Files\HPQ\Default Settings\Cpqset.exe () O4 - HKLM..\Run: [ISUSPM Startup] C:\PROGRA~1\COMMON~1\INSTAL~1\UPDATE~1\isuspm.exe File not found O4 - HKLM..\Run: [ISUSScheduler] C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe (InstallShield Software Corporation) O4 - HKLM..\Run: [LexwareInfoService] C:\Program Files\Common Files\Lexware\Update Manager\LxUpdateManager.exe (Lexware GmbH & Co. KG) O4 - HKLM..\Run: [MbWzdFPAP-EXL540] E:\PdtGuide.exe File not found O4 - HKLM..\Run: [MsmqIntCert] C:\WINDOWS\System32\mqrt.dll (Microsoft Corporation) O4 - HKLM..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe (Ahead Software Gmbh) O4 - HKLM..\Run: [PTHOSTTR] C:\Program Files\HPQ\HP ProtectTools Security Manager\PTHOSTTR.EXE (Hewlett-Packard Development Company, L.P.) O4 - HKLM..\Run: [Recguard] C:\WINDOWS\SMINST\Recguard.exe () O4 - HKLM..\Run: [Reminder] C:\WINDOWS\CREATOR\Remind_XP.exe () O4 - HKLM..\Run: [Scheduler] C:\WINDOWS\SMINST\Scheduler.exe () O4 - HKLM..\Run: [SoundMAXPnP] C:\Program Files\Analog Devices\Core\smax4pnp.exe (Analog Devices, Inc.) O4 - HKLM..\Run: [WatchDog] C:\Program Files\InterVideo\DVD Check\DVDCheck.exe (InterVideo Inc.) O4 - HKU\S-1-5-21-2553521504-1179346763-3355203267-500..\Run: [RegistryBooster] C:\Program Files\Uniblue\RegistryBooster\launcher.exe File not found O4 - HKU\.DEFAULT..\RunOnce: [IETI] C:\Program Files\Skype\Phone\IEPlugin\unins000.exe File not found O4 - HKU\S-1-5-18..\RunOnce: [IETI] C:\Program Files\Skype\Phone\IEPlugin\unins000.exe File not found O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Acrobat Assistant.lnk = C:\Program Files\Adobe\Acrobat 6.0\Distillr\acrotray.exe (Adobe Systems Inc.) O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Adobe Gamma Loader.exe.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe (Adobe Systems, Inc.) O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe File not found O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Bluetooth.lnk = C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe (Broadcom Corporation.) O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Microsoft Office.lnk = C:\WINDOWS\Office\OSA9.EXE (Microsoft Corporation) O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1 O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145 O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145 O7 - HKU\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145 O7 - HKU\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145 O7 - HKU\S-1-5-21-2553521504-1179346763-3355203267-500\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145 O8 - Extra context menu item: Send To &Bluetooth - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm () O9 - Extra Button: @btrez.dll,-4015 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm () O9 - Extra 'Tools' menuitem : @btrez.dll,-4017 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm () O15 - HKU\S-1-5-21-2553521504-1179346763-3355203267-500\..Trusted Domains: fritz.box ([]* in Local intranet) O15 - HKU\S-1-5-21-2553521504-1179346763-3355203267-500\..Trusted Ranges: Range1 ([*] in Local intranet) O16 - DPF: {0DB074F0-617E-4EE9-912C-2965CF2AA5A4} hxxp://download.microsoft.com/download/7/0/7/707a44ad-52ad-49af-b7ef-e21b6b0656e4/VirtualEarth3D.cab (SentinelVE3D Class) O16 - DPF: {3BB1D69B-A780-4BE1-876E-F3D488877135} hxxp://download.microsoft.com/download/2/2/0/220618B3-3606-4E70-B625-231BF31E1085/VirtualEarth3D.cab (SentinelProxy Class) O16 - DPF: {888078C6-70B2-4F88-8EE7-1F50DDEA6120} https://as.photoprintit.de/ips-opdata/activex/ImageUploader6.cab (CeWe Color AG & Co. OHG Control) O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab (Java Plug-in 1.6.0_22) O16 - DPF: {9122D757-5A4F-4768-82C5-B4171D8556A7} hxxp://appdirectory.messenger.msn.com/AppDirectory/P4Apps/PhotoSwap/PhtPkMSN.cab (PhotoPickConvert Class) O16 - DPF: {A1F2F2CE-06AF-483C-9F12-D3BAA72477D6} hxxp://appdirectory.messenger.msn.com/AppDirectory/P4Apps/PhotoSwap/DigWXMSN.cab (BatchDownloader Class) O16 - DPF: {B4F89E07-3C6C-49FC-850B-B5F6A03BB435} https://www.ibank.ge/servlets/ibc?File=221744.CAB (SecureExG Class) O16 - DPF: {CAFEEFAC-0015-0000-0006-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.5.0/jinstall-1_5_0_06-windows-i586.cab (Reg Error: Key error.) O16 - DPF: {CAFEEFAC-0016-0000-0001-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_01-windows-i586.cab (Reg Error: Key error.) O16 - DPF: {CAFEEFAC-0016-0000-0002-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_02-windows-i586.cab (Reg Error: Key error.) O16 - DPF: {CAFEEFAC-0016-0000-0003-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_03-windows-i586.cab (Reg Error: Key error.) O16 - DPF: {CAFEEFAC-0016-0000-0005-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_05-windows-i586.cab (Reg Error: Key error.) O16 - DPF: {CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_07-windows-i586.cab (Reg Error: Key error.) O16 - DPF: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab (Java Plug-in 1.6.0_22) O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab (Java Plug-in 1.6.0_22) O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} hxxp://download.macromedia.com/pub/shockwave/cabs/flash/swflash.cab (Shockwave Flash Object) O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation) O20 - Winlogon\Notify\IfxWlxEN: DllName - IfxWlxEN.dll - C:\WINDOWS\System32\IfxWlxEN.dll (Infineon Technologies AG) O20 - Winlogon\Notify\igfxcui: DllName - igfxdev.dll - C:\WINDOWS\System32\igfxdev.dll (Intel Corporation) O24 - Desktop WallPaper: C:\Documents and Settings\Administrator\Local Settings\Application Data\Microsoft\Wallpaper1.bmp O24 - Desktop BackupWallPaper: C:\Documents and Settings\Administrator\Local Settings\Application Data\Microsoft\Wallpaper1.bmp O28 - HKLM ShellExecuteHooks: {56F9679E-7826-4C84-81F3-532071A8BCC5} - C:\Program Files\Windows Desktop Search\MSNLNamespaceMgr.dll (Microsoft Corporation) O32 - HKLM CDRom: AutoRun - 1 O32 - AutoRun File - [2001.07.27 23:07:00 | 000,000,000 | -HS- | M] () - D:\AUTOEXEC.BAT -- [ FAT32 ] O32 - Unable to obtain root file information for disk D:\ O33 - MountPoints2\{2b9f530d-48f0-11de-9d01-001641cb9111}\Shell\AutoRun\command - "" = F:\setup.exe -- File not found O33 - MountPoints2\{3b90b1b2-ff4f-11de-9d6b-0016d4486d0c}\Shell - "" = AutoRun O33 - MountPoints2\{3b90b1b2-ff4f-11de-9d6b-0016d4486d0c}\Shell\AutoRun - "" = Auto&Play O33 - MountPoints2\{3b90b1b2-ff4f-11de-9d6b-0016d4486d0c}\Shell\AutoRun\command - "" = E:\AutoRun.exe -- File not found O33 - MountPoints2\{3b90b1b5-ff4f-11de-9d6b-0016d4486d0c}\Shell - "" = AutoRun O33 - MountPoints2\{3b90b1b5-ff4f-11de-9d6b-0016d4486d0c}\Shell\AutoRun - "" = Auto&Play O33 - MountPoints2\{3b90b1b5-ff4f-11de-9d6b-0016d4486d0c}\Shell\AutoRun\command - "" = E:\AutoRun.exe -- File not found O33 - MountPoints2\{3b90b1b7-ff4f-11de-9d6b-0016d4486d0c}\Shell - "" = AutoRun O33 - MountPoints2\{3b90b1b7-ff4f-11de-9d6b-0016d4486d0c}\Shell\AutoRun - "" = Auto&Play O33 - MountPoints2\{3b90b1b7-ff4f-11de-9d6b-0016d4486d0c}\Shell\AutoRun\command - "" = E:\AutoRun.exe -- File not found O33 - MountPoints2\{3b90b1b8-ff4f-11de-9d6b-0016d4486d0c}\Shell - "" = AutoRun O33 - MountPoints2\{3b90b1b8-ff4f-11de-9d6b-0016d4486d0c}\Shell\AutoRun - "" = Auto&Play O33 - MountPoints2\{3b90b1b8-ff4f-11de-9d6b-0016d4486d0c}\Shell\AutoRun\command - "" = E:\AutoRun.exe -- File not found O33 - MountPoints2\{3b90b1bc-ff4f-11de-9d6b-0016d4486d0c}\Shell - "" = AutoRun O33 - MountPoints2\{3b90b1bc-ff4f-11de-9d6b-0016d4486d0c}\Shell\AutoRun - "" = Auto&Play O33 - MountPoints2\{3b90b1bc-ff4f-11de-9d6b-0016d4486d0c}\Shell\AutoRun\command - "" = E:\AutoRun.exe -- File not found O33 - MountPoints2\{3b90b1c1-ff4f-11de-9d6b-0016d4486d0c}\Shell - "" = AutoRun O33 - MountPoints2\{3b90b1c1-ff4f-11de-9d6b-0016d4486d0c}\Shell\AutoRun - "" = Auto&Play O33 - MountPoints2\{3b90b1c1-ff4f-11de-9d6b-0016d4486d0c}\Shell\AutoRun\command - "" = E:\AutoRun.exe -- File not found O33 - MountPoints2\{3b90b1c3-ff4f-11de-9d6b-001641cb9111}\Shell - "" = AutoRun O33 - MountPoints2\{3b90b1c3-ff4f-11de-9d6b-001641cb9111}\Shell\AutoRun - "" = Auto&Play O33 - MountPoints2\{3b90b1c3-ff4f-11de-9d6b-001641cb9111}\Shell\AutoRun\command - "" = E:\AutoRun.exe -- File not found O33 - MountPoints2\{3b90b1d4-ff4f-11de-9d6b-0018de7b2ecb}\Shell - "" = AutoRun O33 - MountPoints2\{3b90b1d4-ff4f-11de-9d6b-0018de7b2ecb}\Shell\AutoRun - "" = Auto&Play O33 - MountPoints2\{3b90b1d4-ff4f-11de-9d6b-0018de7b2ecb}\Shell\AutoRun\command - "" = E:\AutoRun.exe -- File not found O33 - MountPoints2\{72353c16-39bb-11dc-9ae0-0018de7b2ecb}\Shell\Auto\command - "" = AdobeR.exe e O33 - MountPoints2\{72353c16-39bb-11dc-9ae0-0018de7b2ecb}\Shell\AutoRun - "" = Auto&Play O33 - MountPoints2\{87624d2c-4cdb-11dc-9b0c-0018de7b2ecb}\Shell - "" = AutoRun O33 - MountPoints2\{87624d2c-4cdb-11dc-9b0c-0018de7b2ecb}\Shell\1\Command - "" = E:\.\RECYCLER\RECYCLER\autorun.exe -- File not found O33 - MountPoints2\{87624d2c-4cdb-11dc-9b0c-0018de7b2ecb}\Shell\2\Command - "" = E:\.