Hi!
I got the system check malware on a Laptop from a friend of mine with Win Vista.
It appears, that all files were marked as "hidden" and that in the trojan appears in the auto boot. Hence, at every start of windows a lot of fake messages appeared.
Thus, I deactivated the (random) .exe in the auto boot which came from the trojan and restarted (otherwise the scan would not work, since the laptop is relatively old...). Then I followed your instructions. Disclosed you find the log-files.
Thanks in advance for helping me!
steinson
Malwarebytes Anti-Malware (Trial) 1.60.0.1800
www.malwarebytes.org
Database version: v2012.01.30.03
Windows Vista Service Pack 2 x86 NTFS
Internet Explorer 8.0.6001.19170
- :: MOBILE [administrator]
Protection: Enabled
31.01.2012 09:45:43
mbam-log-2012-01-31 (09-45-43).txt
Scan type: Full scan
Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM
Scan options disabled: P2P
Objects scanned: 407221
Time elapsed: 2 hour(s), 36 minute(s), 41 second(s)
Memory Processes Detected: 0
(No malicious items detected)
Memory Modules Detected: 0
(No malicious items detected)
Registry Keys Detected: 1
HKLM\SYSTEM\CurrentControlSet\Services\tdx (Trojan.FakeAlert) -> Quarantined and deleted successfully.
Registry Values Detected: 0
(No malicious items detected)
Registry Data Items Detected: 0
(No malicious items detected)
Folders Detected: 0
(No malicious items detected)
Files Detected: 8
C:\WINDOWS\System32\drivers\tdx.sys (Trojan.FakeAlert) -> Quarantined and deleted successfully.
C:\ProgramData\sfiGOoTHfvbW.exe (Trojan.FakeMS) -> Quarantined and deleted successfully.
C:\Users\-\AppData\Local\Temp\oleda0.99876541177765.exe (Trojan.Downloader.lb) -> Quarantined and deleted successfully.
C:\Users\-\AppData\Local\Temp\C60D.tmp (Trojan.Agent) -> Quarantined and deleted successfully.
C:\Users\-\AppData\Local\Temp\ZFGDGu3qodcrKe.exe.tmp (Trojan.FakeMS) -> Quarantined and deleted successfully.
C:\Users\-\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\6\29e36f06-3b3105bf (Trojan.Downloader.lb) -> Quarantined and deleted successfully.
C:\Users\-\AppData\Roaming\ScanDisc.exe (Trojan.Agent) -> Quarantined and deleted successfully.
C:\WINDOWS\winsxs\x86_microsoft-windows-tdi-over-tcpip_31bf3856ad364e35_6.0.6002.18005_none_ec294157d9377403\tdx.sys (Trojan.FakeAlert) -> Quarantined and deleted successfully.
(end)
GMER 1.0.15.15641 - http://www.gmer.net
Rootkit scan 2012-02-01 10:54:11
Windows 6.0.6002 Service Pack 2 Harddisk0\DR0 -> \Device\Ide\IdeDeviceP1T0L0-2 FUJITSU_MHW2120BH rev.8918
Running: uw3b8evb.exe; Driver: C:\Users\-\AppData\Local\Temp\pxldypod.sys
---- System - GMER 1.0.15 ----
SSDT 88C86BFE ZwCreateSection
SSDT 88C86C08 ZwRequestWaitReplyPort
SSDT 88C86C03 ZwSetContextThread
SSDT 88C86C0D ZwSetSecurityObject
SSDT 88C86C12 ZwSystemDebugControl
SSDT 88C86B9F ZwTerminateProcess
---- Kernel code sections - GMER 1.0.15 ----
.text ntkrnlpa.exe!KeSetEvent + 215 824C4998 4 Bytes [FE, 6B, C8, 88]
.text ntkrnlpa.exe!KeSetEvent + 539 824C4CBC 4 Bytes [08, 6C, C8, 88] {OR [EAX+ECX*8-0x78], CH}
.text ntkrnlpa.exe!KeSetEvent + 56D 824C4CF0 4 Bytes [03, 6C, C8, 88] {ADD EBP, [EAX+ECX*8-0x78]}
.text ntkrnlpa.exe!KeSetEvent + 5D1 824C4D54 4 Bytes [0D, 6C, C8, 88]
.text ntkrnlpa.exe!KeSetEvent + 619 824C4D9C 4 Bytes [12, 6C, C8, 88] {ADC CH, [EAX+ECX*8-0x78]}
.text ...
---- User IAT/EAT - GMER 1.0.15 ----
IAT C:\Windows\Explorer.EXE[320] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdiplusShutdown] [746C7817] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6002.18342_none_9e54f8aaca13c773\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT C:\Windows\Explorer.EXE[320] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipCloneImage] [7471A86D] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6002.18342_none_9e54f8aaca13c773\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT C:\Windows\Explorer.EXE[320] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipDrawImageRectI] [746CBB22] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6002.18342_none_9e54f8aaca13c773\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT C:\Windows\Explorer.EXE[320] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipSetInterpolationMode] [746BF695] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6002.18342_none_9e54f8aaca13c773\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT C:\Windows\Explorer.EXE[320] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdiplusStartup] [746C75E9] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6002.18342_none_9e54f8aaca13c773\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT C:\Windows\Explorer.EXE[320] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipCreateFromHDC] [746BE7CA] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6002.18342_none_9e54f8aaca13c773\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT C:\Windows\Explorer.EXE[320] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipCreateBitmapFromStreamICM] [746F8395] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6002.18342_none_9e54f8aaca13c773\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT C:\Windows\Explorer.EXE[320] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipCreateBitmapFromStream] [746CDA60] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6002.18342_none_9e54f8aaca13c773\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT C:\Windows\Explorer.EXE[320] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipGetImageHeight] [746BFFFA] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6002.18342_none_9e54f8aaca13c773\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT C:\Windows\Explorer.EXE[320] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipGetImageWidth] [746BFF61] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6002.18342_none_9e54f8aaca13c773\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT C:\Windows\Explorer.EXE[320] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipDisposeImage] [746B71CF] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6002.18342_none_9e54f8aaca13c773\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT C:\Windows\Explorer.EXE[320] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipLoadImageFromFileICM] [7474CAE2] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6002.18342_none_9e54f8aaca13c773\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT C:\Windows\Explorer.EXE[320] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipLoadImageFromFile] [746EC8D8] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6002.18342_none_9e54f8aaca13c773\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT C:\Windows\Explorer.EXE[320] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipDeleteGraphics] [746BD968] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6002.18342_none_9e54f8aaca13c773\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT C:\Windows\Explorer.EXE[320] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipFree] [746B6853] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6002.18342_none_9e54f8aaca13c773\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT C:\Windows\Explorer.EXE[320] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipAlloc] [746B687E] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6002.18342_none_9e54f8aaca13c773\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT C:\Windows\Explorer.EXE[320] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipSetCompositingMode] [746C2AD1] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6002.18342_none_9e54f8aaca13c773\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
---- Devices - GMER 1.0.15 ----
AttachedDevice \Driver\kbdclass \Device\KeyboardClass0 Wdf01000.sys (WDF Dynamic/Microsoft Corporation)
---- Registry - GMER 1.0.15 ----
Reg HKLM\SYSTEM\CurrentControlSet\Services\BTHPORT\Parameters\Keys\0016411f4768
Reg HKLM\SYSTEM\CurrentControlSet\Services\BTHPORT\Parameters\Keys\001a6b004c1b
Reg HKLM\SYSTEM\CurrentControlSet\Services\BTHPORT\Parameters\Keys\001a6b2da1b3
Reg HKLM\SYSTEM\CurrentControlSet\Services\BTHPORT\Parameters\Keys\001a6b2da1b3@001a1651965f 0x92 0xC0 0x6B 0xB2 ...
Reg HKLM\SYSTEM\ControlSet003\Services\BTHPORT\Parameters\Keys\0016411f4768 (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet003\Services\BTHPORT\Parameters\Keys\001a6b004c1b (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet003\Services\BTHPORT\Parameters\Keys\001a6b2da1b3 (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet003\Services\BTHPORT\Parameters\Keys\001a6b2da1b3@001a1651965f 0x92 0xC0 0x6B 0xB2 ...
---- Files - GMER 1.0.15 ----
File C:\WINDOWS\$NtUninstallKB315$\3117660392 0 bytes
File C:\WINDOWS\$NtUninstallKB315$\3117660392\@ 2048 bytes
File C:\WINDOWS\$NtUninstallKB315$\3117660392\bckfg.tmp 854 bytes
File C:\WINDOWS\$NtUninstallKB315$\3117660392\cfg.ini 335 bytes
File C:\WINDOWS\$NtUninstallKB315$\3117660392\Desktop.ini 4608 bytes
File C:\WINDOWS\$NtUninstallKB315$\3117660392\keywords 0 bytes
File C:\WINDOWS\$NtUninstallKB315$\3117660392\kwrd.dll 223744 bytes
File C:\WINDOWS\$NtUninstallKB315$\3117660392\L 0 bytes
File C:\WINDOWS\$NtUninstallKB315$\3117660392\L\vhtmwbun 72192 bytes
File C:\WINDOWS\$NtUninstallKB315$\3117660392\U 0 bytes
File C:\WINDOWS\$NtUninstallKB315$\3117660392\U\00000001.@ 2048 bytes
File C:\WINDOWS\$NtUninstallKB315$\3117660392\U\00000002.@ 224768 bytes
File C:\WINDOWS\$NtUninstallKB315$\3117660392\U\00000004.@ 1024 bytes
File C:\WINDOWS\$NtUninstallKB315$\3117660392\U\80000000.@ 11264 bytes
File C:\WINDOWS\$NtUninstallKB315$\3117660392\U\80000004.@ 12800 bytes
File C:\WINDOWS\$NtUninstallKB315$\3117660392\U\80000032.@ 73216 bytes
File C:\WINDOWS\$NtUninstallKB315$\3117660392\version 858 bytes
File C:\WINDOWS\$NtUninstallKB315$\473084469 0 bytes
---- EOF - GMER 1.0.15 ----
.
DDS (Ver_2011-08-26.01) - NTFSx86
Internet Explorer: 8.0.6001.19170 BrowserJavaVersion: 1.6.0_29
Run by - at 10:55:17 on 2012-02-01
Microsoft® Windows Vista™ Business 6.0.6002.2.1252.49.1033.18.1015.197 [GMT 1:00]
.
AV: Avira Desktop *Enabled/Updated* {F67B4DE5-C0B4-6C3F-0EFF-6C83BD5D0C2C}
SP: Avira Desktop *Enabled/Updated* {4D1AAC01-E68E-63B1-344F-57F1C6DA4691}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
============== Running Processes ===============
.
