|
Plagegeister aller Art und deren Bekämpfung: Noch ein Postbank Trojaner OPFER :( BRAUCHE TIPS VON PROFIS!Windows 7 Wenn Du nicht sicher bist, ob Du dir Malware oder Trojaner eingefangen hast, erstelle hier ein Thema. Ein Experte wird sich mit weiteren Anweisungen melden und Dir helfen die Malware zu entfernen oder Unerwünschte Software zu deinstallieren bzw. zu löschen. Bitte schildere dein Problem so genau wie möglich. Sollte es ein Trojaner oder Viren Problem sein wird ein Experte Dir bei der Beseitigug der Infektion helfen. |
11.01.2011, 21:48 | #1 |
| Noch ein Postbank Trojaner OPFER :( BRAUCHE TIPS VON PROFIS! Hallo an ALLE da draußen.... bin neu hier im Forum...wurde mir vom Kollegen empfohlen die Seite. Habe das Problem mit der Postbank.de Seite...wurde aufgefordert durch ein POP UP Site 40 Tan s einzugeben. Der Wurm ist drin....aber wie werde ich Ihn los??? Bin für jede Hilfe dankbar.... Gruss aus Berlin hier log vom malware Malwarebytes' Anti-Malware 1.50.1.1100 www.malwarebytes.org Datenbank Version: 5505 Windows 6.0.6002 Service Pack 2 Internet Explorer 8.0.6001.18999 11.01.2011 20:57:26 mbam-log-2011-01-11 (20-57-15).txt Art des Suchlaufs: Quick-Scan Durchsuchte Objekte: 163551 Laufzeit: 7 Minute(n), 0 Sekunde(n) Infizierte Speicherprozesse: 0 Infizierte Speichermodule: 0 Infizierte Registrierungsschlüssel: 8 Infizierte Registrierungswerte: 1 Infizierte Dateiobjekte der Registrierung: 0 Infizierte Verzeichnisse: 0 Infizierte Dateien: 3 Infizierte Speicherprozesse: (Keine bösartigen Objekte gefunden) Infizierte Speichermodule: (Keine bösartigen Objekte gefunden) Infizierte Registrierungsschlüssel: HKEY_CLASSES_ROOT\CLSID\{ef34404a-747c-81d8-843a-d938e181273d} (Adware.BHO.FL) -> No action taken. HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Settings\{E312764E-7706-43F1-8DAB-FCDD2B1E416D} (PUP.Dealio) -> No action taken. HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{E312764E-7706-43F1-8DAB-FCDD2B1E416D} (PUP.Dealio) -> No action taken. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\QsFI3OpLXB- (Adware.AdRotator) -> No action taken. HKEY_LOCAL_MACHINE\SOFTWARE\Dealio (PUP.Dealio) -> No action taken. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{bc4c3057-8650-922d-e516-e62f3d0afc29} (Adware.AdRotator) -> No action taken. HKEY_CLASSES_ROOT\CLSID\{bc4c3057-8650-922d-e516-e62f3d0afc29} (Adware.AdRotator) -> No action taken. HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{BC4C3057-8650-922D-E516-E62F3D0AFC29} (Adware.AdRotator) -> No action taken. Infizierte Registrierungswerte: HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\{FADC21E1-6424-03DA-8095-B1E6205F8FCF} (Spyware.Passwords.XGen) -> Value: {FADC21E1-6424-03DA-8095-B1E6205F8FCF} -> No action taken. Infizierte Dateiobjekte der Registrierung: (Keine bösartigen Objekte gefunden) Infizierte Verzeichnisse: (Keine bösartigen Objekte gefunden) Infizierte Dateien: c:\Users\muammer saglam\AppData\Roaming\Kiciq\oqufq.exe (Spyware.Passwords.XGen) -> No action taken. c:\Windows\System32\bPLQ87s.dll (Adware.BHO) -> No action taken. c:\Windows\System32\qsfi3oplxb-.exe (Adware.AdRotator) -> No action taken. |
12.01.2011, 10:15 | #2 |
/// Winkelfunktion /// TB-Süch-Tiger™ | Noch ein Postbank Trojaner OPFER :( BRAUCHE TIPS VON PROFIS! Hallo und
__________________Bitte routinemäßig einen Vollscan mit Malwarebytes machen und Log posten. Denk daran, dass Malwarebytes vor jedem Scan manuell aktualisiert werden muss! Falls Logs aus älteren Scans mit Malwarebytes vorhanden sind, bitte auch davon alle posten! Danach OTL: Systemscan mit OTL Lade Dir bitte OTL von Oldtimer herunter und speichere es auf Deinem Desktop
__________________ |
24.01.2011, 18:54 | #3 |
| Noch ein Postbank Trojaner OPFER :( BRAUCHE TIPS VON PROFIS! Hi, hier die werte,,,,,danke an euch im Voraus
__________________Malwarebytes' Anti-Malware 1.50.1.1100 Malwarebytes Datenbank Version: 5505 Windows 6.0.6002 Service Pack 2 Internet Explorer 8.0.6001.18999 11.01.2011 20:57:26 mbam-log-2011-01-11 (20-57-15).txt Art des Suchlaufs: Quick-Scan Durchsuchte Objekte: 163551 Laufzeit: 7 Minute(n), 0 Sekunde(n) Infizierte Speicherprozesse: 0 Infizierte Speichermodule: 0 Infizierte Registrierungsschlüssel: 8 Infizierte Registrierungswerte: 1 Infizierte Dateiobjekte der Registrierung: 0 Infizierte Verzeichnisse: 0 Infizierte Dateien: 3 Infizierte Speicherprozesse: (Keine bösartigen Objekte gefunden) Infizierte Speichermodule: (Keine bösartigen Objekte gefunden) Infizierte Registrierungsschlüssel: HKEY_CLASSES_ROOT\CLSID\{ef34404a-747c-81d8-843a-d938e181273d} (Adware.BHO.FL) -> No action taken. HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Settings\{E312764E-7706-43F1-8DAB-FCDD2B1E416D} (PUP.Dealio) -> No action taken. HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{E312764E-7706-43F1-8DAB-FCDD2B1E416D} (PUP.Dealio) -> No action taken. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\QsFI3OpLXB- (Adware.AdRotator) -> No action taken. HKEY_LOCAL_MACHINE\SOFTWARE\Dealio (PUP.Dealio) -> No action taken. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{bc4c3057-8650-922d-e516-e62f3d0afc29} (Adware.AdRotator) -> No action taken. HKEY_CLASSES_ROOT\CLSID\{bc4c3057-8650-922d-e516-e62f3d0afc29} (Adware.AdRotator) -> No action taken. HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{BC4C3057-8650-922D-E516-E62F3D0AFC29} (Adware.AdRotator) -> No action taken. Infizierte Registrierungswerte: HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\{FADC21E1-6424-03DA-8095-B1E6205F8FCF} (Spyware.Passwords.XGen) -> Value: {FADC21E1-6424-03DA-8095-B1E6205F8FCF} -> No action taken. Infizierte Dateiobjekte der Registrierung: (Keine bösartigen Objekte gefunden) Infizierte Verzeichnisse: (Keine bösartigen Objekte gefunden) Infizierte Dateien: c:\Users\muammer saglam\AppData\Roaming\Kiciq\oqufq.exe (Spyware.Passwords.XGen) -> No action taken. c:\Windows\System32\bPLQ87s.dll (Adware.BHO) -> No action taken. c:\Windows\System32\qsfi3oplxb-.exe (Adware.AdRotator) -> No action taken. |
24.01.2011, 19:09 | #4 |
| Noch ein Postbank Trojaner OPFER :( BRAUCHE TIPS VON PROFIS! OTL ERGEBNIS:OTL Logfile: Code:
ATTFilter OTL logfile created on: 24.01.2011 18:59:25 - Run 1 OTL by OldTimer - Version 3.2.20.5 Folder = C:\Users\Muammer Saglam\Desktop Windows Vista Home Premium Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation Internet Explorer (Version = 8.0.6001.18999) Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy 2,00 Gb Total Physical Memory | 1,00 Gb Available Physical Memory | 47,00% Memory free 4,00 Gb Paging File | 3,00 Gb Available in Paging File | 69,00% Paging File free Paging file location(s): ?:\pagefile.sys [binary data] %SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files Drive C: | 221,36 Gb Total Space | 65,73 Gb Free Space | 29,69% Space Free | Partition Type: NTFS Drive D: | 11,52 Gb Total Space | 2,16 Gb Free Space | 18,71% Space Free | Partition Type: NTFS Computer Name: MUAMMER-PC | User Name: Muammer Saglam | Logged in as Administrator. Boot Mode: Normal | Scan Mode: Current user Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days ========== Processes (SafeList) ========== PRC - C:\Users\Muammer Saglam\Desktop\OTL.exe (OldTimer Tools) PRC - C:\Windows\System32\Macromed\Flash\FlashUtil10l_ActiveX.exe (Adobe Systems, Inc.) PRC - C:\Program Files\Google\Google Toolbar\GoogleToolbarUser_32.exe (Google Inc.) PRC - C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe (Google Inc.) PRC - C:\Program Files\HTC\HTC Sync 3.0\htcUPCTLoader.exe () PRC - C:\Program Files\Common Files\Java\Java Update\jucheck.exe (Sun Microsystems, Inc.) PRC - C:\Windows\explorer.exe (Microsoft Corporation) PRC - C:\Windows\System32\conime.exe (Microsoft Corporation) PRC - C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe (Avira GmbH) PRC - C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe (Avira GmbH) PRC - C:\Program Files\Common Files\Nero\Nero BackItUp 4\NBService.exe (Nero AG) PRC - C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe (Avira GmbH) PRC - C:\Program Files\Synaptics\SynTP\SynTPStart.exe (Synaptics, Inc.) ========== Modules (SafeList) ========== MOD - C:\Users\Muammer Saglam\Desktop\OTL.exe (OldTimer Tools) MOD - C:\Windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.6002.18305_none_5cb72f2a088b0ed3\comctl32.dll (Microsoft Corporation) ========== Win32 Services (SafeList) ========== SRV - (FontCache) -- C:\Windows\System32\FntCache.dll (Microsoft Corporation) SRV - (AntiVirScheduler) -- C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe (Avira GmbH) SRV - (AntiVirService) -- C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe (Avira GmbH) SRV - (Nero BackItUp Scheduler 4.0) -- C:\Program Files\Common Files\Nero\Nero BackItUp 4\NBService.exe (Nero AG) SRV - (ServiceLayer) -- C:\Program Files\PC Connectivity Solution\ServiceLayer.exe (Nokia.) SRV - (WinDefend) -- C:\Program Files\Windows Defender\MpSvc.dll (Microsoft Corporation) SRV - (Com4Qlb) -- C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\Com4Qlb.exe (Hewlett-Packard Development Company, L.P.) SRV - (IDriverT) -- C:\Program Files\Common Files\InstallShield\Driver\1150\Intel 32\IDriverT.exe (Macrovision Corporation) ========== Driver Services (SafeList) ========== DRV - (HTCAND32) -- C:\Windows\System32\drivers\ANDROIDUSB.sys (HTC, Corporation) DRV - (avipbb) -- C:\Windows\System32\drivers\avipbb.sys (Avira GmbH) DRV - (avgntflt) -- C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgntflt.sys (Avira GmbH) DRV - (avgio) -- C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgio.sys (Avira GmbH) DRV - (ggsemc) -- C:\Windows\System32\drivers\ggsemc.sys (Sony Ericsson Mobile Communications) DRV - (ggflt) -- C:\Windows\System32\drivers\ggflt.sys (Sony Ericsson Mobile Communications) DRV - (usbaudio) USB-Audiotreiber (WDM) -- C:\Windows\System32\drivers\USBAUDIO.sys (Microsoft Corporation) DRV - (ISODrive) -- C:\Program Files\UltraISO\drivers\ISODrive.sys (EZB Systems, Inc.) DRV - (sptd) -- C:\Windows\System32\Drivers\sptd.sys () DRV - (SynTP) -- C:\Windows\System32\drivers\SynTP.sys (Synaptics, Inc.) DRV - (upperdev) -- C:\Windows\System32\drivers\usbser_lowerflt.sys (Windows (R) Codename Longhorn DDK provider) DRV - (UsbserFilt) -- C:\Windows\System32\drivers\usbser_lowerfltj.sys (Windows (R) Codename Longhorn DDK provider) DRV - (nmwcdc) -- C:\Windows\System32\drivers\ccdcmbo.sys (Nokia) DRV - (nmwcd) -- C:\Windows\System32\drivers\ccdcmb.sys (Nokia) DRV - (ssmdrv) -- C:\Windows\System32\drivers\ssmdrv.sys (AVIRA GmbH) DRV - (CnxtHdAudService) -- C:\Windows\System32\drivers\CHDRT32.sys (Conexant Systems Inc.) DRV - (61883) -- C:\Windows\System32\drivers\61883.sys (Microsoft Corporation) DRV - (Avc) -- C:\Windows\System32\drivers\avc.sys (Microsoft Corporation) DRV - (MSDV) -- C:\Windows\System32\drivers\msdv.sys (Microsoft Corporation) DRV - (nvlddmkm) -- C:\Windows\System32\drivers\nvlddmkm.sys (NVIDIA Corporation) DRV - (pccsmcfd) -- C:\Windows\System32\drivers\pccsmcfd.sys (Nokia) DRV - (HdAudAddService) -- C:\Windows\System32\drivers\CHDART.sys (Conexant Systems Inc.) DRV - (HpqRemHid) -- C:\Windows\System32\drivers\HpqRemHid.sys (Hewlett-Packard Development Company, L.P.) DRV - (XAudio) -- C:\Windows\System32\drivers\XAudio.sys (Conexant Systems, Inc.) DRV - (HSF_DPV) -- C:\Windows\System32\drivers\HSX_DPV.sys (Conexant Systems, Inc.) DRV - (HSXHWAZL) -- C:\Windows\System32\drivers\HSXHWAZL.sys (Conexant Systems, Inc.) DRV - (winachsf) -- C:\Windows\System32\drivers\HSX_CNXT.sys (Conexant Systems, Inc.) DRV - (HpqKbFiltr) -- C:\Windows\System32\drivers\HpqKbFiltr.sys (Hewlett-Packard Development Company, L.P.) DRV - (athr) -- C:\Windows\System32\drivers\athr.sys (Atheros Communications, Inc.) DRV - (rismxdp) -- C:\Windows\System32\drivers\rixdptsk.sys (REDC) DRV - (NVENETFD) -- C:\Windows\System32\drivers\nvmfdx32.sys (NVIDIA Corporation) DRV - (rimmptsk) -- C:\Windows\System32\drivers\rimmptsk.sys (REDC) DRV - (nvsmu) -- C:\Windows\System32\drivers\nvsmu.sys (NVIDIA Corporation) DRV - (rimsptsk) -- C:\Windows\System32\drivers\rimsptsk.sys (REDC) DRV - (LHidFilt) -- C:\Windows\System32\drivers\LHidFilt.Sys (Logitech, Inc.) DRV - (LMouFilt) -- C:\Windows\System32\drivers\LMouFilt.Sys (Logitech, Inc.) DRV - (ql2300) -- C:\Windows\system32\drivers\ql2300.sys (QLogic Corporation) DRV - (adp94xx) -- C:\Windows\system32\drivers\adp94xx.sys (Adaptec, Inc.) DRV - (elxstor) -- C:\Windows\system32\drivers\elxstor.sys (Emulex) DRV - (adpahci) -- C:\Windows\system32\drivers\adpahci.sys (Adaptec, Inc.) DRV - (uliahci) -- C:\Windows\system32\drivers\uliahci.sys (ULi Electronics Inc.) DRV - (iaStorV) -- C:\Windows\system32\drivers\iastorv.sys (Intel Corporation) DRV - (adpu320) -- C:\Windows\system32\drivers\adpu320.sys (Adaptec, Inc.) DRV - (ulsata2) -- C:\Windows\system32\drivers\ulsata2.sys (Promise Technology, Inc.) DRV - (vsmraid) -- C:\Windows\system32\drivers\vsmraid.sys (VIA Technologies Inc.,Ltd) DRV - (ql40xx) -- C:\Windows\system32\drivers\ql40xx.sys (QLogic Corporation) DRV - (UlSata) -- C:\Windows\system32\drivers\ulsata.sys (Promise Technology, Inc.) DRV - (adpu160m) -- C:\Windows\system32\drivers\adpu160m.sys (Adaptec, Inc.) DRV - (nvraid) -- C:\Windows\system32\drivers\nvraid.sys (NVIDIA Corporation) DRV - (nfrd960) -- C:\Windows\system32\drivers\nfrd960.sys (IBM Corporation) DRV - (iirsp) -- C:\Windows\system32\drivers\iirsp.sys (Intel Corp./ICP vortex GmbH) DRV - (SiSRaid4) -- C:\Windows\system32\drivers\sisraid4.sys (Silicon Integrated Systems) DRV - (nvstor) -- C:\Windows\system32\drivers\nvstor.sys (NVIDIA Corporation) DRV - (aic78xx) -- C:\Windows\system32\drivers\djsvs.sys (Adaptec, Inc.) DRV - (arcsas) -- C:\Windows\system32\drivers\arcsas.sys (Adaptec, Inc.) DRV - (LSI_SCSI) -- C:\Windows\system32\drivers\lsi_scsi.sys (LSI Logic) DRV - (SiSRaid2) -- C:\Windows\system32\drivers\sisraid2.sys (Silicon Integrated Systems Corp.) DRV - (HpCISSs) -- C:\Windows\system32\drivers\hpcisss.sys (Hewlett-Packard Company) DRV - (arc) -- C:\Windows\system32\drivers\arc.sys (Adaptec, Inc.) DRV - (iteraid) -- C:\Windows\system32\drivers\iteraid.sys (Integrated Technology Express, Inc.) DRV - (iteatapi) -- C:\Windows\system32\drivers\iteatapi.sys (Integrated Technology Express, Inc.) DRV - (LSI_SAS) -- C:\Windows\system32\drivers\lsi_sas.sys (LSI Logic) DRV - (Symc8xx) -- C:\Windows\system32\drivers\symc8xx.sys (LSI Logic) DRV - (LSI_FC) -- C:\Windows\system32\drivers\lsi_fc.sys (LSI Logic) DRV - (Sym_u3) -- C:\Windows\system32\drivers\sym_u3.sys (LSI Logic) DRV - (Mraid35x) -- C:\Windows\system32\drivers\mraid35x.sys (LSI Logic Corporation) DRV - (Sym_hi) -- C:\Windows\system32\drivers\sym_hi.sys (LSI Logic) DRV - (megasas) -- C:\Windows\system32\drivers\megasas.sys (LSI Logic Corporation) DRV - (viaide) -- C:\Windows\system32\drivers\viaide.sys (VIA Technologies, Inc.) DRV - (cmdide) -- C:\Windows\system32\drivers\cmdide.sys (CMD Technology, Inc.) DRV - (aliide) -- C:\Windows\system32\drivers\aliide.sys (Acer Laboratories Inc.) DRV - (Brserid) Brother MFC Serial Port Interface Driver (WDM) -- C:\Windows\system32\drivers\brserid.sys (Brother Industries Ltd.) DRV - (BrUsbSer) -- C:\Windows\system32\drivers\brusbser.sys (Brother Industries Ltd.) DRV - (BrFiltUp) -- C:\Windows\system32\drivers\brfiltup.sys (Brother Industries, Ltd.) DRV - (BrFiltLo) -- C:\Windows\system32\drivers\brfiltlo.sys (Brother Industries, Ltd.) DRV - (BrSerWdm) -- C:\Windows\system32\drivers\brserwdm.sys (Brother Industries Ltd.) DRV - (BrUsbMdm) -- C:\Windows\system32\drivers\brusbmdm.sys (Brother Industries Ltd.) DRV - (HSFHWAZL) -- C:\Windows\System32\drivers\VSTAZL3.SYS (Conexant Systems, Inc.) DRV - (ntrigdigi) -- C:\Windows\system32\drivers\ntrigdigi.sys (N-trig Innovative Technologies) DRV - (E1G60) Intel(R) -- C:\Windows\System32\drivers\E1G60I32.sys (Intel Corporation) DRV - (BCM43XV) -- C:\Windows\System32\drivers\BCMWL6.SYS (Broadcom Corporation) DRV - (ialm) -- C:\Windows\System32\drivers\igdkmd32.sys (Intel Corporation) DRV - (AF05BDA) -- C:\Windows\System32\drivers\AF05BDA.sys (AfaTech ) ========== Standard Registry (SafeList) ========== ========== Internet Explorer ========== IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = HPNoteBook | MSN IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = HPNoteBook | MSN IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,SearchDefaultBranded = 1 IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = Google IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = local ========== FireFox ========== FF - prefs.js..browser.search.defaultenginename: "Search" FF - prefs.js..browser.search.defaulturl: "hxxp://flvdirect.iamwired.net/websearch.php?src=tops&search=" FF - prefs.js..browser.search.param.yahoo-fr: "chr-greentree_ff&type=302398" FF - prefs.js..browser.search.selectedEngine: "Search" FF - prefs.js..browser.startup.homepage: "google.de" FF - prefs.js..extensions.enabledItems: {ACAA314B-EEBA-48e4-AD47-84E31C44796C}:1.0.1 FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}:6.0.20 FF - prefs.js..extensions.enabledItems: {b236a43f-ea0b-90fd-d2a8-988af5d25090}:4.6.6.2 FF - prefs.js..keyword.URL: "hxxp://de.search.yahoo.com/search?fr=greentree_ff1&ei=utf-8&type=302398&p=" FF - prefs.js..network.proxy.type: 1 FF - HKLM\software\mozilla\Firefox\Extensions\\smartwebprinting@hp.com: C:\Program Files\HP\Digital Imaging\Smart Web Printing\MozillaAddOn2 [2009.04.01 13:57:48 | 000,000,000 | ---D | M] FF - HKLM\software\mozilla\Mozilla Firefox 3.0.19\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2010.09.18 21:10:35 | 000,000,000 | ---D | M] FF - HKLM\software\mozilla\Mozilla Firefox 3.0.19\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2011.01.10 20:52:02 | 000,000,000 | ---D | M] [2008.12.23 01:40:34 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Muammer Saglam\AppData\Roaming\mozilla\Extensions [2011.01.22 19:04:45 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Muammer Saglam\AppData\Roaming\mozilla\Firefox\Profiles\kw638ve2.default\extensions [2009.09.05 22:47:04 | 000,000,000 | ---D | M] (Microsoft .NET Framework Assistant) -- C:\Users\Muammer Saglam\AppData\Roaming\mozilla\Firefox\Profiles\kw638ve2.default\extensions\{20a82645-c095-46ed-80e3-08825760534b} [2010.07.23 14:47:46 | 000,000,000 | ---D | M] ("DVDVideoSoft Menu") -- C:\Users\Muammer Saglam\AppData\Roaming\mozilla\Firefox\Profiles\kw638ve2.default\extensions\{ACAA314B-EEBA-48e4-AD47-84E31C44796C} [2010.01.15 22:19:40 | 000,000,266 | ---- | M] () -- C:\Users\Muammer Saglam\AppData\Roaming\Mozilla\Firefox\Profiles\kw638ve2.default\searchplugins\Search.xml [2011.01.09 17:27:10 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\extensions [2010.01.15 22:19:27 | 000,000,000 | ---D | M] (LoudMo Contextual Ad Assistant) -- C:\Program Files\Mozilla Firefox\extensions\{b236a43f-ea0b-90fd-d2a8-988af5d25090} [2010.07.27 08:15:57 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA} [2010.04.12 16:29:19 | 000,411,368 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\Mozilla Firefox\plugins\npdeployJava1.dll [2010.05.24 09:44:21 | 