| |
| |||||||
Plagegeister aller Art und deren Bekämpfung: TR/Spy.Web.H und windows-virus w32/Indus.AWindows 7 Wenn Du nicht sicher bist, ob Du dir Malware oder Trojaner eingefangen hast, erstelle hier ein Thema. Ein Experte wird sich mit weiteren Anweisungen melden und Dir helfen die Malware zu entfernen oder Unerwünschte Software zu deinstallieren bzw. zu löschen. Bitte schildere dein Problem so genau wie möglich. Sollte es ein Trojaner oder Viren Problem sein wird ein Experte Dir bei der Beseitigug der Infektion helfen. |
 |
28.09.2011, 13:55
| #1 |
| |  TR/Spy.Web.H und windows-virus w32/Indus.A Guten Tag, ich glaube ich habe exakt das gleiche Problem wie 'Bitterschoki', welches hier unter dem Titel: *"TR/Spy.Web.H und windows-virus w32/Indus.A, schwarzer Bildschirm, scheinbar alle Dateien weg" zu finden ist. Es wurde gestern von 'kira' beantwortet. Ich habe Fragen zu dem in dem thread beschriebenen Lösungsweg. Ich möchte Sie gerne um Hilfe bitten, habe leider gar keine Ahnung von PCs und Angst, alles noch schlimmer zu machen. Avira hat bei mir am 28.9. um 12:50 Uhr "TR/Spy.Web.H" gefunden und sagt, dass das in Quarantäne ist. Der Befall bezieht sich auf " 'C:\Users\July\AppData\Roaming\Microsoft\Protect\espa.kk'". Außerdem habe ich gerade entdeckt, dass seit 9.7.2010 eine weitere Datei in Quarantäne ist, welche laut Avira den Code des Windows-Virus W32/Induc.A enthält. Hier ist als Quelle: "D:\download\qip8094.exe" angegeben. Mein Laptop hat seit der Meldung von heute die selben Symptome wie in dem oben genannten Thread. Ich habe auch so eine email von "eilservice@deutschepost.de" geöffnet, das ist jedoch schon ca. 2 bis 3 Wochen her. Mein Laptop hat bis heute 12:50 Uhr normal funktioniert. Jedenfalls schien es so. Ich wollte nun, wie in der Antwort im Thread beschrieben, die SWH ausprobieren. Hier meine Fragen dazu: 1. Welches Datum soll ich für die SWH wählen? Der Rechner funktionierte ja bis heute noch, aber infiziert ist er ja möglicherweise schon seit ein paar Wochen? 2. Könnten Sie bei mir, so wie in dem Thread, bitte auch mit dem Systemscan mit OTL und dem CC-Cleaner nachschauen, falls das sinnvoll wäre? 4. Ich bekomme (auch seit heute) immer eine Meldung von Microsoft Windows (kleines Fenster öffnet sich mit): "Catalyst Control Centre: Host application funktioniert nicht mehr. Das Programm wird aufgrund eines Problems nicht richtig ausgeführt. Das Programm wird geschlossen und Sie werden benachrichtigt, wenn eine Lösung verfügbar ist" mit einem Kästchen "Programm schließen". Was ist hier zu tun? Vielen Dank im Voraus! herzliche Grüße, Juliane Geändert von julianes (28.09.2011 um 14:25 Uhr) |
|
29.09.2011, 07:21
| #2 | |||||
| /// Helfer-Team    | TR/Spy.Web.H und windows-virus w32/Indus.A Hallo und Herzlich Willkommen!
__________________ Bevor wir unsere Zusammenarbeit beginnen, [Bitte Vollständig lesen]: Zitat:
Wichtig: Alle Befehle bitte als Administrator ausführen! rechte Maustaste auf die Eingabeaufforderung und "als Administrator ausführen" auswählen Auf der angewählten Anwendung einen Rechtsklick (rechte Maustaste) und "Als Administrator ausführen" wählen! Zitat:
Ich habe zwei Vorschläge: : 1. Wenn du glaubst zu kennen die Zeitpunkt wo dein System noch einwandfrei funktioniert hat, die Systemwiederherstellung ist einen Versuch Wert!: - Gibt es einen "relativ einfachen Weg",wenn eine frische Infektion vorliegt, oder mal bestimmte Probleme bekommt man auch gelöst, was man sogleich ausprobieren sollte. Dies bietet Dir die Möglichkeit, Systemänderungen am Computer ohne Auswirkung auf persönliche Dateien, wie z. B. E-Mails, Dokumente oder Fotos, rückgängig zu machen. Zitat:
(Kannst noch immer bis zum heutigen Zeitpunkt rückgängig machen, falls liefert nicht das gewünschte Ergebnis) ► berichte mir auch, ob die SWH funktioniert hat, bzw ob Du das System auf einen früheren Wiederherstellungspunkt zurückstellen können? 2. Zitat:
Systemscan mit OTL Lade (falls noch nicht vorhanden) OTL von Oldtimer herunter und speichere es auf Deinem Desktop.
4. Ich würde gerne noch all deine installierten Programme sehen: Lade dir das Tool CCleaner herunter → Download installieren (Software-Lizenzvereinbarung lesen, falls angeboten wird "Füge CCleaner Yahoo! Toolbar hinzu" abwählen)→ starten→ falls nötig - unter Options settings-> "german" einstellen dann klick auf "Extra (um die installierten Programme auch anzuzeigen)→ weiter auf "Als Textdatei speichern..." wird eine Textdatei (*.txt) erstellt, kopiere dazu den Inhalt und füge ihn da ein Zitat:
** Möglichst nicht ins internet gehen, kein Online-Banking, File-sharing, Chatprogramme usw grußkira
__________________ |
|
29.09.2011, 17:01
| #3 |
| | TR/Spy.Web.H und windows-virus w32/Indus.A Hallo kira,
__________________vielen Dank für die schnelle Antwort! Die SWH hat nicht funktioniert, dann habe ich es nochmal mit dem nächstälteren Datum (auch wieder der 27.9.) versucht, was ebenfalls nicht ging. Es heißt, dass die "SWH nicht erfolgreich" war, Systemdateien und Einstellungen nicht geändert wurden. Und dass der Wiederherstellungszeitpunkt während der Wiederherstellung beschädigt oder gelöscht wurde. Nun stehen wieder 5 Wiederherstellungszeitpunkte zur Auswahl, 3 für den 28.9. und 2 für den 29.9.--dies sind die zwei ausgeführten SWHen. Unter Punkt 2. ("sollte die SWH nicht funktionieren.."), was ist da bitte mit "Verwenden der letzten als funktionierend bekannten Konfiguration" gemeint? Wenn ich das anklicke, öffnet sich ein Fenster mit den Trojaner-Board Forenregeln. Sollte ich jetzt bei Punkt 3 weitermachen? Bitte um Hilfe. Vielen Dank und viele Grüße, Juliane |
|
30.09.2011, 04:26
| #4 | |
| /// Helfer-Team | TR/Spy.Web.H und windows-virus w32/Indus.AZitat:
__________________ Warnung!: Vorsicht beim Rechnungen per Email mit ZIP-Datei als Anhang! Kann mit einen Verschlüsselungs-Trojaner infiziert sein! Anhang nicht öffnen, in unserem Forum erst nachfragen! Sichere regelmäßig deine Daten, auf CD/DVD, USB-Sticks oder externe Festplatten, am besten 2x an verschiedenen Orten! Bitte diese Warnung weitergeben, wo Du nur kannst! |
|
30.09.2011, 06:12
| #5 |
| | TR/Spy.Web.H und windows-virus w32/Indus.A genau. danke, ich werde das versuchen. |
|
30.09.2011, 15:02
| #6 |
| | TR/Spy.Web.H und windows-virus w32/Indus.A Hallo, "Verwenden der letzten als funktionierend bekannten Konfiguration" hat keine Veränderung gebracht. Hier die OTL.Txt Datei: OTL Logfile: Code:
ATTFilter OTL logfile created on: 30.09.2011 15:40:16 - Run 1
OTL by OldTimer - Version 3.2.29.1 Folder = D:\download
Windows Vista Home Premium Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
3,00 Gb Total Physical Memory | 1,68 Gb Available Physical Memory | 56,06% Memory free
6,19 Gb Paging File | 4,96 Gb Available in Paging File | 80,15% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 43,95 Gb Total Space | 1,48 Gb Free Space | 3,37% Space Free | Partition Type: NTFS
Drive D: | 246,33 Gb Total Space | 46,53 Gb Free Space | 18,89% Space Free | Partition Type: NTFS
Computer Name: JULYSLAPTOP | User Name: July | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
========== Processes (SafeList) ==========
PRC - [2011.09.30 15:39:20 | 000,582,656 | ---- | M] (OldTimer Tools) -- D:\download\OTL(1).exe
PRC - [2011.09.28 13:00:02 | 000,346,624 | -H-- | M] (NetPlay Software) -- C:\ProgramData\6DSS92c31Apgjk.exe
PRC - [2011.09.28 12:50:13 | 000,458,752 | -H-- | M] (NetPlay Software) -- C:\ProgramData\uIHokJiHsVWWMqk.exe
PRC - [2011.09.08 17:14:09 | 000,924,632 | ---- | M] (Mozilla Corporation) -- C:\Program Files\Mozilla Firefox 4.0 Beta 10\firefox.exe
PRC - [2011.09.08 17:14:07 | 000,016,856 | ---- | M] (Mozilla Corporation) -- C:\Program Files\Mozilla Firefox 4.0 Beta 10\plugin-container.exe
PRC - [2011.06.28 18:52:46 | 000,269,480 | ---- | M] (Avira GmbH) -- C:\Program Files\Avira\AntiVir Desktop\avguard.exe
PRC - [2011.05.21 20:07:20 | 000,040,960 | -H-- | M] () -- C:\Users\July\AppData\Roaming\OCS\SM\SearchAnonymizerHelper.exe
PRC - [2011.05.17 13:29:46 | 000,395,144 | ---- | M] (Ask) -- C:\Program Files\Ask.com\Updater\Updater.exe
PRC - [2011.04.29 08:23:14 | 000,136,360 | ---- | M] (Avira GmbH) -- C:\Program Files\Avira\AntiVir Desktop\sched.exe
PRC - [2010.11.21 11:49:24 | 000,247,608 | ---- | M] () -- C:\Program Files\ICQ6Toolbar\ICQ Service.exe
PRC - [2010.11.04 14:41:06 | 000,281,768 | ---- | M] (Avira GmbH) -- C:\Program Files\Avira\AntiVir Desktop\avgnt.exe
PRC - [2010.01.14 22:10:53 | 000,076,968 | ---- | M] (Avira GmbH) -- C:\Program Files\Avira\AntiVir Desktop\avshadow.exe
PRC - [2009.04.11 08:27:36 | 002,926,592 | ---- | M] (Microsoft Corporation) -- C:\Windows\explorer.exe
PRC - [2009.04.11 08:27:28 | 000,069,120 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\conime.exe
PRC - [2009.01.28 09:39:02 | 000,185,640 | ---- | M] (TeamViewer GmbH) -- C:\Program Files\TeamViewer\Version4\TeamViewer_Service.exe
PRC - [2008.10.25 11:44:34 | 000,031,072 | -H-- | M] (Microsoft Corporation) -- D:\Microsoft Office\Office12\GrooveMonitor.exe
PRC - [2008.08.27 03:02:32 | 000,708,608 | ---- | M] (Mirco-Star International CO., LTD.) -- C:\Program Files\System Control Manager\MGSysCtrl.exe
PRC - [2008.08.27 01:52:14 | 000,159,744 | ---- | M] () -- C:\Program Files\System Control Manager\MSIService.exe
PRC - [2008.07.21 02:45:06 | 000,354,840 | ---- | M] (Intel Corporation) -- C:\Program Files\Intel\Intel Matrix Storage Manager\IAANTMon.exe
PRC - [2008.07.21 02:45:06 | 000,182,808 | ---- | M] (Intel Corporation) -- C:\Program Files\Intel\Intel Matrix Storage Manager\IAAnotif.exe
PRC - [2008.07.04 11:03:18 | 000,050,952 | ---- | M] (UPEK Inc.) -- C:\Program Files\Protector Suite QL\upeksvr.exe
PRC - [2008.07.04 10:44:46 | 000,278,792 | ---- | M] (UPEK Inc.) -- C:\Program Files\Protector Suite QL\psqltray.exe
PRC - [2008.05.28 10:06:00 | 006,144,000 | ---- | M] (Realtek Semiconductor) -- C:\Windows\RtHDVCpl.exe
PRC - [2008.05.01 04:41:12 | 000,815,104 | ---- | M] (Intel(R) Corporation) -- C:\Program Files\Intel\WiFi\bin\EvtEng.exe
PRC - [2008.05.01 04:10:10 | 000,466,944 | ---- | M] (Intel(R) Corporation) -- C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe
PRC - [2008.03.03 16:05:04 | 000,959,976 | ---- | M] (Check Point Software Technologies LTD) -- C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe
PRC - [2008.03.03 16:05:02 | 000,079,400 | ---- | M] (Check Point Software Technologies LTD) -- C:\Windows\System32\ZoneLabs\vsmon.exe
PRC - [2007.09.29 01:03:46 | 000,075,136 | ---- | M] ( TOSHIBA CORPORATION) -- C:\Program Files\Toshiba\Bluetooth Toshiba Stack\ItSecMng.exe
PRC - [2006.11.02 11:44:50 | 000,016,384 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\attrib.exe
========== Modules (No Company Name) ==========
MOD - [2011.09.08 17:14:08 | 001,846,232 | ---- | M] () -- C:\Program Files\Mozilla Firefox 4.0 Beta 10\mozjs.dll
MOD - [2011.07.25 22:49:07 | 006,271,648 | ---- | M] () -- C:\Windows\System32\Macromed\Flash\NPSWF32.dll
MOD - [2008.08.25 20:47:16 | 000,192,512 | ---- | M] () -- C:\Program Files\System Control Manager\MSIWmiAcpi.dll
MOD - [2008.07.18 22:39:04 | 000,053,248 | ---- | M] () -- C:\Program Files\System Control Manager\MGKBHook.dll
MOD - [2008.06.10 16:13:00 | 000,159,744 | ---- | M] () -- C:\Windows\System32\atitmmxx.dll
MOD - [2008.03.03 16:06:04 | 000,194,032 | ---- | M] () -- C:\Windows\System32\ZoneLabs\lib\pyd\zpui.pyd
MOD - [2008.03.03 16:06:04 | 000,144,880 | ---- | M] () -- C:\Windows\System32\ZoneLabs\lib\pyd\pyexpat.pyd
MOD - [2001.08.10 15:23:14 | 000,388,608 | ---- | M] () -- C:\PROGRA~1\TEXTware\QUICKF~1\PlugIns\IEHelp.dll
========== Win32 Services (SafeList) ==========
SRV - [2011.07.05 10:25:08 | 002,428,968 | ---- | M] (mobile concepts GmbH) [On_Demand | Stopped] -- C:\Program Files\CyberGhost VPN\CGVPNCliService.exe -- (CGVPNCliSrvc)
SRV - [2011.06.28 18:52:46 | 000,269,480 | ---- | M] (Avira GmbH) [Auto | Running] -- C:\Program Files\Avira\AntiVir Desktop\avguard.exe -- (AntiVirService)
SRV - [2011.05.21 20:07:20 | 000,040,960 | -H-- | M] () [Auto | Running] -- C:\Users\July\AppData\Roaming\OCS\SM\SearchAnonymizerHelper.exe -- (SearchAnonymizer)
SRV - [2011.04.29 08:23:14 | 000,136,360 | ---- | M] (Avira GmbH) [Auto | Running] -- C:\Program Files\Avira\AntiVir Desktop\sched.exe -- (AntiVirSchedulerService)
SRV - [2010.11.21 11:49:24 | 000,247,608 | ---- | M] () [Auto | Running] -- C:\Program Files\ICQ6Toolbar\ICQ Service.exe -- (ICQ Service)
SRV - [2009.11.12 11:34:14 | 000,036,352 | ---- | M] () [On_Demand | Stopped] -- C:\Program Files\OpenVPN\bin\openvpnserv.exe -- (OpenVPNService)
SRV - [2009.01.28 09:39:02 | 000,185,640 | ---- | M] (TeamViewer GmbH) [Auto | Running] -- C:\Program Files\TeamViewer\Version4\TeamViewer_Service.exe -- (TeamViewer4)
SRV - [2008.10.25 11:44:08 | 000,065,888 | -H-- | M] (Microsoft Corporation) [On_Demand | Stopped] -- D:\Microsoft Office\Office12\GrooveAuditService.exe -- (Microsoft Office Groove Audit Service)
SRV - [2008.08.27 01:52:14 | 000,159,744 | ---- | M] () [Auto | Running] -- C:\Program Files\System Control Manager\MSIService.exe -- (Micro Star SCM)
SRV - [2008.07.21 02:45:06 | 000,354,840 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files\Intel\Intel Matrix Storage Manager\IAANTMon.exe -- (IAANTMON) Intel(R)
SRV - [2008.05.23 07:54:42 | 000,120,168 | ---- | M] (TOSHIBA CORPORATION) [Disabled | Stopped] -- C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtSrv.exe -- (TOSHIBA Bluetooth Service)
SRV - [2008.05.01 04:41:12 | 000,815,104 | ---- | M] (Intel(R) Corporation) [Auto | Running] -- C:\Program Files\Intel\WiFi\bin\EvtEng.exe -- (EvtEng)
SRV - [2008.05.01 04:10:10 | 000,466,944 | ---- | M] (Intel(R) Corporation) [Auto | Running] -- C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe -- (RegSrvc)
SRV - [2008.03.03 16:05:02 | 000,079,400 | ---- | M] (Check Point Software Technologies LTD) [Auto | Running] -- C:\Windows\System32\ZoneLabs\vsmon.exe -- (vsmon)
SRV - [2008.01.21 04:23:32 | 000,272,952 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files\Windows Defender\mpsvc.dll -- (WinDefend)
SRV - [2005.11.17 15:18:52 | 001,527,900 | ---- | M] (MAGIX®) [On_Demand | Stopped] -- C:\Program Files\MAGIX\Common\Database\bin\fbserver.exe -- (FirebirdServerMAGIXInstance)
========== Driver Services (SafeList) ==========
DRV - [2011.06.28 18:52:47 | 000,138,192 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\Windows\System32\drivers\avipbb.sys -- (avipbb)
DRV - [2011.06.28 18:52:47 | 000,066,616 | ---- | M] (Avira GmbH) [File_System | Auto | Running] -- C:\Windows\System32\drivers\avgntflt.sys -- (avgntflt)
DRV - [2011.06.02 07:47:22 | 000,136,808 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\ssadmdm.sys -- (ssadmdm)
DRV - [2011.06.02 07:47:22 | 000,121,064 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\ssadbus.sys -- (ssadbus) SAMSUNG Android USB Composite Device driver (WDM)
DRV - [2011.06.02 07:47:22 | 000,114,280 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\ssadserd.sys -- (ssadserd) SAMSUNG Android USB Diagnostic Serial Port (WDM)
DRV - [2011.06.02 07:47:22 | 000,012,776 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\ssadmdfl.sys -- (ssadmdfl) SAMSUNG Android USB Modem (Filter)
DRV - [2010.12.21 07:55:02 | 000,030,312 | ---- | M] (Google Inc) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\ssadadb.sys -- (androidusb)
DRV - [2010.10.20 14:43:08 | 000,007,680 | ---- | M] (MSI) [Kernel | On_Demand | Stopped] -- C:\Program Files\MSI\Live Update 5\NTIOLib.sys -- (NTIOLib_1_0_4)
DRV - [2010.05.10 10:44:42 | 000,025,912 | ---- | M] (Your Corporation) [Kernel | On_Demand | Stopped] -- C:\Program Files\MSI\Live Update 5\msibios32_100507.sys -- (MSI_MSIBIOS_010507)
DRV - [2010.02.25 17:51:02 | 000,025,216 | ---- | M] (The OpenVPN Project) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\tap0901.sys -- (tap0901)
DRV - [2009.05.11 10:12:49 | 000,028,520 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\Windows\System32\drivers\ssmdrv.sys -- (ssmdrv)
DRV - [2009.04.11 06:45:24 | 000,113,664 | ---- | M] (Microsoft Corporation) [Kernel | Auto | Running] -- C:\Windows\System32\drivers\rmcast.sys -- (RMCAST) RMCAST (Pgm)
DRV - [2008.08.06 10:26:00 | 000,124,928 | ---- | M] (Realtek Corporation ) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\Rtlh86.sys -- (RTL8169)
DRV - [2008.06.27 21:06:28 | 000,041,728 | ---- | M] (TOSHIBA CORPORATION) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\tosrfusb.sys -- (Tosrfusb)
DRV - [2008.06.10 18:35:00 | 003,839,488 | ---- | M] (ATI Technologies Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\atikmdag.sys -- (atikmdag)
DRV - [2008.05.14 01:16:06 | 000,064,000 | ---- | M] (TOSHIBA Corporation) [Kernel | System | Running] -- C:\Windows\System32\drivers\tosrfcom.sys -- (Tosrfcom)
DRV - [2008.04.29 11:31:00 | 000,143,328 | ---- | M] (Realtek Semiconductor Corp.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\RtHDMIV.sys -- (RTHDMIAzAudService)
DRV - [2008.04.28 15:29:26 | 003,658,752 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\NETw5v32.sys -- (NETw5v32) Intel(R)
DRV - [2008.04.27 20:07:44 | 000,909,824 | ---- | M] (Atheros Communications, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\athr.sys -- (athr)
DRV - [2008.04.24 02:15:26 | 000,131,712 | ---- | M] (TOSHIBA CORPORATION) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\tosrfbd.sys -- (tosrfbd)
DRV - [2008.04.08 16:41:34 | 000,140,832 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\USB_0064.sys -- (DVBUSB_0064_Sevice)
DRV - [2008.03.25 22:54:02 | 000,041,472 | ---- | M] (TOSHIBA Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\tosporte.sys -- (tosporte)
DRV - [2008.03.19 20:38:24 | 000,074,112 | ---- | M] (TOSHIBA Corporation.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\Tosrfhid.sys -- (Tosrfhid)
DRV - [2008.03.03 16:06:04 | 000,279,440 | ---- | M] (Check Point Software Technologies LTD) [Kernel | System | Running] -- C:\Windows\System32\drivers\vsdatant.sys -- (Vsdatant)
DRV - [2008.01.23 05:57:48 | 000,054,144 | ---- | M] (TOSHIBA Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\TosRfSnd.sys -- (TosRfSnd)
DRV - [2008.01.21 04:23:26 | 000,045,624 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\tpm.sys -- (TPM)
DRV - [2007.11.29 18:45:44 | 000,036,608 | ---- | M] (TOSHIBA Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\tosrfbnp.sys -- (tosrfbnp)
DRV - [2007.10.31 19:36:32 | 002,252,800 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\NETw4v32.sys -- (NETw4v32) Intel(R)
DRV - [2007.03.19 17:00:14 | 000,031,616 | ---- | M] () [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\RLVrtAuCbl.sys -- (ReallusionVirtualAudio)
DRV - [2005.01.07 14:42:00 | 000,018,612 | ---- | M] (TOSHIBA Corporation.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\tosrfnds.sys -- (tosrfnds)
========== Standard Registry (SafeList) ==========
========== Internet Explorer ==========
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://www.msi.com.tw
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://go.gmx.net/br/ie9_startpage
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Search_URL = hxxp://search.qip.ru
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = hxxp://search.qip.ru
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://go.gmx.net/tb/ie_startpage
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,StartPageCache = 1
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = hxxp://search.qip.ru/ie
IE - HKCU\..\URLSearchHook: - No CLSID value found
IE - HKCU\..\URLSearchHook: {855F3B16-6D32-4fe6-8A56-BBB695989046} - C:\Program Files\ICQ6Toolbar\ICQToolBar.dll (ICQ)
IE - HKCU\..\URLSearchHook: {A55F9C95-2BB1-4EA2-BC77-DFAAB78832CE} - No CLSID value found
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = <local>
========== FireFox ==========
FF - prefs.js..browser.search.defaultenginename: "ICQ Search"
FF - prefs.js..browser.search.defaulturl: "hxxp://search.icq.com/search/afe_results.php?ch_id=afex&tb_ver=1.2.9&q="
FF - prefs.js..browser.search.selectedEngine: "Google"
FF - prefs.js..browser.search.useDBForOrder: true
FF - prefs.js..browser.startup.homepage: "hxxp://www.gmx.de/"
FF - prefs.js..extensions.enabledItems: toolbar@ask.com:3.11.3.15590
FF - prefs.js..extensions.enabledItems: {d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}:1.3.3
FF - prefs.js..extensions.enabledItems: {8AA36F4F-6DC7-4c06-77AF-5035170634FE}:2010.01.21
FF - prefs.js..keyword.URL: "hxxp://search.icq.com/search/afe_results.php?ch_id=afex&tb_ver=1.3.3&q="
FF - prefs.js..network.proxy.type: 4
FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF32.dll ()
FF - HKLM\Software\MozillaPlugins\@divx.com/DivX Browser Plugin,version=1.0.0: C:\Program Files\DivX\DivX Web Player\npdivx32.dll (DivX,Inc.)
FF - HKLM\Software\MozillaPlugins\@divx.com/DivX Player Plugin,version=1.0.0: C:\Program Files\DivX\DivX Player\npDivxPlayerPlugin.dll (DivX, Inc)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files\Java\jre6\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: C:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@videolan.org/vlc,version=0.9.8a: C:\Program Files\VideoLAN\VLC\npvlc.dll (the VideoLAN Team)
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 4.0b10\extensions\\Components: C:\Program Files\Mozilla Firefox 4.0 Beta 10\components [2011.09.08 17:14:09 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 4.0b10\extensions\\Plugins: C:\Program Files\Mozilla Firefox 4.0 Beta 10\plugins
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 6.0.2\extensions\\Components: C:\Program Files\Mozilla Firefox 4.0 Beta 10\components [2011.09.08 17:14:09 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 6.0.2\extensions\\Plugins: C:\Program Files\Mozilla Firefox 4.0 Beta 10\plugins
[2009.02.07 11:32:33 | 000,000,000 | -H-D | M] (No name found) -- C:\Users\July\AppData\Roaming\mozilla\Extensions
[2011.09.28 16:56:19 | 000,000,000 | -H-D | M] (No name found) -- C:\Users\July\AppData\Roaming\mozilla\Firefox\Profiles\9dktzsce.default\extensions
[2010.04.28 16:19:18 | 000,000,000 | -H-D | M] (Microsoft .NET Framework Assistant) -- C:\Users\July\AppData\Roaming\mozilla\Firefox\Profiles\9dktzsce.default\extensions\{20a82645-c095-46ed-80e3-08825760534b}
[2011.09.27 15:48:20 | 000,000,000 | -H-D | M] ("ICQ Toolbar") -- C:\Users\July\AppData\Roaming\mozilla\Firefox\Profiles\9dktzsce.default\extensions\{800b5000-a755-47e1-992b-48a1c1357f07}
[2009.02.07 11:41:51 | 000,000,000 | -H-D | M] (Password Bank) -- C:\Users\July\AppData\Roaming\mozilla\Firefox\Profiles\9dktzsce.default\extensions\passwordbank@upek.com
[2011.09.24 11:03:40 | 000,000,000 | -H-D | M] ("Ask Toolbar") -- C:\Users\July\AppData\Roaming\mozilla\Firefox\Profiles\9dktzsce.default\extensions\toolbar@ask.com
[2011.05.31 12:25:50 | 000,010,525 | -H-- | M] () -- C:\Users\July\AppData\Roaming\Mozilla\Firefox\Profiles\9dktzsce.default\searchplugins\gmx-suche.xml
[2011.09.27 15:02:40 | 000,000,950 | -H-- | M] () -- C:\Users\July\AppData\Roaming\Mozilla\Firefox\Profiles\9dktzsce.default\searchplugins\icqplugin-1.xml
[2011.08.17 10:55:16 | 000,000,950 | -H-- | M] () -- C:\Users\July\AppData\Roaming\Mozilla\Firefox\Profiles\9dktzsce.default\searchplugins\icqplugin-2.xml
[2011.08.18 19:37:27 | 000,000,950 | -H-- | M] () -- C:\Users\July\AppData\Roaming\Mozilla\Firefox\Profiles\9dktzsce.default\searchplugins\icqplugin-3.xml
[2011.08.21 13:16:51 | 000,000,950 | -H-- | M] () -- C:\Users\July\AppData\Roaming\Mozilla\Firefox\Profiles\9dktzsce.default\searchplugins\icqplugin-4.xml
[2011.08.31 18:53:47 | 000,000,950 | -H-- | M] () -- C:\Users\July\AppData\Roaming\Mozilla\Firefox\Profiles\9dktzsce.default\searchplugins\icqplugin-5.xml
[2011.09.08 17:55:36 | 000,000,950 | -H-- | M] () -- C:\Users\July\AppData\Roaming\Mozilla\Firefox\Profiles\9dktzsce.default\searchplugins\icqplugin-6.xml
[2011.09.25 17:27:46 | 000,000,168 | -H-- | M] () -- C:\Users\July\AppData\Roaming\Mozilla\Firefox\Profiles\9dktzsce.default\searchplugins\icqplugin.gif
[2011.09.25 17:27:46 | 000,000,618 | -H-- | M] () -- C:\Users\July\AppData\Roaming\Mozilla\Firefox\Profiles\9dktzsce.default\searchplugins\icqplugin.src
[2011.06.21 23:43:44 | 000,000,950 | -H-- | M] () -- C:\Users\July\AppData\Roaming\Mozilla\Firefox\Profiles\9dktzsce.default\searchplugins\icqplugin.xml
[2010.10.13 19:59:14 | 000,002,311 | -H-- | M] () -- C:\Users\July\AppData\Roaming\Mozilla\Firefox\Profiles\9dktzsce.default\searchplugins\qipsearch.xml
[2010.10.13 19:59:14 | 000,002,182 | -H-- | M] () -- C:\Users\July\AppData\Roaming\Mozilla\Firefox\Profiles\9dktzsce.default\searchplugins\{5A4CE7A1-8CED-4F08-9BAC-10CBC768DB40}.xml
[2010.10.13 19:59:14 | 000,002,071 | -H-- | M] () -- C:\Users\July\AppData\Roaming\Mozilla\Firefox\Profiles\9dktzsce.default\searchplugins\{959DBEBF-B491-4DEB-80E6-A0D5C2F63AA3}.xml
[2010.10.13 19:59:14 | 000,001,864 | -H-- | M] () -- C:\Users\July\AppData\Roaming\Mozilla\Firefox\Profiles\9dktzsce.default\searchplugins\{E51E7004-D3FE-4846-A581-F9280F80793A}.xml
[2011.05.22 23:15:40 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\mozilla firefox\extensions
[2010.10.31 14:25:16 | 000,000,000 | ---D | M] ("Citavi Picker") -- C:\Program Files\mozilla firefox\extensions\{8AA36F4F-6DC7-4c06-77AF-5035170634FE}
() (No name found) -- C:\USERS\JULY\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\9DKTZSCE.DEFAULT\EXTENSIONS\{D10D0BF8-F5B5-C8B4-A8B2-2B9879E08C5D}.XPI
() (No name found) -- C:\USERS\JULY\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\9DKTZSCE.DEFAULT\EXTENSIONS\TOOLBAR@GMX.NET.XPI
O1 HOSTS File: ([2011.05.21 20:08:46 | 000,000,761 | ---- | M]) - C:\Windows\System32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O1 - Hosts: ::1 localhost
O2 - BHO: (Adobe PDF Reader Link Helper) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll (Adobe Systems Incorporated)
O2 - BHO: (GMX Konfiguration) - {17166733-40EA-4432-A85C-AE672FF0E236} - C:\ProgramData\1und1InternetExplorerAddon\BHOXML.dll (1&1 Mail & Media GmbH)
O2 - BHO: (no name) - {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} - No CLSID value found.
O2 - BHO: (Groove GFS Browser Helper) - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - D:\Microsoft Office\Office12\GrooveShellExtensions.dll (Microsoft Corporation)
O2 - BHO: (GMX Toolbar BHO) - {BF42D4A8-016E-4fcd-B1EB-837659FD77C6} - C:\Program Files\GMX Toolbar\IE\uitb.dll (1und1 Mail und Media GmbH)
O2 - BHO: (QUICKfind BHO Object) - {C08DF07A-3E49-4E25-9AB0-D3882835F153} - C:\PROGRA~1\TEXTware\QUICKF~1\PlugIns\IEHelp.dll ()
O2 - BHO: (Ask Toolbar) - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files\Ask.com\GenericAskToolbar.dll (Ask)
O3 - HKLM\..\Toolbar: (no name) - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - No CLSID value found.
O3 - HKLM\..\Toolbar: (ICQToolBar) - {855F3B16-6D32-4FE6-8A56-BBB695989046} - C:\Program Files\ICQ6Toolbar\ICQToolBar.dll (ICQ)
O3 - HKLM\..\Toolbar: (TerraTec Home Cinema) - {AD6E6555-FB2C-47D4-8339-3E2965509877} - C:\PROGRA~1\TerraTec\TERRAT~1\THCDES~1.DLL (TerraTec Electronic GmbH)
O3 - HKLM\..\Toolbar: (GMX Toolbar BETA 1) - {C424171E-592A-415a-9EB1-DFD6D95D3530} - C:\Program Files\GMX Toolbar\IE\uitb.dll (1und1 Mail und Media GmbH)
O3 - HKLM\..\Toolbar: (Ask Toolbar) - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files\Ask.com\GenericAskToolbar.dll (Ask)
O3 - HKCU\..\Toolbar\WebBrowser: (GMX Toolbar BETA 1) - {C424171E-592A-415A-9EB1-DFD6D95D3530} - C:\Program Files\GMX Toolbar\IE\uitb.dll (1und1 Mail und Media GmbH)
O3 - HKCU\..\Toolbar\WebBrowser: (Ask Toolbar) - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files\Ask.com\GenericAskToolbar.dll (Ask)
O4 - HKLM..\Run: [] File not found
O4 - HKLM..\Run: [ApnUpdater] C:\Program Files\Ask.com\Updater\Updater.exe (Ask)
O4 - HKLM..\Run: [avgnt] C:\Program Files\Avira\AntiVir Desktop\avgnt.exe (Avira GmbH)
O4 - HKLM..\Run: [GrooveMonitor] D:\Microsoft Office\Office12\GrooveMonitor.exe (Microsoft Corporation)
O4 - HKLM..\Run: [IAAnotif] C:\Program Files\Intel\Intel Matrix Storage Manager\iaanotif.exe (Intel Corporation)
O4 - HKLM..\Run: [ITSecMng] C:\Program Files\TOSHIBA\Bluetooth Toshiba Stack\ItSecMng.exe ( TOSHIBA CORPORATION)
O4 - HKLM..\Run: [Live Update 5] C:\Program Files\MSI\Live Update 5\LU5.exe ()
O4 - HKLM..\Run: [MGSysCtrl] C:\Program Files\System Control Manager\MGSysCtrl.exe (Mirco-Star International CO., LTD.)
O4 - HKLM..\Run: [Ocs_SM] C:\Users\July\AppData\Roaming\OCS\SM\SearchAnonymizer.exe (OCS)
O4 - HKLM..\Run: [PSQLLauncher] C:\Program Files\Protector Suite QL\launcher.exe (UPEK Inc.)
O4 - HKLM..\Run: [RtHDVCpl] C:\Windows\RtHDVCpl.exe (Realtek Semiconductor)
O4 - HKLM..\Run: [StartCCC] C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe (Advanced Micro Devices, Inc.)
O4 - HKLM..\Run: [Windows Defender] C:\Program Files\Windows Defender\MSASCui.exe (Microsoft Corporation)
O4 - HKLM..\Run: [ZoneAlarm Client] C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe (Check Point Software Technologies LTD)
O4 - HKCU..\Run: [kwlfon] rundll32 C:\Users\July\AppData\Roaming\MICROS~1\Protect\espa.kk, qjok File not found
O4 - HKCU..\Run: [uIHokJiHsVWWMqk.exe] C:\ProgramData\uIHokJiHsVWWMqk.exe (NetPlay Software)
O4 - Startup: C:\Users\July\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\dxdiag.exe ()
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: DisableCAD = 1
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O8 - Extra context menu item: Nach Microsoft E&xel exportieren - D:\Microsoft Office\Office12\EXCEL.EXE (Microsoft Corporation)
O9 - Extra Button: An OneNote senden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - D:\Microsoft Office\Office12\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : An OneNote s&enden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - D:\Microsoft Office\Office12\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra Button: ICQ7.5 - {7578ADEA-D65F-4C89-A249-B1C88B6FFC20} - C:\Program Files\ICQ7.5\ICQ.exe (ICQ, LLC.)