C:\Windows\system32\wininit.exe
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\System32\svchost.exe -k Cognizance
C:\Windows\system32\svchost.exe -k rpcss
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\svchost.exe -k GPSvcGroup
C:\Windows\system32\SLsvc.exe
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\System32\spoolsv.exe
C:\Program Files\Avira\AntiVir Desktop\sched.exe
C:\Windows\system32\Dwm.exe
c:\Program Files\Hewlett-Packard\IAM\bin\asghost.exe
C:\Windows\Explorer.EXE
C:\WINDOWS\System32\igfxtray.exe
C:\WINDOWS\System32\hkcmd.exe
C:\WINDOWS\System32\igfxpers.exe
C:\Program Files\Hewlett-Packard\HP ProtectTools Security Manager\PTHosttr.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files\Hewlett-Packard\HP Wireless Assistant\WiFiMsg.exe
C:\Program Files\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe
C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\QLBCTRL.exe
C:\Program Files\MsOffice12\Office12\GrooveMonitor.exe
C:\Program Files\Common Files\Java\Java Update\jusched.exe
C:\Program Files\Avira\AntiVir Desktop\avgnt.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe
C:\WINDOWS\System32\spool\drivers\w32x86\3\E_FATICCE.EXE
C:\Program Files\Common Files\InstallShield\UpdateService\ISUSPM.exe
C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe
C:\Windows\system32\taskeng.exe
C:\Program Files\Google\Update\1.3.21.79\GoogleCrashHandler.exe
C:\Windows\system32\agrsmsvc.exe
C:\Program Files\Avira\AntiVir Desktop\avguard.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Windows\system32\svchost.exe -k bthsvcs
C:\Windows\system32\svchost.exe -k NetworkService
C:\Program Files\Cisco Systems\VPN Client\cvpnd.exe
C:\Windows\System32\svchost.exe -k LocalServiceNoNetwork
C:\Program Files\Common Files\LightScribe\LSSrvc.exe
C:\Program Files\Microsoft SQL Server\MSSQL.1\MSSQL\Binn\msftesql.exe
C:\Program Files\Microsoft SQL Server\MSSQL.1\MSSQL\Binn\sqlservr.exe
C:\Program Files\Microsoft\BingBar\SeaPort.EXE
C:\Program Files\Microsoft SQL Server\90\Shared\sqlbrowser.exe
C:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe
C:\Windows\system32\svchost.exe -k imgsvc
C:\Program Files\TeamViewer\Version5\TeamViewer_Service.exe
C:\Windows\System32\svchost.exe -k WerSvcGroup
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
C:\Windows\system32\SearchIndexer.exe
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
C:\Program Files\Hewlett-Packard\Shared\hpqwmiex.exe
C:\Program Files\Avira\AntiVir Desktop\avshadow.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\PROGRA~1\HEWLET~1\Shared\HPQTOA~1.EXE
C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
C:\Program Files\Hewlett-Packard\HP Health Check\hphc_service.exe
C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe
C:\Windows\system32\wbem\unsecapp.exe
C:\Windows\system32\taskeng.exe
C:\Windows\system32\conime.exe
C:\Windows\system32\wbem\wmiprvse.exe
.
============== Pseudo HJT Report ===============
.
mStart Page = hxxp://de.yahoo.com
mSearch Page =
uInternet Settings,ProxyOverride = *.local
uSearchURL,(Default) = hxxp://de.rd.yahoo.com/customize/ie/defaults/su/msgr8/*http://de.search.yahoo.com
uURLSearchHooks: ICQToolBar: {855f3b16-6d32-4fe6-8a56-bbb695989046} - c:\program files\icq6toolbar\ICQToolBar.dll
uURLSearchHooks: H - No File
BHO: {02478D38-C3F9-4efb-9B51-7695ECA05670} - No File
BHO: Adobe PDF Reader Link Helper: {06849e9f-c8d7-4d59-b87d-784b7d6be0b3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelper.dll
BHO: Groove GFS Browser Helper: {72853161-30c5-4d22-b7f9-0bbc1d38a37e} - c:\program files\msoffice12\office12\GrooveShellExtensions.dll
BHO: Windows Live ID Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - c:\program files\common files\microsoft shared\windows live\WindowsLiveLogin.dll
BHO: Google Toolbar Helper: {aa58ed58-01dd-4d91-8333-cf10577473f7} - c:\program files\google\googletoolbar2.dll
BHO: Skype Browser Helper: {ae805869-2e5c-4ed4-8f7b-f1f7851a4497} - c:\program files\skype\toolbars\internet explorer\skypeieplugin.dll
BHO: Bing Bar Helper: {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - "c:\program files\microsoft\bingbar\BingExt.dll"
BHO: Java(tm) Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll
BHO: Credential Manager for HP ProtectTools: {df21f1db-80c6-11d3-9483-b03d0ec10000} - c:\program files\hewlett-packard\iam\bin\ItIEAddIn.dll
BHO: Google Gears Helper: {e0fefe40-fbf9-42ae-ba58-794ca7e3fb53} - c:\program files\google\google gears\internet explorer\0.5.36.0\gears.dll
TB: &Google: {2318c2b1-4965-11d4-9b18-009027a5cd4f} - c:\program files\google\googletoolbar2.dll
TB: ICQToolBar: {855f3b16-6d32-4fe6-8a56-bbb695989046} - c:\program files\icq6toolbar\ICQToolBar.dll
TB: {D4027C7F-154A-4066-A1AD-4243D8127440} - No File
TB: SciFinder Scholar Bar: {4e16a8fb-0521-46d1-aa2c-d0fc7abf6af9} - mscoree.dll
TB: Bing Bar: {8dcb7100-df86-4384-8842-8fa844297b3f} - "c:\program files\microsoft\bingbar\BingExt.dll"
TB: {21FA44EF-376D-4D53-9B0F-8A89D3229068} - No File
EB: ICQToolBar: {855f3b16-6d32-4fe6-8a56-bbb695989046} - c:\program files\icq6toolbar\ICQToolBar.dll
uRun: [EPSON Stylus D120 Series] c:\windows\system32\spool\drivers\w32x86\3\e_faticce.exe /fu "c:\users\-\appdata\local\temp\E_S79B1.tmp" /EF "HKCU"
uRun: [ISUSPM] "c:\program files\common files\installshield\updateservice\ISUSPM.exe" -scheduler
mRun: [IgfxTray] c:\windows\system32\igfxtray.exe
mRun: [HotKeysCmds] c:\windows\system32\hkcmd.exe
mRun: [Persistence] c:\windows\system32\igfxpers.exe
mRun: [PTHOSTTR] c:\program files\hewlett-packard\hp protecttools security manager\PTHOSTTR.EXE /Start
mRun: [SynTPEnh] c:\program files\synaptics\syntp\SynTPEnh.exe
mRun: [WAWifiMessage] %ProgramFiles%\Hewlett-Packard\HP Wireless Assistant\WiFiMsg.exe
mRun: [hpWirelessAssistant] %ProgramFiles%\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe
mRun: [HP Health Check Scheduler] c:\program files\hewlett-packard\hp health check\HPHC_Scheduler.exe
mRun: [QlbCtrl] %ProgramFiles%\Hewlett-Packard\HP Quick Launch Buttons\QlbCtrl.exe /Start
mRun: [CognizanceTS] rundll32.exe c:\progra~1\hewlet~1\iam\bin\ASTSVCC.dll,RegisterModule
mRun: [HP Software Update] c:\program files\hp\hp software update\HPWuSchd2.exe
mRun: [AppleSyncNotifier] c:\program files\common files\apple\mobile device support\AppleSyncNotifier.exe
mRun: [GrooveMonitor] "c:\program files\msoffice12\office12\GrooveMonitor.exe"
mRun: [APSDaemon] "c:\program files\common files\apple\apple application support\APSDaemon.exe"
mRun: [QuickTime Task] "c:\program files\quicktime\QTTask.exe" -atboottime
mRun: [SunJavaUpdateSched] "c:\program files\common files\java\java update\jusched.exe"
mRun: [avgnt] "c:\program files\avira\antivir desktop\avgnt.exe" /min
mRun: [iTunesHelper] "c:\program files\itunes\iTunesHelper.exe"
mRun: [Malwarebytes' Anti-Malware] "c:\program files\malwarebytes' anti-malware\mbamgui.exe" /starttray
StartupFolder: c:\users\-\appdata\roaming\micros~1\windows\startm~1\programs\startup\onenot~1.lnk - c:\program files\msoffice12\office12\ONENOTEM.EXE
StartupFolder: c:\progra~2\micros~1\windows\startm~1\programs\startup\bttray.lnk - c:\program files\widcomm\bluetooth software\BTTray.exe
StartupFolder: c:\progra~2\micros~1\windows\startm~1\programs\startup\newsho~1.lnk - c:\program files\usb_video_device\utility\remotetool\BDARemote.exe
StartupFolder: c:\progra~2\micros~1\windows\startm~1\programs\startup\vpncli~1.lnk - c:\windows\installer\{08b785c1-3893-4154-b53b-f5d341d0aaaa}\Icon3E5562ED7.ico
mPolicies-explorer: BindDirectlyToPropertySetStorage = 0 (0x0)
mPolicies-system: EnableUIADesktopToggle = 0 (0x0)
IE: Add to Google Photos Screensa&ver - c:\windows\system32\GPhotos.scr/200
IE: Nach Microsoft E&xel exportieren - c:\progra~1\msoffi~1\office12\EXCEL.EXE/3000
IE: Save YouTube Video as MP3 - c:\program files\common files\dvdvideosoft\dll\IEContextMenuY.dll/scriptY2MP3.htm
IE: Send image to &Bluetooth Device... - c:\program files\widcomm\bluetooth software\btsendto_ie_ctx.htm
IE: Send page to &Bluetooth Device... - c:\program files\widcomm\bluetooth software\btsendto_ie.htm
IE: {7578ADEA-D65F-4C89-A249-B1C88B6FFC20} - c:\program files\icq7.5\ICQ.exe
IE: {CCA281CA-C863-46ef-9331-5C8D4460577F} - c:\program files\widcomm\bluetooth software\btsendto_ie.htm
IE: {09C04DA7-5B76-4EBC-BBEE-B25EAC5965F5} - {0B4350D1-055F-47A3-B112-5F2F2B0D6F08} - c:\program files\google\google gears\internet explorer\0.5.36.0\gears.dll
IE: {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - {5F7B1267-94A9-47F5-98DB-E99415F33AEC} - c:\program files\windows live\writer\WriterBrowserExtension.dll
IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - c:\progra~1\msoffi~1\office12\ONBttnIE.dll
IE: {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - c:\program files\skype\toolbars\internet explorer\skypeieplugin.dll
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\msoffi~1\office12\REFIEBAR.DLL
LSP: mswsock.dll
DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} - hxxp://gfx2.hotmail.com/mail/w2/resources/VistaMSNPUpldde-de.cab
DPF: {79E0C1C0-316D-11D5-A72A-006097BFA1AC} - hxxp://esupport.epson-europe.com/selftest/de/Prg/ESTPTest.cab
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_29-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0000-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0002-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_02-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0003-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_03-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0005-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_05-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_07-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0029-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_29-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_29-windows-i586.cab
TCP: DhcpNameServer = 172.17.7.254
TCP: Interfaces\{120F3131-73C0-4BED-89D1-6E0AFF34328A} : DhcpNameServer = 192.168.1.1
TCP: Interfaces\{B6983C64-5A7E-48E1-B4E6-3E9C40E82CFE} : DhcpNameServer = 172.17.7.254
Handler: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - c:\program files\msoffice12\office12\GrooveSystemServices.dll
Handler: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - c:\program files\skype\toolbars\internet explorer\skypeieplugin.dll
Handler: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - c:\program files\windows live\photo gallery\AlbumDownloadProtocolHandler.dll
Notify: igfxcui - igfxdev.dll
SEH: Groove GFS Stub Execution Hook: {b5a7f190-dda6-4420-b3ba-52453494e6cd} - c:\program files\msoffice12\office12\GrooveShellExtensions.dll
LSA: Notification Packages = scecli ASWLNPkg
.
================= FIREFOX ===================
.