\RECYCLER\RECYCLER\autorun.exe -- File not found O33 - MountPoints2\{87624d2c-4cdb-11dc-9b0c-0018de7b2ecb}\Shell\AutoRun - "" = Auto&Play O33 - MountPoints2\{98566590-f49b-11db-9a4b-0018de7b2ecb}\Shell\Auto\command - "" = AdobeR.exe e O33 - MountPoints2\{98566590-f49b-11db-9a4b-0018de7b2ecb}\Shell\AutoRun - "" = Auto&Play O33 - MountPoints2\{b68f933e-d724-11db-9a2a-0018de7b2ecb}\Shell - "" = AutoRun O33 - MountPoints2\{b68f933e-d724-11db-9a2a-0018de7b2ecb}\Shell\AutoRun - "" = Auto&Play O33 - MountPoints2\{b68f933e-d724-11db-9a2a-0018de7b2ecb}\Shell\AutoRun\command - "" = F:\muisetup.exe -- File not found O33 - MountPoints2\{bcf555c0-5d1a-11dc-9b29-001641cb9111}\Shell\Auto\command - "" = E:\AdobeR.exe -- File not found O33 - MountPoints2\{bcf555c0-5d1a-11dc-9b29-001641cb9111}\Shell\AutoRun - "" = Auto&Play O33 - MountPoints2\E\Shell - "" = AutoRun O33 - MountPoints2\E\Shell\AutoRun - "" = Auto&Play O33 - MountPoints2\E\Shell\AutoRun\command - "" = E:\AutoRun.exe -- File not found O34 - HKLM BootExecute: (autocheck autochk *) - File not found O35 - HKLM\..comfile [open] -- "%1" %* O35 - HKLM\..exefile [open] -- "%1" %* O37 - HKLM\...com [@ = comfile] -- "%1" %* O37 - HKLM\...exe [@ = exefile] -- "%1" %* ========== Files/Folders - Created Within 30 Days ========== [2010.11.22 13:53:58 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Skype [2010.11.18 12:53:03 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Administrator\Application Data\Canneverbe Limited [2010.11.18 12:52:58 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Canneverbe Limited [2010.11.18 12:51:11 | 000,000,000 | ---D | C] -- C:\Program Files\CDBurnerXP [2010.11.06 00:05:37 | 000,153,376 | ---- | C] (Sun Microsystems, Inc.) -- C:\WINDOWS\System32\javaws.exe [2010.11.06 00:05:37 | 000,145,184 | ---- | C] (Sun Microsystems, Inc.) -- C:\WINDOWS\System32\javaw.exe [2010.11.06 00:05:37 | 000,145,184 | ---- | C] (Sun Microsystems, Inc.) -- C:\WINDOWS\System32\java.exe [2010.11.04 10:46:15 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Administrator\Local Settings\Application Data\PCHealth [2010.10.24 15:51:51 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Volkswohl Bund [2010.10.24 15:45:17 | 000,000,000 | ---D | C] -- C:\Program Files\VOLKSWOHL BUND [5 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ] [2 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ] ========== Files - Modified Within 30 Days ========== [2010.11.22 15:03:00 | 000,001,220 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskUserS-1-5-21-2553521504-1179346763-3355203267-500UA.job [2010.11.22 14:23:03 | 000,000,900 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineUA.job [2010.11.22 14:23:03 | 000,000,896 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineCore.job [2010.11.22 13:59:09 | 000,001,052 | ---- | M] () -- C:\WINDOWS\tasks\Google Software Updater.job [2010.11.22 13:58:24 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat [2010.11.22 13:58:22 | 1064,751,104 | -HS- | M] () -- C:\hiberfil.sys [2010.11.22 13:54:53 | 000,002,267 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Skype.lnk [2010.11.22 11:46:06 | 000,834,185 | ---- | M] () -- C:\Documents and Settings\Administrator\My Documents\print-3.pdf [2010.11.21 19:00:00 | 000,000,370 | ---- | M] () -- C:\WINDOWS\tasks\ZDB-JobNr-01.job [2010.11.21 15:47:20 | 000,000,181 | ---- | M] () -- C:\Documents and Settings\Administrator\default.pls [2010.11.21 15:46:33 | 000,000,116 | ---- | M] () -- C:\WINDOWS\NeroDigital.ini [2010.11.18 12:51:16 | 000,001,612 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\CDBurnerXP.lnk [2010.11.18 01:52:39 | 000,054,156 | -H-- | M] () -- C:\WINDOWS\QTFont.qfn [2010.11.17 00:03:00 | 000,001,168 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskUserS-1-5-21-2553521504-1179346763-3355203267-500Core.job [2010.11.12 05:15:18 | 000,000,336 | ---- | M] () -- C:\WINDOWS\tasks\MyDefrag v4.3.1 Daily.job [2010.11.10 16:32:37 | 000,378,448 | ---- | M] () -- C:\WINDOWS\System32\FNTCACHE.DAT [2010.11.08 20:59:50 | 000,001,409 | ---- | M] () -- C:\WINDOWS\QTFont.for [2010.11.04 10:58:25 | 000,000,792 | ---- | M] () -- C:\Documents and Settings\Administrator\Application Data\Microsoft\Internet Explorer\Quick Launch\Microsoft Office Outlook.lnk [2010.11.02 13:03:24 | 000,526,920 | ---- | M] () -- C:\WINDOWS\System32\perfh009.dat [2010.11.02 13:03:24 | 000,100,318 | ---- | M] () -- C:\WINDOWS\System32\perfc009.dat [5 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ] [2 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ] ========== Files Created - No Company Name ========== [2010.11.22 13:54:05 | 000,002,267 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Skype.lnk [2010.11.22 11:46:05 | 000,834,185 | ---- | C] () -- C:\Documents and Settings\Administrator\My Documents\print-3.pdf [2010.11.18 12:51:16 | 000,001,612 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\CDBurnerXP.lnk [2010.11.08 20:59:50 | 000,054,156 | -H-- | C] () -- C:\WINDOWS\QTFont.qfn [2010.11.08 20:59:50 | 000,001,409 | ---- | C] () -- C:\WINDOWS\QTFont.for [2010.07.22 21:59:26 | 123,113,665 | ---- | C] () -- C:\Program Files\clonezilla-live-1.2.4-28-686.zip [2010.03.26 16:34:00 | 000,000,097 | ---- | C] () -- C:\WINDOWS\System32\PICSDK.ini [2009.12.18 19:49:12 | 000,001,763 | ---- | C] () -- C:\Documents and Settings\All Users\Application Data\QTSBandwidthCache [2009.06.17 08:22:10 | 000,045,132 | ---- | C] () -- C:\Documents and Settings\Administrator\Application Data\JuniperExtXP.exe [2009.05.26 08:54:42 | 000,000,923 | ---- | C] () -- C:\WINDOWS\WirelessCard.INI [2009.04.02 09:29:59 | 016,283,032 | ---- | C] () -- C:\Program Files\jre-6u13-windows-i586-p.exe [2008.08.15 21:59:48 | 000,000,020 | ---- | C] () -- C:\WINDOWS\eplan.ini [2008.01.20 20:16:46 | 000,021,791 | ---- | C] () -- C:\WINDOWS\System32\smtpctrs.ini [2008.01.20 20:16:46 | 000,001,037 | ---- | C] () -- C:\WINDOWS\System32\ntfsdrct.ini [2008.01.20 20:16:22 | 000,038,576 | ---- | C] () -- C:\WINDOWS\System32\w3ctrs.ini [2008.01.20 20:16:22 | 000,011,435 | ---- | C] () -- C:\WINDOWS\System32\infoctrs.ini [2008.01.20 20:16:22 | 000,010,225 | ---- | C] () -- C:\WINDOWS\System32\axperf.ini [2008.01.20 20:16:21 | 000,001,793 | ---- | C] () -- C:\WINDOWS\System32\fxsperf.ini [2007.11.28 22:57:06 | 000,009,216 | ---- | C] () -- C:\Documents and Settings\Administrator\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini [2007.10.23 13:50:16 | 000,208,896 | ---- | C] () -- C:\WINDOWS\System32\LXPrnUtil10.dll [2007.10.23 13:47:02 | 000,303,104 | ---- | C] () -- C:\WINDOWS\System32\dnt27VC8.dll [2007.10.23 13:44:46 | 000,090,112 | ---- | C] () -- C:\WINDOWS\System32\dntvmc27VC8.dll [2007.10.23 13:44:28 | 000,086,016 | ---- | C] () -- C:\WINDOWS\System32\dntvm27VC8.dll [2007.07.16 19:36:14 | 000,000,136 | ---- | C] () -- C:\Documents and Settings\Administrator\Local Settings\Application Data\fusioncache.dat [2007.07.06 18:37:03 | 000,003,369 | ---- | C] () -- C:\WINDOWS\tm.ini [2007.07.04 16:33:24 | 000,204,800 | ---- | C] () -- C:\WINDOWS\System32\IVIresizeW7.dll [2007.07.04 16:33:23 | 000,200,704 | ---- | C] () -- C:\WINDOWS\System32\IVIresizeA6.dll [2007.07.04 16:33:23 | 000,192,512 | ---- | C] () -- C:\WINDOWS\System32\IVIresizeP6.dll [2007.07.04 16:33:23 | 000,192,512 | ---- | C] () -- C:\WINDOWS\System32\IVIresizeM6.dll [2007.07.04 16:33:23 | 000,188,416 | ---- | C] () -- C:\WINDOWS\System32\IVIresizePX.dll [2007.07.04 16:33:23 | 000,020,480 | ---- | C] () -- C:\WINDOWS\System32\IVIresize.dll [2007.07.03 21:44:47 | 000,024,576 | ---- | C] () -- C:\WINDOWS\System32\std201mt.dll [2007.07.03 21:44:35 | 000,000,175 | ---- | C] () -- C:\WINDOWS\wininit.ini [2007.06.25 15:46:42 | 000,000,116 | ---- | C] () -- C:\WINDOWS\NeroDigital.ini [2007.05.28 11:41:19 | 000,081,920 | ---- | C] () -- C:\WINDOWS\System32\emfxp.dll [2007.05.05 16:23:33 | 000,006,732 | ---- | C] () -- C:\Program Files\Pen_0006.cat [2007.04.22 12:28:22 | 000,000,305 | ---- | C] () -- C:\Documents and Settings\All Users\Application Data\addr_file.html [2007.04.22 12:20:46 | 000,000,000 | ---- | C] () -- C:\Documents and Settings\All Users\Application Data\LauncherAccess.dt [2007.04.22 11:56:48 | 000,007,168 | ---- | C] () -- C:\WINDOWS\System32\drivers\StarOpen.sys [2007.04.16 14:46:13 | 000,642,560 | ---- | C] () -- C:\WINDOWS\System32\drivers\sptd.sys [2007.04.16 14:46:13 | 000,096,384 | ---- | C] () -- C:\WINDOWS\System32\drivers\sptd9341.sys [2007.04.15 12:13:04 | 000,000,063 | ---- | C] () -- C:\WINDOWS\mdm.ini [2007.04.15 12:12:57 | 000,000,000 | ---- | C] () -- C:\WINDOWS\NSREX.INI [2007.04.14 14:26:05 | 000,000,400 | ---- | C] () -- C:\WINDOWS\ODBC.INI [2007.04.10 06:09:02 | 000,000,000 | ---- | C] () -- C:\Documents and Settings\Administrator\Local Settings\Application Data\FnF4.txt [2007.03.22 17:37:45 | 000,009,606 | ---- | C] () -- C:\Documents and Settings\All Users\Application Data\hpzinstall.log [2007.03.22 17:37:23 | 000,077,824 | ---- | C] () -- C:\WINDOWS\System32\hpzids01.dll [2007.01.03 07:24:36 | 000,020,698 | ---- | C] () -- C:\WINDOWS\System32\idxcntrs.ini [2007.01.03 07:22:46 | 000,030,628 | ---- | C] () -- C:\WINDOWS\System32\gsrvctr.ini [2007.01.03 07:22:14 | 000,031,698 | ---- | C] () -- C:\WINDOWS\System32\gthrctr.ini [2006.09.21 12:53:28 | 000,282,679 | ---- | C] () -- C:\WINDOWS\System32\dnt27.dll [2006.09.21 