| |
| |||||||
Log-Analyse und Auswertung: HijackThis erkennt weder Virenschutzprogramm noch FirewallWindows 7 Wenn Du Dir einen Trojaner eingefangen hast oder ständig Viren Warnungen bekommst, kannst Du hier die Logs unserer Diagnose Tools zwecks Auswertung durch unsere Experten posten. Um Viren und Trojaner entfernen zu können, muss das infizierte System zuerst untersucht werden: Erste Schritte zur Hilfe. Beachte dass ein infiziertes System nicht vertrauenswürdig ist und bis zur vollständigen Entfernung der Malware nicht verwendet werden sollte.XML. |
 |
09.02.2011, 21:16
| #1 |
 |  HijackThis erkennt weder Virenschutzprogramm noch Firewall Hallo zusammen, weil ich einen Trojaner hatte, den AVG in Quaratäne nahm (mittlerweile gelöscht), habe ich nochmal AVG und Malewarebytes rüberlaufen lassen. Anschließend habe ich HijackThis ausgeführt und search.conduit gefixt. Leider hat mir HijackThis bei dieser Gelegenheit mitgeteilt, dass man weder Virenschutzprogramm noch Firewall finden könnte. Mein Rechner (Windows 7) teilt mir über Systemsteuerung aber mit, dass alles reibungslos funktioniert. Ich habe eine Windows Firewall an, AVG Free läuft und Malewarebytes ist auch drauf. Bevor ich HijackThis installieren konnte, musste ich es als Admin ausführen. Ich poste hier mal meinen Log und hoffe auf Eure Hilfe: Logfile of Trend Micro HijackThis v2.0.4 Scan saved at 20:34:50, on 09.02.2011 Platform: Windows 7 (WinNT 6.00.3504) MSIE: Internet Explorer v8.00 (8.00.7600.16700) Boot mode: Normal Running processes: C:\Windows\system32\Dwm.exe C:\Windows\system32\taskhost.exe C:\Windows\Explorer.EXE C:\Windows\System32\igfxtray.exe C:\Windows\System32\hkcmd.exe C:\Windows\System32\igfxpers.exe C:\Program Files\Fujitsu Launch Manager\LaunchMgr.exe C:\Program Files\Realtek\Audio\HDA\RtHDVCpl.exe C:\Program Files\CyberLink\YouCam\YouCamTray.exe C:\Program Files\Fujitsu OSD Utility\OSDUtility.exe C:\Windows\system32\igfxsrvc.exe C:\Program Files\AVG\AVG9\avgtray.exe C:\Program Files\pdf24\pdf24.exe C:\Program Files\Common Files\Real\Update_OB\realsched.exe C:\Program Files\Common Files\Java\Java Update\jusched.exe C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe C:\Program Files\OpenOffice.org 3\program\soffice.exe C:\Program Files\OpenOffice.org 3\program\soffice.bin C:\Program Files\Common Files\microsoft shared\virtualization handler\cvh.exe C:\Program Files\Common Files\microsoft shared\virtualization handler\OfficeVirt.exe C:\Program Files\Mozilla Firefox\firefox.exe C:\Windows\system32\taskhost.exe C:\Program Files\Mozilla Firefox\plugin-container.exe C:\Users\Ellen\Downloads\HiJackThis204.exe R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://go.microsoft.com/fwlink/?LinkId=69157 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = hxxp://go.microsoft.com/fwlink/?LinkId=54896 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = ${URL_SEARCHPAGE} R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://go.microsoft.com/fwlink/?LinkId=69157 R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch = R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = R3 - URLSearchHook: ToggleEN Toolbar - {038cb5c7-48ea-4af9-94e0-a1646542e62b} - C:\Program Files\ToggleEN\tbTogg.dll R3 - URLSearchHook: McAfee SiteAdvisor Toolbar - {0EBBBE48-BAD4-4B4C-8E5A-516ABECAE064} - c:\PROGRA~1\mcafee\SITEAD~1\mcieplg.dll O2 - BHO: ToggleEN Toolbar - {038cb5c7-48ea-4af9-94e0-a1646542e62b} - C:\Program Files\ToggleEN\tbTogg.dll O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll O2 - BHO: RealPlayer Download and Record Plugin for Internet Explorer - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\IE\rpbrowserrecordplugin.dll O2 - BHO: WormRadar.com IESiteBlocker.NavFilter - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files\AVG\AVG9\avgssie.dll O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.6.5805.1910\swg.dll O2 - BHO: McAfee SiteAdvisor BHO - {B164E929-A1B6-4A06-B104-2CD0E90A88FF} - c:\PROGRA~1\mcafee\SITEAD~1\mcieplg.dll O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll O3 - Toolbar: ToggleEN Toolbar - {038cb5c7-48ea-4af9-94e0-a1646542e62b} - C:\Program Files\ToggleEN\tbTogg.dll O3 - Toolbar: McAfee SiteAdvisor Toolbar - {0EBBBE48-BAD4-4B4C-8E5A-516ABECAE064} - c:\PROGRA~1\mcafee\SITEAD~1\mcieplg.dll O3 - Toolbar: Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll O4 - HKLM\..\Run: [IgfxTray] C:\Windows\system32\igfxtray.exe O4 - HKLM\..\Run: [HotKeysCmds] C:\Windows\system32\hkcmd.exe O4 - HKLM\..\Run: [Persistence] C:\Windows\system32\igfxpers.exe O4 - HKLM\..\Run: [Launch Manager] C:\PROGRA~1\FUJITS~1\LAUNCH~1.EXE O4 - HKLM\..\Run: [RtHDVCpl] C:\Program Files\Realtek\Audio\HDA\RtHDVCpl.exe O4 - HKLM\..\Run: [UCam_Menu] "C:\Program Files\CyberLink\YouCam\MUITransfer\MUIStartMenu.exe" "C:\Program Files\CyberLink\YouCam" UpdateWithCreateOnce "Software\CyberLink\YouCam\3.0" O4 - HKLM\..\Run: [YouCam Mirror Tray icon] "C:\Program Files\CyberLink\YouCam\YouCamTray.exe" /s O4 - HKLM\..\Run: [Fujitsu OSD Utility] C:\PROGRA~1\FUJITS~2\OSDUTI~1.EXE O4 - HKLM\..\Run: [AVG9_TRAY] C:\PROGRA~1\AVG\AVG9\avgtray.exe O4 - HKLM\..\Run: [PDFPrint] C:\Program Files\pdf24\pdf24.exe O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 10.0\Reader\Reader_sl.exe" O4 - HKLM\..\Run: [Adobe ARM] "C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Common Files\Java\Java Update\jusched.exe" O4 - HKCU\..\Run: [swg] "C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun (User 'LOKALER DIENST') O4 - HKUS\S-1-5-19\..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (User 'LOKALER DIENST') O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun (User 'NETZWERKDIENST') O4 - HKUS\S-1-5-20\..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (User 'NETZWERKDIENST') O4 - .DEFAULT User Startup: LaunchCenter.lnk = C:\Program Files\Fujitsu\LaunchCenter\LaunchCenter.exe (User 'Default user') O4 - Startup: LaunchCenter.lnk = C:\Program Files\Fujitsu\LaunchCenter\LaunchCenter.exe O4 - Startup: OpenOffice.org 3.3.lnk = C:\Program Files\OpenOffice.org 3\program\quickstart.exe O8 - Extra context menu item: E&xport to Microsoft Excel - res://c:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000 O8 - Extra context menu item: Google Sidewiki... - res://C:\Program Files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_89D8574934B26AC4.dll/cmsidewiki.html O8 - Extra context menu item: Nach Microsoft &Excel exportieren - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000 O18 - Protocol: dssrequest - {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\PROGRA~1\mcafee\SITEAD~1\mcieplg.dll O18 - Protocol: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG9\avgpp.dll O18 - Protocol: sacore - {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\PROGRA~1\mcafee\SITEAD~1\mcieplg.dll O20 - AppInit_DLLs: avgrsstx.dll O23 - Service: AVG Free WatchDog (avg9wd) - AVG Technologies CZ, s.r.o. - C:\Program Files\AVG\AVG9\avgwdsvc.exe O23 - Service: Google Update Service (gupdate) (gupdate) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe O23 - Service: Google Software Updater (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe O23 - Service: McAfee SiteAdvisor Service - McAfee, Inc. - c:\PROGRA~1\mcafee\SITEAD~1\mcsacore.exe O23 - Service: Fujitsu Diagnostic Testhandler (TestHandler) - Fujitsu Technology Solutions - C:\Program Files\Fujitsu\SystemDiagnostics\OnlineDiagnostic\TestManager\TestHandler.exe -- End of file - 7331 bytes Vielen Dank im Voraus! Beste Grüße Shelley |
|
10.02.2011, 14:32
| #2 | ||
| /// Winkelfunktion /// TB-Süch-Tiger™   |  HijackThis erkennt weder Virenschutzprogramm noch FirewallZitat:
Zitat:
__________________ |
|
10.02.2011, 18:30
| #3 |
| | HijackThis erkennt weder Virenschutzprogramm noch Firewall Hallo,
__________________@cosinus Vielen Dank für die Rückmeldung! Ich kann zu den Trojanern das hier liefern: Residenten Schutz Infektion;"Objekt";"Ergebnis";"Erkennungszeit";"Objekttyp";"Vorgang" Trojaner: Exploit_c.TTH;"c:\Users\Ellen\AppData\Local\Mozilla\Firefox\Profiles\e9byicni.default\Cache\CE189004d01";"Objekt ist nicht verfügbar.";"09.02.2011, 18:21:58";"Datei";"C:\Program Files\Adobe\Reader 10.0\Reader\AcroRd32.exe" Trojaner: Exploit_c.TTH;"c:\Users\Ellen\AppData\Local\Mozilla\Firefox\Profiles\e9byicni.default\Cache\CE189004d01";"Objekt ist nicht verfügbar.";"09.02.2011, 18:21:58";"Datei";"C:\Program Files\Adobe\Reader 10.0\Reader\AcroRd32.exe" Trojaner: Exploit_c.TTH;"c:\Users\Ellen\AppData\Local\Mozilla\Firefox\Profiles\e9byicni.default\Cache\CE189004d01";"In Virenquarantäne verschoben";"09.02.2011, 18:21:58";"Datei";"C:\Program Files\Mozilla Firefox\firefox.exe" Sorge bereitet mir das "Objekt nicht verfügbar". Viele Grüße Shelley |
|
10.02.2011, 19:18
| #4 |
| /// Winkelfunktion /// TB-Süch-Tiger™ | HijackThis erkennt weder Virenschutzprogramm noch Firewall Das sind angebliche Schädlinge im Browsercache. Können aber auch Fehlalarme sein. Bitte routinemäßig einen Vollscan mit Malwarebytes machen und Log posten. Denk daran, dass Malwarebytes vor jedem Scan manuell aktualisiert werden muss! Falls Logs aus älteren Scans mit Malwarebytes vorhanden sind, bitte auch davon alle posten! Danach OTL: Systemscan mit OTL Lade Dir bitte OTL von Oldtimer herunter und speichere es auf Deinem Desktop
__________________ Logfiles bitte immer in CODE-Tags posten  |
|
10.02.2011, 20:12
| #5 |
| | HijackThis erkennt weder Virenschutzprogramm noch Firewall Hallo Arne, leider habe ich Malewarebytes heute gegen SUPERAntiSpyware Free ausgetauscht, aber kann dessen Log (von heute) posten: SUPERAntiSpyware Scan Log SUPERAntiSpyware.com | Remove Malware | Remove Spyware - AntiMalware, AntiSpyware, AntiAdware! Generated 02/10/2011 at 07:35 PM Application Version : 4.48.1000 Core Rules Database Version : 6373 Trace Rules Database Version: 4185 Scan type : Complete Scan Total Scan Time : 00:31:33 Memory items scanned : 659 Memory threats detected : 0 Registry items scanned : 8702 Registry threats detected : 0 File items scanned : 32559 File threats detected : 25 Adware.Tracking Cookie C:\Users\Ellen\AppData\Roaming\Microsoft\Windows\Cookies\ellen@ad.yieldmanager[2].txt C:\Users\Ellen\AppData\Roaming\Microsoft\Windows\Cookies\ellen@content.yieldmanager[1].txt C:\Users\Ellen\AppData\Roaming\Microsoft\Windows\Cookies\ellen@invitemedia[1].txt C:\Users\Ellen\AppData\Roaming\Microsoft\Windows\Cookies\ellen@doubleclick[1].txt C:\Users\Ellen\AppData\Roaming\Microsoft\Windows\Cookies\Low\ellen@apmebf[2].txt C:\Users\Ellen\AppData\Roaming\Microsoft\Windows\Cookies\Low\ellen@tradedoubler[1].txt C:\Users\Ellen\AppData\Roaming\Microsoft\Windows\Cookies\Low\ellen@zanox[1].txt C:\Users\Ellen\AppData\Roaming\Microsoft\Windows\Cookies\Low\ellen@webmasterplan[2].txt C:\Users\Ellen\AppData\Roaming\Microsoft\Windows\Cookies\Low\ellen@www.etracker[2].txt C:\Users\Ellen\AppData\Roaming\Microsoft\Windows\Cookies\Low\ellen@doubleclick[1].txt C:\Users\Ellen\AppData\Roaming\Microsoft\Windows\Cookies\Low\ellen@atdmt[1].txt C:\Users\Ellen\AppData\Roaming\Microsoft\Windows\Cookies\Low\ellen@invitemedia[1].txt C:\Users\Ellen\AppData\Roaming\Microsoft\Windows\Cookies\Low\ellen@ad.zanox[1].txt C:\Users\Ellen\AppData\Roaming\Microsoft\Windows\Cookies\Low\ellen@mediaplex[2].txt C:\Users\Ellen\AppData\Roaming\Microsoft\Windows\Cookies\Low\ellen@ad.yieldmanager[2].txt de.sitestat.com [ C:\Users\Ellen\AppData\Roaming\Mozilla\Firefox\Profiles\e9byicni.default\cookies.sqlite ] de.sitestat.com [ C:\Users\Ellen\AppData\Roaming\Mozilla\Firefox\Profiles\e9byicni.default\cookies.sqlite ] .imrworldwide.com [ C:\Users\Ellen\AppData\Roaming\Mozilla\Firefox\Profiles\e9byicni.default\cookies.sqlite ] .imrworldwide.com [ C:\Users\Ellen\AppData\Roaming\Mozilla\Firefox\Profiles\e9byicni.default\cookies.sqlite ] etracker Webcontrolling - Echtzeit Webanalyse statt Besucherzähler [ C:\Users\Ellen\AppData\Roaming\Mozilla\Firefox\Profiles\e9byicni.default\cookies.sqlite ] etracker Webcontrolling - Echtzeit Webanalyse statt Besucherzähler [ C:\Users\Ellen\AppData\Roaming\Mozilla\Firefox\Profiles\e9byicni.default\cookies.sqlite ] etracker Webcontrolling - Echtzeit Webanalyse statt Besucherzähler [ C:\Users\Ellen\AppData\Roaming\Mozilla\Firefox\Profiles\e9byicni.default\cookies.sqlite ] .statcounter.com [ C:\Users\Ellen\AppData\Roaming\Mozilla\Firefox\Profiles\e9byicni.default\cookies.sqlite ] .avgtechnologies.112.2o7.net [ C:\Users\Ellen\AppData\Roaming\Mozilla\Firefox\Profiles\e9byicni.default\cookies.sqlite ] .kaspersky.122.2o7.net [ C:\Users\Ellen\AppData\Roaming\Mozilla\Firefox\Profiles\e9byicni.default\cookies.sqlite ] Ich habe alle Cookies in Quarantäne/Entfernen geschoben außer das von avgtechnologies, kaspersky & statcounter, weil ich mir da unsicher war. Anbei die OTL-Logs:OTL Logfile: Code:
ATTFilter OTL logfile created on: 2/10/2011 8:04:56 PM - Run 1 OTL by OldTimer - Version 3.2.20.6 Folder = C:\Users\Ellen\Desktop Home Premium Edition (Version = 6.1.7600) - Type = NTWorkstation Internet Explorer (Version = 8.0.7600.16385) Locale: 00000409 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy 3.00 Gb Total Physical Memory | 2.00 Gb Available Physical Memory | 66.00% Memory free 6.00 Gb Paging File | 5.00 Gb Available in Paging File | 80.00% Paging File free Paging file location(s): ?:\pagefile.sys [binary data] %SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files Drive C: | 100.00 Gb Total Space | 60.23 Gb Free Space | 60.23% Space Free | Partition Type: NTFS Drive D: | 363.75 Gb Total Space | 352.36 Gb Free Space | 96.87% Space Free | Partition Type: NTFS Computer Name: PC01 | User Name: Ellen | Logged in as Administrator. Boot Mode: Normal | Scan Mode: Current user Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days ========== Processes (SafeList) ========== PRC - C:\Users\Ellen\Desktop\OTL.exe (OldTimer Tools) PRC - C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation) PRC - C:\Program Files\AVG\AVG9\avgtray.exe (AVG Technologies CZ, s.r.o.) PRC - C:\Program Files\AVG\AVG9\avgnsx.exe (AVG Technologies CZ, s.r.o.) PRC - C:\Program Files\AVG\AVG9\avgcsrvx.exe (AVG Technologies CZ, s.r.o.) PRC - C:\Program Files\OpenOffice.org 3\program\soffice.exe (OpenOffice.org) PRC - C:\Program Files\OpenOffice.org 3\program\soffice.bin (OpenOffice.org) PRC - C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe (SUPERAntiSpyware.com) PRC - c:\PROGRA~1\mcafee\SITEAD~1\mcsacore.exe (McAfee, Inc.) PRC - C:\Program Files\AVG\AVG9\avgrsx.exe (AVG Technologies CZ, s.r.o.) PRC - C:\Program Files\AVG\AVG9\avgwdsvc.exe (AVG Technologies CZ, s.r.o.) PRC - C:\Program Files\AVG\AVG9\avgchsvx.exe (AVG Technologies CZ, s.r.o.) PRC - C:\Program Files\Common Files\Real\Update_OB\realsched.exe (RealNetworks, Inc.) PRC - C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe (Google Inc.) PRC - C:\Program Files\pdf24\pdf24.exe (Geek Software GmbH) PRC - C:\Program Files\Microsoft Application Virtualization Client\sftvsa.exe (Microsoft Corporation) PRC - C:\Program Files\Microsoft Application Virtualization Client\sftlist.exe (Microsoft Corporation) PRC - C:\Windows\explorer.exe (Microsoft Corporation) PRC - C:\Windows\System32\taskhost.exe (Microsoft Corporation) PRC - C:\Program Files\CyberLink\YouCam\YouCamTray.exe (CyberLink Corp.) PRC - C:\Program Files\Realtek\Audio\HDA\RtHDVCpl.exe (Realtek Semiconductor) PRC - C:\Program Files\Fujitsu OSD Utility\OSDUtility.exe (Fujitsu Technology Solutions) PRC - C:\Program Files\Fujitsu Launch Manager\LaunchMgr.exe (Fujitsu Technology Solutions) PRC - C:\Program