Trojaner-Board

Trojaner-Board (https://www.trojaner-board.de/)
-   Plagegeister aller Art und deren Bekämpfung (https://www.trojaner-board.de/plagegeister-aller-art-deren-bekaempfung/)
-   -   sshnas21.dll - TR/Crypt.XPACK.gen3 - win7/64bit -- weiß nicht weiter ? (https://www.trojaner-board.de/92764-sshnas21-dll-tr-crypt-xpack-gen3-win7-64bit-weiss.html)

Maschi 12.11.2010 03:19
sshnas21.dll - TR/Crypt.XPACK.gen3 - win7/64bit -- weiß nicht weiter ?
 
Hallo Leute,

ich brauch mal wieder eure Hilfe :daumenhoc

Hatte vorhin eine Virus-Warnung nach der anderen von AntiVir, das ging im Minutentakt, bestimmt 15 Meldungen waren das.
Immer dieser "TR/Crypt.XPACK.gen3" und immer im selben Ordner war die Datei, die hatte immer nur einen anderen Namen: Anfangs "Oxx.exe" und dann mal "Oxt.exe" und immer so weiter ... zwischendrin kamen mal 2 andere Viren Meldungen, habe die natürlich wie empfohlen alle in die Quarantäne gesteckt.

Hab dann den Rechner neu hochgefahren und aufeinmal kam die Meldung:

Problem mit "sshnas21.dll" (Genauen Wortlaut weiß ich nicht mehr) ...
und meine Minianwendungen von Win7 funktionieren nicht mehr (Uhr, Kalender, etc. ).

Habe darauf hin Malwarebytes laufen lassen, hat 8 Infizierungen gefunden, neu gestartet und siehe da, die Meldung ist weg ABER meine Minianwendungen funktionieren immer nocht nicht.
Nicht das ich die brauche aber das bedeutet doch das immer noch was hier ist oder ???

Ich füge mal den Logfile von Malwarebytes, ein HiJackThis-File und die 2 OTL-Logs an (Ich hoffe es ist richtig das ich das als Zitat mache):

HiJackthis Logfile:
HiJackthis Logfile:
Code:
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 03:14:11, on 12.11.2010
Platform: Unknown Windows (WinNT 6.01.3504)
MSIE: Internet Explorer v8.00 (8.00.7600.16671)
Boot mode: Normal

Running processes:
C:\Program Files (x86)\Common Files\LightScribe\LightScribeControlPanel.exe
C:\ProgramData\Macrovision\FLEXnet Connect\6\ISUSPM.exe
C:\Program Files (x86)\Hp\HP Software Update\hpwuschd2.exe
C:\Program Files (x86)\DivX\DivX Update\DivXUpdate.exe
C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe
C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
C:\Users\Tom Morris\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Tom Morris\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Trend Micro\HijackThis\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://g.uk.msn.com/HPNOT/4
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://g.uk.msn.com/HPNOT/4
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://g.uk.msn.com/HPNOT/4
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = hxxp://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://g.uk.msn.com/HPNOT/4
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
F2 - REG:system.ini: UserInit=C:\Windows\system32\userinit.exe
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: Search Helper - {6EBF7485-159F-4bff-A14F-B9E3AAC4465B} - C:\Program Files (x86)\Microsoft\Search Enhancement Pack\Search Helper\SEPsearchhelperie.dll
O2 - BHO: SkypeIEPluginBHO - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
O2 - BHO: (no name) - {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - (no file)
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll
O3 - Toolbar: (no name) - {8dcb7100-df86-4384-8842-8fa844297b3f} - (no file)
O4 - HKLM\..\Run: [StartCCC] "C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" MSRun
O4 - HKLM\..\Run: [Microsoft Default Manager] "C:\Program Files (x86)\Microsoft\Search Enhancement Pack\Default Manager\DefMgr.exe" -resume
O4 - HKLM\..\Run: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [HP Software Update] C:\Program Files (x86)\Hp\HP Software Update\HPWuSchd2.exe
O4 - HKLM\..\Run: [DivXUpdate] "C:\Program Files (x86)\DivX\DivX Update\DivXUpdate.exe" /CHECKNOW
O4 - HKLM\..\Run: [avgnt] "C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe" /min
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"
O4 - HKCU\..\Run: [LightScribe Control Panel] C:\Program Files (x86)\Common Files\LightScribe\LightScribeControlPanel.exe -hidden
O4 - HKCU\..\Run: [ISUSPM] "C:\ProgramData\Macrovision\FLEXnet Connect\6\ISUSPM.exe" -scheduler
O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun (User 'LOKALER DIENST')
O4 - HKUS\S-1-5-19\..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (User 'LOKALER DIENST')
O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun (User 'NETZWERKDIENST')
O4 - HKUS\S-1-5-20\..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (User 'NETZWERKDIENST')
O9 - Extra button: @C:\Windows\WindowsMobile\INetRepl.dll,-222 - {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - C:\Windows\WindowsMobile\INetRepl.dll
O9 - Extra button: (no name) - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\Windows\WindowsMobile\INetRepl.dll
O9 - Extra 'Tools' menuitem: @C:\Windows\WindowsMobile\INetRepl.dll,-223 - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\Windows\WindowsMobile\INetRepl.dll
O9 - Extra button: Skype add-on for Internet Explorer - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
O9 - Extra 'Tools' menuitem: Skype add-on for Internet Explorer - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
O13 - Gopher Prefix:
O18 - Protocol: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~2\COMMON~1\Skype\SKYPE4~1.DLL
O23 - Service: SAS Core Service (!SASCORE) - Unknown owner - C:\Program Files\SUPERAntiSpyware\SASCORE64.EXE (file missing)
O23 - Service: Andrea RT Filters Service (AERTFilters) - Andrea Electronics Corporation - C:\Program Files\Realtek\Audio\HDA\AERTSr64.exe
O23 - Service: @%SystemRoot%\system32\Alg.exe,-112 (ALG) - Unknown owner - C:\Windows\System32\alg.exe (file missing)
O23 - Service: AMD External Events Utility - Unknown owner - C:\Windows\system32\atiesrxx.exe (file missing)
O23 - Service: Avira AntiVir Planer (AntiVirSchedulerService) - Avira GmbH - C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe
O23 - Service: Avira AntiVir Guard (AntiVirService) - Avira GmbH - C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe
O23 - Service: @%SystemRoot%\system32\efssvc.dll,-100 (EFS) - Unknown owner - C:\Windows\System32\lsass.exe (file missing)
O23 - Service: Easybits Services for Windows (ezSharedSvc) - EasyBits Software AS - C:\Windows\System32\ezSharedSvcHost.exe
O23 - Service: @%systemroot%\system32\fxsresm.dll,-118 (Fax) - Unknown owner - C:\Windows\system32\fxssvc.exe (file missing)
O23 - Service: HP Health Check Service - Hewlett-Packard - C:\Program Files (x86)\Hewlett-Packard\HP Health Check\hphc_service.exe
O23 - Service: HP Wireless Assistant Service - Hewlett-Packard - C:\Program Files\Hewlett-Packard\HP Wireless Assistant\HPWA_Service.exe
O23 - Service: HP Quick Synchronization Service (HPDrvMntSvc.exe) - Hewlett-Packard Company - C:\Program Files (x86)\Hewlett-Packard\Shared\HPDrvMntSvc.exe
O23 - Service: HP Software Framework Service (hpqwmiex) - Hewlett-Packard Company - C:\Program Files (x86)\Hewlett-Packard\Shared\hpqwmiex.exe
O23 - Service: HPWMISVC - Unknown owner - C:\Program Files\Hewlett-Packard\HP Quick Launch\HPWMISVC.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files (x86)\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe
O23 - Service: @keyiso.dll,-100 (KeyIso) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files (x86)\Common Files\LightScribe\LSSrvc.exe
O23 - Service: @comres.dll,-2797 (MSDTC) - Unknown owner - C:\Windows\System32\msdtc.exe (file missing)
O23 - Service: @%SystemRoot%\System32\netlogon.dll,-102 (Netlogon) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: @%systemroot%\system32\psbase.dll,-300 (ProtectedStorage) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: @%systemroot%\system32\Locator.exe,-2 (RpcLocator) - Unknown owner - C:\Windows\system32\locator.exe (file missing)
O23 - Service: @%SystemRoot%\system32\samsrv.dll,-1 (SamSs) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: @%SystemRoot%\system32\snmptrap.exe,-3 (SNMPTRAP) - Unknown owner - C:\Windows\System32\snmptrap.exe (file missing)
O23 - Service: @%systemroot%\system32\spoolsv.exe,-1 (Spooler) - Unknown owner - C:\Windows\System32\spoolsv.exe (file missing)
O23 - Service: @%SystemRoot%\system32\sppsvc.exe,-101 (sppsvc) - Unknown owner - C:\Windows\system32\sppsvc.exe (file missing)
O23 - Service: @%SystemRoot%\system32\ui0detect.exe,-101 (UI0Detect) - Unknown owner - C:\Windows\system32\UI0Detect.exe (file missing)
O23 - Service: @%SystemRoot%\system32\vaultsvc.dll,-1003 (VaultSvc) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: @%SystemRoot%\system32\vds.exe,-100 (vds) - Unknown owner - C:\Windows\System32\vds.exe (file missing)
O23 - Service: @%systemroot%\system32\vssvc.exe,-102 (VSS) - Unknown owner - C:\Windows\system32\vssvc.exe (file missing)
O23 - Service: @%systemroot%\system32\wbengine.exe,-104 (wbengine) - Unknown owner - C:\Windows\system32\wbengine.exe (file missing)
O23 - Service: @%Systemroot%\system32\wbem\wmiapsrv.exe,-110 (wmiApSrv) - Unknown owner - C:\Windows\system32\wbem\WmiApSrv.exe (file missing)
O23 - Service: @%PROGRAMFILES%\Windows Media Player\wmpnetwk.exe,-101 (WMPNetworkSvc) - Unknown owner - C:\Program Files (x86)\Windows Media Player\wmpnetwk.exe (file missing)

--
End of file - 9473 bytes
--- --- ---

--- --- ---


Zitat:
Malwarebytes' Anti-Malware 1.46
www.malwarebytes.org

Datenbank Version: 5096

Windows 6.1.7600
Internet Explorer 8.0.7600.16385

12.11.2010 00:47:26
mbam-log-2010-11-12 (00-47-26).txt

Art des Suchlaufs: Vollständiger Suchlauf (C:\|D:\|E:\|F:\|)
Durchsuchte Objekte: 320762
Laufzeit: 45 Minute(n), 40 Sekunde(n)

Infizierte Speicherprozesse: 0
Infizierte Speichermodule: 0
Infizierte Registrierungsschlüssel: 4
Infizierte Registrierungswerte: 1
Infizierte Dateiobjekte der Registrierung: 0
Infizierte Verzeichnisse: 0
Infizierte Dateien: 3

Infizierte Speicherprozesse:
(Keine bösartigen Objekte gefunden)

Infizierte Speichermodule:
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungsschlüssel:
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Handle (Malware.Trace) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\NtWqIVLZEWZU (Trojan.FakeAlert) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\U36VRSFLG6 (Trojan.FakeAlert) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\XML (Trojan.FakeAlert) -> Quarantined and deleted successfully.

Infizierte Registrierungswerte:
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\metropolis (Trojan.FakeAlert) -> Quarantined and deleted successfully.

Infizierte Dateiobjekte der Registrierung:
(Keine bösartigen Objekte gefunden)

Infizierte Verzeichnisse:
(Keine bösartigen Objekte gefunden)

Infizierte Dateien:
C:\Windows\Tasks\{22116563-108C-42c0-A7CE-60161B75E508}.job (Trojan.Downloader) -> Quarantined and deleted successfully.
C:\Windows\Tasks\{62C40AA6-4406-467a-A5A5-DFDF1B559B7A}.job (Trojan.FakeAlert) -> Quarantined and deleted successfully.
C:\Windows\Tasks\{BBAEAEAF-1275-40e2-BD6C-BC8F88BD114A}.job (Trojan.Downloader) -> Quarantined and deleted successfully.
OTL Logfile:
Code:
OTL logfile created on: 12.11.2010 03:37:13 - Run 1
OTL by OldTimer - Version 3.2.9.1    Folder = C:\Users\Tom Morris\Desktop
64bit- Home Premium Edition  (Version = 6.1.7600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.7600.16385)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
 
4,00 Gb Total Physical Memory | 3,00 Gb Available Physical Memory | 68,00% Memory free
8,00 Gb Paging File | 7,00 Gb Available in Paging File | 81,00% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 451,46 Gb Total Space | 167,50 Gb Free Space | 37,10% Space Free | Partition Type: NTFS
Drive D: | 14,00 Gb Total Space | 2,01 Gb Free Space | 14,34% Space Free | Partition Type: NTFS
Drive E: | 99,02 Mb Total Space | 91,86 Mb Free Space | 92,76% Space Free | Partition Type: FAT32
F: Drive not present or media not loaded
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded
 
Computer Name: TOMMORRIS-PC
Current User Name: Tom Morris
Logged in as Administrator.
 
Current Boot Mode: Normal
Scan Mode: Current user
Include 64bit Scans
Company Name Whitelist: Off
Skip Microsoft Files: Off
File Age = 30 Days
Output = Minimal
 
========== Processes (SafeList) ==========
 
PRC - C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe (Avira GmbH)
PRC - C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe (Avira GmbH)
PRC - C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe (Avira GmbH)
PRC - C:\Program Files (x86)\DivX\DivX Update\DivXUpdate.exe ()
PRC - C:\Users\Tom Morris\Desktop\OTL.exe (OldTimer Tools)
PRC - C:\Program Files (x86)\Hewlett-Packard\Shared\HPDrvMntSvc.exe (Hewlett-Packard Company)
PRC - C:\Windows\SysWOW64\ezSharedSvcHost.exe (EasyBits Software AS)
PRC - C:\Program Files (x86)\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe (Microsoft Corporation)
PRC - C:\ProgramData\Macrovision\FLEXnet Connect\6\ISUSPM.exe (Macrovision Corporation)
 
 
========== Modules (SafeList) ==========
 
MOD - C:\Windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7600.16661_none_420fe3fa2b8113bd\comctl32.dll (Microsoft Corporation)
MOD - C:\Users\Tom Morris\Desktop\OTL.exe (OldTimer Tools)
MOD - C:\Windows\SysWOW64\msscript.ocx (Microsoft Corporation)
 
 
========== Win32 Services (SafeList) ==========
 
SRV:64bit: - (ezSharedSvc) -- C:\Windows\SysNative\ezSharedSvcHost.exe File not found
SRV:64bit: - (!SASCORE) -- C:\Program Files\SUPERAntiSpyware\SASCORE64.EXE File not found
SRV:64bit: - (AMD External Events Utility) -- C:\Windows\SysNative\atiesrxx.exe (AMD)
SRV:64bit: - (HP Wireless Assistant Service) -- C:\Program Files\Hewlett-Packard\HP Wireless Assistant\HPWA_Service.exe (Hewlett-Packard)
SRV - (AntiVirService) -- C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe (Avira GmbH)
SRV - (AntiVirSchedulerService) -- C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe (Avira GmbH)
SRV - (HPDrvMntSvc.exe) -- C:\Program Files (x86)\Hewlett-Packard\Shared\HPDrvMntSvc.exe (Hewlett-Packard Company)
SRV - (HPWMISVC) -- C:\Programme\Hewlett-Packard\HP Quick Launch\HPWMISVC.exe ()
SRV - (SeaPort) -- C:\Program Files (x86)\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe (Microsoft Corporation)
SRV - (AERTFilters) -- C:\Programme\Realtek\Audio\HDA\AERTSr64.exe (Andrea Electronics Corporation)
SRV - (WcesComm) -- C:\Windows\WindowsMobile\wcescomm.dll (Microsoft Corporation)
SRV - (RapiMgr) -- C:\Windows\WindowsMobile\rapimgr.dll (Microsoft Corporation)
 
 
========== Driver Services (SafeList) ==========
 
DRV:64bit: - (avgntflt) -- C:\Windows\SysNative\drivers\avgntflt.sys (Avira GmbH)
DRV:64bit: - (BCM43XX) -- C:\Windows\SysNative\drivers\BCMWL664.SYS (Broadcom Corporation)
DRV:64bit: - (amdkmdag) -- C:\Windows\SysNative\drivers\atipmdag.sys (ATI Technologies Inc.)
DRV:64bit: - (amdkmdap) -- C:\Windows\SysNative\drivers\atikmpag.sys (Advanced Micro Devices, Inc.)
DRV:64bit: - (SynTP) -- C:\Windows\SysNative\drivers\SynTP.sys (Synaptics Incorporated)
DRV:64bit: - (SL3) -- C:\Windows\SysNative\drivers\Sl3.sys (Cristalink Ltd)
DRV:64bit: - (RTL8167) -- C:\Windows\SysNative\drivers\Rt64win7.sys (Realtek                                            )
DRV:64bit: - (AtiHdmiService) -- C:\Windows\SysNative\drivers\AtiHdmi.sys (ATI Technologies, Inc.)
DRV:64bit: - (avipbb) -- C:\Windows\SysNative\drivers\avipbb.sys (Avira GmbH)
DRV:64bit: - (usbfilter) -- C:\Windows\SysNative\drivers\usbfilter.sys (Advanced Micro Devices)
DRV:64bit: - (amdsata) -- C:\Windows\SysNative\drivers\amdsata.sys (Advanced Micro Devices)
DRV:64bit: - (amdxata) -- C:\Windows\SysNative\drivers\amdxata.sys (Advanced Micro Devices)
DRV:64bit: - (MADFUCONECTIV) -- C:\Windows\SysNative\drivers\MAudioConectiv_DFU.sys (M-Audio)
DRV:64bit: - (MAUSBCONECTIV) -- C:\Windows\SysNative\drivers\MAudioConectiv.sys (Avid Technology, Inc.)
DRV:64bit: - (RSUSBSTOR) -- C:\Windows\SysNative\drivers\RtsUStor.sys (Realtek Semiconductor Corp.)
DRV:64bit: - (AtiPcie) AMD PCI Express (3GIO) -- C:\Windows\SysNative\drivers\AtiPcie.sys (Advanced Micro Devices Inc.)
DRV:64bit: - (amdsbs) -- C:\Windows\SysNative\drivers\amdsbs.sys (AMD Technologies Inc.)
DRV:64bit: - (LSI_SAS2) -- C:\Windows\SysNative\drivers\lsi_sas2.sys (LSI Corporation)
DRV:64bit: - (HpSAMD) -- C:\Windows\SysNative\drivers\HpSAMD.sys (Hewlett-Packard Company)
DRV:64bit: - (stexstor) -- C:\Windows\SysNative\drivers\stexstor.sys (Promise Technology)
DRV:64bit: - (usb_rndisx) -- C:\Windows\SysNative\drivers\usb8023x.sys (Microsoft Corporation)
DRV:64bit: - (sdbus) -- C:\Windows\SysNative\drivers\sdbus.sys (Microsoft Corporation)
DRV:64bit: - (SrvHsfV92) -- C:\Windows\SysNative\drivers\VSTDPV6.SYS (Conexant Systems, Inc.)
DRV:64bit: - (SrvHsfWinac) -- C:\Windows\SysNative\drivers\VSTCNXT6.SYS (Conexant Systems, Inc.)
DRV:64bit: - (SrvHsfHDA) -- C:\Windows\SysNative\drivers\VSTAZL6.SYS (Conexant Systems, Inc.)
DRV:64bit: - (Ntfs) -- C:\Windows\SysNative\wbem\ntfs.mof ()
DRV:64bit: - (igfx) -- C:\Windows\SysNative\drivers\igdkmd64.sys (Intel Corporation)
DRV:64bit: - (netr28x) -- C:\Windows\SysNative\drivers\netr28x.sys (Ralink Technology, Corp.)
DRV:64bit: - (yukonw7) -- C:\Windows\SysNative\drivers\yk62x64.sys (Marvell)
DRV:64bit: - (netw5v64) Intel(R) -- C:\Windows\SysNative\drivers\netw5v64.sys (Intel Corporation)
DRV:64bit: - (ebdrv) -- C:\Windows\SysNative\drivers\evbda.sys (Broadcom Corporation)
DRV:64bit: - (b06bdrv) -- C:\Windows\SysNative\drivers\bxvbda.sys (Broadcom Corporation)
DRV:64bit: - (b57nd60a) -- C:\Windows\SysNative\drivers\b57nd60a.sys (Broadcom Corporation)
DRV:64bit: - (hcw85cir) -- C:\Windows\SysNative\drivers\hcw85cir.sys (Hauppauge Computer Works, Inc.)
DRV:64bit: - (hwdatacard) -- C:\Windows\SysNative\drivers\ewusbmdm.sys (Huawei Technologies Co., Ltd.)
DRV - (RSUSBSTOR) -- C:\Windows\SysWOW64\drivers\RtsUStor.sys (Realtek Semiconductor Corp.)
 
