![]() |
Antiviren-, Firewall- und andere Schutzprogramme: spyware.passwords.xgenWindows 7 Sämtliche Fragen zur Bedienung von Firewalls, Anti-Viren Programmen, Anti Malware und Anti Trojaner Software sind hier richtig. Dies ist ein Diskussionsforum für Sicherheitslösungen für Windows Rechner. Benötigst du Hilfe beim Trojaner entfernen oder weil du dir einen Virus eingefangen hast, erstelle ein Thema in den oberen Bereinigungsforen. |
![]() |
![]() | #1 |
![]() ![]() | ![]() spyware.passwords.xgen Hallo, nach langer Abwesenheit melde ich mich zurück. Probleme mit meinem System bestehen nicht. Auf den Verdacht das mein System belastet sein könnte, war, das in einem anderen Forum in der Signatur ein Link eingefügt wurde, aber nicht von mir. Darauf hin habe ich mein System Win7 64bit. mit Avast im Abgesichertenmodus scannen lassen. Genauso wie heute, hat auch Malwareb. dann angeschlagen. hier der log von Malwareb. Code:
ATTFilter Malwarebytes' Anti-Malware 1.46 www.malwarebytes.org Datenbank Version: 5184 Windows 6.1.7600 Internet Explorer 8.0.7600.16385 25.11.2010 20:29:27 mbam-log-2010-11-25 (20-29-27).txt Art des Suchlaufs: Quick-Scan Durchsuchte Objekte: 141809 Laufzeit: 2 Minute(n), 45 Sekunde(n) Infizierte Speicherprozesse: 0 Infizierte Speichermodule: 0 Infizierte Registrierungsschlüssel: 0 Infizierte Registrierungswerte: 0 Infizierte Dateiobjekte der Registrierung: 0 Infizierte Verzeichnisse: 0 Infizierte Dateien: 1 Infizierte Speicherprozesse: (Keine bösartigen Objekte gefunden) Infizierte Speichermodule: (Keine bösartigen Objekte gefunden) Infizierte Registrierungsschlüssel: (Keine bösartigen Objekte gefunden) Infizierte Registrierungswerte: (Keine bösartigen Objekte gefunden) Infizierte Dateiobjekte der Registrierung: (Keine bösartigen Objekte gefunden) Infizierte Verzeichnisse: (Keine bösartigen Objekte gefunden) Infizierte Dateien: C:\Users\******\AppData\Local\Temp\mstsc.exe (Spyware.Passwords.XGen) -> Quarantined and deleted successfully. Warning-Editor-Ordner Avast. Code:
ATTFilter 08.12.2009 14:31:36 1260279096 SYSTEM 1272 Function setifaceUpdatePackages() has failed. Return code is 0x2000001A, dwRes is 2000001A. 08.12.2009 16:50:30 1260287430 SYSTEM 1280 Function setifaceUpdatePackages() has failed. Return code is 0x2000001A, dwRes is 2000001A. 08.12.2009 18:16:09 1260292569 ****** 3216 Function setifaceUpdatePackages() has failed. Return code is 0x2000001A, dwRes is 2000001A. 08.12.2009 18:16:52 1260292612 ****** 3220 Function setifaceUpdatePackages() has failed. Return code is 0x2000001A, dwRes is 2000001A. 23.12.2009 21:44:22 1261601062 SYSTEM 1284 AAVM - scanning warning: x_AavmCheckFileDirectEx: hxxp://download.microsoft.com/download/A/E/1/ae1fd3f4-3d97-4d69-97b0-620e9cecb5ab/Happiness%20Factory_Windows7.themepack (C:\Windows\TEMP\_avast4_\unp7685161.tmp) returning error, 00000026. 31.12.2009 17:05:45 1262275545 SYSTEM 1268 AAVM - scanning warning: x_AavmCheckFileDirectEx [UNI]: C:\Users\*****\AppData\Roaming\Winamp\Plugins\ml\rss.xml (C:\Users\******\AppData\Roaming\Winamp\Plugins\ml\rss.xml) returning error, 00000005. 01.02.2010 21:38:22 1265056702 SYSTEM 1228 AAVM - scanning warning: x_AavmCheckFileDirectEx [UNI]: C:\Windows\System32\WerFault.exe (C:\Windows\System32\WerFault.exe) returning error, 0000A413. 01.04.2010 13:42:49 1270122169 SYSTEM 1380 Function setifaceUpdatePackages() has failed. Return code is 0x20000006, dwRes is 20000006. 06.06.2010 20:28:05 1275848885 SYSTEM 1256 Function setifaceUpdatePackages() has failed. Return code is 0x20000004, dwRes is 20000004. 29.06.2010 22:51:03 1277844663 SYSTEM 1244 Function setifaceUpdatePackages() has failed. Return code is 0x20000004, dwRes is 20000004. 15.07.2010 23:54:32 1279230872 SYSTEM 1164 Function setifaceUpdatePackages() has failed. Return code is 0x20000004, dwRes is 20000004. 28.07.2010 11:20:53 1280308853 SYSTEM 1164 Function setifaceUpdatePackages() has failed. Return code is 0x20000004, dwRes is 20000004. 05.08.2010 20:56:00 1281034560 SYSTEM 1168 Function setifaceUpdatePackages() has failed. Return code is 0x20000004, dwRes is 20000004. 07.08.2010 23:51:47 1281217907 SYSTEM 1176 Function setifaceUpdatePackages() has failed. Return code is 0x20000004, dwRes is 20000004. 09.08.2010 04:08:24 1281319704 SYSTEM 1180 Function setifaceUpdatePackages() has failed. Return code is 0x20000004, dwRes is 20000004. 22.08.2010 10:01:09 1282464069 SYSTEM 1260 Function setifaceUpdatePackages() has failed. Return code is 0x20000004, dwRes is 20000004. 30.08.2010 20:56:38 1283194598 SYSTEM 1252 Function setifaceUpdatePackages() has failed. Return code is 0x20000004, dwRes is 20000004. 09.09.2010 14:52:52 1284036772 SYSTEM 1252 Function setifaceUpdatePackages() has failed. Return code is 0x20000004, dwRes is 20000004. 11.09.2010 06:41:15 1284180075 SYSTEM 1252 Function setifaceUpdatePackages() has failed. Return code is 0x20000004, dwRes is 20000004. 12.09.2010 15:31:52 1284298312 SYSTEM 1268 Function setifaceUpdatePackages() has failed. Return code is 0x20000004, dwRes is 20000004. 13.09.2010 11:48:13 1284371293 SYSTEM 1160 Function setifaceUpdatePackages() has failed. Return code is 0x20000004, dwRes is 20000004. 15.09.2010 08:59:14 1284533954 SYSTEM 1256 Function setifaceUpdatePackages() has failed. Return code is 0x20000004, dwRes is 20000004. 19.09.2010 12:11:12 1284891072 SYSTEM 1240 Function setifaceUpdatePackages() has failed. Return code is 0x20000004, dwRes is 20000004. 26.09.2010 01:24:15 1285457055 SYSTEM 1248 Function setifaceUpdatePackages() has failed. Return code is 0x20000004, dwRes is 20000004. 27.09.2010 06:22:42 1285561362 SYSTEM 1252 Function setifaceUpdatePackages() has failed. Return code is 0x20000004, dwRes is 20000004. 29.09.2010 08:02:40 1285740160 SYSTEM 1280 AAVM - scanning warning: x_AavmCheckFileDirectEx [UNI]: C:\Users\******\AppData\Roaming\skypePM\2010-09-29-1.ezlog (C:\Users\******\AppData\Roaming\skypePM\2010-09-29-1.ezlog) returning error, 00000005. 01.10.2010 17:50:15 1285948215 SYSTEM 1252 Function setifaceUpdatePackages() has failed. Return code is 0x20000004, dwRes is 20000004. 04.10.2010 09:10:03 1286176203 SYSTEM 1236 Function setifaceUpdatePackages() has failed. Return code is 0x20000004, dwRes is 20000004. 