Files\Fujitsu\SystemDiagnostics\OnlineDiagnostic\TestManager\TestHandler.exe (Fujitsu Technology Solutions) ========== Modules (SafeList) ========== MOD - C:\Users\Ellen\Desktop\OTL.exe (OldTimer Tools) MOD - c:\PROGRA~1\mcafee\SITEAD~1\saHook.dll (McAfee, Inc.) MOD - C:\Windows\System32\avgrsstx.dll (AVG Technologies CZ, s.r.o.) MOD - C:\Windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7600.16661_none_420fe3fa2b8113bd\comctl32.dll (Microsoft Corporation) MOD - C:\Windows\System32\sspicli.dll (Microsoft Corporation) MOD - C:\Windows\System32\sechost.dll (Microsoft Corporation) MOD - C:\Windows\System32\samcli.dll (Microsoft Corporation) MOD - C:\Windows\System32\profapi.dll (Microsoft Corporation) MOD - C:\Windows\System32\netutils.dll (Microsoft Corporation) MOD - C:\Windows\System32\KernelBase.dll (Microsoft Corporation) MOD - C:\Windows\System32\dwmapi.dll (Microsoft Corporation) MOD - C:\Windows\System32\devobj.dll (Microsoft Corporation) MOD - C:\Windows\System32\cryptbase.dll (Microsoft Corporation) MOD - C:\Windows\System32\cfgmgr32.dll (Microsoft Corporation) ========== Win32 Services (SafeList) ========== SRV - (McAfee SiteAdvisor Service) -- c:\PROGRA~1\mcafee\SITEAD~1\mcsacore.exe (McAfee, Inc.) SRV - (FontCache) -- C:\Windows\System32\FntCache.dll (Microsoft Corporation) SRV - (avg9wd) -- C:\Program Files\AVG\AVG9\avgwdsvc.exe (AVG Technologies CZ, s.r.o.) SRV - (clr_optimization_v4.0.30319_32) -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe (Microsoft Corporation) SRV - (sftvsa) -- C:\Program Files\Microsoft Application Virtualization Client\sftvsa.exe (Microsoft Corporation) SRV - (sftlist) -- C:\Program Files\Microsoft Application Virtualization Client\sftlist.exe (Microsoft Corporation) SRV - (WwanSvc) -- C:\Windows\System32\wwansvc.dll (Microsoft Corporation) SRV - (WbioSrvc) -- C:\Windows\System32\wbiosrvc.dll (Microsoft Corporation) SRV - (Power) -- C:\Windows\System32\umpo.dll (Microsoft Corporation) SRV - (Themes) -- C:\Windows\System32\themeservice.dll (Microsoft Corporation) SRV - (sppuinotify) -- C:\Windows\System32\sppuinotify.dll (Microsoft Corporation) SRV - (RpcEptMapper) -- C:\Windows\System32\RpcEpMap.dll (Microsoft Corporation) SRV - (SensrSvc) -- C:\Windows\System32\sensrsvc.dll (Microsoft Corporation) SRV - (PNRPsvc) -- C:\Windows\System32\pnrpsvc.dll (Microsoft Corporation) SRV - (p2pimsvc) -- C:\Windows\System32\pnrpsvc.dll (Microsoft Corporation) SRV - (HomeGroupProvider) -- C:\Windows\System32\provsvc.dll (Microsoft Corporation) SRV - (PNRPAutoReg) -- C:\Windows\System32\pnrpauto.dll (Microsoft Corporation) SRV - (WinDefend) -- C:\Program Files\Windows Defender\mpsvc.dll (Microsoft Corporation) SRV - (HomeGroupListener) -- C:\Windows\System32\ListSvc.dll (Microsoft Corporation) SRV - (Dhcp) -- C:\Windows\System32\dhcpcore.dll (Microsoft Corporation) SRV - (defragsvc) -- C:\Windows\System32\defragsvc.dll (Microsoft Corporation) SRV - (BDESVC) -- C:\Windows\System32\bdesvc.dll (Microsoft Corporation) SRV - (AxInstSV) ActiveX-Installer (AxInstSV) -- C:\Windows\System32\AxInstSv.dll (Microsoft Corporation) SRV - (AppIDSvc) -- C:\Windows\System32\appidsvc.dll (Microsoft Corporation) SRV - (sppsvc) -- C:\Windows\System32\sppsvc.exe (Microsoft Corporation) SRV - (TestHandler) -- C:\Program Files\Fujitsu\SystemDiagnostics\OnlineDiagnostic\TestManager\TestHandler.exe (Fujitsu Technology Solutions) ========== Driver Services (SafeList) ========== DRV - (igfx) -- C:\Windows\System32\drivers\igdkmd32.sys (Intel Corporation) DRV - (AvgTdiX) -- C:\Windows\System32\Drivers\avgtdix.sys (AVG Technologies CZ, s.r.o.) DRV - (AvgMfx86) -- C:\Windows\System32\Drivers\avgmfx86.sys (AVG Technologies CZ, s.r.o.) DRV - (AvgLdx86) -- C:\Windows\System32\Drivers\avgldx86.sys (AVG Technologies CZ, s.r.o.) DRV - (SASKUTIL) -- C:\Program Files\SUPERAntiSpyware\SASKUTIL.SYS (SUPERAdBlocker.com and SUPERAntiSpyware.com) DRV - (SASDIFSV) -- C:\Program Files\SUPERAntiSpyware\SASDIFSV.SYS (SUPERAdBlocker.com and SUPERAntiSpyware.com) DRV - (KSecPkg) -- C:\Windows\System32\Drivers\ksecpkg.sys (Microsoft Corporation) DRV - (Sftvol) -- C:\Windows\System32\drivers\Sftvollh.sys (Microsoft Corporation) DRV - (Sftredir) -- C:\Windows\System32\drivers\Sftredirlh.sys (Microsoft Corporation) DRV - (Sftplay) -- C:\Windows\System32\drivers\Sftplaylh.sys (Microsoft Corporation) DRV - (Sftfs) -- C:\Windows\System32\drivers\Sftfslh.sys (Microsoft Corporation) DRV - (cmdide) -- C:\Windows\system32\DRIVERS\cmdide.sys (CMD Technology, Inc.) DRV - (adpahci) -- C:\Windows\system32\DRIVERS\adpahci.sys (Adaptec, Inc.) DRV - (adp94xx) -- C:\Windows\system32\DRIVERS\adp94xx.sys (Adaptec, Inc.) DRV - (amdsbs) -- C:\Windows\system32\DRIVERS\amdsbs.sys (AMD Technologies Inc.) DRV - (adpu320) -- C:\Windows\system32\DRIVERS\adpu320.sys (Adaptec, Inc.) DRV - (arcsas) -- C:\Windows\system32\DRIVERS\arcsas.sys (Adaptec, Inc.) DRV - (amdsata) -- C:\Windows\system32\DRIVERS\amdsata.sys (Advanced Micro Devices) DRV - (arc) -- C:\Windows\system32\DRIVERS\arc.sys (Adaptec, Inc.) DRV - (amdxata) -- C:\Windows\system32\DRIVERS\amdxata.sys (Advanced Micro Devices) DRV - (aliide) -- C:\Windows\system32\DRIVERS\aliide.sys (Acer Laboratories Inc.) DRV - (nvstor) -- C:\Windows\system32\DRIVERS\nvstor.sys (NVIDIA Corporation) DRV - (nvraid) -- C:\Windows\system32\DRIVERS\nvraid.sys (NVIDIA Corporation) DRV - (nfrd960) -- C:\Windows\system32\DRIVERS\nfrd960.sys (IBM Corporation) DRV - (LSI_SAS) -- C:\Windows\system32\DRIVERS\lsi_sas.sys (LSI Corporation) DRV - (iaStorV) -- C:\Windows\system32\DRIVERS\iaStorV.sys (Intel Corporation) DRV - (MegaSR) -- C:\Windows\system32\DRIVERS\MegaSR.sys (LSI Corporation, Inc.) DRV - (LSI_SCSI) -- C:\Windows\system32\DRIVERS\lsi_scsi.sys (LSI Corporation) DRV - (LSI_FC) -- C:\Windows\system32\DRIVERS\lsi_fc.sys (LSI Corporation) DRV - (LSI_SAS2) -- C:\Windows\system32\DRIVERS\lsi_sas2.sys (LSI Corporation) DRV - (iirsp) -- C:\Windows\system32\DRIVERS\iirsp.sys (Intel Corp./ICP vortex GmbH) DRV - (megasas) -- C:\Windows\system32\DRIVERS\megasas.sys (LSI Corporation) DRV - (hwpolicy) -- C:\Windows\System32\drivers\hwpolicy.sys (Microsoft Corporation) DRV - (elxstor) -- C:\Windows\system32\DRIVERS\elxstor.sys (Emulex) DRV - (aic78xx) -- C:\Windows\system32\DRIVERS\djsvs.sys (Adaptec, Inc.) DRV - (HpSAMD) -- C:\Windows\system32\DRIVERS\HpSAMD.sys (Hewlett-Packard Company) DRV - (FsDepends) -- C:\Windows\System32\drivers\fsdepends.sys (Microsoft Corporation) DRV - (vsmraid) -- C:\Windows\system32\DRIVERS\vsmraid.sys (VIA Technologies Inc.,Ltd) DRV - (vhdmp) -- C:\Windows\system32\DRIVERS\vhdmp.sys (Microsoft Corporation) DRV - (vdrvroot) -- C:\Windows\system32\DRIVERS\vdrvroot.sys (Microsoft Corporation) DRV - (WIMMount) -- C:\Windows\System32\drivers\wimmount.sys (Microsoft Corporation) DRV - (viaide) -- C:\Windows\system32\DRIVERS\viaide.sys (VIA Technologies, Inc.) DRV - (ql2300) -- C:\Windows\system32\DRIVERS\ql2300.sys (QLogic Corporation) DRV - (rdyboost) -- C:\Windows\System32\drivers\rdyboost.sys (Microsoft Corporation) DRV - (ql40xx) -- C:\Windows\system32\DRIVERS\ql40xx.sys (QLogic Corporation) DRV - (SiSRaid4) -- C:\Windows\system32\DRIVERS\sisraid4.sys (Silicon Integrated Systems) DRV - (pcw) -- C:\Windows\System32\drivers\pcw.sys (Microsoft Corporation) DRV - (SiSRaid2) -- C:\Windows\system32\DRIVERS\SiSRaid2.sys (Silicon Integrated Systems Corp.) DRV - (stexstor) -- C:\Windows\system32\DRIVERS\stexstor.sys (Promise Technology) DRV - (CNG) -- C:\Windows\System32\Drivers\cng.sys (Microsoft Corporation) DRV - (Brserid) Brother MFC Serial Port Interface Driver (WDM) -- C:\Windows\System32\Drivers\Brserid.sys (Brother Industries Ltd.) DRV - (rdpbus) -- C:\Windows\system32\DRIVERS\rdpbus.sys (Microsoft Corporation) DRV - (RDPREFMP) -- C:\Windows\System32\drivers\RDPREFMP.sys (Microsoft Corporation) DRV - (RasAgileVpn) WAN Miniport (IKEv2) -- C:\Windows\System32\drivers\agilevpn.sys (Microsoft Corporation) DRV - (WfpLwf) -- C:\Windows\System32\drivers\wfplwf.sys (Microsoft Corporation) DRV - (NdisCap) -- C:\Windows\System32\drivers\ndiscap.sys (Microsoft Corporation) DRV - (vwififlt) -- C:\Windows\System32\drivers\vwififlt.sys (Microsoft Corporation) DRV - (vwifibus) -- C:\Windows\System32\drivers\vwifibus.sys (Microsoft Corporation) DRV - (1394ohci) -- C:\Windows\system32\DRIVERS\1394ohci.sys (Microsoft Corporation) DRV - (UmPass) -- C:\Windows\system32\DRIVERS\umpass.sys (Microsoft Corporation) DRV - (mshidkmdf) -- C:\Windows\System32\drivers\mshidkmdf.sys (Microsoft Corporation) DRV - (MTConfig) -- C:\Windows\system32\DRIVERS\MTConfig.sys (Microsoft Corporation) DRV - (CompositeBus) -- C:\Windows\System32\drivers\CompositeBus.sys (Microsoft Corporation) DRV - (AppID) -- C:\Windows\system32\drivers\appid.sys (Microsoft Corporation) DRV - (scfilter) -- C:\Windows\System32\drivers\scfilter.sys (Microsoft Corporation) DRV - (discache) -- C:\Windows\System32\drivers\discache.sys (Microsoft Corporation) DRV - (AcpiPmi) -- C:\Windows\system32\DRIVERS\acpipmi.sys (Microsoft Corporation) DRV - (TPM) -- C:\Windows\System32\drivers\tpm.sys (Microsoft Corporation) DRV - (AmdPPM) -- C:\Windows\system32\DRIVERS\amdppm.sys (Microsoft Corporation) DRV - (hcw85cir) -- C:\Windows\system32\drivers\hcw85cir.sys (Hauppauge Computer Works, Inc.) DRV - (BrUsbMdm) -- C:\Windows\System32\Drivers\BrUsbMdm.sys (Brother Industries Ltd.) DRV - (BrUsbSer) -- C:\Windows\System32\Drivers\BrUsbSer.sys (Brother Industries Ltd.) DRV - (BrSerWdm) -- C:\Windows\System32\Drivers\BrSerWdm.sys (Brother Industries Ltd.) DRV - (BrFiltLo) -- C:\Windows\system32\DRIVERS\BrFiltLo.sys (Brother Industries, Ltd.) DRV - (BrFiltUp) -- C:\Windows\system32\DRIVERS\BrFiltUp.sys (Brother Industries, Ltd.) DRV - (b57nd60x) -- C:\Windows\System32\drivers\b57nd60x.sys (Broadcom Corporation) DRV - (ebdrv) -- C:\Windows\system32\DRIVERS\evbdx.sys (Broadcom Corporation) DRV - (b06bdrv) -- C:\Windows\system32\DRIVERS\bxvbdx.sys (Broadcom Corporation) DRV - (athr) -- C:\Windows\System32\drivers\athr.sys (Atheros Communications, Inc.) DRV - (RSUSBSTOR) -- C:\Windows\System32\drivers\RtsUStor.sys (Realtek Semiconductor Corp.) DRV - (IntcAzAudAddService) Service for Realtek HD Audio (WDM) -- C:\Windows\System32\drivers\RTKVHDA.sys (Realtek Semiconductor Corp.) DRV - (RTL8167) -- C:\Windows\System32\drivers\Rt86win7.sys (Realtek ) ========== Standard Registry (SafeList) ========== ========== Internet Explorer ========== IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = ${URL_SEARCHPAGE} IE - HKLM\..\URLSearchHook: {038cb5c7-48ea-4af9-94e0-a1646542e62b} - C:\Program Files\ToggleEN\tbTogg.dll (Conduit Ltd.) IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = iGoogle IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Search_URL = Google Toolbar IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Secondary_Page_URL = Fujitsu Technology Solutions ? IT products, solutions and services [binary data] IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = Google IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Secondary Start Pages = Fujitsu Technology Solutions ? IT products, solutions and services [binary data] IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = MSN, Messenger und Hotmail sowie Nachrichten, Unterhaltung, Video, Sport, Lifestyle, Finanzen, Auto uvm. bei MSN IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Search,Default_Search_URL = Google Toolbar IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = Google Toolbar IE - HKCU\..\URLSearchHook: {038cb5c7-48ea-4af9-94e0-a1646542e62b} - C:\Program Files\ToggleEN\tbTogg.dll (Conduit Ltd.) IE - HKCU\..\URLSearchHook: {0EBBBE48-BAD4-4B4C-8E5A-516ABECAE064} - c:\PROGRA~1\mcafee\SITEAD~1\mcieplg.dll (McAfee, Inc.) IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 ========== FireFox ========== FF - prefs.js..browser.search.defaultenginename: "Sichere Suche" FF - prefs.js..browser.search.selectedEngine: "Google" FF - prefs.js..extensions.enabledItems: {B7082FAA-CB62-4872-9106-E42DD88EDE45}:3.3 FF - prefs.js..extensions.enabledItems: {ABDE892B-13A8-4d1b-88E6-365A6E755758}:1.1.4 FF - prefs.js..extensions.enabledItems: {1018e4d6-728f-4b20-ad56-37578a4de76b}:4.0.14 FF - prefs.js..extensions.enabledItems: {d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}:1.3.3 FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}:6.0.20 FF - prefs.js..extensions.enabledItems: {04426594-bce6-4705-b811-bcdba2fd9c7b}:1.1 FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}:6.0.22 FF - prefs.js..extensions.enabledItems: {35f30c76-35d4-56d9-8dbc-000a6e787ef4}:1.2.2 FF - prefs.js..keyword.URL: "hxxp://de.search.yahoo.com/search?fr=mcafee&p=" FF - HKLM\software\mozilla\Firefox\Extensions\\{ABDE892B-13A8-4d1b-88E6-365A6E755758}: C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\Firefox\Ext [2010/05/16 21:00:44 | 000,000,000 | ---D | M] FF - HKLM\software\mozilla\Firefox\Extensions\\{B7082FAA-CB62-4872-9106-E42DD88EDE45}: C:\Program Files\McAfee\SiteAdvisor [2011/02/10 18:21:06 | 000,000,000 | ---D | M] FF - HKLM\software\mozilla\Mozilla Firefox 3.6.13\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2011/02/09 04:49:51 | 000,000,000 | ---D | M] FF - HKLM\software\mozilla\Mozilla Firefox 3.6.13\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2011/02/09 04:49:51 | 000,000,000 | ---D | M] [2010/05/16 16:42:05 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Ellen\AppData\Roaming\mozilla\Extensions [2011/02/10 18:58:28 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Ellen\AppData\Roaming\mozilla\Firefox\Profiles\e9byicni.default\extensions [2010/08/22 21:38:15 | 000,000,000 | ---D | M] (ToggleEN Toolbar) -- C:\Users\Ellen\AppData\Roaming\mozilla\Firefox\Profiles\e9byicni.default\extensions\{038cb5c7-48ea-4af9-94e0-a1646542e62b} [2011/02/09 01:14:11 | 000,000,000 | ---D | M] ("Firesizer") -- C:\Users\Ellen\AppData\Roaming\mozilla\Firefox\Profiles\e9byicni.default\extensions\{04426594-bce6-4705-b811-bcdba2fd9c7b} [2011/02/10 18:58:21 | 000,000,000 | ---D | M] (Flagfox) -- C:\Users\Ellen\AppData\Roaming\mozilla\Firefox\Profiles\e9byicni.default\extensions\{1018e4d6-728f-4b20-ad56-37578a4de76b} [2010/05/16 19:53:06 | 000,000,000 | ---D | M] (TrafficFox) -- C:\Users\Ellen\AppData\Roaming\mozilla\Firefox\Profiles\e9byicni.default\extensions\{35f30c76-35d4-56d9-8dbc-000a6e787ef4} [2011/02/10 18:58:20 | 000,000,000 | ---D | M] (Adblock Plus) -- C:\Users\Ellen\AppData\Roaming\mozilla\Firefox\Profiles\e9byicni.default\extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d} [2011/02/09 03:15:00 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\mozilla firefox\extensions [2010/08/21 17:13:46 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA} [2011/02/09 03:15:00 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA} [2011/02/10 18:21:06 | 000,000,000 | ---D | M] (McAfee SiteAdvisor) -- C:\PROGRAM FILES\MCAFEE\SITEADVISOR [2010/05/16 21:00:44 | 000,000,000 | ---D | M] (RealPlayer Browser Record Plugin) -- C:\PROGRAMDATA\REAL\REALPLAYER\BROWSERRECORDPLUGIN\FIREFOX\EXT [2011/02/09 03:14:52 | 000,472,808 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\mozilla firefox\plugins\npdeployJava1.dll [2011/02/09 04:49:48 | 000,001,392 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\amazondotcom-de.xml [2011/02/09 04:49:48 | 000,002,344 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\eBay-de.xml [2011/02/09 04:49:48 | 000,006,805 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\leo_ende_de.xml [2011/02/09 00:29:06 | 000,002,027 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\McSiteAdvisor.xml [2011/02/09 04:49:48 | 000,001,178 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\wikipedia-de.xml [2011/02/09 04:49:48 | 000,001,105 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\yahoo-de.xml O1 HOSTS File: ([2009/06/10 22:39:37 | 000,000,824 | ---- | M]) - C:\Windows\System32\drivers\etc\hosts O2 - BHO: (ToggleEN Toolbar) - {038cb5c7-48ea-4af9-94e0-a1646542e62b} - C:\Program Files\ToggleEN\tbTogg.dll (Conduit Ltd.) O2 - BHO: (RealPlayer Download and Record Plugin for Internet Explorer) - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\IE\rpbrowserrecordplugin.dll (RealPlayer) O2 - BHO: (AVG Safe Search) - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files\AVG\AVG9\avgssie.dll (AVG Technologies CZ, s.r.o.) O2 - BHO: (Google Toolbar Helper) - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.) O2 - BHO: (Google Toolbar Notifier BHO) - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.6.5805.1910\swg.dll (Google Inc.) O2 - BHO: (McAfee SiteAdvisor BHO) - {B164E929-A1B6-4A06-B104-2CD0E90A88FF} - c:\PROGRA~1\mcafee\SITEAD~1\mcieplg.dll (McAfee, Inc.) O3 - HKLM\..