001,447,344 | ---- | M] (1 mal 1 Software GmbH) -- C:\Program Files\Mozilla Firefox\plugins\NpFv522.dll [2010.09.18 21:10:17 | 000,001,392 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\amazondotcom-de.xml [2010.09.18 21:10:17 | 000,002,344 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\eBay-de.xml [2010.09.18 21:10:17 | 000,006,805 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\leo_ende_de.xml [2010.09.18 21:10:17 | 000,000,986 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\wikipedia-de.xml [2010.09.18 21:10:17 | 000,000,801 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\yahoo-de.xml O1 HOSTS File: ([2006.09.18 22:41:30 | 000,000,761 | ---- | M]) - C:\Windows\System32\drivers\etc\hosts O1 - Hosts: 127.0.0.1 localhost O1 - Hosts: ::1 localhost O2 - BHO: (vShare Plugin) - {043C5167-00BB-4324-AF7E-62013FAEDACF} - C:\Program Files\vShare\vshare_toolbar.dll () O2 - BHO: (Adobe PDF Reader) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll (Adobe Systems Incorporated) O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - No CLSID value found. O2 - BHO: (no name) - {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} - No CLSID value found. O2 - BHO: (Google Toolbar Helper) - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.) O2 - BHO: (Google Toolbar Notifier BHO) - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.6.5805.1910\swg.dll (Google Inc.) O2 - BHO: (HP Smart BHO Class) - {FFFFFFFF-CF4E-4F2B-BDC2-0E72E116A856} - C:\Program Files\Hp\Digital Imaging\Smart Web Printing\hpswp_BHO.dll (Hewlett-Packard Co.) O3 - HKLM\..\Toolbar: (vShare Plugin) - {043C5167-00BB-4324-AF7E-62013FAEDACF} - C:\Program Files\vShare\vshare_toolbar.dll () O3 - HKLM\..\Toolbar: (Google Toolbar) - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.) O3 - HKLM\..\Toolbar: (no name) - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - No CLSID value found. O3 - HKCU\..\Toolbar\WebBrowser: (vShare Plugin) - {043C5167-00BB-4324-AF7E-62013FAEDACF} - C:\Program Files\vShare\vshare_toolbar.dll () O3 - HKCU\..\Toolbar\WebBrowser: (Google Toolbar) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.) O4 - HKLM..\Run: [Adobe Reader Speed Launcher] C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe (Adobe Systems Incorporated) O4 - HKLM..\Run: [avgnt] C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe (Avira GmbH) O4 - HKLM..\Run: [HP Health Check Scheduler] c:\Program Files\Hewlett-Packard\HP Health Check\HPHC_Scheduler.exe (Hewlett-Packard) O4 - HKLM..\Run: [HTC Sync Loader] C:\Program Files\HTC\HTC Sync 3.0\htcUPCTLoader.exe () O4 - HKLM..\Run: [Malwarebytes' Anti-Malware (reboot)] C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe (Malwarebytes Corporation) O4 - HKLM..\Run: [NvCplDaemon] C:\Windows\System32\NvCpl.dll (NVIDIA Corporation) O4 - HKLM..\Run: [NvMediaCenter] C:\Windows\System32\NvMcTray.dll (NVIDIA Corporation) O4 - HKLM..\Run: [NvSvc] C:\Windows\System32\nvsvc.dll (NVIDIA Corporation) O4 - HKLM..\Run: [SynTPStart] C:\Program Files\Synaptics\SynTP\SynTPStart.exe (Synaptics, Inc.) O4 - HKLM..\Run: [UCam_Menu] C:\Program Files\CyberLink\YouCam\MUITransfer\MUIStartMenu.exe (CyberLink Corp.) O4 - HKLM..\Run: [UpdatePPShortCut] C:\Program Files\CyberLink\PowerProducer\MUITransfer\MUIStartMenu.exe (CyberLink Corp.) O4 - HKLM..\Run: [Windows Defender] C:\Program Files\Windows Defender\MSASCui.exe (Microsoft Corporation) O4 - HKCU..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe (Google Inc.) O8 - Extra context menu item: Google Sidewiki... - C:\Program Files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_E11712C84EA7E12B.dll (Google Inc.) O9 - Extra Button: HP Intelligente Auswahl - {DDE87865-83C5-48c4-8357-2F5B1AA84522} - C:\Program Files\Hp\Digital Imaging\Smart Web Printing\hpswp_BHO.dll (Hewlett-Packard Co.) O13 - gopher Prefix: missing O16 - DPF: {1851174C-97BD-4217-A0CC-E908F60D5B7A} https://h50203.www5.hp.com/HPISWeb/Customer/cabs/HPISDataManager.CAB (Hewlett-Packard Online Support Services) O16 - DPF: {233C1507-6A77-46A4-9443-F871F945D258} hxxp://download.macromedia.com/pub/shockwave/cabs/director/sw.cab (Shockwave ActiveX Control) O16 - DPF: {6F15128C-E66A-490C-B848-5000B5ABEEAC} https://h20436.www2.hp.com/ediags/dex/secure/HPDEXAXO.cab (HP Download Manager) O16 - DPF: {8100D56A-5661-482C-BEE8-AFECE305D968} hxxp://upload.facebook.com/controls/2009.07.28_v5.5.8.1/FacebookPhotoUploader55.cab (Facebook Photo Uploader 5 Control) O16 - DPF: {888078C6-70B2-4F88-8EE7-1F50DDEA6120} https://as.photoprintit.de/ips-opdata/activex/ImageUploader6.cab (CeWe Color AG & Co. OHG Control) O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_20-windows-i586.cab (Java Plug-in 1.6.0_20) O16 - DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} hxxp://fpdownload.macromedia.com/get/flashplayer/current/polarbear/ultrashim.cab (Reg Error: Key error.) O16 - DPF: {CAFEEFAC-0016-0000-0002-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_02-windows-i586.cab (Java Plug-in 1.6.0_02) O16 - DPF: {CAFEEFAC-0016-0000-0003-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_03-windows-i586.cab (Java Plug-in 1.6.0_03) O16 - DPF: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_20-windows-i586.cab (Java Plug-in 1.6.0_20) O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_20-windows-i586.cab (Java Plug-in 1.6.0_20) O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} hxxp://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab (Shockwave Flash Object) O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab (Reg Error: Key error.) O16 - DPF: {E55FD215-A32E-43FE-A777-A7E8F165F560} hxxp://92.51.137.94/objects/NpFv522.dll (Flatcast Viewer 5.2) O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.1 O18 - Protocol\Handler\vsharechrome {3F3A4B8A-86FC-43A4-BB00-6D7EBE9D4484} - C:\Program Files\vShare\vshare_toolbar.dll () O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation) O24 - Desktop WallPaper: C:\Users\Muammer Saglam\AppData\Roaming\Microsoft\Internet Explorer\Internet Explorer Wallpaper.bmp O24 - Desktop BackupWallPaper: C:\Users\Muammer Saglam\AppData\Roaming\Microsoft\Internet Explorer\Internet Explorer Wallpaper.bmp O32 - HKLM CDRom: AutoRun - 1 O32 - AutoRun File - [2006.09.18 22:43:36 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ] O32 - AutoRun File - [2005.09.11 16:18:54 | 000,000,340 | -HS- | M] () - D:\AUTOMODE -- [ NTFS ] O33 - MountPoints2\{0888b9a5-9650-11df-abde-001b24e6e738}\Shell\AutoRun\command - "" = G:\m.exe O33 - MountPoints2\{0888b9a5-9650-11df-abde-001b24e6e738}\Shell\open\Command - "" = G:\m.exe O33 - MountPoints2\{3dfbcc98-78b7-11df-9a0f-001b24e6e738}\Shell - "" = AutoRun O33 - MountPoints2\{3dfbcc98-78b7-11df-9a0f-001b24e6e738}\Shell\AutoRun\command - "" = G:\autorun.exe O33 - MountPoints2\{948dbaab-726a-11df-bdd9-001e101f2c0e}\Shell - "" = AutoRun O33 - MountPoints2\{948dbaab-726a-11df-bdd9-001e101f2c0e}\Shell\AutoRun\command - "" = G:\AutoRun.exe O33 - MountPoints2\{c2bf2d28-7265-11df-8ca9-001b24e6e738}\Shell - "" = AutoRun O33 - MountPoints2\{c2bf2d28-7265-11df-8ca9-001b24e6e738}\Shell\AutoRun\command - "" = G:\AutoRun.exe O33 - MountPoints2\{cf8d47a0-73a0-11df-a48c-001b24e6e738}\Shell - "" = AutoRun O33 - MountPoints2\{cf8d47a0-73a0-11df-a48c-001b24e6e738}\Shell\AutoRun\command - "" = G:\AutoRun.exe O33 - MountPoints2\{cf8d47b4-73a0-11df-a48c-001b24e6e738}\Shell - "" = AutoRun O33 - MountPoints2\{cf8d47b4-73a0-11df-a48c-001b24e6e738}\Shell\AutoRun\command - "" = G:\AutoRun.exe O33 - MountPoints2\{cf8d4998-73a0-11df-a48c-001b24e6e738}\Shell - "" = AutoRun O33 - MountPoints2\{cf8d4998-73a0-11df-a48c-001b24e6e738}\Shell\AutoRun\command - "" = G:\AutoRun.exe O33 - MountPoints2\{cf8d49b2-73a0-11df-a48c-001b24e6e738}\Shell - "" = AutoRun O33 - MountPoints2\{cf8d49b2-73a0-11df-a48c-001b24e6e738}\Shell\AutoRun\command - "" = G:\AutoRun.exe O33 - MountPoints2\G\Shell - "" = AutoRun O33 - MountPoints2\G\Shell\AutoRun\command - "" = G:\autorun.exe O34 - HKLM BootExecute: (autocheck autochk *) - File not found O35 - HKLM\..comfile [open] -- "%1" %* O35 - HKLM\..exefile [open] -- "%1" %* O37 - HKLM\...com [@ = comfile] -- "%1" %* O37 - HKLM\...exe [@ = exefile] -- "%1" %* ========== Files/Folders - Created Within 30 Days ========== [2011.01.24 18:55:43 | 000,603,136 | ---- | C] (OldTimer Tools) -- C:\Users\Muammer Saglam\Desktop\OTL.exe [2011.01.11 23:04:24 | 000,413,696 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\odbc32.dll [2011.01.11 23:04:15 | 001,169,408 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\sdclt.exe [2011.01.11 20:48:10 | 000,000,000 | ---D | C] -- C:\Users\Muammer Saglam\AppData\Roaming\Malwarebytes [2011.01.11 20:48:00 | 000,038,224 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbamswissarmy.sys [2011.01.11 20:48:00 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes' Anti-Malware [2011.01.11 20:47:59 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes [2011.01.11 20:47:56 | 000,020,952 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbam.sys [2011.01.11 20:47:56 | 000,000,000 | ---D | C] -- C:\Program Files\Malwarebytes' Anti-Malware [2011.01.10 20:36:02 | 000,000,000 | ---D | C] -- C:\Users\Muammer Saglam\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Google Chrome [2011.01.10 15:09:42 | 000,000,000 | ---D | C] -- C:\Users\Muammer Saglam\AppData\Roaming\Google [2011.01.09 22:49:46 | 000,000,000 | ---D | C] -- C:\Users\Muammer Saglam\AppData\Local\Google [2011.01.09 22:49:31 | 000,000,000 | ---D | C] -- C:\ProgramData\Google [2011.01.09 22:49:31 | 000,000,000 | ---D | C] -- C:\Program Files\Google [2011.01.09 18:00:52 | 000,000,000 | ---D | C] -- C:\Users\Muammer Saglam\Favorites\Documents\Backups [2011.01.09 17:59:58 | 000,000,000 | ---D | C] -- C:\Users\Muammer Saglam\AppData\Roaming\Priotecs [2011.01.09 17:59:49 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Priotecs Software [2011.01.09 17:59:00 | 000,000,000 | ---D | C] -- C:\Users\Muammer Saglam\Favorites\Documents\Add-in Express [2011.01.09 17:58:57 | 000,000,000 | ---D | C] -- C:\Program Files\Outlook Backup Assistant [2011.01.09 12:34:36 | 005,888,786 | ---- | C] (J. Rathlev ) -- C:\Users\Muammer Saglam\Favorites\Documents\pb-setup-5.0.0702.exe [2011.01.09 12:34:20 | 000,000,000 | ---D | C] -- C:\Users\Muammer Saglam\Favorites\Documents\PersBackup [2010.12.28 20:57:25 | 000,000,000 | ---D | C] -- C:\Users\Muammer Saglam\AppData\Local\Verlag Heinrich Vogel [2010.12.28 20:54:15 | 000,000,000 | ---D | C] -- C:\Users\Muammer Saglam\AppData\Local\Verlag_Heinrich_Vogel_in_ [2010.12.28 20:53:31 | 000,000,000 | RH-D | C] -- C:\Users\Muammer Saglam\AppData\Roaming\SecuROM [2009.07.15 17:45:01 | 000,148,736 | ---- | C] (Avanquest Software) -- C:\ProgramData\hpe5450.dll [2009.07.15 17:32:34 | 000,148,736 | ---- | C] (Avanquest Software) -- C:\ProgramData\hpeF0FB.dll [5 C:\*.tmp files -> C:\*.tmp -> ] [1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ] [1 C:\Users\Muammer Saglam\*.tmp files -> C:\Users\Muammer Saglam\*.tmp -> ] ========== Files - Modified Within 30 Days ========== [2011.01.24 18:55:59 | 000,603,136 | ---- | M] (OldTimer Tools) -- C:\Users\Muammer Saglam\Desktop\OTL.exe [2011.01.24 18:53:00 | 000,001,112 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job [2011.01.24 18:52:00 | 000,001,154 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-3931976470-4106526602-3779783612-1000UA.job [2011.01.24 18:08:15 | 000,003,168 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0 [2011.01.24 18:08:15 | 000,003,168 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0 [2011.01.24 17:52:53 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat [2011.01.24 16:09:30 | 000,093,590 | ---- | M] () -- C:\Users\Muammer Saglam\AppData\Roaming\nvModes.001 [2011.01.24 16:09:22 | 000,000,163 | ---- | M] () -- C:\Users\Public\Documents\hpqp.ini [2011.01.24 16:08:49 | 000,001,108 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job [2011.01.24 16:08:08 | 2146,373,632 | -HS- | M] () -- C:\hiberfil.sys [2011.01.24 13:04:43 | 000,093,590 | ---- | M] () -- C:\Users\Muammer Saglam\AppData\Roaming\nvModes.dat [2011.01.23 21:52:00 | 000,001,102 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-3931976470-4106526602-3779783612-1000Core.job [2011.01.13 21:53:41 | 000,002,087 | ---- | M] () -- C:\Users\Muammer Saglam\Desktop\Google Chrome.lnk [2011.01.12 21:55:37 | 159,407,648 | ---- | M] () -- C:\Windows\MEMORY.DMP [2011.01.11 22:56:45 | 000,083,968 | ---- | M] () -- C:\Users\Muammer Saglam\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini [2011.01.10 20:55:48 | 000,624,216 | ---- | M] () -- C:\Windows\System32\perfh007.dat [2011.01.10 20:55:48 | 000,592,170 | ---- | M] () -- C:\Windows\System32\perfh009.dat [2011.01.10 20:55:48 | 000,124,902 | ---- | M] () -- C:\Windows\System32\perfc007.dat [2011.01.10 20:55:48 | 000,103,186 | ---- | M] () -- C:\Windows\System32\perfc009.dat [2011.01.10 20:49:43 | 000,422,592 | ---- | M] () -- C:\Windows\System32\FNTCACHE.DAT [2011.01.09 18:36:41 | 515,969,575 | ---- | M] () -- C:\Users\Muammer Saglam\Desktop\Outlook - 2011-01-09_18-00-52.oba [2011.01.09 17:59:50 | 000,000,862 | ---- | M] () -- C:\Users\Muammer Saglam\Desktop\Outlook Backup Assistant.lnk [2011.01.09 12:59:14 | 000,000,016 | ---- | M] () -- C:\Users\Muammer Saglam\persistent_state [2011.01.09 12:50:58 | 000,000,036 | ---- | M] () -- C:\Windows\iltwain.ini [2011.01.09 12:43:43 | 000,002,560 | ---- | M] () -- C:\Windows\_MSRSTRT.EXE [2011.01.09 12:34:40 | 005,888,786 | ---- | M] (J. Rathlev ) -- C:\Users\Muammer Saglam\Favorites\Documents\pb-setup-5.0.0702.exe [2011.01.08 16:05:34 | 000,007,592 | ---- | M] () -- C:\Users\Muammer Saglam\AppData\Local\d3d9caps.dat [2010.12.28 16:55:03 | 000,413,696 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\odbc32.dll [5 C:\*.tmp files -> C:\*.tmp -> ] [1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ] [1 C:\Users\Muammer Saglam\*.tmp files -> C:\Users\Muammer Saglam\*.tmp -> ] ========== Files Created - No Company Name ========== [2011.01.10 20:36:06 | 000,002,087 | ---- | C] () -- C:\Users\Muammer Saglam\Desktop\Google Chrome.lnk [2011.01.10 20:35:14 | 000,001,154 | ---- | C] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-3931976470-4106526602-3779783612-1000UA.job [2011.01.10 20:35:09 | 000,001,102 | ---- | C] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-3931976470-4106526602-3779783612-1000Core.job [2011.01.09 22:50:11 | 000,001,112 | ---- | C] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job [2011.01.09 22:50:09 | 000,001,108 | ---- | C] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job [2011.01.09 18:03:15 | 515,969,575 | ---- | C] () -- C:\Users\Muammer Saglam\Desktop\Outlook - 2011-01-09_18-00-52.oba [2011.01.09 17:59:50 | 000,000,862 | ---- | C] () -- C:\Users\Muammer Saglam\Desktop\Outlook Backup Assistant.lnk [2011.01.09 12:43:42 | 000,002,560 | ---- | C] () -- C:\Windows\_MSRSTRT.EXE [2010.08.11 21:54:40 | 000,000,056 | -H-- | C] () -- C:\ProgramData\ezsidmv.dat [2010.07.08 20:15:19 | 000,000,041 | -HS- | C] () -- C:\ProgramData\.zreglib [2010.05.26 12:02:46 | 000,000,426 | ---- | C] () -- C:\Windows\Brpfx04a.ini [2010.05.26 12:02:46 | 000,000,169 | ---- | C] () -- C:\Windows\brpcfx.ini [2010.05.26 12:01:22 | 000,000,425 | ---- | C] () -- C:\Windows\BRWMARK.INI [2010.05.26 12:01:22 | 000,000,027 | ---- | C] () -- C:\Windows\BRPP2KA.INI [2010.05.26 11:58:33 | 000,000,066 | ---- | C] () -- C:\Windows\Brfaxrx.ini [2010.05.26 11:58:31 | 000,106,496 | ---- | C] () -- C:\Windows\System32\BrMuSNMP.dll [2010.02.09 15:00:38 | 000,000,306 | RHS- | C] () -- C:\ProgramData\ntuser.pol [2010.02.09 14:02:13 | 000,000,000 | ---- | C] () -- C:\Windows\hpqEmlSz.INI [2010.01.01 22:20:38 | 000,117,248 | ---- | C] () -- C:\Windows\System32\EhStorAuthn.dll [2009.12.23 00:34:24 | 000,000,038 | ---- | C] () -- C:\Windows\avisplitter.ini [2009.12.23 00:34:19 | 000,881,664 | ---- | C] () -- C:\Windows\System32\xvidcore.dll [2009.12.23 00:34:19 | 000,205,824 | ---- | C] () -- C:\Windows\System32\xvidvfw.dll [2009.12.23 00:34:17 | 003,596,288 | ---- | C] () -- C:\Windows\System32\qt-dx331.dll [2009.12.23 00:34:10 | 000,085,504 | ---- | C] () -- C:\Windows\System32\ff_vfw.dll [2009.11.15 22:09:08 | 000,178,176 | ---- | C] () -- C:\Windows\System32\unrar.dll [2009.02.14 23:05:08 | 000,120,200 | ---- | C] () -- C:\Windows\System32\DLLDEV32i.dll [2009.02.14 23:04:38 | 000,007,119 | ---- | C] () -- C:\Windows\mgxoschk.ini [2008.12.20 01:18:24 | 000,717,296 | ---- | C] () -- C:\Windows\System32\drivers\sptd.sys [2008.11.15 01:16:30 | 000,000,132 | ---- | C] () -- C:\Users\Muammer Saglam\AppData\Roaming\default.rss [2008.11.13 00:56:19 | 000,004,767 | ---- | C] () -- C:\Windows\Irremote.ini [2008.11.04 01:58:10 | 000,000,036 | ---- | C] () -- C:\Windows\iltwain.ini [2008.11.04 01:57:47 | 000,009,391 | ---- | C] () -- C:\Windows\System32\dymourl.ini [2008.11.04 01:56:07 | 000,061,440 | ---- | C] () -- C:\Windows\System32\DYMOCFG.DLL [2008.11.04 01:56:07 | 000,004,096 | ---- | C] () -- C:\Windows\System32\lmmonres.dll [2008.10.24 23:20:54 | 000,003,704 | ---- | C] () -- C:\ProgramData\hpzinstall.log [2008.02.10 21:52:05 | 000,000,305 | ---- | C] () -- C:\ProgramData\addr_file.html [2008.02.10 21:44:11 | 000,000,000 | ---- | C] () -- C:\Users\Muammer Saglam\AppData\Local\FnF4.txt [2008.02.10 12:42:15 | 000,083,968 | ---- | C] () -- C:\Users\Muammer Saglam\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini [2008.02.08 22:54:45 | 000,040,606 | ---- | C] () -- C:\ProgramData\LuUninstall.LiveUpdate [2008.02.08 22:33:00 | 000,093,590 | ---- | C] () -- C:\Users\Muammer Saglam\AppData\Roaming\nvModes.001 [2008.02.08 22:21:19 | 000,093,590 | ---- | C] () -- C:\Users\Muammer Saglam\AppData\Roaming\nvModes.dat [2008.02.08 22:19:22 | 000,007,592 | ---- | C] () -- C:\Users\Muammer Saglam\AppData\Local\d3d9caps.dat [2008.02.08 22:11:17 | 000,000,000 | ---- | C] () -- C:\Users\Muammer Saglam\AppData\Local\QSwitch.txt [2008.02.08 22:11:17 | 000,000,000 | ---- | C] () -- C:\Users\Muammer Saglam\AppData\Local\DSwitch.txt [2008.02.08 22:11:17 | 000,000,000 | ---- | C] () -- C:\Users\Muammer Saglam\AppData\Local\AtStart.txt [2008.01.14 17:47:06 | 000,099,712 | ---- | C] () -- C:\Windows\HPBroker.dll [2007.12.06 08:06:48 | 000,016,480 | ---- | C] () -- C:\Windows\System32\rixdicon.dll [2006.11.02 13:35:32 | 000,005,632 | ---- | C] () -- C:\Windows\System32\sysprepMCE.dll [2006.11.02 11:25:21 | 000,061,440 | ---- | C] () -- C:\Windows\System32\igfxTMM.dll [2006.11.02 08:40:29 | 000,013,750 | ---- | C] () -- C:\Windows\System32\pacerprf.ini [2006.03.09 23:58:00 | 001,060,424 | ---- | C] () -- C:\Windows\System32\WdfCoInstaller01000.dll [2005.04.06 10:37:06 | 000,009,216 | ---- | C] () -- C:\Windows\System32\gengpmon.dll [2004.05.05 00:00:00 | 000,012,288 | ---- | C] () -- C:\Windows\System32\HLINKPRX.DLL [2002.10.15 13:46:26 | 000,196,608 | ---- | C] () -- C:\Windows\System32\hpbvnstp.dll [2001.07.31 10:17:12 | 000,094,274 | ---- | C] () -- C:\Windows\System32\HPBHEALR.DLL ========== Alternate Data Streams ========== @Alternate Data Stream - 24 bytes -> C:\Windows:5A9D9B1749138FEA < End of report > |