 
========== Standard Registry (SafeList) ==========
 
 
========== Internet Explorer ==========
 
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://g.uk.msn.com/HPNOT/4
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://g.uk.msn.com/HPNOT/4
 
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://g.uk.msn.com/HPNOT/4
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://g.uk.msn.com/HPNOT/4
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
========== FireFox ==========
 
FF - prefs.js..browser.startup.homepage: "hxxp://www.dancetrippin.tv/"
FF - prefs.js..extensions.enabledItems: {27182e60-b5f3-411c-b545-b44205977502}:1.0
FF - prefs.js..extensions.enabledItems: {BBDA0591-3099-440a-AA10-41764D9DB4DB}:2.0
FF - prefs.js..extensions.enabledItems: {2D3F3651-74B9-4795-BDEC-6DA2F431CB62}:4.6
FF - prefs.js..extensions.enabledItems: {c50ca3c4-5656-43c2-a061-13e717f73fc8}:3.2.3
FF - prefs.js..extensions.enabledItems: {35379F86-8CCB-4724-AE33-4278DE266C70}:1.0.5
 
FF - HKLM\software\mozilla\Firefox\Extensions\\msntoolbar@msn.com: C:\Program Files (x86)\MSN Toolbar\Platform\4.0.0369.0\Firefox
FF - HKLM\software\mozilla\Firefox\Extensions\\{27182e60-b5f3-411c-b545-b44205977502}: C:\Program Files (x86)\Microsoft\Search Enhancement Pack\Search Helper\firefoxextension\SearchHelperExtension\ [2010.07.07 05:05:03 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.6.8\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2010.08.30 12:19:01 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.6.8\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins [2010.10.10 00:58:03 | 000,000,000 | ---D | M]
 
[2010.08.30 12:20:07 | 000,000,000 | ---D | M] -- C:\Users\Tom Morris\AppData\Roaming\mozilla\Extensions
[2010.10.28 15:53:13 | 000,000,000 | ---D | M] -- C:\Users\Tom Morris\AppData\Roaming\mozilla\Firefox\Profiles\f2akp1hm.default\extensions
[2010.08.30 12:22:15 | 000,000,000 | ---D | M] (Fast Video Download (with SearchMenu)) -- C:\Users\Tom Morris\AppData\Roaming\mozilla\Firefox\Profiles\f2akp1hm.default\extensions\{c50ca3c4-5656-43c2-a061-13e717f73fc8}
[2010.11.07 16:01:20 | 000,000,000 | ---D | M] -- C:\Program Files (x86)\Mozilla Firefox\extensions
[2010.10.12 17:03:47 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA}
[2010.11.07 16:01:20 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}
[2010.09.15 04:50:38 | 000,472,808 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files (x86)\Mozilla Firefox\plugins\npdeployJava1.dll
[2010.07.23 01:48:56 | 000,001,392 | ---- | M] () -- C:\Program Files (x86)\Mozilla Firefox\searchplugins\amazondotcom-de.xml
[2010.07.23 01:48:56 | 000,002,344 | ---- | M] () -- C:\Program Files (x86)\Mozilla Firefox\searchplugins\eBay-de.xml
[2010.07.23 01:48:56 | 000,006,805 | ---- | M] () -- C:\Program Files (x86)\Mozilla Firefox\searchplugins\leo_ende_de.xml
[2010.07.23 01:48:56 | 000,001,178 | ---- | M] () -- C:\Program Files (x86)\Mozilla Firefox\searchplugins\wikipedia-de.xml
[2010.07.23 01:48:56 | 000,001,105 | ---- | M] () -- C:\Program Files (x86)\Mozilla Firefox\searchplugins\yahoo-de.xml
 
O1 HOSTS File: ([2009.06.10 22:00:26 | 000,000,824 | ---- | M]) - C:\Windows\SysNative\drivers\etc\hosts
O2:64bit: - BHO: (no name) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - No CLSID value found.
O2 - BHO: (Search Helper) - {6EBF7485-159F-4bff-A14F-B9E3AAC4465B} - C:\Program Files (x86)\Microsoft\Search Enhancement Pack\Search Helper\SEPsearchhelperie.dll (Microsoft Corporation)
O2 - BHO: (Skype add-on for Internet Explorer) - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O2 - BHO: (no name) - {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - No CLSID value found.
O3 - HKLM\..\Toolbar: (no name) - {8dcb7100-df86-4384-8842-8fa844297b3f} - No CLSID value found.
O4:64bit: - HKLM..\Run: [HP Quick Launch] C:\Programme\Hewlett-Packard\HP Quick Launch\HPMSGSVC.exe (Hewlett-Packard Company)
O4:64bit: - HKLM..\Run: [HPWirelessAssistant] C:\Program Files\Hewlett-Packard\HP Wireless Assistant\DelayedAppStarter.exe ()
O4:64bit: - HKLM..\Run: [M-Audio Taskbar Icon] C:\Windows\SysNative\M-AudioTaskBarIcon.exe (Avid Technology, Inc.)
O4:64bit: - HKLM..\Run: [RTHDVCPL] C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe (Realtek Semiconductor)
O4:64bit: - HKLM..\Run: [RtkOSD] C:\Program Files (x86)\Realtek\Audio\OSD\RtVOsd64.exe (Realtek Semiconductor Corp.)
O4:64bit: - HKLM..\Run: [Windows Mobile Device Center] C:\Windows\WindowsMobile\wmdc.exe (Microsoft Corporation)
O4 - HKLM..\Run: []  File not found
O4 - HKLM..\Run: [avgnt] C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe (Avira GmbH)
O4 - HKLM..\Run: [DivXUpdate] C:\Program Files (x86)\DivX\DivX Update\DivXUpdate.exe ()
O4 - HKLM..\Run: [Microsoft Default Manager] C:\Program Files (x86)\Microsoft\Search Enhancement Pack\Default Manager\DefMgr.exe (Microsoft Corporation)
O4 - HKLM..\Run: [StartCCC] C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe (Advanced Micro Devices, Inc.)
O4 - HKCU..\Run: [ISUSPM] C:\ProgramData\Macrovision\FLEXnet Connect\6\ISUSPM.exe (Macrovision Corporation)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktopChanges = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: EnableShellExecuteHooks = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O9 - Extra Button: @C:\Windows\WindowsMobile\INetRepl.dll,-222 - {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - C:\Windows\WindowsMobile\INetRepl.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : @C:\Windows\WindowsMobile\INetRepl.dll,-223 - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\Windows\WindowsMobile\INetRepl.dll (Microsoft Corporation)
O9 - Extra Button: Skype add-on for Internet Explorer - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O9 - Extra 'Tools' menuitem : Skype add-on for Internet Explorer - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O13 - gopher Prefix: missing
O13 - gopher Prefix: missing
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab (Java Plug-in 1.6.0_22)
O16 - DPF: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab (Java Plug-in 1.6.0_22)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab (Java Plug-in 1.6.0_22)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.178.1
O18:64bit: - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - Reg Error: Key error. File not found
O18:64bit: - Protocol\Handler\skype-ie-addon-data {91774881-D725-4E58-B298-07617B9B86A8} - Reg Error: Key error. File not found
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll (Skype Technologies)
O18 - Protocol\Handler\skype-ie-addon-data {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O20:64bit: - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\Windows\SysNative\SystemPropertiesPerformance.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: VMApplet - (/pagefile) -  File not found
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\Windows\SysWow64\SystemPropertiesPerformance.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (/pagefile) -  File not found
O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - CLSID or File not found.
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - CLSID or File not found.
O32 - HKLM CDRom: AutoRun - 1
O33 - MountPoints2\{620fad7a-b6b3-11df-8ef0-90fba6aafb2f}\Shell - "" = AutoRun
O33 - MountPoints2\{620fad7a-b6b3-11df-8ef0-90fba6aafb2f}\Shell\AutoRun\command - "" = G:\StartVMCLite.exe -- File not found
O33 - MountPoints2\{620fad7c-b6b3-11df-8ef0-90fba6aafb2f}\Shell - "" = AutoRun
O33 - MountPoints2\{620fad7c-b6b3-11df-8ef0-90fba6aafb2f}\Shell\AutoRun\command - "" = G:\StartVMCLite.exe -- File not found
O33 - MountPoints2\{b03966dc-d4ab-11df-b304-90fba6aafb2f}\Shell - "" = AutoRun
O33 - MountPoints2\{b03966dc-d4ab-11df-b304-90fba6aafb2f}\Shell\AutoRun\command - "" = G:\StartVMCLite.exe -- File not found
O33 - MountPoints2\{b03966de-d4ab-11df-b304-90fba6aafb2f}\Shell - "" = AutoRun
O33 - MountPoints2\{b03966de-d4ab-11df-b304-90fba6aafb2f}\Shell\AutoRun\command - "" = G:\StartVMCLite.exe -- File not found
O33 - MountPoints2\{d7200668-a4aa-11df-b7e0-c4461903cd31}\Shell - "" = AutoRun
O33 - MountPoints2\{d7200668-a4aa-11df-b7e0-c4461903cd31}\Shell\AutoRun\command - "" = G:\StartVMCLite.exe -- File not found
O33 - MountPoints2\{d7200678-a4aa-11df-b7e0-c4461903cd31}\Shell - "" = AutoRun
O33 - MountPoints2\{d7200678-a4aa-11df-b7e0-c4461903cd31}\Shell\AutoRun\command - "" = G:\StartVMCLite.exe -- File not found
O33 - MountPoints2\G\Shell - "" = AutoRun
O33 - MountPoints2\G\Shell\AutoRun\command - "" = G:\StartVMCLite.exe -- File not found
O34 - HKLM BootExecute: (autocheck autochk *) -  File not found
O35:64bit: - HKLM\..comfile [open] -- "%1" %*
O35:64bit: - HKLM\..exefile [open] -- "%1" %*
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %*
O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
 
========== Files/Folders - Created Within 30 Days ==========
 
[2010.11.12 03:13:58 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Trend Micro
[2010.11.12 01:17:19 | 000,000,000 | ---D | C] -- C:\ProgramData\SUPERAntiSpyware.com
[2010.11.12 01:17:14 | 000,000,000 | ---D | C] -- C:\ProgramData\!SASCORE
[2010.11.12 01:00:27 | 000,000,000 | ---D | C] -- C:\Programme\CCleaner
[2010.11.11 03:53:49 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Synth1
[2010.11.11 03:47:54 | 000,000,000 | ---D | C] -- C:\Windows\Sun
[2010.11.11 00:48:33 | 000,000,000 | ---D | C] -- C:\Users\Tom Morris\AppData\Roaming\Malwarebytes
[2010.11.11 00:48:27 | 000,038,224 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\SysWow64\drivers\mbamswissarmy.sys
[2010.11.11 00:48:25 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Malwarebytes' Anti-Malware
[2010.11.11 00:48:25 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes
[2010.11.07 16:01:19 | 000,153,376 | ---- | C] (Sun Microsystems, Inc.) -- C:\Windows\SysWow64\javaws.exe
[2010.11.07 16:01:19 | 000,145,184 | ---- | C] (Sun Microsystems, Inc.) -- C:\Windows\SysWow64\javaw.exe
[2010.11.07 16:01:19 | 000,145,184 | ---- | C] (Sun Microsystems, Inc.) -- C:\Windows\SysWow64\java.exe
[2010.10.31 06:34:08 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Ableton Plugins
[2010.10.28 16:55:21 | 000,000,000 | R--D | C] -- C:\Users\Tom Morris\Eigene Producing
[2010.10.28 16:06:45 | 000,000,000 | ---D | C] -- C:\Users\Tom Morris\AppData\Roaming\FMZilla
[2010.10.28 16:06:37 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Free Music Zilla
[2010.10.27 09:53:56 | 000,961,024 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\CPFilters.dll
[2010.10.27 09:53:56 | 000,641,536 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\CPFilters.dll
[2010.10.27 09:53:56 | 000,552,960 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\msdri.dll
[2010.10.27 09:53:56 | 000,288,256 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\MSNP.ax
[2010.10.27 09:53:56 | 000,258,560 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\mpg2splt.ax
[2010.10.27 09:53:56 | 000,204,288 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\MSNP.ax
[2010.10.27 09:53:56 | 000,199,680 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\mpg2splt.ax
[2010.10.27 09:50:45 | 000,027,008 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\Diskdump.sys
[2010.10.25 22:26:58 | 000,511,496 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\XAudio2_1.dll
[2010.10.25 22:26:58 | 000,507,400 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\XAudio2_1.dll
[2010.10.25 22:26:58 | 000,068,104 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\XAPOFX1_0.dll
[2010.10.25 22:26:58 | 000,065,032 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\XAPOFX1_0.dll
[2010.10.25 22:26:57 | 004,991,496 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\D3DX9_38.dll
[2010.10.25 22:26:57 | 003,850,760 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\D3DX9_38.dll
[2010.10.25 22:26:57 | 001,941,528 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\D3DCompiler_38.dll
[2010.10.25 22:26:57 | 001,491,992 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\D3DCompiler_38.dll
[2010.10.25 22:26:57 | 000,540,688 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\d3dx10_38.dll
[2010.10.25 22:26:57 | 000,467,984 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\d3dx10_38.dll
[2010.10.25 22:26:57 | 000,238,088 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\xactengine3_1.dll
[2010.10.25 22:26:57 | 000,177,672 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\xactengine3_1.dll
[2010.10.25 22:26:57 | 000,028,168 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\X3DAudio1_4.dll
[2010.10.25 22:26:57 | 000,025,608 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\X3DAudio1_4.dll
[2010.10.25 22:26:56 | 001,860,120 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\D3DCompiler_37.dll
[2010.10.25 22:26:56 | 001,420,824 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\D3DCompiler_37.dll
[2010.10.25 22:26:56 | 000,529,424 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\d3dx10_37.dll
[2010.10.25 22:26:56 | 000,489,480 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\XAudio2_0.dll
[2010.10.25 22:26:56 | 000,479,752 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\XAudio2_0.dll
[2010.10.25 22:26:56 | 000,462,864 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\d3dx10_37.dll
[2010.10.25 22:26:56 | 000,238,088 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\xactengine3_0.dll
[2010.10.25 22:26:56 | 000,177,672 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\xactengine3_0.dll
[2010.10.25 22:26:56 | 000,028,168 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\X3DAudio1_3.dll
[2010.10.25 22:26:56 | 000,025,608 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\X3DAudio1_3.dll
[2010.10.25 22:26:55 | 004,910,088 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\D3DX9_37.dll
[2010.10.25 22:26:55 | 003,786,760 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\D3DX9_37.dll
[2010.10.25 22:26:55 | 002,006,552 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\D3DCompiler_36.dll
[2010.10.25 22:26:55 | 001,374,232 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\D3DCompiler_36.dll
[2010.10.25 22:26:55 | 000,508,264 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\d3dx10_36.dll
[2010.10.25 22:26:55 | 000,444,776 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\d3dx10_36.dll
[2010.10.25 22:26:55 | 000,411,656 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\xactengine2_10.dll
[2010.10.25 22:26:55 | 000,267,272 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\xactengine2_10.dll
[2010.10.25 22:26:54 | 005,081,608 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\d3dx9_36.dll
[2010.10.25 22:26:54 | 003,734,536 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\d3dx9_36.dll
[2010.10.25 22:26:54 | 001,985,904 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\D3DCompiler_35.dll
[2010.10.25 22:26:54 | 001,358,192 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\D3DCompiler_35.dll
[2010.10.25 22:26:54 | 000,508,264 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\d3dx10_35.dll
[2010.10.25 22:26:54 | 000,444,776 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\d3dx10_35.dll
[2010.10.25 22:26:54 | 000,411,496 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\xactengine2_9.dll
[2010.10.25 22:26:54 | 000,267,112 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\xactengine2_9.dll
[2010.10.25 22:26:53 | 005,073,256 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\d3dx9_35.dll
[2010.10.25 22:26:53 | 003,727,720 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\d3dx9_35.dll
[2010.10.25 22:26:53 | 000,409,960 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\xactengine2_8.dll
[2010.10.25 22:26:53 | 000,266,088 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\xactengine2_8.dll
[2010.10.25 22:26:53 | 000,021,000 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\X3DAudio1_2.dll
[2010.10.25 22:26:53 | 000,017,928 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\X3DAudio1_2.dll
[2010.10.25 02:08:22 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Serato
[2010.10.22 17:39:27 | 000,000,000 | R--D | C] -- C:\Users\Tom Morris\Unbenannt Project
[2010.10.14 02:08:55 | 002,441,216 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\iertutil.dll
[2010.10.14 02:08:54 | 000,702,976 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\msfeeds.dll
[2010.10.14 02:08:54 | 000,599,040 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\msfeeds.dll
[2010.10.14 02:08:54 | 000,097,280 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\mshtmled.dll
[2010.10.14 02:08:54 | 000,057,856 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\licmgr10.dll
[2010.10.14 02:08:54 | 000,044,544 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\licmgr10.dll
[2010.10.14 02:08:53 | 000,482,816 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\html.iec
[2010.10.14 02:08:53 | 000,386,048 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\html.iec
[2010.10.14 02:08:53 | 000,256,000 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\iepeers.dll
[2010.10.14 02:08:53 | 000,247,808 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ieui.dll
[2010.10.14 02:08:53 | 000,185,856 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\iepeers.dll
[2010.10.14 02:08:53 | 000,176,640 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ieui.dll
[2010.10.14 02:08:53 | 000,067,072 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\mshtmled.dll
[2010.10.14 02:08:53 | 000,012,800 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\msfeedssync.exe
[2010.10.14 02:08:53 | 000,012,288 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\msfeedssync.exe
[2010.10.14 02:08:36 | 014,627,840 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\wmp.dll
[2010.10.14 02:08:36 | 011,406,848 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\wmp.dll
[2010.10.14 02:08:35 | 012,625,408 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\wmploc.DLL
[2010.10.14 02:08:34 | 012,625,920 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\wmploc.DLL
[2010.10.14 02:07:34 | 000,954,752 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\mfc40.dll
[2010.10.14 02:07:33 | 000,954,288 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\mfc40u.dll
[2010.10.14 02:00:32 | 002,085,376 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ole32.dll
[2010.10.14 02:00:05 | 001,024,512 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\wmpmde.dll
[2010.10.14 02:00:05 | 000,738,816 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\wmpmde.dll
[2010.10.14 01:33:52 | 000,633,856 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\comctl32.dll
[2010.10.14 01:19:58 | 000,009,728 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\sscore.dll
[2010.10.14 01:13:19 | 000,148,992 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\t2embed.dll
[2010.10.14 01:13:19 | 000,109,056 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\t2embed.dll
[2010.10.14 01:12:46 | 000,483,840 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\StructuredQuery.dll
[2010.10.14 01:12:46 | 000,363,520 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\StructuredQuery.dll
[1 C:\Users\Tom Morris\Documents\*.tmp files -> C:\Users\Tom Morris\Documents\*.tmp -> ]
 
