Zurück   Trojaner-Board > Malware entfernen > Plagegeister aller Art und deren Bekämpfung

Plagegeister aller Art und deren Bekämpfung: TR/Spy.Web.H und windows-virus w32/Indus.A

Windows 7 Wenn Du nicht sicher bist, ob Du dir Malware oder Trojaner eingefangen hast, erstelle hier ein Thema. Ein Experte wird sich mit weiteren Anweisungen melden und Dir helfen die Malware zu entfernen oder Unerwünschte Software zu deinstallieren bzw. zu löschen. Bitte schildere dein Problem so genau wie möglich. Sollte es ein Trojaner oder Viren Problem sein wird ein Experte Dir bei der Beseitigug der Infektion helfen.

Antwort
Alt 28.09.2011, 14:55   #1
julianes
 
TR/Spy.Web.H und windows-virus w32/Indus.A - Standard

TR/Spy.Web.H und windows-virus w32/Indus.A



Guten Tag,

ich glaube ich habe exakt das gleiche Problem wie 'Bitterschoki', welches hier unter dem Titel:
*"TR/Spy.Web.H und windows-virus w32/Indus.A, schwarzer Bildschirm, scheinbar alle Dateien weg"
zu finden ist. Es wurde gestern von 'kira' beantwortet.
Ich habe Fragen zu dem in dem thread beschriebenen Lösungsweg.
Ich möchte Sie gerne um Hilfe bitten, habe leider gar keine Ahnung von PCs und Angst, alles noch schlimmer zu machen.

Avira hat bei mir am 28.9. um 12:50 Uhr "TR/Spy.Web.H" gefunden und sagt, dass das in Quarantäne ist. Der Befall bezieht sich auf " 'C:\Users\July\AppData\Roaming\Microsoft\Protect\espa.kk'".
Außerdem habe ich gerade entdeckt, dass seit 9.7.2010 eine weitere Datei in Quarantäne ist, welche laut Avira den Code des Windows-Virus W32/Induc.A enthält. Hier ist als Quelle: "D:\download\qip8094.exe" angegeben.

Mein Laptop hat seit der Meldung von heute die selben Symptome wie in dem oben genannten Thread.
Ich habe auch so eine email von "eilservice@deutschepost.de" geöffnet, das ist jedoch schon ca. 2 bis 3 Wochen her.
Mein Laptop hat bis heute 12:50 Uhr normal funktioniert. Jedenfalls schien es so.

Ich wollte nun, wie in der Antwort im Thread beschrieben, die SWH ausprobieren.
Hier meine Fragen dazu:

1. Welches Datum soll ich für die SWH wählen? Der Rechner funktionierte ja bis heute noch, aber infiziert ist er ja möglicherweise schon seit ein paar Wochen?

2. Könnten Sie bei mir, so wie in dem Thread, bitte auch mit dem Systemscan mit OTL und dem CC-Cleaner nachschauen, falls das sinnvoll wäre?

4. Ich bekomme (auch seit heute) immer eine Meldung von Microsoft Windows (kleines Fenster öffnet sich mit): "Catalyst Control Centre: Host application funktioniert nicht mehr. Das Programm wird aufgrund eines Problems nicht richtig ausgeführt. Das Programm wird geschlossen und Sie werden benachrichtigt, wenn eine Lösung verfügbar ist" mit einem Kästchen "Programm schließen".
Was ist hier zu tun?

Vielen Dank im Voraus!
herzliche Grüße,
Juliane

Geändert von julianes (28.09.2011 um 15:25 Uhr)

Alt 29.09.2011, 08:21   #2
kira
/// Helfer-Team
 
TR/Spy.Web.H und windows-virus w32/Indus.A - Standard

TR/Spy.Web.H und windows-virus w32/Indus.A



Hallo und Herzlich Willkommen!

Bevor wir unsere Zusammenarbeit beginnen, [Bitte Vollständig lesen]:
Zitat:
  • "Fernbehandlungen/Fernhilfe" und die damit verbundenen Haftungsrisken:
    - da die Fehlerprüfung und Handlung werden über große Entfernungen durchgeführt, besteht keine Haftung unsererseits für die daraus entstehenden Folgen.
    - also, jede Haftung für die daraus entstandene Schäden wird ausgeschlossen, ANWEISUNGEN UND DEREN BEFOLGUNG, ERFOLGT AUF DEINE EIGENE VERANTWORTUNG!
  • Charakteristische Merkmale/Profilinformationen:
    - aus der verwendeten Loglisten oder Logdateien - wie z.B. deinen Realnamen, Seriennummer in Programm etc)- kannst Du herauslöschen oder durch [X] ersetzen
  • Die Systemprüfung und Bereinigung:
    - kann einige Zeit in Anspruch nehmen (je nach Art der Infektion), kann aber sogar so stark kompromittiert sein, so dass eine wirkungsvolle technische Säuberung ist nicht mehr möglich bzw Du es neu installieren musst
  • Ich empfehle Dir die Anweisungen erst einmal komplett durchzulesen, bevor du es anwendest, weil wenn du etwas falsch machst, kann es wirklich gefährlich werden. Wenn du meinen Anweisungen Schritt für Schritt folgst, kann eigentlich nichts schief gehen.
  • Innerhalb der Betreuungszeit:
    - ohne Abspräche bitte nicht auf eigene Faust handeln!- bei Problemen nachfragen.
  • Die Reihenfolge:
    - genau so wie beschrieben bitte einhalten, nicht selbst die Reihenfolge wählen!
  • GECRACKTE SOFTWARE werden hier nicht geduldet!!!!
  • Ansonsten unsere Forumsregeln:
    - Bitte erst lesen, dann posten!-> Für alle Hilfesuchenden! Was muss ich vor der Eröffnung eines Themas beachten?
  • Alle Logfile mit einem vBCode Tag eingefügen, das bietet hier eine gute Übersicht, erleichtert mir die Arbeit! Falls das Logfile zu groß, teile es in mehrere Teile auf.

Sobald Du diesen Einführungstext gelesen hast, kannst Du beginnen
Für Vista und Win7:
Wichtig: Alle Befehle bitte als Administrator ausführen! rechte Maustaste auf die Eingabeaufforderung und "als Administrator ausführen" auswählen
Auf der angewählten Anwendung einen Rechtsklick (rechte Maustaste) und "Als Administrator ausführen" wählen!

Zitat:
Zitat von julianes Beitrag anzeigen
1. Welches Datum soll ich für die SWH wählen? Der Rechner funktionierte ja bis heute noch, aber infiziert ist er ja möglicherweise schon seit ein paar Wochen?
Die älteste, was angeboten wird
Ich habe zwei Vorschläge: :

1.
Wenn du glaubst zu kennen die Zeitpunkt wo dein System noch einwandfrei funktioniert hat, die Systemwiederherstellung ist einen Versuch Wert!:

- Gibt es einen "relativ einfachen Weg",wenn eine frische Infektion vorliegt, oder mal bestimmte Probleme bekommt man auch gelöst, was man sogleich ausprobieren sollte. Dies bietet Dir die Möglichkeit, Systemänderungen am Computer ohne Auswirkung auf persönliche Dateien, wie z. B. E-Mails, Dokumente oder Fotos, rückgängig zu machen.
Zitat:
-> Systemwiederherstellung
► Bitte wähle das älteste verfügbare Datum für die Wiederherstellung von Windows aus, wo dein Rechner noch einwandfrei funktioniert hat!
  • Du musst dich als Administrator oder als Benutzer mit Administratorrechten anmelden.
  • Die Systemwiederherstellung lässt sich unter Windows Vista/XP/7 wie folgt aufrufen:
  • StartAlle ProgrammeZubehörSystemprogrammeSystemwiederherstellung
->Eine Schritt-für-Schritt-Anleitung zum Einsatz der Systemwiederherstellung unter Windows XP
->Systemwiederherstellung unter Windows Vista
->Unter Win 7
Falls nötig, kannst Du es im abgesicherten Modus auch tun - (Link bitte unbedingt anklicken & lesen!)
Die Systemwiederherstellung ist nur ein "Notlösung", das Problem wird damit nie 100%ig beseitigt, da dem Zeitpunkt des Eindringen des Trojaners nicht mehr feststellen kann. Aber man kann damit die Funktionsfähigkeit eines Computersystems erhöhen.
(Kannst noch immer bis zum heutigen Zeitpunkt rückgängig machen, falls liefert nicht das gewünschte Ergebnis)

berichte mir auch, ob die SWH funktioniert hat, bzw ob Du das System auf einen früheren Wiederherstellungspunkt zurückstellen können?

2.
Zitat:
Sollte die Systemwiederherstellung nicht funktionieren (Malware kann es verhindern):
- Du kannst auch noch die folgenden Methoden ausprobieren, um das Problem zu beheben.:-> Verwenden der letzten als funktionierend bekannten Konfiguration
3.
Systemscan mit OTL

Lade (falls noch nicht vorhanden) OTL von Oldtimer herunter und speichere es auf Deinem Desktop.
  • Doppelklick auf die OTL.exe
  • Vista und Windows 7 User: Rechtsklick auf die OTL.exe und "als Administrator ausführen" wählen.
  • Oben findest Du ein Kästchen mit Ausgabe.
    Wähle bitte Standard-Ausgabe
  • Unter Extra-Registrierung wähle bitte Benutze SafeList.
  • Mache Häckchen bei LOP- und Purity-Prüfung.
  • Klicke nun auf Scan links oben.


  • Wenn der Scan beendet wurde werden zwei Logfiles erstellt.
    Du findest die Logfiles auf Deinem Desktop => OTL.txt und Extras.txt
  • Poste die Logfiles in Code-Tags hier in den Thread.

4.
Ich würde gerne noch all deine installierten Programme sehen:
Lade dir das Tool CCleaner herunter
Download
installieren (Software-Lizenzvereinbarung lesen, falls angeboten wird "Füge CCleaner Yahoo! Toolbar hinzu" abwählen)→ starten→ falls nötig - unter Options settings-> "german" einstellen
dann klick auf "Extra (um die installierten Programme auch anzuzeigen)→ weiter auf "Als Textdatei speichern..."
wird eine Textdatei (*.txt) erstellt, kopiere dazu den Inhalt und füge ihn da ein

Zitat:
Damit dein Thread übersichtlicher und schön lesbar bleibt, am besten nutze den Code-Tags für deinen Post:
→ vor dein Log schreibst Du (also am Anfang des Logfiles):[code]
hier kommt dein Logfile rein - z.B hjtsanlist o. sonstiges
→ dahinter - also am Ende der Logdatei: [/code]
** Möglichst nicht ins internet gehen, kein Online-Banking, File-sharing, Chatprogramme usw
gruß
kira
__________________

__________________

Alt 29.09.2011, 18:01   #3
julianes
 
TR/Spy.Web.H und windows-virus w32/Indus.A - Standard

TR/Spy.Web.H und windows-virus w32/Indus.A



Hallo kira,

vielen Dank für die schnelle Antwort!

Die SWH hat nicht funktioniert, dann habe ich es nochmal mit dem nächstälteren Datum (auch wieder der 27.9.) versucht, was ebenfalls nicht ging. Es heißt, dass die "SWH nicht erfolgreich" war, Systemdateien und Einstellungen nicht geändert wurden. Und dass der Wiederherstellungszeitpunkt während der Wiederherstellung beschädigt oder gelöscht wurde.

Nun stehen wieder 5 Wiederherstellungszeitpunkte zur Auswahl, 3 für den 28.9. und 2 für den 29.9.--dies sind die zwei ausgeführten SWHen.

Unter Punkt 2. ("sollte die SWH nicht funktionieren.."), was ist da bitte mit "Verwenden der letzten als funktionierend bekannten Konfiguration" gemeint? Wenn ich das anklicke, öffnet sich ein Fenster mit den Trojaner-Board Forenregeln.

Sollte ich jetzt bei Punkt 3 weitermachen?

Bitte um Hilfe.
Vielen Dank und viele Grüße,
Juliane
__________________

Alt 30.09.2011, 05:26   #4
kira
/// Helfer-Team
 
TR/Spy.Web.H und windows-virus w32/Indus.A - Standard

TR/Spy.Web.H und windows-virus w32/Indus.A



Zitat:
Zitat von julianes Beitrag anzeigen
Unter Punkt 2. ("sollte die SWH nicht funktionieren.."), was ist da bitte mit "Verwenden der letzten als funktionierend bekannten Konfiguration" gemeint? Wenn ich das anklicke, öffnet sich ein Fenster mit den Trojaner-Board Forenregeln.
meinst hier?:-> http://windows.microsoft.com/de-AT/w...-Configuration
__________________

Warnung!:
Vorsicht beim Rechnungen per Email mit ZIP-Datei als Anhang! Kann mit einen Verschlüsselungs-Trojaner infiziert sein!
Anhang nicht öffnen, in unserem Forum erst nachfragen!

Sichere regelmäßig deine Daten, auf CD/DVD, USB-Sticks oder externe Festplatten, am besten 2x an verschiedenen Orten!
Bitte diese Warnung weitergeben, wo Du nur kannst!

Alt 30.09.2011, 07:12   #5
julianes
 
TR/Spy.Web.H und windows-virus w32/Indus.A - Standard

TR/Spy.Web.H und windows-virus w32/Indus.A



genau. danke, ich werde das versuchen.


Alt 30.09.2011, 16:02   #6
julianes
 
TR/Spy.Web.H und windows-virus w32/Indus.A - Standard

TR/Spy.Web.H und windows-virus w32/Indus.A



Hallo,

"Verwenden der letzten als funktionierend bekannten Konfiguration" hat keine Veränderung gebracht.

Hier die OTL.Txt Datei:


OTL Logfile:
Code:
ATTFilter
OTL logfile created on: 30.09.2011 15:40:16 - Run 1
OTL by OldTimer - Version 3.2.29.1     Folder = D:\download
Windows Vista Home Premium Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
 
3,00 Gb Total Physical Memory | 1,68 Gb Available Physical Memory | 56,06% Memory free
6,19 Gb Paging File | 4,96 Gb Available in Paging File | 80,15% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 43,95 Gb Total Space | 1,48 Gb Free Space | 3,37% Space Free | Partition Type: NTFS
Drive D: | 246,33 Gb Total Space | 46,53 Gb Free Space | 18,89% Space Free | Partition Type: NTFS
 
Computer Name: JULYSLAPTOP | User Name: July | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
 
========== Processes (SafeList) ==========
 
PRC - [2011.09.30 15:39:20 | 000,582,656 | ---- | M] (OldTimer Tools) -- D:\download\OTL(1).exe
PRC - [2011.09.28 13:00:02 | 000,346,624 | -H-- | M] (NetPlay Software) -- C:\ProgramData\6DSS92c31Apgjk.exe
PRC - [2011.09.28 12:50:13 | 000,458,752 | -H-- | M] (NetPlay Software) -- C:\ProgramData\uIHokJiHsVWWMqk.exe
PRC - [2011.09.08 17:14:09 | 000,924,632 | ---- | M] (Mozilla Corporation) -- C:\Program Files\Mozilla Firefox 4.0 Beta 10\firefox.exe
PRC - [2011.09.08 17:14:07 | 000,016,856 | ---- | M] (Mozilla Corporation) -- C:\Program Files\Mozilla Firefox 4.0 Beta 10\plugin-container.exe
PRC - [2011.06.28 18:52:46 | 000,269,480 | ---- | M] (Avira GmbH) -- C:\Program Files\Avira\AntiVir Desktop\avguard.exe
PRC - [2011.05.21 20:07:20 | 000,040,960 | -H-- | M] () -- C:\Users\July\AppData\Roaming\OCS\SM\SearchAnonymizerHelper.exe
PRC - [2011.05.17 13:29:46 | 000,395,144 | ---- | M] (Ask) -- C:\Program Files\Ask.com\Updater\Updater.exe
PRC - [2011.04.29 08:23:14 | 000,136,360 | ---- | M] (Avira GmbH) -- C:\Program Files\Avira\AntiVir Desktop\sched.exe
PRC - [2010.11.21 11:49:24 | 000,247,608 | ---- | M] () -- C:\Program Files\ICQ6Toolbar\ICQ Service.exe
PRC - [2010.11.04 14:41:06 | 000,281,768 | ---- | M] (Avira GmbH) -- C:\Program Files\Avira\AntiVir Desktop\avgnt.exe
PRC - [2010.01.14 22:10:53 | 000,076,968 | ---- | M] (Avira GmbH) -- C:\Program Files\Avira\AntiVir Desktop\avshadow.exe
PRC - [2009.04.11 08:27:36 | 002,926,592 | ---- | M] (Microsoft Corporation) -- C:\Windows\explorer.exe
PRC - [2009.04.11 08:27:28 | 000,069,120 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\conime.exe
PRC - [2009.01.28 09:39:02 | 000,185,640 | ---- | M] (TeamViewer GmbH) -- C:\Program Files\TeamViewer\Version4\TeamViewer_Service.exe
PRC - [2008.10.25 11:44:34 | 000,031,072 | -H-- | M] (Microsoft Corporation) -- D:\Microsoft Office\Office12\GrooveMonitor.exe
PRC - [2008.08.27 03:02:32 | 000,708,608 | ---- | M] (Mirco-Star International  CO., LTD.) -- C:\Program Files\System Control Manager\MGSysCtrl.exe
PRC - [2008.08.27 01:52:14 | 000,159,744 | ---- | M] () -- C:\Program Files\System Control Manager\MSIService.exe
PRC - [2008.07.21 02:45:06 | 000,354,840 | ---- | M] (Intel Corporation) -- C:\Program Files\Intel\Intel Matrix Storage Manager\IAANTMon.exe
PRC - [2008.07.21 02:45:06 | 000,182,808 | ---- | M] (Intel Corporation) -- C:\Program Files\Intel\Intel Matrix Storage Manager\IAAnotif.exe
PRC - [2008.07.04 11:03:18 | 000,050,952 | ---- | M] (UPEK Inc.) -- C:\Program Files\Protector Suite QL\upeksvr.exe
PRC - [2008.07.04 10:44:46 | 000,278,792 | ---- | M] (UPEK Inc.) -- C:\Program Files\Protector Suite QL\psqltray.exe
PRC - [2008.05.28 10:06:00 | 006,144,000 | ---- | M] (Realtek Semiconductor) -- C:\Windows\RtHDVCpl.exe
PRC - [2008.05.01 04:41:12 | 000,815,104 | ---- | M] (Intel(R) Corporation) -- C:\Program Files\Intel\WiFi\bin\EvtEng.exe
PRC - [2008.05.01 04:10:10 | 000,466,944 | ---- | M] (Intel(R) Corporation) -- C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe
PRC - [2008.03.03 16:05:04 | 000,959,976 | ---- | M] (Check Point Software Technologies LTD) -- C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe
PRC - [2008.03.03 16:05:02 | 000,079,400 | ---- | M] (Check Point Software Technologies LTD) -- C:\Windows\System32\ZoneLabs\vsmon.exe
PRC - [2007.09.29 01:03:46 | 000,075,136 | ---- | M] ( TOSHIBA CORPORATION) -- C:\Program Files\Toshiba\Bluetooth Toshiba Stack\ItSecMng.exe
PRC - [2006.11.02 11:44:50 | 000,016,384 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\attrib.exe
 
 
========== Modules (No Company Name) ==========
 
MOD - [2011.09.08 17:14:08 | 001,846,232 | ---- | M] () -- C:\Program Files\Mozilla Firefox 4.0 Beta 10\mozjs.dll
MOD - [2011.07.25 22:49:07 | 006,271,648 | ---- | M] () -- C:\Windows\System32\Macromed\Flash\NPSWF32.dll
MOD - [2008.08.25 20:47:16 | 000,192,512 | ---- | M] () -- C:\Program Files\System Control Manager\MSIWmiAcpi.dll
MOD - [2008.07.18 22:39:04 | 000,053,248 | ---- | M] () -- C:\Program Files\System Control Manager\MGKBHook.dll
MOD - [2008.06.10 16:13:00 | 000,159,744 | ---- | M] () -- C:\Windows\System32\atitmmxx.dll
MOD - [2008.03.03 16:06:04 | 000,194,032 | ---- | M] () -- C:\Windows\System32\ZoneLabs\lib\pyd\zpui.pyd
MOD - [2008.03.03 16:06:04 | 000,144,880 | ---- | M] () -- C:\Windows\System32\ZoneLabs\lib\pyd\pyexpat.pyd
MOD - [2001.08.10 15:23:14 | 000,388,608 | ---- | M] () -- C:\PROGRA~1\TEXTware\QUICKF~1\PlugIns\IEHelp.dll
 
 
========== Win32 Services (SafeList) ==========
 
SRV - [2011.07.05 10:25:08 | 002,428,968 | ---- | M] (mobile concepts GmbH) [On_Demand | Stopped] -- C:\Program Files\CyberGhost VPN\CGVPNCliService.exe -- (CGVPNCliSrvc)
SRV - [2011.06.28 18:52:46 | 000,269,480 | ---- | M] (Avira GmbH) [Auto | Running] -- C:\Program Files\Avira\AntiVir Desktop\avguard.exe -- (AntiVirService)
SRV - [2011.05.21 20:07:20 | 000,040,960 | -H-- | M] () [Auto | Running] -- C:\Users\July\AppData\Roaming\OCS\SM\SearchAnonymizerHelper.exe -- (SearchAnonymizer)
SRV - [2011.04.29 08:23:14 | 000,136,360 | ---- | M] (Avira GmbH) [Auto | Running] -- C:\Program Files\Avira\AntiVir Desktop\sched.exe -- (AntiVirSchedulerService)
SRV - [2010.11.21 11:49:24 | 000,247,608 | ---- | M] () [Auto | Running] -- C:\Program Files\ICQ6Toolbar\ICQ Service.exe -- (ICQ Service)
SRV - [2009.11.12 11:34:14 | 000,036,352 | ---- | M] () [On_Demand | Stopped] -- C:\Program Files\OpenVPN\bin\openvpnserv.exe -- (OpenVPNService)
SRV - [2009.01.28 09:39:02 | 000,185,640 | ---- | M] (TeamViewer GmbH) [Auto | Running] -- C:\Program Files\TeamViewer\Version4\TeamViewer_Service.exe -- (TeamViewer4)
SRV - [2008.10.25 11:44:08 | 000,065,888 | -H-- | M] (Microsoft Corporation) [On_Demand | Stopped] -- D:\Microsoft Office\Office12\GrooveAuditService.exe -- (Microsoft Office Groove Audit Service)
SRV - [2008.08.27 01:52:14 | 000,159,744 | ---- | M] () [Auto | Running] -- C:\Program Files\System Control Manager\MSIService.exe -- (Micro Star SCM)
SRV - [2008.07.21 02:45:06 | 000,354,840 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files\Intel\Intel Matrix Storage Manager\IAANTMon.exe -- (IAANTMON) Intel(R)
SRV - [2008.05.23 07:54:42 | 000,120,168 | ---- | M] (TOSHIBA CORPORATION) [Disabled | Stopped] -- C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtSrv.exe -- (TOSHIBA Bluetooth Service)
SRV - [2008.05.01 04:41:12 | 000,815,104 | ---- | M] (Intel(R) Corporation) [Auto | Running] -- C:\Program Files\Intel\WiFi\bin\EvtEng.exe -- (EvtEng)
SRV - [2008.05.01 04:10:10 | 000,466,944 | ---- | M] (Intel(R) Corporation) [Auto | Running] -- C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe -- (RegSrvc)
SRV - [2008.03.03 16:05:02 | 000,079,400 | ---- | M] (Check Point Software Technologies LTD) [Auto | Running] -- C:\Windows\System32\ZoneLabs\vsmon.exe -- (vsmon)
SRV - [2008.01.21 04:23:32 | 000,272,952 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files\Windows Defender\mpsvc.dll -- (WinDefend)
SRV - [2005.11.17 15:18:52 | 001,527,900 | ---- | M] (MAGIX®) [On_Demand | Stopped] -- C:\Program Files\MAGIX\Common\Database\bin\fbserver.exe -- (FirebirdServerMAGIXInstance)
 
 
========== Driver Services (SafeList) ==========
 
DRV - [2011.06.28 18:52:47 | 000,138,192 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\Windows\System32\drivers\avipbb.sys -- (avipbb)
DRV - [2011.06.28 18:52:47 | 000,066,616 | ---- | M] (Avira GmbH) [File_System | Auto | Running] -- C:\Windows\System32\drivers\avgntflt.sys -- (avgntflt)
DRV - [2011.06.02 07:47:22 | 000,136,808 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\ssadmdm.sys -- (ssadmdm)
DRV - [2011.06.02 07:47:22 | 000,121,064 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\ssadbus.sys -- (ssadbus) SAMSUNG Android USB Composite Device driver (WDM)
DRV - [2011.06.02 07:47:22 | 000,114,280 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\ssadserd.sys -- (ssadserd) SAMSUNG Android USB Diagnostic Serial Port (WDM)
DRV - [2011.06.02 07:47:22 | 000,012,776 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\ssadmdfl.sys -- (ssadmdfl) SAMSUNG Android USB Modem (Filter)
DRV - [2010.12.21 07:55:02 | 000,030,312 | ---- | M] (Google Inc) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\ssadadb.sys -- (androidusb)
DRV - [2010.10.20 14:43:08 | 000,007,680 | ---- | M] (MSI) [Kernel | On_Demand | Stopped] -- C:\Program Files\MSI\Live Update 5\NTIOLib.sys -- (NTIOLib_1_0_4)
DRV - [2010.05.10 10:44:42 | 000,025,912 | ---- | M] (Your Corporation) [Kernel | On_Demand | Stopped] -- C:\Program Files\MSI\Live Update 5\msibios32_100507.sys -- (MSI_MSIBIOS_010507)
DRV - [2010.02.25 17:51:02 | 000,025,216 | ---- | M] (The OpenVPN Project) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\tap0901.sys -- (tap0901)
DRV - [2009.05.11 10:12:49 | 000,028,520 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\Windows\System32\drivers\ssmdrv.sys -- (ssmdrv)
DRV - [2009.04.11 06:45:24 | 000,113,664 | ---- | M] (Microsoft Corporation) [Kernel | Auto | Running] -- C:\Windows\System32\drivers\rmcast.sys -- (RMCAST) RMCAST (Pgm)
DRV - [2008.08.06 10:26:00 | 000,124,928 | ---- | M] (Realtek Corporation                                            ) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\Rtlh86.sys -- (RTL8169)
DRV - [2008.06.27 21:06:28 | 000,041,728 | ---- | M] (TOSHIBA CORPORATION) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\tosrfusb.sys -- (Tosrfusb)
DRV - [2008.06.10 18:35:00 | 003,839,488 | ---- | M] (ATI Technologies Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\atikmdag.sys -- (atikmdag)
DRV - [2008.05.14 01:16:06 | 000,064,000 | ---- | M] (TOSHIBA Corporation) [Kernel | System | Running] -- C:\Windows\System32\drivers\tosrfcom.sys -- (Tosrfcom)
DRV - [2008.04.29 11:31:00 | 000,143,328 | ---- | M] (Realtek Semiconductor Corp.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\RtHDMIV.sys -- (RTHDMIAzAudService)
DRV - [2008.04.28 15:29:26 | 003,658,752 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\NETw5v32.sys -- (NETw5v32) Intel(R)
DRV - [2008.04.27 20:07:44 | 000,909,824 | ---- | M] (Atheros Communications, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\athr.sys -- (athr)
DRV - [2008.04.24 02:15:26 | 000,131,712 | ---- | M] (TOSHIBA CORPORATION) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\tosrfbd.sys -- (tosrfbd)
DRV - [2008.04.08 16:41:34 | 000,140,832 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\USB_0064.sys -- (DVBUSB_0064_Sevice)
DRV - [2008.03.25 22:54:02 | 000,041,472 | ---- | M] (TOSHIBA Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\tosporte.sys -- (tosporte)
DRV - [2008.03.19 20:38:24 | 000,074,112 | ---- | M] (TOSHIBA Corporation.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\Tosrfhid.sys -- (Tosrfhid)
DRV - [2008.03.03 16:06:04 | 000,279,440 | ---- | M] (Check Point Software Technologies LTD) [Kernel | System | Running] -- C:\Windows\System32\drivers\vsdatant.sys -- (Vsdatant)
DRV - [2008.01.23 05:57:48 | 000,054,144 | ---- | M] (TOSHIBA Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\TosRfSnd.sys -- (TosRfSnd)
DRV - [2008.01.21 04:23:26 | 000,045,624 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\tpm.sys -- (TPM)
DRV - [2007.11.29 18:45:44 | 000,036,608 | ---- | M] (TOSHIBA Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\tosrfbnp.sys -- (tosrfbnp)
DRV - [2007.10.31 19:36:32 | 002,252,800 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\NETw4v32.sys -- (NETw4v32) Intel(R)
DRV - [2007.03.19 17:00:14 | 000,031,616 | ---- | M] () [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\RLVrtAuCbl.sys -- (ReallusionVirtualAudio)
DRV - [2005.01.07 14:42:00 | 000,018,612 | ---- | M] (TOSHIBA Corporation.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\tosrfnds.sys -- (tosrfnds)
 
 
========== Standard Registry (SafeList) ==========
 
 
========== Internet Explorer ==========
 
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://www.msi.com.tw
 
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://go.gmx.net/br/ie9_startpage
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Search_URL = hxxp://search.qip.ru
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = hxxp://search.qip.ru
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://go.gmx.net/tb/ie_startpage
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,StartPageCache = 1
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = hxxp://search.qip.ru/ie
IE - HKCU\..\URLSearchHook:  - No CLSID value found
IE - HKCU\..\URLSearchHook: {855F3B16-6D32-4fe6-8A56-BBB695989046} - C:\Program Files\ICQ6Toolbar\ICQToolBar.dll (ICQ)
IE - HKCU\..\URLSearchHook: {A55F9C95-2BB1-4EA2-BC77-DFAAB78832CE} - No CLSID value found
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = <local>
 
========== FireFox ==========
 
FF - prefs.js..browser.search.defaultenginename: "ICQ Search"
FF - prefs.js..browser.search.defaulturl: "hxxp://search.icq.com/search/afe_results.php?ch_id=afex&tb_ver=1.2.9&q="
FF - prefs.js..browser.search.selectedEngine: "Google"
FF - prefs.js..browser.search.useDBForOrder: true
FF - prefs.js..browser.startup.homepage: "hxxp://www.gmx.de/"
FF - prefs.js..extensions.enabledItems: toolbar@ask.com:3.11.3.15590
FF - prefs.js..extensions.enabledItems: {d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}:1.3.3
FF - prefs.js..extensions.enabledItems: {8AA36F4F-6DC7-4c06-77AF-5035170634FE}:2010.01.21
FF - prefs.js..keyword.URL: "hxxp://search.icq.com/search/afe_results.php?ch_id=afex&tb_ver=1.3.3&q="
FF - prefs.js..network.proxy.type: 4
 
FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF32.dll ()
FF - HKLM\Software\MozillaPlugins\@divx.com/DivX Browser Plugin,version=1.0.0: C:\Program Files\DivX\DivX Web Player\npdivx32.dll (DivX,Inc.)
FF - HKLM\Software\MozillaPlugins\@divx.com/DivX Player Plugin,version=1.0.0: C:\Program Files\DivX\DivX Player\npDivxPlayerPlugin.dll (DivX, Inc)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files\Java\jre6\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: C:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@videolan.org/vlc,version=0.9.8a: C:\Program Files\VideoLAN\VLC\npvlc.dll (the VideoLAN Team)
 
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 4.0b10\extensions\\Components: C:\Program Files\Mozilla Firefox 4.0 Beta 10\components [2011.09.08 17:14:09 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 4.0b10\extensions\\Plugins: C:\Program Files\Mozilla Firefox 4.0 Beta 10\plugins
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 6.0.2\extensions\\Components: C:\Program Files\Mozilla Firefox 4.0 Beta 10\components [2011.09.08 17:14:09 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 6.0.2\extensions\\Plugins: C:\Program Files\Mozilla Firefox 4.0 Beta 10\plugins
 
[2009.02.07 11:32:33 | 000,000,000 | -H-D | M] (No name found) -- C:\Users\July\AppData\Roaming\mozilla\Extensions
[2011.09.28 16:56:19 | 000,000,000 | -H-D | M] (No name found) -- C:\Users\July\AppData\Roaming\mozilla\Firefox\Profiles\9dktzsce.default\extensions
[2010.04.28 16:19:18 | 000,000,000 | -H-D | M] (Microsoft .NET Framework Assistant) -- C:\Users\July\AppData\Roaming\mozilla\Firefox\Profiles\9dktzsce.default\extensions\{20a82645-c095-46ed-80e3-08825760534b}
[2011.09.27 15:48:20 | 000,000,000 | -H-D | M] ("ICQ Toolbar") -- C:\Users\July\AppData\Roaming\mozilla\Firefox\Profiles\9dktzsce.default\extensions\{800b5000-a755-47e1-992b-48a1c1357f07}
[2009.02.07 11:41:51 | 000,000,000 | -H-D | M] (Password Bank) -- C:\Users\July\AppData\Roaming\mozilla\Firefox\Profiles\9dktzsce.default\extensions\passwordbank@upek.com
[2011.09.24 11:03:40 | 000,000,000 | -H-D | M] ("Ask Toolbar") -- C:\Users\July\AppData\Roaming\mozilla\Firefox\Profiles\9dktzsce.default\extensions\toolbar@ask.com
[2011.05.31 12:25:50 | 000,010,525 | -H-- | M] () -- C:\Users\July\AppData\Roaming\Mozilla\Firefox\Profiles\9dktzsce.default\searchplugins\gmx-suche.xml
[2011.09.27 15:02:40 | 000,000,950 | -H-- | M] () -- C:\Users\July\AppData\Roaming\Mozilla\Firefox\Profiles\9dktzsce.default\searchplugins\icqplugin-1.xml
[2011.08.17 10:55:16 | 000,000,950 | -H-- | M] () -- C:\Users\July\AppData\Roaming\Mozilla\Firefox\Profiles\9dktzsce.default\searchplugins\icqplugin-2.xml
[2011.08.18 19:37:27 | 000,000,950 | -H-- | M] () -- C:\Users\July\AppData\Roaming\Mozilla\Firefox\Profiles\9dktzsce.default\searchplugins\icqplugin-3.xml
[2011.08.21 13:16:51 | 000,000,950 | -H-- | M] () -- C:\Users\July\AppData\Roaming\Mozilla\Firefox\Profiles\9dktzsce.default\searchplugins\icqplugin-4.xml
[2011.08.31 18:53:47 | 000,000,950 | -H-- | M] () -- C:\Users\July\AppData\Roaming\Mozilla\Firefox\Profiles\9dktzsce.default\searchplugins\icqplugin-5.xml
[2011.09.08 17:55:36 | 000,000,950 | -H-- | M] () -- C:\Users\July\AppData\Roaming\Mozilla\Firefox\Profiles\9dktzsce.default\searchplugins\icqplugin-6.xml
[2011.09.25 17:27:46 | 000,000,168 | -H-- | M] () -- C:\Users\July\AppData\Roaming\Mozilla\Firefox\Profiles\9dktzsce.default\searchplugins\icqplugin.gif
[2011.09.25 17:27:46 | 000,000,618 | -H-- | M] () -- C:\Users\July\AppData\Roaming\Mozilla\Firefox\Profiles\9dktzsce.default\searchplugins\icqplugin.src
[2011.06.21 23:43:44 | 000,000,950 | -H-- | M] () -- C:\Users\July\AppData\Roaming\Mozilla\Firefox\Profiles\9dktzsce.default\searchplugins\icqplugin.xml
[2010.10.13 19:59:14 | 000,002,311 | -H-- | M] () -- C:\Users\July\AppData\Roaming\Mozilla\Firefox\Profiles\9dktzsce.default\searchplugins\qipsearch.xml
[2010.10.13 19:59:14 | 000,002,182 | -H-- | M] () -- C:\Users\July\AppData\Roaming\Mozilla\Firefox\Profiles\9dktzsce.default\searchplugins\{5A4CE7A1-8CED-4F08-9BAC-10CBC768DB40}.xml
[2010.10.13 19:59:14 | 000,002,071 | -H-- | M] () -- C:\Users\July\AppData\Roaming\Mozilla\Firefox\Profiles\9dktzsce.default\searchplugins\{959DBEBF-B491-4DEB-80E6-A0D5C2F63AA3}.xml
[2010.10.13 19:59:14 | 000,001,864 | -H-- | M] () -- C:\Users\July\AppData\Roaming\Mozilla\Firefox\Profiles\9dktzsce.default\searchplugins\{E51E7004-D3FE-4846-A581-F9280F80793A}.xml
[2011.05.22 23:15:40 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\mozilla firefox\extensions
[2010.10.31 14:25:16 | 000,000,000 | ---D | M] ("Citavi Picker") -- C:\Program Files\mozilla firefox\extensions\{8AA36F4F-6DC7-4c06-77AF-5035170634FE}
() (No name found) -- C:\USERS\JULY\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\9DKTZSCE.DEFAULT\EXTENSIONS\{D10D0BF8-F5B5-C8B4-A8B2-2B9879E08C5D}.XPI
() (No name found) -- C:\USERS\JULY\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\9DKTZSCE.DEFAULT\EXTENSIONS\TOOLBAR@GMX.NET.XPI
 
