| |
| |||||||
Plagegeister aller Art und deren Bekämpfung: Wie bei Vista nach BKA-Winlock den MBR neu schreiben und freie Blöcke auf HD formatieren?Windows 7 Wenn Du nicht sicher bist, ob Du dir Malware oder Trojaner eingefangen hast, erstelle hier ein Thema. Ein Experte wird sich mit weiteren Anweisungen melden und Dir helfen die Malware zu entfernen oder Unerwünschte Software zu deinstallieren bzw. zu löschen. Bitte schildere dein Problem so genau wie möglich. Sollte es ein Trojaner oder Viren Problem sein wird ein Experte Dir bei der Beseitigug der Infektion helfen. |
 |
01.09.2011, 19:43
| #1 |
| |  Wie bei Vista nach BKA-Winlock den MBR neu schreiben und freie Blöcke auf HD formatieren? Hallo, (hoffe in der richtigen Abteilung gelandet zu sein, sonst verschieben) ich hatte mir am 28.8.11 einen BKA- Winlock eingefangen und mit der Rescue- CD von Dr. Web nach ca. 60 STD. scannen entfernt (also HEUTE  ), AVIRA-Rescue-CD fand nach 6 STD. erstmal nichts.So nun würde ich gern soweit sicher gehen das das Zeug überschrieben ist, ohne das ich Vista unbedingt ganz neu aufsetzen muß. Unter XP wusste ich noch > booten " abgesicherter modus mit eingabeaufforderung" dann irgendwie "fixmbr" und dann noch was (ist schon länger her und fast vergessen). Dann mit Tool ala defraggler freien bereich überschreiben bzw. formatieren.  Bei Vista fand ich aber leider nichts derartiges bei der eingabeauffoderung. Schreib Momentan der Sicherheit wegen vom alten XP- Rechner (staub-hust-). Oder habt ihr ein neueres "roundabout" für nach (Boot-)Virus? mfg bodobob h.w. Geändert von bodobob (01.09.2011 um 19:50 Uhr) |
|
02.09.2011, 05:55
| #2 | ||
| /// Helfer-Team    | Wie bei Vista nach BKA-Winlock den MBR neu schreiben und freie Blöcke auf HD formatieren? Hallo und Herzlich Willkommen!
__________________ Bevor wir unsere Zusammenarbeit beginnen, [Bitte Vollständig lesen]: Zitat:
Wichtig: Alle Befehle bitte als Administrator ausführen! rechte Maustaste auf die Eingabeaufforderung und "als Administrator ausführen" auswählen Auf der angewählten Anwendung einen Rechtsklick (rechte Maustaste) und "Als Administrator ausführen" wählen! 1. Lade Dir Malwarebytes Anti-Malware von→ malwarebytes.org
2. Systemscan mit OTL Lade Dir bitte OTL von Oldtimer herunter und speichere es auf Deinem Desktop
3. Ich würde gerne noch all deine installierten Programme sehen: Lade dir das Tool Ccleaner herunter → Download installieren (Software-Lizenzvereinbarung lesen, falls angeboten wird "Füge CCleaner Yahoo! Toolbar hinzu" abwählen)→ starten→ falls nötig - unter Options settings-> "german" einstellen dann klick auf "Extra (um die installierten Programme auch anzuzeigen)→ weiter auf "Als Textdatei speichern..." wird eine Textdatei (*.txt) erstellt, kopiere dazu den Inhalt und füge ihn da ein Zitat:
** Möglichst nicht ins internet gehen, kein Online-Banking, File-sharing, Chatprogramme usw grußkira
__________________ |
|
02.09.2011, 16:39
| #3 |
| | Wie bei Vista nach BKA-Winlock den MBR neu schreiben und freie Blöcke auf HD formatieren? Hier erst mal von otl (der infekt war bei 2. User-Scann aber im admin gemacht-):
__________________OTL Logfile: Code:
ATTFilter OTL logfile created on: 02.09.2011 16:06:38 - Run 1 OTL by OldTimer - Version 3.2.27.0 Folder = D:\Users\ii\Desktop Windows Vista Home Premium Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation Internet Explorer (Version = 8.0.6001.19120) Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy 2,99 Gb Total Physical Memory | 1,66 Gb Available Physical Memory | 55,58% Memory free 13,16 Gb Paging File | 11,78 Gb Available in Paging File | 89,56% Paging File free Paging file location(s): [Binary data over 100 bytes] %SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files Drive C: | 107,42 Gb Total Space | 43,15 Gb Free Space | 40,17% Space Free | Partition Type: NTFS Drive D: | 165,87 Gb Total Space | 98,69 Gb Free Space | 59,50% Space Free | Partition Type: NTFS Drive E: | 20,00 Gb Total Space | 13,80 Gb Free Space | 69,00% Space Free | Partition Type: FAT32 Drive L: | 7,47 Gb Total Space | 2,36 Gb Free Space | 31,54% Space Free | Partition Type: FAT32 Drive Z: | 1023,00 Mb Total Space | 522,68 Mb Free Space | 51,09% Space Free | Partition Type: FAT32 Computer Name: comp* | User Name: ii | Logged in as Administrator. Boot Mode: Normal | Scan Mode: All users Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days ========== Processes (SafeList) ========== PRC - D:\Users\ii\Desktop\OTL.exe (OldTimer Tools) PRC - C:\Programme\Avira\AntiVir Desktop\avscan.exe (Avira GmbH) PRC - C:\Programme\Avira\AntiVir Desktop\avwebgrd.exe (Avira GmbH) PRC - C:\Programme\Avira\AntiVir Desktop\avguard.exe (Avira GmbH) PRC - C:\Programme\MalwarebytesAnti-Malware\mbam.exe (Malwarebytes Corporation) PRC - C:\Programme\Mozilla Firefox\firefox.exe (Mozilla Corporation) PRC - C:\Programme\Avira\AntiVir Desktop\sched.exe (Avira GmbH) PRC - D:\TomTomHOME2\TomTomHOMEService.exe (TomTom) PRC - C:\Programme\Avira\AntiVir Desktop\avgnt.exe (Avira GmbH) PRC - C:\ProgramData\DatacardService\DCSHelper.exe (Huawei Technologies Co., Ltd.) PRC - C:\ProgramData\DatacardService\DCService.exe () PRC - C:\Windows\System32\FsUsbExService.Exe (Teruten) PRC - C:\Programme\Common Files\Acronis\Schedule2\schedhlp.exe (Acronis) PRC - C:\Programme\Acronis\TrueImageHome\TrueImageMonitor.exe (Acronis) PRC - C:\Programme\Common Files\Java\Java Update\jucheck.exe (Sun Microsystems, Inc.) PRC - C:\Programme\Avira\AntiVir Desktop\avshadow.exe (Avira GmbH) PRC - C:\Programme\Common Files\MyPoiWorld Shared\MyPoiMonitor\MyPoiMonitor.exe (MyPoi World B.V.) PRC - C:\Windows\System32\WerFault.exe (Microsoft Corporation) PRC - C:\Windows\explorer.exe (Microsoft Corporation) PRC - C:\Programme\Common Files\AVerMedia\Service\AVerScheduleService.exe () PRC - C:\Programme\BisonCam\BsMnt.exe () PRC - C:\Programme\Realtek Semiconductor Corp\Realtek USB 2.0 Card Reader\reset.exe () PRC - C:\Programme\Common Files\AVerMedia\Service\AVerRemote.exe (AVerMedia) PRC - C:\Programme\Common Files\AVerMedia\AVerQuick\AVerHIDReceiver.exe () PRC - C:\Programme\Western Digital\WD Drive Manager\WDBtnMgrSvc.exe (WDC) PRC - C:\Programme\Western Digital\WD Drive Manager\WDBtnMgrUI.exe (WDC) PRC - C:\Programme\Intel\WiFi\bin\EvtEng.exe (Intel(R) Corporation) PRC - C:\Programme\Common Files\Intel\WirelessCommon\RegSrvc.exe (Intel(R) Corporation) PRC - C:\Programme\Intel\Intel Matrix Storage Manager\IAANTmon.exe (Intel Corporation) PRC - C:\Programme\Intel\Intel Matrix Storage Manager\IAAnotif.exe (Intel Corporation) PRC - C:\Programme\Windows Media Player\wmpnetwk.exe (Microsoft Corporation) PRC - C:\Programme\Windows Media Player\wmpnscfg.exe (Microsoft Corporation) PRC - C:\Programme\Windows Defender\MSASCui.exe (Microsoft Corporation) ========== Modules (No Company Name) ========== MOD - C:\Programme\Mozilla Firefox\js3250.dll () MOD - C:\Programme\Acronis\TrueImageHome\Common\rpc_client.dll () MOD - C:\Programme\Notepad++\NppShell_01.dll () MOD - C:\Windows\System32\msjetoledb40.dll () MOD - C:\Programme\BisonCam\BsMnt.exe () MOD - C:\Programme\Common Files\AVerMedia\AVerQuick\AVerHIDReceiver.exe () ========== Win32 Services (SafeList) ========== SRV - (AntiVirWebService) -- C:\Program Files\Avira\AntiVir Desktop\AVWEBGRD.EXE (Avira GmbH) SRV - (AntiVirMailService) -- C:\Program Files\Avira\AntiVir Desktop\avmailc.exe (Avira GmbH) SRV - (AntiVirService) -- C:\Program Files\Avira\AntiVir Desktop\avguard.exe (Avira GmbH) SRV - (AntiVirSchedulerService) -- C:\Program Files\Avira\AntiVir Desktop\sched.exe (Avira GmbH) SRV - (TomTomHOMEService) -- D:\TomTomHOME2\TomTomHOMEService.exe (TomTom) SRV - (ServiceLayer) -- C:\Program Files\PC Connectivity Solution\ServiceLayer.exe (Nokia) SRV - (DCService.exe) -- C:\ProgramData\DatacardService\DCService.exe () SRV - (FsUsbExService) -- C:\Windows\System32\FsUsbExService.Exe (Teruten) SRV - (AcrSch2Svc) -- C:\Program Files\Common Files\Acronis\Schedule2\schedul2.exe (Acronis) SRV - (WAS) -- C:\Windows\System32\inetsrv\iisw3adm.dll (Microsoft Corporation) SRV - (W3SVC) -- C:\Windows\System32\inetsrv\iisw3adm.dll (Microsoft Corporation) SRV - (AppHostSvc) -- C:\Windows\System32\inetsrv\apphostsvc.dll (Microsoft Corporation) SRV - (AVerScheduleService) -- C:\Programme\Common Files\AVerMedia\Service\AVerScheduleService.exe () SRV - (resetWinService) -- C:\Program Files\Realtek Semiconductor Corp\Realtek USB 2.0 Card Reader\reset.exe () SRV - (AVerRemote) -- C:\Programme\Common Files\AVerMedia\Service\AVerRemote.exe (AVerMedia) SRV - (WDBtnMgrSvc.exe) -- C:\Program Files\Western Digital\WD Drive Manager\WDBtnMgrSvc.exe (WDC) SRV - (EvtEng) -- C:\Programme\Intel\WiFi\bin\EvtEng.exe (Intel(R) Corporation) SRV - (RegSrvc) -- C:\Programme\Common Files\Intel\WirelessCommon\RegSrvc.exe (Intel(R) Corporation) SRV - (IAANTMON) Intel(R) -- C:\Programme\Intel\Intel Matrix Storage Manager\IAANTmon.exe (Intel Corporation) SRV - (LPDSVC) -- C:\Windows\System32\lpdsvc.dll (Microsoft Corporation) SRV - (WinDefend) -- C:\Programme\Windows Defender\MpSvc.dll (Microsoft Corporation) SRV - (iprip) -- C:\Windows\System32\iprip.dll (Microsoft Corporation) ========== Driver Services (SafeList) ========== DRV - (avipbb) -- C:\Windows\System32\drivers\avipbb.sys (Avira GmbH) DRV - (avgntflt) -- C:\Windows\System32\drivers\avgntflt.sys (Avira GmbH) DRV - (MBAMSwissArmy) -- C:\Windows\System32\drivers\mbamswissarmy.sys (Malwarebytes Corporation) DRV - (timounter) -- C:\Windows\system32\DRIVERS\timntr.sys (Acronis) DRV - (snapman) -- C:\Windows\system32\DRIVERS\snapman.sys (Acronis) DRV - (ewusbnet) -- C:\Windows\System32\drivers\ewusbnet.sys (Huawei Technologies Co., Ltd.) DRV - (hwdatacard) -- C:\Windows\System32\drivers\ewusbmdm.sys (Huawei Technologies Co., Ltd.) DRV - (UsbserFilt) -- C:\Windows\System32\drivers\usbser_lowerfltj.sys (Nokia) DRV - (upperdev) -- C:\Windows\System32\drivers\usbser_lowerflt.sys (Nokia) DRV - (nmwcdc) -- C:\Windows\System32\drivers\ccdcmbo.sys (Nokia) DRV - (nmwcd) -- C:\Windows\System32\drivers\ccdcmb.sys (Nokia) DRV - (huawei_enumerator) -- C:\Windows\System32\drivers\ew_jubusenum.sys (Huawei Technologies Co., Ltd.) DRV - (ew_hwusbdev) -- C:\Windows\System32\drivers\ew_hwusbdev.sys (Huawei Technologies Co., Ltd.) DRV - (nmwcdnsu) -- C:\Windows\System32\drivers\nmwcdnsu.sys (Nokia) DRV - (nmwcdnsuc) -- C:\Windows\System32\drivers\nmwcdnsuc.sys (Nokia) DRV - (RTL8169) -- C:\Windows\System32\drivers\Rtlh86.sys (Realtek ) DRV - (FsUsbExDisk) -- C:\Windows\System32\FsUsbExDisk.Sys () DRV - (ss_mdm) -- C:\Windows\System32\drivers\ss_mdm.sys (MCCI Corporation) DRV - (ss_bus) SAMSUNG Mobile USB Device 1.0 driver (WDM) -- C:\Windows\System32\drivers\ss_bus.sys (MCCI Corporation) DRV - (ss_mdfl) -- C:\Windows\System32\drivers\ss_mdfl.sys (MCCI Corporation) DRV - (ISODrive) -- C:\Programme\UltraISO\drivers\ISODrive.sys (EZB Systems, Inc.) DRV - (nvlddmkm) -- C:\Windows\System32\drivers\nvlddmkm.sys (NVIDIA Corporation) DRV - (NVHDA) -- C:\Windows\System32\drivers\nvhda32v.sys (NVIDIA Corporation) DRV - (btnetBUs) -- C:\Windows\System32\drivers\btnetBus.sys () DRV - (ssmdrv) -- C:\Windows\System32\drivers\ssmdrv.sys (Avira GmbH) DRV - (fspad_wlh32) -- C:\Windows\System32\drivers\fspad_wlh32.sys (Sentelic Corporation) DRV - (RMCAST) RMCAST (Pgm) -- C:\Windows\System32\drivers\rmcast.sys (Microsoft Corporation) DRV - (avgio) -- C:\Programme\Avira\AntiVir Desktop\avgio.sys (Avira GmbH) DRV - (Cam5607) -- C:\Windows\System32\drivers\BisonC07.sys (Bison Electronics. Inc. ) DRV - (RRamdisk) -- C:\Windows\system32\DRIVERS\rramdisk.sys (gavotte) DRV - (AVerFx2hbtv) -- C:\Windows\System32\drivers\AVerFx2hbtv.sys (AVerMedia TECHNOLOGIES, Inc.) DRV - (pccsmcfd) -- C:\Windows\System32\drivers\pccsmcfd.sys (Nokia) DRV - (NETw5v32) Intel(R) -- C:\Windows\System32\drivers\NETw5v32.sys (Intel Corporation) DRV - (slabser) -- C:\Windows\System32\drivers\slabser.sys (MCCI Corporation) DRV - (slabbus) CP210x USB Composite Device driver (WDM) -- C:\Windows\System32\drivers\slabbus.sys (MCCI Corporation) DRV - (WINIO) -- C:\Windows\System32\WinIo.sys (hxxp://www.internals.com) DRV - (X10Hid) -- C:\Windows\System32\drivers\x10hid.sys (X10 Wireless Technology, Inc.) DRV - (NVENETFD) -- C:\Windows\System32\drivers\nvm60x32.sys (NVIDIA Corporation) DRV - (RTL85n86) -- C:\Windows\System32\drivers\RTL85n86.sys (Realtek) DRV - (Hardlock) -- C:\Windows\System32\drivers\hardlock.sys (Aladdin Knowledge Systems Ltd.) ========== Standard Registry (SafeList) ========== ========== Internet Explorer ========== IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 IE - HKU\S-1-5-19\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 IE - HKU\S-1-5-20\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 IE - HKU\S-1-5-21-1132503739-529802008-4276434138-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.web.de/ IE - HKU\S-1-5-21-1132503739-529802008-4276434138-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = hxxp://de.msn.com/?ocid=iehp IE - HKU\S-1-5-21-1132503739-529802008-4276434138-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = de IE - HKU\S-1-5-21-1132503739-529802008-4276434138-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = C9 32 4A B1 6C 5F CC 01 [binary data] IE - HKU\S-1-5-21-1132503739-529802008-4276434138-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 ========== FireFox ========== FF - prefs.js..browser.startup.homepage: "hxxp://web.de/" FF - prefs.js..extensions.enabledItems: {d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}:1.3.9 FF - prefs.js..extensions.enabledItems: {ea627165-1724-4db5-ccde-fdc12f45452e}:2.1 FF - prefs.js..extensions.enabledItems: {ca0849e8-2c76-42ae-9abe-34e14d337acf}:1.94 FF - prefs.js..extensions.enabledItems: {D4DD63FA-01E4-46a7-B6B1-EDAB7D6AD389}:0.9.8 FF - prefs.js..extensions.enabledItems: {b9db16a4-6edc-47ec-a1f4-b86292ed211d}:4.9.4 FF - prefs.js..extensions.enabledItems: globefish@projects.6831.courses.csail.mit.edu:1.3.2 FF - prefs.js..extensions.enabledItems: {dc572301-7619-498c-a57d-39143191b318}:0.3.8.6 FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}:6.0.20 FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}:6.0.22 FF - prefs.js..extensions.enabledItems: {e4a8a97b-f2ed-450b-b12d-ee082ba24781}:0.9.7 FF - prefs.js..extensions.enabledItems: bkmrksync@nokia.com:1.0.0.736 FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF32.dll () FF - HKLM\Software\MozillaPlugins\@Google.com/GoogleEarthPlugin: C:\Program Files\Google\Google Earth\plugin\npgeplugin.dll (Google) FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files\Java\jre6\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.) FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: C:\Program Files\Microsoft Silverlight\4.0.60531.0\npctrl.dll ( Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: C:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=8: C:\Program Files\Google\Update\1.2.183.39\npGoogleOneClick8.dll (Google Inc.) FF - HKLM\Software\MozillaPlugins\@videolan.org/vlc,version=1.0.1: C:\Program Files\VideoLAN\VLC\npvlc.dll (the VideoLAN Team) FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files\Adobe\Reader 9.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.) FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\bkmrksync@nokia.com: C:\Program Files\Nokia\Nokia PC Suite 7\bkmrksync\ [2011.03.23 17:59:16 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 3.6.17\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2011.05.24 09:41:19 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 3.6.17\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2011.07.13 10:27:35 | 000,000,000 | ---D | M] [2010.11.04 00:49:14 | 000,000,000 | ---D | M] (No name found) -- C:\Users\ii\AppData\Roaming\mozilla\Extensions [2010.11.04 00:49:14 | 000,000,000 | ---D | M] (No name found) -- C:\Users\ii\AppData\Roaming\mozilla\Extensions\{3550f703-e582-4d05-9a08-453d09bdfdc6} [2010.08.18 17:33:20 | 000,000,000 | ---D | M] (No name found) -- C:\Users\ii\AppData\Roaming\mozilla\Extensions\home2@tomtom.com [2011.09.02 15:55:55 | 000,000,000 | ---D | M] (No name found) -- C:\Users\ii\AppData\Roaming\mozilla\Firefox\Profiles\uh68ydbz.default\extensions [2011.08.20 21:09:37 | 000,000,000 | ---D | M] (Flagfox) -- C:\Users\ii\AppData\Roaming\mozilla\Firefox\Profiles\uh68ydbz.default\extensions\{1018e4d6-728f-4b20-ad56-37578a4de76b} [2011.03.24 02:27:42 | 000,000,000 | ---D | M] (Firefox Sync) -- C:\Users\ii\AppData\Roaming\mozilla\Firefox\Profiles\uh68ydbz.default\extensions\{340c2bbc-ce74-4362-90b5-7c26312808ef} [2011.08.20 21:10:01 | 000,000,000 | ---D | M] (DownloadHelper) -- C:\Users\ii\AppData\Roaming\mozilla\Firefox\Profiles\uh68ydbz.default\extensions\{b9db16a4-6edc-47ec-a1f4-b86292ed211d} [2011.04.27 22:53:23 | 000,000,000 | ---D | M] ("BabelFish") -- C:\Users\ii\AppData\Roaming\mozilla\Firefox\Profiles\uh68ydbz.default\extensions\{ca0849e8-2c76-42ae-9abe-34e14d337acf} [2011.08.20 21:11:03 | 000,000,000 | ---D | M] (Adblock Plus) -- C:\Users\ii\AppData\Roaming\mozilla\Firefox\Profiles\uh68ydbz.default\extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d} [2011.03.24 02:27:36 | 000,000,000 | ---D | M] (Download Statusbar) -- C:\Users\ii\AppData\Roaming\mozilla\Firefox\Profiles\uh68ydbz.default\extensions\{D4DD63FA-01E4-46a7-B6B1-EDAB7D6AD389} [2011.05.24 12:44:04 | 000,000,000 | ---D | M] (No name found) -- C:\Users\ii\AppData\Roaming\mozilla\Firefox\Profiles\uh68ydbz.default\extensions\{dc572301-7619-498c-a57d-39143191b318} [2011.08.20 21:09:36 | 000,000,000 | ---D | M] (Greasemonkey) -- C:\Users\ii\AppData\Roaming\mozilla\Firefox\Profiles\uh68ydbz.default\extensions\{e4a8a97b-f2ed-450b-b12d-ee082ba24781} [2010.08.10 08:53:29 | 000,000,000 | ---D | M] ("AskForSanitize") -- C:\Users\ii\AppData\Roaming\mozilla\Firefox\Profiles\uh68ydbz.default\extensions\{ea627165-1724-4db5-ccde-fdc12f45452e} [2011.08.20 21:09:52 | 000,000,000 | ---D | M] (FoxTab) -- C:\Users\ii\AppData\Roaming\mozilla\Firefox\Profiles\uh68ydbz.default\extensions\{ef4e370e-d9f0-4e00-b93e-a4f274cfdd5a} [2011.08.20 21:10:51 | 000,000,000 | ---D | M] ("Xmarks") -- C:\Users\ii\AppData\Roaming\mozilla\Firefox\Profiles\uh68ydbz.default\extensions\foxmarks@kei.com [2011.03.24 02:27:39 | 000,000,000 | ---D | M] (Globefish) -- C:\Users\ii\AppData\Roaming\mozilla\Firefox\Profiles\uh68ydbz.default\extensions\globefish@projects.6831.courses.csail.mit.edu [2011.05.24 12:44:04 | 000,000,000 | ---D | M] (No name found) -- C:\Users\ii\AppData\Roaming\mozilla\Firefox\Profiles\uh68ydbz.default\extensions\{dc572301-7619-498c-a57d-39143191b318}\modules\extensions [2011.09.02 15:56:44 | 000,000,000 | ---D | M] (No name found) -- C:\Programme\Mozilla Firefox\extensions [2010.09.20 15:38:52 | 000,000,000 | ---D | M] (Java Console) -- C:\Programme\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA} [2010.11.23 22:17:44 | 000,000,000 | ---D | M] (Java Console) -- C:\Programme\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA} [2010.09.20 15:38:52 | 000,000,000 | ---D | M] (Java Console) -- C:\PROGRAM FILES\MOZILLA FIREFOX\EXTENSIONS\{CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA} [2010.11.23 22:17:44 | 000,000,000 | ---D | M] (Java Console) -- C:\PROGRAM FILES\MOZILLA FIREFOX\EXTENSIONS\{CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA} [2011.03.23 17:59:16 | 000,000,000 | ---D | M] (PC Sync 2 Synchronisation Extension) -- C:\PROGRAM FILES\NOKIA\NOKIA PC SUITE 7\BKMRKSYNC [2009.08.26 21:05:55 | 000,000,000 | ---D | M] (Microsoft .NET Framework Assistant) -- C:\WINDOWS\MICROSOFT.NET\FRAMEWORK\V3.5\WINDOWS PRESENTATION FOUNDATION\DOTNETASSISTANTEXTENSION [2010.09.15 05:50:38 | 000,472,808 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\mozilla firefox\plugins\npdeployJava1.dll [2011.05.24 09:41:16 | 000,001,392 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\amazondotcom-de.xml [2011.05.24 09:41:16 | 000,002,344 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\eBay-de.xml [2011.05.24 09:41:16 | 000,006,805 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\leo_ende_de.xml [2011.05.24 09:41:16 | 000,001,178 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\wikipedia-de.xml [2011.05.24 09:41:16 | 000,001,105 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\yahoo-de.xml O1 HOSTS File: ([2006.09.18 23:41:30 | 000,000,761 | ---- | M]) - C:\Windows\System32\drivers\etc\hosts O1 - Hosts: 127.0.0.1 localhost O1 - Hosts: ::1 localhost O4 - HKLM..\Run: [Acronis Scheduler2 Service] C:\Program Files\Common Files\Acronis\Schedule2\schedhlp.exe (Acronis) O4 - HKLM..\Run: [avgnt] C:\Program Files\Avira\AntiVir Desktop\avgnt.exe (Avira GmbH) O4 - HKLM..\Run: [BsMnt] C:\Programme\BisonCam\BsMnt.exe () O4 - HKLM..\Run: [ControlCenter3] C:\Program Files\Brother\ControlCenter3\brctrcen.exe (Brother Industries, Ltd.) O4 - HKLM..\Run: [IAAnotif] C:\Programme\Intel\Intel Matrix Storage Manager\IAAnotif.exe (Intel Corporation) O4 - HKLM..\Run: [MyPoi Monitor] C:\Program Files\Common Files\MyPoiWorld Shared\MyPoiMonitor\MyPoiMonitor.exe (MyPoi World B.V.) O4 - HKLM..\Run: [NPSStartup] File not found O4 - HKLM..\Run: [NvCplDaemon] C:\Windows\System32\NvCpl.dll (NVIDIA Corporation) O4 - HKLM..\Run: [pdfFactory Pro Dispatcher v3] C:\Windows\System32\spool\DRIVERS\W32X86\3\fppdis3a.exe (FinePrint Software, LLC) O4 - HKLM..\Run: [TrueImageMonitor.exe] C:\Programme\Acronis\TrueImageHome\TrueImageMonitor.exe (Acronis) O4 - HKLM..\Run: [WD Drive Manager] C:\Programme\Western Digital\WD Drive Manager\WDBtnMgrUI.exe (WDC) O4 - HKLM..\Run: [Windows Defender] C:\Program Files\Windows Defender\MSASCui.exe (Microsoft Corporation) O4 - HKU\S-1-5-19..\Run: [WindowsWelcomeCenter] C:\Windows\System32\oobefldr.dll (Microsoft Corporation) O4 - HKU\S-1-5-20..