| |
| |||||||
Log-Analyse und Auswertung: WindowsRecovery. Daten nicht sichtbar.Windows 7 Wenn Du Dir einen Trojaner eingefangen hast oder ständig Viren Warnungen bekommst, kannst Du hier die Logs unserer Diagnose Tools zwecks Auswertung durch unsere Experten posten. Um Viren und Trojaner entfernen zu können, muss das infizierte System zuerst untersucht werden: Erste Schritte zur Hilfe. Beachte dass ein infiziertes System nicht vertrauenswürdig ist und bis zur vollständigen Entfernung der Malware nicht verwendet werden sollte.XML. |
 |
02.05.2011, 10:43
| #1 |
 |  WindowsRecovery. Daten nicht sichtbar. Hallo. Ich habe mir den WindowsRecovery auch eingefangen. Habe die bekannten Symptome. Daten nicht sichtbar und so. Habe vor Malwarebytes noch AntiVir laufen lassen. Die Scans sich aber schon 3 Tage alt. Die Logs Malwarebytes' Anti-Malware 1.50.1.1100 www.malwarebytes.org Datenbank Version: 6472 Windows 6.0.6000 Internet Explorer 7.0.6000.17037 29.04.2011 15:42:48 mbam-log-2011-04-29 (15-42-48).txt Art des Suchlaufs: Quick-Scan Durchsuchte Objekte: 180115 Laufzeit: 6 Minute(n), 25 Sekunde(n) Infizierte Speicherprozesse: 0 Infizierte Speichermodule: 0 Infizierte Registrierungsschlüssel: 7 Infizierte Registrierungswerte: 0 Infizierte Dateiobjekte der Registrierung: 0 Infizierte Verzeichnisse: 0 Infizierte Dateien: 2 Infizierte Speicherprozesse: (Keine bösartigen Objekte gefunden) Infizierte Speichermodule: (Keine bösartigen Objekte gefunden) Infizierte Registrierungsschlüssel: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{055FD26D-3A88-4e15-963D-DC8493744B1D} (Trojan.BHO) -> Quarantined and deleted successfully. HKEY_CLASSES_ROOT\CLSID\{055FD26D-3A88-4e15-963D-DC8493744B1D} (Trojan.BHO) -> Quarantined and deleted successfully. HKEY_CLASSES_ROOT\TypeLib\{77D6DDFA-7834-4541-B2B3-A8B0FB0E3924} (Trojan.BHO) -> Quarantined and deleted successfully. HKEY_CLASSES_ROOT\ToolBand.XTTBPos00.1 (Trojan.BHO) -> Quarantined and deleted successfully. HKEY_CLASSES_ROOT\ToolBand.XTTBPos00 (Trojan.BHO) -> Quarantined and deleted successfully. HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Settings\{055FD26D-3A88-4E15-963D-DC8493744B1D} (Trojan.BHO) -> Quarantined and deleted successfully. HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{055FD26D-3A88-4E15-963D-DC8493744B1D} (Trojan.BHO) -> Quarantined and deleted successfully. Infizierte Registrierungswerte: (Keine bösartigen Objekte gefunden) Infizierte Dateiobjekte der Registrierung: (Keine bösartigen Objekte gefunden) Infizierte Verzeichnisse: (Keine bösartigen Objekte gefunden) Infizierte Dateien: c:\Users\Andy\AppData\Roaming\dhxiuw.dat (Malware.Trace) -> Quarantined and deleted successfully. c:\program files\icqtoolbar\toolbaru.dll (Trojan.BHO) -> Quarantined and deleted successfully. ----------------------------- Malwarebytes' Anti-Malware 1.50.1.1100 www.malwarebytes.org Datenbank Version: 6472 Windows 6.0.6000 Internet Explorer 7.0.6000.17037 29.04.2011 17:54:53 mbam-log-2011-04-29 (17-54-53).txt Art des Suchlaufs: Vollständiger Suchlauf (C:\|D:\|E:\|F:\|G:\|H:\|I:\|J:\|L:\|) Durchsuchte Objekte: 382400 Laufzeit: 1 Stunde(n), 24 Minute(n), 24 Sekunde(n) Infizierte Speicherprozesse: 0 Infizierte Speichermodule: 0 Infizierte Registrierungsschlüssel: 0 Infizierte Registrierungswerte: 0 Infizierte Dateiobjekte der Registrierung: 0 Infizierte Verzeichnisse: 0 Infizierte Dateien: 3 Infizierte Speicherprozesse: (Keine bösartigen Objekte gefunden) Infizierte Speichermodule: (Keine bösartigen Objekte gefunden) Infizierte Registrierungsschlüssel: (Keine bösartigen Objekte gefunden) Infizierte Registrierungswerte: (Keine bösartigen Objekte gefunden) Infizierte Dateiobjekte der Registrierung: (Keine bösartigen Objekte gefunden) Infizierte Verzeichnisse: (Keine bösartigen Objekte gefunden) Infizierte Dateien: c:\Users\Andy\downloads\Spiele\Tido\Spiele\call of duty4 patch\cod4_keygen_keks\cod4 keygen.exe (Trojan.Agent.CK) -> Quarantined and deleted successfully. c:\Users\Andy\downloads\Spiele\Tido\Spiele\carbon instal\razor1911\Keygen.exe (Trojan.Downloader) -> Quarantined and deleted successfully. c:\Users\Andy\downloads\Spiele\Tido\Spiele\need for speed carbon\razor1911\Keygen.exe (Trojan.Downloader) -> Quarantined and deleted successfully. ---------------------------------------------------- Code:
ATTFilter OTL Extras logfile created on: 29.04.2011 18:10:38 - Run 1
OTL by OldTimer - Version 3.2.22.3 Folder = C:\Users\Andy\Downloads
Windows Vista Home Premium Edition (Version = 6.0.6000) - Type = NTWorkstation
Internet Explorer (Version = 7.0.6000.17037)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
2,00 Gb Total Physical Memory | 1,00 Gb Available Physical Memory | 53,00% Memory free
4,00 Gb Paging File | 3,00 Gb Available in Paging File | 73,00% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 465,76 Gb Total Space | 138,73 Gb Free Space | 29,79% Space Free | Partition Type: NTFS
Drive J: | 43,64 Mb Total Space | 0,00 Mb Free Space | 0,00% Space Free | Partition Type: CDFS
Computer Name: ANDY-PC | User Name: Andy | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
========== Extra Registry (SafeList) ==========
========== File Associations ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- C:\Windows\System32\control.exe (Microsoft Corporation)
.hlp [@ = hlpfile] -- C:\Windows\winhlp32.exe (Microsoft Corporation)
.url [@ = InternetShortcut] -- rundll32.exe ieframe.dll,OpenURL %l
[HKEY_CURRENT_USER\SOFTWARE\Classes\<extension>]
.html [@ = FirefoxHTML] -- C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation)
========== Shell Spawning ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
hlpfile [open] -- %SystemRoot%\winhlp32.exe %1 (Microsoft Corporation)
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
InternetShortcut [open] -- rundll32.exe ieframe.dll,OpenURL %l
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [OneNote.Open] -- C:\PROGRA~1\MICROS~3\Office12\ONENOTE.EXE "%L" (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe /separate,/idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /separate,/e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
========== Security Center Settings ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"oobe_av" = 1
"AntiVirusOverride" = 1
"AntiSpywareOverride" = 1
"FirewallOverride" = 0
"VistaSp1" = Reg Error: Unknown registry data type -- File not found
========== Firewall Settings ==========
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
========== Authorized Applications List ==========
========== Vista Active Open Ports Exception List ==========
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{0596517D-53AA-497B-B74E-AE3B23EF0EC2}" = lport=10244 | protocol=6 | dir=in | app=system |
"{0E8CB16D-D954-4AE9-8399-F4236D47C45D}" = rport=2177 | protocol=6 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{112EEEB5-D61A-47D4-89E6-FED3ED6C5419}" = rport=2177 | protocol=17 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{11A4722F-0FB0-42F0-A7B6-183F18CCF609}" = lport=2869 | protocol=6 | dir=in | app=system |
"{1BEF2AE4-10A4-44FA-B421-2D2F8AB126C1}" = lport=3702 | protocol=17 | dir=in | svc=fdrespub | app=%systemroot%\system32\svchost.exe |
"{1F8C754A-3E32-4497-94B9-9021914733AF}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{1FD70C07-577A-4EE1-96EC-AAB49434670D}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{20460538-31EE-48FC-81DD-3822F077916C}" = lport=3390 | protocol=6 | dir=in | app=system |
"{29421D2C-A04E-4A3B-BC55-CF54550E739E}" = lport=2869 | protocol=6 | dir=in | app=system |
"{2CE11FFE-9F6D-44F1-A149-AC809E87DF52}" = lport=554 | protocol=6 | dir=in | app=%systemroot%\ehome\ehshell.exe |
"{344F8B6A-6C27-4FDA-A2AF-690D2B931A43}" = lport=7777 | protocol=17 | dir=in | app=%systemroot%\ehome\ehshell.exe |
"{381C98E0-C301-4C00-AB65-A1AA1600A4D5}" = rport=3702 | protocol=17 | dir=out | svc=fdrespub | app=%systemroot%\system32\svchost.exe |
"{38645337-6B17-44FF-B087-2A5891BDB140}" = lport=2177 | protocol=17 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{47B41AEC-6680-435A-976B-787C131C20D7}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{4A6642DC-A369-43B7-A33B-DBF69EA1962D}" = rport=2177 | protocol=17 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{4E07046C-C427-450E-AAC5-FB0340C25428}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{5C701C95-4DC0-461E-B2C7-B3BB4920FEB7}" = rport=10244 | protocol=6 | dir=out | app=system |
"{6658FF08-5AAA-4F82-BC4A-5DD5DBAA0C8B}" = lport=2177 | protocol=6 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{68C28071-4C08-4CF9-B6AB-701A3F6F172C}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=svchost.exe |
"{70586C7C-FAF5-4611-8C8F-92F91C064F6C}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{708F158A-D965-4B8B-977C-9F7DDEAF972F}" = lport=10300 | protocol=6 | dir=in | app=c:\program files\devolo\informer\devinf.exe |
"{8306FC94-04D3-4D7A-B123-4DD41A84B0B8}" = lport=2177 | protocol=6 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{89A70685-C2CE-4220-92D4-62809BD779C0}" = lport=3390 | protocol=6 | dir=in | app=system |
"{8C446824-6AD9-4038-AA4B-A98D823E66D0}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{8FA2853B-41B3-4AD7-8717-5D66382EB1B9}" = lport=10301 | protocol=17 | dir=in | app=c:\program files\devolo\informer\devinf.exe |
"{92B951D4-B16B-4287-9A55-B3B7333B3C59}" = lport=2177 | protocol=6 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{A21C52B4-96A2-49BB-AECB-7FE3A6CD6829}" = rport=2177 | protocol=6 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{AE46B160-C9FE-41C0-8802-ADC9F1FE3B66}" = lport=10243 | protocol=6 | dir=in | app=system |
"{B23639CA-B277-4B19-A1CA-61C92DA77E86}" = rport=2177 | protocol=17 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{C18E4DD6-8C33-4814-B296-DEF34B57AEAE}" = rport=2177 | protocol=6 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{C64F1D75-BF1D-402D-B023-7B28A72584D6}" = rport=10244 | protocol=6 | dir=out | app=system |
"{CADAB1D7-AE56-412C-ADC8-76EC9284F2FE}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{CF0D458B-F8D6-42EC-9BDC-0976D9C80EE8}" = lport=10244 | protocol=6 | dir=in | app=system |
"{D597E11C-C64D-4CFE-8337-001BDF08EE41}" = lport=2177 | protocol=17 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{D7A3F18C-E9DE-423B-95CD-9496DFA5DE47}" = lport=7777 | protocol=17 | dir=in | app=%systemroot%\ehome\ehshell.exe |
"{DADE88E7-70E9-4ABA-844B-98486C6C7BA6}" = rport=10243 | protocol=6 | dir=out | app=system |
"{E6B9516B-DA57-4405-9B6F-53077232A7E2}" = lport=554 | protocol=6 | dir=in | app=%systemroot%\ehome\ehshell.exe |
"{E76B64E2-EE09-491E-B846-2EBFE75988FE}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{F48A8EBE-FE54-4ECD-B4CE-77CF3F364A38}" = lport=2177 | protocol=17 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe |
========== Vista Active Application Exception List ==========
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{00471A66-5078-45D7-B9F1-B6033E5E4C42}" = protocol=17 | dir=in | app=c:\program files\midway games\stranglehold\binaries\retail-stranglehold.exe |
"{004F10B6-640A-468A-877F-1F3894ED6500}" = protocol=1 | dir=in | name=@firewallapi.dll,-28543 |
"{015A6270-9603-4C82-806B-65E4772F8EAF}" = protocol=6 | dir=in | app=c:\program files\winamp remote\bin\orb.exe |
"{02C43D12-0E1E-45FA-B6A1-3DCA7DEB6BE2}" = protocol=17 | dir=out | svc=rapimgr | app=%systemroot%\system32\svchost.exe |
"{040E33CC-5B4E-4726-8D7C-F8A7EFC9B60B}" = protocol=6 | dir=out | svc=wcescomm | app=%systemroot%\system32\svchost.exe |
"{07CB13D2-44E2-4CA8-A905-3A9F6A81902E}" = protocol=17 | dir=out | svc=wcescomm | app=%systemroot%\system32\svchost.exe |
"{0980B494-A1E3-46F0-84B3-B9F1B602DCDE}" = protocol=6 | dir=in | svc=wcescomm | app=%systemroot%\system32\svchost.exe |
"{0B7F86FB-4994-49EC-8B87-F6F0D200FE0A}" = dir=in | app=c:\program files\hp\hp software update\hpwucli.exe |
"{0D860F4F-6DE6-4B1F-B441-1DC2320AB570}" = protocol=6 | dir=in | app=c:\program files\winamp remote\bin\orbir.exe |
"{1758E0AD-832E-4201-8AB8-D912B6812025}" = protocol=6 | dir=out | app=system |
"{18E7846B-C77A-4E10-AB31-13D66B0F499E}" = protocol=17 | dir=out | svc=rapimgr | app=%systemroot%\system32\svchost.exe |
"{199C7DAE-7E49-416B-9B4A-CCF40388BDAC}" = protocol=6 | dir=in | app=c:\program files\microsoft office\office12\onenote.exe |
"{1C7F3B53-28A8-44C1-B88C-BC2C70D2C303}" = protocol=6 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe |
"{1D476EE2-A615-4F83-ADBB-D361E69DD45C}" = protocol=17 | dir=out | svc=wcescomm | app=%systemroot%\system32\svchost.exe |
"{1EFC3610-0B58-4288-B2A3-E2B85C28C45F}" = protocol=6 | dir=out | svc=wcescomm | app=%systemroot%\system32\svchost.exe |
"{1F1C1769-44DE-48C9-8B62-C8A48A1FFEBF}" = protocol=17 | dir=out | svc=rapimgr | app=%systemroot%\system32\svchost.exe |
"{1FC55F1E-D0FF-471F-9983-40B818B63BAB}" = dir=in | app=c:\program files\hp\digital imaging\bin\hpqkygrp.exe |
"{22259125-FEC0-4A9F-A514-E2158849F691}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{235A606F-E242-45AB-8F6B-D5816204E03C}" = protocol=17 | dir=out | svc=rapimgr | app=%systemroot%\system32\svchost.exe |
"{2796BBBF-A700-4405-8B94-6A99158A638C}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe |
"{2A71A9BE-EE75-4145-9ED3-F39B583F4524}" = protocol=6 | dir=out | svc=rapimgr | app=%systemroot%\system32\svchost.exe |
"{2B5C005F-4C3E-42F1-B560-B14CC7839C4B}" = protocol=17 | dir=in | app=c:\program files\winamp remote\bin\orbtray.exe |
"{2F59B6BB-1AFF-4547-B356-5396745E12A8}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe |
"{3073B8A7-0EB6-4171-BC9A-0695506CC0D4}" = dir=in | app=c:\program files\hp\digital imaging\bin\hpqste08.exe |
"{30783757-E29A-4673-8E12-E5CE53542921}" = protocol=6 | dir=in | svc=wcescomm | app=%systemroot%\system32\svchost.exe |