FF - ProfilePath - c:\users\-\appdata\roaming\mozilla\firefox\profiles\1xunj3qq.default\
FF - prefs.js: browser.startup.homepage - www.studivz.net
FF - component: c:\program files\common files\dvdvideosoft\dll\ffcontextmenuy\components\FFContextMenu.dll
FF - component: c:\program files\google\google gears\firefox\lib\ff36\gears.dll
FF - plugin: c:\program files\cambridgesoft\chemoffice2010\chem3d\npChem3DPlugin.dll
FF - plugin: c:\program files\cambridgesoft\chemoffice2010\chemdraw\NPCDP32.DLL
FF - plugin: c:\program files\divx\divx plus web player\npdivx32.dll
FF - plugin: c:\program files\google\picasa3\npPicasa3.dll
FF - plugin: c:\program files\google\update\1.3.21.79\npGoogleUpdate3.dll
FF - plugin: c:\program files\java\jre6\bin\new_plugin\npdeployJava1.dll
FF - plugin: c:\program files\microsoft silverlight\4.0.60831.0\npctrlui.dll
FF - plugin: c:\program files\mozilla firefox\plugins\npdeployJava1.dll
FF - plugin: c:\program files\mozilla firefox\plugins\npSfAppM.dll
FF - plugin: c:\program files\windows live\photo gallery\NPWLPG.dll
FF - plugin: c:\users\-\appdata\roaming\facebook\npfbplugin_1_0_3.dll
FF - plugin: c:\users\-\appdata\roaming\move networks\plugins\071803000001\npqmp071803000001.dll
.
============= SERVICES / DRIVERS ===============
.
R1 avkmgr;avkmgr;c:\windows\system32\drivers\avkmgr.sys [2011-11-26 36000]
R1 PersonalSecureDrive;PersonalSecureDrive;c:\windows\system32\drivers\psd.sys [2006-12-30 32000]
R2 avgntflt;avgntflt;c:\windows\system32\drivers\avgntflt.sys [2009-6-25 74640]
R3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [2012-1-30 20464]
.
=============== Created Last 30 ================
.
2012-01-30 09:25:49 -------- d-----w- c:\users\-\appdata\roaming\Malwarebytes
2012-01-30 09:25:38 -------- d-----w- c:\programdata\Malwarebytes
2012-01-30 09:25:36 20464 ----a-w- c:\windows\system32\drivers\mbam.sys
2012-01-30 09:25:36 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2012-01-27 17:34:23 288 ---ha-w- c:\users\-\appdata\roaming\372DCE54.reg
2012-01-27 17:06:52 -------- d-----w- c:\program files\iPod
2012-01-27 17:06:25 -------- d-----w- c:\program files\iTunes
2012-01-27 16:45:20 6557240 ----a-w- c:\programdata\microsoft\windows defender\definition updates\{b1c66e8a-c36b-4d77-8a3a-0be53e12c76f}\mpengine.dll
2012-01-19 16:47:12 -------- d--h--w- c:\users\-\appdata\local\{84DF0906-C790-4768-9C2B-2BED302D4F67}
2012-01-19 16:47:07 -------- d--h--w- c:\users\-\appdata\local\{361F1858-AF1A-4389-9AA7-6633F1CB56A4}
2012-01-18 17:26:51 440192 ----a-w- c:\windows\system32\drivers\ksecdd.sys
2012-01-18 17:26:51 278528 ----a-w- c:\windows\system32\schannel.dll
2012-01-18 17:26:50 72704 ----a-w- c:\windows\system32\secur32.dll
2012-01-18 17:26:50 377344 ----a-w- c:\windows\system32\winhttp.dll
2012-01-18 17:26:50 1259008 ----a-w- c:\windows\system32\lsasrv.dll
2012-01-18 17:26:49 9728 ----a-w- c:\windows\system32\lsass.exe
2012-01-17 19:44:29 -------- d--h--w- c:\users\-\appdata\local\{354A4C23-3911-4371-899D-DE20D2574000}
2012-01-17 19:44:18 -------- d--h--w- c:\users\-\appdata\local\{08678E77-2B6F-4744-85AA-FFF13E9EAB17}
2012-01-13 17:24:21 189952 ----a-w- c:\windows\system32\winmm.dll
2012-01-13 17:24:20 23552 ----a-w- c:\windows\system32\mciseq.dll
2012-01-13 17:23:52 1205064 ----a-w- c:\windows\system32\ntdll.dll
2012-01-13 17:23:35 66560 ----a-w- c:\windows\system32\packager.dll
2012-01-13 17:23:13 376320 ----a-w- c:\windows\system32\winsrv.dll
2012-01-13 17:22:58 2409784 ----a-w- c:\program files\windows mail\OESpamFilter.dat
2012-01-13 17:22:44 1314816 ----a-w- c:\windows\system32\quartz.dll
2012-01-13 17:22:43 497152 ----a-w- c:\windows\system32\qdvd.dll
2012-01-10 19:54:47 -------- d--h--w- c:\users\-\appdata\local\{99D2A15E-52AC-4F9B-BAE0-F98EC96D9B58}
2012-01-10 19:54:43 -------- d--h--w- c:\users\-\appdata\local\{934F61CF-849D-44F0-B4CF-7B4C97320B57}
2012-01-07 09:46:03 548864 ----a-w- c:\program files\mozilla firefox\msvcp80.dll
2012-01-07 09:46:03 479232 ----a-w- c:\program files\mozilla firefox\msvcm80.dll
2012-01-07 09:46:03 43992 ----a-w- c:\program files\mozilla firefox\mozutils.dll
2012-01-07 09:46:02 626688 ----a-w- c:\program files\mozilla firefox\msvcr80.dll
.
==================== Find3M ====================
.
2012-01-27 17:33:23 414368 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2011-12-07 09:08:58 236576 ------w- c:\windows\system32\MpSigStub.exe
2011-11-23 13:37:27 2043904 ----a-w- c:\windows\system32\win32k.sys
2011-11-08 14:42:19 2048 ----a-w- c:\windows\system32\tzres.dll
.
============= FINISH: 10:57:54,73 ===============
.
UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.
IF REQUESTED, ZIP IT UP & ATTACH IT
.
DDS (Ver_2011-08-26.01)
.
Microsoft® Windows Vista™ Business
Boot Device: \Device\HarddiskVolume1
Install Date: 22.05.2007 01:13:50
System Uptime: 01.02.2012 09:38:03 (1 hours ago)
.
Motherboard: Hewlett-Packard | | 30A2
Processor: Intel(R) Celeron(R) M CPU 440 @ 1.86GHz | U10 | 1862/133mhz
.
==== Disk Partitions =========================
.
C: is FIXED (NTFS) - 60 GiB total, 7,207 GiB free.
D: is FIXED (NTFS) - 40 GiB total, 26,693 GiB free.
E: is CDROM ()
F: is FIXED (NTFS) - 11 GiB total, 4,872 GiB free.
G: is FIXED (NTFS) - 2 GiB total, 1,29 GiB free.
.
==== Disabled Device Manager Items =============
.
Class GUID: {4d36e972-e325-11ce-bfc1-08002be10318}
Description: Cisco Systems VPN Adapter
Device ID: ROOT\NET\0000
Manufacturer: Cisco Systems
Name: Cisco Systems VPN Adapter
PNP Device ID: ROOT\NET\0000
Service: CVirtA
.
==== System Restore Points ===================
.
RP962: 30.01.2012 14:29:38 - Scheduled Checkpoint
RP963: 31.01.2012 13:04:56 - Scheduled Checkpoint
.
==== Installed Programs ======================
.
Update for Microsoft Office 2007 (KB2508958)
Adobe Flash Player 11 ActiveX
Adobe Flash Player 11 Plugin
Adobe Reader 8.1.3
Agere Systems HDA Modem
Apple Application Support
Apple Mobile Device Support
Apple Software Update
Application Installer 4.00.B10
ArcSoft ShowBiz DVD 2
ASL_HS_Installer32
Avira Free Antivirus
Bing Bar
Bonjour
CambridgeSoft Activation Client
CambridgeSoft BioAssay 12.0
CambridgeSoft ChemBioOffice Ultra 2010
CambridgeSoft ChemScript 12.0
CambridgeSoft Desktop Inventory 12.0
CambridgeSoft ENotebook 12.0.1
Camera RAW Plug-In for EPSON Creativity Suite
Cisco Systems VPN Client 5.0.06.0110
CorelDRAW Essential Edition 3
D3DX10
DE
DivX Plus Web Player
Dropbox
EPSON-Drucker-Software
EPSON Attach To Email
EPSON Easy Photo Print
EPSON File Manager
EPSON Scan Assistant
EPSON Stylus C110_D120 Handbuch
EPSON Stylus C90_91_D92 Handbuch
Essential System Updates for Microsoft Windows Vista
Express Burn
Express Rip
Facebook Plug-In
Force 2.0
Free YouTube to Mp3 Converter version 3.2
GIMP 2.4.1
Google Gears
Google SketchUp 6
Google Toolbar for Internet Explorer
Google Update Helper
Hewlett-Packard Active Check
Hewlett-Packard Asset Agent
HijackThis 2.0.2
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB953595)
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB958484)
HP Active Support Library
HP Backup and Recovery Manager Installer
HP BIOS Configuration for ProtectTools
HP Credential Manager for ProtectTools
HP Customer Experience Enhancements
HP Easy Setup - Core
HP Easy Setup - Frontend
HP Help and Support
HP Integrated Module with Bluetooth wireless technology 6.0.1.3100
HP MULTIPLE MODEM INSTALLER for VISTA
HP Notebook Accessories Product Tour
HP ProtectTools Security Manager 2.00 E4
HP Quick Launch Buttons 6.10 C1
HP Update
HP User Guide 0045
HP Wireless Assistant
iCloud
ICQ Toolbar
ICQ7.5
iDump (Freeware) Build:29
Intel(R) Graphics Media Accelerator Driver
InterVideo DVD Check
InterVideo WinDVD
iPod2PC 3.9.2
iTunes
Java Auto Updater
Java(TM) 6 Update 2
Java(TM) 6 Update 29
Java(TM) 6 Update 3
Java(TM) 6 Update 5
Java(TM) 6 Update 7
Java(TM) SE Runtime Environment 6
Junk Mail filter update
LightScribe 1.4.124.1
Malwarebytes Anti-Malware version 1.60.0.1800
MathType 6
MestReNova LITE 5.2.5-4731
Microsoft .NET Framework 1.1
Microsoft .NET Framework 1.1 Security Update (KB2656353)
Microsoft .NET Framework 1.1 Security Update (KB979906)
Microsoft .NET Framework 3.5 SP1
Microsoft .NET Framework 4 Client Profile
Microsoft Application Error Reporting
Microsoft Office 2007 Service Pack 2 (SP2)
Microsoft Office Access MUI (German) 2007
Microsoft Office Enterprise 2007
Microsoft Office Excel MUI (German) 2007
Microsoft Office File Validation Add-In
Microsoft Office Groove MUI (German) 2007
Microsoft Office InfoPath MUI (German) 2007
Microsoft Office OneNote MUI (German) 2007
Microsoft Office Outlook MUI (German) 2007
Microsoft Office PowerPoint MUI (German) 2007
Microsoft Office Proof (English) 2007
Microsoft Office Proof (French) 2007
Microsoft Office Proof (German) 2007
Microsoft Office Proof (Italian) 2007
Microsoft Office Proofing (German) 2007
Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
Microsoft Office Publisher MUI (German) 2007
Microsoft Office Shared MUI (German) 2007
Microsoft Office Word MUI (German) 2007
Microsoft Silverlight
Microsoft SQL Server 2005
Microsoft SQL Server 2005 (CSSQL05)
Microsoft SQL Server 2005 Compact Edition [ENU]
Microsoft SQL Server 2005 Tools
Microsoft SQL Server Native Client
Microsoft SQL Server Setup Support Files (English)
Microsoft SQL Server VSS Writer
Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
Microsoft Visual C++ 2005 Redistributable
Microsoft Visual C++ 2008 ATL Update kb973924 - x86 9.0.30729.4148
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219
MobileMe Control Panel
Move Media Player
Mozilla Firefox 9.0.1 (x86 de)
MSVCRT
MSXML 4.0 SP2 (KB936181)
MSXML 4.0 SP2 (KB941833)
MSXML 4.0 SP2 (KB954430)
MSXML 4.0 SP2 (KB973688)
Nur Deinstallierung der CopyTrans Suite möglich.
