|
Anzeige:
|
|
|||||||
| Viren-Forum über Viren, Dialer, Trojaner, Spyware etc. |
EM-Tippspiel
Paule bei Facebook
Paule bei Twitter
Navigation
Letzte Forenthemen
Anzeige:
|
 |
|
|
LinkBack | Themen-Optionen | Ansicht |
24.04.2011, 10:52
|
#1 (Direktlink) |
|
Gast
Beiträge: n/a
|
Malwarebefall
Hallo Leute,
erstens Frohe Ostern. Hab ein Problem und zwar ein Malware. Hab schon Eventlog von Windows ausgelesen und da unten sind Ergebnisse. Wer kennt sich mit aus und eventuell mir weiter helfen. File-Upload.net - Eventlog.txt File-Upload.net - Scripting.txt Danke in voraus Marko |
|
|
|
24.04.2011, 14:15
|
#2 (Direktlink) |
|
Super-Moderator
 Registriert seit: 15.02.2009
Beiträge: 10.786
|
Der User kann sein Sicherheitscenter nicht aktivieren. Unter anderem ist mir das sauer aufgestoßen:
Code:
21.4.2011 8:10 Uhr 36s Record #78221 Computername->euroantik-PC Application Error: Error Fehlerhafte Anwendung JwWeagugDQKT.exe, Version 3.0.1.1, Zeitstempel 0x21475346, fehlerhaftes Modul USER32.dll, Version 6.0.6002.18005, Zeitstempel 0x49e0380e, Ausnahmecode 0xc0000409, Fehleroffset 0x00065276, Prozess-ID 0x8d0, Anwendungsstartzeit 01cbffeaa537d702. http://www.google.de/url?sa=t&source...FNklOtBE2FD0Ig
__________________
______________ Bitte Schnelltest durchführen: Neuer Virus, ahnungslose User seit Monaten infiziert! Mfg AHT |
|
|
|
24.04.2011, 18:03
|
#3 (Direktlink) |
|
Super-Moderator
Registriert seit: 08.02.2010
Beiträge: 1.728
|
Hallo,
OTL Download: http://oldtimer.geekstogo.com/OTL.exe 1. Doppelklick auf die OTL.exe 2. User von Windows 7 und Vista: Rechtsklick als Administrator ausführen 3. Oben findest Du ein Kästchen mit Ausgabe. Wähle bitte Minimal-Ausgabe 4. Hake an "scan all users" 5. Unter "Extra Registrierung wähle: "Benutze SafeList" "LOP Prüfung" "Purity Prüfung " 6. Kopiere in die Textbox (ohen das Wort Code: ). Code:
netsvcs msconfig safebootminimal safebootnetwork activex drivers32 %ALLUSERSPROFILE%\Application Data\*. %ALLUSERSPROFILE%\Application Data\*.exe /s %APPDATA%\*. %APPDATA%\*.exe /s %SYSTEMDRIVE%\*.exe /md5start userinit.exe eventlog.dll scecli.dll netlogon.dll cngaudit.dll ws2ifsl.sys sceclt.dll ntelogon.dll logevent.dll iaStor.sys nvstor.sys atapi.sys IdeChnDr.sys viasraid.sys AGP440.sys vaxscsi.sys nvatabus.sys viamraid.sys nvata.sys nvgts.sys iastorv.sys ViPrt.sys eNetHook.dll ahcix86.sys KR10N.sys nvstor32.sys ahcix86s.sys /md5stop %systemroot%\system32\drivers\*.sys /lockedfiles %systemroot%\System32\config\*.sav %systemroot%\*. /mp /s %systemroot%\system32\*.dll /lockedfiles CREATERESTOREPOINT 8. Es werden 2 Reporte erstellt: OTL.Txt sowie Extras.Txt Bitte beide Logs Posten!
__________________
Gruß Leo
|
|
|
|
|
25.04.2011, 11:52
|
#4 (Direktlink) |
|
Gast
Beiträge: n/a
|
OTL logfile created on: 25.04.2011 09:41:09 - Run 1
OTL by OldTimer - Version 3.2.22.3 Folder = C:\Users\euroantik\Downloads Windows Vista Home Premium Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation Internet Explorer (Version = 8.0.6001.19048) Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy 2,00 Gb Total Physical Memory | 1,00 Gb Available Physical Memory | 45,00% Memory free 4,00 Gb Paging File | 3,00 Gb Available in Paging File | 69,00% Paging File free Paging file location(s): c:\pagefile.sys 2222 3111 [binary data] %SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files Drive C: | 141,96 Gb Total Space | 42,17 Gb Free Space | 29,70% Space Free | Partition Type: NTFS Drive D: | 7,09 Gb Total Space | 0,65 Gb Free Space | 9,13% Space Free | Partition Type: NTFS Drive E: | 4,38 Gb Total Space | 2,31 Gb Free Space | 52,75% Space Free | Partition Type: UDF Drive I: | 1,91 Gb Total Space | 1,74 Gb Free Space | 91,12% Space Free | Partition Type: FAT Drive M: | 7,79 Gb Total Space | 6,98 Gb Free Space | 89,51% Space Free | Partition Type: FAT32 Computer Name: EUROANTIK-PC | User Name: euroantik | Logged in as Administrator. Boot Mode: Normal | Scan Mode: All users Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days ========== Processes (SafeList) ========== PRC - C:\Users\euroantik\Downloads\OTL.exe (OldTimer Tools) PRC - C:\Programme\AVAST Software\Avast\AvastUI.exe (AVAST Software) PRC - C:\Programme\Mozilla Firefox\firefox.exe (Mozilla Corporation) PRC - C:\Windows\System32\sdclt.exe (Microsoft Corporation) PRC - C:\Programme\Windows Media Player\wmplayer.exe (Microsoft Corporation) PRC - C:\Windows\explorer.exe (Microsoft Corporation) PRC - C:\Programme\Windows Media Player\wmpnscfg.exe (Microsoft Corporation) ========== Modules (SafeList) ========== MOD - C:\Users\euroantik\Downloads\OTL.exe (OldTimer Tools) MOD - C:\Programme\AVAST Software\Avast\snxhk.dll (AVAST Software) MOD - C:\Windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.6002.18305_none_5cb72f2a088b0ed3\comctl32.dll (Microsoft Corporation) ========== Win32 Services (SafeList) ========== SRV - (Automatisches LiveUpdate - Scheduler) -- File not found SRV - (avast! Antivirus) -- C:\Program Files\AVAST Software\Avast\AvastSvc.exe (AVAST Software) SRV - (ServiceLayer) -- C:\Program Files\PC Connectivity Solution\ServiceLayer.exe (Nokia) SRV - (DBService) -- C:\Programme\Common Files\DATA BECKER Shared\DBService.exe (DATA BECKER GmbH & Co KG) SRV - (WinHttpAutoProxySvc) -- winhttp.dll (Microsoft Corporation) SRV - (WinDefend) -- C:\Programme\Windows Defender\MpSvc.dll (Microsoft Corporation) SRV - (WcesComm) -- C:\Windows\WindowsMobile\wcescomm.dll (Microsoft Corporation) SRV - (RapiMgr) -- C:\Windows\WindowsMobile\rapimgr.dll (Microsoft Corporation) ========== Driver Services (SafeList) ========== DRV - (aswSnx) -- C:\Windows\System32\drivers\aswSnx.sys (AVAST Software) DRV - (aswSP) -- C:\Windows\System32\drivers\aswSP.sys (AVAST Software) DRV - (aswTdi) -- C:\Windows\System32\drivers\aswTdi.sys (AVAST Software) DRV - (aswRdr) -- C:\Windows\System32\drivers\aswRdr.sys (AVAST Software) DRV - (aswMonFlt) -- C:\Windows\System32\drivers\aswMonFlt.sys (AVAST Software) DRV - (aswFsBlk) -- C:\Windows\System32\drivers\aswFsBlk.sys (AVAST Software) DRV - (Uim_IM) -- C:\Windows\System32\drivers\Uim_IM.sys (Paragon) DRV - (UimBus) -- C:\Windows\System32\drivers\UimBus.sys (Windows (R) 2000 DDK provider) DRV - (LVUVC) QuickCam Pro for Notebooks(UVC) -- C:\Windows\System32\drivers\lvuvc.sys (Logitech Inc.) DRV - (qcusbser) -- C:\Windows\System32\drivers\qcusbser.sys (TCT International Mobile Ltd) DRV - (winusb) -- C:\Windows\System32\drivers\winusb.sys (Microsoft Corporation) DRV - (pccsmcfd) -- C:\Windows\System32\drivers\pccsmcfd.sys (Nokia) DRV - (acedrv11) -- C:\Windows\System32\drivers\ACEDRV11.sys (Protect Software GmbH) DRV - (ACEDRV09) -- C:\Windows\System32\drivers\ACEDRV09.sys (Protect Software GmbH) DRV - (acedrv10) -- C:\Windows\System32\drivers\ACEDRV10.sys (Protect Software GmbH) DRV - (acehlp10) -- C:\Windows\System32\drivers\acehlp10.sys (Protect Software GmbH) DRV - (RTL8169) -- C:\Windows\System32\drivers\Rtlh86.sys (Realtek Corporation ) ========== Standard Registry (SafeList) ========== ========== Internet Explorer ========== IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = HP | MSN IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://home.sweetim.com IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 IE - HKU\S-1-5-21-281255394-4162190622-601280986-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Search_URL = Google Toolbar IE - HKU\S-1-5-21-281255394-4162190622-601280986-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = Google IE - HKU\S-1-5-21-281255394-4162190622-601280986-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = Babylon Search IE - HKU\S-1-5-21-281255394-4162190622-601280986-1000\SOFTWARE\Microsoft\Internet Explorer\Main,StartPageCache = 1 IE - HKU\S-1-5-21-281255394-4162190622-601280986-1000\SOFTWARE\Microsoft\Internet Explorer\Search,Default_Search_URL = Google Toolbar IE - HKU\S-1-5-21-281255394-4162190622-601280986-1000\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = Google Toolbar IE - HKU\S-1-5-21-281255394-4162190622-601280986-1000\..\URLSearchHook: - Reg Error: Key error. File not found IE - HKU\S-1-5-21-281255394-4162190622-601280986-1000\..\URLSearchHook: {EEE6C35D-6118-11DC-9C72-001320C79847} - C:\Programme\SweetIM\Toolbars\Internet Explorer\mgHelper.dll (SweetIM Technologies Ltd.) IE - HKU\S-1-5-21-281255394-4162190622-601280986-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 ========== FireFox ========== FF - prefs.js..browser.search.defaultenginename: "Search the web (Babylon)" FF - prefs.js..browser.search.defaulturl: "http://search.babylon.com/web/{searchTerms}?babsrc=browsersearch&AF=15627" FF - prefs.js..browser.search.order.1: "Search the web (Babylon)" FF - prefs.js..browser.search.selectedEngine: "Google" FF - prefs.js..browser.search.useDBForOrder: true FF - prefs.js..browser.startup.homepage: "http://de.start3.mozilla.com/firefox?client=firefox-a&rls=org.mozilla:de:official" FF - prefs.js..extensions.enabledItems: autopager@mozilla.org:0.6.2.0 FF - prefs.js..extensions.enabledItems: {02450954-cdd9-410f-b1da-db804e18c671}:0.96.3 FF - prefs.js..extensions.enabledItems: {9AA46F4F-4DC7-4c06-97AF-5035170634FE}:3.3.5 FF - prefs.js..extensions.enabledItems: {e0204bd5-9d31-402b-a99d-a6aa8ffebdca}:1.2.5 FF - prefs.js..extensions.enabledItems: bkmrksync@nokia.com:1.0.0.736 FF - prefs.js..extensions.enabledItems: {000a9d1c-beef-4f90-9363-039d445309b8}:0.5.36.0 FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA}:6.0.21 FF - prefs.js..extensions.enabledItems: de-DE@dictionaries.addons.mozilla.org:2.0.2 FF - prefs.js..extensions.enabledItems: {A27F3FEF-1113-4cfb-A032-8E12D7D8EE70}:7.3.4.51 FF - prefs.js..keyword.URL: "http://utils.babylon.com/abt/index.php?url=" FF - prefs.js..network.proxy.ftp: "localhost" FF - prefs.js..network.proxy.ftp_port: 8118 FF - prefs.js..network.proxy.gopher: "localhost" FF - prefs.js..network.proxy.gopher_port: 8118 FF - prefs.js..network.proxy.http: "localhost" FF - prefs.js..network.proxy.http_port: 8118 FF - prefs.js..network.proxy.socks: "localhost" FF - prefs.js..network.proxy.socks_port: 9050 FF - prefs.js..network.proxy.ssl: "localhost" FF - prefs.js..network.proxy.ssl_port: 8118 FF - prefs.js..sweetim.toolbar.previous.keyword.URL: "http://search.icq.com/search/afe_results.php?ch_id=afex&q=" FF - HKLM\software\mozilla\Firefox\Extensions\\{000a9d1c-beef-4f90-9363-039d445309b8}: C:\Program Files\Google\Google Gears\Firefox\ [2010.03.07 12:29:04 | 000,000,000 | ---D | M] FF - HKLM\software\mozilla\Firefox\Extensions\\wrc@avast.com: C:\Program Files\AVAST Software\Avast\WebRep\FF [2011.04.21 08:49:50 | 000,000,000 | ---D | M] FF - HKLM\software\mozilla\Mozilla Firefox 4.0\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2011.04.10 10:05:30 | 000,000,000 | ---D | M] FF - HKLM\software\mozilla\Mozilla Firefox 4.0\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2011.04.17 12:13:22 | 000,000,000 | ---D | M] FF - HKLM\software\mozilla\Mozilla Thunderbird 2.0.0.14\extensions\\Components: C:\Program Files\Mozilla Thunderbird\components [2010.03.07 15:30:39 | 000,000,000 | ---D | M] FF - HKLM\software\mozilla\Mozilla Thunderbird 2.0.0.14\extensions\\Plugins: C:\Program Files\Mozilla Thunderbird\plugins [2011.04.17 12:13:22 | 000,000,000 | ---D | M] [2008.06.30 08:33:08 | 000,000,000 | -H-D | M] (No name found) -- C:\Users\euroantik\AppData\Roaming\mozilla\Extensions [2011.04.11 17:34:03 | 000,000,000 | -H-D | M] (No name found) -- C:\Users\euroantik\AppData\Roaming\mozilla\Firefox\Profiles\05eastxu.default\ext ensions [2010.12.09 15:38:16 | 000,000,000 | -H-D | M] (Screengrab) -- C:\Users\euroantik\AppData\Roaming\mozilla\Firefox\Profiles\05eastxu.default\ext ensions\{02450954-cdd9-410f-b1da-db804e18c671} [2010.12.09 15:38:16 | 000,000,000 | -H-D | M] (Microsoft .NET Framework Assistant) -- C:\Users\euroantik\AppData\Roaming\mozilla\Firefox\Profiles\05eastxu.default\ext ensions\{20a82645-c095-46ed-80e3-08825760534b} [2011.01.24 15:08:45 | 000,000,000 | -H-D | M] (Google Toolbar for Firefox) -- C:\Users\euroantik\AppData\Roaming\mozilla\Firefox\Profiles\05eastxu.default\ext ensions\{3112ca9c-de6d-4884-a869-9855de68056c} [2010.12.09 15:38:20 | 000,000,000 | -H-D | M] (Torbutton) -- C:\Users\euroantik\AppData\Roaming\mozilla\Firefox\Profiles\05eastxu.default\ext ensions\{e0204bd5-9d31-402b-a99d-a6aa8ffebdca} [2010.12.20 10:55:34 | 000,000,000 | -H-D | M] (German Dictionary) -- C:\Users\euroantik\AppData\Roaming\mozilla\Firefox\Profiles\05eastxu.default\ext ensions\de-DE@dictionaries.addons.mozilla.org [2011.04.10 11:18:48 | 000,000,000 | -H-D | M] (ImageTools) -- C:\Users\euroantik\AppData\Roaming\mozilla\Firefox\Profiles\05eastxu.default\ext ensions\matus.uhliar@gmail.com [2011.04.25 09:32:13 | 000,000,950 | ---- | M] () -- C:\Users\euroantik\AppData\Roaming\Mozilla\Firefox\Profiles\05eastxu.default\sea rchplugins\icqplugin-1.xml [2009.04.22 11:22:19 | 000,000,950 | -H-- | M] () -- C:\Users\euroantik\AppData\Roaming\Mozilla\Firefox\Profiles\05eastxu.default\sea rchplugins\icqplugin-2.xml [2009.04.29 10:55:50 | 000,000,950 | -H-- | M] () -- C:\Users\euroantik\AppData\Roaming\Mozilla\Firefox\Profiles\05eastxu.default\sea rchplugins\icqplugin-3.xml [2009.06.13 18:03:16 | 000,000,950 | -H-- | M] () -- C:\Users\euroantik\AppData\Roaming\Mozilla\Firefox\Profiles\05eastxu.default\sea rchplugins\icqplugin-4.xml [2009.03.30 16:34:32 | 000,000,944 | -H-- | M] () -- C:\Users\euroantik\AppData\Roaming\Mozilla\Firefox\Profiles\05eastxu.default\sea rchplugins\icqplugin.xml [2009.02.05 18:30:29 | 000,001,632 | -H-- | M] () -- C:\Users\euroantik\AppData\Roaming\Mozilla\Firefox\Profiles\05eastxu.default\sea rchplugins\live-search.xml [2009.03.20 13:47:21 | 000,003,915 | -H-- | M] () -- C:\Users\euroantik\AppData\Roaming\Mozilla\Firefox\Profiles\05eastxu.default\sea rchplugins\sweetim.xml [2011.04.10 10:05:30 | 000,000,000 | ---D | M] (No name found) -- C:\Programme\Mozilla Firefox\extensions [2009.03.16 11:31:48 | 000,000,000 | ---D | M] ("ICQ Toolbar") -- C:\Programme\Mozilla Firefox\extensions\{800b5000-a755-47e1-992b-48a1c1357f07} [2010.10.10 13:17:51 | 000,000,000 | ---D | M] (Java Console) -- C:\Programme\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA} File not found (No name found) -- [2011.04.21 08:49:50 | 000,000,000 | ---D | M] (avast! WebRep) -- C:\PROGRAM FILES\AVAST SOFTWARE\AVAST\WEBREP\FF [2008.11.18 14:16:45 | 000,000,000 | ---D | M] (Java Console) -- C:\PROGRAM FILES\MOZILLA FIREFOX\EXTENSIONS\{CAFEEFAC-0016-0000-0010-ABCDEFFEDCBA} [2009.02.03 14:14:03 | 000,000,000 | ---D | M] (Java Console) -- C:\PROGRAM FILES\MOZILLA FIREFOX\EXTENSIONS\{CAFEEFAC-0016-0000-0011-ABCDEFFEDCBA} [2010.10.10 13:17:51 | 000,000,000 | ---D | M] (Java Console) -- C:\PROGRAM FILES\MOZILLA FIREFOX\EXTENSIONS\{CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA} () (No name found) -- C:\USERS\EUROANTIK\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\05EASTXU.DEFAULT\EXT ENSIONS\{1A2D0EC4-75F5-4C91-89C4-3656F6E44B68}.XPI () (No name found) -- C:\USERS\EUROANTIK\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\05EASTXU.DEFAULT\EXT ENSIONS\{9AA46F4F-4DC7-4C06-97AF-5035170634FE}.XPI () (No name found) -- C:\USERS\EUROANTIK\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\05EASTXU.DEFAULT\EXT ENSIONS\AUTOFILLFORMS@BLUEIMP.NET.XPI () (No name found) -- C:\USERS\EUROANTIK\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\05EASTXU.DEFAULT\EXT ENSIONS\AUTOPAGER@MOZILLA.ORG.XPI [2011.03.18 19:56:37 | 000,142,296 | ---- | M] (Mozilla Foundation) -- C:\Programme\Mozilla Firefox\components\browsercomps.dll [2009.07.17 10:40:12 | 000,704,512 | ---- | M] (BitComet) -- C:\Programme\Mozilla Firefox\plugins\npBitCometAgent.dll [2010.07.17 05:00:04 | 000,423,656 | ---- | M] (Sun Microsystems, Inc.) -- C:\Programme\Mozilla Firefox\plugins\npdeployJava1.dll [2010.01.01 10:00:00 | 000,001,392 | ---- | M] () -- C:\Programme\Mozilla Firefox\searchplugins\amazondotcom-de.xml [2010.11.30 10:45:29 | 000,002,226 | ---- | M] () -- C:\Programme\Mozilla Firefox\searchplugins\babylon.xml [2010.01.01 10:00:00 | 000,002,252 | ---- | M] () -- C:\Programme\Mozilla Firefox\searchplugins\bing.xml [2010.01.01 10:00:00 | 000,001,153 | ---- | M] () -- C:\Programme\Mozilla Firefox\searchplugins\eBay-de.xml [2010.01.01 10:00:00 | 000,006,805 | ---- | M] () -- C:\Programme\Mozilla Firefox\searchplugins\leo_ende_de.xml [2010.01.01 10:00:00 | 000,001,178 | ---- | M] () -- C:\Programme\Mozilla Firefox\searchplugins\wikipedia-de.xml [2010.01.01 10:00:00 | 000,001,105 | ---- | M] () -- C:\Programme\Mozilla Firefox\searchplugins\yahoo-de.xml O1 HOSTS File: ([2006.09.18 23:41:30 | 000,000,761 | ---- | M]) - C:\Windows\System32\drivers\etc\hosts O1 - Hosts: 127.0.0.1 localhost O1 - Hosts: ::1 localhost O2 - BHO: (Windows Live Family Safety Browser Helper Class) - {4f3ed5cd-0726-42a9-87f5-d13f3d2976ac} - C:\Programme\Windows Live\Family Safety\fssbho.dll (Microsoft Corporation) O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - No CLSID value found. O2 - BHO: (Search Helper) - {6EBF7485-159F-4bff-A14F-B9E3AAC4465B} - C:\Programme\Microsoft\Search Enhancement Pack\Search Helper\SEPsearchhelperie.dll (Microsoft Corporation) O2 - BHO: (avast! WebRep) - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Programme\AVAST Software\Avast\aswWebRepIE.dll (AVAST Software) O2 - BHO: (Windows Live Anmelde-Hilfsprogramm) - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Programme\Common Files\microsoft shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corporation) O2 - BHO: (Skype Plug-In) - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Programme\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.) O2 - BHO: (Google Toolbar Notifier BHO) - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Programme\Google\GoogleToolbarNotifier\5.6.6209.1142\swg.dll (Google Inc.) O2 - BHO: (Google Gears Helper) - {E0FEFE40-FBF9-42AE-BA58-794CA7E3FB53} - C:\Programme\Google\Google Gears\Internet Explorer\0.5.36.0\gears.dll (Google Inc.) O2 - BHO: (Windows Live Toolbar Helper) - {E15A8DC0-8516-42A1-81EA-DC94EC1ACF10} - C:\Programme\Windows Live\Toolbar\wltcore.dll (Microsoft Corporation) O2 - BHO: (SweetIM Toolbar Helper) - {EEE6C35C-6118-11DC-9C72-001320C79847} - C:\Programme\SweetIM\Toolbars\Internet Explorer\mgToolbarIE.dll (SweetIM Technologies Ltd.) O3 - HKLM\..\Toolbar: (&Windows Live Toolbar) - {21FA44EF-376D-4D53-9B0F-8A89D3229068} - C:\Programme\Windows Live\Toolbar\wltcore.dll (Microsoft Corporation) O3 - HKLM\..\Toolbar: (avast! WebRep) - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Programme\AVAST Software\Avast\aswWebRepIE.dll (AVAST Software) O3 - HKLM\..\Toolbar: (SweetIM Toolbar for Internet Explorer) - {EEE6C35B-6118-11DC-9C72-001320C79847} - C:\Programme\SweetIM\Toolbars\Internet Explorer\mgToolbarIE.dll (SweetIM Technologies Ltd.) O3 - HKU\S-1-5-21-281255394-4162190622-601280986-1000\..\Toolbar\WebBrowser: (no name) - {12F02779-6D88-4958-8AD3-83C12D86ADC7} - No CLSID value found. O3 - HKU\S-1-5-21-281255394-4162190622-601280986-1000\..\Toolbar\WebBrowser: (&Windows Live Toolbar) - {21FA44EF-376D-4D53-9B0F-8A89D3229068} - C:\Programme\Windows Live\Toolbar\wltcore.dll (Microsoft Corporation) O3 - HKU\S-1-5-21-281255394-4162190622-601280986-1000\..\Toolbar\WebBrowser: (SweetIM Toolbar for Internet Explorer) - {EEE6C35B-6118-11DC-9C72-001320C79847} - C:\Programme\SweetIM\Toolbars\Internet Explorer\mgToolbarIE.dll (SweetIM Technologies Ltd.) O4 - HKLM..\Run: [] File not found O4 - HKLM..\Run: [avast] C:\Program Files\AVAST Software\Avast\avastUI.exe (AVAST Software) O4 - HKU\S-1-5-19..\Run: [WindowsWelcomeCenter] C:\Windows\System32\oobefldr.dll (Microsoft Corporation) O4 - HKU\S-1-5-20..\Run: [WindowsWelcomeCenter] C:\Windows\System32\oobefldr.dll (Microsoft Corporation) O8 - Extra context menu item: Add to Google Photos Screensa&ver - C:\Windows\System32\GPhotos.scr (Google Inc.) O8 - Extra context menu item: Google Sidewiki... - C:\Program Files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_D183CA64F05FDD98.dll (Google Inc.) O9 - Extra 'Tools' menuitem : &Gears-Einstellungen - {09C04DA7-5B76-4EBC-BBEE-B25EAC5965F5} - C:\Programme\Google\Google Gears\Internet Explorer\0.5.36.0\gears.dll (Google Inc.) O9 - Extra Button: In Blog veröffentlichen - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Programme\Windows Live\Writer\WriterBrowserExtension.dll (Microsoft Corporation) O9 - Extra 'Tools' menuitem : In Windows Live Writer in Blog veröffentliche&n - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Programme\Windows Live\Writer\WriterBrowserExtension.dll (Microsoft Corporation) O9 - Extra Button: Skype Plug-In - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Programme\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.) O9 - Extra 'Tools' menuitem : Skype Plug-In - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Programme\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.) O9 - Extra Button: ICQ6 - {E59EB121-F339-4851-A3BA-FE49C35617C2} - Reg Error: Value error. File not found O9 - Extra 'Tools' menuitem : ICQ6 - {E59EB121-F339-4851-A3BA-FE49C35617C2} - Reg Error: Value error. File not found O13 - gopher Prefix: missing O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jin...ndows-i586.cab (Java Plug-in 1.6.0_21) O16 - DPF: {C1FDEE68-98D5-4F42-A4DD-D0BECF5077EB} http://tools.ebayimg.com/eps/wl/acti..._v1-0-29-0.cab (EPUImageControl Class) O16 - DPF: {CAFEEFAC-0016-0000-0001-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jin...ndows-i586.cab (Java Plug-in 1.6.0_01) O16 - DPF: {CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jin...ndows-i586.cab (Java Plug-in 1.6.0_21) O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jin...ndows-i586.cab (Java Plug-in 1.6.0_21) O16 - DPF: {D0C0F75C-683A-4390-A791-1ACFD5599AB8} http://icq.oberon-media.com/Gameshel...onGameHost.cab (Oberon Flash Game Host) O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.178.1 O18 - Protocol\Handler\livecall {828030A1-22C1-4009-854F-8E305202313F} - C:\Programme\Windows Live\Messenger\msgrapp.14.0.8089.0726.dll (Microsoft Corporation) O18 - Protocol\Handler\ms-itss {0A9007C0-4076-11D3-8789-0000F8105754} - C:\Programme\Common Files\microsoft shared\Information Retrieval\msitss.dll (Microsoft Corporation) O18 - Protocol\Handler\msnim {828030A1-22C1-4009-854F-8E305202313F} - C:\Programme\Windows Live\Messenger\msgrapp.14.0.8089.0726.dll (Microsoft Corporation) O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Programme\Common Files\Skype\Skype4COM.dll (Skype Technologies) O18 - Protocol\Handler\skype-ie-addon-data {91774881-D725-4E58-B298-07617B9B86A8} - C:\Programme\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.) O18 - Protocol\Handler\wlmailhtml {03C514A3-1EFB-4856-9F99-10D7BE1653C0} - C:\Programme\Windows Live\Mail\mailcomm.dll (Microsoft Corporation) O18 - Protocol\Filter\application/octet-stream {1E66F26B-79EE-11D2-8710-00C04F79ED0D} - mscoree.dll (Microsoft Corporation) O18 - Protocol\Filter\application/x-complus {1E66F26B-79EE-11D2-8710-00C04F79ED0D} - mscoree.dll (Microsoft Corporation) O18 - Protocol\Filter\application/x-msdownload {1E66F26B-79EE-11D2-8710-00C04F79ED0D} - mscoree.dll (Microsoft Corporation) O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation) O20 - Winlogon\Notify\igfxcui: DllName - igfxdev.dll - igfxdev.dll (Intel Corporation) O24 - Desktop WallPaper: C:\Windows\Web\Wallpaper\img24.jpg O24 - Desktop BackupWallPaper: C:\Windows\Web\Wallpaper\img24.jpg O29 - HKLM SecurityProviders - (credssp.dll) - credssp.dll (Microsoft Corporation) O32 - HKLM CDRom: AutoRun - 1 O32 - AutoRun File - [2007.09.10 18:29:53 | 000,000,074 | ---- | M] () - C:\autoexec.bat -- [ NTFS ] O32 - AutoRun File - [2011.04.24 12:57:38 | 000,000,000 | RH-- | M] () - E:\autorun.wbcat -- [ UDF ] O32 - AutoRun File - [2011.04.24 12:57:38 | 000,000,137 | ---- | M] () - E:\autorun.inf -- [ UDF ] O32 - AutoRun File - [2010.10.07 17:23:34 | 000,000,143 | ---- | M] () - M:\autorun.inf -- [ FAT32 ] O33 - MountPoints2\{1b1d2bc3-c111-11dd-bd1d-001bb9b175cf}\Shell - "" = AutoRun O33 - MountPoints2\{1b1d2bc3-c111-11dd-bd1d-001bb9b175cf}\Shell\AutoRun\command - "" = J:\AutoRun.exe O33 - MountPoints2\{1b1d2bed-c111-11dd-bd1d-b97923f73b6c}\Shell - "" = AutoRun O33 - MountPoints2\{1b1d2bed-c111-11dd-bd1d-b97923f73b6c}\Shell\AutoRun\command - "" = F:\AutoRun.exe O33 - MountPoints2\{1b1d2bf5-c111-11dd-bd1d-001bb9b175cf}\Shell - "" = AutoRun O33 - MountPoints2\{1b1d2bf5-c111-11dd-bd1d-001bb9b175cf}\Shell\AutoRun\command - "" = J:\AutoRun.exe O33 - MountPoints2\{4f839f70-37f1-11df-ab7b-806e6f6e6963}\Shell - "" = AutoRun O33 - MountPoints2\{4f839f70-37f1-11df-ab7b-806e6f6e6963}\Shell\AutoRun\command - "" = F:\AutoRun.exe O33 - MountPoints2\{8301300b-b181-11de-bf14-001bb9b175cf}\Shell - "" = AutoRun O33 - MountPoints2\{8301300b-b181-11de-bf14-001bb9b175cf}\Shell\AutoRun\command - "" = F:\AutoRun.exe O33 - MountPoints2\{83013038-b181-11de-bf14-001bb9b175cf}\Shell - "" = AutoRun O33 - MountPoints2\{83013038-b181-11de-bf14-001bb9b175cf}\Shell\AutoRun\command - "" = F:\AutoRun.exe O33 - MountPoints2\{8abedd9c-c2ca-11de-9670-001bb9b175cf}\Shell - "" = AutoRun O33 - MountPoints2\{8abedd9c-c2ca-11de-9670-001bb9b175cf}\Shell\AutoRun\command - "" = F:\autorun.exe O33 - MountPoints2\{ff6fc219-15ed-11de-9088-001bb9b175cf}\Shell - "" = AutoRun