| |
| |||||||
Log-Analyse und Auswertung: Win 7 Security entfernen (log-files vorhanden)Windows 7 Wenn Du Dir einen Trojaner eingefangen hast oder ständig Viren Warnungen bekommst, kannst Du hier die Logs unserer Diagnose Tools zwecks Auswertung durch unsere Experten posten. Um Viren und Trojaner entfernen zu können, muss das infizierte System zuerst untersucht werden: Erste Schritte zur Hilfe. Beachte dass ein infiziertes System nicht vertrauenswürdig ist und bis zur vollständigen Entfernung der Malware nicht verwendet werden sollte.XML. |
 |
08.04.2011, 19:08
| #1 |
| |  Win 7 Security entfernen (log-files vorhanden) Hallo, ich habe mir bereits einige Threads zum Thema Win7 Security entfernen durhcgelesen. Ich habe HijackThis installiert und jeweils beide log files erstellt. Ausserdem noch mit CCleaner meine installierten Programme ausgegeben. Den empfohlenen Malware entferner habe ich bereits installiert. Hier meine log files: Code:
ATTFilter Logfile of Trend Micro HijackThis v2.0.2 Scan saved at 10:57:41, on 08.04.2011 Platform: Unknown Windows (WinNT 6.01.3504) MSIE: Internet Explorer v8.00 (8.00.7600.16722) Boot mode: Safe mode Running processes: C:\Windows\Explorer.EXE C:\Windows\system32\ctfmon.exe C:\Users\Hens\Desktop\HiJackThis.exe R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://go.microsoft.com/fwlink/?LinkId=54896 R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://go.microsoft.com/fwlink/?LinkId=69157 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://go.microsoft.com/fwlink/?LinkId=69157 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = hxxp://go.microsoft.com/fwlink/?LinkId=54896 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://go.microsoft.com/fwlink/?LinkId=54896 R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://go.microsoft.com/fwlink/?LinkId=69157 R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch = R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll O2 - BHO: IEVkbdBHO - {59273AB4-E7D3-40F9-A1A8-6FA9CCA1862C} - C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2010\ievkbd.dll O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - (no file) O2 - BHO: Windows Live Anmelde-Hilfsprogramm - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll O2 - BHO: URLRedirectionBHO - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\PROGRA~1\MICROS~2\Office14\URLREDIR.DLL O2 - BHO: Ask Toolbar BHO - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files\Ask.com\GenericAskToolbar.dll O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll O2 - BHO: link filter bho - {E33CF602-D945-461A-83F0-819F76A199F8} - C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2010\klwtbbho.dll O3 - Toolbar: Foxit Toolbar - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files\Ask.com\GenericAskToolbar.dll O4 - HKLM\..\Run: [AVP] "C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2010\avp.exe" O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe" O4 - HKLM\..\Run: [IndicatorUtility] C:\Program Files\Fujitsu\Fujitsu Hotkey Utility\IndicatorUty.exe O4 - HKLM\..\Run: [LoadFUJ02E3] C:\Program Files\Fujitsu\FUJ02E3\FUJ02E3.exe O4 - HKLM\..\Run: [LoadFujitsuQuickTouch] C:\Program Files\Fujitsu\Application Panel\QuickTouch.exe O4 - HKLM\..\Run: [LoadBtnHnd] C:\Program Files\Fujitsu\BtnHnd\BtnHnd.exe O4 - HKLM\..\Run: [TvOutSwitch] C:\Program Files\Fujitsu\DispSwitch\DispSwitchLauncher.exe O4 - HKLM\..\Run: [SSUtility] C:\Program Files\Fujitsu\SSUtility\FJSSDMN.exe O4 - HKLM\..\Run: [PSUtility] C:\Program Files\Fujitsu\PSUtility\TrayManager.exe O4 - HKLM\..\Run: [NeroFilterCheck] C:\Program Files\Common Files\Ahead\Lib\NeroCheck.exe O4 - HKLM\..\Run: [openvpn-gui] C:\Program Files\OpenVPN\bin\openvpn-gui.exe O4 - HKLM\..\Run: [SSBkgdUpdate] "C:\Program Files\Common Files\Scansoft Shared\SSBkgdUpdate\SSBkgdupdate.exe" -Embedding -boot O4 - HKLM\..\Run: [ScanSoft PDF Create! 4-reminder] "C:\Program Files\ScanSoft\PDF Create! 4\Ereg\Ereg.exe" -r "C:\ProgramData\ScanSoft\PDF Create\4\Ereg\Ereg.ini O4 - HKLM\..\Run: [LogitechQuickCamRibbon] "C:\Program Files\Logitech\Logitech WebCam Software\LWS.exe" /hide O4 - HKLM\..\Run: [BCSSync] "C:\Program Files\Microsoft Office\Office14\BCSSync.exe" /DelayServices O4 - HKLM\..\Run: [IgfxTray] C:\Windows\system32\igfxtray.exe O4 - HKLM\..\Run: [HotKeysCmds] C:\Windows\system32\hkcmd.exe O4 - HKLM\..\Run: [Persistence] C:\Windows\system32\igfxpers.exe O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Common Files\Java\Java Update\jusched.exe" O4 - HKLM\..\Run: [AdobeAAMUpdater-1.0] "C:\Program Files\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe" O4 - HKLM\..\Run: [SwitchBoard] C:\Program Files\Common Files\Adobe\SwitchBoard\SwitchBoard.exe O4 - HKLM\..\Run: [AdobeCS5ServiceManager] "C:\Program Files\Common Files\Adobe\CS5ServiceManager\CS5ServiceManager.exe" -launchedbylogin O4 - HKLM\..\Run: [USBToolTip] C:\PROGRA~1\Pinnacle\SHARED~1\Programs\USBTip\USBTip.exe O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe" O4 - HKLM\..\Run: [Adobe ARM] "C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" O4 - HKLM\..\RunOnce: [Malwarebytes' Anti-Malware] C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe /install /silent O4 - HKCU\..\Run: [Rainlendar2] C:\Program Files\Rainlendar2\Rainlendar2.exe O4 - HKCU\..\Run: [DAEMON Tools Lite] "C:\Program Files\DAEMON Tools Lite\DTLite.exe" -autorun O4 - HKCU\..\Run: [Sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun (User 'LOKALER DIENST') O4 - HKUS\S-1-5-19\..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (User 'LOKALER DIENST') O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun (User 'NETZWERKDIENST') O4 - HKUS\S-1-5-20\..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (User 'NETZWERKDIENST') O4 - Startup: Dropbox.lnk = Hens\AppData\Roaming\Dropbox\bin\Dropbox.exe O4 - Global Startup: Nach Updates suchen.lnk = C:\Program Files\Common Files\PCTV Systems\WebUpdater\WebUpdater.exe O8 - Extra context menu item: An OneNote s&enden - res://C:\PROGRA~1\MICROS~2\Office14\ONBttnIE.dll/105 O8 - Extra context menu item: Free YouTube Download - C:\Users\Hens\AppData\Roaming\DVDVideoSoftIEHelpers\freeyoutubedownload.htm O8 - Extra context menu item: Free YouTube to Mp3 Converter - C:\Users\Hens\AppData\Roaming\DVDVideoSoftIEHelpers\freeyoutubetomp3converter.htm O8 - Extra context menu item: Nach Microsoft &Excel exportieren - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000 O8 - Extra context menu item: Nach Microsoft E&xcel exportieren - res://C:\PROGRA~1\MICROS~2\Office14\EXCEL.EXE/3000 O9 - Extra button: An OneNote senden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files\Microsoft Office\Office14\ONBttnIE.dll O9 - Extra 'Tools' menuitem: An OneNote s&enden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files\Microsoft Office\Office14\ONBttnIE.dll O9 - Extra button: &Virtuelle Tastatur - {4248FE82-7FCB-46AC-B270-339F08212110} - C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2010\klwtbbho.dll O9 - Extra button: Verknüpfte &OneNote-Notizen - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Program Files\Microsoft Office\Office14\ONBttnIELinkedNotes.dll O9 - Extra 'Tools' menuitem: Verknüpfte &OneNote-Notizen - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Program Files\Microsoft Office\Office14\ONBttnIELinkedNotes.dll O9 - Extra button: Li&nks untersuchen - {CCF151D8-D089-449F-A5A4-D9909053F20F} - C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2010\klwtbbho.dll O9 - Extra button: PokerStars.net - {FA9B9510-9FCB-4ca0-818C-5D0987B47C4D} - C:\Program Files\PokerStars.NET\PokerStarsUpdate.exe O13 - Gopher Prefix: O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL O18 - Filter hijack: text/xml - {807573E5-5146-11D5-A672-00B0D022E945} - C:\Program Files\Common Files\Microsoft Shared\OFFICE14\MSOXMLMF.DLL O20 - AppInit_DLLs: C:\PROGRA~1\KASPER~1\KASPER~1\mzvkbd3.dll O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe O23 - Service: Kaspersky Anti-Virus (AVP) - Kaspersky Lab - C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2010\avp.exe O23 - Service: Bonjour-Dienst (Bonjour Service) - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe O23 - Service: DisplayLinkManager (DisplayLinkService) - DisplayLink Corp. - C:\Program Files\DisplayLink Core Software\DisplayLinkManager.exe O23 - Service: FLEXlm server for PTC - Macrovision Corporation - C:\Program Files\flexnet\i486_nt\obj\lmgrd.exe O23 - Service: HP Port Resolver - Hewlett-Packard Company - C:\WINDOWS\SYSTEM32\SPOOL\DRIVERS\W32X86\3\HPBPRO.EXE O23 - Service: HP Status Server - Hewlett-Packard Company - C:\WINDOWS\SYSTEM32\SPOOL\DRIVERS\W32X86\3\HPBOID.EXE O23 - Service: iPod-Dienst (iPod Service) - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe O23 - Service: KMService - Unknown owner - C:\Windows\system32\srvany.exe O23 - Service: Process Monitor (LVPrcSrv) - Logitech Inc. - C:\Program Files\Common Files\LogiShrd\LVMVFM\LVPrcSrv.exe O23 - Service: NBService - Nero AG - C:\Program Files\Nero\Nero 7\Nero BackItUp\NBService.exe O23 - Service: NMIndexingService - Nero AG - C:\Program Files\Common Files\Ahead\Lib\NMIndexingService.exe O23 - Service: OpenVPN Service (OpenVPNService) - Unknown owner - C:\Program Files\OpenVPN\bin\openvpnserv.exe O23 - Service: PowerSavingUtilityService - FUJITSU LIMITED - C:\Program Files\Fujitsu\PSUtility\PSUService.exe O23 - Service: Sentinel Protection Server (SentinelProtectionServer) - SafeNet, Inc - C:\Program Files\Common Files\SafeNet Sentinel\Sentinel Protection Server\WinNT\spnsrvnt.exe O23 - Service: SwitchBoard - Adobe Systems Incorporated - C:\Program Files\Common Files\Adobe\SwitchBoard\SwitchBoard.exe O23 - Service: WirelessSelectorService - Unknown owner - C:\Program Files\Fujitsu\WirelessSelector\WSUService.exe -- End of file - 10027 bytes Code:
ATTFilter
$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$
º º
hjtscanlist v2.0
º º
$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$
Microsoft Windows [Version 6.1.7600]
C:
C:\pagefile.sys ---------
C:\hiberfil.sys ---------
08.04.2011 10:53 C:\Windows --------- 28672
08.04.2011 10:37 C:\ProgramData --------- 12288
08.04.2011 10:37 C:\Program Files --------- 28672
08.04.2011 10:32 C:\System Volume Information --------- 20480
20.03.2011 22:18 C:\DVDVideoSoft --------- 0
17.12.2010 14:06 C:\flexlm --------- 0
21.11.2010 07:26 C:\PTC --------- 0
22.04.2010 03:17 C:\SmartDraw 2010 --------- 0
21.03.2010 16:38 C:\IO.SYS --------- 0
21.03.2010 16:38 C:\MSDOS.SYS --------- 0
14.03.2010 10:59 C:\timestmp.tmp --------- 4
12.03.2010 10:06 C:\ptcsetup.log --------- 797246
21.02.2010 15:27 C:\Intel --------- 0
21.02.2010 15:27 C:\fsc.tmp --------- 0
21.02.2010 15:22 C:\DeskUpdate.tmp --------- 0
19.02.2010 10:08 C:\$Recycle.Bin --------- 0
08.02.2010 08:33 C:\MSOCache --------- 0
08.02.2010 08:29 C:\Users --------- 4096
08.02.2010 08:29 C:\Recovery --------- 0
08.02.2010 08:29 C:\Programme --------- 0
08.02.2010 08:29 C:\Dokumente und Einstellungen --------- 0
08.02.2010 08:19 C:\BOOTSECT.BAK --------- 8192
08.02.2010 08:19 C:\Boot --------- 4096
13.07.2009 22:53 C:\Documents and Settings --------- 0
13.07.2009 20:37 C:\PerfLogs --------- 0
13.07.2009 19:38 C:\bootmgr --------- 383562
10.06.2009 15:42 C:\config.sys --------- 10
10.06.2009 15:42 C:\autoexec.bat --------- 24
----------------------------------------
C:\Windows
08.04.2011 10:57 C:\Windows\ntbtlog.txt --------- 1192722
08.04.2011 10:56 C:\Windows\bootstat.dat --------- 67584
08.04.2011 10:53 C:\Windows\setuperr.log --------- 0
08.04.2011 10:53 C:\Windows\setupact.log --------- 56
19.07.2010 13:44 C:\Windows\win.ini --------- 509
10.04.2010 01:03 C:\Windows\KMService.exe --------- 77824
08.02.2010 08:37 C:\Windows\ODBC.INI --------- 400
18.01.2010 05:42 C:\Windows\Irremote.ini --------- 34666
30.10.2009 23:45 C:\Windows\explorer.exe --------- 2614272
13.07.2009 22:41 C:\Windows\WindowsShell.Manifest --------- 749
13.07.2009 19:16 C:\Windows\twain_32.dll --------- 51200
13.07.2009 19:14 C:\Windows\write.exe --------- 9216
13.07.2009 19:14 C:\Windows\winhlp32.exe --------- 9728
13.07.2009 19:14 C:\Windows\twunk_32.exe --------- 31232
13.07.2009 19:14 C:\Windows\regedit.exe --------- 398336
13.07.2009 19:14 C:\Windows\notepad.exe --------- 179712
13.07.2009 19:14 C:\Windows\hh.exe --------- 15360
13.07.2009 19:14 C:\Windows\HelpPane.exe --------- 497152
13.07.2009 19:14 C:\Windows\fveupdate.exe --------- 13824
13.07.2009 19:14 C:\Windows\bfsvc.exe --------- 65024
13.07.2009 16:58 C:\Windows\mib.bin --------- 43131
10.06.2009 15:46 C:\Windows\system.ini --------- 219
10.06.2009 15:42 C:\Windows\_default.pif --------- 707
10.06.2009 15:42 C:\Windows\winhelp.exe --------- 256192
10.06.2009 15:41 C:\Windows\twunk_16.exe --------- 49680
10.06.2009 15:41 C:\Windows\twain.dll --------- 94784
10.06.2009 15:34 C:\Windows\WMSysPr9.prx --------- 316640
10.06.2009 15:19 C:\Windows\msdfmap.ini --------- 1405
10.06.2009 15:14 C:\Windows\Starter.xml --------- 48201
10.06.2009 15:14 C:\Windows\HomePremium.xml --------- 48265
24.04.2007 09:51 C:\Windows\UNNeroShowTime.exe --------- 972336
20.03.2007 14:22 C:\Windows\UNNeroBackItUp.exe --------- 972336
12.03.2007 07:51 C:\Windows\UNNeroMediaHome.exe --------- 972336
28.02.2007 14:53 C:\Windows\UNNeroVision.exe --------- 972336
15.09.2005 07:35 C:\Windows\UNNeroMediaHome.cfg --------- 50
30.08.2005 14:37 C:\Windows\UNNeroVision.cfg --------- 50
30.08.2005 14:37 C:\Windows\UNNeroShowTime.cfg --------- 50
30.08.2005 14:33 C:\Windows\UNNeroBackItUp.cfg --------- 50
23.01.1998 04:20 C:\Windows\IsUn0407.exe --------- 305664
----------------------------------------
C:\Windows\System
13.07.2009 15:41 C:\Windows\System\OLESVR.DLL --------- 24064
13.07.2009 15:41 C:\Windows\System\WFWNET.DRV --------- 12704
13.07.2009 15:41 C:\Windows\System\COMMDLG.DLL --------- 32816
13.07.2009 15:41 C:\Windows\System\TIMER.DRV --------- 4048
13.07.2009 15:41 C:\Windows\System\MMSYSTEM.DLL --------- 68992
13.07.2009 15:41 C:\Windows\System\mmtask.tsk --------- 1152
13.07.2009 15:41 C:\Windows\System\mouse.drv --------- 2032
13.07.2009 15:41 C:\Windows\System\vga.drv --------- 2176
13.07.2009 15:41 C:\Windows\System\sound.drv --------- 1744
13.07.2009 15:41 C:\Windows\System\keyboard.drv --------- 2000
13.07.2009 15:41 C:\Windows\System\SHELL.DLL --------- 5120
13.07.2009 15:41 C:\Windows\System\system.drv --------- 3360
10.06.2009 15:42 C:\Windows\System\ver.dll --------- 9008
10.06.2009 15:42 C:\Windows\System\olecli.dll --------- 82944
10.06.2009 15:42 C:\Windows\System\lzexpand.dll --------- 9936
10.06.2009 15:25 C:\Windows\System\stdole.tlb --------- 5532
10.06.2009 15:21 C:\Windows\System\msvideo.dll --------- 126912
10.06.2009 15:21 C:\Windows\System\mciwave.drv --------- 28160
10.06.2009 15:21 C:\Windows\System\mciseq.drv --------- 25264
10.06.2009 15:21 C:\Windows\System\mciavi.drv --------- 73376
10.06.2009 15:21 C:\Windows\System\avifile.dll --------- 109456
10.06.2009 15:21 C:\Windows\System\avicap.dll --------- 69584
----------------------------------------
C:\Windows\System32
08.04.2011 10:37 C:\Windows\system32\drivers --------- 65536
08.04.2011 10:34 C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0 --------- 13456
08.04.2011 10:34 C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0 --------- 13456
08.04.2011 10:29 C:\Windows\system32\config --------- 28672
08.04.2011 09:49 C:\Windows\system32\perfc009.dat --------- 103568
08.04.2011 09:49 C:\Windows\system32\perfh009.dat --------- 607190
08.04.2011 09:49 C:\Windows\system32\perfh007.dat --------- 643866
08.04.2011 09:49 C:\Windows\system32\perfc007.dat --------- 126394
08.04.2011 09:49 C:\Windows\system32\PerfStringBackup.INI --------- 1472002
07.04.2011 23:24 C:\Windows\system32\sysprep --------- 0
29.03.2011 21:35 C:\Windows\system32\catroot2 --------- 16384
