Zurück   Trojaner-Board > Malware entfernen > Plagegeister aller Art und deren Bekämpfung
Security Shield Befall

Security Shield Befall


Plagegeister aller Art und deren Bekämpfung: Security Shield Befall

Windows 7 Wenn Du nicht sicher bist, ob Du dir Malware oder Trojaner eingefangen hast, erstelle hier ein Thema. Ein Experte wird sich mit weiteren Anweisungen melden und Dir helfen die Malware zu entfernen oder Unerwünschte Software zu deinstallieren bzw. zu löschen. Bitte schildere dein Problem so genau wie möglich. Sollte es ein Trojaner oder Viren Problem sein wird ein Experte Dir bei der Beseitigug der Infektion helfen.

 
Vorheriger Beitrag Vorheriger Beitrag   Nächster Beitrag Nächster Beitrag
Alt 31.08.2012, 17:00   #1
Seprom
 
Security Shield Befall - Standard

Security Shield Befall


Hallo zusammen,

ich habe mir wohl gestern Abend, durch einen Klick auf einen Suchvorschlag von Google, "My Security Shield" via Drive-by-Installation eingefangen. Zumindest glichen die Symptome den hier (http://www.trojaner-board.de/119340-...d-inaktiv.html) und hier (http://www.trojaner-board.de/89160-m...entfernen.html) beschriebenen.

Ich habe dann auch, nach mehrmaligem Neustart, eine exe-Datei im Verzeichnis "C:\Users\Roman\AppData\Local" gefunden, die just zu dieser Zeit erstellt wurde (die Datei: prdvjrqga.exe). Diese habe ich dann mit einem vorgestellten Unterstrich versehen um ein Aufrufen zu verhindern/erschweren. Daraufhin waren die Pop-ups unterbunden und ich habe Malwarebytes neu installiert und einen vollen Scan durchgeführt.

Code:
ATTFilter
Malwarebytes Anti-Malware 1.62.0.1300
www.malwarebytes.org

Datenbank Version: v2012.08.30.06

Windows Vista Service Pack 2 x86 NTFS
Internet Explorer 8.0.6001.19298
Roman :: 6720S-RV [Administrator]

31.08.2012 00:12:31
mbam-log-2012-08-31 (00-12-31).txt

Art des Suchlaufs: Vollständiger Suchlauf (C:\|E:\|F:\|)
Aktivierte Suchlaufeinstellungen: Speicher | Autostart | Registrierung | Dateisystem | Heuristiks/Extra | HeuristiKs/Shuriken | PUP | PUM
Deaktivierte Suchlaufeinstellungen: P2P
Durchsuchte Objekte: 375979
Laufzeit: 3 Stunde(n), 17 Minute(n), 37 Sekunde(n)

Infizierte Speicherprozesse: 0
(Keine bösartigen Objekte gefunden)

Infizierte Speichermodule: 0
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungsschlüssel: 0
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungswerte: 0
(Keine bösartigen Objekte gefunden)

Infizierte Dateiobjekte der Registrierung: 0
(Keine bösartigen Objekte gefunden)

Infizierte Verzeichnisse: 0
(Keine bösartigen Objekte gefunden)

Infizierte Dateien: 0
(Keine bösartigen Objekte gefunden)

(Ende)
Ich habe jetzt noch, wie empfohlen, OTL runtergeladen und einen Quickscan gemacht. Hier die logs:

Code:
ATTFilter
OTL logfile created on: 31.08.2012 17:12:22 - Run 1
OTL by OldTimer - Version 3.2.59.1     Folder = C:\Users\Roman\Downloads
Windows Vista Business Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.19298)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
 
1,99 Gb Total Physical Memory | 1,21 Gb Available Physical Memory | 60,97% Memory free
4,22 Gb Paging File | 2,95 Gb Available in Paging File | 69,99% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 102,28 Gb Total Space | 23,72 Gb Free Space | 23,19% Space Free | Partition Type: NTFS
Drive E: | 1,55 Gb Total Space | 1,32 Gb Free Space | 84,89% Space Free | Partition Type: NTFS
Drive F: | 7,95 Gb Total Space | 0,98 Gb Free Space | 12,34% Space Free | Partition Type: NTFS
 
Computer Name: 6720S-RV | User Name: Roman | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days
 