O33 - MountPoints2\{ff6fc219-15ed-11de-9088-001bb9b175cf}\Shell\AutoRun\command - "" = F:\AutoRun.exe O33 - MountPoints2\J\Shell - "" = AutoRun O33 - MountPoints2\J\Shell\AutoRun\command - "" = J:\AutoRun.exe O34 - HKLM BootExecute: (autocheck autochk *) - File not found O35 - HKLM\..comfile [open] -- "%1" %* O35 - HKLM\..exefile [open] -- "%1" %* O37 - HKLM\...com [@ = comfile] -- "%1" %* O37 - HKLM\...exe [@ = exefile] -- "%1" %* NetSvcs: FastUserSwitchingCompatibility - File not found NetSvcs: Ias - File not found NetSvcs: Nla - File not found NetSvcs: Ntmssvc - File not found NetSvcs: NWCWorkstation - File not found NetSvcs: Nwsapagent - File not found NetSvcs: SRService - File not found NetSvcs: WmdmPmSp - File not found NetSvcs: LogonHours - File not found NetSvcs: PCAudit - File not found NetSvcs: helpsvc - File not found NetSvcs: uploadmgr - File not found MsConfig - StartUpFolder: C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^HP Digital Imaging Monitor.lnk - C:\Programme\HP\Digital Imaging\bin\hpqtra08.exe - (Hewlett-Packard Co.) MsConfig - StartUpReg: Adobe Photo Downloader - hkey= - key= - C:\Program Files\Adobe\Adobe Photoshop Lightroom 1.3\apdproxy.exe (Adobe Systems Incorporated) MsConfig - StartUpReg: Adobe Reader Speed Launcher - hkey= - key= - C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe (Adobe Systems Incorporated) MsConfig - StartUpReg: avast - hkey= - key= - C:\Program Files\AVAST Software\Avast\avastUI.exe (AVAST Software) MsConfig - StartUpReg: avgnt - hkey= - key= - Reg Error: Value error. File not found MsConfig - StartUpReg: BabylonToolbar - hkey= - key= - Reg Error: Value error. File not found MsConfig - StartUpReg: ccApp - hkey= - key= - File not found MsConfig - StartUpReg: ehTray.exe - hkey= - key= - C:\Windows\ehome\ehtray.exe (Microsoft Corporation) MsConfig - StartUpReg: fssui - hkey= - key= - C:\Program Files\Windows Live\Family Safety\fsui.exe (Microsoft Corporation) MsConfig - StartUpReg: HotKeysCmds - hkey= - key= - File not found MsConfig - StartUpReg: HP Health Check Scheduler - hkey= - key= - c:\Programme\Hewlett-Packard\HP Health Check\HPHC_Scheduler.exe (Hewlett-Packard) MsConfig - StartUpReg: HP Software Update - hkey= - key= - C:\Programme\HP\HP Software Update\hpwuSchd2.exe (Hewlett-Packard Co.) MsConfig - StartUpReg: hpsysdrv - hkey= - key= - c:\hp\support\hpsysdrv.exe (Hewlett-Packard Company) MsConfig - StartUpReg: IgfxTray - hkey= - key= - File not found MsConfig - StartUpReg: iTunesHelper - hkey= - key= - Reg Error: Value error. File not found MsConfig - StartUpReg: JwWeagugDQKT - hkey= - key= - Reg Error: Value error. File not found MsConfig - StartUpReg: NBKeyScan - hkey= - key= - C:\Program Files\Nero\Nero8\Nero BackItUp\NBKeyScan.exe (Nero AG) MsConfig - StartUpReg: NeroFilterCheck - hkey= - key= - C:\Programme\Common Files\Nero\Lib\NeroCheck.exe (Nero AG) MsConfig - StartUpReg: NokiaMServer - hkey= - key= - Reg Error: Value error. File not found MsConfig - StartUpReg: NokiaOviSuite2 - hkey= - key= - Reg Error: Value error. File not found MsConfig - StartUpReg: OsdMaestro - hkey= - key= - C:\Program Files\Hewlett-Packard\On-Screen OSD Indicator\OSD.exe (OsdMaestro) MsConfig - StartUpReg: Persistence - hkey= - key= - File not found MsConfig - StartUpReg: QuickTime Task - hkey= - key= - C:\Program Files\QuickTime\QTTask.exe (Apple Inc.) MsConfig - StartUpReg: RtHDVCpl - hkey= - key= - C:\Windows\RtHDVCpl.exe (Realtek Semiconductor) MsConfig - StartUpReg: Sidebar - hkey= - key= - C:\Program Files\Windows Sidebar\sidebar.exe (Microsoft Corporation) MsConfig - StartUpReg: SunJavaUpdateReg - hkey= - key= - File not found MsConfig - StartUpReg: SunJavaUpdateSched - hkey= - key= - Reg Error: Value error. File not found MsConfig - StartUpReg: SweetIM - hkey= - key= - C:\Programme\SweetIM\Messenger\SweetIM.exe (SweetIM Technologies Ltd.) MsConfig - StartUpReg: Symantec PIF AlertEng - hkey= - key= - File not found MsConfig - StartUpReg: TkBellExe - hkey= - key= - C:\Program Files\Common Files\Real\Update_OB\realsched.exe (RealNetworks, Inc.) MsConfig - StartUpReg: Windows Defender - hkey= - key= - File not found MsConfig - StartUpReg: Windows Mobile-based device management - hkey= - key= - C:\Windows\WindowsMobile\wmdSync.exe (Microsoft Corporation) MsConfig - StartUpReg: WMPNSCFG - hkey= - key= - C:\Programme\Windows Media Player\wmpnscfg.exe (Microsoft Corporation) MsConfig - State: "startup" - 2 MsConfig - State: "bootini" - 2 MsConfig - State: "services" - 2 SafeBootMin: AppMgmt - Service SafeBootMin: Base - Driver Group SafeBootMin: Boot Bus Extender - Driver Group SafeBootMin: Boot file system - Driver Group SafeBootMin: File system - Driver Group SafeBootMin: Filter - Driver Group SafeBootMin: HelpSvc - Service SafeBootMin: NTDS - File not found SafeBootMin: PCI Configuration - Driver Group SafeBootMin: PNP Filter - Driver Group SafeBootMin: Primary disk - Driver Group SafeBootMin: sacsvr - Service SafeBootMin: SCSI Class - Driver Group SafeBootMin: System Bus Extender - Driver Group SafeBootMin: WinDefend - C:\Programme\Windows Defender\MpSvc.dll (Microsoft Corporation) SafeBootMin: {36FC9E60-C465-11CF-8056-444553540000} - Universal Serial Bus controllers SafeBootMin: {4D36E965-E325-11CE-BFC1-08002BE10318} - CD-ROM Drive SafeBootMin: {4D36E967-E325-11CE-BFC1-08002BE10318} - DiskDrive SafeBootMin: {4D36E969-E325-11CE-BFC1-08002BE10318} - Standard floppy disk controller SafeBootMin: {4D36E96A-E325-11CE-BFC1-08002BE10318} - Hdc SafeBootMin: {4D36E96B-E325-11CE-BFC1-08002BE10318} - Keyboard SafeBootMin: {4D36E96F-E325-11CE-BFC1-08002BE10318} - Mouse SafeBootMin: {4D36E977-E325-11CE-BFC1-08002BE10318} - PCMCIA Adapters SafeBootMin: {4D36E97B-E325-11CE-BFC1-08002BE10318} - SCSIAdapter SafeBootMin: {4D36E97D-E325-11CE-BFC1-08002BE10318} - System SafeBootMin: {4D36E980-E325-11CE-BFC1-08002BE10318} - Floppy disk drive SafeBootMin: {533C5B84-EC70-11D2-9505-00C04F79DEAF} - Volume shadow copy SafeBootMin: {6BDD1FC1-810F-11D0-BEC7-08002BE2092F} - IEEE 1394 Bus host controllers SafeBootMin: {71A27CDD-812A-11D0-BEC7-08002BE2092F} - Volume SafeBootMin: {745A17A0-74D3-11D0-B6FE-00A0C90F57DA} - Human Interface Devices SafeBootMin: {D48179BE-EC20-11D1-B6B8-00C04FA372A7} - SBP2 IEEE 1394 Devices SafeBootMin: {D94EE5D8-D189-4994-83D2-F68D7D41B0E6} - SecurityDevices SafeBootNet: AppMgmt - Service SafeBootNet: Base - Driver Group SafeBootNet: Boot Bus Extender - Driver Group SafeBootNet: Boot file system - Driver Group SafeBootNet: File system - Driver Group SafeBootNet: Filter - Driver Group SafeBootNet: HelpSvc - Service SafeBootNet: Messenger - Service SafeBootNet: NDIS Wrapper - Driver Group SafeBootNet: NetBIOSGroup - Driver Group SafeBootNet: NetDDEGroup - Driver Group SafeBootNet: Network - Driver Group SafeBootNet: NetworkProvider - Driver Group SafeBootNet: NTDS - File not found SafeBootNet: PCI Configuration - Driver Group SafeBootNet: PNP Filter - Driver Group SafeBootNet: PNP_TDI - Driver Group SafeBootNet: Primary disk - Driver Group SafeBootNet: rdsessmgr - Service SafeBootNet: sacsvr - Service SafeBootNet: SCSI Class - Driver Group SafeBootNet: Streams Drivers - Driver Group SafeBootNet: System Bus Extender - Driver Group SafeBootNet: TDI - Driver Group SafeBootNet: WinDefend - C:\Programme\Windows Defender\MpSvc.dll (Microsoft Corporation) SafeBootNet: WudfPf - Driver SafeBootNet: WudfUsbccidDriver - Driver SafeBootNet: {36FC9E60-C465-11CF-8056-444553540000} - Universal Serial Bus controllers SafeBootNet: {4D36E965-E325-11CE-BFC1-08002BE10318} - CD-ROM Drive SafeBootNet: {4D36E967-E325-11CE-BFC1-08002BE10318} - DiskDrive SafeBootNet: {4D36E969-E325-11CE-BFC1-08002BE10318} - Standard floppy disk controller SafeBootNet: {4D36E96A-E325-11CE-BFC1-08002BE10318} - Hdc SafeBootNet: {4D36E96B-E325-11CE-BFC1-08002BE10318} - Keyboard SafeBootNet: {4D36E96F-E325-11CE-BFC1-08002BE10318} - Mouse SafeBootNet: {4D36E972-E325-11CE-BFC1-08002BE10318} - Net SafeBootNet: {4D36E973-E325-11CE-BFC1-08002BE10318} - NetClient SafeBootNet: {4D36E974-E325-11CE-BFC1-08002BE10318} - NetService SafeBootNet: {4D36E975-E325-11CE-BFC1-08002BE10318} - NetTrans SafeBootNet: {4D36E977-E325-11CE-BFC1-08002BE10318} - PCMCIA Adapters SafeBootNet: {4D36E97B-E325-11CE-BFC1-08002BE10318} - SCSIAdapter SafeBootNet: {4D36E97D-E325-11CE-BFC1-08002BE10318} - System SafeBootNet: {4D36E980-E325-11CE-BFC1-08002BE10318} - Floppy disk drive SafeBootNet: {50DD5230-BA8A-11D1-BF5D-0000F805F530} - Smart card readers SafeBootNet: {533C5B84-EC70-11D2-9505-00C04F79DEAF} - Volume shadow copy SafeBootNet: {6BDD1FC1-810F-11D0-BEC7-08002BE2092F} - IEEE 1394 Bus host controllers SafeBootNet: {71A27CDD-812A-11D0-BEC7-08002BE2092F} - Volume SafeBootNet: {745A17A0-74D3-11D0-B6FE-00A0C90F57DA} - Human Interface Devices SafeBootNet: {D48179BE-EC20-11D1-B6B8-00C04FA372A7} - SBP2 IEEE 1394 Devices SafeBootNet: {D94EE5D8-D189-4994-83D2-F68D7D41B0E6} - SecurityDevices ActiveX: {08B0E5C0-4FCB-11CF-AAA5-00401C608500} - Java (Sun) ActiveX: {2179C5D3-EBFF-11CF-B6FD-00AA00B4E220} - ActiveX: {22d6f312-b0f6-11d0-94ab-0080c74c7e95} - C:\Windows\System32\Microsoft ActiveX: {25FFAAD0-F4A3-4164-95FF-4461E9F35D51} - .NET Framework ActiveX: {2C7339CF-2B09-4501-B3F3-F3508C9228ED} - %SystemRoot%\system32\regsvr32.exe /s /n /i:/UserInstall %SystemRoot%\system32\themeui.dll ActiveX: {3af36230-a269-11d1-b5bf-0000f8051515} - Offline Browsing Pack ActiveX: {3C3901C5-3455-3E0A-A214-0B093A5070A6} - .NET Framework ActiveX: {44BBA840-CC51-11CF-AAFA-00AA00B6015C} - "%ProgramFiles%\Windows Mail\WinMail.exe" OCInstallUserConfigOE ActiveX: {44BBA848-CC51-11CF-AAFA-00AA00B6015C} - ActiveX: {44BBA855-CC51-11CF-AAFA-00AA00B6015F} - DirectDrawEx ActiveX: {45ea75a0-a269-11d1-b5bf-0000f8051515} - Internet Explorer Help ActiveX: {4f645220-306d-11d2-995d-00c04f98bbc9} - Microsoft Windows Script 5.8 ActiveX: {5fd399c0-a70a-11d1-9948-00c04f98bbc9} - Internet Explorer Setup Tools ActiveX: {630b1da0-b465-11d1-9948-00c04f98bbc9} - Browsing Enhancements ActiveX: {6BF52A52-394A-11d3-B153-00C04F79FAA6} - C:\Windows\System32\Microsoft ActiveX: {6fab99d0-bab8-11d1-994a-00c04f98bbc9} - MSN Site Access ActiveX: {7790769C-0471-11d2-AF11-00C04FA35D02} - Address Book 7 ActiveX: {7C028AF8-F614-47B3-82DA-BA94E41B1089} - .NET Framework ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4340} - regsvr32.exe /s /n /i:U shell32.dll ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4383} - C:\Windows\system32\ie4uinit.exe -BaseSettings ActiveX: {89B4C1CD-B018-4511-B0A1-5476DBF70820} - C:\Windows\system32\Rundll32.exe C:\Windows\system32\mscories.dll,Install ActiveX: {9381D8F2-0288-11D0-9501-00AA00B911A5} - Dynamic HTML Data Binding ActiveX: {C9E9A340-D1F1-11D0-821E-444553540600} - Internet Explorer Core Fonts ActiveX: {CDD7975E-60F8-41d5-8149-19E51D6F71D0} - Windows Movie Maker v2.1 ActiveX: {D27CDB6E-AE6D-11CF-96B8-444553540000} - Macromedia Shockwave Flash ActiveX: {de5aed00-a4bf-11d1-9948-00c04f98bbc9} - HTML Help ActiveX: {E92B03AB-B707-11d2-9CBD-0000F87A369E} - Active Directory Service Interface ActiveX: >{22d6f312-b0f6-11d0-94ab-0080c74c7e95} - C:\Windows\system32\unregmp2.exe /ShowWMP ActiveX: >{26923b43-4d38-484f-9b9e-de460746276c} - C:\Windows\system32\ie4uinit.exe -UserIconConfig ActiveX: >{60B49E34-C7CC-11D0-8953-00A0C90347FF} - "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\iedkcs32.dll",BrandIEActiveSetup SIGNUP Drivers32: aux - wdmaud.drv (Microsoft Corporation) Drivers32: aux1 - wdmaud.drv (Microsoft Corporation) Drivers32: midi - wdmaud.drv (Microsoft Corporation) Drivers32: midi1 - wdmaud.drv (Microsoft Corporation) Drivers32: midimapper - midimap.dll (Microsoft Corporation) Drivers32: mixer - wdmaud.drv (Microsoft Corporation) Drivers32: mixer1 - wdmaud.drv (Microsoft Corporation) Drivers32: msacm.divxa32 - msaud32_divx.acm (Microsoft Corporation) Drivers32: msacm.imaadpcm - imaadp32.acm (Microsoft Corporation) Drivers32: msacm.l3acm - C:\Windows\System32\l3codeca.acm (Fraunhofer Institut Integrierte Schaltungen IIS) Drivers32: msacm.msadpcm - msadp32.acm (Microsoft Corporation) Drivers32: msacm.msg711 - msg711.acm (Microsoft Corporation) Drivers32: msacm.msgsm610 - msgsm32.acm (Microsoft Corporation) Drivers32: msacm.siren - sirenacm.dll (Microsoft Corporation) Drivers32: MSVideo - vfwwdm32.dll (Microsoft Corporation) Drivers32: MSVideo8 - VfWWDM32.dll (Microsoft Corporation) Drivers32: vidc.cvid - iccvid.dll (Radius Inc.) Drivers32: vidc.DIVX - DivX.dll (DivX, Inc.) Drivers32: vidc.i420 - lvcodec2.dll (Logitech Inc.) Drivers32: VIDC.IYUV - iyuv_32.dll (Microsoft Corporation) Drivers32: vidc.mrle - msrle32.dll (Microsoft Corporation) Drivers32: vidc.msvc - msvidc32.dll (Microsoft