24.03.2011 22:34 C:\Windows\system32\FNTCACHE.DAT --------- 3834352
24.03.2011 14:13 C:\Windows\system32\catroot --------- 8192
24.03.2011 14:13 C:\Windows\system32\DriverStore --------- 0
02.03.2011 19:56 C:\Windows\system32\MRT.exe --------- 37943240
12.02.2011 13:00 C:\Windows\system32\jupdate-1.6.0_23-b05.log --------- 3734
11.02.2011 17:05 C:\Windows\system32\Tasks --------- 0
09.02.2011 22:32 C:\Windows\system32\migration --------- 0
02.02.2011 18:11 C:\Windows\system32\MpSigStub.exe --------- 222080
08.01.2011 16:25 C:\Windows\system32\QuickTime --------- 0
07.01.2011 01:27 C:\Windows\system32\atmlib.dll --------- 34304
06.01.2011 23:33 C:\Windows\system32\atmfd.dll --------- 294400
04.01.2011 23:37 C:\Windows\system32\vbscript.dll --------- 428032
04.01.2011 23:34 C:\Windows\system32\jscript.dll --------- 716800
04.01.2011 21:37 C:\Windows\system32\win32k.sys --------- 2329088
22.12.2010 23:28 C:\Windows\system32\sbe.dll --------- 850432
22.12.2010 23:28 C:\Windows\system32\EncDec.dll --------- 534528
22.12.2010 23:28 C:\Windows\system32\CPFilters.dll --------- 642048
22.12.2010 23:24 C:\Windows\system32\mpg2splt.ax --------- 199680
20.12.2010 02:52 C:\Windows\system32\NDF --------- 0
17.12.2010 23:32 C:\Windows\system32\wininet.dll --------- 981504
17.12.2010 23:32 C:\Windows\system32\urlmon.dll --------- 1228288
17.12.2010 23:30 C:\Windows\system32\mstscax.dll --------- 2690560
17.12.2010 23:30 C:\Windows\system32\mstime.dll --------- 606208
17.12.2010 23:30 C:\Windows\system32\mshtmled.dll --------- 67072
17.12.2010 23:30 C:\Windows\system32\mshtml.dll --------- 5980672
17.12.2010 23:30 C:\Windows\system32\msfeedsbs.dll --------- 64512
17.12.2010 23:30 C:\Windows\system32\msfeeds.dll --------- 599040
17.12.2010 23:29 C:\Windows\system32\licmgr10.dll --------- 44544
17.12.2010 23:29 C:\Windows\system32\kerberos.dll --------- 541184
17.12.2010 23:29 C:\Windows\system32\jsproxy.dll --------- 48128
17.12.2010 23:29 C:\Windows\system32\ieui.dll --------- 176640
17.12.2010 23:29 C:\Windows\system32\iertutil.dll --------- 2063360
17.12.2010 23:29 C:\Windows\system32\iepeers.dll --------- 185856
17.12.2010 23:29 C:\Windows\system32\ieframe.dll --------- 10989056
17.12.2010 23:29 C:\Windows\system32\iedkcs32.dll --------- 381440
17.12.2010 23:26 C:\Windows\system32\mstsc.exe --------- 1034240
17.12.2010 23:26 C:\Windows\system32\msfeedssync.exe --------- 12800
17.12.2010 22:20 C:\Windows\system32\html.iec --------- 386048
17.12.2010 21:47 C:\Windows\system32\mshtml.tlb --------- 1638912
16.12.2010 00:18 C:\Windows\system32\de-DE --------- 327680
12.11.2010 19:53 C:\Windows\system32\javaws.exe --------- 157472
12.11.2010 19:53 C:\Windows\system32\javaw.exe --------- 145184
12.11.2010 19:53 C:\Windows\system32\java.exe --------- 145184
12.11.2010 19:53 C:\Windows\system32\deployJava1.dll --------- 472808
11.11.2010 05:03 C:\Windows\system32\jupdate-1.6.0_22-b04.log --------- 4103
01.11.2010 22:41 C:\Windows\system32\wmicmiplugin.dll --------- 351232
01.11.2010 22:40 C:\Windows\system32\taskschd.dll --------- 496128
01.11.2010 22:40 C:\Windows\system32\taskcomp.dll --------- 305152
01.11.2010 22:39 C:\Windows\system32\schedsvc.dll --------- 749056
01.11.2010 22:34 C:\Windows\system32\taskeng.exe --------- 192000
01.11.2010 22:34 C:\Windows\system32\schtasks.exe --------- 179712
26.10.2010 22:43 C:\Windows\system32\ntoskrnl.exe --------- 3901824
26.10.2010 22:43 C:\Windows\system32\ntkrnlpa.exe --------- 3957120
26.10.2010 22:40 C:\Windows\system32\ntdll.dll --------- 1289536
26.10.2010 22:32 C:\Windows\system32\tzres.dll --------- 2048
15.10.2010 22:41 C:\Windows\system32\consent.exe --------- 101760
15.10.2010 22:36 C:\Windows\system32\webio.dll --------- 314368
15.10.2010 22:34 C:\Windows\system32\odbc32.dll --------- 573440
31.08.2010 22:29 C:\Windows\system32\wmp.dll --------- 11406848
31.08.2010 22:23 C:\Windows\system32\wmploc.DLL --------- 12625408
31.08.2010 13:14 C:\Windows\system32\jupdate-1.6.0_21-b07.log --------- 5351
30.08.2010 22:32 C:\Windows\system32\mfc40u.dll --------- 954288
30.08.2010 22:32 C:\Windows\system32\mfc40.dll --------- 954752
26.08.2010 23:46 C:\Windows\system32\srvsvc.dll --------- 168448
25.08.2010 22:39 C:\Windows\system32\t2embed.dll --------- 109056
20.08.2010 23:36 C:\Windows\system32\wmpmde.dll --------- 738816
20.08.2010 23:36 C:\Windows\system32\schannel.dll --------- 224256
20.08.2010 23:33 C:\Windows\system32\comctl32.dll --------- 530432
20.08.2010 23:32 C:\Windows\system32\spoolsv.exe --------- 316928
15.08.2010 00:41 C:\Windows\system32\Lang --------- 0
14.08.2010 06:00 C:\Windows\system32\x64 --------- 0
29.07.2010 06:09 C:\Windows\system32\wdi --------- 4096
29.07.2010 00:30 C:\Windows\system32\ir32_32.dll --------- 197632
29.07.2010 00:30 C:\Windows\system32\iccvid.dll --------- 82944
27.07.2010 08:03 C:\Windows\system32\shell32.dll --------- 12867584
28.06.2010 23:02 C:\Windows\system32\ole32.dll --------- 1413632
22.06.2010 23:30 C:\Windows\system32\tsccvid.dll --------- 411480
19.06.2010 00:23 C:\Windows\system32\rtutils.dll --------- 37376
08.06.2010 00:02 C:\Windows\system32\msxml3.dll --------- 1233920
26.05.2010 10:59 C:\Windows\system32\Wat --------- 0
05.05.2010 00:46 C:\Windows\system32\StructuredQuery.dll --------- 363520
03.05.2010 07:53 C:\Windows\system32\MSCHVBXM --------- 4098
26.04.2010 16:04 C:\Windows\system32\DivXControlPanelApplet.cpl --------- 353592
22.04.2010 06:29 C:\Windows\system32\lvcoinst.log --------- 11736
14.04.2010 14:20 C:\Windows\system32\GroupPolicy --------- 0
20.03.2010 12:11 C:\Windows\system32\FM20DEU.DLL --------- 36736
10.03.2010 13:29 C:\Windows\system32\dpl100.dll --------- 94208
05.03.2010 03:13 C:\Windows\system32\msjava.dll --------- 947472
05.03.2010 01:42 C:\Windows\system32\asycfilt.dll --------- 67584
----------------------------------------
C:\Windows\Prefetch
08.04.2011 10:56 C:\Windows\Prefetch\ReadyBoot --------- 4096
08.04.2011 10:55 C:\Windows\Prefetch\AgGlFgAppHistory.db --------- 1373845
08.04.2011 10:55 C:\Windows\Prefetch\AgGlFaultHistory.db --------- 493739
08.04.2011 10:55 C:\Windows\Prefetch\AgGlGlobalHistory.db --------- 2336149
08.04.2011 10:55 C:\Windows\Prefetch\AgRobust.db --------- 299804
08.04.2011 10:55 C:\Windows\Prefetch\PfSvPerfStats.bin --------- 508
08.04.2011 10:38 C:\Windows\Prefetch\LOGONUI.EXE-1BEE4A84.pf --------- 43308
08.04.2011 10:38 C:\Windows\Prefetch\DISPLAYLINKKENSINGTONSUPPORT.-4A9C90F1.pf --------- 18028
08.04.2011 10:38 C:\Windows\Prefetch\DISPLAYLINKUI.EXE-70773ADB.pf --------- 24284
08.04.2011 10:37 C:\Windows\Prefetch\CONSENT.EXE-65F6206D.pf --------- 117942
08.04.2011 10:37 C:\Windows\Prefetch\DLLHOST.EXE-71214090.pf --------- 42638
08.04.2011 10:37 C:\Windows\Prefetch\PING.EXE-B29F6629.pf --------- 14828
08.04.2011 10:37 C:\Windows\Prefetch\CONHOST.EXE-3218E401.pf --------- 14314
08.04.2011 10:36 C:\Windows\Prefetch\DLLHOST.EXE-893DDF55.pf --------- 33912
08.04.2011 10:35 C:\Windows\Prefetch\SEARCHFILTERHOST.EXE-AA7A1FDD.pf --------- 54288
08.04.2011 10:35 C:\Windows\Prefetch\SEARCHPROTOCOLHOST.EXE-AFAD3EF9.pf --------- 28726
08.04.2011 10:31 C:\Windows\Prefetch\SVCHOST.EXE-8FD92526.pf --------- 20694
08.04.2011 10:31 C:\Windows\Prefetch\VSSVC.EXE-04D079CC.pf --------- 28274
08.04.2011 10:31 C:\Windows\Prefetch\SVCHOST.EXE-93CEEE07.pf --------- 62884
08.04.2011 10:30 C:\Windows\Prefetch\TASKHOST.EXE-437C05A8.pf --------- 76958
08.04.2011 10:30 C:\Windows\Prefetch\WMIADAP.EXE-369DF1CD.pf --------- 20252
08.04.2011 10:29 C:\Windows\Prefetch\TRUSTEDINSTALLER.EXE-031B6478.pf --------- 72670
08.04.2011 10:29 C:\Windows\Prefetch\AgCx_SC4.db --------- 309398
08.04.2011 10:29 C:\Windows\Prefetch\WUAUCLT.EXE-830BCC14.pf --------- 56292
08.04.2011 10:28 C:\Windows\Prefetch\WMIPRVSE.EXE-43972D0F.pf --------- 39260
08.04.2011 10:28 C:\Windows\Prefetch\SPPSVC.EXE-CBE91656.pf --------- 24846
08.04.2011 10:28 C:\Windows\Prefetch\WMPNETWK.EXE-BD0344CA.pf --------- 69152
08.04.2011 10:28 C:\Windows\Prefetch\WMPNSCFG.EXE-DF1DD51A.pf --------- 19082
08.04.2011 10:28 C:\Windows\Prefetch\SEARCHINDEXER.EXE-77D27BAC.pf --------- 85290
08.04.2011 10:28 C:\Windows\Prefetch\EXPLORER.EXE-7A3328DA.pf --------- 201106
08.04.2011 10:28 C:\Windows\Prefetch\DWM.EXE-AEABE78B.pf --------- 44378
08.04.2011 10:28 C:\Windows\Prefetch\USERINIT.EXE-F39AB672.pf --------- 23942
08.04.2011 10:27 C:\Windows\Prefetch\ATBROKER.EXE-FF58B71D.pf --------- 10564
08.04.2011 09:52 C:\Windows\Prefetch\ACRORD32INFO.EXE-E3F62CBD.pf --------- 78004
08.04.2011 09:52 C:\Windows\Prefetch\MIKTEX-TEXWORKS.EXE-730A698D.pf --------- 92954
08.04.2011 09:47 C:\Windows\Prefetch\WUDFHOST.EXE-81420B07.pf --------- 25930
08.04.2011 09:46 C:\Windows\Prefetch\AUDIODG.EXE-D0D776AC.pf --------- 23096
08.04.2011 09:35 C:\Windows\Prefetch\AVP.EXE-66FE3676.pf --------- 131754
08.04.2011 09:31 C:\Windows\Prefetch\WERMGR.EXE-2A1BCBC7.pf --------- 19976
08.04.2011 09:28 C:\Windows\Prefetch\IGFXSRVC.EXE-67E7A62F.pf --------- 30290
08.04.2011 09:28 C:\Windows\Prefetch\IELOWUTIL.EXE-79D45B69.pf --------- 1402
08.04.2011 09:26 C:\Windows\Prefetch\KLWTBLFS.EXE-BD8E3D08.pf --------- 15204
08.04.2011 09:21 C:\Windows\Prefetch\RUNDLL32.EXE-AFD98684.pf --------- 15530
08.04.2011 08:19 C:\Windows\Prefetch\DLLHOST.EXE-53B78AD0.pf --------- 37768
08.04.2011 08:18 C:\Windows\Prefetch\SVCHOST.EXE-DB4C36D7.pf --------- 31902
08.04.2011 08:11 C:\Windows\Prefetch\TASKENG.EXE-5BAF290C.pf --------- 22616
07.04.2011 23:28 C:\Windows\Prefetch\OSPPSVC.EXE-FFA150A3.pf --------- 69032
07.04.2011 23:28 C:\Windows\Prefetch\PRINTISOLATIONHOST.EXE-83C184C4.pf --------- 15000
07.04.2011 23:28 C:\Windows\Prefetch\POWERPNT.EXE-C61D24E7.pf --------- 150592
07.04.2011 22:27 C:\Windows\Prefetch\PLUGIN-CONTAINER.EXE-1D5F6C6B.pf --------- 54662
07.04.2011 22:06 C:\Windows\Prefetch\SKYPEPM.EXE-2C1AF4F8.pf --------- 99332
07.04.2011 22:05 C:\Windows\Prefetch\SKYPE.EXE-40964AC7.pf --------- 164344
07.04.2011 22:05 C:\Windows\Prefetch\LVPRCSRV.EXE-E0306B6B.pf --------- 12576
07.04.2011 22:03 C:\Windows\Prefetch\THUNDERBIRD.EXE-EDED9AF7.pf --------- 252746
07.04.2011 22:02 C:\Windows\Prefetch\LULNCHR.EXE-E46CB67E.pf --------- 86564
07.04.2011 22:02 C:\Windows\Prefetch\LOGITECHUPDATE.EXE-55456C00.pf --------- 34410
07.04.2011 22:01 C:\Windows\Prefetch\FIREFOX.EXE-E60C0AA7.pf --------- 219566
07.04.2011 22:01 C:\Windows\Prefetch\SVCHOST.EXE-18D06B2E.pf --------- 6660
07.04.2011 22:01 C:\Windows\Prefetch\DROPBOX.EXE-6F5B5EDB.pf --------- 114496
07.04.2011 22:01 C:\Windows\Prefetch\CMD.EXE-89305D47.pf --------- 10908
07.04.2011 22:00 C:\Windows\Prefetch\WEBUPDATER.EXE-F58A287C.pf --------- 47714
07.04.2011 22:00 C:\Windows\Prefetch\SIDEBAR.EXE-3A7B3FCC.pf --------- 78692
07.04.2011 22:00 C:\Windows\Prefetch\DTLITE.EXE-77D34F4E.pf --------- 67736
07.04.2011 22:00 C:\Windows\Prefetch\RAINLENDAR2.EXE-437E37B5.pf --------- 81750
07.04.2011 22:00 C:\Windows\Prefetch\USBTIP.EXE-BF2C7046.pf --------- 26310
07.04.2011 22:00 C:\Windows\Prefetch\READER_SL.EXE-565703D6.pf --------- 13150
07.04.2011 22:00 C:\Windows\Prefetch\ADOBEARM.EXE-ACA00A4A.pf --------- 23094
07.04.2011 22:00 C:\Windows\Prefetch\SWITCHBOARD.EXE-7E935F90.pf --------- 30446
07.04.2011 22:00 C:\Windows\Prefetch\JUSCHED.EXE-07F32FAE.pf --------- 13964
07.04.2011 22:00 C:\Windows\Prefetch\UPDATERSTARTUPUTILITY.EXE-4E353C23.pf --------- 25712
07.04.2011 22:00 C:\Windows\Prefetch\CS5SERVICEMANAGER.EXE-5B253472.pf --------- 31260
07.04.2011 22:00 C:\Windows\Prefetch\IGFXPERS.EXE-F690CC93.pf --------- 17740
07.04.2011 22:00 C:\Windows\Prefetch\HKCMD.EXE-FA3EB5EE.pf --------- 18506
07.04.2011 22:00 C:\Windows\Prefetch\LWS.EXE-CC076DEB.pf --------- 59740
07.04.2011 22:00 C:\Windows\Prefetch\IGFXTRAY.EXE-95873609.pf --------- 19562
07.04.2011 22:00 C:\Windows\Prefetch\EREG.EXE-EEF5DFA3.pf --------- 26222
07.04.2011 21:59 C:\Windows\Prefetch\BCSSYNC.EXE-E11E559D.pf --------- 16300
07.04.2011 21:59 C:\Windows\Prefetch\IPODSERVICE.EXE-FE1A6FF7.pf --------- 19344
07.04.2011 21:59 C:\Windows\Prefetch\OPENVPN.EXE-51BE6D5E.pf --------- 17376
07.04.2011 21:59 C:\Windows\Prefetch\FJSSDMN.EXE-EB13373A.pf --------- 16722
07.04.2011 21:59 C:\Windows\Prefetch\SSBKGDUPDATE.EXE-2DA63B57.pf --------- 15888
07.04.2011 21:59 C:\Windows\Prefetch\BTNHND.EXE-3BD76FB3.pf --------- 17950
07.04.2011 21:59 C:\Windows\Prefetch\QUICKTOUCH.EXE-C66F2D8B.pf --------- 36808
07.04.2011 21:59 C:\Windows\Prefetch\INDICATORUTY.EXE-E859F9BC.pf --------- 18846
07.04.2011 21:59 C:\Windows\Prefetch\FUJ02E3.EXE-A0823DBD.pf --------- 14832
07.04.2011 21:59 C:\Windows\Prefetch\ITUNESHELPER.EXE-302622F9.pf --------- 75474
07.04.2011 21:54 C:\Windows\Prefetch\SVCHOST.EXE-4D8DA32A.pf --------- 24010
07.04.2011 21:54 C:\Windows\Prefetch\SVCHOST.EXE-B1D6DE75.pf --------- 19924
07.04.2011 18:06 C:\Windows\Prefetch\WINWORD.EXE-19416D26.pf --------- 221610
07.04.2011 18:03 C:\Windows\Prefetch\MSPAINT.EXE-89BB51A7.pf --------- 95820
07.04.2011 18:02 C:\Windows\Prefetch\TEXIFY.EXE-52D3EFBC.pf --------- 27196
07.04.2011 18:02 C:\Windows\Prefetch\PDFLATEX.EXE-F0A21ED7.pf --------- 116926
07.04.2011 18:02 C:\Windows\Prefetch\BIBTEX.EXE-4C074E6D.pf --------- 26122
07.04.2011 17:05 C:\Windows\Prefetch\ACRORD32.EXE-C2658FE9.pf --------- 87690
07.04.2011 16:59 C:\Windows\Prefetch\JAVAW.EXE-C4EA16F0.pf --------- 166406
07.04.2011 16:52 C:\Windows\Prefetch\AgGlUAD_P_S-1-5-21-631388349-1085569318-2024419824-1001.db --------- 943493
07.04.2011 16:52 C:\Windows\Prefetch\AgGlUAD_S-1-5-21-631388349-1085569318-2024419824-1001.db --------- 1267329
07.04.2011 16:13 C:\Windows\Prefetch\AgCx_SC2.db --------- 800696
07.04.2011 16:11 C:\Windows\Prefetch\PTC_D.EXE-50C7BF6C.pf --------- 23994
07.04.2011 11:51 C:\Windows\Prefetch\EXCEL.EXE-F0766CF1.pf --------- 154236
07.04.2011 11:42 C:\Windows\Prefetch\PDFTEX.EXE-ADEB943E.pf --------- 29180
07.04.2011 11:30 C:\Windows\Prefetch\FOXITR~1.EXE-54C77552.pf --------- 91340
07.04.2011 10:54 C:\Windows\Prefetch\DLLHOST.EXE-6202E8F2.pf --------- 213674
07.04.2011 10:24 C:\Windows\Prefetch\RUNDLL32.EXE-B641F777.pf --------- 33908
07.04.2011 09:51 C:\Windows\Prefetch\OUTLOOK.EXE-6869E875.pf --------- 265070
07.04.2011 09:46 C:\Windows\Prefetch\NTOSBOOT-B00DFAAD.pf --------- 3350318
07.04.2011 08:37 C:\Windows\Prefetch\ITUNES.EXE-049DB451.pf --------- 271298
07.04.2011 08:01 C:\Windows\Prefetch\QTTASK.EXE-D42B72A5.pf --------- 10784
06.04.2011 16:59 C:\Windows\Prefetch\WERFAULT.EXE-B7E27BE5.pf --------- 33982
06.04.2011 15:22 C:\Windows\Prefetch\PAINTDOTNET.EXE-A48207C8.pf --------- 139468
06.04.2011 15:14 C:\Windows\Prefetch\MATLAB.EXE-83FCC2C9.pf --------- 317714
06.04.2011 15:14 C:\Windows\Prefetch\MATLAB.EXE-F8C74B66.pf --------- 31212
06.04.2011 15:14 C:\Windows\Prefetch\VCRT_CHECK.EXE-9270A550.pf --------- 17660
06.04.2011 13:34 C:\Windows\Prefetch\W32TM.EXE-5D2265F4.pf --------- 15448
06.04.2011 13:33 C:\Windows\Prefetch\CSC.EXE-4EF173D0.pf --------- 40938
06.04.2011 13:33 C:\Windows\Prefetch\CVTRES.EXE-419E4E46.pf --------- 13220
06.04.2011 13:33 C:\Windows\Prefetch\SDIAGNHOST.EXE-67CD1457.pf --------- 63440
06.04.2011 13:33 C:\Windows\Prefetch\RUNDLL32.EXE-85E123DD.pf --------- 8630
06.04.2011 13:26 C:\Windows\Prefetch\RUNDLL32.EXE-125D4518.pf --------- 43814
06.04.2011 13:23 C:\Windows\Prefetch\SVCHOST.EXE-8DA0BAAD.pf --------- 17266
06.04.2011 13:23 C:\Windows\Prefetch\DEFRAG.EXE-738093E8.pf --------- 15134
06.04.2011 13:23 C:\Windows\Prefetch\Layout.ini --------- 1261444
06.04.2011 08:01 C:\Windows\Prefetch\DISPSWITCHLAUNCHER.EXE-B5D5114D.pf --------- 15864
05.04.2011 15:08 C:\Windows\Prefetch\MPSIGSTUB.EXE-7C60A359.pf --------- 25040
05.04.2011 15:08 C:\Windows\Prefetch\MPMINISIGSTUB.EXE-5E580501.pf --------- 7166
05.04.2011 15:08 C:\Windows\Prefetch\MPAS-D_BD1.EXE-B82677C3.pf --------- 15744
05.04.2011 10:55 C:\Windows\Prefetch\RUNDLL32.EXE-A5D8DA74.pf --------- 18540