12:52:24 | 000,077,882 | ---- | C] () -- C:\WINDOWS\System32\dntvmc27.dll [2006.09.21 12:52:14 | 000,077,881 | ---- | C] () -- C:\WINDOWS\System32\dntvm27.dll [2006.04.13 14:18:45 | 000,000,000 | ---- | C] () -- C:\Documents and Settings\Administrator\Local Settings\Application Data\QSwitch.txt [2006.04.13 14:18:45 | 000,000,000 | ---- | C] () -- C:\Documents and Settings\Administrator\Local Settings\Application Data\DSwitch.txt [2006.04.13 14:18:45 | 000,000,000 | ---- | C] () -- C:\Documents and Settings\Administrator\Local Settings\Application Data\AtStart.txt [2006.04.13 14:13:32 | 000,028,836 | ---- | C] () -- C:\WINDOWS\System32\oeminfo.ini [2006.04.13 13:54:12 | 000,017,408 | ---- | C] () -- C:\WINDOWS\System32\rpcnetp.dll [2006.02.27 13:51:36 | 000,090,112 | ---- | C] () -- C:\WINDOWS\System32\btprn2k.dll [2005.09.21 09:42:38 | 000,000,061 | ---- | C] () -- C:\WINDOWS\smscfg.ini [2005.09.21 09:21:16 | 000,000,791 | ---- | C] () -- C:\WINDOWS\orun32.ini [2005.09.20 17:14:32 | 000,004,335 | ---- | C] () -- C:\WINDOWS\ODBCINST.INI [2005.03.11 17:40:08 | 000,061,502 | ---- | C] () -- C:\WINDOWS\System32\ODBCMON.DLL [2004.06.01 10:39:56 | 000,094,274 | ---- | C] () -- C:\WINDOWS\System32\HPBHEALR.DLL [2004.01.13 19:46:34 | 000,172,032 | ---- | C] () -- C:\WINDOWS\System32\tifmicon.dll [2002.03.21 14:39:02 | 000,073,728 | ---- | C] () -- C:\WINDOWS\System32\UNACEV2.DLL [2001.11.14 09:56:00 | 001,802,240 | ---- | C] () -- C:\WINDOWS\System32\lcppn21.dll [2001.04.25 18:18:44 | 000,000,887 | R--- | C] () -- C:\WINDOWS\OEMINFO.INI [2000.12.04 20:27:06 | 000,110,080 | ---- | C] () -- C:\WINDOWS\System32\W32MKRC.DLL [2000.07.06 12:08:32 | 000,003,952 | ---- | C] () -- C:\WINDOWS\source.ini [2000.04.27 19:04:02 | 000,196,608 | ---- | C] () -- C:\WINDOWS\System32\VisShe32.dll [1999.05.14 15:05:22 | 000,015,627 | ---- | C] () -- C:\WINDOWS\System32\WBROLLRS.DLL [1999.01.23 01:46:56 | 000,065,536 | ---- | C] () -- C:\WINDOWS\System32\MSRTEDIT.DLL [1998.05.07 03:10:00 | 000,069,632 | ---- | C] () -- C:\WINDOWS\System32\ODMA32.dll ========== LOP Check ========== [2007.04.27 12:27:16 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Administrator\Application Data\ABIG [2007.05.05 16:45:01 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Administrator\Application Data\ACD Systems [2010.11.18 12:53:03 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Administrator\Application Data\Canneverbe Limited [2007.04.22 12:59:42 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Administrator\Application Data\ConvertTemp [2010.03.27 18:24:10 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Administrator\Application Data\EPSON [2010.04.09 10:52:33 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Administrator\Application Data\FRITZ! [2009.09.20 12:22:44 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Administrator\Application Data\GHISLER [2008.04.16 12:44:56 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Administrator\Application Data\ICQ Toolbar [2007.07.03 21:41:43 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Administrator\Application Data\Infineon [2007.07.12 21:09:54 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Administrator\Application Data\InterVideo [2009.06.17 08:22:27 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Administrator\Application Data\Juniper Networks [2009.01.19 15:54:22 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Administrator\Application Data\Kroll-Software [2008.09.19 19:50:35 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Administrator\Application Data\Lexware [2007.07.06 23:23:48 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Administrator\Application Data\MSNInstaller [2007.04.09 22:09:17 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Administrator\Application Data\PowerHouse [2006.04.13 14:32:54 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Administrator\Application Data\SampleView [2007.04.22 12:28:07 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Administrator\Application Data\Samsung [2009.02.09 09:47:51 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Administrator\Application Data\TeamViewer [2007.08.06 17:11:17 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Administrator\Application Data\Temporary [2007.07.17 14:51:47 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Administrator\Application Data\TransRender [2010.09.18 17:28:35 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Administrator\Application Data\Uniblue [2007.04.15 15:18:11 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Administrator\Application Data\Visio [2010.08.01 17:43:28 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Administrator\Application Data\Volkswohl Bund [2007.04.10 11:57:23 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Administrator\Application Data\Windows Desktop Search [2010.11.22 13:38:26 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\+Skype [2008.09.19 19:46:31 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\BTrieve [2010.11.18 12:52:58 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Canneverbe Limited [2008.06.17 14:18:08 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\ElsterFormular [2010.03.27 17:53:40 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\EPSON [2007.07.03 21:41:42 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Infineon [2009.06.17 08:22:10 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Juniper Networks [2008.09.19 19:52:23 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\lexware [2010.07.26 16:49:17 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Paragon [2010.03.26 16:37:25 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\UDL [2010.10.24 15:52:04 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Volkswohl Bund [2006.04.13 14:32:54 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Default User\Application Data\SampleView [2010.11.12 05:15:18 | 000,000,336 | ---- | M] () -- C:\WINDOWS\Tasks\MyDefrag v4.3.1 Daily.job [2010.09.18 13:35:19 | 000,000,340 | ---- | M] () -- C:\WINDOWS\Tasks\MyDefrag v4.3.1 Monthly.job [2010.11.21 19:00:00 | 000,000,370 | ---- | M] () -- C:\WINDOWS\Tasks\ZDB-JobNr-01.job ========== Purity Check ========== ========== Custom Scans ========== < %ALLUSERSPROFILE%\Application Data\*. > [2010.11.22 13:38:26 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\+Skype [2009.10.19 19:28:00 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Adobe [2007.04.22 15:49:32 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Ahead [2007.09.30 17:58:28 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Apple Computer [2009.03.26 09:10:59 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Avira [2008.09.19 19:46:31 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\BTrieve [2010.11.18 12:52:58 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Canneverbe Limited [2008.06.17 14:18:08 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\ElsterFormular [2010.03.27 17:53:40 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\EPSON [2010.07.25 09:47:52 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Google [2010.11.22 08:46:15 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Google Updater [2009.01.20 18:57:11 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\HP Product Assistant [2007.07.03 21:23:51 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\hpqLog [2007.07.03 21:41:42 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Infineon [2007.07.03 21:44:43 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\InstallShield [2009.06.17 08:22:10 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Juniper Networks [2008.09.19 19:52:23 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\lexware [2009.11.17 21:24:03 | 000,000,000 | --SD | M] -- C:\Documents and Settings\All Users\Application Data\Microsoft [2010.11.10 16:49:59 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Microsoft Help [2010.07.26 16:49:17 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Paragon [2006.04.13 14:32:55 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\SBSI [2010.11.22 13:54:03 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Skype [2010.03.30 17:45:05 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Sun [2010.03.26 16:37:25 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\UDL [2010.10.24 15:52:04 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Volkswohl Bund [2007.04.10 11:31:21 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Windows Genuine Advantage [2008.02.25 22:25:13 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\WLInstaller < %ALLUSERSPROFILE%\Application Data\*.exe /s > [2007.05.28 11:41:05 | 002,664,448 | ---- | M] (TalkAndWrite) -- C:\Documents and Settings\All Users\Application Data\+Skype\Plugins\Plugins\1163D2B46CC742E5A3CC9E4157887751\TalkAndWrite.exe [2007.05.28 11:41:05 | 000,399,872 | ---- | M] () -- C:\Documents and Settings\All Users\Application Data\+Skype\Plugins\Plugins\1163D2B46CC742E5A3CC9E4157887751\TAWLauncher.exe [2007.05.28 11:41:04 | 000,143,360 | ---- | M] () -- C:\Documents and Settings\All Users\Application Data\+Skype\Plugins\Plugins\1163D2B46CC742E5A3CC9E4157887751\Printer\emfcreator.exe [2007.05.28 11:41:04 | 000,155,648 | ---- | M] () -- C:\Documents and Settings\All Users\Application Data\+Skype\Plugins\Plugins\1163D2B46CC742E5A3CC9E4157887751\Printer\miniprint.exe [2007.05.28 11:41:04 | 000,053,248 | ---- | M] () -- C:\Documents and Settings\All Users\Application Data\+Skype\Plugins\Plugins\1163D2B46CC742E5A3CC9E4157887751\Printer\runartprn.exe [2007.05.28 11:41:04 | 000,049,152 | ---- | M] () -- C:\Documents and Settings\All Users\Application Data\+Skype\Plugins\Plugins\1163D2B46CC742E5A3CC9E4157887751\Printer\setup.exe [2007.05.28 11:41:04 | 000,032,768 | ---- | M] () -- C:\Documents and Settings\All Users\Application Data\+Skype\Plugins\Plugins\1163D2B46CC742E5A3CC9E4157887751\Printer\swaprun.exe [2007.05.28 11:41:05 | 000,036,864 | ---- | M] () -- C:\Documents and Settings\All Users\Application Data\+Skype\Plugins\Plugins\1163D2B46CC742E5A3CC9E4157887751\Printer\unpdf.exe [2007.06.01 16:42:00 | 000,444,416 | ---- | M] () -- C:\Documents and Settings\All Users\Application Data\+Skype\Plugins\Plugins\CED7EA9B9D5D4C368001CEC627017007\setup.exe [2007.06.01 16:42:00 | 000,023,552 | ---- | M] (Iteral Group Ltd.) -- C:\Documents and Settings\All Users\Application Data\+Skype\Plugins\Plugins\CED7EA9B9D5D4C368001CEC627017007\WBMLauncher.exe [2007.01.11 04:02:00 | 000,113,664 | ---- | M] (SEIKO EPSON CORPORATION) -- C:\Documents and Settings\All Users\Application Data\EPSON\EPW!3 SSRP\E_S40RP7.EXE [2007.12.17 04:00:00 | 000,143,872 | ---- | M] (SEIKO EPSON CORPORATION) -- C:\Documents and Settings\All Users\Application Data\EPSON\EPW!3 SSRP\E_S40ST7.EXE [2010.10.24 15:58:05 | 128,191,160 | ---- | M] (Acresso Software Inc. ) -- C:\Documents and Settings\All Users\Application Data\Volkswohl Bund\Angebotsprogramm Komfort\VB_2010_03_R00_Delta.exe [2010.10.24 16:02:06 | 161,241,080 | ---- | M] (Acresso Software Inc. ) -- C:\Documents and Settings\All Users\Application Data\Volkswohl Bund\Angebotsprogramm Komfort\VB_2010_03_R00_EShop.exe < %APPDATA%\*. > [2007.04.27 12:27:16 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Administrator\Application Data\ABIG [2007.05.05 16:45:01 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Administrator\Application Data\ACD Systems [2008.02.05 09:32:31 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Administrator\Application Data\Adobe [2010.10.24 15:40:08 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Administrator\Application Data\AdobeUM [2010.11.18 12:23:17 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Administrator\Application Data\Ahead [2008.01.12 06:54:23 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Administrator\Application Data\Apple Computer [2010.04.11 13:52:40 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Administrator\Application Data\Avira [2010.11.18 12:53:03 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Administrator\Application Data\Canneverbe Limited [2007.04.22 12:59:42 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Administrator\Application Data\ConvertTemp [2010.03.27 18:24:10 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Administrator\Application Data\EPSON [2010.04.09 10:52:33 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Administrator\Application Data\FRITZ! [2009.09.20 12:22:44 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Administrator\Application Data\GHISLER [2007.08.02 22:10:26 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Administrator\Application Data\Google [2007.04.15 12:04:47 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Administrator\Application Data\Help [2009.10.17 19:31:50 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Administrator\Application Data\HpUpdate [2008.04.16 12:44:56 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Administrator\Application Data\ICQ Toolbar [2006.04.13 14:32:53 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Administrator\Application Data\Identities [2007.07.03 21:41:43 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Administrator\Application Data\Infineon [2008.09.19 19:52:10 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Administrator\Application Data\InstallShield [2007.07.12 21:09:54 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Administrator\Application Data\InterVideo [2009.06.17 08:22:27 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Administrator\Application Data\Juniper Networks [2009.01.19 15:54:22 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Administrator\Application Data\Kroll-Software [2008.09.19 19:50:35 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Administrator\Application Data\Lexware [2007.04.06 00:50:22 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Administrator\Application Data\Macromedia [2008.11.12 13:02:15 | 000,000,000 | --SD | M] -- C:\Documents and Settings\Administrator\Application Data\Microsoft [2007.04.14 14:23:01 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Administrator\Application Data\Microsoft Web Folders [2008.09.18 10:12:48 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Administrator\Application Data\Mozilla [2007.07.06 23:23:48 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Administrator\Application Data\MSNInstaller [2007.04.09 22:09:17 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Administrator\Application Data\PowerHouse [2009.09.17 20:02:25 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Administrator\Application Data\Real [2006.04.13 14:32:54 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Administrator\Application Data\SampleView [2007.04.22 12:28:07 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Administrator\Application Data\Samsung [2010.11.22 14:18:35 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Administrator\Application Data\Skype [2009.03.15 16:46:38 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Administrator\Application Data\skypePM [2007.05.01 08:17:18 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Administrator\Application Data\Sun [2009.02.09 09:47:51 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Administrator\Application Data\TeamViewer [2007.08.06 17:11:17 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Administrator\Application Data\Temporary [2007.07.17 14:51:47 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Administrator\Application Data\TransRender [2010.09.18 17:28:35 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Administrator\Application Data\Uniblue [2007.04.15 15:18:11 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Administrator\Application Data\Visio [2010.08.01 17:43:28 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Administrator\Application Data\Volkswohl Bund [2007.04.10 11:57:23 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Administrator\Application Data\Windows Desktop Search < %APPDATA%\*.exe /s > [2009.06.17 08:22:10 | 000,045,132 | ---- | M] () -- C:\Documents and Settings\Administrator\Application Data\JuniperExtXP.exe [2007.07.04 08:11:41 | 021,277,080 | ---- | M] ( ) -- C:\Documents and Settings\Administrator\Application Data\Adobe\Acrobat\7.0\Updater\AdbeRdr709_en_US.exe [2008.11.21 09:38:48 | 000,738,680 | ---- | M] (Juniper Networks, Inc.) -- C:\Documents and Settings\Administrator\Application Data\Juniper Networks\Secure Meeting 6.3.0\dsCboxUI.exe [2008.11.21 09:38:50 | 000,047,632 | ---- | M] () -- C:\Documents and Settings\Administrator\Application Data\Juniper Networks\Secure Meeting 6.3.0\uninstall.exe [2008.11.05 05:26:22 | 000,066,928 | ---- | M] () -- C:\Documents and Settings\Administrator\Application Data\Juniper Networks\setup\dsmmf.exe [2008.11.05 05:26:20 | 000,050,552 | R--- | M] () -- C:\Documents and Settings\Administrator\Application Data\Juniper Networks\setup\JuniperSetupApp.exe [2009.06.17 08:22:11 | 000,037,021 | ---- | M] () -- C:\Documents and Settings\Administrator\Application Data\Juniper Networks\setup\uninstall.exe [2009.01.20 14:07:21 | 000,026,694 | R--- | M] () -- C:\Documents and Settings\Administrator\Application Data\Microsoft\Installer\{1D14373E-7970-4F2F-A467-ACA4F0EA21E3}\ARPPRODUCTICON.exe [2009.01.20 14:07:22 | 000,026,694 | R--- | M] () -- C:\Documents and Settings\Administrator\Application Data\Microsoft\Installer\{1D14373E-7970-4F2F-A467-ACA4F0EA21E3}\googleearth.exe1_407B9B5CDAC54F44A756B57CAB4E6A8B.exe [2009.01.20 14:07:22 | 000,026,694 | R--- | M] () -- C:\Documents and Settings\Administrator\Application Data\Microsoft\Installer\{1D14373E-7970-4F2F-A467-ACA4F0EA21E3}\googleearth.exe_407B9B5CDAC54F44A756B57CAB4E6A8B.exe [2009.01.20 14:07:22 | 000,026,694 | R--- | M] () -- C:\Documents and Settings\Administrator\Application Data\Microsoft\Installer\{1D14373E-7970-4F2F-A467-ACA4F0EA21E3}\ShortcutDX_EB071909B9884F8CBF3D6115D4ADEE5E.exe [2009.01.20 14:07:22 | 000,026,694 | R--- | M] () -- C:\Documents and Settings\Administrator\Application Data\Microsoft\Installer\{1D14373E-7970-4F2F-A467-ACA4F0EA21E3}\ShortcutOGL_EB071909B9884F8CBF3D6115D4ADEE5E.exe [2009.01.20 14:07:22 | 000,026,694 | R--- | M] () -- C:\Documents and Settings\Administrator\Application Data\Microsoft\Installer\{1D14373E-7970-4F2F-A467-ACA4F0EA21E3}\UNINST_Uninstall_G_408FFBEED62349E08B232864A94D2864.exe [2006.04.13 14:00:43 | 000,018,718 | R--- | M] () -- C:\Documents and Settings\Administrator\Application Data\Microsoft\Installer\{2F0D3C9E-4FB6-4A14-B0C4-42328F570177}\ARPPRODUCTICON.exe [2006.04.24 00:58:40 | 003,403,776 | ---- | M] (Kingston Technology) -- C:\Documents and Settings\Administrator\Application Data\PowerHouse\Migo\Migo.exe [2006.04.24 00:59:10 | 000,022,016 | ---- | M] () -- C:\Documents and Settings\Administrator\Application Data\PowerHouse\Migo\MigoLaunch.exe [2006.04.24 00:59:02 | 000,069,632 | ---- | M] () -- C:\Documents and Settings\Administrator\Application Data\PowerHouse\Migo\MigoUninstall.exe [2006.04.24 00:54:36 | 000,118,784 | ---- | M] (PowerHouse Technologies Group) -- C:\Documents and Settings\Administrator\Application Data\PowerHouse\Migo\MigoUtils.exe [2006.04.24 00:59:18 | 000,061,440 | ---- | M] () -- C:\Documents and Settings\Administrator\Application Data\PowerHouse\Migo\MigoWatcher.exe < %SYSTEMDRIVE%\*.exe > < MD5 for: AGP440.SYS > [2004.08.04 14:00:00 | 018,738,937 | ---- | M] () .cab file -- C:\I386\sp2.cab:AGP440.sys [2004.08.04 09:00:00 | 018,738,937 | ---- | M] () .cab file -- C:\WINDOWS\Driver Cache\i386\sp2.cab:AGP440.sys [2008.09.01 13:10:35 | 023,852,652 | ---- | M] () .cab file -- C:\WINDOWS\Driver Cache\i386\sp3.cab:AGP440.sys [2008.09.01 13:10:35 | 023,852,652 | ---- | M] () .cab file -- C:\WINDOWS\ServicePackFiles\i386\sp3.cab:AGP440.sys [2008.04.13 19:36:38 | 000,042,368 | ---- | M] (Microsoft Corporation) MD5=08FD04AA961BDC77FB983F328334E3D7 -- C:\WINDOWS\ServicePackFiles\i386\agp440.sys [2008.04.13 19:36:38 | 000,042,368 | ---- | M] (Microsoft Corporation) MD5=08FD04AA961BDC77FB983F328334E3D7 -- C:\WINDOWS\system32\drivers\agp440.sys < MD5 for: ATAPI.SYS > [2004.08.04 14:00:00 | 018,738,937 | ---- | M] () .cab file -- C:\I386\sp2.cab:atapi.sys [2004.08.04 09:00:00 | 018,738,937 | ---- | M] () .cab file -- C:\WINDOWS\Driver Cache\i386\sp2.cab:atapi.sys [2008.09.01 13:10:35 | 023,852,652 | ---- | M] () .cab file -- C:\WINDOWS\Driver Cache\i386\sp3.cab:atapi.sys [2008.09.01 13:10:35 | 023,852,652 | ---- | M] () .cab file -- C:\WINDOWS\ServicePackFiles\i386\sp3.cab:atapi.sys [2008.04.13 19:40:30 | 000,096,512 | ---- | M] (Microsoft Corporation) MD5=9F3A2F5AA6875C72BF062C712CFA2674 -- C:\WINDOWS\ServicePackFiles\i386\atapi.sys [2008.04.13 19:40:30 | 000,096,512 | ---- | M] (Microsoft Corporation) MD5=9F3A2F5AA6875C72BF062C712CFA2674 -- C:\WINDOWS\system32\drivers\atapi.sys [2004.08.04 01:59:44 | 000,095,360 | ---- | M] (Microsoft Corporation) MD5=CDFE4411A69C224BD1D11B2DA92DAC51 -- C:\WINDOWS\$NtServicePackUninstall$\atapi.sys < MD5 for: EVENTLOG.DLL > [2008.04.14 01:11:53 | 000,056,320 | ---- | M] (Microsoft Corporation) MD5=6D4FEB43EE538FC5428CC7F0565AA656 -- C:\WINDOWS\ServicePackFiles\i386\eventlog.dll [2008.04.14 01:11:53 | 000,056,320 | ---- | M] (Microsoft Corporation) MD5=6D4FEB43EE538FC5428CC7F0565AA656 -- C:\WINDOWS\system32\eventlog.dll [2004.08.04 09:00:00 | 000,055,808 | ---- | M] (Microsoft Corporation) MD5=82B24CB70E5944E6E34662205A2A5B78 -- C:\WINDOWS\$NtServicePackUninstall$\eventlog.dll < MD5 for: EXPLORER.EXE > [2008.04.14 01:12:19 | 001,033,728 | ---- | M] (Microsoft Corporation) MD5=12896823FB95BFB3DC9B46BCAEDC9923 -- C:\WINDOWS\explorer.exe [2008.04.14 01:12:19 | 001,033,728 | ---- | M] (Microsoft Corporation) MD5=12896823FB95BFB3DC9B46BCAEDC9923 -- C:\WINDOWS\ServicePackFiles\i386\explorer.exe [2007.06.13 12:26:03 | 001,033,216 | ---- | M] (Microsoft Corporation) MD5=7712DF0CDDE3A5AC89843E61CD5B3658 -- C:\WINDOWS\$hf_mig$\KB938828\SP2QFE\explorer.exe [2007.06.13 11:23:07 | 001,033,216 | ---- | M] (Microsoft Corporation) MD5=97BD6515465659FF8F3B7BE375B2EA87 -- C:\WINDOWS\$NtServicePackUninstall$\explorer.exe [2004.08.04 09:00:00 | 001,032,192 | ---- | M] (Microsoft Corporation) MD5=A0732187050030AE399B241436565E64 -- C:\WINDOWS\$NtUninstallKB938828$\explorer.exe < MD5 for: IASTOR.SYS > [2005.10.12 13:07:12 | 000,874,240 | ---- | M] (Intel Corporation) MD5=309C4D86D989FB1FCF64BD30DC81C51B -- C:\SwSetup\HDD\iastor.sys [2005.10.12 13:07:12 | 000,874,240 | ---- | M] (Intel Corporation) MD5=309C4D86D989FB1FCF64BD30DC81C51B -- C:\WINDOWS\system32\drivers\iaStor.sys < MD5 for: NETLOGON.DLL > [2008.04.14 01:12:01 | 000,407,040 | ---- | M] (Microsoft Corporation) MD5=1B7F071C51B77C272875C3A23E1E4550 -- C:\WINDOWS\ServicePackFiles\i386\netlogon.dll [2008.04.14 01:12:01 | 000,407,040 | ---- | M] (Microsoft Corporation) MD5=1B7F071C51B77C272875C3A23E1E4550 -- C:\WINDOWS\system32\netlogon.dll [2004.08.04 09:00:00 | 000,407,040 | ---- | M] (Microsoft Corporation) MD5=96353FCECBA774BB8DA74A1C6507015A -- C:\WINDOWS\$NtServicePackUninstall$\netlogon.dll < MD5 for: SCECLI.DLL > [2004.08.04 09:00:00 | 000,180,224 | ---- | M] (Microsoft Corporation) MD5=0F78E27F563F2AAF74B91A49E2ABF19A -- C:\WINDOWS\$NtServicePackUninstall$\scecli.dll [2008.04.14 01:12:05 | 000,181,248 | ---- | M] (Microsoft Corporation) MD5=A86BB5E61BF3E39B62AB4C7E7085A084 -- C:\WINDOWS\ServicePackFiles\i386\scecli.dll [2008.04.14 01:12:05 | 000,181,248 | ---- | M] (Microsoft Corporation) MD5=A86BB5E61BF3E39B62AB4C7E7085A084 -- C:\WINDOWS\system32\scecli.dll < MD5 for: USER32.DLL > [2005.03.02 19:19:56 | 000,577,024 | ---- | M] (Microsoft Corporation) MD5=1800F293BCCC8EDE8A70E12B88D80036 -- C:\WINDOWS\$hf_mig$\KB890859\SP2QFE\user32.dll [2005.03.02 20:09:46 | 000,578,560 | ---- | M] (Microsoft Corporation) MD5=3751D7CF0E0A113D84414992146BCE6A -- C:\Documents and Settings\Administrator\My Documents\99 Privat\Daten vom USB Stick\Synchronized Computers\user32.dll [2005.03.02 20:09:46 | 000,578,560 | ---- | M] (Microsoft Corporation) MD5=3751D7CF0E0A113D84414992146BCE6A -- C:\Documents and Settings\Administrator\My Documents\99 Privat\Daten vom USB Stick\YOUR-9E8503F508\Synchronized Computers\user32.dll [2005.03.02 17:09:46 | 000,578,560 | ---- | M] (Microsoft Corporation) MD5=3751D7CF0E0A113D84414992146BCE6A -- C:\WINDOWS\user32.dll [2007.03.08 16:48:36 | 000,578,048 | ---- | M] (Microsoft Corporation) MD5=7AA4F6C00405DFC4B70ED4214E7D687B -- C:\WINDOWS\$hf_mig$\KB925902\SP2QFE\user32.dll [2008.04.14 01:12:08 | 000,578,560 | ---- | M] (Microsoft Corporation) MD5=B26B135FF1B9F60C9388B4A7D16F600B -- C:\WINDOWS\ServicePackFiles\i386\user32.dll [2008.04.14 01:12:08 | 000,578,560 | ---- | M] (Microsoft Corporation) MD5=B26B135FF1B9F60C9388B4A7D16F600B -- C:\WINDOWS\system32\user32.dll [2007.03.08 16:36:28 | 000,577,536 | ---- | M] (Microsoft Corporation) MD5=B409909F6E2E8A7067076ED748ABF1E7 -- C:\WINDOWS\$NtServicePackUninstall$\user32.dll [2004.08.04 09:00:00 | 000,577,024 | ---- | M] (Microsoft Corporation) MD5=C72661F8552ACE7C5C85E16A3CF505C4 -- C:\WINDOWS\$NtUninstallKB890859$\user32.dll [2004.08.04 09:00:00 | 000,577,024 | ---- | M] (Microsoft Corporation) MD5=C72661F8552ACE7C5C85E16A3CF505C4 -- C:\WINDOWS\$NtUninstallKB925902$\user32.dll < MD5 for: USERINIT.EXE > [2004.08.04 09:00:00 | 000,024,576 | ---- | M] (Microsoft Corporation) MD5=39B1FFB03C2296323832ACBAE50D2AFF -- C:\WINDOWS\$NtServicePackUninstall$\userinit.exe [2008.04.14 01:12:38 | 000,026,112 | ---- | M] (Microsoft Corporation) MD5=A93AEE1928A9D7CE3E16D24EC7380F89 -- C:\WINDOWS\ServicePackFiles\i386\userinit.exe [2008.04.14 01:12:38 | 000,026,112 | ---- | M] (Microsoft Corporation) MD5=A93AEE1928A9D7CE3E16D24EC7380F89 -- C:\WINDOWS\system32\userinit.exe < MD5 for: WINLOGON.EXE > [2004.08.04 09:00:00 | 000,502,272 | ---- | M] (Microsoft Corporation) MD5=01C3346C241652F43AED8E2149881BFE -- C:\WINDOWS\$NtServicePackUninstall$\winlogon.exe [2008.04.14 01:12:39 | 000,507,904 | ---- | M] (Microsoft Corporation) MD5=ED0EF0A136DEC83DF69F04118870003E -- C:\WINDOWS\ServicePackFiles\i386\winlogon.exe [2008.04.14 01:12:39 | 000,507,904 | ---- | M] (Microsoft Corporation) MD5=ED0EF0A136DEC83DF69F04118870003E -- C:\WINDOWS\system32\winlogon.exe < MD5 for: WS2IFSL.SYS > [2004.08.04 09:00:00 | 000,012,032 | ---- | M] (Microsoft Corporation) MD5=6ABE6E225ADB5A751622A9CC3BC19CE8 -- C:\WINDOWS\system32\drivers\ws2ifsl.sys < %systemroot%\system32\drivers\*.sys /lockedfiles > [2007.04.16 14:46:13 | 000,642,560 | ---- | M] () Unable to obtain MD5 -- C:\WINDOWS\system32\drivers\sptd.sys [2008.09.01 13:51:29 | 000,096,384 | ---- | M] () Unable to obtain MD5 -- C:\WINDOWS\system32\drivers\sptd9341.sys < %systemroot%\System32\config\*.sav > [2005.09.20 10:06:38 | 000,094,208 | ---- | M] () -- C:\WINDOWS\system32\config\default.sav [2005.09.20 10:06:38 | 000,659,456 | ---- | M] () -- C:\WINDOWS\system32\config\software.sav < %systemroot%\*. /mp /s > < %systemroot%\system32\*.dll /lockedfiles > [2008.04.14 01:11:51 | 001,267,200 | ---- | M] (Microsoft Corporation) Unable to obtain MD5 -- C:\WINDOWS\system32\comsvcs.dll [5 C:\WINDOWS\system32\*.tmp files -> C:\WINDOWS\system32\*.tmp -> ] < End of report > |
|
22.11.2010, 15:50
| #4 |
| /// Malware-holic | Skype lässt sich nicht mehr starten download malwarebytes: Malwarebytes instalieren, öffnen, registerkarte aktualisierung, programm updaten. schalte alle laufenden programme ab, trenne die internetverbindung. registerkarte scanner, komplett scan, funde entfernen, log posten.
