Zurück   Trojaner-Board > Malware entfernen > Log-Analyse und Auswertung

Log-Analyse und Auswertung: Festplatte beschädigt, Daten dahin

Windows 7 Wenn Du Dir einen Trojaner eingefangen hast oder ständig Viren Warnungen bekommst, kannst Du hier die Logs unserer Diagnose Tools zwecks Auswertung durch unsere Experten posten. Um Viren und Trojaner entfernen zu können, muss das infizierte System zuerst untersucht werden: Erste Schritte zur Hilfe. Beachte dass ein infiziertes System nicht vertrauenswürdig ist und bis zur vollständigen Entfernung der Malware nicht verwendet werden sollte.

Antwort
Alt 12.06.2011, 14:47   #1
problem00
 
Festplatte beschädigt, Daten dahin - Standard

Festplatte beschädigt, Daten dahin



Hallo!

Mein Problem wurde bereits hier http://www.trojaner-board.de/99162-t...e-dateien.html schon einmal behandelt.
Es ist auf ähnliche Weise passiert: Beim Starten des Computers kam plötzlich die Fehlmeldung "Festplatte beschädigt" u.w, der Laptop stürzte ab und dann waren die Daten weg. Internet funktioniert, aber alles andere ist dahin.

Ich habe bis jetzt sicherheitshalber noch keine Aktionen durchgeführt.

Mit großer Bitte, dass sich jemand meinem Daten-GAU annimmt danke ich im Voraus!!!
Liebe Grüße

Geändert von problem00 (12.06.2011 um 14:58 Uhr)

Alt 12.06.2011, 15:40   #2
markusg
/// Malware-holic
 
Festplatte beschädigt, Daten dahin - Standard

Festplatte beschädigt, Daten dahin



hi, durchatmen, nichts ist weg, alles ist heil :-)
Systemscan mit OTL
download otl:
http://filepony.de/download-otl/

Doppelklick auf die OTL.exe
(user von Windows 7 und Vista: Rechtsklick als Administrator ausführen)
1. Oben findest Du ein Kästchen mit Output. Wähle bitte Minimal Output
2. Hake an "scan all users"
3. Unter "Extra Registry wähle:
"Use Safelist" "LOP Check" "Purity Check"
4. Kopiere in die Textbox:
netsvcs
msconfig
safebootminimal
safebootnetwork
activex
drivers32
%ALLUSERSPROFILE%\Application Data\*.
%ALLUSERSPROFILE%\Application Data\*.exe /s
%APPDATA%\*.
%APPDATA%\*.exe /s
%SYSTEMDRIVE%\*.exe
/md5start
userinit.exe
eventlog.dll
scecli.dll
netlogon.dll
cngaudit.dll
ws2ifsl.sys
sceclt.dll
ntelogon.dll
winlogon.exe
logevent.dll
user32.DLL
explorer.exe
iaStor.sys
nvstor.sys
atapi.sys
IdeChnDr.sys
viasraid.sys
AGP440.sys
vaxscsi.sys
nvatabus.sys
viamraid.sys
nvata.sys
nvgts.sys
iastorv.sys
ViPrt.sys
eNetHook.dll
ahcix86.sys
KR10N.sys
nvstor32.sys
ahcix86s.sys
/md5stop
%systemroot%\system32\drivers\*.sys /lockedfiles
%systemroot%\System32\config\*.sav
%systemroot%\*. /mp /s
%systemroot%\system32\*.dll /lockedfiles
CREATERESTOREPOINT
5. Klicke "Scan"
6. 2 reporte werden erstellt:
OTL.Txt
Extras.Txt
beide posten
__________________

__________________

Alt 12.06.2011, 19:11   #3
problem00
 
Festplatte beschädigt, Daten dahin - Standard

Festplatte beschädigt, Daten dahin



Danke vielmals für die schnelle Antwort!

OTLOTL Logfile:
Code:
ATTFilter
OTL logfile created on: 11.06.2011 22:36:09 - Run 1
OTL by OldTimer - Version 3.2.24.0     Folder = C:\Users\Claudia\Downloads
Windows Vista Home Premium Edition Service Pack 1 (Version = 6.0.6001) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.19048)
Locale: 00000C07 | Country: Österreich | Language: DEA | Date Format: dd.MM.yyyy
 
2,93 Gb Total Physical Memory | 1,18 Gb Available Physical Memory | 40,22% Memory free
6,08 Gb Paging File | 4,25 Gb Available in Paging File | 69,88% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 222,88 Gb Total Space | 140,17 Gb Free Space | 62,89% Space Free | Partition Type: NTFS
Unable to calculate disk information.
 
Computer Name: BERND-PC | User Name: Claudia | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
 
========== Processes (SafeList) ==========
 
PRC - C:\Users\Claudia\Downloads\OTL.exe (OldTimer Tools)
PRC - C:\ProgramData\36429560.exe (Microsoft Corporation)
PRC - C:\ProgramData\ECXHYIMSihMUVK.exe (Microsoft Corporation)
PRC - C:\Programme\Uniblue\RegistryBooster\rbmonitor.exe (Uniblue Systems Limited)
PRC - C:\Programme\Malwarebytes' Anti-Malware\mbam.exe (Malwarebytes Corporation)
PRC - C:\Programme\Google\Google Toolbar\GoogleToolbarUser_32.exe (Google Inc.)
PRC - C:\Programme\Ask.com\Updater\Updater.exe (Ask)
PRC - C:\Programme\Fighters\SLOW-PCfighter\SLOW-PCfighter.exe (SPAMfighter ApS)
PRC - C:\Users\Claudia\AppData\Roaming\Microsoft\Windows\twkpxev.exe ()
PRC - C:\Users\Claudia\AppData\Roaming\GabPath\gabpath.exe ()
PRC - C:\Programme\Mozilla Firefox\firefox.exe (Mozilla Corporation)
PRC - C:\Programme\Internet Explorer\iexplore.exe (Microsoft Corporation)
PRC - C:\Programme\SweetIM\Messenger\SweetIM.exe (SweetIM Technologies Ltd.)
PRC - C:\Programme\DivX\DivX Update\DivXUpdate.exe ()
PRC - C:\Programme\Duden\Duden Korrektor\DKTray.exe (Expert System S.p.A.)
PRC - C:\Programme\Duden\Duden-Bibliothek\dudenbib.exe (Bibliographisches Institut GmbH)
PRC - C:\Programme\Norton Internet Security\Engine\17.8.0.5\ccsvchst.exe (Symantec Corporation)
PRC - C:\Programme\McAfee Security Scan\2.0.181\SSScheduler.exe (McAfee, Inc.)
PRC - C:\Windows\System32\HPSIsvc.exe (HP)
PRC - C:\Programme\GMX\LiveUpdate\m2LUTray.exe ()
PRC - C:\Programme\HP\HPLaserJetService\HPLaserJetService.exe (HP)
PRC - C:\Users\Claudia\AppData\Local\Temp\RtkBtMnt.exe (Realtek Semiconductor Corp.)
PRC - C:\Programme\eMachines\eMachines Power Management\ePowerTray.exe (Acer Incorporated)
PRC - C:\Programme\eMachines\eMachines Power Management\ePowerSvc.exe (Acer Incorporated)
PRC - C:\Programme\eMachines\eMachines Power Management\ePowerEvent.exe (Acer Incorporated)
PRC - C:\Programme\Launch Manager\LManager.exe (Dritek System Inc.)
PRC - C:\Programme\Windows Live\Messenger\msnmsgr.exe (Microsoft Corporation)
PRC - C:\Windows\explorer.exe (Microsoft Corporation)
PRC - C:\Programme\Microsoft Office\Office12\GrooveMonitor.exe (Microsoft Corporation)
PRC - C:\Programme\Windows Media Player\wmpnetwk.exe (Microsoft Corporation)
PRC - C:\Programme\Windows Media Player\wmpnscfg.exe (Microsoft Corporation)
PRC - C:\Windows\System32\WerFault.exe (Microsoft Corporation)
PRC - C:\Programme\Sony Ericsson\Mobile2\Application Launcher\Application Launcher.exe ()
PRC - C:\Programme\Common Files\Teleca Shared\Generic.exe (Teleca AB)
PRC - C:\Programme\Common Files\InterVideo\RegMgr\iviRegMgr.exe (InterVideo)
 
 
========== Modules (SafeList) ==========
 
MOD - C:\Users\Claudia\Downloads\OTL.exe (OldTimer Tools)
MOD - C:\Programme\Norton Internet Security\Engine\17.8.0.5\asoehook.dll (Symantec Corporation)
MOD - C:\Windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.6001.18523_none_5cdd65e20837faf2\comctl32.dll (Microsoft Corporation)
MOD - C:\Programme\Norton Internet Security\Engine\17.8.0.5\microsoft.vc90.crt\msvcr90.dll (Microsoft Corporation)
MOD - C:\Programme\Norton Internet Security\Engine\17.8.0.5\microsoft.vc90.crt\msvcp90.dll (Microsoft Corporation)
MOD - C:\Programme\eMachines\eMachines Power Management\SysHook.dll (Acer Incorporated)
 
 
========== Win32 Services (SafeList) ==========
 
SRV - (MBAMService) -- C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe (Malwarebytes Corporation)
SRV - (NIS) -- C:\Program Files\Norton Internet Security\Engine\17.8.0.5\ccSvcHst.exe (Symantec Corporation)
SRV - (McComponentHostService) -- C:\Program Files\McAfee Security Scan\2.0.181\McCHSvc.exe (McAfee, Inc.)
SRV - (HPSIService) -- C:\Windows\System32\HPSIsvc.exe (HP)
SRV - (HP LaserJet Service) -- C:\Program Files\HP\HPLaserJetService\HPLaserJetService.exe (HP)
SRV - (ePowerSvc) -- C:\Programme\eMachines\eMachines Power Management\ePowerSvc.exe (Acer Incorporated)
SRV - (GameConsoleService) -- C:\Program Files\eMachines Games\eMachines Game Console\GameConsoleService.exe (WildTangent, Inc.)
SRV - (WinDefend) -- C:\Programme\Windows Defender\MpSvc.dll (Microsoft Corporation)
SRV - (IviRegMgr) -- C:\Program Files\Common Files\InterVideo\RegMgr\iviRegMgr.exe (InterVideo)
 
 
========== Driver Services (SafeList) ==========
 
DRV - (BHDrvx86) -- C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_17.0.0.136\Definitions\BASHDefs\20100901.003\BHDrvx86.sys (Symantec Corporation)
DRV - (IDSVix86) -- C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_17.0.0.136\Definitions\IPSDefs\20100914.003\IDSvix86.sys (Symantec Corporation)
DRV - (eeCtrl) -- C:\Programme\Common Files\Symantec Shared\EENGINE\eeCtrl.sys (Symantec Corporation)
DRV - (EraserUtilRebootDrv) -- C:\Programme\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys (Symantec Corporation)
DRV - (SYMTDIv) -- C:\Windows\System32\Drivers\NIS\1108000.005\SYMTDIV.SYS (Symantec Corporation)
DRV - (SymIRON) -- C:\Windows\system32\drivers\NIS\1108000.005\Ironx86.SYS (Symantec Corporation)
DRV - (SymEFA) -- C:\Windows\system32\drivers\NIS\1108000.005\SYMEFA.SYS (Symantec Corporation)
DRV - (SRTSP) -- C:\Windows\System32\Drivers\NIS\1108000.005\SRTSP.SYS (Symantec Corporation)
DRV - (SRTSPX) Symantec Real Time Storage Protection (PEL) -- C:\Windows\system32\drivers\NIS\1108000.005\SRTSPX.SYS (Symantec Corporation)
DRV - (ccHP) -- C:\Windows\system32\drivers\NIS\1108000.005\ccHPx86.sys (Symantec Corporation)
DRV - (mvusbews) -- C:\Windows\System32\drivers\mvusbews.sys (Marvell Semiconductor, Inc.)
DRV - (SymDS) -- C:\Windows\system32\drivers\NIS\1108000.005\SYMDS.SYS (Symantec Corporation)
DRV - (SymEvent) -- C:\Windows\System32\drivers\SYMEVENT.SYS (Symantec Corporation)
DRV - (hwdatacard) -- C:\Windows\System32\drivers\ewusbmdm.sys (Huawei Technologies Co., Ltd.)
DRV - (SymIM) -- C:\Windows\System32\drivers\SymIMV.sys (Symantec Corporation)
DRV - (L1C) -- C:\Windows\System32\drivers\L1C60x86.sys (Atheros Communications, Inc.)
DRV - (regi) -- C:\Windows\System32\drivers\regi.sys (InterVideo)
DRV - (s716unic) Sony Ericsson Device 716 USB Ethernet Emulation SEMC716 (WDM) -- C:\Windows\System32\drivers\s716unic.sys (MCCI Corporation)
DRV - (s716obex) -- C:\Windows\System32\drivers\s716obex.sys (MCCI Corporation)
DRV - (s716nd5) Sony Ericsson Device 716 USB Ethernet Emulation SEMC716 (NDIS) -- C:\Windows\System32\drivers\s716nd5.sys (MCCI Corporation)
DRV - (s716mdm) -- C:\Windows\System32\drivers\s716mdm.sys (MCCI Corporation)
DRV - (s716mgmt) Sony Ericsson Device 716 USB WMC Device Management Drivers (WDM) -- C:\Windows\System32\drivers\s716mgmt.sys (MCCI Corporation)
DRV - (s716mdfl) -- C:\Windows\System32\drivers\s716mdfl.sys (MCCI Corporation)
DRV - (s716bus) Sony Ericsson Device 716 driver (WDM) -- C:\Windows\System32\drivers\s716bus.sys (MCCI Corporation)
DRV - (DritekPortIO) -- C:\Programme\Launch Manager\DPortIO.sys (Dritek System Inc.)
 