O9 - Extra 'Tools' menuitem : ICQ7.5 - {7578ADEA-D65F-4C89-A249-B1C88B6FFC20} - C:\Program Files\ICQ7.5\ICQ.exe (ICQ, LLC.)
O9 - Extra Button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - D:\Microsoft Office\Office12\REFIEBAR.DLL (Microsoft Corporation)
O13 - gopher Prefix: missing
O16 - DPF: {08631890-6059-4255-B37F-F23AD334D122} hxxp://epis.ewha.ac.kr:8880/EP/web/common/cabfiles/ACUBEActiveXUninstallControl.cab (ACUBEActiveXUninstallControl Control)
O16 - DPF: {1CCA7AD8-4FF3-4449-B994-FD5CD326444C} hxxp://portal.ewha.ac.kr/sso/plugins/NMPCertX.cab (NMPCertX Class)
O16 - DPF: {3D64E58D-CB55-4344-B809-CFE38F900838} hxxp://portal.ewha.ac.kr/sso/plugins/MagicLoaderX.cab (MagicLoaderX Class)
O16 - DPF: {5441F297-BB6C-4D6C-9E05-4FD14D96B605} hxxp://epis.ewha.ac.kr:8880/EP/web/common/cabfiles/IE8Tools.cab (BlockIEDevTools Class)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_26-windows-i586.cab (Java Plug-in 1.6.0_26)
O16 - DPF: {9D67EBF0-AF1A-4BCE-BAC9-C84A9383E0B3} hxxp://epis.ewha.ac.kr:8880/EP/web/common/cabfiles/UniSSOCheck.cab (SSOCheck Class)
O16 - DPF: {AD6870C0-44B7-42FB-A119-C2C6BD9CD005} hxxp://portal.ewha.ac.kr/sso/plugins/MagicPassX.cab (MagicPass Class)
O16 - DPF: {CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_07-windows-i586.cab (Java Plug-in 1.6.0_07)
O16 - DPF: {CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_26-windows-i586.cab (Java Plug-in 1.6.0_26)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_26-windows-i586.cab (Java Plug-in 1.6.0_26)
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} hxxp://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab (Shockwave Flash Object)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 203.246.162.253 164.124.101.2
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{15BE69AD-4DBE-4023-9B54-69446053DA77}: DhcpNameServer = 203.246.162.253 164.124.101.2
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{C637203B-0434-4E9D-A134-A672011AA19A}: DhcpNameServer = 192.168.1.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{D15839B7-19BA-4F02-9A0F-33F07989504C}: DhcpNameServer = 193.22.254.22
O18 - Protocol\Handler\gmx {8FAF0273-9CA8-4efc-9536-1E35E254D5CD} - C:\Program Files\GMX Toolbar\IE\uitb.dll (1und1 Mail und Media GmbH)
O18 - Protocol\Handler\grooveLocalGWS {88FED34C-F0CA-4636-A375-3CB6248B04CD} - D:\Microsoft Office\Office12\GrooveSystemServices.dll (Microsoft Corporation)
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL (Skype Technologies)
O18 - Protocol\Filter\text/xml {807563E5-5146-11D5-A672-00B0D022E945} - C:\PROGRA~1\COMMON~1\MICROS~1\OFFICE12\MSOXMLMF.DLL (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (explorer.exe) -C:\Windows\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) -C:\Windows\System32\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: GinaDLL - (vrlogon.dll) -C:\Windows\System32\vrlogon.dll (UPEK Inc.)
O20 - Winlogon\Notify\psfus: DllName - (C:\Windows\system32\psqlpwd.dll) - C:\Windows\System32\psqlpwd.dll (UPEK Inc.)
O24 - Desktop WallPaper: C:\Users\Public\Pictures\Sample Pictures\Autumn Leaves.jpg
O24 - Desktop BackupWallPaper: C:\Users\Public\Pictures\Sample Pictures\Autumn Leaves.jpg
O28 - HKLM ShellExecuteHooks: {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - D:\Microsoft Office\Office12\GrooveShellExtensions.dll (Microsoft Corporation)
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2009.03.03 13:02:11 | 000,000,057 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]
O33 - MountPoints2\{28bfba81-5345-11de-90e2-002185560a86}\Shell\AutoRun\command - "" = F:\setup.exe
O33 - MountPoints2\{4d26b746-f784-11de-8f33-002185560a86}\Shell - "" = AutoRun
O33 - MountPoints2\{4d26b746-f784-11de-8f33-002185560a86}\Shell\AutoRun\command - "" = H:\LaunchU3.exe -a
O33 - MountPoints2\{8af45932-0cd9-11e0-9e6d-002185560a86}\Shell - "" = AutoRun
O33 - MountPoints2\{8af45932-0cd9-11e0-9e6d-002185560a86}\Shell\AutoRun\command - "" = G:\LaunchU3.exe -a
O33 - MountPoints2\{9efac829-7f50-11de-8319-002185560a86}\Shell - "" = AutoRun
O33 - MountPoints2\{9efac829-7f50-11de-8319-002185560a86}\Shell\AutoRun\command - "" = G:\LaunchU3.exe -a
O33 - MountPoints2\G\Shell - "" = AutoRun
O33 - MountPoints2\G\Shell\AutoRun\command - "" = G:\LaunchU3.exe -a
O34 - HKLM BootExecute: (autocheck autochk *)
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
========== Files/Folders - Created Within 30 Days ==========
[2011.09.28 13:00:49 | 000,000,000 | -H-D | C] -- C:\Users\July\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Data Repair
[2011.09.28 13:00:02 | 000,346,624 | -H-- | C] (NetPlay Software) -- C:\ProgramData\6DSS92c31Apgjk.exe
[2011.09.28 12:51:09 | 000,458,752 | -H-- | C] (NetPlay Software) -- C:\ProgramData\uIHokJiHsVWWMqk.exe
[2011.09.21 06:04:19 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\CyberGhost VPN
[2011.09.21 06:03:35 | 000,000,000 | -H-D | C] -- C:\Users\July\AppData\Roaming\EurekaLog
[2011.09.16 09:22:21 | 000,025,216 | ---- | C] (The OpenVPN Project) -- C:\Windows\System32\drivers\tap0901.sys
[2011.09.16 09:22:15 | 000,000,000 | -H-D | C] -- C:\CyberGhost VPN
[2011.09.16 07:00:39 | 000,000,000 | -H-D | C] -- C:\Users\July\AppData\Roaming\JonDo
[2011.09.16 06:58:27 | 000,000,000 | -H-D | C] -- C:\Users\July\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\JAP
[2011.09.16 06:58:27 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\JAP
[2011.09.16 06:57:05 | 000,000,000 | ---D | C] -- C:\Program Files\JAP
[2011.09.16 06:09:51 | 000,000,000 | ---D | C] -- C:\Program Files\CyberGhost VPN
[2011.09.14 09:25:29 | 000,000,000 | ---D | C] -- C:\Program Files\DreamSecurity
[2011.09.14 09:13:44 | 000,110,592 | ---- | C] (Samsung SDS) -- C:\Windows\System32\UniSSOCheck.dll
[2011.09.14 09:13:44 | 000,000,000 | ---D | C] -- C:\Program Files\Samsung SDS
[2011.09.10 20:44:17 | 000,000,000 | -H-D | C] -- C:\Users\July\AppData\Roaming\Reallusion
[2011.09.10 20:44:17 | 000,000,000 | -H-D | C] -- D:\My Dropbox\Documents\CamSuite Gallery
[2011.09.07 16:26:51 | 000,000,000 | -H-D | C] -- C:\Users\July\.dreamsecurity
[2011.09.07 15:51:31 | 000,000,000 | -H-D | C] -- C:\ProgramData\UUdb
[2011.09.07 10:18:59 | 000,000,000 | -H-D | C] -- C:\Users\July\Desktop\course syllabus
[6 C:\Users\July\Desktop\*.tmp files -> C:\Users\July\Desktop\*.tmp -> ]
[3 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]
[1 C:\Windows\System32\drivers\*.tmp files -> C:\Windows\System32\drivers\*.tmp -> ]
========== Files - Modified Within 30 Days ==========
[2011.09.30 15:30:52 | 000,352,615 | -H-- | M] () -- C:\Windows\System32\drivers\vsconfig.xml
[2011.09.30 15:30:42 | 000,003,216 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0
[2011.09.30 15:30:42 | 000,003,216 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0
[2011.09.30 15:30:27 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2011.09.30 15:29:41 | 3220,340,736 | -HS- | M] () -- C:\hiberfil.sys
[2011.09.28 13:25:03 | 000,000,208 | -H-- | M] () -- C:\ProgramData\~6DSS92c31Apgjk
[2011.09.28 13:25:03 | 000,000,128 | -H-- | M] () -- C:\ProgramData\~6DSS92c31Apgjkr
[2011.09.28 13:08:12 | 000,626,790 | ---- | M] () -- C:\Windows\System32\perfh007.dat
[2011.09.28 13:08:12 | 000,594,224 | ---- | M] () -- C:\Windows\System32\perfh009.dat
[2011.09.28 13:08:12 | 000,126,388 | ---- | M] () -- C:\Windows\System32\perfc007.dat
[2011.09.28 13:08:12 | 000,104,038 | ---- | M] () -- C:\Windows\System32\perfc009.dat
[2011.09.28 13:06:45 | 000,000,456 | -H-- | M] () -- C:\ProgramData\6DSS92c31Apgjk
[2011.09.28 13:00:49 | 000,000,613 | -H-- | M] () -- C:\Users\July\Desktop\Data Repair.lnk
[2011.09.28 13:00:02 | 000,346,624 | -H-- | M] (NetPlay Software) -- C:\ProgramData\6DSS92c31Apgjk.exe
[2011.09.28 12:50:13 | 000,458,752 | -H-- | M] (NetPlay Software) -- C:\ProgramData\uIHokJiHsVWWMqk.exe
[2011.09.27 09:32:27 | 255,819,054 | ---- | M] () -- C:\Windows\MEMORY.DMP
[2011.09.15 10:25:00 | 000,016,896 | -H-- | M] () -- C:\Users\July\Desktop\EKLES_Form (2).hwp
[2011.09.14 08:59:52 | 000,404,640 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\System32\FlashPlayerCPLApp.cpl
[6 C:\Users\July\Desktop\*.tmp files -> C:\Users\July\Desktop\*.tmp -> ]
[3 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]
[1 C:\Windows\System32\drivers\*.tmp files -> C:\Windows\System32\drivers\*.tmp -> ]
========== Files Created - No Company Name ==========
[2011.09.28 13:25:03 | 000,000,128 | -H-- | C] () -- C:\ProgramData\~6DSS92c31Apgjkr
[2011.09.28 13:25:02 | 000,000,208 | -H-- | C] () -- C:\ProgramData\~6DSS92c31Apgjk
[2011.09.28 13:00:49 | 000,000,613 | -H-- | C] () -- C:\Users\July\Desktop\Data Repair.lnk
[2011.09.28 13:00:39 | 000,000,456 | -H-- | C] () -- C:\ProgramData\6DSS92c31Apgjk
[2011.09.28 12:57:11 | 3220,340,736 | -HS- | C] () -- C:\hiberfil.sys
[2011.09.15 11:18:49 | 000,016,896 | -H-- | C] () -- C:\Users\July\Desktop\EKLES_Form (2).hwp
[2011.06.07 11:13:38 | 000,974,848 | ---- | C] () -- C:\Windows\System32\cis-2.4.dll
[2011.06.07 11:13:38 | 000,081,920 | ---- | C] () -- C:\Windows\System32\issacapi_bs-2.3.dll
[2011.06.07 11:13:38 | 000,065,536 | ---- | C] () -- C:\Windows\System32\issacapi_pe-2.3.dll
[2011.06.07 11:13:38 | 000,057,344 | ---- | C] () -- C:\Windows\System32\issacapi_se-2.3.dll
[2011.06.07 11:13:38 | 000,030,568 | ---- | C] () -- C:\Windows\MusiccityDownload.exe
[2011.05.19 22:21:26 | 000,000,034 | ---- | C] () -- C:\Windows\cdplayer.ini
[2011.03.06 16:47:26 | 000,000,048 | -H-- | C] () -- C:\Windows\System32\ezsidmv.dat
[2011.03.05 11:28:22 | 000,000,306 | RHS- | C] () -- C:\ProgramData\ntuser.pol
[2010.05.17 12:36:53 | 000,081,920 | ---- | C] () -- C:\Windows\System32\GkSui20.EXE
[2009.11.01 19:50:05 | 000,000,680 | -H-- | C] () -- C:\Users\July\AppData\Local\d3d9caps.dat
[2009.10.20 19:50:29 | 000,117,248 | ---- | C] () -- C:\Windows\System32\EhStorAuthn.dll
[2009.10.20 19:50:29 | 000,107,612 | ---- | C] () -- C:\Windows\System32\StructuredQuerySchema.bin
[2009.02.24 07:59:53 | 000,018,904 | ---- | C] () -- C:\Windows\System32\StructuredQuerySchemaTrivial.bin
[2009.02.14 15:13:24 | 000,000,061 | ---- | C] () -- C:\Windows\TEXTware.ini
[2009.02.14 15:13:22 | 000,147,456 | ---- | C] () -- C:\Windows\System32\Twavbx32.dll
[2009.02.14 15:13:21 | 000,115,200 | ---- | C] () -- C:\Windows\System32\UnzDll.dll
[2009.02.14 15:13:21 | 000,113,288 | ---- | C] () -- C:\Windows\System32\bass.dll
[2009.02.14 15:13:21 | 000,090,112 | ---- | C] () -- C:\Windows\System32\idiom010227.dll
[2009.02.14 15:13:18 | 000,143,360 | ---- | C] () -- C:\Windows\System32\ILXTBS.DLL
[2009.02.07 17:37:26 | 000,147,456 | -H-- | C] () -- C:\Users\July\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2009.02.07 12:16:42 | 000,006,642 | ---- | C] () -- C:\Windows\mgxoschk.ini
[2009.02.07 11:32:33 | 000,000,000 | ---- | C] () -- C:\Windows\nsreg.dat
[2009.02.07 11:24:36 | 000,839,854 | ---- | C] () -- C:\ProgramData\LuUninstall.LiveUpdate
[2009.02.07 00:32:05 | 000,031,616 | ---- | C] () -- C:\Windows\System32\drivers\RLVrtAuCbl.sys
[2008.09.20 02:22:22 | 000,000,000 | ---- | C] () -- C:\Windows\tosOBEX.INI
[2008.09.19 18:43:14 | 000,000,000 | ---- | C] () -- C:\Windows\ativpsrm.bin
[2008.09.19 18:40:27 | 003,107,788 | ---- | C] () -- C:\Windows\System32\atiumdva.dat
[2008.06.10 16:13:00 | 000,159,744 | ---- | C] () -- C:\Windows\System32\atitmmxx.dll
[2008.06.10 11:50:00 | 000,174,819 | ---- | C] () -- C:\Windows\System32\atiicdxx.dat
[2008.04.08 16:41:34 | 000,140,832 | ---- | C] () -- C:\Windows\System32\drivers\USB_0064.sys
[2008.03.05 14:38:00 | 000,090,112 | ---- | C] () -- C:\Windows\System32\atibrtmon.exe
[2007.12.22 01:46:32 | 000,118,784 | ---- | C] () -- C:\Windows\System32\TosBtAcc.dll
[2006.11.02 14:57:28 | 000,067,584 | --S- | C] () -- C:\Windows\bootstat.dat
[2006.11.02 14:47:37 | 000,414,264 | ---- | C] () -- C:\Windows\System32\FNTCACHE.DAT
[2006.11.02 14:35:32 | 000,005,632 | ---- | C] () -- C:\Windows\System32\sysprepMCE.dll
[2006.11.02 12:33:01 | 000,594,224 | ---- | C] () -- C:\Windows\System32\perfh009.dat
[2006.11.02 12:33:01 | 000,287,440 | ---- | C] () -- C:\Windows\System32\perfi009.dat
[2006.11.02 12:33:01 | 000,104,038 | ---- | C] () -- C:\Windows\System32\perfc009.dat
[2006.11.02 12:33:01 | 000,030,674 | ---- | C] () -- C:\Windows\System32\perfd009.dat
[2006.11.02 12:23:21 | 000,215,943 | ---- | C] () -- C:\Windows\System32\dssec.dat
[2006.11.02 10:58:30 | 000,043,131 | ---- | C] () -- C:\Windows\mib.bin
[2006.11.02 10:19:00 | 000,000,741 | ---- | C] () -- C:\Windows\System32\NOISE.DAT
[2006.11.02 09:40:29 | 000,013,750 | ---- | C] () -- C:\Windows\System32\pacerprf.ini
[2006.11.02 09:25:31 | 000,673,088 | ---- | C] () -- C:\Windows\System32\mlang.dat
[2005.07.23 06:30:18 | 000,065,536 | ---- | C] () -- C:\Windows\System32\TosCommAPI.dll
[2002.03.05 04:53:43 | 000,290,748 | ---- | C] () -- C:\Windows\System32\perfi007.dat
[2002.03.05 04:53:42 | 000,626,790 | ---- | C] () -- C:\Windows\System32\perfh007.dat
[2002.03.05 04:53:42 | 000,126,388 | ---- | C] () -- C:\Windows\System32\perfc007.dat
[2002.03.05 04:53:42 | 000,036,916 | ---- | C] () -- C:\Windows\System32\perfd007.dat
========== LOP Check ==========
[2011.07.14 14:22:26 | 000,000,000 | -H-D | M] -- C:\Users\July\AppData\Roaming\1&1 Mail & Media GmbH
[2010.10.31 17:25:17 | 000,000,000 | -H-D | M] -- C:\Users\July\AppData\Roaming\Academic Software Zurich
[2009.12.31 23:32:10 | 000,000,000 | -H-D | M] -- C:\Users\July\AppData\Roaming\bible2.net
[2010.01.11 19:51:26 | 000,000,000 | -H-D | M] -- C:\Users\July\AppData\Roaming\Desktopicon
[2011.07.30 22:16:26 | 000,000,000 | -H-D | M] -- C:\Users\July\AppData\Roaming\Disk Cleaner
[2011.05.21 19:38:37 | 000,000,000 | -H-D | M] -- C:\Users\July\AppData\Roaming\Dropbox
[2011.08.19 12:48:15 | 000,000,000 | -H-D | M] -- C:\Users\July\AppData\Roaming\EAC
[2009.04.27 09:43:37 | 000,000,000 | -H-D | M] -- C:\Users\July\AppData\Roaming\Elluminate
[2011.09.21 06:03:35 | 000,000,000 | -H-D | M] -- C:\Users\July\AppData\Roaming\EurekaLog
[2011.09.25 14:41:10 | 000,000,000 | -H-D | M] -- C:\Users\July\AppData\Roaming\ICQ
[2010.10.13 19:38:52 | 000,000,000 | -H-D | M] -- C:\Users\July\AppData\Roaming\ICQLite
[2009.02.07 00:37:40 | 000,000,000 | -H-D | M] -- C:\Users\July\AppData\Roaming\Infineon
[2011.07.28 22:17:35 | 000,000,000 | -H-D | M] -- C:\Users\July\AppData\Roaming\IrfanView
[2011.09.16 07:08:23 | 000,000,000 | -H-D | M] -- C:\Users\July\AppData\Roaming\JonDo
[2009.03.04 13:46:08 | 000,000,000 | -H-D | M] -- C:\Users\July\AppData\Roaming\MAGIX
[2010.10.13 19:58:58 | 000,000,000 | -H-D | M] -- C:\Users\July\AppData\Roaming\OCS
[2009.02.07 13:00:51 | 000,000,000 | -H-D | M] -- C:\Users\July\AppData\Roaming\OpenOffice.org
[2010.10.13 19:59:14 | 000,000,000 | -H-D | M] -- C:\Users\July\AppData\Roaming\Opera
[2009.02.07 12:10:01 | 000,000,000 | -H-D | M] -- C:\Users\July\AppData\Roaming\Protector Suite
[2010.10.11 19:48:29 | 000,000,000 | -H-D | M] -- C:\Users\July\AppData\Roaming\QIP
[2011.07.25 18:49:27 | 000,000,000 | -H-D | M] -- C:\Users\July\AppData\Roaming\Samsung
[2009.02.07 15:46:56 | 000,000,000 | -H-D | M] -- C:\Users\July\AppData\Roaming\TeamViewer
[2009.02.09 21:09:13 | 000,000,000 | -H-D | M] -- C:\Users\July\AppData\Roaming\TerraTec
[2010.08.20 21:39:53 | 000,000,000 | -H-D | M] -- C:\Users\July\AppData\Roaming\TippKönigin
[2009.02.07 14:51:41 | 000,000,000 | -H-D | M] -- C:\Users\July\AppData\Roaming\Toolbars
[2010.05.01 22:01:36 | 000,000,000 | -H-D | M] -- C:\Users\July\AppData\Roaming\Ulead Systems
[2011.09.30 15:27:57 | 000,032,516 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT
========== Purity Check ==========
< End of report >
Hier die Extras-Datei: OTL Logfile: Code:
ATTFilter OTL Extras logfile created on: 30.09.2011 15:40:16 - Run 1
OTL by OldTimer - Version 3.2.29.1 Folder = D:\download
Windows Vista Home Premium Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
3,00 Gb Total Physical Memory | 1,68 Gb Available Physical Memory | 56,06% Memory free
6,19 Gb Paging File | 4,96 Gb Available in Paging File | 80,15% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 43,95 Gb Total Space | 1,48 Gb Free Space | 3,37% Space Free | Partition Type: NTFS
Drive D: | 246,33 Gb Total Space | 46,53 Gb Free Space | 18,89% Space Free | Partition Type: NTFS
Computer Name: JULYSLAPTOP | User Name: July | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
========== Extra Registry (SafeList) ==========
========== File Associations ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- C:\Windows\System32\control.exe (Microsoft Corporation)
.hlp [@ = hlpfile] -- C:\Windows\winhlp32.exe (Microsoft Corporation)
[HKEY_CURRENT_USER\SOFTWARE\Classes\<extension>]
.html [@ = FirefoxHTML] -- C:\Program Files\Mozilla Firefox 4.0 Beta 10\firefox.exe (Mozilla Corporation)
========== Shell Spawning ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
hlpfile [open] -- %SystemRoot%\winhlp32.exe %1 (Microsoft Corporation)
htmlfile [edit] -- "D:\Microsoft Office\Office12\msohtmed.exe" %1 (Microsoft Corporation)
htmlfile [print] -- "D:\Microsoft Office\Office12\msohtmed.exe" /p %1 (Microsoft Corporation)
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [AddToPlaylistVLC] -- C:\Program Files\VideoLAN\VLC\vlc.exe --started-from-file --playlist-enqueue "%1" ()
Directory [Browse with &IrfanView] -- "C:\Program Files\IrfanView\i_view32.exe" "%1 /thumbs" (Irfan Skiljan)
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [OneNote.Open] -- D:\MICROS~1\Office12\ONENOTE.EXE "%L" (Microsoft Corporation)
Directory [PlayWithVLC] -- C:\Program Files\VideoLAN\VLC\vlc.exe --started-from-file --no-playlist-enqueue "%1" ()
Folder [open] -- %SystemRoot%\Explorer.exe /separate,/idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /separate,/e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
========== Security Center Settings ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1
"UacDisableNotify" = 0
"InternetSettingsDisableNotify" = 0
"AutoUpdateDisableNotify" = 0
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
"DisableMonitoring" = 1
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus]
"DisableMonitoring" = 1
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall]
"DisableMonitoring" = 1
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ZoneLabsFirewall]
"DisableMonitoring" = 1
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 1
"VistaSp1" = Reg Error: Unknown registry data type -- File not found
"VistaSp2" = Reg Error: Unknown registry data type -- File not found
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]
========== Firewall Settings ==========
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"EnableFirewall" = 0
"DisableNotifications" = 0
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall" = 0
"DisableNotifications" = 0
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"EnableFirewall" = 0
"DisableNotifications" = 0
"DoNotAllowExceptions" = 0
========== Authorized Applications List ==========
========== Vista Active Open Ports Exception List ==========
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{09E6D8EE-1D57-4CFA-A93E-55D8B011F3E4}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{0E96BDC4-C384-4F9C-A786-8DB16154FCE3}" = lport=3702 | protocol=17 | dir=in | svc=fdrespub | app=%systemroot%\system32\svchost.exe |
"{48855D5F-9C20-4997-8902-E7D48A9E572A}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{581C0D46-015B-4995-AC61-2C97243A51DE}" = lport=3702 | protocol=17 | dir=in | svc=fdphost | app=%systemroot%\system32\svchost.exe |
"{597EAEE0-CCCD-499F-8479-382D903FEFCF}" = lport=6004 | protocol=17 | dir=in | app=d:\microsoft office\office12\outlook.exe |
"{7A96E5C7-3BE4-477B-9CF2-C4E8DE29BB97}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{C7F82379-F4DB-449C-B480-FF378E443D5B}" = rport=3702 | protocol=17 | dir=out | svc=fdphost | app=%systemroot%\system32\svchost.exe |
"{DC4E30C8-D931-4838-A7BA-F6B68C9DB744}" = lport=135 | protocol=6 | dir=in | svc=rpcss | app=c:\windows\system32\svchost.exe |
"{DD37841E-B67A-4F1E-A700-1592F3A5C321}" = rport=3702 | protocol=17 | dir=out | svc=fdrespub | app=%systemroot%\system32\svchost.exe |
"{FB8CB996-2361-4037-B1DB-F754A68B1A45}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe |
========== Vista Active Application Exception List ==========
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{01CD2E4A-2A47-4E71-B018-480738480B54}" = protocol=17 | dir=in | app=d:\microsoft office\office12\onenote.exe |
"{095F1158-C76F-404D-B39D-60345BF473CF}" = protocol=17 | dir=in | app=c:\windows\system32\muzapp.exe |
"{0F2084F6-1CDC-4F4A-9A7F-9C3D3D5CADC3}" = protocol=6 | dir=in | app=c:\windows\system32\plasrv.exe |
"{1962FA8E-D336-472B-8FB0-6CC509AE07D1}" = protocol=6 | dir=in | app=c:\program files\icq7.5\icq.exe |
"{28BB33C4-CEA9-4DB2-850B-F5A2B7602EEB}" = protocol=17 | dir=in | app=c:\program files\icq7.5\icq.exe |
"{2BFE529D-DB15-443C-BC0F-4BE1FEFCAD5C}" = protocol=6 | dir=in | app=c:\program files\icq7.5\icq.exe |
"{2F234946-5417-4D67-ADCF-106D37CDA941}" = protocol=6 | dir=in | app=c:\users\july\appdata\roaming\dropbox\bin\dropbox.exe |
"{365ACB67-B936-4CC1-9572-C15A9BD06D8B}" = protocol=17 | dir=in | app=c:\users\july\appdata\roaming\dropbox\bin\dropbox.exe |
"{7109B1BD-336D-4AD2-B97D-65F0251419E0}" = protocol=17 | dir=in | app=c:\program files\terratec\terratec home cinema\cinergydvr.exe |
"{72C1DD05-F754-4D2D-A68B-A5D59376F47C}" = protocol=6 | dir=in | app=c:\program files\icq7.5\icq.exe |
"{98B9BDDA-8A90-49EB-8937-EC8D731128B1}" = protocol=17 | dir=in | app=c:\program files\terratec\terratec home cinema\insttool.exe |
"{9D505DBC-B6D1-421D-BA32-555ECEC96B85}" = protocol=17 | dir=in | app=d:\microsoft office\office12\groove.exe |
"{A40743B6-6D78-4893-978E-3904CEA86F2D}" = protocol=6 | dir=in | app=c:\program files\terratec\terratec home cinema\tvtvsetup\tvtv_wizard.exe |
"{A5ED0936-6363-4025-9FA3-88FB0D1B949F}" = protocol=17 | dir=in | app=c:\program files\icq7.5\icq.exe |
"{A840F394-C630-4994-9EF1-C9289AAAA475}" = protocol=6 | dir=in | app=d:\microsoft office\office12\onenote.exe |
"{A8904B58-0900-47CB-9981-BAB6029ED5F1}" = dir=in | app=c:\program files\skype\plugin manager\skypepm.exe |
"{AB16F888-359A-4A32-9E98-A71BBAEE778E}" = protocol=6 | dir=in | app=d:\microsoft office\office12\groove.exe |
"{AF6A24E2-825E-4642-A4EF-10735ADC638A}" = protocol=17 | dir=in | app=c:\program files\icq7.5\icq.exe |
"{B2EC6567-7D00-437C-A3DF-D42B2AEFD95D}" = protocol=6 | dir=in | app=c:\windows\system32\muzapp.exe |
"{B6661B59-FE2C-419E-B0CF-90613340D301}" = protocol=6 | dir=in | app=c:\program files\terratec\terratec home cinema\cinergydvr.exe |
"{B88EAD91-30B2-4238-A9D8-EADA48CEEF00}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{C99052E1-73F6-426E-A610-72A5FD4C1D19}" = protocol=6 | dir=in | app=c:\program files\terratec\terratec home cinema\insttool.exe |
"{DECA3888-4FED-4266-8A3B-F6192AB569F0}" = protocol=17 | dir=in | app=c:\program files\terratec\terratec home cinema\tvtvsetup\tvtv_wizard.exe |
"{FF145D1C-C388-4F6A-B5DA-9AF0C0076E4F}" = protocol=6 | dir=out | svc=upnphost | app=%systemroot%\system32\svchost.exe |
"TCP Query User{D21565E6-51EC-4815-8D2B-50722B89D3F1}C:\program files\qip\qip.exe" = protocol=6 | dir=in | app=c:\program files\qip\qip.exe |
"TCP Query User{DEA72C7F-EB24-4ACC-89EC-D213B1A38454}C:\program files\terratec\terratec home cinema\versioncheck\versioncheck.exe" = protocol=6 | dir=in | app=c:\program files\terratec\terratec home cinema\versioncheck\versioncheck.exe |
"UDP Query User{B1A9E6C7-882E-4E90-970B-00D6F039F5A1}C:\program files\terratec\terratec home cinema\versioncheck\versioncheck.exe" = protocol=17 | dir=in | app=c:\program files\terratec\terratec home cinema\versioncheck\versioncheck.exe |
"UDP Query User{E16AC443-F076-4E56-93EC-45C063086DE0}C:\program files\qip\qip.exe" = protocol=17 | dir=in | app=c:\program files\qip\qip.exe |
========== HKEY_LOCAL_MACHINE Uninstall List ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{009E5DF2-3F97-480B-89DA-F2D5E672E14A}_is1" = Live Update 5
"{052FDD78-A6EA-3187-8386-C82F4CA3A929}" = Microsoft .NET Framework 3.5 Language Pack SP1 - deu
"{07690F1C-04B1-4060-9691-6748ED1826B9}" = MSI Software Install
"{0A35B15C-9CCD-4C0C-BD5B-34ABF8C95813}_is1" = ICQ 7.5 Build #5242 Banner Remover 1.1
"{0B3973ED-EB50-5888-7538-1E635CF19C75}" = CCC Help Chinese Standard
"{18D10072035C4515918F7E37EAFAACFC}" = AutoUpdate
"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
"{23B14BE4-5277-40B2-B602-3FCD456C27BC}" = Protector Suite QL 5.8
"{26921B2E-3E62-47F9-A514-1FC4A83BD738}" = Intel(R) PROSet/Wireless WiFi Software
"{26A24AE4-039D-4CA4-87B4-2F83216026FF}" = Java(TM) 6 Update 26
"{28006915-2739-4EBE-B5E8-49B25D32EB33}" = Atheros Client Installation Program
"{2892E1B7-E24D-4CCB-B8A7-B63D4B66F89F}" = BurnRecovery
"{289338AE-2213-4509-AED2-450414C1260C}_is1" = ICQ Update Patch 1.7
"{294BB21B-0091-492F-87D2-A9192DA3E448}" = System Requirements Lab for Intel
"{2D5BCDF0-663C-8319-00F1-D76CC6C354FE}" = Catalyst Control Center Graphics Previews Vista
"{3248F0A8-6813-11D6-A77B-00B0D0160070}" = Java(TM) 6 Update 7
"{389D6438-7C5C-A81D-A38B-1A82CE0F440E}" = Catalyst Control Center Localization Chinese Traditional
"{3FC7CBBC4C1E11DCA1A752EA55D89593}" = DivX Version Checker
"{415B2719-AD3A-4944-B404-C472DB6085B3}" = Cisco EAP-FAST Module
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{5335DADB-34BA-4AE8-A519-648D78498846}" = Skype™ 5.3
"{54C7B05B-DCB8-7F70-5446-CE7DF004F367}" = CCC Help Japanese
"{56C049BE-79E9-4502-BEA7-9754A3E60F9B}" = neroxml
"{5812E6DA-9954-1915-9E98-3BB11924C1A4}" = CCC Help English
"{5DA8F6CD-C70E-39D8-8430-3D9808D6BD17}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30411
"{5E222767-9BFB-BDEA-8A10-2141C0447D84}" = Catalyst Control Center Graphics Full Existing
"{5EE7D259-D137-4438-9A5F-42F432EC0421}" = VC80CRTRedist - 8.0.50727.4053
"{63B9BAB5-F36A-4A3B-9E5C-68A7F212BFB9}" = TerraTec Home Cinema
"{669C7BD8-DAA2-49B6-966C-F1E2AAE6B17E}" = Cisco PEAP Module
"{6F06E141-1106-0881-BE93-003C099E72F3}" = Catalyst Control Center Localization Chinese Standard
"{70E8EBD5-78C9-4258-B20A-5098CCA000F0}" = Dolby Control Center
"{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}" = Microsoft Visual C++ 2005 Redistributable
"{7578ADEA-D65F-4C89-A249-B1C88B6FFC20}" = ICQ7.5
"{758C8301-2696-4855-AF45-534B1200980A}" = Samsung Kies
"{7748AC8C-18E3-43BB-959B-088FAEA16FB2}" = Nero StartSmart
"{7EC19307-7C22-47A8-922B-3FA965291260}" = OpenOffice.org 3.0
"{817DE62F-5787-43BB-8877-5F81FAE5A823}" = ACUBE UniSSOTray V1.0
"{82F913E9-BBF2-B8C0-6869-C7824B883329}" = ATI Catalyst Install Manager
"{83770D14-21B9-44B3-8689-F7B523F94560}" = Cisco LEAP Module
"{86D4B82A-ABED-442A-BE86-96357B70F4FE}" = Ask Toolbar
"{8833FFB6-5B0C-4764-81AA-06DFEED9A476}" = Realtek 8169 8168 8101E 8102E Ethernet Driver
"{8ADFC4160D694100B5B8A22DE9DCABD9}" = DivX Player
"{90120000-0015-0407-0000-0000000FF1CE}" = Microsoft Office Access MUI (German) 2007
"{90120000-0015-0407-0000-0000000FF1CE}_ENTERPRISE_{9BD40163-B95D-4B07-8991-0AB775B6D88B}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0016-0407-0000-0000000FF1CE}" = Microsoft Office Excel MUI (German) 2007
"{90120000-0016-0407-0000-0000000FF1CE}_ENTERPRISE_{9BD40163-B95D-4B07-8991-0AB775B6D88B}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0018-0407-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (German) 2007
"{90120000-0018-0407-0000-0000000FF1CE}_ENTERPRISE_{9BD40163-B95D-4B07-8991-0AB775B6D88B}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0019-0407-0000-0000000FF1CE}" = Microsoft Office Publisher MUI (German) 2007
"{90120000-0019-0407-0000-0000000FF1CE}_ENTERPRISE_{9BD40163-B95D-4B07-8991-0AB775B6D88B}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-001A-0407-0000-0000000FF1CE}" = Microsoft Office Outlook MUI (German) 2007
"{90120000-001A-0407-0000-0000000FF1CE}_ENTERPRISE_{9BD40163-B95D-4B07-8991-0AB775B6D88B}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-001B-0407-0000-0000000FF1CE}" = Microsoft Office Word MUI (German) 2007
"{90120000-001B-0407-0000-0000000FF1CE}_ENTERPRISE_{9BD40163-B95D-4B07-8991-0AB775B6D88B}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-001F-0407-0000-0000000FF1CE}" = Microsoft Office Proof (German) 2007
"{90120000-001F-0407-0000-0000000FF1CE}_ENTERPRISE_{A0516415-ED61-419A-981D-93596DA74165}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2007
"{90120000-001F-0409-0000-0000000FF1CE}_ENTERPRISE_{ABDDE972-355B-4AF1-89A8-DA50B7B5C045}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2007
"{90120000-001F-040C-0000-0000000FF1CE}_ENTERPRISE_{F580DDD5-8D37-4998-968E-EBB76BB86787}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-001F-0410-0000-0000000FF1CE}" = Microsoft Office Proof (Italian) 2007
"{90120000-001F-0410-0000-0000000FF1CE}_ENTERPRISE_{322296D4-1EAE-4030-9FBC-D2787EB25FA2}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-002C-0407-0000-0000000FF1CE}" = Microsoft Office Proofing (German) 2007
"{90120000-0030-0000-0000-0000000FF1CE}" = Microsoft Office Enterprise 2007
"{90120000-0030-0000-0000-0000000FF1CE}_ENTERPRISE_{0B36C6D6-F5D8-4EAF-BF94-4376A230AD5B}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0030-0000-0000-0000000FF1CE}_ENTERPRISE_{3D019598-7B59-447A-80AE-815B703B84FF}" = Security Update for Microsoft Office system 2007 (972581)
"{90120000-0044-0407-0000-0000000FF1CE}" = Microsoft Office InfoPath MUI (German) 2007
"{90120000-0044-0407-0000-0000000FF1CE}_ENTERPRISE_{9BD40163-B95D-4B07-8991-0AB775B6D88B}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-006E-0407-0000-0000000FF1CE}" = Microsoft Office Shared MUI (German) 2007
"{90120000-006E-0407-0000-0000000FF1CE}_ENTERPRISE_{26454C26-D259-4543-AA60-3189E09C5F76}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-00A1-0407-0000-0000000FF1CE}" = Microsoft Office OneNote MUI (German) 2007
"{90120000-00A1-0407-0000-0000000FF1CE}_ENTERPRISE_{9BD40163-B95D-4B07-8991-0AB775B6D88B}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-00BA-0407-0000-0000000FF1CE}" = Microsoft Office Groove MUI (German) 2007
"{90120000-00BA-0407-0000-0000000FF1CE}_ENTERPRISE_{9BD40163-B95D-4B07-8991-0AB775B6D88B}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90140000-2005-0000-0000-0000000FF1CE}" = Microsoft Office File Validation Add-In
"{9068B2BE-D93A-4C0A-861C-5E35E2C0E09E}" = Intel® Matrix Storage Manager
"{958DD4C6-4E8C-9E32-2292-EF9FF25E5C35}" = CCC Help Chinese Traditional
"{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
"{9E4C9080-C91E-253C-B51E-A81C9B96C10C}" = Catalyst Control Center InstallProxy
"{A3BE3F1E-2472-4211-8735-E8239BE49D9F}" = Ulead Burn.Now 4.5
"{A48A1D1C-307A-46F9-983E-9762863D15F1}" = GMX Toolbar MSVC100 CRT x86
"{A72D6F6E-81DA-9BF5-E193-7CD8DC28EB62}" = Catalyst Control Center Graphics Light
"{AC76BA86-7AD7-1033-7B44-A83000000003}" = Adobe Reader 8.3.1
"{AC76BA86-7AD7-5464-3428-800000000003}" = Spelling Dictionaries Support For Adobe Reader 8
"{B2EC4A38-B545-4A00-8214-13FE0E915E6D}" = Advertising Center
"{B56195ED-11C3-7F0D-4DE4-343D3BD57F3A}" = Catalyst Control Center Core Implementation
"{B6CF2967-C81E-40C0-9815-C05774FEF120}" = Skype Toolbars
"{B7050CBDB2504B34BC2A9CA0A692CC29}" = DivX Web Player
"{B744CE83-FAB5-A833-4446-E4CF437B5E69}" = Catalyst Control Center Localization Japanese
"{BD5CA0DA-71AD-43DA-B19E-6EEE0C9ADC9A}" = Nero ControlCenter
"{C7340571-7773-4A8C-9EBC-4E4243B38C76}" = Microsoft XML Parser
"{C81A2FE0-3574-00A9-CED4-BDAA334CBE8E}" = Nero Online Upgrade
"{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1
"{CEBB6BFB-D708-4F99-A633-BC2600E01EF6}" = Bluetooth Stack for Windows by Toshiba
"{D0795B21-0CDA-4a92-AB9E-6E92D8111E44}" = SAMSUNG USB Driver for Mobile Phones
"{D1504C77-1B19-4AF0-8DEC-946666123B55}" = CrazyTalk Cam Suite
"{d4471e5a-b76c-46a8-9631-edeb581c5ba9}" = Nero 9 Lite
"{DC24971E-1946-445D-8A82-CE685433FA7D}" = Realtek USB 2.0 Card Reader
"{E105ADD3-D412-3CB1-602C-07D791FDEE88}" = Skins
"{E5E80E00-F4B9-74DD-42ED-06D1789D5E22}" = ccc-core-static
"{E8A80433-302B-4FF1-815D-FCC8EAC482FF}" = Nero Installer
"{ED9C5D25-55DF-48D8-9328-2AC0D75DE5D8}" = System Control Manager
"{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver
"{FBF8AB14-5496-C04B-C3AE-B8860BFF61F4}" = Catalyst Control Center Graphics Full New
"{FF61E4BC-A243-AEFA-0602-103943FB93E3}" = ccc-utility
"{FF66E9F6-83E7-3A3E-AF14-8DE9A809A6A4}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022
"1&1 Mail & Media GmbH 1und1InternetExplorerAddon" = GMX Internet Explorer Addon
"1&1 Mail & Media GmbH 1und1Softwareaktualisierung" = GMX Softwareaktualisierung
"1&1 Mail & Media GmbH Toolbar FF" = GMX Toolbar für Mozilla Firefox
"1&1 Mail & Media GmbH Toolbar IE8" = GMX Toolbar für Internet Explorer
"7-Zip" = 7-Zip 4.65
"Adobe Flash Player ActiveX" = Adobe Flash Player 10 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 10 Plugin
"Audiograbber" = Audiograbber 1.83 SE
"Avira AntiVir Desktop" = Avira AntiVir Personal - Free Antivirus
"Citavi" = Citavi 2.5
"CyberGhost VPN_is1" = CyberGhost VPN
"ENTERPRISE" = Microsoft Office Enterprise 2007
"Exact Audio Copy" = Exact Audio Copy 1.0beta2
"Firebird SQL Server D" = Firebird SQL Server - MAGIX Edition 2.0.0.1 (D)
"ICQToolbar" = ICQ Toolbar
"Install MAGIX Goya Base UK" = Install MAGIX Goya Base 1.0.2.0 (UK)
"InstallShield_{758C8301-2696-4855-AF45-534B1200980A}" = Samsung Kies
"InstallShield_{A3BE3F1E-2472-4211-8735-E8239BE49D9F}" = Ulead Burn.Now 4.5 SE
"IrfanView" = IrfanView (remove only)
"JAP" = JAP
"LastFM_is1" = Last.fm 1.5.4.27091
"MAGIX Foto Manager 2006 D" = MAGIX Foto Manager 2006 3.4.0.450 (D)
"MAGIX Goya Base D" = MAGIX Goya Base 1.3.1.2 (D)
"MAGIX Music Manager 2006 D" = MAGIX Music Manager 2006 7.4.0.438 (D)
"MAGIX Online Druck Service D" = MAGIX Online Druck Service 2.3.2.0 (D)
"Microsoft .NET Framework 3.5 Language Pack SP1 - deu" = Microsoft .NET Framework 3.5 Language Pack SP1 - DEU
"Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1
"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile
"Mozilla Firefox 6.0.2 (x86 de)" = Mozilla Firefox 6.0.2 (x86 de)
"OpenVPN" = OpenVPN 2.1_rc21
"Oxford Advanced Genie" = Oxford Advanced Genie
"Product_Name" = eText typeSmart
"ProInst" = Intel PROSet Wireless
"SearchAnonymizer" = SearchAnonymizer
"TeamViewer 4" = TeamViewer 4
"TippKönigin_is1" = TippKönigin 5.5
"VLC media player" = VLC media player 0.9.8a
"ZoneAlarm" = ZoneAlarm
========== HKEY_CURRENT_USER Uninstall List ==========
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"Dropbox" = Dropbox
========== Last 10 Event Log Errors ==========
[ Application Events ]
Error - 03.06.2010 12:32:11 | Computer Name = JulysLaptop | Source = Windows Search Service | ID = 3013
Description =
Error - 03.06.2010 12:32:13 | Computer Name = JulysLaptop | Source = Windows Search Service | ID = 3013
Description =
Error - 03.06.2010 12:32:14 | Computer Name = JulysLaptop | Source = Windows Search Service | ID = 3013
Description =
Error - 03.06.2010 17:13:19 | Computer Name = JulysLaptop | Source = Windows Search Service | ID = 3010
Description =
Error - 04.06.2010 02:34:04 | Computer Name = JulysLaptop | Source = Microsoft-Windows-CAPI2 | ID = 131083
Description =
Error - 04.06.2010 02:34:08 | Computer Name = JulysLaptop | Source = WinMgmt | ID = 10
Description =
Error - 04.06.2010 10:00:04 | Computer Name = JulysLaptop | Source = Microsoft-Windows-CAPI2 | ID = 131083
Description =
Error - 04.06.2010 10:00:11 | Computer Name = JulysLaptop | Source = WinMgmt | ID = 10
Description =
Error - 05.06.2010 12:09:56 | Computer Name = JulysLaptop | Source = Microsoft-Windows-CAPI2 | ID = 131083
Description =
Error - 05.06.2010 12:10:00 | Computer Name = JulysLaptop | Source = WinMgmt | ID = 10
Description =
[ OSession Events ]
Error - 03.01.2011 11:02:58 | Computer Name = JulysLaptop | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 0, Application Name: Microsoft Office Word, Application Version:
12.0.6545.5000, Microsoft Office Version: 12.0.6425.1000. This session lasted 100700
seconds with 22500 seconds of active time. This session ended with a crash.
