| |
| |||||||
Plagegeister aller Art und deren Bekämpfung: zufällig bei Autostart-Dateien jashla.exe entdeckt, sonst glaube keine AuffälligkeitenWindows 7 Wenn Du nicht sicher bist, ob Du dir Malware oder Trojaner eingefangen hast, erstelle hier ein Thema. Ein Experte wird sich mit weiteren Anweisungen melden und Dir helfen die Malware zu entfernen oder Unerwünschte Software zu deinstallieren bzw. zu löschen. Bitte schildere dein Problem so genau wie möglich. Sollte es ein Trojaner oder Viren Problem sein wird ein Experte Dir bei der Beseitigug der Infektion helfen. |
 |
30.01.2012, 11:32
| #1 |
 |  zufällig bei Autostart-Dateien jashla.exe entdeckt, sonst glaube keine Auffälligkeiten Hallo ihr lieben. Ich habe, als ich die Autostarteinstellungen ändern wollte, ein Programm gefunden, das mir komisch vor kam, also jashla.exe und nach einigem Suchen im Internet mich auch wieder an den Bildschirm vom BKA erinnert. Allerdings habe ich stets Malwarebyte, Spybot und etwas stümperhaft Hijack this angewendet, die es wohl nicht finden und offensichtlich ist er immernoch da. Wahrscheinlich sogar seit 4 Monaten. Was mir an meinem Computer (Windows Vista) auffällt: Er ist recht langsam und manchmal reagiert er nicht, sodass ich den Taskmanager aufrufen muss und es dann meistens weitergeht. Kann aber schon vor dem Auftauchen des besagten Bildschirms der Fall gewesen sein. Meine Fragen: Ist es für mich sinnvoll die Vorgehensweise aus diesem Thread nachzumachen? http://www.trojaner-board.de/102787-jashla-exe.html Sollte ich meine Daten vorher speichern? Kann ich sie auf einer neuen Festplatte speichern, ohne diese zu infizieren? Wahrscheinlich nicht, oder? Ich kann meinen Computer nicht neuinstallieren, da ich beim Umzug die ganzen Cds etc verloren habe. Ist aber legal gekauftes Windows Vista. Ich wäre für Eure Hilfe sehr dankbar! Grüße, Theo Geändert von Theo123 (30.01.2012 um 11:51 Uhr) |
|
30.01.2012, 18:01
| #2 | |||||
| /// Helfer-Team    |  zufällig bei Autostart-Dateien jashla.exe entdeckt, sonst glaube keine Auffälligkeiten Hallo und Herzlich Willkommen!
__________________ Bevor wir unsere Zusammenarbeit beginnen, [Bitte Vollständig lesen]: Zitat:
Zitat:
Zitat:
Tipps & Rat: ➊ Datensicherung: ► NUR Daten sichern, die nicht ausführbaren Dateien enthalten - Dateiendungen - Dies ist eine Liste von Dateiendungen, die Dateien mit ausführbarem Code bezeichnen können. - Vorsicht mit den schon vorhandenen Dateien auf die extern gespeicherten Daten und auch jetzt mit dem Virus infizierte Dateien eine Datensicherung anzufertigen - Am besten alles was dir sehr wichtig, separat (extern) sichern - nicht mischen eventuell früher geschicherten Daten, also vor dem Befall! - Eventuell gecrackte Software nicht sichern und dann auf neu aufgesetztem System wieder drauf installieren! - Vor zurückspielen - bevor du mit deinem PC direkt ins Netz gehst...: - die Autoplay-Funktion für alle Laufwerke deaktivieren/ausschalten -> Autorun/Autoplay gezielt für Laufwerkstypen oder -buchstaben abschalten Die auf eine externe Festplatte gesicherten Daten, gründlich zu scannen von einem suaberen System aus, am besten mit mehreren Scannern-> Kostenlose Online Scanner - Anleitung ➋ Ich würde Dir vorsichtshalber raten, dein Passwort zu ändern z.B. Login-, Mail- oder Website-Passwörter Tipps: Die sichere Passwort-Wahl - (sollte man eigentlich regelmäßigen Abständen ca. alle 3-5 Monate ändern) auch noch hier unter: Sicheres Kennwort (Password) Zitat:
Oder weil die eigene Installations-CD ist nicht mehr Bestandteil des PC`s und Laptops...: Hat dein PC vlt eine Recoveryfunktion, mit dem der Auslieferungszustand wiederhergestellt werden kann? Es gibt eine Tastenkombination, die Du beim start des Pc´s drücken musst, oder alternativ klicke auf Start -> Alle Programme -> Recovery Manager Wie Du aus dem Handbuch der Herstellers entnehmen kannst, oder der technischer Support wenden. ► Erster Teil des 3-teiligen Verfahren, werden wir dein System auf Viren untersuchen, bzw nach einem anderen Verursacher suchen: Für Vista und Win7: Wichtig: Alle Befehle bitte als Administrator ausführen! rechte Maustaste auf die Eingabeaufforderung und "als Administrator ausführen" auswählen Auf der angewählten Anwendung einen Rechtsklick (rechte Maustaste) und "Als Administrator ausführen" wählen! 1. Lade Dir Malwarebytes Anti-Malware von→ malwarebytes.org
2. Systemscan mit OTL Lade Dir bitte OTL von Oldtimer herunter und speichere es auf Deinem Desktop
3. Um festzustellen, ob veraltete oder schädliche Software unter Programme installiert sind, ich würde gerne noch all deine installierten Programme sehen: Lade dir das Tool CCleaner herunter → Download installieren (Software-Lizenzvereinbarung lesen, falls angeboten wird "Füge CCleaner Yahoo! Toolbar hinzu" abwählen)→ starten→ Sprache → Deutsch auswählen dann klick auf "Extra (um die installierten Programme auch anzuzeigen)→ weiter auf "Als Textdatei speichern..." wird eine Textdatei (*.txt) erstellt, kopiere dazu den Inhalt und füge ihn da ein Zitat:
** Möglichst nicht ins internet gehen, kein Online-Banking, File-sharing, Chatprogramme usw grußkira
__________________ Geändert von kira (30.01.2012 um 18:12 Uhr) |
|
31.01.2012, 13:38
| #3 |
| | zufällig bei Autostart-Dateien jashla.exe entdeckt, sonst glaube keine Auffälligkeiten Hallo.
__________________Danke für die Antworten!! Habe bisher noch nicht alles geschafft (Malware-Durchlauf dauert 9 h bei meinem Laptop). Habe aber folgendes über den BKA Virus bei den Autostart Dateien gefunden: Dateiname: jashla.exe Startwert: C:\Users\[Benutzername]\AppData\Roaming\jashla.exe Dateipfad: C:\Users\[Benutzername]\\AppData\Roaming\jashla.exe Starttyp: Registrierung: Aktueller Benutzer Speicherort: Software\Microsoft\Windows\CurrentVersion\Run Klassifizierung: Deaktiviert SpyNet-Abstimmung: In Bearbeitung sagt das schon mal irgendetwas aus? Grüße! |
|
31.01.2012, 16:07
| #4 |
| /// Helfer-Team | zufällig bei Autostart-Dateien jashla.exe entdeckt, sonst glaube keine Auffälligkeiten kannst auch zunächst die Schritte 2. und 3. machen und die Logs mir posten können wir das Malwarebytes später noch laufen lassen
__________________ Warnung!: Vorsicht beim Rechnungen per Email mit ZIP-Datei als Anhang! Kann mit einen Verschlüsselungs-Trojaner infiziert sein! Anhang nicht öffnen, in unserem Forum erst nachfragen! Sichere regelmäßig deine Daten, auf CD/DVD, USB-Sticks oder externe Festplatten, am besten 2x an verschiedenen Orten! Bitte diese Warnung weitergeben, wo Du nur kannst! |
|
31.01.2012, 23:44
| #5 |
| | zufällig bei Autostart-Dateien jashla.exe entdeckt, sonst glaube keine Auffälligkeiten Malware-Ausgabe: [code] Malwarebytes Anti-Malware 1.60.1.1000 www.malwarebytes.org Datenbank Version: v2012.01.31.05 Windows Vista Service Pack 2 x86 NTFS Internet Explorer 7.0.6002.18005 [...]:: HOME [Administrator] 31.01.2012 14:12:59 mbam-log-2012-01-31 (14-12-59).txt Art des Suchlaufs: Vollständiger Suchlauf Aktivierte Suchlaufeinstellungen: Speicher | Autostart | Registrierung | Dateisystem | Heuristiks/Extra | HeuristiKs/Shuriken | PUP | PUM | P2P Deaktivierte Suchlaufeinstellungen: Durchsuchte Objekte: 608208 Laufzeit: 8 Stunde(n), 5 Minute(n), 46 Sekunde(n) Infizierte Speicherprozesse: 0 (Keine bösartigen Objekte gefunden) Infizierte Speichermodule: 0 (Keine bösartigen Objekte gefunden) Infizierte Registrierungsschlüssel: 0 (Keine bösartigen Objekte gefunden) Infizierte Registrierungswerte: 0 (Keine bösartigen Objekte gefunden) Infizierte Dateiobjekte der Registrierung: 0 (Keine bösartigen Objekte gefunden) Infizierte Verzeichnisse: 0 (Keine bösartigen Objekte gefunden) Infizierte Dateien: 0 (Keine bösartigen Objekte gefunden) (Ende) [\code] OTL-Ausgabe: OTL Logfile: Code:
ATTFilter OTL logfile created on: 31.01.2012 22:45:59 - Run 1 OTL by OldTimer - Version 3.2.31.0 Folder = C:\Users\[...]\Downloads Windows Vista Business Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation Internet Explorer (Version = 7.0.6002.18005) Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy 1,99 Gb Total Physical Memory | 0,58 Gb Available Physical Memory | 29,34% Memory free 4,22 Gb Paging File | 2,15 Gb Available in Paging File | 50,90% Paging File free Paging file location(s): ?:\pagefile.sys [binary data] %SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files Drive C: | 223,38 Gb Total Space | 47,79 Gb Free Space | 21,39% Space Free | Partition Type: NTFS Drive E: | 1,55 Gb Total Space | 1,02 Gb Free Space | 65,91% Space Free | Partition Type: NTFS Drive F: | 7,95 Gb Total Space | 2,34 Gb Free Space | 29,43% Space Free | Partition Type: NTFS Computer Name: HOME | User Name: [...]| Logged in as Administrator. Boot Mode: Normal | Scan Mode: Current user Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days ========== Processes (SafeList) ========== PRC - [2012.01.31 19:24:00 | 000,584,192 | ---- | M] (OldTimer Tools) -- C:\Users\[...]\Downloads\OTL.exe PRC - [2012.01.25 11:37:59 | 000,924,632 | ---- | M] (Mozilla Corporation) -- C:\Programme\Mozilla Firefox\firefox.exe PRC - [2012.01.13 14:53:16 | 000,981,680 | ---- | M] (Malwarebytes Corporation) -- C:\Programme\Malwarebytes' Anti-Malware\mbam.exe PRC - [2010.12.10 17:30:50 | 000,086,880 | ---- | M] (Microsoft Corporation) -- c:\Programme\Microsoft SQL Server\90\Shared\sqlwriter.exe PRC - [2010.12.10 17:29:30 | 000,238,944 | ---- | M] (Microsoft Corporation) -- c:\Programme\Microsoft SQL Server\90\Shared\sqlbrowser.exe PRC - [2009.08.05 12:46:55 | 000,185,089 | ---- | M] (Avira GmbH) -- C:\Programme\Avira\AntiVir Desktop\avguard.exe PRC - [2009.06.13 18:51:05 | 000,108,289 | ---- | M] (Avira GmbH) -- C:\Programme\Avira\AntiVir Desktop\sched.exe PRC - [2009.04.11 07:28:03 | 001,233,920 | ---- | M] (Microsoft Corporation) -- C:\Programme\Windows Sidebar\sidebar.exe PRC - [2009.04.11 07:27:36 | 002,926,592 | ---- | M] (Microsoft Corporation) -- C:\Windows\explorer.exe PRC - [2009.03.05 15:07:20 | 002,260,480 | RHS- | M] (Safer-Networking Ltd.) -- C:\Programme\Spybot - Search & Destroy\TeaTimer.exe PRC - [2009.01.26 14:31:10 | 001,153,368 | ---- | M] (Safer Networking Ltd.) -- C:\Programme\Spybot - Search & Destroy\SDWinSec.exe PRC - [2008.10.25 10:44:34 | 000,031,072 | ---- | M] (Microsoft Corporation) -- C:\Programme\Microsoft Office\Office12\GrooveMonitor.exe PRC - [2008.07.04 11:52:18 | 000,014,336 | ---- | M] (Vodafone) -- C:\Programme\Vodafone\Vodafone Mobile Connect\Bin\VMCService.exe PRC - [2008.04.19 12:42:33 | 001,251,720 | ---- | M] () -- C:\Programme\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe PRC - [2008.01.19 08:38:38 | 001,008,184 | ---- | M] (Microsoft Corporation) -- C:\Programme\Windows Defender\MSASCui.exe PRC - [2008.01.19 08:33:23 | 000,020,480 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\RacAgent.exe PRC - [2008.01.16 08:51:44 | 000,030,312 | ---- | M] (Microsoft Corporation) -- C:\Programme\Microsoft Small Business\Business Contact Manager\BcmSqlStartupSvc.exe PRC - [2007.09.26 09:53:56 | 000,554,352 | ---- | M] (Symantec Corporation) -- C:\Programme\Symantec\LiveUpdate\AluSchedulerSvc.exe PRC - [2007.07.24 10:15:14 | 000,185,632 | ---- | M] (Protexis Inc.) -- c:\Programme\Common Files\Protexis\License Service\PsiService_2.exe PRC - [2007.06.06 14:34:02 | 000,715,912 | ---- | M] () -- C:\Windows\SMINST\Scheduler.exe PRC - [2007.04.16 02:00:06 | 000,009,216 | ---- | M] (Agere Systems) -- C:\Windows\System32\agrsmsvc.exe PRC - [2007.03.29 12:11:50 | 000,719,664 | ---- | M] (Broadcom Corporation.) -- C:\Programme\WIDCOMM\Bluetooth Software\BTTray.exe PRC - [2007.03.29 12:11:48 | 001,604,400 | ---- | M] (Broadcom Corporation.) -- C:\Programme\WIDCOMM\Bluetooth Software\BTStackServer.exe PRC - [2007.02.06 07:44:24 | 000,069,632 | ---- | M] (Andrea Electronics Corporation) -- C:\Windows\System32\AEADISRV.EXE PRC - [2007.01.09 14:59:32 | 000,108,648 | ---- | M] (Symantec Corporation) -- C:\Programme\Common Files\Symantec Shared\ccSvcHst.exe PRC - [2007.01.04 18:48:52 | 000,112,152 | R--- | M] (InterVideo) -- C:\Programme\Common Files\InterVideo\RegMgr\iviRegMgr.exe PRC - [2007.01.04 17:19:28 | 000,047,712 | ---- | M] (Symantec Corporation) -- C:\Programme\Common Files\Symantec Shared\AppCore\AppSvc32.exe PRC - [2005.08.11 20:21:16 | 000,864,256 | ---- | M] (The MathWorks Inc.) -- C:\Programme\MATLAB71\bin\win32\MATLAB.exe PRC - [2005.07.27 13:53:00 | 000,536,576 | ---- | M] () -- C:\Programme\MATLAB71\webserver\bin\win32\matlabserver.exe ========== Modules (No Company Name) ========== MOD - [2012.01.25 11:37:57 | 002,124,760 | ---- | M] () -- C:\Programme\Mozilla Firefox\mozjs.dll MOD - [2011.11.25 10:48:24 | 008,527,008 | ---- | M] () -- C:\Windows\System32\Macromed\Flash\NPSWF32.dll MOD - [2007.09.20 17:34:58 | 000,129,024 | ---- | M] () -- C:\Programme\WinRAR\RarExt.dll MOD - [2007.08.24 13:28:04 | 000,249,856 | ---- | M] () -- C:\Windows\System32\igfxTMM.dll MOD - [2007.06.06 14:34:02 | 000,715,912 | ---- | M] () -- C:\Windows\SMINST\Scheduler.exe MOD - [2007.03.29 12:02:48 | 000,126,976 | ---- | M] () -- C:\Programme\WIDCOMM\Bluetooth Software\BTKeyInd.dll MOD - [2007.03.29 11:42:38 | 000,389,120 | ---- | M] () -- C:\Windows\System32\btwhidcs.dll MOD - [2007.02.15 16:37:00 | 000,446,464 | ---- | M] () -- C:\Windows\SMINST\naspp.dll MOD - [2007.01.17 09:08:34 | 000,009,336 | ---- | M] () -- C:\Programme\Norton Internet Security\Norton AntiVirus\NAVShExt.loc ========== Win32 Services (SafeList) ========== SRV - [2009.08.05 12:46:55 | 000,185,089 | ---- | M] (Avira GmbH) [Auto | Running] -- C:\Program Files\Avira\AntiVir Desktop\avguard.exe -- (AntiVirService) SRV - [2009.06.13 18:51:05 | 000,108,289 | ---- | M] (Avira GmbH) [Auto | Running] -- C:\Program Files\Avira\AntiVir Desktop\sched.exe -- (AntiVirSchedulerService) SRV - [2009.06.05 03:13:20 | 000,077,944 | ---- | M] (Autodesk) [On_Demand | Stopped] -- C:\Program Files\Common Files\Autodesk Shared\Service\AdskScSrv.exe -- (Autodesk Licensing Service) SRV - [2009.01.26 14:31:10 | 001,153,368 | ---- | M] (Safer Networking Ltd.) [Auto | Running] -- C:\Programme\Spybot - Search & Destroy\SDWinSec.exe -- (SBSDWSCService) SRV - [2008.07.04 11:52:18 | 000,014,336 | ---- | M] (Vodafone) [Auto | Running] -- C:\Program Files\Vodafone\Vodafone Mobile Connect\Bin\VMCService.exe -- (VMCService) SRV - [2008.04.19 12:42:33 | 001,251,720 | ---- | M] () [On_Demand | Running] -- C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe -- (Symantec Core LC) SRV - [2008.01.29 17:38:32 | 000,583,048 | ---- | M] (Symantec Corporation) [Auto | Stopped] -- C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe -- (LiveUpdate Notice Service) SRV - [2008.01.19 08:38:24 | 000,272,952 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Programme\Windows Defender\MpSvc.dll -- (WinDefend) SRV - [2008.01.16 08:51:44 | 000,030,312 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files\Microsoft Small Business\Business Contact Manager\BcmSqlStartupSvc.exe -- (BcmSqlStartupSvc) SRV - [2007.09.26 09:53:56 | 002,999,664 | ---- | M] (Symantec Corporation) [On_Demand | Stopped] -- C:\Programme\Symantec\LiveUpdate\LuComServer_3_2.EXE -- (LiveUpdate) SRV - [2007.09.26 09:53:56 | 000,554,352 | ---- | M] (Symantec Corporation) [Auto | Running] -- C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe -- (Automatisches LiveUpdate - Scheduler) SRV - [2007.07.24 10:15:14 | 000,185,632 | ---- | M] (Protexis Inc.) [Auto | Running] -- c:\Program Files\Common Files\Protexis\License Service\PsiService_2.exe -- (PSI_SVC_2) SRV - [2007.06.08 09:06:42 | 000,172,131 | R--- | M] (Hewlett-Packard Ltd) [On_Demand | Stopped] -- C:\Windows\System32\flcdlock.exe -- (FLCDLOCK) SRV - [2007.04.16 02:00:06 | 000,009,216 | ---- | M] (Agere Systems) [Auto | Running] -- C:\Windows\System32\agrsmsvc.exe -- (AgereModemAudio) SRV - [2007.03.05 10:30:06 | 000,110,592 | ---- | M] (Hewlett-Packard Development Company, L.P.) [On_Demand | Stopped] -- C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\Com4Qlb.exe -- (Com4Qlb) SRV - [2007.02.06 07:44:24 | 000,069,632 | ---- | M] (Andrea Electronics Corporation) [Auto | Running] -- C:\Windows\System32\AEADISRV.EXE -- (AEADIFilters) SRV - [2007.01.13 16:11:06 | 000,080,504 | ---- | M] (Symantec Corporation) [On_Demand | Stopped] -- C:\Program Files\Norton Internet Security\isPwdSvc.exe -- (ISPwdSvc) SRV - [2007.01.12 12:40:58 | 000,049,248 | ---- | M] (Symantec Corporation) [On_Demand | Stopped] -- C:\Program Files\Common Files\Symantec Shared\VAScanner\comHost.exe -- (comHost) SRV - [2007.01.09 14:59:32 | 000,108,648 | ---- | M] (Symantec Corporation) [Auto | Running] -- C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe -- (LiveUpdate Notice Ex) SRV - [2007.01.09 14:59:32 | 000,108,648 | ---- | M] (Symantec Corporation) [Auto | Running] -- C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe -- (CLTNetCnService) SRV - [2007.01.09 14:59:32 | 000,108,648 | ---- | M] (Symantec Corporation) [Auto | Running] -- C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe -- (ccSetMgr) SRV - [2007.01.09 14:59:32 | 000,108,648 | ---- | M] (Symantec Corporation) [Auto | Running] -- C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe -- (ccEvtMgr) SRV - [2007.01.04 18:48:52 | 000,112,152 | R--- | M] (InterVideo) [Auto | Running] -- C:\Programme\Common Files\InterVideo\RegMgr\iviRegMgr.exe -- (IviRegMgr) SRV - [2007.01.04 17:19:28 | 000,047,712 | ---- | M] (Symantec Corporation) [Auto | Running] -- C:\Program Files\Common Files\Symantec Shared\AppCore\AppSvc32.exe -- (SymAppCore) SRV - [2005.07.27 13:53:00 | 000,536,576 | ---- | M] () [Auto | Running] -- C:\Programme\MATLAB71\webserver\bin\win32\matlabserver.exe -- (matlabserver) ========== Driver Services (SafeList) ========== DRV - [2011.06.21 14:05:52 | 000,037,920 | ---- | M] (RapidSolution Software AG) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\tbhsd.sys -- (tbhsd) DRV - [2009.12.07 19:15:39 | 000,056,816 | ---- | M] (Avira GmbH) [File_System | Auto | Running] -- C:\Windows\System32\drivers\avgntflt.sys -- (avgntflt) DRV - [2009.08.03 18:07:12 | 000,038,448 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\Drivers\SYMNDISV.SYS -- (SYMNDISV) DRV - [2009.08.03 18:07:10 | 000,188,080 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\Windows\System32\Drivers\SYMTDI.SYS -- (SYMTDI) DRV - [2009.08.03 18:07:10 | 000,145,968 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\Drivers\SYMFW.SYS -- (SYMFW) DRV - [2009.08.03 18:07:10 | 000,039,856 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\Drivers\SYMIDS.SYS -- (SYMIDS) DRV - [2009.08.03 18:07:10 | 000,026,416 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\Drivers\SYMREDRV.SYS -- (SYMREDRV) DRV - [2009.08.03 18:07:10 | 000,012,720 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\Drivers\SYMDNS.SYS -- (SYMDNS) DRV - [2009.06.13 18:51:05 | 000,096,104 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\Windows\System32\drivers\avipbb.sys -- (avipbb) DRV - [2009.06.13 18:51:05 | 000,028,520 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\Windows\System32\drivers\ssmdrv.sys -- (ssmdrv) DRV - [2009.02.13 10:35:01 | 000,011,608 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\Programme\Avira\AntiVir Desktop\avgio.sys -- (avgio) DRV - [2009.01.06 11:33:58 | 000,124,464 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\SYMEVENT.SYS -- (SymEvent) DRV - [2008.06.13 09:00:00 | 000,856,336 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\ProgramData\Symantec\Definitions\VirusDefs\20080619.003\NAVEX15.SYS -- (NAVEX15) DRV - [2008.06.13 09:00:00 | 000,089,936 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\ProgramData\Symantec\Definitions\VirusDefs\20080619.003\NAVENG.SYS -- (NAVENG) DRV - [2008.04.17 10:54:54 | 000,385,072 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\Programme\Common Files\Symantec Shared\EENGINE\eeCtrl.sys -- (eeCtrl) DRV - [2008.04.17 10:54:54 | 000,109,616 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\Programme\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys -- (EraserUtilRebootDrv) DRV - [2008.04.04 16:47:34 | 000,261,680 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\ProgramData\Symantec\Definitions\SymcData\idsdefs\20080617.001\IDSvix86.sys -- (IDSvix86) DRV - [2008.03.17 10:05:30 | 000,101,632 | ---- | M] (Huawei Technologies Co., Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\ewusbmdm.sys -- (hwdatacard) DRV - [2007.11.30 22:57:12 | 000,317,616 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\srtspl.sys -- (SRTSPL) DRV - [2007.11.30 22:57:12 | 000,279,088 | ---- | M] (Symantec Corporation) [File_System | System | Running] -- C:\Windows\System32\drivers\srtsp.sys -- (SRTSP) DRV - [2007.11.30 22:57:12 | 000,043,696 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\Windows\System32\drivers\srtspx.sys -- (SRTSPX) DRV - [2007.09.14 16:42:04 | 002,222,080 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\NETw4v32.sys -- (NETw4v32) Intel(R) DRV - [2007.06.08 08:49:46 | 000,030,008 | R--- | M] (Hewlett-Packard Development Company L.P.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\DAMDrv.sys -- (DAMDrv) DRV - [2007.05.24 15:07:18 | 000,223,616 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\e1e6032.sys -- (e1express) Intel(R) DRV - [2007.04.16 02:00:06 | 001,161,152 | ---- | M] (Agere Systems) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\AGRSM.sys -- (AgereSoftModem) DRV - [2007.04.14 01:49:32 | 000,418,104 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\Programme\Common Files\Symantec Shared\SPBBC\SPBBCDrv.sys -- (SPBBCDrv) DRV - [2006.11.30 11:24:58 | 000,008,192 | ---- | M] (Hewlett-Packard Development Company, L.P.) [Kernel | System | Running] -- C:\Windows\System32\drivers\eabfiltr.sys -- (eabfiltr) DRV - [2006.11.02 08:36:43 | 002,028,032 | ---- | M] (ATI Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\atikmdag.sys -- (R300) DRV - [2006.11.02 08:30:53 | 000,045,056 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\bcm4sbxp.sys -- (bcm4sbxp) DRV - [2006.11.02 02:50:52 | 000,128,104 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\System32\drivers\WimFltr.sys -- (WimFltr) DRV - [2006.06.28 10:54:00 | 000,009,472 | ---- | M] (Hewlett-Packard Development Company, L.P.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\CPQBttn.sys -- (HBtnKey) ========== Standard Registry (SafeList) ========== ========== Internet Explorer ========== IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = %SystemRoot%\system32\blank.htm IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.msn.com/ IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = about:blank IE - HKLM\..\URLSearchHook: {8dbb6d8e-e4a6-4e3b-9753-af78b226441c} - C:\Programme\Softonic_Deutsch\prxtbSof0.dll (Conduit Ltd.) IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = about:blank IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,StartPageCache = 1 IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 ========== FireFox ========== FF - prefs.js..browser.search.defaultengine: "Ask.com" FF - prefs.js..browser.search.defaultenginename: "Facemoods Search" FF - prefs.js..browser.search.order.1: "GMX Suche" FF - prefs.js..browser.search.order.2: "1und1 Suche" FF - prefs.js..browser.search.order.3: "amazon.de" FF - prefs.js..browser.search.order.4: "WEB.DE Suche" FF - prefs.js..browser.search.selectedEngine: "Google" FF - prefs.js..browser.search.suggest.enabled: false FF - prefs.js..browser.search.update: false FF - prefs.js..browser.search.useDBForOrder: true FF - prefs.js..browser.startup.homepage: "hxxp://start.facemoods.com/?a=ddrnw" FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}:6.0.20 FF - prefs.js..extensions.enabledItems: {AB2CE124-6272-4b12-94A9-7303C7397BD1}:4.2.0.5198 FF - prefs.js..extensions.enabledItems: {d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}:1.3.2 FF - prefs.js..extensions.enabledItems: {872b5b88-9db5-4310-bdd0-ac189557e5f5}:2.7.2.0 FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA}:6.0.23 FF - prefs.js..keyword.URL: "hxxp://go.web.de/suchbox/webdesuche?su=" FF - prefs.js..network.proxy.autoconfig_url: "hxxp://autoproxy.aub.edu.lb/autoproxy.pac" FF - prefs.js..network.proxy.type: 2 FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF32.dll () FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=: File not found FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll () FF - HKLM\Software\MozillaPlugins\@divx.com/DivX Browser Plugin,version=1.0.0: C:\Program Files\DivX\DivX Plus Web Player\npdivx32.dll (DivX,Inc.) FF - HKLM\Software\MozillaPlugins\@divx.com/DivX Player Plugin,version=1.0.0: C:\Program Files\DivX\DivX Player\npDivxPlayerPlugin.dll File not found FF - HKLM\Software\MozillaPlugins\@divx.com/DivX VOD Helper,version=1.0.0: C:\Program Files\DivX\DivX OVS Helper\npovshelper.dll (DivX, LLC.) FF - HKLM\Software\MozillaPlugins\@Google.com/GoogleEarthPlugin: C:\Program Files\Google\Google Earth\plugin\npgeplugin.dll (Google) FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files\Java\jre6\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.) FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files\Microsoft Silverlight\4.0.60831.0\npctrl.dll ( Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@pack.google.com/Google Updater;version=14: C:\Program Files\Google\Google Updater\2.4.2432.1652\npCIDetect14.dll (Google) FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files\Google\Update\1.3.21.99\npGoogleUpdate3.dll (Google Inc.) FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files\Google\Update\1.3.21.99\npGoogleUpdate3.dll (Google Inc.) FF - HKCU\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF32.dll () FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{8AA36F4F-6DC7-4c06-77AF-5035170634FE}: C:\ProgramData\Swiss Academic Software\Citavi Picker\Firefox [2011.05.21 13:58:05 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 9.0.1\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2012.01.25 11:38:01 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 9.0.1\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2011.09.17 13:09:37 | 000,000,000 | ---D | M] FF - HKEY_CURRENT_USER\software\mozilla\Firefox\extensions\\{184AA5E6-741D-464a-820E-94B3ABC2F3B4}: C:\Users\[...]