OpenOffice.org 3.0
Origin85
OriginPro 8.5G
Picasa 3
PLT for Windows V7.1
Python 2.5
QuickTime
Recordpad
Roxio Creator Audio
Roxio Creator Basic v9
Roxio Creator Copy
Roxio Creator Data
Roxio Creator Tools
Roxio Express Labeler 3
Roxio MyDVD Basic v9
Safari
SciFinder Scholar 2007
SciFinder Scholar Toolbar
Security Update for 2007 Microsoft Office System (KB2288621)
Security Update for 2007 Microsoft Office System (KB2288931)
Security Update for 2007 Microsoft Office System (KB2345043)
Security Update for 2007 Microsoft Office System (KB2553089)
Security Update for 2007 Microsoft Office System (KB2553090)
Security Update for 2007 Microsoft Office System (KB2584063)
Security Update for 2007 Microsoft Office System (KB969559)
Security Update for 2007 Microsoft Office System (KB976321)
Security Update for CAPICOM (KB931906)
Security Update for Microsoft .NET Framework 3.5 SP1 (KB2657424)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2446708)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2478663)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2518870)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2539636)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2572078)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2656351)
Security Update for Microsoft Office 2007 suites (KB2596785) 32-Bit Edition
Security Update for Microsoft Office Access 2007 (KB979440)
Security Update for Microsoft Office Groove 2007 (KB2552997)
Security Update for Microsoft Office InfoPath 2007 (KB2510061)
Security Update for Microsoft Office InfoPath 2007 (KB979441)
Security Update for Microsoft Office PowerPoint 2007 (KB2596764) 32-Bit Edition
Security Update for Microsoft Office PowerPoint 2007 (KB2596912) 32-Bit Edition
Security Update for Microsoft Office Publisher 2007 (KB2596705) 32-Bit Edition
Security Update for Microsoft Office system 2007 (972581)
Security Update for Microsoft Office system 2007 (KB974234)
Security Update for Microsoft Office Visio Viewer 2007 (KB973709)
Security Update for Microsoft Office Word 2007 (KB2344993)
Segoe UI
Shared Add-in Support Update for Microsoft .NET Framework 2.0 (KB908002)
Skype Click to Call
Skype™ 5.5
Sonic Activation Module
SoundMAX
SoundTap
Spelling Dictionaries Support For Adobe Reader 8
STARWARS: The Battle of Endor version 2.1
STATISTICA 8.0.725.0 CS
STATISTICA CambridgeSoft Integration
STATNOVAPDF (novaPDF Professional Server 5.4 printer)
Switch Uninstall
Synaptics Pointing Device Driver
TeamViewer 5
Texas Instruments PCIxx21/x515/xx12 drivers.
TIPCI
Uninstall 1.0.0.1
Update für Microsoft Office Excel 2007 Help (KB963678)
Update für Microsoft Office Outlook 2007 Help (KB963677)
Update für Microsoft Office Powerpoint 2007 Help (KB963669)
Update für Microsoft Office Word 2007 Help (KB963665)
Update for 2007 Microsoft Office System (KB967642)
Update for Microsoft .NET Framework 3.5 SP1 (KB963707)
Update for Microsoft .NET Framework 4 Client Profile (KB2468871)
Update for Microsoft .NET Framework 4 Client Profile (KB2533523)
Update for Microsoft Office 2007 suites (KB2596651) 32-Bit Edition
Update for Microsoft Office 2007 suites (KB2596686) 32-Bit Edition
Update for Microsoft Office 2007 suites (KB2596789) 32-Bit Edition
Update for Microsoft Office 2007 System (KB2539530)
Update for Microsoft Office Excel 2007 (KB2596596) 32-Bit Edition
Update for Microsoft Office OneNote 2007 (KB980729)
Update for Microsoft Office Outlook 2007 (KB2583910)
Update Manager
USB Audio/Video Driver
VC80CRTRedist - 8.0.50727.4053
VideoLAN VLC media player 0.8.6c
Vista Default Settings
WavePad Uninstall
Windows Live Communications Platform
Windows Live Essentials
Windows Live ID Sign-in Assistant
Windows Live Installer
Windows Live Mail
Windows Live Messenger
Windows Live MIME IFilter
Windows Live Movie Maker
Windows Live Photo Common
Windows Live Photo Gallery
Windows Live PIMT Platform
Windows Live SOXE
Windows Live SOXE Definitions
Windows Live Sync
Windows Live UX Platform
Windows Live UX Platform Language Pack
Windows Live Writer
Windows Live Writer Resources
Windows Media Player Firefox Plugin
WinRAR
WinZip 12.1
.
==== Event Viewer Messages From Past Week ========
.
30.01.2012 15:44:12, Error: Service Control Manager [7001] - The Network List Service service depends on the Network Location Awareness service which failed to start because of the following error: The dependency service or group failed to start.
30.01.2012 15:44:07, Error: Service Control Manager [7026] - The following boot-start or system-start driver(s) failed to load: AFD avipbb avkmgr CSC DfsC NetBIOS netbt nsiproxy PSched RasAcd rdbss Smb spldr ssmdrv tdx Wanarpv6
30.01.2012 15:44:07, Error: Service Control Manager [7001] - The Workstation service depends on the Network Store Interface Service service which failed to start because of the following error: The dependency service or group failed to start.
30.01.2012 15:44:07, Error: Service Control Manager [7001] - The WebDav Client Redirector Driver service depends on the Redirected Buffering Sub Sysytem service which failed to start because of the following error: A device attached to the system is not functioning.
30.01.2012 15:44:07, Error: Service Control Manager [7001] - The WebClient service depends on the WebDav Client Redirector Driver service which failed to start because of the following error: The dependency service or group failed to start.
30.01.2012 15:44:07, Error: Service Control Manager [7001] - The TCP/IP NetBIOS Helper service depends on the Ancilliary Function Driver for Winsock service which failed to start because of the following error: A device attached to the system is not functioning.
30.01.2012 15:44:07, Error: Service Control Manager [7001] - The SMB MiniRedirector Wrapper and Engine service depends on the Redirected Buffering Sub Sysytem service which failed to start because of the following error: A device attached to the system is not functioning.
30.01.2012 15:44:07, Error: Service Control Manager [7001] - The SMB 2.0 MiniRedirector service depends on the SMB MiniRedirector Wrapper and Engine service which failed to start because of the following error: The dependency service or group failed to start.
30.01.2012 15:44:07, Error: Service Control Manager [7001] - The SMB 1.x MiniRedirector service depends on the SMB MiniRedirector Wrapper and Engine service which failed to start because of the following error: The dependency service or group failed to start.
30.01.2012 15:44:07, Error: Service Control Manager [7001] - The Network Store Interface Service service depends on the NSI proxy service service which failed to start because of the following error: A device attached to the system is not functioning.
30.01.2012 15:44:07, Error: Service Control Manager [7001] - The Network Location Awareness service depends on the Network Store Interface Service service which failed to start because of the following error: The dependency service or group failed to start.
30.01.2012 15:44:07, Error: Service Control Manager [7001] - The DNS Client service depends on the NetIO Legacy TDI Support Driver service which failed to start because of the following error: A device attached to the system is not functioning.
30.01.2012 15:44:07, Error: Service Control Manager [7001] - The DHCP Client service depends on the Ancilliary Function Driver for Winsock service which failed to start because of the following error: A device attached to the system is not functioning.
30.01.2012 15:44:07, Error: Service Control Manager [7001] - The Computer Browser service depends on the Server service which failed to start because of the following error: The dependency service or group failed to start.
30.01.2012 15:44:05, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1084" attempting to start the service WSearch with arguments "" in order to run the server: {9E175B6D-F52A-11D8-B9A5-505054503030}
30.01.2012 15:43:20, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1068" attempting to start the service netprofm with arguments "" in order to run the server: {A47979D2-C419-11D9-A5B4-001185AD2B89}
30.01.2012 15:43:20, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1068" attempting to start the service netman with arguments "" in order to run the server: {BA126AD1-2166-11D1-B1D0-00805FC1270E}
30.01.2012 15:43:18, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1084" attempting to start the service EventSystem with arguments "" in order to run the server: {1BE1F766-5536-11D1-B726-00C04FB926AF}
30.01.2012 15:43:12, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1084" attempting to start the service ShellHWDetection with arguments "" in order to run the server: {DD522ACC-F821-461A-A407-50B198B896DC}
30.01.2012 15:13:48, Error: Service Control Manager [7009] - A timeout was reached (30000 milliseconds) while waiting for the Microsoft .NET Framework NGEN v4.0.30319_X86 service to connect.
30.01.2012 10:25:58, Error: netbt [4307] - Initialization failed because the transport refused to open initial addresses.
30.01.2012 09:31:01, Error: Service Control Manager [7022] - The Windows Update service hung on starting.
27.01.2012 19:07:01, Error: Service Control Manager [7043] - The Windows Update service did not shut down properly after receiving a preshutdown control.
27.01.2012 18:46:06, Error: Service Control Manager [7000] - The iPod-Dienst service failed to start due to the following error: The service did not respond to the start or control request in a timely fashion.
27.01.2012 18:46:00, Error: Service Control Manager [7009] - A timeout was reached (30000 milliseconds) while waiting for the iPod-Dienst service to connect.
27.01.2012 18:46:00, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1053" attempting to start the service iPod Service with arguments "" in order to run the server: {063D34A4-BF84-4B8D-B699-E8CA06504DDE}
01.02.2012 10:10:28, Error: Service Control Manager [7003] - The DHCP Client service depends the following service: Tdx. This service might not be installed.
01.02.2012 10:10:28, Error: Service Control Manager [7001] - The WinHTTP Web Proxy Auto-Discovery Service service depends on the DHCP Client service which failed to start because of the following error: The dependency service does not exist or has been marked for deletion.
01.02.2012 09:41:14, Error: Service Control Manager [7023] - The Computer Browser service terminated with the following error: The specified service does not exist as an installed service.
01.02.2012 09:41:14, Error: Service Control Manager [7003] - The IPsec Policy Agent service depends the following service: BFE. This service might not be installed.
01.02.2012 09:41:14, Error: Service Control Manager [7003] - The IKE and AuthIP IPsec Keying Modules service depends the following service: BFE. This service might not be installed.
01.02.2012 09:41:14, Error: Service Control Manager [7003] - The DNS Client service depends the following service: Tdx. This service might not be installed.
01.02.2012 09:41:14, Error: Service Control Manager [7000] - The Parallel port driver service failed to start due to the following error: The service cannot be started, either because it is disabled or because it has no enabled devices associated with it.
.