\Run: [WindowsWelcomeCenter] C:\Windows\System32\oobefldr.dll (Microsoft Corporation) O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 0 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableLUA = 0 O8 - Extra context menu item: Nach Microsoft &Excel exportieren - C:\Programme\MicrosoftOffice\Office10\EXCEL.EXE (Microsoft Corporation) O10 - Protocol_Catalog9\Catalog_Entries\000000000001 - C:\Program Files\Avira\AntiVir Desktop\avsda.dll (Avira GmbH) O10 - Protocol_Catalog9\Catalog_Entries\000000000002 - C:\Program Files\Avira\AntiVir Desktop\avsda.dll (Avira GmbH) O10 - Protocol_Catalog9\Catalog_Entries\000000000013 - C:\Program Files\Avira\AntiVir Desktop\avsda.dll (Avira GmbH) O13 - gopher Prefix: missing O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab (Java Plug-in 1.6.0_22) O16 - DPF: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab (Java Plug-in 1.6.0_22) O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab (Java Plug-in 1.6.0_22) O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab (Reg Error: Key error.) O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.1 O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{4D02D8C6-CFC3-4A9A-9BB7-F7C85C480323}: DhcpNameServer = 192.168.1.1 O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{4D02D8C6-CFC3-4A9A-9BB7-F7C85C480323}: Domain = HAUS O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{4D02D8C6-CFC3-4A9A-9BB7-F7C85C480323}: NameServer = 192.168.1.1 O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{7DDA3770-E50B-4865-85B0-ABE9D1F84006}: DhcpNameServer = 192.168.1.1 O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{7DDA3770-E50B-4865-85B0-ABE9D1F84006}: NameServer = 192.168.1.1 O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{9EE0A647-B058-4D3A-8150-5D95B3474696}: DhcpNameServer = 193.189.244.225 193.189.244.206 O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{CF3540EE-94F0-4C8C-A2FD-34CC2A420F61}: DhcpNameServer = 193.189.244.225 193.189.244.206 O18 - Protocol\Handler\http\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation) O18 - Protocol\Handler\http\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation) O18 - Protocol\Handler\https\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation) O18 - Protocol\Handler\https\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation) O18 - Protocol\Handler\msdaipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation) O18 - Protocol\Handler\msdaipp\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation) O18 - Protocol\Handler\ms-itss {0A9007C0-4076-11D3-8789-0000F8105754} - C:\Programme\Common Files\microsoft shared\Information Retrieval\MSITSS.DLL (Microsoft Corporation) O18 - Protocol\Handler\mso-offdap {3D9F03FA-7A94-11D3-BE81-0050048385D1} - C:\Programme\Common Files\microsoft shared\Web Components\10\OWC10.DLL (Microsoft Corporation) O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation) O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\System32\userinit.exe (Microsoft Corporation) O24 - Desktop WallPaper: D:\Users\ii\Pictures\57260046-gleitschirmflieger.jpg O24 - Desktop BackupWallPaper: D:\Users\ii\Pictures\57260046-gleitschirmflieger.jpg O32 - HKLM CDRom: AutoRun - 1 O32 - AutoRun File - [2006.09.18 23:43:36 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ] O32 - AutoRun File - [2009.02.02 16:07:20 | 000,000,271 | -HS- | M] () - L:\AUTOEXEC.BAT -- [ FAT32 ] O32 - AutoRun File - [2009.12.08 16:56:38 | 000,000,220 | ---- | M] () - L:\Autorun.inf -- [ FAT32 ] O33 - MountPoints2\{1187e07b-9197-11de-a62f-806e6f6e6963}\Shell - "" = AutoRun O33 - MountPoints2\{1187e07b-9197-11de-a62f-806e6f6e6963}\Shell\AutoRun\command - "" = F:\autostart.exe O33 - MountPoints2\{2d05d1e8-11a3-11e0-9ee4-001f16134502}\Shell - "" = AutoRun O33 - MountPoints2\{2d05d1e8-11a3-11e0-9ee4-001f16134502}\Shell\AutoRun\command - "" = I:\AutoRun.exe O33 - MountPoints2\{50f358ef-916f-11de-88a6-ed56e7bc07ec}\Shell\AutoRun\command - "" = K:\Setup.exe O33 - MountPoints2\{98849a3a-1933-11e0-82a8-001e101fb45e}\Shell - "" = AutoRun O33 - MountPoints2\{98849a3a-1933-11e0-82a8-001e101fb45e}\Shell\AutoRun\command - "" = I:\AutoRun.exe O33 - MountPoints2\{99ed1136-1dd0-11e0-8f1f-001e101fabdd}\Shell - "" = AutoRun O33 - MountPoints2\{99ed1136-1dd0-11e0-8f1f-001e101fabdd}\Shell\AutoRun\command - "" = I:\AutoRun.exe O34 - HKLM BootExecute: (autocheck autochk *) - File not found O35 - HKLM\..comfile [open] -- "%1" %* O35 - HKLM\..exefile [open] -- "%1" %* O37 - HKLM\...com [@ = comfile] -- "%1" %* O37 - HKLM\...exe [@ = exefile] -- "%1" %* ========== Files/Folders - Created Within 30 Days ========== [2011.09.02 16:03:04 | 000,581,120 | ---- | C] (OldTimer Tools) -- D:\Users\ii\Desktop\OTL.exe [2011.09.02 15:45:23 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\CCleaner [2011.09.02 15:39:17 | 000,000,000 | ---D | C] -- C:\Users\ii\AppData\Roaming\Malwarebytes [2011.09.02 15:39:13 | 000,041,272 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbamswissarmy.sys [2011.09.02 15:39:13 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\MalwarebytesAnti-Malware [2011.09.02 15:39:12 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes [2011.09.02 15:39:09 | 000,022,712 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbam.sys [2011.09.02 15:39:09 | 000,000,000 | ---D | C] -- C:\Program Files\MalwarebytesAnti-Malware [2011.09.01 14:10:45 | 000,000,000 | ---D | C] -- C:\Kaspersky Rescue Disk 10.0 [2011.08.25 15:31:38 | 000,000,000 | ---D | C] -- C:\Users\ii\AppData\Roaming\InstallPad [2011.08.25 14:39:10 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\_BilderGrafikVideoTools [2011.08.25 14:39:09 | 000,000,000 | ---D | C] -- C:\Program Files\PhotoZoomClassic2 [2011.08.24 18:52:54 | 000,002,048 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\tzres.dll [2011.08.21 16:33:48 | 000,000,000 | ---D | C] -- C:\Users\ii\AppData\Roaming\calibre [2011.08.21 16:33:17 | 000,000,000 | ---D | C] -- C:\Program Files\Calibre2 [2011.08.21 16:33:17 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\calibre - E-book Management [2011.08.21 00:49:34 | 000,000,000 | ---D | C] -- C:\Windows\Sun [2011.08.18 06:05:44 | 000,375,808 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\winsrv.dll [2011.08.18 06:05:34 | 000,025,600 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\jsproxy.dll [2011.08.18 06:05:32 | 000,174,080 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ie4uinit.exe [2011.08.18 06:05:31 | 001,469,440 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\inetcpl.cpl [2011.08.18 06:05:31 | 000,602,112 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msfeeds.dll [2011.08.18 06:05:31 | 000,387,584 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\iedkcs32.dll [2011.08.18 06:05:31 | 000,105,984 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\url.dll [2011.08.18 06:05:30 | 001,638,912 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mshtml.tlb [2011.08.18 06:05:30 | 000,611,840 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mstime.dll [2011.08.18 06:05:30 | 000,385,024 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\html.iec [2011.08.18 06:05:30 | 000,184,320 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\iepeers.dll [2011.08.18 06:05:30 | 000,164,352 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ieui.dll [2011.08.18 06:05:30 | 000,133,632 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ieUnatt.exe [2011.08.18 06:05:30 | 000,109,056 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\iesysprep.dll [2011.08.18 06:05:30 | 000,071,680 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\iesetup.dll [2011.08.18 06:05:30 | 000,055,808 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\iernonce.dll [2011.08.18 06:05:30 | 000,055,296 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msfeedsbs.dll [2011.08.18 06:05:30 | 000,043,520 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\licmgr10.dll [2011.08.18 06:05:30 | 000,013,312 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msfeedssync.exe [2011.08.18 06:05:25 | 003,602,832 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ntkrnlpa.exe [2011.08.18 06:05:24 | 003,550,096 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ntoskrnl.exe [2 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ] ========== Files - Modified Within 30 Days ========== [2011.09.02 16:02:12 | 000,723,190 | ---- | M] () -- C:\Windows\System32\perfh007.dat [2011.09.02 16:02:12 | 000,674,514 | ---- | M] () -- C:\Windows\System32\perfh009.dat [2011.09.02 16:02:12 | 000,131,572 | ---- | M] () -- C:\Windows\System32\perfc009.dat [2011.09.02 16:02:11 | 000,160,622 | ---- | M] () -- C:\Windows\System32\perfc007.dat [2011.09.02 15:56:03 | 000,000,420 | -H-- | M] () -- C:\Windows\tasks\User_Feed_Synchronization-{4DA7EAA1-8D17-4D51-8D71-418E4A094BF9}.job [2011.09.02 15:54:35 | 008,405,015 | ---- | M] () -- C:\Windows\TempFile [2011.09.02 15:54:33 | 000,275,530 | ---- | M] () -- C:\ProgramData\nvModes.001 [2011.09.02 15:54:10 | 000,275,530 | ---- | M] () -- C:\ProgramData\nvModes.dat [2011.09.02 15:54:08 | 000,001,092 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job [2011.09.02 15:54:02 | 000,003,712 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0 [2011.09.02 15:54:02 | 000,003,712 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0 [2011.09.02 15:53:58 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat [2011.09.02 15:49:28 | 000,001,356 | ---- | M] () -- C:\Users\ii\AppData\Local\d3d9caps.dat [2011.09.02 15:45:23 | 000,000,808 | ---- | M] () -- C:\Users\Public\Desktop\CCleaner.lnk [2011.09.02 15:39:13 | 000,000,896 | ---- | M] () -- C:\Users\Public\Desktop\Malwarebytes' Anti-Malware.lnk [2011.09.02 15:33:56 | 000,581,120 | ---- | M] (OldTimer Tools) -- D:\Users\ii\Desktop\OTL.exe [2011.09.01 18:41:47 | 000,000,012 | ---- | M] () -- C:\Windows\bthservsdp.dat [2011.09.01 18:39:00 | 000,001,096 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job [2011.09.01 13:36:00 | 000,000,426 | -H-- | M] () -- C:\Windows\tasks\User_Feed_Synchronization-{2F048F96-C6FC-425D-9EF5-D520D5E145A3}.job [2011.09.01 13:35:34 | 000,254,888 | ---- | M] () -- C:\Windows\System32\FNTCACHE.DAT [2011.08.25 14:39:10 | 000,000,966 | ---- | M] () -- C:\Users\Public\Desktop\PhotoZoomClassic 2.lnk [2011.08.24 20:34:45 | 000,000,284 | ---- | M] () -- C:\Windows\tasks\Defraggler Volume D Task.job [2011.08.24 20:34:43 | 000,003,126 | ---- | M] () -- C:\scheduler.hist [2011.08.24 19:03:38 | 000,000,284 | ---- | M] () -- C:\Windows\tasks\Defraggler Volume C Task.job [2011.08.23 16:01:03 | 000,000,993 | ---- | M] () -- C:\Windows\Brpfx04a.ini [2011.08.21 17:38:09 | 000,010,752 | ---- | M] () -- C:\Users\ii\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini [2011.08.21 16:33:28 | 000,000,883 | ---- | M] () -- C:\Users\Public\Desktop\calibre - E-book management.lnk [2011.08.20 22:03:40 | 000,000,306 | RHS- | M] () -- C:\ProgramData\ntuser.pol [2011.08.06 03:36:07 | 000,042,068 | ---- | M] () -- C:\Users\Public\Documents\kontakteE66*****_05082011.csv [2011.08.06 03:34:39 | 000,042,068 | ---- | M] () -- C:\Users\Public\Documents\kontakteE66******.csv [2011.08.05 03:13:52 | 000,002,037 | ---- | M] () -- C:\Users\Public\Desktop\Nokia Software Updater.lnk [2011.08.04 16:54:38 | 000,000,000 | ---- | M] () -- C:\Windows\brdfxspd.dat [2 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ] ========== Files Created - No Company Name ========== [2011.09.02 15:39:13 | 000,000,896 | ---- | C] () -- C:\Users\Public\Desktop\Malwarebytes' Anti-Malware.lnk [2011.08.25 14:39:10 | 000,000,966 | ---- | C] () -- C:\Users\Public\Desktop\PhotoZoomClassic 2.lnk [2011.08.21 16:33:28 | 000,000,883 | ---- | C] () -- C:\Users\Public\Desktop\calibre - E-book management.lnk [2011.08.20 22:03:40 | 000,000,306 | RHS- | C] () -- C:\ProgramData\ntuser.pol [2011.08.06 03:36:07 | 000,042,068 | ---- | C] () -- C:\Users\Public\Documents\kontakteE66*****_05082011.csv [2011.08.06 03:34:38 | 000,042,068 | ---- | C] () -- C:\Users\Public\Documents\kontakteE66*****.csv [2011.07.11 14:23:50 | 000,000,136 | ---- | C] () -- C:\Users\ii\AppData\Local\OwnNote.vnt [2011.06.02 17:43:59 | 000,026,340 | ---- | C] () -- C:\Users\ii\AppData\Roaming\UserTile.png [2011.05.19 20:27:11 | 000,127,425 | ---- | C] () -- C:\Users\ii\AppData\Local\Foto-0041.jpg [2011.05.19 20:27:07 | 000,139,674 | ---- | C] () -- C:\Users\ii\AppData\Local\Foto-0042.jpg [2011.05.19 20:27:04 | 000,114,262 | ---- | C] () -- C:\Users\ii\AppData\Local\Foto-0043.jpg [2011.05.19 20:27:01 | 000,157,508 | ---- | C] () -- C:\Users\ii\AppData\Local\Foto-0044.jpg [2011.05.19 20:26:57 | 000,120,206 | ---- | C] () -- C:\Users\ii\AppData\Local\Foto-0045.jpg [2011.04.05 15:01:07 | 000,000,272 | ---- | C] () -- C:\Windows\{0C6DB6B9-2D17-4AA5-A207-42D28BF9F434}_WiseFW.ini [2011.03.18 03:46:18 | 000,110,592 | ---- | C] () -- C:\Windows\System32\FsUsbExDevice.Dll [2011.03.18 03:46:18 | 000,036,608 | ---- | C] () -- C:\Windows\System32\FsUsbExDisk.Sys [2010.06.12 19:19:56 | 000,000,036 | ---- | C] () -- C:\Users\ii\AppData\Local\housecall.guid.cache [2010.04.19 22:50:46 | 000,495,616 | ---- | C] () -- C:\Windows\System32\D3DX8ab.dll [2009.12.03 10:27:30 | 000,080,416 | ---- | C] () -- C:\Windows\System32\RtNicProp32.dll [2009.11.17 00:37:57 | 000,468,084 | ---- | C] () -- C:\Windows\cluninst.exe [2009.11.17 00:34:42 | 000,000,098 | ---- | C] () -- C:\Windows\etkinst.ini [2009.09.17 10:52:49 | 000,117,248 | ---- | C] () -- C:\Windows\System32\EhStorAuthn.dll [2009.09.17 10:52:49 | 000,107,612 | ---- | C] () -- C:\Windows\System32\StructuredQuerySchema.bin [2009.08.30 21:04:54 | 000,000,012 | ---- | C] () -- C:\Windows\bthservsdp.dat [2009.08.30 03:45:45 | 000,127,184 | ---- | C] () -- C:\Windows\Unwise.exe [2009.08.30 02:33:56 | 000,090,112 | ---- | C] () -- C:\Windows\SendToClip.exe [2009.08.26 17:05:16 | 000,049,152 | ---- | C] () -- C:\Windows\System32\AVerIO.dll [2009.08.26 17:05:16 | 000,003,456 | ---- | C] () -- C:\Windows\System32\AVerIO.sys [2009.08.26 17:05:05 | 000,565,248 | ---- | C] () -- C:\Windows\System32\sptlib21.dll [2009.08.26 17:05:05 | 000,290,816 | ---- | C] () -- C:\Windows\System32\sptlib22.dll [2009.08.26 17:05:05 | 000,135,168 | ---- | C] () -- C:\Windows\System32\sptlib12.dll [2009.08.26 17:05:04 | 000,294,912 | ---- | C] () -- C:\Windows\System32\sptlib11.dll [2009.08.26 17:05:04 | 000,249,856 | ---- | C] () -- C:\Windows\System32\sptlib01.dll [2009.08.26 17:05:04 | 000,245,760 | ---- | C] () -- C:\Windows\System32\sptlib03.dll [2009.08.26 17:05:04 | 000,241,664 | ---- | C] () -- C:\Windows\System32\sptlib02.dll [2009.08.26 12:53:28 | 000,000,928 | ---- | C] () -- C:\Windows\ODBC.INI [2009.08.26 11:56:47 | 000,000,993 | ---- | C] () -- C:\Windows\Brpfx04a.ini [2009.08.26 11:56:47 | 000,000,157 | ---- | C] () -- C:\Windows\brpcfx.ini [2009.08.26 11:56:08 | 000,000,425 | ---- | C] () -- C:\Windows\BRWMARK.INI [2009.08.26 11:56:08 | 000,000,027 | ---- | C] () -- C:\Windows\BRPP2KA.INI [2009.08.26 11:54:31 | 000,000,050 | ---- | C] () -- C:\Windows\System32\bridf08b.dat [2009.08.26 11:54:18 | 000,000,066 | ---- | C] () -- C:\Windows\Brfaxrx.ini [2009.08.26 11:54:17 | 000,000,000 | ---- | C] () -- C:\Windows\brdfxspd.dat [2009.08.26 11:54:15 | 000,106,496 | ---- | C] () -- C:\Windows\System32\BrMuSNMP.dll [2009.08.26 09:36:32 | 000,015,190 | ---- | C] () -- C:\Windows\M3000Twn.ini [2009.08.26 03:34:10 | 000,018,904 | ---- | C] () -- C:\Windows\System32\StructuredQuerySchemaTrivial.bin [2009.08.26 01:27:16 | 000,010,752 | ---- | C] () -- C:\Users\ii\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini [2009.08.25 20:21:56 | 000,015,312 | ---- | C] () -- C:\Windows\System32\RaCoInst.dat [2009.08.25 19:29:32 | 000,275,530 | ---- | C] () -- C:\ProgramData\nvModes.001 [2009.08.25 18:50:13 | 000,275,530 | ---- | C] () -- C:\ProgramData\nvModes.dat [2009.08.25 18:36:28 | 000,000,276 | ---- | C] () -- C:\Windows\System32\drivers\SamSfPa.dat [2009.08.25 14:57:02 | 000,001,356 | ---- | C] () -- C:\Users\ii\AppData\Local\d3d9caps.dat [2009.06.17 14:02:46 | 000,029,192 | ---- | C] () -- C:\Windows\System32\drivers\btnetBus.sys [2008.01.21 09:15:58 | 000,723,190 | ---- | C] () -- C:\Windows\System32\perfh007.dat [2008.01.21 09:15:58 | 000,290,748 | ---- | C] () -- C:\Windows\System32\perfi007.dat [2008.01.21 09:15:58 | 000,160,622 | ---- | C] () -- C:\Windows\System32\perfc007.dat [2008.01.21 09:15:58 | 000,036,916 | ---- | C] () -- C:\Windows\System32\perfd007.dat [2007.10.25 18:26:10 | 000,005,632 | ---- | C] () -- C:\Windows\System32\drivers\StarOpen.sys [2006.11.02 14:57:28 | 000,067,584 | --S- | C] () -- C:\Windows\bootstat.dat [2006.11.02 14:47:37 | 000,254,888 | ---- | C] () -- C:\Windows\System32\FNTCACHE.DAT [2006.11.02 14:35:32 | 000,005,632 | ---- | C] () -- C:\Windows\System32\sysprepMCE.dll [2006.11.02 12:33:01 | 000,674,514 | ---- | C] () -- C:\Windows\System32\perfh009.dat [2006.11.02 12:33:01 | 000,287,440 | ---- | C] () -- C:\Windows\System32\perfi009.dat [2006.11.02 12:33:01 | 000,131,572 | ---- | C] () -- C:\Windows\System32\perfc009.dat [2006.11.02 12:33:01 | 000,030,674 | ---- | C] () -- C:\Windows\System32\perfd009.dat [2006.11.02 12:23:21 | 000,215,943 | ---- | C] () -- C:\Windows\System32\dssec.dat [2006.11.02 10:58:30 | 000,043,131 | ---- | C] () -- C:\Windows\mib.bin [2006.11.02 10:19:00 | 000,000,741 | ---- | C] () -- C:\Windows\System32\NOISE.DAT [2006.11.02 09:40:29 | 000,013,750 | ---- | C] () -- C:\Windows\System32\pacerprf.ini [2006.11.02 09:25:31 | 000,673,088 | ---- | C] () -- C:\Windows\System32\mlang.dat ========== Alternate Data Streams ========== @Alternate Data Stream - 8747 bytes -> D:\Users\ii\Documents\Clubinfo :::::::: zu OLC Bundesliga.eml:OECustomProperty @Alternate Data Stream - 8711 bytes -> D:\Users\ii\Documents\Clubinfo :::::::: von Dieter.eml:OECustomProperty @Alternate Data Stream - 8711 bytes -> D:\Users\ii\Documents\Clubinfo :::::::: Stammtisch.eml:OECustomProperty @Alternate Data Stream - 8673 bytes -> D:\Users\ii\Documents\Re_ Clubinfo :::::::: Stammtisch.eml:OECustomProperty @Alternate Data Stream - 1287 bytes -> D:\Users\ii\Documents\Offene Rechnung ._. RG_ HM***** - h****@h-*****.com EILT!.eml:OECustomProperty @Alternate Data Stream - 1287 bytes -> D:\Users\ii\Documents\Offene Rechnung ._. RG_ HM****** - h***@h-*****.com EILT!.eml:OECustomProperty @Alternate Data Stream - 1263 bytes -> D:\Users\ii\Documents\Re_ looking send to Toy vers. for win98.eml:OECustomProperty @Alternate Data Stream - 1183 bytes -> D:\Users\ii\Documents\Happy-Load.com MAHNUNG - Ihre RechnungsNr_ HM09-****.eml:OECustomProperty @Alternate Data Stream - 1175 bytes -> D:\Users\ii\Documents\Daten deines Feedback-Formulars.eml:OECustomProperty @Alternate Data Stream - 1127 bytes -> D:\Users\ii\Documents\******** in Nymphenburg.eml:OECustomProperty @Alternate Data Stream - 1075 bytes -> D:\Users\ii\Documents\Formular zur Schadenmeldung, H ***-**** .eml:OECustomProperty @Alternate Data Stream - 1047 bytes -> D:\Users\ii\Documents\AW_ Empting Kontaktformular BIOS Brennservice.eml:OECustomProperty < End of report > [/code] und otl-extra OTL Logfile: Code:
ATTFilter OTL Extras logfile created on: 02.09.2011 16:06:38 - Run 1
OTL by OldTimer - Version 3.2.27.0 Folder = D:\Users\ii\Desktop
Windows Vista Home Premium Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.19120)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
2,99 Gb Total Physical Memory | 1,66 Gb Available Physical Memory | 55,58% Memory free
13,16 Gb Paging File | 11,78 Gb Available in Paging File | 89,56% Paging File free
Paging file location(s): [Binary data over 100 bytes]
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 107,42 Gb Total Space | 43,15 Gb Free Space | 40,17% Space Free | Partition Type: NTFS
Drive D: | 165,87 Gb Total Space | 98,69 Gb Free Space | 59,50% Space Free | Partition Type: NTFS
Drive E: | 20,00 Gb Total Space | 13,80 Gb Free Space | 69,00% Space Free | Partition Type: FAT32
Drive L: | 7,47 Gb Total Space | 2,36 Gb Free Space | 31,54% Space Free | Partition Type: FAT32
Drive Z: | 1023,00 Mb Total Space | 522,68 Mb Free Space | 51,09% Space Free | Partition Type: FAT32
Computer Name: comp* | User Name: ii | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
========== Extra Registry (SafeList) ==========
========== File Associations ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- C:\Windows\System32\control.exe (Microsoft Corporation)
.hlp [@ = hlpfile] -- C:\Windows\winhlp32.exe (Microsoft Corporation)
[HKEY_USERS\S-1-5-21-1132503739-529802008-4276434138-1000\SOFTWARE\Classes\<extension>]
.html [@ = FirefoxHTML] -- C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation)
.ini [@ = Notepad++_file] -- Reg Error: Key error. File not found
.txt [@ = Notepad++_file] -- Reg Error: Key error. File not found
========== Shell Spawning ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
hlpfile [open] -- %SystemRoot%\winhlp32.exe %1 (Microsoft Corporation)
htmlfile [edit] -- "C:\Program Files\MicrosoftOffice\Office10\msohtmed.exe" %1 (Microsoft Corporation)
htmlfile [print] -- "C:\Program Files\MicrosoftOffice\Office10\msohtmed.exe" /p %1 (Microsoft Corporation)
http [open] -- Reg Error: Value error.
https [open] -- Reg Error: Value error.
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [AddToPlaylistVLC] -- "C:\Program Files\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" ()
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [PlayWithVLC] -- "C:\Program Files\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" ()
Directory [sendtotoys1add] -- C:\Program Files\SendToToys\SendToAdd.exe "%1" ()
Directory [sendtotoys1remove] -- C:\Program Files\SendToToys\SendToRemove.exe "%1" ()
Directory [sendtotoys2prompt] -- C:\Program Files\SendToToys\SendToCommandPrompt.exe "%1" ()
Folder [open] -- %SystemRoot%\Explorer.exe /separate,/idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /separate,/e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
========== Security Center Settings ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0
"VistaSp1" = Reg Error: Unknown registry data type -- File not found
"VistaSp2" = Reg Error: Unknown registry data type -- File not found
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\S-1-5-21-1132503739-529802008-4276434138-1000]
"EnableNotifications" = 1
"EnableNotificationsRef" = 2
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]
========== Firewall Settings ==========
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0
"DisableUnicastResponsesToMulticastBroadcast" = 0
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0
"DisableUnicastResponsesToMulticastBroadcast" = 0
========== Authorized Applications List ==========
========== Vista Active Open Ports Exception List ==========
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{02FD153E-ABC9-4D1D-B02D-7AA483D575FF}" = lport=162 | protocol=17 | dir=in | svc=snmptrap | app=c:\windows\system32\snmptrap.exe |
"{05108C21-5F10-4660-9785-9E31062633A1}" = lport=2177 | protocol=6 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{058460DE-836F-42EE-83AB-D7D86F043012}" = lport=135 | protocol=6 | dir=in | svc=rpcss | app=c:\windows\system32\svchost.exe |
"{0B929043-469B-42BD-AFCA-4F610CF5433E}" = rport=10243 | protocol=6 | dir=out | app=system |
"{0BEFFBBD-F3F6-412B-B100-8DE3881C686A}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=c:\windows\system32\svchost.exe |
"{14BCDDB7-930F-4B33-99B2-853127CCD869}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{1CE2363F-CD42-452A-95D2-08BB1401E73F}" = rport=139 | protocol=6 | dir=out | app=system |
"{1EF53F87-F7A4-47A0-BED5-7427C675BBEA}" = lport=80 | protocol=6 | dir=in | app=system |
"{1F254634-052C-4E5C-8E2B-3E90338FA69B}" = rport=2177 | protocol=17 | dir=out | svc=qwave | app=c:\windows\system32\svchost.exe |
"{1FBEA8B2-EC99-4529-9553-364973E48D3D}" = lport=7777 | protocol=17 | dir=in | app=c:\windows\ehome\ehshell.exe |
"{27D45B53-572E-4F87-B1B6-155BA3E89846}" = lport=3390 | protocol=6 | dir=in | app=system |
"{29D9C0C3-3FAF-4161-893F-BBF02BA80600}" = rport=5722 | protocol=6 | dir=out | svc=dfsr | app=c:\windows\system32\dfsr.exe |
"{2A8D292A-1CBA-44F0-B647-5CEA310F9F3C}" = rport=1723 | protocol=6 | dir=out | app=system |
"{2BD08FD1-EEA6-43B6-BE00-FED5939BC550}" = lport=445 | protocol=6 | dir=in | app=system |
"{31E7ACC9-9DF1-490C-BAB5-688EF5E80670}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=c:\windows\system32\svchost.exe |
"{4484C1B4-4559-48BD-A5D9-3D1327171609}" = lport=137 | protocol=17 | dir=in | app=system |
"{4519482D-8173-4CBE-9F6B-C69EA2AEDBCF}" = rport=3702 | protocol=17 | dir=out | svc=bits | app=c:\windows\system32\svchost.exe |
"{46161930-3601-4F49-A5DA-E07B38B28320}" = lport=rpc | protocol=6 | dir=in | svc=vds | app=c:\windows\system32\vds.exe |
"{4678B9AB-D840-4DD9-96C6-0BE1CDE286DF}" = lport=2178 | protocol=6 | dir=in | app=system |
"{48494A11-6A2C-45DD-BB00-F6C5AFC1816E}" = lport=rpc | protocol=6 | dir=in | svc=ktmrm | app=c:\windows\system32\svchost.exe |
"{4FBED585-FE2C-4F3D-B6C7-C383F4E8F7BC}" = lport=554 | protocol=6 | dir=in | app=c:\windows\ehome\ehshell.exe |
"{551A8EE4-3437-46D9-8A2A-0F87A0281903}" = lport=rpc-epmap | protocol=6 | dir=in | svc=rpcss | name=@firewallapi.dll,-28539 |
"{5A8ED024-5B80-4C86-AB3A-B4FC7A85CD00}" = lport=2177 | protocol=17 | dir=in | svc=qwave | app=c:\windows\system32\svchost.exe |
"{5EFBFD02-627B-480D-BD70-02BEEE8FB70F}" = lport=443 | protocol=6 | dir=in | app=system |
"{5F87C055-C165-4547-8A8C-AF0C04CB4F53}" = lport=3587 | protocol=6 | dir=in | svc=p2psvc | app=c:\windows\system32\svchost.exe |
"{63FFA390-0919-46F6-9792-7558AD37F7B8}" = rport=3540 | protocol=17 | dir=out | svc=pnrpsvc | app=c:\windows\system32\svchost.exe |
"{6406C504-07B0-4743-AD77-AEF287754416}" = lport=445 | protocol=6 | dir=in | app=system |
"{667285AF-530A-44D3-9A61-8F31F6CB0FA9}" = rport=5358 | protocol=6 | dir=out | app=system |
"{67CD9F97-EBED-438C-931D-9BBD6287F964}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=c:\windows\system32\svchost.exe |
"{68448D7E-06ED-468C-B63C-09CC640AE162}" = rport=138 | protocol=17 | dir=out | app=system |
"{76116FDB-8392-4850-B620-84BEE0A7E9A0}" = lport=2869 | protocol=6 | dir=in | app=system |
"{7AC00DDD-D5BD-4A96-9852-7C2A44EC805C}" = lport=2177 | protocol=6 | dir=in | svc=qwave | app=c:\windows\system32\svchost.exe |
"{7AD4107B-FB47-4CE1-B09E-D1249C549217}" = rport=2178 | protocol=6 | dir=out | app=system |
"{7C6A5727-EE23-448C-AECD-049DC596CA4A}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=c:\windows\system32\svchost.exe |
"{7D0887A0-43DE-4B05-B177-A4D86A9EA486}" = rport=2177 | protocol=17 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{7EB9613C-5826-47C2-9C49-ADA46206BD80}" = rport=2177 | protocol=6 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{8B1EAC4F-DAEE-402F-80AA-26FC121F6E0B}" = rport=3702 | protocol=17 | dir=out | app=c:\windows\system32\p2phost.exe |
"{923DC43A-1F0C-4F70-9721-B664A9180A96}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=c:\windows\system32\svchost.exe |
"{96229ABB-0170-48D7-94BE-6E907D6ADB1E}" = lport=3540 | protocol=17 | dir=in | svc=pnrpsvc | app=c:\windows\system32\svchost.exe |
"{9DB29835-C9C6-4901-9806-B7E26D075DF0}" = lport=rpc-epmap | protocol=6 | dir=in | svc=rpcss | app=c:\windows\system32\svchost.exe |
"{A1DB05B0-7921-4A3F-B7B5-C7E3AD46014A}" = lport=3540 | protocol=17 | dir=in | svc=pnrpsvc | app=c:\windows\system32\svchost.exe |
"{A4A9A3A1-D4C3-45F8-B5B9-E0A730044EBB}" = lport=1723 | protocol=6 | dir=in | app=system |
"{A7A630DC-461E-4102-B1FC-9411E1823556}" = lport=3702 | protocol=17 | dir=in | svc=bits | app=c:\windows\system32\svchost.exe |
"{AB542126-F6ED-4F66-A811-2B3F6C5A284E}" = rport=3540 | protocol=17 | dir=out | svc=pnrpsvc | app=c:\windows\system32\svchost.exe |
"{ABE90B8E-F96F-4B67-971E-F69C2F8622EB}" = rport=137 | protocol=17 | dir=out | app=system |
"{B075176B-8B07-4796-8B32-FC269B0DC942}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=c:\windows\system32\svchost.exe |
"{B24F6D57-0AFF-4D26-B926-C0FBE048DA63}" = lport=rpc-epmap | protocol=6 | dir=in | svc=rpcss | app=c:\windows\system32\svchost.exe |
"{B281AF30-0D81-48B5-97D3-6C2B0BE291D4}" = lport=rpc | protocol=6 | dir=in | svc=bits | app=c:\windows\system32\svchost.exe |
"{B3FE9E04-893B-4A64-9A64-6FFE3F03CE08}" = lport=rpc-epmap | protocol=6 | dir=in | svc=rpcss | app=c:\windows\system32\svchost.exe |
"{B4B19C0C-9682-45AE-B194-6745D4872F95}" = rport=10244 | protocol=6 | dir=out | app=system |