24.01.2011, 19:10 | #5 |
| Noch ein Postbank Trojaner OPFER :( BRAUCHE TIPS VON PROFIS! Extras editorOTL EXTRAS Logfile: Code:
ATTFilter OTL Extras logfile created on: 24.01.2011 18:59:25 - Run 1 OTL by OldTimer - Version 3.2.20.5 Folder = C:\Users\\Desktop Windows Vista Home Premium Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation Internet Explorer (Version = 8.0.6001.18999) Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy 2,00 Gb Total Physical Memory | 1,00 Gb Available Physical Memory | 47,00% Memory free 4,00 Gb Paging File | 3,00 Gb Available in Paging File | 69,00% Paging File free Paging file location(s): ?:\pagefile.sys [binary data] %SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files Drive C: | 221,36 Gb Total Space | 65,73 Gb Free Space | 29,69% Space Free | Partition Type: NTFS Drive D: | 11,52 Gb Total Space | 2,16 Gb Free Space | 18,71% Space Free | Partition Type: NTFS Computer Name: MUAMMER-PC | User Name: | Logged in as Administrator. Boot Mode: Normal | Scan Mode: Current user Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days ========== Extra Registry (SafeList) ========== ========== File Associations ========== [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>] .cpl [@ = cplfile] -- C:\Windows\System32\control.exe (Microsoft Corporation) .hlp [@ = hlpfile] -- C:\Windows\winhlp32.exe (Microsoft Corporation) ========== Shell Spawning ========== [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command] batfile [open] -- "%1" %* cmdfile [open] -- "%1" %* comfile [open] -- "%1" %* cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation) exefile [open] -- "%1" %* helpfile [open] -- Reg Error: Key error. hlpfile [open] -- %SystemRoot%\winhlp32.exe %1 (Microsoft Corporation) inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation) piffile [open] -- "%1" %* regfile [merge] -- Reg Error: Key error. scrfile [config] -- "%1" scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l (Microsoft Corporation) scrfile [open] -- "%1" /S txtfile [edit] -- Reg Error: Key error. Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1 Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation) Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation) Folder [open] -- %SystemRoot%\Explorer.exe /separate,/idlist,%I,%L (Microsoft Corporation) Folder [explore] -- %SystemRoot%\Explorer.exe /separate,/e,/idlist,%I,%L (Microsoft Corporation) Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation) ========== Security Center Settings ========== [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center] "cval" = 1 "UacDisableNotify" = 0 "InternetSettingsDisableNotify" = 0 "AutoUpdateDisableNotify" = 0 [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring] "DisableMonitoring" = 1 [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus] "DisableMonitoring" = 1 [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall] "DisableMonitoring" = 1 [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc] "AntiVirusOverride" = 1 "AntiSpywareOverride" = 0 "FirewallOverride" = 0 "VistaSp1" = Reg Error: Unknown registry data type -- File not found "VistaSp2" = Reg Error: Unknown registry data type -- File not found [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol] ========== Firewall Settings ========== [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile] "DisableNotifications" = 0 "EnableFirewall" = 1 [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile] "DisableNotifications" = 0 "EnableFirewall" = 1 [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile] "DisableNotifications" = 0 "EnableFirewall" = 1 ========== Authorized Applications List ========== ========== Vista Active Open Ports Exception List ========== [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules] "{0B7DB2E4-A39F-462F-80FA-96C1FF595886}" = rport=2869 | protocol=6 | dir=out | app=system | "{49E977A7-CE46-4665-B852-54E22C4808D2}" = lport=67 | protocol=17 | dir=in | svc=sharedaccess | app=%systemroot%\system32\svchost.exe | "{51174D1D-1404-4B58-9AD9-171747BB4AEC}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=svchost.exe | "{58D189A5-7DBB-49F6-BDD0-2998AC2319C3}" = lport=547 | protocol=17 | dir=in | svc=sharedaccess | app=%systemroot%\system32\svchost.exe | "{627EEB51-9D8E-429E-9A96-738570DF878A}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe | "{90DD53B8-2C4E-49E6-8195-8D3FF3BEF023}" = lport=53 | protocol=17 | dir=in | svc=sharedaccess | app=%systemroot%\system32\svchost.exe | "{AD504BBD-55F2-4EE7-BF21-E4F0975C0012}" = lport=6004 | protocol=17 | dir=in | app=c:\program files\microsoft office\office12\outlook.exe | "{AE0634F9-7A75-4F87-825E-B02FE3568487}" = lport=54925 | protocol=17 | dir=in | name=brothernetwork scanner | "{C1D4AB9A-7213-4FB1-87CD-CC1D1A269D4A}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe | "{C8DB814E-5EAF-4DDD-A769-D69C3AF5291D}" = lport=2869 | protocol=6 | dir=in | app=system | "{D4A61742-BB3C-48D0-8470-88CBE90CD360}" = lport=68 | protocol=17 | dir=in | svc=sharedaccess | app=%systemroot%\system32\svchost.exe | "{E1FB57A6-718E-49A9-851B-D733EE6A1191}" = lport=2869 | protocol=6 | dir=in | app=system | ========== Vista Active Application Exception List ========== [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules] "{093B9AE1-0229-4CAE-8022-C6C264755834}" = dir=in | app=c:\program files\hp\quickplay\qpservice.exe | "{114FD79B-5907-4707-B158-6489365D17AC}" = protocol=58 | dir=out | app=system | "{27EF8047-9C43-4878-A468-AE1203AB67FA}" = protocol=6 | dir=in | app=c:\program files\microsoft office\office12\groove.exe | "{46AB4747-8BB9-4ED7-8AD5-09AF732444A2}" = protocol=17 | dir=in | app=c:\program files\itunes\itunes.exe | "{4C8CED7D-BA3B-4D70-B841-3D4DA624CAE7}" = protocol=17 | dir=in | app=c:\program files\brother\brmfl08b\faxrx.exe | "{4DED6DE2-30E8-4F86-9DE0-C12ACF9523EF}" = protocol=17 | dir=in | app=c:\program files\veoh networks\veohwebplayer\veohwebplayer.exe | "{55DC4FB3-ECB1-4C33-B585-D6F3AB2116BB}" = dir=in | app=c:\program files\windows live\messenger\msnmsgr.exe | "{5843F2AB-D2FD-4B45-9142-51A2337D1C6E}" = protocol=58 | dir=out | app=system | "{5D4C658D-0E3F-47E0-B1F8-BFA73DAA8227}" = dir=in | app=c:\program files\hp\quickplay\qp.exe | "{622646EB-B136-4EAB-AE68-6F96C2B092C9}" = dir=in | app=c:\program files\cyberlink\powerdvd8\powerdvd8.exe | "{8818A4C9-F936-4EF8-B796-819B7B213EC0}" = protocol=6 | dir=out | svc=upnphost | app=%systemroot%\system32\svchost.exe | "{9AADB0EC-812C-437C-8251-34799A87018A}" = protocol=58 | dir=in | name=@hnetcfg.dll,-148 | "{9DFAD587-0ED6-419A-B484-CC680C0F385A}" = protocol=6 | dir=in | app=c:\program files\brother\brmfl08b\faxrx.exe | "{D3324129-490B-482F-956C-1E0F7CAA014A}" = protocol=17 | dir=in | app=c:\program files\microsoft office\office12\groove.exe | "{D5E2FF5E-6F4E-4B07-879F-9222B9A84568}" = protocol=6 | dir=in | app=c:\program files\itunes\itunes.exe | "{D81DCF4F-D3B7-40C9-8186-03D27A64E629}" = dir=in | app=c:\program files\cyberlink\powerdirector\pdr.exe | "{E41ABC7F-9F61-4C83-90BB-70C4D81F3FCC}" = dir=out | svc=sharedaccess | app=%systemroot%\system32\svchost.exe | "{E4CD0E32-1AAD-402D-8367-7E750BF1C2F2}" = protocol=6 | dir=in | app=c:\program files\veoh networks\veohwebplayer\veohwebplayer.exe | "TCP Query User{0990DF52-92A1-460E-8EBB-EA4D0171ABE9}C:\program files\java\jre6\bin\javaw.exe" = protocol=6 | dir=in | app=c:\program files\java\jre6\bin\javaw.exe | "TCP Query User{27100FD6-9B16-4D5E-90B6-8B28EB4354A7}C:\program files\bearshare applications\bearshare\bearshare.exe" = protocol=6 | dir=in | app=c:\program files\bearshare applications\bearshare\bearshare.exe | "TCP Query User{2796760E-CEB4-4C74-A183-2205F798FCBC}C:\program files\emule\emule.exe" = protocol=6 | dir=in | app=c:\program files\emule\emule.exe | "TCP Query User{37B17900-45D5-45CB-9054-CB1D828A7AE2}C:\program files\java\jre6\launch4j-tmp\jdownloader.exe" = protocol=6 | dir=in | app=c:\program files\java\jre6\launch4j-tmp\jdownloader.exe | "TCP Query User{4B388F06-A418-4FBF-851A-DB6CDD28B449}C:\program files\internet explorer\iexplore.exe" = protocol=6 | dir=in | app=c:\program files\internet explorer\iexplore.exe | "TCP Query User{57DE1C1F-8ED1-4107-9754-C7C920087622}C:\windows\explorer.exe" = protocol=6 | dir=in | app=c:\windows\explorer.exe | "TCP Query User{69945F81-99CE-4EA9-BE1C-C5774FF8C162}C:\windows\system32\taskeng.exe" = protocol=6 | dir=in | app=c:\windows\system32\taskeng.exe | "TCP Query User{995DDB14-9FC7-4EA7-9F52-679C9DA7711E}C:\program files\tvuplayer\tvuplayer.exe" = protocol=6 | dir=in | app=c:\program files\tvuplayer\tvuplayer.exe | "TCP Query User{AC116EB2-8A79-4B4D-AE2E-ABA7D0A4FB68}C:\program files\sony ericsson\update service\update service.exe" = protocol=6 | dir=in | app=c:\program files\sony ericsson\update service\update service.exe | "TCP Query User{E1875F6A-EADC-4747-9AF4-3A71F12A6E74}C:\program files\quicktime\quicktimeplayer.exe" = protocol=6 | dir=in | app=c:\program files\quicktime\quicktimeplayer.exe | "TCP Query User{E730D29C-C5AE-41B9-8B88-32AC0B8621D7}C:\windows\system32\java.exe" = protocol=6 | dir=in | app=c:\windows\system32\java.exe | "TCP Query User{F931EA6C-1552-4D42-BA3A-31033301F6C2}C:\program files\hp\hp software update\hpwucli.exe" = protocol=6 | dir=in | app=c:\program files\hp\hp software update\hpwucli.exe | "UDP Query User{077C5440-3059-42F8-BFF9-2ABDF0A1DF74}C:\program files\bearshare applications\bearshare\bearshare.exe" = protocol=17 | dir=in | app=c:\program files\bearshare applications\bearshare\bearshare.exe | "UDP Query