Home » Viren, Trojaner & Malware Forum » firefox selbsttändig / winaha32.rom nicht gefunden/ keylogger? » Themenansicht

Firefox Tipp: Instantfox - Quick Search Add-On!

Seite(n): 1

Antworten

firefox selbsttändig / winaha32.rom nicht gefunden/ keylogger?

27.08.2010, 17:06

jomandima92

...neu hier

Beiträge: 4

#1 Hallo,
ich habe eine Vermutung, dass ich einen Rootkit mit verschiedenenvon ihm gedeckten malwares oder Trojanern auf meinem Rechner habe.
meine probleme sind hauptsächlich, dass Firefox sich selbständig macht - spricht er maxcht von alleine irgendwelche russischen Seiten auf und man kann bei google auch oftmals gar keine Links anklicken, weil er mal weider statt des richtigen Links irgendwelche mir unbekannten Seiten probiert aufzurufen.

Beim Start vom Windows 7 kommt auch noch zusätzlich die Fehlermeldung, dass winaha32.rom nicht gefunden wurde.

Mein Onboard Virusscanner - Antivir Personal 9 findet keine Viren und ich habe es schon mit der Boot CD davon probiert, jedoch findet diese zwar 22 Viren/Warnungen, jedoch kann sie diese nicht desinfizieren doer in Quarantätene verschieben - löschen habe ich noch nicht probiert!

Nun hier die Logfiles von Oldtimer :

Code

OTL logfile created on: 22.08.2010 13:24:11 - Run 1
OTL by OldTimer - Version 3.2.10.0     Folder = D:\Users\Dima\Downloads
 Ultimate Edition  (Version = 6.1.7600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.7600.16385)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
 
2,00 Gb Total Physical Memory | 1,00 Gb Available Physical Memory | 62,00% Memory free
4,00 Gb Paging File | 3,00 Gb Available in Paging File | 73,00% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
 
%SystemDrive% = D: | %SystemRoot% = D:\Windows | %ProgramFiles% = D:\Program Files
Drive C: | 377,27 Gb Total Space | 9,06 Gb Free Space | 2,40% Space Free | Partition Type: NTFS
Drive D: | 31,68 Gb Total Space | 1,88 Gb Free Space | 5,95% Space Free | Partition Type: NTFS
E: Drive not present or media not loaded
F: Drive not present or media not loaded
G: Drive not present or media not loaded
H: Drive not present or media not loaded
Drive I: | 48,83 Gb Total Space | 6,87 Gb Free Space | 14,06% Space Free | Partition Type: NTFS
Drive J: | 7,98 Gb Total Space | 1,01 Gb Free Space | 12,64% Space Free | Partition Type: NTFS
 
Computer Name: DIMA-PC
Current User Name: Dima
Logged in as Administrator.
 
Current Boot Mode: Normal
Scan Mode: Current user
Company Name Whitelist: Off
Skip Microsoft Files: Off
File Age = 30 Days
Output = Minimal
 
[color=#E56717]========== Processes (SafeList) ==========[/color]
 
PRC - D:\Users\Dima\Downloads\OTL.exe (OldTimer Tools)
PRC - D:\Users\Dima\AppData\Local\Google\Chrome\Application\chrome.exe (Google Inc.)
PRC - D:\Programme\Mozilla Thunderbird\thunderbird.exe (Mozilla Messaging)
PRC - D:\Programme\Browser\Mozilla Firefox\firefox.exe (Mozilla Corporation)
PRC - D:\Programme\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe (Apple Inc.)
PRC - C:\Program Files\S.A.D\CyberGhost VPN\CGVPNCliService.exe (mobile concepts GmbH)
PRC - D:\Programme\Avira\AntiVir Desktop\avguard.exe (Avira GmbH)
PRC - D:\Programme\LogMeIn Hamachi\hamachi-2.exe (LogMeIn Inc.)
PRC - D:\Programme\Avira\AntiVir Desktop\avgnt.exe (Avira GmbH)
PRC - D:\Programme\Avira\AntiVir Desktop\sched.exe (Avira GmbH)
PRC - D:\Users\Dima\AppData\Roaming\QipGuard\QipGuard.exe ()
PRC - D:\Programme\Avira\AntiVir Desktop\avshadow.exe (Avira GmbH)
PRC - D:\Programme\Application Updater\ApplicationUpdater.exe (Spigot, Inc.)
PRC - D:\Windows\explorer.exe (Microsoft Corporation)
PRC - D:\Programme\Windows Media Player\wmpnetwk.exe (Microsoft Corporation)
PRC - D:\Windows\System32\taskhost.exe (Microsoft Corporation)
PRC - D:\Programme\Windows Sidebar\sidebar.exe (Microsoft Corporation)
PRC - d:\Programme\Windows Defender\MpCmdRun.exe (Microsoft Corporation)
PRC - D:\Windows\System32\conhost.exe (Microsoft Corporation)
PRC - D:\Programme\Common Files\Nero\Nero BackItUp 4\NBService.exe (Nero AG)
PRC - D:\ProgramData\EPSON\EPW!3 SSRP\E_S40RP7.EXE (SEIKO EPSON CORPORATION)
 
 
[color=#E56717]========== Modules (SafeList) ==========[/color]
 
MOD - D:\Users\Dima\Downloads\OTL.exe (OldTimer Tools)
MOD - D:\Windows\System32\vksaver.dll (AudioVkontakte.Ru)
MOD - D:\Windows\System32\sspicli.dll (Microsoft Corporation)
MOD - D:\Windows\System32\sechost.dll (Microsoft Corporation)
MOD - D:\Windows\System32\samcli.dll (Microsoft Corporation)
MOD - D:\Windows\System32\profapi.dll (Microsoft Corporation)
MOD - D:\Windows\System32\netutils.dll (Microsoft Corporation)
MOD - D:\Windows\System32\KernelBase.dll (Microsoft Corporation)
MOD - D:\Windows\System32\dwmapi.dll (Microsoft Corporation)
MOD - D:\Windows\System32\devobj.dll (Microsoft Corporation)
MOD - D:\Windows\System32\cryptbase.dll (Microsoft Corporation)
MOD - D:\Windows\System32\cfgmgr32.dll (Microsoft Corporation)
MOD - D:\Windows\System32\msscript.ocx (Microsoft Corporation)
MOD - D:\Windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7600.16385_none_421189da2b7fabfc\comctl32.dll (Microsoft Corporation)
 
 
[color=#E56717]========== Win32 Services (SafeList) ==========[/color]
 
SRV - (Bonjour Service) -- D:\Program Files\Bonjour\mDNSResponder.exe File not found
SRV - (AODService) -- D:\Programme\AMD\OverDrive\AODAssist.exe ()
SRV - (Apple Mobile Device) -- D:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe (Apple Inc.)
SRV - (CGVPNCliSrvc) -- C:\Program Files\S.A.D\CyberGhost VPN\CGVPNCliService.exe (mobile concepts GmbH)
SRV - (AntiVirService) -- D:\Program Files\Avira\AntiVir Desktop\avguard.exe (Avira GmbH)
SRV - (ICQ Service) -- D:\Programme\ICQ6Toolbar\ICQ Service.exe ()
SRV - (Hamachi2Svc) -- D:\Program Files\LogMeIn Hamachi\hamachi-2.exe (LogMeIn Inc.)
SRV - (AntiVirSchedulerService) -- D:\Program Files\Avira\AntiVir Desktop\sched.exe (Avira GmbH)
SRV - (FLEXnet Licensing Service) -- D:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe (Acresso Software Inc.)
SRV - (Steam Client Service) -- D:\Program Files\Common Files\Steam\SteamService.exe (Valve Corporation)
SRV - (Application Updater) -- D:\Program Files\Application Updater\ApplicationUpdater.exe (Spigot, Inc.)
SRV - (Microsoft SharePoint Workspace Audit Service) -- D:\Program Files\Microsoft Office\Office14\GROOVE.EXE (Microsoft Corporation)
SRV - (osppsvc) -- D:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE (Microsoft Corporation)
SRV - (DfSdkS) -- D:\Program Files\Ashampoo\Ashampoo WinOptimizer 2010 CBE\Dfsdks.exe (mst software GmbH, Germany)
SRV - (WwanSvc) -- D:\Windows\System32\wwansvc.dll (Microsoft Corporation)
SRV - (WbioSrvc) -- D:\Windows\System32\wbiosrvc.dll (Microsoft Corporation)
SRV - (Power) -- D:\Windows\System32\umpo.dll (Microsoft Corporation)
SRV - (Themes) -- D:\Windows\System32\themeservice.dll (Microsoft Corporation)
SRV - (sppuinotify) -- D:\Windows\System32\sppuinotify.dll (Microsoft Corporation)
SRV - (RpcEptMapper) -- D:\Windows\System32\RpcEpMap.dll (Microsoft Corporation)
SRV - (SensrSvc) -- D:\Windows\System32\sensrsvc.dll (Microsoft Corporation)
SRV - (PeerDistSvc) -- D:\Windows\System32\PeerDistSvc.dll (Microsoft Corporation)
SRV - (PNRPsvc) -- D:\Windows\System32\pnrpsvc.dll (Microsoft Corporation)
SRV - (p2pimsvc) -- D:\Windows\System32\pnrpsvc.dll (Microsoft Corporation)
SRV - (HomeGroupProvider) -- D:\Windows\System32\provsvc.dll (Microsoft Corporation)
SRV - (PNRPAutoReg) -- D:\Windows\System32\pnrpauto.dll (Microsoft Corporation)
SRV - (WinDefend) -- D:\Programme\Windows Defender\MpSvc.dll (Microsoft Corporation)
SRV - (HomeGroupListener) -- D:\Windows\System32\ListSvc.dll (Microsoft Corporation)
SRV - (FontCache) -- D:\Windows\System32\FntCache.dll (Microsoft Corporation)
SRV - (Dhcp) -- D:\Windows\System32\dhcpcore.dll (Microsoft Corporation)
SRV - (defragsvc) -- D:\Windows\System32\defragsvc.dll (Microsoft Corporation)
SRV - (BDESVC) -- D:\Windows\System32\bdesvc.dll (Microsoft Corporation)
SRV - (AxInstSV) ActiveX-Installer (AxInstSV) -- D:\Windows\System32\AxInstSv.dll (Microsoft Corporation)
SRV - (AppIDSvc) -- D:\Windows\System32\appidsvc.dll (Microsoft Corporation)
SRV - (sppsvc) -- D:\Windows\System32\sppsvc.exe (Microsoft Corporation)
SRV - (Nero BackItUp Scheduler 4.0) -- D:\Programme\Common Files\Nero\Nero BackItUp 4\NBService.exe (Nero AG)
SRV - (WcesComm) -- D:\Windows\WindowsMobile\wcescomm.dll (Microsoft Corporation)
SRV - (RapiMgr) -- D:\Windows\WindowsMobile\rapimgr.dll (Microsoft Corporation)
SRV - (EPSON_PM_RPCV4_01) EPSON V3 Service4(01) -- D:\ProgramData\EPSON\EPW!3 SSRP\E_S40RP7.EXE (SEIKO EPSON CORPORATION)
 
 
[color=#E56717]========== Driver Services (SafeList) ==========[/color]
 
