|
Log-Analyse und Auswertung: Win 7 Security entfernen (log-files vorhanden)Windows 7 Wenn Du Dir einen Trojaner eingefangen hast oder ständig Viren Warnungen bekommst, kannst Du hier die Logs unserer Diagnose Tools zwecks Auswertung durch unsere Experten posten. Um Viren und Trojaner entfernen zu können, muss das infizierte System zuerst untersucht werden: Erste Schritte zur Hilfe. Beachte dass ein infiziertes System nicht vertrauenswürdig ist und bis zur vollständigen Entfernung der Malware nicht verwendet werden sollte.XML. |
08.04.2011, 19:08 | #1 |
| Win 7 Security entfernen (log-files vorhanden) Hallo, ich habe mir bereits einige Threads zum Thema Win7 Security entfernen durhcgelesen. Ich habe HijackThis installiert und jeweils beide log files erstellt. Ausserdem noch mit CCleaner meine installierten Programme ausgegeben. Den empfohlenen Malware entferner habe ich bereits installiert. Hier meine log files: Code:
ATTFilter Logfile of Trend Micro HijackThis v2.0.2 Scan saved at 10:57:41, on 08.04.2011 Platform: Unknown Windows (WinNT 6.01.3504) MSIE: Internet Explorer v8.00 (8.00.7600.16722) Boot mode: Safe mode Running processes: C:\Windows\Explorer.EXE C:\Windows\system32\ctfmon.exe C:\Users\Hens\Desktop\HiJackThis.exe R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://go.microsoft.com/fwlink/?LinkId=54896 R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://go.microsoft.com/fwlink/?LinkId=69157 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://go.microsoft.com/fwlink/?LinkId=69157 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = hxxp://go.microsoft.com/fwlink/?LinkId=54896 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://go.microsoft.com/fwlink/?LinkId=54896 R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://go.microsoft.com/fwlink/?LinkId=69157 R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch = R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll O2 - BHO: IEVkbdBHO - {59273AB4-E7D3-40F9-A1A8-6FA9CCA1862C} - C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2010\ievkbd.dll O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - (no file) O2 - BHO: Windows Live Anmelde-Hilfsprogramm - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll O2 - BHO: URLRedirectionBHO - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\PROGRA~1\MICROS~2\Office14\URLREDIR.DLL O2 - BHO: Ask Toolbar BHO - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files\Ask.com\GenericAskToolbar.dll O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll O2 - BHO: link filter bho - {E33CF602-D945-461A-83F0-819F76A199F8} - C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2010\klwtbbho.dll O3 - Toolbar: Foxit Toolbar - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files\Ask.com\GenericAskToolbar.dll O4 - HKLM\..\Run: [AVP] "C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2010\avp.exe" O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe" O4 - HKLM\..\Run: [IndicatorUtility] C:\Program Files\Fujitsu\Fujitsu Hotkey Utility\IndicatorUty.exe O4 - HKLM\..\Run: [LoadFUJ02E3] C:\Program Files\Fujitsu\FUJ02E3\FUJ02E3.exe O4 - HKLM\..\Run: [LoadFujitsuQuickTouch] C:\Program Files\Fujitsu\Application Panel\QuickTouch.exe O4 - HKLM\..\Run: [LoadBtnHnd] C:\Program Files\Fujitsu\BtnHnd\BtnHnd.exe O4 - HKLM\..\Run: [TvOutSwitch] C:\Program Files\Fujitsu\DispSwitch\DispSwitchLauncher.exe O4 - HKLM\..\Run: [SSUtility] C:\Program Files\Fujitsu\SSUtility\FJSSDMN.exe O4 - HKLM\..\Run: [PSUtility] C:\Program Files\Fujitsu\PSUtility\TrayManager.exe O4 - HKLM\..\Run: [NeroFilterCheck] C:\Program Files\Common Files\Ahead\Lib\NeroCheck.exe O4 - HKLM\..\Run: [openvpn-gui] C:\Program Files\OpenVPN\bin\openvpn-gui.exe O4 - HKLM\..\Run: [SSBkgdUpdate] "C:\Program Files\Common Files\Scansoft Shared\SSBkgdUpdate\SSBkgdupdate.exe" -Embedding -boot O4 - HKLM\..\Run: [ScanSoft PDF Create! 4-reminder] "C:\Program Files\ScanSoft\PDF Create! 4\Ereg\Ereg.exe" -r "C:\ProgramData\ScanSoft\PDF Create\4\Ereg\Ereg.ini O4 - HKLM\..\Run: [LogitechQuickCamRibbon] "C:\Program Files\Logitech\Logitech WebCam Software\LWS.exe" /hide O4 - HKLM\..\Run: [BCSSync] "C:\Program Files\Microsoft Office\Office14\BCSSync.exe" /DelayServices O4 - HKLM\..\Run: [IgfxTray] C:\Windows\system32\igfxtray.exe O4 - HKLM\..\Run: [HotKeysCmds] C:\Windows\system32\hkcmd.exe O4 - HKLM\..\Run: [Persistence] C:\Windows\system32\igfxpers.exe O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Common Files\Java\Java Update\jusched.exe" O4 - HKLM\..\Run: [AdobeAAMUpdater-1.0] "C:\Program Files\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe" O4 - HKLM\..\Run: [SwitchBoard] C:\Program Files\Common Files\Adobe\SwitchBoard\SwitchBoard.exe O4 - HKLM\..\Run: [AdobeCS5ServiceManager] "C:\Program Files\Common Files\Adobe\CS5ServiceManager\CS5ServiceManager.exe" -launchedbylogin O4 - HKLM\..\Run: [USBToolTip] C:\PROGRA~1\Pinnacle\SHARED~1\Programs\USBTip\USBTip.exe O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe" O4 - HKLM\..\Run: [Adobe ARM] "C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" O4 - HKLM\..\RunOnce: [Malwarebytes' Anti-Malware] C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe /install /silent O4 - HKCU\..\Run: [Rainlendar2] C:\Program Files\Rainlendar2\Rainlendar2.exe O4 - HKCU\..\Run: [DAEMON Tools Lite] "C:\Program Files\DAEMON Tools Lite\DTLite.exe" -autorun O4 - HKCU\..\Run: [Sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun (User 'LOKALER DIENST') O4 - HKUS\S-1-5-19\..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (User 'LOKALER DIENST') O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun (User 'NETZWERKDIENST') O4 - HKUS\S-1-5-20\..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (User 'NETZWERKDIENST') O4 - Startup: Dropbox.lnk = Hens\AppData\Roaming\Dropbox\bin\Dropbox.exe O4 - Global Startup: Nach Updates suchen.lnk = C:\Program Files\Common Files\PCTV Systems\WebUpdater\WebUpdater.exe O8 - Extra context menu item: An OneNote s&enden - res://C:\PROGRA~1\MICROS~2\Office14\ONBttnIE.dll/105 O8 - Extra context menu item: Free YouTube Download - C:\Users\Hens\AppData\Roaming\DVDVideoSoftIEHelpers\freeyoutubedownload.htm O8 - Extra context menu item: Free YouTube to Mp3 Converter - C:\Users\Hens\AppData\Roaming\DVDVideoSoftIEHelpers\freeyoutubetomp3converter.htm O8 - Extra context menu item: Nach Microsoft &Excel exportieren - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000 O8 - Extra context menu item: Nach Microsoft E&xcel exportieren - res://C:\PROGRA~1\MICROS~2\Office14\EXCEL.EXE/3000 O9 - Extra button: An OneNote senden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files\Microsoft Office\Office14\ONBttnIE.dll O9 - Extra 'Tools' menuitem: An OneNote s&enden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files\Microsoft Office\Office14\ONBttnIE.dll O9 - Extra button: &Virtuelle Tastatur - {4248FE82-7FCB-46AC-B270-339F08212110} - C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2010\klwtbbho.dll O9 - Extra button: Verknüpfte &OneNote-Notizen - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Program Files\Microsoft Office\Office14\ONBttnIELinkedNotes.dll O9 - Extra 'Tools' menuitem: Verknüpfte &OneNote-Notizen - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Program Files\Microsoft Office\Office14\ONBttnIELinkedNotes.dll O9 - Extra button: Li&nks untersuchen - {CCF151D8-D089-449F-A5A4-D9909053F20F} - C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2010\klwtbbho.dll O9 - Extra button: PokerStars.net - {FA9B9510-9FCB-4ca0-818C-5D0987B47C4D} - C:\Program Files\PokerStars.NET\PokerStarsUpdate.exe O13 - Gopher Prefix: O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL O18 - Filter hijack: text/xml - {807573E5-5146-11D5-A672-00B0D022E945} - C:\Program Files\Common Files\Microsoft Shared\OFFICE14\MSOXMLMF.DLL O20 - AppInit_DLLs: C:\PROGRA~1\KASPER~1\KASPER~1\mzvkbd3.dll O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe O23 - Service: Kaspersky Anti-Virus (AVP) - Kaspersky Lab - C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2010\avp.exe O23 - Service: Bonjour-Dienst (Bonjour Service) - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe O23 - Service: DisplayLinkManager (DisplayLinkService) - DisplayLink Corp. - C:\Program Files\DisplayLink Core Software\DisplayLinkManager.exe O23 - Service: FLEXlm server for PTC - Macrovision Corporation - C:\Program Files\flexnet\i486_nt\obj\lmgrd.exe O23 - Service: HP Port Resolver - Hewlett-Packard Company - C:\WINDOWS\SYSTEM32\SPOOL\DRIVERS\W32X86\3\HPBPRO.EXE O23 - Service: HP Status Server - Hewlett-Packard Company - C:\WINDOWS\SYSTEM32\SPOOL\DRIVERS\W32X86\3\HPBOID.EXE O23 - Service: iPod-Dienst (iPod Service) - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe O23 - Service: KMService - Unknown owner - C:\Windows\system32\srvany.exe O23 - Service: Process Monitor (LVPrcSrv) - Logitech Inc. - C:\Program Files\Common Files\LogiShrd\LVMVFM\LVPrcSrv.exe O23 - Service: NBService - Nero AG - C:\Program Files\Nero\Nero 7\Nero BackItUp\NBService.exe O23 - Service: NMIndexingService - Nero AG - C:\Program Files\Common Files\Ahead\Lib\NMIndexingService.exe O23 - Service: OpenVPN Service (OpenVPNService) - Unknown owner - C:\Program Files\OpenVPN\bin\openvpnserv.exe O23 - Service: PowerSavingUtilityService - FUJITSU LIMITED - C:\Program Files\Fujitsu\PSUtility\PSUService.exe O23 - Service: Sentinel Protection Server (SentinelProtectionServer) - SafeNet, Inc - C:\Program Files\Common Files\SafeNet Sentinel\Sentinel Protection Server\WinNT\spnsrvnt.exe O23 - Service: SwitchBoard - Adobe Systems Incorporated - C:\Program Files\Common Files\Adobe\SwitchBoard\SwitchBoard.exe O23 - Service: WirelessSelectorService - Unknown owner - C:\Program Files\Fujitsu\WirelessSelector\WSUService.exe -- End of file - 10027 bytes Code:
ATTFilter $$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$ º º hjtscanlist v2.0 º º $$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$ Microsoft Windows [Version 6.1.7600] C: C:\pagefile.sys --------- C:\hiberfil.sys --------- 08.04.2011 10:53 C:\Windows --------- 28672 08.04.2011 10:37 C:\ProgramData --------- 12288 08.04.2011 10:37 C:\Program Files --------- 28672 08.04.2011 10:32 C:\System Volume Information --------- 20480 20.03.2011 22:18 C:\DVDVideoSoft --------- 0 17.12.2010 14:06 C:\flexlm --------- 0 21.11.2010 07:26 C:\PTC --------- 0 22.04.2010 03:17 C:\SmartDraw 2010 --------- 0 21.03.2010 16:38 C:\IO.SYS --------- 0 21.03.2010 16:38 C:\MSDOS.SYS --------- 0 14.03.2010 10:59 C:\timestmp.tmp --------- 4 12.03.2010 10:06 C:\ptcsetup.log --------- 797246 21.02.2010 15:27 C:\Intel --------- 0 21.02.2010 15:27 C:\fsc.tmp --------- 0 21.02.2010 15:22 C:\DeskUpdate.tmp --------- 0 19.02.2010 10:08 C:\$Recycle.Bin --------- 0 08.02.2010 08:33 C:\MSOCache --------- 0 08.02.2010 08:29 C:\Users --------- 4096 08.02.2010 08:29 C:\Recovery --------- 0 08.02.2010 08:29 C:\Programme --------- 0 08.02.2010 08:29 C:\Dokumente und Einstellungen --------- 0 08.02.2010 08:19 C:\BOOTSECT.BAK --------- 8192 08.02.2010 08:19 C:\Boot --------- 4096 13.07.2009 22:53 C:\Documents and Settings --------- 0 13.07.2009 20:37 C:\PerfLogs --------- 0 13.07.2009 19:38 C:\bootmgr --------- 383562 10.06.2009 15:42 C:\config.sys --------- 10 10.06.2009 15:42 C:\autoexec.bat --------- 24 ---------------------------------------- C:\Windows 08.04.2011 10:57 C:\Windows\ntbtlog.txt --------- 1192722 08.04.2011 10:56 C:\Windows\bootstat.dat --------- 67584 08.04.2011 10:53 C:\Windows\setuperr.log --------- 0 08.04.2011 10:53 C:\Windows\setupact.log --------- 56 19.07.2010 13:44 C:\Windows\win.ini --------- 509 10.04.2010 01:03 C:\Windows\KMService.exe --------- 77824 08.02.2010 08:37 C:\Windows\ODBC.INI --------- 400 18.01.2010 05:42 C:\Windows\Irremote.ini --------- 34666 30.10.2009 23:45 C:\Windows\explorer.exe --------- 2614272 13.07.2009 22:41 C:\Windows\WindowsShell.Manifest --------- 749 13.07.2009 19:16 C:\Windows\twain_32.dll --------- 51200 13.07.2009 19:14 C:\Windows\write.exe --------- 9216 13.07.2009 19:14 C:\Windows\winhlp32.exe --------- 9728 13.07.2009 19:14 C:\Windows\twunk_32.exe --------- 31232 13.07.2009 19:14 C:\Windows\regedit.exe --------- 398336 13.07.2009 19:14 C:\Windows\notepad.exe --------- 179712 13.07.2009 19:14 C:\Windows\hh.exe --------- 15360 13.07.2009 19:14 C:\Windows\HelpPane.exe --------- 497152 13.07.2009 19:14 C:\Windows\fveupdate.exe --------- 13824 13.07.2009 19:14 C:\Windows\bfsvc.exe --------- 65024 13.07.2009 16:58 C:\Windows\mib.bin --------- 43131 10.06.2009 15:46 C:\Windows\system.ini --------- 219 10.06.2009 15:42 C:\Windows\_default.pif --------- 707 10.06.2009 15:42 C:\Windows\winhelp.exe --------- 256192 10.06.2009 15:41 C:\Windows\twunk_16.exe --------- 49680 10.06.2009 15:41 C:\Windows\twain.dll --------- 94784 10.06.2009 15:34 C:\Windows\WMSysPr9.prx --------- 316640 10.06.2009 15:19 C:\Windows\msdfmap.ini --------- 1405 10.06.2009 15:14 C:\Windows\Starter.xml --------- 48201 10.06.2009 15:14 C:\Windows\HomePremium.xml --------- 48265 24.04.2007 09:51 C:\Windows\UNNeroShowTime.exe --------- 972336 20.03.2007 14:22 C:\Windows\UNNeroBackItUp.exe --------- 972336 12.03.2007 07:51 C:\Windows\UNNeroMediaHome.exe --------- 972336 28.02.2007 14:53 C:\Windows\UNNeroVision.exe --------- 972336 15.09.2005 07:35 C:\Windows\UNNeroMediaHome.cfg --------- 50 30.08.2005 14:37 C:\Windows\UNNeroVision.cfg --------- 50 30.08.2005 14:37 C:\Windows\UNNeroShowTime.cfg --------- 50 30.08.2005 14:33 C:\Windows\UNNeroBackItUp.cfg --------- 50 23.01.1998 04:20 C:\Windows\IsUn0407.exe --------- 305664 ---------------------------------------- C:\Windows\System 13.07.2009 15:41 C:\Windows\System\OLESVR.DLL --------- 24064 13.07.2009 15:41 C:\Windows\System\WFWNET.DRV --------- 12704 13.07.2009 15:41 C:\Windows\System\COMMDLG.DLL --------- 32816 13.07.2009 15:41 C:\Windows\System\TIMER.DRV --------- 4048 13.07.2009 15:41 C:\Windows\System\MMSYSTEM.DLL --------- 68992 13.07.2009 15:41 C:\Windows\System\mmtask.tsk --------- 1152 13.07.2009 15:41 C:\Windows\System\mouse.drv --------- 2032 13.07.2009 15:41 C:\Windows\System\vga.drv --------- 2176 13.07.2009 15:41 C:\Windows\System\sound.drv --------- 1744 13.07.2009 15:41 C:\Windows\System\keyboard.drv --------- 2000 13.07.2009 15:41 C:\Windows\System\SHELL.DLL --------- 5120 13.07.2009 15:41 C:\Windows\System\system.drv --------- 3360 10.06.2009 15:42 C:\Windows\System\ver.dll --------- 9008 10.06.2009 15:42 C:\Windows\System\olecli.dll --------- 82944 10.06.2009 15:42 C:\Windows\System\lzexpand.dll --------- 9936 10.06.2009 15:25 C:\Windows\System\stdole.tlb --------- 5532 10.06.2009 15:21 C:\Windows\System\msvideo.dll --------- 126912 10.06.2009 15:21 C:\Windows\System\mciwave.drv --------- 28160 10.06.2009 15:21 C:\Windows\System\mciseq.drv --------- 25264 10.06.2009 15:21 C:\Windows\System\mciavi.drv --------- 73376 10.06.2009 15:21 C:\Windows\System\avifile.dll --------- 109456 10.06.2009 15:21 C:\Windows\System\avicap.dll --------- 69584 ---------------------------------------- C:\Windows\System32 08.04.2011 10:37 C:\Windows\system32\drivers --------- 65536 08.04.2011 10:34 C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0 --------- 13456 08.04.2011 10:34 C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0 --------- 13456 08.04.2011 10:29 C:\Windows\system32\config --------- 28672 08.04.2011 09:49 C:\Windows\system32\perfc009.dat --------- 103568 08.04.2011 09:49 C:\Windows\system32\perfh009.dat --------- 607190 08.04.2011 09:49 C:\Windows\system32\perfh007.dat --------- 643866 08.04.2011 09:49 C:\Windows\system32\perfc007.dat --------- 126394 08.04.2011 09:49 C:\Windows\system32\PerfStringBackup.INI --------- 1472002 07.04.2011 23:24 C:\Windows\system32\sysprep --------- 0 29.03.2011 21:35 C:\Windows\system32\catroot2 --------- 16384 24.03.2011 22:34 C:\Windows\system32\FNTCACHE.DAT --------- 3834352 24.03.2011 14:13 C:\Windows\system32\catroot --------- 8192 24.03.2011 14:13 C:\Windows\system32\DriverStore --------- 0 02.03.2011 19:56 C:\Windows\system32\MRT.exe --------- 37943240 12.02.2011 13:00 C:\Windows\system32\jupdate-1.6.0_23-b05.log --------- 3734 11.02.2011 17:05 C:\Windows\system32\Tasks --------- 0 09.02.2011 22:32 C:\Windows\system32\migration --------- 0 02.02.2011 18:11 C:\Windows\system32\MpSigStub.exe --------- 222080 08.01.2011 16:25 C:\Windows\system32\QuickTime --------- 0 07.01.2011 01:27 C:\Windows\system32\atmlib.dll --------- 34304 06.01.2011 23:33 C:\Windows\system32\atmfd.dll --------- 294400 04.01.2011 23:37 C:\Windows\system32\vbscript.dll --------- 428032 04.01.2011 23:34 C:\Windows\system32\jscript.dll --------- 716800 04.01.2011 21:37 C:\Windows\system32\win32k.sys --------- 2329088 22.12.2010 23:28 C:\Windows\system32\sbe.dll --------- 850432 22.12.2010 23:28 C:\Windows\system32\EncDec.dll --------- 534528 22.12.2010 23:28 C:\Windows\system32\CPFilters.dll --------- 642048 22.12.2010 23:24 C:\Windows\system32\mpg2splt.ax --------- 199680 20.12.2010 02:52 C:\Windows\system32\NDF --------- 0 17.12.2010 23:32 C:\Windows\system32\wininet.dll --------- 981504 17.12.2010 23:32 C:\Windows\system32\urlmon.dll --------- 1228288 17.12.2010 23:30 C:\Windows\system32\mstscax.dll --------- 2690560 17.12.2010 23:30 C:\Windows\system32\mstime.dll --------- 606208 17.12.2010 23:30 C:\Windows\system32\mshtmled.dll --------- 67072 17.12.2010 23:30 C:\Windows\system32\mshtml.dll --------- 5980672 17.12.2010 23:30 C:\Windows\system32\msfeedsbs.dll --------- 64512 17.12.2010 23:30 C:\Windows\system32\msfeeds.dll --------- 599040 17.12.2010 23:29 C:\Windows\system32\licmgr10.dll --------- 44544 17.12.2010 23:29 C:\Windows\system32\kerberos.dll --------- 541184 17.12.2010 23:29 C:\Windows\system32\jsproxy.dll --------- 48128 17.12.2010 23:29 C:\Windows\system32\ieui.dll --------- 176640 17.12.2010 23:29 C:\Windows\system32\iertutil.dll --------- 2063360 17.12.2010 23:29 C:\Windows\system32\iepeers.dll --------- 185856 17.12.2010 23:29 C:\Windows\system32\ieframe.dll --------- 10989056 17.12.2010 23:29 C:\Windows\system32\iedkcs32.dll --------- 381440 17.12.2010 23:26 C:\Windows\system32\mstsc.exe --------- 1034240 17.12.2010 23:26 C:\Windows\system32\msfeedssync.exe --------- 12800 17.12.2010 22:20 C:\Windows\system32\html.iec --------- 386048 17.12.2010 21:47 C:\Windows\system32\mshtml.tlb --------- 1638912 16.12.2010 00:18 C:\Windows\system32\de-DE --------- 327680 12.11.2010 19:53 C:\Windows\system32\javaws.exe --------- 157472 12.11.2010 19:53 C:\Windows\system32\javaw.exe --------- 145184 12.11.2010 19:53 C:\Windows\system32\java.exe --------- 145184 12.11.2010 19:53 C:\Windows\system32\deployJava1.dll --------- 472808 11.11.2010 05:03 C:\Windows\system32\jupdate-1.6.0_22-b04.log --------- 4103 01.11.2010 22:41 C:\Windows\system32\wmicmiplugin.dll --------- 351232 01.11.2010 22:40 C:\Windows\system32\taskschd.dll --------- 496128 01.11.2010 22:40 C:\Windows\system32\taskcomp.dll --------- 305152 01.11.2010 22:39 C:\Windows\system32\schedsvc.dll --------- 749056 01.11.2010 22:34 C:\Windows\system32\taskeng.exe --------- 192000 01.11.2010 22:34 C:\Windows\system32\schtasks.exe --------- 179712 26.10.2010 22:43 C:\Windows\system32\ntoskrnl.exe --------- 3901824 26.10.2010 22:43 C:\Windows\system32\ntkrnlpa.exe --------- 3957120 26.10.2010 22:40 C:\Windows\system32\ntdll.dll --------- 1289536 26.10.2010 22:32 C:\Windows\system32\tzres.dll --------- 2048 15.10.2010 22:41 C:\Windows\system32\consent.exe --------- 101760 15.10.2010 22:36 C:\Windows\system32\webio.dll --------- 314368 15.10.2010 22:34 C:\Windows\system32\odbc32.dll --------- 573440 31.08.2010 22:29 C:\Windows\system32\wmp.dll --------- 11406848 31.08.2010 22:23 C:\Windows\system32\wmploc.DLL --------- 12625408 31.08.2010 13:14 C:\Windows\system32\jupdate-1.6.0_21-b07.log --------- 5351 30.08.2010 22:32 C:\Windows\system32\mfc40u.dll --------- 954288 30.08.2010 22:32 C:\Windows\system32\mfc40.dll --------- 954752 26.08.2010 23:46 C:\Windows\system32\srvsvc.dll --------- 168448 25.08.2010 22:39 C:\Windows\system32\t2embed.dll --------- 109056 20.08.2010 23:36 C:\Windows\system32\wmpmde.dll --------- 738816 20.08.2010 23:36 C:\Windows\system32\schannel.dll --------- 224256 20.08.2010 23:33 C:\Windows\system32\comctl32.dll --------- 530432 20.08.2010 23:32 C:\Windows\system32\spoolsv.exe --------- 316928 15.08.2010 00:41 C:\Windows\system32\Lang --------- 0 14.08.2010 06:00 C:\Windows\system32\x64 --------- 0 29.07.2010 06:09 C:\Windows\system32\wdi --------- 4096 29.07.2010 00:30 C:\Windows\system32\ir32_32.dll --------- 197632 29.07.2010 00:30 C:\Windows\system32\iccvid.dll --------- 82944 27.07.2010 08:03 C:\Windows\system32\shell32.dll --------- 12867584 28.06.2010 23:02 C:\Windows\system32\ole32.dll --------- 1413632 22.06.2010 23:30 C:\Windows\system32\tsccvid.dll --------- 411480 19.06.2010 00:23 C:\Windows\system32\rtutils.dll --------- 37376 08.06.2010 00:02 C:\Windows\system32\msxml3.dll --------- 1233920 26.05.2010 10:59 C:\Windows\system32\Wat --------- 0 05.05.2010 00:46 C:\Windows\system32\StructuredQuery.dll --------- 363520 03.05.2010 07:53 C:\Windows\system32\MSCHVBXM --------- 4098 26.04.2010 16:04 C:\Windows\system32\DivXControlPanelApplet.cpl --------- 353592 22.04.2010 06:29 C:\Windows\system32\lvcoinst.log --------- 11736 14.04.2010 14:20 C:\Windows\system32\GroupPolicy --------- 0 20.03.2010 12:11 C:\Windows\system32\FM20DEU.DLL --------- 36736 10.03.2010 13:29 C:\Windows\system32\dpl100.dll --------- 94208 05.03.2010 03:13 C:\Windows\system32\msjava.dll --------- 947472 05.03.2010 01:42 C:\Windows\system32\asycfilt.dll --------- 67584 ---------------------------------------- C:\Windows\Prefetch 08.04.2011 10:56 C:\Windows\Prefetch\ReadyBoot --------- 4096 08.04.2011 10:55 C:\Windows\Prefetch\AgGlFgAppHistory.db --------- 1373845 08.04.2011 10:55 C:\Windows\Prefetch\AgGlFaultHistory.db --------- 493739 08.04.2011 10:55 C:\Windows\Prefetch\AgGlGlobalHistory.db --------- 2336149 08.04.2011 10:55 C:\Windows\Prefetch\AgRobust.db --------- 299804 08.04.2011 10:55 C:\Windows\Prefetch\PfSvPerfStats.bin --------- 508 08.04.2011 10:38 C:\Windows\Prefetch\LOGONUI.EXE-1BEE4A84.pf --------- 43308 08.04.2011 10:38 C:\Windows\Prefetch\DISPLAYLINKKENSINGTONSUPPORT.-4A9C90F1.pf --------- 18028 08.04.2011 10:38 C:\Windows\Prefetch\DISPLAYLINKUI.EXE-70773ADB.pf --------- 24284 08.04.2011 10:37 C:\Windows\Prefetch\CONSENT.EXE-65F6206D.pf --------- 117942 08.04.2011 10:37 C:\Windows\Prefetch\DLLHOST.EXE-71214090.pf --------- 42638 08.04.2011 10:37 C:\Windows\Prefetch\PING.EXE-B29F6629.pf --------- 14828 08.04.2011 10:37 C:\Windows\Prefetch\CONHOST.EXE-3218E401.pf --------- 14314 08.04.2011 10:36 C:\Windows\Prefetch\DLLHOST.EXE-893DDF55.pf --------- 33912 08.04.2011 10:35 C:\Windows\Prefetch\SEARCHFILTERHOST.EXE-AA7A1FDD.pf --------- 54288 08.04.2011 10:35 C:\Windows\Prefetch\SEARCHPROTOCOLHOST.EXE-AFAD3EF9.pf --------- 28726 08.04.2011 10:31 C:\Windows\Prefetch\SVCHOST.EXE-8FD92526.pf --------- 20694 08.04.2011 10:31 C:\Windows\Prefetch\VSSVC.EXE-04D079CC.pf --------- 28274 08.04.2011 10:31 C:\Windows\Prefetch\SVCHOST.EXE-93CEEE07.pf --------- 62884 08.04.2011 10:30 C:\Windows\Prefetch\TASKHOST.EXE-437C05A8.pf --------- 76958 08.04.2011 10:30 C:\Windows\Prefetch\WMIADAP.EXE-369DF1CD.pf --------- 20252 08.04.2011 10:29 C:\Windows\Prefetch\TRUSTEDINSTALLER.EXE-031B6478.pf --------- 72670 08.04.2011 10:29 C:\Windows\Prefetch\AgCx_SC4.db --------- 309398 08.04.2011 10:29 C:\Windows\Prefetch\WUAUCLT.EXE-830BCC14.pf --------- 56292 08.04.2011 10:28 C:\Windows\Prefetch\WMIPRVSE.EXE-43972D0F.pf --------- 39260 08.04.2011 10:28 C:\Windows\Prefetch\SPPSVC.EXE-CBE91656.pf --------- 24846 08.04.2011 10:28 C:\Windows\Prefetch\WMPNETWK.EXE-BD0344CA.pf --------- 69152 08.04.2011 10:28 C:\Windows\Prefetch\WMPNSCFG.EXE-DF1DD51A.pf --------- 19082 08.04.2011 10:28 C:\Windows\Prefetch\SEARCHINDEXER.EXE-77D27BAC.pf --------- 85290 08.04.2011 10:28 C:\Windows\Prefetch\EXPLORER.EXE-7A3328DA.pf --------- 201106 08.04.2011 10:28 C:\Windows\Prefetch\DWM.EXE-AEABE78B.pf --------- 44378 08.04.2011 10:28 C:\Windows\Prefetch\USERINIT.EXE-F39AB672.pf --------- 23942 08.04.2011 10:27 C:\Windows\Prefetch\ATBROKER.EXE-FF58B71D.pf --------- 10564 08.04.2011 09:52 C:\Windows\Prefetch\ACRORD32INFO.EXE-E3F62CBD.pf --------- 78004 08.04.2011 09:52 C:\Windows\Prefetch\MIKTEX-TEXWORKS.EXE-730A698D.pf --------- 92954 08.04.2011 09:47 C:\Windows\Prefetch\WUDFHOST.EXE-81420B07.pf --------- 25930 08.04.2011 09:46 C:\Windows\Prefetch\AUDIODG.EXE-D0D776AC.pf --------- 23096 08.04.2011 09:35 C:\Windows\Prefetch\AVP.EXE-66FE3676.pf --------- 131754 08.04.2011 09:31 C:\Windows\Prefetch\WERMGR.EXE-2A1BCBC7.pf --------- 19976 08.04.2011 09:28 C:\Windows\Prefetch\IGFXSRVC.EXE-67E7A62F.pf --------- 30290 08.04.2011 09:28 C:\Windows\Prefetch\IELOWUTIL.EXE-79D45B69.pf --------- 1402 08.04.2011 09:26 C:\Windows\Prefetch\KLWTBLFS.EXE-BD8E3D08.pf --------- 15204 08.04.2011 09:21 C:\Windows\Prefetch\RUNDLL32.EXE-AFD98684.pf --------- 15530 08.04.2011 08:19 C:\Windows\Prefetch\DLLHOST.EXE-53B78AD0.pf --------- 37768 08.04.2011 08:18 C:\Windows\Prefetch\SVCHOST.EXE-DB4C36D7.pf --------- 31902 08.04.2011 08:11 C:\Windows\Prefetch\TASKENG.EXE-5BAF290C.pf --------- 22616 07.04.2011 23:28 C:\Windows\Prefetch\OSPPSVC.EXE-FFA150A3.pf --------- 69032 07.04.2011 23:28 C:\Windows\Prefetch\PRINTISOLATIONHOST.EXE-83C184C4.pf --------- 15000 07.04.2011 23:28 C:\Windows\Prefetch\POWERPNT.EXE-C61D24E7.pf --------- 150592 07.04.2011 22:27 C:\Windows\Prefetch\PLUGIN-CONTAINER.EXE-1D5F6C6B.pf --------- 54662 07.04.2011 22:06 C:\Windows\Prefetch\SKYPEPM.EXE-2C1AF4F8.pf --------- 99332 07.04.2011 22:05 C:\Windows\Prefetch\SKYPE.EXE-40964AC7.pf --------- 164344 07.04.2011 22:05 C:\Windows\Prefetch\LVPRCSRV.EXE-E0306B6B.pf --------- 12576 07.04.2011 22:03 C:\Windows\Prefetch\THUNDERBIRD.EXE-EDED9AF7.pf --------- 252746 07.04.2011 22:02 C:\Windows\Prefetch\LULNCHR.EXE-E46CB67E.pf --------- 86564 07.04.2011 22:02 C:\Windows\Prefetch\LOGITECHUPDATE.EXE-55456C00.pf --------- 34410 07.04.2011 22:01 C:\Windows\Prefetch\FIREFOX.EXE-E60C0AA7.pf --------- 219566 07.04.2011 22:01 C:\Windows\Prefetch\SVCHOST.EXE-18D06B2E.pf --------- 6660 07.04.2011 22:01 C:\Windows\Prefetch\DROPBOX.EXE-6F5B5EDB.pf --------- 114496 07.04.2011 22:01 C:\Windows\Prefetch\CMD.EXE-89305D47.pf --------- 10908 07.04.2011 22:00 C:\Windows\Prefetch\WEBUPDATER.EXE-F58A287C.pf --------- 47714 07.04.2011 22:00 C:\Windows\Prefetch\SIDEBAR.EXE-3A7B3FCC.pf --------- 78692 07.04.2011 22:00 C:\Windows\Prefetch\DTLITE.EXE-77D34F4E.pf --------- 67736 07.04.2011 22:00 C:\Windows\Prefetch\RAINLENDAR2.EXE-437E37B5.pf --------- 81750 07.04.2011 22:00 C:\Windows\Prefetch\USBTIP.EXE-BF2C7046.pf --------- 26310 07.04.2011 22:00 C:\Windows\Prefetch\READER_SL.EXE-565703D6.pf --------- 13150 07.04.2011 22:00 C:\Windows\Prefetch\ADOBEARM.EXE-ACA00A4A.pf --------- 23094 07.04.2011 22:00 C:\Windows\Prefetch\SWITCHBOARD.EXE-7E935F90.pf --------- 30446 07.04.2011 22:00 C:\Windows\Prefetch\JUSCHED.EXE-07F32FAE.pf --------- 13964 07.04.2011 22:00 C:\Windows\Prefetch\UPDATERSTARTUPUTILITY.EXE-4E353C23.pf --------- 25712 07.04.2011 22:00 C:\Windows\Prefetch\CS5SERVICEMANAGER.EXE-5B253472.pf --------- 31260 07.04.2011 22:00 C:\Windows\Prefetch\IGFXPERS.EXE-F690CC93.pf --------- 17740 07.04.2011 22:00 C:\Windows\Prefetch\HKCMD.EXE-FA3EB5EE.pf --------- 18506 07.04.2011 22:00 C:\Windows\Prefetch\LWS.EXE-CC076DEB.pf --------- 59740 07.04.2011 22:00 C:\Windows\Prefetch\IGFXTRAY.EXE-95873609.pf --------- 19562 07.04.2011 22:00 C:\Windows\Prefetch\EREG.EXE-EEF5DFA3.pf --------- 26222 07.04.2011 21:59 C:\Windows\Prefetch\BCSSYNC.EXE-E11E559D.pf --------- 16300 07.04.2011 21:59 C:\Windows\Prefetch\IPODSERVICE.EXE-FE1A6FF7.pf --------- 19344 07.04.2011 21:59 C:\Windows\Prefetch\OPENVPN.EXE-51BE6D5E.pf --------- 17376 07.04.2011 21:59 C:\Windows\Prefetch\FJSSDMN.EXE-EB13373A.pf --------- 16722 07.04.2011 21:59 C:\Windows\Prefetch\SSBKGDUPDATE.EXE-2DA63B57.pf --------- 15888 07.04.2011 21:59 C:\Windows\Prefetch\BTNHND.EXE-3BD76FB3.pf --------- 17950 07.04.2011 21:59 C:\Windows\Prefetch\QUICKTOUCH.EXE-C66F2D8B.pf --------- 36808 07.04.2011 21:59 C:\Windows\Prefetch\INDICATORUTY.EXE-E859F9BC.pf --------- 18846 07.04.2011 21:59 C:\Windows\Prefetch\FUJ02E3.EXE-A0823DBD.pf --------- 14832 07.04.2011 21:59 C:\Windows\Prefetch\ITUNESHELPER.EXE-302622F9.pf --------- 75474 07.04.2011 21:54 C:\Windows\Prefetch\SVCHOST.EXE-4D8DA32A.pf --------- 24010 07.04.2011 21:54 C:\Windows\Prefetch\SVCHOST.EXE-B1D6DE75.pf --------- 19924 07.04.2011 18:06 C:\Windows\Prefetch\WINWORD.EXE-19416D26.pf --------- 221610 07.04.2011 18:03 C:\Windows\Prefetch\MSPAINT.EXE-89BB51A7.pf --------- 95820 07.04.2011 18:02 C:\Windows\Prefetch\TEXIFY.EXE-52D3EFBC.pf --------- 27196 07.04.2011 18:02 C:\Windows\Prefetch\PDFLATEX.EXE-F0A21ED7.pf --------- 116926 07.04.2011 18:02 C:\Windows\Prefetch\BIBTEX.EXE-4C074E6D.pf --------- 26122 07.04.2011 17:05 C:\Windows\Prefetch\ACRORD32.EXE-C2658FE9.pf --------- 87690 07.04.2011 16:59 C:\Windows\Prefetch\JAVAW.EXE-C4EA16F0.pf --------- 166406 07.04.2011 16:52 C:\Windows\Prefetch\AgGlUAD_P_S-1-5-21-631388349-1085569318-2024419824-1001.db --------- 943493 07.04.2011 16:52 C:\Windows\Prefetch\AgGlUAD_S-1-5-21-631388349-1085569318-2024419824-1001.db --------- 1267329 07.04.2011 16:13 C:\Windows\Prefetch\AgCx_SC2.db --------- 800696 07.04.2011 16:11 C:\Windows\Prefetch\PTC_D.EXE-50C7BF6C.pf --------- 23994 07.04.2011 11:51 C:\Windows\Prefetch\EXCEL.EXE-F0766CF1.pf --------- 154236 07.04.2011 11:42 C:\Windows\Prefetch\PDFTEX.EXE-ADEB943E.pf --------- 29180 07.04.2011 11:30 C:\Windows\Prefetch\FOXITR~1.EXE-54C77552.pf --------- 91340 07.04.2011 10:54 C:\Windows\Prefetch\DLLHOST.EXE-6202E8F2.pf --------- 213674 07.04.2011 10:24 C:\Windows\Prefetch\RUNDLL32.EXE-B641F777.pf --------- 33908 07.04.2011 09:51 C:\Windows\Prefetch\OUTLOOK.EXE-6869E875.pf --------- 265070 07.04.2011 09:46 C:\Windows\Prefetch\NTOSBOOT-B00DFAAD.pf --------- 3350318 07.04.2011 08:37 C:\Windows\Prefetch\ITUNES.EXE-049DB451.pf --------- 271298 07.04.2011 08:01 C:\Windows\Prefetch\QTTASK.EXE-D42B72A5.pf --------- 10784 06.04.2011 16:59 C:\Windows\Prefetch\WERFAULT.EXE-B7E27BE5.pf --------- 33982 06.04.2011 15:22 C:\Windows\Prefetch\PAINTDOTNET.EXE-A48207C8.pf --------- 139468 06.04.2011 15:14 C:\Windows\Prefetch\MATLAB.EXE-83FCC2C9.pf --------- 317714 06.04.2011 15:14 C:\Windows\Prefetch\MATLAB.EXE-F8C74B66.pf --------- 31212 06.04.2011 15:14 C:\Windows\Prefetch\VCRT_CHECK.EXE-9270A550.pf --------- 17660 06.04.2011 13:34 C:\Windows\Prefetch\W32TM.EXE-5D2265F4.pf --------- 15448 06.04.2011 13:33 C:\Windows\Prefetch\CSC.EXE-4EF173D0.pf --------- 40938 06.04.2011 13:33 C:\Windows\Prefetch\CVTRES.EXE-419E4E46.pf --------- 13220 06.04.2011 13:33 C:\Windows\Prefetch\SDIAGNHOST.EXE-67CD1457.pf --------- 63440 06.04.2011 13:33 C:\Windows\Prefetch\RUNDLL32.EXE-85E123DD.pf --------- 8630 06.04.2011 13:26 C:\Windows\Prefetch\RUNDLL32.EXE-125D4518.pf --------- 43814 06.04.2011 13:23 C:\Windows\Prefetch\SVCHOST.EXE-8DA0BAAD.pf --------- 17266 06.04.2011 13:23 C:\Windows\Prefetch\DEFRAG.EXE-738093E8.pf --------- 15134 06.04.2011 13:23 C:\Windows\Prefetch\Layout.ini --------- 1261444 06.04.2011 08:01 C:\Windows\Prefetch\DISPSWITCHLAUNCHER.EXE-B5D5114D.pf --------- 15864 05.04.2011 15:08 C:\Windows\Prefetch\MPSIGSTUB.EXE-7C60A359.pf --------- 25040 05.04.2011 15:08 C:\Windows\Prefetch\MPMINISIGSTUB.EXE-5E580501.pf --------- 7166 05.04.2011 15:08 C:\Windows\Prefetch\MPAS-D_BD1.EXE-B82677C3.pf --------- 15744 05.04.2011 10:55 C:\Windows\Prefetch\RUNDLL32.EXE-A5D8DA74.pf --------- 