|
Log-Analyse und Auswertung: Trojana IE Explorer Hijackthis Log auswerten.Windows 7 Wenn Du Dir einen Trojaner eingefangen hast oder ständig Viren Warnungen bekommst, kannst Du hier die Logs unserer Diagnose Tools zwecks Auswertung durch unsere Experten posten. Um Viren und Trojaner entfernen zu können, muss das infizierte System zuerst untersucht werden: Erste Schritte zur Hilfe. Beachte dass ein infiziertes System nicht vertrauenswürdig ist und bis zur vollständigen Entfernung der Malware nicht verwendet werden sollte.XML. |
11.12.2010, 17:17 | #1 |
| Trojana IE Explorer Hijackthis Log auswerten. HiJackthis Logfile: Code:
ATTFilter Logfile of Trend Micro HijackThis v2.0.4 Scan saved at 17:08:31, on 11.12.2010 Platform: Windows 7 (WinNT 6.00.3504) MSIE: Internet Explorer v8.00 (8.00.7600.16671) Boot mode: Normal Running processes: C:\Windows\system32\Dwm.exe C:\Windows\Explorer.EXE C:\Windows\system32\taskhost.exe C:\Program Files\Launch Manager\HotkeyApp.exe C:\Program Files\Launch Manager\OSD.exe C:\Program Files\Launch Manager\WButton.exe C:\Program Files\Synaptics\SynTP\SynTPEnh.exe C:\Program Files\CyberLink\Power2Go\CLMLSvc.exe C:\Program Files\Realtek\Audio\HDA\RtHDVCpl.exe C:\Program Files\Realtek\Audio\HDA\RtHDVBg.exe C:\Windows\System32\igfxtray.exe C:\Windows\System32\hkcmd.exe C:\Windows\system32\igfxsrvc.exe C:\Windows\System32\igfxpers.exe C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe C:\Program Files\pdf24\pdf24.exe C:\Program Files\DivX\DivX Update\DivXUpdate.exe C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2010\avp.exe C:\Program Files\Common Files\Real\Update_OB\realsched.exe C:\Program Files\HP\HP Software Update\hpwuSchd2.exe C:\Program Files\HTC\HTC Sync 3.0\htcUPCTLoader.exe C:\Program Files\Windows Sidebar\sidebar.exe C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe C:\Program Files\HP\Digital Imaging\bin\hpqSTE08.exe C:\Program Files\HP\Digital Imaging\bin\hpqbam08.exe C:\Program Files\HP\Digital Imaging\bin\hpqgpc01.exe C:\Windows\system32\wuauclt.exe C:\Windows\system32\rundll32.exe C:\Users\****\AppData\Local\Temp\tmp231cda6c\KillEXE.exe C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2010\klwtblfs.exe C:\Program Files\Microsoft Silverlight\4.0.50917.0\agcp.exe C:\Users\***\AppData\Local\Temp\Ofj.exe C:\Program Files\HP\Digital Imaging\smart web printing\hpswp_clipbook.exe C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\plugin-container.exe C:\Users\***\AppData\Local\Temp\Ofl.exe C:\Users\***\AppData\Local\Temp\Ofm.exe C:\Program Files\Trend Micro\HiJackThis\HiJackThis.exe C:\Windows\system32\DllHost.exe R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://www.aldi.com R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://go.microsoft.com/fwlink/?LinkId=54896 R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://start.icq.com/ R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://go.microsoft.com/fwlink/?LinkId=69157 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = hxxp://go.microsoft.com/fwlink/?LinkId=54896 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://go.microsoft.com/fwlink/?LinkId=54896 R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://go.microsoft.com/fwlink/?LinkId=69157 R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch = R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = ;;;<local> R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = R3 - URLSearchHook: ICQToolBar - {855F3B16-6D32-4fe6-8A56-BBB695989046} - C:\Program Files\ICQ6Toolbar\ICQToolBar.dll R3 - URLSearchHook: (no name) - - (no file) O2 - BHO: HP Print Enhancer - {0347C33E-8762-4905-BF09-768834316C61} - C:\Program Files\HP\Digital Imaging\Smart Web Printing\hpswp_printenhancer.dll O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll O2 - BHO: RealPlayer Download and Record Plugin for Internet Explorer - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\IE\rpbrowserrecordplugin.dll O2 - BHO: IEVkbdBHO - {59273AB4-E7D3-40F9-A1A8-6FA9CCA1862C} - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2010\ievkbd.dll O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - (no file) O2 - BHO: Search Helper - {6EBF7485-159F-4bff-A14F-B9E3AAC4465B} - C:\Program Files\Microsoft\Search Enhancement Pack\Search Helper\SEPsearchhelperie.dll O2 - BHO: Windows Live Anmelde-Hilfsprogramm - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll O2 - BHO: Windows Live Toolbar Helper - {E15A8DC0-8516-42A1-81EA-DC94EC1ACF10} - C:\Program Files\Windows Live\Toolbar\wltcore.dll O2 - BHO: link filter bho - {E33CF602-D945-461A-83F0-819F76A199F8} - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2010\klwtbbho.dll O2 - BHO: HP Smart BHO Class - {FFFFFFFF-CF4E-4F2B-BDC2-0E72E116A856} - C:\Program Files\HP\Digital Imaging\Smart Web Printing\hpswp_BHO.dll O3 - Toolbar: &Windows Live Toolbar - {21FA44EF-376D-4D53-9B0F-8A89D3229068} - C:\Program Files\Windows Live\Toolbar\wltcore.dll O3 - Toolbar: ICQToolBar - {855F3B16-6D32-4FE6-8A56-BBB695989046} - C:\Program Files\ICQ6Toolbar\ICQToolBar.dll O4 - HKLM\..\Run: [HotkeyApp] "C:\Program Files\Launch Manager\HotkeyApp.exe" O4 - HKLM\..\Run: [LMgrVolOSD] "C:\Program Files\Launch Manager\OSD.exe" O4 - HKLM\..\Run: [LMgrOSD] "C:\Program Files\Launch Manager\OSDCtrl.exe" O4 - HKLM\..\Run: [Wbutton] "C:\Program Files\Launch Manager\Wbutton.exe" O4 - HKLM\..\Run: [SynTPEnh] %ProgramFiles%\Synaptics\SynTP\SynTPEnh.exe O4 - HKLM\..\Run: [CLMLServer] "C:\Program Files\CyberLink\Power2Go\CLMLSvc.exe" O4 - HKLM\..\Run: [PDVD9LanguageShortcut] "C:\Program Files\CyberLink\PowerDVD9\Language\Language.exe" O4 - HKLM\..\Run: [UCam_Menu] "C:\Program Files\CyberLink\YouCam\MUITransfer\MUIStartMenu.exe" "C:\Program Files\CyberLink\YouCam" UpdateWithCreateOnce "Software\CyberLink\YouCam\3.0" O4 - HKLM\..\Run: [RtHDVCpl] C:\Program Files\Realtek\Audio\HDA\RtHDVCpl.exe -s O4 - HKLM\..\Run: [RtHDVBg] C:\Program Files\Realtek\Audio\HDA\RtHDVBg.exe /FORPCEE3 O4 - HKLM\..\Run: [IgfxTray] C:\Windows\system32\igfxtray.exe O4 - HKLM\..\Run: [HotKeysCmds] C:\Windows\system32\hkcmd.exe O4 - HKLM\..\Run: [Persistence] C:\Windows\system32\igfxpers.exe O4 - HKLM\..\Run: [IAStorIcon] C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\Windows\system32\NvCpl.dll,NvStartup O4 - HKLM\..\Run: [PDFPrint] C:\Program Files\pdf24\pdf24.exe O4 - HKLM\..\Run: [DivXUpdate] "C:\Program Files\DivX\DivX Update\DivXUpdate.exe" /CHECKNOW O4 - HKLM\..\Run: [AVP] "C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2010\avp.exe" O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\HP\HP Software Update\HPWuSchd2.exe O4 - HKLM\..\Run: [AdobeAAMUpdater-1.0] "C:\Program Files\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe" O4 - HKLM\..\Run: [HTC Sync Loader] "C:\Program Files\HTC\HTC Sync 3.0\htcUPCTLoader.exe" -startup O4 - HKLM\..\Run: [AdobeCS5ServiceManager] "C:\Program Files\Common Files\Adobe\CS5ServiceManager\CS5ServiceManager.exe" -launchedbylogin O4 - HKLM\..\RunOnce: [Malwarebytes' Anti-Malware] C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe /install /silent O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\Windows Live\Messenger\msnmsgr.exe" /background O4 - HKCU\..\Run: [Sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun O4 - HKCU\..\Run: [ICQ] "C:\Program Files\ICQ7.0\ICQ.exe" silent loginmode=4 O4 - HKCU\..\Run: [lrodwv] rundll32 "C:\Users\****\AppData\Roaming\MP3DMOD8.dll",WFGCVY O4 - HKCU\..\Run: [JP595IR86O] C:\Users\****\AppData\Local\Temp\Ofl.exe O4 - HKCU\..\Run: [{F73ADF44-D944-82F7-7915-DBF6AC7BAABA}] C:\Users\***\AppData\Roaming\Faatke\emikl.exe O4 - Startup: Adobe Gamma.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe O4 - Global Startup: DRSpawner.lnk = C:\ProgramData\ASGvis\DRSpawner\DRSpawner.exe O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe O8 - Extra context menu item: Add to Anti-Banner - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2010\ie_banner_deny.htm O8 - Extra context menu item: Nach Microsoft E&xel exportieren - res://C:\PROGRA~1\MICROS~3\Office12\EXCEL.EXE/3000 O9 - Extra button: eBay - Der weltweite Online-Marktplatz - {0B65DCC9-1740-43dc-B19C-4F309FB6A6CA} - hxxp://rover.ebay.com/rover/1/707-37276-17534-31/4 (file missing) O9 - Extra 'Tools' menuitem: eBay - {0B65DCC9-1740-43dc-B19C-4F309FB6A6CA} - hxxp://rover.ebay.com/rover/1/707-37276-17534-31/4 (file missing) O9 - Extra button: In Blog veröffentlichen - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll O9 - Extra 'Tools' menuitem: In Windows Live Writer in Blog veröffentliche&n - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll O9 - Extra button: An OneNote senden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~3\Office12\ONBttnIE.dll O9 - Extra 'Tools' menuitem: An OneNote s&enden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~3\Office12\ONBttnIE.dll O9 - Extra button: &Virtual keyboard - {4248FE82-7FCB-46AC-B270-339F08212110} - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2010\klwtbbho.dll O9 - Extra button: ICQ7 - {88EB38EF-4D2C-436D-ABD3-56B232674062} - C:\Program Files\ICQ7.0\ICQ.exe O9 - Extra 'Tools' menuitem: ICQ7 - {88EB38EF-4D2C-436D-ABD3-56B232674062} - C:\Program Files\ICQ7.0\ICQ.exe O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~3\Office12\REFIEBAR.DLL O9 - Extra button: URLs c&heck - {CCF151D8-D089-449F-A5A4-D9909053F20F} - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2010\klwtbbho.dll O9 - Extra button: HP Smart Web Printing ein- oder ausblenden - {DDE87865-83C5-48c4-8357-2F5B1AA84522} - C:\Program Files\HP\Digital Imaging\Smart Web Printing\hpswp_BHO.dll O9 - Extra button: eBay - Der weltweite Online-Marktplatz - {0B65DCC9-1740-43dc-B19C-4F309FB6A6CA} - hxxp://rover.ebay.com/rover/1/707-37276-17534-31/4 (file missing) (HKCU) O9 - Extra 'Tools' menuitem: eBay - {0B65DCC9-1740-43dc-B19C-4F309FB6A6CA} - hxxp://rover.ebay.com/rover/1/707-37276-17534-31/4 (file missing) (HKCU) O16 - DPF: {20A60F0D-9AFA-4515-A0FD-83BD84642501} (Checkers Class) - hxxp://messenger.zone.msn.com/binary/msgrchkr.cab56986.cab O16 - DPF: {32C3FEAE-0877-4767-8C20-62A5829A0945} (FBootloaderAX) - hxxp://static.ak.facebook.com/fbplugin/win32/axfbootloader.cab O16 - DPF: {5D6F45B3-9043-443D-A792-115447494D24} (UnoCtrl Class) - hxxp://messenger.zone.msn.com/MessengerGamesContent/GameContent/de/uno1/GAME_UNO1.cab O16 - DPF: {8100D56A-5661-482C-BEE8-AFECE305D968} (Facebook Photo Uploader 5 Control) - hxxp://upload.facebook.com/controls/2009.07.28_v5.5.8.1/FacebookPhotoUploader55.cab O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - hxxp://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab56907.cab O16 - DPF: {E77F23EB-E7AB-4502-8F37-247DBAF1A147} (Windows Live Hotmail Photo Upload Tool) - hxxp://gfx1.hotmail.com/mail/w4/pr01/photouploadcontrol/VistaMSNPUpldde-de.cab O20 - AppInit_DLLs: C:\Windows\system32\nvinit.dll,C:\PROGRA~1\KASPER~1\KASPER~1\mzvkbd3.dll,C:\PROGRA~1\KASPER~1\KASPER~1\kloehk.dll O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe O23 - Service: Kaspersky Internet Security (AVP) - Kaspersky Lab - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2010\avp.exe O23 - Service: FABS - Helping agent for MAGIX media database (Fabs) - MAGIX AG - C:\Program Files\Common Files\MAGIX Services\Database\bin\FABS.exe O23 - Service: Firebird Server - MAGIX Instance (FirebirdServerMAGIXInstance) - MAGIX® - C:\Program Files\Common Files\MAGIX Services\Database\bin\fbserver.exe O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe O23 - Service: Google Update Service (gupdate) (gupdate) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe O23 - Service: Intel(R) Rapid Storage Technology (IAStorDataMgrSvc) - Intel Corporation - C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe O23 - Service: ICQ Service - Unknown owner - C:\Program Files\ICQ6Toolbar\ICQ Service.exe O23 - Service: Intel(R) Management and Security Application Local Management Service (LMS) - Intel Corporation - C:\Program Files\Intel\Intel(R) Management Engine Components\LMS\LMS.exe O23 - Service: MSC.Licensing 9.2 - Macrovision Corporation - C:\MSC.Software\MSC.Licensing\9.2\lmgrd.exe O23 - Service: NVIDIA Display Driver Service (nvsvc) - NVIDIA Corporation - C:\Windows\system32\nvvsvc.exe O23 - Service: Internet Pass-Through Service (PassThru Service) - Unknown owner - C:\Program Files\HTC\Internet Pass-Through\PassThruSvr.exe O23 - Service: ProtexisLicensing - Unknown owner - C:\Windows\system32\PSIService.exe O23 - Service: Cluster Manager Service V2 (rcluma) - Unknown owner - C:\Windows\system32\rclumad.exe O23 - Service: Cyberlink RichVideo Service(CRVS) (RichVideo) - Unknown owner - C:\Program Files\CyberLink\Shared files\RichVideo.exe O23 - Service: Remote Packet Capture Protocol v.0 (experimental) (rpcapd) - Unknown owner - C:\Program Files\WinPcap\rpcapd.exe (file missing) O23 - Service: TeamViewer 5 (TeamViewer5) - TeamViewer GmbH - C:\Program Files\TeamViewer\Version5\TeamViewer_Service.exe O23 - Service: TeamViewer 6 (TeamViewer6) - TeamViewer GmbH - C:\Program Files\TeamViewer\Version6\TeamViewer_Service.exe O23 - Service: Intel(R) Management & Security Application User Notification Service (UNS) - Intel Corporation - C:\Program Files\Intel\Intel(R) Management Engine Components\UNS\UNS.exe O23 - Service: WisLMSvc - Wistron Corp. - C:\Program Files\Launch Manager\WisLMSvc.exe O23 - Service: MSC.Licensing 9.2 - Macrovision Corporation - C:\MSC.Software\MSC.Licensing\9.2\lmgrd.exe O23 - Service: NVIDIA Display Driver Service (nvsvc) - NVIDIA Corporation - C:\Windows\system32\nvvsvc.exe O23 - Service: Internet Pass-Through Service (PassThru Service) - Unknown owner - C:\Program Files\HTC\Internet Pass-Through\PassThruSvr.exe O23 - Service: ProtexisLicensing - Unknown owner - C:\Windows\system32\PSIService.exe O23 - Service: Cluster Manager Service V2 (rcluma) - Unknown owner - C:\Windows\system32\rclumad.exe O23 - Service: Cyberlink RichVideo Service(CRVS) (RichVideo) - Unknown owner - C:\Program Files\CyberLink\Shared files\RichVideo.exe O23 - Service: Remote Packet Capture Protocol v.0 (experimental) (rpcapd) - Unknown owner - C:\Program Files\WinPcap\rpcapd.exe (file missing) O23 - Service: TeamViewer 5 (TeamViewer5) - TeamViewer GmbH - C:\Program Files\TeamViewer\Version5\TeamViewer_Service.exe O23 - Service: TeamViewer 6 (TeamViewer6) - TeamViewer GmbH - C:\Program Files\TeamViewer\Version6\TeamViewer_Service.exe O23 - Service: Intel(R) Management & Security Application User Notification Service (UNS) - Intel Corporation - C:\Program Files\Intel\Intel(R) Management Engine Components\UNS\UNS.exe O23 - Service: WisLMSvc - Wistron Corp. - C:\Program Files\Launch Manager\WisLMSvc.exe -- End of file - 15687 bytes Ich bin gerade noch dabei mit dem Programm Malwarebytes das System zu duchsuchen, jedoch ist der schon seit 2 Stunden dabei....... Falls ihr davon die Auswertung braucht, einfach bescheid geben. |
11.12.2010, 17:32 | #2 |
/// Malware-holic | Trojana IE Explorer Hijackthis Log auswerten. 1. immer genaue beschreibungen.