[ System Events ]
Error - 29.09.2011 11:46:19 | Computer Name = JulysLaptop | Source = BROWSER | ID = 8032
Description =
Error - 29.09.2011 12:02:47 | Computer Name = JulysLaptop | Source = DCOM | ID = 10010
Description =
Error - 30.09.2011 09:14:03 | Computer Name = JulysLaptop | Source = Service Control Manager | ID = 7022
Description =
Error - 30.09.2011 09:17:34 | Computer Name = JulysLaptop | Source = Microsoft-Windows-LanguagePackSetup | ID = 1001
Description =
Error - 30.09.2011 09:19:36 | Computer Name = JulysLaptop | Source = volsnap | ID = 393236
Description = Die Schattenkopien von Volume "D:" wurden aufgrund von einem fehlgeschlagenen
Rechenvorgang bezüglich verfügbarem Speicher abgebrochen.
Error - 30.09.2011 09:21:01 | Computer Name = JulysLaptop | Source = Microsoft-Windows-WindowsUpdateClient | ID = 20
Description =
Error - 30.09.2011 09:21:15 | Computer Name = JulysLaptop | Source = Microsoft-Windows-WindowsUpdateClient | ID = 20
Description =
Error - 30.09.2011 09:23:36 | Computer Name = JulysLaptop | Source = Microsoft-Windows-WindowsUpdateClient | ID = 20
Description =
Error - 30.09.2011 09:36:20 | Computer Name = JulysLaptop | Source = Service Control Manager | ID = 7022
Description =
Error - 30.09.2011 09:38:56 | Computer Name = JulysLaptop | Source = Microsoft-Windows-LanguagePackSetup | ID = 1001
Description =
< End of report >
Hier die Datei des CC-Cleaners: Code:
ATTFilter 7-Zip 4.65 06.02.2009 3,13MB
ACUBE UniSSOTray V1.0 13.09.2011 0,74MB
Adobe Flash Player 10 ActiveX Adobe Systems Incorporated 13.09.2011 10.3.183.7
Adobe Flash Player 10 Plugin Adobe Systems Incorporated 24.07.2011 10.3.181.34
Adobe Reader 8.3.1 Adobe Systems Incorporated 20.09.2011 87,2MB 8.3.1
Ask Toolbar Ask.com 13.06.2011 2,30MB 1.12.2.0
Atheros Client Installation Program Atheros 21.09.2008 10,0MB 7.0
ATI Catalyst Install Manager ATI Technologies, Inc. 18.09.2008 13,7MB 3.0.682.0
Audiograbber 1.83 SE Audiograbber Deutschland 07.02.2009 1.83 SE
Avira AntiVir Personal - Free Antivirus Avira GmbH 09.08.2011 118,6MB 10.2.0.700
Bluetooth Stack for Windows by Toshiba TOSHIBA CORPORATION 18.09.2008 57,6MB v6.00.11
BurnRecovery MSI 18.09.2008 26,5MB 1.0.0.00610
CCleaner Piriform 29.09.2011 4,07MB 3.11
Cisco EAP-FAST Module Cisco Systems, Inc. 21.09.2008 1,04MB 2.1.6
Cisco LEAP Module Cisco Systems, Inc. 21.09.2008 1,04MB 1.0.12
Cisco PEAP Module Cisco Systems, Inc. 21.09.2008 0,85MB 1.0.13
Citavi 2.5 Academic Software Zurich 30.10.2010 59,3MB 2.5.2.0
CrazyTalk Cam Suite Reallusion 05.02.2009 40,8MB 2.0
CyberGhost VPN CyberGhost S.R.L. 20.09.2011 59,7MB
DivX Player DivX, Inc. 28.02.2010 8,43MB 7.2.0
DivX Web Player DivX,Inc. 28.02.2010 2,83MB 1.5.0
Dolby Control Center Dolby 18.09.2008 75,5MB 1.1.0601
Dropbox 27.10.2010 24,0MB 0.7.110
eText typeSmart 02.03.2009 10,4MB
Exact Audio Copy 1.0beta2 Andre Wiethoff 18.08.2011 15,4MB 1.0beta2
Firebird SQL Server - MAGIX Edition 2.0.0.1 (D) MAGIX AG 06.02.2009 6,29MB 2.0.0.1
GMX Internet Explorer Addon 1&1 Mail & Media GmbH 11.05.2011 0,50MB 1.0.1.0
GMX Softwareaktualisierung 1&1 Mail & Media GmbH 02.08.2011 1,44MB 2.0.1.9
GMX Toolbar für Internet Explorer 1&1 Mail & Media GmbH 06.09.2011 2,30MB 1.6.6.1
GMX Toolbar für Mozilla Firefox 1&1 Mail & Media GmbH 30.05.2011 2,30MB 1.5.5.0
ICQ 7.5 Build #5242 Banner Remover 1.1 murb.com 20.05.2011 1,55MB
ICQ Toolbar ICQ 20.05.2011 3.0.0
ICQ Update Patch 1.7 murb.com 12.10.2010 0,81MB
ICQ7.5 ICQ 20.05.2011 33,4MB 7.5
Install MAGIX Goya Base 1.0.2.0 (UK) MAGIX AG 06.02.2009 943MB 1.0.2.0
Intel(R) PROSet/Wireless WiFi Software Intel(R) Corporation 21.09.2008 78,3MB 12.00.0004
Intel® Matrix Storage Manager Intel Corporation 06.02.2009 9,74MB
IrfanView (remove only) 17.02.2009 10,3MB
JAP JAP-Team 15.09.2011 11,8MB 00.15.001
Java(TM) 6 Update 26 Oracle 27.07.2011 94,9MB 6.0.260
Java(TM) 6 Update 7 Sun Microsystems, Inc. 06.02.2009 138,0MB 1.6.0.70
Last.fm 1.5.4.27091 Last.fm 28.10.2010 18,4MB
Live Update 5 MSI 24.07.2011 16,9MB 5.0.064
MAGIX Foto Manager 2006 3.4.0.450 (D) MAGIX AG 06.02.2009 79,1MB 3.4.0.450
MAGIX Goya Base 1.3.1.2 (D) MAGIX AG 06.02.2009 170,3MB 1.3.1.2
MAGIX Music Manager 2006 7.4.0.438 (D) MAGIX AG 06.02.2009 86,5MB 7.4.0.438
MAGIX Online Druck Service 2.3.2.0 (D) MAGIX AG 06.02.2009 9,30MB 2.3.2.0
Microsoft .NET Framework 3.5 Language Pack SP1 - DEU Microsoft Corporation 24.02.2009 37,0MB
Microsoft .NET Framework 3.5 SP1 Microsoft Corporation 16.02.2009 37,0MB
Microsoft .NET Framework 4 Client Profile Microsoft Corporation 25.06.2010 120,3MB 4.0.30319
Microsoft Office Enterprise 2007 Microsoft Corporation 15.07.2010 639MB 12.0.6425.1000
Microsoft Office File Validation Add-In Microsoft Corporation 14.09.2011 7,92MB 14.0.5130.5003
Microsoft Visual C++ 2005 Redistributable Microsoft Corporation 16.06.2011 0,29MB 8.0.61001
Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022 Microsoft Corporation 30.10.2010 1,41MB 9.0.21022
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30411 Microsoft Corporation 13.07.2010 1,46MB 9.0.30411
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 Microsoft Corporation 08.05.2010 0,58MB 9.0.30729.4148
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 Microsoft Corporation 16.06.2011 0,58MB 9.0.30729.6161
Mozilla Firefox 6.0.2 (x86 de) Mozilla 07.09.2011 34,4MB 6.0.2
MSI Software Install MSI 18.09.2008 2,07MB 1.0.8.0630
MSXML 4.0 SP2 (KB941833) Microsoft Corporation 06.02.2009 34,00KB 4.20.9849.0
MSXML 4.0 SP2 (KB954430) Microsoft Corporation 06.02.2009 1,28MB 4.20.9870.0
MSXML 4.0 SP2 (KB973688) Microsoft Corporation 24.11.2009 1,34MB 4.20.9876.0
Nero 9 Lite Nero AG 30.04.2010 9,48MB
OpenOffice.org 3.0 OpenOffice.org 06.02.2009 348MB 3.0.9379
OpenVPN 2.1_rc21 01.11.2010 3,91MB 2.1_rc21
Oxford Advanced Genie 13.02.2009 245MB
Protector Suite QL 5.8 UPEK Inc. 18.09.2008 71,2MB 5.8.2.4489
Realtek 8169 8168 8101E 8102E Ethernet Driver Realtek 18.09.2008 1,62MB 1.00.0000
Realtek High Definition Audio Driver Realtek Semiconductor Corp. 18.09.2008 26,0MB 6.0.1.5636
Realtek USB 2.0 Card Reader Realtek Semiconductor Corp. 18.09.2008 4,00MB
Samsung Kies Samsung Electronics Co., Ltd. 24.07.2011 176,9MB 2.0.1.11053_99
SAMSUNG USB Driver for Mobile Phones SAMSUNG Electronics Co., Ltd. 24.07.2011 37,1MB 1.3.2410.0
SearchAnonymizer 12.10.2010 0,21MB 1.0.1 (de)
Skype Toolbars Skype Technologies S.A. 21.05.2011 5,72MB 5.3.7280
Skype™ 5.3 Skype Technologies S.A. 21.05.2011 22,6MB 5.3.111
Spelling Dictionaries Support For Adobe Reader 8 Adobe Systems 26.10.2010 32,5MB 8.0.0
System Control Manager 18.09.2008 4,17MB 2.0208.0826.001.05
System Requirements Lab for Intel Husdawg, LLC 08.01.2011 0,87MB 4.3.16.0
TeamViewer 4 TeamViewer GmbH 06.02.2009 4,76MB
TerraTec Home Cinema 13.03.2011 74,6MB 6.20.4
TippKönigin 5.5 Giletech e.K. 19.08.2010 5,24MB
Ulead Burn.Now 4.5 SE InterVideo Digital Technology Corporation 05.02.2009 55,3MB 4.5.0
VLC media player 0.9.8a VideoLAN Team 06.02.2009 60,6MB 0.9.8a
ZoneAlarm Check Point, Inc 06.02.2009 10,6MB 7.1.254.000
Schöne Grüße, Juliane Geändert von julianes (30.09.2011 um 15:17 Uhr) |
|
01.10.2011, 06:49
| #7 | ||||
| /// Helfer-Team | TR/Spy.Web.H und windows-virus w32/Indus.A 1. Deinstalliere unter `Start→ Systemsteuereung→ Ändern/Entfernen...` Code:
ATTFilter Ask Toolbar - Adware -Toolbar Immer die benutzerdefinierte Installation wählen, nicht die Standardinstallation, weil dann oft Sachen mitinstalliert werden, die man nicht braucht oder nicht möchte. Bei Installation die Lizenzbestimmungen immer lesen, und nicht sofort überall den Haken setzen, weil damit stimmt man nämlich zu, dass Adware (Werbe-Pop-ups) durch Partnerprogrammen, Sponsoren etc - mitinstalliert wird, weil sich Freeware damit finanziert. in diese Kategorie gehören noch einige, wie z.B: -> Unerwünschte Toolbars deinstallieren 2. Benötigst unbedingt? wenn nicht deinstalliere: Zitat:
Zitat:
Aufgrund alter Sicherheitslücken ist Java sehr anfällig, deinstalliere zunächst: → Systemsteuerung → Software → deinstallieren... Zitat:
Mache bitte ein Rechtsklick auf den AntiVir-Schirm in der Taskleiste → AntiVir starten → Übersicht → Ereignisse jeden Fund markieren → Rechtsklick auf Funde → Ereignis(se) exportieren und als Ereignisse.txt auf dem Desktop speichern und den Inhalt hier posten. 5. erneut einen Scan mit OTL:
Zitat:
__________________ Warnung!: Vorsicht beim Rechnungen per Email mit ZIP-Datei als Anhang! Kann mit einen Verschlüsselungs-Trojaner infiziert sein! Anhang nicht öffnen, in unserem Forum erst nachfragen! Sichere regelmäßig deine Daten, auf CD/DVD, USB-Sticks oder externe Festplatten, am besten 2x an verschiedenen Orten! Bitte diese Warnung weitergeben, wo Du nur kannst! |
|
02.10.2011, 16:28
| #8 |
| | TR/Spy.Web.H und windows-virus w32/Indus.A Hallo, danke für die Antwort! Habe alle Schritte umgesetzt. Habe gerade zwei neue Virus-Meldungen von Avira reinbekommen: "In der Datei C:\ProgramData\ulHokJiHsVWWMqk.exe wurde ein Virus oder unerwünschtes Programm TR/FakeAV.kcn gefunden" sowie "...in ...C:\ProgramData\6DSS92c31Apgjk.exe .... wurde TR/Sisproc.A.1384" Sie befinden sich jetzt in Quarantäne. Hier die Datei mit den Avira-Funden: Code:
ATTFilter Exportierte Ereignisse:
02.10.2011 17:28 [Scanner] Suchlauf
Suchlauf beendet [Der Suchlauf wurde vollständig durchgeführt.].
Anzahl Dateien: 565
Anzahl Verzeichnisse: 0
Anzahl Malware: 3
Anzahl Warnungen: 2
02.10.2011 17:28 [Guard] Malware gefunden
In der Datei 'C:\Users\July\AppData\Roaming\Microsoft\Windows\Start
Menu\Programs\Startup\dxdiag.exe'
wurde ein Virus oder unerwünschtes Programm 'TR/Gendal.kdv.362122' [trojan]
gefunden.
Ausgeführte Aktion: Zugriff verweigern
02.10.2011 17:28 [Guard] Malware gefunden
In der Datei 'C:\ProgramData\uIHokJiHsVWWMqk.exe'
wurde ein Virus oder unerwünschtes Programm 'TR/FakeAV.kcn' [trojan] gefunden.
Ausgeführte Aktion: Zugriff verweigern
02.10.2011 17:28 [Guard] Malware gefunden
In der Datei 'C:\Users\July\AppData\Roaming\Microsoft\Windows\Start
Menu\Programs\Startup\dxdiag.exe'
wurde ein Virus oder unerwünschtes Programm 'TR/Gendal.kdv.362122' [trojan]
gefunden.
Ausgeführte Aktion: Zugriff verweigern
02.10.2011 17:28 [Guard] Malware gefunden
In der Datei 'C:\ProgramData\uIHokJiHsVWWMqk.exe'
wurde ein Virus oder unerwünschtes Programm 'TR/FakeAV.kcn' [trojan] gefunden.
Ausgeführte Aktion: Zugriff verweigern
02.10.2011 17:28 [Guard] Malware gefunden
In der Datei 'C:\ProgramData\6DSS92c31Apgjk.exe'
wurde ein Virus oder unerwünschtes Programm 'TR/Sisproc.A.1384' [trojan]
gefunden.
Ausgeführte Aktion: Zugriff verweigern
02.10.2011 17:28 [Guard] Malware gefunden
In der Datei 'C:\ProgramData\uIHokJiHsVWWMqk.exe'
wurde ein Virus oder unerwünschtes Programm 'TR/FakeAV.kcn' [trojan] gefunden.
Ausgeführte Aktion: Zugriff verweigern
02.10.2011 17:28 [Guard] Malware gefunden
In der Datei 'C:\ProgramData\6DSS92c31Apgjk.exe'
wurde ein Virus oder unerwünschtes Programm 'TR/Sisproc.A.1384' [trojan]
gefunden.
Ausgeführte Aktion: Zugriff verweigern
02.10.2011 17:28 [Guard] Malware gefunden
In der Datei 'C:\ProgramData\6DSS92c31Apgjk.exe'
wurde ein Virus oder unerwünschtes Programm 'TR/Sisproc.A.1384' [trojan]
gefunden.
Ausgeführte Aktion: Zugriff verweigern
02.10.2011 17:28 [Guard] Malware gefunden
In der Datei 'C:\ProgramData\6DSS92c31Apgjk.exe'
wurde ein Virus oder unerwünschtes Programm 'TR/Sisproc.A.1384' [trojan]
gefunden.
Ausgeführte Aktion: Zugriff verweigern
02.10.2011 17:27 [Guard] Malware gefunden
In der Datei 'C:\Users\July\AppData\Roaming\Microsoft\Windows\Start
Menu\Programs\Startup\dxdiag.exe'
wurde ein Virus oder unerwünschtes Programm 'TR/Gendal.kdv.362122' [trojan]
gefunden.
Ausgeführte Aktion: Zugriff erlauben
02.10.2011 17:27 [Guard] Malware gefunden
In der Datei 'C:\ProgramData\6DSS92c31Apgjk.exe'
wurde ein Virus oder unerwünschtes Programm 'TR/Sisproc.A.1384' [trojan]
gefunden.
Ausgeführte Aktion: Zugriff verweigern
02.10.2011 17:27 [Scanner] Malware gefunden
Die Datei 'C:\Users\July\AppData\Roaming\Microsoft\Windows\Start
Menu\Programs\Startup\dxdiag.exe'
enthielt einen Virus oder unerwünschtes Programm 'TR/Gendal.kdv.362122'
[trojan].
Durchgeführte Aktion(en):
Der Registrierungseintrag
<HKEY_USERS\S-1-5-21-676453965-3675783069-989077462-1000\Software\Microsoft\Wind
ows\CurrentVersion\Explorer\Shell Folders\Startup> wurde erfolgreich repariert.
Die Datei wurde ins Quarantäneverzeichnis unter dem Namen '4af221fc.qua'
verschoben!
02.10.2011 17:27 [Guard] Malware gefunden
In der Datei 'C:\ProgramData\6DSS92c31Apgjk.exe'
wurde ein Virus oder unerwünschtes Programm 'TR/Sisproc.A.1384' [trojan]
gefunden.
Ausgeführte Aktion: Zugriff verweigern
02.10.2011 17:27 [Guard] Malware gefunden
In der Datei 'C:\ProgramData\uIHokJiHsVWWMqk.exe'
wurde ein Virus oder unerwünschtes Programm 'TR/FakeAV.kcn' [trojan] gefunden.
Ausgeführte Aktion: Zugriff verweigern
02.10.2011 17:27 [Guard] Malware gefunden
In der Datei 'C:\ProgramData\uIHokJiHsVWWMqk.exe'
wurde ein Virus oder unerwünschtes Programm 'TR/FakeAV.kcn' [trojan] gefunden.
Ausgeführte Aktion: Zugriff verweigern
02.10.2011 17:27 [Guard] Malware gefunden
In der Datei 'C:\ProgramData\6DSS92c31Apgjk.exe'
wurde ein Virus oder unerwünschtes Programm 'TR/Sisproc.A.1384' [trojan]
gefunden.
Ausgeführte Aktion: Zugriff verweigern
02.10.2011 17:27 [Guard] Malware gefunden
In der Datei 'C:\Users\July\AppData\Roaming\Microsoft\Windows\Start
Menu\Programs\Startup\dxdiag.exe'
wurde ein Virus oder unerwünschtes Programm 'TR/Gendal.kdv.362122' [trojan]
gefunden.
Ausgeführte Aktion: Zugriff verweigern
02.10.2011 17:27 [Guard] Malware gefunden
In der Datei 'C:\Users\July\AppData\Roaming\Microsoft\Windows\Start
Menu\Programs\Startup\dxdiag.exe'
wurde ein Virus oder unerwünschtes Programm 'TR/Gendal.kdv.362122' [trojan]
gefunden.
Ausgeführte Aktion: Zugriff verweigern
02.10.2011 17:27 [Guard] Malware gefunden
In der Datei 'C:\ProgramData\uIHokJiHsVWWMqk.exe'
wurde ein Virus oder unerwünschtes Programm 'TR/FakeAV.kcn' [trojan] gefunden.
Ausgeführte Aktion: Zugriff verweigern
02.10.2011 17:27 [Guard] Malware gefunden
In der Datei 'C:\ProgramData\6DSS92c31Apgjk.exe'
wurde ein Virus oder unerwünschtes Programm 'TR/Sisproc.A.1384' [trojan]
gefunden.
Ausgeführte Aktion: Zugriff verweigern
02.10.2011 17:27 [Guard] Malware gefunden
In der Datei 'C:\ProgramData\uIHokJiHsVWWMqk.exe'
wurde ein Virus oder unerwünschtes Programm 'TR/FakeAV.kcn' [trojan] gefunden.
Ausgeführte Aktion: Zugriff verweigern
02.10.2011 17:27 [Guard] Malware gefunden
In der Datei 'C:\ProgramData\6DSS92c31Apgjk.exe'
wurde ein Virus oder unerwünschtes Programm 'TR/Sisproc.A.1384' [trojan]
gefunden.
Ausgeführte Aktion: Zugriff verweigern
02.10.2011 17:27 [Guard] Malware gefunden
In der Datei 'C:\ProgramData\6DSS92c31Apgjk.exe'
wurde ein Virus oder unerwünschtes Programm 'TR/Sisproc.A.1384' [trojan]
gefunden.
Ausgeführte Aktion: Zugriff verweigern
02.10.2011 17:27 [Guard] Malware gefunden
In der Datei 'C:\ProgramData\6DSS92c31Apgjk.exe'
wurde ein Virus oder unerwünschtes Programm 'TR/Sisproc.A.1384' [trojan]
gefunden.
Ausgeführte Aktion: Zugriff verweigern
02.10.2011 17:27 [Guard] Malware gefunden
In der Datei 'C:\ProgramData\6DSS92c31Apgjk.exe'
wurde ein Virus oder unerwünschtes Programm 'TR/Sisproc.A.1384' [trojan]
gefunden.
Ausgeführte Aktion: Zugriff verweigern
02.10.2011 17:27 [Guard] Malware gefunden
In der Datei 'C:\ProgramData\6DSS92c31Apgjk.exe'
wurde ein Virus oder unerwünschtes Programm 'TR/Sisproc.A.1384' [trojan]
gefunden.
Ausgeführte Aktion: Zugriff verweigern
02.10.2011 17:27 [Guard] Malware gefunden
In der Datei 'C:\ProgramData\uIHokJiHsVWWMqk.exe'
wurde ein Virus oder unerwünschtes Programm 'TR/FakeAV.kcn' [trojan] gefunden.
Ausgeführte Aktion: Zugriff verweigern
02.10.2011 17:27 [Guard] Malware gefunden
In der Datei 'C:\ProgramData\uIHokJiHsVWWMqk.exe'
wurde ein Virus oder unerwünschtes Programm 'TR/FakeAV.kcn' [trojan] gefunden.
Ausgeführte Aktion: Zugriff verweigern
02.10.2011 17:27 [Guard] Malware gefunden
In der Datei 'C:\ProgramData\6DSS92c31Apgjk.exe'
wurde ein Virus oder unerwünschtes Programm 'TR/Sisproc.A.1384' [trojan]
gefunden.
Ausgeführte Aktion: Zugriff verweigern
02.10.2011 17:26 [Guard] Malware gefunden
In der Datei 'C:\ProgramData\6DSS92c31Apgjk.exe'
wurde ein Virus oder unerwünschtes Programm 'TR/Sisproc.A.1384' [trojan]
gefunden.
Ausgeführte Aktion: Zugriff verweigern
02.10.2011 17:26 [Guard] Malware gefunden
In der Datei 'C:\ProgramData\6DSS92c31Apgjk.exe'
wurde ein Virus oder unerwünschtes Programm 'TR/Sisproc.A.1384' [trojan]
gefunden.
Ausgeführte Aktion: Zugriff verweigern
02.10.2011 17:26 [Guard] Malware gefunden
In der Datei 'C:\ProgramData\6DSS92c31Apgjk.exe'
wurde ein Virus oder unerwünschtes Programm 'TR/Sisproc.A.1384' [trojan]
gefunden.
Ausgeführte Aktion: Zugriff verweigern
02.10.2011 17:26 [Guard] Malware gefunden
In der Datei 'C:\Users\July\AppData\Roaming\Microsoft\Windows\Start
Menu\Programs\Startup\dxdiag.exe'
wurde ein Virus oder unerwünschtes Programm 'TR/Gendal.kdv.362122' [trojan]
gefunden.
Ausgeführte Aktion: Zugriff verweigern
02.10.2011 17:17 [Guard] Malware gefunden
In der Datei 'C:\ProgramData\uIHokJiHsVWWMqk.exe'
wurde ein Virus oder unerwünschtes Programm 'TR/FakeAV.kcn' [trojan] gefunden.
Ausgeführte Aktion: Zugriff verweigern
02.10.2011 17:16 [Guard] Malware gefunden
In der Datei 'C:\ProgramData\6DSS92c31Apgjk.exe'
wurde ein Virus oder unerwünschtes Programm 'TR/Sisproc.A.1384' [trojan]
gefunden.
Ausgeführte Aktion: Zugriff verweigern
02.10.2011 17:16 [Guard] Malware gefunden
In der Datei 'C:\ProgramData\uIHokJiHsVWWMqk.exe'
wurde ein Virus oder unerwünschtes Programm 'TR/FakeAV.kcn' [trojan] gefunden.
Ausgeführte Aktion: Zugriff verweigern
02.10.2011 17:07 [Guard] Malware gefunden
In der Datei 'C:\ProgramData\uIHokJiHsVWWMqk.exe'
wurde ein Virus oder unerwünschtes Programm 'TR/FakeAV.kcn' [trojan] gefunden.