========== Files - Modified Within 30 Days ==========
 
[2010.11.12 03:38:13 | 002,097,152 | -HS- | M] () -- C:\Users\Tom Morris\NTUSER.DAT
[2010.11.12 03:13:58 | 000,002,115 | ---- | M] () -- C:\Users\Tom Morris\Desktop\HijackThis.lnk
[2010.11.12 01:20:12 | 000,023,024 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2010.11.12 01:20:12 | 000,023,024 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2010.11.12 01:17:22 | 001,472,002 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI
[2010.11.12 01:17:22 | 000,643,866 | ---- | M] () -- C:\Windows\SysNative\perfh007.dat
[2010.11.12 01:17:22 | 000,607,190 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat
[2010.11.12 01:17:22 | 000,126,394 | ---- | M] () -- C:\Windows\SysNative\perfc007.dat
[2010.11.12 01:17:22 | 000,103,568 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat
[2010.11.12 01:12:49 | 000,000,006 | -H-- | M] () -- C:\Windows\tasks\SA.DAT
[2010.11.12 01:12:48 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2010.11.12 01:12:39 | 3217,211,392 | -HS- | M] () -- C:\hiberfil.sys
[2010.11.12 01:11:58 | 005,490,779 | -H-- | M] () -- C:\Users\Tom Morris\AppData\Local\IconCache.db
[2010.11.12 01:00:27 | 000,000,822 | ---- | M] () -- C:\Users\Public\Desktop\CCleaner.lnk
[2010.11.11 00:48:29 | 000,001,031 | ---- | M] () -- C:\Users\Public\Desktop\Malwarebytes' Anti-Malware.lnk
[2010.11.10 23:20:56 | 000,000,352 | ---- | M] () -- C:\Windows\tasks\HPCeeScheduleForTom Morris.job
[2010.11.09 06:57:07 | 000,000,790 | ---- | M] () -- C:\Users\Public\Documents\sven v..rtf
[2010.11.02 14:51:08 | 000,081,584 | ---- | M] (Avira GmbH) -- C:\Windows\SysNative\drivers\avgntflt.sys
[2010.10.28 16:16:35 | 000,017,212 | ---- | M] () -- C:\Users\Tom Morris\AppData\Roaming\UserTile.png
[2010.10.28 16:06:37 | 000,001,080 | ---- | M] () -- C:\Users\Tom Morris\Desktop\Free Music Zilla.lnk
[2010.10.25 02:08:24 | 000,002,174 | ---- | M] () -- C:\Users\Tom Morris\Desktop\Scratch Live.lnk
[2010.10.24 15:16:53 | 000,001,165 | ---- | M] () -- C:\Users\Tom Morris\Desktop\Live 8.0.3.lnk
[2010.10.15 02:19:25 | 000,334,264 | ---- | M] () -- C:\Windows\SysNative\FNTCACHE.DAT
[1 C:\Users\Tom Morris\Documents\*.tmp files -> C:\Users\Tom Morris\Documents\*.tmp -> ]
 
========== Files Created - No Company Name ==========
 
[2010.11.12 03:13:58 | 000,002,115 | ---- | C] () -- C:\Users\Tom Morris\Desktop\HijackThis.lnk
[2010.11.12 01:00:27 | 000,000,822 | ---- | C] () -- C:\Users\Public\Desktop\CCleaner.lnk
[2010.11.11 00:48:29 | 000,001,031 | ---- | C] () -- C:\Users\Public\Desktop\Malwarebytes' Anti-Malware.lnk
[2010.11.10 22:54:59 | 000,000,352 | ---- | C] () -- C:\Windows\tasks\HPCeeScheduleForTom Morris.job
[2010.11.09 06:57:07 | 000,000,790 | ---- | C] () -- C:\Users\Public\Documents\sven v..rtf
[2010.10.28 16:19:42 | 000,024,064 | -HS- | C] () -- C:\Users\Tom Morris\AppData\Roaming\Thumbs.db
[2010.10.28 16:16:35 | 000,017,212 | ---- | C] () -- C:\Users\Tom Morris\AppData\Roaming\UserTile.png
[2010.10.28 16:06:37 | 000,001,080 | ---- | C] () -- C:\Users\Tom Morris\Desktop\Free Music Zilla.lnk
[2010.10.24 15:16:53 | 000,001,165 | ---- | C] () -- C:\Users\Tom Morris\Desktop\Live 8.0.3.lnk
[2010.08.24 11:05:55 | 000,000,084 | ---- | C] () -- C:\Windows\winamp.ini
[2010.08.12 19:11:03 | 000,027,648 | ---- | C] () -- C:\Windows\SysWow64\AVSredirect.dll
[2010.08.12 18:30:01 | 000,000,331 | ---- | C] () -- C:\Windows\game.ini
[2010.07.07 04:54:31 | 000,000,268 | ---- | C] () -- C:\Windows\SysWow64\RStoneLog2.ini
[2010.07.07 04:54:31 | 000,000,209 | ---- | C] () -- C:\Windows\SysWow64\RStoneLog.ini
[2010.05.17 22:38:25 | 000,000,202 | ---- | C] () -- C:\Windows\SysWow64\HPWA.ini
[2010.02.09 17:58:12 | 000,012,800 | ---- | C] () -- C:\Windows\LPRES.DLL
[2009.07.14 00:42:10 | 000,064,000 | ---- | C] () -- C:\Windows\SysWow64\BWContextHandler.dll
[2009.07.13 22:03:59 | 000,364,544 | ---- | C] () -- C:\Windows\SysWow64\msjetoledb40.dll
< End of report >
--- --- ---


OTL Logfile:
Code:
OTL Extras logfile created on: 12.11.2010 03:37:14 - Run 1
OTL by OldTimer - Version 3.2.9.1    Folder = C:\Users\Tom Morris\Desktop
64bit- Home Premium Edition  (Version = 6.1.7600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.7600.16385)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
 
4,00 Gb Total Physical Memory | 3,00 Gb Available Physical Memory | 68,00% Memory free
8,00 Gb Paging File | 7,00 Gb Available in Paging File | 81,00% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 451,46 Gb Total Space | 167,50 Gb Free Space | 37,10% Space Free | Partition Type: NTFS
Drive D: | 14,00 Gb Total Space | 2,01 Gb Free Space | 14,34% Space Free | Partition Type: NTFS
Drive E: | 99,02 Mb Total Space | 91,86 Mb Free Space | 92,76% Space Free | Partition Type: FAT32
F: Drive not present or media not loaded
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded
 
Computer Name: TOMMORRIS-PC
Current User Name: Tom Morris
Logged in as Administrator.
 
Current Boot Mode: Normal
Scan Mode: Current user
Include 64bit Scans
Company Name Whitelist: Off
Skip Microsoft Files: Off
File Age = 30 Days
Output = Minimal
 
========== Extra Registry (SafeList) ==========
 
 
========== File Associations ==========
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- C:\Windows\SysWow64\control.exe (Microsoft Corporation)
 
[HKEY_CURRENT_USER\SOFTWARE\Classes\<extension>]
.html [@ = ChromeHTML] -- C:\Users\Tom Morris\AppData\Local\Google\Chrome\Application\chrome.exe (Google Inc.)
 
========== Shell Spawning ==========
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %* File not found
cmdfile [open] -- "%1" %* File not found
comfile [open] -- "%1" %* File not found
exefile [open] -- "%1" %* File not found
helpfile [open] -- Reg Error: Key error.
htmlfile [edit] -- Reg Error: Key error.
htmlfile [print] -- rundll32.exe %windir%\system32\mshtml.dll,PrintHTML "%1" File not found
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
InternetShortcut [print] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\mshtml.dll",PrintHTML "%1" (Microsoft Corporation)
piffile [open] -- "%1" %* File not found
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1" File not found
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l (Microsoft Corporation)
scrfile [open] -- "%1" /S File not found
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1 File not found
Directory [AddToPlaylistVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" ()
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [PlayWithVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" ()
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
htmlfile [edit] -- Reg Error: Key error.
htmlfile [print] -- rundll32.exe %windir%\system32\mshtml.dll,PrintHTML "%1"
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
InternetShortcut [print] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\mshtml.dll",PrintHTML "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l (Microsoft Corporation)
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [AddToPlaylistVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" ()
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [PlayWithVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" ()
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
 
========== Security Center Settings ==========
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"VistaSp1" = 28 4D B2 76 41 04 CA 01  [binary data]
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
 
========== Authorized Applications List ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
"C:\Program Files (x86)\Free Music Zilla\FMZilla.exe" = C:\Program Files (x86)\Free Music Zilla\FMZilla.exe:*:Enabled:FMZilla -- ()
"C:\Program Files (x86)\Free Music Zilla\FMZilla.exe" = C:\Program Files (x86)\Free Music Zilla\FMZilla.exe:*:Enabled:FMZilla -- ()
 
 
========== HKEY_LOCAL_MACHINE Uninstall List ==========
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{0D8EB424-63C1-4F63-BA0F-0597DD3DFF71}" = M-Audio Conectiv Driver 6.0.1 (x64)
"{10F539B1-31AF-43BF-9F0C-0EB66E918922}" = HP Quick Launch
"{4B6C7001-C7D6-3710-913E-5BC23FCE91E6}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148
"{626672CD-BFCF-49A9-AEFE-AB0FED3BFC5B}" = Windows Mobile-Gerätecenter
"{7B93A118-A01C-10F7-EBC6-4C7413D9A36B}" = ATI Catalyst Install Manager
"{8220EEFE-38CD-377E-8595-13398D740ACE}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17
"{B2FDEA1B-9B78-41CE-8A80-01D99D687D09}" = HP Wireless Assistant
"{E87A0FD7-DFFE-D12B-DFDE-8FE049D3FDA2}" = ccc-utility64
"Broadcom 802.11 Wireless LAN Adapter" = Broadcom 802.11 Wireless LAN Adapter
"CCleaner" = CCleaner
"SynTPDeinstKey" = Synaptics Pointing Device Driver
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{00FD5887-7557-5A6E-E9EF-ABAF7AA2E2AF}" = CCC Help Finnish
"{01FB4998-33C4-4431-85ED-079E3EEFE75D}" = CyberLink YouCam
"{07FA4960-B038-49EB-891B-9F95930AA544}" = HP Customer Experience Enhancements
"{08E7C2D0-A423-7568-61DB-11B3F745332D}" = Catalyst Control Center Graphics Previews Common
"{0C4F05FC-1BC4-90F7-66E5-911D443739AD}" = Catalyst Control Center Core Implementation
"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
"{1FBF6C24-C1FD-4101-A42B-0C564F9E8E79}" = CyberLink DVD Suite
"{254C37AA-6B72-4300-84F6-98A82419187E}" = ActiveCheck component for HP Active Support Library
"{26A24AE4-039D-4CA4-87B4-2F83216021FF}" = Java(TM) 6 Update 22
"{287ECFA4-719A-2143-A09B-D6A12DE54E40}" = Acrobat.com
"{2BC45853-3FDB-7352-7E93-0756D0759958}" = CCC Help French
"{2CDA6553-EF28-308F-EDAF-75989C168C71}" = CCC Help Thai
"{338DAD71-9CE7-4D63-B729-7E91C07A4D7D}" = Microsoft Search Enhancement Pack
"{3877C901-7B90-4727-A639-B6ED2DD59D43}" = ESU for Microsoft Windows 7
"{38A26A35-B8D5-C90C-DB36-2519827C7747}" = Catalyst Control Center Graphics Full Existing
"{40BF1E83-20EB-11D8-97C5-0009C5020658}" = Power2Go
"{40FB8D7C-6FF8-4AF2-BC8B-0B1DB32AF04B}" = HP Advisor
"{4123BE4D-C65C-467E-8071-232FB1FBF3B8}" = MSN Toolbar Platform
"{42654BC2-76C6-5F8A-73D8-8D2EDE4BB1A4}" = CCC Help Hungarian
"{44B2A0AB-412E-4F8C-B058-D1E8AECCDFF5}" = Recovery Manager
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{55FD7D2C-C1B6-6FF5-ED2C-D8F599DE3557}" = CCC Help Swedish
"{5EE7D259-D137-4438-9A5F-42F432EC0421}" = VC80CRTRedist - 8.0.50727.4053
"{60FA1132-0486-41F9-B747-6D308C284D1C}" = Catalyst Control Center - Branding
"{61BEA823-ECAF-49F1-8378-A59B3B8AD247}" = Microsoft Default Manager
"{6419476A-6230-4646-A2FE-C8860737F2A2}" = Scratch Live 2.1.1 (21122)
"{669D4A35-146B-4314-89F1-1AC3D7B88367}" = HPAsset component for HP Active Support Library
"{68FDE621-DC47-3864-859A-4CFF359DA3EE}" = CCC Help German
"{69FDFBB6-351D-4B8C-89D8-867DC9D0A2A4}" = Windows Media Player Firefox Plugin
"{6A2055DE-D7E0-7908-19FD-07032E1050FE}" = CCC Help Korean
"{6AFDE3BE-BC01-45A4-9D06-BBF5AD207313}" = LightScribe System Software
"{6C4E4BAA-4825-3D82-A536-586687A78A58}" = CCC Help Norwegian
"{7299052b-02a4-4627-81f2-1818da5d550d}" = Microsoft Visual C++ 2005 Redistributable
"{75D177CA-B0E1-9C2C-A035-7778FA6F9278}" = CCC Help English
"{8833FFB6-5B0C-4764-81AA-06DFEED9A476}" = Realtek Ethernet Controller Driver For Windows 7
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{8A15B7D9-908A-4EF9-BA84-5AEDE61743EE}" = Call of Duty(R) 4 - Modern Warfare(TM) 1.6 Patch
"{8DB77BE4-629D-458D-BD68-9F36667C2177}" = TubeBox!
"{931C37FC-594D-43A9-B10F-A2F2B1F03498}" = Call of Duty(R) 4 - Modern Warfare(TM) 1.7 Patch
"{943E29F5-10EA-E1F7-8828-80391BE9081B}" = CCC Help Italian
"{96AE7E41-E34E-47D0-AC07-1091A8127911}" = Realtek USB 2.0 Card Reader
"{96B2B177-D6F0-B452-547E-25A40AA6D73F}" = Catalyst Control Center Graphics Light
"{981029E0-7FC9-4CF3-AB39-6F133621921A}" = Skype Toolbars
"{987B04C4-B5AC-4AD6-A7E9-8D681085B850}" = AMD USB Filter Driver
"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
"{A2BCA9F1-566C-4805-97D1-7FDC93386723}" = Adobe AIR
"{A61C6212-AB09-615D-3302-B87318476A9E}" = CCC Help Greek
"{A8516AC9-AAF1-47F9-9766-03E2D4CDBCF8}" = CyberLink PowerDVD 9
"{A9B24899-3D76-1512-8006-5D8D9379E603}" = CCC Help Polish
"{AB6F3C84-C5F4-EB19-6C11-A73B695609D5}" = CCC Help Turkish
"{AC76BA86-7AD7-FFFF-7B44-A91000000001}" = Adobe Reader 9.4.0 MUI
"{B2582D47-3572-DED1-9468-00325C6987E6}" = Catalyst Control Center Graphics Previews Vista
"{B5761811-28F3-4257-B537-815C5EEF472C}" = Vodafone Mobile Connect Lite
"{B60DCA15-56A3-4D2D-8747-22CF7D7B588B}" = HP Support Assistant
"{C30558BD-247B-2BF8-BFEE-7EA2B46156AA}" = CCC Help Czech
"{C59C179C-668D-49A9-B6EA-0121CCFC1243}" = LabelPrint
"{C6F4F35D-D570-ABFB-24F3-0EA35E403FF1}" = Catalyst Control Center InstallProxy
"{C827BB33-ECAC-0EF7-9B86-630A15A25230}" = Catalyst Control Center Graphics Full New
"{CB099890-1D5F-11D5-9EA9-0050BAE317E1}" = PowerDirector
"{CB8D0FA8-A475-9841-7409-F4B3CFBF4E55}" = CCC Help Japanese
"{D103C4BA-F905-437A-8049-DB24763BBE36}" = Skype™ 4.2
"{D36DD326-7280-11D8-97C8-000129760CBE}" = PhotoNow!
"{D3AEA71C-D1DB-7CBB-9D8D-3C2333601A20}" = CCC Help Chinese Standard
"{D46D081B-F60E-467E-A7C4-117B70D76731}" = HP Update
"{D8DFA46A-39F7-4368-810D-18AFCFDDAEAF}" = Adobe Shockwave Player
"{DED123AE-5A57-E3FD-CC7F-8D1E736B9B71}" = ccc-core-static
"{E2831862-F131-4327-B9CC-FA30F587EB6C}" = HP Setup
"{E451BFA8-044A-F549-EAB5-CE8D39812421}" = CCC Help Portuguese
"{E48469CC-635E-4FD5-A122-1497C286D217}" = Call of Duty(R) 4 - Modern Warfare(TM)
"{E8E660DD-3CF7-4143-B7BF-D44E9ACF2DC1}" = HP Software Framework
"{EDDFC55B-A7D5-5D3D-0B77-860E89E2B137}" = CCC Help Danish
"{EF6BD645-0E5B-3584-691B-BB109D0402CA}" = CCC Help Russian
"{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver
"{F16954E1-FF14-AA8E-33B0-92A4CCD66265}" = CCC Help Dutch
"{F17301AF-CE56-063A-04D4-0CE460CD67BC}" = CCC Help Chinese Traditional
"{F37935A0-AFC8-47F9-8B7D-D09E88FCA0B8}" = HP User Guides 0211
"{F62607DD-8A27-2740-497A-CD6DF31434C7}" = CCC Help Spanish
"{F6B6A150-08FA-46D5-808A-EB638269551D}" = HP Power Plan Utility
"{F798D7E4-B39B-69C4-A8B3-1D412630B306}" = Catalyst Control Center Localization All
"Adobe AIR" = Adobe AIR
"Adobe Flash Player Plugin" = Adobe Flash Player 10 Plugin
"Audacity_is1" = Audacity 1.2.6
"Avira AntiVir Desktop" = Avira AntiVir Personal - Free Antivirus
"DivX Setup.divx.com" = DivX-Setup
"Free Music Zilla_is1" = Free Music Zilla
"HijackThis" = HijackThis 2.0.2
"InstallShield_{01FB4998-33C4-4431-85ED-079E3EEFE75D}" = CyberLink YouCam
"InstallShield_{1FBF6C24-C1FD-4101-A42B-0C564F9E8E79}" = CyberLink DVD Suite
"InstallShield_{40BF1E83-20EB-11D8-97C5-0009C5020658}" = Power2Go
"InstallShield_{8A15B7D9-908A-4EF9-BA84-5AEDE61743EE}" = Call of Duty(R) 4 - Modern Warfare(TM) 1.6 Patch
"InstallShield_{931C37FC-594D-43A9-B10F-A2F2B1F03498}" = Call of Duty(R) 4 - Modern Warfare(TM) 1.7 Patch
"InstallShield_{A8516AC9-AAF1-47F9-9766-03E2D4CDBCF8}" = CyberLink PowerDVD 9
"InstallShield_{C59C179C-668D-49A9-B6EA-0121CCFC1243}" = LabelPrint
"InstallShield_{CB099890-1D5F-11D5-9EA9-0050BAE317E1}" = PowerDirector
"InstallShield_{D36DD326-7280-11D8-97C8-000129760CBE}" = PhotoNow!
"InstallShield_{E48469CC-635E-4FD5-A122-1497C286D217}" = Call of Duty(R) 4 - Modern Warfare(TM)
"JDownloader" = JDownloader
"Live 8.0.3" = Live 8.0.3
"Malwarebytes' Anti-Malware_is1" = Malwarebytes' Anti-Malware
"Mozilla Firefox (3.6.8)" = Mozilla Firefox (3.6.8)
"SUPER ©" = SUPER © Version 2010.bld.38 (May 2, 2010)
"TagScanner_is1" = TagScanner 5.1 build 592
"Torq_is1" = Torq Torq 1.5.2 (Build 009) - 8 July 2009
"Uninstall_is1" = Uninstall 1.0.0.1
"VLC media player" = VLC media player 1.1.4
"WinRAR archiver" = WinRAR Archivierer
 
========== HKEY_CURRENT_USER Uninstall List ==========
 
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"Google Chrome" = Google Chrome
 
========== Last 10 Event Log Errors ==========
 
[ Application Events ]
Error - 06.10.2010 21:46:34 | Computer Name = TomMorris-PC | Source = SideBySide | ID = 16842815
Description = Fehler beim Generieren des Aktivierungskontextes für "c:\Program Files
 (x86)\Common Files\Adobe AIR\Versions\1.0\Adobe AIR.dll". Fehler in Manifest- oder
 Richtliniendatei "c:\Program Files (x86)\Common Files\Adobe AIR\Versions\1.0\Adobe
 AIR.dll" in Zeile 3.  Der Wert "MAJOR_VERSION.MINOR_VERSION.BUILD_NUMBER_MAJOR.BUILD_NUMBER_MINOR"
 des "version"-Attributs im assemblyIdentity-Element ist ungültig.
 
Error - 06.10.2010 21:47:59 | Computer Name = TomMorris-PC | Source = SideBySide | ID = 16842811
Description = Fehler beim Generieren des Aktivierungskontextes für "c:\program files
 (x86)\microsoft\search enhancement pack\search helper\sepsearchhelperie.dll". Fehler
 in Manifest- oder Richtliniendatei "c:\program files (x86)\microsoft\search enhancement
 pack\search helper\sepsearchhelperie.dll" in Zeile 2.  Ungültige XML-Syntax.
 