\AppData\Roaming\5015 [2011.04.10 20:41:20 | 000,000,000 | ---D | M] [2009.08.03 03:01:08 | 000,000,000 | ---D | M] (No name found) -- C:\Users\[...]\AppData\Roaming\mozilla\Extensions [2009.08.03 03:01:08 | 000,000,000 | ---D | M] (No name found) -- C:\Users\[...]\AppData\Roaming\mozilla\Extensions\mozswing@mozswing.org [2012.01.25 15:42:17 | 000,000,000 | ---D | M] (No name found) -- C:\Users\[...]\AppData\Roaming\mozilla\Firefox\Profiles\ostw0k4k.default\extensions [2011.01.23 13:58:54 | 000,000,000 | ---D | M] (DVDVideoSoftTB Toolbar) -- C:\Users\[...]\AppData\Roaming\mozilla\Firefox\Profiles\ostw0k4k.default\extensions\{872b5b88-9db5-4310-bdd0-ac189557e5f5} [2010.02.06 13:42:16 | 000,000,000 | ---D | M] (ImTranslator) -- C:\Users\[...]\AppData\Roaming\mozilla\Firefox\Profiles\ostw0k4k.default\extensions\{9AA46F4F-4DC7-4c06-97AF-5035170634FE} [2011.07.23 19:32:20 | 000,000,000 | ---D | M] ("DVDVideoSoft Menu") -- C:\Users\[...]\AppData\Roaming\mozilla\Firefox\Profiles\ostw0k4k.default\extensions\{ACAA314B-EEBA-48e4-AD47-84E31C44796C} [2010.02.22 13:35:28 | 000,000,000 | ---D | M] (Ask Toolbar) -- C:\Users\[...]\AppData\Roaming\mozilla\Firefox\Profiles\ostw0k4k.default\extensions\toolbar@ask.com [2011.05.29 10:51:30 | 000,000,000 | ---D | M] (Zotero) -- C:\Users\[...]\AppData\Roaming\mozilla\Firefox\Profiles\ostw0k4k.default\extensions\zotero@chnm.gmu.edu [2011.05.29 10:54:53 | 000,000,000 | ---D | M] (Zotero WinWord Integration) -- C:\Users\[...]\AppData\Roaming\mozilla\Firefox\Profiles\ostw0k4k.default\extensions\zoteroWinWordIntegration@zotero.org [2010.02.04 16:45:40 | 000,002,254 | ---- | M] () -- C:\Users\[...]\AppData\Roaming\Mozilla\Firefox\Profiles\ostw0k4k.default\searchplugins\askcom.xml [2012.01.25 11:38:15 | 000,000,000 | ---D | M] (No name found) -- C:\Programme\Mozilla Firefox\extensions [2011.10.22 17:46:16 | 000,000,000 | ---D | M] (Skype Click to Call) -- C:\Programme\Mozilla Firefox\extensions\{82AF8DCA-6DE9-405D-BD5E-43525BDAD38A} [2010.01.28 00:16:35 | 000,000,000 | ---D | M] (Update Notifier) -- C:\Programme\Mozilla Firefox\extensions\{95f24680-9e31-11da-a746-0800200c9a66} [2010.01.28 00:16:35 | 000,000,000 | ---D | M] (WEB.DE Firefox Addon) -- C:\Programme\Mozilla Firefox\extensions\{a82d0125-000a-4a57-abbc-5d4b0dbaab54} [2009.02.01 22:53:47 | 000,000,000 | ---D | M] (PDFCreator Toolbar) -- C:\PROGRAM FILES\PDFCREATOR TOOLBAR\V3.3.0.1\FIREFOX [2011.04.10 20:41:20 | 000,000,000 | ---D | M] (Java String Helper) -- C:\USERS\[...]\APPDATA\ROAMING\5015 () (No name found) -- C:\USERS\[...]\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\OSTW0K4K.DEFAULT\EXTENSIONS\{D10D0BF8-F5B5-C8B4-A8B2-2B9879E08C5D}.XPI [2009.09.02 02:01:03 | 000,000,000 | ---D | M] (Microsoft .NET Framework Assistant) -- C:\WINDOWS\MICROSOFT.NET\FRAMEWORK\V3.5\WINDOWS PRESENTATION FOUNDATION\DOTNETASSISTANTEXTENSION [2012.01.25 11:38:00 | 000,121,816 | ---- | M] (Mozilla Foundation) -- C:\Program Files\mozilla firefox\components\browsercomps.dll [2010.11.12 18:53:06 | 000,472,808 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\mozilla firefox\plugins\npdeployJava1.dll [2012.01.25 11:37:52 | 000,001,392 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\amazondotcom-de.xml [2012.01.25 11:37:52 | 000,002,252 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\bing.xml [2012.01.25 11:37:52 | 000,001,153 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\eBay-de.xml [2012.01.25 11:37:52 | 000,006,805 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\leo_ende_de.xml [2012.01.25 11:37:52 | 000,001,178 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\wikipedia-de.xml [2012.01.25 11:37:52 | 000,001,105 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\yahoo-de.xml O1 HOSTS File: ([2011.04.12 18:25:25 | 000,431,550 | R--- | M]) - C:\Windows\System32\drivers\etc\hosts O1 - Hosts: 127.0.0.1 www.007guard.com O1 - Hosts: 127.0.0.1 007guard.com O1 - Hosts: 127.0.0.1 008i.com O1 - Hosts: 127.0.0.1 www.008k.com O1 - Hosts: 127.0.0.1 008k.com O1 - Hosts: 127.0.0.1 www.00hq.com O1 - Hosts: 127.0.0.1 00hq.com O1 - Hosts: 127.0.0.1 010402.com O1 - Hosts: 127.0.0.1 www.032439.com O1 - Hosts: 127.0.0.1 032439.com O1 - Hosts: 127.0.0.1 www.0scan.com O1 - Hosts: 127.0.0.1 0scan.com O1 - Hosts: 127.0.0.1 1000gratisproben.com O1 - Hosts: 127.0.0.1 www.1000gratisproben.com O1 - Hosts: 127.0.0.1 1001namen.com O1 - Hosts: 127.0.0.1 www.1001namen.com O1 - Hosts: 127.0.0.1 100888290cs.com O1 - Hosts: 127.0.0.1 www.100888290cs.com O1 - Hosts: 127.0.0.1 www.100sexlinks.com O1 - Hosts: 127.0.0.1 100sexlinks.com O1 - Hosts: 127.0.0.1 10sek.com O1 - Hosts: 127.0.0.1 www.10sek.com O1 - Hosts: 127.0.0.1 www.1-2005-search.com O1 - Hosts: 127.0.0.1 1-2005-search.com O1 - Hosts: 127.0.0.1 123fporn.info O1 - Hosts: 14880 more lines... O2 - BHO: (Adobe PDF Reader) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Programme\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll (Adobe Systems Incorporated) O2 - BHO: (Reg Error: Value error.) - {1E8A6170-7264-4D0F-BEAE-D42A53123C75} - C:\Programme\Common Files\Symantec Shared\coShared\Browser\1.5\NppBHO.dll (Symantec Corporation) O2 - BHO: (Conduit Engine ) - {30F9B915-B755-4826-820B-08FBA6BD249D} - C:\Programme\ConduitEngine\prxConduitEngine.dll (Conduit Ltd.) O2 - BHO: (Spybot-S&D IE Protection) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Programme\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited) O2 - BHO: (Groove GFS Browser Helper) - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Programme\Microsoft Office\Office12\GrooveShellExtensions.dll (Microsoft Corporation) O2 - BHO: (AOL Toolbar Launcher) - {7C554162-8CB7-45A4-B8F4-8EA1C75885F9} - C:\Programme\AOL\AOL Toolbar 5.0\aoltb.dll (AOL LLC) O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - No CLSID value found. O2 - BHO: (Softonic Deutsch Toolbar) - {8dbb6d8e-e4a6-4e3b-9753-af78b226441c} - C:\Programme\Softonic_Deutsch\prxtbSof0.dll (Conduit Ltd.) O2 - BHO: (Skype Browser Helper) - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Programme\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.) O2 - BHO: (Google Toolbar Notifier BHO) - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Programme\Google\GoogleToolbarNotifier\5.2.4204.1700\swg.dll (Google Inc.) O2 - BHO: (PDFCreator Toolbar Helper) - {C451C08A-EC37-45DF-AAAD-18B51AB5E837} - C:\Programme\PDFCreator Toolbar\v3.3.0.1\PDFCreator_Toolbar.dll () O2 - BHO: (Ask Toolbar) - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Programme\Ask.com\GenericAskToolbar.dll (Ask.com) O3 - HKLM\..\Toolbar: (PDFCreator Toolbar) - {31CF9EBE-5755-4A1D-AC25-2834D952D9B4} - C:\Programme\PDFCreator Toolbar\v3.3.0.1\PDFCreator_Toolbar.dll () O3 - HKLM\..\Toolbar: (Softonic Deutsch Toolbar) - {8dbb6d8e-e4a6-4e3b-9753-af78b226441c} - C:\Programme\Softonic_Deutsch\prxtbSof0.dll (Conduit Ltd.) O3 - HKLM\..\Toolbar: (Show Norton Toolbar) - {90222687-F593-4738-B738-FBEE9C7B26DF} - C:\Programme\Common Files\Symantec Shared\coShared\Browser\1.5\UIBHO.dll (Symantec Corporation) O3 - HKLM\..\Toolbar: (Ask Toolbar) - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Programme\Ask.com\GenericAskToolbar.dll (Ask.com) O3 - HKLM\..\Toolbar: (AOL Toolbar) - {DE9C389F-3316-41A7-809B-AA305ED9D922} - C:\Programme\AOL\AOL Toolbar 5.0\aoltb.dll (AOL LLC) O3 - HKCU\..\Toolbar\WebBrowser: (PDFCreator Toolbar) - {31CF9EBE-5755-4A1D-AC25-2834D952D9B4} - C:\Programme\PDFCreator Toolbar\v3.3.0.1\PDFCreator_Toolbar.dll () O3 - HKCU\..\Toolbar\WebBrowser: (Softonic Deutsch Toolbar) - {8DBB6D8E-E4A6-4E3B-9753-AF78B226441C} - C:\Programme\Softonic_Deutsch\prxtbSof0.dll (Conduit Ltd.) O3 - HKCU\..\Toolbar\WebBrowser: (Ask Toolbar) - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Programme\Ask.com\GenericAskToolbar.dll (Ask.com) O3 - HKCU\..\Toolbar\WebBrowser: (AOL Toolbar) - {DE9C389F-3316-41A7-809B-AA305ED9D922} - C:\Programme\AOL\AOL Toolbar 5.0\aoltb.dll (AOL LLC) O4 - HKLM..\Run: [] File not found O4 - HKLM..\Run: [Malwarebytes' Anti-Malware (reboot)] C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe (Malwarebytes Corporation) O4 - HKLM..\Run: [MobileConnect] C:\Program Files\Vodafone\Vodafone Mobile Connect\Bin\MobileConnect.exe (Vodafone) O4 - HKCU..\Run: [EPSON Stylus DX4400 Series] C:\Windows\System32\spool\DRIVERS\W32X86\3\E_FATICAE.EXE (SEIKO EPSON CORPORATION) O4 - HKCU..\Run: [SpybotSD TeaTimer] C:\Programme\Spybot - Search & Destroy\TeaTimer.exe (Safer-Networking Ltd.) O4 - HKLM..\RunOnce: [ Malwarebytes Anti-Malware ] C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe (Malwarebytes Corporation) O4 - HKLM..\RunOnce: [ST Recovery Launcher] C:\Windows\SMINST\Launcher.exe (soft thinks) O8 - Extra context menu item: &AOL Toolbar-Suche - c:\Programme\AOL\AOL Toolbar 5.0\resources\de-DE\local\search.html () O8 - Extra context menu item: &Citavi Picker... - C:\ProgramData\Swiss Academic Software\Citavi Picker\Internet Explorer\ShowContextMenu.html () O8 - Extra context menu item: Bild an &Bluetooth-Gerät senden... - C:\Programme\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm () O8 - Extra context menu item: Free YouTube to MP3 Converter - C:\Users\[...]\AppData\Roaming\DVDVideoSoftIEHelpers\freeyoutubetomp3converter.htm () O8 - Extra context menu item: Nach Microsoft E&xel exportieren - C:\Programme\Microsoft Office\Office12\EXCEL.EXE (Microsoft Corporation) O8 - Extra context menu item: Seite an &Bluetooth-Gerät senden... - C:\Programme\WIDCOMM\Bluetooth Software\btsendto_ie.htm () O9 - Extra Button: An OneNote senden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Programme\Microsoft Office\Office12\ONBttnIE.dll (Microsoft Corporation) O9 - Extra 'Tools' menuitem : An OneNote s&enden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Programme\Microsoft Office\Office12\ONBttnIE.dll (Microsoft Corporation) O9 - Extra Button: AOL Toolbar - {3369AF0D-62E9-4bda-8103-B4C75499B578} - C:\Programme\AOL\AOL Toolbar 5.0\aoltb.dll (AOL LLC) O9 - Extra Button: Skype Click to Call - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Programme\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.) O9 - Extra 'Tools' menuitem : Skype Click to Call - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Programme\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.) O9 - Extra Button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\Programme\Microsoft Office\Office12\REFIEBAR.DLL (Microsoft Corporation) O9 - Extra Button: @btrez.dll,-4015 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Programme\WIDCOMM\Bluetooth Software\btsendto_ie.htm () O9 - Extra 'Tools' menuitem : @btrez.dll,-12650 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Programme\WIDCOMM\Bluetooth Software\btsendto_ie.htm () O9 - Extra 'Tools' menuitem : Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Programme\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited) O10 - NameSpace_Catalog5\Catalog_Entries\000000000005 [] - C:\Programme\Bonjour\mdnsNSP.dll (Apple Inc.) O13 - gopher Prefix: missing O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_23-windows-i586.cab (Java Plug-in 1.6.0_23) O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.178.1 O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{09A022CC-735A-4E8E-A75D-82101EB772DA}: DhcpNameServer = 192.168.178.1 O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{E3A5A8A1-54F1-4DE8-B1C0-EF2C55B41FA2}: NameServer = 193.188.130.35 O18 - Protocol\Handler\grooveLocalGWS {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\Programme\Microsoft Office\Office12\GrooveSystemServices.dll (Microsoft Corporation) O18 - Protocol\Handler\livecall {828030A1-22C1-4009-854F-8E305202313F} - C:\Programme\Windows Live\Messenger\msgrapp.8.5.1302.1018.dll (Microsoft Corporation) O18 - Protocol\Handler\ms-help {314111c7-a502-11d2-bbca-00c04f8ec294} - C:\Programme\Common Files\microsoft shared\Help\hxds.dll (Microsoft Corporation) O18 - Protocol\Handler\msnim {828030A1-22C1-4009-854F-8E305202313F} - C:\Programme\Windows Live\Messenger\msgrapp.8.5.1302.1018.dll (Microsoft Corporation) O18 - Protocol\Handler\mso-offdap11 {32505114-5902-49B2-880A-1F7738E5A384} - C:\Programme\Common Files\microsoft shared\Web Components\11\OWC11.DLL (Microsoft Corporation) O18 - Protocol\Handler\skype-ie-addon-data {91774881-D725-4E58-B298-07617B9B86A8} - C:\Programme\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.) O18 - Protocol\Handler\wlmailhtml {03C514A3-1EFB-4856-9F99-10D7BE1653C0} - C:\Programme\Windows Live\Mail\mailcomm.dll (Microsoft Corporation) O18 - Protocol\Filter\text/xml {807563E5-5146-11D5-A672-00B0D022E945} - C:\Programme\Common Files\microsoft shared\OFFICE12\MSOXMLMF.DLL (Microsoft Corporation) O20 - HKLM Winlogon: Shell - (Explorer.exe) -C:\Windows\explorer.exe (Microsoft Corporation) O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) -C:\Windows\System32\userinit.exe (Microsoft Corporation) O20 - Winlogon\Notify\DeviceNP: DllName - (DeviceNP.dll) - C:\Windows\System32\DeviceNP.dll (Hewlett-Packard Limited) O24 - Desktop WallPaper: C:\Users\[...]\AppData\Roaming\Microsoft\Windows Photo Gallery\Hintergrundbild der Windows-Fotogalerie.jpg O24 - Desktop BackupWallPaper: C:\Users\[...]\AppData\Roaming\Microsoft\Windows Photo Gallery\Hintergrundbild der Windows-Fotogalerie.jpg O28 - HKLM ShellExecuteHooks: {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - C:\Programme\Microsoft Office\Office12\GrooveShellExtensions.dll (Microsoft Corporation) O32 - HKLM CDRom: AutoRun - 1 O32 - AutoRun File - [2004.04.30 17:01:00 | 000,000,053 | -HS- | M] () - F:\Autorun.inf -- [ NTFS ] O33 - MountPoints2\{10c9078b-dde6-11de-8f67-001e3775b244}\Shell\AutoRun\command - "" = H:\cold\hott\¥¶¾³¿¸¤£ù²¯² O33 - MountPoints2\{10c9078b-dde6-11de-8f67-001e3775b244}\Shell\Explore\Command - "" = H:\cold\hott\¥¶¾³¿¸¤£ù²¯² O33 - MountPoints2\{10c9078b-dde6-11de-8f67-001e3775b244}\Shell\open\command - "" = H:\cold\hott\¥¶¾³¿¸¤£ù²¯² O33 - MountPoints2\{1ef1c5d0-c3ed-11de-98c2-001e3775b244}\Shell\AutoRun\command - "" = H:\cold\hott\¥¶¾³¿¸¤£ù²¯² O33 - MountPoints2\{1ef1c5d0-c3ed-11de-98c2-001e3775b244}\Shell\Explore\Command - "" = H:\cold\hott\¥¶¾³¿¸¤£ù²¯² O33 - MountPoints2\{1ef1c5d0-c3ed-11de-98c2-001e3775b244}\Shell\open\command - "" = H:\cold\hott\¥¶¾³¿¸¤£ù²¯² O33 - MountPoints2\{7bdc0820-e036-11e0-9f88-001e3775b244}\Shell - "" = AutoRun O33 - MountPoints2\{7bdc0820-e036-11e0-9f88-001e3775b244}\Shell\AutoRun\command - "" = H:\setup_vmc_lite.exe /checkApplicationPresence O33 - MountPoints2\{7bdc0829-e036-11e0-9f88-001e3775b244}\Shell - "" = AutoRun O33 - MountPoints2\{7bdc0829-e036-11e0-9f88-001e3775b244}\Shell\AutoRun\command - "" = J:\setup_vmc_lite.exe /checkApplicationPresence O33 - MountPoints2\{8a9d96c0-35f0-11e1-9a8e-001e3775b244}\Shell - "" = AutoRun O33 - MountPoints2\{8a9d96c0-35f0-11e1-9a8e-001e3775b244}\Shell\AutoRun\command - "" = H:\setup_vmc_lite.exe /checkApplicationPresence O33 - MountPoints2\{8a9d96c8-35f0-11e1-9a8e-001e3775b244}\Shell - "" = AutoRun O33 - MountPoints2\{8a9d96c8-35f0-11e1-9a8e-001e3775b244}\Shell\AutoRun\command - "" = I:\setup_vmc_lite.exe /checkApplicationPresence O33 - MountPoints2\{a0e39a87-ffa9-11de-b29d-001e3775b244}\Shell\AutoRun\command - "" = H:\Setup.exe O33 - MountPoints2\{ab0c9288-b87f-11dd-b36d-001e3775b244}\Shell\AutoRun\command - "" = C:\Windows\System32\setupSNK.exe -- [2008.01.19 08:33:29 | 000,013,312 | ---- | M] (Microsoft Corporation) O34 - HKLM BootExecute: (autocheck autochk *) O35 - HKLM\..comfile [open] -- "%1" %* O35 - HKLM\..exefile [open] -- "%1" %* O37 - HKLM\...com [@ = comfile] -- "%1" %* O37 - HKLM\...exe [@ = exefile] -- "%1" %* ========== Files/Folders - Created Within 30 Days ========== [2012.01.11 11:10:25 | 000,023,552 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mciseq.dll [2012.01.11 11:10:19 | 000,066,560 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\packager.dll [2012.01.11 11:10:16 | 000,376,320 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\winsrv.dll [2012.01.11 11:09:47 | 001,314,816 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\quartz.dll [2012.01.11 11:09:47 | 000,497,152 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\qdvd.dll [2011.06.12 13:03:50 | 001,448,752 | ---- | C] (Kaspersky Lab ZAO) -- C:\Program Files\TDSSKiller.exe [2008.04.24 22:20:00 | 000,018,944 | ---- | C] ( ) -- C:\Windows\System32\Implode.dll [1 C:\Windows\System32\*.tmp files -> C:\Windows\System32\*.tmp -> ] [1 C:\Users\[...]\AppData\Roaming\*.tmp files -> C:\Users\[...]\AppData\Roaming\*.tmp -> ] ========== Files - Modified Within 30 Days ========== [2012.01.31 22:40:00 | 000,001,098 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job [2012.01.31 21:31:01 | 000,003,168 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0 [2012.01.31 21:31:01 | 000,003,168 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0 [2012.01.31 14:50:03 | 000,001,052 | ---- | M] () -- C:\Windows\tasks\Google Software Updater.job [2012.01.31 14:08:37 | 000,000,906 | ---- | M] () -- C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk [2012.01.31 11:40:00 | 000,001,094 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job [2012.01.31 09:30:01 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat [2012.01.30 21:16:09 | 000,002,140 | ---- | M] () -- C:\Windows\bthservsdp.dat [2012.01.30 20:02:14 | 000,000,592 | ---- | M] () -- C:\Windows\tasks\Norton Internet Security - Systemprüfung ausführen - [...].job [2012.01.30 19:05:55 | 000,468,376 | ---- | M] () -- C:\Users\[...]\Desktop\Musterformular_FriedrEbertstf.pdf [2012.01.30 19:05:30 | 000,146,600 | ---- | M] () -- C:\Users\[...]\Desktop\web_Infoblatt%20Grundfoerderung.pdf [2012.01.14 16:43:35 | 000,700,174 | ---- | M] () -- C:\Windows\System32\perfh007.dat [2012.01.14 16:43:35 | 000,654,882 | ---- | M] () -- C:\Windows\System32\perfh009.dat [2012.01.14 16:43:35 | 000,127,072 | ---- | M] () -- C:\Windows\System32\perfc009.dat [2012.01.14 16:43:34 | 000,156,344 | ---- | M] () -- C:\Windows\System32\perfc007.dat [2012.01.13 21:41:20 | 000,074,374 | ---- | M] () -- C:\Users\[...]\Desktop\corp0222.pdf [2012.01.11 14:58:22 | 000,036,352 | ---- | M] () -- C:\Users\[...]\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini [1 C:\Windows\System32\*.tmp files -> C:\Windows\System32\*.tmp -> ] [1 C:\Users\[...]\AppData\Roaming\*.tmp files -> C:\Users\[...]\AppData\Roaming\*.tmp -> ] ========== Files Created - No Company Name ========== [2012.01.30 19:05:55 | 000,468,376 | ---- | C] () -- C:\Users\[...]\Desktop\Musterformular_FriedrEbertstf.pdf [2012.01.30 19:05:30 | 000,146,600 | ---- | C] () -- C:\Users\[...]\Desktop\web_Infoblatt%20Grundfoerderung.pdf [2012.01.13 21:41:20 | 000,074,374 | ---- | C] () -- C:\Users\[...]\Desktop\corp0222.pdf [2011.07.23 11:26:25 | 000,000,080 | ---- | C] () -- C:\Windows\matlab.ini [2011.04.19 10:11:56 | 000,301,568 | ---- | C] () -- C:\Program Files\g6wkvncr.exe [2010.11.09 13:18:19 | 000,105,582 | ---- | C] () -- C:\Program Files\Uninstall-LyX.exe [2010.08.01 17:08:39 | 000,000,118 | ---- | C] () -- C:\Windows\WinInit.ini [2009.10.20 21:07:18 | 000,117,248 | ---- | C] () -- C:\Windows\System32\EhStorAuthn.dll [2009.10.20 21:07:18 | 000,107,612 | ---- | C] () -- C:\Windows\System32\StructuredQuerySchema.bin [2009.10.20 21:05:20 | 000,062,976 | ---- | C] () -- C:\Windows\System32\PrintBrmUi.exe [2009.09.11 02:56:55 | 000,081,920 | ---- | C] () -- C:\Windows\ASR32311.DLL [2009.06.07 19:58:09 | 000,000,056 | -H-- | C] () -- C:\ProgramData\ezsidmv.dat [2009.02.01 22:53:16 | 000,116,224 | ---- | C] () -- C:\Windows\System32\pdfcmnnt.dll [2009.01.08 21:20:54 | 000,000,098 | ---- | C] () -- C:\Users\[...]\AppData\Local\fusioncache.dat [2008.11.06 17:37:32 | 003,596,288 | ---- | C] () -- C:\Windows\System32\qt-dx331.dll [2008.10.06 20:08:19 | 000,018,904 | ---- | C] () -- C:\Windows\System32\StructuredQuerySchemaTrivial.bin [2008.07.28 11:20:04 | 000,000,680 | ---- | C] () -- C:\Users\[...]\AppData\Local\d3d9caps.dat [2008.06.29 15:59:57 | 000,024,206 | ---- | C] () -- C:\Users\[...]\AppData\Roaming\UserTile.png [2008.06.23 12:02:02 | 000,097,410 | R--- | C] () -- C:\ProgramData\DeviceManager.xml.rc4 [2008.05.29 20:50:23 | 000,000,088 | RHS- | C] () -- C:\ProgramData\46411382A6.sys [2008.05.29 20:50:22 | 000,002,828 | -HS- | C] () -- C:\ProgramData\KGyGaAvL.sys [2008.05.23 16:48:50 | 000,020,270 | ---- | C] () -- C:\ProgramData\DeviceInstaller.xml [2008.04.25 14:42:37 | 000,001,160 | ---- | C] () -- C:\Windows\mozver.dat [2008.04.25 14:14:41 | 000,000,000 | ---- | C] () -- C:\Windows\nsreg.dat [2008.04.24 22:20:06 | 000,204,848 | ---- | C] () -- C:\Windows\System32\gswin32c.exe [2008.04.24 22:20:00 | 000,748,160 | ---- | C] () -- C:\Windows\System32\Co2c40en.dll [2008.04.24 22:20:00 | 000,054,272 | ---- | C] () -- C:\Windows\System32\P2irdao.dll [2008.04.24 22:20:00 | 000,050,176 | ---- | C] () -- C:\Windows\System32\P2ctdao.dll [2008.04.20 20:42:02 | 000,036,352 | ---- | C] () -- C:\Users\[...]