"{312BA2F9-F93D-44B8-83DE-F339FD99E479}" = protocol=17 | dir=out | svc=rapimgr | app=%systemroot%\system32\svchost.exe |
"{3190F54D-D343-445C-B20C-152ACF0AA234}" = protocol=6 | dir=out | svc=wcescomm | app=%systemroot%\system32\svchost.exe |
"{35030B9E-83AA-42D8-9EB3-AF0580769891}" = protocol=6 | dir=out | app=%systemroot%\ehome\ehshell.exe |
"{3595AAB2-63A6-4F40-BD33-57BCE2F39E14}" = protocol=6 | dir=out | svc=upnphost | app=%systemroot%\system32\svchost.exe |
"{3AA0D964-747C-4884-9682-12794E1FD0C1}" = protocol=17 | dir=out | svc=wcescomm | app=%systemroot%\system32\svchost.exe |
"{3B31CC5B-B0FB-4887-A6E4-1E98D138346B}" = dir=in | app=c:\program files\windows live\messenger\msnmsgr.exe |
"{3E256813-5075-4498-86BB-67E9AE31F8A8}" = protocol=17 | dir=in | app=c:\program files\winamp remote\bin\orbstreamerclient.exe |
"{401260CA-589E-4D19-947F-781936C2CD6B}" = protocol=6 | dir=in | svc=wcescomm | app=%systemroot%\system32\svchost.exe |
"{433FBCF5-F773-4110-88EF-1CC38602FF32}" = protocol=17 | dir=out | svc=rapimgr | app=%systemroot%\system32\svchost.exe |
"{48199112-24C1-4BEE-84D7-CCD1F06F9B80}" = protocol=6 | dir=out | svc=rapimgr | app=%systemroot%\system32\svchost.exe |
"{483082A6-DC33-4902-A073-F50BFE65C8A0}" = protocol=6 | dir=out | svc=rapimgr | app=%systemroot%\system32\svchost.exe |
"{4BA7A296-6179-43FF-9382-73CF942D7F0F}" = protocol=6 | dir=in | app=c:\program files\icq7.2\aolload.exe |
"{517E1F01-7A51-4059-9700-9BB58211C072}" = protocol=6 | dir=out | svc=upnphost | app=%systemroot%\system32\svchost.exe |
"{57CB53F3-E0CC-45DF-B924-1869C54D6BC5}" = protocol=6 | dir=out | svc=rapimgr | app=%systemroot%\system32\svchost.exe |
"{584B9241-79DA-4FE9-B78C-C28AED437515}" = protocol=17 | dir=in | app=c:\program files\winamp remote\bin\orbir.exe |
"{5B98E958-E9FD-4064-B76B-9139A23E6B86}" = protocol=6 | dir=in | svc=wcescomm | app=%systemroot%\system32\svchost.exe |
"{5CFCD144-934A-4B7A-B027-B1428C177149}" = protocol=6 | dir=in | app=c:\program files\reality pump\two worlds\twoworlds.exe |
"{5F4C523F-87E4-4318-A100-ADE9084DEC3C}" = protocol=6 | dir=out | svc=wcescomm | app=%systemroot%\system32\svchost.exe |
"{619DA91D-E3B9-459F-8E04-066BDD2C5B5A}" = protocol=17 | dir=in | app=c:\program files\itunes\itunes.exe |
"{6280AA73-92BE-4954-AA78-A0E1E2859016}" = protocol=6 | dir=in | svc=wcescomm | app=%systemroot%\system32\svchost.exe |
"{65BFE246-A026-416D-BE87-17584B12E5BA}" = protocol=6 | dir=out | svc=wcescomm | app=%systemroot%\system32\svchost.exe |
"{685F7661-39DD-4A70-8C79-30A694384872}" = protocol=17 | dir=out | svc=wcescomm | app=%systemroot%\system32\svchost.exe |
"{69FDB483-6566-4F42-9CA3-87C3C38892E6}" = protocol=6 | dir=in | svc=wcescomm | app=%systemroot%\system32\svchost.exe |
"{6A90DE57-D953-46AF-A990-A20476CF143D}" = protocol=17 | dir=out | svc=rapimgr | app=%systemroot%\system32\svchost.exe |
"{6ADA402A-6BB4-4FF1-8288-4A8A1249CEA6}" = protocol=6 | dir=out | svc=wcescomm | app=%systemroot%\system32\svchost.exe |
"{6CFA0618-4F18-4F11-AD31-BA3801DF0C7E}" = protocol=17 | dir=out | svc=wcescomm | app=%systemroot%\system32\svchost.exe |
"{6D5D99D1-466F-4133-B535-3697F459D64A}" = protocol=6 | dir=in | svc=wcescomm | app=%systemroot%\system32\svchost.exe |
"{6DA413B9-1982-4CB9-8D5F-7F424AF0539A}" = protocol=17 | dir=out | svc=wcescomm | app=%systemroot%\system32\svchost.exe |
"{6EB4E1C1-5D9C-4922-B3A5-98225F007B6D}" = dir=in | app=c:\program files\hp\digital imaging\bin\hpqusgh.exe |
"{709F42E5-B647-412F-97AD-D400F236FF4E}" = protocol=17 | dir=in | app=c:\windows\system32\pnkbstrb.exe |
"{74628E26-7CA3-4E92-9C88-E5A7BD51AB01}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{749C18DC-7E35-4DCB-B308-0436D32EF03D}" = protocol=6 | dir=in | app=c:\program files\winamp remote\bin\orbstreamerclient.exe |
"{75321A31-282C-49DD-8702-3430BCA87863}" = dir=in | app=c:\program files\hp\digital imaging\bin\hpqtra08.exe |
"{7B940683-949E-4C89-9162-A611DBB184A0}" = dir=in | app=c:\program files\common files\hp\digital imaging\bin\hpqphotocrm.exe |
"{7CCD114C-8F10-4504-A5D5-A1D2FACF0845}" = protocol=6 | dir=out | app=%systemroot%\ehome\mcx2prov.exe |
"{81D6E176-3A30-41B0-915E-BAEE3B250749}" = protocol=6 | dir=in | app=c:\windows\system32\pnkbstra.exe |
"{82499FC2-C3D7-4960-BB5D-050EDA60EECE}" = protocol=17 | dir=out | app=%systemroot%\ehome\ehshell.exe |
"{82AE0276-3F0D-4BC2-898B-9F6F863BE8B3}" = protocol=17 | dir=in | app=c:\windows\system32\pnkbstra.exe |
"{8B48F380-E94D-423B-ADEE-F81AEC6BB732}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe |
"{94334C95-B942-474A-BAF7-1E51473D9DE1}" = dir=in | app=c:\program files\hp\digital imaging\bin\hpqgplgtupl.exe |
"{960A7D26-2721-4916-86FD-9280A6695B32}" = protocol=6 | dir=out | svc=rapimgr | app=%systemroot%\system32\svchost.exe |
"{9F3917EA-393C-4FC2-B059-DCC99A66BB84}" = protocol=6 | dir=in | app=c:\program files\icq7.2\icq.exe |
"{A1267CB3-3510-45D6-93DF-195E6EF6EC3B}" = dir=in | app=c:\program files\hp\digital imaging\bin\hpiscnapp.exe |
"{A1BC8F00-5947-4496-83D3-8E0D7EBF6C9E}" = protocol=17 | dir=out | svc=rapimgr | app=%systemroot%\system32\svchost.exe |
"{A2EADE4B-0A4D-44B6-A05F-0CCC12E7D883}" = protocol=6 | dir=out | app=%systemroot%\ehome\ehshell.exe |
"{A50E3A2A-4A7A-4C24-B114-657F349B772D}" = protocol=6 | dir=out | svc=rapimgr | app=%systemroot%\system32\svchost.exe |
"{A9EE5691-1931-4668-9816-91A1DECC0480}" = protocol=6 | dir=in | svc=wcescomm | app=%systemroot%\system32\svchost.exe |
"{AB85DD28-BD87-4679-93AA-99C724703B01}" = protocol=6 | dir=in | app=c:\windows\system32\pnkbstrb.exe |
"{ADDB860B-36A5-4219-B39C-D3DC5DFABF97}" = protocol=6 | dir=out | svc=rapimgr | app=%systemroot%\system32\svchost.exe |
"{B25578E0-49E2-4578-8CCE-51169A539793}" = protocol=6 | dir=out | svc=rapimgr | app=%systemroot%\system32\svchost.exe |
"{B286475D-FE93-4FFF-8EE4-8716E53D4106}" = protocol=6 | dir=out | svc=mcx2svc | app=%systemroot%\system32\svchost.exe |
"{BA390BFD-67FD-438D-80D4-2249BF888826}" = protocol=17 | dir=out | svc=wcescomm | app=%systemroot%\system32\svchost.exe |
"{BC08CF12-9DBD-46F7-815B-A0171F219FC5}" = dir=in | app=c:\program files\hp\digital imaging\bin\hposid01.exe |
"{BD36914E-D8A7-429A-B68B-159C3B1B5004}" = protocol=17 | dir=in | app=c:\program files\winamp remote\bin\orb.exe |
"{BE25D293-FDC8-47E9-9607-4CAAA411A68B}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe |
"{BE9D3CF1-E07D-448A-A837-FF35380598A5}" = protocol=17 | dir=out | svc=wcescomm | app=%systemroot%\system32\svchost.exe |
"{BF361DB2-A38B-40D7-866F-ACD88E3125CE}" = protocol=6 | dir=in | app=c:\program files\itunes\itunes.exe |
"{C0776281-147E-4859-8931-2B0B9D1411BC}" = dir=in | app=c:\program files\hp\digital imaging\smart web printing\smartwebprintexe.exe |
"{C2C6C3AC-4699-4366-8A1E-52D518DA9A74}" = protocol=6 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe |
"{C3CFCEAE-FEBF-4C10-B4DC-3E7379138ED5}" = protocol=17 | dir=out | svc=wcescomm | app=%systemroot%\system32\svchost.exe |
"{C661A418-44D5-44F5-B47A-5BFE66C198A0}" = protocol=6 | dir=in | app=c:\program files\midway games\stranglehold\binaries\retail-stranglehold.exe |
"{CA2302D7-2E91-466A-9C45-DC0841A4DE7D}" = protocol=17 | dir=in | app=c:\program files\icq7.2\icq.exe |
"{CA926323-5505-4221-9D67-47C13D09F1B1}" = protocol=6 | dir=out | svc=wcescomm | app=%systemroot%\system32\svchost.exe |
"{CC96771B-7050-4052-94DC-C15E69174C34}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{CF7C7870-3126-4732-A89F-B1D3E907ADF9}" = protocol=1 | dir=out | name=@firewallapi.dll,-28544 |
"{D0B815FF-457D-4EE4-A76A-4A7011DFC47C}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{D1E9A712-AFD8-4B66-900C-5EB72DACD3C6}" = protocol=6 | dir=out | svc=mcx2svc | app=%systemroot%\system32\svchost.exe |
"{D2344F6E-0DCB-4A2A-9D4F-DFA7B491C476}" = protocol=17 | dir=out | svc=rapimgr | app=%systemroot%\system32\svchost.exe |
"{D3AB4795-1EF9-4BDF-8ABF-E0E128DB5403}" = protocol=6 | dir=in | app=c:\program files\winamp remote\bin\orbtray.exe |
"{D455282C-7CEC-4986-A2CA-1E14357D80E5}" = protocol=17 | dir=in | app=c:\program files\reality pump\two worlds\twoworlds.exe |
"{D5CF9755-E5DC-4939-A431-D823C9D4F8CC}" = protocol=6 | dir=out | svc=rapimgr | app=%systemroot%\system32\svchost.exe |
"{D8175390-A77E-4A51-9096-94BE55042E3A}" = dir=in | app=c:\program files\hp\digital imaging\bin\hpoews01.exe |
"{DA17D5D0-D655-418F-86A8-610CC8EE36CA}" = protocol=58 | dir=in | name=@firewallapi.dll,-28545 |
"{DAB9FBEB-D6E2-4A28-A299-55D16534CF7D}" = protocol=6 | dir=out | svc=wcescomm | app=%systemroot%\system32\svchost.exe |
"{DBF2FC00-A63C-46E0-A6D5-C187019463CF}" = protocol=17 | dir=in | app=c:\program files\icq7.2\aolload.exe |
"{DC1BCB2C-0A42-4AB1-BF72-5DA86A354F6D}" = protocol=17 | dir=in | app=c:\program files\microsoft office\office12\onenote.exe |
"{DC3D9685-308F-4726-B51D-4CC94A8970B7}" = dir=in | app=c:\program files\hp\digital imaging\bin\hpfccopy.exe |
"{DD64A470-F95E-456F-AA16-BE9732E23BC5}" = protocol=6 | dir=out | svc=wcescomm | app=%systemroot%\system32\svchost.exe |
"{DD9B7D1E-CFF7-420F-B07D-65C3DE143CA8}" = protocol=6 | dir=out | svc=wcescomm | app=%systemroot%\system32\svchost.exe |
"{DE068BC8-FB26-417F-9661-D308AC2E905A}" = protocol=6 | dir=out | svc=rapimgr | app=%systemroot%\system32\svchost.exe |
"{E3BBBE9D-7325-4B8F-90BE-C2A94998D730}" = dir=in | app=c:\program files\hp\digital imaging\bin\hpqusgm.exe |
"{E5F47A2F-B8E7-497D-A0A8-3D4F0DED0E38}" = protocol=6 | dir=in | svc=wcescomm | app=%systemroot%\system32\svchost.exe |
"{E898048F-77C7-4148-87A9-1EB0F8874113}" = protocol=6 | dir=in | svc=wcescomm | app=%systemroot%\system32\svchost.exe |
"{EB207512-159F-4E87-9E35-9D8B36CFC5E7}" = dir=in | app=c:\program files\hp\digital imaging\bin\hpqgpc01.exe |
"{EDE2D63A-4ADC-4FED-A006-0311F73A9BE0}" = protocol=17 | dir=out | svc=rapimgr | app=%systemroot%\system32\svchost.exe |
"{EE1D5904-6436-4A13-952C-9BE206AAE4ED}" = protocol=17 | dir=out | svc=wcescomm | app=%systemroot%\system32\svchost.exe |
"{EEDF750B-F18A-41CD-A585-AF6ABD8FAB53}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe |
"{F1CDAA82-3ABF-4A48-A46B-C17EC2DF9E70}" = protocol=17 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe |
"{F8512B80-0472-44CF-975F-51FF44ADC2F6}" = protocol=58 | dir=out | name=@firewallapi.dll,-28546 |
"{F86C9566-A6A1-4F56-BE09-F672E8939120}" = protocol=17 | dir=out | app=%systemroot%\ehome\ehshell.exe |
"{F8FB5EE0-FABC-4552-890D-80A5788013AB}" = protocol=6 | dir=out | app=%systemroot%\ehome\mcx2prov.exe |
"TCP Query User{068E0FCB-9791-4530-BA0D-3635E02C0E32}C:\program files\trackmania sunrise\tmsunrise.exe" = protocol=6 | dir=in | app=c:\program files\trackmania sunrise\tmsunrise.exe |
"TCP Query User{1B149283-5200-4736-A3E2-9BCF99B11D27}C:\program files\icq6\icq.exe" = protocol=6 | dir=in | app=c:\program files\icq6\icq.exe |
"TCP Query User{1FCDC2EF-AE07-442B-8F79-AA5E0B32C069}C:\program files\electronic arts\eadm\core.exe" = protocol=6 | dir=in | app=c:\program files\electronic arts\eadm\core.exe |
"TCP Query User{32BB4D54-55E0-4ED2-B5E5-C05AB3DDEEAE}C:\program files\tmunitedforever\tmforever.exe" = protocol=6 | dir=in | app=c:\program files\tmunitedforever\tmforever.exe |
"TCP Query User{41D86474-9618-4DBF-B108-B7BA593F2660}C:\users\andy\downloads\spiele\battlefield 2\bf2.exe" = protocol=6 | dir=in | app=c:\users\andy\downloads\spiele\battlefield 2\bf2.exe |
"TCP Query User{58B3E8C3-454C-4539-ABBA-F519D6627B89}C:\program files\icq6.5\icq.exe" = protocol=6 | dir=in | app=c:\program files\icq6.5\icq.exe |
"TCP Query User{5B9A8454-CAC8-47B7-94F3-F863F7CF9F39}C:\program files\tvants\tvants.exe" = protocol=6 | dir=in | app=c:\program files\tvants\tvants.exe |
"TCP Query User{6915F4CB-FC12-44E7-AC81-3519E07A6BD8}C:\program files\sopcast\sopcast.exe" = protocol=6 | dir=in | app=c:\program files\sopcast\sopcast.exe |
"TCP Query User{89824F58-1466-4163-A23E-3D025302D2B2}C:\program files\electronic arts\need for speed prostreet\nfs.exe" = protocol=6 | dir=in | app=c:\program files\electronic arts\need for speed prostreet\nfs.exe |
"TCP Query User{8CE2841D-C592-4502-9CAE-4099AF920A03}C:\program files\sopcast\adv\sopadver.exe" = protocol=6 | dir=in | app=c:\program files\sopcast\adv\sopadver.exe |
"TCP Query User{8E9B1739-852E-48C0-B5B7-425F1BC5A032}C:\program files\sopcast\sopcast.exe" = protocol=6 | dir=in | app=c:\program files\sopcast\sopcast.exe |
"TCP Query User{9380BB03-41A6-4197-A002-E35BD69C3650}C:\program files\java\jre6\bin\java.exe" = protocol=6 | dir=in | app=c:\program files\java\jre6\bin\java.exe |
"TCP Query User{981A6B2E-6BF3-46B1-A751-D0E0746332C4}C:\program files\tvuplayer\tvuplayer.exe" = protocol=6 | dir=in | app=c:\program files\tvuplayer\tvuplayer.exe |
"TCP Query User{98DCF4E1-199E-4491-9611-41C6C9682F08}C:\program files\tvuplayer\tvuplayer.exe" = protocol=6 | dir=in | app=c:\program files\tvuplayer\tvuplayer.exe |
"TCP Query User{9F6CE650-E718-4871-8515-AD9644C97795}C:\program files\sopcast\adv\sopadver.exe" = protocol=6 | dir=in | app=c:\program files\sopcast\adv\sopadver.exe |
"TCP Query User{BB57960E-3D9E-4B84-B139-2E3C11F721E0}C:\program files\tmnationsforever\tmforever.exe" = protocol=6 | dir=in | app=c:\program files\tmnationsforever\tmforever.exe |
"TCP Query User{BD9363D6-A43E-4DE6-B631-F8BC5CC68E4A}C:\program files\valve\steam\steamapps\haubitze87\counter-strike\hl.exe" = protocol=6 | dir=in | app=c:\program files\valve\steam\steamapps\haubitze87\counter-strike\hl.exe |
"TCP Query User{BDBBD2F7-B19B-48A7-B64B-328DEFAA2C06}C:\program files\mozilla firefox\firefox.exe" = protocol=6 | dir=in | app=c:\program files\mozilla firefox\firefox.exe |
"TCP Query User{C0FE8530-7F66-4692-918E-7B88CFB673A6}C:\program files\tmnationsforever\tmforever.exe" = protocol=6 | dir=in | app=c:\program files\tmnationsforever\tmforever.exe |
"TCP Query User{D381D6A9-A7C5-442E-9943-F7B470298E3B}C:\program files\tmunitedforever\tmforever.exe" = protocol=6 | dir=in | app=c:\program files\tmunitedforever\tmforever.exe |