DRV - (XDva349) -- D:\Windows\System32\XDva349.sys File not found
DRV - (EagleNT) -- D:\Windows\System32\drivers\EagleNT.sys File not found
DRV - (cpuz134) -- D:\Windows\System32\drivers\cpuz134_x32.sys (Windows (R) Win 7 DDK provider)
DRV - (SPLITCAM) -- D:\Windows\System32\drivers\splitcam.sys (LoteSoft Co.)
DRV - (vmm) -- D:\Windows\System32\drivers\VMM.sys (Microsoft Corporation)
DRV - (sptd) -- D:\Windows\System32\Drivers\sptd.sys ()
DRV - (IntcAzAudAddService) Service for Realtek HD Audio (WDM) -- D:\Windows\System32\drivers\RTKVHDA.sys (Realtek Semiconductor Corp.)
DRV - (avipbb) -- D:\Windows\System32\drivers\avipbb.sys (Avira GmbH)
DRV - (tap0901) -- D:\Windows\System32\drivers\tap0901.sys (The OpenVPN Project)
DRV - (avgntflt) -- D:\Windows\System32\drivers\avgntflt.sys (Avira GmbH)
DRV - (KSecPkg) -- D:\Windows\System32\Drivers\ksecpkg.sys (Microsoft Corporation)
DRV - (athr) -- D:\Windows\System32\drivers\athr.sys (Atheros Communications, Inc.)
DRV - (LgBttPort) -- D:\Windows\System32\drivers\lgbtport.sys (LG Electronics Inc.)
DRV - (lgbusenum) -- D:\Windows\System32\drivers\lgbtbus.sys (LG Electronics Inc.)
DRV - (hamachi) -- D:\Windows\System32\drivers\hamachi.sys (LogMeIn, Inc.)
DRV - (cmdide) -- D:\Windows\system32\DRIVERS\cmdide.sys (CMD Technology, Inc.)
DRV - (adpahci) -- D:\Windows\system32\DRIVERS\adpahci.sys (Adaptec, Inc.)
DRV - (adp94xx) -- D:\Windows\system32\DRIVERS\adp94xx.sys (Adaptec, Inc.)
DRV - (amdsbs) -- D:\Windows\system32\DRIVERS\amdsbs.sys (AMD Technologies Inc.)
DRV - (adpu320) -- D:\Windows\system32\DRIVERS\adpu320.sys (Adaptec, Inc.)
DRV - (arcsas) -- D:\Windows\system32\DRIVERS\arcsas.sys (Adaptec, Inc.)
DRV - (amdsata) -- D:\Windows\system32\DRIVERS\amdsata.sys (Advanced Micro Devices)
DRV - (arc) -- D:\Windows\system32\DRIVERS\arc.sys (Adaptec, Inc.)
DRV - (amdxata) -- D:\Windows\system32\DRIVERS\amdxata.sys (Advanced Micro Devices)
DRV - (aliide) -- D:\Windows\system32\DRIVERS\aliide.sys (Acer Laboratories Inc.)
DRV - (nvstor) -- D:\Windows\system32\DRIVERS\nvstor.sys (NVIDIA Corporation)
DRV - (nvraid) -- D:\Windows\system32\DRIVERS\nvraid.sys (NVIDIA Corporation)
DRV - (nfrd960) -- D:\Windows\system32\DRIVERS\nfrd960.sys (IBM Corporation)
DRV - (LSI_SAS) -- D:\Windows\system32\DRIVERS\lsi_sas.sys (LSI Corporation)
DRV - (iaStorV) -- D:\Windows\system32\DRIVERS\iaStorV.sys (Intel Corporation)
DRV - (MegaSR) -- D:\Windows\system32\DRIVERS\MegaSR.sys (LSI Corporation, Inc.)
DRV - (LSI_SCSI) -- D:\Windows\system32\DRIVERS\lsi_scsi.sys (LSI Corporation)
DRV - (LSI_FC) -- D:\Windows\system32\DRIVERS\lsi_fc.sys (LSI Corporation)
DRV - (LSI_SAS2) -- D:\Windows\system32\DRIVERS\lsi_sas2.sys (LSI Corporation)
DRV - (iirsp) -- D:\Windows\system32\DRIVERS\iirsp.sys (Intel Corp./ICP vortex GmbH)
DRV - (megasas) -- D:\Windows\system32\DRIVERS\megasas.sys (LSI Corporation)
DRV - (hwpolicy) -- D:\Windows\System32\drivers\hwpolicy.sys (Microsoft Corporation)
DRV - (elxstor) -- D:\Windows\system32\DRIVERS\elxstor.sys (Emulex)
DRV - (aic78xx) -- D:\Windows\system32\DRIVERS\djsvs.sys (Adaptec, Inc.)
DRV - (HpSAMD) -- D:\Windows\system32\DRIVERS\HpSAMD.sys (Hewlett-Packard Company)
DRV - (FsDepends) -- D:\Windows\System32\drivers\fsdepends.sys (Microsoft Corporation)
DRV - (vsmraid) -- D:\Windows\system32\DRIVERS\vsmraid.sys (VIA Technologies Inc.,Ltd)
DRV - (vmbus) -- D:\Windows\system32\DRIVERS\vmbus.sys (Microsoft Corporation)
DRV - (vhdmp) -- D:\Windows\system32\DRIVERS\vhdmp.sys (Microsoft Corporation)
DRV - (storflt) -- D:\Windows\system32\DRIVERS\vmstorfl.sys (Microsoft Corporation)
DRV - (vdrvroot) -- D:\Windows\system32\DRIVERS\vdrvroot.sys (Microsoft Corporation)
DRV - (storvsc) -- D:\Windows\system32\DRIVERS\storvsc.sys (Microsoft Corporation)
DRV - (WIMMount) -- D:\Windows\System32\drivers\wimmount.sys (Microsoft Corporation)
DRV - (viaide) -- D:\Windows\system32\DRIVERS\viaide.sys (VIA Technologies, Inc.)
DRV - (ql2300) -- D:\Windows\system32\DRIVERS\ql2300.sys (QLogic Corporation)
DRV - (rdyboost) -- D:\Windows\System32\drivers\rdyboost.sys (Microsoft Corporation)
DRV - (ql40xx) -- D:\Windows\system32\DRIVERS\ql40xx.sys (QLogic Corporation)
DRV - (SiSRaid4) -- D:\Windows\system32\DRIVERS\sisraid4.sys (Silicon Integrated Systems)
DRV - (pcw) -- D:\Windows\System32\drivers\pcw.sys (Microsoft Corporation)
DRV - (SiSRaid2) -- D:\Windows\system32\DRIVERS\SiSRaid2.sys (Silicon Integrated Systems Corp.)
DRV - (stexstor) -- D:\Windows\system32\DRIVERS\stexstor.sys (Promise Technology)
DRV - (CNG) -- D:\Windows\System32\Drivers\cng.sys (Microsoft Corporation)
DRV - (Brserid) Brother MFC Serial Port Interface Driver (WDM) -- D:\Windows\System32\Drivers\Brserid.sys (Brother Industries Ltd.)
DRV - (rdpbus) -- D:\Windows\System32\drivers\rdpbus.sys (Microsoft Corporation)
DRV - (RDPREFMP) -- D:\Windows\System32\drivers\RDPREFMP.sys (Microsoft Corporation)
DRV - (RasAgileVpn) WAN Miniport (IKEv2) -- D:\Windows\System32\drivers\agilevpn.sys (Microsoft Corporation)
DRV - (WfpLwf) -- D:\Windows\System32\drivers\wfplwf.sys (Microsoft Corporation)
DRV - (NdisCap) -- D:\Windows\System32\drivers\ndiscap.sys (Microsoft Corporation)
DRV - (vwififlt) -- D:\Windows\System32\drivers\vwififlt.sys (Microsoft Corporation)
DRV - (vwifibus) -- D:\Windows\System32\drivers\vwifibus.sys (Microsoft Corporation)
DRV - (1394ohci) -- D:\Windows\System32\drivers\1394ohci.sys (Microsoft Corporation)
DRV - (UmPass) -- D:\Windows\system32\DRIVERS\umpass.sys (Microsoft Corporation)
DRV - (WinUsb) -- D:\Windows\System32\drivers\winusb.sys (Microsoft Corporation)
DRV - (mshidkmdf) -- D:\Windows\System32\drivers\mshidkmdf.sys (Microsoft Corporation)
DRV - (MTConfig) -- D:\Windows\system32\DRIVERS\MTConfig.sys (Microsoft Corporation)
DRV - (CompositeBus) -- D:\Windows\System32\drivers\CompositeBus.sys (Microsoft Corporation)
DRV - (AppID) -- D:\Windows\system32\drivers\appid.sys (Microsoft Corporation)
DRV - (scfilter) -- D:\Windows\System32\drivers\scfilter.sys (Microsoft Corporation)
DRV - (s3cap) -- D:\Windows\system32\DRIVERS\vms3cap.sys (Microsoft Corporation)
DRV - (VMBusHID) -- D:\Windows\system32\DRIVERS\VMBusHID.sys (Microsoft Corporation)
DRV - (discache) -- D:\Windows\System32\drivers\discache.sys (Microsoft Corporation)
DRV - (HidBatt) -- D:\Windows\system32\DRIVERS\HidBatt.sys (Microsoft Corporation)
DRV - (AcpiPmi) -- D:\Windows\system32\DRIVERS\acpipmi.sys (Microsoft Corporation)
DRV - (AmdPPM) -- D:\Windows\system32\DRIVERS\amdppm.sys (Microsoft Corporation)
DRV - (Ph3xIB32) -- D:\Windows\System32\drivers\Ph3xIB32.sys (NXP Semiconductors)
DRV - (hcw85cir) -- D:\Windows\system32\drivers\hcw85cir.sys (Hauppauge Computer Works, Inc.)
DRV - (BrUsbMdm) -- D:\Windows\System32\Drivers\BrUsbMdm.sys (Brother Industries Ltd.)
DRV - (BrUsbSer) -- D:\Windows\System32\Drivers\BrUsbSer.sys (Brother Industries Ltd.)
DRV - (BrSerWdm) -- D:\Windows\System32\Drivers\BrSerWdm.sys (Brother Industries Ltd.)
DRV - (BrFiltLo) -- D:\Windows\system32\DRIVERS\BrFiltLo.sys (Brother Industries, Ltd.)
DRV - (BrFiltUp) -- D:\Windows\system32\DRIVERS\BrFiltUp.sys (Brother Industries, Ltd.)
DRV - (NVENETFD) -- D:\Windows\System32\drivers\nvm62x32.sys (NVIDIA Corporation)
DRV - (b57nd60x) -- D:\Windows\System32\drivers\b57nd60x.sys (Broadcom Corporation)
DRV - (ebdrv) -- D:\Windows\system32\DRIVERS\evbdx.sys (Broadcom Corporation)
DRV - (b06bdrv) -- D:\Windows\system32\DRIVERS\bxvbdx.sys (Broadcom Corporation)
DRV - (nvlddmkm) -- D:\Windows\System32\drivers\nvlddmkm.sys (NVIDIA Corporation)
DRV - (FlashUSB) -- D:\Windows\System32\drivers\FlashUsb.sys (Danish Wireless Design A/S)
DRV - (ssmdrv) -- D:\Windows\System32\drivers\ssmdrv.sys (Avira GmbH)
DRV - (USBModem) -- D:\Windows\System32\drivers\lgusbmodem.sys (LG Electronics Inc.)
DRV - (UsbDiag) -- D:\Windows\System32\drivers\lgusbdiag.sys (LG Electronics Inc.)
DRV - (usbbus) -- D:\Windows\System32\drivers\lgusbbus.sys (LG Electronics Inc.)
DRV - (adfs) -- D:\Windows\System32\drivers\adfs.sys (Adobe Systems, Inc.)
DRV - (ManyCam) -- D:\Windows\System32\drivers\ManyCam.sys (ManyCam LLC.)
DRV - (nvstor32) -- D:\Windows\system32\DRIVERS\nvstor32.sys (NVIDIA Corporation)
DRV - (VPCNetS2) -- D:\Windows\System32\drivers\VMNetSrv.sys (Microsoft Corporation)
 
 
[color=#E56717]========== Standard Registry (SafeList) ==========[/color]
 
 
[color=#E56717]========== Internet Explorer ==========[/color]
 
 
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://qip.ru
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Search_URL = http://search.qip.ru
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://search.qip.ru
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://start.icq.com/skins7/
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = http://de.msn.com/?ocid=iehp
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = de
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 90 11 A2 59 5E 97 CA 01  [binary data]
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = http://search.qip.ru/ie
IE - HKCU\..\URLSearchHook:  - Reg Error: Key error. File not found
IE - HKCU\..\URLSearchHook: {855F3B16-6D32-4fe6-8A56-BBB695989046} - Reg Error: Key error. File not found
IE - HKCU\..\URLSearchHook: {A55F9C95-2BB1-4EA2-BC77-DFAAB78832CE} - D:\Users\Dima\AppData\Roaming\Microsoft\Internet Explorer\qipsearchbar.dll (qip.ru)
IE - HKCU\..\URLSearchHook: {E312764E-7706-43F1-8DAB-FCDD2B1E416D} - D:\Programme\Search Settings\SearchSettings.dll (Spigot, Inc.)
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local
 
[color=#E56717]========== FireFox ==========[/color]
 
FF - prefs.js..browser.search.defaultenginename: "ICQ Search"
FF - prefs.js..browser.search.selectedEngine: "ICQ Search"
FF - prefs.js..browser.startup.homepage: "http://www.google.de/"
FF - prefs.js..extensions.enabledItems: {d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}:1.2.2
FF - prefs.js..extensions.enabledItems: {b9db16a4-6edc-47ec-a1f4-b86292ed211d}:4.8
FF - prefs.js..extensions.enabledItems: {32a1fd71-835e-4b11-8e54-886fda0b4c89}:1.1
FF - prefs.js..extensions.enabledItems: firebug@software.joehewitt.com:1.5.4
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}:6.0.20
FF - prefs.js..extensions.enabledItems: eafo3fflauncher@ea.com:1.1
FF - prefs.js..keyword.URL: "http://search.icq.com/search/afe_results.php?ch_id=skins7&tb_ver=2.0.0.2&q="
 
FF - user.js..browser.search.openintab: false
 
FF - HKLM\software\mozilla\Mozilla Firefox 3.6.8\extensions\\Components: D:\Program Files\Browser\Mozilla Firefox\components [2010.07.26 13:25:06 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.6.8\extensions\\Plugins: D:\Program Files\Browser\Mozilla Firefox\plugins [2010.07.26 13:25:06 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Thunderbird 3.0.6\extensions\\Components: D:\Program Files\Mozilla Thunderbird\components [2010.08.11 18:58:03 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Thunderbird 3.0.6\extensions\\Plugins: D:\Program Files\Mozilla Thunderbird\plugins
 
[2010.01.18 22:16:48 | 000,000,000 | ---D | M] -- D:\Users\Dima\AppData\Roaming\mozilla\Extensions
[2010.01.18 22:16:48 | 000,000,000 | ---D | M] (No name found) -- D:\Users\Dima\AppData\Roaming\mozilla\Extensions\{3550f703-e582-4d05-9a08-453d09bdfdc6}
[2010.08.21 13:29:12 | 000,000,000 | ---D | M] -- D:\Users\Dima\AppData\Roaming\mozilla\Firefox\Profiles\1c71040j.default\extensions
[2010.03.16 18:32:07 | 000,000,000 | ---D | M] (QipAuthorizer) -- D:\Users\Dima\AppData\Roaming\mozilla\Firefox\Profiles\1c71040j.default\extensions\{32a1fd71-835e-4b11-8e54-886fda0b4c89}
[2010.06.28 13:02:44 | 000,000,000 | ---D | M] (No name found) -- D:\Users\Dima\AppData\Roaming\mozilla\Firefox\Profiles\1c71040j.default\extensions\{800b5000-a755-47e1-992b-48a1c1357f07}
[2010.06.28 13:02:44 | 000,000,000 | ---D | M] (No name found) -- D:\Users\Dima\AppData\Roaming\mozilla\Firefox\Profiles\1c71040j.default\extensions\{800b5000-a755-47e1-992b-48a1c1357f07}-trash
[2010.07.29 19:26:46 | 000,000,000 | ---D | M] (DownloadHelper) -- D:\Users\Dima\AppData\Roaming\mozilla\Firefox\Profiles\1c71040j.default\extensions\{b9db16a4-6edc-47ec-a1f4-b86292ed211d}
[2010.08.18 21:31:51 | 000,000,000 | ---D | M] (Adblock Plus) -- D:\Users\Dima\AppData\Roaming\mozilla\Firefox\Profiles\1c71040j.default\extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}
[2010.06.14 07:56:26 | 000,000,000 | ---D | M] -- D:\Users\Dima\AppData\Roaming\mozilla\Firefox\Profiles\1c71040j.default\extensions\eafo3fflauncher@ea.com
[2010.05.07 22:16:42 | 000,000,000 | ---D | M] -- D:\Users\Dima\AppData\Roaming\mozilla\Firefox\Profiles\1c71040j.default\extensions\firebug@software.joehewitt.com
[2010.06.10 21:43:39 | 000,000,000 | ---D | M] -- D:\Users\Dima\AppData\Roaming\mozilla\Firefox\Profiles\1c71040j.default\extensions\yasearch@yandex.ru
[2010.06.10 21:43:36 | 000,000,000 | ---D | M] -- D:\Users\Dima\AppData\Roaming\mozilla\Firefox\Profiles\1c71040j.default\extensions\yasearch@yandex.ru\chrome\skin\extensions-hacks
[2010.08.16 17:30:11 | 000,000,950 | ---- | M] () -- D:\Users\Dima\AppData\Roaming\Mozilla\FireFox\Profiles\1c71040j.default\searchplugins\icqplugin-1.xml
[2010.07.19 09:17:57 | 000,000,945 | ---- | M] () -- D:\Users\Dima\AppData\Roaming\Mozilla\FireFox\Profiles\1c71040j.default\searchplugins\icqplugin.xml
[2010.03.16 18:32:02 | 000,002,062 | ---- | M] () -- D:\Users\Dima\AppData\Roaming\Mozilla\FireFox\Profiles\1c71040j.default\searchplugins\qip-search.xml
 