__________________2. nimm keinerlei reinigung selbstständig vor, sonst ist das nur störend. 3. reiche alle evtl vorhandenen scan logs nach. 4. ootl: Systemscan mit OTL download otl: http://filepony.de/download-otl/ Doppelklick auf die OTL.exe (user von Windows 7 und Vista: Rechtsklick als Administrator ausführen) 1. Oben findest Du ein Kästchen mit Output. Wähle bitte Minimal Output 2. Hake an "scan all users" 3. Unter "Extra Registry wähle: "Use Safelist" "LOP Check" "Purity Check" 4. Kopiere in die Textbox: netsvcs msconfig safebootminimal safebootnetwork activex drivers32 %ALLUSERSPROFILE%\Application Data\*. %ALLUSERSPROFILE%\Application Data\*.exe /s %APPDATA%\*. %APPDATA%\*.exe /s %SYSTEMDRIVE%\*.exe /md5start userinit.exe eventlog.dll scecli.dll netlogon.dll cngaudit.dll ws2ifsl.sys sceclt.dll ntelogon.dll winlogon.exe logevent.dll user32.DLL explorer.exe iaStor.sys nvstor.sys atapi.sys IdeChnDr.sys viasraid.sys AGP440.sys vaxscsi.sys nvatabus.sys viamraid.sys nvata.sys nvgts.sys iastorv.sys ViPrt.sys eNetHook.dll ahcix86.sys KR10N.sys nvstor32.sys ahcix86s.sys /md5stop %systemroot%\system32\drivers\*.sys /lockedfiles %systemroot%\System32\config\*.sav %systemroot%\*. /mp /s %systemroot%\system32\*.dll /lockedfiles CREATERESTOREPOINT 5. Klicke "Scan" 6. 2 reporte werden erstellt: OTL.Txt Extras.Txt
__________________ |
11.12.2010, 18:40 | #3 |
| Trojana IE Explorer Hijackthis Log auswerten. Hallo,
__________________hier schon mal die otl.txt datei OTL Logfile: Code:
ATTFilter OTL logfile created on: 11.12.2010 18:16:56 - Run 1 OTL by OldTimer - Version 3.2.17.3 Folder = C:\Users\Adi\Downloads Home Premium Edition (Version = 6.1.7600) - Type = NTWorkstation Internet Explorer (Version = 8.0.7600.16385) Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy 3,00 Gb Total Physical Memory | 2,00 Gb Available Physical Memory | 62,00% Memory free 6,00 Gb Paging File | 5,00 Gb Available in Paging File | 77,00% Paging File free Paging file location(s): ?:\pagefile.sys [binary data] %SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files Drive C: | 424,66 Gb Total Space | 315,33 Gb Free Space | 74,25% Space Free | Partition Type: NTFS Drive D: | 40,00 Gb Total Space | 30,14 Gb Free Space | 75,36% Space Free | Partition Type: NTFS Drive E: | 7,86 Gb Total Space | 0,00 Gb Free Space | 0,00% Space Free | Partition Type: UDF Computer Name: ADI-PC | User Name: Adi | Logged in as Administrator. Boot Mode: Normal | Scan Mode: All users Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days ========== Processes (SafeList) ========== PRC - C:\Users\Adi\Downloads\OTL.exe (OldTimer Tools) PRC - C:\Programme\TeamViewer\Version6\TeamViewer_Service.exe (TeamViewer GmbH) PRC - C:\Programme\Mozilla Firefox\firefox.exe (Mozilla Corporation) PRC - C:\Programme\HTC\HTC Sync 3.0\htcUPCTLoader.exe () PRC - C:\Programme\ICQ7.0\ICQ.exe (ICQ, LLC.) PRC - C:\Programme\HTC\Internet Pass-Through\PassThruSvr.exe () PRC - C:\Programme\Common Files\Real\Update_OB\realsched.exe (RealNetworks, Inc.) PRC - C:\Programme\TeamViewer\Version5\TeamViewer_Service.exe (TeamViewer GmbH) PRC - C:\Programme\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe (Microsoft Corporation) PRC - C:\Programme\DivX\DivX Update\DivXUpdate.exe () PRC - C:\Programme\pdf24\pdf24.exe (Geek Software GmbH) PRC - C:\Programme\Launch Manager\WButton.exe (Wistron Corp.) PRC - C:\Programme\Realtek\Audio\HDA\RtHDVCpl.exe (Realtek Semiconductor) PRC - C:\Programme\Realtek\Audio\HDA\RtHDVBg.exe (Realtek Semiconductor) PRC - C:\Programme\ICQ6Toolbar\ICQ Service.exe () PRC - C:\Programme\Launch Manager\HotkeyApp.exe (Wistron) PRC - C:\Programme\Launch Manager\OSD.exe (Wistron Corp.) PRC - C:\Programme\Intel\Intel(R) Management Engine Components\UNS\UNS.exe (Intel Corporation) PRC - C:\Programme\Intel\Intel(R) Management Engine Components\LMS\LMS.exe (Intel Corporation) PRC - C:\Programme\CyberLink\Power2Go\CLMLSvc.exe (CyberLink) PRC - C:\Windows\explorer.exe (Microsoft Corporation) PRC - C:\Programme\Launch Manager\WisLMSvc.exe (Wistron Corp.) PRC - C:\Programme\Kaspersky Lab\Kaspersky Internet Security 2010\avp.exe (Kaspersky Lab) PRC - C:\Programme\Kaspersky Lab\Kaspersky Internet Security 2010\klwtblfs.exe (Kaspersky Lab) PRC - C:\Programme\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe (Intel Corporation) PRC - C:\Programme\Windows Media Player\wmpnetwk.exe (Microsoft Corporation) PRC - C:\Windows\System32\taskhost.exe (Microsoft Corporation) PRC - C:\Programme\Windows Sidebar\sidebar.exe (Microsoft Corporation) PRC - C:\Windows\System32\conhost.exe (Microsoft Corporation) PRC - C:\Programme\Common Files\MAGIX Services\Database\bin\FABS.exe (MAGIX AG) PRC - C:\Windows\System32\PSIService.exe () PRC - C:\Windows\System32\rclumad.exe () ========== Modules (SafeList) ========== MOD - C:\Users\Adi\Downloads\OTL.exe (OldTimer Tools) MOD - C:\Windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7600.16661_none_420fe3fa2b8113bd\comctl32.dll (Microsoft Corporation) MOD - C:\Windows\System32\nvinit.dll (NVIDIA Corporation) MOD - C:\Windows\System32\sspicli.dll (Microsoft Corporation) MOD - C:\Windows\System32\sechost.dll (Microsoft Corporation) MOD - C:\Windows\System32\samcli.dll (Microsoft Corporation) MOD - C:\Windows\System32\profapi.dll (Microsoft Corporation) MOD - C:\Windows\System32\netutils.dll (Microsoft Corporation) MOD - C:\Windows\System32\KernelBase.dll (Microsoft Corporation) MOD - C:\Windows\System32\dwmapi.dll (Microsoft Corporation) MOD - C:\Windows\System32\devobj.dll (Microsoft Corporation) MOD - C:\Windows\System32\cryptbase.dll (Microsoft Corporation) MOD - C:\Windows\System32\cfgmgr32.dll (Microsoft Corporation) ========== Win32 Services (SafeList) ========== SRV - (rpcapd) Remote Packet Capture Protocol v.0 (experimental) -- C:\Program Files\WinPcap\rpcapd.exe -d -f %ProgramFiles%\WinPcap\rpcapd.ini File not found SRV - (Akamai) -- c:\Programme\Common Files\Akamai\netsession_win_aeec0f0.dll () SRV - (TeamViewer6) -- C:\Programme\TeamViewer\Version6\TeamViewer_Service.exe (TeamViewer GmbH) SRV - (WatAdminSvc) -- C:\Windows\System32\Wat\WatAdminSvc.exe (Microsoft Corporation) SRV - (PassThru Service) -- C:\Programme\HTC\Internet Pass-Through\PassThruSvr.exe () SRV - (TeamViewer5) -- C:\Program Files\TeamViewer\Version5\TeamViewer_Service.exe (TeamViewer GmbH) SRV - (SeaPort) -- C:\Program Files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe (Microsoft Corporation) SRV - (FLEXnet Licensing Service) -- C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe (Macrovision Europe Ltd.) SRV - (ICQ Service) -- C:\Programme\ICQ6Toolbar\ICQ Service.exe () SRV - (UNS) Intel(R) -- C:\Program Files\Intel\Intel(R) Management Engine Components\UNS\UNS.exe (Intel Corporation) SRV - (LMS) Intel(R) -- C:\Programme\Intel\Intel(R) Management Engine Components\LMS\LMS.exe (Intel Corporation) SRV - (WisLMSvc) -- C:\Program Files\Launch Manager\WisLMSvc.exe (Wistron Corp.) SRV - (AVP) -- C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2010\avp.exe (Kaspersky Lab) SRV - (IAStorDataMgrSvc) Intel(R) -- C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe (Intel Corporation) SRV - (WwanSvc) -- C:\Windows\System32\wwansvc.dll (Microsoft Corporation) SRV - (WbioSrvc) -- C:\Windows\System32\wbiosrvc.dll (Microsoft Corporation) SRV - (Power) -- C:\Windows\System32\umpo.dll (Microsoft Corporation) SRV - (Themes) -- C:\Windows\System32\themeservice.dll (Microsoft Corporation) SRV - (sppuinotify) -- C:\Windows\System32\sppuinotify.dll (Microsoft Corporation) SRV - (RpcEptMapper) -- C:\Windows\System32\RpcEpMap.dll (Microsoft Corporation) SRV - (SensrSvc) -- C:\Windows\System32\sensrsvc.dll (Microsoft Corporation) SRV - (PNRPsvc) -- C:\Windows\System32\pnrpsvc.dll (Microsoft Corporation) SRV - (p2pimsvc) -- C:\Windows\System32\pnrpsvc.dll (Microsoft Corporation) SRV - (HomeGroupProvider) -- C:\Windows\System32\provsvc.dll (Microsoft Corporation) SRV - (PNRPAutoReg) -- C:\Windows\System32\pnrpauto.dll (Microsoft Corporation) SRV - (WinDefend) -- C:\Programme\Windows Defender\MpSvc.dll (Microsoft Corporation) SRV - (HomeGroupListener) -- C:\Windows\System32\ListSvc.dll (Microsoft Corporation) SRV - (FontCache) -- C:\Windows\System32\FntCache.dll (Microsoft Corporation) SRV - (Dhcp) -- C:\Windows\System32\dhcpcore.dll (Microsoft Corporation) SRV - (defragsvc) -- C:\Windows\System32\defragsvc.dll (Microsoft Corporation) SRV - (BDESVC) -- C:\Windows\System32\bdesvc.dll (Microsoft Corporation) SRV - (AxInstSV) ActiveX-Installer (AxInstSV) -- C:\Windows\System32\AxInstSv.dll (Microsoft Corporation) SRV - (AppIDSvc) -- C:\Windows\System32\appidsvc.dll (Microsoft Corporation) SRV - (sppsvc) -- C:\Windows\System32\sppsvc.exe (Microsoft Corporation) SRV - (Fabs) -- C:\Program Files\Common Files\MAGIX Services\Database\bin\FABS.exe (MAGIX AG) SRV - (FirebirdServerMAGIXInstance) -- C:\Program Files\Common Files\MAGIX Services\Database\bin\fbserver.exe (MAGIX®) SRV - (ProtexisLicensing) -- C:\Windows\System32\PSIService.exe () SRV - (rcluma) -- C:\Windows\System32\rclumad.exe () SRV - (MSC.Licensing 9.2) -- C:\MSC.Software\MSC.Licensing\9.2\lmgrd.exe (Macrovision Corporation) ========== Driver Services (SafeList) ========== DRV - (USBCCID) -- C:\Windows\System32\DRIVERS\RtsUCcid.sys File not found DRV - (RtsUIR) -- C:\Windows\System32\DRIVERS\Rts516xIR.sys File not found DRV - (NPF) -- C:\Windows\System32\drivers\npf.sys File not found DRV - (htcnprot) -- C:\Windows\System32\drivers\htcnprot.sys (Windows (R) Win 7 DDK provider) DRV - (KLIF) -- C:\Windows\System32\drivers\klif.sys (Kaspersky Lab) DRV - (nvlddmkm) -- C:\Windows\System32\drivers\nvlddmkm.sys (NVIDIA Corporation) DRV - (IntcAzAudAddService) Service for Realtek HD Audio (WDM) -- C:\Windows\System32\drivers\RTKVHDA.sys (Realtek Semiconductor Corp.) DRV - (rtl8192se) -- C:\Windows\System32\drivers\rtl8192se.sys (Realtek Semiconductor Corporation ) DRV - (KSecPkg) -- C:\Windows\System32\Drivers\ksecpkg.sys (Microsoft Corporation) DRV - (SynTP) -- C:\Windows\system32\DRIVERS\SynTP.sys (Synaptics Incorporated) DRV - (igfx) -- C:\Windows\System32\drivers\igdkmd32.sys (Intel Corporation) DRV - (L1C) -- C:\Windows\System32\drivers\L1C62x86.sys (Atheros Communications, Inc.) DRV - (IntcDAud) Intel(R) -- C:\Windows\System32\drivers\IntcDAud.sys (Intel(R) Corporation) DRV - (Impcd) -- C:\Windows\system32\DRIVERS\Impcd.sys (Intel Corporation) DRV - (klbg) -- C:\Windows\system32\drivers\klbg.sys (Kaspersky Lab) DRV - (klmouflt) -- C:\Windows\System32\drivers\klmouflt.sys (Kaspersky Lab) DRV - (iaStor) -- C:\Windows\system32\DRIVERS\iaStor.sys (Intel Corporation) DRV - (HECI) Intel(R) -- C:\Windows\system32\DRIVERS\HECI.sys (Intel Corporation) DRV - (KLIM6) -- C:\Windows\System32\drivers\klim6.sys (Kaspersky Lab) DRV - (kl1) -- C:\Windows\System32\drivers\kl1.sys (Kaspersky Lab) DRV - (RSUSBSTOR) -- C:\Windows\System32\Drivers\RtsUStor.sys (Realtek Semiconductor Corp.) DRV - (cmdide) -- C:\Windows\system32\DRIVERS\cmdide.sys (CMD Technology, Inc.) DRV - (adpahci) -- C:\Windows\system32\DRIVERS\adpahci.sys (Adaptec, Inc.) DRV - (adp94xx) -- C:\Windows\system32\DRIVERS\adp94xx.sys (Adaptec, Inc.) DRV - (amdsbs) -- C:\Windows\system32\DRIVERS\amdsbs.sys (AMD Technologies Inc.) DRV - (adpu320) -- C:\Windows\system32\DRIVERS\adpu320.sys (Adaptec, Inc.) DRV - (arcsas) -- C:\Windows\system32\DRIVERS\arcsas.sys (Adaptec, Inc.) DRV - (amdsata) -- C:\Windows\system32\DRIVERS\amdsata.sys (Advanced Micro Devices) DRV - (arc) -- C:\Windows\system32\DRIVERS\arc.sys (Adaptec, Inc.) DRV - (amdxata) -- C:\Windows\system32\DRIVERS\amdxata.sys (Advanced Micro Devices) DRV - (aliide) -- C:\Windows\system32\DRIVERS\aliide.sys (Acer Laboratories Inc.) DRV - (nvstor) -- C:\Windows\system32\DRIVERS\nvstor.sys (NVIDIA Corporation) DRV - (nvraid) -- C:\Windows\system32\DRIVERS\nvraid.sys (NVIDIA Corporation) DRV - (nfrd960) -- C:\Windows\system32\DRIVERS\nfrd960.sys (IBM Corporation) DRV - (LSI_SAS) -- C:\Windows\system32\DRIVERS\lsi_sas.sys (LSI Corporation) DRV - (iaStorV) -- C:\Windows\system32\DRIVERS\iaStorV.sys (Intel Corporation) DRV - (MegaSR) -- C:\Windows\system32\DRIVERS\MegaSR.sys (LSI Corporation, Inc.) DRV - (LSI_SCSI) -- C:\Windows\system32\DRIVERS\lsi_scsi.sys (LSI Corporation) DRV - (LSI_FC) -- C:\Windows\system32\DRIVERS\lsi_fc.sys (LSI Corporation) DRV - (LSI_SAS2) -- C:\Windows\system32\DRIVERS\lsi_sas2.sys (LSI Corporation) DRV - (iirsp) -- C:\Windows\system32\DRIVERS\iirsp.sys (Intel Corp./ICP vortex GmbH) DRV - (megasas) -- C:\Windows\system32\DRIVERS\megasas.sys (LSI Corporation) DRV - (hwpolicy) -- C:\Windows\System32\drivers\hwpolicy.sys (Microsoft Corporation) DRV - (elxstor) -- C:\Windows\system32\DRIVERS\elxstor.sys (Emulex) DRV - (aic78xx) -- C:\Windows\system32\DRIVERS\djsvs.sys (Adaptec, Inc.) DRV - (HpSAMD) -- C:\Windows\system32\DRIVERS\HpSAMD.sys (Hewlett-Packard Company) DRV - (FsDepends) -- C:\Windows\System32\drivers\fsdepends.sys (Microsoft Corporation) DRV - (vsmraid) -- C:\Windows\system32\DRIVERS\vsmraid.sys (VIA Technologies Inc.,Ltd) DRV - (vhdmp) -- C:\Windows\system32\DRIVERS\vhdmp.sys (Microsoft Corporation) DRV - (vdrvroot) -- C:\Windows\system32\DRIVERS\vdrvroot.sys (Microsoft Corporation) DRV - (WIMMount) -- C:\Windows\System32\drivers\wimmount.sys (Microsoft Corporation) DRV - (viaide) -- C:\Windows\system32\DRIVERS\viaide.sys (VIA Technologies, Inc.) DRV - (ql2300) -- C:\Windows\system32\DRIVERS\ql2300.sys (QLogic Corporation) DRV - (rdyboost) -- C:\Windows\System32\drivers\rdyboost.sys (Microsoft Corporation) DRV - (ql40xx) -- C:\Windows\system32\DRIVERS\ql40xx.sys (QLogic Corporation) DRV - (SiSRaid4) -- C:\Windows\system32\DRIVERS\sisraid4.sys (Silicon Integrated Systems) DRV - (pcw) -- C:\Windows\System32\drivers\pcw.sys (Microsoft Corporation) DRV - (SiSRaid2) -- C:\Windows\system32\DRIVERS\SiSRaid2.sys (Silicon Integrated Systems Corp.) DRV - (stexstor) -- C:\Windows\system32\DRIVERS\stexstor.sys (Promise Technology) DRV - (CNG) -- C:\Windows\System32\Drivers\cng.sys (Microsoft Corporation) DRV - (Brserid) Brother MFC-Seriellschnittstellentreiber (WDM) -- C:\Windows\System32\Drivers\Brserid.sys (Brother Industries Ltd.) DRV - (rdpbus) -- C:\Windows\system32\DRIVERS\rdpbus.sys (Microsoft Corporation) DRV - (RDPREFMP) -- C:\Windows\System32\drivers\RDPREFMP.sys (Microsoft Corporation) DRV - (RasAgileVpn) WAN Miniport (IKEv2) -- C:\Windows\System32\drivers\agilevpn.sys (Microsoft Corporation) DRV - (WfpLwf) -- C:\Windows\System32\drivers\wfplwf.sys (Microsoft Corporation) DRV - (NdisCap) -- C:\Windows\System32\drivers\ndiscap.sys (Microsoft Corporation) DRV - (vwififlt) -- C:\Windows\System32\drivers\vwififlt.sys (Microsoft Corporation) DRV - (vwifibus) -- C:\Windows\System32\drivers\vwifibus.sys (Microsoft Corporation) DRV - (1394ohci) -- C:\Windows\system32\DRIVERS\1394ohci.sys (Microsoft Corporation) DRV - (UmPass) -- C:\Windows\system32\DRIVERS\umpass.sys (Microsoft Corporation) DRV - (WinUsb) -- C:\Windows\System32\drivers\winusb.sys (Microsoft Corporation) DRV - (mshidkmdf) -- C:\Windows\System32\drivers\mshidkmdf.sys (Microsoft Corporation) DRV - (MTConfig) -- C:\Windows\system32\DRIVERS\MTConfig.sys (Microsoft Corporation) DRV - (CompositeBus) -- C:\Windows\system32\DRIVERS\CompositeBus.sys (Microsoft Corporation) DRV - (AppID) -- C:\Windows\system32\drivers\appid.sys (Microsoft Corporation) DRV - (scfilter) -- C:\Windows\System32\drivers\scfilter.sys (Microsoft Corporation) DRV - (discache) -- C:\Windows\System32\drivers\discache.sys (Microsoft Corporation) DRV - (AcpiPmi) -- C:\Windows\system32\DRIVERS\acpipmi.sys (Microsoft Corporation) DRV - (AmdPPM) -- C:\Windows\system32\DRIVERS\amdppm.sys (Microsoft Corporation) DRV - (hcw85cir) -- C:\Windows\system32\drivers\hcw85cir.sys (Hauppauge Computer Works, Inc.) DRV - (BrUsbMdm) Brother MFC-nur-Fax-Modem (USB) -- C:\Windows\System32\Drivers\BrUsbMdm.sys (Brother Industries Ltd.) DRV - (BrUsbSer) Brother MFC-WDM-Treiber (USB,seriell) -- C:\Windows\System32\Drivers\BrUsbSer.sys (Brother Industries Ltd.) DRV - (BrSerWdm) Brother WDM-Treiber (seriell) -- C:\Windows\System32\Drivers\BrSerWdm.sys (Brother Industries Ltd.) DRV - (BrFiltLo) -- C:\Windows\system32\DRIVERS\BrFiltLo.sys (Brother Industries, Ltd.) DRV - (BrFiltUp) -- C:\Windows\system32\DRIVERS\BrFiltUp.sys (Brother Industries, Ltd.) DRV - (b57nd60x) -- C:\Windows\System32\drivers\b57nd60x.sys (Broadcom Corporation) DRV - (ebdrv) -- C:\Windows\system32\DRIVERS\evbdx.sys (Broadcom Corporation) DRV - (b06bdrv) -- C:\Windows\system32\DRIVERS\bxvbdx.sys (Broadcom Corporation) ========== Standard Registry (SafeList) ========== ========== Internet Explorer ========== IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 IE - HKU\S-1-5-21-344039673-3850450743-728163625-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://www.aldi.com IE - HKU\S-1-5-21-344039673-3850450743-728163625-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Secondary_Page_URL = hxxp://medion.msn.com [binary data] IE - HKU\S-1-5-21-344039673-3850450743-728163625-1000\SOFTWARE\Microsoft\Internet Explorer\Main,SearchDefaultBranded = 1 IE - HKU\S-1-5-21-344039673-3850450743-728163625-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Secondary Start Pages = hxxp://medion.msn.com/ [binary data] IE - HKU\S-1-5-21-344039673-3850450743-728163625-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://start.icq.com/ IE - HKU\S-1-5-21-344039673-3850450743-728163625-1000\..