"{B4E47337-8D99-4BFE-B46E-8A27768178BE}" = rport=2177 | protocol=6 | dir=out | svc=qwave | app=c:\windows\system32\svchost.exe |
"{B574143D-59E2-46B6-9075-ABD9CF5142A9}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{B57F88C5-D3AD-46C6-A7A6-F64C66A5366E}" = rport=5357 | protocol=6 | dir=out | app=system |
"{B73C1CB5-C854-45F9-9C2F-B3349987B677}" = lport=rpc | protocol=6 | dir=in | app=c:\windows\system32\vdsldr.exe |
"{B7480297-8857-4061-BE1C-5A34C6327821}" = lport=135 | protocol=6 | dir=in | svc=rpcss | app=c:\windows\system32\svchost.exe |
"{B7896275-4170-45F5-A789-F17202BA0509}" = lport=10243 | protocol=6 | dir=in | app=system |
"{B802D91E-C390-420E-A1E5-ED5731E0086B}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=c:\windows\system32\svchost.exe |
"{C29583EF-E729-49DA-8EE7-25ADF1D15827}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=c:\windows\system32\svchost.exe |
"{C41AC74A-645A-4C95-87FF-25DB26062E40}" = lport=139 | protocol=6 | dir=in | app=system |
"{C51FA661-C2CC-4A78-A6DD-52EF8AE9B084}" = lport=2177 | protocol=17 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{D30A1273-E6A1-4059-B0C1-4D680944B960}" = lport=54925 | protocol=17 | dir=in | name=brothernetwork scanner |
"{D396F231-97CC-4096-B248-20F1CA8E0206}" = lport=1701 | protocol=17 | dir=in | app=system |
"{D8F5C5D6-C0EA-467B-8415-3BDD3B445222}" = rport=445 | protocol=6 | dir=out | app=system |
"{DB01158B-408D-4A79-AED7-E2B0EF7B5F15}" = lport=443 | protocol=6 | dir=in | app=system |
"{DEEF28BE-A462-47E6-BF7F-C8AEF419864E}" = rport=1701 | protocol=17 | dir=out | app=system |
"{E3C8568D-4133-45C8-80F6-D9538D563F9C}" = lport=138 | protocol=17 | dir=in | app=system |
"{E485FDCD-F930-4B79-98E0-8BA21F87B190}" = lport=5722 | protocol=6 | dir=in | svc=dfsr | app=c:\windows\system32\dfsr.exe |
"{E65413C9-8482-426E-8BDC-444A37252E14}" = lport=10244 | protocol=6 | dir=in | app=system |
"{EB081A00-2E6D-42B6-88FE-1CAA112690C0}" = lport=3702 | protocol=17 | dir=in | app=c:\windows\system32\p2phost.exe |
"{F3B9912E-CB9A-4614-96DC-5CED0E5391EE}" = rport=3587 | protocol=6 | dir=out | svc=p2psvc | app=c:\windows\system32\svchost.exe |
"{F8C32060-E8F7-48E0-BBA2-4EBAB856A771}" = lport=2869 | protocol=6 | dir=in | app=system |
"{FCA90AE8-7D55-45FB-97F9-2CE449CBBCBB}" = lport=rpc | protocol=6 | dir=in | svc=spooler | app=%systemroot%\system32\spoolsv.exe |
========== Vista Active Application Exception List ==========
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{04F9B129-D974-445A-B93B-D09188499BF9}" = protocol=6 | dir=in | app=d:\tomtomhome2\tomtomhome.exe |
"{061448A8-D7BD-4E0E-9D10-AAD18F809536}" = protocol=6 | dir=in | app=c:\windows\system32\plasrv.exe |
"{0BA49DF1-EFD1-4387-990B-607B41704021}" = protocol=58 | dir=in | name=@firewallapi.dll,-28545 |
"{0D66A5CE-1D70-4170-9CB4-4C6E52DFB370}" = protocol=6 | dir=out | app=system |
"{129E9A15-2298-4E14-8288-161C234779F8}" = protocol=17 | dir=in | app=c:\program files\brother\brmfl08b\faxrx.exe |
"{21FF1FE9-6865-444B-BA04-A6A44CB9F252}" = protocol=17 | dir=in | app=d:\tomtomhome2\poiedit_manager\mypoimanager.exe |
"{2D9E6E6A-50EA-457B-AD78-FA03FB684177}" = protocol=6 | dir=in | app=c:\program files\brother\brmfl08b\brscutil.exe |
"{2FBBF694-28D3-4284-B0CC-0AB47C6E2C82}" = protocol=6 | dir=in | svc=winmgmt | app=c:\windows\system32\svchost.exe |
"{330257D6-9A31-4119-B667-D08D756D7085}" = protocol=17 | dir=in | app=c:\samsungpcstudio\npsvsvr.exe |
"{48CFC94D-CB23-4453-B885-DFF56BB86311}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{4BEC356E-E2C1-4A13-B200-C62CC3C30E6F}" = protocol=6 | dir=in | app=c:\windows\system32\msdtc.exe |
"{51C8DF18-FA0D-44BE-AB89-EECCF1386C00}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe |
"{53B6C5CD-7CDE-43EA-91D9-F6E9049E4ECC}" = protocol=17 | dir=out | app=c:\windows\ehome\ehshell.exe |
"{578FF1AE-1352-414C-B248-3F11F9D89768}" = protocol=6 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe |
"{58AE3C15-D734-475E-B8FC-1E35244631D6}" = protocol=6 | dir=out | svc=winmgmt | app=c:\windows\system32\svchost.exe |
"{640A1E0F-C651-4DEB-B6BC-A597EC0366D0}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe |
"{67495994-3D57-45AD-99E5-F876E6ED9251}" = protocol=6 | dir=in | app=c:\program files\bluetooth\bluesoleil\bluesoleilcs.exe |
"{6E5B5AED-9138-4DBB-BAD7-39B71CF6E50C}" = protocol=6 | dir=out | app=c:\program files\windows collaboration\wincollab.exe |
"{72D4842D-3AA8-45F2-8831-CDBD907E8FCB}" = protocol=6 | dir=in | app=c:\samsungpcstudio\npsasvr.exe |
"{7ADACCB9-D490-4A00-BE2F-E8B34D72B14F}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{7D8EFE8A-946A-4A78-9531-A3DF6BB93E1E}" = protocol=17 | dir=in | app=c:\samsungpcstudio\npsasvr.exe |
"{89796D89-7A77-4606-9BFE-B58466D7E0DD}" = protocol=6 | dir=in | svc=msiscsi | app=c:\windows\system32\svchost.exe |
"{8ABAD532-2E0A-4377-8BC4-5610B2C70333}" = protocol=6 | dir=out | app=c:\windows\system32\p2phost.exe |
"{8B817D20-54B0-45DE-843F-0F281FCA164E}" = protocol=6 | dir=out | app=c:\windows\ehome\mcx2prov.exe |
"{9011EFBE-062A-4A51-8677-E14FC1F6C79F}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe |
"{92FC1989-9FA6-43DD-B5BA-F8777DA8B00C}" = protocol=6 | dir=in | app=c:\samsungpcstudio\npsvsvr.exe |
"{9DA26198-5291-4193-AF86-32BC3DA86B3C}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{A04FC023-9260-44FB-B0FB-B952913B74B8}" = protocol=6 | dir=out | app=c:\windows\system32\wudfhost.exe |
"{A28E5E8B-BFF9-471A-9FC8-F95884E1A534}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{A6C3BAA6-ECF4-48F8-935E-5585911BFEF7}" = protocol=1 | dir=in | name=@firewallapi.dll,-28543 |
"{A875B7E5-CBCB-462C-B201-02E93795BDF5}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe |
"{A880D1BD-E4C2-4395-956B-47191C9B6FF5}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe |
"{B605D757-A24C-42DA-AF7A-EDF9119D894B}" = protocol=6 | dir=in | app=c:\program files\windows collaboration\wincollab.exe |
"{B7333AE9-40C6-47E7-AAC2-995DFA667ED5}" = protocol=17 | dir=in | app=c:\program files\bluetooth\bluesoleil\bluesoleilcs.exe |
"{BAEE77E4-6A1D-4718-B71C-8B3200FAED4B}" = protocol=6 | dir=out | app=system |
"{C5BBC0BC-B1BC-4C43-B79C-8B6C7DF772D5}" = protocol=17 | dir=in | app=c:\program files\brother\brmfl08b\brscutil.exe |
"{CC1A7A39-98E9-4B54-8A87-81A4BADF076A}" = protocol=17 | dir=out | app=c:\program files\windows collaboration\wincollab.exe |
"{CCA8B261-FA02-462C-B24F-A235866ACFA6}" = protocol=6 | dir=in | app=c:\windows\system32\p2phost.exe |
"{CD5BA620-BBF7-4E39-9BE7-8F8CD75A8285}" = protocol=58 | dir=out | name=@firewallapi.dll,-28546 |
"{CF15445A-D749-4212-8F97-9B53CD9E02E9}" = protocol=6 | dir=out | svc=msiscsi | app=c:\windows\system32\svchost.exe |
"{D2608DCF-496E-4195-9401-443A6546E323}" = protocol=6 | dir=out | svc=upnphost | app=c:\windows\system32\svchost.exe |
"{D458574E-B561-47D6-91DA-6CB76C753BF7}" = protocol=6 | dir=in | app=c:\windows\system32\wbem\unsecapp.exe |
"{D82C0AFA-C4F2-49C2-AE8A-FFB620876E4F}" = protocol=6 | dir=out | svc=upnphost | app=%systemroot%\system32\svchost.exe |
"{D98C0201-96E9-435E-B23B-7E93CFFDAE12}" = protocol=1 | dir=out | name=@firewallapi.dll,-28544 |
"{DB99AF0B-C3D8-401B-B8BC-1C2295FCC341}" = protocol=6 | dir=in | app=c:\program files\brother\brmfl08b\faxrx.exe |
"{DC79FC36-D44B-4BAE-A0D0-4DB263B463E0}" = protocol=6 | dir=in | app=d:\tomtomhome2\poiedit_manager\mypoimanager.exe |
"{E45F3597-42AA-43D9-A6F7-51B241D9E052}" = protocol=6 | dir=out | app=c:\windows\ehome\ehshell.exe |
"{E6FDAD51-1A6F-45EF-A3D4-693717285F07}" = protocol=6 | dir=out | app=c:\windows\system32\msdtc.exe |
"{EB31F3E6-FF20-4BB4-96F2-2D023D0A41F5}" = protocol=6 | dir=out | svc=mcx2svc | app=c:\windows\system32\svchost.exe |
"{EC24C1D2-EE8C-4F73-9EE9-BDC524BB40AB}" = protocol=17 | dir=in | app=c:\program files\windows collaboration\wincollab.exe |
"{F1595F83-DF99-4447-8B1B-FFEBA7E9B741}" = protocol=17 | dir=in | app=d:\tomtomhome2\tomtomhome.exe |
"TCP Query User{3833217A-A628-4F50-B4BD-2AA969E72101}C:\program files\common files\nokia\service layer\a\nsl_host_process.exe" = protocol=6 | dir=in | app=c:\program files\common files\nokia\service layer\a\nsl_host_process.exe |
"TCP Query User{52916C38-8E63-4C18-B33E-8D08B2454004}C:\program files\common files\nokia\service layer\a\nsl_host_process.exe" = protocol=6 | dir=in | app=c:\program files\common files\nokia\service layer\a\nsl_host_process.exe |
"TCP Query User{6C0A8F47-5A72-4BE8-B6AD-BA04FA21881D}C:\program files\nokia\nokia software updater\nsu_ui_client.exe" = protocol=6 | dir=in | app=c:\program files\nokia\nokia software updater\nsu_ui_client.exe |
"TCP Query User{A8C79AB3-A44A-4CDD-8951-384CABB6C8A1}C:\program files\google\google earth\client\googleearth.exe" = protocol=6 | dir=in | app=c:\program files\google\google earth\client\googleearth.exe |
"TCP Query User{F4B8FEE7-AB6B-47C8-B9CA-5F2F91C1A345}C:\program files\nokia\nokia software updater\nsu_ui_client.exe" = protocol=6 | dir=in | app=c:\program files\nokia\nokia software updater\nsu_ui_client.exe |
"UDP Query User{735BC4B5-1451-44DE-A389-EA3B025E28E1}C:\program files\common files\nokia\service layer\a\nsl_host_process.exe" = protocol=17 | dir=in | app=c:\program files\common files\nokia\service layer\a\nsl_host_process.exe |
"UDP Query User{CCE84ADA-E91A-4123-AC86-8FFE465C7E36}C:\program files\nokia\nokia software updater\nsu_ui_client.exe" = protocol=17 | dir=in | app=c:\program files\nokia\nokia software updater\nsu_ui_client.exe |
"UDP Query User{DEB7E2CB-8C1D-4B69-AA44-140688BCB941}C:\program files\google\google earth\client\googleearth.exe" = protocol=17 | dir=in | app=c:\program files\google\google earth\client\googleearth.exe |
"UDP Query User{E91B5EB6-BA5F-4722-81B2-2E517B6C1B7D}C:\program files\common files\nokia\service layer\a\nsl_host_process.exe" = protocol=17 | dir=in | app=c:\program files\common files\nokia\service layer\a\nsl_host_process.exe |
"UDP Query User{F9F70862-719D-4CB0-9786-4137A5D58F18}C:\program files\nokia\nokia software updater\nsu_ui_client.exe" = protocol=17 | dir=in | app=c:\program files\nokia\nokia software updater\nsu_ui_client.exe |
========== HKEY_LOCAL_MACHINE Uninstall List ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{002D9D5E-29BA-3E6D-9BC4-3D7D6DBC735C}" = Microsoft Visual C++ 2008 ATL Update kb973924 - x86 9.0.30729.4148
"{052FDD78-A6EA-3187-8386-C82F4CA3A929}" = Microsoft .NET Framework 3.5 Language Pack SP1 - deu
"{0A0CADCF-78DA-33C4-A350-CD51849B9702}" = Microsoft .NET Framework 4 Extended
"{0C6DB6B9-2D17-4AA5-A207-42D28BF9F434}" = MyPoi Manager
"{0E0DF90C-D0BA-4C89-9262-AD78D1A3DE51}" = HP USB Disk Storage Format Tool
"{26921B2E-3E62-47F9-A514-1FC4A83BD738}" = Intel(R) PROSet/Wireless WiFi Software
"{26A24AE4-039D-4CA4-87B4-2F83216020FF}" = Java(TM) 6 Update 22
"{3C3901C5-3455-3E0A-A214-0B093A5070A6}" = Microsoft .NET Framework 4 Client Profile
"{4216D328-0FE8-48B8-85B8-BD300E6F080F}" = Nokia Connectivity Cable Driver
"{4286E640-B5FB-11DF-AC4B-005056C00008}" = Google Earth
"{45D4F727-43B5-49CD-B474-B9866A8F4FB8}" = Nokia Map Loader
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{4BB1DCED-84D3-47F9-B718-5947E904593E}" = Bison Webcam
"{4D568C38-0552-4CDD-A643-01FAFA2957EF}" = Nokia Software Updater
"{4EF42AFA-60CB-4745-84FF-C744FF7FAAC4}" = calibre
"{6D3245B1-8DB8-4A23-9CD2-2C90F40ABAF6}" = MSVC80_x86_v2
"{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}" = Microsoft Visual C++ 2005 Redistributable
"{73DB9180-4D0C-11DF-A8BB-005056C00008}" = WD Align System Utility 2.0 (Retail) - Powered By Paragon™
"{770657D0-A123-3C07-8E44-1C83EC895118}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
"{78C873AD-946A-4629-92AE-B153FEA8A989}" = locr GPS Photo
"{837b34e3-7c30-493c-8f6a-2b0f04e2912c}" = Microsoft Visual C++ 2005 Redistributable
"{86CE85E6-DBAC-3FFD-B977-E4B79F83C909}" = Microsoft Visual C++ 2008 Redistributable - KB2467174 - x86 9.0.30729.5570
"{8833FFB6-5B0C-4764-81AA-06DFEED9A476}" = Realtek 8169 8168 8101E 8102E Ethernet Driver
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{8EA79DBF-D637-448A-89D6-410A087A4493}" = Samsung_MonSetup
"{8F3C31C5-9C3A-4AA8-8EFA-71290A7AD533}" = TomTom HOME Visual Studio Merge Modules
"{8FC4F1DD-F7FD-4766-804D-3C8FF1D309AF}" = Azurewave Wireless LAN
"{90120000-0020-0407-0000-0000000FF1CE}" = Compatibility Pack für 2007 Office System
"{90260407-6000-11D3-8CFE-0050048383C9}" = Microsoft Office XP Web Components
"{90280407-6000-11D3-8CFE-0050048383C9}" = Microsoft Office XP Professional mit FrontPage
"{9068B2BE-D93A-4C0A-861C-5E35E2C0E09E}" = Intel(R) Matrix Storage Manager
"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
"{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
"{A7D5787B-3A91-4433-A753-CFE520671683}" = Acronis True Image WD Edition
"{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper
"{AC76BA86-7AD7-1031-7B44-A94000000001}" = Adobe Reader 9.4.5 - Deutsch
"{AC76BA86-7AD7-5464-3428-900000000004}" = Spelling Dictionaries Support For Adobe Reader 9
"{C911A0C2-2236-3164-AA47-F2566C01AE5E}" = Microsoft .NET Framework 4 Extended DEU Language Pack
"{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1
"{D0795B21-0CDA-4a92-AB9E-6E92D8111E44}" = SAMSUNG USB Driver for Mobile Phones
"{D4AEC53C-1720-41D9-B6D7-6A60DE62D444}" = PC Connectivity Solution
"{D9461574-5FC0-4641-BBDC-D1038B196F55}" = Brother MFL-Pro Suite MFC-490CW
"{DC24971E-1946-445D-8A82-CE685433FA7D}" = Realtek USB 2.0 Card Reader
"{E239F8B2-AE00-467D-9F05-47C8E1FAAFA7}" = WD Align - Powered by Acronis
"{E28B1E6F-E0AA-4228-AB89-DB4A0C89D426}" = AVerTV
"{E934E2A2-BE3B-4C1A-A3D9-753FFB2B38B4}" = WD Drive Manager (x86)
"{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver
"{F193FC0E-9E18-40FC-A974-509A1BDD240A}" = Samsung New PC Studio
"{F38FD0E4-B991-462B-873D-F2115EADD093}" = Nokia PC Suite
"{F750C986-5310-3A5A-95F8-4EC71C8AC01C}" = Microsoft .NET Framework 4 Client Profile DEU Language Pack
"{FF66E9F6-83E7-3A3E-AF14-8DE9A809A6A4}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022
"504244733D18C8F63FF584AEB290E3904E791693" = Windows-Treiberpaket - Nokia pccsmcfd (08/22/2008 7.0.0.0)
"7-Zip" = 7-Zip 4.65
"Adobe Flash Player ActiveX" = Adobe Flash Player 10 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 10 Plugin
"Adobe SVG Viewer" = Adobe SVG Viewer 3.0
"Aspell English Dictionary_is1" = Aspell English Dictionary-0.50-2
"Aspell German Dictionary_is1" = Aspell German Dictionary-0.50-2
"AVerMedia A827 series driver" = AVerMedia A827 series driver 1.0.0.88
"AVerMedia MCE Encoder x86" = AVerMedia MCE Encoder x86 3.0.1.5
"AVerMedia Media Center Plug-ins" = AVerMedia Media Center Plug-ins 20.09.02.02
"Avira AntiVir Desktop" = Avira AntiVir Premium
"CCleaner" = CCleaner
"Defraggler" = Defraggler
"Digital Editions" = Adobe Digital Editions
"FinePrint" = FinePrint
"GNU Aspell_is1" = GNU Aspell 0.50-3
"InfraRecorder" = InfraRecorder
"InstallShield_{E28B1E6F-E0AA-4228-AB89-DB4A0C89D426}" = AVerTV
"InstallShield_{F193FC0E-9E18-40FC-A974-509A1BDD240A}" = Samsung New PC Studio
"IsoBuster_is1" = IsoBuster 2.0
"Malwarebytes' Anti-Malware_is1" = Malwarebytes' Anti-Malware Version 1.51.1.1800
"MaxPunkte_is1" = MaxPunkte Ver. 6.2.5
"Microsoft .NET Framework 3.5 Language Pack SP1 - deu" = Microsoft .NET Framework 3.5 Language Pack SP1 - DEU
"Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1
"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile
"Microsoft .NET Framework 4 Client Profile DEU Language Pack" = Microsoft .NET Framework 4 Client Profile DEU Language Pack
"Microsoft .NET Framework 4 Extended" = Microsoft .NET Framework 4 Extended
"Microsoft .NET Framework 4 Extended DEU Language Pack" = Microsoft .NET Framework 4 Extended DEU Language Pack
"Mobile Partner" = Mobile Partner
"Mozilla Firefox (3.6.17)" = Mozilla Firefox (3.6.17)
"Nokia PC Suite" = Nokia PC Suite
"Notepad++" = Notepad++
"NVIDIA Drivers" = NVIDIA Drivers
"pdfFactory Pro" = pdfFactory Pro
"PhotoZoom Classic 2" = BenVista PhotoZoom Classic 2.0
"ProInst" = Intel PROSet Wireless
"Recuva" = Recuva
"Send To Toys_is1" = Send To Toys v2.5
"SLABCOMM&10C4&EA60" = Silicon Laboratories CP210x USB to UART Bridge (Driver Removal)
"SnadBoy's Revelation v2" = SnadBoy's Revelation v2
"TomTom HOME" = TomTom HOME 2.8.2.2264
"UltraISO_is1" = UltraISO Premium V9.36
"VLC media player" = VLC media player 1.0.1
"X10Hardware" = X10 Hardware(TM)
========== Last 10 Event Log Errors ==========
[ Application Events ]
Error - 02.09.2011 09:20:56 | Computer Name = comp* | Source = WinMgmt | ID = 10
Description =
Error - 02.09.2011 09:21:13 | Computer Name = comp* | Source = EventSystem | ID = 4609
Description =
Error - 02.09.2011 09:54:36 | Computer Name = comp* | Source = LCSVRHIS | ID = 1
Description =
Error - 02.09.2011 09:54:57 | Computer Name = comp* | Source = Microsoft-Windows-CAPI2 | ID = 131083
Description =
Error - 02.09.2011 09:55:05 | Computer Name = comp* | Source = WinMgmt | ID = 10
Description =
Error - 02.09.2011 09:55:31 | Computer Name = comp* | Source = Windows Search Service | ID = 1006
Description =
Error - 02.09.2011 09:56:37 | Computer Name = comp* | Source = Windows Search Service | ID = 1006
Description =
Error - 02.09.2011 09:58:37 | Computer Name = comp* | Source = Windows Search Service | ID = 1006
Description =
Error - 02.09.2011 09:58:37 | Computer Name = comp* | Source = Windows Search Service | ID = 3026
Description =
Error - 02.09.2011 09:59:29 | Computer Name = comp* | Source = Microsoft-Windows-CAPI2 | ID = 131083
Description =
[ System Events ]
Error - 02.09.2011 09:21:13 | Computer Name = comp* | Source = DCOM | ID = 10005
Description =
Error - 02.09.2011 09:21:15 | Computer Name = comp* | Source = DCOM | ID = 10005
Description =
Error - 02.09.2011 09:55:06 | Computer Name = comp* | Source = Service Control Manager | ID = 7000
Description =
Error - 02.09.2011 09:55:06 | Computer Name = comp* | Source = Service Control Manager | ID = 7026
Description =
Error - 02.09.2011 09:55:55 | Computer Name = comp* | Source = Service Control Manager | ID = 7024
Description =
Error - 02.09.2011 09:55:55 | Computer Name = comp* | Source = Service Control Manager | ID = 7031
Description =
Error - 02.09.2011 09:56:38 | Computer Name = comp* | Source = Service Control Manager | ID = 7024
Description =
Error - 02.09.2011 09:56:38 | Computer Name = comp* | Source = Service Control Manager | ID = 7031
Description =
Error - 02.09.2011 09:58:38 | Computer Name = comp* | Source = Service Control Manager | ID = 7024
Description =
Error - 02.09.2011 09:58:38 | Computer Name = comp* | Source = Service Control Manager | ID = 7034
Description =
< End of report >
[/code] nun CCleaner prg´s Code:
ATTFilter
WD Align System Utility 2.0 (Retail) - Powered By Paragon™ Paragon Software 13.09.2010 43,1MB 90.00.0003
7-Zip 4.65 25.08.2009 4,28MB
Acronis True Image WD Edition Acronis 13.09.2010 118,3MB 13.0.14010
Adobe Digital Editions 29.07.2011 9,42MB
Adobe Flash Player 10 ActiveX Adobe Systems Incorporated 16.06.2011 10.3.181.26
Adobe Flash Player 10 Plugin Adobe Systems Incorporated 12.07.2011 10.3.181.26
Adobe Reader 9.4.5 - Deutsch Adobe Systems Incorporated 12.07.2011 9.4.5
Adobe SVG Viewer 3.0 01.12.2009 3,22MB 3.0
Aspell English Dictionary-0.50-2 GNU 05.10.2010 13,4MB
Aspell German Dictionary-0.50-2 GNU 05.10.2010 13,4MB
AVerMedia A827 series driver 1.0.0.88 AVerMedia TECHNOLOGIES, Inc. 25.08.2009 1,26MB 1.0.0.88
AVerMedia MCE Encoder x86 3.0.1.5 AVerMedia Technologies, Inc. 25.08.2009 0,50MB 3.0.1.5
AVerMedia Media Center Plug-ins 20.09.02.02 AVerMedia TECHNOLOGIES, Inc. 25.08.2009 2,66MB 20.09.02.02
AVerTV AVerMedia Technologies, Inc. 25.08.2009 55,8MB 6.0.18
Avira AntiVir Premium Avira GmbH 11.07.2011 75,6MB 10.2.0.719
Azurewave Wireless LAN RaLink 30.09.2009 2,42MB 1.00.0000
BenVista PhotoZoom Classic 2.0 BenVista Ltd 24.08.2011 6,95MB 2.0
Bison Webcam Bison Webcam 25.08.2009 5,39MB 7.96.701.12a
Brother MFL-Pro Suite MFC-490CW Brother Industries, Ltd. 25.08.2009 9,67MB 1.1.5.0
calibre Kovid Goyal 20.08.2011 119,7MB 0.8.15
CCleaner Piriform 01.09.2011 1,96MB 3.10
Compatibility Pack für 2007 Office System Microsoft Corporation 16.06.2011 12.0.6425.1000
Defraggler Piriform 23.05.2011 2,13MB 2.05
ElsaWin 01.12.2009 8.040MB
FinePrint 25.08.2009
GNU Aspell 0.50-3 GNU 05.10.2010 13,4MB
Google Earth Google 28.09.2010 85,4MB 5.2.1.1588
HP USB Disk Storage Format Tool 28.09.2010 0,61MB
InfraRecorder 08.09.2010 6,27MB
Intel(R) Matrix Storage Manager Intel Corporation 24.08.2009 8,99MB
Intel(R) PROSet/Wireless WiFi Software Intel(R) Corporation 27.09.2009 78,9MB 12.00.0004
IsoBuster 2.0 Smart Projects 14.09.2010 5,51MB 2.0
Java(TM) 6 Update 22 Sun Microsystems, Inc. 19.09.2010 94,5MB 6.0.220
locr GPS Photo locr 20.03.2010 0,41MB 1.2.3
Malwarebytes' Anti-Malware Version 1.51.1.1800 Malwarebytes Corporation 01.09.2011 4,40MB 1.51.1.1800
MaxPunkte Ver. 6.2.5 27.06.2010 10,9MB
Microsoft .NET Framework 3.5 Language Pack SP1 - DEU Microsoft Corporation 25.08.2009 37,0MB
Microsoft .NET Framework 3.5 SP1 Microsoft Corporation 25.08.2009 37,0MB
Microsoft .NET Framework 4 Client Profile Microsoft Corporation 25.06.2010 70,8MB 4.0.30319
Microsoft .NET Framework 4 Client Profile DEU Language Pack Microsoft Corporation 25.06.2010 14,7MB 4.0.30319
Microsoft .NET Framework 4 Extended Microsoft Corporation 24.08.2011 19,4MB 4.0.30319
Microsoft .NET Framework 4 Extended DEU Language Pack Microsoft Corporation 24.08.2011 3,91MB 4.0.30319
Microsoft Office XP Professional mit FrontPage Microsoft Corporation 16.06.2011 10.0.6626.0
Microsoft Office XP Web Components Microsoft Corporation 15.09.2010 10.0.6626.0
Microsoft Silverlight Microsoft Corporation 16.06.2011 4.0.60531.0
Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053 Microsoft Corporation 25.08.2009 0,25MB 8.0.50727.4053
Microsoft Visual C++ 2005 Redistributable Microsoft Corporation 16.06.2011 0,29MB 8.0.59193
Microsoft Visual C++ 2008 ATL Update kb973924 - x86 9.0.30729.4148 Microsoft Corporation 25.08.2009 0,19MB 9.0.30729.4148
Microsoft Visual C++ 2008 Redistributable - KB2467174 - x86 9.0.30729.5570 Microsoft Corporation 16.04.2011 0,58MB 9.0.30729.5570
Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022 Microsoft Corporation 16.09.2010 1,41MB 9.0.21022
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 Microsoft Corporation 24.08.2009 0,58MB 9.0.30729
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 Microsoft Corporation 16.06.2011 0,58MB 9.0.30729.6161
Mobile Partner Huawei Technologies Co.,Ltd 05.01.2011 11.302.09.04.528
Mozilla Firefox (3.6.17) Mozilla 23.05.2011 19,0MB 3.6.17 (de)
MSXML 4.0 SP2 (KB927978) Microsoft Corporation 14.07.2010 34,00KB 4.20.9841.0
MSXML 4.0 SP2 (KB954430) Microsoft Corporation 14.07.2010 34,00KB 4.20.9870.0
MSXML 4.0 SP2 (KB973688) Microsoft Corporation 14.07.2010 1,34MB 4.20.9876.0
MyPoi Manager MyPoi World 04.04.2011 23,5MB 1.6.0.90
Nokia Connectivity Cable Driver Nokia 22.03.2011 3,27MB 7.1.36.0
Nokia Map Loader Nokia 14.07.2010 4,05MB 3.0.28
Nokia PC Suite Nokia 22.03.2011 28,7MB 7.1.60.0
Nokia Software Updater Nokia Corporation 04.08.2011 45,4MB 02.06.006.44298
Notepad++ 05.10.2010 5,85MB 5.8.1
NVIDIA Drivers NVIDIA Corporation 25.08.2009 1.4
PC Connectivity Solution Nokia 22.03.2011 12,9MB 10.50.2.0
pdfFactory Pro 25.08.2009
Realtek 8169 8168 8101E 8102E Ethernet Driver Realtek 25.08.2009 1,67MB 1.00.0000
Realtek High Definition Audio Driver Realtek Semiconductor Corp. 25.08.2009 9,29MB 6.0.1.5730
Realtek USB 2.0 Card Reader Realtek Semiconductor Corp. 25.08.2009 1,50MB 6.0.6000.20111
Recuva Piriform 09.11.2010 1,36MB 1.38
Samsung New PC Studio Samsung Electronics Co., Ltd. 17.03.2011 175,5MB 1.00.0000
SAMSUNG USB Driver for Mobile Phones SAMSUNG Electronics Co., Ltd. 17.03.2011 20,5MB 1.3.650.0
Samsung_MonSetup Samsung 16.09.2010 1,78MB 1.00.0000
Send To Toys v2.5 Gabriele Ponti 12.06.2010 1,13MB
Silicon Laboratories CP210x USB to UART Bridge (Driver Removal) 20.03.2010
SnadBoy's Revelation v2 SnadBoy Software 05.07.2011 0,15MB 2.0.1.100
Spelling Dictionaries Support For Adobe Reader 9 Adobe Systems Incorporated 26.08.2009 29,7MB 9.0.0
TomTom HOME 2.8.2.2264 TomTom 20.06.2011 48,8MB 2.8.2.2264
TomTom HOME Visual Studio Merge Modules TomTom International B.V. 16.08.2010 1,88MB 1.0.2
UltraISO Premium V9.36 28.09.2010 4,43MB
VLC media player 1.0.1 VideoLAN Team 25.08.2009 72,7MB 1.0.1
WD Align - Powered by Acronis Acronis 13.09.2010 47,0MB 1.0.316
WD Drive Manager (x86) Western Digital 25.08.2009 3,99MB 2.103
Windows-Treiberpaket - Nokia pccsmcfd (08/22/2008 7.0.0.0) Nokia 22.03.2011 08/22/2008 7.0.0.0
X10 Hardware(TM) 29.08.2009 32,00KB
Code:
ATTFilter
Datenbank Version: 7637
Windows 6.0.6002 Service Pack 2
Internet Explorer 8.0.6001.19120
02.09.2011 16:59:28
mbam-log-2011-09-02 (16-59-07).txt
Art des Suchlaufs: Quick-Scan
Durchsuchte Objekte: 1079172
Laufzeit: 54 Minute(n), 55 Sekunde(n)
Infizierte Speicherprozesse: 0
Infizierte Speichermodule: 0
Infizierte Registrierungsschlüssel: 1
Infizierte Registrierungswerte: 0
Infizierte Dateiobjekte der Registrierung: 0
Infizierte Verzeichnisse: 0
Infizierte Dateien: 1
Infizierte Speicherprozesse:
(Keine bösartigen Objekte gefunden)
Infizierte Speichermodule:
(Keine bösartigen Objekte gefunden)
Infizierte Registrierungsschlüssel:
HKEY_CURRENT_USER\SOFTWARE\Trymedia Systems (Adware.TryMedia) -> No action taken.