O1 HOSTS File: ([2010.06.15 14:25:18 | 000,001,030 | ---- | M]) - D:\Windows\System32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 im.adtech.de
O1 - Hosts: 127.0.0.1 adserver.adtech.de
O1 - Hosts: 127.0.0.1 adtech.de
O1 - Hosts: 127.0.0.1 atwola.com
O1 - Hosts: 127.0.0.1 adserver.71i.de
O1 - Hosts: 127.0.0.1 adicqserver.71i.de
O1 - Hosts: 127.0.0.1 71i.de
O1 - Hosts: 127.0.0.1 activate.adobe.com
O2 - BHO: (Dealio Toolbar) - {01398B87-61AF-4FFB-9AB5-1A1C5FB39A9C} - D:\Program Files\Dealio Toolbar\IE\4.0.2\dealioToolbarIE.dll File not found
O2 - BHO: (Groove GFS Browser Helper) - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - D:\Programme\Microsoft Office\Office14\GROOVEEX.DLL (Microsoft Corporation)
O2 - BHO: (QIPBHO Class) - {A55F9C95-2BB1-4EA2-BC77-DFAAB78832CE} - D:\Users\Dima\AppData\Roaming\Microsoft\Internet Explorer\qipsearchbar.dll (qip.ru)
O2 - BHO: (Office Document Cache Handler) - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - D:\Programme\Microsoft Office\Office14\URLREDIR.DLL (Microsoft Corporation)
O2 - BHO: (SearchSettings Class) - {E312764E-7706-43F1-8DAB-FCDD2B1E416D} - D:\Programme\Search Settings\SearchSettings.dll (Spigot, Inc.)
O2 - BHO: (SMTTB2009 Class) - {FCBCCB87-9224-4B8D-B117-F56D924BEB18} - D:\Program Files\Splitcam Toolbar\tbcore3.dll File not found
O3 - HKLM\..\Toolbar: (Dealio Toolbar) - {01398B87-61AF-4FFB-9AB5-1A1C5FB39A9C} - D:\Program Files\Dealio Toolbar\IE\4.0.2\dealioToolbarIE.dll File not found
O3 - HKLM\..\Toolbar: (Splitcam Toolbar) - {338B4DFE-2E2C-4338-9E41-E176D497299E} - D:\Program Files\Splitcam Toolbar\tbcore3.dll File not found
O3 - HKLM\..\Toolbar: (no name) - {855F3B16-6D32-4FE6-8A56-BBB695989046} - No CLSID value found.
O3 - HKCU\..\Toolbar\WebBrowser: (Splitcam Toolbar) - {338B4DFE-2E2C-4338-9E41-E176D497299E} - D:\Program Files\Splitcam Toolbar\tbcore3.dll File not found
O4 - HKLM..\Run: []  File not found
O4 - HKLM..\Run: [AdobeCS4ServiceManager] D:\Program Files\Common Files\Adobe\CS4ServiceManager\CS4ServiceManager.exe (Adobe Systems Incorporated)
O4 - HKLM..\Run: [avgnt] D:\Program Files\Avira\AntiVir Desktop\avgnt.exe (Avira GmbH)
O4 - HKLM..\Run: [BCSSync] D:\Program Files\Microsoft Office\Office14\BCSSync.exe (Microsoft Corporation)
O4 - HKLM..\Run: [LogMeIn Hamachi Ui] D:\Program Files\LogMeIn Hamachi\hamachi-2-ui.exe (LogMeIn Inc.)
O4 - HKLM..\Run: [NvCplDaemon] D:\Windows\System32\NvCpl.DLL (NVIDIA Corporation)
O4 - HKLM..\Run: [QuickTime Task] D:\Program Files\QuickTime Alternative\QTTask.exe (Apple Inc.)
O4 - HKLM..\Run: [VKSaverUpdater] D:\Programme\VKSaver\VKSaverUpdater.exe (AudioVkontakte.Ru)
O4 - HKCU..\Run: [DAEMON Tools Lite] D:\Program Files\DAEMON Tools Lite\DTLite.exe (DT Soft Ltd)
O4 - HKCU..\Run: [EPSON Stylus DX4400 Series] D:\Windows\System32\spool\DRIVERS\W32X86\3\E_FATICAE.EXE (SEIKO EPSON CORPORATION)
O4 - HKCU..\Run: [QIP Internet Guardian] D:\Users\Dima\AppData\Roaming\QipGuard\QipGuard.exe ()
O4 - HKCU..\Run: [RGSC] C:\Program Files\Rockstar Games\Rockstar Games Social Club\RGSCLauncher.exe File not found
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Low Rights present
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoResolveTrack = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoPropertiesMyComputer = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoViewContextMenu = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoFileAssociate = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoClose = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: StartMenuLogoff = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoSMHelp = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: NoDispCPL = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: NoDispBackgroundPage = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: NoDispSettingsPage = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: NoDispScrSavPage = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 0
O8 - Extra context menu item: Nach Microsoft E&xel exportieren - D:\Programme\Microsoft Office\Office14\EXCEL.EXE (Microsoft Corporation)
O9 - Extra Button: An OneNote senden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - D:\Programme\Microsoft Office\Office12\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : An OneNote s&enden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - D:\Programme\Microsoft Office\Office12\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra Button: @D:\Windows\WindowsMobile\INetRepl.dll,-222 - {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - D:\Windows\WindowsMobile\INetRepl.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : @D:\Windows\WindowsMobile\INetRepl.dll,-223 - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - D:\Windows\WindowsMobile\INetRepl.dll (Microsoft Corporation)
O9 - Extra Button: Verknüpfte &OneNote-Notizen - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - D:\Programme\Microsoft Office\Office14\ONBttnIELinkedNotes.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : Verknüpfte &OneNote-Notizen - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - D:\Programme\Microsoft Office\Office14\ONBttnIELinkedNotes.dll (Microsoft Corporation)
O9 - Extra Button: ICQ7 - {88EB38EF-4D2C-436D-ABD3-56B232674062} - D:\Program Files\ICQ7.0\ICQ.exe File not found
O9 - Extra 'Tools' menuitem : ICQ7 - {88EB38EF-4D2C-436D-ABD3-56B232674062} - D:\Program Files\ICQ7.0\ICQ.exe File not found
O9 - Extra Button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - D:\Programme\Microsoft Office\Office12\REFIEBAR.DLL (Microsoft Corporation)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000007 [] - D:\Programme\Bonjour\mdnsNSP.dll (Apple Inc.)
O13 - gopher Prefix: missing
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-1_6_0_20-windows-i586.cab (Java Plug-in 1.6.0_20)
O16 - DPF: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_20-windows-i586.cab (Java Plug-in 1.6.0_20)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_20-windows-i586.cab (Java Plug-in 1.6.0_20)
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab (Shockwave Flash Object)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.2.1
O18 - Protocol\Handler\ms-help {314111c7-a502-11d2-bbca-00c04f8ec294} - D:\Programme\Common Files\microsoft shared\Help\hxds.dll (Microsoft Corporation)
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - D:\Programme\Common Files\Skype\Skype4COM.dll (Skype Technologies)
O18 - Protocol\Filter\text/xml {807563E5-5146-11D5-A672-00B0D022E945} - D:\Programme\Common Files\microsoft shared\OFFICE12\MSOXMLMF.DLL (Microsoft Corporation)
O20 - AppInit_DLLs: (D:\Windows\system32\vksaver.dll) - D:\Windows\System32\vksaver.dll (AudioVkontakte.Ru)
O20 - HKLM Winlogon: Shell - (explorer.exe) - D:\Windows\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - D:\Windows\System32\SystemPropertiesPerformance.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (/pagefile) -  File not found
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - CLSID or File not found.
O28 - HKLM ShellExecuteHooks: {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - D:\Programme\Microsoft Office\Office14\GROOVEEX.DLL (Microsoft Corporation)
O30 - LSA: Security Packages - (pku2u) - D:\Windows\System32\pku2u.dll (Microsoft Corporation)
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2009.09.06 20:13:30 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O32 - AutoRun File - [2009.06.10 23:42:20 | 000,000,024 | ---- | M] () - D:\autoexec.bat -- [ NTFS ]
O33 - MountPoints2\{c0947cb4-3c5a-11df-9458-eb3689e6e48f}\Shell - "" = AutoRun
O33 - MountPoints2\{c0947cb4-3c5a-11df-9458-eb3689e6e48f}\Shell\AutoRun\command - "" = M:\USBAutoRun.exe -- File not found
O33 - MountPoints2\{e945964e-3450-11df-9690-ab02eca20b5f}\Shell - "" = AutoRun
O33 - MountPoints2\{e945964e-3450-11df-9690-ab02eca20b5f}\Shell\AutoRun\command - "" = L:\autorun.exe -- File not found
O33 - MountPoints2\M\Shell - "" = AutoRun
O33 - MountPoints2\M\Shell\AutoRun\command - "" = M:\USBAutoRun.exe -- File not found
O34 - HKLM BootExecute: (autocheck autochk *) -  File not found
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
 
[color=#E56717]========== Files/Folders - Created Within 30 Days ==========[/color]
 
[2010.08.17 18:53:07 | 000,000,000 | ---D | C] -- D:\Programme\Microsoft Silverlight
[2010.08.17 18:27:41 | 000,000,000 | ---D | C] -- D:\Users\Dima\Documents\Checkers Demo
[2010.08.17 18:27:26 | 000,000,000 | ---D | C] -- D:\Programme\Halycon Media
[2010.08.07 18:46:44 | 000,000,000 | ---D | C] -- D:\Programme\AMD
[2010.08.07 18:42:50 | 000,020,328 | ---- | C] (Windows (R) Win 7 DDK provider) -- D:\Windows\System32\drivers\cpuz134_x32.sys
[2010.08.07 18:42:50 | 000,000,000 | ---D | C] -- D:\Programme\CPUID
[2010.08.07 18:27:10 | 000,000,000 | ---D | C] -- D:\Programme\Lavalys
[2010.08.07 14:31:32 | 000,000,000 | ---D | C] -- D:\Windows\System32\appmgmt
[2010.08.06 20:21:24 | 000,000,000 | ---D | C] -- D:\Programme\Scratch
[2010.08.06 20:13:08 | 000,000,000 | ---D | C] -- D:\Users\Dima\Application Data
[2010.08.04 13:47:54 | 000,000,000 | ---D | C] -- D:\Programme\TechSmith
[2010.08.02 10:31:49 | 000,000,000 | ---D | C] -- D:\Windows\Sun
[2010.07.31 16:00:01 | 000,000,000 | ---D | C] -- D:\Users\Dima\Documents\StarCraft II
[2010.07.27 12:39:57 | 000,000,000 | ---D | C] -- D:\Users\Dima\AppData\Roaming\AllDup
[2010.07.27 12:39:52 | 000,000,000 | ---D | C] -- D:\ProgramData\AllDup
[2010.07.27 12:39:51 | 002,344,880 | ---- | C] (Codejock Software) -- D:\Windows\System32\Codejock.CommandBars.v13.2.1.ocx
[2010.07.27 12:39:51 | 001,000,992 | ---- | C] (Bennet-Tec Information Systems, Inc) -- D:\Windows\System32\TList8.ocx
[2010.07.27 12:39:51 | 000,171,752 | ---- | C] (Michael Thummerer Software Design) -- D:\Windows\System32\mtRTF2.ocx
[2010.07.27 12:39:51 | 000,086,016 | ---- | C] (Michael Thummerer Software Design) -- D:\Windows\System32\mtFrame.ocx
[2010.07.27 12:39:51 | 000,085,696 | ---- | C] (Michael Thummerer Software Design) -- D:\Windows\System32\mtSplitter.ocx
[2010.07.27 12:39:51 | 000,044,736 | ---- | C] (Michael Thummerer Software Design) -- D:\Windows\System32\mtSubclass.dll
[2010.07.27 12:39:51 | 000,000,000 | ---D | C] -- D:\Programme\AllDup
[2010.07.26 12:29:42 | 000,000,000 | ---D | C] -- D:\Programme\iPod
 
[color=#E56717]========== Files - Modified Within 30 Days ==========[/color]
 
[2010.08.22 13:26:19 | 003,670,016 | -HS- | M] () -- D:\Users\Dima\NTUSER.DAT
[2010.08.22 13:25:29 | 000,000,162 | -H-- | M] () -- D:\Users\Dima\Documents\~$inrich von Kleist.docx
[2010.08.22 13:17:47 | 009,117,696 | ---- | M] () -- D:\Users\Dima\Desktop\epson324571eu.exe
[2010.08.22 13:16:16 | 000,014,016 | -H-- | M] () -- D:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2010.08.22 13:16:16 | 000,014,016 | -H-- | M] () -- D:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2010.08.22 13:13:00 | 000,001,114 | ---- | M] () -- D:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-2966586250-2735057205-461943687-1001UA.job
[2010.08.22 13:08:53 | 002,355,528 | ---- | M] () -- D:\Windows\System32\FNTCACHE.DAT
[2010.08.22 13:08:38 | 000,000,006 | -H-- | M] () -- D:\Windows\tasks\SA.DAT
[2010.08.22 13:08:29 | 000,067,584 | --S- | M] () -- D:\Windows\bootstat.dat
[2010.08.22 13:08:15 | 1609,474,048 | -HS- | M] () -- D:\hiberfil.sys
[2010.08.22 12:57:20 | 002,391,953 | -H-- | M] () -- D:\Users\Dima\AppData\Local\IconCache.db
[2010.08.22 12:46:32 | 000,029,434 | ---- | M] () -- D:\Users\Dima\Documents\Heinrich von Kleist.docx
[2010.08.21 17:00:07 | 001,480,602 | ---- | M] () -- D:\Windows\System32\PerfStringBackup.INI
[2010.08.21 17:00:07 | 000,648,814 | ---- | M] () -- D:\Windows\System32\perfh007.dat
[2010.08.21 17:00:07 | 000,610,570 | ---- | M] () -- D:\Windows\System32\perfh009.dat
[2010.08.21 17:00:07 | 000,127,914 | ---- | M] () -- D:\Windows\System32\perfc007.dat
[2010.08.21 17:00:07 | 000,104,888 | ---- | M] () -- D:\Windows\System32\perfc009.dat
[2010.08.19 17:16:01 | 000,057,344 | ---- | M] () -- D:\Users\Dima\AppData\Roaming\chrtmp
[2010.08.15 23:12:10 | 000,001,122 | ---- | M] () -- D:\Users\Public\Desktop\Heroes of Might and Magic V.lnk
[2010.08.15 22:56:37 | 000,000,001 | ---- | M] () -- D:\Windows\System32\SI.bin
[2010.08.15 14:26:01 | 002,920,016 | ---- | M] () -- D:\Users\Dima\Desktop\TeamViewer_Setup.exe
[2010.08.14 00:13:00 | 000,001,062 | ---- | M] () -- D:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-2966586250-2735057205-461943687-1001Core.job
[2010.08.13 10:56:02 | 000,214,592 | ---- | M] () -- D:\Windows\System32\PnkBstrB.xtr
[2010.08.13 10:49:06 | 000,138,968 | ---- | M] () -- D:\Windows\System32\drivers\PnkBstrK.sys
[2010.08.10 22:28:40 | 000,361,115 | ---- | M] () -- D:\Users\Dima\Desktop\t200606030.pdf
[2010.08.10 22:05:33 | 000,019,846 | ---- | M] () -- D:\Users\Dima\Desktop\stundenplan.xlsx
[2010.08.09 17:42:51 | 004,786,860 | ---- | M] () -- D:\Users\Dima\Desktop\210-robbie_rivera_-_closer_to_the_sun.mp3
[2010.08.07 18:27:30 | 000,001,904 | ---- | M] () -- D:\Users\Public\Desktop\LG PC Suite III.lnk
[2010.08.07 18:27:18 | 000,001,113 | ---- | M] () -- D:\Users\Dima\Desktop\EVEREST Ultimate Edition.lnk
[2010.08.07 16:45:05 | 733,419,520 | ---- | M] () -- D:\Users\Dima\Desktop\ubuntu-10.04-desktop-i386.iso
[2010.08.07 15:46:39 | 731,453,440 | ---- | M] () -- D:\Users\Dima\Desktop\ubuntu-10.04-desktop-amd64.iso
[2010.08.04 21:35:18 | 002,513,438 | ---- | M] () -- D:\Users\Dima\Desktop\DSCN0009.JPG
[2010.08.04 13:51:35 | 000,047,352 | ---- | M] () -- D:\Users\Dima\Documents\Präsentation1.pptx
[2010.08.04 13:48:12 | 000,001,145 | ---- | M] () -- D:\Users\Public\Desktop\Camtasia Studio 7.lnk
[2010.08.04 13:36:10 | 000,004,608 | ---- | M] () -- D:\Users\Dima\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2010.08.04 10:50:58 | 000,002,459 | ---- | M] () -- D:\Users\Public\Desktop\iTunes.lnk
[2010.07.30 11:39:02 | 000,018,432 | ---- | M] () -- D:\Users\Dima\Desktop\de.futigo-gaming.phpfusion-bridge.tar
[2010.07.30 11:38:55 | 000,010,629 | ---- | M] () -- D:\Users\Dima\Desktop\phpf_7_login.zip
[2010.07.30 11:38:05 | 000,765,952 | ---- | M] () -- D:\Users\Dima\Desktop\de.futigo-gaming.battleSystem_106.tar
[2010.07.27 12:39:52 | 000,000,894 | ---- | M] () -- D:\Users\Dima\Desktop\AllDup.lnk
[2010.07.26 12:34:35 | 000,058,200 | ---- | M] () -- D:\Users\Dima\Desktop\Milla_Jovovich,_Model.jpg
 
[color=#E56717]========== Files Created - No Company Name ==========[/color]
 