Ausgeführte Aktion: Zugriff verweigern
OTL Logfile: Code:
ATTFilter OTL logfile created on: 30.09.2011 15:40:16 - Run 1
OTL by OldTimer - Version 3.2.29.1 Folder = D:\download
Windows Vista Home Premium Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
3,00 Gb Total Physical Memory | 1,68 Gb Available Physical Memory | 56,06% Memory free
6,19 Gb Paging File | 4,96 Gb Available in Paging File | 80,15% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 43,95 Gb Total Space | 1,48 Gb Free Space | 3,37% Space Free | Partition Type: NTFS
Drive D: | 246,33 Gb Total Space | 46,53 Gb Free Space | 18,89% Space Free | Partition Type: NTFS
Computer Name: JULYSLAPTOP | User Name: July | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
========== Processes (SafeList) ==========
PRC - [2011.09.30 15:39:20 | 000,582,656 | ---- | M] (OldTimer Tools) -- D:\download\OTL(1).exe
PRC - [2011.09.28 13:00:02 | 000,346,624 | -H-- | M] (NetPlay Software) -- C:\ProgramData\6DSS92c31Apgjk.exe
PRC - [2011.09.28 12:50:13 | 000,458,752 | -H-- | M] (NetPlay Software) -- C:\ProgramData\uIHokJiHsVWWMqk.exe
PRC - [2011.09.08 17:14:09 | 000,924,632 | ---- | M] (Mozilla Corporation) -- C:\Program Files\Mozilla Firefox 4.0 Beta 10\firefox.exe
PRC - [2011.09.08 17:14:07 | 000,016,856 | ---- | M] (Mozilla Corporation) -- C:\Program Files\Mozilla Firefox 4.0 Beta 10\plugin-container.exe
PRC - [2011.06.28 18:52:46 | 000,269,480 | ---- | M] (Avira GmbH) -- C:\Program Files\Avira\AntiVir Desktop\avguard.exe
PRC - [2011.05.21 20:07:20 | 000,040,960 | -H-- | M] () -- C:\Users\July\AppData\Roaming\OCS\SM\SearchAnonymizerHelper.exe
PRC - [2011.05.17 13:29:46 | 000,395,144 | ---- | M] (Ask) -- C:\Program Files\Ask.com\Updater\Updater.exe
PRC - [2011.04.29 08:23:14 | 000,136,360 | ---- | M] (Avira GmbH) -- C:\Program Files\Avira\AntiVir Desktop\sched.exe
PRC - [2010.11.21 11:49:24 | 000,247,608 | ---- | M] () -- C:\Program Files\ICQ6Toolbar\ICQ Service.exe
PRC - [2010.11.04 14:41:06 | 000,281,768 | ---- | M] (Avira GmbH) -- C:\Program Files\Avira\AntiVir Desktop\avgnt.exe
PRC - [2010.01.14 22:10:53 | 000,076,968 | ---- | M] (Avira GmbH) -- C:\Program Files\Avira\AntiVir Desktop\avshadow.exe
PRC - [2009.04.11 08:27:36 | 002,926,592 | ---- | M] (Microsoft Corporation) -- C:\Windows\explorer.exe
PRC - [2009.04.11 08:27:28 | 000,069,120 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\conime.exe
PRC - [2009.01.28 09:39:02 | 000,185,640 | ---- | M] (TeamViewer GmbH) -- C:\Program Files\TeamViewer\Version4\TeamViewer_Service.exe
PRC - [2008.10.25 11:44:34 | 000,031,072 | -H-- | M] (Microsoft Corporation) -- D:\Microsoft Office\Office12\GrooveMonitor.exe
PRC - [2008.08.27 03:02:32 | 000,708,608 | ---- | M] (Mirco-Star International CO., LTD.) -- C:\Program Files\System Control Manager\MGSysCtrl.exe
PRC - [2008.08.27 01:52:14 | 000,159,744 | ---- | M] () -- C:\Program Files\System Control Manager\MSIService.exe
PRC - [2008.07.21 02:45:06 | 000,354,840 | ---- | M] (Intel Corporation) -- C:\Program Files\Intel\Intel Matrix Storage Manager\IAANTMon.exe
PRC - [2008.07.21 02:45:06 | 000,182,808 | ---- | M] (Intel Corporation) -- C:\Program Files\Intel\Intel Matrix Storage Manager\IAAnotif.exe
PRC - [2008.07.04 11:03:18 | 000,050,952 | ---- | M] (UPEK Inc.) -- C:\Program Files\Protector Suite QL\upeksvr.exe
PRC - [2008.07.04 10:44:46 | 000,278,792 | ---- | M] (UPEK Inc.) -- C:\Program Files\Protector Suite QL\psqltray.exe
PRC - [2008.05.28 10:06:00 | 006,144,000 | ---- | M] (Realtek Semiconductor) -- C:\Windows\RtHDVCpl.exe
PRC - [2008.05.01 04:41:12 | 000,815,104 | ---- | M] (Intel(R) Corporation) -- C:\Program Files\Intel\WiFi\bin\EvtEng.exe
PRC - [2008.05.01 04:10:10 | 000,466,944 | ---- | M] (Intel(R) Corporation) -- C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe
PRC - [2008.03.03 16:05:04 | 000,959,976 | ---- | M] (Check Point Software Technologies LTD) -- C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe
PRC - [2008.03.03 16:05:02 | 000,079,400 | ---- | M] (Check Point Software Technologies LTD) -- C:\Windows\System32\ZoneLabs\vsmon.exe
PRC - [2007.09.29 01:03:46 | 000,075,136 | ---- | M] ( TOSHIBA CORPORATION) -- C:\Program Files\Toshiba\Bluetooth Toshiba Stack\ItSecMng.exe
PRC - [2006.11.02 11:44:50 | 000,016,384 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\attrib.exe
========== Modules (No Company Name) ==========
MOD - [2011.09.08 17:14:08 | 001,846,232 | ---- | M] () -- C:\Program Files\Mozilla Firefox 4.0 Beta 10\mozjs.dll
MOD - [2011.07.25 22:49:07 | 006,271,648 | ---- | M] () -- C:\Windows\System32\Macromed\Flash\NPSWF32.dll
MOD - [2008.08.25 20:47:16 | 000,192,512 | ---- | M] () -- C:\Program Files\System Control Manager\MSIWmiAcpi.dll
MOD - [2008.07.18 22:39:04 | 000,053,248 | ---- | M] () -- C:\Program Files\System Control Manager\MGKBHook.dll
MOD - [2008.06.10 16:13:00 | 000,159,744 | ---- | M] () -- C:\Windows\System32\atitmmxx.dll
MOD - [2008.03.03 16:06:04 | 000,194,032 | ---- | M] () -- C:\Windows\System32\ZoneLabs\lib\pyd\zpui.pyd
MOD - [2008.03.03 16:06:04 | 000,144,880 | ---- | M] () -- C:\Windows\System32\ZoneLabs\lib\pyd\pyexpat.pyd
MOD - [2001.08.10 15:23:14 | 000,388,608 | ---- | M] () -- C:\PROGRA~1\TEXTware\QUICKF~1\PlugIns\IEHelp.dll
========== Win32 Services (SafeList) ==========
SRV - [2011.07.05 10:25:08 | 002,428,968 | ---- | M] (mobile concepts GmbH) [On_Demand | Stopped] -- C:\Program Files\CyberGhost VPN\CGVPNCliService.exe -- (CGVPNCliSrvc)
SRV - [2011.06.28 18:52:46 | 000,269,480 | ---- | M] (Avira GmbH) [Auto | Running] -- C:\Program Files\Avira\AntiVir Desktop\avguard.exe -- (AntiVirService)
SRV - [2011.05.21 20:07:20 | 000,040,960 | -H-- | M] () [Auto | Running] -- C:\Users\July\AppData\Roaming\OCS\SM\SearchAnonymizerHelper.exe -- (SearchAnonymizer)
SRV - [2011.04.29 08:23:14 | 000,136,360 | ---- | M] (Avira GmbH) [Auto | Running] -- C:\Program Files\Avira\AntiVir Desktop\sched.exe -- (AntiVirSchedulerService)
SRV - [2010.11.21 11:49:24 | 000,247,608 | ---- | M] () [Auto | Running] -- C:\Program Files\ICQ6Toolbar\ICQ Service.exe -- (ICQ Service)
SRV - [2009.11.12 11:34:14 | 000,036,352 | ---- | M] () [On_Demand | Stopped] -- C:\Program Files\OpenVPN\bin\openvpnserv.exe -- (OpenVPNService)
SRV - [2009.01.28 09:39:02 | 000,185,640 | ---- | M] (TeamViewer GmbH) [Auto | Running] -- C:\Program Files\TeamViewer\Version4\TeamViewer_Service.exe -- (TeamViewer4)
SRV - [2008.10.25 11:44:08 | 000,065,888 | -H-- | M] (Microsoft Corporation) [On_Demand | Stopped] -- D:\Microsoft Office\Office12\GrooveAuditService.exe -- (Microsoft Office Groove Audit Service)
SRV - [2008.08.27 01:52:14 | 000,159,744 | ---- | M] () [Auto | Running] -- C:\Program Files\System Control Manager\MSIService.exe -- (Micro Star SCM)
SRV - [2008.07.21 02:45:06 | 000,354,840 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files\Intel\Intel Matrix Storage Manager\IAANTMon.exe -- (IAANTMON) Intel(R)
SRV - [2008.05.23 07:54:42 | 000,120,168 | ---- | M] (TOSHIBA CORPORATION) [Disabled | Stopped] -- C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtSrv.exe -- (TOSHIBA Bluetooth Service)
SRV - [2008.05.01 04:41:12 | 000,815,104 | ---- | M] (Intel(R) Corporation) [Auto | Running] -- C:\Program Files\Intel\WiFi\bin\EvtEng.exe -- (EvtEng)
SRV - [2008.05.01 04:10:10 | 000,466,944 | ---- | M] (Intel(R) Corporation) [Auto | Running] -- C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe -- (RegSrvc)
SRV - [2008.03.03 16:05:02 | 000,079,400 | ---- | M] (Check Point Software Technologies LTD) [Auto | Running] -- C:\Windows\System32\ZoneLabs\vsmon.exe -- (vsmon)
SRV - [2008.01.21 04:23:32 | 000,272,952 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files\Windows Defender\mpsvc.dll -- (WinDefend)
SRV - [2005.11.17 15:18:52 | 001,527,900 | ---- | M] (MAGIX®) [On_Demand | Stopped] -- C:\Program Files\MAGIX\Common\Database\bin\fbserver.exe -- (FirebirdServerMAGIXInstance)
========== Driver Services (SafeList) ==========
DRV - [2011.06.28 18:52:47 | 000,138,192 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\Windows\System32\drivers\avipbb.sys -- (avipbb)
DRV - [2011.06.28 18:52:47 | 000,066,616 | ---- | M] (Avira GmbH) [File_System | Auto | Running] -- C:\Windows\System32\drivers\avgntflt.sys -- (avgntflt)
DRV - [2011.06.02 07:47:22 | 000,136,808 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\ssadmdm.sys -- (ssadmdm)
DRV - [2011.06.02 07:47:22 | 000,121,064 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\ssadbus.sys -- (ssadbus) SAMSUNG Android USB Composite Device driver (WDM)
DRV - [2011.06.02 07:47:22 | 000,114,280 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\ssadserd.sys -- (ssadserd) SAMSUNG Android USB Diagnostic Serial Port (WDM)
DRV - [2011.06.02 07:47:22 | 000,012,776 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\ssadmdfl.sys -- (ssadmdfl) SAMSUNG Android USB Modem (Filter)
DRV - [2010.12.21 07:55:02 | 000,030,312 | ---- | M] (Google Inc) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\ssadadb.sys -- (androidusb)
DRV - [2010.10.20 14:43:08 | 000,007,680 | ---- | M] (MSI) [Kernel | On_Demand | Stopped] -- C:\Program Files\MSI\Live Update 5\NTIOLib.sys -- (NTIOLib_1_0_4)
DRV - [2010.05.10 10:44:42 | 000,025,912 | ---- | M] (Your Corporation) [Kernel | On_Demand | Stopped] -- C:\Program Files\MSI\Live Update 5\msibios32_100507.sys -- (MSI_MSIBIOS_010507)
DRV - [2010.02.25 17:51:02 | 000,025,216 | ---- | M] (The OpenVPN Project) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\tap0901.sys -- (tap0901)
DRV - [2009.05.11 10:12:49 | 000,028,520 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\Windows\System32\drivers\ssmdrv.sys -- (ssmdrv)
DRV - [2009.04.11 06:45:24 | 000,113,664 | ---- | M] (Microsoft Corporation) [Kernel | Auto | Running] -- C:\Windows\System32\drivers\rmcast.sys -- (RMCAST) RMCAST (Pgm)
DRV - [2008.08.06 10:26:00 | 000,124,928 | ---- | M] (Realtek Corporation ) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\Rtlh86.sys -- (RTL8169)
DRV - [2008.06.27 21:06:28 | 000,041,728 | ---- | M] (TOSHIBA CORPORATION) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\tosrfusb.sys -- (Tosrfusb)
DRV - [2008.06.10 18:35:00 | 003,839,488 | ---- | M] (ATI Technologies Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\atikmdag.sys -- (atikmdag)
DRV - [2008.05.14 01:16:06 | 000,064,000 | ---- | M] (TOSHIBA Corporation) [Kernel | System | Running] -- C:\Windows\System32\drivers\tosrfcom.sys -- (Tosrfcom)
DRV - [2008.04.29 11:31:00 | 000,143,328 | ---- | M] (Realtek Semiconductor Corp.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\RtHDMIV.sys -- (RTHDMIAzAudService)
DRV - [2008.04.28 15:29:26 | 003,658,752 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\NETw5v32.sys -- (NETw5v32) Intel(R)
DRV - [2008.04.27 20:07:44 | 000,909,824 | ---- | M] (Atheros Communications, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\athr.sys -- (athr)
DRV - [2008.04.24 02:15:26 | 000,131,712 | ---- | M] (TOSHIBA CORPORATION) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\tosrfbd.sys -- (tosrfbd)
DRV - [2008.04.08 16:41:34 | 000,140,832 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\USB_0064.sys -- (DVBUSB_0064_Sevice)
DRV - [2008.03.25 22:54:02 | 000,041,472 | ---- | M] (TOSHIBA Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\tosporte.sys -- (tosporte)
DRV - [2008.03.19 20:38:24 | 000,074,112 | ---- | M] (TOSHIBA Corporation.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\Tosrfhid.sys -- (Tosrfhid)
DRV - [2008.03.03 16:06:04 | 000,279,440 | ---- | M] (Check Point Software Technologies LTD) [Kernel | System | Running] -- C:\Windows\System32\drivers\vsdatant.sys -- (Vsdatant)
DRV - [2008.01.23 05:57:48 | 000,054,144 | ---- | M] (TOSHIBA Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\TosRfSnd.sys -- (TosRfSnd)
DRV - [2008.01.21 04:23:26 | 000,045,624 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\tpm.sys -- (TPM)
DRV - [2007.11.29 18:45:44 | 000,036,608 | ---- | M] (TOSHIBA Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\tosrfbnp.sys -- (tosrfbnp)
DRV - [2007.10.31 19:36:32 | 002,252,800 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\NETw4v32.sys -- (NETw4v32) Intel(R)
DRV - [2007.03.19 17:00:14 | 000,031,616 | ---- | M] () [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\RLVrtAuCbl.sys -- (ReallusionVirtualAudio)
DRV - [2005.01.07 14:42:00 | 000,018,612 | ---- | M] (TOSHIBA Corporation.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\tosrfnds.sys -- (tosrfnds)
========== Standard Registry (SafeList) ==========
========== Internet Explorer ==========
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://www.msi.com.tw
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://go.gmx.net/br/ie9_startpage
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Search_URL = hxxp://search.qip.ru
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = hxxp://search.qip.ru
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://go.gmx.net/tb/ie_startpage
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,StartPageCache = 1
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = hxxp://search.qip.ru/ie
IE - HKCU\..\URLSearchHook: - No CLSID value found
IE - HKCU\..\URLSearchHook: {855F3B16-6D32-4fe6-8A56-BBB695989046} - C:\Program Files\ICQ6Toolbar\ICQToolBar.dll (ICQ)
IE - HKCU\..\URLSearchHook: {A55F9C95-2BB1-4EA2-BC77-DFAAB78832CE} - No CLSID value found
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = <local>
========== FireFox ==========
FF - prefs.js..browser.search.defaultenginename: "ICQ Search"
FF - prefs.js..browser.search.defaulturl: "hxxp://search.icq.com/search/afe_results.php?ch_id=afex&tb_ver=1.2.9&q="
FF - prefs.js..browser.search.selectedEngine: "Google"
FF - prefs.js..browser.search.useDBForOrder: true
FF - prefs.js..browser.startup.homepage: "hxxp://www.gmx.de/"
FF - prefs.js..extensions.enabledItems: toolbar@ask.com:3.11.3.15590
FF - prefs.js..extensions.enabledItems: {d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}:1.3.3
FF - prefs.js..extensions.enabledItems: {8AA36F4F-6DC7-4c06-77AF-5035170634FE}:2010.01.21
FF - prefs.js..keyword.URL: "hxxp://search.icq.com/search/afe_results.php?ch_id=afex&tb_ver=1.3.3&q="
FF - prefs.js..network.proxy.type: 4
FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF32.dll ()
FF - HKLM\Software\MozillaPlugins\@divx.com/DivX Browser Plugin,version=1.0.0: C:\Program Files\DivX\DivX Web Player\npdivx32.dll (DivX,Inc.)
FF - HKLM\Software\MozillaPlugins\@divx.com/DivX Player Plugin,version=1.0.0: C:\Program Files\DivX\DivX Player\npDivxPlayerPlugin.dll (DivX, Inc)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files\Java\jre6\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: C:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@videolan.org/vlc,version=0.9.8a: C:\Program Files\VideoLAN\VLC\npvlc.dll (the VideoLAN Team)
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 4.0b10\extensions\\Components: C:\Program Files\Mozilla Firefox 4.0 Beta 10\components [2011.09.08 17:14:09 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 4.0b10\extensions\\Plugins: C:\Program Files\Mozilla Firefox 4.0 Beta 10\plugins
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 6.0.2\extensions\\Components: C:\Program Files\Mozilla Firefox 4.0 Beta 10\components [2011.09.08 17:14:09 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 6.0.2\extensions\\Plugins: C:\Program Files\Mozilla Firefox 4.0 Beta 10\plugins
[2009.02.07 11:32:33 | 000,000,000 | -H-D | M] (No name found) -- C:\Users\July\AppData\Roaming\mozilla\Extensions
[2011.09.28 16:56:19 | 000,000,000 | -H-D | M] (No name found) -- C:\Users\July\AppData\Roaming\mozilla\Firefox\Profiles\9dktzsce.default\extensions
[2010.04.28 16:19:18 | 000,000,000 | -H-D | M] (Microsoft .NET Framework Assistant) -- C:\Users\July\AppData\Roaming\mozilla\Firefox\Profiles\9dktzsce.default\extensions\{20a82645-c095-46ed-80e3-08825760534b}
[2011.09.27 15:48:20 | 000,000,000 | -H-D | M] ("ICQ Toolbar") -- C:\Users\July\AppData\Roaming\mozilla\Firefox\Profiles\9dktzsce.default\extensions\{800b5000-a755-47e1-992b-48a1c1357f07}
[2009.02.07 11:41:51 | 000,000,000 | -H-D | M] (Password Bank) -- C:\Users\July\AppData\Roaming\mozilla\Firefox\Profiles\9dktzsce.default\extensions\passwordbank@upek.com
[2011.09.24 11:03:40 | 000,000,000 | -H-D | M] ("Ask Toolbar") -- C:\Users\July\AppData\Roaming\mozilla\Firefox\Profiles\9dktzsce.default\extensions\toolbar@ask.com
[2011.05.31 12:25:50 | 000,010,525 | -H-- | M] () -- C:\Users\July\AppData\Roaming\Mozilla\Firefox\Profiles\9dktzsce.default\searchplugins\gmx-suche.xml
[2011.09.27 15:02:40 | 000,000,950 | -H-- | M] () -- C:\Users\July\AppData\Roaming\Mozilla\Firefox\Profiles\9dktzsce.default\searchplugins\icqplugin-1.xml
[2011.08.17 10:55:16 | 000,000,950 | -H-- | M] () -- C:\Users\July\AppData\Roaming\Mozilla\Firefox\Profiles\9dktzsce.default\searchplugins\icqplugin-2.xml
[2011.08.18 19:37:27 | 000,000,950 | -H-- | M] () -- C:\Users\July\AppData\Roaming\Mozilla\Firefox\Profiles\9dktzsce.default\searchplugins\icqplugin-3.xml
[2011.08.21 13:16:51 | 000,000,950 | -H-- | M] () -- C:\Users\July\AppData\Roaming\Mozilla\Firefox\Profiles\9dktzsce.default\searchplugins\icqplugin-4.xml
[2011.08.31 18:53:47 | 000,000,950 | -H-- | M] () -- C:\Users\July\AppData\Roaming\Mozilla\Firefox\Profiles\9dktzsce.default\searchplugins\icqplugin-5.xml
[2011.09.08 17:55:36 | 000,000,950 | -H-- | M] () -- C:\Users\July\AppData\Roaming\Mozilla\Firefox\Profiles\9dktzsce.default\searchplugins\icqplugin-6.xml
[2011.09.25 17:27:46 | 000,000,168 | -H-- | M] () -- C:\Users\July\AppData\Roaming\Mozilla\Firefox\Profiles\9dktzsce.default\searchplugins\icqplugin.gif
[2011.09.25 17:27:46 | 000,000,618 | -H-- | M] () -- C:\Users\July\AppData\Roaming\Mozilla\Firefox\Profiles\9dktzsce.default\searchplugins\icqplugin.src
[2011.06.21 23:43:44 | 000,000,950 | -H-- | M] () -- C:\Users\July\AppData\Roaming\Mozilla\Firefox\Profiles\9dktzsce.default\searchplugins\icqplugin.xml
[2010.10.13 19:59:14 | 000,002,311 | -H-- | M] () -- C:\Users\July\AppData\Roaming\Mozilla\Firefox\Profiles\9dktzsce.default\searchplugins\qipsearch.xml
[2010.10.13 19:59:14 | 000,002,182 | -H-- | M] () -- C:\Users\July\AppData\Roaming\Mozilla\Firefox\Profiles\9dktzsce.default\searchplugins\{5A4CE7A1-8CED-4F08-9BAC-10CBC768DB40}.xml
[2010.10.13 19:59:14 | 000,002,071 | -H-- | M] () -- C:\Users\July\AppData\Roaming\Mozilla\Firefox\Profiles\9dktzsce.default\searchplugins\{959DBEBF-B491-4DEB-80E6-A0D5C2F63AA3}.xml
[2010.10.13 19:59:14 | 000,001,864 | -H-- | M] () -- C:\Users\July\AppData\Roaming\Mozilla\Firefox\Profiles\9dktzsce.default\searchplugins\{E51E7004-D3FE-4846-A581-F9280F80793A}.xml
[2011.05.22 23:15:40 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\mozilla firefox\extensions
[2010.10.31 14:25:16 | 000,000,000 | ---D | M] ("Citavi Picker") -- C:\Program Files\mozilla firefox\extensions\{8AA36F4F-6DC7-4c06-77AF-5035170634FE}
() (No name found) -- C:\USERS\JULY\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\9DKTZSCE.DEFAULT\EXTENSIONS\{D10D0BF8-F5B5-C8B4-A8B2-2B9879E08C5D}.XPI
() (No name found) -- C:\USERS\JULY\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\9DKTZSCE.DEFAULT\EXTENSIONS\TOOLBAR@GMX.NET.XPI
O1 HOSTS File: ([2011.05.21 20:08:46 | 000,000,761 | ---- | M]) - C:\Windows\System32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O1 - Hosts: ::1 localhost
O2 - BHO: (Adobe PDF Reader Link Helper) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll (Adobe Systems Incorporated)
O2 - BHO: (GMX Konfiguration) - {17166733-40EA-4432-A85C-AE672FF0E236} - C:\ProgramData\1und1InternetExplorerAddon\BHOXML.dll (1&1 Mail & Media GmbH)
O2 - BHO: (no name) - {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} - No CLSID value found.
O2 - BHO: (Groove GFS Browser Helper) - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - D:\Microsoft Office\Office12\GrooveShellExtensions.dll (Microsoft Corporation)
O2 - BHO: (GMX Toolbar BHO) - {BF42D4A8-016E-4fcd-B1EB-837659FD77C6} - C:\Program Files\GMX Toolbar\IE\uitb.dll (1und1 Mail und Media GmbH)
O2 - BHO: (QUICKfind BHO Object) - {C08DF07A-3E49-4E25-9AB0-D3882835F153} - C:\PROGRA~1\TEXTware\QUICKF~1\PlugIns\IEHelp.dll ()
O2 - BHO: (Ask Toolbar) - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files\Ask.com\GenericAskToolbar.dll (Ask)
O3 - HKLM\..\Toolbar: (no name) - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - No CLSID value found.
O3 - HKLM\..\Toolbar: (ICQToolBar) - {855F3B16-6D32-4FE6-8A56-BBB695989046} - C:\Program Files\ICQ6Toolbar\ICQToolBar.dll (ICQ)
O3 - HKLM\..\Toolbar: (TerraTec Home Cinema) - {AD6E6555-FB2C-47D4-8339-3E2965509877} - C:\PROGRA~1\TerraTec\TERRAT~1\THCDES~1.DLL (TerraTec Electronic GmbH)
O3 - HKLM\..\Toolbar: (GMX Toolbar BETA 1) - {C424171E-592A-415a-9EB1-DFD6D95D3530} - C:\Program Files\GMX Toolbar\IE\uitb.dll (1und1 Mail und Media GmbH)
O3 - HKLM\..\Toolbar: (Ask Toolbar) - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files\Ask.com\GenericAskToolbar.dll (Ask)
O3 - HKCU\..\Toolbar\WebBrowser: (GMX Toolbar BETA 1) - {C424171E-592A-415A-9EB1-DFD6D95D3530} - C:\Program Files\GMX Toolbar\IE\uitb.dll (1und1 Mail und Media GmbH)
O3 - HKCU\..\Toolbar\WebBrowser: (Ask Toolbar) - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files\Ask.com\GenericAskToolbar.dll (Ask)
O4 - HKLM..\Run: [] File not found
O4 - HKLM..\Run: [ApnUpdater] C:\Program Files\Ask.com\Updater\Updater.exe (Ask)
O4 - HKLM..\Run: [avgnt] C:\Program Files\Avira\AntiVir Desktop\avgnt.exe (Avira GmbH)
O4 - HKLM..\Run: [GrooveMonitor] D:\Microsoft Office\Office12\GrooveMonitor.exe (Microsoft Corporation)
O4 - HKLM..\Run: [IAAnotif] C:\Program Files\Intel\Intel Matrix Storage Manager\iaanotif.exe (Intel Corporation)
O4 - HKLM..\Run: [ITSecMng] C:\Program Files\TOSHIBA\Bluetooth Toshiba Stack\ItSecMng.exe ( TOSHIBA CORPORATION)
O4 - HKLM..\Run: [Live Update 5] C:\Program Files\MSI\Live Update 5\LU5.exe ()
O4 - HKLM..\Run: [MGSysCtrl] C:\Program Files\System Control Manager\MGSysCtrl.exe (Mirco-Star International CO., LTD.)
O4 - HKLM..\Run: [Ocs_SM] C:\Users\July\AppData\Roaming\OCS\SM\SearchAnonymizer.exe (OCS)
O4 - HKLM..\Run: [PSQLLauncher] C:\Program Files\Protector Suite QL\launcher.exe (UPEK Inc.)
O4 - HKLM..\Run: [RtHDVCpl] C:\Windows\RtHDVCpl.exe (Realtek Semiconductor)
O4 - HKLM..\Run: [StartCCC] C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe (Advanced Micro Devices, Inc.)
O4 - HKLM..\Run: [Windows Defender] C:\Program Files\Windows Defender\MSASCui.exe (Microsoft Corporation)
O4 - HKLM..\Run: [ZoneAlarm Client] C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe (Check Point Software Technologies LTD)
O4 - HKCU..\Run: [kwlfon] rundll32 C:\Users\July\AppData\Roaming\MICROS~1\Protect\espa.kk, qjok File not found
O4 - HKCU..\Run: [uIHokJiHsVWWMqk.exe] C:\ProgramData\uIHokJiHsVWWMqk.exe (NetPlay Software)
O4 - Startup: C:\Users\July\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\dxdiag.exe ()
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: DisableCAD = 1
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O8 - Extra context menu item: Nach Microsoft E&xel exportieren - D:\Microsoft Office\Office12\EXCEL.EXE (Microsoft Corporation)
O9 - Extra Button: An OneNote senden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - D:\Microsoft Office\Office12\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : An OneNote s&enden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - D:\Microsoft Office\Office12\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra Button: ICQ7.5 - {7578ADEA-D65F-4C89-A249-B1C88B6FFC20} - C:\Program Files\ICQ7.5\ICQ.exe (ICQ, LLC.)
O9 - Extra 'Tools' menuitem : ICQ7.5 - {7578ADEA-D65F-4C89-A249-B1C88B6FFC20} - C:\Program Files\ICQ7.5\ICQ.exe (ICQ, LLC.)
O9 - Extra Button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - D:\Microsoft Office\Office12\REFIEBAR.DLL (Microsoft Corporation)
O13 - gopher Prefix: missing
O16 - DPF: {08631890-6059-4255-B37F-F23AD334D122} hxxp://epis.ewha.ac.kr:8880/EP/web/common/cabfiles/ACUBEActiveXUninstallControl.cab (ACUBEActiveXUninstallControl Control)
O16 - DPF: {1CCA7AD8-4FF3-4449-B994-FD5CD326444C} hxxp://portal.ewha.ac.kr/sso/plugins/NMPCertX.cab (NMPCertX Class)
O16 - DPF: {3D64E58D-CB55-4344-B809-CFE38F900838} hxxp://portal.ewha.ac.kr/sso/plugins/MagicLoaderX.cab (MagicLoaderX Class)
O16 - DPF: {5441F297-BB6C-4D6C-9E05-4FD14D96B605} hxxp://epis.ewha.ac.kr:8880/EP/web/common/cabfiles/IE8Tools.cab (BlockIEDevTools Class)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_26-windows-i586.cab (Java Plug-in 1.6.0_26)
O16 - DPF: {9D67EBF0-AF1A-4BCE-BAC9-C84A9383E0B3} hxxp://epis.ewha.ac.kr:8880/EP/web/common/cabfiles/UniSSOCheck.cab (SSOCheck Class)
O16 - DPF: {AD6870C0-44B7-42FB-A119-C2C6BD9CD005} hxxp://portal.ewha.ac.kr/sso/plugins/MagicPassX.cab (MagicPass Class)
O16 - DPF: {CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_07-windows-i586.cab (Java Plug-in 1.6.0_07)
O16 - DPF: {CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_26-windows-i586.cab (Java Plug-in 1.6.0_26)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_26-windows-i586.cab (Java Plug-in 1.6.0_26)
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} hxxp://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab (Shockwave Flash Object)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 203.246.162.253 164.124.101.2
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{15BE69AD-4DBE-4023-9B54-69446053DA77}: DhcpNameServer = 203.246.162.253 164.124.101.2
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{C637203B-0434-4E9D-A134-A672011AA19A}: DhcpNameServer = 192.168.1.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{D15839B7-19BA-4F02-9A0F-33F07989504C}: DhcpNameServer = 193.22.254.22
O18 - Protocol\Handler\gmx {8FAF0273-9CA8-4efc-9536-1E35E254D5CD} - C:\Program Files\GMX Toolbar\IE\uitb.dll (1und1 Mail und Media GmbH)
O18 - Protocol\Handler\grooveLocalGWS {88FED34C-F0CA-4636-A375-3CB6248B04CD} - D:\Microsoft Office\Office12\GrooveSystemServices.dll (Microsoft Corporation)
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL (Skype Technologies)
O18 - Protocol\Filter\text/xml {807563E5-5146-11D5-A672-00B0D022E945} - C:\PROGRA~1\COMMON~1\MICROS~1\OFFICE12\MSOXMLMF.DLL (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (explorer.exe) -C:\Windows\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) -C:\Windows\System32\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: GinaDLL - (vrlogon.dll) -C:\Windows\System32\vrlogon.dll (UPEK Inc.)
O20 - Winlogon\Notify\psfus: DllName - (C:\Windows\system32\psqlpwd.dll) - C:\Windows\System32\psqlpwd.dll (UPEK Inc.)