========== Processes (SafeList) ==========
 
PRC - [2012.08.31 17:10:36 | 000,598,528 | ---- | M] (OldTimer Tools) -- C:\Users\Roman\Downloads\OTL.exe
PRC - [2012.08.08 13:06:44 | 000,348,664 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Programme\Avira\AntiVir Desktop\avgnt.exe
PRC - [2012.07.16 16:31:32 | 002,673,064 | ---- | M] (TeamViewer GmbH) -- C:\Programme\TeamViewer\Version7\TeamViewer_Service.exe
PRC - [2012.07.03 13:46:44 | 000,655,944 | ---- | M] (Malwarebytes Corporation) -- C:\Programme\Malwarebytes' Anti-Malware\mbamservice.exe
PRC - [2012.07.03 13:46:44 | 000,462,920 | ---- | M] (Malwarebytes Corporation) -- C:\Programme\Malwarebytes' Anti-Malware\mbamgui.exe
PRC - [2012.05.24 20:39:22 | 027,112,840 | ---- | M] (Dropbox, Inc.) -- C:\Users\Roman\AppData\Roaming\Dropbox\bin\Dropbox.exe
PRC - [2012.05.08 19:57:03 | 000,086,224 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Programme\Avira\AntiVir Desktop\sched.exe
PRC - [2012.05.08 19:57:02 | 000,110,032 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Programme\Avira\AntiVir Desktop\avguard.exe
PRC - [2012.05.08 19:57:02 | 000,080,336 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Programme\Avira\AntiVir Desktop\avshadow.exe
PRC - [2012.04.04 07:53:50 | 000,063,928 | ---- | M] (Adobe Systems Incorporated) -- C:\Programme\Common Files\Adobe\ARM\1.0\armsvc.exe
PRC - [2010.12.10 19:30:50 | 000,086,880 | ---- | M] (Microsoft Corporation) -- c:\Programme\Microsoft SQL Server\90\Shared\sqlwriter.exe
PRC - [2010.12.10 19:29:30 | 000,238,944 | ---- | M] (Microsoft Corporation) -- c:\Programme\Microsoft SQL Server\90\Shared\sqlbrowser.exe
PRC - [2010.08.19 10:52:14 | 000,241,664 | ---- | M] (Huawei Technologies Co., Ltd.) -- C:\ProgramData\DatacardService\DCSHelper.exe
PRC - [2010.08.19 10:52:04 | 000,229,376 | ---- | M] () -- C:\ProgramData\DatacardService\DCService.exe
PRC - [2009.08.18 11:29:22 | 001,529,728 | ---- | M] (Microsoft Corporation) -- C:\Programme\Common Files\microsoft shared\Windows Live\WLIDSVC.EXE
PRC - [2009.08.18 11:29:22 | 000,183,152 | ---- | M] (Microsoft Corporation) -- C:\Programme\Common Files\microsoft shared\Windows Live\WLIDSVCM.EXE
PRC - [2009.04.11 08:28:03 | 001,233,920 | ---- | M] (Microsoft Corporation) -- C:\Programme\Windows Sidebar\sidebar.exe
PRC - [2009.04.11 08:27:36 | 002,926,592 | ---- | M] (Microsoft Corporation) -- C:\Windows\explorer.exe
PRC - [2008.03.18 17:27:12 | 000,013,312 | ---- | M] (Agere Systems) -- C:\Windows\System32\agrsmsvc.exe
PRC - [2008.01.19 09:38:38 | 001,008,184 | ---- | M] (Microsoft Corporation) -- C:\Programme\Windows Defender\MSASCui.exe
PRC - [2008.01.16 10:51:44 | 000,030,312 | ---- | M] (Microsoft Corporation) -- C:\Programme\Microsoft Small Business\Business Contact Manager\BcmSqlStartupSvc.exe
PRC - [2007.06.06 15:34:02 | 000,715,912 | ---- | M] () -- C:\Windows\SMINST\Scheduler.exe
PRC - [2007.03.29 13:11:50 | 000,719,664 | ---- | M] (Broadcom Corporation.) -- C:\Programme\WIDCOMM\Bluetooth Software\BTTray.exe
PRC - [2007.02.06 08:44:24 | 000,069,632 | ---- | M] (Andrea Electronics Corporation) -- C:\Windows\System32\AEADISRV.EXE
PRC - [2007.01.09 16:52:36 | 000,145,184 | ---- | M] (Hewlett-Packard Development Company, L.P.) -- C:\Programme\Hewlett-Packard\HP ProtectTools Security Manager\pthosttr.exe
PRC - [2007.01.04 19:48:52 | 000,112,152 | R--- | M] (InterVideo) -- C:\Programme\Common Files\InterVideo\RegMgr\iviRegMgr.exe
 