 
========== Standard Registry (SafeList) ==========
 
 
========== Internet Explorer ==========
 
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://homepage.emachines.com/rdr.aspx?b=ACEW&l=0c07&s=2&o=vp32&d=0609&m=g725
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://home.sweetim.com
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = hxxp://search.babylon.com/?babsrc=SP_ss&q={searchTerms}&mntrId=0e4a8b2100000000000000235ad72633&tlver=1.4.19.19&ss=1&affID=17395
IE - HKLM\..\URLSearchHook: {872b5b88-9db5-4310-bdd0-ac189557e5f5} - C:\Programme\DVDVideoSoftTB\tbDVDV.dll (Conduit Ltd.)
IE - HKLM\..\URLSearchHook: {cc05a3e3-64c3-4af2-bfc1-af0d66b69065} - C:\Programme\softonic-de3\tbsoft.dll (Conduit Ltd.)
IE - HKLM\..\URLSearchHook: {e9911ec6-1bcc-40b0-9993-e0eea7f6953f} - C:\Programme\DVDVideoSoft\tbDVDV.dll (Conduit Ltd.)
 
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://homepage.emachines.com/rdr.aspx?b=ACEW&l=0c07&s=2&o=vp32&d=0609&m=g725
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.google.com
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,SearchDefaultBranded = 1
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Secondary Start Pages = [Binary data over 100 bytes]
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://home.tangotoolbar.com/
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,StartPageCache = 1
IE - HKCU\..\URLSearchHook: {00000000-6E41-4FD3-8538-502F5495E5FC} - C:\Programme\Ask.com\GenericAskToolbar.dll (Ask)
IE - HKCU\..\URLSearchHook: {872b5b88-9db5-4310-bdd0-ac189557e5f5} - C:\Programme\DVDVideoSoftTB\tbDVDV.dll (Conduit Ltd.)
IE - HKCU\..\URLSearchHook: {cc05a3e3-64c3-4af2-bfc1-af0d66b69065} - C:\Programme\softonic-de3\tbsoft.dll (Conduit Ltd.)
IE - HKCU\..\URLSearchHook: {e9911ec6-1bcc-40b0-9993-e0eea7f6953f} - C:\Programme\DVDVideoSoft\tbDVDV.dll (Conduit Ltd.)
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local
 
========== FireFox ==========
 
FF - prefs.js..browser.search.defaultengine: "Ask.com"
FF - prefs.js..browser.search.defaultenginename: "Ask.com"
FF - prefs.js..browser.search.defaultthis.engineName: "Plasmoo"
FF - prefs.js..browser.search.defaulturl: "hxxp://plasmoo.com/index.htm?SearchMashine=true&q={searchTerms}"
FF - prefs.js..browser.search.order.1: "Ask.com"
FF - prefs.js..browser.search.order.2: "amazon.de"
FF - prefs.js..browser.search.order.3: "1und1 Suche"
FF - prefs.js..browser.search.order.4: "amazon.de"
FF - prefs.js..browser.search.selectedEngine: "Search the web (Babylon)"
FF - prefs.js..browser.search.useDBForOrder: true
FF - prefs.js..browser.startup.homepage: "hxxp://search.babylon.com/?babsrc=HP_ss&mntrId=0e4a8b2100000000000000235ad72633&tlver=1.4.19.19&ss=1&affID=17395"
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}:6.0.20
FF - prefs.js..extensions.enabledItems: {872b5b88-9db5-4310-bdd0-ac189557e5f5}:3.3.3.2
FF - prefs.js..extensions.enabledItems: {95f24680-9e31-11da-a746-0800200c9a66}:0.1.5.5
FF - prefs.js..extensions.enabledItems: {ACAA314B-EEBA-48e4-AD47-84E31C44796C}:1.0.1
FF - prefs.js..extensions.enabledItems: {C473DC2B-895F-4E11-B8BF-FF28DFD62829}:1.7.3
FF - prefs.js..extensions.enabledItems: {BBDA0591-3099-440a-AA10-41764D9DB4DB}:2.0
FF - prefs.js..extensions.enabledItems: {2D3F3651-74B9-4795-BDEC-6DA2F431CB62}:4.6
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA}:6.0.23
FF - prefs.js..extensions.enabledItems: {25AAD618-76C8-4E6A-9768-8320705379EC}:1.0
FF - prefs.js..extensions.enabledItems: engine@conduit.com:3.3.3.2
FF - prefs.js..extensions.enabledItems: toolbar@ask.com:3.11.3.15590
FF - prefs.js..extensions.enabledItems: {cc05a3e3-64c3-4af2-bfc1-af0d66b69065}:3.3.3.2
FF - prefs.js..keyword.URL: "hxxp://websearch.ask.com/redirect?client=ff&src=kw&tb=FWV5&o=14197&locale=de_US&apn_uid=DDC4F023-98D7-4B1F-8799-68F8DEFD98C6&apn_ptnrs=FN&apn_sauid=DD386C25-B35F-4986-BD74-00EA7016BA33&apn_dtid=TES002YYAT&q="
 
FF - HKLM\software\mozilla\Firefox\Extensions\\{BBDA0591-3099-440a-AA10-41764D9DB4DB}: C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_17.0.0.136\IPSFFPlgn\ [2010.05.29 12:23:55 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Firefox\Extensions\\{2D3F3651-74B9-4795-BDEC-6DA2F431CB62}: C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_17.0.0.136\coFFPlgn\ [2010.01.28 00:47:11 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Firefox\Extensions\\{4bcdbfd0-fa26-11de-8a39-0800200c9a66}: C:\Users\Claudia\AppData\Roaming\Mozilla\FireFox\{4bcdbfd0-fa26-11de-8a39-0800200c9a66} [2011.06.11 16:19:29 | 000,000,000 | -H-D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 4.0\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2011.04.19 11:34:29 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 4.0\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2011.04.19 11:34:21 | 000,000,000 | ---D | M]
 
[2010.01.23 12:20:28 | 000,000,000 | -H-D | M] (No name found) -- C:\Users\Claudia\AppData\Roaming\mozilla\Extensions
[2011.06.11 15:14:57 | 000,000,000 | -H-D | M] (No name found) -- C:\Users\Claudia\AppData\Roaming\mozilla\Firefox\Profiles\glc5dc9v.default\extensions
[2011.06.11 16:19:28 | 000,000,000 | -H-D | M] (Microsoft .NET Framework Assistant) -- C:\Users\Claudia\AppData\Roaming\mozilla\Firefox\Profiles\glc5dc9v.default\extensions\{20a82645-c095-46ed-80e3-08825760534b}
[2011.06.11 16:19:28 | 000,000,000 | -H-D | M] (DVDVideoSoftTB Community Toolbar) -- C:\Users\Claudia\AppData\Roaming\mozilla\Firefox\Profiles\glc5dc9v.default\extensions\{872b5b88-9db5-4310-bdd0-ac189557e5f5}
[2011.06.11 16:19:29 | 000,000,000 | -H-D | M] (Update Notifier) -- C:\Users\Claudia\AppData\Roaming\mozilla\Firefox\Profiles\glc5dc9v.default\extensions\{95f24680-9e31-11da-a746-0800200c9a66}
[2011.06.11 16:19:29 | 000,000,000 | -H-D | M] ("DVDVideoSoft Menu") -- C:\Users\Claudia\AppData\Roaming\mozilla\Firefox\Profiles\glc5dc9v.default\extensions\{ACAA314B-EEBA-48e4-AD47-84E31C44796C}
[2011.06.11 16:19:29 | 000,000,000 | -H-D | M] (softonic-de3 Community Toolbar) -- C:\Users\Claudia\AppData\Roaming\mozilla\Firefox\Profiles\glc5dc9v.default\extensions\{cc05a3e3-64c3-4af2-bfc1-af0d66b69065}
[2011.06.11 16:19:29 | 000,000,000 | -H-D | M] (DVDVideoSoft Toolbar) -- C:\Users\Claudia\AppData\Roaming\mozilla\Firefox\Profiles\glc5dc9v.default\extensions\{e9911ec6-1bcc-40b0-9993-e0eea7f6953f}
[2011.06.11 16:19:27 | 000,000,000 | -H-D | M] (Conduit Engine) -- C:\Users\Claudia\AppData\Roaming\mozilla\Firefox\Profiles\glc5dc9v.default\extensions\engine@conduit.com
[2011.06.11 16:19:27 | 000,000,000 | -H-D | M] (Plasmoo Search Engine) -- C:\Users\Claudia\AppData\Roaming\mozilla\Firefox\Profiles\glc5dc9v.default\extensions\engine@plasmoo.com
[2011.06.11 15:15:05 | 000,000,000 | -H-D | M] (Babylon) -- C:\Users\Claudia\AppData\Roaming\mozilla\Firefox\Profiles\glc5dc9v.default\extensions\ffxtlbr@babylon.com
[2011.06.11 16:19:27 | 000,000,000 | -H-D | M] (Ask Toolbar) -- C:\Users\Claudia\AppData\Roaming\mozilla\Firefox\Profiles\glc5dc9v.default\extensions\toolbar@ask.com
[2010.01.23 16:21:02 | 000,005,591 | -H-- | M] () -- C:\Users\Claudia\AppData\Roaming\Mozilla\Firefox\Profiles\glc5dc9v.default\searchplugins\1und1-suche.xml
[2010.01.23 16:20:58 | 000,001,371 | -H-- | M] () -- C:\Users\Claudia\AppData\Roaming\Mozilla\Firefox\Profiles\glc5dc9v.default\searchplugins\amazonde.xml
[2011.06.10 09:10:08 | 000,002,396 | -H-- | M] () -- C:\Users\Claudia\AppData\Roaming\Mozilla\Firefox\Profiles\glc5dc9v.default\searchplugins\askcom.xml
[2010.12.08 16:47:52 | 000,000,927 | -H-- | M] () -- C:\Users\Claudia\AppData\Roaming\Mozilla\Firefox\Profiles\glc5dc9v.default\searchplugins\conduit.xml
[2011.04.28 19:42:58 | 000,001,975 | -H-- | M] () -- C:\Users\Claudia\AppData\Roaming\Mozilla\Firefox\Profiles\glc5dc9v.default\searchplugins\plasmoo.xml
[2011.06.10 11:18:07 | 000,001,418 | -H-- | M] () -- C:\Users\Claudia\AppData\Roaming\Mozilla\Firefox\Profiles\glc5dc9v.default\searchplugins\preisvergleich.xml
[2010.01.23 16:20:59 | 000,005,588 | -H-- | M] () -- C:\Users\Claudia\AppData\Roaming\Mozilla\Firefox\Profiles\glc5dc9v.default\searchplugins\webde-suche.xml
[2011.04.22 08:14:40 | 000,000,000 | ---D | M] (No name found) -- C:\Programme\Mozilla Firefox\extensions
[2010.05.10 17:20:20 | 000,000,000 | ---D | M] (Java Console) -- C:\Programme\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}
[2010.12.28 15:52:24 | 000,000,000 | ---D | M] (Java Console) -- C:\Programme\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA}
[2011.04.19 11:34:23 | 000,000,000 | ---D | M] (No name found) -- C:\Programme\Mozilla Firefox\distribution\extensions
[2011.04.19 11:34:23 | 000,000,000 | ---D | M] (GMX Toolbar) -- C:\Programme\Mozilla Firefox\distribution\extensions\toolbar@gmx.net
File not found (No name found) -- 
[2010.05.10 17:20:20 | 000,000,000 | ---D | M] (Java Console) -- C:\PROGRAM FILES\MOZILLA FIREFOX\EXTENSIONS\{CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}
[2010.12.28 15:52:24 | 000,000,000 | ---D | M] (Java Console) -- C:\PROGRAM FILES\MOZILLA FIREFOX\EXTENSIONS\{CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA}
[2010.05.29 12:23:55 | 000,000,000 | ---D | M] (Norton IPS) -- C:\PROGRAMDATA\NORTON\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_17.0.0.136\IPSFFPLGN
() (No name found) -- C:\USERS\CLAUDIA\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\GLC5DC9V.DEFAULT\EXTENSIONS\{C473DC2B-895F-4E11-B8BF-FF28DFD62829}.XPI
() (No name found) -- C:\USERS\CLAUDIA\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\GLC5DC9V.DEFAULT\EXTENSIONS\TOOLBAR@GMX.NET.XPI
[2011.03.18 19:56:37 | 000,142,296 | ---- | M] (Mozilla Foundation) -- C:\Programme\Mozilla Firefox\components\browsercomps.dll
[2010.11.12 19:53:06 | 000,472,808 | ---- | M] (Sun Microsystems, Inc.) -- C:\Programme\Mozilla Firefox\plugins\npdeployJava1.dll
[2010.01.01 10:00:00 | 000,001,392 | ---- | M] () -- C:\Programme\Mozilla Firefox\searchplugins\amazondotcom-de.xml
[2011.06.11 15:15:16 | 000,002,428 | ---- | M] () -- C:\Programme\Mozilla Firefox\searchplugins\babylon.xml
[2010.01.01 10:00:00 | 000,002,252 | ---- | M] () -- C:\Programme\Mozilla Firefox\searchplugins\bing.xml
[2010.01.01 10:00:00 | 000,001,153 | ---- | M] () -- C:\Programme\Mozilla Firefox\searchplugins\eBay-de.xml
[2010.01.01 10:00:00 | 000,006,805 | ---- | M] () -- C:\Programme\Mozilla Firefox\searchplugins\leo_ende_de.xml
[2010.01.01 10:00:00 | 000,001,178 | ---- | M] () -- C:\Programme\Mozilla Firefox\searchplugins\wikipedia-de.xml
[2010.01.01 10:00:00 | 000,001,105 | ---- | M] () -- C:\Programme\Mozilla Firefox\searchplugins\yahoo-de.xml
 