[2010.08.22 13:25:29 | 000,000,162 | -H-- | C] () -- D:\Users\Dima\Documents\~$inrich von Kleist.docx
[2010.08.22 13:17:26 | 009,117,696 | ---- | C] () -- D:\Users\Dima\Desktop\epson324571eu.exe
[2010.08.22 12:46:32 | 000,029,434 | ---- | C] () -- D:\Users\Dima\Documents\Heinrich von Kleist.docx
[2010.08.17 16:30:38 | 000,057,344 | ---- | C] () -- D:\Users\Dima\AppData\Roaming\chrtmp
[2010.08.15 23:12:10 | 000,001,122 | ---- | C] () -- D:\Users\Public\Desktop\Heroes of Might and Magic V.lnk
[2010.08.15 22:56:37 | 000,000,001 | ---- | C] () -- D:\Windows\System32\SI.bin
[2010.08.15 14:25:53 | 002,920,016 | ---- | C] () -- D:\Users\Dima\Desktop\TeamViewer_Setup.exe
[2010.08.10 22:28:36 | 000,361,115 | ---- | C] () -- D:\Users\Dima\Desktop\t200606030.pdf
[2010.08.10 22:05:33 | 000,019,846 | ---- | C] () -- D:\Users\Dima\Desktop\stundenplan.xlsx
[2010.08.09 17:40:21 | 004,786,860 | ---- | C] () -- D:\Users\Dima\Desktop\210-robbie_rivera_-_closer_to_the_sun.mp3
[2010.08.07 18:27:30 | 000,001,904 | ---- | C] () -- D:\Users\Public\Desktop\LG PC Suite III.lnk
[2010.08.07 18:27:18 | 000,001,113 | ---- | C] () -- D:\Users\Dima\Desktop\EVEREST Ultimate Edition.lnk
[2010.08.07 17:54:20 | 000,013,312 | -HS- | C] () -- D:\Users\Dima\Thumbs.db
[2010.08.07 16:25:59 | 733,419,520 | ---- | C] () -- D:\Users\Dima\Desktop\ubuntu-10.04-desktop-i386.iso
[2010.08.07 15:25:50 | 731,453,440 | ---- | C] () -- D:\Users\Dima\Desktop\ubuntu-10.04-desktop-amd64.iso
[2010.08.04 21:35:17 | 002,513,438 | ---- | C] () -- D:\Users\Dima\Desktop\DSCN0009.JPG
[2010.08.04 13:51:34 | 000,047,352 | ---- | C] () -- D:\Users\Dima\Documents\Präsentation1.pptx
[2010.08.04 13:48:12 | 000,001,145 | ---- | C] () -- D:\Users\Public\Desktop\Camtasia Studio 7.lnk
[2010.08.04 10:50:58 | 000,002,459 | ---- | C] () -- D:\Users\Public\Desktop\iTunes.lnk
[2010.07.30 11:39:02 | 000,018,432 | ---- | C] () -- D:\Users\Dima\Desktop\de.futigo-gaming.phpfusion-bridge.tar
[2010.07.30 11:38:55 | 000,010,629 | ---- | C] () -- D:\Users\Dima\Desktop\phpf_7_login.zip
[2010.07.30 11:38:00 | 000,765,952 | ---- | C] () -- D:\Users\Dima\Desktop\de.futigo-gaming.battleSystem_106.tar
[2010.07.27 12:39:52 | 000,000,894 | ---- | C] () -- D:\Users\Dima\Desktop\AllDup.lnk
[2010.07.26 12:34:33 | 000,058,200 | ---- | C] () -- D:\Users\Dima\Desktop\Milla_Jovovich,_Model.jpg
[2010.06.14 07:58:19 | 000,139,152 | ---- | C] () -- D:\Users\Dima\AppData\Roaming\PnkBstrK.sys
[2010.05.27 21:17:22 | 000,000,172 | ---- | C] () -- D:\ProgramData\hpzinstall.log
[2010.04.23 12:45:13 | 000,000,056 | -H-- | C] () -- D:\ProgramData\ezsidmv.dat
[2010.04.18 12:07:37 | 000,138,968 | ---- | C] () -- D:\Windows\System32\drivers\PnkBstrK.sys
[2010.03.31 20:47:14 | 000,221,291 | ---- | C] () -- D:\Windows\Imei_dll.dll
[2010.03.31 20:47:14 | 000,040,960 | ---- | C] () -- D:\Windows\Sublock.dll
[2010.03.31 11:05:47 | 000,053,248 | ---- | C] () -- D:\Windows\System32\CommonDL.dll
[2010.03.31 11:05:47 | 000,002,412 | ---- | C] () -- D:\Windows\System32\lgAxconfig.ini
[2010.03.20 20:44:53 | 000,691,696 | ---- | C] () -- D:\Windows\System32\drivers\sptd.sys
[2010.03.17 22:37:28 | 000,004,608 | ---- | C] () -- D:\Users\Dima\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2010.03.06 14:33:29 | 000,004,767 | ---- | C] () -- D:\Windows\Irremote.ini
[2010.02.10 07:48:53 | 000,056,880 | ---- | C] () -- D:\Windows\System32\scvideo.dll
[2010.02.08 22:24:39 | 000,000,097 | ---- | C] () -- D:\Windows\System32\PICSDK.ini
[2010.02.08 22:20:33 | 000,000,027 | ---- | C] () -- D:\Windows\CDE DX4400DEFGIPS.ini
[2009.07.14 01:51:43 | 000,073,728 | ---- | C] () -- D:\Windows\System32\BthpanContextHandler.dll
[2009.07.14 01:42:10 | 000,064,000 | ---- | C] () -- D:\Windows\System32\BWContextHandler.dll
[2008.10.22 05:29:06 | 000,173,550 | ---- | C] () -- D:\Windows\System32\xlive.dll.cat
 
[color=#E56717]========== LOP Check ==========[/color]
 
[2010.08.13 16:57:45 | 000,000,000 | ---D | M] -- D:\Users\Dima\AppData\Roaming\.purple
[2010.07.27 12:58:48 | 000,000,000 | ---D | M] -- D:\Users\Dima\AppData\Roaming\AllDup
[2010.03.30 17:04:11 | 000,000,000 | ---D | M] -- D:\Users\Dima\AppData\Roaming\AnvSoft
[2010.03.06 13:26:00 | 000,000,000 | ---D | M] -- D:\Users\Dima\AppData\Roaming\Ashampoo
[2010.02.28 16:26:58 | 000,000,000 | ---D | M] -- D:\Users\Dima\AppData\Roaming\Command & Conquer 3 Tiberium Wars
[2010.03.20 20:50:22 | 000,000,000 | ---D | M] -- D:\Users\Dima\AppData\Roaming\DAEMON Tools Lite
[2010.08.21 13:23:54 | 000,000,000 | ---D | M] -- D:\Users\Dima\AppData\Roaming\FileZilla
[2010.03.30 16:58:56 | 000,000,000 | ---D | M] -- D:\Users\Dima\AppData\Roaming\FreeFLVConverter
[2010.05.26 07:49:41 | 000,000,000 | ---D | M] -- D:\Users\Dima\AppData\Roaming\gtk-2.0
[2010.08.20 19:15:07 | 000,000,000 | ---D | M] -- D:\Users\Dima\AppData\Roaming\ICQ
[2010.04.24 04:21:07 | 000,000,000 | ---D | M] -- D:\Users\Dima\AppData\Roaming\Leawo
[2010.08.07 18:28:12 | 000,000,000 | ---D | M] -- D:\Users\Dima\AppData\Roaming\LG Electronics
[2010.05.14 23:53:20 | 000,000,000 | ---D | M] -- D:\Users\Dima\AppData\Roaming\ManyCam
[2010.02.23 22:08:01 | 000,000,000 | ---D | M] -- D:\Users\Dima\AppData\Roaming\Mikogo
[2010.02.05 12:20:06 | 000,000,000 | ---D | M] -- D:\Users\Dima\AppData\Roaming\Notepad++
[2010.06.10 21:43:34 | 000,000,000 | ---D | M] -- D:\Users\Dima\AppData\Roaming\Opera
[2010.03.16 18:32:25 | 000,000,000 | ---D | M] -- D:\Users\Dima\AppData\Roaming\QIP
[2010.03.16 18:31:44 | 000,000,000 | ---D | M] -- D:\Users\Dima\AppData\Roaming\QipGuard
[2010.01.29 14:18:14 | 000,000,000 | ---D | M] -- D:\Users\Dima\AppData\Roaming\TeamViewer
[2010.03.12 20:04:18 | 000,000,000 | ---D | M] -- D:\Users\Dima\AppData\Roaming\Thunderbird
[2010.05.03 21:16:37 | 000,000,000 | ---D | M] -- D:\Users\Dima\AppData\Roaming\TS3Client
[2010.07.20 13:59:27 | 000,000,000 | ---D | M] -- D:\Users\Dima\AppData\Roaming\Ubisoft
[2010.07.21 19:46:55 | 000,000,000 | ---D | M] -- D:\Users\Dima\AppData\Roaming\uTorrent
[2010.08.07 14:31:31 | 000,000,000 | ---D | M] -- D:\Users\Dima\AppData\Roaming\Yandex
[2010.03.31 10:55:50 | 000,000,000 | -H-D | M] -- D:\Users\Dima\AppData\Roaming\{D94BA408-F110-488B-A65E-3AE7945F79E6}
[2010.08.21 15:43:16 | 000,032,632 | ---- | M] () -- D:\Windows\Tasks\SCHEDLGU.TXT
 
[color=#E56717]========== Purity Check ==========[/color]
 
 
< End of report >

Code

OTL Extras logfile created on: 22.08.2010 13:24:11 - Run 1
OTL by OldTimer - Version 3.2.10.0     Folder = D:\Users\Dima\Downloads
 Ultimate Edition  (Version = 6.1.7600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.7600.16385)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
 
2,00 Gb Total Physical Memory | 1,00 Gb Available Physical Memory | 62,00% Memory free
4,00 Gb Paging File | 3,00 Gb Available in Paging File | 73,00% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
 
%SystemDrive% = D: | %SystemRoot% = D:\Windows | %ProgramFiles% = D:\Program Files
Drive C: | 377,27 Gb Total Space | 9,06 Gb Free Space | 2,40% Space Free | Partition Type: NTFS
Drive D: | 31,68 Gb Total Space | 1,88 Gb Free Space | 5,95% Space Free | Partition Type: NTFS
E: Drive not present or media not loaded
F: Drive not present or media not loaded
G: Drive not present or media not loaded
H: Drive not present or media not loaded
Drive I: | 48,83 Gb Total Space | 6,87 Gb Free Space | 14,06% Space Free | Partition Type: NTFS
Drive J: | 7,98 Gb Total Space | 1,01 Gb Free Space | 12,64% Space Free | Partition Type: NTFS
 
Computer Name: DIMA-PC
Current User Name: Dima
Logged in as Administrator.
 
Current Boot Mode: Normal
Scan Mode: Current user
Company Name Whitelist: Off
Skip Microsoft Files: Off
File Age = 30 Days
Output = Minimal
 
[color=#E56717]========== Extra Registry (SafeList) ==========[/color]
 
 
[color=#E56717]========== File Associations ==========[/color]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- D:\Windows\System32\control.exe (Microsoft Corporation)
.hlp [@ = hlpfile] -- D:\Windows\winhlp32.exe (Microsoft Corporation)
.html [@ = htmlfile] -- Reg Error: Key error. File not found
 
[HKEY_CURRENT_USER\SOFTWARE\Classes\<extension>]
.html [@ = ChromeHTML] -- D:\Users\Dima\AppData\Local\Google\Chrome\Application\chrome.exe (Google Inc.)
 
[color=#E56717]========== Shell Spawning ==========[/color]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
hlpfile [open] -- %SystemRoot%\winhlp32.exe %1 (Microsoft Corporation)
htmlfile [edit] -- "D:\Program Files\Microsoft Office\Office12\msohtmed.exe" %1 (Microsoft Corporation)
htmlfile [open] -- Reg Error: Key error.
htmlfile [opennew] -- Reg Error: Key error.
htmlfile [print] -- "D:\Program Files\Microsoft Office\Office12\msohtmed.exe" /p %1 (Microsoft Corporation)
http [open] -- "D:\Program Files\Internet Explorer\iexplore.exe" -nohome File not found
https [open] -- "D:\Program Files\Internet Explorer\iexplore.exe" -nohome File not found
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l (Microsoft Corporation)
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [AddToPlaylistVLC] -- "D:\Program Files\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" ()
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [OneNote.Open] -- D:\PROGRA~1\Microsoft Office\Office12\ONENOTE.EXE "%L" (Microsoft Corporation)
Directory [PlayWithVLC] -- "D:\Program Files\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" ()
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Applications\iexplore.exe [open] -- Reg Error: Key error.
CLSID\{871C5380-42A0-1069-A2EA-08002B30309D} [OpenHomePage] -- Reg Error: Key error.
 
[color=#E56717]========== Security Center Settings ==========[/color]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"VistaSp1" = Reg Error: Unknown registry data type -- File not found
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"DisableNotifications" = 0
"EnableFirewall" = 0
 
[color=#E56717]========== Authorized Applications List ==========[/color]
 