O24 - Desktop WallPaper: C:\Users\Public\Pictures\Sample Pictures\Autumn Leaves.jpg
O24 - Desktop BackupWallPaper: C:\Users\Public\Pictures\Sample Pictures\Autumn Leaves.jpg
O28 - HKLM ShellExecuteHooks: {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - D:\Microsoft Office\Office12\GrooveShellExtensions.dll (Microsoft Corporation)
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2009.03.03 13:02:11 | 000,000,057 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]
O33 - MountPoints2\{28bfba81-5345-11de-90e2-002185560a86}\Shell\AutoRun\command - "" = F:\setup.exe
O33 - MountPoints2\{4d26b746-f784-11de-8f33-002185560a86}\Shell - "" = AutoRun
O33 - MountPoints2\{4d26b746-f784-11de-8f33-002185560a86}\Shell\AutoRun\command - "" = H:\LaunchU3.exe -a
O33 - MountPoints2\{8af45932-0cd9-11e0-9e6d-002185560a86}\Shell - "" = AutoRun
O33 - MountPoints2\{8af45932-0cd9-11e0-9e6d-002185560a86}\Shell\AutoRun\command - "" = G:\LaunchU3.exe -a
O33 - MountPoints2\{9efac829-7f50-11de-8319-002185560a86}\Shell - "" = AutoRun
O33 - MountPoints2\{9efac829-7f50-11de-8319-002185560a86}\Shell\AutoRun\command - "" = G:\LaunchU3.exe -a
O33 - MountPoints2\G\Shell - "" = AutoRun
O33 - MountPoints2\G\Shell\AutoRun\command - "" = G:\LaunchU3.exe -a
O34 - HKLM BootExecute: (autocheck autochk *)
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
========== Files/Folders - Created Within 30 Days ==========
[2011.09.28 13:00:49 | 000,000,000 | -H-D | C] -- C:\Users\July\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Data Repair
[2011.09.28 13:00:02 | 000,346,624 | -H-- | C] (NetPlay Software) -- C:\ProgramData\6DSS92c31Apgjk.exe
[2011.09.28 12:51:09 | 000,458,752 | -H-- | C] (NetPlay Software) -- C:\ProgramData\uIHokJiHsVWWMqk.exe
[2011.09.21 06:04:19 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\CyberGhost VPN
[2011.09.21 06:03:35 | 000,000,000 | -H-D | C] -- C:\Users\July\AppData\Roaming\EurekaLog
[2011.09.16 09:22:21 | 000,025,216 | ---- | C] (The OpenVPN Project) -- C:\Windows\System32\drivers\tap0901.sys
[2011.09.16 09:22:15 | 000,000,000 | -H-D | C] -- C:\CyberGhost VPN
[2011.09.16 07:00:39 | 000,000,000 | -H-D | C] -- C:\Users\July\AppData\Roaming\JonDo
[2011.09.16 06:58:27 | 000,000,000 | -H-D | C] -- C:\Users\July\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\JAP
[2011.09.16 06:58:27 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\JAP
[2011.09.16 06:57:05 | 000,000,000 | ---D | C] -- C:\Program Files\JAP
[2011.09.16 06:09:51 | 000,000,000 | ---D | C] -- C:\Program Files\CyberGhost VPN
[2011.09.14 09:25:29 | 000,000,000 | ---D | C] -- C:\Program Files\DreamSecurity
[2011.09.14 09:13:44 | 000,110,592 | ---- | C] (Samsung SDS) -- C:\Windows\System32\UniSSOCheck.dll
[2011.09.14 09:13:44 | 000,000,000 | ---D | C] -- C:\Program Files\Samsung SDS
[2011.09.10 20:44:17 | 000,000,000 | -H-D | C] -- C:\Users\July\AppData\Roaming\Reallusion
[2011.09.10 20:44:17 | 000,000,000 | -H-D | C] -- D:\My Dropbox\Documents\CamSuite Gallery
[2011.09.07 16:26:51 | 000,000,000 | -H-D | C] -- C:\Users\July\.dreamsecurity
[2011.09.07 15:51:31 | 000,000,000 | -H-D | C] -- C:\ProgramData\UUdb
[2011.09.07 10:18:59 | 000,000,000 | -H-D | C] -- C:\Users\July\Desktop\course syllabus
[6 C:\Users\July\Desktop\*.tmp files -> C:\Users\July\Desktop\*.tmp -> ]
[3 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]
[1 C:\Windows\System32\drivers\*.tmp files -> C:\Windows\System32\drivers\*.tmp -> ]
========== Files - Modified Within 30 Days ==========
[2011.09.30 15:30:52 | 000,352,615 | -H-- | M] () -- C:\Windows\System32\drivers\vsconfig.xml
[2011.09.30 15:30:42 | 000,003,216 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0
[2011.09.30 15:30:42 | 000,003,216 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0
[2011.09.30 15:30:27 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2011.09.30 15:29:41 | 3220,340,736 | -HS- | M] () -- C:\hiberfil.sys
[2011.09.28 13:25:03 | 000,000,208 | -H-- | M] () -- C:\ProgramData\~6DSS92c31Apgjk
[2011.09.28 13:25:03 | 000,000,128 | -H-- | M] () -- C:\ProgramData\~6DSS92c31Apgjkr
[2011.09.28 13:08:12 | 000,626,790 | ---- | M] () -- C:\Windows\System32\perfh007.dat
[2011.09.28 13:08:12 | 000,594,224 | ---- | M] () -- C:\Windows\System32\perfh009.dat
[2011.09.28 13:08:12 | 000,126,388 | ---- | M] () -- C:\Windows\System32\perfc007.dat
[2011.09.28 13:08:12 | 000,104,038 | ---- | M] () -- C:\Windows\System32\perfc009.dat
[2011.09.28 13:06:45 | 000,000,456 | -H-- | M] () -- C:\ProgramData\6DSS92c31Apgjk
[2011.09.28 13:00:49 | 000,000,613 | -H-- | M] () -- C:\Users\July\Desktop\Data Repair.lnk
[2011.09.28 13:00:02 | 000,346,624 | -H-- | M] (NetPlay Software) -- C:\ProgramData\6DSS92c31Apgjk.exe
[2011.09.28 12:50:13 | 000,458,752 | -H-- | M] (NetPlay Software) -- C:\ProgramData\uIHokJiHsVWWMqk.exe
[2011.09.27 09:32:27 | 255,819,054 | ---- | M] () -- C:\Windows\MEMORY.DMP
[2011.09.15 10:25:00 | 000,016,896 | -H-- | M] () -- C:\Users\July\Desktop\EKLES_Form (2).hwp
[2011.09.14 08:59:52 | 000,404,640 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\System32\FlashPlayerCPLApp.cpl
[6 C:\Users\July\Desktop\*.tmp files -> C:\Users\July\Desktop\*.tmp -> ]
[3 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]
[1 C:\Windows\System32\drivers\*.tmp files -> C:\Windows\System32\drivers\*.tmp -> ]
========== Files Created - No Company Name ==========
[2011.09.28 13:25:03 | 000,000,128 | -H-- | C] () -- C:\ProgramData\~6DSS92c31Apgjkr
[2011.09.28 13:25:02 | 000,000,208 | -H-- | C] () -- C:\ProgramData\~6DSS92c31Apgjk
[2011.09.28 13:00:49 | 000,000,613 | -H-- | C] () -- C:\Users\July\Desktop\Data Repair.lnk
[2011.09.28 13:00:39 | 000,000,456 | -H-- | C] () -- C:\ProgramData\6DSS92c31Apgjk
[2011.09.28 12:57:11 | 3220,340,736 | -HS- | C] () -- C:\hiberfil.sys
[2011.09.15 11:18:49 | 000,016,896 | -H-- | C] () -- C:\Users\July\Desktop\EKLES_Form (2).hwp
[2011.06.07 11:13:38 | 000,974,848 | ---- | C] () -- C:\Windows\System32\cis-2.4.dll
[2011.06.07 11:13:38 | 000,081,920 | ---- | C] () -- C:\Windows\System32\issacapi_bs-2.3.dll
[2011.06.07 11:13:38 | 000,065,536 | ---- | C] () -- C:\Windows\System32\issacapi_pe-2.3.dll
[2011.06.07 11:13:38 | 000,057,344 | ---- | C] () -- C:\Windows\System32\issacapi_se-2.3.dll
[2011.06.07 11:13:38 | 000,030,568 | ---- | C] () -- C:\Windows\MusiccityDownload.exe
[2011.05.19 22:21:26 | 000,000,034 | ---- | C] () -- C:\Windows\cdplayer.ini
[2011.03.06 16:47:26 | 000,000,048 | -H-- | C] () -- C:\Windows\System32\ezsidmv.dat
[2011.03.05 11:28:22 | 000,000,306 | RHS- | C] () -- C:\ProgramData\ntuser.pol
[2010.05.17 12:36:53 | 000,081,920 | ---- | C] () -- C:\Windows\System32\GkSui20.EXE
[2009.11.01 19:50:05 | 000,000,680 | -H-- | C] () -- C:\Users\July\AppData\Local\d3d9caps.dat
[2009.10.20 19:50:29 | 000,117,248 | ---- | C] () -- C:\Windows\System32\EhStorAuthn.dll
[2009.10.20 19:50:29 | 000,107,612 | ---- | C] () -- C:\Windows\System32\StructuredQuerySchema.bin
[2009.02.24 07:59:53 | 000,018,904 | ---- | C] () -- C:\Windows\System32\StructuredQuerySchemaTrivial.bin
[2009.02.14 15:13:24 | 000,000,061 | ---- | C] () -- C:\Windows\TEXTware.ini
[2009.02.14 15:13:22 | 000,147,456 | ---- | C] () -- C:\Windows\System32\Twavbx32.dll
[2009.02.14 15:13:21 | 000,115,200 | ---- | C] () -- C:\Windows\System32\UnzDll.dll
[2009.02.14 15:13:21 | 000,113,288 | ---- | C] () -- C:\Windows\System32\bass.dll
[2009.02.14 15:13:21 | 000,090,112 | ---- | C] () -- C:\Windows\System32\idiom010227.dll
[2009.02.14 15:13:18 | 000,143,360 | ---- | C] () -- C:\Windows\System32\ILXTBS.DLL
[2009.02.07 17:37:26 | 000,147,456 | -H-- | C] () -- C:\Users\July\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2009.02.07 12:16:42 | 000,006,642 | ---- | C] () -- C:\Windows\mgxoschk.ini
[2009.02.07 11:32:33 | 000,000,000 | ---- | C] () -- C:\Windows\nsreg.dat
[2009.02.07 11:24:36 | 000,839,854 | ---- | C] () -- C:\ProgramData\LuUninstall.LiveUpdate
[2009.02.07 00:32:05 | 000,031,616 | ---- | C] () -- C:\Windows\System32\drivers\RLVrtAuCbl.sys
[2008.09.20 02:22:22 | 000,000,000 | ---- | C] () -- C:\Windows\tosOBEX.INI
[2008.09.19 18:43:14 | 000,000,000 | ---- | C] () -- C:\Windows\ativpsrm.bin
[2008.09.19 18:40:27 | 003,107,788 | ---- | C] () -- C:\Windows\System32\atiumdva.dat
[2008.06.10 16:13:00 | 000,159,744 | ---- | C] () -- C:\Windows\System32\atitmmxx.dll
[2008.06.10 11:50:00 | 000,174,819 | ---- | C] () -- C:\Windows\System32\atiicdxx.dat
[2008.04.08 16:41:34 | 000,140,832 | ---- | C] () -- C:\Windows\System32\drivers\USB_0064.sys
[2008.03.05 14:38:00 | 000,090,112 | ---- | C] () -- C:\Windows\System32\atibrtmon.exe
[2007.12.22 01:46:32 | 000,118,784 | ---- | C] () -- C:\Windows\System32\TosBtAcc.dll
[2006.11.02 14:57:28 | 000,067,584 | --S- | C] () -- C:\Windows\bootstat.dat
[2006.11.02 14:47:37 | 000,414,264 | ---- | C] () -- C:\Windows\System32\FNTCACHE.DAT
[2006.11.02 14:35:32 | 000,005,632 | ---- | C] () -- C:\Windows\System32\sysprepMCE.dll
[2006.11.02 12:33:01 | 000,594,224 | ---- | C] () -- C:\Windows\System32\perfh009.dat
[2006.11.02 12:33:01 | 000,287,440 | ---- | C] () -- C:\Windows\System32\perfi009.dat
[2006.11.02 12:33:01 | 000,104,038 | ---- | C] () -- C:\Windows\System32\perfc009.dat
[2006.11.02 12:33:01 | 000,030,674 | ---- | C] () -- C:\Windows\System32\perfd009.dat
[2006.11.02 12:23:21 | 000,215,943 | ---- | C] () -- C:\Windows\System32\dssec.dat
[2006.11.02 10:58:30 | 000,043,131 | ---- | C] () -- C:\Windows\mib.bin
[2006.11.02 10:19:00 | 000,000,741 | ---- | C] () -- C:\Windows\System32\NOISE.DAT
[2006.11.02 09:40:29 | 000,013,750 | ---- | C] () -- C:\Windows\System32\pacerprf.ini
[2006.11.02 09:25:31 | 000,673,088 | ---- | C] () -- C:\Windows\System32\mlang.dat
[2005.07.23 06:30:18 | 000,065,536 | ---- | C] () -- C:\Windows\System32\TosCommAPI.dll
[2002.03.05 04:53:43 | 000,290,748 | ---- | C] () -- C:\Windows\System32\perfi007.dat
[2002.03.05 04:53:42 | 000,626,790 | ---- | C] () -- C:\Windows\System32\perfh007.dat
[2002.03.05 04:53:42 | 000,126,388 | ---- | C] () -- C:\Windows\System32\perfc007.dat
[2002.03.05 04:53:42 | 000,036,916 | ---- | C] () -- C:\Windows\System32\perfd007.dat
========== LOP Check ==========
[2011.07.14 14:22:26 | 000,000,000 | -H-D | M] -- C:\Users\July\AppData\Roaming\1&1 Mail & Media GmbH
[2010.10.31 17:25:17 | 000,000,000 | -H-D | M] -- C:\Users\July\AppData\Roaming\Academic Software Zurich
[2009.12.31 23:32:10 | 000,000,000 | -H-D | M] -- C:\Users\July\AppData\Roaming\bible2.net
[2010.01.11 19:51:26 | 000,000,000 | -H-D | M] -- C:\Users\July\AppData\Roaming\Desktopicon
[2011.07.30 22:16:26 | 000,000,000 | -H-D | M] -- C:\Users\July\AppData\Roaming\Disk Cleaner
[2011.05.21 19:38:37 | 000,000,000 | -H-D | M] -- C:\Users\July\AppData\Roaming\Dropbox
[2011.08.19 12:48:15 | 000,000,000 | -H-D | M] -- C:\Users\July\AppData\Roaming\EAC
[2009.04.27 09:43:37 | 000,000,000 | -H-D | M] -- C:\Users\July\AppData\Roaming\Elluminate
[2011.09.21 06:03:35 | 000,000,000 | -H-D | M] -- C:\Users\July\AppData\Roaming\EurekaLog
[2011.09.25 14:41:10 | 000,000,000 | -H-D | M] -- C:\Users\July\AppData\Roaming\ICQ
[2010.10.13 19:38:52 | 000,000,000 | -H-D | M] -- C:\Users\July\AppData\Roaming\ICQLite
[2009.02.07 00:37:40 | 000,000,000 | -H-D | M] -- C:\Users\July\AppData\Roaming\Infineon
[2011.07.28 22:17:35 | 000,000,000 | -H-D | M] -- C:\Users\July\AppData\Roaming\IrfanView
[2011.09.16 07:08:23 | 000,000,000 | -H-D | M] -- C:\Users\July\AppData\Roaming\JonDo
[2009.03.04 13:46:08 | 000,000,000 | -H-D | M] -- C:\Users\July\AppData\Roaming\MAGIX
[2010.10.13 19:58:58 | 000,000,000 | -H-D | M] -- C:\Users\July\AppData\Roaming\OCS
[2009.02.07 13:00:51 | 000,000,000 | -H-D | M] -- C:\Users\July\AppData\Roaming\OpenOffice.org
[2010.10.13 19:59:14 | 000,000,000 | -H-D | M] -- C:\Users\July\AppData\Roaming\Opera
[2009.02.07 12:10:01 | 000,000,000 | -H-D | M] -- C:\Users\July\AppData\Roaming\Protector Suite
[2010.10.11 19:48:29 | 000,000,000 | -H-D | M] -- C:\Users\July\AppData\Roaming\QIP
[2011.07.25 18:49:27 | 000,000,000 | -H-D | M] -- C:\Users\July\AppData\Roaming\Samsung
[2009.02.07 15:46:56 | 000,000,000 | -H-D | M] -- C:\Users\July\AppData\Roaming\TeamViewer
[2009.02.09 21:09:13 | 000,000,000 | -H-D | M] -- C:\Users\July\AppData\Roaming\TerraTec
[2010.08.20 21:39:53 | 000,000,000 | -H-D | M] -- C:\Users\July\AppData\Roaming\TippKönigin
[2009.02.07 14:51:41 | 000,000,000 | -H-D | M] -- C:\Users\July\AppData\Roaming\Toolbars
[2010.05.01 22:01:36 | 000,000,000 | -H-D | M] -- C:\Users\July\AppData\Roaming\Ulead Systems
[2011.09.30 15:27:57 | 000,032,516 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT
========== Purity Check ==========
< End of report >
OTL-Extras Datei: OTL Logfile: Code:
ATTFilter OTL Extras logfile created on: 30.09.2011 15:40:16 - Run 1
OTL by OldTimer - Version 3.2.29.1 Folder = D:\download
Windows Vista Home Premium Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
3,00 Gb Total Physical Memory | 1,68 Gb Available Physical Memory | 56,06% Memory free
6,19 Gb Paging File | 4,96 Gb Available in Paging File | 80,15% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 43,95 Gb Total Space | 1,48 Gb Free Space | 3,37% Space Free | Partition Type: NTFS
Drive D: | 246,33 Gb Total Space | 46,53 Gb Free Space | 18,89% Space Free | Partition Type: NTFS
Computer Name: JULYSLAPTOP | User Name: July | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
========== Extra Registry (SafeList) ==========
========== File Associations ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- C:\Windows\System32\control.exe (Microsoft Corporation)
.hlp [@ = hlpfile] -- C:\Windows\winhlp32.exe (Microsoft Corporation)
[HKEY_CURRENT_USER\SOFTWARE\Classes\<extension>]
.html [@ = FirefoxHTML] -- C:\Program Files\Mozilla Firefox 4.0 Beta 10\firefox.exe (Mozilla Corporation)
========== Shell Spawning ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
hlpfile [open] -- %SystemRoot%\winhlp32.exe %1 (Microsoft Corporation)
htmlfile [edit] -- "D:\Microsoft Office\Office12\msohtmed.exe" %1 (Microsoft Corporation)
htmlfile [print] -- "D:\Microsoft Office\Office12\msohtmed.exe" /p %1 (Microsoft Corporation)
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [AddToPlaylistVLC] -- C:\Program Files\VideoLAN\VLC\vlc.exe --started-from-file --playlist-enqueue "%1" ()
Directory [Browse with &IrfanView] -- "C:\Program Files\IrfanView\i_view32.exe" "%1 /thumbs" (Irfan Skiljan)
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [OneNote.Open] -- D:\MICROS~1\Office12\ONENOTE.EXE "%L" (Microsoft Corporation)
Directory [PlayWithVLC] -- C:\Program Files\VideoLAN\VLC\vlc.exe --started-from-file --no-playlist-enqueue "%1" ()
Folder [open] -- %SystemRoot%\Explorer.exe /separate,/idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /separate,/e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
========== Security Center Settings ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1
"UacDisableNotify" = 0
"InternetSettingsDisableNotify" = 0
"AutoUpdateDisableNotify" = 0
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
"DisableMonitoring" = 1
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus]
"DisableMonitoring" = 1
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall]
"DisableMonitoring" = 1
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ZoneLabsFirewall]
"DisableMonitoring" = 1
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 1
"VistaSp1" = Reg Error: Unknown registry data type -- File not found
"VistaSp2" = Reg Error: Unknown registry data type -- File not found
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]
========== Firewall Settings ==========
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"EnableFirewall" = 0
"DisableNotifications" = 0
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall" = 0
"DisableNotifications" = 0
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"EnableFirewall" = 0
"DisableNotifications" = 0
"DoNotAllowExceptions" = 0
========== Authorized Applications List ==========
========== Vista Active Open Ports Exception List ==========
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{09E6D8EE-1D57-4CFA-A93E-55D8B011F3E4}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{0E96BDC4-C384-4F9C-A786-8DB16154FCE3}" = lport=3702 | protocol=17 | dir=in | svc=fdrespub | app=%systemroot%\system32\svchost.exe |
"{48855D5F-9C20-4997-8902-E7D48A9E572A}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{581C0D46-015B-4995-AC61-2C97243A51DE}" = lport=3702 | protocol=17 | dir=in | svc=fdphost | app=%systemroot%\system32\svchost.exe |
"{597EAEE0-CCCD-499F-8479-382D903FEFCF}" = lport=6004 | protocol=17 | dir=in | app=d:\microsoft office\office12\outlook.exe |
"{7A96E5C7-3BE4-477B-9CF2-C4E8DE29BB97}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{C7F82379-F4DB-449C-B480-FF378E443D5B}" = rport=3702 | protocol=17 | dir=out | svc=fdphost | app=%systemroot%\system32\svchost.exe |
"{DC4E30C8-D931-4838-A7BA-F6B68C9DB744}" = lport=135 | protocol=6 | dir=in | svc=rpcss | app=c:\windows\system32\svchost.exe |
"{DD37841E-B67A-4F1E-A700-1592F3A5C321}" = rport=3702 | protocol=17 | dir=out | svc=fdrespub | app=%systemroot%\system32\svchost.exe |
"{FB8CB996-2361-4037-B1DB-F754A68B1A45}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe |
========== Vista Active Application Exception List ==========
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{01CD2E4A-2A47-4E71-B018-480738480B54}" = protocol=17 | dir=in | app=d:\microsoft office\office12\onenote.exe |
"{095F1158-C76F-404D-B39D-60345BF473CF}" = protocol=17 | dir=in | app=c:\windows\system32\muzapp.exe |
"{0F2084F6-1CDC-4F4A-9A7F-9C3D3D5CADC3}" = protocol=6 | dir=in | app=c:\windows\system32\plasrv.exe |
"{1962FA8E-D336-472B-8FB0-6CC509AE07D1}" = protocol=6 | dir=in | app=c:\program files\icq7.5\icq.exe |
"{28BB33C4-CEA9-4DB2-850B-F5A2B7602EEB}" = protocol=17 | dir=in | app=c:\program files\icq7.5\icq.exe |
"{2BFE529D-DB15-443C-BC0F-4BE1FEFCAD5C}" = protocol=6 | dir=in | app=c:\program files\icq7.5\icq.exe |
"{2F234946-5417-4D67-ADCF-106D37CDA941}" = protocol=6 | dir=in | app=c:\users\july\appdata\roaming\dropbox\bin\dropbox.exe |
"{365ACB67-B936-4CC1-9572-C15A9BD06D8B}" = protocol=17 | dir=in | app=c:\users\july\appdata\roaming\dropbox\bin\dropbox.exe |
"{7109B1BD-336D-4AD2-B97D-65F0251419E0}" = protocol=17 | dir=in | app=c:\program files\terratec\terratec home cinema\cinergydvr.exe |
"{72C1DD05-F754-4D2D-A68B-A5D59376F47C}" = protocol=6 | dir=in | app=c:\program files\icq7.5\icq.exe |
"{98B9BDDA-8A90-49EB-8937-EC8D731128B1}" = protocol=17 | dir=in | app=c:\program files\terratec\terratec home cinema\insttool.exe |
"{9D505DBC-B6D1-421D-BA32-555ECEC96B85}" = protocol=17 | dir=in | app=d:\microsoft office\office12\groove.exe |
"{A40743B6-6D78-4893-978E-3904CEA86F2D}" = protocol=6 | dir=in | app=c:\program files\terratec\terratec home cinema\tvtvsetup\tvtv_wizard.exe |
"{A5ED0936-6363-4025-9FA3-88FB0D1B949F}" = protocol=17 | dir=in | app=c:\program files\icq7.5\icq.exe |
"{A840F394-C630-4994-9EF1-C9289AAAA475}" = protocol=6 | dir=in | app=d:\microsoft office\office12\onenote.exe |
"{A8904B58-0900-47CB-9981-BAB6029ED5F1}" = dir=in | app=c:\program files\skype\plugin manager\skypepm.exe |
"{AB16F888-359A-4A32-9E98-A71BBAEE778E}" = protocol=6 | dir=in | app=d:\microsoft office\office12\groove.exe |
"{AF6A24E2-825E-4642-A4EF-10735ADC638A}" = protocol=17 | dir=in | app=c:\program files\icq7.5\icq.exe |
"{B2EC6567-7D00-437C-A3DF-D42B2AEFD95D}" = protocol=6 | dir=in | app=c:\windows\system32\muzapp.exe |
"{B6661B59-FE2C-419E-B0CF-90613340D301}" = protocol=6 | dir=in | app=c:\program files\terratec\terratec home cinema\cinergydvr.exe |
"{B88EAD91-30B2-4238-A9D8-EADA48CEEF00}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{C99052E1-73F6-426E-A610-72A5FD4C1D19}" = protocol=6 | dir=in | app=c:\program files\terratec\terratec home cinema\insttool.exe |
"{DECA3888-4FED-4266-8A3B-F6192AB569F0}" = protocol=17 | dir=in | app=c:\program files\terratec\terratec home cinema\tvtvsetup\tvtv_wizard.exe |
"{FF145D1C-C388-4F6A-B5DA-9AF0C0076E4F}" = protocol=6 | dir=out | svc=upnphost | app=%systemroot%\system32\svchost.exe |
"TCP Query User{D21565E6-51EC-4815-8D2B-50722B89D3F1}C:\program files\qip\qip.exe" = protocol=6 | dir=in | app=c:\program files\qip\qip.exe |
"TCP Query User{DEA72C7F-EB24-4ACC-89EC-D213B1A38454}C:\program files\terratec\terratec home cinema\versioncheck\versioncheck.exe" = protocol=6 | dir=in | app=c:\program files\terratec\terratec home cinema\versioncheck\versioncheck.exe |
"UDP Query User{B1A9E6C7-882E-4E90-970B-00D6F039F5A1}C:\program files\terratec\terratec home cinema\versioncheck\versioncheck.exe" = protocol=17 | dir=in | app=c:\program files\terratec\terratec home cinema\versioncheck\versioncheck.exe |
"UDP Query User{E16AC443-F076-4E56-93EC-45C063086DE0}C:\program files\qip\qip.exe" = protocol=17 | dir=in | app=c:\program files\qip\qip.exe |
========== HKEY_LOCAL_MACHINE Uninstall List ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{009E5DF2-3F97-480B-89DA-F2D5E672E14A}_is1" = Live Update 5
"{052FDD78-A6EA-3187-8386-C82F4CA3A929}" = Microsoft .NET Framework 3.5 Language Pack SP1 - deu
"{07690F1C-04B1-4060-9691-6748ED1826B9}" = MSI Software Install
"{0A35B15C-9CCD-4C0C-BD5B-34ABF8C95813}_is1" = ICQ 7.5 Build #5242 Banner Remover 1.1
"{0B3973ED-EB50-5888-7538-1E635CF19C75}" = CCC Help Chinese Standard
"{18D10072035C4515918F7E37EAFAACFC}" = AutoUpdate
"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
"{23B14BE4-5277-40B2-B602-3FCD456C27BC}" = Protector Suite QL 5.8
"{26921B2E-3E62-47F9-A514-1FC4A83BD738}" = Intel(R) PROSet/Wireless WiFi Software
"{26A24AE4-039D-4CA4-87B4-2F83216026FF}" = Java(TM) 6 Update 26
"{28006915-2739-4EBE-B5E8-49B25D32EB33}" = Atheros Client Installation Program
"{2892E1B7-E24D-4CCB-B8A7-B63D4B66F89F}" = BurnRecovery
"{289338AE-2213-4509-AED2-450414C1260C}_is1" = ICQ Update Patch 1.7
"{294BB21B-0091-492F-87D2-A9192DA3E448}" = System Requirements Lab for Intel
"{2D5BCDF0-663C-8319-00F1-D76CC6C354FE}" = Catalyst Control Center Graphics Previews Vista
"{3248F0A8-6813-11D6-A77B-00B0D0160070}" = Java(TM) 6 Update 7
"{389D6438-7C5C-A81D-A38B-1A82CE0F440E}" = Catalyst Control Center Localization Chinese Traditional
"{3FC7CBBC4C1E11DCA1A752EA55D89593}" = DivX Version Checker
"{415B2719-AD3A-4944-B404-C472DB6085B3}" = Cisco EAP-FAST Module
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{5335DADB-34BA-4AE8-A519-648D78498846}" = Skype™ 5.3
"{54C7B05B-DCB8-7F70-5446-CE7DF004F367}" = CCC Help Japanese
"{56C049BE-79E9-4502-BEA7-9754A3E60F9B}" = neroxml
"{5812E6DA-9954-1915-9E98-3BB11924C1A4}" = CCC Help English
"{5DA8F6CD-C70E-39D8-8430-3D9808D6BD17}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30411
"{5E222767-9BFB-BDEA-8A10-2141C0447D84}" = Catalyst Control Center Graphics Full Existing
"{5EE7D259-D137-4438-9A5F-42F432EC0421}" = VC80CRTRedist - 8.0.50727.4053
"{63B9BAB5-F36A-4A3B-9E5C-68A7F212BFB9}" = TerraTec Home Cinema
"{669C7BD8-DAA2-49B6-966C-F1E2AAE6B17E}" = Cisco PEAP Module
"{6F06E141-1106-0881-BE93-003C099E72F3}" = Catalyst Control Center Localization Chinese Standard
"{70E8EBD5-78C9-4258-B20A-5098CCA000F0}" = Dolby Control Center
"{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}" = Microsoft Visual C++ 2005 Redistributable
"{7578ADEA-D65F-4C89-A249-B1C88B6FFC20}" = ICQ7.5
"{758C8301-2696-4855-AF45-534B1200980A}" = Samsung Kies
"{7748AC8C-18E3-43BB-959B-088FAEA16FB2}" = Nero StartSmart
"{7EC19307-7C22-47A8-922B-3FA965291260}" = OpenOffice.org 3.0
"{817DE62F-5787-43BB-8877-5F81FAE5A823}" = ACUBE UniSSOTray V1.0
"{82F913E9-BBF2-B8C0-6869-C7824B883329}" = ATI Catalyst Install Manager
"{83770D14-21B9-44B3-8689-F7B523F94560}" = Cisco LEAP Module
"{86D4B82A-ABED-442A-BE86-96357B70F4FE}" = Ask Toolbar
"{8833FFB6-5B0C-4764-81AA-06DFEED9A476}" = Realtek 8169 8168 8101E 8102E Ethernet Driver
"{8ADFC4160D694100B5B8A22DE9DCABD9}" = DivX Player
"{90120000-0015-0407-0000-0000000FF1CE}" = Microsoft Office Access MUI (German) 2007
"{90120000-0015-0407-0000-0000000FF1CE}_ENTERPRISE_{9BD40163-B95D-4B07-8991-0AB775B6D88B}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0016-0407-0000-0000000FF1CE}" = Microsoft Office Excel MUI (German) 2007
"{90120000-0016-0407-0000-0000000FF1CE}_ENTERPRISE_{9BD40163-B95D-4B07-8991-0AB775B6D88B}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0018-0407-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (German) 2007
"{90120000-0018-0407-0000-0000000FF1CE}_ENTERPRISE_{9BD40163-B95D-4B07-8991-0AB775B6D88B}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0019-0407-0000-0000000FF1CE}" = Microsoft Office Publisher MUI (German) 2007
"{90120000-0019-0407-0000-0000000FF1CE}_ENTERPRISE_{9BD40163-B95D-4B07-8991-0AB775B6D88B}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-001A-0407-0000-0000000FF1CE}" = Microsoft Office Outlook MUI (German) 2007
"{90120000-001A-0407-0000-0000000FF1CE}_ENTERPRISE_{9BD40163-B95D-4B07-8991-0AB775B6D88B}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-001B-0407-0000-0000000FF1CE}" = Microsoft Office Word MUI (German) 2007
"{90120000-001B-0407-0000-0000000FF1CE}_ENTERPRISE_{9BD40163-B95D-4B07-8991-0AB775B6D88B}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-001F-0407-0000-0000000FF1CE}" = Microsoft Office Proof (German) 2007
"{90120000-001F-0407-0000-0000000FF1CE}_ENTERPRISE_{A0516415-ED61-419A-981D-93596DA74165}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2007
"{90120000-001F-0409-0000-0000000FF1CE}_ENTERPRISE_{ABDDE972-355B-4AF1-89A8-DA50B7B5C045}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2007
"{90120000-001F-040C-0000-0000000FF1CE}_ENTERPRISE_{F580DDD5-8D37-4998-968E-EBB76BB86787}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-001F-0410-0000-0000000FF1CE}" = Microsoft Office Proof (Italian) 2007
"{90120000-001F-0410-0000-0000000FF1CE}_ENTERPRISE_{322296D4-1EAE-4030-9FBC-D2787EB25FA2}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-002C-0407-0000-0000000FF1CE}" = Microsoft Office Proofing (German) 2007
"{90120000-0030-0000-0000-0000000FF1CE}" = Microsoft Office Enterprise 2007
"{90120000-0030-0000-0000-0000000FF1CE}_ENTERPRISE_{0B36C6D6-F5D8-4EAF-BF94-4376A230AD5B}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0030-0000-0000-0000000FF1CE}_ENTERPRISE_{3D019598-7B59-447A-80AE-815B703B84FF}" = Security Update for Microsoft Office system 2007 (972581)
"{90120000-0044-0407-0000-0000000FF1CE}" = Microsoft Office InfoPath MUI (German) 2007
"{90120000-0044-0407-0000-0000000FF1CE}_ENTERPRISE_{9BD40163-B95D-4B07-8991-0AB775B6D88B}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-006E-0407-0000-0000000FF1CE}" = Microsoft Office Shared MUI (German) 2007
"{90120000-006E-0407-0000-0000000FF1CE}_ENTERPRISE_{26454C26-D259-4543-AA60-3189E09C5F76}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-00A1-0407-0000-0000000FF1CE}" = Microsoft Office OneNote MUI (German) 2007
"{90120000-00A1-0407-0000-0000000FF1CE}_ENTERPRISE_{9BD40163-B95D-4B07-8991-0AB775B6D88B}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-00BA-0407-0000-0000000FF1CE}" = Microsoft Office Groove MUI (German) 2007
"{90120000-00BA-0407-0000-0000000FF1CE}_ENTERPRISE_{9BD40163-B95D-4B07-8991-0AB775B6D88B}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90140000-2005-0000-0000-0000000FF1CE}" = Microsoft Office File Validation Add-In
"{9068B2BE-D93A-4C0A-861C-5E35E2C0E09E}" = Intel® Matrix Storage Manager
"{958DD4C6-4E8C-9E32-2292-EF9FF25E5C35}" = CCC Help Chinese Traditional
"{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
"{9E4C9080-C91E-253C-B51E-A81C9B96C10C}" = Catalyst Control Center InstallProxy
"{A3BE3F1E-2472-4211-8735-E8239BE49D9F}" = Ulead Burn.Now 4.5
"{A48A1D1C-307A-46F9-983E-9762863D15F1}" = GMX Toolbar MSVC100 CRT x86
"{A72D6F6E-81DA-9BF5-E193-7CD8DC28EB62}" = Catalyst Control Center Graphics Light
"{AC76BA86-7AD7-1033-7B44-A83000000003}" = Adobe Reader 8.3.1
"{AC76BA86-7AD7-5464-3428-800000000003}" = Spelling Dictionaries Support For Adobe Reader 8
"{B2EC4A38-B545-4A00-8214-13FE0E915E6D}" = Advertising Center
"{B56195ED-11C3-7F0D-4DE4-343D3BD57F3A}" = Catalyst Control Center Core Implementation
"{B6CF2967-C81E-40C0-9815-C05774FEF120}" = Skype Toolbars
"{B7050CBDB2504B34BC2A9CA0A692CC29}" = DivX Web Player
"{B744CE83-FAB5-A833-4446-E4CF437B5E69}" = Catalyst Control Center Localization Japanese
"{BD5CA0DA-71AD-43DA-B19E-6EEE0C9ADC9A}" = Nero ControlCenter
"{C7340571-7773-4A8C-9EBC-4E4243B38C76}" = Microsoft XML Parser
"{C81A2FE0-3574-00A9-CED4-BDAA334CBE8E}" = Nero Online Upgrade
"{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1
"{CEBB6BFB-D708-4F99-A633-BC2600E01EF6}" = Bluetooth Stack for Windows by Toshiba
"{D0795B21-0CDA-4a92-AB9E-6E92D8111E44}" = SAMSUNG USB Driver for Mobile Phones
"{D1504C77-1B19-4AF0-8DEC-946666123B55}" = CrazyTalk Cam Suite
"{d4471e5a-b76c-46a8-9631-edeb581c5ba9}" = Nero 9 Lite
"{DC24971E-1946-445D-8A82-CE685433FA7D}" = Realtek USB 2.0 Card Reader
"{E105ADD3-D412-3CB1-602C-07D791FDEE88}" = Skins
"{E5E80E00-F4B9-74DD-42ED-06D1789D5E22}" = ccc-core-static
"{E8A80433-302B-4FF1-815D-FCC8EAC482FF}" = Nero Installer
"{ED9C5D25-55DF-48D8-9328-2AC0D75DE5D8}" = System Control Manager
"{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver
"{FBF8AB14-5496-C04B-C3AE-B8860BFF61F4}" = Catalyst Control Center Graphics Full New
"{FF61E4BC-A243-AEFA-0602-103943FB93E3}" = ccc-utility
"{FF66E9F6-83E7-3A3E-AF14-8DE9A809A6A4}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022
"1&1 Mail & Media GmbH 1und1InternetExplorerAddon" = GMX Internet Explorer Addon
"1&1 Mail & Media GmbH 1und1Softwareaktualisierung" = GMX Softwareaktualisierung
"1&1 Mail & Media GmbH Toolbar FF" = GMX Toolbar für Mozilla Firefox
"1&1 Mail & Media GmbH Toolbar IE8" = GMX Toolbar für Internet Explorer
"7-Zip" = 7-Zip 4.65
"Adobe Flash Player ActiveX" = Adobe Flash Player 10 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 10 Plugin
"Audiograbber" = Audiograbber 1.83 SE
"Avira AntiVir Desktop" = Avira AntiVir Personal - Free Antivirus
"Citavi" = Citavi 2.5
"CyberGhost VPN_is1" = CyberGhost VPN
"ENTERPRISE" = Microsoft Office Enterprise 2007
"Exact Audio Copy" = Exact Audio Copy 1.0beta2
"Firebird SQL Server D" = Firebird SQL Server - MAGIX Edition 2.0.0.1 (D)
"ICQToolbar" = ICQ Toolbar
"Install MAGIX Goya Base UK" = Install MAGIX Goya Base 1.0.2.0 (UK)
"InstallShield_{758C8301-2696-4855-AF45-534B1200980A}" = Samsung Kies
"InstallShield_{A3BE3F1E-2472-4211-8735-E8239BE49D9F}" = Ulead Burn.Now 4.5 SE
"IrfanView" = IrfanView (remove only)
"JAP" = JAP
"LastFM_is1" = Last.fm 1.5.4.27091
"MAGIX Foto Manager 2006 D" = MAGIX Foto Manager 2006 3.4.0.450 (D)
"MAGIX Goya Base D" = MAGIX Goya Base 1.3.1.2 (D)
"MAGIX Music Manager 2006 D" = MAGIX Music Manager 2006 7.4.0.438 (D)
"MAGIX Online Druck Service D" = MAGIX Online Druck Service 2.3.2.0 (D)
"Microsoft .NET Framework 3.5 Language Pack SP1 - deu" = Microsoft .NET Framework 3.5 Language Pack SP1 - DEU
"Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1
"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile
"Mozilla Firefox 6.0.2 (x86 de)" = Mozilla Firefox 6.0.2 (x86 de)
"OpenVPN" = OpenVPN 2.1_rc21
"Oxford Advanced Genie" = Oxford Advanced Genie
"Product_Name" = eText typeSmart
"ProInst" = Intel PROSet Wireless
"SearchAnonymizer" = SearchAnonymizer
"TeamViewer 4" = TeamViewer 4
"TippKönigin_is1" = TippKönigin 5.5
"VLC media player" = VLC media player 0.9.8a
"ZoneAlarm" = ZoneAlarm
========== HKEY_CURRENT_USER Uninstall List ==========
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"Dropbox" = Dropbox
========== Last 10 Event Log Errors ==========
[ Application Events ]
Error - 03.06.2010 12:32:11 | Computer Name = JulysLaptop | Source = Windows Search Service | ID = 3013
Description =
Error - 03.06.2010 12:32:13 | Computer Name = JulysLaptop | Source = Windows Search Service | ID = 3013
Description =
Error - 03.06.2010 12:32:14 | Computer Name = JulysLaptop | Source = Windows Search Service | ID = 3013
Description =
Error - 03.06.2010 17:13:19 | Computer Name = JulysLaptop | Source = Windows Search Service | ID = 3010
Description =
Error - 04.06.2010 02:34:04 | Computer Name = JulysLaptop | Source = Microsoft-Windows-CAPI2 | ID = 131083
Description =
Error - 04.06.2010 02:34:08 | Computer Name = JulysLaptop | Source = WinMgmt | ID = 10
Description =
Error - 04.06.2010 10:00:04 | Computer Name = JulysLaptop | Source = Microsoft-Windows-CAPI2 | ID = 131083
Description =
Error - 04.06.2010 10:00:11 | Computer Name = JulysLaptop | Source = WinMgmt | ID = 10
Description =
Error - 05.06.2010 12:09:56 | Computer Name = JulysLaptop | Source = Microsoft-Windows-CAPI2 | ID = 131083
Description =
Error - 05.06.2010 12:10:00 | Computer Name = JulysLaptop | Source = WinMgmt | ID = 10
Description =
[ OSession Events ]
Error - 03.01.2011 11:02:58 | Computer Name = JulysLaptop | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 0, Application Name: Microsoft Office Word, Application Version:
12.0.6545.5000, Microsoft Office Version: 12.0.6425.1000. This session lasted 100700
seconds with 22500 seconds of active time. This session ended with a crash.