O1 HOSTS File: ([2006.09.18 23:41:30 | 000,000,761 | ---- | M]) - C:\Windows\System32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1       localhost
O1 - Hosts: ::1             localhost
O2 - BHO: (CescrtHlpr Object) - {2EECD738-5844-4a99-B4B6-146BF802613B} - C:\Programme\BabylonToolbar\BabylonToolbar\1.4.19.19\bh\BabylonToolbar.dll (Babylon BHO)
O2 - BHO: (Conduit Engine) - {30F9B915-B755-4826-820B-08FBA6BD249D} - C:\Programme\ConduitEngine\ConduitEngine.dll (Conduit Ltd.)
O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - No CLSID value found.
O2 - BHO: (Symantec NCO BHO) - {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} - C:\Programme\Norton Internet Security\Engine\17.8.0.5\coieplg.dll (Symantec Corporation)
O2 - BHO: (Symantec Intrusion Prevention) - {6D53EC84-6AAE-4787-AEEE-F4628F01010C} - C:\Programme\Norton Internet Security\Engine\17.8.0.5\ipsbho.dll (Symantec Corporation)
O2 - BHO: (Groove GFS Browser Helper) - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Programme\Microsoft Office\Office12\GrooveShellExtensions.dll (Microsoft Corporation)
O2 - BHO: (DVDVideoSoftTB Toolbar) - {872b5b88-9db5-4310-bdd0-ac189557e5f5} - C:\Programme\DVDVideoSoftTB\tbDVDV.dll (Conduit Ltd.)
O2 - BHO: (Windows Live Anmelde-Hilfsprogramm) - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Programme\Common Files\microsoft shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corporation)
O2 - BHO: (Skype Plug-In) - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Programme\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O2 - BHO: (Google Toolbar Notifier BHO) - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Programme\Google\GoogleToolbarNotifier\5.7.6406.1642\swg.dll (Google Inc.)
O2 - BHO: (softonic-de3 Toolbar) - {cc05a3e3-64c3-4af2-bfc1-af0d66b69065} - C:\Programme\softonic-de3\tbsoft.dll (Conduit Ltd.)
O2 - BHO: (FrostWire Toolbar) - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Programme\Ask.com\GenericAskToolbar.dll (Ask)
O2 - BHO: (Tango) - {DE56DA9B-7965-44B3-9386-7C2F2D23F26A} -  File not found
O2 - BHO: (DVDVideoSoftTB Toolbar) - {e9911ec6-1bcc-40b0-9993-e0eea7f6953f} - C:\Programme\DVDVideoSoft\tbDVDV.dll (Conduit Ltd.)
O3 - HKLM\..\Toolbar: (Conduit Engine) - {30F9B915-B755-4826-820B-08FBA6BD249D} - C:\Programme\ConduitEngine\ConduitEngine.dll (Conduit Ltd.)
O3 - HKLM\..\Toolbar: (Norton Toolbar) - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Programme\Norton Internet Security\Engine\17.8.0.5\coieplg.dll (Symantec Corporation)
O3 - HKLM\..\Toolbar: (DVDVideoSoftTB Toolbar) - {872b5b88-9db5-4310-bdd0-ac189557e5f5} - C:\Programme\DVDVideoSoftTB\tbDVDV.dll (Conduit Ltd.)
O3 - HKLM\..\Toolbar: (Babylon Toolbar) - {98889811-442D-49dd-99D7-DC866BE87DBC} - C:\Programme\BabylonToolbar\BabylonToolbar\1.4.19.19\BabylonToolbarTlbr.dll (Babylon Ltd.)
O3 - HKLM\..\Toolbar: (softonic-de3 Toolbar) - {cc05a3e3-64c3-4af2-bfc1-af0d66b69065} - C:\Programme\softonic-de3\tbsoft.dll (Conduit Ltd.)
O3 - HKLM\..\Toolbar: (FrostWire Toolbar) - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Programme\Ask.com\GenericAskToolbar.dll (Ask)
O3 - HKLM\..\Toolbar: (Tango) - {DE56DA9A-7965-44B3-9386-7C2F2D23F26A} -  File not found
O3 - HKLM\..\Toolbar: (DVDVideoSoftTB Toolbar) - {e9911ec6-1bcc-40b0-9993-e0eea7f6953f} - C:\Programme\DVDVideoSoft\tbDVDV.dll (Conduit Ltd.)
O3 - HKCU\..\Toolbar\WebBrowser: (Norton Toolbar) - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Programme\Norton Internet Security\Engine\17.8.0.5\coieplg.dll (Symantec Corporation)
O3 - HKCU\..\Toolbar\WebBrowser: (DVDVideoSoftTB Toolbar) - {872B5B88-9DB5-4310-BDD0-AC189557E5F5} - C:\Programme\DVDVideoSoftTB\tbDVDV.dll (Conduit Ltd.)
O3 - HKCU\..\Toolbar\WebBrowser: (softonic-de3 Toolbar) - {CC05A3E3-64C3-4AF2-BFC1-AF0D66B69065} - C:\Programme\softonic-de3\tbsoft.dll (Conduit Ltd.)
O3 - HKCU\..\Toolbar\WebBrowser: (FrostWire Toolbar) - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Programme\Ask.com\GenericAskToolbar.dll (Ask)
O3 - HKCU\..\Toolbar\WebBrowser: (Tango) - {DE56DA9A-7965-44B3-9386-7C2F2D23F26A} -  File not found
O3 - HKCU\..\Toolbar\WebBrowser: (DVDVideoSoftTB Toolbar) - {E9911EC6-1BCC-40B0-9993-E0EEA7F6953F} - C:\Programme\DVDVideoSoft\tbDVDV.dll (Conduit Ltd.)
O4 - HKLM..\Run: []  File not found
O4 - HKLM..\Run: [Acer ePower Management] C:\Programme\eMachines\eMachines Power Management\ePowerTray.exe (Acer Incorporated)
O4 - HKLM..\Run: [ApnUpdater] C:\Program Files\Ask.com\Updater\Updater.exe (Ask)
O4 - HKLM..\Run: [BabylonToolbar] C:\Program Files\BabylonToolbar\BabylonToolbar\1.4.19.19\BabylonToolbarsrv.exe (Babylon Ltd.)
O4 - HKLM..\Run: [DivXUpdate] C:\Program Files\DivX\DivX Update\DivXUpdate.exe ()
O4 - HKLM..\Run: [GMX Update] C:\Programme\GMX\LiveUpdate\m2LUTray.exe ()
O4 - HKLM..\Run: [HPUsageTrackingLEDM] C:\Program Files\HP\HP UT LEDM\bin\hppusg.exe (Hewlett-Packard Company)
O4 - HKLM..\Run: [LManager] C:\Programme\Launch Manager\LManager.exe (Dritek System Inc.)
O4 - HKLM..\Run: [Malwarebytes' Anti-Malware] C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe (Malwarebytes Corporation)
O4 - HKLM..\Run: [Sony Ericsson PC Suite] C:\Program Files\Sony Ericsson\Mobile2\Application Launcher\Application Launcher.exe ()
O4 - HKLM..\Run: [SweetIM] C:\Programme\SweetIM\Messenger\SweetIM.exe (SweetIM Technologies Ltd.)
O4 - HKLM..\Run: [WarReg_PopUp] C:\Programme\eMachines\WR_PopUp\WarReg_PopUp.exe (eMachines)
O4 - HKLM..\Run: [Windows Defender] C:\Program Files\Windows Defender\MSASCui.exe (Microsoft Corporation)
O4 - HKCU..\Run: [Duden Korrektor SysTray] C:\Programme\Duden\Duden Korrektor\DKTray.exe (Expert System S.p.A.)
O4 - HKCU..\Run: [ECXHYIMSihMUVK] C:\ProgramData\ECXHYIMSihMUVK.exe (Microsoft Corporation)
O4 - HKCU..\Run: [GabPath] C:\Users\Claudia\AppData\Roaming\GabPath\gabpath.exe ()
O4 - HKCU..\Run: [hvhlcGymBdBoPf2jvFT] C:\Users\Claudia\AppData\Roaming\Microsoft\Windows\twkpxev.exe ()
O4 - HKCU..\Run: [RegistryBooster] C:\Program Files\Uniblue\RegistryBooster\launcher.exe (Uniblue Systems Limited)
O4 - HKCU..\Run: [WMPNSCFG] C:\Programme\Windows Media Player\wmpnscfg.exe (Microsoft Corporation)
O4 - Startup: C:\Users\Claudia\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk = C:\Users\Claudia\AppData\Roaming\Dropbox\bin\Dropbox.exe (Dropbox, Inc.)
O4 - Startup: C:\Users\Claudia\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OneNote 2007 Bildschirmausschnitt- und Startprogramm.lnk = C:\Programme\Microsoft Office\Office12\ONENOTEM.EXE (Microsoft Corporation)
O4 - Startup: C:\Users\Claudia\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OpenOffice.org 3.2.lnk = C:\Programme\OpenOffice.org 3\program\quickstart.exe ()
O8 - Extra context menu item: Free YouTube Download - C:\Users\Claudia\AppData\Roaming\DVDVideoSoftIEHelpers\freeyoutubedownload.htm ()
O8 - Extra context menu item: Free YouTube to MP3 Converter - C:\Users\Claudia\AppData\Roaming\DVDVideoSoftIEHelpers\freeyoutubetomp3converter.htm ()
O8 - Extra context menu item: Google Sidewiki... - C:\Program Files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_6CE5017F567343CA.dll (Google Inc.)
O8 - Extra context menu item: Nach Microsoft E&xel exportieren - C:\Programme\Microsoft Office\Office12\EXCEL.EXE (Microsoft Corporation)
O9 - Extra Button: In Blog veröffentlichen - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Programme\Windows Live\Writer\WriterBrowserExtension.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : In Windows Live Writer in Blog veröffentliche&n - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Programme\Windows Live\Writer\WriterBrowserExtension.dll (Microsoft Corporation)
O9 - Extra Button: An OneNote senden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Programme\Microsoft Office\Office12\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : An OneNote s&enden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Programme\Microsoft Office\Office12\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra Button: Skype Plug-In - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Programme\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O9 - Extra 'Tools' menuitem : Skype Plug-In - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Programme\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O9 - Extra Button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\Programme\Microsoft Office\Office12\REFIEBAR.DLL (Microsoft Corporation)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000007 [] - C:\Programme\Bonjour\mdnsNSP.dll (Apple Inc.)
O13 - gopher Prefix: missing
O15 - HKCU\..Trusted Domains: localhost ([]http in Local intranet)
O15 - HKCU\..Trusted Ranges: GD ([http] in Local intranet)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_23-windows-i586.cab (Java Plug-in 1.6.0_23)
O16 - DPF: {CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_23-windows-i586.cab (Java Plug-in 1.6.0_23)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_23-windows-i586.cab (Java Plug-in 1.6.0_23)
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab (Reg Error: Key error.)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 195.34.133.21 212.186.211.21
O18 - Protocol\Handler\grooveLocalGWS {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\Programme\Microsoft Office\Office12\GrooveSystemServices.dll (Microsoft Corporation)
O18 - Protocol\Handler\livecall {828030A1-22C1-4009-854F-8E305202313F} - C:\Programme\Windows Live\Messenger\msgrapp.14.0.8050.1202.dll (Microsoft Corporation)
O18 - Protocol\Handler\ms-help {314111c7-a502-11d2-bbca-00c04f8ec294} - C:\Programme\Common Files\microsoft shared\Help\hxds.dll (Microsoft Corporation)
O18 - Protocol\Handler\ms-itss {0A9007C0-4076-11D3-8789-0000F8105754} - c:\Programme\Common Files\microsoft shared\Information Retrieval\msitss.dll (Microsoft Corporation)
O18 - Protocol\Handler\msnim {828030A1-22C1-4009-854F-8E305202313F} - C:\Programme\Windows Live\Messenger\msgrapp.14.0.8050.1202.dll (Microsoft Corporation)
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Programme\Common Files\Skype\Skype4COM.dll (Skype Technologies)
O18 - Protocol\Handler\skype-ie-addon-data {91774881-D725-4E58-B298-07617B9B86A8} - C:\Programme\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O18 - Protocol\Handler\wlmailhtml {03C514A3-1EFB-4856-9F99-10D7BE1653C0} - C:\Programme\Windows Live\Mail\mailcomm.dll (Microsoft Corporation)
O18 - Protocol\Filter\text/xml {807563E5-5146-11D5-A672-00B0D022E945} - C:\Programme\Common Files\microsoft shared\OFFICE12\MSOXMLMF.DLL (Microsoft Corporation)
O20 - AppInit_DLLs: (C:\PROGRA~1\Google\GOOGLE~1\GOEC62~1.DLL) - C:\Programme\Google\Google Desktop Search\GoogleDesktopNetwork3.dll (Google)
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O24 - Desktop WallPaper: C:\Users\Claudia\Pictures\henrietta300.jpg
O24 - Desktop BackupWallPaper: C:\Users\Claudia\Pictures\henrietta300.jpg
O28 - HKLM ShellExecuteHooks: {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - C:\Programme\Microsoft Office\Office12\GrooveShellExtensions.dll (Microsoft Corporation)
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2006.09.18 23:43:36 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]
O33 - MountPoints2\{4ab9a173-7bd4-11de-a0c1-00235ad72633}\Shell - "" = AutoRun
O33 - MountPoints2\{4ab9a173-7bd4-11de-a0c1-00235ad72633}\Shell\AutoRun\command - "" = E:\AutoRun.exe
O33 - MountPoints2\{4ab9a187-7bd4-11de-a0c1-00235ad72633}\Shell - "" = AutoRun
O33 - MountPoints2\{4ab9a187-7bd4-11de-a0c1-00235ad72633}\Shell\AutoRun\command - "" = E:\AutoRun.exe
O33 - MountPoints2\{a41ada2d-88db-11de-bbc1-00235ad72633}\Shell - "" = AutoRun
O33 - MountPoints2\{a41ada2d-88db-11de-bbc1-00235ad72633}\Shell\AutoRun\command - "" = E:\AutoRun.exe
O33 - MountPoints2\{fd9b9402-80ab-11de-94a7-00235ad72633}\Shell - "" = AutoRun
O33 - MountPoints2\{fd9b9402-80ab-11de-94a7-00235ad72633}\Shell\AutoRun\command - "" = E:\AutoRun.exe
O33 - MountPoints2\E\Shell - "" = AutoRun
O33 - MountPoints2\E\Shell\AutoRun\command - "" = E:\AutoRun.exe
O33 - MountPoints2\F\Shell - "" = AutoRun
O33 - MountPoints2\F\Shell\AutoRun\command - "" = F:\AutoRun.exe
O34 - HKLM BootExecute: (autocheck autochk *) -  File not found
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
 