==== End Of File ===========================
I got the system check malware on a Laptop from a friend of mine with Win Vista.
It appears, that all files were marked as "hidden" and that in the trojan appears in the auto boot. Hence, at every start of windows a lot of fake messages appeared.
Thus, I deactivated the (random) .exe in the auto boot which came from the trojan and restarted (otherwise the scan would not work, since the laptop is relatively old...). Then I followed your instructions. Disclosed you find the log-files.
Thanks in advance for helping me!
steinson
Malwarebytes Anti-Malware (Trial) 1.60.0.1800
www.malwarebytes.org
Database version: v2012.01.30.03
Windows Vista Service Pack 2 x86 NTFS
Internet Explorer 8.0.6001.19170
- :: MOBILE [administrator]
Protection: Enabled
31.01.2012 09:45:43
mbam-log-2012-01-31 (09-45-43).txt
Scan type: Full scan
Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM
Scan options disabled: P2P
Objects scanned: 407221
Time elapsed: 2 hour(s), 36 minute(s), 41 second(s)
Memory Processes Detected: 0
(No malicious items detected)
Memory Modules Detected: 0
(No malicious items detected)
Registry Keys Detected: 1
HKLM\SYSTEM\CurrentControlSet\Services\tdx (Trojan.FakeAlert) -> Quarantined and deleted successfully.
Registry Values Detected: 0
(No malicious items detected)
Registry Data Items Detected: 0
(No malicious items detected)
Folders Detected: 0
(No malicious items detected)
Files Detected: 8
C:\WINDOWS\System32\drivers\tdx.sys (Trojan.FakeAlert) -> Quarantined and deleted successfully.
C:\ProgramData\sfiGOoTHfvbW.exe (Trojan.FakeMS) -> Quarantined and deleted successfully.
C:\Users\-\AppData\Local\Temp\oleda0.99876541177765.exe (Trojan.Downloader.lb) -> Quarantined and deleted successfully.
C:\Users\-\AppData\Local\Temp\C60D.tmp (Trojan.Agent) -> Quarantined and deleted successfully.
C:\Users\-\AppData\Local\Temp\ZFGDGu3qodcrKe.exe.tmp (Trojan.FakeMS) -> Quarantined and deleted successfully.
C:\Users\-\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\6\29e36f06-3b3105bf (Trojan.Downloader.lb) -> Quarantined and deleted successfully.
C:\Users\-\AppData\Roaming\ScanDisc.exe (Trojan.Agent) -> Quarantined and deleted successfully.
C:\WINDOWS\winsxs\x86_microsoft-windows-tdi-over-tcpip_31bf3856ad364e35_6.0.6002.18005_none_ec294157d9377403\tdx.sys (Trojan.FakeAlert) -> Quarantined and deleted successfully.
(end)
GMER 1.0.15.15641 - http://www.gmer.net
Rootkit scan 2012-02-01 10:54:11
Windows 6.0.6002 Service Pack 2 Harddisk0\DR0 -> \Device\Ide\IdeDeviceP1T0L0-2 FUJITSU_MHW2120BH rev.8918
Running: uw3b8evb.exe; Driver: C:\Users\-\AppData\Local\Temp\pxldypod.sys
---- System - GMER 1.0.15 ----
SSDT 88C86BFE ZwCreateSection
SSDT 88C86C08 ZwRequestWaitReplyPort
SSDT 88C86C03 ZwSetContextThread
SSDT 88C86C0D ZwSetSecurityObject
SSDT 88C86C12 ZwSystemDebugControl
SSDT 88C86B9F ZwTerminateProcess
---- Kernel code sections - GMER 1.0.15 ----
.text ntkrnlpa.exe!KeSetEvent + 215 824C4998 4 Bytes [FE, 6B, C8, 88]
.text ntkrnlpa.exe!KeSetEvent + 539 824C4CBC 4 Bytes [08, 6C, C8, 88] {OR [EAX+ECX*8-0x78], CH}
.text ntkrnlpa.exe!KeSetEvent + 56D 824C4CF0 4 Bytes [03, 6C, C8, 88] {ADD EBP, [EAX+ECX*8-0x78]}
.text ntkrnlpa.exe!KeSetEvent + 5D1 824C4D54 4 Bytes [0D, 6C, C8, 88]
.text ntkrnlpa.exe!KeSetEvent + 619 824C4D9C 4 Bytes [12, 6C, C8, 88] {ADC CH, [EAX+ECX*8-0x78]}
.text ...
---- User IAT/EAT - GMER 1.0.15 ----
IAT C:\Windows\Explorer.EXE[320] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdiplusShutdown] [746C7817] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6002.18342_none_9e54f8aaca13c773\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT C:\Windows\Explorer.EXE[320] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipCloneImage] [7471A86D] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6002.18342_none_9e54f8aaca13c773\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT C:\Windows\Explorer.EXE[320] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipDrawImageRectI] [746CBB22] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6002.18342_none_9e54f8aaca13c773\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT C:\Windows\Explorer.EXE[320] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipSetInterpolationMode] [746BF695] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6002.18342_none_9e54f8aaca13c773\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT C:\Windows\Explorer.EXE[320] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdiplusStartup] [746C75E9] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6002.18342_none_9e54f8aaca13c773\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT C:\Windows\Explorer.EXE[320] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipCreateFromHDC] [746BE7CA] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6002.18342_none_9e54f8aaca13c773\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT C:\Windows\Explorer.EXE[320] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipCreateBitmapFromStreamICM] [746F8395] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6002.18342_none_9e54f8aaca13c773\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT C:\Windows\Explorer.EXE[320] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipCreateBitmapFromStream] [746CDA60] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6002.18342_none_9e54f8aaca13c773\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT C:\Windows\Explorer.EXE[320] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipGetImageHeight] [746BFFFA] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6002.18342_none_9e54f8aaca13c773\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT C:\Windows\Explorer.EXE[320] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipGetImageWidth] [746BFF61] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6002.18342_none_9e54f8aaca13c773\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT C:\Windows\Explorer.EXE[320] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipDisposeImage] [746B71CF] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6002.18342_none_9e54f8aaca13c773\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT C:\Windows\Explorer.EXE[320] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipLoadImageFromFileICM] [7474CAE2] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6002.18342_none_9e54f8aaca13c773\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT C:\Windows\Explorer.EXE[320] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipLoadImageFromFile] [746EC8D8] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6002.18342_none_9e54f8aaca13c773\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT C:\Windows\Explorer.EXE[320] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipDeleteGraphics] [746BD968] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6002.18342_none_9e54f8aaca13c773\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT C:\Windows\Explorer.EXE[320] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipFree] [746B6853] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6002.18342_none_9e54f8aaca13c773\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT C:\Windows\Explorer.EXE[320] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipAlloc] [746B687E] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6002.18342_none_9e54f8aaca13c773\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT C:\Windows\Explorer.EXE[320] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipSetCompositingMode] [746C2AD1] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6002.18342_none_9e54f8aaca13c773\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
---- Devices - GMER 1.0.15 ----
AttachedDevice \Driver\kbdclass \Device\KeyboardClass0 Wdf01000.sys (WDF Dynamic/Microsoft Corporation)
---- Registry - GMER 1.0.15 ----
Reg HKLM\SYSTEM\CurrentControlSet\Services\BTHPORT\Parameters\Keys\0016411f4768
Reg HKLM\SYSTEM\CurrentControlSet\Services\BTHPORT\Parameters\Keys\001a6b004c1b
Reg HKLM\SYSTEM\CurrentControlSet\Services\BTHPORT\Parameters\Keys\001a6b2da1b3
Reg HKLM\SYSTEM\CurrentControlSet\Services\BTHPORT\Parameters\Keys\001a6b2da1b3@001a1651965f 0x92 0xC0 0x6B 0xB2 ...
Reg HKLM\SYSTEM\ControlSet003\Services\BTHPORT\Parameters\Keys\0016411f4768 (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet003\Services\BTHPORT\Parameters\Keys\001a6b004c1b (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet003\Services\BTHPORT\Parameters\Keys\001a6b2da1b3 (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet003\Services\BTHPORT\Parameters\Keys\001a6b2da1b3@001a1651965f 0x92 0xC0 0x6B 0xB2 ...
---- Files - GMER 1.0.15 ----
File C:\WINDOWS\$NtUninstallKB315$\3117660392 0 bytes
File C:\WINDOWS\$NtUninstallKB315$\3117660392\@ 2048 bytes
File C:\WINDOWS\$NtUninstallKB315$\3117660392\bckfg.tmp 854 bytes
File C:\WINDOWS\$NtUninstallKB315$\3117660392\cfg.ini 335 bytes
File C:\WINDOWS\$NtUninstallKB315$\3117660392\Desktop.ini 4608 bytes
File C:\WINDOWS\$NtUninstallKB315$\3117660392\keywords 0 bytes
File C:\WINDOWS\$NtUninstallKB315$\3117660392\kwrd.dll 223744 bytes
File C:\WINDOWS\$NtUninstallKB315$\3117660392\L 0 bytes
File C:\WINDOWS\$NtUninstallKB315$\3117660392\L\vhtmwbun 72192 bytes
File C:\WINDOWS\$NtUninstallKB315$\3117660392\U 0 bytes
File C:\WINDOWS\$NtUninstallKB315$\3117660392\U\00000001.@ 2048 bytes
File C:\WINDOWS\$NtUninstallKB315$\3117660392\U\00000002.@ 224768 bytes
File C:\WINDOWS\$NtUninstallKB315$\3117660392\U\00000004.@ 1024 bytes
File C:\WINDOWS\$NtUninstallKB315$\3117660392\U\80000000.@ 11264 bytes
File C:\WINDOWS\$NtUninstallKB315$\3117660392\U\80000004.@ 12800 bytes
File C:\WINDOWS\$NtUninstallKB315$\3117660392\U\80000032.@ 73216 bytes
File C:\WINDOWS\$NtUninstallKB315$\3117660392\version 858 bytes
File C:\WINDOWS\$NtUninstallKB315$\473084469 0 bytes
---- EOF - GMER 1.0.15 ----
.
DDS (Ver_2011-08-26.01) - NTFSx86
Internet Explorer: 8.0.6001.19170 BrowserJavaVersion: 1.6.0_29
Run by - at 10:55:17 on 2012-02-01
Microsoft® Windows Vista™ Business 6.0.6002.2.1252.49.1033.18.1015.197 [GMT 1:00]
.
AV: Avira Desktop *Enabled/Updated* {F67B4DE5-C0B4-6C3F-0EFF-6C83BD5D0C2C}
SP: Avira Desktop *Enabled/Updated* {4D1AAC01-E68E-63B1-344F-57F1C6DA4691}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
============== Running Processes ===============
.