Error - 08.10.2010 10:34:11 | Computer Name = TomMorris-PC | Source = Application Hang | ID = 1002
Description = Programm ScratchLive.exe, Version 2.1.0.57 kann nicht mehr unter Windows
 ausgeführt werden und wurde beendet. Überprüfen Sie den Problemverlauf in der Wartungscenter-Systemsteuerung,
 um nach weiteren Informationen zum Problem zu suchen.    Prozess-ID: 9b8    Startzeit:
01cb66f30500325f    Endzeit: 62    Anwendungspfad: C:\Program Files (x86)\Serato\ScratchLIVE\ScratchLive.exe

Berichts-ID:
 1b2b71df-d2e9-11df-9ce3-90fba6aafb2f 
 
Error - 09.10.2010 20:52:30 | Computer Name = TomMorris-PC | Source = SideBySide | ID = 16842815
Description = Fehler beim Generieren des Aktivierungskontextes für "c:\Program Files
 (x86)\Common Files\Adobe AIR\Versions\1.0\Adobe AIR.dll". Fehler in Manifest- oder
 Richtliniendatei "c:\Program Files (x86)\Common Files\Adobe AIR\Versions\1.0\Adobe
 AIR.dll" in Zeile 3.  Der Wert "MAJOR_VERSION.MINOR_VERSION.BUILD_NUMBER_MAJOR.BUILD_NUMBER_MINOR"
 des "version"-Attributs im assemblyIdentity-Element ist ungültig.
 
Error - 09.10.2010 20:53:54 | Computer Name = TomMorris-PC | Source = SideBySide | ID = 16842811
Description = Fehler beim Generieren des Aktivierungskontextes für "c:\program files
 (x86)\microsoft\search enhancement pack\search helper\sepsearchhelperie.dll". Fehler
 in Manifest- oder Richtliniendatei "c:\program files (x86)\microsoft\search enhancement
 pack\search helper\sepsearchhelperie.dll" in Zeile 2.  Ungültige XML-Syntax.
 
Error - 10.10.2010 18:49:55 | Computer Name = TomMorris-PC | Source = SideBySide | ID = 16842815
Description = Fehler beim Generieren des Aktivierungskontextes für "c:\Program Files
 (x86)\Common Files\Adobe AIR\Versions\1.0\Adobe AIR.dll". Fehler in Manifest- oder
 Richtliniendatei "c:\Program Files (x86)\Common Files\Adobe AIR\Versions\1.0\Adobe
 AIR.dll" in Zeile 3.  Der Wert "MAJOR_VERSION.MINOR_VERSION.BUILD_NUMBER_MAJOR.BUILD_NUMBER_MINOR"
 des "version"-Attributs im assemblyIdentity-Element ist ungültig.
 
Error - 10.10.2010 18:50:53 | Computer Name = TomMorris-PC | Source = SideBySide | ID = 16842811
Description = Fehler beim Generieren des Aktivierungskontextes für "c:\program files
 (x86)\microsoft\search enhancement pack\search helper\sepsearchhelperie.dll". Fehler
 in Manifest- oder Richtliniendatei "c:\program files (x86)\microsoft\search enhancement
 pack\search helper\sepsearchhelperie.dll" in Zeile 2.  Ungültige XML-Syntax.
 
Error - 11.10.2010 13:40:11 | Computer Name = TomMorris-PC | Source = Application Error | ID = 1000
Description = Name der fehlerhaften Anwendung: PhoneConnectorVMC.exe, Version: 3.1.2.104,
 Zeitstempel: 0x46f273a8  Name des fehlerhaften Moduls: PhoneConnectorVMC.exe, Version:
 3.1.2.104, Zeitstempel: 0x46f273a8  Ausnahmecode: 0xc0000005  Fehleroffset: 0x00016eda
ID
 des fehlerhaften Prozesses: 0xcb0  Startzeit der fehlerhaften Anwendung: 0x01cb696b509284e9
Pfad
 der fehlerhaften Anwendung: G:\PhoneConnectorVMC.exe  Pfad des fehlerhaften Moduls:
 G:\PhoneConnectorVMC.exe  Berichtskennung: 98809d95-d55e-11df-bd97-90fba6aafb2f
 
Error - 11.10.2010 21:01:34 | Computer Name = TomMorris-PC | Source = SideBySide | ID = 16842815
Description = Fehler beim Generieren des Aktivierungskontextes für "c:\Program Files
 (x86)\Common Files\Adobe AIR\Versions\1.0\Adobe AIR.dll". Fehler in Manifest- oder
 Richtliniendatei "c:\Program Files (x86)\Common Files\Adobe AIR\Versions\1.0\Adobe
 AIR.dll" in Zeile 3.  Der Wert "MAJOR_VERSION.MINOR_VERSION.BUILD_NUMBER_MAJOR.BUILD_NUMBER_MINOR"
 des "version"-Attributs im assemblyIdentity-Element ist ungültig.
 
Error - 11.10.2010 21:02:59 | Computer Name = TomMorris-PC | Source = SideBySide | ID = 16842811
Description = Fehler beim Generieren des Aktivierungskontextes für "c:\program files
 (x86)\microsoft\search enhancement pack\search helper\sepsearchhelperie.dll". Fehler
 in Manifest- oder Richtliniendatei "c:\program files (x86)\microsoft\search enhancement
 pack\search helper\sepsearchhelperie.dll" in Zeile 2.  Ungültige XML-Syntax.
 
[ Hewlett-Packard Events ]
Error - 01.09.2010 06:48:55 | Computer Name = TomMorris-PC | Source = Hewlett-Packard | ID = 0
Description = de-DE Die Datei "C:\Program Files (x86)\Hewlett-Packard\HP Support
Framework\Logs\SystemInfoAA.xml" konnte nicht gefunden werden. mscorlib    bei System.IO.__Error.WinIOError(Int32
 errorCode, String maybeFullPath)    bei System.IO.FileStream.Init(String path, FileMode
 mode, FileAccess access, Int32 rights, Boolean useRights, FileShare share, Int32
 bufferSize, FileOptions options, SECURITY_ATTRIBUTES secAttrs, String msgPath,
Boolean bFromProxy)    bei System.IO.FileStream..ctor(String path, FileMode mode,
 FileAccess access, FileShare share, Int32 bufferSize, FileOptions options, String
 msgPath, Boolean bFromProxy)    bei System.IO.FileStream..ctor(String path, FileMode
 mode, FileAccess access, FileShare share, Int32 bufferSize, FileOptions options)

  bei System.IO.StreamReader..ctor(String path, Encoding encoding, Boolean detectEncodingFromByteOrderMarks,
 Int32 bufferSize)    bei System.IO.StreamReader..ctor(String path, Encoding encoding)

  bei System.IO.File.ReadAllText(String path, Encoding encoding)    bei n.a()
 
Error - 22.09.2010 17:09:25 | Computer Name = TomMorris-PC | Source = Hewlett-Packard | ID = 0
Description = de-DE Die Datei "C:\Program Files (x86)\Hewlett-Packard\HP Support
Framework\Logs\SystemInfoAA.xml" konnte nicht gefunden werden. mscorlib    bei System.IO.__Error.WinIOError(Int32
 errorCode, String maybeFullPath)    bei System.IO.FileStream.Init(String path, FileMode
 mode, FileAccess access, Int32 rights, Boolean useRights, FileShare share, Int32
 bufferSize, FileOptions options, SECURITY_ATTRIBUTES secAttrs, String msgPath,
Boolean bFromProxy)    bei System.IO.FileStream..ctor(String path, FileMode mode,
 FileAccess access, FileShare share, Int32 bufferSize, FileOptions options, String
 msgPath, Boolean bFromProxy)    bei System.IO.FileStream..ctor(String path, FileMode
 mode, FileAccess access, FileShare share, Int32 bufferSize, FileOptions options)

  bei System.IO.StreamReader..ctor(String path, Encoding encoding, Boolean detectEncodingFromByteOrderMarks,
 Int32 bufferSize)    bei System.IO.StreamReader..ctor(String path, Encoding encoding)

  bei System.IO.File.ReadAllText(String path, Encoding encoding)    bei n.a()
 
Error - 29.09.2010 06:55:29 | Computer Name = TomMorris-PC | Source = Hewlett-Packard | ID = 0
Description = de-DE Die Datei "C:\Program Files (x86)\Hewlett-Packard\HP Support
Framework\Logs\SystemInfoAA.xml" konnte nicht gefunden werden. mscorlib    bei System.IO.__Error.WinIOError(Int32
 errorCode, String maybeFullPath)    bei System.IO.FileStream.Init(String path, FileMode
 mode, FileAccess access, Int32 rights, Boolean useRights, FileShare share, Int32
 bufferSize, FileOptions options, SECURITY_ATTRIBUTES secAttrs, String msgPath,
Boolean bFromProxy)    bei System.IO.FileStream..ctor(String path, FileMode mode,
 FileAccess access, FileShare share, Int32 bufferSize, FileOptions options, String
 msgPath, Boolean bFromProxy)    bei System.IO.FileStream..ctor(String path, FileMode
 mode, FileAccess access, FileShare share, Int32 bufferSize, FileOptions options)

  bei System.IO.StreamReader..ctor(String path, Encoding encoding, Boolean detectEncodingFromByteOrderMarks,
 Int32 bufferSize)    bei System.IO.StreamReader..ctor(String path, Encoding encoding)

  bei System.IO.File.ReadAllText(String path, Encoding encoding)    bei n.a()
 
[ HP Wireless Assistant Events ]
Error - 10.11.2010 06:10:18 | Computer Name = TomMorris-PC | Source = HP WA Service | ID = 0
Description = Unable to access panel brightness tables.
 
Error - 10.11.2010 07:49:36 | Computer Name = TomMorris-PC | Source = HP WA Service | ID = 0
Description = GetPanelBrightnessTables() failed : e_BIOS_INVALID_COMMAND_TYPE
 
Error - 10.11.2010 07:49:36 | Computer Name = TomMorris-PC | Source = HP WA Service | ID = 0
Description = Unable to access panel brightness tables.
 
Error - 10.11.2010 18:23:07 | Computer Name = TomMorris-PC | Source = HP WA Service | ID = 0
Description = GetPanelBrightnessTables() failed : e_BIOS_INVALID_COMMAND_TYPE
 
Error - 11.11.2010 12:29:41 | Computer Name = TomMorris-PC | Source = HP WA Service | ID = 0
Description = GetPanelBrightnessTables() failed : e_BIOS_INVALID_COMMAND_TYPE
 
Error - 11.11.2010 12:29:41 | Computer Name = TomMorris-PC | Source = HP WA Service | ID = 0
Description = Unable to access panel brightness tables.
 
Error - 11.11.2010 17:29:39 | Computer Name = TomMorris-PC | Source = HP WA Service | ID = 0
Description = GetPanelBrightnessTables() failed : e_BIOS_INVALID_COMMAND_TYPE
 
Error - 11.11.2010 17:29:39 | Computer Name = TomMorris-PC | Source = HP WA Service | ID = 0
Description = Unable to access panel brightness tables.
 
Error - 11.11.2010 18:57:36 | Computer Name = TomMorris-PC | Source = HP WA Service | ID = 0
Description = GetPanelBrightnessTables() failed : e_BIOS_INVALID_COMMAND_TYPE
 
Error - 11.11.2010 19:50:52 | Computer Name = TomMorris-PC | Source = HP WA Service | ID = 0
Description = GetPanelBrightnessTables() failed : e_BIOS_INVALID_COMMAND_TYPE
 
[ Media Center Events ]
Error - 25.08.2010 04:01:36 | Computer Name = TomMorris-PC | Source = MCUpdate | ID = 0
Description = 10:01:36 - Fehler beim Herstellen der Internetverbindung.  10:01:36
-    Serververbindung konnte nicht hergestellt werden.. 
 
Error - 25.08.2010 04:01:46 | Computer Name = TomMorris-PC | Source = MCUpdate | ID = 0
Description = 10:01:41 - Fehler beim Herstellen der Internetverbindung.  10:01:41
-    Serververbindung konnte nicht hergestellt werden.. 
 
Error - 30.08.2010 04:56:52 | Computer Name = TomMorris-PC | Source = MCUpdate | ID = 0
Description = 10:56:52 - Fehler beim Herstellen der Internetverbindung.  10:56:52
-    Serververbindung konnte nicht hergestellt werden.. 
 
Error - 30.08.2010 04:56:59 | Computer Name = TomMorris-PC | Source = MCUpdate | ID = 0
Description = 10:56:57 - Fehler beim Herstellen der Internetverbindung.  10:56:57
-    Serververbindung konnte nicht hergestellt werden.. 
 
Error - 25.09.2010 14:55:37 | Computer Name = TomMorris-PC | Source = MCUpdate | ID = 0
Description = 20:55:37 - Fehler beim Herstellen der Internetverbindung.  20:55:37
-    Serververbindung konnte nicht hergestellt werden.. 
 
Error - 25.09.2010 14:55:47 | Computer Name = TomMorris-PC | Source = MCUpdate | ID = 0
Description = 20:55:42 - Fehler beim Herstellen der Internetverbindung.  20:55:42
-    Serververbindung konnte nicht hergestellt werden.. 
 
Error - 25.09.2010 15:55:52 | Computer Name = TomMorris-PC | Source = MCUpdate | ID = 0
Description = 21:55:52 - Fehler beim Herstellen der Internetverbindung.  21:55:52
-    Serververbindung konnte nicht hergestellt werden.. 
 
Error - 25.09.2010 15:55:58 | Computer Name = TomMorris-PC | Source = MCUpdate | ID = 0
Description = 21:55:57 - Fehler beim Herstellen der Internetverbindung.  21:55:57
-    Serververbindung konnte nicht hergestellt werden.. 
 
Error - 26.09.2010 02:35:55 | Computer Name = TomMorris-PC | Source = MCUpdate | ID = 0
Description = 08:35:55 - Fehler beim Herstellen der Internetverbindung.  08:35:55
-    Serververbindung konnte nicht hergestellt werden.. 
 
Error - 26.09.2010 02:36:00 | Computer Name = TomMorris-PC | Source = MCUpdate | ID = 0
Description = 08:36:00 - Fehler beim Herstellen der Internetverbindung.  08:36:00
-    Serververbindung konnte nicht hergestellt werden.. 
 
[ System Events ]
Error - 14.10.2010 10:28:49 | Computer Name = TomMorris-PC | Source = cdrom | ID = 262155
Description = Der Treiber hat einen Controllerfehler auf \Device\CdRom0 gefunden.
 
Error - 14.10.2010 10:28:58 | Computer Name = TomMorris-PC | Source = cdrom | ID = 262155
Description = Der Treiber hat einen Controllerfehler auf \Device\CdRom0 gefunden.
 
Error - 14.10.2010 10:29:06 | Computer Name = TomMorris-PC | Source = cdrom | ID = 262155
Description = Der Treiber hat einen Controllerfehler auf \Device\CdRom0 gefunden.
 
Error - 14.10.2010 10:29:15 | Computer Name = TomMorris-PC | Source = cdrom | ID = 262155
Description = Der Treiber hat einen Controllerfehler auf \Device\CdRom0 gefunden.
 
Error - 14.10.2010 10:29:23 | Computer Name = TomMorris-PC | Source = cdrom | ID = 262155
Description = Der Treiber hat einen Controllerfehler auf \Device\CdRom0 gefunden.
 
Error - 14.10.2010 10:29:32 | Computer Name = TomMorris-PC | Source = cdrom | ID = 262155
Description = Der Treiber hat einen Controllerfehler auf \Device\CdRom0 gefunden.
 
Error - 14.10.2010 10:29:40 | Computer Name = TomMorris-PC | Source = cdrom | ID = 262151
Description = Fehlerhafter Block bei Gerät \Device\CdRom0.
 
Error - 24.10.2010 21:07:15 | Computer Name = TomMorris-PC | Source = DCOM | ID = 10001
Description =
 
Error - 27.10.2010 13:05:07 | Computer Name = TomMorris-PC | Source = DCOM | ID = 10010
Description =
 
Error - 27.10.2010 13:05:07 | Computer Name = TomMorris-PC | Source = Microsoft-Windows-WindowsUpdateClient | ID = 20
Description = Installationsfehler: Die Installation des folgenden Updates ist mit
 Fehler 0x80080005 fehlgeschlagen: Update für Windows 7 für x64-basierte Systeme
 (KB2388210)
 
 
< End of report >
--- --- ---

kira 12.11.2010 08:12
Hallo und Herzlich Willkommen! :)

Bevor wir unsere Zusammenarbeit beginnen, [Bitte Vollständig lesen]:
Zitat:
  • "Fernbehandlungen/Fernhilfe" und die damit verbundenen Haftungsrisken:
    - da die Fehlerprüfung und Handlung werden über große Entfernungen durchgeführt, besteht keine Haftung unsererseits für die daraus entstehenden Folgen.
    - also, jede Haftung für die daraus entstandene Schäden wird ausgeschlossen, ANWEISUNGEN UND DEREN BEFOLGUNG, ERFOLGT AUF DEINE EIGENE VERANTWORTUNG!
  • Charakteristische Merkmale/Profilinformationen:
    - aus der verwendeten Loglisten oder Logdateien - wie z.B. deinen Realnamen, Seriennummer in Programm etc)- kannst Du herauslöschen oder durch [X] ersetzen
  • Die Systemprüfung und Bereinigung:
    - kann einige Zeit in Anspruch nehmen (je nach Art der Infektion), kann aber sogar so stark kompromittiert sein, so dass eine wirkungsvolle technische Säuberung ist nicht mehr möglich bzw Du es neu installieren musst
  • Innerhalb der Betreuungszeit:
    - ohne Abspräche bitte nicht auf eigene Faust handeln!- bei Problemen nachfragen.
  • Die Reihenfolge:
    - genau so wie beschrieben bitte einhalten, nicht selbst die Reihenfolge wählen!
  • Ansonsten unsere Forumsregeln:
    - Bitte erst lesen, dann posten!-> Für alle Hilfesuchenden! Was muss ich vor der Eröffnung eines Themas beachten?
  • Alle Logfile mit einem vB Code Tag eingefügen, das bietet hier eine gute Übersicht, erleichtert mir die Arbeit! Falls das Logfile zu groß, teile es in mehrere Teile auf.

Sobald Du diesen Einführungstext gelesen hast, kannst Du beginnen:)
1.
- Lade dir Random's System Information Tool (RSIT) von random/random herunter
- an einen Ort deiner Wahl und führe die rsit.exe aus
- wird "Hijackthis" auch von Rsit installiert und ausgeführt
- RSIT erstellt 2 Logfiles (C:\rsit\log.txt und C:\rsit\info.txt) mit erweiterten Infos von deinem System - diese beide bitte komplett hier posten
**Kannst Du das Log in Textdatei speichern und hier anhängen (auf "Erweitert" klicken)

2.
Bitte Versteckte - und Systemdateien sichtbar machen den Link hier anklicken:
System-Dateien und -Ordner unter XP und Vista sichtbar machen
Am Ende unserer Arbeit, kannst wieder rückgängig machen!