Infizierte Registrierungswerte:
(Keine bösartigen Objekte gefunden)
Infizierte Dateiobjekte der Registrierung:
(Keine bösartigen Objekte gefunden)
Infizierte Verzeichnisse:
(Keine bösartigen Objekte gefunden)
Infizierte Dateien:
c:\Windows\System32\D3DX8ab.dll (Trojan.FakeAlert) -> No action taken.
sch***e hab in Malwarebytes die falsche Taste erwischt, statt Abwahl die Auswahl entfernen....  totalAbsturtz und reboot mit HD- scann... |
|
02.09.2011, 19:47
| #4 |
| /// Helfer-Team | Wie bei Vista nach BKA-Winlock den MBR neu schreiben und freie Blöcke auf HD formatieren? 1. Fixen mit OTL
Code:
ATTFilter :OTL
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2009.12.08 16:56:38 | 000,000,220 | ---- | M] () - L:\Autorun.inf -- [ FAT32 ]
O33 - MountPoints2\{1187e07b-9197-11de-a62f-806e6f6e6963}\Shell - "" = AutoRun
O33 - MountPoints2\{1187e07b-9197-11de-a62f-806e6f6e6963}\Shell\AutoRun\command - "" = F:\autostart.exe
O33 - MountPoints2\{2d05d1e8-11a3-11e0-9ee4-001f16134502}\Shell - "" = AutoRun
O33 - MountPoints2\{2d05d1e8-11a3-11e0-9ee4-001f16134502}\Shell\AutoRun\command - "" = I:\AutoRun.exe
O33 - MountPoints2\{50f358ef-916f-11de-88a6-ed56e7bc07ec}\Shell\AutoRun\command - "" = K:\Setup.exe
O33 - MountPoints2\{98849a3a-1933-11e0-82a8-001e101fb45e}\Shell - "" = AutoRun
O33 - MountPoints2\{98849a3a-1933-11e0-82a8-001e101fb45e}\Shell\AutoRun\command - "" = I:\AutoRun.exe
O33 - MountPoints2\{99ed1136-1dd0-11e0-8f1f-001e101fabdd}\Shell - "" = AutoRun
O33 - MountPoints2\{99ed1136-1dd0-11e0-8f1f-001e101fabdd}\Shell\AutoRun\command - "" = I:\AutoRun.exe
@Alternate Data Stream - 8747 bytes -> D:\Users\ii\Documents\Clubinfo :::::::: zu OLC Bundesliga.eml:OECustomProperty
@Alternate Data Stream - 8711 bytes -> D:\Users\ii\Documents\Clubinfo :::::::: von Dieter.eml:OECustomProperty
@Alternate Data Stream - 8711 bytes -> D:\Users\ii\Documents\Clubinfo :::::::: Stammtisch.eml:OECustomProperty
@Alternate Data Stream - 8673 bytes -> D:\Users\ii\Documents\Re_ Clubinfo :::::::: Stammtisch.eml:OECustomProperty
@Alternate Data Stream - 1287 bytes -> D:\Users\ii\Documents\Offene Rechnung ._. RG_ HM***** - h****@h-*****.com EILT!.eml:OECustomProperty
@Alternate Data Stream - 1287 bytes -> D:\Users\ii\Documents\Offene Rechnung ._. RG_ HM****** - h***@h-*****.com EILT!.eml:OECustomProperty
@Alternate Data Stream - 1263 bytes -> D:\Users\ii\Documents\Re_ looking send to Toy vers. for win98.eml:OECustomProperty
@Alternate Data Stream - 1183 bytes -> D:\Users\ii\Documents\Happy-Load.com MAHNUNG - Ihre RechnungsNr_ HM09-****.eml:OECustomProperty
@Alternate Data Stream - 1175 bytes -> D:\Users\ii\Documents\Daten deines Feedback-Formulars.eml:OECustomProperty
@Alternate Data Stream - 1127 bytes -> D:\Users\ii\Documents\******** in Nymphenburg.eml:OECustomProperty
@Alternate Data Stream - 1075 bytes -> D:\Users\ii\Documents\Formular zur Schadenmeldung, H ***-**** .eml:OECustomProperty
@Alternate Data Stream - 1047 bytes -> D:\Users\ii\Documents\AW_ Empting Kontaktformular BIOS Brennservice.eml:OECustomProperty
:Commands
[purity]
[emptytemp]
2. erneut einen Scan mit OTL:
3. reinige dein System mit Ccleaner:
4.
5. Auch auf USB-Sticks, selbstgebrannten Datenträgern, externen Festplatten und anderen Datenträgern können Viren transportiert werden. Man muss daher durch regelmäßige Prüfungen auf Schäden, die durch Malware ("Worm.Win32.Autorun") verursacht worden sein können, überwacht werden. Hierfür sind ser gut geegnet und empfohlen, die auf dem Speichermedium gesicherten Daten, mit Hilfe des kostenlosen Online Scanners zu prüfen. Schließe jetzt alle externe Datenträgeran (USB Sticks etc) Deinen Rechner an, dabei die Hochstell-Taste [Shift-Taste] gedrückt halten, damit die Autorun-Funktion nicht ausgeführt wird. (So verhindest Du die Ausführung der AUTORUN-Funktion) - Man kann die AUTORUN-Funktion aber auch generell abschalten.►Anleitung -> Führe dann einen Komplett-Systemcheck mit Eset Online Scanner (NOD32)Kostenlose Online Scanner durch Achtung!: >>Du sollst nicht die Antivirus-Sicherheitssoftware installieren, sondern dein System nur online scannen<< ► Wie ist den aktuellen Zustand des Rechners? Auffälligkeiten, Probleme?
__________________ Warnung!: Vorsicht beim Rechnungen per Email mit ZIP-Datei als Anhang! Kann mit einen Verschlüsselungs-Trojaner infiziert sein! Anhang nicht öffnen, in unserem Forum erst nachfragen! Sichere regelmäßig deine Daten, auf CD/DVD, USB-Sticks oder externe Festplatten, am besten 2x an verschiedenen Orten! Bitte diese Warnung weitergeben, wo Du nur kannst! |
|
03.09.2011, 09:33
| #5 | |
| | Wie bei Vista nach BKA-Winlock den MBR neu schreiben und freie Blöcke auf HD formatieren?Zitat:
Ingesamt lahmt Vista sehr, auch im abgesicherten Modus ohne Netzwerk, auch nach Wiederherstellung (läuft etwa besser als davor), Malwarebytes startet, aber hängt. (Bei allen Aktionen war Netzkabel abgesteckt) Muß bei dem Otl-Script erst wieder User(ii) etc. (: (***) auf Original ändern, oder?  Bis So. Abend ist erst mal PC- Pause bei mir. Dann kommt auch Ergebnis Protokoll. Und  fürs Erste.Grüsse... |
|
04.09.2011, 02:48
| #6 |
| /// Helfer-Team | Wie bei Vista nach BKA-Winlock den MBR neu schreiben und freie Blöcke auf HD formatieren? erneut einen Scan mit OTL:
__________________ --> Wie bei Vista nach BKA-Winlock den MBR neu schreiben und freie Blöcke auf HD formatieren? |
|
06.09.2011, 09:01
| #7 |
| | Wie bei Vista nach BKA-Winlock den MBR neu schreiben und freie Blöcke auf HD formatieren? hier der neue OTL.txt OTL Logfile: Code:
ATTFilter OTL logfile created on: 06.09.2011 08:48:29 - Run 1 OTL by OldTimer - Version 3.2.27.0 Folder = D:\Users\**\Desktop Windows Vista Home Premium Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation Internet Explorer (Version = 8.0.6001.19120) Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy 2,99 Gb Total Physical Memory | 1,18 Gb Available Physical Memory | 39,51% Memory free 13,17 Gb Paging File | 11,30 Gb Available in Paging File | 85,80% Paging File free Paging file location(s): [Binary data over 100 bytes] %SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files Drive C: | 107,42 Gb Total Space | 39,39 Gb Free Space | 36,67% Space Free | Partition Type: NTFS Drive D: | 165,87 Gb Total Space | 98,34 Gb Free Space | 59,29% Space Free | Partition Type: NTFS Drive E: | 20,00 Gb Total Space | 13,42 Gb Free Space | 67,12% Space Free | Partition Type: FAT32 Drive Z: | 1023,00 Mb Total Space | 510,62 Mb Free Space | 49,91% Space Free | Partition Type: FAT32 Computer Name: LAPTOP | User Name: ** | Logged in as Administrator. Boot Mode: Normal | Scan Mode: All users Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days ========== Processes (SafeList) ========== PRC - [2011.09.06 08:39:24 | 000,581,120 | ---- | M] (OldTimer Tools) -- D:\Users\**\Desktop\OTL.exe PRC - [2011.07.12 03:57:05 | 000,428,200 | ---- | M] (Avira GmbH) -- C:\Programme\Avira\AntiVir Desktop\avwebgrd.exe PRC - [2011.07.12 03:57:05 | 000,269,480 | ---- | M] (Avira GmbH) -- C:\Programme\Avira\AntiVir Desktop\avguard.exe PRC - [2011.05.24 09:41:11 | 000,912,344 | ---- | M] (Mozilla Corporation) -- C:\Programme\Mozilla Firefox\firefox.exe PRC - [2011.05.15 16:14:10 | 000,136,360 | ---- | M] (Avira GmbH) -- C:\Programme\Avira\AntiVir Desktop\sched.exe PRC - [2011.04.22 14:21:10 | 000,092,592 | ---- | M] (TomTom) -- D:\TomTomHOME2\TomTomHOMEService.exe PRC - [2011.03.10 16:34:47 | 000,281,768 | ---- | M] (Avira GmbH) -- C:\Programme\Avira\AntiVir Desktop\avgnt.exe PRC - [2010.07.04 20:07:40 | 000,238,952 | ---- | M] (Teruten) -- C:\Windows\System32\FsUsbExService.Exe PRC - [2010.04.30 12:16:05 | 000,076,968 | ---- | M] (Avira GmbH) -- C:\Programme\Avira\AntiVir Desktop\avshadow.exe PRC - [2009.04.11 08:28:10 | 000,019,968 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\inetsrv\w3wp.exe PRC - [2009.04.11 08:27:36 | 002,926,592 | ---- | M] (Microsoft Corporation) -- C:\Windows\explorer.exe PRC - [2008.11.03 14:14:12 | 000,217,088 | ---- | M] () -- C:\Programme\BisonCam\BsMnt.exe PRC - [2008.10.29 16:20:34 | 000,070,656 | ---- | M] () -- C:\Programme\Realtek Semiconductor Corp\Realtek USB 2.0 Card Reader\reset.exe PRC - [2008.05.16 17:12:44 | 000,102,400 | ---- | M] (WDC) -- C:\Programme\Western Digital\WD Drive Manager\WDBtnMgrSvc.exe PRC - [2008.05.16 17:12:08 | 000,430,080 | ---- | M] (WDC) -- C:\Programme\Western Digital\WD Drive Manager\WDBtnMgrUI.exe PRC - [2008.04.30 19:41:12 | 000,815,104 | ---- | M] (Intel(R) Corporation) -- C:\Programme\Intel\WiFi\bin\EvtEng.exe PRC - [2008.04.30 19:10:10 | 000,466,944 | ---- | M] (Intel(R) Corporation) -- C:\Programme\Common Files\Intel\WirelessCommon\RegSrvc.exe PRC - [2008.04.15 17:54:42 | 000,354,840 | ---- | M] (Intel Corporation) -- C:\Programme\Intel\Intel Matrix Storage Manager\IAANTmon.exe PRC - [2008.04.15 17:54:40 | 000,178,712 | ---- | M] (Intel Corporation) -- C:\Programme\Intel\Intel Matrix Storage Manager\IAAnotif.exe PRC - [2008.01.21 04:25:33 | 000,896,512 | ---- | M] (Microsoft Corporation) -- C:\Programme\Windows Media Player\wmpnetwk.exe PRC - [2008.01.21 04:25:33 | 000,202,240 | ---- | M] (Microsoft Corporation) -- C:\Programme\Windows Media Player\wmpnscfg.exe PRC - [2008.01.21 04:23:32 | 001,008,184 | ---- | M] (Microsoft Corporation) -- C:\Programme\Windows Defender\MSASCui.exe ========== Modules (No Company Name) ========== MOD - [2011.07.13 10:30:55 | 006,271,136 | ---- | M] () -- C:\Windows\System32\Macromed\Flash\NPSWF32.dll MOD - [2011.05.24 09:41:12 | 001,014,232 | ---- | M] () -- C:\Programme\Mozilla Firefox\js3250.dll MOD - [2010.09.23 02:48:44 | 001,060,864 | ---- | M] () -- C:\Programme\Adobe\Reader 9.0\Reader\plug_ins\PPKLITE.DEU MOD - [2009.12.22 00:57:32 | 007,573,504 | ---- | M] () -- c:\Programme\Adobe\Reader 9.0\Reader\RdLang32.DEU MOD - [2009.11.04 02:14:04 | 000,054,272 | ---- | M] () -- C:\Programme\Notepad++\NppShell_01.dll MOD - [2009.10.03 02:48:16 | 000,106,496 | ---- | M] () -- C:\Programme\Adobe\Reader 9.0\Reader\plug_ins\Escript.deu MOD - [2009.10.03 02:45:02 | 000,012,288 | ---- | M] () -- C:\Programme\Adobe\Reader 9.0\Reader\plug_ins\updater.DEU MOD - [2009.02.27 17:40:12 | 001,712,128 | ---- | M] () -- C:\Programme\Adobe\Reader 9.0\Reader\plug_ins\Annots.DEU MOD - [2009.02.27 17:40:10 | 000,274,432 | ---- | M] () -- C:\Programme\Adobe\Reader 9.0\Reader\plug_ins\DigSig.DEU MOD - [2009.02.27 17:39:46 | 000,999,424 | ---- | M] () -- C:\Programme\Adobe\Reader 9.0\Reader\plug_ins\Acroform.DEU MOD - [2009.02.27 13:52:56 | 000,258,048 | ---- | M] () -- C:\Programme\Adobe\Reader 9.0\Reader\sqlite.dll MOD - [2008.11.03 14:14:12 | 000,217,088 | ---- | M] () -- C:\Programme\BisonCam\BsMnt.exe MOD - [2007.11.16 16:02:18 | 000,479,232 | R--- | M] () -- C:\Programme\Adobe\Reader 9.0\Reader\ccme_base.dll MOD - [2007.11.16 16:02:18 | 000,401,408 | R--- | M] () -- C:\Programme\Adobe\Reader 9.0\Reader\cryptocme2.dll ========== Win32 Services (SafeList) ========== SRV - [2011.07.12 03:57:05 | 000,428,200 | ---- | M] (Avira GmbH) [Auto | Running] -- C:\Program Files\Avira\AntiVir Desktop\AVWEBGRD.EXE -- (AntiVirWebService) SRV - [2011.07.12 03:57:05 | 000,340,136 | ---- | M] (Avira GmbH) [Disabled | Stopped] -- C:\Program Files\Avira\AntiVir Desktop\avmailc.exe -- (AntiVirMailService) SRV - [2011.07.12 03:57:05 | 000,269,480 | ---- | M] (Avira GmbH) [Auto | Running] -- C:\Program Files\Avira\AntiVir Desktop\avguard.exe -- (AntiVirService) SRV - [2011.05.15 16:14:10 | 000,136,360 | ---- | M] (Avira GmbH) [Auto | Running] -- C:\Program Files\Avira\AntiVir Desktop\sched.exe -- (AntiVirSchedulerService) SRV - [2011.04.22 14:21:10 | 000,092,592 | ---- | M] (TomTom) [Auto | Running] -- D:\TomTomHOME2\TomTomHOMEService.exe -- (TomTomHOMEService) SRV - [2010.12.08 15:31:06 | 000,628,736 | ---- | M] (Nokia) [On_Demand | Stopped] -- C:\Program Files\PC Connectivity Solution\ServiceLayer.exe -- (ServiceLayer) SRV - [2010.08.19 10:52:04 | 000,229,376 | ---- | M] () [Disabled | Stopped] -- C:\ProgramData\DatacardService\DCService.exe -- (DCService.exe) SRV - [2010.07.04 20:07:40 | 000,238,952 | ---- | M] (Teruten) [Auto | Running] -- C:\Windows\System32\FsUsbExService.Exe -- (FsUsbExService) SRV - [2010.06.07 17:48:38 | 000,817,264 | ---- | M] (Acronis) [Disabled | Stopped] -- C:\Program Files\Common Files\Acronis\Schedule2\schedul2.exe -- (AcrSch2Svc) SRV - [2010.04.21 19:46:17 | 000,373,760 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Windows\System32\inetsrv\iisw3adm.dll -- (WAS) SRV - [2010.04.21 19:46:17 | 000,373,760 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\System32\inetsrv\iisw3adm.dll -- (W3SVC) SRV - [2009.04.11 08:28:17 | 000,052,224 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\System32\inetsrv\apphostsvc.dll -- (AppHostSvc) SRV - [2008.12.10 02:01:50 | 000,405,504 | ---- | M] () [Disabled | Stopped] -- C:\Programme\Common Files\AVerMedia\Service\AVerScheduleService.exe -- (AVerScheduleService) SRV - [2008.10.29 16:20:34 | 000,070,656 | ---- | M] () [Auto | Running] -- C:\Program Files\Realtek Semiconductor Corp\Realtek USB 2.0 Card Reader\reset.exe -- (resetWinService) SRV - [2008.10.22 04:51:04 | 000,352,256 | ---- | M] (AVerMedia) [Disabled | Stopped] -- C:\Programme\Common Files\AVerMedia\Service\AVerRemote.exe -- (AVerRemote) SRV - [2008.09.06 01:05:26 | 000,147,456 | ---- | M] (Volkswagen AG) [Disabled | Stopped] -- d:\ElsaWin\bin\LcSvrAdm.exe -- (LcSvrAdm) SRV - [2008.09.06 01:03:06 | 000,217,088 | ---- | M] (Volkswagen AG) [Disabled | Stopped] -- d:\ElsaWin\bin\LcSvrHis.exe -- (LcSvrHis) SRV - [2008.09.06 01:02:10 | 000,258,048 | ---- | M] (Volkswagen AG) [Disabled | Stopped] -- d:\ElsaWin\bin\LcSvrSaz.exe -- (LcSvrSaz) SRV - [2008.09.06 01:01:26 | 001,306,624 | ---- | M] (Volkswagen AG) [Disabled | Stopped] -- d:\ElsaWin\bin\LcSvrAuf.exe -- (LcSvrAuf) SRV - [2008.09.06 00:57:04 | 000,368,640 | ---- | M] (Volkswagen AG) [Disabled | Stopped] -- d:\ElsaWin\bin\LcSvrPas.exe -- (LcSvrPAS) SRV - [2008.09.06 00:56:36 | 000,241,664 | ---- | M] (Volkswagen AG) [Disabled | Stopped] -- d:\ElsaWin\bin\LcSvrDba.exe -- (LcSvrDba) SRV - [2008.05.16 17:12:44 | 000,102,400 | ---- | M] (WDC) [Auto | Running] -- C:\Program Files\Western Digital\WD Drive Manager\WDBtnMgrSvc.exe -- (WDBtnMgrSvc.exe) SRV - [2008.04.30 19:41:12 | 000,815,104 | ---- | M] (Intel(R) Corporation) [Auto | Running] -- C:\Programme\Intel\WiFi\bin\EvtEng.exe -- (EvtEng) SRV - [2008.04.30 19:10:10 | 000,466,944 | ---- | M] (Intel(R) Corporation) [Auto | Running] -- C:\Programme\Common Files\Intel\WirelessCommon\RegSrvc.exe -- (RegSrvc) SRV - [2008.04.15 17:54:42 | 000,354,840 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Programme\Intel\Intel Matrix Storage Manager\IAANTmon.exe -- (IAANTMON) Intel(R) SRV - [2008.01.21 04:25:27 | 000,035,328 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\System32\lpdsvc.dll -- (LPDSVC) SRV - [2008.01.21 04:23:32 | 000,272,952 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Programme\Windows Defender\MpSvc.dll -- (WinDefend) SRV - [2006.11.02 14:36:18 | 000,029,696 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\System32\iprip.dll -- (iprip) ========== Driver Services (SafeList) ========== DRV - [2011.07.12 03:57:06 | 000,138,192 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\Windows\System32\drivers\avipbb.sys -- (avipbb) DRV - [2011.07.12 03:57:06 | 000,066,616 | ---- | M] (Avira GmbH) [File_System | Auto | Running] -- C:\Windows\System32\drivers\avgntflt.sys -- (avgntflt) DRV - [2010.09.14 19:28:38 | 000,594,208 | ---- | M] (Acronis) [Kernel | Boot | Running] -- C:\Windows\system32\DRIVERS\timntr.sys -- (timounter) DRV - [2010.09.14 19:28:26 | 000,170,272 | ---- | M] (Acronis) [Kernel | Boot | Running] -- C:\Windows\system32\DRIVERS\snapman.sys -- (snapman) DRV - [2010.08.27 14:53:46 | 000,116,736 | ---- | M] (Huawei Technologies Co., Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\ewusbnet.sys -- (ewusbnet) DRV - [2010.08.07 18:48:42 | 000,106,880 | ---- | M] (Huawei Technologies Co., Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\ewusbmdm.sys -- (hwdatacard) DRV - [2010.07.30 15:16:46 | 000,008,192 | ---- | M] (Nokia) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\usbser_lowerfltj.sys -- (UsbserFilt) DRV - [2010.07.30 15:16:44 | 000,008,192 | ---- | M] (Nokia) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\usbser_lowerflt.sys -- (upperdev) DRV - [2010.07.30 15:16:42 | 000,023,040 | ---- | M] (Nokia) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\ccdcmbo.sys -- (nmwcdc) DRV - [2010.07.30 15:16:38 | 000,018,048 | ---- | M] (Nokia) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\ccdcmb.sys -- (nmwcd) DRV - [2010.07.27 16:25:48 | 000,072,832 | ---- | M] (Huawei Technologies Co., Ltd.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\ew_jubusenum.sys -- (huawei_enumerator) DRV - [2010.07.27 10:52:02 | 000,102,784 | ---- | M] (Huawei Technologies Co., Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\ew_hwusbdev.sys -- (ew_hwusbdev) DRV - [2010.07.26 13:24:46 | 000,137,600 | ---- | M] (Nokia) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\nmwcdnsu.sys -- (nmwcdnsu) DRV - [2010.07.26 13:24:42 | 000,008,576 | ---- | M] (Nokia) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\nmwcdnsuc.sys -- (nmwcdnsuc) DRV - [2010.06.23 10:21:32 | 000,259,176 | ---- | M] (Realtek ) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\Rtlh86.sys -- (RTL8169) DRV - [2010.06.14 10:32:54 | 000,036,608 | ---- | M] () [Kernel | On_Demand | Running] -- C:\Windows\System32\FsUsbExDisk.Sys -- (FsUsbExDisk) DRV - [2010.04.27 04:25:12 | 000,123,776 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\ss_mdm.sys -- (ss_mdm) DRV - [2010.04.27 04:25:12 | 000,098,560 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\ss_bus.sys -- (ss_bus) SAMSUNG Mobile USB Device 1.0 driver (WDM) DRV - [2010.04.27 04:25:12 | 000,014,848 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\ss_mdfl.sys -- (ss_mdfl) DRV - [2010.01.29 11:40:04 | 000,082,320 | ---- | M] (EZB Systems, Inc.) [File_System | System | Running] -- C:\Programme\UltraISO\drivers\ISODrive.sys -- (ISODrive) DRV - [2009.07.01 23:29:00 | 009,786,752 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\nvlddmkm.sys -- (nvlddmkm) DRV - [2009.06.26 15:55:12 | 000,066,080 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\nvhda32v.sys -- (NVHDA) DRV - [2009.06.17 14:02:46 | 000,029,192 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\btnetBus.sys -- (btnetBUs) DRV - [2009.05.11 10:12:20 | 000,028,520 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\Windows\System32\drivers\ssmdrv.sys -- (ssmdrv) DRV - [2009.05.07 17:22:20 | 000,042,496 | ---- | M] (Sentelic Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\fspad_wlh32.sys -- (fspad_wlh32) DRV - [2009.04.11 06:45:24 | 000,113,664 | ---- | M] (Microsoft Corporation) [Kernel | Auto | Running] -- C:\Windows\System32\drivers\rmcast.sys -- (RMCAST) RMCAST (Pgm) DRV - [2009.02.13 12:35:01 | 000,011,608 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\Programme\Avira\AntiVir Desktop\avgio.sys -- (avgio) DRV - [2008.12.04 19:13:08 | 001,461,032 | ---- | M] (Bison Electronics. Inc. ) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\BisonC07.sys -- (Cam5607) DRV - [2008.11.12 17:24:24 | 000,012,288 | ---- | M] (gavotte) [Kernel | Boot | Running] -- C:\Windows\system32\DRIVERS\rramdisk.sys -- (RRamdisk) DRV - [2008.09.30 04:29:32 | 000,272,640 | ---- | M] (AVerMedia TECHNOLOGIES, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\AVerFx2hbtv.sys -- (AVerFx2hbtv) DRV - [2008.08.26 10:26:12 | 000,018,816 | ---- | M] (Nokia) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\pccsmcfd.sys -- (pccsmcfd) DRV - [2008.04.28 06:29:26 | 003,658,752 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\NETw5v32.sys -- (NETw5v32) Intel(R) DRV - [2007.03.01 12:12:16 | 000,075,776 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\slabser.sys -- (slabser) DRV - [2007.03.01 12:12:16 | 000,058,368 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\slabbus.sys -- (slabbus) CP210x USB Composite Device driver (WDM) DRV - [2007.01.04 11:15:08 | 000,009,336 | ---- | M] (hxxp://www.internals.com) [Kernel | On_Demand | Running] -- C:\Windows\System32\WinIo.sys -- (WINIO) DRV - [2006.11.17 10:31:04 | 000,013,976 | ---- | M] (X10 Wireless Technology, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\x10hid.sys -- (X10Hid) DRV - [2006.11.02 09:30:56 | 000,429,056 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\nvm60x32.sys -- (NVENETFD) DRV - [2006.11.02 09:30:56 | 000,311,808 | ---- | M] (Realtek) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\RTL85n86.sys -- (RTL85n86) DRV - [2005.07.28 09:18:40 | 000,685,056 | ---- | M] (Aladdin Knowledge Systems Ltd.) [Kernel | Auto | Running] -- C:\Windows\System32\drivers\hardlock.sys -- (Hardlock) ========== Standard Registry (SafeList) ========== ========== Internet Explorer ========== IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 IE - HKU\S-1-5-19\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 IE - HKU\S-1-5-20\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 IE - HKU\S-1-5-21-1132503739-529802008-4276434138-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.web.de/ IE - HKU\S-1-5-21-1132503739-529802008-4276434138-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = hxxp://de.msn.com/?ocid=iehp IE - HKU\S-1-5-21-1132503739-529802008-4276434138-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = de IE - HKU\S-1-5-21-1132503739-529802008-4276434138-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 4D CC EF 8E 5E 6C CC 01 [binary data] IE - HKU\S-1-5-21-1132503739-529802008-4276434138-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 ========== FireFox ========== FF - prefs.js..browser.startup.homepage: "hxxp://web.de/" FF - prefs.js..extensions.enabledItems: {d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}:1.3.9 FF - prefs.js..extensions.enabledItems: {ea627165-1724-4db5-ccde-fdc12f45452e}:2.1 FF - prefs.js..extensions.enabledItems: {ca0849e8-2c76-42ae-9abe-34e14d337acf}:1.94 FF - prefs.js..extensions.enabledItems: {D4DD63FA-01E4-46a7-B6B1-EDAB7D6AD389}:0.9.8 FF - prefs.js..extensions.enabledItems: {b9db16a4-6edc-47ec-a1f4-b86292ed211d}:4.9.4 FF - prefs.js..extensions.enabledItems: globefish@projects.6831.courses.csail.mit.edu:1.3.2 FF - prefs.js..extensions.enabledItems: {dc572301-7619-498c-a57d-39143191b318}:0.3.8.6 FF - prefs.js..extensions.enabledItems: foxmarks@kei.com:4.0.1 FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}:6.0.20 FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}:6.0.22 FF - prefs.js..extensions.enabledItems: {e4a8a97b-f2ed-450b-b12d-ee082ba24781}:0.9.7 FF - prefs.js..extensions.enabledItems: bkmrksync@nokia.com:1.0.0.736 FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF32.dll () FF - HKLM\Software\MozillaPlugins\@Google.com/GoogleEarthPlugin: C:\Program Files\Google\Google Earth\plugin\npgeplugin.dll (Google) FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files\Java\jre6\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.) FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: C:\Program Files\Microsoft Silverlight\4.0.60531.0\npctrl.dll ( Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: C:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=8: C:\Program Files\Google\Update\1.2.183.39\npGoogleOneClick8.dll (Google Inc.) FF - HKLM\Software\MozillaPlugins\@videolan.org/vlc,version=1.0.1: C:\Program Files\VideoLAN\VLC\npvlc.dll (the VideoLAN Team) FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files\Adobe\Reader 9.