18540 05.04.2011 10:54 C:\Windows\Prefetch\DEVICEDISPLAYOBJECTPROVIDER.E-5B0FD533.pf --------- 33620 05.04.2011 10:50 C:\Windows\Prefetch\SVCHOST.EXE-7488A139.pf --------- 22334 05.04.2011 08:00 C:\Windows\Prefetch\COCIMANAGER.EXE-24AD6BC2.pf --------- 22156 04.04.2011 16:06 C:\Windows\Prefetch\CALC.EXE-AC08706A.pf --------- 23096 04.04.2011 15:12 C:\Windows\Prefetch\JAVAWS.EXE-25FD1E0F.pf --------- 18906 04.04.2011 15:12 C:\Windows\Prefetch\JAUCHECK.EXE-04AFF24E.pf --------- 33028 04.04.2011 14:54 C:\Windows\Prefetch\IZARC.EXE-1472F2CB.pf --------- 139640 04.04.2011 13:16 C:\Windows\Prefetch\SNDVOL.EXE-783DCB11.pf --------- 26990 03.04.2011 23:00 C:\Windows\Prefetch\WSQMCONS.EXE-E2CE6542.pf --------- 1242 03.04.2011 21:30 C:\Windows\Prefetch\INSTALLFLASHPLAYER.EXE-5258DA1C.pf --------- 22546 03.04.2011 21:28 C:\Windows\Prefetch\SC.EXE-BC6DAF49.pf --------- 3606 01.04.2011 14:59 C:\Windows\Prefetch\DLLHOST.EXE-91B07125.pf --------- 15754 01.04.2011 14:59 C:\Windows\Prefetch\SOFTWAREUPDATE.EXE-2B0C49F7.pf --------- 26590 01.04.2011 14:57 C:\Windows\Prefetch\AgCx_SC1.db --------- 687516 01.04.2011 14:56 C:\Windows\Prefetch\AgCx_SC1.db.trx --------- 280194 08.02.2010 08:22 C:\Windows\Prefetch\AgAppLaunch.db --------- 332116 ---------------------------------------- C:\Windows\Tasks 08.04.2011 10:53 C:\Windows\Tasks\SA.DAT --------- 6 12.02.2011 03:21 C:\Windows\Tasks\SCHEDLGU.TXT --------- 32632 ---------------------------------------- C:\Windows\Temp 08.04.2011 10:53 C:\Windows\Temp\spserv.dat --------- 1024 ---------------------------------------- C:\Users\Hens\AppData\Local\Temp 08.04.2011 10:56 C:\Users\Hens\AppData\Local\Temp\WPDNSE --------- 0 08.04.2011 10:52 C:\Users\Hens\AppData\Local\Temp\js6cy226kpp3fu006bryc5cx757a25077l2 --------- 8578 08.04.2011 10:44 C:\Users\Hens\AppData\Local\Temp\mik64428 --------- 0 08.04.2011 09:26 C:\Users\Hens\AppData\Local\Temp\Low --------- 0 07.04.2011 23:24 C:\Users\Hens\AppData\Local\Temp\0.46982674232693467.exe --------- 217202 07.04.2011 22:00 C:\Users\Hens\AppData\Local\Temp\manifest.xml --------- 5275 07.04.2011 22:00 C:\Users\Hens\AppData\Local\Temp\config.xml --------- 0 07.04.2011 22:00 C:\Users\Hens\AppData\Local\Temp\de-de --------- 0 07.04.2011 22:00 C:\Users\Hens\AppData\Local\Temp\en-us --------- 0 07.04.2011 22:00 C:\Users\Hens\AppData\Local\Temp\resource.h --------- 0 08.02.2010 08:31 C:\Users\Hens\AppData\Local\Temp\FXSAPIDebugLogFile.txt --------- 0 ---------------------------------------- C:\Program Files 08.04.2011 10:37 C:\Program Files\Malwarebytes' Anti-Malware --------- 4096 08.04.2011 10:37 C:\Program Files\CCleaner --------- 0 08.04.2011 10:32 C:\Program Files\Trend Micro --------- 0 31.03.2011 09:17 C:\Program Files\Adobe --------- 4096 24.03.2011 22:55 C:\Program Files\Mozilla Firefox --------- 32768 24.03.2011 14:12 C:\Program Files\Common Files --------- 4096 24.03.2011 14:00 C:\Program Files\Pinnacle --------- 0 24.03.2011 12:50 C:\Program Files\SafeNet Sentinel --------- 0 24.03.2011 12:50 C:\Program Files\InstallShield Installation Information --------- 0 24.03.2011 12:37 C:\Program Files\Motion Analysis --------- 0 08.03.2011 09:52 C:\Program Files\Mozilla Thunderbird --------- 28672 21.02.2011 00:12 C:\Program Files\Paint.NET --------- 16384 12.02.2011 13:00 C:\Program Files\Java --------- 4096 09.02.2011 22:32 C:\Program Files\Internet Explorer --------- 4096 18.01.2011 11:09 C:\Program Files\MATLAB --------- 0 18.01.2011 10:19 C:\Program Files\KinTrak 7.0 --------- 0 08.01.2011 16:24 C:\Program Files\TechSmith --------- 0 31.12.2010 11:23 C:\Program Files\Skype --------- 0 16.12.2010 00:18 C:\Program Files\Windows Mail --------- 0 15.12.2010 15:37 C:\Program Files\JDownloader --------- 0 07.12.2010 13:04 C:\Program Files\Ask.com --------- 4096 07.12.2010 13:04 C:\Program Files\Foxit Software --------- 0 07.11.2010 11:53 C:\Program Files\IrfanView --------- 0 07.11.2010 11:47 C:\Program Files\Ghostgum --------- 0 07.11.2010 07:34 C:\Program Files\Ghostscript --------- 0 07.11.2010 07:23 C:\Program Files\Texmaker --------- 16384 07.11.2010 07:21 C:\Program Files\TeXnicCenter --------- 0 07.11.2010 01:26 C:\Program Files\MiKTeX 2.9 --------- 4096 03.11.2010 13:16 C:\Program Files\Adobe Media Player --------- 0 13.10.2010 07:23 C:\Program Files\Windows Media Player --------- 4096 12.09.2010 01:28 C:\Program Files\Logitech --------- 0 15.08.2010 00:41 C:\Program Files\Intel --------- 0 06.08.2010 02:48 C:\Program Files\DVDVideoSoft --------- 0 19.07.2010 13:47 C:\Program Files\7-Zip --------- 0 19.07.2010 13:38 C:\Program Files\Microsoft Synchronization Services --------- 0 19.07.2010 13:37 C:\Program Files\Microsoft Office --------- 4096 19.07.2010 13:37 C:\Program Files\Microsoft SQL Server Compact Edition --------- 0 19.07.2010 13:37 C:\Program Files\Microsoft.NET --------- 0 19.07.2010 13:32 C:\Program Files\Microsoft Analysis Services --------- 0 19.07.2010 13:06 C:\Program Files\IZArc --------- 4096 12.06.2010 08:53 C:\Program Files\PCTV Systems --------- 0 09.06.2010 12:12 C:\Program Files\Avanquest update --------- 0 07.06.2010 14:41 C:\Program Files\MDESIGN --------- 0 06.06.2010 04:09 C:\Program Files\MyPhoneExplorer --------- 4096 31.05.2010 02:48 C:\Program Files\DisplayLink Core Software --------- 8192 16.05.2010 10:57 C:\Program Files\MSECache --------- 0 05.05.2010 03:36 C:\Program Files\DAEMON Tools Lite --------- 0 21.04.2010 11:57 C:\Program Files\Microsoft CAPICOM 2.1.0.2 --------- 0 15.04.2010 03:48 C:\Program Files\WinRAR --------- 4096 14.04.2010 14:20 C:\Program Files\ScanSoft --------- 0 22.03.2010 07:19 C:\Program Files\HBM --------- 0 12.03.2010 10:05 C:\Program Files\proeWildfire 4.0 --------- 8192 12.03.2010 09:57 C:\Program Files\flexnet --------- 4096 06.03.2010 04:32 C:\Program Files\PokerStars.NET --------- 8192 02.03.2010 01:18 C:\Program Files\OpenVPN --------- 4096 01.03.2010 08:22 C:\Program Files\MSXML 4.0 --------- 0 27.02.2010 11:09 C:\Program Files\Nero --------- 0 21.02.2010 15:40 C:\Program Files\Fujitsu --------- 4096 21.02.2010 15:32 C:\Program Files\O2Micro OZ711 SCR Driver --------- 0 21.02.2010 15:30 C:\Program Files\Sierra Wireless Inc --------- 0 09.02.2010 14:57 C:\Program Files\Microsoft --------- 0 09.02.2010 14:57 C:\Program Files\Windows Live --------- 0 09.02.2010 14:57 C:\Program Files\Windows Live SkyDrive --------- 0 09.02.2010 03:29 C:\Program Files\Kensington Display Adapter --------- 0 08.02.2010 10:39 C:\Program Files\iTunes --------- 4096 08.02.2010 10:38 C:\Program Files\iPod --------- 0 08.02.2010 10:38 C:\Program Files\Bonjour --------- 0 08.02.2010 10:38 C:\Program Files\QuickTime --------- 4096 08.02.2010 10:37 C:\Program Files\Apple Software Update --------- 4096 08.02.2010 10:04 C:\Program Files\Rainlendar2 --------- 0 08.02.2010 09:05 C:\Program Files\VideoLAN --------- 0 08.02.2010 08:41 C:\Program Files\Kaspersky Lab --------- 0 08.02.2010 08:29 C:\Program Files\Windows NT --------- 4096 08.02.2010 08:29 C:\Program Files\Gemeinsame Dateien --------- 0 14.07.2009 02:56 C:\Program Files\DVD Maker --------- 0 14.07.2009 02:56 C:\Program Files\Windows Journal --------- 0 14.07.2009 02:56 C:\Program Files\Microsoft Games --------- 0 14.07.2009 02:47 C:\Program Files\Windows Sidebar --------- 0 14.07.2009 02:47 C:\Program Files\Windows Photo Viewer --------- 0 14.07.2009 02:47 C:\Program Files\Windows Defender --------- 0 13.07.2009 22:53 C:\Program Files\Uninstall Information --------- 0 13.07.2009 22:52 C:\Program Files\Windows Portable Devices --------- 0 13.07.2009 22:52 C:\Program Files\Reference Assemblies --------- 0 13.07.2009 22:52 C:\Program Files\MSBuild --------- 0 13.07.2009 22:41 C:\Program Files\desktop.ini --------- 174 ---------------------------------------- C:\ProgramData\.. Hens Default Public Default User All Users desktop.ini ---------------------------------------- C:\Windows\system32\drivers\etc\hosts 127.0.0.1 activate.adobe.com 127.0.0.1 adobe.activate.com 127.0.0.1 practivate.adobe.com 127.0.0.1 ereg.adobe.com 127.0.0.1 adobeereg.com 127.0.0.1 activate.wip3.adobe.com 127.0.0.1 wip3.adobe.com 127.0.0.1 3dns-3.adobe.com 127.0.0.1 3dns-2.adobe.com 127.0.0.1 adobe-dns.adobe.com 127.0.0.1 adobe-dns-2.adobe.com 127.0.0.1 adobe-dns-3.adobe.com 127.0.0.1 ereg.wip3.adobe.com 127.0.0.1 activate-sea.adobe.com 127.0.0.1 wwis-dubc1-vip60.adobe.com 127.0.0.1 activate-sjc0.adobe.com 127.0.0.1 wwis-dubc1-vip60.adobe.com ---------------------------------------- Abbildname PID Sitzungsname Sitz.-Nr. Speichernutzung ========================= ======== ================ =========== =============== System Idle Process 0 Services 0 24 K System 4 Services 0 712 K smss.exe 288 Services 0 820 K csrss.exe 384 Services 0 2.804 K csrss.exe 432 Console 1 4.608 K wininit.exe 440 Services 0 3.572 K services.exe 500 Services 0 5.304 K lsass.exe 508 Services 0 7.244 K lsm.exe 520 Services 0 2.800 K winlogon.exe 552 Console 1 4.444 K svchost.exe 660 Services 0 6.532 K svchost.exe 740 Services 0 4.548 K svchost.exe 792 Services 0 7.512 K svchost.exe 860 Services 0 9.460 K svchost.exe 920 Services 0 3.596 K svchost.exe 984 Services 0 4.008 K explorer.exe 1140 Console 1 47.812 K ctfmon.exe 1196 Console 1 3.124 K cmd.exe 2012 Console 1 3.248 K conhost.exe 2020 Console 1 2.984 K tasklist.exe 952 Console 1 4.200 K dllhost.exe 1316 Console 1 5.596 K WmiPrvSE.exe 1400 Services 0 4.756 K ***** Ende des Scans 08.04.2011 um 10:59:44,33 *** Code:
ATTFilter Adobe AIR Adobe Systems Inc. 03.11.2010 1.5.3.9120 Adobe Community Help Adobe Systems Incorporated 03.11.2010 3.0.0.400 Adobe Flash Player 10 ActiveX Adobe Systems Incorporated 06.08.2010 6,00MB 10.1.53.64 Adobe Flash Player 10 Plugin Adobe Systems Incorporated 03.04.2011 6,00MB 10.2.153.1 Adobe Media Player Adobe Systems Incorporated 03.11.2010 1.8 Adobe Photoshop CS5 Adobe Systems Incorporated 03.11.2010 1.559MB 12.0 Adobe Reader 9.4.3 - Deutsch Adobe Systems Incorporated 31.03.2011 164,6MB 9.4.3 Adobe Shockwave Player 11.5 Adobe Systems, Inc. 05.10.2010 11.5.8.612 Akamai NetSession Interface 03.11.2010 Apple Application Support Apple Inc. 08.02.2010 32,4MB 1.1.0 Apple Mobile Device Support Apple Inc. 08.02.2010 40,4MB 2.6.0.32 Apple Software Update Apple Inc. 08.02.2010 2,16MB 2.1.1.116 Avanquest update Avanquest Software 09.06.2010 1.22 Bonjour Apple Inc. 08.02.2010 0,49MB 1.0.106 Camtasia Studio 7 TechSmith Corporation 08.01.2011 219MB 7.0.1 catmanEasy/AP 3.0.4.100 Hottinger Baldwin Messtechnik GmbH 22.03.2010 3.0.4.100 CCleaner Piriform 08.04.2011 3.05 Compatibility Pack for the 2007 Office system Microsoft Corporation 10.11.2010 129,5MB 12.0.6514.5001 DisplayLink Core Software DisplayLink Corp. 09.02.2010 12,8MB 5.2.22617.0 DivX-Setup DivX, Inc. 04.10.2010 2.1.0.12 Dropbox 24.09.2010 0.7.110 EVaRT 5.0.4 Motion Analysis Corporation 24.03.2011 62,5MB 5.0.4 Facebook Plug-In Facebook, Inc. 12.04.2010 Faraday's Electromagnetic Lab University of Colorado, Department of Physics 07.03.2010 Foxit Reader Foxit Corporation 07.12.2010 11,1MB 4.3.0.1110 Foxit Toolbar Ask.com 07.12.2010 2,57MB 1.9.1.0 Free Audio CD Burner version 1.4.7 DVDVideoSoft Limited. 26.03.2011 10,7MB Free Studio version 5.0.6 DVDVideoSoft Limited. 24.03.2011 258MB Free YouTube Download 2.8 DVDVideoSoft Limited. 29.07.2010 25,5MB Free YouTube to MP3 Converter version 3.9.35.324 DVDVideoSoft Limited. 26.03.2011 36,0MB Fujitsu Display Manager FUJITSU LIMITED 21.02.2010 1,09MB 50.0.1.0 Fujitsu Hotkey Utility FUJITSU LIMITED 21.02.2010 0,22MB 3.0.0.0 Fujitsu MobilityCenter Extension Utility FUJITSU LIMITED 21.02.2010 0,28MB 1.1.0.0 Fujitsu System Extension Utility FUJITSU LIMITED 21.02.2010 0,13MB 2.1.1.0 GPL Ghostscript 9.00 07.11.2010 GSview 4.9 07.11.2010 HBM TEDS Editor Hottinger Baldwin Messtechnik GmbH 22.03.2010 3.0.0.86 HiJackThis Trend Micro 08.04.2011 0,36MB 1.0.0 HijackThis 2.0.2 TrendMicro 08.04.2011 2.0.2 Intel(R) Graphics Media Accelerator Driver Intel Corporation 15.08.2010 54,3MB 8.15.10.1930 Intel(R) TV Wizard Intel Corporation 15.08.2010 IrfanView (remove only) Irfan Skiljan 07.11.2010 1,50MB 4.27 iTunes Apple Inc. 08.02.2010 146,3MB 9.0.3.15 IZArc 4.1.2 Ivan Zahariev 19.07.2010 13,8MB 4.1.2 Java(TM) 6 Update 23 Sun Microsystems, Inc. 23.05.2010 94,5MB 6.0.230 Java(TM) 6 Update 5 Sun Microsystems, Inc. 08.02.2010 140,9MB 1.6.0.50 JDownloader AppWork UG (haftungsbeschränkt) 13.04.2010 0.89 Kaspersky Anti-Virus 2010 Kaspersky Lab 08.02.2010 9.0.0.459 Kensington Display Adapter Kensington Computer Products Group 09.02.2010 1,83MB 5.2.22663.0 KinTrak 7.0 University of Calgary 18.01.2011 32,8MB 7.0.25 LifeBook Application Panel FUJITSU LIMITED 21.02.2010 5,48MB 7.0.0.0 Logitech Vid HD Logitech Inc.. 11.09.2010 7.2 (7230) Logitech Webcam Software Logitech Inc. 21.04.2010 43,9MB 12.10.1113 Logitech Webcam Software-Treiberpaket Logitech Inc. 20.04.2010 12.10.1110 Malwarebytes' Anti-Malware Malwarebytes Corporation 08.04.2011 10,5MB MATLAB R2010a The MathWorks, Inc. 18.01.2011 7.10 MDESIGN Roloff-Matek Edition 07.06.2010 2009 Microsoft Office Professional Plus 2010 Microsoft Corporation 19.07.2010 14.0.4763.1000 Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053 Microsoft Corporation 16.02.2010 0,25MB 8.0.50727.4053 Microsoft Visual C++ 2005 Redistributable Microsoft Corporation 12.02.2010 0,42MB 8.0.56336 Microsoft Visual C++ 2008 ATL Update kb973924 - x86 9.0.30729.4148 Microsoft Corporation 10.02.2010 0,20MB 9.0.30729.4148 Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 Microsoft Corporation 08.02.2010 0,58MB 9.0.30729 MiKTeX 2.9 MiKTeX.org 07.11.2010 2.9 Mozilla Firefox 4.0 (x86 en-US) Mozilla 24.03.2011 33,7MB 4.0 Mozilla Thunderbird (3.1.9) Mozilla 08.03.2011 3.1.9 (de) MSXML 4.0 SP2 (KB954430) Microsoft Corporation 01.03.2010 35,00KB 4.20.9870.0 MSXML 4.0 SP2 (KB973688) Microsoft Corporation 01.03.2010 1,33MB 4.20.9876.0 MSXML 4.0 SP2 Parser and SDK Microsoft Corporation 12.06.2010 36,00KB 4.20.9818.0 MyPhoneExplorer F.J. Wechselberger 06.06.2010 1.7.6 Nero 7 Essentials Nero AG 27.02.2010 1.814MB 7.02.8076 OpenVPN 2.0.9-gui-1.0.3 02.03.2010 OZ711 SCR Driver V3.0.0.9A O2Micro 21.02.2010 0,95MB 3.0.0.9A Paint.NET v3.5.7 dotPDN LLC 20.02.2011 10,4MB 3.57.0 Pinnacle Studio 14 Pinnacle Systems 24.03.2011 2.030MB 14.0.0.7255 Pinnacle Video Treiber Pinnacle Systems 24.03.2011 4,96MB 12.1.0.030 PokerStars.net PokerStars.net 05.03.2010 Power Saving Utility Fujitsu LIMITED 21.02.2010 0,76MB 3.1.1.0 Pro/ENGINEER Release Wildfire 4.0 Datecode F000 PTC 12.03.2010 Wildfire 4.0 PTC License Server Release Wildfire 4.0 Datecode F000 PTC 12.03.2010 Wildfire 4.0 QuickTime Apple Inc. 08.02.2010 77,3MB 7.65.17.80 Rainlendar2 (remove only) 08.02.2010 ScanSoft PDF Create! 4 Nuance, Inc. 14.04.2010 27,4MB 4.01.0109 Sentinel Protection Installer 7.3.0 SafeNet, Inc. 24.03.2011 2,56MB 7.3.0 Shock Sensor Utility FUJITSU LIMITED 21.02.2010 0,75MB 2.2.0.0 Skype Toolbars Skype Technologies S.A. 11.02.2011 5,76MB 5.0.4137 Skype™ 5.1 Skype Technologies S.A. 11.02.2011 22,7MB 5.1.112 Spider32 Setup 21.03.2010 Texmaker 07.11.2010 TVCenter PCTV Systems 12.06.2010 160,5MB 6.3.0.584 Uninstall 1.0.0.1 26.03.2011 10,6MB VLC media player 1.0.3 VideoLAN Team 08.02.2010 1.0.3 Windows Live Anmelde-Assistent Microsoft Corporation 09.02.2010 1,94MB 5.000.818.5 Windows Live Essentials Microsoft Corporation 09.02.2010 14.0.8089.0726 Windows Live-Uploadtool Microsoft Corporation 09.02.2010 0,22MB 14.0.8014.1029 WinRAR 15.04.2010 Wireless Selector FUJITSU LIMITED 21.02.2010 0,34MB 2.0.0.0 Ansonsten ist das Problem, dass ich den Malware detecter nicht aktualisieren kann (wie empfohlen) weil ich wegen dem Win7 nicht ins Inet komme. Danke fuer eure Hilfe |
08.04.2011, 19:09 | #2 |
/// Malware-holic | Win 7 Security entfernen (log-files vorhanden) 1. nimm keinerlei reinigung selbstständig vor, sonst ist das nur störend.