[ System Events ]
Error - 29.09.2011 11:46:19 | Computer Name = JulysLaptop | Source = BROWSER | ID = 8032
Description =
Error - 29.09.2011 12:02:47 | Computer Name = JulysLaptop | Source = DCOM | ID = 10010
Description =
Error - 30.09.2011 09:14:03 | Computer Name = JulysLaptop | Source = Service Control Manager | ID = 7022
Description =
Error - 30.09.2011 09:17:34 | Computer Name = JulysLaptop | Source = Microsoft-Windows-LanguagePackSetup | ID = 1001
Description =
Error - 30.09.2011 09:19:36 | Computer Name = JulysLaptop | Source = volsnap | ID = 393236
Description = Die Schattenkopien von Volume "D:" wurden aufgrund von einem fehlgeschlagenen
Rechenvorgang bezüglich verfügbarem Speicher abgebrochen.
Error - 30.09.2011 09:21:01 | Computer Name = JulysLaptop | Source = Microsoft-Windows-WindowsUpdateClient | ID = 20
Description =
Error - 30.09.2011 09:21:15 | Computer Name = JulysLaptop | Source = Microsoft-Windows-WindowsUpdateClient | ID = 20
Description =
Error - 30.09.2011 09:23:36 | Computer Name = JulysLaptop | Source = Microsoft-Windows-WindowsUpdateClient | ID = 20
Description =
Error - 30.09.2011 09:36:20 | Computer Name = JulysLaptop | Source = Service Control Manager | ID = 7022
Description =
Error - 30.09.2011 09:38:56 | Computer Name = JulysLaptop | Source = Microsoft-Windows-LanguagePackSetup | ID = 1001
Description =
< End of report >
Vielen Dank für die Hilfe! Geändert von julianes (02.10.2011 um 17:06 Uhr) |
|
03.10.2011, 15:34
| #9 |
| /// Helfer-Team | TR/Spy.Web.H und windows-virus w32/Indus.A Für Vista und Win7: Wichtig: Alle Befehle bitte als Administrator ausführen! rechte Maustaste auf die Eingabeaufforderung und "als Administrator ausführen" auswählen Auf der angewählten Anwendung einen Rechtsklick (rechte Maustaste) und "Als Administrator ausführen" wählen! 1. Fixen mit OTL
Code:
ATTFilter :OTL
PRC - [2011.05.17 13:29:46 | 000,395,144 | ---- | M] (Ask) -- C:\Program Files\Ask.com\Updater\Updater.exe
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.gmx.net/br/ie9_startpage
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Search_URL = http://search.qip.ru
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://search.qip.ru
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://go.gmx.net/tb/ie_startpage
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = http://search.qip.ru/ie
IE - HKCU\..\URLSearchHook: - No CLSID value found
IE - HKCU\..\URLSearchHook: {A55F9C95-2BB1-4EA2-BC77-DFAAB78832CE} - No CLSID value found
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = <local>
FF - prefs.js..browser.startup.homepage: "hxxp://www.gmx.de/"
[2011.09.24 11:03:40 | 000,000,000 | -H-D | M] ("Ask Toolbar") -- C:\Users\July\AppData\Roaming\mozilla\Firefox\Profiles\9dktzsce.default\extensions\toolbar@ask.com
[2011.05.31 12:25:50 | 000,010,525 | -H-- | M] () -- C:\Users\July\AppData\Roaming\Mozilla\Firefox\Profiles\9dktzsce.default\searchplugins\gmx-suche.xml
[2011.09.27 15:02:40 | 000,000,950 | -H-- | M] () -- C:\Users\July\AppData\Roaming\Mozilla\Firefox\Profiles\9dktzsce.default\searchplugins\icqplugin-1.xml
[2011.08.17 10:55:16 | 000,000,950 | -H-- | M] () -- C:\Users\July\AppData\Roaming\Mozilla\Firefox\Profiles\9dktzsce.default\searchplugins\icqplugin-2.xml
[2011.08.18 19:37:27 | 000,000,950 | -H-- | M] () -- C:\Users\July\AppData\Roaming\Mozilla\Firefox\Profiles\9dktzsce.default\searchplugins\icqplugin-3.xml
[2011.08.21 13:16:51 | 000,000,950 | -H-- | M] () -- C:\Users\July\AppData\Roaming\Mozilla\Firefox\Profiles\9dktzsce.default\searchplugins\icqplugin-4.xml
[2011.08.31 18:53:47 | 000,000,950 | -H-- | M] () -- C:\Users\July\AppData\Roaming\Mozilla\Firefox\Profiles\9dktzsce.default\searchplugins\icqplugin-5.xml
[2011.09.08 17:55:36 | 000,000,950 | -H-- | M] () -- C:\Users\July\AppData\Roaming\Mozilla\Firefox\Profiles\9dktzsce.default\searchplugins\icqplugin-6.xml
[2011.09.25 17:27:46 | 000,000,168 | -H-- | M] () -- C:\Users\July\AppData\Roaming\Mozilla\Firefox\Profiles\9dktzsce.default\searchplugins\icqplugin.gif
[2011.06.21 23:43:44 | 000,000,950 | -H-- | M] () -- C:\Users\July\AppData\Roaming\Mozilla\Firefox\Profiles\9dktzsce.default\searchplugins\icqplugin.xml
[2010.10.13 19:59:14 | 000,002,311 | -H-- | M] () -- C:\Users\July\AppData\Roaming\Mozilla\Firefox\Profiles\9dktzsce.default\searchplugins\qipsearch.xml
() (No name found) -- C:\USERS\JULY\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\9DKTZSCE.DEFAULT\EXTENSIONS\TOOLBAR@GMX.NET.XPI
O2 - BHO: (GMX Konfiguration) - {17166733-40EA-4432-A85C-AE672FF0E236} - C:\ProgramData\1und1InternetExplorerAddon\BHOXML.dll (1&1 Mail & Media GmbH)
O2 - BHO: (no name) - {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} - No CLSID value found.
O2 - BHO: (GMX Toolbar BHO) - {BF42D4A8-016E-4fcd-B1EB-837659FD77C6} - C:\Program Files\GMX Toolbar\IE\uitb.dll (1und1 Mail und Media GmbH)
O2 - BHO: (Ask Toolbar) - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files\Ask.com\GenericAskToolbar.dll (Ask)
O3 - HKLM\..\Toolbar: (no name) - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - No CLSID value found.
O3 - HKLM\..\Toolbar: (GMX Toolbar BETA 1) - {C424171E-592A-415a-9EB1-DFD6D95D3530} - C:\Program Files\GMX Toolbar\IE\uitb.dll (1und1 Mail und Media GmbH)
O3 - HKLM\..\Toolbar: (Ask Toolbar) - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files\Ask.com\GenericAskToolbar.dll (Ask)
O3 - HKCU\..\Toolbar\WebBrowser: (GMX Toolbar BETA 1) - {C424171E-592A-415A-9EB1-DFD6D95D3530} - C:\Program Files\GMX Toolbar\IE\uitb.dll (1und1 Mail und Media GmbH)
O3 - HKCU\..\Toolbar\WebBrowser: (Ask Toolbar) - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files\Ask.com\GenericAskToolbar.dll (Ask)
O4 - HKLM..\Run: [] File not found
O4 - HKCU..\Run: [kwlfon] rundll32 C:\Users\July\AppData\Roaming\MICROS~1\Protect\espa.kk, qjok File not found
O4 - HKCU..\Run: [uIHokJiHsVWWMqk.exe] C:\ProgramData\uIHokJiHsVWWMqk.exe (NetPlay Software)
O16 - DPF: {08631890-6059-4255-B37F-F23AD334D122} hxxp://epis.ewha.ac.kr:8880/EP/web/common/cabfiles/ACUBEActiveXUninstallControl.cab (ACUBEActiveXUninstallControl Control)
O16 - DPF: {1CCA7AD8-4FF3-4449-B994-FD5CD326444C} hxxp://portal.ewha.ac.kr/sso/plugins/NMPCertX.cab (NMPCertX Class)
O16 - DPF: {3D64E58D-CB55-4344-B809-CFE38F900838} hxxp://portal.ewha.ac.kr/sso/plugins/MagicLoaderX.cab (MagicLoaderX Class)
O16 - DPF: {5441F297-BB6C-4D6C-9E05-4FD14D96B605} hxxp://epis.ewha.ac.kr:8880/EP/web/common/cabfiles/IE8Tools.cab (BlockIEDevTools Class)
O16 - DPF: {9D67EBF0-AF1A-4BCE-BAC9-C84A9383E0B3} hxxp://epis.ewha.ac.kr:8880/EP/web/common/cabfiles/UniSSOCheck.cab (SSOCheck Class)
O16 - DPF: {AD6870C0-44B7-42FB-A119-C2C6BD9CD005} hxxp://portal.ewha.ac.kr/sso/plugins/MagicPassX.cab (MagicPass Class)
O32 - HKLM CDRom: AutoRun - 1
O33 - MountPoints2\{28bfba81-5345-11de-90e2-002185560a86}\Shell\AutoRun\command - "" = F:\setup.exe
O33 - MountPoints2\{4d26b746-f784-11de-8f33-002185560a86}\Shell - "" = AutoRun
O33 - MountPoints2\{4d26b746-f784-11de-8f33-002185560a86}\Shell\AutoRun\command - "" = H:\LaunchU3.exe -a
O33 - MountPoints2\{8af45932-0cd9-11e0-9e6d-002185560a86}\Shell - "" = AutoRun
O33 - MountPoints2\{8af45932-0cd9-11e0-9e6d-002185560a86}\Shell\AutoRun\command - "" = G:\LaunchU3.exe -a
O33 - MountPoints2\{9efac829-7f50-11de-8319-002185560a86}\Shell - "" = AutoRun
O33 - MountPoints2\{9efac829-7f50-11de-8319-002185560a86}\Shell\AutoRun\command - "" = G:\LaunchU3.exe -a
O33 - MountPoints2\G\Shell - "" = AutoRun
O33 - MountPoints2\G\Shell\AutoRun\command - "" = G:\LaunchU3.exe -a
[2011.09.28 13:00:49 | 000,000,000 | -H-D | C] -- C:\Users\July\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Data Repair
[2011.09.28 13:00:02 | 000,346,624 | -H-- | C] (NetPlay Software) -- C:\ProgramData\6DSS92c31Apgjk.exe
[2011.09.28 12:51:09 | 000,458,752 | -H-- | C] (NetPlay Software) -- C:\ProgramData\uIHokJiHsVWWMqk.exe
[2011.09.21 06:03:35 | 000,000,000 | -H-D | C] -- C:\Users\July\AppData\Roaming\EurekaLog
[2011.09.28 13:25:03 | 000,000,208 | -H-- | M] () -- C:\ProgramData\~6DSS92c31Apgjk
[2011.09.28 13:25:03 | 000,000,128 | -H-- | M] () -- C:\ProgramData\~6DSS92c31Apgjkr
[2011.09.28 13:06:45 | 000,000,456 | -H-- | M] () -- C:\ProgramData\6DSS92c31Apgjk
[2011.09.28 13:00:49 | 000,000,613 | -H-- | M] () -- C:\Users\July\Desktop\Data Repair.lnk
[2011.09.28 12:50:13 | 000,458,752 | -H-- | M] (NetPlay Software) -- C:\ProgramData\uIHokJiHsVWWMqk.exe
:Reg
"TCP Query User{D21565E6-51EC-4815-8D2B-50722B89D3F1}C:\program files\qip\qip.exe" =-
"UDP Query User{E16AC443-F076-4E56-93EC-45C063086DE0}C:\program files\qip\qip.exe" =-
:Commands
[purity]
[emptytemp]
2. Lade Dir Malwarebytes Anti-Malware von→ malwarebytes.org
3. läuft unter XP, Vista mit (32Bit) und Windows 7 (32Bit) Achtung!: WENN GMER NICHT AUSGEFÜHRT WERDEN KANN ODER PROBMLEME VERURSACHT, fahre mit dem nächsten Punkt fort!- Es ist NICHT sinnvoll einen zweiten Versuch zu starten! Um einen tieferen Einblick in dein System, um eine mögliche Infektion mit einem Rootkit/Info v.wikipedia.org) aufzuspüren, werden wir ein Tool - Gmer - einsetzen :
** keine Verbindung zu einem Netzwerk und Internet - WLAN nicht vergessen Wenn der Scan beendet ist, bitte alle Programme und Tools wieder aktivieren! Anleitung:-> GMER - Rootkit Scanner 4. Kontrolle mit MBR -t, ob Master Boot Record in Ordnung ist (MBR-Rootkit) Mit dem folgenden Tool prüfen wir, ob sich etwas Schädliches im Master Boot Record eingenistet hat.
5. erneut einen Scan mit OTL:
__________________ Warnung!: Vorsicht beim Rechnungen per Email mit ZIP-Datei als Anhang! Kann mit einen Verschlüsselungs-Trojaner infiziert sein! Anhang nicht öffnen, in unserem Forum erst nachfragen! Sichere regelmäßig deine Daten, auf CD/DVD, USB-Sticks oder externe Festplatten, am besten 2x an verschiedenen Orten! Bitte diese Warnung weitergeben, wo Du nur kannst! Geändert von kira (03.10.2011 um 16:05 Uhr) |
|
04.10.2011, 16:29
| #10 |
| | TR/Spy.Web.H und windows-virus w32/Indus.A Hallo, hier die Ergebnisse: 1. Fixen mit OTL Code:
ATTFilter ========== OTL ==========
No active process named Updater.exe was found!
HKCU\SOFTWARE\Microsoft\Internet Explorer\Main\\Default_Page_URL| /E : value set successfully!
HKCU\SOFTWARE\Microsoft\Internet Explorer\Main\\Default_Search_URL| /E : value set successfully!
HKCU\SOFTWARE\Microsoft\Internet Explorer\Main\\Search Page| /E : value set successfully!
HKCU\SOFTWARE\Microsoft\Internet Explorer\Main\\Start Page| /E : value set successfully!
HKCU\SOFTWARE\Microsoft\Internet Explorer\Search\\SearchAssistant| /E : value set successfully!
Registry value HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\URLSearchHooks\\ deleted successfully.
Registry value HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\URLSearchHooks\\{A55F9C95-2BB1-4EA2-BC77-DFAAB78832CE} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{A55F9C95-2BB1-4EA2-BC77-DFAAB78832CE}\ not found.
HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\\ProxyOverride| /E : value set successfully!
Prefs.js: "hxxp://www.gmx.de/" removed from browser.startup.homepage
Folder C:\Users\July\AppData\Roaming\mozilla\Firefox\Profiles\9dktzsce.default\extensions\toolbar@ask.com\ not found.
C:\Users\July\AppData\Roaming\Mozilla\Firefox\Profiles\9dktzsce.default\searchplugins\gmx-suche.xml moved successfully.
C:\Users\July\AppData\Roaming\Mozilla\Firefox\Profiles\9dktzsce.default\searchplugins\icqplugin-1.xml moved successfully.
C:\Users\July\AppData\Roaming\Mozilla\Firefox\Profiles\9dktzsce.default\searchplugins\icqplugin-2.xml moved successfully.
C:\Users\July\AppData\Roaming\Mozilla\Firefox\Profiles\9dktzsce.default\searchplugins\icqplugin-3.xml moved successfully.
C:\Users\July\AppData\Roaming\Mozilla\Firefox\Profiles\9dktzsce.default\searchplugins\icqplugin-4.xml moved successfully.
C:\Users\July\AppData\Roaming\Mozilla\Firefox\Profiles\9dktzsce.default\searchplugins\icqplugin-5.xml moved successfully.
C:\Users\July\AppData\Roaming\Mozilla\Firefox\Profiles\9dktzsce.default\searchplugins\icqplugin-6.xml moved successfully.
C:\Users\July\AppData\Roaming\Mozilla\Firefox\Profiles\9dktzsce.default\searchplugins\icqplugin.gif moved successfully.
C:\Users\July\AppData\Roaming\Mozilla\Firefox\Profiles\9dktzsce.default\searchplugins\icqplugin.xml moved successfully.
C:\Users\July\AppData\Roaming\Mozilla\Firefox\Profiles\9dktzsce.default\searchplugins\qipsearch.xml moved successfully.
Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{17166733-40EA-4432-A85C-AE672FF0E236}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{17166733-40EA-4432-A85C-AE672FF0E236}\ not found.
File C:\ProgramData\1und1InternetExplorerAddon\BHOXML.dll not found.
Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{602ADB0E-4AFF-4217-8AA1-95DAC4DFA408}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{602ADB0E-4AFF-4217-8AA1-95DAC4DFA408}\ not found.
Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{BF42D4A8-016E-4fcd-B1EB-837659FD77C6}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{BF42D4A8-016E-4fcd-B1EB-837659FD77C6}\ not found.
File C:\Program Files\GMX Toolbar\IE\uitb.dll not found.
Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{D4027C7F-154A-4066-A1AD-4243D8127440}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{D4027C7F-154A-4066-A1AD-4243D8127440}\ not found.
File C:\Program Files\Ask.com\GenericAskToolbar.dll not found.
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Toolbar\\{7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA}\ not found.
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Toolbar\\{C424171E-592A-415a-9EB1-DFD6D95D3530} not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{C424171E-592A-415a-9EB1-DFD6D95D3530}\ not found.
File C:\Program Files\GMX Toolbar\IE\uitb.dll not found.
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Toolbar\\{D4027C7F-154A-4066-A1AD-4243D8127440} not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{D4027C7F-154A-4066-A1AD-4243D8127440}\ not found.
File C:\Program Files\Ask.com\GenericAskToolbar.dll not found.
Registry value HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{C424171E-592A-415A-9EB1-DFD6D95D3530} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{C424171E-592A-415A-9EB1-DFD6D95D3530}\ not found.
File C:\Program Files\GMX Toolbar\IE\uitb.dll not found.
Registry value HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{D4027C7F-154A-4066-A1AD-4243D8127440} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{D4027C7F-154A-4066-A1AD-4243D8127440}\ not found.
File C:\Program Files\Ask.com\GenericAskToolbar.dll not found.
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\\ not found.
Registry value HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run\\kwlfon deleted successfully.
Registry value HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run\\uIHokJiHsVWWMqk.exe not found.
File C:\ProgramData\uIHokJiHsVWWMqk.exe not found.
Starting removal of ActiveX control {08631890-6059-4255-B37F-F23AD334D122}
C:\Windows\Downloaded Program Files\ACUBEActiveXUninstallControl.inf moved successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{08631890-6059-4255-B37F-F23AD334D122}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{08631890-6059-4255-B37F-F23AD334D122}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{08631890-6059-4255-B37F-F23AD334D122}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{08631890-6059-4255-B37F-F23AD334D122}\ not found.
Starting removal of ActiveX control {1CCA7AD8-4FF3-4449-B994-FD5CD326444C}
C:\Windows\Downloaded Program Files\NMPCertX.inf moved successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{1CCA7AD8-4FF3-4449-B994-FD5CD326444C}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{1CCA7AD8-4FF3-4449-B994-FD5CD326444C}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{1CCA7AD8-4FF3-4449-B994-FD5CD326444C}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{1CCA7AD8-4FF3-4449-B994-FD5CD326444C}\ not found.
Starting removal of ActiveX control {3D64E58D-CB55-4344-B809-CFE38F900838}
C:\Windows\Downloaded Program Files\MagicLoaderX.inf moved successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{3D64E58D-CB55-4344-B809-CFE38F900838}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{3D64E58D-CB55-4344-B809-CFE38F900838}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{3D64E58D-CB55-4344-B809-CFE38F900838}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{3D64E58D-CB55-4344-B809-CFE38F900838}\ not found.
Starting removal of ActiveX control {5441F297-BB6C-4D6C-9E05-4FD14D96B605}
C:\Windows\Downloaded Program Files\IE8Tools.inf moved successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{5441F297-BB6C-4D6C-9E05-4FD14D96B605}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{5441F297-BB6C-4D6C-9E05-4FD14D96B605}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{5441F297-BB6C-4D6C-9E05-4FD14D96B605}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{5441F297-BB6C-4D6C-9E05-4FD14D96B605}\ not found.
Starting removal of ActiveX control {9D67EBF0-AF1A-4BCE-BAC9-C84A9383E0B3}
C:\Windows\Downloaded Program Files\UniSSOCheck.inf moved successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{9D67EBF0-AF1A-4BCE-BAC9-C84A9383E0B3}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{9D67EBF0-AF1A-4BCE-BAC9-C84A9383E0B3}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{9D67EBF0-AF1A-4BCE-BAC9-C84A9383E0B3}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{9D67EBF0-AF1A-4BCE-BAC9-C84A9383E0B3}\ not found.
Starting removal of ActiveX control {AD6870C0-44B7-42FB-A119-C2C6BD9CD005}
C:\Windows\Downloaded Program Files\MagicPassX.inf moved successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{AD6870C0-44B7-42FB-A119-C2C6BD9CD005}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{AD6870C0-44B7-42FB-A119-C2C6BD9CD005}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{AD6870C0-44B7-42FB-A119-C2C6BD9CD005}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{AD6870C0-44B7-42FB-A119-C2C6BD9CD005}\ not found.
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Cdrom\\AutoRun|DWORD:1 /E : value set successfully!
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{28bfba81-5345-11de-90e2-002185560a86}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{28bfba81-5345-11de-90e2-002185560a86}\ not found.
File F:\setup.exe not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{4d26b746-f784-11de-8f33-002185560a86}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{4d26b746-f784-11de-8f33-002185560a86}\ not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{4d26b746-f784-11de-8f33-002185560a86}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{4d26b746-f784-11de-8f33-002185560a86}\ not found.
File H:\LaunchU3.exe -a not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{8af45932-0cd9-11e0-9e6d-002185560a86}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{8af45932-0cd9-11e0-9e6d-002185560a86}\ not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{8af45932-0cd9-11e0-9e6d-002185560a86}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{8af45932-0cd9-11e0-9e6d-002185560a86}\ not found.
File G:\LaunchU3.exe -a not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{9efac829-7f50-11de-8319-002185560a86}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{9efac829-7f50-11de-8319-002185560a86}\ not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{9efac829-7f50-11de-8319-002185560a86}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{9efac829-7f50-11de-8319-002185560a86}\ not found.
File G:\LaunchU3.exe -a not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\G\ deleted successfully.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\G\ not found.
File G:\LaunchU3.exe -a not found.
C:\Users\July\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Data Repair folder moved successfully.
File C:\ProgramData\6DSS92c31Apgjk.exe not found.
File C:\ProgramData\uIHokJiHsVWWMqk.exe not found.
C:\Users\July\AppData\Roaming\EurekaLog folder moved successfully.
C:\ProgramData\~6DSS92c31Apgjk moved successfully.
C:\ProgramData\~6DSS92c31Apgjkr moved successfully.
C:\ProgramData\6DSS92c31Apgjk moved successfully.
File C:\Users\July\Desktop\Data Repair.lnk not found.
File C:\ProgramData\uIHokJiHsVWWMqk.exe not found.
========== REGISTRY ==========
Registry key Invalid\\"TCP Query User{D21565E6-51EC-4815-8D2B-50722B89D3F1}C:\program files\qip\qip.exe" \ not found.
Registry key Invalid\\"UDP Query User{E16AC443-F076-4E56-93EC-45C063086DE0}C:\program files\qip\qip.exe" \ not found.
========== COMMANDS ==========
[EMPTYTEMP]
User: All Users
User: Default
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 33170 bytes
User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
User: July
->Temp folder emptied: 139569761 bytes
->Temporary Internet Files folder emptied: 144793459 bytes
->Java cache emptied: 775379 bytes
->FireFox cache emptied: 59271239 bytes
->Flash cache emptied: 12691 bytes
User: Public
%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 1189 bytes
%systemroot%\System32 .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 279440 bytes
Windows Temp folder emptied: 61377315 bytes
RecycleBin emptied: 93200842 bytes
Total Files Cleaned = 476,00 mb
OTL by OldTimer - Version 3.2.29.1 log created on 10042011_171513
Files\Folders moved on Reboot...
File\Folder C:\Users\July\AppData\Local\Temp\~DF4E5A.tmp not found!
File\Folder C:\Users\July\AppData\Local\Temp\~DF54DB.tmp not found!
File\Folder C:\Users\July\AppData\Local\Temp\~DF55D3.tmp not found!
File\Folder C:\Users\July\AppData\Local\Temp\~DF5F46.tmp not found!
File\Folder C:\Users\July\AppData\Local\Temp\~DF5F6F.tmp not found!
File\Folder C:\Users\July\AppData\Local\Temp\~DF6AC4.tmp not found!
File\Folder C:\Users\July\AppData\Local\Temp\~DF87D5.tmp not found!
File\Folder C:\Users\July\AppData\Local\Temp\~DFC6AF.tmp not found!
C:\Windows\temp\ZLT0695a.TMP moved successfully.
C:\Windows\temp\ZLT0695d.TMP moved successfully.
Registry entries deleted on Reboot...
|
|
07.10.2011, 10:45
| #11 |
| | TR/Spy.Web.H und windows-virus w32/Indus.A 2. Malwarebytes: Es wurden keine infizierten Objekte gefunden. Bericht: Code:
ATTFilter Malwarebytes' Anti-Malware 1.51.2.1300
www.malwarebytes.org
Datenbank Version: 7891
Windows 6.0.6002 Service Pack 2
Internet Explorer 9.0.8112.16421
07.10.2011 11:16:10
mbam-log-2011-10-07 (11-16-10).txt
Art des Suchlaufs: Vollständiger Suchlauf (C:\|D:\|E:\|)
Durchsuchte Objekte: 312399
Laufzeit: 2 Stunde(n), 11 Minute(n), 16 Sekunde(n)
Infizierte Speicherprozesse: 0
Infizierte Speichermodule: 0
Infizierte Registrierungsschlüssel: 0
Infizierte Registrierungswerte: 0
Infizierte Dateiobjekte der Registrierung: 0
Infizierte Verzeichnisse: 0
Infizierte Dateien: 0
Infizierte Speicherprozesse:
(Keine bösartigen Objekte gefunden)
Infizierte Speichermodule:
(Keine bösartigen Objekte gefunden)
Infizierte Registrierungsschlüssel:
(Keine bösartigen Objekte gefunden)
Infizierte Registrierungswerte:
(Keine bösartigen Objekte gefunden)
Infizierte Dateiobjekte der Registrierung:
(Keine bösartigen Objekte gefunden)
Infizierte Verzeichnisse:
(Keine bösartigen Objekte gefunden)
Infizierte Dateien:
(Keine bösartigen Objekte gefunden)
|
|
08.10.2011, 06:26
| #12 |
| /// Helfer-Team | TR/Spy.Web.H und windows-virus w32/Indus.A weitere Schritte fehlen...