========== Files/Folders - Created Within 30 Days ==========
 
[2011.06.11 21:32:08 | 000,000,000 | -H-D | C] -- C:\Users\Claudia\AppData\Roaming\Malwarebytes
[2011.06.11 21:31:35 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes' Anti-Malware
[2011.06.11 21:31:32 | 000,039,984 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbamswissarmy.sys
[2011.06.11 21:31:30 | 000,000,000 | -H-D | C] -- C:\ProgramData\Malwarebytes
[2011.06.11 21:31:23 | 000,000,000 | ---D | C] -- C:\Programme\Malwarebytes' Anti-Malware
[2011.06.11 21:16:20 | 000,000,000 | -H-D | C] -- C:\Users\Claudia\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\ToolHouse
[2011.06.11 21:16:08 | 000,000,000 | ---D | C] -- C:\Programme\toolstarFRPRO DEMO
[2011.06.11 18:25:45 | 000,000,000 | -H-D | C] -- C:\ProgramData\TuneUp Software
[2011.06.11 18:25:25 | 000,000,000 | -HSD | C] -- C:\ProgramData\{24036256-BFDB-4CD3-BE8A-A3D6160F2E16}
[2011.06.11 15:30:06 | 000,000,000 | -H-D | C] -- C:\ProgramData\SweetIM
[2011.06.11 15:30:06 | 000,000,000 | ---D | C] -- C:\Programme\SweetIM
[2011.06.11 15:29:39 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\EASEUS Data Recovery Wizard 5.0.1 Demo
[2011.06.11 15:29:37 | 000,000,000 | ---D | C] -- C:\Programme\EASEUS
[2011.06.11 15:28:49 | 003,856,864 | -H-- | C] (EASEUS                                                      ) -- C:\Users\Claudia\Desktop\EaseusDataRecoveryWizard5.0.1.exe
[2011.06.11 15:21:52 | 000,000,000 | -H-D | C] -- C:\Users\Claudia\AppData\Roaming\Uniblue
[2011.06.11 15:21:45 | 000,000,000 | -H-D | C] -- C:\ProgramData\{AB2D8F2E-F7AD-4446-A11A-50D846B2CF2A}
[2011.06.11 15:21:45 | 000,000,000 | ---D | C] -- C:\Programme\Uniblue
[2011.06.11 15:21:45 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Uniblue
[2011.06.11 15:14:54 | 000,000,000 | ---D | C] -- C:\Programme\BabylonToolbar
[2011.06.11 15:14:49 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Recuva
[2011.06.11 15:14:42 | 000,000,000 | ---D | C] -- C:\Programme\Recuva
[2011.06.11 15:13:15 | 002,451,576 | -H-- | C] (Piriform Ltd) -- C:\Users\Claudia\Desktop\rcsetup1.40.525.exe
[2011.06.11 09:54:11 | 000,000,000 | -H-D | C] -- C:\ProgramData\WindowsSearch
[2011.06.11 09:13:04 | 000,000,000 | -H-D | C] -- C:\Users\Claudia\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Windows Vista Restore
[2011.06.11 09:12:49 | 000,379,904 | -H-- | C] (Microsoft Corporation) -- C:\ProgramData\36429560.exe
[2011.06.11 09:03:44 | 000,477,184 | -H-- | C] (Microsoft Corporation) -- C:\ProgramData\ECXHYIMSihMUVK.exe
[2011.06.04 21:14:55 | 000,000,000 | -H-D | C] -- C:\Users\Claudia\Desktop\et nytt barn
[2011.06.01 07:36:09 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Earth
[2011.05.30 20:29:47 | 000,000,000 | ---D | C] -- C:\Programme\Common Files\Plasmoo
[2011.05.30 20:29:23 | 000,000,000 | -H-D | C] -- C:\Users\Claudia\AppData\Roaming\DVDVideoSoft
[2011.05.28 14:16:45 | 000,000,000 | -H-D | C] -- C:\Users\Claudia\AppData\Roaming\go
[2011.05.28 14:16:43 | 000,000,000 | -H-D | C] -- C:\ProgramData\Easybits GO
[2010.08.25 19:59:08 | 000,004,096 | ---- | C] ( ) -- C:\Windows\System32\IGFXDEVLib.dll
 
========== Files - Modified Within 30 Days ==========
 
[2011.06.11 22:40:00 | 000,001,098 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
[2011.06.11 22:32:38 | 000,000,000 | ---- | M] () -- C:\Users\Claudia\defogger_reenable
[2011.06.11 22:00:32 | 000,001,094 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
[2011.06.11 22:00:32 | 000,000,360 | ---- | M] () -- C:\Windows\tasks\SLOW-PCfighter-Claudia-Startup.job
[2011.06.11 22:00:32 | 000,000,336 | ---- | M] () -- C:\Windows\tasks\RegistryBooster.job
[2011.06.11 22:00:22 | 000,003,216 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0
[2011.06.11 22:00:22 | 000,003,216 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0
[2011.06.11 22:00:12 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2011.06.11 22:00:07 | 3147,800,576 | -HS- | M] () -- C:\hiberfil.sys
[2011.06.11 21:26:40 | 000,000,680 | -H-- | M] () -- C:\Users\Claudia\AppData\Local\d3d9caps.dat
[2011.06.11 21:16:20 | 000,001,948 | -H-- | M] () -- C:\Users\Claudia\Desktop\file-recovery-professional DEMO.lnk
[2011.06.11 21:13:58 | 008,349,872 | -H-- | M] () -- C:\Users\Claudia\Desktop\FRCDEM.zip
[2011.06.11 15:28:52 | 003,856,864 | -H-- | M] (EASEUS                                                      ) -- C:\Users\Claudia\Desktop\EaseusDataRecoveryWizard5.0.1.exe
[2011.06.11 15:21:46 | 000,001,593 | -H-- | M] () -- C:\Users\Claudia\Desktop\Uniblue RegistryBooster.lnk
[2011.06.11 15:13:18 | 002,451,576 | -H-- | M] (Piriform Ltd) -- C:\Users\Claudia\Desktop\rcsetup1.40.525.exe
[2011.06.11 09:13:13 | 000,000,595 | -H-- | M] () -- C:\Users\Claudia\Desktop\Windows Vista Restore.lnk
[2011.06.11 09:13:06 | 000,000,128 | -H-- | M] () -- C:\ProgramData\~36429560r
[2011.06.11 09:13:06 | 000,000,112 | -H-- | M] () -- C:\ProgramData\~36429560
[2011.06.11 09:12:55 | 000,000,336 | -H-- | M] () -- C:\ProgramData\36429560
[2011.06.11 09:12:50 | 000,379,904 | -H-- | M] (Microsoft Corporation) -- C:\ProgramData\36429560.exe
[2011.06.11 09:03:41 | 000,477,184 | -H-- | M] (Microsoft Corporation) -- C:\ProgramData\ECXHYIMSihMUVK.exe
[2011.06.10 18:43:15 | 000,000,478 | -H-- | M] () -- C:\Windows\tasks\Norton Security Scan for Claudia.job
[2011.06.09 10:17:41 | 000,633,580 | ---- | M] () -- C:\Windows\System32\perfh007.dat
[2011.06.09 10:17:41 | 000,600,138 | ---- | M] () -- C:\Windows\System32\perfh009.dat
[2011.06.09 10:17:41 | 000,128,990 | ---- | M] () -- C:\Windows\System32\perfc007.dat
[2011.06.09 10:17:41 | 000,106,014 | ---- | M] () -- C:\Windows\System32\perfc009.dat
[2011.06.06 01:06:07 | 000,646,087 | -H-- | M] () -- C:\Users\Claudia\Documents\Bild 9.png
[2011.06.06 00:53:39 | 000,496,764 | -H-- | M] () -- C:\Users\Claudia\Documents\Bild 8.png
[2011.06.06 00:52:42 | 000,616,400 | -H-- | M] () -- C:\Users\Claudia\Documents\Bild 6.png
[2011.06.06 00:47:23 | 000,607,541 | -H-- | M] () -- C:\Users\Claudia\Documents\Bild 5.png
[2011.06.06 00:45:31 | 000,596,806 | -H-- | M] () -- C:\Users\Claudia\Documents\Bild 2.png
[2011.06.06 00:41:08 | 000,204,817 | -H-- | M] () -- C:\Users\Claudia\Documents\Bild 1.png
[2011.05.30 20:30:43 | 000,001,034 | -H-- | M] () -- C:\Users\Claudia\Desktop\DVDVideoSoft Free Studio.lnk
[2011.05.30 07:01:47 | 000,000,907 | -H-- | M] () -- C:\Users\Claudia\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk
[2011.05.30 07:01:46 | 000,000,927 | -H-- | M] () -- C:\Users\Claudia\Desktop\Dropbox.lnk
[2011.05.29 09:11:30 | 000,039,984 | ---- | M] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbamswissarmy.sys
[2011.05.27 10:41:40 | 000,001,392 | -H-- | M] () -- C:\Users\Claudia\AppData\Roaming\wklnhst.dat
[2011.05.23 11:35:44 | 001,567,497 | -H-- | M] () -- C:\Users\Claudia\Documents\leksjon 14-2.wma
[2011.05.23 11:32:53 | 007,444,907 | -H-- | M] () -- C:\Users\Claudia\Documents\leksjon 14.wma
[2011.05.21 17:34:05 | 000,077,224 | -H-- | M] () -- C:\ProgramData\dudenbib.wav
 