__________________2. reiche alle evtl vorhandenen scan logs mit funden nach auch fundorte benennen. 3. Systemscan mit OTL download otl: http://filepony.de/download-otl/ Doppelklick auf die OTL.exe (user von Windows 7 und Vista: Rechtsklick als Administrator ausführen) 1. Oben findest Du ein Kästchen mit Output. Wähle bitte Minimal Output 2. Hake an "scan all users" 3. Unter "Extra Registry wähle: "Use Safelist" "LOP Check" "Purity Check" 4. Kopiere in die Textbox: netsvcs msconfig safebootminimal safebootnetwork activex drivers32 %ALLUSERSPROFILE%\Application Data\*. %ALLUSERSPROFILE%\Application Data\*.exe /s %APPDATA%\*. %APPDATA%\*.exe /s %SYSTEMDRIVE%\*.exe /md5start userinit.exe eventlog.dll scecli.dll netlogon.dll cngaudit.dll ws2ifsl.sys sceclt.dll ntelogon.dll winlogon.exe logevent.dll user32.DLL explorer.exe iaStor.sys nvstor.sys atapi.sys IdeChnDr.sys viasraid.sys AGP440.sys vaxscsi.sys nvatabus.sys viamraid.sys nvata.sys nvgts.sys iastorv.sys ViPrt.sys eNetHook.dll ahcix86.sys KR10N.sys nvstor32.sys ahcix86s.sys /md5stop %systemroot%\system32\drivers\*.sys /lockedfiles %systemroot%\System32\config\*.sav %systemroot%\*. /mp /s %systemroot%\system32\*.dll /lockedfiles CREATERESTOREPOINT 5. Klicke "Scan" 6. 2 reporte werden erstellt: OTL.Txt Extras.Txt beide posten
__________________ |
08.04.2011, 21:15 | #3 |
| Win 7 Security entfernen (log-files vorhanden) OTL
__________________Code:
ATTFilter OTL logfile created on: 08.04.2011 13:15:13 - Run 1 OTL by OldTimer - Version 3.2.22.3 Folder = C:\Users\Hens\Desktop Home Premium Edition (Version = 6.1.7600) - Type = NTWorkstation Internet Explorer (Version = 8.0.7600.16385) Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy 2,00 Gb Total Physical Memory | 1,00 Gb Available Physical Memory | 44,00% Memory free 4,00 Gb Paging File | 3,00 Gb Available in Paging File | 68,00% Paging File free Paging file location(s): ?:\pagefile.sys [binary data] %SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files Drive C: | 149,04 Gb Total Space | 7,27 Gb Free Space | 4,88% Space Free | Partition Type: NTFS Drive E: | 7,88 Gb Total Space | 1,55 Gb Free Space | 19,68% Space Free | Partition Type: FAT32 Computer Name: HENS-PC | User Name: Hens | Logged in as Administrator. Boot Mode: Normal | Scan Mode: All users Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days ========== Processes (SafeList) ========== PRC - C:\Users\Hens\Desktop\OTL.exe (OldTimer Tools) PRC - C:\Users\Hens\AppData\Local\dsh.exe () PRC - C:\Programme\Malwarebytes' Anti-Malware\mbam.exe (Malwarebytes Corporation) PRC - C:\Windows\KMService.exe () PRC - C:\Programme\flexnet\i486_nt\obj\ptc_d.exe () PRC - C:\Programme\flexnet\i486_nt\obj\lmgrd.exe (Macrovision Corporation) PRC - C:\Programme\Kensington Display Adapter\DisplayLinkKensingtonSupport.exe (DisplayLink Corp.) PRC - C:\Programme\DisplayLink Core Software\DisplayLinkUI.exe (DisplayLink Corp.) PRC - C:\Programme\DisplayLink Core Software\DisplayLinkUserAgent.exe (DisplayLink Corp.) PRC - C:\Programme\DisplayLink Core Software\DisplayLinkManager.exe (DisplayLink Corp.) PRC - C:\Windows\explorer.exe (Microsoft Corporation) PRC - C:\Programme\Common Files\LogiShrd\LVMVFM\LVPrcSrv.exe (Logitech Inc.) PRC - C:\Programme\Windows Media Player\wmpnetwk.exe (Microsoft Corporation) PRC - C:\Windows\System32\taskhost.exe (Microsoft Corporation) PRC - C:\Windows\System32\conhost.exe (Microsoft Corporation) PRC - C:\Programme\Fujitsu\WirelessSelector\WSUService.exe () PRC - C:\Programme\Fujitsu\PSUtility\PSUService.exe (FUJITSU LIMITED) PRC - C:\Programme\Common Files\SafeNet Sentinel\Sentinel Protection Server\WinNT\spnsrvnt.exe (SafeNet, Inc) PRC - C:\Windows\System32\srvany.exe () ========== Modules (SafeList) ========== MOD - C:\Users\Hens\Desktop\OTL.exe (OldTimer Tools) MOD - C:\Windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7600.16661_none_420fe3fa2b8113bd\comctl32.dll (Microsoft Corporation) ========== Win32 Services (SafeList) ========== SRV - (Akamai) -- c:\Programme\Common Files\Akamai\netsession_win_a35e6b9.dll () SRV - (SwitchBoard) -- C:\Program Files\Common Files\Adobe\SwitchBoard\SwitchBoard.exe (Adobe Systems Incorporated) SRV - (AVP) -- C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2010\avp.exe (Kaspersky Lab) SRV - (WatAdminSvc) -- C:\Windows\System32\Wat\WatAdminSvc.exe (Microsoft Corporation) SRV - (FLEXlm server for PTC) -- C:\Program Files\flexnet\i486_nt\obj\lmgrd.exe (Macrovision Corporation) SRV - (DisplayLinkService) -- C:\Program Files\DisplayLink Core Software\DisplayLinkManager.exe (DisplayLink Corp.) SRV - (LVPrcSrv) -- C:\Program Files\Common Files\LogiShrd\LVMVFM\LVPrcSrv.exe (Logitech Inc.) SRV - (SensrSvc) -- C:\Windows\System32\sensrsvc.dll (Microsoft Corporation) SRV - (WirelessSelectorService) -- C:\Programme\Fujitsu\WirelessSelector\WSUService.exe () SRV - (PowerSavingUtilityService) -- C:\Programme\Fujitsu\PSUtility\PSUService.exe (FUJITSU LIMITED) SRV - (OpenVPNService) -- C:\Programme\OpenVPN\bin\openvpnserv.exe () SRV - (SentinelProtectionServer) -- C:\Program Files\Common Files\SafeNet Sentinel\Sentinel Protection Server\WinNT\spnsrvnt.exe (SafeNet, Inc) SRV - (KMService) -- C:\Windows\System32\srvany.exe () ========== Driver Services (SafeList) ========== DRV - (MBAMSwissArmy) -- C:\Windows\System32\drivers\mbamswissarmy.sys (Malwarebytes Corporation) DRV - (FJGSDisk) -- C:\Windows\system32\DRIVERS\FJGSDisk.sys (FUJITSU LIMITED) DRV - (sptd) -- C:\Windows\System32\Drivers\sptd.sys () DRV - (DisplayLinkUsbPort) -- C:\Windows\System32\drivers\DisplayLinkUsbPort_5.2.22617.0.sys (hxxp://libusb-win32.sourceforge.net) DRV - (KLIF) -- C:\Windows\System32\drivers\klif.sys (Kaspersky Lab) DRV - (kl1) -- C:\Windows\System32\drivers\kl1.sys (Kaspersky Lab) DRV - (dlkmd) -- C:\Windows\system32\drivers\dlkmd.sys (DisplayLink Corp.) DRV - (dlkmdldr) -- C:\Windows\system32\drivers\dlkmdldr.sys (DisplayLink Corp.) DRV - (mod7700) -- C:\Windows\System32\drivers\dvb7700all.sys (DiBcom) DRV - (LVUVC) Logitech QuickCam Pro 9000(UVC) -- C:\Windows\System32\drivers\lvuvc.sys (Logitech Inc.) DRV - (LVRS) -- C:\Windows\System32\drivers\lvrs.sys (Logitech Inc.) DRV - (LVPr2Mon) -- C:\Windows\System32\drivers\LVPr2Mon.sys () DRV - (azvusb) -- C:\Windows\System32\drivers\azvusb.sys (AzureWave Technologies, Inc.) DRV - (WinUsb) -- C:\Windows\System32\drivers\winusb.sys (Microsoft Corporation) DRV - (netw5v32) Intel(R) -- C:\Windows\System32\drivers\netw5v32.sys (Intel Corporation) DRV - (e1express) Intel(R) -- C:\Windows\System32\drivers\e1e6032.sys (Intel Corporation) DRV - (klmouflt) -- C:\Windows\System32\drivers\klmouflt.sys (Kaspersky Lab) DRV - (KLIM6) -- C:\Windows\System32\drivers\klim6.sys (Kaspersky Lab) DRV - (klbg) -- C:\Windows\system32\drivers\klbg.sys (Kaspersky Lab) DRV - (s0017mdm) -- C:\Windows\System32\drivers\s0017mdm.sys (MCCI Corporation) DRV - (s0017unic) Sony Ericsson Device 0017 USB Ethernet Emulation SEMC0017 (WDM) -- C:\Windows\System32\drivers\s0017unic.sys (MCCI Corporation) DRV - (s0017mgmt) Sony Ericsson Device 0017 USB WMC Device Management Drivers (WDM) -- C:\Windows\System32\drivers\s0017mgmt.sys (MCCI Corporation) DRV - (s0017obex) -- C:\Windows\System32\drivers\s0017obex.sys (MCCI Corporation) DRV - (s0017bus) Sony Ericsson Device 0017 driver (WDM) -- C:\Windows\System32\drivers\s0017bus.sys (MCCI Corporation) DRV - (s0017nd5) Sony Ericsson Device 0017 USB Ethernet Emulation SEMC0017 (NDIS) -- C:\Windows\System32\drivers\s0017nd5.sys (MCCI Corporation) DRV - (s0017mdfl) -- C:\Windows\System32\drivers\s0017mdfl.sys (MCCI Corporation) DRV - (seehcri) -- C:\Windows\System32\drivers\seehcri.sys (Sony Ericsson Mobile Communications) DRV - (SMSCIRDA) -- C:\Windows\System32\drivers\smscirda.sys (SMSC) DRV - (SWUMX32) Sierra Wireless USB MUX Driver (UMTS32) -- C:\Windows\System32\drivers\swumx32.sys (Sierra Wireless Inc.) DRV - (SWNC8U32) Sierra Wireless MUX NDIS Driver (UMTS32) -- C:\Windows\System32\drivers\swnc8u32.sys (Sierra Wireless Inc.) DRV - (O2SCBUS) -- C:\Windows\System32\drivers\ozscr.sys (O2Micro) DRV - (FUJ02E3) -- C:\Windows\System32\drivers\fuj02e3.sys (FUJITSU LIMITED) DRV - (FUJ02B1) -- C:\Windows\System32\drivers\fuj02b1.sys (FUJITSU LIMITED) DRV - (O2SDRDR) -- C:\Windows\system32\DRIVERS\o2sd.sys (O2Micro ) DRV - (O2MDRDR) -- C:\Windows\system32\DRIVERS\o2media.sys (O2Micro ) DRV - (tap0801) -- C:\Windows\System32\drivers\tap0801.sys (The OpenVPN Project) DRV - (Sentinel) -- C:\Windows\System32\Drivers\SENTINEL.SYS (SafeNet, Inc.) DRV - (SNTNLUSB) -- C:\Windows\System32\drivers\SNTNLUSB.SYS (SafeNet, Inc.) DRV - (MarvinBus) -- C:\Windows\System32\drivers\MarvinBus.sys (Pinnacle Systems GmbH) DRV - (DirectNT) -- C:\Windows\System32\drivers\DirectNT.sys (c't) ========== Standard Registry (SafeList) ========== ========== Internet Explorer ========== IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 IE - HKU\S-1-5-21-631388349-1085569318-2024419824-1001\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = hxxp://de.msn.com/?ocid=iehp IE - HKU\S-1-5-21-631388349-1085569318-2024419824-1001\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = de IE - HKU\S-1-5-21-631388349-1085569318-2024419824-1001\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = EA 74 17 F2 04 EC CB 01 [binary data] IE - HKU\S-1-5-21-631388349-1085569318-2024419824-1001\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 IE - HKU\S-1-5-21-631388349-1085569318-2024419824-1001\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local ========== FireFox ========== FF - prefs.js..browser.startup.homepage: "www.zeit.de" FF - prefs.js..extensions.enabledItems: linkfilter@kaspersky.ru:9.0.0.459 FF - prefs.js..extensions.enabledItems: {AB2CE124-6272-4b12-94A9-7303C7397BD1}:5.0.0.6906 FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}:6.0.20 FF - prefs.js..extensions.enabledItems: {ACAA314B-EEBA-48e4-AD47-84E31C44796C}:1.0.1 FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA}:6.0.21 FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}:6.0.22 FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA}:6.0.23 FF - HKLM\software\mozilla\Mozilla Firefox 4.0\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2011.03.24 22:55:24 | 000,000,000 | ---D | M] FF - HKLM\software\mozilla\Mozilla Firefox 4.0\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2011.03.31 09:18:44 | 000,000,000 | ---D | M] FF - HKLM\software\mozilla\Mozilla Thunderbird 3.1.9\extensions\\Components: C:\Program Files\Mozilla Thunderbird\components [2011.03.08 09:52:30 | 000,000,000 | ---D | M] FF - HKLM\software\mozilla\Mozilla Thunderbird 3.1.9\extensions\\Plugins: C:\Program Files\Mozilla Thunderbird\plugins [2011.01.03 16:28:36 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Hens\AppData\Roaming\mozilla\Extensions [2011.01.03 16:28:36 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Hens\AppData\Roaming\mozilla\Extensions\{3550f703-e582-4d05-9a08-453d09bdfdc6} [2011.03.23 22:35:40 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Hens\AppData\Roaming\mozilla\Firefox\Profiles\rowa3jhx.default\extensions [2010.07.29 14:17:09 | 000,000,000 | ---D | M] ("DVDVideoSoft Menu") -- C:\Users\Hens\AppData\Roaming\mozilla\Firefox\Profiles\rowa3jhx.default\extensions\{ACAA314B-EEBA-48e4-AD47-84E31C44796C} [2010.09.11 08:35:09 | 000,000,000 | ---D | M] (vShare Plugin) -- C:\Users\Hens\AppData\Roaming\mozilla\Firefox\Profiles\rowa3jhx.default\extensions\vshare@toolbar [2011.03.24 22:55:24 | 000,000,000 | ---D | M] (No name found) -- C:\Programme\Mozilla Firefox\extensions [2010.12.31 11:23:04 | 000,000,000 | ---D | M] (Skype extension) -- C:\Programme\Mozilla Firefox\extensions\{AB2CE124-6272-4b12-94A9-7303C7397BD1} [2010.05.23 04:42:06 | 000,000,000 | ---D | M] (Java Console) -- C:\Programme\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA} [2010.08.31 13:14:46 | 000,000,000 | ---D | M] (Java Console) -- C:\Programme\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA} [2010.11.11 05:03:38 | 000,000,000 | ---D | M] (Java Console) -- C:\Programme\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA} [2011.02.12 13:00:41 | 000,000,000 | ---D | M] (Java Console) -- C:\Programme\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA} [2010.02.09 12:56:45 | 000,000,000 | ---D | M] (Kaspersky URL Advisor) -- C:\Programme\Mozilla Firefox\extensions\linkfilter@kaspersky.ru File not found (No name found) -- [2010.12.31 11:23:04 | 000,000,000 | ---D | M] (Skype extension) -- C:\PROGRAM FILES\MOZILLA FIREFOX\EXTENSIONS\{AB2CE124-6272-4B12-94A9-7303C7397BD1} [2010.02.08 10:20:33 | 000,000,000 | ---D | M] (Java Console) -- C:\PROGRAM FILES\MOZILLA FIREFOX\EXTENSIONS\{CAFEEFAC-0016-0000-0005-ABCDEFFEDCBA} [2010.05.23 04:42:06 | 000,000,000 | ---D | M] (Java Console) -- C:\PROGRAM FILES\MOZILLA FIREFOX\EXTENSIONS\{CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA} [2010.08.31 13:14:46 | 000,000,000 | ---D | M] (Java Console) -- C:\PROGRAM FILES\MOZILLA FIREFOX\EXTENSIONS\{CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA} [2010.11.11 05:03:38 | 000,000,000 | ---D | M] (Java Console) -- C:\PROGRAM FILES\MOZILLA FIREFOX\EXTENSIONS\{CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA} [2011.02.12 13:00:41 | 000,000,000 | ---D | M] (Java Console) -- C:\PROGRAM FILES\MOZILLA FIREFOX\EXTENSIONS\{CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA} [2011.03.18 11:53:24 | 000,142,296 | ---- | M] (Mozilla Foundation) -- C:\Programme\Mozilla Firefox\components\browsercomps.dll [2010.11.12 19:53:06 | 000,472,808 | ---- | M] (Sun Microsystems, Inc.) -- C:\Programme\Mozilla Firefox\plugins\npdeployJava1.dll [2010.01.01 02:00:00 | 000,002,252 | ---- | M] () -- C:\Programme\Mozilla Firefox\searchplugins\bing.xml O1 HOSTS File: ([2010.05.10 08:27:59 | 000,001,345 | ---- | M]) - C:\Windows\System32\drivers\etc\hosts O1 - Hosts: 127.0.0.1 activate.adobe.com O1 - Hosts: 127.0.0.1 adobe.activate.com O1 - Hosts: 127.0.0.1 practivate.adobe.com O1 - Hosts: 127.0.0.1 ereg.adobe.com O1 - Hosts: 127.0.0.1 adobeereg.com O1 - Hosts: 127.0.0.1 activate.wip3.adobe.com O1 - Hosts: 127.0.0.1 wip3.adobe.com O1 - Hosts: 127.0.0.1 3dns-3.adobe.com O1 - Hosts: 127.0.0.1 3dns-2.adobe.com O1 - Hosts: 127.0.0.1 adobe-dns.adobe.com O1 - Hosts: 127.0.0.1 adobe-dns-2.adobe.com O1 - Hosts: 127.0.0.1 adobe-dns-3.adobe.com O1 - Hosts: 127.0.0.1 ereg.wip3.adobe.com O1 - Hosts: 127.0.0.1 activate-sea.adobe.com O1 - Hosts: 127.0.0.1 wwis-dubc1-vip60.adobe.com O1 - Hosts: 127.0.0.1 activate-sjc0.adobe.com O1 - Hosts: 127.0.0.1 wwis-dubc1-vip60.adobe.com O2 - BHO: (IEVkbdBHO Class) - {59273AB4-E7D3-40F9-A1A8-6FA9CCA1862C} - C:\Programme\Kaspersky Lab\Kaspersky Anti-Virus 2010\ievkbd.dll (Kaspersky Lab) O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - No CLSID value found. O2 - BHO: (Windows Live Anmelde-Hilfsprogramm) - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Programme\Common Files\microsoft shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corporation) O2 - BHO: (Office Document Cache Handler) - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Programme\Microsoft Office\Office14\URLREDIR.DLL (Microsoft Corporation) O2 - BHO: (Foxit Toolbar) - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Programme\Ask.com\GenericAskToolbar.dll (Ask) O2 - BHO: (FilterBHO Class) - {E33CF602-D945-461A-83F0-819F76A199F8} - C:\Programme\Kaspersky Lab\Kaspersky Anti-Virus 2010\klwtbbho.dll (Kaspersky Lab) O3 - HKLM\..\Toolbar: (Foxit Toolbar) - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Programme\Ask.com\GenericAskToolbar.dll (Ask) O3 - HKU\S-1-5-21-631388349-1085569318-2024419824-1001\..\Toolbar\WebBrowser: (Foxit Toolbar) - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Programme\Ask.com\GenericAskToolbar.dll (Ask) O4 - HKLM..\Run: [AdobeAAMUpdater-1.0] C:\Program Files\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe (Adobe Systems Incorporated) O4 - HKLM..\Run: [AdobeCS5ServiceManager] C:\Program Files\Common Files\Adobe\CS5ServiceManager\CS5ServiceManager.exe (Adobe Systems Incorporated) O4 - HKLM..\Run: [AVP] C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2010\avp.exe (Kaspersky Lab) O4 - HKLM..\Run: [BCSSync] C:\Program Files\Microsoft Office\Office14\BCSSync.exe (Microsoft Corporation) O4 - HKLM..\Run: [IndicatorUtility] C:\Programme\Fujitsu\Fujitsu Hotkey Utility\IndicatorUty.exe (FUJITSU LIMITED) O4 - HKLM..