O1 HOSTS File: ([2011.05.21 20:08:46 | 000,000,761 | ---- | M]) - C:\Windows\System32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1       localhost
O1 - Hosts: ::1             localhost
O2 - BHO: (Adobe PDF Reader Link Helper) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll (Adobe Systems Incorporated)
O2 - BHO: (GMX Konfiguration) - {17166733-40EA-4432-A85C-AE672FF0E236} - C:\ProgramData\1und1InternetExplorerAddon\BHOXML.dll (1&1 Mail & Media GmbH)
O2 - BHO: (no name) - {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} - No CLSID value found.
O2 - BHO: (Groove GFS Browser Helper) - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - D:\Microsoft Office\Office12\GrooveShellExtensions.dll (Microsoft Corporation)
O2 - BHO: (GMX Toolbar BHO) - {BF42D4A8-016E-4fcd-B1EB-837659FD77C6} - C:\Program Files\GMX Toolbar\IE\uitb.dll (1und1 Mail und Media GmbH)
O2 - BHO: (QUICKfind BHO Object) - {C08DF07A-3E49-4E25-9AB0-D3882835F153} - C:\PROGRA~1\TEXTware\QUICKF~1\PlugIns\IEHelp.dll ()
O2 - BHO: (Ask Toolbar) - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files\Ask.com\GenericAskToolbar.dll (Ask)
O3 - HKLM\..\Toolbar: (no name) - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - No CLSID value found.
O3 - HKLM\..\Toolbar: (ICQToolBar) - {855F3B16-6D32-4FE6-8A56-BBB695989046} - C:\Program Files\ICQ6Toolbar\ICQToolBar.dll (ICQ)
O3 - HKLM\..\Toolbar: (TerraTec Home Cinema) - {AD6E6555-FB2C-47D4-8339-3E2965509877} - C:\PROGRA~1\TerraTec\TERRAT~1\THCDES~1.DLL (TerraTec Electronic GmbH)
O3 - HKLM\..\Toolbar: (GMX Toolbar BETA 1) - {C424171E-592A-415a-9EB1-DFD6D95D3530} - C:\Program Files\GMX Toolbar\IE\uitb.dll (1und1 Mail und Media GmbH)
O3 - HKLM\..\Toolbar: (Ask Toolbar) - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files\Ask.com\GenericAskToolbar.dll (Ask)
O3 - HKCU\..\Toolbar\WebBrowser: (GMX Toolbar BETA 1) - {C424171E-592A-415A-9EB1-DFD6D95D3530} - C:\Program Files\GMX Toolbar\IE\uitb.dll (1und1 Mail und Media GmbH)
O3 - HKCU\..\Toolbar\WebBrowser: (Ask Toolbar) - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files\Ask.com\GenericAskToolbar.dll (Ask)
O4 - HKLM..\Run: []  File not found
O4 - HKLM..\Run: [ApnUpdater] C:\Program Files\Ask.com\Updater\Updater.exe (Ask)
O4 - HKLM..\Run: [avgnt] C:\Program Files\Avira\AntiVir Desktop\avgnt.exe (Avira GmbH)
O4 - HKLM..\Run: [GrooveMonitor] D:\Microsoft Office\Office12\GrooveMonitor.exe (Microsoft Corporation)
O4 - HKLM..\Run: [IAAnotif] C:\Program Files\Intel\Intel Matrix Storage Manager\iaanotif.exe (Intel Corporation)
O4 - HKLM..\Run: [ITSecMng] C:\Program Files\TOSHIBA\Bluetooth Toshiba Stack\ItSecMng.exe ( TOSHIBA CORPORATION)
O4 - HKLM..\Run: [Live Update 5] C:\Program Files\MSI\Live Update 5\LU5.exe ()
O4 - HKLM..\Run: [MGSysCtrl] C:\Program Files\System Control Manager\MGSysCtrl.exe (Mirco-Star International  CO., LTD.)
O4 - HKLM..\Run: [Ocs_SM] C:\Users\July\AppData\Roaming\OCS\SM\SearchAnonymizer.exe (OCS)
O4 - HKLM..\Run: [PSQLLauncher] C:\Program Files\Protector Suite QL\launcher.exe (UPEK Inc.)
O4 - HKLM..\Run: [RtHDVCpl] C:\Windows\RtHDVCpl.exe (Realtek Semiconductor)
O4 - HKLM..\Run: [StartCCC] C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe (Advanced Micro Devices, Inc.)
O4 - HKLM..\Run: [Windows Defender] C:\Program Files\Windows Defender\MSASCui.exe (Microsoft Corporation)
O4 - HKLM..\Run: [ZoneAlarm Client] C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe (Check Point Software Technologies LTD)
O4 - HKCU..\Run: [kwlfon] rundll32 C:\Users\July\AppData\Roaming\MICROS~1\Protect\espa.kk, qjok File not found
O4 - HKCU..\Run: [uIHokJiHsVWWMqk.exe] C:\ProgramData\uIHokJiHsVWWMqk.exe (NetPlay Software)
O4 - Startup: C:\Users\July\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\dxdiag.exe ()
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: DisableCAD = 1
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O8 - Extra context menu item: Nach Microsoft E&xel exportieren - D:\Microsoft Office\Office12\EXCEL.EXE (Microsoft Corporation)
O9 - Extra Button: An OneNote senden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - D:\Microsoft Office\Office12\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : An OneNote s&enden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - D:\Microsoft Office\Office12\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra Button: ICQ7.5 - {7578ADEA-D65F-4C89-A249-B1C88B6FFC20} - C:\Program Files\ICQ7.5\ICQ.exe (ICQ, LLC.)
O9 - Extra 'Tools' menuitem : ICQ7.5 - {7578ADEA-D65F-4C89-A249-B1C88B6FFC20} - C:\Program Files\ICQ7.5\ICQ.exe (ICQ, LLC.)
O9 - Extra Button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - D:\Microsoft Office\Office12\REFIEBAR.DLL (Microsoft Corporation)
O13 - gopher Prefix: missing
O16 - DPF: {08631890-6059-4255-B37F-F23AD334D122} hxxp://epis.ewha.ac.kr:8880/EP/web/common/cabfiles/ACUBEActiveXUninstallControl.cab (ACUBEActiveXUninstallControl Control)
O16 - DPF: {1CCA7AD8-4FF3-4449-B994-FD5CD326444C} hxxp://portal.ewha.ac.kr/sso/plugins/NMPCertX.cab (NMPCertX Class)
O16 - DPF: {3D64E58D-CB55-4344-B809-CFE38F900838} hxxp://portal.ewha.ac.kr/sso/plugins/MagicLoaderX.cab (MagicLoaderX Class)
O16 - DPF: {5441F297-BB6C-4D6C-9E05-4FD14D96B605} hxxp://epis.ewha.ac.kr:8880/EP/web/common/cabfiles/IE8Tools.cab (BlockIEDevTools Class)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_26-windows-i586.cab (Java Plug-in 1.6.0_26)
O16 - DPF: {9D67EBF0-AF1A-4BCE-BAC9-C84A9383E0B3} hxxp://epis.ewha.ac.kr:8880/EP/web/common/cabfiles/UniSSOCheck.cab (SSOCheck Class)
O16 - DPF: {AD6870C0-44B7-42FB-A119-C2C6BD9CD005} hxxp://portal.ewha.ac.kr/sso/plugins/MagicPassX.cab (MagicPass Class)
O16 - DPF: {CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_07-windows-i586.cab (Java Plug-in 1.6.0_07)
O16 - DPF: {CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_26-windows-i586.cab (Java Plug-in 1.6.0_26)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_26-windows-i586.cab (Java Plug-in 1.6.0_26)
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} hxxp://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab (Shockwave Flash Object)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 203.246.162.253 164.124.101.2
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{15BE69AD-4DBE-4023-9B54-69446053DA77}: DhcpNameServer = 203.246.162.253 164.124.101.2
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{C637203B-0434-4E9D-A134-A672011AA19A}: DhcpNameServer = 192.168.1.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{D15839B7-19BA-4F02-9A0F-33F07989504C}: DhcpNameServer = 193.22.254.22
O18 - Protocol\Handler\gmx {8FAF0273-9CA8-4efc-9536-1E35E254D5CD} - C:\Program Files\GMX Toolbar\IE\uitb.dll (1und1 Mail und Media GmbH)
O18 - Protocol\Handler\grooveLocalGWS {88FED34C-F0CA-4636-A375-3CB6248B04CD} - D:\Microsoft Office\Office12\GrooveSystemServices.dll (Microsoft Corporation)
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL (Skype Technologies)
O18 - Protocol\Filter\text/xml {807563E5-5146-11D5-A672-00B0D022E945} - C:\PROGRA~1\COMMON~1\MICROS~1\OFFICE12\MSOXMLMF.DLL (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (explorer.exe) -C:\Windows\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) -C:\Windows\System32\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: GinaDLL - (vrlogon.dll) -C:\Windows\System32\vrlogon.dll (UPEK Inc.)
O20 - Winlogon\Notify\psfus: DllName - (C:\Windows\system32\psqlpwd.dll) - C:\Windows\System32\psqlpwd.dll (UPEK Inc.)
O24 - Desktop WallPaper: C:\Users\Public\Pictures\Sample Pictures\Autumn Leaves.jpg
O24 - Desktop BackupWallPaper: C:\Users\Public\Pictures\Sample Pictures\Autumn Leaves.jpg
O28 - HKLM ShellExecuteHooks: {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - D:\Microsoft Office\Office12\GrooveShellExtensions.dll (Microsoft Corporation)
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2009.03.03 13:02:11 | 000,000,057 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]
O33 - MountPoints2\{28bfba81-5345-11de-90e2-002185560a86}\Shell\AutoRun\command - "" = F:\setup.exe
O33 - MountPoints2\{4d26b746-f784-11de-8f33-002185560a86}\Shell - "" = AutoRun
O33 - MountPoints2\{4d26b746-f784-11de-8f33-002185560a86}\Shell\AutoRun\command - "" = H:\LaunchU3.exe -a
O33 - MountPoints2\{8af45932-0cd9-11e0-9e6d-002185560a86}\Shell - "" = AutoRun
O33 - MountPoints2\{8af45932-0cd9-11e0-9e6d-002185560a86}\Shell\AutoRun\command - "" = G:\LaunchU3.exe -a
O33 - MountPoints2\{9efac829-7f50-11de-8319-002185560a86}\Shell - "" = AutoRun
O33 - MountPoints2\{9efac829-7f50-11de-8319-002185560a86}\Shell\AutoRun\command - "" = G:\LaunchU3.exe -a
O33 - MountPoints2\G\Shell - "" = AutoRun
O33 - MountPoints2\G\Shell\AutoRun\command - "" = G:\LaunchU3.exe -a
O34 - HKLM BootExecute: (autocheck autochk *)
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
 
========== Files/Folders - Created Within 30 Days ==========
 
[2011.09.28 13:00:49 | 000,000,000 | -H-D | C] -- C:\Users\July\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Data Repair
[2011.09.28 13:00:02 | 000,346,624 | -H-- | C] (NetPlay Software) -- C:\ProgramData\6DSS92c31Apgjk.exe
[2011.09.28 12:51:09 | 000,458,752 | -H-- | C] (NetPlay Software) -- C:\ProgramData\uIHokJiHsVWWMqk.exe
[2011.09.21 06:04:19 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\CyberGhost VPN
[2011.09.21 06:03:35 | 000,000,000 | -H-D | C] -- C:\Users\July\AppData\Roaming\EurekaLog
[2011.09.16 09:22:21 | 000,025,216 | ---- | C] (The OpenVPN Project) -- C:\Windows\System32\drivers\tap0901.sys
[2011.09.16 09:22:15 | 000,000,000 | -H-D | C] -- C:\CyberGhost VPN
[2011.09.16 07:00:39 | 000,000,000 | -H-D | C] -- C:\Users\July\AppData\Roaming\JonDo
[2011.09.16 06:58:27 | 000,000,000 | -H-D | C] -- C:\Users\July\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\JAP
[2011.09.16 06:58:27 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\JAP
[2011.09.16 06:57:05 | 000,000,000 | ---D | C] -- C:\Program Files\JAP
[2011.09.16 06:09:51 | 000,000,000 | ---D | C] -- C:\Program Files\CyberGhost VPN
[2011.09.14 09:25:29 | 000,000,000 | ---D | C] -- C:\Program Files\DreamSecurity
[2011.09.14 09:13:44 | 000,110,592 | ---- | C] (Samsung SDS) -- C:\Windows\System32\UniSSOCheck.dll
[2011.09.14 09:13:44 | 000,000,000 | ---D | C] -- C:\Program Files\Samsung SDS
[2011.09.10 20:44:17 | 000,000,000 | -H-D | C] -- C:\Users\July\AppData\Roaming\Reallusion
[2011.09.10 20:44:17 | 000,000,000 | -H-D | C] -- D:\My Dropbox\Documents\CamSuite Gallery
[2011.09.07 16:26:51 | 000,000,000 | -H-D | C] -- C:\Users\July\.dreamsecurity
[2011.09.07 15:51:31 | 000,000,000 | -H-D | C] -- C:\ProgramData\UUdb
[2011.09.07 10:18:59 | 000,000,000 | -H-D | C] -- C:\Users\July\Desktop\course syllabus
[6 C:\Users\July\Desktop\*.tmp files -> C:\Users\July\Desktop\*.tmp -> ]
[3 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]
[1 C:\Windows\System32\drivers\*.tmp files -> C:\Windows\System32\drivers\*.tmp -> ]
 
========== Files - Modified Within 30 Days ==========
 
[2011.09.30 15:30:52 | 000,352,615 | -H-- | M] () -- C:\Windows\System32\drivers\vsconfig.xml
[2011.09.30 15:30:42 | 000,003,216 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0
[2011.09.30 15:30:42 | 000,003,216 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0
[2011.09.30 15:30:27 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2011.09.30 15:29:41 | 3220,340,736 | -HS- | M] () -- C:\hiberfil.sys
[2011.09.28 13:25:03 | 000,000,208 | -H-- | M] () -- C:\ProgramData\~6DSS92c31Apgjk
[2011.09.28 13:25:03 | 000,000,128 | -H-- | M] () -- C:\ProgramData\~6DSS92c31Apgjkr
[2011.09.28 13:08:12 | 000,626,790 | ---- | M] () -- C:\Windows\System32\perfh007.dat
[2011.09.28 13:08:12 | 000,594,224 | ---- | M] () -- C:\Windows\System32\perfh009.dat
[2011.09.28 13:08:12 | 000,126,388 | ---- | M] () -- C:\Windows\System32\perfc007.dat
[2011.09.28 13:08:12 | 000,104,038 | ---- | M] () -- C:\Windows\System32\perfc009.dat
[2011.09.28 13:06:45 | 000,000,456 | -H-- | M] () -- C:\ProgramData\6DSS92c31Apgjk
[2011.09.28 13:00:49 | 000,000,613 | -H-- | M] () -- C:\Users\July\Desktop\Data Repair.lnk
[2011.09.28 13:00:02 | 000,346,624 | -H-- | M] (NetPlay Software) -- C:\ProgramData\6DSS92c31Apgjk.exe
[2011.09.28 12:50:13 | 000,458,752 | -H-- | M] (NetPlay Software) -- C:\ProgramData\uIHokJiHsVWWMqk.exe
[2011.09.27 09:32:27 | 255,819,054 | ---- | M] () -- C:\Windows\MEMORY.DMP
[2011.09.15 10:25:00 | 000,016,896 | -H-- | M] () -- C:\Users\July\Desktop\EKLES_Form (2).hwp
[2011.09.14 08:59:52 | 000,404,640 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\System32\FlashPlayerCPLApp.cpl
[6 C:\Users\July\Desktop\*.tmp files -> C:\Users\July\Desktop\*.tmp -> ]
[3 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]
[1 C:\Windows\System32\drivers\*.tmp files -> C:\Windows\System32\drivers\*.tmp -> ]
 
========== Files Created - No Company Name ==========
 
[2011.09.28 13:25:03 | 000,000,128 | -H-- | C] () -- C:\ProgramData\~6DSS92c31Apgjkr
[2011.09.28 13:25:02 | 000,000,208 | -H-- | C] () -- C:\ProgramData\~6DSS92c31Apgjk
[2011.09.28 13:00:49 | 000,000,613 | -H-- | C] () -- C:\Users\July\Desktop\Data Repair.lnk
[2011.09.28 13:00:39 | 000,000,456 | -H-- | C] () -- C:\ProgramData\6DSS92c31Apgjk
[2011.09.28 12:57:11 | 3220,340,736 | -HS- | C] () -- C:\hiberfil.sys
[2011.09.15 11:18:49 | 000,016,896 | -H-- | C] () -- C:\Users\July\Desktop\EKLES_Form (2).hwp
[2011.06.07 11:13:38 | 000,974,848 | ---- | C] () -- C:\Windows\System32\cis-2.4.dll
[2011.06.07 11:13:38 | 000,081,920 | ---- | C] () -- C:\Windows\System32\issacapi_bs-2.3.dll
[2011.06.07 11:13:38 | 000,065,536 | ---- | C] () -- C:\Windows\System32\issacapi_pe-2.3.dll
[2011.06.07 11:13:38 | 000,057,344 | ---- | C] () -- C:\Windows\System32\issacapi_se-2.3.dll
[2011.06.07 11:13:38 | 000,030,568 | ---- | C] () -- C:\Windows\MusiccityDownload.exe
[2011.05.19 22:21:26 | 000,000,034 | ---- | C] () -- C:\Windows\cdplayer.ini
[2011.03.06 16:47:26 | 000,000,048 | -H-- | C] () -- C:\Windows\System32\ezsidmv.dat
[2011.03.05 11:28:22 | 000,000,306 | RHS- | C] () -- C:\ProgramData\ntuser.pol
[2010.05.17 12:36:53 | 000,081,920 | ---- | C] () -- C:\Windows\System32\GkSui20.EXE
[2009.11.01 19:50:05 | 000,000,680 | -H-- | C] () -- C:\Users\July\AppData\Local\d3d9caps.dat
[2009.10.20 19:50:29 | 000,117,248 | ---- | C] () -- C:\Windows\System32\EhStorAuthn.dll
[2009.10.20 19:50:29 | 000,107,612 | ---- | C] () -- C:\Windows\System32\StructuredQuerySchema.bin
[2009.02.24 07:59:53 | 000,018,904 | ---- | C] () -- C:\Windows\System32\StructuredQuerySchemaTrivial.bin
[2009.02.14 15:13:24 | 000,000,061 | ---- | C] () -- C:\Windows\TEXTware.ini
[2009.02.14 15:13:22 | 000,147,456 | ---- | C] () -- C:\Windows\System32\Twavbx32.dll
[2009.02.14 15:13:21 | 000,115,200 | ---- | C] () -- C:\Windows\System32\UnzDll.dll
[2009.02.14 15:13:21 | 000,113,288 | ---- | C] () -- C:\Windows\System32\bass.dll
[2009.02.14 15:13:21 | 000,090,112 | ---- | C] () -- C:\Windows\System32\idiom010227.dll
[2009.02.14 15:13:18 | 000,143,360 | ---- | C] () -- C:\Windows\System32\ILXTBS.DLL
[2009.02.07 17:37:26 | 000,147,456 | -H-- | C] () -- C:\Users\July\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2009.02.07 12:16:42 | 000,006,642 | ---- | C] () -- C:\Windows\mgxoschk.ini
[2009.02.07 11:32:33 | 000,000,000 | ---- | C] () -- C:\Windows\nsreg.dat
[2009.02.07 11:24:36 | 000,839,854 | ---- | C] () -- C:\ProgramData\LuUninstall.LiveUpdate
[2009.02.07 00:32:05 | 000,031,616 | ---- | C] () -- C:\Windows\System32\drivers\RLVrtAuCbl.sys
[2008.09.20 02:22:22 | 000,000,000 | ---- | C] () -- C:\Windows\tosOBEX.INI
[2008.09.19 18:43:14 | 000,000,000 | ---- | C] () -- C:\Windows\ativpsrm.bin
[2008.09.19 18:40:27 | 003,107,788 | ---- | C] () -- C:\Windows\System32\atiumdva.dat
[2008.06.10 16:13:00 | 000,159,744 | ---- | C] () -- C:\Windows\System32\atitmmxx.dll
[2008.06.10 11:50:00 | 000,174,819 | ---- | C] () -- C:\Windows\System32\atiicdxx.dat
[2008.04.08 16:41:34 | 000,140,832 | ---- | C] () -- C:\Windows\System32\drivers\USB_0064.sys
[2008.03.05 14:38:00 | 000,090,112 | ---- | C] () -- C:\Windows\System32\atibrtmon.exe
[2007.12.22 01:46:32 | 000,118,784 | ---- | C] () -- C:\Windows\System32\TosBtAcc.dll
[2006.11.02 14:57:28 | 000,067,584 | --S- | C] () -- C:\Windows\bootstat.dat
[2006.11.02 14:47:37 | 000,414,264 | ---- | C] () -- C:\Windows\System32\FNTCACHE.DAT
[2006.11.02 14:35:32 | 000,005,632 | ---- | C] () -- C:\Windows\System32\sysprepMCE.dll
[2006.11.02 12:33:01 | 000,594,224 | ---- | C] () -- C:\Windows\System32\perfh009.dat
[2006.11.02 12:33:01 | 000,287,440 | ---- | C] () -- C:\Windows\System32\perfi009.dat
[2006.11.02 12:33:01 | 000,104,038 | ---- | C] () -- C:\Windows\System32\perfc009.dat
[2006.11.02 12:33:01 | 000,030,674 | ---- | C] () -- C:\Windows\System32\perfd009.dat
[2006.11.02 12:23:21 | 000,215,943 | ---- | C] () -- C:\Windows\System32\dssec.dat
[2006.11.02 10:58:30 | 000,043,131 | ---- | C] () -- C:\Windows\mib.bin
[2006.11.02 10:19:00 | 000,000,741 | ---- | C] () -- C:\Windows\System32\NOISE.DAT
[2006.11.02 09:40:29 | 000,013,750 | ---- | C] () -- C:\Windows\System32\pacerprf.ini
[2006.11.02 09:25:31 | 000,673,088 | ---- | C] () -- C:\Windows\System32\mlang.dat
[2005.07.23 06:30:18 | 000,065,536 | ---- | C] () -- C:\Windows\System32\TosCommAPI.dll
[2002.03.05 04:53:43 | 000,290,748 | ---- | C] () -- C:\Windows\System32\perfi007.dat
[2002.03.05 04:53:42 | 000,626,790 | ---- | C] () -- C:\Windows\System32\perfh007.dat
[2002.03.05 04:53:42 | 000,126,388 | ---- | C] () -- C:\Windows\System32\perfc007.dat
[2002.03.05 04:53:42 | 000,036,916 | ---- | C] () -- C:\Windows\System32\perfd007.dat
 
========== LOP Check ==========
 
[2011.07.14 14:22:26 | 000,000,000 | -H-D | M] -- C:\Users\July\AppData\Roaming\1&1 Mail & Media GmbH
[2010.10.31 17:25:17 | 000,000,000 | -H-D | M] -- C:\Users\July\AppData\Roaming\Academic Software Zurich
[2009.12.31 23:32:10 | 000,000,000 | -H-D | M] -- C:\Users\July\AppData\Roaming\bible2.net
[2010.01.11 19:51:26 | 000,000,000 | -H-D | M] -- C:\Users\July\AppData\Roaming\Desktopicon
[2011.07.30 22:16:26 | 000,000,000 | -H-D | M] -- C:\Users\July\AppData\Roaming\Disk Cleaner
[2011.05.21 19:38:37 | 000,000,000 | -H-D | M] -- C:\Users\July\AppData\Roaming\Dropbox
[2011.08.19 12:48:15 | 000,000,000 | -H-D | M] -- C:\Users\July\AppData\Roaming\EAC
[2009.04.27 09:43:37 | 000,000,000 | -H-D | M] -- C:\Users\July\AppData\Roaming\Elluminate
[2011.09.21 06:03:35 | 000,000,000 | -H-D | M] -- C:\Users\July\AppData\Roaming\EurekaLog
[2011.09.25 14:41:10 | 000,000,000 | -H-D | M] -- C:\Users\July\AppData\Roaming\ICQ
[2010.10.13 19:38:52 | 000,000,000 | -H-D | M] -- C:\Users\July\AppData\Roaming\ICQLite
[2009.02.07 00:37:40 | 000,000,000 | -H-D | M] -- C:\Users\July\AppData\Roaming\Infineon
[2011.07.28 22:17:35 | 000,000,000 | -H-D | M] -- C:\Users\July\AppData\Roaming\IrfanView
[2011.09.16 07:08:23 | 000,000,000 | -H-D | M] -- C:\Users\July\AppData\Roaming\JonDo
[2009.03.04 13:46:08 | 000,000,000 | -H-D | M] -- C:\Users\July\AppData\Roaming\MAGIX
[2010.10.13 19:58:58 | 000,000,000 | -H-D | M] -- C:\Users\July\AppData\Roaming\OCS
[2009.02.07 13:00:51 | 000,000,000 | -H-D | M] -- C:\Users\July\AppData\Roaming\OpenOffice.org
[2010.10.13 19:59:14 | 000,000,000 | -H-D | M] -- C:\Users\July\AppData\Roaming\Opera
[2009.02.07 12:10:01 | 000,000,000 | -H-D | M] -- C:\Users\July\AppData\Roaming\Protector Suite
[2010.10.11 19:48:29 | 000,000,000 | -H-D | M] -- C:\Users\July\AppData\Roaming\QIP
[2011.07.25 18:49:27 | 000,000,000 | -H-D | M] -- C:\Users\July\AppData\Roaming\Samsung
[2009.02.07 15:46:56 | 000,000,000 | -H-D | M] -- C:\Users\July\AppData\Roaming\TeamViewer
[2009.02.09 21:09:13 | 000,000,000 | -H-D | M] -- C:\Users\July\AppData\Roaming\TerraTec
[2010.08.20 21:39:53 | 000,000,000 | -H-D | M] -- C:\Users\July\AppData\Roaming\TippKönigin
[2009.02.07 14:51:41 | 000,000,000 | -H-D | M] -- C:\Users\July\AppData\Roaming\Toolbars
[2010.05.01 22:01:36 | 000,000,000 | -H-D | M] -- C:\Users\July\AppData\Roaming\Ulead Systems
[2011.09.30 15:27:57 | 000,032,516 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT
 
========== Purity Check ==========
 
 

< End of report >
         
--- --- ---



Hier die Extras-Datei:

OTL Logfile:
Code:
ATTFilter
OTL Extras logfile created on: 30.09.2011 15:40:16 - Run 1
OTL by OldTimer - Version 3.2.29.1     Folder = D:\download
Windows Vista Home Premium Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
 
3,00 Gb Total Physical Memory | 1,68 Gb Available Physical Memory | 56,06% Memory free
6,19 Gb Paging File | 4,96 Gb Available in Paging File | 80,15% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 43,95 Gb Total Space | 1,48 Gb Free Space | 3,37% Space Free | Partition Type: NTFS
Drive D: | 246,33 Gb Total Space | 46,53 Gb Free Space | 18,89% Space Free | Partition Type: NTFS
 
Computer Name: JULYSLAPTOP | User Name: July | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
 
========== Extra Registry (SafeList) ==========
 
 
========== File Associations ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- C:\Windows\System32\control.exe (Microsoft Corporation)
.hlp [@ = hlpfile] -- C:\Windows\winhlp32.exe (Microsoft Corporation)
 
[HKEY_CURRENT_USER\SOFTWARE\Classes\<extension>]
.html [@ = FirefoxHTML] -- C:\Program Files\Mozilla Firefox 4.0 Beta 10\firefox.exe (Mozilla Corporation)
 
========== Shell Spawning ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
hlpfile [open] -- %SystemRoot%\winhlp32.exe %1 (Microsoft Corporation)
htmlfile [edit] -- "D:\Microsoft Office\Office12\msohtmed.exe" %1 (Microsoft Corporation)
htmlfile [print] -- "D:\Microsoft Office\Office12\msohtmed.exe" /p %1 (Microsoft Corporation)
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [AddToPlaylistVLC] -- C:\Program Files\VideoLAN\VLC\vlc.exe --started-from-file --playlist-enqueue "%1" ()
Directory [Browse with &IrfanView] -- "C:\Program Files\IrfanView\i_view32.exe" "%1 /thumbs" (Irfan Skiljan)
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [OneNote.Open] -- D:\MICROS~1\Office12\ONENOTE.EXE "%L" (Microsoft Corporation)
Directory [PlayWithVLC] -- C:\Program Files\VideoLAN\VLC\vlc.exe --started-from-file --no-playlist-enqueue "%1" ()
Folder [open] -- %SystemRoot%\Explorer.exe /separate,/idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /separate,/e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
 
========== Security Center Settings ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1
"UacDisableNotify" = 0
"InternetSettingsDisableNotify" = 0
"AutoUpdateDisableNotify" = 0
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
"DisableMonitoring" = 1
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus]
"DisableMonitoring" = 1
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall]
"DisableMonitoring" = 1
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ZoneLabsFirewall]
"DisableMonitoring" = 1
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 1
"VistaSp1" = Reg Error: Unknown registry data type -- File not found
"VistaSp2" = Reg Error: Unknown registry data type -- File not found
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]
 
========== Firewall Settings ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"EnableFirewall" = 0
"DisableNotifications" = 0
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall" = 0
"DisableNotifications" = 0
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"EnableFirewall" = 0
"DisableNotifications" = 0
"DoNotAllowExceptions" = 0
 
========== Authorized Applications List ==========
 
 
========== Vista Active Open Ports Exception List ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{09E6D8EE-1D57-4CFA-A93E-55D8B011F3E4}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe | 
"{0E96BDC4-C384-4F9C-A786-8DB16154FCE3}" = lport=3702 | protocol=17 | dir=in | svc=fdrespub | app=%systemroot%\system32\svchost.exe | 
"{48855D5F-9C20-4997-8902-E7D48A9E572A}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe | 
"{581C0D46-015B-4995-AC61-2C97243A51DE}" = lport=3702 | protocol=17 | dir=in | svc=fdphost | app=%systemroot%\system32\svchost.exe | 
"{597EAEE0-CCCD-499F-8479-382D903FEFCF}" = lport=6004 | protocol=17 | dir=in | app=d:\microsoft office\office12\outlook.exe | 
"{7A96E5C7-3BE4-477B-9CF2-C4E8DE29BB97}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe | 
"{C7F82379-F4DB-449C-B480-FF378E443D5B}" = rport=3702 | protocol=17 | dir=out | svc=fdphost | app=%systemroot%\system32\svchost.exe | 
"{DC4E30C8-D931-4838-A7BA-F6B68C9DB744}" = lport=135 | protocol=6 | dir=in | svc=rpcss | app=c:\windows\system32\svchost.exe | 
"{DD37841E-B67A-4F1E-A700-1592F3A5C321}" = rport=3702 | protocol=17 | dir=out | svc=fdrespub | app=%systemroot%\system32\svchost.exe | 
"{FB8CB996-2361-4037-B1DB-F754A68B1A45}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe | 
 
========== Vista Active Application Exception List ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{01CD2E4A-2A47-4E71-B018-480738480B54}" = protocol=17 | dir=in | app=d:\microsoft office\office12\onenote.exe | 
"{095F1158-C76F-404D-B39D-60345BF473CF}" = protocol=17 | dir=in | app=c:\windows\system32\muzapp.exe | 
"{0F2084F6-1CDC-4F4A-9A7F-9C3D3D5CADC3}" = protocol=6 | dir=in | app=c:\windows\system32\plasrv.exe | 
"{1962FA8E-D336-472B-8FB0-6CC509AE07D1}" = protocol=6 | dir=in | app=c:\program files\icq7.5\icq.exe | 
"{28BB33C4-CEA9-4DB2-850B-F5A2B7602EEB}" = protocol=17 | dir=in | app=c:\program files\icq7.5\icq.exe | 
"{2BFE529D-DB15-443C-BC0F-4BE1FEFCAD5C}" = protocol=6 | dir=in | app=c:\program files\icq7.5\icq.exe | 
"{2F234946-5417-4D67-ADCF-106D37CDA941}" = protocol=6 | dir=in | app=c:\users\july\appdata\roaming\dropbox\bin\dropbox.exe | 
"{365ACB67-B936-4CC1-9572-C15A9BD06D8B}" = protocol=17 | dir=in | app=c:\users\july\appdata\roaming\dropbox\bin\dropbox.exe | 
"{7109B1BD-336D-4AD2-B97D-65F0251419E0}" = protocol=17 | dir=in | app=c:\program files\terratec\terratec home cinema\cinergydvr.exe | 
"{72C1DD05-F754-4D2D-A68B-A5D59376F47C}" = protocol=6 | dir=in | app=c:\program files\icq7.5\icq.exe | 
"{98B9BDDA-8A90-49EB-8937-EC8D731128B1}" = protocol=17 | dir=in | app=c:\program files\terratec\terratec home cinema\insttool.exe | 
"{9D505DBC-B6D1-421D-BA32-555ECEC96B85}" = protocol=17 | dir=in | app=d:\microsoft office\office12\groove.exe | 
"{A40743B6-6D78-4893-978E-3904CEA86F2D}" = protocol=6 | dir=in | app=c:\program files\terratec\terratec home cinema\tvtvsetup\tvtv_wizard.exe | 
"{A5ED0936-6363-4025-9FA3-88FB0D1B949F}" = protocol=17 | dir=in | app=c:\program files\icq7.5\icq.exe | 
"{A840F394-C630-4994-9EF1-C9289AAAA475}" = protocol=6 | dir=in | app=d:\microsoft office\office12\onenote.exe | 
"{A8904B58-0900-47CB-9981-BAB6029ED5F1}" = dir=in | app=c:\program files\skype\plugin manager\skypepm.exe | 
"{AB16F888-359A-4A32-9E98-A71BBAEE778E}" = protocol=6 | dir=in | app=d:\microsoft office\office12\groove.exe | 
"{AF6A24E2-825E-4642-A4EF-10735ADC638A}" = protocol=17 | dir=in | app=c:\program files\icq7.5\icq.exe | 
"{B2EC6567-7D00-437C-A3DF-D42B2AEFD95D}" = protocol=6 | dir=in | app=c:\windows\system32\muzapp.exe | 
"{B6661B59-FE2C-419E-B0CF-90613340D301}" = protocol=6 | dir=in | app=c:\program files\terratec\terratec home cinema\cinergydvr.exe | 
"{B88EAD91-30B2-4238-A9D8-EADA48CEEF00}" = dir=in | app=c:\program files\skype\phone\skype.exe | 
"{C99052E1-73F6-426E-A610-72A5FD4C1D19}" = protocol=6 | dir=in | app=c:\program files\terratec\terratec home cinema\insttool.exe | 
"{DECA3888-4FED-4266-8A3B-F6192AB569F0}" = protocol=17 | dir=in | app=c:\program files\terratec\terratec home cinema\tvtvsetup\tvtv_wizard.exe | 
"{FF145D1C-C388-4F6A-B5DA-9AF0C0076E4F}" = protocol=6 | dir=out | svc=upnphost | app=%systemroot%\system32\svchost.exe | 
"TCP Query User{D21565E6-51EC-4815-8D2B-50722B89D3F1}C:\program files\qip\qip.exe" = protocol=6 | dir=in | app=c:\program files\qip\qip.exe | 
"TCP Query User{DEA72C7F-EB24-4ACC-89EC-D213B1A38454}C:\program files\terratec\terratec home cinema\versioncheck\versioncheck.exe" = protocol=6 | dir=in | app=c:\program files\terratec\terratec home cinema\versioncheck\versioncheck.exe | 
"UDP Query User{B1A9E6C7-882E-4E90-970B-00D6F039F5A1}C:\program files\terratec\terratec home cinema\versioncheck\versioncheck.exe" = protocol=17 | dir=in | app=c:\program files\terratec\terratec home cinema\versioncheck\versioncheck.exe | 
"UDP Query User{E16AC443-F076-4E56-93EC-45C063086DE0}C:\program files\qip\qip.exe" = protocol=17 | dir=in | app=c:\program files\qip\qip.exe | 
 