\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini [2008.04.20 20:12:11 | 000,111,932 | ---- | C] () -- C:\Windows\System32\EPPICPrinterDB.dat [2008.04.20 20:12:11 | 000,031,053 | ---- | C] () -- C:\Windows\System32\EPPICPattern131.dat [2008.04.20 20:12:11 | 000,027,417 | ---- | C] () -- C:\Windows\System32\EPPICPattern121.dat [2008.04.20 20:12:11 | 000,026,154 | ---- | C] () -- C:\Windows\System32\EPPICPattern1.dat [2008.04.20 20:12:11 | 000,024,903 | ---- | C] () -- C:\Windows\System32\EPPICPattern3.dat [2008.04.20 20:12:11 | 000,021,390 | ---- | C] () -- C:\Windows\System32\EPPICPattern5.dat [2008.04.20 20:12:11 | 000,020,148 | ---- | C] () -- C:\Windows\System32\EPPICPattern2.dat [2008.04.20 20:12:11 | 000,011,811 | ---- | C] () -- C:\Windows\System32\EPPICPattern4.dat [2008.04.20 20:12:11 | 000,004,943 | ---- | C] () -- C:\Windows\System32\EPPICPattern6.dat [2008.04.20 20:12:11 | 000,001,146 | ---- | C] () -- C:\Windows\System32\EPPICPresetData_DU.dat [2008.04.20 20:12:11 | 000,001,139 | ---- | C] () -- C:\Windows\System32\EPPICPresetData_PT.dat [2008.04.20 20:12:11 | 000,001,139 | ---- | C] () -- C:\Windows\System32\EPPICPresetData_BP.dat [2008.04.20 20:12:11 | 000,001,136 | ---- | C] () -- C:\Windows\System32\EPPICPresetData_ES.dat [2008.04.20 20:12:11 | 000,001,129 | ---- | C] () -- C:\Windows\System32\EPPICPresetData_FR.dat [2008.04.20 20:12:11 | 000,001,129 | ---- | C] () -- C:\Windows\System32\EPPICPresetData_CF.dat [2008.04.20 20:12:11 | 000,001,120 | ---- | C] () -- C:\Windows\System32\EPPICPresetData_IT.dat [2008.04.20 20:12:11 | 000,001,107 | ---- | C] () -- C:\Windows\System32\EPPICPresetData_GE.dat [2008.04.20 20:12:11 | 000,001,104 | ---- | C] () -- C:\Windows\System32\EPPICPresetData_EN.dat [2008.04.20 20:12:11 | 000,000,097 | ---- | C] () -- C:\Windows\System32\PICSDK.ini [2008.04.20 20:04:59 | 000,000,027 | ---- | C] () -- C:\Windows\CDE DX4400DEFGIPS.ini [2008.04.19 10:18:46 | 000,204,800 | ---- | C] () -- C:\Windows\System32\IVIresizeW7.dll [2008.04.19 10:18:46 | 000,200,704 | ---- | C] () -- C:\Windows\System32\IVIresizeA6.dll [2008.04.19 10:18:46 | 000,192,512 | ---- | C] () -- C:\Windows\System32\IVIresizeP6.dll [2008.04.19 10:18:46 | 000,192,512 | ---- | C] () -- C:\Windows\System32\IVIresizeM6.dll [2008.04.19 10:18:46 | 000,188,416 | ---- | C] () -- C:\Windows\System32\IVIresizePX.dll [2008.04.19 10:18:46 | 000,020,480 | ---- | C] () -- C:\Windows\System32\IVIresize.dll [2007.08.24 13:46:48 | 000,147,456 | ---- | C] () -- C:\Windows\System32\igfxCoIn_v1322.dll [2007.08.24 13:38:54 | 001,238,832 | ---- | C] () -- C:\Windows\System32\igmedkrn.dll [2007.08.24 13:38:54 | 000,104,636 | ---- | C] () -- C:\Windows\System32\igmedcompkrn.dll [2007.08.24 13:28:04 | 000,249,856 | ---- | C] () -- C:\Windows\System32\igfxTMM.dll [2007.06.08 09:05:38 | 000,274,432 | ---- | C] () -- C:\Windows\System32\flcdlmsg.dll [2007.03.29 11:42:38 | 000,389,120 | ---- | C] () -- C:\Windows\System32\btwhidcs.dll [2006.11.09 17:45:55 | 000,002,140 | ---- | C] () -- C:\Windows\bthservsdp.dat [2006.11.09 17:45:32 | 000,000,000 | ---- | C] () -- C:\Windows\System32\atiicdxx.dat [2006.11.02 16:42:41 | 000,700,174 | ---- | C] () -- C:\Windows\System32\perfh007.dat [2006.11.02 16:42:41 | 000,290,748 | ---- | C] () -- C:\Windows\System32\perfi007.dat [2006.11.02 16:42:41 | 000,156,344 | ---- | C] () -- C:\Windows\System32\perfc007.dat [2006.11.02 16:42:41 | 000,036,916 | ---- | C] () -- C:\Windows\System32\perfd007.dat [2006.11.02 13:56:48 | 000,067,584 | --S- | C] () -- C:\Windows\bootstat.dat [2006.11.02 13:47:43 | 000,546,152 | ---- | C] () -- C:\Windows\System32\FNTCACHE.DAT [2006.11.02 11:33:01 | 000,654,882 | ---- | C] () -- C:\Windows\System32\perfh009.dat [2006.11.02 11:33:01 | 000,287,440 | ---- | C] () -- C:\Windows\System32\perfi009.dat [2006.11.02 11:33:01 | 000,127,072 | ---- | C] () -- C:\Windows\System32\perfc009.dat [2006.11.02 11:33:01 | 000,030,674 | ---- | C] () -- C:\Windows\System32\perfd009.dat [2006.11.02 11:25:44 | 000,159,744 | ---- | C] () -- C:\Windows\System32\atitmmxx.dll [2006.11.02 11:23:21 | 000,215,943 | ---- | C] () -- C:\Windows\System32\dssec.dat [2006.11.02 09:58:30 | 000,043,131 | ---- | C] () -- C:\Windows\mib.bin [2006.11.02 09:19:00 | 000,000,741 | ---- | C] () -- C:\Windows\System32\NOISE.DAT [2006.11.02 08:40:29 | 000,013,750 | ---- | C] () -- C:\Windows\System32\pacerprf.ini [2006.11.02 08:25:31 | 000,673,088 | ---- | C] () -- C:\Windows\System32\mlang.dat [2006.03.09 11:58:00 | 001,060,424 | ---- | C] () -- C:\Windows\System32\WdfCoInstaller01000.dll [2003.11.17 18:33:38 | 000,090,384 | ---- | C] () -- C:\Windows\System32\ctxsetup.exe [2002.06.28 10:43:44 | 000,438,272 | ---- | C] () -- C:\Windows\System32\xvid.dll [2002.05.16 00:38:40 | 000,091,136 | ---- | C] () -- C:\Windows\System32\mp4fil32.dll [2002.05.04 14:19:00 | 000,049,152 | ---- | C] () -- C:\Windows\System32\avisynthEx.dll [2002.04.21 19:30:14 | 000,151,552 | ---- | C] () -- C:\Windows\System32\OggDS.dll [2002.04.19 15:23:26 | 000,106,137 | ---- | C] () -- C:\Windows\System32\libpostproc.dll [2002.04.19 14:51:04 | 000,211,760 | ---- | C] () -- C:\Windows\System32\libavcodec.dll [2002.04.01 23:16:30 | 000,454,656 | ---- | C] () -- C:\Windows\System32\VorbisEnc.dll [2002.04.01 23:16:14 | 000,118,784 | ---- | C] () -- C:\Windows\System32\vorbis.dll [2002.04.01 23:15:40 | 000,011,264 | ---- | C] () -- C:\Windows\System32\ogg.dll [2002.02.21 17:41:20 | 000,157,184 | ---- | C] () -- C:\Windows\System32\unrar.dll [2001.11.14 12:56:00 | 001,802,240 | ---- | C] () -- C:\Windows\System32\lcppn21.dll [2001.06.22 12:06:02 | 000,167,936 | ---- | C] () -- C:\Windows\System32\MPEG2DEC.dll [1999.11.27 23:00:00 | 000,000,012 | ---- | C] () -- C:\Windows\WordsofDhamma.INI ========== LOP Check ========== [2011.04.10 20:41:20 | 000,000,000 | ---D | M] -- C:\Users\[...]\AppData\Roaming\5015 [2009.06.10 04:26:31 | 000,000,000 | ---D | M] -- C:\Users\[...]\AppData\Roaming\Autodesk [2008.05.10 09:32:36 | 000,000,000 | ---D | M] -- C:\Users\[...]\AppData\Roaming\Dev-Cpp [2011.03.03 20:54:55 | 000,000,000 | ---D | M] -- C:\Users\[...]\AppData\Roaming\digital publishing [2011.12.17 20:58:20 | 000,000,000 | ---D | M] -- C:\Users\[...]\AppData\Roaming\Dropbox [2011.07.23 19:32:19 | 000,000,000 | ---D | M] -- C:\Users\[...]\AppData\Roaming\DVDVideoSoftIEHelpers [2011.07.02 10:56:56 | 000,000,000 | ---D | M] -- C:\Users\[...]\AppData\Roaming\Eddym [2009.11.05 15:43:19 | 000,000,000 | ---D | M] -- C:\Users\[...]\AppData\Roaming\EPSON [2008.10.17 20:18:15 | 000,000,000 | ---D | M] -- C:\Users\[...]\AppData\Roaming\eXPert PDF Editor [2011.03.07 17:56:17 | 000,000,000 | ---D | M] -- C:\Users\[...]\AppData\Roaming\gtk-2.0 [2008.04.19 10:19:47 | 000,000,000 | ---D | M] -- C:\Users\[...]\AppData\Roaming\Hewlett Packard [2008.12.02 13:59:55 | 000,000,000 | ---D | M] -- C:\Users\[...]\AppData\Roaming\ICAClient [2008.09.19 19:58:27 | 000,000,000 | ---D | M] -- C:\Users\[...]\AppData\Roaming\InterVideo [2010.01.31 15:10:23 | 000,000,000 | ---D | M] -- C:\Users\[...]\AppData\Roaming\Karteikartentrainer [2011.04.10 20:40:55 | 000,000,000 | ---D | M] -- C:\Users\[...]\AppData\Roaming\kock [2011.07.01 21:31:51 | 000,000,000 | ---D | M] -- C:\Users\[...]\AppData\Roaming\Kyex [2009.10.08 20:09:06 | 000,000,000 | ---D | M] -- C:\Users\[...]\AppData\Roaming\LimeWire [2010.11.09 13:48:40 | 000,000,000 | ---D | M] -- C:\Users\[...]\AppData\Roaming\LyX16 [2009.01.08 21:30:00 | 000,000,000 | ---D | M] -- C:\Users\[...]\AppData\Roaming\Mathsoft [2010.11.14 16:02:17 | 000,000,000 | ---D | M] -- C:\Users\[...]\AppData\Roaming\mresreg [2009.01.25 14:04:07 | 000,000,000 | ---D | M] -- C:\Users\[...]\AppData\Roaming\OpenOffice.org [2011.04.11 11:09:58 | 000,000,000 | ---D | M] -- C:\Users\[...]\AppData\Roaming\PCFix [2008.06.29 15:59:56 | 000,000,000 | ---D | M] -- C:\Users\[...]\AppData\Roaming\PeerNetworking [2009.02.11 13:56:05 | 000,000,000 | ---D | M] -- C:\Users\[...]\AppData\Roaming\RETScreen [2008.05.29 20:02:01 | 000,000,000 | ---D | M] -- C:\Users\[...]\AppData\Roaming\SampleView [2011.07.20 13:24:06 | 000,000,000 | ---D | M] -- C:\Users\[...]\AppData\Roaming\SumatraPDF [2011.05.21 14:07:06 | 000,000,000 | ---D | M] -- C:\Users\[...]\AppData\Roaming\Swiss Academic Software [2010.07.06 22:43:27 | 000,000,000 | ---D | M] -- C:\Users\[...]\AppData\Roaming\Tinn-R [2011.07.23 19:51:53 | 000,000,000 | ---D | M] -- C:\Users\[...]\AppData\Roaming\TubeBox [2011.04.11 09:13:26 | 000,000,000 | ---D | M] -- C:\Users\[...]\AppData\Roaming\UAs [2008.10.28 18:06:59 | 000,000,000 | ---D | M] -- C:\Users\[...]\AppData\Roaming\Unigraphics Solutions [2011.09.16 09:38:03 | 000,000,000 | ---D | M] -- C:\Users\[...]\AppData\Roaming\Vodafone [2011.06.02 11:40:35 | 000,000,000 | ---D | M] -- C:\Users\[...]\AppData\Roaming\xmldm [2012.01.30 21:16:03 | 000,032,582 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT ========== Purity Check ========== ========== Alternate Data Streams ========== @Alternate Data Stream - 64 bytes -> C:\Users\[...]\Documents\www.torrent.to...Princesas.DVDRiP.MD.German.MVCD.mpg:TOC.WMV < End of report > [\code] OTL Logfile: Code:
ATTFilter OTL Extras logfile created on: 31.01.2012 22:45:59 - Run 1
OTL by OldTimer - Version 3.2.31.0 Folder = C:\Users\[...]\Downloads
Windows Vista Business Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation
Internet Explorer (Version = 7.0.6002.18005)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
1,99 Gb Total Physical Memory | 0,58 Gb Available Physical Memory | 29,34% Memory free
4,22 Gb Paging File | 2,15 Gb Available in Paging File | 50,90% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 223,38 Gb Total Space | 47,79 Gb Free Space | 21,39% Space Free | Partition Type: NTFS
Drive E: | 1,55 Gb Total Space | 1,02 Gb Free Space | 65,91% Space Free | Partition Type: NTFS
Drive F: | 7,95 Gb Total Space | 2,34 Gb Free Space | 29,43% Space Free | Partition Type: NTFS
Computer Name: HOME | User Name: [...]| Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
========== Extra Registry (SafeList) ==========
========== File Associations ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- C:\Windows\System32\control.exe (Microsoft Corporation)
.hlp [@ = hlpfile] -- C:\Windows\winhlp32.exe (Microsoft Corporation)
.html [@ = FirefoxHTML] -- C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation)
.url [@ = InternetShortcut] -- rundll32.exe ieframe.dll,OpenURL %l
========== Shell Spawning ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
hlpfile [open] -- %SystemRoot%\winhlp32.exe %1 (Microsoft Corporation)
htmlfile [edit] -- Reg Error: Key error.
htmlfile [print] -- rundll32.exe %windir%\system32\mshtml.dll,PrintHTML "%1"
http [open] -- "C:\Program Files\Mozilla Firefox\firefox.exe" -requestPending -osint -url "%1" (Mozilla Corporation)
https [open] -- "C:\Program Files\Mozilla Firefox\firefox.exe" -requestPending -osint -url "%1" (Mozilla Corporation)
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
InternetShortcut [open] -- rundll32.exe ieframe.dll,OpenURL %l
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [OneNote.Open] -- C:\PROGRA~1\MICROS~1\Office12\ONENOTE.EXE "%L" (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe /separate,/idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /separate,/e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
========== Security Center Settings ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1
"UacDisableNotify" = 1
"InternetSettingsDisableNotify" = 1
"AutoUpdateDisableNotify" = 1
"AntiVirusOverride" = 0
"FirewallOverride" = 0
"UpdatesDisableNotify" = 0
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
"DisableMonitoring" = 1
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus]
"DisableMonitoring" = 1
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall]
"DisableMonitoring" = 1
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0
"VistaSp1" = Reg Error: Unknown registry data type -- File not found
"VistaSp2" = Reg Error: Unknown registry data type -- File not found
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]
========== Firewall Settings ==========
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
========== Authorized Applications List ==========
========== Vista Active Open Ports Exception List ==========
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{BBE2CE54-674E-4179-AAE7-27C4DB2E8CA2}" = lport=2869 | protocol=6 | dir=in | app=system |
"{C2001774-724F-41D4-99B6-066ADBEDE0EE}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=svchost.exe |
"{F2AED1CB-B596-4212-B9F9-E8CAC719F88C}" = lport=6004 | protocol=17 | dir=in | app=c:\program files\microsoft office\office12\outlook.exe |
========== Vista Active Application Exception List ==========
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{01937BFF-7A50-4B9A-9CB0-326A20437AD8}" = dir=in | app=c:\program files\windows live\messenger\msnmsgr.exe |
"{25BC4C3C-CE15-4524-9EC4-15C63C2D3CF3}" = protocol=17 | dir=in | app=c:\program files\microsoft office\office12\onenote.exe |
"{469CBB76-88F5-41D6-8974-2D03110B511A}" = protocol=6 | dir=in | app=c:\program files\microsoft office\office12\onenote.exe |
"{504848D8-C524-4F3C-8F94-36C1EB62971E}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{512EA11E-CA24-4546-9A0D-D074CF7A632C}" = protocol=17 | dir=in | app=c:\users\[...]\appdata\roaming\dropbox\bin\dropbox.exe |
"{7E1A66DE-1575-468A-80FF-68A4091CBD13}" = protocol=17 | dir=in | app=c:\program files\microsoft office\office12\groove.exe |
"{81743A39-1942-483E-9A2C-F93CAE45E001}" = protocol=6 | dir=in | app=c:\users\[...]\appdata\roaming\dropbox\bin\dropbox.exe |
"{9BBB1A72-BDFB-4323-9ACF-0FFB91C1D877}" = dir=in | app=c:\program files\windows live\messenger\livecall.exe |
"{CE66FF6E-34D1-4E78-8257-D04A58DAC07F}" = protocol=6 | dir=in | app=c:\program files\microsoft office\office12\groove.exe |
"TCP Query User{193EB2D3-2BF2-4F3B-BA8F-9D8435A2D0EA}C:\users\[...]\appdata\roaming\dropbox\bin\dropbox.exe" = protocol=6 | dir=in | app=c:\users\[...]\appdata\roaming\dropbox\bin\dropbox.exe |
"TCP Query User{1B04FAF1-DB4B-4BE5-B8B5-39B5C88039A1}C:\program files\matlab71\bin\win32\matlab.exe" = protocol=6 | dir=in | app=c:\program files\matlab71\bin\win32\matlab.exe |
"TCP Query User{1B580D07-A9B5-465F-9C5E-C623CE9694A0}C:\windows\explorer.exe" = protocol=6 | dir=in | app=c:\windows\explorer.exe |
"TCP Query User{2350845C-127B-4906-8834-4CEF563D4D67}C:\program files\limewire\limewire.exe" = protocol=6 | dir=in | app=c:\program files\limewire\limewire.exe |
"TCP Query User{2F1776ED-4EE2-4BBF-8B00-6108A4C3F4C5}C:\program files\google\google earth\plugin\geplugin.exe" = protocol=6 | dir=in | app=c:\program files\google\google earth\plugin\geplugin.exe |
"TCP Query User{51CE0D93-DC7B-41D7-AEC5-8217E2BB1D35}C:\program files\java\jre6\bin\javaw.exe" = protocol=6 | dir=in | app=c:\program files\java\jre6\bin\javaw.exe |
"TCP Query User{56243DE6-C0BD-4351-A236-2512628C39EE}C:\program files\mozilla firefox\firefox.exe" = protocol=6 | dir=in | app=c:\program files\mozilla firefox\firefox.exe |
"TCP Query User{6ABEF9EE-100A-482A-8874-BA303ACBC573}C:\program files\mozilla firefox\firefox.exe" = protocol=6 | dir=in | app=c:\program files\mozilla firefox\firefox.exe |
"TCP Query User{88AE56F1-A63F-43F5-801E-DE99B013AF64}C:\program files\java\jre6\bin\javaw.exe" = protocol=6 | dir=in | app=c:\program files\java\jre6\bin\javaw.exe |
"TCP Query User{A00167C6-CF27-40A1-BB15-B42E947C62F9}C:\windows\system32\wfs.exe" = protocol=6 | dir=in | app=c:\windows\system32\wfs.exe |
"TCP Query User{A2104397-A655-4497-8DBE-120A3FBCA691}C:\program files\google\google earth\client\googleearth.exe" = protocol=6 | dir=in | app=c:\program files\google\google earth\client\googleearth.exe |
"TCP Query User{B773B6FF-A87D-4266-8827-F6141EEFD026}C:\program files\java\jre6\bin\java.exe" = protocol=6 | dir=in | app=c:\program files\java\jre6\bin\java.exe |
"TCP Query User{C67A32DA-0C69-49FA-B444-CB869D065067}C:\program files\mozilla firefox\plugin-container.exe" = protocol=6 | dir=in | app=c:\program files\mozilla firefox\plugin-container.exe |
"TCP Query User{FBD2934E-DAEC-42CC-8A25-740FA3A65811}C:\windows\explorer.exe" = protocol=6 | dir=in | app=c:\windows\explorer.exe |
"UDP Query User{0E0EA0FA-E775-4FEF-A94B-366BC1CB9A1F}C:\users\[...]\appdata\roaming\dropbox\bin\dropbox.exe" = protocol=17 | dir=in | app=c:\users\[...]\appdata\roaming\dropbox\bin\dropbox.exe |
"UDP Query User{3AE130D5-4070-4A38-9ACC-93412E73196A}C:\program files\mozilla firefox\firefox.exe" = protocol=17 | dir=in | app=c:\program files\mozilla firefox\firefox.exe |
"UDP Query User{596C43F3-DF81-4D59-A3A5-F40B21295B5E}C:\program files\mozilla firefox\firefox.exe" = protocol=17 | dir=in | app=c:\program files\mozilla firefox\firefox.exe |
"UDP Query User{65EC33B2-0903-4367-B2B0-65FC8784CAA4}C:\program files\matlab71\bin\win32\matlab.exe" = protocol=17 | dir=in | app=c:\program files\matlab71\bin\win32\matlab.exe |
"UDP Query User{77A5C851-89DF-462D-ADD3-2080E2A1EE96}C:\windows\system32\wfs.exe" = protocol=17 | dir=in | app=c:\windows\system32\wfs.exe |
"UDP Query User{8C616AF9-3A02-4F0C-B313-E099ECD7A748}C:\program files\google\google earth\plugin\geplugin.exe" = protocol=17 | dir=in | app=c:\program files\google\google earth\plugin\geplugin.exe |
"UDP Query User{95E66C69-2133-4B02-9A14-7CDF7FA8D752}C:\windows\explorer.exe" = protocol=17 | dir=in | app=c:\windows\explorer.exe |
"UDP Query User{A1E12EC7-44DA-48DA-9B35-FE3E2A8A0D9E}C:\program files\java\jre6\bin\javaw.exe" = protocol=17 | dir=in | app=c:\program files\java\jre6\bin\javaw.exe |
"UDP Query User{B14600AB-FAEF-4E74-A71C-0420B8AB6E0F}C:\program files\google\google earth\client\googleearth.exe" = protocol=17 | dir=in | app=c:\program files\google\google earth\client\googleearth.exe |
"UDP Query User{DA663C87-BDDE-410C-A539-D705910C1622}C:\program files\limewire\limewire.exe" = protocol=17 | dir=in | app=c:\program files\limewire\limewire.exe |
"UDP Query User{DE996E13-6139-4612-B396-F35C8B66FDE9}C:\program files\java\jre6\bin\java.exe" = protocol=17 | dir=in | app=c:\program files\java\jre6\bin\java.exe |
"UDP Query User{F0767A7B-5C2D-4FC7-945B-9181560CB09F}C:\program files\mozilla firefox\plugin-container.exe" = protocol=17 | dir=in | app=c:\program files\mozilla firefox\plugin-container.exe |
"UDP Query User{F550517C-C88A-4A60-9CD3-7FBAC034C10D}C:\program files\java\jre6\bin\javaw.exe" = protocol=17 | dir=in | app=c:\program files\java\jre6\bin\javaw.exe |
"UDP Query User{FF497F51-7880-4C9F-8AD3-CFF39A3C574A}C:\windows\explorer.exe" = protocol=17 | dir=in | app=c:\windows\explorer.exe |
========== HKEY_LOCAL_MACHINE Uninstall List ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"_{7F05E704-30A6-421A-97A7-8EEB1C7FF010}" = CorelDRAW(R) Graphics Suite X4
"_{CE2DA11A-917F-4CF5-AB55-755EC115DD10}" = CorelDRAW(R) Graphics Suite X4 - Windows Shell Extension
"{0001B4FD-9EA3-4D90-A79E-FD14BA3AB01D}" = PDFCreator
"{002D9D5E-29BA-3E6D-9BC4-3D7D6DBC735C}" = Microsoft Visual C++ 2008 ATL Update kb973924 - x86 9.0.30729.4148
"{0289B18A-F99F-423F-B79F-1150D0F85492}" = HP Wireless Assistant
"{028ED9C4-25EE-4DEE-9CF4-91034BC89B18}" = Microsoft SQL Server 2005 Express Edition (MSSMLBIZ)
"{0394CDC8-FABD-4ED8-B104-03393876DFDF}" = Roxio Creator Tools
"{03D1988F-469F-4843-8E6E-E5FE9D17889D}" = HP Integrated Module with Bluetooth wireless technology 6.0.1.4900
"{052FDD78-A6EA-3187-8386-C82F4CA3A929}" = Microsoft .NET Framework 3.5 Language Pack SP1 - deu
"{07629207-FAA0-4F1A-8092-BF5085BE511F}" = Unterstützungsdateien für das Microsoft SQL Server-Setup (Englisch)
"{07FCBED5-94C3-4F94-B9D3-360FA27C7B06}" = Microsoft Windows SDK for Visual Studio 2008 Express Tools for Win32
"{082702D5-5DD8-4600-BCE5-48B15174687F}" = HP Doc Viewer
"{0D397393-9B50-4C52-84D5-77E344289F87}" = Roxio Creator Data
"{13F3917B56CD4C25848BDC69916971BB}" = DivX Converter
"{1B3AE30B-737B-48DB-B690-1A68DBF26514}" = SymNet
"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
"{20C45B32-5AB6-46A4-94EF-58950CAF05E5}" = EPSON Attach To Email
"{254C37AA-6B72-4300-84F6-98A82419187E}" = ActiveCheck component for HP Active Support Library
"{26A24AE4-039D-4CA4-87B4-2F83216016FF}" = Java(TM) 6 Update 23
"{26A24AE4-039D-4CA4-87B4-2F83216018F0}" = Java(TM) 6 Update 18
"{2A88F1BF-7041-4E42-84B1-6B4ACB83AC64}" = EPSON Scan Assistant
"{2B091530-69AA-442E-AB09-39ED06B58220}" = Windows Live Messenger
"{2DB165DC-DDB4-403F-B985-19F3EC7D0357}" = HP ProtectTools Security Manager
"{2EB81825-E9EE-44F4-8F51-1240C3898DC6}" = EPSON File Manager
"{30465B6C-B53F-49A1-9EBA-A3F187AD502E}" = Roxio Update Manager
"{3248F0A8-6813-11D6-A77B-00B0D0160010}" = Java(TM) SE Runtime Environment 6 Update 1
"{3248F0A8-6813-11D6-A77B-00B0D0160040}" = Java(TM) 6 Update 4
"{3248F0A8-6813-11D6-A77B-00B0D0160050}" = Java(TM) 6 Update 5
"{3248F0A8-6813-11D6-A77B-00B0D0160070}" = Java(TM) 6 Update 7
"{33C65B6A-5D73-4E3E-A1F9-127C27BD3F72}" = Roxio MyDVD Basic v9
"{34D2AB40-150D-475D-AE32-BD23FB5EE355}" = HP Quick Launch Buttons 6.20 G2
"{35E1EC43-D4FC-4E4A-AAB3-20DDA27E8BB0}" = Roxio Activation Module
"{3912A629-0020-0005-3131-2FBA74D4DF0A}" = InterVideo WinDVD
"{3C3901C5-3455-3E0A-A214-0B093A5070A6}" = Microsoft .NET Framework 4 Client Profile
"{3CCAD2EF-CFF2-4637-82AA-AABF370282D3}" = ccCommon
"{3F9F7336-6DF8-476F-ABF6-C70A17FAF619}" = ST Wiederherstellungs- & Sicherungsprogramme
"{3FC7CBBC4C1E11DCA1A752EA55D89593}" = DivX Version Checker
"{41977E38-C671-4383-96F2-D2C83A815EB4}" = Vista Default Settings
"{44A27085-0616-4181-A0C3-81C7ECA17F73}" = CorelDRAW Graphics Suite X4
"{45A66726-69BC-466B-A7A4-12FCBA4883D7}" = HiJackThis
"{48185814-A224-447A-81DA-71BD20580E1B}" = Norton Internet Security
"{4843B611-8FCB-4428-8C23-31D0A5EAE164}" = Norton Confidential Browser Component
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{4cb9f93c-9edc-4be9-ae61-af128ddbecfa}" = Business Contact Manager für Outlook 2007 SP2
"{50120000-1105-0000-0000-0000000FF1CE}" = Microsoft Office 2007 Primary Interop Assemblies
"{521F72F4-FFE4-4959-AA88-EED06125211F}" = HP Notebook Accessories Product Tour
"{55B52830-024A-443E-AF61-61E1E71AFA1B}" = Device Access Manager for HP ProtectTools
"{5783F2D7-5001-0409-0002-0060B0CE6BBA}" = AutoCAD 2007 - English
"{584B0895-8EF3-4175-8E80-1B68BFA04636}" = HP Help and Support
"{5A3C1721-F8ED-11E0-8AFB-B8AC6F97B88E}" = Google Earth
"{5AA2CD16-706F-41f3-87C5-2B5A031F2B3B}" = Norton Internet Security
"{5D97A4A7-C274-4B63-86D9-07A33435F505}" = InterVideo DVD Check
"{5EE7D259-D137-4438-9A5F-42F432EC0421}" = VC80CRTRedist - 8.0.50727.4053
"{619CDD8A-14B6-43A1-AB6C-0F4EE48CE048}" = Roxio Creator Copy
"{65DA2EC9-0642-47E9-AAE2-B5267AA14D75}" = Activation Assistant for the 2007 Microsoft Office suites
"{6675CA7F-E51B-4F6A-99D4-F8F0124C6EAA}" = Roxio Express Labeler 3
"{669D4A35-146B-4314-89F1-1AC3D7B88367}" = HPAsset component for HP Active Support Library
"{67EDD823-135A-4D59-87BD-950616D6E857}" = EPSON Copy Utility 3
"{69333A04-5134-40A5-A055-9166A7AA1EC8}" =
"{6956856F-B6B3-4BE0-BA0B-8F495BE32033}" = Apple Software Update
"{69FDFBB6-351D-4B8C-89D8-867DC9D0A2A4}" = Windows Media Player Firefox Plugin
"{6D3DB611-D5E8-4E4B-8952-0D3F549F9CC6}" = HP Active Support Library 32 bit components
"{70CEFEBA-F757-4DBE-8A21-027C326137CE}" = Application Installer 4.00.B14
"{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}" = Microsoft Visual C++ 2005 Redistributable
"{770657D0-A123-3C07-8E44-1C83EC895118}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
"{77772678-817F-4401-9301-ED1D01A8DA56}" = SPBBC 32bit
"{7A7B0BF3-2F00-4F03-8A9B-6ABCC07B90C6}" = Windows Live installer
"{7A98A7F3-3A1D-4E14-8204-AFFEE1EF72EA}" = Symantec Real Time Storage Protection Component
"{7B63B2922B174135AFC0E1377DD81EC2}" =
"{7CA4EF4B-DB5A-4E2F-81CC-6EE33FC9EF1E}" = HP User Guides 0084
"{7F05E704-30A6-421A-97A7-8EEB1C7FF010}" = CorelDRAW Graphics SUite X4 - ICA
"{7F05E704-30A6-421A-97A7-8EEB1C7FF012}" = CorelDRAW Graphics Suite X4 - Capture
"{7F05E704-30A6-421A-97A7-8EEB1C7FF013}" = CorelDRAW Graphics Suite X4 - Draw
"{7F05E704-30A6-421A-97A7-8EEB1C7FF014}" = CorelDRAW Graphics Suite X4 - PP
"{7F05E704-30A6-421A-97A7-8EEB1C7FF016}" = CorelDRAW Graphics Suite X4 - Content
"{7F05E704-30A6-421A-97A7-8EEB1C7FF017}" = CorelDRAW Graphics Suite X4 - Filters
"{7F05E704-30A6-421A-97A7-8EEB1C7FF019}" = CorelDRAW Graphics Suite X4 - FontNav
"{818ABC3C-635C-4651-8183-D0E9640B7DD1}" = HP Update
"{82F2B38B-1426-443D-874C-AC25675E7BEB}" = Windows Live Mail
"{830D8CBD-C668-49e2-A969-C2C2106332E0}" = Norton AntiVirus
"{83FFCFC7-88C6-41C6-8752-958A45325C82}" = Roxio Creator Audio
"{842FAF7C-50EF-4463-9B8F-6222E1384D7D}" = Microsoft Windows SDK for Visual Studio 2008 Headers and Libraries
"{86CE85E6-DBAC-3FFD-B977-E4B79F83C909}" = Microsoft Visual C++ 2008 Redistributable - KB2467174 - x86 9.0.30729.5570
"{86D4B82A-ABED-442A-BE86-96357B70F4FE}" = Ask Toolbar
"{886F91D5-4B45-45DC-938E-6B0276C6B015}" = Solid Edge V20
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{8A25392D-C5D2-4E79-A2BD-C15DDC5B0959}" = Bonjour
"{8D1E61D1-1395-4E97-997F-D002DB3A5074}" = OpenOffice.org 3.2
"{8D337F77-BE7F-41A2-A7CB-D5A63FD7049B}" = Sonic CinePlayer Decoder Pack
"{8DAC1AE4-33D1-4A78-8A42-00E09EDECC3E}" = Camera RAW Plug-In for EPSON Creativity Suite
"{8DC42D05-680B-41B0-8878-6C14D24602DB}" = QuickTime
"{90120000-0015-0407-0000-0000000FF1CE}" = Microsoft Office Access MUI (German) 2007
"{90120000-0015-0407-0000-0000000FF1CE}_ENTERPRISE_{9BD40163-B95D-4B07-8991-0AB775B6D88B}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0016-0407-0000-0000000FF1CE}" = Microsoft Office Excel MUI (German) 2007
"{90120000-0016-0407-0000-0000000FF1CE}_ENTERPRISE_{9BD40163-B95D-4B07-8991-0AB775B6D88B}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0018-0407-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (German) 2007
"{90120000-0018-0407-0000-0000000FF1CE}_ENTERPRISE_{9BD40163-B95D-4B07-8991-0AB775B6D88B}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0019-0407-0000-0000000FF1CE}" = Microsoft Office Publisher MUI (German) 2007
"{90120000-0019-0407-0000-0000000FF1CE}_ENTERPRISE_{9BD40163-B95D-4B07-8991-0AB775B6D88B}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-001A-0407-0000-0000000FF1CE}" = Microsoft Office Outlook MUI (German) 2007
"{90120000-001A-0407-0000-0000000FF1CE}_ENTERPRISE_{9BD40163-B95D-4B07-8991-0AB775B6D88B}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-001B-0407-0000-0000000FF1CE}" = Microsoft Office Word MUI (German) 2007