========== Files Created - No Company Name ==========
 
[2011.06.11 22:32:38 | 000,000,000 | ---- | C] () -- C:\Users\Claudia\defogger_reenable
[2011.06.11 21:16:20 | 000,001,948 | -H-- | C] () -- C:\Users\Claudia\Desktop\file-recovery-professional DEMO.lnk
[2011.06.11 21:13:51 | 008,349,872 | -H-- | C] () -- C:\Users\Claudia\Desktop\FRCDEM.zip
[2011.06.11 15:21:56 | 000,000,336 | ---- | C] () -- C:\Windows\tasks\RegistryBooster.job
[2011.06.11 15:21:46 | 000,001,593 | -H-- | C] () -- C:\Users\Claudia\Desktop\Uniblue RegistryBooster.lnk
[2011.06.11 09:13:11 | 000,000,595 | -H-- | C] () -- C:\Users\Claudia\Desktop\Windows Vista Restore.lnk
[2011.06.11 09:13:06 | 000,000,128 | -H-- | C] () -- C:\ProgramData\~36429560r
[2011.06.11 09:13:05 | 000,000,112 | -H-- | C] () -- C:\ProgramData\~36429560
[2011.06.11 09:12:55 | 000,000,336 | -H-- | C] () -- C:\ProgramData\36429560
[2011.06.06 01:06:04 | 000,646,087 | -H-- | C] () -- C:\Users\Claudia\Documents\Bild 9.png
[2011.06.06 00:53:37 | 000,496,764 | -H-- | C] () -- C:\Users\Claudia\Documents\Bild 8.png
[2011.06.06 00:52:39 | 000,616,400 | -H-- | C] () -- C:\Users\Claudia\Documents\Bild 6.png
[2011.06.06 00:47:20 | 000,607,541 | -H-- | C] () -- C:\Users\Claudia\Documents\Bild 5.png
[2011.06.06 00:45:28 | 000,596,806 | -H-- | C] () -- C:\Users\Claudia\Documents\Bild 2.png
[2011.06.06 00:41:06 | 000,204,817 | -H-- | C] () -- C:\Users\Claudia\Documents\Bild 1.png
[2011.05.28 14:16:46 | 000,001,587 | -H-- | C] () -- C:\Users\Claudia\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Spielen (EasyBits GO).lnk
[2011.05.23 11:35:44 | 001,567,497 | -H-- | C] () -- C:\Users\Claudia\Documents\leksjon 14-2.wma
[2011.05.23 11:32:53 | 007,444,907 | -H-- | C] () -- C:\Users\Claudia\Documents\leksjon 14.wma
[2011.03.20 11:16:28 | 000,028,672 | -H-- | C] () -- C:\Windows\System32\wshqos32.dll
[2011.01.18 20:38:37 | 000,001,940 | -H-- | C] () -- C:\Users\Claudia\AppData\Local\{96C87F53-AC72-4604-A9CC-186A49F17F3C}.ini
[2010.12.15 21:26:48 | 000,000,783 | -H-- | C] () -- C:\Windows\NTIWVEDT.INI
[2010.10.05 18:59:20 | 001,265,664 | -H-- | C] () -- C:\Windows\System32\HPM1210SM.exe
[2010.10.05 18:59:19 | 000,163,840 | -H-- | C] () -- C:\Windows\System32\HPM1210LM.DLL
[2010.10.05 18:56:59 | 000,284,160 | -H-- | C] () -- C:\Windows\System32\mvhlewsi.dll
[2010.10.05 18:56:57 | 000,081,920 | ---- | C] () -- C:\Windows\System32\mvusbews.dll
[2010.10.05 18:56:56 | 000,167,936 | ---- | C] () -- C:\Windows\System32\m1130wia.dll
[2010.10.05 18:56:56 | 000,053,760 | -H-- | C] () -- C:\Windows\System32\HPM1210SMs.dll
[2010.09.09 13:34:07 | 000,077,224 | -H-- | C] () -- C:\ProgramData\dudenbib.wav
[2010.08.25 20:30:02 | 000,439,308 | ---- | C] () -- C:\Windows\System32\igcompkrng500.bin
[2010.08.25 20:30:00 | 000,982,240 | ---- | C] () -- C:\Windows\System32\igkrng500.bin
[2010.08.25 20:30:00 | 000,092,356 | ---- | C] () -- C:\Windows\System32\igfcg500m.bin
[2010.08.25 19:57:00 | 000,000,151 | ---- | C] () -- C:\Windows\System32\GfxUI.exe.config
[2010.08.25 19:52:00 | 000,208,896 | ---- | C] () -- C:\Windows\System32\iglhsip32.dll
[2010.08.25 19:52:00 | 000,143,360 | ---- | C] () -- C:\Windows\System32\iglhcp32.dll
[2010.05.06 19:41:17 | 000,000,680 | -H-- | C] () -- C:\Users\Claudia\AppData\Local\d3d9caps.dat
[2009.08.31 22:15:04 | 000,000,130 | -H-- | C] () -- C:\Windows\wininit.ini
[2009.08.19 17:59:46 | 000,000,048 | -H-- | C] () -- C:\ProgramData\ezsidmv.dat
[2009.08.12 16:28:30 | 000,053,478 | -H-- | C] () -- C:\Windows\mvtcpui.ini
[2009.08.03 15:07:42 | 000,403,816 | -H-- | C] () -- C:\Windows\System32\OGACheckControl.dll
[2009.08.03 15:07:42 | 000,230,768 | -H-- | C] () -- C:\Windows\System32\OGAEXEC.exe
[2009.08.02 16:37:51 | 000,048,640 | -H-- | C] () -- C:\Users\Claudia\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2009.07.29 16:13:06 | 000,284,160 | -H-- | C] () -- C:\Windows\unin0407.exe
[2009.07.28 19:44:11 | 000,001,392 | -H-- | C] () -- C:\Users\Claudia\AppData\Roaming\wklnhst.dat
[2009.06.22 12:47:56 | 000,626,688 | -H-- | C] () -- C:\Windows\Image.dll
[2009.06.22 12:47:56 | 000,009,216 | -H-- | C] () -- C:\Windows\usbvideo_reg.exe
[2009.06.22 12:47:56 | 000,000,036 | -H-- | C] () -- C:\Windows\PidList.ini
[2009.04.07 06:32:10 | 000,022,723 | -H-- | C] () -- C:\Windows\System32\cl31cl3.dll
[2009.03.04 03:48:30 | 000,147,456 | ---- | C] () -- C:\Windows\System32\igfxCoIn_v1591.dll
[2009.03.04 03:48:30 | 000,147,172 | ---- | C] () -- C:\Windows\System32\igfcg550.bin
[2009.03.03 20:44:54 | 000,000,520 | ---- | C] () -- C:\Windows\System32\drivers\RTEQEX2.dat
[2009.03.03 20:44:54 | 000,000,520 | ---- | C] () -- C:\Windows\System32\drivers\RTEQEX1.dat
[2009.03.03 20:44:54 | 000,000,520 | ---- | C] () -- C:\Windows\System32\drivers\RTEQEX0.dat
[2009.03.03 20:44:54 | 000,000,008 | ---- | C] () -- C:\Windows\System32\drivers\rtkhdaud.dat
[2009.03.03 19:33:45 | 000,106,605 | ---- | C] () -- C:\Windows\System32\StructuredQuerySchema.bin
[2009.03.03 19:33:45 | 000,018,904 | ---- | C] () -- C:\Windows\System32\StructuredQuerySchemaTrivial.bin
[2008.01.21 09:15:58 | 000,633,580 | ---- | C] () -- C:\Windows\System32\perfh007.dat
[2008.01.21 09:15:58 | 000,290,748 | ---- | C] () -- C:\Windows\System32\perfi007.dat
[2008.01.21 09:15:58 | 000,128,990 | ---- | C] () -- C:\Windows\System32\perfc007.dat
[2008.01.21 09:15:58 | 000,036,916 | ---- | C] () -- C:\Windows\System32\perfd007.dat
[2006.11.02 14:57:28 | 000,067,584 | --S- | C] () -- C:\Windows\bootstat.dat
[2006.11.02 14:47:37 | 000,546,552 | ---- | C] () -- C:\Windows\System32\FNTCACHE.DAT
[2006.11.02 14:35:32 | 000,005,632 | ---- | C] () -- C:\Windows\System32\sysprepMCE.dll
[2006.11.02 12:33:01 | 000,600,138 | ---- | C] () -- C:\Windows\System32\perfh009.dat
[2006.11.02 12:33:01 | 000,287,440 | ---- | C] () -- C:\Windows\System32\perfi009.dat
[2006.11.02 12:33:01 | 000,106,014 | ---- | C] () -- C:\Windows\System32\perfc009.dat
[2006.11.02 12:33:01 | 000,030,674 | ---- | C] () -- C:\Windows\System32\perfd009.dat
[2006.11.02 12:23:21 | 000,215,943 | ---- | C] () -- C:\Windows\System32\dssec.dat
[2006.11.02 10:58:30 | 000,043,131 | ---- | C] () -- C:\Windows\mib.bin
[2006.11.02 10:19:00 | 000,000,741 | ---- | C] () -- C:\Windows\System32\NOISE.DAT
[2006.11.02 09:40:29 | 000,013,750 | ---- | C] () -- C:\Windows\System32\pacerprf.ini
[2006.11.02 09:25:31 | 000,673,088 | ---- | C] () -- C:\Windows\System32\mlang.dat

< End of report >
         
--- --- ---

Extras
OTL Logfile:
Code:
ATTFilter
OTL Extras logfile created on: 11.06.2011 22:36:09 - Run 1
OTL by OldTimer - Version 3.2.24.0     Folder = C:\Users\Claudia\Downloads
Windows Vista Home Premium Edition Service Pack 1 (Version = 6.0.6001) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.19048)
Locale: 00000C07 | Country: Österreich | Language: DEA | Date Format: dd.MM.yyyy
 
2,93 Gb Total Physical Memory | 1,18 Gb Available Physical Memory | 40,22% Memory free
6,08 Gb Paging File | 4,25 Gb Available in Paging File | 69,88% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 222,88 Gb Total Space | 140,17 Gb Free Space | 62,89% Space Free | Partition Type: NTFS
Unable to calculate disk information.
 
Computer Name: BERND-PC | User Name: Claudia | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
 
========== Extra Registry (SafeList) ==========
 
 
========== File Associations ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- C:\Windows\System32\control.exe (Microsoft Corporation)
.hlp [@ = hlpfile] -- C:\Windows\winhlp32.exe (Microsoft Corporation)
 
[HKEY_CURRENT_USER\SOFTWARE\Classes\<extension>]
.html [@ = FirefoxHTML] -- C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation)
 
========== Shell Spawning ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
hlpfile [open] -- %SystemRoot%\winhlp32.exe %1 (Microsoft Corporation)
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [OneNote.Open] -- C:\PROGRA~1\MICROS~2\Office12\ONENOTE.EXE "%L" (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe /separate,/idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /separate,/e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
 
========== Security Center Settings ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0
"VistaSp1" = Reg Error: Unknown registry data type -- File not found
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]
 
========== Firewall Settings ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"EnableFirewall" = 0
"DisableNotifications" = 0
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall" = 0
"DisableNotifications" = 0
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"EnableFirewall" = 0
"DisableNotifications" = 0
 
========== Authorized Applications List ==========
 
 
========== Vista Active Open Ports Exception List ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{03C4EED7-A279-462F-BBA7-D2D8BD5046D4}" = lport=137 | protocol=17 | dir=in | app=system | 
"{14C88765-7B51-416D-AB99-3478F5F94196}" = lport=2869 | protocol=6 | dir=in | app=system | 
"{24DFA3E5-3B50-4014-95E2-148BDB6AA210}" = lport=445 | protocol=6 | dir=in | app=system | 
"{2F669F43-4395-4434-830C-5FDBCDCBEF67}" = lport=138 | protocol=17 | dir=in | app=system | 
"{4B95E661-DB88-459E-8637-281C836D5085}" = lport=139 | protocol=6 | dir=in | app=system | 
"{73B46C02-BD2C-45E2-80DD-1F64DC997D12}" = lport=6004 | protocol=17 | dir=in | app=c:\program files\microsoft office\office12\outlook.exe | 
"{76D4A6E2-FC47-473F-8F6F-A39963524580}" = rport=445 | protocol=6 | dir=out | app=system | 
"{7AF1F616-5C39-4E1E-A676-1840CC3EA173}" = rport=137 | protocol=17 | dir=out | app=system | 
"{7B3F1052-8DA9-4CED-B9A3-BDDF3D56513D}" = rport=139 | protocol=6 | dir=out | app=system | 
"{890A6878-33A4-48DF-AA6F-6EDC2A25F34F}" = lport=rpc | protocol=6 | dir=in | svc=spooler | app=%systemroot%\system32\spoolsv.exe | 
"{ADF3C647-AD9F-4D42-A60E-5ED9B9D64A87}" = lport=rpc-epmap | protocol=6 | dir=in | svc=rpcss | name=@firewallapi.dll,-28539 | 
"{C9269BC0-DEB7-40BF-B21B-C68B22510B2A}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=svchost.exe | 
"{D7CC5BD1-7369-4016-B23E-3295BA1BF60C}" = rport=138 | protocol=17 | dir=out | app=system | 
 