C:\Windows\system32\wininit.exe
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\System32\svchost.exe -k Cognizance
C:\Windows\system32\svchost.exe -k rpcss
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\svchost.exe -k GPSvcGroup
C:\Windows\system32\SLsvc.exe
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\System32\spoolsv.exe
C:\Program Files\Avira\AntiVir Desktop\sched.exe
C:\Windows\system32\Dwm.exe
c:\Program Files\Hewlett-Packard\IAM\bin\asghost.exe
C:\Windows\Explorer.EXE
C:\WINDOWS\System32\igfxtray.exe
C:\WINDOWS\System32\hkcmd.exe
C:\WINDOWS\System32\igfxpers.exe
C:\Program Files\Hewlett-Packard\HP ProtectTools Security Manager\PTHosttr.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files\Hewlett-Packard\HP Wireless Assistant\WiFiMsg.exe
C:\Program Files\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe
C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\QLBCTRL.exe
C:\Program Files\MsOffice12\Office12\GrooveMonitor.exe
C:\Program Files\Common Files\Java\Java Update\jusched.exe
C:\Program Files\Avira\AntiVir Desktop\avgnt.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe
C:\WINDOWS\System32\spool\drivers\w32x86\3\E_FATICCE.EXE
C:\Program Files\Common Files\InstallShield\UpdateService\ISUSPM.exe
C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe
C:\Windows\system32\taskeng.exe
C:\Program Files\Google\Update\1.3.21.79\GoogleCrashHandler.exe
C:\Windows\system32\agrsmsvc.exe
C:\Program Files\Avira\AntiVir Desktop\avguard.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Windows\system32\svchost.exe -k bthsvcs
C:\Windows\system32\svchost.exe -k NetworkService
C:\Program Files\Cisco Systems\VPN Client\cvpnd.exe
C:\Windows\System32\svchost.exe -k LocalServiceNoNetwork
C:\Program Files\Common Files\LightScribe\LSSrvc.exe
C:\Program Files\Microsoft SQL Server\MSSQL.1\MSSQL\Binn\msftesql.exe
C:\Program Files\Microsoft SQL Server\MSSQL.1\MSSQL\Binn\sqlservr.exe
C:\Program Files\Microsoft\BingBar\SeaPort.EXE
C:\Program Files\Microsoft SQL Server\90\Shared\sqlbrowser.exe
C:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe
C:\Windows\system32\svchost.exe -k imgsvc
C:\Program Files\TeamViewer\Version5\TeamViewer_Service.exe
C:\Windows\System32\svchost.exe -k WerSvcGroup
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
C:\Windows\system32\SearchIndexer.exe
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
C:\Program Files\Hewlett-Packard\Shared\hpqwmiex.exe
C:\Program Files\Avira\AntiVir Desktop\avshadow.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\PROGRA~1\HEWLET~1\Shared\HPQTOA~1.EXE
C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
C:\Program Files\Hewlett-Packard\HP Health Check\hphc_service.exe
C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe
C:\Windows\system32\wbem\unsecapp.exe
C:\Windows\system32\taskeng.exe
C:\Windows\system32\conime.exe
C:\Windows\system32\wbem\wmiprvse.exe
.
============== Pseudo HJT Report ===============
.
mStart Page = hxxp://de.yahoo.com
mSearch Page =
uInternet Settings,ProxyOverride = *.local
uSearchURL,(Default) = hxxp://de.rd.yahoo.com/customize/ie/defaults/su/msgr8/*http://de.search.yahoo.com
uURLSearchHooks: ICQToolBar: {855f3b16-6d32-4fe6-8a56-bbb695989046} - c:\program files\icq6toolbar\ICQToolBar.dll
uURLSearchHooks: H - No File
BHO: {02478D38-C3F9-4efb-9B51-7695ECA05670} - No File
BHO: Adobe PDF Reader Link Helper: {06849e9f-c8d7-4d59-b87d-784b7d6be0b3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelper.dll
BHO: Groove GFS Browser Helper: {72853161-30c5-4d22-b7f9-0bbc1d38a37e} - c:\program files\msoffice12\office12\GrooveShellExtensions.dll
BHO: Windows Live ID Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - c:\program files\common files\microsoft shared\windows live\WindowsLiveLogin.dll
BHO: Google Toolbar Helper: {aa58ed58-01dd-4d91-8333-cf10577473f7} - c:\program files\google\googletoolbar2.dll
BHO: Skype Browser Helper: {ae805869-2e5c-4ed4-8f7b-f1f7851a4497} - c:\program files\skype\toolbars\internet explorer\skypeieplugin.dll
BHO: Bing Bar Helper: {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - "c:\program files\microsoft\bingbar\BingExt.dll"
BHO: Java(tm) Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll
BHO: Credential Manager for HP ProtectTools: {df21f1db-80c6-11d3-9483-b03d0ec10000} - c:\program files\hewlett-packard\iam\bin\ItIEAddIn.dll
BHO: Google Gears Helper: {e0fefe40-fbf9-42ae-ba58-794ca7e3fb53} - c:\program files\google\google gears\internet explorer\0.5.36.0\gears.dll
TB: &Google: {2318c2b1-4965-11d4-9b18-009027a5cd4f} - c:\program files\google\googletoolbar2.dll
TB: ICQToolBar: {855f3b16-6d32-4fe6-8a56-bbb695989046} - c:\program files\icq6toolbar\ICQToolBar.dll
TB: {D4027C7F-154A-4066-A1AD-4243D8127440} - No File
TB: SciFinder Scholar Bar: {4e16a8fb-0521-46d1-aa2c-d0fc7abf6af9} - mscoree.dll
TB: Bing Bar: {8dcb7100-df86-4384-8842-8fa844297b3f} - "c:\program files\microsoft\bingbar\BingExt.dll"
TB: {21FA44EF-376D-4D53-9B0F-8A89D3229068} - No File
EB: ICQToolBar: {855f3b16-6d32-4fe6-8a56-bbb695989046} - c:\program files\icq6toolbar\ICQToolBar.dll
uRun: [EPSON Stylus D120 Series] c:\windows\system32\spool\drivers\w32x86\3\e_faticce.exe /fu "c:\users\-\appdata\local\temp\E_S79B1.tmp" /EF "HKCU"
uRun: [ISUSPM] "c:\program files\common files\installshield\updateservice\ISUSPM.exe" -scheduler
mRun: [IgfxTray] c:\windows\system32\igfxtray.exe
mRun: [HotKeysCmds] c:\windows\system32\hkcmd.exe
mRun: [Persistence] c:\windows\system32\igfxpers.exe
mRun: [PTHOSTTR] c:\program files\hewlett-packard\hp protecttools security manager\PTHOSTTR.EXE /Start
mRun: [SynTPEnh] c:\program files\synaptics\syntp\SynTPEnh.exe
mRun: [WAWifiMessage] %ProgramFiles%\Hewlett-Packard\HP Wireless Assistant\WiFiMsg.exe
mRun: [hpWirelessAssistant] %ProgramFiles%\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe
mRun: [HP Health Check Scheduler] c:\program files\hewlett-packard\hp health check\HPHC_Scheduler.exe
mRun: [QlbCtrl] %ProgramFiles%\Hewlett-Packard\HP Quick Launch Buttons\QlbCtrl.exe /Start
mRun: [CognizanceTS] rundll32.exe c:\progra~1\hewlet~1\iam\bin\ASTSVCC.dll,RegisterModule
mRun: [HP Software Update] c:\program files\hp\hp software update\HPWuSchd2.exe
mRun: [AppleSyncNotifier] c:\program files\common files\apple\mobile device support\AppleSyncNotifier.exe
mRun: [GrooveMonitor] "c:\program files\msoffice12\office12\GrooveMonitor.exe"
mRun: [APSDaemon] "c:\program files\common files\apple\apple application support\APSDaemon.exe"
mRun: [QuickTime Task] "c:\program files\quicktime\QTTask.exe" -atboottime
mRun: [SunJavaUpdateSched] "c:\program files\common files\java\java update\jusched.exe"
mRun: [avgnt] "c:\program files\avira\antivir desktop\avgnt.exe" /min
mRun: [iTunesHelper] "c:\program files\itunes\iTunesHelper.exe"
mRun: [Malwarebytes' Anti-Malware] "c:\program files\malwarebytes' anti-malware\mbamgui.exe" /starttray
StartupFolder: c:\users\-\appdata\roaming\micros~1\windows\startm~1\programs\startup\onenot~1.lnk - c:\program files\msoffice12\office12\ONENOTEM.EXE
StartupFolder: c:\progra~2\micros~1\windows\startm~1\programs\startup\bttray.lnk - c:\program files\widcomm\bluetooth software\BTTray.exe
StartupFolder: c:\progra~2\micros~1\windows\startm~1\programs\startup\newsho~1.lnk - c:\program files\usb_video_device\utility\remotetool\BDARemote.exe
StartupFolder: c:\progra~2\micros~1\windows\startm~1\programs\startup\vpncli~1.lnk - c:\windows\installer\{08b785c1-3893-4154-b53b-f5d341d0aaaa}\Icon3E5562ED7.ico
mPolicies-explorer: BindDirectlyToPropertySetStorage = 0 (0x0)
mPolicies-system: EnableUIADesktopToggle = 0 (0x0)
IE: Add to Google Photos Screensa&ver - c:\windows\system32\GPhotos.scr/200
IE: Nach Microsoft E&xel exportieren - c:\progra~1\msoffi~1\office12\EXCEL.EXE/3000
IE: Save YouTube Video as MP3 - c:\program files\common files\dvdvideosoft\dll\IEContextMenuY.dll/scriptY2MP3.htm
IE: Send image to &Bluetooth Device... - c:\program files\widcomm\bluetooth software\btsendto_ie_ctx.htm
IE: Send page to &Bluetooth Device... - c:\program files\widcomm\bluetooth software\btsendto_ie.htm
IE: {7578ADEA-D65F-4C89-A249-B1C88B6FFC20} - c:\program files\icq7.5\ICQ.exe
IE: {CCA281CA-C863-46ef-9331-5C8D4460577F} - c:\program files\widcomm\bluetooth software\btsendto_ie.htm
IE: {09C04DA7-5B76-4EBC-BBEE-B25EAC5965F5} - {0B4350D1-055F-47A3-B112-5F2F2B0D6F08} - c:\program files\google\google gears\internet explorer\0.5.36.0\gears.dll
IE: {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - {5F7B1267-94A9-47F5-98DB-E99415F33AEC} - c:\program files\windows live\writer\WriterBrowserExtension.dll
IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - c:\progra~1\msoffi~1\office12\ONBttnIE.dll
IE: {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - c:\program files\skype\toolbars\internet explorer\skypeieplugin.dll
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\msoffi~1\office12\REFIEBAR.DLL
LSP: mswsock.dll
DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} - hxxp://gfx2.hotmail.com/mail/w2/resources/VistaMSNPUpldde-de.cab
DPF: {79E0C1C0-316D-11D5-A72A-006097BFA1AC} - hxxp://esupport.epson-europe.com/selftest/de/Prg/ESTPTest.cab
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_29-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0000-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0002-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_02-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0003-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_03-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0005-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_05-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_07-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0029-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_29-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_29-windows-i586.cab
TCP: DhcpNameServer = 172.17.7.254
TCP: Interfaces\{120F3131-73C0-4BED-89D1-6E0AFF34328A} : DhcpNameServer = 192.168.1.1
TCP: Interfaces\{B6983C64-5A7E-48E1-B4E6-3E9C40E82CFE} : DhcpNameServer = 172.17.7.254
Handler: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - c:\program files\msoffice12\office12\GrooveSystemServices.dll
Handler: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - c:\program files\skype\toolbars\internet explorer\skypeieplugin.dll
Handler: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - c:\program files\windows live\photo gallery\AlbumDownloadProtocolHandler.dll
Notify: igfxcui - igfxdev.dll
SEH: Groove GFS Stub Execution Hook: {b5a7f190-dda6-4420-b3ba-52453494e6cd} - c:\program files\msoffice12\office12\GrooveShellExtensions.dll
LSA: Notification Packages = scecli ASWLNPkg
.
================= FIREFOX ===================
.