========== HKEY_LOCAL_MACHINE Uninstall List ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{009E5DF2-3F97-480B-89DA-F2D5E672E14A}_is1" = Live Update 5
"{052FDD78-A6EA-3187-8386-C82F4CA3A929}" = Microsoft .NET Framework 3.5 Language Pack SP1 - deu
"{07690F1C-04B1-4060-9691-6748ED1826B9}" = MSI Software Install
"{0A35B15C-9CCD-4C0C-BD5B-34ABF8C95813}_is1" = ICQ 7.5 Build #5242 Banner Remover 1.1
"{0B3973ED-EB50-5888-7538-1E635CF19C75}" = CCC Help Chinese Standard
"{18D10072035C4515918F7E37EAFAACFC}" = AutoUpdate
"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
"{23B14BE4-5277-40B2-B602-3FCD456C27BC}" = Protector Suite QL 5.8
"{26921B2E-3E62-47F9-A514-1FC4A83BD738}" = Intel(R) PROSet/Wireless WiFi Software
"{26A24AE4-039D-4CA4-87B4-2F83216026FF}" = Java(TM) 6 Update 26
"{28006915-2739-4EBE-B5E8-49B25D32EB33}" = Atheros Client Installation Program
"{2892E1B7-E24D-4CCB-B8A7-B63D4B66F89F}" = BurnRecovery
"{289338AE-2213-4509-AED2-450414C1260C}_is1" = ICQ Update Patch 1.7
"{294BB21B-0091-492F-87D2-A9192DA3E448}" = System Requirements Lab for Intel
"{2D5BCDF0-663C-8319-00F1-D76CC6C354FE}" = Catalyst Control Center Graphics Previews Vista
"{3248F0A8-6813-11D6-A77B-00B0D0160070}" = Java(TM) 6 Update 7
"{389D6438-7C5C-A81D-A38B-1A82CE0F440E}" = Catalyst Control Center Localization Chinese Traditional
"{3FC7CBBC4C1E11DCA1A752EA55D89593}" = DivX Version Checker
"{415B2719-AD3A-4944-B404-C472DB6085B3}" = Cisco EAP-FAST Module
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{5335DADB-34BA-4AE8-A519-648D78498846}" = Skype™ 5.3
"{54C7B05B-DCB8-7F70-5446-CE7DF004F367}" = CCC Help Japanese
"{56C049BE-79E9-4502-BEA7-9754A3E60F9B}" = neroxml
"{5812E6DA-9954-1915-9E98-3BB11924C1A4}" = CCC Help English
"{5DA8F6CD-C70E-39D8-8430-3D9808D6BD17}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30411
"{5E222767-9BFB-BDEA-8A10-2141C0447D84}" = Catalyst Control Center Graphics Full Existing
"{5EE7D259-D137-4438-9A5F-42F432EC0421}" = VC80CRTRedist - 8.0.50727.4053
"{63B9BAB5-F36A-4A3B-9E5C-68A7F212BFB9}" = TerraTec Home Cinema
"{669C7BD8-DAA2-49B6-966C-F1E2AAE6B17E}" = Cisco PEAP Module
"{6F06E141-1106-0881-BE93-003C099E72F3}" = Catalyst Control Center Localization Chinese Standard
"{70E8EBD5-78C9-4258-B20A-5098CCA000F0}" = Dolby Control Center
"{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}" = Microsoft Visual C++ 2005 Redistributable
"{7578ADEA-D65F-4C89-A249-B1C88B6FFC20}" = ICQ7.5
"{758C8301-2696-4855-AF45-534B1200980A}" = Samsung Kies
"{7748AC8C-18E3-43BB-959B-088FAEA16FB2}" = Nero StartSmart
"{7EC19307-7C22-47A8-922B-3FA965291260}" = OpenOffice.org 3.0
"{817DE62F-5787-43BB-8877-5F81FAE5A823}" = ACUBE UniSSOTray V1.0
"{82F913E9-BBF2-B8C0-6869-C7824B883329}" = ATI Catalyst Install Manager
"{83770D14-21B9-44B3-8689-F7B523F94560}" = Cisco LEAP Module
"{86D4B82A-ABED-442A-BE86-96357B70F4FE}" = Ask Toolbar
"{8833FFB6-5B0C-4764-81AA-06DFEED9A476}" = Realtek 8169 8168 8101E 8102E Ethernet Driver
"{8ADFC4160D694100B5B8A22DE9DCABD9}" = DivX Player
"{90120000-0015-0407-0000-0000000FF1CE}" = Microsoft Office Access MUI (German) 2007
"{90120000-0015-0407-0000-0000000FF1CE}_ENTERPRISE_{9BD40163-B95D-4B07-8991-0AB775B6D88B}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0016-0407-0000-0000000FF1CE}" = Microsoft Office Excel MUI (German) 2007
"{90120000-0016-0407-0000-0000000FF1CE}_ENTERPRISE_{9BD40163-B95D-4B07-8991-0AB775B6D88B}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0018-0407-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (German) 2007
"{90120000-0018-0407-0000-0000000FF1CE}_ENTERPRISE_{9BD40163-B95D-4B07-8991-0AB775B6D88B}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0019-0407-0000-0000000FF1CE}" = Microsoft Office Publisher MUI (German) 2007
"{90120000-0019-0407-0000-0000000FF1CE}_ENTERPRISE_{9BD40163-B95D-4B07-8991-0AB775B6D88B}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-001A-0407-0000-0000000FF1CE}" = Microsoft Office Outlook MUI (German) 2007
"{90120000-001A-0407-0000-0000000FF1CE}_ENTERPRISE_{9BD40163-B95D-4B07-8991-0AB775B6D88B}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-001B-0407-0000-0000000FF1CE}" = Microsoft Office Word MUI (German) 2007
"{90120000-001B-0407-0000-0000000FF1CE}_ENTERPRISE_{9BD40163-B95D-4B07-8991-0AB775B6D88B}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-001F-0407-0000-0000000FF1CE}" = Microsoft Office Proof (German) 2007
"{90120000-001F-0407-0000-0000000FF1CE}_ENTERPRISE_{A0516415-ED61-419A-981D-93596DA74165}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2007
"{90120000-001F-0409-0000-0000000FF1CE}_ENTERPRISE_{ABDDE972-355B-4AF1-89A8-DA50B7B5C045}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2007
"{90120000-001F-040C-0000-0000000FF1CE}_ENTERPRISE_{F580DDD5-8D37-4998-968E-EBB76BB86787}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-001F-0410-0000-0000000FF1CE}" = Microsoft Office Proof (Italian) 2007
"{90120000-001F-0410-0000-0000000FF1CE}_ENTERPRISE_{322296D4-1EAE-4030-9FBC-D2787EB25FA2}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-002C-0407-0000-0000000FF1CE}" = Microsoft Office Proofing (German) 2007
"{90120000-0030-0000-0000-0000000FF1CE}" = Microsoft Office Enterprise 2007
"{90120000-0030-0000-0000-0000000FF1CE}_ENTERPRISE_{0B36C6D6-F5D8-4EAF-BF94-4376A230AD5B}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0030-0000-0000-0000000FF1CE}_ENTERPRISE_{3D019598-7B59-447A-80AE-815B703B84FF}" = Security Update for Microsoft Office system 2007 (972581)
"{90120000-0044-0407-0000-0000000FF1CE}" = Microsoft Office InfoPath MUI (German) 2007
"{90120000-0044-0407-0000-0000000FF1CE}_ENTERPRISE_{9BD40163-B95D-4B07-8991-0AB775B6D88B}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-006E-0407-0000-0000000FF1CE}" = Microsoft Office Shared MUI (German) 2007
"{90120000-006E-0407-0000-0000000FF1CE}_ENTERPRISE_{26454C26-D259-4543-AA60-3189E09C5F76}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-00A1-0407-0000-0000000FF1CE}" = Microsoft Office OneNote MUI (German) 2007
"{90120000-00A1-0407-0000-0000000FF1CE}_ENTERPRISE_{9BD40163-B95D-4B07-8991-0AB775B6D88B}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-00BA-0407-0000-0000000FF1CE}" = Microsoft Office Groove MUI (German) 2007
"{90120000-00BA-0407-0000-0000000FF1CE}_ENTERPRISE_{9BD40163-B95D-4B07-8991-0AB775B6D88B}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90140000-2005-0000-0000-0000000FF1CE}" = Microsoft Office File Validation Add-In
"{9068B2BE-D93A-4C0A-861C-5E35E2C0E09E}" = Intel® Matrix Storage Manager
"{958DD4C6-4E8C-9E32-2292-EF9FF25E5C35}" = CCC Help Chinese Traditional
"{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
"{9E4C9080-C91E-253C-B51E-A81C9B96C10C}" = Catalyst Control Center InstallProxy
"{A3BE3F1E-2472-4211-8735-E8239BE49D9F}" = Ulead Burn.Now 4.5
"{A48A1D1C-307A-46F9-983E-9762863D15F1}" = GMX Toolbar MSVC100 CRT x86
"{A72D6F6E-81DA-9BF5-E193-7CD8DC28EB62}" = Catalyst Control Center Graphics Light
"{AC76BA86-7AD7-1033-7B44-A83000000003}" = Adobe Reader 8.3.1
"{AC76BA86-7AD7-5464-3428-800000000003}" = Spelling Dictionaries Support For Adobe Reader 8
"{B2EC4A38-B545-4A00-8214-13FE0E915E6D}" = Advertising Center
"{B56195ED-11C3-7F0D-4DE4-343D3BD57F3A}" = Catalyst Control Center Core Implementation
"{B6CF2967-C81E-40C0-9815-C05774FEF120}" = Skype Toolbars
"{B7050CBDB2504B34BC2A9CA0A692CC29}" = DivX Web Player
"{B744CE83-FAB5-A833-4446-E4CF437B5E69}" = Catalyst Control Center Localization Japanese
"{BD5CA0DA-71AD-43DA-B19E-6EEE0C9ADC9A}" = Nero ControlCenter
"{C7340571-7773-4A8C-9EBC-4E4243B38C76}" = Microsoft XML Parser
"{C81A2FE0-3574-00A9-CED4-BDAA334CBE8E}" = Nero Online Upgrade
"{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1
"{CEBB6BFB-D708-4F99-A633-BC2600E01EF6}" = Bluetooth Stack for Windows by Toshiba
"{D0795B21-0CDA-4a92-AB9E-6E92D8111E44}" = SAMSUNG USB Driver for Mobile Phones
"{D1504C77-1B19-4AF0-8DEC-946666123B55}" = CrazyTalk Cam Suite
"{d4471e5a-b76c-46a8-9631-edeb581c5ba9}" = Nero 9 Lite
"{DC24971E-1946-445D-8A82-CE685433FA7D}" = Realtek USB 2.0 Card Reader
"{E105ADD3-D412-3CB1-602C-07D791FDEE88}" = Skins
"{E5E80E00-F4B9-74DD-42ED-06D1789D5E22}" = ccc-core-static
"{E8A80433-302B-4FF1-815D-FCC8EAC482FF}" = Nero Installer
"{ED9C5D25-55DF-48D8-9328-2AC0D75DE5D8}" = System Control Manager
"{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver
"{FBF8AB14-5496-C04B-C3AE-B8860BFF61F4}" = Catalyst Control Center Graphics Full New
"{FF61E4BC-A243-AEFA-0602-103943FB93E3}" = ccc-utility
"{FF66E9F6-83E7-3A3E-AF14-8DE9A809A6A4}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022
"1&1 Mail & Media GmbH 1und1InternetExplorerAddon" = GMX Internet Explorer Addon
"1&1 Mail & Media GmbH 1und1Softwareaktualisierung" = GMX Softwareaktualisierung
"1&1 Mail & Media GmbH Toolbar FF" = GMX Toolbar für Mozilla Firefox
"1&1 Mail & Media GmbH Toolbar IE8" = GMX Toolbar für Internet Explorer
"7-Zip" = 7-Zip 4.65
"Adobe Flash Player ActiveX" = Adobe Flash Player 10 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 10 Plugin
"Audiograbber" = Audiograbber 1.83 SE 
"Avira AntiVir Desktop" = Avira AntiVir Personal - Free Antivirus
"Citavi" = Citavi 2.5
"CyberGhost VPN_is1" = CyberGhost VPN
"ENTERPRISE" = Microsoft Office Enterprise 2007
"Exact Audio Copy" = Exact Audio Copy 1.0beta2
"Firebird SQL Server D" = Firebird SQL Server - MAGIX Edition 2.0.0.1 (D)
"ICQToolbar" = ICQ Toolbar
"Install MAGIX Goya Base UK" = Install MAGIX Goya Base 1.0.2.0 (UK)
"InstallShield_{758C8301-2696-4855-AF45-534B1200980A}" = Samsung Kies
"InstallShield_{A3BE3F1E-2472-4211-8735-E8239BE49D9F}" = Ulead Burn.Now 4.5 SE
"IrfanView" = IrfanView (remove only)
"JAP" = JAP
"LastFM_is1" = Last.fm 1.5.4.27091
"MAGIX Foto Manager 2006 D" = MAGIX Foto Manager 2006 3.4.0.450 (D)
"MAGIX Goya Base D" = MAGIX Goya Base 1.3.1.2 (D)
"MAGIX Music Manager 2006 D" = MAGIX Music Manager 2006 7.4.0.438 (D)
"MAGIX Online Druck Service D" = MAGIX Online Druck Service 2.3.2.0 (D)
"Microsoft .NET Framework 3.5 Language Pack SP1 - deu" = Microsoft .NET Framework 3.5 Language Pack SP1 - DEU
"Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1
"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile
"Mozilla Firefox 6.0.2 (x86 de)" = Mozilla Firefox 6.0.2 (x86 de)
"OpenVPN" = OpenVPN 2.1_rc21
"Oxford Advanced Genie" = Oxford Advanced Genie
"Product_Name" = eText typeSmart
"ProInst" = Intel PROSet Wireless
"SearchAnonymizer" = SearchAnonymizer
"TeamViewer 4" = TeamViewer 4
"TippKönigin_is1" = TippKönigin 5.5
"VLC media player" = VLC media player 0.9.8a
"ZoneAlarm" = ZoneAlarm
 
========== HKEY_CURRENT_USER Uninstall List ==========
 
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"Dropbox" = Dropbox
 
========== Last 10 Event Log Errors ==========
 
[ Application Events ]
Error - 03.06.2010 12:32:11 | Computer Name = JulysLaptop | Source = Windows Search Service | ID = 3013
Description = 
 
Error - 03.06.2010 12:32:13 | Computer Name = JulysLaptop | Source = Windows Search Service | ID = 3013
Description = 
 
Error - 03.06.2010 12:32:14 | Computer Name = JulysLaptop | Source = Windows Search Service | ID = 3013
Description = 
 
Error - 03.06.2010 17:13:19 | Computer Name = JulysLaptop | Source = Windows Search Service | ID = 3010
Description = 
 
Error - 04.06.2010 02:34:04 | Computer Name = JulysLaptop | Source = Microsoft-Windows-CAPI2 | ID = 131083
Description = 
 
Error - 04.06.2010 02:34:08 | Computer Name = JulysLaptop | Source = WinMgmt | ID = 10
Description = 
 
Error - 04.06.2010 10:00:04 | Computer Name = JulysLaptop | Source = Microsoft-Windows-CAPI2 | ID = 131083
Description = 
 
Error - 04.06.2010 10:00:11 | Computer Name = JulysLaptop | Source = WinMgmt | ID = 10
Description = 
 
Error - 05.06.2010 12:09:56 | Computer Name = JulysLaptop | Source = Microsoft-Windows-CAPI2 | ID = 131083
Description = 
 
Error - 05.06.2010 12:10:00 | Computer Name = JulysLaptop | Source = WinMgmt | ID = 10
Description = 
 
[ OSession Events ]
Error - 03.01.2011 11:02:58 | Computer Name = JulysLaptop | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 0, Application Name: Microsoft Office Word, Application Version:
 12.0.6545.5000, Microsoft Office Version: 12.0.6425.1000. This session lasted 100700
 seconds with 22500 seconds of active time.  This session ended with a crash.
 
[ System Events ]
Error - 29.09.2011 11:46:19 | Computer Name = JulysLaptop | Source = BROWSER | ID = 8032
Description = 
 
Error - 29.09.2011 12:02:47 | Computer Name = JulysLaptop | Source = DCOM | ID = 10010
Description = 
 
Error - 30.09.2011 09:14:03 | Computer Name = JulysLaptop | Source = Service Control Manager | ID = 7022
Description = 
 
Error - 30.09.2011 09:17:34 | Computer Name = JulysLaptop | Source = Microsoft-Windows-LanguagePackSetup | ID = 1001
Description = 
 
Error - 30.09.2011 09:19:36 | Computer Name = JulysLaptop | Source = volsnap | ID = 393236
Description = Die Schattenkopien von Volume "D:" wurden aufgrund von einem fehlgeschlagenen
 Rechenvorgang bezüglich verfügbarem Speicher abgebrochen.
 
Error - 30.09.2011 09:21:01 | Computer Name = JulysLaptop | Source = Microsoft-Windows-WindowsUpdateClient | ID = 20
Description = 
 
Error - 30.09.2011 09:21:15 | Computer Name = JulysLaptop | Source = Microsoft-Windows-WindowsUpdateClient | ID = 20
Description = 
 
Error - 30.09.2011 09:23:36 | Computer Name = JulysLaptop | Source = Microsoft-Windows-WindowsUpdateClient | ID = 20
Description = 
 
Error - 30.09.2011 09:36:20 | Computer Name = JulysLaptop | Source = Service Control Manager | ID = 7022
Description = 
 
Error - 30.09.2011 09:38:56 | Computer Name = JulysLaptop | Source = Microsoft-Windows-LanguagePackSetup | ID = 1001
Description = 
 
 
< End of report >
         
--- --- ---

Hier die Datei des CC-Cleaners:

Code:
ATTFilter
7-Zip 4.65		06.02.2009	3,13MB	
ACUBE UniSSOTray V1.0		13.09.2011	0,74MB	
Adobe Flash Player 10 ActiveX	Adobe Systems Incorporated	13.09.2011		10.3.183.7
Adobe Flash Player 10 Plugin	Adobe Systems Incorporated	24.07.2011		10.3.181.34
Adobe Reader 8.3.1	Adobe Systems Incorporated	20.09.2011	87,2MB	8.3.1
Ask Toolbar	Ask.com	13.06.2011	2,30MB	1.12.2.0
Atheros Client Installation Program	Atheros	21.09.2008	10,0MB	7.0
ATI Catalyst Install Manager	ATI Technologies, Inc.	18.09.2008	13,7MB	3.0.682.0
Audiograbber 1.83 SE	Audiograbber Deutschland	07.02.2009		1.83 SE 
Avira AntiVir Personal - Free Antivirus	Avira GmbH	09.08.2011	118,6MB	10.2.0.700
Bluetooth Stack for Windows by Toshiba	TOSHIBA CORPORATION	18.09.2008	57,6MB	v6.00.11
BurnRecovery	MSI	18.09.2008	26,5MB	1.0.0.00610
CCleaner	Piriform	29.09.2011	4,07MB	3.11
Cisco EAP-FAST Module	Cisco Systems, Inc.	21.09.2008	1,04MB	2.1.6
Cisco LEAP Module	Cisco Systems, Inc.	21.09.2008	1,04MB	1.0.12
Cisco PEAP Module	Cisco Systems, Inc.	21.09.2008	0,85MB	1.0.13
Citavi 2.5	Academic Software Zurich	30.10.2010	59,3MB	2.5.2.0
CrazyTalk Cam Suite	Reallusion	05.02.2009	40,8MB	2.0
CyberGhost VPN	CyberGhost S.R.L.	20.09.2011	59,7MB	
DivX Player	DivX, Inc.	28.02.2010	8,43MB	7.2.0
DivX Web Player	DivX,Inc.	28.02.2010	2,83MB	1.5.0
Dolby Control Center	Dolby	18.09.2008	75,5MB	1.1.0601
Dropbox		27.10.2010	24,0MB	0.7.110
eText typeSmart		02.03.2009	10,4MB	
Exact Audio Copy 1.0beta2	Andre Wiethoff	18.08.2011	15,4MB	1.0beta2
Firebird SQL Server - MAGIX Edition 2.0.0.1 (D)	MAGIX AG	06.02.2009	6,29MB	2.0.0.1
GMX Internet Explorer Addon	1&1 Mail & Media GmbH	11.05.2011	0,50MB	1.0.1.0
GMX Softwareaktualisierung	1&1 Mail & Media GmbH	02.08.2011	1,44MB	2.0.1.9
GMX Toolbar für Internet Explorer	1&1 Mail & Media GmbH	06.09.2011	2,30MB	1.6.6.1
GMX Toolbar für Mozilla Firefox	1&1 Mail & Media GmbH	30.05.2011	2,30MB	1.5.5.0
ICQ 7.5 Build #5242 Banner Remover 1.1	murb.com	20.05.2011	1,55MB	
ICQ Toolbar	ICQ	20.05.2011		3.0.0
ICQ Update Patch 1.7	murb.com	12.10.2010	0,81MB	
ICQ7.5	ICQ	20.05.2011	33,4MB	7.5
Install MAGIX Goya Base 1.0.2.0 (UK)	MAGIX AG	06.02.2009	943MB	1.0.2.0
Intel(R) PROSet/Wireless WiFi Software	Intel(R) Corporation	21.09.2008	78,3MB	12.00.0004
Intel® Matrix Storage Manager	Intel Corporation	06.02.2009	9,74MB	
IrfanView (remove only)		17.02.2009	10,3MB	
JAP	JAP-Team	15.09.2011	11,8MB	00.15.001
Java(TM) 6 Update 26	Oracle	27.07.2011	94,9MB	6.0.260
Java(TM) 6 Update 7	Sun Microsystems, Inc.	06.02.2009	138,0MB	1.6.0.70
Last.fm 1.5.4.27091	Last.fm	28.10.2010	18,4MB	
Live Update 5	MSI	24.07.2011	16,9MB	5.0.064
MAGIX Foto Manager 2006 3.4.0.450 (D)	MAGIX AG	06.02.2009	79,1MB	3.4.0.450
MAGIX Goya Base 1.3.1.2 (D)	MAGIX AG	06.02.2009	170,3MB	1.3.1.2
MAGIX Music Manager 2006 7.4.0.438 (D)	MAGIX AG	06.02.2009	86,5MB	7.4.0.438
MAGIX Online Druck Service 2.3.2.0 (D)	MAGIX AG	06.02.2009	9,30MB	2.3.2.0
Microsoft .NET Framework 3.5 Language Pack SP1 - DEU	Microsoft Corporation	24.02.2009	37,0MB	
Microsoft .NET Framework 3.5 SP1	Microsoft Corporation	16.02.2009	37,0MB	
Microsoft .NET Framework 4 Client Profile	Microsoft Corporation	25.06.2010	120,3MB	4.0.30319
Microsoft Office Enterprise 2007	Microsoft Corporation	15.07.2010	639MB	12.0.6425.1000
Microsoft Office File Validation Add-In	Microsoft Corporation	14.09.2011	7,92MB	14.0.5130.5003
Microsoft Visual C++ 2005 Redistributable	Microsoft Corporation	16.06.2011	0,29MB	8.0.61001
Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022	Microsoft Corporation	30.10.2010	1,41MB	9.0.21022
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30411	Microsoft Corporation	13.07.2010	1,46MB	9.0.30411
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148	Microsoft Corporation	08.05.2010	0,58MB	9.0.30729.4148
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161	Microsoft Corporation	16.06.2011	0,58MB	9.0.30729.6161
Mozilla Firefox 6.0.2 (x86 de)	Mozilla	07.09.2011	34,4MB	6.0.2
MSI Software Install	MSI	18.09.2008	2,07MB	1.0.8.0630
MSXML 4.0 SP2 (KB941833)	Microsoft Corporation	06.02.2009	34,00KB	4.20.9849.0
MSXML 4.0 SP2 (KB954430)	Microsoft Corporation	06.02.2009	1,28MB	4.20.9870.0
MSXML 4.0 SP2 (KB973688)	Microsoft Corporation	24.11.2009	1,34MB	4.20.9876.0
Nero 9 Lite	Nero AG	30.04.2010	9,48MB	
OpenOffice.org 3.0	OpenOffice.org	06.02.2009	348MB	3.0.9379
OpenVPN 2.1_rc21		01.11.2010	3,91MB	2.1_rc21
Oxford Advanced Genie		13.02.2009	245MB	
Protector Suite QL 5.8	UPEK Inc.	18.09.2008	71,2MB	5.8.2.4489
Realtek 8169 8168 8101E 8102E Ethernet Driver	Realtek	18.09.2008	1,62MB	1.00.0000
Realtek High Definition Audio Driver	Realtek Semiconductor Corp.	18.09.2008	26,0MB	6.0.1.5636
Realtek USB 2.0 Card Reader	Realtek Semiconductor Corp.	18.09.2008	4,00MB	
Samsung Kies	Samsung Electronics Co., Ltd.	24.07.2011	176,9MB	2.0.1.11053_99
SAMSUNG USB Driver for Mobile Phones	SAMSUNG Electronics Co., Ltd.	24.07.2011	37,1MB	1.3.2410.0
SearchAnonymizer		12.10.2010	0,21MB	1.0.1 (de)
Skype Toolbars	Skype Technologies S.A.	21.05.2011	5,72MB	5.3.7280
Skype™ 5.3	Skype Technologies S.A.	21.05.2011	22,6MB	5.3.111
Spelling Dictionaries Support For Adobe Reader 8	Adobe Systems	26.10.2010	32,5MB	8.0.0
System Control Manager		18.09.2008	4,17MB	2.0208.0826.001.05
System Requirements Lab for Intel	Husdawg, LLC	08.01.2011	0,87MB	4.3.16.0
TeamViewer 4	TeamViewer GmbH	06.02.2009	4,76MB	
TerraTec Home Cinema		13.03.2011	74,6MB	6.20.4
TippKönigin 5.5	Giletech e.K.	19.08.2010	5,24MB	
Ulead Burn.Now 4.5 SE	InterVideo Digital Technology Corporation	05.02.2009	55,3MB	4.5.0
VLC media player 0.9.8a	VideoLAN Team	06.02.2009	60,6MB	0.9.8a
ZoneAlarm	Check Point, Inc	06.02.2009	10,6MB	7.1.254.000
         
Vielen Dank!

Schöne Grüße,
Juliane

Geändert von julianes (30.09.2011 um 16:17 Uhr)

Alt 01.10.2011, 07:49   #7
kira
/// Helfer-Team
 
TR/Spy.Web.H und windows-virus w32/Indus.A - Standard

TR/Spy.Web.H und windows-virus w32/Indus.A



1.
Deinstalliere unter `Start→ Systemsteuereung→ Ändern/Entfernen...`
Code:
ATTFilter
Ask Toolbar - Adware -Toolbar
         
Bestandteile der Standardinstallation vieler Freeware-Programme und teilweise sogar von kostenpflichtigen Programmen. Daher:
Immer die benutzerdefinierte Installation wählen, nicht die Standardinstallation, weil dann oft Sachen mitinstalliert werden, die man nicht braucht oder nicht möchte.
Bei Installation die Lizenzbestimmungen immer lesen, und nicht sofort überall den Haken setzen, weil damit stimmt man nämlich zu, dass Adware (Werbe-Pop-ups) durch Partnerprogrammen, Sponsoren etc - mitinstalliert wird, weil sich Freeware damit finanziert.

in diese Kategorie gehören noch einige, wie z.B: -> Unerwünschte Toolbars deinstallieren

2.
Benötigst unbedingt? wenn nicht deinstalliere:
Zitat:
GMX Internet Explorer Addon 1&1 Mail & Media GmbH 11.05.2011 0,50MB 1.0.1.0
GMX Softwareaktualisierung 1&1 Mail & Media GmbH 02.08.2011 1,44MB 2.0.1.9
GMX Toolbar für Internet Explorer 1&1 Mail & Media GmbH 06.09.2011 2,30MB 1.6.6.1
GMX Toolbar für Mozilla Firefox 1&1 Mail & Media GmbH 30.05.2011 2,30MB 1.5.5.0
Zitat:
Download (ein Programm zu installieren) und Updates ausschließlich vom Hersteller!!
3.
Aufgrund alter Sicherheitslücken ist Java sehr anfällig, deinstalliere zunächst:
→ Systemsteuerung → Software → deinstallieren...
Zitat:
Java(TM) 6 Update 7
4.
Mache bitte ein Rechtsklick auf den AntiVir-Schirm in der Taskleiste → AntiVir startenÜbersicht Ereignisse
jeden Fund markieren → Rechtsklick auf Funde → Ereignis(se) exportieren
und als Ereignisse.txt auf dem Desktop speichern und den Inhalt hier posten.

5.
erneut einen Scan mit OTL:
  • Doppelklick auf die OTL.exe
  • Vista und Windows 7 User: Rechtsklick auf die OTL.exe und "als Administrator ausführen" wählen.
  • Oben findest Du ein Kästchen mit Ausgabe.
    Wähle bitte Standard-Ausgabe
  • Unter Extra-Registrierung wähle bitte Benutze SafeList.
  • Mache Häckchen bei LOP- und Purity-Prüfung.
  • Klicke nun auf Scan links oben.
  • Wenn der Scan beendet wurde werden zwei Logfiles erstellt.
    Du findest die Logfiles auf Deinem Desktop => OTL.txt und Extras.txt
  • Poste die Logfiles in Code-Tags hier in den Thread.

Zitat:
► Berichte mir über alle Umsetzungsschritte, die Du erledigt hast!
__________________

Warnung!:
Vorsicht beim Rechnungen per Email mit ZIP-Datei als Anhang! Kann mit einen Verschlüsselungs-Trojaner infiziert sein!
Anhang nicht öffnen, in unserem Forum erst nachfragen!

Sichere regelmäßig deine Daten, auf CD/DVD, USB-Sticks oder externe Festplatten, am besten 2x an verschiedenen Orten!
Bitte diese Warnung weitergeben, wo Du nur kannst!

Alt 02.10.2011, 17:28   #8
julianes
 
TR/Spy.Web.H und windows-virus w32/Indus.A - Standard

TR/Spy.Web.H und windows-virus w32/Indus.A



Hallo,

danke für die Antwort!

Habe alle Schritte umgesetzt.

Habe gerade zwei neue Virus-Meldungen von Avira reinbekommen:
"In der Datei C:\ProgramData\ulHokJiHsVWWMqk.exe wurde ein Virus oder unerwünschtes Programm TR/FakeAV.kcn gefunden"
sowie
"...in ...C:\ProgramData\6DSS92c31Apgjk.exe .... wurde TR/Sisproc.A.1384"
Sie befinden sich jetzt in Quarantäne.

Hier die Datei mit den Avira-Funden:
Code:
ATTFilter
Exportierte Ereignisse:

02.10.2011 17:28 [Scanner] Suchlauf
      Suchlauf beendet [Der Suchlauf wurde vollständig durchgeführt.].
      Anzahl Dateien:	565
      Anzahl Verzeichnisse:	0
      Anzahl Malware:	3
      Anzahl Warnungen:	2

02.10.2011 17:28 [Guard] Malware gefunden
      In der Datei 'C:\Users\July\AppData\Roaming\Microsoft\Windows\Start 
      Menu\Programs\Startup\dxdiag.exe'
      wurde ein Virus oder unerwünschtes Programm 'TR/Gendal.kdv.362122' [trojan] 
      gefunden.
      Ausgeführte Aktion: Zugriff verweigern

02.10.2011 17:28 [Guard] Malware gefunden
      In der Datei 'C:\ProgramData\uIHokJiHsVWWMqk.exe'
      wurde ein Virus oder unerwünschtes Programm 'TR/FakeAV.kcn' [trojan] gefunden.
      Ausgeführte Aktion: Zugriff verweigern

02.10.2011 17:28 [Guard] Malware gefunden
      In der Datei 'C:\Users\July\AppData\Roaming\Microsoft\Windows\Start 
      Menu\Programs\Startup\dxdiag.exe'
      wurde ein Virus oder unerwünschtes Programm 'TR/Gendal.kdv.362122' [trojan] 
      gefunden.
      Ausgeführte Aktion: Zugriff verweigern

02.10.2011 17:28 [Guard] Malware gefunden
      In der Datei 'C:\ProgramData\uIHokJiHsVWWMqk.exe'
      wurde ein Virus oder unerwünschtes Programm 'TR/FakeAV.kcn' [trojan] gefunden.
      Ausgeführte Aktion: Zugriff verweigern

02.10.2011 17:28 [Guard] Malware gefunden
      In der Datei 'C:\ProgramData\6DSS92c31Apgjk.exe'
      wurde ein Virus oder unerwünschtes Programm 'TR/Sisproc.A.1384' [trojan] 
      gefunden.
      Ausgeführte Aktion: Zugriff verweigern

02.10.2011 17:28 [Guard] Malware gefunden
      In der Datei 'C:\ProgramData\uIHokJiHsVWWMqk.exe'
      wurde ein Virus oder unerwünschtes Programm 'TR/FakeAV.kcn' [trojan] gefunden.
      Ausgeführte Aktion: Zugriff verweigern

02.10.2011 17:28 [Guard] Malware gefunden
      In der Datei 'C:\ProgramData\6DSS92c31Apgjk.exe'
      wurde ein Virus oder unerwünschtes Programm 'TR/Sisproc.A.1384' [trojan] 
      gefunden.
      Ausgeführte Aktion: Zugriff verweigern

02.10.2011 17:28 [Guard] Malware gefunden
      In der Datei 'C:\ProgramData\6DSS92c31Apgjk.exe'
      wurde ein Virus oder unerwünschtes Programm 'TR/Sisproc.A.1384' [trojan] 
      gefunden.
      Ausgeführte Aktion: Zugriff verweigern

02.10.2011 17:28 [Guard] Malware gefunden
      In der Datei 'C:\ProgramData\6DSS92c31Apgjk.exe'
      wurde ein Virus oder unerwünschtes Programm 'TR/Sisproc.A.1384' [trojan] 
      gefunden.
      Ausgeführte Aktion: Zugriff verweigern

02.10.2011 17:27 [Guard] Malware gefunden
      In der Datei 'C:\Users\July\AppData\Roaming\Microsoft\Windows\Start 
      Menu\Programs\Startup\dxdiag.exe'
      wurde ein Virus oder unerwünschtes Programm 'TR/Gendal.kdv.362122' [trojan] 
      gefunden.
      Ausgeführte Aktion: Zugriff erlauben

02.10.2011 17:27 [Guard] Malware gefunden
      In der Datei 'C:\ProgramData\6DSS92c31Apgjk.exe'
      wurde ein Virus oder unerwünschtes Programm 'TR/Sisproc.A.1384' [trojan] 
      gefunden.
      Ausgeführte Aktion: Zugriff verweigern

02.10.2011 17:27 [Scanner] Malware gefunden
      Die Datei 'C:\Users\July\AppData\Roaming\Microsoft\Windows\Start 
      Menu\Programs\Startup\dxdiag.exe'
      enthielt einen Virus oder unerwünschtes Programm 'TR/Gendal.kdv.362122' 
      [trojan].
      Durchgeführte Aktion(en):
      Der Registrierungseintrag 
      <HKEY_USERS\S-1-5-21-676453965-3675783069-989077462-1000\Software\Microsoft\Wind
      ows\CurrentVersion\Explorer\Shell Folders\Startup> wurde erfolgreich repariert.
      Die Datei wurde ins Quarantäneverzeichnis unter dem Namen '4af221fc.qua' 
      verschoben!

02.10.2011 17:27 [Guard] Malware gefunden
      In der Datei 'C:\ProgramData\6DSS92c31Apgjk.exe'
      wurde ein Virus oder unerwünschtes Programm 'TR/Sisproc.A.1384' [trojan] 
      gefunden.
      Ausgeführte Aktion: Zugriff verweigern

02.10.2011 17:27 [Guard] Malware gefunden
      In der Datei 'C:\ProgramData\uIHokJiHsVWWMqk.exe'
      wurde ein Virus oder unerwünschtes Programm 'TR/FakeAV.kcn' [trojan] gefunden.
      Ausgeführte Aktion: Zugriff verweigern

02.10.2011 17:27 [Guard] Malware gefunden
      In der Datei 'C:\ProgramData\uIHokJiHsVWWMqk.exe'
      wurde ein Virus oder unerwünschtes Programm 'TR/FakeAV.kcn' [trojan] gefunden.
      Ausgeführte Aktion: Zugriff verweigern

02.10.2011 17:27 [Guard] Malware gefunden
      In der Datei 'C:\ProgramData\6DSS92c31Apgjk.exe'
      wurde ein Virus oder unerwünschtes Programm 'TR/Sisproc.A.1384' [trojan] 
      gefunden.
      Ausgeführte Aktion: Zugriff verweigern

02.10.2011 17:27 [Guard] Malware gefunden
      In der Datei 'C:\Users\July\AppData\Roaming\Microsoft\Windows\Start 
      Menu\Programs\Startup\dxdiag.exe'
      wurde ein Virus oder unerwünschtes Programm 'TR/Gendal.kdv.362122' [trojan] 
      gefunden.
      Ausgeführte Aktion: Zugriff verweigern

02.10.2011 17:27 [Guard] Malware gefunden
      In der Datei 'C:\Users\July\AppData\Roaming\Microsoft\Windows\Start 
      Menu\Programs\Startup\dxdiag.exe'
      wurde ein Virus oder unerwünschtes Programm 'TR/Gendal.kdv.362122' [trojan] 
      gefunden.
      Ausgeführte Aktion: Zugriff verweigern

02.10.2011 17:27 [Guard] Malware gefunden
      In der Datei 'C:\ProgramData\uIHokJiHsVWWMqk.exe'
      wurde ein Virus oder unerwünschtes Programm 'TR/FakeAV.kcn' [trojan] gefunden.
      Ausgeführte Aktion: Zugriff verweigern

02.10.2011 17:27 [Guard] Malware gefunden
      In der Datei 'C:\ProgramData\6DSS92c31Apgjk.exe'
      wurde ein Virus oder unerwünschtes Programm 'TR/Sisproc.A.1384' [trojan] 
      gefunden.
      Ausgeführte Aktion: Zugriff verweigern

02.10.2011 17:27 [Guard] Malware gefunden
      In der Datei 'C:\ProgramData\uIHokJiHsVWWMqk.exe'
      wurde ein Virus oder unerwünschtes Programm 'TR/FakeAV.kcn' [trojan] gefunden.
      Ausgeführte Aktion: Zugriff verweigern

02.10.2011 17:27 [Guard] Malware gefunden
      In der Datei 'C:\ProgramData\6DSS92c31Apgjk.exe'
      wurde ein Virus oder unerwünschtes Programm 'TR/Sisproc.A.1384' [trojan] 
      gefunden.
      Ausgeführte Aktion: Zugriff verweigern

02.10.2011 17:27 [Guard] Malware gefunden
      In der Datei 'C:\ProgramData\6DSS92c31Apgjk.exe'
      wurde ein Virus oder unerwünschtes Programm 'TR/Sisproc.A.1384' [trojan] 
      gefunden.
      Ausgeführte Aktion: Zugriff verweigern

02.10.2011 17:27 [Guard] Malware gefunden
      In der Datei 'C:\ProgramData\6DSS92c31Apgjk.exe'
      wurde ein Virus oder unerwünschtes Programm 'TR/Sisproc.A.1384' [trojan] 
      gefunden.
      Ausgeführte Aktion: Zugriff verweigern

02.10.2011 17:27 [Guard] Malware gefunden
      In der Datei 'C:\ProgramData\6DSS92c31Apgjk.exe'
      wurde ein Virus oder unerwünschtes Programm 'TR/Sisproc.A.1384' [trojan] 
      gefunden.
      Ausgeführte Aktion: Zugriff verweigern

02.10.2011 17:27 [Guard] Malware gefunden
      In der Datei 'C:\ProgramData\6DSS92c31Apgjk.exe'
      wurde ein Virus oder unerwünschtes Programm 'TR/Sisproc.A.1384' [trojan] 
      gefunden.
      Ausgeführte Aktion: Zugriff verweigern

02.10.2011 17:27 [Guard] Malware gefunden
      In der Datei 'C:\ProgramData\uIHokJiHsVWWMqk.exe'
      wurde ein Virus oder unerwünschtes Programm 'TR/FakeAV.kcn' [trojan] gefunden.
      Ausgeführte Aktion: Zugriff verweigern

02.10.2011 17:27 [Guard] Malware gefunden
      In der Datei 'C:\ProgramData\uIHokJiHsVWWMqk.exe'
      wurde ein Virus oder unerwünschtes Programm 'TR/FakeAV.kcn' [trojan] gefunden.
      Ausgeführte Aktion: Zugriff verweigern

02.10.2011 17:27 [Guard] Malware gefunden
      In der Datei 'C:\ProgramData\6DSS92c31Apgjk.exe'
      wurde ein Virus oder unerwünschtes Programm 'TR/Sisproc.A.1384' [trojan] 
      gefunden.
      Ausgeführte Aktion: Zugriff verweigern

02.10.2011 17:26 [Guard] Malware gefunden
      In der Datei 'C:\ProgramData\6DSS92c31Apgjk.exe'
      wurde ein Virus oder unerwünschtes Programm 'TR/Sisproc.A.1384' [trojan] 
      gefunden.
      Ausgeführte Aktion: Zugriff verweigern

02.10.2011 17:26 [Guard] Malware gefunden
      In der Datei 'C:\ProgramData\6DSS92c31Apgjk.exe'
      wurde ein Virus oder unerwünschtes Programm 'TR/Sisproc.A.1384' [trojan] 
      gefunden.
      Ausgeführte Aktion: Zugriff verweigern

02.10.2011 17:26 [Guard] Malware gefunden
      In der Datei 'C:\ProgramData\6DSS92c31Apgjk.exe'
      wurde ein Virus oder unerwünschtes Programm 'TR/Sisproc.A.1384' [trojan] 
      gefunden.
      Ausgeführte Aktion: Zugriff verweigern

02.10.2011 17:26 [Guard] Malware gefunden
      In der Datei 'C:\Users\July\AppData\Roaming\Microsoft\Windows\Start 
      Menu\Programs\Startup\dxdiag.exe'
      wurde ein Virus oder unerwünschtes Programm 'TR/Gendal.kdv.362122' [trojan] 
      gefunden.
      Ausgeführte Aktion: Zugriff verweigern

02.10.2011 17:17 [Guard] Malware gefunden
      In der Datei 'C:\ProgramData\uIHokJiHsVWWMqk.exe'
      wurde ein Virus oder unerwünschtes Programm 'TR/FakeAV.kcn' [trojan] gefunden.
      Ausgeführte Aktion: Zugriff verweigern