Corporation) Drivers32: VIDC.UYVY - msyuv.dll (Microsoft Corporation) Drivers32: VIDC.YUY2 - msyuv.dll (Microsoft Corporation) Drivers32: vidc.yv12 - DivX.dll (DivX, Inc.) Drivers32: VIDC.YVU9 - tsbyuv.dll (Microsoft Corporation) Drivers32: VIDC.YVYU - msyuv.dll (Microsoft Corporation) Drivers32: wave - wdmaud.drv (Microsoft Corporation) Drivers32: wave1 - wdmaud.drv (Microsoft Corporation) Drivers32: wavemapper - msacm32.drv (Microsoft Corporation) CREATERESTOREPOINT Error creating restore point. ========== Files/Folders - Created Within 30 Days ========== [2011.04.24 13:23:10 | 000,000,000 | ---D | C] -- C:\Users\euroantik\AppData\Local\Microsoft Corporation [2011.04.24 13:22:13 | 000,000,000 | ---D | C] -- C:\Programme\Microsoft Windows 7 Upgrade Advisor [2011.04.22 15:10:22 | 000,000,000 | ---D | C] -- C:\PPF_Scan1 [2011.04.22 08:50:35 | 000,292,864 | ---- | C] (Adobe Systems Incorporated) -- C:\Windows\System32\atmfd.dll [2011.04.22 08:50:34 | 000,034,304 | ---- | C] (Adobe Systems) -- C:\Windows\System32\atmlib.dll [2011.04.22 08:50:15 | 001,469,440 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\inetcpl.cpl [2011.04.22 08:50:15 | 000,611,840 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mstime.dll [2011.04.22 08:50:15 | 000,602,112 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msfeeds.dll [2011.04.22 08:50:15 | 000,387,584 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\iedkcs32.dll [2011.04.22 08:50:15 | 000,385,024 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\html.iec [2011.04.22 08:50:14 | 000,184,320 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\iepeers.dll [2011.04.22 08:50:14 | 000,164,352 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ieui.dll [2011.04.22 08:50:14 | 000,133,632 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ieUnatt.exe [2011.04.22 08:50:14 | 000,109,056 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\iesysprep.dll [2011.04.22 08:50:14 | 000,071,680 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\iesetup.dll [2011.04.22 08:50:14 | 000,055,808 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\iernonce.dll [2011.04.22 08:50:14 | 000,055,296 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msfeedsbs.dll [2011.04.22 08:50:13 | 000,043,520 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\licmgr10.dll [2011.04.22 08:50:13 | 000,025,600 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\jsproxy.dll [2011.04.22 08:50:10 | 001,638,912 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mshtml.tlb [2011.04.22 08:50:10 | 000,173,568 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ie4uinit.exe [2011.04.22 08:50:10 | 000,013,312 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msfeedssync.exe [2011.04.22 08:50:01 | 001,162,240 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mfc42u.dll [2011.04.22 08:50:01 | 001,136,640 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mfc42.dll [2011.04.22 08:49:52 | 000,025,088 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\dnscacheugc.exe [2011.04.22 08:49:49 | 002,041,856 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\win32k.sys [2011.04.22 08:49:42 | 000,726,528 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\jscript.dll [2011.04.22 08:49:42 | 000,420,864 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\vbscript.dll [2011.04.21 11:53:23 | 000,000,000 | ---D | C] -- C:\ProgramData\Fighters [2011.04.21 11:53:14 | 000,000,000 | ---D | C] -- C:\Users\euroantik\AppData\Roaming\Fighters [2011.04.21 11:53:01 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Fighters [2011.04.21 11:52:54 | 000,000,000 | ---D | C] -- C:\Programme\Fighters [2011.04.21 09:18:41 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\GridinSoft [2011.04.21 09:18:36 | 000,000,000 | ---D | C] -- C:\Programme\GridinSoft Trojan Killer [2011.04.21 08:50:39 | 000,307,288 | ---- | C] (AVAST Software) -- C:\Windows\System32\drivers\aswSP.sys [2011.04.21 08:50:39 | 000,019,544 | ---- | C] (AVAST Software) -- C:\Windows\System32\drivers\aswFsBlk.sys [2011.04.21 08:50:39 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\avast! Free Antivirus [2011.04.21 08:50:37 | 000,049,240 | ---- | C] (AVAST Software) -- C:\Windows\System32\drivers\aswTdi.sys [2011.04.21 08:50:37 | 000,025,432 | ---- | C] (AVAST Software) -- C:\Windows\System32\drivers\aswRdr.sys [2011.04.21 08:50:36 | 000,441,176 | ---- | C] (AVAST Software) -- C:\Windows\System32\drivers\aswSnx.sys [2011.04.21 08:50:35 | 000,053,592 | ---- | C] (AVAST Software) -- C:\Windows\System32\drivers\aswMonFlt.sys [2011.04.21 08:49:46 | 000,040,112 | ---- | C] (AVAST Software) -- C:\Windows\avastSS.scr [2011.04.21 08:49:45 | 000,199,304 | ---- | C] (AVAST Software) -- C:\Windows\System32\aswBoot.exe [2011.04.21 08:49:34 | 000,000,000 | ---D | C] -- C:\Programme\AVAST Software [2011.04.21 08:49:34 | 000,000,000 | ---D | C] -- C:\ProgramData\AVAST Software [2011.04.19 12:00:53 | 000,000,000 | -H-D | C] -- C:\Users\euroantik\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Windows Recovery [2011.04.17 12:54:26 | 000,000,000 | ---D | C] -- C:\Programme\Microsoft Application Virtualization Client [2011.04.17 12:53:08 | 000,000,000 | -H-D | C] -- C:\Users\euroantik\AppData\Roaming\TP [2011.03.29 12:06:46 | 000,000,000 | -H-D | C] -- C:\archive_db [2011.03.29 12:06:15 | 000,000,000 | -H-D | C] -- C:\ProgramData\wipe [2011.03.28 08:24:20 | 000,000,000 | -H-D | C] -- C:\ProgramData\Paragon [2011.03.28 08:23:50 | 000,000,000 | -H-D | C] -- C:\ProgramData\launcher [2011.03.28 08:20:50 | 000,057,112 | ---- | C] (Paragon Software Group) -- C:\Windows\System32\drivers\hotcore3.sys [2011.03.28 08:19:24 | 000,000,000 | ---D | C] -- C:\Programme\Paragon Software [2011.03.28 08:12:17 | 000,000,000 | -H-D | C] -- C:\ProgramData\EXPLAUNCHER ========== Files - Modified Within 30 Days ========== [2011.04.25 09:34:07 | 000,001,096 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job [2011.04.25 09:31:56 | 000,000,868 | ---- | M] () -- C:\Windows\tasks\Google Software Updater.job [2011.04.25 09:29:04 | 000,001,092 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job [2011.04.25 09:28:57 | 000,003,568 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0 [2011.04.25 09:28:57 | 000,003,568 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0 [2011.04.25 09:28:37 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat [2011.04.25 09:28:35 | 2138,431,488 | -HS- | M] () -- C:\hiberfil.sys [2011.04.24 13:22:14 | 000,001,986 | ---- | M] () -- C:\Users\Public\Desktop\Windows 7 Upgrade Advisor.lnk [2011.04.24 10:44:53 | 000,000,426 | -H-- | M] () -- C:\Windows\tasks\User_Feed_Synchronization-{AA99CCF1-7210-400C-9663-7FFE154AAE13}.job [2011.04.22 16:14:06 | 000,560,608 | ---- | M] () -- C:\Windows\System32\FNTCACHE.DAT [2011.04.22 09:00:00 | 000,685,474 | ---- | M] () -- C:\Windows\System32\perfh007.dat [2011.04.22 09:00:00 | 000,642,506 | ---- | M] () -- C:\Windows\System32\perfh009.dat [2011.04.22 09:00:00 | 000,149,700 | ---- | M] () -- C:\Windows\System32\perfc007.dat [2011.04.22 09:00:00 | 000,121,514 | ---- | M] () -- C:\Windows\System32\perfc009.dat [2011.04.21 12:19:32 | 000,004,096 | -H-- | M] () -- C:\Users\Public\Documents\00000732.LCS [2011.04.21 11:53:01 | 000,001,947 | ---- | M] () -- C:\Users\Public\Desktop\SLOW-PCfighter.lnk [2011.04.21 08:50:40 | 000,001,831 | ---- | M] () -- C:\Users\Public\Desktop\avast! Free Antivirus.lnk [2011.04.21 08:50:35 | 000,002,577 | ---- | M] () -- C:\Windows\System32\config.nt [2011.04.19 21:35:49 | 000,000,184 | -H-- | M] () -- C:\ProgramData\~40886024 [2011.04.19 21:35:48 | 000,000,152 | -H-- | M] () -- C:\ProgramData\~40886024r [2011.04.19 12:00:44 | 000,000,336 | -H-- | M] () -- C:\ProgramData\40886024 [2011.04.18 19:25:12 | 000,040,112 | ---- | M] (AVAST Software) -- C:\Windows\avastSS.scr [2011.04.18 19:25:10 | 000,199,304 | ---- | M] (AVAST Software) -- C:\Windows\System32\aswBoot.exe [2011.04.18 19:17:46 | 000,441,176 | ---- | M] (AVAST Software) -- C:\Windows\System32\drivers\aswSnx.sys [2011.04.18 19:17:34 | 000,307,288 | ---- | M] (AVAST Software) -- C:\Windows\System32\drivers\aswSP.sys [2011.04.18 19:16:18 | 000,049,240 | ---- | M] (AVAST Software) -- C:\Windows\System32\drivers\aswTdi.sys [2011.04.18 19:13:21 | 000,025,432 | ---- | M] (AVAST Software) -- C:\Windows\System32\drivers\aswRdr.sys [2011.04.18 19:13:09 | 000,053,592 | ---- | M] (AVAST Software) -- C:\Windows\System32\drivers\aswMonFlt.sys [2011.04.18 19:12:58 | 000,019,544 | ---- | M] (AVAST Software) -- C:\Windows\System32\drivers\aswFsBlk.sys [2011.03.29 12:03:34 | 000,051,200 | -H-- | M] () -- C:\Users\euroantik\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini [2011.03.26 22:41:30 | 000,021,470 | ---- | M] () -- C:\Users\euroantik\Desktop\658-image0014.jpg [2011.03.26 17:53:49 | 000,047,683 | ---- | M] () -- C:\Users\euroantik\Desktop\558-image0006.jpg |
|
|
|
25.04.2011, 11:53
|
#5 (Direktlink) |
|
Gast
Beiträge: n/a
|
========== Files Created - No Company Name ==========
[2011.04.24 13:22:14 | 000,001,998 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Windows 7 Upgrade Advisor.lnk [2011.04.24 13:22:14 | 000,001,986 | ---- | C] () -- C:\Users\Public\Desktop\Windows 7 Upgrade Advisor.lnk [2011.04.21 11:53:01 | 000,001,947 | ---- | C] () -- C:\Users\Public\Desktop\SLOW-PCfighter.lnk [2011.04.21 08:50:40 | 000,001,831 | ---- | C] () -- C:\Users\Public\Desktop\avast! Free Antivirus.lnk [2011.04.19 12:00:56 | 000,000,152 | -H-- | C] () -- C:\ProgramData\~40886024r [2011.04.19 12:00:55 | 000,000,184 | -H-- | C] () -- C:\ProgramData\~40886024 [2011.04.19 12:00:44 | 000,000,336 | -H-- | C] () -- C:\ProgramData\40886024 [2011.04.10 10:05:31 | 000,000,860 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Mozilla Firefox.lnk [2011.03.26 22:39:52 | 000,021,470 | ---- | C] () -- C:\Users\euroantik\Desktop\658-image0014.jpg [2011.03.26 17:44:42 | 000,047,683 | ---- | C] () -- C:\Users\euroantik\Desktop\558-image0006.jpg [2010.07.07 14:44:56 | 000,102,744 | ---- | C] () -- C:\Windows\System32\LogiDPPApp.exe [2010.07.07 14:44:30 | 010,829,656 | ---- | C] () -- C:\Windows\System32\LogiDPP.dll [2010.07.07 14:44:20 | 000,290,648 | ---- | C] () -- C:\Windows\System32\DevManagerCore.dll [2010.07.07 14:36:30 | 000,090,071 | ---- | C] () -- C:\Windows\System32\lvcoinst.ini [2010.06.23 17:56:46 | 000,164,375 | ---- | C] () -- C:\Windows\hpoins19.dat [2010.06.23 17:56:33 | 000,026,952 | ---- | C] () -- C:\Windows\hpomdl19.dat [2009.11.11 13:08:01 | 000,000,295 | ---- | C] () -- C:\Windows\{27A7B2F0-49DD-11DD-8921-4CB256D89593}_WiseFW.ini [2009.10.24 15:09:13 | 000,117,248 | ---- | C] () -- C:\Windows\System32\EhStorAuthn.dll [2009.10.24 15:09:13 | 000,107,612 | ---- | C] () -- C:\Windows\System32\StructuredQuerySchema.bin [2009.08.18 16:12:15 | 000,001,356 | -H-- | C] () -- C:\Users\euroantik\AppData\Local\d3d9caps.dat [2009.03.04 12:31:37 | 000,000,151 | ---- | C] () -- C:\Windows\System32\ic32.ini [2009.03.04 12:31:36 | 000,446,464 | ---- | C] () -- C:\Windows\System32\Tx32.dll [2008.12.29 14:19:29 | 000,116,224 | ---- | C] () -- C:\Windows\System32\pdfcmnnt.dll [2008.10.06 06:23:46 | 000,018,904 | ---- | C] () -- C:\Windows\System32\StructuredQuerySchemaTrivial.bin [2008.07.23 18:50:52 | 003,596,288 | ---- | C] () -- C:\Windows\System32\qt-dx331.dll [2008.07.23 18:46:38 | 000,012,288 | ---- | C] () -- C:\Windows\System32\DivXWMPExtType.dll [2008.07.11 12:06:24 | 000,000,304 | -H-- | C] () -- C:\Users\euroantik\AppData\Roaming\wklnhst.dat [2008.06.18 20:51:06 | 000,147,456 | ---- | C] () -- C:\Windows\System32\igfxCoIn_v1504.dll [2008.06.13 13:55:07 | 000,051,200 | -H-- | C] () -- C:\Users\euroantik\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini [2008.05.06 15:52:05 | 000,000,056 | -H-- | C] () -- C:\ProgramData\ezsidmv.dat [2008.01.31 12:31:26 | 000,025,600 | ---- | C] () -- C:\Windows\System32\VADE232.DLL [2008.01.31 12:31:25 | 000,544,256 | ---- | C] () -- C:\Windows\System32\ChangeGraphics.dll [2008.01.21 08:54:16 | 000,016,070 | ---- | C] () -- C:\Windows\German2.ini [2007.12.06 10:52:17 | 000,065,864 | ---- | C] () -- C:\Windows\System32\Digita.sys [2007.12.06 10:52:17 | 000,006,144 | ---- | C] () -- C:\Windows\System32\ImgLibLead.dll [2007.12.06 10:52:16 | 000,100,864 | ---- | C] () -- C:\Windows\System32\Dc50ip32.dll [2007.12.06 10:52:16 | 000,007,808 | ---- | C] () -- C:\Windows\System32\dc240u.sys [2007.12.06 10:52:01 | 000,210,944 | ---- | C] () -- C:\Windows\System32\MSVCRT10.DLL [2007.12.06 10:52:00 | 000,048,640 | ---- | C] () -- C:\Windows\catalogSubInstaller.exe [2007.12.05 11:42:18 | 000,000,000 | ---- | C] () -- C:\Windows\nsreg.dat [2007.09.11 03:31:55 | 000,685,474 | ---- | C] () -- C:\Windows\System32\perfh007.dat [2007.09.11 03:31:55 | 000,290,748 | ---- | C] () -- C:\Windows\System32\perfi007.dat [2007.09.11 03:31:55 | 000,149,700 | ---- | C] () -- C:\Windows\System32\perfc007.dat [2007.09.11 03:31:55 | 000,036,916 | ---- | C] () -- C:\Windows\System32\perfd007.dat [2007.09.10 18:20:49 | 000,114,973 | ---- | C] () -- C:\Windows\hpqins13.dat [2007.09.10 18:16:07 | 000,204,800 | ---- | C] () -- C:\Windows\System32\igfxCoIn_v1277.dll [2007.09.10 18:11:07 | 000,061,440 | ---- | C] () -- C:\Windows\System32\OsdRemove.exe [2007.09.10 18:08:59 | 000,327,680 | ---- | C] () -- C:\Windows\System32\pythoncom25.dll [2007.09.10 18:08:59 | 000,102,400 | ---- | C] () -- C:\Windows\System32\pywintypes25.dll [2007.08.24 20:46:48 | 000,147,456 | ---- | C] () -- C:\Windows\System32\igfxCoIn_v1322.dll [2007.07.19 17:07:52 | 000,000,000 | ---- | C] () -- C:\Windows\System32\px.ini [2006.12.13 23:01:36 | 000,520,192 | ---- | C] () -- C:\Windows\System32\CddbPlaylist2Roxio.dll [2006.12.13 23:01:36 | 000,204,800 | ---- | C] () -- C:\Windows\System32\CddbFileTaggerRoxio.dll [2006.11.02 14:57:28 | 000,067,584 | --S- | C] () -- C:\Windows\bootstat.dat [2006.11.02 14:47:37 | 000,560,608 | ---- | C] () -- C:\Windows\System32\FNTCACHE.DAT [2006.11.02 14:35:32 | 000,005,632 | ---- | C] () -- C:\Windows\System32\sysprepMCE.dll [2006.11.02 12:33:01 | 000,642,506 | ---- | C] () -- C:\Windows\System32\perfh009.dat [2006.11.02 12:33:01 | 000,287,440 | ---- | C] () -- C:\Windows\System32\perfi009.dat [2006.11.02 12:33:01 | 000,121,514 | ---- | C] () -- C:\Windows\System32\perfc009.dat [2006.11.02 12:33:01 | 000,030,674 | ---- | C] () -- C:\Windows\System32\perfd009.dat [2006.11.02 12:23:21 | 000,215,943 | ---- | C] () -- C:\Windows\System32\dssec.dat [2006.11.02 10:58:30 | 000,043,131 | ---- | C] () -- C:\Windows\mib.bin [2006.11.02 10:33:50 | 001,868,944 | ---- | C] () -- C:\Windows\System32\RSA32_16.DLL [2006.11.02 10:19:00 | 000,000,741 | ---- | C] () -- C:\Windows\System32\NOISE.DAT [2006.11.02 09:40:29 | 000,013,750 | ---- | C] () -- C:\Windows\System32\pacerprf.ini [2006.11.02 09:25:31 | 000,673,088 | ---- | C] () -- C:\Windows\System32\mlang.dat ========== LOP Check ========== [2011.04.22 21:08:53 | 000,000,000 | -H-D | M] -- C:\Users\euroantik\AppData\Roaming\AllDup [2008.04.17 16:54:12 | 000,000,000 | -H-D | M] -- C:\Users\euroantik\AppData\Roaming\Auslogics [2011.04.22 20:54:46 | 000,000,000 | -H-D | M] -- C:\Users\euroantik\AppData\Roaming\Azureus [2011.03.15 12:56:01 | 000,000,000 | -H-D | M] -- C:\Users\euroantik\AppData\Roaming\DATA BECKER Shared [2011.01.14 14:10:08 | 000,000,000 | -H-D | M] -- C:\Users\euroantik\AppData\Roaming\elsterformular [2011.04.21 11:53:14 | 000,000,000 | ---D | M] -- C:\Users\euroantik\AppData\Roaming\Fighters [2011.04.22 20:45:40 | 000,000,000 | -H-D | M] -- C:\Users\euroantik\AppData\Roaming\ICQ [2011.03.04 00:13:14 | 000,000,000 | -H-D | M] -- C:\Users\euroantik\AppData\Roaming\Image Zone Express [2009.07.09 09:30:52 | 000,000,000 | -H-D | M] -- C:\Users\euroantik\AppData\Roaming\LogoMaker [2009.11.11 13:08:11 | 000,000,000 | -H-D | M] -- C:\Users\euroantik\AppData\Roaming\mirabyte [2011.04.17 12:21:24 | 000,000,000 | -H-D | M] -- C:\Users\euroantik\AppData\Roaming\Nokia [2011.04.17 12:21:24 | 000,000,000 | -H-D | M] -- C:\Users\euroantik\AppData\Roaming\Nokia Ovi Suite [2009.11.11 15:47:02 | 000,000,000 | -H-D | M] -- C:\Users\euroantik\AppData\Roaming\Nvu [2010.08.04 15:33:32 | 000,000,000 | -H-D | M] -- C:\Users\euroantik\AppData\Roaming\OpenOffice.org [2011.01.26 22:07:03 | 000,000,000 | -H-D | M] -- C:\Users\euroantik\AppData\Roaming\PanoramaStudio2Pro [2011.01.02 19:06:37 | 000,000,000 | -H-D | M] -- C:\Users\euroantik\AppData\Roaming\PC Suite [2011.02.12 22:34:14 | 000,000,000 | -H-D | M] -- C:\Users\euroantik\AppData\Roaming\Printer Info Cache [2011.04.18 09:17:53 | 000,000,000 | -H-D | M] -- C:\Users\euroantik\AppData\Roaming\ProtectDisc [2008.05.16 11:22:18 | 000,000,000 | -H-D | M] -- C:\Users\euroantik\AppData\Roaming\Supreme Auction [2008.07.16 16:57:09 | 000,000,000 | -H-D | M] -- C:\Users\euroantik\AppData\Roaming\Template [2008.05.05 08:32:15 | 000,000,000 | -H-D | M] -- C:\Users\euroantik\AppData\Roaming\Thunderbird [2010.07.16 09:23:23 | 000,000,000 | -H-D | M] -- C:\Users\euroantik\AppData\Roaming\Tific [2011.04.17 14:41:13 | 000,000,000 | -H-D | M] -- C:\Users\euroantik\AppData\Roaming\TP [2010.07.11 09:56:13 | 000,000,000 | -H-D | M] -- C:\Users\euroantik\AppData\Roaming\WinBatch [2009.08.14 16:58:25 | 000,000,000 | -H-D | M] -- C:\Users\euroantik\AppData\Roaming\Zoner [2011.04.24 13:54:45 | 000,032,632 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT [2011.04.24 10:44:53 | 000,000,426 | -H-- | M] () -- C:\Windows\Tasks\User_Feed_Synchronization-{AA99CCF1-7210-400C-9663-7FFE154AAE13}.job ========== Purity Check ========== ========== Custom Scans ========== < %ALLUSERSPROFILE%\Application Data\*. > < %ALLUSERSPROFILE%\Application Data\*.exe /s > < %APPDATA%\*. > [2008.02.29 09:50:01 | 000,000,000 | -H-D | M] -- C:\Users\euroantik\AppData\Roaming\Adobe [2011.04.22 21:08:53 | 000,000,000 | -H-D | M] -- C:\Users\euroantik\AppData\Roaming\AllDup [2009.01.12 15:31:59 | 000,000,000 | -H-D | M] -- C:\Users\euroantik\AppData\Roaming\Apple Computer [2008.04.17 16:54:12 | 000,000,000 | -H-D | M] -- C:\Users\euroantik\AppData\Roaming\Auslogics [2011.04.22 20:54:46 | 000,000,000 | -H-D | M] -- C:\Users\euroantik\AppData\Roaming\Azureus [2011.03.15 12:56:01 | 000,000,000 | -H-D | M] -- C:\Users\euroantik\AppData\Roaming\DATA BECKER Shared [2008.06.30 10:24:54 | 000,000,000 | -H-D | M] -- C:\Users\euroantik\AppData\Roaming\DivX [2011.01.14 14:10:08 | 000,000,000 | -H-D | M] -- C:\Users\euroantik\AppData\Roaming\elsterformular [2011.04.21 11:53:14 | 000,000,000 | ---D | M] -- C:\Users\euroantik\AppData\Roaming\Fighters [2009.01.30 14:40:50 | 000,000,000 | -H-D | M] -- C:\Users\euroantik\AppData\Roaming\Google [2008.12.12 15:01:54 | 000,000,000 | -H-D | M] -- C:\Users\euroantik\AppData\Roaming\GRETECH [2007.12.05 11:03:20 | 000,000,000 | -H-D | M] -- C:\Users\euroantik\AppData\Roaming\Hewlett-Packard [2010.07.12 09:33:07 | 000,000,000 | -H-D | M] -- C:\Users\euroantik\AppData\Roaming\HP [2011.04.22 20:45:40 | 000,000,000 | -H-D | M] -- C:\Users\euroantik\AppData\Roaming\ICQ [2007.12.05 11:01:56 | 000,000,000 | -H-D | M] -- C:\Users\euroantik\AppData\Roaming\Identities [2011.03.04 00:13:14 | 000,000,000 | -H-D | M] -- C:\Users\euroantik\AppData\Roaming\Image Zone Express [2009.07.09 09:30:52 | 000,000,000 | -H-D | M] -- C:\Users\euroantik\AppData\Roaming\LogoMaker [2007.12.05 10:57:37 | 000,000,000 | -H-D | M] -- C:\Users\euroantik\AppData\Roaming\Macromedia [2006.11.02 14:37:34 | 000,000,000 | -H-D | M] -- C:\Users\euroantik\AppData\Roaming\Media Center Programs [2011.04.17 14:56:13 | 000,000,000 | --SD | M] -- C:\Users\euroantik\AppData\Roaming\Microsoft [2009.11.11 13:08:11 | 000,000,000 | -H-D | M] -- C:\Users\euroantik\AppData\Roaming\mirabyte [2008.06.30 08:33:08 | 000,000,000 | -H-D | M] -- C:\Users\euroantik\AppData\Roaming\Mozilla [2008.07.24 11:43:47 | 000,000,000 | -H-D | M] -- C:\Users\euroantik\AppData\Roaming\Nero [2010.03.12 18:28:25 | 000,000,000 | -H-D | M] -- C:\Users\euroantik\AppData\Roaming\NeroDCTemplates [2011.04.17 12:21:24 | 000,000,000 | -H-D | M] -- C:\Users\euroantik\AppData\Roaming\Nokia [2011.04.17 12:21:24 | 000,000,000 | -H-D | M] -- C:\Users\euroantik\AppData\Roaming\Nokia Ovi Suite [2009.11.11 15:47:02 | 000,000,000 | -H-D | M] -- C:\Users\euroantik\AppData\Roaming\Nvu [2010.08.04 15:33:32 | 000,000,000 | -H-D | M] -- C:\Users\euroantik\AppData\Roaming\OpenOffice.org [2011.01.26 22:07:03 | 000,000,000 | -H-D | M] -- C:\Users\euroantik\AppData\Roaming\PanoramaStudio2Pro [2011.01.02 19:06:37 | 000,000,000 | -H-D | M] -- C:\Users\euroantik\AppData\Roaming\PC Suite [2011.02.12 22:34:14 | 000,000,000 | -H-D | M] -- C:\Users\euroantik\AppData\Roaming\Printer Info Cache [2011.04.18 09:17:53 | 000,000,000 | -H-D | M] -- C:\Users\euroantik\AppData\Roaming\ProtectDisc [2010.03.12 18:49:49 | 000,000,000 | -H-D | M] -- C:\Users\euroantik\AppData\Roaming\Real [2008.07.07 16:18:14 | 000,000,000 | -H-D | M] -- C:\Users\euroantik\AppData\Roaming\Roxio [2011.03.15 11:16:03 | 000,000,000 | -H-D | M] -- C:\Users\euroantik\AppData\Roaming\Skype [2011.03.15 10:58:09 | 000,000,000 | -H-D | M] -- C:\Users\euroantik\AppData\Roaming\skypePM [2008.05.16 11:22:18 | 000,000,000 | -H-D | M] -- C:\Users\euroantik\AppData\Roaming\Supreme Auction [2008.07.16 16:57:09 | 000,000,000 | -H-D | M] -- C:\Users\euroantik\AppData\Roaming\Template [2008.05.05 08:32:15 | 000,000,000 | -H-D | M] -- C:\Users\euroantik\AppData\Roaming\Thunderbird [2010.07.16 09:23:23 | 000,000,000 | -H-D | M] -- C:\Users\euroantik\AppData\Roaming\Tific [2011.04.17 14:41:13 | 000,000,000 | -H-D | M] -- C:\Users\euroantik\AppData\Roaming\TP [2010.07.11 09:56:13 | 000,000,000 | -H-D | M] -- C:\Users\euroantik\AppData\Roaming\WinBatch [2008.12.24 11:58:09 | 000,000,000 | -H-D | M] -- C:\Users\euroantik\AppData\Roaming\WinRAR [2009.08.14 16:58:25 | 000,000,000 | -H-D | M] -- C:\Users\euroantik\AppData\Roaming\Zoner < %APPDATA%\*.exe /s > [2008.12.23 18:01:31 | 008,131,347 | -H-- | M] () -- C:\Users\euroantik\AppData\Roaming\Azureus\plugins\azump\mplayer.exe [2011.03.16 17:43:11 | 001,798,480 | -H-- | M] (DATA BECKER GmbH & Co KG) -- C:\Users\euroantik\AppData\Roaming\DATA BECKER Shared\DATA BECKER Update Service.exe [2011.03.15 12:56:01 | 000,175,104 | -H-- | M] (DATA BECKER GmbH & Co KG) -- C:\Users\euroantik\AppData\Roaming\DATA BECKER Shared\DBService.exe [2010.08.14 10:13:44 | 000,456,200 | -H-- | M] (RealNetworks, Inc.) -- C:\Users\euroantik\AppData\Roaming\Real\Update\setup3.12\setup.exe [2011.01.30 12:29:39 | 000,510,120 | -H-- | M] (RealNetworks, Inc.) -- C:\Users\euroantik\AppData\Roaming\Real\Update\setup3.13\setup.exe < %SYSTEMDRIVE%\*.exe > < MD5 for: AGP440.SYS > [2008.01.19 09:42:25 | 000,056,376 | ---- | M] (Microsoft Corporation) MD5=13F9E33747E6B41A3FF305C37DB0D360 -- C:\Windows\System32\DriverStore\FileRepository\machine.inf_51b95d75\AGP440.sys [2008.01.19 09:42:25 | 000,056,376 | ---- | M] (Microsoft Corporation) MD5=13F9E33747E6B41A3FF305C37DB0D360 -- C:\Windows\System32\DriverStore\FileRepository\machine.inf_f750e484\AGP440.sys [2008.01.19 09:42:25 | 000,056,376 | ---- | M] (Microsoft Corporation) MD5=13F9E33747E6B41A3FF305C37DB0D360 -- C:\Windows\winsxs\x86_machine.inf_31bf3856ad364e35_6.0.6001.18000_none_ba12ed3bb eb0d97a\AGP440.sys [2008.01.19 09:42:25 | 000,056,376 | ---- | M] (Microsoft Corporation) MD5=13F9E33747E6B41A3FF305C37DB0D360 -- C:\Windows\winsxs\x86_machine.inf_31bf3856ad364e35_6.0.6002.18005_none_bbfe6647b bd2a4c6\AGP440.sys [2006.11.02 11:49:52 | 000,053,864 | ---- | M] (Microsoft Corporation) MD5=EF23439CDD587F64C2C1B8825CEAD7D8 -- C:\Windows\System32\drivers\AGP440.sys [2006.11.02 11:49:52 | 000,053,864 | ---- | M] (Microsoft Corporation) MD5=EF23439CDD587F64C2C1B8825CEAD7D8 -- C:\Windows\System32\DriverStore\FileRepository\machine.inf_920a2c1f\AGP440.sys < MD5 for: ATAPI.SYS > [2009.04.11 08:32:26 | 000,019,944 | ---- | M] (Microsoft Corporation) MD5=1F05B78AB91C9075565A9D8A4B880BC4 -- C:\Windows\System32\drivers\atapi.sys [2009.04.11 08:32:26 | 000,019,944 | ---- | M] (Microsoft Corporation) MD5=1F05B78AB91C9075565A9D8A4B880BC4 -- C:\Windows\System32\DriverStore\FileRepository\mshdc.inf_b12d8e84\atapi.sys [2009.04.11 08:32:26 | 000,019,944 | ---- | M] (Microsoft Corporation) MD5=1F05B78AB91C9075565A9D8A4B880BC4 -- C:\Windows\winsxs\x86_mshdc.inf_31bf3856ad364e35_6.0.6002.18005_none_df23a1261ea b99e8\atapi.sys [2008.01.19 09:41:30 | 000,021,560 | ---- | M] (Microsoft Corporation) MD5=2D9C903DC76A66813D350A562DE40ED9 -- C:\Windows\System32\DriverStore\FileRepository\mshdc.inf_cc18792d\atapi.sys [2008.01.19 09:41:30 | 000,021,560 | ---- | M] (Microsoft Corporation) MD5=2D9C903DC76A66813D350A562DE40ED9 -- C:\Windows\winsxs\x86_mshdc.inf_31bf3856ad364e35_6.0.6001.18000_none_dd38281a218 9ce9c\atapi.sys [2006.11.02 11:49:36 | 000,019,048 | ---- | M] (Microsoft Corporation) MD5=4F4FCB8B6EA06784FB6D475B7EC7300F -- C:\Windows\System32\DriverStore\FileRepository\mshdc.inf_c6c2e699\atapi.sys [2008.02.14 09:54:42 | 000,021,560 | ---- | M] (Microsoft Corporation) MD5=B35CFCEF838382AB6490B321C87EDF17 -- C:\Windows\System32\DriverStore\FileRepository\mshdc.inf_7de13c21\atapi.sys [2008.02.14 09:54:42 | 000,021,560 | ---- | M] (Microsoft Corporation) MD5=B35CFCEF838382AB6490B321C87EDF17 -- C:\Windows\winsxs\x86_mshdc.inf_31bf3856ad364e35_6.0.6000.16632_none_db337a44247 