FF - ProfilePath - c:\users\-\appdata\roaming\mozilla\firefox\profiles\1xunj3qq.default\
FF - prefs.js: browser.startup.homepage - www.studivz.net
FF - component: c:\program files\common files\dvdvideosoft\dll\ffcontextmenuy\components\FFContextMenu.dll
FF - component: c:\program files\google\google gears\firefox\lib\ff36\gears.dll
FF - plugin: c:\program files\cambridgesoft\chemoffice2010\chem3d\npChem3DPlugin.dll
FF - plugin: c:\program files\cambridgesoft\chemoffice2010\chemdraw\NPCDP32.DLL
FF - plugin: c:\program files\divx\divx plus web player\npdivx32.dll
FF - plugin: c:\program files\google\picasa3\npPicasa3.dll
FF - plugin: c:\program files\google\update\1.3.21.79\npGoogleUpdate3.dll
FF - plugin: c:\program files\java\jre6\bin\new_plugin\npdeployJava1.dll
FF - plugin: c:\program files\microsoft silverlight\4.0.60831.0\npctrlui.dll
FF - plugin: c:\program files\mozilla firefox\plugins\npdeployJava1.dll
FF - plugin: c:\program files\mozilla firefox\plugins\npSfAppM.dll
FF - plugin: c:\program files\windows live\photo gallery\NPWLPG.dll
FF - plugin: c:\users\-\appdata\roaming\facebook\npfbplugin_1_0_3.dll
FF - plugin: c:\users\-\appdata\roaming\move networks\plugins\071803000001\npqmp071803000001.dll
.
============= SERVICES / DRIVERS ===============
.
R1 avkmgr;avkmgr;c:\windows\system32\drivers\avkmgr.sys [2011-11-26 36000]
R1 PersonalSecureDrive;PersonalSecureDrive;c:\windows\system32\drivers\psd.sys [2006-12-30 32000]
R2 avgntflt;avgntflt;c:\windows\system32\drivers\avgntflt.sys [2009-6-25 74640]
R3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [2012-1-30 20464]
.
=============== Created Last 30 ================
.
2012-01-30 09:25:49 -------- d-----w- c:\users\-\appdata\roaming\Malwarebytes
2012-01-30 09:25:38 -------- d-----w- c:\programdata\Malwarebytes
2012-01-30 09:25:36 20464 ----a-w- c:\windows\system32\drivers\mbam.sys
2012-01-30 09:25:36 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2012-01-27 17:34:23 288 ---ha-w- c:\users\-\appdata\roaming\372DCE54.reg
2012-01-27 17:06:52 -------- d-----w- c:\program files\iPod
2012-01-27 17:06:25 -------- d-----w- c:\program files\iTunes
2012-01-27 16:45:20 6557240 ----a-w- c:\programdata\microsoft\windows defender\definition updates\{b1c66e8a-c36b-4d77-8a3a-0be53e12c76f}\mpengine.dll
2012-01-19 16:47:12 -------- d--h--w- c:\users\-\appdata\local\{84DF0906-C790-4768-9C2B-2BED302D4F67}
2012-01-19 16:47:07 -------- d--h--w- c:\users\-\appdata\local\{361F1858-AF1A-4389-9AA7-6633F1CB56A4}
2012-01-18 17:26:51 440192 ----a-w- c:\windows\system32\drivers\ksecdd.sys
2012-01-18 17:26:51 278528 ----a-w- c:\windows\system32\schannel.dll
2012-01-18 17:26:50 72704 ----a-w- c:\windows\system32\secur32.dll
2012-01-18 17:26:50 377344 ----a-w- c:\windows\system32\winhttp.dll
2012-01-18 17:26:50 1259008 ----a-w- c:\windows\system32\lsasrv.dll
2012-01-18 17:26:49 9728 ----a-w- c:\windows\system32\lsass.exe
2012-01-17 19:44:29 -------- d--h--w- c:\users\-\appdata\local\{354A4C23-3911-4371-899D-DE20D2574000}
2012-01-17 19:44:18 -------- d--h--w- c:\users\-\appdata\local\{08678E77-2B6F-4744-85AA-FFF13E9EAB17}
2012-01-13 17:24:21 189952 ----a-w- c:\windows\system32\winmm.dll
2012-01-13 17:24:20 23552 ----a-w- c:\windows\system32\mciseq.dll
2012-01-13 17:23:52 1205064 ----a-w- c:\windows\system32\ntdll.dll
2012-01-13 17:23:35 66560 ----a-w- c:\windows\system32\packager.dll
2012-01-13 17:23:13 376320 ----a-w- c:\windows\system32\winsrv.dll
2012-01-13 17:22:58 2409784 ----a-w- c:\program files\windows mail\OESpamFilter.dat
2012-01-13 17:22:44 1314816 ----a-w- c:\windows\system32\quartz.dll
2012-01-13 17:22:43 497152 ----a-w- c:\windows\system32\qdvd.dll
2012-01-10 19:54:47 -------- d--h--w- c:\users\-\appdata\local\{99D2A15E-52AC-4F9B-BAE0-F98EC96D9B58}
2012-01-10 19:54:43 -------- d--h--w- c:\users\-\appdata\local\{934F61CF-849D-44F0-B4CF-7B4C97320B57}
2012-01-07 09:46:03 548864 ----a-w- c:\program files\mozilla firefox\msvcp80.dll
2012-01-07 09:46:03 479232 ----a-w- c:\program files\mozilla firefox\msvcm80.dll
2012-01-07 09:46:03 43992 ----a-w- c:\program files\mozilla firefox\mozutils.dll
2012-01-07 09:46:02 626688 ----a-w- c:\program files\mozilla firefox\msvcr80.dll
.
==================== Find3M ====================
.
2012-01-27 17:33:23 414368 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2011-12-07 09:08:58 236576 ------w- c:\windows\system32\MpSigStub.exe
2011-11-23 13:37:27 2043904 ----a-w- c:\windows\system32\win32k.sys
2011-11-08 14:42:19 2048 ----a-w- c:\windows\system32\tzres.dll
.
============= FINISH: 10:57:54,73 ===============
.
UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.
IF REQUESTED, ZIP IT UP & ATTACH IT
.
DDS (Ver_2011-08-26.01)
.
Microsoft® Windows Vista™ Business
Boot Device: \Device\HarddiskVolume1
Install Date: 22.05.2007 01:13:50
System Uptime: 01.02.2012 09:38:03 (1 hours ago)
.
Motherboard: Hewlett-Packard | | 30A2
Processor: Intel(R) Celeron(R) M CPU 440 @ 1.86GHz | U10 | 1862/133mhz
.
==== Disk Partitions =========================
.
C: is FIXED (NTFS) - 60 GiB total, 7,207 GiB free.
D: is FIXED (NTFS) - 40 GiB total, 26,693 GiB free.
E: is CDROM ()
F: is FIXED (NTFS) - 11 GiB total, 4,872 GiB free.
G: is FIXED (NTFS) - 2 GiB total, 1,29 GiB free.
.
==== Disabled Device Manager Items =============
.
Class GUID: {4d36e972-e325-11ce-bfc1-08002be10318}
Description: Cisco Systems VPN Adapter
Device ID: ROOT\NET\0000
Manufacturer: Cisco Systems
Name: Cisco Systems VPN Adapter
PNP Device ID: ROOT\NET\0000
Service: CVirtA
.
==== System Restore Points ===================
.
RP962: 30.01.2012 14:29:38 - Scheduled Checkpoint
RP963: 31.01.2012 13:04:56 - Scheduled Checkpoint
.
==== Installed Programs ======================
.
Update for Microsoft Office 2007 (KB2508958)
Adobe Flash Player 11 ActiveX
Adobe Flash Player 11 Plugin
Adobe Reader 8.1.3
Agere Systems HDA Modem
Apple Application Support
Apple Mobile Device Support
Apple Software Update
Application Installer 4.00.B10
ArcSoft ShowBiz DVD 2
ASL_HS_Installer32
Avira Free Antivirus
Bing Bar
Bonjour
CambridgeSoft Activation Client
CambridgeSoft BioAssay 12.0
CambridgeSoft ChemBioOffice Ultra 2010
CambridgeSoft ChemScript 12.0
CambridgeSoft Desktop Inventory 12.0
CambridgeSoft ENotebook 12.0.1
Camera RAW Plug-In for EPSON Creativity Suite
Cisco Systems VPN Client 5.0.06.0110
CorelDRAW Essential Edition 3
D3DX10
DE
DivX Plus Web Player
Dropbox
EPSON-Drucker-Software
EPSON Attach To Email
EPSON Easy Photo Print
EPSON File Manager
EPSON Scan Assistant
EPSON Stylus C110_D120 Handbuch
EPSON Stylus C90_91_D92 Handbuch
Essential System Updates for Microsoft Windows Vista
Express Burn
Express Rip
Facebook Plug-In
Force 2.0
Free YouTube to Mp3 Converter version 3.2
GIMP 2.4.1
Google Gears
Google SketchUp 6
Google Toolbar for Internet Explorer
Google Update Helper
Hewlett-Packard Active Check
Hewlett-Packard Asset Agent
HijackThis 2.0.2
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB953595)
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB958484)
HP Active Support Library
HP Backup and Recovery Manager Installer
HP BIOS Configuration for ProtectTools
HP Credential Manager for ProtectTools
HP Customer Experience Enhancements
HP Easy Setup - Core
HP Easy Setup - Frontend
HP Help and Support
HP Integrated Module with Bluetooth wireless technology 6.0.1.3100
HP MULTIPLE MODEM INSTALLER for VISTA
HP Notebook Accessories Product Tour
HP ProtectTools Security Manager 2.00 E4
HP Quick Launch Buttons 6.10 C1
HP Update
HP User Guide 0045
HP Wireless Assistant
iCloud
ICQ Toolbar
ICQ7.5
iDump (Freeware) Build:29
Intel(R) Graphics Media Accelerator Driver
InterVideo DVD Check
InterVideo WinDVD
iPod2PC 3.9.2
iTunes
Java Auto Updater
Java(TM) 6 Update 2
Java(TM) 6 Update 29
Java(TM) 6 Update 3
Java(TM) 6 Update 5
Java(TM) 6 Update 7
Java(TM) SE Runtime Environment 6
Junk Mail filter update
LightScribe 1.4.124.1
Malwarebytes Anti-Malware version 1.60.0.1800
MathType 6
MestReNova LITE 5.2.5-4731
Microsoft .NET Framework 1.1
Microsoft .NET Framework 1.1 Security Update (KB2656353)
Microsoft .NET Framework 1.1 Security Update (KB979906)
Microsoft .NET Framework 3.5 SP1
Microsoft .NET Framework 4 Client Profile
Microsoft Application Error Reporting
Microsoft Office 2007 Service Pack 2 (SP2)
Microsoft Office Access MUI (German) 2007
Microsoft Office Enterprise 2007
Microsoft Office Excel MUI (German) 2007
Microsoft Office File Validation Add-In
Microsoft Office Groove MUI (German) 2007
Microsoft Office InfoPath MUI (German) 2007
Microsoft Office OneNote MUI (German) 2007
Microsoft Office Outlook MUI (German) 2007
Microsoft Office PowerPoint MUI (German) 2007
Microsoft Office Proof (English) 2007
Microsoft Office Proof (French) 2007
Microsoft Office Proof (German) 2007
Microsoft Office Proof (Italian) 2007
Microsoft Office Proofing (German) 2007
Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
Microsoft Office Publisher MUI (German) 2007
Microsoft Office Shared MUI (German) 2007
Microsoft Office Word MUI (German) 2007
Microsoft Silverlight
Microsoft SQL Server 2005
Microsoft SQL Server 2005 (CSSQL05)
Microsoft SQL Server 2005 Compact Edition [ENU]
Microsoft SQL Server 2005 Tools
Microsoft SQL Server Native Client
Microsoft SQL Server Setup Support Files (English)
Microsoft SQL Server VSS Writer
Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
Microsoft Visual C++ 2005 Redistributable
Microsoft Visual C++ 2008 ATL Update kb973924 - x86 9.0.30729.4148
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219
MobileMe Control Panel
Move Media Player
Mozilla Firefox 9.0.1 (x86 de)
MSVCRT
MSXML 4.0 SP2 (KB936181)
MSXML 4.0 SP2 (KB941833)
MSXML 4.0 SP2 (KB954430)
MSXML 4.0 SP2 (KB973688)
Nur Deinstallierung der CopyTrans Suite möglich.