"{90120000-001B-0407-0000-0000000FF1CE}_ENTERPRISE_{9BD40163-B95D-4B07-8991-0AB775B6D88B}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-001F-0407-0000-0000000FF1CE}" = Microsoft Office Proof (German) 2007
"{90120000-001F-0407-0000-0000000FF1CE}_ENTERPRISE_{A0516415-ED61-419A-981D-93596DA74165}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2007
"{90120000-001F-0409-0000-0000000FF1CE}_ENTERPRISE_{ABDDE972-355B-4AF1-89A8-DA50B7B5C045}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2007
"{90120000-001F-040C-0000-0000000FF1CE}_ENTERPRISE_{F580DDD5-8D37-4998-968E-EBB76BB86787}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-001F-0410-0000-0000000FF1CE}" = Microsoft Office Proof (Italian) 2007
"{90120000-001F-0410-0000-0000000FF1CE}_ENTERPRISE_{322296D4-1EAE-4030-9FBC-D2787EB25FA2}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-002C-0407-0000-0000000FF1CE}" = Microsoft Office Proofing (German) 2007
"{90120000-0030-0000-0000-0000000FF1CE}" = Microsoft Office Enterprise 2007
"{90120000-0030-0000-0000-0000000FF1CE}_ENTERPRISE_{0B36C6D6-F5D8-4EAF-BF94-4376A230AD5B}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0030-0000-0000-0000000FF1CE}_ENTERPRISE_{3D019598-7B59-447A-80AE-815B703B84FF}" = Security Update for Microsoft Office system 2007 (972581)
"{90120000-0044-0407-0000-0000000FF1CE}" = Microsoft Office InfoPath MUI (German) 2007
"{90120000-0044-0407-0000-0000000FF1CE}_ENTERPRISE_{9BD40163-B95D-4B07-8991-0AB775B6D88B}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-006E-0407-0000-0000000FF1CE}" = Microsoft Office Shared MUI (German) 2007
"{90120000-006E-0407-0000-0000000FF1CE}_ENTERPRISE_{26454C26-D259-4543-AA60-3189E09C5F76}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-00A1-0407-0000-0000000FF1CE}" = Microsoft Office OneNote MUI (German) 2007
"{90120000-00A1-0407-0000-0000000FF1CE}_ENTERPRISE_{9BD40163-B95D-4B07-8991-0AB775B6D88B}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-00BA-0407-0000-0000000FF1CE}" = Microsoft Office Groove MUI (German) 2007
"{90120000-00BA-0407-0000-0000000FF1CE}_ENTERPRISE_{9BD40163-B95D-4B07-8991-0AB775B6D88B}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90140000-2005-0000-0000-0000000FF1CE}" = Microsoft Office File Validation Add-In
"{90A40407-6000-11D3-8CFE-0150048383C9}" = Microsoft Office 2003 Web Components
"{91810AFC-A4F8-4EBA-A5AA-B198BBC81144}" = InterVideo WinDVD
"{976C2B2A-CE59-4AB3-83FB-BF895E28F2E6}" = Apple Mobile Device Support
"{989112B0-74DB-4A40-932F-580049CD0B97}" = Visual Basic for Applications (R) Core - German
"{9A129ABC-A53A-4209-A21E-D5DEDFB7CCA8}" = Norton Protection Center
"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
"{9B8E1C10-3952-48D3-BC66-F223DDC3A556}" = Firefox 3.6 WEB.DE Edition
"{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
"{9D0798D0-AF6C-4E62-94B1-AEBF1A43E00A}" = CorelDRAW Graphics Suite X4 - IPM
"{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper
"{A939D341-5A04-4E0A-BB55-3E65B386432D}" = Microsoft Office Small Business Connectivity Components
"{AA59DDE4-B672-4621-A016-4C248204957A}" = Skype™ 5.5
"{AB5E289E-76BF-4251-9F3F-9B763F681AE0}" = HP Customer Experience Enhancements
"{AC76BA86-7AD7-1031-7B44-A83000000003}" = Adobe Reader 8.3.1 - Deutsch
"{AC76BA86-7AD7-5670-0000-800000000003}" = Korean Fonts Support For Adobe Reader 8
"{AEFBAC58-2DDD-4CEF-BDFD-52A5A5F432ED}" = CorelDRAW Graphics Suite X4 - Lang DE
"{B13A7C41581B411290FBC0395694E2A9}" = DivX Converter
"{B2544A03-10D0-4E5E-BA69-0362FFC20D18}" = OGA Notifier 2.0.0048.0
"{B4092C6D-E886-4CB2-BA68-FE5A88D31DE6}_is1" = Spybot - Search & Destroy
"{B571B309-5E65-3DCE-8DE7-205DE2D366C3}" = Microsoft Visual C++ 2008 Express Edition - DEU
"{B61D21B6-469D-4423-B161-62DB20B8A70E}" = Visual Basic for Applications (R) Core - English
"{B66E665A-DF96-4C38-9422-C7F74BC1B4E5}" = EPSON Easy Photo Print
"{B6CF2967-C81E-40C0-9815-C05774FEF120}" = Skype Click to Call
"{B7C61755-DB48-4003-948F-3D34DB8EAF69}" = MSRedist
"{BBE5C83E-4DC5-494F-8A23-3AAE242E94C2}" = HP Easy Setup - Frontend
"{BC35397E-6A05-4E93-8418-1BA7CD2B7AAB}" = BIOS Configuration for HP ProtectTools
"{BF439B41-0252-48DE-8B8B-0430CB26A181}" = CorelDRAW Graphics Suite X4 - VBA
"{C07B8BC4-AFD9-3AA4-BDF5-330A07591FDE}" = Microsoft Windows SDK for Visual Studio 2008 Express Tools for .NET Framework
"{C656142F-EFE1-44CD-BFAD-6CBC6DCB9860}" = Vodafone Mobile Connect Lite
"{C8B0680B-CDAE-4809-9F91-387B6DE00F7C}" = Roxio Creator Basic v9
"{CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}" = Microsoft .NET Framework 1.1
"{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1
"{CE2DA11A-917F-4CF5-AB55-755EC115DD10}" = CorelDRAW(R) Graphics Suite X4 - Windows Shell Extension
"{D353CC51-430D-4C6F-9B7E-52003DA1E05A}" = Norton Confidential Web Protection Component
"{D98B6344-98EC-4196-9D61-DB0E8420C7C8}" = ESU for Microsoft Vista
"{D9B4D7EE-481C-4C36-86AB-A8F7417725FF}" = LightScribe 1.6.43.1
"{DB81779E-7CC5-4630-BCFC-754004956444}" = Visual Basic for Applications (R) Core
"{DBA4DB9D-EE51-4944-A419-98AB1F1249C8}" = LiveUpdate Notice (Symantec Corporation)
"{DDDE0BE3-0CBE-4BF6-B75A-E3F69C947843}" = iTunes
"{E12C6653-1FF0-4686-ADB8-589C13AE761F}" = Citavi
"{E3723A04-A894-4036-A78E-282E18F43C0A}_is1" = Tinypic 3.14
"{E3EFA461-EB83-4C3B-9C47-2C1D58A01555}" = Norton Internet Security
"{E503B4BF-F7BB-3D5F-8BC8-F694B1CFF942}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022.218
"{E59A46D4-699C-4DC8-969F-DAC3395B4543}" = HP Active Support Library
"{E5EE9939-259F-4DE2-8023-5C49E16A4F43}" = Norton Internet Security
"{E78BFA60-5393-4C38-82AB-E8019E464EB4}" = Microsoft .NET Framework 1.1 German Language Pack
"{E8334783-E2F9-4CA6-86F8-090051418F09}" = Mathcad 13
"{E9021599-1E2A-4027-A1CC-40E42A08603C}" = RETScreen Version 4
"{EFB5B3B5-A280-4E25-BE1C-634EEFE32C1B}" = AppCore
"{F0A37341-D692-11D4-A984-009027EC0A9C}" = SoundMAX
"{F18DB86D-BC16-4E01-BCCE-63F62B931D82}" = InterVideo Register Manager
"{F1FCC8AD-0F88-4D77-8530-0FBB088485F1}" = WEB.DE Update
"{F46E21DF-5BE1-48E2-8390-5EEA8B25E36A}" = Microsoft SQL Server Native Client
"{F4DB525F-A986-4249-B98B-42A8066251CA}" = AV
"{F750C986-5310-3A5A-95F8-4EC71C8AC01C}" = Microsoft .NET Framework 4 Client Profile DEU Language Pack
"{FDE96E86-7780-431C-92F7-679C6A7CEC51}" = Microsoft SQL Server VSS Writer
"{FEA36347-ADBE-423F-A1B2-74A3C3BCE15E}" = RETScreen
"{FF29527A-44CD-3422-945E-981A13584000}" = VC Runtimes MSI
"{FF66E9F6-83E7-3A3E-AF14-8DE9A809A6A4}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022
"1489-3350-5074-6281" = JDownloader 0.9
"Activation Assistant for the 2007 Microsoft Office suites" = Activation Assistant for the 2007 Microsoft Office suites
"Adobe Flash Player ActiveX" = Adobe Flash Player 10 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 11 Plugin
"Agere Systems Soft Modem" = Agere Systems HDA Modem
"AOL Toolbar" = AOL Toolbar 5.0
"Aspell" = Aspell Data
"Aspell6-Dictionary-de" = Aspell 0.6 Dictionary (Language: de)
"Aspell6-Dictionary-en" = Aspell 0.6 Dictionary (Language: en)
"Autodesk DWF Viewer" = Autodesk DWF Viewer
"Avira AntiVir Desktop" = Avira AntiVir Personal - Free Antivirus
"Broadcom 802.11b Network Adapter" = Broadcom 802.11 Wireless LAN Adapter
"Business Contact Manager" = Business Contact Manager für Outlook 2007 SP2
"Citrix ICA Web Client" = Citrix ICA Web Client
"CX4300_5500_DX4400 Handbuch" = CX4300_5500_DX4400 Handbuch
"DivX Plus DirectShow Filters" = DivX Plus DirectShow Filters
"DivX Setup.divx.com" = DivX-Setup
"EES - Engineering Equation Solver" = EES - Engineering Equation Solver
"ENTERPRISE" = Microsoft Office Enterprise 2007
"EPSON Printer and Utilities" = EPSON-Drucker-Software
"EPSON Scanner" = EPSON Scan
"ESET Online Scanner" = ESET Online Scanner v3
"FinePrint" = FinePrint
"Firefox 3.6 WEB.DE Edition" = Firefox 3.6 WEB.DE Edition
"Google Updater" = Google Updater
"HDMI" = Intel(R) Graphics Media Accelerator Driver
"HomepageFIX_is1" = HomepageFIX
"InstallShield_{20C45B32-5AB6-46A4-94EF-58950CAF05E5}" = EPSON Attach To Email
"INTERACTIVE ENGLISH VM" = INTERACTIVE ENGLISH VM (Insert CD-ROM)
"LiveUpdate" = LiveUpdate 3.2 (Symantec Corporation)
"LyX" = LyX 1.6.7-4
"Malwarebytes' Anti-Malware_is1" = Malwarebytes Anti-Malware Version 1.60.1.1000
"MatlabR14SP3" = MATLAB 7.1
"MatlabR2010a" = MATLAB R2010a
"Microsoft .NET Framework 1.1 (1033)" = Microsoft .NET Framework 1.1
"Microsoft .NET Framework 3.5 Language Pack SP1 - deu" = Microsoft .NET Framework 3.5 Language Pack SP1 - DEU
"Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1
"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile
"Microsoft .NET Framework 4 Client Profile DEU Language Pack" = Microsoft .NET Framework 4 Client Profile DEU Language Pack
"Microsoft SQL Server 2005" = Microsoft SQL Server 2005
"Microsoft Visual C++ 2008 Express Edition - DEU" = Microsoft Visual C++ 2008 Express Edition - DEU
"MiKTeX 2.8" = MiKTeX 2.8
"Mozilla Firefox 9.0.1 (x86 de)" = Mozilla Firefox 9.0.1 (x86 de)
"NimoCorp" = Nimo Codecs Pack v5.0 (Remove Only)
"PDFCreator Toolbar" = PDFCreator Toolbar
"PROSet" = Intel(R) PRO Network Connections Drivers
"R for Windows 2.10.1_is1" = R for Windows 2.10.1
"SecureW2 EAP Suite" = SecureW2 EAP Suite 1.1.1 for Windows
"Softonic_Deutsch Toolbar" = Softonic_Deutsch Toolbar
"SumatraPDF" = SumatraPDF
"SymSetup.{5AA2CD16-706F-41f3-87C5-2B5A031F2B3B}" = Norton Internet Security (Symantec Corporation)
"SynTPDeinstKey" = Synaptics Pointing Device Driver
"TeXnicCenter_is1" = TeXnicCenter Version 1.0 Stable RC1
"Tinn-R_is1" = Tinn-R 2.3.5.2
"VirtualCloneDrive" = VirtualCloneDrive
"WEB.DE Update" = WEB.DE Update
"WinGimp-2.0_is1" = GIMP 2.4.5
"WinRAR archiver" = WinRAR
"Words_of_Dhamma" = Words of Dhamma
========== HKEY_CURRENT_USER Uninstall List ==========
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"Dropbox" = Dropbox
========== Last 10 Event Log Errors ==========
[ Application Events ]
Error - 30.01.2012 05:43:35 | Computer Name = home | Source = Windows Search Service | ID = 3013
Description =
Error - 30.01.2012 05:43:36 | Computer Name = home | Source = Windows Search Service | ID = 3013
Description =
Error - 30.01.2012 05:43:36 | Computer Name = home | Source = Windows Search Service | ID = 3013
Description =
Error - 30.01.2012 05:43:36 | Computer Name = home | Source = Windows Search Service | ID = 3013
Description =
Error - 30.01.2012 05:43:36 | Computer Name = home | Source = Windows Search Service | ID = 3013
Description =
Error - 30.01.2012 05:43:36 | Computer Name = home | Source = Windows Search Service | ID = 3013
Description =
Error - 30.01.2012 05:43:36 | Computer Name = home | Source = Windows Search Service | ID = 3013
Description =
Error - 31.01.2012 04:30:52 | Computer Name = home | Source = VMCService | ID = 0
Description = conflictManagerTypeValue
Error - 31.01.2012 04:35:41 | Computer Name = home | Source = VMCService | ID = 0
Description = GetProcessOwner
Error - 31.01.2012 17:45:06 | Computer Name = home | Source = Application Hang | ID = 1002
Description = Programm OTL.exe, Version 3.2.31.0 arbeitet nicht mehr mit Windows
zusammen und wurde beendet. Überprüfen Sie den Problemverlauf im Applet "Lösungen
für Probleme" in der Systemsteuerung, um nach weiteren Informationen über das Problem
zu suchen. Prozess-ID: 144c Anfangszeit: 01cce06134d66acc Zeitpunkt der Beendigung:
12
[ OSession Events ]
Error - 17.05.2011 13:30:32 | Computer Name = home | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 6, Application Name: Microsoft Office Outlook, Application Version:
12.0.6557.5001, Microsoft Office Version: 12.0.6425.1000. This session lasted 127
seconds with 0 seconds of active time. This session ended with a crash.
Error - 27.09.2011 17:53:23 | Computer Name = home | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 1, Application Name: Microsoft Office Excel, Application Version:
12.0.6565.5003, Microsoft Office Version: 12.0.6425.1000. This session lasted 3821
seconds with 0 seconds of active time. This session ended with a crash.
Error - 29.09.2011 00:46:13 | Computer Name = home | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 1, Application Name: Microsoft Office Excel, Application Version:
12.0.6565.5003, Microsoft Office Version: 12.0.6425.1000. This session lasted 57324
seconds with 0 seconds of active time. This session ended with a crash.
Error - 06.10.2011 08:42:59 | Computer Name = home | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 1, Application Name: Microsoft Office Excel, Application Version:
12.0.6565.5003, Microsoft Office Version: 12.0.6425.1000. This session lasted 1869
seconds with 0 seconds of active time. This session ended with a crash.
Error - 28.10.2011 16:55:25 | Computer Name = home | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 1, Application Name: Microsoft Office Excel, Application Version:
12.0.6565.5003, Microsoft Office Version: 12.0.6425.1000. This session lasted 1846
seconds with 0 seconds of active time. This session ended with a crash.
Error - 15.11.2011 12:58:43 | Computer Name = home | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 1, Application Name: Microsoft Office Excel, Application Version:
12.0.6565.5003, Microsoft Office Version: 12.0.6425.1000. This session lasted 2604
seconds with 0 seconds of active time. This session ended with a crash.
Error - 19.11.2011 12:19:45 | Computer Name = home | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 1, Application Name: Microsoft Office Excel, Application Version:
12.0.6565.5003, Microsoft Office Version: 12.0.6425.1000. This session lasted 129
seconds with 120 seconds of active time. This session ended with a crash.
Error - 27.11.2011 10:29:41 | Computer Name = home | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 1, Application Name: Microsoft Office Excel, Application Version:
12.0.6565.5003, Microsoft Office Version: 12.0.6425.1000. This session lasted 1007
seconds with 0 seconds of active time. This session ended with a crash.
Error - 27.11.2011 10:35:47 | Computer Name = home | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 1, Application Name: Microsoft Office Excel, Application Version:
12.0.6565.5003, Microsoft Office Version: 12.0.6425.1000. This session lasted 1240
seconds with 0 seconds of active time. This session ended with a crash.
Error - 06.12.2011 16:14:30 | Computer Name = home | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 1, Application Name: Microsoft Office Excel, Application Version:
12.0.6565.5003, Microsoft Office Version: 12.0.6425.1000. This session lasted 49
seconds with 0 seconds of active time. This session ended with a crash.
[ System Events ]
Error - 13.09.2008 14:11:21 | Computer Name = home | Source = BTHUSB | ID = 327697
Description = Der lokale Bluetooth-Adapter ist aus einem unbekannten Grund fehlgeschlagen
und wird nicht verwendet. Der Treiber wurde entladen.
Error - 13.09.2008 16:42:17 | Computer Name = home | Source = Service Control Manager | ID = 7031
Description =
Error - 13.09.2008 16:43:35 | Computer Name = home | Source = Service Control Manager | ID = 7031
Description =
Error - 13.09.2008 17:05:46 | Computer Name = home | Source = DCOM | ID = 10010
Description =
Error - 14.09.2008 15:20:47 | Computer Name = home | Source = Service Control Manager | ID = 7011
Description =
Error - 14.09.2008 15:20:48 | Computer Name = home | Source = BTHUSB | ID = 327697
Description = Der lokale Bluetooth-Adapter ist aus einem unbekannten Grund fehlgeschlagen
und wird nicht verwendet. Der Treiber wurde entladen.
Error - 15.09.2008 12:39:50 | Computer Name = home | Source = BTHUSB | ID = 327697
Description = Der lokale Bluetooth-Adapter ist aus einem unbekannten Grund fehlgeschlagen
und wird nicht verwendet. Der Treiber wurde entladen.
Error - 17.09.2008 09:50:16 | Computer Name = home | Source = BTHUSB | ID = 327697
Description = Der lokale Bluetooth-Adapter ist aus einem unbekannten Grund fehlgeschlagen
und wird nicht verwendet. Der Treiber wurde entladen.
Error - 17.09.2008 11:43:44 | Computer Name = home | Source = BTHUSB | ID = 327697
Description = Der lokale Bluetooth-Adapter ist aus einem unbekannten Grund fehlgeschlagen
und wird nicht verwendet. Der Treiber wurde entladen.
Error - 17.09.2008 16:43:56 | Computer Name = home | Source = BTHUSB | ID = 327697
Description = Der lokale Bluetooth-Adapter ist aus einem unbekannten Grund fehlgeschlagen
und wird nicht verwendet. Der Treiber wurde entladen.
< End of report >
[\code] Ich habe meinen Benutzername durch [...] ersetzt. Ich hoffe ich habe ansonsten keine sensitiven infos gepostet? Ich habe da diese porn und Glückspiel Seiten oder was auch immer das ist gefunden, ich weiß nicht was das ist und wie das auf meinen Computer gelangt (zB O1 - Hosts: 127.0.0.1 123fporn.info) .Ehrlich. Wenn du weißt was das ist und woher das kommt würde ich mich über eine kurze Aufklärung freuen. Ansonsten wurde mal etwas mir unklares Zeug installiert damit ich über ein Netzwerk Software wie Matlab etc nutzen kann. Ich weiß nicht ob das mit rechten Dingen zu ging, ich weiß nur, dass mein Computer danach viel langsamer war. hoffe ich habe die richtigen Ausgaben gepostet. Viele Grüße und vielen Dank! |
|
01.02.2012, 09:50
| #6 | |||||
| /// Helfer-Team | zufällig bei Autostart-Dateien jashla.exe entdeckt, sonst glaube keine Auffälligkeiten 1. Du hast deinen Rechner mit zwei Anti-Viren-Programmen generell `geschwächt`: Zitat:
Nur eine Firewall sowie ein Antiviren Programm verwenden, welche sich immer auf dem aktuellsten Stand befinden sollten! Mehr AV Programme bedeutet nicht mehr Sicherheit!Die Scanner behindern sich gegenseitig (bei beiden den On-Access Scan aktiviert bzw laufen ständig im Hintergrund) und ein Systemcrash kann die Folge sein oder im schlechtesten fall, kannst Du über eine komplette Neuinstallation freuen! Deinstalliere also eines der AV-Programme und lass nur noch eins auf deinem PC laufen. Zitat:
► Removal Tools oder Deinstallationsanleitungen für diverse Antiviren Software : -> Removal Tools oder Deinstallationsanleitungen für diverse Antiviren Software ► AV Deinstallations Hinweise [u]also Entscheide Dich für NUR einen Virenscanner und benutze diesen regelmäßig! 2. Zitat:
meiner Meinung nach bietet nicht mehr ausreichenden Schutz gegen "moderne Malwarearten"... ► Falls Du doch es behalten möchtest: Stelle bitte den TeaTimer ab: Gehe bei Spybot-S&D in den Erweiterten Modus und wähle dort Werkzeuge -> Resident. Deaktiviere hier den "Resident TeaTimer aktiv". (Tea Timer versucht positive änderungen auch zu blockieren) - soll für immer deaktiviert bleiben! 3. Code:
ATTFilter LimeWire
Zitat:
Ausserdem nicht nur trojanische Pferde oder andere Virentypen eine direkt Verbindung brauchen, sondern der Verwendung von µtorrent & Co, "telefonieren auch nach Hause", wenn auch noch keine Beweise vorliegen (zumindest teilweise nicht) und solchen Clients erlaubt, würde ich nicht empfehlen!  Solange du solche Programme auf dein PC hast, wirst Du Dich laufend mit etwas Problematik konfrontieren müssen! 4. deinstalliere falls unter `Systemsteuerung -> Software/Programme: Code:
ATTFilter Adware -Toolbars: Ask Toolbar Immer die benutzerdefinierte Installation wählen, nicht die Standardinstallation, weil dann oft Sachen mitinstalliert werden, die man nicht braucht oder nicht möchte. Bei Installation bitte die Lizenzbestimmungen immer lesen, und nicht sofort überall den Haken setzen bzw gesetzten Haken belassen, weil damit stimmt man nämlich zu, dass andere "Fremdprogramm", oder sogar Adware (Werbe-Pop-ups) durch Partnerprogrammen, Sponsoren etc - mitinstalliert wird, weil sich Freeware damit finanziert. in diese Kategorie gehören noch einige, wie z.B: -> Unerwünschte Toolbars deinstallieren 5. Wenn nicht bewusst installiert hast bzw nicht benötigst, kannst deinstallieren (unter Software/Programme): Code:
ATTFilter Softonic_Deutsch Toolbar
 Viele davon sehr fehleranfällig und fressen eine Menge an Systemressourcen. Zur funktionstüchtigen Installation der jeweiligen Software ist Toolbar aber nicht notwendig, zudem die meisten modernen Browser mit vielen zusätzlichen Funktionen ausgestattet sind. Ausserdem die dazugehörigen Programme, funktionieren auch ohne...- meiste Toolbars bzw Browserhelper wollen sich doch nur wichtig machen 6. reinige dein System mit CCleaner:
7. Zitat:
Code:
ATTFilter :OTL
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.msn.com/
IE - HKLM\..\URLSearchHook: {8dbb6d8e-e4a6-4e3b-9753-af78b226441c} - C:\Programme\Softonic_Deutsch\prxtbSof0.dll (Conduit Ltd.)
FF - prefs.js..browser.search.defaultengine: "Ask.com"
FF - prefs.js..browser.search.defaultenginename: "Facemoods Search"
FF - prefs.js..browser.search.order.1: "GMX Suche"
FF - prefs.js..browser.search.order.2: "1und1 Suche"
FF - prefs.js..browser.search.order.3: "amazon.de"
FF - prefs.js..browser.search.order.4: "WEB.DE Suche"
FF - prefs.js..browser.search.selectedEngine: "Google"
FF - prefs.js..browser.search.suggest.enabled: false
FF - prefs.js..browser.search.update: false
FF - prefs.js..browser.search.useDBForOrder: true
FF - prefs.js..browser.startup.homepage: "http://start.facemoods.com/?a=ddrnw"
FF - prefs.js..keyword.URL: "http://go.web.de/suchbox/webdesuche?su="
FF - prefs.js..network.proxy.autoconfig_url: "http://autoproxy.aub.edu.lb/autoproxy.pac"
FF - prefs.js..network.proxy.type: 2
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files\Google\Update\1.3.21.99\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files\Google\Update\1.3.21.99\npGoogleUpdate3.dll (Google Inc.)
FF - HKEY_CURRENT_USER\software\mozilla\Firefox\extensions\\{184AA5E6-741D-464a-820E-94B3ABC2F3B4}: C:\Users\[...]\AppData\Roaming\5015 [2011.04.10 20:41:20 | 000,000,000 | ---D | M]
[2011.01.23 13:58:54 | 000,000,000 | ---D | M] (DVDVideoSoftTB Toolbar) -- C:\Users\[...]\AppData\Roaming\mozilla\Firefox\Profiles\ostw0k4k.default\extensions\{872b5b88-9db5-4310-bdd0-ac189557e5f5}
[2011.07.23 19:32:20 | 000,000,000 | ---D | M] ("DVDVideoSoft Menu") -- C:\Users\[...]\AppData\Roaming\mozilla\Firefox\Profiles\ostw0k4k.default\extensions\{ACAA314B-EEBA-48e4-AD47-84E31C44796C}
[2010.02.22 13:35:28 | 000,000,000 | ---D | M] (Ask Toolbar) -- C:\Users\[...]\AppData\Roaming\mozilla\Firefox\Profiles\ostw0k4k.default\extensions\toolbar@ask.com
[2010.01.28 00:16:35 | 000,000,000 | ---D | M] (WEB.DE Firefox Addon) -- C:\Programme\Mozilla Firefox\extensions\{a82d0125-000a-4a57-abbc-5d4b0dbaab54}
[2009.02.01 22:53:47 | 000,000,000 | ---D | M] (PDFCreator Toolbar) -- C:\PROGRAM FILES\PDFCREATOR TOOLBAR\V3.3.0.1\FIREFOX
[2012.01.25 11:37:52 | 000,002,252 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\bing.xml
[2012.01.25 11:37:52 | 000,001,105 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\yahoo-de.xml
O2 - BHO: (Reg Error: Value error.) - {1E8A6170-7264-4D0F-BEAE-D42A53123C75} - C:\Programme\Common Files\Symantec Shared\coShared\Browser\1.5\NppBHO.dll (Symantec Corporation)
O2 - BHO: (Conduit Engine ) - {30F9B915-B755-4826-820B-08FBA6BD249D} - C:\Programme\ConduitEngine\prxConduitEngine.dll (Conduit Ltd.)
O2 - BHO: (AOL Toolbar Launcher) - {7C554162-8CB7-45A4-B8F4-8EA1C75885F9} - C:\Programme\AOL\AOL Toolbar 5.0\aoltb.dll (AOL LLC)
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - No CLSID value found.
O2 - BHO: (Softonic Deutsch Toolbar) - {8dbb6d8e-e4a6-4e3b-9753-af78b226441c} - C:\Programme\Softonic_Deutsch\prxtbSof0.dll (Conduit Ltd.)
O2 - BHO: (Skype Browser Helper) - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Programme\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O2 - BHO: (PDFCreator Toolbar Helper) - {C451C08A-EC37-45DF-AAAD-18B51AB5E837} - C:\Programme\PDFCreator Toolbar\v3.3.0.1\PDFCreator_Toolbar.dll ()
O2 - BHO: (Ask Toolbar) - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Programme\Ask.com\GenericAskToolbar.dll (Ask.com)
O3 - HKLM\..\Toolbar: (PDFCreator Toolbar) - {31CF9EBE-5755-4A1D-AC25-2834D952D9B4} - C:\Programme\PDFCreator Toolbar\v3.3.0.1\PDFCreator_Toolbar.dll ()
O3 - HKLM\..\Toolbar: (Softonic Deutsch Toolbar) - {8dbb6d8e-e4a6-4e3b-9753-af78b226441c} - C:\Programme\Softonic_Deutsch\prxtbSof0.dll (Conduit Ltd.)
O3 - HKLM\..\Toolbar: (Ask Toolbar) - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Programme\Ask.com\GenericAskToolbar.dll (Ask.com)
O3 - HKLM\..\Toolbar: (AOL Toolbar) - {DE9C389F-3316-41A7-809B-AA305ED9D922} - C:\Programme\AOL\AOL Toolbar 5.0\aoltb.dll (AOL LLC)
O3 - HKCU\..\Toolbar\WebBrowser: (PDFCreator Toolbar) - {31CF9EBE-5755-4A1D-AC25-2834D952D9B4} - C:\Programme\PDFCreator Toolbar\v3.3.0.1\PDFCreator_Toolbar.dll ()
O3 - HKCU\..\Toolbar\WebBrowser: (Softonic Deutsch Toolbar) - {8DBB6D8E-E4A6-4E3B-9753-AF78B226441C} - C:\Programme\Softonic_Deutsch\prxtbSof0.dll (Conduit Ltd.)