3.
→ Lade Dir HJTscanlist.zip herunter
→ entpacke die Datei auf deinem Desktop
→ Bei WindowsXP Home musst vor dem Scan zusätzlich tasklist.zip installieren
→ per Doppelklick starten
→ Wähle dein Betriebsystem aus - bei Win7 wähle Vista
→ Wenn Du gefragt wirst, die Option "Einstellung" (1) - scanlist" wählen
→ Nach kurzer Zeit sollte sich Dein Editor öffnen und die Datei hjtscanlist.txt präsentieren
→ Bitte kopiere den Inhalt hier in Deinen Thread.
Falls es klappt auf einmal nicht, kannst den Text in mehrere Teile teilen und so posten

4.
Ich würde gerne noch all deine installierten Programme sehen:
Lade dir das Tool "Ccleaner" herunter
→ "Download"→ " Download from FileHippo.com"
installieren (Software-Lizenzvereinbarung lesen, falls angeboten wird "Füge CCleaner Yahoo! Toolbar hinzu" abwählen)→ starten→ falls nötig - unter Options settings-> "german" einstellen
dann klick auf "Extra (um die installierten Programme auch anzuzeigen)→ weiter auf "Als Textdatei speichern..."
wird eine Textdatei (*.txt) erstellt, kopiere dazu den Inhalt und füge ihn da ein

5.
Rechtsklick auf den AntiVir-Schirm in der Taskleiste => AntiVir starten => Übersicht => Ereignisse
jeden Fund markieren => Rechtsklick auf Funde => Ereignis(se) exportieren
und als Ereignisse.txt auf dem Desktop speichern und den Inhalt hier posten.
Zitat:
Damit dein Thread übersichtlicher und schön lesbar bleibt, am besten nutze den Code-Tags für deinen Post:
→ vor dein Log schreibst Du (also am Anfang des Logfiles):[code]
hier kommt dein Logfile rein - z.B hjtsanlist o. sonstiges
→ dahinter - also am Ende der Logdatei: [/code]
gruß
Coverflow

Maschi 12.11.2010 12:11
Hallo,

danke für die schnelle Antwort :Boogie:

Okay, hab alles gemacht, hier die Logfiles:

Gruß, Thomas


Code:
logfile of random's system information tool 1.08 2010-11-12 11:57:59

======Uninstall list======

-->"C:\Program Files (x86)\InstallShield Installation Information\{44B2A0AB-412E-4F8C-B058-D1E8AECCDFF5}\setup.exe" /z-uninstall
Acrobat.com-->MsiExec.exe /X{287ECFA4-719A-2143-A09B-D6A12DE54E40}
ActiveCheck component for HP Active Support Library-->MsiExec.exe /X{254C37AA-6B72-4300-84F6-98A82419187E}
Adobe AIR-->c:\Program Files (x86)\Common Files\Adobe AIR\Versions\1.0\Resources\Adobe AIR Updater.exe -arp:uninstall
Adobe AIR-->MsiExec.exe /I{A2BCA9F1-566C-4805-97D1-7FDC93386723}
Adobe Flash Player 10 Plugin-->C:\Windows\SysWOW64\Macromed\Flash\FlashUtil10i_Plugin.exe -maintain plugin
Adobe Reader 9.4.0 MUI-->MsiExec.exe /I{AC76BA86-7AD7-FFFF-7B44-A91000000001}
Adobe Shockwave Player-->MsiExec.exe /X{D8DFA46A-39F7-4368-810D-18AFCFDDAEAF}
AMD USB Filter Driver-->MsiExec.exe /X{987B04C4-B5AC-4AD6-A7E9-8D681085B850}
Audacity 1.2.6-->"C:\Program Files (x86)\Audacity\unins000.exe"
Avira AntiVir Personal - Free Antivirus-->C:\Program Files (x86)\Avira\AntiVir Desktop\setup.exe /REMOVE
Call of Duty(R) 4 - Modern Warfare(TM) 1.6 Patch-->C:\Program Files (x86)\InstallShield Installation Information\{8A15B7D9-908A-4EF9-BA84-5AEDE61743EE}\setup.exe -runfromtemp -l0x0409
Call of Duty(R) 4 - Modern Warfare(TM) 1.7 Patch-->C:\Program Files (x86)\InstallShield Installation Information\{931C37FC-594D-43A9-B10F-A2F2B1F03498}\setup.exe -runfromtemp -l0x0409
Call of Duty(R) 4 - Modern Warfare(TM)-->C:\Program Files (x86)\InstallShield Installation Information\{E48469CC-635E-4FD5-A122-1497C286D217}\setup.exe -runfromtemp -l0x0407
Catalyst Control Center - Branding-->MsiExec.exe /I{60FA1132-0486-41F9-B747-6D308C284D1C}
CyberLink DVD Suite-->"C:\Program Files (x86)\InstallShield Installation Information\{1FBF6C24-C1FD-4101-A42B-0C564F9E8E79}\Setup.exe" /z-uninstall
CyberLink DVD Suite-->"C:\Program Files (x86)\InstallShield Installation Information\{1FBF6C24-C1FD-4101-A42B-0C564F9E8E79}\Setup.exe" /z-uninstall
CyberLink PowerDVD 9-->"C:\Program Files (x86)\InstallShield Installation Information\{A8516AC9-AAF1-47F9-9766-03E2D4CDBCF8}\setup.exe" /z-uninstall
CyberLink PowerDVD 9-->"C:\Program Files (x86)\InstallShield Installation Information\{A8516AC9-AAF1-47F9-9766-03E2D4CDBCF8}\setup.exe" /z-uninstall
CyberLink YouCam-->"C:\Program Files (x86)\InstallShield Installation Information\{01FB4998-33C4-4431-85ED-079E3EEFE75D}\setup.exe" /z-uninstall
CyberLink YouCam-->"C:\Program Files (x86)\InstallShield Installation Information\{01FB4998-33C4-4431-85ED-079E3EEFE75D}\setup.exe" /z-uninstall
DivX-Setup-->C:\ProgramData\DivX\Setup\DivXSetup.exe /uninstall /bundleGroupId divx.com
ESU for Microsoft Windows 7-->MsiExec.exe /I{3877C901-7B90-4727-A639-B6ED2DD59D43}
Free Music Zilla-->"C:\Program Files (x86)\Free Music Zilla\unins000.exe"
HijackThis 2.0.2-->"C:\Program Files (x86)\Trend Micro\HijackThis\HijackThis.exe" /uninstall
HP Advisor-->MsiExec.exe /X{40FB8D7C-6FF8-4AF2-BC8B-0B1DB32AF04B}
HP Customer Experience Enhancements-->MsiExec.exe /X{07FA4960-B038-49EB-891B-9F95930AA544}
HP Power Plan Utility-->MsiExec.exe /I{F6B6A150-08FA-46D5-808A-EB638269551D}
HP Setup-->RunDll32 C:\PROGRA~2\COMMON~1\INSTAL~1\PROFES~1\RunTime\11\00\Intel32\Ctor.dll,LaunchSetup "C:\Program Files (x86)\InstallShield Installation Information\{E2831862-F131-4327-B9CC-FA30F587EB6C}\setup.exe" -l0x9  -removeonly
HP Software Framework-->MsiExec.exe /X{E8E660DD-3CF7-4143-B7BF-D44E9ACF2DC1}
HP Support Assistant-->"C:\Program Files (x86)\InstallShield Installation Information\{B60DCA15-56A3-4D2D-8747-22CF7D7B588B}\setup.exe" -runfromtemp -l0x0409 -removeonly
HP Update-->MsiExec.exe /X{D46D081B-F60E-467E-A7C4-117B70D76731}
HP User Guides 0211-->MsiExec.exe /X{F37935A0-AFC8-47F9-8B7D-D09E88FCA0B8}
HPAsset component for HP Active Support Library-->MsiExec.exe /X{669D4A35-146B-4314-89F1-1AC3D7B88367}
Java(TM) 6 Update 22-->MsiExec.exe /X{26A24AE4-039D-4CA4-87B4-2F83216021FF}
JDownloader-->C:\Program Files (x86)\JDownloader\uninstall.exe
LabelPrint-->"C:\Program Files (x86)\InstallShield Installation Information\{C59C179C-668D-49A9-B6EA-0121CCFC1243}\Setup.exe" /z-uninstall
LabelPrint-->"C:\Program Files (x86)\InstallShield Installation Information\{C59C179C-668D-49A9-B6EA-0121CCFC1243}\Setup.exe" /z-uninstall
LightScribe System Software-->MsiExec.exe /X{6AFDE3BE-BC01-45A4-9D06-BBF5AD207313}
Live 8.0.3-->C:\PROGRA~2\Ableton\LIVE80~1.3\Install\UNWISE.EXE C:\PROGRA~2\Ableton\LIVE80~1.3\Install\INSTALL.LOG
Malwarebytes' Anti-Malware-->"C:\Program Files (x86)\Malwarebytes' Anti-Malware\unins000.exe"
Microsoft Default Manager-->MsiExec.exe /X{61BEA823-ECAF-49F1-8378-A59B3B8AD247}
Microsoft Search Enhancement Pack-->MsiExec.exe /X{338DAD71-9CE7-4D63-B729-7E91C07A4D7D}
Microsoft Silverlight-->MsiExec.exe /X{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}
Microsoft Visual C++ 2005 Redistributable-->MsiExec.exe /X{7299052b-02a4-4627-81f2-1818da5d550d}
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17-->MsiExec.exe /X{9A25302D-30C0-39D9-BD6F-21E6EC160475}
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148-->MsiExec.exe /X{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}
Mozilla Firefox (3.6.8)-->C:\Program Files (x86)\Mozilla Firefox\uninstall\helper.exe
MSN Toolbar Platform-->MsiExec.exe /I{4123BE4D-C65C-467E-8071-232FB1FBF3B8}
PhotoNow!-->"C:\Program Files (x86)\InstallShield Installation Information\{D36DD326-7280-11D8-97C8-000129760CBE}\Setup.exe" /z-uninstall
PhotoNow!-->"C:\Program Files (x86)\InstallShield Installation Information\{D36DD326-7280-11D8-97C8-000129760CBE}\Setup.exe" /z-uninstall
Power2Go-->"C:\Program Files (x86)\InstallShield Installation Information\{40BF1E83-20EB-11D8-97C5-0009C5020658}\Setup.exe" /z-uninstall
Power2Go-->"C:\Program Files (x86)\InstallShield Installation Information\{40BF1E83-20EB-11D8-97C5-0009C5020658}\Setup.exe" /z-uninstall
PowerDirector-->"C:\Program Files (x86)\InstallShield Installation Information\{CB099890-1D5F-11D5-9EA9-0050BAE317E1}\Setup.exe" /z-uninstall
PowerDirector-->"C:\Program Files (x86)\InstallShield Installation Information\{CB099890-1D5F-11D5-9EA9-0050BAE317E1}\Setup.exe" /z-uninstall
Realtek Ethernet Controller Driver For Windows 7-->C:\Program Files (x86)\InstallShield Installation Information\{8833FFB6-5B0C-4764-81AA-06DFEED9A476}\setup.exe -runfromtemp -removeonly
Realtek High Definition Audio Driver-->RunDll32 C:\PROGRA~2\COMMON~1\INSTAL~1\PROFES~1\RunTime\11\50\Intel32\Ctor.dll,LaunchSetup "C:\Program Files (x86)\InstallShield Installation Information\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}\Setup.exe"  -removeonly
Realtek USB 2.0 Card Reader-->"C:\Program Files (x86)\InstallShield Installation Information\{96AE7E41-E34E-47D0-AC07-1091A8127911}\setup.exe" -runfromtemp -l0x0007 -removeonly
Recovery Manager-->"C:\Program Files (x86)\InstallShield Installation Information\{44B2A0AB-412E-4F8C-B058-D1E8AECCDFF5}\setup.exe" /z-uninstall
Scratch Live 2.1.1 (21122)-->MsiExec.exe /I{6419476A-6230-4646-A2FE-C8860737F2A2}
Skype Toolbars-->MsiExec.exe /I{981029E0-7FC9-4CF3-AB39-6F133621921A}
Skype™ 4.2-->MsiExec.exe /X{D103C4BA-F905-437A-8049-DB24763BBE36}
SUPER © Version 2010.bld.38 (May 2, 2010)-->C:\PROGRA~2\ERIGHT~1\SUPER\Setup.exe /remove /q0
TagScanner 5.1 build 592-->"C:\Program Files (x86)\TagScanner\unins000.exe"
Torq Torq 1.5.2 (Build 009) - 8 July 2009-->"C:\Program Files (x86)\M-Audio\Torq\unins000.exe"
TubeBox!-->MsiExec.exe /I{8DB77BE4-629D-458D-BD68-9F36667C2177}
Uninstall 1.0.0.1-->"C:\Program Files (x86)\Common Files\DVDVideoSoft\unins000.exe"
VC80CRTRedist - 8.0.50727.4053-->MsiExec.exe /I{5EE7D259-D137-4438-9A5F-42F432EC0421}
VLC media player 1.1.4-->C:\Program Files (x86)\VideoLAN\VLC\uninstall.exe
Vodafone Mobile Connect Lite-->MsiExec.exe /X{B5761811-28F3-4257-B537-815C5EEF472C}
Windows Media Player Firefox Plugin-->MsiExec.exe /I{69FDFBB6-351D-4B8C-89D8-867DC9D0A2A4}
WinRAR Archivierer-->C:\Program Files (x86)\WinRAR\uninstall.exe

======System event log======

Computer Name: TomMorris-PC
Event Code: 10009
Message: DCOM konnte mit dem Computer "WIN-GRPG2DQ76BN" unter Verwendung eines beliebigen, konfigurierten Protokolls keine Daten austauschen.
Record Number: 2581
Source Name: Microsoft-Windows-DistributedCOM
Time Written: 20100807154512.000000-000
Event Type: Fehler
User:

Computer Name: TomMorris-PC
Event Code: 7036
Message: Dienst "Telefonie" befindet sich jetzt im Status "Ausgeführt".
Record Number: 2580
Source Name: Service Control Manager
Time Written: 20100807154506.027955-000
Event Type: Informationen
User:

Computer Name: TomMorris-PC
Event Code: 10009
Message: DCOM konnte mit dem Computer "WIN-GRPG2DQ76BN" unter Verwendung eines beliebigen, konfigurierten Protokolls keine Daten austauschen.
Record Number: 2579
Source Name: Microsoft-Windows-DistributedCOM
Time Written: 20100807154507.000000-000
Event Type: Fehler
User:

Computer Name: TomMorris-PC
Event Code: 10009
Message: DCOM konnte mit dem Computer "WIN-GRPG2DQ76BN" unter Verwendung eines beliebigen, konfigurierten Protokolls keine Daten austauschen.
Record Number: 2578
Source Name: Microsoft-Windows-DistributedCOM
Time Written: 20100807154500.000000-000
Event Type: Fehler
User:

Computer Name: TomMorris-PC
Event Code: 104
Message: Die Protokolldatei "System" wurde gelöscht.
Record Number: 2577
Source Name: Microsoft-Windows-Eventlog
Time Written: 20100807154500.521145-000
Event Type: Informationen
User: TomMorris-PC\Tom Morris

=====Application event log=====

Computer Name: TomMorris-PC
Event Code: 0
Message:      Requires:C:\Program Files (x86)\Hewlett-Packard\HP Setup
Record Number: 1277
Source Name: HP Total Care Setup Updater
Time Written: 20100807154515.000000-000
Event Type: Informationen
User:

Computer Name: TomMorris-PC
Event Code: 0
Message: Expanded Env:CORESYSTEMPATH
Record Number: 1276
Source Name: HP Total Care Setup Updater
Time Written: 20100807154515.000000-000
Event Type: Informationen
User:

Computer Name: TomMorris-PC
Event Code: 0
Message:      Current:C:\ProgramData\Hewlett-Packard\HP Setup
Record Number: 1275
Source Name: HP Total Care Setup Updater
Time Written: 20100807154515.000000-000
Event Type: Informationen
User:

Computer Name: TomMorris-PC
Event Code: 0
Message:      Requires:C:\ProgramData\Hewlett-Packard\HP Setup
Record Number: 1274
Source Name: HP Total Care Setup Updater
Time Written: 20100807154515.000000-000
Event Type: Informationen
User:

Computer Name: TomMorris-PC
Event Code: 0
Message: Expanded Env:COREALLUSERPATH
Record Number: 1273
Source Name: HP Total Care Setup Updater
Time Written: 20100807154515.000000-000
Event Type: Informationen
User:

=====Security event log=====

Computer Name: TomMorris-PC
Event Code: 4648
Message: Anmeldeversuch mit expliziten Anmeldeinformationen.

Antragsteller:
        Sicherheits-ID:                S-1-5-18
        Kontoname:                WIN-GRPG2DQ76BN$
        Kontodomäne:                WORKGROUP
        Anmelde-ID:                0x3e7
        Anmelde-GUID:                {00000000-0000-0000-0000-000000000000}

Konto, dessen Anmeldeinformationen verwendet wurden:
        Kontoname:                Tom Morris
        Kontodomäne:                TomMorris-PC
        Anmelde-GUID:                {00000000-0000-0000-0000-000000000000}

Zielserver:
        Zielservername:        localhost
        Weitere Informationen:        localhost

Prozessinformationen:
        Prozess-ID:                0x1d8
        Prozessname:                C:\Windows\System32\winlogon.exe

Netzwerkinformationen:
        Netzwerkadresse:        127.0.0.1
        Port:                        0

Dieses Ereignis wird bei einem Anmeldeversuch durch einen Prozess generiert, wenn ausdrücklich die Anmeldeinformationen des Kontos angegeben werden.  Dies ist normalerweise der Fall in Batch-Konfigurationen, z. B. bei geplanten Aufgaben oder wenn der Befehl "runas" verwendet wird.
Record Number: 524
Source Name: Microsoft-Windows-Security-Auditing
Time Written: 20100807155651.470187-000
Event Type: Überwachung erfolgreich
User:

Computer Name: TomMorris-PC
Event Code: 6406
Message: "NORTON FIREWALL PROVIDER" wurde in der Windows-Firewall registriert, um die Filterung nach Folgendem zu steuern:
BootTimeRuleCategory, StealthRuleCategory, FirewallRuleCategory.
Record Number: 523
Source Name: Microsoft-Windows-Security-Auditing
Time Written: 20100807155224.418321-000
Event Type: Überwachung erfolgreich
User:

Computer Name: TomMorris-PC
Event Code: 4905
Message: Es wurde versucht, die Registrierung einer Sicherheitsereignisquelle aufzuheben.

Antragsteller:
        Sicherheits-ID:        S-1-5-18
        Kontoname:        WIN-GRPG2DQ76BN$
        Kontodomäne:        WORKGROUP
        Anmelde-ID:        0x3e7

Prozess:
        Prozess-ID:        0x5fc
        Prozessname:        C:\Windows\System32\VSSVC.exe

Ereignisquelle:
        Quellenname:        VSSAudit
        Ereignisquellen-ID:        0xb1f56
Record Number: 522
Source Name: Microsoft-Windows-Security-Auditing
Time Written: 20100807154505.669154-000
Event Type: Überwachung erfolgreich
User:

Computer Name: TomMorris-PC
Event Code: 4904
Message: Es wurde versucht, eine Sicherheitsereignisquelle zu registrieren.

Antragsteller:
        Sicherheits-ID:        S-1-5-18
        Kontoname:        WIN-GRPG2DQ76BN$
        Kontodomäne:        WORKGROUP
        Anmelde-ID:        0x3e7

Prozess:
        Prozess-ID:        0x5fc
        Prozessname:        C:\Windows\System32\VSSVC.exe

Ereignisquelle:
        Quellenname:        VSSAudit
        Ereignisquellen-ID:        0xb1f56
Record Number: 521
Source Name: Microsoft-Windows-Security-Auditing
Time Written: 20100807154505.669154-000
Event Type: Überwachung erfolgreich
User:

Computer Name: TomMorris-PC
Event Code: 1102
Message: Das Überwachungsprotokoll wurde gelöscht.
Subjekt:
        Sicherheits-ID:        S-1-5-21-1780871363-3919826489-3868904709-1000
        Kontoname:        Tom Morris
        Domänenname:        TomMorris-PC
        Anmelde-ID:        0x6c30f
Record Number: 520
Source Name: Microsoft-Windows-Eventlog
Time Written: 20100807154501.285547-000
Event Type: Überwachung erfolgreich
User:

======Environment variables======

"ComSpec"=%SystemRoot%\system32\cmd.exe
"FP_NO_HOST_CHECK"=NO
"OS"=Windows_NT
"Path"=%SystemRoot%\system32;%SystemRoot%;%SystemRoot%\System32\Wbem;%SYSTEMROOT%\System32\WindowsPowerShell\v1.0\;C:\Program Files\Broadcom\Broadcom 802.11\Driver;C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static
"PATHEXT"=.COM;.EXE;.BAT;.CMD;.VBS;.VBE;.JS;.JSE;.WSF;.WSH;.MSC
"PROCESSOR_ARCHITECTURE"=AMD64
"TEMP"=%SystemRoot%\TEMP
"TMP"=%SystemRoot%\TEMP
"USERNAME"=SYSTEM
"windir"=%SystemRoot%
"PSModulePath"=%SystemRoot%\system32\WindowsPowerShell\v1.0\Modules\
"NUMBER_OF_PROCESSORS"=2
"PROCESSOR_LEVEL"=16
"PROCESSOR_IDENTIFIER"=AMD64 Family 16 Model 6 Stepping 3, AuthenticAMD
"PROCESSOR_REVISION"=0603
"OnlineServices"=Online Services
"Platform"=MCD
"PCBRAND"=Pavilion

-----------------EOF-----------------
--- --- ---


RSIT Logfile:
Code:
Logfile of random's system information tool 1.08 (written by random/random)
Run by Tom Morris at 2010-11-12 11:57:58
Microsoft Windows 7 Home Premium 
System drive C: has 172 GB (37%) free of 462 GB
Total RAM: 4091 MB (71% free)