OpenOffice.org 3.0
Origin85
OriginPro 8.5G
Picasa 3
PLT for Windows V7.1
Python 2.5
QuickTime
Recordpad
Roxio Creator Audio
Roxio Creator Basic v9
Roxio Creator Copy
Roxio Creator Data
Roxio Creator Tools
Roxio Express Labeler 3
Roxio MyDVD Basic v9
Safari
SciFinder Scholar 2007
SciFinder Scholar Toolbar
Security Update for 2007 Microsoft Office System (KB2288621)
Security Update for 2007 Microsoft Office System (KB2288931)
Security Update for 2007 Microsoft Office System (KB2345043)
Security Update for 2007 Microsoft Office System (KB2553089)
Security Update for 2007 Microsoft Office System (KB2553090)
Security Update for 2007 Microsoft Office System (KB2584063)
Security Update for 2007 Microsoft Office System (KB969559)
Security Update for 2007 Microsoft Office System (KB976321)
Security Update for CAPICOM (KB931906)
Security Update for Microsoft .NET Framework 3.5 SP1 (KB2657424)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2446708)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2478663)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2518870)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2539636)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2572078)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2656351)
Security Update for Microsoft Office 2007 suites (KB2596785) 32-Bit Edition
Security Update for Microsoft Office Access 2007 (KB979440)
Security Update for Microsoft Office Groove 2007 (KB2552997)
Security Update for Microsoft Office InfoPath 2007 (KB2510061)
Security Update for Microsoft Office InfoPath 2007 (KB979441)
Security Update for Microsoft Office PowerPoint 2007 (KB2596764) 32-Bit Edition
Security Update for Microsoft Office PowerPoint 2007 (KB2596912) 32-Bit Edition
Security Update for Microsoft Office Publisher 2007 (KB2596705) 32-Bit Edition
Security Update for Microsoft Office system 2007 (972581)
Security Update for Microsoft Office system 2007 (KB974234)
Security Update for Microsoft Office Visio Viewer 2007 (KB973709)
Security Update for Microsoft Office Word 2007 (KB2344993)
Segoe UI
Shared Add-in Support Update for Microsoft .NET Framework 2.0 (KB908002)
Skype Click to Call
Skype™ 5.5
Sonic Activation Module
SoundMAX
SoundTap
Spelling Dictionaries Support For Adobe Reader 8
STARWARS: The Battle of Endor version 2.1
STATISTICA 8.0.725.0 CS
STATISTICA CambridgeSoft Integration
STATNOVAPDF (novaPDF Professional Server 5.4 printer)
Switch Uninstall
Synaptics Pointing Device Driver
TeamViewer 5
Texas Instruments PCIxx21/x515/xx12 drivers.
TIPCI
Uninstall 1.0.0.1
Update für Microsoft Office Excel 2007 Help (KB963678)
Update für Microsoft Office Outlook 2007 Help (KB963677)
Update für Microsoft Office Powerpoint 2007 Help (KB963669)
Update für Microsoft Office Word 2007 Help (KB963665)
Update for 2007 Microsoft Office System (KB967642)
Update for Microsoft .NET Framework 3.5 SP1 (KB963707)
Update for Microsoft .NET Framework 4 Client Profile (KB2468871)
Update for Microsoft .NET Framework 4 Client Profile (KB2533523)
Update for Microsoft Office 2007 suites (KB2596651) 32-Bit Edition
Update for Microsoft Office 2007 suites (KB2596686) 32-Bit Edition
Update for Microsoft Office 2007 suites (KB2596789) 32-Bit Edition
Update for Microsoft Office 2007 System (KB2539530)
Update for Microsoft Office Excel 2007 (KB2596596) 32-Bit Edition
Update for Microsoft Office OneNote 2007 (KB980729)
Update for Microsoft Office Outlook 2007 (KB2583910)
Update Manager
USB Audio/Video Driver
VC80CRTRedist - 8.0.50727.4053
VideoLAN VLC media player 0.8.6c
Vista Default Settings
WavePad Uninstall
Windows Live Communications Platform
Windows Live Essentials
Windows Live ID Sign-in Assistant
Windows Live Installer
Windows Live Mail
Windows Live Messenger
Windows Live MIME IFilter
Windows Live Movie Maker
Windows Live Photo Common
Windows Live Photo Gallery
Windows Live PIMT Platform
Windows Live SOXE
Windows Live SOXE Definitions
Windows Live Sync
Windows Live UX Platform
Windows Live UX Platform Language Pack
Windows Live Writer
Windows Live Writer Resources
Windows Media Player Firefox Plugin
WinRAR
WinZip 12.1
.
==== Event Viewer Messages From Past Week ========
.
30.01.2012 15:44:12, Error: Service Control Manager [7001] - The Network List Service service depends on the Network Location Awareness service which failed to start because of the following error: The dependency service or group failed to start.
30.01.2012 15:44:07, Error: Service Control Manager [7026] - The following boot-start or system-start driver(s) failed to load: AFD avipbb avkmgr CSC DfsC NetBIOS netbt nsiproxy PSched RasAcd rdbss Smb spldr ssmdrv tdx Wanarpv6
30.01.2012 15:44:07, Error: Service Control Manager [7001] - The Workstation service depends on the Network Store Interface Service service which failed to start because of the following error: The dependency service or group failed to start.
30.01.2012 15:44:07, Error: Service Control Manager [7001] - The WebDav Client Redirector Driver service depends on the Redirected Buffering Sub Sysytem service which failed to start because of the following error: A device attached to the system is not functioning.
30.01.2012 15:44:07, Error: Service Control Manager [7001] - The WebClient service depends on the WebDav Client Redirector Driver service which failed to start because of the following error: The dependency service or group failed to start.
30.01.2012 15:44:07, Error: Service Control Manager [7001] - The TCP/IP NetBIOS Helper service depends on the Ancilliary Function Driver for Winsock service which failed to start because of the following error: A device attached to the system is not functioning.
30.01.2012 15:44:07, Error: Service Control Manager [7001] - The SMB MiniRedirector Wrapper and Engine service depends on the Redirected Buffering Sub Sysytem service which failed to start because of the following error: A device attached to the system is not functioning.
30.01.2012 15:44:07, Error: Service Control Manager [7001] - The SMB 2.0 MiniRedirector service depends on the SMB MiniRedirector Wrapper and Engine service which failed to start because of the following error: The dependency service or group failed to start.
30.01.2012 15:44:07, Error: Service Control Manager [7001] - The SMB 1.x MiniRedirector service depends on the SMB MiniRedirector Wrapper and Engine service which failed to start because of the following error: The dependency service or group failed to start.
30.01.2012 15:44:07, Error: Service Control Manager [7001] - The Network Store Interface Service service depends on the NSI proxy service service which failed to start because of the following error: A device attached to the system is not functioning.
30.01.2012 15:44:07, Error: Service Control Manager [7001] - The Network Location Awareness service depends on the Network Store Interface Service service which failed to start because of the following error: The dependency service or group failed to start.
30.01.2012 15:44:07, Error: Service Control Manager [7001] - The DNS Client service depends on the NetIO Legacy TDI Support Driver service which failed to start because of the following error: A device attached to the system is not functioning.
30.01.2012 15:44:07, Error: Service Control Manager [7001] - The DHCP Client service depends on the Ancilliary Function Driver for Winsock service which failed to start because of the following error: A device attached to the system is not functioning.
30.01.2012 15:44:07, Error: Service Control Manager [7001] - The Computer Browser service depends on the Server service which failed to start because of the following error: The dependency service or group failed to start.
30.01.2012 15:44:05, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1084" attempting to start the service WSearch with arguments "" in order to run the server: {9E175B6D-F52A-11D8-B9A5-505054503030}
30.01.2012 15:43:20, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1068" attempting to start the service netprofm with arguments "" in order to run the server: {A47979D2-C419-11D9-A5B4-001185AD2B89}
30.01.2012 15:43:20, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1068" attempting to start the service netman with arguments "" in order to run the server: {BA126AD1-2166-11D1-B1D0-00805FC1270E}
30.01.2012 15:43:18, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1084" attempting to start the service EventSystem with arguments "" in order to run the server: {1BE1F766-5536-11D1-B726-00C04FB926AF}
30.01.2012 15:43:12, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1084" attempting to start the service ShellHWDetection with arguments "" in order to run the server: {DD522ACC-F821-461A-A407-50B198B896DC}
30.01.2012 15:13:48, Error: Service Control Manager [7009] - A timeout was reached (30000 milliseconds) while waiting for the Microsoft .NET Framework NGEN v4.0.30319_X86 service to connect.
30.01.2012 10:25:58, Error: netbt [4307] - Initialization failed because the transport refused to open initial addresses.
30.01.2012 09:31:01, Error: Service Control Manager [7022] - The Windows Update service hung on starting.
27.01.2012 19:07:01, Error: Service Control Manager [7043] - The Windows Update service did not shut down properly after receiving a preshutdown control.
27.01.2012 18:46:06, Error: Service Control Manager [7000] - The iPod-Dienst service failed to start due to the following error: The service did not respond to the start or control request in a timely fashion.
27.01.2012 18:46:00, Error: Service Control Manager [7009] - A timeout was reached (30000 milliseconds) while waiting for the iPod-Dienst service to connect.
27.01.2012 18:46:00, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1053" attempting to start the service iPod Service with arguments "" in order to run the server: {063D34A4-BF84-4B8D-B699-E8CA06504DDE}
01.02.2012 10:10:28, Error: Service Control Manager [7003] - The DHCP Client service depends the following service: Tdx. This service might not be installed.
01.02.2012 10:10:28, Error: Service Control Manager [7001] - The WinHTTP Web Proxy Auto-Discovery Service service depends on the DHCP Client service which failed to start because of the following error: The dependency service does not exist or has been marked for deletion.
01.02.2012 09:41:14, Error: Service Control Manager [7023] - The Computer Browser service terminated with the following error: The specified service does not exist as an installed service.
01.02.2012 09:41:14, Error: Service Control Manager [7003] - The IPsec Policy Agent service depends the following service: BFE. This service might not be installed.
01.02.2012 09:41:14, Error: Service Control Manager [7003] - The IKE and AuthIP IPsec Keying Modules service depends the following service: BFE. This service might not be installed.
01.02.2012 09:41:14, Error: Service Control Manager [7003] - The DNS Client service depends the following service: Tdx. This service might not be installed.
01.02.2012 09:41:14, Error: Service Control Manager [7000] - The Parallel port driver service failed to start due to the following error: The service cannot be started, either because it is disabled or because it has no enabled devices associated with it.
.
==== End Of File ===========================