========== Vista Active Application Exception List ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{07FB16ED-34E8-419D-9B79-37ACEE5F16E9}" = protocol=17 | dir=in | app=c:\program files\itunes\itunes.exe | 
"{0FB12408-EB6E-4B22-A547-1DC3C59EC289}" = dir=in | app=c:\program files\windows live\messenger\msnmsgr.exe | 
"{1694CD1C-1C3A-4CBF-85C8-28504BA0738A}" = protocol=6 | dir=in | app=c:\program files\microsoft office\office12\onenote.exe | 
"{183A199C-B066-4DC9-A7C1-461C4F089979}" = dir=in | app=c:\program files\windows live\sync\windowslivesync.exe | 
"{1A279C8B-C746-48D6-8A7D-67D1CF91BB48}" = protocol=17 | dir=in | app=c:\program files\microsoft office\office12\groove.exe | 
"{1AD1BE97-D5B8-4BCA-B7B3-02512A902298}" = dir=in | app=c:\program files\skype\phone\skype.exe | 
"{21E35137-45B6-4179-99BF-C14FD554F60F}" = protocol=17 | dir=in | app=c:\program files\frostwire\frostwire.exe | 
"{37E9EE39-845F-48FE-85E1-13B7114B4F9E}" = protocol=58 | dir=in | name=@firewallapi.dll,-28545 | 
"{3E1ADA80-FA43-4A96-A43C-F53305971AD6}" = protocol=6 | dir=in | app=c:\program files\newtech infosystems\nti backup now 5\backupsvc.exe | 
"{431F9983-F99D-4659-99BD-C719F9D0120D}" = protocol=6 | dir=in | app=c:\program files\microsoft office\office12\groove.exe | 
"{635F64AC-869A-4DBE-BF98-91BFFEDE5560}" = protocol=58 | dir=out | name=@firewallapi.dll,-28546 | 
"{6EC031C4-A9F6-4018-8994-A93A8DDD11D7}" = protocol=6 | dir=in | app=c:\program files\frostwire\frostwire.exe | 
"{6ED179EE-D58F-4424-8038-F6FCE7ACBE5C}" = dir=in | app=c:\program files\windows live\messenger\wlcsdk.exe | 
"{7BCAA46F-6714-4FD4-BB58-4A5729EA1B54}" = protocol=17 | dir=in | app=c:\users\claudia\appdata\roaming\dropbox\bin\dropbox.exe | 
"{91138D45-7AF2-4FE7-A974-58891B5030E2}" = protocol=17 | dir=in | app=c:\program files\newtech infosystems\nti backup now 5\schedulersvc.exe | 
"{AC1BB519-EE2F-46A0-B82C-6AC9D445576B}" = protocol=17 | dir=in | app=c:\program files\microsoft office\office12\onenote.exe | 
"{AC361D2D-A251-4014-AB62-2CC3EE44B01E}" = protocol=1 | dir=out | name=@firewallapi.dll,-28544 | 
"{AF1237AD-20ED-43DD-9793-CF0422933901}" = protocol=17 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe | 
"{B93E3D27-F981-4CDB-8288-0373491B2B36}" = protocol=6 | dir=in | app=c:\program files\newtech infosystems\nti backup now 5\schedulersvc.exe | 
"{CF749757-C9FD-4830-B3FD-32E5672051C1}" = protocol=6 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe | 
"{D1C45A15-3F70-49ED-BC82-DA11F735346F}" = protocol=6 | dir=in | app=c:\program files\itunes\itunes.exe | 
"{DE18BB14-DF89-4FC2-86BB-6D696EF2EAFD}" = protocol=17 | dir=in | app=c:\program files\newtech infosystems\nti backup now 5\backupsvc.exe | 
"{EE11C9E1-83BB-49B7-B25A-125E062DC960}" = protocol=1 | dir=in | name=@firewallapi.dll,-28543 | 
"{FD84BF63-CC78-4A4C-9FDD-D9331F47B6AD}" = protocol=6 | dir=in | app=c:\users\claudia\appdata\roaming\dropbox\bin\dropbox.exe | 
 
========== HKEY_LOCAL_MACHINE Uninstall List ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{052FDD78-A6EA-3187-8386-C82F4CA3A929}" = Microsoft .NET Framework 3.5 Language Pack SP1 - deu
"{07287123-B8AC-41CE-8346-3D777245C35B}" = Bonjour
"{0E448256-D515-4C3E-A5BE-0A7B76CED5D4}" = hppM1130M1210SeriesLaserJetService
"{0F5C38CB-DCA7-44E0-A654-26121331557A}" = GMX Update
"{12EFA1A4-AC3B-443C-8143-237EDE760403}" = NTI Backup Now Standard
"{15F02176-0D12-4FAF-B2CD-2767C7781427}" = Google SketchUp 8
"{175F0111-2968-4935-8F70-33108C6A4DE3}" = MarketResearch
"{18455581-E099-4BA8-BC6B-F34B2F06600C}" = Google Toolbar for Internet Explorer
"{1B77BC7B-4538-4652-AF33-C201F21BF8F2}" = toolstar* file recovery professional DEMO
"{1D301950-EA2F-4882-9AA0-49467756842A}" = SweetIM for Messenger 3.3
"{20471B27-D702-4FE8-8DEC-0702CC8C0A85}" = InterVideo WinDVD 8
"{205C6BDD-7B73-42DE-8505-9A093F35A238}" = Windows Live-Uploadtool
"{22B775E7-6C42-4FC5-8E10-9A5E3257BD94}" = MSVCRT
"{2318C2B1-4965-11d4-9B18-009027A5CD4F}" = Google Toolbar for Internet Explorer
"{2413930C-8309-47A6-BC61-5EF27A4222BC}" = NTI Media Maker 8
"{26A24AE4-039D-4CA4-87B4-2F83216020FF}" = Java(TM) 6 Update 23
"{3108C217-BE83-42E4-AE9E-A56A2A92E549}" = Atheros Communications Inc.(R) AR81Family Gigabit/Fast Ethernet Driver
"{3C3901C5-3455-3E0A-A214-0B093A5070A6}" = Microsoft .NET Framework 4 Client Profile
"{3DB0448D-AD82-4923-B305-D001E521A964}" = eMachines Power Management
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{4AB8B41B-3AF1-46BE-99B0-0ACD3B300C0A}" = Junk Mail filter update
"{4F45EE37-41B8-4228-A0BC-D7633632D692}" = Duden Korrektor kompakt
"{5335DADB-34BA-4AE8-A519-648D78498846}" = Skype™ 5.3
"{5A166C0B-9557-4364-A057-F946D674E6AC}" = Windows Live Mail
"{5AF27589-0FA3-4BB0-8609-8F0135B1D9F6}" = Firefox 3.6 GMX Edition
"{5CC68528-24FF-4DF8-91C9-AF540F98505A}" = Sony Ericsson Drivers
"{5D4C60AA-84E6-4E1A-8A68-69970D387BE1}" = TuneUp Utilities Language Pack (de-DE)
"{5EE7D259-D137-4438-9A5F-42F432EC0421}" = VC80CRTRedist - 8.0.50727.4053
"{62F7DA7E-CCCB-439C-A760-00C3926E761F}" = Microsoft Works
"{6956856F-B6B3-4BE0-BA0B-8F495BE32033}" = Apple Software Update
"{69FDFBB6-351D-4B8C-89D8-867DC9D0A2A4}" = Windows Media Player Firefox Plugin
"{6B96DADA-1A27-4A04-8CB2-CC45168D05FA}" = Windows Live Fotogalerie
"{6DE13770-01B7-4366-8DA6-48237793F445}" = VoiceOver Kit
"{7299052b-02a4-4627-81f2-1818da5d550d}" = Microsoft Visual C++ 2005 Redistributable
"{770657D0-A123-3C07-8E44-1C83EC895118}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
"{7902E313-FF0F-4493-ACB1-A8147B78DCD0}" = HPSSupply
"{7F811A54-5A09-4579-90E1-C93498E230D9}" = eMachines Recovery Management
"{81063354-9060-42B2-A000-1EBE96778AA9}" = iTunes
"{81821BF8-DA20-4F8C-AA87-F70A274828D4}" = Windows Live Writer
"{835686C5-8650-49EB-8CA0-4528B4035495}" = Windows Live Call
"{837B6259-6FF5-4E66-87C1-A5A15ED36FF4}" = Windows Live Messenger
"{83E2CFA9-E0EB-4E08-9F85-43E577FF3D60}" = Windows Live Anmelde-Assistent
"{867F5501-F8EF-4542-9D68-310A238A15FF}" = SLOW-PCfighter
"{86D4B82A-ABED-442A-BE86-96357B70F4FE}" = Ask Toolbar
"{8C1E2925-14F8-45AA-B999-1E2A74BF5607}" = Windows Live Sync
"{8FFC5648-FAF8-43A3-BC8F-42BA1E275C4E}" = Choice Guard
"{90120000-0015-0407-0000-0000000FF1CE}" = Microsoft Office Access MUI (German) 2007
"{90120000-0015-0407-0000-0000000FF1CE}_ENTERPRISE_{9BD40163-B95D-4B07-8991-0AB775B6D88B}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0016-0407-0000-0000000FF1CE}" = Microsoft Office Excel MUI (German) 2007
"{90120000-0016-0407-0000-0000000FF1CE}_HOMESTUDENTR_{9BD40163-B95D-4B07-8991-0AB775B6D88B}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0018-0407-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (German) 2007
"{90120000-0018-0407-0000-0000000FF1CE}_HOMESTUDENTR_{9BD40163-B95D-4B07-8991-0AB775B6D88B}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0019-0407-0000-0000000FF1CE}" = Microsoft Office Publisher MUI (German) 2007
"{90120000-0019-0407-0000-0000000FF1CE}_ENTERPRISE_{9BD40163-B95D-4B07-8991-0AB775B6D88B}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-001A-0407-0000-0000000FF1CE}" = Microsoft Office Outlook MUI (German) 2007
"{90120000-001A-0407-0000-0000000FF1CE}_ENTERPRISE_{9BD40163-B95D-4B07-8991-0AB775B6D88B}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-001B-0407-0000-0000000FF1CE}" = Microsoft Office Word MUI (German) 2007
"{90120000-001B-0407-0000-0000000FF1CE}_HOMESTUDENTR_{9BD40163-B95D-4B07-8991-0AB775B6D88B}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-001F-0407-0000-0000000FF1CE}" = Microsoft Office Proof (German) 2007
"{90120000-001F-0407-0000-0000000FF1CE}_HOMESTUDENTR_{A0516415-ED61-419A-981D-93596DA74165}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2007
"{90120000-001F-0409-0000-0000000FF1CE}_HOMESTUDENTR_{ABDDE972-355B-4AF1-89A8-DA50B7B5C045}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2007
"{90120000-001F-040C-0000-0000000FF1CE}_HOMESTUDENTR_{F580DDD5-8D37-4998-968E-EBB76BB86787}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-001F-0410-0000-0000000FF1CE}" = Microsoft Office Proof (Italian) 2007
"{90120000-001F-0410-0000-0000000FF1CE}_HOMESTUDENTR_{322296D4-1EAE-4030-9FBC-D2787EB25FA2}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-0020-0407-0000-0000000FF1CE}" = Compatibility Pack für 2007 Office System
"{90120000-002C-0407-0000-0000000FF1CE}" = Microsoft Office Proofing (German) 2007
"{90120000-0030-0000-0000-0000000FF1CE}" = Microsoft Office Enterprise 2007
"{90120000-0030-0000-0000-0000000FF1CE}_ENTERPRISE_{0B36C6D6-F5D8-4EAF-BF94-4376A230AD5B}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0030-0000-0000-0000000FF1CE}_ENTERPRISE_{3D019598-7B59-447A-80AE-815B703B84FF}" = Security Update for Microsoft Office system 2007 (972581)
"{90120000-0044-0407-0000-0000000FF1CE}" = Microsoft Office InfoPath MUI (German) 2007
"{90120000-0044-0407-0000-0000000FF1CE}_ENTERPRISE_{9BD40163-B95D-4B07-8991-0AB775B6D88B}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-006E-0407-0000-0000000FF1CE}" = Microsoft Office Shared MUI (German) 2007
"{90120000-006E-0407-0000-0000000FF1CE}_HOMESTUDENTR_{26454C26-D259-4543-AA60-3189E09C5F76}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-00A1-0407-0000-0000000FF1CE}" = Microsoft Office OneNote MUI (German) 2007
"{90120000-00A1-0407-0000-0000000FF1CE}_HOMESTUDENTR_{9BD40163-B95D-4B07-8991-0AB775B6D88B}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-00BA-0407-0000-0000000FF1CE}" = Microsoft Office Groove MUI (German) 2007
"{90120000-00BA-0407-0000-0000000FF1CE}_ENTERPRISE_{9BD40163-B95D-4B07-8991-0AB775B6D88B}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{91120000-002F-0000-0000-0000000FF1CE}" = Microsoft Office Home and Student 2007
"{91120000-002F-0000-0000-0000000FF1CE}_HOMESTUDENTR_{0B36C6D6-F5D8-4EAF-BF94-4376A230AD5B}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{91120000-002F-0000-0000-0000000FF1CE}_HOMESTUDENTR_{3D019598-7B59-447A-80AE-815B703B84FF}" = Security Update for Microsoft Office system 2007 (972581)
"{95120000-00AF-0407-0000-0000000FF1CE}" = Microsoft Office PowerPoint Viewer 2007 (German)
"{95120000-00B9-0409-0000-0000000FF1CE}" = Microsoft Application Error Reporting
"{A49F249F-0C91-497F-86DF-B2585E8E76B7}" = Microsoft Visual C++ 2005 Redistributable
"{A77255C4-AFCB-44A3-BF0F-2091A71FFD9E}" = Video Web Camera
"{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper
"{A93944F2-D2D4-4750-BFE7-9A288FEAF2CF}" = Apple Application Support
"{A9F6CFB0-806D-11E0-8EA1-B8AC6F97B88E}" = Google Earth Plug-in
"{AADEA55D-C834-4BCB-98A3-4B8D1C18F4EE}" = Apple Mobile Device Support
"{AC76BA86-7AD7-1031-7B44-A90000000001}" = Adobe Reader 9 - Deutsch
"{B192E1BB-98A4-4369-9271-96117A57F546}" = Sony Ericsson PC Suite
"{B2544A03-10D0-4E5E-BA69-0362FFC20D18}" = OGA Notifier 2.0.0048.0
"{B435AE22-F62A-4402-A4E5-E612631B92C9}" = OnlineLive
"{B6CF2967-C81E-40C0-9815-C05774FEF120}" = Skype Toolbars
"{BF67F764-95B6-4360-BB57-B2E5AA6C814B}" = SweetIM Toolbar for Internet Explorer 4.0
"{C92E7DF1-624A-4D95-A4C4-18CB491B44A4}" = Sony Ericsson Device Data
"{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1
"{D371F551-0DB9-4CEC-844B-4C90CE91EA0B}" = hppLaserJetService
"{D6BF6477-8369-489F-8DE6-3731F4B88560}" = Sony Ericsson PC Suite
"{DA6CC3A5-1F5B-4068-8BFF-C597BB6B8158}" = hppusgM1130M1210Series
"{DC24971E-1946-445D-8A82-CE685433FA7D}" = Realtek USB 2.0 Card Reader
"{DE56DA9A-7965-44B3-9386-7C2F2D23F26A}" = Tango
"{DF5F687F-8018-4542-9F98-7084E9022917}" = Windows Live Essentials
"{DFFC0648-BC4B-47D1-93D2-6CA6B9457641}" = OpenOffice.org 3.2
"{E50AE784-FABE-46DA-A1F8-7B6B56DCB22E}" = Microsoft Office Suite Activation Assistant
"{E7310F2E-C551-4FAB-BA07-EAC2E158B1BB}" = IKEA Home Planner
"{E8A34AC8-0137-4515-A94B-0A0946DDC251}" = Scan To
"{EB900AF8-CC61-4E15-871B-98D1EA3E8025}" = QuickTime
"{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}" = Microsoft SQL Server 2005 Compact Edition [ENU]
"{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver
"{F69E83CF-B440-43F8-89E6-6EA80712109B}" = Windows Live Communications Platform
"{F750C986-5310-3A5A-95F8-4EC71C8AC01C}" = Microsoft .NET Framework 4 Client Profile DEU Language Pack
"3DataManager" = Mein 3DataManager
"Adobe Flash Player ActiveX" = Adobe Flash Player 10 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 10 Plugin
"BabylonToolbar" = Babylon toolbar
"conduitEngine" = Conduit Engine
"DivX Setup.divx.com" = DivX-Setup
"DVDVideoSoft Toolbar" = DVDVideoSoft Toolbar
"DVDVideoSoftTB Toolbar" = DVDVideoSoftTB Toolbar
"EASEUS Data Recovery Wizard 5.0.1 Demo_is1" = EASEUS Data Recovery Wizard 5.0.1 Demo
"eMachines Screensaver" = eMachines ScreenSaver
"ENTERPRISE" = Microsoft Office Enterprise 2007
"Firefox 3.6 GMX Edition" = Firefox 3.6 GMX Edition
"Free Audio CD Burner_is1" = Free Audio CD Burner version 1.4.7
"Free Studio_is1" = Free Studio version 5.0.9
"Free YouTube Download_is1" = Free YouTube Download 2.8
"Free YouTube to MP3 Converter_is1" = Free YouTube to MP3 Converter version 3.9.31
"FrostWire" = FrostWire 4.21.3
"GMX Update" = GMX Update
"Google Chrome" = Google Chrome
"Google Desktop" = Google Desktop
"HDMI" = Intel(R) Graphics Media Accelerator Driver
"HOMESTUDENTR" = Microsoft Office Home and Student 2007
"HP LaserJet Professional M1130-M1210 MFP Series" = HP LaserJet Professional M1130-M1210 MFP Series
"InstallShield_{12EFA1A4-AC3B-443C-8143-237EDE760403}" = NTI Backup Now 5
"InstallShield_{20471B27-D702-4FE8-8DEC-0702CC8C0A85}" = InterVideo WinDVD 8
"InstallShield_{2413930C-8309-47A6-BC61-5EF27A4222BC}" = NTI Media Maker 8
"LManager" = Launch Manager
"Malwarebytes' Anti-Malware_is1" = Malwarebytes' Anti-Malware Version 1.51.0.1200
"McAfee Security Scan" = McAfee Security Scan Plus
"Microsoft .NET Framework 3.5 Language Pack SP1 - deu" = Microsoft .NET Framework 3.5 Language Pack SP1 - DEU
"Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1
"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile
"Microsoft .NET Framework 4 Client Profile DEU Language Pack" = Microsoft .NET Framework 4 Client Profile DEU Language Pack
"Mozilla Firefox 4.0 (x86 de)" = Mozilla Firefox 4.0 (x86 de)
"NIS" = Norton Internet Security
"NSS" = Norton Security Scan
"Recuva" = Recuva
"ResultTool" = ResultTool 1.0 build 139 powered by FIRST SEARCHBAR
"SLOW-PCfighter" = SLOW-PCfighter
"SMPlayer" = SMPlayer 0.6.8
"softonic-de3 Toolbar" = softonic-de3 Toolbar
"SynTPDeinstKey" = Synaptics Pointing Device Driver
"The Print Shop Premier Edition 5.0" = Print Shop Premier 5.0
"Uniblue RegistryBooster" = Uniblue RegistryBooster
"Uninstall_is1" = Uninstall 1.0.0.1
"WildTangent emachines Master Uninstall" = eMachines Games
"WinLiveSuite_Wave3" = Windows Live Essentials
 