\Toolbar: (ToggleEN Toolbar) - {038cb5c7-48ea-4af9-94e0-a1646542e62b} - C:\Program Files\ToggleEN\tbTogg.dll (Conduit Ltd.) O3 - HKLM\..\Toolbar: (McAfee SiteAdvisor Toolbar) - {0EBBBE48-BAD4-4B4C-8E5A-516ABECAE064} - c:\PROGRA~1\mcafee\SITEAD~1\mcieplg.dll (McAfee, Inc.) O3 - HKLM\..\Toolbar: (Google Toolbar) - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.) O3 - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found. O3 - HKCU\..\Toolbar\WebBrowser: (ToggleEN Toolbar) - {038CB5C7-48EA-4AF9-94E0-A1646542E62B} - C:\Program Files\ToggleEN\tbTogg.dll (Conduit Ltd.) O3 - HKCU\..\Toolbar\WebBrowser: (Google Toolbar) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.) O4 - HKLM..\Run: [Adobe Reader Speed Launcher] C:\Program Files\Adobe\Reader 10.0\Reader\Reader_sl.exe (Adobe Systems Incorporated) O4 - HKLM..\Run: [AVG9_TRAY] C:\PROGRA~1\AVG\AVG9\avgtray.exe (AVG Technologies CZ, s.r.o.) O4 - HKLM..\Run: [Fujitsu OSD Utility] C:\PROGRA~1\FUJITS~2\OSDUTI~1.EXE (Fujitsu Technology Solutions) O4 - HKLM..\Run: [Launch Manager] C:\PROGRA~1\FUJITS~1\LAUNCH~1.EXE (Fujitsu Technology Solutions) O4 - HKLM..\Run: [PDFPrint] C:\Program Files\pdf24\pdf24.exe (Geek Software GmbH) O4 - HKLM..\Run: [RtHDVCpl] C:\Program Files\Realtek\Audio\HDA\RtHDVCpl.exe (Realtek Semiconductor) O4 - HKLM..\Run: [TkBellExe] C:\Program Files\Common Files\Real\Update_OB\realsched.exe (RealNetworks, Inc.) O4 - HKLM..\Run: [UCam_Menu] C:\Program Files\CyberLink\YouCam\MUITransfer\MUIStartMenu.exe (CyberLink Corp.) O4 - HKLM..\Run: [YouCam Mirror Tray icon] C:\Program Files\CyberLink\YouCam\YouCamTray.exe (CyberLink Corp.) O4 - HKCU..\Run: [SUPERAntiSpyware] C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe (SUPERAntiSpyware.com) O4 - HKCU..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe (Google Inc.) O4 - Startup: C:\Users\Ellen\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\LaunchCenter.lnk = C:\Program Files\Fujitsu\LaunchCenter\LaunchCenter.exe (Fujitsu Technology Solutions) O4 - Startup: C:\Users\Ellen\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OpenOffice.org 3.3.lnk = C:\Program Files\OpenOffice.org 3\program\quickstart.exe () O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3 O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145 O8 - Extra context menu item: Google Sidewiki... - C:\Program Files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_E11712C84EA7E12B.dll (Google Inc.) O13 - gopher Prefix: missing O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab (Java Plug-in 1.6.0_22) O16 - DPF: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab (Java Plug-in 1.6.0_22) O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab (Java Plug-in 1.6.0_22) O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.2.1 O18 - Protocol\Handler\dssrequest {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\PROGRA~1\mcafee\SITEAD~1\mcieplg.dll (McAfee, Inc.) O18 - Protocol\Handler\linkscanner {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG9\avgpp.dll (AVG Technologies CZ, s.r.o.) O18 - Protocol\Handler\mso-offdap11 {32505114-5902-49B2-880A-1F7738E5A384} - C:\PROGRA~1\COMMON~1\MICROS~1\WEBCOM~1\11\OWC11.DLL (Microsoft Corporation) O18 - Protocol\Handler\sacore {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\PROGRA~1\mcafee\SITEAD~1\mcieplg.dll (McAfee, Inc.) O20 - AppInit_DLLs: (avgrsstx.dll) - C:\Windows\System32\avgrsstx.dll (AVG Technologies CZ, s.r.o.) O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation) O20 - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\Windows\System32\SystemPropertiesPerformance.exe (Microsoft Corporation) O20 - HKLM Winlogon: VMApplet - (/pagefile) - File not found O20 - Winlogon\Notify\igfxcui: DllName - igfxdev.dll - C:\Windows\System32\igfxdev.dll (Intel Corporation) O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - CLSID or File not found. O30 - LSA: Security Packages - (pku2u) - C:\Windows\System32\pku2u.dll (Microsoft Corporation) O32 - HKLM CDRom: AutoRun - 1 O32 - AutoRun File - [2009/06/10 22:42:20 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ] O33 - MountPoints2\{00e239e0-56c5-11df-b1d4-00269e708f36}\Shell - "" = AutoRun O33 - MountPoints2\{00e239e0-56c5-11df-b1d4-00269e708f36}\Shell\AutoRun\command - "" = F:\LaunchU3.exe -a O34 - HKLM BootExecute: (autocheck autochk *) - File not found O35 - HKLM\..comfile [open] -- "%1" %* O35 - HKLM\..exefile [open] -- "%1" %* O37 - HKLM\...com [@ = comfile] -- "%1" %* O37 - HKLM\...exe [@ = exefile] -- "%1" %* ========== Files/Folders - Created Within 30 Days ========== [2011/02/10 20:01:34 | 000,602,624 | ---- | C] (OldTimer Tools) -- C:\Users\Ellen\Desktop\OTL.exe [2011/02/10 19:01:09 | 000,000,000 | ---D | C] -- C:\Users\Ellen\AppData\Roaming\SUPERAntiSpyware.com [2011/02/10 19:01:09 | 000,000,000 | ---D | C] -- C:\ProgramData\SUPERAntiSpyware.com [2011/02/10 19:01:06 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\SUPERAntiSpyware [2011/02/10 19:01:04 | 000,000,000 | ---D | C] -- C:\Program Files\SUPERAntiSpyware [2011/02/09 21:44:42 | 000,000,000 | ---D | C] -- C:\Intel [2011/02/09 21:44:31 | 000,948,760 | ---- | C] (Intel Corporation) -- C:\Windows\System32\igxpun.exe [2011/02/09 21:44:31 | 000,000,000 | ---D | C] -- C:\Windows\System32\x64 [2011/02/09 19:37:18 | 000,000,000 | ---D | C] -- C:\ProgramData\VirtualizedApplications [2011/02/09 18:23:00 | 000,000,000 | -H-D | C] -- C:\$AVG [2011/02/09 04:58:20 | 002,329,088 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\win32k.sys [2011/02/09 04:58:18 | 000,716,800 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\jscript.dll [2011/02/09 04:58:18 | 000,428,032 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\vbscript.dll [2011/02/09 04:58:14 | 000,606,208 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mstime.dll [2011/02/09 04:58:14 | 000,599,040 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msfeeds.dll [2011/02/09 04:58:14 | 000,381,440 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\iedkcs32.dll [2011/02/09 04:58:14 | 000,185,856 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\iepeers.dll [2011/02/09 04:58:13 | 001,638,912 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mshtml.tlb [2011/02/09 04:58:13 | 000,386,048 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\html.iec [2011/02/09 04:58:13 | 000,064,512 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msfeedsbs.dll [2011/02/09 04:58:13 | 000,044,544 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\licmgr10.dll [2011/02/09 04:58:13 | 000,012,800 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msfeedssync.exe [2011/02/09 04:58:06 | 000,294,400 | ---- | C] (Adobe Systems Incorporated) -- C:\Windows\System32\atmfd.dll [2011/02/09 04:58:06 | 000,034,304 | ---- | C] (Adobe Systems) -- C:\Windows\System32\atmlib.dll [2011/02/09 04:58:05 | 003,957,120 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ntkrnlpa.exe [2011/02/09 04:58:05 | 003,901,824 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ntoskrnl.exe [2011/02/09 04:58:04 | 001,170,944 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\d3d10warp.dll [2011/02/09 04:58:04 | 001,074,176 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\DWrite.dll [2011/02/09 04:58:04 | 000,739,840 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\d2d1.dll [2011/02/09 04:58:03 | 003,181,568 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mf.dll [2011/02/09 04:58:03 | 001,619,456 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\WMVDECOD.DLL [2011/02/09 04:58:03 | 001,495,040 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ExplorerFrame.dll [2011/02/09 04:58:03 | 000,801,792 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\FntCache.dll [2011/02/09 04:58:03 | 000,442,880 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\XpsPrint.dll [2011/02/09 04:58:03 | 000,283,648 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\XpsGdiConverter.dll [2011/02/09 04:58:03 | 000,218,624 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\d3d10_1core.dll [2011/02/09 04:58:03 | 000,196,608 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mfreadwrite.dll [2011/02/09 04:58:02 | 000,161,792 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\d3d10_1.dll [2011/02/09 04:58:02 | 000,135,168 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\XpsRasterService.dll [2011/02/09 04:57:59 | 000,204,288 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\upnp.dll [2011/02/09 04:57:58 | 000,080,384 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\davclnt.dll [2011/02/09 04:57:57 | 000,051,200 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\wscapi.dll [2011/02/09 04:57:57 | 000,014,336 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\slwga.dll [2011/02/09 04:57:56 | 000,219,008 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\drivers\dxgmms1.sys [2011/02/09 04:57:56 | 000,107,520 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\cdd.dll [2011/02/09 04:15:05 | 000,000,000 | RH-D | C] -- C:\MSOCache [2011/02/09 04:09:45 | 000,000,000 | ---D | C] -- C:\Users\Ellen\AppData\Local\SoftGrid Client [2011/02/09 04:09:20 | 000,000,000 | ---D | C] -- C:\Users\Ellen\AppData\Roaming\SoftGrid Client [2011/02/09 04:08:54 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Office Home and Student (Deutsch) [2011/02/09 04:07:42 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\DESIGNER [2011/02/09 04:07:41 | 000,000,000 | ---D | C] -- C:\Program Files\Microsoft Application Virtualization Client [2011/02/09 04:06:22 | 000,000,000 | ---D | C] -- C:\Users\Ellen\AppData\Roaming\TP [2011/02/09 03:24:24 | 000,000,000 | ---D | C] -- C:\Program Files\MSECache [2011/02/09 03:16:23 | 000,000,000 | --SD | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\OpenOffice.org 3.3 [2011/02/09 03:14:58 | 000,153,376 | ---- | C] (Sun Microsystems, Inc.) -- C:\Windows\System32\javaws.exe [2011/02/09 03:14:58 | 000,145,184 | ---- | C] (Sun Microsystems, Inc.) -- C:\Windows\System32\javaw.exe [2011/02/09 03:14:58 | 000,145,184 | ---- | C] (Sun Microsystems, Inc.) -- C:\Windows\System32\java.exe [2011/02/09 03:10:56 | 000,000,000 | ---D | C] -- C:\Users\Ellen\Desktop\OpenOffice.org 3.3 (de) Installation Files [2011/02/09 02:02:47 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\CCleaner [2011/02/09 00:51:02 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\BurnAware Free [2011/02/09 00:51:01 | 000,000,000 | ---D | C] -- C:\Program Files\BurnAware Free [2011/02/09 00:36:27 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Adobe [2011/02/09 00:36:27 | 000,000,000 | ---D | C] -- C:\Program Files\Adobe [2011/02/03 17:19:23 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\HD Tune [2011/02/03 17:19:23 | 000,000,000 | ---D | C] -- C:\Program Files\HD Tune [2011/02/03 17:13:43 | 000,000,000 | ---D | C] -- C:\Users\Ellen\AppData\Roaming\XnView [2011/02/03 17:13:33 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\XnView [2011/02/03 17:13:32 | 000,000,000 | ---D | C] -- C:\Program Files\XnView [2011/02/03 17:04:44 | 000,000,000 | ---D | C] -- C:\Users\Ellen\Documents\gegl-0.0 [2011/02/03 17:04:44 | 000,000,000 | ---D | C] -- C:\Users\Ellen\.gimp-2.6 [2011/02/03 16:37:52 | 000,000,000 | ---D | C] -- C:\Users\Ellen\AppData\Roaming\Malwarebytes [2011/02/03 16:37:46 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes [2011/02/03 16:06:38 | 000,000,000 | ---D | C] -- C:\Users\Ellen\AppData\Roaming\Apple Computer [2011/02/03 15:25:29 | 000,109,056 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\t2embed.dll [2011/02/03 15:25:27 | 000,002,048 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\tzres.dll [2011/02/03 15:25:21 | 000,641,536 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\CPFilters.dll [2011/02/03 15:25:21 | 000,417,792 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msdri.dll [2011/02/03 15:25:21 | 000,204,288 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\MSNP.ax [2011/02/03 15:25:21 | 000,199,680 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mpg2splt.ax [2011/02/03 15:25:14 | 000,176,640 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ieui.dll [2011/02/03 15:25:14 | 000,048,128 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\jsproxy.dll [2011/02/03 15:25:12 | 000,496,128 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\taskschd.dll [2011/02/03 15:25:12 | 000,351,232 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\wmicmiplugin.dll [2011/02/03 15:25:12 | 000,305,152 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\taskcomp.dll [2011/02/03 15:25:12 | 000,179,712 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\schtasks.exe [2011/02/03 15:25:11 | 000,954,752 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mfc40.dll [2011/02/03 15:25:11 | 000,954,288 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mfc40u.dll [2011/02/03 15:25:09 | 000,573,440 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\odbc32.dll [2011/02/03 15:24:55 | 012,625,408 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\wmploc.DLL [2011/02/03 15:24:53 | 000,026,504 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\drivers\Diskdump.sys [2011/02/03 15:24:19 | 000,314,368 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\webio.dll [2011/02/03 15:24:11 | 000,101,760 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\consent.exe [2011/02/03 15:17:19 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\QuickTime [2011/02/03 15:17:07 | 000,738,816 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\wmpmde.dll [2011/02/03 15:17:03 | 000,000,000 | ---D | C] -- C:\Program Files\QuickTime [2011/02/03 15:17:03 | 000,000,000 | ---D | C] -- C:\ProgramData\Apple Computer [2011/02/03 15:13:10 | 000,363,520 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\StructuredQuery.dll [2011/02/03 15:09:05 | 000,190,976 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\drivers\ks.sys [2010/08/25 18:59:08 | 000,004,096 | ---- | C] ( ) -- C:\Windows\System32\IGFXDEVLib.dll ========== Files - Modified Within 30 Days ========== [2011/02/10 20:01:35 | 000,602,624 | ---- | M] (OldTimer Tools) -- C:\Users\Ellen\Desktop\OTL.exe [2011/02/10 19:57:17 | 000,009,696 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0 [2011/02/10 19:57:17 | 000,009,696 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0 [2011/02/10 19:52:00 | 000,001,096 