\URLSearchHook: - Reg Error: Key error. File not found IE - HKU\S-1-5-21-344039673-3850450743-728163625-1000\..\URLSearchHook: {855F3B16-6D32-4fe6-8A56-BBB695989046} - C:\Programme\ICQ6Toolbar\ICQToolBar.dll (ICQ) IE - HKU\S-1-5-21-344039673-3850450743-728163625-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 IE - HKU\S-1-5-21-344039673-3850450743-728163625-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = ;;;<local> ========== FireFox ========== FF - prefs.js..extensions.enabledItems: linkfilter@kaspersky.ru:9.0.0.736 FF - prefs.js..extensions.enabledItems: {ABDE892B-13A8-4d1b-88E6-365A6E755758}:1.1.4 FF - prefs.js..extensions.enabledItems: searchrecs@veoh.com:1.5.2 FF - prefs.js..extensions.enabledItems: {4D144BC3-23FB-47de-90C5-63CCB0139CCF}:1.0 FF - prefs.js..extensions.enabledItems: smartwebprinting@hp.com:4.51 FF - prefs.js..extensions.enabledItems: youtube2mp3@mondayx.de:1.0.7 FF - HKLM\software\mozilla\Firefox\Extensions\\{ABDE892B-13A8-4d1b-88E6-365A6E755758}: C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\Firefox\Ext [2010.05.31 10:30:02 | 000,000,000 | ---D | M] FF - HKLM\software\mozilla\Firefox\Extensions\\smartwebprinting@hp.com: C:\Program Files\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3 [2010.09.06 14:47:58 | 000,000,000 | ---D | M] FF - HKLM\software\mozilla\Mozilla Firefox 3.6.12\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2010.10.31 11:39:26 | 000,000,000 | ---D | M] FF - HKLM\software\mozilla\Mozilla Firefox 3.6.12\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2010.10.31 11:39:26 | 000,000,000 | ---D | M] FF - HKLM\software\mozilla\Mozilla Thunderbird 3.0.4\extensions\\Components: C:\Program Files\Mozilla Thunderbird\components [2010.08.29 09:02:04 | 000,000,000 | ---D | M] FF - HKLM\software\mozilla\Mozilla Thunderbird 3.0.4\extensions\\Plugins: C:\Program Files\Mozilla Thunderbird\plugins FF - HKLM\software\mozilla\Thunderbird\Extensions\\{eea12ec4-729d-4703-bc37-106ce9879ce2}: C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2010\THBExt [2010.05.19 12:52:52 | 000,000,000 | ---D | M] FF - HKLM\software\mozilla\Thunderbird\Extensions\\{857610fe-b36c-47f2-b4fa-6b7affe0cf5a}: C:\Program Files\Mobile Master\ext\1\ [2010.08.07 00:37:27 | 000,000,000 | ---D | M] [2010.06.09 21:10:34 | 000,000,000 | ---D | M] -- C:\Users\Adi\AppData\Roaming\mozilla\Extensions [2010.06.09 21:10:34 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Adi\AppData\Roaming\mozilla\Extensions\{3550f703-e582-4d05-9a08-453d09bdfdc6} [2010.12.11 11:47:36 | 000,000,000 | ---D | M] -- C:\Users\Adi\AppData\Roaming\mozilla\Firefox\Profiles\nucoh7a2.default\extensions [2010.08.03 11:15:44 | 000,000,000 | ---D | M] (TradeManager-Plugin) -- C:\Users\Adi\AppData\Roaming\mozilla\Firefox\Profiles\nucoh7a2.default\extensions\{4D144BC3-23FB-47de-90C5-63CCB0139CCF} [2010.05.31 11:32:17 | 000,000,000 | ---D | M] -- C:\Users\Adi\AppData\Roaming\mozilla\Firefox\Profiles\nucoh7a2.default\extensions\searchrecs@veoh.com [2010.11.26 23:13:03 | 000,000,000 | ---D | M] -- C:\Users\Adi\AppData\Roaming\mozilla\Firefox\Profiles\nucoh7a2.default\extensions\youtube2mp3@mondayx.de [2010.05.19 12:53:19 | 000,000,000 | ---D | M] -- C:\Programme\Mozilla Firefox\extensions [2010.05.19 12:53:20 | 000,000,000 | ---D | M] -- C:\Programme\Mozilla Firefox\extensions\linkfilter@kaspersky.ru [2010.09.26 17:35:45 | 000,001,392 | ---- | M] () -- C:\Programme\Mozilla Firefox\searchplugins\amazondotcom-de.xml [2010.09.26 17:35:45 | 000,002,344 | ---- | M] () -- C:\Programme\Mozilla Firefox\searchplugins\eBay-de.xml [2010.09.26 17:35:45 | 000,006,805 | ---- | M] () -- C:\Programme\Mozilla Firefox\searchplugins\leo_ende_de.xml [2010.09.26 17:35:45 | 000,001,178 | ---- | M] () -- C:\Programme\Mozilla Firefox\searchplugins\wikipedia-de.xml [2010.09.26 17:35:45 | 000,001,105 | ---- | M] () -- C:\Programme\Mozilla Firefox\searchplugins\yahoo-de.xml O1 HOSTS File: ([2009.06.10 22:39:37 | 000,000,824 | ---- | M]) - C:\Windows\System32\drivers\etc\hosts O2 - BHO: (HP Print Enhancer) - {0347C33E-8762-4905-BF09-768834316C61} - C:\Programme\HP\Digital Imaging\smart web printing\hpswp_printenhancer.dll (Hewlett-Packard Co.) O2 - BHO: (RealPlayer Download and Record Plugin for Internet Explorer) - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\IE\rpbrowserrecordplugin.dll (RealPlayer) O2 - BHO: (IEVkbdBHO Class) - {59273AB4-E7D3-40F9-A1A8-6FA9CCA1862C} - C:\Programme\Kaspersky Lab\Kaspersky Internet Security 2010\ievkbd.dll (Kaspersky Lab) O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - No CLSID value found. O2 - BHO: (Search Helper) - {6EBF7485-159F-4bff-A14F-B9E3AAC4465B} - C:\Programme\Microsoft\Search Enhancement Pack\Search Helper\SEPsearchhelperie.dll (Microsoft Corporation) O2 - BHO: (Windows Live Anmelde-Hilfsprogramm) - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Programme\Common Files\microsoft shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corporation) O2 - BHO: (Windows Live Toolbar Helper) - {E15A8DC0-8516-42A1-81EA-DC94EC1ACF10} - C:\Programme\Windows Live\Toolbar\wltcore.dll (Microsoft Corporation) O2 - BHO: (FilterBHO Class) - {E33CF602-D945-461A-83F0-819F76A199F8} - C:\Programme\Kaspersky Lab\Kaspersky Internet Security 2010\klwtbbho.dll (Kaspersky Lab) O2 - BHO: (HP Smart BHO Class) - {FFFFFFFF-CF4E-4F2B-BDC2-0E72E116A856} - C:\Programme\HP\Digital Imaging\smart web printing\hpswp_BHO.dll (Hewlett-Packard Co.) O3 - HKLM\..\Toolbar: (&Windows Live Toolbar) - {21FA44EF-376D-4D53-9B0F-8A89D3229068} - C:\Programme\Windows Live\Toolbar\wltcore.dll (Microsoft Corporation) O3 - HKLM\..\Toolbar: (ICQToolBar) - {855F3B16-6D32-4FE6-8A56-BBB695989046} - C:\Programme\ICQ6Toolbar\ICQToolBar.dll (ICQ) O3 - HKU\S-1-5-21-344039673-3850450743-728163625-1000\..\Toolbar\WebBrowser: (&Windows Live Toolbar) - {21FA44EF-376D-4D53-9B0F-8A89D3229068} - C:\Programme\Windows Live\Toolbar\wltcore.dll (Microsoft Corporation) O4 - HKLM..\Run: [AdobeAAMUpdater-1.0] C:\Program Files\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe (Adobe Systems Incorporated) O4 - HKLM..\Run: [AdobeCS5ServiceManager] C:\Program Files\Common Files\Adobe\CS5ServiceManager\CS5ServiceManager.exe (Adobe Systems Incorporated) O4 - HKLM..\Run: [AVP] C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2010\avp.exe (Kaspersky Lab) O4 - HKLM..\Run: [CLMLServer] C:\Program Files\CyberLink\Power2Go\CLMLSvc.exe (CyberLink) O4 - HKLM..\Run: [DivXUpdate] C:\Program Files\DivX\DivX Update\DivXUpdate.exe () O4 - HKLM..\Run: [HotkeyApp] C:\Program Files\Launch Manager\HotkeyApp.exe (Wistron) O4 - HKLM..\Run: [HTC Sync Loader] C:\Program Files\HTC\HTC Sync 3.0\htcUPCTLoader.exe () O4 - HKLM..\Run: [IAStorIcon] C:\Programme\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe (Intel Corporation) O4 - HKLM..\Run: [LMgrOSD] C:\Program Files\Launch Manager\OSDCtrl.exe File not found O4 - HKLM..\Run: [LMgrVolOSD] C:\Program Files\Launch Manager\OSD.exe (Wistron Corp.) O4 - HKLM..\Run: [Malwarebytes' Anti-Malware (reboot)] C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe (Malwarebytes Corporation) O4 - HKLM..\Run: [NvCplDaemon] C:\Windows\System32\NvCpl.DLL (NVIDIA Corporation) O4 - HKLM..\Run: [PDFPrint] C:\Programme\pdf24\pdf24.exe (Geek Software GmbH) O4 - HKLM..\Run: [PDVD9LanguageShortcut] C:\Program Files\CyberLink\PowerDVD9\Language\Language.exe (CyberLink Corp.) O4 - HKLM..\Run: [RtHDVBg] C:\Program Files\Realtek\Audio\HDA\RtHDVBg.exe (Realtek Semiconductor) O4 - HKLM..\Run: [RtHDVCpl] C:\Program Files\Realtek\Audio\HDA\RtHDVCpl.exe (Realtek Semiconductor) O4 - HKLM..\Run: [TkBellExe] C:\Program Files\Common Files\Real\Update_OB\realsched.exe (RealNetworks, Inc.) O4 - HKLM..\Run: [UCam_Menu] C:\Program Files\CyberLink\YouCam\MUITransfer\MUIStartMenu.exe (CyberLink Corp.) O4 - HKLM..\Run: [Wbutton] C:\Program Files\Launch Manager\Wbutton.exe (Wistron Corp.) O4 - HKU\S-1-5-21-344039673-3850450743-728163625-1000..\Run: [{F73ADF44-D944-82F7-7915-DBF6AC7BAABA}] C:\Users\Adi\AppData\Roaming\Faatke\emikl.exe File not found O4 - HKU\S-1-5-21-344039673-3850450743-728163625-1000..\Run: [ICQ] C:\Program Files\ICQ7.0\ICQ.exe (ICQ, LLC.) O4 - HKU\S-1-5-21-344039673-3850450743-728163625-1000..\Run: [lrodwv] C:\Users\Adi\AppData\Roaming\MP3DMOD8.DLL (Microsoft Corporation) O4 - HKU\S-1-5-19..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (Microsoft Corporation) O4 - HKU\S-1-5-20..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (Microsoft Corporation) O4 - Startup: C:\Users\Adi\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Adobe Gamma.lnk = C:\Programme\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe (Adobe Systems, Inc.) O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3 O8 - Extra context menu item: Add to Anti-Banner - C:\Programme\Kaspersky Lab\Kaspersky Internet Security 2010\ie_banner_deny.htm () O8 - Extra context menu item: Nach Microsoft E&xel exportieren - C:\Programme\Microsoft Office\Office12\EXCEL.EXE (Microsoft Corporation) O9 - Extra Button: eBay - Der weltweite Online-Marktplatz - {0B65DCC9-1740-43dc-B19C-4F309FB6A6CA} - File not found O9 - Extra 'Tools' menuitem : eBay - {0B65DCC9-1740-43dc-B19C-4F309FB6A6CA} - File not found O9 - Extra Button: In Blog veröffentlichen - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Programme\Windows Live\Writer\WriterBrowserExtension.dll (Microsoft Corporation) O9 - Extra 'Tools' menuitem : In Windows Live Writer in Blog veröffentliche&n - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Programme\Windows Live\Writer\WriterBrowserExtension.dll (Microsoft Corporation) O9 - Extra Button: An OneNote senden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Programme\Microsoft Office\Office12\ONBttnIE.dll (Microsoft Corporation) O9 - Extra 'Tools' menuitem : An OneNote s&enden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Programme\Microsoft Office\Office12\ONBttnIE.dll (Microsoft Corporation) O9 - Extra Button: &Virtual keyboard - {4248FE82-7FCB-46AC-B270-339F08212110} - C:\Programme\Kaspersky Lab\Kaspersky Internet Security 2010\klwtbbho.dll (Kaspersky Lab) O9 - Extra Button: ICQ7 - {88EB38EF-4D2C-436D-ABD3-56B232674062} - C:\Programme\ICQ7.0\ICQ.exe (ICQ, LLC.) O9 - Extra 'Tools' menuitem : ICQ7 - {88EB38EF-4D2C-436D-ABD3-56B232674062} - C:\Programme\ICQ7.0\ICQ.exe (ICQ, LLC.) O9 - Extra Button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\Programme\Microsoft Office\Office12\REFIEBAR.DLL (Microsoft Corporation) O9 - Extra Button: URLs c&heck - {CCF151D8-D089-449F-A5A4-D9909053F20F} - C:\Programme\Kaspersky Lab\Kaspersky Internet Security 2010\klwtbbho.dll (Kaspersky Lab) O9 - Extra Button: HP Smart Web Printing ein- oder ausblenden - {DDE87865-83C5-48c4-8357-2F5B1AA84522} - C:\Programme\HP\Digital Imaging\smart web printing\hpswp_BHO.dll (Hewlett-Packard Co.) O13 - gopher Prefix: missing O16 - DPF: {20A60F0D-9AFA-4515-A0FD-83BD84642501} hxxp://messenger.zone.msn.com/binary/msgrchkr.cab56986.cab (Checkers Class) O16 - DPF: {32C3FEAE-0877-4767-8C20-62A5829A0945} hxxp://static.ak.facebook.com/fbplugin/win32/axfbootloader.cab (Reg Error: Key error.) O16 - DPF: {5D6F45B3-9043-443D-A792-115447494D24} hxxp://messenger.zone.msn.com/MessengerGamesContent/GameContent/de/uno1/GAME_UNO1.cab (UnoCtrl Class) O16 - DPF: {8100D56A-5661-482C-BEE8-AFECE305D968} hxxp://upload.facebook.com/controls/2009.07.28_v5.5.8.1/FacebookPhotoUploader55.cab (Facebook Photo Uploader 5 Control) O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_18-windows-i586.cab (Java Plug-in 1.6.0_18) O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} hxxp://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab56907.cab (MessengerStatsClient Class) O16 - DPF: {CAFEEFAC-0016-0000-0018-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_18-windows-i586.cab (Java Plug-in 1.6.0_18) O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_18-windows-i586.cab (Java Plug-in 1.6.0_18) O16 - DPF: {E77F23EB-E7AB-4502-8F37-247DBAF1A147} hxxp://gfx1.hotmail.com/mail/w4/pr01/photouploadcontrol/VistaMSNPUpldde-de.cab (Windows Live Hotmail Photo Upload Tool) O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.1 O18 - Protocol\Handler\livecall {828030A1-22C1-4009-854F-8E305202313F} - C:\Programme\Windows Live\Messenger\msgrapp.14.0.8089.0726.dll (Microsoft Corporation) O18 - Protocol\Handler\ms-help {314111c7-a502-11d2-bbca-00c04f8ec294} - C:\Programme\Common Files\microsoft shared\Help\hxds.dll (Microsoft Corporation) O18 - Protocol\Handler\ms-itss {0A9007C0-4076-11D3-8789-0000F8105754} - C:\Programme\Common Files\microsoft shared\Information Retrieval\msitss.dll (Microsoft Corporation) O18 - Protocol\Handler\msnim {828030A1-22C1-4009-854F-8E305202313F} - C:\Programme\Windows Live\Messenger\msgrapp.14.0.8089.0726.dll (Microsoft Corporation) O18 - Protocol\Handler\wlmailhtml {03C514A3-1EFB-4856-9F99-10D7BE1653C0} - C:\Programme\Windows Live\Mail\mailcomm.dll (Microsoft Corporation) O18 - Protocol\Filter\text/xml {807563E5-5146-11D5-A672-00B0D022E945} - C:\Programme\Common Files\microsoft shared\OFFICE12\MSOXMLMF.DLL (Microsoft Corporation) O20 - AppInit_DLLs: (C:\Windows\system32\nvinit.dll) - C:\Windows\System32\nvinit.dll (NVIDIA Corporation) O20 - AppInit_DLLs: (C:\PROGRA~1\KASPER~1\KASPER~1\mzvkbd3.dll) - C:\Programme\Kaspersky Lab\Kaspersky Internet Security 2010\mzvkbd3.dll (Kaspersky Lab) O20 - AppInit_DLLs: (C:\PROGRA~1\KASPER~1\KASPER~1\kloehk.dll) - C:\Programme\Kaspersky Lab\Kaspersky Internet Security 2010\kloehk.dll (Kaspersky Lab) O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation) O20 - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\Windows\System32\SystemPropertiesPerformance.exe (Microsoft Corporation) O20 - HKLM Winlogon: VMApplet - (/pagefile) - File not found O20 - Winlogon\Notify\igfxcui: DllName - igfxdev.dll - C:\Windows\System32\igfxdev.dll (Intel Corporation) O20 - Winlogon\Notify\klogon: DllName - C:\Windows\system32\klogon.dll - C:\Windows\System32\klogon.dll (Kaspersky Lab) O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - CLSID or File not found. O30 - LSA: Security Packages - (pku2u) - C:\Windows\System32\pku2u.dll (Microsoft Corporation) O32 - HKLM CDRom: AutoRun - 1 O32 - AutoRun File - [2010.02.20 18:17:51 | 000,000,000 | ---D | M] - C:\Autodesk -- [ NTFS ] O32 - AutoRun File - [2009.06.10 22:42:20 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ] O33 - MountPoints2\{4b500a8e-528c-11df-a009-001f163904f8}\Shell - "" = AutoRun O33 - MountPoints2\{4b500a8e-528c-11df-a009-001f163904f8}\Shell\AutoRun\command - "" = F:\LaunchU3.exe -- File not found O33 - MountPoints2\{7c282a5e-e727-11df-8a46-1c4bd623beca}\Shell - "" = AutoRun O33 - MountPoints2\{7c282a5e-e727-11df-8a46-1c4bd623beca}\Shell\AutoRun\command - "" = F:\LaunchU3.exe -- File not found O33 - MountPoints2\{92eb9648-2d1b-11df-9def-001f163904f8}\Shell - "" = AutoRun O34 - HKLM BootExecute: (autocheck autochk *) - File not found O35 - HKLM\..comfile [open] -- "%1" %* O35 - HKLM\..exefile [open] -- "%1" %* O37 - HKLM\...com [@ = comfile] -- "%1" %* O37 - HKLM\...exe [@ = exefile] -- "%1" %* NetSvcs: FastUserSwitchingCompatibility - File not found NetSvcs: Ias - File not found NetSvcs: Nla - File not found NetSvcs: Ntmssvc - File not found NetSvcs: NWCWorkstation - File not found NetSvcs: Nwsapagent - File not found NetSvcs: SRService - File not found NetSvcs: WmdmPmSp - File not found NetSvcs: LogonHours - File not found NetSvcs: PCAudit - File not found NetSvcs: helpsvc - File not found NetSvcs: uploadmgr - File not found NetSvcs: Themes - C:\Windows\System32\themeservice.dll (Microsoft Corporation) NetSvcs: BDESVC - C:\Windows\System32\bdesvc.dll (Microsoft Corporation) SafeBootMin: AppMgmt - Service SafeBootMin: Base - Driver Group SafeBootMin: Boot Bus Extender - Driver Group SafeBootMin: Boot file system - Driver Group SafeBootMin: File system - Driver Group SafeBootMin: Filter - Driver Group SafeBootMin: HelpSvc - Service SafeBootMin: NTDS - File not found SafeBootMin: PCI Configuration - Driver Group SafeBootMin: PNP Filter - Driver Group SafeBootMin: Power - C:\Windows\System32\umpo.dll (Microsoft Corporation) SafeBootMin: Primary disk - Driver Group SafeBootMin: RpcEptMapper - C:\Windows\System32\RpcEpMap.dll (Microsoft Corporation) SafeBootMin: sacsvr - Service SafeBootMin: SCSI Class - Driver Group SafeBootMin: System Bus Extender - Driver Group SafeBootMin: vmms - Service SafeBootMin: WinDefend - C:\Programme\Windows Defender\MpSvc.dll (Microsoft Corporation) SafeBootMin: {36FC9E60-C465-11CF-8056-444553540000} - Universal Serial Bus controllers SafeBootMin: {4D36E965-E325-11CE-BFC1-08002BE10318} - CD-ROM Drive SafeBootMin: {4D36E967-E325-11CE-BFC1-08002BE10318} - DiskDrive SafeBootMin: {4D36E969-E325-11CE-BFC1-08002BE10318} - Standard floppy disk controller SafeBootMin: {4D36E96A-E325-11CE-BFC1-08002BE10318} - Hdc SafeBootMin: {4D36E96B-E325-11CE-BFC1-08002BE10318} - Keyboard SafeBootMin: {4D36E96F-E325-11CE-BFC1-08002BE10318} - Mouse SafeBootMin: {4D36E977-E325-11CE-BFC1-08002BE10318} - PCMCIA Adapters SafeBootMin: {4D36E97B-E325-11CE-BFC1-08002BE10318} - SCSIAdapter SafeBootMin: {4D36E97D-E325-11CE-BFC1-08002BE10318} - System SafeBootMin: {4D36E980-E325-11CE-BFC1-08002BE10318} - Floppy disk drive SafeBootMin: {533C5B84-EC70-11D2-9505-00C04F79DEAF} - Volume shadow copy SafeBootMin: {6BDD1FC1-810F-11D0-BEC7-08002BE2092F} - IEEE 1394 Bus host controllers SafeBootMin: {71A27CDD-812A-11D0-BEC7-08002BE2092F} - Volume SafeBootMin: {745A17A0-74D3-11D0-B6FE-00A0C90F57DA} - Human Interface Devices SafeBootMin: {D48179BE-EC20-11D1-B6B8-00C04FA372A7} - SBP2 IEEE 1394 Devices SafeBootMin: {D94EE5D8-D189-4994-83D2-F68D7D41B0E6} - SecurityDevices SafeBootNet: AppMgmt - Service SafeBootNet: Base - Driver Group SafeBootNet: Boot Bus Extender - Driver Group SafeBootNet: Boot file system - Driver Group SafeBootNet: Dhcp - C:\Windows\System32\dhcpcore.dll (Microsoft Corporation) SafeBootNet: File system - Driver Group SafeBootNet: Filter - Driver Group SafeBootNet: HelpSvc - Service SafeBootNet: Messenger - Service SafeBootNet: NDIS Wrapper - Driver Group SafeBootNet: ndiscap - C:\Windows\System32\drivers\ndiscap.sys (Microsoft Corporation) SafeBootNet: NetBIOSGroup - Driver Group SafeBootNet: NetDDEGroup - Driver Group SafeBootNet: Network - Driver Group SafeBootNet: NetworkProvider - Driver Group SafeBootNet: NTDS - File not found SafeBootNet: PCI Configuration - Driver Group SafeBootNet: PNP Filter - Driver Group SafeBootNet: PNP_TDI - Driver Group SafeBootNet: Power - C:\Windows\System32\umpo.dll (Microsoft Corporation) SafeBootNet: Primary disk - Driver Group SafeBootNet: rdsessmgr - Service SafeBootNet: RpcEptMapper - C:\Windows\System32\RpcEpMap.dll (Microsoft Corporation) SafeBootNet: sacsvr - Service SafeBootNet: SCSI Class - Driver Group SafeBootNet: Streams Drivers - Driver Group SafeBootNet: System Bus Extender - Driver Group SafeBootNet: TDI - Driver Group SafeBootNet: vmms - Service SafeBootNet: WinDefend - C:\Programme\Windows Defender\MpSvc.dll (Microsoft Corporation) SafeBootNet: WudfUsbccidDriver - Driver SafeBootNet: {36FC9E60-C465-11CF-8056-444553540000} - Universal Serial Bus controllers SafeBootNet: {4D36E965-E325-11CE-BFC1-08002BE10318} - CD-ROM Drive SafeBootNet: {4D36E967-E325-11CE-BFC1-08002BE10318} - DiskDrive SafeBootNet: {4D36E969-E325-11CE-BFC1-08002BE10318} - Standard floppy disk controller SafeBootNet: {4D36E96A-E325-11CE-BFC1-08002BE10318} - Hdc SafeBootNet: {4D36E96B-E325-11CE-BFC1-08002BE10318} - Keyboard SafeBootNet: {4D36E96F-E325-11CE-BFC1-08002BE10318} - Mouse SafeBootNet: {4D36E972-E325-11CE-BFC1-08002BE10318} - Net SafeBootNet: {4D36E973-E325-11CE-BFC1-08002BE10318} - NetClient SafeBootNet: {4D36E974-E325-11CE-BFC1-08002BE10318} - NetService SafeBootNet: {4D36E975-E325-11CE-BFC1-08002BE10318} - NetTrans SafeBootNet: {4D36E977-E325-11CE-BFC1-08002BE10318} - PCMCIA Adapters SafeBootNet: {4D36E97B-E325-11CE-BFC1-08002BE10318} - SCSIAdapter SafeBootNet: {4D36E97D-E325-11CE-BFC1-08002BE10318} - System SafeBootNet: {4D36E980-E325-11CE-BFC1-08002BE10318} - Floppy disk drive SafeBootNet: {50DD5230-BA8A-11D1-BF5D-0000F805F530} - Smart card readers SafeBootNet: {533C5B84-EC70-11D2-9505-00C04F79DEAF} - Volume shadow copy SafeBootNet: {6BDD1FC1-810F-11D0-BEC7-08002BE2092F} - IEEE 1394 Bus host controllers SafeBootNet: {71A27CDD-812A-11D0-BEC7-08002BE2092F} - Volume SafeBootNet: {745A17A0-74D3-11D0-B6FE-00A0C90F57DA} - Human Interface Devices SafeBootNet: {D48179BE-EC20-11D1-B6B8-00C04FA372A7} - SBP2 IEEE 1394 Devices SafeBootNet: {D94EE5D8-D189-4994-83D2-F68D7D41B0E6} - SecurityDevices ActiveX: {08B0E5C0-4FCB-11CF-AAA5-00401C608500} - Java (Sun) ActiveX: {164AB8F0-AEEB-0181-5D21-E6ECBC5578B9} - Browser Customizations ActiveX: {167EB5CE-84AB-5DF0-C279-B2E0C3229E93} - Browser Customizations ActiveX: {22d6f312-b0f6-11d0-94ab-0080c74c7e95} - Microsoft Windows Media Player 12.0 ActiveX: {25FFAAD0-F4A3-4164-95FF-4461E9F35D51} - .NET Framework ActiveX: {2C7339CF-2B09-4501-B3F3-F3508C9228ED} - %SystemRoot%\system32\regsvr32.exe /s /n /i:/UserInstall %SystemRoot%\system32\themeui.dll ActiveX: {3af36230-a269-11d1-b5bf-0000f8051515} - Offline Browsing Pack ActiveX: {44BBA840-CC51-11CF-AAFA-00AA00B6015C} - "%ProgramFiles%\Windows Mail\WinMail.exe" OCInstallUserConfigOE ActiveX: {44BBA855-CC51-11CF-AAFA-00AA00B6015F} - DirectDrawEx ActiveX: {45ea75a0-a269-11d1-b5bf-0000f8051515} - Internet Explorer Help ActiveX: {4f645220-306d-11d2-995d-00c04f98bbc9} - Microsoft Windows Script 5.6 ActiveX: {4FC77C20-BAF1-533D-C862-2257B4AD8107} - Microsoft Windows Media Player ActiveX: {5fd399c0-a70a-11d1-9948-00c04f98bbc9} - Internet Explorer Setup Tools ActiveX: {630b1da0-b465-11d1-9948-00c04f98bbc9} - Browsing Enhancements ActiveX: {6BF52A52-394A-11d3-B153-00C04F79FAA6} - Microsoft Windows Media Player ActiveX: {6fab99d0-bab8-11d1-994a-00c04f98bbc9} - MSN Site Access ActiveX: {7790769C-0471-11d2-AF11-00C04FA35D02} - Address Book 7 ActiveX: {7C028AF8-F614-47B3-82DA-BA94E41B1089} - .NET Framework ActiveX: {7CEBCFC2-4F18-8091-C69C-4E12678F9927} - Microsoft Windows Media Player 12.0 ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4340} - regsvr32.exe /s /n /i:U shell32.dll ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4383} - C:\Windows\System32\ie4uinit.exe -BaseSettings ActiveX: {89B4C1CD-B018-4511-B0A1-5476DBF70820} - C:\Windows\system32\Rundll32.exe C:\Windows\system32\mscories.dll,Install ActiveX: {9381D8F2-0288-11D0-9501-00AA00B911A5} - Dynamic HTML Data Binding ActiveX: {C9E9A340-D1F1-11D0-821E-444553540600} - Internet Explorer Core Fonts ActiveX: {D078575C-8AF0-FC0F-E4C0-2E2A490BD5EF} - Browser Customizations ActiveX: {D27CDB6E-AE6D-11CF-96B8-444553540000} - Adobe Flash Player ActiveX: {de5aed00-a4bf-11d1-9948-00c04f98bbc9} - HTML Help ActiveX: {E7B157F5-32E2-34E1-24B1-D1B42851071F} - Java (Sun) ActiveX: {E92B03AB-B707-11d2-9CBD-0000F87A369E} - Active Directory Service Interface ActiveX: {EFCF9D19-80B1-0FB3-0B67-6CCE916ACA67} - Microsoft Windows Media Player 12.0 ActiveX: >{22d6f312-b0f6-11d0-94ab-0080c74c7e95} - %SystemRoot%\system32\unregmp2.exe /ShowWMP ActiveX: >{26923b43-4d38-484f-9b9e-de460746276c} - C:\Windows\System32\ie4uinit.exe -UserIconConfig ActiveX: >{60B49E34-C7CC-11D0-8953-00A0C90347FF} - "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\iedkcs32.dll",BrandIEActiveSetup SIGNUP Drivers32: msacm.l3acm - C:\Windows\System32\l3codeca.acm (Fraunhofer Institut Integrierte Schaltungen IIS) Drivers32: MSVideo8 - C:\Windows\System32\vfwwdm32.dll (Microsoft Corporation) Drivers32: vidc.cvid - C:\Windows\System32\iccvid.dll (Radius Inc.) Drivers32: vidc.DIVX - C:\Windows\System32\DivX.dll (DivX, Inc.) Drivers32: vidc.yv12 - C:\Windows\System32\DivX.dll (DivX, Inc.) ========== Files/Folders - Created Within 30 Days ========== [2010.12.11 17:03:55 | 000,000,000 | ---D | C] -- C:\Programme\Trend Micro [2010.12.11 15:34:50 | 000,000,000 | ---D | C] -- C:\Users\Adi\AppData\Roaming\Malwarebytes [2010.12.11 15:34:40 | 000,038,224 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbamswissarmy.sys [2010.12.11 15:34:39 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes [2010.12.11 15:34:35 | 000,020,952 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbam.sys [2010.12.11 15:34:34 | 000,000,000 | ---D | C] -- C:\Programme\Malwarebytes' Anti-Malware [2010.12.11 15:21:20 | 000,000,000 | ---D | C] -- C:\Programme\CCleaner [2010.12.11 13:47:03 | 000,000,000 | ---D | C] -- C:\ProgramData\ALM [2010.12.11 13:22:57 | 000,000,000 | ---D | C] -- C:\Users\Adi\Desktop\IllustratorCS5 [2010.12.11 13:07:35 | 000,000,000 | ---D | C] -- C:\Users\Adi\AppData\Roaming\Fighters [2010.12.11 13:07:32 | 000,000,000 | ---D | C] -- C:\Users\Adi\AppData\Local\PackageAware [2010.12.11 12:37:29 | 000,129,536 | RHS- | C] (Microsoft Corporation) -- C:\Users\Adi\AppData\Roaming\MP3DMOD8.dll [2010.12.01 11:38:34 | 000,000,000 | ---D | C] -- C:\Programme\QS [2010.11.29 15:46:07 | 000,000,000 | ---D | C] -- C:\Windows\Minidump [2010.11.28 21:26:26 | 000,000,000 | ---D | C] -- C:\Users\Adi\Documents\Excel [2010.11.23 12:21:35 | 000,000,000 | ---D | C] -- C:\Users\Adi\AppData\Roaming\Faatke [2010.11.21 19:02:37 | 000,000,000 | ---D | C] -- C:\Users\Adi\Documents\OldVersions [2010.11.13 22:28:19 | 000,000,000 | ---D | C] -- C:\Users\Adi\AppData\Roaming\HTC.388BC06ACDAB6261375BCE37FBA2E023C0D7EE34.1 [2010.11.13 22:27:31 | 000,000,000 | ---D | C] -- C:\Users\Adi\AppData\Roaming\HTC [2010.11.13 22:26:10 | 000,000,000 | ---D | C] -- C:\Users\Adi\AppData\Local\Downloaded Installations [2010.11.13 22:25:49 | 000,000,000 | ---D | C] -- C:\Programme\Spirent Communications [2010.11.13 22:24:30 | 000,000,000 | ---D | C] -- C:\Programme\HTC [2010.01.18 03:08:30 | 000,004,096 | ---- | C] ( ) -- C:\Windows\System32\IGFXDEVLib.dll ========== Files - Modified Within 30 Days ========== [2010.12.11 18:00:17 | 000,009,920 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0 [2010.12.11 18:00:17 | 000,009,920 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0 [2010.12.11 17:56:00 | 000,001,090 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job [2010.12.11 17:52:37 | 000,001,086 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job [2010.12.11 17:52:26 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat [2010.12.11 17:52:16 | 2559,467,520 | -HS- | M] () -- C:\hiberfil.sys [2010.12.11 17:03:56 | 000,002,953 | ---- | M] () -- C:\Users\Adi\Desktop\HiJackThis.lnk [2010.12.11 13:22:07 | 008,422,400 | ---- | M] () -- C:\Users\Adi\Thesis_adnan.doc [2010.12.11 12:37:29 | 000,129,536 | RHS- | M] (Microsoft Corporation) -- C:\Users\Adi\AppData\Roaming\MP3DMOD8.dll [2010.12.11 02:59:57 | 000,643,866 | ---- | M] () -- C:\Windows\System32\perfh007.dat [2010.12.11 02:59:57 | 000,607,190 | ---- | M] () -- C:\Windows\System32\perfh009.dat [2010.12.11 02:59:57 | 000,126,394 | ---- | M] () -- C:\Windows\System32\perfc007.dat [2010.12.11 02:59:57 | 000,103,568 | ---- | M] () -- C:\Windows\System32\perfc009.dat [2010.11.29 17:42:18 | 000,038,224 | ---- | M] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbamswissarmy.sys [2010.11.29 17:42:06 | 000,020,952 | ---- | M] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbam.sys [2010.11.26 12:16:32 | 000,163,328 | ---- | M] () -- C:\Users\Adi\Documents\Baugruppe2.iam [2010.11.26 11:48:53 | 000,173,568 | ---- | M] () -- C:\Users\Adi\Documents\Bauteil32.ipt [2010.11.26 11:44:21 | 000,163,840 | ---- | M] () -- C:\Users\Adi\Documents\Bauteil3_1.ipt [2010.11.26 11:43:45 | 000,161,792 | ---- | M] () -- C:\Users\Adi\Documents\Bauteil3.ipt [2010.11.26 11:19:12 | 000,174,080 | ---- | M] () -- C:\Users\Adi\Documents\Baugruppe1.iam [2010.11.26 10:45:39 | 000,158,720 | ---- | M] () -- C:\Users\Adi\Documents\Bauteil2.ipt [2010.11.21 19:05:34 | 000,182,784 | ---- | M] () -- C:\Users\Adi\Documents\Bauteil1.ipt [2010.11.21 19:05:34 | 000,168,448 | ---- | M] () -- C:\Users\Adi\Documents\Bauteil1_MIR.ipt [2010.11.13 22:27:26 | 000,001,044 | ---- | M] () -- C:\Users\Public\Desktop\HTC Sync.lnk ========== Files Created - No Company Name ========== [2010.12.11 17:03:56 | 000,002,953 | ---- | C] () -- C:\Users\Adi\Desktop\HiJackThis.lnk [2010.12.11 13:22:04 | 008,422,400 | ---- | C] () -- C:\Users\Adi\Thesis_adnan.doc [2010.11.26 12:07:30 | 000,163,328 | ---- | C] () -- C:\Users\Adi\Documents\Baugruppe2.iam [2010.11.26 11:48:52 | 000,173,568 | ---- | C] () -- C:\Users\Adi\Documents\Bauteil32.ipt [2010.11.26 11:44:20 | 000,163,840 | ---- | C] () -- C:\Users\Adi\Documents\Bauteil3_1.ipt [2010.11.26 11:39:22 | 000,161,792 | ---- | C] () -- C:\Users\Adi\Documents\Bauteil3.ipt [2010.11.26 10:58:48 | 000,174,080 | ---- | C] () -- C:\Users\Adi\Documents\Baugruppe1.iam [2010.11.26 10:45:39 | 000,158,720 | ---- | C] () -- C:\Users\Adi\Documents\Bauteil2.ipt [2010.11.21 19:05:33 | 000,168,448 | ---- | C] () -- C:\Users\Adi\Documents\Bauteil1_MIR.ipt [2010.11.13 22:27:26 | 000,001,044 | ---- | C] () -- C:\Users\Public\Desktop\HTC Sync.lnk [2010.06.14 19:58:38 | 000,017,408 | ---- | C] () -- C:\Users\Adi\AppData\Local\WebpageIcons.db [2010.05.03 12:16:55 | 000,049,152 | ---- | C] () -- C:\Windows\System32\SCIExt.dll [2010.04.24 19:52:18 | 000,000,009 | ---- | C] () -- C:\Windows\Crypkey.ini [2010.02.22 17:02:50 | 000,000,059 | ---- | C] () -- C:\Windows\wpd99.drv [2010.02.22 17:02:49 | 000,051,716 | ---- | C] () -- C:\Windows\System32\pdf995mon.dll [2010.02.22 16:13:43 | 000,116,224 | ---- | C] () -- C:\Windows\System32\pdfcmnnt.dll [2010.01.19 17:15:43 | 000,140,288 | ---- | C] () -- C:\Windows\System32\igfxtvcx.dll [2010.01.18 03:24:44 | 000,120,200 | ---- | C] () -- C:\Windows\System32\DLLDEV32i.dll [2010.01.14 05:31:04 | 000,208,896 | ---- | C] () -- C:\Windows\System32\iglhsip32.dll [2010.01.14 05:31:04 | 000,143,360 | ---- | C] () -- C:\Windows\System32\iglhcp32.dll [2009.08.03 15:07:42 | 000,403,816 | ---- | C] () -- C:\Windows\System32\OGACheckControl.dll [2009.07.14 00:51:43 | 000,073,728 | ---- | C] () -- C:\Windows\System32\BthpanContextHandler.dll [2009.07.14 00:42:10 | 000,064,000 | ---- | C] () -- C:\Windows\System32\BWContextHandler.dll [2006.11.11 21:52:50 | 000,454,656 | ---- | C] () -- C:\Windows\System32\mmSQL.dll ========== LOP Check ========== [2010.09.20 22:45:00 | 000,000,000 | ---D | M] -- C:\Users\Adi\AppData\Roaming\Autodesk [2010.03.29 12:15:55 | 000,000,000 | ---D | M] -- C:\Users\Adi\AppData\Roaming\Design Science [2010.04.21 22:09:42 | 000,000,000 | ---D | M] -- C:\Users\Adi\AppData\Roaming\elsterformular [2010.12.11 17:50:46 | 000,000,000 | ---D | M] -- C:\Users\Adi\AppData\Roaming\Faatke [2010.12.11 13:07:35 | 000,000,000 | ---D | M] -- C:\Users\Adi\AppData\Roaming\Fighters [2010.11.24 18:48:09 | 000,000,000 | ---D | M] -- C:\Users\Adi\AppData\Roaming\FileZilla [2010.07.26 15:52:58 | 000,000,000 | ---D | M] -- C:\Users\Adi\AppData\Roaming\FreeCall [2010.04.23 12:43:22 | 000,000,000 | ---D | M] -- C:\Users\Adi\AppData\Roaming\Fuehrerschein-Fragen [2010.05.31 09:54:47 | 000,000,000 | ---D | M] -- C:\Users\Adi\AppData\Roaming\GrabPro [2010.08.07 14:25:58 | 000,000,000 | ---D | M] -- C:\Users\Adi\AppData\Roaming\HEXelon [2010.11.13 22:28:08 | 000,000,000 | ---D | M] -- C:\Users\Adi\AppData\Roaming\HTC [2010.11.13 22:28:19 | 000,000,000 | ---D | M] -- C:\Users\Adi\AppData\Roaming\HTC.388BC06ACDAB6261375BCE37FBA2E023C0D7EE34.1 [2010.12.11 12:50:08 | 000,000,000 | ---D | M] -- C:\Users\Adi\AppData\Roaming\ICQ [2010.03.17 14:53:35 | 000,000,000 | ---D | M] -- C:\Users\Adi\AppData\Roaming\IrfanView [2010.08.07 00:36:29 | 000,000,000 | ---D | M] -- C:\Users\Adi\AppData\Roaming\Jumping Bytes [2010.04.24 20:21:32 | 000,000,000 | ---D | M] -- C:\Users\Adi\AppData\Roaming\McNeel [2010.05.31 10:15:21 | 000,000,000 | ---D | M] -- C:\Users\Adi\AppData\Roaming\MiniDm [2010.08.07 09:42:45 | 000,000,000 | ---D | M] -- C:\Users\Adi\AppData\Roaming\Mobile Master [2010.05.31 10:05:59 | 000,000,000 | ---D | M] -- C:\Users\Adi\AppData\Roaming\OpenCandy [2010.09.24 22:13:47 | 000,000,000 | ---D | M] -- C:\Users\Adi\AppData\Roaming\Opera [2010.02.22 17:04:54 | 000,000,000 | ---D | M] -- C:\Users\Adi\AppData\Roaming\pdf995 [2010.12.01 11:41:44 | 000,000,000 | ---D | M] -- C:\Users\Adi\AppData\Roaming\TeamViewer [2010.06.09 21:10:33 | 000,000,000 | ---D | M] -- C:\Users\Adi\AppData\Roaming\Thunderbird [2010.02.22 15:42:39 | 000,000,000 | ---D | M] -- C:\Users\Adi\AppData\Roaming\UDC Profiles [2010.05.31 10:07:02 | 000,000,000 | ---D | M] -- C:\Users\Adi\AppData\Roaming\Uniblue [2010.12.11 17:30:44 | 000,000,000 | ---D | M] -- C:\Users\Adi\AppData\Roaming\Ytdi [2010.11.05 16:14:34 | 000,032,632 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT ========== Purity Check ========== ========== Custom Scans ========== < %ALLUSERSPROFILE%\Application Data\*. > < %ALLUSERSPROFILE%\Application Data\*.exe /s > < %APPDATA%\*. > [2010.12.11 13:51:39 | 000,000,000 | ---D | M] -- C:\Users\Adi\AppData\Roaming\Adobe [2010.08.23 19:16:06 | 000,000,000 | ---D | M] -- C:\Users\Adi\AppData\Roaming\Apple Computer [2010.09.20 22:45:00 | 000,000,000 | ---D | M] -- C:\Users\Adi\AppData\Roaming\Autodesk [2010.04.23 21:46:30 | 000,000,000 | ---D | M] -- C:\Users\Adi\AppData\Roaming\Corel [2010.02.22 18:34:15 | 000,000,000 | ---D | M] -- C:\Users\Adi\AppData\Roaming\CyberLink [2010.03.29 12:15:55 | 000,000,000 | ---D | M] -- C:\Users\Adi\AppData\Roaming\Design Science [2010.05.15 14:34:54 | 000,000,000 | ---D | M] -- C:\Users\Adi\AppData\Roaming\DivX [2010.04.21 22:09:42 | 000,000,000 | ---D | M] -- C:\Users\Adi\AppData\Roaming\elsterformular [2010.12.11 17:50:46 | 000,000,000 | ---D | M] -- C:\Users\Adi\AppData\Roaming\Faatke [2010.12.11 13:07:35 | 000,000,000 | ---D | M] -- C:\Users\Adi\AppData\Roaming\Fighters [2010.11.24 18:48:09 | 000,000,000 | ---D | M] -- C:\Users\Adi\AppData\Roaming\FileZilla [2010.07.26 15:52:58 | 000,000,000 | ---D | M] -- C:\Users\Adi\AppData\Roaming\FreeCall [2010.04.23 12:43:22 | 000,000,000 | ---D | M] -- C:\Users\Adi\AppData\Roaming\Fuehrerschein-Fragen [2010.05.31 09:54:47 | 000,000,000 | ---D | M] -- C:\Users\Adi\AppData\Roaming\GrabPro [2010.08.07 14:25:58 | 000,000,000 | ---D | M] -- C:\Users\Adi\AppData\Roaming\HEXelon [2010.09.06 18:00:33 | 000,000,000 | ---D | M] -- C:\Users\Adi\AppData\Roaming\HP [2010.11.13 22:28:08 | 000,000,000 | ---D | M] -- C:\Users\Adi\AppData\Roaming\HTC [2010.11.13 22:28:19 | 000,000,000 | ---D | M] -- C:\Users\Adi\AppData\Roaming\HTC.388BC06ACDAB6261375BCE37FBA2E023C0D7EE34.1 [2010.12.11 12:50:08 | 000,000,000 | ---D | M] -- C:\Users\Adi\AppData\Roaming\ICQ [2010.02.20 09:20:59 | 000,000,000 | ---D | M] -- C:\Users\Adi\AppData\Roaming\Identities [2010.02.20 09:21:38 | 000,000,000 | ---D | M] -- C:\Users\Adi\AppData\Roaming\Intel Corporation [2010.03.17 14:53:35 | 000,000,000 | ---D | M] -- C:\Users\Adi\AppData\Roaming\IrfanView [2010.08.07 00:36:29 | 000,000,000 | ---D | M] -- C:\Users\Adi\AppData\Roaming\Jumping Bytes [2010.02.20 09:34:34 | 000,000,000 | ---D | M] -- C:\Users\Adi\AppData\Roaming\Macromedia [2010.12.11 15:34:50 | 000,000,000 | ---D | M] -- C:\Users\Adi\AppData\Roaming\Malwarebytes [2010.04.24 20:21:32 | 000,000,000 | ---D | M] -- C:\Users\Adi\AppData\Roaming\McNeel [2009.07.14 09:56:41 | 000,000,000 | ---D | M] -- C:\Users\Adi\AppData\Roaming\Media Center Programs [2010.06.02 14:06:10 | 000,000,000 | --SD | M] -- C:\Users\Adi\AppData\Roaming\Microsoft [2010.05.31 10:15:21 | 000,000,000 | ---D | M] -- C:\Users\Adi\AppData\Roaming\MiniDm [2010.08.07 09:42:45 | 000,000,000 | ---D | M] -- C:\Users\Adi\AppData\Roaming\Mobile Master [2010.03.07 09:43:28 | 000,000,000 | ---D | M] -- C:\Users\Adi\AppData\Roaming\Mozilla [2010.05.31 10:05:59 | 000,000,000 | ---D | M] -- C:\Users\Adi\AppData\Roaming\OpenCandy [2010.09.24 22:13:47 | 000,000,000 | ---D | M] -- C:\Users\Adi\AppData\Roaming\Opera [2010.02.22 17:04:54 | 000,000,000 | ---D | M] -- C:\Users\Adi\AppData\Roaming\pdf995 [2010.06.02 21:36:45 | 000,000,000 | ---D | M] -- C:\Users\Adi\AppData\Roaming\Real [2010.12.01 11:41:44 | 000,000,000 | ---D | M] -- C:\Users\Adi\AppData\Roaming\TeamViewer [2010.06.09 21:10:33 | 000,000,000 | ---D | M] -- C:\Users\Adi\AppData\Roaming\Thunderbird [2010.02.22 15:42:39 | 000,000,000 | ---D | M] -- C:\Users\Adi\AppData\Roaming\UDC Profiles [2010.05.31 10:07:02 | 000,000,000 | ---D | M] -- C:\Users\Adi\AppData\Roaming\Uniblue [2010.09.18 17:11:58 | 000,000,000 | ---D | M] -- C:\Users\Adi\AppData\Roaming\vlc [2010.03.19 18:22:43 | 000,000,000 | ---D | M] -- C:\Users\Adi\AppData\Roaming\WinRAR [2010.12.11 17:30:44 | 000,000,000 | ---D | M] -- C:\Users\Adi\AppData\Roaming\Ytdi < %APPDATA%\*.exe /s > [2010.11.13 22:24:21 | 000,053,632 | ---- | M] (Adobe Systems Inc.) -- C:\Users\Adi\AppData\Roaming\Macromedia\Flash Player\www.macromedia.com\bin\airappinstaller\airappinstaller.exe [2010.09.09 13:02:21 | 000,000,766 | R--- | M] () -- C:\Users\Adi\AppData\Roaming\Microsoft\Installer\{3B7DEAA3-F039-401E-9B7D-599084449C70}\NewShortcut4_4.EXE [2010.12.11 17:03:56 | 000,388,096 | R--- | M] (Trend Micro Inc.) -- C:\Users\Adi\AppData\Roaming\Microsoft\Installer\{45A66726-69BC-466B-A7A4-12FCBA4883D7}\HiJackThis.exe [2010.02.20 17:26:25 | 000,010,134 | R--- | M] () -- C:\Users\Adi\AppData\Roaming\Microsoft\Installer\{E3E71D07-CD27-46CB-8448-16D4FB29AA13}\ARPPRODUCTICON.exe [2010.03.05 22:42:26 | 004,004,928 | ---- | M] (Uniblue Systems Ltd ) -- C:\Users\Adi\AppData\Roaming\OpenCandy\5C2EF10FA8404D54B524759A4B96C668\registrybooster(9).exe [2010.05.31 10:05:53 | 000,257,257 | ---- | M] () -- C:\Users\Adi\AppData\Roaming\OpenCandy\OpenCandy_5C2EF10FA8404D54B524759A4B96C668\DLMgr3WrapperUniBlue.exe < %SYSTEMDRIVE%\*.exe > < MD5 for: AGP440.SYS > [2009.07.14 02:26:15 | 000,053,312 | ---- | M] (Microsoft Corporation) MD5=507812C3054C21CEF746B6EE3D04DD6E -- C:\Windows\System32\drivers\AGP440.sys [2009.07.14 02:26:15 | 000,053,312 | ---- | M] (Microsoft Corporation) MD5=507812C3054C21CEF746B6EE3D04DD6E -- C:\Windows\System32\DriverStore\FileRepository\machine.inf_x86_neutral_65848c2d7375a720\AGP440.sys [2009.07.14 02:26:15 | 000,053,312 | ---- | M] (Microsoft Corporation) MD5=507812C3054C21CEF746B6EE3D04DD6E -- C:\Windows\winsxs\x86_machine.inf_31bf3856ad364e35_6.1.7600.16385_none_b9e9435f20046eeb\AGP440.sys < MD5 for: ATAPI.SYS > [2009.07.14 02:26:15 | 000,021,584 | ---- | M] (Microsoft Corporation) MD5=338C86357871C167A96AB976519BF59E -- C:\Windows\System32\drivers\atapi.sys [2009.07.14 02:26:15 | 000,021,584 | ---- | M] (Microsoft Corporation) MD5=338C86357871C167A96AB976519BF59E -- C:\Windows\System32\DriverStore\FileRepository\mshdc.inf_x86_neutral_f64b9c35a3a5be81\atapi.sys [2009.07.14 02:26:15 | 000,021,584 | ---- | M] (Microsoft Corporation) MD5=338C86357871C167A96AB976519BF59E -- C:\Windows\winsxs\x86_mshdc.inf_31bf3856ad364e35_6.1.7600.16385_none_dd0e7e3d82dd640d\atapi.sys < MD5 for: CNGAUDIT.DLL > [2009.07.14 02:15:06 | 000,012,288 | ---- | M] (Microsoft Corporation) MD5=50BA656134F78AF64E4DD3C8B6FEFD7E -- C:\Windows\System32\cngaudit.dll [2009.07.14 02:15:06 | 000,012,288 | ---- | M] (Microsoft Corporation) MD5=50BA656134F78AF64E4DD3C8B6FEFD7E -- C:\Windows\winsxs\x86_microsoft-windows-cngaudit-dll_31bf3856ad364e35_6.1.7600.16385_none_e83a414890e8132b\cngaudit.dll < MD5 for: EVENTLOG.DLL > [2008.06.06 14:03:52 | 000,007,216 | ---- | M] () MD5=C2A279A458A06DE2C83D842AA042B5A8 -- C:\Programme\CyberLink\PowerDirector\EventLog.dll < MD5 for: EXPLORER.EXE > [2009.07.14 02:14:20 | 002,613,248 | ---- | M] (Microsoft Corporation) MD5=15BC38A7492BEFE831966ADB477CF76F -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16385_none_518afd35db100430\explorer.exe [2009.10.31 06:45:39 | 002,614,272 | ---- | M] (Microsoft Corporation) MD5=2626FC9755BE22F805D3CFA0CE3EE727 -- C:\Windows\explorer.exe [2009.10.31 06:45:39 | 002,614,272 | ---- | M] (Microsoft Corporation) MD5=2626FC9755BE22F805D3CFA0CE3EE727 -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16450_none_51a66d6ddafc2ed1\explorer.exe [2009.08.03 06:49:47 | 002,613,248 | ---- | M] (Microsoft Corporation) MD5=9FF6C4C91A3711C0A3B18F87B08B518D -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.20500_none_526619d4f3f142e6\explorer.exe [2009.08.03 06:35:50 | 002,613,248 | ---- | M] (Microsoft Corporation) MD5=B95EEB0F4E5EFBF1038A35B3351CF047 -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16404_none_51e07e31dad00878\explorer.exe [2009.10.31 07:00:51 | 002,614,272 | ---- | M] (Microsoft Corporation) MD5=C76153C7ECA00FA852BB0C193378F917 -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.20563_none_52283b2af41f3691\explorer.exe < MD5 for: IASTOR.SYS > [2009.10.02 12:40:50 | 000,432,664 | ---- | M] (Intel Corporation) MD5=D5EDB998656E6ECF1A17C78DAB019A3C -- C:\Windows\System32\drivers\iaStor.sys [2009.10.02 12:40:50 | 000,432,664 | ---- | M] (Intel Corporation) MD5=D5EDB998656E6ECF1A17C78DAB019A3C -- C:\Windows\System32\DriverStore\FileRepository\iaahci.inf_x86_neutral_c08288e6bf102290\iaStor.sys < MD5 for: IASTORV.SYS > [2009.07.14 02:20:36 | 000,332,352 | ---- | M] (Intel Corporation) MD5=934AF4D7C5F457B9F0743F4299B77B67 -- C:\Windows\System32\drivers\iaStorV.sys [2009.07.14 02:20:36 | 000,332,352 | ---- | M] (Intel Corporation) MD5=934AF4D7C5F457B9F0743F4299B77B67 -- C:\Windows\System32\DriverStore\FileRepository\iastorv.inf_x86_neutral_18cccb83b34e1453\iaStorV.sys [2009.07.14 02:20:36 | 000,332,352 | ---- | M] (Intel Corporation) MD5=934AF4D7C5F457B9F0743F4299B77B67 -- C:\Windows\winsxs\x86_iastorv.inf_31bf3856ad364e35_6.1.7600.16385_none_aee7a89be91b9000\iaStorV.sys < MD5 for: NETLOGON.DLL > [2009.07.14 02:16:02 | 000,563,712 | ---- | M] (Microsoft Corporation) MD5=EAA75D9000B71F10EEC04D2AE6C60E81 -- C:\Windows\System32\netlogon.dll [2009.07.14 02:16:02 | 000,563,712 | ---- | M] (Microsoft Corporation) MD5=EAA75D9000B71F10EEC04D2AE6C60E81 -- C:\Windows\winsxs\x86_microsoft-windows-security-netlogon_31bf3856ad364e35_6.1.7600.16385_none_fd8e0d66994d7dc8\netlogon.dll < MD5 for: NVSTOR.SYS > [2009.07.14 02:20:44 | 000,142,416 | ---- | M] (NVIDIA Corporation) MD5=C99F251A5DE63C6F129CF71933ACED0F -- C:\Windows\System32\drivers\nvstor.sys [2009.07.14 02:20:44 | 000,142,416 | ---- | M] (NVIDIA Corporation) MD5=C99F251A5DE63C6F129CF71933ACED0F -- C:\Windows\System32\DriverStore\FileRepository\nvraid.inf_x86_neutral_5bde3fe2945bce9e\nvstor.sys [2009.07.14 02:20:44 | 000,142,416 | ---- | M] (NVIDIA Corporation) MD5=C99F251A5DE63C6F129CF71933ACED0F -- C:\Windows\winsxs\x86_nvraid.inf_31bf3856ad364e35_6.1.7600.16385_none_39b1194b205239d8\nvstor.sys < MD5 for: SCECLI.DLL > [2009.07.14 02:16:13 | 000,175,616 | ---- | M] (Microsoft Corporation) MD5=26073302DAEA83CC5B944C546D6B47D2 -- C:\Windows\System32\scecli.dll [2009.07.14 02:16:13 | 000,175,616 | ---- | M] (Microsoft Corporation) MD5=26073302DAEA83CC5B944C546D6B47D2 -- C:\Windows\winsxs\x86_microsoft-windows-s..urationengineclient_31bf3856ad364e35_6.1.7600.16385_none_37e4387f3a6f0483\scecli.dll < MD5 for: USER32.DLL > [2009.07.14 02:16:17 | 000,811,520 | ---- | M] (Microsoft Corporation) MD5=34B7E222E81FAFA885F0C5F2CFA56861 -- C:\Windows\System32\user32.dll [2009.07.14 02:16:17 | 000,811,520 | ---- | M] (Microsoft Corporation) MD5=34B7E222E81FAFA885F0C5F2CFA56861 -- C:\Windows\winsxs\x86_microsoft-windows-user32_31bf3856ad364e35_6.1.7600.16385_none_cd0ec264ceb014a3\user32.dll < MD5 for: USERINIT.EXE > [2009.07.14 02:14:43 | 000,026,112 | ---- | M] (Microsoft Corporation) MD5=6DE80F60D7DE9CE6B8C2DDFDF79EF175 -- C:\Windows\System32\userinit.exe [2009.07.14 02:14:43 | 000,026,112 | ---- | M] (Microsoft Corporation) MD5=6DE80F60D7DE9CE6B8C2DDFDF79EF175 -- C:\Windows\winsxs\x86_microsoft-windows-userinit_31bf3856ad364e35_6.1.7600.16385_none_dbff103933038d7c\userinit.exe < MD5 for: WINLOGON.EXE > [2009.10.28 07:17:59 | 000,285,696 | ---- | M] (Microsoft Corporation) MD5=37CDB7E72EB66BA85A87CBE37E7F03FD -- C:\Windows\System32\winlogon.exe [2009.10.28 07:17:59 | 000,285,696 | ---- | M] (Microsoft Corporation) MD5=37CDB7E72EB66BA85A87CBE37E7F03FD -- C:\Windows\winsxs\x86_microsoft-windows-winlogon_31bf3856ad364e35_6.1.7600.16447_none_6fc699643622d177\winlogon.exe [2009.10.28 06:52:08 | 000,285,696 | ---- | M] (Microsoft Corporation) MD5=3BABE6767C78FBF5FB8435FEED187F30 -- C:\Windows\winsxs\x86_microsoft-windows-winlogon_31bf3856ad364e35_6.1.7600.20560_none_703394514f56f7c2\winlogon.exe [2009.07.14 02:14:45 | 000,285,696 | ---- | M] (Microsoft Corporation) MD5=8EC6A4AB12B8F3759E21F8E3A388F2CF -- C:\Windows\winsxs\x86_microsoft-windows-winlogon_31bf3856ad364e35_6.1.7600.16385_none_6f99573a36451166\winlogon.exe < MD5 for: WS2IFSL.SYS > [2009.07.14 00:55:02 | 000,016,384 | ---- | M] (Microsoft Corporation) MD5=6DB3276587B853BF886B69528FDB048C -- C:\Windows\System32\drivers\ws2ifsl.sys [2009.07.14 00:55:02 | 000,016,384 | ---- | M] (Microsoft Corporation) MD5=6DB3276587B853BF886B69528FDB048C -- C:\Windows\winsxs\x86_microsoft-windows-w..rastructure-ws2ifsl_31bf3856ad364e35_6.1.7600.16385_none_4f5cf6f829213bb2\ws2ifsl.sys < %systemroot%\system32\drivers\*.sys /lockedfiles > < %systemroot%\System32\config\*.sav > < %systemroot%\*. /mp /s > < %systemroot%\system32\*.dll /lockedfiles > [2009.07.14 02:15:13 | 000,346,112 | ---- | M] (Microsoft Corporation) Unable to obtain MD5 -- C:\Windows\System32\dxtmsft.dll [2009.07.14 02:15:13 | 000,215,552 | ---- | M] (Microsoft Corporation) Unable to obtain MD5 -- C:\Windows\System32\dxtrans.dll [2009.08.17 23:33:52 | 001,193,832 | ---- | M] (Microsoft Corporation) Unable to obtain MD5 -- C:\Windows\System32\FM20.DLL [2010.09.08 05:28:01 | 000,185,856 | ---- | M] (Microsoft Corporation) Unable to obtain MD5 -- C:\Windows\System32\iepeers.dll [2009.07.14 02:15:36 | 000,226,816 | ---- | M] (Microsoft Corporation) Unable to obtain MD5 -- C:\Windows\System32\LocationApi.dll [2009.07.14 02:15:50 | 001,386,496 | ---- | M] (Microsoft Corporation) Unable to obtain MD5 -- C:\Windows\System32\msvbvm60.dll < End of report > |
11.12.2010, 18:41 | #4 |
| Trojana IE Explorer Hijackthis Log auswerten. OTL EXTRAS Logfile: Code:
ATTFilter OTL Extras logfile created on: 11.12.2010 18:16:56 - Run 1 OTL by OldTimer - Version 3.2.17.3 Folder = C:\Users\Adi\Downloads Home Premium Edition (Version = 6.1.7600) - Type = NTWorkstation Internet Explorer (Version = 8.0.7600.16385) Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy 3,00 Gb Total Physical Memory | 2,00 Gb Available Physical Memory | 62,00% Memory free 6,00 Gb Paging File | 5,00 Gb Available in Paging File | 77,00% Paging File free Paging file location(s): ?:\pagefile.sys [binary data] %SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files Drive C: | 424,66 Gb Total Space | 315,33 Gb Free Space | 74,25% Space Free | Partition Type: NTFS Drive D: | 40,00 Gb Total Space | 30,14 Gb Free Space | 75,36% Space Free | Partition Type: NTFS Drive E: | 7,86 Gb Total Space | 0,00 Gb Free Space | 0,00% Space Free | Partition Type: UDF Computer Name: ADI-PC | User Name: Adi | Logged in as Administrator. Boot Mode: Normal | Scan Mode: All users Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days ========== Extra Registry (SafeList) ========== ========== File Associations ========== [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>] .cpl [@ = cplfile] -- C:\Windows\System32\control.exe (Microsoft Corporation) .hlp [@ = hlpfile] -- C:\Windows\winhlp32.exe (Microsoft Corporation) [HKEY_USERS\S-1-5-21-344039673-3850450743-728163625-1000\SOFTWARE\Classes\<extension>] .html [@ = FirefoxHTML] -- C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation) ========== Shell Spawning ========== [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command] batfile [open] -- "%1" %* cmdfile [open] -- "%1" %* comfile [open] -- "%1" %* cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation) exefile [open] -- "%1" %* helpfile [open] -- Reg Error: Key error. hlpfile [open] -- %SystemRoot%\winhlp32.exe %1 (Microsoft Corporation) inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation) piffile [open] -- "%1" %* regfile [merge] -- Reg Error: Key error. scrfile [config] -- "%1" scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l (Microsoft Corporation) scrfile [open] -- "%1" /S txtfile [edit] -- Reg Error: Key error. Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1 Directory [AddToPlaylistVLC] -- "C:\Program Files\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" () Directory [Bridge] -- C:\Program Files\Adobe\Adobe Bridge CS5\Bridge.exe "%L" (Adobe Systems, Inc.) Directory [Browse with &IrfanView] -- "C:\Program Files\IrfanView\i_view32.exe" "%1 /thumbs" (Irfan Skiljan) Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation) Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation) Directory [OneNote.Open] -- C:\PROGRA~1\MICROS~3\Office12\ONENOTE.EXE "%L" (Microsoft Corporation) Directory [PlayWithVLC] -- "C:\Program Files\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" () Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation) Folder [explore] -- Reg Error: Value error. Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation) ========== Security Center Settings ========== [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center] "cval" = 1 [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\KasperskyAntiVirus] "DisableMonitoring" = 1 "" = [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc] "VistaSp1" = Reg Error: Unknown registry data type -- File not found "AntiVirusOverride" = 0 "AntiSpywareOverride" = 0 "FirewallOverride" = 0 [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol] ========== Firewall Settings ========== [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile] "DisableNotifications" = 0 "EnableFirewall" = 0 [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile] "DisableNotifications" = 0 "EnableFirewall" = 0 [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile] "DisableNotifications" = 0 "EnableFirewall" = 0 ========== Authorized Applications List ========== [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List] ========== HKEY_LOCAL_MACHINE Uninstall List ========== [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall] "_{ADDBE07D-95B8-4789-9C76-187FFF9624B4}" = CorelDRAW Essential Edition 3 "{0001B4FD-9EA3-4D90-A79E-FD14BA3AB01D}" = PDFCreator "{002D9D5E-29BA-3E6D-9BC4-3D7D6DBC735C}" = Microsoft Visual C++ 2008 ATL Update kb973924 - x86 9.0.30729.4148 "{00C1C899-DA84-45DB-A75F-4DF6C108C064}" = MSC.Marc 2005r2 "{01FB4998-33C4-4431-85ED-079E3EEFE75D}" = CyberLink YouCam "{033E378E-6AD3-4AD5-BDEB-CBD69B31046C}" = Microsoft_VC90_ATL_x86 "{06E6E30D-B498-442F-A943-07DE41D7F785}" = Microsoft Search Enhancement Pack "{08D2E121-7F6A-43EB-97FD-629B44903403}" = Microsoft_VC90_CRT_x86 "{0D2DBE8A-43D0-7830-7AE7-CA6C99A832E7}" = Adobe Community Help "{0EF5BEA9-B9D3-46d7-8958-FB69A0BAEACC}" = Status "{0F367CA3-3B2F-43F9-A44A-25A8EE69E45D}" = Scan "{171E6C1E-B5FC-11DF-B115-005056C00008}" = Google Earth Plug-in "{175F0111-2968-4935-8F70-33108C6A4DE3}" = MarketResearch "{196467F1-C11F-4F76-858B-5812ADC83B94}" = MSXML 4.0 SP3 Parser "{1C21A34A-5CBA-4AC2-8EDD-6531C06B520E}" = V-Ray for Rhinoceros "{1EC71BFB-01A3-4239-B6AF-B1AE656B15C0}" = TrayApp "{1FB138CC-5503-4B4A-BC42-81E9C1FF26EE}" = Autodesk Inventor Content Center Libraries 2010 (Desktop Content) "{205C6BDD-7B73-42DE-8505-9A093F35A238}" = Windows Live-Uploadtool "{22B775E7-6C42-4FC5-8E10-9A5E3257BD94}" = MSVCRT "{236BB7C4-4419-42FD-0409-1E257A25E34D}" = Adobe Photoshop CS2 "{26A24AE4-039D-4CA4-87B4-2F83216018FF}" = Java(TM) 6 Update 18 "{2BA722D1-48D1-406E-9123-8AE5431D63EF}" = Windows Live Fotogalerie "{2E1B4B42-069F-4F53-9966-9B9B938D7FE5}" = HP Officejet 6500 E709 Series "{2EEA7AA4-C203-4b90-A34F-19FB7EF1C81C}" = BufferChm "{2FF8C687-DB7D-4adc-A5DC-57983EC25046}" = DeviceDiscovery "{3108C217-BE83-42E4-AE9E-A56A2A92E549}" = Atheros Communications Inc.(R) AR81Family Gigabit/Fast Ethernet Driver "{31A559C1-9E4D-423B-9DD3-34A6C5398752}" = HTC BMP USB Driver "{342F5437-C87D-4BB5-89B9-B23E16C6A395}" = Microsoft VC80 Support DLLs "{38DAE5F5-EC70-4aa5-801B-D11CA0A33B41}" = BPDSoftware "{39D0E034-1042-4905-BECB-5502909FCB7C}" = Microsoft Works "{3B4E636E-9D65-4D67-BA61-189800823F52}" = Windows Live Communications Platform "{3B7DEAA3-F039-401E-9B7D-599084449C70}" = GL Rules And Programs 10.0 2008 "{3E29EE6C-963A-4aae-86C1-DC237C4A49FC}" = Intel(R) Rapid Storage Technology "{3E6F0CAD-EE38-42A5-9EEA-AE17A55BF2D4}" = Firebird SQL Server - MAGIX Edition "{3EFEF049-23D4-4B46-8903-4592FEA51018}" = Windows Live Movie Maker "{40625DE4-DCDB-44FE-84B5-E65F1365BF44}" = V-Ray for Rhinoceros "{40BF1E83-20EB-11D8-97C5-0009C5020658}" = CyberLink Power2Go "{41E654A9-26D0-4EAC-854B-0FA824FFFABB}" = Windows Live Messenger "{43CDF946-F5D9-4292-B006-BA0D92013021}" = WebReg "{440B915A-0C85-45DB-92AE-75AE14704A64}" = Fax "{45A66726-69BC-466B-A7A4-12FCBA4883D7}" = HiJackThis "{46C045BF-2B3F-4BC4-8E4C-00E0CF8BD9DB}" = Adobe AIR "{485D3B61-A754-43C3-8C1E-77804564C2F7}" = MSC.Licensing 9.2 "{489954D1-BFAC-42B5-AF04-5CD630D2E53B}" = Mobile Master "{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater "{4A70EF07-7F88-4434-BB61-D1DE8AE93DD4}" = SolutionCenter "{4E522D27-C896-4CF2-B5F0-17F173F1A5AD}" = Poseidon ND 9.0 "{50566374-A1F2-4608-A173-771BEEFABAEE}" = V-Ray for Rhinoceros "{51C7AD07-C3F6-4635-8E8A-231306D810FE}" = Cisco LEAP Module "{52969324-463B-4643-BF36-854BE2BECB89}" = Autodesk Inventor 2010 Language Pack - Deutsch "{52B97218-98CB-4B8B-9283-D213C85E1AA4}" = Windows Live Anmelde-Assistent "{5545EEE1-FA36-4F76-B6BE-5696E7F4E2D6}" = VBA (2627.01) "{5545EEE4-FA36-4F76-B6BE-5696E7F4E2D6}" = VBA (2701.01) "{55D9E026-DCB0-46FF-B60A-68B972228CF6}" = Autodesk Design Review 2010 "{5783F2D7-8001-0407-0002-0060B0CE6BBA}" = AutoCAD 2010 - Deutsch "{5783F2D7-8001-0407-1002-0060B0CE6BBA}" = AutoCAD 2010 Language Pack - Deutsch "{5783F2D7-8028-0409-0000-0060B0CE6BBA}" = DWG TrueView 2010 "{57F0ED40-8F11-41AA-B926-4A66D0D1A9CC}" = Microsoft Office Live Add-in 1.3 "{57F60D52-630B-43C5-BD20-176F5CD4EED6}" = bpd_scan "{5C2CBFFD-FC3B-4AA9-993B-CE2B8DA25B87}" = Rhinoceros 4.0 "{5EE7D259-D137-4438-9A5F-42F432EC0421}" = VC80CRTRedist - 8.0.50727.4053 "{5FC68772-6D56-41C6-9DF1-24E868198AE6}" = Windows Live Call "{635FED5B-2C6D-49BE-87E6-7A6FCD22BC5A}" = Microsoft_VC90_MFC_x86 "{63FF21C9-A810-464F-B60A-3111747B1A6D}" = GPBaseService2 "{64BF0187-F3D2-498B-99EA-163AF9AE6EC9}" = Cisco EAP-FAST Module "{65153EA5-8B6E-43B6-857B-C6E4FC25798A}" = Intel(R) Management Engine Components "{65DA2EC9-0642-47E9-AAE2-B5267AA14D75}" = Activation Assistant for the 2007 Microsoft Office suites "{6956856F-B6B3-4BE0-BA0B-8F495BE32033}" = Apple Software Update "{69FDFBB6-351D-4B8C-89D8-867DC9D0A2A4}" = Windows Media Player Firefox Plugin "{6A1ACC15-7632-45ba-A3AB-0250EBD4B7DD}" = 6500_E709a "{6B2FFB21-AC88-45C3-9A7D-4BB3E744EC91}" = HPSSupply "{6BBA26E9-AB03-4FE7-831A-3535584CA002}" = Toolbox "{6CC080F1-2E00-41D5-BE47-A3BC784E9DFB}" = BPDSoftware_Ini "{6D6664A9-3342-4948-9B7E-034EFE366F0F}" = HTC Driver Installer "{7059BDA7-E1DB-442C-B7A1-6144596720A4}" = HP Update "{70B7A167-0B88-445D-A3EA-97C73AA88CAC}" = Windows Live Toolbar "{7299052b-02a4-4627-81f2-1818da5d550d}" = Microsoft Visual C++ 2005 Redistributable "{74656168-CF28-40BD-9D87-700B07BAF9B6}" = HTC Sync "{75247E38-5C9B-45D6-ADF8-E11CB56B4990}" = Network "{76618402-179D-4699-A66B-D351C59436BC}" = Windows Live Sync "{770657D0-A123-3C07-8E44-1C83EC895118}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053 "{786C5747-0C40-4930-9AFE-113BCE553101}" = Adobe Stock Photos 1.0 "{7F4DD591-1400-0409-0000-7107D70F3DB4}" = Autodesk Inventor 2010 "{80E158EA-7181-40FE-A701-301CE6BE64AB}" = CyberLink MediaShow "{81A6F461-0DBA-4F12-B56F-0E977EC10576}_is1" = PDF24 Creator "{88EB38EF-4D2C-436D-ABD3-56B232674062}" = ICQ7 "{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight "{8A74E887-8F0F-4017-AF53-CBA42211AAA5}" = Microsoft Sync Framework Runtime Native v1.0 (x86) "{8EDBA74D-0686-4C99-BFDD-F894678E5101}" = Adobe Common File Installer "{90120000-0016-0407-0000-0000000FF1CE}" = Microsoft Office Excel MUI (German) 2007 "{90120000-0016-0407-0000-0000000FF1CE}_HOMESTUDENTR_{9BD40163-B95D-4B07-8991-0AB775B6D88B}" = Microsoft Office 2007 Service Pack 2 (SP2) "{90120000-0017-0000-0000-0000000FF1CE}" = Microsoft Office SharePoint Designer 2007 "{90120000-0017-0000-0000-0000000FF1CE}_SharePointDesigner_{3D019598-7B59-447A-80AE-815B703B84FF}" = Security Update for Microsoft Office system 2007 (972581) "{90120000-0017-0000-0000-0000000FF1CE}_SharePointDesigner_{E1C33B03-3FE9-45BF-91E4-0266F38618C6}" = Microsoft Office SharePoint Designer 2007 Service Pack 2 (SP2) "{90120000-0017-0407-0000-0000000FF1CE}" = Microsoft Office SharePoint Designer MUI (German) 2007 "{90120000-0017-0407-0000-0000000FF1CE}_SharePointDesigner_{0B9EAEAC-F271-45DC-BDCB-06ABEEF19825}" = Microsoft Office SharePoint Designer 2007 Service Pack 2 (SP2) "{90120000-0018-0407-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (German) 2007 "{90120000-0018-0407-0000-0000000FF1CE}_HOMESTUDENTR_{9BD40163-B95D-4B07-8991-0AB775B6D88B}" = Microsoft Office 2007 Service Pack 2 (SP2) "{90120000-001B-0407-0000-0000000FF1CE}" = Microsoft Office Word MUI (German) 2007 "{90120000-001B-0407-0000-0000000FF1CE}_HOMESTUDENTR_{9BD40163-B95D-4B07-8991-0AB775B6D88B}" = Microsoft Office 2007 Service Pack 2 (SP2) "{90120000-001F-0407-0000-0000000FF1CE}" = Microsoft Office Proof (German) 2007 "{90120000-001F-0407-0000-0000000FF1CE}_HOMESTUDENTR_{A0516415-ED61-419A-981D-93596DA74165}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2) "{90120000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2007 "{90120000-001F-0409-0000-0000000FF1CE}_HOMESTUDENTR_{ABDDE972-355B-4AF1-89A8-DA50B7B5C045}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2) "{90120000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2007 "{90120000-001F-040C-0000-0000000FF1CE}_HOMESTUDENTR_{F580DDD5-8D37-4998-968E-EBB76BB86787}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2) "{90120000-001F-0410-0000-0000000FF1CE}" = Microsoft Office Proof (Italian) 2007 "{90120000-001F-0410-0000-0000000FF1CE}_HOMESTUDENTR_{322296D4-1EAE-4030-9FBC-D2787EB25FA2}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2) "{90120000-0020-0407-0000-0000000FF1CE}" = Compatibility Pack für 2007 Office System "{90120000-002C-0407-0000-0000000FF1CE}" = Microsoft Office Proofing (German) 2007 "{90120000-006E-0407-0000-0000000FF1CE}" = Microsoft Office Shared MUI (German) 2007 "{90120000-006E-0407-0000-0000000FF1CE}_HOMESTUDENTR_{26454C26-D259-4543-AA60-3189E09C5F76}" = Microsoft Office 2007 Service Pack 2 (SP2) "{90120000-00A1-0407-0000-0000000FF1CE}" = Microsoft Office OneNote MUI (German) 2007 "{90120000-00A1-0407-0000-0000000FF1CE}_HOMESTUDENTR_{9BD40163-B95D-4B07-8991-0AB775B6D88B}" = Microsoft Office 2007 Service Pack 2 (SP2) "{91120000-002F-0000-0000-0000000FF1CE}" = Microsoft Office Home and Student 2007 "{91120000-002F-0000-0000-0000000FF1CE}_HOMESTUDENTR_{0B36C6D6-F5D8-4EAF-BF94-4376A230AD5B}" = Microsoft Office 2007 Service Pack 2 (SP2) "{91120000-002F-0000-0000-0000000FF1CE}_HOMESTUDENTR_{3D019598-7B59-447A-80AE-815B703B84FF}" = Security Update for Microsoft Office system 2007 (972581) "{9129B46A-51F0-431b-9838-DF7272F3204E}" = ProductContext "{92127AF5-FDD8-4ADF-BC40-C356C9EE0B7D}" = 32 Bit HP CIO Components Installer "{92A51949-EE4C-466D-AAF0-99E74A49A63F}" = DocMgr "{92D58719-BBC1-4CC3-A08B-56C9E884CC2C}" = Microsoft_VC80_CRT_x86 "{95120000-00AF-0407-0000-0000000FF1CE}" = Microsoft Office PowerPoint Viewer 2007 (German) "{95120000-00B9-0409-0000-0000000FF1CE}" = Microsoft Application Error Reporting "{96AE7E41-E34E-47D0-AC07-1091A8127911}" = Realtek USB 2.0 Card Reader "{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 "{9B362566-EC1B-4700-BB9C-EC661BDE2175}" = DocProc "{9B97EC91-B3FD-4BFF-88FC-5345A26AC2E7}" = Adobe Illustrator CS5 "{9D3D8C60-A55F-4fed-B2B9-173F09590E16}" = REALTEK Wireless LAN Driver "{9D8B0949-7C47-476F-9F06-F900D3B078EA}" = Kaspersky Internet Security 2010 "{A062A15F-9CAC-4B88-98DF-87628A0BD721}" = Corel MediaOne "{A334F1BA-0A1D-4ED6-B4F9-4066157CA15D}" = DE "{A78FE97A-C0C8-49CE-89D0-EDD524A17392}" = PDF Settings CS5 "{A8516AC9-AAF1-47F9-9766-03E2D4CDBCF8}" = CyberLink PowerDVD 9 "{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper "{A93944F2-D2D4-4750-BFE7-9A288FEAF2CF}" = Apple Application Support "{AB770FDE-8087-4C98-9A85-BD64262C104C}" = Medion Home Cinema "{AC76BA86-7AD7-1031-7B44-A93000000001}" = Adobe Reader 9.3 - Deutsch "{ADDBE07D-95B8-4789-9C76-187FFF9624B4}" = CorelDRAW Essential Edition 3 "{B2544A03-10D0-4E5E-BA69-0362FFC20D18}" = OGA Notifier 2.0.0048.0 "{B74D4E10-6884-0000-0000-000000000101}" = Adobe Bridge 1.0 "{B7A0CE06-068E-11D6-97FD-0050BACBF861}" = CyberLink PowerProducer "{BAC80EF3-E106-4AEA-8C57-F217F9BC7358}" = Microsoft SQL Server 2005 Compact Edition [DEU] "{BD64AF4A-8C80-4152-AD77-FCDDF05208AB}" = Microsoft Sync Framework Services Native v1.0 (x86) "{BD7204BA-DD64-499E-9B55-6A282CDF4FA4}" = Destinations "{C43326F5-F135-4551-8270-7F7ABA0462E1}" = HPProductAssistant "{C4D738F7-996A-4C81-B8FA-C4E26D767E41}" = Windows Live Mail "{C541BF6F-EC08-4447-8A5B-2A4801465650}" = V-Ray for Rhinoceros "{C59C179C-668D-49A9-B6EA-0121CCFC1243}" = CyberLink LabelPrint "{CB099890-1D5F-11D5-9EA9-0050BAE317E1}" = CyberLink PowerDirector "{D0846526-66DD-4DC9-A02C-98F9A2806812}" = Launch Manager V1.5.0.8 "{D1A19B02-817E-4296-A45B-07853FD74D57}" = Microsoft_VC80_MFC_x86 "{D36DD326-7280-11D8-97C8-000129760CBE}" = CyberLink PhotoNow "{D92BBB52-82FF-42ED-8A3C-4E062F944AB7}" = Microsoft_VC80_MFCLOC_x86 "{DC635845-46D3-404B-BCB1-FC4A91091AFA}" = SmartWebPrinting "{DE13432E-F0C1-4842-A5BA-CC997DA72A70}" = 6500_E709_eDocs "{DE3A9DC5-9A5D-6485-9662-347162C7E4CA}" = Adobe Media Player "{E0A4805D-280A-4DD7-9E74-3A5F85E302A1}" = Windows Live Writer "{E2DFE069-083E-4631-9B6C-43C48E991DE5}" = Junk Mail filter update "{E3D04529-6EDB-11D8-A372-0050BAE317E1}" = CyberLink PowerDVD Copy "{E3E71D07-CD27-46CB-8448-16D4FB29AA13}" = Microsoft WSE 3.0 Runtime "{E9787678-119F-4D52-B551-6739B2B22101}" = Adobe Help Center 1.0 "{EB900AF8-CC61-4E15-871B-98D1EA3E8025}" = QuickTime "{EBA29752-DDD2-4B62-B2E3-9841F92A3E3A}" = Samsung PC Studio 3 USB Driver Installer "{ED5776D5-59B4-46B7-AF81-5F2D94D7C640}" = Cisco PEAP Module "{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}" = Microsoft SQL Server 2005 Compact Edition [ENU] "{F0E12BBA-AD66-4022-A453-A1C8A0C4D570}" = Microsoft Choice Guard "{F0E3AD40-2BBD-4360-9C76-B9AC9A5886EA}" = Intel(R) Graphics Media Accelerator Driver "{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver "{F185B35D-38E5-4D88-B275-15C8C7FC4357}" = 6500_E709_Help "{F428D0FB-765D-40EB-BDD8-A1E7F5C597FA}" = Update Manager "{F4F4F84E-804F-4E9A-84D7-C34283F0088F}" = RealUpgrade 1.0 "{F8FF18EE-264A-43FD-B2F6-5EAD40798C2F}" = Windows Live Essentials "{FE0646A7-19D0-41B4-A2BB-2C35D644270D}" = Windows Live OneCare safety scanner "Activation Assistant for the 2007 Microsoft Office suites" = Activation Assistant for the 2007 Microsoft Office suites "Adobe AIR" = Adobe AIR "Adobe Flash Player ActiveX" = Adobe Flash Player 10 ActiveX "Adobe Flash Player Plugin" = Adobe Flash Player 10 Plugin "Adobe Photoshop CS2 - {236BB7C4-4419-42FD-0409-1E257A25E34D}" = Adobe Photoshop CS2 "Akamai" = Akamai NetSession Interface "ALDI Foto Service D" = ALDI Foto Service "ALDI Nord Foto Manager Free D" = ALDI Nord Foto Manager Free "Aldi Nord Fotoservice_is1" = Aldi Nord Fotoservice "ALDI Nord Online Druck Service D" = ALDI Nord Online Druck Service "AutoCAD 2010 - Deutsch" = AutoCAD 2010 - Deutsch "Autodesk Design Review 2010" = Autodesk Design Review 2010 "Autodesk Inventor 2010" = Autodesk Inventor Professional 2010 "CCleaner" = CCleaner "chc.