========== HKEY_CURRENT_USER Uninstall List ==========
 
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"Dropbox" = Dropbox
"GabPath" = GabPath
"Game Organizer" = EasyBits GO
"Heinzelnisse" = Heinzelnisse
"Move Networks Player - IE" = Move Networks Media Player for Internet Explorer
 
========== Last 10 Event Log Errors ==========
 
[ Application Events ]
Error - 16.02.2011 04:47:26 | Computer Name = Bernd-PC | Source = WinMgmt | ID = 10
Description = 
 
Error - 16.02.2011 04:48:22 | Computer Name = Bernd-PC | Source = Application Error | ID = 1000
Description = Fehlerhafte Anwendung epmworker.exe, Version 1.2.0.1234, Zeitstempel
 0x46273629, fehlerhaftes Modul epmworker.exe, Version 1.2.0.1234, Zeitstempel 0x46273629,
 Ausnahmecode 0xc0000005, Fehleroffset 0x00026f6a,  Prozess-ID 0x14c, Anwendungsstartzeit
 01cbcdb641d74348.
 
Error - 16.02.2011 09:32:52 | Computer Name = Bernd-PC | Source = WinMgmt | ID = 10
Description = 
 
Error - 16.02.2011 09:34:34 | Computer Name = Bernd-PC | Source = Application Error | ID = 1000
Description = Fehlerhafte Anwendung epmworker.exe, Version 1.2.0.1234, Zeitstempel
 0x46273629, fehlerhaftes Modul epmworker.exe, Version 1.2.0.1234, Zeitstempel 0x46273629,
 Ausnahmecode 0xc0000005, Fehleroffset 0x00026f6a,  Prozess-ID 0x1500, Anwendungsstartzeit
 01cbcdde3e0331b4.
 
Error - 17.02.2011 04:09:22 | Computer Name = Bernd-PC | Source = WinMgmt | ID = 10
Description = 
 
Error - 17.02.2011 04:11:00 | Computer Name = Bernd-PC | Source = Application Error | ID = 1000
Description = Fehlerhafte Anwendung epmworker.exe, Version 1.2.0.1234, Zeitstempel
 0x46273629, fehlerhaftes Modul epmworker.exe, Version 1.2.0.1234, Zeitstempel 0x46273629,
 Ausnahmecode 0xc0000005, Fehleroffset 0x00026f6a,  Prozess-ID 0xd08, Anwendungsstartzeit
 01cbce7a339c619f.
 
Error - 17.02.2011 05:33:45 | Computer Name = Bernd-PC | Source = WinMgmt | ID = 10
Description = 
 
Error - 17.02.2011 05:34:03 | Computer Name = Bernd-PC | Source = Application Error | ID = 1000
Description = Fehlerhafte Anwendung epmworker.exe, Version 1.2.0.1234, Zeitstempel
 0x46273629, fehlerhaftes Modul epmworker.exe, Version 1.2.0.1234, Zeitstempel 0x46273629,
 Ausnahmecode 0xc0000005, Fehleroffset 0x00026f6a,  Prozess-ID 0x12f0, Anwendungsstartzeit
 01cbce85cfc6fadd.
 
Error - 17.02.2011 11:48:33 | Computer Name = Bernd-PC | Source = WinMgmt | ID = 10
Description = 
 
Error - 17.02.2011 11:49:23 | Computer Name = Bernd-PC | Source = Application Error | ID = 1000
Description = Fehlerhafte Anwendung epmworker.exe, Version 1.2.0.1234, Zeitstempel
 0x46273629, fehlerhaftes Modul epmworker.exe, Version 1.2.0.1234, Zeitstempel 0x46273629,
 Ausnahmecode 0xc0000005, Fehleroffset 0x00026f6a,  Prozess-ID 0x15e8, Anwendungsstartzeit
 01cbceba3b6354f7.
 
[ OSession Events ]
Error - 08.12.2010 04:22:47 | Computer Name = Bernd-PC | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 0, Application Name: Microsoft Office Word, Application Version:
 12.0.6545.5000, Microsoft Office Version: 12.0.6425.1000. This session lasted 13
 seconds with 0 seconds of active time.  This session ended with a crash.
 
Error - 14.02.2011 18:10:25 | Computer Name = Bernd-PC | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 0, Application Name: Microsoft Office Word, Application Version:
 12.0.6545.5000, Microsoft Office Version: 12.0.6425.1000. This session lasted 9
 seconds with 0 seconds of active time.  This session ended with a crash.
 
Error - 06.03.2011 16:55:47 | Computer Name = Bernd-PC | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 0, Application Name: Microsoft Office Word, Application Version:
 12.0.6545.5000, Microsoft Office Version: 12.0.6425.1000. This session lasted 6
 seconds with 0 seconds of active time.  This session ended with a crash.
 
 
========== Last 10 Event Log Errors ==========
 
Error reading Event Logs: The Event Service is not operating properly or the Event Logs are corrupt!
 
< End of report >
         
--- --- ---
__________________

Alt 12.06.2011, 19:19   #4
markusg
/// Malware-holic
 
Festplatte beschädigt, Daten dahin - Standard

Festplatte beschädigt, Daten dahin



achtung!
dieses script sowie evtl. folgende scripts sind nur für den jeweiligen user.
wenn ihr probleme habt, eröffnet eigene topics und wartet auf, für euch angepasste scripts.