"TCP Query User{D565D33C-0743-4D4D-AEDF-30A6065E931D}J:\tido\spiele\call of duty 2\cod2mp_s.exe" = protocol=6 | dir=in | app=j:\tido\spiele\call of duty 2\cod2mp_s.exe |
"TCP Query User{EA3C87D6-C4A6-453A-8917-0AE8185EE4B5}C:\program files\icq6\icq.exe" = protocol=6 | dir=in | app=c:\program files\icq6\icq.exe |
"TCP Query User{F2B48B08-82F5-4547-B8DB-A63E6A243F4C}J:\tido\spiele\medal of honor\moh_spearhead.exe" = protocol=6 | dir=in | app=j:\tido\spiele\medal of honor\moh_spearhead.exe |
"UDP Query User{13F03CF3-808D-4A62-A3FF-0A3A2FF06E8E}C:\program files\icq6\icq.exe" = protocol=17 | dir=in | app=c:\program files\icq6\icq.exe |
"UDP Query User{154EDF64-37D1-4468-88D1-2857971CA73D}C:\program files\tmnationsforever\tmforever.exe" = protocol=17 | dir=in | app=c:\program files\tmnationsforever\tmforever.exe |
"UDP Query User{194F11B1-CEB7-4F2B-843E-DA0542FB4CFC}C:\program files\java\jre6\bin\java.exe" = protocol=17 | dir=in | app=c:\program files\java\jre6\bin\java.exe |
"UDP Query User{2A571A23-D301-4B3C-BED7-0A745E339180}C:\program files\tmnationsforever\tmforever.exe" = protocol=17 | dir=in | app=c:\program files\tmnationsforever\tmforever.exe |
"UDP Query User{3742269E-924C-4D9D-AD28-8B0A40E5A6E3}C:\program files\valve\steam\steamapps\haubitze87\counter-strike\hl.exe" = protocol=17 | dir=in | app=c:\program files\valve\steam\steamapps\haubitze87\counter-strike\hl.exe |
"UDP Query User{391C023D-57E8-4FA3-9F92-CE9C5F2EE9AD}C:\program files\electronic arts\eadm\core.exe" = protocol=17 | dir=in | app=c:\program files\electronic arts\eadm\core.exe |
"UDP Query User{3A4783D4-2521-445A-92B2-CFE59FB61A41}C:\program files\mozilla firefox\firefox.exe" = protocol=17 | dir=in | app=c:\program files\mozilla firefox\firefox.exe |
"UDP Query User{60CCD143-BBB8-4324-8574-2F9D5B5E0141}C:\program files\trackmania sunrise\tmsunrise.exe" = protocol=17 | dir=in | app=c:\program files\trackmania sunrise\tmsunrise.exe |
"UDP Query User{7B3D1508-7B34-4A3D-BC01-565B5B539214}J:\tido\spiele\medal of honor\moh_spearhead.exe" = protocol=17 | dir=in | app=j:\tido\spiele\medal of honor\moh_spearhead.exe |
"UDP Query User{9E19667A-4B1F-4A09-9FD1-92F6EE788002}C:\program files\electronic arts\need for speed prostreet\nfs.exe" = protocol=17 | dir=in | app=c:\program files\electronic arts\need for speed prostreet\nfs.exe |
"UDP Query User{9E1E30BC-9A56-4228-8688-D5CACF55D783}C:\program files\tvuplayer\tvuplayer.exe" = protocol=17 | dir=in | app=c:\program files\tvuplayer\tvuplayer.exe |
"UDP Query User{A3A614A4-7639-4A73-A791-AEB30154F3C2}C:\program files\tmunitedforever\tmforever.exe" = protocol=17 | dir=in | app=c:\program files\tmunitedforever\tmforever.exe |
"UDP Query User{A4ECA517-8879-4F50-8DE4-C4A7346CDF07}C:\program files\sopcast\adv\sopadver.exe" = protocol=17 | dir=in | app=c:\program files\sopcast\adv\sopadver.exe |
"UDP Query User{B3E0EAFE-C663-4C02-AF7A-76B9D99A37CA}C:\program files\sopcast\adv\sopadver.exe" = protocol=17 | dir=in | app=c:\program files\sopcast\adv\sopadver.exe |
"UDP Query User{B48BEFD1-30AC-4FB7-B513-D2CEC045B854}C:\program files\tmunitedforever\tmforever.exe" = protocol=17 | dir=in | app=c:\program files\tmunitedforever\tmforever.exe |
"UDP Query User{B64E3E75-442A-4D32-87C4-A21D89B73EE8}C:\program files\icq6\icq.exe" = protocol=17 | dir=in | app=c:\program files\icq6\icq.exe |
"UDP Query User{C34F7BF8-1F42-4B46-9DEE-8EECB7079AA1}C:\users\andy\downloads\spiele\battlefield 2\bf2.exe" = protocol=17 | dir=in | app=c:\users\andy\downloads\spiele\battlefield 2\bf2.exe |
"UDP Query User{C50BC69E-6D90-4C1F-AC0D-D0B4FE125496}C:\program files\icq6.5\icq.exe" = protocol=17 | dir=in | app=c:\program files\icq6.5\icq.exe |
"UDP Query User{C55E915E-3175-42DE-8BF6-CE4CFC420384}C:\program files\tvants\tvants.exe" = protocol=17 | dir=in | app=c:\program files\tvants\tvants.exe |
"UDP Query User{C5DFE504-FF08-425D-AA38-F5C6E573D999}J:\tido\spiele\call of duty 2\cod2mp_s.exe" = protocol=17 | dir=in | app=j:\tido\spiele\call of duty 2\cod2mp_s.exe |
"UDP Query User{D43AC5DB-CE8B-4845-B572-5012097C4B23}C:\program files\tvuplayer\tvuplayer.exe" = protocol=17 | dir=in | app=c:\program files\tvuplayer\tvuplayer.exe |
"UDP Query User{DD8857EB-E94B-45B1-BCA3-7684BD3052E8}C:\program files\sopcast\sopcast.exe" = protocol=17 | dir=in | app=c:\program files\sopcast\sopcast.exe |
"UDP Query User{EB47AAAC-7A71-49CE-BBB0-6701698898BC}C:\program files\sopcast\sopcast.exe" = protocol=17 | dir=in | app=c:\program files\sopcast\sopcast.exe |
========== HKEY_LOCAL_MACHINE Uninstall List ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{002D9D5E-29BA-3E6D-9BC4-3D7D6DBC735C}" = Microsoft Visual C++ 2008 ATL Update kb973924 - x86 9.0.30729.4148
"{00405945-70C1-4B1D-9A3C-45A2883366AF}" = PS_AIO_05_C4600_Software_Min
"{052FDD78-A6EA-3187-8386-C82F4CA3A929}" = Microsoft .NET Framework 3.5 Language Pack SP1 - deu
"{06A1D88C-E102-4527-AF70-29FFD7AF215A}" = Scan
"{07FB17D8-7DB6-4F06-80C4-8BE1719CB6A1}" = hpWLPGInstaller
"{0C826C5B-B131-423A-A229-C71B3CACCD6A}" = CDDRV_Installer
"{14291118-0C19-45EA-A4FA-5C1C0F5FDE09}" = Primo
"{175F0111-2968-4935-8F70-33108C6A4DE3}" = MarketResearch
"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
"{205C6BDD-7B73-42DE-8505-9A093F35A238}" = Windows Live-Uploadtool
"{21A2F5EE-1DC5-488A-BE7E-E526F8C61488}" = DeviceDiscovery
"{22B775E7-6C42-4FC5-8E10-9A5E3257BD94}" = MSVCRT
"{26A24AE4-039D-4CA4-87B4-2F83216010FF}" = Java(TM) 6 Update 24
"{2EEA7AA4-C203-4b90-A34F-19FB7EF1C81C}" = BufferChm
"{3101CB58-3482-4D21-AF1A-7057FC935355}" = KhalInstallWrapper
"{3248F0A8-6813-11D6-A77B-00B0D0160070}" = Java(TM) 6 Update 7
"{41E654A9-26D0-4EAC-854B-0FA824FFFABB}" = Windows Live Messenger
"{43CDF946-F5D9-4292-B006-BA0D92013021}" = WebReg
"{4442AB48-DEC4-4B39-B067-1F75BF8017E7}" = Creative Centrale
"{44C81D1A-0520-49BB-B510-98B8DD414EA1}" = HP Photosmart C4600 All-In-One Driver Software 13.0 Rel .5
"{45235788-142C-44BE-8A4D-DDE9A84492E5}" = AGEIA PhysX v7.09.13
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{4A70EF07-7F88-4434-BB61-D1DE8AE93DD4}" = SolutionCenter
"{5FC68772-6D56-41C6-9DF1-24E868198AE6}" = Windows Live Call
"{60451544-C17E-4057-9273-5F10176472BD}" = Creative ZEN X-Fi Video Converter
"{63FF21C9-A810-464F-B60A-3111747B1A6D}" = GPBaseService2
"{6B2FFB21-AC88-45C3-9A7D-4BB3E744EC91}" = HPSSupply
"{6BBA26E9-AB03-4FE7-831A-3535584CA002}" = Toolbox
"{7299052b-02a4-4627-81f2-1818da5d550d}" = Microsoft Visual C++ 2005 Redistributable
"{770657D0-A123-3C07-8E44-1C83EC895118}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
"{77A1C7DD-E4F6-4057-92FC-710219215987}" = Logitech G11 Keyboard Software 1.03
"{79A64F98-1796-4FA2-B5FF-C90F83D8BACD}" = Vodafone Mobile Connect Lite
"{7CDD7C4C-5224-40E4-951F-51C12FEAB8AB}" = C4600
"{7CFA46E3-CC2F-4355-82AE-6012DC3633FD}" = NVIDIA ForceWare Network Access Manager
"{83E2CFA9-E0EB-4E08-9F85-43E577FF3D60}" = Windows Live Anmelde-Assistent
"{86604C06-DA30-425E-AECE-47304FE81C45}" = Creative Software Update
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{8F3C31C5-9C3A-4AA8-8EFA-71290A7AD533}" = TomTom HOME Visual Studio Merge Modules
"{8FF6F5CA-4E30-4E3B-B951-204CAAA2716A}" = SmartWebPrinting
"{90120000-0016-0407-0000-0000000FF1CE}" = Microsoft Office Excel MUI (German) 2007
"{90120000-0016-0407-0000-0000000FF1CE}_HOMESTUDENTR_{9BD40163-B95D-4B07-8991-0AB775B6D88B}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0018-0407-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (German) 2007
"{90120000-0018-0407-0000-0000000FF1CE}_HOMESTUDENTR_{9BD40163-B95D-4B07-8991-0AB775B6D88B}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-001B-0407-0000-0000000FF1CE}" = Microsoft Office Word MUI (German) 2007
"{90120000-001B-0407-0000-0000000FF1CE}_HOMESTUDENTR_{9BD40163-B95D-4B07-8991-0AB775B6D88B}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-001F-0407-0000-0000000FF1CE}" = Microsoft Office Proof (German) 2007
"{90120000-001F-0407-0000-0000000FF1CE}_HOMESTUDENTR_{A0516415-ED61-419A-981D-93596DA74165}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2007
"{90120000-001F-0409-0000-0000000FF1CE}_HOMESTUDENTR_{ABDDE972-355B-4AF1-89A8-DA50B7B5C045}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2007
"{90120000-001F-040C-0000-0000000FF1CE}_HOMESTUDENTR_{F580DDD5-8D37-4998-968E-EBB76BB86787}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-001F-0410-0000-0000000FF1CE}" = Microsoft Office Proof (Italian) 2007
"{90120000-001F-0410-0000-0000000FF1CE}_HOMESTUDENTR_{322296D4-1EAE-4030-9FBC-D2787EB25FA2}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-002C-0407-0000-0000000FF1CE}" = Microsoft Office Proofing (German) 2007
"{90120000-006E-0407-0000-0000000FF1CE}" = Microsoft Office Shared MUI (German) 2007
"{90120000-006E-0407-0000-0000000FF1CE}_HOMESTUDENTR_{26454C26-D259-4543-AA60-3189E09C5F76}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-00A1-0407-0000-0000000FF1CE}" = Microsoft Office OneNote MUI (German) 2007
"{90120000-00A1-0407-0000-0000000FF1CE}_HOMESTUDENTR_{9BD40163-B95D-4B07-8991-0AB775B6D88B}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{904CCF62-818D-4675-BC76-D37EB399F917}" = Windows Mobile-Gerätecenter
"{91120000-002F-0000-0000-0000000FF1CE}" = Microsoft Office Home and Student 2007
"{91120000-002F-0000-0000-0000000FF1CE}_HOMESTUDENTR_{0B36C6D6-F5D8-4EAF-BF94-4376A230AD5B}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{91120000-002F-0000-0000-0000000FF1CE}_HOMESTUDENTR_{3D019598-7B59-447A-80AE-815B703B84FF}" = Security Update for Microsoft Office system 2007 (972581)
"{92127AF5-FDD8-4ADF-BC40-C356C9EE0B7D}" = 32 Bit HP CIO Components Installer
"{95120000-00B9-0409-0000-0000000FF1CE}" = Microsoft Application Error Reporting
"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
"{A2BCA9F1-566C-4805-97D1-7FDC93386723}" = Adobe AIR
"{AC76BA86-7AD7-1031-7B44-A81300000003}" = Adobe Reader 8.1.6 - Deutsch
"{AC76BA86-7AD7-5464-3428-800000000003}" = Spelling Dictionaries Support For Adobe Reader 8
"{AE8705FB-E13C-40A9-8A2D-68D6733FBFC2}" = Status
"{B2544A03-10D0-4E5E-BA69-0362FFC20D18}" = OGA Notifier 2.0.0048.0
"{BD7204BA-DD64-499E-9B55-6A282CDF4FA4}" = Destinations
"{C43326F5-F135-4551-8270-7F7ABA0462E1}" = HPProductAssistant
"{C4D738F7-996A-4C81-B8FA-C4E26D767E41}" = Windows Live Mail
"{C75CDBA2-3C86-481e-BD10-BDDA758F9DFF}" = hpPrintProjects
"{CAE4213F-F797-439D-BD9E-79B71D115BE3}" = HPPhotoGadget
"{CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}" = Microsoft .NET Framework 1.1
"{CE2121C6-C94D-4A73-8EA4-6943F33EE335}" = Music Transfer
"{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1
"{D5068583-D569-468B-9755-5FBF5848F46F}" = Sony Picture Utility
"{DABF43D9-1104-4764-927B-5BED1274A3B0}" = Runtime
"{DC0A5F99-FD66-433F-9D3A-05DCBA64BE42}" = TrayApp
"{DDD5104F-1C44-49EB-9E6B-29EC5D27658B}" = HP Update
"{E2DFE069-083E-4631-9B6C-43C48E991DE5}" = Junk Mail filter update
"{E3E71D07-CD27-46CB-8448-16D4FB29AA13}" = Microsoft WSE 3.0 Runtime
"{ED00D08A-3C5F-488D-93A0-A04F21F23956}" = Windows Live Communications Platform
"{F0A37341-D692-11D4-A984-009027EC0A9C}" = SoundMAX
"{F0E12BBA-AD66-4022-A453-A1C8A0C4D570}" = Microsoft Choice Guard
"{F29B21BD-CAA6-445F-8EF7-A7E2B9D8B14E}" = Logitech SetPoint
"{F8FF18EE-264A-43FD-B2F6-5EAD40798C2F}" = Windows Live Essentials
"Adobe AIR" = Adobe AIR
"Adobe Flash Player ActiveX" = Adobe Flash Player 10 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 10 Plugin
"Ashampoo Magical Defrag 2" = Ashampoo Magical Defrag 2
"Avira AntiVir Desktop" = Avira AntiVir Personal - Free Antivirus
"Creative Centrale" = Creative Centrale
"Creative ZEN X-Fi Video Converter" = Creative ZEN X-Fi Video Converter
"dlanconf" = devolo dLAN-Konfigurationsassistent
"dslmon" = devolo Informer
"HOMESTUDENTR" = Microsoft Office Home and Student 2007
"Host OpenAL (ADI)" = Host OpenAL (ADI)
"HP Imaging Device Functions" = HP Imaging Device Functions 13.0
"HP Print Projects" = HP Print Projects 1.0
"HP Smart Web Printing" = HP Smart Web Printing 4.60
"HP Solution Center & Imaging Support Tools" = HP Solution Center 13.0
"HPExtendedCapabilities" = HP Customer Participation Program 13.0
"InstallShield_{7CFA46E3-CC2F-4355-82AE-6012DC3633FD}" = NVIDIA ForceWare Network Access Manager
"Malwarebytes' Anti-Malware_is1" = Malwarebytes' Anti-Malware
"Microsoft .NET Framework 1.1 (1033)" = Microsoft .NET Framework 1.1
"Microsoft .NET Framework 3.5 Language Pack SP1 - deu" = Microsoft .NET Framework 3.5 Language Pack SP1 - DEU
"Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1
"Mozilla Firefox (3.6.13)" = Mozilla Firefox (3.6.13)
"mv61xxDriver" = marvell 61xx
"Notepad++" = Notepad++
"NVIDIA Drivers" = NVIDIA Drivers
"PunkBusterSvc" = PunkBuster Services
"RollerCoaster Tycoon 3_is1" = RollerCoaster Tycoon 3
"SAMSUNG Mobile Modem" = SAMSUNG Mobile Modem Driver Set
"Samsung Mobile phone USB driver" = Samsung Mobile phone USB driver Software
"SAMSUNG Mobile USB Modem" = SAMSUNG Mobile USB Modem Software
"SAMSUNG Mobile USB Modem 1.0" = SAMSUNG Mobile USB Modem 1.0 Software
"SereneScreen Marine Aquarium Crystal_is1" = SereneScreen Marine Aquarium Crystal
"Shop for HP Supplies" = Shop for HP Supplies
"TmNationsForever_is1" = TmNationsForever
"TmSunrise_is1" = TrackMania Sunrise Extreme 1.5.1
"TmUnitedForever_is1" = TmUnitedForever Update 2010-03-15
"TomTom HOME" = TomTom HOME 2.7.6.2056
"Webcam Surveyor_is1" = Webcam Surveyor 1.7.5
"WinLiveSuite_Wave3" = Windows Live Essentials
"WinRAR archiver" = WinRAR
"ZENX-FI" = Creative ZEN X-Fi-Benutzerhandbuch
========== Last 10 Event Log Errors ==========
[ Application Events ]
Error - 28.01.2010 18:30:23 | Computer Name = Andy-PC | Source = WinMgmt | ID = 10
Description =
Error - 28.01.2010 18:30:23 | Computer Name = Andy-PC | Source = SecurityCenter | ID = 5
Description = Es konnten keine Instanzen von AntiVirusProduct aus der WMI geladen
werden.