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job [2011/02/10 19:50:38 | 000,001,221 | ---- | M] () -- C:\Users\Ellen\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\LaunchCenter.lnk [2011/02/10 19:50:18 | 000,001,092 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job [2011/02/10 19:49:47 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat [2011/02/10 19:49:42 | 2287,427,584 | -HS- | M] () -- C:\hiberfil.sys [2011/02/10 19:01:06 | 000,001,967 | ---- | M] () -- C:\Users\Public\Desktop\SUPERAntiSpyware Free Edition.lnk [2011/02/10 18:22:18 | 000,001,584 | ---- | M] () -- C:\Users\Ellen\Desktop\bericht avg trojaner.csv [2011/02/10 18:20:26 | 071,020,990 | ---- | M] () -- C:\Windows\System32\drivers\Avg\incavi.avm [2011/02/10 18:15:48 | 000,435,376 | ---- | M] () -- C:\Windows\System32\FNTCACHE.DAT [2011/02/09 20:34:50 | 000,007,332 | ---- | M] () -- C:\Users\Ellen\Desktop\hijackthis-nochmal [2011/02/09 20:33:02 | 000,007,421 | ---- | M] () -- C:\Users\Ellen\Desktop\hijackthis_ganzneu [2011/02/09 04:08:02 | 000,689,770 | ---- | M] () -- C:\Windows\System32\perfh00C.dat [2011/02/09 04:08:02 | 000,688,776 | ---- | M] () -- C:\Windows\System32\perfh00A.dat [2011/02/09 04:08:02 | 000,686,352 | ---- | M] () -- C:\Windows\System32\perfh013.dat [2011/02/09 04:08:02 | 000,684,694 | ---- | M] () -- C:\Windows\System32\perfh010.dat [2011/02/09 04:08:02 | 000,649,148 | ---- | M] () -- C:\Windows\System32\perfh007.dat [2011/02/09 04:08:02 | 000,613,456 | ---- | M] () -- C:\Windows\System32\perfh01D.dat [2011/02/09 04:08:02 | 000,611,776 | ---- | M] () -- C:\Windows\System32\perfh009.dat [2011/02/09 04:08:02 | 000,457,802 | ---- | M] () -- C:\Windows\System32\perfh006.dat [2011/02/09 04:08:02 | 000,444,244 | ---- | M] () -- C:\Windows\System32\perfh014.dat [2011/02/09 04:08:02 | 000,428,932 | ---- | M] () -- C:\Windows\System32\perfh00B.dat [2011/02/09 04:08:02 | 000,136,316 | ---- | M] () -- C:\Windows\System32\perfc00A.dat [2011/02/09 04:08:02 | 000,132,116 | ---- | M] () -- C:\Windows\System32\perfc013.dat [2011/02/09 04:08:02 | 000,129,336 | ---- | M] () -- C:\Windows\System32\perfc00C.dat [2011/02/09 04:08:02 | 000,129,116 | ---- | M] () -- C:\Windows\System32\perfc007.dat [2011/02/09 04:08:02 | 000,126,296 | ---- | M] () -- C:\Windows\System32\perfc010.dat [2011/02/09 04:08:02 | 000,122,962 | ---- | M] () -- C:\Windows\System32\perfc01D.dat [2011/02/09 04:08:02 | 000,105,698 | ---- | M] () -- C:\Windows\System32\perfc009.dat [2011/02/09 04:08:02 | 000,081,124 | ---- | M] () -- C:\Windows\System32\perfc00B.dat [2011/02/09 04:08:02 | 000,079,016 | ---- | M] () -- C:\Windows\System32\perfc006.dat [2011/02/09 04:08:02 | 000,076,286 | ---- | M] () -- C:\Windows\System32\perfc014.dat [2011/02/09 03:17:24 | 000,001,199 | ---- | M] () -- C:\Users\Ellen\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OpenOffice.org 3.3.lnk [2011/02/09 03:16:23 | 000,001,082 | ---- | M] () -- C:\Users\Public\Desktop\OpenOffice.org 3.3.lnk [2011/02/09 03:14:52 | 000,472,808 | ---- | M] (Sun Microsystems, Inc.) -- C:\Windows\System32\deployJava1.dll [2011/02/09 03:14:52 | 000,153,376 | ---- | M] (Sun Microsystems, Inc.) -- C:\Windows\System32\javaws.exe [2011/02/09 03:14:52 | 000,145,184 | ---- | M] (Sun Microsystems, Inc.) -- C:\Windows\System32\javaw.exe [2011/02/09 03:14:52 | 000,145,184 | ---- | M] (Sun Microsystems, Inc.) -- C:\Windows\System32\java.exe [2011/02/09 02:02:47 | 000,000,971 | ---- | M] () -- C:\Users\Public\Desktop\CCleaner.lnk [2011/02/09 00:51:20 | 000,000,152 | ---- | M] () -- C:\Users\Ellen\AppData\Roaming\burnaware.ini [2011/02/09 00:51:02 | 000,001,018 | ---- | M] () -- C:\Users\Public\Desktop\BurnAware Free.lnk [2011/02/09 00:36:56 | 000,001,995 | ---- | M] () -- C:\Users\Public\Desktop\Adobe Reader X.lnk [2011/02/08 23:59:12 | 000,011,264 | ---- | M] () -- C:\Users\Ellen\Desktop\Microsoft Word-Dokument (neu).doc [2011/02/03 17:19:24 | 000,000,902 | ---- | M] () -- C:\Users\Ellen\Desktop\HD Tune.lnk [2011/02/03 17:13:48 | 000,000,895 | ---- | M] () -- C:\Users\Ellen\Desktop\XnView.lnk [2011/02/03 15:17:19 | 000,001,821 | ---- | M] () -- C:\Users\Public\Desktop\QuickTime Player.lnk [2011/02/03 06:45:07 | 000,219,008 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\drivers\dxgmms1.sys ========== Files Created - No Company Name ========== [2011/02/10 19:01:06 | 000,001,967 | ---- | C] () -- C:\Users\Public\Desktop\SUPERAntiSpyware Free Edition.lnk [2011/02/10 18:22:18 | 000,001,584 | ---- | C] () -- C:\Users\Ellen\Desktop\bericht avg trojaner.csv [2011/02/09 20:34:50 | 000,007,332 | ---- | C] () -- C:\Users\Ellen\Desktop\hijackthis-nochmal [2011/02/09 20:33:02 | 000,007,421 | ---- | C] () -- C:\Users\Ellen\Desktop\hijackthis_ganzneu [2011/02/09 03:25:04 | 000,002,567 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Office Excel Viewer.lnk [2011/02/09 03:17:24 | 000,001,199 | ---- | C] () -- C:\Users\Ellen\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OpenOffice.org 3.3.lnk [2011/02/09 03:16:23 | 000,001,082 | ---- | C] () -- C:\Users\Public\Desktop\OpenOffice.org 3.3.lnk [2011/02/09 02:02:47 | 000,000,971 | ---- | C] () -- C:\Users\Public\Desktop\CCleaner.lnk [2011/02/09 00:51:18 | 000,000,152 | ---- | C] () -- C:\Users\Ellen\AppData\Roaming\burnaware.ini [2011/02/09 00:51:02 | 000,001,018 | ---- | C] () -- C:\Users\Public\Desktop\BurnAware Free.lnk [2011/02/09 00:36:56 | 000,002,441 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Reader X.lnk [2011/02/09 00:36:56 | 000,001,995 | ---- | C] () -- C:\Users\Public\Desktop\Adobe Reader X.lnk [2011/02/08 23:59:12 | 000,011,264 | ---- | C] () -- C:\Users\Ellen\Desktop\Microsoft Word-Dokument (neu).doc [2011/02/03 17:19:24 | 000,000,902 | ---- | C] () -- C:\Users\Ellen\Desktop\HD Tune.lnk [2011/02/03 17:13:34 | 000,000,895 | ---- | C] () -- C:\Users\Ellen\Desktop\XnView.lnk [2011/02/03 15:17:19 | 000,001,821 | ---- | C] () -- C:\Users\Public\Desktop\QuickTime Player.lnk [2010/08/25 18:52:00 | 000,208,896 | ---- | C] () -- C:\Windows\System32\iglhsip32.dll [2010/08/25 18:52:00 | 000,143,360 | ---- | C] () -- C:\Windows\System32\iglhcp32.dll [2010/08/21 17:27:33 | 000,000,400 | ---- | C] () -- C:\Windows\ODBC.INI [2010/05/03 15:52:22 | 000,140,288 | ---- | C] () -- C:\Windows\System32\igfxtvcx.dll [2010/01/18 09:27:40 | 000,073,728 | ---- | C] () -- C:\Windows\System32\RtNicProp32.dll [2009/07/30 12:49:22 | 000,040,448 | ---- | C] () -- C:\Windows\REGOBJ.DLL [2009/07/14 01:55:09 | 000,585,216 | ---- | C] () -- C:\Windows\System32\hpotscld.dll [2009/07/14 00:51:43 | 000,073,728 | ---- | C] () -- C:\Windows\System32\BthpanContextHandler.dll [2009/07/14 00:42:10 | 000,064,000 | ---- | C] () -- C:\Windows\System32\BWContextHandler.dll [2003/02/20 16:53:42 | 000,005,702 | ---- | C] () -- C:\Windows\System32\OUTLPERF.INI < End of report > OTL Logfile: Code:
ATTFilter OTL Extras logfile created on: 2/10/2011 8:04:56 PM - Run 1
OTL by OldTimer - Version 3.2.20.6 Folder = C:\Users\Ellen\Desktop
Home Premium Edition (Version = 6.1.7600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.7600.16385)
Locale: 00000409 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
3.00 Gb Total Physical Memory | 2.00 Gb Available Physical Memory | 66.00% Memory free
6.00 Gb Paging File | 5.00 Gb Available in Paging File | 80.00% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 100.00 Gb Total Space | 60.23 Gb Free Space | 60.23% Space Free | Partition Type: NTFS
Drive D: | 363.75 Gb Total Space | 352.36 Gb Free Space | 96.87% Space Free | Partition Type: NTFS
Computer Name: PC01 | User Name: Ellen | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
========== Extra Registry (SafeList) ==========
========== File Associations ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- C:\Windows\System32\control.exe (Microsoft Corporation)
.hlp [@ = hlpfile] -- C:\Windows\winhlp32.exe (Microsoft Corporation)
[HKEY_CURRENT_USER\SOFTWARE\Classes\<extension>]
.html [@ = FirefoxHTML] -- C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation)
========== Shell Spawning ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
hlpfile [open] -- %SystemRoot%\winhlp32.exe %1 (Microsoft Corporation)
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [AddToPlaylistVLC] -- "C:\Program Files\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" ()
Directory [Browse with &IrfanView] -- "C:\Program Files\IrfanView\i_view32.exe" "%1 /thumbs" (Irfan Skiljan)
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [PlayWithVLC] -- "C:\Program Files\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" ()
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
========== Security Center Settings ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"VistaSp1" = Reg Error: Unknown registry data type -- File not found
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]
========== Firewall Settings ==========
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
========== Authorized Applications List ==========
========== HKEY_LOCAL_MACHINE Uninstall List ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{01FB4998-33C4-4431-85ED-079E3EEFE75D}" = CyberLink YouCam
"{18455581-E099-4BA8-BC6B-F34B2F06600C}" = Google Toolbar for Internet Explorer
"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
"{2318C2B1-4965-11d4-9B18-009027A5CD4F}" = Google Toolbar for Internet Explorer
"{26A24AE4-039D-4CA4-87B4-2F83216022FF}" = Java(TM) 6 Update 22
"{35ED3F83-4BDC-4c44-8EC6-6A8301C7413A}" = McAfee SiteAdvisor
"{3C3901C5-3455-3E0A-A214-0B093A5070A6}" = Microsoft .NET Framework 4 Client Profile
"{4286716B-1287-48E7-9078-3DC8248DBA96}" = OpenOffice.org 3.3
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{50A0893D-47D8-48E0-A7E8-44BCD7E4422E}" = Microsoft SQL Server Native Client
"{53F5C3EE-05ED-4830-994B-50B2F0D50FCE}" = Microsoft SQL Server Setup Support Files (English)
"{57752979-A1C9-4C02-856B-FBB27AC4E02C}" = QuickTime
"{6956856F-B6B3-4BE0-BA0B-8F495BE32033}" = Apple Software Update
"{6EB4FCC1-B3B7-4599-8921-905D095A49FA}" = Fujitsu Launch Manager
"{81A6F461-0DBA-4F12-B56F-0E977EC10576}_is1" = PDF24 Creator
"{837b34e3-7c30-493c-8f6a-2b0f04e2912c}" = Microsoft Visual C++ 2005 Redistributable
"{90140000-006D-0407-0000-0000000FF1CE}" = Microsoft Office Klick-und-Los 2010
"{90140011-0061-0407-0000-0000000FF1CE}" = Microsoft Office Home and Student 2010 - Deutsch
"{91CA0407-6000-11D3-8CFE-0150048383C9}" = Microsoft Office Small Business Edition 2003
"{95120000-003F-0407-0000-0000000FF1CE}" = Microsoft Office Excel Viewer
"{96AE7E41-E34E-47D0-AC07-1091A8127911}" = Realtek USB 2.0 Card Reader
"{97C82B44-D408-4F14-9252-47FC1636D23E}_is1" = IZArc 4.1
"{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper
"{AC76BA86-7AD7-1031-7B44-AA0000000001}" = Adobe Reader X (10.0.1) - Deutsch
"{CDDCBBF1-2703-46BC-938B-BCC81A1EEAAA}" = SUPERAntiSpyware
"{E6B28CE4-9D73-4B7D-9329-A0ED4855D686}" = Fujitsu OSD Utility
"{EE6097DD-05F4-4178-9719-D3170BF098E8}" = Apple Application Support
"{EF59DB7F-7426-426E-B862-7031F83ED304}" = SystemDiagnostics
"{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver
"{F4F4F84E-804F-4E9A-84D7-C34283F0088F}" = RealUpgrade 1.0
"Adobe Flash Player Plugin" = Adobe Flash Player 10 Plugin
"Adobe Shockwave Player" = Adobe Shockwave Player 11.5
"AVG9Uninstall" = AVG Free 9.0
"BurnAware Free_is1" = BurnAware Free 3.1.3
"CCleaner" = CCleaner
"HD Tune_is1" = HD Tune 2.55
"HDMI" = Intel(R) Graphics Media Accelerator Driver
"InstallShield_{01FB4998-33C4-4431-85ED-079E3EEFE75D}" = CyberLink YouCam
"InstallShield_{6EB4FCC1-B3B7-4599-8921-905D095A49FA}" = Fujitsu Launch Manager
"InstallShield_{E6B28CE4-9D73-4B7D-9329-A0ED4855D686}" = Fujitsu OSD Utility
"IrfanView" = IrfanView (remove only)
"Mediscript-CD GK1" = Mediscript-CD GK1
"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile
"Mozilla Firefox (3.6.13)" = Mozilla Firefox (3.6.13)
"Office14.Click2Run" = Microsoft Office Klick-und-Los 2010
"RealAlt_is1" = Real Alternative 2.0.2
"RealPlayer 12.0" = RealPlayer
"ToggleEN Toolbar" = ToggleEN Toolbar
"TVWiz" = Intel(R) TV Wizard
"VLC media player" = VLC media player 1.0.5
"XnView_is1" = XnView 1.97.8
========== HKEY_CURRENT_USER Uninstall List ==========
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
========== Last 10 Event Log Errors ==========
[ Application Events ]
Error - 8/21/2010 12:14:00 PM | Computer Name = PC01 | Source = Microsoft-Windows-CAPI2 | ID = 4107
Description = Fehler beim Extrahieren der Drittanbieterstammliste aus der automatischen
Aktualisierungs-CAB-Datei bei <hxxp://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cab>.
Fehler: Ein erforderliches Zertifikat befindet sich nicht im Gültigkeitszeitraum
gemessen an der aktuellen Systemzeit oder dem Zeitstempel in der signierten Datei.
.
Error - 8/21/2010 12:15:25 PM | Computer Name = PC01 | Source = Microsoft-Windows-CAPI2 | ID = 4107
Description = Fehler beim Extrahieren der Drittanbieterstammliste aus der automatischen
Aktualisierungs-CAB-Datei bei <hxxp://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cab>.
Fehler: Ein erforderliches Zertifikat befindet sich nicht im Gültigkeitszeitraum
gemessen an der aktuellen Systemzeit oder dem Zeitstempel in der signierten Datei.
.
Error - 8/21/2010 5:18:01 PM | Computer Name = PC01 | Source = MsiInstaller | ID = 11500
Description =
Error - 8/22/2010 5:21:19 PM | Computer Name = PC01 | Source = Application Error | ID = 1000
Description = Name der fehlerhaften Anwendung: RealPlay.exe, Version: 12.0.0.756,
Zeitstempel: 0x4bd8c322 Name des fehlerhaften Moduls: hxxml.dll, Version: 0.0.0.0,
Zeitstempel: 0x4b99d92d Ausnahmecode: 0xc0000005 Fehleroffset: 0x00008016 ID des fehlerhaften
Prozesses: 0x420 Startzeit der fehlerhaften Anwendung: 0x01cb423feef900c6 Pfad der
fehlerhaften Anwendung: C:\Program Files\Real\RealPlayer\RealPlay.exe Pfad des fehlerhaften
Moduls: C:\Program Files\Common Files\Real\Plugins\hxxml.dll Berichtskennung: 34017609-ae33-11df-a2c3-00269e708f36
Error - 10/18/2010 12:22:09 PM | Computer Name = PC01 | Source = VSS | ID = 8194
Description =
Error - 2/3/2011 10:06:42 AM | Computer Name = PC01 | Source = VSS | ID = 8194
Description =
Error - 2/3/2011 10:12:36 AM | Computer Name = PC01 | Source = MsiInstaller | ID = 11500
Description =
Error - 2/3/2011 11:03:53 AM | Computer Name = PC01 | Source = MsiInstaller | ID = 1013
Description =
Error - 2/3/2011 12:06:02 PM | Computer Name = PC01 | Source = Application Hang | ID = 1002
Description = Programm gimp-2.6.exe, Version 0.0.0.0 kann nicht mehr unter Windows
ausgeführt werden und wurde beendet. Überprüfen Sie den Problemverlauf in der Wartungscenter-Systemsteuerung,
um nach weiteren Informationen zum Problem zu suchen. Prozess-ID: b78 Startzeit:
01cbc3bc10325248 Endzeit: 0 Anwendungspfad: C:\Program Files\GIMP-2.0\bin\gimp-2.6.exe
Berichts-ID:
72c692c9-2faf-11e0-8f2c-00269e708f36
Error - 2/3/2011 12:06:44 PM | Computer Name = PC01 | Source = Application Hang | ID = 1002
Description = Programm gimp-2.6.exe, Version 0.0.0.0 kann nicht mehr unter Windows
ausgeführt werden und wurde beendet. Überprüfen Sie den Problemverlauf in der Wartungscenter-Systemsteuerung,
um nach weiteren Informationen zum Problem zu suchen. Prozess-ID: 1090 Startzeit:
01cbc3bc41f61703 Endzeit: 16 Anwendungspfad: C:\Program Files\GIMP-2.0\bin\gimp-2.6.exe
Berichts-ID:
942ce1a1-2faf-11e0-8f2c-00269e708f36
[ System Events ]
Error - 5/16/2010 3:39:34 PM | Computer Name = PC01 | Source = Disk | ID = 262155
Description = Der Treiber hat einen Controllerfehler auf \Device\Harddisk1\DR1 gefunden.