HijackThis download failed

======Scheduled tasks folder======

C:\Windows\tasks\HPCeeScheduleForTom Morris.job
C:\Windows\tasks\Install_NSS.job

======Registry dump======

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{18DF081C-E8AD-4283-A596-FA578C2EBDC3}]
Adobe PDF Link Helper - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll [2010-09-23 75200]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{6EBF7485-159F-4bff-A14F-B9E3AAC4465B}]
Search Helper - C:\Program Files (x86)\Microsoft\Search Enhancement Pack\Search Helper\SEPsearchhelperie.dll [2009-11-19 138624]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{AE805869-2E5C-4ED4-8F7B-F1F7851A4497}]
Skype add-on for Internet Explorer - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll [2010-02-08 804136]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{d2ce3e00-f94a-4740-988e-03dc2f38c34f}]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{DBC80044-A445-435b-BC74-9C25C1C588A9}]
Java(tm) Plug-In 2 SSV Helper - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll [2010-09-15 41760]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
{8dcb7100-df86-4384-8842-8fa844297b3f}

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
"StartCCC"=C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe [2010-03-29 98304]
"Microsoft Default Manager"=C:\Program Files (x86)\Microsoft\Search Enhancement Pack\Default Manager\DefMgr.exe [2009-07-17 288080]
"Adobe ARM"=C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [2010-09-21 932288]
"Adobe Reader Speed Launcher"=C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe [2010-09-23 35760]
"HP Software Update"=C:\Program Files (x86)\Hp\HP Software Update\HPWuSchd2.exe [2008-12-08 54576]
""= []
"DivXUpdate"=C:\Program Files (x86)\DivX\DivX Update\DivXUpdate.exe [2010-09-01 1164584]
"avgnt"=C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe [2010-11-02 281768]
"SunJavaUpdateSched"=C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [2010-05-14 248552]

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
"LightScribe Control Panel"=C:\Program Files (x86)\Common Files\LightScribe\LightScribeControlPanel.exe [2010-02-22 2363392]
"ISUSPM"=C:\ProgramData\Macrovision\FLEXnet Connect\6\ISUSPM.exe [2007-03-29 222128]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad]
WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED}

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\securityproviders]
"SecurityProviders"=credssp.dll

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\!SASCORE]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\!SASCORE]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\AFD]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System]
"ConsentPromptBehaviorAdmin"=5
"ConsentPromptBehaviorUser"=3
"EnableUIADesktopToggle"=0
"dontdisplaylastusername"=0
"legalnoticecaption"=
"legalnoticetext"=
"shutdownwithoutlogon"=1
"undockwithoutlogon"=1

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"NoActiveDesktop"=1
"NoActiveDesktopChanges"=1
"ForceActiveDesktopOn"=0
"EnableShellExecuteHooks"=1

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]
"C:\Program Files (x86)\Free Music Zilla\FMZilla.exe"="C:\Program Files (x86)\Free Music Zilla\FMZilla.exe:*:Enabled:FMZilla"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]

======File associations======

.js - edit - C:\Windows\System32\Notepad.exe %1
.js - open - C:\Windows\System32\WScript.exe "%1" %*

======List of files/folders created in the last 1 months======

2010-11-12 11:57:58 ----D---- C:\rsit
2010-11-12 03:13:58 ----D---- C:\Program Files (x86)\Trend Micro
2010-11-12 01:17:19 ----D---- C:\ProgramData\SUPERAntiSpyware.com
2010-11-12 01:17:14 ----D---- C:\ProgramData\!SASCORE
2010-11-11 03:53:49 ----D---- C:\Program Files (x86)\Synth1
2010-11-11 03:47:54 ----D---- C:\Windows\Sun
2010-11-11 00:48:33 ----D---- C:\Users\Tom Morris\AppData\Roaming\Malwarebytes
2010-11-11 00:48:27 ----A---- C:\Windows\SysWOW64\drivers\mbamswissarmy.sys
2010-11-11 00:48:25 ----D---- C:\ProgramData\Malwarebytes
2010-11-11 00:48:25 ----D---- C:\Program Files (x86)\Malwarebytes' Anti-Malware
2010-11-07 16:01:19 ----A---- C:\Windows\SysWOW64\javaws.exe
2010-11-07 16:01:19 ----A---- C:\Windows\SysWOW64\javaw.exe
2010-11-07 16:01:19 ----A---- C:\Windows\SysWOW64\java.exe
2010-10-31 06:34:08 ----D---- C:\Program Files (x86)\Ableton Plugins
2010-10-28 16:06:45 ----D---- C:\Users\Tom Morris\AppData\Roaming\FMZilla
2010-10-28 16:06:37 ----D---- C:\Program Files (x86)\Free Music Zilla
2010-10-27 09:53:56 ----A---- C:\Windows\SysWOW64\CPFilters.dll
2010-10-25 22:26:58 ----A---- C:\Windows\SysWOW64\XAudio2_1.dll
2010-10-25 22:26:58 ----A---- C:\Windows\SysWOW64\XAPOFX1_0.dll
2010-10-25 22:26:57 ----A---- C:\Windows\SysWOW64\xactengine3_1.dll
2010-10-25 22:26:57 ----A---- C:\Windows\SysWOW64\X3DAudio1_4.dll
2010-10-25 22:26:57 ----A---- C:\Windows\SysWOW64\D3DX9_38.dll
2010-10-25 22:26:57 ----A---- C:\Windows\SysWOW64\d3dx10_38.dll
2010-10-25 22:26:57 ----A---- C:\Windows\SysWOW64\D3DCompiler_38.dll
2010-10-25 22:26:56 ----A---- C:\Windows\SysWOW64\XAudio2_0.dll
2010-10-25 22:26:56 ----A---- C:\Windows\SysWOW64\xactengine3_0.dll
2010-10-25 22:26:56 ----A---- C:\Windows\SysWOW64\X3DAudio1_3.dll
2010-10-25 22:26:56 ----A---- C:\Windows\SysWOW64\d3dx10_37.dll
2010-10-25 22:26:56 ----A---- C:\Windows\SysWOW64\D3DCompiler_37.dll
2010-10-25 22:26:55 ----A---- C:\Windows\SysWOW64\xactengine2_10.dll
2010-10-25 22:26:55 ----A---- C:\Windows\SysWOW64\D3DX9_37.dll
2010-10-25 22:26:55 ----A---- C:\Windows\SysWOW64\d3dx10_36.dll
2010-10-25 22:26:55 ----A---- C:\Windows\SysWOW64\D3DCompiler_36.dll
2010-10-25 22:26:54 ----A---- C:\Windows\SysWOW64\xactengine2_9.dll
2010-10-25 22:26:54 ----A---- C:\Windows\SysWOW64\d3dx9_36.dll
2010-10-25 22:26:54 ----A---- C:\Windows\SysWOW64\d3dx10_35.dll
2010-10-25 22:26:54 ----A---- C:\Windows\SysWOW64\D3DCompiler_35.dll
2010-10-25 22:26:53 ----A---- C:\Windows\SysWOW64\xactengine2_8.dll
2010-10-25 22:26:53 ----A---- C:\Windows\SysWOW64\X3DAudio1_2.dll
2010-10-25 22:26:53 ----A---- C:\Windows\SysWOW64\d3dx9_35.dll
2010-10-25 02:08:22 ----D---- C:\Program Files (x86)\Serato
2010-10-14 02:08:55 ----A---- C:\Windows\SysWOW64\mshtml.dll
2010-10-14 02:08:55 ----A---- C:\Windows\SysWOW64\iertutil.dll
2010-10-14 02:08:54 ----A---- C:\Windows\SysWOW64\urlmon.dll
2010-10-14 02:08:54 ----A---- C:\Windows\SysWOW64\msfeeds.dll
2010-10-14 02:08:54 ----A---- C:\Windows\SysWOW64\licmgr10.dll
2010-10-14 02:08:54 ----A---- C:\Windows\SysWOW64\ieframe.dll
2010-10-14 02:08:53 ----A---- C:\Windows\SysWOW64\wininet.dll
2010-10-14 02:08:53 ----A---- C:\Windows\SysWOW64\mstime.dll
2010-10-14 02:08:53 ----A---- C:\Windows\SysWOW64\mshtmled.dll
2010-10-14 02:08:53 ----A---- C:\Windows\SysWOW64\msfeedssync.exe
2010-10-14 02:08:53 ----A---- C:\Windows\SysWOW64\msfeedsbs.dll
2010-10-14 02:08:53 ----A---- C:\Windows\SysWOW64\jsproxy.dll
2010-10-14 02:08:53 ----A---- C:\Windows\SysWOW64\ieui.dll
2010-10-14 02:08:53 ----A---- C:\Windows\SysWOW64\iepeers.dll
2010-10-14 02:08:53 ----A---- C:\Windows\SysWOW64\iedkcs32.dll
2010-10-14 02:08:36 ----A---- C:\Windows\SysWOW64\wmp.dll
2010-10-14 02:08:35 ----A---- C:\Windows\SysWOW64\wmploc.DLL
2010-10-14 02:07:34 ----A---- C:\Windows\SysWOW64\mfc40.dll
2010-10-14 02:07:33 ----A---- C:\Windows\SysWOW64\mfc40u.dll
2010-10-14 02:00:32 ----A---- C:\Windows\SysWOW64\ole32.dll
2010-10-14 02:00:05 ----A---- C:\Windows\SysWOW64\wmpmde.dll
2010-10-14 01:33:52 ----A---- C:\Windows\SysWOW64\comctl32.dll
2010-10-14 01:19:58 ----A---- C:\Windows\SysWOW64\sscore.dll
2010-10-14 01:13:19 ----A---- C:\Windows\SysWOW64\t2embed.dll
2010-10-14 01:12:46 ----A---- C:\Windows\SysWOW64\StructuredQuery.dll
2010-10-14 01:12:38 ----A---- C:\Windows\SysWOW64\schannel.dll

======List of files/folders modified in the last 1 months======

2010-11-12 11:57:56 ----D---- C:\Windows\Temp
2010-11-12 11:49:38 ----D---- C:\Windows\System32
2010-11-12 11:49:38 ----D---- C:\Windows\inf
2010-11-12 11:45:28 ----D---- C:\Windows
2010-11-12 03:13:58 ----D---- C:\Program Files (x86)
2010-11-12 02:57:51 ----SHD---- C:\Windows\Installer
2010-11-12 02:57:51 ----D---- C:\Program Files (x86)\Activision
2010-11-12 02:57:31 ----SHD---- C:\System Volume Information
2010-11-12 02:56:10 ----RD---- C:\Program Files
2010-11-12 01:17:19 ----D---- C:\ProgramData
2010-11-12 01:05:18 ----D---- C:\Windows\debug
2010-11-12 00:47:26 ----D---- C:\Windows\Tasks
2010-11-12 00:01:48 ----D---- C:\Windows\SysWOW64
2010-11-11 23:45:48 ----D---- C:\Users\Tom Morris\AppData\Roaming\Ableton
2010-11-11 14:59:59 ----D---- C:\Program Files (x86)\JDownloader
2010-11-11 08:56:27 ----D---- C:\Windows\Prefetch
2010-11-11 02:29:44 ----D---- C:\Program Files (x86)\Ableton
2010-11-11 00:48:27 ----D---- C:\Windows\SysWOW64\drivers
2010-11-07 16:01:05 ----D---- C:\Program Files (x86)\Java
2010-10-31 04:50:18 ----D---- C:\Users\Tom Morris\AppData\Roaming\dvdcss
2010-10-29 22:43:47 ----D---- C:\Windows\rescache
2010-10-28 15:53:13 ----D---- C:\Users\Tom Morris\AppData\Roaming\Orbit
2010-10-28 02:00:46 ----D---- C:\Windows\winsxs
2010-10-28 02:00:40 ----D---- C:\Windows\AppPatch
2010-10-28 00:32:40 ----D---- C:\Windows\Microsoft.NET
2010-10-28 00:32:19 ----RSD---- C:\Windows\assembly
2010-10-27 18:05:26 ----D---- C:\Windows\ehome
2010-10-25 22:25:16 ----D---- C:\Windows\Logs
2010-10-25 22:25:11 ----HD---- C:\Program Files (x86)\InstallShield Installation Information
2010-10-25 02:07:14 ----D---- C:\Windows\Downloaded Installations
2010-10-15 02:18:30 ----D---- C:\Windows\SysWOW64\migration
2010-10-15 02:18:30 ----D---- C:\Program Files (x86)\Internet Explorer
2010-10-15 02:18:29 ----D---- C:\Program Files (x86)\Windows Media Player

======List of drivers (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R0 AtiPcie;AMD PCI Express (3GIO) Filter; C:\Windows\system32\DRIVERS\AtiPcie.sys []
R0 rdyboost;ReadyBoost; C:\Windows\System32\drivers\rdyboost.sys []
R1 avipbb;avipbb; C:\Windows\system32\DRIVERS\avipbb.sys []
R1 vwififlt;Virtual WiFi Filter Driver; C:\Windows\system32\DRIVERS\vwififlt.sys []
R2 avgntflt;avgntflt; C:\Windows\system32\DRIVERS\avgntflt.sys []
R3 amdkmdag;amdkmdag; C:\Windows\system32\DRIVERS\atipmdag.sys []
R3 amdkmdap;amdkmdap; C:\Windows\system32\DRIVERS\atikmpag.sys []
R3 AtiHdmiService;ATI Function Driver for High Definition Audio Service; C:\Windows\system32\drivers\AtiHdmi.sys []
R3 BCM43XX;Treiber für Broadcom 802.11-Netzwerkadapter; C:\Windows\system32\DRIVERS\bcmwl664.sys []
R3 IntcAzAudAddService;Service for Realtek HD Audio (WDM); C:\Windows\system32\drivers\RTKVHD64.sys []
R3 RTL8167;Realtek 8167 NT Driver; C:\Windows\system32\DRIVERS\Rt64win7.sys []
R3 SynTP;Synaptics TouchPad Driver; C:\Windows\system32\DRIVERS\SynTP.sys []
R3 usbfilter;AMD USB Filter Driver; C:\Windows\system32\DRIVERS\usbfilter.sys []
R3 vwifimp;Microsoft Virtual WiFi Miniport Service; C:\Windows\system32\DRIVERS\vwifimp.sys []
S3 BthEnum;Bluetooth-Auflistungsdienst; C:\Windows\system32\DRIVERS\BthEnum.sys []
S3 BthPan;Bluetooth-Gerät (PAN); C:\Windows\system32\DRIVERS\bthpan.sys []
S3 BTHPORT;Bluetooth-Porttreiber; C:\Windows\System32\Drivers\BTHport.sys []
S3 BTHUSB;USB-Treiber für Bluetooth-Funkgerät; C:\Windows\System32\Drivers\BTHUSB.sys []
S3 hwdatacard;Huawei DataCard USB Modem and USB Serial; C:\Windows\system32\DRIVERS\ewusbmdm.sys []
S3 igfx;igfx; C:\Windows\system32\DRIVERS\igdkmd64.sys []
S3 MADFUCONECTIV;Service for M-Audio Conectiv DFU; C:\Windows\system32\DRIVERS\MAudioConectiv_DFU.sys []
S3 MAUSBCONECTIV;Service for M-Audio Conectiv; C:\Windows\system32\DRIVERS\MAudioConectiv.sys []
S3 netr28x;Ralink 802.11n-Drahtlostreiber für Windows Vista; C:\Windows\system32\DRIVERS\netr28x.sys []
S3 netw5v64;Intel(R) Wireless WiFi Link 5000 Series Adapter Driver for Windows Vista 64 Bit; C:\Windows\system32\DRIVERS\netw5v64.sys []
S3 pciide;pciide; C:\Windows\system32\DRIVERS\pciide.sys []
S3 RFCOMM;Bluetooth-Gerät (RFCOMM-Protokoll-TDI); C:\Windows\system32\DRIVERS\rfcomm.sys []
S3 RSUSBSTOR;RtsUStor.Sys Realtek USB Card Reader; C:\Windows\System32\Drivers\RtsUStor.sys [2009-09-23 225280]
S3 sdbus;sdbus; C:\Windows\system32\DRIVERS\sdbus.sys []
S3 SL3;SL3 Driver; C:\Windows\System32\Drivers\Sl3.sys []
S3 SrvHsfHDA;SrvHsfHDA; C:\Windows\system32\DRIVERS\VSTAZL6.SYS []
S3 SrvHsfV92;SrvHsfV92; C:\Windows\system32\DRIVERS\VSTDPV6.SYS []
S3 SrvHsfWinac;SrvHsfWinac; C:\Windows\system32\DRIVERS\VSTCNXT6.SYS []
S3 usb_rndisx;USB-RNDIS-Adapter; C:\Windows\system32\DRIVERS\usb8023x.sys []

======List of services (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R2 AERTFilters;Andrea RT Filters Service; C:\Program Files\Realtek\Audio\HDA\AERTSr64.exe [2009-11-18 98208]
R2 AMD External Events Utility;AMD External Events Utility; C:\Windows\system32\atiesrxx.exe []
R2 AntiVirSchedulerService;Avira AntiVir Planer; C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe [2010-11-02 135336]
R2 AntiVirService;Avira AntiVir Guard; C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe [2010-11-02 267944]
R2 ezSharedSvc;Easybits Services for Windows; C:\Windows\System32\ezSharedSvcHost.exe [2010-01-25 514232]
R2 HP Health Check Service;HP Health Check Service; C:\Program Files (x86)\Hewlett-Packard\HP Health Check\hphc_service.exe [2010-03-24 121344]
R2 HP Wireless Assistant Service;HP Wireless Assistant Service; C:\Program Files\Hewlett-Packard\HP Wireless Assistant\HPWA_Service.exe [2010-01-27 102968]
R2 HPDrvMntSvc.exe;HP Quick Synchronization Service; C:\Program Files (x86)\Hewlett-Packard\Shared\HPDrvMntSvc.exe [2010-07-23 92216]
R2 HPWMISVC;HPWMISVC; C:\Program Files\Hewlett-Packard\HP Quick Launch\HPWMISVC.exe [2010-01-18 20480]
R2 LightScribeService;LightScribeService Direct Disc Labeling Service; C:\Program Files (x86)\Common Files\LightScribe\LSSrvc.exe [2010-02-22 73728]
R2 RapiMgr;@%windir%\WindowsMobile\rapimgr.dll,-104; C:\Windows\system32\svchost.exe [2009-07-14 20992]
R2 SeaPort;SeaPort; C:\Program Files (x86)\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe [2009-11-19 242048]
R2 WcesComm;@%windir%\WindowsMobile\wcescomm.dll,-40079; C:\Windows\system32\svchost.exe [2009-07-14 20992]
R3 hpqwmiex;HP Software Framework Service; C:\Program Files (x86)\Hewlett-Packard\Shared\hpqwmiex.exe [2010-07-23 703032]
S2 !SASCORE;SAS Core Service; C:\Program Files\SUPERAntiSpyware\SASCORE64.EXE []
S3 IDriverT;InstallDriver Table Manager; C:\Program Files (x86)\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe [2004-10-22 73728]

-----------------EOF-----------------
--- --- ---


Code:
                        $$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$
                        º                                    º
                                    hjtscanlist v2.0             
                        º                                    º
                        $$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$

Microsoft Windows [Version 6.1.7600]
 
 
C:

  12.11.2010 11:58    C:\rsit --------- 0 
  12.11.2010 11:45    C:\Windows --------- 16384 
      C:\pagefile.sys ---------   
      C:\hiberfil.sys ---------   
  12.11.2010 03:13    C:\Program Files (x86) --------- 20480 
  12.11.2010 02:57    C:\System Volume Information --------- 16384 
  12.11.2010 02:56    C:\Program Files --------- 8192 
  12.11.2010 01:17    C:\ProgramData --------- 12288 
  12.10.2010 16:31    C:\Downloads --------- 0 
  22.09.2010 22:11    C:\SwSetup --------- 12288 
  12.08.2010 15:08    C:\$Recycle.Bin --------- 4096 
  12.08.2010 14:17    C:\PFiles --------- 0 
  07.08.2010 16:44    C:\SYSTEM.SAV --------- 0 
  07.08.2010 16:44    C:\Recovery --------- 0 
  07.08.2010 16:44    C:\Users --------- 4096 
  07.08.2010 16:43    C:\Programme --------- 0 
  07.08.2010 16:43    C:\Dokumente und Einstellungen --------- 0 
  07.07.2010 05:12    C:\HP --------- 0 
  18.05.2010 08:54    C:\boot --------- 0 
  14.07.2009 06:08    C:\Documents and Settings --------- 0 
  14.07.2009 04:20    C:\PerfLogs --------- 0 
  14.07.2009 02:38    C:\bootmgr --------- 383562 
----------------------------------------