__________________ Warnung!: Vorsicht beim Rechnungen per Email mit ZIP-Datei als Anhang! Kann mit einen Verschlüsselungs-Trojaner infiziert sein! Anhang nicht öffnen, in unserem Forum erst nachfragen! Sichere regelmäßig deine Daten, auf CD/DVD, USB-Sticks oder externe Festplatten, am besten 2x an verschiedenen Orten! Bitte diese Warnung weitergeben, wo Du nur kannst! |
|
08.10.2011, 17:17
| #13 |
| | TR/Spy.Web.H und windows-virus w32/Indus.A Sorry, ich hatte Verbindungs- und Zeitprobleme. Schritt 3. schien zu funktionieren: am Ende war da das Fenster wo ich hätte auf 'copy' drücken können, jedoch hat sich da der PC aufgehangen und es ging gar nichts mehr, auch nach längerem Warten passierte nichts, also hab ich neu gestartet (leider ohne ein Foto zu machen). leider klappt Schritt 4. nicht: habe mehrmals, angeblich erfolgreich, die mbr.exe runtergeladen. Aber jedesmal, wenn ich dann darauf klicke erscheint ganz kurz ein schwarzes Fenster mit Text drin, was sich aber nach weniger als einer Sekunde direkt wieder schließt und dann nicht mehr aufzufinden ist. 5. Scan mit OTL: Text-Datei: OTL Logfile: Code:
ATTFilter OTL logfile created on: 30.09.2011 15:40:16 - Run 1
OTL by OldTimer - Version 3.2.29.1 Folder = D:\download
Windows Vista Home Premium Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
3,00 Gb Total Physical Memory | 1,68 Gb Available Physical Memory | 56,06% Memory free
6,19 Gb Paging File | 4,96 Gb Available in Paging File | 80,15% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 43,95 Gb Total Space | 1,48 Gb Free Space | 3,37% Space Free | Partition Type: NTFS
Drive D: | 246,33 Gb Total Space | 46,53 Gb Free Space | 18,89% Space Free | Partition Type: NTFS
Computer Name: JULYSLAPTOP | User Name: July | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
========== Processes (SafeList) ==========
PRC - [2011.09.30 15:39:20 | 000,582,656 | ---- | M] (OldTimer Tools) -- D:\download\OTL(1).exe
PRC - [2011.09.28 13:00:02 | 000,346,624 | -H-- | M] (NetPlay Software) -- C:\ProgramData\6DSS92c31Apgjk.exe
PRC - [2011.09.28 12:50:13 | 000,458,752 | -H-- | M] (NetPlay Software) -- C:\ProgramData\uIHokJiHsVWWMqk.exe
PRC - [2011.09.08 17:14:09 | 000,924,632 | ---- | M] (Mozilla Corporation) -- C:\Program Files\Mozilla Firefox 4.0 Beta 10\firefox.exe
PRC - [2011.09.08 17:14:07 | 000,016,856 | ---- | M] (Mozilla Corporation) -- C:\Program Files\Mozilla Firefox 4.0 Beta 10\plugin-container.exe
PRC - [2011.06.28 18:52:46 | 000,269,480 | ---- | M] (Avira GmbH) -- C:\Program Files\Avira\AntiVir Desktop\avguard.exe
PRC - [2011.05.21 20:07:20 | 000,040,960 | -H-- | M] () -- C:\Users\July\AppData\Roaming\OCS\SM\SearchAnonymizerHelper.exe
PRC - [2011.05.17 13:29:46 | 000,395,144 | ---- | M] (Ask) -- C:\Program Files\Ask.com\Updater\Updater.exe
PRC - [2011.04.29 08:23:14 | 000,136,360 | ---- | M] (Avira GmbH) -- C:\Program Files\Avira\AntiVir Desktop\sched.exe
PRC - [2010.11.21 11:49:24 | 000,247,608 | ---- | M] () -- C:\Program Files\ICQ6Toolbar\ICQ Service.exe
PRC - [2010.11.04 14:41:06 | 000,281,768 | ---- | M] (Avira GmbH) -- C:\Program Files\Avira\AntiVir Desktop\avgnt.exe
PRC - [2010.01.14 22:10:53 | 000,076,968 | ---- | M] (Avira GmbH) -- C:\Program Files\Avira\AntiVir Desktop\avshadow.exe
PRC - [2009.04.11 08:27:36 | 002,926,592 | ---- | M] (Microsoft Corporation) -- C:\Windows\explorer.exe
PRC - [2009.04.11 08:27:28 | 000,069,120 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\conime.exe
PRC - [2009.01.28 09:39:02 | 000,185,640 | ---- | M] (TeamViewer GmbH) -- C:\Program Files\TeamViewer\Version4\TeamViewer_Service.exe
PRC - [2008.10.25 11:44:34 | 000,031,072 | -H-- | M] (Microsoft Corporation) -- D:\Microsoft Office\Office12\GrooveMonitor.exe
PRC - [2008.08.27 03:02:32 | 000,708,608 | ---- | M] (Mirco-Star International CO., LTD.) -- C:\Program Files\System Control Manager\MGSysCtrl.exe
PRC - [2008.08.27 01:52:14 | 000,159,744 | ---- | M] () -- C:\Program Files\System Control Manager\MSIService.exe
PRC - [2008.07.21 02:45:06 | 000,354,840 | ---- | M] (Intel Corporation) -- C:\Program Files\Intel\Intel Matrix Storage Manager\IAANTMon.exe
PRC - [2008.07.21 02:45:06 | 000,182,808 | ---- | M] (Intel Corporation) -- C:\Program Files\Intel\Intel Matrix Storage Manager\IAAnotif.exe
PRC - [2008.07.04 11:03:18 | 000,050,952 | ---- | M] (UPEK Inc.) -- C:\Program Files\Protector Suite QL\upeksvr.exe
PRC - [2008.07.04 10:44:46 | 000,278,792 | ---- | M] (UPEK Inc.) -- C:\Program Files\Protector Suite QL\psqltray.exe
PRC - [2008.05.28 10:06:00 | 006,144,000 | ---- | M] (Realtek Semiconductor) -- C:\Windows\RtHDVCpl.exe
PRC - [2008.05.01 04:41:12 | 000,815,104 | ---- | M] (Intel(R) Corporation) -- C:\Program Files\Intel\WiFi\bin\EvtEng.exe
PRC - [2008.05.01 04:10:10 | 000,466,944 | ---- | M] (Intel(R) Corporation) -- C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe
PRC - [2008.03.03 16:05:04 | 000,959,976 | ---- | M] (Check Point Software Technologies LTD) -- C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe
PRC - [2008.03.03 16:05:02 | 000,079,400 | ---- | M] (Check Point Software Technologies LTD) -- C:\Windows\System32\ZoneLabs\vsmon.exe
PRC - [2007.09.29 01:03:46 | 000,075,136 | ---- | M] ( TOSHIBA CORPORATION) -- C:\Program Files\Toshiba\Bluetooth Toshiba Stack\ItSecMng.exe
PRC - [2006.11.02 11:44:50 | 000,016,384 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\attrib.exe
========== Modules (No Company Name) ==========
MOD - [2011.09.08 17:14:08 | 001,846,232 | ---- | M] () -- C:\Program Files\Mozilla Firefox 4.0 Beta 10\mozjs.dll
MOD - [2011.07.25 22:49:07 | 006,271,648 | ---- | M] () -- C:\Windows\System32\Macromed\Flash\NPSWF32.dll
MOD - [2008.08.25 20:47:16 | 000,192,512 | ---- | M] () -- C:\Program Files\System Control Manager\MSIWmiAcpi.dll
MOD - [2008.07.18 22:39:04 | 000,053,248 | ---- | M] () -- C:\Program Files\System Control Manager\MGKBHook.dll
MOD - [2008.06.10 16:13:00 | 000,159,744 | ---- | M] () -- C:\Windows\System32\atitmmxx.dll
MOD - [2008.03.03 16:06:04 | 000,194,032 | ---- | M] () -- C:\Windows\System32\ZoneLabs\lib\pyd\zpui.pyd
MOD - [2008.03.03 16:06:04 | 000,144,880 | ---- | M] () -- C:\Windows\System32\ZoneLabs\lib\pyd\pyexpat.pyd
MOD - [2001.08.10 15:23:14 | 000,388,608 | ---- | M] () -- C:\PROGRA~1\TEXTware\QUICKF~1\PlugIns\IEHelp.dll
========== Win32 Services (SafeList) ==========
SRV - [2011.07.05 10:25:08 | 002,428,968 | ---- | M] (mobile concepts GmbH) [On_Demand | Stopped] -- C:\Program Files\CyberGhost VPN\CGVPNCliService.exe -- (CGVPNCliSrvc)
SRV - [2011.06.28 18:52:46 | 000,269,480 | ---- | M] (Avira GmbH) [Auto | Running] -- C:\Program Files\Avira\AntiVir Desktop\avguard.exe -- (AntiVirService)
SRV - [2011.05.21 20:07:20 | 000,040,960 | -H-- | M] () [Auto | Running] -- C:\Users\July\AppData\Roaming\OCS\SM\SearchAnonymizerHelper.exe -- (SearchAnonymizer)
SRV - [2011.04.29 08:23:14 | 000,136,360 | ---- | M] (Avira GmbH) [Auto | Running] -- C:\Program Files\Avira\AntiVir Desktop\sched.exe -- (AntiVirSchedulerService)
SRV - [2010.11.21 11:49:24 | 000,247,608 | ---- | M] () [Auto | Running] -- C:\Program Files\ICQ6Toolbar\ICQ Service.exe -- (ICQ Service)
SRV - [2009.11.12 11:34:14 | 000,036,352 | ---- | M] () [On_Demand | Stopped] -- C:\Program Files\OpenVPN\bin\openvpnserv.exe -- (OpenVPNService)
SRV - [2009.01.28 09:39:02 | 000,185,640 | ---- | M] (TeamViewer GmbH) [Auto | Running] -- C:\Program Files\TeamViewer\Version4\TeamViewer_Service.exe -- (TeamViewer4)
SRV - [2008.10.25 11:44:08 | 000,065,888 | -H-- | M] (Microsoft Corporation) [On_Demand | Stopped] -- D:\Microsoft Office\Office12\GrooveAuditService.exe -- (Microsoft Office Groove Audit Service)
SRV - [2008.08.27 01:52:14 | 000,159,744 | ---- | M] () [Auto | Running] -- C:\Program Files\System Control Manager\MSIService.exe -- (Micro Star SCM)
SRV - [2008.07.21 02:45:06 | 000,354,840 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files\Intel\Intel Matrix Storage Manager\IAANTMon.exe -- (IAANTMON) Intel(R)
SRV - [2008.05.23 07:54:42 | 000,120,168 | ---- | M] (TOSHIBA CORPORATION) [Disabled | Stopped] -- C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtSrv.exe -- (TOSHIBA Bluetooth Service)
SRV - [2008.05.01 04:41:12 | 000,815,104 | ---- | M] (Intel(R) Corporation) [Auto | Running] -- C:\Program Files\Intel\WiFi\bin\EvtEng.exe -- (EvtEng)
SRV - [2008.05.01 04:10:10 | 000,466,944 | ---- | M] (Intel(R) Corporation) [Auto | Running] -- C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe -- (RegSrvc)
SRV - [2008.03.03 16:05:02 | 000,079,400 | ---- | M] (Check Point Software Technologies LTD) [Auto | Running] -- C:\Windows\System32\ZoneLabs\vsmon.exe -- (vsmon)
SRV - [2008.01.21 04:23:32 | 000,272,952 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files\Windows Defender\mpsvc.dll -- (WinDefend)
SRV - [2005.11.17 15:18:52 | 001,527,900 | ---- | M] (MAGIX®) [On_Demand | Stopped] -- C:\Program Files\MAGIX\Common\Database\bin\fbserver.exe -- (FirebirdServerMAGIXInstance)
========== Driver Services (SafeList) ==========
DRV - [2011.06.28 18:52:47 | 000,138,192 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\Windows\System32\drivers\avipbb.sys -- (avipbb)
DRV - [2011.06.28 18:52:47 | 000,066,616 | ---- | M] (Avira GmbH) [File_System | Auto | Running] -- C:\Windows\System32\drivers\avgntflt.sys -- (avgntflt)
DRV - [2011.06.02 07:47:22 | 000,136,808 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\ssadmdm.sys -- (ssadmdm)
DRV - [2011.06.02 07:47:22 | 000,121,064 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\ssadbus.sys -- (ssadbus) SAMSUNG Android USB Composite Device driver (WDM)
DRV - [2011.06.02 07:47:22 | 000,114,280 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\ssadserd.sys -- (ssadserd) SAMSUNG Android USB Diagnostic Serial Port (WDM)
DRV - [2011.06.02 07:47:22 | 000,012,776 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\ssadmdfl.sys -- (ssadmdfl) SAMSUNG Android USB Modem (Filter)
DRV - [2010.12.21 07:55:02 | 000,030,312 | ---- | M] (Google Inc) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\ssadadb.sys -- (androidusb)
DRV - [2010.10.20 14:43:08 | 000,007,680 | ---- | M] (MSI) [Kernel | On_Demand | Stopped] -- C:\Program Files\MSI\Live Update 5\NTIOLib.sys -- (NTIOLib_1_0_4)
DRV - [2010.05.10 10:44:42 | 000,025,912 | ---- | M] (Your Corporation) [Kernel | On_Demand | Stopped] -- C:\Program Files\MSI\Live Update 5\msibios32_100507.sys -- (MSI_MSIBIOS_010507)
DRV - [2010.02.25 17:51:02 | 000,025,216 | ---- | M] (The OpenVPN Project) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\tap0901.sys -- (tap0901)
DRV - [2009.05.11 10:12:49 | 000,028,520 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\Windows\System32\drivers\ssmdrv.sys -- (ssmdrv)
DRV - [2009.04.11 06:45:24 | 000,113,664 | ---- | M] (Microsoft Corporation) [Kernel | Auto | Running] -- C:\Windows\System32\drivers\rmcast.sys -- (RMCAST) RMCAST (Pgm)
DRV - [2008.08.06 10:26:00 | 000,124,928 | ---- | M] (Realtek Corporation ) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\Rtlh86.sys -- (RTL8169)
DRV - [2008.06.27 21:06:28 | 000,041,728 | ---- | M] (TOSHIBA CORPORATION) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\tosrfusb.sys -- (Tosrfusb)
DRV - [2008.06.10 18:35:00 | 003,839,488 | ---- | M] (ATI Technologies Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\atikmdag.sys -- (atikmdag)
DRV - [2008.05.14 01:16:06 | 000,064,000 | ---- | M] (TOSHIBA Corporation) [Kernel | System | Running] -- C:\Windows\System32\drivers\tosrfcom.sys -- (Tosrfcom)
DRV - [2008.04.29 11:31:00 | 000,143,328 | ---- | M] (Realtek Semiconductor Corp.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\RtHDMIV.sys -- (RTHDMIAzAudService)
DRV - [2008.04.28 15:29:26 | 003,658,752 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\NETw5v32.sys -- (NETw5v32) Intel(R)
DRV - [2008.04.27 20:07:44 | 000,909,824 | ---- | M] (Atheros Communications, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\athr.sys -- (athr)
DRV - [2008.04.24 02:15:26 | 000,131,712 | ---- | M] (TOSHIBA CORPORATION) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\tosrfbd.sys -- (tosrfbd)
DRV - [2008.04.08 16:41:34 | 000,140,832 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\USB_0064.sys -- (DVBUSB_0064_Sevice)
DRV - [2008.03.25 22:54:02 | 000,041,472 | ---- | M] (TOSHIBA Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\tosporte.sys -- (tosporte)
DRV - [2008.03.19 20:38:24 | 000,074,112 | ---- | M] (TOSHIBA Corporation.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\Tosrfhid.sys -- (Tosrfhid)
DRV - [2008.03.03 16:06:04 | 000,279,440 | ---- | M] (Check Point Software Technologies LTD) [Kernel | System | Running] -- C:\Windows\System32\drivers\vsdatant.sys -- (Vsdatant)
DRV - [2008.01.23 05:57:48 | 000,054,144 | ---- | M] (TOSHIBA Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\TosRfSnd.sys -- (TosRfSnd)
DRV - [2008.01.21 04:23:26 | 000,045,624 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\tpm.sys -- (TPM)
DRV - [2007.11.29 18:45:44 | 000,036,608 | ---- | M] (TOSHIBA Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\tosrfbnp.sys -- (tosrfbnp)
DRV - [2007.10.31 19:36:32 | 002,252,800 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\NETw4v32.sys -- (NETw4v32) Intel(R)
DRV - [2007.03.19 17:00:14 | 000,031,616 | ---- | M] () [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\RLVrtAuCbl.sys -- (ReallusionVirtualAudio)
DRV - [2005.01.07 14:42:00 | 000,018,612 | ---- | M] (TOSHIBA Corporation.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\tosrfnds.sys -- (tosrfnds)
========== Standard Registry (SafeList) ==========
========== Internet Explorer ==========
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://www.msi.com.tw
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://go.gmx.net/br/ie9_startpage
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Search_URL = hxxp://search.qip.ru
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = hxxp://search.qip.ru
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://go.gmx.net/tb/ie_startpage
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,StartPageCache = 1
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = hxxp://search.qip.ru/ie
IE - HKCU\..\URLSearchHook: - No CLSID value found
IE - HKCU\..\URLSearchHook: {855F3B16-6D32-4fe6-8A56-BBB695989046} - C:\Program Files\ICQ6Toolbar\ICQToolBar.dll (ICQ)
IE - HKCU\..\URLSearchHook: {A55F9C95-2BB1-4EA2-BC77-DFAAB78832CE} - No CLSID value found
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = <local>
========== FireFox ==========
FF - prefs.js..browser.search.defaultenginename: "ICQ Search"
FF - prefs.js..browser.search.defaulturl: "hxxp://search.icq.com/search/afe_results.php?ch_id=afex&tb_ver=1.2.9&q="
FF - prefs.js..browser.search.selectedEngine: "Google"
FF - prefs.js..browser.search.useDBForOrder: true
FF - prefs.js..browser.startup.homepage: "hxxp://www.gmx.de/"
FF - prefs.js..extensions.enabledItems: toolbar@ask.com:3.11.3.15590
FF - prefs.js..extensions.enabledItems: {d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}:1.3.3
FF - prefs.js..extensions.enabledItems: {8AA36F4F-6DC7-4c06-77AF-5035170634FE}:2010.01.21
FF - prefs.js..keyword.URL: "hxxp://search.icq.com/search/afe_results.php?ch_id=afex&tb_ver=1.3.3&q="
FF - prefs.js..network.proxy.type: 4
FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF32.dll ()
FF - HKLM\Software\MozillaPlugins\@divx.com/DivX Browser Plugin,version=1.0.0: C:\Program Files\DivX\DivX Web Player\npdivx32.dll (DivX,Inc.)
FF - HKLM\Software\MozillaPlugins\@divx.com/DivX Player Plugin,version=1.0.0: C:\Program Files\DivX\DivX Player\npDivxPlayerPlugin.dll (DivX, Inc)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files\Java\jre6\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: C:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@videolan.org/vlc,version=0.9.8a: C:\Program Files\VideoLAN\VLC\npvlc.dll (the VideoLAN Team)
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 4.0b10\extensions\\Components: C:\Program Files\Mozilla Firefox 4.0 Beta 10\components [2011.09.08 17:14:09 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 4.0b10\extensions\\Plugins: C:\Program Files\Mozilla Firefox 4.0 Beta 10\plugins
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 6.0.2\extensions\\Components: C:\Program Files\Mozilla Firefox 4.0 Beta 10\components [2011.09.08 17:14:09 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 6.0.2\extensions\\Plugins: C:\Program Files\Mozilla Firefox 4.0 Beta 10\plugins
[2009.02.07 11:32:33 | 000,000,000 | -H-D | M] (No name found) -- C:\Users\July\AppData\Roaming\mozilla\Extensions
[2011.09.28 16:56:19 | 000,000,000 | -H-D | M] (No name found) -- C:\Users\July\AppData\Roaming\mozilla\Firefox\Profiles\9dktzsce.default\extensions
[2010.04.28 16:19:18 | 000,000,000 | -H-D | M] (Microsoft .NET Framework Assistant) -- C:\Users\July\AppData\Roaming\mozilla\Firefox\Profiles\9dktzsce.default\extensions\{20a82645-c095-46ed-80e3-08825760534b}
[2011.09.27 15:48:20 | 000,000,000 | -H-D | M] ("ICQ Toolbar") -- C:\Users\July\AppData\Roaming\mozilla\Firefox\Profiles\9dktzsce.default\extensions\{800b5000-a755-47e1-992b-48a1c1357f07}
[2009.02.07 11:41:51 | 000,000,000 | -H-D | M] (Password Bank) -- C:\Users\July\AppData\Roaming\mozilla\Firefox\Profiles\9dktzsce.default\extensions\passwordbank@upek.com
[2011.09.24 11:03:40 | 000,000,000 | -H-D | M] ("Ask Toolbar") -- C:\Users\July\AppData\Roaming\mozilla\Firefox\Profiles\9dktzsce.default\extensions\toolbar@ask.com
[2011.05.31 12:25:50 | 000,010,525 | -H-- | M] () -- C:\Users\July\AppData\Roaming\Mozilla\Firefox\Profiles\9dktzsce.default\searchplugins\gmx-suche.xml
[2011.09.27 15:02:40 | 000,000,950 | -H-- | M] () -- C:\Users\July\AppData\Roaming\Mozilla\Firefox\Profiles\9dktzsce.default\searchplugins\icqplugin-1.xml
[2011.08.17 10:55:16 | 000,000,950 | -H-- | M] () -- C:\Users\July\AppData\Roaming\Mozilla\Firefox\Profiles\9dktzsce.default\searchplugins\icqplugin-2.xml
[2011.08.18 19:37:27 | 000,000,950 | -H-- | M] () -- C:\Users\July\AppData\Roaming\Mozilla\Firefox\Profiles\9dktzsce.default\searchplugins\icqplugin-3.xml
[2011.08.21 13:16:51 | 000,000,950 | -H-- | M] () -- C:\Users\July\AppData\Roaming\Mozilla\Firefox\Profiles\9dktzsce.default\searchplugins\icqplugin-4.xml
[2011.08.31 18:53:47 | 000,000,950 | -H-- | M] () -- C:\Users\July\AppData\Roaming\Mozilla\Firefox\Profiles\9dktzsce.default\searchplugins\icqplugin-5.xml
[2011.09.08 17:55:36 | 000,000,950 | -H-- | M] () -- C:\Users\July\AppData\Roaming\Mozilla\Firefox\Profiles\9dktzsce.default\searchplugins\icqplugin-6.xml
[2011.09.25 17:27:46 | 000,000,168 | -H-- | M] () -- C:\Users\July\AppData\Roaming\Mozilla\Firefox\Profiles\9dktzsce.default\searchplugins\icqplugin.gif
[2011.09.25 17:27:46 | 000,000,618 | -H-- | M] () -- C:\Users\July\AppData\Roaming\Mozilla\Firefox\Profiles\9dktzsce.default\searchplugins\icqplugin.src
[2011.06.21 23:43:44 | 000,000,950 | -H-- | M] () -- C:\Users\July\AppData\Roaming\Mozilla\Firefox\Profiles\9dktzsce.default\searchplugins\icqplugin.xml
[2010.10.13 19:59:14 | 000,002,311 | -H-- | M] () -- C:\Users\July\AppData\Roaming\Mozilla\Firefox\Profiles\9dktzsce.default\searchplugins\qipsearch.xml
[2010.10.13 19:59:14 | 000,002,182 | -H-- | M] () -- C:\Users\July\AppData\Roaming\Mozilla\Firefox\Profiles\9dktzsce.default\searchplugins\{5A4CE7A1-8CED-4F08-9BAC-10CBC768DB40}.xml
[2010.10.13 19:59:14 | 000,002,071 | -H-- | M] () -- C:\Users\July\AppData\Roaming\Mozilla\Firefox\Profiles\9dktzsce.default\searchplugins\{959DBEBF-B491-4DEB-80E6-A0D5C2F63AA3}.xml
[2010.10.13 19:59:14 | 000,001,864 | -H-- | M] () -- C:\Users\July\AppData\Roaming\Mozilla\Firefox\Profiles\9dktzsce.default\searchplugins\{E51E7004-D3FE-4846-A581-F9280F80793A}.xml
[2011.05.22 23:15:40 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\mozilla firefox\extensions
[2010.10.31 14:25:16 | 000,000,000 | ---D | M] ("Citavi Picker") -- C:\Program Files\mozilla firefox\extensions\{8AA36F4F-6DC7-4c06-77AF-5035170634FE}
() (No name found) -- C:\USERS\JULY\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\9DKTZSCE.DEFAULT\EXTENSIONS\{D10D0BF8-F5B5-C8B4-A8B2-2B9879E08C5D}.XPI
() (No name found) -- C:\USERS\JULY\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\9DKTZSCE.DEFAULT\EXTENSIONS\TOOLBAR@GMX.NET.XPI
O1 HOSTS File: ([2011.05.21 20:08:46 | 000,000,761 | ---- | M]) - C:\Windows\System32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O1 - Hosts: ::1 localhost
O2 - BHO: (Adobe PDF Reader Link Helper) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll (Adobe Systems Incorporated)
O2 - BHO: (GMX Konfiguration) - {17166733-40EA-4432-A85C-AE672FF0E236} - C:\ProgramData\1und1InternetExplorerAddon\BHOXML.dll (1&1 Mail & Media GmbH)
O2 - BHO: (no name) - {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} - No CLSID value found.
O2 - BHO: (Groove GFS Browser Helper) - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - D:\Microsoft Office\Office12\GrooveShellExtensions.dll (Microsoft Corporation)
O2 - BHO: (GMX Toolbar BHO) - {BF42D4A8-016E-4fcd-B1EB-837659FD77C6} - C:\Program Files\GMX Toolbar\IE\uitb.dll (1und1 Mail und Media GmbH)
O2 - BHO: (QUICKfind BHO Object) - {C08DF07A-3E49-4E25-9AB0-D3882835F153} - C:\PROGRA~1\TEXTware\QUICKF~1\PlugIns\IEHelp.dll ()
O2 - BHO: (Ask Toolbar) - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files\Ask.com\GenericAskToolbar.dll (Ask)
O3 - HKLM\..\Toolbar: (no name) - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - No CLSID value found.
O3 - HKLM\..\Toolbar: (ICQToolBar) - {855F3B16-6D32-4FE6-8A56-BBB695989046} - C:\Program Files\ICQ6Toolbar\ICQToolBar.dll (ICQ)
O3 - HKLM\..\Toolbar: (TerraTec Home Cinema) - {AD6E6555-FB2C-47D4-8339-3E2965509877} - C:\PROGRA~1\TerraTec\TERRAT~1\THCDES~1.DLL (TerraTec Electronic GmbH)
O3 - HKLM\..\Toolbar: (GMX Toolbar BETA 1) - {C424171E-592A-415a-9EB1-DFD6D95D3530} - C:\Program Files\GMX Toolbar\IE\uitb.dll (1und1 Mail und Media GmbH)
O3 - HKLM\..\Toolbar: (Ask Toolbar) - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files\Ask.com\GenericAskToolbar.dll (Ask)
O3 - HKCU\..\Toolbar\WebBrowser: (GMX Toolbar BETA 1) - {C424171E-592A-415A-9EB1-DFD6D95D3530} - C:\Program Files\GMX Toolbar\IE\uitb.dll (1und1 Mail und Media GmbH)
O3 - HKCU\..\Toolbar\WebBrowser: (Ask Toolbar) - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files\Ask.com\GenericAskToolbar.dll (Ask)
O4 - HKLM..\Run: [] File not found
O4 - HKLM..\Run: [ApnUpdater] C:\Program Files\Ask.com\Updater\Updater.exe (Ask)
O4 - HKLM..\Run: [avgnt] C:\Program Files\Avira\AntiVir Desktop\avgnt.exe (Avira GmbH)
O4 - HKLM..\Run: [GrooveMonitor] D:\Microsoft Office\Office12\GrooveMonitor.exe (Microsoft Corporation)
O4 - HKLM..\Run: [IAAnotif] C:\Program Files\Intel\Intel Matrix Storage Manager\iaanotif.exe (Intel Corporation)
O4 - HKLM..\Run: [ITSecMng] C:\Program Files\TOSHIBA\Bluetooth Toshiba Stack\ItSecMng.exe ( TOSHIBA CORPORATION)
O4 - HKLM..\Run: [Live Update 5] C:\Program Files\MSI\Live Update 5\LU5.exe ()
O4 - HKLM..\Run: [MGSysCtrl] C:\Program Files\System Control Manager\MGSysCtrl.exe (Mirco-Star International CO., LTD.)
O4 - HKLM..\Run: [Ocs_SM] C:\Users\July\AppData\Roaming\OCS\SM\SearchAnonymizer.exe (OCS)
O4 - HKLM..\Run: [PSQLLauncher] C:\Program Files\Protector Suite QL\launcher.exe (UPEK Inc.)
O4 - HKLM..\Run: [RtHDVCpl] C:\Windows\RtHDVCpl.exe (Realtek Semiconductor)
O4 - HKLM..\Run: [StartCCC] C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe (Advanced Micro Devices, Inc.)
O4 - HKLM..\Run: [Windows Defender] C:\Program Files\Windows Defender\MSASCui.exe (Microsoft Corporation)
O4 - HKLM..\Run: [ZoneAlarm Client] C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe (Check Point Software Technologies LTD)
O4 - HKCU..\Run: [kwlfon] rundll32 C:\Users\July\AppData\Roaming\MICROS~1\Protect\espa.kk, qjok File not found
O4 - HKCU..\Run: [uIHokJiHsVWWMqk.exe] C:\ProgramData\uIHokJiHsVWWMqk.exe (NetPlay Software)
O4 - Startup: C:\Users\July\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\dxdiag.exe ()
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: DisableCAD = 1
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O8 - Extra context menu item: Nach Microsoft E&xel exportieren - D:\Microsoft Office\Office12\EXCEL.EXE (Microsoft Corporation)
O9 - Extra Button: An OneNote senden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - D:\Microsoft Office\Office12\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : An OneNote s&enden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - D:\Microsoft Office\Office12\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra Button: ICQ7.5 - {7578ADEA-D65F-4C89-A249-B1C88B6FFC20} - C:\Program Files\ICQ7.5\ICQ.exe (ICQ, LLC.)
O9 - Extra 'Tools' menuitem : ICQ7.5 - {7578ADEA-D65F-4C89-A249-B1C88B6FFC20} - C:\Program Files\ICQ7.5\ICQ.exe (ICQ, LLC.)
O9 - Extra Button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - D:\Microsoft Office\Office12\REFIEBAR.DLL (Microsoft Corporation)
O13 - gopher Prefix: missing
O16 - DPF: {08631890-6059-4255-B37F-F23AD334D122} hxxp://epis.ewha.ac.kr:8880/EP/web/common/cabfiles/ACUBEActiveXUninstallControl.cab (ACUBEActiveXUninstallControl Control)
O16 - DPF: {1CCA7AD8-4FF3-4449-B994-FD5CD326444C} hxxp://portal.ewha.ac.kr/sso/plugins/NMPCertX.cab (NMPCertX Class)
O16 - DPF: {3D64E58D-CB55-4344-B809-CFE38F900838} hxxp://portal.ewha.ac.kr/sso/plugins/MagicLoaderX.cab (MagicLoaderX Class)
O16 - DPF: {5441F297-BB6C-4D6C-9E05-4FD14D96B605} hxxp://epis.ewha.ac.kr:8880/EP/web/common/cabfiles/IE8Tools.cab (BlockIEDevTools Class)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_26-windows-i586.cab (Java Plug-in 1.6.0_26)
O16 - DPF: {9D67EBF0-AF1A-4BCE-BAC9-C84A9383E0B3} hxxp://epis.ewha.ac.kr:8880/EP/web/common/cabfiles/UniSSOCheck.cab (SSOCheck Class)
O16 - DPF: {AD6870C0-44B7-42FB-A119-C2C6BD9CD005} hxxp://portal.ewha.ac.kr/sso/plugins/MagicPassX.cab (MagicPass Class)
O16 - DPF: {CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_07-windows-i586.cab (Java Plug-in 1.6.0_07)
O16 - DPF: {CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_26-windows-i586.cab (Java Plug-in 1.6.0_26)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_26-windows-i586.cab (Java Plug-in 1.6.0_26)
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} hxxp://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab (Shockwave Flash Object)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 203.246.162.253 164.124.101.2
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{15BE69AD-4DBE-4023-9B54-69446053DA77}: DhcpNameServer = 203.246.162.253 164.124.101.2
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{C637203B-0434-4E9D-A134-A672011AA19A}: DhcpNameServer = 192.168.1.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{D15839B7-19BA-4F02-9A0F-33F07989504C}: DhcpNameServer = 193.22.254.22
O18 - Protocol\Handler\gmx {8FAF0273-9CA8-4efc-9536-1E35E254D5CD} - C:\Program Files\GMX Toolbar\IE\uitb.dll (1und1 Mail und Media GmbH)
O18 - Protocol\Handler\grooveLocalGWS {88FED34C-F0CA-4636-A375-3CB6248B04CD} - D:\Microsoft Office\Office12\GrooveSystemServices.dll (Microsoft Corporation)
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL (Skype Technologies)
O18 - Protocol\Filter\text/xml {807563E5-5146-11D5-A672-00B0D022E945} - C:\PROGRA~1\COMMON~1\MICROS~1\OFFICE12\MSOXMLMF.DLL (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (explorer.exe) -C:\Windows\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) -C:\Windows\System32\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: GinaDLL - (vrlogon.dll) -C:\Windows\System32\vrlogon.dll (UPEK Inc.)
O20 - Winlogon\Notify\psfus: DllName - (C:\Windows\system32\psqlpwd.dll) - C:\Windows\System32\psqlpwd.dll (UPEK Inc.)