02.10.2011 17:16 [Guard] Malware gefunden
      In der Datei 'C:\ProgramData\6DSS92c31Apgjk.exe'
      wurde ein Virus oder unerwünschtes Programm 'TR/Sisproc.A.1384' [trojan] 
      gefunden.
      Ausgeführte Aktion: Zugriff verweigern

02.10.2011 17:16 [Guard] Malware gefunden
      In der Datei 'C:\ProgramData\uIHokJiHsVWWMqk.exe'
      wurde ein Virus oder unerwünschtes Programm 'TR/FakeAV.kcn' [trojan] gefunden.
      Ausgeführte Aktion: Zugriff verweigern

02.10.2011 17:07 [Guard] Malware gefunden
      In der Datei 'C:\ProgramData\uIHokJiHsVWWMqk.exe'
      wurde ein Virus oder unerwünschtes Programm 'TR/FakeAV.kcn' [trojan] gefunden.
      Ausgeführte Aktion: Zugriff verweigern
         
Hier die OTL-txt Datei:
OTL Logfile:
Code:
ATTFilter
OTL logfile created on: 30.09.2011 15:40:16 - Run 1
OTL by OldTimer - Version 3.2.29.1     Folder = D:\download
Windows Vista Home Premium Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
 
3,00 Gb Total Physical Memory | 1,68 Gb Available Physical Memory | 56,06% Memory free
6,19 Gb Paging File | 4,96 Gb Available in Paging File | 80,15% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 43,95 Gb Total Space | 1,48 Gb Free Space | 3,37% Space Free | Partition Type: NTFS
Drive D: | 246,33 Gb Total Space | 46,53 Gb Free Space | 18,89% Space Free | Partition Type: NTFS
 
Computer Name: JULYSLAPTOP | User Name: July | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
 
========== Processes (SafeList) ==========
 
PRC - [2011.09.30 15:39:20 | 000,582,656 | ---- | M] (OldTimer Tools) -- D:\download\OTL(1).exe
PRC - [2011.09.28 13:00:02 | 000,346,624 | -H-- | M] (NetPlay Software) -- C:\ProgramData\6DSS92c31Apgjk.exe
PRC - [2011.09.28 12:50:13 | 000,458,752 | -H-- | M] (NetPlay Software) -- C:\ProgramData\uIHokJiHsVWWMqk.exe
PRC - [2011.09.08 17:14:09 | 000,924,632 | ---- | M] (Mozilla Corporation) -- C:\Program Files\Mozilla Firefox 4.0 Beta 10\firefox.exe
PRC - [2011.09.08 17:14:07 | 000,016,856 | ---- | M] (Mozilla Corporation) -- C:\Program Files\Mozilla Firefox 4.0 Beta 10\plugin-container.exe
PRC - [2011.06.28 18:52:46 | 000,269,480 | ---- | M] (Avira GmbH) -- C:\Program Files\Avira\AntiVir Desktop\avguard.exe
PRC - [2011.05.21 20:07:20 | 000,040,960 | -H-- | M] () -- C:\Users\July\AppData\Roaming\OCS\SM\SearchAnonymizerHelper.exe
PRC - [2011.05.17 13:29:46 | 000,395,144 | ---- | M] (Ask) -- C:\Program Files\Ask.com\Updater\Updater.exe
PRC - [2011.04.29 08:23:14 | 000,136,360 | ---- | M] (Avira GmbH) -- C:\Program Files\Avira\AntiVir Desktop\sched.exe
PRC - [2010.11.21 11:49:24 | 000,247,608 | ---- | M] () -- C:\Program Files\ICQ6Toolbar\ICQ Service.exe
PRC - [2010.11.04 14:41:06 | 000,281,768 | ---- | M] (Avira GmbH) -- C:\Program Files\Avira\AntiVir Desktop\avgnt.exe
PRC - [2010.01.14 22:10:53 | 000,076,968 | ---- | M] (Avira GmbH) -- C:\Program Files\Avira\AntiVir Desktop\avshadow.exe
PRC - [2009.04.11 08:27:36 | 002,926,592 | ---- | M] (Microsoft Corporation) -- C:\Windows\explorer.exe
PRC - [2009.04.11 08:27:28 | 000,069,120 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\conime.exe
PRC - [2009.01.28 09:39:02 | 000,185,640 | ---- | M] (TeamViewer GmbH) -- C:\Program Files\TeamViewer\Version4\TeamViewer_Service.exe
PRC - [2008.10.25 11:44:34 | 000,031,072 | -H-- | M] (Microsoft Corporation) -- D:\Microsoft Office\Office12\GrooveMonitor.exe
PRC - [2008.08.27 03:02:32 | 000,708,608 | ---- | M] (Mirco-Star International  CO., LTD.) -- C:\Program Files\System Control Manager\MGSysCtrl.exe
PRC - [2008.08.27 01:52:14 | 000,159,744 | ---- | M] () -- C:\Program Files\System Control Manager\MSIService.exe
PRC - [2008.07.21 02:45:06 | 000,354,840 | ---- | M] (Intel Corporation) -- C:\Program Files\Intel\Intel Matrix Storage Manager\IAANTMon.exe
PRC - [2008.07.21 02:45:06 | 000,182,808 | ---- | M] (Intel Corporation) -- C:\Program Files\Intel\Intel Matrix Storage Manager\IAAnotif.exe
PRC - [2008.07.04 11:03:18 | 000,050,952 | ---- | M] (UPEK Inc.) -- C:\Program Files\Protector Suite QL\upeksvr.exe
PRC - [2008.07.04 10:44:46 | 000,278,792 | ---- | M] (UPEK Inc.) -- C:\Program Files\Protector Suite QL\psqltray.exe
PRC - [2008.05.28 10:06:00 | 006,144,000 | ---- | M] (Realtek Semiconductor) -- C:\Windows\RtHDVCpl.exe
PRC - [2008.05.01 04:41:12 | 000,815,104 | ---- | M] (Intel(R) Corporation) -- C:\Program Files\Intel\WiFi\bin\EvtEng.exe
PRC - [2008.05.01 04:10:10 | 000,466,944 | ---- | M] (Intel(R) Corporation) -- C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe
PRC - [2008.03.03 16:05:04 | 000,959,976 | ---- | M] (Check Point Software Technologies LTD) -- C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe
PRC - [2008.03.03 16:05:02 | 000,079,400 | ---- | M] (Check Point Software Technologies LTD) -- C:\Windows\System32\ZoneLabs\vsmon.exe
PRC - [2007.09.29 01:03:46 | 000,075,136 | ---- | M] ( TOSHIBA CORPORATION) -- C:\Program Files\Toshiba\Bluetooth Toshiba Stack\ItSecMng.exe
PRC - [2006.11.02 11:44:50 | 000,016,384 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\attrib.exe
 
 
========== Modules (No Company Name) ==========
 
MOD - [2011.09.08 17:14:08 | 001,846,232 | ---- | M] () -- C:\Program Files\Mozilla Firefox 4.0 Beta 10\mozjs.dll
MOD - [2011.07.25 22:49:07 | 006,271,648 | ---- | M] () -- C:\Windows\System32\Macromed\Flash\NPSWF32.dll
MOD - [2008.08.25 20:47:16 | 000,192,512 | ---- | M] () -- C:\Program Files\System Control Manager\MSIWmiAcpi.dll
MOD - [2008.07.18 22:39:04 | 000,053,248 | ---- | M] () -- C:\Program Files\System Control Manager\MGKBHook.dll
MOD - [2008.06.10 16:13:00 | 000,159,744 | ---- | M] () -- C:\Windows\System32\atitmmxx.dll
MOD - [2008.03.03 16:06:04 | 000,194,032 | ---- | M] () -- C:\Windows\System32\ZoneLabs\lib\pyd\zpui.pyd
MOD - [2008.03.03 16:06:04 | 000,144,880 | ---- | M] () -- C:\Windows\System32\ZoneLabs\lib\pyd\pyexpat.pyd
MOD - [2001.08.10 15:23:14 | 000,388,608 | ---- | M] () -- C:\PROGRA~1\TEXTware\QUICKF~1\PlugIns\IEHelp.dll
 
 
========== Win32 Services (SafeList) ==========
 
SRV - [2011.07.05 10:25:08 | 002,428,968 | ---- | M] (mobile concepts GmbH) [On_Demand | Stopped] -- C:\Program Files\CyberGhost VPN\CGVPNCliService.exe -- (CGVPNCliSrvc)
SRV - [2011.06.28 18:52:46 | 000,269,480 | ---- | M] (Avira GmbH) [Auto | Running] -- C:\Program Files\Avira\AntiVir Desktop\avguard.exe -- (AntiVirService)
SRV - [2011.05.21 20:07:20 | 000,040,960 | -H-- | M] () [Auto | Running] -- C:\Users\July\AppData\Roaming\OCS\SM\SearchAnonymizerHelper.exe -- (SearchAnonymizer)
SRV - [2011.04.29 08:23:14 | 000,136,360 | ---- | M] (Avira GmbH) [Auto | Running] -- C:\Program Files\Avira\AntiVir Desktop\sched.exe -- (AntiVirSchedulerService)
SRV - [2010.11.21 11:49:24 | 000,247,608 | ---- | M] () [Auto | Running] -- C:\Program Files\ICQ6Toolbar\ICQ Service.exe -- (ICQ Service)
SRV - [2009.11.12 11:34:14 | 000,036,352 | ---- | M] () [On_Demand | Stopped] -- C:\Program Files\OpenVPN\bin\openvpnserv.exe -- (OpenVPNService)
SRV - [2009.01.28 09:39:02 | 000,185,640 | ---- | M] (TeamViewer GmbH) [Auto | Running] -- C:\Program Files\TeamViewer\Version4\TeamViewer_Service.exe -- (TeamViewer4)
SRV - [2008.10.25 11:44:08 | 000,065,888 | -H-- | M] (Microsoft Corporation) [On_Demand | Stopped] -- D:\Microsoft Office\Office12\GrooveAuditService.exe -- (Microsoft Office Groove Audit Service)
SRV - [2008.08.27 01:52:14 | 000,159,744 | ---- | M] () [Auto | Running] -- C:\Program Files\System Control Manager\MSIService.exe -- (Micro Star SCM)
SRV - [2008.07.21 02:45:06 | 000,354,840 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files\Intel\Intel Matrix Storage Manager\IAANTMon.exe -- (IAANTMON) Intel(R)
SRV - [2008.05.23 07:54:42 | 000,120,168 | ---- | M] (TOSHIBA CORPORATION) [Disabled | Stopped] -- C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtSrv.exe -- (TOSHIBA Bluetooth Service)
SRV - [2008.05.01 04:41:12 | 000,815,104 | ---- | M] (Intel(R) Corporation) [Auto | Running] -- C:\Program Files\Intel\WiFi\bin\EvtEng.exe -- (EvtEng)
SRV - [2008.05.01 04:10:10 | 000,466,944 | ---- | M] (Intel(R) Corporation) [Auto | Running] -- C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe -- (RegSrvc)
SRV - [2008.03.03 16:05:02 | 000,079,400 | ---- | M] (Check Point Software Technologies LTD) [Auto | Running] -- C:\Windows\System32\ZoneLabs\vsmon.exe -- (vsmon)
SRV - [2008.01.21 04:23:32 | 000,272,952 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files\Windows Defender\mpsvc.dll -- (WinDefend)
SRV - [2005.11.17 15:18:52 | 001,527,900 | ---- | M] (MAGIX®) [On_Demand | Stopped] -- C:\Program Files\MAGIX\Common\Database\bin\fbserver.exe -- (FirebirdServerMAGIXInstance)
 
 
========== Driver Services (SafeList) ==========
 
DRV - [2011.06.28 18:52:47 | 000,138,192 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\Windows\System32\drivers\avipbb.sys -- (avipbb)
DRV - [2011.06.28 18:52:47 | 000,066,616 | ---- | M] (Avira GmbH) [File_System | Auto | Running] -- C:\Windows\System32\drivers\avgntflt.sys -- (avgntflt)
DRV - [2011.06.02 07:47:22 | 000,136,808 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\ssadmdm.sys -- (ssadmdm)
DRV - [2011.06.02 07:47:22 | 000,121,064 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\ssadbus.sys -- (ssadbus) SAMSUNG Android USB Composite Device driver (WDM)
DRV - [2011.06.02 07:47:22 | 000,114,280 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\ssadserd.sys -- (ssadserd) SAMSUNG Android USB Diagnostic Serial Port (WDM)
DRV - [2011.06.02 07:47:22 | 000,012,776 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\ssadmdfl.sys -- (ssadmdfl) SAMSUNG Android USB Modem (Filter)
DRV - [2010.12.21 07:55:02 | 000,030,312 | ---- | M] (Google Inc) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\ssadadb.sys -- (androidusb)
DRV - [2010.10.20 14:43:08 | 000,007,680 | ---- | M] (MSI) [Kernel | On_Demand | Stopped] -- C:\Program Files\MSI\Live Update 5\NTIOLib.sys -- (NTIOLib_1_0_4)
DRV - [2010.05.10 10:44:42 | 000,025,912 | ---- | M] (Your Corporation) [Kernel | On_Demand | Stopped] -- C:\Program Files\MSI\Live Update 5\msibios32_100507.sys -- (MSI_MSIBIOS_010507)
DRV - [2010.02.25 17:51:02 | 000,025,216 | ---- | M] (The OpenVPN Project) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\tap0901.sys -- (tap0901)
DRV - [2009.05.11 10:12:49 | 000,028,520 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\Windows\System32\drivers\ssmdrv.sys -- (ssmdrv)
DRV - [2009.04.11 06:45:24 | 000,113,664 | ---- | M] (Microsoft Corporation) [Kernel | Auto | Running] -- C:\Windows\System32\drivers\rmcast.sys -- (RMCAST) RMCAST (Pgm)
DRV - [2008.08.06 10:26:00 | 000,124,928 | ---- | M] (Realtek Corporation                                            ) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\Rtlh86.sys -- (RTL8169)
DRV - [2008.06.27 21:06:28 | 000,041,728 | ---- | M] (TOSHIBA CORPORATION) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\tosrfusb.sys -- (Tosrfusb)
DRV - [2008.06.10 18:35:00 | 003,839,488 | ---- | M] (ATI Technologies Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\atikmdag.sys -- (atikmdag)
DRV - [2008.05.14 01:16:06 | 000,064,000 | ---- | M] (TOSHIBA Corporation) [Kernel | System | Running] -- C:\Windows\System32\drivers\tosrfcom.sys -- (Tosrfcom)
DRV - [2008.04.29 11:31:00 | 000,143,328 | ---- | M] (Realtek Semiconductor Corp.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\RtHDMIV.sys -- (RTHDMIAzAudService)
DRV - [2008.04.28 15:29:26 | 003,658,752 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\NETw5v32.sys -- (NETw5v32) Intel(R)
DRV - [2008.04.27 20:07:44 | 000,909,824 | ---- | M] (Atheros Communications, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\athr.sys -- (athr)
DRV - [2008.04.24 02:15:26 | 000,131,712 | ---- | M] (TOSHIBA CORPORATION) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\tosrfbd.sys -- (tosrfbd)
DRV - [2008.04.08 16:41:34 | 000,140,832 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\USB_0064.sys -- (DVBUSB_0064_Sevice)
DRV - [2008.03.25 22:54:02 | 000,041,472 | ---- | M] (TOSHIBA Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\tosporte.sys -- (tosporte)
DRV - [2008.03.19 20:38:24 | 000,074,112 | ---- | M] (TOSHIBA Corporation.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\Tosrfhid.sys -- (Tosrfhid)
DRV - [2008.03.03 16:06:04 | 000,279,440 | ---- | M] (Check Point Software Technologies LTD) [Kernel | System | Running] -- C:\Windows\System32\drivers\vsdatant.sys -- (Vsdatant)
DRV - [2008.01.23 05:57:48 | 000,054,144 | ---- | M] (TOSHIBA Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\TosRfSnd.sys -- (TosRfSnd)
DRV - [2008.01.21 04:23:26 | 000,045,624 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\tpm.sys -- (TPM)
DRV - [2007.11.29 18:45:44 | 000,036,608 | ---- | M] (TOSHIBA Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\tosrfbnp.sys -- (tosrfbnp)
DRV - [2007.10.31 19:36:32 | 002,252,800 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\NETw4v32.sys -- (NETw4v32) Intel(R)
DRV - [2007.03.19 17:00:14 | 000,031,616 | ---- | M] () [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\RLVrtAuCbl.sys -- (ReallusionVirtualAudio)
DRV - [2005.01.07 14:42:00 | 000,018,612 | ---- | M] (TOSHIBA Corporation.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\tosrfnds.sys -- (tosrfnds)
 
 
========== Standard Registry (SafeList) ==========
 
 
========== Internet Explorer ==========
 
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://www.msi.com.tw
 
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://go.gmx.net/br/ie9_startpage
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Search_URL = hxxp://search.qip.ru
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = hxxp://search.qip.ru
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://go.gmx.net/tb/ie_startpage
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,StartPageCache = 1
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = hxxp://search.qip.ru/ie
IE - HKCU\..\URLSearchHook:  - No CLSID value found
IE - HKCU\..\URLSearchHook: {855F3B16-6D32-4fe6-8A56-BBB695989046} - C:\Program Files\ICQ6Toolbar\ICQToolBar.dll (ICQ)
IE - HKCU\..\URLSearchHook: {A55F9C95-2BB1-4EA2-BC77-DFAAB78832CE} - No CLSID value found
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = <local>
 
========== FireFox ==========
 
FF - prefs.js..browser.search.defaultenginename: "ICQ Search"
FF - prefs.js..browser.search.defaulturl: "hxxp://search.icq.com/search/afe_results.php?ch_id=afex&tb_ver=1.2.9&q="
FF - prefs.js..browser.search.selectedEngine: "Google"
FF - prefs.js..browser.search.useDBForOrder: true
FF - prefs.js..browser.startup.homepage: "hxxp://www.gmx.de/"
FF - prefs.js..extensions.enabledItems: toolbar@ask.com:3.11.3.15590
FF - prefs.js..extensions.enabledItems: {d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}:1.3.3
FF - prefs.js..extensions.enabledItems: {8AA36F4F-6DC7-4c06-77AF-5035170634FE}:2010.01.21
FF - prefs.js..keyword.URL: "hxxp://search.icq.com/search/afe_results.php?ch_id=afex&tb_ver=1.3.3&q="
FF - prefs.js..network.proxy.type: 4
 
FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF32.dll ()
FF - HKLM\Software\MozillaPlugins\@divx.com/DivX Browser Plugin,version=1.0.0: C:\Program Files\DivX\DivX Web Player\npdivx32.dll (DivX,Inc.)
FF - HKLM\Software\MozillaPlugins\@divx.com/DivX Player Plugin,version=1.0.0: C:\Program Files\DivX\DivX Player\npDivxPlayerPlugin.dll (DivX, Inc)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files\Java\jre6\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: C:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@videolan.org/vlc,version=0.9.8a: C:\Program Files\VideoLAN\VLC\npvlc.dll (the VideoLAN Team)
 
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 4.0b10\extensions\\Components: C:\Program Files\Mozilla Firefox 4.0 Beta 10\components [2011.09.08 17:14:09 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 4.0b10\extensions\\Plugins: C:\Program Files\Mozilla Firefox 4.0 Beta 10\plugins
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 6.0.2\extensions\\Components: C:\Program Files\Mozilla Firefox 4.0 Beta 10\components [2011.09.08 17:14:09 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 6.0.2\extensions\\Plugins: C:\Program Files\Mozilla Firefox 4.0 Beta 10\plugins
 
[2009.02.07 11:32:33 | 000,000,000 | -H-D | M] (No name found) -- C:\Users\July\AppData\Roaming\mozilla\Extensions
[2011.09.28 16:56:19 | 000,000,000 | -H-D | M] (No name found) -- C:\Users\July\AppData\Roaming\mozilla\Firefox\Profiles\9dktzsce.default\extensions
[2010.04.28 16:19:18 | 000,000,000 | -H-D | M] (Microsoft .NET Framework Assistant) -- C:\Users\July\AppData\Roaming\mozilla\Firefox\Profiles\9dktzsce.default\extensions\{20a82645-c095-46ed-80e3-08825760534b}
[2011.09.27 15:48:20 | 000,000,000 | -H-D | M] ("ICQ Toolbar") -- C:\Users\July\AppData\Roaming\mozilla\Firefox\Profiles\9dktzsce.default\extensions\{800b5000-a755-47e1-992b-48a1c1357f07}
[2009.02.07 11:41:51 | 000,000,000 | -H-D | M] (Password Bank) -- C:\Users\July\AppData\Roaming\mozilla\Firefox\Profiles\9dktzsce.default\extensions\passwordbank@upek.com
[2011.09.24 11:03:40 | 000,000,000 | -H-D | M] ("Ask Toolbar") -- C:\Users\July\AppData\Roaming\mozilla\Firefox\Profiles\9dktzsce.default\extensions\toolbar@ask.com
[2011.05.31 12:25:50 | 000,010,525 | -H-- | M] () -- C:\Users\July\AppData\Roaming\Mozilla\Firefox\Profiles\9dktzsce.default\searchplugins\gmx-suche.xml
[2011.09.27 15:02:40 | 000,000,950 | -H-- | M] () -- C:\Users\July\AppData\Roaming\Mozilla\Firefox\Profiles\9dktzsce.default\searchplugins\icqplugin-1.xml
[2011.08.17 10:55:16 | 000,000,950 | -H-- | M] () -- C:\Users\July\AppData\Roaming\Mozilla\Firefox\Profiles\9dktzsce.default\searchplugins\icqplugin-2.xml
[2011.08.18 19:37:27 | 000,000,950 | -H-- | M] () -- C:\Users\July\AppData\Roaming\Mozilla\Firefox\Profiles\9dktzsce.default\searchplugins\icqplugin-3.xml
[2011.08.21 13:16:51 | 000,000,950 | -H-- | M] () -- C:\Users\July\AppData\Roaming\Mozilla\Firefox\Profiles\9dktzsce.default\searchplugins\icqplugin-4.xml
[2011.08.31 18:53:47 | 000,000,950 | -H-- | M] () -- C:\Users\July\AppData\Roaming\Mozilla\Firefox\Profiles\9dktzsce.default\searchplugins\icqplugin-5.xml
[2011.09.08 17:55:36 | 000,000,950 | -H-- | M] () -- C:\Users\July\AppData\Roaming\Mozilla\Firefox\Profiles\9dktzsce.default\searchplugins\icqplugin-6.xml
[2011.09.25 17:27:46 | 000,000,168 | -H-- | M] () -- C:\Users\July\AppData\Roaming\Mozilla\Firefox\Profiles\9dktzsce.default\searchplugins\icqplugin.gif
[2011.09.25 17:27:46 | 000,000,618 | -H-- | M] () -- C:\Users\July\AppData\Roaming\Mozilla\Firefox\Profiles\9dktzsce.default\searchplugins\icqplugin.src
[2011.06.21 23:43:44 | 000,000,950 | -H-- | M] () -- C:\Users\July\AppData\Roaming\Mozilla\Firefox\Profiles\9dktzsce.default\searchplugins\icqplugin.xml
[2010.10.13 19:59:14 | 000,002,311 | -H-- | M] () -- C:\Users\July\AppData\Roaming\Mozilla\Firefox\Profiles\9dktzsce.default\searchplugins\qipsearch.xml
[2010.10.13 19:59:14 | 000,002,182 | -H-- | M] () -- C:\Users\July\AppData\Roaming\Mozilla\Firefox\Profiles\9dktzsce.default\searchplugins\{5A4CE7A1-8CED-4F08-9BAC-10CBC768DB40}.xml
[2010.10.13 19:59:14 | 000,002,071 | -H-- | M] () -- C:\Users\July\AppData\Roaming\Mozilla\Firefox\Profiles\9dktzsce.default\searchplugins\{959DBEBF-B491-4DEB-80E6-A0D5C2F63AA3}.xml
[2010.10.13 19:59:14 | 000,001,864 | -H-- | M] () -- C:\Users\July\AppData\Roaming\Mozilla\Firefox\Profiles\9dktzsce.default\searchplugins\{E51E7004-D3FE-4846-A581-F9280F80793A}.xml
[2011.05.22 23:15:40 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\mozilla firefox\extensions
[2010.10.31 14:25:16 | 000,000,000 | ---D | M] ("Citavi Picker") -- C:\Program Files\mozilla firefox\extensions\{8AA36F4F-6DC7-4c06-77AF-5035170634FE}
() (No name found) -- C:\USERS\JULY\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\9DKTZSCE.DEFAULT\EXTENSIONS\{D10D0BF8-F5B5-C8B4-A8B2-2B9879E08C5D}.XPI
() (No name found) -- C:\USERS\JULY\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\9DKTZSCE.DEFAULT\EXTENSIONS\TOOLBAR@GMX.NET.XPI
 
O1 HOSTS File: ([2011.05.21 20:08:46 | 000,000,761 | ---- | M]) - C:\Windows\System32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1       localhost
O1 - Hosts: ::1             localhost
O2 - BHO: (Adobe PDF Reader Link Helper) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll (Adobe Systems Incorporated)
O2 - BHO: (GMX Konfiguration) - {17166733-40EA-4432-A85C-AE672FF0E236} - C:\ProgramData\1und1InternetExplorerAddon\BHOXML.dll (1&1 Mail & Media GmbH)
O2 - BHO: (no name) - {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} - No CLSID value found.
O2 - BHO: (Groove GFS Browser Helper) - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - D:\Microsoft Office\Office12\GrooveShellExtensions.dll (Microsoft Corporation)
O2 - BHO: (GMX Toolbar BHO) - {BF42D4A8-016E-4fcd-B1EB-837659FD77C6} - C:\Program Files\GMX Toolbar\IE\uitb.dll (1und1 Mail und Media GmbH)
O2 - BHO: (QUICKfind BHO Object) - {C08DF07A-3E49-4E25-9AB0-D3882835F153} - C:\PROGRA~1\TEXTware\QUICKF~1\PlugIns\IEHelp.dll ()
O2 - BHO: (Ask Toolbar) - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files\Ask.com\GenericAskToolbar.dll (Ask)
O3 - HKLM\..\Toolbar: (no name) - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - No CLSID value found.
O3 - HKLM\..\Toolbar: (ICQToolBar) - {855F3B16-6D32-4FE6-8A56-BBB695989046} - C:\Program Files\ICQ6Toolbar\ICQToolBar.dll (ICQ)
O3 - HKLM\..\Toolbar: (TerraTec Home Cinema) - {AD6E6555-FB2C-47D4-8339-3E2965509877} - C:\PROGRA~1\TerraTec\TERRAT~1\THCDES~1.DLL (TerraTec Electronic GmbH)
O3 - HKLM\..\Toolbar: (GMX Toolbar BETA 1) - {C424171E-592A-415a-9EB1-DFD6D95D3530} - C:\Program Files\GMX Toolbar\IE\uitb.dll (1und1 Mail und Media GmbH)
O3 - HKLM\..\Toolbar: (Ask Toolbar) - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files\Ask.com\GenericAskToolbar.dll (Ask)
O3 - HKCU\..\Toolbar\WebBrowser: (GMX Toolbar BETA 1) - {C424171E-592A-415A-9EB1-DFD6D95D3530} - C:\Program Files\GMX Toolbar\IE\uitb.dll (1und1 Mail und Media GmbH)
O3 - HKCU\..\Toolbar\WebBrowser: (Ask Toolbar) - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files\Ask.com\GenericAskToolbar.dll (Ask)
O4 - HKLM..\Run: []  File not found
O4 - HKLM..\Run: [ApnUpdater] C:\Program Files\Ask.com\Updater\Updater.exe (Ask)
O4 - HKLM..\Run: [avgnt] C:\Program Files\Avira\AntiVir Desktop\avgnt.exe (Avira GmbH)
O4 - HKLM..\Run: [GrooveMonitor] D:\Microsoft Office\Office12\GrooveMonitor.exe (Microsoft Corporation)
O4 - HKLM..\Run: [IAAnotif] C:\Program Files\Intel\Intel Matrix Storage Manager\iaanotif.exe (Intel Corporation)
O4 - HKLM..\Run: [ITSecMng] C:\Program Files\TOSHIBA\Bluetooth Toshiba Stack\ItSecMng.exe ( TOSHIBA CORPORATION)
O4 - HKLM..\Run: [Live Update 5] C:\Program Files\MSI\Live Update 5\LU5.exe ()
O4 - HKLM..\Run: [MGSysCtrl] C:\Program Files\System Control Manager\MGSysCtrl.exe (Mirco-Star International  CO., LTD.)
O4 - HKLM..\Run: [Ocs_SM] C:\Users\July\AppData\Roaming\OCS\SM\SearchAnonymizer.exe (OCS)
O4 - HKLM..\Run: [PSQLLauncher] C:\Program Files\Protector Suite QL\launcher.exe (UPEK Inc.)
O4 - HKLM..\Run: [RtHDVCpl] C:\Windows\RtHDVCpl.exe (Realtek Semiconductor)
O4 - HKLM..\Run: [StartCCC] C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe (Advanced Micro Devices, Inc.)
O4 - HKLM..\Run: [Windows Defender] C:\Program Files\Windows Defender\MSASCui.exe (Microsoft Corporation)
O4 - HKLM..\Run: [ZoneAlarm Client] C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe (Check Point Software Technologies LTD)
O4 - HKCU..\Run: [kwlfon] rundll32 C:\Users\July\AppData\Roaming\MICROS~1\Protect\espa.kk, qjok File not found
O4 - HKCU..\Run: [uIHokJiHsVWWMqk.exe] C:\ProgramData\uIHokJiHsVWWMqk.exe (NetPlay Software)
O4 - Startup: C:\Users\July\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\dxdiag.exe ()
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: DisableCAD = 1
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O8 - Extra context menu item: Nach Microsoft E&xel exportieren - D:\Microsoft Office\Office12\EXCEL.EXE (Microsoft Corporation)
O9 - Extra Button: An OneNote senden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - D:\Microsoft Office\Office12\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : An OneNote s&enden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - D:\Microsoft Office\Office12\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra Button: ICQ7.5 - {7578ADEA-D65F-4C89-A249-B1C88B6FFC20} - C:\Program Files\ICQ7.5\ICQ.exe (ICQ, LLC.)
O9 - Extra 'Tools' menuitem : ICQ7.5 - {7578ADEA-D65F-4C89-A249-B1C88B6FFC20} - C:\Program Files\ICQ7.5\ICQ.exe (ICQ, LLC.)
O9 - Extra Button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - D:\Microsoft Office\Office12\REFIEBAR.DLL (Microsoft Corporation)
O13 - gopher Prefix: missing
O16 - DPF: {08631890-6059-4255-B37F-F23AD334D122} hxxp://epis.ewha.ac.kr:8880/EP/web/common/cabfiles/ACUBEActiveXUninstallControl.cab (ACUBEActiveXUninstallControl Control)
O16 - DPF: {1CCA7AD8-4FF3-4449-B994-FD5CD326444C} hxxp://portal.ewha.ac.kr/sso/plugins/NMPCertX.cab (NMPCertX Class)
O16 - DPF: {3D64E58D-CB55-4344-B809-CFE38F900838} hxxp://portal.ewha.ac.kr/sso/plugins/MagicLoaderX.cab (MagicLoaderX Class)
O16 - DPF: {5441F297-BB6C-4D6C-9E05-4FD14D96B605} hxxp://epis.ewha.ac.kr:8880/EP/web/common/cabfiles/IE8Tools.cab (BlockIEDevTools Class)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_26-windows-i586.cab (Java Plug-in 1.6.0_26)
O16 - DPF: {9D67EBF0-AF1A-4BCE-BAC9-C84A9383E0B3} hxxp://epis.ewha.ac.kr:8880/EP/web/common/cabfiles/UniSSOCheck.cab (SSOCheck Class)
O16 - DPF: {AD6870C0-44B7-42FB-A119-C2C6BD9CD005} hxxp://portal.ewha.ac.kr/sso/plugins/MagicPassX.cab (MagicPass Class)
O16 - DPF: {CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_07-windows-i586.cab (Java Plug-in 1.6.0_07)
O16 - DPF: {CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_26-windows-i586.cab (Java Plug-in 1.6.0_26)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_26-windows-i586.cab (Java Plug-in 1.6.0_26)
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} hxxp://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab (Shockwave Flash Object)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 203.246.162.253 164.124.101.2
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{15BE69AD-4DBE-4023-9B54-69446053DA77}: DhcpNameServer = 203.246.162.253 164.124.101.2
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{C637203B-0434-4E9D-A134-A672011AA19A}: DhcpNameServer = 192.168.1.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{D15839B7-19BA-4F02-9A0F-33F07989504C}: DhcpNameServer = 193.22.254.22
O18 - Protocol\Handler\gmx {8FAF0273-9CA8-4efc-9536-1E35E254D5CD} - C:\Program Files\GMX Toolbar\IE\uitb.dll (1und1 Mail und Media GmbH)
O18 - Protocol\Handler\grooveLocalGWS {88FED34C-F0CA-4636-A375-3CB6248B04CD} - D:\Microsoft Office\Office12\GrooveSystemServices.dll (Microsoft Corporation)
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL (Skype Technologies)
O18 - Protocol\Filter\text/xml {807563E5-5146-11D5-A672-00B0D022E945} - C:\PROGRA~1\COMMON~1\MICROS~1\OFFICE12\MSOXMLMF.DLL (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (explorer.exe) -C:\Windows\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) -C:\Windows\System32\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: GinaDLL - (vrlogon.dll) -C:\Windows\System32\vrlogon.dll (UPEK Inc.)
O20 - Winlogon\Notify\psfus: DllName - (C:\Windows\system32\psqlpwd.dll) - C:\Windows\System32\psqlpwd.dll (UPEK Inc.)
O24 - Desktop WallPaper: C:\Users\Public\Pictures\Sample Pictures\Autumn Leaves.jpg
O24 - Desktop BackupWallPaper: C:\Users\Public\Pictures\Sample Pictures\Autumn Leaves.jpg
O28 - HKLM ShellExecuteHooks: {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - D:\Microsoft Office\Office12\GrooveShellExtensions.dll (Microsoft Corporation)
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2009.03.03 13:02:11 | 000,000,057 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]
O33 - MountPoints2\{28bfba81-5345-11de-90e2-002185560a86}\Shell\AutoRun\command - "" = F:\setup.exe
O33 - MountPoints2\{4d26b746-f784-11de-8f33-002185560a86}\Shell - "" = AutoRun
O33 - MountPoints2\{4d26b746-f784-11de-8f33-002185560a86}\Shell\AutoRun\command - "" = H:\LaunchU3.exe -a
O33 - MountPoints2\{8af45932-0cd9-11e0-9e6d-002185560a86}\Shell - "" = AutoRun
O33 - MountPoints2\{8af45932-0cd9-11e0-9e6d-002185560a86}\Shell\AutoRun\command - "" = G:\LaunchU3.exe -a
O33 - MountPoints2\{9efac829-7f50-11de-8319-002185560a86}\Shell - "" = AutoRun
O33 - MountPoints2\{9efac829-7f50-11de-8319-002185560a86}\Shell\AutoRun\command - "" = G:\LaunchU3.exe -a
O33 - MountPoints2\G\Shell - "" = AutoRun
O33 - MountPoints2\G\Shell\AutoRun\command - "" = G:\LaunchU3.exe -a
O34 - HKLM BootExecute: (autocheck autochk *)
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
 
========== Files/Folders - Created Within 30 Days ==========
 
[2011.09.28 13:00:49 | 000,000,000 | -H-D | C] -- C:\Users\July\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Data Repair
[2011.09.28 13:00:02 | 000,346,624 | -H-- | C] (NetPlay Software) -- C:\ProgramData\6DSS92c31Apgjk.exe
[2011.09.28 12:51:09 | 000,458,752 | -H-- | C] (NetPlay Software) -- C:\ProgramData\uIHokJiHsVWWMqk.exe
[2011.09.21 06:04:19 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\CyberGhost VPN
[2011.09.21 06:03:35 | 000,000,000 | -H-D | C] -- C:\Users\July\AppData\Roaming\EurekaLog
[2011.09.16 09:22:21 | 000,025,216 | ---- | C] (The OpenVPN Project) -- C:\Windows\System32\drivers\tap0901.sys
[2011.09.16 09:22:15 | 000,000,000 | -H-D | C] -- C:\CyberGhost VPN
[2011.09.16 07:00:39 | 000,000,000 | -H-D | C] -- C:\Users\July\AppData\Roaming\JonDo
[2011.09.16 06:58:27 | 000,000,000 | -H-D | C] -- C:\Users\July\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\JAP
[2011.09.16 06:58:27 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\JAP
[2011.09.16 06:57:05 | 000,000,000 | ---D | C] -- C:\Program Files\JAP
[2011.09.16 06:09:51 | 000,000,000 | ---D | C] -- C:\Program Files\CyberGhost VPN
[2011.09.14 09:25:29 | 000,000,000 | ---D | C] -- C:\Program Files\DreamSecurity
[2011.09.14 09:13:44 | 000,110,592 | ---- | C] (Samsung SDS) -- C:\Windows\System32\UniSSOCheck.dll
[2011.09.14 09:13:44 | 000,000,000 | ---D | C] -- C:\Program Files\Samsung SDS
[2011.09.10 20:44:17 | 000,000,000 | -H-D | C] -- C:\Users\July\AppData\Roaming\Reallusion
[2011.09.10 20:44:17 | 000,000,000 | -H-D | C] -- D:\My Dropbox\Documents\CamSuite Gallery
[2011.09.07 16:26:51 | 000,000,000 | -H-D | C] -- C:\Users\July\.dreamsecurity
[2011.09.07 15:51:31 | 000,000,000 | -H-D | C] -- C:\ProgramData\UUdb
[2011.09.07 10:18:59 | 000,000,000 | -H-D | C] -- C:\Users\July\Desktop\course syllabus
[6 C:\Users\July\Desktop\*.tmp files -> C:\Users\July\Desktop\*.tmp -> ]
[3 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]
[1 C:\Windows\System32\drivers\*.tmp files -> C:\Windows\System32\drivers\*.tmp -> ]
 