 
C:\Windows

  12.11.2010 12:03    C:\Windows\WindowsUpdate.log --------- 1235609 
  12.11.2010 11:45    C:\Windows\setupact.log --------- 56 
  12.11.2010 11:45    C:\Windows\setuperr.log --------- 0 
  12.11.2010 11:45    C:\Windows\bootstat.dat --------- 67584 
  12.11.2010 11:45    C:\Windows\PFRO.log --------- 348 
  24.08.2010 11:05    C:\Windows\winamp.ini --------- 84 
  12.08.2010 18:30    C:\Windows\game.ini --------- 331 
  07.07.2010 14:49    C:\Windows\CSUP.txt --------- 12 
  07.07.2010 05:01    C:\Windows\ativpsrm.bin --------- 0 
  18.05.2010 05:01    C:\Windows\explorer.exe --------- 2870272 
  02.03.2010 23:57    C:\Windows\atiogl.xml --------- 20692 
  26.02.2010 20:20    C:\Windows\RtlExUpd.dll --------- 1247776 
  09.02.2010 17:58    C:\Windows\LPRES.DLL --------- 12800 
  14.07.2009 06:09    C:\Windows\win.ini --------- 403 
  14.07.2009 05:54    C:\Windows\WindowsShell.Manifest --------- 749 
  14.07.2009 02:39    C:\Windows\write.exe --------- 10240 
  14.07.2009 02:39    C:\Windows\splwow64.exe --------- 61952 
  14.07.2009 02:39    C:\Windows\regedit.exe --------- 427008 
  14.07.2009 02:39    C:\Windows\notepad.exe --------- 193536 
  14.07.2009 02:39    C:\Windows\hh.exe --------- 16896 
  14.07.2009 02:39    C:\Windows\HelpPane.exe --------- 733696 
  14.07.2009 02:39    C:\Windows\fveupdate.exe --------- 15360 
  14.07.2009 02:38    C:\Windows\bfsvc.exe --------- 71168 
  14.07.2009 02:16    C:\Windows\twain_32.dll --------- 51200 
  14.07.2009 02:14    C:\Windows\winhlp32.exe --------- 9728 
  14.07.2009 02:14    C:\Windows\twunk_32.exe --------- 31232 
  14.07.2009 00:06    C:\Windows\mib.bin --------- 43131 
  10.06.2009 22:41    C:\Windows\twunk_16.exe --------- 49680 
  10.06.2009 22:41    C:\Windows\twain.dll --------- 94784 
  10.06.2009 22:08    C:\Windows\system.ini --------- 219 
  10.06.2009 21:52    C:\Windows\WMSysPr9.prx --------- 316640 
  10.06.2009 21:36    C:\Windows\msdfmap.ini --------- 1405 
  10.06.2009 21:31    C:\Windows\Starter.xml --------- 48201 
  10.06.2009 21:30    C:\Windows\HomePremium.xml --------- 48265 
  10.06.2009 21:30    C:\Windows\HomeBasic.xml --------- 48223 
----------------------------------------

 
C:\Windows\System

----------------------------------------

 
C:\Windows\System32

 12.11.2010 11:58    C:\Windows\system32\config --------- 16384 
 12.11.2010 11:52    C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0 --------- 23024 
 12.11.2010 11:52    C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0 --------- 23024 
 12.11.2010 11:49    C:\Windows\system32\perfh009.dat --------- 607190 
 12.11.2010 11:49    C:\Windows\system32\perfc009.dat --------- 103568 
 12.11.2010 11:49    C:\Windows\system32\perfh007.dat --------- 643866 
 12.11.2010 11:49    C:\Windows\system32\perfc007.dat --------- 126394 
 12.11.2010 11:49    C:\Windows\system32\PerfStringBackup.INI --------- 1472002 
 12.11.2010 00:47    C:\Windows\system32\Tasks --------- 4096 
 10.11.2010 23:20    C:\Windows\system32\catroot2 --------- 20480 
 10.11.2010 03:00    C:\Windows\system32\MRT.exe --------- 37628360 
 02.11.2010 14:52    C:\Windows\system32\catroot --------- 4096 
 29.10.2010 16:53    C:\Windows\system32\drivers --------- 65536 
 19.10.2010 10:41    C:\Windows\system32\MpSigStub.exe --------- 270720 
 18.10.2010 14:32    C:\Windows\system32\NDF --------- 0 
 15.10.2010 02:19    C:\Windows\system32\FNTCACHE.DAT --------- 334264 
 15.10.2010 02:18    C:\Windows\system32\migration --------- 0 
 09.10.2010 10:07    C:\Windows\system32\DriverStore --------- 4096 
 30.09.2010 02:16    C:\Windows\system32\de-DE --------- 262144 
 08.09.2010 06:36    C:\Windows\system32\wininet.dll --------- 1192960 
 08.09.2010 06:36    C:\Windows\system32\urlmon.dll --------- 1495040 
 08.09.2010 06:35    C:\Windows\system32\mstime.dll --------- 1026048 
 08.09.2010 06:35    C:\Windows\system32\mshtmled.dll --------- 97280 
 08.09.2010 06:35    C:\Windows\system32\mshtml.dll --------- 9296384 
 08.09.2010 06:35    C:\Windows\system32\msfeedsbs.dll --------- 82944 
 08.09.2010 06:35    C:\Windows\system32\msfeeds.dll --------- 702976 
 08.09.2010 06:34    C:\Windows\system32\licmgr10.dll --------- 57856 
 08.09.2010 06:34    C:\Windows\system32\jsproxy.dll --------- 64512 
 08.09.2010 06:34    C:\Windows\system32\ieui.dll --------- 247808 
 08.09.2010 06:34    C:\Windows\system32\iertutil.dll --------- 2441216 
 08.09.2010 06:34    C:\Windows\system32\iepeers.dll --------- 256000 
 08.09.2010 06:34    C:\Windows\system32\ieframe.dll --------- 12369408 
 08.09.2010 06:34    C:\Windows\system32\iedkcs32.dll --------- 445952 
 08.09.2010 06:31    C:\Windows\system32\msfeedssync.exe --------- 12288 
 08.09.2010 05:16    C:\Windows\system32\html.iec --------- 482816 
 08.09.2010 04:35    C:\Windows\system32\mshtml.tlb --------- 1638912 
 05.09.2010 14:21    C:\Windows\system32\LogFiles --------- 4096 
 01.09.2010 06:21    C:\Windows\system32\wmp.dll --------- 14627840 
 01.09.2010 06:12    C:\Windows\system32\wmploc.DLL --------- 12625920 
 01.09.2010 03:58    C:\Windows\system32\win32k.sys --------- 3123712 
 27.08.2010 07:14    C:\Windows\system32\srvsvc.dll --------- 236032 
 26.08.2010 06:27    C:\Windows\system32\t2embed.dll --------- 148992 
 21.08.2010 07:38    C:\Windows\system32\wmpmde.dll --------- 1024512 
 21.08.2010 07:36    C:\Windows\system32\schannel.dll --------- 340992 
 21.08.2010 07:31    C:\Windows\system32\comctl32.dll --------- 633856 
 21.08.2010 07:29    C:\Windows\system32\spoolsv.exe --------- 558592 
 12.08.2010 21:45    C:\Windows\system32\wdi --------- 4096 
 07.08.2010 16:44    C:\Windows\system32\restore --------- 0 
 07.08.2010 16:44    C:\Windows\system32\Recovery --------- 0 
 07.08.2010 14:43    C:\Windows\system32\license.rtf --------- 52870 
 04.08.2010 08:07    C:\Windows\system32\CPFilters.dll --------- 961024 
 04.08.2010 08:07    C:\Windows\system32\msdri.dll --------- 552960 
 04.08.2010 08:05    C:\Windows\system32\mpg2splt.ax --------- 258560 
 04.08.2010 08:05    C:\Windows\system32\MSNP.ax --------- 288256 
 27.07.2010 15:59    C:\Windows\system32\shell32.dll --------- 14162944 
 07.07.2010 14:50    C:\Windows\system32\psisdecd.dll --------- 613888 
 07.07.2010 14:48    C:\Windows\system32\wbem --------- 65536 
 07.07.2010 05:23    C:\Windows\system32\sysprep --------- 0 
 07.07.2010 05:00    C:\Windows\system32\DRVSTORE --------- 0 
 07.07.2010 04:55    C:\Windows\system32\oem1.inf --------- 1048812 
 07.07.2010 04:55    C:\Windows\system32\zh-HK --------- 0 
 07.07.2010 04:55    C:\Windows\system32\zh-TW --------- 0 
 07.07.2010 04:55    C:\Windows\system32\zh-CN --------- 0 
 07.07.2010 04:55    C:\Windows\system32\tr-TR --------- 0 
 07.07.2010 04:55    C:\Windows\system32\th-TH --------- 0 
 07.07.2010 04:55    C:\Windows\system32\sv-SE --------- 0 
 07.07.2010 04:55    C:\Windows\system32\sl-SI --------- 0 
 07.07.2010 04:55    C:\Windows\system32\sk-SK --------- 0 
 07.07.2010 04:55    C:\Windows\system32\ru-RU --------- 0 
 07.07.2010 04:55    C:\Windows\system32\ro-RO --------- 0 
 07.07.2010 04:55    C:\Windows\system32\pt-PT --------- 0 
 07.07.2010 04:55    C:\Windows\system32\pt-BR --------- 0 
 07.07.2010 04:55    C:\Windows\system32\pl-PL --------- 0 
 07.07.2010 04:55    C:\Windows\system32\nl-NL --------- 0 
 07.07.2010 04:55    C:\Windows\system32\nb-NO --------- 0 
 07.07.2010 04:55    C:\Windows\system32\lv-LV --------- 0 
 07.07.2010 04:55    C:\Windows\system32\lt-LT --------- 0 
 07.07.2010 04:55    C:\Windows\system32\ko-KR --------- 0 
 07.07.2010 04:55    C:\Windows\system32\ja-JP --------- 0 
 07.07.2010 04:55    C:\Windows\system32\it-IT --------- 0 
 07.07.2010 04:55    C:\Windows\system32\hu-HU --------- 0 
 07.07.2010 04:55    C:\Windows\system32\hr-HR --------- 0 
 07.07.2010 04:55    C:\Windows\system32\he-IL --------- 0 
 07.07.2010 04:55    C:\Windows\system32\fr-FR --------- 0 
 07.07.2010 04:55    C:\Windows\system32\fi-FI --------- 0 
 07.07.2010 04:55    C:\Windows\system32\et-EE --------- 0 
 07.07.2010 04:55    C:\Windows\system32\es-ES --------- 0 
 07.07.2010 04:55    C:\Windows\system32\en-US --------- 147456 
 07.07.2010 04:55    C:\Windows\system32\el-GR --------- 0 
 07.07.2010 04:55    C:\Windows\system32\da-DK --------- 0 
 07.07.2010 04:55    C:\Windows\system32\cs-CZ --------- 0 
 07.07.2010 04:55    C:\Windows\system32\bg-BG --------- 0 
 07.07.2010 04:55    C:\Windows\system32\ar-SA --------- 0 
 07.07.2010 04:55    C:\Windows\system32\bcmwlrc.dll --------- 6656 
 07.07.2010 04:55    C:\Windows\system32\bcmwlcoi.dll --------- 95472 
 07.07.2010 04:55    C:\Windows\system32\bcmihvui64.dll --------- 3555840 
 07.07.2010 04:55    C:\Windows\system32\bcmihvsrv64.dll --------- 3891200 
 29.06.2010 06:39    C:\Windows\system32\ole32.dll --------- 2085376 
 19.06.2010 08:05    C:\Windows\system32\ntoskrnl.exe --------- 5507968 
 19.06.2010 07:53    C:\Windows\system32\rtutils.dll --------- 52224 
----------------------------------------

 
C:\Windows\Prefetch

----------------------------------------

 
C:\Windows\Tasks

 12.11.2010 11:45    C:\Windows\Tasks\SA.DAT --------- 6 
 11.11.2010 23:53    C:\Windows\Tasks\SCHEDLGU.TXT --------- 32624 
 10.11.2010 23:20    C:\Windows\Tasks\HPCeeScheduleForTom Morris.job --------- 352 
 27.08.2010 19:11    C:\Windows\Tasks\Install_NSS.job --------- 398 
----------------------------------------

 
C:\Windows\Temp

----------------------------------------

 
C:\Users\TOMMOR~1\AppData\Local\Temp

 12.11.2010 12:04    C:\Users\TOMMOR~1\AppData\Local\Temp\etilqs_Nz6tnU6DfcadK5Npx2WJ --------- 0 
 12.11.2010 11:51    C:\Users\TOMMOR~1\AppData\Local\Temp\jusched.log --------- 734 
 12.11.2010 11:47    C:\Users\TOMMOR~1\AppData\Local\Temp\WPDNSE --------- 0 
 12.11.2010 11:46    C:\Users\TOMMOR~1\AppData\Local\Temp\divA4E5.tmp --------- 0 
 12.11.2010 11:46    C:\Users\TOMMOR~1\AppData\Local\Temp\AdobeARM.log --------- 1620 
 12.11.2010 04:09    C:\Users\TOMMOR~1\AppData\Local\Temp\~DF48DF248CD4FB4CCE.TMP --------- 312320 
 12.11.2010 04:09    C:\Users\TOMMOR~1\AppData\Local\Temp\CLW6585.tmp --------- 3516 
 12.11.2010 04:09    C:\Users\TOMMOR~1\AppData\Local\Temp\WC6574.tmp --------- 0 
 12.11.2010 04:09    C:\Users\TOMMOR~1\AppData\Local\Temp\~DF763D451A4A148EB9.TMP --------- 312320 
 12.11.2010 04:09    C:\Users\TOMMOR~1\AppData\Local\Temp\~DF1736E6DD351E4D00.TMP --------- 312320 
 12.11.2010 03:59    C:\Users\TOMMOR~1\AppData\Local\Temp\~DF799BC64818577DB2.TMP --------- 312320 
 12.11.2010 03:59    C:\Users\TOMMOR~1\AppData\Local\Temp\CLWED53.tmp --------- 3516 
 12.11.2010 03:59    C:\Users\TOMMOR~1\AppData\Local\Temp\WCED52.tmp --------- 0 
 12.11.2010 03:59    C:\Users\TOMMOR~1\AppData\Local\Temp\~DF2825DC324A63DDF9.TMP --------- 312320 
 12.11.2010 03:59    C:\Users\TOMMOR~1\AppData\Local\Temp\~DFCC76C6B97BB95AC7.TMP --------- 312320 
 12.11.2010 03:56    C:\Users\TOMMOR~1\AppData\Local\Temp\~DF8E56EAFF46D33D18.TMP --------- 312320 
 12.11.2010 03:56    C:\Users\TOMMOR~1\AppData\Local\Temp\CLW23A.tmp --------- 3516 
 12.11.2010 03:56    C:\Users\TOMMOR~1\AppData\Local\Temp\WC239.tmp --------- 0 
 12.11.2010 03:56    C:\Users\TOMMOR~1\AppData\Local\Temp\~DFDE30482E542F2972.TMP --------- 312320 
 12.11.2010 03:56    C:\Users\TOMMOR~1\AppData\Local\Temp\~DF0423A591DC5C221E.TMP --------- 312320 
 12.11.2010 01:13    C:\Users\TOMMOR~1\AppData\Local\Temp\div7213.tmp --------- 0 
 12.11.2010 01:08    C:\Users\TOMMOR~1\AppData\Local\Temp\ufliruob.sys --------- 93056 
 12.11.2010 00:48    C:\Users\TOMMOR~1\AppData\Local\Temp\div8709.tmp --------- 0 
 11.11.2010 23:55    C:\Users\TOMMOR~1\AppData\Local\Temp\div694C.tmp --------- 0 
 11.11.2010 23:53    C:\Users\TOMMOR~1\AppData\Local\Temp\div9A99.tmp --------- 0 
 11.11.2010 23:11    C:\Users\TOMMOR~1\AppData\Local\Temp\~DFEFF57FE935C68287.TMP --------- 312320 
 11.11.2010 23:11    C:\Users\TOMMOR~1\AppData\Local\Temp\CLWF292.tmp --------- 3516 
 11.11.2010 23:11    C:\Users\TOMMOR~1\AppData\Local\Temp\WCF291.tmp --------- 0 
 11.11.2010 23:11    C:\Users\TOMMOR~1\AppData\Local\Temp\~DF01650370C65EB5AA.TMP --------- 312320 
 11.11.2010 23:11    C:\Users\TOMMOR~1\AppData\Local\Temp\~DF2AFCAD11127D1277.TMP --------- 312320 
 11.11.2010 23:08    C:\Users\TOMMOR~1\AppData\Local\Temp\~DF42B042D90EBEC224.TMP --------- 312320 
 11.11.2010 23:08    C:\Users\TOMMOR~1\AppData\Local\Temp\CLW3F6C.tmp --------- 3516 
 11.11.2010 23:08    C:\Users\TOMMOR~1\AppData\Local\Temp\WC3F6B.tmp --------- 0 
 11.11.2010 23:08    C:\Users\TOMMOR~1\AppData\Local\Temp\~DF15B4720C5EF0C787.TMP --------- 312320 
 11.11.2010 23:08    C:\Users\TOMMOR~1\AppData\Local\Temp\~DFA4EC1A187383BBCC.TMP --------- 312320 
 11.11.2010 23:06    C:\Users\TOMMOR~1\AppData\Local\Temp\~DF8950E07D1772F76D.TMP --------- 312320 
 11.11.2010 23:06    C:\Users\TOMMOR~1\AppData\Local\Temp\CLWA18C.tmp --------- 3516 
 11.11.2010 23:06    C:\Users\TOMMOR~1\AppData\Local\Temp\WCA18B.tmp --------- 0 
 11.11.2010 23:06    C:\Users\TOMMOR~1\AppData\Local\Temp\~DF38E2F9D73518BCB6.TMP --------- 312320 
 11.11.2010 23:06    C:\Users\TOMMOR~1\AppData\Local\Temp\~DF58CADF0D51045634.TMP --------- 312320 
 11.11.2010 17:28    C:\Users\TOMMOR~1\AppData\Local\Temp\~DFC8B755B62429D82E.TMP --------- 312320 
 11.11.2010 17:28    C:\Users\TOMMOR~1\AppData\Local\Temp\CLW3CC7.tmp --------- 3516 
 11.11.2010 17:28    C:\Users\TOMMOR~1\AppData\Local\Temp\WC3CC6.tmp --------- 0 
 11.11.2010 17:28    C:\Users\TOMMOR~1\AppData\Local\Temp\~DF41DA76337AF4A60D.TMP --------- 312320 
 11.11.2010 17:28    C:\Users\TOMMOR~1\AppData\Local\Temp\~DFB4F72774825E4D26.TMP --------- 312320 
 11.11.2010 17:27    C:\Users\TOMMOR~1\AppData\Local\Temp\~DF4137B74B09B6C60A.TMP --------- 312320 
 11.11.2010 17:27    C:\Users\TOMMOR~1\AppData\Local\Temp\CLWD5.tmp --------- 3516 
 11.11.2010 17:27    C:\Users\TOMMOR~1\AppData\Local\Temp\WCD4.tmp --------- 0 
 11.11.2010 17:27    C:\Users\TOMMOR~1\AppData\Local\Temp\~DFC96A07D44E96BD99.TMP --------- 312320 
 11.11.2010 17:27    C:\Users\TOMMOR~1\AppData\Local\Temp\~DF0B7351CF89C4179F.TMP --------- 312320 
 11.11.2010 15:20    C:\Users\TOMMOR~1\AppData\Local\Temp\~DF11A80436921ED315.TMP --------- 312320 
 11.11.2010 15:20    C:\Users\TOMMOR~1\AppData\Local\Temp\CLW4DBE.tmp --------- 3516 
 11.11.2010 15:20    C:\Users\TOMMOR~1\AppData\Local\Temp\WC4DBD.tmp --------- 0 
 11.11.2010 15:20    C:\Users\TOMMOR~1\AppData\Local\Temp\~DFC36D8919C086238C.TMP --------- 312320 
 11.11.2010 15:20    C:\Users\TOMMOR~1\AppData\Local\Temp\~DF3538DFBDF74286DF.TMP --------- 312320 
 11.11.2010 03:00    C:\Users\TOMMOR~1\AppData\Local\Temp\Low --------- 0 
 07.08.2010 16:50    C:\Users\TOMMOR~1\AppData\Local\Temp\FXSAPIDebugLogFile.txt --------- 0 
----------------------------------------

 
C:\Program Files

 12.11.2010 01:00    C:\Program Files\CCleaner --------- 0 
 15.10.2010 02:18    C:\Program Files\Internet Explorer --------- 4096 
 15.10.2010 02:18    C:\Program Files\Windows Media Player --------- 4096 
 09.10.2010 10:07    C:\Program Files\M-Audio --------- 0 
 06.10.2010 17:07    C:\Program Files\Common Files --------- 4096 
 08.08.2010 14:18    C:\Program Files\Windows Mail --------- 0 
 07.08.2010 18:43    C:\Program Files\DivX --------- 0 
 07.08.2010 16:45    C:\Program Files\Windows Sidebar --------- 4096 
 07.08.2010 16:43    C:\Program Files\Windows NT --------- 4096 
 07.08.2010 16:43    C:\Program Files\Gemeinsame Dateien --------- 0 
 07.07.2010 14:48    C:\Program Files\DVD Maker --------- 4096 
 07.07.2010 14:48    C:\Program Files\Microsoft Games --------- 4096 
 07.07.2010 05:00    C:\Program Files\DIFX --------- 0 
 07.07.2010 04:59    C:\Program Files\ATI --------- 0 
 07.07.2010 04:58    C:\Program Files\Realtek --------- 0 
 07.07.2010 04:56    C:\Program Files\Synaptics --------- 0 
 07.07.2010 04:55    C:\Program Files\Broadcom --------- 0 
 18.05.2010 04:54    C:\Program Files\Windows Defender --------- 4096 
 18.05.2010 04:54    C:\Program Files\Windows Photo Viewer --------- 4096 
 17.05.2010 22:38    C:\Program Files\Hewlett-Packard --------- 0 
 14.07.2009 06:32    C:\Program Files\Windows Portable Devices --------- 0 
 14.07.2009 06:32    C:\Program Files\Reference Assemblies --------- 0 
 14.07.2009 06:32    C:\Program Files\MSBuild --------- 0 
 14.07.2009 06:09    C:\Program Files\Uninstall Information --------- 0 
 14.07.2009 05:54    C:\Program Files\desktop.ini --------- 174 
----------------------------------------

 
C:\ProgramData\..