 
========== Modules (No Company Name) ==========
 
MOD - [2009.07.02 00:46:06 | 000,093,696 | ---- | M] () -- C:\Programme\FileZilla FTP Client\fzshellext.dll
MOD - [2007.08.24 14:28:04 | 000,249,856 | ---- | M] () -- C:\Windows\System32\igfxTMM.dll
MOD - [2007.06.08 10:05:38 | 000,274,432 | ---- | M] () -- C:\Windows\System32\flcdlmsg.dll
MOD - [2007.06.06 15:34:02 | 000,715,912 | ---- | M] () -- C:\Windows\SMINST\Scheduler.exe
MOD - [2007.03.29 13:02:48 | 000,126,976 | ---- | M] () -- C:\Programme\WIDCOMM\Bluetooth Software\BTKeyInd.dll
MOD - [2007.03.29 12:42:38 | 000,389,120 | ---- | M] () -- C:\Windows\System32\btwhidcs.dll
MOD - [2007.02.15 17:37:00 | 000,446,464 | ---- | M] () -- C:\Windows\SMINST\naspp.dll
 
 
========== Services (SafeList) ==========
 
SRV - [2012.08.31 01:20:03 | 000,114,144 | ---- | M] (Mozilla Foundation) [On_Demand | Stopped] -- C:\Programme\Mozilla Maintenance Service\maintenanceservice.exe -- (MozillaMaintenance)
SRV - [2012.08.22 20:22:59 | 000,250,568 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\Windows\System32\Macromed\Flash\FlashPlayerUpdateService.exe -- (AdobeFlashPlayerUpdateSvc)
SRV - [2012.07.16 16:31:32 | 002,673,064 | ---- | M] (TeamViewer GmbH) [Auto | Running] -- C:\Programme\TeamViewer\Version7\TeamViewer_Service.exe -- (TeamViewer7)
SRV - [2012.07.03 13:46:44 | 000,655,944 | ---- | M] (Malwarebytes Corporation) [Auto | Running] -- C:\Programme\Malwarebytes' Anti-Malware\mbamservice.exe -- (MBAMService)
SRV - [2012.07.03 13:19:28 | 000,160,944 | R--- | M] (Skype Technologies) [Auto | Stopped] -- C:\Programme\Skype\Updater\Updater.exe -- (SkypeUpdate)
SRV - [2012.05.08 19:57:03 | 000,086,224 | ---- | M] (Avira Operations GmbH & Co. KG) [Auto | Running] -- C:\Programme\Avira\AntiVir Desktop\sched.exe -- (AntiVirSchedulerService)
SRV - [2012.05.08 19:57:02 | 000,110,032 | ---- | M] (Avira Operations GmbH & Co. KG) [Auto | Running] -- C:\Programme\Avira\AntiVir Desktop\avguard.exe -- (AntiVirService)
SRV - [2012.04.04 07:53:50 | 000,063,928 | ---- | M] (Adobe Systems Incorporated) [Auto | Running] -- C:\Programme\Common Files\Adobe\ARM\1.0\armsvc.exe -- (AdobeARMservice)
SRV - [2011.07.20 05:18:24 | 000,440,696 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Programme\Common Files\microsoft shared\OFFICE12\ODSERV.EXE -- (odserv)