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.) FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\bkmrksync@nokia.com: C:\Program Files\Nokia\Nokia PC Suite 7\bkmrksync\ [2011.03.23 17:59:16 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 3.6.17\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2011.05.24 09:41:19 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 3.6.17\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2011.07.13 10:27:35 | 000,000,000 | ---D | M] [2010.11.04 00:49:14 | 000,000,000 | ---D | M] (No name found) -- C:\Users\**\AppData\Roaming\mozilla\Extensions [2010.11.04 00:49:14 | 000,000,000 | ---D | M] (No name found) -- C:\Users\**\AppData\Roaming\mozilla\Extensions\{3550f703-e582-4d05-9a08-453d09bdfdc6} [2010.08.18 17:33:20 | 000,000,000 | ---D | M] (No name found) -- C:\Users\**\AppData\Roaming\mozilla\Extensions\home2@tomtom.com [2011.09.06 08:35:09 | 000,000,000 | ---D | M] (No name found) -- C:\Users\**\AppData\Roaming\mozilla\Firefox\Profiles\uh68ydbz.default\extensions [2011.08.20 21:09:37 | 000,000,000 | ---D | M] (Flagfox) -- C:\Users\**\AppData\Roaming\mozilla\Firefox\Profiles\uh68ydbz.default\extensions\{1018e4d6-728f-4b20-ad56-37578a4de76b} [2011.03.24 02:27:42 | 000,000,000 | ---D | M] (Firefox Sync) -- C:\Users\**\AppData\Roaming\mozilla\Firefox\Profiles\uh68ydbz.default\extensions\{340c2bbc-ce74-4362-90b5-7c26312808ef} [2011.08.20 21:10:01 | 000,000,000 | ---D | M] (DownloadHelper) -- C:\Users\**\AppData\Roaming\mozilla\Firefox\Profiles\uh68ydbz.default\extensions\{b9db16a4-6edc-47ec-a1f4-b86292ed211d} [2011.04.27 22:53:23 | 000,000,000 | ---D | M] ("BabelFish") -- C:\Users\**\AppData\Roaming\mozilla\Firefox\Profiles\uh68ydbz.default\extensions\{ca0849e8-2c76-42ae-9abe-34e14d337acf} [2011.08.20 21:11:03 | 000,000,000 | ---D | M] (Adblock Plus) -- C:\Users\**\AppData\Roaming\mozilla\Firefox\Profiles\uh68ydbz.default\extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d} [2011.03.24 02:27:36 | 000,000,000 | ---D | M] (Download Statusbar) -- C:\Users\**\AppData\Roaming\mozilla\Firefox\Profiles\uh68ydbz.default\extensions\{D4DD63FA-01E4-46a7-B6B1-EDAB7D6AD389} [2011.05.24 12:44:04 | 000,000,000 | ---D | M] (No name found) -- C:\Users\**\AppData\Roaming\mozilla\Firefox\Profiles\uh68ydbz.default\extensions\{dc572301-7619-498c-a57d-39143191b318} [2011.08.20 21:09:36 | 000,000,000 | ---D | M] (Greasemonkey) -- C:\Users\**\AppData\Roaming\mozilla\Firefox\Profiles\uh68ydbz.default\extensions\{e4a8a97b-f2ed-450b-b12d-ee082ba24781} [2010.08.10 08:53:29 | 000,000,000 | ---D | M] ("AskForSanitize") -- C:\Users\**\AppData\Roaming\mozilla\Firefox\Profiles\uh68ydbz.default\extensions\{ea627165-1724-4db5-ccde-fdc12f45452e} [2011.08.20 21:09:52 | 000,000,000 | ---D | M] (FoxTab) -- C:\Users\**\AppData\Roaming\mozilla\Firefox\Profiles\uh68ydbz.default\extensions\{ef4e370e-d9f0-4e00-b93e-a4f274cfdd5a} [2011.08.20 21:10:51 | 000,000,000 | ---D | M] ("Xmarks") -- C:\Users\**\AppData\Roaming\mozilla\Firefox\Profiles\uh68ydbz.default\extensions\foxmarks@kei.com [2011.03.24 02:27:39 | 000,000,000 | ---D | M] (Globefish) -- C:\Users\**\AppData\Roaming\mozilla\Firefox\Profiles\uh68ydbz.default\extensions\globefish@projects.6831.courses.csail.mit.edu [2011.05.24 12:44:04 | 000,000,000 | ---D | M] (No name found) -- C:\Users\**\AppData\Roaming\mozilla\Firefox\Profiles\uh68ydbz.default\extensions\{dc572301-7619-498c-a57d-39143191b318}\modules\extensions [2011.09.06 08:35:09 | 000,000,000 | ---D | M] (No name found) -- C:\Programme\Mozilla Firefox\extensions [2010.09.20 15:38:52 | 000,000,000 | ---D | M] (Java Console) -- C:\Programme\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA} [2010.11.23 22:17:44 | 000,000,000 | ---D | M] (Java Console) -- C:\Programme\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA} [2010.09.20 15:38:52 | 000,000,000 | ---D | M] (Java Console) -- C:\PROGRAM FILES\MOZILLA FIREFOX\EXTENSIONS\{CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA} [2010.11.23 22:17:44 | 000,000,000 | ---D | M] (Java Console) -- C:\PROGRAM FILES\MOZILLA FIREFOX\EXTENSIONS\{CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA} [2011.03.23 17:59:16 | 000,000,000 | ---D | M] (PC Sync 2 Synchronisation Extension) -- C:\PROGRAM FILES\NOKIA\NOKIA PC SUITE 7\BKMRKSYNC [2009.08.26 21:05:55 | 000,000,000 | ---D | M] (Microsoft .NET Framework Assistant) -- C:\WINDOWS\MICROSOFT.NET\FRAMEWORK\V3.5\WINDOWS PRESENTATION FOUNDATION\DOTNETASSISTANTEXTENSION [2010.09.15 05:50:38 | 000,472,808 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\mozilla firefox\plugins\npdeployJava1.dll [2011.05.24 09:41:16 | 000,001,392 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\amazondotcom-de.xml [2011.05.24 09:41:16 | 000,002,344 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\eBay-de.xml [2011.05.24 09:41:16 | 000,006,805 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\leo_ende_de.xml [2011.05.24 09:41:16 | 000,001,178 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\wikipedia-de.xml [2011.05.24 09:41:16 | 000,001,105 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\yahoo-de.xml O1 HOSTS File: ([2006.09.18 23:41:30 | 000,000,761 | ---- | M]) - C:\Windows\System32\drivers\etc\hosts O1 - Hosts: 127.0.0.1 localhost O1 - Hosts: ::1 localhost O4 - HKLM..\Run: [avgnt] C:\Program Files\Avira\AntiVir Desktop\avgnt.exe (Avira GmbH) O4 - HKLM..\Run: [BsMnt] C:\Programme\BisonCam\BsMnt.exe () O4 - HKLM..\Run: [IAAnotif] C:\Programme\Intel\Intel Matrix Storage Manager\IAAnotif.exe (Intel Corporation) O4 - HKLM..\Run: [NPSStartup] File not found O4 - HKLM..\Run: [NvCplDaemon] C:\Windows\System32\NvCpl.dll (NVIDIA Corporation) O4 - HKLM..\Run: [pdfFactory Pro Dispatcher v3] C:\Windows\System32\spool\DRIVERS\W32X86\3\fppdis3a.exe (FinePrint Software, LLC) O4 - HKLM..\Run: [WD Drive Manager] C:\Programme\Western Digital\WD Drive Manager\WDBtnMgrUI.exe (WDC) O4 - HKLM..\Run: [Windows Defender] C:\Program Files\Windows Defender\MSASCui.exe (Microsoft Corporation) O4 - HKU\S-1-5-19..\Run: [WindowsWelcomeCenter] C:\Windows\System32\oobefldr.dll (Microsoft Corporation) O4 - HKU\S-1-5-20..\Run: [WindowsWelcomeCenter] C:\Windows\System32\oobefldr.dll (Microsoft Corporation) O4 - HKU\S-1-5-21-1132503739-529802008-4276434138-1000..\RunOnce: [FlashPlayerUpdate] C:\Windows\System32\Macromed\Flash\FlashUtil10t_ActiveX.exe (Adobe Systems, Inc.) O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 0 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableLUA = 0 O8 - Extra context menu item: Nach Microsoft &Excel exportieren - C:\Programme\MicrosoftOffice\Office10\EXCEL.EXE (Microsoft Corporation) O10 - Protocol_Catalog9\Catalog_Entries\000000000001 - C:\Program Files\Avira\AntiVir Desktop\avsda.dll (Avira GmbH) O10 - Protocol_Catalog9\Catalog_Entries\000000000002 - C:\Program Files\Avira\AntiVir Desktop\avsda.dll (Avira GmbH) O10 - Protocol_Catalog9\Catalog_Entries\000000000013 - C:\Program Files\Avira\AntiVir Desktop\avsda.dll (Avira GmbH) O13 - gopher Prefix: missing O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab (Java Plug-in 1.6.0_22) O16 - DPF: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab (Java Plug-in 1.6.0_22) O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab (Java Plug-in 1.6.0_22) O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab (Reg Error: Key error.) O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.1 O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{4D02D8C6-CFC3-4A9A-9BB7-F7C85C480323}: DhcpNameServer = 192.168.1.1 O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{4D02D8C6-CFC3-4A9A-9BB7-F7C85C480323}: Domain = HAUS O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{4D02D8C6-CFC3-4A9A-9BB7-F7C85C480323}: NameServer = 192.168.1.1 O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{7DDA3770-E50B-4865-85B0-ABE9D1F84006}: DhcpNameServer = 192.168.1.1 O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{7DDA3770-E50B-4865-85B0-ABE9D1F84006}: NameServer = 192.168.1.1 O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{9EE0A647-B058-4D3A-8150-5D95B3474696}: DhcpNameServer = 193.189.244.225 193.189.244.206 O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{CF3540EE-94F0-4C8C-A2FD-34CC2A420F61}: DhcpNameServer = 193.189.244.225 193.189.244.206 O18 - Protocol\Handler\http\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation) O18 - Protocol\Handler\http\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation) O18 - Protocol\Handler\https\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation) O18 - Protocol\Handler\https\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation) O18 - Protocol\Handler\msdaipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation) O18 - Protocol\Handler\msdaipp\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation) O18 - Protocol\Handler\ms-itss {0A9007C0-4076-11D3-8789-0000F8105754} - C:\Programme\Common Files\microsoft shared\Information Retrieval\MSITSS.DLL (Microsoft Corporation) O18 - Protocol\Handler\mso-offdap {3D9F03FA-7A94-11D3-BE81-0050048385D1} - C:\Programme\Common Files\microsoft shared\Web Components\10\OWC10.DLL (Microsoft Corporation) O18 - Protocol\Handler\vw-wi {0F3C833F-FB28-40EA-8CB9-6A55B996C3F6} - d:\ElsaWin\bin\wiprot.dll (TODO: <Company name>) O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation) O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\System32\userinit.exe (Microsoft Corporation) O24 - Desktop WallPaper: D:\Users\**\Pictures\57260046-gleitschirmflieger.jpg O24 - Desktop BackupWallPaper: D:\Users\**\Pictures\57260046-gleitschirmflieger.jpg O32 - HKLM CDRom: AutoRun - 1 O32 - AutoRun File - [2006.09.18 23:43:36 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ] O33 - MountPoints2\{1187e07b-9197-11de-a62f-806e6f6e6963}\Shell - "" = AutoRun O33 - MountPoints2\{1187e07b-9197-11de-a62f-806e6f6e6963}\Shell\AutoRun\command - "" = F:\setup.exe O33 - MountPoints2\{2d05d1e8-11a3-11e0-9ee4-001f16134502}\Shell - "" = AutoRun O33 - MountPoints2\{2d05d1e8-11a3-11e0-9ee4-001f16134502}\Shell\AutoRun\command - "" = I:\AutoRun.exe O33 - MountPoints2\{50f358ef-916f-11de-88a6-ed56e7bc07ec}\Shell\AutoRun\command - "" = K:\Setup.exe O33 - MountPoints2\{98849a3a-1933-11e0-82a8-001e101fb45e}\Shell - "" = AutoRun O33 - MountPoints2\{98849a3a-1933-11e0-82a8-001e101fb45e}\Shell\AutoRun\command - "" = I:\AutoRun.exe O33 - MountPoints2\{99ed1136-1dd0-11e0-8f1f-001e101fabdd}\Shell - "" = AutoRun O33 - MountPoints2\{99ed1136-1dd0-11e0-8f1f-001e101fabdd}\Shell\AutoRun\command - "" = I:\AutoRun.exe O34 - HKLM BootExecute: (autocheck autochk *) - File not found O35 - HKLM\..comfile [open] -- "%1" %* O35 - HKLM\..exefile [open] -- "%1" %* O37 - HKLM\...com [@ = comfile] -- "%1" %* O37 - HKLM\...exe [@ = exefile] -- "%1" %* ========== Files/Folders - Created Within 30 Days ========== [2011.09.06 08:39:21 | 000,581,120 | ---- | C] (OldTimer Tools) -- D:\Users\**\Desktop\OTL.exe [2011.09.02 23:17:01 | 000,041,272 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbamswissarmy.sys [2011.09.02 23:17:01 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\MalwarebytesAnti-Malware [2011.09.02 23:16:57 | 000,022,712 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbam.sys [2011.09.02 15:45:23 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\CCleaner [2011.09.02 15:39:17 | 000,000,000 | ---D | C] -- C:\Users\**\AppData\Roaming\Malwarebytes [2011.09.02 15:39:12 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes [2011.09.02 15:39:09 | 000,000,000 | ---D | C] -- C:\Program Files\MalwarebytesAnti-Malware [2011.09.01 14:10:45 | 000,000,000 | ---D | C] -- C:\Kaspersky Rescue Disk 10.0 [2011.08.25 15:31:38 | 000,000,000 | ---D | C] -- C:\Users\**\AppData\Roaming\InstallPad [2011.08.25 14:39:10 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\_BilderGrafikVideoTools [2011.08.25 14:39:09 | 000,000,000 | ---D | C] -- C:\Program Files\PhotoZoomClassic2 [2011.08.24 18:52:54 | 000,002,048 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\tzres.dll [2011.08.21 16:33:48 | 000,000,000 | ---D | C] -- C:\Users\**\AppData\Roaming\calibre [2011.08.21 16:33:17 | 000,000,000 | ---D | C] -- C:\Program Files\Calibre2 [2011.08.21 16:33:17 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\calibre - E-book Management [2011.08.21 00:49:34 | 000,000,000 | ---D | C] -- C:\Windows\Sun [2011.08.18 06:05:44 | 000,375,808 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\winsrv.dll [2011.08.18 06:05:34 | 000,025,600 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\jsproxy.dll [2011.08.18 06:05:32 | 000,174,080 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ie4uinit.exe [2011.08.18 06:05:31 | 001,469,440 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\inetcpl.cpl [2011.08.18 06:05:31 | 000,602,112 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msfeeds.dll [2011.08.18 06:05:31 | 000,387,584 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\iedkcs32.dll [2011.08.18 06:05:31 | 000,105,984 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\url.dll [2011.08.18 06:05:30 | 001,638,912 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mshtml.tlb [2011.08.18 06:05:30 | 000,611,840 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mstime.dll [2011.08.18 06:05:30 | 000,385,024 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\html.iec [2011.08.18 06:05:30 | 000,184,320 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\iepeers.dll [2011.08.18 06:05:30 | 000,164,352 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ieui.dll [2011.08.18 06:05:30 | 000,133,632 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ieUnatt.exe [2011.08.18 06:05:30 | 000,109,056 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\iesysprep.dll [2011.08.18 06:05:30 | 000,071,680 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\iesetup.dll [2011.08.18 06:05:30 | 000,055,808 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\iernonce.dll [2011.08.18 06:05:30 | 000,055,296 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msfeedsbs.dll [2011.08.18 06:05:30 | 000,043,520 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\licmgr10.dll [2011.08.18 06:05:30 | 000,013,312 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msfeedssync.exe [2011.08.18 06:05:25 | 003,602,832 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ntkrnlpa.exe [2011.08.18 06:05:24 | 003,550,096 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ntoskrnl.exe [2 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ] ========== Files - Modified Within 30 Days ========== [2011.09.06 08:39:24 | 000,581,120 | ---- | M] (OldTimer Tools) -- D:\Users\**\Desktop\OTL.exe [2011.09.06 08:39:00 | 000,001,096 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job [2011.09.06 08:29:36 | 000,723,918 | ---- | M] () -- C:\Windows\System32\perfh007.dat [2011.09.06 08:29:36 | 000,675,242 | ---- | M] () -- C:\Windows\System32\perfh009.dat [2011.09.06 08:29:36 | 000,161,350 | ---- | M] () -- C:\Windows\System32\perfc007.dat [2011.09.06 08:29:36 | 000,132,300 | ---- | M] () -- C:\Windows\System32\perfc009.dat [2011.09.06 08:26:11 | 000,000,420 | -H-- | M] () -- C:\Windows\tasks\User_Feed_Synchronization-{4DA7EAA1-8D17-4D51-8D71-418E4A094BF9}.job [2011.09.06 08:22:26 | 000,275,530 | ---- | M] () -- C:\ProgramData\nvModes.001 [2011.09.06 08:21:50 | 000,275,530 | ---- | M] () -- C:\ProgramData\nvModes.dat [2011.09.06 08:21:43 | 000,001,092 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job [2011.09.06 08:21:37 | 008,405,015 | ---- | M] () -- C:\Windows\TempFile [2011.09.06 08:21:26 | 000,003,712 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0 [2011.09.06 08:21:26 | 000,003,712 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0 [2011.09.06 08:21:09 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat [2011.09.03 07:26:43 | 000,000,012 | ---- | M] () -- C:\Windows\bthservsdp.dat [2011.09.02 23:17:01 | 000,000,934 | ---- | M] () -- C:\Users\Public\Desktop\Malwarebytes' Anti-Malware.lnk [2011.09.02 15:49:28 | 000,001,356 | ---- | M] () -- C:\Users\**\AppData\Local\d3d9caps.dat [2011.09.01 13:36:00 | 000,000,426 | -H-- | M] () -- C:\Windows\tasks\User_Feed_Synchronization-{2F048F96-C6FC-425D-9EF5-D520D5E145A3}.job [2011.09.01 13:35:34 | 000,254,888 | ---- | M] () -- C:\Windows\System32\FNTCACHE.DAT [2011.08.25 14:39:10 | 000,000,966 | ---- | M] () -- C:\Users\Public\Desktop\PhotoZoomClassic 2.lnk [2011.08.24 20:34:45 | 000,000,284 | ---- | M] () -- C:\Windows\tasks\Defraggler Volume D Task.job [2011.08.24 20:34:43 | 000,003,126 | ---- | M] () -- C:\scheduler.hist [2011.08.24 19:03:38 | 000,000,284 | ---- | M] () -- C:\Windows\tasks\Defraggler Volume C Task.job [2011.08.23 16:01:03 | 000,000,993 | ---- | M] () -- C:\Windows\Brpfx04a.ini [2011.08.21 17:38:09 | 000,010,752 | ---- | M] () -- C:\Users\**\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini [2011.08.21 16:33:28 | 000,000,883 | ---- | M] () -- C:\Users\Public\Desktop\calibre - E-book management.lnk [2011.08.20 22:03:40 | 000,000,306 | RHS- | M] () -- C:\ProgramData\ntuser.pol [2 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ] ========== Files Created - No Company Name ========== [2011.09.02 23:17:01 | 000,000,934 | ---- | C] () -- C:\Users\Public\Desktop\Malwarebytes' Anti-Malware.lnk [2011.08.25 14:39:10 | 000,000,966 | ---- | C] () -- C:\Users\Public\Desktop\PhotoZoomClassic 2.lnk [2011.08.21 16:33:28 | 000,000,883 | ---- | C] () -- C:\Users\Public\Desktop\calibre - E-book management.lnk [2011.08.20 22:03:40 | 000,000,306 | RHS- | C] () -- C:\ProgramData\ntuser.pol [2011.07.11 14:23:50 | 000,000,136 | ---- | C] () -- C:\Users\**\AppData\Local\OwnNote.vnt [2011.06.02 17:43:59 | 000,026,340 | ---- | C] () -- C:\Users\**\AppData\Roaming\UserTile.png [2011.05.19 20:27:11 | 000,127,425 | ---- | C] () -- C:\Users\**\AppData\Local\Foto-0041.jpg [2011.05.19 20:27:07 | 000,139,674 | ---- | C] () -- C:\Users\**\AppData\Local\Foto-0042.jpg [2011.05.19 20:27:04 | 000,114,262 | ---- | C] () -- C:\Users\**\AppData\Local\Foto-0043.jpg [2011.05.19 20:27:01 | 000,157,508 | ---- | C] () -- C:\Users\**\AppData\Local\Foto-0044.jpg [2011.05.19 20:26:57 | 000,120,206 | ---- | C] () -- C:\Users\**\AppData\Local\Foto-0045.jpg [2011.04.05 15:01:07 | 000,000,272 | ---- | C] () -- C:\Windows\{0C6DB6B9-2D17-4AA5-A207-42D28BF9F434}_WiseFW.ini [2011.03.18 03:46:18 | 000,110,592 | ---- | C] () -- C:\Windows\System32\FsUsbExDevice.Dll [2011.03.18 03:46:18 | 000,036,608 | ---- | C] () -- C:\Windows\System32\FsUsbExDisk.Sys [2010.06.12 19:19:56 | 000,000,036 | ---- | C] () -- C:\Users\**\AppData\Local\housecall.guid.cache [2010.04.19 22:50:46 | 000,495,616 | ---- | C] () -- C:\Windows\System32\D3DX8ab.dll [2009.12.03 10:27:30 | 000,080,416 | ---- | C] () -- C:\Windows\System32\RtNicProp32.dll [2009.11.17 00:37:57 | 000,468,084 | ---- | C] () -- C:\Windows\cluninst.exe [2009.11.17 00:34:42 | 000,000,098 | ---- | C] () -- C:\Windows\etkinst.ini [2009.09.17 10:52:49 | 000,117,248 | ---- | C] () -- C:\Windows\System32\EhStorAuthn.dll [2009.09.17 10:52:49 | 000,107,612 | ---- | C] () -- C:\Windows\System32\StructuredQuerySchema.bin [2009.08.30 21:04:54 | 000,000,012 | ---- | C] () -- C:\Windows\bthservsdp.dat [2009.08.30 03:45:45 | 000,127,184 | ---- | C] () -- C:\Windows\Unwise.exe [2009.08.30 02:33:56 | 000,090,112 | ---- | C] () -- C:\Windows\SendToClip.exe [2009.08.26 17:05:16 | 000,049,152 | ---- | C] () -- C:\Windows\System32\AVerIO.dll [2009.08.26 17:05:16 | 000,003,456 | ---- | C] () -- C:\Windows\System32\AVerIO.sys [2009.08.26 17:05:05 | 000,565,248 | ---- | C] () -- C:\Windows\System32\sptlib21.dll [2009.08.26 17:05:05 | 000,290,816 | ---- | C] () -- C:\Windows\System32\sptlib22.dll [2009.08.26 17:05:05 | 000,135,168 | ---- | C] () -- C:\Windows\System32\sptlib12.dll [2009.08.26 17:05:04 | 000,294,912 | ---- | C] () -- C:\Windows\System32\sptlib11.dll [2009.08.26 17:05:04 | 000,249,856 | ---- | C] () -- C:\Windows\System32\sptlib01.dll [2009.08.26 17:05:04 | 000,245,760 | ---- | C] () -- C:\Windows\System32\sptlib03.dll [2009.08.26 17:05:04 | 000,241,664 | ---- | C] () -- C:\Windows\System32\sptlib02.dll [2009.08.26 12:53:28 | 000,000,928 | ---- | C] () -- C:\Windows\ODBC.INI [2009.08.26 11:56:47 | 000,000,993 | ---- | C] () -- C:\Windows\Brpfx04a.ini [2009.08.26 11:56:47 | 000,000,157 | ---- | C] () -- C:\Windows\brpcfx.ini [2009.08.26 11:56:08 | 000,000,425 | ---- | C] () -- C:\Windows\BRWMARK.INI [2009.08.26 11:56:08 | 000,000,027 | ---- | C] () -- C:\Windows\BRPP2KA.INI [2009.08.26 11:54:31 | 000,000,050 | ---- | C] () -- C:\Windows\System32\bridf08b.dat [2009.08.26 11:54:18 | 000,000,066 | ---- | C] () -- C:\Windows\Brfaxrx.ini [2009.08.26 11:54:17 | 000,000,000 | ---- | C] () -- C:\Windows\brdfxspd.dat [2009.08.26 11:54:15 | 000,106,496 | ---- | C] () -- C:\Windows\System32\BrMuSNMP.dll [2009.08.26 09:36:32 | 000,015,190 | ---- | C] () -- C:\Windows\M3000Twn.ini [2009.08.26 03:34:10 | 000,018,904 | ---- | C] () -- C:\Windows\System32\StructuredQuerySchemaTrivial.bin [2009.08.26 01:27:16 | 000,010,752 | ---- | C] () -- C:\Users\**\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini [2009.08.25 20:21:56 | 000,015,312 | ---- | C] () -- C:\Windows\System32\RaCoInst.dat [2009.08.25 19:29:32 | 000,275,530 | ---- | C] () -- C:\ProgramData\nvModes.001 [2009.08.25 18:50:13 | 000,275,530 | ---- | C] () -- C:\ProgramData\nvModes.dat [2009.08.25 18:36:28 | 000,000,276 | ---- | C] () -- C:\Windows\System32\drivers\SamSfPa.dat [2009.08.25 14:57:02 | 000,001,356 | ---- | C] () -- C:\Users\**\AppData\Local\d3d9caps.dat [2009.06.17 14:02:46 | 000,029,192 | ---- | C] () -- C:\Windows\System32\drivers\btnetBus.sys [2008.01.21 09:15:58 | 000,723,918 | ---- | C] () -- C:\Windows\System32\perfh007.dat [2008.01.21 09:15:58 | 000,290,748 | ---- | C] () -- C:\Windows\System32\perfi007.dat [2008.01.21 09:15:58 | 000,161,350 | ---- | C] () -- C:\Windows\System32\perfc007.dat [2008.01.21 09:15:58 | 000,036,916 | ---- | C] () -- C:\Windows\System32\perfd007.dat [2007.10.25 18:26:10 | 000,005,632 | ---- | C] () -- C:\Windows\System32\drivers\StarOpen.sys [2006.11.02 14:57:28 | 000,067,584 | --S- | C] () -- C:\Windows\bootstat.dat [2006.11.02 14:47:37 | 000,254,888 | ---- | C] () -- C:\Windows\System32\FNTCACHE.DAT [2006.11.02 14:35:32 | 000,005,632 | ---- | C] () -- C:\Windows\System32\sysprepMCE.dll [2006.11.02 12:33:01 | 000,675,242 | ---- | C] () -- C:\Windows\System32\perfh009.dat [2006.11.02 12:33:01 | 000,287,440 | ---- | C] () -- C:\Windows\System32\perfi009.dat [2006.11.02 12:33:01 | 000,132,300 | ---- | C] () -- C:\Windows\System32\perfc009.dat [2006.11.02 12:33:01 | 000,030,674 | ---- | C] () -- C:\Windows\System32\perfd009.dat [2006.11.02 12:23:21 | 000,215,943 | ---- | C] () -- C:\Windows\System32\dssec.dat [2006.11.02 10:58:30 | 000,043,131 | ---- | C] () -- C:\Windows\mib.bin [2006.11.02 10:19:00 | 000,000,741 | ---- | C] () -- C:\Windows\System32\NOISE.DAT [2006.11.02 09:40:29 | 000,013,750 | ---- | C] () -- C:\Windows\System32\pacerprf.ini [2006.11.02 09:25:31 | 000,673,088 | ---- | C] () -- C:\Windows\System32\mlang.dat ========== LOP Check ========== [2009.12.20 00:24:27 | 000,000,000 | ---D | M] -- C:\Users\+++\AppData\Roaming\Awem [2011.08.22 12:18:24 | 000,000,000 | ---D | M] -- C:\Users\+++\AppData\Roaming\calibre [2011.03.03 00:34:40 | 000,000,000 | ---D | M] -- C:\Users\+++\AppData\Roaming\Nokia [2010.10.06 21:52:21 | 000,000,000 | ---D | M] -- C:\Users\+++\AppData\Roaming\Notepad++ [2010.10.16 13:25:02 | 000,000,000 | ---D | M] -- C:\Users\+++\AppData\Roaming\PC Suite [2011.08.04 16:54:38 | 000,000,000 | ---D | M] -- C:\Users\+++\AppData\Roaming\PC-FAX TX [2009.12.19 23:17:56 | 000,000,000 | ---D | M] -- C:\Users\+++\AppData\Roaming\Peace Craft [2010.06.13 09:39:15 | 000,000,000 | ---D | M] -- C:\Users\+++\AppData\Roaming\PeerNetworking [2010.02.20 22:36:25 | 000,000,000 | ---D | M] -- C:\Users\+++\AppData\Roaming\PlayFirst [2011.03.31 15:16:20 | 000,000,000 | ---D | M] -- C:\Users\+++\AppData\Roaming\Samsung [2011.08.29 01:00:05 | 000,000,000 | ---D | M] -- C:\Users\+++\AppData\Roaming\Thunderbird [2010.08.17 10:20:19 | 000,000,000 | ---D | M] -- C:\Users\+++\AppData\Roaming\TomTom [2010.02.16 22:34:11 | 000,000,000 | ---D | M] -- C:\Users\+++\AppData\Roaming\Zylom [2010.09.14 23:34:54 | 000,000,000 | ---D | M] -- C:\Users\**\AppData\Roaming\Acronis [2011.08.21 17:33:10 | 000,000,000 | ---D | M] -- C:\Users\**\AppData\Roaming\calibre [2010.02.18 19:19:37 | 000,000,000 | ---D | M] -- C:\Users\**\AppData\Roaming\FairyTale [2010.09.14 23:43:17 | 000,000,000 | ---D | M] -- C:\Users\**\AppData\Roaming\InfraRecorder [2011.08.25 15:31:38 | 000,000,000 | ---D | M] -- C:\Users\**\AppData\Roaming\InstallPad [2010.07.28 11:32:50 | 000,000,000 | ---D | M] -- C:\Users\**\AppData\Roaming\Nokia [2011.09.03 00:09:25 | 000,000,000 | ---D | M] -- C:\Users\**\AppData\Roaming\Notepad++ [2010.07.13 12:33:46 | 000,000,000 | ---D | M] -- C:\Users\**\AppData\Roaming\PC Suite [2010.08.19 20:58:33 | 000,000,000 | ---D | M] -- C:\Users\**\AppData\Roaming\PC-FAX TX [2011.06.02 17:43:59 | 000,000,000 | ---D | M] -- C:\Users\**\AppData\Roaming\PeerNetworking [2010.01.30 21:12:39 | 000,000,000 | ---D | M] -- C:\Users\**\AppData\Roaming\Playrix Entertainment [2011.03.18 03:45:56 | 000,000,000 | ---D | M] -- C:\Users\**\AppData\Roaming\Samsung [2009.11.08 22:29:34 | 000,000,000 | ---D | M] -- C:\Users\**\AppData\Roaming\SecretIslandDeuBF [2010.08.18 17:32:57 | 000,000,000 | ---D | M] -- C:\Users\**\AppData\Roaming\TomTom [2009.11.08 21:22:31 | 000,000,000 | ---D | M] -- C:\Users\**\AppData\Roaming\YoudaGames [2011.08.24 19:03:38 | 000,000,284 | ---- | M] () -- C:\Windows\Tasks\Defraggler Volume C Task.job [2011.08.24 20:34:45 | 000,000,284 | ---- | M] () -- C:\Windows\Tasks\Defraggler Volume D Task.job [2011.09.06 04:36:26 | 000,032,534 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT [2011.09.01 13:36:00 | 000,000,426 | -H-- | M] () -- C:\Windows\Tasks\User_Feed_Synchronization-{2F048F96-C6FC-425D-9EF5-D520D5E145A3}.job [2011.09.06 08:26:11 | 000,000,420 | -H-- | M] () -- C:\Windows\Tasks\User_Feed_Synchronization-{4DA7EAA1-8D17-4D51-8D71-418E4A094BF9}.job ========== Purity Check ========== ========== Alternate Data Streams ========== @Alternate Data Stream - 8747 bytes -> D:\Users\**\Documents\Clubinfo rrrr zu OLC Bundesliga.eml:OECustomProperty @Alternate Data Stream - 8711 bytes -> D:\Users\**\Documents\Clubinfo rrrr von Dieter.eml:OECustomProperty @Alternate Data Stream - 8711 bytes -> D:\Users\**\Documents\Clubinfo rrrr Stammtisch.eml:OECustomProperty @Alternate Data Stream - 8673 bytes -> D:\Users\**\Documents\Re_ Clubinfo rrrr Stammtisch.eml:OECustomProperty @Alternate Data Stream - 1287 bytes -> D:\Users\**\Documents\Offene Rechnung ._. RG_ HM,, - <<<@###.com EILT!.eml:OECustomProperty @Alternate Data Stream - 1287 bytes -> D:\Users\**\Documents\Offene Rechnung ._. RG_ HM,, - <<<@###.com EILT!.eml:OECustomProperty @Alternate Data Stream - 1263 bytes -> D:\Users\**\Documents\Re_ looking send to Toy vers. for win98.eml:OECustomProperty @Alternate Data Stream - 1183 bytes -> D:\Users\**\Documents\Happy-Load.com MAHNUNG - Ihre RechnungsNr_ HM,,,.eml:OECustomProperty @Alternate Data Stream - 1175 bytes -> D:\Users\**\Documents\Daten deines Feedback-Formulars.eml:OECustomProperty @Alternate Data Stream - 1127 bytes -> D:\Users\**\Documents\Fenster putzen in Nymphenburg.eml:OECustomProperty @Alternate Data Stream - 1075 bytes -> D:\Users\**\Documents\Formular zur Schadenmeldung, H µµµµµ .eml:OECustomProperty @Alternate Data Stream - 1047 bytes -> D:\Users\**\Documents\AW_ SSSSS Kontaktformular BIOS Brennservice.eml:OECustomProperty < End of report > next... |