__________________ -Verdächtige mails bitte an uns zur Analyse weiterleiten: markusg.trojaner-board@web.de Weiterleiten Anleitung: http://markusg.trojaner-board.de Mails bitte vorerst nach obiger Anleitung an markusg.trojaner-board@web.de Weiterleiten Wenn Ihr uns unterstützen möchtet |
|
22.11.2010, 17:58
| #5 |
| | Skype lässt sich nicht mehr starten so, habe das alles gemacht. 616 fehler / auffälligkeiten wurden von der software nicht beseitigt. das geht anscheinend bei der kostenlosen software nicht. wo finde ich das logfile? ich habe skype nochmal gestartet und folgendes logfile gefunden: <?xml version="1.0" encoding="UTF-16"?> <DATABASE> <EXE NAME="Skype.exe" FILTER="GRABMI_FILTER_PRIVACY"> <MATCHING_FILE NAME="Skype.exe" SIZE="13351304" CHECKSUM="0xC134C48E" BIN_FILE_VERSION="4.2.0.187" BIN_PRODUCT_VERSION="4.2.0.0" PRODUCT_VERSION="4.2" FILE_DESCRIPTION="Skype " COMPANY_NAME="Skype Technologies S.A." PRODUCT_NAME="Skype" FILE_VERSION="4.2.0.187" ORIGINAL_FILENAME="Skype.exe" INTERNAL_NAME="Skype.exe" LEGAL_COPYRIGHT="(c) Skype Technologies S.A." VERFILEDATEHI="0x0" VERFILEDATELO="0x0" VERFILEOS="0x4" VERFILETYPE="0x1" MODULE_TYPE="WIN32" PE_CHECKSUM="0xCBCCB6" LINKER_VERSION="0x0" UPTO_BIN_FILE_VERSION="4.2.0.187" UPTO_BIN_PRODUCT_VERSION="4.2.0.0" LINK_DATE="09/02/2010 12:34:17" UPTO_LINK_DATE="09/02/2010 12:34:17" VER_LANGUAGE="Englisch (USA) [0x409]" /> </EXE> <EXE NAME="kernel32.dll" FILTER="GRABMI_FILTER_THISFILEONLY"> <MATCHING_FILE NAME="kernel32.dll" SIZE="989696" CHECKSUM="0x2D998938" BIN_FILE_VERSION="5.1.2600.5781" BIN_PRODUCT_VERSION="5.1.2600.5781" PRODUCT_VERSION="5.1.2600.5781" FILE_DESCRIPTION="Windows NT BASE API Client DLL" COMPANY_NAME="Microsoft Corporation" PRODUCT_NAME="Microsoft® Windows® Operating System" FILE_VERSION="5.1.2600.5781 (xpsp_sp3_gdr.090321-1317)" ORIGINAL_FILENAME="kernel32" INTERNAL_NAME="kernel32" LEGAL_COPYRIGHT="© Microsoft Corporation. All rights reserved." VERFILEDATEHI="0x0" VERFILEDATELO="0x0" VERFILEOS="0x40004" VERFILETYPE="0x2" MODULE_TYPE="WIN32" PE_CHECKSUM="0xFE572" LINKER_VERSION="0x50001" UPTO_BIN_FILE_VERSION="5.1.2600.5781" UPTO_BIN_PRODUCT_VERSION="5.1.2600.5781" LINK_DATE="03/21/2009 14:06:58" UPTO_LINK_DATE="03/21/2009 14:06:58" VER_LANGUAGE="Englisch (USA) [0x409]" /> </EXE> </DATABASE> |
|
22.11.2010, 18:00
| #6 |
| /// Malware-holic | Skype lässt sich nicht mehr starten hast du Malwarebytes geladen? glaub nicht.
__________________ --> Skype lässt sich nicht mehr starten |
|
22.11.2010, 18:24
| #7 |
| | Skype lässt sich nicht mehr starten alwarebytes' Anti-Malware 1.46 www.malwarebytes.org Datenbank Version: 5170 Windows 5.1.2600 Service Pack 3 Internet Explorer 8.0.6001.18702 22.11.2010 18:21:49 mbam-log-2010-11-22 (18-21-49).txt Art des Suchlaufs: Quick-Scan Durchsuchte Objekte: 159917 Laufzeit: 12 Minute(n), 7 Sekunde(n) Infizierte Speicherprozesse: 0 Infizierte Speichermodule: 0 Infizierte Registrierungsschlüssel: 1 Infizierte Registrierungswerte: 0 Infizierte Dateiobjekte der Registrierung: 3 Infizierte Verzeichnisse: 0 Infizierte Dateien: 0 Infizierte Speicherprozesse: (Keine bösartigen Objekte gefunden) Infizierte Speichermodule: (Keine bösartigen Objekte gefunden) Infizierte Registrierungsschlüssel: HKEY_CURRENT_USER\Software\keygen (Trojan.Agent) -> Quarantined and deleted successfully. Infizierte Registrierungswerte: (Keine bösartigen Objekte gefunden) Infizierte Dateiobjekte der Registrierung: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\AntiVirusDisableNotify (Disabled.SecurityCenter) -> Bad: (1) Good: (0) -> Quarantined and deleted successfully. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\FirewallDisableNotify (Disabled.SecurityCenter) -> Bad: (1) Good: (0) -> Quarantined and deleted successfully. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\UpdatesDisableNotify (Disabled.SecurityCenter) -> Bad: (1) Good: (0) -> Quarantined and deleted successfully. Infizierte Verzeichnisse: (Keine bösartigen Objekte gefunden) Infizierte Dateien: (Keine bösartigen Objekte gefunden) |
|
22.11.2010, 18:32
| #8 |
| /// Malware-holic | Skype lässt sich nicht mehr starten jo, das war aber nicht der komplett scan :--)
__________________ -Verdächtige mails bitte an uns zur Analyse weiterleiten: markusg.trojaner-board@web.de Weiterleiten Anleitung: http://markusg.trojaner-board.de Mails bitte vorerst nach obiger Anleitung an markusg.trojaner-board@web.de Weiterleiten Wenn Ihr uns unterstützen möchtet |
|
23.11.2010, 01:37
| #9 |
| | Skype lässt sich nicht mehr starten neuer versuch. er hat 1 infiziertes objekt identifiziert Malwarebytes' Anti-Malware 1.46 www.malwarebytes.org Datenbank Version: 5170 Windows 5.1.2600 Service Pack 3 Internet Explorer 8.0.6001.18702 23.11.2010 01:16:12 mbam-log-2010-11-23 (01-16-12).txt Art des Suchlaufs: Vollständiger Suchlauf (C:\|D:\|) Durchsuchte Objekte: 293672 Laufzeit: 6 Stunde(n), 11 Minute(n), 29 Sekunde(n) Infizierte Speicherprozesse: 0 Infizierte Speichermodule: 0 Infizierte Registrierungsschlüssel: 0 Infizierte Registrierungswerte: 0 Infizierte Dateiobjekte der Registrierung: 0 Infizierte Verzeichnisse: 0 Infizierte Dateien: 1 Infizierte Speicherprozesse: (Keine bösartigen Objekte gefunden) Infizierte Speichermodule: (Keine bösartigen Objekte gefunden) Infizierte Registrierungsschlüssel: (Keine bösartigen Objekte gefunden) Infizierte Registrierungswerte: (Keine bösartigen Objekte gefunden) Infizierte Dateiobjekte der Registrierung: (Keine bösartigen Objekte gefunden) Infizierte Verzeichnisse: (Keine bösartigen Objekte gefunden) Infizierte Dateien: C:\Documents and Settings\Administrator\Application Data\PowerHouse\Migo\LangRes_KOR.dll (Trojan.Dropper) -> No action taken. |
|
23.11.2010, 11:48
| #10 |
| /// Malware-holic | Skype lässt sich nicht mehr starten sieht alles gut aus... wir schaun noch einmal bitte erstelle und poste ein combofix log. Ein Leitfaden und Tutorium zur Nutzung von ComboFix dann schauen wir ob skype selbst nen fehler hatt.
__________________ -Verdächtige mails bitte an uns zur Analyse weiterleiten: markusg.trojaner-board@web.de Weiterleiten Anleitung: http://markusg.trojaner-board.de Mails bitte vorerst nach obiger Anleitung an markusg.trojaner-board@web.de Weiterleiten Wenn Ihr uns unterstützen möchtet |
|
23.11.2010, 14:46
| #11 |
| | Skype lässt sich nicht mehr starten so..erledigt Combofix Logfile: Code:
ATTFilter ComboFix 10-11-22.05 - Administrator 23.11.2010 13:23:43.1.2 - x86
Microsoft Windows XP Professional [GMT 1:00]
Running from: c:\documents and settings\ComboFix.exe
AV: AntiVir Desktop *On-access scanning disabled* (Updated) {AD166499-45F9-482A-A743-FDD3350758C7}
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
c:\documents and settings\Administrator\Application Data\JuniperExtXP.exe
C:\ipconfig.txt
c:\windows\autorun.inf
c:\windows\system32\_000009_.tmp.dll
c:\windows\system32\Cache
c:\windows\user32.dll
D:\Autorun.inf
.