Error - 29.01.2010 10:58:46 | Computer Name = Andy-PC | Source = WinMgmt | ID = 10
Description =
Error - 29.01.2010 10:58:46 | Computer Name = Andy-PC | Source = SecurityCenter | ID = 5
Description = Es konnten keine Instanzen von AntiVirusProduct aus der WMI geladen
werden.
Error - 30.01.2010 13:19:35 | Computer Name = Andy-PC | Source = WinMgmt | ID = 10
Description =
Error - 30.01.2010 13:19:35 | Computer Name = Andy-PC | Source = SecurityCenter | ID = 5
Description = Es konnten keine Instanzen von AntiVirusProduct aus der WMI geladen
werden.
Error - 30.01.2010 13:21:02 | Computer Name = Andy-PC | Source = Application Hang | ID = 1002
Description = Programm msnmsgr.exe, Version 14.0.8089.726 arbeitet nicht mehr mit
Windows zusammen und wurde beendet. Überprüfen Sie den Problemverlauf im Applet
"Lösungen für Probleme" in der Systemsteuerung, um nach weiteren Informationen
über das Problem zu suchen. Prozess-ID: 840 Anfangszeit: 01caa1d007744eba Zeitpunkt
der Beendigung: 23
Error - 30.01.2010 14:44:38 | Computer Name = Andy-PC | Source = Application Hang | ID = 1002
Description = Programm msnmsgr.exe, Version 14.0.8089.726 arbeitet nicht mehr mit
Windows zusammen und wurde beendet. Überprüfen Sie den Problemverlauf im Applet
"Lösungen für Probleme" in der Systemsteuerung, um nach weiteren Informationen
über das Problem zu suchen. Prozess-ID: 11c0 Anfangszeit: 01caa1d09dd6c04a Zeitpunkt
der Beendigung: 54
Error - 31.01.2010 06:54:42 | Computer Name = Andy-PC | Source = WinMgmt | ID = 10
Description =
Error - 31.01.2010 06:54:42 | Computer Name = Andy-PC | Source = SecurityCenter | ID = 5
Description = Es konnten keine Instanzen von AntiVirusProduct aus der WMI geladen
werden.
[ System Events ]
Error - 27.04.2011 11:12:36 | Computer Name = Andy-PC | Source = ACPI | ID = 327686
Description = IRQARB: ACPI-BIOS enthält keinen IRQ für das Gerät im PCI-Steckplatz
22, Funktion 0. Wenden Sie sich an den Systemhersteller, um technische Unterstützung
zu erhalten.
Error - 27.04.2011 11:13:20 | Computer Name = Andy-PC | Source = WinDefend | ID = 2004
Description = Beim Laden der Signaturen wurde von %%827 ein Fehler festgestellt.
Es wird versucht, einen als gültig bekannten Signatursatz wiederherzustellen. Versuchte
Signaturen: %%824 Fehlercode: 0x8050a001 Fehlerbeschreibung: Das Programm kann keine
Definitionsdateien finden, die dazu dienen, unerwünschte Software zu erkennen.
Überprüfen Sie, ob aktualisierte Definitionsdateien vorhanden sind, und versuchen
Sie es dann erneut. Weitere Informationen zum Installieren von Updates finden Sie
unter "Hilfe und Support". Ladende Signaturen: %%825 Ladene Signaturversion: 1.103.42.0
Ladende
Modulversion: 1.1.6702.0
Error - 29.04.2011 08:47:30 | Computer Name = Andy-PC | Source = ACPI | ID = 327686
Description = IRQARB: ACPI-BIOS enthält keinen IRQ für das Gerät im PCI-Steckplatz
3, Funktion 0. Wenden Sie sich an den Systemhersteller, um technische Unterstützung
zu erhalten.
Error - 29.04.2011 08:47:30 | Computer Name = Andy-PC | Source = ACPI | ID = 327686
Description = IRQARB: ACPI-BIOS enthält keinen IRQ für das Gerät im PCI-Steckplatz
22, Funktion 0. Wenden Sie sich an den Systemhersteller, um technische Unterstützung
zu erhalten.
Error - 29.04.2011 09:44:57 | Computer Name = Andy-PC | Source = ACPI | ID = 327686
Description = IRQARB: ACPI-BIOS enthält keinen IRQ für das Gerät im PCI-Steckplatz
3, Funktion 0. Wenden Sie sich an den Systemhersteller, um technische Unterstützung
zu erhalten.
Error - 29.04.2011 09:44:57 | Computer Name = Andy-PC | Source = ACPI | ID = 327686
Description = IRQARB: ACPI-BIOS enthält keinen IRQ für das Gerät im PCI-Steckplatz
22, Funktion 0. Wenden Sie sich an den Systemhersteller, um technische Unterstützung
zu erhalten.
Error - 29.04.2011 10:08:56 | Computer Name = Andy-PC | Source = Dhcp | ID = 1002
Description = Die IP-Adresslease 2.203.254.250 für die Netzwerkkarte mit der Netzwerkadresse
001E101F8924 wurde durch den DHCP-Server 109.44.52.81 abgelehnt (der DHCP-Server
hat eine DHCPNACK-Meldung gesendet).
Error - 29.04.2011 11:57:13 | Computer Name = Andy-PC | Source = ACPI | ID = 327686
Description = IRQARB: ACPI-BIOS enthält keinen IRQ für das Gerät im PCI-Steckplatz
3, Funktion 0. Wenden Sie sich an den Systemhersteller, um technische Unterstützung
zu erhalten.
Error - 29.04.2011 11:57:13 | Computer Name = Andy-PC | Source = ACPI | ID = 327686
Description = IRQARB: ACPI-BIOS enthält keinen IRQ für das Gerät im PCI-Steckplatz
22, Funktion 0. Wenden Sie sich an den Systemhersteller, um technische Unterstützung
zu erhalten.
Error - 29.04.2011 12:06:58 | Computer Name = Andy-PC | Source = Dhcp | ID = 1002
Description = Die IP-Adresslease 109.44.52.82 für die Netzwerkkarte mit der Netzwerkadresse
001E101F21C1 wurde durch den DHCP-Server 109.40.42.90 abgelehnt (der DHCP-Server
hat eine DHCPNACK-Meldung gesendet).
< End of report >
Code:
ATTFilter OTL logfile created on: 29.04.2011 18:10:37 - Run 1 OTL by OldTimer - Version 3.2.22.3 Folder = C:\Users\Andy\Downloads Windows Vista Home Premium Edition (Version = 6.0.6000) - Type = NTWorkstation Internet Explorer (Version = 7.0.6000.17037) Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy 2,00 Gb Total Physical Memory | 1,00 Gb Available Physical Memory | 53,00% Memory free 4,00 Gb Paging File | 3,00 Gb Available in Paging File | 73,00% Paging File free Paging file location(s): ?:\pagefile.sys [binary data] %SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files Drive C: | 465,76 Gb Total Space | 138,73 Gb Free Space | 29,79% Space Free | Partition Type: NTFS Drive J: | 43,64 Mb Total Space | 0,00 Mb Free Space | 0,00% Space Free | Partition Type: CDFS Computer Name: ANDY-PC | User Name: Andy | Logged in as Administrator. Boot Mode: Normal | Scan Mode: Current user Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days ========== Processes (SafeList) ========== PRC - [2011.04.29 17:15:28 | 000,580,608 | ---- | M] (OldTimer Tools) -- C:\Users\Andy\Downloads\OTL.exe PRC - [2011.04.27 17:23:07 | 000,136,360 | ---- | M] (Avira GmbH) -- C:\Programme\Avira\AntiVir Desktop\sched.exe PRC - [2011.04.27 17:23:05 | 000,269,480 | ---- | M] (Avira GmbH) -- C:\Programme\Avira\AntiVir Desktop\avguard.exe PRC - [2010.12.03 21:43:34 | 000,912,344 | ---- | M] (Mozilla Corporation) -- C:\Programme\Mozilla Firefox\firefox.exe PRC - [2010.11.03 12:38:23 | 000,281,768 | ---- | M] (Avira GmbH) -- C:\Programme\Avira\AntiVir Desktop\avgnt.exe PRC - [2010.08.24 11:38:18 | 000,092,008 | ---- | M] (TomTom) -- C:\Programme\TomTom HOME 2\TomTomHOMEService.exe PRC - [2010.01.14 22:10:53 | 000,076,968 | ---- | M] (Avira GmbH) -- C:\Programme\Avira\AntiVir Desktop\avshadow.exe PRC - [2009.09.11 12:34:22 | 002,403,840 | ---- | M] (Vodafone) -- C:\Programme\Vodafone\Vodafone Mobile Connect\Bin\MobileConnect.exe PRC - [2009.09.11 12:33:54 | 000,009,216 | ---- | M] (Vodafone) -- C:\Programme\Vodafone\Vodafone Mobile Connect\Bin\VMCService.exe PRC - [2009.03.12 16:37:12 | 000,724,992 | ---- | M] (Bytemobile, Inc.) -- C:\Programme\Vodafone\Vodafone Mobile Connect\Optimization Client\bmop.exe PRC - [2009.03.12 16:37:12 | 000,380,928 | ---- | M] (Bytemobile, Inc.) -- C:\Programme\Vodafone\Vodafone Mobile Connect\Optimization Client\bmctl.exe PRC - [2008.10.29 08:20:29 | 002,923,520 | ---- | M] (Microsoft Corporation) -- C:\Windows\explorer.exe PRC - [2008.03.04 22:43:22 | 001,006,264 | ---- | M] (Microsoft Corporation) -- C:\Programme\Windows Defender\MSASCui.exe PRC - [2007.08.28 17:31:54 | 000,169,312 | ---- | M] () -- C:\Programme\Ashampoo\Ashampoo Magical Defrag 2\bin\defragTaskBar.exe PRC - [2007.08.28 17:31:54 | 000,132,448 | ---- | M] (ashampoo Technology GmbH & Co. KG) -- C:\Programme\Ashampoo\Ashampoo Magical Defrag 2\bin\defragMonitorService.exe PRC - [2007.08.28 17:31:48 | 000,079,200 | ---- | M] () -- C:\Programme\Ashampoo\Ashampoo Magical Defrag 2\bin\defragActivityMonitor.exe PRC - [2007.08.28 17:31:38 | 000,763,232 | ---- | M] ( ) -- C:\Programme\Ashampoo\Ashampoo Magical Defrag 2\bin\aDefragService.exe PRC - [2007.07.23 14:43:58 | 003,502,080 | ---- | M] (Analog Devices, Inc.) -- C:\Programme\Analog Devices\SoundMAX\SoundMAX.exe PRC - [2007.06.07 01:41:36 | 000,086,016 | ---- | M] (Andrea Electronics Corporation) -- C:\Windows\System32\AEADISRV.EXE PRC - [2007.04.02 08:15:40 | 000,061,440 | ---- | M] (Creative Technology Ltd) -- C:\Programme\Creative\Shared Files\CTDevSrv.exe PRC - [2006.11.02 14:36:04 | 000,895,488 | ---- | M] (Microsoft Corporation) -- C:\Programme\Windows Media Player\wmpnetwk.exe PRC - [2006.11.02 14:36:04 | 000,201,728 | ---- | M] (Microsoft Corporation) -- C:\Programme\Windows Media Player\wmpnscfg.exe PRC - [2006.07.23 03:22:42 | 001,126,400 | ---- | M] (Logitech Inc.) -- C:\Programme\Common Files\Logitech\G-series Software\LGDCore.exe ========== Modules (SafeList) ========== MOD - [2011.04.29 17:15:28 | 000,580,608 | ---- | M] (OldTimer Tools) -- C:\Users\Andy\Downloads\OTL.exe MOD - [2006.11.02 11:38:57 | 001,648,128 | ---- | M] (Microsoft Corporation) -- C:\Windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.6000.16386_none_5d07289e07e1d100\comctl32.dll ========== Win32 Services (SafeList) ========== SRV - [2011.04.27 17:23:07 | 000,136,360 | ---- | M] (Avira GmbH) [Auto | Running] -- C:\Program Files\Avira\AntiVir Desktop\sched.exe -- (AntiVirSchedulerService) SRV - [2011.04.27 17:23:05 | 000,269,480 | ---- | M] (Avira GmbH) [Auto | Running] -- C:\Program Files\Avira\AntiVir Desktop\avguard.exe -- (AntiVirService) SRV - [2010.08.24 11:38:18 | 000,092,008 | ---- | M] (TomTom) [Auto | Running] -- C:\Programme\TomTom HOME 2\TomTomHOMEService.exe -- (TomTomHOMEService) SRV - [2009.09.11 12:33:54 | 000,009,216 | ---- | M] (Vodafone) [Auto | Running] -- C:\Program Files\Vodafone\Vodafone Mobile Connect\Bin\VMCService.exe -- (VMCService) SRV - [2008.09.25 22:01:32 | 000,092,656 | ---- | M] (Valve Corporation) [On_Demand | Stopped] -- C:\Program Files\Common Files\Steam\SteamService.exe -- (Steam Client Service) SRV - [2008.05.21 13:42:56 | 000,064,000 | ---- | M] (Creative Technology Ltd) [On_Demand | Stopped] -- C:\Programme\Creative\Creative Centrale\CTUPnPSv.exe -- (CTUPnPSv) SRV - [2008.05.02 02:42:06 | 000,121,360 | ---- | M] (Logitech, Inc.) [On_Demand | Stopped] -- C:\Programme\Common Files\Logitech\Bluetooth\LBTServ.exe -- (LBTServ) SRV - [2008.03.04 22:43:21 | 000,265,912 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Programme\Windows Defender\MpSvc.dll -- (WinDefend) SRV - [2007.08.28 17:31:38 | 000,763,232 | ---- | M] ( ) [Auto | Running] -- C:\Programme\Ashampoo\Ashampoo Magical Defrag 2\bin\aDefragService.exe -- (AshampooDefragService) SRV - [2007.06.07 01:41:36 | 000,086,016 | ---- | M] (Andrea Electronics Corporation) [Auto | Running] -- C:\Windows\System32\AEADISRV.EXE -- (AEADIFilters) SRV - [2007.05.31 16:21:24 | 000,379,784 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\WindowsMobile\wcescomm.dll -- (WcesComm) SRV - [2007.05.31 16:21:18 | 000,183,688 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\WindowsMobile\rapimgr.dll -- (RapiMgr) SRV - [2007.04.02 08:15:40 | 000,061,440 | ---- | M] (Creative Technology Ltd) [Auto | Running] -- C:\Programme\Creative\Shared Files\CTDevSrv.exe -- (CTDevice_Srv) ========== Driver Services (SafeList) ========== DRV - [2011.04.27 17:23:08 | 000,137,656 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\Windows\System32\drivers\avipbb.sys -- (avipbb) DRV - [2010.11.24 19:40:48 | 000,061,960 | ---- | M] (Avira GmbH) [File_System | Auto | Running] -- C:\Windows\System32\drivers\avgntflt.sys -- (avgntflt) DRV - [2009.07.13 17:57:04 | 000,035,840 | ---- | M] (CACE Technologies) [Kernel | Auto | Running] -- C:\Windows\system32\drivers\npf_devolo.sys -- (NPF_devolo) NetGroup Packet Filter Driver (devolo) DRV - [2009.06.29 17:59:02 | 000,112,128 | ---- | M] (Huawei Technologies Co., Ltd.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\ewusbnet.sys -- (ewusbnet) DRV - [2009.06.29 17:59:02 | 000,102,912 | ---- | M] (Huawei Technologies Co., Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\ewusbfake.sys -- (hwusbfake) DRV - [2009.05.11 10:12:49 | 000,028,520 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\Windows\System32\drivers\ssmdrv.sys -- (ssmdrv) DRV - [2009.04.09 13:38:26 | 000,102,784 | ---- | M] (Huawei Technologies Co., Ltd.