O3 - HKCU\..\Toolbar\WebBrowser: (Ask Toolbar) - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Programme\Ask.com\GenericAskToolbar.dll (Ask.com)
O3 - HKCU\..\Toolbar\WebBrowser: (AOL Toolbar) - {DE9C389F-3316-41A7-809B-AA305ED9D922} - C:\Programme\AOL\AOL Toolbar 5.0\aoltb.dll (AOL LLC)
O4 - HKLM..\Run: [] File not found
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2004.04.30 17:01:00 | 000,000,053 | -HS- | M] () - F:\Autorun.inf -- [ NTFS ]
O33 - MountPoints2\{10c9078b-dde6-11de-8f67-001e3775b244}\Shell\AutoRun\command - "" = H:\cold\hott\¥¶¾³¿¸¤£ù²¯²
O33 - MountPoints2\{10c9078b-dde6-11de-8f67-001e3775b244}\Shell\Explore\Command - "" = H:\cold\hott\¥¶¾³¿¸¤£ù²¯²
O33 - MountPoints2\{10c9078b-dde6-11de-8f67-001e3775b244}\Shell\open\command - "" = H:\cold\hott\¥¶¾³¿¸¤£ù²¯²
O33 - MountPoints2\{1ef1c5d0-c3ed-11de-98c2-001e3775b244}\Shell\AutoRun\command - "" = H:\cold\hott\¥¶¾³¿¸¤£ù²¯²
O33 - MountPoints2\{1ef1c5d0-c3ed-11de-98c2-001e3775b244}\Shell\Explore\Command - "" = H:\cold\hott\¥¶¾³¿¸¤£ù²¯²
O33 - MountPoints2\{1ef1c5d0-c3ed-11de-98c2-001e3775b244}\Shell\open\command - "" = H:\cold\hott\¥¶¾³¿¸¤£ù²¯²
O33 - MountPoints2\{7bdc0820-e036-11e0-9f88-001e3775b244}\Shell - "" = AutoRun
O33 - MountPoints2\{7bdc0820-e036-11e0-9f88-001e3775b244}\Shell\AutoRun\command - "" = H:\setup_vmc_lite.exe /checkApplicationPresence
O33 - MountPoints2\{7bdc0829-e036-11e0-9f88-001e3775b244}\Shell - "" = AutoRun
O33 - MountPoints2\{7bdc0829-e036-11e0-9f88-001e3775b244}\Shell\AutoRun\command - "" = J:\setup_vmc_lite.exe /checkApplicationPresence
O33 - MountPoints2\{8a9d96c0-35f0-11e1-9a8e-001e3775b244}\Shell - "" = AutoRun
O33 - MountPoints2\{8a9d96c0-35f0-11e1-9a8e-001e3775b244}\Shell\AutoRun\command - "" = H:\setup_vmc_lite.exe /checkApplicationPresence
O33 - MountPoints2\{8a9d96c8-35f0-11e1-9a8e-001e3775b244}\Shell - "" = AutoRun
O33 - MountPoints2\{8a9d96c8-35f0-11e1-9a8e-001e3775b244}\Shell\AutoRun\command - "" = I:\setup_vmc_lite.exe /checkApplicationPresence
O33 - MountPoints2\{a0e39a87-ffa9-11de-b29d-001e3775b244}\Shell\AutoRun\command - "" = H:\Setup.exe
O33 - MountPoints2\{ab0c9288-b87f-11dd-b36d-001e3775b244}\Shell\AutoRun\command - "" = C:\Windows\System32\setupSNK.exe -- [2008.01.19 08:33:29 | 000,013,312 | ---- | M] (Microsoft Corporation)
[2012.01.31 22:40:00 | 000,001,098 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
[2012.01.31 11:40:00 | 000,001,094 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
[2011.04.19 10:11:56 | 000,301,568 | ---- | C] () -- C:\Program Files\g6wkvncr.exe
[2011.04.10 20:41:20 | 000,000,000 | ---D | M] -- C:\Users\[...]\AppData\Roaming\5015
[2011.04.10 20:40:55 | 000,000,000 | ---D | M] -- C:\Users\[...]\AppData\Roaming\kock
[2011.07.01 21:31:51 | 000,000,000 | ---D | M] -- C:\Users\[...]\AppData\Roaming\Kyex
[2009.10.08 20:09:06 | 000,000,000 | ---D | M] -- C:\Users\[...]\AppData\Roaming\LimeWire
[2011.04.11 09:13:26 | 000,000,000 | ---D | M] -- C:\Users\[...]\AppData\Roaming\UAs
@Alternate Data Stream - 64 bytes -> C:\Users\[...]\Documents\www.torrent.to...Princesas.DVDRiP.MD.German.MVCD.mpg:TOC.WMV
:Reg
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"TCP Query User{2350845C-127B-4906-8834-4CEF563D4D67}C:\program files\limewire\limewire.exe" =-
"UDP Query User{DA663C87-BDDE-410C-A539-D705910C1622}C:\program files\limewire\limewire.exe" =-
:Commands
[purity]
[emptytemp]
8. Deine Javaversion ist nicht aktuell! Da aufgrund alter Sicherheitslücken ist Java sehr anfällig, deinstalliere zunächst alle vorhandenen Java-Versionen: → Systemsteuerung → Software → deinstallieren... → Rechner neu aufstarten → Downloade nun die Offline-Version von Java Version 6 Update 30 von Oracle herunter Achte darauf, eventuell angebotene Toolbars abwählen (den Haken bei der Toolbar entfernen)! 9. Adobe Reader aktualisieren : - Bei Installation aufpassen/mitlesen!: Wenn irgendeine Software, Toolbar etc angeboten wird, bitte abwählen! - (z.B "McAfee Security Scan Plus") Adobe Reader Oder: Adobe starten-> gehe auf "Hilfe"-> "Nach Update suchen..." 10.
11. Auch auf USB-Sticks, selbstgebrannten Datenträgern, externen Festplatten und anderen Datenträgern können Viren transportiert werden. Man muss daher durch regelmäßige Prüfungen auf Schäden, die durch Malware ("Worm.Win32.Autorun") verursacht worden sein können, überwacht werden. Hierfür sind ser gut geegnet und empfohlen, die auf dem Speichermedium gesicherten Daten, mit Hilfe des kostenlosen Online Scanners zu prüfen. Schließe jetzt alle externe Datenträgeran (USB Sticks etc) Deinen Rechner an, dabei die Hochstell-Taste [Shift-Taste] gedrückt halten, damit die Autorun-Funktion nicht ausgeführt wird. (So verhindest Du die Ausführung der AUTORUN-Funktion) - Man kann die AUTORUN-Funktion aber auch generell abschalten.►Anleitung 12. -> Führe dann einen Komplett-Systemcheck mit Eset Online Scanner (NOD32)Kostenlose Online Scanner durch Achtung!: >>Du sollst nicht die Antivirus-Sicherheitssoftware installieren, sondern dein System nur online scannen<< 13. erneut einen Scan mit OTL:
► berichte erneut über den Zustand des Computers. Ob noch Probleme auftreten, wenn ja, welche?
__________________ --> zufällig bei Autostart-Dateien jashla.exe entdeckt, sonst glaube keine Auffälligkeiten |
|
02.02.2012, 16:09
| #7 |
| | zufällig bei Autostart-Dateien jashla.exe entdeckt, sonst glaube keine Auffälligkeiten Hallo. Danke für die ganze Anleitung. bin jetzt beim online scannen. Dauert extrem lange. Mal sehen wann ich weiter komme. Habe nur gerade eine Sorge. Der Virenscanner. Ich habe ja anscheinend norton und Avira draufgehabt. Nun habe ich Norton gelöscht und bekomme aber folgende Fehlermeldung (siehe Anhang). Danke!!! |
|
02.02.2012, 16:43
| #8 |
| /// Helfer-Team | zufällig bei Autostart-Dateien jashla.exe entdeckt, sonst glaube keine Auffälligkeiten wie hast Du Norton entfernt? Das Norton-Entfernungsprogramm verwendet?:-> http://service1.symantec.com/support...50412095959924 oder einfach nur unter Systemsteuerung-> Software/Programme deinstalliert? Aber arbeite bitte erst alle von mir vorgeschlagenen Schritte (Posting #6) vollständig ab, dann sehen wir weiter außerdem: Neue Liste erstellen:
__________________ Warnung!: Vorsicht beim Rechnungen per Email mit ZIP-Datei als Anhang! Kann mit einen Verschlüsselungs-Trojaner infiziert sein! Anhang nicht öffnen, in unserem Forum erst nachfragen! Sichere regelmäßig deine Daten, auf CD/DVD, USB-Sticks oder externe Festplatten, am besten 2x an verschiedenen Orten! Bitte diese Warnung weitergeben, wo Du nur kannst! |
|
02.02.2012, 16:56
| #9 |
| | zufällig bei Autostart-Dateien jashla.exe entdeckt, sonst glaube keine Auffälligkeiten Hallo. Ich bin nun bei Schritt 12. Habe allerdings Norton nicht über das empfohlene Software deinstalliert. Leider weiß ich nicht mehr ob direkt über Norton deinst. oder über systemsteuerungen-Software... Ich habe aber auch keine CD mehr dafür. Sobald die letzten Schritte gemacht sind poste ich alles. Hier die neue CCleaner, Software Liste, die du wolltest: Code:
ATTFilter Activation Assistant for the 2007 Microsoft Office suites Microsoft Corporation 18.04.2008 14,0MB Adobe Flash Player 10 ActiveX Adobe Systems Incorporated 23.08.2010 10.1.82.76 Adobe Flash Player 11 Plugin Adobe Systems Incorporated 24.11.2011 11.1.102.55 Adobe Reader X (10.1.2) - Deutsch Adobe Systems Incorporated 31.01.2012 120,8MB 10.1.2 Agere Systems HDA Modem Agere Systems 13.12.2007 AOL Toolbar 5.0 AOL 18.04.2008 2,63MB 5.0.67.2 Apple Mobile Device Support Apple Inc. 07.10.2008 37,1MB 2.1.1.13 Apple Software Update Apple Inc. 12.09.2008 2,16MB 2.1.1.116 Application Installer 4.00.B14 Hewlett-Packard Company 18.04.2008 0,89MB 4.00.B14 Aspell 0.6 Dictionary (Language: de) 08.11.2010 15,9MB Aspell 0.6 Dictionary (Language: en) 08.11.2010 15,9MB Aspell Data 08.11.2010 15,9MB AutoCAD 2007 - English Autodesk 09.06.2009 602MB 17.0.54.110 Autodesk DWF Viewer Autodesk, Inc. 09.06.2009 24,6MB 6.5 Avira AntiVir Personal - Free Antivirus Avira GmbH 30.03.2010 72,2MB 10.0.0.561 BIOS Configuration for HP ProtectTools Hewlett-Packard 13.12.2007 2,63MB 3.00 F1 Bonjour Apple Inc. 12.09.2008 0,49MB 1.0.105 Broadcom 802.11 Wireless LAN Adapter Broadcom Corporation 18.04.2008 8,10MB 4.170.25.4 Business Contact Manager für Outlook 2007 SP2 Microsoft Corporation 11.06.2009 31,5MB 3.0.8619.1 Camera RAW Plug-In for EPSON Creativity Suite 19.04.2008 10,5MB 2.1.0.0 CCleaner Piriform 30.01.2012 4,24MB 3.15 Citavi Swiss Academic Software 20.05.2011 65,4MB 3.0.12.0 Citrix ICA Web Client 01.12.2008 5,00MB CorelDRAW(R) Graphics Suite X4 Corel Corporation 28.05.2008 721MB CorelDRAW(R) Graphics Suite X4 - Windows Shell Extension Corel Corporation 28.05.2008 1,56MB CX4300_5500_DX4400 Handbuch 19.04.2008 7,53MB Device Access Manager for HP ProtectTools Ihr Firmenname 13.12.2007 17,4MB 2.0.0.0 DivX Converter DivX, Inc. 20.05.2010 35,9MB 7.0.0 DivX Plus DirectShow Filters DivX, Inc. 20.05.2010 1,21MB DivX-Setup DivX, LLC 01.08.2011 2,08MB 2.5.0.15 Dropbox Dropbox, Inc. 09.07.2011 26,3MB 1.1.35 EES - Engineering Equation Solver F-Chart Software 03.11.2010 EPSON Attach To Email SEIKO EPSON 19.04.2008 0,88MB 1.01.0000 EPSON Copy Utility 3 19.04.2008 140,2MB 3.2.0.0 EPSON Easy Photo Print 19.04.2008 80,9MB 1.4.2.0 EPSON File Manager 19.04.2008 28,4MB 1.3.0.0 EPSON Scan 19.04.2008 159,9MB EPSON Scan Assistant 19.04.2008 3,78MB 1.10.00 EPSON-Drucker-Software SEIKO EPSON Corporation 19.04.2008 ESET Online Scanner v3 18.04.2011 107,8MB ESU for Microsoft Vista Hewlett-Packard 13.12.2007 11,9MB 1.0.20.1 FinePrint 17.10.2008 Firefox 3.6 WEB.DE Edition WEB.DE 27.01.2010 6,48MB Google Earth Google 12.11.2011 92,8MB 6.1.0.5001 Google Updater Google Inc. 06.09.2011 3,60MB 2.4.2432.1652 HiJackThis Trend Micro 16.04.2011 0,36MB 1.0.0 HomepageFIX IN MEDIA KG 13.11.2010 21,1MB Aktuelle Version HP Customer Experience Enhancements Hewlett-Packard 13.12.2007 0,98MB 5.3.0.2325 HP Easy Setup - Frontend Hewlett-Packard 13.12.2007 1,58MB 5.3.0.2325 HP Help and Support Hewlett-Packard 13.12.2007 45,3MB 1.2.2 HP Integrated Module with Bluetooth wireless technology 6.0.1.4900 HP 18.04.2008 40,8MB 6.0.1.4900 HP Notebook Accessories Product Tour Hewlett-Packard 13.12.2007 10,1MB 13.0.0 HP ProtectTools Security Manager Hewlett-Packard 13.12.2007 7,10MB 3.00 A10 HP Quick Launch Buttons 6.20 G2 Hewlett-Packard 13.12.2007 24,0MB 6.20 G2 HP Update Hewlett-Packard 31.08.2009 2,97MB 5.002.000.013 HP Wireless Assistant Hewlett-Packard 13.12.2007 3,94MB 3.00 G1 Intel(R) Graphics Media Accelerator Driver 13.12.2007 Intel(R) PRO Network Connections Drivers 13.12.2007 INTERACTIVE ENGLISH VM (Insert CD-ROM) 10.09.2009 7,05MB InterVideo DVD Check 18.04.2008 0,80MB InterVideo WinDVD InterVideo Inc. 18.04.2008 46,1MB 5.0-B11.1166 iTunes Apple Inc. 07.10.2008 87,6MB 8.0.1.11 Java(TM) 6 Update 30 Oracle 31.01.2012 97,3MB 6.0.300 JDownloader 0.9 AppWork GmbH 26.07.2011 64,8MB 0.9 Korean Fonts Support For Adobe Reader 8 Adobe Systems 27.08.2009 10,0MB 8.0.0 LiveUpdate 3.2 (Symantec Corporation) Symantec Corporation 18.04.2008 19,4MB 3.2.0.68 LiveUpdate Notice (Symantec Corporation) Symantec Corporation 30.05.2008 7,59MB 1.4.5 LyX 1.6.7-4 LyX Team 08.11.2010 1.6.7-4 Malwarebytes Anti-Malware Version 1.60.1.1000 Malwarebytes Corporation 30.01.2012 11,6MB 1.60.1.1000 Mathcad 13 MathSoft 07.01.2009 65,7MB 13.00.0000 MATLAB 7.1 The MathWorks, Inc. 21.07.2011 1.261MB 7.1 MATLAB R2010a The MathWorks, Inc. 10.08.2010 2.473MB 7.10 Microsoft .NET Framework 1.1 18.04.2008 Microsoft .NET Framework 1.1 German Language Pack Microsoft 13.12.2007 3,02MB 1.1.4322 Microsoft .NET Framework 3.5 Language Pack SP1 - DEU Microsoft Corporation 13.06.2009 37,4MB Microsoft .NET Framework 3.5 SP1 Microsoft Corporation 11.06.2009 36,9MB Microsoft .NET Framework 4 Client Profile Microsoft Corporation 25.06.2010 120,3MB 4.0.30319 Microsoft .NET Framework 4 Client Profile DEU Language Pack Microsoft Corporation 25.06.2010 24,5MB 4.0.30319 Microsoft Office 2003 Web Components Microsoft Corporation 14.06.2011 11.0.8003.0 Microsoft Office 2007 Primary Interop Assemblies Microsoft Corporation 16.12.2011 12.0.4518.1014 Microsoft Office Enterprise 2007 Microsoft Corporation 11.06.2009 615MB 12.0.6425.1000 Microsoft Office File Validation Add-In Microsoft Corporation 14.09.2011 7,95MB 14.0.5130.5003 Microsoft Office Small Business Connectivity Components Microsoft Corporation 13.12.2007 0,15MB 2.0.7024.0 Microsoft Silverlight Microsoft Corporation 13.10.2011 4.0.60831.0 Microsoft SQL Server 2005 Microsoft Corporation 13.12.2007 54,5MB Microsoft SQL Server Native Client Microsoft Corporation 05.04.2011 2,63MB 9.00.5000.00 Microsoft SQL Server VSS Writer Microsoft Corporation 05.04.2011 0,68MB 9.00.5000.00 Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053 Microsoft Corporation 24.01.2012 0,25MB 8.0.50727.4053 Microsoft Visual C++ 2005 Redistributable Microsoft Corporation 14.06.2011 0,29MB 8.0.61001 Microsoft Visual C++ 2008 ATL Update kb973924 - x86 9.0.30729.4148 Microsoft Corporation 02.08.2009 0,19MB 9.0.30729.4148 Microsoft Visual C++ 2008 Express Edition - DEU Microsoft Corporation 24.04.2008 220MB Microsoft Visual C++ 2008 Redistributable - KB2467174 - x86 9.0.30729.5570 Microsoft Corporation 19.04.2011 0,58MB 9.0.30729.5570 Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022 Microsoft Corporation 31.10.2009 1,41MB 9.0.21022 Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022.218 Microsoft Corporation 12.06.2010 0,22MB 9.0.21022.218 Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 Microsoft Corporation 11.06.2009 0,58MB 9.0.30729 Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 Microsoft Corporation 30.03.2010 0,58MB 9.0.30729.4148 Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 Microsoft Corporation 14.06.2011 0,58MB 9.0.30729.6161 Microsoft Windows SDK for Visual Studio 2008 Express Tools for .NET Framework Microsoft 24.04.2008 5,62MB 3.5.21022 Microsoft Windows SDK for Visual Studio 2008 Express Tools for Win32 Microsoft Corporation 24.04.2008 2,61MB 6.1.5288.17011 Microsoft Windows SDK for Visual Studio 2008 Headers and Libraries Microsoft Corporation 24.04.2008 115,0MB 6.1.5288.17011 MiKTeX 2.8 MiKTeX.org 03.11.2009 439MB 2.8 Mozilla Firefox 9.0.1 (x86 de) Mozilla 24.01.2012 43,2MB 9.0.1 MSXML 4.0 SP2 (KB936181) Microsoft Corporation 18.04.2008 1,27MB 4.20.9848.0 MSXML 4.0 SP2 (KB941833) Microsoft Corporation 18.04.2008 1,27MB 4.20.9849.0 MSXML 4.0 SP2 (KB954430) Microsoft Corporation 18.11.2008 1,28MB 4.20.9870.0 MSXML 4.0 SP2 (KB973688) Microsoft Corporation 24.11.2009 1,34MB 4.20.9876.0 Nimo Codecs Pack v5.0 (Remove Only) 25.04.2008 1,06MB OpenOffice.org 3.2 OpenOffice.org 09.12.2010 363MB 3.2.9502 PDFCreator Frank Heindörfer, Philip Chinery 31.01.2009 23,3MB 0.9.6 PDFCreator Toolbar 31.01.2009 0,99MB 3.3.0.1 QuickTime Apple Inc. 12.09.2008 87,4MB 7.55.90.70 R for Windows 2.10.1 R Development Core Team 18.04.2010 55,9MB 2.10.1 RETScreen Ressources Naturelles Canada 10.02.2009 0,28MB 1.0.1 RETScreen Version 4 RETScreen International 10.02.2009 87,8MB 4.0.8.1 Roxio Creator Audio Roxio 13.12.2007 1,07MB 3.5.0 Roxio Creator Basic v9 Roxio 13.12.2007 27,5MB 3.5.0 Roxio Creator Copy Roxio 13.12.2007 0,66MB 3.5.0 Roxio Creator Data Roxio 13.12.2007 0,98MB 3.5.0 Roxio Creator Tools Roxio 13.12.2007 0,36MB 3.5.0 Roxio Express Labeler 3 Roxio 13.12.2007 19,6MB 3.2.1 Roxio MyDVD Basic v9 Roxio 13.12.2007 354MB 9.2.053 Roxio Update Manager Roxio 17.01.2009 3,60MB 6.0.0 SecureW2 EAP Suite 1.1.1 for Windows 17.11.2008 64,00KB Skype Click to Call Skype Technologies S.A. 21.10.2011 21,5MB 5.6.8442 Skype™ 5.5 Skype Technologies S.A. 21.10.2011 17,0MB 5.5.124 Solid Edge V20 UGS 26.10.2008 1.328MB 20.00.0096 Sonic CinePlayer Decoder Pack Sonic Solutions 13.12.2007 27,7MB 4.2.0 SoundMAX Analog Devices 13.12.2007 56,00KB 6.10.1.5180 Spybot - Search & Destroy Safer Networking Limited 11.04.2011 60,9MB 1.6.2 ST Wiederherstellungs- & Sicherungsprogramme Hewlett-Packard Company 13.12.2007 10.573MB 4.0.19 SUPERAntiSpyware SUPERAntiSpyware.com 31.01.2012 84,2MB 5.0.1142 Synaptics Pointing Device Driver Synaptics 13.12.2007 12,8MB 9.1.11.3 TeXnicCenter Version 1.0 Stable RC1 TeXnicCenter.org 03.11.2009 11,8MB Version 1.0 Stable RC1 Tinn-R 2.3.5.2 Tinn-R Team 24.04.2010 9,73MB Tinypic 3.14 E. Fiedler 06.06.2009 1,16MB Tinypic 3.14 Unterstützungsdateien für das Microsoft SQL Server-Setup (Englisch) Microsoft Corporation 05.04.2011 30,9MB 9.00.5000.00 VirtualCloneDrive Elaborate Bytes 10.08.2010 2,31MB Vista Default Settings Hewlett-Packard 13.12.2007 0,27MB 1.00 C2 Vodafone Mobile Connect Lite Vodafone 15.09.2011 21,5MB 9.3.3.10523 WEB.DE Update WEB.DE 27.01.2010 6,48MB Windows Live installer Microsoft Corporation 18.04.2008 1,71MB 12.0.1471.1025 Windows Live Mail Microsoft Corporation 18.04.2008 22,6MB 12.0.1606.1023 Windows Live Messenger Microsoft Corporation 18.04.2008 30,0MB 8.5.1302.1018 Windows Media Player Firefox Plugin Microsoft Corp 05.11.2009 0,29MB 1.0.0.8 WinRAR 25.05.2008 3,66MB Words of Dhamma 19.04.2008 2,93MB |
|
02.02.2012, 21:50
| #10 |
| | zufällig bei Autostart-Dateien jashla.exe entdeckt, sonst glaube keine Auffälligkeiten Hallo. Superantispyware: Code:
ATTFilter SUPERAntiSpyware Scan Log
hxxp://www.superantispyware.com
Generated 02/01/2012 at 07:15 PM
Application Version : 5.0.1142
Core Rules Database Version : 8187
Trace Rules Database Version: 5999
Scan type : Complete Scan
Total Scan Time : 02:47:34
Operating System Information
Windows Vista Business 32-bit, Service Pack 2 (Build 6.00.6002)
UAC On - Limited User (Administrator User)
Memory items scanned : 705
Memory threats detected : 0
Registry items scanned : 28307
Registry threats detected : 0
File items scanned : 124119
File threats detected : 9
Adware.Tracking Cookie
C:\USERS\[...]\AppData\Roaming\Microsoft\Windows\Cookies\Low\[...]@www.google[1].txt [ Cookie:[...]@www.google.com/accounts ]
.invitemedia.com [ C:\USERS\[...]\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\OSTW0K4K.DEFAULT\COOKIES.SQLITE ]
.invitemedia.com [ C:\USERS\[...]\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\OSTW0K4K.DEFAULT\COOKIES.SQLITE ]
.xiti.com [ C:\USERS\[...]\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\OSTW0K4K.DEFAULT\COOKIES.SQLITE ]
media.mtvnservices.com [ C:\WINDOWS\SYSTEM32\CONFIG\SYSTEMPROFILE\APPDATA\ROAMING\MACROMEDIA\FLASH PLAYER\#SHAREDOBJECTS\7UDFQBTA ]
secure-us.imrworldwide.com [ C:\WINDOWS\SYSTEM32\CONFIG\SYSTEMPROFILE\APPDATA\ROAMING\MACROMEDIA\FLASH PLAYER\#SHAREDOBJECTS\7UDFQBTA ]
vht.tradedoubler.com [ C:\WINDOWS\SYSTEM32\CONFIG\SYSTEMPROFILE\APPDATA\ROAMING\MACROMEDIA\FLASH PLAYER\#SHAREDOBJECTS\7UDFQBTA ]
C:\WINDOWS\SYSTEM32\CONFIG\SYSTEMPROFILE\APPDATA\ROAMING\MICROSOFT\WINDOWS\COOKIES\SYSTEM@WWW.CPCADNET[1].TXT [ /WWW.CPCADNET ]
Trojan.Agent/Gen-ReLoader
C:\USERS\[...]\DESKTOP\AUBWIRELESS CONFIGURATION\PROXYCONFIG.EXE
Hier meine zwei OTL Ausgaben: OTL Logfile: Code:
ATTFilter OTL logfile created on: 02.02.2012 21:12:10 - Run 2 OTL by OldTimer - Version 3.2.31.0 Folder = C:\Users\[...]\Downloads Windows Vista Business Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation Internet Explorer (Version = 7.0.6002.18005) Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy 1,99 Gb Total Physical Memory | 0,91 Gb Available Physical Memory | 45,69% Memory free 4,22 Gb Paging File | 2,75 Gb Available in Paging File | 65,19% Paging File free Paging file location(s): ?:\pagefile.sys [binary data] %SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files Drive C: | 223,38 Gb Total Space | 69,49 Gb Free Space | 31,11% Space Free | Partition Type: NTFS Drive E: | 1,55 Gb Total Space | 1,02 Gb Free Space | 65,91% Space Free | Partition Type: NTFS Drive F: | 7,95 Gb Total Space | 2,34 Gb Free Space | 29,43% Space Free | Partition Type: NTFS Computer Name: HOME | User Name: [...] | Logged in as Administrator. Boot Mode: Normal | Scan Mode: Current user Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days ========== Processes (SafeList) ========== PRC - [2012.01.31 19:24:00 | 000,584,192 | ---- | M] (OldTimer Tools) -- C:\Users\[...]\Downloads\OTL.exe PRC - [2012.01.25 11:37:59 | 000,924,632 | ---- | M] (Mozilla Corporation) -- C:\Programme\Mozilla Firefox\firefox.exe PRC - [2012.01.03 14:10:42 | 000,063,928 | ---- | M] (Adobe Systems Incorporated) -- C:\Programme\Common Files\Adobe\ARM\1.0\armsvc.exe PRC - [2011.12.09 01:44:22 | 004,616,064 | ---- | M] (SUPERAntiSpyware.com) -- C:\Programme\SUPERAntiSpyware\SUPERAntiSpyware.exe PRC - [2011.08.12 00:38:07 | 000,116,608 | ---- | M] (SUPERAntiSpyware.com) -- C:\Programme\SUPERAntiSpyware\SASCore.exe PRC - [2010.12.10 17:30:50 | 000,086,880 | ---- | M] (Microsoft Corporation) -- c:\Programme\Microsoft SQL Server\90\Shared\sqlwriter.exe PRC - [2010.12.10 17:29:30 | 000,238,944 | ---- | M] (Microsoft Corporation) -- c:\Programme\Microsoft SQL Server\90\Shared\sqlbrowser.exe PRC - [2009.04.11 07:28:03 | 001,233,920 | ---- | M] (Microsoft Corporation) -- C:\Programme\Windows Sidebar\sidebar.exe PRC - [2009.04.11 07:27:36 | 002,926,592 | ---- | M] (Microsoft Corporation) -- C:\Windows\explorer.exe PRC - [2009.01.26 14:31:10 | 001,153,368 | ---- | M] (Safer Networking Ltd.) -- C:\Programme\Spybot - Search & Destroy\SDWinSec.exe PRC - [2008.10.25 10:44:34 | 000,031,072 | ---- | M] (Microsoft Corporation) -- C:\Programme\Microsoft Office\Office12\GrooveMonitor.exe PRC - [2008.07.04 11:52:18 | 000,014,336 | ---- | M] (Vodafone) -- C:\Programme\Vodafone\Vodafone Mobile Connect\Bin\VMCService.exe PRC - [2008.07.04 11:52:14 | 002,072,576 | ---- | M] (Vodafone) -- C:\Programme\Vodafone\Vodafone Mobile Connect\Bin\MobileConnect.exe PRC - [2008.01.29 17:38:32 | 000,583,048 | ---- | M] (Symantec Corporation) -- C:\Programme\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe PRC - [2008.01.19 08:38:38 | 001,008,184 | ---- | M] (Microsoft Corporation) -- C:\Programme\Windows Defender\MSASCui.exe PRC - [2008.01.16 08:51:44 | 000,030,312 | ---- | M] (Microsoft Corporation) -- C:\Programme\Microsoft Small Business\Business Contact Manager\BcmSqlStartupSvc.exe PRC - [2007.09.26 09:53:56 | 000,554,352 | ---- | M] (Symantec Corporation) -- C:\Programme\Symantec\LiveUpdate\AluSchedulerSvc.exe PRC - [2007.07.24 10:15:14 | 000,185,632 | ---- | M] (Protexis Inc.) -- c:\Programme\Common Files\Protexis\License Service\PsiService_2.exe PRC - [2007.06.06 14:34:02 | 000,715,912 | ---- | M] () -- C:\Windows\SMINST\Scheduler.exe PRC - [2007.04.16 02:00:06 | 000,009,216 | ---- | M] (Agere Systems) -- C:\Windows\System32\agrsmsvc.exe PRC - [2007.03.29 12:11:50 | 000,719,664 | ---- | M] (Broadcom Corporation.) -- C:\Programme\WIDCOMM\Bluetooth Software\BTTray.exe PRC - [2007.03.29 12:11:48 | 001,604,400 | ---- | M] (Broadcom Corporation.) -- C:\Programme\WIDCOMM\Bluetooth Software\BTStackServer.exe PRC - [2007.02.06 07:44:24 | 000,069,632 | ---- | M] (Andrea Electronics Corporation) -- C:\Windows\System32\AEADISRV.EXE PRC - [2007.01.04 18:48:52 | 000,112,152 | R--- | M] (InterVideo) -- C:\Programme\Common Files\InterVideo\RegMgr\iviRegMgr.exe PRC - [2005.08.11 20:21:16 | 000,864,256 | ---- | M] (The MathWorks Inc.) -- C:\Programme\MATLAB71\bin\win32\MATLAB.exe PRC - [2005.07.27 13:53:00 | 000,536,576 | ---- | M] () -- C:\Programme\MATLAB71\webserver\bin\win32\matlabserver.exe ========== Modules (No Company Name) ========== MOD - [2012.02.02 19:42:23 | 000,063,488 | ---- | M] () -- C:\ProgramData\SUPERAntiSpyware.com\SUPERAntiSpyware\SDDLLS\SD10006.dll MOD - [2012.02.02 19:42:23 | 000,052,736 | ---- | M] () -- C:\ProgramData\SUPERAntiSpyware.com\SUPERAntiSpyware\SDDLLS\SD10007.dll MOD - [2012.02.01 16:27:15 | 000,117,760 | ---- | M] () -- C:\ProgramData\SUPERAntiSpyware.com\SUPERAntiSpyware\SDDLLS\UIREPAIR.DLL MOD - [2012.02.01 16:27:15 | 000,052,224 | ---- | M] () -- C:\ProgramData\SUPERAntiSpyware.com\SUPERAntiSpyware\SDDLLS\SD10005.dll MOD - [2012.01.25 11:37:57 | 002,124,760 | ---- | M] () -- C:\Programme\Mozilla Firefox\mozjs.dll MOD - [2012.01.11 11:08:09 | 000,771,584 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Runtime.Remo#\311bc26c3ed83409589eb6bae0eeb86e\System.Runtime.Remoting.ni.dll MOD - [2011.11.25 10:48:24 | 008,527,008 | ---- | M] () -- C:\Windows\System32\Macromed\Flash\NPSWF32.dll MOD - [2011.10.15 11:53:49 | 000,998,400 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Management\6bc98e9b5eedaa8f71c5454d36a4b772\System.Management.ni.dll MOD - [2011.10.15 11:53:27 | 000,212,992 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.ServiceProce#\8645de531003807d00822e03986a075d\System.ServiceProcess.ni.dll MOD - [2011.10.15 11:53:02 | 000,627,200 