09.10.2010 22:17:11 1286655431 SYSTEM 1244 Function setifaceUpdatePackages() has failed. Return code is 0x20000004, dwRes is 20000004. 05.11.2010 13:18:02 1288959482 SYSTEM 1228 Function setifaceUpdatePackages() has failed. Return code is 0x20000006, dwRes is 20000006. 05.11.2010 13:18:02 1288959482 SYSTEM 1228 An error has occured while attempting to update. Please check the logs. 05.11.2010 14:45:01 1288964701 ****** 2960 Function setifaceUpdatePackages() has failed. Return code is 0x20000006, dwRes is 20000006. 05.11.2010 14:55:27 1288965327 SYSTEM 1268 Function setifaceUpdatePackages() has failed. Return code is 0x20000006, dwRes is 20000006. 05.11.2010 14:55:38 1288965338 SYSTEM 1268 Function setifaceUpdatePackages() has failed. Return code is 0x20000006, dwRes is 20000006. 05.11.2010 14:55:38 1288965338 SYSTEM 1268 An error has occured while attempting to update. Please check the logs. 05.11.2010 14:56:17 1288965377 ****** 372 Function setifaceUpdatePackages() has failed. Return code is 0x20000006, dwRes is 20000006. 05.11.2010 14:58:50 1288965530 SYSTEM 1256 Function setifaceUpdatePackages() has failed. Return code is 0x20000006, dwRes is 20000006. 05.11.2010 14:59:01 1288965541 SYSTEM 1256 Function setifaceUpdatePackages() has failed. Return code is 0x20000006, dwRes is 20000006. 05.11.2010 14:59:01 1288965541 SYSTEM 1256 An error has occured while attempting to update. Please check the logs. 05.11.2010 15:03:35 1288965815 ****** 1352 Function setifaceUpdatePackages() has failed. Return code is 0x000004C7, dwRes is 000004C7. 05.11.2010 15:26:09 1288967169 ****** 1352 Sign of "Win32:Malware-gen" has been found in "C:\Users\*****\AppData\Local\Temp\mstsc.exe" file. 12.11.2010 07:01:09 1289541669 SYSTEM 1232 Function setifaceUpdatePackages() has failed. Return code is 0x20000004, dwRes is 20000004. 16.11.2010 11:45:18 1289904318 SYSTEM 1264 Sign of "HTML:Script-inf" has been found in "hxxp://www.terra-jungle.de/index2.php?page=shop.product_details&flypage=flypage.tpl&product_id=145&category_id=40&option=com_virtuemart&Itemid=53&vmcchk=1&Itemid=53&pop=1&tmpl=component" file. 24.11.2010 23:07:37 1290636457 ****** 1776 Sign of "Win32:Malware-gen" has been found in "C:\Users\******\AppData\Local\Temp\mstsc.exe" file. Wiederum war auch die rede von nur einer Fehlermeldung. Ich bin jetzt etwas im unklaren und wäre für Hilfestellung dankbar. "EDIT" Bitte in den richtigen Bereich verschieben, sorry und Danke! MfG hier noch die logfiel von OTL Code:
ATTFilter OTL Extras logfile created on: 25.11.2010 22:59:40 - Run 1 OTL by OldTimer - Version Folder = C:\Users\*****\Desktop 64bit- An unknown product (Version = 6.1.7600) - Type = NTWorkstation Internet Explorer (Version = 8.0.7600.16385) Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy 4,00 Gb Total Physical Memory | 3,00 Gb Available Physical Memory | 66,00% Memory free 8,00 Gb Paging File | 6,00 Gb Available in Paging File | 81,00% Paging File free Paging file location(s): ?:\pagefile.sys [binary data] %SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86) Drive C: | 292,87 Gb Total Space | 218,87 Gb Free Space | 74,73% Space Free | Partition Type: NTFS Drive D: | 638,54 Gb Total Space | 577,47 Gb Free Space | 90,44% Space Free | Partition Type: NTFS Computer Name: ******-PC | User Name: ******* | Logged in as Administrator. Boot Mode: Normal | Scan Mode: Current user | Include 64bit Scans Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days ========== Extra Registry (SafeList) ========== ========== File Associations ========== 64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>] .html[@ = Opera.HTML] -- C:\Program Files (x86)\Opera\Opera.exe (Opera Software) .url[@ = InternetShortcut] -- C:\Windows\system32\ieframe.DLL (Microsoft Corporation) [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>] .cpl [@ = cplfile] -- C:\Windows\SysWow64\control.exe (Microsoft Corporation) .html [@ = Opera.HTML] -- C:\Program Files (x86)\Opera\Opera.exe (Opera Software) .url [@ = InternetShortcut] -- C:\Windows\system32\ieframe.DLL (Microsoft Corporation) ========== Shell Spawning ========== 64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command] batfile [open] -- "%1" %* File not found cmdfile [open] -- "%1" %* File not found comfile [open] -- "%1" %* File not found exefile [open] -- "%1" %* File not found helpfile [open] -- Reg Error: Key error. htmlfile [edit] -- "D:\Program Files (x86)\Microsoft Office\OFFICE11\msohtmed.exe" %1 (Microsoft Corporation) htmlfile [print] -- "C:\Windows\system32\rundll32.exe" "C:\Windows\system32\mshtml.dll",PrintHTML "%1" (Microsoft Corporation) http [open] -- "C:\Program Files (x86)\Opera\opera.exe" (Opera Software) https [open] -- "C:\Program Files (x86)\Opera\opera.exe" (Opera Software) inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation) InternetShortcut [open] -- "C:\Windows\system32\rundll32.exe" "C:\Windows\system32\ieframe.dll",OpenURL %l (Microsoft Corporation) InternetShortcut [print] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\mshtml.dll",PrintHTML "%1" (Microsoft Corporation) piffile [open] -- "%1" %* File not found regfile [merge] -- Reg Error: Key error. scrfile [config] -- "%1" File not found scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l (Microsoft Corporation) scrfile [open] -- "%1" /S File not found txtfile [edit] -- Reg Error: Key error. Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1 File not found Directory [AddToPlaylistVLC] -- "d:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" () Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation) Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation) Directory [PlayWithVLC] -- "d:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" () Directory [Winamp.Bookmark] -- "D:\Program Files (x86)\Winamp\winamp.exe" /BOOKMARK "%1" (Nullsoft, Inc.) Directory [Winamp.Enqueue] -- "D:\Program Files (x86)\Winamp\winamp.exe" /ADD "%1" (Nullsoft, Inc.) Directory [Winamp.Play] -- "D:\Program Files (x86)\Winamp\winamp.exe" "%1" (Nullsoft, Inc.) Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation) Folder [explore] -- Reg Error: Value error. Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation) [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command] batfile [open] -- "%1" %* cmdfile [open] -- "%1" %* comfile [open] -- "%1" %* cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation) exefile [open] -- "%1" %* helpfile [open] -- Reg Error: Key error. htmlfile [edit] -- "D:\Program Files (x86)\Microsoft Office\OFFICE11\msohtmed.exe" %1 (Microsoft Corporation) htmlfile [print] -- "C:\Windows\system32\rundll32.exe" "C:\Windows\system32\mshtml.dll",PrintHTML "%1" (Microsoft Corporation) http [open] -- "C:\Program Files (x86)\Opera\opera.exe" (Opera Software) https [open] -- "C:\Program Files (x86)\Opera\opera.exe" (Opera Software) inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation) InternetShortcut [open] -- "C:\Windows\system32\rundll32.exe" "C:\Windows\system32\ieframe.dll",OpenURL %l (Microsoft Corporation) InternetShortcut [print] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\mshtml.dll",PrintHTML "%1" (Microsoft Corporation) piffile [open] -- "%1" %* regfile [merge] -- Reg Error: Key error. scrfile [config] -- "%1" scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l (Microsoft Corporation) scrfile [open] -- "%1" /S txtfile [edit] -- Reg Error: Key error. Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1 Directory [AddToPlaylistVLC] -- "d:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" () Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation) Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation) Directory [PlayWithVLC] -- "d:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" () Directory [Winamp.Bookmark] -- "D:\Program Files (x86)\Winamp\winamp.exe" /BOOKMARK "%1" (Nullsoft, Inc.) Directory [Winamp.Enqueue] -- "D:\Program Files (x86)\Winamp\winamp.exe" /ADD "%1" (Nullsoft, Inc.) Directory [Winamp.Play] -- "D:\Program Files (x86)\Winamp\winamp.exe" "%1" (Nullsoft, Inc.) Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation) Folder [explore] -- Reg Error: Value error. Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation) ========== Security Center Settings ========== 64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center] "cval" = 1 64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring] 64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc] "VistaSp1" = 28 4D B2 76 41 04 CA 01 [binary data] "AntiVirusOverride" = 0 "AntiSpywareOverride" = 0 "FirewallOverride" = 0 64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc] ========== Firewall Settings ========== [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile] "DisableNotifications" = 0 "EnableFirewall" = 1 [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile] "DisableNotifications" = 0 "EnableFirewall" = 1 [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile] "DisableNotifications" = 0 "EnableFirewall" = 1 ========== Authorized Applications List ========== ========== HKEY_LOCAL_MACHINE Uninstall List ========== 64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall] "{4B6C7001-C7D6-3710-913E-5BC23FCE91E6}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148 "{8DF9D3DF-6D03-A04F-217F-F2577D973DBE}" = ATI Catalyst Install Manager "{A9513BBC-73B4-4856-BF83-0166523ABF09}" = 64 Bit HP CIO Components Installer "{C3B6AEB1-390C-4792-8677-CD87F8B2C959}" = HP Deskjet F4200 All-In-One Driver Software 11.0 Rel .3 "{CC7D4CC8-FE90-17E2-FAC6-3D14C93DCE09}" = AMD Drag and Drop Transcoding "{D9B52C63-4209-7129-BF10-FA5DCD38579E}" = ccc-utility64 "{F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4}" = Microsoft .NET Framework 4 Client Profile "HP Imaging Device Functions" = HP Imaging Device Functions 11.0 "HP Photosmart Essential" = HP Photosmart Essential 3.0 "HP Smart Web Printing" = HP Smart Web Printing "HP Solution Center & Imaging Support Tools" = HP Solution Center 11.0 "HPExtendedCapabilities" = HP Customer Participation Program 11.0 "Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile "Shop for HP Supplies" = Shop for HP Supplies [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall] "{0289B35E-DC07-4c7a-9710-BBD686EA4B7D}" = Status "{09633A5E-3089-41A8-9FF1-382171423C5D}" = PSSWCORE "{1B3B5C60-70B8-F022-5497-03FD2772586C}" = CCC Help Greek "{20D4A895-748C-4D88-871C-FDB1695B0169}" = Platform "{22F761D1-8063-4170-ADF7-2D2F47834CA9}" = VideoToolkit01 "{26A24AE4-039D-4CA4-87B4-2F83216017FF}" = Java(TM) 6 Update 17 "{27197499-7680-4208-8FD8-5439CDB0FDC1}" = HPProductAssistant "{278AD90C-D27D-AA89-58DF-AD13852D51CA}" = CCC Help Spanish "{2AFEAA03-2DFE-4519-A629-EDAB6541ABE9}" = HPSSupply "{2CDBFF1A-6433-E94D-CA25-831FDB9775E9}" = CCC Help Italian "{31DED885-1124-0E58-97FB-73E4EF692E8D}" = CCC Help Hungarian "{32CF189D-52BB-4C1C-8F93-97E8F3CDDC95}" = Razer Habu Config "{33B670D7-8A06-DA5B-0341-5630D1E12007}" = ccc-core-static "{38D65ABC-A00B-6E13-2EF3-826CFC8CFC14}" = CCC Help French "{3AC8457C-0385-4BEA-A959-E095F05D6D67}" = Battlefield: Bad Company™ 2 "{3B4325A0-43CD-10D1-64F6-BD2F90DCB756}" = Catalyst Control Center Graphics Previews Vista "{491D92A9-69CA-4EB4-81D3-0106F9337957}" = TurboV EVO "{51942928-CA56-4A3D-8A3D-60731B528E35}" = TurboV Remote "{5774B4C1-8579-D5D9-8D38-A0CE32B6736C}" = CCC Help German "{593A6CAF-E114-4e31-884F-74FF349E8E36}" = SolutionCenter "{5D19BB0D-9B04-5B85-9295-4E11BCB1C2C3}" = CCC Help Polish "{60D4F9F1-B828-4048-A5AB-9AA2FD0C4751}" = DJ_AIO_03_F4200_Software "{60DE4033-9503-48D1-A483-7846BD217CA9}" = ICQ6.5 "{6365C963-4B72-43F8-8392-2A5441EC2A86}" = DJ_AIO_03_F4200_ProductContext "{66E6CE0C-5A1E-430C-B40A-0C90FF1804A8}" = eSupportQFolder "{6F5E2F4A-377D-4700-B0E3-8F7F7507EA15}" = CustomerResearchQFolder "{6FCFA783-CE7B-4018-AC48-0E6EEAAEA322}" = LOST PLANET COLONIES "{72736F5F-520D-472A-88CC-7B02872FD34E}" = ATI Catalyst Registration "{75794DD1-5D69-4E33-A141-C3D4B0724C71}" = Catalyst Control Center Graphics Previews Common "{81A6F461-0DBA-4F12-B56F-0E977EC10576}_is1" = PDF24 Creator "{837b34e3-7c30-493c-8f6a-2b0f04e2912c}" = Microsoft Visual C++ 2005 Redistributable "{87CC8013-56D1-43E1-A0A5-AD406B4EBA95}" = Opera 10.63 "{8833FFB6-5B0C-4764-81AA-06DFEED9A476}" = Realtek 8136 8168 8169 Ethernet Driver "{8ACC73AA-6511-7C55-B1A9-8E5D1DEAFAA3}" = The Lord of the Rings FREE Trial "{91120407-6000-11D3-8CFE-0150048383C9}" = Microsoft Office Standard Edition 2003 "{929CE49F-1CA7-4CF3-A9A1-6D757443C63F}" = Microsoft Games for Windows - LIVE Redistributable "{9C2D4047-0E40-499a-AC7A-C4B9BB12FE03}" = TrayApp "{9F4EE72A-C5C9-42ad-ABEF-427690843577}" = MarketResearch "{A2BCA9F1-566C-4805-97D1-7FDC93386723}" = Adobe AIR "{AA2E8A46-B45E-4aea-8A23-88AB57D04523}" = WebReg "{AB5D51AE-EBC3-438D-872C-705C7C2084B0}" = DeviceManagementQFolder "{AC76BA86-7AD7-1031-7B44-A94000000001}" = Adobe Reader 9.4.1 - Deutsch "{BE8A9C2C-8E41-445B-A746-BEB0B1F992F8}" = DJ_AIO_03_F4200_Software_Min "{BF08AB1C-3357-4f20-A200-8EBB8EF27C59}" = BufferChm "{C89B5E3A-690F-4CEE-909A-BF869E198B0A}" = Scan "{CC0E1AE3-091D-4969-B151-7AC142062C28}" = SmartWebPrinting "{D063F201-FAC4-4D5C-B10B-615058ADE5A7}" = HP Update "{D103C4BA-F905-437A-8049-DB24763BBE36}" = Skype™ 4.2 "{D16B4BE6-8B10-422f-8034-96D1CA9483B5}" = GPBaseService "{D5A9DA4B-E4F9-FB49-017D-769FC540F1F0}" = EA Download Manager UI "{D74CFE48-087F-46E1-80E6-E2950E1A8DCE}" = HP Photosmart Essential 2.5 "{DDA34038-89BD-4804-B0B8-DC48D5DFB463}" = Catalyst Control Center - Branding "{E133E97F-5186-4503-BEC8-752EB9E8EBD7}" = Copy "{E48469CC-635E-4FD5-A122-1497C286D217}" = Call of Duty(R) 4 - Modern Warfare(TM) "{E535C94A-B87F-4182-BEA8-1E9322078D3E}" = Cards_Calendar_OrderGift_DoMorePlugout "{E8454B5F-4122-864C-002D-31F878D2CBF4}" = CCC Help English "{E96B0085-6659-486b-A221-5042A042728D}" = Toolbox "{ED50ECE9-EC54-4C05-B5ED-EE4741A9F2EC}" = Battlefield 2142 "{EF1ADA5A-0B1A-4662-8C55-7475A61D8B65}" = DeviceDiscovery "{EF9E56EE-0243-4BAD-88F4-5E7508AA7D96}" = Destination Component "{F0E6252F-8DC2-B508-D412-1C427CDB3448}" = CCC Help Portuguese "{FE4466A3-76B3-A9F4-9B22-150D6F8B4647}" = Catalyst Control Center Localization All "Adobe AIR" = Adobe AIR "Adobe Flash Player ActiveX" = Adobe Flash Player 10 ActiveX "Adobe Flash Player Plugin" = Adobe Flash Player 10 Plugin "Advanced Crossfading" = Advanced Crossfading "avast!" = avast! Antivirus "Blitzkrieg 2" = Blitzkrieg 2 "com.ea.Vault.919CACB699904AC5D41B606703500DD39747C02D.1" = EA Download Manager UI "Driver Cleaner Pro" = DH Driver Cleaner Professional Edition "EA Download Manager" = EA Download Manager "EADM" = EA Download Manager "FXCM Trading Station" = FXCM Trading Station "ICQToolbar" = ICQ Toolbar "InstallShield_{20D4A895-748C-4D88-871C-FDB1695B0169}" = VIA Plattform-Geräte-Manager "InstallShield_{E48469CC-635E-4FD5-A122-1497C286D217}" = Call of Duty(R) 4 - Modern Warfare(TM) "Malwarebytes' Anti-Malware_is1" = Malwarebytes' Anti-Malware "MozBackup" = MozBackup 1.4.9 "Mozilla Thunderbird (3.1.4)" = Mozilla Thunderbird (3.1.4) "PunkBusterSvc" = PunkBuster Services "SpeedFan" = SpeedFan (remove only) "Streamripper" = Streamripper (Remove only) "VLC media player" = VLC media player 1.1.4 "Warcraft III" = Warcraft III "Winamp" = Winamp ========== HKEY_CURRENT_USER Uninstall List ========== [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall] "Winamp Detect" = Winamp Anwendungserkennung ========== Last 10 Event Log Errors ========== [ Antivirus Events ] Error - 24.11.2010 17:36:00 | Computer Name = ******-PC | Source = avast! | ID = 33554522 Description = aswChestInterface - Program error description: CChestListView::LoadFiles() chestOpenList() failed: 2147422219. Error - 24.11.2010 17:36:19 | Computer Name = ******-PC | Source = avast! | ID = 33554522 Description = aswChestInterface - Program error description: CChestListView::OnCreate() !m_strErrorWnd.IsEmpty(). Error - 24.11.2010 17:37:32 | Computer Name = ******-PC | Source = avast! | ID = 33554522 Description = Error in aswChestC: chestOpenList Error 1753. Error - 24.11.2010 17:37:32 | Computer Name = *******-PC | Source = avast! | ID = 33554522 Description = aswChestInterface - Program error description: CChestListView::LoadFiles() chestOpenList() failed: 2147422219. Error - 24.11.2010 17:37:38 | Computer Name = ******-PC | Source = avast! | ID = 33554522 Description = aswChestInterface - Program error description: CChestListView::OnCreate() !m_strErrorWnd.IsEmpty(). Error - 24.11.2010 17:41:51 | Computer Name = ******-PC | Source = avast! | ID = 33554522 Description = Error in aswChestC: chestOpenList Error 1753. Error - 24.11.2010 17:41:51 | Computer Name = ******-PC | Source = avast! | ID = 33554522 Description = aswChestInterface - Program error description: CChestListView::LoadFiles() chestOpenList() failed: 2147422219. Error - 24.11.2010 17:41:53 | Computer Name = *****-PC | Source = avast! | ID = 33554522 Description = aswChestInterface - Program error description: CChestListView::OnCreate() !m_strErrorWnd.IsEmpty(). Error - 24.11.2010 17:46:47 | Computer Name = ******-PC | Source = avast! | ID = 33554522 Description = Internal error has occurred in module aswar scan function failed!, function 00000002. Error - 24.11.2010 18:08:02 | Computer Name = ******-PC | Source = avast! | ID = 33554522 Description = Error in aswChestC: chestAddFile Error 1753. [ Application Events ] Error - 18.11.2010 05:54:17 | Computer Name = *******-PC | Source = SideBySide | ID = 16842815 Description = Fehler beim Generieren des Aktivierungskontextes für "d:\program files (x86)\mozbackup\dll\DelZip179.dll". Fehler in Manifest- oder Richtliniendatei "d:\program files (x86)\mozbackup\dll\DelZip179.dll" in Zeile 8. Der Wert "*" des "language"-Attributs im assemblyIdentity-Element ist ungültig. Error - 20.11.2010 17:48:26 | Computer Name = *******-PC | Source = SideBySide | ID = 16842815 Description = Fehler beim Generieren des Aktivierungskontextes für "c:\Program Files (x86)\Common Files\Adobe AIR\Versions\1.0\Adobe AIR.dll". Fehler in Manifest- oder Richtliniendatei "c:\Program Files (x86)\Common Files\Adobe AIR\Versions\1.0\Adobe AIR.dll" in Zeile 3. Der Wert "MAJOR_VERSION.MINOR_VERSION.BUILD_NUMBER_MAJOR.BUILD_NUMBER_MINOR" des "version"-Attributs im assemblyIdentity-Element ist ungültig. Error - 20.11.2010 17:48:33 | Computer Name = *******-PC | Source = SideBySide | ID = 16842815 Description = Fehler beim Generieren des Aktivierungskontextes für "d:\program files (x86)\mozbackup\dll\DelZip179.dll". Fehler in Manifest- oder Richtliniendatei "d:\program files (x86)\mozbackup\dll\DelZip179.dll" in Zeile 8. Der Wert "*" des "language"-Attributs im assemblyIdentity-Element ist ungültig. Error - 22.11.2010 12:51:43 | Computer Name = *******-PC | Source = SideBySide | ID = 16842815 Description = Fehler