 
[color=#E56717]========== HKEY_LOCAL_MACHINE Uninstall List ==========[/color]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{002D9D5E-29BA-3E6D-9BC4-3D7D6DBC735C}" = Microsoft Visual C++ 2008 ATL Update kb973924 - x86 9.0.30729.4148
"{01501EBA-EC35-4F9F-8889-3BE346E5DA13}" = MSXML4 Parser
"{048298C9-A4D3-490B-9FF9-AB023A9238F3}" = Steam
"{05308C4E-7285-4066-BAE3-6B50DA6ED755}" = Adobe Update Manager CS4
"{054EFA56-2AC1-48F4-A883-0AB89874B972}" = Adobe Extension Manager CS4
"{065D5505-3821-4C2E-BB6C-FE66A7E7CB4F}" = USB Flash Port Driver
"{0711500B-9912-4D60-9A49-C577B4503D42}" = Nero Recode Help
"{07FF7593-9DEA-40B5-9F87-F557E65BBF60}" = Nero Recode
"{08B3869E-D282-424C-9AFC-870E04A4BA14}" = Rockstar Games Social Club
"{098727E1-775A-4450-B573-3F441F1CA243}" = kuler
"{098A2A49-7CF3-4F08-A38D-FB879117152A}" = Adobe Color NA Extra Settings CS4
"{0C0670E5-2D51-42C6-ACFF-CBCB65B7DCDB}" = SplitCam
"{0CB9668D-F979-4F31-B8B8-67FE90F929F8}" = Bonjour
"{0D6013AB-A0C7-41DC-973C-E93129C9A29F}" = Adobe Color JA Extra Settings CS4
"{0D67A4E4-5BE0-4C9A-8AD8-AB552B433F23}" = Adobe Setup
"{0DC0E85F-36E4-463B-B3EA-4CD8ED2222A1}" = Adobe Color EU Recommended Settings CS4
"{0E7DBD52-B097-4F2B-A7C7-F105B0D20FDB}" = LightScribe System Software  1.14.17.1
"{0EFC9200-73ED-456D-B579-772CE9D09E80}" = Dame XXL Demo
"{0F723FC1-7606-4867-866C-CE80AD292DAF}" = Adobe CSI CS4
"{1122AAC4-AAAA-43BF-B2D4-3C8C12378952}" = Nero InfoTool
"{11A84FCA-C3C7-4AFD-A797-111DB8569DBC}" = Nero BurningROM
"{11C88EEC-23FC-4181-B6E4-22247E2ABD28}" = Microsoft Expression Web 3
"{12345674-DE9A-677A-CCEE-666356D89777}" = Nero BurnRights
"{15BF7AAF-846C-4A6D-80E1-5D1FC7FB461B}" = Adobe SGM CS4
"{1618734A-3957-4ADD-8199-F973763109A8}" = Adobe Anchor Service CS4
"{1688F878-FD5A-4E71-B74B-D3C8E4BA1611}" = King of Kings 3 - CBT Client
"{16E16F01-2E2D-4248-A42F-76261C147B6C}" = Adobe Drive CS4
"{16E6D2C1-7C90-4309-8EC4-D2212690AAA4}" = AdobeColorCommonSetRGB
"{197A3012-8C85-4FD3-AB66-9EC7E13DB92E}" = Adobe AIR
"{1B040683-C390-4711-ABC7-DA8D85E470E7}" = NeroBurningROM
"{1DCA3EAA-6EB5-4563-A970-EA14D75037BA}" = Adobe InDesign CS4
"{1E04CB54-AF4E-4AC3-B4B7-C0A160BE57F1}" = Adobe InDesign CS4 Icon Handler
"{20071984-5EB1-4881-8EDB-082532ACEC6D}" = Heroes of Might and Magic V
"{20140000-0011-0000-0000-0000000FF1CE}" = Microsoft Office Professional Plus 2010 (Beta)
"{20140000-0015-0407-0000-0000000FF1CE}" = Microsoft Office Access MUI (German) 2010 (Beta)
"{20140000-0016-0407-0000-0000000FF1CE}" = Microsoft Office Excel MUI (German) 2010 (Beta)
"{20140000-0018-0407-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (German) 2010 (Beta)
"{20140000-0019-0407-0000-0000000FF1CE}" = Microsoft Office Publisher MUI (German) 2010 (Beta)
"{20140000-001A-0407-0000-0000000FF1CE}" = Microsoft Office Outlook MUI (German) 2010 (Beta)
"{20140000-001B-0407-0000-0000000FF1CE}" = Microsoft Office Word MUI (German) 2010 (Beta)
"{20140000-001F-0407-0000-0000000FF1CE}" = Microsoft Office Proof (German) 2010 (Beta)
"{20140000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2010 (Beta)
"{20140000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2010 (Beta)
"{20140000-001F-0410-0000-0000000FF1CE}" = Microsoft Office Proof (Italian) 2010 (Beta)
"{20140000-002C-0407-0000-0000000FF1CE}" = Microsoft Office Proofing (German) 2010 (Beta)
"{20140000-0044-0407-0000-0000000FF1CE}" = Microsoft Office InfoPath MUI (German) 2010 (Beta)
"{20140000-006E-0407-0000-0000000FF1CE}" = Microsoft Office Shared MUI (German) 2010 (Beta)
"{20140000-00A1-0407-0000-0000000FF1CE}" = Microsoft Office OneNote MUI (German) 2010 (Beta)
"{20140000-00BA-0407-0000-0000000FF1CE}" = Microsoft Office Groove MUI (German) 2010 (Beta)
"{20C45B32-5AB6-46A4-94EF-58950CAF05E5}" = EPSON Attach To Email
"{26A24AE4-039D-4CA4-87B4-2F83216020FF}" = Java(TM) 6 Update 20
"{2A88F1BF-7041-4E42-84B1-6B4ACB83AC64}" = EPSON Scan Assistant
"{2BAF2B96-7560-48B4-87D4-10178DDBE217}" = Adobe InDesign CS4 Application Feature Set Files (Roman)
"{2C3CE8F0-F4AD-4D54-A520-975309C617E2}" = LG PC Suite III
"{2D3455A8-3B15-41A8-99F8-0D4215746463}" = Nero StartSmart
"{2EB81825-E9EE-44F4-8F51-1240C3898DC6}" = EPSON File Manager
"{3097B151-1F61-4211-A4CC-D70127B226AE}" = SoundTrax
"{30C8AA56-4088-426F-91D1-0EDFD3A25678}" = Adobe Dreamweaver CS4
"{35D94F92-1D3A-43C5-8605-EA268B1A7BD9}" = PDF Settings CS4
"{39F6E2B4-CFE8-C30A-66E8-489651F0F34C}" = Adobe Media Player
"{3A4E8896-C2E7-4084-A4A4-B8FD1894E739}" = Adobe XMP Panels CS4
"{3A6829EF-0791-4FDD-9382-C690DD0821B9}" = Adobe Flash Player 10 ActiveX
"{3D2C9DE6-9ADE-4252-A241-E43723B0CE02}" = Adobe Color - Photoshop Specific CS4
"{3D3E663D-4E7E-4577-A560-7ECDDD45548A}" = PVSonyDll
"{3D9892BB-A751-4E48-ADC8-E4289956CE1D}" = QuickTime
"{3DA8DF9A-044E-46C4-8531-DEDBB0EE37FF}" = Adobe WinSoft Linguistics Plugin
"{3F30CC51-0788-487B-AA83-7214A239C0C0}" = Nero Disc Copy Gadget Help
"{428FDF9F-E010-4C4C-A8BB-156960AFCA1C}" = Adobe Fireworks CS4
"{43509E18-076E-40FE-AF38-CA5ED400A5A9}" = Pixel Bender Toolkit
"{47C6F987-685A-41AE-B092-E75B277AEE39}" = Adobe Flash CS4 Extension - Flash Lite STI others
"{4943EFF5-229F-435D-BEA9-BE3CAEA783A7}" = Adobe Service Manager Extension
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{4A52555C-032A-4083-BDD9-6A85ABFB39A8}" = Adobe SING CS4
"{4D42353B-533F-4306-AD0B-7FEF292ADE04}" = Nero CoverDesigner Help
"{4E8C27C2-D727-4C00-A90E-C3F6376EEE70}" = Nero ControlCenter
"{4F41AD68-89F2-4262-A32C-2F70B01FCE9E}" = Photo Story 3 for Windows
"{548F99E0-14CC-4D53-A7D6-4A62A5F2C748}" = Nero PhotoSnap
"{56BE5CC9-95E6-4128-ABEA-968414CA9C80}" = DolbyFiles
"{56C049BE-79E9-4502-BEA7-9754A3E60F9B}" = neroxml
"{59E4543A-D49D-4489-B445-473D763C79AF}" = Microsoft Games for Windows - LIVE Redistributable
"{5A62A775-A29A-4CE1-BBC2-4A9CD0B211EF}" = Nero Live Help
"{5AE12194-3EAA-40DF-B2BF-FE1D6B78BBF4}" = Nero Vision
"{5C2E8A0F-80E2-4C68-8CC0-D8D16E7196BF}" = Nero RescueAgent Help
"{5C42EAB8-54F9-423A-948C-1CBEF25F8DB4}" = Nero PhotoSnap Help
"{5C81B189-5456-40C4-9313-7FE6FA6DD64C}" = Office-Bibliothek
"{5C9BB0B3-E830-4814-BBA4-D93535E1C7B9}" = Nero Live
"{5F05C28D-DEA9-4AD6-A73A-064175988EAB}" = Search Settings v1.2.3
"{60DB5894-B5A1-4B62-B0F3-669A22C0EE5D}" = Adobe Dynamiclink Support
"{63C24A08-70F3-4C8E-B9FB-9F21A903801D}" = Adobe Color Video Profiles CS CS4
"{63E5CDBF-8214-4F03-84F8-CD3CE48639AD}" = Adobe Photoshop CS4 Support
"{652F3200-5E12-4CAD-BA2E-88EFE0113BCD}" = AMD OverDrive
"{67EDD823-135A-4D59-87BD-950616D6E857}" = EPSON Copy Utility 3
"{67F0E67A-8E93-4C2C-B29D-47C48262738A}" = Adobe Device Central CS4
"{68243FF8-83CA-466B-B2B8-9F99DA5479C4}" = AdobeColorCommonSetCMYK
"{6956856F-B6B3-4BE0-BA0B-8F495BE32033}" = Apple Software Update
"{69FDFBB6-351D-4B8C-89D8-867DC9D0A2A4}" = Windows Media Player Firefox Plugin
"{6ECB39BD-73C2-44DD-B1A0-898207C58D8B}" = HP Foto- und Bildbearbeitung 2.0 All-in-One Treiber 
"{6FE3B0CE-37C1-4825-908A-5A84C9B4EC2F}" = EA SPORTS(TM) FIFA Online
"{7299052b-02a4-4627-81f2-1818da5d550d}" = Microsoft Visual C++ 2005 Redistributable
"{752E90AC-3F11-4EA3-88EA-96441047EC31}" = Microsoft Expression Web 3 SP1
"{75321954-2589-11DC-DDCC-E98356D81493}" = Nero DriveSpeed
"{753973C4-B961-43BF-B2D4-3C8C92F7216E}" = Nero DriveSpeed
"{770657D0-A123-3C07-8E44-1C83EC895118}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
"{78523651-D8B1-11DC-CCEE-741589645873}" = Nero DiscSpeed
"{7CC7BDD5-6F10-4724-96A1-EAC7D9F2831C}" = Adobe InDesign CS4 Common Base Files
"{7D42B43A-EA63-4234-B00A-757C15B2B185}_is1" =  Leawo Free AVI Converter version  1.5.3.0
"{818ABC3C-635C-4651-8183-D0E9640B7DD1}" = HP Update
"{820D3F45-F6EE-4AAF-81EF-CE21FF21D230}" = Adobe Type Support CS4
"{83877DB1-8B77-45BC-AB43-2BAC22E093E0}" = Adobe Bridge CS4
"{842B4B72-9E8F-4962-B3C1-1C422A5C4434}" = Suite Shared Configuration CS4
"{85991ED2-010C-4930-96FA-52F43C2CE98A}" = Apple Mobile Device Support
"{87532CAB-7932-4F84-8937-823337622807}" = Adobe Illustrator CS4
"{88EB38EF-4D2C-436D-ABD3-56B232674062}" = ICQ7
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{8A74DEFD-A224-49CC-AB80-4E88BC730125}" = LogMeIn Hamachi
"{8A7CAA24-7B23-410B-A7C3-F994B0944160}" = Microsoft Virtual PC 2007
"{8C654BD0-1949-43DE-84F2-EC2A1ABB0CB4}" = Nero ShowTime
"{8CFA9151-6404-409A-AF22-4632D04582FD}" = Assassin's Creed
"{8DAC1AE4-33D1-4A78-8A42-00E09EDECC3E}" = Camera RAW Plug-In for EPSON Creativity Suite
"{90120000-0016-0407-0000-0000000FF1CE}" = Microsoft Office Excel MUI (German) 2007
"{90120000-0016-0407-0000-0000000FF1CE}_HOMESTUDENTR_{9BD40163-B95D-4B07-8991-0AB775B6D88B}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0018-0407-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (German) 2007
"{90120000-0018-0407-0000-0000000FF1CE}_HOMESTUDENTR_{9BD40163-B95D-4B07-8991-0AB775B6D88B}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-001B-0407-0000-0000000FF1CE}" = Microsoft Office Word MUI (German) 2007
"{90120000-001B-0407-0000-0000000FF1CE}_HOMESTUDENTR_{9BD40163-B95D-4B07-8991-0AB775B6D88B}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-001F-0407-0000-0000000FF1CE}" = Microsoft Office Proof (German) 2007
"{90120000-001F-0407-0000-0000000FF1CE}_HOMESTUDENTR_{A0516415-ED61-419A-981D-93596DA74165}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2007
"{90120000-001F-0409-0000-0000000FF1CE}_HOMESTUDENTR_{ABDDE972-355B-4AF1-89A8-DA50B7B5C045}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2007
"{90120000-001F-040C-0000-0000000FF1CE}_HOMESTUDENTR_{F580DDD5-8D37-4998-968E-EBB76BB86787}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-001F-0410-0000-0000000FF1CE}" = Microsoft Office Proof (Italian) 2007
"{90120000-001F-0410-0000-0000000FF1CE}_HOMESTUDENTR_{322296D4-1EAE-4030-9FBC-D2787EB25FA2}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-002C-0407-0000-0000000FF1CE}" = Microsoft Office Proofing (German) 2007
"{90120000-006E-0407-0000-0000000FF1CE}" = Microsoft Office Shared MUI (German) 2007
"{90120000-006E-0407-0000-0000000FF1CE}_HOMESTUDENTR_{26454C26-D259-4543-AA60-3189E09C5F76}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-00A1-0407-0000-0000000FF1CE}" = Microsoft Office OneNote MUI (German) 2007
"{90120000-00A1-0407-0000-0000000FF1CE}_HOMESTUDENTR_{9BD40163-B95D-4B07-8991-0AB775B6D88B}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{904CCF62-818D-4675-BC76-D37EB399F917}" = Windows Mobile-Gerätecenter
"{91120000-002F-0000-0000-0000000FF1CE}" = Microsoft Office Home and Student 2007
"{91120000-002F-0000-0000-0000000FF1CE}_HOMESTUDENTR_{0B36C6D6-F5D8-4EAF-BF94-4376A230AD5B}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{91120000-002F-0000-0000-0000000FF1CE}_HOMESTUDENTR_{3D019598-7B59-447A-80AE-815B703B84FF}" = Security Update for Microsoft Office system 2007 (972581)
"{91BF142C-E8C0-4279-A98D-A61A4404CF56}" = Duden Korrektor
"{91F7F3F3-CE80-48C3-8327-7D24A0A5716A}" = iTunes
"{931AB7EA-3656-4BB7-864D-022B09E3DD67}" = Adobe Linguistics CS4
"{943CC0C0-2253-4FE0-9493-DD386F7857FD}" = Nero Express
"{948FFAAE-C57F-447B-9B07-3721E950BFDC}" = Nero ShowTime
"{94D398EB-D2FD-4FD1-B8C4-592635E8A191}" = Adobe CMaps CS4
"{961D53EA-40DC-4156-AD74-25684CE05F81}" = Nero Installer
"{9867A917-5D17-40DE-83BA-BEA5293194B1}" = HP Foto- und Bildbearbeitung 2.0 - All-in-One
"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
"{9A875B56-A35C-46BA-A3AA-DF8D03EE9F2F}" = Nero ControlCenter
"{9F3523F8-DAD7-AE52-6DA7-45CDDDF33726}" = Advertising Center
"{A128921B-D03F-4BFB-8141-C365AA48D660}" = Adobe Setup
"{A2881E09-38DB-4F79-9135-00FDA01768A7}" = Adobe Creative Suite 4 Design Premium
"{A73BEC3C-40A0-480E-87EF-EFCD33629088}" = NeroExpress
"{A7DB362E-16DC-4E29-8A34-E74381E00B5B}" = Adobe Shockwave Player
"{A8399F58-234A-48C6-BA55-30C15738BF3C}" = Nero CoverDesigner
"{A8F2089B-1F79-4BF6-B385-A2C2B0B9A74D}" = ImagXpress
"{AAA12554-2589-11DC-92EF-E98356D81493}" = Nero InfoTool
"{AABBCC54-D8B1-11DC-92EF-E98356D81493}" = Nero DiscSpeed
"{AAF4238F-7C29-451D-9925-C753271A5728}" = Microsoft Visual C++ Run Time  Lib Setup
"{ABD7DBE3-E344-4BCA-B8AD-4360494DD1D9}" = LG MC USB U330 driver
"{AC7EE5F1-0DE4-4256-8E43-92B73C8E6019}" = LG Bluetooth Drivers
"{B0C30E93-D3D9-4F04-A2AC-54749B573275}" = Command & Conquer 3
"{B1EE19E5-30DC-4912-85E9-B656867F27B6}_is1" = ICQ Password Changer 1.0
"{B29AD377-CC12-490A-A480-1452337C618D}" = Connect
"{B2C12C8D-65DC-40BD-B309-5ADB0C6C8D8F}" = Nero WaveEditor
"{B2D328BE-45AD-4D92-96F9-2151490A203E}" = Apple Application Support
"{B65BA85C-0A27-4BC0-A22D-A66F0E5B9494}" = Adobe Photoshop CS4
"{B66E665A-DF96-4C38-9422-C7F74BC1B4E5}" = EPSON Easy Photo Print
"{B96C2601-52F5-4D5D-816A-63469EA311EF}" = "Nero SoundTrax Help
"{BB4E33EC-8181-4685-96F7-8554293DEC6A}" = Adobe Output Module
"{BCD82AB5-670D-4242-90FA-1F97103C16CD}" = Movie Templates - Starter Kit
"{BD3374D3-C2E6-42B7-A80B-E850B6886246}" = Adobe Flash CS4 STI-other
"{C05D8CDB-417D-4335-A38C-A0659EDFD6B8}" = Die Sims™ 3
"{C0E18DC4-C74A-4889-AE3A-933471023787}" = LG PC Suite III
"{C4BE99A4-D1C7-46CC-9E06-B901A4BC7854}_is1" = ICQ Password Hasher 1.2
"{C52E3EC1-048C-45E1-8D53-10B0C6509683}" = Adobe Default Language CS4
"{C878CD69-85DB-426B-81A3-E71175AAEB91}" = Dealio Toolbar v4.0.2
"{C99C89A3-119A-45E6-B26E-DD5643CAA0C5}" = Menu Templates - Starter Kit
"{cba418d3-f58c-4c58-8429-35bdf0790fe9}" = Nero 9
"{CC75AB5C-2110-4A7F-AF52-708680D22FE8}" = Photoshop Camera Raw
"{CCA5EAAD-92F4-4B7A-B5EE-14294C66AB61}" = PlayReady PC Runtime x86
"{CD1826A5-CFCC-4C6E-9F9D-E181876162EA}" = Nero Rescue Agent
"{D103C4BA-F905-437A-8049-DB24763BBE36}" = Skype™ 4.2
"{D417C96A-FCC7-4590-A1BB-FAF73F5BC98E}" = GTA San Andreas
"{D7C206B6-1A63-4389-A8B1-8F607D0BFF1F}" = Nero StartSmart Help
"{D94BA408-F110-488B-A65E-3AE7945F79E6}_is1" = LG PC Suite III deinstallieren
"{DE6E4530-4AB0-482E-91DE-7FE6309C6EF1}" = Camtasia Studio 7
"{E1640DA5-89B4-4F52-B15D-5DA3D14F29D4}" = LG USB Modem Drivers
"{E3E71D07-CD27-46CB-8448-16D4FB29AA13}" = Microsoft WSE 3.0 Runtime
"{E4848436-0345-47E2-B648-8B522FCDA623}" = Adobe Photoshop CS4
"{E4A8DD87-A746-4443-BF25-CAF99CED6767}" = Nero Disc Copy Gadget
"{E86156E5-9859-440D-8876-26CED1349802}" = Nero WaveEditor Help
"{EA9FFE54-D8B1-11DC-92EF-E98356D81493}" = Nero BurnRights
"{F0E64E2E-3A60-40D8-A55D-92F6831875DA}" = Adobe Search for Help
"{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver
"{F53F6769-AC46-49E3-ABE3-2C8AFD39D0DD}" = Nero Vision
"{F8EF2B3F-C345-4F20-8FE4-791A20333CD5}" = Adobe ExtendScript Toolkit CS4
"{F93C84A6-0DC6-42AF-89FA-776F7C377353}" = Adobe PDF Library Files CS4
"{FCDD51BB-CAD0-4BB1-B7DF-CE86D1032794}" = Adobe Fonts All
"{FF66E9F6-83E7-3A3E-AF14-8DE9A809A6A4}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022
"7D6D030B3D73FCCA3D4E45319380F315DFBE7A54" = Windows-Treiberpaket - Infineon Technologies (FlashUSB) USB  (04/16/2009 1.0.0.6)
"7-Zip" = 7-Zip 4.65
"Adobe AIR" = Adobe AIR
"Adobe Flash Player ActiveX" = Adobe Flash Player 10 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 10 Plugin
"Adobe_55230b0b70661df0f212e88f0b655f7" = Adobe Creative Suite 4 Design Premium
"Adobe_faf656ef605427ee2f42989c3ad31b8" = Adobe Photoshop CS4
"AllDup_is1" = AllDup 3.0.2
"aMSN" = aMSN 0.98.3
"Avira AntiVir Desktop" = Avira AntiVir Personal - Free Antivirus
"CCleaner" = CCleaner
"com.adobe.amp.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1" = Adobe Media Player
"CPUID CPU-Z_is1" = CPUID CPU-Z 1.55
"Cross Fire_is1" = Cross Fire En
"CX4300_5500_DX4400 Handbuch" = CX4300_5500_DX4400 Handbuch
"CyberGhost VPN_is1" = CyberGhost VPN
"Êàçàêè II - Áèòâà çà Åâðîïó_is1" = Êàçàêè II - Áèòâà çà Åâðîïó 1.4
"Epicwallpaper - Light-Vortex-1-FVZ8W01T6G-1680x1050" = Light-Vortex-1-FVZ8W01T6G-1680x1050
"EPSON Printer and Utilities" = EPSON-Drucker-Software
"EPSON Scanner" = EPSON Scan
"eToolz" = eToolz
"EVEREST Ultimate Edition_is1" = EVEREST Ultimate Edition v5.50
"Free Convert to DIVX AVI WMV MP4 MPEG Converter_is1" = Free Convert to DIVX AVI WMV MP4 MPEG Converter 5.8
"Free FLV Converter_is1" = Free FLV Converter V 6.7.5
"HOMESTUDENTR" = Microsoft Office Home and Student 2007
"Infineon USB driver_is1" = Infineon USB driver 1.0.0.6
"InstallShield_{20C45B32-5AB6-46A4-94EF-58950CAF05E5}" = EPSON Attach To Email
"InstallShield_{91BF142C-E8C0-4279-A98D-A61A4404CF56}" = Duden Korrektor
"LogMeIn Hamachi" = LogMeIn Hamachi
"Mikogo" = Mikogo
"Mozilla Firefox (3.6.8)" = Mozilla Firefox (3.6.8)
"Mozilla Thunderbird (3.0.6)" = Mozilla Thunderbird (3.0.6)
"MTA:SA" = MTA:SA v1.0.4
"MTA:SA Race" = MTA:SA Race 1.1.2
"NVIDIA Drivers" = NVIDIA Drivers
"Office14.PROPLUS" = Microsoft Office Professional Plus 2010
"OpenAL" = OpenAL
"Pidgin" = Pidgin
"PunkBusterSvc" = PunkBuster Services
"QuicktimeAlt_is1" = QuickTime Alternative 3.1.1
"Scratch" = Scratch
"Splitcam Toolbar" = Splitcam Toolbar
"StarCraft II" = StarCraft II
"TmNationsForever_is1" = TmNationsForever
"Uninstall_is1" = Uninstall 1.0.0.1
"VKSaver" = VKSaver
"VLC media player" = VLC media player 1.0.5
"Web_3.0.3813.0" = Microsoft Expression Web 3
"WinRAR archiver" = WinRAR
 