9c42c\atapi.sys [2008.02.14 09:54:42 | 000,021,560 | ---- | M] (Microsoft Corporation) MD5=E03E8C99D15D0381E02743C36AFC7C6F -- C:\Windows\winsxs\x86_mshdc.inf_31bf3856ad364e35_6.0.6000.20757_none_dbac78a93da 31a8b\atapi.sys < MD5 for: CNGAUDIT.DLL > [2006.11.02 11:46:03 | 000,011,776 | ---- | M] (Microsoft Corporation) MD5=7F15B4953378C8B5161D65C26D5FED4D -- C:\Windows\System32\cngaudit.dll [2006.11.02 11:46:03 | 000,011,776 | ---- | M] (Microsoft Corporation) MD5=7F15B4953378C8B5161D65C26D5FED4D -- C:\Windows\winsxs\x86_microsoft-windows-cngaudit-dll_31bf3856ad364e35_6.0.6000.16386_none_e62d292932a96ce6\cngaudit.dll < MD5 for: IASTORV.SYS > [2008.01.19 09:42:51 | 000,235,064 | ---- | M] (Intel Corporation) MD5=54155EA1B0DF185878E0FC9EC3AC3A14 -- C:\Windows\System32\DriverStore\FileRepository\iastorv.inf_c9df7691\iaStorV.sys [2008.01.19 09:42:51 | 000,235,064 | ---- | M] (Intel Corporation) MD5=54155EA1B0DF185878E0FC9EC3AC3A14 -- C:\Windows\winsxs\x86_iastorv.inf_31bf3856ad364e35_6.0.6001.18000_none_af1152788 7c7fa8f\iaStorV.sys [2006.11.02 11:51:25 | 000,232,040 | ---- | M] (Intel Corporation) MD5=C957BF4B5D80B46C5017BF0101E6C906 -- C:\Windows\System32\drivers\iaStorV.sys [2006.11.02 11:51:25 | 000,232,040 | ---- | M] (Intel Corporation) MD5=C957BF4B5D80B46C5017BF0101E6C906 -- C:\Windows\System32\DriverStore\FileRepository\iastorv.inf_37cdafa4\iaStorV.sys < MD5 for: NETLOGON.DLL > [2006.11.02 11:46:11 | 000,559,616 | ---- | M] (Microsoft Corporation) MD5=889A2C9F2AACCD8F64EF50AC0B3D553B -- C:\Windows\winsxs\x86_microsoft-windows-security-netlogon_31bf3856ad364e35_6.0.6000.16386_none_fb80f5473b0ed783\netlogon.dll [2009.04.11 08:28:23 | 000,592,896 | ---- | M] (Microsoft Corporation) MD5=95DAECF0FB120A7B5DA679CC54E37DDE -- C:\Windows\System32\netlogon.dll [2009.04.11 08:28:23 | 000,592,896 | ---- | M] (Microsoft Corporation) MD5=95DAECF0FB120A7B5DA679CC54E37DDE -- C:\Windows\winsxs\x86_microsoft-windows-security-netlogon_31bf3856ad364e35_6.0.6002.18005_none_ffa3304f351bb3a3\netlogon.dll [2008.01.19 09:35:36 | 000,592,384 | ---- | M] (Microsoft Corporation) MD5=A8EFC0B6E75B789F7FD3BA5025D4E37F -- C:\Windows\winsxs\x86_microsoft-windows-security-netlogon_31bf3856ad364e35_6.0.6001.18000_none_fdb7b74337f9e857\netlogon.dll < MD5 for: NVSTOR.SYS > [2006.11.02 11:50:13 | 000,040,040 | ---- | M] (NVIDIA Corporation) MD5=9E0BA19A28C498A6D323D065DB76DFFC -- C:\Windows\System32\drivers\nvstor.sys [2006.11.02 11:50:13 | 000,040,040 | ---- | M] (NVIDIA Corporation) MD5=9E0BA19A28C498A6D323D065DB76DFFC -- C:\Windows\System32\DriverStore\FileRepository\nvraid.inf_733654ff\nvstor.sys [2008.01.19 09:42:09 | 000,045,112 | ---- | M] (NVIDIA Corporation) MD5=ABED0C09758D1D97DB0042DBB2688177 -- C:\Windows\System32\DriverStore\FileRepository\nvraid.inf_31c3d71d\nvstor.sys [2008.01.19 09:42:09 | 000,045,112 | ---- | M] (NVIDIA Corporation) MD5=ABED0C09758D1D97DB0042DBB2688177 -- C:\Windows\winsxs\x86_nvraid.inf_31bf3856ad364e35_6.0.6001.18000_none_39dac327be fea467\nvstor.sys < MD5 for: SCECLI.DLL > [2008.01.19 09:36:19 | 000,177,152 | ---- | M] (Microsoft Corporation) MD5=28B84EB538F7E8A0FE8B9299D591E0B9 -- C:\Windows\winsxs\x86_microsoft-windows-s..urationengineclient_31bf3856ad364e35_6.0.6001.18000_none_380de25bd91b6f12\sce cli.dll [2006.11.02 11:46:12 | 000,176,640 | ---- | M] (Microsoft Corporation) MD5=80E2839D05CA5970A86D7BE2A08BFF61 -- C:\Windows\winsxs\x86_microsoft-windows-s..urationengineclient_31bf3856ad364e35_6.0.6000.16386_none_35d7205fdc305e3e\sce cli.dll [2009.04.11 08:28:24 | 000,177,152 | ---- | M] (Microsoft Corporation) MD5=8FC182167381E9915651267044105EE1 -- C:\Windows\System32\scecli.dll [2009.04.11 08:28:24 | 000,177,152 | ---- | M] (Microsoft Corporation) MD5=8FC182167381E9915651267044105EE1 -- C:\Windows\winsxs\x86_microsoft-windows-s..urationengineclient_31bf3856ad364e35_6.0.6002.18005_none_39f95b67d63d3a5e\sce cli.dll < MD5 for: USERINIT.EXE > [2008.01.19 09:33:33 | 000,025,088 | ---- | M] (Microsoft Corporation) MD5=0E135526E9785D085BCD9AEDE6FBCBF9 -- C:\Windows\System32\userinit.exe [2008.01.19 09:33:33 | 000,025,088 | ---- | M] (Microsoft Corporation) MD5=0E135526E9785D085BCD9AEDE6FBCBF9 -- C:\Windows\winsxs\x86_microsoft-windows-userinit_31bf3856ad364e35_6.0.6001.18000_none_dc28ba15d1aff80b\userinit.exe [2006.11.02 11:45:50 | 000,024,576 | ---- | M] (Microsoft Corporation) MD5=22027835939F86C3E47AD8E3FBDE3D11 -- C:\Windows\winsxs\x86_microsoft-windows-userinit_31bf3856ad364e35_6.0.6000.16386_none_d9f1f819d4c4e737\userinit.exe < MD5 for: WS2IFSL.SYS > [2006.11.02 10:58:26 | 000,015,872 | ---- | M] (Microsoft Corporation) MD5=84620AECDCFD2A7A14E6263927D8C0ED -- C:\Windows\winsxs\x86_microsoft-windows-w..rastructure-ws2ifsl_31bf3856ad364e35_6.0.6000.16386_none_4d4fded8cae2956d\ws2ifsl.sys [2008.01.19 07:56:49 | 000,015,872 | ---- | M] (Microsoft Corporation) MD5=E3A3CB253C0EC2494D4A61F5E43A389C -- C:\Windows\System32\drivers\ws2ifsl.sys [2008.01.19 07:56:49 | 000,015,872 | ---- | M] (Microsoft Corporation) MD5=E3A3CB253C0EC2494D4A61F5E43A389C -- C:\Windows\winsxs\x86_microsoft-windows-w..rastructure-ws2ifsl_31bf3856ad364e35_6.0.6001.18000_none_4f86a0d4c7cda641\ws2ifsl.sys < %systemroot%\system32\drivers\*.sys /lockedfiles > < %systemroot%\System32\config\*.sav > [2006.11.02 12:34:05 | 000,008,192 | ---- | M] () -- C:\Windows\System32\config\COMPONENTS.SAV [2006.11.02 12:34:05 | 000,020,480 | ---- | M] () -- C:\Windows\System32\config\DEFAULT.SAV [2006.11.02 12:34:05 | 000,008,192 | ---- | M] () -- C:\Windows\System32\config\SECURITY.SAV [2006.11.02 12:34:08 | 010,133,504 | ---- | M] () -- C:\Windows\System32\config\SOFTWARE.SAV [2006.11.02 12:34:08 | 001,826,816 | ---- | M] () -- C:\Windows\System32\config\SYSTEM.SAV < %systemroot%\*. /mp /s > < %systemroot%\system32\*.dll /lockedfiles > < End of report > |
|
|
|
|
25.04.2011, 11:55
|
#6 (Direktlink) |
|
Gast
Beiträge: n/a
|
OTL Extras logfile created on: 25.04.2011 09:41:10 - Run 1
OTL by OldTimer - Version 3.2.22.3 Folder = C:\Users\euroantik\Downloads Windows Vista Home Premium Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation Internet Explorer (Version = 8.0.6001.19048) Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy 2,00 Gb Total Physical Memory | 1,00 Gb Available Physical Memory | 45,00% Memory free 4,00 Gb Paging File | 3,00 Gb Available in Paging File | 69,00% Paging File free Paging file location(s): c:\pagefile.sys 2222 3111 [binary data] %SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files Drive C: | 141,96 Gb Total Space | 42,17 Gb Free Space | 29,70% Space Free | Partition Type: NTFS Drive D: | 7,09 Gb Total Space | 0,65 Gb Free Space | 9,13% Space Free | Partition Type: NTFS Drive E: | 4,38 Gb Total Space | 2,31 Gb Free Space | 52,75% Space Free | Partition Type: UDF Drive I: | 1,91 Gb Total Space | 1,74 Gb Free Space | 91,12% Space Free | Partition Type: FAT Drive M: | 7,79 Gb Total Space | 6,98 Gb Free Space | 89,51% Space Free | Partition Type: FAT32 Computer Name: EUROANTIK-PC | User Name: euroantik | Logged in as Administrator. Boot Mode: Normal | Scan Mode: All users Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days ========== Extra Registry (SafeList) ========== ========== File Associations ========== [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>] .cpl [@ = cplfile] -- C:\Windows\System32\control.exe (Microsoft Corporation) .hlp [@ = hlpfile] -- C:\Windows\winhlp32.exe (Microsoft Corporation) [HKEY_USERS\S-1-5-21-281255394-4162190622-601280986-1000\SOFTWARE\Classes\<extension>] .html [@ = FirefoxHTML] -- C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation) ========== Shell Spawning ========== [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command] batfile [open] -- "%1" %* cmdfile [open] -- "%1" %* comfile [open] -- "%1" %* cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation) exefile [open] -- "%1" %* helpfile [open] -- Reg Error: Key error. hlpfile [open] -- %SystemRoot%\winhlp32.exe %1 (Microsoft Corporation) htmlfile [edit] -- Reg Error: Key error. htmlfile [print] -- "C:\Program Files\Microsoft Office\Office14\msohtmed.exe" /p %1 http [open] -- "C:\Program Files\Mozilla Firefox\firefox.exe" -requestPending -osint -url "%1" (Mozilla Corporation) https [open] -- "C:\Program Files\Mozilla Firefox\firefox.exe" -requestPending -osint -url "%1" (Mozilla Corporation) inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation) piffile [open] -- "%1" %* regfile [merge] -- Reg Error: Key error. scrfile [config] -- "%1" scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l scrfile [open] -- "%1" /S txtfile [edit] -- Reg Error: Key error. Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1 Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation) Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation) Folder [open] -- %SystemRoot%\Explorer.exe /separate,/idlist,%I,%L (Microsoft Corporation) Folder [explore] -- %SystemRoot%\Explorer.exe /separate,/e,/idlist,%I,%L (Microsoft Corporation) Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation) ========== Security Center Settings ========== [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center] "cval" = 0 "UacDisableNotify" = 1 "InternetSettingsDisableNotify" = 1 "AutoUpdateDisableNotify" = 1 [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring] "DisableMonitoring" = 1 [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus] "DisableMonitoring" = 1 [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall] "DisableMonitoring" = 1 [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc] "AntiVirusOverride" = 0 "AntiSpywareOverride" = 0 "FirewallOverride" = 0 "VistaSp1" = Reg Error: Unknown registry data type -- File not found "VistaSp2" = Reg Error: Unknown registry data type -- File not found ========== Firewall Settings ========== [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\Fir ewallPolicy\DomainProfile] "DisableNotifications" = 0 "EnableFirewall" = 1 [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\Fir ewallPolicy\StandardProfile] "DisableNotifications" = 0 "EnableFirewall" = 1 [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\Fir ewallPolicy\PublicProfile] "DisableNotifications" = 0 "EnableFirewall" = 1 ========== Authorized Applications List ========== ========== Vista Active Open Ports Exception List ========== [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\Fir ewallPolicy\FirewallRules] "{04B02D0C-FB0F-481B-B43E-16B7D6C3CC7D}" = rport=137 | protocol=17 | dir=out | app=system | "{443E06F1-291A-4A37-83EE-CCEDDF0A8999}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=svchost.exe | "{5051C7DC-5340-472C-97DE-FCCE1C5A458D}" = lport=138 | protocol=17 | dir=in | app=system | "{6A6949CF-373E-44EE-A832-D207FF4787EC}" = lport=6004 | protocol=17 | dir=in | app=c:\program files\microsoft office\office14\outlook.exe | "{7758AC44-B8C5-497D-A469-FF9D4153C156}" = lport=445 | protocol=6 | dir=in | app=system | "{7A551817-B494-4B17-8377-D2F22323D58B}" = rport=139 | protocol=6 | dir=out | app=system | "{B484C6CF-BE30-4476-BD89-BC328F06E52B}" = lport=rpc | protocol=6 | dir=in | svc=spooler | app=%systemroot%\system32\spoolsv.exe | "{C1A54FA5-50C0-45B5-B9C6-418BDAE3968F}" = rport=445 | protocol=6 | dir=out | app=system | "{E185F568-79A3-4F62-A611-86B991B39886}" = lport=139 | protocol=6 | dir=in | app=system | "{ED4FCF8B-33A0-4BAB-A1BA-7AF630AC6912}" = lport=137 | protocol=17 | dir=in | app=system | "{F16FAA70-A651-4872-A170-D0BEED09D66D}" = lport=2869 | protocol=6 | dir=in | app=system | "{F56F2FCE-465D-450B-9860-90E1C4839FBF}" = lport=rpc-epmap | protocol=6 | dir=in | svc=rpcss | name=@firewallapi.dll,-28539 | "{FF3A25C0-3541-42EA-B302-FA4205F61997}" = rport=138 | protocol=17 | dir=out | app=system | ========== Vista Active Application Exception List ========== [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\Fir ewallPolicy\FirewallRules] "{09D56AE0-E336-4863-9FA9-E5368B3FF8C1}" = protocol=1 | dir=in | name=@firewallapi.dll,-28543 | "{3A736803-A046-4EC7-97C9-140DDD9DC1F7}" = protocol=1 | dir=out | name=@firewallapi.dll,-28544 | "{3CB330A9-7959-40BF-BAF3-4C0CB0997A48}" = dir=in | app=c:\program files\skype\phone\skype.exe | "{428BB9C6-2BB7-40E7-A5DB-35BF60C52625}" = protocol=58 | dir=in | name=@firewallapi.dll,-28545 | "{7674BDB7-10DF-4185-A15F-B7A0792DA301}" = dir=in | app=c:\program files\windows live\messenger\msnmsgr.exe | "{AF99CC9F-0016-4EFD-B084-0714757297AF}" = dir=in | app=c:\program files\windows live\sync\windowslivesync.exe | "{C97D8AC8-BECB-4A4F-800A-EF2D23D2DFC9}" = protocol=58 | dir=out | name=@firewallapi.dll,-28546 | "TCP Query User{0E29D4DC-6213-4ED3-86EB-9BD0F9A354A6}C:\program files\common