O24 - Desktop WallPaper: C:\Users\Public\Pictures\Sample Pictures\Autumn Leaves.jpg
O24 - Desktop BackupWallPaper: C:\Users\Public\Pictures\Sample Pictures\Autumn Leaves.jpg
O28 - HKLM ShellExecuteHooks: {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - D:\Microsoft Office\Office12\GrooveShellExtensions.dll (Microsoft Corporation)
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2009.03.03 13:02:11 | 000,000,057 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]
O33 - MountPoints2\{28bfba81-5345-11de-90e2-002185560a86}\Shell\AutoRun\command - "" = F:\setup.exe
O33 - MountPoints2\{4d26b746-f784-11de-8f33-002185560a86}\Shell - "" = AutoRun
O33 - MountPoints2\{4d26b746-f784-11de-8f33-002185560a86}\Shell\AutoRun\command - "" = H:\LaunchU3.exe -a
O33 - MountPoints2\{8af45932-0cd9-11e0-9e6d-002185560a86}\Shell - "" = AutoRun
O33 - MountPoints2\{8af45932-0cd9-11e0-9e6d-002185560a86}\Shell\AutoRun\command - "" = G:\LaunchU3.exe -a
O33 - MountPoints2\{9efac829-7f50-11de-8319-002185560a86}\Shell - "" = AutoRun
O33 - MountPoints2\{9efac829-7f50-11de-8319-002185560a86}\Shell\AutoRun\command - "" = G:\LaunchU3.exe -a
O33 - MountPoints2\G\Shell - "" = AutoRun
O33 - MountPoints2\G\Shell\AutoRun\command - "" = G:\LaunchU3.exe -a
O34 - HKLM BootExecute: (autocheck autochk *)
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
========== Files/Folders - Created Within 30 Days ==========
[2011.09.28 13:00:49 | 000,000,000 | -H-D | C] -- C:\Users\July\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Data Repair
[2011.09.28 13:00:02 | 000,346,624 | -H-- | C] (NetPlay Software) -- C:\ProgramData\6DSS92c31Apgjk.exe
[2011.09.28 12:51:09 | 000,458,752 | -H-- | C] (NetPlay Software) -- C:\ProgramData\uIHokJiHsVWWMqk.exe
[2011.09.21 06:04:19 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\CyberGhost VPN
[2011.09.21 06:03:35 | 000,000,000 | -H-D | C] -- C:\Users\July\AppData\Roaming\EurekaLog
[2011.09.16 09:22:21 | 000,025,216 | ---- | C] (The OpenVPN Project) -- C:\Windows\System32\drivers\tap0901.sys
[2011.09.16 09:22:15 | 000,000,000 | -H-D | C] -- C:\CyberGhost VPN
[2011.09.16 07:00:39 | 000,000,000 | -H-D | C] -- C:\Users\July\AppData\Roaming\JonDo
[2011.09.16 06:58:27 | 000,000,000 | -H-D | C] -- C:\Users\July\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\JAP
[2011.09.16 06:58:27 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\JAP
[2011.09.16 06:57:05 | 000,000,000 | ---D | C] -- C:\Program Files\JAP
[2011.09.16 06:09:51 | 000,000,000 | ---D | C] -- C:\Program Files\CyberGhost VPN
[2011.09.14 09:25:29 | 000,000,000 | ---D | C] -- C:\Program Files\DreamSecurity
[2011.09.14 09:13:44 | 000,110,592 | ---- | C] (Samsung SDS) -- C:\Windows\System32\UniSSOCheck.dll
[2011.09.14 09:13:44 | 000,000,000 | ---D | C] -- C:\Program Files\Samsung SDS
[2011.09.10 20:44:17 | 000,000,000 | -H-D | C] -- C:\Users\July\AppData\Roaming\Reallusion
[2011.09.10 20:44:17 | 000,000,000 | -H-D | C] -- D:\My Dropbox\Documents\CamSuite Gallery
[2011.09.07 16:26:51 | 000,000,000 | -H-D | C] -- C:\Users\July\.dreamsecurity
[2011.09.07 15:51:31 | 000,000,000 | -H-D | C] -- C:\ProgramData\UUdb
[2011.09.07 10:18:59 | 000,000,000 | -H-D | C] -- C:\Users\July\Desktop\course syllabus
[6 C:\Users\July\Desktop\*.tmp files -> C:\Users\July\Desktop\*.tmp -> ]
[3 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]
[1 C:\Windows\System32\drivers\*.tmp files -> C:\Windows\System32\drivers\*.tmp -> ]
========== Files - Modified Within 30 Days ==========
[2011.09.30 15:30:52 | 000,352,615 | -H-- | M] () -- C:\Windows\System32\drivers\vsconfig.xml
[2011.09.30 15:30:42 | 000,003,216 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0
[2011.09.30 15:30:42 | 000,003,216 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0
[2011.09.30 15:30:27 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2011.09.30 15:29:41 | 3220,340,736 | -HS- | M] () -- C:\hiberfil.sys
[2011.09.28 13:25:03 | 000,000,208 | -H-- | M] () -- C:\ProgramData\~6DSS92c31Apgjk
[2011.09.28 13:25:03 | 000,000,128 | -H-- | M] () -- C:\ProgramData\~6DSS92c31Apgjkr
[2011.09.28 13:08:12 | 000,626,790 | ---- | M] () -- C:\Windows\System32\perfh007.dat
[2011.09.28 13:08:12 | 000,594,224 | ---- | M] () -- C:\Windows\System32\perfh009.dat
[2011.09.28 13:08:12 | 000,126,388 | ---- | M] () -- C:\Windows\System32\perfc007.dat
[2011.09.28 13:08:12 | 000,104,038 | ---- | M] () -- C:\Windows\System32\perfc009.dat
[2011.09.28 13:06:45 | 000,000,456 | -H-- | M] () -- C:\ProgramData\6DSS92c31Apgjk
[2011.09.28 13:00:49 | 000,000,613 | -H-- | M] () -- C:\Users\July\Desktop\Data Repair.lnk
[2011.09.28 13:00:02 | 000,346,624 | -H-- | M] (NetPlay Software) -- C:\ProgramData\6DSS92c31Apgjk.exe
[2011.09.28 12:50:13 | 000,458,752 | -H-- | M] (NetPlay Software) -- C:\ProgramData\uIHokJiHsVWWMqk.exe
[2011.09.27 09:32:27 | 255,819,054 | ---- | M] () -- C:\Windows\MEMORY.DMP
[2011.09.15 10:25:00 | 000,016,896 | -H-- | M] () -- C:\Users\July\Desktop\EKLES_Form (2).hwp
[2011.09.14 08:59:52 | 000,404,640 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\System32\FlashPlayerCPLApp.cpl
[6 C:\Users\July\Desktop\*.tmp files -> C:\Users\July\Desktop\*.tmp -> ]
[3 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]
[1 C:\Windows\System32\drivers\*.tmp files -> C:\Windows\System32\drivers\*.tmp -> ]
========== Files Created - No Company Name ==========
[2011.09.28 13:25:03 | 000,000,128 | -H-- | C] () -- C:\ProgramData\~6DSS92c31Apgjkr
[2011.09.28 13:25:02 | 000,000,208 | -H-- | C] () -- C:\ProgramData\~6DSS92c31Apgjk
[2011.09.28 13:00:49 | 000,000,613 | -H-- | C] () -- C:\Users\July\Desktop\Data Repair.lnk
[2011.09.28 13:00:39 | 000,000,456 | -H-- | C] () -- C:\ProgramData\6DSS92c31Apgjk
[2011.09.28 12:57:11 | 3220,340,736 | -HS- | C] () -- C:\hiberfil.sys
[2011.09.15 11:18:49 | 000,016,896 | -H-- | C] () -- C:\Users\July\Desktop\EKLES_Form (2).hwp
[2011.06.07 11:13:38 | 000,974,848 | ---- | C] () -- C:\Windows\System32\cis-2.4.dll
[2011.06.07 11:13:38 | 000,081,920 | ---- | C] () -- C:\Windows\System32\issacapi_bs-2.3.dll
[2011.06.07 11:13:38 | 000,065,536 | ---- | C] () -- C:\Windows\System32\issacapi_pe-2.3.dll
[2011.06.07 11:13:38 | 000,057,344 | ---- | C] () -- C:\Windows\System32\issacapi_se-2.3.dll
[2011.06.07 11:13:38 | 000,030,568 | ---- | C] () -- C:\Windows\MusiccityDownload.exe
[2011.05.19 22:21:26 | 000,000,034 | ---- | C] () -- C:\Windows\cdplayer.ini
[2011.03.06 16:47:26 | 000,000,048 | -H-- | C] () -- C:\Windows\System32\ezsidmv.dat
[2011.03.05 11:28:22 | 000,000,306 | RHS- | C] () -- C:\ProgramData\ntuser.pol
[2010.05.17 12:36:53 | 000,081,920 | ---- | C] () -- C:\Windows\System32\GkSui20.EXE
[2009.11.01 19:50:05 | 000,000,680 | -H-- | C] () -- C:\Users\July\AppData\Local\d3d9caps.dat
[2009.10.20 19:50:29 | 000,117,248 | ---- | C] () -- C:\Windows\System32\EhStorAuthn.dll
[2009.10.20 19:50:29 | 000,107,612 | ---- | C] () -- C:\Windows\System32\StructuredQuerySchema.bin
[2009.02.24 07:59:53 | 000,018,904 | ---- | C] () -- C:\Windows\System32\StructuredQuerySchemaTrivial.bin
[2009.02.14 15:13:24 | 000,000,061 | ---- | C] () -- C:\Windows\TEXTware.ini
[2009.02.14 15:13:22 | 000,147,456 | ---- | C] () -- C:\Windows\System32\Twavbx32.dll
[2009.02.14 15:13:21 | 000,115,200 | ---- | C] () -- C:\Windows\System32\UnzDll.dll
[2009.02.14 15:13:21 | 000,113,288 | ---- | C] () -- C:\Windows\System32\bass.dll
[2009.02.14 15:13:21 | 000,090,112 | ---- | C] () -- C:\Windows\System32\idiom010227.dll
[2009.02.14 15:13:18 | 000,143,360 | ---- | C] () -- C:\Windows\System32\ILXTBS.DLL
[2009.02.07 17:37:26 | 000,147,456 | -H-- | C] () -- C:\Users\July\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2009.02.07 12:16:42 | 000,006,642 | ---- | C] () -- C:\Windows\mgxoschk.ini
[2009.02.07 11:32:33 | 000,000,000 | ---- | C] () -- C:\Windows\nsreg.dat
[2009.02.07 11:24:36 | 000,839,854 | ---- | C] () -- C:\ProgramData\LuUninstall.LiveUpdate
[2009.02.07 00:32:05 | 000,031,616 | ---- | C] () -- C:\Windows\System32\drivers\RLVrtAuCbl.sys
[2008.09.20 02:22:22 | 000,000,000 | ---- | C] () -- C:\Windows\tosOBEX.INI
[2008.09.19 18:43:14 | 000,000,000 | ---- | C] () -- C:\Windows\ativpsrm.bin
[2008.09.19 18:40:27 | 003,107,788 | ---- | C] () -- C:\Windows\System32\atiumdva.dat
[2008.06.10 16:13:00 | 000,159,744 | ---- | C] () -- C:\Windows\System32\atitmmxx.dll
[2008.06.10 11:50:00 | 000,174,819 | ---- | C] () -- C:\Windows\System32\atiicdxx.dat
[2008.04.08 16:41:34 | 000,140,832 | ---- | C] () -- C:\Windows\System32\drivers\USB_0064.sys
[2008.03.05 14:38:00 | 000,090,112 | ---- | C] () -- C:\Windows\System32\atibrtmon.exe
[2007.12.22 01:46:32 | 000,118,784 | ---- | C] () -- C:\Windows\System32\TosBtAcc.dll
[2006.11.02 14:57:28 | 000,067,584 | --S- | C] () -- C:\Windows\bootstat.dat
[2006.11.02 14:47:37 | 000,414,264 | ---- | C] () -- C:\Windows\System32\FNTCACHE.DAT
[2006.11.02 14:35:32 | 000,005,632 | ---- | C] () -- C:\Windows\System32\sysprepMCE.dll
[2006.11.02 12:33:01 | 000,594,224 | ---- | C] () -- C:\Windows\System32\perfh009.dat
[2006.11.02 12:33:01 | 000,287,440 | ---- | C] () -- C:\Windows\System32\perfi009.dat
[2006.11.02 12:33:01 | 000,104,038 | ---- | C] () -- C:\Windows\System32\perfc009.dat
[2006.11.02 12:33:01 | 000,030,674 | ---- | C] () -- C:\Windows\System32\perfd009.dat
[2006.11.02 12:23:21 | 000,215,943 | ---- | C] () -- C:\Windows\System32\dssec.dat
[2006.11.02 10:58:30 | 000,043,131 | ---- | C] () -- C:\Windows\mib.bin
[2006.11.02 10:19:00 | 000,000,741 | ---- | C] () -- C:\Windows\System32\NOISE.DAT
[2006.11.02 09:40:29 | 000,013,750 | ---- | C] () -- C:\Windows\System32\pacerprf.ini
[2006.11.02 09:25:31 | 000,673,088 | ---- | C] () -- C:\Windows\System32\mlang.dat
[2005.07.23 06:30:18 | 000,065,536 | ---- | C] () -- C:\Windows\System32\TosCommAPI.dll
[2002.03.05 04:53:43 | 000,290,748 | ---- | C] () -- C:\Windows\System32\perfi007.dat
[2002.03.05 04:53:42 | 000,626,790 | ---- | C] () -- C:\Windows\System32\perfh007.dat
[2002.03.05 04:53:42 | 000,126,388 | ---- | C] () -- C:\Windows\System32\perfc007.dat
[2002.03.05 04:53:42 | 000,036,916 | ---- | C] () -- C:\Windows\System32\perfd007.dat
========== LOP Check ==========
[2011.07.14 14:22:26 | 000,000,000 | -H-D | M] -- C:\Users\July\AppData\Roaming\1&1 Mail & Media GmbH
[2010.10.31 17:25:17 | 000,000,000 | -H-D | M] -- C:\Users\July\AppData\Roaming\Academic Software Zurich
[2009.12.31 23:32:10 | 000,000,000 | -H-D | M] -- C:\Users\July\AppData\Roaming\bible2.net
[2010.01.11 19:51:26 | 000,000,000 | -H-D | M] -- C:\Users\July\AppData\Roaming\Desktopicon
[2011.07.30 22:16:26 | 000,000,000 | -H-D | M] -- C:\Users\July\AppData\Roaming\Disk Cleaner
[2011.05.21 19:38:37 | 000,000,000 | -H-D | M] -- C:\Users\July\AppData\Roaming\Dropbox
[2011.08.19 12:48:15 | 000,000,000 | -H-D | M] -- C:\Users\July\AppData\Roaming\EAC
[2009.04.27 09:43:37 | 000,000,000 | -H-D | M] -- C:\Users\July\AppData\Roaming\Elluminate
[2011.09.21 06:03:35 | 000,000,000 | -H-D | M] -- C:\Users\July\AppData\Roaming\EurekaLog
[2011.09.25 14:41:10 | 000,000,000 | -H-D | M] -- C:\Users\July\AppData\Roaming\ICQ
[2010.10.13 19:38:52 | 000,000,000 | -H-D | M] -- C:\Users\July\AppData\Roaming\ICQLite
[2009.02.07 00:37:40 | 000,000,000 | -H-D | M] -- C:\Users\July\AppData\Roaming\Infineon
[2011.07.28 22:17:35 | 000,000,000 | -H-D | M] -- C:\Users\July\AppData\Roaming\IrfanView
[2011.09.16 07:08:23 | 000,000,000 | -H-D | M] -- C:\Users\July\AppData\Roaming\JonDo
[2009.03.04 13:46:08 | 000,000,000 | -H-D | M] -- C:\Users\July\AppData\Roaming\MAGIX
[2010.10.13 19:58:58 | 000,000,000 | -H-D | M] -- C:\Users\July\AppData\Roaming\OCS
[2009.02.07 13:00:51 | 000,000,000 | -H-D | M] -- C:\Users\July\AppData\Roaming\OpenOffice.org
[2010.10.13 19:59:14 | 000,000,000 | -H-D | M] -- C:\Users\July\AppData\Roaming\Opera
[2009.02.07 12:10:01 | 000,000,000 | -H-D | M] -- C:\Users\July\AppData\Roaming\Protector Suite
[2010.10.11 19:48:29 | 000,000,000 | -H-D | M] -- C:\Users\July\AppData\Roaming\QIP
[2011.07.25 18:49:27 | 000,000,000 | -H-D | M] -- C:\Users\July\AppData\Roaming\Samsung
[2009.02.07 15:46:56 | 000,000,000 | -H-D | M] -- C:\Users\July\AppData\Roaming\TeamViewer
[2009.02.09 21:09:13 | 000,000,000 | -H-D | M] -- C:\Users\July\AppData\Roaming\TerraTec
[2010.08.20 21:39:53 | 000,000,000 | -H-D | M] -- C:\Users\July\AppData\Roaming\TippKönigin
[2009.02.07 14:51:41 | 000,000,000 | -H-D | M] -- C:\Users\July\AppData\Roaming\Toolbars
[2010.05.01 22:01:36 | 000,000,000 | -H-D | M] -- C:\Users\July\AppData\Roaming\Ulead Systems
[2011.09.30 15:27:57 | 000,032,516 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT
========== Purity Check ==========
< End of report >
Extras-Datei: OTL Logfile: Code:
ATTFilter OTL Extras logfile created on: 30.09.2011 15:40:16 - Run 1
OTL by OldTimer - Version 3.2.29.1 Folder = D:\download
Windows Vista Home Premium Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
3,00 Gb Total Physical Memory | 1,68 Gb Available Physical Memory | 56,06% Memory free
6,19 Gb Paging File | 4,96 Gb Available in Paging File | 80,15% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 43,95 Gb Total Space | 1,48 Gb Free Space | 3,37% Space Free | Partition Type: NTFS
Drive D: | 246,33 Gb Total Space | 46,53 Gb Free Space | 18,89% Space Free | Partition Type: NTFS
Computer Name: JULYSLAPTOP | User Name: July | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
========== Extra Registry (SafeList) ==========
========== File Associations ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- C:\Windows\System32\control.exe (Microsoft Corporation)
.hlp [@ = hlpfile] -- C:\Windows\winhlp32.exe (Microsoft Corporation)
[HKEY_CURRENT_USER\SOFTWARE\Classes\<extension>]
.html [@ = FirefoxHTML] -- C:\Program Files\Mozilla Firefox 4.0 Beta 10\firefox.exe (Mozilla Corporation)
========== Shell Spawning ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
hlpfile [open] -- %SystemRoot%\winhlp32.exe %1 (Microsoft Corporation)
htmlfile [edit] -- "D:\Microsoft Office\Office12\msohtmed.exe" %1 (Microsoft Corporation)
htmlfile [print] -- "D:\Microsoft Office\Office12\msohtmed.exe" /p %1 (Microsoft Corporation)
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [AddToPlaylistVLC] -- C:\Program Files\VideoLAN\VLC\vlc.exe --started-from-file --playlist-enqueue "%1" ()
Directory [Browse with &IrfanView] -- "C:\Program Files\IrfanView\i_view32.exe" "%1 /thumbs" (Irfan Skiljan)
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [OneNote.Open] -- D:\MICROS~1\Office12\ONENOTE.EXE "%L" (Microsoft Corporation)
Directory [PlayWithVLC] -- C:\Program Files\VideoLAN\VLC\vlc.exe --started-from-file --no-playlist-enqueue "%1" ()
Folder [open] -- %SystemRoot%\Explorer.exe /separate,/idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /separate,/e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
========== Security Center Settings ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1
"UacDisableNotify" = 0
"InternetSettingsDisableNotify" = 0
"AutoUpdateDisableNotify" = 0
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
"DisableMonitoring" = 1
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus]
"DisableMonitoring" = 1
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall]
"DisableMonitoring" = 1
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ZoneLabsFirewall]
"DisableMonitoring" = 1
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 1
"VistaSp1" = Reg Error: Unknown registry data type -- File not found
"VistaSp2" = Reg Error: Unknown registry data type -- File not found
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]
========== Firewall Settings ==========
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"EnableFirewall" = 0
"DisableNotifications" = 0
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall" = 0
"DisableNotifications" = 0
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"EnableFirewall" = 0
"DisableNotifications" = 0
"DoNotAllowExceptions" = 0
========== Authorized Applications List ==========
========== Vista Active Open Ports Exception List ==========
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{09E6D8EE-1D57-4CFA-A93E-55D8B011F3E4}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{0E96BDC4-C384-4F9C-A786-8DB16154FCE3}" = lport=3702 | protocol=17 | dir=in | svc=fdrespub | app=%systemroot%\system32\svchost.exe |
"{48855D5F-9C20-4997-8902-E7D48A9E572A}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{581C0D46-015B-4995-AC61-2C97243A51DE}" = lport=3702 | protocol=17 | dir=in | svc=fdphost | app=%systemroot%\system32\svchost.exe |
"{597EAEE0-CCCD-499F-8479-382D903FEFCF}" = lport=6004 | protocol=17 | dir=in | app=d:\microsoft office\office12\outlook.exe |
"{7A96E5C7-3BE4-477B-9CF2-C4E8DE29BB97}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{C7F82379-F4DB-449C-B480-FF378E443D5B}" = rport=3702 | protocol=17 | dir=out | svc=fdphost | app=%systemroot%\system32\svchost.exe |
"{DC4E30C8-D931-4838-A7BA-F6B68C9DB744}" = lport=135 | protocol=6 | dir=in | svc=rpcss | app=c:\windows\system32\svchost.exe |
"{DD37841E-B67A-4F1E-A700-1592F3A5C321}" = rport=3702 | protocol=17 | dir=out | svc=fdrespub | app=%systemroot%\system32\svchost.exe |
"{FB8CB996-2361-4037-B1DB-F754A68B1A45}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe |
========== Vista Active Application Exception List ==========
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{01CD2E4A-2A47-4E71-B018-480738480B54}" = protocol=17 | dir=in | app=d:\microsoft office\office12\onenote.exe |
"{095F1158-C76F-404D-B39D-60345BF473CF}" = protocol=17 | dir=in | app=c:\windows\system32\muzapp.exe |
"{0F2084F6-1CDC-4F4A-9A7F-9C3D3D5CADC3}" = protocol=6 | dir=in | app=c:\windows\system32\plasrv.exe |
"{1962FA8E-D336-472B-8FB0-6CC509AE07D1}" = protocol=6 | dir=in | app=c:\program files\icq7.5\icq.exe |
"{28BB33C4-CEA9-4DB2-850B-F5A2B7602EEB}" = protocol=17 | dir=in | app=c:\program files\icq7.5\icq.exe |
"{2BFE529D-DB15-443C-BC0F-4BE1FEFCAD5C}" = protocol=6 | dir=in | app=c:\program files\icq7.5\icq.exe |
"{2F234946-5417-4D67-ADCF-106D37CDA941}" = protocol=6 | dir=in | app=c:\users\july\appdata\roaming\dropbox\bin\dropbox.exe |
"{365ACB67-B936-4CC1-9572-C15A9BD06D8B}" = protocol=17 | dir=in | app=c:\users\july\appdata\roaming\dropbox\bin\dropbox.exe |
"{7109B1BD-336D-4AD2-B97D-65F0251419E0}" = protocol=17 | dir=in | app=c:\program files\terratec\terratec home cinema\cinergydvr.exe |
"{72C1DD05-F754-4D2D-A68B-A5D59376F47C}" = protocol=6 | dir=in | app=c:\program files\icq7.5\icq.exe |
"{98B9BDDA-8A90-49EB-8937-EC8D731128B1}" = protocol=17 | dir=in | app=c:\program files\terratec\terratec home cinema\insttool.exe |
"{9D505DBC-B6D1-421D-BA32-555ECEC96B85}" = protocol=17 | dir=in | app=d:\microsoft office\office12\groove.exe |
"{A40743B6-6D78-4893-978E-3904CEA86F2D}" = protocol=6 | dir=in | app=c:\program files\terratec\terratec home cinema\tvtvsetup\tvtv_wizard.exe |
"{A5ED0936-6363-4025-9FA3-88FB0D1B949F}" = protocol=17 | dir=in | app=c:\program files\icq7.5\icq.exe |
"{A840F394-C630-4994-9EF1-C9289AAAA475}" = protocol=6 | dir=in | app=d:\microsoft office\office12\onenote.exe |
"{A8904B58-0900-47CB-9981-BAB6029ED5F1}" = dir=in | app=c:\program files\skype\plugin manager\skypepm.exe |
"{AB16F888-359A-4A32-9E98-A71BBAEE778E}" = protocol=6 | dir=in | app=d:\microsoft office\office12\groove.exe |
"{AF6A24E2-825E-4642-A4EF-10735ADC638A}" = protocol=17 | dir=in | app=c:\program files\icq7.5\icq.exe |
"{B2EC6567-7D00-437C-A3DF-D42B2AEFD95D}" = protocol=6 | dir=in | app=c:\windows\system32\muzapp.exe |
"{B6661B59-FE2C-419E-B0CF-90613340D301}" = protocol=6 | dir=in | app=c:\program files\terratec\terratec home cinema\cinergydvr.exe |
"{B88EAD91-30B2-4238-A9D8-EADA48CEEF00}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{C99052E1-73F6-426E-A610-72A5FD4C1D19}" = protocol=6 | dir=in | app=c:\program files\terratec\terratec home cinema\insttool.exe |
"{DECA3888-4FED-4266-8A3B-F6192AB569F0}" = protocol=17 | dir=in | app=c:\program files\terratec\terratec home cinema\tvtvsetup\tvtv_wizard.exe |
"{FF145D1C-C388-4F6A-B5DA-9AF0C0076E4F}" = protocol=6 | dir=out | svc=upnphost | app=%systemroot%\system32\svchost.exe |
"TCP Query User{D21565E6-51EC-4815-8D2B-50722B89D3F1}C:\program files\qip\qip.exe" = protocol=6 | dir=in | app=c:\program files\qip\qip.exe |
"TCP Query User{DEA72C7F-EB24-4ACC-89EC-D213B1A38454}C:\program files\terratec\terratec home cinema\versioncheck\versioncheck.exe" = protocol=6 | dir=in | app=c:\program files\terratec\terratec home cinema\versioncheck\versioncheck.exe |
"UDP Query User{B1A9E6C7-882E-4E90-970B-00D6F039F5A1}C:\program files\terratec\terratec home cinema\versioncheck\versioncheck.exe" = protocol=17 | dir=in | app=c:\program files\terratec\terratec home cinema\versioncheck\versioncheck.exe |
"UDP Query User{E16AC443-F076-4E56-93EC-45C063086DE0}C:\program files\qip\qip.exe" = protocol=17 | dir=in | app=c:\program files\qip\qip.exe |
========== HKEY_LOCAL_MACHINE Uninstall List ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{009E5DF2-3F97-480B-89DA-F2D5E672E14A}_is1" = Live Update 5
"{052FDD78-A6EA-3187-8386-C82F4CA3A929}" = Microsoft .NET Framework 3.5 Language Pack SP1 - deu
"{07690F1C-04B1-4060-9691-6748ED1826B9}" = MSI Software Install
"{0A35B15C-9CCD-4C0C-BD5B-34ABF8C95813}_is1" = ICQ 7.5 Build #5242 Banner Remover 1.1
"{0B3973ED-EB50-5888-7538-1E635CF19C75}" = CCC Help Chinese Standard
"{18D10072035C4515918F7E37EAFAACFC}" = AutoUpdate
"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
"{23B14BE4-5277-40B2-B602-3FCD456C27BC}" = Protector Suite QL 5.8
"{26921B2E-3E62-47F9-A514-1FC4A83BD738}" = Intel(R) PROSet/Wireless WiFi Software
"{26A24AE4-039D-4CA4-87B4-2F83216026FF}" = Java(TM) 6 Update 26
"{28006915-2739-4EBE-B5E8-49B25D32EB33}" = Atheros Client Installation Program
"{2892E1B7-E24D-4CCB-B8A7-B63D4B66F89F}" = BurnRecovery
"{289338AE-2213-4509-AED2-450414C1260C}_is1" = ICQ Update Patch 1.7
"{294BB21B-0091-492F-87D2-A9192DA3E448}" = System Requirements Lab for Intel
"{2D5BCDF0-663C-8319-00F1-D76CC6C354FE}" = Catalyst Control Center Graphics Previews Vista
"{3248F0A8-6813-11D6-A77B-00B0D0160070}" = Java(TM) 6 Update 7
"{389D6438-7C5C-A81D-A38B-1A82CE0F440E}" = Catalyst Control Center Localization Chinese Traditional
"{3FC7CBBC4C1E11DCA1A752EA55D89593}" = DivX Version Checker
"{415B2719-AD3A-4944-B404-C472DB6085B3}" = Cisco EAP-FAST Module
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{5335DADB-34BA-4AE8-A519-648D78498846}" = Skype™ 5.3
"{54C7B05B-DCB8-7F70-5446-CE7DF004F367}" = CCC Help Japanese
"{56C049BE-79E9-4502-BEA7-9754A3E60F9B}" = neroxml
"{5812E6DA-9954-1915-9E98-3BB11924C1A4}" = CCC Help English
"{5DA8F6CD-C70E-39D8-8430-3D9808D6BD17}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30411
"{5E222767-9BFB-BDEA-8A10-2141C0447D84}" = Catalyst Control Center Graphics Full Existing
"{5EE7D259-D137-4438-9A5F-42F432EC0421}" = VC80CRTRedist - 8.0.50727.4053
"{63B9BAB5-F36A-4A3B-9E5C-68A7F212BFB9}" = TerraTec Home Cinema
"{669C7BD8-DAA2-49B6-966C-F1E2AAE6B17E}" = Cisco PEAP Module
"{6F06E141-1106-0881-BE93-003C099E72F3}" = Catalyst Control Center Localization Chinese Standard
"{70E8EBD5-78C9-4258-B20A-5098CCA000F0}" = Dolby Control Center
"{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}" = Microsoft Visual C++ 2005 Redistributable
"{7578ADEA-D65F-4C89-A249-B1C88B6FFC20}" = ICQ7.5
"{758C8301-2696-4855-AF45-534B1200980A}" = Samsung Kies
"{7748AC8C-18E3-43BB-959B-088FAEA16FB2}" = Nero StartSmart
"{7EC19307-7C22-47A8-922B-3FA965291260}" = OpenOffice.org 3.0
"{817DE62F-5787-43BB-8877-5F81FAE5A823}" = ACUBE UniSSOTray V1.0
"{82F913E9-BBF2-B8C0-6869-C7824B883329}" = ATI Catalyst Install Manager
"{83770D14-21B9-44B3-8689-F7B523F94560}" = Cisco LEAP Module
"{86D4B82A-ABED-442A-BE86-96357B70F4FE}" = Ask Toolbar
"{8833FFB6-5B0C-4764-81AA-06DFEED9A476}" = Realtek 8169 8168 8101E 8102E Ethernet Driver
"{8ADFC4160D694100B5B8A22DE9DCABD9}" = DivX Player
"{90120000-0015-0407-0000-0000000FF1CE}" = Microsoft Office Access MUI (German) 2007
"{90120000-0015-0407-0000-0000000FF1CE}_ENTERPRISE_{9BD40163-B95D-4B07-8991-0AB775B6D88B}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0016-0407-0000-0000000FF1CE}" = Microsoft Office Excel MUI (German) 2007
"{90120000-0016-0407-0000-0000000FF1CE}_ENTERPRISE_{9BD40163-B95D-4B07-8991-0AB775B6D88B}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0018-0407-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (German) 2007
"{90120000-0018-0407-0000-0000000FF1CE}_ENTERPRISE_{9BD40163-B95D-4B07-8991-0AB775B6D88B}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0019-0407-0000-0000000FF1CE}" = Microsoft Office Publisher MUI (German) 2007
"{90120000-0019-0407-0000-0000000FF1CE}_ENTERPRISE_{9BD40163-B95D-4B07-8991-0AB775B6D88B}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-001A-0407-0000-0000000FF1CE}" = Microsoft Office Outlook MUI (German) 2007
"{90120000-001A-0407-0000-0000000FF1CE}_ENTERPRISE_{9BD40163-B95D-4B07-8991-0AB775B6D88B}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-001B-0407-0000-0000000FF1CE}" = Microsoft Office Word MUI (German) 2007
"{90120000-001B-0407-0000-0000000FF1CE}_ENTERPRISE_{9BD40163-B95D-4B07-8991-0AB775B6D88B}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-001F-0407-0000-0000000FF1CE}" = Microsoft Office Proof (German) 2007
"{90120000-001F-0407-0000-0000000FF1CE}_ENTERPRISE_{A0516415-ED61-419A-981D-93596DA74165}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2007
"{90120000-001F-0409-0000-0000000FF1CE}_ENTERPRISE_{ABDDE972-355B-4AF1-89A8-DA50B7B5C045}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2007
"{90120000-001F-040C-0000-0000000FF1CE}_ENTERPRISE_{F580DDD5-8D37-4998-968E-EBB76BB86787}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-001F-0410-0000-0000000FF1CE}" = Microsoft Office Proof (Italian) 2007
"{90120000-001F-0410-0000-0000000FF1CE}_ENTERPRISE_{322296D4-1EAE-4030-9FBC-D2787EB25FA2}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-002C-0407-0000-0000000FF1CE}" = Microsoft Office Proofing (German) 2007
"{90120000-0030-0000-0000-0000000FF1CE}" = Microsoft Office Enterprise 2007
"{90120000-0030-0000-0000-0000000FF1CE}_ENTERPRISE_{0B36C6D6-F5D8-4EAF-BF94-4376A230AD5B}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0030-0000-0000-0000000FF1CE}_ENTERPRISE_{3D019598-7B59-447A-80AE-815B703B84FF}" = Security Update for Microsoft Office system 2007 (972581)
"{90120000-0044-0407-0000-0000000FF1CE}" = Microsoft Office InfoPath MUI (German) 2007
"{90120000-0044-0407-0000-0000000FF1CE}_ENTERPRISE_{9BD40163-B95D-4B07-8991-0AB775B6D88B}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-006E-0407-0000-0000000FF1CE}" = Microsoft Office Shared MUI (German) 2007
"{90120000-006E-0407-0000-0000000FF1CE}_ENTERPRISE_{26454C26-D259-4543-AA60-3189E09C5F76}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-00A1-0407-0000-0000000FF1CE}" = Microsoft Office OneNote MUI (German) 2007
"{90120000-00A1-0407-0000-0000000FF1CE}_ENTERPRISE_{9BD40163-B95D-4B07-8991-0AB775B6D88B}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-00BA-0407-0000-0000000FF1CE}" = Microsoft Office Groove MUI (German) 2007
"{90120000-00BA-0407-0000-0000000FF1CE}_ENTERPRISE_{9BD40163-B95D-4B07-8991-0AB775B6D88B}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90140000-2005-0000-0000-0000000FF1CE}" = Microsoft Office File Validation Add-In
"{9068B2BE-D93A-4C0A-861C-5E35E2C0E09E}" = Intel® Matrix Storage Manager
"{958DD4C6-4E8C-9E32-2292-EF9FF25E5C35}" = CCC Help Chinese Traditional
"{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
"{9E4C9080-C91E-253C-B51E-A81C9B96C10C}" = Catalyst Control Center InstallProxy
"{A3BE3F1E-2472-4211-8735-E8239BE49D9F}" = Ulead Burn.Now 4.5
"{A48A1D1C-307A-46F9-983E-9762863D15F1}" = GMX Toolbar MSVC100 CRT x86
"{A72D6F6E-81DA-9BF5-E193-7CD8DC28EB62}" = Catalyst Control Center Graphics Light
"{AC76BA86-7AD7-1033-7B44-A83000000003}" = Adobe Reader 8.3.1
"{AC76BA86-7AD7-5464-3428-800000000003}" = Spelling Dictionaries Support For Adobe Reader 8
"{B2EC4A38-B545-4A00-8214-13FE0E915E6D}" = Advertising Center
"{B56195ED-11C3-7F0D-4DE4-343D3BD57F3A}" = Catalyst Control Center Core Implementation
"{B6CF2967-C81E-40C0-9815-C05774FEF120}" = Skype Toolbars
"{B7050CBDB2504B34BC2A9CA0A692CC29}" = DivX Web Player
"{B744CE83-FAB5-A833-4446-E4CF437B5E69}" = Catalyst Control Center Localization Japanese
"{BD5CA0DA-71AD-43DA-B19E-6EEE0C9ADC9A}" = Nero ControlCenter
"{C7340571-7773-4A8C-9EBC-4E4243B38C76}" = Microsoft XML Parser
"{C81A2FE0-3574-00A9-CED4-BDAA334CBE8E}" = Nero Online Upgrade
"{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1
"{CEBB6BFB-D708-4F99-A633-BC2600E01EF6}" = Bluetooth Stack for Windows by Toshiba
"{D0795B21-0CDA-4a92-AB9E-6E92D8111E44}" = SAMSUNG USB Driver for Mobile Phones
"{D1504C77-1B19-4AF0-8DEC-946666123B55}" = CrazyTalk Cam Suite
"{d4471e5a-b76c-46a8-9631-edeb581c5ba9}" = Nero 9 Lite
"{DC24971E-1946-445D-8A82-CE685433FA7D}" = Realtek USB 2.0 Card Reader
"{E105ADD3-D412-3CB1-602C-07D791FDEE88}" = Skins
"{E5E80E00-F4B9-74DD-42ED-06D1789D5E22}" = ccc-core-static
"{E8A80433-302B-4FF1-815D-FCC8EAC482FF}" = Nero Installer
"{ED9C5D25-55DF-48D8-9328-2AC0D75DE5D8}" = System Control Manager
"{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver
"{FBF8AB14-5496-C04B-C3AE-B8860BFF61F4}" = Catalyst Control Center Graphics Full New
"{FF61E4BC-A243-AEFA-0602-103943FB93E3}" = ccc-utility
"{FF66E9F6-83E7-3A3E-AF14-8DE9A809A6A4}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022
"1&1 Mail & Media GmbH 1und1InternetExplorerAddon" = GMX Internet Explorer Addon
"1&1 Mail & Media GmbH 1und1Softwareaktualisierung" = GMX Softwareaktualisierung
"1&1 Mail & Media GmbH Toolbar FF" = GMX Toolbar für Mozilla Firefox
"1&1 Mail & Media GmbH Toolbar IE8" = GMX Toolbar für Internet Explorer
"7-Zip" = 7-Zip 4.65
"Adobe Flash Player ActiveX" = Adobe Flash Player 10 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 10 Plugin
"Audiograbber" = Audiograbber 1.83 SE
"Avira AntiVir Desktop" = Avira AntiVir Personal - Free Antivirus
"Citavi" = Citavi 2.5
"CyberGhost VPN_is1" = CyberGhost VPN
"ENTERPRISE" = Microsoft Office Enterprise 2007
"Exact Audio Copy" = Exact Audio Copy 1.0beta2
"Firebird SQL Server D" = Firebird SQL Server - MAGIX Edition 2.0.0.1 (D)
"ICQToolbar" = ICQ Toolbar
"Install MAGIX Goya Base UK" = Install MAGIX Goya Base 1.0.2.0 (UK)
"InstallShield_{758C8301-2696-4855-AF45-534B1200980A}" = Samsung Kies
"InstallShield_{A3BE3F1E-2472-4211-8735-E8239BE49D9F}" = Ulead Burn.Now 4.5 SE
"IrfanView" = IrfanView (remove only)
"JAP" = JAP
"LastFM_is1" = Last.fm 1.5.4.27091
"MAGIX Foto Manager 2006 D" = MAGIX Foto Manager 2006 3.4.0.450 (D)
"MAGIX Goya Base D" = MAGIX Goya Base 1.3.1.2 (D)
"MAGIX Music Manager 2006 D" = MAGIX Music Manager 2006 7.4.0.438 (D)
"MAGIX Online Druck Service D" = MAGIX Online Druck Service 2.3.2.0 (D)
"Microsoft .NET Framework 3.5 Language Pack SP1 - deu" = Microsoft .NET Framework 3.5 Language Pack SP1 - DEU
"Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1
"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile
"Mozilla Firefox 6.0.2 (x86 de)" = Mozilla Firefox 6.0.2 (x86 de)
"OpenVPN" = OpenVPN 2.1_rc21
"Oxford Advanced Genie" = Oxford Advanced Genie
"Product_Name" = eText typeSmart
"ProInst" = Intel PROSet Wireless
"SearchAnonymizer" = SearchAnonymizer
"TeamViewer 4" = TeamViewer 4
"TippKönigin_is1" = TippKönigin 5.5
"VLC media player" = VLC media player 0.9.8a
"ZoneAlarm" = ZoneAlarm
========== HKEY_CURRENT_USER Uninstall List ==========
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"Dropbox" = Dropbox
========== Last 10 Event Log Errors ==========
[ Application Events ]
Error - 03.06.2010 12:32:11 | Computer Name = JulysLaptop | Source = Windows Search Service | ID = 3013
Description =
Error - 03.06.2010 12:32:13 | Computer Name = JulysLaptop | Source = Windows Search Service | ID = 3013
Description =
Error - 03.06.2010 12:32:14 | Computer Name = JulysLaptop | Source = Windows Search Service | ID = 3013
Description =
Error - 03.06.2010 17:13:19 | Computer Name = JulysLaptop | Source = Windows Search Service | ID = 3010
Description =
Error - 04.06.2010 02:34:04 | Computer Name = JulysLaptop | Source = Microsoft-Windows-CAPI2 | ID = 131083
Description =
Error - 04.06.2010 02:34:08 | Computer Name = JulysLaptop | Source = WinMgmt | ID = 10
Description =
Error - 04.06.2010 10:00:04 | Computer Name = JulysLaptop | Source = Microsoft-Windows-CAPI2 | ID = 131083
Description =
Error - 04.06.2010 10:00:11 | Computer Name = JulysLaptop | Source = WinMgmt | ID = 10
Description =
Error - 05.06.2010 12:09:56 | Computer Name = JulysLaptop | Source = Microsoft-Windows-CAPI2 | ID = 131083
Description =
Error - 05.06.2010 12:10:00 | Computer Name = JulysLaptop | Source = WinMgmt | ID = 10
Description =
[ OSession Events ]
Error - 03.01.2011 11:02:58 | Computer Name = JulysLaptop | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 0, Application Name: Microsoft Office Word, Application Version:
12.0.6545.5000, Microsoft Office Version: 12.0.6425.1000. This session lasted 100700
seconds with 22500 seconds of active time. This session ended with a crash.
[ System Events ]
Error - 29.09.2011 11:46:19 | Computer Name = JulysLaptop | Source = BROWSER | ID = 8032
Description =
Error - 29.09.2011 12:02:47 | Computer Name = JulysLaptop | Source = DCOM | ID = 10010
Description =
Error - 30.09.2011 09:14:03 | Computer Name = JulysLaptop | Source = Service Control Manager | ID = 7022
Description =
Error - 30.09.2011 09:17:34 | Computer Name = JulysLaptop | Source = Microsoft-Windows-LanguagePackSetup | ID = 1001
Description =
Error - 30.09.2011 09:19:36 | Computer Name = JulysLaptop | Source = volsnap | ID = 393236
Description = Die Schattenkopien von Volume "D:" wurden aufgrund von einem fehlgeschlagenen
Rechenvorgang bezüglich verfügbarem Speicher abgebrochen.
Error - 30.09.2011 09:21:01 | Computer Name = JulysLaptop | Source = Microsoft-Windows-WindowsUpdateClient | ID = 20
Description =
Error - 30.09.2011 09:21:15 | Computer Name = JulysLaptop | Source = Microsoft-Windows-WindowsUpdateClient | ID = 20
Description =
Error - 30.09.2011 09:23:36 | Computer Name = JulysLaptop | Source = Microsoft-Windows-WindowsUpdateClient | ID = 20
Description =
Error - 30.09.2011 09:36:20 | Computer Name = JulysLaptop | Source = Service Control Manager | ID = 7022
Description =
Error - 30.09.2011 09:38:56 | Computer Name = JulysLaptop | Source = Microsoft-Windows-LanguagePackSetup | ID = 1001
Description =
< End of report >
Dankeschön!! Geändert von julianes (08.10.2011 um 17:25 Uhr) |
|
09.10.2011, 02:49
| #14 |
| | TR/Spy.Web.H und windows-virus w32/Indus.A Hallo, ich habe gerade meinen Laptop hochgefahren und jetzt auf einmal ist der ganze Desktop - der Hintergrund ist immer noch schwarz- voll mit word-Dokumenten, die ich auch öffnen kann. Auch die icons für Outlook, Firefox, icq, der Ordner 'eigene Dateien', und noch ein paar mehr sind wieder auf dem Desktop. Die word-Dokumente hatte ich jedoch vorher nicht auf dem Desktop liegen gehabt. Viele Grüße, Juliane |
|
10.10.2011, 05:48
| #15 | ||
| /// Helfer-Team | TR/Spy.Web.H und windows-virus w32/Indus.A 1. Zitat:
Zitat:
TDSSKiller von Kaspersky
3. Alte Logfiles löschen! erneut einen Scan mit OTL:
__________________ Warnung!: Vorsicht beim Rechnungen per Email mit ZIP-Datei als Anhang! Kann mit einen Verschlüsselungs-Trojaner infiziert sein! Anhang nicht öffnen, in unserem Forum erst nachfragen! Sichere regelmäßig deine Daten, auf CD/DVD, USB-Sticks oder externe Festplatten, am besten 2x an verschiedenen Orten! Bitte diese Warnung weitergeben, wo Du nur kannst! |
|
| Themen zu TR/Spy.Web.H und windows-virus w32/Indus.A |
| ahnung, appdata, befall, bildschirm, dateien, ebenfalls, email, frage, fragen, fragen zum lösungsweg, guten, heute, infiziert, laptop, microsoft, pcs, problem, probleme, quarantäne, rechner, roaming, schwarzer bildschirm, tr/spy.web.h, voll, woche, worte |
.
Linear-Darstellung