05.04.2011 10:54 C:\Windows\Prefetch\DEVICEDISPLAYOBJECTPROVIDER.E-5B0FD533.pf --------- 33620
05.04.2011 10:50 C:\Windows\Prefetch\SVCHOST.EXE-7488A139.pf --------- 22334
05.04.2011 08:00 C:\Windows\Prefetch\COCIMANAGER.EXE-24AD6BC2.pf --------- 22156
04.04.2011 16:06 C:\Windows\Prefetch\CALC.EXE-AC08706A.pf --------- 23096
04.04.2011 15:12 C:\Windows\Prefetch\JAVAWS.EXE-25FD1E0F.pf --------- 18906
04.04.2011 15:12 C:\Windows\Prefetch\JAUCHECK.EXE-04AFF24E.pf --------- 33028
04.04.2011 14:54 C:\Windows\Prefetch\IZARC.EXE-1472F2CB.pf --------- 139640
04.04.2011 13:16 C:\Windows\Prefetch\SNDVOL.EXE-783DCB11.pf --------- 26990
03.04.2011 23:00 C:\Windows\Prefetch\WSQMCONS.EXE-E2CE6542.pf --------- 1242
03.04.2011 21:30 C:\Windows\Prefetch\INSTALLFLASHPLAYER.EXE-5258DA1C.pf --------- 22546
03.04.2011 21:28 C:\Windows\Prefetch\SC.EXE-BC6DAF49.pf --------- 3606
01.04.2011 14:59 C:\Windows\Prefetch\DLLHOST.EXE-91B07125.pf --------- 15754
01.04.2011 14:59 C:\Windows\Prefetch\SOFTWAREUPDATE.EXE-2B0C49F7.pf --------- 26590
01.04.2011 14:57 C:\Windows\Prefetch\AgCx_SC1.db --------- 687516
01.04.2011 14:56 C:\Windows\Prefetch\AgCx_SC1.db.trx --------- 280194
08.02.2010 08:22 C:\Windows\Prefetch\AgAppLaunch.db --------- 332116
----------------------------------------
C:\Windows\Tasks
08.04.2011 10:53 C:\Windows\Tasks\SA.DAT --------- 6
12.02.2011 03:21 C:\Windows\Tasks\SCHEDLGU.TXT --------- 32632
----------------------------------------
C:\Windows\Temp
08.04.2011 10:53 C:\Windows\Temp\spserv.dat --------- 1024
----------------------------------------
C:\Users\Hens\AppData\Local\Temp
08.04.2011 10:56 C:\Users\Hens\AppData\Local\Temp\WPDNSE --------- 0
08.04.2011 10:52 C:\Users\Hens\AppData\Local\Temp\js6cy226kpp3fu006bryc5cx757a25077l2 --------- 8578
08.04.2011 10:44 C:\Users\Hens\AppData\Local\Temp\mik64428 --------- 0
08.04.2011 09:26 C:\Users\Hens\AppData\Local\Temp\Low --------- 0
07.04.2011 23:24 C:\Users\Hens\AppData\Local\Temp\0.46982674232693467.exe --------- 217202
07.04.2011 22:00 C:\Users\Hens\AppData\Local\Temp\manifest.xml --------- 5275
07.04.2011 22:00 C:\Users\Hens\AppData\Local\Temp\config.xml --------- 0
07.04.2011 22:00 C:\Users\Hens\AppData\Local\Temp\de-de --------- 0
07.04.2011 22:00 C:\Users\Hens\AppData\Local\Temp\en-us --------- 0
07.04.2011 22:00 C:\Users\Hens\AppData\Local\Temp\resource.h --------- 0
08.02.2010 08:31 C:\Users\Hens\AppData\Local\Temp\FXSAPIDebugLogFile.txt --------- 0
----------------------------------------
C:\Program Files
08.04.2011 10:37 C:\Program Files\Malwarebytes' Anti-Malware --------- 4096
08.04.2011 10:37 C:\Program Files\CCleaner --------- 0
08.04.2011 10:32 C:\Program Files\Trend Micro --------- 0
31.03.2011 09:17 C:\Program Files\Adobe --------- 4096
24.03.2011 22:55 C:\Program Files\Mozilla Firefox --------- 32768
24.03.2011 14:12 C:\Program Files\Common Files --------- 4096
24.03.2011 14:00 C:\Program Files\Pinnacle --------- 0
24.03.2011 12:50 C:\Program Files\SafeNet Sentinel --------- 0
24.03.2011 12:50 C:\Program Files\InstallShield Installation Information --------- 0
24.03.2011 12:37 C:\Program Files\Motion Analysis --------- 0
08.03.2011 09:52 C:\Program Files\Mozilla Thunderbird --------- 28672
21.02.2011 00:12 C:\Program Files\Paint.NET --------- 16384
12.02.2011 13:00 C:\Program Files\Java --------- 4096
09.02.2011 22:32 C:\Program Files\Internet Explorer --------- 4096
18.01.2011 11:09 C:\Program Files\MATLAB --------- 0
18.01.2011 10:19 C:\Program Files\KinTrak 7.0 --------- 0
08.01.2011 16:24 C:\Program Files\TechSmith --------- 0
31.12.2010 11:23 C:\Program Files\Skype --------- 0
16.12.2010 00:18 C:\Program Files\Windows Mail --------- 0
15.12.2010 15:37 C:\Program Files\JDownloader --------- 0
07.12.2010 13:04 C:\Program Files\Ask.com --------- 4096
07.12.2010 13:04 C:\Program Files\Foxit Software --------- 0
07.11.2010 11:53 C:\Program Files\IrfanView --------- 0
07.11.2010 11:47 C:\Program Files\Ghostgum --------- 0
07.11.2010 07:34 C:\Program Files\Ghostscript --------- 0
07.11.2010 07:23 C:\Program Files\Texmaker --------- 16384
07.11.2010 07:21 C:\Program Files\TeXnicCenter --------- 0
07.11.2010 01:26 C:\Program Files\MiKTeX 2.9 --------- 4096
03.11.2010 13:16 C:\Program Files\Adobe Media Player --------- 0
13.10.2010 07:23 C:\Program Files\Windows Media Player --------- 4096
12.09.2010 01:28 C:\Program Files\Logitech --------- 0
15.08.2010 00:41 C:\Program Files\Intel --------- 0
06.08.2010 02:48 C:\Program Files\DVDVideoSoft --------- 0
19.07.2010 13:47 C:\Program Files\7-Zip --------- 0
19.07.2010 13:38 C:\Program Files\Microsoft Synchronization Services --------- 0
19.07.2010 13:37 C:\Program Files\Microsoft Office --------- 4096
19.07.2010 13:37 C:\Program Files\Microsoft SQL Server Compact Edition --------- 0
19.07.2010 13:37 C:\Program Files\Microsoft.NET --------- 0
19.07.2010 13:32 C:\Program Files\Microsoft Analysis Services --------- 0
19.07.2010 13:06 C:\Program Files\IZArc --------- 4096
12.06.2010 08:53 C:\Program Files\PCTV Systems --------- 0
09.06.2010 12:12 C:\Program Files\Avanquest update --------- 0
07.06.2010 14:41 C:\Program Files\MDESIGN --------- 0
06.06.2010 04:09 C:\Program Files\MyPhoneExplorer --------- 4096
31.05.2010 02:48 C:\Program Files\DisplayLink Core Software --------- 8192
16.05.2010 10:57 C:\Program Files\MSECache --------- 0
05.05.2010 03:36 C:\Program Files\DAEMON Tools Lite --------- 0
21.04.2010 11:57 C:\Program Files\Microsoft CAPICOM 2.1.0.2 --------- 0
15.04.2010 03:48 C:\Program Files\WinRAR --------- 4096
14.04.2010 14:20 C:\Program Files\ScanSoft --------- 0
22.03.2010 07:19 C:\Program Files\HBM --------- 0
12.03.2010 10:05 C:\Program Files\proeWildfire 4.0 --------- 8192
12.03.2010 09:57 C:\Program Files\flexnet --------- 4096
06.03.2010 04:32 C:\Program Files\PokerStars.NET --------- 8192
02.03.2010 01:18 C:\Program Files\OpenVPN --------- 4096
01.03.2010 08:22 C:\Program Files\MSXML 4.0 --------- 0
27.02.2010 11:09 C:\Program Files\Nero --------- 0
21.02.2010 15:40 C:\Program Files\Fujitsu --------- 4096
21.02.2010 15:32 C:\Program Files\O2Micro OZ711 SCR Driver --------- 0
21.02.2010 15:30 C:\Program Files\Sierra Wireless Inc --------- 0
09.02.2010 14:57 C:\Program Files\Microsoft --------- 0
09.02.2010 14:57 C:\Program Files\Windows Live --------- 0
09.02.2010 14:57 C:\Program Files\Windows Live SkyDrive --------- 0
09.02.2010 03:29 C:\Program Files\Kensington Display Adapter --------- 0
08.02.2010 10:39 C:\Program Files\iTunes --------- 4096
08.02.2010 10:38 C:\Program Files\iPod --------- 0
08.02.2010 10:38 C:\Program Files\Bonjour --------- 0
08.02.2010 10:38 C:\Program Files\QuickTime --------- 4096
08.02.2010 10:37 C:\Program Files\Apple Software Update --------- 4096
08.02.2010 10:04 C:\Program Files\Rainlendar2 --------- 0
08.02.2010 09:05 C:\Program Files\VideoLAN --------- 0
08.02.2010 08:41 C:\Program Files\Kaspersky Lab --------- 0
08.02.2010 08:29 C:\Program Files\Windows NT --------- 4096
08.02.2010 08:29 C:\Program Files\Gemeinsame Dateien --------- 0
14.07.2009 02:56 C:\Program Files\DVD Maker --------- 0
14.07.2009 02:56 C:\Program Files\Windows Journal --------- 0
14.07.2009 02:56 C:\Program Files\Microsoft Games --------- 0
14.07.2009 02:47 C:\Program Files\Windows Sidebar --------- 0
14.07.2009 02:47 C:\Program Files\Windows Photo Viewer --------- 0
14.07.2009 02:47 C:\Program Files\Windows Defender --------- 0
13.07.2009 22:53 C:\Program Files\Uninstall Information --------- 0
13.07.2009 22:52 C:\Program Files\Windows Portable Devices --------- 0
13.07.2009 22:52 C:\Program Files\Reference Assemblies --------- 0
13.07.2009 22:52 C:\Program Files\MSBuild --------- 0
13.07.2009 22:41 C:\Program Files\desktop.ini --------- 174
----------------------------------------
C:\ProgramData\..
Hens
Default
Public
Default User
All Users
desktop.ini
----------------------------------------
C:\Windows\system32\drivers\etc\hosts
127.0.0.1 activate.adobe.com
127.0.0.1 adobe.activate.com
127.0.0.1 practivate.adobe.com
127.0.0.1 ereg.adobe.com
127.0.0.1 adobeereg.com
127.0.0.1 activate.wip3.adobe.com
127.0.0.1 wip3.adobe.com
127.0.0.1 3dns-3.adobe.com
127.0.0.1 3dns-2.adobe.com
127.0.0.1 adobe-dns.adobe.com
127.0.0.1 adobe-dns-2.adobe.com
127.0.0.1 adobe-dns-3.adobe.com
127.0.0.1 ereg.wip3.adobe.com
127.0.0.1 activate-sea.adobe.com
127.0.0.1 wwis-dubc1-vip60.adobe.com
127.0.0.1 activate-sjc0.adobe.com
127.0.0.1 wwis-dubc1-vip60.adobe.com
----------------------------------------
Abbildname PID Sitzungsname Sitz.-Nr. Speichernutzung
========================= ======== ================ =========== ===============
System Idle Process 0 Services 0 24 K
System 4 Services 0 712 K
smss.exe 288 Services 0 820 K
csrss.exe 384 Services 0 2.804 K
csrss.exe 432 Console 1 4.608 K
wininit.exe 440 Services 0 3.572 K
services.exe 500 Services 0 5.304 K
lsass.exe 508 Services 0 7.244 K
lsm.exe 520 Services 0 2.800 K
winlogon.exe 552 Console 1 4.444 K
svchost.exe 660 Services 0 6.532 K
svchost.exe 740 Services 0 4.548 K
svchost.exe 792 Services 0 7.512 K
svchost.exe 860 Services 0 9.460 K
svchost.exe 920 Services 0 3.596 K
svchost.exe 984 Services 0 4.008 K
explorer.exe 1140 Console 1 47.812 K
ctfmon.exe 1196 Console 1 3.124 K
cmd.exe 2012 Console 1 3.248 K
conhost.exe 2020 Console 1 2.984 K
tasklist.exe 952 Console 1 4.200 K
dllhost.exe 1316 Console 1 5.596 K
WmiPrvSE.exe 1400 Services 0 4.756 K
***** Ende des Scans 08.04.2011 um 10:59:44,33 ***
Code:
ATTFilter Adobe AIR Adobe Systems Inc. 03.11.2010 1.5.3.9120
Adobe Community Help Adobe Systems Incorporated 03.11.2010 3.0.0.400
Adobe Flash Player 10 ActiveX Adobe Systems Incorporated 06.08.2010 6,00MB 10.1.53.64
Adobe Flash Player 10 Plugin Adobe Systems Incorporated 03.04.2011 6,00MB 10.2.153.1
Adobe Media Player Adobe Systems Incorporated 03.11.2010 1.8
Adobe Photoshop CS5 Adobe Systems Incorporated 03.11.2010 1.559MB 12.0
Adobe Reader 9.4.3 - Deutsch Adobe Systems Incorporated 31.03.2011 164,6MB 9.4.3
Adobe Shockwave Player 11.5 Adobe Systems, Inc. 05.10.2010 11.5.8.612
Akamai NetSession Interface 03.11.2010
Apple Application Support Apple Inc. 08.02.2010 32,4MB 1.1.0
Apple Mobile Device Support Apple Inc. 08.02.2010 40,4MB 2.6.0.32
Apple Software Update Apple Inc. 08.02.2010 2,16MB 2.1.1.116
Avanquest update Avanquest Software 09.06.2010 1.22
Bonjour Apple Inc. 08.02.2010 0,49MB 1.0.106
Camtasia Studio 7 TechSmith Corporation 08.01.2011 219MB 7.0.1
catmanEasy/AP 3.0.4.100 Hottinger Baldwin Messtechnik GmbH 22.03.2010 3.0.4.100
CCleaner Piriform 08.04.2011 3.05
Compatibility Pack for the 2007 Office system Microsoft Corporation 10.11.2010 129,5MB 12.0.6514.5001
DisplayLink Core Software DisplayLink Corp. 09.02.2010 12,8MB 5.2.22617.0
DivX-Setup DivX, Inc. 04.10.2010 2.1.0.12
Dropbox 24.09.2010 0.7.110
EVaRT 5.0.4 Motion Analysis Corporation 24.03.2011 62,5MB 5.0.4
Facebook Plug-In Facebook, Inc. 12.04.2010
Faraday's Electromagnetic Lab University of Colorado, Department of Physics 07.03.2010
Foxit Reader Foxit Corporation 07.12.2010 11,1MB 4.3.0.1110
Foxit Toolbar Ask.com 07.12.2010 2,57MB 1.9.1.0
Free Audio CD Burner version 1.4.7 DVDVideoSoft Limited. 26.03.2011 10,7MB
Free Studio version 5.0.6 DVDVideoSoft Limited. 24.03.2011 258MB
Free YouTube Download 2.8 DVDVideoSoft Limited. 29.07.2010 25,5MB
Free YouTube to MP3 Converter version 3.9.35.324 DVDVideoSoft Limited. 26.03.2011 36,0MB
Fujitsu Display Manager FUJITSU LIMITED 21.02.2010 1,09MB 50.0.1.0
Fujitsu Hotkey Utility FUJITSU LIMITED 21.02.2010 0,22MB 3.0.0.0
Fujitsu MobilityCenter Extension Utility FUJITSU LIMITED 21.02.2010 0,28MB 1.1.0.0
Fujitsu System Extension Utility FUJITSU LIMITED 21.02.2010 0,13MB 2.1.1.0
GPL Ghostscript 9.00 07.11.2010
GSview 4.9 07.11.2010
HBM TEDS Editor Hottinger Baldwin Messtechnik GmbH 22.03.2010 3.0.0.86
HiJackThis Trend Micro 08.04.2011 0,36MB 1.0.0
HijackThis 2.0.2 TrendMicro 08.04.2011 2.0.2
Intel(R) Graphics Media Accelerator Driver Intel Corporation 15.08.2010 54,3MB 8.15.10.1930
Intel(R) TV Wizard Intel Corporation 15.08.2010
IrfanView (remove only) Irfan Skiljan 07.11.2010 1,50MB 4.27
iTunes Apple Inc. 08.02.2010 146,3MB 9.0.3.15
IZArc 4.1.2 Ivan Zahariev 19.07.2010 13,8MB 4.1.2
Java(TM) 6 Update 23 Sun Microsystems, Inc. 23.05.2010 94,5MB 6.0.230
Java(TM) 6 Update 5 Sun Microsystems, Inc. 08.02.2010 140,9MB 1.6.0.50
JDownloader AppWork UG (haftungsbeschränkt) 13.04.2010 0.89
Kaspersky Anti-Virus 2010 Kaspersky Lab 08.02.2010 9.0.0.459
Kensington Display Adapter Kensington Computer Products Group 09.02.2010 1,83MB 5.2.22663.0
KinTrak 7.0 University of Calgary 18.01.2011 32,8MB 7.0.25
LifeBook Application Panel FUJITSU LIMITED 21.02.2010 5,48MB 7.0.0.0
Logitech Vid HD Logitech Inc.. 11.09.2010 7.2 (7230)
Logitech Webcam Software Logitech Inc. 21.04.2010 43,9MB 12.10.1113
Logitech Webcam Software-Treiberpaket Logitech Inc. 20.04.2010 12.10.1110
Malwarebytes' Anti-Malware Malwarebytes Corporation 08.04.2011 10,5MB
MATLAB R2010a The MathWorks, Inc. 18.01.2011 7.10
MDESIGN Roloff-Matek Edition 07.06.2010 2009
Microsoft Office Professional Plus 2010 Microsoft Corporation 19.07.2010 14.0.4763.1000
Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053 Microsoft Corporation 16.02.2010 0,25MB 8.0.50727.4053
Microsoft Visual C++ 2005 Redistributable Microsoft Corporation 12.02.2010 0,42MB 8.0.56336
Microsoft Visual C++ 2008 ATL Update kb973924 - x86 9.0.30729.4148 Microsoft Corporation 10.02.2010 0,20MB 9.0.30729.4148
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 Microsoft Corporation 08.02.2010 0,58MB 9.0.30729
MiKTeX 2.9 MiKTeX.org 07.11.2010 2.9
Mozilla Firefox 4.0 (x86 en-US) Mozilla 24.03.2011 33,7MB 4.0
Mozilla Thunderbird (3.1.9) Mozilla 08.03.2011 3.1.9 (de)
MSXML 4.0 SP2 (KB954430) Microsoft Corporation 01.03.2010 35,00KB 4.20.9870.0
MSXML 4.0 SP2 (KB973688) Microsoft Corporation 01.03.2010 1,33MB 4.20.9876.0
MSXML 4.0 SP2 Parser and SDK Microsoft Corporation 12.06.2010 36,00KB 4.20.9818.0
MyPhoneExplorer F.J. Wechselberger 06.06.2010 1.7.6
Nero 7 Essentials Nero AG 27.02.2010 1.814MB 7.02.8076
OpenVPN 2.0.9-gui-1.0.3 02.03.2010
OZ711 SCR Driver V3.0.0.9A O2Micro 21.02.2010 0,95MB 3.0.0.9A
Paint.NET v3.5.7 dotPDN LLC 20.02.2011 10,4MB 3.57.0
Pinnacle Studio 14 Pinnacle Systems 24.03.2011 2.030MB 14.0.0.7255
Pinnacle Video Treiber Pinnacle Systems 24.03.2011 4,96MB 12.1.0.030
PokerStars.net PokerStars.net 05.03.2010
Power Saving Utility Fujitsu LIMITED 21.02.2010 0,76MB 3.1.1.0
Pro/ENGINEER Release Wildfire 4.0 Datecode F000 PTC 12.03.2010 Wildfire 4.0
PTC License Server Release Wildfire 4.0 Datecode F000 PTC 12.03.2010 Wildfire 4.0
QuickTime Apple Inc. 08.02.2010 77,3MB 7.65.17.80
Rainlendar2 (remove only) 08.02.2010
ScanSoft PDF Create! 4 Nuance, Inc. 14.04.2010 27,4MB 4.01.0109
Sentinel Protection Installer 7.3.0 SafeNet, Inc. 24.03.2011 2,56MB 7.3.0
Shock Sensor Utility FUJITSU LIMITED 21.02.2010 0,75MB 2.2.0.0
Skype Toolbars Skype Technologies S.A. 11.02.2011 5,76MB 5.0.4137
Skype™ 5.1 Skype Technologies S.A. 11.02.2011 22,7MB 5.1.112
Spider32 Setup 21.03.2010
Texmaker 07.11.2010
TVCenter PCTV Systems 12.06.2010 160,5MB 6.3.0.584
Uninstall 1.0.0.1 26.03.2011 10,6MB
VLC media player 1.0.3 VideoLAN Team 08.02.2010 1.0.3
Windows Live Anmelde-Assistent Microsoft Corporation 09.02.2010 1,94MB 5.000.818.5
Windows Live Essentials Microsoft Corporation 09.02.2010 14.0.8089.0726
Windows Live-Uploadtool Microsoft Corporation 09.02.2010 0,22MB 14.0.8014.1029
WinRAR 15.04.2010
Wireless Selector FUJITSU LIMITED 21.02.2010 0,34MB 2.0.0.0
Ansonsten ist das Problem, dass ich den Malware detecter nicht aktualisieren kann (wie empfohlen) weil ich wegen dem Win7 nicht ins Inet komme. Danke fuer eure Hilfe |
|
08.04.2011, 19:09
| #2 |
| /// Malware-holic   | Win 7 Security entfernen (log-files vorhanden) 1. nimm keinerlei reinigung selbstständig vor, sonst ist das nur störend.