files\nokia\service layer\a\nsl_host_process.exe" = protocol=6 | dir=in | app=c:\program files\common files\nokia\service layer\a\nsl_host_process.exe | "TCP Query User{38853521-54F5-44BE-AB9D-11C3AFF44061}C:\program files\google\google earth\plugin\geplugin.exe" = protocol=6 | dir=in | app=c:\program files\google\google earth\plugin\geplugin.exe | "TCP Query User{8C8E2B64-1C33-4005-866C-34EA19D36329}C:\program files\nokia\nokia ovi suite\nokiaovisuite.exe" = protocol=6 | dir=in | app=c:\program files\nokia\nokia ovi suite\nokiaovisuite.exe | "UDP Query User{064538CF-0599-4915-A1E7-8AD17E533A92}C:\program files\common files\nokia\service layer\a\nsl_host_process.exe" = protocol=17 | dir=in | app=c:\program files\common files\nokia\service layer\a\nsl_host_process.exe | "UDP Query User{84DD3CDE-5F16-4762-80E4-F75D1AC4B3BE}C:\program files\google\google earth\plugin\geplugin.exe" = protocol=17 | dir=in | app=c:\program files\google\google earth\plugin\geplugin.exe | "UDP Query User{9C580752-31BB-4AAE-8059-2D327DE9EBD1}C:\program files\nokia\nokia ovi suite\nokiaovisuite.exe" = protocol=17 | dir=in | app=c:\program files\nokia\nokia ovi suite\nokiaovisuite.exe | ========== HKEY_LOCAL_MACHINE Uninstall List ========== [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall] "{0001B4FD-9EA3-4D90-A79E-FD14BA3AB01D}" = PDFCreator "{002D9D5E-29BA-3E6D-9BC4-3D7D6DBC735C}" = Microsoft Visual C++ 2008 ATL Update kb973924 - x86 9.0.30729.4148 "{028ED9C4-25EE-4DEE-9CF4-91034BC89B18}" = Microsoft SQL Server 2005 Express Edition (SQLEXPRESS) "{0394CDC8-FABD-4ed8-B104-03393876DFDF}" = Roxio Creator Tools "{04830D0F-F980-4EC0-89F1-594F2FD2A1B5}" = ElsterFormular 2008/2009 "{052FDD78-A6EA-3187-8386-C82F4CA3A929}" = Microsoft .NET Framework 3.5 Language Pack SP1 - deu "{07629207-FAA0-4F1A-8092-BF5085BE511F}" = Unterstützungsdateien für das Microsoft SQL Server-Setup (Englisch) "{0A2C5854-557E-48C8-835A-3B9F074BDCAA}" = Python 2.5 "{0A47BAFF-D4FF-4BD3-96CA-02A22EA62722}" = HP Active Support Library "{0D2E9DCB-9938-475E-B4DD-8851738852FF}" = AIO_Scan "{0D397393-9B50-4c52-84D5-77E344289F87}" = Roxio Creator Data "{11F93B4B-48F0-4A4E-AE77-DFA96A99664B}" = Roxio Creator EasyArchive "{14AF024E-2E3B-49D0-A175-D1C1A06B155A}" = muvee autoProducer 6.0 "{1746EA69-DCB6-4408-B5A5-E75F55439CDF}" = Scan "{179C56A4-F57F-4561-8BBF-F911D26EB435}" = WebReg "{18455581-E099-4BA8-BC6B-F34B2F06600C}" = Google Toolbar for Internet Explorer "{18D10072035C4515918F7E37EAFAACFC}" = AutoUpdate "{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 "{205C6BDD-7B73-42DE-8505-9A093F35A238}" = Windows Live-Uploadtool "{212748BB-0DA5-46DE-82A1-403736DC9F27}" = MSVC80_x86 "{22B775E7-6C42-4FC5-8E10-9A5E3257BD94}" = MSVCRT "{2318C2B1-4965-11d4-9B18-009027A5CD4F}" = Google Toolbar for Internet Explorer "{23DD8A17-65DB-4D49-A2E0-164C6F460E3F}" = Adobe Photoshop Lightroom 3 "{254C37AA-6B72-4300-84F6-98A82419187E}" = ActiveCheck component for HP Active Support Library "{2614F54E-A828-49FA-93BA-45A3F756BFAA}" = 32 Bit HP CIO Components Installer "{26A24AE4-039D-4CA4-87B4-2F83216011FF}" = Java(TM) 6 Update 21 "{27A7B2F0-49DD-11DD-8921-4CB256D89593}" = SuperHTML Web Studio (Testversion) "{2BA722D1-48D1-406E-9123-8AE5431D63EF}" = Windows Live Fotogalerie "{2EA870FA-585F-4187-903D-CB9FFD21E2E0}" = DHTML Editing Component "{2FA41EBB-3F5A-35C3-85D6-51EC72A11FBD}" = Google Gears "{3248F0A8-6813-11D6-A77B-00B0D0160010}" = Java(TM) SE Runtime Environment 6 Update 1 "{35E1EC43-D4FC-4E4A-AAB3-20DDA27E8BB0}" = Roxio Activation Module "{36FDBE6E-6684-462B-AE98-9A39A1B200CC}" = HP Product Assistant "{3921A67A-5AB1-4E48-9444-C71814CF3027}" = VCRedistSetup "{3B4E636E-9D65-4D67-BA61-189800823F52}" = Windows Live Communications Platform "{3C3901C5-3455-3E0A-A214-0B093A5070A6}" = Microsoft .NET Framework 4 Client Profile "{40F7AED3-0C7D-4582-99F6-484A515C73F2}" = HP Easy Setup - Frontend "{41E654A9-26D0-4EAC-854B-0FA824FFFABB}" = Windows Live Messenger "{4286E640-B5FB-11DF-AC4B-005056C00008}" = Google Earth "{49F2B650-2D7B-4F59-B33D-346F63776BD3}" = DocProc "{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater "{4CBA3D4C-8F51-4D60-B27E-F6B641C571E7}" = Microsoft Search Enhancement Pack "{4EA2F95F-A537-4d17-9E7F-6B3FF8D9BBE3}" = Microsoft Works "{52B97218-98CB-4B8B-9283-D213C85E1AA4}" = Windows Live Anmelde-Assistent "{56C049BE-79E9-4502-BEA7-9754A3E60F9B}" = neroxml "{574157B0-9D84-49d9-B08B-5296638BF5EE}" = 4300_Help "{5E6D6161-5509-4f55-9372-1E01792F843A}" = F300_Help "{5FC68772-6D56-41C6-9DF1-24E868198AE6}" = Windows Live Call "{5FCCD531-1B38-4A94-924C-127F722F1031}" = Nero 8 "{60DE4033-9503-48D1-A483-7846BD217CA9}" = ICQ6.5 "{619CDD8A-14B6-43a1-AB6C-0F4EE48CE048}" = Roxio Creator Copy "{6297F8EC-D821-4B33-B845-8A8D1A0DF472}" = Lightroom "{6675CA7F-E51B-4F6A-99D4-F8F0124C6EAA}" = Roxio Express Labeler 3 "{669D4A35-146B-4314-89F1-1AC3D7B88367}" = HPAsset component for HP Active Support Library "{66E6CE0C-5A1E-430C-B40A-0C90FF1804A8}" = eSupportQFolder "{67D3F1A0-A1F2-49b7-B9EE-011277B170****" = HPProductAssistant "{68A35043-C55A-4237-88C9-37EE1C63ED71}" = Microsoft Visual J# 2.0 Redistributable Package "{6956856F-B6B3-4BE0-BA0B-8F495BE32033}" = Apple Software Update "{69640730-B830-4C24-BB5C-222DA1260548}" = Turbo Lister 2 "{69FDFBB6-351D-4B8C-89D8-867DC9D0A2A4}" = Windows Media Player Firefox Plugin "{6AFCA4E1-9B78-3640-8F72-A7BF33448200}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729 "{6D3245B1-8DB8-4A23-9CD2-2C90F40ABAF6}" = MSVC80_x86_v2 "{6D3DB611-D5E8-4E4B-8952-0D3F549F9CC6}" = HP Active Support Library 32 bit components "{6F5E2F4A-377D-4700-B0E3-8F7F7507EA15}" = CustomerResearchQFolder "{70B7A167-0B88-445D-A3EA-97C73AA88CAC}" = Windows Live Toolbar "{7299052b-02a4-4627-81f2-1818da5d550d}" = Microsoft Visual C++ 2005 Redistributable "{73A43E42-3658-4DD9-8551-FACDA3632538}" = HP Advisor "{76618402-179D-4699-A66B-D351C59436BC}" = Windows Live Sync "{770657D0-A123-3C07-8E44-1C83EC895118}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053 "{7A7DC702-DEDE-42A8-8722-B3BA724D546F}" = Fax "{7A8BB0E8-42D8-4607-9BE1-CE789E42B98B}" = PBZ SmartCard Management 6.0 "{824D3839-DAA1-4315-A822-7AE3E620E528}" = VideoToolkit01 "{8389382B-53BA-4A87-8854-91E3D80A5AC7}" = HP Photosmart Essential2.01 "{83FFCFC7-88C6-41c6-8752-958A45325C82}" = Roxio Creator Audio "{867F5501-F8EF-4542-9D68-310A238A15FF}" = SLOW-PCfighter "{8686D4FE-62EF-46FB-B9FD-00679EB381FF}_is1" = Trojan Killer 2.0 "{87E2B986-07E8-477a-93DC-AF0B6758B192}" = DocProcQFolder "{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight "{8A74E887-8F0F-4017-AF53-CBA42211AAA5}" = Microsoft Sync Framework Runtime Native v1.0 (x86) "{8ADFC4160D694100B5B8A22DE9DCABD9}" = DivX Player "{8C13BEE4-E7CE-4E46-BD13-8F41DAD00FEF}" = SweetIM Toolbar for Internet Explorer 3.4 "{8C6027FD-53DC-446D-BB75-CACD7028A134}" = HP Update "{8D1E61D1-1395-4E97-997F-D002DB3A5074}" = OpenOffice.org 3.2 "{938B1CD7-7C60-491E-AA90-1F1888168240}" = Roxio MyDVD Basic v9 "{95120000-00B9-0409-0000-0000000FF1CE}" = Microsoft Application Error Reporting "{95D08F4E-DFC2-4ce3-ACB7-8C8E206217E9}" = MarketResearch "{978C25EE-5777-46e4-8988-732C297CBDBD}" = Status "{994223F3-A99B-4DDD-9E1D-0190A17C6860}" = Windows Live Family Safety "{9A4D182C-35C7-4791-8484-4304EBC9101A}" = Windows 7 Upgrade Advisor "{9B1FD9CE-0776-4f0b-A6F5-C6AB7B650CDF}" = Destinations "{9DBA770F-BF73-4D39-B1DF-6035D95268FC}" = HP Customer Feedback "{A2A0D7E5-BBD0-4948-B452-63A91354C12C}" = Nokia Software Updater "{A36CD345-625C-4d6c-B3E2-76E1248CB451}" = SolutionCenter "{A3B7C670-4A1E-4EE2-950E-C875BC1965D0}" = Copy "{A49F249F-0C91-497F-86DF-B2585E8E76B7}" = Microsoft Visual C++ 2005 Redistributable "{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper "{AA0FB0B5-D853-4F87-9261-A4BC7D503E0D}" = Microsoft Image Composite Editor "{AB5D51AE-EBC3-438D-872C-705C7C2084B0}" = DeviceManagementQFolder "{AB5E289E-76BF-4251-9F3F-9B763F681AE0}" = HP Customer Experience Enhancements "{AC76BA86-7AD7-1031-7B44-A91000000001}" = Adobe Reader 9.1.2 - Deutsch "{AF111648-99A1-453E-81DD-80DBBF6DAD0D}" = MSVC90_x86 "{B0B2407C-AA1A-4812-85DA-E833D5BC3E97}" = 4300 "{B13A7C41581B411290FBC0395694E2A9}" = DivX Converter "{B480BD2A-F1BA-4FE6-8C8E-34C6111B72C9}" = ElsterFormular 2007/2008 "{B7050CBDB2504B34BC2A9CA0A692CC29}" = DivX Web Player "{BBAAAD82-6242-420F-86D4-BD72BB5E6C86}" = Tools für Microsoft SQL Server 2005 Express Edition "{BD64AF4A-8C80-4152-AD77-FCDDF05208AB}" = Microsoft Sync Framework Services Native v1.0 (x86) "{BE77A81F-B315-4666-9BF3-AE70C0ADB057}" = BufferChm "{C4D738F7-996A-4C81-B8FA-C4E26D767E41}" = Windows Live Mail "{C716522C-3731-4667-8579-40B098294500}" = Toolbox "{C8B0680B-CDAE-4809-9F91-387B6DE00F7C}" = Roxio Creator Basic v9 "{C916D86C-AB76-49c7-B0E4-A946E0FD9BC2}" = HP Photosmart, Officejet, PSC and Deskjet All-In-One Driver Software 8.0.B "{CD95D125-2992-4858-B3EF-5F6FB52FBAD6}" = Skype Toolbars "{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1 "{CE86A0E7-818D-43EC-A181-59BA9BD3EF2E}" = LightScribe 1.8.13.1 "{D4AEC53C-1720-41D9-B6D7-6A60DE62D444}" = PC Connectivity Solution "{D642E38E-0D24-486C-9A2D-E316DD696F4B}" = Microsoft XML Parser "{E06F04B9-45E6-4AC0-8083-85F7515F40F7}" = UnloadSupport "{E09575B2-498D-4C8B-A9D2-623F78574F29}" = AIO_CDB_Software "{E0A4805D-280A-4DD7-9E74-3A5F85E302A1}" = Windows Live Writer "{E2DFE069-083E-4631-9B6C-43C48E991DE5}" = Junk Mail filter update "{E633D396-5188-4E9D-8F6B-BFB8BF3467E8}" = Skype™ 5.0 "{E7112940-5F8E-4918-B9FE-251F2F8DC81F}" = AIO_CDB_ProductContext "{EB21A812-671B-4D08-B974-2A347F0D8F70}" = HP Photosmart Essential "{EB75DE50-5754-4F6F-875D-126EDF8E4CB3}" = HPSSupply "{EBEAF45A-58C3-44c8-8714-87909EBD6BC2}" = 4300Trb "{EC87E256-B0A4-4A41-8682-AB57FF21196D}" = SweetIM for Messenger 2.7 "{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}" = Microsoft SQL Server 2005 Compact Edition [ENU] "{F0E12BBA-AD66-4022-A453-A1C8A0C4D570}" = Microsoft Choice Guard "{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver "{F1568757-E564-4cb5-8980-9333119A4384}" = F300 "{F46E21DF-5BE1-48E2-8390-5EEA8B25E36A}" = Microsoft SQL Server Native Client "{F6AC5364-2FB7-437a-811A-D645F22AA6AC}" = F300Trb "{F72E2DDC-3DB8-4190-A21D-63883D955FE7}" = PSSWCORE "{F750C986-5310-3A5A-95F8-4EC71C8AC01C}" = Microsoft .NET Framework 4 Client Profile DEU Language Pack "{F8FF18EE-264A-43FD-B2F6-5EAD40798C2F}" = Windows Live Essentials "{F958CA02-BB40-4007-894B-258729456EE4}" = QuickTime "{FDE96E86-7780-431C-92F7-679C6A7CEC51}" = Microsoft SQL Server VSS Writer "{FF075778-6E50-47ed-991D-3B07FD4E3250}" = TrayApp "504244733D18C8F63FF584AEB290E3904E791693" = Windows-Treiberpaket - Nokia pccsmcfd (08/22/2008 7.0.0.0) "9CD348AE9C64C4B939B624E8E24F3903EFDFC82B" = Windows-Treiberpaket - Nokia Modem (05/22/2008 7.00.0.1) "Adobe Acrobat 4.0" = Adobe Acrobat 4.0 "Adobe Flash Player ActiveX" = Adobe Flash Player ActiveX "Adobe Flash Player Plugin" = Adobe Flash Player 10 Plugin "Adobe PhotoDeluxe Home Edition 4.0" = Adobe PhotoDeluxe Home Edition 4.0 "AllDup_is1" = AllDup 3.2.22 "avast" = avast! Free Antivirus "C5A76DC11BABDA0A881E7BE8DDEB641365A77FFD" = Windows-Treiberpaket - Nokia Modem (05/22/2008 3.8) "CBF192A85B624E32B8D19ADEEF2DCFC5BC3AA73A" = Windows-Treiberpaket - Nokia Modem (03/05/2008 3.7) "Data Access Objects (DAO) 3.5" = Data Access Objects (DAO) 3.5 "E092B2EBF2FFE83E896F8F7F829A7B5D7D1B2F9D" = Windows-Treiberpaket - Nokia Modem (03/13/2008 6.86.0.1) "Einnahme-Überschussrechnung 2008_is1" = DATA BECKER Einnahme-Überschussrechnung 2008 "Einnahme-Überschussrechnung 2009_is1" = DATA BECKER Einnahme-Überschussrechnung 2009 "Einnahme-Überschussrechnung 2010_is1" = DATA BECKER Einnahme-Überschussrechnung 2010 "Einnahme-Überschussrechnung 2011_is1" = DATA BECKER Einnahme-Überschussrechnung 2011 "ElsterFormular für Unternehmer 12.0.0.5880u" = ElsterFormular für Unternehmer "GOM Player" = GOM Player "Google Chrome" = Google Chrome "Google Updater" = Google Updater "HDMI" = Intel(R) Graphics Media Accelerator Driver "HP Imaging Device Functions" = HP Imaging Device Functions 8.0 "HP Photosmart Essential" = HP Photosmart Essential 2.01 "HP Solution Center & Imaging Support Tools" = HP Solution Center 8.0 "HPExtendedCapabilities" = HP Customer Participation Program 8.0 "HPOCR" = HP OCR Software 8.0 "InfraRecorder" = InfraRecorder "InstallShield_{69640730-B830-4C24-BB5C-222DA1260548}" = Turbo Lister 2 "Kazoo Player" = Kazoo Player "LogoMaker_is1" = LogoMaker 2.0 "Microsoft .NET Framework 3.5 Language Pack SP1 - deu" = Microsoft .NET Framework 3.5 Language Pack SP1 - DEU "Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1 "Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile "Microsoft .NET Framework 4 Client