|
06.09.2011, 09:04
| #8 |
| | Wie bei Vista nach BKA-Winlock den MBR neu schreiben und freie Blöcke auf HD formatieren? hier der neue OTL.txt OTL Logfile: Code:
ATTFilter OTL logfile created on: 06.09.2011 08:48:29 - Run 1 OTL by OldTimer - Version 3.2.27.0 Folder = D:\Users\**\Desktop Windows Vista Home Premium Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation Internet Explorer (Version = 8.0.6001.19120) Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy 2,99 Gb Total Physical Memory | 1,18 Gb Available Physical Memory | 39,51% Memory free 13,17 Gb Paging File | 11,30 Gb Available in Paging File | 85,80% Paging File free Paging file location(s): [Binary data over 100 bytes] %SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files Drive C: | 107,42 Gb Total Space | 39,39 Gb Free Space | 36,67% Space Free | Partition Type: NTFS Drive D: | 165,87 Gb Total Space | 98,34 Gb Free Space | 59,29% Space Free | Partition Type: NTFS Drive E: | 20,00 Gb Total Space | 13,42 Gb Free Space | 67,12% Space Free | Partition Type: FAT32 Drive Z: | 1023,00 Mb Total Space | 510,62 Mb Free Space | 49,91% Space Free | Partition Type: FAT32 Computer Name: LAPTOP | User Name: ** | Logged in as Administrator. Boot Mode: Normal | Scan Mode: All users Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days ========== Processes (SafeList) ========== PRC - [2011.09.06 08:39:24 | 000,581,120 | ---- | M] (OldTimer Tools) -- D:\Users\**\Desktop\OTL.exe PRC - [2011.07.12 03:57:05 | 000,428,200 | ---- | M] (Avira GmbH) -- C:\Programme\Avira\AntiVir Desktop\avwebgrd.exe PRC - [2011.07.12 03:57:05 | 000,269,480 | ---- | M] (Avira GmbH) -- C:\Programme\Avira\AntiVir Desktop\avguard.exe PRC - [2011.05.24 09:41:11 | 000,912,344 | ---- | M] (Mozilla Corporation) -- C:\Programme\Mozilla Firefox\firefox.exe PRC - [2011.05.15 16:14:10 | 000,136,360 | ---- | M] (Avira GmbH) -- C:\Programme\Avira\AntiVir Desktop\sched.exe PRC - [2011.04.22 14:21:10 | 000,092,592 | ---- | M] (TomTom) -- D:\TomTomHOME2\TomTomHOMEService.exe PRC - [2011.03.10 16:34:47 | 000,281,768 | ---- | M] (Avira GmbH) -- C:\Programme\Avira\AntiVir Desktop\avgnt.exe PRC - [2010.07.04 20:07:40 | 000,238,952 | ---- | M] (Teruten) -- C:\Windows\System32\FsUsbExService.Exe PRC - [2010.04.30 12:16:05 | 000,076,968 | ---- | M] (Avira GmbH) -- C:\Programme\Avira\AntiVir Desktop\avshadow.exe PRC - [2009.04.11 08:28:10 | 000,019,968 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\inetsrv\w3wp.exe PRC - [2009.04.11 08:27:36 | 002,926,592 | ---- | M] (Microsoft Corporation) -- C:\Windows\explorer.exe PRC - [2008.11.03 14:14:12 | 000,217,088 | ---- | M] () -- C:\Programme\BisonCam\BsMnt.exe PRC - [2008.10.29 16:20:34 | 000,070,656 | ---- | M] () -- C:\Programme\Realtek Semiconductor Corp\Realtek USB 2.0 Card Reader\reset.exe PRC - [2008.05.16 17:12:44 | 000,102,400 | ---- | M] (WDC) -- C:\Programme\Western Digital\WD Drive Manager\WDBtnMgrSvc.exe PRC - [2008.05.16 17:12:08 | 000,430,080 | ---- | M] (WDC) -- C:\Programme\Western Digital\WD Drive Manager\WDBtnMgrUI.exe PRC - [2008.04.30 19:41:12 | 000,815,104 | ---- | M] (Intel(R) Corporation) -- C:\Programme\Intel\WiFi\bin\EvtEng.exe PRC - [2008.04.30 19:10:10 | 000,466,944 | ---- | M] (Intel(R) Corporation) -- C:\Programme\Common Files\Intel\WirelessCommon\RegSrvc.exe PRC - [2008.04.15 17:54:42 | 000,354,840 | ---- | M] (Intel Corporation) -- C:\Programme\Intel\Intel Matrix Storage Manager\IAANTmon.exe PRC - [2008.04.15 17:54:40 | 000,178,712 | ---- | M] (Intel Corporation) -- C:\Programme\Intel\Intel Matrix Storage Manager\IAAnotif.exe PRC - [2008.01.21 04:25:33 | 000,896,512 | ---- | M] (Microsoft Corporation) -- C:\Programme\Windows Media Player\wmpnetwk.exe PRC - [2008.01.21 04:25:33 | 000,202,240 | ---- | M] (Microsoft Corporation) -- C:\Programme\Windows Media Player\wmpnscfg.exe PRC - [2008.01.21 04:23:32 | 001,008,184 | ---- | M] (Microsoft Corporation) -- C:\Programme\Windows Defender\MSASCui.exe ========== Modules (No Company Name) ========== MOD - [2011.07.13 10:30:55 | 006,271,136 | ---- | M] () -- C:\Windows\System32\Macromed\Flash\NPSWF32.dll MOD - [2011.05.24 09:41:12 | 001,014,232 | ---- | M] () -- C:\Programme\Mozilla Firefox\js3250.dll MOD - [2010.09.23 02:48:44 | 001,060,864 | ---- | M] () -- C:\Programme\Adobe\Reader 9.0\Reader\plug_ins\PPKLITE.DEU MOD - [2009.12.22 00:57:32 | 007,573,504 | ---- | M] () -- c:\Programme\Adobe\Reader 9.0\Reader\RdLang32.DEU MOD - [2009.11.04 02:14:04 | 000,054,272 | ---- | M] () -- C:\Programme\Notepad++\NppShell_01.dll MOD - [2009.10.03 02:48:16 | 000,106,496 | ---- | M] () -- C:\Programme\Adobe\Reader 9.0\Reader\plug_ins\Escript.deu MOD - [2009.10.03 02:45:02 | 000,012,288 | ---- | M] () -- C:\Programme\Adobe\Reader 9.0\Reader\plug_ins\updater.DEU MOD - [2009.02.27 17:40:12 | 001,712,128 | ---- | M] () -- C:\Programme\Adobe\Reader 9.0\Reader\plug_ins\Annots.DEU MOD - [2009.02.27 17:40:10 | 000,274,432 | ---- | M] () -- C:\Programme\Adobe\Reader 9.0\Reader\plug_ins\DigSig.DEU MOD - [2009.02.27 17:39:46 | 000,999,424 | ---- | M] () -- C:\Programme\Adobe\Reader 9.0\Reader\plug_ins\Acroform.DEU MOD - [2009.02.27 13:52:56 | 000,258,048 | ---- | M] () -- C:\Programme\Adobe\Reader 9.0\Reader\sqlite.dll MOD - [2008.11.03 14:14:12 | 000,217,088 | ---- | M] () -- C:\Programme\BisonCam\BsMnt.exe MOD - [2007.11.16 16:02:18 | 000,479,232 | R--- | M] () -- C:\Programme\Adobe\Reader 9.0\Reader\ccme_base.dll MOD - [2007.11.16 16:02:18 | 000,401,408 | R--- | M] () -- C:\Programme\Adobe\Reader 9.0\Reader\cryptocme2.dll ========== Win32 Services (SafeList) ========== SRV - [2011.07.12 03:57:05 | 000,428,200 | ---- | M] (Avira GmbH) [Auto | Running] -- C:\Program Files\Avira\AntiVir Desktop\AVWEBGRD.EXE -- (AntiVirWebService) SRV - [2011.07.12 03:57:05 | 000,340,136 | ---- | M] (Avira GmbH) [Disabled | Stopped] -- C:\Program Files\Avira\AntiVir Desktop\avmailc.exe -- (AntiVirMailService) SRV - [2011.07.12 03:57:05 | 000,269,480 | ---- | M] (Avira GmbH) [Auto | Running] -- C:\Program Files\Avira\AntiVir Desktop\avguard.exe -- (AntiVirService) SRV - [2011.05.15 16:14:10 | 000,136,360 | ---- | M] (Avira GmbH) [Auto | Running] -- C:\Program Files\Avira\AntiVir Desktop\sched.exe -- (AntiVirSchedulerService) SRV - [2011.04.22 14:21:10 | 000,092,592 | ---- | M] (TomTom) [Auto | Running] -- D:\TomTomHOME2\TomTomHOMEService.exe -- (TomTomHOMEService) SRV - [2010.12.08 15:31:06 | 000,628,736 | ---- | M] (Nokia) [On_Demand | Stopped] -- C:\Program Files\PC Connectivity Solution\ServiceLayer.exe -- (ServiceLayer) SRV - [2010.08.19 10:52:04 | 000,229,376 | ---- | M] () [Disabled | Stopped] -- C:\ProgramData\DatacardService\DCService.exe -- (DCService.exe) SRV - [2010.07.04 20:07:40 | 000,238,952 | ---- | M] (Teruten) [Auto | Running] -- C:\Windows\System32\FsUsbExService.Exe -- (FsUsbExService) SRV - [2010.06.07 17:48:38 | 000,817,264 | ---- | M] (Acronis) [Disabled | Stopped] -- C:\Program Files\Common Files\Acronis\Schedule2\schedul2.exe -- (AcrSch2Svc) SRV - [2010.04.21 19:46:17 | 000,373,760 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Windows\System32\inetsrv\iisw3adm.dll -- (WAS) SRV - [2010.04.21 19:46:17 | 000,373,760 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\System32\inetsrv\iisw3adm.dll -- (W3SVC) SRV - [2009.04.11 08:28:17 | 000,052,224 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\System32\inetsrv\apphostsvc.dll -- (AppHostSvc) SRV - [2008.12.10 02:01:50 | 000,405,504 | ---- | M] () [Disabled | Stopped] -- C:\Programme\Common Files\AVerMedia\Service\AVerScheduleService.exe -- (AVerScheduleService) SRV - [2008.10.29 16:20:34 | 000,070,656 | ---- | M] () [Auto | Running] -- C:\Program Files\Realtek Semiconductor Corp\Realtek USB 2.0 Card Reader\reset.exe -- (resetWinService) SRV - [2008.10.22 04:51:04 | 000,352,256 | ---- | M] (AVerMedia) [Disabled | Stopped] -- C:\Programme\Common Files\AVerMedia\Service\AVerRemote.exe -- (AVerRemote) SRV - [2008.09.06 01:05:26 | 000,147,456 | ---- | M] (Volkswagen AG) [Disabled | Stopped] -- d:\ElsaWin\bin\LcSvrAdm.exe -- (LcSvrAdm) SRV - [2008.09.06 01:03:06 | 000,217,088 | ---- | M] (Volkswagen AG) [Disabled | Stopped] -- d:\ElsaWin\bin\LcSvrHis.exe -- (LcSvrHis) SRV - [2008.09.06 01:02:10 | 000,258,048 | ---- | M] (Volkswagen AG) [Disabled | Stopped] -- d:\ElsaWin\bin\LcSvrSaz.exe -- (LcSvrSaz) SRV - [2008.09.06 01:01:26 | 001,306,624 | ---- | M] (Volkswagen AG) [Disabled | Stopped] -- d:\ElsaWin\bin\LcSvrAuf.exe -- (LcSvrAuf) SRV - [2008.09.06 00:57:04 | 000,368,640 | ---- | M] (Volkswagen AG) [Disabled | Stopped] -- d:\ElsaWin\bin\LcSvrPas.exe -- (LcSvrPAS) SRV - [2008.09.06 00:56:36 | 000,241,664 | ---- | M] (Volkswagen AG) [Disabled | Stopped] -- d:\ElsaWin\bin\LcSvrDba.exe -- (LcSvrDba) SRV - [2008.05.16 17:12:44 | 000,102,400 | ---- | M] (WDC) [Auto | Running] -- C:\Program Files\Western Digital\WD Drive Manager\WDBtnMgrSvc.exe -- (WDBtnMgrSvc.exe) SRV - [2008.04.30 19:41:12 | 000,815,104 | ---- | M] (Intel(R) Corporation) [Auto | Running] -- C:\Programme\Intel\WiFi\bin\EvtEng.exe -- (EvtEng) SRV - [2008.04.30 19:10:10 | 000,466,944 | ---- | M] (Intel(R) Corporation) [Auto | Running] -- C:\Programme\Common Files\Intel\WirelessCommon\RegSrvc.exe -- (RegSrvc) SRV - [2008.04.15 17:54:42 | 000,354,840 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Programme\Intel\Intel Matrix Storage Manager\IAANTmon.exe -- (IAANTMON) Intel(R) SRV - [2008.01.21 04:25:27 | 000,035,328 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\System32\lpdsvc.dll -- (LPDSVC) SRV - [2008.01.21 04:23:32 | 000,272,952 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Programme\Windows Defender\MpSvc.dll -- (WinDefend) SRV - [2006.11.02 14:36:18 | 000,029,696 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\System32\iprip.dll -- (iprip) ========== Driver Services (SafeList) ========== DRV - [2011.07.12 03:57:06 | 000,138,192 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\Windows\System32\drivers\avipbb.sys -- (avipbb) DRV - [2011.07.12 03:57:06 | 000,066,616 | ---- | M] (Avira GmbH) [File_System | Auto | Running] -- C:\Windows\System32\drivers\avgntflt.sys -- (avgntflt) DRV - [2010.09.14 19:28:38 | 000,594,208 | ---- | M] (Acronis) [Kernel | Boot | Running] -- C:\Windows\system32\DRIVERS\timntr.sys -- (timounter) DRV - [2010.09.14 19:28:26 | 000,170,272 | ---- | M] (Acronis) [Kernel | Boot | Running] -- C:\Windows\system32\DRIVERS\snapman.sys -- (snapman) DRV - [2010.08.27 14:53:46 | 000,116,736 | ---- | M] (Huawei Technologies Co., Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\ewusbnet.sys -- (ewusbnet) DRV - [2010.08.07 18:48:42 | 000,106,880 | ---- | M] (Huawei Technologies Co., Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\ewusbmdm.sys -- (hwdatacard) DRV - [2010.07.30 15:16:46 | 000,008,192 | ---- | M] (Nokia) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\usbser_lowerfltj.sys -- (UsbserFilt) DRV - [2010.07.30 15:16:44 | 000,008,192 | ---- | M] (Nokia) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\usbser_lowerflt.sys -- (upperdev) DRV - [2010.07.30 15:16:42 | 000,023,040 | ---- | M] (Nokia) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\ccdcmbo.sys -- (nmwcdc) DRV - [2010.07.30 15:16:38 | 000,018,048 | ---- | M] (Nokia) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\ccdcmb.sys -- (nmwcd) DRV - [2010.07.27 16:25:48 | 000,072,832 | ---- | M] (Huawei Technologies Co., Ltd.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\ew_jubusenum.sys -- (huawei_enumerator) DRV - [2010.07.27 10:52:02 | 000,102,784 | ---- | M] (Huawei Technologies Co., Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\ew_hwusbdev.sys -- (ew_hwusbdev) DRV - [2010.07.26 13:24:46 | 000,137,600 | ---- | M] (Nokia) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\nmwcdnsu.sys -- (nmwcdnsu) DRV - [2010.07.26 13:24:42 | 000,008,576 | ---- | M] (Nokia) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\nmwcdnsuc.sys -- (nmwcdnsuc) DRV - [2010.06.23 10:21:32 | 000,259,176 | ---- | M] (Realtek ) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\Rtlh86.sys -- (RTL8169) DRV - [2010.06.14 10:32:54 | 000,036,608 | ---- | M] () [Kernel | On_Demand | Running] -- C:\Windows\System32\FsUsbExDisk.Sys -- (FsUsbExDisk) DRV - [2010.04.27 04:25:12 | 000,123,776 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\ss_mdm.sys -- (ss_mdm) DRV - [2010.04.27 04:25:12 | 000,098,560 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\ss_bus.sys -- (ss_bus) SAMSUNG Mobile USB Device 1.0 driver (WDM) DRV - [2010.04.27 04:25:12 | 000,014,848 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\ss_mdfl.sys -- (ss_mdfl) DRV - [2010.01.29 11:40:04 | 000,082,320 | ---- | M] (EZB Systems, Inc.) [File_System | System | Running] -- C:\Programme\UltraISO\drivers\ISODrive.sys -- (ISODrive) DRV - [2009.07.01 23:29:00 | 009,786,752 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\nvlddmkm.sys -- (nvlddmkm) DRV - [2009.06.26 15:55:12 | 000,066,080 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\nvhda32v.sys -- (NVHDA) DRV - [2009.06.17 14:02:46 | 000,029,192 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\btnetBus.sys -- (btnetBUs) DRV - [2009.05.11 10:12:20 | 000,028,520 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\Windows\System32\drivers\ssmdrv.sys -- (ssmdrv) DRV - [2009.05.07 17:22:20 | 000,042,496 | ---- | M] (Sentelic Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\fspad_wlh32.sys -- (fspad_wlh32) DRV - [2009.04.11 06:45:24 | 000,113,664 | ---- | M] (Microsoft Corporation) [Kernel | Auto | Running] -- C:\Windows\System32\drivers\rmcast.sys -- (RMCAST) RMCAST (Pgm) DRV - [2009.02.13 12:35:01 | 000,011,608 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\Programme\Avira\AntiVir Desktop\avgio.sys -- (avgio) DRV - [2008.12.04 19:13:08 | 001,461,032 | ---- | M] (Bison Electronics. Inc. ) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\BisonC07.sys -- (Cam5607) DRV - [2008.11.12 17:24:24 | 000,012,288 | ---- | M] (gavotte) [Kernel | Boot | Running] -- C:\Windows\system32\DRIVERS\rramdisk.sys -- (RRamdisk) DRV - [2008.09.30 04:29:32 | 000,272,640 | ---- | M] (AVerMedia TECHNOLOGIES, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\AVerFx2hbtv.sys -- (AVerFx2hbtv) DRV - [2008.08.26 10:26:12 | 000,018,816 | ---- | M] (Nokia) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\pccsmcfd.sys -- (pccsmcfd) DRV - [2008.04.28 06:29:26 | 003,658,752 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\NETw5v32.sys -- (NETw5v32) Intel(R) DRV - [2007.03.01 12:12:16 | 000,075,776 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\slabser.sys -- (slabser) DRV - [2007.03.01 12:12:16 | 000,058,368 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\slabbus.sys -- (slabbus) CP210x USB Composite Device driver (WDM) DRV - [2007.01.04 11:15:08 | 000,009,336 | ---- | M] (hxxp://www.internals.com) [Kernel | On_Demand | Running] -- C:\Windows\System32\WinIo.sys -- (WINIO) DRV - [2006.11.17 10:31:04 | 000,013,976 | ---- | M] (X10 Wireless Technology, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\x10hid.sys -- (X10Hid) DRV - [2006.11.02 09:30:56 | 000,429,056 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\nvm60x32.sys -- (NVENETFD) DRV - [2006.11.02 09:30:56 | 000,311,808 | ---- | M] (Realtek) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\RTL85n86.sys -- (RTL85n86) DRV - [2005.07.28 09:18:40 | 000,685,056 | ---- | M] (Aladdin Knowledge Systems Ltd.) [Kernel | Auto | Running] -- C:\Windows\System32\drivers\hardlock.sys -- (Hardlock) ========== Standard Registry (SafeList) ========== ========== Internet Explorer ========== IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 IE - HKU\S-1-5-19\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 IE - HKU\S-1-5-20\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 IE - HKU\S-1-5-21-1132503739-529802008-4276434138-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.web.de/ IE - HKU\S-1-5-21-1132503739-529802008-4276434138-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = hxxp://de.msn.com/?ocid=iehp IE - HKU\S-1-5-21-1132503739-529802008-4276434138-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = de IE - HKU\S-1-5-21-1132503739-529802008-4276434138-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 4D CC EF 8E 5E 6C CC 01 [binary data] IE - HKU\S-1-5-21-1132503739-529802008-4276434138-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 ========== FireFox ========== FF - prefs.js..browser.startup.homepage: "hxxp://web.de/" FF - prefs.js..extensions.enabledItems: {d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}:1.3.9 FF - prefs.js..extensions.enabledItems: {ea627165-1724-4db5-ccde-fdc12f45452e}:2.1 FF - prefs.js..extensions.enabledItems: {ca0849e8-2c76-42ae-9abe-34e14d337acf}:1.94 FF - prefs.js..extensions.enabledItems: {D4DD63FA-01E4-46a7-B6B1-EDAB7D6AD389}:0.9.8 FF - prefs.js..extensions.enabledItems: {b9db16a4-6edc-47ec-a1f4-b86292ed211d}:4.9.4 FF - prefs.js..extensions.enabledItems: globefish@projects.6831.courses.csail.mit.edu:1.3.2 FF - prefs.js..extensions.enabledItems: {dc572301-7619-498c-a57d-39143191b318}:0.3.8.6 FF - prefs.js..extensions.enabledItems: foxmarks@kei.com:4.0.1 FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}:6.0.20 FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}:6.0.22 FF - prefs.js..extensions.enabledItems: {e4a8a97b-f2ed-450b-b12d-ee082ba24781}:0.9.7 FF - prefs.js..extensions.enabledItems: bkmrksync@nokia.com:1.0.0.736 FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF32.dll () FF - HKLM\Software\MozillaPlugins\@Google.com/GoogleEarthPlugin: C:\Program Files\Google\Google Earth\plugin\npgeplugin.dll (Google) FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files\Java\jre6\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.) FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: C:\Program Files\Microsoft Silverlight\4.0.60531.0\npctrl.dll ( Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: C:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=8: C:\Program Files\Google\Update\1.2.183.39\npGoogleOneClick8.dll (Google Inc.) FF - HKLM\Software\MozillaPlugins\@videolan.org/vlc,version=1.0.1: C:\Program Files\VideoLAN\VLC\npvlc.dll (the VideoLAN Team) FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files\Adobe\Reader 9.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.) FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\bkmrksync@nokia.com: C:\Program Files\Nokia\Nokia PC Suite 7\bkmrksync\ [2011.03.23 17:59:16 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 3.6.17\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2011.05.24 09:41:19 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 3.6.17\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2011.07.13 10:27:35 | 000,000,000 | ---D | M] [2010.11.04 00:49:14 | 000,000,000 | ---D | M] (No name found) -- C:\Users\**\AppData\Roaming\mozilla\Extensions [2010.11.04 00:49:14 | 000,000,000 | ---D | M] (No name found) -- C:\Users\**\AppData\Roaming\mozilla\Extensions\{3550f703-e582-4d05-9a08-453d09bdfdc6} [2010.08.18 17:33:20 | 000,000,000 | ---D | M] (No name found) -- C:\Users\**\AppData\Roaming\mozilla\Extensions\home2@tomtom.com [2011.09.06 08:35:09 | 000,000,000 | ---D | M] (No name found) -- C:\Users\**\AppData\Roaming\mozilla\Firefox\Profiles\uh68ydbz.default\extensions [2011.08.20 21:09:37 | 000,000,000 | ---D | M] (Flagfox) -- C:\Users\**\AppData\Roaming\mozilla\Firefox\Profiles\uh68ydbz.default\extensions\{1018e4d6-728f-4b20-ad56-37578a4de76b} [2011.03.24 02:27:42 | 000,000,000 | ---D | M] (Firefox Sync) -- C:\Users\**\AppData\Roaming\mozilla\Firefox\Profiles\uh68ydbz.default\extensions\{340c2bbc-ce74-4362-90b5-7c26312808ef} [2011.08.20 21:10:01 | 000,000,000 | ---D | M] (DownloadHelper) -- C:\Users\**\AppData\Roaming\mozilla\Firefox\Profiles\uh68ydbz.default\extensions\{b9db16a4-6edc-47ec-a1f4-b86292ed211d} [2011.04.27 22:53:23 | 000,000,000 | ---D | M] ("BabelFish") -- C:\Users\**\AppData\Roaming\mozilla\Firefox\Profiles\uh68ydbz.default\extensions\{ca0849e8-2c76-42ae-9abe-34e14d337acf} [2011.08.20 21:11:03 | 000,000,000 | ---D | M] (Adblock Plus) -- C:\Users\**\AppData\Roaming\mozilla\Firefox\Profiles\uh68ydbz.default\extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d} [2011.03.24 02:27:36 | 000,000,000 | ---D | M] (Download Statusbar) -- C:\Users\**\AppData\Roaming\mozilla\Firefox\Profiles\uh68ydbz.default\extensions\{D4DD63FA-01E4-46a7-B6B1-EDAB7D6AD389} [2011.05.24 12:44:04 | 000,000,000 | ---D | M] (No name found) -- C:\Users\**\AppData\Roaming\mozilla\Firefox\Profiles\uh68ydbz.default\extensions\{dc572301-7619-498c-a57d-39143191b318} [2011.08.20 21:09:36 | 000,000,000 | ---D | M] (Greasemonkey) -- C:\Users\**\AppData\Roaming\mozilla\Firefox\Profiles\uh68ydbz.default\extensions\{e4a8a97b-f2ed-450b-b12d-ee082ba24781} [2010.08.10 08:53:29 | 000,000,000 | ---D | M] ("AskForSanitize") -- C:\Users\**\AppData\Roaming\mozilla\Firefox\Profiles\uh68ydbz.default\extensions\{ea627165-1724-4db5-ccde-fdc12f45452e} [2011.08.20 21:09:52 | 000,000,000 | ---D | M] (FoxTab) -- C:\Users\**\AppData\Roaming\mozilla\Firefox\Profiles\uh68ydbz.default\extensions\{ef4e370e-d9f0-4e00-b93e-a4f274cfdd5a} [2011.08.20 21:10:51 | 000,000,000 | ---D | M] ("Xmarks") -- C:\Users\**\AppData\Roaming\mozilla\Firefox\Profiles\uh68ydbz.default\extensions\foxmarks@kei.com [2011.03.24 02:27:39 | 000,000,000 | ---D | M] (Globefish) -- C:\Users\**\AppData\Roaming\mozilla\Firefox\Profiles\uh68ydbz.default\extensions\globefish@projects.6831.courses.csail.mit.edu [2011.05.24 12:44:04 | 000,000,000 | ---D | M] (No name found) -- C:\Users\**\AppData\Roaming\mozilla\Firefox\Profiles\uh68ydbz.default\extensions\{dc572301-7619-498c-a57d-39143191b318}\modules\extensions [2011.09.06 08:35:09 | 000,000,000 | ---D | M] (No name found) -- C:\Programme\Mozilla Firefox\extensions [2010.09.20 15:38:52 | 000,000,000 | ---D | M] (Java Console) -- C:\Programme\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA} [2010.11.23 22:17:44 | 000,000,000 | ---D | M] (Java Console) -- C:\Programme\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA} [2010.09.20 15:38:52 | 000,000,000 | ---D | M] (Java Console) -- C:\PROGRAM FILES\MOZILLA FIREFOX\EXTENSIONS\{CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA} [2010.11.23 22:17:44 | 000,000,000 | ---D | M] (Java Console) -- C:\PROGRAM FILES\MOZILLA FIREFOX\EXTENSIONS\{CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA} [2011.03.23 17:59:16 | 000,000,000 | ---D | M] (PC Sync 2 Synchronisation Extension) -- C:\PROGRAM FILES\NOKIA\NOKIA PC SUITE 7\BKMRKSYNC [2009.08.26 21:05:55 | 000,000,000 | ---D | M] (Microsoft .NET Framework Assistant) -- C:\WINDOWS\MICROSOFT.NET\FRAMEWORK\V3.5\WINDOWS PRESENTATION FOUNDATION\DOTNETASSISTANTEXTENSION [2010.09.15 05:50:38 | 000,472,808 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\mozilla firefox\plugins\npdeployJava1.dll [2011.05.24 09:41:16 | 000,001,392 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\amazondotcom-de.xml [2011.05.24 09:41:16 | 000,002,344 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\eBay-de.xml [2011.05.24 09:41:16 | 000,006,805 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\leo_ende_de.xml [2011.05.24 09:41:16 | 000,001,178 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\wikipedia-de.xml [2011.05.24 09:41:16 | 000,001,105 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\yahoo-de.xml O1 HOSTS File: ([2006.09.18 23:41:30 | 000,000,761 | ---- | M]) - C:\Windows\System32\drivers\etc\hosts O1 - Hosts: 127.0.0.1 localhost O1 - Hosts: ::1 localhost O4 - HKLM..