SRV - [2010.12.10 19:30:50 | 000,086,880 | ---- | M] (Microsoft Corporation) [Auto | Running] -- c:\Programme\Microsoft SQL Server\90\Shared\sqlwriter.exe -- (SQLWriter)
SRV - [2010.12.10 19:29:30 | 029,293,408 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- c:\Programme\Microsoft SQL Server\MSSQL.1\MSSQL\Binn\sqlservr.exe -- (MSSQL$MSSMLBIZ)
SRV - [2010.12.10 19:29:30 | 000,238,944 | ---- | M] (Microsoft Corporation) [Auto | Running] -- c:\Programme\Microsoft SQL Server\90\Shared\sqlbrowser.exe -- (SQLBrowser)
SRV - [2010.12.10 19:29:30 | 000,044,384 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- c:\Programme\Microsoft SQL Server\90\Shared\sqladhlp90.exe -- (MSSQLServerADHelper)
SRV - [2010.08.19 10:52:04 | 000,229,376 | ---- | M] () [Auto | Running] -- C:\ProgramData\DatacardService\DCService.exe -- (DCService.exe)
SRV - [2009.08.18 11:29:22 | 001,529,728 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Programme\Common Files\microsoft shared\Windows Live\WLIDSVC.EXE -- (wlidsvc)
SRV - [2008.03.18 17:27:12 | 000,013,312 | ---- | M] (Agere Systems) [Auto | Running] -- C:\Windows\System32\agrsmsvc.exe -- (AgereModemAudio)
SRV - [2008.01.19 09:38:24 | 000,272,952 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Programme\Windows Defender\MpSvc.dll -- (WinDefend)
SRV - [2008.01.19 09:33:39 | 000,896,512 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Programme\Windows Media Player\wmpnetwk.exe -- (WMPNetworkSvc)
SRV - [2008.01.16 10:51:44 | 000,030,312 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Programme\Microsoft Small Business\Business Contact Manager\BcmSqlStartupSvc.exe -- (BcmSqlStartupSvc)
SRV - [2007.06.08 10:06:42 | 000,172,131 | R--- | M] (Hewlett-Packard Ltd) [On_Demand | Stopped] -- C:\Windows\System32\flcdlock.exe -- (FLCDLOCK)
SRV - [2007.03.05 11:30:06 | 000,110,592 | ---- | M] (Hewlett-Packard Development Company, L.P.) [On_Demand | Stopped] -- C:\Programme\Hewlett-Packard\HP Quick Launch Buttons\Com4Qlb.exe -- (Com4Qlb)
SRV - [2007.02.06 08:44:24 | 000,069,632 | ---- | M] (Andrea Electronics Corporation) [Auto | Running] -- C:\Windows\System32\AEADISRV.EXE -- (AEADIFilters)
SRV - [2007.01.04 19:48:52 | 000,112,152 | R--- | M] (InterVideo) [Auto | Running] -- C:\Programme\Common Files\InterVideo\RegMgr\iviRegMgr.exe -- (IviRegMgr)
SRV - [2006.10.26 15:03:08 | 000,145,184 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Programme\Common Files\microsoft shared\Source Engine\OSE.EXE -- (ose)
 