Profile DEU Language Pack" = Microsoft .NET Framework 4 Client Profile DEU Language Pack "Microsoft SQL Server 2005" = Microsoft SQL Server 2005 "Microsoft Visual J# 2.0 Redistributable Package" = Microsoft Visual J# 2.0 Redistributable Package "Mobile Partner" = Mobile Partner "Mozilla Firefox 4.0 (x86 de)" = Mozilla Firefox 4.0 (x86 de) "Mozilla Thunderbird (2.0.0.14)" = Mozilla Thunderbird (2.0.0.14) "Nvu_is1" = Nvu 1.0 "OsdMaestro" = HP On-Screen Cap/Num/Scroll Lock Indicator "PanoramaStudio2Pro" = PanoramaStudio 2.0 Pro (deinstallieren) "PhotoScape" = PhotoScape "Picasa 3" = Picasa 3 "ProtectDisc Driver 10" = ProtectDisc Helper Driver 10 "ProtectDisc Driver 11" = ProtectDisc Driver, Version 11 "RDUETAPBN.RDUETAPBNToolbar" = IE Toolbar "RealPlayer 6.0" = RealPlayer "Rechnungsdruckerei 2008_is1" = DATA BECKER Rechnungsdruckerei 2008 "SKS Quittung 5.2_is1" = SKS Quittung 5.2 "SLOW-PCfighter" = SLOW-PCfighter "Supreme Auction_is1" = Supreme Auction "Visitenkarten-Druckerei Pro_is1" = DATA BECKER Visitenkarten-Druckerei Pro "web2date" = DATA BECKER web to date 5 "WinLiveSuite_Wave3" = Windows Live Essentials "WinRAR archiver" = WinRAR "Zoner Panorama Maker_is1" = Zoner Panorama Maker ========== HKEY_USERS Uninstall List ========== [HKEY_USERS\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall] "Protect Disc License Helper" = Protect Disc License Helper 1.0.125 (IE) ========== HKEY_USERS Uninstall List ========== [HKEY_USERS\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall] "Protect Disc License Helper" = Protect Disc License Helper 1.0.125 (IE) ========== Last 10 Event Log Errors ========== [ Application Events ] Error - 22.09.2009 06:36:55 | Computer Name = euroantik-PC | Source = Windows Search Service | ID = 3013 Description = Eintrag <C:\USERS\EUROANTIK\PICTURES\LIGHTROOM\LIGHTROOM CATALOG.LRCAT-JOURNAL> in der Hash-Zuordnung kann nicht aktualisiert werden. Kontext: Anwendung, SystemIndex Katalog Details: Ein an das System angeschlossenes Gerät funktioniert nicht. (0x8007001f) Error - 22.09.2009 06:37:41 | Computer Name = euroantik-PC | Source = Windows Search Service | ID = 3013 Description = Eintrag <C:\USERS\EUROANTIK\PICTURES\LIGHTROOM\LIGHTROOM CATALOG.LRCAT-JOURNAL> in der Hash-Zuordnung kann nicht aktualisiert werden. Kontext: Anwendung, SystemIndex Katalog Details: Ein an das System angeschlossenes Gerät funktioniert nicht. (0x8007001f) Error - 26.09.2009 06:38:05 | Computer Name = euroantik-PC | Source = Google Update | ID = 20 Description = Error - 29.09.2009 07:54:58 | Computer Name = euroantik-PC | Source = Windows Search Service | ID = 3013 Description = Eintrag <C:\USERS\EUROANTIK\PICTURES\LIGHTROOM\LIGHTROOM CATALOG.LRCAT-JOURNAL> in der Hash-Zuordnung kann nicht aktualisiert werden. Kontext: Anwendung, SystemIndex Katalog Details: Ein an das System angeschlossenes Gerät funktioniert nicht. (0x8007001f) Error - 29.09.2009 08:00:57 | Computer Name = euroantik-PC | Source = Windows Search Service | ID = 3013 Description = Eintrag <C:\USERS\EUROANTIK\PICTURES\LIGHTROOM\LIGHTROOM CATALOG.LRCAT-JOURNAL> in der Hash-Zuordnung kann nicht aktualisiert werden. Kontext: Anwendung, SystemIndex Katalog Details: Ein an das System angeschlossenes Gerät funktioniert nicht. (0x8007001f) Error - 29.09.2009 13:08:29 | Computer Name = euroantik-PC | Source = Windows Search Service | ID = 3013 Description = Eintrag <C:\USERS\EUROANTIK\PICTURES\LIGHTROOM\LIGHTROOM CATALOG.LRCAT-JOURNAL> in der Hash-Zuordnung kann nicht aktualisiert werden. Kontext: Anwendung, SystemIndex Katalog Details: Ein an das System angeschlossenes Gerät funktioniert nicht. (0x8007001f) Error - 29.09.2009 13:14:19 | Computer Name = euroantik-PC | Source = Windows Search Service | ID = 3013 Description = Eintrag <C:\USERS\EUROANTIK\PICTURES\LIGHTROOM\LIGHTROOM CATALOG.LRCAT-JOURNAL> in der Hash-Zuordnung kann nicht aktualisiert werden. Kontext: Anwendung, SystemIndex Katalog Details: Ein an das System angeschlossenes Gerät funktioniert nicht. (0x8007001f) Error - 29.09.2009 13:16:39 | Computer Name = euroantik-PC | Source = Windows Search Service | ID = 3013 Description = Eintrag <C:\USERS\EUROANTIK\PICTURES\LIGHTROOM\LIGHTROOM CATALOG.LRCAT-JOURNAL> in der Hash-Zuordnung kann nicht aktualisiert werden. Kontext: Anwendung, SystemIndex Katalog Details: Ein an das System angeschlossenes Gerät funktioniert nicht. (0x8007001f) Error - 29.09.2009 13:17:20 | Computer Name = euroantik-PC | Source = Windows Search Service | ID = 3013 Description = Eintrag <C:\USERS\EUROANTIK\PICTURES\LIGHTROOM\LIGHTROOM CATALOG.LRCAT-JOURNAL> in der Hash-Zuordnung kann nicht aktualisiert werden. Kontext: Anwendung, SystemIndex Katalog Details: Ein an das System angeschlossenes Gerät funktioniert nicht. (0x8007001f) Error - 30.09.2009 03:10:00 | Computer Name = euroantik-PC | Source = Application Error | ID = 1000 Description = Fehlerhafte Anwendung Skype.exe, Version 4.1.0.141, Zeitstempel 0x4a5efe8f, fehlerhaftes Modul Skype.exe, Version 4.1.0.141, Zeitstempel 0x4a5efe8f, Ausnahmecode 0xc0000005, Fehleroffset 0x00803dba, Prozess-ID 0xf6c, Anwendungsstartzeit 01ca4195cae21595. [ System Events ] Error - 22.04.2011 10:14:23 | Computer Name = euroantik-PC | Source = NETLOGON | ID = 3095 Description = Dieser Computer ist als Mitglied einer Arbeitsgruppe konfiguriert, nicht als Mitglied einer Domäne. Der Anmeldedienst braucht bei dieser Konfiguration nicht gestartet zu sein. Error - 22.04.2011 11:04:28 | Computer Name = euroantik-PC | Source = NETLOGON | ID = 3095 Description = Dieser Computer ist als Mitglied einer Arbeitsgruppe konfiguriert, nicht als Mitglied einer Domäne. Der Anmeldedienst braucht bei dieser Konfiguration nicht gestartet zu sein. Error - 22.04.2011 14:14:37 | Computer Name = euroantik-PC | Source = Print | ID = 19 Description = Der Druckspooler konnte den Drucker PDFCreator nicht unter dem Namen PDFCreator freigeben. Fehler: 2114. Der Drucker kann nicht von anderen Benutzern im Netzwerk verwendet werden. Error - 22.04.2011 14:14:37 | Computer Name = euroantik-PC | Source = Print | ID = 19 Description = Der Druckspooler konnte den Drucker HP Officejet 4300 Series (Kopie 1) nicht unter dem Namen HP Officejet 4300 Series (Kopie 1) freigeben. Fehler: 2114. Der Drucker kann nicht von anderen Benutzern im Netzwerk verwendet werden. Error - 22.04.2011 14:14:37 | Computer Name = euroantik-PC | Source = Print | ID = 19 Description = Der Druckspooler konnte den Drucker HP Officejet 4300 Series nicht unter dem Namen HP Officejet 4300 Series freigeben. Fehler: 2114. Der Drucker kann nicht von anderen Benutzern im Netzwerk verwendet werden. Error - 22.04.2011 14:14:42 | Computer Name = euroantik-PC | Source = NETLOGON | ID = 3095 Description = Dieser Computer ist als Mitglied einer Arbeitsgruppe konfiguriert, nicht als Mitglied einer Domäne. Der Anmeldedienst braucht bei dieser Konfiguration nicht gestartet zu sein. Error - 22.04.2011 15:12:38 | Computer Name = euroantik-PC | Source = Print | ID = 19 Description = Der Druckspooler konnte den Drucker PDFCreator nicht unter dem Namen PDFCreator freigeben. Fehler: 2114. Der Drucker kann nicht von anderen Benutzern im Netzwerk verwendet werden. Error - 22.04.2011 15:12:42 | Computer Name = euroantik-PC | Source = NETLOGON | ID = 3095 Description = Dieser Computer ist als Mitglied einer Arbeitsgruppe konfiguriert, nicht als Mitglied einer Domäne. Der Anmeldedienst braucht bei dieser Konfiguration nicht gestartet zu sein. Error - 24.04.2011 04:42:22 | Computer Name = euroantik-PC | Source = NETLOGON | ID = 3095 Description = Dieser Computer ist als Mitglied einer Arbeitsgruppe konfiguriert, nicht als Mitglied einer Domäne. Der Anmeldedienst braucht bei dieser Konfiguration nicht gestartet zu sein. Error - 25.04.2011 03:28:59 | Computer Name = euroantik-PC | Source = NETLOGON | ID = 3095 Description = Dieser Computer ist als Mitglied einer Arbeitsgruppe konfiguriert, nicht als Mitglied einer Domäne. Der Anmeldedienst braucht bei dieser Konfiguration nicht gestartet zu sein. < End of report > |
|
|
|
25.04.2011, 14:27
|
#7 (Direktlink) |
|
Super-Moderator
Registriert seit: 08.02.2010
Beiträge: 1.728
|
Hallo,
es sieht so aus als ob es sich bei dir um den Trojaner TR/Kazy.mekml. handelt. Sind Datein bei dir verschwunden? Schritt 1 OTL Fixen Starte die OTL.exe und kopiere folgenden Text in die "Custom Scan/Fixes" Box (unten in OTL; ohne das Wort Code: ) Code:
:OTL :Files C:\ProgramData\~40886024 C:\ProgramData\~40886024r C:\ProgramData\40886024 :Commands [purity] [EMPTYFLASH] [emptytemp] [resethosts] [Reboot] Nach dem Fixen öffnet sich ein neues OTL Logfile. Dieses bitte hier posten. Dein Pc wird nach dem Fixen neugestartet.
__________________
Gruß Leo
|
|
|
|
|
25.04.2011, 21:36
|
#8 (Direktlink) |
|
Gast
Beiträge: n/a
|
Hallo Leo
Hier ist die ergebenes All processes killed ========== OTL ========== ========== FILES ========== File\Folder C:\ProgramData\~40886024 not found. File\Folder C:\ProgramData\~40886024r not found. File\Folder C:\ProgramData\40886024 not found. ========== COMMANDS ========== [EMPTYFLASH] User: All Users User: Default User: Default User User: euroantik ->Flash cache emptied: 566 bytes User: Gast User: Gast.euroantik-PC ->Flash cache emptied: 0 bytes User: Public Total Flash Files Cleaned = 0,00 mb [EMPTYTEMP] User: All Users User: Default ->Temp folder emptied: 0 bytes ->Temporary Internet Files folder emptied: 0 bytes User: Default User ->Temp folder emptied: 0 bytes ->Temporary Internet Files folder emptied: 0 bytes User: euroantik ->Temp folder emptied: 550395168 bytes ->Temporary Internet Files folder emptied: 260420573 bytes ->Java cache emptied: 16729888 bytes ->FireFox cache emptied: 60269537 bytes ->Google Chrome cache emptied: 6182947 bytes ->Flash cache emptied: 0 bytes User: Gast ->Temp folder emptied: 0 bytes ->Temporary Internet Files folder emptied: 32768 bytes User: Gast.euroantik-PC ->Temp folder emptied: 256008 bytes ->Temporary Internet Files folder emptied: 3536661 bytes ->Google Chrome cache emptied: 200963379 bytes ->Flash cache emptied: 0 bytes User: Public %systemdrive% .tmp files removed: 0 bytes %systemroot% .tmp files removed: 0 bytes %systemroot%\System32 .tmp files removed: 0 bytes %systemroot%\System32\drivers .tmp files removed: 0 bytes Windows Temp folder emptied: 214194199 bytes RecycleBin emptied: 593025075 bytes Total Files Cleaned = 1.818,00 mb C:\Windows\System32\drivers\etc\Hosts moved successfully. HOSTS file reset successfully OTL by OldTimer - Version 3.2.22.3 log created on 04252011_212912 Files\Folders moved on Reboot... File move failed. C:\Windows\temp\_avast_\Webshlock.txt scheduled to be moved on reboot. Registry entries deleted on Reboot... glg. Marko |
|
|
|
26.04.2011, 11:33
|
#9 (Direktlink) |
|
Super-Moderator
Registriert seit: 15.02.2009
Beiträge: 10.786
|
Ich will mir da auch noch was ansehen.
Mache bitte das hier:
__________________
______________ Bitte Schnelltest durchführen: Neuer Virus, ahnungslose User seit Monaten infiziert! Mfg AHT |
|
|
|
|
|
27.04.2011, 08:42
|
#11 (Direktlink) |
|
Erfolgreich angemeldet
 Registriert seit: 24.04.2011
Beiträge: 10
|
Hallo Admin,
warum dauert das so lange das mein Antwort hier erscheint???  lg. |
|
|
|
|
27.04.2011, 08:44
|
#12 (Direktlink) |
|
Erfolgreich angemeldet
Registriert seit: 24.04.2011
Beiträge: 10
|
Ach so
ich bin der "unregistrierte" kann ich jetzt was machen das meine Antwort schneller ins Netz kommt? |
|
|
|
|
27.04.2011, 08:50
|
#13 (Direktlink) |
|
Erfolgreich angemeldet
Registriert seit: 24.04.2011
Beiträge: 10
|
[QUOTE=AHT;853113]Ich will mir da auch noch was ansehen.
Mache bitte das hier:
File-Upload.net - Drivers.txt File-Upload.net - Eventlog.txt File-Upload.net - Files.txt File-Upload.net - Firewall.txt File-Upload.net - Hidden.txt File-Upload.net - MD5.txt File-Upload.net - Modules.txt File-Upload.net - ppFiles.txt File-Upload.net - ppRegistry.txt File-Upload.net - Processes.txt File-Upload.net - Scripting.txt File-Upload.net - Services.txt File-Upload.net - Warnings.txt |
|
|
|
|
27.04.2011, 09:53
|
#14 (Direktlink) |
|
Super-Moderator
Registriert seit: 08.02.2010
Beiträge: 1.728
|
Wenn du angemeldet bist erscheinen die Antworten sofort. Wenn du als Gast (Unregistriert) hier etwas schreibst wird der Beitrag erst durch einen Moderator überprüft und dann frei gegeben.
Die Auswertung von den PPFscanner wollte AHT übernehmen. Bitte habe etwas geduld.
__________________
Gruß Leo
|
|
|
|
|
27.04.2011, 10:01
|
#15 (Direktlink) |
|
Erfolgreich angemeldet
Registriert seit: 24.04.2011
Beiträge: 10
|
Danke Leo....
|
|
|
|
|
|
|
| Lesezeichen |
| Themen-Optionen | |
| Ansicht | |
|
|
Forum
Empfohlen: 
Linear-Darstellung