[color=#E56717]========== HKEY_CURRENT_USER Uninstall List ==========[/color]
 
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"FileZilla Client" = FileZilla Client 3.3.2.1
"Google Chrome" = Google Chrome
"Power Loader" = Power Challenge Game Plugin
"QIP Infium" = QIP Infium 2.0.9034
"QipGuard" = QIP Internet Guardian
"TeamSpeak 3 Client" = TeamSpeak 3 Client
"uTorrent" = µTorrent
 
[color=#E56717]========== Last 10 Event Log Errors ==========[/color]
 
[ Application Events ]
Error - 07.08.2010 12:38:15 | Computer Name = Dima-PC | Source = Application Error | ID = 1000
Description = Name der fehlerhaften Anwendung: chrome.exe, Version: 0.0.0.0, Zeitstempel:
 0x4c48a883  Name des fehlerhaften Moduls: SHLWAPI.dll, Version: 6.1.7600.16385, Zeitstempel:
 0x4a5bdb05  Ausnahmecode: 0xc0000005  Fehleroffset: 0x0000dad8  ID des fehlerhaften Prozesses:
 0x10b0  Startzeit der fehlerhaften Anwendung: 0x01cb364eb261750c  Pfad der fehlerhaften
 Anwendung: D:\Users\Dima\AppData\Local\Google\Chrome\Application\chrome.exe  Pfad
 des fehlerhaften Moduls: D:\Windows\system32\SHLWAPI.dll  Berichtskennung: 2c8e7e9c-a242-11df-be6b-001bfca5365c
 
Error - 15.08.2010 17:08:22 | Computer Name = Dima-PC | Source = VSS | ID = 8194
Description = 
 
Error - 15.08.2010 17:13:23 | Computer Name = Dima-PC | Source = VSS | ID = 8194
Description = 
 
Error - 20.08.2010 10:57:16 | Computer Name = Dima-PC | Source = Application Hang | ID = 1002
Description = Programm chrome.exe, Version 0.0.0.0 kann nicht mehr unter Windows
 ausgeführt werden und wurde beendet. Überprüfen Sie den Problemverlauf in der Wartungscenter-Systemsteuerung,
 um nach weiteren Informationen zum Problem zu suchen.    Prozess-ID: d90    Startzeit: 
01cb4077e41338f0    Endzeit: 5    Anwendungspfad: D:\Users\Dima\AppData\Local\Google\Chrome\Application\chrome.exe

Berichts-ID:
 35ec29c1-ac6b-11df-ba97-001bfca5365c  
 
Error - 20.08.2010 10:57:47 | Computer Name = Dima-PC | Source = Application Hang | ID = 1002
Description = Programm chrome.exe, Version 0.0.0.0 kann nicht mehr unter Windows
 ausgeführt werden und wurde beendet. Überprüfen Sie den Problemverlauf in der Wartungscenter-Systemsteuerung,
 um nach weiteren Informationen zum Problem zu suchen.    Prozess-ID: f48    Startzeit: 
01cb4077fbc44930    Endzeit: 15    Anwendungspfad: D:\Users\Dima\AppData\Local\Google\Chrome\Application\chrome.exe

Berichts-ID:
 49cf4211-ac6b-11df-ba97-001bfca5365c  
 
Error - 22.08.2010 05:39:30 | Computer Name = Dima-PC | Source = Microsoft-Windows-CAPI2 | ID = 4101
Description = Fehler bei der automatischen Aktualisierung des Drittanbieterstammzertifikats
 von <http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/02FAF3E291435468607857694DF5E45B68851868.crt>.
 Fehler: Dieser Vorgang wurde wegen Zeitüberschreitung zurückgegeben.  .
 
Error - 22.08.2010 06:07:57 | Computer Name = Dima-PC | Source = Application Error | ID = 1000
Description = Name der fehlerhaften Anwendung: WINWORD.EXE, Version: 12.0.6514.5000,
 Zeitstempel: 0x4a89d533  Name des fehlerhaften Moduls: MSGR3GE.DLL, Version: 3.5.0.1507,
 Zeitstempel: 0x483d2f4a  Ausnahmecode: 0xc0000005  Fehleroffset: 0x0000391a  ID des fehlerhaften
 Prozesses: 0xdf0  Startzeit der fehlerhaften Anwendung: 0x01cb41e1da922910  Pfad der
 fehlerhaften Anwendung: D:\Program Files\Microsoft Office\Office12\WINWORD.EXE  Pfad
 des fehlerhaften Moduls: D:\Program Files\Common Files\Microsoft Shared\PROOF\1031\MSGR3GE.DLL
Berichtskennung:
 2280cd30-add5-11df-b923-001bfca5365c
 
Error - 22.08.2010 06:08:19 | Computer Name = Dima-PC | Source = Application Error | ID = 1000
Description = Name der fehlerhaften Anwendung: WINWORD.EXE, Version: 12.0.6514.5000,
 Zeitstempel: 0x4a89d533  Name des fehlerhaften Moduls: MSGR3GE.DLL, Version: 3.5.0.1507,
 Zeitstempel: 0x483d2f4a  Ausnahmecode: 0xc0000005  Fehleroffset: 0x0000391a  ID des fehlerhaften
 Prozesses: 0xcd4  Startzeit der fehlerhaften Anwendung: 0x01cb41e1ec5399e0  Pfad der
 fehlerhaften Anwendung: D:\Program Files\Microsoft Office\Office12\WINWORD.EXE  Pfad
 des fehlerhaften Moduls: D:\Program Files\Common Files\Microsoft Shared\PROOF\1031\MSGR3GE.DLL
Berichtskennung:
 2f6ff570-add5-11df-b923-001bfca5365c
 
Error - 22.08.2010 06:08:51 | Computer Name = Dima-PC | Source = Application Error | ID = 1000
Description = Name der fehlerhaften Anwendung: WINWORD.EXE, Version: 12.0.6514.5000,
 Zeitstempel: 0x4a89d533  Name des fehlerhaften Moduls: MSGR3GE.DLL, Version: 3.5.0.1507,
 Zeitstempel: 0x483d2f4a  Ausnahmecode: 0xc0000005  Fehleroffset: 0x0000391a  ID des fehlerhaften
 Prozesses: 0x1580  Startzeit der fehlerhaften Anwendung: 0x01cb41e1fac4ce40  Pfad der
 fehlerhaften Anwendung: D:\Program Files\Microsoft Office\Office12\WINWORD.EXE  Pfad
 des fehlerhaften Moduls: D:\Program Files\Common Files\Microsoft Shared\PROOF\1031\MSGR3GE.DLL
Berichtskennung:
 42bbafc0-add5-11df-b923-001bfca5365c
 
Error - 22.08.2010 06:09:18 | Computer Name = Dima-PC | Source = Application Error | ID = 1000
Description = Name der fehlerhaften Anwendung: WINWORD.EXE, Version: 12.0.6514.5000,
 Zeitstempel: 0x4a89d533  Name des fehlerhaften Moduls: MSGR3GE.DLL, Version: 3.5.0.1507,
 Zeitstempel: 0x483d2f4a  Ausnahmecode: 0xc0000005  Fehleroffset: 0x0000391a  ID des fehlerhaften
 Prozesses: 0x1138  Startzeit der fehlerhaften Anwendung: 0x01cb41e20f66c9c0  Pfad der
 fehlerhaften Anwendung: D:\Program Files\Microsoft Office\Office12\WINWORD.EXE  Pfad
 des fehlerhaften Moduls: D:\Program Files\Common Files\Microsoft Shared\PROOF\1031\MSGR3GE.DLL
Berichtskennung:
 529b4130-add5-11df-b923-001bfca5365c
 
[ Media Center Events ]
Error - 20.03.2010 05:19:35 | Computer Name = Dima-PC | Source = MCUpdate | ID = 0
Description = 10:19:35 - Fehler beim Herstellen der Internetverbindung.  10:19:35 
-     Serververbindung konnte nicht hergestellt werden..  
 
Error - 20.03.2010 05:19:50 | Computer Name = Dima-PC | Source = MCUpdate | ID = 0
Description = 10:19:40 - Fehler beim Herstellen der Internetverbindung.  10:19:40 
-     Serververbindung konnte nicht hergestellt werden..  
 
[ OSession Events ]
Error - 02.06.2010 16:48:36 | Computer Name = Dima-PC | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 0, Application Name: Microsoft Office Word, Application Version:
 12.0.6514.5000, Microsoft Office Version: 12.0.6425.1000. This session lasted 3315
 seconds with 240 seconds of active time.  This session ended with a crash.
 
Error - 04.08.2010 07:08:38 | Computer Name = Dima-PC | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 0, Application Name: Microsoft Office Word, Application Version:
 12.0.6514.5000, Microsoft Office Version: 12.0.6425.1000. This session lasted 18
 seconds with 0 seconds of active time.  This session ended with a crash.
 
Error - 06.08.2010 14:12:49 | Computer Name = Dima-PC | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 0, Application Name: Microsoft Office Word, Application Version:
 12.0.6514.5000, Microsoft Office Version: 12.0.6425.1000. This session lasted 13
 seconds with 0 seconds of active time.  This session ended with a crash.
 
Error - 06.08.2010 14:14:17 | Computer Name = Dima-PC | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 0, Application Name: Microsoft Office Word, Application Version:
 12.0.6514.5000, Microsoft Office Version: 12.0.6425.1000. This session lasted 36
 seconds with 0 seconds of active time.  This session ended with a crash.
 
Error - 22.08.2010 06:07:56 | Computer Name = Dima-PC | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 0, Application Name: Microsoft Office Word, Application Version:
 12.0.6514.5000, Microsoft Office Version: 12.0.6425.1000. This session lasted 16
 seconds with 0 seconds of active time.  This session ended with a crash.
 
Error - 22.08.2010 06:08:18 | Computer Name = Dima-PC | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 0, Application Name: Microsoft Office Word, Application Version:
 12.0.6514.5000, Microsoft Office Version: 12.0.6425.1000. This session lasted 8
 seconds with 0 seconds of active time.  This session ended with a crash.
 
Error - 22.08.2010 06:08:51 | Computer Name = Dima-PC | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 0, Application Name: Microsoft Office Word, Application Version:
 12.0.6514.5000, Microsoft Office Version: 12.0.6425.1000. This session lasted 17
 seconds with 0 seconds of active time.  This session ended with a crash.
 
Error - 22.08.2010 06:09:17 | Computer Name = Dima-PC | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 0, Application Name: Microsoft Office Word, Application Version:
 12.0.6514.5000, Microsoft Office Version: 12.0.6425.1000. This session lasted 9
 seconds with 0 seconds of active time.  This session ended with a crash.
 
[ System Events ]
Error - 09.07.2010 23:04:37 | Computer Name = Dima-PC | Source = Microsoft-Windows-Kernel-General | ID = 5
Description = 
 
Error - 10.07.2010 07:28:42 | Computer Name = Dima-PC | Source = Microsoft-Windows-Kernel-General | ID = 5
Description = 
 
Error - 10.07.2010 08:22:55 | Computer Name = Dima-PC | Source = Microsoft-Windows-Kernel-General | ID = 5
Description = 
 
Error - 10.07.2010 20:08:00 | Computer Name = Dima-PC | Source = Microsoft-Windows-Kernel-General | ID = 5
Description = 
 
Error - 11.07.2010 09:35:38 | Computer Name = Dima-PC | Source = Microsoft-Windows-Kernel-General | ID = 5
Description = 
 
Error - 11.07.2010 16:03:21 | Computer Name = Dima-PC | Source = Microsoft-Windows-HAL | ID = 12
Description = Der Speicher wurde beim letzten Leistungsübergang des Systems von 
der Plattformfirmware beschädigt. Überprüfen Sie, ob für Ihr System aktualisierte
 Firmware verfügbar ist.
 
Error - 11.07.2010 21:09:13 | Computer Name = Dima-PC | Source = Microsoft-Windows-Kernel-General | ID = 5
Description = 
 
Error - 12.07.2010 12:26:45 | Computer Name = Dima-PC | Source = Microsoft-Windows-Kernel-General | ID = 5
Description = 
 
Error - 12.07.2010 17:44:40 | Computer Name = Dima-PC | Source = EventLog | ID = 6008
Description = Das System wurde zuvor am ?12.?07.?2010 um 19:57:29 unerwartet heruntergefahren.
 
Error - 12.07.2010 17:44:43 | Computer Name = Dima-PC | Source = Microsoft-Windows-Kernel-General | ID = 5
Description = 
 
 
< End of report >

GMER log ist im Anhang.

Was mir letztens auch noch aufgefallen ist- ist, dass irgendwer sich wohl mit meinen Passwörtern auf Seiten einloggt..weil es da Einträge gibt, die ich selber nicht geschrieben habe !

Hoffentlich könnt ihr mir helfen

achja und auf eierer Seite kann ich den Beitrag nur an einem anderen betriebssystem machen oO

Anhang: rootcheck.zip

27.08.2010, 19:08

Swisstreasure

Moderator

Beiträge: 5694

#2 Hallo und herzlich Willkommen auf Protecus.de

Um ein infiziertes System zu bereinigen bedarf es neben Zeit auch die Beachtung folgender Punkte:

• Halte Dich an die Anweisungen des jeweiligen Helfers.
• Falls Du externen Speichermedien (USB Sticks, Festplatten) hast, dann schliesse die vor der Reinigung an.
• Während der Reinigung solltest Du weder Programme installieren noch deinstallieren, welche nicht ausdrücklich verlangt werden.
• Bitte arbeite jeden Schritt der Reihe nach ab.
• Falls bei einem Schritt Probleme auftauchen, poste was du bereits hast und melde Dich mit dem Problembeschreiben.