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\ewusbmdm.sys -- (hwdatacard) DRV - [2009.02.13 12:35:01 | 000,011,608 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\Programme\Avira\AntiVir Desktop\avgio.sys -- (avgio) DRV - [2008.10.09 13:50:04 | 000,018,816 | ---- | M] (Bytemobile, Inc.) [Kernel | System | Running] -- C:\Windows\System32\drivers\tcpipBM.sys -- (tcpipBM) DRV - [2008.09.25 22:29:12 | 000,025,280 | ---- | M] (LogMeIn, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\hamachi.sys -- (hamachi) DRV - [2008.07.29 16:00:34 | 000,005,632 | ---- | M] () [File_System | System | Running] -- C:\Windows\System32\drivers\StarOpen.sys -- (StarOpen) DRV - [2008.03.11 15:18:19 | 000,278,984 | ---- | M] () [Kernel | Auto | Running] -- C:\Windows\System32\drivers\atksgt.sys -- (atksgt) DRV - [2008.03.09 17:04:20 | 000,025,416 | ---- | M] () [Kernel | Auto | Running] -- C:\Windows\System32\drivers\lirsgt.sys -- (lirsgt) DRV - [2008.02.29 03:13:46 | 000,028,944 | ---- | M] (Logitech, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\LUsbFilt.sys -- (LUsbFilt) DRV - [2008.02.29 03:13:24 | 000,036,880 | ---- | M] (Logitech, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\LMouFilt.Sys -- (LMouFilt) DRV - [2008.02.29 03:13:16 | 000,035,344 | ---- | M] (Logitech, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\LHidFilt.Sys -- (LHidFilt) DRV - [2007.12.11 18:06:00 | 008,238,688 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\nvlddmkm.sys -- (nvlddmkm) DRV - [2007.11.18 04:39:50 | 001,040,544 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\nvmfdx32.sys -- (NVENETFD) DRV - [2007.08.09 05:12:30 | 000,110,624 | ---- | M] (NVIDIA Corporation) [Kernel | Boot | Running] -- C:\Windows\system32\DRIVERS\nvstor32.sys -- (nvstor32) DRV - [2007.07.03 16:58:20 | 000,106,792 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\sscdmdm.sys -- (sscdmdm) DRV - [2007.07.03 16:57:24 | 000,011,944 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\sscdmdfl.sys -- (sscdmdfl) DRV - [2007.07.03 16:54:24 | 000,080,552 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\sscdbus.sys -- (sscdbus) SAMSUNG USB Composite Device driver (WDM) DRV - [2007.06.15 09:52:18 | 000,143,256 | ---- | M] (Marvell Semiconductor, Inc.) [Kernel | Boot | Running] -- C:\Windows\system32\DRIVERS\mv61xx.sys -- (mv61xx) DRV - [2007.04.11 16:33:06 | 000,079,376 | ---- | M] (Logitech Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\LMouKE.Sys -- (LMouKE) DRV - [2007.04.11 16:32:38 | 000,063,248 | ---- | M] (Logitech Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\L8042mou.Sys -- (L8042mou) DRV - [2007.04.11 16:32:30 | 000,020,496 | ---- | M] (Logitech Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\L8042Kbd.sys -- (L8042Kbd) DRV - [2007.01.12 20:09:53 | 000,082,296 | ---- | M] (Protection Technology (StarForce)) [Kernel | Boot | Running] -- C:\Windows\System32\drivers\sfvfs02.sys -- (sfvfs02) StarForce Protection VFS Driver (version 2.x) DRV - [2006.11.02 10:55:05 | 000,031,616 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\winusb.sys -- (winusb) DRV - [2006.10.18 07:44:48 | 000,007,680 | ---- | M] () [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\ASACPI.sys -- (MTsensor) DRV - [2006.07.10 18:19:58 | 000,027,032 | ---- | M] (Protection Technology) [Kernel | Boot | Running] -- C:\Windows\System32\drivers\sfsync02.sys -- (sfsync02) StarForce Protection Synchronization Driver (version 2.x) DRV - [2006.07.05 14:46:06 | 000,063,352 | ---- | M] (Protection Technology (StarForce)) [Kernel | Boot | Running] -- C:\Windows\System32\drivers\sfdrv01a.sys -- (sfdrv01a) StarForce Protection Environment Driver (version 1.x.a) DRV - [2006.06.14 16:56:56 | 000,013,680 | ---- | M] (Protection Technology (StarForce)) [Kernel | Boot | Running] -- C:\Windows\System32\drivers\sfhlp02.sys -- (sfhlp02) StarForce Protection Helper Driver (version 2.x) ========== Standard Registry (SafeList) ========== ========== Internet Explorer ========== IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = %SystemRoot%\system32\blank.htm IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://start.icq.com/ IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,StartPageCache = 1 IE - HKCU\..\URLSearchHook: - Reg Error: Key error. File not found IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 ========== FireFox ========== FF - prefs.js..browser.search.defaultenginename: "ICQ Search" FF - prefs.js..browser.search.selectedEngine: "Google" FF - prefs.js..browser.startup.homepage: "hxxp://www.google.de/" FF - prefs.js..extensions.enabledItems: {800b5000-a755-47e1-992b-48a1c1357f07}:1.1.7 FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}:6.0.20 FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA}:6.0.21 FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}:6.0.22 FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA}:6.0.23 FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA}:6.0.24 FF - prefs.js..keyword.URL: "hxxp://search.icq.com/search/afe_results.php?ch_id=afex&tb_ver=1.1.7&q=" FF - HKLM\software\mozilla\Firefox\Extensions\\smartwebprinting@hp.com: C:\Program Files\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3 [2010.01.24 22:11:09 | 000,000,000 | ---D | M] FF - HKLM\software\mozilla\Firefox\Extensions\\ff-bmboc@bytemobile.com: C:\Program Files\Vodafone\Vodafone Mobile Connect\Optimization Client\addon\ [2010.07.16 20:15:59 | 000,000,000 | ---D | M] FF - HKLM\software\mozilla\Mozilla Firefox 3.6.13\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2011.01.17 21:51:47 | 000,000,000 | ---D | M] FF - HKLM\software\mozilla\Mozilla Firefox 3.6.13\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2011.01.19 16:30:06 | 000,000,000 | ---D | M] [2010.07.17 08:59:46 | 000,000,000 | -H-D | M] (No name found) -- C:\Users\Andy\AppData\Roaming\mozilla\Extensions [2009.12.24 21:33:43 | 000,000,000 | -H-D | M] (No name found) -- C:\Users\Andy\AppData\Roaming\mozilla\Extensions\home2@tomtom.com [2011.04.29 15:02:21 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Andy\AppData\Roaming\mozilla\Firefox\Profiles\2j35kolb.default\extensions [2011.04.27 17:10:23 | 000,000,000 | ---D | M] (Microsoft .NET Framework Assistant) -- C:\Users\Andy\AppData\Roaming\mozilla\Firefox\Profiles\2j35kolb.default\extensions\{20a82645-c095-46ed-80e3-08825760534b} [2011.04.27 17:10:23 | 000,000,000 | ---D | M] ("ICQ Toolbar") -- C:\Users\Andy\AppData\Roaming\mozilla\Firefox\Profiles\2j35kolb.default\extensions\{800b5000-a755-47e1-992b-48a1c1357f07} [2011.04.27 15:36:40 | 000,000,950 | ---- | M] () -- C:\Users\Andy\AppData\Roaming\Mozilla\Firefox\Profiles\2j35kolb.default\searchplugins\icqplugin-1.xml [2011.01.17 21:07:03 | 000,000,950 | -H-- | M] () -- C:\Users\Andy\AppData\Roaming\Mozilla\Firefox\Profiles\2j35kolb.default\searchplugins\icqplugin-2.xml [2010.12.31 11:06:11 | 000,001,056 | -H-- | M] () -- C:\Users\Andy\AppData\Roaming\Mozilla\Firefox\Profiles\2j35kolb.default\searchplugins\icqplugin.xml [2011.04.27 17:26:54 | 000,000,000 | ---D | M] (No name found) -- C:\Programme\Mozilla Firefox\extensions [2009.03.14 00:16:11 | 000,000,000 | ---D | M] ("ICQ Toolbar") -- C:\Programme\Mozilla Firefox\extensions\{800b5000-a755-47e1-992b-48a1c1357f07} [2010.04.20 23:57:08 | 000,000,000 | ---D | M] (Java Console) -- C:\Programme\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA} [2010.08.21 11:47:11 | 000,000,000 | ---D | M] (Java Console) -- C:\Programme\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA} [2010.10.21 16:01:29 | 000,000,000 | ---D | M] (Java Console) -- C:\Programme\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA} [2010.12.25 15:28:26 | 000,000,000 | ---D | M] (Java Console) -- C:\Programme\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA} [2011.04.27 17:26:54 | 000,000,000 | ---D | M] (Java Console) -- C:\Programme\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA} [2008.07.16 17:43:40 | 000,000,000 | ---D | M] (Java Console) -- C:\PROGRAM FILES\MOZILLA FIREFOX\EXTENSIONS\{CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA} [2008.11.25 17:33:15 | 000,000,000 | ---D | M] (Java Console) -- C:\PROGRAM FILES\MOZILLA FIREFOX\EXTENSIONS\{CAFEEFAC-0016-0000-0010-ABCDEFFEDCBA} [2008.12.15 20:07:59 | 000,000,000 | ---D | M] (Java Console) -- C:\PROGRAM FILES\MOZILLA FIREFOX\EXTENSIONS\{CAFEEFAC-0016-0000-0011-ABCDEFFEDCBA} [2009.03.27 14:31:20 | 000,000,000 | ---D | M] (Java Console) -- C:\PROGRAM FILES\MOZILLA FIREFOX\EXTENSIONS\{CAFEEFAC-0016-0000-0013-ABCDEFFEDCBA} [2009.08.29 12:51:57 | 000,000,000 | ---D | M] (Java Console) -- C:\PROGRAM FILES\MOZILLA FIREFOX\EXTENSIONS\{CAFEEFAC-0016-0000-0015-ABCDEFFEDCBA} [2009.12.05 10:00:37 | 000,000,000 | ---D | M] (Java Console) -- C:\PROGRAM FILES\MOZILLA FIREFOX\EXTENSIONS\{CAFEEFAC-0016-0000-0017-ABCDEFFEDCBA} [2010.04.02 21:41:51 | 000,000,000 | ---D | M] (Java Console) -- C:\PROGRAM FILES\MOZILLA FIREFOX\EXTENSIONS\{CAFEEFAC-0016-0000-0019-ABCDEFFEDCBA} [2010.04.20 23:57:08 | 000,000,000 | ---D | M] (Java Console) -- C:\PROGRAM FILES\MOZILLA FIREFOX\EXTENSIONS\{CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA} [2010.08.21 11:47:11 | 000,000,000 | ---D | M] (Java Console) -- C:\PROGRAM FILES\MOZILLA FIREFOX\EXTENSIONS\{CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA} [2010.10.21 16:01:29 | 000,000,000 | ---D | M] (Java Console) -- C:\PROGRAM FILES\MOZILLA FIREFOX\EXTENSIONS\{CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA} [2010.12.25 15:28:26 | 000,000,000 | ---D | M] (Java Console) -- C:\PROGRAM FILES\MOZILLA FIREFOX\EXTENSIONS\{CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA} [2011.04.27 17:26:54 | 000,000,000 | ---D | M] (Java Console) -- C:\PROGRAM FILES\MOZILLA FIREFOX\EXTENSIONS\{CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA} [2011.02.02 21:40:24 | 000,472,808 | ---- | M] (Sun Microsystems, Inc.) -- C:\Programme\Mozilla Firefox\plugins\npdeployJava1.dll [2010.12.03 20:14:08 | 000,001,392 | ---- | M] () -- C:\Programme\Mozilla Firefox\searchplugins\amazondotcom-de.xml [2010.12.03 20:14:08 | 000,002,344 | ---- | M] () -- C:\Programme\Mozilla Firefox\searchplugins\eBay-de.xml [2010.12.03 20:14:08 | 000,006,805 | ---- | M] () -- C:\Programme\Mozilla Firefox\searchplugins\leo_ende_de.xml [2010.12.03 20:14:08 | 000,001,178 | ---- | M] () -- C:\Programme\Mozilla Firefox\searchplugins\wikipedia-de.xml [2010.12.03 20:14:08 | 000,001,105 | ---- | M] () -- C:\Programme\Mozilla Firefox\searchplugins\yahoo-de.xml O1 HOSTS File: ([2006.09.18 23:41:30 | 000,000,736 | ---- | M]) - C:\Windows\System32\drivers\etc\hosts O1 - Hosts: ::1 localhost O2 - BHO: (Adobe PDF Reader) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Programme\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll (Adobe Systems Incorporated) O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - No CLSID value found. O2 - BHO: (Windows Live Anmelde-Hilfsprogramm) - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Programme\Common Files\microsoft shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corporation) O4 - HKLM..\Run: [] File not found O4 - HKLM..\Run: [avgnt] C:\Program Files\Avira\AntiVir Desktop\avgnt.exe (Avira GmbH) O4 - HKLM..\Run: [DefragTaskBar] C:\Program Files\Ashampoo\Ashampoo Magical Defrag 2\bin\defragTaskBar.exe () O4 - HKLM..\Run: [Kernel and Hardware Abstraction Layer] C:\Windows\KHALMNPR.Exe (Logitech, Inc.) O4 - HKLM..\Run: [Launch LCDMon] File not found O4 - HKLM..\Run: [Launch LGDCore] C:\Program Files\Common Files\Logitech\G-series Software\LGDCore.exe (Logitech Inc.) O4 - HKLM..\Run: [Logitech Hardware Abstraction Layer] C:\Windows\KHALMNPR.Exe (Logitech, Inc.) O4 - HKLM..\Run: [Malwarebytes' Anti-Malware (reboot)] C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe (Malwarebytes Corporation) O4 - HKLM..\Run: [MobileConnect] C:\Program Files\Vodafone\Vodafone Mobile Connect\Bin\MobileConnect.exe (Vodafone) O4 - HKLM..\Run: [NvCplDaemon] C:\Windows\System32\NvCpl.dll (NVIDIA Corporation) O4 - HKLM..\Run: [NvMediaCenter] C:\Windows\System32\NvMcTray.dll (NVIDIA Corporation) O4 - HKLM..\Run: [NvSvc] C:\Windows\System32\nvsvc.dll (NVIDIA Corporation) O4 - HKLM..\Run: [SoundMAX] C:\Program Files\Analog Devices\SoundMAX\soundmax.exe (Analog Devices, Inc.) O4 - HKLM..\Run: [WinampAgent] File not found O4 - HKLM..\Run: [Windows Defender] C:\Program Files\Windows Defender\MSASCui.exe (Microsoft Corporation) O4 - HKCU..\Run: [Treemod] C:\Users\Andy\AppData\Roaming\Libtab\advjava.exe () O4 - HKCU..