User{147B538B-AFE8-4305-A68C-DDDDC2EFF317}C:\program files\java\jre6\launch4j-tmp\jdownloader.exe" = protocol=17 | dir=in | app=c:\program files\java\jre6\launch4j-tmp\jdownloader.exe | "UDP Query User{3E561E0D-91B4-47E6-9EA5-CCA67BF18CDF}C:\program files\tvuplayer\tvuplayer.exe" = protocol=17 | dir=in | app=c:\program files\tvuplayer\tvuplayer.exe | "UDP Query User{474DAE50-6980-4CCF-8B90-89831BBFD8A9}C:\program files\quicktime\quicktimeplayer.exe" = protocol=17 | dir=in | app=c:\program files\quicktime\quicktimeplayer.exe | "UDP Query User{70DB6837-4C40-48F5-A10B-547DEF6B527B}C:\windows\system32\taskeng.exe" = protocol=17 | dir=in | app=c:\windows\system32\taskeng.exe | "UDP Query User{7D1BF85B-E2E1-4FD0-B98E-023456F8225C}C:\program files\hp\hp software update\hpwucli.exe" = protocol=17 | dir=in | app=c:\program files\hp\hp software update\hpwucli.exe | "UDP Query User{93076A45-5582-48F2-B945-D2DAD2B978BA}C:\program files\internet explorer\iexplore.exe" = protocol=17 | dir=in | app=c:\program files\internet explorer\iexplore.exe | "UDP Query User{94C0A5C4-E29A-4319-9373-9EEC209C2DB9}C:\program files\sony ericsson\update service\update service.exe" = protocol=17 | dir=in | app=c:\program files\sony ericsson\update service\update service.exe | "UDP Query User{9C3B23C7-42C8-4CFE-9E1D-D9A00129B71E}C:\program files\emule\emule.exe" = protocol=17 | dir=in | app=c:\program files\emule\emule.exe | "UDP Query User{ACADC6E5-81E5-405F-A58C-7306E7CD6B12}C:\windows\system32\java.exe" = protocol=17 | dir=in | app=c:\windows\system32\java.exe | "UDP Query User{BB95E540-45B0-4866-AD67-DF0515323120}C:\program files\java\jre6\bin\javaw.exe" = protocol=17 | dir=in | app=c:\program files\java\jre6\bin\javaw.exe | "UDP Query User{D8A0006B-8D6D-487D-A367-2F1940998985}C:\windows\explorer.exe" = protocol=17 | dir=in | app=c:\windows\explorer.exe | ========== HKEY_LOCAL_MACHINE Uninstall List ========== [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall] "{01310914-E3B8-40E8-BCF7-9C42E0639A43}" = maxx PDFMAILER "{01FB4998-33C4-4431-85ED-079E3EEFE75D}" = CyberLink YouCam "{0289B35E-DC07-4c7a-9710-BBD686EA4B7D}" = Status "{052FDD78-A6EA-3187-8386-C82F4CA3A929}" = Microsoft .NET Framework 3.5 Language Pack SP1 - deu "{0711500B-9912-4D60-9A49-C577B4503D42}" = Nero Recode Help "{07FF7593-9DEA-40B5-9F87-F557E65BBF60}" = Nero Recode "{082702D5-5DD8-4600-BCE5-48B15174687F}" = HP Doc Viewer "{0E7DBD52-B097-4F2B-A7C7-F105B0D20FDB}" = LightScribe System Software 1.14.17.1 "{0F7C2E47-089E-4d23-B9F7-39BE00100776}" = Toolbox "{1122AAC4-AAAA-43BF-B2D4-3C8C12378952}" = Nero InfoTool "{11A84FCA-C3C7-4AFD-A797-111DB8569DBC}" = Nero BurningROM "{12345674-DE9A-677A-CCEE-666356D89777}" = Nero BurnRights "{12A76360-388E-4B27-ABEB-D5FC5378DD2A}" = HPPhotoSmartPhotobookWebPack1 "{1838C5A2-AB32-4145-85C1-BB9B8DFA24CD}" = QuickTime "{18455581-E099-4BA8-BC6B-F34B2F06600C}" = Google Toolbar for Internet Explorer "{18669FF9-C8FE-407a-9F70-E674896B1DB4}" = GPBaseService "{18D10072035C4515918F7E37EAFAACFC}" = AutoUpdate "{196467F1-C11F-4F76-858B-5812ADC83B94}" = MSXML 4.0 SP3 Parser "{1B040683-C390-4711-ABC7-DA8D85E470E7}" = NeroBurningROM "{1BDC9633-895B-4842-BCB6-8FA1EC2A3C5A}" = Adobe Shockwave Player "{1FBF6C24-C1FD-4101-A42B-0C564F9E8E79}" = DVD Suite "{205C6BDD-7B73-42DE-8505-9A093F35A238}" = Windows Live-Uploadtool "{20B30DC1-E423-4939-B51D-05C58B0F9BBB}" = HP Photosmart All-In-One Driver Software 10.0 Rel .2 "{212748BB-0DA5-46DE-82A1-403736DC9F27}" = MSVC80_x86 "{228C6B46-64E2-404E-898A-EF0830603EF4}" = HPNetworkAssistant "{22B775E7-6C42-4FC5-8E10-9A5E3257BD94}" = MSVCRT "{2318C2B1-4965-11d4-9B18-009027A5CD4F}" = Google Toolbar for Internet Explorer "{254C37AA-6B72-4300-84F6-98A82419187E}" = Hewlett-Packard Active Check for Health Check "{2614F54E-A828-49FA-93BA-45A3F756BFAA}" = 32 Bit HP CIO Components Installer "{26A24AE4-039D-4CA4-87B4-2F83216011FF}" = Java(TM) 6 Update 20 "{28006915-2739-4EBE-B5E8-49B25D32EB33}" = Atheros Driver Installation Program "{2BC2781A-F7F6-452E-95EB-018A522F1B2C}" = PaperPort Image Printer "{2BF2E31F-B8BB-40A7-B650-98D28E0F7D47}" = CyberLink PowerDVD 8 "{2D3455A8-3B15-41A8-99F8-0D4215746463}" = Nero StartSmart "{2FFE93F0-BB72-4E52-8761-354D1AAA9387}" = Sony Ericsson PC Suite "{3097B151-1F61-4211-A4CC-D70127B226AE}" = SoundTrax "{31216452-5540-4C96-B754-94890A63D5AB}" = HP Help and Support "{3175E049-F9A9-4A3D-8F19-AC9FB04514D1}" = Windows Live Communications Platform "{3248F0A8-6813-11D6-A77B-00B0D0160020}" = Java(TM) 6 Update 2 "{3248F0A8-6813-11D6-A77B-00B0D0160030}" = Java(TM) 6 Update 3 "{34BFB099-07B2-4E95-A673-7362D60866A2}" = PSSWCORE "{34D2AB40-150D-475D-AE32-BD23FB5EE355}" = HP Quick Launch Buttons 6.30 E1 "{36FDBE6E-6684-462b-AE98-9A39A1B200CC}" = HPProductAssistant "{39D0E034-1042-4905-BECB-5502909FCB7C}" = Microsoft Works "{3D356AA9-2D0C-4373-A762-B42F1A289233}" = MSCU for Microsoft Vista "{3F30CC51-0788-487B-AA83-7214A239C0C0}" = Nero Disc Copy Gadget Help "{40BF1E83-20EB-11D8-97C5-0009C5020658}" = Power2Go "{45D707E9-F3C4-11D9-A373-0050BAE317E1}" = HP QuickPlay 3.6 "{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater "{4CACFCD9-F71B-413A-8DF5-1A6419D5CDC6}" = Cards_Calendar_OrderGift_DoMorePlugout "{4D42353B-533F-4306-AD0B-7FEF292ADE04}" = Nero CoverDesigner Help "{4D49757C-367A-4333-BDB3-68966162B14E}" = HP User Guides 0087 "{4E8C27C2-D727-4C00-A90E-C3F6376EEE70}" = Nero ControlCenter "{548F99E0-14CC-4D53-A7D6-4A62A5F2C748}" = Nero PhotoSnap "{56BE5CC9-95E6-4128-ABEA-968414CA9C80}" = DolbyFiles "{56C049BE-79E9-4502-BEA7-9754A3E60F9B}" = neroxml "{585776BC-4BD6-4BD2-A19A-1D6CB44A403B}" = iTunes "{59F6A514-9813-47A3-948C-8A155460CC2A}" = RICOH R5C83x/84x Flash Media Controller Driver Ver.3.51.01 "{5A62A775-A29A-4CE1-BBC2-4A9CD0B211EF}" = Nero Live Help "{5AE12194-3EAA-40DF-B2BF-FE1D6B78BBF4}" = Nero Vision "{5C2E8A0F-80E2-4C68-8CC0-D8D16E7196BF}" = Nero RescueAgent Help "{5C42EAB8-54F9-423A-948C-1CBEF25F8DB4}" = Nero PhotoSnap Help "{5C9BB0B3-E830-4814-BBA4-D93535E1C7B9}" = Nero Live "{5D9B17E4-5C34-45B2-9C95-8B9DB4CF7AF3}" = HP_Network_UserGuide "{5DAA9C36-8F8B-462F-8CCA-E205BC3751F5}" = HP Active Support Library "{65DA2EC9-0642-47E9-AAE2-B5267AA14D75}" = Activation Assistant for the 2007 Microsoft Office suites "{669D4A35-146B-4314-89F1-1AC3D7B88367}" = Hewlett-Packard Asset Agent for Health Check "{66E6CE0C-5A1E-430C-B40A-0C90FF1804A8}" = eSupportQFolder "{679EC478-3FF9-4987-B2FF-C2C2B27532A2}" = DocProc "{687FEF8A-8597-40b4-832C-297EA3F35817}" = BufferChm "{69FDFBB6-351D-4B8C-89D8-867DC9D0A2A4}" = Windows Media Player Firefox Plugin "{6B437F94-056F-4791-AF2C-0D10E2706AF0}" = PanoStandAlone "{6D6664A9-3342-4948-9B7E-034EFE366F0F}" = HTC Driver Installer "{6F5E2F4A-377D-4700-B0E3-8F7F7507EA15}" = CustomerResearchQFolder "{7059BDA7-E1DB-442C-B7A1-6144596720A4}" = HP Update "{7299052b-02a4-4627-81f2-1818da5d550d}" = Microsoft Visual C++ 2005 Redistributable "{75321954-2589-11DC-DDCC-E98356D81493}" = Nero DriveSpeed "{753973C4-B961-43BF-B2D4-3C8C92F7216E}" = Nero DriveSpeed "{76E41F43-59D2-4F30-BA42-9A762EE1E8DE}" = Avanquest update "{770657D0-A123-3C07-8E44-1C83EC895118}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053 "{78523651-D8B1-11DC-CCEE-741589645873}" = Nero DiscSpeed "{7DC4A410-9986-4329-9E5D-687B2C42CA39}" = HP QuickTouch 1.00 C4 "{80533B67-C407-485D-8B5D-63BB8ED9D878}" = Scan "{83E2CFA9-E0EB-4E08-9F85-43E577FF3D60}" = Windows Live Anmelde-Assistent "{87E2B986-07E8-477a-93DC-AF0B6758B192}" = DocProcQFolder "{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight "{8A85DEAD-7C1F-4368-881C-72AC74CB2E91}" = UnloadSupport "{8ADFC4160D694100B5B8A22DE9DCABD9}" = DivX Player "{8C654BD0-1949-43DE-84F2-EC2A1ABB0CB4}" = Nero ShowTime "{90120000-0015-0407-0000-0000000FF1CE}" = Microsoft Office Access MUI (German) 2007 "{90120000-0015-0407-0000-0000000FF1CE}_ENTERPRISE_{9BD40163-B95D-4B07-8991-0AB775B6D88B}" = Microsoft Office 2007 Service Pack 2 (SP2) "{90120000-0016-0407-0000-0000000FF1CE}" = Microsoft Office Excel MUI (German) 2007 "{90120000-0016-0407-0000-0000000FF1CE}_ENTERPRISE_{9BD40163-B95D-4B07-8991-0AB775B6D88B}" = Microsoft Office 2007 Service Pack 2 (SP2) "{90120000-0018-0407-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (German) 2007 "{90120000-0018-0407-0000-0000000FF1CE}_ENTERPRISE_{9BD40163-B95D-4B07-8991-0AB775B6D88B}" = Microsoft Office 2007 Service Pack 2 (SP2) "{90120000-0019-0407-0000-0000000FF1CE}" = Microsoft Office Publisher MUI (German) 2007 "{90120000-0019-0407-0000-0000000FF1CE}_ENTERPRISE_{9BD40163-B95D-4B07-8991-0AB775B6D88B}" = Microsoft Office 2007 Service Pack 2 (SP2) "{90120000-001A-0407-0000-0000000FF1CE}" = Microsoft Office Outlook MUI (German) 2007 "{90120000-001A-0407-0000-0000000FF1CE}_ENTERPRISE_{9BD40163-B95D-4B07-8991-0AB775B6D88B}" = Microsoft Office 2007 Service Pack 2 (SP2) "{90120000-001B-0407-0000-0000000FF1CE}" = Microsoft Office Word MUI (German) 2007 "{90120000-001B-0407-0000-0000000FF1CE}_ENTERPRISE_{9BD40163-B95D-4B07-8991-0AB775B6D88B}" = Microsoft Office 2007 Service Pack 2 (SP2) "{90120000-001F-0407-0000-0000000FF1CE}" = Microsoft Office Proof (German) 2007 "{90120000-001F-0407-0000-0000000FF1CE}_ENTERPRISE_{A0516415-ED61-419A-981D-93596DA74165}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2) "{90120000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2007 "{90120000-001F-0409-0000-0000000FF1CE}_ENTERPRISE_{ABDDE972-355B-4AF1-89A8-DA50B7B5C045}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2) "{90120000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2007 "{90120000-001F-040C-0000-0000000FF1CE}_ENTERPRISE_{F580DDD5-8D37-4998-968E-EBB76BB86787}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2) "{90120000-001F-0410-0000-0000000FF1CE}" = Microsoft Office Proof (Italian) 2007 "{90120000-001F-0410-0000-0000000FF1CE}_ENTERPRISE_{322296D4-1EAE-4030-9FBC-D2787EB25FA2}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2) "{90120000-0020-0407-0000-0000000FF1CE}" = Compatibility Pack für 2007 Office System "{90120000-002C-0407-0000-0000000FF1CE}" = Microsoft Office Proofing (German) 2007 "{90120000-0030-0000-0000-0000000FF1CE}" = Microsoft Office Enterprise 2007 "{90120000-0030-0000-0000-0000000FF1CE}_ENTERPRISE_{0B36C6D6-F5D8-4EAF-BF94-4376A230AD5B}" = Microsoft Office 2007 Service Pack 2 (SP2) "{90120000-0030-0000-0000-0000000FF1CE}_ENTERPRISE_{3D019598-7B59-447A-80AE-815B703B84FF}" = Security Update for Microsoft Office system 2007 (972581) "{90120000-0044-0407-0000-0000000FF1CE}" = Microsoft Office InfoPath MUI (German) 2007 "{90120000-0044-0407-0000-0000000FF1CE}_ENTERPRISE_{9BD40163-B95D-4B07-8991-0AB775B6D88B}" = Microsoft Office 2007 Service Pack 2 (SP2) "{90120000-006E-0407-0000-0000000FF1CE}" = Microsoft Office Shared MUI (German) 2007 "{90120000-006E-0407-0000-0000000FF1CE}_ENTERPRISE_{26454C26-D259-4543-AA60-3189E09C5F76}" = Microsoft Office 2007 Service Pack 2 (SP2) "{90120000-00A1-0407-0000-0000000FF1CE}" = Microsoft Office OneNote MUI (German) 2007 "{90120000-00A1-0407-0000-0000000FF1CE}_ENTERPRISE_{9BD40163-B95D-4B07-8991-0AB775B6D88B}" = Microsoft Office 2007 Service Pack 2 (SP2) "{90120000-00BA-0407-0000-0000000FF1CE}" = Microsoft Office Groove MUI (German) 2007 "{90120000-00BA-0407-0000-0000000FF1CE}_ENTERPRISE_{9BD40163-B95D-4B07-8991-0AB775B6D88B}" = Microsoft Office 2007 Service Pack 2 (SP2) "{943CC0C0-2253-4FE0-9493-DD386F7857FD}" = Nero Express "{948FFAAE-C57F-447B-9B07-3721E950BFDC}" = Nero ShowTime "{95120000-00AF-0407-0000-0000000FF1CE}" = Microsoft Office PowerPoint Viewer 2007 (German) "{95120000-00B9-0409-0000-0000000FF1CE}" = Microsoft Application Error Reporting "{961D53EA-40DC-4156-AD74-25684CE05F81}" = Nero Installer "{9885A11E-60E4-417C-B58B-8B31B21C0B8A}" = HP Easy Setup - Frontend "{9A875B56-A35C-46BA-A3AA-DF8D03EE9F2F}" = Nero ControlCenter "{9BA6E8AF-2122-4825-9B55-98BC351E3C94}" = ESU for Microsoft Vista "{9C2D4047-0E40-499a-AC7A-C4B9BB12FE03}" = TrayApp "{9C7C8898-DC29-4E8B-9E77-55A77C3250F6}" = PC Connectivity Solution "{9F3523F8-DAD7-AE52-6DA7-45CDDDF33726}" = Advertising Center "{A07840FC-CE63-4CB8-8030-EF4B9805925A}" = HPPhotoSmartDiscLabel_PaperLabel "{a1f89c34-f061-447d-ac10-b5f1896a5923}" = C4380_Help "{A49F249F-0C91-497F-86DF-B2585E8E76B7}" = Microsoft Visual C++ 2005 Redistributable "{A5AB9D5E-52E2-440e-A3ED-9512E253C81A}" = SolutionCenter "{A73BEC3C-40A0-480E-87EF-EFCD33629088}" = NeroExpress "{A8399F58-234A-48C6-BA55-30C15738BF3C}" = Nero CoverDesigner "{A8F2089B-1F79-4BF6-B385-A2C2B0B9A74D}" = ImagXpress "{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper "{AAA12554-2589-11DC-92EF-E98356D81493}" = Nero InfoTool "{AABBCC54-D8B1-11DC-92EF-E98356D81493}" = Nero DiscSpeed "{AB5D51AE-EBC3-438D-872C-705C7C2084B0}" = DeviceManagementQFolder "{AC76BA86-7AD7-1031-7B44-A82000000003}" = Adobe Reader 8.2.5 - Deutsch "{ACDE260A-602B-4cfb-A650-D0DBA6FFAD85}" = NetDeviceManager "{ADFB9653-F44C-460C-BF58-189CC552DFFE}" = hpphotosmartdisclabelplugin "{AED2DD42-9853-407E-A6BC-8A1D6B715909}" = Windows Live Messenger "{AF7FC1CA-79DF-43c3-90A3-33EFEB9294CE}" = AIO_Scan "{b02df929-29a7-4fd2-9a70-81a644b635f7}" = HP Total Care Advisor "{B13A7C41581B411290FBC0395694E2A9}" = DivX Converter "{B194272D-1F92-46DF-99EB-8D5CE91CB4EC}" = Adobe AIR "{B29051F5-5D7D-443e-ABE9-7CBB29EAC200}" = C4380 "{B2C12C8D-65DC-40BD-B309-5ADB0C6C8D8F}" = Nero WaveEditor "{B4E91E95-A5BA-4E50-A465-DB7EFEB176E8}" = HPPhotoSmartDiscLabel_PrintOnDisc "{B7050CBDB2504B34BC2A9CA0A692CC29}" = DivX Web Player "{B74F042E-E1B9-4A5B-8D46-387BB172F0A4}" = Apple Software Update "{B7A0CE06-068E-11D6-97FD-0050BACBF861}" = CyberLink PowerProducer "{B96C2601-52F5-4D5D-816A-63469EA311EF}" = "Nero SoundTrax Help "{b9be267c-e096-4cce-a4fd-f24eec004938}" = PS_AIO_02_ProductContext "{BAD0FA60-09CF-4411-AE6A-C2844C8812FA}" = HP Photosmart Essential 2.5 "{BCD82AB5-670D-4242-90FA-1F97103C16CD}" = Movie Templates - Starter Kit "{BD0E2B92-3814-46F0-893B-4612EA010C7E}" = HP Customer Experience Enhancements "{BE9880CD-73A9-4EFD-83E5-4BB38D48E2BD}" = HP Smart Web Printing "{C3F19A5F-35A8-4FDB-A6ED-0F4CE398DA48}" = Nokia Connectivity Cable Driver "{c4549405-195f-4450-8865-6be9dc5ad136}" = PS_AIO_02_Software_Min "{C59C179C-668D-49A9-B6EA-0121CCFC1243}" = LabelPrint "{C99C89A3-119A-45E6-B26E-DD5643CAA0C5}" = Menu Templates - Starter Kit "{CAFA57E8-8927-4912-AFCF-B0AA3837E989}" = Windows Live Essentials "{CB099890-1D5F-11D5-9EA9-0050BAE317E1}" = PowerDirector "{CBAE4F50-9FC9-4557-AB36-9826DF3C103C}" = HP Wireless Assistant "{CCB9B81A-167F-4832-B305-D2A0430840B3}" = WebReg "{cd0b9359-b716-4fd0-8e0a-09b3e312e8a4}" = PS_AIO_02_Software "{CD1826A5-CFCC-4C6E-9F9D-E181876162EA}" = Nero Rescue Agent "{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1 "{D2041A37-5FEC-49F0-AE5C-3F2FFDFAA4F4}" = Windows Live Call "{D2E0F0CC-6BE0-490b-B08B-9267083E34C9}" = MarketResearch "{D36DD326-7280-11D8-97C8-000129760CBE}" = CyberLink PhotoNow "{D7C206B6-1A63-4389-A8B1-8F607D0BFF1F}" = Nero StartSmart Help "{D9461574-5FC0-4641-BBDC-D1038B196F55}" = Brother MFL-Pro Suite MFC-490CW "{D99A8E3A-AE5A-4692-8B19-6F16D454E240}" = Destination Component "{DB249302-FB94-4578-84FE-7B856C315779}" = HTC Sync "{DD3C88A0-C53C-41D0-A21B-6D021981D23E}" = HPPhotoSmartDiscLabelContent1 "{def1b9a3-19af-4cbc-91ca-fed307fc41e6}" = Nero 9 "{E08DC77E-D09A-4e36-8067-D6DBBCC5F8DC}" = VideoToolkit01 "{E4A8DD87-A746-4443-BF25-CAF99CED6767}" = Nero Disc Copy Gadget "{E86156E5-9859-440D-8876-26CED1349802}" = Nero WaveEditor Help "{EA9FFE54-D8B1-11DC-92EF-E98356D81493}" = Nero BurnRights "{EEEB604C-C1A7-4f8c-B03F-56F9C1C9C45F}" = Fax "{EF1ADA5A-0B1A-4662-8C55-7475A61D8B65}" = DeviceDiscovery "{F0E12BBA-AD66-4022-A453-A1C8A0C4D570}" = Microsoft Choice Guard "{F42CD69D-E393-47c8-B2CD-B139C4ADA9A8}" = Copy "{F53F6769-AC46-49E3-ABE3-2C8AFD39D0DD}" = Nero Vision "{F5577101-33CC-4711-8235-3A95BCD49DB0}" = EA Link "{F7E1CA14-B39D-452A-960B-39423DDDD933}" = DriveImage XML (Private Edition) "3A5DEFA413DDE699DBA6EBE0A63534ACA524D30F" = Windows-Treiberpaket - Nokia pccsmcfd (10/12/2007 6.85.4.0) "812A5AC8-50DA-43D8-B36E-30CDD7FCCAA1_is1" = Outlook Backup Assistant 5 (Testversion) "Activation Assistant for the 2007 Microsoft Office suites" = Activation Assistant for the 2007 Microsoft Office suites "Adobe AIR" = Adobe AIR "Adobe Flash Player ActiveX" = Adobe Flash Player 10 ActiveX "Adobe Flash Player Plugin" = Adobe Flash Player 10 Plugin "Adobe Shockwave Player" = Adobe Shockwave Player 11.5 "AFPL Ghostscript Fonts" = AFPL Ghostscript Fonts "AntiVir PersonalEdition Classic" = Avira AntiVir Personal - Free Antivirus "CNXT_AUDIO_HDA" = Conexant HD Audio "CNXT_MODEM_HDA_HSF" = HDAUDIO Soft Data Fax Modem with SmartCP "ENTERPRISE" = Microsoft Office Enterprise 2007 "Hauppauge MCE2005 Software Encoder" = Hauppauge MCE XP/Vista Software Encoder (2.0.25149) "HP Imaging Device Functions" = HP Imaging Device Functions 10.0 "HP Photosmart Essential" = HP Photosmart Essential 2.5 "HP Smart Web Printing" = HP Smart Web Printing "HP Solution Center & Imaging Support Tools" = HP Solution Center 10.0 "HPExtendedCapabilities" = HP Customer Participation Program 10.0 "HPOCR" = OCR Software by I.R.I.S. 10.0 "InstallShield_{01FB4998-33C4-4431-85ED-079E3EEFE75D}" = CyberLink YouCam "InstallShield_{2BF2E31F-B8BB-40A7-B650-98D28E0F7D47}" = CyberLink PowerDVD 8 "InstallShield_{B7A0CE06-068E-11D6-97FD-0050BACBF861}" = CyberLink PowerProducer "InstallShield_{CB099890-1D5F-11D5-9EA9-0050BAE317E1}" = PowerDirector "InstallShield_{D36DD326-7280-11D8-97C8-000129760CBE}" = CyberLink PhotoNow "InstallShield_{F5577101-33CC-4711-8235-3A95BCD49DB0}" = EA Link "KLiteCodecPack_is1" = K-Lite Mega Codec Pack 5.5.1 "M3 GAME Manager" = M3 GAME Manager Uninstall "Malwarebytes' Anti-Malware_is1" = Malwarebytes' Anti-Malware "Microsoft .NET Framework 3.5 Language Pack SP1 - deu" = Microsoft .NET Framework 3.5 Language Pack SP1 - DEU "Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1 "Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile "Mozilla Firefox (3.0.19)" = Mozilla Firefox (3.0.19) "NVIDIA Drivers" = NVIDIA Drivers "Personal Backup_is1" = Personal Backup 5.0 "Recuva" = Recuva "SlingMedia.QPSlingPlayer_is1" = QuickPlay SlingPlayer 0.4.4 "Supreme Auction_is1" = Supreme Auction "SynTPDeinstKey" = Synaptics Pointing Device Driver "UltraISO_is1" = UltraISO Premium V9.33 "Uninstall_is1" = Uninstall 1.0.0.1 "Update Service" = Update Service "Veetle TV" = Veetle TV 0.9.18 "VLC media player" = VideoLAN VLC media player 0.8.6i "vShare" = vShare Plugin "Weight Watchers FlexPoints" = Weight Watchers FlexPoints "WildTangent hp Master Uninstall" = My HP Games "WinLiveSuite_Wave3" = Windows Live Essentials "WinRAR archiver" = WinRAR ========== HKEY_CURRENT_USER Uninstall List ========== [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall] "Google Chrome" = Google Chrome ========== Last 10 Event Log Errors ========== [ Application Events ] Error - 26.11.2009 17:03:29 | Computer Name = Muammer-PC | Source = Windows Search Service | ID = 3013 Description = Error - 26.11.2009 17:03:29 | Computer Name = Muammer-PC | Source = Windows Search Service | ID = 3013 Description = Error - 26.11.2009 17:03:30 | Computer Name = Muammer-PC | Source = Windows Search Service | ID = 3013 Description = Error - 26.11.2009 17:03:30 | Computer Name = Muammer-PC | Source = Windows Search Service | ID = 3013 Description = Error - 26.11.2009 17:03:30 | Computer Name = Muammer-PC | Source = Windows Search Service | ID = 3013 Description = Error - 26.11.2009 17:03:30 | Computer Name = Muammer-PC | Source = Windows Search Service | ID = 3013 Description = Error - 26.11.2009 17:03:30 | Computer Name = Muammer-PC | Source = Windows Search Service | ID = 3013 Description = Error - 26.11.2009 17:03:30 | Computer Name = Muammer-PC | Source = Windows Search Service | ID = 3013 Description = Error - 28.11.2009 01:05:40 | Computer Name = Muammer-PC | Source = Application Error | ID = 1000 Description = Fehlerhafte Anwendung svchost.exe_HPSLPSVC, Version 6.0.6001.18000, Zeitstempel 0x47918b89, fehlerhaftes Modul unknown, Version 0.0.0.0, Zeitstempel 0x00000000, Ausnahmecode 0xc0000005, Fehleroffset 0x00610043, Prozess-ID 0x164, Anwendungsstartzeit 01ca6edb571890d4. Error - 29.11.2009 09:00:02 | Computer Name = Muammer-PC | Source = MsiInstaller | ID = 11706 Description = [ OSession Events ] Error - 18.01.2010 16:31:43 | Computer Name = Muammer-PC | Source = Microsoft Office 12 Sessions | ID = 7001 Description = ID: 6, Application Name: Microsoft Office Outlook, Application Version: 12.0.6514.5000, Microsoft Office Version: 12.0.6215.1000. This session lasted 12503 seconds with 60 seconds of active time. This session ended with a crash. Error - 01.02.2010 04:59:15 | Computer Name = Muammer-PC | Source = Microsoft Office 12 Sessions | ID = 7001 Description = ID: 6, Application Name: Microsoft Office Outlook, Application Version: 12.0.6514.5000, Microsoft Office Version: 12.0.6215.1000. This session lasted 9 seconds with 0 seconds of active time. This session ended with a crash. Error - 23.03.2010 03:52:58 | Computer Name = Muammer-PC | Source = Microsoft Office 12 Sessions | ID = 7001 Description = ID: 6, Application Name: Microsoft Office Outlook, Application Version: 12.0.6514.5000, Microsoft Office Version: 12.0.6425.1000. This session lasted 45 seconds with 0 seconds of active time. This session ended with a crash. Error - 04.04.2010 13:49:40 | Computer Name = Muammer-PC | Source = Microsoft Office 12 Sessions | ID = 7001 Description = ID: 6, Application Name: Microsoft Office Outlook, Application Version: 12.0.6514.5000, Microsoft Office Version: 12.0.6425.1000. This session lasted 5697 seconds with 60 seconds of active time. This session ended with a crash. Error - 06.06.2010 06:30:48 | Computer Name = Muammer-PC | Source = Microsoft Office 12 Sessions | ID = 7001 Description = ID: 6, Application Name: Microsoft Office Outlook, Application Version: 12.0.6514.5000, Microsoft Office Version: 12.0.6425.1000. This session lasted 8 seconds with 0 seconds of active time. This session ended with a crash. Error - 25.06.2010 07:23:20 | Computer Name = Muammer-PC | Source = Microsoft Office 12 Sessions | ID = 7001 Description = ID: 6, Application Name: Microsoft Office Outlook, Application Version: 12.0.6514.5000, Microsoft Office Version: 12.0.6425.1000. This session lasted 231 seconds with 120 seconds of active time. This session ended with a crash. Error - 04.07.2010 05:28:40 | Computer Name = Muammer-PC | Source = Microsoft Office 12 Sessions | ID = 7001 Description = ID: 6, Application Name: Microsoft Office Outlook, Application Version: 12.0.6514.5000, Microsoft Office Version: 12.0.6425.1000. This session lasted 46 seconds with 0 seconds of active time. This session ended with a crash. Error - 22.07.2010 13:24:52 | Computer Name = Muammer-PC | Source = Microsoft Office 12 Sessions | ID = 7001 Description = ID: 6, Application Name: Microsoft Office Outlook, Application Version: 12.0.6535.5005, Microsoft Office Version: 12.0.6425.1000. This session lasted 20 seconds with 0 seconds of active time. This session ended with a crash. Error - 09.09.2010 15:58:37 | Computer Name = Muammer-PC | Source = Microsoft Office 12 Sessions | ID = 7001 Description = ID: 6, Application Name: Microsoft Office Outlook, Application Version: 12.0.6535.5005, Microsoft Office Version: 12.0.6425.1000. This session lasted 53 seconds with 0 seconds of active time. This session ended with a crash. Error - 05.10.2010 15:33:25 | Computer Name = Muammer-PC | Source = Microsoft Office 12 Sessions | ID = 7001 Description = ID: 6, Application Name: Microsoft Office Outlook, Application Version: 12.0.6539.5000, Microsoft Office Version: 12.0.6425.1000. This session lasted 6 seconds with 0 seconds of active time. This session ended with a crash. ========== Last 10 Event Log Errors ========== Error reading Event Logs: The Event Service is not operating properly or the Event Logs are corrupt! < End of report > |
24.01.2011, 19:26 | #6 |
| Noch ein Postbank Trojaner OPFER :( BRAUCHE TIPS VON PROFIS! Liebe Grüße und danke schon mal für eure Zeit und Hilfe, lazminator |
24.01.2011, 20:30 | #7 | |
/// Winkelfunktion /// TB-Süch-Tiger™ | Noch ein Postbank Trojaner OPFER :( BRAUCHE TIPS VON PROFIS!Zitat:
__________________ Logfiles bitte immer in CODE-Tags posten |
25.01.2011, 14:45 | #8 |
| Noch ein Postbank Trojaner OPFER :( BRAUCHE TIPS VON PROFIS! Also hier nochmal der aktuelle scan... Malwarebytes' Anti-Malware 1.50.1.1100 Malwarebytes Datenbank Version: 5591 Windows 6.0.6002 Service Pack 2 Internet Explorer 8.0.6001.18999 24.01.2011 23:32:39 mbam-log-2011-01-24 (23-32-39).txt Art des Suchlaufs: Vollständiger Suchlauf (C:\|D:\|) Durchsuchte Objekte: 381023 Laufzeit: 2 Stunde(n), 25 Minute(n), 1 Sekunde(n) Infizierte Speicherprozesse: 0 Infizierte Speichermodule: 0 Infizierte Registrierungsschlüssel: 0 Infizierte Registrierungswerte: 0 Infizierte Dateiobjekte der Registrierung: 0 Infizierte Verzeichnisse: 0 Infizierte Dateien: 0 Infizierte Speicherprozesse: (Keine bösartigen Objekte gefunden) Infizierte Speichermodule: (Keine bösartigen Objekte gefunden) Infizierte Registrierungsschlüssel: (Keine bösartigen Objekte gefunden) Infizierte Registrierungswerte: (Keine bösartigen Objekte gefunden) Infizierte Dateiobjekte der Registrierung: (Keine bösartigen Objekte gefunden) Infizierte Verzeichnisse: (Keine bösartigen Objekte gefunden) Infizierte Dateien: (Keine bösartigen Objekte gefunden) |
25.01.2011, 14:46 | #9 |
| Noch ein Postbank Trojaner OPFER :( BRAUCHE TIPS VON PROFIS! Bitte nun wieder um Hilfe...DANKE |
25.01.2011, 19:00 | #10 |
/// Winkelfunktion /// TB-Süch-Tiger™ | Noch ein Postbank Trojaner OPFER :( BRAUCHE TIPS VON PROFIS! Gibt es noch weitere Logs von Malwarebytes? Wenn ja bitte alle davon posten. Du findest diese im Reiter Logdateien in Malwarebytes.
__________________ Logfiles bitte immer in CODE-Tags posten |
25.01.2011, 19:24 | #11 |
| Noch ein Postbank Trojaner OPFER :( BRAUCHE TIPS VON PROFIS! nein , das sind alle die ich habe danke im voraus |
25.01.2011, 20:32 | #12 |
/// Winkelfunktion /// TB-Süch-Tiger™ | Noch ein Postbank Trojaner OPFER :( BRAUCHE TIPS VON PROFIS! Beende alle Programme, starte OTL und kopiere folgenden Text in die "Custom Scan/Fixes" Box (unten in OTL): (das ":OTL" muss mitkopiert werden!!!) Code:
ATTFilter :OTL O32 - HKLM CDRom: AutoRun - 1 O32 - AutoRun File - [2006.09.18 22:43:36 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ] O32 - AutoRun File - [2005.09.11 16:18:54 | 000,000,340 | -HS- | M] () - D:\AUTOMODE -- [ NTFS ] O33 - MountPoints2\{0888b9a5-9650-11df-abde-001b24e6e738}\Shell\AutoRun\command - "" = G:\m.exe O33 - MountPoints2\{0888b9a5-9650-11df-abde-001b24e6e738}\Shell\open\Command - "" = G:\m.exe O33 - MountPoints2\{3dfbcc98-78b7-11df-9a0f-001b24e6e738}\Shell - "" = AutoRun O33 - MountPoints2\{3dfbcc98-78b7-11df-9a0f-001b24e6e738}\Shell\AutoRun\command - "" = G:\autorun.exe O33 - MountPoints2\{948dbaab-726a-11df-bdd9-001e101f2c0e}\Shell - "" = AutoRun O33 - MountPoints2\{948dbaab-726a-11df-bdd9-001e101f2c0e}\Shell\AutoRun\command - "" = G:\AutoRun.exe O33 - MountPoints2\{c2bf2d28-7265-11df-8ca9-001b24e6e738}\Shell - "" = AutoRun O33 - MountPoints2\{c2bf2d28-7265-11df-8ca9-001b24e6e738}\Shell\AutoRun\command - "" = G:\AutoRun.exe O33 - MountPoints2\{cf8d47a0-73a0-11df-a48c-001b24e6e738}\Shell - "" = AutoRun O33 - MountPoints2\{cf8d47a0-73a0-11df-a48c-001b24e6e738}\Shell\AutoRun\command - "" = G:\AutoRun.exe O33 - MountPoints2\{cf8d47b4-73a0-11df-a48c-001b24e6e738}\Shell - "" = AutoRun O33 - MountPoints2\{cf8d47b4-73a0-11df-a48c-001b24e6e738}\Shell\AutoRun\command - "" = G:\AutoRun.exe O33 - MountPoints2\{cf8d4998-73a0-11df-a48c-001b24e6e738}\Shell - "" = AutoRun O33 - MountPoints2\{cf8d4998-73a0-11df-a48c-001b24e6e738}\Shell\AutoRun\command - "" = G:\AutoRun.exe O33 - MountPoints2\{cf8d49b2-73a0-11df-a48c-001b24e6e738}\Shell - "" = AutoRun O33 - MountPoints2\{cf8d49b2-73a0-11df-a48c-001b24e6e738}\Shell\AutoRun\command - "" = G:\AutoRun.exe O33 - MountPoints2\G\Shell - "" = AutoRun O33 - MountPoints2\G\Shell\AutoRun\command - "" = G:\autorun.exe @Alternate Data Stream - 24 bytes -> C:\Windows:5A9D9B1749138FEA :Commands [purity] [resethosts] [emptytemp] Das Logfile müsste geöffnet werden, wenn Du nach dem Fixen auf ok klickst, poste das bitte. Evtl. wird der Rechner neu gestartet.
__________________ Logfiles bitte immer in CODE-Tags posten |
Themen zu Noch ein Postbank Trojaner OPFER :( BRAUCHE TIPS VON PROFIS! |
adware.adrotator, anti-malware, appdata, brauche, browser, dateien, explorer, helper, install, log, microsoft, neu, opfer, pop up, problem, profis, pup.dealio, roaming, service, software, system, system32, tan, trojaner, version, wurm |