Error - 5/16/2010 3:39:35 PM | Computer Name = PC01 | Source = Disk | ID = 262155
Description = Der Treiber hat einen Controllerfehler auf \Device\Harddisk1\DR1 gefunden.
Error - 5/16/2010 3:39:35 PM | Computer Name = PC01 | Source = Disk | ID = 262155
Description = Der Treiber hat einen Controllerfehler auf \Device\Harddisk1\DR1 gefunden.
Error - 5/16/2010 3:39:36 PM | Computer Name = PC01 | Source = Disk | ID = 262155
Description = Der Treiber hat einen Controllerfehler auf \Device\Harddisk1\DR1 gefunden.
Error - 5/16/2010 3:39:36 PM | Computer Name = PC01 | Source = Disk | ID = 262155
Description = Der Treiber hat einen Controllerfehler auf \Device\Harddisk1\DR1 gefunden.
Error - 8/21/2010 12:27:34 PM | Computer Name = PC01 | Source = Service Control Manager | ID = 7030
Description = Der Dienst "Machine Debug Manager" ist als interaktiver Dienst gekennzeichnet.
Das System wurde jedoch so konfiguriert, dass interaktive Dienste nicht möglich
sind. Der Dienst wird möglicherweise nicht richtig funktionieren.
Error - 8/22/2010 2:48:48 PM | Computer Name = PC01 | Source = Disk | ID = 262155
Description = Der Treiber hat einen Controllerfehler auf \Device\Harddisk1\DR1 gefunden.
Error - 8/22/2010 2:48:49 PM | Computer Name = PC01 | Source = Disk | ID = 262155
Description = Der Treiber hat einen Controllerfehler auf \Device\Harddisk1\DR1 gefunden.
Error - 8/22/2010 2:48:50 PM | Computer Name = PC01 | Source = Disk | ID = 262155
Description = Der Treiber hat einen Controllerfehler auf \Device\Harddisk1\DR1 gefunden.
Error - 8/22/2010 2:48:50 PM | Computer Name = PC01 | Source = Disk | ID = 262155
Description = Der Treiber hat einen Controllerfehler auf \Device\Harddisk1\DR1 gefunden.
< End of report >
Vielen Dank! Viele Grüße Shelley |
|
10.02.2011, 20:13
| #6 |
| | HijackThis erkennt weder Virenschutzprogramm noch Firewall Hallo Arne, leider habe ich Malewarebytes heute gegen SUPERAntiSpyware Free ausgetauscht, aber kann dessen Log (von heute) posten: SUPERAntiSpyware Scan Log SUPERAntiSpyware.com | Remove Malware | Remove Spyware - AntiMalware, AntiSpyware, AntiAdware! Generated 02/10/2011 at 07:35 PM Application Version : 4.48.1000 Core Rules Database Version : 6373 Trace Rules Database Version: 4185 Scan type : Complete Scan Total Scan Time : 00:31:33 Memory items scanned : 659 Memory threats detected : 0 Registry items scanned : 8702 Registry threats detected : 0 File items scanned : 32559 File threats detected : 25 Adware.Tracking Cookie C:\Users\Ellen\AppData\Roaming\Microsoft\Windows\Cookies\ellen@ad.yieldmanager[2].txt C:\Users\Ellen\AppData\Roaming\Microsoft\Windows\Cookies\ellen@content.yieldmanager[1].txt C:\Users\Ellen\AppData\Roaming\Microsoft\Windows\Cookies\ellen@invitemedia[1].txt C:\Users\Ellen\AppData\Roaming\Microsoft\Windows\Cookies\ellen@doubleclick[1].txt C:\Users\Ellen\AppData\Roaming\Microsoft\Windows\Cookies\Low\ellen@apmebf[2].txt C:\Users\Ellen\AppData\Roaming\Microsoft\Windows\Cookies\Low\ellen@tradedoubler[1].txt C:\Users\Ellen\AppData\Roaming\Microsoft\Windows\Cookies\Low\ellen@zanox[1].txt C:\Users\Ellen\AppData\Roaming\Microsoft\Windows\Cookies\Low\ellen@webmasterplan[2].txt C:\Users\Ellen\AppData\Roaming\Microsoft\Windows\Cookies\Low\ellen@www.etracker[2].txt C:\Users\Ellen\AppData\Roaming\Microsoft\Windows\Cookies\Low\ellen@doubleclick[1].txt C:\Users\Ellen\AppData\Roaming\Microsoft\Windows\Cookies\Low\ellen@atdmt[1].txt C:\Users\Ellen\AppData\Roaming\Microsoft\Windows\Cookies\Low\ellen@invitemedia[1].txt C:\Users\Ellen\AppData\Roaming\Microsoft\Windows\Cookies\Low\ellen@ad.zanox[1].txt C:\Users\Ellen\AppData\Roaming\Microsoft\Windows\Cookies\Low\ellen@mediaplex[2].txt C:\Users\Ellen\AppData\Roaming\Microsoft\Windows\Cookies\Low\ellen@ad.yieldmanager[2].txt de.sitestat.com [ C:\Users\Ellen\AppData\Roaming\Mozilla\Firefox\Profiles\e9byicni.default\cookies.sqlite ] de.sitestat.com [ C:\Users\Ellen\AppData\Roaming\Mozilla\Firefox\Profiles\e9byicni.default\cookies.sqlite ] .imrworldwide.com [ C:\Users\Ellen\AppData\Roaming\Mozilla\Firefox\Profiles\e9byicni.default\cookies.sqlite ] .imrworldwide.com [ C:\Users\Ellen\AppData\Roaming\Mozilla\Firefox\Profiles\e9byicni.default\cookies.sqlite ] etracker Webcontrolling - Echtzeit Webanalyse statt Besucherzähler [ C:\Users\Ellen\AppData\Roaming\Mozilla\Firefox\Profiles\e9byicni.default\cookies.sqlite ] etracker Webcontrolling - Echtzeit Webanalyse statt Besucherzähler [ C:\Users\Ellen\AppData\Roaming\Mozilla\Firefox\Profiles\e9byicni.default\cookies.sqlite ] etracker Webcontrolling - Echtzeit Webanalyse statt Besucherzähler [ C:\Users\Ellen\AppData\Roaming\Mozilla\Firefox\Profiles\e9byicni.default\cookies.sqlite ] .statcounter.com [ C:\Users\Ellen\AppData\Roaming\Mozilla\Firefox\Profiles\e9byicni.default\cookies.sqlite ] .avgtechnologies.112.2o7.net [ C:\Users\Ellen\AppData\Roaming\Mozilla\Firefox\Profiles\e9byicni.default\cookies.sqlite ] .kaspersky.122.2o7.net [ C:\Users\Ellen\AppData\Roaming\Mozilla\Firefox\Profiles\e9byicni.default\cookies.sqlite ] Ich habe alle Cookies in Quarantäne/Entfernen geschoben außer das von avgtechnologies, kaspersky & statcounter, weil ich mir da unsicher war. Anbei die OTL-Logs:OTL Logfile: Code:
ATTFilter OTL logfile created on: 2/10/2011 8:04:56 PM - Run 1 OTL by OldTimer - Version 3.2.20.6 Folder = C:\Users\Ellen\Desktop Home Premium Edition (Version = 6.1.7600) - Type = NTWorkstation Internet Explorer (Version = 8.0.7600.16385) Locale: 00000409 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy 3.00 Gb Total Physical Memory | 2.00 Gb Available Physical Memory | 66.00% Memory free 6.00 Gb Paging File | 5.00 Gb Available in Paging File | 80.00% Paging File free Paging file location(s): ?:\pagefile.sys [binary data] %SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files Drive C: | 100.00 Gb Total Space | 60.23 Gb Free Space | 60.23% Space Free | Partition Type: NTFS Drive D: | 363.75 Gb Total Space | 352.36 Gb Free Space | 96.87% Space Free | Partition Type: NTFS Computer Name: PC01 | User Name: Ellen | Logged in as Administrator. Boot Mode: Normal | Scan Mode: Current user Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days ========== Processes (SafeList) ========== PRC - C:\Users\Ellen\Desktop\OTL.exe (OldTimer Tools) PRC - C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation) PRC - C:\Program Files\AVG\AVG9\avgtray.exe (AVG Technologies CZ, s.r.o.) PRC - C:\Program Files\AVG\AVG9\avgnsx.exe (AVG Technologies CZ, s.r.o.) PRC - C:\Program Files\AVG\AVG9\avgcsrvx.exe (AVG Technologies CZ, s.r.o.) PRC - C:\Program Files\OpenOffice.org 3\program\soffice.exe (OpenOffice.org) PRC - C:\Program Files\OpenOffice.org 3\program\soffice.bin (OpenOffice.org) PRC - C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe (SUPERAntiSpyware.com) PRC - c:\PROGRA~1\mcafee\SITEAD~1\mcsacore.exe (McAfee, Inc.) PRC - C:\Program Files\AVG\AVG9\avgrsx.exe (AVG Technologies CZ, s.r.o.) PRC - C:\Program Files\AVG\AVG9\avgwdsvc.exe (AVG Technologies CZ, s.r.o.) PRC - C:\Program Files\AVG\AVG9\avgchsvx.exe (AVG Technologies CZ, s.r.o.) PRC - C:\Program Files\Common Files\Real\Update_OB\realsched.exe (RealNetworks, Inc.) PRC - C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe (Google Inc.) PRC - C:\Program Files\pdf24\pdf24.exe (Geek Software GmbH) PRC - C:\Program Files\Microsoft Application Virtualization Client\sftvsa.exe (Microsoft Corporation) PRC - C:\Program Files\Microsoft Application Virtualization Client\sftlist.exe (Microsoft Corporation) PRC - C:\Windows\explorer.exe (Microsoft Corporation) PRC - C:\Windows\System32\taskhost.exe (Microsoft Corporation) PRC - C:\Program Files\CyberLink\YouCam\YouCamTray.exe (CyberLink Corp.) PRC - C:\Program Files\Realtek\Audio\HDA\RtHDVCpl.exe (Realtek Semiconductor) PRC - C:\Program Files\Fujitsu OSD Utility\OSDUtility.exe (Fujitsu Technology Solutions) PRC - C:\Program Files\Fujitsu Launch Manager\LaunchMgr.exe (Fujitsu Technology Solutions) PRC - C:\Program Files\Fujitsu\SystemDiagnostics\OnlineDiagnostic\TestManager\TestHandler.exe (Fujitsu Technology Solutions) ========== Modules (SafeList) ========== MOD - C:\Users\Ellen\Desktop\OTL.exe (OldTimer Tools) MOD - c:\PROGRA~1\mcafee\SITEAD~1\saHook.dll (McAfee, Inc.) MOD - C:\Windows\System32\avgrsstx.dll (AVG Technologies CZ, s.r.o.) MOD - C:\Windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7600.16661_none_420fe3fa2b8113bd\comctl32.dll (Microsoft Corporation) MOD - C:\Windows\System32\sspicli.dll (Microsoft Corporation) MOD - C:\Windows\System32\sechost.dll (Microsoft Corporation) MOD - C:\Windows\System32\samcli.dll (Microsoft Corporation) MOD - C:\Windows\System32\profapi.dll (Microsoft Corporation) MOD - C:\Windows\System32\netutils.dll (Microsoft Corporation) MOD - C:\Windows\System32\KernelBase.dll (Microsoft Corporation) MOD - C:\Windows\System32\dwmapi.dll (Microsoft Corporation) MOD - C:\Windows\System32\devobj.dll (Microsoft Corporation) MOD - C:\Windows\System32\cryptbase.dll (Microsoft Corporation) MOD - C:\Windows\System32\cfgmgr32.dll (Microsoft Corporation) ========== Win32 Services (SafeList) ========== SRV - (McAfee SiteAdvisor Service) -- c:\PROGRA~1\mcafee\SITEAD~1\mcsacore.exe (McAfee, Inc.) SRV - (FontCache) -- C:\Windows\System32\FntCache.dll (Microsoft Corporation) SRV - (avg9wd) -- C:\Program Files\AVG\AVG9\avgwdsvc.exe (AVG Technologies CZ, s.r.o.) SRV - (clr_optimization_v4.0.30319_32) -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe (Microsoft Corporation) SRV - (sftvsa) -- C:\Program Files\Microsoft Application Virtualization Client\sftvsa.exe (Microsoft Corporation) SRV - (sftlist) -- C:\Program Files\Microsoft Application Virtualization Client\sftlist.exe (Microsoft Corporation) SRV - (WwanSvc) -- C:\Windows\System32\wwansvc.dll (Microsoft Corporation) SRV - (WbioSrvc) -- C:\Windows\System32\wbiosrvc.dll (Microsoft Corporation) SRV - (Power) -- C:\Windows\System32\umpo.dll (Microsoft Corporation) SRV - (Themes) -- C:\Windows\System32\themeservice.dll (Microsoft Corporation) SRV - (sppuinotify) -- C:\Windows\System32\sppuinotify.dll (Microsoft Corporation) SRV - (RpcEptMapper) -- C:\Windows\System32\RpcEpMap.dll (Microsoft Corporation) SRV - (SensrSvc) -- C:\Windows\System32\sensrsvc.dll (Microsoft Corporation) SRV - (PNRPsvc) -- C:\Windows\System32\pnrpsvc.dll (Microsoft Corporation) SRV - (p2pimsvc) -- C:\Windows\System32\pnrpsvc.dll (Microsoft Corporation) SRV - (HomeGroupProvider) -- C:\Windows\System32\provsvc.dll (Microsoft Corporation) SRV - (PNRPAutoReg) -- C:\Windows\System32\pnrpauto.dll (Microsoft Corporation) SRV - (WinDefend) -- C:\Program Files\Windows Defender\mpsvc.dll (Microsoft Corporation) SRV - (HomeGroupListener) -- C:\Windows\System32\ListSvc.dll (Microsoft Corporation) SRV - (Dhcp) -- C:\Windows\System32\dhcpcore.dll (Microsoft Corporation) SRV - (defragsvc) -- C:\Windows\System32\defragsvc.dll (Microsoft Corporation) SRV - (BDESVC) -- C:\Windows\System32\bdesvc.dll (Microsoft Corporation) SRV - (AxInstSV) ActiveX-Installer (AxInstSV) -- C:\Windows\System32\AxInstSv.dll (Microsoft Corporation) SRV - (AppIDSvc) -- C:\Windows\System32\appidsvc.dll (Microsoft Corporation) SRV - (sppsvc) -- C:\Windows\System32\sppsvc.exe (Microsoft Corporation) SRV - (TestHandler) -- C:\Program Files\Fujitsu\SystemDiagnostics\OnlineDiagnostic\TestManager\TestHandler.exe (Fujitsu Technology Solutions) ========== Driver Services (SafeList) ========== DRV - (igfx) -- C:\Windows\System32\drivers\igdkmd32.sys (Intel Corporation) DRV - (AvgTdiX) -- C:\Windows\System32\Drivers\avgtdix.sys (AVG Technologies CZ, s.r.o.) DRV - (AvgMfx86) -- C:\Windows\System32\Drivers\avgmfx86.sys (AVG Technologies CZ, s.r.o.) DRV - (AvgLdx86) -- C:\Windows\System32\Drivers\avgldx86.sys (AVG Technologies CZ, s.r.o.) DRV - (SASKUTIL) -- C:\Program Files\SUPERAntiSpyware\SASKUTIL.SYS (SUPERAdBlocker.com and SUPERAntiSpyware.com) DRV - (SASDIFSV) -- C:\Program Files\SUPERAntiSpyware\SASDIFSV.SYS (SUPERAdBlocker.com and SUPERAntiSpyware.com) DRV - (KSecPkg) -- C:\Windows\System32\Drivers\ksecpkg.sys (Microsoft Corporation) DRV - (Sftvol) -- C:\Windows\System32\drivers\Sftvollh.sys (Microsoft Corporation) DRV - (Sftredir) -- C:\Windows\System32\drivers\Sftredirlh.sys (Microsoft Corporation) DRV - (Sftplay) -- C:\Windows\System32\drivers\Sftplaylh.sys (Microsoft Corporation) DRV - (Sftfs) -- C:\Windows\System32\drivers\Sftfslh.sys (Microsoft Corporation) DRV - (cmdide) -- C:\Windows\system32\DRIVERS\cmdide.sys (CMD Technology, Inc.) DRV - (adpahci) -- C:\Windows\system32\DRIVERS\adpahci.sys (Adaptec, Inc.) DRV - (adp94xx) -- C:\Windows\system32\DRIVERS\adp94xx.sys (Adaptec, Inc.) DRV - (amdsbs) -- C:\Windows\system32\DRIVERS\amdsbs.sys (AMD Technologies Inc.) DRV - (adpu320) -- C:\Windows\system32\DRIVERS\adpu320.sys (Adaptec, Inc.) DRV - (arcsas) -- C:\Windows\system32\DRIVERS\arcsas.sys (Adaptec, Inc.) DRV - (amdsata) -- C:\Windows\system32\DRIVERS\amdsata.sys (Advanced Micro Devices) DRV - (arc) -- C:\Windows\system32\DRIVERS\arc.sys (Adaptec, Inc.) DRV - (amdxata) -- C:\Windows\system32\DRIVERS\amdxata.sys (Advanced Micro Devices) DRV - (aliide) -- C:\Windows\system32\DRIVERS\aliide.sys (Acer Laboratories Inc.) DRV - (nvstor) -- C:\Windows\system32\DRIVERS\nvstor.sys (NVIDIA Corporation) DRV - (nvraid) -- C:\Windows\system32\DRIVERS\nvraid.sys (NVIDIA Corporation) DRV - (nfrd960) -- C:\Windows\system32\DRIVERS\nfrd960.sys (IBM Corporation) DRV - (LSI_SAS) -- C:\Windows\system32\DRIVERS\lsi_sas.sys (LSI Corporation) DRV - (iaStorV) -- C:\Windows\system32\DRIVERS\iaStorV.sys (Intel Corporation) DRV - (MegaSR) -- C:\Windows\system32\DRIVERS\MegaSR.sys (LSI Corporation, Inc.) DRV - (LSI_SCSI) -- C:\Windows\system32\DRIVERS\lsi_scsi.sys (LSI Corporation) DRV - (LSI_FC) -- C:\Windows\system32\DRIVERS\lsi_fc.sys (LSI Corporation) DRV - (LSI_SAS2) -- C:\Windows\system32\DRIVERS\lsi_sas2.sys (LSI Corporation) DRV - (iirsp) -- C:\Windows\system32\DRIVERS\iirsp.sys (Intel Corp./ICP vortex GmbH) DRV - (megasas) -- C:\Windows\system32\DRIVERS\megasas.sys (LSI Corporation) DRV - (hwpolicy) -- C:\Windows\System32\drivers\hwpolicy.sys (Microsoft Corporation) DRV - (elxstor) -- C:\Windows\system32\DRIVERS\elxstor.sys (Emulex) DRV - (aic78xx) -- C:\Windows\system32\DRIVERS\djsvs.sys (Adaptec, Inc.) DRV - (HpSAMD) -- C:\Windows\system32\DRIVERS\HpSAMD.sys (Hewlett-Packard Company) DRV - (FsDepends) -- C:\Windows\System32\drivers\fsdepends.sys (Microsoft Corporation) DRV - (vsmraid) -- C:\Windows\system32\DRIVERS\vsmraid.sys (VIA Technologies Inc.,Ltd) DRV - (vhdmp) -- C:\Windows\system32\DRIVERS\vhdmp.sys (Microsoft Corporation) DRV - (vdrvroot) -- C:\Windows\system32\DRIVERS\vdrvroot.sys (Microsoft Corporation) DRV - (WIMMount) -- C:\Windows\System32\drivers\wimmount.sys (Microsoft Corporation) DRV - (viaide) -- C:\Windows\system32\DRIVERS\viaide.sys (VIA Technologies, Inc.) DRV - (ql2300) -- C:\Windows\system32\DRIVERS\ql2300.sys (QLogic Corporation) DRV - (rdyboost) -- C:\Windows\System32\drivers\rdyboost.sys (Microsoft Corporation) DRV - (ql40xx) -- C:\Windows\system32\DRIVERS\ql40xx.sys (QLogic Corporation) DRV - (SiSRaid4) -- C:\Windows\system32\DRIVERS\sisraid4.sys (Silicon Integrated Systems) DRV - (pcw) -- C:\Windows\System32\drivers\pcw.sys (Microsoft Corporation) DRV - (SiSRaid2) -- C:\Windows\system32\DRIVERS\SiSRaid2.sys (Silicon Integrated Systems Corp.) DRV - (stexstor) -- C:\Windows\system32\DRIVERS\stexstor.sys (Promise Technology) DRV - (CNG) -- C:\Windows\System32\Drivers\cng.sys (Microsoft Corporation) DRV - (Brserid) Brother MFC Serial Port Interface Driver (WDM) -- C:\Windows\System32\Drivers\Brserid.sys (Brother Industries Ltd.) DRV - (rdpbus) -- C:\Windows\system32\DRIVERS\rdpbus.sys (Microsoft Corporation) DRV - (RDPREFMP) -- C:\Windows\System32\drivers\RDPREFMP.sys (Microsoft Corporation) DRV - (RasAgileVpn) WAN Miniport (IKEv2) -- C:\Windows\System32\drivers\agilevpn.sys (Microsoft Corporation) DRV - (WfpLwf) -- C:\Windows\System32\drivers\wfplwf.sys (Microsoft Corporation) DRV - (NdisCap) -- C:\Windows\System32\drivers\ndiscap.sys (Microsoft Corporation) DRV - (vwififlt) -- C:\Windows\System32\drivers\vwififlt.sys (Microsoft Corporation) DRV - (vwifibus) -- C:\Windows\System32\drivers\vwifibus.sys (Microsoft Corporation) DRV - (1394ohci) -- C:\Windows\system32\DRIVERS\1394ohci.sys (Microsoft Corporation) DRV - (UmPass) -- C:\Windows\system32\DRIVERS\umpass.sys (Microsoft Corporation) DRV - (mshidkmdf) -- C:\Windows\System32\drivers\mshidkmdf.sys (Microsoft Corporation) DRV - (MTConfig) -- C:\Windows\system32\DRIVERS\MTConfig.sys (Microsoft Corporation) DRV - (CompositeBus) -- C:\Windows\System32\drivers\CompositeBus.sys (Microsoft Corporation) DRV - (AppID) -- C:\Windows\system32\drivers\appid.sys (Microsoft Corporation) DRV - (scfilter) -- C:\Windows\System32\drivers\scfilter.sys (Microsoft Corporation) DRV - (discache) -- C:\Windows\System32\drivers\discache.sys (Microsoft Corporation) DRV - (AcpiPmi) -- C:\Windows\system32\DRIVERS\acpipmi.sys (Microsoft Corporation) DRV - (TPM) -- C:\Windows\System32\drivers\tpm.sys (Microsoft Corporation) DRV - (AmdPPM) -- C:\Windows\system32\DRIVERS\amdppm.sys (Microsoft Corporation) DRV - (hcw85cir) -- C:\Windows\system32\drivers\hcw85cir.sys (Hauppauge Computer Works, Inc.) DRV - (BrUsbMdm) -- C:\Windows\System32\Drivers\BrUsbMdm.sys (Brother Industries Ltd.) DRV - (BrUsbSer) -- C:\Windows\System32\Drivers\BrUsbSer.sys (Brother Industries Ltd.) DRV - (BrSerWdm) -- C:\Windows\System32\Drivers\BrSerWdm.sys (Brother Industries Ltd.) DRV - (BrFiltLo) -- C:\Windows\system32\DRIVERS\BrFiltLo.sys (Brother Industries, Ltd.) DRV - (BrFiltUp) -- C:\Windows\system32\DRIVERS\BrFiltUp.sys (Brother Industries, Ltd.) DRV - (b57nd60x) -- C:\Windows\System32\drivers\b57nd60x.sys (Broadcom Corporation) DRV - (ebdrv) -- C:\Windows\system32\DRIVERS\evbdx.sys (Broadcom Corporation) DRV - (b06bdrv) -- C:\Windows\system32\DRIVERS\bxvbdx.sys (Broadcom Corporation) DRV - (athr) -- C:\Windows\System32\drivers\athr.sys (Atheros Communications, Inc.) DRV - (RSUSBSTOR) -- C:\Windows\System32\drivers\RtsUStor.sys (Realtek Semiconductor Corp.) DRV - (IntcAzAudAddService) Service for Realtek HD Audio (WDM) -- C:\Windows\System32\drivers\RTKVHDA.sys (Realtek Semiconductor Corp.) DRV - (RTL8167) -- C:\Windows\System32\drivers\Rt86win7.sys (Realtek ) ========== Standard Registry (SafeList) ========== ========== Internet Explorer ========== IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = ${URL_SEARCHPAGE} IE - HKLM\..\URLSearchHook: {038cb5c7-48ea-4af9-94e0-a1646542e62b} - C:\Program Files\ToggleEN\tbTogg.dll (Conduit Ltd.) IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = iGoogle IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Search_URL = Google Toolbar IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Secondary_Page_URL = Fujitsu Technology Solutions ? IT products, solutions and services [binary data] IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = Google IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Secondary Start Pages = Fujitsu Technology Solutions ? IT products, solutions and services [binary data] IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = MSN, Messenger und Hotmail sowie Nachrichten, Unterhaltung, Video, Sport, Lifestyle, Finanzen, Auto uvm. bei MSN IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Search,Default_Search_URL = Google Toolbar IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = Google Toolbar IE - HKCU\..\URLSearchHook: {038cb5c7-48ea-4af9-94e0-a1646542e62b} - C:\Program Files\ToggleEN\tbTogg.dll (Conduit Ltd.) IE - HKCU\..\URLSearchHook: {0EBBBE48-BAD4-4B4C-8E5A-516ABECAE064} - c:\PROGRA~1\mcafee\SITEAD~1\mcieplg.dll (McAfee, Inc.) IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 ========== FireFox ========== FF - prefs.js..browser.search.defaultenginename: "Sichere Suche" FF - prefs.js..browser.search.selectedEngine: "Google" FF - prefs.js..extensions.enabledItems: {B7082FAA-CB62-4872-9106-E42DD88EDE45}:3.3 FF - prefs.js..extensions.enabledItems: {ABDE892B-13A8-4d1b-88E6-365A6E755758}:1.1.4 FF - prefs.js..extensions.enabledItems: {1018e4d6-728f-4b20-ad56-37578a4de76b}:4.0.14 FF - prefs.js..extensions.enabledItems: {d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}:1.3.3 FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}:6.0.20 FF - prefs.js..extensions.enabledItems: {04426594-bce6-4705-b811-bcdba2fd9c7b}:1.1 FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}:6.0.22 FF - prefs.js..extensions.enabledItems: {35f30c76-35d4-56d9-8dbc-000a6e787ef4}:1.2.2 FF - prefs.js..keyword.URL: "hxxp://de.search.yahoo.com/search?fr=mcafee&p=" FF - HKLM\software\mozilla\Firefox\Extensions\\{ABDE892B-13A8-4d1b-88E6-365A6E755758}: C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\Firefox\Ext [2010/05/16 21:00:44 | 000,000,000 | ---D | M] FF - HKLM\software\mozilla\Firefox\Extensions\\{B7082FAA-CB62-4872-9106-E42DD88EDE45}: C:\Program Files\McAfee\SiteAdvisor [2011/02/10 18:21:06 | 000,000,000 | ---D | M] FF - HKLM\software\mozilla\Mozilla Firefox 3.6.13\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2011/02/09 04:49:51 | 000,000,000 | ---D | M] FF - HKLM\software\mozilla\Mozilla Firefox 3.6.13\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2011/02/09 04:49:51 | 000,000,000 | ---D | M] [2010/05/16 16:42:05 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Ellen\AppData\Roaming\mozilla\Extensions [2011/02/10 18:58:28 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Ellen\AppData\Roaming\mozilla\Firefox\Profiles\e9byicni.default\extensions [2010/08/22 21:38:15 | 000,000,000 | ---D | M] (ToggleEN Toolbar) -- C:\Users\Ellen\AppData\Roaming\mozilla\Firefox\Profiles\e9byicni.default\extensions\{038cb5c7-48ea-4af9-94e0-a1646542e62b} [2011/02/09 01:14:11 | 000,000,000 | ---D | M] ("Firesizer") -- C:\Users\Ellen\AppData\Roaming\mozilla\Firefox\Profiles\e9byicni.default\extensions\{04426594-bce6-4705-b811-bcdba2fd9c7b} [2011/02/10 18:58:21 | 000,000,000 | ---D | M] (Flagfox) -- C:\Users\Ellen\AppData\Roaming\mozilla\Firefox\Profiles\e9byicni.default\extensions\{1018e4d6-728f-4b20-ad56-37578a4de76b} [2010/05/16 19:53:06 | 000,000,000 | ---D | M] (TrafficFox) -- C:\Users\Ellen\AppData\Roaming\mozilla\Firefox\Profiles\e9byicni.default\extensions\{35f30c76-35d4-56d9-8dbc-000a6e787ef4} [2011/02/10 18:58:20 | 000,000,000 | ---D | M] (Adblock Plus) -- C:\Users\Ellen\AppData\Roaming\mozilla\Firefox\Profiles\e9byicni.default\extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d} [2011/02/09 03:15:00 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\mozilla firefox\extensions [2010/08/21 17:13:46 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA} [2011/02/09 03:15:00 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA} [2011/02/10 18:21:06 | 000,000,000 | ---D | M] (McAfee SiteAdvisor) -- C:\PROGRAM FILES\MCAFEE\SITEADVISOR [2010/05/16 21:00:44 | 000,000,000 | ---D | M] (RealPlayer Browser Record Plugin) -- C:\PROGRAMDATA\REAL\REALPLAYER\BROWSERRECORDPLUGIN\FIREFOX\EXT [2011/02/09 03:14:52 | 000,472,808 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\mozilla firefox\plugins\npdeployJava1.dll [2011/02/09 04:49:48 | 000,001,392 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\amazondotcom-de.xml [2011/02/09 04:49:48 | 000,002,344 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\eBay-de.xml [2011/02/09 04:49:48 | 000,006,805 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\leo_ende_de.xml [2011/02/09 00:29:06 | 000,002,027 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\McSiteAdvisor.xml [2011/02/09 04:49:48 | 000,001,178 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\wikipedia-de.xml [2011/02/09 04:49:48 | 000,001,105 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\yahoo-de.xml O1 HOSTS File: ([2009/06/10 22:39:37 | 000,000,824 | ---- | M]) - C:\Windows\System32\drivers\etc\hosts O2 - BHO: (ToggleEN Toolbar) - {038cb5c7-48ea-4af9-94e0-a1646542e62b} - C:\Program Files\ToggleEN\tbTogg.dll (Conduit Ltd.) O2 - BHO: (RealPlayer Download and Record Plugin for Internet Explorer) - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\IE\rpbrowserrecordplugin.dll (RealPlayer) O2 - BHO: (AVG Safe Search) - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files\AVG\AVG9\avgssie.dll (AVG Technologies CZ, s.r.o.) O2 - BHO: (Google Toolbar Helper) - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.) O2 - BHO: (Google Toolbar Notifier BHO) - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.6.5805.1910\swg.dll (Google Inc.) O2 - BHO: (McAfee SiteAdvisor BHO) - {B164E929-A1B6-4A06-B104-2CD0E90A88FF} - c:\PROGRA~1\mcafee\SITEAD~1\mcieplg.dll (McAfee, Inc.) O3 - HKLM\..\Toolbar: (ToggleEN Toolbar) - {038cb5c7-48ea-4af9-94e0-a1646542e62b} - C:\Program Files\ToggleEN\tbTogg.dll (Conduit Ltd.) O3 - HKLM\..\Toolbar: (McAfee SiteAdvisor Toolbar) - {0EBBBE48-BAD4-4B4C-8E5A-516ABECAE064} - c:\PROGRA~1\mcafee\SITEAD~1\mcieplg.dll (McAfee, Inc.) O3 - HKLM\..\Toolbar: (Google Toolbar) - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.) O3 - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found. O3 - HKCU\..\Toolbar\WebBrowser: (ToggleEN Toolbar) - {038CB5C7-48EA-4AF9-94E0-A1646542E62B} - C:\Program Files\ToggleEN\tbTogg.dll (Conduit Ltd.) O3 - HKCU\..\Toolbar\WebBrowser: (Google Toolbar) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.) O4 - HKLM..\Run: [Adobe Reader Speed Launcher] C:\Program Files\Adobe\Reader 10.0\Reader\Reader_sl.exe (Adobe Systems Incorporated) O4 - HKLM..\Run: [AVG9_TRAY] C:\PROGRA~1\AVG\AVG9\avgtray.exe (AVG Technologies CZ, s.r.o.) O4 - HKLM..\Run: [Fujitsu OSD Utility] C:\PROGRA~1\FUJITS~2\OSDUTI~1.EXE (Fujitsu Technology Solutions) O4 - HKLM..\Run: [Launch Manager] C:\PROGRA~1\FUJITS~1\LAUNCH~1.EXE (Fujitsu Technology Solutions) O4 - HKLM..\Run: [PDFPrint] C:\Program Files\pdf24\pdf24.exe (Geek Software GmbH) O4 - HKLM..\Run: [RtHDVCpl] C:\Program Files\Realtek\Audio\HDA\RtHDVCpl.exe (Realtek Semiconductor) O4 - HKLM..\Run: [TkBellExe] C:\Program Files\Common Files\Real\Update_OB\realsched.exe (RealNetworks, Inc.) O4 - HKLM..\Run: [UCam_Menu] C:\Program Files\CyberLink\YouCam\MUITransfer\MUIStartMenu.exe (CyberLink Corp.) O4 - HKLM..\Run: [YouCam Mirror Tray icon] C:\Program Files\CyberLink\YouCam\YouCamTray.exe (CyberLink Corp.) O4 - HKCU..\Run: [SUPERAntiSpyware] C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe (SUPERAntiSpyware.com) O4 - HKCU..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe (Google Inc.) O4 - Startup: C:\Users\Ellen\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\LaunchCenter.lnk = C:\Program Files\Fujitsu\LaunchCenter\LaunchCenter.exe (Fujitsu Technology Solutions) O4 - Startup: C:\Users\Ellen\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OpenOffice.org 3.3.lnk = C:\Program Files\OpenOffice.org 3\program\quickstart.exe () O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3 O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145 O8 - Extra context menu item: Google Sidewiki... - C:\Program Files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_E11712C84EA7E12B.dll (Google Inc.) O13 - gopher Prefix: missing O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab (Java Plug-in 1.6.0_22) O16 - DPF: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab (Java Plug-in 1.6.0_22) O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab (Java Plug-in 1.6.0_22) O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.2.1 O18 - Protocol\Handler\dssrequest {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\PROGRA~1\mcafee\SITEAD~1\mcieplg.dll (McAfee, Inc.) O18 - Protocol\Handler\linkscanner {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG9\avgpp.dll (AVG Technologies CZ, s.r.o.) O18 - Protocol\Handler\mso-offdap11 {32505114-5902-49B2-880A-1F7738E5A384} - C:\PROGRA~1\COMMON~1\MICROS~1\WEBCOM~1\11\OWC11.DLL (Microsoft Corporation) O18 - Protocol\Handler\sacore {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\PROGRA~1\mcafee\SITEAD~1\mcieplg.dll (McAfee, Inc.) O20 - AppInit_DLLs: (avgrsstx.dll) - C:\Windows\System32\avgrsstx.dll (AVG Technologies CZ, s.r.o.) O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation) O20 - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\Windows\System32\SystemPropertiesPerformance.exe (Microsoft Corporation) O20 - HKLM Winlogon: VMApplet - (/pagefile) - File not found O20 - Winlogon\Notify\igfxcui: DllName - igfxdev.dll - C:\Windows\System32\igfxdev.dll (Intel Corporation) O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - CLSID or File not found. O30 - LSA: Security Packages - (pku2u) - C:\Windows\System32\pku2u.dll (Microsoft Corporation) O32 - HKLM CDRom: AutoRun - 1 O32 - AutoRun File - [2009/06/10 22:42:20 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ] O33 - MountPoints2\{00e239e0-56c5-11df-b1d4-00269e708f36}\Shell - "" = AutoRun O33 - MountPoints2\{00e239e0-56c5-11df-b1d4-00269e708f36}\Shell\AutoRun\command - "" = F:\LaunchU3.exe -a O34 - HKLM BootExecute: (autocheck autochk *) - File not found O35 - HKLM\..comfile [open] -- "%1" %* O35 - HKLM\..exefile [open] -- "%1" %* O37 - HKLM\...com [@ = comfile] -- "%1" %* O37 - HKLM\...exe [@ = exefile] -- "%1" %* ========== Files/Folders - Created Within 30 Days ========== [2011/02/10 20:01:34 | 000,602,624 | ---- | C] (OldTimer Tools) -- C:\Users\Ellen\Desktop\OTL.exe [2011/02/10 19:01:09 | 000,000,000 | ---D | C] -- C:\Users\Ellen\AppData\Roaming\SUPERAntiSpyware.com [2011/02/10 19:01:09 | 000,000,000 | ---D | C] -- C:\ProgramData\SUPERAntiSpyware.com [2011/02/10 19:01:06 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\SUPERAntiSpyware [2011/02/10 19:01:04 | 000,000,000 | ---D | C] -- C:\Program Files\SUPERAntiSpyware [2011/02/09 21:44:42 | 000,000,000 | ---D | C] -- C:\Intel [2011/02/09 21:44:31 | 000,948,760 | ---- | C] (Intel Corporation) -- C:\Windows\System32\igxpun.exe [2011/02/09 21:44:31 | 000,000,000 | ---D | C] -- C:\Windows\System32\x64 [2011/02/09 19:37:18 | 000,000,000 | ---D | C] -- C:\ProgramData\VirtualizedApplications [2011/02/09 18:23:00 | 000,000,000 | -H-D | C] -- C:\$AVG [2011/02/09 04:58:20 | 002,329,088 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\win32k.sys [2011/02/09 04:58:18 | 000,716,800 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\jscript.dll [2011/02/09 04:58:18 | 000,428,032 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\vbscript.dll [2011/02/09 04:58:14 | 000,606,208 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mstime.dll [2011/02/09 04:58:14 | 000,599,040 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msfeeds.dll [2011/02/09 04:58:14 | 000,381,440 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\iedkcs32.dll [2011/02/09 04:58:14 | 000,185,856 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\iepeers.dll [2011/02/09 04:58:13 | 001,638,912 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mshtml.tlb [2011/02/09 04:58:13 | 000,386,048 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\html.iec [2011/02/09 04:58:13 | 000,064,512 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msfeedsbs.dll [2011/02/09 04:58:13 | 000,044,544 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\licmgr10.dll [2011/02/09 04:58:13 | 000,012,800 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msfeedssync.exe [2011/02/09 04:58:06 | 000,294,400 | ---- | C] (Adobe Systems Incorporated) -- C:\Windows\System32\atmfd.dll [2011/02/09 04:58:06 | 000,034,304 | ---- | C] (Adobe Systems) -- C:\Windows\System32\atmlib.dll [2011/02/09 04:58:05 | 003,957,120 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ntkrnlpa.exe [2011/02/09 04:58:05 | 003,901,824 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ntoskrnl.exe [2011/02/09 04:58:04 | 001,170,944 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\d3d10warp.dll [2011/02/09 04:58:04 | 001,074,176 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\DWrite.dll [2011/02/09 04:58:04 | 000,739,840 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\d2d1.dll [2011/02/09 04:58:03 | 003,181,568 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mf.dll [2011/02/09 04:58:03 | 001,619,456 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\WMVDECOD.DLL [2011/02/09 04:58:03 | 001,495,040 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ExplorerFrame.dll [2011/02/09 04:58:03 | 000,801,792 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\FntCache.dll [2011/02/09 04:58:03 | 000,442,880 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\XpsPrint.dll [2011/02/09 04:58:03 | 000,283,648 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\XpsGdiConverter.dll [2011/02/09 04:58:03 | 000,218,624 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\d3d10_1core.dll [2011/02/09 04:58:03 | 000,196,608 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mfreadwrite.dll [2011/02/09 04:58:02 | 000,161,792 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\d3d10_1.dll [2011/02/09 04:58:02 | 000,135,168 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\XpsRasterService.dll [2011/02/09 04:57:59 | 000,204,288 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\upnp.dll [2011/02/09 04:57:58 | 000,080,384 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\davclnt.dll [2011/02/09 04:57:57 | 000,051,200 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\wscapi.dll [2011/02/09 04:57:57 | 000,014,336 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\slwga.dll [2011/02/09 04:57:56 | 000,219,008 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\drivers\dxgmms1.sys [2011/02/09 04:57:56 | 000,107,520 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\cdd.dll [2011/02/09 04:15:05 | 000,000,000 | RH-D | C] -- C:\MSOCache [2011/02/09 04:09:45 | 000,000,000 | ---D | C] -- C:\Users\Ellen\AppData\Local\SoftGrid Client [2011/02/09 04:09:20 | 000,000,000 | ---D | C] -- C:\Users\Ellen\AppData\Roaming\SoftGrid Client [2011/02/09 04:08:54 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Office Home and Student (Deutsch) [2011/02/09 04:07:42 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\DESIGNER [2011/02/09 04:07:41 | 000,000,000 | ---D | C] -- C:\Program Files\Microsoft Application Virtualization Client [2011/02/09 04:06:22 | 000,000,000 | ---D | C] -- C:\Users\Ellen\AppData\Roaming\TP [2011/02/09 03:24:24 | 000,000,000 | ---D | C] -- C:\Program Files\MSECache [2011/02/09 03:16:23 | 000,000,000 | --SD | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\OpenOffice.org 3.3 [2011/02/09 03:14:58 | 000,153,376 | ---- | C] (Sun Microsystems, Inc.) -- C:\Windows\System32\javaws.exe [2011/02/09 03:14:58 | 000,145,184 | ---- | C] (Sun Microsystems, Inc.) -- C:\Windows\System32\javaw.exe [2011/02/09 03:14:58 | 000,145,184 | ---- | C] (Sun Microsystems, Inc.) -- C:\Windows\System32\java.exe [2011/02/09 03:10:56 | 000,000,000 | ---D | C] -- C:\Users\Ellen\Desktop\OpenOffice.org 3.3 (de) Installation Files [2011/02/09 02:02:47 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\CCleaner [2011/02/09 00:51:02 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\BurnAware Free [2011/02/09 00:51:01 | 000,000,000 | ---D | C] -- C:\Program Files\BurnAware Free [2011/02/09 00:36:27 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Adobe [2011/02/09 00:36:27 | 000,000,000 | ---D | C] -- C:\Program Files\Adobe [2011/02/03 17:19:23 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\HD Tune [2011/02/03 17:19:23 | 000,000,000 | ---D | C] -- C:\Program Files\HD Tune [2011/02/03 17:13:43 | 000,000,000 | ---D | C] -- C:\Users\Ellen\AppData\Roaming\XnView [2011/02/03 17:13:33 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\XnView [2011/02/03 17:13:32 | 000,000,000 | ---D | C] -- C:\Program Files\XnView [2011/02/03 17:04:44 | 000,000,000 | ---D | C] -- C:\Users\Ellen\Documents\gegl-0.0 [2011/02/03 17:04:44 | 000,000,000 | ---D | C] -- C:\Users\Ellen\.gimp-2.6 [2011/02/03 16:37:52 | 000,000,000 | ---D | C] -- C:\Users\Ellen\AppData\Roaming\Malwarebytes [2011/02/03 16:37:46 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes [2011/02/03 16:06:38 | 000,000,000 | ---D | C] -- C:\Users\Ellen\AppData\Roaming\Apple Computer [2011/02/03 15:25:29 | 000,109,056 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\t2embed.dll [2011/02/03 15:25:27 | 000,002,048 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\tzres.dll [2011/02/03 15:25:21 | 000,641,536 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\CPFilters.dll [2011/02/03 15:25:21 | 000,417,792 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msdri.dll [2011/02/03 15:25:21 | 000,204,288 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\MSNP.ax [2011/02/03 15:25:21 | 000,199,680 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mpg2splt.ax [2011/02/03 15:25:14 | 000,176,640 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ieui.dll [2011/02/03 15:25:14 | 000,048,128 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\jsproxy.dll [2011/02/03 15:25:12 | 000,496,128 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\taskschd.dll [2011/02/03 15:25:12 | 000,351,232 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\wmicmiplugin.dll [2011/02/03 15:25:12 | 000,305,152 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\taskcomp.dll [2011/02/03 15:25:12 | 000,179,712 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\schtasks.exe [2011/02/03 15:25:11 | 000,954,752 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mfc40.dll [2011/02/03 15:25:11 | 000,954,288 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mfc40u.dll [2011/02/03 15:25:09 | 000,573,440 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\odbc32.dll [2011/02/03 15:24:55 | 012,625,408 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\wmploc.DLL [2011/02/03 15:24:53 | 000,026,504 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\drivers\Diskdump.sys [2011/02/03 15:24:19 | 000,314,368 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\webio.dll [2011/02/03 15:24:11 | 000,101,760 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\consent.exe [2011/02/03 15:17:19 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\QuickTime [2011/02/03 15:17:07 | 000,738,816 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\wmpmde.dll [2011/02/03 15:17:03 | 000,000,000 | ---D | C] -- C:\Program Files\QuickTime [2011/02/03 15:17:03 | 000,000,000 | ---D | C] -- C:\ProgramData\Apple Computer [2011/02/03 15:13:10 | 000,363,520 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\StructuredQuery.dll [2011/02/03 15:09:05 | 000,190,976 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\drivers\ks.sys [2010/08/25 18:59:08 | 000,004,096 | ---- | C] ( ) -- C:\Windows\System32\IGFXDEVLib.dll ========== Files - Modified Within 30 Days ========== [2011/02/10 20:01:35 | 000,602,624 | ---- | M] (OldTimer Tools) -- C:\Users\Ellen\Desktop\OTL.exe [2011/02/10 19:57:17 | 000,009,696 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0 [2011/02/10 19:57:17 | 000,009,696 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0 [2011/02/10 19:52:00 | 000,001,096 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job [2011/02/10 19:50:38 | 000,001,221 | ---- | M] () -- C:\Users\Ellen\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\LaunchCenter.lnk [2011/02/10 19:50:18 | 000,001,092 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job [2011/02/10 19:49:47 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat [2011/02/10 19:49:42 | 2287,427,584 | -HS- | M] () -- C:\hiberfil.sys [2011/02/10 19:01:06 | 000,001,967 | ---- | M] () -- C:\Users\Public\Desktop\SUPERAntiSpyware Free Edition.lnk [2011/02/10 18:22:18 | 000,001,584 | ---- | M] () -- C:\Users\Ellen\Desktop\bericht avg trojaner.csv [2011/02/10 18:20:26 | 071,020,990 | ---- | M] () -- C:\Windows\System32\drivers\Avg\incavi.avm [2011/02/10 18:15:48 | 000,435,376 | ---- | M] () -- C:\Windows\System32\FNTCACHE.DAT [2011/02/09 20:34:50 | 000,007,332 | ---- | M] () -- C:\Users\Ellen\Desktop\hijackthis-nochmal [2011/02/09 20:33:02 | 000,007,421 | ---- | M] () -- C:\Users\Ellen\Desktop\hijackthis_ganzneu [2011/02/09 04:08:02 | 000,689,770 | ---- | M] () -- C:\Windows\System32\perfh00C.dat [2011/02/09 04:08:02 | 000,688,776 | ---- | M] () -- C:\Windows\System32\perfh00A.dat [2011/02/09 04:08:02 | 000,686,352 | ---- | M] () -- C:\Windows\System32\perfh013.dat [2011/02/09 04:08:02 | 000,684,694 | ---- | M] () -- C:\Windows\System32\perfh010.dat [2011/02/09 04:08:02 | 000,649,148 | ---- | M] () -- C:\Windows\System32\perfh007.dat [2011/02/09 04:08:02 | 000,613,456 | ---- | M] () -- C:\Windows\System32\perfh01D.dat [2011/02/09 04:08:02 | 000,611,776 | ---- | M] () -- C:\Windows\System32\perfh009.dat [2011/02/09 04:08:02 | 000,457,802 | ---- | M] () -- C:\Windows\System32\perfh006.dat [2011/02/09 04:08:02 | 000,444,244 | ---- | M] () -- C:\Windows\System32\perfh014.dat [2011/02/09 04:08:02 | 000,428,932 | ---- | M] () -- C:\Windows\System32\perfh00B.dat [2011/02/09 04:08:02 | 000,136,316 | ---- | M] () -- C:\Windows\System32\perfc00A.dat [2011/02/09 04:08:02 | 000,132,116 | ---- | M] () -- C:\Windows\System32\perfc013.dat [2011/02/09 04:08:02 | 000,129,336 | ---- | M] () -- C:\Windows\System32\perfc00C.dat [2011/02/09 04:08:02 | 000,129,116 | ---- | M] () -- C:\Windows\System32\perfc007.dat [2011/02/09 04:08:02 | 000,126,296 | ---- | M] () -- C:\Windows\System32\perfc010.dat [2011/02/09 04:08:02 | 000,122,962 | ---- | M] () -- C:\Windows\System32\perfc01D.dat [2011/02/09 04:08:02 | 000,105,698 | ---- | M] () -- C:\Windows\System32\perfc009.dat [2011/02/09 04:08:02 | 000,081,124 | ---- | M] () -- C:\Windows\System32\perfc00B.dat [2011/02/09 04:08:02 | 000,079,016 | ---- | M] () -- C:\Windows\System32\perfc006.dat [2011/02/09 04:08:02 | 000,076,286 | ---- | M] () -- C:\Windows\System32\perfc014.dat [2011/02/09 03:17:24 | 000,001,199 | ---- | M] () -- C:\Users\Ellen\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OpenOffice.org 3.3.lnk [2011/02/09 03:16:23 | 000,001,082 | ---- | M] () -- C:\Users\Public\Desktop\OpenOffice.org 3.3.lnk [2011/02/09 03:14:52 | 000,472,808 | ---- | M] (Sun Microsystems, Inc.) -- C:\Windows\System32\deployJava1.dll [2011/02/09 03:14:52 | 000,153,376 | ---- | M] (Sun Microsystems, Inc.) -- C:\Windows\System32\javaws.exe [2011/02/09 03:14:52 | 000,145,184 | ---- | M] (Sun Microsystems, Inc.) -- C:\Windows\System32\javaw.exe [2011/02/09 03:14:52 | 000,145,184 | ---- | M] (Sun Microsystems, Inc.) -- C:\Windows\System32\java.exe [2011/02/09 02:02:47 | 000,000,971 | ---- | M] () -- C:\Users\Public\Desktop\CCleaner.lnk [2011/02/09 00:51:20 | 000,000,152 | ---- | M] () -- C:\Users\Ellen\AppData\Roaming\burnaware.ini [2011/02/09 00:51:02 | 000,001,018 | ---- | M] () -- C:\Users\Public\Desktop\BurnAware Free.lnk [2011/02/09 00:36:56 | 000,001,995 | ---- | M] () -- C:\Users\Public\Desktop\Adobe Reader X.lnk [2011/02/08 23:59:12 | 000,011,264 | ---- | M] () -- C:\Users\Ellen\Desktop\Microsoft Word-Dokument (neu).doc [2011/02/03 17:19:24 | 000,000,902 | ---- | M] () -- C:\Users\Ellen\Desktop\HD Tune.lnk [2011/02/03 17:13:48 | 000,000,895 | ---- | M] () -- C:\Users\Ellen\Desktop\XnView.lnk [2011/02/03 15:17:19 | 000,001,821 | ---- | M] () -- C:\Users\Public\Desktop\QuickTime Player.lnk [2011/02/03 06:45:07 | 000,219,008 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\drivers\dxgmms1.sys ========== Files Created - No Company Name ========== [2011/02/10 19:01:06 | 000,001,967 | ---- | C] () -- C:\Users\Public\Desktop\SUPERAntiSpyware Free Edition.lnk [2011/02/10 18:22:18 | 000,001,584 | ---- | C] () -- C:\Users\Ellen\Desktop\bericht avg trojaner.csv [2011/02/09 20:34:50 | 000,007,332 | ---- | C] () -- C:\Users\Ellen\Desktop\hijackthis-nochmal [2011/02/09 20:33:02 | 000,007,421 | ---- | C] () -- C:\Users\Ellen\Desktop\hijackthis_ganzneu [2011/02/09 03:25:04 | 000,002,567 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Office Excel Viewer.lnk [2011/02/09 03:17:24 | 000,001,199 | ---- | C] () -- C:\Users\Ellen\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OpenOffice.org 3.3.lnk [2011/02/09 03:16:23 | 000,001,082 | ---- | C] () -- C:\Users\Public\Desktop\OpenOffice.org 3.3.lnk [2011/02/09 02:02:47 | 000,000,971 | ---- | C] () -- C:\Users\Public\Desktop\CCleaner.lnk [2011/02/09 00:51:18 | 000,000,152 | ---- | C] () -- C:\Users\Ellen\AppData\Roaming\burnaware.ini [2011/02/09 00:51:02 | 000,001,018 | ---- | C] () -- C:\Users\Public\Desktop\BurnAware Free.lnk [2011/02/09 00:36:56 | 000,002,441 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Reader X.lnk [2011/02/09 00:36:56 | 000,001,995 | ---- | C] () -- C:\Users\Public\Desktop\Adobe Reader X.lnk [2011/02/08 23:59:12 | 000,011,264 | ---- | C] () -- C:\Users\Ellen\Desktop\Microsoft Word-Dokument (neu).doc [2011/02/03 17:19:24 | 000,000,902 | ---- | C] () -- C:\Users\Ellen\Desktop\HD Tune.lnk [2011/02/03 17:13:34 | 000,000,895 | ---- | C] () -- C:\Users\Ellen\Desktop\XnView.lnk [2011/02/03 15:17:19 | 000,001,821 | ---- | C] () -- C:\Users\Public\Desktop\QuickTime Player.lnk [2010/08/25 18:52:00 | 000,208,896 | ---- | C] () -- C:\Windows\System32\iglhsip32.dll [2010/08/25 18:52:00 | 000,143,360 | ---- | C] () -- C:\Windows\System32\iglhcp32.dll [2010/08/21 17:27:33 | 000,000,400 | ---- | C] () -- C:\Windows\ODBC.INI [2010/05/03 15:52:22 | 000,140,288 | ---- | C] () -- C:\Windows\System32\igfxtvcx.dll [2010/01/18 09:27:40 | 000,073,728 | ---- | C] () -- C:\Windows\System32\RtNicProp32.dll [2009/07/30 12:49:22 | 000,040,448 | ---- | C] () -- C:\Windows\REGOBJ.DLL [2009/07/14 01:55:09 | 000,585,216 | ---- | C] () -- C:\Windows\System32\hpotscld.dll [2009/07/14 00:51:43 | 000,073,728 | ---- | C] () -- C:\Windows\System32\BthpanContextHandler.dll [2009/07/14 00:42:10 | 000,064,000 | ---- | C] () -- C:\Windows\System32\BWContextHandler.dll [2003/02/20 16:53:42 | 000,005,702 | ---- | C] () -- C:\Windows\System32\OUTLPERF.INI < End of report > OTL Logfile: Code:
ATTFilter OTL Extras logfile created on: 2/10/2011 8:04:56 PM - Run 1
OTL by OldTimer - Version 3.2.20.6 Folder = C:\Users\Ellen\Desktop
Home Premium Edition (Version = 6.1.7600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.7600.16385)
Locale: 00000409 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
3.00 Gb Total Physical Memory | 2.00 Gb Available Physical Memory | 66.00% Memory free
6.00 Gb Paging File | 5.00 Gb Available in Paging File | 80.00% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 100.00 Gb Total Space | 60.23 Gb Free Space | 60.23% Space Free | Partition Type: NTFS
Drive D: | 363.75 Gb Total Space | 352.36 Gb Free Space | 96.87% Space Free | Partition Type: NTFS
Computer Name: PC01 | User Name: Ellen | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
========== Extra Registry (SafeList) ==========
========== File Associations ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- C:\Windows\System32\control.exe (Microsoft Corporation)
.hlp [@ = hlpfile] -- C:\Windows\winhlp32.exe (Microsoft Corporation)
[HKEY_CURRENT_USER\SOFTWARE\Classes\<extension>]
.html [@ = FirefoxHTML] -- C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation)
========== Shell Spawning ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
hlpfile [open] -- %SystemRoot%\winhlp32.exe %1 (Microsoft Corporation)
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [AddToPlaylistVLC] -- "C:\Program Files\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" ()
Directory [Browse with &IrfanView] -- "C:\Program Files\IrfanView\i_view32.exe" "%1 /thumbs" (Irfan Skiljan)
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [PlayWithVLC] -- "C:\Program Files\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" ()
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
========== Security Center Settings ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"VistaSp1" = Reg Error: Unknown registry data type -- File not found
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]
========== Firewall Settings ==========
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
========== Authorized Applications List ==========
========== HKEY_LOCAL_MACHINE Uninstall List ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{01FB4998-33C4-4431-85ED-079E3EEFE75D}" = CyberLink YouCam
"{18455581-E099-4BA8-BC6B-F34B2F06600C}" = Google Toolbar for Internet Explorer
"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
"{2318C2B1-4965-11d4-9B18-009027A5CD4F}" = Google Toolbar for Internet Explorer
"{26A24AE4-039D-4CA4-87B4-2F83216022FF}" = Java(TM) 6 Update 22
"{35ED3F83-4BDC-4c44-8EC6-6A8301C7413A}" = McAfee SiteAdvisor
"{3C3901C5-3455-3E0A-A214-0B093A5070A6}" = Microsoft .NET Framework 4 Client Profile
"{4286716B-1287-48E7-9078-3DC8248DBA96}" = OpenOffice.org 3.3
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{50A0893D-47D8-48E0-A7E8-44BCD7E4422E}" = Microsoft SQL Server Native Client
"{53F5C3EE-05ED-4830-994B-50B2F0D50FCE}" = Microsoft SQL Server Setup Support Files (English)
"{57752979-A1C9-4C02-856B-FBB27AC4E02C}" = QuickTime
"{6956856F-B6B3-4BE0-BA0B-8F495BE32033}" = Apple Software Update
"{6EB4FCC1-B3B7-4599-8921-905D095A49FA}" = Fujitsu Launch Manager
"{81A6F461-0DBA-4F12-B56F-0E977EC10576}_is1" = PDF24 Creator
"{837b34e3-7c30-493c-8f6a-2b0f04e2912c}" = Microsoft Visual C++ 2005 Redistributable
"{90140000-006D-0407-0000-0000000FF1CE}" = Microsoft Office Klick-und-Los 2010
"{90140011-0061-0407-0000-0000000FF1CE}" = Microsoft Office Home and Student 2010 - Deutsch
"{91CA0407-6000-11D3-8CFE-0150048383C9}" = Microsoft Office Small Business Edition 2003
"{95120000-003F-0407-0000-0000000FF1CE}" = Microsoft Office Excel Viewer
"{96AE7E41-E34E-47D0-AC07-1091A8127911}" = Realtek USB 2.0 Card Reader
"{97C82B44-D408-4F14-9252-47FC1636D23E}_is1" = IZArc 4.1
"{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper
"{AC76BA86-7AD7-1031-7B44-AA0000000001}" = Adobe Reader X (10.0.1) - Deutsch
"{CDDCBBF1-2703-46BC-938B-BCC81A1EEAAA}" = SUPERAntiSpyware
"{E6B28CE4-9D73-4B7D-9329-A0ED4855D686}" = Fujitsu OSD Utility
"{EE6097DD-05F4-4178-9719-D3170BF098E8}" = Apple Application Support
"{EF59DB7F-7426-426E-B862-7031F83ED304}" = SystemDiagnostics
"{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver
"{F4F4F84E-804F-4E9A-84D7-C34283F0088F}" = RealUpgrade 1.0
"Adobe Flash Player Plugin" = Adobe Flash Player 10 Plugin
"Adobe Shockwave Player" = Adobe Shockwave Player 11.5
"AVG9Uninstall" = AVG Free 9.0
"BurnAware Free_is1" = BurnAware Free 3.1.3
"CCleaner" = CCleaner
"HD Tune_is1" = HD Tune 2.55
"HDMI" = Intel(R) Graphics Media Accelerator Driver
"InstallShield_{01FB4998-33C4-4431-85ED-079E3EEFE75D}" = CyberLink YouCam
"InstallShield_{6EB4FCC1-B3B7-4599-8921-905D095A49FA}" = Fujitsu Launch Manager
"InstallShield_{E6B28CE4-9D73-4B7D-9329-A0ED4855D686}" = Fujitsu OSD Utility
"IrfanView" = IrfanView (remove only)
"Mediscript-CD GK1" = Mediscript-CD GK1
"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile
"Mozilla Firefox (3.6.13)" = Mozilla Firefox (3.6.13)
"Office14.Click2Run" = Microsoft Office Klick-und-Los 2010
"RealAlt_is1" = Real Alternative 2.0.2
"RealPlayer 12.0" = RealPlayer
"ToggleEN Toolbar" = ToggleEN Toolbar
"TVWiz" = Intel(R) TV Wizard
"VLC media player" = VLC media player 1.0.5
"XnView_is1" = XnView 1.97.8
========== HKEY_CURRENT_USER Uninstall List ==========
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
========== Last 10 Event Log Errors ==========
[ Application Events ]
Error - 8/21/2010 12:14:00 PM | Computer Name = PC01 | Source = Microsoft-Windows-CAPI2 | ID = 4107
Description = Fehler beim Extrahieren der Drittanbieterstammliste aus der automatischen
Aktualisierungs-CAB-Datei bei <hxxp://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cab>.
Fehler: Ein erforderliches Zertifikat befindet sich nicht im Gültigkeitszeitraum
gemessen an der aktuellen Systemzeit oder dem Zeitstempel in der signierten Datei.
.
Error - 8/21/2010 12:15:25 PM | Computer Name = PC01 | Source = Microsoft-Windows-CAPI2 | ID = 4107
Description = Fehler beim Extrahieren der Drittanbieterstammliste aus der automatischen
Aktualisierungs-CAB-Datei bei <hxxp://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cab>.
Fehler: Ein erforderliches Zertifikat befindet sich nicht im Gültigkeitszeitraum
gemessen an der aktuellen Systemzeit oder dem Zeitstempel in der signierten Datei.
.
Error - 8/21/2010 5:18:01 PM | Computer Name = PC01 | Source = MsiInstaller | ID = 11500
Description =
Error - 8/22/2010 5:21:19 PM | Computer Name = PC01 | Source = Application Error | ID = 1000
Description = Name der fehlerhaften Anwendung: RealPlay.exe, Version: 12.0.0.756,
Zeitstempel: 0x4bd8c322 Name des fehlerhaften Moduls: hxxml.dll, Version: 0.0.0.0,
Zeitstempel: 0x4b99d92d Ausnahmecode: 0xc0000005 Fehleroffset: 0x00008016 ID des fehlerhaften
Prozesses: 0x420 Startzeit der fehlerhaften Anwendung: 0x01cb423feef900c6 Pfad der
fehlerhaften Anwendung: C:\Program Files\Real\RealPlayer\RealPlay.exe Pfad des fehlerhaften
Moduls: C:\Program Files\Common Files\Real\Plugins\hxxml.dll Berichtskennung: 34017609-ae33-11df-a2c3-00269e708f36
Error - 10/18/2010 12:22:09 PM | Computer Name = PC01 | Source = VSS | ID = 8194
Description =
Error - 2/3/2011 10:06:42 AM | Computer Name = PC01 | Source = VSS | ID = 8194
Description =
Error - 2/3/2011 10:12:36 AM | Computer Name = PC01 | Source = MsiInstaller | ID = 11500
Description =
Error - 2/3/2011 11:03:53 AM | Computer Name = PC01 | Source = MsiInstaller | ID = 1013
Description =
Error - 2/3/2011 12:06:02 PM | Computer Name = PC01 | Source = Application Hang | ID = 1002
Description = Programm gimp-2.6.exe, Version 0.0.0.0 kann nicht mehr unter Windows
ausgeführt werden und wurde beendet. Überprüfen Sie den Problemverlauf in der Wartungscenter-Systemsteuerung,
um nach weiteren Informationen zum Problem zu suchen. Prozess-ID: b78 Startzeit:
01cbc3bc10325248 Endzeit: 0 Anwendungspfad: C:\Program Files\GIMP-2.0\bin\gimp-2.6.exe
Berichts-ID:
72c692c9-2faf-11e0-8f2c-00269e708f36
Error - 2/3/2011 12:06:44 PM | Computer Name = PC01 | Source = Application Hang | ID = 1002
Description = Programm gimp-2.6.exe, Version 0.0.0.0 kann nicht mehr unter Windows
ausgeführt werden und wurde beendet. Überprüfen Sie den Problemverlauf in der Wartungscenter-Systemsteuerung,
um nach weiteren Informationen zum Problem zu suchen. Prozess-ID: 1090 Startzeit:
01cbc3bc41f61703 Endzeit: 16 Anwendungspfad: C:\Program Files\GIMP-2.0\bin\gimp-2.6.exe
Berichts-ID:
942ce1a1-2faf-11e0-8f2c-00269e708f36
[ System Events ]
Error - 5/16/2010 3:39:34 PM | Computer Name = PC01 | Source = Disk | ID = 262155
Description = Der Treiber hat einen Controllerfehler auf \Device\Harddisk1\DR1 gefunden.
Error - 5/16/2010 3:39:35 PM | Computer Name = PC01 | Source = Disk | ID = 262155
Description = Der Treiber hat einen Controllerfehler auf \Device\Harddisk1\DR1 gefunden.
Error - 5/16/2010 3:39:35 PM | Computer Name = PC01 | Source = Disk | ID = 262155
Description = Der Treiber hat einen Controllerfehler auf \Device\Harddisk1\DR1 gefunden.
Error - 5/16/2010 3:39:36 PM | Computer Name = PC01 | Source = Disk | ID = 262155
Description = Der Treiber hat einen Controllerfehler auf \Device\Harddisk1\DR1 gefunden.
Error - 5/16/2010 3:39:36 PM | Computer Name = PC01 | Source = Disk | ID = 262155
Description = Der Treiber hat einen Controllerfehler auf \Device\Harddisk1\DR1 gefunden.
Error - 8/21/2010 12:27:34 PM | Computer Name = PC01 | Source = Service Control Manager | ID = 7030
Description = Der Dienst "Machine Debug Manager" ist als interaktiver Dienst gekennzeichnet.
Das System wurde jedoch so konfiguriert, dass interaktive Dienste nicht möglich
sind. Der Dienst wird möglicherweise nicht richtig funktionieren.
Error - 8/22/2010 2:48:48 PM | Computer Name = PC01 | Source = Disk | ID = 262155
Description = Der Treiber hat einen Controllerfehler auf \Device\Harddisk1\DR1 gefunden.
Error - 8/22/2010 2:48:49 PM | Computer Name = PC01 | Source = Disk | ID = 262155
Description = Der Treiber hat einen Controllerfehler auf \Device\Harddisk1\DR1 gefunden.
Error - 8/22/2010 2:48:50 PM | Computer Name = PC01 | Source = Disk | ID = 262155
Description = Der Treiber hat einen Controllerfehler auf \Device\Harddisk1\DR1 gefunden.
Error - 8/22/2010 2:48:50 PM | Computer Name = PC01 | Source = Disk | ID = 262155
Description = Der Treiber hat einen Controllerfehler auf \Device\Harddisk1\DR1 gefunden.
< End of report >
Vielen Dank! Viele Grüße Shelley |
|
10.02.2011, 20:25
| #7 |
| /// Winkelfunktion /// TB-Süch-Tiger™ | HijackThis erkennt weder Virenschutzprogramm noch Firewall SASW hab ich nicht geschrieben. Ich wollte Logs von Malwarebytes sehen.
__________________ Logfiles bitte immer in CODE-Tags posten |
|
10.02.2011, 20:38
| #8 |
| | HijackThis erkennt weder Virenschutzprogramm noch Firewall Hallo Arne, sorry, ich habe sie schon gelöscht. Gestern hat Malewarebytes nichts gefunden. Leider hat der Maleware-Scan sehr lange gedauert, so dass ich das wahrscheinlich heute nicht mehr schaffe zu wiederholen. Grüße, Shelley |
|
10.02.2011, 21:41
| #9 |
| /// Winkelfunktion /// TB-Süch-Tiger™ | HijackThis erkennt weder Virenschutzprogramm noch Firewall Du hast auch sicher Vollscans gemacht? Warum deinstallierst du voreilig Programme wenn wir noch mitten in der Analyse sind? 
__________________ Logfiles bitte immer in CODE-Tags posten |
|
10.02.2011, 22:10
| #10 |
| | HijackThis erkennt weder Virenschutzprogramm noch Firewall Ja, das war voreilig, sorry  Ich habe bei AVG Free, Malewarebytes Free und SUPERAntiSpyware Free immer Vollscans gemacht (DVD-Laufwerk und digitale Festplatte habe ich nicht mitgescannt, hatte sie aber auch nicht in Gebrauch in den letzten Tagen). Ich habe die alte Datei von gestern aber doch noch gefunden (nach der Neuinstallation war sie wieder da): Malwarebytes' Anti-Malware 1.50.1.1100 www.malwarebytes.org Datenbank Version: 5721 Windows 6.1.7600 Internet Explorer 8.0.7600.16385 09.02.2011 20:10:37 mbam-log-2011-02-09 (20-10-37).txt Art des Suchlaufs: Vollständiger Suchlauf (C:\|D:\|) Durchsuchte Objekte: 333696 Laufzeit: 1 Stunde(n), 15 Minute(n), 59 Sekunde(n) Infizierte Speicherprozesse: 0 Infizierte Speichermodule: 0 Infizierte Registrierungsschlüssel: 0 Infizierte Registrierungswerte: 0 Infizierte Dateiobjekte der Registrierung: 0 Infizierte Verzeichnisse: 0 Infizierte Dateien: 0 Infizierte Speicherprozesse: (Keine bösartigen Objekte gefunden) Infizierte Speichermodule: (Keine bösartigen Objekte gefunden) Infizierte Registrierungsschlüssel: (Keine bösartigen Objekte gefunden) Infizierte Registrierungswerte: (Keine bösartigen Objekte gefunden) Infizierte Dateiobjekte der Registrierung: (Keine bösartigen Objekte gefunden) Infizierte Verzeichnisse: (Keine bösartigen Objekte gefunden) Infizierte Dateien: (Keine bösartigen Objekte gefunden) Ich hatte heute Abend doch noch Zeit und habe den neuen Vollscan machen können. Hier ist die Datei: Malwarebytes' Anti-Malware 1.50.1.1100 www.malwarebytes.org Datenbank Version: 5735 Windows 6.1.7600 Internet Explorer 8.0.7600.16385 10.02.2011 22:03:55 mbam-log-2011-02-10 (22-03-55).txt Art des Suchlaufs: Vollständiger Suchlauf (C:\|D:\|) Durchsuchte Objekte: 332954 Laufzeit: 1 Stunde(n), 15 Minute(n), 42 Sekunde(n) Infizierte Speicherprozesse: 0 Infizierte Speichermodule: 0 Infizierte Registrierungsschlüssel: 0 Infizierte Registrierungswerte: 0 Infizierte Dateiobjekte der Registrierung: 0 Infizierte Verzeichnisse: 0 Infizierte Dateien: 0 Infizierte Speicherprozesse: (Keine bösartigen Objekte gefunden) Infizierte Speichermodule: (Keine bösartigen Objekte gefunden) Infizierte Registrierungsschlüssel: (Keine bösartigen Objekte gefunden) Infizierte Registrierungswerte: (Keine bösartigen Objekte gefunden) Infizierte Dateiobjekte der Registrierung: (Keine bösartigen Objekte gefunden) Infizierte Verzeichnisse: (Keine bösartigen Objekte gefunden) Infizierte Dateien: (Keine bösartigen Objekte gefunden) Vielen Dank für Deine Mühe  Grüße, Shelley Geändert von Shelley (10.02.2011 um 22:16 Uhr) |
|
11.02.2011, 09:11
| #11 |
| /// Winkelfunktion /// TB-Süch-Tiger™ | HijackThis erkennt weder Virenschutzprogramm noch Firewall Die Logs sind unauffällig. Was ist genau noch an Problemen offen? 
__________________ Logfiles bitte immer in CODE-Tags posten |
|
11.02.2011, 13:40
| #12 |
| | HijackThis erkennt weder Virenschutzprogramm noch Firewall Hallo Arne, vielen Dank für Deine Hilfe! Jetzt bin ich beruhigt! Vielen Dank und schönes Wochenende! Beste Grüße Shelley |
|
| Themen zu HijackThis erkennt weder Virenschutzprogramm noch Firewall |
| adobe, avg, avg free, bho, excel, explorer, firefox, firewall, google, hijack, hijackthis, hijackthis log, internet, internet explorer, launch, log, micro, microsoft, mozilla, pdf, plug-in, programdata, realplayer, realtek, siteadvisor, software, trojaner, windows, windows firewall |
Linear-Darstellung