\Run: [WMPNSCFG] C:\Programme\Windows Media Player\wmpnscfg.exe (Microsoft Corporation) O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145 O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: LogonHoursAction = 2 O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: DontDisplayLogonHoursWarnings = 1 O9 - Extra Button: An OneNote senden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Programme\Microsoft Office\Office12\ONBttnIE.dll (Microsoft Corporation) O9 - Extra 'Tools' menuitem : An OneNote s&enden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Programme\Microsoft Office\Office12\ONBttnIE.dll (Microsoft Corporation) O9 - Extra Button: @C:\Windows\WindowsMobile\INetRepl.dll,-222 - {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - C:\Windows\WindowsMobile\INetRepl.dll (Microsoft Corporation) O9 - Extra 'Tools' menuitem : @C:\Windows\WindowsMobile\INetRepl.dll,-223 - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\Windows\WindowsMobile\INetRepl.dll (Microsoft Corporation) O9 - Extra Button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\Programme\Microsoft Office\Office12\REFIEBAR.DLL (Microsoft Corporation) O10 - Protocol_Catalog9\Catalog_Entries\000000000001 - File not found O10 - Protocol_Catalog9\Catalog_Entries\000000000002 - File not found O10 - Protocol_Catalog9\Catalog_Entries\000000000003 - File not found O13 - gopher Prefix: missing O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_24-windows-i586.cab (Java Plug-in 1.6.0_24) O16 - DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} hxxp://fpdownload.macromedia.com/get/flashplayer/current/ultrashim.cab (Reg Error: Key error.) O16 - DPF: {CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_24-windows-i586.cab (Java Plug-in 1.6.0_24) O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_24-windows-i586.cab (Java Plug-in 1.6.0_24) O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 139.7.30.126 139.7.30.125 O18 - Protocol\Handler\livecall {828030A1-22C1-4009-854F-8E305202313F} - C:\Programme\Windows Live\Messenger\msgrapp.14.0.8089.0726.dll (Microsoft Corporation) O18 - Protocol\Handler\ms-help {314111c7-a502-11d2-bbca-00c04f8ec294} - C:\Programme\Common Files\microsoft shared\Help\hxds.dll (Microsoft Corporation) O18 - Protocol\Handler\msnim {828030A1-22C1-4009-854F-8E305202313F} - C:\Programme\Windows Live\Messenger\msgrapp.14.0.8089.0726.dll (Microsoft Corporation) O18 - Protocol\Handler\wlmailhtml {03C514A3-1EFB-4856-9F99-10D7BE1653C0} - C:\Programme\Windows Live\Mail\mailcomm.dll (Microsoft Corporation) O18 - Protocol\Filter\text/xml {807563E5-5146-11D5-A672-00B0D022E945} - C:\Programme\Common Files\microsoft shared\OFFICE12\MSOXMLMF.DLL (Microsoft Corporation) O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation) O24 - Desktop WallPaper: C:\Users\Andy\AppData\Roaming\Microsoft\Windows Photo Gallery\Hintergrundbild der Windows-Fotogalerie.jpg O24 - Desktop BackupWallPaper: C:\Users\Andy\AppData\Roaming\Microsoft\Windows Photo Gallery\Hintergrundbild der Windows-Fotogalerie.jpg O32 - HKLM CDRom: AutoRun - 1 O32 - AutoRun File - [2006.09.18 23:43:36 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ] O32 - AutoRun File - [2009.09.11 20:53:06 | 000,000,119 | R--- | M] () - J:\autorun.inf -- [ CDFS ] O33 - MountPoints2\{39bca148-9101-11df-9621-806e6f6e6963}\Shell - "" = AutoRun O33 - MountPoints2\{39bca148-9101-11df-9621-806e6f6e6963}\Shell\AutoRun\command - "" = E:\setup_vmc_lite.exe /checkApplicationPresence O33 - MountPoints2\{42d26cbf-48a8-11e0-8022-001e101f2c0e}\Shell - "" = AutoRun O33 - MountPoints2\{42d26cbf-48a8-11e0-8022-001e101f2c0e}\Shell\AutoRun\command - "" = E:\setup_vmc_lite.exe /checkApplicationPresence O33 - MountPoints2\{a709443e-9165-11df-8386-001e101fad7c}\Shell - "" = AutoRun O33 - MountPoints2\{a709443e-9165-11df-8386-001e101fad7c}\Shell\AutoRun\command - "" = E:\setup_vmc_lite.exe /checkApplicationPresence O33 - MountPoints2\{f79f8351-49a7-11e0-bd97-001e101f1058}\Shell - "" = AutoRun O33 - MountPoints2\{f79f8351-49a7-11e0-bd97-001e101f1058}\Shell\AutoRun\command - "" = E:\setup_vmc_lite.exe /checkApplicationPresence O33 - MountPoints2\J\Shell - "" = AutoRun O33 - MountPoints2\J\Shell\AutoRun\command - "" = J:\setup_vmc_lite.exe -- [2009.07.23 16:55:39 | 000,266,240 | R--- | M] (Vodafone) O34 - HKLM BootExecute: (autocheck autochk *) - File not found O35 - HKLM\..comfile [open] -- "%1" %* O35 - HKLM\..exefile [open] -- "%1" %* O37 - HKLM\...com [@ = comfile] -- "%1" %* O37 - HKLM\...exe [@ = exefile] -- "%1" %* ========== Files/Folders - Created Within 30 Days ========== [2011.04.29 15:26:59 | 000,000,000 | ---D | C] -- C:\Users\Andy\AppData\Roaming\Malwarebytes [2011.04.29 15:26:51 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes' Anti-Malware [2011.04.29 15:26:50 | 000,038,224 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbamswissarmy.sys [2011.04.29 15:26:50 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes [2011.04.29 15:26:47 | 000,020,952 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbam.sys [2011.04.29 15:26:47 | 000,000,000 | ---D | C] -- C:\Programme\Malwarebytes' Anti-Malware [2011.04.27 17:26:51 | 000,157,472 | ---- | C] (Sun Microsystems, Inc.) -- C:\Windows\System32\javaws.exe [2011.04.27 17:26:51 | 000,145,184 | ---- | C] (Sun Microsystems, Inc.) -- C:\Windows\System32\javaw.exe [2011.04.27 17:26:50 | 000,145,184 | ---- | C] (Sun Microsystems, Inc.) -- C:\Windows\System32\java.exe [2 C:\Windows\System32\*.tmp files -> C:\Windows\System32\*.tmp -> ] [1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ] [1 C:\*.tmp files -> C:\*.tmp -> ] ========== Files - Modified Within 30 Days ========== [2011.04.29 17:57:55 | 000,004,176 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0 [2011.04.29 17:57:55 | 000,004,176 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0 [2011.04.29 17:57:53 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat [2011.04.29 15:26:51 | 000,000,912 | ---- | M] () -- C:\Users\Public\Desktop\Malwarebytes' Anti-Malware.lnk [2011.04.29 15:05:24 | 000,000,416 | -H-- | M] () -- C:\Windows\tasks\User_Feed_Synchronization-{FE96D7E8-71EB-4CBA-ABC7-CDCFEE1C5CE9}.job [2011.04.27 17:23:08 | 000,137,656 | ---- | M] (Avira GmbH) -- C:\Windows\System32\drivers\avipbb.sys [2011.04.27 17:19:39 | 000,372,254 | ---- | M] () -- C:\Windows\System32\perfh009.dat [2011.04.27 17:19:39 | 000,243,644 | ---- | M] () -- C:\Windows\System32\perfh007.dat [2011.04.27 17:19:39 | 000,052,008 | ---- | M] () -- C:\Windows\System32\perfc007.dat [2011.04.27 17:19:39 | 000,051,304 | ---- | M] () -- C:\Windows\System32\perfc009.dat [2011.04.27 15:25:23 | 000,000,184 | -H-- | M] () -- C:\ProgramData\~24567584 [2011.04.27 15:25:22 | 000,000,152 | -H-- | M] () -- C:\ProgramData\~24567584r [2011.04.27 15:05:00 | 000,000,344 | -H-- | M] () -- C:\ProgramData\24567584 [2 C:\Windows\System32\*.tmp files -> C:\Windows\System32\*.tmp -> ] [1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ] [1 C:\*.tmp files -> C:\*.tmp -> ] ========== Files Created - No Company Name ========== [2011.04.29 15:26:51 | 000,000,912 | ---- | C] () -- C:\Users\Public\Desktop\Malwarebytes' Anti-Malware.lnk [2011.04.27 15:15:35 | 000,000,184 | -H-- | C] () -- C:\ProgramData\~24567584 [2011.04.27 15:15:35 | 000,000,152 | -H-- | C] () -- C:\ProgramData\~24567584r [2011.04.27 15:05:00 | 000,000,344 | -H-- | C] () -- C:\ProgramData\24567584 [2010.07.17 10:55:48 | 000,000,552 | -H-- | C] () -- C:\Users\Andy\AppData\Local\d3d8caps.dat [2010.06.18 12:38:03 | 000,000,100 | --S- | C] () -- C:\Users\Andy\AppData\Local\452020604.dat [2010.01.24 22:10:53 | 000,023,685 | ---- | C] () -- C:\Windows\hpqins15.dat [2010.01.23 21:26:09 | 000,179,946 | ---- | C] () -- C:\Windows\hpoins36.dat [2010.01.23 21:26:09 | 000,000,652 | ---- | C] () -- C:\Windows\hpomdl36.dat [2009.08.03 15:07:42 | 000,403,816 | ---- | C] () -- C:\Windows\System32\OGACheckControl.dll [2009.08.03 15:07:42 | 000,230,768 | ---- | C] () -- C:\Windows\System32\OGAEXEC.exe [2009.06.16 13:25:02 | 000,121,512 | R--- | C] () -- C:\ProgramData\DeviceManager.xml.rc4 [2009.05.23 18:30:46 | 000,165,999 | ---- | C] () -- C:\Windows\System32\kungsfcnqdrcci.dat [2008.05.31 21:06:27 | 000,000,000 | ---- | C] () -- C:\ProgramData\LauncherAccess.dt [2008.05.31 20:59:40 | 000,000,059 | ---- | C] () -- C:\Windows\wininit.ini [2008.05.31 20:56:57 | 000,005,632 | ---- | C] () -- C:\Windows\System32\drivers\StarOpen.sys [2008.03.31 23:56:55 | 000,027,648 | ---- | C] () -- C:\Users\Andy\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini [2008.03.21 13:29:04 | 000,000,181 | ---- | C] () -- C:\Users\Andy\AppData\Roaming\wss.ini [2008.03.13 22:45:44 | 000,000,000 | ---- | C] () -- C:\Windows\nsreg.dat [2008.03.10 10:27:16 | 000,000,092 | -H-- | C] () -- C:\Users\Andy\AppData\Local\fusioncache.dat [2008.03.09 20:03:54 | 000,022,328 | ---- | C] () -- C:\Windows\System32\drivers\PnkBstrK.sys [2008.03.09 20:03:54 | 000,022,328 | ---- | C] () -- C:\Users\Andy\AppData\Roaming\PnkBstrK.sys [2008.03.09 20:03:31 | 000,103,736 | ---- | C] () -- C:\Windows\System32\PnkBstrB.exe [2008.03.09 20:03:29 | 000,669,184 | ---- | C] () -- C:\Windows\System32\pbsvc.exe [2008.03.09 20:03:29 | 000,066,872 | ---- | C] () -- C:\Windows\System32\PnkBstrA.exe [2008.03.09 17:04:20 | 000,278,984 | ---- | C] () -- C:\Windows\System32\drivers\atksgt.sys [2008.03.09 17:04:20 | 000,025,416 | ---- | C] () -- C:\Windows\System32\drivers\lirsgt.sys [2008.03.04 19:14:32 | 000,003,276 | R--- | C] () -- C:\Windows\System32\drivers\nvphy.bin [2008.03.04 19:12:39 | 000,024,812 | ---- | C] () -- C:\Windows\Ascd_log.ini [2008.03.04 19:09:22 | 000,024,571 | ---- | C] () -- C:\Windows\Ascd_tmp.ini [2008.03.04 19:09:22 | 000,007,680 | ---- | C] () -- C:\Windows\System32\drivers\ASACPI.sys [2008.03.04 19:09:19 | 000,012,536 | ---- | C] () -- C:\Windows\System32\drivers\ASUSHWIO.SYS [2008.03.04 19:05:06 | 000,001,356 | -H-- | C] () -- C:\Users\Andy\AppData\Local\d3d9caps.dat [2007.07.23 10:03:32 | 000,053,248 | ---- | C] () -- C:\Windows\System32\AgCPanelTraditionalChinese.dll [2007.07.23 10:03:32 | 000,053,248 | ---- | C] () -- C:\Windows\System32\AgCPanelSwedish.dll [2007.07.23 10:03:32 | 000,053,248 | ---- | C] () -- C:\Windows\System32\AgCPanelSpanish.dll [2007.07.23 10:03:30 | 000,053,248 | ---- | C] () -- C:\Windows\System32\AgCPanelSimplifiedChinese.dll [2007.07.23 10:03:30 | 000,053,248 | ---- | C] () -- C:\Windows\System32\AgCPanelPortugese.dll [2007.07.23 10:03:30 | 000,053,248 | ---- | C] () -- C:\Windows\System32\AgCPanelKorean.dll [2007.07.23 10:03:30 | 000,053,248 | ---- | C] () -- C:\Windows\System32\AgCPanelJapanese.dll [2007.07.23 10:03:30 | 000,053,248 | ---- | C] () -- C:\Windows\System32\AgCPanelGerman.dll [2007.07.23 10:03:30 | 000,053,248 | ---- | C] () -- C:\Windows\System32\AgCPanelFrench.dll [2006.11.02 17:33:31 | 000,290,748 | ---- | C] () -- C:\Windows\System32\perfi007.dat [2006.11.02 17:33:31 | 000,243,644 | ---- | C] () -- C:\Windows\System32\perfh007.dat [2006.11.02 17:33:31 | 000,052,008 | ---- | C] () -- C:\Windows\System32\perfc007.dat [2006.11.02 17:33:31 | 000,036,916 | ---- | C] () -- C:\Windows\System32\perfd007.dat [2006.11.02 14:57:28 | 000,067,584 | --S- | C] () -- C:\Windows\bootstat.dat [2006.11.02 14:47:37 | 000,268,664 | ---- | C] () -- C:\Windows\System32\FNTCACHE.DAT [2006.11.02 14:35:32 | 000,005,632 | ---- | C] () -- C:\Windows\System32\sysprepMCE.dll [2006.11.02 12:33:01 | 000,372,254 | ---- | C] () -- C:\Windows\System32\perfh009.dat [2006.11.02 12:33:01 | 000,287,440 | ---- | C] () -- C:\Windows\System32\perfi009.dat [2006.11.02 12:33:01 | 000,051,304 | ---- | C] () -- C:\Windows\System32\perfc009.dat [2006.11.02 12:33:01 | 000,030,674 | ---- | C] () -- C:\Windows\System32\perfd009.dat [2006.11.02 12:25:26 | 000,557,568 | ---- | C] () -- C:\Windows\System32\hpotscl1.dll [2006.11.02 12:23:21 | 000,215,943 | ---- | C] () -- C:\Windows\System32\dssec.dat [2006.11.02 10:58:30 | 000,043,131 | ---- | C] () -- C:\Windows\mib.bin [2006.11.02 10:19:00 | 000,000,741 | ---- | C] () -- C:\Windows\System32\NOISE.DAT [2006.11.02 09:40:29 | 000,013,750 | ---- | C] () -- C:\Windows\System32\pacerprf.ini [2006.11.02 09:25:31 | 000,673,088 | ---- | C] () -- C:\Windows\System32\mlang.dat [2006.11.02 09:22:43 | 000,099,999 | ---- | C] () -- C:\Windows\System32\StructuredQuerySchema.bin [2006.11.02 09:22:43 | 000,018,271 | ---- | C] () -- C:\Windows\System32\StructuredQuerySchemaTrivial.bin < End of report > |
|
02.05.2011, 11:09
| #2 |
| /// Malware-holic   | WindowsRecovery. Daten nicht sichtbar. du brauchst dich über malware nicht zu wundern, wer sein pc nicht mit updates versorgt...
__________________öffne malwarebytes, logdateien poste alle scan logs. • Starte bitte die OTL.exe • Kopiere nun das Folgende in die Textbox. :OTL O4 - HKCU..\Run: [Treemod] C:\Users\Andy\AppData\Roaming\Libtab\advjava.exe () :Files C:\Users\Andy\AppData\Roaming\Libtab :Commands [purity] [EMPTYFLASH] [emptytemp] [Reboot] • Schliesse bitte nun alle Programme. • Klicke nun bitte auf den Fix Button. • OTL kann gegebenfalls einen Neustart verlangen. Bitte dies zulassen. • Nach dem Neustart findest Du ein Textdokument, dessen inhalt in deiner nächsten antwort hier reinkopieren. lade unhide: http://www.trojaner-board.de/54791-a...ner-board.html
__________________ |
|
03.05.2011, 18:10
| #3 |
| | WindowsRecovery. Daten nicht sichtbar.Code:
ATTFilter All processes killed
========== OTL ==========
Registry value HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run\\Treemod deleted successfully.