((((((((((((((((((((((((( Files Created from 2010-10-23 to 2010-11-23 )))))))))))))))))))))))))))))))
.
2010-11-23 11:44 . 2010-11-23 11:59 3914095 ----a-r- c:\documents and settings\ComboFix.exe
2010-11-23 00:45 . 2010-11-23 00:45 -------- d-----w- c:\program files\Skype
2010-11-22 17:08 . 2010-11-22 17:08 -------- d-----w- c:\documents and settings\Administrator\Application Data\Malwarebytes
2010-11-22 17:08 . 2010-04-29 14:39 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2010-11-22 17:08 . 2010-11-22 17:08 -------- d-----w- c:\documents and settings\All Users\Application Data\Malwarebytes
2010-11-22 17:08 . 2010-11-23 00:16 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2010-11-22 17:08 . 2010-04-29 14:39 20952 ----a-w- c:\windows\system32\drivers\mbam.sys
2010-11-22 17:06 . 2010-11-22 17:06 6153352 ----a-w- c:\documents and settings\mbam-setup-1.46.exe
2010-11-22 16:34 . 2010-11-22 16:44 -------- d-----w- c:\documents and settings\Administrator\Application Data\Registry Mechanic
2010-11-22 16:26 . 2010-11-22 17:07 -------- d---a-w- c:\documents and settings\All Users\Application Data\TEMP
2010-11-22 15:02 . 2010-11-22 15:02 15992432 ----a-w- c:\documents and settings\rminstall.exe
2010-11-22 13:46 . 2010-11-22 13:46 575488 ----a-w- c:\documents and settings\OTL.exe
2010-11-22 12:53 . 2010-11-22 12:54 -------- d-----w- c:\documents and settings\All Users\Application Data\Skype
2010-11-22 12:32 . 2010-11-22 12:33 19075976 ----a-w- c:\documents and settings\SkypeSetup_4.2.0.187.exe
2010-11-22 11:35 . 2010-11-22 11:35 955272 ----a-w- c:\documents and settings\SkypeSetup.exe
2010-11-18 11:53 . 2010-11-18 11:53 -------- d-----w- c:\documents and settings\Administrator\Application Data\Canneverbe Limited
2010-11-18 11:52 . 2010-11-18 11:52 -------- d-----w- c:\documents and settings\All Users\Application Data\Canneverbe Limited
2010-11-18 11:51 . 2010-11-18 11:51 -------- d-----w- c:\program files\CDBurnerXP
2010-11-18 11:47 . 2010-11-18 11:48 4882487 ----a-w- c:\documents and settings\cdbxp_setup_4.3.7.2423.exe
2010-11-08 19:59 . 2010-11-08 19:59 1409 ----a-w- c:\windows\QTFont.for
2010-11-04 09:46 . 2010-11-04 09:46 -------- d-----w- c:\documents and settings\Administrator\Local Settings\Application Data\PCHealth
2010-10-24 14:51 . 2010-10-24 14:52 -------- d-----w- c:\documents and settings\All Users\Application Data\Volkswohl Bund
2010-10-24 14:45 . 2010-10-24 14:45 -------- d-----w- c:\program files\VOLKSWOHL BUND
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-09-18 12:30 . 2010-09-18 12:30 2082630 ----a-w- c:\documents and settings\MyDefrag-v4.3.1.exe
2010-09-18 10:23 . 2004-08-04 08:00 974848 ----a-w- c:\windows\system32\mfc42u.dll
2010-09-18 06:53 . 2004-08-04 08:00 974848 ----a-w- c:\windows\system32\mfc42.dll
2010-09-18 06:53 . 2004-08-04 08:00 954368 ----a-w- c:\windows\system32\mfc40.dll
2010-09-18 06:53 . 2004-08-04 08:00 953856 ----a-w- c:\windows\system32\mfc40u.dll
2010-09-15 03:50 . 2010-06-06 06:56 472808 ----a-w- c:\windows\system32\deployJava1.dll
2010-09-15 01:29 . 2007-05-01 06:06 73728 ----a-w- c:\windows\system32\javacpl.cpl
2010-09-10 05:58 . 2004-08-04 08:00 916480 ----a-w- c:\windows\system32\wininet.dll
2010-09-10 05:58 . 2004-08-04 08:00 43520 ----a-w- c:\windows\system32\licmgr10.dll
2010-09-10 05:58 . 2004-08-04 08:00 1469440 ------w- c:\windows\system32\inetcpl.cpl
2010-09-01 11:51 . 2004-08-04 08:00 285824 ----a-w- c:\windows\system32\atmfd.dll
2010-08-31 13:42 . 2004-08-04 08:00 1852800 ----a-w- c:\windows\system32\win32k.sys
2010-08-27 08:02 . 2004-08-04 08:00 119808 ----a-w- c:\windows\system32\t2embed.dll
2010-08-27 05:57 . 2004-08-04 08:00 99840 ----a-w- c:\windows\system32\srvsvc.dll
2010-08-26 13:39 . 2004-08-04 08:00 357248 ----a-w- c:\windows\system32\drivers\srv.sys
2010-08-26 12:52 . 2009-04-15 10:51 5120 ----a-w- c:\windows\system32\xpsp4res.dll
2009-04-02 08:32 . 2009-04-02 08:29 16283032 ------w- c:\program files\jre-6u13-windows-i586-p.exe
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Google Update"="c:\documents and settings\Administrator\Local Settings\Application Data\Google\Update\GoogleUpdate.exe" [2008-09-04 133104]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"MsmqIntCert"="mqrt.dll" [2008-04-14 177152]
"AccelerometerSysTrayApplet"="c:\windows\system32\AccelerometerSt.exe" [2006-01-17 53248]
"SynTPEnh"="c:\program files\Synaptics\SynTP\SynTPEnh.exe" [2006-03-03 761948]
"Cpqset"="c:\program files\HPQ\Default Settings\cpqset.exe" [2006-02-22 40960]
"Recguard"="c:\windows\Sminst\Recguard.exe" [2005-12-20 1187840]
"Reminder"="c:\windows\Creator\Remind_XP.exe" [2006-03-09 806912]
"Scheduler"="c:\windows\SMINST\Scheduler.exe" [2006-02-15 892928]
"NeroFilterCheck"="c:\windows\system32\NeroCheck.exe" [2001-07-09 155648]
"AGRSMMSG"="AGRSMMSG.exe" [2006-01-30 88203]
"PTHOSTTR"="c:\program files\HPQ\HP ProtectTools Security Manager\PTHOSTTR.EXE" [2006-02-14 122880]
"igfxtray"="c:\windows\system32\igfxtray.exe" [2006-03-23 94208]
"igfxhkcmd"="c:\windows\system32\hkcmd.exe" [2006-03-23 77824]
"igfxpers"="c:\windows\system32\igfxpers.exe" [2006-03-23 118784]
"HP Software Update"="c:\program files\Hp\HP Software Update\HPWuSchd2.exe" [2007-05-08 54840]
"hpWirelessAssistant"="c:\program files\hpq\HP Wireless Assistant\HP Wireless Assistant.exe" [2006-02-14 454656]
"WatchDog"="c:\program files\InterVideo\DVD Check\DVDCheck.exe" [2005-11-08 184320]
"SoundMAXPnP"="c:\program files\Analog Devices\Core\smax4pnp.exe" [2005-05-20 925696]
"QuickTime Task"="c:\program files\QuickTime\qttask.exe" [2007-06-29 286720]
"LexwareInfoService"="c:\program files\Common Files\xware\Update Manager\xUpdateManager.exe" [2007-09-25 532776]
"avgnt"="c:\program files\Avira\AntiVir Desktop\avgnt.exe" [2010-03-02 282792]
"ISUSScheduler"="c:\program files\Common Files\InstallShield\UpdateService\issch.exe" [2004-08-09 81920]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2010-09-24 40368]
"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2010-09-21 932288]
"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2010-05-14 248552]
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2008-04-14 15360]
c:\documents and settings\All Users\Start Menu\Programs\Startup\
Acrobat Assistant.lnk - c:\program files\Adobe\Acrobat 6.0\Distillr\acrotray.exe [2003-5-14 217193]
Adobe Gamma Loader.exe.lnk - c:\program files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe [2007-4-22 110592]
[hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]
"{56F9679E-7826-4C84-81F3-532071A8BCC5}"= "c:\program files\Windows Desktop Search\MSNLNamespaceMgr.dll" [2007-02-05 294400]
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\IfxWlxEN]
2005-08-19 13:52 389120 ------w- c:\windows\system32\IfxWlxEN.dll
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\WINDOWS\\system32\\mqsvc.exe"=
"c:\\WINDOWS\\SMINST\\Scheduler.exe"=
"c:\\Program Files\\Messenger\\msmsgs.exe"=
"c:\\Program Files\\Microsoft Office\\Office12\\OUTLOOK.EXE"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Program Files\\FRITZ!DSL\\IGDCTRL.EXE"=
"c:\\Program Files\\FRITZ!DSL\\FBOXUPD.EXE"=
"c:\\Program Files\\FRITZ!DSL\\WebwaIgd.exe"=
"c:\\Program Files\\Windows Live\\Messenger\\wlcsdk.exe"=
"c:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"=
"c:\\Program Files\\Google\\Google Earth\\plugin\\geplugin.exe"=
"c:\\Program Files\\Skype\\Phone\\Skype.exe"=
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"3389:TCP"= 3389:TCP:*:Disabled:@xpsp2res.dll,-22009
R2 gupdate;Google Update Service (gupdate);c:\program files\Google\Update\GoogleUpdate.exe [2010-03-18 136176]
R3 bsusbser;PHD USB Device for Legacy Serial Communication;c:\windows\system32\DRIVERS\bsusbser.sys [2006-12-20 94848]
R4 NetFxUpdate_v1.1.4322;Microsoft .NET Framework v1.1.4322 Update;c:\windows\Microsoft.NET\Framework\v1.1.4322\netfxupdate.exe [2007-01-15 73728]
S0 hotcore3;hc3ServiceName;c:\windows\system32\DRIVERS\hotcore3.sys [2010-01-28 40560]
S0 sptd;sptd;c:\windows\System32\Drivers\sptd.sys [2007-04-16 642560]
S1 PersonalSecureDrive;PersonalSecureDrive;c:\windows\System32\drivers\psd.sys [2005-10-25 35488]
S2 AntiVirSchedulerService;Avira AntiVir Planer;c:\program files\Avira\AntiVir Desktop\sched.exe [2010-02-24 135336]
S2 IGDCTRL;AVM IGD CTRL Service;c:\program files\FRITZ!DSL\IGDCTRL.EXE [2007-09-04 87344]
S3 GTIPCI21;GTIPCI21;c:\windows\system32\DRIVERS\gtipci21.sys [2006-02-28 87808]
S3 IFXTPM;IFXTPM;c:\windows\system32\DRIVERS\IFXTPM.SYS [2005-06-10 35968]
.