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Transactions\8f3b3ab45e3e5fa61aa6cbfe2a8b61af\System.Transactions.ni.dll MOD - [2011.10.15 11:53:00 | 000,679,936 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Security\cbfa4bf002c1abaf94ba8634139727eb\System.Security.ni.dll MOD - [2011.10.15 11:52:54 | 000,971,264 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Configuration\40da9084d0863e07d7ce55953833b8b0\System.Configuration.ni.dll MOD - [2011.10.15 11:03:02 | 005,450,752 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Xml\c1c06a392871267db27f7cbc40e1c4fb\System.Xml.ni.dll MOD - [2011.10.15 11:02:30 | 012,430,848 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\1363115565fff5a641243a48f396f107\System.Windows.Forms.ni.dll MOD - [2011.10.15 11:02:11 | 001,587,200 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Drawing\367c4043efc2f32d843cb588b0dc97fc\System.Drawing.ni.dll MOD - [2011.10.15 11:01:20 | 006,621,696 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Data\9e53d9921c4bb153f1ffbe1ae0e1b615\System.Data.ni.dll MOD - [2011.10.15 10:59:34 | 007,950,848 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System\f9c36ea806e77872dce891c77b68fac3\System.ni.dll MOD - [2011.10.15 10:58:34 | 011,490,816 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\b6632a8b2f276a8e31f5b0f6b2006cd1\mscorlib.ni.dll MOD - [2009.04.11 07:28:21 | 000,368,640 | ---- | M] () -- C:\Windows\System32\msjetoledb40.dll MOD - [2009.03.30 05:42:19 | 000,261,632 | ---- | M] () -- C:\Windows\assembly\GAC_32\System.Transactions\2.0.0.0__b77a5c561934e089\System.Transactions.dll MOD - [2009.03.30 05:42:17 | 002,933,760 | ---- | M] () -- C:\Windows\assembly\GAC_32\System.Data\2.0.0.0__b77a5c561934e089\System.Data.dll MOD - [2009.03.30 05:42:11 | 000,315,392 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\mscorlib.resources\2.0.0.0_de_b77a5c561934e089\mscorlib.resources.dll MOD - [2007.09.20 17:34:58 | 000,129,024 | ---- | M] () -- C:\Programme\WinRAR\RarExt.dll MOD - [2007.08.24 13:28:04 | 000,249,856 | ---- | M] () -- C:\Windows\System32\igfxTMM.dll MOD - [2007.06.06 14:34:02 | 000,715,912 | ---- | M] () -- C:\Windows\SMINST\Scheduler.exe MOD - [2007.03.29 12:02:48 | 000,126,976 | ---- | M] () -- C:\Programme\WIDCOMM\Bluetooth Software\BTKeyInd.dll MOD - [2007.03.29 11:42:38 | 000,389,120 | ---- | M] () -- C:\Windows\System32\btwhidcs.dll MOD - [2007.02.15 16:37:00 | 000,446,464 | ---- | M] () -- C:\Windows\SMINST\naspp.dll ========== Win32 Services (SafeList) ========== SRV - [2012.01.03 14:10:42 | 000,063,928 | ---- | M] (Adobe Systems Incorporated) [Auto | Running] -- C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe -- (AdobeARMservice) SRV - [2011.12.15 14:59:48 | 000,086,224 | ---- | M] (Avira Operations GmbH & Co. KG) [Auto | Stopped] -- C:\Program Files\Avira\AntiVir Desktop\sched.exe -- (AntiVirSchedulerService) SRV - [2011.12.15 14:59:38 | 000,110,032 | ---- | M] (Avira Operations GmbH & Co. KG) [Auto | Stopped] -- C:\Program Files\Avira\AntiVir Desktop\avguard.exe -- (AntiVirService) SRV - [2011.08.12 00:38:07 | 000,116,608 | ---- | M] (SUPERAntiSpyware.com) [Auto | Running] -- C:\Program Files\SUPERAntiSpyware\SASCORE.EXE -- (!SASCORE) SRV - [2009.06.05 03:13:20 | 000,077,944 | ---- | M] (Autodesk) [On_Demand | Stopped] -- C:\Program Files\Common Files\Autodesk Shared\Service\AdskScSrv.exe -- (Autodesk Licensing Service) SRV - [2009.01.26 14:31:10 | 001,153,368 | ---- | M] (Safer Networking Ltd.) [Auto | Running] -- C:\Programme\Spybot - Search & Destroy\SDWinSec.exe -- (SBSDWSCService) SRV - [2008.07.04 11:52:18 | 000,014,336 | ---- | M] (Vodafone) [Auto | Running] -- C:\Program Files\Vodafone\Vodafone Mobile Connect\Bin\VMCService.exe -- (VMCService) SRV - [2008.01.29 17:38:32 | 000,583,048 | ---- | M] (Symantec Corporation) [Auto | Running] -- C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe -- (LiveUpdate Notice Service) SRV - [2008.01.19 08:38:24 | 000,272,952 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Programme\Windows Defender\MpSvc.dll -- (WinDefend) SRV - [2008.01.16 08:51:44 | 000,030,312 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files\Microsoft Small Business\Business Contact Manager\BcmSqlStartupSvc.exe -- (BcmSqlStartupSvc) SRV - [2007.09.26 09:53:56 | 002,999,664 | ---- | M] (Symantec Corporation) [On_Demand | Stopped] -- C:\Programme\Symantec\LiveUpdate\LuComServer_3_2.EXE -- (LiveUpdate) SRV - [2007.09.26 09:53:56 | 000,554,352 | ---- | M] (Symantec Corporation) [Auto | Running] -- C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe -- (Automatisches LiveUpdate - Scheduler) SRV - [2007.07.24 10:15:14 | 000,185,632 | ---- | M] (Protexis Inc.) [Auto | Running] -- c:\Program Files\Common Files\Protexis\License Service\PsiService_2.exe -- (PSI_SVC_2) SRV - [2007.06.08 09:06:42 | 000,172,131 | R--- | M] (Hewlett-Packard Ltd) [On_Demand | Stopped] -- C:\Windows\System32\flcdlock.exe -- (FLCDLOCK) SRV - [2007.04.16 02:00:06 | 000,009,216 | ---- | M] (Agere Systems) [Auto | Running] -- C:\Windows\System32\agrsmsvc.exe -- (AgereModemAudio) SRV - [2007.03.05 10:30:06 | 000,110,592 | ---- | M] (Hewlett-Packard Development Company, L.P.) [On_Demand | Stopped] -- C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\Com4Qlb.exe -- (Com4Qlb) SRV - [2007.02.06 07:44:24 | 000,069,632 | ---- | M] (Andrea Electronics Corporation) [Auto | Running] -- C:\Windows\System32\AEADISRV.EXE -- (AEADIFilters) SRV - [2007.01.04 18:48:52 | 000,112,152 | R--- | M] (InterVideo) [Auto | Running] -- C:\Programme\Common Files\InterVideo\RegMgr\iviRegMgr.exe -- (IviRegMgr) SRV - [2005.07.27 13:53:00 | 000,536,576 | ---- | M] () [Auto | Running] -- C:\Programme\MATLAB71\webserver\bin\win32\matlabserver.exe -- (matlabserver) ========== Driver Services (SafeList) ========== DRV - [2011.12.15 15:00:00 | 000,134,856 | ---- | M] (Avira GmbH) [Kernel | System | Stopped] -- C:\Windows\System32\drivers\avipbb.sys -- (avipbb) DRV - [2011.12.15 15:00:00 | 000,074,640 | ---- | M] (Avira GmbH) [File_System | Auto | Stopped] -- C:\Windows\System32\drivers\avgntflt.sys -- (avgntflt) DRV - [2011.12.15 15:00:00 | 000,036,000 | ---- | M] (Avira GmbH) [Kernel | System | Stopped] -- C:\Windows\System32\drivers\avkmgr.sys -- (avkmgr) DRV - [2011.07.22 17:27:02 | 000,012,880 | ---- | M] (SUPERAdBlocker.com and SUPERAntiSpyware.com) [Kernel | System | Running] -- C:\Programme\SUPERAntiSpyware\sasdifsv.sys -- (SASDIFSV) DRV - [2011.07.12 22:55:22 | 000,067,664 | ---- | M] (SUPERAdBlocker.com and SUPERAntiSpyware.com) [Kernel | System | Running] -- C:\Programme\SUPERAntiSpyware\SASKUTIL.SYS -- (SASKUTIL) DRV - [2011.06.21 14:05:52 | 000,037,920 | ---- | M] (RapidSolution Software AG) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\tbhsd.sys -- (tbhsd) DRV - [2010.06.17 14:14:27 | 000,028,520 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\Windows\System32\drivers\ssmdrv.sys -- (ssmdrv) DRV - [2008.03.17 10:05:30 | 000,101,632 | ---- | M] (Huawei Technologies Co., Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\ewusbmdm.sys -- (hwdatacard) DRV - [2007.09.14 16:42:04 | 002,222,080 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\NETw4v32.sys -- (NETw4v32) Intel(R) DRV - [2007.06.08 08:49:46 | 000,030,008 | R--- | M] (Hewlett-Packard Development Company L.P.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\DAMDrv.sys -- (DAMDrv) DRV - [2007.05.24 15:07:18 | 000,223,616 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\e1e6032.sys -- (e1express) Intel(R) DRV - [2007.04.16 02:00:06 | 001,161,152 | ---- | M] (Agere Systems) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\AGRSM.sys -- (AgereSoftModem) DRV - [2006.11.30 11:24:58 | 000,008,192 | ---- | M] (Hewlett-Packard Development Company, L.P.) [Kernel | System | Running] -- C:\Windows\System32\drivers\eabfiltr.sys -- (eabfiltr) DRV - [2006.11.02 08:36:43 | 002,028,032 | ---- | M] (ATI Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\atikmdag.sys -- (R300) DRV - [2006.11.02 08:30:53 | 000,045,056 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\bcm4sbxp.sys -- (bcm4sbxp) DRV - [2006.11.02 02:50:52 | 000,128,104 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\System32\drivers\WimFltr.sys -- (WimFltr) DRV - [2006.06.28 10:54:00 | 000,009,472 | ---- | M] (Hewlett-Packard Development Company, L.P.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\CPQBttn.sys -- (HBtnKey) ========== Standard Registry (SafeList) ========== ========== Internet Explorer ========== IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = %SystemRoot%\system32\blank.htm IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = about:blank IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = about:blank IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,StartPageCache = 1 IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 ========== FireFox ========== FF - prefs.js..browser.search.defaultengine: "" FF - prefs.js..browser.search.defaultenginename: "" FF - prefs.js..browser.search.order.1: "" FF - prefs.js..browser.search.order.2: "" FF - prefs.js..browser.search.order.3: "" FF - prefs.js..browser.search.order.4: "" FF - prefs.js..browser.search.selectedEngine: "Google" FF - prefs.js..browser.search.useDBForOrder: "" FF - prefs.js..browser.startup.homepage: "" FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}:6.0.20 FF - prefs.js..extensions.enabledItems: {AB2CE124-6272-4b12-94A9-7303C7397BD1}:4.2.0.5198 FF - prefs.js..extensions.enabledItems: {d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}:1.3.2 FF - prefs.js..extensions.enabledItems: {872b5b88-9db5-4310-bdd0-ac189557e5f5}:2.7.2.0 FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA}:6.0.23 FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF32.dll () FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=: File not found FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll () FF - HKLM\Software\MozillaPlugins\@divx.com/DivX Browser Plugin,version=1.0.0: C:\Program Files\DivX\DivX Plus Web Player\npdivx32.dll (DivX,Inc.) FF - HKLM\Software\MozillaPlugins\@divx.com/DivX Player Plugin,version=1.0.0: C:\Program Files\DivX\DivX Player\npDivxPlayerPlugin.dll File not found FF - HKLM\Software\MozillaPlugins\@divx.com/DivX VOD Helper,version=1.0.0: C:\Program Files\DivX\DivX OVS Helper\npovshelper.dll (DivX, LLC.) FF - HKLM\Software\MozillaPlugins\@Google.com/GoogleEarthPlugin: C:\Program Files\Google\Google Earth\plugin\npgeplugin.dll (Google) FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files\Java\jre6\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.) FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files\Microsoft Silverlight\4.0.60831.0\npctrl.dll ( Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@pack.google.com/Google Updater;version=14: C:\Program Files\Google\Google Updater\2.4.2432.1652\npCIDetect14.dll (Google) FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.) FF - HKCU\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF32.dll () FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{8AA36F4F-6DC7-4c06-77AF-5035170634FE}: C:\ProgramData\Swiss Academic Software\Citavi Picker\Firefox [2011.05.21 13:58:05 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 9.0.1\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2012.01.25 11:38:01 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 9.0.1\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2012.02.01 21:08:06 | 000,000,000 | ---D | M] FF - HKEY_CURRENT_USER\software\mozilla\Firefox\extensions\\{184AA5E6-741D-464a-820E-94B3ABC2F3B4}: C:\Users\[...]\AppData\Roaming\5015 [2009.08.03 03:01:08 | 000,000,000 | ---D | M] (No name found) -- C:\Users\[...]\AppData\Roaming\mozilla\Extensions [2009.08.03 03:01:08 | 000,000,000 | ---D | M] (No name found) -- C:\Users\[...]\AppData\Roaming\mozilla\Extensions\mozswing@mozswing.org [2012.02.01 16:10:44 | 000,000,000 | ---D | M] (No name found) -- C:\Users\[...]\AppData\Roaming\mozilla\Firefox\Profiles\ostw0k4k.default\extensions [2010.02.06 13:42:16 | 000,000,000 | ---D | M] (ImTranslator) -- C:\Users\[...]\AppData\Roaming\mozilla\Firefox\Profiles\ostw0k4k.default\extensions\{9AA46F4F-4DC7-4c06-97AF-5035170634FE} [2011.05.29 10:51:30 | 000,000,000 | ---D | M] (Zotero) -- C:\Users\[...]\AppData\Roaming\mozilla\Firefox\Profiles\ostw0k4k.default\extensions\zotero@chnm.gmu.edu [2011.05.29 10:54:53 | 000,000,000 | ---D | M] (Zotero WinWord Integration) -- C:\Users\[...]\AppData\Roaming\mozilla\Firefox\Profiles\ostw0k4k.default\extensions\zoteroWinWordIntegration@zotero.org [2010.02.04 16:45:40 | 000,002,254 | ---- | M] () -- C:\Users\[...]\AppData\Roaming\Mozilla\Firefox\Profiles\ostw0k4k.default\searchplugins\askcom.xml [2012.02.01 21:13:26 | 000,000,000 | ---D | M] (No name found) -- C:\Programme\Mozilla Firefox\extensions [2011.10.22 17:46:16 | 000,000,000 | ---D | M] (Skype Click to Call) -- C:\Programme\Mozilla Firefox\extensions\{82AF8DCA-6DE9-405D-BD5E-43525BDAD38A} [2010.01.28 00:16:35 | 000,000,000 | ---D | M] (Update Notifier) -- C:\Programme\Mozilla Firefox\extensions\{95f24680-9e31-11da-a746-0800200c9a66} [2012.02.01 20:57:05 | 000,000,000 | ---D | M] (Java Console) -- C:\Programme\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0030-ABCDEFFEDCBA} () (No name found) -- C:\USERS\[...]\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\OSTW0K4K.DEFAULT\EXTENSIONS\{D10D0BF8-F5B5-C8B4-A8B2-2B9879E08C5D}.XPI [2009.09.02 02:01:03 | 000,000,000 | ---D | M] (Microsoft .NET Framework Assistant) -- C:\WINDOWS\MICROSOFT.NET\FRAMEWORK\V3.5\WINDOWS PRESENTATION FOUNDATION\DOTNETASSISTANTEXTENSION [2012.01.25 11:38:00 | 000,121,816 | ---- | M] (Mozilla Foundation) -- C:\Program Files\mozilla firefox\components\browsercomps.dll [2012.02.01 20:55:57 | 000,476,904 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\mozilla firefox\plugins\npdeployJava1.dll [2012.01.25 11:37:52 | 000,001,392 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\amazondotcom-de.xml [2012.01.25 11:37:52 | 000,001,153 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\eBay-de.xml [2012.01.25 11:37:52 | 000,006,805 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\leo_ende_de.xml [2012.01.25 11:37:52 | 000,001,178 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\wikipedia-de.xml O1 HOSTS File: ([2011.04.12 18:25:25 | 000,431,550 | R--- | M]) - C:\Windows\System32\drivers\etc\hosts O1 - Hosts: 127.0.0.1 www.007guard.com O1 - Hosts: 127.0.0.1 007guard.com O1 - Hosts: 127.0.0.1 008i.com O1 - Hosts: 127.0.0.1 www.008k.com O1 - Hosts: 127.0.0.1 008k.com O1 - Hosts: 127.0.0.1 www.00hq.com O1 - Hosts: 127.0.0.1 00hq.com O1 - Hosts: 127.0.0.1 010402.com O1 - Hosts: 127.0.0.1 www.032439.com O1 - Hosts: 127.0.0.1 032439.com O1 - Hosts: 127.0.0.1 www.0scan.com O1 - Hosts: 127.0.0.1 0scan.com O1 - Hosts: 127.0.0.1 1000gratisproben.com O1 - Hosts: 127.0.0.1 www.1000gratisproben.com O1 - Hosts: 127.0.0.1 1001namen.com O1 - Hosts: 127.0.0.1 www.1001namen.com O1 - Hosts: 127.0.0.1 100888290cs.com O1 - Hosts: 127.0.0.1 www.100888290cs.com O1 - Hosts: 127.0.0.1 www.100sexlinks.com O1 - Hosts: 127.0.0.1 100sexlinks.com O1 - Hosts: 127.0.0.1 10sek.com O1 - Hosts: 127.0.0.1 www.10sek.com O1 - Hosts: 127.0.0.1 www.1-2005-search.com O1 - Hosts: 127.0.0.1 1-2005-search.com O1 - Hosts: 127.0.0.1 123fporn.info O1 - Hosts: 14880 more lines... O2 - BHO: (Spybot-S&D IE Protection) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Programme\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited) O2 - BHO: (Groove GFS Browser Helper) - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Programme\Microsoft Office\Office12\GrooveShellExtensions.dll (Microsoft Corporation) O2 - BHO: (Java(tm) Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Programme\Java\jre6\bin\ssv.dll (Sun Microsystems, Inc.) O2 - BHO: (Google Toolbar Notifier BHO) - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Programme\Google\GoogleToolbarNotifier\5.2.4204.1700\swg.dll (Google Inc.) O4 - HKLM..\Run: [avgnt] C:\Program Files\Avira\AntiVir Desktop\avgnt.exe (Avira Operations GmbH & Co. KG) O4 - HKLM..\Run: [Malwarebytes' Anti-Malware (reboot)] C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe (Malwarebytes Corporation) O4 - HKLM..\Run: [MobileConnect] C:\Program Files\Vodafone\Vodafone Mobile Connect\Bin\MobileConnect.exe (Vodafone) O4 - HKCU..\Run: [EPSON Stylus DX4400 Series] C:\Windows\System32\spool\DRIVERS\W32X86\3\E_FATICAE.EXE (SEIKO EPSON CORPORATION) O4 - HKCU..\Run: [SUPERAntiSpyware] C:\Programme\SUPERAntiSpyware\SUPERAntiSpyware.exe (SUPERAntiSpyware.com) O4 - HKLM..\RunOnce: [ST Recovery Launcher] C:\Windows\SMINST\Launcher.exe (soft thinks) O8 - Extra context menu item: &AOL Toolbar-Suche - c:\Programme\AOL\AOL Toolbar 5.0\resources\de-DE\local\search.html () O8 - Extra context menu item: &Citavi Picker... - C:\ProgramData\Swiss Academic Software\Citavi Picker\Internet Explorer\ShowContextMenu.html () O8 - Extra context menu item: Bild an &Bluetooth-Gerät senden... - C:\Programme\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm () O8 - Extra context menu item: Free YouTube to MP3 Converter - C:\Users\[...]\AppData\Roaming\DVDVideoSoftIEHelpers\freeyoutubetomp3converter.htm () O8 - Extra context menu item: Nach Microsoft E&xel exportieren - C:\Programme\Microsoft Office\Office12\EXCEL.EXE (Microsoft Corporation) O8 - Extra context menu item: Seite an &Bluetooth-Gerät senden... - C:\Programme\WIDCOMM\Bluetooth Software\btsendto_ie.htm () O9 - Extra Button: An OneNote senden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Programme\Microsoft Office\Office12\ONBttnIE.dll (Microsoft Corporation) O9 - Extra 'Tools' menuitem : An OneNote s&enden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Programme\Microsoft Office\Office12\ONBttnIE.dll (Microsoft Corporation) O9 - Extra Button: AOL Toolbar - {3369AF0D-62E9-4bda-8103-B4C75499B578} - Reg Error: Key error. File not found O9 - Extra Button: Skype Click to Call - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll File not found O9 - Extra 'Tools' menuitem : Skype Click to Call - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll File not found O9 - Extra Button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\Programme\Microsoft Office\Office12\REFIEBAR.DLL (Microsoft Corporation) O9 - Extra Button: @btrez.dll,-4015 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Programme\WIDCOMM\Bluetooth Software\btsendto_ie.htm () O9 - Extra 'Tools' menuitem : @btrez.dll,-12650 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Programme\WIDCOMM\Bluetooth Software\btsendto_ie.htm () O9 - Extra 'Tools' menuitem : Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Programme\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited) O10 - NameSpace_Catalog5\Catalog_Entries\000000000005 [] - C:\Programme\Bonjour\mdnsNSP.dll (Apple Inc.) O13 - gopher Prefix: missing O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_30-windows-i586.cab (Java Plug-in 1.6.0_30) O16 - DPF: {CAFEEFAC-0016-0000-0030-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_30-windows-i586.cab (Java Plug-in 1.6.0_30) O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_30-windows-i586.cab (Java Plug-in 1.6.0_30) O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.178.1 O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{09A022CC-735A-4E8E-A75D-82101EB772DA}: DhcpNameServer = 192.168.178.1 O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{E3A5A8A1-54F1-4DE8-B1C0-EF2C55B41FA2}: NameServer = 193.188.130.35 O18 - Protocol\Handler\grooveLocalGWS {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\Programme\Microsoft Office\Office12\GrooveSystemServices.dll (Microsoft Corporation) O18 - Protocol\Handler\livecall {828030A1-22C1-4009-854F-8E305202313F} - C:\Programme\Windows Live\Messenger\msgrapp.8.5.1302.1018.dll (Microsoft Corporation) O18 - Protocol\Handler\ms-help {314111c7-a502-11d2-bbca-00c04f8ec294} - C:\Programme\Common Files\microsoft shared\Help\hxds.dll (Microsoft Corporation) O18 - Protocol\Handler\msnim {828030A1-22C1-4009-854F-8E305202313F} - C:\Programme\Windows Live\Messenger\msgrapp.8.5.1302.1018.dll (Microsoft Corporation) O18 - Protocol\Handler\mso-offdap11 {32505114-5902-49B2-880A-1F7738E5A384} - C:\Programme\Common Files\microsoft shared\Web Components\11\OWC11.DLL (Microsoft Corporation) O18 - Protocol\Handler\skype-ie-addon-data {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll File not found O18 - Protocol\Handler\wlmailhtml {03C514A3-1EFB-4856-9F99-10D7BE1653C0} - C:\Programme\Windows Live\Mail\mailcomm.dll (Microsoft Corporation) O18 - Protocol\Filter\text/xml {807563E5-5146-11D5-A672-00B0D022E945} - C:\Programme\Common Files\microsoft shared\OFFICE12\MSOXMLMF.DLL (Microsoft Corporation) O20 - HKLM Winlogon: Shell - (Explorer.exe) -C:\Windows\explorer.exe (Microsoft Corporation) O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) -C:\Windows\System32\userinit.exe (Microsoft Corporation) O20 - Winlogon\Notify\!SASWinLogon: DllName - (C:\Program Files\SUPERAntiSpyware\SASWINLO.DLL) - C:\Programme\SUPERAntiSpyware\SASWINLO.DLL (SUPERAntiSpyware.com) O20 - Winlogon\Notify\DeviceNP: DllName - (DeviceNP.dll) - C:\Windows\System32\DeviceNP.dll (Hewlett-Packard Limited) O24 - Desktop WallPaper: C:\Users\[...]\AppData\Roaming\Microsoft\Windows Photo Gallery\Hintergrundbild der Windows-Fotogalerie.jpg O24 - Desktop BackupWallPaper: C:\Users\[...]\AppData\Roaming\Microsoft\Windows Photo Gallery\Hintergrundbild der Windows-Fotogalerie.jpg O28 - HKLM ShellExecuteHooks: {5AE067D3-9AFB-48E0-853A-EBB7F4A000DA} - C:\Programme\SUPERAntiSpyware\SASSEH.DLL (SuperAdBlocker.com) O28 - HKLM ShellExecuteHooks: {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - C:\Programme\Microsoft Office\Office12\GrooveShellExtensions.dll (Microsoft Corporation) O32 - HKLM CDRom: AutoRun - 1 O34 - HKLM BootExecute: (autocheck autochk *) O35 - HKLM\..comfile [open] -- "%1" %* O35 - HKLM\..exefile [open] -- "%1" %* O37 - HKLM\...com [@ = comfile] -- "%1" %* O37 - HKLM\...exe [@ = exefile] -- "%1" %* ========== Files/Folders - Created Within 30 Days ========== [2012.02.02 21:12:26 | 000,000,000 | ---D | C] -- C:\Users\[...]\Desktop\überprüfung [2012.02.02 21:03:04 | 000,000,000 | ---D | C] -- C:\Users\[...]\AppData\Roaming\Avira [2012.02.02 21:02:31 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Avira [2012.02.02 21:02:02 | 000,134,856 | ---- | C] (Avira GmbH) -- C:\Windows\System32\drivers\avipbb.sys [2012.02.02 21:02:02 | 000,074,640 | ---- | C] (Avira GmbH) -- C:\Windows\System32\drivers\avgntflt.sys [2012.02.02 21:02:02 | 000,036,000 | ---- | C] (Avira GmbH) -- C:\Windows\System32\drivers\avkmgr.sys [2012.02.02 21:02:00 | 000,000,000 | ---D | C] -- C:\ProgramData\Avira [2012.02.02 21:02:00 | 000,000,000 | ---D | C] -- C:\Program Files\Avira [2012.02.01 20:57:17 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Java [2012.02.01 20:56:40 | 000,157,472 | ---- | C] (Sun Microsystems, Inc.) -- C:\Windows\System32\javaws.exe [2012.02.01 20:56:40 | 000,149,280 | ---- | C] (Sun Microsystems, Inc.) -- C:\Windows\System32\javaw.exe [2012.02.01 20:56:40 | 000,149,280 | ---- | C] (Sun Microsystems, Inc.) -- C:\Windows\System32\java.exe [2012.02.01 16:26:57 | 000,000,000 | ---D | C] -- C:\Users\[...]\AppData\Roaming\SUPERAntiSpyware.com [2012.02.01 16:25:31 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\SUPERAntiSpyware [2012.02.01 16:25:24 | 000,000,000 | ---D | C] -- C:\ProgramData\SUPERAntiSpyware.com [2012.02.01 16:25:24 | 000,000,000 | ---D | C] -- C:\Program Files\SUPERAntiSpyware [2012.02.01 16:10:36 | 000,000,000 | ---D | C] -- C:\_OTL [2012.01.31 23:18:47 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\CCleaner [2012.01.31 23:18:38 | 000,000,000 | ---D | C] -- C:\Program Files\CCleaner [2012.01.11 11:10:25 | 000,023,552 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mciseq.dll [2012.01.11 11:10:19 | 000,066,560 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\packager.dll [2012.01.11 11:10:16 | 000,376,320 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\winsrv.dll [2012.01.11 11:09:47 | 001,314,816 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\quartz.dll [2012.01.11 11:09:47 | 000,497,152 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\qdvd.dll [2011.06.12 13:03:50 | 001,448,752 | ---- | C] (Kaspersky Lab ZAO) -- C:\Program Files\TDSSKiller.exe [2008.04.24 22:20:00 | 000,018,944 | ---- | C] ( ) -- C:\Windows\System32\Implode.dll [1 C:\Users\[...]\AppData\Roaming\*.tmp files -> C:\Users\[...]