C:\Users\Andy\AppData\Roaming\Libtab\advjava.exe moved successfully.
========== FILES ==========
C:\Users\Andy\AppData\Roaming\Libtab folder moved successfully.
========== COMMANDS ==========
[EMPTYFLASH]
User: All Users
User: Andy
->Flash cache emptied: 6811764 bytes
User: Default
->Flash cache emptied: 41620 bytes
User: Default User
->Flash cache emptied: 0 bytes
User: Mcx1
User: Mcx2
->Flash cache emptied: 583 bytes
User: Mcx3
User: Public
Total Flash Files Cleaned = 7,00 mb
[EMPTYTEMP]
User: All Users
User: Andy
->Temp folder emptied: 22045445 bytes
->Temporary Internet Files folder emptied: 63506422 bytes
->Java cache emptied: 74951868 bytes
->FireFox cache emptied: 42436252 bytes
->Apple Safari cache emptied: 188416 bytes
->Flash cache emptied: 0 bytes
User: Default
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 33170 bytes
->Flash cache emptied: 0 bytes
User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
->Flash cache emptied: 0 bytes
User: Mcx1
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 316376 bytes
User: Mcx2
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 3581768 bytes
->Flash cache emptied: 0 bytes
User: Mcx3
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 230512 bytes
User: Public
%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 0 bytes
%systemroot%\System32 .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 3085463625 bytes
RecycleBin emptied: 0 bytes
Total Files Cleaned = 3.140,00 mb
OTL by OldTimer - Version 3.2.22.3 log created on 05032011_183503
Files\Folders moved on Reboot...
Registry entries deleted on Reboot...
|
|
03.05.2011, 18:13
| #4 |
| /// Malware-holic | WindowsRecovery. Daten nicht sichtbar. machst du onlinebanking einkäufe oder sonst was wichtiges mit diesem pc?
__________________ -Verdächtige mails bitte an uns zur Analyse weiterleiten: markusg.trojaner-board@web.de Weiterleiten Anleitung: http://markusg.trojaner-board.de Mails bitte vorerst nach obiger Anleitung an markusg.trojaner-board@web.de Weiterleiten Wenn Ihr uns unterstützen möchtet |
|
03.05.2011, 21:16
| #5 |
| | WindowsRecovery. Daten nicht sichtbar. Nein ansich nicht |
|
04.05.2011, 10:17
| #6 |
| /// Malware-holic | WindowsRecovery. Daten nicht sichtbar. was heist an sich, du musst doch wissen ob die antwort ja oder nein lautet :-)
__________________ --> WindowsRecovery. Daten nicht sichtbar. |
|
04.05.2011, 13:27
| #7 |
| | WindowsRecovery. Daten nicht sichtbar. nein mach ich nicht |
|
04.05.2011, 14:19
| #8 |
| /// Malware-holic | WindowsRecovery. Daten nicht sichtbar. ok das war doch mal ne klare ansage :-) bitte erstelle und poste ein combofix log. Ein Leitfaden und Tutorium zur Nutzung von ComboFix
__________________ -Verdächtige mails bitte an uns zur Analyse weiterleiten: markusg.trojaner-board@web.de Weiterleiten Anleitung: http://markusg.trojaner-board.de Mails bitte vorerst nach obiger Anleitung an markusg.trojaner-board@web.de Weiterleiten Wenn Ihr uns unterstützen möchtet |
|
05.05.2011, 15:48
| #9 |
| | WindowsRecovery. Daten nicht sichtbar. Hallo. Erstmal danke für die Hilfe bislang. Wie lang kann es eigentlich dauern bis die Daten wieder sichtbar werden? Denn trotz unhide sehe ich sie noch nicht. Code:
ATTFilter ComboFix 11-05-04.04 - Andy 05.05.2011 15:58:12.1.4 - x86
Microsoft® Windows Vista™ Home Premium 6.0.6002.2.1252.49.1031.18.2046.917 [GMT 2:00]
ausgeführt von:: c:\users\Andy\Desktop\cofi.exe.exe
AV: AntiVir Desktop *Disabled/Updated* {090F9C29-64CE-6C6F-379C-5901B49A85B7}
SP: AntiVir Desktop *Disabled/Updated* {B26E7DCD-42F4-63E1-0D2C-6273CF1DCF0A}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
(((((((((((((((((((((((((((((((((((( Weitere Löschungen ))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\windows\system32\kungsfcnqdrcci.dat
.
.
((((((((((((((((((((((((((((((((((((((( Treiber/Dienste )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
-------\Legacy_kungsfaapatpqw
-------\Service_kungsfaapatpqw
.
.
((((((((((((((((((((((( Dateien erstellt von 2011-04-05 bis 2011-05-05 ))))))))))))))))))))))))))))))
.
.
2011-05-05 14:08 . 2011-05-05 14:08 -------- d-----w- c:\users\Mcx3\AppData\Local\temp
2011-05-05 14:08 . 2011-05-05 14:08 -------- d-----w- c:\users\Mcx2\AppData\Local\temp
2011-05-04 18:50 . 2011-05-04 18:52 -------- d-----w- c:\windows\system32\ca-ES
2011-05-04 18:50 . 2011-05-04 18:52 -------- d-----w- c:\windows\system32\eu-ES
2011-05-04 18:50 . 2011-05-04 18:52 -------- d-----w- c:\windows\system32\vi-VN
2011-05-04 16:41 . 2011-03-03 15:40 28672 ----a-w- c:\windows\system32\Apphlpdm.dll
2011-05-04 16:41 . 2011-03-03 13:35 4240384 ----a-w- c:\windows\system32\GameUXLegacyGDFs.dll
2011-05-04 16:34 . 2011-05-04 16:34 -------- d-----w- c:\windows\system32\EventProviders
2011-05-04 15:13 . 2008-05-27 04:59 18904 ----a-w- c:\windows\system32\StructuredQuerySchemaTrivial.bin
2011-05-04 15:04 . 2009-03-08 11:32 72704 ----a-w- c:\windows\system32\admparse.dll
2011-05-04 15:03 . 2009-04-11 05:03 12240896 ----a-w- c:\windows\system32\NlsLexicons0007.dll
2011-05-04 15:03 . 2009-04-11 06:28 1081344 ----a-w- c:\windows\system32\SLCExt.dll
2011-05-04 15:03 . 2009-04-11 06:27 3408896 ----a-w- c:\windows\system32\SLsvc.exe
2011-05-04 15:03 . 2009-04-11 06:28 2134528 ----a-w- c:\windows\system32\FunctionDiscoveryFolder.dll
2011-05-04 15:03 . 2009-04-11 06:27 65536 ----a-w- c:\windows\system32\DevicePairingWizard.exe
2011-05-04 15:03 . 2009-04-11 05:03 2644480 ----a-w- c:\windows\system32\NlsLexicons0009.dll
2011-05-04 15:03 . 2009-04-11 06:28 1480704 ----a-w- c:\windows\system32\mssrch.dll
2011-05-04 15:03 . 2009-04-11 06:28 1576960 ----a-w- c:\windows\system32\tquery.dll
2011-05-04 15:03 . 2009-04-11 06:28 1305600 ----a-w- c:\program files\Common Files\Microsoft Shared\ink\tipskins.dll
2011-05-04 15:03 . 2009-04-11 02:52 684032 ----a-w- c:\windows\system32\drivers\spsys.sys
2011-05-04 15:01 . 2009-04-11 06:28 274432 ----a-w- c:\windows\system32\bcrypt.dll
2011-05-04 15:00 . 2009-04-11 06:28 147456 ----a-w- c:\windows\system32\Faultrep.dll
2011-05-04 14:59 . 2009-11-08 08:55 99176 ----a-w- c:\windows\system32\PresentationHostProxy.dll
2011-05-04 14:58 . 2009-04-11 06:28 247808 ----a-w- c:\windows\system32\drvstore.dll
2011-05-04 14:51 . 2009-10-09 21:56 2048 ----a-w- c:\windows\system32\winrsmgr.dll
2011-05-04 14:36 . 2010-08-26 16:34 1696256 ----a-w- c:\windows\system32\gameux.dll
2011-05-04 14:35 . 2010-12-29 18:28 322560 ----a-w- c:\windows\system32\sbe.dll
2011-05-04 14:34 . 2010-09-06 16:20 125952 ----a-w- c:\windows\system32\srvsvc.dll
2011-05-04 14:34 . 2010-09-06 16:19 17920 ----a-w- c:\windows\system32\netevent.dll
2011-05-04 14:34 . 2010-10-28 13:20 2048 ----a-w- c:\windows\system32\tzres.dll
2011-05-04 14:34 . 2011-03-03 10:49 2409784 ----a-w- c:\program files\Windows Mail\OESpamFilter.dat
2011-05-04 14:34 . 2010-06-16 16:04 905088 ----a-w- c:\windows\system32\drivers\tcpip.sys
2011-05-04 14:29 . 2010-10-12 15:53 33280 ----a-w- c:\program files\Windows Mail\wabfind.dll
2011-05-04 14:29 . 2010-10-12 13:41 66048 ----a-w- c:\program files\Windows Mail\wabmig.exe
2011-05-04 14:29 . 2010-10-12 13:41 515584 ----a-w- c:\program files\Windows Mail\wab.exe
2011-05-04 14:29 . 2010-12-28 15:55 413696 ----a-w- c:\windows\system32\odbc32.dll
2011-05-04 14:29 . 2010-12-28 15:53 253952 ----a-w- c:\program files\Common Files\System\ado\msadox.dll
2011-05-04 14:29 . 2010-12-28 15:53 241664 ----a-w- c:\program files\Common Files\System\ado\msadomd.dll
2011-05-04 14:29 . 2010-12-28 15:53 708608 ----a-w- c:\program files\Common Files\System\ado\msado15.dll
2011-05-04 14:29 . 2010-12-28 15:53 57344 ----a-w- c:\program files\Common Files\System\msadc\msadcs.dll
2011-05-04 14:29 . 2010-12-28 15:53 180224 ----a-w- c:\program files\Common Files\System\msadc\msadco.dll
2011-05-04 14:28 . 2010-08-31 15:44 531968 ----a-w- c:\windows\system32\comctl32.dll
2011-05-04 14:28 . 2010-08-10 15:53 274944 ----a-w- c:\windows\system32\schannel.dll
2011-05-04 13:55 . 2011-05-04 13:55 -------- d-----w- C:\PerfLogs
2011-05-04 12:57 . 2011-05-04 12:57 -------- d-----w- c:\programdata\NVIDIA Corporation
2011-05-03 16:35 . 2011-05-03 17:06 -------- d-----w- C:\_OTL
2011-05-03 16:13 . 2011-04-14 16:40 142296 ----a-w- c:\program files\Mozilla Firefox\components\browsercomps.dll
2011-05-03 16:13 . 2011-04-14 16:40 781272 ----a-w- c:\program files\Mozilla Firefox\mozsqlite3.dll
2011-05-03 16:13 . 2011-04-14 16:40 1874904 ----a-w- c:\program files\Mozilla Firefox\mozjs.dll
2011-05-03 16:13 . 2011-04-14 16:40 89048 ----a-w- c:\program files\Mozilla Firefox\libEGL.dll
2011-05-03 16:13 . 2011-04-14 16:40 465880 ----a-w- c:\program files\Mozilla Firefox\libGLESv2.dll
2011-05-03 16:13 . 2011-04-14 16:40 15832 ----a-w- c:\program files\Mozilla Firefox\mozalloc.dll
2011-05-03 16:13 . 2010-01-01 08:00 1974616 ----a-w- c:\program files\Mozilla Firefox\D3DCompiler_42.dll
2011-05-03 16:13 . 2010-01-01 08:00 1892184 ----a-w- c:\program files\Mozilla Firefox\d3dx9_42.dll
2011-05-03 16:04 . 2011-04-18 07:15 7071056 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{06B3C64B-0361-4DFE-AA98-C9BA6EB06526}\mpengine.dll
2011-04-29 15:34 . 2011-04-29 15:34 1186056 ----a-w- c:\programdata\Microsoft\eHome\Packages\MCESpotlight\MCESpotlight\SpotlightResources.dll
2011-04-29 13:26 . 2011-04-29 13:26 -------- d-----w- c:\users\Andy\AppData\Roaming\Malwarebytes
2011-04-29 13:26 . 2011-04-29 13:26 -------- d-----w- c:\programdata\Malwarebytes
2011-04-29 13:26 . 2010-12-20 16:09 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2011-04-29 13:26 . 2011-04-29 13:40 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2011-04-29 13:26 . 2010-12-20 16:08 20952 ----a-w- c:\windows\system32\drivers\mbam.sys
.
.
.
(((((((((((((((((((((((((((((((((((( Find3M Bericht ))))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2011-05-04 13:38 . 2006-11-02 10:32 101888 ----a-w- c:\windows\system32\ifxcardm.dll
2011-05-04 13:37 . 2006-11-02 10:32 82432 ----a-w- c:\windows\system32\axaltocm.dll
2011-04-27 15:23 . 2009-07-16 09:16 137656 ----a-w- c:\windows\system32\drivers\avipbb.sys
2011-03-03 15:40 . 2011-05-04 16:41 173056 ----a-w- c:\windows\apppatch\AcXtrnal.dll
2011-03-03 15:40 . 2011-05-04 16:41 458752 ----a-w- c:\windows\apppatch\AcSpecfc.dll
2011-03-03 15:40 . 2011-05-04 16:41 542720 ----a-w- c:\windows\apppatch\AcLayers.dll
2011-03-03 15:40 . 2011-05-04 16:41 2159616 ----a-w- c:\windows\apppatch\AcGenral.dll
2011-04-14 16:40 . 2011-05-03 16:13 142296 ----a-w- c:\program files\mozilla firefox\components\browsercomps.dll
.
.
(((((((((((((((((((((((((((( Autostartpunkte der Registrierung ))))))))))))))))))))))))))))))))))))))))
.
.
*Hinweis* leere Einträge & legitime Standardeinträge werden nicht angezeigt.
REGEDIT4
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"WMPNSCFG"="c:\program files\Windows Media Player\WMPNSCFG.exe" [2008-01-18 202240]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Kernel and Hardware Abstraction Layer"="KHALMNPR.EXE" [2007-04-11 56080]
"Launch LGDCore"="c:\program files\Common Files\Logitech\G-series Software\LGDCore.exe" [2006-07-23 1126400]
"DefragTaskBar"="c:\program files\Ashampoo\Ashampoo Magical Defrag 2\bin\defragTaskBar.exe" [2007-08-28 169312]
"Logitech Hardware Abstraction Layer"="KHALMNPR.EXE" [2007-04-11 56080]
"Windows Mobile Device Center"="c:\windows\WindowsMobile\wmdc.exe" [2007-05-31 648072]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2008-10-15 39792]
"avgnt"="c:\program files\Avira\AntiVir Desktop\avgnt.exe" [2010-11-03 281768]
"HP Software Update"="c:\program files\HP\HP Software Update\HPWuSchd2.exe" [2011-01-12 49208]
"MobileConnect"="c:\program files\Vodafone\Vodafone Mobile Connect\Bin\MobileConnect.exe" [2009-09-11 2403840]
"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2010-05-14 248552]
"Malwarebytes' Anti-Malware (reboot)"="c:\program files\Malwarebytes' Anti-Malware\mbam.exe" [2010-12-20 963976]
"SoundMAXPnP"="c:\program files\Analog Devices\Core\smax4pnp.exe" [2007-06-06 1261568]
.
c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
HP Digital Imaging Monitor.lnk - c:\program files\HP\Digital Imaging\bin\hpqtra08.exe [2009-5-21 275768]
Logitech SetPoint.lnk - c:\program files\Logitech\SetPoint\SetPoint.exe [2008-3-4 805392]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"EnableUIADesktopToggle"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Svc]
"AntiVirusOverride"=dword:00000001
"AntiSpywareOverride"=dword:00000001
.
R2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384]
R3 CTUPnPSv;Creative Centrale Media Server;c:\program files\Creative\Creative Centrale\CTUPnPSv.exe [2008-05-21 64000]
R3 hwusbfake;Huawei DataCard USB Fake;c:\windows\system32\DRIVERS\ewusbfake.sys [2009-06-29 102912]
R3 WPFFontCache_v0400;Windows Presentation Foundation Font Cache 4.0.0.0;c:\windows\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe [2010-03-18 753504]
S0 mv61xx;mv61xx;c:\windows\system32\DRIVERS\mv61xx.sys [2007-06-15 143256]
S0 sfdrv01a;StarForce Protection Environment Driver (version 1.x.a);c:\windows\System32\drivers\sfdrv01a.sys [2006-07-05 63352]
S2 AntiVirSchedulerService;Avira AntiVir Planer;c:\program files\Avira\AntiVir Desktop\sched.exe [2011-04-27 136360]
S2 NPF_devolo;NetGroup Packet Filter Driver (devolo);c:\windows\system32\drivers\npf_devolo.sys [2009-07-13 35840]
S2 TomTomHOMEService;TomTomHOMEService;c:\program files\TomTom HOME 2\TomTomHOMEService.exe [2010-08-24 92008]
S2 VMCService;Vodafone Mobile Connect Service;c:\program files\Vodafone\Vodafone Mobile Connect\Bin\VMCService.exe [2009-09-11 9216]
S3 ewusbnet;HUAWEI USB-NDIS miniport;c:\windows\system32\DRIVERS\ewusbnet.sys [2009-06-29 112128]
.