Contents of the 'Scheduled Tasks' folder
2010-11-23 c:\windows\Tasks\Google Software Updater.job
- c:\program files\Google\Common\Google Updater\GoogleUpdaterService.exe [2007-07-12 08:27]
2010-11-23 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2010-05-21 16:48]
2010-11-23 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2010-05-21 16:48]
2010-11-22 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-2553521504-1179346763-3355203267-500Core.job
- c:\documents and settings\Administrator\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [2008-09-04 07:20]
2010-11-23 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-2553521504-1179346763-3355203267-500UA.job
- c:\documents and settings\Administrator\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [2008-09-04 07:20]
2010-11-12 c:\windows\Tasks\MyDefrag v4.3.1 Daily.job
- c:\program files\Defrag\Scripts\AutomaticDaily.MyD [2010-09-18 10:03]
2010-09-18 c:\windows\Tasks\MyDefrag v4.3.1 Monthly.job
- c:\program files\Defrag\Scripts\AutomaticMonthly.MyD [2010-09-18 10:03]
.
.
------- Supplementary Scan -------
.
uStart Page = about:blank
uInternet Connection Wizard,ShellNext = hxxp://www.hp.com/
uInternet Settings,ProxyServer = sec-fire.main.elektroxx.xx:8080
uInternet Settings,ProxyOverride = <local>
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\Office12\EXCEL.EXE/3000
IE: Send To &Bluetooth - c:\program files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm
DPF: {888078C6-70B2-4F88-8EE7-1F50DDEA6120} - hxxps://as.photoprintit.de/ips-opdata/activex/ImageUploader6.cab
DPF: {B4F89E07-3C6C-49FC-850B-B5F6A03BB435} - hxxps://www.xbank.xx/servlets/ibc?File=221744.CAB
FF - ProfilePath - c:\documents and settings\Administrator\Application Data\Mozilla\Firefox\Profiles\ys7ih1cc.default\
FF - prefs.js: browser.startup.homepage -
FF - prefs.js: keyword.URL - hxxp://search.icq.com/search/afe_results.php?ch_id=afex&q=
FF - plugin: c:\documents and settings\Administrator\Local Settings\Application Data\Google\Update\1.2.183.39\npGoogleOneClick8.dll
FF - plugin: c:\program files\Google\Google Earth\plugin\npgeplugin.dll
FF - plugin: c:\program files\Google\Google Updater\2.4.1536.6592\npCIDetect13.dll
FF - plugin: c:\program files\Google\Update\1.2.183.39\npGoogleOneClick8.dll
FF - plugin: c:\program files\Java\jre6\bin\new_plugin\npdeployJava1.dll
FF - plugin: c:\program files\Virtual Earth 3D\npVE3D.dll
FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\
---- FIREFOX POLICIES ----
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgbaam7a8h", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--fiqz9s", true); // Traditional
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--fiqs8s", true); // Simplified
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--j6w193g", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgberp4a5d4ar", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgberp4a5d4a87g", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgbqly7c0a67fbc", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgbqly7cvafr", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--kpry57d", true); // Traditional
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--kprw13d", true); // Simplified
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled", false);
.
- - - - ORPHANS REMOVED - - - -
HKCU-Run-RegistryBooster - c:\program files\Uniblue\RegistryBooster\launcher.exe
HKLM-Run-MbWzdFPAP-EXL540 - E:\PdtGuide.exe
HKLM-Run-ISUSPM Startup - c:\progra~1\COMMON~1\INSTAL~1\UPDATE~1\isuspm.exe
HKU-Default-RunOnce-IETI - c:\program files\Skype\Phone\IEPlugin\unins000.exe
AddRemove-BulkMailer 2008 - e:\bulkmailer6\uninst.exe
AddRemove-EPSON Scanner - c:\program files\epson\escndv\setup\setup.exe
**************************************************************************
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, GMER - Rootkit Detector and Remover
Rootkit scan 2010-11-23 14:05
Windows 5.1.2600 Service Pack 3 NTFS
scanning hidden processes ...
scanning hidden autostart entries ...
HKLM\Software\Microsoft\Windows\CurrentVersion\Run
Cpqset = c:\program files\HPQ\Default Settings\cpqset.exe?????? ???@???????????????@? ???`S??????(?@???????@
scanning hidden files ...
scan completed successfully
hidden files: 0
**************************************************************************
Stealth MBR rootkit/Mebroot/Sinowal/TDL4 detector 0.4.2 by Gmer, GMER - Rootkit Detector and Remover
Windows 5.1.2600 Disk: ST96812A rev.7.24 -> Harddisk0\DR0 -> \Device\Ide\IAAStorageDevice-0
device: opened successfully
user: MBR read successfully
Disk trace:
called modules: ntkrnlpa.exe catchme.sys >>UNKNOWN [0x86FD3EB0]<<
c:\docume~1\ADMINI~1\LOCALS~1\Temp\catchme.sys
_asm { MOV EAX, 0x86fd3dd0; XCHG [ESP], EAX; PUSH EAX; PUSH 0x86fd6eb4; RET ; ADD [EAX], AL; ADD [EAX], AL; ADD [EAX], AL; ADD [EAX], AL; ADD [EAX], AL; ADD [EAX], AL; ADD [EAX], AL; ADD [EAX], AL; }
1 ntkrnlpa!IofCallDriver[0x804EF1A6] -> \Device\Harddisk0\DR0[0x86F07030]
\Driver\Disk[0x86F2E930] -> IRP_MJ_CREATE -> 0x86FD3EB0
kernel: MBR read successfully
_asm { XOR DI, DI; MOV SS, DI; MOV SP, 0x7a00; MOV BX, 0x7a0; MOV DS, BX; MOV ES, BX; MOV SI, 0x200; MOV CX, SI; CLD ; REP MOVSB ; JMP FAR 0x7a0:0xa3; }
detected disk devices:
detected hooks:
\Driver\Disk -> 0x86fd3eb0
\Driver\iaStor -> 0x86fd30e8
user & kernel MBR OK
Warning: possible MBR rootkit infection !
**************************************************************************
.
--------------------- LOCKED REGISTRY KEYS ---------------------
[HKEY_USERS\S-1-5-21-2553521504-1179346763-3355203267-500\Software\Microsoft\Internet Explorer\User Preferences]
@Denied: (2) (Administrator)
"88D7D0879DAB32E14DE5B3A805A34F98AFF34F5977"=hex:01,00,00,00,d0,8c,9d,df,01,15,
d1,11,8c,7a,00,c0,4f,c2,97,eb,01,00,00,00,60,ae,79,a0,c5,86,a7,44,be,49,da,\
"2D53CFFC5C1A3DD2E97B7979AC2A92BD59BC839E81"=hex:01,00,00,00,d0,8c,9d,df,01,15,
d1,11,8c,7a,00,c0,4f,c2,97,eb,01,00,00,00,60,ae,79,a0,c5,86,a7,44,be,49,da,\
[HKEY_USERS\S-1-5-21-2553521504-1179346763-3355203267-500\Software\Microsoft\SystemCertificates\AddressBook*]
@Allowed: (Read) (RestrictedCode)
@Allowed: (Read) (RestrictedCode)
.
--------------------- DLLs Loaded Under Running Processes ---------------------
- - - - - - - > 'winlogon.exe'(1024)
c:\windows\system32\IfxWlxEN.dll
c:\windows\system32\igfxdev.dll
.
Completion time: 2010-11-23 14:26:10
ComboFix-quarantined-files.txt 2010-11-23 13:25
Pre-Run: 6.065.070.080 bytes free
Post-Run: 6.033.453.056 bytes free
WindowsXP-KB310994-SP2-Pro-BootDisk-ENU.exe
[boot loader]
timeout=2
default=multi(0)disk(0)rdisk(0)partition(1)\WINDOWS
[operating systems]
c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons
UnsupportedDebug="do not select this" /debug
multi(0)disk(0)rdisk(0)partition(1)\WINDOWS="Microsoft Windows XP Professional" /noexecute=optin /fastdetect
- - End Of File - - C59B42772E492FD3E8C3217D607369A1
|
|
23.11.2010, 15:27
| #12 |
| /// Malware-holic | Skype lässt sich nicht mehr starten download http://ad13.geekstogo.com/MBRCheck.exe doppelklick mbrcheck das programm wird ein log öffnen, dessen inhalt posten.
__________________ -Verdächtige mails bitte an uns zur Analyse weiterleiten: markusg.trojaner-board@web.de Weiterleiten Anleitung: http://markusg.trojaner-board.de Mails bitte vorerst nach obiger Anleitung an markusg.trojaner-board@web.de Weiterleiten Wenn Ihr uns unterstützen möchtet |
|
23.11.2010, 16:44
| #13 |
| | Skype lässt sich nicht mehr starten was ist hier zu tun? MBR Status: unknown MBR code Found non-standard or infected MBR Enter Y and hit ENTER for more options, or N to exit |
|
23.11.2010, 16:47
| #14 |
| /// Malware-holic | Skype lässt sich nicht mehr starten den ganzen bericht posten.
__________________ -Verdächtige mails bitte an uns zur Analyse weiterleiten: markusg.trojaner-board@web.de Weiterleiten Anleitung: http://markusg.trojaner-board.de Mails bitte vorerst nach obiger Anleitung an markusg.trojaner-board@web.de Weiterleiten Wenn Ihr uns unterstützen möchtet |
|
23.11.2010, 16:52
| #15 |
| | Skype lässt sich nicht mehr starten wo steht der? mehr als das was in der DOS-Box steht gibt's da offensichtlich nicht |
|
| Themen zu Skype lässt sich nicht mehr starten |
| aktiv, antivir, avira, avira antivir, beendet, benötigt, data, erstell, erstellt, folge, folgendes, heute, korrekt, logfiles, meldung, morgen, neue, nicht mehr, rechner, schei, skype, starte, starten, startet nicht, umbenannt, verzeichnis |
Linear-Darstellung