• Die Bereinigung ist erst beendet wenn der jeweilige Helfer das OK gibt.
• Wenn die Kiste wieder flott läuft heisst das nicht, dass das Sytem auch sauber ist.
• Bei geschäftlich genutzten Rechner sollte der zuständige IT Verantwortliche beigezogen werden.
• Ein Support unsererseits kann unter Umständen bei einem Firmenrechner abgelehnt werden.
• Bei illegaler Software besteht die Möglichkeit, dass der Support eingestellt wird.
• Jegliche Cracks oder Keygens werden weder gefördert noch akzeptiert.
• Bei stark infizierten Systemen vorallem wenn Backdoors oder Rootkits involviert sind kann es vorkommen, dass ein Helfer zum Neuaufsetzen rät.
• In letzter Instanz ist dann immer der User welcher entscheidet.

Vista und Win7 User:
Alle Programme und Tools, die wir anordnen, immer mit Rechtsklick und Als Administrator ausführen.

Schritt 1

Lade ComboFix von einem der unten aufgeführten Links herunter. Du musst diese umbenennen, bevor Du es auf den Desktop speicherst. Speichere ComboFix auf deinen Desktop.
• BleepingComputer
• ForoSpyware**NB: Es ist wichtig, das ComboFix.exe auf dem Desktop gespeichert wird**

• Doppel-klicke auf ComboFix.exe und folge den Aufforderungen.
• Wenn ComboFix fertig ist, wird es ein Log für dich erstellen.
• Bitte füge das C:\ComboFix.txt Log in deiner Antwort im Forum bei, so dass wir uns diese analysieren können.

27.08.2010, 19:49

jomandima92

...neu hier

Themenstarter

Beiträge: 4

#3 So hier der Log :

Code


ComboFix 10-08-26.04 - Dima 27.08.2010  19:35:54.1.2 - x86
Microsoft Windows 7 Ultimate   6.1.7600.0.1252.49.1031.18.2047.1121 [GMT 2:00]
ausgeführt von:: d:\users\Dima\Desktop\Combo-Fix.exe
 * Neuer Wiederherstellungspunkt wurde erstellt
.
Die folgenden Dateien wurden während des Laufs deaktiviert:
d:\windows\system32\vksaver.dll


((((((((((((((((((((((((((((((((((((   Weitere Löschungen   ))))))))))))))))))))))))))))))))))))))))))))))))
.

C:\install.exe
d:\program files\Search Settings
d:\program files\Search Settings\FF\chrome.manifest
d:\program files\Search Settings\FF\chrome\content\plugin.js
d:\program files\Search Settings\FF\chrome\content\plugin.xul
d:\program files\Search Settings\FF\chrome\content\protection.js
d:\program files\Search Settings\FF\chrome\content\utils.js
d:\program files\Search Settings\FF\chrome\locale\en-US\searchsettingsplugin.dtd
d:\program files\Search Settings\FF\chrome\locale\en-US\searchsettingsplugin.properties
d:\program files\Search Settings\FF\components\IFBHOSearch.xpt
d:\program files\Search Settings\FF\components\IFBHOSearchHelperEngine.xpt
d:\program files\Search Settings\FF\components\IFHelperPreferences.xpt
d:\program files\Search Settings\FF\components\SearchSettingsFF.dll
d:\program files\Search Settings\FF\install.rdf
d:\program files\Search Settings\SearchSettings.dll
d:\program files\Search Settings\SearchSettings.exe
d:\program files\Search Settings\SearchSettingsRes409.dll
d:\program files\VKSaver
d:\program files\VKSaver\Readme.txt
d:\program files\VKSaver\uninstall.exe
d:\program files\VKSaver\VKSaverUI.exe
d:\program files\VKSaver\VKSaverUpdater.exe
d:\programdata\Microsoft\Network\Downloader\qmgr0.dat
d:\programdata\Microsoft\Network\Downloader\qmgr1.dat
d:\programdata\Microsoft\Windows\Start Menu\Programs\VKSaver
d:\programdata\Microsoft\Windows\Start Menu\Programs\VKSaver\Readme.txt.lnk
d:\programdata\Microsoft\Windows\Start Menu\Programs\VKSaver\Uninstall.lnk
d:\programdata\Microsoft\Windows\Start Menu\Programs\VKSaver\VKSaver.lnk
d:\users\Dima\AppData\Roaming\chrtmp
d:\users\Dima\AppData\Roaming\Xeavta\baeli.exe
d:\windows\7Loader.TAG
d:\windows\system32\scvideo.dll
d:\windows\system32\vksaver.dll.vir

----- BITS: Eventuell infizierte Webseiten -----

hxxp://soft.export.yandex.ru
Infizierte Kopie von d:\windows\system32\drivers\nvstor32.sys wurde gefunden und desinfiziert 
Kopie von - Kitty had a snack :p wurde wiederhergestellt 
.
(((((((((((((((((((((((   Dateien erstellt von 2010-07-27 bis 2010-08-27  ))))))))))))))))))))))))))))))
.

2010-08-25 13:43 . 2010-08-25 13:43    126976    ----a-w-    d:\users\Default\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\StartUp\exog.exe
2010-08-22 12:25 . 2010-08-22 12:25    --------    d-----w-    d:\users\Dima\AppData\Roaming\DVDVideoSoftIEHelpers
2010-08-22 12:25 . 2010-08-22 12:25    --------    d-----w-    d:\program files\DVDVideoSoft
2010-08-17 16:53 . 2010-08-17 16:53    --------    d-----w-    d:\program files\Microsoft Silverlight
2010-08-17 16:27 . 2010-08-17 16:27    --------    d-----w-    d:\program files\Halycon Media
2010-08-15 20:56 . 2010-08-15 20:56    1    ----a-w-    d:\windows\system32\SI.bin
2010-08-13 14:34 . 2010-08-13 14:34    1791    ----a-w-    d:\users\Dima\AppData\Roaming\.purple\certificates\x509\tls_peers\bos.oscar.aol.com
2010-08-13 14:34 . 2010-08-13 14:34    1779    ----a-w-    d:\users\Dima\AppData\Roaming\.purple\certificates\x509\tls_peers\api.oscar.aol.com
2010-08-13 14:34 . 2010-08-13 14:34    1691    ----a-w-    d:\users\Dima\AppData\Roaming\.purple\certificates\x509\tls_peers\api.screenname.aol.com
2010-08-07 16:46 . 2010-08-07 16:46    79256    ----a-r-    d:\users\Dima\AppData\Roaming\Microsoft\Installer\{652F3200-5E12-4CAD-BA2E-88EFE0113BCD}\UsersGuide_CAFE62D54E534DE1A75D0E8D057FA709.exe
2010-08-07 16:46 . 2010-08-07 16:46    79256    ----a-r-    d:\users\Dima\AppData\Roaming\Microsoft\Installer\{652F3200-5E12-4CAD-BA2E-88EFE0113BCD}\NewShortcut2_F1AD8C9A37F84A18ADCD99FB67588A13.exe
2010-08-07 16:46 . 2010-08-07 16:46    79256    ----a-r-    d:\users\Dima\AppData\Roaming\Microsoft\Installer\{652F3200-5E12-4CAD-BA2E-88EFE0113BCD}\NewShortcut1_63DEE96284054F8694636FE381A5574C.exe
2010-08-07 16:46 . 2010-08-07 16:46    46488    ----a-r-    d:\users\Dima\AppData\Roaming\Microsoft\Installer\{652F3200-5E12-4CAD-BA2E-88EFE0113BCD}\ARPPRODUCTICON.exe
2010-08-07 16:46 . 2010-08-07 16:46    --------    d-----w-    d:\program files\AMD
2010-08-07 16:42 . 2010-08-07 16:42    --------    d-----w-    d:\program files\CPUID
2010-08-07 16:42 . 2010-07-09 11:18    20328    ----a-w-    d:\windows\system32\drivers\cpuz134_x32.sys
2010-08-07 16:27 . 2010-08-07 16:27    --------    d-----w-    d:\program files\Lavalys
2010-08-06 18:21 . 2010-08-06 18:21    --------    d-----w-    d:\program files\Scratch
2010-08-04 11:47 . 2010-08-04 11:47    --------    d-----w-    d:\program files\TechSmith
2010-08-02 08:31 . 2010-08-02 08:31    --------    d-----w-    d:\windows\Sun
2010-07-31 14:19 . 2010-07-31 14:19    47364    ----a-w-    d:\programdata\Blizzard Entertainment\Battle.net\Cache\Download\Scan.dll

.
((((((((((((((((((((((((((((((((((((   Find3M Bericht   ))))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-08-27 17:42 . 2010-06-07 19:25    --------    d-----w-    d:\users\Dima\AppData\Roaming\Xeavta
2010-08-27 17:39 . 2009-07-14 08:47    648814    ----a-w-    d:\windows\system32\perfh007.dat
2010-08-27 17:39 . 2009-07-14 08:47    127914    ----a-w-    d:\windows\system32\perfc007.dat
2010-08-27 16:02 . 2010-05-08 18:46    --------    d-----w-    d:\users\Dima\AppData\Roaming\uTorrent
2010-08-26 15:40 . 2010-03-31 04:52    --------    d-----w-    d:\users\Dima\AppData\Roaming\Ymyz
2010-08-26 14:24 . 2010-01-17 10:34    --------    d-----w-    d:\users\Dima\AppData\Roaming\Skype
2010-08-26 14:22 . 2010-04-23 10:45    --------    d-----w-    d:\users\Dima\AppData\Roaming\skypePM
2010-08-25 14:58 . 2010-03-12 17:48    --------    d-----w-    d:\program files\Mozilla Thunderbird
2010-08-23 15:20 . 2010-01-18 15:49    --------    d-----w-    d:\users\Dima\AppData\Roaming\ICQ
2010-08-22 12:25 . 2010-01-17 13:27    --------    d-----w-    d:\program files\Common Files\DVDVideoSoft
2010-08-22 12:13 . 2010-01-17 18:12    113048    ----a-w-    d:\users\Dima\AppData\Local\GDIPFONTCACHEV1.DAT
2010-08-22 10:13 . 2010-02-09 18:17    --------    d-----w-    d:\programdata\Microsoft Help
2010-08-21 11:23 . 2010-01-19 15:19    --------    d-----w-    d:\users\Dima\AppData\Roaming\FileZilla
2010-08-15 21:08 . 2010-01-17 18:05    --------    d--h--w-    d:\program files\InstallShield Installation Information
2010-08-15 20:55 . 2010-01-17 18:05    --------    d-----w-    d:\program files\Common Files\InstallShield
2010-08-13 14:57 . 2010-06-28 11:13    --------    d-----w-    d:\users\Dima\AppData\Roaming\.purple
2010-08-13 08:56 . 2010-04-18 10:07    214592    ----a-w-    d:\windows\system32\PnkBstrB.exe
2010-08-13 08:49 . 2010-04-18 10:07    138968    ----a-w-    d:\windows\system32\drivers\PnkBstrK.sys
2010-08-07 16:28 . 2010-03-31 08:55    --------    d-----w-    d:\users\Dima\AppData\Roaming\LG Electronics
2010-08-07 15:53 . 2010-06-22 19:33    --------    d-----w-    d:\program files\Bonjour
2010-08-07 14:45 . 2010-03-20 18:50    165232    ---ha-w-    d:\users\Dima\AppData\Roaming\Microsoft\Virtual PC\VPCKeyboard.dll
2010-08-07 12:59 . 2010-05-14 21:52    --------    d-----w-    d:\program files\Ask.com
2010-08-07 12:31 . 2010-06-10 19:43    --------    d-----w-    d:\users\Dima\AppData\Roaming\Yandex
2010-08-05 04:41 . 2010-02-03 15:20    --------    d-----w-    d:\programdata\TrackMania
2010-08-04 11:48 . 2010-04-20 10:28    --------    d-----w-    d:\programdata\TechSmith
2010-07-31 14:19 . 2010-05-05 13:33    --------    d-----w-    d:\programdata\Blizzard Entertainment
2010-07-31 14:11 . 2010-05-05 13:49    --------    d-----w-    d:\program files\Common Files\Blizzard Entertainment
2010-07-27 10:58 . 2010-07-27 10:39    --------    d-----w-    d:\users\Dima\AppData\Roaming\AllDup
2010-07-27 10:39 . 2010-07-27 10:39    --------    d-----w-    d:\program files\AllDup
2010-07-27 10:39 . 2010-07-27 10:39    --------    d-----w-    d:\programdata\AllDup
2010-07-26 10:29 . 2010-07-26 10:29    --------    d-----w-    d:\program files\iPod
2010-07-26 10:29 . 2010-03-27 03:38    --------    d-----w-    d:\program files\Common Files\Apple
2010-07-26 10:29 . 2010-02-21 19:19    --------    d-----w-    d:\programdata\Apple Computer
2010-07-26 10:25 . 2010-07-26 10:25    73000    ----a-w-    d:\programdata\Apple Computer\Installer Cache\iTunes 9.2.1.5\SetupAdmin.exe
2010-07-25 20:29 . 2009-07-14 04:52    --------    d-----w-    d:\program files\Microsoft Games
2010-07-25 20:20 . 2010-02-21 19:02    --------    d-----w-    d:\program files\ICQ6Toolbar
2010-07-20 11:59 . 2010-07-20 11:59    --------    d-----w-    d:\users\Dima\AppData\Roaming\Ubisoft
2010-07-20 11:59 . 2010-07-20 11:59    --------    d-----w-    d:\programdata\Ubisoft
2010-07-08 17:59 . 2010-07-08 17:59    --------    d-----w-    d:\program files\eToolz
2010-07-01 20:18 . 2010-03-27 03:46    --------    d-----w-    d:\users\Dima\AppData\Roaming\Apple Computer
2010-07-01 18:40 . 2010-07-01 18:40    0    ---ha-w-    d:\windows\system32\drivers\Msft_User_WpdRapi2_01_00_00.Wdf
2010-06-16 21:12 . 2010-06-16 21:12    34    ---ha-w-    d:\windows\system32\Converter_sysquict.dat
2010-06-14 05:58 . 2010-06-14 05:58    139152    ----a-w-    d:\users\Dima\AppData\Roaming\PnkBstrK.sys
2010-06-14 05:58 . 2010-06-14 05:58    139152    ----a-w-    d:\users\Dima\AppData\Roaming\PnkBstrK.sys
2010-06-14 05:57 . 2010-06-14 05:57    794408    ----a-w-    d:\windows\system32\pbsvc.exe
2010-06-14 05:57 . 2010-04-18 10:06    75064    ----a-w-    d:\windows\system32\PnkBstrA.exe
2009-06-10 21:26 . 2009-07-14 02:04    9633792    --sha-r-    d:\windows\Fonts\StaticCache.dat
2009-07-14 01:14 . 2009-07-13 23:42    396800    --sha-w-    d:\windows\winsxs\x86_microsoft-windows-mail-app_31bf3856ad364e35_6.1.7600.16385_none_f12e83abb108c86c\WinMail.exe
.