• Starte bitte die OTL.exe
• Kopiere nun das Folgende in die Textbox.


:OTL
PRC - C:\ProgramData\36429560.exe (Microsoft Corporation)
PRC - C:\ProgramData\ECXHYIMSihMUVK.exe (Microsoft Corporation)
PRC - C:\Users\Claudia\AppData\Roaming\Microsoft\Windows\twkpxev.exe ()
PRC - C:\Users\Claudia\AppData\Roaming\GabPath\gabpath.exe ()
O4 - HKCU..\Run: [hvhlcGymBdBoPf2jvFT] C:\Users\Claudia\AppData\Roaming\Microsoft\Windows\twkpxev.exe ()
O4 - HKCU..\Run: [GabPath] C:\Users\Claudia\AppData\Roaming\GabPath\gabpath.exe ()
O4 - HKCU..\Run: [ECXHYIMSihMUVK] C:\ProgramData\ECXHYIMSihMUVK.exe (Microsoft Corporation)
:Files
C:\ProgramData\ECXHYIMSihMUVK.exe
C:\ProgramData\36429560.exe
C:\Users\Claudia\AppData\Roaming\Microsoft\Windows\twkpxev.exe
C:\Users\Claudia\AppData\Roaming\GabPath
:Commands
[purity]
[resethosts]
[EMPTYFLASH]
[emptytemp]
[Reboot]


• Schliesse bitte nun alle Programme.
• Klicke nun bitte auf den Fix Button.
• OTL kann gegebenfalls einen Neustart verlangen. Bitte dies zulassen.
• Nach dem Neustart findest Du ein Textdokument, dessen inhalt in deiner nächsten antwort hier reinkopieren.


lade unhide:
http://www.trojaner-board.de/54791-a...ner-board.html
__________________
-Verdächtige mails bitte an uns zur Analyse weiterleiten:
markusg.trojaner-board@web.de
Weiterleiten
Anleitung:
http://markusg.trojaner-board.de
Mails bitte vorerst nach obiger Anleitung an
markusg.trojaner-board@web.de
Weiterleiten
Wenn Ihr uns unterstützen möchtet

Alt 12.06.2011, 20:25   #5
problem00
 
Festplatte beschädigt, Daten dahin - Standard

Festplatte beschädigt, Daten dahin



Ok, ich hoffe alles richtig gemacht zu haben?! lg


Alt 12.06.2011, 20:26   #6
problem00
 
Festplatte beschädigt, Daten dahin - Standard

Festplatte beschädigt, Daten dahin



All processes killed
========== OTL ==========
No active process named 36429560.exe was found!
No active process named ECXHYIMSihMUVK.exe was found!
No active process named twkpxev.exe was found!
No active process named gabpath.exe was found!
Registry value HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run\\hvhlcGymBdBoPf2jvFT deleted successfully.
C:\Users\Claudia\AppData\Roaming\Microsoft\Windows\twkpxev.exe moved successfully.
Registry value HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run\\GabPath deleted successfully.
C:\Users\Claudia\AppData\Roaming\GabPath\gabpath.exe moved successfully.
Registry value HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run\\ECXHYIMSihMUVK deleted successfully.
C:\ProgramData\ECXHYIMSihMUVK.exe moved successfully.
========== FILES ==========
File\Folder C:\ProgramData\ECXHYIMSihMUVK.exe not found.
C:\ProgramData\36429560.exe moved successfully.
File\Folder C:\Users\Claudia\AppData\Roaming\Microsoft\Windows\twkpxev.exe not found.
C:\Users\Claudia\AppData\Roaming\GabPath folder moved successfully.
========== COMMANDS ==========
C:\Windows\System32\drivers\etc\Hosts moved successfully.
HOSTS file reset successfully

[EMPTYFLASH]

User: All Users

User: Claudia
->Flash cache emptied: 181936 bytes

User: Default

User: Default User

User: Public

Total Flash Files Cleaned = 0,00 mb


[EMPTYTEMP]

User: All Users

User: Claudia
->Temp folder emptied: 1224303895 bytes
->Temporary Internet Files folder emptied: 211198793 bytes
->Java cache emptied: 1243876 bytes
->FireFox cache emptied: 122635074 bytes
->Google Chrome cache emptied: 6186598 bytes
->Flash cache emptied: 0 bytes

User: Default
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 33170 bytes

User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes

User: Public

%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 0 bytes
%systemroot%\System32 .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 154030866 bytes
RecycleBin emptied: 852944694 bytes

Total Files Cleaned = 2.453,00 mb


OTL by OldTimer - Version 3.2.24.0 log created on 06122011_205642

Files\Folders moved on Reboot...

Registry entries deleted on Reboot...

Alt 12.06.2011, 20:28   #7
markusg
/// Malware-holic
 
Festplatte beschädigt, Daten dahin - Standard

Festplatte beschädigt, Daten dahin



nö, gibt nur nen halbes bienchen.
du hast nur das log hochgeladen im upload channel, ich möchte aber den ganzen ordner moved files gepackt und hochgeladen haben.
__________________
-Verdächtige mails bitte an uns zur Analyse weiterleiten:
markusg.trojaner-board@web.de
Weiterleiten
Anleitung:
http://markusg.trojaner-board.de
Mails bitte vorerst nach obiger Anleitung an
markusg.trojaner-board@web.de
Weiterleiten
Wenn Ihr uns unterstützen möchtet

Alt 12.06.2011, 20:41   #8
problem00
 
Festplatte beschädigt, Daten dahin - Standard

Festplatte beschädigt, Daten dahin



;-)... ja, est tut mir wahnsinnig leid für dich, du triffst auf einen vollkommenen Laien. Folgendes: 'wähle zu movedfiles.rar oder zip. hinzufügen' klappt nicht...

Alt 12.06.2011, 20:43   #9
markusg
/// Malware-holic
 
Festplatte beschädigt, Daten dahin - Standard

Festplatte beschädigt, Daten dahin



gibts nicht meinst du?
das liegt nicht an dir.
http://filepony.de/download-7-zip/
instaliere 7zip
dann wieder rechtsklick wie beschrieben auf moved files.
dort das 7zip menü aufklappen und zu movedfiles.7zip hinzufügen, dann hochladen wie beschrieben.
__________________
-Verdächtige mails bitte an uns zur Analyse weiterleiten:
markusg.trojaner-board@web.de
Weiterleiten
Anleitung:
http://markusg.trojaner-board.de
Mails bitte vorerst nach obiger Anleitung an
markusg.trojaner-board@web.de
Weiterleiten
Wenn Ihr uns unterstützen möchtet

Alt 12.06.2011, 20:51   #10
problem00
 
Festplatte beschädigt, Daten dahin - Standard

Festplatte beschädigt, Daten dahin



Genau, jetzt sollte es eigentlich funktioniert haben...

Alt 12.06.2011, 20:53   #11
markusg
/// Malware-holic
 
Festplatte beschädigt, Daten dahin - Standard

Festplatte beschädigt, Daten dahin



ich benötige ein bischen zeit um die dateien anzusehen. sind deine dateien sichtbar? welche probleme gibts noch?
__________________
-Verdächtige mails bitte an uns zur Analyse weiterleiten:
markusg.trojaner-board@web.de
Weiterleiten
Anleitung:
http://markusg.trojaner-board.de
Mails bitte vorerst nach obiger Anleitung an
markusg.trojaner-board@web.de
Weiterleiten
Wenn Ihr uns unterstützen möchtet

Alt 12.06.2011, 22:45   #12
problem00
 
Festplatte beschädigt, Daten dahin - Standard

Festplatte beschädigt, Daten dahin



Entschuldige, dass es so lange gedauert hat. Ja, die Dateien sind sichtbar! Sonst fällt mir auf den ersten Blick nichts Besorgniserregendes auf, bis auf die Fehlermeldung "Internet Explorer funktioniert nicht mehr. Das Programm wird aufgrund eines Problemns nicht richtig ausgeführt."
Tausend Dank fürs Helfen!

Alt 12.06.2011, 22:53   #13
markusg
/// Malware-holic
 
Festplatte beschädigt, Daten dahin - Standard

Festplatte beschädigt, Daten dahin



ok das machen wir schon
bitte erstelle und poste ein combofix log.
Ein Leitfaden und Tutorium zur Nutzung von ComboFix
__________________
-Verdächtige mails bitte an uns zur Analyse weiterleiten:
markusg.trojaner-board@web.de
Weiterleiten
Anleitung:
http://markusg.trojaner-board.de
Mails bitte vorerst nach obiger Anleitung an
markusg.trojaner-board@web.de
Weiterleiten
Wenn Ihr uns unterstützen möchtet

Alt 12.06.2011, 23:21   #14
problem00
 
Festplatte beschädigt, Daten dahin - Standard

Festplatte beschädigt, Daten dahin



Ich müsste Norton Internet Security entfernen, damit Combofix unbehindert arbeiten kann, habe ihn zwar deinstalliert, er scheint aber dennoch auf

Alt 12.06.2011, 23:46   #15
problem00
 
Festplatte beschädigt, Daten dahin - Standard

Festplatte beschädigt, Daten dahin



Da ich in 5 Stunden raus muss, muss ich jetzt leider gehen. Ich bin morgen ab ca. 10:00 Uhr wieder online, es wäre nett, wenn wir dann weitermachen könnten. Bis hierhin vielen Dank und bis morgen! Gute Nacht!

Antwort

Themen zu Festplatte beschädigt, Daten dahin
.html, aktionen, andere, arten, beim starten, bereits, beschädigt, compu, computers, daten, fehlmeldung, festplatte, festplatte beschädigt, funktionier, funktioniert, großer, inter, interne, internet, laptop, platte, plötzlich, problem, sicherheitshalber, starte, starten



Ähnliche Themen: Festplatte beschädigt, Daten dahin


  1. Festplatte beschädigt Das System hat mit einem oder mehreren installierten... Festplatte beschädigt
    Plagegeister aller Art und deren Bekämpfung - 16.02.2018 (27)
  2. Defragmentierung abgebrochen - Daten beschädigt
    Alles rund um Windows - 06.02.2014 (17)
  3. Nach Trojaner Daten beschädigt?
    Plagegeister aller Art und deren Bekämpfung - 09.06.2012 (5)
  4. festplatte beschädigt-cluster (xp)
    Plagegeister aller Art und deren Bekämpfung - 03.08.2011 (6)
  5. Windows 7 Festplatte beschädigt
    Log-Analyse und Auswertung - 17.07.2011 (12)
  6. Festplatte beschädigt, Probleme mit dem IDE/SATA
    Plagegeister aller Art und deren Bekämpfung - 05.07.2011 (22)
  7. Festplatte wäre beschädigt + Pop Up Meldungen
    Log-Analyse und Auswertung - 26.06.2011 (6)
  8. Festplatte beschädigt. Private Daten sind in Gefahr //Catalyst Control Center funktioniert nicht meh
    Plagegeister aller Art und deren Bekämpfung - 24.06.2011 (38)
  9. Festplatte beschädigt
    Plagegeister aller Art und deren Bekämpfung - 15.06.2011 (1)
  10. Trojaner, Festplatte beschädigt
    Plagegeister aller Art und deren Bekämpfung - 03.06.2011 (57)
  11. Fehlermeldung Festplatte Ram Beschädigt
    Log-Analyse und Auswertung - 03.06.2011 (36)
  12. Kritischer Fehler, Festplatte beschädigt - die 100.te
    Plagegeister aller Art und deren Bekämpfung - 30.05.2011 (15)
  13. Festplatte beschädigt. Private Daten sind in Gefahr. windows 7 recovery auf englisch
    Log-Analyse und Auswertung - 23.05.2011 (7)
  14. trojaner ''festplatte beschädigt - durch problem mit IDE/ SATA festplatte''
    Plagegeister aller Art und deren Bekämpfung - 18.05.2011 (3)
  15. Festplatte beschädigt. Private Daten sind in Gefahr. AntiVir Fund: TR/Kazy.mekml.1
    Plagegeister aller Art und deren Bekämpfung - 01.05.2011 (16)
  16. Festplatte beschädigt Das System hat mit einem oder mehreren installierten... Festplatte beschädigt
    Plagegeister aller Art und deren Bekämpfung - 21.04.2011 (1)
  17. festplatte beschädigt
    Netzwerk und Hardware - 13.11.2005 (3)

Zum Thema Festplatte beschädigt, Daten dahin - Hallo! Mein Problem wurde bereits hier http://www.trojaner-board.de/99162-t...e-dateien.html schon einmal behandelt. Es ist auf ähnliche Weise passiert: Beim Starten des Computers kam plötzlich die Fehlmeldung "Festplatte beschädigt" u.w, der Laptop stürzte - Festplatte beschädigt, Daten dahin...
Archiv
Du betrachtest: Festplatte beschädigt, Daten dahin auf Trojaner-Board

Search Engine Optimization by vBSEO ©2011, Crawlability, Inc.