 
========== Driver Services (SafeList) ==========
 
DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\nwlnkfwd.sys -- (NwlnkFwd)
DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\nwlnkflt.sys -- (NwlnkFlt)
DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\ipinip.sys -- (IpInIp)
DRV - File not found [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\blbdrive.sys -- (blbdrive)
DRV - [2012.07.03 13:46:44 | 000,022,344 | ---- | M] (Malwarebytes Corporation) [File_System | On_Demand | Running] -- C:\Windows\System32\drivers\mbam.sys -- (MBAMProtector)
DRV - [2012.05.08 19:57:03 | 000,137,928 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\Windows\System32\drivers\avipbb.sys -- (avipbb)
DRV - [2012.05.08 19:57:03 | 000,083,392 | ---- | M] (Avira GmbH) [File_System | Auto | Running] -- C:\Windows\System32\drivers\avgntflt.sys -- (avgntflt)
DRV - [2011.10.19 17:56:15 | 000,036,000 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\Windows\System32\drivers\avkmgr.sys -- (avkmgr)
DRV - [2010.08.27 13:53:46 | 000,116,736 | ---- | M] (Huawei Technologies Co., Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\ewusbnet.sys -- (ewusbnet)
DRV - [2010.08.07 17:48:42 | 000,106,880 | ---- | M] (Huawei Technologies Co., Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\ewusbmdm.sys -- (hwdatacard)
DRV - [2010.07.27 15:25:48 | 000,072,832 | ---- | M] (Huawei Technologies Co., Ltd.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\ew_jubusenum.sys -- (huawei_enumerator)
DRV - [2010.07.27 09:52:02 | 000,102,784 | ---- | M] (Huawei Technologies Co., Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\ew_hwusbdev.sys -- (ew_hwusbdev)
DRV - [2010.07.27 08:14:58 | 006,842,464 | ---- | M] (Logitech Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\lvuvc.sys -- (LVUVC)
DRV - [2010.07.27 08:12:50 | 000,282,336 | ---- | M] (Logitech Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\lvrs.sys -- (LVRS)
DRV - [2010.07.27 08:12:26 | 000,114,784 | ---- | M] (Logitech Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\lvpopflt.sys -- (lvpopflt)
DRV - [2010.06.17 16:14:27 | 000,028,520 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\Windows\System32\drivers\ssmdrv.sys -- (ssmdrv)
DRV - [2010.03.11 11:17:14 | 000,025,088 | ---- | M] (TeamViewer GmbH) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\teamviewervpn.sys -- (teamviewervpn)
DRV - [2009.08.24 10:14:30 | 000,044,544 | ---- | M] (AzureWave Technologies, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\azvusb.sys -- (azvusb)
DRV - [2008.12.05 07:55:40 | 000,217,728 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\e1e6032.sys -- (e1express)
DRV - [2008.11.21 21:53:40 | 001,204,128 | ---- | M] (Agere Systems) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\AGRSM.sys -- (AgereSoftModem)
DRV - [2008.11.17 16:40:22 | 003,668,480 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\NETw5v32.sys -- (NETw5v32)
DRV - [2008.10.09 16:42:42 | 000,017,408 | ---- | M] (Windows (R) Codename Longhorn DDK provider) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\KMWDFILTER.sys -- (KMWDFILTER)
DRV - [2008.03.29 17:36:28 | 000,125,328 | ---- | M] (Deterministic Networks, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\System32\drivers\dne2000.sys -- (DNE)
DRV - [2007.10.12 03:00:44 | 000,041,752 | ---- | M] (Logitech Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\LVUSBSta.sys -- (LVUSBSta)
DRV - [2007.10.12 02:56:22 | 000,490,776 | ---- | M] (Logitech Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\LV561AV.SYS -- (PID_0928)
DRV - [2007.09.14 17:42:04 | 002,222,080 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\NETw4v32.sys -- (NETw4v32)
DRV - [2007.06.18 16:12:04 | 000,016,768 | ---- | M] (Hewlett-Packard Development Company, L.P.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\HpqKbFiltr.sys -- (HpqKbFiltr)
DRV - [2007.06.08 09:49:46 | 000,030,008 | R--- | M] (Hewlett-Packard Development Company L.P.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\DAMDrv.sys -- (DAMDrv)
DRV - [2007.01.29 20:20:04 | 000,361,728 | ---- | M] (eMPIA Technology, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\emBDA.sys -- (USB28xxBGA)
DRV - [2007.01.29 20:19:48 | 000,039,680 | ---- | M] (eMPIA Technology, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\emOEM.sys -- (USB28xxOEM)
DRV - [2007.01.18 17:28:02 | 000,005,275 | ---- | M] (Cisco Systems, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\CVirtA.sys -- (CVirtA)
DRV - [2006.11.02 09:36:43 | 002,028,032 | ---- | M] (ATI Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\atikmdag.sys -- (R300)
DRV - [2006.11.02 09:30:53 | 000,045,056 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\bcm4sbxp.sys -- (bcm4sbxp)
DRV - [2006.11.02 03:50:52 | 000,128,104 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\System32\drivers\WimFltr.sys -- (WimFltr)
DRV - [2006.06.28 11:54:00 | 000,009,472 | ---- | M] (Hewlett-Packard Development Company, L.P.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\CPQBttn.sys -- (HBtnKey)
 
 
========== Standard Registry (SafeList) ==========
 
 
========== Internet Explorer ==========
 
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=DE_DE&c=74&bd=smb&pf=laptop
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=DE_DE&c=74&bd=smb&pf=laptop
IE - HKLM\..\SearchScopes,DefaultScope = {2B837857-67A1-4C72-9DB1-2D2A378C9A78}
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://search.live.com/results.aspx?q={searchTerms}&src={referrer:source?}
IE - HKLM\..\SearchScopes\{2B837857-67A1-4C72-9DB1-2D2A378C9A78}: "URL" = hxxp://slirsredirect.search.aol.com/slirs_http/sredir?sredir=1145&query={searchTerms}&invocationType=tb50hpcmnbie7-de-de
 