========== Files - Modified Within 30 Days ==========
 
[2011.09.30 15:30:52 | 000,352,615 | -H-- | M] () -- C:\Windows\System32\drivers\vsconfig.xml
[2011.09.30 15:30:42 | 000,003,216 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0
[2011.09.30 15:30:42 | 000,003,216 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0
[2011.09.30 15:30:27 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2011.09.30 15:29:41 | 3220,340,736 | -HS- | M] () -- C:\hiberfil.sys
[2011.09.28 13:25:03 | 000,000,208 | -H-- | M] () -- C:\ProgramData\~6DSS92c31Apgjk
[2011.09.28 13:25:03 | 000,000,128 | -H-- | M] () -- C:\ProgramData\~6DSS92c31Apgjkr
[2011.09.28 13:08:12 | 000,626,790 | ---- | M] () -- C:\Windows\System32\perfh007.dat
[2011.09.28 13:08:12 | 000,594,224 | ---- | M] () -- C:\Windows\System32\perfh009.dat
[2011.09.28 13:08:12 | 000,126,388 | ---- | M] () -- C:\Windows\System32\perfc007.dat
[2011.09.28 13:08:12 | 000,104,038 | ---- | M] () -- C:\Windows\System32\perfc009.dat
[2011.09.28 13:06:45 | 000,000,456 | -H-- | M] () -- C:\ProgramData\6DSS92c31Apgjk
[2011.09.28 13:00:49 | 000,000,613 | -H-- | M] () -- C:\Users\July\Desktop\Data Repair.lnk
[2011.09.28 13:00:02 | 000,346,624 | -H-- | M] (NetPlay Software) -- C:\ProgramData\6DSS92c31Apgjk.exe
[2011.09.28 12:50:13 | 000,458,752 | -H-- | M] (NetPlay Software) -- C:\ProgramData\uIHokJiHsVWWMqk.exe
[2011.09.27 09:32:27 | 255,819,054 | ---- | M] () -- C:\Windows\MEMORY.DMP
[2011.09.15 10:25:00 | 000,016,896 | -H-- | M] () -- C:\Users\July\Desktop\EKLES_Form (2).hwp
[2011.09.14 08:59:52 | 000,404,640 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\System32\FlashPlayerCPLApp.cpl
[6 C:\Users\July\Desktop\*.tmp files -> C:\Users\July\Desktop\*.tmp -> ]
[3 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]
[1 C:\Windows\System32\drivers\*.tmp files -> C:\Windows\System32\drivers\*.tmp -> ]
 
========== Files Created - No Company Name ==========
 
[2011.09.28 13:25:03 | 000,000,128 | -H-- | C] () -- C:\ProgramData\~6DSS92c31Apgjkr
[2011.09.28 13:25:02 | 000,000,208 | -H-- | C] () -- C:\ProgramData\~6DSS92c31Apgjk
[2011.09.28 13:00:49 | 000,000,613 | -H-- | C] () -- C:\Users\July\Desktop\Data Repair.lnk
[2011.09.28 13:00:39 | 000,000,456 | -H-- | C] () -- C:\ProgramData\6DSS92c31Apgjk
[2011.09.28 12:57:11 | 3220,340,736 | -HS- | C] () -- C:\hiberfil.sys
[2011.09.15 11:18:49 | 000,016,896 | -H-- | C] () -- C:\Users\July\Desktop\EKLES_Form (2).hwp
[2011.06.07 11:13:38 | 000,974,848 | ---- | C] () -- C:\Windows\System32\cis-2.4.dll
[2011.06.07 11:13:38 | 000,081,920 | ---- | C] () -- C:\Windows\System32\issacapi_bs-2.3.dll
[2011.06.07 11:13:38 | 000,065,536 | ---- | C] () -- C:\Windows\System32\issacapi_pe-2.3.dll
[2011.06.07 11:13:38 | 000,057,344 | ---- | C] () -- C:\Windows\System32\issacapi_se-2.3.dll
[2011.06.07 11:13:38 | 000,030,568 | ---- | C] () -- C:\Windows\MusiccityDownload.exe
[2011.05.19 22:21:26 | 000,000,034 | ---- | C] () -- C:\Windows\cdplayer.ini
[2011.03.06 16:47:26 | 000,000,048 | -H-- | C] () -- C:\Windows\System32\ezsidmv.dat
[2011.03.05 11:28:22 | 000,000,306 | RHS- | C] () -- C:\ProgramData\ntuser.pol
[2010.05.17 12:36:53 | 000,081,920 | ---- | C] () -- C:\Windows\System32\GkSui20.EXE
[2009.11.01 19:50:05 | 000,000,680 | -H-- | C] () -- C:\Users\July\AppData\Local\d3d9caps.dat
[2009.10.20 19:50:29 | 000,117,248 | ---- | C] () -- C:\Windows\System32\EhStorAuthn.dll
[2009.10.20 19:50:29 | 000,107,612 | ---- | C] () -- C:\Windows\System32\StructuredQuerySchema.bin
[2009.02.24 07:59:53 | 000,018,904 | ---- | C] () -- C:\Windows\System32\StructuredQuerySchemaTrivial.bin
[2009.02.14 15:13:24 | 000,000,061 | ---- | C] () -- C:\Windows\TEXTware.ini
[2009.02.14 15:13:22 | 000,147,456 | ---- | C] () -- C:\Windows\System32\Twavbx32.dll
[2009.02.14 15:13:21 | 000,115,200 | ---- | C] () -- C:\Windows\System32\UnzDll.dll
[2009.02.14 15:13:21 | 000,113,288 | ---- | C] () -- C:\Windows\System32\bass.dll
[2009.02.14 15:13:21 | 000,090,112 | ---- | C] () -- C:\Windows\System32\idiom010227.dll
[2009.02.14 15:13:18 | 000,143,360 | ---- | C] () -- C:\Windows\System32\ILXTBS.DLL
[2009.02.07 17:37:26 | 000,147,456 | -H-- | C] () -- C:\Users\July\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2009.02.07 12:16:42 | 000,006,642 | ---- | C] () -- C:\Windows\mgxoschk.ini
[2009.02.07 11:32:33 | 000,000,000 | ---- | C] () -- C:\Windows\nsreg.dat
[2009.02.07 11:24:36 | 000,839,854 | ---- | C] () -- C:\ProgramData\LuUninstall.LiveUpdate
[2009.02.07 00:32:05 | 000,031,616 | ---- | C] () -- C:\Windows\System32\drivers\RLVrtAuCbl.sys
[2008.09.20 02:22:22 | 000,000,000 | ---- | C] () -- C:\Windows\tosOBEX.INI
[2008.09.19 18:43:14 | 000,000,000 | ---- | C] () -- C:\Windows\ativpsrm.bin
[2008.09.19 18:40:27 | 003,107,788 | ---- | C] () -- C:\Windows\System32\atiumdva.dat
[2008.06.10 16:13:00 | 000,159,744 | ---- | C] () -- C:\Windows\System32\atitmmxx.dll
[2008.06.10 11:50:00 | 000,174,819 | ---- | C] () -- C:\Windows\System32\atiicdxx.dat
[2008.04.08 16:41:34 | 000,140,832 | ---- | C] () -- C:\Windows\System32\drivers\USB_0064.sys
[2008.03.05 14:38:00 | 000,090,112 | ---- | C] () -- C:\Windows\System32\atibrtmon.exe
[2007.12.22 01:46:32 | 000,118,784 | ---- | C] () -- C:\Windows\System32\TosBtAcc.dll
[2006.11.02 14:57:28 | 000,067,584 | --S- | C] () -- C:\Windows\bootstat.dat
[2006.11.02 14:47:37 | 000,414,264 | ---- | C] () -- C:\Windows\System32\FNTCACHE.DAT
[2006.11.02 14:35:32 | 000,005,632 | ---- | C] () -- C:\Windows\System32\sysprepMCE.dll
[2006.11.02 12:33:01 | 000,594,224 | ---- | C] () -- C:\Windows\System32\perfh009.dat
[2006.11.02 12:33:01 | 000,287,440 | ---- | C] () -- C:\Windows\System32\perfi009.dat
[2006.11.02 12:33:01 | 000,104,038 | ---- | C] () -- C:\Windows\System32\perfc009.dat
[2006.11.02 12:33:01 | 000,030,674 | ---- | C] () -- C:\Windows\System32\perfd009.dat
[2006.11.02 12:23:21 | 000,215,943 | ---- | C] () -- C:\Windows\System32\dssec.dat
[2006.11.02 10:58:30 | 000,043,131 | ---- | C] () -- C:\Windows\mib.bin
[2006.11.02 10:19:00 | 000,000,741 | ---- | C] () -- C:\Windows\System32\NOISE.DAT
[2006.11.02 09:40:29 | 000,013,750 | ---- | C] () -- C:\Windows\System32\pacerprf.ini
[2006.11.02 09:25:31 | 000,673,088 | ---- | C] () -- C:\Windows\System32\mlang.dat
[2005.07.23 06:30:18 | 000,065,536 | ---- | C] () -- C:\Windows\System32\TosCommAPI.dll
[2002.03.05 04:53:43 | 000,290,748 | ---- | C] () -- C:\Windows\System32\perfi007.dat
[2002.03.05 04:53:42 | 000,626,790 | ---- | C] () -- C:\Windows\System32\perfh007.dat
[2002.03.05 04:53:42 | 000,126,388 | ---- | C] () -- C:\Windows\System32\perfc007.dat
[2002.03.05 04:53:42 | 000,036,916 | ---- | C] () -- C:\Windows\System32\perfd007.dat
 
========== LOP Check ==========
 
[2011.07.14 14:22:26 | 000,000,000 | -H-D | M] -- C:\Users\July\AppData\Roaming\1&1 Mail & Media GmbH
[2010.10.31 17:25:17 | 000,000,000 | -H-D | M] -- C:\Users\July\AppData\Roaming\Academic Software Zurich
[2009.12.31 23:32:10 | 000,000,000 | -H-D | M] -- C:\Users\July\AppData\Roaming\bible2.net
[2010.01.11 19:51:26 | 000,000,000 | -H-D | M] -- C:\Users\July\AppData\Roaming\Desktopicon
[2011.07.30 22:16:26 | 000,000,000 | -H-D | M] -- C:\Users\July\AppData\Roaming\Disk Cleaner
[2011.05.21 19:38:37 | 000,000,000 | -H-D | M] -- C:\Users\July\AppData\Roaming\Dropbox
[2011.08.19 12:48:15 | 000,000,000 | -H-D | M] -- C:\Users\July\AppData\Roaming\EAC
[2009.04.27 09:43:37 | 000,000,000 | -H-D | M] -- C:\Users\July\AppData\Roaming\Elluminate
[2011.09.21 06:03:35 | 000,000,000 | -H-D | M] -- C:\Users\July\AppData\Roaming\EurekaLog
[2011.09.25 14:41:10 | 000,000,000 | -H-D | M] -- C:\Users\July\AppData\Roaming\ICQ
[2010.10.13 19:38:52 | 000,000,000 | -H-D | M] -- C:\Users\July\AppData\Roaming\ICQLite
[2009.02.07 00:37:40 | 000,000,000 | -H-D | M] -- C:\Users\July\AppData\Roaming\Infineon
[2011.07.28 22:17:35 | 000,000,000 | -H-D | M] -- C:\Users\July\AppData\Roaming\IrfanView
[2011.09.16 07:08:23 | 000,000,000 | -H-D | M] -- C:\Users\July\AppData\Roaming\JonDo
[2009.03.04 13:46:08 | 000,000,000 | -H-D | M] -- C:\Users\July\AppData\Roaming\MAGIX
[2010.10.13 19:58:58 | 000,000,000 | -H-D | M] -- C:\Users\July\AppData\Roaming\OCS
[2009.02.07 13:00:51 | 000,000,000 | -H-D | M] -- C:\Users\July\AppData\Roaming\OpenOffice.org
[2010.10.13 19:59:14 | 000,000,000 | -H-D | M] -- C:\Users\July\AppData\Roaming\Opera
[2009.02.07 12:10:01 | 000,000,000 | -H-D | M] -- C:\Users\July\AppData\Roaming\Protector Suite
[2010.10.11 19:48:29 | 000,000,000 | -H-D | M] -- C:\Users\July\AppData\Roaming\QIP
[2011.07.25 18:49:27 | 000,000,000 | -H-D | M] -- C:\Users\July\AppData\Roaming\Samsung
[2009.02.07 15:46:56 | 000,000,000 | -H-D | M] -- C:\Users\July\AppData\Roaming\TeamViewer
[2009.02.09 21:09:13 | 000,000,000 | -H-D | M] -- C:\Users\July\AppData\Roaming\TerraTec
[2010.08.20 21:39:53 | 000,000,000 | -H-D | M] -- C:\Users\July\AppData\Roaming\TippKönigin
[2009.02.07 14:51:41 | 000,000,000 | -H-D | M] -- C:\Users\July\AppData\Roaming\Toolbars
[2010.05.01 22:01:36 | 000,000,000 | -H-D | M] -- C:\Users\July\AppData\Roaming\Ulead Systems
[2011.09.30 15:27:57 | 000,032,516 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT
 
========== Purity Check ==========
 
 

< End of report >
         
--- --- ---


OTL-Extras Datei:
OTL Logfile:
Code:
ATTFilter
OTL Extras logfile created on: 30.09.2011 15:40:16 - Run 1
OTL by OldTimer - Version 3.2.29.1     Folder = D:\download
Windows Vista Home Premium Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
 
3,00 Gb Total Physical Memory | 1,68 Gb Available Physical Memory | 56,06% Memory free
6,19 Gb Paging File | 4,96 Gb Available in Paging File | 80,15% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 43,95 Gb Total Space | 1,48 Gb Free Space | 3,37% Space Free | Partition Type: NTFS
Drive D: | 246,33 Gb Total Space | 46,53 Gb Free Space | 18,89% Space Free | Partition Type: NTFS
 
Computer Name: JULYSLAPTOP | User Name: July | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
 
========== Extra Registry (SafeList) ==========
 
 
========== File Associations ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- C:\Windows\System32\control.exe (Microsoft Corporation)
.hlp [@ = hlpfile] -- C:\Windows\winhlp32.exe (Microsoft Corporation)
 
[HKEY_CURRENT_USER\SOFTWARE\Classes\<extension>]
.html [@ = FirefoxHTML] -- C:\Program Files\Mozilla Firefox 4.0 Beta 10\firefox.exe (Mozilla Corporation)
 
========== Shell Spawning ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
hlpfile [open] -- %SystemRoot%\winhlp32.exe %1 (Microsoft Corporation)
htmlfile [edit] -- "D:\Microsoft Office\Office12\msohtmed.exe" %1 (Microsoft Corporation)
htmlfile [print] -- "D:\Microsoft Office\Office12\msohtmed.exe" /p %1 (Microsoft Corporation)
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [AddToPlaylistVLC] -- C:\Program Files\VideoLAN\VLC\vlc.exe --started-from-file --playlist-enqueue "%1" ()
Directory [Browse with &IrfanView] -- "C:\Program Files\IrfanView\i_view32.exe" "%1 /thumbs" (Irfan Skiljan)
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [OneNote.Open] -- D:\MICROS~1\Office12\ONENOTE.EXE "%L" (Microsoft Corporation)
Directory [PlayWithVLC] -- C:\Program Files\VideoLAN\VLC\vlc.exe --started-from-file --no-playlist-enqueue "%1" ()
Folder [open] -- %SystemRoot%\Explorer.exe /separate,/idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /separate,/e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
 
========== Security Center Settings ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1
"UacDisableNotify" = 0
"InternetSettingsDisableNotify" = 0
"AutoUpdateDisableNotify" = 0
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
"DisableMonitoring" = 1
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus]
"DisableMonitoring" = 1
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall]
"DisableMonitoring" = 1
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ZoneLabsFirewall]
"DisableMonitoring" = 1
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 1
"VistaSp1" = Reg Error: Unknown registry data type -- File not found
"VistaSp2" = Reg Error: Unknown registry data type -- File not found
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]
 
========== Firewall Settings ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"EnableFirewall" = 0
"DisableNotifications" = 0
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall" = 0
"DisableNotifications" = 0
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"EnableFirewall" = 0
"DisableNotifications" = 0
"DoNotAllowExceptions" = 0
 
========== Authorized Applications List ==========
 
 
========== Vista Active Open Ports Exception List ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{09E6D8EE-1D57-4CFA-A93E-55D8B011F3E4}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe | 
"{0E96BDC4-C384-4F9C-A786-8DB16154FCE3}" = lport=3702 | protocol=17 | dir=in | svc=fdrespub | app=%systemroot%\system32\svchost.exe | 
"{48855D5F-9C20-4997-8902-E7D48A9E572A}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe | 
"{581C0D46-015B-4995-AC61-2C97243A51DE}" = lport=3702 | protocol=17 | dir=in | svc=fdphost | app=%systemroot%\system32\svchost.exe | 
"{597EAEE0-CCCD-499F-8479-382D903FEFCF}" = lport=6004 | protocol=17 | dir=in | app=d:\microsoft office\office12\outlook.exe | 
"{7A96E5C7-3BE4-477B-9CF2-C4E8DE29BB97}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe | 
"{C7F82379-F4DB-449C-B480-FF378E443D5B}" = rport=3702 | protocol=17 | dir=out | svc=fdphost | app=%systemroot%\system32\svchost.exe | 
"{DC4E30C8-D931-4838-A7BA-F6B68C9DB744}" = lport=135 | protocol=6 | dir=in | svc=rpcss | app=c:\windows\system32\svchost.exe | 
"{DD37841E-B67A-4F1E-A700-1592F3A5C321}" = rport=3702 | protocol=17 | dir=out | svc=fdrespub | app=%systemroot%\system32\svchost.exe | 
"{FB8CB996-2361-4037-B1DB-F754A68B1A45}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe | 
 
========== Vista Active Application Exception List ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{01CD2E4A-2A47-4E71-B018-480738480B54}" = protocol=17 | dir=in | app=d:\microsoft office\office12\onenote.exe | 
"{095F1158-C76F-404D-B39D-60345BF473CF}" = protocol=17 | dir=in | app=c:\windows\system32\muzapp.exe | 
"{0F2084F6-1CDC-4F4A-9A7F-9C3D3D5CADC3}" = protocol=6 | dir=in | app=c:\windows\system32\plasrv.exe | 
"{1962FA8E-D336-472B-8FB0-6CC509AE07D1}" = protocol=6 | dir=in | app=c:\program files\icq7.5\icq.exe | 
"{28BB33C4-CEA9-4DB2-850B-F5A2B7602EEB}" = protocol=17 | dir=in | app=c:\program files\icq7.5\icq.exe | 
"{2BFE529D-DB15-443C-BC0F-4BE1FEFCAD5C}" = protocol=6 | dir=in | app=c:\program files\icq7.5\icq.exe | 
"{2F234946-5417-4D67-ADCF-106D37CDA941}" = protocol=6 | dir=in | app=c:\users\july\appdata\roaming\dropbox\bin\dropbox.exe | 
"{365ACB67-B936-4CC1-9572-C15A9BD06D8B}" = protocol=17 | dir=in | app=c:\users\july\appdata\roaming\dropbox\bin\dropbox.exe | 
"{7109B1BD-336D-4AD2-B97D-65F0251419E0}" = protocol=17 | dir=in | app=c:\program files\terratec\terratec home cinema\cinergydvr.exe | 
"{72C1DD05-F754-4D2D-A68B-A5D59376F47C}" = protocol=6 | dir=in | app=c:\program files\icq7.5\icq.exe | 
"{98B9BDDA-8A90-49EB-8937-EC8D731128B1}" = protocol=17 | dir=in | app=c:\program files\terratec\terratec home cinema\insttool.exe | 
"{9D505DBC-B6D1-421D-BA32-555ECEC96B85}" = protocol=17 | dir=in | app=d:\microsoft office\office12\groove.exe | 
"{A40743B6-6D78-4893-978E-3904CEA86F2D}" = protocol=6 | dir=in | app=c:\program files\terratec\terratec home cinema\tvtvsetup\tvtv_wizard.exe | 
"{A5ED0936-6363-4025-9FA3-88FB0D1B949F}" = protocol=17 | dir=in | app=c:\program files\icq7.5\icq.exe | 
"{A840F394-C630-4994-9EF1-C9289AAAA475}" = protocol=6 | dir=in | app=d:\microsoft office\office12\onenote.exe | 
"{A8904B58-0900-47CB-9981-BAB6029ED5F1}" = dir=in | app=c:\program files\skype\plugin manager\skypepm.exe | 
"{AB16F888-359A-4A32-9E98-A71BBAEE778E}" = protocol=6 | dir=in | app=d:\microsoft office\office12\groove.exe | 
"{AF6A24E2-825E-4642-A4EF-10735ADC638A}" = protocol=17 | dir=in | app=c:\program files\icq7.5\icq.exe | 
"{B2EC6567-7D00-437C-A3DF-D42B2AEFD95D}" = protocol=6 | dir=in | app=c:\windows\system32\muzapp.exe | 
"{B6661B59-FE2C-419E-B0CF-90613340D301}" = protocol=6 | dir=in | app=c:\program files\terratec\terratec home cinema\cinergydvr.exe | 
"{B88EAD91-30B2-4238-A9D8-EADA48CEEF00}" = dir=in | app=c:\program files\skype\phone\skype.exe | 
"{C99052E1-73F6-426E-A610-72A5FD4C1D19}" = protocol=6 | dir=in | app=c:\program files\terratec\terratec home cinema\insttool.exe | 
"{DECA3888-4FED-4266-8A3B-F6192AB569F0}" = protocol=17 | dir=in | app=c:\program files\terratec\terratec home cinema\tvtvsetup\tvtv_wizard.exe | 
"{FF145D1C-C388-4F6A-B5DA-9AF0C0076E4F}" = protocol=6 | dir=out | svc=upnphost | app=%systemroot%\system32\svchost.exe | 
"TCP Query User{D21565E6-51EC-4815-8D2B-50722B89D3F1}C:\program files\qip\qip.exe" = protocol=6 | dir=in | app=c:\program files\qip\qip.exe | 
"TCP Query User{DEA72C7F-EB24-4ACC-89EC-D213B1A38454}C:\program files\terratec\terratec home cinema\versioncheck\versioncheck.exe" = protocol=6 | dir=in | app=c:\program files\terratec\terratec home cinema\versioncheck\versioncheck.exe | 
"UDP Query User{B1A9E6C7-882E-4E90-970B-00D6F039F5A1}C:\program files\terratec\terratec home cinema\versioncheck\versioncheck.exe" = protocol=17 | dir=in | app=c:\program files\terratec\terratec home cinema\versioncheck\versioncheck.exe | 
"UDP Query User{E16AC443-F076-4E56-93EC-45C063086DE0}C:\program files\qip\qip.exe" = protocol=17 | dir=in | app=c:\program files\qip\qip.exe | 
 
========== HKEY_LOCAL_MACHINE Uninstall List ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{009E5DF2-3F97-480B-89DA-F2D5E672E14A}_is1" = Live Update 5
"{052FDD78-A6EA-3187-8386-C82F4CA3A929}" = Microsoft .NET Framework 3.5 Language Pack SP1 - deu
"{07690F1C-04B1-4060-9691-6748ED1826B9}" = MSI Software Install
"{0A35B15C-9CCD-4C0C-BD5B-34ABF8C95813}_is1" = ICQ 7.5 Build #5242 Banner Remover 1.1
"{0B3973ED-EB50-5888-7538-1E635CF19C75}" = CCC Help Chinese Standard
"{18D10072035C4515918F7E37EAFAACFC}" = AutoUpdate
"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
"{23B14BE4-5277-40B2-B602-3FCD456C27BC}" = Protector Suite QL 5.8
"{26921B2E-3E62-47F9-A514-1FC4A83BD738}" = Intel(R) PROSet/Wireless WiFi Software
"{26A24AE4-039D-4CA4-87B4-2F83216026FF}" = Java(TM) 6 Update 26
"{28006915-2739-4EBE-B5E8-49B25D32EB33}" = Atheros Client Installation Program
"{2892E1B7-E24D-4CCB-B8A7-B63D4B66F89F}" = BurnRecovery
"{289338AE-2213-4509-AED2-450414C1260C}_is1" = ICQ Update Patch 1.7
"{294BB21B-0091-492F-87D2-A9192DA3E448}" = System Requirements Lab for Intel
"{2D5BCDF0-663C-8319-00F1-D76CC6C354FE}" = Catalyst Control Center Graphics Previews Vista
"{3248F0A8-6813-11D6-A77B-00B0D0160070}" = Java(TM) 6 Update 7
"{389D6438-7C5C-A81D-A38B-1A82CE0F440E}" = Catalyst Control Center Localization Chinese Traditional
"{3FC7CBBC4C1E11DCA1A752EA55D89593}" = DivX Version Checker
"{415B2719-AD3A-4944-B404-C472DB6085B3}" = Cisco EAP-FAST Module
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{5335DADB-34BA-4AE8-A519-648D78498846}" = Skype™ 5.3
"{54C7B05B-DCB8-7F70-5446-CE7DF004F367}" = CCC Help Japanese
"{56C049BE-79E9-4502-BEA7-9754A3E60F9B}" = neroxml
"{5812E6DA-9954-1915-9E98-3BB11924C1A4}" = CCC Help English
"{5DA8F6CD-C70E-39D8-8430-3D9808D6BD17}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30411
"{5E222767-9BFB-BDEA-8A10-2141C0447D84}" = Catalyst Control Center Graphics Full Existing
"{5EE7D259-D137-4438-9A5F-42F432EC0421}" = VC80CRTRedist - 8.0.50727.4053
"{63B9BAB5-F36A-4A3B-9E5C-68A7F212BFB9}" = TerraTec Home Cinema
"{669C7BD8-DAA2-49B6-966C-F1E2AAE6B17E}" = Cisco PEAP Module
"{6F06E141-1106-0881-BE93-003C099E72F3}" = Catalyst Control Center Localization Chinese Standard
"{70E8EBD5-78C9-4258-B20A-5098CCA000F0}" = Dolby Control Center
"{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}" = Microsoft Visual C++ 2005 Redistributable
"{7578ADEA-D65F-4C89-A249-B1C88B6FFC20}" = ICQ7.5
"{758C8301-2696-4855-AF45-534B1200980A}" = Samsung Kies
"{7748AC8C-18E3-43BB-959B-088FAEA16FB2}" = Nero StartSmart
"{7EC19307-7C22-47A8-922B-3FA965291260}" = OpenOffice.org 3.0
"{817DE62F-5787-43BB-8877-5F81FAE5A823}" = ACUBE UniSSOTray V1.0
"{82F913E9-BBF2-B8C0-6869-C7824B883329}" = ATI Catalyst Install Manager
"{83770D14-21B9-44B3-8689-F7B523F94560}" = Cisco LEAP Module
"{86D4B82A-ABED-442A-BE86-96357B70F4FE}" = Ask Toolbar
"{8833FFB6-5B0C-4764-81AA-06DFEED9A476}" = Realtek 8169 8168 8101E 8102E Ethernet Driver
"{8ADFC4160D694100B5B8A22DE9DCABD9}" = DivX Player
"{90120000-0015-0407-0000-0000000FF1CE}" = Microsoft Office Access MUI (German) 2007
"{90120000-0015-0407-0000-0000000FF1CE}_ENTERPRISE_{9BD40163-B95D-4B07-8991-0AB775B6D88B}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0016-0407-0000-0000000FF1CE}" = Microsoft Office Excel MUI (German) 2007
"{90120000-0016-0407-0000-0000000FF1CE}_ENTERPRISE_{9BD40163-B95D-4B07-8991-0AB775B6D88B}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0018-0407-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (German) 2007
"{90120000-0018-0407-0000-0000000FF1CE}_ENTERPRISE_{9BD40163-B95D-4B07-8991-0AB775B6D88B}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0019-0407-0000-0000000FF1CE}" = Microsoft Office Publisher MUI (German) 2007
"{90120000-0019-0407-0000-0000000FF1CE}_ENTERPRISE_{9BD40163-B95D-4B07-8991-0AB775B6D88B}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-001A-0407-0000-0000000FF1CE}" = Microsoft Office Outlook MUI (German) 2007
"{90120000-001A-0407-0000-0000000FF1CE}_ENTERPRISE_{9BD40163-B95D-4B07-8991-0AB775B6D88B}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-001B-0407-0000-0000000FF1CE}" = Microsoft Office Word MUI (German) 2007
"{90120000-001B-0407-0000-0000000FF1CE}_ENTERPRISE_{9BD40163-B95D-4B07-8991-0AB775B6D88B}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-001F-0407-0000-0000000FF1CE}" = Microsoft Office Proof (German) 2007
"{90120000-001F-0407-0000-0000000FF1CE}_ENTERPRISE_{A0516415-ED61-419A-981D-93596DA74165}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2007
"{90120000-001F-0409-0000-0000000FF1CE}_ENTERPRISE_{ABDDE972-355B-4AF1-89A8-DA50B7B5C045}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2007
"{90120000-001F-040C-0000-0000000FF1CE}_ENTERPRISE_{F580DDD5-8D37-4998-968E-EBB76BB86787}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-001F-0410-0000-0000000FF1CE}" = Microsoft Office Proof (Italian) 2007
"{90120000-001F-0410-0000-0000000FF1CE}_ENTERPRISE_{322296D4-1EAE-4030-9FBC-D2787EB25FA2}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-002C-0407-0000-0000000FF1CE}" = Microsoft Office Proofing (German) 2007
"{90120000-0030-0000-0000-0000000FF1CE}" = Microsoft Office Enterprise 2007
"{90120000-0030-0000-0000-0000000FF1CE}_ENTERPRISE_{0B36C6D6-F5D8-4EAF-BF94-4376A230AD5B}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0030-0000-0000-0000000FF1CE}_ENTERPRISE_{3D019598-7B59-447A-80AE-815B703B84FF}" = Security Update for Microsoft Office system 2007 (972581)
"{90120000-0044-0407-0000-0000000FF1CE}" = Microsoft Office InfoPath MUI (German) 2007
"{90120000-0044-0407-0000-0000000FF1CE}_ENTERPRISE_{9BD40163-B95D-4B07-8991-0AB775B6D88B}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-006E-0407-0000-0000000FF1CE}" = Microsoft Office Shared MUI (German) 2007
"{90120000-006E-0407-0000-0000000FF1CE}_ENTERPRISE_{26454C26-D259-4543-AA60-3189E09C5F76}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-00A1-0407-0000-0000000FF1CE}" = Microsoft Office OneNote MUI (German) 2007
"{90120000-00A1-0407-0000-0000000FF1CE}_ENTERPRISE_{9BD40163-B95D-4B07-8991-0AB775B6D88B}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-00BA-0407-0000-0000000FF1CE}" = Microsoft Office Groove MUI (German) 2007
"{90120000-00BA-0407-0000-0000000FF1CE}_ENTERPRISE_{9BD40163-B95D-4B07-8991-0AB775B6D88B}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90140000-2005-0000-0000-0000000FF1CE}" = Microsoft Office File Validation Add-In
"{9068B2BE-D93A-4C0A-861C-5E35E2C0E09E}" = Intel® Matrix Storage Manager
"{958DD4C6-4E8C-9E32-2292-EF9FF25E5C35}" = CCC Help Chinese Traditional
"{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
"{9E4C9080-C91E-253C-B51E-A81C9B96C10C}" = Catalyst Control Center InstallProxy
"{A3BE3F1E-2472-4211-8735-E8239BE49D9F}" = Ulead Burn.Now 4.5
"{A48A1D1C-307A-46F9-983E-9762863D15F1}" = GMX Toolbar MSVC100 CRT x86
"{A72D6F6E-81DA-9BF5-E193-7CD8DC28EB62}" = Catalyst Control Center Graphics Light
"{AC76BA86-7AD7-1033-7B44-A83000000003}" = Adobe Reader 8.3.1
"{AC76BA86-7AD7-5464-3428-800000000003}" = Spelling Dictionaries Support For Adobe Reader 8
"{B2EC4A38-B545-4A00-8214-13FE0E915E6D}" = Advertising Center
"{B56195ED-11C3-7F0D-4DE4-343D3BD57F3A}" = Catalyst Control Center Core Implementation
"{B6CF2967-C81E-40C0-9815-C05774FEF120}" = Skype Toolbars
"{B7050CBDB2504B34BC2A9CA0A692CC29}" = DivX Web Player
"{B744CE83-FAB5-A833-4446-E4CF437B5E69}" = Catalyst Control Center Localization Japanese
"{BD5CA0DA-71AD-43DA-B19E-6EEE0C9ADC9A}" = Nero ControlCenter
"{C7340571-7773-4A8C-9EBC-4E4243B38C76}" = Microsoft XML Parser
"{C81A2FE0-3574-00A9-CED4-BDAA334CBE8E}" = Nero Online Upgrade
"{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1
"{CEBB6BFB-D708-4F99-A633-BC2600E01EF6}" = Bluetooth Stack for Windows by Toshiba
"{D0795B21-0CDA-4a92-AB9E-6E92D8111E44}" = SAMSUNG USB Driver for Mobile Phones
"{D1504C77-1B19-4AF0-8DEC-946666123B55}" = CrazyTalk Cam Suite
"{d4471e5a-b76c-46a8-9631-edeb581c5ba9}" = Nero 9 Lite
"{DC24971E-1946-445D-8A82-CE685433FA7D}" = Realtek USB 2.0 Card Reader
"{E105ADD3-D412-3CB1-602C-07D791FDEE88}" = Skins
"{E5E80E00-F4B9-74DD-42ED-06D1789D5E22}" = ccc-core-static
"{E8A80433-302B-4FF1-815D-FCC8EAC482FF}" = Nero Installer
"{ED9C5D25-55DF-48D8-9328-2AC0D75DE5D8}" = System Control Manager
"{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver
"{FBF8AB14-5496-C04B-C3AE-B8860BFF61F4}" = Catalyst Control Center Graphics Full New
"{FF61E4BC-A243-AEFA-0602-103943FB93E3}" = ccc-utility
"{FF66E9F6-83E7-3A3E-AF14-8DE9A809A6A4}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022
"1&1 Mail & Media GmbH 1und1InternetExplorerAddon" = GMX Internet Explorer Addon
"1&1 Mail & Media GmbH 1und1Softwareaktualisierung" = GMX Softwareaktualisierung
"1&1 Mail & Media GmbH Toolbar FF" = GMX Toolbar für Mozilla Firefox
"1&1 Mail & Media GmbH Toolbar IE8" = GMX Toolbar für Internet Explorer
"7-Zip" = 7-Zip 4.65
"Adobe Flash Player ActiveX" = Adobe Flash Player 10 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 10 Plugin
"Audiograbber" = Audiograbber 1.83 SE 
"Avira AntiVir Desktop" = Avira AntiVir Personal - Free Antivirus
"Citavi" = Citavi 2.5
"CyberGhost VPN_is1" = CyberGhost VPN
"ENTERPRISE" = Microsoft Office Enterprise 2007
"Exact Audio Copy" = Exact Audio Copy 1.0beta2
"Firebird SQL Server D" = Firebird SQL Server - MAGIX Edition 2.0.0.1 (D)
"ICQToolbar" = ICQ Toolbar
"Install MAGIX Goya Base UK" = Install MAGIX Goya Base 1.0.2.0 (UK)
"InstallShield_{758C8301-2696-4855-AF45-534B1200980A}" = Samsung Kies
"InstallShield_{A3BE3F1E-2472-4211-8735-E8239BE49D9F}" = Ulead Burn.Now 4.5 SE
"IrfanView" = IrfanView (remove only)
"JAP" = JAP
"LastFM_is1" = Last.fm 1.5.4.27091
"MAGIX Foto Manager 2006 D" = MAGIX Foto Manager 2006 3.4.0.450 (D)
"MAGIX Goya Base D" = MAGIX Goya Base 1.3.1.2 (D)
"MAGIX Music Manager 2006 D" = MAGIX Music Manager 2006 7.4.0.438 (D)
"MAGIX Online Druck Service D" = MAGIX Online Druck Service 2.3.2.0 (D)
"Microsoft .NET Framework 3.5 Language Pack SP1 - deu" = Microsoft .NET Framework 3.5 Language Pack SP1 - DEU
"Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1
"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile
"Mozilla Firefox 6.0.2 (x86 de)" = Mozilla Firefox 6.0.2 (x86 de)
"OpenVPN" = OpenVPN 2.1_rc21
"Oxford Advanced Genie" = Oxford Advanced Genie
"Product_Name" = eText typeSmart
"ProInst" = Intel PROSet Wireless
"SearchAnonymizer" = SearchAnonymizer
"TeamViewer 4" = TeamViewer 4
"TippKönigin_is1" = TippKönigin 5.5
"VLC media player" = VLC media player 0.9.8a
"ZoneAlarm" = ZoneAlarm
 
========== HKEY_CURRENT_USER Uninstall List ==========
 
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"Dropbox" = Dropbox
 
========== Last 10 Event Log Errors ==========
 
[ Application Events ]
Error - 03.06.2010 12:32:11 | Computer Name = JulysLaptop | Source = Windows Search Service | ID = 3013
Description = 
 
Error - 03.06.2010 12:32:13 | Computer Name = JulysLaptop | Source = Windows Search Service | ID = 3013
Description = 
 
Error - 03.06.2010 12:32:14 | Computer Name = JulysLaptop | Source = Windows Search Service | ID = 3013
Description = 
 
Error - 03.06.2010 17:13:19 | Computer Name = JulysLaptop | Source = Windows Search Service | ID = 3010
Description = 
 
Error - 04.06.2010 02:34:04 | Computer Name = JulysLaptop | Source = Microsoft-Windows-CAPI2 | ID = 131083
Description = 
 
Error - 04.06.2010 02:34:08 | Computer Name = JulysLaptop | Source = WinMgmt | ID = 10
Description = 
 
Error - 04.06.2010 10:00:04 | Computer Name = JulysLaptop | Source = Microsoft-Windows-CAPI2 | ID = 131083
Description = 
 
Error - 04.06.2010 10:00:11 | Computer Name = JulysLaptop | Source = WinMgmt | ID = 10
Description = 
 
Error - 05.06.2010 12:09:56 | Computer Name = JulysLaptop | Source = Microsoft-Windows-CAPI2 | ID = 131083
Description = 
 
Error - 05.06.2010 12:10:00 | Computer Name = JulysLaptop | Source = WinMgmt | ID = 10
Description = 
 
[ OSession Events ]
Error - 03.01.2011 11:02:58 | Computer Name = JulysLaptop | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 0, Application Name: Microsoft Office Word, Application Version:
 12.0.6545.5000, Microsoft Office Version: 12.0.6425.1000. This session lasted 100700
 seconds with 22500 seconds of active time.  This session ended with a crash.
 
[ System Events ]
Error - 29.09.2011 11:46:19 | Computer Name = JulysLaptop | Source = BROWSER | ID = 8032
Description = 
 
Error - 29.09.2011 12:02:47 | Computer Name = JulysLaptop | Source = DCOM | ID = 10010
Description = 
 
Error - 30.09.2011 09:14:03 | Computer Name = JulysLaptop | Source = Service Control Manager | ID = 7022
Description = 
 
Error - 30.09.2011 09:17:34 | Computer Name = JulysLaptop | Source = Microsoft-Windows-LanguagePackSetup | ID = 1001
Description = 
 
Error - 30.09.2011 09:19:36 | Computer Name = JulysLaptop | Source = volsnap | ID = 393236
Description = Die Schattenkopien von Volume "D:" wurden aufgrund von einem fehlgeschlagenen
 Rechenvorgang bezüglich verfügbarem Speicher abgebrochen.
 