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1" = Adobe Community Help "com.adobe.amp.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1" = Adobe Media Player "DivX Setup.divx.com" = DivX-Setup "DSMT6" = MathType 6 "DWG TrueView 2010" = DWG TrueView 2010 "EasyCash&Tax_is1" = EasyCash&Tax 1.48 "ElsterFormular 11.3.0.4235" = ElsterFormular "FileZilla Client" = FileZilla Client 3.3.2 "FreeCall_is1" = FreeCall "HEXelon MAX_is1" = HEXelon MAX 6.07 "HOMESTUDENTR" = Microsoft Office Home and Student 2007 "HP Document Manager" = HP Document Manager 2.0 "HP Imaging Device Functions" = HP Imaging Device Functions 13.0 "HP Smart Web Printing" = HP Smart Web Printing 4.51 "HP Solution Center & Imaging Support Tools" = HP Solution Center 13.0 "HPExtendedCapabilities" = HP Customer Participation Program 13.0 "HPOCR" = OCR Software by I.R.I.S. 13.0 "ICQToolbar" = ICQ Toolbar "InstallShield_{01FB4998-33C4-4431-85ED-079E3EEFE75D}" = CyberLink YouCam "InstallShield_{40BF1E83-20EB-11D8-97C5-0009C5020658}" = CyberLink Power2Go "InstallShield_{4E522D27-C896-4CF2-B5F0-17F173F1A5AD}" = Poseidon ND 9.0 "InstallShield_{80E158EA-7181-40FE-A701-301CE6BE64AB}" = CyberLink MediaShow "InstallShield_{A8516AC9-AAF1-47F9-9766-03E2D4CDBCF8}" = CyberLink PowerDVD 9 "InstallShield_{AB770FDE-8087-4C98-9A85-BD64262C104C}" = Medion Home Cinema "InstallShield_{B7A0CE06-068E-11D6-97FD-0050BACBF861}" = CyberLink PowerProducer "InstallShield_{C59C179C-668D-49A9-B6EA-0121CCFC1243}" = CyberLink LabelPrint "InstallShield_{CB099890-1D5F-11D5-9EA9-0050BAE317E1}" = CyberLink PowerDirector "InstallShield_{D36DD326-7280-11D8-97C8-000129760CBE}" = CyberLink PhotoNow "InstallWIX_{9D8B0949-7C47-476F-9F06-F900D3B078EA}" = Kaspersky Internet Security 2010 "IrfanView" = IrfanView (remove only) "Malwarebytes' Anti-Malware_is1" = Malwarebytes' Anti-Malware "MEDION Fotos auf CD & DVD SE Nord D" = MEDION Fotos auf CD & DVD SE Nord "Mobile Master" = Mobile Master 7.7.2 "Mozilla Firefox (3.6.12)" = Mozilla Firefox (3.6.12) "Mozilla Thunderbird (3.0.4)" = Mozilla Thunderbird (3.0.4) "NVIDIA Drivers" = NVIDIA Drivers "Penguin 1.0 SR3" = Penguin 1.0 SR3 "RealPlayer 12.0" = RealPlayer "SAMSUNG Mobile Modem" = SAMSUNG Mobile Modem Driver Set "Samsung Mobile phone USB driver Drive" = Samsung Mobile phone USB driver Drive Software "SAMSUNG Mobile USB Modem" = SAMSUNG Mobile USB Modem Software "SAMSUNG Mobile USB Modem 1.0" = SAMSUNG Mobile USB Modem 1.0 Software "SharePointDesigner" = Microsoft Office SharePoint Designer 2007 "Shop for HP Supplies" = Shop for HP Supplies "SynTPDeinstKey" = Synaptics Pointing Device Driver "TeamViewer 5" = TeamViewer 5 "TeamViewer 6" = TeamViewer 6 "TVWiz" = Intel(R) TV Wizard "Universal Document Converter_is1" = Universal Document Converter (Demo) "VLC media player" = VLC media player 1.0.5 "Windows Live OneCare safety scanner" = Windows Live OneCare safety scanner "WinLiveSuite_Wave3" = Windows Live Essentials "WinRAR archiver" = WinRAR "WM Recorder 11.3" = WM Recorder 11.3 "Zattoo4" = Zattoo4 4.0.5 ========== HKEY_USERS Uninstall List ========== [HKEY_USERS\S-1-5-21-344039673-3850450743-728163625-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall] "InstallShield_{3B7DEAA3-F039-401E-9B7D-599084449C70}" = GL Rules And Programs 10.0 2008 ========== Last 10 Event Log Errors ========== [ Application Events ] Error - 07.12.2010 16:03:45 | Computer Name = Adi-PC | Source = Application Error | ID = 1000 Description = Name der fehlerhaften Anwendung: msnmsgr.exe, Version: 14.0.8089.726, Zeitstempel: 0x4a6ce533 Name des fehlerhaften Moduls: msnmsgr.exe, Version: 14.0.8089.726, Zeitstempel: 0x4a6ce533 Ausnahmecode: 0xc0000005 Fehleroffset: 0x0019d071 ID des fehlerhaften Prozesses: 0x120c Startzeit der fehlerhaften Anwendung: 0x01cb9649c53fe6cb Pfad der fehlerhaften Anwendung: C:\Program Files\Windows Live\Messenger\msnmsgr.exe Pfad des fehlerhaften Moduls: C:\Program Files\Windows Live\Messenger\msnmsgr.exe Berichtskennung: 1859f670-023d-11e0-8926-001f163904f8 Error - 07.12.2010 16:03:55 | Computer Name = Adi-PC | Source = Application Error | ID = 1000 Description = Name der fehlerhaften Anwendung: msnmsgr.exe, Version: 14.0.8089.726, Zeitstempel: 0x4a6ce533 Name des fehlerhaften Moduls: msnmsgr.exe, Version: 14.0.8089.726, Zeitstempel: 0x4a6ce533 Ausnahmecode: 0xc0000005 Fehleroffset: 0x0019d071 ID des fehlerhaften Prozesses: 0x120c Startzeit der fehlerhaften Anwendung: 0x01cb9649c53fe6cb Pfad der fehlerhaften Anwendung: C:\Program Files\Windows Live\Messenger\msnmsgr.exe Pfad des fehlerhaften Moduls: C:\Program Files\Windows Live\Messenger\msnmsgr.exe Berichtskennung: 1e783fe4-023d-11e0-8926-001f163904f8 Error - 09.12.2010 15:39:02 | Computer Name = Adi-PC | Source = Application Error | ID = 1000 Description = Name der fehlerhaften Anwendung: EXCEL.EXE, Version: 12.0.6545.5000, Zeitstempel: 0x4c654035 Name des fehlerhaften Moduls: oart.dll, Version: 12.0.6425.1000, Zeitstempel: 0x49d64f6c Ausnahmecode: 0xc0000005 Fehleroffset: 0x0030f88b ID des fehlerhaften Prozesses: 0x1740 Startzeit der fehlerhaften Anwendung: 0x01cb97cd30e2cbec Pfad der fehlerhaften Anwendung: C:\Program Files\Microsoft Office\Office12\EXCEL.EXE Pfad des fehlerhaften Moduls: C:\Program Files\Microsoft Office\Office12\oart.dll Berichtskennung: f910f954-03cb-11e0-89cf-001f163904f8 Error - 10.12.2010 10:10:09 | Computer Name = Adi-PC | Source = Application Error | ID = 1000 Description = Name der fehlerhaften Anwendung: msnmsgr.exe, Version: 14.0.8089.726, Zeitstempel: 0x4a6ce533 Name des fehlerhaften Moduls: unknown, Version: 0.0.0.0, Zeitstempel: 0x00000000 Ausnahmecode: 0xc0000005 Fehleroffset: 0xe04d8bff ID des fehlerhaften Prozesses: 0x518 Startzeit der fehlerhaften Anwendung: 0x01cb9873dfb710b8 Pfad der fehlerhaften Anwendung: C:\Program Files\Windows Live\Messenger\msnmsgr.exe Pfad des fehlerhaften Moduls: unknown Berichtskennung: 31a2536a-0467-11e0-82db-001f163904f8 Error - 10.12.2010 13:20:49 | Computer Name = Adi-PC | Source = Application Error | ID = 1000 Description = Name der fehlerhaften Anwendung: svchost.exe, Version: 6.1.7600.16385, Zeitstempel: 0x4a5bc100 Name des fehlerhaften Moduls: unknown, Version: 0.0.0.0, Zeitstempel: 0x00000000 Ausnahmecode: 0xc0000005 Fehleroffset: 0x002333e0 ID des fehlerhaften Prozesses: 0x370 Startzeit der fehlerhaften Anwendung: 0x01cb9882ac023918 Pfad der fehlerhaften Anwendung: C:\Windows\system32\svchost.exe Pfad des fehlerhaften Moduls: unknown Berichtskennung: d489e93f-0481-11e0-9cd3-001f163904f8 Error - 10.12.2010 15:50:47 | Computer Name = Adi-PC | Source = Application Error | ID = 1000 Description = Name der fehlerhaften Anwendung: svchost.exe, Version: 6.1.7600.16385, Zeitstempel: 0x4a5bc100 Name des fehlerhaften Moduls: unknown, Version: 0.0.0.0, Zeitstempel: 0x00000000 Ausnahmecode: 0xc0000005 Fehleroffset: 0x001433e0 ID des fehlerhaften Prozesses: 0x31c Startzeit der fehlerhaften Anwendung: 0x01cb988ed9d6a68f Pfad der fehlerhaften Anwendung: C:\Windows\system32\svchost.exe Pfad des fehlerhaften Moduls: unknown Berichtskennung: c7e64fdb-0496-11e0-8887-001f163904f8 Error - 10.12.2010 21:57:08 | Computer Name = Adi-PC | Source = Application Error | ID = 1000 Description = Name der fehlerhaften Anwendung: svchost.exe, Version: 6.1.7600.16385, Zeitstempel: 0x4a5bc100 Name des fehlerhaften Moduls: unknown, Version: 0.0.0.0, Zeitstempel: 0x00000000 Ausnahmecode: 0xc0000005 Fehleroffset: 0x001e33e0 ID des fehlerhaften Prozesses: 0x31c Startzeit der fehlerhaften Anwendung: 0x01cb98a3cea84429 Pfad der fehlerhaften Anwendung: C:\Windows\system32\svchost.exe Pfad des fehlerhaften Moduls: unknown Berichtskennung: f5bb38d6-04c9-11e0-b1ef-001f163904f8 Error - 11.12.2010 07:50:09 | Computer Name = Adi-PC | Source = Application Error | ID = 1000 Description = Name der fehlerhaften Anwendung: Ofk.exe, Version: 0.0.0.0, Zeitstempel: 0x4cfcf903 Name des fehlerhaften Moduls: unknown, Version: 0.0.0.0, Zeitstempel: 0x00000000 Ausnahmecode: 0xc0000005 Fehleroffset: 0x00000000 ID des fehlerhaften Prozesses: 0x87c Startzeit der fehlerhaften Anwendung: 0x01cb9927cb51e9b7 Pfad der fehlerhaften Anwendung: C:\Users\Adi\AppData\Local\Temp\Ofk.exe Pfad des fehlerhaften Moduls: unknown Berichtskennung: cd77794b-051c-11e0-9069-001f163904f8 Error - 11.12.2010 07:50:17 | Computer Name = Adi-PC | Source = Application Error | ID = 1000 Description = Name der fehlerhaften Anwendung: Ofk.exe, Version: 0.0.0.0, Zeitstempel: 0x4cfcf903 Name des fehlerhaften Moduls: ntdll.dll, Version: 6.1.7600.16385, Zeitstempel: 0x4a5bdadb Ausnahmecode: 0xc0000028 Fehleroffset: 0x0008dea0 ID des fehlerhaften Prozesses: 0x87c Startzeit der fehlerhaften Anwendung: 0x01cb9927cb51e9b7 Pfad der fehlerhaften Anwendung: C:\Users\Adi\AppData\Local\Temp\Ofk.exe Pfad des fehlerhaften Moduls: C:\Windows\SYSTEM32\ntdll.dll Berichtskennung: d1f531ef-051c-11e0-9069-001f163904f8 Error - 11.12.2010 08:21:48 | Computer Name = Adi-PC | Source = Application Hang | ID = 1002 Description = Programm explorer.exe, Version 6.1.7600.16450 kann nicht mehr unter Windows ausgeführt werden und wurde beendet. Überprüfen Sie den Problemverlauf in der Wartungscenter-Systemsteuerung, um nach weiteren Informationen zum Problem zu suchen. Prozess-ID: 17a4 Startzeit: 01cb992dad04b2ac Endzeit: 28 Anwendungspfad: C:\Windows\explorer.exe Berichts-ID: 31bde729-0521-11e0-9069-001f163904f8 [ OSession Events ] Error - 28.08.2010 10:45:02 | Computer Name = Adi-PC | Source = Microsoft Office 12 Sessions | ID = 7001 Description = ID: 7, Application Name: Microsoft Office SharePoint Designer, Application Version: 12.0.6423.1000, Microsoft Office Version: 12.0.6425.1000. This session lasted 1944 seconds with 840 seconds of active time. This session ended with a crash. Error - 09.12.2010 15:39:01 | Computer Name = Adi-PC | Source = Microsoft Office 12 Sessions | ID = 7001 Description = ID: 1, Application Name: Microsoft Office Excel, Application Version: 12.0.6545.5000, Microsoft Office Version: 12.0.6425.1000. This session lasted 4956 seconds with 2940 seconds of active time. This session ended with a crash. [ System Events ] Error - 11.12.2010 07:48:07 | Computer Name = Adi-PC | Source = DCOM | ID = 10010 Description = Error - 11.12.2010 12:31:52 | Computer Name = Adi-PC | Source = EventLog | ID = 6008 Description = Das System wurde zuvor am ?11.?12.?2010 um 17:30:50 unerwartet heruntergefahren. Error - 11.12.2010 12:31:55 | Computer Name = Adi-PC | Source = Service Control Manager | ID = 7009 Description = Das Zeitlimit (30000 ms) wurde beim Verbindungsversuch mit dem Dienst MSC.Licensing 9.2 erreicht. Error - 11.12.2010 12:31:55 | Computer Name = Adi-PC | Source = Service Control Manager | ID = 7000 Description = Der Dienst "MSC.Licensing 9.2" wurde aufgrund folgenden Fehlers nicht gestartet: %%1053 Error - 11.12.2010 12:31:55 | Computer Name = Adi-PC | Source = Service Control Manager | ID = 7000 Description = Der Dienst "NetGroup Packet Filter Driver" wurde aufgrund folgenden Fehlers nicht gestartet: %%2 Error - 11.12.2010 12:52:33 | Computer Name = Adi-PC | Source = Service Control Manager | ID = 7009 Description = Das Zeitlimit (30000 ms) wurde beim Verbindungsversuch mit dem Dienst MSC.Licensing 9.2 erreicht. Error - 11.12.2010 12:52:33 | Computer Name = Adi-PC | Source = Service Control Manager | ID = 7000 Description = Der Dienst "MSC.Licensing 9.2" wurde aufgrund folgenden Fehlers nicht gestartet: %%1053 Error - 11.12.2010 12:52:33 | Computer Name = Adi-PC | Source = Service Control Manager | ID = 7000 Description = Der Dienst "NetGroup Packet Filter Driver" wurde aufgrund folgenden Fehlers nicht gestartet: %%2 Error - 11.12.2010 12:53:04 | Computer Name = Adi-PC | Source = Service Control Manager | ID = 7009 Description = Das Zeitlimit (30000 ms) wurde beim Verbindungsversuch mit dem Dienst Intel(R) Rapid Storage Technology erreicht. Error - 11.12.2010 12:53:04 | Computer Name = Adi-PC | Source = Service Control Manager | ID = 7000 Description = Der Dienst "Intel(R) Rapid Storage Technology" wurde aufgrund folgenden Fehlers nicht gestartet: %%1053 < End of report > |
11.12.2010, 19:27 | #5 |
/// Malware-holic | Trojana IE Explorer Hijackthis Log auswerten. • Starte bitte die OTL.exe • Kopiere nun das Folgende in die Textbox. :OTL SRV - (rpcapd) Remote Packet Capture Protocol v.0 (experimental) -- C:\Program Files\WinPcap\rpcapd.exe -d -f %ProgramFiles%\WinPcap\rpcapd.ini File not found O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - No CLSID value found. O4 - HKU\S-1-5-21-344039673-3850450743-728163625-1000..\Run: [lrodwv] C:\Users\Adi\AppData\Roaming\MP3DMOD8.DLL (Microsoft Corporation) [2010.12.11 17:50:46 | 000,000,000 | ---D | M] -- C:\Users\Adi\AppData\Roaming\Faatke [2010.12.11 17:30:44 | 000,000,000 | ---D | M] -- C:\Users\Adi\AppData\Roaming\Ytdi :Files :Commands [purity] [EMPTYFLASH] [emptytemp] [Reboot] • Schliesse bitte nun alle Programme. • Klicke nun bitte auf den Fix Button. • OTL kann gegebenfalls einen Neustart verlangen. Bitte dies zulassen. • Nach dem Neustart findest Du ein Textdokument, dessen inhalt in deiner nächsten antwort posten. öffne mein computer, c: dann _OTL dort rechtsklick auf moved files wähle zu moved files.rar oder zip hinzufügen. lade das archiv in unserem upload channel hoch. http://www.trojaner-board.de/54791-a...ner-board.html
__________________ -Verdächtige mails bitte an uns zur Analyse weiterleiten: markusg.trojaner-board@web.de Weiterleiten Anleitung: http://markusg.trojaner-board.de Mails bitte vorerst nach obiger Anleitung an markusg.trojaner-board@web.de Weiterleiten Wenn Ihr uns unterstützen möchtet |
14.12.2010, 15:42 | #6 |
| Trojana IE Explorer Hijackthis Log auswerten. Hi, jedesmal, wenn ich das machen, was du gesagt hast, dann stürzt das System ab. Ich weiß jetzt nicht woher ich die Text datei kriege, die er als Ergebnis anlegt. |
14.12.2010, 17:16 | #7 |
/// Malware-holic | Trojana IE Explorer Hijackthis Log auswerten. dann lad das moved archiv mal hoch und ich schaue
__________________ -Verdächtige mails bitte an uns zur Analyse weiterleiten: markusg.trojaner-board@web.de Weiterleiten Anleitung: http://markusg.trojaner-board.de Mails bitte vorerst nach obiger Anleitung an markusg.trojaner-board@web.de Weiterleiten Wenn Ihr uns unterstützen möchtet |
14.12.2010, 18:16 | #8 |
| Trojana IE Explorer Hijackthis Log auswerten. so, ist jetzt hochgeladen. |
14.12.2010, 18:27 | #9 |
/// Malware-holic | Trojana IE Explorer Hijackthis Log auswerten. bitte erstelle und poste ein combofix log. Ein Leitfaden und Tutorium zur Nutzung von ComboFix
__________________ -Verdächtige mails bitte an uns zur Analyse weiterleiten: markusg.trojaner-board@web.de Weiterleiten Anleitung: http://markusg.trojaner-board.de Mails bitte vorerst nach obiger Anleitung an markusg.trojaner-board@web.de Weiterleiten Wenn Ihr uns unterstützen möchtet |
15.12.2010, 15:42 | #10 |
| Trojana IE Explorer Hijackthis Log auswerten. Combofix Logfile: Code:
ATTFilter ComboFix 10-12-14.05 - Adi 15.12.2010 15:14:42.1.4 - x86 Microsoft Windows 7 Home Premium 6.1.7600.0.1252.49.1031.18.3255.1896 [GMT 1:00] ausgeführt von:: c:\users\Adi\Downloads\ComboFix.exe AV: Kaspersky Internet Security *Disabled/Outdated* {AE1D740B-8F0F-D137-211D-873D44B3F4AE} FW: Kaspersky Internet Security *Disabled* {9626F52E-C560-D06F-0A42-2E08BA60B3D5} SP: Kaspersky Internet Security *Disabled/Updated* {157C95EF-A935-DEB9-1BAD-BC4F3F34BE13} SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46} . (((((((((((((((((((((((((((((((((((( Weitere Löschungen )))))))))))))))))))))))))))))))))))))))))))))))) . c:\program files\DivX\DivX Plus Web Player\npdivx32.dll c:\program files\WinPCap c:\users\Adi\AppData\Roaming\Faatke\emikl.exe c:\users\Adi\AppData\Roaming\Local c:\users\Adi\AppData\Roaming\MP3DMOD8.dll c:\windows\Downloaded Program Files\IDropPTB.dll c:\windows\system32\Packet.dll c:\windows\system32\rclumad.exe c:\windows\system32\wpcap.dll F:\AUTORUN.INF . ((((((((((((((((((((((((((((((((((((((( Treiber/Dienste ))))))))))))))))))))))))))))))))))))))))))))))))) . -------\Legacy_NPF -------\Service_NPF -------\Service_rcluma ((((((((((((((((((((((( Dateien erstellt von 2010-11-15 bis 2010-12-15 )))))))))))))))))))))))))))))) . 2010-12-15 14:23 . 2010-12-15 14:23 -------- d-----w- c:\users\Default\AppData\Local\temp 2010-12-14 20:10 . 2010-12-14 20:10 28160 ----a-w- c:\windows\system32\mfc70d32.dll 2010-12-14 12:11 . 2010-12-14 17:14 -------- d-----w- C:\_OTL 2010-12-11 16:03 . 2010-12-11 16:03 388096 ----a-r- c:\users\Adi\AppData\Roaming\Microsoft\Installer\{45A66726-69BC-466B-A7A4-12FCBA4883D7}\HiJackThis.exe 2010-12-11 16:03 . 2010-12-11 16:03 -------- d-----w- c:\program files\Trend Micro 2010-12-11 14:34 . 2010-12-11 14:34 -------- d-----w- c:\users\Adi\AppData\Roaming\Malwarebytes 2010-12-11 14:34 . 2010-11-29 16:42 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys 2010-12-11 14:34 . 2010-11-29 16:42 20952 ----a-w- c:\windows\system32\drivers\mbam.sys 2010-12-11 14:34 . 2010-12-11 14:34 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware 2010-12-11 14:21 . 2010-12-11 14:21 -------- d-----w- c:\program files\CCleaner 2010-12-11 12:07 . 2010-12-11 12:07 -------- d-----w- c:\users\Adi\AppData\Roaming\Fighters 2010-12-11 12:07 . 2010-12-11 12:07 -------- d-----w- c:\users\Adi\AppData\Local\PackageAware 2010-12-01 10:38 . 2010-12-01 10:38 -------- d-----w- c:\program files\QS 2010-11-23 11:21 . 2010-12-11 16:50 -------- d-----w- c:\users\Adi\AppData\Roaming\Faatke . (((((((((((((((((((((((((((((((((((( Find3M Bericht )))))))))))))))))))))))))))))))))))))))))))))))))))))) . 2010-11-12 00:44 . 2010-11-12 00:44 94208 ----a-w- c:\windows\system32\dpl100.dll 2010-11-08 22:57 . 2010-11-08 22:57 353592 ----a-w- c:\windows\system32\DivXControlPanelApplet.cpl 2010-10-19 09:41 . 2010-01-14 05:58 222080 ------w- c:\windows\system32\MpSigStub.exe . (((((((((((((((((((((((((((( Autostartpunkte der Registrierung )))))))))))))))))))))))))))))))))))))))) . . *Hinweis* leere Einträge & legitime Standardeinträge werden nicht angezeigt. REGEDIT4 [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "msnmsgr"="c:\program files\Windows Live\Messenger\msnmsgr.exe" [2009-07-26 3883840] "Sidebar"="c:\program files\Windows Sidebar\sidebar.exe" [2009-07-14 1173504] "ICQ"="c:\program files\ICQ7.0\ICQ.exe" [2010-10-27 133432] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "HotkeyApp"="c:\program files\Launch Manager\HotkeyApp.exe" [2009-12-14 200704] "LMgrVolOSD"="c:\program files\Launch Manager\OSD.exe" [2009-12-11 348960] "Wbutton"="c:\program files\Launch Manager\Wbutton.exe" [2010-01-13 413696] "CLMLServer"="c:\program files\CyberLink\Power2Go\CLMLSvc.exe" [2009-11-02 103720] "PDVD9LanguageShortcut"="c:\program files\CyberLink\PowerDVD9\Language\Language.exe" [2009-04-27 50472] "UCam_Menu"="c:\program files\CyberLink\YouCam\MUITransfer\MUIStartMenu.exe" [2009-05-19 222504] "RtHDVCpl"="c:\program files\Realtek\Audio\HDA\RtHDVCpl.exe" [2010-01-12 8423968] "RtHDVBg"="c:\program files\Realtek\Audio\HDA\RtHDVBg.exe" [2010-01-12 678432] "IgfxTray"="c:\windows\system32\igfxtray.exe" [2009-11-24 141848] "HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2009-11-24 175640] "Persistence"="c:\windows\system32\igfxpers.exe" [2009-11-24 166936] "IAStorIcon"="c:\program files\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe" [2009-10-02 284696] "NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2010-01-14 14817896] "PDFPrint"="c:\program files\pdf24\pdf24.exe" [2010-02-22 207504] "AVP"="c:\program files\Kaspersky Lab\Kaspersky Internet Security 2010\avp.exe" [2009-10-20 340456] "TkBellExe"="c:\program files\Common Files\Real\Update_OB\realsched.exe" [2010-05-31 202256] "QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2010-08-10 421888] "HP Software Update"="c:\program files\HP\HP Software Update\HPWuSchd2.exe" [2007-05-08 54840] "AdobeAAMUpdater-1.0"="c:\program files\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe" [2010-03-06 500208] "HTC Sync Loader"="c:\program files\HTC\HTC Sync 3.0\htcUPCTLoader.exe" [2010-10-28 294912] "AdobeCS5ServiceManager"="c:\program files\Common Files\Adobe\CS5ServiceManager\CS5ServiceManager.exe" [2010-02-22 406992] "Malwarebytes' Anti-Malware (reboot)"="c:\program files\Malwarebytes' Anti-Malware\mbam.exe" [2010-11-29 963976] "DivXUpdate"="c:\program files\DivX\DivX Update\DivXUpdate.exe" [2010-12-08 1226608] "DivX Download Manager"="c:\program files\DivX\DivX Plus Web Player\DDmService.exe" [2010-12-08 63360] c:\users\Adi\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\ Adobe Gamma.lnk - c:\program files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe [2005-3-16 113664] c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\ DRSpawner.lnk - c:\programdata\ASGvis\DRSpawner\DRSpawner.exe [2010-6-16 2080768] HP Digital Imaging Monitor.lnk - c:\program files\HP\Digital Imaging\bin\hpqtra08.exe [2009-9-23 270336] [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system] "ConsentPromptBehaviorAdmin"= 5 (0x5) "ConsentPromptBehaviorUser"= 3 (0x3) "EnableUIADesktopToggle"= 0 (0x0) [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows] "AppInit_DLLs"=c:\windows\System32\nvinit.dll c:\progra~1\KASPER~1\KASPER~1\mzvkbd3.dll c:\progra~1\KASPER~1\KASPER~1\kloehk.dll [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32] "aux1"=wdmaud.drv [HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\KasperskyAntiVirus] "DisableMonitoring"=dword:00000001 R2 gupdate;Google Update Service (gupdate);c:\program files\Google\Update\GoogleUpdate.exe [2010-10-13 136176] R2 MSC.Licensing 9.2;MSC.Licensing 9.2;c:\msc.software\MSC.Licensing\9.2\lmgrd.exe [2003-08-04 659456] R3 FirebirdServerMAGIXInstance;Firebird Server - MAGIX Instance;c:\program files\Common Files\MAGIX Services\Database\bin\fbserver.exe [2008-08-07 3276800] R3 htcnprot;HTC NDIS Protocol Driver;c:\windows\system32\DRIVERS\htcnprot.sys [2010-06-23 23040] R3 RSUSBSTOR;RtsUStor.Sys Realtek USB Card Reader;c:\windows\System32\Drivers\RtsUStor.sys [2009-07-30 171520] R3 RtsUIR;Realtek IR Driver;c:\windows\system32\DRIVERS\Rts516xIR.sys [x] R3 WatAdminSvc;Windows-Aktivierungstechnologieservice;c:\windows\system32\Wat\WatAdminSvc.exe [2010-10-08 1343400] S0 klbg;Kaspersky Lab Boot Guard Driver;c:\windows\system32\drivers\klbg.sys [2009-10-14 36880] S1 KLIM6;Kaspersky Anti-Virus NDIS 6 Filter;c:\windows\system32\DRIVERS\klim6.sys [2009-09-14 21520] S1 vwififlt;Virtual WiFi Filter Driver;c:\windows\system32\DRIVERS\vwififlt.sys [2009-07-13 48128] S2 Akamai;Akamai NetSession Interface;c:\windows\System32\svchost.exe [2009-07-14 20992] S2 Fabs;FABS - Helping agent for MAGIX media database;c:\program files\Common Files\MAGIX Services\Database\bin\FABS.exe [2009-02-03 1155072] S2 IAStorDataMgrSvc;Intel(R) Rapid Storage Technology;c:\program files\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe [2009-10-02 13336] S2 ICQ Service;ICQ Service;c:\program files\ICQ6Toolbar\ICQ Service.exe [2010-01-03 246520] S2 PassThru Service;Internet Pass-Through Service;c:\program files\HTC\Internet Pass-Through\PassThruSvr.exe [2010-09-16 80896] S2 TeamViewer5;TeamViewer 5;c:\program files\TeamViewer\Version5\TeamViewer_Service.exe [2010-05-21 173352] S2 TeamViewer6;TeamViewer 6;c:\program files\TeamViewer\Version6\TeamViewer_Service.exe [2010-11-30 2222376] S2 UNS;Intel(R) Management & Security Application User Notification Service;c:\program files\Intel\Intel(R) Management Engine Components\UNS\UNS.exe [2009-12-10 2320920] S3 Impcd;Impcd;c:\windows\system32\DRIVERS\Impcd.sys [2009-10-26 125696] S3 IntcDAud;Intel(R) Display-Audio;c:\windows\system32\DRIVERS\IntcDAud.sys [2009-10-30 209920] S3 klmouflt;Kaspersky Lab KLMOUFLT;c:\windows\system32\DRIVERS\klmouflt.sys [2009-10-02 19472] S3 L1C;NDIS Miniport Driver for Atheros AR813x/AR815x PCI-E Ethernet Controller;c:\windows\system32\DRIVERS\L1C62x86.sys [2009-11-13 58368] S3 rtl8192se;Realtek Wireless LAN 802.11n PCI-E NIC NT Driver;c:\windows\system32\DRIVERS\rtl8192se.sys [2009-12-16 991776] S3 WisLMSvc;WisLMSvc;c:\program files\Launch Manager\WisLMSvc.exe [2009-10-22 118560] [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost] Akamai REG_MULTI_SZ Akamai HPZ12 REG_MULTI_SZ Pml Driver HPZ12 Net Driver HPZ12 HPService REG_MULTI_SZ HPSLPSVC hpdevmgmt REG_MULTI_SZ hpqcxs08 hpqddsvc . Inhalt des "geplante Tasks" Ordners 2010-12-15 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job - c:\program files\Google\Update\GoogleUpdate.exe [2010-10-13 13:51] 2010-12-15 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job - c:\program files\Google\Update\GoogleUpdate.exe [2010-10-13 13:51] . . ------- Zusätzlicher Suchlauf ------- . uStart Page = hxxp://start.icq.com/ uInternet Settings,ProxyOverride = ;;;<local> IE: Nach Microsoft E&xel exportieren - c:\progra~1\MICROS~3\Office12\EXCEL.EXE/3000 IE: {{0B65DCC9-1740-43dc-B19C-4F309FB6A6CA} - eBay - eine der größten deutschen Shopping-Websites DPF: {32C3FEAE-0877-4767-8C20-62A5829A0945} - hxxp://static.ak.facebook.com/fbplugin/win32/axfbootloader.cab FF - ProfilePath - c:\users\Adi\AppData\Roaming\Mozilla\Firefox\Profiles\nucoh7a2.default\ FF - Ext: Default: {972ce4c6-7e08-4474-a285-3208198ce6fd} - c:\program files\Mozilla Firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd} FF - Ext: Kaspersky URL Advisor: linkfilter@kaspersky.ru - c:\program files\Mozilla Firefox\extensions\linkfilter@kaspersky.ru FF - Ext: RealPlayer Browser Record Plugin: {ABDE892B-13A8-4d1b-88E6-365A6E755758} - c:\programdata\Real\RealPlayer\BrowserRecordPlugin\Firefox\Ext FF - Ext: HP Smart Web Printing: smartwebprinting@hp.com - c:\program files\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3 FF - Ext: DivX Plus Web Player HTML5 <video>: {23fcfd51-4958-4f00-80a3-ae97e717ed8b} - c:\program files\DivX\DivX Plus Web Player\firefox\html5video FF - Ext: DivX HiQ: {6904342A-8307-11DF-A508-4AE2DFD72085} - c:\program files\DivX\DivX Plus Web Player\firefox\wpa FF - Ext: Veoh Video Compass: searchrecs@veoh.com - %profile%\extensions\searchrecs@veoh.com FF - Ext: TradeManager-Plugin: {4D144BC3-23FB-47de-90C5-63CCB0139CCF} - %profile%\extensions\{4D144BC3-23FB-47de-90C5-63CCB0139CCF} FF - Ext: YouTube to MP3: youtube2mp3@mondayx.de - %profile%\extensions\youtube2mp3@mondayx.de FF - Ext: HP Smart Web Printing: smartwebprinting@hp.com - c:\program files\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3 FF - user.js: network.cookie.cookieBehavior - 0 FF - user.js: privacy.clearOnShutdown.cookies - false FF - user.js: security.warn_viewing_mixed - false FF - user.js: security.warn_viewing_mixed.show_once - false FF - user.js: security.warn_submit_insecure - false FF - user.js: security.warn_submit_insecure.show_once - false . . ------- Dateityp-Verknüpfung ------- . .scr=AutoCADScriptFile . - - - - Entfernte verwaiste Registrierungseinträge - - - - BHO-{326E768D-4182-46FD-9C16-1449A49795F4} - c:\program files\DivX\DivX Plus Web Player\npdivx32.dll BHO-{593DDEC6-7468-4cdd-90E1-42DADAA222E9} - c:\program files\DivX\DivX Plus Web Player\npdivx32.dll HKCU-Run-lrodwv - c:\users\Adi\AppData\Roaming\MP3DMOD8.dll HKCU-Run-{F73ADF44-D944-82F7-7915-DBF6AC7BAABA} - c:\users\Adi\AppData\Roaming\Faatke\emikl.exe HKLM-Run-LMgrOSD - c:\program files\Launch Manager\OSDCtrl.exe HKLM-Run-SynTPEnh - %ProgramFiles%\Synaptics\SynTP\SynTPEnh.exe AddRemove-_{ADDBE07D-95B8-4789-9C76-187FFF9624B4} - c:\program files\Corel\CorelDRAW Essential Edition 3\Programs\MSILauncher {ADDBE07D-95B8-4789-9C76-187FFF9624B4} . --------------------- Gesperrte Registrierungsschluessel --------------------- [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security] @Denied: (Full) (Everyone) . ------------------------ Weitere laufende Prozesse ------------------------ . c:\windows\system32\nvvsvc.exe c:\windows\system32\nvvsvc.exe c:\program files\Intel\Intel(R) Management Engine Components\LMS\LMS.exe c:\windows\system32\PSIService.exe c:\program files\CyberLink\Shared files\RichVideo.exe c:\program files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe c:\windows\system32\taskhost.exe c:\windows\system32\conhost.exe c:\program files\Synaptics\SynTP\SynTPEnh.exe c:\windows\system32\igfxsrvc.exe c:\program files\Synaptics\SynTP\SynTPHelper.exe c:\program files\Common Files\Adobe\OOBE\PDApp\UWA\AAM Updates Notifier.exe c:\program files\HP\Digital Imaging\bin\hpqSTE08.exe c:\program files\HP\Digital Imaging\bin\hpqbam08.exe c:\program files\HP\Digital Imaging\bin\hpqgpc01.exe c:\windows\system32\sppsvc.exe c:\program files\Windows Media Player\wmpnetwk.exe . ************************************************************************** . Zeit der Fertigstellung: 2010-12-15 15:31:32 - PC wurde neu gestartet ComboFix-quarantined-files.txt 2010-12-15 14:31 Vor Suchlauf: 11 Verzeichnis(se), 333.772.746.752 Bytes frei Nach Suchlauf: 16 Verzeichnis(se), 334.507.565.056 Bytes frei - - End Of File - - 24A1EAD2A23675B962618C15384A8AF4 |
15.12.2010, 15:46 | #11 |
/// Malware-holic | Trojana IE Explorer Hijackthis Log auswerten. wie läuft er jetzt?
__________________ -Verdächtige mails bitte an uns zur Analyse weiterleiten: markusg.trojaner-board@web.de Weiterleiten Anleitung: http://markusg.trojaner-board.de Mails bitte vorerst nach obiger Anleitung an markusg.trojaner-board@web.de Weiterleiten Wenn Ihr uns unterstützen möchtet |
15.12.2010, 15:51 | #12 |
| Trojana IE Explorer Hijackthis Log auswerten. hi, also hab keine Probleme mehr. die IE Fenster kommen nicht mehr. Und sonst läuft alles normal. Also alles wieder sauber? |
15.12.2010, 16:00 | #13 |
/// Malware-holic | Trojana IE Explorer Hijackthis Log auswerten. wir prüfen noch ein wenig, räumen dann auf, sichern ab. aber sieht gut aus. http://www.trojaner-board.de/74908-a...t-scanner.html poste einen GMER report
__________________ -Verdächtige mails bitte an uns zur Analyse weiterleiten: markusg.trojaner-board@web.de Weiterleiten Anleitung: http://markusg.trojaner-board.de Mails bitte vorerst nach obiger Anleitung an markusg.trojaner-board@web.de Weiterleiten Wenn Ihr uns unterstützen möchtet |
15.12.2010, 16:38 | #14 |
| Trojana IE Explorer Hijackthis Log auswerten. alle 4 verschuche gescheitert, irgend wann mitten drinn stürzt die Kiste ab, bzw. das Programm. |
15.12.2010, 17:35 | #15 |
/// Malware-holic | Trojana IE Explorer Hijackthis Log auswerten. ok. dann erst mal: lade den CCleaner slim: Piriform - Builds falls der CCleaner bereits instaliert, überspringen. instalieren, öffnen, extras, liste der instalierten programme, als txt speichern. öffnen. hinter, jedes von dir benötigte programm, schreibe notwendig. hinter, jedes, von dir nicht benötigte, unnötig. hinter, dir unbekannte, unbekannt. liste posten.
__________________ -Verdächtige mails bitte an uns zur Analyse weiterleiten: markusg.trojaner-board@web.de Weiterleiten Anleitung: http://markusg.trojaner-board.de Mails bitte vorerst nach obiger Anleitung an markusg.trojaner-board@web.de Weiterleiten Wenn Ihr uns unterstützen möchtet |
Themen zu Trojana IE Explorer Hijackthis Log auswerten. |
adobe, auswerten, bho, dll, ebay, explorer, firefox, google, hijack, hijackthis, ie explorer, internet, internet explorer, kaspersky, launch, log auswerten, logfile, mozilla, notification, nvidia, plug-in, programdata, realtek, rundll, security, senden, software, system, temp, windows |