((((((((((((((((((((((((((((   Autostartpunkte der Registrierung   ))))))))))))))))))))))))))))))))))))))))
.
.
*Hinweis* leere Einträge & legitime Standardeinträge werden nicht angezeigt. 
REGEDIT4

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{B4F3A835-0E21-4959-BA22-42B3008E02FF}]
2009-11-03 20:12    556432    ----a-w-    d:\progra~1\Microsoft Office\Office14\URLREDIR.DLL

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Sidebar"="d:\program files\Windows Sidebar\sidebar.exe" [2009-07-14 1173504]
"LightScribe Control Panel"="d:\program files\Common Files\LightScribe\LightScribeControlPanel.exe" [2008-06-09 2363392]
"QIP Internet Guardian"="d:\users\Dima\AppData\Roaming\QipGuard\QipGuard.exe" [2010-02-18 181712]
"Google Update"="d:\users\Dima\AppData\Local\Google\Update\GoogleUpdate.exe" [2010-03-26 136176]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"NvCplDaemon"="d:\windows\system32\NvCpl.dll" [2009-06-26 13789728]
"AdobeCS4ServiceManager"="d:\program files\Common Files\Adobe\CS4ServiceManager\CS4ServiceManager.exe" [2008-08-14 611712]
"BCSSync"="d:\program files\Microsoft Office\Office14\BCSSync.exe" [2009-09-26 83312]
"LogMeIn Hamachi Ui"="d:\program files\LogMeIn Hamachi\hamachi-2-ui.exe" [2010-03-30 1820040]
"avgnt"="d:\program files\Avira\AntiVir Desktop\avgnt.exe" [2010-03-02 282792]
"SunJavaUpdateSched"="d:\program files\Common Files\Java\Java Update\jusched.exe" [2010-02-18 248040]
"QuickTime Task"="d:\program files\QuickTime Alternative\QTTask.exe" [2010-03-18 421888]
"Windows Mobile Device Center"="d:\windows\WindowsMobile\wmdc.exe" [2007-05-31 648072]
"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2010-07-21 141608]

d:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
hpoddt01.exe.lnk - d:\program files\Hewlett-Packard\Digital Imaging\bin\hpotdd01.exe [2002-12-2 40960]

d:\users\Default User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
exog.exe [2010-8-25 126976]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"EnableUIADesktopToggle"= 0 (0x0)
"ConsentPromptBehaviorAdmin"= 0 (0x0)
"ConsentPromptBehaviorUser"= 0 (0x0)

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\explorer]
"NoResolveTrack"= 1 (0x1)
"NoFileAssociate"= 0 (0x0)

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"aux"=wdmaud.drv

R2 AODService;AODService;d:\program files\AMD\OverDrive\AODAssist.exe [2010-07-01 136616]
R2 ICQ Service;ICQ Service;d:\program files\ICQ6Toolbar\ICQ Service.exe [2010-04-12 246520]
R3 DfSdkS;Defragmentation-Service;d:\program files\Ashampoo\Ashampoo WinOptimizer 2010 CBE\Dfsdks.exe [2009-08-24 406016]
R3 FlashUSB;FlashUSB;d:\windows\system32\DRIVERS\FlashUSB.sys [2009-05-12 16896]
R3 Microsoft SharePoint Workspace Audit Service;Microsoft SharePoint Workspace Audit Service;d:\program files\Microsoft Office\Office14\GROOVE.EXE [2009-10-29 30603640]
R3 osppsvc;Office Software Protection Platform;d:\program files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE [2009-09-26 4639136]
R3 XDva349;XDva349;d:\windows\system32\XDva349.sys [x]
R4 sptd;sptd;d:\windows\System32\Drivers\sptd.sys [2010-03-20 691696]
S1 vwififlt;Virtual WiFi Filter Driver;d:\windows\system32\DRIVERS\vwififlt.sys [2009-07-13 48128]
S2 AntiVirSchedulerService;Avira AntiVir Planer;d:\program files\Avira\AntiVir Desktop\sched.exe [2010-02-24 135336]
S2 Application Updater;Application Updater;d:\program files\Application Updater\ApplicationUpdater.exe [2010-01-07 380928]
S2 CGVPNCliSrvc;CyberGhost VPN Client;c:\program files\S.A.D\CyberGhost VPN\CGVPNCliService.exe [2010-05-11 2398344]
S2 cpuz134;cpuz134;d:\windows\system32\drivers\cpuz134_x32.sys [2010-07-09 20328]
S2 Hamachi2Svc;LogMeIn Hamachi 2.0 Tunneling Engine;d:\program files\LogMeIn Hamachi\hamachi-2.exe [2010-03-30 1107336]
S3 LgBttPort;LGE Bluetooth TransPort;d:\windows\system32\DRIVERS\lgbtport.sys [2009-09-29 12160]
S3 lgbusenum;LG Bluetooth Bus Enumerator;d:\windows\system32\DRIVERS\lgbtbus.sys [2009-09-29 10496]
S3 ManyCam;ManyCam Virtual Webcam, WDM Video Capture Driver;d:\windows\system32\DRIVERS\ManyCam.sys [2008-01-14 21632]
S3 Ph3xIB32;Philips 713x Inbox PCI TV Card;d:\windows\system32\DRIVERS\Ph3xIB32.sys [2009-07-13 1311232]


--- Andere Dienste/Treiber im Speicher ---

*NewlyCreated* - AODDRIVER2
*Deregistered* - AODDriver2

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
WindowsMobile    REG_MULTI_SZ       wcescomm rapimgr
LocalServiceRestricted    REG_MULTI_SZ       WcesComm RapiMgr

[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{10880D85-AAD9-4558-ABDC-2AB1552D831F}]
2008-06-09 09:14    451872    ----a-w-    d:\program files\Common Files\LightScribe\LSRunOnce.exe
.
Inhalt des "geplante Tasks" Ordners

2010-08-13 d:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-2966586250-2735057205-461943687-1001Core.job
- d:\users\Dima\AppData\Local\Google\Update\GoogleUpdate.exe [2010-03-26 10:03]

2010-08-26 d:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-2966586250-2735057205-461943687-1001UA.job
- d:\users\Dima\AppData\Local\Google\Update\GoogleUpdate.exe [2010-03-26 10:03]
.
.
------- Zusätzlicher Suchlauf -------
.
uStart Page = hxxp://start.icq.com/skins7/
uDefault_Search_URL = hxxp://search.qip.ru
uInternet Settings,ProxyOverride = *.local
uSearchAssistant = hxxp://search.qip.ru/ie
IE: An OneNote s&enden - /105
IE: Free YouTube to Mp3 Converter - d:\users\Dima\AppData\Roaming\DVDVideoSoftIEHelpers\youtubetomp3.htm
IE: Nach Microsoft E&xel exportieren - d:\progra~1\Microsoft Office\Office14\EXCEL.EXE/3000
FF - ProfilePath - d:\users\Dima\AppData\Roaming\Mozilla\Firefox\Profiles\1c71040j.default\
FF - prefs.js: browser.search.selectedEngine - ICQ Search
FF - prefs.js: browser.startup.homepage - hxxp://www.google.de/
FF - prefs.js: keyword.URL - hxxp://search.icq.com/search/afe_results.php?ch_id=skins7&tb_ver=2.0.0.2&q=
FF - component: d:\users\Dima\AppData\Roaming\Mozilla\Firefox\Profiles\1c71040j.default\extensions\{32a1fd71-835e-4b11-8e54-886fda0b4c89}\components\qippipe.dll
FF - plugin: c:\program files\iTunes\Mozilla Plugins\npitunes.dll
FF - plugin: d:\progra~1\Microsoft Office\Office14\NPAUTHZ.DLL
FF - plugin: d:\progra~1\Microsoft Office\Office14\NPSPWRAP.DLL
FF - plugin: d:\program files\Browser\Mozilla Firefox\plugins\np-mswmp.dll
FF - plugin: d:\program files\Java\jre6\bin\new_plugin\npdeployJava1.dll
FF - plugin: d:\users\Dima\AppData\Local\Google\Update\1.2.183.29\npGoogleOneClick8.dll
FF - plugin: d:\users\Dima\AppData\LocalLow\PowerChallenge\nppowerloader.dll

---- FIREFOX Richtlinien ----
FF - user.js: network.cookie.cookieBehavior - 0
FF - user.js: privacy.clearOnShutdown.cookies - false
FF - user.js: security.warn_viewing_mixed - false
FF - user.js: security.warn_viewing_mixed.show_once - false
FF - user.js: security.warn_submit_insecure - false
FF - user.js: security.warn_submit_insecure.show_once - false
d:\program files\Browser\Mozilla Firefox\greprefs\all.js - pref("ui.use_native_colors", true);
d:\program files\Browser\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.lu", true);
d:\program files\Browser\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.nu", true);
d:\program files\Browser\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.nz", true);
d:\program files\Browser\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgbaam7a8h", true); 
d:\program files\Browser\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgberp4a5d4ar", true); 
d:\program files\Browser\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--p1ai", true);
d:\program files\Browser\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgbayh7gpa", true);
d:\program files\Browser\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.tel", true);
d:\program files\Browser\Mozilla Firefox\greprefs\all.js - pref("network.auth.force-generic-ntlm", false);
d:\program files\Browser\Mozilla Firefox\greprefs\all.js - pref("network.proxy.type",                  5);
d:\program files\Browser\Mozilla Firefox\greprefs\all.js - pref("network.buffer.cache.count", 24);
d:\program files\Browser\Mozilla Firefox\greprefs\all.js - pref("network.buffer.cache.size",  4096);
d:\program files\Browser\Mozilla Firefox\greprefs\all.js - pref("dom.ipc.plugins.timeoutSecs", 45);
d:\program files\Browser\Mozilla Firefox\greprefs\all.js - pref("svg.smil.enabled", false);
d:\program files\Browser\Mozilla Firefox\greprefs\all.js - pref("accelerometer.enabled", true);
d:\program files\Browser\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.allow_unrestricted_renego_everywhere__temporarily_available_pref", true);
d:\program files\Browser\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.renego_unrestricted_hosts", "");
d:\program files\Browser\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.treat_unsafe_negotiation_as_broken", false);
d:\program files\Browser\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.require_safe_negotiation",  false);
d:\program files\Browser\Mozilla Firefox\defaults\pref\firefox.js - pref("extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.name", "chrome://browser/locale/browser.properties");
d:\program files\Browser\Mozilla Firefox\defaults\pref\firefox.js - pref("extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.description", "chrome://browser/locale/browser.properties");
d:\program files\Browser\Mozilla Firefox\defaults\pref\firefox.js - pref("plugins.update.notifyUser", false);
d:\program files\Browser\Mozilla Firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled.nptest.dll", true);
d:\program files\Browser\Mozilla Firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled.npswf32.dll", true);
d:\program files\Browser\Mozilla Firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled.npctrl.dll", true);
d:\program files\Browser\Mozilla Firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled.npqtplugin.dll", true);
d:\program files\Browser\Mozilla Firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled", false);
.
- - - - Entfernte verwaiste Registrierungseinträge - - - -

BHO-{01398B87-61AF-4FFB-9AB5-1A1C5FB39A9C} - d:\program files\Dealio Toolbar\IE\4.0.2\dealioToolbarIE.dll
Toolbar-{01398B87-61AF-4FFB-9AB5-1A1C5FB39A9C} - d:\program files\Dealio Toolbar\IE\4.0.2\dealioToolbarIE.dll
WebBrowser-{D4027C7F-154A-4066-A1AD-4243D8127440} - (no file)
HKCU-Run-RGSC - c:\program files\Rockstar Games\Rockstar Games Social Club\RGSCLauncher.exe
HKCU-Run-MSSMSGS - winaha32.rom
HKCU-Run-{0FFAA1B2-91EA-428B-B06A-8DDDB86C4D51} - d:\users\Dima\AppData\Roaming\Xeavta\baeli.exe
HKLM-Run-VKSaverUpdater - d:\program files\VKSaver\VKSaverUpdater.exe
AddRemove-Cross Fire_is1 - c:\program files\Z8Games\CrossFire\unins000.exe
AddRemove-Splitcam Toolbar - d:\program files\Splitcam Toolbar\UninstallToolbar.exe
AddRemove-VKSaver - d:\program files\VKSaver\uninstall.exe


.
--------------------- Gesperrte Registrierungsschluessel ---------------------

[HKEY_USERS\S-1-5-21-2966586250-2735057205-461943687-1001\Software\SecuROM\License information*]
"datasecu"=hex:0b,3e,75,cd,8a,66,ed,9e,79,67,7e,c7,e6,94,3c,30,9d,c1,fa,c6,23,
   90,be,5d,17,8a,48,19,06,3e,26,d6,df,00,fe,8c,1d,0f,4b,41,d5,09,7e,ca,92,c1,\
"rkeysecu"=hex:54,fa,05,e0,8a,4a,83,58,8b,4f,9a,e9,9d,0d,c9,5f

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
Zeit der Fertigstellung: 2010-08-27  19:45:43
ComboFix-quarantined-files.txt  2010-08-27 17:45

Vor Suchlauf: 1.575.710.720 Bytes frei
Nach Suchlauf: 1.531.355.136 Bytes frei

- - End Of File - - FC0B6ED15AE5FEA87DB681CE4B2BA49D

27.08.2010, 22:02

Swisstreasure

Moderator

Beiträge: 5694

#4 Malwarebytes Anti-Malware

Lade MBAM herunter, installiere es und wähle bei Reiter:

-> “Update“> “Suche nach Aktualisierungen“
-> “Einstellungen“> “Beende Internet Explorer während des Löschvorgangs“
-> “Scanner”> "Quickscan durchfuehren".

Wenn am Ende Infizierungen gefunden werden, diese anhaken und entfernen lassen. Starte dein Rechner neu

28.08.2010, 20:50

jomandima92

...neu hier

Themenstarter

Beiträge: 4

#5 So danke laut dem Programm wurden alle aktiven Viren gelöscht

und die Fehler kommen nicht mehr

29.08.2010, 08:17

Swisstreasure

Moderator

Beiträge: 5694

#6 Poste mir bitte das Log von malwarebytes.

29.08.2010, 09:57

jomandima92

...neu hier

Themenstarter

Beiträge: 4

#7 Hier bitte :

Code


Malwarebytes' Anti-Malware 1.46
www.malwarebytes.org

Datenbank Version: 4493

Windows 6.1.7600
Internet Explorer 8.0.7600.16385

27.08.2010 20:40:02
mbam-log-2010-08-27 (20-40-02).txt

Art des Suchlaufs: Quick-Scan
Durchsuchte Objekte: 137263
Laufzeit: 5 Minute(n), 42 Sekunde(n)

Infizierte Speicherprozesse: 0
Infizierte Speichermodule: 0
Infizierte Registrierungsschlüssel: 0
Infizierte Registrierungswerte: 0
Infizierte Dateiobjekte der Registrierung: 0
Infizierte Verzeichnisse: 0
Infizierte Dateien: 1

Infizierte Speicherprozesse:
(Keine bösartigen Objekte gefunden)

Infizierte Speichermodule:
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungsschlüssel:
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungswerte:
(Keine bösartigen Objekte gefunden)

Infizierte Dateiobjekte der Registrierung:
(Keine bösartigen Objekte gefunden)

Infizierte Verzeichnisse:
(Keine bösartigen Objekte gefunden)

Infizierte Dateien:
D:\Users\Dima\downloads\Defogger.exe (Trojan.Dropper) -> Quarantined and deleted successfully.

29.08.2010, 17:51

Swisstreasure

Moderator

Beiträge: 5694

#8 Schritt 1

Combofix deinstallieren

Bitte vor der folgenden Aktion wieder temporär Antivirus-Programm, evtl. vorhandenes Skript-Blocking (Norton) und Anti-Malware Programme deaktivieren.

Start => Ausführen (bei Vista (Windows-Taste + R) => dort reinschreiben Combo-Fix.exe /uninstall => Enter drücken - damit wird Combofix komplett entfernt und der Cache der Systemwiederherstellung geleert, damit auch daraus die Schädlinge verschwinden. Es wird ein neuer Systemwiederherstellungspunkt erstellt. Gleichzeitig setzt Combofix die Zeiteinstellungen wieder auf die Ursprungseinstellungen, und setzt die Systemeinstellungen wieder so zurück, dass Dateierweiterungen und Systemdateien versteckt sind, was Du bei Bedarf im Explorer unter Extras => Ordneroptionen aber wieder ändern bzw. Deinen persönlichen Vorlieben entsprechend anpassen kannst.

Schritt 2

ESET Online Scanner

Bitte während der Online-Scans evtl. vorhandene externe Festplatten einschalten! Bitte
während der Scans alle Hintergrundwächter (Anti-Virus-Programm, Firewall, Skriptblocking
und ähnliches) abstellen und nicht vergessen, alles hinterher wieder einzuschalten.

Anmerkung für Vista und Win7 User: Bitte den Browser unbedingt als Administrator starten.
• Dein Anti-Virus-Programm während des Scans deaktivieren.
• Button

drücken.Firefox-User: Bitte esetsmartinstaller_enu.exe downloaden.Das Firefox-Addon auf dem Desktop speichern und dann installieren.
• IE-User: müssen das Installieren eines ActiveX Elements erlauben.
• Setze den einen Hacken bei Yes, i accept the Terms of Use.
• Drücke den

Button.
• Warte bis die Komponenten herunter geladen wurden.
• Setze einen Haken bei "Remove found threads" und "Scan archives".•

drücken.
• Die Signaturen werden herunter geladen.Der Scan beginnt automatisch.
Wenn der Scan beendet wurde

• Klicke Finish.• Browser schließen.
• Explorer öffnen.
• C:\Programme\Eset\EsetOnlineScanner\log.txt suchen und mit Deinem Editor öffnen.
• Logfile hier posten.

Um auf dieses Thema zu ANTWORTEN
bitte erst » hier kostenlos registrieren!!

Folgende Themen könnten Dich auch interessieren:

Seite(n): 1