\Run: [avgnt] C:\Program Files\Avira\AntiVir Desktop\avgnt.exe (Avira GmbH) O4 - HKLM..\Run: [BsMnt] C:\Programme\BisonCam\BsMnt.exe () O4 - HKLM..\Run: [IAAnotif] C:\Programme\Intel\Intel Matrix Storage Manager\IAAnotif.exe (Intel Corporation) O4 - HKLM..\Run: [NPSStartup] File not found O4 - HKLM..\Run: [NvCplDaemon] C:\Windows\System32\NvCpl.dll (NVIDIA Corporation) O4 - HKLM..\Run: [pdfFactory Pro Dispatcher v3] C:\Windows\System32\spool\DRIVERS\W32X86\3\fppdis3a.exe (FinePrint Software, LLC) O4 - HKLM..\Run: [WD Drive Manager] C:\Programme\Western Digital\WD Drive Manager\WDBtnMgrUI.exe (WDC) O4 - HKLM..\Run: [Windows Defender] C:\Program Files\Windows Defender\MSASCui.exe (Microsoft Corporation) O4 - HKU\S-1-5-19..\Run: [WindowsWelcomeCenter] C:\Windows\System32\oobefldr.dll (Microsoft Corporation) O4 - HKU\S-1-5-20..\Run: [WindowsWelcomeCenter] C:\Windows\System32\oobefldr.dll (Microsoft Corporation) O4 - HKU\S-1-5-21-1132503739-529802008-4276434138-1000..\RunOnce: [FlashPlayerUpdate] C:\Windows\System32\Macromed\Flash\FlashUtil10t_ActiveX.exe (Adobe Systems, Inc.) O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 0 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableLUA = 0 O8 - Extra context menu item: Nach Microsoft &Excel exportieren - C:\Programme\MicrosoftOffice\Office10\EXCEL.EXE (Microsoft Corporation) O10 - Protocol_Catalog9\Catalog_Entries\000000000001 - C:\Program Files\Avira\AntiVir Desktop\avsda.dll (Avira GmbH) O10 - Protocol_Catalog9\Catalog_Entries\000000000002 - C:\Program Files\Avira\AntiVir Desktop\avsda.dll (Avira GmbH) O10 - Protocol_Catalog9\Catalog_Entries\000000000013 - C:\Program Files\Avira\AntiVir Desktop\avsda.dll (Avira GmbH) O13 - gopher Prefix: missing O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab (Java Plug-in 1.6.0_22) O16 - DPF: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab (Java Plug-in 1.6.0_22) O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab (Java Plug-in 1.6.0_22) O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab (Reg Error: Key error.) O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.1 O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{4D02D8C6-CFC3-4A9A-9BB7-F7C85C480323}: DhcpNameServer = 192.168.1.1 O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{4D02D8C6-CFC3-4A9A-9BB7-F7C85C480323}: Domain = HAUS O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{4D02D8C6-CFC3-4A9A-9BB7-F7C85C480323}: NameServer = 192.168.1.1 O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{7DDA3770-E50B-4865-85B0-ABE9D1F84006}: DhcpNameServer = 192.168.1.1 O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{7DDA3770-E50B-4865-85B0-ABE9D1F84006}: NameServer = 192.168.1.1 O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{9EE0A647-B058-4D3A-8150-5D95B3474696}: DhcpNameServer = 193.189.244.225 193.189.244.206 O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{CF3540EE-94F0-4C8C-A2FD-34CC2A420F61}: DhcpNameServer = 193.189.244.225 193.189.244.206 O18 - Protocol\Handler\http\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation) O18 - Protocol\Handler\http\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation) O18 - Protocol\Handler\https\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation) O18 - Protocol\Handler\https\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation) O18 - Protocol\Handler\msdaipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation) O18 - Protocol\Handler\msdaipp\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation) O18 - Protocol\Handler\ms-itss {0A9007C0-4076-11D3-8789-0000F8105754} - C:\Programme\Common Files\microsoft shared\Information Retrieval\MSITSS.DLL (Microsoft Corporation) O18 - Protocol\Handler\mso-offdap {3D9F03FA-7A94-11D3-BE81-0050048385D1} - C:\Programme\Common Files\microsoft shared\Web Components\10\OWC10.DLL (Microsoft Corporation) O18 - Protocol\Handler\vw-wi {0F3C833F-FB28-40EA-8CB9-6A55B996C3F6} - d:\ElsaWin\bin\wiprot.dll (TODO: <Company name>) O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation) O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\System32\userinit.exe (Microsoft Corporation) O24 - Desktop WallPaper: D:\Users\**\Pictures\57260046-gleitschirmflieger.jpg O24 - Desktop BackupWallPaper: D:\Users\**\Pictures\57260046-gleitschirmflieger.jpg O32 - HKLM CDRom: AutoRun - 1 O32 - AutoRun File - [2006.09.18 23:43:36 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ] O33 - MountPoints2\{1187e07b-9197-11de-a62f-806e6f6e6963}\Shell - "" = AutoRun O33 - MountPoints2\{1187e07b-9197-11de-a62f-806e6f6e6963}\Shell\AutoRun\command - "" = F:\setup.exe O33 - MountPoints2\{2d05d1e8-11a3-11e0-9ee4-001f16134502}\Shell - "" = AutoRun O33 - MountPoints2\{2d05d1e8-11a3-11e0-9ee4-001f16134502}\Shell\AutoRun\command - "" = I:\AutoRun.exe O33 - MountPoints2\{50f358ef-916f-11de-88a6-ed56e7bc07ec}\Shell\AutoRun\command - "" = K:\Setup.exe O33 - MountPoints2\{98849a3a-1933-11e0-82a8-001e101fb45e}\Shell - "" = AutoRun O33 - MountPoints2\{98849a3a-1933-11e0-82a8-001e101fb45e}\Shell\AutoRun\command - "" = I:\AutoRun.exe O33 - MountPoints2\{99ed1136-1dd0-11e0-8f1f-001e101fabdd}\Shell - "" = AutoRun O33 - MountPoints2\{99ed1136-1dd0-11e0-8f1f-001e101fabdd}\Shell\AutoRun\command - "" = I:\AutoRun.exe O34 - HKLM BootExecute: (autocheck autochk *) - File not found O35 - HKLM\..comfile [open] -- "%1" %* O35 - HKLM\..exefile [open] -- "%1" %* O37 - HKLM\...com [@ = comfile] -- "%1" %* O37 - HKLM\...exe [@ = exefile] -- "%1" %* ========== Files/Folders - Created Within 30 Days ========== [2011.09.06 08:39:21 | 000,581,120 | ---- | C] (OldTimer Tools) -- D:\Users\**\Desktop\OTL.exe [2011.09.02 23:17:01 | 000,041,272 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbamswissarmy.sys [2011.09.02 23:17:01 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\MalwarebytesAnti-Malware [2011.09.02 23:16:57 | 000,022,712 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbam.sys [2011.09.02 15:45:23 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\CCleaner [2011.09.02 15:39:17 | 000,000,000 | ---D | C] -- C:\Users\**\AppData\Roaming\Malwarebytes [2011.09.02 15:39:12 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes [2011.09.02 15:39:09 | 000,000,000 | ---D | C] -- C:\Program Files\MalwarebytesAnti-Malware [2011.09.01 14:10:45 | 000,000,000 | ---D | C] -- C:\Kaspersky Rescue Disk 10.0 [2011.08.25 15:31:38 | 000,000,000 | ---D | C] -- C:\Users\**\AppData\Roaming\InstallPad [2011.08.25 14:39:10 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\_BilderGrafikVideoTools [2011.08.25 14:39:09 | 000,000,000 | ---D | C] -- C:\Program Files\PhotoZoomClassic2 [2011.08.24 18:52:54 | 000,002,048 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\tzres.dll [2011.08.21 16:33:48 | 000,000,000 | ---D | C] -- C:\Users\**\AppData\Roaming\calibre [2011.08.21 16:33:17 | 000,000,000 | ---D | C] -- C:\Program Files\Calibre2 [2011.08.21 16:33:17 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\calibre - E-book Management [2011.08.21 00:49:34 | 000,000,000 | ---D | C] -- C:\Windows\Sun [2011.08.18 06:05:44 | 000,375,808 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\winsrv.dll [2011.08.18 06:05:34 | 000,025,600 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\jsproxy.dll [2011.08.18 06:05:32 | 000,174,080 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ie4uinit.exe [2011.08.18 06:05:31 | 001,469,440 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\inetcpl.cpl [2011.08.18 06:05:31 | 000,602,112 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msfeeds.dll [2011.08.18 06:05:31 | 000,387,584 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\iedkcs32.dll [2011.08.18 06:05:31 | 000,105,984 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\url.dll [2011.08.18 06:05:30 | 001,638,912 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mshtml.tlb [2011.08.18 06:05:30 | 000,611,840 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mstime.dll [2011.08.18 06:05:30 | 000,385,024 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\html.iec [2011.08.18 06:05:30 | 000,184,320 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\iepeers.dll [2011.08.18 06:05:30 | 000,164,352 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ieui.dll [2011.08.18 06:05:30 | 000,133,632 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ieUnatt.exe [2011.08.18 06:05:30 | 000,109,056 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\iesysprep.dll [2011.08.18 06:05:30 | 000,071,680 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\iesetup.dll [2011.08.18 06:05:30 | 000,055,808 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\iernonce.dll [2011.08.18 06:05:30 | 000,055,296 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msfeedsbs.dll [2011.08.18 06:05:30 | 000,043,520 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\licmgr10.dll [2011.08.18 06:05:30 | 000,013,312 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msfeedssync.exe [2011.08.18 06:05:25 | 003,602,832 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ntkrnlpa.exe [2011.08.18 06:05:24 | 003,550,096 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ntoskrnl.exe [2 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ] ========== Files - Modified Within 30 Days ========== [2011.09.06 08:39:24 | 000,581,120 | ---- | M] (OldTimer Tools) -- D:\Users\**\Desktop\OTL.exe [2011.09.06 08:39:00 | 000,001,096 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job [2011.09.06 08:29:36 | 000,723,918 | ---- | M] () -- C:\Windows\System32\perfh007.dat [2011.09.06 08:29:36 | 000,675,242 | ---- | M] () -- C:\Windows\System32\perfh009.dat [2011.09.06 08:29:36 | 000,161,350 | ---- | M] () -- C:\Windows\System32\perfc007.dat [2011.09.06 08:29:36 | 000,132,300 | ---- | M] () -- C:\Windows\System32\perfc009.dat [2011.09.06 08:26:11 | 000,000,420 | -H-- | M] () -- C:\Windows\tasks\User_Feed_Synchronization-{4DA7EAA1-8D17-4D51-8D71-418E4A094BF9}.job [2011.09.06 08:22:26 | 000,275,530 | ---- | M] () -- C:\ProgramData\nvModes.001 [2011.09.06 08:21:50 | 000,275,530 | ---- | M] () -- C:\ProgramData\nvModes.dat [2011.09.06 08:21:43 | 000,001,092 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job [2011.09.06 08:21:37 | 008,405,015 | ---- | M] () -- C:\Windows\TempFile [2011.09.06 08:21:26 | 000,003,712 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0 [2011.09.06 08:21:26 | 000,003,712 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0 [2011.09.06 08:21:09 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat [2011.09.03 07:26:43 | 000,000,012 | ---- | M] () -- C:\Windows\bthservsdp.dat [2011.09.02 23:17:01 | 000,000,934 | ---- | M] () -- C:\Users\Public\Desktop\Malwarebytes' Anti-Malware.lnk [2011.09.02 15:49:28 | 000,001,356 | ---- | M] () -- C:\Users\**\AppData\Local\d3d9caps.dat [2011.09.01 13:36:00 | 000,000,426 | -H-- | M] () -- C:\Windows\tasks\User_Feed_Synchronization-{2F048F96-C6FC-425D-9EF5-D520D5E145A3}.job [2011.09.01 13:35:34 | 000,254,888 | ---- | M] () -- C:\Windows\System32\FNTCACHE.DAT [2011.08.25 14:39:10 | 000,000,966 | ---- | M] () -- C:\Users\Public\Desktop\PhotoZoomClassic 2.lnk [2011.08.24 20:34:45 | 000,000,284 | ---- | M] () -- C:\Windows\tasks\Defraggler Volume D Task.job [2011.08.24 20:34:43 | 000,003,126 | ---- | M] () -- C:\scheduler.hist [2011.08.24 19:03:38 | 000,000,284 | ---- | M] () -- C:\Windows\tasks\Defraggler Volume C Task.job [2011.08.23 16:01:03 | 000,000,993 | ---- | M] () -- C:\Windows\Brpfx04a.ini [2011.08.21 17:38:09 | 000,010,752 | ---- | M] () -- C:\Users\**\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini [2011.08.21 16:33:28 | 000,000,883 | ---- | M] () -- C:\Users\Public\Desktop\calibre - E-book management.lnk [2011.08.20 22:03:40 | 000,000,306 | RHS- | M] () -- C:\ProgramData\ntuser.pol [2 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ] ========== Files Created - No Company Name ========== [2011.09.02 23:17:01 | 000,000,934 | ---- | C] () -- C:\Users\Public\Desktop\Malwarebytes' Anti-Malware.lnk [2011.08.25 14:39:10 | 000,000,966 | ---- | C] () -- C:\Users\Public\Desktop\PhotoZoomClassic 2.lnk [2011.08.21 16:33:28 | 000,000,883 | ---- | C] () -- C:\Users\Public\Desktop\calibre - E-book management.lnk [2011.08.20 22:03:40 | 000,000,306 | RHS- | C] () -- C:\ProgramData\ntuser.pol [2011.07.11 14:23:50 | 000,000,136 | ---- | C] () -- C:\Users\**\AppData\Local\OwnNote.vnt [2011.06.02 17:43:59 | 000,026,340 | ---- | C] () -- C:\Users\**\AppData\Roaming\UserTile.png [2011.05.19 20:27:11 | 000,127,425 | ---- | C] () -- C:\Users\**\AppData\Local\Foto-0041.jpg [2011.05.19 20:27:07 | 000,139,674 | ---- | C] () -- C:\Users\**\AppData\Local\Foto-0042.jpg [2011.05.19 20:27:04 | 000,114,262 | ---- | C] () -- C:\Users\**\AppData\Local\Foto-0043.jpg [2011.05.19 20:27:01 | 000,157,508 | ---- | C] () -- C:\Users\**\AppData\Local\Foto-0044.jpg [2011.05.19 20:26:57 | 000,120,206 | ---- | C] () -- C:\Users\**\AppData\Local\Foto-0045.jpg [2011.04.05 15:01:07 | 000,000,272 | ---- | C] () -- C:\Windows\{0C6DB6B9-2D17-4AA5-A207-42D28BF9F434}_WiseFW.ini [2011.03.18 03:46:18 | 000,110,592 | ---- | C] () -- C:\Windows\System32\FsUsbExDevice.Dll [2011.03.18 03:46:18 | 000,036,608 | ---- | C] () -- C:\Windows\System32\FsUsbExDisk.Sys [2010.06.12 19:19:56 | 000,000,036 | ---- | C] () -- C:\Users\**\AppData\Local\housecall.guid.cache [2010.04.19 22:50:46 | 000,495,616 | ---- | C] () -- C:\Windows\System32\D3DX8ab.dll [2009.12.03 10:27:30 | 000,080,416 | ---- | C] () -- C:\Windows\System32\RtNicProp32.dll [2009.11.17 00:37:57 | 000,468,084 | ---- | C] () -- C:\Windows\cluninst.exe [2009.11.17 00:34:42 | 000,000,098 | ---- | C] () -- C:\Windows\etkinst.ini [2009.09.17 10:52:49 | 000,117,248 | ---- | C] () -- C:\Windows\System32\EhStorAuthn.dll [2009.09.17 10:52:49 | 000,107,612 | ---- | C] () -- C:\Windows\System32\StructuredQuerySchema.bin [2009.08.30 21:04:54 | 000,000,012 | ---- | C] () -- C:\Windows\bthservsdp.dat [2009.08.30 03:45:45 | 000,127,184 | ---- | C] () -- C:\Windows\Unwise.exe [2009.08.30 02:33:56 | 000,090,112 | ---- | C] () -- C:\Windows\SendToClip.exe [2009.08.26 17:05:16 | 000,049,152 | ---- | C] () -- C:\Windows\System32\AVerIO.dll [2009.08.26 17:05:16 | 000,003,456 | ---- | C] () -- C:\Windows\System32\AVerIO.sys [2009.08.26 17:05:05 | 000,565,248 | ---- | C] () -- C:\Windows\System32\sptlib21.dll [2009.08.26 17:05:05 | 000,290,816 | ---- | C] () -- C:\Windows\System32\sptlib22.dll [2009.08.26 17:05:05 | 000,135,168 | ---- | C] () -- C:\Windows\System32\sptlib12.dll [2009.08.26 17:05:04 | 000,294,912 | ---- | C] () -- C:\Windows\System32\sptlib11.dll [2009.08.26 17:05:04 | 000,249,856 | ---- | C] () -- C:\Windows\System32\sptlib01.dll [2009.08.26 17:05:04 | 000,245,760 | ---- | C] () -- C:\Windows\System32\sptlib03.dll [2009.08.26 17:05:04 | 000,241,664 | ---- | C] () -- C:\Windows\System32\sptlib02.dll [2009.08.26 12:53:28 | 000,000,928 | ---- | C] () -- C:\Windows\ODBC.INI [2009.08.26 11:56:47 | 000,000,993 | ---- | C] () -- C:\Windows\Brpfx04a.ini [2009.08.26 11:56:47 | 000,000,157 | ---- | C] () -- C:\Windows\brpcfx.ini [2009.08.26 11:56:08 | 000,000,425 | ---- | C] () -- C:\Windows\BRWMARK.INI [2009.08.26 11:56:08 | 000,000,027 | ---- | C] () -- C:\Windows\BRPP2KA.INI [2009.08.26 11:54:31 | 000,000,050 | ---- | C] () -- C:\Windows\System32\bridf08b.dat [2009.08.26 11:54:18 | 000,000,066 | ---- | C] () -- C:\Windows\Brfaxrx.ini [2009.08.26 11:54:17 | 000,000,000 | ---- | C] () -- C:\Windows\brdfxspd.dat [2009.08.26 11:54:15 | 000,106,496 | ---- | C] () -- C:\Windows\System32\BrMuSNMP.dll [2009.08.26 09:36:32 | 000,015,190 | ---- | C] () -- C:\Windows\M3000Twn.ini [2009.08.26 03:34:10 | 000,018,904 | ---- | C] () -- C:\Windows\System32\StructuredQuerySchemaTrivial.bin [2009.08.26 01:27:16 | 000,010,752 | ---- | C] () -- C:\Users\**\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini [2009.08.25 20:21:56 | 000,015,312 | ---- | C] () -- C:\Windows\System32\RaCoInst.dat [2009.08.25 19:29:32 | 000,275,530 | ---- | C] () -- C:\ProgramData\nvModes.001 [2009.08.25 18:50:13 | 000,275,530 | ---- | C] () -- C:\ProgramData\nvModes.dat [2009.08.25 18:36:28 | 000,000,276 | ---- | C] () -- C:\Windows\System32\drivers\SamSfPa.dat [2009.08.25 14:57:02 | 000,001,356 | ---- | C] () -- C:\Users\**\AppData\Local\d3d9caps.dat [2009.06.17 14:02:46 | 000,029,192 | ---- | C] () -- C:\Windows\System32\drivers\btnetBus.sys [2008.01.21 09:15:58 | 000,723,918 | ---- | C] () -- C:\Windows\System32\perfh007.dat [2008.01.21 09:15:58 | 000,290,748 | ---- | C] () -- C:\Windows\System32\perfi007.dat [2008.01.21 09:15:58 | 000,161,350 | ---- | C] () -- C:\Windows\System32\perfc007.dat [2008.01.21 09:15:58 | 000,036,916 | ---- | C] () -- C:\Windows\System32\perfd007.dat [2007.10.25 18:26:10 | 000,005,632 | ---- | C] () -- C:\Windows\System32\drivers\StarOpen.sys [2006.11.02 14:57:28 | 000,067,584 | --S- | C] () -- C:\Windows\bootstat.dat [2006.11.02 14:47:37 | 000,254,888 | ---- | C] () -- C:\Windows\System32\FNTCACHE.DAT [2006.11.02 14:35:32 | 000,005,632 | ---- | C] () -- C:\Windows\System32\sysprepMCE.dll [2006.11.02 12:33:01 | 000,675,242 | ---- | C] () -- C:\Windows\System32\perfh009.dat [2006.11.02 12:33:01 | 000,287,440 | ---- | C] () -- C:\Windows\System32\perfi009.dat [2006.11.02 12:33:01 | 000,132,300 | ---- | C] () -- C:\Windows\System32\perfc009.dat [2006.11.02 12:33:01 | 000,030,674 | ---- | C] () -- C:\Windows\System32\perfd009.dat [2006.11.02 12:23:21 | 000,215,943 | ---- | C] () -- C:\Windows\System32\dssec.dat [2006.11.02 10:58:30 | 000,043,131 | ---- | C] () -- C:\Windows\mib.bin [2006.11.02 10:19:00 | 000,000,741 | ---- | C] () -- C:\Windows\System32\NOISE.DAT [2006.11.02 09:40:29 | 000,013,750 | ---- | C] () -- C:\Windows\System32\pacerprf.ini [2006.11.02 09:25:31 | 000,673,088 | ---- | C] () -- C:\Windows\System32\mlang.dat ========== LOP Check ========== [2009.12.20 00:24:27 | 000,000,000 | ---D | M] -- C:\Users\+++\AppData\Roaming\Awem [2011.08.22 12:18:24 | 000,000,000 | ---D | M] -- C:\Users\+++\AppData\Roaming\calibre [2011.03.03 00:34:40 | 000,000,000 | ---D | M] -- C:\Users\+++\AppData\Roaming\Nokia [2010.10.06 21:52:21 | 000,000,000 | ---D | M] -- C:\Users\+++\AppData\Roaming\Notepad++ [2010.10.16 13:25:02 | 000,000,000 | ---D | M] -- C:\Users\+++\AppData\Roaming\PC Suite [2011.08.04 16:54:38 | 000,000,000 | ---D | M] -- C:\Users\+++\AppData\Roaming\PC-FAX TX [2009.12.19 23:17:56 | 000,000,000 | ---D | M] -- C:\Users\+++\AppData\Roaming\Peace Craft [2010.06.13 09:39:15 | 000,000,000 | ---D | M] -- C:\Users\+++\AppData\Roaming\PeerNetworking [2010.02.20 22:36:25 | 000,000,000 | ---D | M] -- C:\Users\+++\AppData\Roaming\PlayFirst [2011.03.31 15:16:20 | 000,000,000 | ---D | M] -- C:\Users\+++\AppData\Roaming\Samsung [2011.08.29 01:00:05 | 000,000,000 | ---D | M] -- C:\Users\+++\AppData\Roaming\Thunderbird [2010.08.17 10:20:19 | 000,000,000 | ---D | M] -- C:\Users\+++\AppData\Roaming\TomTom [2010.02.16 22:34:11 | 000,000,000 | ---D | M] -- C:\Users\+++\AppData\Roaming\Zylom [2010.09.14 23:34:54 | 000,000,000 | ---D | M] -- C:\Users\**\AppData\Roaming\Acronis [2011.08.21 17:33:10 | 000,000,000 | ---D | M] -- C:\Users\**\AppData\Roaming\calibre [2010.02.18 19:19:37 | 000,000,000 | ---D | M] -- C:\Users\**\AppData\Roaming\FairyTale [2010.09.14 23:43:17 | 000,000,000 | ---D | M] -- C:\Users\**\AppData\Roaming\InfraRecorder [2011.08.25 15:31:38 | 000,000,000 | ---D | M] -- C:\Users\**\AppData\Roaming\InstallPad [2010.07.28 11:32:50 | 000,000,000 | ---D | M] -- C:\Users\**\AppData\Roaming\Nokia [2011.09.03 00:09:25 | 000,000,000 | ---D | M] -- C:\Users\**\AppData\Roaming\Notepad++ [2010.07.13 12:33:46 | 000,000,000 | ---D | M] -- C:\Users\**\AppData\Roaming\PC Suite [2010.08.19 20:58:33 | 000,000,000 | ---D | M] -- C:\Users\**\AppData\Roaming\PC-FAX TX [2011.06.02 17:43:59 | 000,000,000 | ---D | M] -- C:\Users\**\AppData\Roaming\PeerNetworking [2010.01.30 21:12:39 | 000,000,000 | ---D | M] -- C:\Users\**\AppData\Roaming\Playrix Entertainment [2011.03.18 03:45:56 | 000,000,000 | ---D | M] -- C:\Users\**\AppData\Roaming\Samsung [2009.11.08 22:29:34 | 000,000,000 | ---D | M] -- C:\Users\**\AppData\Roaming\SecretIslandDeuBF [2010.08.18 17:32:57 | 000,000,000 | ---D | M] -- C:\Users\**\AppData\Roaming\TomTom [2009.11.08 21:22:31 | 000,000,000 | ---D | M] -- C:\Users\**\AppData\Roaming\YoudaGames [2011.08.24 19:03:38 | 000,000,284 | ---- | M] () -- C:\Windows\Tasks\Defraggler Volume C Task.job [2011.08.24 20:34:45 | 000,000,284 | ---- | M] () -- C:\Windows\Tasks\Defraggler Volume D Task.job [2011.09.06 04:36:26 | 000,032,534 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT [2011.09.01 13:36:00 | 000,000,426 | -H-- | M] () -- C:\Windows\Tasks\User_Feed_Synchronization-{2F048F96-C6FC-425D-9EF5-D520D5E145A3}.job [2011.09.06 08:26:11 | 000,000,420 | -H-- | M] () -- C:\Windows\Tasks\User_Feed_Synchronization-{4DA7EAA1-8D17-4D51-8D71-418E4A094BF9}.job ========== Purity Check ========== ========== Alternate Data Streams ========== @Alternate Data Stream - 8747 bytes -> D:\Users\**\Documents\Clubinfo rrrr zu OLC Bundesliga.eml:OECustomProperty @Alternate Data Stream - 8711 bytes -> D:\Users\**\Documents\Clubinfo rrrr von Dieter.eml:OECustomProperty @Alternate Data Stream - 8711 bytes -> D:\Users\**\Documents\Clubinfo rrrr Stammtisch.eml:OECustomProperty @Alternate Data Stream - 8673 bytes -> D:\Users\**\Documents\Re_ Clubinfo rrrr Stammtisch.eml:OECustomProperty @Alternate Data Stream - 1287 bytes -> D:\Users\**\Documents\Offene Rechnung ._. RG_ HM,, - <<<@###.com EILT!.eml:OECustomProperty @Alternate Data Stream - 1287 bytes -> D:\Users\**\Documents\Offene Rechnung ._. RG_ HM,, - <<<@###.com EILT!.eml:OECustomProperty @Alternate Data Stream - 1263 bytes -> D:\Users\**\Documents\Re_ looking send to Toy vers. for win98.eml:OECustomProperty @Alternate Data Stream - 1183 bytes -> D:\Users\**\Documents\Happy-Load.com MAHNUNG - Ihre RechnungsNr_ HM,,,.eml:OECustomProperty @Alternate Data Stream - 1175 bytes -> D:\Users\**\Documents\Daten deines Feedback-Formulars.eml:OECustomProperty @Alternate Data Stream - 1127 bytes -> D:\Users\**\Documents\Fenster putzen in Nymphenburg.eml:OECustomProperty @Alternate Data Stream - 1075 bytes -> D:\Users\**\Documents\Formular zur Schadenmeldung, H µµµµµ .eml:OECustomProperty @Alternate Data Stream - 1047 bytes -> D:\Users\**\Documents\AW_ SSSSS Kontaktformular BIOS Brennservice.eml:OECustomProperty < End of report > [/code] next... egen Fehlermeldungen vom Board... |
|
06.09.2011, 09:08
| #9 |
| | Wie bei Vista nach BKA-Winlock den MBR neu schreiben und freie Blöcke auf HD formatieren? -nach Fehlermeldungen vom Board- und der Extra.txt OTL EXTRAS Logfile: Code:
ATTFilter OTL Extras logfile created on: 06.09.2011 08:48:29 - Run 1
OTL by OldTimer - Version 3.2.27.0 Folder = D:\Users\**\Desktop
Windows Vista Home Premium Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.19120)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
2,99 Gb Total Physical Memory | 1,18 Gb Available Physical Memory | 39,51% Memory free
13,17 Gb Paging File | 11,30 Gb Available in Paging File | 85,80% Paging File free
Paging file location(s): [Binary data over 100 bytes]
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 107,42 Gb Total Space | 39,39 Gb Free Space | 36,67% Space Free | Partition Type: NTFS
Drive D: | 165,87 Gb Total Space | 98,34 Gb Free Space | 59,29% Space Free | Partition Type: NTFS
Drive E: | 20,00 Gb Total Space | 13,42 Gb Free Space | 67,12% Space Free | Partition Type: FAT32
Drive Z: | 1023,00 Mb Total Space | 510,62 Mb Free Space | 49,91% Space Free | Partition Type: FAT32
Computer Name: &&& | User Name: ** | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
========== Extra Registry (SafeList) ==========
========== File Associations ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- C:\Windows\System32\control.exe (Microsoft Corporation)
.hlp [@ = hlpfile] -- C:\Windows\winhlp32.exe (Microsoft Corporation)
[HKEY_USERS\S-1-5-21-1132503739-529802008-4276434138-1000\SOFTWARE\Classes\<extension>]
.html [@ = FirefoxHTML] -- C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation)
.ini [@ = Notepad++_file] -- Reg Error: Key error. File not found
.txt [@ = Notepad++_file] -- Reg Error: Key error. File not found
========== Shell Spawning ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
hlpfile [open] -- %SystemRoot%\winhlp32.exe %1 (Microsoft Corporation)
htmlfile [edit] -- "C:\Program Files\MicrosoftOffice\Office10\msohtmed.exe" %1 (Microsoft Corporation)
htmlfile [print] -- "C:\Program Files\MicrosoftOffice\Office10\msohtmed.exe" /p %1 (Microsoft Corporation)
http [open] -- Reg Error: Value error.
https [open] -- Reg Error: Value error.