Error - 30.09.2011 09:21:01 | Computer Name = JulysLaptop | Source = Microsoft-Windows-WindowsUpdateClient | ID = 20
Description = 
 
Error - 30.09.2011 09:21:15 | Computer Name = JulysLaptop | Source = Microsoft-Windows-WindowsUpdateClient | ID = 20
Description = 
 
Error - 30.09.2011 09:23:36 | Computer Name = JulysLaptop | Source = Microsoft-Windows-WindowsUpdateClient | ID = 20
Description = 
 
Error - 30.09.2011 09:36:20 | Computer Name = JulysLaptop | Source = Service Control Manager | ID = 7022
Description = 
 
Error - 30.09.2011 09:38:56 | Computer Name = JulysLaptop | Source = Microsoft-Windows-LanguagePackSetup | ID = 1001
Description = 
 
 
< End of report >
         
--- --- ---



Vielen Dank für die Hilfe!

Geändert von julianes (02.10.2011 um 18:06 Uhr)

Alt 03.10.2011, 16:34   #9
kira
/// Helfer-Team
 
TR/Spy.Web.H und windows-virus w32/Indus.A - Standard

TR/Spy.Web.H und windows-virus w32/Indus.A



Für Vista und Win7:
Wichtig: Alle Befehle bitte als Administrator ausführen! rechte Maustaste auf die Eingabeaufforderung und "als Administrator ausführen" auswählen
Auf der angewählten Anwendung einen Rechtsklick (rechte Maustaste) und "Als Administrator ausführen" wählen!

1.
Fixen mit OTL
  • Starte die OTL.exe.
  • Vista und Windows 7 User: Rechtsklick auf die OTL.exe und "als Administrator ausführen" wählen.
  • Kopiere folgendes Skript:
Code:
ATTFilter
:OTL
PRC - [2011.05.17 13:29:46 | 000,395,144 | ---- | M] (Ask) -- C:\Program Files\Ask.com\Updater\Updater.exe
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.gmx.net/br/ie9_startpage
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Search_URL = http://search.qip.ru
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://search.qip.ru
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://go.gmx.net/tb/ie_startpage
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = http://search.qip.ru/ie
IE - HKCU\..\URLSearchHook:  - No CLSID value found
IE - HKCU\..\URLSearchHook: {A55F9C95-2BB1-4EA2-BC77-DFAAB78832CE} - No CLSID value found
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = <local>
FF - prefs.js..browser.startup.homepage: "hxxp://www.gmx.de/"
[2011.09.24 11:03:40 | 000,000,000 | -H-D | M] ("Ask Toolbar") -- C:\Users\July\AppData\Roaming\mozilla\Firefox\Profiles\9dktzsce.default\extensions\toolbar@ask.com
[2011.05.31 12:25:50 | 000,010,525 | -H-- | M] () -- C:\Users\July\AppData\Roaming\Mozilla\Firefox\Profiles\9dktzsce.default\searchplugins\gmx-suche.xml
[2011.09.27 15:02:40 | 000,000,950 | -H-- | M] () -- C:\Users\July\AppData\Roaming\Mozilla\Firefox\Profiles\9dktzsce.default\searchplugins\icqplugin-1.xml
[2011.08.17 10:55:16 | 000,000,950 | -H-- | M] () -- C:\Users\July\AppData\Roaming\Mozilla\Firefox\Profiles\9dktzsce.default\searchplugins\icqplugin-2.xml
[2011.08.18 19:37:27 | 000,000,950 | -H-- | M] () -- C:\Users\July\AppData\Roaming\Mozilla\Firefox\Profiles\9dktzsce.default\searchplugins\icqplugin-3.xml
[2011.08.21 13:16:51 | 000,000,950 | -H-- | M] () -- C:\Users\July\AppData\Roaming\Mozilla\Firefox\Profiles\9dktzsce.default\searchplugins\icqplugin-4.xml
[2011.08.31 18:53:47 | 000,000,950 | -H-- | M] () -- C:\Users\July\AppData\Roaming\Mozilla\Firefox\Profiles\9dktzsce.default\searchplugins\icqplugin-5.xml
[2011.09.08 17:55:36 | 000,000,950 | -H-- | M] () -- C:\Users\July\AppData\Roaming\Mozilla\Firefox\Profiles\9dktzsce.default\searchplugins\icqplugin-6.xml
[2011.09.25 17:27:46 | 000,000,168 | -H-- | M] () -- C:\Users\July\AppData\Roaming\Mozilla\Firefox\Profiles\9dktzsce.default\searchplugins\icqplugin.gif
[2011.06.21 23:43:44 | 000,000,950 | -H-- | M] () -- C:\Users\July\AppData\Roaming\Mozilla\Firefox\Profiles\9dktzsce.default\searchplugins\icqplugin.xml
[2010.10.13 19:59:14 | 000,002,311 | -H-- | M] () -- C:\Users\July\AppData\Roaming\Mozilla\Firefox\Profiles\9dktzsce.default\searchplugins\qipsearch.xml
() (No name found) -- C:\USERS\JULY\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\9DKTZSCE.DEFAULT\EXTENSIONS\TOOLBAR@GMX.NET.XPI
O2 - BHO: (GMX Konfiguration) - {17166733-40EA-4432-A85C-AE672FF0E236} - C:\ProgramData\1und1InternetExplorerAddon\BHOXML.dll (1&1 Mail & Media GmbH)
O2 - BHO: (no name) - {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} - No CLSID value found.
O2 - BHO: (GMX Toolbar BHO) - {BF42D4A8-016E-4fcd-B1EB-837659FD77C6} - C:\Program Files\GMX Toolbar\IE\uitb.dll (1und1 Mail und Media GmbH)
O2 - BHO: (Ask Toolbar) - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files\Ask.com\GenericAskToolbar.dll (Ask)
O3 - HKLM\..\Toolbar: (no name) - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - No CLSID value found.
O3 - HKLM\..\Toolbar: (GMX Toolbar BETA 1) - {C424171E-592A-415a-9EB1-DFD6D95D3530} - C:\Program Files\GMX Toolbar\IE\uitb.dll (1und1 Mail und Media GmbH)
O3 - HKLM\..\Toolbar: (Ask Toolbar) - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files\Ask.com\GenericAskToolbar.dll (Ask)
O3 - HKCU\..\Toolbar\WebBrowser: (GMX Toolbar BETA 1) - {C424171E-592A-415A-9EB1-DFD6D95D3530} - C:\Program Files\GMX Toolbar\IE\uitb.dll (1und1 Mail und Media GmbH)
O3 - HKCU\..\Toolbar\WebBrowser: (Ask Toolbar) - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files\Ask.com\GenericAskToolbar.dll (Ask)
O4 - HKLM..\Run: []  File not found
O4 - HKCU..\Run: [kwlfon] rundll32 C:\Users\July\AppData\Roaming\MICROS~1\Protect\espa.kk, qjok File not found
O4 - HKCU..\Run: [uIHokJiHsVWWMqk.exe] C:\ProgramData\uIHokJiHsVWWMqk.exe (NetPlay Software)
O16 - DPF: {08631890-6059-4255-B37F-F23AD334D122} hxxp://epis.ewha.ac.kr:8880/EP/web/common/cabfiles/ACUBEActiveXUninstallControl.cab (ACUBEActiveXUninstallControl Control)
O16 - DPF: {1CCA7AD8-4FF3-4449-B994-FD5CD326444C} hxxp://portal.ewha.ac.kr/sso/plugins/NMPCertX.cab (NMPCertX Class)
O16 - DPF: {3D64E58D-CB55-4344-B809-CFE38F900838} hxxp://portal.ewha.ac.kr/sso/plugins/MagicLoaderX.cab (MagicLoaderX Class)
O16 - DPF: {5441F297-BB6C-4D6C-9E05-4FD14D96B605} hxxp://epis.ewha.ac.kr:8880/EP/web/common/cabfiles/IE8Tools.cab (BlockIEDevTools Class)
O16 - DPF: {9D67EBF0-AF1A-4BCE-BAC9-C84A9383E0B3} hxxp://epis.ewha.ac.kr:8880/EP/web/common/cabfiles/UniSSOCheck.cab (SSOCheck Class)
O16 - DPF: {AD6870C0-44B7-42FB-A119-C2C6BD9CD005} hxxp://portal.ewha.ac.kr/sso/plugins/MagicPassX.cab (MagicPass Class)
O32 - HKLM CDRom: AutoRun - 1
O33 - MountPoints2\{28bfba81-5345-11de-90e2-002185560a86}\Shell\AutoRun\command - "" = F:\setup.exe
O33 - MountPoints2\{4d26b746-f784-11de-8f33-002185560a86}\Shell - "" = AutoRun
O33 - MountPoints2\{4d26b746-f784-11de-8f33-002185560a86}\Shell\AutoRun\command - "" = H:\LaunchU3.exe -a
O33 - MountPoints2\{8af45932-0cd9-11e0-9e6d-002185560a86}\Shell - "" = AutoRun
O33 - MountPoints2\{8af45932-0cd9-11e0-9e6d-002185560a86}\Shell\AutoRun\command - "" = G:\LaunchU3.exe -a
O33 - MountPoints2\{9efac829-7f50-11de-8319-002185560a86}\Shell - "" = AutoRun
O33 - MountPoints2\{9efac829-7f50-11de-8319-002185560a86}\Shell\AutoRun\command - "" = G:\LaunchU3.exe -a
O33 - MountPoints2\G\Shell - "" = AutoRun
O33 - MountPoints2\G\Shell\AutoRun\command - "" = G:\LaunchU3.exe -a
[2011.09.28 13:00:49 | 000,000,000 | -H-D | C] -- C:\Users\July\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Data Repair
[2011.09.28 13:00:02 | 000,346,624 | -H-- | C] (NetPlay Software) -- C:\ProgramData\6DSS92c31Apgjk.exe
[2011.09.28 12:51:09 | 000,458,752 | -H-- | C] (NetPlay Software) -- C:\ProgramData\uIHokJiHsVWWMqk.exe
[2011.09.21 06:03:35 | 000,000,000 | -H-D | C] -- C:\Users\July\AppData\Roaming\EurekaLog
[2011.09.28 13:25:03 | 000,000,208 | -H-- | M] () -- C:\ProgramData\~6DSS92c31Apgjk
[2011.09.28 13:25:03 | 000,000,128 | -H-- | M] () -- C:\ProgramData\~6DSS92c31Apgjkr
[2011.09.28 13:06:45 | 000,000,456 | -H-- | M] () -- C:\ProgramData\6DSS92c31Apgjk
[2011.09.28 13:00:49 | 000,000,613 | -H-- | M] () -- C:\Users\July\Desktop\Data Repair.lnk
[2011.09.28 12:50:13 | 000,458,752 | -H-- | M] (NetPlay Software) -- C:\ProgramData\uIHokJiHsVWWMqk.exe

:Reg
"TCP Query User{D21565E6-51EC-4815-8D2B-50722B89D3F1}C:\program files\qip\qip.exe" =- 
"UDP Query User{E16AC443-F076-4E56-93EC-45C063086DE0}C:\program files\qip\qip.exe" =-

:Commands
[purity]
[emptytemp]
         
  • und füge es hier ein:
  • Schließe alle Programme.
  • Klicke auf den Fix Button.
  • Klick auf .
  • OTL verlangt einen Neustart. Bitte zulassen.
  • Nach dem Neustart findest Du ein Textdokument.
    Kopiere den Inhalt hier in Deinen Thread.

2.
Lade Dir Malwarebytes Anti-Malware von→ malwarebytes.org
  • Installieren und per Doppelklick starten.
  • Deutsch einstellen und gleich mal die Datenbanken zu aktualisieren - online updaten
  • "Komplett Scan durchführen" wählen (überall Haken setzen)
  • wenn der Scanvorgang beendet ist, klicke auf "Zeige Resultate"
  • Alle Funde - falls MBAM meldet in C:\System Volume Information - den Haken bitte entfernen - markieren und auf "Löschen" - "Ausgewähltes entfernen") klicken.
  • Poste das Ergebnis hier in den Thread - den Bericht findest Du unter "Scan-Berichte"
eine bebilderte Anleitung findest Du hier: Anleitung/virus-protect.org

3.
läuft unter XP, Vista mit (32Bit) und Windows 7 (32Bit)
Achtung!:
WENN GMER NICHT AUSGEFÜHRT WERDEN KANN ODER PROBMLEME VERURSACHT, fahre mit dem nächsten Punkt fort!- Es ist NICHT sinnvoll einen zweiten Versuch zu starten!
Um einen tieferen Einblick in dein System, um eine mögliche Infektion mit einem Rootkit/Info v.wikipedia.org) aufzuspüren, werden wir ein Tool - Gmer - einsetzen :
  • - also lade Dir Gmer herunter und entpacke es auf deinen Desktop
    - starte gmer.exe
    - [b]schließe alle Programme, ausserdem Antiviren und andere Schutzprogramme usw müssen deaktiviert sein, keine Verbindung zum Internet, WLAN auch trennen)
    - bitte nichts am Pc machen während der Scan läuft!
    - klicke auf "Scan", um das Tool zu starten
    - wenn der Scan fertig ist klicke auf "Copy" (das Log wird automatisch in die Zwischenablage kopiert) und mit STRG + V musst Du gleich da einfügen
    - mit "Ok" wird GMER beendet.
    - das Log aus der Zwischenablage hier in Deinem Thread vollständig hineinkopieren

** keine Verbindung zu einem Netzwerk und Internet - WLAN nicht vergessen
Wenn der Scan beendet ist, bitte alle Programme und Tools wieder aktivieren!
Anleitung:-> GMER - Rootkit Scanner

4.
Kontrolle mit MBR -t, ob Master Boot Record in Ordnung ist (MBR-Rootkit)

Mit dem folgenden Tool prüfen wir, ob sich etwas Schädliches im Master Boot Record eingenistet hat.
  • Downloade die MBR.exe von Gmer und
    kopiere die Datei mbr.exe in den Ordner C:\Windows\system32.
    Falls Du den Ordner nicht sehen kannst, diese Einstellungen in den Ordneroptionen vornehmen.
  • Start => ausführen => cmd (da reinschreiben) => OK
    es öffnet sich eine Eingabeaufforderung.

    Vista- und Windows 7-User: Start => Alle Programme => Zubehör => Rechtsklick auf Eingabeaufforderung und wähle Als Administrator ausführen.
  • Nach dem Prompt (>_) folgenden

    aus der Codebox manuell eingeben oder alternativ den mit STRG + C ins Clipboard kopieren und einfügen.
    Einfügen in der Eingabeaufforderung: in der Titelleiste einen Rechtsklick machen => Bearbeiten => einfügen.

    Code:
    ATTFilter
    mbr.exe -t > C:\mbr.log & C:\mbr.log
             
    (Enter drücken)
  • Nach kurzer Zeit wird sich Dein Editor öffnen und die Datei C:\mbr.log beinhalten.
    Bitte kopiere den Inhalt hier in Deinen Thread.

5.
erneut einen Scan mit OTL:
  • Doppelklick auf die OTL.exe
  • Vista und Windows 7 User: Rechtsklick auf die OTL.exe und "als Administrator ausführen" wählen.
  • Oben findest Du ein Kästchen mit Ausgabe.
    Wähle bitte Standard-Ausgabe
  • Unter Extra-Registrierung wähle bitte Benutze SafeList.
  • Mache Häckchen bei LOP- und Purity-Prüfung.
  • Klicke nun auf Scan links oben.
  • Wenn der Scan beendet wurde werden zwei Logfiles erstellt.
    Du findest die Logfiles auf Deinem Desktop => OTL.txt und Extras.txt
  • Poste die Logfiles in Code-Tags hier in den Thread.
__________________

Warnung!:
Vorsicht beim Rechnungen per Email mit ZIP-Datei als Anhang! Kann mit einen Verschlüsselungs-Trojaner infiziert sein!
Anhang nicht öffnen, in unserem Forum erst nachfragen!

Sichere regelmäßig deine Daten, auf CD/DVD, USB-Sticks oder externe Festplatten, am besten 2x an verschiedenen Orten!
Bitte diese Warnung weitergeben, wo Du nur kannst!

Geändert von kira (03.10.2011 um 17:05 Uhr)

Alt 04.10.2011, 17:29   #10
julianes
 
TR/Spy.Web.H und windows-virus w32/Indus.A - Standard

TR/Spy.Web.H und windows-virus w32/Indus.A



Hallo,

hier die Ergebnisse:

1. Fixen mit OTL

Code:
ATTFilter
========== OTL ==========
No active process named Updater.exe was found!
HKCU\SOFTWARE\Microsoft\Internet Explorer\Main\\Default_Page_URL| /E : value set successfully!
HKCU\SOFTWARE\Microsoft\Internet Explorer\Main\\Default_Search_URL| /E : value set successfully!
HKCU\SOFTWARE\Microsoft\Internet Explorer\Main\\Search Page| /E : value set successfully!
HKCU\SOFTWARE\Microsoft\Internet Explorer\Main\\Start Page| /E : value set successfully!
HKCU\SOFTWARE\Microsoft\Internet Explorer\Search\\SearchAssistant| /E : value set successfully!
Registry value HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\URLSearchHooks\\ deleted successfully.
Registry value HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\URLSearchHooks\\{A55F9C95-2BB1-4EA2-BC77-DFAAB78832CE} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{A55F9C95-2BB1-4EA2-BC77-DFAAB78832CE}\ not found.
HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\\ProxyOverride| /E : value set successfully!
Prefs.js: "hxxp://www.gmx.de/" removed from browser.startup.homepage
Folder C:\Users\July\AppData\Roaming\mozilla\Firefox\Profiles\9dktzsce.default\extensions\toolbar@ask.com\ not found.
C:\Users\July\AppData\Roaming\Mozilla\Firefox\Profiles\9dktzsce.default\searchplugins\gmx-suche.xml moved successfully.
C:\Users\July\AppData\Roaming\Mozilla\Firefox\Profiles\9dktzsce.default\searchplugins\icqplugin-1.xml moved successfully.
C:\Users\July\AppData\Roaming\Mozilla\Firefox\Profiles\9dktzsce.default\searchplugins\icqplugin-2.xml moved successfully.
C:\Users\July\AppData\Roaming\Mozilla\Firefox\Profiles\9dktzsce.default\searchplugins\icqplugin-3.xml moved successfully.
C:\Users\July\AppData\Roaming\Mozilla\Firefox\Profiles\9dktzsce.default\searchplugins\icqplugin-4.xml moved successfully.
C:\Users\July\AppData\Roaming\Mozilla\Firefox\Profiles\9dktzsce.default\searchplugins\icqplugin-5.xml moved successfully.
C:\Users\July\AppData\Roaming\Mozilla\Firefox\Profiles\9dktzsce.default\searchplugins\icqplugin-6.xml moved successfully.
C:\Users\July\AppData\Roaming\Mozilla\Firefox\Profiles\9dktzsce.default\searchplugins\icqplugin.gif moved successfully.
C:\Users\July\AppData\Roaming\Mozilla\Firefox\Profiles\9dktzsce.default\searchplugins\icqplugin.xml moved successfully.
C:\Users\July\AppData\Roaming\Mozilla\Firefox\Profiles\9dktzsce.default\searchplugins\qipsearch.xml moved successfully.
Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{17166733-40EA-4432-A85C-AE672FF0E236}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{17166733-40EA-4432-A85C-AE672FF0E236}\ not found.
File C:\ProgramData\1und1InternetExplorerAddon\BHOXML.dll not found.
Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{602ADB0E-4AFF-4217-8AA1-95DAC4DFA408}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{602ADB0E-4AFF-4217-8AA1-95DAC4DFA408}\ not found.
Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{BF42D4A8-016E-4fcd-B1EB-837659FD77C6}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{BF42D4A8-016E-4fcd-B1EB-837659FD77C6}\ not found.
File C:\Program Files\GMX Toolbar\IE\uitb.dll not found.
Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{D4027C7F-154A-4066-A1AD-4243D8127440}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{D4027C7F-154A-4066-A1AD-4243D8127440}\ not found.
File C:\Program Files\Ask.com\GenericAskToolbar.dll not found.
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Toolbar\\{7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA}\ not found.
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Toolbar\\{C424171E-592A-415a-9EB1-DFD6D95D3530} not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{C424171E-592A-415a-9EB1-DFD6D95D3530}\ not found.
File C:\Program Files\GMX Toolbar\IE\uitb.dll not found.
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Toolbar\\{D4027C7F-154A-4066-A1AD-4243D8127440} not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{D4027C7F-154A-4066-A1AD-4243D8127440}\ not found.
File C:\Program Files\Ask.com\GenericAskToolbar.dll not found.
Registry value HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{C424171E-592A-415A-9EB1-DFD6D95D3530} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{C424171E-592A-415A-9EB1-DFD6D95D3530}\ not found.
File C:\Program Files\GMX Toolbar\IE\uitb.dll not found.
Registry value HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{D4027C7F-154A-4066-A1AD-4243D8127440} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{D4027C7F-154A-4066-A1AD-4243D8127440}\ not found.
File C:\Program Files\Ask.com\GenericAskToolbar.dll not found.
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\\ not found.
Registry value HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run\\kwlfon deleted successfully.
Registry value HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run\\uIHokJiHsVWWMqk.exe not found.
File C:\ProgramData\uIHokJiHsVWWMqk.exe not found.
Starting removal of ActiveX control {08631890-6059-4255-B37F-F23AD334D122}
C:\Windows\Downloaded Program Files\ACUBEActiveXUninstallControl.inf moved successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{08631890-6059-4255-B37F-F23AD334D122}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{08631890-6059-4255-B37F-F23AD334D122}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{08631890-6059-4255-B37F-F23AD334D122}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{08631890-6059-4255-B37F-F23AD334D122}\ not found.
Starting removal of ActiveX control {1CCA7AD8-4FF3-4449-B994-FD5CD326444C}
C:\Windows\Downloaded Program Files\NMPCertX.inf moved successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{1CCA7AD8-4FF3-4449-B994-FD5CD326444C}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{1CCA7AD8-4FF3-4449-B994-FD5CD326444C}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{1CCA7AD8-4FF3-4449-B994-FD5CD326444C}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{1CCA7AD8-4FF3-4449-B994-FD5CD326444C}\ not found.
Starting removal of ActiveX control {3D64E58D-CB55-4344-B809-CFE38F900838}
C:\Windows\Downloaded Program Files\MagicLoaderX.inf moved successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{3D64E58D-CB55-4344-B809-CFE38F900838}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{3D64E58D-CB55-4344-B809-CFE38F900838}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{3D64E58D-CB55-4344-B809-CFE38F900838}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{3D64E58D-CB55-4344-B809-CFE38F900838}\ not found.
Starting removal of ActiveX control {5441F297-BB6C-4D6C-9E05-4FD14D96B605}
C:\Windows\Downloaded Program Files\IE8Tools.inf moved successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{5441F297-BB6C-4D6C-9E05-4FD14D96B605}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{5441F297-BB6C-4D6C-9E05-4FD14D96B605}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{5441F297-BB6C-4D6C-9E05-4FD14D96B605}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{5441F297-BB6C-4D6C-9E05-4FD14D96B605}\ not found.
Starting removal of ActiveX control {9D67EBF0-AF1A-4BCE-BAC9-C84A9383E0B3}
C:\Windows\Downloaded Program Files\UniSSOCheck.inf moved successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{9D67EBF0-AF1A-4BCE-BAC9-C84A9383E0B3}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{9D67EBF0-AF1A-4BCE-BAC9-C84A9383E0B3}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{9D67EBF0-AF1A-4BCE-BAC9-C84A9383E0B3}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{9D67EBF0-AF1A-4BCE-BAC9-C84A9383E0B3}\ not found.
Starting removal of ActiveX control {AD6870C0-44B7-42FB-A119-C2C6BD9CD005}
C:\Windows\Downloaded Program Files\MagicPassX.inf moved successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{AD6870C0-44B7-42FB-A119-C2C6BD9CD005}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{AD6870C0-44B7-42FB-A119-C2C6BD9CD005}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{AD6870C0-44B7-42FB-A119-C2C6BD9CD005}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{AD6870C0-44B7-42FB-A119-C2C6BD9CD005}\ not found.
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Cdrom\\AutoRun|DWORD:1 /E : value set successfully!
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{28bfba81-5345-11de-90e2-002185560a86}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{28bfba81-5345-11de-90e2-002185560a86}\ not found.
File F:\setup.exe not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{4d26b746-f784-11de-8f33-002185560a86}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{4d26b746-f784-11de-8f33-002185560a86}\ not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{4d26b746-f784-11de-8f33-002185560a86}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{4d26b746-f784-11de-8f33-002185560a86}\ not found.
File H:\LaunchU3.exe -a not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{8af45932-0cd9-11e0-9e6d-002185560a86}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{8af45932-0cd9-11e0-9e6d-002185560a86}\ not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{8af45932-0cd9-11e0-9e6d-002185560a86}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{8af45932-0cd9-11e0-9e6d-002185560a86}\ not found.
File G:\LaunchU3.exe -a not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{9efac829-7f50-11de-8319-002185560a86}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{9efac829-7f50-11de-8319-002185560a86}\ not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{9efac829-7f50-11de-8319-002185560a86}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{9efac829-7f50-11de-8319-002185560a86}\ not found.
File G:\LaunchU3.exe -a not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\G\ deleted successfully.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\G\ not found.
File G:\LaunchU3.exe -a not found.
C:\Users\July\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Data Repair folder moved successfully.
File C:\ProgramData\6DSS92c31Apgjk.exe not found.
File C:\ProgramData\uIHokJiHsVWWMqk.exe not found.
C:\Users\July\AppData\Roaming\EurekaLog folder moved successfully.
C:\ProgramData\~6DSS92c31Apgjk moved successfully.
C:\ProgramData\~6DSS92c31Apgjkr moved successfully.
C:\ProgramData\6DSS92c31Apgjk moved successfully.
File C:\Users\July\Desktop\Data Repair.lnk not found.
File C:\ProgramData\uIHokJiHsVWWMqk.exe not found.
========== REGISTRY ==========
Registry key Invalid\\"TCP Query User{D21565E6-51EC-4815-8D2B-50722B89D3F1}C:\program files\qip\qip.exe" \ not found.
Registry key Invalid\\"UDP Query User{E16AC443-F076-4E56-93EC-45C063086DE0}C:\program files\qip\qip.exe" \ not found.
========== COMMANDS ==========
 
[EMPTYTEMP]
 
User: All Users
 
User: Default
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 33170 bytes
 
User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
 
User: July
->Temp folder emptied: 139569761 bytes
->Temporary Internet Files folder emptied: 144793459 bytes
->Java cache emptied: 775379 bytes
->FireFox cache emptied: 59271239 bytes
->Flash cache emptied: 12691 bytes
 
User: Public
 
%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 1189 bytes
%systemroot%\System32 .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 279440 bytes
Windows Temp folder emptied: 61377315 bytes
RecycleBin emptied: 93200842 bytes
 
Total Files Cleaned = 476,00 mb
 
 
OTL by OldTimer - Version 3.2.29.1 log created on 10042011_171513

Files\Folders moved on Reboot...
File\Folder C:\Users\July\AppData\Local\Temp\~DF4E5A.tmp not found!
File\Folder C:\Users\July\AppData\Local\Temp\~DF54DB.tmp not found!
File\Folder C:\Users\July\AppData\Local\Temp\~DF55D3.tmp not found!
File\Folder C:\Users\July\AppData\Local\Temp\~DF5F46.tmp not found!
File\Folder C:\Users\July\AppData\Local\Temp\~DF5F6F.tmp not found!
File\Folder C:\Users\July\AppData\Local\Temp\~DF6AC4.tmp not found!
File\Folder C:\Users\July\AppData\Local\Temp\~DF87D5.tmp not found!
File\Folder C:\Users\July\AppData\Local\Temp\~DFC6AF.tmp not found!
C:\Windows\temp\ZLT0695a.TMP moved successfully.
C:\Windows\temp\ZLT0695d.TMP moved successfully.

Registry entries deleted on Reboot...
         

Alt 07.10.2011, 11:45   #11
julianes
 
TR/Spy.Web.H und windows-virus w32/Indus.A - Standard

TR/Spy.Web.H und windows-virus w32/Indus.A



2. Malwarebytes:

Es wurden keine infizierten Objekte gefunden.
Bericht:

Code:
ATTFilter
Malwarebytes' Anti-Malware 1.51.2.1300
www.malwarebytes.org

Datenbank Version: 7891

Windows 6.0.6002 Service Pack 2
Internet Explorer 9.0.8112.16421

07.10.2011 11:16:10
mbam-log-2011-10-07 (11-16-10).txt

Art des Suchlaufs: Vollständiger Suchlauf (C:\|D:\|E:\|)
Durchsuchte Objekte: 312399
Laufzeit: 2 Stunde(n), 11 Minute(n), 16 Sekunde(n)

Infizierte Speicherprozesse: 0
Infizierte Speichermodule: 0
Infizierte Registrierungsschlüssel: 0
Infizierte Registrierungswerte: 0
Infizierte Dateiobjekte der Registrierung: 0
Infizierte Verzeichnisse: 0
Infizierte Dateien: 0

Infizierte Speicherprozesse:
(Keine bösartigen Objekte gefunden)

Infizierte Speichermodule:
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungsschlüssel:
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungswerte:
(Keine bösartigen Objekte gefunden)

Infizierte Dateiobjekte der Registrierung:
(Keine bösartigen Objekte gefunden)

Infizierte Verzeichnisse:
(Keine bösartigen Objekte gefunden)

Infizierte Dateien:
(Keine bösartigen Objekte gefunden)
         

Alt 08.10.2011, 07:26   #12
kira
/// Helfer-Team
 
TR/Spy.Web.H und windows-virus w32/Indus.A - Standard

TR/Spy.Web.H und windows-virus w32/Indus.A



weitere Schritte fehlen...
__________________

Warnung!:
Vorsicht beim Rechnungen per Email mit ZIP-Datei als Anhang! Kann mit einen Verschlüsselungs-Trojaner infiziert sein!
Anhang nicht öffnen, in unserem Forum erst nachfragen!

Sichere regelmäßig deine Daten, auf CD/DVD, USB-Sticks oder externe Festplatten, am besten 2x an verschiedenen Orten!
Bitte diese Warnung weitergeben, wo Du nur kannst!

Alt 08.10.2011, 18:17   #13
julianes
 
TR/Spy.Web.H und windows-virus w32/Indus.A - Standard

TR/Spy.Web.H und windows-virus w32/Indus.A



Sorry, ich hatte Verbindungs- und Zeitprobleme.

Schritt 3. schien zu funktionieren: am Ende war da das Fenster wo ich hätte auf 'copy' drücken können, jedoch hat sich da der PC aufgehangen und es ging gar nichts mehr, auch nach längerem Warten passierte nichts, also hab ich neu gestartet (leider ohne ein Foto zu machen).

leider klappt Schritt 4. nicht:
habe mehrmals, angeblich erfolgreich, die mbr.exe runtergeladen. Aber jedesmal, wenn ich dann darauf klicke erscheint ganz kurz ein schwarzes Fenster mit Text drin, was sich aber nach weniger als einer Sekunde direkt wieder schließt und dann nicht mehr aufzufinden ist.

5. Scan mit OTL:

Text-Datei:
OTL Logfile:
Code:
ATTFilter
OTL logfile created on: 30.09.2011 15:40:16 - Run 1
OTL by OldTimer - Version 3.2.29.1     Folder = D:\download
Windows Vista Home Premium Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
 
3,00 Gb Total Physical Memory | 1,68 Gb Available Physical Memory | 56,06% Memory free
6,19 Gb Paging File | 4,96 Gb Available in Paging File | 80,15% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 43,95 Gb Total Space | 1,48 Gb Free Space | 3,37% Space Free | Partition Type: NTFS
Drive D: | 246,33 Gb Total Space | 46,53 Gb Free Space | 18,89% Space Free | Partition Type: NTFS
 
Computer Name: JULYSLAPTOP | User Name: July | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
 
========== Processes (SafeList) ==========
 
PRC - [2011.09.30 15:39:20 | 000,582,656 | ---- | M] (OldTimer Tools) -- D:\download\OTL(1).exe
PRC - [2011.09.28 13:00:02 | 000,346,624 | -H-- | M] (NetPlay Software) -- C:\ProgramData\6DSS92c31Apgjk.exe
PRC - [2011.09.28 12:50:13 | 000,458,752 | -H-- | M] (NetPlay Software) -- C:\ProgramData\uIHokJiHsVWWMqk.exe
PRC - [2011.09.08 17:14:09 | 000,924,632 | ---- | M] (Mozilla Corporation) -- C:\Program Files\Mozilla Firefox 4.0 Beta 10\firefox.exe
PRC - [2011.09.08 17:14:07 | 000,016,856 | ---- | M] (Mozilla Corporation) -- C:\Program Files\Mozilla Firefox 4.0 Beta 10\plugin-container.exe
PRC - [2011.06.28 18:52:46 | 000,269,480 | ---- | M] (Avira GmbH) -- C:\Program Files\Avira\AntiVir Desktop\avguard.exe
PRC - [2011.05.21 20:07:20 | 000,040,960 | -H-- | M] () -- C:\Users\July\AppData\Roaming\OCS\SM\SearchAnonymizerHelper.exe
PRC - [2011.05.17 13:29:46 | 000,395,144 | ---- | M] (Ask) -- C:\Program Files\Ask.com\Updater\Updater.exe
PRC - [2011.04.29 08:23:14 | 000,136,360 | ---- | M] (Avira GmbH) -- C:\Program Files\Avira\AntiVir Desktop\sched.exe
PRC - [2010.11.21 11:49:24 | 000,247,608 | ---- | M] () -- C:\Program Files\ICQ6Toolbar\ICQ Service.exe
PRC - [2010.11.04 14:41:06 | 000,281,768 | ---- | M] (Avira GmbH) -- C:\Program Files\Avira\AntiVir Desktop\avgnt.exe
PRC - [2010.01.14 22:10:53 | 000,076,968 | ---- | M] (Avira GmbH) -- C:\Program Files\Avira\AntiVir Desktop\avshadow.exe
PRC - [2009.04.11 08:27:36 | 002,926,592 | ---- | M] (Microsoft Corporation) -- C:\Windows\explorer.exe
PRC - [2009.04.11 08:27:28 | 000,069,120 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\conime.exe
PRC - [2009.01.28 09:39:02 | 000,185,640 | ---- | M] (TeamViewer GmbH) -- C:\Program Files\TeamViewer\Version4\TeamViewer_Service.exe
PRC - [2008.10.25 11:44:34 | 000,031,072 | -H-- | M] (Microsoft Corporation) -- D:\Microsoft Office\Office12\GrooveMonitor.exe
PRC - [2008.08.27 03:02:32 | 000,708,608 | ---- | M] (Mirco-Star International  CO., LTD.) -- C:\Program Files\System Control Manager\MGSysCtrl.exe
PRC - [2008.08.27 01:52:14 | 000,159,744 | ---- | M] () -- C:\Program Files\System Control Manager\MSIService.exe
PRC - [2008.07.21 02:45:06 | 000,354,840 | ---- | M] (Intel Corporation) -- C:\Program Files\Intel\Intel Matrix Storage Manager\IAANTMon.exe
PRC - [2008.07.21 02:45:06 | 000,182,808 | ---- | M] (Intel Corporation) -- C:\Program Files\Intel\Intel Matrix Storage Manager\IAAnotif.exe
PRC - [2008.07.04 11:03:18 | 000,050,952 | ---- | M] (UPEK Inc.) -- C:\Program Files\Protector Suite QL\upeksvr.exe
PRC - [2008.07.04 10:44:46 | 000,278,792 | ---- | M] (UPEK Inc.) -- C:\Program Files\Protector Suite QL\psqltray.exe
PRC - [2008.05.28 10:06:00 | 006,144,000 | ---- | M] (Realtek Semiconductor) -- C:\Windows\RtHDVCpl.exe
PRC - [2008.05.01 04:41:12 | 000,815,104 | ---- | M] (Intel(R) Corporation) -- C:\Program Files\Intel\WiFi\bin\EvtEng.exe
PRC - [2008.05.01 04:10:10 | 000,466,944 | ---- | M] (Intel(R) Corporation) -- C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe
PRC - [2008.03.03 16:05:04 | 000,959,976 | ---- | M] (Check Point Software Technologies LTD) -- C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe
PRC - [2008.03.03 16:05:02 | 000,079,400 | ---- | M] (Check Point Software Technologies LTD) -- C:\Windows\System32\ZoneLabs\vsmon.exe
PRC - [2007.09.29 01:03:46 | 000,075,136 | ---- | M] ( TOSHIBA CORPORATION) -- C:\Program Files\Toshiba\Bluetooth Toshiba Stack\ItSecMng.exe
PRC - [2006.11.02 11:44:50 | 000,016,384 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\attrib.exe
 
 
========== Modules (No Company Name) ==========
 
MOD - [2011.09.08 17:14:08 | 001,846,232 | ---- | M] () -- C:\Program Files\Mozilla Firefox 4.0 Beta 10\mozjs.dll
MOD - [2011.07.25 22:49:07 | 006,271,648 | ---- | M] () -- C:\Windows\System32\Macromed\Flash\NPSWF32.dll
MOD - [2008.08.25 20:47:16 | 000,192,512 | ---- | M] () -- C:\Program Files\System Control Manager\MSIWmiAcpi.dll
MOD - [2008.07.18 22:39:04 | 000,053,248 | ---- | M] () -- C:\Program Files\System Control Manager\MGKBHook.dll
MOD - [2008.06.10 16:13:00 | 000,159,744 | ---- | M] () -- C:\Windows\System32\atitmmxx.dll
MOD - [2008.03.03 16:06:04 | 000,194,032 | ---- | M] () -- C:\Windows\System32\ZoneLabs\lib\pyd\zpui.pyd
MOD - [2008.03.03 16:06:04 | 000,144,880 | ---- | M] () -- C:\Windows\System32\ZoneLabs\lib\pyd\pyexpat.pyd
MOD - [2001.08.10 15:23:14 | 000,388,608 | ---- | M] () -- C:\PROGRA~1\TEXTware\QUICKF~1\PlugIns\IEHelp.dll
 