\AppData\Roaming\*.tmp -> ] ========== Files - Modified Within 30 Days ========== [2012.02.02 21:02:31 | 000,001,847 | ---- | M] () -- C:\Users\Public\Desktop\Avira Control Center.lnk [2012.02.02 19:32:32 | 000,003,168 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0 [2012.02.02 19:32:32 | 000,003,168 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0 [2012.02.02 19:32:18 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat [2012.02.02 19:31:18 | 000,002,140 | ---- | M] () -- C:\Windows\bthservsdp.dat [2012.02.02 19:08:31 | 251,223,540 | ---- | M] () -- C:\Windows\MEMORY.DMP [2012.02.02 16:06:55 | 000,000,991 | ---- | M] () -- C:\Users\[...]\Desktop\g6wkvncr - Verknüpfung.lnk [2012.02.02 16:03:55 | 000,157,311 | ---- | M] () -- C:\Users\[...]\Desktop\dok2.pdf [2012.02.02 14:50:07 | 000,001,052 | ---- | M] () -- C:\Windows\tasks\Google Software Updater.job [2012.02.02 11:02:55 | 000,700,174 | ---- | M] () -- C:\Windows\System32\perfh007.dat [2012.02.02 11:02:55 | 000,654,882 | ---- | M] () -- C:\Windows\System32\perfh009.dat [2012.02.02 11:02:55 | 000,156,344 | ---- | M] () -- C:\Windows\System32\perfc007.dat [2012.02.02 11:02:55 | 000,127,072 | ---- | M] () -- C:\Windows\System32\perfc009.dat [2012.02.01 21:08:06 | 000,001,892 | ---- | M] () -- C:\Users\Public\Desktop\Adobe Reader X.lnk [2012.02.01 20:55:53 | 000,157,472 | ---- | M] (Sun Microsystems, Inc.) -- C:\Windows\System32\javaws.exe [2012.02.01 20:55:53 | 000,149,280 | ---- | M] (Sun Microsystems, Inc.) -- C:\Windows\System32\javaw.exe [2012.02.01 20:55:52 | 000,149,280 | ---- | M] (Sun Microsystems, Inc.) -- C:\Windows\System32\java.exe [2012.02.01 20:55:51 | 000,472,808 | ---- | M] (Sun Microsystems, Inc.) -- C:\Windows\System32\deployJava1.dll [2012.02.01 16:25:32 | 000,001,800 | ---- | M] () -- C:\Users\Public\Desktop\SUPERAntiSpyware Free Edition.lnk [2012.02.01 15:08:16 | 000,259,728 | ---- | M] () -- C:\Users\[...]\Documents\cc_20120201_150746.reg [2012.02.01 14:27:50 | 000,009,003 | ---- | M] () -- C:\ProgramData\LUUnInstall.LiveUpdate [2012.01.31 23:18:47 | 000,000,804 | ---- | M] () -- C:\Users\Public\Desktop\CCleaner.lnk [2012.01.31 14:08:37 | 000,000,906 | ---- | M] () -- C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk [2012.01.30 19:05:55 | 000,468,376 | ---- | M] () -- C:\Users\[...]\Desktop\Musterformular_FriedrEbertstf.pdf [2012.01.30 19:05:30 | 000,146,600 | ---- | M] () -- C:\Users\[...]\Desktop\web_Infoblatt%20Grundfoerderung.pdf [2012.01.13 21:41:20 | 000,074,374 | ---- | M] () -- C:\Users\[...]\Desktop\corp0222.pdf [2012.01.11 14:58:22 | 000,036,352 | ---- | M] () -- C:\Users\[...]\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini [1 C:\Users\[...]\AppData\Roaming\*.tmp files -> C:\Users\[...]\AppData\Roaming\*.tmp -> ] ========== Files Created - No Company Name ========== [2012.02.02 21:02:31 | 000,001,847 | ---- | C] () -- C:\Users\Public\Desktop\Avira Control Center.lnk [2012.02.02 19:08:31 | 251,223,540 | ---- | C] () -- C:\Windows\MEMORY.DMP [2012.02.02 16:03:43 | 000,157,311 | ---- | C] () -- C:\Users\[...]\Desktop\dok2.pdf [2012.02.01 21:08:06 | 000,001,892 | ---- | C] () -- C:\Users\Public\Desktop\Adobe Reader X.lnk [2012.02.01 21:08:06 | 000,001,804 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Reader X.lnk [2012.02.01 16:25:32 | 000,001,800 | ---- | C] () -- C:\Users\Public\Desktop\SUPERAntiSpyware Free Edition.lnk [2012.02.01 15:07:49 | 000,259,728 | ---- | C] () -- C:\Users\[...]\Documents\cc_20120201_150746.reg [2012.02.01 14:21:34 | 000,009,003 | ---- | C] () -- C:\ProgramData\LUUnInstall.LiveUpdate [2012.01.31 23:18:47 | 000,000,804 | ---- | C] () -- C:\Users\Public\Desktop\CCleaner.lnk [2012.01.30 19:05:55 | 000,468,376 | ---- | C] () -- C:\Users\[...]\Desktop\Musterformular_FriedrEbertstf.pdf [2012.01.30 19:05:30 | 000,146,600 | ---- | C] () -- C:\Users\[...]\Desktop\web_Infoblatt%20Grundfoerderung.pdf [2012.01.13 21:41:20 | 000,074,374 | ---- | C] () -- C:\Users\[...]\Desktop\corp0222.pdf [2011.07.23 11:26:25 | 000,000,080 | ---- | C] () -- C:\Windows\matlab.ini [2010.11.09 13:18:19 | 000,105,582 | ---- | C] () -- C:\Program Files\Uninstall-LyX.exe [2010.08.01 17:08:39 | 000,000,118 | ---- | C] () -- C:\Windows\WinInit.ini [2009.10.20 21:07:18 | 000,117,248 | ---- | C] () -- C:\Windows\System32\EhStorAuthn.dll [2009.10.20 21:07:18 | 000,107,612 | ---- | C] () -- C:\Windows\System32\StructuredQuerySchema.bin [2009.10.20 21:05:20 | 000,062,976 | ---- | C] () -- C:\Windows\System32\PrintBrmUi.exe [2009.09.11 02:56:55 | 000,081,920 | ---- | C] () -- C:\Windows\ASR32311.DLL [2009.06.07 19:58:09 | 000,000,056 | -H-- | C] () -- C:\ProgramData\ezsidmv.dat [2009.02.01 22:53:16 | 000,116,224 | ---- | C] () -- C:\Windows\System32\pdfcmnnt.dll [2009.01.08 21:20:54 | 000,000,098 | ---- | C] () -- C:\Users\[...]\AppData\Local\fusioncache.dat [2008.11.06 17:37:32 | 003,596,288 | ---- | C] () -- C:\Windows\System32\qt-dx331.dll [2008.10.06 20:08:19 | 000,018,904 | ---- | C] () -- C:\Windows\System32\StructuredQuerySchemaTrivial.bin [2008.07.28 11:20:04 | 000,000,680 | ---- | C] () -- C:\Users\[...]\AppData\Local\d3d9caps.dat [2008.06.29 15:59:57 | 000,024,206 | ---- | C] () -- C:\Users\[...]\AppData\Roaming\UserTile.png [2008.06.23 12:02:02 | 000,097,410 | R--- | C] () -- C:\ProgramData\DeviceManager.xml.rc4 [2008.05.29 20:50:23 | 000,000,088 | RHS- | C] () -- C:\ProgramData\46411382A6.sys [2008.05.29 20:50:22 | 000,002,828 | -HS- | C] () -- C:\ProgramData\KGyGaAvL.sys [2008.05.23 16:48:50 | 000,020,270 | ---- | C] () -- C:\ProgramData\DeviceInstaller.xml [2008.04.25 14:42:37 | 000,001,160 | ---- | C] () -- C:\Windows\mozver.dat [2008.04.25 14:14:41 | 000,000,000 | ---- | C] () -- C:\Windows\nsreg.dat [2008.04.24 22:20:06 | 000,204,848 | ---- | C] () -- C:\Windows\System32\gswin32c.exe [2008.04.24 22:20:00 | 000,748,160 | ---- | C] () -- C:\Windows\System32\Co2c40en.dll [2008.04.24 22:20:00 | 000,054,272 | ---- | C] () -- C:\Windows\System32\P2irdao.dll [2008.04.24 22:20:00 | 000,050,176 | ---- | C] () -- C:\Windows\System32\P2ctdao.dll [2008.04.20 20:42:02 | 000,036,352 | ---- | C] () -- C:\Users\[...]\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini [2008.04.20 20:12:11 | 000,111,932 | ---- | C] () -- C:\Windows\System32\EPPICPrinterDB.dat [2008.04.20 20:12:11 | 000,031,053 | ---- | C] () -- C:\Windows\System32\EPPICPattern131.dat [2008.04.20 20:12:11 | 000,027,417 | ---- | C] () -- C:\Windows\System32\EPPICPattern121.dat [2008.04.20 20:12:11 | 000,026,154 | ---- | C] () -- C:\Windows\System32\EPPICPattern1.dat [2008.04.20 20:12:11 | 000,024,903 | ---- | C] () -- C:\Windows\System32\EPPICPattern3.dat [2008.04.20 20:12:11 | 000,021,390 | ---- | C] () -- C:\Windows\System32\EPPICPattern5.dat [2008.04.20 20:12:11 | 000,020,148 | ---- | C] () -- C:\Windows\System32\EPPICPattern2.dat [2008.04.20 20:12:11 | 000,011,811 | ---- | C] () -- C:\Windows\System32\EPPICPattern4.dat [2008.04.20 20:12:11 | 000,004,943 | ---- | C] () -- C:\Windows\System32\EPPICPattern6.dat [2008.04.20 20:12:11 | 000,001,146 | ---- | C] () -- C:\Windows\System32\EPPICPresetData_DU.dat [2008.04.20 20:12:11 | 000,001,139 | ---- | C] () -- C:\Windows\System32\EPPICPresetData_PT.dat [2008.04.20 20:12:11 | 000,001,139 | ---- | C] () -- C:\Windows\System32\EPPICPresetData_BP.dat [2008.04.20 20:12:11 | 000,001,136 | ---- | C] () -- C:\Windows\System32\EPPICPresetData_ES.dat [2008.04.20 20:12:11 | 000,001,129 | ---- | C] () -- C:\Windows\System32\EPPICPresetData_FR.dat [2008.04.20 20:12:11 | 000,001,129 | ---- | C] () -- C:\Windows\System32\EPPICPresetData_CF.dat [2008.04.20 20:12:11 | 000,001,120 | ---- | C] () -- C:\Windows\System32\EPPICPresetData_IT.dat [2008.04.20 20:12:11 | 000,001,107 | ---- | C] () -- C:\Windows\System32\EPPICPresetData_GE.dat [2008.04.20 20:12:11 | 000,001,104 | ---- | C] () -- C:\Windows\System32\EPPICPresetData_EN.dat [2008.04.20 20:12:11 | 000,000,097 | ---- | C] () -- C:\Windows\System32\PICSDK.ini [2008.04.20 20:04:59 | 000,000,027 | ---- | C] () -- C:\Windows\CDE DX4400DEFGIPS.ini [2008.04.19 10:18:46 | 000,204,800 | ---- | C] () -- C:\Windows\System32\IVIresizeW7.dll [2008.04.19 10:18:46 | 000,200,704 | ---- | C] () -- C:\Windows\System32\IVIresizeA6.dll [2008.04.19 10:18:46 | 000,192,512 | ---- | C] () -- C:\Windows\System32\IVIresizeP6.dll [2008.04.19 10:18:46 | 000,192,512 | ---- | C] () -- C:\Windows\System32\IVIresizeM6.dll [2008.04.19 10:18:46 | 000,188,416 | ---- | C] () -- C:\Windows\System32\IVIresizePX.dll [2008.04.19 10:18:46 | 000,020,480 | ---- | C] () -- C:\Windows\System32\IVIresize.dll [2007.08.24 13:46:48 | 000,147,456 | ---- | C] () -- C:\Windows\System32\igfxCoIn_v1322.dll [2007.08.24 13:38:54 | 001,238,832 | ---- | C] () -- C:\Windows\System32\igmedkrn.dll [2007.08.24 13:38:54 | 000,104,636 | ---- | C] () -- C:\Windows\System32\igmedcompkrn.dll [2007.08.24 13:28:04 | 000,249,856 | ---- | C] () -- C:\Windows\System32\igfxTMM.dll [2007.06.08 09:05:38 | 000,274,432 | ---- | C] () -- C:\Windows\System32\flcdlmsg.dll [2007.03.29 11:42:38 | 000,389,120 | ---- | C] () -- C:\Windows\System32\btwhidcs.dll [2006.11.09 17:45:55 | 000,002,140 | ---- | C] () -- C:\Windows\bthservsdp.dat [2006.11.09 17:45:32 | 000,000,000 | ---- | C] () -- C:\Windows\System32\atiicdxx.dat [2006.11.02 16:42:41 | 000,700,174 | ---- | C] () -- C:\Windows\System32\perfh007.dat [2006.11.02 16:42:41 | 000,290,748 | ---- | C] () -- C:\Windows\System32\perfi007.dat [2006.11.02 16:42:41 | 000,156,344 | ---- | C] () -- C:\Windows\System32\perfc007.dat [2006.11.02 16:42:41 | 000,036,916 | ---- | C] () -- C:\Windows\System32\perfd007.dat [2006.11.02 13:56:48 | 000,067,584 | --S- | C] () -- C:\Windows\bootstat.dat [2006.11.02 13:47:43 | 000,546,152 | ---- | C] () -- C:\Windows\System32\FNTCACHE.DAT [2006.11.02 11:33:01 | 000,654,882 | ---- | C] () -- C:\Windows\System32\perfh009.dat [2006.11.02 11:33:01 | 000,287,440 | ---- | C] () -- C:\Windows\System32\perfi009.dat [2006.11.02 11:33:01 | 000,127,072 | ---- | C] () -- C:\Windows\System32\perfc009.dat [2006.11.02 11:33:01 | 000,030,674 | ---- | C] () -- C:\Windows\System32\perfd009.dat [2006.11.02 11:25:44 | 000,159,744 | ---- | C] () -- C:\Windows\System32\atitmmxx.dll [2006.11.02 11:23:21 | 000,215,943 | ---- | C] () -- C:\Windows\System32\dssec.dat [2006.11.02 09:58:30 | 000,043,131 | ---- | C] () -- C:\Windows\mib.bin [2006.11.02 09:19:00 | 000,000,741 | ---- | C] () -- C:\Windows\System32\NOISE.DAT [2006.11.02 08:40:29 | 000,013,750 | ---- | C] () -- C:\Windows\System32\pacerprf.ini [2006.11.02 08:25:31 | 000,673,088 | ---- | C] () -- C:\Windows\System32\mlang.dat [2006.03.09 11:58:00 | 001,060,424 | ---- | C] () -- C:\Windows\System32\WdfCoInstaller01000.dll [2003.11.17 18:33:38 | 000,090,384 | ---- | C] () -- C:\Windows\System32\ctxsetup.exe [2002.06.28 10:43:44 | 000,438,272 | ---- | C] () -- C:\Windows\System32\xvid.dll [2002.05.16 00:38:40 | 000,091,136 | ---- | C] () -- C:\Windows\System32\mp4fil32.dll [2002.05.04 14:19:00 | 000,049,152 | ---- | C] () -- C:\Windows\System32\avisynthEx.dll [2002.04.21 19:30:14 | 000,151,552 | ---- | C] () -- C:\Windows\System32\OggDS.dll [2002.04.19 15:23:26 | 000,106,137 | ---- | C] () -- C:\Windows\System32\libpostproc.dll [2002.04.19 14:51:04 | 000,211,760 | ---- | C] () -- C:\Windows\System32\libavcodec.dll [2002.04.01 23:16:30 | 000,454,656 | ---- | C] () -- C:\Windows\System32\VorbisEnc.dll [2002.04.01 23:16:14 | 000,118,784 | ---- | C] () -- C:\Windows\System32\vorbis.dll [2002.04.01 23:15:40 | 000,011,264 | ---- | C] () -- C:\Windows\System32\ogg.dll [2002.02.21 17:41:20 | 000,157,184 | ---- | C] () -- C:\Windows\System32\unrar.dll [2001.11.14 12:56:00 | 001,802,240 | ---- | C] () -- C:\Windows\System32\lcppn21.dll [2001.06.22 12:06:02 | 000,167,936 | ---- | C] () -- C:\Windows\System32\MPEG2DEC.dll [1999.11.27 23:00:00 | 000,000,012 | ---- | C] () -- C:\Windows\WordsofDhamma.INI ========== LOP Check ========== [2009.06.10 04:26:31 | 000,000,000 | ---D | M] -- C:\Users\[...]\AppData\Roaming\Autodesk [2008.05.10 09:32:36 | 000,000,000 | ---D | M] -- C:\Users\[...]\AppData\Roaming\Dev-Cpp [2011.03.03 20:54:55 | 000,000,000 | ---D | M] -- C:\Users\[...]\AppData\Roaming\digital publishing [2011.12.17 20:58:20 | 000,000,000 | ---D | M] -- C:\Users\[...]\AppData\Roaming\Dropbox [2011.07.23 19:32:19 | 000,000,000 | ---D | M] -- C:\Users\[...]\AppData\Roaming\DVDVideoSoftIEHelpers [2011.07.02 10:56:56 | 000,000,000 | ---D | M] -- C:\Users\[...]\AppData\Roaming\Eddym [2009.11.05 15:43:19 | 000,000,000 | ---D | M] -- C:\Users\[...]\AppData\Roaming\EPSON [2008.10.17 20:18:15 | 000,000,000 | ---D | M] -- C:\Users\[...]\AppData\Roaming\eXPert PDF Editor [2011.03.07 17:56:17 | 000,000,000 | ---D | M] -- C:\Users\[...]\AppData\Roaming\gtk-2.0 [2008.04.19 10:19:47 | 000,000,000 | ---D | M] -- C:\Users\[...]\AppData\Roaming\Hewlett Packard [2008.12.02 13:59:55 | 000,000,000 | ---D | M] -- C:\Users\[...]\AppData\Roaming\ICAClient [2008.09.19 19:58:27 | 000,000,000 | ---D | M] -- C:\Users\[...]\AppData\Roaming\InterVideo [2010.01.31 15:10:23 | 000,000,000 | ---D | M] -- C:\Users\[...]\AppData\Roaming\Karteikartentrainer [2010.11.09 13:48:40 | 000,000,000 | ---D | M] -- C:\Users\[...]\AppData\Roaming\LyX16 [2009.01.08 21:30:00 | 000,000,000 | ---D | M] -- C:\Users\[...]\AppData\Roaming\Mathsoft [2010.11.14 16:02:17 | 000,000,000 | ---D | M] -- C:\Users\[...]\AppData\Roaming\mresreg [2009.01.25 14:04:07 | 000,000,000 | ---D | M] -- C:\Users\[...]\AppData\Roaming\OpenOffice.org [2011.04.11 11:09:58 | 000,000,000 | ---D | M] -- C:\Users\[...]\AppData\Roaming\PCFix [2008.06.29 15:59:56 | 000,000,000 | ---D | M] -- C:\Users\[...]\AppData\Roaming\PeerNetworking [2009.02.11 13:56:05 | 000,000,000 | ---D | M] -- C:\Users\[...]\AppData\Roaming\RETScreen [2008.05.29 20:02:01 | 000,000,000 | ---D | M] -- C:\Users\[...]\AppData\Roaming\SampleView [2011.07.20 13:24:06 | 000,000,000 | ---D | M] -- C:\Users\[...]\AppData\Roaming\SumatraPDF [2011.05.21 14:07:06 | 000,000,000 | ---D | M] -- C:\Users\[...]\AppData\Roaming\Swiss Academic Software [2010.07.06 22:43:27 | 000,000,000 | ---D | M] -- C:\Users\[...]\AppData\Roaming\Tinn-R [2011.07.23 19:51:53 | 000,000,000 | ---D | M] -- C:\Users\[...]\AppData\Roaming\TubeBox [2008.10.28 18:06:59 | 000,000,000 | ---D | M] -- C:\Users\[...]\AppData\Roaming\Unigraphics Solutions [2011.09.16 09:38:03 | 000,000,000 | ---D | M] -- C:\Users\[...]\AppData\Roaming\Vodafone [2011.06.02 11:40:35 | 000,000,000 | ---D | M] -- C:\Users\[...]\AppData\Roaming\xmldm [2012.02.02 19:31:24 | 000,032,582 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT ========== Purity Check ========== < End of report > [/Code] OTL Logfile: Code:
ATTFilter OTL Extras logfile created on: 02.02.2012 21:12:10 - Run 2
OTL by OldTimer - Version 3.2.31.0 Folder = C:\Users\[...]\Downloads
Windows Vista Business Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation
Internet Explorer (Version = 7.0.6002.18005)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
1,99 Gb Total Physical Memory | 0,91 Gb Available Physical Memory | 45,69% Memory free
4,22 Gb Paging File | 2,75 Gb Available in Paging File | 65,19% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 223,38 Gb Total Space | 69,49 Gb Free Space | 31,11% Space Free | Partition Type: NTFS
Drive E: | 1,55 Gb Total Space | 1,02 Gb Free Space | 65,91% Space Free | Partition Type: NTFS
Drive F: | 7,95 Gb Total Space | 2,34 Gb Free Space | 29,43% Space Free | Partition Type: NTFS
Computer Name: HOME | User Name: [...] | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
========== Extra Registry (SafeList) ==========
========== File Associations ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- C:\Windows\System32\control.exe (Microsoft Corporation)
.hlp [@ = hlpfile] -- C:\Windows\winhlp32.exe (Microsoft Corporation)
.html [@ = FirefoxHTML] -- C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation)
.url [@ = InternetShortcut] -- rundll32.exe ieframe.dll,OpenURL %l
========== Shell Spawning ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
hlpfile [open] -- %SystemRoot%\winhlp32.exe %1 (Microsoft Corporation)
htmlfile [edit] -- Reg Error: Key error.
htmlfile [print] -- rundll32.exe %windir%\system32\mshtml.dll,PrintHTML "%1"
http [open] -- "C:\Program Files\Mozilla Firefox\firefox.exe" -requestPending -osint -url "%1" (Mozilla Corporation)
https [open] -- "C:\Program Files\Mozilla Firefox\firefox.exe" -requestPending -osint -url "%1" (Mozilla Corporation)
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
InternetShortcut [open] -- rundll32.exe ieframe.dll,OpenURL %l
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [OneNote.Open] -- C:\PROGRA~1\MICROS~1\Office12\ONENOTE.EXE "%L" (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe /separate,/idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /separate,/e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
========== Security Center Settings ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1
"UacDisableNotify" = 1
"InternetSettingsDisableNotify" = 1
"AutoUpdateDisableNotify" = 1
"UpdatesDisableNotify" = 0
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
"DisableMonitoring" = 1
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus]
"DisableMonitoring" = 1
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall]
"DisableMonitoring" = 1
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0
"VistaSp1" = Reg Error: Unknown registry data type -- File not found
"VistaSp2" = Reg Error: Unknown registry data type -- File not found
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]
========== Firewall Settings ==========
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
========== Authorized Applications List ==========
========== Vista Active Open Ports Exception List ==========
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{BBE2CE54-674E-4179-AAE7-27C4DB2E8CA2}" = lport=2869 | protocol=6 | dir=in | app=system |
"{C2001774-724F-41D4-99B6-066ADBEDE0EE}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=svchost.exe |
"{F2AED1CB-B596-4212-B9F9-E8CAC719F88C}" = lport=6004 | protocol=17 | dir=in | app=c:\program files\microsoft office\office12\outlook.exe |
========== Vista Active Application Exception List ==========
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{01937BFF-7A50-4B9A-9CB0-326A20437AD8}" = dir=in | app=c:\program files\windows live\messenger\msnmsgr.exe |
"{25BC4C3C-CE15-4524-9EC4-15C63C2D3CF3}" = protocol=17 | dir=in | app=c:\program files\microsoft office\office12\onenote.exe |
"{469CBB76-88F5-41D6-8974-2D03110B511A}" = protocol=6 | dir=in | app=c:\program files\microsoft office\office12\onenote.exe |
"{504848D8-C524-4F3C-8F94-36C1EB62971E}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{512EA11E-CA24-4546-9A0D-D074CF7A632C}" = protocol=17 | dir=in | app=c:\users\[...]\appdata\roaming\dropbox\bin\dropbox.exe |
"{7E1A66DE-1575-468A-80FF-68A4091CBD13}" = protocol=17 | dir=in | app=c:\program files\microsoft office\office12\groove.exe |
"{81743A39-1942-483E-9A2C-F93CAE45E001}" = protocol=6 | dir=in | app=c:\users\[...]\appdata\roaming\dropbox\bin\dropbox.exe |
"{9BBB1A72-BDFB-4323-9ACF-0FFB91C1D877}" = dir=in | app=c:\program files\windows live\messenger\livecall.exe |
"{CE66FF6E-34D1-4E78-8257-D04A58DAC07F}" = protocol=6 | dir=in | app=c:\program files\microsoft office\office12\groove.exe |
"TCP Query User{193EB2D3-2BF2-4F3B-BA8F-9D8435A2D0EA}C:\users\[...]\appdata\roaming\dropbox\bin\dropbox.exe" = protocol=6 | dir=in | app=c:\users\[...]\appdata\roaming\dropbox\bin\dropbox.exe |
"TCP Query User{1B04FAF1-DB4B-4BE5-B8B5-39B5C88039A1}C:\program files\matlab71\bin\win32\matlab.exe" = protocol=6 | dir=in | app=c:\program files\matlab71\bin\win32\matlab.exe |
"TCP Query User{1B580D07-A9B5-465F-9C5E-C623CE9694A0}C:\windows\explorer.exe" = protocol=6 | dir=in | app=c:\windows\explorer.exe |
"TCP Query User{2F1776ED-4EE2-4BBF-8B00-6108A4C3F4C5}C:\program files\google\google earth\plugin\geplugin.exe" = protocol=6 | dir=in | app=c:\program files\google\google earth\plugin\geplugin.exe |
"TCP Query User{51CE0D93-DC7B-41D7-AEC5-8217E2BB1D35}C:\program files\java\jre6\bin\javaw.exe" = protocol=6 | dir=in | app=c:\program files\java\jre6\bin\javaw.exe |
"TCP Query User{56243DE6-C0BD-4351-A236-2512628C39EE}C:\program files\mozilla firefox\firefox.exe" = protocol=6 | dir=in | app=c:\program files\mozilla firefox\firefox.exe |
"TCP Query User{6ABEF9EE-100A-482A-8874-BA303ACBC573}C:\program files\mozilla firefox\firefox.exe" = protocol=6 | dir=in | app=c:\program files\mozilla firefox\firefox.exe |
"TCP Query User{88AE56F1-A63F-43F5-801E-DE99B013AF64}C:\program files\java\jre6\bin\javaw.exe" = protocol=6 | dir=in | app=c:\program files\java\jre6\bin\javaw.exe |
"TCP Query User{A00167C6-CF27-40A1-BB15-B42E947C62F9}C:\windows\system32\wfs.exe" = protocol=6 | dir=in | app=c:\windows\system32\wfs.exe |
"TCP Query User{A2104397-A655-4497-8DBE-120A3FBCA691}C:\program files\google\google earth\client\googleearth.exe" = protocol=6 | dir=in | app=c:\program files\google\google earth\client\googleearth.exe |
"TCP Query User{B773B6FF-A87D-4266-8827-F6141EEFD026}C:\program files\java\jre6\bin\java.exe" = protocol=6 | dir=in | app=c:\program files\java\jre6\bin\java.exe |
"TCP Query User{C67A32DA-0C69-49FA-B444-CB869D065067}C:\program files\mozilla firefox\plugin-container.exe" = protocol=6 | dir=in | app=c:\program files\mozilla firefox\plugin-container.exe |
"TCP Query User{FBD2934E-DAEC-42CC-8A25-740FA3A65811}C:\windows\explorer.exe" = protocol=6 | dir=in | app=c:\windows\explorer.exe |
"UDP Query User{0E0EA0FA-E775-4FEF-A94B-366BC1CB9A1F}C:\users\[...]\appdata\roaming\dropbox\bin\dropbox.exe" = protocol=17 | dir=in | app=c:\users\[...]\appdata\roaming\dropbox\bin\dropbox.exe |
"UDP Query User{3AE130D5-4070-4A38-9ACC-93412E73196A}C:\program files\mozilla firefox\firefox.exe" = protocol=17 | dir=in | app=c:\program files\mozilla firefox\firefox.exe |
"UDP Query User{596C43F3-DF81-4D59-A3A5-F40B21295B5E}C:\program files\mozilla firefox\firefox.exe" = protocol=17 | dir=in | app=c:\program files\mozilla firefox\firefox.exe |
"UDP Query User{65EC33B2-0903-4367-B2B0-65FC8784CAA4}C:\program files\matlab71\bin\win32\matlab.exe" = protocol=17 | dir=in | app=c:\program files\matlab71\bin\win32\matlab.exe |
"UDP Query User{77A5C851-89DF-462D-ADD3-2080E2A1EE96}C:\windows\system32\wfs.exe" = protocol=17 | dir=in | app=c:\windows\system32\wfs.exe |
"UDP Query User{8C616AF9-3A02-4F0C-B313-E099ECD7A748}C:\program files\google\google earth\plugin\geplugin.exe" = protocol=17 | dir=in | app=c:\program files\google\google earth\plugin\geplugin.exe |
"UDP Query User{95E66C69-2133-4B02-9A14-7CDF7FA8D752}C:\windows\explorer.exe" = protocol=17 | dir=in | app=c:\windows\explorer.exe |
"UDP Query User{A1E12EC7-44DA-48DA-9B35-FE3E2A8A0D9E}C:\program files\java\jre6\bin\javaw.exe" = protocol=17 | dir=in | app=c:\program files\java\jre6\bin\javaw.exe |
"UDP Query User{B14600AB-FAEF-4E74-A71C-0420B8AB6E0F}C:\program files\google\google earth\client\googleearth.exe" = protocol=17 | dir=in | app=c:\program files\google\google earth\client\googleearth.exe |
"UDP Query User{DE996E13-6139-4612-B396-F35C8B66FDE9}C:\program files\java\jre6\bin\java.exe" = protocol=17 | dir=in | app=c:\program files\java\jre6\bin\java.exe |
"UDP Query User{F0767A7B-5C2D-4FC7-945B-9181560CB09F}C:\program files\mozilla firefox\plugin-container.exe" = protocol=17 | dir=in | app=c:\program files\mozilla firefox\plugin-container.exe |
"UDP Query User{F550517C-C88A-4A60-9CD3-7FBAC034C10D}C:\program files\java\jre6\bin\javaw.exe" = protocol=17 | dir=in | app=c:\program files\java\jre6\bin\javaw.exe |
"UDP Query User{FF497F51-7880-4C9F-8AD3-CFF39A3C574A}C:\windows\explorer.exe" = protocol=17 | dir=in | app=c:\windows\explorer.exe |
========== HKEY_LOCAL_MACHINE Uninstall List ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"_{7F05E704-30A6-421A-97A7-8EEB1C7FF010}" = CorelDRAW(R) Graphics Suite X4
"_{CE2DA11A-917F-4CF5-AB55-755EC115DD10}" = CorelDRAW(R) Graphics Suite X4 - Windows Shell Extension
"{0001B4FD-9EA3-4D90-A79E-FD14BA3AB01D}" = PDFCreator
"{002D9D5E-29BA-3E6D-9BC4-3D7D6DBC735C}" = Microsoft Visual C++ 2008 ATL Update kb973924 - x86 9.0.30729.4148
"{0289B18A-F99F-423F-B79F-1150D0F85492}" = HP Wireless Assistant
"{028ED9C4-25EE-4DEE-9CF4-91034BC89B18}" = Microsoft SQL Server 2005 Express Edition (MSSMLBIZ)
"{0394CDC8-FABD-4ED8-B104-03393876DFDF}" = Roxio Creator Tools
"{03D1988F-469F-4843-8E6E-E5FE9D17889D}" = HP Integrated Module with Bluetooth wireless technology 6.0.1.4900
"{052FDD78-A6EA-3187-8386-C82F4CA3A929}" = Microsoft .NET Framework 3.5 Language Pack SP1 - deu
"{07629207-FAA0-4F1A-8092-BF5085BE511F}" = Unterstützungsdateien für das Microsoft SQL Server-Setup (Englisch)