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [AddToPlaylistVLC] -- "C:\Program Files\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" ()
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [PlayWithVLC] -- "C:\Program Files\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" ()
Directory [sendtotoys1add] -- C:\Program Files\SendToToys\SendToAdd.exe "%1" ()
Directory [sendtotoys1remove] -- C:\Program Files\SendToToys\SendToRemove.exe "%1" ()
Directory [sendtotoys2prompt] -- C:\Program Files\SendToToys\SendToCommandPrompt.exe "%1" ()
Folder [open] -- %SystemRoot%\Explorer.exe /separate,/idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /separate,/e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
========== Security Center Settings ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0
"VistaSp1" = Reg Error: Unknown registry data type -- File not found
"VistaSp2" = Reg Error: Unknown registry data type -- File not found
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\S-1-5-21-1132503739-529802008-4276434138-1000]
"EnableNotifications" = 1
"EnableNotificationsRef" = 2
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]
========== Firewall Settings ==========
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0
"DisableUnicastResponsesToMulticastBroadcast" = 0
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0
"DisableUnicastResponsesToMulticastBroadcast" = 0
========== Authorized Applications List ==========
========== Vista Active Open Ports Exception List ==========
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{02FD153E-ABC9-4D1D-B02D-7AA483D575FF}" = lport=162 | protocol=17 | dir=in | svc=snmptrap | app=c:\windows\system32\snmptrap.exe |
"{05108C21-5F10-4660-9785-9E31062633A1}" = lport=2177 | protocol=6 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{058460DE-836F-42EE-83AB-D7D86F043012}" = lport=135 | protocol=6 | dir=in | svc=rpcss | app=c:\windows\system32\svchost.exe |
"{0B929043-469B-42BD-AFCA-4F610CF5433E}" = rport=10243 | protocol=6 | dir=out | app=system |
"{0BEFFBBD-F3F6-412B-B100-8DE3881C686A}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=c:\windows\system32\svchost.exe |
"{14BCDDB7-930F-4B33-99B2-853127CCD869}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{1CE2363F-CD42-452A-95D2-08BB1401E73F}" = rport=139 | protocol=6 | dir=out | app=system |
"{1EF53F87-F7A4-47A0-BED5-7427C675BBEA}" = lport=80 | protocol=6 | dir=in | app=system |
"{1F254634-052C-4E5C-8E2B-3E90338FA69B}" = rport=2177 | protocol=17 | dir=out | svc=qwave | app=c:\windows\system32\svchost.exe |
"{1FBEA8B2-EC99-4529-9553-364973E48D3D}" = lport=7777 | protocol=17 | dir=in | app=c:\windows\ehome\ehshell.exe |
"{27D45B53-572E-4F87-B1B6-155BA3E89846}" = lport=3390 | protocol=6 | dir=in | app=system |
"{29D9C0C3-3FAF-4161-893F-BBF02BA80600}" = rport=5722 | protocol=6 | dir=out | svc=dfsr | app=c:\windows\system32\dfsr.exe |
"{2A8D292A-1CBA-44F0-B647-5CEA310F9F3C}" = rport=1723 | protocol=6 | dir=out | app=system |
"{2BD08FD1-EEA6-43B6-BE00-FED5939BC550}" = lport=445 | protocol=6 | dir=in | app=system |
"{31E7ACC9-9DF1-490C-BAB5-688EF5E80670}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=c:\windows\system32\svchost.exe |
"{4484C1B4-4559-48BD-A5D9-3D1327171609}" = lport=137 | protocol=17 | dir=in | app=system |
"{4519482D-8173-4CBE-9F6B-C69EA2AEDBCF}" = rport=3702 | protocol=17 | dir=out | svc=bits | app=c:\windows\system32\svchost.exe |
"{46161930-3601-4F49-A5DA-E07B38B28320}" = lport=rpc | protocol=6 | dir=in | svc=vds | app=c:\windows\system32\vds.exe |
"{4678B9AB-D840-4DD9-96C6-0BE1CDE286DF}" = lport=2178 | protocol=6 | dir=in | app=system |
"{48494A11-6A2C-45DD-BB00-F6C5AFC1816E}" = lport=rpc | protocol=6 | dir=in | svc=ktmrm | app=c:\windows\system32\svchost.exe |
"{4FBED585-FE2C-4F3D-B6C7-C383F4E8F7BC}" = lport=554 | protocol=6 | dir=in | app=c:\windows\ehome\ehshell.exe |
"{551A8EE4-3437-46D9-8A2A-0F87A0281903}" = lport=rpc-epmap | protocol=6 | dir=in | svc=rpcss | name=@firewallapi.dll,-28539 |
"{5A8ED024-5B80-4C86-AB3A-B4FC7A85CD00}" = lport=2177 | protocol=17 | dir=in | svc=qwave | app=c:\windows\system32\svchost.exe |
"{5EFBFD02-627B-480D-BD70-02BEEE8FB70F}" = lport=443 | protocol=6 | dir=in | app=system |
"{5F87C055-C165-4547-8A8C-AF0C04CB4F53}" = lport=3587 | protocol=6 | dir=in | svc=p2psvc | app=c:\windows\system32\svchost.exe |
"{63FFA390-0919-46F6-9792-7558AD37F7B8}" = rport=3540 | protocol=17 | dir=out | svc=pnrpsvc | app=c:\windows\system32\svchost.exe |
"{6406C504-07B0-4743-AD77-AEF287754416}" = lport=445 | protocol=6 | dir=in | app=system |
"{667285AF-530A-44D3-9A61-8F31F6CB0FA9}" = rport=5358 | protocol=6 | dir=out | app=system |
"{67CD9F97-EBED-438C-931D-9BBD6287F964}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=c:\windows\system32\svchost.exe |
"{68448D7E-06ED-468C-B63C-09CC640AE162}" = rport=138 | protocol=17 | dir=out | app=system |
"{76116FDB-8392-4850-B620-84BEE0A7E9A0}" = lport=2869 | protocol=6 | dir=in | app=system |
"{7AC00DDD-D5BD-4A96-9852-7C2A44EC805C}" = lport=2177 | protocol=6 | dir=in | svc=qwave | app=c:\windows\system32\svchost.exe |
"{7AD4107B-FB47-4CE1-B09E-D1249C549217}" = rport=2178 | protocol=6 | dir=out | app=system |
"{7C6A5727-EE23-448C-AECD-049DC596CA4A}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=c:\windows\system32\svchost.exe |
"{7D0887A0-43DE-4B05-B177-A4D86A9EA486}" = rport=2177 | protocol=17 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{7EB9613C-5826-47C2-9C49-ADA46206BD80}" = rport=2177 | protocol=6 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{8B1EAC4F-DAEE-402F-80AA-26FC121F6E0B}" = rport=3702 | protocol=17 | dir=out | app=c:\windows\system32\p2phost.exe |
"{923DC43A-1F0C-4F70-9721-B664A9180A96}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=c:\windows\system32\svchost.exe |
"{96229ABB-0170-48D7-94BE-6E907D6ADB1E}" = lport=3540 | protocol=17 | dir=in | svc=pnrpsvc | app=c:\windows\system32\svchost.exe |
"{9DB29835-C9C6-4901-9806-B7E26D075DF0}" = lport=rpc-epmap | protocol=6 | dir=in | svc=rpcss | app=c:\windows\system32\svchost.exe |
"{A1DB05B0-7921-4A3F-B7B5-C7E3AD46014A}" = lport=3540 | protocol=17 | dir=in | svc=pnrpsvc | app=c:\windows\system32\svchost.exe |
"{A4A9A3A1-D4C3-45F8-B5B9-E0A730044EBB}" = lport=1723 | protocol=6 | dir=in | app=system |
"{A7A630DC-461E-4102-B1FC-9411E1823556}" = lport=3702 | protocol=17 | dir=in | svc=bits | app=c:\windows\system32\svchost.exe |
"{AB542126-F6ED-4F66-A811-2B3F6C5A284E}" = rport=3540 | protocol=17 | dir=out | svc=pnrpsvc | app=c:\windows\system32\svchost.exe |
"{ABE90B8E-F96F-4B67-971E-F69C2F8622EB}" = rport=137 | protocol=17 | dir=out | app=system |
"{B075176B-8B07-4796-8B32-FC269B0DC942}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=c:\windows\system32\svchost.exe |
"{B24F6D57-0AFF-4D26-B926-C0FBE048DA63}" = lport=rpc-epmap | protocol=6 | dir=in | svc=rpcss | app=c:\windows\system32\svchost.exe |
"{B281AF30-0D81-48B5-97D3-6C2B0BE291D4}" = lport=rpc | protocol=6 | dir=in | svc=bits | app=c:\windows\system32\svchost.exe |
"{B3FE9E04-893B-4A64-9A64-6FFE3F03CE08}" = lport=rpc-epmap | protocol=6 | dir=in | svc=rpcss | app=c:\windows\system32\svchost.exe |
"{B4B19C0C-9682-45AE-B194-6745D4872F95}" = rport=10244 | protocol=6 | dir=out | app=system |
"{B4E47337-8D99-4BFE-B46E-8A27768178BE}" = rport=2177 | protocol=6 | dir=out | svc=qwave | app=c:\windows\system32\svchost.exe |
"{B574143D-59E2-46B6-9075-ABD9CF5142A9}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{B57F88C5-D3AD-46C6-A7A6-F64C66A5366E}" = rport=5357 | protocol=6 | dir=out | app=system |
"{B73C1CB5-C854-45F9-9C2F-B3349987B677}" = lport=rpc | protocol=6 | dir=in | app=c:\windows\system32\vdsldr.exe |
"{B7480297-8857-4061-BE1C-5A34C6327821}" = lport=135 | protocol=6 | dir=in | svc=rpcss | app=c:\windows\system32\svchost.exe |
"{B7896275-4170-45F5-A789-F17202BA0509}" = lport=10243 | protocol=6 | dir=in | app=system |
"{B802D91E-C390-420E-A1E5-ED5731E0086B}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=c:\windows\system32\svchost.exe |
"{C29583EF-E729-49DA-8EE7-25ADF1D15827}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=c:\windows\system32\svchost.exe |
"{C41AC74A-645A-4C95-87FF-25DB26062E40}" = lport=139 | protocol=6 | dir=in | app=system |
"{C51FA661-C2CC-4A78-A6DD-52EF8AE9B084}" = lport=2177 | protocol=17 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{D30A1273-E6A1-4059-B0C1-4D680944B960}" = lport=54925 | protocol=17 | dir=in | name=brothernetwork scanner |
"{D396F231-97CC-4096-B248-20F1CA8E0206}" = lport=1701 | protocol=17 | dir=in | app=system |
"{D8F5C5D6-C0EA-467B-8415-3BDD3B445222}" = rport=445 | protocol=6 | dir=out | app=system |
"{DB01158B-408D-4A79-AED7-E2B0EF7B5F15}" = lport=443 | protocol=6 | dir=in | app=system |
"{DEEF28BE-A462-47E6-BF7F-C8AEF419864E}" = rport=1701 | protocol=17 | dir=out | app=system |
"{E3C8568D-4133-45C8-80F6-D9538D563F9C}" = lport=138 | protocol=17 | dir=in | app=system |
"{E485FDCD-F930-4B79-98E0-8BA21F87B190}" = lport=5722 | protocol=6 | dir=in | svc=dfsr | app=c:\windows\system32\dfsr.exe |
"{E65413C9-8482-426E-8BDC-444A37252E14}" = lport=10244 | protocol=6 | dir=in | app=system |
"{EB081A00-2E6D-42B6-88FE-1CAA112690C0}" = lport=3702 | protocol=17 | dir=in | app=c:\windows\system32\p2phost.exe |
"{F3B9912E-CB9A-4614-96DC-5CED0E5391EE}" = rport=3587 | protocol=6 | dir=out | svc=p2psvc | app=c:\windows\system32\svchost.exe |
"{F8C32060-E8F7-48E0-BBA2-4EBAB856A771}" = lport=2869 | protocol=6 | dir=in | app=system |
"{FCA90AE8-7D55-45FB-97F9-2CE449CBBCBB}" = lport=rpc | protocol=6 | dir=in | svc=spooler | app=%systemroot%\system32\spoolsv.exe |
========== Vista Active Application Exception List ==========
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{04F9B129-D974-445A-B93B-D09188499BF9}" = protocol=6 | dir=in | app=d:\tomtomhome2\tomtomhome.exe |
"{061448A8-D7BD-4E0E-9D10-AAD18F809536}" = protocol=6 | dir=in | app=c:\windows\system32\plasrv.exe |
"{0BA49DF1-EFD1-4387-990B-607B41704021}" = protocol=58 | dir=in | name=@firewallapi.dll,-28545 |
"{0D66A5CE-1D70-4170-9CB4-4C6E52DFB370}" = protocol=6 | dir=out | app=system |
"{129E9A15-2298-4E14-8288-161C234779F8}" = protocol=17 | dir=in | app=c:\program files\brother\brmfl08b\faxrx.exe |
"{21FF1FE9-6865-444B-BA04-A6A44CB9F252}" = protocol=17 | dir=in | app=d:\tomtomhome2\poiedit_manager\mypoimanager.exe |
"{2D9E6E6A-50EA-457B-AD78-FA03FB684177}" = protocol=6 | dir=in | app=c:\program files\brother\brmfl08b\brscutil.exe |
"{2FBBF694-28D3-4284-B0CC-0AB47C6E2C82}" = protocol=6 | dir=in | svc=winmgmt | app=c:\windows\system32\svchost.exe |
"{330257D6-9A31-4119-B667-D08D756D7085}" = protocol=17 | dir=in | app=c:\samsungpcstudio\npsvsvr.exe |
"{48CFC94D-CB23-4453-B885-DFF56BB86311}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{4BEC356E-E2C1-4A13-B200-C62CC3C30E6F}" = protocol=6 | dir=in | app=c:\windows\system32\msdtc.exe |
"{51C8DF18-FA0D-44BE-AB89-EECCF1386C00}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe |
"{53B6C5CD-7CDE-43EA-91D9-F6E9049E4ECC}" = protocol=17 | dir=out | app=c:\windows\ehome\ehshell.exe |
"{578FF1AE-1352-414C-B248-3F11F9D89768}" = protocol=6 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe |
"{58AE3C15-D734-475E-B8FC-1E35244631D6}" = protocol=6 | dir=out | svc=winmgmt | app=c:\windows\system32\svchost.exe |
"{640A1E0F-C651-4DEB-B6BC-A597EC0366D0}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe |
"{67495994-3D57-45AD-99E5-F876E6ED9251}" = protocol=6 | dir=in | app=c:\program files\bluetooth\bluesoleil\bluesoleilcs.exe |
"{6E5B5AED-9138-4DBB-BAD7-39B71CF6E50C}" = protocol=6 | dir=out | app=c:\program files\windows collaboration\wincollab.exe |
"{72D4842D-3AA8-45F2-8831-CDBD907E8FCB}" = protocol=6 | dir=in | app=c:\samsungpcstudio\npsasvr.exe |
"{7ADACCB9-D490-4A00-BE2F-E8B34D72B14F}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{7D8EFE8A-946A-4A78-9531-A3DF6BB93E1E}" = protocol=17 | dir=in | app=c:\samsungpcstudio\npsasvr.exe |
"{89796D89-7A77-4606-9BFE-B58466D7E0DD}" = protocol=6 | dir=in | svc=msiscsi | app=c:\windows\system32\svchost.exe |
"{8ABAD532-2E0A-4377-8BC4-5610B2C70333}" = protocol=6 | dir=out | app=c:\windows\system32\p2phost.exe |
"{8B817D20-54B0-45DE-843F-0F281FCA164E}" = protocol=6 | dir=out | app=c:\windows\ehome\mcx2prov.exe |
"{9011EFBE-062A-4A51-8677-E14FC1F6C79F}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe |
"{92FC1989-9FA6-43DD-B5BA-F8777DA8B00C}" = protocol=6 | dir=in | app=c:\samsungpcstudio\npsvsvr.exe |
"{9DA26198-5291-4193-AF86-32BC3DA86B3C}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{A04FC023-9260-44FB-B0FB-B952913B74B8}" = protocol=6 | dir=out | app=c:\windows\system32\wudfhost.exe |
"{A28E5E8B-BFF9-471A-9FC8-F95884E1A534}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{A6C3BAA6-ECF4-48F8-935E-5585911BFEF7}" = protocol=1 | dir=in | name=@firewallapi.dll,-28543 |
"{A875B7E5-CBCB-462C-B201-02E93795BDF5}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe |
"{A880D1BD-E4C2-4395-956B-47191C9B6FF5}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe |
"{B605D757-A24C-42DA-AF7A-EDF9119D894B}" = protocol=6 | dir=in | app=c:\program files\windows collaboration\wincollab.exe |
"{B7333AE9-40C6-47E7-AAC2-995DFA667ED5}" = protocol=17 | dir=in | app=c:\program files\bluetooth\bluesoleil\bluesoleilcs.exe |
"{BAEE77E4-6A1D-4718-B71C-8B3200FAED4B}" = protocol=6 | dir=out | app=system |
"{C5BBC0BC-B1BC-4C43-B79C-8B6C7DF772D5}" = protocol=17 | dir=in | app=c:\program files\brother\brmfl08b\brscutil.exe |
"{CC1A7A39-98E9-4B54-8A87-81A4BADF076A}" = protocol=17 | dir=out | app=c:\program files\windows collaboration\wincollab.exe |
"{CCA8B261-FA02-462C-B24F-A235866ACFA6}" = protocol=6 | dir=in | app=c:\windows\system32\p2phost.exe |
"{CD5BA620-BBF7-4E39-9BE7-8F8CD75A8285}" = protocol=58 | dir=out | name=@firewallapi.dll,-28546 |
"{CF15445A-D749-4212-8F97-9B53CD9E02E9}" = protocol=6 | dir=out | svc=msiscsi | app=c:\windows\system32\svchost.exe |
"{D2608DCF-496E-4195-9401-443A6546E323}" = protocol=6 | dir=out | svc=upnphost | app=c:\windows\system32\svchost.exe |
"{D458574E-B561-47D6-91DA-6CB76C753BF7}" = protocol=6 | dir=in | app=c:\windows\system32\wbem\unsecapp.exe |
"{D82C0AFA-C4F2-49C2-AE8A-FFB620876E4F}" = protocol=6 | dir=out | svc=upnphost | app=%systemroot%\system32\svchost.exe |
"{D98C0201-96E9-435E-B23B-7E93CFFDAE12}" = protocol=1 | dir=out | name=@firewallapi.dll,-28544 |
"{DB99AF0B-C3D8-401B-B8BC-1C2295FCC341}" = protocol=6 | dir=in | app=c:\program files\brother\brmfl08b\faxrx.exe |
"{DC79FC36-D44B-4BAE-A0D0-4DB263B463E0}" = protocol=6 | dir=in | app=d:\tomtomhome2\poiedit_manager\mypoimanager.exe |
"{E45F3597-42AA-43D9-A6F7-51B241D9E052}" = protocol=6 | dir=out | app=c:\windows\ehome\ehshell.exe |
"{E6FDAD51-1A6F-45EF-A3D4-693717285F07}" = protocol=6 | dir=out | app=c:\windows\system32\msdtc.exe |
"{EB31F3E6-FF20-4BB4-96F2-2D023D0A41F5}" = protocol=6 | dir=out | svc=mcx2svc | app=c:\windows\system32\svchost.exe |
"{EC24C1D2-EE8C-4F73-9EE9-BDC524BB40AB}" = protocol=17 | dir=in | app=c:\program files\windows collaboration\wincollab.exe |
"{F1595F83-DF99-4447-8B1B-FFEBA7E9B741}" = protocol=17 | dir=in | app=d:\tomtomhome2\tomtomhome.exe |
"TCP Query User{3833217A-A628-4F50-B4BD-2AA969E72101}C:\program files\common files\nokia\service layer\a\nsl_host_process.exe" = protocol=6 | dir=in | app=c:\program files\common files\nokia\service layer\a\nsl_host_process.exe |
"TCP Query User{52916C38-8E63-4C18-B33E-8D08B2454004}C:\program files\common files\nokia\service layer\a\nsl_host_process.exe" = protocol=6 | dir=in | app=c:\program files\common files\nokia\service layer\a\nsl_host_process.exe |
"TCP Query User{6C0A8F47-5A72-4BE8-B6AD-BA04FA21881D}C:\program files\nokia\nokia software updater\nsu_ui_client.exe" = protocol=6 | dir=in | app=c:\program files\nokia\nokia software updater\nsu_ui_client.exe |
"TCP Query User{A8C79AB3-A44A-4CDD-8951-384CABB6C8A1}C:\program files\google\google earth\client\googleearth.exe" = protocol=6 | dir=in | app=c:\program files\google\google earth\client\googleearth.exe |
"TCP Query User{F4B8FEE7-AB6B-47C8-B9CA-5F2F91C1A345}C:\program files\nokia\nokia software updater\nsu_ui_client.exe" = protocol=6 | dir=in | app=c:\program files\nokia\nokia software updater\nsu_ui_client.exe |
"UDP Query User{735BC4B5-1451-44DE-A389-EA3B025E28E1}C:\program files\common files\nokia\service layer\a\nsl_host_process.exe" = protocol=17 | dir=in | app=c:\program files\common files\nokia\service layer\a\nsl_host_process.exe |
"UDP Query User{CCE84ADA-E91A-4123-AC86-8FFE465C7E36}C:\program files\nokia\nokia software updater\nsu_ui_client.exe" = protocol=17 | dir=in | app=c:\program files\nokia\nokia software updater\nsu_ui_client.exe |
"UDP Query User{DEB7E2CB-8C1D-4B69-AA44-140688BCB941}C:\program files\google\google earth\client\googleearth.exe" = protocol=17 | dir=in | app=c:\program files\google\google earth\client\googleearth.exe |
"UDP Query User{E91B5EB6-BA5F-4722-81B2-2E517B6C1B7D}C:\program files\common files\nokia\service layer\a\nsl_host_process.exe" = protocol=17 | dir=in | app=c:\program files\common files\nokia\service layer\a\nsl_host_process.exe |
"UDP Query User{F9F70862-719D-4CB0-9786-4137A5D58F18}C:\program files\nokia\nokia software updater\nsu_ui_client.exe" = protocol=17 | dir=in | app=c:\program files\nokia\nokia software updater\nsu_ui_client.exe |
========== HKEY_LOCAL_MACHINE Uninstall List ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{002D9D5E-29BA-3E6D-9BC4-3D7D6DBC735C}" = Microsoft Visual C++ 2008 ATL Update kb973924 - x86 9.0.30729.4148
"{052FDD78-A6EA-3187-8386-C82F4CA3A929}" = Microsoft .NET Framework 3.5 Language Pack SP1 - deu
"{0A0CADCF-78DA-33C4-A350-CD51849B9702}" = Microsoft .NET Framework 4 Extended
"{0C6DB6B9-2D17-4AA5-A207-42D28BF9F434}" = MyPoi Manager
"{0E0DF90C-D0BA-4C89-9262-AD78D1A3DE51}" = HP USB Disk Storage Format Tool
"{10B75CF6-5A54-4D7B-9169-70AD17181DE1}_is1" = Oxin's Style! 3D Sexvilla 2.058.002
"{26921B2E-3E62-47F9-A514-1FC4A83BD738}" = Intel(R) PROSet/Wireless WiFi Software
"{26A24AE4-039D-4CA4-87B4-2F83216020FF}" = Java(TM) 6 Update 22
"{3C3901C5-3455-3E0A-A214-0B093A5070A6}" = Microsoft .NET Framework 4 Client Profile
"{4216D328-0FE8-48B8-85B8-BD300E6F080F}" = Nokia Connectivity Cable Driver
"{4286E640-B5FB-11DF-AC4B-005056C00008}" = Google Earth
"{45D4F727-43B5-49CD-B474-B9866A8F4FB8}" = Nokia Map Loader
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{4BB1DCED-84D3-47F9-B718-5947E904593E}" = Bison Webcam
"{4D568C38-0552-4CDD-A643-01FAFA2957EF}" = Nokia Software Updater
"{4EF42AFA-60CB-4745-84FF-C744FF7FAAC4}" = calibre
"{6D3245B1-8DB8-4A23-9CD2-2C90F40ABAF6}" = MSVC80_x86_v2
"{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}" = Microsoft Visual C++ 2005 Redistributable
"{73DB9180-4D0C-11DF-A8BB-005056C00008}" = WD Align System Utility 2.0 (Retail) - Powered By Paragon™
"{770657D0-A123-3C07-8E44-1C83EC895118}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
"{78C873AD-946A-4629-92AE-B153FEA8A989}" = locr GPS Photo
"{837b34e3-7c30-493c-8f6a-2b0f04e2912c}" = Microsoft Visual C++ 2005 Redistributable
"{86CE85E6-DBAC-3FFD-B977-E4B79F83C909}" = Microsoft Visual C++ 2008 Redistributable - KB2467174 - x86 9.0.30729.5570
"{8833FFB6-5B0C-4764-81AA-06DFEED9A476}" = Realtek 8169 8168 8101E 8102E Ethernet Driver
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{8EA79DBF-D637-448A-89D6-410A087A4493}" = Samsung_MonSetup
"{8F3C31C5-9C3A-4AA8-8EFA-71290A7AD533}" = TomTom HOME Visual Studio Merge Modules
"{8FC4F1DD-F7FD-4766-804D-3C8FF1D309AF}" = Azurewave Wireless LAN
"{90120000-0020-0407-0000-0000000FF1CE}" = Compatibility Pack für 2007 Office System
"{90260407-6000-11D3-8CFE-0050048383C9}" = Microsoft Office XP Web Components
"{90280407-6000-11D3-8CFE-0050048383C9}" = Microsoft Office XP Professional mit FrontPage
"{9068B2BE-D93A-4C0A-861C-5E35E2C0E09E}" = Intel(R) Matrix Storage Manager
"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
"{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
"{A7D5787B-3A91-4433-A753-CFE520671683}" = Acronis True Image WD Edition
"{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper
"{AC76BA86-7AD7-1031-7B44-A94000000001}" = Adobe Reader 9.4.5 - Deutsch
"{AC76BA86-7AD7-5464-3428-900000000004}" = Spelling Dictionaries Support For Adobe Reader 9
"{C911A0C2-2236-3164-AA47-F2566C01AE5E}" = Microsoft .NET Framework 4 Extended DEU Language Pack
"{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1
"{D0795B21-0CDA-4a92-AB9E-6E92D8111E44}" = SAMSUNG USB Driver for Mobile Phones
"{D4AEC53C-1720-41D9-B6D7-6A60DE62D444}" = PC Connectivity Solution
"{D9461574-5FC0-4641-BBDC-D1038B196F55}" = Brother MFL-Pro Suite MFC-490CW
"{DC24971E-1946-445D-8A82-CE685433FA7D}" = Realtek USB 2.0 Card Reader
"{E239F8B2-AE00-467D-9F05-47C8E1FAAFA7}" = WD Align - Powered by Acronis
"{E28B1E6F-E0AA-4228-AB89-DB4A0C89D426}" = AVerTV
"{E934E2A2-BE3B-4C1A-A3D9-753FFB2B38B4}" = WD Drive Manager (x86)
"{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver
"{F193FC0E-9E18-40FC-A974-509A1BDD240A}" = Samsung New PC Studio
"{F38FD0E4-B991-462B-873D-F2115EADD093}" = Nokia PC Suite
"{F750C986-5310-3A5A-95F8-4EC71C8AC01C}" = Microsoft .NET Framework 4 Client Profile DEU Language Pack
"{FF66E9F6-83E7-3A3E-AF14-8DE9A809A6A4}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022
"504244733D18C8F63FF584AEB290E3904E791693" = Windows-Treiberpaket - Nokia pccsmcfd (08/22/2008 7.0.0.0)
"7-Zip" = 7-Zip 4.65
"Adobe Flash Player ActiveX" = Adobe Flash Player 10 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 10 Plugin
"Adobe SVG Viewer" = Adobe SVG Viewer 3.0
"Aspell English Dictionary_is1" = Aspell English Dictionary-0.50-2
"Aspell German Dictionary_is1" = Aspell German Dictionary-0.50-2
"AVerMedia A827 series driver" = AVerMedia A827 series driver 1.0.0.88
"AVerMedia MCE Encoder x86" = AVerMedia MCE Encoder x86 3.0.1.5
"AVerMedia Media Center Plug-ins" = AVerMedia Media Center Plug-ins 20.09.02.02
"Avira AntiVir Desktop" = Avira AntiVir Premium
"CCleaner" = CCleaner
"Defraggler" = Defraggler
"Digital Editions" = Adobe Digital Editions
"ElsaWin" = ElsaWin
"ETKA" = ETKA
"FinePrint" = FinePrint
"GNU Aspell_is1" = GNU Aspell 0.50-3
"InfraRecorder" = InfraRecorder
"InstallShield_{E28B1E6F-E0AA-4228-AB89-DB4A0C89D426}" = AVerTV
"InstallShield_{F193FC0E-9E18-40FC-A974-509A1BDD240A}" = Samsung New PC Studio
"IsoBuster_is1" = IsoBuster 2.0
"Malwarebytes' Anti-Malware_is1" = Malwarebytes' Anti-Malware Version 1.51.1.1800
"MaxPunkte_is1" = MaxPunkte Ver. 6.2.5
"Microsoft .NET Framework 3.5 Language Pack SP1 - deu" = Microsoft .NET Framework 3.5 Language Pack SP1 - DEU
"Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1
"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile
"Microsoft .NET Framework 4 Client Profile DEU Language Pack" = Microsoft .NET Framework 4 Client Profile DEU Language Pack
"Microsoft .NET Framework 4 Extended" = Microsoft .NET Framework 4 Extended
"Microsoft .NET Framework 4 Extended DEU Language Pack" = Microsoft .NET Framework 4 Extended DEU Language Pack
"Mobile Partner" = Mobile Partner
"Mozilla Firefox (3.6.17)" = Mozilla Firefox (3.6.17)
"Nokia PC Suite" = Nokia PC Suite
"Notepad++" = Notepad++
"NVIDIA Drivers" = NVIDIA Drivers
"pdfFactory Pro" = pdfFactory Pro
"PhotoZoom Classic 2" = BenVista PhotoZoom Classic 2.0
"ProInst" = Intel PROSet Wireless
"Recuva" = Recuva
"Send To Toys_is1" = Send To Toys v2.5
"SLABCOMM&10C4&EA60" = Silicon Laboratories CP210x USB to UART Bridge (Driver Removal)
"SnadBoy's Revelation v2" = SnadBoy's Revelation v2
"TomTom HOME" = TomTom HOME 2.8.2.2264
"UltraISO_is1" = UltraISO Premium V9.36
"VLC media player" = VLC media player 1.0.1
"X10Hardware" = X10 Hardware(TM)
========== Last 10 Event Log Errors ==========
[ Application Events ]
Error - 03.09.2011 01:31:18 | Computer Name = &&& | Source = Avira AntiVir | ID = 4117
Description = Die Lizenzdatei enthält keine gültige Lizenz. Der Dienst wird beendet!
Error - 03.09.2011 01:31:48 | Computer Name = &&& | Source = Avira AntiVir | ID = 4110
Description = Während der Initialisierung der Suchengine trat ein unbekannter Fehler
auf! Fehlercode: 0x35
Error - 03.09.2011 01:31:50 | Computer Name = &&& | Source = Avira AntiVir | ID = 4117
Description = Die Lizenzdatei enthält keine gültige Lizenz. Der Dienst wird beendet!
Error - 03.09.2011 01:52:42 | Computer Name = &&& | Source = Microsoft-Windows-CAPI2 | ID = 131083
Description =
Error - 03.09.2011 01:52:42 | Computer Name = &&& | Source = Microsoft-Windows-CAPI2 | ID = 131083
Description =
Error - 03.09.2011 01:52:53 | Computer Name = &&& | Source = Microsoft-Windows-CAPI2 | ID = 131083
Description =
Error - 03.09.2011 01:52:54 | Computer Name = &&& | Source = Microsoft-Windows-CAPI2 | ID = 131083
Description =
Error - 06.09.2011 02:22:20 | Computer Name = &&& | Source = WinMgmt | ID = 10
Description =
Error - 06.09.2011 02:22:23 | Computer Name = &&& | Source = Microsoft-Windows-CAPI2 | ID = 131083
Description =
Error - 06.09.2011 02:38:49 | Computer Name = &&& | Source = SideBySide | ID = 16842785
Description = Fehler beim Generieren des Aktivierungskontextes für "C:\Users\Public\Downloads\dfsetup200\Defraggler64.exe".
Die
abhängige Assemblierung "Microsoft.Windows.Common-Controls,language="*",processorArchitecture="amd64",publicKeyToken="6595b64144ccf1df",type="win32",version="6.0.0.0""
konnte nicht gefunden werden. Verwenden Sie für eine detaillierte Diagnose das Programm
"sxstrace.exe".
[ System Events ]
Error - 03.09.2011 00:50:35 | Computer Name = &&& | Source = Service Control Manager | ID = 7001
Description =
Error - 03.09.2011 01:10:32 | Computer Name = &&& | Source = Service Control Manager | ID = 7000
Description =
Error - 03.09.2011 01:10:32 | Computer Name = &&& | Source = Service Control Manager | ID = 7001
Description =
Error - 03.09.2011 01:10:32 | Computer Name = &&& | Source = Service Control Manager | ID = 7026
Description =
Error - 03.09.2011 01:28:00 | Computer Name = &&& | Source = Service Control Manager | ID = 7000
Description =
Error - 03.09.2011 01:28:00 | Computer Name = &&& | Source = Service Control Manager | ID = 7001
Description =
Error - 03.09.2011 01:28:00 | Computer Name = &&& | Source = Service Control Manager | ID = 7026
Description =
Error - 03.09.2011 01:31:18 | Computer Name = &&& | Source = Service Control Manager | ID = 7001
Description =
Error - 06.09.2011 02:22:23 | Computer Name = &&& | Source = Service Control Manager | ID = 7000
Description =
Error - 06.09.2011 02:22:23 | Computer Name = &&& | Source = Service Control Manager | ID = 7026
Description =
< End of report >
[/code] P.S.: OTL- Scann für ALLE B.Konten! SUPERAntiSpyware FREE Edition scan läuft bis Mittagspause (hope so) Grüße nach Wien.. |
|
06.09.2011, 23:24
| #10 | |
| |  Wie bei Vista nach BKA-Winlock den MBR neu schreiben und freie Blöcke auf HD formatieren? SUPERAntiSpyware fand nur google- cockies (harmlose) soll ich nun dein otl-script anwenden? >  Zitat:
|
|
07.09.2011, 06:07
| #11 | |
| /// Helfer-Team | Wie bei Vista nach BKA-Winlock den MBR neu schreiben und freie Blöcke auf HD formatieren? Ja, aus Posting #4 - 1., und 2., noch ausführen Zitat:
__________________ Warnung!: Vorsicht beim Rechnungen per Email mit ZIP-Datei als Anhang! Kann mit einen Verschlüsselungs-Trojaner infiziert sein! Anhang nicht öffnen, in unserem Forum erst nachfragen! Sichere regelmäßig deine Daten, auf CD/DVD, USB-Sticks oder externe Festplatten, am besten 2x an verschiedenen Orten! Bitte diese Warnung weitergeben, wo Du nur kannst! |
|
10.09.2011, 06:27
| #12 |
| /// Helfer-Team | Wie bei Vista nach BKA-Winlock den MBR neu schreiben und freie Blöcke auf HD formatieren? bitte kein PN, stell deine Fragen gleich hier in deinem Thread! Posting #11 - bitte nochmal gründlich lesen, steht da was Du noch erledigen musst!
__________________ Warnung!: Vorsicht beim Rechnungen per Email mit ZIP-Datei als Anhang! Kann mit einen Verschlüsselungs-Trojaner infiziert sein! Anhang nicht öffnen, in unserem Forum erst nachfragen! Sichere regelmäßig deine Daten, auf CD/DVD, USB-Sticks oder externe Festplatten, am besten 2x an verschiedenen Orten! Bitte diese Warnung weitergeben, wo Du nur kannst! |
|
| Themen zu Wie bei Vista nach BKA-Winlock den MBR neu schreiben und freie Blöcke auf HD formatieren? |
| abgesicherter modus mit eingabeaufforderung, alten, aufsetzen, bereich, bka- winlock, blöcke, booten, defraggler, dr.web, eingabeaufforderung, eingefangen, entfernt, formatieren, formatieren?, heute, mbrtool, modus, neu, neu aufsetzen, rechner, scan, scannen, sicherheit, tan, tool, unbedingt, verschieben, virus, vista, winlock |
.
Linear-Darstellung