\Run: [LoadBtnHnd] C:\Programme\Fujitsu\BtnHnd\BtnHnd.exe (FUJITSU LIMITED) O4 - HKLM..\Run: [LoadFUJ02E3] C:\Programme\Fujitsu\FUJ02E3\FUJ02E3.exe (FUJITSU LIMITED) O4 - HKLM..\Run: [LoadFujitsuQuickTouch] C:\Programme\Fujitsu\Application Panel\QuickTouch.exe (FUJITSU LIMITED) O4 - HKLM..\Run: [LogitechQuickCamRibbon] C:\Program Files\Logitech\Logitech WebCam Software\LWS.exe () O4 - HKLM..\Run: [NeroFilterCheck] C:\Programme\Common Files\Ahead\Lib\NeroCheck.exe (Nero AG) O4 - HKLM..\Run: [openvpn-gui] C:\Programme\OpenVPN\bin\openvpn-gui.exe () O4 - HKLM..\Run: [PSUtility] C:\Programme\Fujitsu\PSUtility\TrayManager.exe (FUJITSU LIMITED) O4 - HKLM..\Run: [ScanSoft PDF Create! 4-reminder] C:\Program Files\ScanSoft\PDF Create! 4\Ereg\Ereg.exe (Nuance Communications, Inc.) O4 - HKLM..\Run: [SSUtility] C:\Programme\Fujitsu\SSUtility\FJSSDMN.exe (FUJITSU LIMITED) O4 - HKLM..\Run: [SwitchBoard] C:\Programme\Common Files\Adobe\SwitchBoard\SwitchBoard.exe (Adobe Systems Incorporated) O4 - HKLM..\Run: [TvOutSwitch] C:\Programme\Fujitsu\DispSwitch\DispSwitchLauncher.exe (FUJITSU LIMITED) O4 - HKLM..\Run: [USBToolTip] C:\Programme\Pinnacle\Shared Files\Programs\USBTip\USBTip.exe (Pinnacle Systems GmbH) O4 - HKU\S-1-5-21-631388349-1085569318-2024419824-1001..\Run: [DAEMON Tools Lite] C:\Program Files\DAEMON Tools Lite\DTLite.exe (DT Soft Ltd) O4 - HKU\S-1-5-21-631388349-1085569318-2024419824-1001..\Run: [Rainlendar2] C:\Programme\Rainlendar2\Rainlendar2.exe () O4 - HKU\S-1-5-19..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (Microsoft Corporation) O4 - HKU\S-1-5-20..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (Microsoft Corporation) O4 - Startup: C:\Users\Hens\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk = C:\Users\Hens\AppData\Roaming\Dropbox\bin\Dropbox.exe () O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3 O7 - HKU\S-1-5-21-631388349-1085569318-2024419824-1001\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HideSCAHealth = 1 O8 - Extra context menu item: An OneNote s&enden - C:\Programme\Microsoft Office\Office14\ONBttnIE.dll (Microsoft Corporation) O8 - Extra context menu item: Free YouTube Download - C:\Users\Hens\AppData\Roaming\DVDVideoSoftIEHelpers\freeyoutubedownload.htm () O8 - Extra context menu item: Free YouTube to Mp3 Converter - C:\Users\Hens\AppData\Roaming\DVDVideoSoftIEHelpers\freeyoutubetomp3converter.htm () O8 - Extra context menu item: Nach Microsoft E&xcel exportieren - C:\Programme\Microsoft Office\Office14\EXCEL.EXE (Microsoft Corporation) O9 - Extra Button: An OneNote senden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Programme\Microsoft Office\Office14\ONBttnIE.dll (Microsoft Corporation) O9 - Extra 'Tools' menuitem : An OneNote s&enden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Programme\Microsoft Office\Office14\ONBttnIE.dll (Microsoft Corporation) O9 - Extra Button: &Virtuelle Tastatur - {4248FE82-7FCB-46AC-B270-339F08212110} - C:\Programme\Kaspersky Lab\Kaspersky Anti-Virus 2010\klwtbbho.dll (Kaspersky Lab) O9 - Extra Button: Verknüpfte &OneNote-Notizen - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Programme\Microsoft Office\Office14\ONBttnIELinkedNotes.dll (Microsoft Corporation) O9 - Extra 'Tools' menuitem : Verknüpfte &OneNote-Notizen - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Programme\Microsoft Office\Office14\ONBttnIELinkedNotes.dll (Microsoft Corporation) O9 - Extra Button: Li&nks untersuchen - {CCF151D8-D089-449F-A5A4-D9909053F20F} - C:\Programme\Kaspersky Lab\Kaspersky Anti-Virus 2010\klwtbbho.dll (Kaspersky Lab) O9 - Extra Button: PokerStars.net - {FA9B9510-9FCB-4ca0-818C-5D0987B47C4D} - C:\Programme\PokerStars.NET\PokerStarsUpdate.exe (PokerStars) O10 - NameSpace_Catalog5\Catalog_Entries\000000000008 [] - C:\Programme\Bonjour\mdnsNSP.dll (Apple Inc.) O13 - gopher Prefix: missing O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_23-windows-i586.cab (Java Plug-in 1.6.0_23) O16 - DPF: {CAFEEFAC-0016-0000-0005-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_05-windows-i586.cab (Java Plug-in 1.6.0_05) O16 - DPF: {CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_23-windows-i586.cab (Java Plug-in 1.6.0_23) O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_23-windows-i586.cab (Java Plug-in 1.6.0_23) O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 136.159.89.2 136.159.130.8 O18 - Protocol\Handler\http\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation) O18 - Protocol\Handler\http\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation) O18 - Protocol\Handler\https\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation) O18 - Protocol\Handler\https\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation) O18 - Protocol\Handler\livecall {828030A1-22C1-4009-854F-8E305202313F} - C:\Programme\Windows Live\Messenger\msgrapp.14.0.8089.0726.dll (Microsoft Corporation) O18 - Protocol\Handler\msdaipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation) O18 - Protocol\Handler\msdaipp\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation) O18 - Protocol\Handler\ms-help {314111c7-a502-11d2-bbca-00c04f8ec294} - C:\Programme\Common Files\microsoft shared\Help\hxds.dll (Microsoft Corporation) O18 - Protocol\Handler\msnim {828030A1-22C1-4009-854F-8E305202313F} - C:\Programme\Windows Live\Messenger\msgrapp.14.0.8089.0726.dll (Microsoft Corporation) O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Programme\Common Files\Skype\Skype4COM.dll (Skype Technologies) O18 - Protocol\Filter\text/xml {807573E5-5146-11D5-A672-00B0D022E945} - C:\Programme\Common Files\microsoft shared\OFFICE14\MSOXMLMF.DLL (Microsoft Corporation) O20 - AppInit_DLLs: (C:\PROGRA~1\KASPER~1\KASPER~1\mzvkbd3.dll) - C:\Programme\Kaspersky Lab\Kaspersky Anti-Virus 2010\mzvkbd3.dll (Kaspersky Lab) O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation) O20 - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\Windows\System32\SystemPropertiesPerformance.exe (Microsoft Corporation) O20 - HKLM Winlogon: VMApplet - (/pagefile) - File not found O20 - Winlogon\Notify\klogon: DllName - C:\Windows\system32\klogon.dll - C:\Windows\System32\klogon.dll (Kaspersky Lab) O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - CLSID or File not found. O32 - HKLM CDRom: AutoRun - 1 O32 - AutoRun File - [2009.06.10 15:42:20 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ] O33 - MountPoints2\{36eb6e8f-3659-11df-949c-00037aaaaab2}\Shell - "" = AutoRun O33 - MountPoints2\{36eb6e8f-3659-11df-949c-00037aaaaab2}\Shell\AutoRun\command - "" = E:\LaunchU3.exe -a O33 - MountPoints2\{9d6f704a-17ce-11df-a047-00037aaaaab2}\Shell - "" = AutoRun O33 - MountPoints2\{9d6f704a-17ce-11df-a047-00037aaaaab2}\Shell\AutoRun\command - "" = F:\Welcome\Welcome.exe O34 - HKLM BootExecute: (autocheck autochk *) - File not found O35 - HKLM\..comfile [open] -- "%1" %* O35 - HKLM\..exefile [open] -- "%1" %* O35 - HKU\S-1-5-21-631388349-1085569318-2024419824-1001..exefile [open] -- "C:\Users\Hens\AppData\Local\dsh.exe" -a "%1" %* () O37 - HKLM\...com [@ = comfile] -- "%1" %* O37 - HKLM\...exe [@ = exefile] -- "%1" %* O37 - HKU\S-1-5-21-631388349-1085569318-2024419824-1001\...exe [@ = exefile] -- "C:\Users\Hens\AppData\Local\dsh.exe" -a "%1" %* () NetSvcs: FastUserSwitchingCompatibility - File not found NetSvcs: Ias - File not found NetSvcs: Nla - File not found NetSvcs: Ntmssvc - File not found NetSvcs: NWCWorkstation - File not found NetSvcs: Nwsapagent - File not found NetSvcs: SRService - File not found NetSvcs: WmdmPmSp - File not found NetSvcs: LogonHours - File not found NetSvcs: PCAudit - File not found NetSvcs: helpsvc - File not found NetSvcs: uploadmgr - File not found SafeBootMin: AppMgmt - Service SafeBootMin: Base - Driver Group SafeBootMin: Boot Bus Extender - Driver Group SafeBootMin: Boot file system - Driver Group SafeBootMin: File system - Driver Group SafeBootMin: Filter - Driver Group SafeBootMin: HelpSvc - Service SafeBootMin: NTDS - File not found SafeBootMin: PCI Configuration - Driver Group SafeBootMin: PNP Filter - Driver Group SafeBootMin: Primary disk - Driver Group SafeBootMin: sacsvr - Service SafeBootMin: SCSI Class - Driver Group SafeBootMin: System Bus Extender - Driver Group SafeBootMin: vmms - Service SafeBootMin: WinDefend - Service SafeBootMin: {36FC9E60-C465-11CF-8056-444553540000} - Universal Serial Bus controllers SafeBootMin: {4D36E965-E325-11CE-BFC1-08002BE10318} - CD-ROM Drive SafeBootMin: {4D36E967-E325-11CE-BFC1-08002BE10318} - DiskDrive SafeBootMin: {4D36E969-E325-11CE-BFC1-08002BE10318} - Standard floppy disk controller SafeBootMin: {4D36E96A-E325-11CE-BFC1-08002BE10318} - Hdc SafeBootMin: {4D36E96B-E325-11CE-BFC1-08002BE10318} - Keyboard SafeBootMin: {4D36E96F-E325-11CE-BFC1-08002BE10318} - Mouse SafeBootMin: {4D36E977-E325-11CE-BFC1-08002BE10318} - PCMCIA Adapters SafeBootMin: {4D36E97B-E325-11CE-BFC1-08002BE10318} - SCSIAdapter SafeBootMin: {4D36E97D-E325-11CE-BFC1-08002BE10318} - System SafeBootMin: {4D36E980-E325-11CE-BFC1-08002BE10318} - Floppy disk drive SafeBootMin: {533C5B84-EC70-11D2-9505-00C04F79DEAF} - Volume shadow copy SafeBootMin: {6BDD1FC1-810F-11D0-BEC7-08002BE2092F} - IEEE 1394 Bus host controllers SafeBootMin: {71A27CDD-812A-11D0-BEC7-08002BE2092F} - Volume SafeBootMin: {745A17A0-74D3-11D0-B6FE-00A0C90F57DA} - Human Interface Devices SafeBootMin: {D48179BE-EC20-11D1-B6B8-00C04FA372A7} - SBP2 IEEE 1394 Devices SafeBootMin: {D94EE5D8-D189-4994-83D2-F68D7D41B0E6} - SecurityDevices SafeBootNet: AppMgmt - Service SafeBootNet: Base - Driver Group SafeBootNet: Boot Bus Extender - Driver Group SafeBootNet: Boot file system - Driver Group SafeBootNet: File system - Driver Group SafeBootNet: Filter - Driver Group SafeBootNet: HelpSvc - Service SafeBootNet: Messenger - Service SafeBootNet: NDIS Wrapper - Driver Group SafeBootNet: NetBIOSGroup - Driver Group SafeBootNet: NetDDEGroup - Driver Group SafeBootNet: Network - Driver Group SafeBootNet: NetworkProvider - Driver Group SafeBootNet: NTDS - File not found SafeBootNet: PCI Configuration - Driver Group SafeBootNet: PNP Filter - Driver Group SafeBootNet: PNP_TDI - Driver Group SafeBootNet: Primary disk - Driver Group SafeBootNet: rdsessmgr - Service SafeBootNet: sacsvr - Service SafeBootNet: SCSI Class - Driver Group SafeBootNet: Streams Drivers - Driver Group SafeBootNet: System Bus Extender - Driver Group SafeBootNet: TDI - Driver Group SafeBootNet: vmms - Service SafeBootNet: WinDefend - Service SafeBootNet: WudfUsbccidDriver - Driver SafeBootNet: {36FC9E60-C465-11CF-8056-444553540000} - Universal Serial Bus controllers SafeBootNet: {4D36E965-E325-11CE-BFC1-08002BE10318} - CD-ROM Drive SafeBootNet: {4D36E967-E325-11CE-BFC1-08002BE10318} - DiskDrive SafeBootNet: {4D36E969-E325-11CE-BFC1-08002BE10318} - Standard floppy disk controller SafeBootNet: {4D36E96A-E325-11CE-BFC1-08002BE10318} - Hdc SafeBootNet: {4D36E96B-E325-11CE-BFC1-08002BE10318} - Keyboard SafeBootNet: {4D36E96F-E325-11CE-BFC1-08002BE10318} - Mouse SafeBootNet: {4D36E972-E325-11CE-BFC1-08002BE10318} - Net SafeBootNet: {4D36E973-E325-11CE-BFC1-08002BE10318} - NetClient SafeBootNet: {4D36E974-E325-11CE-BFC1-08002BE10318} - NetService SafeBootNet: {4D36E975-E325-11CE-BFC1-08002BE10318} - NetTrans SafeBootNet: {4D36E977-E325-11CE-BFC1-08002BE10318} - PCMCIA Adapters SafeBootNet: {4D36E97B-E325-11CE-BFC1-08002BE10318} - SCSIAdapter SafeBootNet: {4D36E97D-E325-11CE-BFC1-08002BE10318} - System SafeBootNet: {4D36E980-E325-11CE-BFC1-08002BE10318} - Floppy disk drive SafeBootNet: {50DD5230-BA8A-11D1-BF5D-0000F805F530} - Smart card readers SafeBootNet: {533C5B84-EC70-11D2-9505-00C04F79DEAF} - Volume shadow copy SafeBootNet: {6BDD1FC1-810F-11D0-BEC7-08002BE2092F} - IEEE 1394 Bus host controllers SafeBootNet: {71A27CDD-812A-11D0-BEC7-08002BE2092F} - Volume SafeBootNet: {745A17A0-74D3-11D0-B6FE-00A0C90F57DA} - Human Interface Devices SafeBootNet: {D48179BE-EC20-11D1-B6B8-00C04FA372A7} - SBP2 IEEE 1394 Devices SafeBootNet: {D94EE5D8-D189-4994-83D2-F68D7D41B0E6} - SecurityDevices ActiveX: {08B0E5C0-4FCB-11CF-AAA5-00401C608500} - Microsoft VM ActiveX: {22d6f312-b0f6-11d0-94ab-0080c74c7e95} - Microsoft Windows Media Player 12.0 ActiveX: {25FFAAD0-F4A3-4164-95FF-4461E9F35D51} - .NET Framework ActiveX: {2C7339CF-2B09-4501-B3F3-F3508C9228ED} - %SystemRoot%\system32\regsvr32.exe /s /n /i:/UserInstall %SystemRoot%\system32\themeui.dll ActiveX: {3af36230-a269-11d1-b5bf-0000f8051515} - Offline Browsing Pack ActiveX: {44BBA840-CC51-11CF-AAFA-00AA00B6015C} - "%ProgramFiles%\Windows Mail\WinMail.exe" OCInstallUserConfigOE ActiveX: {44BBA855-CC51-11CF-AAFA-00AA00B6015F} - DirectDrawEx ActiveX: {45ea75a0-a269-11d1-b5bf-0000f8051515} - Internet Explorer Help ActiveX: {4f645220-306d-11d2-995d-00c04f98bbc9} - Microsoft Windows Script 5.6 ActiveX: {5fd399c0-a70a-11d1-9948-00c04f98bbc9} - Internet Explorer Setup Tools ActiveX: {630b1da0-b465-11d1-9948-00c04f98bbc9} - Browsing Enhancements ActiveX: {6BF52A52-394A-11d3-B153-00C04F79FAA6} - Microsoft Windows Media Player ActiveX: {6fab99d0-bab8-11d1-994a-00c04f98bbc9} - MSN Site Access ActiveX: {73FA19D0-2D75-11D2-995D-00C04F98BBC9} - Webordner ActiveX: {7790769C-0471-11d2-AF11-00C04FA35D02} - Address Book 7 ActiveX: {7C028AF8-F614-47B3-82DA-BA94E41B1089} - .NET Framework ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4340} - regsvr32.exe /s /n /i:U shell32.dll ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4383} - C:\Windows\System32\ie4uinit.exe -BaseSettings ActiveX: {89B4C1CD-B018-4511-B0A1-5476DBF70820} - C:\Windows\system32\Rundll32.exe C:\Windows\system32\mscories.dll,Install ActiveX: {9381D8F2-0288-11D0-9501-00AA00B911A5} - Dynamic HTML Data Binding ActiveX: {C9E9A340-D1F1-11D0-821E-444553540600} - Internet Explorer Core Fonts ActiveX: {de5aed00-a4bf-11d1-9948-00c04f98bbc9} - HTML Help ActiveX: {E92B03AB-B707-11d2-9CBD-0000F87A369E} - Active Directory Service Interface ActiveX: >{22d6f312-b0f6-11d0-94ab-0080c74c7e95} - %SystemRoot%\system32\unregmp2.exe /ShowWMP ActiveX: >{26923b43-4d38-484f-9b9e-de460746276c} - C:\Windows\System32\ie4uinit.exe -UserIconConfig ActiveX: >{60B49E34-C7CC-11D0-8953-00A0C90347FF} - "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\iedkcs32.dll",BrandIEActiveSetup SIGNUP Drivers32: msacm.l3acm - C:\Windows\System32\l3codeca.acm (Fraunhofer Institut Integrierte Schaltungen IIS) Drivers32: MSVideo - C:\Windows\System32\vfwwdm32.dll (Microsoft Corporation) Drivers32: MSVideo8 - C:\Windows\System32\vfwwdm32.dll (Microsoft Corporation) Drivers32: vidc.cvid - C:\Windows\System32\iccvid.dll (Radius Inc.) Drivers32: vidc.DIVX - C:\Windows\System32\DivX.dll (DivX, Inc.) Drivers32: vidc.i420 - C:\Windows\System32\lvcodec2.dll (Logitech Inc.) Drivers32: vidc.mjpg - pvmjpg30.dll File not found Drivers32: vidc.tscc - C:\Windows\System32\tsccvid.dll (TechSmith Corporation) Drivers32: vidc.yv12 - C:\Windows\System32\DivX.dll (DivX, Inc.) ========== Files/Folders - Created Within 30 Days ========== [2011.04.08 12:46:03 | 000,580,608 | ---- | C] (OldTimer Tools) -- C:\Users\Hens\Desktop\OTL.exe [2011.04.08 10:57:15 | 000,401,720 | ---- | C] (Trend Micro Inc.) -- C:\Users\Hens\Desktop\HiJackThis.exe [2011.04.08 10:47:27 | 000,000,000 | ---D | C] -- C:\Users\Hens\Desktop\hjtscanlist [2011.04.08 10:42:20 | 000,000,000 | ---D | C] -- C:\Users\Hens\AppData\Roaming\Malwarebytes [2011.04.08 10:37:46 | 000,038,224 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbamswissarmy.sys [2011.04.08 10:37:45 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes [2011.04.08 10:37:37 | 000,020,952 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbam.sys [2011.04.08 10:37:37 | 000,000,000 | ---D | C] -- C:\Programme\Malwarebytes' Anti-Malware [2011.04.08 10:37:14 | 000,000,000 | ---D | C] -- C:\Programme\CCleaner [2011.04.08 10:32:36 | 000,000,000 | ---D | C] -- C:\Programme\Trend Micro [2011.04.08 10:32:36 | 000,000,000 | ---D | C] -- C:\Users\Hens\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\HiJackThis [2011.04.07 23:24:42 | 000,000,000 | ---D | C] -- C:\Users\Hens\AppData\Local\Panther [2011.04.07 23:24:36 | 000,114,688 | -HS- | C] (Microsoft Corporation) -- C:\Users\Hens\AppData\Local\keg.exe [2011.03.27 10:46:49 | 000,000,000 | ---D | C] -- C:\Users\Hens\Desktop\Maria's & Karelia's Party [2011.03.24 14:16:09 | 000,000,000 | ---D | C] -- C:\Users\Hens\Documents\Pinnacle