beim Generieren des Aktivierungskontextes für "c:\Program Files (x86)\Common Files\Adobe AIR\Versions\1.0\Adobe AIR.dll". Fehler in Manifest- oder Richtliniendatei "c:\Program Files (x86)\Common Files\Adobe AIR\Versions\1.0\Adobe AIR.dll" in Zeile 3. Der Wert "MAJOR_VERSION.MINOR_VERSION.BUILD_NUMBER_MAJOR.BUILD_NUMBER_MINOR" des "version"-Attributs im assemblyIdentity-Element ist ungültig. Error - 22.11.2010 12:51:50 | Computer Name = ******-PC | Source = SideBySide | ID = 16842815 Description = Fehler beim Generieren des Aktivierungskontextes für "d:\program files (x86)\mozbackup\dll\DelZip179.dll". Fehler in Manifest- oder Richtliniendatei "d:\program files (x86)\mozbackup\dll\DelZip179.dll" in Zeile 8. Der Wert "*" des "language"-Attributs im assemblyIdentity-Element ist ungültig. Error - 23.11.2010 15:41:01 | Computer Name = ******-PC | Source = Application Hang | ID = 1002 Description = Programm winamp.exe, Version kann nicht mehr unter Windows ausgeführt werden und wurde beendet. Überprüfen Sie den Problemverlauf in der Wartungscenter-Systemsteuerung, um nach weiteren Informationen zum Problem zu suchen. Prozess-ID: 190 Startzeit: 01cb8b45998451a2 Endzeit: 46 Anwendungspfad: D:\Program Files (x86)\Winamp\winamp.exe Berichts-ID: 8c247f84-f739-11df-822d-90e6ba105e4b Error - 24.11.2010 08:40:44 | Computer Name = ******-PC | Source = SideBySide | ID = 16842815 Description = Fehler beim Generieren des Aktivierungskontextes für "c:\Program Files (x86)\Common Files\Adobe AIR\Versions\1.0\Adobe AIR.dll". Fehler in Manifest- oder Richtliniendatei "c:\Program Files (x86)\Common Files\Adobe AIR\Versions\1.0\Adobe AIR.dll" in Zeile 3. Der Wert "MAJOR_VERSION.MINOR_VERSION.BUILD_NUMBER_MAJOR.BUILD_NUMBER_MINOR" des "version"-Attributs im assemblyIdentity-Element ist ungültig. Error - 24.11.2010 08:40:50 | Computer Name = ******-PC | Source = SideBySide | ID = 16842815 Description = Fehler beim Generieren des Aktivierungskontextes für "d:\program files (x86)\mozbackup\dll\DelZip179.dll". Fehler in Manifest- oder Richtliniendatei "d:\program files (x86)\mozbackup\dll\DelZip179.dll" in Zeile 8. Der Wert "*" des "language"-Attributs im assemblyIdentity-Element ist ungültig. Error - 25.11.2010 13:54:08 | Computer Name = *****-PC | Source = SideBySide | ID = 16842815 Description = Fehler beim Generieren des Aktivierungskontextes für "c:\Program Files (x86)\Common Files\Adobe AIR\Versions\1.0\Adobe AIR.dll". Fehler in Manifest- oder Richtliniendatei "c:\Program Files (x86)\Common Files\Adobe AIR\Versions\1.0\Adobe AIR.dll" in Zeile 3. Der Wert "MAJOR_VERSION.MINOR_VERSION.BUILD_NUMBER_MAJOR.BUILD_NUMBER_MINOR" des "version"-Attributs im assemblyIdentity-Element ist ungültig. Error - 25.11.2010 13:54:15 | Computer Name = ******-PC | Source = SideBySide | ID = 16842815 Description = Fehler beim Generieren des Aktivierungskontextes für "d:\program files (x86)\mozbackup\dll\DelZip179.dll". Fehler in Manifest- oder Richtliniendatei "d:\program files (x86)\mozbackup\dll\DelZip179.dll" in Zeile 8. Der Wert "*" des "language"-Attributs im assemblyIdentity-Element ist ungültig. [ System Events ] Error - 25.11.2010 16:15:54 | Computer Name = ******-PC | Source = Service Control Manager | ID = 7001 Description = Der Dienst "Netzwerklistendienst" ist vom Dienst "NLA (Network Location Awareness)" abhängig, der aufgrund folgenden Fehlers nicht gestartet wurde: %%1068 Error - 25.11.2010 16:15:54 | Computer Name = ******-PC | Source = Service Control Manager | ID = 7001 Description = Der Dienst "Netzwerklistendienst" ist vom Dienst "NLA (Network Location Awareness)" abhängig, der aufgrund folgenden Fehlers nicht gestartet wurde: %%1068 Error - 25.11.2010 16:15:54 | Computer Name = *****-PC | Source = Service Control Manager | ID = 7001 Description = Der Dienst "Netzwerklistendienst" ist vom Dienst "NLA (Network Location Awareness)" abhängig, der aufgrund folgenden Fehlers nicht gestartet wurde: %%1068 Error - 25.11.2010 16:15:54 | Computer Name = *****-PC | Source = Service Control Manager | ID = 7001 Description = Der Dienst "Netzwerklistendienst" ist vom Dienst "NLA (Network Location Awareness)" abhängig, der aufgrund folgenden Fehlers nicht gestartet wurde: %%1068 Error - 25.11.2010 16:15:54 | Computer Name = *****-PC | Source = Service Control Manager | ID = 7001 Description = Der Dienst "Netzwerklistendienst" ist vom Dienst "NLA (Network Location Awareness)" abhängig, der aufgrund folgenden Fehlers nicht gestartet wurde: %%1068 Error - 25.11.2010 16:15:54 | Computer Name = ******-PC | Source = Service Control Manager | ID = 7001 Description = Der Dienst "Netzwerklistendienst" ist vom Dienst "NLA (Network Location Awareness)" abhängig, der aufgrund folgenden Fehlers nicht gestartet wurde: %%1068 Error - 25.11.2010 16:15:54 | Computer Name = ******-PC | Source = Service Control Manager | ID = 7001 Description = Der Dienst "Netzwerklistendienst" ist vom Dienst "NLA (Network Location Awareness)" abhängig, der aufgrund folgenden Fehlers nicht gestartet wurde: %%1068 Error - 25.11.2010 16:15:54 | Computer Name = *******-PC | Source = Service Control Manager | ID = 7001 Description = Der Dienst "Netzwerklistendienst" ist vom Dienst "NLA (Network Location Awareness)" abhängig, der aufgrund folgenden Fehlers nicht gestartet wurde: %%1068 Error - 25.11.2010 16:59:19 | Computer Name = ******-PC | Source = Service Control Manager | ID = 7009 Description = Das Zeitlimit (30000 ms) wurde beim Verbindungsversuch mit dem Dienst HP CUE DeviceDiscovery Service erreicht. Error - 25.11.2010 16:59:19 | Computer Name = *******-PC | Source = Service Control Manager | ID = 7000 Description = Der Dienst "HP CUE DeviceDiscovery Service" wurde aufgrund folgenden Fehlers nicht gestartet: %%1053 < End of report > Code:
ATTFilter OTL logfile created on: 25.11.2010 22:59:40 - Run 1 OTL by OldTimer - Version Folder = C:\Users\Andreas\Desktop 64bit- An unknown product (Version = 6.1.7600) - Type = NTWorkstation Internet Explorer (Version = 8.0.7600.16385) Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy 4,00 Gb Total Physical Memory | 3,00 Gb Available Physical Memory | 66,00% Memory free 8,00 Gb Paging File | 6,00 Gb Available in Paging File | 81,00% Paging File free Paging file location(s): ?:\pagefile.sys [binary data] %SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86) Drive C: | 292,87 Gb Total Space | 218,87 Gb Free Space | 74,73% Space Free | Partition Type: NTFS Drive D: | 638,54 Gb Total Space | 577,47 Gb Free Space | 90,44% Space Free | Partition Type: NTFS Computer Name: *****-PC | User Name: ****** | Logged in as Administrator. Boot Mode: Normal | Scan Mode: Current user | Include 64bit Scans Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days ========== Processes (SafeList) ========== PRC - C:\Users\*****\Desktop\OTL.exe (OldTimer Tools) PRC - C:\Program Files (x86)\Opera\opera.exe (Opera Software) PRC - C:\Windows\SysWOW64\PnkBstrA.exe () PRC - D:\Program Files\Alwil Software\Avast4\ashDisp.exe (ALWIL Software) PRC - d:\Program Files\Alwil Software\Avast4\ashServ.exe (ALWIL Software) PRC - d:\Program Files\Alwil Software\Avast4\ashMaiSv.exe (ALWIL Software) PRC - d:\Program Files\Alwil Software\Avast4\ashWebSv.exe (ALWIL Software) PRC - d:\Program Files\Alwil Software\Avast4\aswUpdSv.exe (ALWIL Software) PRC - C:\Programme\ASUS\TurboV EVO\TurboVHelp.exe (ASUSTeK Computer Inc.) PRC - D:\Program Files (x86)\Razer\Habu\razerhid.exe () PRC - D:\Program Files (x86)\Razer\Habu\razertra.exe () PRC - C:\Program Files (x86)\ICQ6Toolbar\ICQ Service.exe () PRC - C:\Program Files (x86)\ASUS\AsSysCtrlService\1.00.02\AsSysCtrlService.exe () PRC - D:\Program Files (x86)\Razer\Habu\razerofa.exe (Razer Inc.) ========== Modules (SafeList) ========== MOD - C:\Users\******\Desktop\OTL.exe (OldTimer Tools) MOD - C:\Windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7600.16661_none_420fe3fa2b8113bd\comctl32.dll (Microsoft Corporation) ========== Win32 Services (SafeList) ========== SRV:64bit: - (PnkBstrA) -- C:\Windows\SysNative\PnkBstrA.exe File not found SRV:64bit: - (AMD External Events Utility) -- C:\Windows\SysNative\atiesrxx.exe (AMD) SRV:64bit: - (AppMgmt) -- C:\Windows\SysNative\appmgmts.dll (Microsoft Corporation) SRV - (clr_optimization_v4.0.30319_32) -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe (Microsoft Corporation) SRV - (PnkBstrA) -- C:\Windows\SysWOW64\PnkBstrA.exe () SRV - (avast! Antivirus) -- d:\Program Files\Alwil Software\Avast4\ashServ.exe (ALWIL Software) SRV - (avast! Mail Scanner) -- d:\Program Files\Alwil Software\Avast4\ashMaiSv.exe (ALWIL Software) SRV - (avast! Web Scanner) -- d:\Program Files\Alwil Software\Avast4\ashWebSv.exe (ALWIL Software) SRV - (aswUpdSv) -- d:\Program Files\Alwil Software\Avast4\aswUpdSv.exe (ALWIL Software) SRV - (ICQ Service) -- C:\Program Files (x86)\ICQ6Toolbar\ICQ Service.exe () SRV - (clr_optimization_v2.0.50727_32) -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe (Microsoft Corporation) SRV - (AsSysCtrlService) -- C:\Program Files (x86)\ASUS\AsSysCtrlService\1.00.02\AsSysCtrlService.exe () ========== Driver Services (SafeList) ========== DRV:64bit: - (amdkmdag) -- C:\Windows\SysNative\drivers\atikmdag.sys (ATI Technologies Inc.) DRV:64bit: - (amdkmdap) -- C:\Windows\SysNative\drivers\atikmpag.sys (Advanced Micro Devices, Inc.) DRV:64bit: - (AtiHdmiService) -- C:\Windows\SysNative\drivers\AtiHdmi.sys (ATI Technologies, Inc.) DRV:64bit: - (aswFsBlk) -- C:\Windows\SysNative\drivers\aswFsBlk.sys (ALWIL Software) DRV:64bit: - (aswMonFlt) -- C:\Windows\SysNative\drivers\aswMonFlt.sys (ALWIL Software) DRV:64bit: - (HabuFltr) -- C:\Windows\SysNative\drivers\habu.sys (Razer (Asia-Pacific) Pte Ltd) DRV:64bit: - (MTsensor) -- C:\Windows\SysNative\drivers\ASACPI.sys () DRV:64bit: - (amdsata) -- C:\Windows\SysNative\drivers\amdsata.sys (Advanced Micro Devices) DRV:64bit: - (amdxata) -- C:\Windows\SysNative\drivers\amdxata.sys (Advanced Micro Devices) DRV:64bit: - (amdsbs) -- C:\Windows\SysNative\drivers\amdsbs.sys (AMD Technologies Inc.) DRV:64bit: - (LSI_SAS2) -- C:\Windows\SysNative\drivers\lsi_sas2.sys (LSI Corporation) DRV:64bit: - (HpSAMD) -- C:\Windows\SysNative\drivers\HpSAMD.sys (Hewlett-Packard Company) DRV:64bit: - (stexstor) -- C:\Windows\SysNative\drivers\stexstor.sys (Promise Technology) DRV:64bit: - (VIAHdAudAddService) -- C:\Windows\SysNative\drivers\viahduaa.sys (VIA Technologies, Inc.) DRV:64bit: - (Ntfs) -- C:\Windows\SysNative\wbem\ntfs.mof () DRV:64bit: - (ebdrv) -- C:\Windows\SysNative\drivers\evbda.sys (Broadcom Corporation) DRV:64bit: - (b06bdrv) -- C:\Windows\SysNative\drivers\bxvbda.sys (Broadcom Corporation) DRV:64bit: - (b57nd60a) -- C:\Windows\SysNative\drivers\b57nd60a.sys (Broadcom Corporation) DRV:64bit: - (hcw85cir) -- C:\Windows\SysNative\drivers\hcw85cir.sys (Hauppauge Computer Works, Inc.) DRV:64bit: - (RTL8167) -- C:\Windows\SysNative\drivers\Rt64win7.sys (Realtek ) DRV:64bit: - (sfdrv01a) StarForce Protection Environment Driver (version 1.x.a) -- C:\Windows\SysNative\drivers\sfdrv01a.sys (Protection Technology (StarForce)) DRV:64bit: - (sfhlp02) StarForce Protection Helper Driver (version 2.x) -- C:\Windows\SysNative\drivers\sfhlp02.sys (Protection Technology (StarForce)) DRV - (speedfan) -- C:\Windows\SysWOW64\speedfan.sys (Windows (R) Server 2003 DDK provider) ========== Standard Registry (SafeList) ========== ========== Internet Explorer ========== IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://start.icq.com/ IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = hxxp://de.msn.com/?ocid=iehp IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = de IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = E7 6A 03 BA C6 74 CA 01 [binary data] IE - HKCU\..\URLSearchHook: {855F3B16-6D32-4fe6-8A56-BBB695989046} - C:\Program Files (x86)\ICQ6Toolbar\ICQToolBar.dll (ICQ) IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 FF - HKLM\software\mozilla\Firefox\Extensions\\smartwebprinting@hp.com: C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\MozillaAddOn2 [2010.03.06 17:06:55 | 000,000,000 | ---D | M] FF - HKLM\software\mozilla\Mozilla Thunderbird 3.1.4\extensions\\Components: C:\Program Files (x86)\Mozilla Thunderbird\components [2010.09.20 18:02:42 | 000,000,000 | ---D | M] FF - HKLM\software\mozilla\Mozilla Thunderbird 3.1.4\extensions\\Plugins: C:\Program Files (x86)\Mozilla Thunderbird\plugins [2010.09.20 18:02:43 | 000,000,000 | ---D | M] -- C:\Users\****\AppData\Roaming\mozilla\Extensions [2010.09.20 18:02:43 | 000,000,000 | ---D | M] (No name found) -- C:\Users\******\AppData\Roaming\mozilla\Extensions\{3550f703-e582-4d05-9a08-453d09bdfdc6} O1 HOSTS File: ([2009.06.10 22:00:26 | 000,000,824 | ---- | M]) - C:\Windows\SysNative\drivers\etc\hosts O2 - BHO: (HP Print Enhancer) - {0347C33E-8762-4905-BF09-768834316C61} - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\hpswp_printenhancer.dll (Hewlett-Packard Co.) O2 - BHO: (HP Smart BHO Class) - {FFFFFFFF-CF4E-4F2B-BDC2-0E72E116A856} - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\hpswp_BHO.dll (Hewlett-Packard Co.) O3 - HKLM\..