 
========== Win32 Services (SafeList) ==========
 
SRV - [2011.07.05 10:25:08 | 002,428,968 | ---- | M] (mobile concepts GmbH) [On_Demand | Stopped] -- C:\Program Files\CyberGhost VPN\CGVPNCliService.exe -- (CGVPNCliSrvc)
SRV - [2011.06.28 18:52:46 | 000,269,480 | ---- | M] (Avira GmbH) [Auto | Running] -- C:\Program Files\Avira\AntiVir Desktop\avguard.exe -- (AntiVirService)
SRV - [2011.05.21 20:07:20 | 000,040,960 | -H-- | M] () [Auto | Running] -- C:\Users\July\AppData\Roaming\OCS\SM\SearchAnonymizerHelper.exe -- (SearchAnonymizer)
SRV - [2011.04.29 08:23:14 | 000,136,360 | ---- | M] (Avira GmbH) [Auto | Running] -- C:\Program Files\Avira\AntiVir Desktop\sched.exe -- (AntiVirSchedulerService)
SRV - [2010.11.21 11:49:24 | 000,247,608 | ---- | M] () [Auto | Running] -- C:\Program Files\ICQ6Toolbar\ICQ Service.exe -- (ICQ Service)
SRV - [2009.11.12 11:34:14 | 000,036,352 | ---- | M] () [On_Demand | Stopped] -- C:\Program Files\OpenVPN\bin\openvpnserv.exe -- (OpenVPNService)
SRV - [2009.01.28 09:39:02 | 000,185,640 | ---- | M] (TeamViewer GmbH) [Auto | Running] -- C:\Program Files\TeamViewer\Version4\TeamViewer_Service.exe -- (TeamViewer4)
SRV - [2008.10.25 11:44:08 | 000,065,888 | -H-- | M] (Microsoft Corporation) [On_Demand | Stopped] -- D:\Microsoft Office\Office12\GrooveAuditService.exe -- (Microsoft Office Groove Audit Service)
SRV - [2008.08.27 01:52:14 | 000,159,744 | ---- | M] () [Auto | Running] -- C:\Program Files\System Control Manager\MSIService.exe -- (Micro Star SCM)
SRV - [2008.07.21 02:45:06 | 000,354,840 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files\Intel\Intel Matrix Storage Manager\IAANTMon.exe -- (IAANTMON) Intel(R)
SRV - [2008.05.23 07:54:42 | 000,120,168 | ---- | M] (TOSHIBA CORPORATION) [Disabled | Stopped] -- C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtSrv.exe -- (TOSHIBA Bluetooth Service)
SRV - [2008.05.01 04:41:12 | 000,815,104 | ---- | M] (Intel(R) Corporation) [Auto | Running] -- C:\Program Files\Intel\WiFi\bin\EvtEng.exe -- (EvtEng)
SRV - [2008.05.01 04:10:10 | 000,466,944 | ---- | M] (Intel(R) Corporation) [Auto | Running] -- C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe -- (RegSrvc)
SRV - [2008.03.03 16:05:02 | 000,079,400 | ---- | M] (Check Point Software Technologies LTD) [Auto | Running] -- C:\Windows\System32\ZoneLabs\vsmon.exe -- (vsmon)
SRV - [2008.01.21 04:23:32 | 000,272,952 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files\Windows Defender\mpsvc.dll -- (WinDefend)
SRV - [2005.11.17 15:18:52 | 001,527,900 | ---- | M] (MAGIX®) [On_Demand | Stopped] -- C:\Program Files\MAGIX\Common\Database\bin\fbserver.exe -- (FirebirdServerMAGIXInstance)
 
 
========== Driver Services (SafeList) ==========
 
DRV - [2011.06.28 18:52:47 | 000,138,192 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\Windows\System32\drivers\avipbb.sys -- (avipbb)
DRV - [2011.06.28 18:52:47 | 000,066,616 | ---- | M] (Avira GmbH) [File_System | Auto | Running] -- C:\Windows\System32\drivers\avgntflt.sys -- (avgntflt)
DRV - [2011.06.02 07:47:22 | 000,136,808 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\ssadmdm.sys -- (ssadmdm)
DRV - [2011.06.02 07:47:22 | 000,121,064 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\ssadbus.sys -- (ssadbus) SAMSUNG Android USB Composite Device driver (WDM)
DRV - [2011.06.02 07:47:22 | 000,114,280 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\ssadserd.sys -- (ssadserd) SAMSUNG Android USB Diagnostic Serial Port (WDM)
DRV - [2011.06.02 07:47:22 | 000,012,776 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\ssadmdfl.sys -- (ssadmdfl) SAMSUNG Android USB Modem (Filter)
DRV - [2010.12.21 07:55:02 | 000,030,312 | ---- | M] (Google Inc) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\ssadadb.sys -- (androidusb)
DRV - [2010.10.20 14:43:08 | 000,007,680 | ---- | M] (MSI) [Kernel | On_Demand | Stopped] -- C:\Program Files\MSI\Live Update 5\NTIOLib.sys -- (NTIOLib_1_0_4)
DRV - [2010.05.10 10:44:42 | 000,025,912 | ---- | M] (Your Corporation) [Kernel | On_Demand | Stopped] -- C:\Program Files\MSI\Live Update 5\msibios32_100507.sys -- (MSI_MSIBIOS_010507)
DRV - [2010.02.25 17:51:02 | 000,025,216 | ---- | M] (The OpenVPN Project) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\tap0901.sys -- (tap0901)
DRV - [2009.05.11 10:12:49 | 000,028,520 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\Windows\System32\drivers\ssmdrv.sys -- (ssmdrv)
DRV - [2009.04.11 06:45:24 | 000,113,664 | ---- | M] (Microsoft Corporation) [Kernel | Auto | Running] -- C:\Windows\System32\drivers\rmcast.sys -- (RMCAST) RMCAST (Pgm)
DRV - [2008.08.06 10:26:00 | 000,124,928 | ---- | M] (Realtek Corporation                                            ) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\Rtlh86.sys -- (RTL8169)
DRV - [2008.06.27 21:06:28 | 000,041,728 | ---- | M] (TOSHIBA CORPORATION) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\tosrfusb.sys -- (Tosrfusb)
DRV - [2008.06.10 18:35:00 | 003,839,488 | ---- | M] (ATI Technologies Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\atikmdag.sys -- (atikmdag)
DRV - [2008.05.14 01:16:06 | 000,064,000 | ---- | M] (TOSHIBA Corporation) [Kernel | System | Running] -- C:\Windows\System32\drivers\tosrfcom.sys -- (Tosrfcom)
DRV - [2008.04.29 11:31:00 | 000,143,328 | ---- | M] (Realtek Semiconductor Corp.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\RtHDMIV.sys -- (RTHDMIAzAudService)
DRV - [2008.04.28 15:29:26 | 003,658,752 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\NETw5v32.sys -- (NETw5v32) Intel(R)
DRV - [2008.04.27 20:07:44 | 000,909,824 | ---- | M] (Atheros Communications, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\athr.sys -- (athr)
DRV - [2008.04.24 02:15:26 | 000,131,712 | ---- | M] (TOSHIBA CORPORATION) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\tosrfbd.sys -- (tosrfbd)
DRV - [2008.04.08 16:41:34 | 000,140,832 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\USB_0064.sys -- (DVBUSB_0064_Sevice)
DRV - [2008.03.25 22:54:02 | 000,041,472 | ---- | M] (TOSHIBA Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\tosporte.sys -- (tosporte)
DRV - [2008.03.19 20:38:24 | 000,074,112 | ---- | M] (TOSHIBA Corporation.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\Tosrfhid.sys -- (Tosrfhid)
DRV - [2008.03.03 16:06:04 | 000,279,440 | ---- | M] (Check Point Software Technologies LTD) [Kernel | System | Running] -- C:\Windows\System32\drivers\vsdatant.sys -- (Vsdatant)
DRV - [2008.01.23 05:57:48 | 000,054,144 | ---- | M] (TOSHIBA Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\TosRfSnd.sys -- (TosRfSnd)
DRV - [2008.01.21 04:23:26 | 000,045,624 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\tpm.sys -- (TPM)
DRV - [2007.11.29 18:45:44 | 000,036,608 | ---- | M] (TOSHIBA Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\tosrfbnp.sys -- (tosrfbnp)
DRV - [2007.10.31 19:36:32 | 002,252,800 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\NETw4v32.sys -- (NETw4v32) Intel(R)
DRV - [2007.03.19 17:00:14 | 000,031,616 | ---- | M] () [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\RLVrtAuCbl.sys -- (ReallusionVirtualAudio)
DRV - [2005.01.07 14:42:00 | 000,018,612 | ---- | M] (TOSHIBA Corporation.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\tosrfnds.sys -- (tosrfnds)
 
 
========== Standard Registry (SafeList) ==========
 
 
========== Internet Explorer ==========
 
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://www.msi.com.tw
 
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://go.gmx.net/br/ie9_startpage
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Search_URL = hxxp://search.qip.ru
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = hxxp://search.qip.ru
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://go.gmx.net/tb/ie_startpage
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,StartPageCache = 1
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = hxxp://search.qip.ru/ie
IE - HKCU\..\URLSearchHook:  - No CLSID value found
IE - HKCU\..\URLSearchHook: {855F3B16-6D32-4fe6-8A56-BBB695989046} - C:\Program Files\ICQ6Toolbar\ICQToolBar.dll (ICQ)
IE - HKCU\..\URLSearchHook: {A55F9C95-2BB1-4EA2-BC77-DFAAB78832CE} - No CLSID value found
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = <local>
 
========== FireFox ==========
 
FF - prefs.js..browser.search.defaultenginename: "ICQ Search"
FF - prefs.js..browser.search.defaulturl: "hxxp://search.icq.com/search/afe_results.php?ch_id=afex&tb_ver=1.2.9&q="
FF - prefs.js..browser.search.selectedEngine: "Google"
FF - prefs.js..browser.search.useDBForOrder: true
FF - prefs.js..browser.startup.homepage: "hxxp://www.gmx.de/"
FF - prefs.js..extensions.enabledItems: toolbar@ask.com:3.11.3.15590
FF - prefs.js..extensions.enabledItems: {d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}:1.3.3
FF - prefs.js..extensions.enabledItems: {8AA36F4F-6DC7-4c06-77AF-5035170634FE}:2010.01.21
FF - prefs.js..keyword.URL: "hxxp://search.icq.com/search/afe_results.php?ch_id=afex&tb_ver=1.3.3&q="
FF - prefs.js..network.proxy.type: 4
 
FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF32.dll ()
FF - HKLM\Software\MozillaPlugins\@divx.com/DivX Browser Plugin,version=1.0.0: C:\Program Files\DivX\DivX Web Player\npdivx32.dll (DivX,Inc.)
FF - HKLM\Software\MozillaPlugins\@divx.com/DivX Player Plugin,version=1.0.0: C:\Program Files\DivX\DivX Player\npDivxPlayerPlugin.dll (DivX, Inc)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files\Java\jre6\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: C:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@videolan.org/vlc,version=0.9.8a: C:\Program Files\VideoLAN\VLC\npvlc.dll (the VideoLAN Team)
 
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 4.0b10\extensions\\Components: C:\Program Files\Mozilla Firefox 4.0 Beta 10\components [2011.09.08 17:14:09 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 4.0b10\extensions\\Plugins: C:\Program Files\Mozilla Firefox 4.0 Beta 10\plugins
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 6.0.2\extensions\\Components: C:\Program Files\Mozilla Firefox 4.0 Beta 10\components [2011.09.08 17:14:09 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 6.0.2\extensions\\Plugins: C:\Program Files\Mozilla Firefox 4.0 Beta 10\plugins
 
[2009.02.07 11:32:33 | 000,000,000 | -H-D | M] (No name found) -- C:\Users\July\AppData\Roaming\mozilla\Extensions
[2011.09.28 16:56:19 | 000,000,000 | -H-D | M] (No name found) -- C:\Users\July\AppData\Roaming\mozilla\Firefox\Profiles\9dktzsce.default\extensions
[2010.04.28 16:19:18 | 000,000,000 | -H-D | M] (Microsoft .NET Framework Assistant) -- C:\Users\July\AppData\Roaming\mozilla\Firefox\Profiles\9dktzsce.default\extensions\{20a82645-c095-46ed-80e3-08825760534b}
[2011.09.27 15:48:20 | 000,000,000 | -H-D | M] ("ICQ Toolbar") -- C:\Users\July\AppData\Roaming\mozilla\Firefox\Profiles\9dktzsce.default\extensions\{800b5000-a755-47e1-992b-48a1c1357f07}
[2009.02.07 11:41:51 | 000,000,000 | -H-D | M] (Password Bank) -- C:\Users\July\AppData\Roaming\mozilla\Firefox\Profiles\9dktzsce.default\extensions\passwordbank@upek.com
[2011.09.24 11:03:40 | 000,000,000 | -H-D | M] ("Ask Toolbar") -- C:\Users\July\AppData\Roaming\mozilla\Firefox\Profiles\9dktzsce.default\extensions\toolbar@ask.com
[2011.05.31 12:25:50 | 000,010,525 | -H-- | M] () -- C:\Users\July\AppData\Roaming\Mozilla\Firefox\Profiles\9dktzsce.default\searchplugins\gmx-suche.xml
[2011.09.27 15:02:40 | 000,000,950 | -H-- | M] () -- C:\Users\July\AppData\Roaming\Mozilla\Firefox\Profiles\9dktzsce.default\searchplugins\icqplugin-1.xml
[2011.08.17 10:55:16 | 000,000,950 | -H-- | M] () -- C:\Users\July\AppData\Roaming\Mozilla\Firefox\Profiles\9dktzsce.default\searchplugins\icqplugin-2.xml
[2011.08.18 19:37:27 | 000,000,950 | -H-- | M] () -- C:\Users\July\AppData\Roaming\Mozilla\Firefox\Profiles\9dktzsce.default\searchplugins\icqplugin-3.xml
[2011.08.21 13:16:51 | 000,000,950 | -H-- | M] () -- C:\Users\July\AppData\Roaming\Mozilla\Firefox\Profiles\9dktzsce.default\searchplugins\icqplugin-4.xml
[2011.08.31 18:53:47 | 000,000,950 | -H-- | M] () -- C:\Users\July\AppData\Roaming\Mozilla\Firefox\Profiles\9dktzsce.default\searchplugins\icqplugin-5.xml
[2011.09.08 17:55:36 | 000,000,950 | -H-- | M] () -- C:\Users\July\AppData\Roaming\Mozilla\Firefox\Profiles\9dktzsce.default\searchplugins\icqplugin-6.xml
[2011.09.25 17:27:46 | 000,000,168 | -H-- | M] () -- C:\Users\July\AppData\Roaming\Mozilla\Firefox\Profiles\9dktzsce.default\searchplugins\icqplugin.gif
[2011.09.25 17:27:46 | 000,000,618 | -H-- | M] () -- C:\Users\July\AppData\Roaming\Mozilla\Firefox\Profiles\9dktzsce.default\searchplugins\icqplugin.src
[2011.06.21 23:43:44 | 000,000,950 | -H-- | M] () -- C:\Users\July\AppData\Roaming\Mozilla\Firefox\Profiles\9dktzsce.default\searchplugins\icqplugin.xml
[2010.10.13 19:59:14 | 000,002,311 | -H-- | M] () -- C:\Users\July\AppData\Roaming\Mozilla\Firefox\Profiles\9dktzsce.default\searchplugins\qipsearch.xml
[2010.10.13 19:59:14 | 000,002,182 | -H-- | M] () -- C:\Users\July\AppData\Roaming\Mozilla\Firefox\Profiles\9dktzsce.default\searchplugins\{5A4CE7A1-8CED-4F08-9BAC-10CBC768DB40}.xml
[2010.10.13 19:59:14 | 000,002,071 | -H-- | M] () -- C:\Users\July\AppData\Roaming\Mozilla\Firefox\Profiles\9dktzsce.default\searchplugins\{959DBEBF-B491-4DEB-80E6-A0D5C2F63AA3}.xml
[2010.10.13 19:59:14 | 000,001,864 | -H-- | M] () -- C:\Users\July\AppData\Roaming\Mozilla\Firefox\Profiles\9dktzsce.default\searchplugins\{E51E7004-D3FE-4846-A581-F9280F80793A}.xml
[2011.05.22 23:15:40 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\mozilla firefox\extensions
[2010.10.31 14:25:16 | 000,000,000 | ---D | M] ("Citavi Picker") -- C:\Program Files\mozilla firefox\extensions\{8AA36F4F-6DC7-4c06-77AF-5035170634FE}
() (No name found) -- C:\USERS\JULY\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\9DKTZSCE.DEFAULT\EXTENSIONS\{D10D0BF8-F5B5-C8B4-A8B2-2B9879E08C5D}.XPI
() (No name found) -- C:\USERS\JULY\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\9DKTZSCE.DEFAULT\EXTENSIONS\TOOLBAR@GMX.NET.XPI
 
O1 HOSTS File: ([2011.05.21 20:08:46 | 000,000,761 | ---- | M]) - C:\Windows\System32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1       localhost
O1 - Hosts: ::1             localhost
O2 - BHO: (Adobe PDF Reader Link Helper) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll (Adobe Systems Incorporated)
O2 - BHO: (GMX Konfiguration) - {17166733-40EA-4432-A85C-AE672FF0E236} - C:\ProgramData\1und1InternetExplorerAddon\BHOXML.dll (1&1 Mail & Media GmbH)
O2 - BHO: (no name) - {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} - No CLSID value found.
O2 - BHO: (Groove GFS Browser Helper) - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - D:\Microsoft Office\Office12\GrooveShellExtensions.dll (Microsoft Corporation)
O2 - BHO: (GMX Toolbar BHO) - {BF42D4A8-016E-4fcd-B1EB-837659FD77C6} - C:\Program Files\GMX Toolbar\IE\uitb.dll (1und1 Mail und Media GmbH)
O2 - BHO: (QUICKfind BHO Object) - {C08DF07A-3E49-4E25-9AB0-D3882835F153} - C:\PROGRA~1\TEXTware\QUICKF~1\PlugIns\IEHelp.dll ()
O2 - BHO: (Ask Toolbar) - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files\Ask.com\GenericAskToolbar.dll (Ask)
O3 - HKLM\..\Toolbar: (no name) - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - No CLSID value found.
O3 - HKLM\..\Toolbar: (ICQToolBar) - {855F3B16-6D32-4FE6-8A56-BBB695989046} - C:\Program Files\ICQ6Toolbar\ICQToolBar.dll (ICQ)
O3 - HKLM\..\Toolbar: (TerraTec Home Cinema) - {AD6E6555-FB2C-47D4-8339-3E2965509877} - C:\PROGRA~1\TerraTec\TERRAT~1\THCDES~1.DLL (TerraTec Electronic GmbH)
O3 - HKLM\..\Toolbar: (GMX Toolbar BETA 1) - {C424171E-592A-415a-9EB1-DFD6D95D3530} - C:\Program Files\GMX Toolbar\IE\uitb.dll (1und1 Mail und Media GmbH)
O3 - HKLM\..\Toolbar: (Ask Toolbar) - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files\Ask.com\GenericAskToolbar.dll (Ask)
O3 - HKCU\..\Toolbar\WebBrowser: (GMX Toolbar BETA 1) - {C424171E-592A-415A-9EB1-DFD6D95D3530} - C:\Program Files\GMX Toolbar\IE\uitb.dll (1und1 Mail und Media GmbH)
O3 - HKCU\..\Toolbar\WebBrowser: (Ask Toolbar) - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files\Ask.com\GenericAskToolbar.dll (Ask)
O4 - HKLM..\Run: []  File not found
O4 - HKLM..\Run: [ApnUpdater] C:\Program Files\Ask.com\Updater\Updater.exe (Ask)
O4 - HKLM..\Run: [avgnt] C:\Program Files\Avira\AntiVir Desktop\avgnt.exe (Avira GmbH)
O4 - HKLM..\Run: [GrooveMonitor] D:\Microsoft Office\Office12\GrooveMonitor.exe (Microsoft Corporation)
O4 - HKLM..\Run: [IAAnotif] C:\Program Files\Intel\Intel Matrix Storage Manager\iaanotif.exe (Intel Corporation)
O4 - HKLM..\Run: [ITSecMng] C:\Program Files\TOSHIBA\Bluetooth Toshiba Stack\ItSecMng.exe ( TOSHIBA CORPORATION)
O4 - HKLM..\Run: [Live Update 5] C:\Program Files\MSI\Live Update 5\LU5.exe ()
O4 - HKLM..\Run: [MGSysCtrl] C:\Program Files\System Control Manager\MGSysCtrl.exe (Mirco-Star International  CO., LTD.)
O4 - HKLM..\Run: [Ocs_SM] C:\Users\July\AppData\Roaming\OCS\SM\SearchAnonymizer.exe (OCS)
O4 - HKLM..\Run: [PSQLLauncher] C:\Program Files\Protector Suite QL\launcher.exe (UPEK Inc.)
O4 - HKLM..\Run: [RtHDVCpl] C:\Windows\RtHDVCpl.exe (Realtek Semiconductor)
O4 - HKLM..\Run: [StartCCC] C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe (Advanced Micro Devices, Inc.)
O4 - HKLM..\Run: [Windows Defender] C:\Program Files\Windows Defender\MSASCui.exe (Microsoft Corporation)
O4 - HKLM..\Run: [ZoneAlarm Client] C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe (Check Point Software Technologies LTD)
O4 - HKCU..\Run: [kwlfon] rundll32 C:\Users\July\AppData\Roaming\MICROS~1\Protect\espa.kk, qjok File not found
O4 - HKCU..\Run: [uIHokJiHsVWWMqk.exe] C:\ProgramData\uIHokJiHsVWWMqk.exe (NetPlay Software)
O4 - Startup: C:\Users\July\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\dxdiag.exe ()
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: DisableCAD = 1
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O8 - Extra context menu item: Nach Microsoft E&xel exportieren - D:\Microsoft Office\Office12\EXCEL.EXE (Microsoft Corporation)
O9 - Extra Button: An OneNote senden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - D:\Microsoft Office\Office12\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : An OneNote s&enden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - D:\Microsoft Office\Office12\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra Button: ICQ7.5 - {7578ADEA-D65F-4C89-A249-B1C88B6FFC20} - C:\Program Files\ICQ7.5\ICQ.exe (ICQ, LLC.)
O9 - Extra 'Tools' menuitem : ICQ7.5 - {7578ADEA-D65F-4C89-A249-B1C88B6FFC20} - C:\Program Files\ICQ7.5\ICQ.exe (ICQ, LLC.)
O9 - Extra Button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - D:\Microsoft Office\Office12\REFIEBAR.DLL (Microsoft Corporation)
O13 - gopher Prefix: missing
O16 - DPF: {08631890-6059-4255-B37F-F23AD334D122} hxxp://epis.ewha.ac.kr:8880/EP/web/common/cabfiles/ACUBEActiveXUninstallControl.cab (ACUBEActiveXUninstallControl Control)
O16 - DPF: {1CCA7AD8-4FF3-4449-B994-FD5CD326444C} hxxp://portal.ewha.ac.kr/sso/plugins/NMPCertX.cab (NMPCertX Class)
O16 - DPF: {3D64E58D-CB55-4344-B809-CFE38F900838} hxxp://portal.ewha.ac.kr/sso/plugins/MagicLoaderX.cab (MagicLoaderX Class)
O16 - DPF: {5441F297-BB6C-4D6C-9E05-4FD14D96B605} hxxp://epis.ewha.ac.kr:8880/EP/web/common/cabfiles/IE8Tools.cab (BlockIEDevTools Class)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_26-windows-i586.cab (Java Plug-in 1.6.0_26)
O16 - DPF: {9D67EBF0-AF1A-4BCE-BAC9-C84A9383E0B3} hxxp://epis.ewha.ac.kr:8880/EP/web/common/cabfiles/UniSSOCheck.cab (SSOCheck Class)
O16 - DPF: {AD6870C0-44B7-42FB-A119-C2C6BD9CD005} hxxp://portal.ewha.ac.kr/sso/plugins/MagicPassX.cab (MagicPass Class)
O16 - DPF: {CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_07-windows-i586.cab (Java Plug-in 1.6.0_07)
O16 - DPF: {CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_26-windows-i586.cab (Java Plug-in 1.6.0_26)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_26-windows-i586.cab (Java Plug-in 1.6.0_26)
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} hxxp://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab (Shockwave Flash Object)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 203.246.162.253 164.124.101.2
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{15BE69AD-4DBE-4023-9B54-69446053DA77}: DhcpNameServer = 203.246.162.253 164.124.101.2
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{C637203B-0434-4E9D-A134-A672011AA19A}: DhcpNameServer = 192.168.1.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{D15839B7-19BA-4F02-9A0F-33F07989504C}: DhcpNameServer = 193.22.254.22
O18 - Protocol\Handler\gmx {8FAF0273-9CA8-4efc-9536-1E35E254D5CD} - C:\Program Files\GMX Toolbar\IE\uitb.dll (1und1 Mail und Media GmbH)
O18 - Protocol\Handler\grooveLocalGWS {88FED34C-F0CA-4636-A375-3CB6248B04CD} - D:\Microsoft Office\Office12\GrooveSystemServices.dll (Microsoft Corporation)
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL (Skype Technologies)
O18 - Protocol\Filter\text/xml {807563E5-5146-11D5-A672-00B0D022E945} - C:\PROGRA~1\COMMON~1\MICROS~1\OFFICE12\MSOXMLMF.DLL (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (explorer.exe) -C:\Windows\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) -C:\Windows\System32\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: GinaDLL - (vrlogon.dll) -C:\Windows\System32\vrlogon.dll (UPEK Inc.)
O20 - Winlogon\Notify\psfus: DllName - (C:\Windows\system32\psqlpwd.dll) - C:\Windows\System32\psqlpwd.dll (UPEK Inc.)
O24 - Desktop WallPaper: C:\Users\Public\Pictures\Sample Pictures\Autumn Leaves.jpg
O24 - Desktop BackupWallPaper: C:\Users\Public\Pictures\Sample Pictures\Autumn Leaves.jpg
O28 - HKLM ShellExecuteHooks: {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - D:\Microsoft Office\Office12\GrooveShellExtensions.dll (Microsoft Corporation)
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2009.03.03 13:02:11 | 000,000,057 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]
O33 - MountPoints2\{28bfba81-5345-11de-90e2-002185560a86}\Shell\AutoRun\command - "" = F:\setup.exe
O33 - MountPoints2\{4d26b746-f784-11de-8f33-002185560a86}\Shell - "" = AutoRun
O33 - MountPoints2\{4d26b746-f784-11de-8f33-002185560a86}\Shell\AutoRun\command - "" = H:\LaunchU3.exe -a
O33 - MountPoints2\{8af45932-0cd9-11e0-9e6d-002185560a86}\Shell - "" = AutoRun
O33 - MountPoints2\{8af45932-0cd9-11e0-9e6d-002185560a86}\Shell\AutoRun\command - "" = G:\LaunchU3.exe -a
O33 - MountPoints2\{9efac829-7f50-11de-8319-002185560a86}\Shell - "" = AutoRun
O33 - MountPoints2\{9efac829-7f50-11de-8319-002185560a86}\Shell\AutoRun\command - "" = G:\LaunchU3.exe -a
O33 - MountPoints2\G\Shell - "" = AutoRun
O33 - MountPoints2\G\Shell\AutoRun\command - "" = G:\LaunchU3.exe -a
O34 - HKLM BootExecute: (autocheck autochk *)
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
 
========== Files/Folders - Created Within 30 Days ==========
 
[2011.09.28 13:00:49 | 000,000,000 | -H-D | C] -- C:\Users\July\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Data Repair
[2011.09.28 13:00:02 | 000,346,624 | -H-- | C] (NetPlay Software) -- C:\ProgramData\6DSS92c31Apgjk.exe
[2011.09.28 12:51:09 | 000,458,752 | -H-- | C] (NetPlay Software) -- C:\ProgramData\uIHokJiHsVWWMqk.exe
[2011.09.21 06:04:19 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\CyberGhost VPN
[2011.09.21 06:03:35 | 000,000,000 | -H-D | C] -- C:\Users\July\AppData\Roaming\EurekaLog
[2011.09.16 09:22:21 | 000,025,216 | ---- | C] (The OpenVPN Project) -- C:\Windows\System32\drivers\tap0901.sys
[2011.09.16 09:22:15 | 000,000,000 | -H-D | C] -- C:\CyberGhost VPN
[2011.09.16 07:00:39 | 000,000,000 | -H-D | C] -- C:\Users\July\AppData\Roaming\JonDo
[2011.09.16 06:58:27 | 000,000,000 | -H-D | C] -- C:\Users\July\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\JAP
[2011.09.16 06:58:27 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\JAP
[2011.09.16 06:57:05 | 000,000,000 | ---D | C] -- C:\Program Files\JAP
[2011.09.16 06:09:51 | 000,000,000 | ---D | C] -- C:\Program Files\CyberGhost VPN
[2011.09.14 09:25:29 | 000,000,000 | ---D | C] -- C:\Program Files\DreamSecurity
[2011.09.14 09:13:44 | 000,110,592 | ---- | C] (Samsung SDS) -- C:\Windows\System32\UniSSOCheck.dll
[2011.09.14 09:13:44 | 000,000,000 | ---D | C] -- C:\Program Files\Samsung SDS
[2011.09.10 20:44:17 | 000,000,000 | -H-D | C] -- C:\Users\July\AppData\Roaming\Reallusion
[2011.09.10 20:44:17 | 000,000,000 | -H-D | C] -- D:\My Dropbox\Documents\CamSuite Gallery
[2011.09.07 16:26:51 | 000,000,000 | -H-D | C] -- C:\Users\July\.dreamsecurity
[2011.09.07 15:51:31 | 000,000,000 | -H-D | C] -- C:\ProgramData\UUdb
[2011.09.07 10:18:59 | 000,000,000 | -H-D | C] -- C:\Users\July\Desktop\course syllabus
[6 C:\Users\July\Desktop\*.tmp files -> C:\Users\July\Desktop\*.tmp -> ]
[3 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]
[1 C:\Windows\System32\drivers\*.tmp files -> C:\Windows\System32\drivers\*.tmp -> ]
 
========== Files - Modified Within 30 Days ==========
 
[2011.09.30 15:30:52 | 000,352,615 | -H-- | M] () -- C:\Windows\System32\drivers\vsconfig.xml
[2011.09.30 15:30:42 | 000,003,216 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0
[2011.09.30 15:30:42 | 000,003,216 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0
[2011.09.30 15:30:27 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2011.09.30 15:29:41 | 3220,340,736 | -HS- | M] () -- C:\hiberfil.sys
[2011.09.28 13:25:03 | 000,000,208 | -H-- | M] () -- C:\ProgramData\~6DSS92c31Apgjk
[2011.09.28 13:25:03 | 000,000,128 | -H-- | M] () -- C:\ProgramData\~6DSS92c31Apgjkr
[2011.09.28 13:08:12 | 000,626,790 | ---- | M] () -- C:\Windows\System32\perfh007.dat
[2011.09.28 13:08:12 | 000,594,224 | ---- | M] () -- C:\Windows\System32\perfh009.dat
[2011.09.28 13:08:12 | 000,126,388 | ---- | M] () -- C:\Windows\System32\perfc007.dat
[2011.09.28 13:08:12 | 000,104,038 | ---- | M] () -- C:\Windows\System32\perfc009.dat
[2011.09.28 13:06:45 | 000,000,456 | -H-- | M] () -- C:\ProgramData\6DSS92c31Apgjk
[2011.09.28 13:00:49 | 000,000,613 | -H-- | M] () -- C:\Users\July\Desktop\Data Repair.lnk
[2011.09.28 13:00:02 | 000,346,624 | -H-- | M] (NetPlay Software) -- C:\ProgramData\6DSS92c31Apgjk.exe
[2011.09.28 12:50:13 | 000,458,752 | -H-- | M] (NetPlay Software) -- C:\ProgramData\uIHokJiHsVWWMqk.exe
[2011.09.27 09:32:27 | 255,819,054 | ---- | M] () -- C:\Windows\MEMORY.DMP
[2011.09.15 10:25:00 | 000,016,896 | -H-- | M] () -- C:\Users\July\Desktop\EKLES_Form (2).hwp
[2011.09.14 08:59:52 | 000,404,640 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\System32\FlashPlayerCPLApp.cpl
[6 C:\Users\July\Desktop\*.tmp files -> C:\Users\July\Desktop\*.tmp -> ]
[3 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]
[1 C:\Windows\System32\drivers\*.tmp files -> C:\Windows\System32\drivers\*.tmp -> ]
 
========== Files Created - No Company Name ==========
 
[2011.09.28 13:25:03 | 000,000,128 | -H-- | C] () -- C:\ProgramData\~6DSS92c31Apgjkr
[2011.09.28 13:25:02 | 000,000,208 | -H-- | C] () -- C:\ProgramData\~6DSS92c31Apgjk
[2011.09.28 13:00:49 | 000,000,613 | -H-- | C] () -- C:\Users\July\Desktop\Data Repair.lnk
[2011.09.28 13:00:39 | 000,000,456 | -H-- | C] () -- C:\ProgramData\6DSS92c31Apgjk
[2011.09.28 12:57:11 | 3220,340,736 | -HS- | C] () -- C:\hiberfil.sys
[2011.09.15 11:18:49 | 000,016,896 | -H-- | C] () -- C:\Users\July\Desktop\EKLES_Form (2).hwp
[2011.06.07 11:13:38 | 000,974,848 | ---- | C] () -- C:\Windows\System32\cis-2.4.dll
[2011.06.07 11:13:38 | 000,081,920 | ---- | C] () -- C:\Windows\System32\issacapi_bs-2.3.dll
[2011.06.07 11:13:38 | 000,065,536 | ---- | C] () -- C:\Windows\System32\issacapi_pe-2.3.dll
[2011.06.07 11:13:38 | 000,057,344 | ---- | C] () -- C:\Windows\System32\issacapi_se-2.3.dll
[2011.06.07 11:13:38 | 000,030,568 | ---- | C] () -- C:\Windows\MusiccityDownload.exe
[2011.05.19 22:21:26 | 000,000,034 | ---- | C] () -- C:\Windows\cdplayer.ini
[2011.03.06 16:47:26 | 000,000,048 | -H-- | C] () -- C:\Windows\System32\ezsidmv.dat
[2011.03.05 11:28:22 | 000,000,306 | RHS- | C] () -- C:\ProgramData\ntuser.pol
[2010.05.17 12:36:53 | 000,081,920 | ---- | C] () -- C:\Windows\System32\GkSui20.EXE
[2009.11.01 19:50:05 | 000,000,680 | -H-- | C] () -- C:\Users\July\AppData\Local\d3d9caps.dat
[2009.10.20 19:50:29 | 000,117,248 | ---- | C] () -- C:\Windows\System32\EhStorAuthn.dll
[2009.10.20 19:50:29 | 000,107,612 | ---- | C] () -- C:\Windows\System32\StructuredQuerySchema.bin
[2009.02.24 07:59:53 | 000,018,904 | ---- | C] () -- C:\Windows\System32\StructuredQuerySchemaTrivial.bin
[2009.02.14 15:13:24 | 000,000,061 | ---- | C] () -- C:\Windows\TEXTware.ini
[2009.02.14 15:13:22 | 000,147,456 | ---- | C] () -- C:\Windows\System32\Twavbx32.dll
[2009.02.14 15:13:21 | 000,115,200 | ---- | C] () -- C:\Windows\System32\UnzDll.dll
[2009.02.14 15:13:21 | 000,113,288 | ---- | C] () -- C:\Windows\System32\bass.dll
[2009.02.14 15:13:21 | 000,090,112 | ---- | C] () -- C:\Windows\System32\idiom010227.dll
[2009.02.14 15:13:18 | 000,143,360 | ---- | C] () -- C:\Windows\System32\ILXTBS.DLL
[2009.02.07 17:37:26 | 000,147,456 | -H-- | C] () -- C:\Users\July\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2009.02.07 12:16:42 | 000,006,642 | ---- | C] () -- C:\Windows\mgxoschk.ini
[2009.02.07 11:32:33 | 000,000,000 | ---- | C] () -- C:\Windows\nsreg.dat
[2009.02.07 11:24:36 | 000,839,854 | ---- | C] () -- C:\ProgramData\LuUninstall.LiveUpdate
[2009.02.07 00:32:05 | 000,031,616 | ---- | C] () -- C:\Windows\System32\drivers\RLVrtAuCbl.sys
[2008.09.20 02:22:22 | 000,000,000 | ---- | C] () -- C:\Windows\tosOBEX.INI
[2008.09.19 18:43:14 | 000,000,000 | ---- | C] () -- C:\Windows\ativpsrm.bin
[2008.09.19 18:40:27 | 003,107,788 | ---- | C] () -- C:\Windows\System32\atiumdva.dat
[2008.06.10 16:13:00 | 000,159,744 | ---- | C] () -- C:\Windows\System32\atitmmxx.dll
[2008.06.10 11:50:00 | 000,174,819 | ---- | C] () -- C:\Windows\System32\atiicdxx.dat
[2008.04.08 16:41:34 | 000,140,832 | ---- | C] () -- C:\Windows\System32\drivers\USB_0064.sys
[2008.03.05 14:38:00 | 000,090,112 | ---- | C] () -- C:\Windows\System32\atibrtmon.exe
[2007.12.22 01:46:32 | 000,118,784 | ---- | C] () -- C:\Windows\System32\TosBtAcc.dll
[2006.11.02 14:57:28 | 000,067,584 | --S- | C] () -- C:\Windows\bootstat.dat
[2006.11.02 14:47:37 | 000,414,264 | ---- | C] () -- C:\Windows\System32\FNTCACHE.DAT
[2006.11.02 14:35:32 | 000,005,632 | ---- | C] () -- C:\Windows\System32\sysprepMCE.dll
[2006.11.02 12:33:01 | 000,594,224 | ---- | C] () -- C:\Windows\System32\perfh009.dat
[2006.11.02 12:33:01 | 000,287,440 | ---- | C] () -- C:\Windows\System32\perfi009.dat
[2006.11.02 12:33:01 | 000,104,038 | ---- | C] () -- C:\Windows\System32\perfc009.dat
[2006.11.02 12:33:01 | 000,030,674 | ---- | C] () -- C:\Windows\System32\perfd009.dat
[2006.11.02 12:23:21 | 000,215,943 | ---- | C] () -- C:\Windows\System32\dssec.dat
[2006.11.02 10:58:30 | 000,043,131 | ---- | C] () -- C:\Windows\mib.bin
[2006.11.02 10:19:00 | 000,000,741 | ---- | C] () -- C:\Windows\System32\NOISE.DAT
[2006.11.02 09:40:29 | 000,013,750 | ---- | C] () -- C:\Windows\System32\pacerprf.ini
[2006.11.02 09:25:31 | 000,673,088 | ---- | C] () -- C:\Windows\System32\mlang.dat
[2005.07.23 06:30:18 | 000,065,536 | ---- | C] () -- C:\Windows\System32\TosCommAPI.dll
[2002.03.05 04:53:43 | 000,290,748 | ---- | C] () -- C:\Windows\System32\perfi007.dat
[2002.03.05 04:53:42 | 000,626,790 | ---- | C] () -- C:\Windows\System32\perfh007.dat
[2002.03.05 04:53:42 | 000,126,388 | ---- | C] () -- C:\Windows\System32\perfc007.dat
[2002.03.05 04:53:42 | 000,036,916 | ---- | C] () -- C:\Windows\System32\perfd007.dat
 