Studio [2011.03.24 14:15:41 | 000,000,000 | ---D | C] -- C:\Users\Hens\AppData\Local\Pinnacle [2011.03.24 14:12:14 | 000,000,000 | ---D | C] -- C:\Programme\Common Files\Pinnacle [2011.03.24 14:10:40 | 000,000,000 | ---D | C] -- C:\ProgramData\Pinnacle Studio Ultimate Collection [2011.03.24 14:06:51 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Pinnacle Studio 14 [2011.03.24 14:06:05 | 000,000,000 | ---D | C] -- C:\Users\Public\Documents\My Projects [2011.03.24 14:00:04 | 000,000,000 | ---D | C] -- C:\Programme\Common Files\Pegasus Imaging [2011.03.24 14:00:03 | 000,000,000 | ---D | C] -- C:\Programme\Common Files\Yahoo! [2011.03.24 14:00:03 | 000,000,000 | ---D | C] -- C:\ProgramData\Studio 14 [2011.03.24 14:00:03 | 000,000,000 | ---D | C] -- C:\ProgramData\Pinnacle Studio Plus [2011.03.24 14:00:03 | 000,000,000 | ---D | C] -- C:\Users\Public\Documents\Pinnacle [2011.03.24 12:50:59 | 000,000,000 | ---D | C] -- C:\Programme\SafeNet Sentinel [2011.03.24 12:50:59 | 000,000,000 | ---D | C] -- C:\Programme\Common Files\SafeNet Sentinel [2011.03.24 12:50:33 | 000,000,000 | ---D | C] -- C:\Windows\Downloaded Installations [2011.03.24 12:37:46 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Motion Analysis [2011.03.24 12:37:32 | 000,000,000 | ---D | C] -- C:\Programme\Motion Analysis [2011.03.24 11:48:14 | 000,000,000 | ---D | C] -- C:\Users\Hens\AppData\Roaming\DVDVideoSoft [2011.03.19 19:36:43 | 000,000,000 | ---D | C] -- C:\Users\Hens\Desktop\Banff [2010.06.06 04:21:30 | 000,148,736 | ---- | C] (Avanquest Software) -- C:\ProgramData\hpeA9D5.dll [3 C:\*.tmp files -> C:\*.tmp -> ] ========== Files - Modified Within 30 Days ========== [2011.04.08 13:11:33 | 000,008,692 | -HS- | M] () -- C:\Users\Hens\AppData\Local\js6cy226kpp3fu006bryc5cx757a25077l2 [2011.04.08 13:11:33 | 000,008,692 | -HS- | M] () -- C:\ProgramData\js6cy226kpp3fu006bryc5cx757a25077l2 [2011.04.08 12:36:42 | 000,580,608 | ---- | M] (OldTimer Tools) -- C:\Users\Hens\Desktop\OTL.exe [2011.04.08 12:18:18 | 000,013,456 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0 [2011.04.08 12:18:18 | 000,013,456 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0 [2011.04.08 12:10:23 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat [2011.04.08 12:10:17 | 1603,080,192 | -HS- | M] () -- C:\hiberfil.sys [2011.04.08 10:54:50 | 000,401,720 | ---- | M] (Trend Micro Inc.) -- C:\Users\Hens\Desktop\HiJackThis.exe [2011.04.08 10:46:52 | 000,109,774 | ---- | M] () -- C:\Users\Hens\Documents\cc_20110408_104634.reg [2011.04.08 10:37:46 | 000,001,067 | ---- | M] () -- C:\Users\Public\Desktop\Malwarebytes' Anti-Malware.lnk [2011.04.08 10:37:15 | 000,000,965 | ---- | M] () -- C:\Users\Public\Desktop\CCleaner.lnk [2011.04.08 10:32:36 | 000,002,959 | ---- | M] () -- C:\Users\Hens\Desktop\HiJackThis.lnk [2011.04.08 09:49:33 | 000,643,866 | ---- | M] () -- C:\Windows\System32\perfh007.dat [2011.04.08 09:49:33 | 000,607,190 | ---- | M] () -- C:\Windows\System32\perfh009.dat [2011.04.08 09:49:33 | 000,126,394 | ---- | M] () -- C:\Windows\System32\perfc007.dat [2011.04.08 09:49:33 | 000,103,568 | ---- | M] () -- C:\Windows\System32\perfc009.dat [2011.04.07 23:24:36 | 000,114,688 | -HS- | M] (Microsoft Corporation) -- C:\Users\Hens\AppData\Local\keg.exe [2011.04.07 23:24:22 | 000,217,202 | -HS- | M] () -- C:\Users\Hens\AppData\Local\dsh.exe [2011.04.07 23:24:20 | 000,217,202 | -HS- | M] () -- C:\Users\Hens\AppData\Local\dxm.exe [2011.04.06 17:21:33 | 000,208,896 | ---- | M] () -- C:\Users\Hens\Documents\Studierendenfeedback_Berufspraktikum_Hendrik_Enders.dot [2011.04.04 23:10:10 | 000,000,000 | ---- | M] () -- C:\Windows\System32\drivers\lvuvc.hs [2011.04.04 10:47:00 | 000,115,267 | ---- | M] () -- C:\Windows\System32\drivers\klin.dat [2011.04.04 10:47:00 | 000,097,859 | ---- | M] () -- C:\Windows\System32\drivers\klick.dat [2011.04.01 08:45:28 | 000,272,624 | ---- | M] () -- C:\Users\Hens\Desktop\payment.png [2011.03.31 09:06:26 | 000,000,306 | RHS- | M] () -- C:\ProgramData\ntuser.pol [2011.03.27 16:39:22 | 000,000,349 | ---- | M] () -- C:\Users\Public\Documents\PCLECHAL.INI [2011.03.24 22:34:05 | 003,834,352 | ---- | M] () -- C:\Windows\System32\FNTCACHE.DAT [2011.03.24 14:06:55 | 000,001,152 | ---- | M] () -- C:\Users\Public\Desktop\Pinnacle Studio 14.lnk [2011.03.24 12:37:47 | 000,002,093 | ---- | M] () -- C:\Users\Public\Desktop\EVaRT 5.0.4.lnk [2011.03.24 12:37:47 | 000,002,060 | ---- | M] () -- C:\Users\Public\Desktop\MAC License Tool.lnk [2011.03.23 12:01:48 | 000,191,488 | ---- | M] () -- C:\Users\Hens\Desktop\Assessment_of_professional_internship_Hendrik_Enders.dot [2011.03.23 11:59:39 | 000,214,528 | ---- | M] () -- C:\Users\Hens\Desktop\Student_feedback professional internship_Hendrik_Enders.dot [2011.03.23 11:57:59 | 000,217,088 | ---- | M] () -- C:\Users\Hens\Desktop\Company_feedback_on_professional_internship__Hendrik_Enders.dot [3 C:\*.tmp files -> C:\*.tmp -> ] ========== Files Created - No Company Name ========== [2011.04.08 10:46:38 | 000,109,774 | ---- | C] () -- C:\Users\Hens\Documents\cc_20110408_104634.reg [2011.04.08 10:37:46 | 000,001,067 | ---- | C] () -- C:\Users\Public\Desktop\Malwarebytes' Anti-Malware.lnk [2011.04.08 10:37:15 | 000,000,965 | ---- | C] () -- C:\Users\Public\Desktop\CCleaner.lnk [2011.04.08 10:32:36 | 000,002,959 | ---- | C] () -- C:\Users\Hens\Desktop\HiJackThis.lnk [2011.04.07 23:24:38 | 000,008,692 | -HS- | C] () -- C:\Users\Hens\AppData\Local\js6cy226kpp3fu006bryc5cx757a25077l2 [2011.04.07 23:24:38 | 000,008,692 | -HS- | C] () -- C:\ProgramData\js6cy226kpp3fu006bryc5cx757a25077l2 [2011.04.07 23:24:22 | 000,217,202 | -HS- | C] () -- C:\Users\Hens\AppData\Local\dsh.exe [2011.04.07 23:24:20 | 000,217,202 | -HS- | C] () -- C:\Users\Hens\AppData\Local\dxm.exe [2011.04.06 17:14:36 | 000,208,896 | ---- | C] () -- C:\Users\Hens\Documents\Studierendenfeedback_Berufspraktikum_Hendrik_Enders.dot [2011.03.31 09:17:44 | 000,002,441 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Reader 9.lnk [2011.03.24 22:55:35 | 000,001,104 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Mozilla Firefox.lnk [2011.03.24 14:06:55 | 000,001,152 | ---- | C] () -- C:\Users\Public\Desktop\Pinnacle Studio 14.lnk [2011.03.24 12:37:47 | 000,002,093 | ---- | C] () -- C:\Users\Public\Desktop\EVaRT 5.0.4.lnk [2011.03.24 12:37:47 | 000,002,060 | ---- | C] () -- C:\Users\Public\Desktop\MAC License Tool.lnk [2011.03.23 12:01:48 | 000,191,488 | ---- | C] () -- C:\Users\Hens\Desktop\Assessment_of_professional_internship_Hendrik_Enders.dot [2011.03.23 11:59:39 | 000,214,528 | ---- | C] () -- C:\Users\Hens\Desktop\Student_feedback professional internship_Hendrik_Enders.dot [2011.03.23 11:57:58 | 000,217,088 | ---- | C] () -- C:\Users\Hens\Desktop\Company_feedback_on_professional_internship__Hendrik_Enders.dot [2011.01.18 19:23:34 | 000,000,132 | ---- | C] () -- C:\Users\Hens\AppData\Roaming\Adobe GIF Format CS5 Prefs [2010.09.21 07:41:59 | 000,012,956 | ---- | C] () -- C:\Users\Hens\AppData\Roaming\Kommagetrennte Werte (Windows).CAL [2010.08.15 01:07:03 | 000,077,824 | ---- | C] () -- C:\Windows\KMService.exe [2010.08.15 01:07:03 | 000,008,192 | ---- | C] () -- C:\Windows\System32\srvany.exe [2010.08.15 00:41:15 | 000,140,288 | ---- | C] () -- C:\Windows\System32\igfxtvcx.dll [2010.04.20 17:07:12 | 000,082,289 | ---- | C] () -- C:\Windows\System32\lvcoinst.ini [2010.04.14 14:20:19 | 000,000,306 | RHS- | C] () -- C:\ProgramData\ntuser.pol [2010.03.15 09:13:35 | 000,739,328 | ---- | C] () -- C:\Windows\System32\libxml2.dll [2010.03.15 09:13:35 | 000,073,728 | ---- | C] () -- C:\Windows\System32\zlib.dll [2010.03.15 09:12:56 | 000,872,507 | ---- | C] () -- C:\Windows\System32\mesa.dll [2010.03.15 09:12:55 | 000,031,776 | ---- | C] () -- C:\Windows\System32\NT_IODRV.EXE [2010.02.09 03:27:41 | 000,000,000 | ---- | C] () -- C:\Windows\System32\dlumd9.dll [2010.02.09 03:27:41 | 000,000,000 | ---- | C] () -- C:\Windows\System32\dlumd10.dll [2010.02.08 09:49:31 | 000,000,048 | -H-- | C] () -- C:\ProgramData\ezsidmv.dat [2010.02.08 08:43:26 | 000,604,140 | -HS- | C] () -- C:\Windows\System32\drivers\ISwift3.dat [2010.02.08 08:41:39 | 000,115,267 | ---- | C] () -- C:\Windows\System32\drivers\klin.dat [2010.02.08 08:41:39 | 000,097,859 | ---- | C] () -- C:\Windows\System32\drivers\klick.dat [2010.02.08 08:37:01 | 000,000,400 | ---- | C] () -- C:\Windows\ODBC.INI [2010.01.18 05:42:06 | 000,034,666 | ---- | C] () -- C:\Windows\Irremote.ini [2009.10.06 17:46:36 | 000,025,752 | ---- | C] () -- C:\Windows\System32\drivers\LVPr2Mon.sys [2009.10.06 17:23:08 | 000,013,584 | ---- | C] () -- C:\Windows\System32\drivers\iKeyLFT2.dll [2009.09.23 11:16:08 | 002,050,952 | ---- | C] () -- C:\Windows\System32\igkrng400.bin [2009.07.14 02:47:43 | 000,643,866 | ---- | C] () -- C:\Windows\System32\perfh007.dat [2009.07.14 02:47:43 | 000,295,922 | ---- | C] () -- C:\Windows\System32\perfi007.dat [2009.07.14 02:47:43 | 000,126,394 | ---- | C] () -- C:\Windows\System32\perfc007.dat [2009.07.14 02:47:43 | 000,038,104 | ---- | C] () -- C:\Windows\System32\perfd007.dat [2009.07.13 22:57:37 | 000,067,584 | --S- | C] () -- C:\Windows\bootstat.dat [2009.07.13 22:33:53 | 003,834,352 | ---- | C] () -- C:\Windows\System32\FNTCACHE.DAT [2009.07.13 20:05:48 | 000,607,190 | ---- | C] () -- C:\Windows\System32\perfh009.dat [2009.07.13 20:05:48 | 000,291,294 | ---- | C] () -- C:\Windows\System32\perfi009.dat [2009.07.13 20:05:48 | 000,103,568 | ---- | C] () -- C:\Windows\System32\perfc009.dat [2009.07.13 20:05:48 | 000,031,548 | ---- | C] () -- C:\Windows\System32\perfd009.dat [2009.07.13 20:05:05 | 000,000,741 | ---- | C] () -- C:\Windows\System32\NOISE.DAT [2009.07.13 20:04:11 | 000,215,943 | ---- | C] () -- C:\Windows\System32\dssec.dat [2009.07.13 18:55:09 | 000,587,776 | ---- | C] () -- C:\Windows\System32\hpotscl1.dll [2009.07.13 17:55:01 | 000,043,131 | ---- | C] () -- C:\Windows\mib.bin [2009.07.13 17:51:43 | 000,073,728 | ---- | C] () -- C:\Windows\System32\BthpanContextHandler.dll [2009.07.13 17:42:10 | 000,064,000 | ---- | C] () -- C:\Windows\System32\BWContextHandler.dll [2009.06.10 15:26:10 | 000,673,088 | ---- | C] () -- C:\Windows\System32\mlang.dat [2009.05.24 22:18:10 | 000,027,507 | ---- | C] () -- C:\Windows\System32\drivers\klopp.dat [2007.08.23 10:55:34 | 003,596,288 | ---- | C] () -- C:\Windows\System32\qt-dx331.dll ========== LOP Check ========== [2010.02.12 06:35:55 | 000,000,000 | ---D | M] -- C:\Users\Hens\AppData\Roaming\DAEMON Tools Lite [2011.04.07 22:04:05 | 000,000,000 | ---D | M] -- C:\Users\Hens\AppData\Roaming\Dropbox [2011.03.24 11:49:11 | 000,000,000 | ---D | M] -- C:\Users\Hens\AppData\Roaming\DVDVideoSoft [2011.03.24 11:49:47 | 000,000,000 | ---D | M] -- C:\Users\Hens\AppData\Roaming\DVDVideoSoftIEHelpers [2010.04.12 09:14:14 | 000,000,000 | ---D | M] -- C:\Users\Hens\AppData\Roaming\Facebook [2010.12.07 13:06:12 | 000,000,000 | ---D | M] -- C:\Users\Hens\AppData\Roaming\Foxit Software [2010.11.07 11:53:34 | 000,000,000 | ---D | M] -- C:\Users\Hens\AppData\Roaming\IrfanView [2011.02.24 20:16:47 | 000,000,000 | ---D | M] -- C:\Users\Hens\AppData\Roaming\JabRef 2.6 [2010.04.20 17:08:56 | 000,000,000 | ---D | M] -- C:\Users\Hens\AppData\Roaming\Leadertech [2010.06.06 04:27:37 | 000,000,000 | ---D | M] -- C:\Users\Hens\AppData\Roaming\MyPhoneExplorer [2010.02.13 14:32:00 | 000,000,000 | ---D | M] -- C:\Users\Hens\AppData\Roaming\PTC [2010.04.14 14:23:43 | 000,000,000 | ---D | M] -- C:\Users\Hens\AppData\Roaming\ScanSoft [2010.02.21 15:31:09 | 000,000,000 | ---D | M] -- C:\Users\Hens\AppData\Roaming\Sierra Wireless [2010.04.21 09:54:47 | 000,000,000 | ---D | M] -- C:\Users\Hens\AppData\Roaming\SmartDraw [2010.11.07 01:34:21 | 000,000,000 | ---D | M] -- C:\Users\Hens\AppData\Roaming\SumatraPDF [2011.01.03 16:28:35 | 000,000,000 | ---D | M] -- C:\Users\Hens\AppData\Roaming\Thunderbird [2010.11.07 07:44:08 | 000,000,000 | ---D | M] -- C:\Users\Hens\AppData\Roaming\xm1 [2010.04.14 14:21:48 | 000,000,000 | ---D | M] -- C:\Users\Hens\AppData\Roaming\Zeon [2011.02.12 03:21:24 | 000,032,632 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT ========== Purity Check ========== ========== Custom Scans ========== < %ALLUSERSPROFILE%\Application Data\*. > < %ALLUSERSPROFILE%\Application Data\*.exe /s > < %APPDATA%\*. > [2011.01.11 14:04:11 | 000,000,000 | ---D | M] -- C:\Users\Hens\AppData\Roaming\Adobe [2010.02.28 08:59:05 | 000,000,000 | ---D | M] -- C:\Users\Hens\AppData\Roaming\Ahead [2010.02.28 11:35:31 | 000,000,000 | ---D | M] -- C:\Users\Hens\AppData\Roaming\Apple Computer [2010.02.12 06:35:55 | 000,000,000 | ---D | M] -- C:\Users\Hens\AppData\Roaming\DAEMON Tools Lite [2011.03.24 14:17:08 | 000,000,000 | ---D | M] -- C:\Users\Hens\AppData\Roaming\DivX [2011.04.07 22:04:05 | 000,000,000 | ---D | M] -- C:\Users\Hens\AppData\Roaming\Dropbox [2011.03.26 15:58:29 | 000,000,000 | ---D | M] -- C:\Users\Hens\AppData\Roaming\dvdcss [2011.03.24 11:49:11 | 000,000,000 | ---D | M] -- C:\Users\Hens\AppData\Roaming\DVDVideoSoft [2011.03.24 11:49:47 | 000,000,000 | ---D | M] -- C:\Users\Hens\AppData\Roaming\DVDVideoSoftIEHelpers [2010.04.12 09:14:14 | 000,000,000 | ---D | M] -- C:\Users\Hens\AppData\Roaming\Facebook [2010.12.07 13:06:12 | 000,000,000 | ---D | M] -- C:\Users\Hens\AppData\Roaming\Foxit Software [2010.02.08 08:30:01 | 000,000,000 | ---D | M] -- C:\Users\Hens\AppData\Roaming\Identities [2010.11.07 11:53:34 | 000,000,000 | ---D | M] -- C:\Users\Hens\AppData\Roaming\IrfanView [2011.02.24 20:16:47 | 000,000,000 | ---D | M] -- C:\Users\Hens\AppData\Roaming\JabRef 2.6 [2010.04.20 17:08:56 | 000,000,000 | ---D | M] -- C:\Users\Hens\AppData\Roaming\Leadertech [2010.02.08 08:58:50 | 000,000,000 | ---D | M] -- C:\Users\Hens\AppData\Roaming\Macromedia [2011.04.08 10:42:20 | 000,000,000 | ---D | M] -- C:\Users\Hens\AppData\Roaming\Malwarebytes [2010.02.14 14:42:05 | 000,000,000 | ---D | M] -- C:\Users\Hens\AppData\Roaming\MathWorks [2009.07.14 02:56:41 | 000,000,000 | ---D | M] -- C:\Users\Hens\AppData\Roaming\Media Center Programs [2011.03.24 14:12:16 | 000,000,000 | --SD | M] -- C:\Users\Hens\AppData\Roaming\Microsoft [2010.11.07 01:49:45 | 000,000,000 | ---D | M] -- C:\Users\Hens\AppData\Roaming\MiKTeX [2010.02.08 08:49:06 | 000,000,000 | ---D | M] -- C:\Users\Hens\AppData\Roaming\Mozilla [2010.06.06 04:27:37 | 000,000,000 | ---D | M] -- C:\Users\Hens\AppData\Roaming\MyPhoneExplorer [2010.02.13 14:32:00 | 000,000,000 | ---D | M] -- C:\Users\Hens\AppData\Roaming\PTC [2010.04.14 14:23:43 | 000,000,000 | ---D | M] -- C:\Users\Hens\AppData\Roaming\ScanSoft [2010.02.21 15:31:09 | 000,000,000 | ---D | M] -- C:\Users\Hens\AppData\Roaming\Sierra Wireless [2011.04.08 10:44:57 | 000,000,000 | ---D | M] -- C:\Users\Hens\AppData\Roaming\Skype [2011.04.07 22:06:46 | 000,000,000 | ---D | M] -- C:\Users\Hens\AppData\Roaming\skypePM [2010.04.21 09:54:47 | 000,000,000 | ---D | M] -- C:\Users\Hens\AppData\Roaming\SmartDraw [2010.11.07 01:34:21 | 000,000,000 | ---D | M] -- C:\Users\Hens\AppData\Roaming\SumatraPDF [2011.01.03 16:28:35 | 000,000,000 | ---D | M] -- C:\Users\Hens\AppData\Roaming\Thunderbird [2011.04.06 22:27:43 | 000,000,000 | ---D | M] -- C:\Users\Hens\AppData\Roaming\vlc [2010.04.15 03:48:23 | 000,000,000 | ---D | M] -- C:\Users\Hens\AppData\Roaming\WinRAR [2010.11.07 07:44:08 | 000,000,000 | ---D | M] -- C:\Users\Hens\AppData\Roaming\xm1 [2010.04.14 14:21:48 | 000,000,000 | ---D | M] -- C:\Users\Hens\AppData\Roaming\Zeon < %APPDATA%\*.exe /s > [2010.02.25 23:10:20 | 021,979,992 | ---- | M] () -- C:\Users\Hens\AppData\Roaming\Dropbox\bin\Dropbox.exe [2010.09.24 06:57:28 | 000,089,831 | ---- | M] () -- C:\Users\Hens\AppData\Roaming\Dropbox\bin\Uninstall.exe [2010.04.12 09:14:14 | 000,050,354 | ---- | M] (Facebook, Inc.) -- C:\Users\Hens\AppData\Roaming\Facebook\uninstall.exe [2010.04.13 10:18:24 | 000,048,963 | ---- | M] () -- C:\Users\Hens\AppData\Roaming\JabRef 2.6\JabRef.exe [2011.02.24 20:16:47 | 000,062,536 | ---- | M] (JabRef Team) -- C:\Users\Hens\AppData\Roaming\JabRef 2.6\uninstall.exe [2011.04.08 10:32:36 | 000,388,096 | R--- | M] (Trend Micro Inc.) -- C:\Users\Hens\AppData\Roaming\Microsoft\Installer\{45A66726-69BC-466B-A7A4-12FCBA4883D7}\HiJackThis.exe [2011.03.24 14:12:16 | 000,029,926 | R--- | M] () -- C:\Users\Hens\AppData\Roaming\Microsoft\Installer\{6DE721A5-5E89-4D74-994C-652BB3C0672E}\ARPPRODUCTICON.exe < %SYSTEMDRIVE%\*.exe > < MD5 for: AGP440.SYS > [2009.07.13 19:26:15 | 000,053,312 | ---- | M] (Microsoft Corporation) MD5=507812C3054C21CEF746B6EE3D04DD6E -- C:\Windows\System32\drivers\AGP440.sys [2009.07.13 19:26:15 | 000,053,312 | ---- | M] (Microsoft Corporation) MD5=507812C3054C21CEF746B6EE3D04DD6E -- C:\Windows\System32\DriverStore\FileRepository\machine.inf_x86_neutral_65848c2d7375a720\AGP440.sys [2009.07.13 19:26:15 | 000,053,312 | ---- | M] (Microsoft Corporation) MD5=507812C3054C21CEF746B6EE3D04DD6E -- C:\Windows\winsxs\x86_machine.inf_31bf3856ad364e35_6.1.7600.16385_none_b9e9435f20046eeb\AGP440.sys < MD5 for: ATAPI.SYS > [2009.07.13 19:26:15 | 000,021,584 | ---- | M] (Microsoft Corporation) MD5=338C86357871C167A96AB976519BF59E -- C:\Windows\System32\drivers\atapi.sys [2009.07.13 19:26:15 | 000,021,584 | ---- | M] (Microsoft Corporation) MD5=338C86357871C167A96AB976519BF59E -- C:\Windows\System32\DriverStore\FileRepository\mshdc.inf_x86_neutral_f64b9c35a3a5be81\atapi.sys [2009.07.13 19:26:15 | 000,021,584 | ---- | M] (Microsoft Corporation) MD5=338C86357871C167A96AB976519BF59E -- C:\Windows\winsxs\x86_mshdc.inf_31bf3856ad364e35_6.1.7600.16385_none_dd0e7e3d82dd640d\atapi.sys < MD5 for: CNGAUDIT.DLL > [2009.07.13 19:15:06 | 000,012,288 | ---- | M] (Microsoft Corporation) MD5=50BA656134F78AF64E4DD3C8B6FEFD7E -- C:\Windows\System32\cngaudit.dll [2009.07.13 19:15:06 | 000,012,288 | ---- | M] (Microsoft Corporation) MD5=50BA656134F78AF64E4DD3C8B6FEFD7E -- C:\Windows\winsxs\x86_microsoft-windows-cngaudit-dll_31bf3856ad364e35_6.1.7600.16385_none_e83a414890e8132b\cngaudit.dll < MD5 for: EVENTLOG.DLL > [2007.01.23 17:22:16 | 000,032,890 | ---- | M] () MD5=4FA5D1120762802A741F374F8B391E69 -- C:\Programme\MATLAB\R2010a\sys\perl\win32\lib\auto\Win32\EventLog\EventLog.dll < MD5 for: EXPLORER.EXE > [2009.07.13 19:14:20 | 002,613,248 | ---- | M] (Microsoft Corporation) MD5=15BC38A7492BEFE831966ADB477CF76F -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16385_none_518afd35db100430\explorer.exe [2009.10.30 23:45:39 | 002,614,272 | ---- | M] (Microsoft Corporation) MD5=2626FC9755BE22F805D3CFA0CE3EE727 -- C:\Windows\explorer.exe [2009.10.30 23:45:39 | 002,614,272 | ---- | M] (Microsoft Corporation) MD5=2626FC9755BE22F805D3CFA0CE3EE727 -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16450_none_51a66d6ddafc2ed1\explorer.exe [2009.08.02 23:49:47 | 002,613,248 | ---- | M] (Microsoft Corporation) MD5=9FF6C4C91A3711C0A3B18F87B08B518D -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.20500_none_526619d4f3f142e6\explorer.exe [2009.08.02 23:35:50 | 002,613,248 | ---- | M] (Microsoft Corporation) MD5=B95EEB0F4E5EFBF1038A35B3351CF047 -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16404_none_51e07e31dad00878\explorer.exe [2009.10.31 00:00:51 | 002,614,272 | ---- | M] (Microsoft Corporation) MD5=C76153C7ECA00FA852BB0C193378F917 -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.20563_none_52283b2af41f3691\explorer.exe < MD5 for: IASTOR.SYS > [2007.02.12 07:37:22 | 000,537,368 | ---- | M] (Intel Corporation) MD5=2EE127D5407DA3957EE54711C9AED6EC -- C:\fsc.tmp\1010858\64bit\iastor.sys [2007.02.12 07:36:54 | 000,277,784 | ---- | M] (Intel Corporation) MD5=FD7F9D74C2B35DBDA400804A3F5ED5D8 -- C:\fsc.tmp\1010858\32bit\iastor.sys [2007.02.12 07:36:54 | 000,277,784 | ---- | M] (Intel Corporation) MD5=FD7F9D74C2B35DBDA400804A3F5ED5D8 -- C:\Windows\System32\drivers\iaStor.sys [2007.02.12 07:36:54 | 000,277,784 | ---- | M] (Intel Corporation) MD5=FD7F9D74C2B35DBDA400804A3F5ED5D8 -- C:\Windows\System32\DriverStore\FileRepository\iaahci.inf_x86_neutral_32495ab0b5cbc36c\iaStor.sys < MD5 for: IASTORV.SYS > [2009.07.13 19:20:36 | 000,332,352 | ---- | M] (Intel Corporation) MD5=934AF4D7C5F457B9F0743F4299B77B67 -- C:\Windows\System32\drivers\iaStorV.sys [2009.07.13 19:20:36 | 000,332,352 | ---- | M] (Intel Corporation) MD5=934AF4D7C5F457B9F0743F4299B77B67 -- C:\Windows\System32\DriverStore\FileRepository\iastorv.inf_x86_neutral_18cccb83b34e1453\iaStorV.sys [2009.07.13 19:20:36 | 000,332,352 | ---- | M] (Intel Corporation) MD5=934AF4D7C5F457B9F0743F4299B77B67 -- C:\Windows\winsxs\x86_iastorv.inf_31bf3856ad364e35_6.1.7600.16385_none_aee7a89be91b9000\iaStorV.sys < MD5 for: NETLOGON.DLL > [2009.07.13 19:16:02 | 000,563,712 | ---- | M] (Microsoft Corporation) MD5=EAA75D9000B71F10EEC04D2AE6C60E81 -- C:\Windows\System32\netlogon.dll [2009.07.13 19:16:02 | 000,563,712 | ---- | M] (Microsoft Corporation) MD5=EAA75D9000B71F10EEC04D2AE6C60E81 -- C:\Windows\winsxs\x86_microsoft-windows-security-netlogon_31bf3856ad364e35_6.1.7600.16385_none_fd8e0d66994d7dc8\netlogon.dll < MD5 for: NVSTOR.SYS > [2009.07.13 19:20:44 | 000,142,416 | ---- | M] (NVIDIA Corporation) MD5=C99F251A5DE63C6F129CF71933ACED0F -- C:\Windows\System32\drivers\nvstor.sys [2009.07.13 19:20:44 | 000,142,416 | ---- | M] (NVIDIA Corporation) MD5=C99F251A5DE63C6F129CF71933ACED0F -- C:\Windows\System32\DriverStore\FileRepository\nvraid.inf_x86_neutral_5bde3fe2945bce9e\nvstor.sys [2009.07.13 19:20:44 | 000,142,416 | ---- | M] (NVIDIA Corporation) MD5=C99F251A5DE63C6F129CF71933ACED0F -- C:\Windows\winsxs\x86_nvraid.inf_31bf3856ad364e35_6.1.7600.16385_none_39b1194b205239d8\nvstor.sys < MD5 for: SCECLI.DLL > [2009.07.13 19:16:13 | 000,175,616 | ---- | M] (Microsoft Corporation) MD5=26073302DAEA83CC5B944C546D6B47D2 -- C:\Windows\System32\scecli.dll [2009.07.13 19:16:13 | 000,175,616 | ---- | M] (Microsoft Corporation) MD5=26073302DAEA83CC5B944C546D6B47D2 -- C:\Windows\winsxs\x86_microsoft-windows-s..urationengineclient_31bf3856ad364e35_6.1.7600.16385_none_37e4387f3a6f0483\scecli.dll < MD5 for: USER32.DLL > [2009.07.13 19:16:17 | 000,811,520 | ---- | M] (Microsoft Corporation) MD5=34B7E222E81FAFA885F0C5F2CFA56861 -- C:\Windows\System32\user32.dll [2009.07.13 19:16:17 | 000,811,520 | ---- | M] (Microsoft Corporation) MD5=34B7E222E81FAFA885F0C5F2CFA56861 -- C:\Windows\winsxs\x86_microsoft-windows-user32_31bf3856ad364e35_6.1.7600.16385_none_cd0ec264ceb014a3\user32.dll < MD5 for: USERINIT.EXE > [2009.07.13 19:14:43 | 000,026,112 | ---- | M] (Microsoft Corporation) MD5=6DE80F60D7DE9CE6B8C2DDFDF79EF175 -- C:\Windows\System32\userinit.exe [2009.07.13 19:14:43 | 000,026,112 | ---- | M] (Microsoft Corporation) MD5=6DE80F60D7DE9CE6B8C2DDFDF79EF175 -- C:\Windows\winsxs\x86_microsoft-windows-userinit_31bf3856ad364e35_6.1.7600.16385_none_dbff103933038d7c\userinit.exe < MD5 for: WINLOGON.EXE > [2009.10.28 00:17:59 | 000,285,696 | ---- | M] (Microsoft Corporation) MD5=37CDB7E72EB66BA85A87CBE37E7F03FD -- C:\Windows\System32\winlogon.exe [2009.10.28 00:17:59 | 000,285,696 | ---- | M] (Microsoft Corporation) MD5=37CDB7E72EB66BA85A87CBE37E7F03FD -- C:\Windows\winsxs\x86_microsoft-windows-winlogon_31bf3856ad364e35_6.1.7600.16447_none_6fc699643622d177\winlogon.exe [2009.10.27 23:52:08 | 000,285,696 | ---- | M] (Microsoft Corporation) MD5=3BABE6767C78FBF5FB8435FEED187F30 -- C:\Windows\winsxs\x86_microsoft-windows-winlogon_31bf3856ad364e35_6.1.7600.20560_none_703394514f56f7c2\winlogon.exe [2009.07.13 19:14:45 | 000,285,696 | ---- | M] (Microsoft Corporation) MD5=8EC6A4AB12B8F3759E21F8E3A388F2CF -- C:\Windows\winsxs\x86_microsoft-windows-winlogon_31bf3856ad364e35_6.1.7600.16385_none_6f99573a36451166\winlogon.exe < MD5 for: WS2IFSL.SYS > [2009.07.13 17:55:02 | 000,016,384 | ---- | M] (Microsoft Corporation) MD5=6DB3276587B853BF886B69528FDB048C -- C:\Windows\System32\drivers\ws2ifsl.sys [2009.07.13 17:55:02 | 000,016,384 | ---- | M] (Microsoft Corporation) MD5=6DB3276587B853BF886B69528FDB048C -- C:\Windows\winsxs\x86_microsoft-windows-w..rastructure-ws2ifsl_31bf3856ad364e35_6.1.7600.16385_none_4f5cf6f829213bb2\ws2ifsl.sys < %systemroot%\system32\drivers\*.sys /lockedfiles > [2010.02.12 06:01:34 | 000,691,696 | ---- | M] () Unable to obtain MD5 -- C:\Windows\System32\drivers\sptd.sys < %systemroot%\System32\config\*.sav > < %systemroot%\*. /mp /s > < %systemroot%\system32\*.dll /lockedfiles > [2009.07.13 19:15:20 | 000,380,957 | ---- | M] (Microsoft Corporation) Unable to obtain MD5 -- C:\Windows\System32\expsrv.dll [2004.08.04 08:00:00 | 001,355,776 | ---- | M] (Microsoft Corporation) Unable to obtain MD5 -- C:\Windows\System32\MSVBVM50.DLL [2009.07.13 19:15:50 | 001,386,496 | ---- | M] (Microsoft Corporation) Unable to obtain MD5 -- C:\Windows\System32\msvbvm60.dll [2009.07.13 19:16:18 | 000,489,472 | ---- | M] (Microsoft Corporation) Unable to obtain MD5 -- C:\Windows\System32\win32spl.dll < End of report > Code:
ATTFilter OTL Extras logfile created on: 08.04.2011 13:15:13 - Run 1 OTL by OldTimer - Version 3.2.22.3 Folder = C:\Users\Hens\Desktop Home Premium Edition (Version = 6.1.7600) - Type = NTWorkstation Internet Explorer (Version = 8.0.7600.16385) Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy 2,00 Gb Total Physical Memory | 1,00 Gb Available Physical Memory | 44,00% Memory free 4,00 Gb Paging File | 3,00 Gb Available in Paging File | 68,00% Paging File free Paging file location(s): ?:\pagefile.sys [binary data] %SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files Drive C: | 149,04 Gb Total Space | 7,27 Gb Free Space | 4,88% Space Free | Partition Type: NTFS Drive E: | 7,88 Gb Total Space | 1,55 Gb Free Space | 19,68% Space Free | Partition Type: FAT32 Computer Name: HENS-PC | User Name: Hens | Logged in as Administrator. Boot Mode: Normal | Scan Mode: All users Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days ========== Extra Registry (SafeList) ========== ========== File Associations ========== [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>] .cpl [@ = cplfile] -- C:\Windows\System32\control.exe (Microsoft Corporation) .hlp [@ = hlpfile] -- C:\Windows\winhlp32.exe (Microsoft Corporation) [HKEY_USERS\S-1-5-21-631388349-1085569318-2024419824-1001\SOFTWARE\Classes\<extension>] .exe [@ = exefile] -- C:\Users\Hens\AppData\Local\dsh.exe () .html [@ = FirefoxHTML] -- C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation) ========== Shell Spawning ========== [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command] batfile [open] -- "%1" %* cmdfile [open] -- "%1" %* comfile [open] -- "%1" %* cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation) exefile [open] -- "%1" %* helpfile [open] -- Reg Error: Key error. hlpfile [open] -- %SystemRoot%\winhlp32.exe %1 (Microsoft Corporation) htmlfile [edit] -- "C:\Program Files\Microsoft Office\Office14\msohtmed.exe" %1 (Microsoft Corporation) htmlfile [print] -- "C:\Program Files\Microsoft Office\Office14\msohtmed.exe" /p %1 (Microsoft Corporation) inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation) piffile [open] -- "%1" %* regfile [merge] -- Reg Error: Key error. scrfile [config] -- "%1" scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l scrfile [open] -- "%1" /S txtfile [edit] -- Reg Error: Key error. Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1 Directory [AddToPlaylistVLC] -- "C:\Program Files\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" () Directory [Bridge] -- C:\Program Files\Adobe\Adobe Bridge CS5\Bridge.exe "%L" (Adobe Systems, Inc.) Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation) Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation) Directory [PlayWithVLC] -- "C:\Program Files\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" () Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation) Folder [explore] -- Reg Error: Value error. Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation) ========== Security Center Settings ========== [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center] "cval" = 0 [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\KasperskyAntiVirus] "DisableMonitoring" = 1 "" = [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc] "VistaSp1" = Reg Error: Unknown registry data type -- File not found "AntiVirusOverride" = 0 "AntiSpywareOverride" = 0 "FirewallOverride" = 0 ========== Firewall Settings ========== [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile] "DisableNotifications" = 0 "EnableFirewall" = 1 [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile] "DisableNotifications" = 0 "EnableFirewall" = 1 [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile] "DisableNotifications" = 0 "EnableFirewall" = 1 ========== Authorized Applications List ========== ========== HKEY_LOCAL_MACHINE Uninstall List ========== [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall] "{002D9D5E-29BA-3E6D-9BC4-3D7D6DBC735C}" = Microsoft Visual C++ 2008 ATL Update kb973924 - x86 9.0.30729.4148 "{033E378E-6AD3-4AD5-BDEB-CBD69B31046C}" = Microsoft_VC90_ATL_x86 "{07287123-B8AC-41CE-8346-3D777245C35B}" = Bonjour "{08D2E121-7F6A-43EB-97FD-629B44903403}" = Microsoft_VC90_CRT_x86 "{0D2DBE8A-43D0-7830-7AE7-CA6C99A832E7}" = Adobe Community Help "{0DB2A37A-67C1-48DB-AA21-1F003FF11D91}" = DisplayLink Core Software "{0F3647F8-E51D-4FCC-8862-9A8D0C5ACF25}" = Microsoft_VC80_ATL_x86 "{1451DE6B-ABE1-4F62-BE9A-B363A17588A2}" = QuickTime "{15FEDA5F-141C-4127-8D7E-B962D1742728}" = Adobe Photoshop CS5 "{18BD326E-89F9-430C-B4BD-11DE323CCCA3}" = Wireless Selector "{191C41F6-4BA8-4D3D-BBC5-AAC8F3077E3F}" = Fujitsu MobilityCenter Extension Utility "{205C6BDD-7B73-42DE-8505-9A093F35A238}" = Windows Live-Uploadtool "{22B775E7-6C42-4FC5-8E10-9A5E3257BD94}" = MSVCRT "{26A24AE4-039D-4CA4-87B4-2F83216020FF}" = Java(TM) 6 Update 23 "{273BEEED-2915-4C6C-B63E-564A4B2819B7}" = KinTrak 7.0 "{3248F0A8-6813-11D6-A77B-00B0D0160050}" = Java(TM) 6 Update 5 "{33E6FA96-31C0-4CEF-B385-C20D51C0FA06}" = OZ711 SCR Driver V3.0.0.9A "{3D05721D-98BD-41AB-B529-30AABE96E7F9}" = ScanSoft PDF Create! 4 "{3FA365DF-2D68-45ED-8F83-8C8A33E65143}" = Apple Application Support "{404C18ED-873A-4191-BA03-30F627445418}" = Sentinel Protection Installer 7.3.0 "{41E654A9-26D0-4EAC-854B-0FA824FFFABB}" = Windows Live Messenger "{45212F71-750F-4B98-8931-2F35DBE6B661}" = Paint.NET v3.5.7 "{45A66726-69BC-466B-A7A4-12FCBA4883D7}" = HiJackThis "{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater "{52B97218-98CB-4B8B-9283-D213C85E1AA4}" = Windows Live Anmelde-Assistent "{56C049BE-79E9-4502-BEA7-9754A3E60F9B}" = neroxml "{5EE7D259-D137-4438-9A5F-42F432EC0421}" = VC80CRTRedist - 8.0.50727.4053 "{5FC68772-6D56-41C6-9DF1-24E868198AE6}" = Windows Live Call "{6226477E-444F-4DFE-BA19-9F4F7D4565BC}" = LifeBook Application Panel "{635FED5B-2C6D-49BE-87E6-7A6FCD22BC5A}" = Microsoft_VC90_MFC_x86 "{6733975E-52C9-4624-805D-36A4F79F7BBB}" = MDESIGN Roloff-Matek Edition "{6956856F-B6B3-4BE0-BA0B-8F495BE32033}" = Apple Software Update "{6D71C3D1-7E36-4655-9A5E-6118C891DC25}" = Kensington Display Adapter "{6DE721A5-5E89-4D74-994C-652BB3C0672E}" = Pinnacle Video Treiber "{716E0306-8318-4364-8B8F-0CC4E9376BAC}" = MSXML 4.0 SP2 Parser and SDK "{7299052b-02a4-4627-81f2-1818da5d550d}" = Microsoft Visual C++ 2005 Redistributable "{7426D8C8-7323-4A3D-9F94-2465B95C26B5}" = TVCenter "{76E41F43-59D2-4F30-BA42-9A762EE1E8DE}" = Avanquest update "{770657D0-A123-3C07-8E44-1C83EC895118}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053 "{7C99490E-9ACE-440D-A717-E750AAF89E6E}" = EVaRT 5.0.4 "{827517C3-9B89-458E-A8F2-96DD24BDFE29}" = Shock Sensor Utility "{8556B16D-AD7A-42A7-8A75-F7C532371031}" = Nero 7 Essentials "{86D4B82A-ABED-442A-BE86-96357B70F4FE}" = Ask Toolbar "{90120000-0020-0409-0000-0000000FF1CE}" = Compatibility Pack for the 2007 Office system "{90140000-0011-0000-0000-0000000FF1CE}" = Microsoft Office Professional Plus 2010 "{90140000-0015-0407-0000-0000000FF1CE}" = Microsoft Office Access MUI (German) 2010 "{90140000-0016-0407-0000-0000000FF1CE}" = Microsoft Office Excel MUI (German) 2010 "{90140000-0018-0407-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (German) 2010 "{90140000-0019-0407-0000-0000000FF1CE}" = Microsoft Office Publisher MUI (German) 2010 "{90140000-001A-0407-0000-0000000FF1CE}" = Microsoft Office Outlook MUI (German) 2010 "{90140000-001B-0407-0000-0000000FF1CE}" = Microsoft Office Word MUI (German) 2010 "{90140000-001F-0407-0000-0000000FF1CE}" = Microsoft Office Proof (German) 2010 "{90140000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2010 "{90140000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2010 "{90140000-001F-0410-0000-0000000FF1CE}" = Microsoft Office Proof (Italian) 2010 "{90140000-002C-0407-0000-0000000FF1CE}" = Microsoft Office Proofing (German) 2010 "{90140000-0044-0407-0000-0000000FF1CE}" = Microsoft Office InfoPath MUI (German) 2010 "{90140000-006E-0407-0000-0000000FF1CE}" = Microsoft Office Shared MUI (German) 2010 "{90140000-00A1-0407-0000-0000000FF1CE}" = Microsoft Office OneNote MUI (German) 2010 "{90140000-00BA-0407-0000-0000000FF1CE}" = Microsoft Office Groove MUI (German) 2010 "{92D58719-BBC1-4CC3-A08B-56C9E884CC2C}" = Microsoft_VC80_CRT_x86 "{943B6738-4801-4982-90EC-0442EF7AEB16}" = Kaspersky Anti-Virus 2010 "{95120000-00B9-0409-0000-0000000FF1CE}" = Microsoft Application Error Reporting "{97C82B44-D408-4F14-9252-47FC1636D23E}_is1" = IZArc 4.1.2 "{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 "{A2BCA9F1-566C-4805-97D1-7FDC93386723}" = Adobe AIR "{A78FE97A-C0C8-49CE-89D0-EDD524A17392}" = PDF Settings CS5 "{AADD1C8F-D59F-4D55-A726-768C71A205A8}" = Pinnacle Studio 14 "{AADEA55D-C834-4BCB-98A3-4B8D1C18F4EE}" = Apple Mobile Device Support "{AC76BA86-7AD7-1031-7B44-A94000000001}" = Adobe Reader 9.4.3 - Deutsch "{BA0CC975-682B-4678-A35C-05E607F36387}" = Fujitsu Hotkey Utility "{C27BC2A2-30DD-4014-B22E-63EB0DB572F9}" = Logitech Webcam Software "{CD95D125-2992-4858-B3EF-5F6FB52FBAD6}" = Skype Toolbars "{D1A19B02-817E-4296-A45B-07853FD74D57}" = Microsoft_VC80_MFC_x86 "{D92BBB52-82FF-42ED-8A3C-4E062F944AB7}" = Microsoft_VC80_MFCLOC_x86 "{DE042823-C359-4B87-B66B-308057E8B6AF}" = Camtasia Studio 7 "{DE3A9DC5-9A5D-6485-9662-347162C7E4CA}" = Adobe Media Player "{E633D396-5188-4E9D-8F6B-BFB8BF3467E8}" = Skype™ 5.1 "{E8A5B78F-4456-4511-AB3D-E7BFFB974A7A}" = Fujitsu System Extension Utility "{EAB283A2-3F35-4FCD-81B0-31A63D2470F9}" = Power Saving Utility "{ED00D08A-3C5F-488D-93A0-A04F21F23956}" = Windows Live Communications Platform "{F0E12BBA-AD66-4022-A453-A1C8A0C4D570}" = Microsoft Choice Guard "{F2BCC06B-72EF-49E5-B54F-DCCDFEA42CA2}" = Fujitsu Display Manager "{F38ADCA4-AF7C-4C73-9021-6F1EA15D15EA}" = Pinnacle TVCenter Pro "{F439D7AF-03F3-4F8E-AEC4-571BFE977C61}" = iTunes "{F8FF18EE-264A-43FD-B2F6-5EAD40798C2F}" = Windows Live Essentials "A71701C3-4C1A-4181-93FA-D7CA487F287D_is1" = HBM TEDS Editor "Adobe AIR" = Adobe AIR "Adobe Flash Player ActiveX" = Adobe Flash Player 10 ActiveX "Adobe Flash Player Plugin" = Adobe Flash Player 10 Plugin "Adobe Shockwave Player" = Adobe Shockwave Player 11.5 "Akamai" = Akamai NetSession Interface "catmanEasy3.0_is1" = catmanEasy/AP 3.0.4.100 "CCleaner" = CCleaner "chc.