\Toolbar: (ICQToolBar) - {855F3B16-6D32-4fe6-8A56-BBB695989046} - C:\Program Files (x86)\ICQ6Toolbar\ICQToolBar.dll (ICQ) O4 - HKLM..\Run: [ATICustomerCare] C:\Program Files (x86)\ATI\ATICustomerCare\ATICustomerCare.exe (Advanced Micro Devices, Inc.) O4 - HKLM..\Run: [avast!] d:\Program Files\Alwil Software\Avast4\ashDisp.exe (ALWIL Software) O4 - HKLM..\Run: [Habu] D:\Program Files (x86)\Razer\Habu\razerhid.exe () O4 - HKLM..\Run: [HDAudDeck] C:\Program Files (x86)\VIA\VIAudioi\VDeck\VDeck.exe (VIA) O4 - HKLM..\Run: [ Malwarebytes Anti-Malware (reboot)] D:\Program Files (x86)\Malwarebytes' Anti-Malware\mbam.exe (Malwarebytes Corporation) O4 - HKLM..\Run: [StartCCC] C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe (Advanced Micro Devices, Inc.) O4 - HKLM..\Run: [UnlockerAssistant] C:\Program Files (x86)\Unlocker\UnlockerAssistant.exe File not found O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktopChanges = 1 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3 O8:64bit: - Extra context menu item: Nach Microsoft &Excel exportieren - D:\Program Files (x86)\Microsoft Office\OFFICE11\EXCEL.EXE (Microsoft Corporation) O8 - Extra context menu item: Nach Microsoft &Excel exportieren - D:\Program Files (x86)\Microsoft Office\OFFICE11\EXCEL.EXE (Microsoft Corporation) O9 - Extra Button: Recherchieren - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - D:\Program Files (x86)\Microsoft Office\OFFICE11\REFIEBAR.DLL (Microsoft Corporation) O9 - Extra Button: HP Intelligente Auswahl - {DDE87865-83C5-48c4-8357-2F5B1AA84522} - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\hpswp_BHO.dll (Hewlett-Packard Co.) O9 - Extra Button: ICQ6 - {E59EB121-F339-4851-A3BA-FE49C35617C2} - D:\Program Files (x86)\ICQ6.5\ICQ.exe (ICQ, LLC.) O9 - Extra 'Tools' menuitem : ICQ6 - {E59EB121-F339-4851-A3BA-FE49C35617C2} - D:\Program Files (x86)\ICQ6.5\ICQ.exe (ICQ, LLC.) O13 - gopher Prefix: missing O13 - gopher Prefix: missing O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_17-windows-i586.cab (Java Plug-in 1.6.0_17) O16 - DPF: {CAFEEFAC-0016-0000-0017-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_17-windows-i586.cab (Java Plug-in 1.6.0_17) O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_17-windows-i586.cab (Java Plug-in 1.6.0_17) O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab (Reg Error: Key error.) O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = O18:64bit: - Protocol\Handler\http\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - Reg Error: Key error. File not found O18:64bit: - Protocol\Handler\http\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - Reg Error: Key error. File not found O18:64bit: - Protocol\Handler\https\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - Reg Error: Key error. File not found O18:64bit: - Protocol\Handler\https\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - Reg Error: Key error. File not found O18:64bit: - Protocol\Handler\msdaipp - No CLSID value found O18:64bit: - Protocol\Handler\msdaipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - Reg Error: Key error. File not found O18:64bit: - Protocol\Handler\msdaipp\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - Reg Error: Key error. File not found O18:64bit: - Protocol\Handler\mso-offdap11 {32505114-5902-49B2-880A-1F7738E5A384} - Reg Error: Key error. File not found O18:64bit: - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - Reg Error: Key error. File not found O18 - Protocol\Handler\http\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\SYSTEM\OLE DB\msdaipp.dll (Microsoft Corporation) O18 - Protocol\Handler\http\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\SYSTEM\OLE DB\msdaipp.dll (Microsoft Corporation) O18 - Protocol\Handler\https\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\SYSTEM\OLE DB\msdaipp.dll (Microsoft Corporation) O18 - Protocol\Handler\https\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\SYSTEM\OLE DB\msdaipp.dll (Microsoft Corporation) O18 - Protocol\Handler\msdaipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\SYSTEM\OLE DB\msdaipp.dll (Microsoft Corporation) O18 - Protocol\Handler\msdaipp\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\SYSTEM\OLE DB\msdaipp.dll (Microsoft Corporation) O18 - Protocol\Handler\mso-offdap11 {32505114-5902-49B2-880A-1F7738E5A384} - C:\PROGRA~2\COMMON~1\MICROS~1\WEBCOM~1\11\OWC11.DLL (Microsoft Corporation) O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~2\COMMON~1\Skype\SKYPE4~1.DLL (Skype Technologies) O18:64bit: - Protocol\Filter\text/xml {807553E5-5146-11D5-A672-00B0D022E945} - Reg Error: Key error. File not found O20:64bit: - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation) O20:64bit: - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\Windows\SysNative\SystemPropertiesPerformance.exe (Microsoft Corporation) O20:64bit: - HKLM Winlogon: VMApplet - (/pagefile) - File not found O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation) O20 - HKLM Winlogon: VMApplet - (/pagefile) - File not found O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - CLSID or File not found. O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - CLSID or File not found. O32 - HKLM CDRom: AutoRun - 1 O34 - HKLM BootExecute: (autocheck autochk *) - File not found O35:64bit: - HKLM\..comfile [open] -- "%1" %* O35:64bit: - HKLM\..exefile [open] -- "%1" %* O35 - HKLM\..comfile [open] -- "%1" %* O35 - HKLM\..exefile [open] -- "%1" %* O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %* O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %* O37 - HKLM\...com [@ = comfile] -- "%1" %* O37 - HKLM\...exe [@ = exefile] -- "%1" %* ========== Files/Folders - Created Within 30 Days ========== [2010.11.25 22:56:05 | 000,575,488 | ---- | C] (OldTimer Tools) -- C:\Users\*****\Desktop\OTL.exe [2010.11.25 00:03:43 | 000,000,000 | ---D | C] -- C:\Users\******\AppData\Roaming\Malwarebytes [2010.11.25 00:03:36 | 000,038,224 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\SysWow64\drivers\mbamswissarmy.sys [2010.11.25 00:03:35 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes [2010.11.25 00:03:34 | 000,024,664 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\SysNative\drivers\mbam.sys [2010.11.06 18:54:08 | 000,000,000 | ---D | C] -- C:\Programme\Common Files\ATI Technologies [2010.11.06 18:54:08 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\ATI Technologies [2010.10.27 06:09:29 | 000,961,024 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\CPFilters.dll [2010.10.27 06:09:29 | 000,641,536 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\CPFilters.dll [2010.10.27 06:09:29 | 000,552,960 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\msdri.dll [2010.10.27 06:09:29 | 000,288,256 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\MSNP.ax [2010.10.27 06:09:28 | 000,258,560 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\mpg2splt.ax [2010.10.27 06:09:28 | 000,204,288 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\MSNP.ax [2010.10.27 06:09:28 | 000,199,680 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\mpg2splt.ax [2010.10.27 06:09:22 | 000,027,008 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\Diskdump.sys ========== Files - Modified Within 30 Days ========== [2010.11.25 22:56:14 | 000,575,488 | ---- | M] (OldTimer Tools) -- C:\Users\******\Desktop\OTL.exe [2010.11.25 22:06:29 | 000,014,640 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0 [2010.11.25 22:06:29 | 000,014,640 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0 [2010.11.25 22:03:28 | 001,498,506 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI [2010.11.25 22:03:28 | 000,653,928 | ---- | M] () -- C:\Windows\SysNative\perfh007.dat [2010.11.25 22:03:28 | 000,615,810 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat [2010.11.25 22:03:28 | 000,129,800 | ---- | M] () -- C:\Windows\SysNative\perfc007.dat [2010.11.25 22:03:28 | 000,106,190 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat [2010.11.25 21:59:09 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat [2010.11.25 21:59:05 | 3214,188,544 | -HS- | M] () -- C:\hiberfil.sys [2010.11.25 00:03:38 | 000,000,686 | ---- | M] () -- C:\Users\Public\Desktop\Malwarebytes' Anti-Malware.lnk [2010.11.24 23:58:45 | 000,000,299 | ---- | M] () -- C:\Users\*****\default.htm [2010.11.24 21:00:46 | 000,024,064 | ---- | M] () -- C:\Users\*****\Documents\Hallo Hermes.doc [2010.11.21 03:56:35 | 000,234,280 | ---- | M] () -- C:\Windows\SysWow64\PnkBstrB.xtr [2010.11.21 03:56:35 | 000,234,280 | ---- | M] () -- C:\Windows\SysWow64\PnkBstrB.exe [2010.11.17 12:04:19 | 000,001,761 | ---- | M] () -- C:\Users\Public\Desktop\Adobe Reader 9.lnk [2010.11.16 10:39:55 | 000,025,088 | ---- | M] () -- C:\Users\******\Documents\Wechsel Stabilisator.doc [2010.11.02 00:05:26 | 000,000,000 | ---- | M] () -- C:\Windows\SysWow64\config.nt ========== Files Created - No Company Name ========== [2010.11.25 00:03:38 | 000,000,686 | ---- | C] () -- C:\Users\Public\Desktop\Malwarebytes' Anti-Malware.lnk [2010.11.24 23:58:45 | 000,000,299 | ---- | C] () -- C:\Users\*****\default.htm [2010.11.24 21:00:45 | 000,024,064 | ---- | C] () -- C:\Users\*****\Documents\Hallo Hermes.doc [2010.11.16 10:39:54 | 000,025,088 | ---- | C] () -- C:\Users\*****\Documents\Wechsel Stabilisator.doc [2010.03.06 18:20:40 | 000,000,056 | -H-- | C] () -- C:\ProgramData\ezsidmv.dat [2010.03.06 17:31:13 | 000,024,576 | R--- | C] () -- C:\Windows\SysWow64\AsIO.dll [2010.03.06 17:31:13 | 000,013,368 | R--- | C] () -- C:\Windows\SysWow64\drivers\AsIO.sys [2010.03.06 17:31:10 | 000,011,832 | ---- | C] () -- C:\Windows\SysWow64\drivers\AsInsHelp64.sys [2010.03.06 17:31:10 | 000,010,216 | ---- | C] () -- C:\Windows\SysWow64\drivers\AsInsHelp32.sys [2010.03.06 17:28:05 | 000,035,572 | ---- | C] () -- C:\Windows\Ascd_log.ini [2010.03.06 17:27:41 | 000,025,476 | ---- | C] () -- C:\Windows\Ascd_tmp.ini [2009.12.04 14:07:56 | 000,000,331 | ---- | C] () -- C:\Windows\game.ini [2009.12.04 12:32:40 | 000,000,400 | ---- | C] () -- C:\Windows\ODBC.INI [2009.07.14 00:42:10 | 000,064,000 | ---- | C] () -- C:\Windows\SysWow64\BWContextHandler.dll [2009.07.13 22:03:59 | 000,364,544 | ---- | C] () -- C:\Windows\SysWow64\msjetoledb40.dll [2009.04.02 13:30:14 | 000,010,296 | ---- | C] () -- C:\Windows\SysWow64\drivers\ASUSHWIO.SYS [2007.11.26 20:56:28 | 000,151,415 | ---- | C] () -- C:\Windows\SysWow64\xlive.dll.cat [2003.02.20 17:53:42 | 000,005,702 | ---- | C] () -- C:\Windows\SysWow64\OUTLPERF.INI ========== LOP Check ========== [2010.08.05 23:36:05 | 000,000,000 | ---D | M] -- C:\Users\*****\AppData\Roaming\ICQ [2010.03.06 17:10:37 | 000,000,000 | ---D | M] -- C:\Users\*****\AppData\Roaming\Opera [2010.03.17 15:25:31 | 000,000,000 | ---D | M] -- C:\Users\*****\AppData\Roaming\PrimoPDF [2010.03.06 17:10:38 | 000,000,000 | ---D | M] -- C:\Users\*****\AppData\Roaming\Razer [2010.03.07 00:42:16 | 000,000,000 | ---D | M] -- C:\Users\*****\AppData\Roaming\streamripper [2010.09.20 18:02:43 | 000,000,000 | ---D | M] -- C:\Users\*****\AppData\Roaming\Thunderbird [2010.06.09 14:11:57 | 000,000,000 | ---D | M] -- C:\Users\*****\AppData\Roaming\UDC Profiles [2010.11.12 13:10:48 | 000,032,632 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT ========== Purity Check ========== < End of report > |
![]() |
Themen zu spyware.passwords.xgen |
0x00000001, anti-malware, appdata, avast, avast!, awareness, c:\windows, c:\windows\system32\rundll32.exe, call of duty, cleaner pro, code, dateien, error, excel.exe, explorer, forum, html, ieframe.dll, install.exe, langs, link, location, log, löschen, malwarebytes, mozilla thunderbird, netzwerklistendienst, nicht gefunden, oldtimer, opera.exe, otl logfile, otl.exe, plug-in, programdata, richtlinie, roaming, saver, scan, shell32.dll, shortcut, system, system32, syswow64, temp, vdeck.exe, verdacht, viren, vlc media player, webcheck, werfault.exe, win, win32, win7 |