========== LOP Check ==========
 
[2011.07.14 14:22:26 | 000,000,000 | -H-D | M] -- C:\Users\July\AppData\Roaming\1&1 Mail & Media GmbH
[2010.10.31 17:25:17 | 000,000,000 | -H-D | M] -- C:\Users\July\AppData\Roaming\Academic Software Zurich
[2009.12.31 23:32:10 | 000,000,000 | -H-D | M] -- C:\Users\July\AppData\Roaming\bible2.net
[2010.01.11 19:51:26 | 000,000,000 | -H-D | M] -- C:\Users\July\AppData\Roaming\Desktopicon
[2011.07.30 22:16:26 | 000,000,000 | -H-D | M] -- C:\Users\July\AppData\Roaming\Disk Cleaner
[2011.05.21 19:38:37 | 000,000,000 | -H-D | M] -- C:\Users\July\AppData\Roaming\Dropbox
[2011.08.19 12:48:15 | 000,000,000 | -H-D | M] -- C:\Users\July\AppData\Roaming\EAC
[2009.04.27 09:43:37 | 000,000,000 | -H-D | M] -- C:\Users\July\AppData\Roaming\Elluminate
[2011.09.21 06:03:35 | 000,000,000 | -H-D | M] -- C:\Users\July\AppData\Roaming\EurekaLog
[2011.09.25 14:41:10 | 000,000,000 | -H-D | M] -- C:\Users\July\AppData\Roaming\ICQ
[2010.10.13 19:38:52 | 000,000,000 | -H-D | M] -- C:\Users\July\AppData\Roaming\ICQLite
[2009.02.07 00:37:40 | 000,000,000 | -H-D | M] -- C:\Users\July\AppData\Roaming\Infineon
[2011.07.28 22:17:35 | 000,000,000 | -H-D | M] -- C:\Users\July\AppData\Roaming\IrfanView
[2011.09.16 07:08:23 | 000,000,000 | -H-D | M] -- C:\Users\July\AppData\Roaming\JonDo
[2009.03.04 13:46:08 | 000,000,000 | -H-D | M] -- C:\Users\July\AppData\Roaming\MAGIX
[2010.10.13 19:58:58 | 000,000,000 | -H-D | M] -- C:\Users\July\AppData\Roaming\OCS
[2009.02.07 13:00:51 | 000,000,000 | -H-D | M] -- C:\Users\July\AppData\Roaming\OpenOffice.org
[2010.10.13 19:59:14 | 000,000,000 | -H-D | M] -- C:\Users\July\AppData\Roaming\Opera
[2009.02.07 12:10:01 | 000,000,000 | -H-D | M] -- C:\Users\July\AppData\Roaming\Protector Suite
[2010.10.11 19:48:29 | 000,000,000 | -H-D | M] -- C:\Users\July\AppData\Roaming\QIP
[2011.07.25 18:49:27 | 000,000,000 | -H-D | M] -- C:\Users\July\AppData\Roaming\Samsung
[2009.02.07 15:46:56 | 000,000,000 | -H-D | M] -- C:\Users\July\AppData\Roaming\TeamViewer
[2009.02.09 21:09:13 | 000,000,000 | -H-D | M] -- C:\Users\July\AppData\Roaming\TerraTec
[2010.08.20 21:39:53 | 000,000,000 | -H-D | M] -- C:\Users\July\AppData\Roaming\TippKönigin
[2009.02.07 14:51:41 | 000,000,000 | -H-D | M] -- C:\Users\July\AppData\Roaming\Toolbars
[2010.05.01 22:01:36 | 000,000,000 | -H-D | M] -- C:\Users\July\AppData\Roaming\Ulead Systems
[2011.09.30 15:27:57 | 000,032,516 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT
 
========== Purity Check ==========
 
 

< End of report >
         
--- --- ---


Extras-Datei:
OTL Logfile:
Code:
ATTFilter
OTL Extras logfile created on: 30.09.2011 15:40:16 - Run 1
OTL by OldTimer - Version 3.2.29.1     Folder = D:\download
Windows Vista Home Premium Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
 
3,00 Gb Total Physical Memory | 1,68 Gb Available Physical Memory | 56,06% Memory free
6,19 Gb Paging File | 4,96 Gb Available in Paging File | 80,15% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 43,95 Gb Total Space | 1,48 Gb Free Space | 3,37% Space Free | Partition Type: NTFS
Drive D: | 246,33 Gb Total Space | 46,53 Gb Free Space | 18,89% Space Free | Partition Type: NTFS
 
Computer Name: JULYSLAPTOP | User Name: July | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
 
========== Extra Registry (SafeList) ==========
 
 
========== File Associations ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- C:\Windows\System32\control.exe (Microsoft Corporation)
.hlp [@ = hlpfile] -- C:\Windows\winhlp32.exe (Microsoft Corporation)
 
[HKEY_CURRENT_USER\SOFTWARE\Classes\<extension>]
.html [@ = FirefoxHTML] -- C:\Program Files\Mozilla Firefox 4.0 Beta 10\firefox.exe (Mozilla Corporation)
 
========== Shell Spawning ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
hlpfile [open] -- %SystemRoot%\winhlp32.exe %1 (Microsoft Corporation)
htmlfile [edit] -- "D:\Microsoft Office\Office12\msohtmed.exe" %1 (Microsoft Corporation)
htmlfile [print] -- "D:\Microsoft Office\Office12\msohtmed.exe" /p %1 (Microsoft Corporation)
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [AddToPlaylistVLC] -- C:\Program Files\VideoLAN\VLC\vlc.exe --started-from-file --playlist-enqueue "%1" ()
Directory [Browse with &IrfanView] -- "C:\Program Files\IrfanView\i_view32.exe" "%1 /thumbs" (Irfan Skiljan)
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [OneNote.Open] -- D:\MICROS~1\Office12\ONENOTE.EXE "%L" (Microsoft Corporation)
Directory [PlayWithVLC] -- C:\Program Files\VideoLAN\VLC\vlc.exe --started-from-file --no-playlist-enqueue "%1" ()
Folder [open] -- %SystemRoot%\Explorer.exe /separate,/idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /separate,/e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
 
========== Security Center Settings ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1
"UacDisableNotify" = 0
"InternetSettingsDisableNotify" = 0
"AutoUpdateDisableNotify" = 0
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
"DisableMonitoring" = 1
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus]
"DisableMonitoring" = 1
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall]
"DisableMonitoring" = 1
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ZoneLabsFirewall]
"DisableMonitoring" = 1
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 1
"VistaSp1" = Reg Error: Unknown registry data type -- File not found
"VistaSp2" = Reg Error: Unknown registry data type -- File not found
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]
 
========== Firewall Settings ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"EnableFirewall" = 0
"DisableNotifications" = 0
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall" = 0
"DisableNotifications" = 0
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"EnableFirewall" = 0
"DisableNotifications" = 0
"DoNotAllowExceptions" = 0
 
========== Authorized Applications List ==========
 
 
========== Vista Active Open Ports Exception List ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{09E6D8EE-1D57-4CFA-A93E-55D8B011F3E4}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe | 
"{0E96BDC4-C384-4F9C-A786-8DB16154FCE3}" = lport=3702 | protocol=17 | dir=in | svc=fdrespub | app=%systemroot%\system32\svchost.exe | 
"{48855D5F-9C20-4997-8902-E7D48A9E572A}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe | 
"{581C0D46-015B-4995-AC61-2C97243A51DE}" = lport=3702 | protocol=17 | dir=in | svc=fdphost | app=%systemroot%\system32\svchost.exe | 
"{597EAEE0-CCCD-499F-8479-382D903FEFCF}" = lport=6004 | protocol=17 | dir=in | app=d:\microsoft office\office12\outlook.exe | 
"{7A96E5C7-3BE4-477B-9CF2-C4E8DE29BB97}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe | 
"{C7F82379-F4DB-449C-B480-FF378E443D5B}" = rport=3702 | protocol=17 | dir=out | svc=fdphost | app=%systemroot%\system32\svchost.exe | 
"{DC4E30C8-D931-4838-A7BA-F6B68C9DB744}" = lport=135 | protocol=6 | dir=in | svc=rpcss | app=c:\windows\system32\svchost.exe | 
"{DD37841E-B67A-4F1E-A700-1592F3A5C321}" = rport=3702 | protocol=17 | dir=out | svc=fdrespub | app=%systemroot%\system32\svchost.exe | 
"{FB8CB996-2361-4037-B1DB-F754A68B1A45}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe | 
 
========== Vista Active Application Exception List ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{01CD2E4A-2A47-4E71-B018-480738480B54}" = protocol=17 | dir=in | app=d:\microsoft office\office12\onenote.exe | 
"{095F1158-C76F-404D-B39D-60345BF473CF}" = protocol=17 | dir=in | app=c:\windows\system32\muzapp.exe | 
"{0F2084F6-1CDC-4F4A-9A7F-9C3D3D5CADC3}" = protocol=6 | dir=in | app=c:\windows\system32\plasrv.exe | 
"{1962FA8E-D336-472B-8FB0-6CC509AE07D1}" = protocol=6 | dir=in | app=c:\program files\icq7.5\icq.exe | 
"{28BB33C4-CEA9-4DB2-850B-F5A2B7602EEB}" = protocol=17 | dir=in | app=c:\program files\icq7.5\icq.exe | 
"{2BFE529D-DB15-443C-BC0F-4BE1FEFCAD5C}" = protocol=6 | dir=in | app=c:\program files\icq7.5\icq.exe | 
"{2F234946-5417-4D67-ADCF-106D37CDA941}" = protocol=6 | dir=in | app=c:\users\july\appdata\roaming\dropbox\bin\dropbox.exe | 
"{365ACB67-B936-4CC1-9572-C15A9BD06D8B}" = protocol=17 | dir=in | app=c:\users\july\appdata\roaming\dropbox\bin\dropbox.exe | 
"{7109B1BD-336D-4AD2-B97D-65F0251419E0}" = protocol=17 | dir=in | app=c:\program files\terratec\terratec home cinema\cinergydvr.exe | 
"{72C1DD05-F754-4D2D-A68B-A5D59376F47C}" = protocol=6 | dir=in | app=c:\program files\icq7.5\icq.exe | 
"{98B9BDDA-8A90-49EB-8937-EC8D731128B1}" = protocol=17 | dir=in | app=c:\program files\terratec\terratec home cinema\insttool.exe | 
"{9D505DBC-B6D1-421D-BA32-555ECEC96B85}" = protocol=17 | dir=in | app=d:\microsoft office\office12\groove.exe | 
"{A40743B6-6D78-4893-978E-3904CEA86F2D}" = protocol=6 | dir=in | app=c:\program files\terratec\terratec home cinema\tvtvsetup\tvtv_wizard.exe | 
"{A5ED0936-6363-4025-9FA3-88FB0D1B949F}" = protocol=17 | dir=in | app=c:\program files\icq7.5\icq.exe | 
"{A840F394-C630-4994-9EF1-C9289AAAA475}" = protocol=6 | dir=in | app=d:\microsoft office\office12\onenote.exe | 
"{A8904B58-0900-47CB-9981-BAB6029ED5F1}" = dir=in | app=c:\program files\skype\plugin manager\skypepm.exe | 
"{AB16F888-359A-4A32-9E98-A71BBAEE778E}" = protocol=6 | dir=in | app=d:\microsoft office\office12\groove.exe | 
"{AF6A24E2-825E-4642-A4EF-10735ADC638A}" = protocol=17 | dir=in | app=c:\program files\icq7.5\icq.exe | 
"{B2EC6567-7D00-437C-A3DF-D42B2AEFD95D}" = protocol=6 | dir=in | app=c:\windows\system32\muzapp.exe | 
"{B6661B59-FE2C-419E-B0CF-90613340D301}" = protocol=6 | dir=in | app=c:\program files\terratec\terratec home cinema\cinergydvr.exe | 
"{B88EAD91-30B2-4238-A9D8-EADA48CEEF00}" = dir=in | app=c:\program files\skype\phone\skype.exe | 
"{C99052E1-73F6-426E-A610-72A5FD4C1D19}" = protocol=6 | dir=in | app=c:\program files\terratec\terratec home cinema\insttool.exe | 
"{DECA3888-4FED-4266-8A3B-F6192AB569F0}" = protocol=17 | dir=in | app=c:\program files\terratec\terratec home cinema\tvtvsetup\tvtv_wizard.exe | 
"{FF145D1C-C388-4F6A-B5DA-9AF0C0076E4F}" = protocol=6 | dir=out | svc=upnphost | app=%systemroot%\system32\svchost.exe | 
"TCP Query User{D21565E6-51EC-4815-8D2B-50722B89D3F1}C:\program files\qip\qip.exe" = protocol=6 | dir=in | app=c:\program files\qip\qip.exe | 
"TCP Query User{DEA72C7F-EB24-4ACC-89EC-D213B1A38454}C:\program files\terratec\terratec home cinema\versioncheck\versioncheck.exe" = protocol=6 | dir=in | app=c:\program files\terratec\terratec home cinema\versioncheck\versioncheck.exe | 
"UDP Query User{B1A9E6C7-882E-4E90-970B-00D6F039F5A1}C:\program files\terratec\terratec home cinema\versioncheck\versioncheck.exe" = protocol=17 | dir=in | app=c:\program files\terratec\terratec home cinema\versioncheck\versioncheck.exe | 
"UDP Query User{E16AC443-F076-4E56-93EC-45C063086DE0}C:\program files\qip\qip.exe" = protocol=17 | dir=in | app=c:\program files\qip\qip.exe | 
 
========== HKEY_LOCAL_MACHINE Uninstall List ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{009E5DF2-3F97-480B-89DA-F2D5E672E14A}_is1" = Live Update 5
"{052FDD78-A6EA-3187-8386-C82F4CA3A929}" = Microsoft .NET Framework 3.5 Language Pack SP1 - deu
"{07690F1C-04B1-4060-9691-6748ED1826B9}" = MSI Software Install
"{0A35B15C-9CCD-4C0C-BD5B-34ABF8C95813}_is1" = ICQ 7.5 Build #5242 Banner Remover 1.1
"{0B3973ED-EB50-5888-7538-1E635CF19C75}" = CCC Help Chinese Standard
"{18D10072035C4515918F7E37EAFAACFC}" = AutoUpdate
"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
"{23B14BE4-5277-40B2-B602-3FCD456C27BC}" = Protector Suite QL 5.8
"{26921B2E-3E62-47F9-A514-1FC4A83BD738}" = Intel(R) PROSet/Wireless WiFi Software
"{26A24AE4-039D-4CA4-87B4-2F83216026FF}" = Java(TM) 6 Update 26
"{28006915-2739-4EBE-B5E8-49B25D32EB33}" = Atheros Client Installation Program
"{2892E1B7-E24D-4CCB-B8A7-B63D4B66F89F}" = BurnRecovery
"{289338AE-2213-4509-AED2-450414C1260C}_is1" = ICQ Update Patch 1.7
"{294BB21B-0091-492F-87D2-A9192DA3E448}" = System Requirements Lab for Intel
"{2D5BCDF0-663C-8319-00F1-D76CC6C354FE}" = Catalyst Control Center Graphics Previews Vista
"{3248F0A8-6813-11D6-A77B-00B0D0160070}" = Java(TM) 6 Update 7
"{389D6438-7C5C-A81D-A38B-1A82CE0F440E}" = Catalyst Control Center Localization Chinese Traditional
"{3FC7CBBC4C1E11DCA1A752EA55D89593}" = DivX Version Checker
"{415B2719-AD3A-4944-B404-C472DB6085B3}" = Cisco EAP-FAST Module
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{5335DADB-34BA-4AE8-A519-648D78498846}" = Skype™ 5.3
"{54C7B05B-DCB8-7F70-5446-CE7DF004F367}" = CCC Help Japanese
"{56C049BE-79E9-4502-BEA7-9754A3E60F9B}" = neroxml
"{5812E6DA-9954-1915-9E98-3BB11924C1A4}" = CCC Help English
"{5DA8F6CD-C70E-39D8-8430-3D9808D6BD17}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30411
"{5E222767-9BFB-BDEA-8A10-2141C0447D84}" = Catalyst Control Center Graphics Full Existing
"{5EE7D259-D137-4438-9A5F-42F432EC0421}" = VC80CRTRedist - 8.0.50727.4053
"{63B9BAB5-F36A-4A3B-9E5C-68A7F212BFB9}" = TerraTec Home Cinema
"{669C7BD8-DAA2-49B6-966C-F1E2AAE6B17E}" = Cisco PEAP Module
"{6F06E141-1106-0881-BE93-003C099E72F3}" = Catalyst Control Center Localization Chinese Standard
"{70E8EBD5-78C9-4258-B20A-5098CCA000F0}" = Dolby Control Center
"{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}" = Microsoft Visual C++ 2005 Redistributable
"{7578ADEA-D65F-4C89-A249-B1C88B6FFC20}" = ICQ7.5
"{758C8301-2696-4855-AF45-534B1200980A}" = Samsung Kies
"{7748AC8C-18E3-43BB-959B-088FAEA16FB2}" = Nero StartSmart
"{7EC19307-7C22-47A8-922B-3FA965291260}" = OpenOffice.org 3.0
"{817DE62F-5787-43BB-8877-5F81FAE5A823}" = ACUBE UniSSOTray V1.0
"{82F913E9-BBF2-B8C0-6869-C7824B883329}" = ATI Catalyst Install Manager
"{83770D14-21B9-44B3-8689-F7B523F94560}" = Cisco LEAP Module
"{86D4B82A-ABED-442A-BE86-96357B70F4FE}" = Ask Toolbar
"{8833FFB6-5B0C-4764-81AA-06DFEED9A476}" = Realtek 8169 8168 8101E 8102E Ethernet Driver
"{8ADFC4160D694100B5B8A22DE9DCABD9}" = DivX Player
"{90120000-0015-0407-0000-0000000FF1CE}" = Microsoft Office Access MUI (German) 2007
"{90120000-0015-0407-0000-0000000FF1CE}_ENTERPRISE_{9BD40163-B95D-4B07-8991-0AB775B6D88B}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0016-0407-0000-0000000FF1CE}" = Microsoft Office Excel MUI (German) 2007
"{90120000-0016-0407-0000-0000000FF1CE}_ENTERPRISE_{9BD40163-B95D-4B07-8991-0AB775B6D88B}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0018-0407-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (German) 2007
"{90120000-0018-0407-0000-0000000FF1CE}_ENTERPRISE_{9BD40163-B95D-4B07-8991-0AB775B6D88B}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0019-0407-0000-0000000FF1CE}" = Microsoft Office Publisher MUI (German) 2007
"{90120000-0019-0407-0000-0000000FF1CE}_ENTERPRISE_{9BD40163-B95D-4B07-8991-0AB775B6D88B}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-001A-0407-0000-0000000FF1CE}" = Microsoft Office Outlook MUI (German) 2007
"{90120000-001A-0407-0000-0000000FF1CE}_ENTERPRISE_{9BD40163-B95D-4B07-8991-0AB775B6D88B}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-001B-0407-0000-0000000FF1CE}" = Microsoft Office Word MUI (German) 2007
"{90120000-001B-0407-0000-0000000FF1CE}_ENTERPRISE_{9BD40163-B95D-4B07-8991-0AB775B6D88B}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-001F-0407-0000-0000000FF1CE}" = Microsoft Office Proof (German) 2007
"{90120000-001F-0407-0000-0000000FF1CE}_ENTERPRISE_{A0516415-ED61-419A-981D-93596DA74165}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2007
"{90120000-001F-0409-0000-0000000FF1CE}_ENTERPRISE_{ABDDE972-355B-4AF1-89A8-DA50B7B5C045}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2007
"{90120000-001F-040C-0000-0000000FF1CE}_ENTERPRISE_{F580DDD5-8D37-4998-968E-EBB76BB86787}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-001F-0410-0000-0000000FF1CE}" = Microsoft Office Proof (Italian) 2007
"{90120000-001F-0410-0000-0000000FF1CE}_ENTERPRISE_{322296D4-1EAE-4030-9FBC-D2787EB25FA2}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-002C-0407-0000-0000000FF1CE}" = Microsoft Office Proofing (German) 2007
"{90120000-0030-0000-0000-0000000FF1CE}" = Microsoft Office Enterprise 2007
"{90120000-0030-0000-0000-0000000FF1CE}_ENTERPRISE_{0B36C6D6-F5D8-4EAF-BF94-4376A230AD5B}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0030-0000-0000-0000000FF1CE}_ENTERPRISE_{3D019598-7B59-447A-80AE-815B703B84FF}" = Security Update for Microsoft Office system 2007 (972581)
"{90120000-0044-0407-0000-0000000FF1CE}" = Microsoft Office InfoPath MUI (German) 2007
"{90120000-0044-0407-0000-0000000FF1CE}_ENTERPRISE_{9BD40163-B95D-4B07-8991-0AB775B6D88B}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-006E-0407-0000-0000000FF1CE}" = Microsoft Office Shared MUI (German) 2007
"{90120000-006E-0407-0000-0000000FF1CE}_ENTERPRISE_{26454C26-D259-4543-AA60-3189E09C5F76}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-00A1-0407-0000-0000000FF1CE}" = Microsoft Office OneNote MUI (German) 2007
"{90120000-00A1-0407-0000-0000000FF1CE}_ENTERPRISE_{9BD40163-B95D-4B07-8991-0AB775B6D88B}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-00BA-0407-0000-0000000FF1CE}" = Microsoft Office Groove MUI (German) 2007
"{90120000-00BA-0407-0000-0000000FF1CE}_ENTERPRISE_{9BD40163-B95D-4B07-8991-0AB775B6D88B}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90140000-2005-0000-0000-0000000FF1CE}" = Microsoft Office File Validation Add-In
"{9068B2BE-D93A-4C0A-861C-5E35E2C0E09E}" = Intel® Matrix Storage Manager
"{958DD4C6-4E8C-9E32-2292-EF9FF25E5C35}" = CCC Help Chinese Traditional
"{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
"{9E4C9080-C91E-253C-B51E-A81C9B96C10C}" = Catalyst Control Center InstallProxy
"{A3BE3F1E-2472-4211-8735-E8239BE49D9F}" = Ulead Burn.Now 4.5
"{A48A1D1C-307A-46F9-983E-9762863D15F1}" = GMX Toolbar MSVC100 CRT x86
"{A72D6F6E-81DA-9BF5-E193-7CD8DC28EB62}" = Catalyst Control Center Graphics Light
"{AC76BA86-7AD7-1033-7B44-A83000000003}" = Adobe Reader 8.3.1
"{AC76BA86-7AD7-5464-3428-800000000003}" = Spelling Dictionaries Support For Adobe Reader 8
"{B2EC4A38-B545-4A00-8214-13FE0E915E6D}" = Advertising Center
"{B56195ED-11C3-7F0D-4DE4-343D3BD57F3A}" = Catalyst Control Center Core Implementation
"{B6CF2967-C81E-40C0-9815-C05774FEF120}" = Skype Toolbars
"{B7050CBDB2504B34BC2A9CA0A692CC29}" = DivX Web Player
"{B744CE83-FAB5-A833-4446-E4CF437B5E69}" = Catalyst Control Center Localization Japanese
"{BD5CA0DA-71AD-43DA-B19E-6EEE0C9ADC9A}" = Nero ControlCenter
"{C7340571-7773-4A8C-9EBC-4E4243B38C76}" = Microsoft XML Parser
"{C81A2FE0-3574-00A9-CED4-BDAA334CBE8E}" = Nero Online Upgrade
"{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1
"{CEBB6BFB-D708-4F99-A633-BC2600E01EF6}" = Bluetooth Stack for Windows by Toshiba
"{D0795B21-0CDA-4a92-AB9E-6E92D8111E44}" = SAMSUNG USB Driver for Mobile Phones
"{D1504C77-1B19-4AF0-8DEC-946666123B55}" = CrazyTalk Cam Suite
"{d4471e5a-b76c-46a8-9631-edeb581c5ba9}" = Nero 9 Lite
"{DC24971E-1946-445D-8A82-CE685433FA7D}" = Realtek USB 2.0 Card Reader
"{E105ADD3-D412-3CB1-602C-07D791FDEE88}" = Skins
"{E5E80E00-F4B9-74DD-42ED-06D1789D5E22}" = ccc-core-static
"{E8A80433-302B-4FF1-815D-FCC8EAC482FF}" = Nero Installer
"{ED9C5D25-55DF-48D8-9328-2AC0D75DE5D8}" = System Control Manager
"{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver
"{FBF8AB14-5496-C04B-C3AE-B8860BFF61F4}" = Catalyst Control Center Graphics Full New
"{FF61E4BC-A243-AEFA-0602-103943FB93E3}" = ccc-utility
"{FF66E9F6-83E7-3A3E-AF14-8DE9A809A6A4}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022
"1&1 Mail & Media GmbH 1und1InternetExplorerAddon" = GMX Internet Explorer Addon
"1&1 Mail & Media GmbH 1und1Softwareaktualisierung" = GMX Softwareaktualisierung
"1&1 Mail & Media GmbH Toolbar FF" = GMX Toolbar für Mozilla Firefox
"1&1 Mail & Media GmbH Toolbar IE8" = GMX Toolbar für Internet Explorer
"7-Zip" = 7-Zip 4.65
"Adobe Flash Player ActiveX" = Adobe Flash Player 10 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 10 Plugin
"Audiograbber" = Audiograbber 1.83 SE 
"Avira AntiVir Desktop" = Avira AntiVir Personal - Free Antivirus
"Citavi" = Citavi 2.5
"CyberGhost VPN_is1" = CyberGhost VPN
"ENTERPRISE" = Microsoft Office Enterprise 2007
"Exact Audio Copy" = Exact Audio Copy 1.0beta2
"Firebird SQL Server D" = Firebird SQL Server - MAGIX Edition 2.0.0.1 (D)
"ICQToolbar" = ICQ Toolbar
"Install MAGIX Goya Base UK" = Install MAGIX Goya Base 1.0.2.0 (UK)
"InstallShield_{758C8301-2696-4855-AF45-534B1200980A}" = Samsung Kies
"InstallShield_{A3BE3F1E-2472-4211-8735-E8239BE49D9F}" = Ulead Burn.Now 4.5 SE
"IrfanView" = IrfanView (remove only)
"JAP" = JAP
"LastFM_is1" = Last.fm 1.5.4.27091
"MAGIX Foto Manager 2006 D" = MAGIX Foto Manager 2006 3.4.0.450 (D)
"MAGIX Goya Base D" = MAGIX Goya Base 1.3.1.2 (D)
"MAGIX Music Manager 2006 D" = MAGIX Music Manager 2006 7.4.0.438 (D)
"MAGIX Online Druck Service D" = MAGIX Online Druck Service 2.3.2.0 (D)
"Microsoft .NET Framework 3.5 Language Pack SP1 - deu" = Microsoft .NET Framework 3.5 Language Pack SP1 - DEU
"Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1
"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile
"Mozilla Firefox 6.0.2 (x86 de)" = Mozilla Firefox 6.0.2 (x86 de)
"OpenVPN" = OpenVPN 2.1_rc21
"Oxford Advanced Genie" = Oxford Advanced Genie
"Product_Name" = eText typeSmart
"ProInst" = Intel PROSet Wireless
"SearchAnonymizer" = SearchAnonymizer
"TeamViewer 4" = TeamViewer 4
"TippKönigin_is1" = TippKönigin 5.5
"VLC media player" = VLC media player 0.9.8a
"ZoneAlarm" = ZoneAlarm
 
========== HKEY_CURRENT_USER Uninstall List ==========
 
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"Dropbox" = Dropbox
 
========== Last 10 Event Log Errors ==========
 
[ Application Events ]
Error - 03.06.2010 12:32:11 | Computer Name = JulysLaptop | Source = Windows Search Service | ID = 3013
Description = 
 
Error - 03.06.2010 12:32:13 | Computer Name = JulysLaptop | Source = Windows Search Service | ID = 3013
Description = 
 
Error - 03.06.2010 12:32:14 | Computer Name = JulysLaptop | Source = Windows Search Service | ID = 3013
Description = 
 
Error - 03.06.2010 17:13:19 | Computer Name = JulysLaptop | Source = Windows Search Service | ID = 3010
Description = 
 
Error - 04.06.2010 02:34:04 | Computer Name = JulysLaptop | Source = Microsoft-Windows-CAPI2 | ID = 131083
Description = 
 
Error - 04.06.2010 02:34:08 | Computer Name = JulysLaptop | Source = WinMgmt | ID = 10
Description = 
 
Error - 04.06.2010 10:00:04 | Computer Name = JulysLaptop | Source = Microsoft-Windows-CAPI2 | ID = 131083
Description = 
 
Error - 04.06.2010 10:00:11 | Computer Name = JulysLaptop | Source = WinMgmt | ID = 10
Description = 
 
Error - 05.06.2010 12:09:56 | Computer Name = JulysLaptop | Source = Microsoft-Windows-CAPI2 | ID = 131083
Description = 
 
Error - 05.06.2010 12:10:00 | Computer Name = JulysLaptop | Source = WinMgmt | ID = 10
Description = 
 
[ OSession Events ]
Error - 03.01.2011 11:02:58 | Computer Name = JulysLaptop | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 0, Application Name: Microsoft Office Word, Application Version:
 12.0.6545.5000, Microsoft Office Version: 12.0.6425.1000. This session lasted 100700
 seconds with 22500 seconds of active time.  This session ended with a crash.
 
[ System Events ]
Error - 29.09.2011 11:46:19 | Computer Name = JulysLaptop | Source = BROWSER | ID = 8032
Description = 
 
Error - 29.09.2011 12:02:47 | Computer Name = JulysLaptop | Source = DCOM | ID = 10010
Description = 
 
Error - 30.09.2011 09:14:03 | Computer Name = JulysLaptop | Source = Service Control Manager | ID = 7022
Description = 
 
Error - 30.09.2011 09:17:34 | Computer Name = JulysLaptop | Source = Microsoft-Windows-LanguagePackSetup | ID = 1001
Description = 
 
Error - 30.09.2011 09:19:36 | Computer Name = JulysLaptop | Source = volsnap | ID = 393236
Description = Die Schattenkopien von Volume "D:" wurden aufgrund von einem fehlgeschlagenen
 Rechenvorgang bezüglich verfügbarem Speicher abgebrochen.
 
Error - 30.09.2011 09:21:01 | Computer Name = JulysLaptop | Source = Microsoft-Windows-WindowsUpdateClient | ID = 20
Description = 
 
Error - 30.09.2011 09:21:15 | Computer Name = JulysLaptop | Source = Microsoft-Windows-WindowsUpdateClient | ID = 20
Description = 
 
Error - 30.09.2011 09:23:36 | Computer Name = JulysLaptop | Source = Microsoft-Windows-WindowsUpdateClient | ID = 20
Description = 
 
Error - 30.09.2011 09:36:20 | Computer Name = JulysLaptop | Source = Service Control Manager | ID = 7022
Description = 
 
Error - 30.09.2011 09:38:56 | Computer Name = JulysLaptop | Source = Microsoft-Windows-LanguagePackSetup | ID = 1001
Description = 
 
 
< End of report >
         
--- --- ---


Dankeschön!!

Geändert von julianes (08.10.2011 um 18:25 Uhr)

Alt 09.10.2011, 03:49   #14
julianes
 
TR/Spy.Web.H und windows-virus w32/Indus.A - Standard

TR/Spy.Web.H und windows-virus w32/Indus.A



Hallo,

ich habe gerade meinen Laptop hochgefahren und jetzt auf einmal ist der ganze Desktop - der Hintergrund ist immer noch schwarz- voll mit word-Dokumenten, die ich auch öffnen kann. Auch die icons für Outlook, Firefox, icq, der Ordner 'eigene Dateien', und noch ein paar mehr sind wieder auf dem Desktop.
Die word-Dokumente hatte ich jedoch vorher nicht auf dem Desktop liegen gehabt.

Viele Grüße,
Juliane

Alt 10.10.2011, 06:48   #15
kira
/// Helfer-Team
 
TR/Spy.Web.H und windows-virus w32/Indus.A - Standard

TR/Spy.Web.H und windows-virus w32/Indus.A



1.
Zitat:
Falls treten folgende Symptome auf:
Ordner sind leer, unter Startmenü Programme fehlen etc., dieses Tool bietet dir die Lösung:
<Achtung!>: Wenn Dateien etc, die absichtlich von Dir verborgen waren, also unter eigenschaften versteckt eingestellt hast, musst Du wieder auszublenden, nachdem das Tool ausgeführt wird.

Zitat:
Alles wieder sichtbar? Bitte kontrolliere es und berichte mir genau über den Zustand!
2.
TDSSKiller von Kaspersky
  • Lade den TDSSKiller und entpacke das Archiv auf Deinen Desktop.
  • Vergewissere Dich, dass die TDSSKiller.exe direkt auf dem Desktop liegt (nicht in einem Ordner auf dem Desktop).
  • deaktiviere vorübergehend dein AntiVirus-Programm
  • Starte die TDSSKiller.exe durch Doppelklick.
  • Nach Beendigung der Arbeit schlägt das Tool vor, das System neu zu starten.
    Bestätige das ggfs. mit Y(es).
    Beim Hochfahren des Systems führt der Treiber alle geplanten Operationen aus löscht sich danach.
  • Poste mir den Inhalt von C:\TDSSKiller<random>.txt hier in den Thread.
Hier findest Du eine ausführlichere Anleitung.

3.
Alte Logfiles löschen!
erneut einen Scan mit OTL:
  • Doppelklick auf die OTL.exe
  • Vista und Windows 7 User: Rechtsklick auf die OTL.exe und "als Administrator ausführen" wählen.
  • Oben findest Du ein Kästchen mit Ausgabe.
    Wähle bitte Standard-Ausgabe
  • Unter Extra-Registrierung wähle bitte Benutze SafeList.
  • Mache Häckchen bei LOP- und Purity-Prüfung.
  • Klicke nun auf Scan links oben.
  • Wenn der Scan beendet wurde werden zwei Logfiles erstellt.
    Du findest die Logfiles auf Deinem Desktop => OTL.txt und Extras.txt
  • Poste die Logfiles in Code-Tags hier in den Thread.
__________________

Warnung!:
Vorsicht beim Rechnungen per Email mit ZIP-Datei als Anhang! Kann mit einen Verschlüsselungs-Trojaner infiziert sein!
Anhang nicht öffnen, in unserem Forum erst nachfragen!

Sichere regelmäßig deine Daten, auf CD/DVD, USB-Sticks oder externe Festplatten, am besten 2x an verschiedenen Orten!
Bitte diese Warnung weitergeben, wo Du nur kannst!

Antwort

Themen zu TR/Spy.Web.H und windows-virus w32/Indus.A
ahnung, appdata, befall, bildschirm, dateien, ebenfalls, email, frage, fragen, fragen zum lösungsweg, guten, heute, infiziert, laptop, microsoft, pcs, problem, probleme, quarantäne, rechner, roaming, schwarzer bildschirm, tr/spy.web.h, voll, woche, worte



Ähnliche Themen: TR/Spy.Web.H und windows-virus w32/Indus.A


  1. Zombie News Virus / Windows Version Installer - Windows 7
    Log-Analyse und Auswertung - 21.12.2014 (1)
  2. Alter laptop Windows vista sp2 32bit: (vermutlich)virus blockt Windows services und einige Internet verbindungen
    Log-Analyse und Auswertung - 04.11.2014 (3)
  3. Windows 7: Avira meldet Boo/ cidox.b virus und Windows ist nicht mehr aktiviert
    Log-Analyse und Auswertung - 20.10.2014 (15)
  4. Windows 8, Windows PC-Repair Virus und wohl noch andere
    Log-Analyse und Auswertung - 07.05.2014 (27)
  5. MalCrypt.Indus! / Telekom "Rechnung"
    Log-Analyse und Auswertung - 22.01.2014 (9)
  6. Windows 7 Meldung Win32/Small-CA Virus entfernen, AntiVir findet nichts, Windows Update und Defender funktionieren nicht mehr
    Log-Analyse und Auswertung - 20.11.2013 (15)
  7. Windows 7: Pup Virus
    Log-Analyse und Auswertung - 17.08.2013 (13)
  8. GUV Virus auf windows 7
    Log-Analyse und Auswertung - 03.03.2013 (3)
  9. GUV Virus Windows XP
    Plagegeister aller Art und deren Bekämpfung - 22.01.2013 (3)
  10. Windows XP Home und Windows Update Virus
    Plagegeister aller Art und deren Bekämpfung - 26.09.2012 (5)
  11. Windows 7 (64bit) Virus/Trojaner (evtl. Windows Verschlüsselungs Trojaner)
    Plagegeister aller Art und deren Bekämpfung - 07.05.2012 (19)
  12. Windows System blockiert - Virus Windows Vista
    Log-Analyse und Auswertung - 17.02.2012 (13)
  13. Windows gesperrt - Virus Windows Vista
    Log-Analyse und Auswertung - 15.02.2012 (37)
  14. TR/Spy.Web.H und windows-virus w32/Indus.A, schwarzer Bildschirm, scheinbar alle Dateien weg
    Log-Analyse und Auswertung - 01.10.2011 (6)
  15. C:\WINDOWS\system32\IE.exe möglicherweise unbekannter Virus NewHeur_PE Virus
    Plagegeister aller Art und deren Bekämpfung - 10.12.2010 (19)
  16. Windows Update und Windows Gadgets durch Virus blockiert
    Plagegeister aller Art und deren Bekämpfung - 01.10.2010 (19)
  17. Windows Update und Windows Gadgets durch Virus blockiert
    Mülltonne - 16.09.2010 (2)

Zum Thema TR/Spy.Web.H und windows-virus w32/Indus.A - Guten Tag, ich glaube ich habe exakt das gleiche Problem wie 'Bitterschoki', welches hier unter dem Titel: *"TR/Spy.Web.H und windows-virus w32/Indus.A, schwarzer Bildschirm, scheinbar alle Dateien weg" zu finden ist. - TR/Spy.Web.H und windows-virus w32/Indus.A...
Archiv
Du betrachtest: TR/Spy.Web.H und windows-virus w32/Indus.A auf Trojaner-Board

Search Engine Optimization by vBSEO ©2011, Crawlability, Inc.