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1" = Adobe Community Help "com.adobe.amp.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1" = Adobe Media Player "DivX Setup.divx.com" = DivX-Setup "Foxit Reader" = Foxit Reader "Free Audio CD Burner_is1" = Free Audio CD Burner version 1.4.7 "Free Studio_is1" = Free Studio version 5.0.6 "Free YouTube Download_is1" = Free YouTube Download 2.8 "Free YouTube to MP3 Converter_is1" = Free YouTube to MP3 Converter version 3.9.35.324 "GPL Ghostscript 9.00" = GPL Ghostscript 9.00 "GSview 4.9" = GSview 4.9 "HDMI" = Intel(R) Graphics Media Accelerator Driver "HijackThis" = HijackThis 2.0.2 "InstallShield_{18BD326E-89F9-430C-B4BD-11DE323CCCA3}" = Wireless Selector "InstallShield_{191C41F6-4BA8-4D3D-BBC5-AAC8F3077E3F}" = Fujitsu MobilityCenter Extension Utility "InstallShield_{33E6FA96-31C0-4CEF-B385-C20D51C0FA06}" = OZ711 SCR Driver V3.0.0.9A "InstallShield_{6226477E-444F-4DFE-BA19-9F4F7D4565BC}" = LifeBook Application Panel "InstallShield_{7C99490E-9ACE-440D-A717-E750AAF89E6E}" = EVaRT 5.0.4 "InstallShield_{827517C3-9B89-458E-A8F2-96DD24BDFE29}" = Shock Sensor Utility "InstallShield_{BA0CC975-682B-4678-A35C-05E607F36387}" = Fujitsu Hotkey Utility "InstallShield_{E8A5B78F-4456-4511-AB3D-E7BFFB974A7A}" = Fujitsu System Extension Utility "InstallShield_{EAB283A2-3F35-4FCD-81B0-31A63D2470F9}" = Power Saving Utility "InstallShield_{F2BCC06B-72EF-49E5-B54F-DCCDFEA42CA2}" = Fujitsu Display Manager "InstallWIX_{943B6738-4801-4982-90EC-0442EF7AEB16}" = Kaspersky Anti-Virus 2010 "IrfanView" = IrfanView (remove only) "JDownloader" = JDownloader "Logitech Vid" = Logitech Vid HD "lvdrivers_12.10" = Logitech Webcam Software-Treiberpaket "Malwarebytes' Anti-Malware_is1" = Malwarebytes' Anti-Malware "MatlabR2010a" = MATLAB R2010a "MiKTeX 2.9" = MiKTeX 2.9 "Mozilla Firefox 4.0 (x86 en-US)" = Mozilla Firefox 4.0 (x86 en-US) "Mozilla Thunderbird (3.1.9)" = Mozilla Thunderbird (3.1.9) "MPE" = MyPhoneExplorer "Office14.PROPLUS" = Microsoft Office Professional Plus 2010 "OpenVPN" = OpenVPN 2.0.9-gui-1.0.3 "PokerStars.net" = PokerStars.net "Pro/ENGINEER Release Wildfire 4.0 Datecode F000" = Pro/ENGINEER Release Wildfire 4.0 Datecode F000 "PTC License Server Release Wildfire 4.0 Datecode F000" = PTC License Server Release Wildfire 4.0 Datecode F000 "Rainlendar2" = Rainlendar2 (remove only) "Spider32 Setup" = Spider32 Setup "Texmaker" = Texmaker "TVWiz" = Intel(R) TV Wizard "Uninstall_is1" = Uninstall 1.0.0.1 "VLC media player" = VLC media player 1.0.3 "WinLiveSuite_Wave3" = Windows Live Essentials "WinRAR archiver" = WinRAR ========== HKEY_USERS Uninstall List ========== [HKEY_USERS\S-1-5-21-631388349-1085569318-2024419824-1001\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall] "Dropbox" = Dropbox "Facebook Plug-In" = Facebook Plug-In "Faraday's Electromagnetic Lab" = Faraday's Electromagnetic Lab ========== Last 10 Event Log Errors ========== [ Application Events ] Error - 06.04.2011 18:44:12 | Computer Name = Hens-PC | Source = Microsoft Office 14 | ID = 2000 Description = Microsoft Word: Accepted Safe Mode action : Word hat festgestellt, dass sie die STRG-Taste gedrückt halten. Möchten Sie Word im abgesicherten Modus starten?. Error - 06.04.2011 18:50:00 | Computer Name = Hens-PC | Source = Application Error | ID = 1000 Description = Name der fehlerhaften Anwendung: WINWORD.EXE, Version: 14.0.5123.5000, Zeitstempel: 0x4c646b38 Name des fehlerhaften Moduls: ntdll.dll, Version: 6.1.7600.16695, Zeitstempel: 0x4cc7ab44 Ausnahmecode: 0xc0000374 Fehleroffset: 0x000c35e3 ID des fehlerhaften Prozesses: 0x1060 Startzeit der fehlerhaften Anwendung: 0x01cbf4acf2f2e718 Pfad der fehlerhaften Anwendung: C:\Program Files\Microsoft Office\Office14\WINWORD.EXE Pfad des fehlerhaften Moduls: C:\Windows\SYSTEM32\ntdll.dll Berichtskennung: 339dffca-60a0-11e0-af37-c268356a43de Error - 06.04.2011 18:50:12 | Computer Name = Hens-PC | Source = Application Error | ID = 1000 Description = Name der fehlerhaften Anwendung: WINWORD.EXE, Version: 14.0.5123.5000, Zeitstempel: 0x4c646b38 Name des fehlerhaften Moduls: ntdll.dll, Version: 6.1.7600.16695, Zeitstempel: 0x4cc7ab44 Ausnahmecode: 0xc0000374 Fehleroffset: 0x000c35e3 ID des fehlerhaften Prozesses: 0x1340 Startzeit der fehlerhaften Anwendung: 0x01cbf4acfb365982 Pfad der fehlerhaften Anwendung: C:\Program Files\Microsoft Office\Office14\WINWORD.EXE Pfad des fehlerhaften Moduls: C:\Windows\SYSTEM32\ntdll.dll Berichtskennung: 3a6071e1-60a0-11e0-af37-c268356a43de Error - 06.04.2011 18:50:22 | Computer Name = Hens-PC | Source = Microsoft Office 14 | ID = 2000 Description = Microsoft Word: Accepted Safe Mode action : Word hat festgestellt, dass sie die STRG-Taste gedrückt halten. Möchten Sie Word im abgesicherten Modus starten?. Error - 06.04.2011 18:56:08 | Computer Name = Hens-PC | Source = Application Error | ID = 1000 Description = Name der fehlerhaften Anwendung: WINWORD.EXE, Version: 14.0.5123.5000, Zeitstempel: 0x4c646b38 Name des fehlerhaften Moduls: ntdll.dll, Version: 6.1.7600.16695, Zeitstempel: 0x4cc7ab44 Ausnahmecode: 0xc0000374 Fehleroffset: 0x000c35e3 ID des fehlerhaften Prozesses: 0x1420 Startzeit der fehlerhaften Anwendung: 0x01cbf4adce3bb062 Pfad der fehlerhaften Anwendung: C:\Program Files\Microsoft Office\Office14\WINWORD.EXE Pfad des fehlerhaften Moduls: C:\Windows\SYSTEM32\ntdll.dll Berichtskennung: 0ec44c73-60a1-11e0-af37-c268356a43de Error - 06.04.2011 18:56:34 | Computer Name = Hens-PC | Source = Microsoft Office 14 | ID = 2000 Description = Microsoft Word: Accepted Safe Mode action : Word hat festgestellt, dass sie die STRG-Taste gedrückt halten. Möchten Sie Word im abgesicherten Modus starten?. Error - 06.04.2011 18:56:49 | Computer Name = Hens-PC | Source = Microsoft Office 14 | ID = 2000 Description = Microsoft Word: Accepted Safe Mode action : Word hat festgestellt, dass sie die STRG-Taste gedrückt halten. Möchten Sie Word im abgesicherten Modus starten?. Error - 06.04.2011 18:56:59 | Computer Name = Hens-PC | Source = Microsoft Office 14 | ID = 2000 Description = Microsoft Word: Accepted Safe Mode action : Word hat festgestellt, dass sie die STRG-Taste gedrückt halten. Möchten Sie Word im abgesicherten Modus starten?. Error - 06.04.2011 18:59:32 | Computer Name = Hens-PC | Source = Application Error | ID = 1000 Description = Name der fehlerhaften Anwendung: WINWORD.EXE, Version: 14.0.5123.5000, Zeitstempel: 0x4c646b38 Name des fehlerhaften Moduls: ntdll.dll, Version: 6.1.7600.16695, Zeitstempel: 0x4cc7ab44 Ausnahmecode: 0xc0000374 Fehleroffset: 0x000c35e3 ID des fehlerhaften Prozesses: 0x7b8 Startzeit der fehlerhaften Anwendung: 0x01cbf4ae46a32346 Pfad der fehlerhaften Anwendung: C:\Program Files\Microsoft Office\Office14\WINWORD.EXE Pfad des fehlerhaften Moduls: C:\Windows\SYSTEM32\ntdll.dll Berichtskennung: 885d8d11-60a1-11e0-af37-c268356a43de Error - 06.04.2011 18:59:51 | Computer Name = Hens-PC | Source = Microsoft Office 14 | ID = 2000 Description = Microsoft Word: Accepted Safe Mode action : Word hat festgestellt, dass sie die STRG-Taste gedrückt halten. Möchten Sie Word im abgesicherten Modus starten?. [ System Events ] Error - 08.04.2011 12:56:53 | Computer Name = Hens-PC | Source = DCOM | ID = 10005 Description = Error - 08.04.2011 12:56:53 | Computer Name = Hens-PC | Source = DCOM | ID = 10005 Description = Error - 08.04.2011 12:56:54 | Computer Name = Hens-PC | Source = Service Control Manager | ID = 7001 Description = Der Dienst "Netzwerklistendienst" ist vom Dienst "NLA (Network Location Awareness)" abhängig, der aufgrund folgenden Fehlers nicht gestartet wurde: %%1068 Error - 08.04.2011 12:56:54 | Computer Name = Hens-PC | Source = Service Control Manager | ID = 7001 Description = Der Dienst "Netzwerklistendienst" ist vom Dienst "NLA (Network Location Awareness)" abhängig, der aufgrund folgenden Fehlers nicht gestartet wurde: %%1068 Error - 08.04.2011 12:56:54 | Computer Name = Hens-PC | Source = Service Control Manager | ID = 7001 Description = Der Dienst "Netzwerklistendienst" ist vom Dienst "NLA (Network Location Awareness)" abhängig, der aufgrund folgenden Fehlers nicht gestartet wurde: %%1068 Error - 08.04.2011 12:56:54 | Computer Name = Hens-PC | Source = Service Control Manager | ID = 7001 Description = Der Dienst "Netzwerklistendienst" ist vom Dienst "NLA (Network Location Awareness)" abhängig, der aufgrund folgenden Fehlers nicht gestartet wurde: %%1068 Error - 08.04.2011 12:56:55 | Computer Name = Hens-PC | Source = Service Control Manager | ID = 7001 Description = Der Dienst "Netzwerklistendienst" ist vom Dienst "NLA (Network Location Awareness)" abhängig, der aufgrund folgenden Fehlers nicht gestartet wurde: %%1068 Error - 08.04.2011 12:56:55 | Computer Name = Hens-PC | Source = Service Control Manager | ID = 7001 Description = Der Dienst "Netzwerklistendienst" ist vom Dienst "NLA (Network Location Awareness)" abhängig, der aufgrund folgenden Fehlers nicht gestartet wurde: %%1068 Error - 08.04.2011 14:02:02 | Computer Name = Hens-PC | Source = Service Control Manager | ID = 7001 Description = Der Dienst "Netzwerklistendienst" ist vom Dienst "NLA (Network Location Awareness)" abhängig, der aufgrund folgenden Fehlers nicht gestartet wurde: %%1068 Error - 08.04.2011 14:02:03 | Computer Name = Hens-PC | Source = Service Control Manager | ID = 7001 Description = Der Dienst "Netzwerklistendienst" ist vom Dienst "NLA (Network Location Awareness)" abhängig, der aufgrund folgenden Fehlers nicht gestartet wurde: %%1068 < End of report > Danke schon mal |
08.04.2011, 23:26 | #4 |
| Win 7 Security entfernen (log-files vorhanden) lodatei Malwarebytes scanner Code:
ATTFilter Malwarebytes' Anti-Malware 1.50.1.1100 www.malwarebytes.org Datenbank Version: 6314 Windows 6.1.7600 Internet Explorer 8.0.7600.16385 08.04.2011 16:20:18 mbam-log-2011-04-08 (16-20-10).txt Art des Suchlaufs: Vollständiger Suchlauf (C:\|) Durchsuchte Objekte: 430309 Laufzeit: 3 Stunde(n), 58 Minute(n), 17 Sekunde(n) Infizierte Speicherprozesse: 2 Infizierte Speichermodule: 0 Infizierte Registrierungsschlüssel: 0 Infizierte Registrierungswerte: 1 Infizierte Dateiobjekte der Registrierung: 4 Infizierte Verzeichnisse: 0 Infizierte Dateien: 8 Infizierte Speicherprozesse: c:\Windows\kmservice.exe (RiskWare.Tool.CK) -> 540 -> No action taken. c:\Users\Hens\AppData\Local\dsh.exe (Trojan.Agent) -> 3704 -> No action taken. Infizierte Speichermodule: (Keine bösartigen Objekte gefunden) Infizierte Registrierungsschlüssel: (Keine bösartigen Objekte gefunden) Infizierte Registrierungswerte: HKEY_CLASSES_ROOT\.exe\shell\open\command\(default) (Hijack.ExeFile) -> Value: (default) -> No action taken. Infizierte Dateiobjekte der Registrierung: HKEY_LOCAL_MACHINE\SOFTWARE\Clients\StartMenuInternet\FIREFOX.EXE\shell\open\command\(default) (Hijack.StartMenuInternet) -> Bad: ("C:\Users\Hens\AppData\Local\dsh.exe" -a "C:\Program Files\Mozilla Firefox\firefox.exe") Good: (firefox.exe) -> No action taken. HKEY_LOCAL_MACHINE\SOFTWARE\Clients\StartMenuInternet\FIREFOX.EXE\shell\safemode\command\(default) (Hijack.StartMenuInternet) -> Bad: ("C:\Users\Hens\AppData\Local\dsh.exe" -a "C:\Program Files\Mozilla Firefox\firefox.exe" -safe-mode) Good: (firefox.exe -safe-mode) -> No action taken. HKEY_LOCAL_MACHINE\SOFTWARE\Clients\StartMenuInternet\IEXPLORE.EXE\shell\open\command\(default) (Hijack.StartMenuInternet) -> Bad: ("C:\Users\Hens\AppData\Local\dsh.exe" -a "C:\Program Files\Internet Explorer\iexplore.exe") Good: (iexplore.exe) -> No action taken. HKEY_CLASSES_ROOT\exefile\shell\open\command\(default) (Broken.OpenCommand) -> Bad: ("C:\Users\Hens\AppData\Local\dsh.exe" -a "%1" %*) Good: ("%1" %*) -> No action taken. Infizierte Verzeichnisse: (Keine bösartigen Objekte gefunden) Infizierte Dateien: c:\Windows\kmservice.exe (RiskWare.Tool.CK) -> No action taken. c:\Users\Hens\AppData\Local\dsh.exe (Trojan.Agent) -> No action taken. c:\Users\Hens\AppData\Local\dxm.exe (Trojan.Agent) -> No action taken. c:\Users\Hens\AppData\Local\Temp\0.46982674232693467.exe (Trojan.Agent) -> No action taken. c:\Users\Hens\AppData\LocalLow\Sun\Java\deployment\cache\6.0\59\5fe6bdfb-57f354a0 (Trojan.Agent) -> No action taken. c:\Users\Hens\Desktop\techsmith camtasia studio v7.0.1\keymaker(zwt)\keygen.exe (Backdoor.RBot) -> No action taken. c:\Users\Hens\downloads\microsoft office professional plus 2010\activator\mini-kms_activator_v1.052.exe (Riskware.Keygen) -> No action taken. c:\Windows\System32\sysprep\cryptbase.dll (Trojan.Agent) -> No action taken. |
09.04.2011, 10:33 | #5 |
/// Malware-holic | Win 7 Security entfernen (log-files vorhanden) die beiden hab idch ja ganz übersehen c:\Users\Hens\downloads\microsoft office professional plus 2010\activator\mini-kms_activator_v1.052.exe (Riskware.Keygen) -> No action taken. c:\Windows\System32\sysprep\cryptbase.dll (Trojan.Agent) -> No action taken. wer so was nutzt muss sich über malware nicht wundern, desweiteren sehe ich noch verdächtige hosts einträge, du nutzt also wohl noch illegal adobe produkte. dies unterstützen wir nicht, da dies eine straftat ist. du bekommst hier hilfe beim neu aufsetzen, mehr nicht.
__________________ -Verdächtige mails bitte an uns zur Analyse weiterleiten: markusg.trojaner-board@web.de Weiterleiten Anleitung: http://markusg.trojaner-board.de Mails bitte vorerst nach obiger Anleitung an markusg.trojaner-board@web.de Weiterleiten Wenn Ihr uns unterstützen möchtet |
Themen zu Win 7 Security entfernen (log-files vorhanden) |
7-zip, analysis, avp, avp.exe, bho, bootmgr, c:\hiberfil.sys, c:\windows\kmservice.exe, cache.dat, computer, converter, department, desktop, desktop.ini, display adapter, entfernen, excel, flash player, hiberfil.sys, hijack, hijackthis, installation, javaws.exe, jdownloader, kaspersky, log files, logfile, lws.exe, malware, mozilla, mozilla thunderbird, mp3, mpsigstub.exe, myphoneexplorer, notepad.exe, ntdll.dll, plug-in, problem, recycle.bin, schannel.dll, security, senden, server, shell32.dll, sierra, software, studio, system, tastatur, twain.dll, twunk_32.exe, win32k.sys, windows, wmploc.dll |