__________________2. reiche alle evtl vorhandenen scan logs mit funden nach auch fundorte benennen. 3. Systemscan mit OTL download otl: http://filepony.de/download-otl/ Doppelklick auf die OTL.exe (user von Windows 7 und Vista: Rechtsklick als Administrator ausführen) 1. Oben findest Du ein Kästchen mit Output. Wähle bitte Minimal Output 2. Hake an "scan all users" 3. Unter "Extra Registry wähle: "Use Safelist" "LOP Check" "Purity Check" 4. Kopiere in die Textbox: netsvcs msconfig safebootminimal safebootnetwork activex drivers32 %ALLUSERSPROFILE%\Application Data\*. %ALLUSERSPROFILE%\Application Data\*.exe /s %APPDATA%\*. %APPDATA%\*.exe /s %SYSTEMDRIVE%\*.exe /md5start userinit.exe eventlog.dll scecli.dll netlogon.dll cngaudit.dll ws2ifsl.sys sceclt.dll ntelogon.dll winlogon.exe logevent.dll user32.DLL explorer.exe iaStor.sys nvstor.sys atapi.sys IdeChnDr.sys viasraid.sys AGP440.sys vaxscsi.sys nvatabus.sys viamraid.sys nvata.sys nvgts.sys iastorv.sys ViPrt.sys eNetHook.dll ahcix86.sys KR10N.sys nvstor32.sys ahcix86s.sys /md5stop %systemroot%\system32\drivers\*.sys /lockedfiles %systemroot%\System32\config\*.sav %systemroot%\*. /mp /s %systemroot%\system32\*.dll /lockedfiles CREATERESTOREPOINT 5. Klicke "Scan" 6. 2 reporte werden erstellt: OTL.Txt Extras.Txt beide posten
__________________ |
|
08.04.2011, 21:15
| #3 |
| | Win 7 Security entfernen (log-files vorhanden) OTL
__________________Code:
ATTFilter OTL logfile created on: 08.04.2011 13:15:13 - Run 1 OTL by OldTimer - Version 3.2.22.3 Folder = C:\Users\Hens\Desktop Home Premium Edition (Version = 6.1.7600) - Type = NTWorkstation Internet Explorer (Version = 8.0.7600.16385) Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy 2,00 Gb Total Physical Memory | 1,00 Gb Available Physical Memory | 44,00% Memory free 4,00 Gb Paging File | 3,00 Gb Available in Paging File | 68,00% Paging File free Paging file location(s): ?:\pagefile.sys [binary data] %SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files Drive C: | 149,04 Gb Total Space | 7,27 Gb Free Space | 4,88% Space Free | Partition Type: NTFS Drive E: | 7,88 Gb Total Space | 1,55 Gb Free Space | 19,68% Space Free | Partition Type: FAT32 Computer Name: HENS-PC | User Name: Hens | Logged in as Administrator. Boot Mode: Normal | Scan Mode: All users Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days ========== Processes (SafeList) ========== PRC - C:\Users\Hens\Desktop\OTL.exe (OldTimer Tools) PRC - C:\Users\Hens\AppData\Local\dsh.exe () PRC - C:\Programme\Malwarebytes' Anti-Malware\mbam.exe (Malwarebytes Corporation) PRC - C:\Windows\KMService.exe () PRC - C:\Programme\flexnet\i486_nt\obj\ptc_d.exe () PRC - C:\Programme\flexnet\i486_nt\obj\lmgrd.exe (Macrovision Corporation) PRC - C:\Programme\Kensington Display Adapter\DisplayLinkKensingtonSupport.exe (DisplayLink Corp.) PRC - C:\Programme\DisplayLink Core Software\DisplayLinkUI.exe (DisplayLink Corp.) PRC - C:\Programme\DisplayLink Core Software\DisplayLinkUserAgent.exe (DisplayLink Corp.) PRC - C:\Programme\DisplayLink Core Software\DisplayLinkManager.exe (DisplayLink Corp.) PRC - C:\Windows\explorer.exe (Microsoft Corporation) PRC - C:\Programme\Common Files\LogiShrd\LVMVFM\LVPrcSrv.exe (Logitech Inc.) PRC - C:\Programme\Windows Media Player\wmpnetwk.exe (Microsoft Corporation) PRC - C:\Windows\System32\taskhost.exe (Microsoft Corporation) PRC - C:\Windows\System32\conhost.exe (Microsoft Corporation) PRC - C:\Programme\Fujitsu\WirelessSelector\WSUService.exe () PRC - C:\Programme\Fujitsu\PSUtility\PSUService.exe (FUJITSU LIMITED) PRC - C:\Programme\Common Files\SafeNet Sentinel\Sentinel Protection Server\WinNT\spnsrvnt.exe (SafeNet, Inc) PRC - C:\Windows\System32\srvany.exe () ========== Modules (SafeList) ========== MOD - C:\Users\Hens\Desktop\OTL.exe (OldTimer Tools) MOD - C:\Windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7600.16661_none_420fe3fa2b8113bd\comctl32.dll (Microsoft Corporation) ========== Win32 Services (SafeList) ========== SRV - (Akamai) -- c:\Programme\Common Files\Akamai\netsession_win_a35e6b9.dll () SRV - (SwitchBoard) -- C:\Program Files\Common Files\Adobe\SwitchBoard\SwitchBoard.exe (Adobe Systems Incorporated) SRV - (AVP) -- C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2010\avp.exe (Kaspersky Lab) SRV - (WatAdminSvc) -- C:\Windows\System32\Wat\WatAdminSvc.exe (Microsoft Corporation) SRV - (FLEXlm server for PTC) -- C:\Program Files\flexnet\i486_nt\obj\lmgrd.exe (Macrovision Corporation) SRV - (DisplayLinkService) -- C:\Program Files\DisplayLink Core Software\DisplayLinkManager.exe (DisplayLink Corp.) SRV - (LVPrcSrv) -- C:\Program Files\Common Files\LogiShrd\LVMVFM\LVPrcSrv.exe (Logitech Inc.) SRV - (SensrSvc) -- C:\Windows\System32\sensrsvc.dll (Microsoft Corporation) SRV - (WirelessSelectorService) -- C:\Programme\Fujitsu\WirelessSelector\WSUService.exe () SRV - (PowerSavingUtilityService) -- C:\Programme\Fujitsu\PSUtility\PSUService.exe (FUJITSU LIMITED) SRV - (OpenVPNService) -- C:\Programme\OpenVPN\bin\openvpnserv.exe () SRV - (SentinelProtectionServer) -- C:\Program Files\Common Files\SafeNet Sentinel\Sentinel Protection Server\WinNT\spnsrvnt.exe (SafeNet, Inc) SRV - (KMService) -- C:\Windows\System32\srvany.exe () ========== Driver Services (SafeList) ========== DRV - (MBAMSwissArmy) -- C:\Windows\System32\drivers\mbamswissarmy.sys (Malwarebytes Corporation) DRV - (FJGSDisk) -- C:\Windows\system32\DRIVERS\FJGSDisk.sys (FUJITSU LIMITED) DRV - (sptd) -- C:\Windows\System32\Drivers\sptd.sys () DRV - (DisplayLinkUsbPort) -- C:\Windows\System32\drivers\DisplayLinkUsbPort_5.2.22617.0.sys (hxxp://libusb-win32.sourceforge.net) DRV - (KLIF) -- C:\Windows\System32\drivers\klif.sys (Kaspersky Lab) DRV - (kl1) -- C:\Windows\System32\drivers\kl1.sys (Kaspersky Lab) DRV - (dlkmd) -- C:\Windows\system32\drivers\dlkmd.sys (DisplayLink Corp.) DRV - (dlkmdldr) -- C:\Windows\system32\drivers\dlkmdldr.sys (DisplayLink Corp.) DRV - (mod7700) -- C:\Windows\System32\drivers\dvb7700all.sys (DiBcom) DRV - (LVUVC) Logitech QuickCam Pro 9000(UVC) -- C:\Windows\System32\drivers\lvuvc.sys (Logitech Inc.) DRV - (LVRS) -- C:\Windows\System32\drivers\lvrs.sys (Logitech Inc.) DRV - (LVPr2Mon) -- C:\Windows\System32\drivers\LVPr2Mon.sys () DRV - (azvusb) -- C:\Windows\System32\drivers\azvusb.sys (AzureWave Technologies, Inc.) DRV - (WinUsb) -- C:\Windows\System32\drivers\winusb.sys (Microsoft Corporation) DRV - (netw5v32) Intel(R) -- C:\Windows\System32\drivers\netw5v32.sys (Intel Corporation) DRV - (e1express) Intel(R) -- C:\Windows\System32\drivers\e1e6032.sys (Intel Corporation) DRV - (klmouflt) -- C:\Windows\System32\drivers\klmouflt.sys (Kaspersky Lab) DRV - (KLIM6) -- C:\Windows\System32\drivers\klim6.sys (Kaspersky Lab) DRV - (klbg) -- C:\Windows\system32\drivers\klbg.sys (Kaspersky Lab) DRV - (s0017mdm) -- C:\Windows\System32\drivers\s0017mdm.sys (MCCI Corporation) DRV - (s0017unic) Sony Ericsson Device 0017 USB Ethernet Emulation SEMC0017 (WDM) -- C:\Windows\System32\drivers\s0017unic.sys (MCCI Corporation) DRV - (s0017mgmt) Sony Ericsson Device 0017 USB WMC Device Management Drivers (WDM) -- C:\Windows\System32\drivers\s0017mgmt.sys (MCCI Corporation) DRV - (s0017obex) -- C:\Windows\System32\drivers\s0017obex.sys (MCCI Corporation) DRV - (s0017bus) Sony Ericsson Device 0017 driver (WDM) -- C:\Windows\System32\drivers\s0017bus.sys (MCCI Corporation) DRV - (s0017nd5) Sony Ericsson Device 0017 USB Ethernet Emulation SEMC0017 (NDIS) -- C:\Windows\System32\drivers\s0017nd5.sys (MCCI Corporation) DRV - (s0017mdfl) -- C:\Windows\System32\drivers\s0017mdfl.sys (MCCI Corporation) DRV - (seehcri) -- C:\Windows\System32\drivers\seehcri.sys (Sony Ericsson Mobile Communications) DRV - (SMSCIRDA) -- C:\Windows\System32\drivers\smscirda.sys (SMSC) DRV - (SWUMX32) Sierra Wireless USB MUX Driver (UMTS32) -- C:\Windows\System32\drivers\swumx32.sys (Sierra Wireless Inc.) DRV - (SWNC8U32) Sierra Wireless MUX NDIS Driver (UMTS32) -- C:\Windows\System32\drivers\swnc8u32.sys (Sierra Wireless Inc.) DRV - (O2SCBUS) -- C:\Windows\System32\drivers\ozscr.sys (O2Micro) DRV - (FUJ02E3) -- C:\Windows\System32\drivers\fuj02e3.sys (FUJITSU LIMITED) DRV - (FUJ02B1) -- C:\Windows\System32\drivers\fuj02b1.sys (FUJITSU LIMITED) DRV - (O2SDRDR) -- C:\Windows\system32\DRIVERS\o2sd.sys (O2Micro ) DRV - (O2MDRDR) -- C:\Windows\system32\DRIVERS\o2media.sys (O2Micro ) DRV - (tap0801) -- C:\Windows\System32\drivers\tap0801.sys (The OpenVPN Project) DRV - (Sentinel) -- C:\Windows\System32\Drivers\SENTINEL.SYS (SafeNet, Inc.) DRV - (SNTNLUSB) -- C:\Windows\System32\drivers\SNTNLUSB.SYS (SafeNet, Inc.) DRV - (MarvinBus) -- C:\Windows\System32\drivers\MarvinBus.sys (Pinnacle Systems GmbH) DRV - (DirectNT) -- C:\Windows\System32\drivers\DirectNT.sys (c't) ========== Standard Registry (SafeList) ========== ========== Internet Explorer ========== IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 IE - HKU\S-1-5-21-631388349-1085569318-2024419824-1001\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = hxxp://de.msn.com/?ocid=iehp IE - HKU\S-1-5-21-631388349-1085569318-2024419824-1001\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = de IE - HKU\S-1-5-21-631388349-1085569318-2024419824-1001\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = EA 74 17 F2 04 EC CB 01 [binary data] IE - HKU\S-1-5-21-631388349-1085569318-2024419824-1001\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 IE - HKU\S-1-5-21-631388349-1085569318-2024419824-1001\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local ========== FireFox ========== FF - prefs.js..browser.startup.homepage: "www.zeit.de" FF - prefs.js..extensions.enabledItems: linkfilter@kaspersky.ru:9.0.0.459 FF - prefs.js..extensions.enabledItems: {AB2CE124-6272-4b12-94A9-7303C7397BD1}:5.0.0.6906 FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}:6.0.20 FF - prefs.js..extensions.enabledItems: {ACAA314B-EEBA-48e4-AD47-84E31C44796C}:1.0.1 FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA}:6.0.21 FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}:6.0.22 FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA}:6.0.23 FF - HKLM\software\mozilla\Mozilla Firefox 4.0\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2011.03.24 22:55:24 | 000,000,000 | ---D | M] FF - HKLM\software\mozilla\Mozilla Firefox 4.0\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2011.03.31 09:18:44 | 000,000,000 | ---D | M] FF - HKLM\software\mozilla\Mozilla Thunderbird 3.1.9\extensions\\Components: C:\Program Files\Mozilla Thunderbird\components [2011.03.08 09:52:30 | 000,000,000 | ---D | M] FF - HKLM\software\mozilla\Mozilla Thunderbird 3.1.9\extensions\\Plugins: C:\Program Files\Mozilla Thunderbird\plugins [2011.01.03 16:28:36 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Hens\AppData\Roaming\mozilla\Extensions [2011.01.03 16:28:36 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Hens\AppData\Roaming\mozilla\Extensions\{3550f703-e582-4d05-9a08-453d09bdfdc6} [2011.03.23 22:35:40 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Hens\AppData\Roaming\mozilla\Firefox\Profiles\rowa3jhx.default\extensions [2010.07.29 14:17:09 | 000,000,000 | ---D | M] ("DVDVideoSoft Menu") -- C:\Users\Hens\AppData\Roaming\mozilla\Firefox\Profiles\rowa3jhx.default\extensions\{ACAA314B-EEBA-48e4-AD47-84E31C44796C} [2010.09.11 08:35:09 | 000,000,000 | ---D | M] (vShare Plugin) -- C:\Users\Hens\AppData\Roaming\mozilla\Firefox\Profiles\rowa3jhx.default\extensions\vshare@toolbar [2011.03.24 22:55:24 | 000,000,000 | ---D | M] (No name found) -- C:\Programme\Mozilla Firefox\extensions [2010.12.31 11:23:04 | 000,000,000 | ---D | M] (Skype extension) -- C:\Programme\Mozilla Firefox\extensions\{AB2CE124-6272-4b12-94A9-7303C7397BD1} [2010.05.23 04:42:06 | 000,000,000 | ---D | M] (Java Console) -- C:\Programme\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA} [2010.08.31 13:14:46 | 000,000,000 | ---D | M] (Java Console) -- C:\Programme\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA} [2010.11.11 05:03:38 | 000,000,000 | ---D | M] (Java Console) -- C:\Programme\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA} [2011.02.12 13:00:41 | 000,000,000 | ---D | M] (Java Console) -- C:\Programme\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA} [2010.02.09 12:56:45 | 000,000,000 | ---D | M] (Kaspersky URL Advisor) -- C:\Programme\Mozilla Firefox\extensions\linkfilter@kaspersky.ru File not found (No name found) -- [2010.12.31 11:23:04 | 000,000,000 | ---D | M] (Skype extension) -- C:\PROGRAM FILES\MOZILLA FIREFOX\EXTENSIONS\{AB2CE124-6272-4B12-94A9-7303C7397BD1} [2010.02.08 10:20:33 | 000,000,000 | ---D | M] (Java Console) -- C:\PROGRAM FILES\MOZILLA FIREFOX\EXTENSIONS\{CAFEEFAC-0016-0000-0005-ABCDEFFEDCBA} [2010.05.23 04:42:06 | 000,000,000 | ---D | M] (Java Console) -- C:\PROGRAM FILES\MOZILLA FIREFOX\EXTENSIONS\{CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA} [2010.08.31 13:14:46 | 000,000,000 | ---D | M] (Java Console) -- C:\PROGRAM FILES\MOZILLA FIREFOX\EXTENSIONS\{CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA} [2010.11.11 05:03:38 | 000,000,000 | ---D | M] (Java Console) -- C:\PROGRAM FILES\MOZILLA FIREFOX\EXTENSIONS\{CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA} [2011.02.12 13:00:41 | 000,000,000 | ---D | M] (Java Console) -- C:\PROGRAM FILES\MOZILLA FIREFOX\EXTENSIONS\{CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA} [2011.03.18 11:53:24 | 000,142,296 | ---- | M] (Mozilla Foundation) -- C:\Programme\Mozilla Firefox\components\browsercomps.dll [2010.11.12 19:53:06 | 000,472,808 | ---- | M] (Sun Microsystems, Inc.) -- C:\Programme\Mozilla Firefox\plugins\npdeployJava1.dll [2010.01.01 02:00:00 | 000,002,252 | ---- | M] () -- C:\Programme\Mozilla Firefox\searchplugins\bing.xml O1 HOSTS File: ([2010.05.10 08:27:59 | 000,001,345 | ---- | M]) - C:\Windows\System32\drivers\etc\hosts O1 - Hosts: 127.0.0.1 activate.adobe.com O1 - Hosts: 127.0.0.1 adobe.activate.com O1 - Hosts: 127.0.0.1 practivate.adobe.com O1 - Hosts: 127.0.0.1 ereg.adobe.com O1 - Hosts: 127.0.0.1 adobeereg.com O1 - Hosts: 127.0.0.1 activate.wip3.adobe.com O1 - Hosts: 127.0.0.1 wip3.adobe.com O1 - Hosts: 127.0.0.1 3dns-3.adobe.com O1 - Hosts: 127.0.0.1 3dns-2.adobe.com O1 - Hosts: 127.0.0.1 adobe-dns.adobe.com O1 - Hosts: 127.0.0.1 adobe-dns-2.adobe.com O1 - Hosts: 127.0.0.1 adobe-dns-3.adobe.com O1 - Hosts: 127.0.0.1 ereg.wip3.adobe.com O1 - Hosts: 127.0.0.1 activate-sea.adobe.com O1 - Hosts: 127.0.0.1 wwis-dubc1-vip60.adobe.com O1 - Hosts: 127.0.0.1 activate-sjc0.adobe.com O1 - Hosts: 127.0.0.1 wwis-dubc1-vip60.adobe.com O2 - BHO: (IEVkbdBHO Class) - {59273AB4-E7D3-40F9-A1A8-6FA9CCA1862C} - C:\Programme\Kaspersky Lab\Kaspersky Anti-Virus 2010\ievkbd.dll (Kaspersky Lab) O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - No CLSID value found. O2 - BHO: (Windows Live Anmelde-Hilfsprogramm) - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Programme\Common Files\microsoft shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corporation) O2 - BHO: (Office Document Cache Handler) - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Programme\Microsoft Office\Office14\URLREDIR.DLL (Microsoft Corporation) O2 - BHO: (Foxit Toolbar) - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Programme\Ask.com\GenericAskToolbar.dll (Ask) O2 - BHO: (FilterBHO Class) - {E33CF602-D945-461A-83F0-819F76A199F8} - C:\Programme\Kaspersky Lab\Kaspersky Anti-Virus 2010\klwtbbho.dll (Kaspersky Lab) O3 - HKLM\..\Toolbar: (Foxit Toolbar) - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Programme\Ask.com\GenericAskToolbar.dll (Ask) O3 - HKU\S-1-5-21-631388349-1085569318-2024419824-1001\..\Toolbar\WebBrowser: (Foxit Toolbar) - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Programme\Ask.com\GenericAskToolbar.dll (Ask) O4 - HKLM..\Run: [AdobeAAMUpdater-1.0] C:\Program Files\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe (Adobe Systems Incorporated) O4 - HKLM..\Run: [AdobeCS5ServiceManager] C:\Program Files\Common Files\Adobe\CS5ServiceManager\CS5ServiceManager.exe (Adobe Systems Incorporated) O4 - HKLM..