"{07FCBED5-94C3-4F94-B9D3-360FA27C7B06}" = Microsoft Windows SDK for Visual Studio 2008 Express Tools for Win32
"{082702D5-5DD8-4600-BCE5-48B15174687F}" = HP Doc Viewer
"{0D397393-9B50-4C52-84D5-77E344289F87}" = Roxio Creator Data
"{13F3917B56CD4C25848BDC69916971BB}" = DivX Converter
"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
"{20C45B32-5AB6-46A4-94EF-58950CAF05E5}" = EPSON Attach To Email
"{254C37AA-6B72-4300-84F6-98A82419187E}" = ActiveCheck component for HP Active Support Library
"{26A24AE4-039D-4CA4-87B4-2F83216030FF}" = Java(TM) 6 Update 30
"{2A88F1BF-7041-4E42-84B1-6B4ACB83AC64}" = EPSON Scan Assistant
"{2B091530-69AA-442E-AB09-39ED06B58220}" = Windows Live Messenger
"{2DB165DC-DDB4-403F-B985-19F3EC7D0357}" = HP ProtectTools Security Manager
"{2EB81825-E9EE-44F4-8F51-1240C3898DC6}" = EPSON File Manager
"{30465B6C-B53F-49A1-9EBA-A3F187AD502E}" = Roxio Update Manager
"{33C65B6A-5D73-4E3E-A1F9-127C27BD3F72}" = Roxio MyDVD Basic v9
"{34D2AB40-150D-475D-AE32-BD23FB5EE355}" = HP Quick Launch Buttons 6.20 G2
"{35E1EC43-D4FC-4E4A-AAB3-20DDA27E8BB0}" = Roxio Activation Module
"{3912A629-0020-0005-3131-2FBA74D4DF0A}" = InterVideo WinDVD
"{3C3901C5-3455-3E0A-A214-0B093A5070A6}" = Microsoft .NET Framework 4 Client Profile
"{3F9F7336-6DF8-476F-ABF6-C70A17FAF619}" = ST Wiederherstellungs- & Sicherungsprogramme
"{3FC7CBBC4C1E11DCA1A752EA55D89593}" = DivX Version Checker
"{41977E38-C671-4383-96F2-D2C83A815EB4}" = Vista Default Settings
"{44A27085-0616-4181-A0C3-81C7ECA17F73}" = CorelDRAW Graphics Suite X4
"{45A66726-69BC-466B-A7A4-12FCBA4883D7}" = HiJackThis
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{4cb9f93c-9edc-4be9-ae61-af128ddbecfa}" = Business Contact Manager für Outlook 2007 SP2
"{50120000-1105-0000-0000-0000000FF1CE}" = Microsoft Office 2007 Primary Interop Assemblies
"{521F72F4-FFE4-4959-AA88-EED06125211F}" = HP Notebook Accessories Product Tour
"{55B52830-024A-443E-AF61-61E1E71AFA1B}" = Device Access Manager for HP ProtectTools
"{5783F2D7-5001-0409-0002-0060B0CE6BBA}" = AutoCAD 2007 - English
"{584B0895-8EF3-4175-8E80-1B68BFA04636}" = HP Help and Support
"{5A3C1721-F8ED-11E0-8AFB-B8AC6F97B88E}" = Google Earth
"{5D97A4A7-C274-4B63-86D9-07A33435F505}" = InterVideo DVD Check
"{5EE7D259-D137-4438-9A5F-42F432EC0421}" = VC80CRTRedist - 8.0.50727.4053
"{619CDD8A-14B6-43A1-AB6C-0F4EE48CE048}" = Roxio Creator Copy
"{65DA2EC9-0642-47E9-AAE2-B5267AA14D75}" = Activation Assistant for the 2007 Microsoft Office suites
"{6675CA7F-E51B-4F6A-99D4-F8F0124C6EAA}" = Roxio Express Labeler 3
"{669D4A35-146B-4314-89F1-1AC3D7B88367}" = HPAsset component for HP Active Support Library
"{67EDD823-135A-4D59-87BD-950616D6E857}" = EPSON Copy Utility 3
"{69333A04-5134-40A5-A055-9166A7AA1EC8}" =
"{6956856F-B6B3-4BE0-BA0B-8F495BE32033}" = Apple Software Update
"{69FDFBB6-351D-4B8C-89D8-867DC9D0A2A4}" = Windows Media Player Firefox Plugin
"{6D3DB611-D5E8-4E4B-8952-0D3F549F9CC6}" = HP Active Support Library 32 bit components
"{70CEFEBA-F757-4DBE-8A21-027C326137CE}" = Application Installer 4.00.B14
"{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}" = Microsoft Visual C++ 2005 Redistributable
"{770657D0-A123-3C07-8E44-1C83EC895118}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
"{7A7B0BF3-2F00-4F03-8A9B-6ABCC07B90C6}" = Windows Live installer
"{7CA4EF4B-DB5A-4E2F-81CC-6EE33FC9EF1E}" = HP User Guides 0084
"{7F05E704-30A6-421A-97A7-8EEB1C7FF010}" = CorelDRAW Graphics SUite X4 - ICA
"{7F05E704-30A6-421A-97A7-8EEB1C7FF012}" = CorelDRAW Graphics Suite X4 - Capture
"{7F05E704-30A6-421A-97A7-8EEB1C7FF013}" = CorelDRAW Graphics Suite X4 - Draw
"{7F05E704-30A6-421A-97A7-8EEB1C7FF014}" = CorelDRAW Graphics Suite X4 - PP
"{7F05E704-30A6-421A-97A7-8EEB1C7FF016}" = CorelDRAW Graphics Suite X4 - Content
"{7F05E704-30A6-421A-97A7-8EEB1C7FF017}" = CorelDRAW Graphics Suite X4 - Filters
"{7F05E704-30A6-421A-97A7-8EEB1C7FF019}" = CorelDRAW Graphics Suite X4 - FontNav
"{818ABC3C-635C-4651-8183-D0E9640B7DD1}" = HP Update
"{82F2B38B-1426-443D-874C-AC25675E7BEB}" = Windows Live Mail
"{83FFCFC7-88C6-41C6-8752-958A45325C82}" = Roxio Creator Audio
"{842FAF7C-50EF-4463-9B8F-6222E1384D7D}" = Microsoft Windows SDK for Visual Studio 2008 Headers and Libraries
"{86CE85E6-DBAC-3FFD-B977-E4B79F83C909}" = Microsoft Visual C++ 2008 Redistributable - KB2467174 - x86 9.0.30729.5570
"{886F91D5-4B45-45DC-938E-6B0276C6B015}" = Solid Edge V20
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{8A25392D-C5D2-4E79-A2BD-C15DDC5B0959}" = Bonjour
"{8D1E61D1-1395-4E97-997F-D002DB3A5074}" = OpenOffice.org 3.2
"{8D337F77-BE7F-41A2-A7CB-D5A63FD7049B}" = Sonic CinePlayer Decoder Pack
"{8DAC1AE4-33D1-4A78-8A42-00E09EDECC3E}" = Camera RAW Plug-In for EPSON Creativity Suite
"{8DC42D05-680B-41B0-8878-6C14D24602DB}" = QuickTime
"{90120000-0015-0407-0000-0000000FF1CE}" = Microsoft Office Access MUI (German) 2007
"{90120000-0015-0407-0000-0000000FF1CE}_ENTERPRISE_{9BD40163-B95D-4B07-8991-0AB775B6D88B}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0016-0407-0000-0000000FF1CE}" = Microsoft Office Excel MUI (German) 2007
"{90120000-0016-0407-0000-0000000FF1CE}_ENTERPRISE_{9BD40163-B95D-4B07-8991-0AB775B6D88B}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0018-0407-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (German) 2007
"{90120000-0018-0407-0000-0000000FF1CE}_ENTERPRISE_{9BD40163-B95D-4B07-8991-0AB775B6D88B}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0019-0407-0000-0000000FF1CE}" = Microsoft Office Publisher MUI (German) 2007
"{90120000-0019-0407-0000-0000000FF1CE}_ENTERPRISE_{9BD40163-B95D-4B07-8991-0AB775B6D88B}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-001A-0407-0000-0000000FF1CE}" = Microsoft Office Outlook MUI (German) 2007
"{90120000-001A-0407-0000-0000000FF1CE}_ENTERPRISE_{9BD40163-B95D-4B07-8991-0AB775B6D88B}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-001B-0407-0000-0000000FF1CE}" = Microsoft Office Word MUI (German) 2007
"{90120000-001B-0407-0000-0000000FF1CE}_ENTERPRISE_{9BD40163-B95D-4B07-8991-0AB775B6D88B}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-001F-0407-0000-0000000FF1CE}" = Microsoft Office Proof (German) 2007
"{90120000-001F-0407-0000-0000000FF1CE}_ENTERPRISE_{A0516415-ED61-419A-981D-93596DA74165}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2007
"{90120000-001F-0409-0000-0000000FF1CE}_ENTERPRISE_{ABDDE972-355B-4AF1-89A8-DA50B7B5C045}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2007
"{90120000-001F-040C-0000-0000000FF1CE}_ENTERPRISE_{F580DDD5-8D37-4998-968E-EBB76BB86787}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-001F-0410-0000-0000000FF1CE}" = Microsoft Office Proof (Italian) 2007
"{90120000-001F-0410-0000-0000000FF1CE}_ENTERPRISE_{322296D4-1EAE-4030-9FBC-D2787EB25FA2}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-002C-0407-0000-0000000FF1CE}" = Microsoft Office Proofing (German) 2007
"{90120000-0030-0000-0000-0000000FF1CE}" = Microsoft Office Enterprise 2007
"{90120000-0030-0000-0000-0000000FF1CE}_ENTERPRISE_{0B36C6D6-F5D8-4EAF-BF94-4376A230AD5B}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0030-0000-0000-0000000FF1CE}_ENTERPRISE_{3D019598-7B59-447A-80AE-815B703B84FF}" = Security Update for Microsoft Office system 2007 (972581)
"{90120000-0044-0407-0000-0000000FF1CE}" = Microsoft Office InfoPath MUI (German) 2007
"{90120000-0044-0407-0000-0000000FF1CE}_ENTERPRISE_{9BD40163-B95D-4B07-8991-0AB775B6D88B}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-006E-0407-0000-0000000FF1CE}" = Microsoft Office Shared MUI (German) 2007
"{90120000-006E-0407-0000-0000000FF1CE}_ENTERPRISE_{26454C26-D259-4543-AA60-3189E09C5F76}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-00A1-0407-0000-0000000FF1CE}" = Microsoft Office OneNote MUI (German) 2007
"{90120000-00A1-0407-0000-0000000FF1CE}_ENTERPRISE_{9BD40163-B95D-4B07-8991-0AB775B6D88B}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-00BA-0407-0000-0000000FF1CE}" = Microsoft Office Groove MUI (German) 2007
"{90120000-00BA-0407-0000-0000000FF1CE}_ENTERPRISE_{9BD40163-B95D-4B07-8991-0AB775B6D88B}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90140000-2005-0000-0000-0000000FF1CE}" = Microsoft Office File Validation Add-In
"{90A40407-6000-11D3-8CFE-0150048383C9}" = Microsoft Office 2003 Web Components
"{91810AFC-A4F8-4EBA-A5AA-B198BBC81144}" = InterVideo WinDVD
"{976C2B2A-CE59-4AB3-83FB-BF895E28F2E6}" = Apple Mobile Device Support
"{989112B0-74DB-4A40-932F-580049CD0B97}" = Visual Basic for Applications (R) Core - German
"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
"{9B8E1C10-3952-48D3-BC66-F223DDC3A556}" = Firefox 3.6 WEB.DE Edition
"{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
"{9D0798D0-AF6C-4E62-94B1-AEBF1A43E00A}" = CorelDRAW Graphics Suite X4 - IPM
"{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper
"{A939D341-5A04-4E0A-BB55-3E65B386432D}" = Microsoft Office Small Business Connectivity Components
"{AA59DDE4-B672-4621-A016-4C248204957A}" = Skype™ 5.5
"{AB5E289E-76BF-4251-9F3F-9B763F681AE0}" = HP Customer Experience Enhancements
"{AC76BA86-7AD7-1031-7B44-AA1000000001}" = Adobe Reader X (10.1.2) - Deutsch
"{AC76BA86-7AD7-5670-0000-800000000003}" = Korean Fonts Support For Adobe Reader 8
"{AEFBAC58-2DDD-4CEF-BDFD-52A5A5F432ED}" = CorelDRAW Graphics Suite X4 - Lang DE
"{B13A7C41581B411290FBC0395694E2A9}" = DivX Converter
"{B2544A03-10D0-4E5E-BA69-0362FFC20D18}" = OGA Notifier 2.0.0048.0
"{B4092C6D-E886-4CB2-BA68-FE5A88D31DE6}_is1" = Spybot - Search & Destroy
"{B571B309-5E65-3DCE-8DE7-205DE2D366C3}" = Microsoft Visual C++ 2008 Express Edition - DEU
"{B61D21B6-469D-4423-B161-62DB20B8A70E}" = Visual Basic for Applications (R) Core - English
"{B66E665A-DF96-4C38-9422-C7F74BC1B4E5}" = EPSON Easy Photo Print
"{B6CF2967-C81E-40C0-9815-C05774FEF120}" = Skype Click to Call
"{BBE5C83E-4DC5-494F-8A23-3AAE242E94C2}" = HP Easy Setup - Frontend
"{BC35397E-6A05-4E93-8418-1BA7CD2B7AAB}" = BIOS Configuration for HP ProtectTools
"{BF439B41-0252-48DE-8B8B-0430CB26A181}" = CorelDRAW Graphics Suite X4 - VBA
"{C07B8BC4-AFD9-3AA4-BDF5-330A07591FDE}" = Microsoft Windows SDK for Visual Studio 2008 Express Tools for .NET Framework
"{C656142F-EFE1-44CD-BFAD-6CBC6DCB9860}" = Vodafone Mobile Connect Lite
"{C8B0680B-CDAE-4809-9F91-387B6DE00F7C}" = Roxio Creator Basic v9
"{CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}" = Microsoft .NET Framework 1.1
"{CDDCBBF1-2703-46BC-938B-BCC81A1EEAAA}" = SUPERAntiSpyware
"{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1
"{CE2DA11A-917F-4CF5-AB55-755EC115DD10}" = CorelDRAW(R) Graphics Suite X4 - Windows Shell Extension
"{D98B6344-98EC-4196-9D61-DB0E8420C7C8}" = ESU for Microsoft Vista
"{D9B4D7EE-481C-4C36-86AB-A8F7417725FF}" = LightScribe 1.6.43.1
"{DB81779E-7CC5-4630-BCFC-754004956444}" = Visual Basic for Applications (R) Core
"{DBA4DB9D-EE51-4944-A419-98AB1F1249C8}" = LiveUpdate Notice (Symantec Corporation)
"{DDDE0BE3-0CBE-4BF6-B75A-E3F69C947843}" = iTunes
"{E12C6653-1FF0-4686-ADB8-589C13AE761F}" = Citavi
"{E3723A04-A894-4036-A78E-282E18F43C0A}_is1" = Tinypic 3.14
"{E503B4BF-F7BB-3D5F-8BC8-F694B1CFF942}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022.218
"{E59A46D4-699C-4DC8-969F-DAC3395B4543}" = HP Active Support Library
"{E78BFA60-5393-4C38-82AB-E8019E464EB4}" = Microsoft .NET Framework 1.1 German Language Pack
"{E8334783-E2F9-4CA6-86F8-090051418F09}" = Mathcad 13
"{E9021599-1E2A-4027-A1CC-40E42A08603C}" = RETScreen Version 4
"{F0A37341-D692-11D4-A984-009027EC0A9C}" = SoundMAX
"{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}" = Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219
"{F18DB86D-BC16-4E01-BCCE-63F62B931D82}" = InterVideo Register Manager
"{F1FCC8AD-0F88-4D77-8530-0FBB088485F1}" = WEB.DE Update
"{F46E21DF-5BE1-48E2-8390-5EEA8B25E36A}" = Microsoft SQL Server Native Client
"{F750C986-5310-3A5A-95F8-4EC71C8AC01C}" = Microsoft .NET Framework 4 Client Profile DEU Language Pack
"{FDE96E86-7780-431C-92F7-679C6A7CEC51}" = Microsoft SQL Server VSS Writer
"{FEA36347-ADBE-423F-A1B2-74A3C3BCE15E}" = RETScreen
"{FF29527A-44CD-3422-945E-981A13584000}" = VC Runtimes MSI
"{FF66E9F6-83E7-3A3E-AF14-8DE9A809A6A4}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022
"1489-3350-5074-6281" = JDownloader 0.9
"Activation Assistant for the 2007 Microsoft Office suites" = Activation Assistant for the 2007 Microsoft Office suites
"Adobe Flash Player ActiveX" = Adobe Flash Player 10 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 11 Plugin
"Agere Systems Soft Modem" = Agere Systems HDA Modem
"AOL Toolbar" = AOL Toolbar 5.0
"Aspell" = Aspell Data
"Aspell6-Dictionary-de" = Aspell 0.6 Dictionary (Language: de)
"Aspell6-Dictionary-en" = Aspell 0.6 Dictionary (Language: en)
"Autodesk DWF Viewer" = Autodesk DWF Viewer
"Avira AntiVir Desktop" = Avira Free Antivirus
"Broadcom 802.11b Network Adapter" = Broadcom 802.11 Wireless LAN Adapter
"Business Contact Manager" = Business Contact Manager für Outlook 2007 SP2
"CCleaner" = CCleaner
"Citrix ICA Web Client" = Citrix ICA Web Client
"CX4300_5500_DX4400 Handbuch" = CX4300_5500_DX4400 Handbuch
"DivX Plus DirectShow Filters" = DivX Plus DirectShow Filters
"DivX Setup.divx.com" = DivX-Setup
"EES - Engineering Equation Solver" = EES - Engineering Equation Solver
"ENTERPRISE" = Microsoft Office Enterprise 2007
"EPSON Printer and Utilities" = EPSON-Drucker-Software
"EPSON Scanner" = EPSON Scan
"ESET Online Scanner" = ESET Online Scanner v3
"FinePrint" = FinePrint
"Firefox 3.6 WEB.DE Edition" = Firefox 3.6 WEB.DE Edition
"Google Updater" = Google Updater
"HDMI" = Intel(R) Graphics Media Accelerator Driver
"HomepageFIX_is1" = HomepageFIX
"InstallShield_{20C45B32-5AB6-46A4-94EF-58950CAF05E5}" = EPSON Attach To Email
"INTERACTIVE ENGLISH VM" = INTERACTIVE ENGLISH VM (Insert CD-ROM)
"LiveUpdate" = LiveUpdate 3.2 (Symantec Corporation)
"LyX" = LyX 1.6.7-4
"Malwarebytes' Anti-Malware_is1" = Malwarebytes Anti-Malware Version 1.60.1.1000
"MatlabR14SP3" = MATLAB 7.1
"MatlabR2010a" = MATLAB R2010a
"Microsoft .NET Framework 1.1 (1033)" = Microsoft .NET Framework 1.1
"Microsoft .NET Framework 3.5 Language Pack SP1 - deu" = Microsoft .NET Framework 3.5 Language Pack SP1 - DEU
"Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1
"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile
"Microsoft .NET Framework 4 Client Profile DEU Language Pack" = Microsoft .NET Framework 4 Client Profile DEU Language Pack
"Microsoft SQL Server 2005" = Microsoft SQL Server 2005
"Microsoft Visual C++ 2008 Express Edition - DEU" = Microsoft Visual C++ 2008 Express Edition - DEU
"MiKTeX 2.8" = MiKTeX 2.8
"Mozilla Firefox 9.0.1 (x86 de)" = Mozilla Firefox 9.0.1 (x86 de)
"NimoCorp" = Nimo Codecs Pack v5.0 (Remove Only)
"PDFCreator Toolbar" = PDFCreator Toolbar
"PROSet" = Intel(R) PRO Network Connections Drivers
"R for Windows 2.10.1_is1" = R for Windows 2.10.1
"SecureW2 EAP Suite" = SecureW2 EAP Suite 1.1.1 for Windows
"SynTPDeinstKey" = Synaptics Pointing Device Driver
"TeXnicCenter_is1" = TeXnicCenter Version 1.0 Stable RC1
"Tinn-R_is1" = Tinn-R 2.3.5.2
"VirtualCloneDrive" = VirtualCloneDrive
"WEB.DE Update" = WEB.DE Update
"WinRAR archiver" = WinRAR
"Words_of_Dhamma" = Words of Dhamma
========== HKEY_CURRENT_USER Uninstall List ==========
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"Dropbox" = Dropbox
========== Last 10 Event Log Errors ==========
[ Application Events ]
Error - 02.02.2012 14:09:17 | Computer Name = home | Source = VMCService | ID = 0
Description = conflictManagerTypeValue
Error - 02.02.2012 14:11:00 | Computer Name = home | Source = matlabserver | ID = 0
Description =
Error - 02.02.2012 14:12:05 | Computer Name = home | Source = matlabserver | ID = 0
Description =
Error - 02.02.2012 14:14:53 | Computer Name = home | Source = Application Hang | ID = 1002
Description = Programm Explorer.EXE, Version 6.0.6002.18005 arbeitet nicht mehr
mit Windows zusammen und wurde beendet. Überprüfen Sie den Problemverlauf im Applet
"Lösungen für Probleme" in der Systemsteuerung, um nach weiteren Informationen
über das Problem zu suchen. Prozess-ID: bb8 Anfangszeit: 01cce1d5c5386a2f Zeitpunkt
der Beendigung: 31
Error - 02.02.2012 14:17:06 | Computer Name = home | Source = VSS | ID = 8194
Description =
Error - 02.02.2012 14:22:04 | Computer Name = home | Source = VMCService | ID = 0
Description = conflictManagerTypeValue
Error - 02.02.2012 14:23:52 | Computer Name = home | Source = matlabserver | ID = 0
Description =
Error - 02.02.2012 14:24:39 | Computer Name = home | Source = VMCService | ID = 0
Description = GetProcessOwner
Error - 02.02.2012 14:24:57 | Computer Name = home | Source = matlabserver | ID = 0
Description =
Error - 02.02.2012 14:32:39 | Computer Name = home | Source = VMCService | ID = 0
Description = conflictManagerTypeValue
[ OSession Events ]
Error - 17.05.2011 13:30:32 | Computer Name = home | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 6, Application Name: Microsoft Office Outlook, Application Version:
12.0.6557.5001, Microsoft Office Version: 12.0.6425.1000. This session lasted 127
seconds with 0 seconds of active time. This session ended with a crash.
Error - 27.09.2011 17:53:23 | Computer Name = home | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 1, Application Name: Microsoft Office Excel, Application Version:
12.0.6565.5003, Microsoft Office Version: 12.0.6425.1000. This session lasted 3821
seconds with 0 seconds of active time. This session ended with a crash.
Error - 29.09.2011 00:46:13 | Computer Name = home | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 1, Application Name: Microsoft Office Excel, Application Version:
12.0.6565.5003, Microsoft Office Version: 12.0.6425.1000. This session lasted 57324
seconds with 0 seconds of active time. This session ended with a crash.
Error - 06.10.2011 08:42:59 | Computer Name = home | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 1, Application Name: Microsoft Office Excel, Application Version:
12.0.6565.5003, Microsoft Office Version: 12.0.6425.1000. This session lasted 1869
seconds with 0 seconds of active time. This session ended with a crash.
Error - 28.10.2011 16:55:25 | Computer Name = home | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 1, Application Name: Microsoft Office Excel, Application Version:
12.0.6565.5003, Microsoft Office Version: 12.0.6425.1000. This session lasted 1846
seconds with 0 seconds of active time. This session ended with a crash.
Error - 15.11.2011 12:58:43 | Computer Name = home | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 1, Application Name: Microsoft Office Excel, Application Version:
12.0.6565.5003, Microsoft Office Version: 12.0.6425.1000. This session lasted 2604
seconds with 0 seconds of active time. This session ended with a crash.
Error - 19.11.2011 12:19:45 | Computer Name = home | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 1, Application Name: Microsoft Office Excel, Application Version:
12.0.6565.5003, Microsoft Office Version: 12.0.6425.1000. This session lasted 129
seconds with 120 seconds of active time. This session ended with a crash.
Error - 27.11.2011 10:29:41 | Computer Name = home | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 1, Application Name: Microsoft Office Excel, Application Version:
12.0.6565.5003, Microsoft Office Version: 12.0.6425.1000. This session lasted 1007
seconds with 0 seconds of active time. This session ended with a crash.
Error - 27.11.2011 10:35:47 | Computer Name = home | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 1, Application Name: Microsoft Office Excel, Application Version:
12.0.6565.5003, Microsoft Office Version: 12.0.6425.1000. This session lasted 1240
seconds with 0 seconds of active time. This session ended with a crash.
Error - 06.12.2011 16:14:30 | Computer Name = home | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 1, Application Name: Microsoft Office Excel, Application Version:
12.0.6565.5003, Microsoft Office Version: 12.0.6425.1000. This session lasted 49
seconds with 0 seconds of active time. This session ended with a crash.
[ System Events ]
Error - 13.09.2008 14:11:21 | Computer Name = home | Source = BTHUSB | ID = 327697
Description = Der lokale Bluetooth-Adapter ist aus einem unbekannten Grund fehlgeschlagen
und wird nicht verwendet. Der Treiber wurde entladen.
Error - 13.09.2008 16:42:17 | Computer Name = home | Source = Service Control Manager | ID = 7031
Description =
Error - 13.09.2008 16:43:35 | Computer Name = home | Source = Service Control Manager | ID = 7031
Description =
Error - 13.09.2008 17:05:46 | Computer Name = home | Source = DCOM | ID = 10010
Description =
Error - 14.09.2008 15:20:47 | Computer Name = home | Source = Service Control Manager | ID = 7011
Description =
Error - 14.09.2008 15:20:48 | Computer Name = home | Source = BTHUSB | ID = 327697
Description = Der lokale Bluetooth-Adapter ist aus einem unbekannten Grund fehlgeschlagen
und wird nicht verwendet. Der Treiber wurde entladen.
Error - 15.09.2008 12:39:50 | Computer Name = home | Source = BTHUSB | ID = 327697
Description = Der lokale Bluetooth-Adapter ist aus einem unbekannten Grund fehlgeschlagen
und wird nicht verwendet. Der Treiber wurde entladen.
Error - 17.09.2008 09:50:16 | Computer Name = home | Source = BTHUSB | ID = 327697
Description = Der lokale Bluetooth-Adapter ist aus einem unbekannten Grund fehlgeschlagen
und wird nicht verwendet. Der Treiber wurde entladen.
Error - 17.09.2008 11:43:44 | Computer Name = home | Source = BTHUSB | ID = 327697
Description = Der lokale Bluetooth-Adapter ist aus einem unbekannten Grund fehlgeschlagen
und wird nicht verwendet. Der Treiber wurde entladen.
Error - 17.09.2008 16:43:56 | Computer Name = home | Source = BTHUSB | ID = 327697
Description = Der lokale Bluetooth-Adapter ist aus einem unbekannten Grund fehlgeschlagen
und wird nicht verwendet. Der Treiber wurde entladen.
< End of report >
[/Code] Im Anhan der OTL Text nach dem Kill. Unter Autostarprogramme steht immernoch folgendes: Code:
ATTFilter Dateiname: jashla.exe
Startwert: C:\Users\[...]\AppData\Roaming\jashla.exe
Dateipfad: C:\Users\[...]\AppData\Roaming\jashla.exe
Starttyp: Registrierung: Aktueller Benutzer
Speicherort: Software\Microsoft\Windows\CurrentVersion\Run
Klassifizierung: Deaktiviert
SpyNet-Abstimmung: In Bearbeitung
Ich habe Avira runterzuladen und zu installieren, schon 3 mal, aber immer sagt Avira am Ende, dass bei der Installation ein Fehler aufgetreten ist. Ich kann das Avira Fenster dann öffnen, aber es gibt ein Problem beim Updaten und mit dem Planer. Wenn der funktionieren würde, dann würde ich auch Spybot löschen. Grüße! PS: Mein Benutzername habe ich wieder durch [...] ersetzt. Geändert von Theo123 (02.02.2012 um 22:00 Uhr) |
|
03.02.2012, 11:29
| #11 | |
| /// Helfer-Team | zufällig bei Autostart-Dateien jashla.exe entdeckt, sonst glaube keine AuffälligkeitenZitat:
1. Deinstalliere unter Systemsteuerung-> Software/Programme: Code:
ATTFilter LiveUpdate 3.2 (Symantec Corporation) Symantec Corporation 18.04.2008 19,4MB 3.2.0.68
LiveUpdate Notice (Symantec Corporation) Symantec Corporation 30.05.2008 7,59MB 1.4.5
läuft unter XP, Vista mit (32Bit) und Windows 7 (32Bit) Achtung!: WENN GMER NICHT AUSGEFÜHRT WERDEN KANN ODER PROBMLEME VERURSACHT, fahre mit dem nächsten Punkt fort!- Es ist NICHT sinnvoll einen zweiten Versuch zu starten! Um einen tieferen Einblick in dein System, um eine mögliche Infektion mit einem Rootkit/Info v.wikipedia.org) aufzuspüren, werden wir ein Tool - Gmer - einsetzen :
** keine Verbindung zu einem Netzwerk und Internet - WLAN nicht vergessen Wenn der Scan beendet ist, bitte alle Programme und Tools wieder aktivieren! Anleitung:-> GMER - Rootkit Scanner 3. Kontrolle mit MBR -t, ob Master Boot Record in Ordnung ist (MBR-Rootkit) Mit dem folgenden Tool prüfen wir, ob sich etwas Schädliches im Master Boot Record eingenistet hat.
4. erneut einen Scan mit OTL:
__________________ Warnung!: Vorsicht beim Rechnungen per Email mit ZIP-Datei als Anhang! Kann mit einen Verschlüsselungs-Trojaner infiziert sein! Anhang nicht öffnen, in unserem Forum erst nachfragen! Sichere regelmäßig deine Daten, auf CD/DVD, USB-Sticks oder externe Festplatten, am besten 2x an verschiedenen Orten! Bitte diese Warnung weitergeben, wo Du nur kannst! Geändert von kira (03.02.2012 um 11:44 Uhr) |
|
| Themen zu zufällig bei Autostart-Dateien jashla.exe entdeckt, sonst glaube keine Auffälligkeiten |
| aufrufe, bildschirm, bka-virus beseitigen, computer, einstellungen, festplatte, frage, fragen, gen, hijack, hijack this, internet, jashla.exe, langsam, neue, neuen, programm, reagiert, speicher, spybot, suche, taskmanager, this, trojaner, vista, voll, windows, windows vista, zufällig, ändern |
.
Linear-Darstellung