.
--- Andere Dienste/Treiber im Speicher ---
.
*Deregistered* - BMLoad
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
WindowsMobile REG_MULTI_SZ wcescomm rapimgr
LocalServiceRestricted REG_MULTI_SZ WcesComm RapiMgr
HPZ12 REG_MULTI_SZ Pml Driver HPZ12 Net Driver HPZ12
hpdevmgmt REG_MULTI_SZ hpqcxs08 hpqddsvc
.
Inhalt des "geplante Tasks" Ordners
.
2011-05-05 c:\windows\Tasks\User_Feed_Synchronization-{FE96D7E8-71EB-4CBA-ABC7-CDCFEE1C5CE9}.job
- c:\windows\system32\msfeedssync.exe [2011-05-04 04:47]
.
.
------- Zusätzlicher Suchlauf -------
.
uStart Page = hxxp://start.icq.com/
LSP: bmnet.dll
FF - ProfilePath - c:\users\Andy\AppData\Roaming\Mozilla\Firefox\Profiles\2j35kolb.default\
FF - prefs.js: browser.search.selectedEngine - Google
FF - prefs.js: browser.startup.homepage - hxxp://www.google.de/
FF - prefs.js: keyword.URL - hxxp://search.icq.com/search/afe_results.php?ch_id=afex&tb_ver=1.1.9&q=
.
- - - - Entfernte verwaiste Registrierungseinträge - - - -
.
HKLM-Run-Launch LCDMon - c:\program files\Common Files\Logitech\LCD Manager\lcdmon.exe
HKLM-Run-WinampAgent - c:\program files\Winamp\winampa.exe
.
.
.
**************************************************************************
Scanne versteckte Prozesse...
.
Scanne versteckte Autostarteinträge...
.
Scanne versteckte Dateien...
.
Scan erfolgreich abgeschlossen
versteckte Dateien:
.
**************************************************************************
.
--------------------- Gesperrte Registrierungsschluessel ---------------------
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0001\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0002\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0003\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0004\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0005\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
--------------------- Durch laufende Prozesse gestartete DLLs ---------------------
.
- - - - - - - > 'lsass.exe'(684)
c:\windows\system32\bmnet.dll
.
- - - - - - - > 'Explorer.exe'(5832)
c:\program files\Logitech\SetPoint\GameHook.dll
c:\program files\Logitech\SetPoint\lgscroll.dll
.
------------------------ Weitere laufende Prozesse ------------------------
.
c:\windows\system32\nvvsvc.exe
c:\windows\system32\nvvsvc.exe
c:\windows\system32\AEADISRV.EXE
c:\program files\Avira\AntiVir Desktop\avguard.exe
c:\program files\Ashampoo\Ashampoo Magical Defrag 2\bin\aDefragService.exe
c:\program files\Avira\AntiVir Desktop\avshadow.exe
c:\progra~1\Ashampoo\ASHAMP~2\bin\DEFRAG~3.EXE
c:\progra~1\Ashampoo\ASHAMP~2\bin\defragActivityMonitor.exe
c:\program files\Creative\Shared Files\CTDevSrv.exe
c:\windows\system32\WUDFHost.exe
c:\windows\system32\conime.exe
c:\program files\Windows Media Player\wmplayer.exe
c:\program files\Windows Media Player\wmpnetwk.exe
c:\program files\Common Files\Logishrd\KHAL2\KHALMNPR.EXE
c:\program files\HP\Digital Imaging\bin\hpqSTE08.exe
c:\program files\HP\Digital Imaging\bin\hpqbam08.exe
c:\program files\HP\Digital Imaging\bin\hpqgpc01.exe
c:\program files\Vodafone\Vodafone Mobile Connect\Optimization Client\bmctl.exe
.
**************************************************************************
.
Zeit der Fertigstellung: 2011-05-05 16:21:51 - PC wurde neu gestartet
ComboFix-quarantined-files.txt 2011-05-05 14:21
.
Vor Suchlauf: 8 Verzeichnis(se), 193.023.389.696 Bytes frei
Nach Suchlauf: 11 Verzeichnis(se), 192.560.480.256 Bytes frei
.
- - End Of File - - 5C484D6701C118A6B02FFC5E34E1310D
|
|
05.05.2011, 16:20
| #10 |
| /// Malware-holic | WindowsRecovery. Daten nicht sichtbar. bitte öffne computer c: dort qooboxx dann rechtsklick auf quarantain ordner, mit winrar oder zip packen, hochladen. dateiupload: http://www.trojaner-board.de/54791-a...ner-board.html du musst mir das schon sagen wenn unhide oder nen anderes programm keinen erfolg bringt, woher soll ichs sonst wissen? rechtsklick unhide, als admin ausführen und warten bis es fertig ist.
__________________ -Verdächtige mails bitte an uns zur Analyse weiterleiten: markusg.trojaner-board@web.de Weiterleiten Anleitung: http://markusg.trojaner-board.de Mails bitte vorerst nach obiger Anleitung an markusg.trojaner-board@web.de Weiterleiten Wenn Ihr uns unterstützen möchtet |
|
05.05.2011, 17:06
| #11 |
| | WindowsRecovery. Daten nicht sichtbar. Ist hochgeladen. Meine Datein sind auch wieder sichtbar  . War mein Fehler man sollte auch mal lesen das dort steht |
|
05.05.2011, 17:36
| #12 |
| /// Malware-holic | WindowsRecovery. Daten nicht sichtbar. ja, das sag ich ja schon lange :d ne schön das es geklappt hatt. danke für den upload. lade den CCleaner slim: Piriform - Builds falls der CCleaner bereits instaliert, überspringen. instalieren, öffnen, extras, liste der instalierten programme, als txt speichern. öffnen. hinter, jedes von dir benötigte programm, schreibe notwendig. hinter, jedes, von dir nicht benötigte, unnötig. hinter, dir unbekannte, unbekannt. liste posten.
__________________ -Verdächtige mails bitte an uns zur Analyse weiterleiten: markusg.trojaner-board@web.de Weiterleiten Anleitung: http://markusg.trojaner-board.de Mails bitte vorerst nach obiger Anleitung an markusg.trojaner-board@web.de Weiterleiten Wenn Ihr uns unterstützen möchtet |
|
05.05.2011, 19:12
| #13 |
| | WindowsRecovery. Daten nicht sichtbar. Hier ist die Liste Code:
ATTFilter Adobe AIR Adobe Systems Inc. 22.01.2010 30,7MB 1.5.3.9120 notwendig
Adobe Flash Player 10 ActiveX Adobe Systems Incorporated 16.07.2010 10.1.53.64 notwendig
Adobe Flash Player 10 Plugin Adobe Systems Incorporated 06.11.2010 10.1.102.64 notwendig
Adobe Reader 8.1.6 - Deutsch Adobe Systems Incorporated 25.06.2009 8.1.6 notwendig
AGEIA PhysX v7.09.13 AGEIA Technologies, Inc. 03.03.2008 99,6MB 7.09.13 unbekannt
Ashampoo Magical Defrag 2 ashampoo GmbH & Co. KG 03.03.2008 8,28MB notwendig
Avira AntiVir Personal - Free Antivirus Avira GmbH 26.04.2011 131,0MB 10.0.0.648 notwendig
CCleaner Piriform 04.05.2011 3,63MB 3.06 notwendig
Creative Centrale Creative Technology Ltd. 27.01.2010 15,1MB 1.16.02 notwendig
Creative ZEN X-Fi Video Converter Creative Technology Ltd. 30.12.2009 2,51MB notwendig
Creative ZEN X-Fi-Benutzerhandbuch Creative Technology Ltd. 27.01.2010 3,12MB notwendig
devolo dLAN-Konfigurationsassistent devolo AG 05.08.2010 19.0.0.0 notwendig
devolo Informer devolo AG 05.08.2010 27.0.0.0 notwendig
Host OpenAL (ADI) 04.03.2008 unbekannt
HP Customer Participation Program 13.0 HP 22.01.2010 183,6MB 13.0 notwendig
HP Imaging Device Functions 13.0 HP 22.01.2010 3,36MB 13.0 notwendig
HP Photosmart C4600 All-In-One Driver Software 13.0 Rel .5 HP 22.01.2010 21,8MB 13.0 notwendig
HP Print Projects 1.0 HP 22.01.2010 3,29MB 1.0 notwendig
HP Smart Web Printing 4.60 HP 23.01.2010 26,3MB 4.60 notwendig
HP Solution Center 13.0 HP 22.01.2010 3,45MB 13.0 notwendig
HP Update Hewlett-Packard 29.03.2011 3,97MB 5.002.007.004 notwendig
Java(TM) 6 Update 24 Sun Microsystems, Inc. 24.11.2008 94,4MB 6.0.240 unbekannt
Java(TM) 6 Update 7 Sun Microsystems, Inc. 15.07.2008 136,2MB 1.6.0.70 unbekannt
Logitech G11 Keyboard Software 1.03 Logitech 03.03.2008 1,90MB 1.3.166.0 notwendig
Logitech SetPoint Logitech 12.10.2008 17,6MB 4.60 notwendig
Malwarebytes' Anti-Malware Malwarebytes Corporation 28.04.2011 4,81MB notwendig
marvell 61xx Marvell 03.03.2008 0,29MB 1.2.0.46 unbekannt
Microsoft .NET Framework 1.1 09.03.2008 unbekannt
Microsoft .NET Framework 3.5 Language Pack SP1 - DEU Microsoft Corporation 23.08.2009 37,0MB unbekannt
Microsoft .NET Framework 3.5 SP1 Microsoft Corporation 21.08.2009 37,0MB unbekannt
Microsoft .NET Framework 4 Client Profile Microsoft Corporation 04.05.2011 120,3MB 4.0.30319 unbekannt
Microsoft Office Home and Student 2007 Microsoft Corporation 08.10.2009 294MB 12.0.6425.1000 notwendig
Microsoft Silverlight Microsoft Corporation 26.04.2011 4.0.60310.0 unbekannt
Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053 Microsoft Corporation 28.07.2009 0,25MB 8.0.50727.4053 unbekannt
Microsoft Visual C++ 2005 Redistributable Microsoft Corporation 08.03.2008 0,41MB 8.0.56336 unbekannt
Microsoft Visual C++ 2005 Redistributable - KB2467175 Microsoft Corporation 03.05.2011 0,29MB 8.0.51011 unbekannt
Microsoft Visual C++ 2008 ATL Update kb973924 - x86 9.0.30729.4148 Microsoft Corporation 28.07.2009 0,19MB 9.0.30729.4148 unbekannt
Microsoft Visual C++ 2008 Redistributable - KB2467174 - x86 9.0.30729.5570 Microsoft Corporation 03.05.2011 0,58MB 9.0.30729.5570 unbekannt
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 Microsoft Corporation 15.07.2009 0,58MB 9.0.30729 unbekannt
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 Microsoft Corporation 25.03.2010 0,58MB 9.0.30729.4148 unbekannt
Microsoft WSE 3.0 Runtime Microsoft Corp. 13.12.2009 0,92MB 3.0.5305.0 unbekannt
Mozilla Firefox 4.0.1 (x86 de) Mozilla 02.05.2011 38,2MB 4.0.1 notwendig
MSXML 4.0 SP2 (KB936181) Microsoft Corporation 31.05.2008 1,27MB 4.20.9848.0 unbekannt
MSXML 4.0 SP2 (KB941833) Microsoft Corporation 02.06.2008 1,27MB 4.20.9849.0 unbekannt
MSXML 4.0 SP2 (KB954430) Microsoft Corporation 12.11.2008 1,28MB 4.20.9870.0 unbekannt
MSXML 4.0 SP2 (KB973688) Microsoft Corporation 26.11.2009 1,34MB 4.20.9876.0 unbekannt
Music Transfer Sony Corporation 03.09.2009 82,8MB 1.3.00.11130 unnötig
Notepad++ 15.01.2009 7,07MB unbekannt
NVIDIA Display Control Panel NVIDIA Corporation 03.05.2011 40,6MB 6.14.12.5896 unbekannt
NVIDIA Drivers NVIDIA Corporation 03.05.2011 1.10.62.40 unbekannt
NVIDIA ForceWare Network Access Manager NVIDIA Corporation 03.03.2008 14,8MB 1.00.6767 unbekannt
PunkBuster Services Even Balance, Inc. 08.03.2008 0.986 unbekannt
RollerCoaster Tycoon 3 Atari 04.01.2011 1.362MB unnötig
SAMSUNG Mobile Modem Driver Set 30.05.2008 unnötig
Samsung Mobile phone USB driver Software 30.05.2008 unnötig
SAMSUNG Mobile USB Modem 1.0 Software 30.05.2008 unnötig
SAMSUNG Mobile USB Modem Software 30.05.2008 unnötig
SereneScreen Marine Aquarium Crystal Prolific Publishing, Inc. 03.03.2008 0,79MB 1.0 unnötig
Shop for HP Supplies HP 22.01.2010 183,6MB 13.0 notwendig
Sony Picture Utility Sony Corporation 03.09.2009 245MB 4.2.01.15030 notwendig
SoundMAX Analog Devices 04.03.2008 3,60MB 6.10.1.6270 notwendig
Spelling Dictionaries Support For Adobe Reader 8 Adobe Systems 30.12.2008 32,5MB 8.0.0 unbekannt
TmNationsForever Nadeo 26.04.2008 717MB notwendig
TmUnitedForever Update 2010-03-15 Nadeo 27.04.2010 1.691MB notwendig
TomTom HOME 2.7.6.2056 TomTom 18.11.2010 48,7MB 2.7.6.2056 notwendig
TomTom HOME Visual Studio Merge Modules TomTom International B.V. 23.12.2009 1,88MB 1.0.2 notwendig
TrackMania Sunrise Extreme 1.5.1 Nadeo 06.08.2008 861MB notwendig
Vodafone Mobile Connect Lite Vodafone 15.07.2010 25,7MB 9.4.3.17550 notwendig
Webcam Surveyor 1.7.5 El Software Solutions 20.03.2008 2,64MB unnötig
Windows Live Anmelde-Assistent Microsoft Corporation 04.03.2009 1,93MB 5.000.818.6 unbekannt
Windows Live Essentials Microsoft Corporation 20.12.2009 82,8MB 14.0.8089.0726 unbekannt
Windows Live-Uploadtool Microsoft Corporation 20.12.2009 0,22MB 14.0.8014.1029 unbekannt
Windows Mobile-Gerätecenter Microsoft Corporation 31.05.2008 27,5MB 6.1.6965.0 unbekannt
WinRAR 30.04.2008 3,66MB notwendig
Geändert von Kehly (05.05.2011 um 19:18 Uhr) |
|
09.05.2011, 10:40
| #14 |
| | WindowsRecovery. Daten nicht sichtbar. hallo markusg und wie geht es jetzt weiter |
|
09.05.2011, 12:18
| #15 |
| /// Malware-holic | WindowsRecovery. Daten nicht sichtbar. sorry hab ich wohl übersehen Adobe Reader 8.1.6 deinstaliere. Adobe - Adobe Reader herunterladen - Alle Versionen nimm den haken bei mcafee security scan raus. öffne den adobe reader, bearbeiten, voreinstellungen, javascript, dort den haken raus, internet, ebenfalls alle haken raus. so werden keine pdfs mehr automatisch geladen und es kann dir kein schadcode mehr auf diese weise untergeschoben werden. unter allgemein, nur zertifizierte zusatzmodule verwenden anhaken. unter update, auf instalieren stellen. klicke übernehmen /ok deinstaliere. Microsoft Silverlight Java(TM) 6 Update 7 Music Transfer Notepad++ RollerCoaster Webcam bereinige mit dem ccleaner.
__________________ -Verdächtige mails bitte an uns zur Analyse weiterleiten: markusg.trojaner-board@web.de Weiterleiten Anleitung: http://markusg.trojaner-board.de Mails bitte vorerst nach obiger Anleitung an markusg.trojaner-board@web.de Weiterleiten Wenn Ihr uns unterstützen möchtet |
|
| Themen zu WindowsRecovery. Daten nicht sichtbar. |
| 32 bit, antivir, avgntflt.sys, avira, bonjour, browser, call of duty, desktop, device driver, error, excel, fehler, flash player, google, helper, home, install.exe, keygen, launch, location, logfile, microsoft office word, mozilla, nicht sichtbar, nvlddmkm.sys, office 2007, oldtimer, plug-in, programm, registry, searchplugins, security, security update, senden, shell32.dll, shortcut, software, start menu, studio, svchost.exe, updates, usb, vista, visual studio, vodafone |
Linear-Darstellung