\Run: [AVP] C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2010\avp.exe (Kaspersky Lab) O4 - HKLM..\Run: [BCSSync] C:\Program Files\Microsoft Office\Office14\BCSSync.exe (Microsoft Corporation) O4 - HKLM..\Run: [IndicatorUtility] C:\Programme\Fujitsu\Fujitsu Hotkey Utility\IndicatorUty.exe (FUJITSU LIMITED) O4 - HKLM..\Run: [LoadBtnHnd] C:\Programme\Fujitsu\BtnHnd\BtnHnd.exe (FUJITSU LIMITED) O4 - HKLM..\Run: [LoadFUJ02E3] C:\Programme\Fujitsu\FUJ02E3\FUJ02E3.exe (FUJITSU LIMITED) O4 - HKLM..\Run: [LoadFujitsuQuickTouch] C:\Programme\Fujitsu\Application Panel\QuickTouch.exe (FUJITSU LIMITED) O4 - HKLM..\Run: [LogitechQuickCamRibbon] C:\Program Files\Logitech\Logitech WebCam Software\LWS.exe () O4 - HKLM..\Run: [NeroFilterCheck] C:\Programme\Common Files\Ahead\Lib\NeroCheck.exe (Nero AG) O4 - HKLM..\Run: [openvpn-gui] C:\Programme\OpenVPN\bin\openvpn-gui.exe () O4 - HKLM..\Run: [PSUtility] C:\Programme\Fujitsu\PSUtility\TrayManager.exe (FUJITSU LIMITED) O4 - HKLM..\Run: [ScanSoft PDF Create! 4-reminder] C:\Program Files\ScanSoft\PDF Create! 4\Ereg\Ereg.exe (Nuance Communications, Inc.) O4 - HKLM..\Run: [SSUtility] C:\Programme\Fujitsu\SSUtility\FJSSDMN.exe (FUJITSU LIMITED) O4 - HKLM..\Run: [SwitchBoard] C:\Programme\Common Files\Adobe\SwitchBoard\SwitchBoard.exe (Adobe Systems Incorporated) O4 - HKLM..\Run: [TvOutSwitch] C:\Programme\Fujitsu\DispSwitch\DispSwitchLauncher.exe (FUJITSU LIMITED) O4 - HKLM..\Run: [USBToolTip] C:\Programme\Pinnacle\Shared Files\Programs\USBTip\USBTip.exe (Pinnacle Systems GmbH) O4 - HKU\S-1-5-21-631388349-1085569318-2024419824-1001..\Run: [DAEMON Tools Lite] C:\Program Files\DAEMON Tools Lite\DTLite.exe (DT Soft Ltd) O4 - HKU\S-1-5-21-631388349-1085569318-2024419824-1001..\Run: [Rainlendar2] C:\Programme\Rainlendar2\Rainlendar2.exe () O4 - HKU\S-1-5-19..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (Microsoft Corporation) O4 - HKU\S-1-5-20..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (Microsoft Corporation) O4 - Startup: C:\Users\Hens\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk = C:\Users\Hens\AppData\Roaming\Dropbox\bin\Dropbox.exe () O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3 O7 - HKU\S-1-5-21-631388349-1085569318-2024419824-1001\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HideSCAHealth = 1 O8 - Extra context menu item: An OneNote s&enden - C:\Programme\Microsoft Office\Office14\ONBttnIE.dll (Microsoft Corporation) O8 - Extra context menu item: Free YouTube Download - C:\Users\Hens\AppData\Roaming\DVDVideoSoftIEHelpers\freeyoutubedownload.htm () O8 - Extra context menu item: Free YouTube to Mp3 Converter - C:\Users\Hens\AppData\Roaming\DVDVideoSoftIEHelpers\freeyoutubetomp3converter.htm () O8 - Extra context menu item: Nach Microsoft E&xcel exportieren - C:\Programme\Microsoft Office\Office14\EXCEL.EXE (Microsoft Corporation) O9 - Extra Button: An OneNote senden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Programme\Microsoft Office\Office14\ONBttnIE.dll (Microsoft Corporation) O9 - Extra 'Tools' menuitem : An OneNote s&enden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Programme\Microsoft Office\Office14\ONBttnIE.dll (Microsoft Corporation) O9 - Extra Button: &Virtuelle Tastatur - {4248FE82-7FCB-46AC-B270-339F08212110} - C:\Programme\Kaspersky Lab\Kaspersky Anti-Virus 2010\klwtbbho.dll (Kaspersky Lab) O9 - Extra Button: Verknüpfte &OneNote-Notizen - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Programme\Microsoft Office\Office14\ONBttnIELinkedNotes.dll (Microsoft Corporation) O9 - Extra 'Tools' menuitem : Verknüpfte &OneNote-Notizen - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Programme\Microsoft Office\Office14\ONBttnIELinkedNotes.dll (Microsoft Corporation) O9 - Extra Button: Li&nks untersuchen - {CCF151D8-D089-449F-A5A4-D9909053F20F} - C:\Programme\Kaspersky Lab\Kaspersky Anti-Virus 2010\klwtbbho.dll (Kaspersky Lab) O9 - Extra Button: PokerStars.net - {FA9B9510-9FCB-4ca0-818C-5D0987B47C4D} - C:\Programme\PokerStars.NET\PokerStarsUpdate.exe (PokerStars) O10 - NameSpace_Catalog5\Catalog_Entries\000000000008 [] - C:\Programme\Bonjour\mdnsNSP.dll (Apple Inc.) O13 - gopher Prefix: missing O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_23-windows-i586.cab (Java Plug-in 1.6.0_23) O16 - DPF: {CAFEEFAC-0016-0000-0005-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_05-windows-i586.cab (Java Plug-in 1.6.0_05) O16 - DPF: {CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_23-windows-i586.cab (Java Plug-in 1.6.0_23) O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_23-windows-i586.cab (Java Plug-in 1.6.0_23) O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 136.159.89.2 136.159.130.8 O18 - Protocol\Handler\http\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation) O18 - Protocol\Handler\http\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation) O18 - Protocol\Handler\https\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation) O18 - Protocol\Handler\https\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation) O18 - Protocol\Handler\livecall {828030A1-22C1-4009-854F-8E305202313F} - C:\Programme\Windows Live\Messenger\msgrapp.14.0.8089.0726.dll (Microsoft Corporation) O18 - Protocol\Handler\msdaipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation) O18 - Protocol\Handler\msdaipp\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation) O18 - Protocol\Handler\ms-help {314111c7-a502-11d2-bbca-00c04f8ec294} - C:\Programme\Common Files\microsoft shared\Help\hxds.dll (Microsoft Corporation) O18 - Protocol\Handler\msnim {828030A1-22C1-4009-854F-8E305202313F} - C:\Programme\Windows Live\Messenger\msgrapp.14.0.8089.0726.dll (Microsoft Corporation) O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Programme\Common Files\Skype\Skype4COM.dll (Skype Technologies) O18 - Protocol\Filter\text/xml {807573E5-5146-11D5-A672-00B0D022E945} - C:\Programme\Common Files\microsoft shared\OFFICE14\MSOXMLMF.DLL (Microsoft Corporation) O20 - AppInit_DLLs: (C:\PROGRA~1\KASPER~1\KASPER~1\mzvkbd3.dll) - C:\Programme\Kaspersky Lab\Kaspersky Anti-Virus 2010\mzvkbd3.dll (Kaspersky Lab) O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation) O20 - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\Windows\System32\SystemPropertiesPerformance.exe (Microsoft Corporation) O20 - HKLM Winlogon: VMApplet - (/pagefile) - File not found O20 - Winlogon\Notify\klogon: DllName - C:\Windows\system32\klogon.dll - C:\Windows\System32\klogon.dll (Kaspersky Lab) O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - CLSID or File not found. O32 - HKLM CDRom: AutoRun - 1 O32 - AutoRun File - [2009.06.10 15:42:20 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ] O33 - MountPoints2\{36eb6e8f-3659-11df-949c-00037aaaaab2}\Shell - "" = AutoRun O33 - MountPoints2\{36eb6e8f-3659-11df-949c-00037aaaaab2}\Shell\AutoRun\command - "" = E:\LaunchU3.exe -a O33 - MountPoints2\{9d6f704a-17ce-11df-a047-00037aaaaab2}\Shell - "" = AutoRun O33 - MountPoints2\{9d6f704a-17ce-11df-a047-00037aaaaab2}\Shell\AutoRun\command - "" = F:\Welcome\Welcome.exe O34 - HKLM BootExecute: (autocheck autochk *) - File not found O35 - HKLM\..comfile [open] -- "%1" %* O35 - HKLM\..exefile [open] -- "%1" %* O35 - HKU\S-1-5-21-631388349-1085569318-2024419824-1001..exefile [open] -- "C:\Users\Hens\AppData\Local\dsh.exe" -a "%1" %* () O37 - HKLM\...com [@ = comfile] -- "%1" %* O37 - HKLM\...exe [@ = exefile] -- "%1" %* O37 - HKU\S-1-5-21-631388349-1085569318-2024419824-1001\...exe [@ = exefile] -- "C:\Users\Hens\AppData\Local\dsh.exe" -a "%1" %* () NetSvcs: FastUserSwitchingCompatibility - File not found NetSvcs: Ias - File not found NetSvcs: Nla - File not found NetSvcs: Ntmssvc - File not found NetSvcs: NWCWorkstation - File not found NetSvcs: Nwsapagent - File not found NetSvcs: SRService - File not found NetSvcs: WmdmPmSp - File not found NetSvcs: LogonHours - File not found NetSvcs: PCAudit - File not found NetSvcs: helpsvc - File not found NetSvcs: uploadmgr - File not found SafeBootMin: AppMgmt - Service SafeBootMin: Base - Driver Group SafeBootMin: Boot Bus Extender - Driver Group SafeBootMin: Boot file system - Driver Group SafeBootMin: File system - Driver Group SafeBootMin: Filter - Driver Group SafeBootMin: HelpSvc - Service SafeBootMin: NTDS - File not found SafeBootMin: PCI Configuration - Driver Group SafeBootMin: PNP Filter - Driver Group SafeBootMin: Primary disk - Driver Group SafeBootMin: sacsvr - Service SafeBootMin: SCSI Class - Driver Group SafeBootMin: System Bus Extender - Driver Group SafeBootMin: vmms - Service SafeBootMin: WinDefend - Service SafeBootMin: {36FC9E60-C465-11CF-8056-444553540000} - Universal Serial Bus controllers SafeBootMin: {4D36E965-E325-11CE-BFC1-08002BE10318} - CD-ROM Drive SafeBootMin: {4D36E967-E325-11CE-BFC1-08002BE10318} - DiskDrive SafeBootMin: {4D36E969-E325-11CE-BFC1-08002BE10318} - Standard floppy disk controller SafeBootMin: {4D36E96A-E325-11CE-BFC1-08002BE10318} - Hdc SafeBootMin: {4D36E96B-E325-11CE-BFC1-08002BE10318} - Keyboard SafeBootMin: {4D36E96F-E325-11CE-BFC1-08002BE10318} - Mouse SafeBootMin: {4D36E977-E325-11CE-BFC1-08002BE10318} - PCMCIA Adapters SafeBootMin: {4D36E97B-E325-11CE-BFC1-08002BE10318} - SCSIAdapter SafeBootMin: {4D36E97D-E325-11CE-BFC1-08002BE10318} - System SafeBootMin: {4D36E980-E325-11CE-BFC1-08002BE10318} - Floppy disk drive SafeBootMin: {533C5B84-EC70-11D2-9505-00C04F79DEAF} - Volume shadow copy SafeBootMin: {6BDD1FC1-810F-11D0-BEC7-08002BE2092F} - IEEE 1394 Bus host controllers SafeBootMin: {71A27CDD-812A-11D0-BEC7-08002BE2092F} - Volume SafeBootMin: {745A17A0-74D3-11D0-B6FE-00A0C90F57DA} - Human Interface Devices SafeBootMin: {D48179BE-EC20-11D1-B6B8-00C04FA372A7} - SBP2 IEEE 1394 Devices SafeBootMin: {D94EE5D8-D189-4994-83D2-F68D7D41B0E6} - SecurityDevices SafeBootNet: AppMgmt - Service SafeBootNet: Base - Driver Group SafeBootNet: Boot Bus Extender - Driver Group SafeBootNet: Boot file system - Driver Group SafeBootNet: File system - Driver Group SafeBootNet: Filter - Driver Group SafeBootNet: HelpSvc - Service SafeBootNet: Messenger - Service SafeBootNet: NDIS Wrapper - Driver Group SafeBootNet: NetBIOSGroup - Driver Group SafeBootNet: NetDDEGroup - Driver Group SafeBootNet: Network - Driver Group SafeBootNet: NetworkProvider - Driver Group SafeBootNet: NTDS - File not found SafeBootNet: PCI Configuration - Driver Group SafeBootNet: PNP Filter - Driver Group SafeBootNet: PNP_TDI - Driver Group SafeBootNet: Primary disk - Driver Group SafeBootNet: rdsessmgr - Service SafeBootNet: sacsvr - Service SafeBootNet: SCSI Class - Driver Group SafeBootNet: Streams Drivers - Driver Group SafeBootNet: System Bus Extender - Driver Group SafeBootNet: TDI - Driver Group SafeBootNet: vmms - Service SafeBootNet: WinDefend - Service SafeBootNet: WudfUsbccidDriver - Driver SafeBootNet: {36FC9E60-C465-11CF-8056-444553540000} - Universal Serial Bus controllers SafeBootNet: {4D36E965-E325-11CE-BFC1-08002BE10318} - CD-ROM Drive SafeBootNet: {4D36E967-E325-11CE-BFC1-08002BE10318} - DiskDrive SafeBootNet: {4D36E969-E325-11CE-BFC1-08002BE10318} - Standard floppy disk controller SafeBootNet: {4D36E96A-E325-11CE-BFC1-08002BE10318} - Hdc SafeBootNet: {4D36E96B-E325-11CE-BFC1-08002BE10318} - Keyboard SafeBootNet: {4D36E96F-E325-11CE-BFC1-08002BE10318} - Mouse SafeBootNet: {4D36E972-E325-11CE-BFC1-08002BE10318} - Net SafeBootNet: {4D36E973-E325-11CE-BFC1-08002BE10318} - NetClient SafeBootNet: {4D36E974-E325-11CE-BFC1-08002BE10318} - NetService SafeBootNet: {4D36E975-E325-11CE-BFC1-08002BE10318} - NetTrans SafeBootNet: {4D36E977-E325-11CE-BFC1-08002BE10318} - PCMCIA Adapters SafeBootNet: {4D36E97B-E325-11CE-BFC1-08002BE10318} - SCSIAdapter SafeBootNet: {4D36E97D-E325-11CE-BFC1-08002BE10318} - System SafeBootNet: {4D36E980-E325-11CE-BFC1-08002BE10318} - Floppy disk drive SafeBootNet: {50DD5230-BA8A-11D1-BF5D-0000F805F530} - Smart card readers SafeBootNet: {533C5B84-EC70-11D2-9505-00C04F79DEAF} - Volume shadow copy SafeBootNet: {6BDD1FC1-810F-11D0-BEC7-08002BE2092F} - IEEE 1394 Bus host controllers SafeBootNet: {71A27CDD-812A-11D0-BEC7-08002BE2092F} - Volume SafeBootNet: {745A17A0-74D3-11D0-B6FE-00A0C90F57DA} - Human Interface Devices SafeBootNet: {D48179BE-EC20-11D1-B6B8-00C04FA372A7} - SBP2 IEEE 1394 Devices SafeBootNet: {D94EE5D8-D189-4994-83D2-F68D7D41B0E6} - SecurityDevices ActiveX: {08B0E5C0-4FCB-11CF-AAA5-00401C608500} - Microsoft VM ActiveX: {22d6f312-b0f6-11d0-94ab-0080c74c7e95} - Microsoft Windows Media Player 12.0 ActiveX: {25FFAAD0-F4A3-4164-95FF-4461E9F35D51} - .NET Framework ActiveX: {2C7339CF-2B09-4501-B3F3-F3508C9228ED} - %SystemRoot%\system32\regsvr32.exe /s /n /i:/UserInstall %SystemRoot%\system32\themeui.dll ActiveX: {3af36230-a269-11d1-b5bf-0000f8051515} - Offline Browsing Pack ActiveX: {44BBA840-CC51-11CF-AAFA-00AA00B6015C} - "%ProgramFiles%\Windows Mail\WinMail.exe" OCInstallUserConfigOE ActiveX: {44BBA855-CC51-11CF-AAFA-00AA00B6015F} - DirectDrawEx ActiveX: {45ea75a0-a269-11d1-b5bf-0000f8051515} - Internet Explorer Help ActiveX: {4f645220-306d-11d2-995d-00c04f98bbc9} - Microsoft Windows Script 5.6 ActiveX: {5fd399c0-a70a-11d1-9948-00c04f98bbc9} - Internet Explorer Setup Tools ActiveX: {630b1da0-b465-11d1-9948-00c04f98bbc9} - Browsing Enhancements ActiveX: {6BF52A52-394A-11d3-B153-00C04F79FAA6} - Microsoft Windows Media Player ActiveX: {6fab99d0-bab8-11d1-994a-00c04f98bbc9} - MSN Site Access ActiveX: {73FA19D0-2D75-11D2-995D-00C04F98BBC9} - Webordner ActiveX: {7790769C-0471-11d2-AF11-00C04FA35D02} - Address Book 7 ActiveX: {7C028AF8-F614-47B3-82DA-BA94E41B1089} - .NET Framework ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4340} - regsvr32.exe /s /n /i:U shell32.dll ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4383} - C:\Windows\System32\ie4uinit.exe -BaseSettings ActiveX: {89B4C1CD-B018-4511-B0A1-5476DBF70820} - C:\Windows\system32\Rundll32.exe C:\Windows\system32\mscories.dll,Install ActiveX: {9381D8F2-0288-11D0-9501-00AA00B911A5} - Dynamic HTML Data Binding ActiveX: {C9E9A340-D1F1-11D0-821E-444553540600} - Internet Explorer Core Fonts ActiveX: {de5aed00-a4bf-11d1-9948-00c04f98bbc9} - HTML Help ActiveX: {E92B03AB-B707-11d2-9CBD-0000F87A369E} - Active Directory Service Interface ActiveX: >{22d6f312-b0f6-11d0-94ab-0080c74c7e95} - %SystemRoot%\system32\unregmp2.exe /ShowWMP ActiveX: >{26923b43-4d38-484f-9b9e-de460746276c} - C:\Windows\System32\ie4uinit.exe -UserIconConfig ActiveX: >{60B49E34-C7CC-11D0-8953-00A0C90347FF} - "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\iedkcs32.dll",BrandIEActiveSetup SIGNUP Drivers32: msacm.l3acm - C:\Windows\System32\l3codeca.acm (Fraunhofer Institut Integrierte Schaltungen IIS) Drivers32: MSVideo - C:\Windows\System32\vfwwdm32.dll (Microsoft Corporation) Drivers32: MSVideo8 - C:\Windows\System32\vfwwdm32.dll (Microsoft Corporation) Drivers32: vidc.cvid - C:\Windows\System32\iccvid.dll (Radius Inc.) Drivers32: vidc.DIVX - C:\Windows\System32\DivX.dll (DivX, Inc.) Drivers32: vidc.i420 - C:\Windows\System32\lvcodec2.dll (Logitech Inc.) Drivers32: vidc.mjpg - pvmjpg30.dll File not found Drivers32: vidc.tscc - C:\Windows\System32\tsccvid.dll (TechSmith Corporation) Drivers32: vidc.yv12 - C:\Windows\System32\DivX.dll (DivX, Inc.) ========== Files/Folders - Created Within 30 Days ========== [2011.04.08 12:46:03 | 000,580,608 | ---- | C] (OldTimer Tools) -- C:\Users\Hens\Desktop\OTL.exe [2011.04.08 10:57:15 | 000,401,720 | ---- | C] (Trend Micro Inc.) -- C:\Users\Hens\Desktop\HiJackThis.exe [2011.04.08 10:47:27 | 000,000,000 | ---D | C] -- C:\Users\Hens\Desktop\hjtscanlist [2011.04.08 10:42:20 | 000,000,000 | ---D | C] -- C:\Users\Hens\AppData\Roaming\Malwarebytes [2011.04.08 10:37:46 | 000,038,224 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbamswissarmy.sys [2011.04.08 10:37:45 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes [2011.04.08 10:37:37 | 000,020,952 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbam.sys [2011.04.08 10:37:37 | 000,000,000 | ---D | C] -- C:\Programme\Malwarebytes' Anti-Malware [2011.04.08 10:37:14 | 000,000,000 | ---D | C] -- C:\Programme\CCleaner [2011.04.08 10:32:36 | 000,000,000 | ---D | C] -- C:\Programme\Trend Micro [2011.04.08 10:32:36 | 000,000,000 | ---D | C] -- C:\Users\Hens\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\HiJackThis [2011.04.07 23:24:42 | 000,000,000 | ---D | C] -- C:\Users\Hens\AppData\Local\Panther [2011.04.07 23:24:36 | 000,114,688 | -HS- | C] (Microsoft Corporation) -- C:\Users\Hens\AppData\Local\keg.exe [2011.03.27 10:46:49 | 000,000,000 | ---D | C] -- C:\Users\Hens\Desktop\Maria's & Karelia's Party [2011.03.24 14:16:09 | 000,000,000 | ---D | C] -- C:\Users\Hens\Documents\Pinnacle Studio [2011.03.24 14:15:41 | 000,000,000 | ---D | C] -- C:\Users\Hens\AppData\Local\Pinnacle [2011.03.24 14:12:14 | 000,000,000 | ---D | C] -- C:\Programme\Common Files\Pinnacle [2011.03.24 14:10:40 | 000,000,000 | ---D | C] -- C:\ProgramData\Pinnacle Studio Ultimate Collection [2011.03.24 14:06:51 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Pinnacle Studio 14 [2011.03.24 14:06:05 | 000,000,000 | ---D | C] -- C:\Users\Public\Documents\My Projects [2011.03.24 14:00:04 | 000,000,000 | ---D | C] -- C:\Programme\Common Files\Pegasus Imaging [2011.03.24 14:00:03 | 000,000,000 | ---D | C] -- C:\Programme\Common Files\Yahoo! [2011.03.24 14:00:03 | 000,000,000 | ---D | C] -- C:\ProgramData\Studio 14 [2011.03.24 14:00:03 | 000,000,000 | ---D | C] -- C:\ProgramData\Pinnacle Studio Plus [2011.03.24 14:00:03 | 000,000,000 | ---D | C] -- C:\Users\Public\Documents\Pinnacle [2011.03.24 12:50:59 | 000,000,000 | ---D | C] -- C:\Programme\SafeNet Sentinel [2011.03.24 12:50:59 | 000,000,000 | ---D | C] -- C:\Programme\Common Files\SafeNet Sentinel [2011.03.24 12:50:33 | 000,000,000 | ---D | C] -- C:\Windows\Downloaded Installations [2011.03.24 12:37:46 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Motion Analysis [2011.03.24 12:37:32 | 000,000,000 | ---D | C] -- C:\Programme\Motion Analysis [2011.03.24 11:48:14 | 000,000,000 | ---D | C] -- C:\Users\Hens\AppData\Roaming\DVDVideoSoft [2011.03.19 19:36:43 | 000,000,000 | ---D | C] -- C:\Users\Hens\Desktop\Banff [2010.06.06 04:21:30 | 000,148,736 | ---- | C] (Avanquest Software) -- C:\ProgramData\hpeA9D5.dll [3 C:\*.tmp files -> C:\*.tmp -> ] ========== Files - Modified Within 30 Days ========== [2011.04.08 13:11:33 | 000,008,692 | -HS- | M] () -- C:\Users\Hens\AppData\Local\js6cy226kpp3fu006bryc5cx757a25077l2 [2011.04.08 13:11:33 | 000,008,692 | -HS- | M] () -- C:\ProgramData\js6cy226kpp3fu006bryc5cx757a25077l2 [2011.04.08 12:36:42 | 000,580,608 | ---- | M] (OldTimer Tools) -- C:\Users\Hens\Desktop\OTL.exe [2011.04.08 12:18:18 | 000,013,456 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0 [2011.04.08 12:18:18 | 000,013,456 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0 [2011.04.08 12:10:23 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat [2011.04.08 12:10:17 | 1603,080,192 | -HS- | M] () -- C:\hiberfil.sys [2011.04.08 10:54:50 | 000,401,720 | ---- | M] (Trend Micro Inc.) -- C:\Users\Hens\Desktop\HiJackThis.exe [2011.04.08 10:46:52 | 000,109,774 | ---- | M] () -- C:\Users\Hens\Documents\cc_20110408_104634.reg [2011.04.08 10:37:46 | 000,001,067 | ---- | M] () -- C:\Users\Public\Desktop\Malwarebytes' Anti-Malware.lnk [2011.04.08 10:37:15 | 000,000,965 | ---- | M] () -- C:\Users\Public\Desktop\CCleaner.lnk [2011.04.08 10:32:36 | 000,002,959 | ---- | M] () -- C:\Users\Hens\Desktop\HiJackThis.lnk [2011.04.08 09:49:33 | 000,643,866 | ---- | M] () -- C:\Windows\System32\perfh007.dat [2011.04.08 09:49:33 | 000,607,190 | ---- | M] () -- C:\Windows\System32\perfh009.dat [2011.04.08 09:49:33 | 000,126,394 | ---- | M] () -- C:\Windows\System32\perfc007.dat [2011.04.08 09:49:33 | 000,103,568 | ---- | M] () -- C:\Windows\System32\perfc009.dat [2011.04.07 23:24:36 | 000,114,688 | -HS- | M] (Microsoft Corporation) -- C:\Users\Hens\AppData\Local\keg.exe [2011.04.07 23:24:22 | 000,217,202 | -HS- | M] () -- C:\Users\Hens\AppData\Local\dsh.exe [2011.04.07 23:24:20 | 000,217,202 | -HS- | M] () -- C:\Users\Hens\AppData\Local\dxm.exe [2011.04.06 17:21:33 | 000,208,896 | ---- | M] () -- C:\Users\Hens\Documents\Studierendenfeedback_Berufspraktikum_Hendrik_Enders.dot [2011.04.04 23:10:10 | 000,000,000 | ---- | M] () -- C:\Windows\System32\drivers\lvuvc.hs [2011.04.04 10:47:00 | 000,115,267 | ---- | M] () -- C:\Windows\System32\drivers\klin.dat [2011.04.04 10:47:00 | 000,097,859 | ---- | M] () -- C:\Windows\System32\drivers\klick.dat [2011.04.01 08:45:28 | 000,272,624 | ---- | M] () -- C:\Users\Hens\Desktop\payment.png [2011.03.31 09:06:26 | 000,000,306 | RHS- | M] () -- C:\ProgramData\ntuser.pol [2011.03.27 16:39:22 | 000,000,349 | ---- | M] () -- C:\Users\Public\Documents\PCLECHAL.INI [2011.03.24 22:34:05 | 003,834,352 | ---- | M] () -- C:\Windows\System32\FNTCACHE.DAT [2011.03.24 14:06:55 | 000,001,152 | ---- | M] () -- C:\Users\Public\Desktop\Pinnacle Studio 14.lnk [2011.03.24 12:37:47 | 000,002,093 | ---- | M] () -- C:\Users\Public\Desktop\EVaRT 5.0.4.lnk [2011.03.24 12:37:47 | 000,002,060 | ---- | M] () -- C:\Users\Public\Desktop\MAC License Tool.lnk [2011.03.23 12:01:48 | 000,191,488 | ---- | M] () -- C:\Users\Hens\Desktop\Assessment_of_professional_internship_Hendrik_Enders.dot [2011.03.23 11:59:39 | 000,214,528 | ---- | M] () -- C:\Users\Hens\Desktop\Student_feedback professional internship_Hendrik_Enders.dot [2011.03.23 11:57:59 | 000,217,088 | ---- | M] () -- C:\Users\Hens\Desktop\Company_feedback_on_professional_internship__Hendrik_Enders.dot [3 C:\*.tmp files -> C:\*.tmp -> ] ========== Files Created - No Company Name ========== [2011.04.08 10:46:38 | 000,109,774 | ---- | C] () -- C:\Users\Hens\Documents\cc_20110408_104634.reg [2011.04.08 10:37:46 | 000,001,067 | ---- | C] () -- C:\Users\Public\Desktop\Malwarebytes' Anti-Malware.lnk [2011.04.08 10:37:15 | 000,000,965 | ---- | C] () -- C:\Users\Public\Desktop\CCleaner.lnk [2011.04.08 10:32:36 | 000,002,959 | ---- | C] () -- C:\Users\Hens\Desktop\HiJackThis.lnk [2011.04.07 23:24:38 | 000,008,692 | -HS- | C] () -- C:\Users\Hens\AppData\Local\js6cy226kpp3fu006bryc5cx757a25077l2 [2011.04.07 23:24:38 | 000,008,692 | -HS- | C] () -- C:\ProgramData\js6cy226kpp3fu006bryc5cx757a25077l2 [2011.04.07 23:24:22 | 000,217,202 | -HS- | C] () -- C:\Users\Hens\AppData\Local\dsh.exe [2011.04.07 23:24:20 | 000,217,202 | -HS- | C] () -- C:\Users\Hens\AppData\Local\dxm.exe [2011.04.06 17:14:36 | 000,208,896 | ---- | C] () -- C:\Users\Hens\Documents\Studierendenfeedback_Berufspraktikum_Hendrik_Enders.dot [2011.03.31 09:17:44 | 000,002,441 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Reader 9.lnk [2011.03.24 22:55:35 | 000,001,104 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Mozilla Firefox.lnk [2011.03.24 14:06:55 | 000,001,152 | ---- | C] () -- C:\Users\Public\Desktop\Pinnacle Studio 14.lnk [2011.03.24 12:37:47 | 000,002,093 | ---- | C] () -- C:\Users\Public\Desktop\EVaRT 5.0.4.lnk [2011.03.24 12:37:47 | 000,002,060 | ---- | C] () -- C:\Users\Public\Desktop\MAC License Tool.lnk [2011.03.23 12:01:48 | 000,191,488 | ---- | C] () -- C:\Users\Hens\Desktop\Assessment_of_professional_internship_Hendrik_Enders.dot [2011.03.23 11:59:39 | 000,214,528 | ---- | C] () -- C:\Users\Hens\Desktop\Student_feedback professional internship_Hendrik_Enders.dot [2011.03.23 11:57:58 | 000,217,088 | ---- | C] () -- C:\Users\Hens\Desktop\Company_feedback_on_professional_internship__Hendrik_Enders.dot [2011.01.18 19:23:34 | 000,000,132 | ---- | C] () -- C:\Users\Hens\AppData\Roaming\Adobe GIF Format CS5 Prefs [2010.09.21 07:41:59 | 000,012,956 | ---- | C] () -- C:\Users\Hens\AppData\Roaming\Kommagetrennte Werte (Windows).CAL [2010.08.15 01:07:03 | 000,077,824 | ---- | C] () -- C:\Windows\KMService.exe [2010.08.15 01:07:03 | 000,008,192 | ---- | C] () -- C:\Windows\System32\srvany.exe [2010.08.15 00:41:15 | 000,140,288 | ---- | C] () -- C:\Windows\System32\igfxtvcx.dll [2010.04.20 17:07:12 | 000,082,289 | ---- | C] () -- C:\Windows\System32\lvcoinst.ini [2010.04.14 14:20:19 | 000,000,306 | RHS- | C] () -- C:\ProgramData\ntuser.pol [2010.03.15 09:13:35 | 000,739,328 | ---- | C] () -- C:\Windows\System32\libxml2.dll [2010.03.15 09:13:35 | 000,073,728 | ---- | C] () -- C:\Windows\System32\zlib.dll [2010.03.15 09:12:56 | 000,872,507 | ---- | C] () -- C:\Windows\System32\mesa.dll [2010.03.15 09:12:55 | 000,031,776 | ---- | C] () -- C:\Windows\System32\NT_IODRV.EXE [2010.02.09 03:27:41 | 000,000,000 | ---- | C] () -- C:\Windows\System32\dlumd9.dll [2010.02.09 03:27:41 | 000,000,000 | ---- | C] () -- C:\Windows\System32\dlumd10.dll [2010.02.08 09:49:31 | 000,000,048 | -H-- | C] () -- C:\ProgramData\ezsidmv.dat [2010.02.08 08:43:26 | 000,604,140 | -HS- | C] () -- C:\Windows\System32\drivers\ISwift3.dat [2010.02.08 08:41:39 | 000,115,267 | ---- | C] () -- C:\Windows\System32\drivers\klin.dat [2010.02.08 08:41:39 | 000,097,859 | ---- | C] () -- C:\Windows\System32\drivers\klick.dat [2010.02.08 08:37:01 | 000,000,400 | ---- | C] () -- C:\Windows\ODBC.INI [2010.01.18 05:42:06 | 000,034,666 | ---- | C] () -- C:\Windows\Irremote.ini [2009.10.06 17:46:36 | 000,025,752 | ---- | C] () -- C:\Windows\System32\drivers\LVPr2Mon.sys [2009.10.06 17:23:08 | 000,013,584 | ---- | C] () -- C:\Windows\System32\drivers\iKeyLFT2.dll [2009.09.23 11:16:08 | 002,050,952 | ---- | C] () -- C:\Windows\System32\igkrng400.bin [2009.07.14 02:47:43 | 000,643,866 | ---- | C] () -- C:\Windows\System32\perfh007.dat [2009.07.14 02:47:43 | 000,295,922 | ---- | C] () -- C:\Windows\System32\perfi007.dat [2009.07.14 02:47:43 | 000,126,394 | ---- | C] () -- C:\Windows\System32\perfc007.dat [2009.07.14 02:47:43 | 000,038,104 | ---- | C] () -- C:\Windows\System32\perfd007.dat [2009.07.13 22:57:37 | 000,067,584 | --S- | C] () -- C:\Windows\bootstat.dat [2009.07.13 22:33:53 | 003,834,352 | ---- | C] () -- C:\Windows\System32\FNTCACHE.DAT [2009.07.13 20:05:48 | 000,607,190 | ---- | C] () -- C:\Windows\System32\perfh009.dat [2009.07.13 20:05:48 | 000,291,294 | ---- | C] () -- C:\Windows\System32\perfi009.dat [2009.07.13 20:05:48 | 000,103,568 | ---- | C] () -- C:\Windows\System32\perfc009.dat [2009.07.13 20:05:48 | 000,031,548 | ---- | C] () -- C:\Windows\System32\perfd009.dat [2009.07.13 20:05:05 | 000,000,741 | ---- | C] () -- C:\Windows\System32\NOISE.DAT [2009.07.13 20:04:11 | 000,215,943 | ---- | C] () -- C:\Windows\System32\dssec.dat [2009.07.13 18:55:09 | 000,587,776 | ---- | C] () -- C:\Windows\System32\hpotscl1.dll [2009.07.13 17:55:01 | 000,043,131 | ---- | C] () -- C:\Windows\mib.bin [2009.07.13 17:51:43 | 000,073,728 | ---- | C] () -- C:\Windows\System32\BthpanContextHandler.dll [2009.07.13 17:42:10 | 000,064,000 | ---- | C] () -- C:\Windows\System32\BWContextHandler.dll [2009.06.10 15:26:10 | 000,673,088 | ---- | C] () -- C:\Windows\System32\mlang.dat [2009.05.24 22:18:10 | 000,027,507 | ---- | C] () -- C:\Windows\System32\drivers\klopp.dat [2007.08.23 10:55:34 | 003,596,288 | ---- | C] () -- C:\Windows\System32\qt-dx331.dll ========== LOP Check ========== [2010.02.12 06:35:55 | 000,000,000 | ---D | M] -- C:\Users\Hens\AppData\Roaming\DAEMON Tools Lite [2011.04.07 22:04:05 | 000,000,000 | ---D | M] -- C:\Users\Hens\AppData\Roaming\Dropbox [2011.03.24 11:49:11 | 000,000,000 | ---D | M] -- C:\Users\Hens\AppData\Roaming\DVDVideoSoft [2011.03.24 11:49:47 | 000,000,000 | ---D | M] -- C:\Users\Hens\AppData\Roaming\DVDVideoSoftIEHelpers [2010.04.12 09:14:14 | 000,000,000 | ---D | M] -- C:\Users\Hens\AppData\Roaming\Facebook [2010.12.07 13:06:12 | 000,000,000 | ---D | M] -- C:\Users\Hens\AppData\Roaming\Foxit Software [2010.11.07 11:53:34 | 000,000,000 | ---D | M] -- C:\Users\Hens\AppData\Roaming\IrfanView [2011.02.24 20:16:47 | 000,000,000 | ---D | M] -- C:\Users\Hens\AppData\Roaming\JabRef 2.6 [2010.04.20 17:08:56 | 000,000,000 | ---D | M] -- C:\Users\Hens\AppData\Roaming\Leadertech [2010.06.06 04:27:37 | 000,000,000 | ---D | M] -- C:\Users\Hens\AppData\Roaming\MyPhoneExplorer [2010.02.13 14:32:00 | 000,000,000 | ---D | M] -- C:\Users\Hens\AppData\Roaming\PTC [2010.04.14 14:23:43 | 000,000,000 | ---D | M] -- C:\Users\Hens\AppData\Roaming\ScanSoft [2010.02.21 15:31:09 | 000,000,000 | ---D | M] -- C:\Users\Hens\AppData\Roaming\Sierra Wireless [2010.04.21 09:54:47 | 000,000,000 | ---D | M] -- C:\Users\Hens\AppData\Roaming\SmartDraw [2010.11.07 01:34:21 | 000,000,000 | ---D | M] -- C:\Users\Hens\AppData\Roaming\SumatraPDF [2011.01.03 16:28:35 | 000,000,000 | ---D | M] -- C:\Users\Hens\AppData\Roaming\Thunderbird [2010.11.07 07:44:08 | 000,000,000 | ---D | M] -- C:\Users\Hens\AppData\Roaming\xm1 [2010.04.14 14:21:48 | 000,000,000 | ---D | M] -- C:\Users\Hens\AppData\Roaming\Zeon [2011.02.12 03:21:24 | 000,032,632 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT ========== Purity Check ========== ========== Custom Scans ========== < %ALLUSERSPROFILE%\Application Data\*. > < %ALLUSERSPROFILE%\Application Data\*.exe /s > < %APPDATA%\*. > [2011.01.11 14:04:11 | 000,000,000 | ---D | M] -- C:\Users\Hens\AppData\Roaming\Adobe [2010.02.28 08:59:05 | 000,000,000 | ---D | M] -- C:\Users\Hens\AppData\Roaming\Ahead [2010.02.28 11:35:31 | 000,000,000 | ---D | M] -- C:\Users\Hens\AppData\Roaming\Apple Computer [2010.02.12 06:35:55 | 000,000,000 | ---D | M] -- C:\Users\Hens\AppData\Roaming\DAEMON Tools Lite [2011.03.24 14:17:08 | 000,000,000 | ---D | M] -- C:\Users\Hens\AppData\Roaming\DivX [2011.04.07 22:04:05 | 000,000,000 | ---D | M] -- C:\Users\Hens\AppData\Roaming\Dropbox [2011.03.26 15:58:29 | 000,000,000 | ---D | M] -- C:\Users\Hens\AppData\Roaming\dvdcss [2011.03.24 11:49:11 | 000,000,000 | ---D | M] -- C:\Users\Hens\AppData\Roaming\DVDVideoSoft [2011.03.24 11:49:47 | 000,000,000 | ---D | M] -- C:\Users\Hens\AppData\Roaming\DVDVideoSoftIEHelpers [2010.04.12 09:14:14 | 000,000,000 | ---D | M] -- C:\Users\Hens\AppData\Roaming\Facebook [2010.12.07 13:06:12 | 000,000,000 | ---D | M] -- C:\Users\Hens\AppData\Roaming\Foxit Software [2010.02.08 08:30:01 | 000,000,000 | ---D | M] -- C:\Users\Hens\AppData\Roaming\Identities [2010.11.07 11:53:34 | 000,000,000 | ---D | M] -- C:\Users\Hens\AppData\Roaming\IrfanView [2011.02.24 20:16:47 | 000,000,000 | ---D | M] -- C:\Users\Hens\AppData\Roaming\JabRef 2.6 [2010.04.20 17:08:56 | 000,000,000 | ---D | M] -- C:\Users\Hens\AppData\Roaming\Leadertech [2010.02.08 08:58:50 | 000,000,000 | ---D | M] -- C:\Users\Hens\AppData\Roaming\Macromedia [2011.04.08 10:42:20 | 000,000,000 | ---D | M] -- C:\Users\Hens\AppData\Roaming\Malwarebytes [2010.02.14 14:42:05 | 000,000,000 | ---D | M] -- C:\Users\Hens\AppData\Roaming\MathWorks [2009.07.14 02:56:41 | 000,000,000 | ---D | M] -- C:\Users\Hens\AppData\Roaming\Media Center Programs [2011.03.24 14:12:16 | 000,000,000 | --SD | M] -- C:\Users\Hens\AppData\Roaming\Microsoft [2010.11.07 01:49:45 | 000,000,000 | ---D | M] -- C:\Users\Hens\AppData\Roaming\MiKTeX [2010.02.08 08:49:06 | 000,000,000 | ---D | M] -- C:\Users\Hens\AppData\Roaming\Mozilla [2010.06.06 04:27:37 | 000,000,000 | ---D | M] -- C:\Users\Hens\AppData\Roaming\MyPhoneExplorer [2010.02.13 14:32:00 | 000,000,000 | ---D | M] -- C:\Users\Hens\AppData\Roaming\PTC [2010.04.14 14:23:43 | 000,000,000 | ---D | M] -- C:\Users\Hens\AppData\Roaming\ScanSoft [2010.02.21 15:31:09 | 000,000,000 | ---D | M] -- C:\Users\Hens\AppData\Roaming\Sierra Wireless [2011.04.08 10:44:57 | 000,000,000 | ---D | M] -- C:\Users\Hens\AppData\Roaming\Skype [2011.04.07 22:06:46 | 000,000,000 | ---D | M] -- C:\Users\Hens\AppData\Roaming\skypePM [2010.04.21 09:54:47 | 000,000,000 | ---D | M] -- C:\Users\Hens\AppData\Roaming\SmartDraw [2010.11.07 01:34:21 | 000,000,000 | ---D | M] -- C:\Users\Hens\AppData\Roaming\SumatraPDF [2011.01.03 16:28:35 | 000,000,000 | ---D | M] -- C:\Users\Hens\AppData\Roaming\Thunderbird [2011.04.06 22:27:43 | 000,000,000 | ---D | M] -- C:\Users\Hens\AppData\Roaming\vlc [2010.04.15 03:48:23 | 000,000,000 | ---D | M] -- C:\Users\Hens\AppData\Roaming\WinRAR [2010.11.07 07:44:08 | 000,000,000 | ---D | M] -- C:\Users\Hens\AppData\Roaming\xm1 [2010.04.14 14:21:48 | 000,000,000 | ---D | M] -- C:\Users\Hens\AppData\Roaming\Zeon < %APPDATA%\*.exe /s > [2010.02.25 23:10:20 | 021,979,992 | ---- | M] () -- C:\Users\Hens\AppData\Roaming\Dropbox\bin\Dropbox.exe [2010.09.24 06:57:28 | 000,089,831 | ---- | M] () -- C:\Users\Hens\AppData\Roaming\Dropbox\bin\Uninstall.exe [2010.04.12 09:14:14 | 000,050,354 | ---- | M] (Facebook, Inc.) -- C:\Users\Hens\AppData\Roaming\Facebook\uninstall.exe [2010.04.13 10:18:24 | 000,048,963 | ---- | M] () -- C:\Users\Hens\AppData\Roaming\JabRef 2.6\JabRef.exe [2011.02.24 20:16:47 | 000,062,536 | ---- | M] (JabRef Team) -- C:\Users\Hens\AppData\Roaming\JabRef 2.6\uninstall.exe [2011.04.08 10:32:36 | 000,388,096 | R--- | M] (Trend Micro Inc.) -- C:\Users\Hens\AppData\Roaming\Microsoft\Installer\{45A66726-69BC-466B-A7A4-12FCBA4883D7}\HiJackThis.exe [2011.03.24 14:12:16 | 000,029,926 | R--- | M] () -- C:\Users\Hens\AppData\Roaming\Microsoft\Installer\{6DE721A5-5E89-4D74-994C-652BB3C0672E}\ARPPRODUCTICON.exe < %SYSTEMDRIVE%\*.exe > < MD5 for: AGP440.SYS > [2009.07.13 19:26:15 | 000,053,312 | ---- | M] (Microsoft Corporation) MD5=507812C3054C21CEF746B6EE3D04DD6E -- C:\Windows\System32\drivers\AGP440.sys [2009.07.13 19:26:15 | 000,053,312 | ---- | M] (Microsoft Corporation) MD5=507812C3054C21CEF746B6EE3D04DD6E -- C:\Windows\System32\DriverStore\FileRepository\machine.inf_x86_neutral_65848c2d7375a720\AGP440.sys [2009.07.13 19:26:15 | 000,053,312 | ---- | M] (Microsoft Corporation) MD5=507812C3054C21CEF746B6EE3D04DD6E -- C:\Windows\winsxs\x86_machine.inf_31bf3856ad364e35_6.1.7600.16385_none_b9e9435f20046eeb\AGP440.sys < MD5 for: ATAPI.SYS > [2009.07.13 19:26:15 | 000,021,584 | ---- | M] (Microsoft Corporation) MD5=338C86357871C167A96AB976519BF59E -- C:\Windows\System32\drivers\atapi.sys [2009.07.13 19:26:15 | 000,021,584 | ---- | M] (Microsoft Corporation) MD5=338C86357871C167A96AB976519BF59E -- C:\Windows\System32\DriverStore\FileRepository\mshdc.inf_x86_neutral_f64b9c35a3a5be81\atapi.sys [2009.07.13 19:26:15 | 000,021,584 | ---- | M] (Microsoft Corporation) MD5=338C86357871C167A96AB976519BF59E -- C:\Windows\winsxs\x86_mshdc.inf_31bf3856ad364e35_6.1.7600.16385_none_dd0e7e3d82dd640d\atapi.sys < MD5 for: CNGAUDIT.DLL > [2009.07.13 19:15:06 | 000,012,288 | ---- | M] (Microsoft Corporation) MD5=50BA656134F78AF64E4DD3C8B6FEFD7E -- C:\Windows\System32\cngaudit.dll [2009.07.13 19:15:06 | 000,012,288 | ---- | M] (Microsoft Corporation) MD5=50BA656134F78AF64E4DD3C8B6FEFD7E -- C:\Windows\winsxs\x86_microsoft-windows-cngaudit-dll_31bf3856ad364e35_6.1.7600.16385_none_e83a414890e8132b\cngaudit.dll < MD5 for: EVENTLOG.DLL > [2007.01.23 17:22:16 | 000,032,890 | ---- | M] () MD5=4FA5D1120762802A741F374F8B391E69 -- C:\Programme\MATLAB\R2010a\sys\perl\win32\lib\auto\Win32\EventLog\EventLog.dll < MD5 for: EXPLORER.EXE > [2009.07.13 19:14:20 | 002,613,248 | ---- | M] (Microsoft Corporation) MD5=15BC38A7492BEFE831966ADB477CF76F -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16385_none_518afd35db100430\explorer.exe [2009.10.30 23:45:39 | 002,614,272 | ---- | M] (Microsoft Corporation) MD5=2626FC9755BE22F805D3CFA0CE3EE727 -- C:\Windows\explorer.exe [2009.10.30 23:45:39 | 002,614,272 | ---- | M] (Microsoft Corporation) MD5=2626FC9755BE22F805D3CFA0CE3EE727 -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16450_none_51a66d6ddafc2ed1\explorer.exe [2009.08.02 23:49:47 | 002,613,248 | ---- | M] (Microsoft Corporation) MD5=9FF6C4C91A3711C0A3B18F87B08B518D -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.20500_none_526619d4f3f142e6\explorer.exe [2009.08.02 23:35:50 | 002,613,248 | ---- | M] (Microsoft Corporation) MD5=B95EEB0F4E5EFBF1038A35B3351CF047 -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16404_none_51e07e31dad00878\explorer.exe [2009.10.31 00:00:51 | 002,614,272 | ---- | M] (Microsoft Corporation) MD5=C76153C7ECA00FA852BB0C193378F917 -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.20563_none_52283b2af41f3691\explorer.exe < MD5 for: IASTOR.SYS > [2007.02.12 07:37:22 | 000,537,368 | ---- | M] (Intel Corporation) MD5=2EE127D5407DA3957EE54711C9AED6EC -- C:\fsc.tmp\1010858\64bit\iastor.sys [2007.02.12 07:36:54 | 000,277,784 | ---- | M] (Intel Corporation) MD5=FD7F9D74C2B35DBDA400804A3F5ED5D8 -- C:\fsc.tmp\1010858\32bit\iastor.sys [2007.02.12 07:36:54 | 000,277,784 | ---- | M] (Intel Corporation) MD5=FD7F9D74C2B35DBDA400804A3F5ED5D8 -- C:\Windows\System32\drivers\iaStor.sys [2007.02.12 07:36:54 | 000,277,784 | ---- | M] (Intel Corporation) MD5=FD7F9D74C2B35DBDA400804A3F5ED5D8 -- C:\Windows\System32\DriverStore\FileRepository\iaahci.inf_x86_neutral_32495ab0b5cbc36c\iaStor.sys < MD5 for: IASTORV.SYS > [2009.07.13 19:20:36 | 000,332,352 | ---- | M] (Intel Corporation) MD5=934AF4D7C5F457B9F0743F4299B77B67 -- C:\Windows\System32\drivers\iaStorV.sys [2009.07.13 19:20:36 | 000,332,352 | ---- | M] (Intel Corporation) MD5=934AF4D7C5F457B9F0743F4299B77B67 -- C:\Windows\System32\DriverStore\FileRepository\iastorv.inf_x86_neutral_18cccb83b34e1453\iaStorV.sys [2009.07.13 19:20:36 | 000,332,352 | ---- | M] (Intel Corporation) MD5=934AF4D7C5F457B9F0743F4299B77B67 -- C:\Windows\winsxs\x86_iastorv.inf_31bf3856ad364e35_6.1.7600.16385_none_aee7a89be91b9000\iaStorV.sys < MD5 for: NETLOGON.DLL > [2009.07.13 19:16:02 | 000,563,712 | ---- | M] (Microsoft Corporation) MD5=EAA75D9000B71F10EEC04D2AE6C60E81 -- C:\Windows\System32\netlogon.dll [2009.07.13 19:16:02 | 000,563,712 | ---- | M] (Microsoft Corporation) MD5=EAA75D9000B71F10EEC04D2AE6C60E81 -- C:\Windows\winsxs\x86_microsoft-windows-security-netlogon_31bf3856ad364e35_6.1.7600.16385_none_fd8e0d66994d7dc8\netlogon.dll < MD5 for: NVSTOR.SYS > [2009.07.13 19:20:44 | 000,142,416 | ---- | M] (NVIDIA Corporation) MD5=C99F251A5DE63C6F129CF71933ACED0F -- C:\Windows\System32\drivers\nvstor.sys [2009.07.13 19:20:44 | 000,142,416 | ---- | M] (NVIDIA Corporation) MD5=C99F251A5DE63C6F129CF71933ACED0F -- C:\Windows\System32\DriverStore\FileRepository\nvraid.inf_x86_neutral_5bde3fe2945bce9e\nvstor.sys [2009.07.13 19:20:44 | 000,142,416 | ---- | M] (NVIDIA Corporation) MD5=C99F251A5DE63C6F129CF71933ACED0F -- C:\Windows\winsxs\x86_nvraid.inf_31bf3856ad364e35_6.1.7600.16385_none_39b1194b205239d8\nvstor.sys < MD5 for: SCECLI.DLL > [2009.07.13 19:16:13 | 000,175,616 | ---- | M] (Microsoft Corporation) MD5=26073302DAEA83CC5B944C546D6B47D2 -- C:\Windows\System32\scecli.dll [2009.07.13 19:16:13 | 000,175,616 | ---- | M] (Microsoft Corporation) MD5=26073302DAEA83CC5B944C546D6B47D2 -- C:\Windows\winsxs\x86_microsoft-windows-s..urationengineclient_31bf3856ad364e35_6.1.7600.16385_none_37e4387f3a6f0483\scecli.dll < MD5 for: USER32.DLL > [2009.07.13 19:16:17 | 000,811,520 | ---- | M] (Microsoft Corporation) MD5=34B7E222E81FAFA885F0C5F2CFA56861 -- C:\Windows\System32\user32.dll [2009.07.13 19:16:17 | 000,811,520 | ---- | M] (Microsoft Corporation) MD5=34B7E222E81FAFA885F0C5F2CFA56861 -- C:\Windows\winsxs\x86_microsoft-windows-user32_31bf3856ad364e35_6.1.7600.16385_none_cd0ec264ceb014a3\user32.dll < MD5 for: USERINIT.EXE > [2009.07.13 19:14:43 | 000,026,112 | ---- | M] (Microsoft Corporation) MD5=6DE80F60D7DE9CE6B8C2DDFDF79EF175 -- C:\Windows\System32\userinit.exe [2009.07.13 19:14:43 | 000,026,112 | ---- | M] (Microsoft Corporation) MD5=6DE80F60D7DE9CE6B8C2DDFDF79EF175 -- C:\Windows\winsxs\x86_microsoft-windows-userinit_31bf3856ad364e35_6.1.7600.16385_none_dbff103933038d7c\userinit.exe < MD5 for: WINLOGON.EXE > [2009.10.28 00:17:59 | 000,285,696 | ---- | M] (Microsoft Corporation) MD5=37CDB7E72EB66BA85A87CBE37E7F03FD -- C:\Windows\System32\winlogon.exe [2009.10.28 00:17:59 | 000,285,696 | ---- | M] (Microsoft Corporation) MD5=37CDB7E72EB66BA85A87CBE37E7F03FD -- C:\Windows\winsxs\x86_microsoft-windows-winlogon_31bf3856ad364e35_6.1.7600.16447_none_6fc699643622d177\winlogon.exe [2009.10.27 23:52:08 | 000,285,696 | ---- | M] (Microsoft Corporation) MD5=3BABE6767C78FBF5FB8435FEED187F30 -- C:\Windows\winsxs\x86_microsoft-windows-winlogon_31bf3856ad364e35_6.1.7600.20560_none_703394514f56f7c2\winlogon.exe [2009.07.13 19:14:45 | 000,285,696 | ---- | M] (Microsoft Corporation) MD5=8EC6A4AB12B8F3759E21F8E3A388F2CF -- C:\Windows\winsxs\x86_microsoft-windows-winlogon_31bf3856ad364e35_6.1.7600.16385_none_6f99573a36451166\winlogon.exe < MD5 for: WS2IFSL.SYS > [2009.07.13 17:55:02 | 000,016,384 | ---- | M] (Microsoft Corporation) MD5=6DB3276587B853BF886B69528FDB048C -- C:\Windows\System32\drivers\ws2ifsl.sys [2009.07.13 17:55:02 | 000,016,384 | ---- | M] (Microsoft Corporation) MD5=6DB3276587B853BF886B69528FDB048C -- C:\Windows\winsxs\x86_microsoft-windows-w..rastructure-ws2ifsl_31bf3856ad364e35_6.1.7600.16385_none_4f5cf6f829213bb2\ws2ifsl.sys < %systemroot%\system32\drivers\*.sys /lockedfiles > [2010.02.12 06:01:34 | 000,691,696 | ---- | M] () Unable to obtain MD5 -- C:\Windows\System32\drivers\sptd.sys < %systemroot%\System32\config\*.sav > < %systemroot%\*. /mp /s > < %systemroot%\system32\*.dll /lockedfiles > [2009.07.13 19:15:20 | 000,380,957 | ---- | M] (Microsoft Corporation) Unable to obtain MD5 -- C:\Windows\System32\expsrv.dll [2004.08.04 08:00:00 | 001,355,776 | ---- | M] (Microsoft Corporation) Unable to obtain MD5 -- C:\Windows\System32\MSVBVM50.DLL [2009.07.13 19:15:50 | 001,386,496 | ---- | M] (Microsoft Corporation) Unable to obtain MD5 -- C:\Windows\System32\msvbvm60.dll [2009.07.13 19:16:18 | 000,489,472 | ---- | M] (Microsoft Corporation) Unable to obtain MD5 -- C:\Windows\System32\win32spl.dll < End of report > Code:
ATTFilter OTL Extras logfile created on: 08.04.2011 13:15:13 - Run 1
OTL by OldTimer - Version 3.2.22.3 Folder = C:\Users\Hens\Desktop
Home Premium Edition (Version = 6.1.7600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.7600.16385)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
2,00 Gb Total Physical Memory | 1,00 Gb Available Physical Memory | 44,00% Memory free
4,00 Gb Paging File | 3,00 Gb Available in Paging File | 68,00% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 149,04 Gb Total Space | 7,27 Gb Free Space | 4,88% Space Free | Partition Type: NTFS
Drive E: | 7,88 Gb Total Space | 1,55 Gb Free Space | 19,68% Space Free | Partition Type: FAT32
Computer Name: HENS-PC | User Name: Hens | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
========== Extra Registry (SafeList) ==========
========== File Associations ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- C:\Windows\System32\control.exe (Microsoft Corporation)
.hlp [@ = hlpfile] -- C:\Windows\winhlp32.exe (Microsoft Corporation)
[HKEY_USERS\S-1-5-21-631388349-1085569318-2024419824-1001\SOFTWARE\Classes\<extension>]
.exe [@ = exefile] -- C:\Users\Hens\AppData\Local\dsh.exe ()
.html [@ = FirefoxHTML] -- C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation)
========== Shell Spawning ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
hlpfile [open] -- %SystemRoot%\winhlp32.exe %1 (Microsoft Corporation)
htmlfile [edit] -- "C:\Program Files\Microsoft Office\Office14\msohtmed.exe" %1 (Microsoft Corporation)
htmlfile [print] -- "C:\Program Files\Microsoft Office\Office14\msohtmed.exe" /p %1 (Microsoft Corporation)
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [AddToPlaylistVLC] -- "C:\Program Files\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" ()
Directory [Bridge] -- C:\Program Files\Adobe\Adobe Bridge CS5\Bridge.exe "%L" (Adobe Systems, Inc.)
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [PlayWithVLC] -- "C:\Program Files\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" ()
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
========== Security Center Settings ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 0
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\KasperskyAntiVirus]
"DisableMonitoring" = 1
"" =
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"VistaSp1" = Reg Error: Unknown registry data type -- File not found
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0
========== Firewall Settings ==========
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
========== Authorized Applications List ==========
========== HKEY_LOCAL_MACHINE Uninstall List ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{002D9D5E-29BA-3E6D-9BC4-3D7D6DBC735C}" = Microsoft Visual C++ 2008 ATL Update kb973924 - x86 9.0.30729.4148
"{033E378E-6AD3-4AD5-BDEB-CBD69B31046C}" = Microsoft_VC90_ATL_x86
"{07287123-B8AC-41CE-8346-3D777245C35B}" = Bonjour
"{08D2E121-7F6A-43EB-97FD-629B44903403}" = Microsoft_VC90_CRT_x86
"{0D2DBE8A-43D0-7830-7AE7-CA6C99A832E7}" = Adobe Community Help
"{0DB2A37A-67C1-48DB-AA21-1F003FF11D91}" = DisplayLink Core Software
"{0F3647F8-E51D-4FCC-8862-9A8D0C5ACF25}" = Microsoft_VC80_ATL_x86
"{1451DE6B-ABE1-4F62-BE9A-B363A17588A2}" = QuickTime
"{15FEDA5F-141C-4127-8D7E-B962D1742728}" = Adobe Photoshop CS5
"{18BD326E-89F9-430C-B4BD-11DE323CCCA3}" = Wireless Selector
"{191C41F6-4BA8-4D3D-BBC5-AAC8F3077E3F}" = Fujitsu MobilityCenter Extension Utility
"{205C6BDD-7B73-42DE-8505-9A093F35A238}" = Windows Live-Uploadtool
"{22B775E7-6C42-4FC5-8E10-9A5E3257BD94}" = MSVCRT
"{26A24AE4-039D-4CA4-87B4-2F83216020FF}" = Java(TM) 6 Update 23
"{273BEEED-2915-4C6C-B63E-564A4B2819B7}" = KinTrak 7.0
"{3248F0A8-6813-11D6-A77B-00B0D0160050}" = Java(TM) 6 Update 5
"{33E6FA96-31C0-4CEF-B385-C20D51C0FA06}" = OZ711 SCR Driver V3.0.0.9A
"{3D05721D-98BD-41AB-B529-30AABE96E7F9}" = ScanSoft PDF Create! 4
"{3FA365DF-2D68-45ED-8F83-8C8A33E65143}" = Apple Application Support
"{404C18ED-873A-4191-BA03-30F627445418}" = Sentinel Protection Installer 7.3.0
"{41E654A9-26D0-4EAC-854B-0FA824FFFABB}" = Windows Live Messenger
"{45212F71-750F-4B98-8931-2F35DBE6B661}" = Paint.NET v3.5.7
"{45A66726-69BC-466B-A7A4-12FCBA4883D7}" = HiJackThis
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{52B97218-98CB-4B8B-9283-D213C85E1AA4}" = Windows Live Anmelde-Assistent
"{56C049BE-79E9-4502-BEA7-9754A3E60F9B}" = neroxml
"{5EE7D259-D137-4438-9A5F-42F432EC0421}" = VC80CRTRedist - 8.0.50727.4053
"{5FC68772-6D56-41C6-9DF1-24E868198AE6}" = Windows Live Call
"{6226477E-444F-4DFE-BA19-9F4F7D4565BC}" = LifeBook Application Panel
"{635FED5B-2C6D-49BE-87E6-7A6FCD22BC5A}" = Microsoft_VC90_MFC_x86
"{6733975E-52C9-4624-805D-36A4F79F7BBB}" = MDESIGN Roloff-Matek Edition
"{6956856F-B6B3-4BE0-BA0B-8F495BE32033}" = Apple Software Update
"{6D71C3D1-7E36-4655-9A5E-6118C891DC25}" = Kensington Display Adapter
"{6DE721A5-5E89-4D74-994C-652BB3C0672E}" = Pinnacle Video Treiber
"{716E0306-8318-4364-8B8F-0CC4E9376BAC}" = MSXML 4.0 SP2 Parser and SDK
"{7299052b-02a4-4627-81f2-1818da5d550d}" = Microsoft Visual C++ 2005 Redistributable
"{7426D8C8-7323-4A3D-9F94-2465B95C26B5}" = TVCenter
"{76E41F43-59D2-4F30-BA42-9A762EE1E8DE}" = Avanquest update
"{770657D0-A123-3C07-8E44-1C83EC895118}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
"{7C99490E-9ACE-440D-A717-E750AAF89E6E}" = EVaRT 5.0.4
"{827517C3-9B89-458E-A8F2-96DD24BDFE29}" = Shock Sensor Utility
"{8556B16D-AD7A-42A7-8A75-F7C532371031}" = Nero 7 Essentials
"{86D4B82A-ABED-442A-BE86-96357B70F4FE}" = Ask Toolbar
"{90120000-0020-0409-0000-0000000FF1CE}" = Compatibility Pack for the 2007 Office system
"{90140000-0011-0000-0000-0000000FF1CE}" = Microsoft Office Professional Plus 2010
"{90140000-0015-0407-0000-0000000FF1CE}" = Microsoft Office Access MUI (German) 2010
"{90140000-0016-0407-0000-0000000FF1CE}" = Microsoft Office Excel MUI (German) 2010
"{90140000-0018-0407-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (German) 2010
"{90140000-0019-0407-0000-0000000FF1CE}" = Microsoft Office Publisher MUI (German) 2010
"{90140000-001A-0407-0000-0000000FF1CE}" = Microsoft Office Outlook MUI (German) 2010
"{90140000-001B-0407-0000-0000000FF1CE}" = Microsoft Office Word MUI (German) 2010
"{90140000-001F-0407-0000-0000000FF1CE}" = Microsoft Office Proof (German) 2010
"{90140000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2010
"{90140000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2010
"{90140000-001F-0410-0000-0000000FF1CE}" = Microsoft Office Proof (Italian) 2010
"{90140000-002C-0407-0000-0000000FF1CE}" = Microsoft Office Proofing (German) 2010
"{90140000-0044-0407-0000-0000000FF1CE}" = Microsoft Office InfoPath MUI (German) 2010
"{90140000-006E-0407-0000-0000000FF1CE}" = Microsoft Office Shared MUI (German) 2010
"{90140000-00A1-0407-0000-0000000FF1CE}" = Microsoft Office OneNote MUI (German) 2010
"{90140000-00BA-0407-0000-0000000FF1CE}" = Microsoft Office Groove MUI (German) 2010