Tom Morris   
Public   
Default   
Default User   
All Users   
desktop.ini   
----------------------------------------

 
C:\Windows\system32\drivers\etc\hosts


----------------------------------------

 

Abbildname                    PID Sitzungsname      Sitz.-Nr. Speichernutzung
========================= ======== ================ =========== ===============
System Idle Process              0 Services                  0            24 K
System                          4 Services                  0          796 K
smss.exe                      264 Services                  0        1.088 K
csrss.exe                      388 Services                  0        4.268 K
wininit.exe                    460 Services                  0        4.316 K
csrss.exe                      492 Console                    1        6.144 K
services.exe                  524 Services                  0        11.632 K
lsass.exe                      540 Services                  0        11.256 K
lsm.exe                        548 Services                  0        4.152 K
winlogon.exe                  636 Console                    1        6.732 K
svchost.exe                    704 Services                  0        9.572 K
svchost.exe                    804 Services                  0        8.584 K
atiesrxx.exe                  848 Services                  0        4.080 K
svchost.exe                    928 Services                  0        24.452 K
svchost.exe                    972 Services                  0      103.468 K
svchost.exe                    112 Services                  0        47.548 K
svchost.exe                    544 Services                  0        15.828 K
svchost.exe                  1096 Services                  0        15.484 K
atieclxx.exe                  1188 Console                    1        5.804 K
wlanext.exe                  1276 Services                  0        4.760 K
conhost.exe                  1284 Services                  0        2.528 K
spoolsv.exe                  1404 Services                  0        10.904 K
sched.exe                    1436 Services                  0        1.864 K
svchost.exe                  1456 Services                  0        15.080 K
svchost.exe                  1584 Services                  0        14.884 K
AERTSr64.exe                  1620 Services                  0        2.568 K
avguard.exe                  1640 Services                  0        17.276 K
ezSharedSvcHost.exe          1688 Services                  0        8.516 K
HPDrvMntSvc.exe              1724 Services                  0        3.464 K
HPWMISVC.exe                  1756 Services                  0        5.344 K
LSSrvc.exe                    1792 Services                  0        4.104 K
SeaPort.exe                  1840 Services                  0        8.060 K
avshadow.exe                  1860 Services                  0        3.920 K
conhost.exe                  1868 Services                  0        2.544 K
svchost.exe                  1928 Services                  0        5.276 K
taskhost.exe                  2376 Console                    1        9.680 K
dwm.exe                      2480 Console                    1        31.512 K
explorer.exe                  2508 Console                    1        66.408 K
SynTPEnh.exe                  2688 Console                    1        12.624 K
RtkNGUI64.exe                2696 Console                    1        9.472 K
RtVOsd64.exe                  2704 Console                    1        7.532 K
HPMSGSVC.exe                  2724 Console                    1        6.352 K
wmdc.exe                      2812 Console                    1        6.756 K
M-AudioTaskBarIcon.exe        2824 Console                    1        6.760 K
LightScribeControlPanel.e    2848 Console                    1        10.796 K
ISUSPM.exe                    2872 Console                    1        6.344 K
svchost.exe                  2968 Services                  0        7.576 K
WmiPrvSE.exe                  3064 Services                  0        7.296 K
hpwuschd2.exe                  696 Console                    1        3.368 K
DivXUpdate.exe                2144 Console                    1        10.328 K
avgnt.exe                    1140 Console                    1        7.504 K
SynTPHelper.exe              1824 Console                    1        3.176 K
jusched.exe                  1872 Console                    1        4.228 K
SearchIndexer.exe            2316 Services                  0        39.780 K
wmpnetwk.exe                  3256 Services                  0        19.012 K
svchost.exe                  3668 Services                  0        13.504 K
HPHC_Service.exe              3808 Services                  0        14.104 K
HPWA_Service.exe              4020 Services                  0        34.508 K
svchost.exe                  1936 Services                  0        28.724 K
hpqWmiEx.exe                  3932 Services                  0        5.936 K
WmiPrvSE.exe                  3936 Services                  0        10.920 K
MOM.exe                      4412 Console                    1        5.688 K
CCC.exe                      4496 Console                    1        19.876 K
HPWA_Main.exe                4320 Console                    1        49.252 K
hpCaslNotification.exe        3040 Console                    1        11.348 K
audiodg.exe                  2240 Services                  0        17.688 K
chrome.exe                    4944 Console                    1        45.184 K
chrome.exe                    400 Console                    1        25.424 K
cmd.exe                      3708 Console                    1        3.568 K
conhost.exe                  2980 Console                    1        5.768 K
SearchProtocolHost.exe        3264 Services                  0        8.092 K
SearchFilterHost.exe          4004 Services                  0        6.196 K
dllhost.exe                  3268 Console                    1        5.600 K
tasklist.exe                  2164 Console                    1        5.248 K

 
***** Ende des Scans 12.11.2010 um 12:05:27,43 ***

Code:
Acrobat.com        Adobe Systems Incorporated        16.05.2010        1,61MB        1.6.65
Adobe AIR        Adobe Systems Inc.        16.05.2010                1.5.0.7220
Adobe Flash Player 10 Plugin        Adobe Systems Incorporated        29.08.2010        6,00MB        10.1.82.76
Adobe Reader 9.4.0 MUI        Adobe Systems Incorporated        09.10.2010        691MB        9.4.0
ATI Catalyst Install Manager        ATI Technologies, Inc.        06.07.2010        22,1MB        3.0.765.0
Audacity 1.2.6                06.08.2010               
Avira AntiVir Personal - Free Antivirus        Avira GmbH        01.11.2010        59,8MB        10.0.0.592
Broadcom 802.11 Wireless LAN Adapter        Broadcom Corporation        07.07.2010                5.60.48.35
Call of Duty(R) 4 - Modern Warfare(TM)        Activision        11.08.2010        2.281MB        1.7
CCleaner        Piriform        11.11.2010                3.00
CyberLink DVD Suite        CyberLink Corp.        16.05.2010        37,6MB        7.0.2527
CyberLink PowerDVD 9        CyberLink Corp.        06.07.2010        134,2MB        9.0.1.3810
CyberLink YouCam        CyberLink Corp.        06.07.2010        129,9MB        3.0.2511
DivX-Setup        DivX, Inc.        11.10.2010                2.1.2.2
Free Music Zilla        FreeMusicZilla.com        27.10.2010               
Google Chrome        Google Inc.        06.08.2010                5.0.375.99
HijackThis 2.0.2        TrendMicro        11.11.2010                2.0.2
HP Advisor        Hewlett-Packard        16.05.2010        54,9MB        3.4.10262.3295
HP Power Plan Utility        Hewlett-Packard        06.07.2010        0,23MB        1.0.6
HP Quick Launch        Hewlett-Packard        16.05.2010        4,29MB        1.0.18
HP Setup        Hewlett-Packard        16.05.2010                1.2.3988.3281
HP Software Framework        Hewlett-Packard Company        21.09.2010        2,38MB        4.0.55.1
HP Support Assistant        Hewlett-Packard        16.05.2010        33,4MB        4.4.6.3
HP Update        Hewlett-Packard        16.05.2010        2,97MB        5.001.000.014
HP User Guides 0211        Hewlett-Packard        16.05.2010        144,4MB        1.00.0000
HP Wireless Assistant        Hewlett-Packard        16.05.2010        5,59MB        4.0.4.2
Java(TM) 6 Update 22        Oracle        11.10.2010        94,9MB        6.0.220
JDownloader        AppWork UG (haftungsbeschränkt)        11.10.2010                0.89
LabelPrint        CyberLink Corp.        16.05.2010        281MB        2.5.2515
LightScribe System Software        LightScribe        06.07.2010        23,4MB        1.18.12.1
Live 8.0.3                01.09.2010               
M-Audio Conectiv Driver 6.0.1 (x64)        M-Audio        08.10.2010        3,84MB        6.0.1
Malwarebytes' Anti-Malware        Malwarebytes Corporation        10.11.2010        8,51MB       
Microsoft Silverlight        Microsoft Corporation        06.07.2010        29,1MB        3.0.40818.0
Microsoft Visual C++ 2005 Redistributable        Microsoft Corporation        16.05.2010        0,42MB        8.0.56336
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17        Microsoft Corporation        16.05.2010        0,77MB        9.0.30729
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148        Microsoft Corporation        06.07.2010        0,77MB        9.0.30729.4148
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17        Microsoft Corporation        16.05.2010        0,58MB        9.0.30729
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148        Microsoft Corporation        06.07.2010        0,58MB        9.0.30729.4148
Mozilla Firefox (3.6.8)        Mozilla        29.08.2010                3.6.8 (de)
PhotoNow!        CyberLink Corp.        06.07.2010        39,4MB        1.1.6904
Power2Go        CyberLink Corp.        16.05.2010        204MB        6.1.3715
PowerDirector        CyberLink Corp.        16.05.2010        826MB        8.0.2514
Realtek Ethernet Controller Driver For Windows 7        Realtek        06.07.2010                7.11.1127.2009
Realtek High Definition Audio Driver        Realtek Semiconductor Corp.        06.07.2010                6.0.1.6066
Realtek USB 2.0 Card Reader        Realtek Semiconductor Corp.        06.07.2010                6.1.7600.30105
Scratch Live 2.1.1 (21122)        Serato Audio Research        24.10.2010        27,1MB        2.1.1
Skype Toolbars        Skype Technologies S.A.        07.08.2010        5,36MB        1.0.4051
Skype™ 4.2        Skype Technologies S.A.        07.08.2010        31,7MB        4.2.169
SUPER © Version 2010.bld.38 (May 2, 2010)        eRightSoft        11.08.2010                Version 2010.bld.38 (May 2, 2010)
Synaptics Pointing Device Driver        Synaptics Incorporated        06.07.2010                15.0.12.0
TagScanner 5.1 build 592        Sergey Serkov        29.09.2010        5,59MB       
Torq Torq 1.5.2 (Build 009) - 8 July 2009        M-Audio        08.10.2010               
TubeBox!        Jens Lorek        11.10.2010        12,9MB        3.4.1
Uninstall 1.0.0.1                06.08.2010        10,5MB       
VLC media player 1.1.4        VideoLAN        08.09.2010                1.1.4
Vodafone Mobile Connect Lite        Vodafone        09.08.2010        12,3MB        3.1.2.104
Windows Media Player Firefox Plugin        Microsoft Corp        11.08.2010        0,29MB        1.0.0.8
Windows Mobile-Gerätecenter        Microsoft Corporation        04.09.2010        27,4MB        6.1.6965.0
WinRAR Archivierer                06.08.2010
Code:


Typ:        Datei
Quelle:        C:\Users\Tom Morris\AppData\Local\Google\Chrome\User Data\Default\Cache\f_0002f9
Status:        Infiziert
Quarantäne-Objekt:        49dadea6.qua
Wiederhergestellt:        NEIN
Zu Avira hochgeladen:        JA
Betriebssystem:        Windows 2000/XP/VISTA Workstation
Suchengine:        8.02.04.92
Virendefinitionsdatei:        7.10.13.229
Meldung:        Ist das Trojanische Pferd TR/Crypt.XPACK.Gen3
Datum/Uhrzeit:        12.11.2010, 00:18

Maschi 12.11.2010 14:16
Hab außerdem nochmal nen Scan mit Antivir gemacht und 2 Viren hat es gefunden (dachte ist vielleicht von Bedeutung):

Code:


Typ:        Datei
Quelle:        C:\Users\Tom Morris\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\38\5d0e15a6-60a8549a
Status:        Infiziert
Quarantäne-Objekt:        5067bd79.qua
Wiederhergestellt:        NEIN
Zu Avira hochgeladen:        NEIN
Betriebssystem:        Windows 2000/XP/VISTA Workstation
Suchengine:        8.02.04.92
Virendefinitionsdatei:        7.10.13.229
Meldung:        Enthält Erkennungsmuster des Java-Virus JAVA/Agent.2212
Datum/Uhrzeit:        12.11.2010, 13:41
Code:


Typ:        Datei
Quelle:        C:\Users\Tom Morris\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\4\33dff2c4-3a14acd9
Status:        Infiziert
Quarantäne-Objekt:        48bc92ef.qua
Wiederhergestellt:        NEIN
Zu Avira hochgeladen:        NEIN
Betriebssystem:        Windows 2000/XP/VISTA Workstation
Suchengine:        8.02.04.92
Virendefinitionsdatei:        7.10.13.229
Meldung:        Enthält Erkennungsmuster des Java-Virus JAVA/Agent.2212
Datum/Uhrzeit:        12.11.2010, 13:41

kira 12.11.2010 22:20
1.
Schliesse alle Programme einschliesslich Internet Explorer und fixe mit Hijackthis die Einträge aus der nachfolgenden Codebox (HijackThis starten→ "Do a system scan only"→ Einträge auswählenHäckhen setzen→ "Fix checked" klicken→ PC neu aufstarten):
HijackThis erstellt ein Backup, Falls bei "Fixen" etwas schief geht, kann man unter "View the list of backups"- die Objekte wiederherstellen
Code:
O2 - BHO: (no name) - {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - (no file)
O3 - Toolbar: (no name) - {8dcb7100-df86-4384-8842-8fa844297b3f} - (no file)
O4 - HKUS\S-1-5-19\..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (User 'LOKALER DIENST')
O4 - HKUS\S-1-5-20\..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (User 'NETZWERKDIENST')
2.
Zitat:
**Vor dem Löschen temporärer Dateien sollte man unbedingt alle Anwendungen beenden!
**lösche nur den Inhalt der Ordner, nicht die Ordner selbst!
**Der Temp Ordner,ist für temporäre Dateien,also der Inhalt kann man ohne weiteres löschen.- Dateien, die noch in Benutzung sind,nicht löschbar.
Temp Ordner leeren:
C:\Users\xxxxx\AppData\Local\Temp--> lösche nur den Inhalt der Ordner, nicht die Ordner selbst
oder klicke auf Start-> Suche-> %temp% reinschreiben...

3.
Öffne CCleaner
  • "Cleaner"-->"Analysieren"-->Klick auf den Button "Start CCleaner"
  • "Registry""Fehler suchen"--> "Fehler beheben"-->"Alle beheben"
  • Starte dein System neu auf

4.
den Java-Cache leeren - wie unter Punkt 7. u. 8. beschrieben *klick
über Systemsteuerung -> Java...

5.
>>Du sollst das Programm nicht installieren, sondern dein System nur online scannen<<
Auch auf USB-Sticks, selbstgebrannten Datenträgern, externen Festplatten und anderen Datenträgern können Viren transportiert werden. Man muss daher durch regelmäßige Prüfungen auf Schäden, die durch Malware ("Worm.Win32.Autorun") verursacht worden sein können, überwacht werden. Hierfür sind ser gut geegnet und empfohlen, die auf dem Speichermedium gesicherten Daten, mit Hilfe des kostenlosen Online Scanners zu prüfen.
Schließe jetzt alle externe Datenträgeran (USB Sticks etc) Deinen Rechner an, dabei die Hochstell-Taste [Shift-Taste] gedrückt halten, damit die Autorun-Funktion nicht ausgeführt wird. (So verhindest Du die Ausführung der AUTORUN-Funktion) - Man kann die AUTORUN-Funktion aber auch generell abschalten.► [Sicherheit] Autorun Funktion für mehr Sicherheit auf allen Laufwerken deaktivieren /Avira Support Forum
Führe dann einen Komplett-Systemcheck mit Nod32 durch
- folgendes bitte anhaken > "Remove found threads" und "Scan archives"
- die Scanergebnis als *.txt Dateien speichern)
- meistens "C:\Programme\Eset\EsetOnlineScanner\log.txt"
- "Link:-> ESET Online Scanner
Vor dem Scan Einstellungen im Internet Explorer:
- "Extras→ Internetoptionen→ Sicherheit":
- alles auf Standardstufe stellen
- Active X erlauben

** Gibt es noch Probleme mit dem Rechner?

Maschi 13.11.2010 04:27
Liste der Anhänge anzeigen (Anzahl: 1)
Hallo,

erstmal großen Dank an dich für deine Hilfe :Boogie:
Echt super !!!

Also ich habe alle Schritte abgearbeitet, allerdings konnte ich den Temp-Ordner nicht komplett leeren (Objekte als Bild im Anhang).

Mein Laptop funktioniert eigentlich genau wie vorher ganz normal, konnte bis jetz nix weiteres feststellen aber die Minianwendungen funktionieren nach wie vor nicht.

Gruß, Thomas

Hier die Eset-TXT:

Code:
C:\Users\xxxx\Eigene Producing\Camel Audio CamelPhat 3.42\keygen.exe        Variante von Win32/Keygen.AD Anwendung        Gesäubert durch Löschen - in Quarantäne kopiert
Anhang 10792

kira 13.11.2010 07:57
:
Zitat:
Zitat von Maschi (Beitrag 588634)
...aber die Minianwendungen funktionieren nach wie vor nicht.
Ich hab eine gute und eine schlechte Nachricht für Dich, zuerst die schlechte:
- beführte ich, dass Du Dein Problem nur lösen kannst, wenn du dein System neu installierst:
Code:
C:\Users\xxxx\Eigene Producing\Camel Audio CamelPhat 3.42\keygen.exe        Keygen.
"ignorantia legis non excusat"...
Cracks & Serials, Keygen sind immer verseucht mit Trojaner und diverse Schädlinge,es gibt keine seite wo viren frei ist. (Man sollte nicht absitlich der Teufel holen;))
- Denn die die angebotenen Programme und Dateien enthalten schädliche Inhalte - äußerst gefährlicher Malware wie z.b Backdoors und Rootkits
** Du solltest in so einem Fall mal dein Konsummuster überdenken:twak:
- Weil dein Verhalten damit dem deutschen Recht unterliegt, wird den Supprt an dieser Stelle von unsere Seite aus beendet. Also am besten ist es, Du Sicherst deiner Daten und machst eine komplette Neuinstallation des Rechners, das ist der schnellste und sauberste lösung!

Die gute Nachricht ist:
nach einer Neuinstallation hast Du wieder ein sauberes System und hoffentlich daraus gelernt und in Zukunft lässt die Finger von...

Zitat:
Sinn & Zweck der Sache - Viren Trojaner Würmer:
Ein Wurm, der fast als "guter Wurm" bezeichnet werden kann, zieht durch
das Netz und verbeitet sich über die File-Sharing Netzwerke BearShare, KaZaA
eMule & Co
Der Wurm besitzt unzählige verschiedene Namen bekannter Cracks oder
Keygeneratoren zur illegalen Benutzung von kommerzieller Software. Wer gezielt
nach solchen Dateien sucht, könnte also durchaus auch auf eine Wurmkopie
treffen.
http://www.world-of-smilies.com/wos_...eschlossen.gif


Alle Zeitangaben in WEZ +1. Es ist jetzt 02:19 Uhr.

Copyright ©2000-2025, Trojaner-Board


Search Engine Optimization by vBSEO ©2011, Crawlability, Inc.

1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19