"{92D58719-BBC1-4CC3-A08B-56C9E884CC2C}" = Microsoft_VC80_CRT_x86
"{943B6738-4801-4982-90EC-0442EF7AEB16}" = Kaspersky Anti-Virus 2010
"{95120000-00B9-0409-0000-0000000FF1CE}" = Microsoft Application Error Reporting
"{97C82B44-D408-4F14-9252-47FC1636D23E}_is1" = IZArc 4.1.2
"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
"{A2BCA9F1-566C-4805-97D1-7FDC93386723}" = Adobe AIR
"{A78FE97A-C0C8-49CE-89D0-EDD524A17392}" = PDF Settings CS5
"{AADD1C8F-D59F-4D55-A726-768C71A205A8}" = Pinnacle Studio 14
"{AADEA55D-C834-4BCB-98A3-4B8D1C18F4EE}" = Apple Mobile Device Support
"{AC76BA86-7AD7-1031-7B44-A94000000001}" = Adobe Reader 9.4.3 - Deutsch
"{BA0CC975-682B-4678-A35C-05E607F36387}" = Fujitsu Hotkey Utility
"{C27BC2A2-30DD-4014-B22E-63EB0DB572F9}" = Logitech Webcam Software
"{CD95D125-2992-4858-B3EF-5F6FB52FBAD6}" = Skype Toolbars
"{D1A19B02-817E-4296-A45B-07853FD74D57}" = Microsoft_VC80_MFC_x86
"{D92BBB52-82FF-42ED-8A3C-4E062F944AB7}" = Microsoft_VC80_MFCLOC_x86
"{DE042823-C359-4B87-B66B-308057E8B6AF}" = Camtasia Studio 7
"{DE3A9DC5-9A5D-6485-9662-347162C7E4CA}" = Adobe Media Player
"{E633D396-5188-4E9D-8F6B-BFB8BF3467E8}" = Skype™ 5.1
"{E8A5B78F-4456-4511-AB3D-E7BFFB974A7A}" = Fujitsu System Extension Utility
"{EAB283A2-3F35-4FCD-81B0-31A63D2470F9}" = Power Saving Utility
"{ED00D08A-3C5F-488D-93A0-A04F21F23956}" = Windows Live Communications Platform
"{F0E12BBA-AD66-4022-A453-A1C8A0C4D570}" = Microsoft Choice Guard
"{F2BCC06B-72EF-49E5-B54F-DCCDFEA42CA2}" = Fujitsu Display Manager
"{F38ADCA4-AF7C-4C73-9021-6F1EA15D15EA}" = Pinnacle TVCenter Pro
"{F439D7AF-03F3-4F8E-AEC4-571BFE977C61}" = iTunes
"{F8FF18EE-264A-43FD-B2F6-5EAD40798C2F}" = Windows Live Essentials
"A71701C3-4C1A-4181-93FA-D7CA487F287D_is1" = HBM TEDS Editor
"Adobe AIR" = Adobe AIR
"Adobe Flash Player ActiveX" = Adobe Flash Player 10 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 10 Plugin
"Adobe Shockwave Player" = Adobe Shockwave Player 11.5
"Akamai" = Akamai NetSession Interface
"catmanEasy3.0_is1" = catmanEasy/AP 3.0.4.100
"CCleaner" = CCleaner
"chc.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1" = Adobe Community Help
"com.adobe.amp.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1" = Adobe Media Player
"DivX Setup.divx.com" = DivX-Setup
"Foxit Reader" = Foxit Reader
"Free Audio CD Burner_is1" = Free Audio CD Burner version 1.4.7
"Free Studio_is1" = Free Studio version 5.0.6
"Free YouTube Download_is1" = Free YouTube Download 2.8
"Free YouTube to MP3 Converter_is1" = Free YouTube to MP3 Converter version 3.9.35.324
"GPL Ghostscript 9.00" = GPL Ghostscript 9.00
"GSview 4.9" = GSview 4.9
"HDMI" = Intel(R) Graphics Media Accelerator Driver
"HijackThis" = HijackThis 2.0.2
"InstallShield_{18BD326E-89F9-430C-B4BD-11DE323CCCA3}" = Wireless Selector
"InstallShield_{191C41F6-4BA8-4D3D-BBC5-AAC8F3077E3F}" = Fujitsu MobilityCenter Extension Utility
"InstallShield_{33E6FA96-31C0-4CEF-B385-C20D51C0FA06}" = OZ711 SCR Driver V3.0.0.9A
"InstallShield_{6226477E-444F-4DFE-BA19-9F4F7D4565BC}" = LifeBook Application Panel
"InstallShield_{7C99490E-9ACE-440D-A717-E750AAF89E6E}" = EVaRT 5.0.4
"InstallShield_{827517C3-9B89-458E-A8F2-96DD24BDFE29}" = Shock Sensor Utility
"InstallShield_{BA0CC975-682B-4678-A35C-05E607F36387}" = Fujitsu Hotkey Utility
"InstallShield_{E8A5B78F-4456-4511-AB3D-E7BFFB974A7A}" = Fujitsu System Extension Utility
"InstallShield_{EAB283A2-3F35-4FCD-81B0-31A63D2470F9}" = Power Saving Utility
"InstallShield_{F2BCC06B-72EF-49E5-B54F-DCCDFEA42CA2}" = Fujitsu Display Manager
"InstallWIX_{943B6738-4801-4982-90EC-0442EF7AEB16}" = Kaspersky Anti-Virus 2010
"IrfanView" = IrfanView (remove only)
"JDownloader" = JDownloader
"Logitech Vid" = Logitech Vid HD
"lvdrivers_12.10" = Logitech Webcam Software-Treiberpaket
"Malwarebytes' Anti-Malware_is1" = Malwarebytes' Anti-Malware
"MatlabR2010a" = MATLAB R2010a
"MiKTeX 2.9" = MiKTeX 2.9
"Mozilla Firefox 4.0 (x86 en-US)" = Mozilla Firefox 4.0 (x86 en-US)
"Mozilla Thunderbird (3.1.9)" = Mozilla Thunderbird (3.1.9)
"MPE" = MyPhoneExplorer
"Office14.PROPLUS" = Microsoft Office Professional Plus 2010
"OpenVPN" = OpenVPN 2.0.9-gui-1.0.3
"PokerStars.net" = PokerStars.net
"Pro/ENGINEER Release Wildfire 4.0 Datecode F000" = Pro/ENGINEER Release Wildfire 4.0 Datecode F000
"PTC License Server Release Wildfire 4.0 Datecode F000" = PTC License Server Release Wildfire 4.0 Datecode F000
"Rainlendar2" = Rainlendar2 (remove only)
"Spider32 Setup" = Spider32 Setup
"Texmaker" = Texmaker
"TVWiz" = Intel(R) TV Wizard
"Uninstall_is1" = Uninstall 1.0.0.1
"VLC media player" = VLC media player 1.0.3
"WinLiveSuite_Wave3" = Windows Live Essentials
"WinRAR archiver" = WinRAR
========== HKEY_USERS Uninstall List ==========
[HKEY_USERS\S-1-5-21-631388349-1085569318-2024419824-1001\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"Dropbox" = Dropbox
"Facebook Plug-In" = Facebook Plug-In
"Faraday's Electromagnetic Lab" = Faraday's Electromagnetic Lab
========== Last 10 Event Log Errors ==========
[ Application Events ]
Error - 06.04.2011 18:44:12 | Computer Name = Hens-PC | Source = Microsoft Office 14 | ID = 2000
Description = Microsoft Word: Accepted Safe Mode action : Word hat festgestellt,
dass sie die STRG-Taste gedrückt halten. Möchten Sie Word im abgesicherten Modus
starten?.
Error - 06.04.2011 18:50:00 | Computer Name = Hens-PC | Source = Application Error | ID = 1000
Description = Name der fehlerhaften Anwendung: WINWORD.EXE, Version: 14.0.5123.5000,
Zeitstempel: 0x4c646b38 Name des fehlerhaften Moduls: ntdll.dll, Version: 6.1.7600.16695,
Zeitstempel: 0x4cc7ab44 Ausnahmecode: 0xc0000374 Fehleroffset: 0x000c35e3 ID des fehlerhaften
Prozesses: 0x1060 Startzeit der fehlerhaften Anwendung: 0x01cbf4acf2f2e718 Pfad der
fehlerhaften Anwendung: C:\Program Files\Microsoft Office\Office14\WINWORD.EXE Pfad
des fehlerhaften Moduls: C:\Windows\SYSTEM32\ntdll.dll Berichtskennung: 339dffca-60a0-11e0-af37-c268356a43de
Error - 06.04.2011 18:50:12 | Computer Name = Hens-PC | Source = Application Error | ID = 1000
Description = Name der fehlerhaften Anwendung: WINWORD.EXE, Version: 14.0.5123.5000,
Zeitstempel: 0x4c646b38 Name des fehlerhaften Moduls: ntdll.dll, Version: 6.1.7600.16695,
Zeitstempel: 0x4cc7ab44 Ausnahmecode: 0xc0000374 Fehleroffset: 0x000c35e3 ID des fehlerhaften
Prozesses: 0x1340 Startzeit der fehlerhaften Anwendung: 0x01cbf4acfb365982 Pfad der
fehlerhaften Anwendung: C:\Program Files\Microsoft Office\Office14\WINWORD.EXE Pfad
des fehlerhaften Moduls: C:\Windows\SYSTEM32\ntdll.dll Berichtskennung: 3a6071e1-60a0-11e0-af37-c268356a43de
Error - 06.04.2011 18:50:22 | Computer Name = Hens-PC | Source = Microsoft Office 14 | ID = 2000
Description = Microsoft Word: Accepted Safe Mode action : Word hat festgestellt,
dass sie die STRG-Taste gedrückt halten. Möchten Sie Word im abgesicherten Modus
starten?.
Error - 06.04.2011 18:56:08 | Computer Name = Hens-PC | Source = Application Error | ID = 1000
Description = Name der fehlerhaften Anwendung: WINWORD.EXE, Version: 14.0.5123.5000,
Zeitstempel: 0x4c646b38 Name des fehlerhaften Moduls: ntdll.dll, Version: 6.1.7600.16695,
Zeitstempel: 0x4cc7ab44 Ausnahmecode: 0xc0000374 Fehleroffset: 0x000c35e3 ID des fehlerhaften
Prozesses: 0x1420 Startzeit der fehlerhaften Anwendung: 0x01cbf4adce3bb062 Pfad der
fehlerhaften Anwendung: C:\Program Files\Microsoft Office\Office14\WINWORD.EXE Pfad
des fehlerhaften Moduls: C:\Windows\SYSTEM32\ntdll.dll Berichtskennung: 0ec44c73-60a1-11e0-af37-c268356a43de
Error - 06.04.2011 18:56:34 | Computer Name = Hens-PC | Source = Microsoft Office 14 | ID = 2000
Description = Microsoft Word: Accepted Safe Mode action : Word hat festgestellt,
dass sie die STRG-Taste gedrückt halten. Möchten Sie Word im abgesicherten Modus
starten?.
Error - 06.04.2011 18:56:49 | Computer Name = Hens-PC | Source = Microsoft Office 14 | ID = 2000
Description = Microsoft Word: Accepted Safe Mode action : Word hat festgestellt,
dass sie die STRG-Taste gedrückt halten. Möchten Sie Word im abgesicherten Modus
starten?.
Error - 06.04.2011 18:56:59 | Computer Name = Hens-PC | Source = Microsoft Office 14 | ID = 2000
Description = Microsoft Word: Accepted Safe Mode action : Word hat festgestellt,
dass sie die STRG-Taste gedrückt halten. Möchten Sie Word im abgesicherten Modus
starten?.
Error - 06.04.2011 18:59:32 | Computer Name = Hens-PC | Source = Application Error | ID = 1000
Description = Name der fehlerhaften Anwendung: WINWORD.EXE, Version: 14.0.5123.5000,
Zeitstempel: 0x4c646b38 Name des fehlerhaften Moduls: ntdll.dll, Version: 6.1.7600.16695,
Zeitstempel: 0x4cc7ab44 Ausnahmecode: 0xc0000374 Fehleroffset: 0x000c35e3 ID des fehlerhaften
Prozesses: 0x7b8 Startzeit der fehlerhaften Anwendung: 0x01cbf4ae46a32346 Pfad der
fehlerhaften Anwendung: C:\Program Files\Microsoft Office\Office14\WINWORD.EXE Pfad
des fehlerhaften Moduls: C:\Windows\SYSTEM32\ntdll.dll Berichtskennung: 885d8d11-60a1-11e0-af37-c268356a43de
Error - 06.04.2011 18:59:51 | Computer Name = Hens-PC | Source = Microsoft Office 14 | ID = 2000
Description = Microsoft Word: Accepted Safe Mode action : Word hat festgestellt,
dass sie die STRG-Taste gedrückt halten. Möchten Sie Word im abgesicherten Modus
starten?.
[ System Events ]
Error - 08.04.2011 12:56:53 | Computer Name = Hens-PC | Source = DCOM | ID = 10005
Description =
Error - 08.04.2011 12:56:53 | Computer Name = Hens-PC | Source = DCOM | ID = 10005
Description =
Error - 08.04.2011 12:56:54 | Computer Name = Hens-PC | Source = Service Control Manager | ID = 7001
Description = Der Dienst "Netzwerklistendienst" ist vom Dienst "NLA (Network Location
Awareness)" abhängig, der aufgrund folgenden Fehlers nicht gestartet wurde: %%1068
Error - 08.04.2011 12:56:54 | Computer Name = Hens-PC | Source = Service Control Manager | ID = 7001
Description = Der Dienst "Netzwerklistendienst" ist vom Dienst "NLA (Network Location
Awareness)" abhängig, der aufgrund folgenden Fehlers nicht gestartet wurde: %%1068
Error - 08.04.2011 12:56:54 | Computer Name = Hens-PC | Source = Service Control Manager | ID = 7001
Description = Der Dienst "Netzwerklistendienst" ist vom Dienst "NLA (Network Location
Awareness)" abhängig, der aufgrund folgenden Fehlers nicht gestartet wurde: %%1068
Error - 08.04.2011 12:56:54 | Computer Name = Hens-PC | Source = Service Control Manager | ID = 7001
Description = Der Dienst "Netzwerklistendienst" ist vom Dienst "NLA (Network Location
Awareness)" abhängig, der aufgrund folgenden Fehlers nicht gestartet wurde: %%1068
Error - 08.04.2011 12:56:55 | Computer Name = Hens-PC | Source = Service Control Manager | ID = 7001
Description = Der Dienst "Netzwerklistendienst" ist vom Dienst "NLA (Network Location
Awareness)" abhängig, der aufgrund folgenden Fehlers nicht gestartet wurde: %%1068
Error - 08.04.2011 12:56:55 | Computer Name = Hens-PC | Source = Service Control Manager | ID = 7001
Description = Der Dienst "Netzwerklistendienst" ist vom Dienst "NLA (Network Location
Awareness)" abhängig, der aufgrund folgenden Fehlers nicht gestartet wurde: %%1068
Error - 08.04.2011 14:02:02 | Computer Name = Hens-PC | Source = Service Control Manager | ID = 7001
Description = Der Dienst "Netzwerklistendienst" ist vom Dienst "NLA (Network Location
Awareness)" abhängig, der aufgrund folgenden Fehlers nicht gestartet wurde: %%1068
Error - 08.04.2011 14:02:03 | Computer Name = Hens-PC | Source = Service Control Manager | ID = 7001
Description = Der Dienst "Netzwerklistendienst" ist vom Dienst "NLA (Network Location
Awareness)" abhängig, der aufgrund folgenden Fehlers nicht gestartet wurde: %%1068
< End of report >
Danke schon mal |
|
08.04.2011, 23:26
| #4 |
| | Win 7 Security entfernen (log-files vorhanden) lodatei Malwarebytes scanner Code:
ATTFilter Malwarebytes' Anti-Malware 1.50.1.1100
www.malwarebytes.org
Datenbank Version: 6314
Windows 6.1.7600
Internet Explorer 8.0.7600.16385
08.04.2011 16:20:18
mbam-log-2011-04-08 (16-20-10).txt
Art des Suchlaufs: Vollständiger Suchlauf (C:\|)
Durchsuchte Objekte: 430309
Laufzeit: 3 Stunde(n), 58 Minute(n), 17 Sekunde(n)
Infizierte Speicherprozesse: 2
Infizierte Speichermodule: 0
Infizierte Registrierungsschlüssel: 0
Infizierte Registrierungswerte: 1
Infizierte Dateiobjekte der Registrierung: 4
Infizierte Verzeichnisse: 0
Infizierte Dateien: 8
Infizierte Speicherprozesse:
c:\Windows\kmservice.exe (RiskWare.Tool.CK) -> 540 -> No action taken.
c:\Users\Hens\AppData\Local\dsh.exe (Trojan.Agent) -> 3704 -> No action taken.
Infizierte Speichermodule:
(Keine bösartigen Objekte gefunden)
Infizierte Registrierungsschlüssel:
(Keine bösartigen Objekte gefunden)
Infizierte Registrierungswerte:
HKEY_CLASSES_ROOT\.exe\shell\open\command\(default) (Hijack.ExeFile) -> Value: (default) -> No action taken.
Infizierte Dateiobjekte der Registrierung:
HKEY_LOCAL_MACHINE\SOFTWARE\Clients\StartMenuInternet\FIREFOX.EXE\shell\open\command\(default) (Hijack.StartMenuInternet) -> Bad: ("C:\Users\Hens\AppData\Local\dsh.exe" -a "C:\Program Files\Mozilla Firefox\firefox.exe") Good: (firefox.exe) -> No action taken.
HKEY_LOCAL_MACHINE\SOFTWARE\Clients\StartMenuInternet\FIREFOX.EXE\shell\safemode\command\(default) (Hijack.StartMenuInternet) -> Bad: ("C:\Users\Hens\AppData\Local\dsh.exe" -a "C:\Program Files\Mozilla Firefox\firefox.exe" -safe-mode) Good: (firefox.exe -safe-mode) -> No action taken.
HKEY_LOCAL_MACHINE\SOFTWARE\Clients\StartMenuInternet\IEXPLORE.EXE\shell\open\command\(default) (Hijack.StartMenuInternet) -> Bad: ("C:\Users\Hens\AppData\Local\dsh.exe" -a "C:\Program Files\Internet Explorer\iexplore.exe") Good: (iexplore.exe) -> No action taken.
HKEY_CLASSES_ROOT\exefile\shell\open\command\(default) (Broken.OpenCommand) -> Bad: ("C:\Users\Hens\AppData\Local\dsh.exe" -a "%1" %*) Good: ("%1" %*) -> No action taken.
Infizierte Verzeichnisse:
(Keine bösartigen Objekte gefunden)
Infizierte Dateien:
c:\Windows\kmservice.exe (RiskWare.Tool.CK) -> No action taken.
c:\Users\Hens\AppData\Local\dsh.exe (Trojan.Agent) -> No action taken.
c:\Users\Hens\AppData\Local\dxm.exe (Trojan.Agent) -> No action taken.
c:\Users\Hens\AppData\Local\Temp\0.46982674232693467.exe (Trojan.Agent) -> No action taken.
c:\Users\Hens\AppData\LocalLow\Sun\Java\deployment\cache\6.0\59\5fe6bdfb-57f354a0 (Trojan.Agent) -> No action taken.
c:\Users\Hens\Desktop\techsmith camtasia studio v7.0.1\keymaker(zwt)\keygen.exe (Backdoor.RBot) -> No action taken.
c:\Users\Hens\downloads\microsoft office professional plus 2010\activator\mini-kms_activator_v1.052.exe (Riskware.Keygen) -> No action taken.
c:\Windows\System32\sysprep\cryptbase.dll (Trojan.Agent) -> No action taken.
|
|
09.04.2011, 10:33
| #5 |
| /// Malware-holic | Win 7 Security entfernen (log-files vorhanden) die beiden hab idch ja ganz übersehen c:\Users\Hens\downloads\microsoft office professional plus 2010\activator\mini-kms_activator_v1.052.exe (Riskware.Keygen) -> No action taken. c:\Windows\System32\sysprep\cryptbase.dll (Trojan.Agent) -> No action taken. wer so was nutzt muss sich über malware nicht wundern, desweiteren sehe ich noch verdächtige hosts einträge, du nutzt also wohl noch illegal adobe produkte. dies unterstützen wir nicht, da dies eine straftat ist. du bekommst hier hilfe beim neu aufsetzen, mehr nicht.
__________________ -Verdächtige mails bitte an uns zur Analyse weiterleiten: markusg.trojaner-board@web.de Weiterleiten Anleitung: http://markusg.trojaner-board.de Mails bitte vorerst nach obiger Anleitung an markusg.trojaner-board@web.de Weiterleiten Wenn Ihr uns unterstützen möchtet |
|
| Themen zu Win 7 Security entfernen (log-files vorhanden) |
| 7-zip, analysis, avp, avp.exe, bho, bootmgr, c:\hiberfil.sys, c:\windows\kmservice.exe, cache.dat, computer, converter, department, desktop, desktop.ini, display adapter, entfernen, excel, flash player, hiberfil.sys, hijack, hijackthis, installation, javaws.exe, jdownloader, kaspersky, log files, logfile, lws.exe, malware, mozilla, mozilla thunderbird, mp3, mpsigstub.exe, myphoneexplorer, notepad.exe, ntdll.dll, plug-in, problem, recycle.bin, schannel.dll, security, senden, server, shell32.dll, sierra, software, studio, system, tastatur, twain.dll, twunk_32.exe, win32k.sys, windows, wmploc.dll |
Linear-Darstellung