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = about:blank
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,StartPageCache = 1
IE - HKCU\..\SearchScopes,DefaultScope = {D60D28A7-939B-4DA6-A7F2-7FD457008A6B}
IE - HKCU\..\SearchScopes\{0579B8E0-5480-4051-A82C-8636BF5C2F2B}: "URL" = hxxp://search.ebay.de/search/search.dll?satitle={searchTerms}
IE - HKCU\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://search.live.com/results.aspx?q={searchTerms}&src=IE-SearchBox&Form=IE8SRC
IE - HKCU\..\SearchScopes\{169537B5-61AE-469C-BB97-83FD10990702}: "URL" = hxxp://www.amazon.de/gp/search?search-alias=aps&field-keywords={searchTerms}
IE - HKCU\..\SearchScopes\{2B837857-67A1-4C72-9DB1-2D2A378C9A78}: "URL" = hxxp://slirsredirect.search.aol.com/slirs_http/sredir?sredir=1145&query={searchTerms}&invocationType=tb50hpcmnbie7-de-de
IE - HKCU\..\SearchScopes\{4C6E59F8-C3A3-48C7-AA8E-C321635D00E4}: "URL" = hxxp://de.wikipedia.org/wiki/Spezial:Search?search={searchTerms}
IE - HKCU\..\SearchScopes\{6247DA3A-9DCB-4910-A6D3-9BB1D862BB58}: "URL" = hxxp://de.search.yahoo.com/search?p={searchTerms}
IE - HKCU\..\SearchScopes\{D60D28A7-939B-4DA6-A7F2-7FD457008A6B}: "URL" = hxxp://www.google.de/search?q={searchTerms}
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
========== FireFox ==========
 
FF - prefs.js..browser.search.useDBForOrder: true
FF - prefs.js..browser.startup.homepage: "about:home"
FF - user.js - File not found
 
FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF32_11_4_402_265.dll ()
FF - HKLM\Software\MozillaPlugins\@divx.com/DivX Browser Plugin,version=1.0.0: C:\Program Files\DivX\DivX Web Player\npdivx32.dll (DivX,Inc.)
FF - HKLM\Software\MozillaPlugins\@Google.com/GoogleEarthPlugin: C:\Program Files\Google\Google Earth\plugin\npgeplugin.dll (Google)
FF - HKLM\Software\MozillaPlugins\@google.com/npPicasa3,version=3.0.0: C:\Program Files\Google\Picasa3\npPicasa3.dll (Google, Inc.)
FF - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.5.1: C:\Windows\system32\npdeployJava1.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files\Oracle\JavaFX 2.1 Runtime\bin\plugin2\npjp2.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=10.5.1: C:\Program Files\Oracle\JavaFX 2.1 Runtime\bin\plugin2\npjp2.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files\Microsoft Silverlight\5.1.10411.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeLive,version=1.5: C:\Program Files\Microsoft\Office Live\npOLW.dll (Microsoft Corp.)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files\Google\Update\1.3.21.115\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files\Google\Update\1.3.21.115\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@videolan.org/vlc,version=2.0.3: C:\Program Files\VideoLAN\VLC\npvlc.dll (VideoLAN)
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF - HKCU\Software\MozillaPlugins\@talk.google.com/GoogleTalkPlugin: C:\Users\Roman\AppData\Roaming\Mozilla\plugins\npgoogletalk.dll (Google)
FF - HKCU\Software\MozillaPlugins\@talk.google.com/O3DPlugin: C:\Users\Roman\AppData\Roaming\Mozilla\plugins\npgtpo3dautoplugin.dll ()
FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Users\Roman\AppData\Local\Google\Update\1.3.21.115\npGoogleUpdate3.dll (Google Inc.)
FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Users\Roman\AppData\Local\Google\Update\1.3.21.115\npGoogleUpdate3.dll (Google Inc.)
 
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{000a9d1c-beef-4f90-9363-039d445309b8}: C:\Program Files\Google\Google Gears\Firefox\ [2010.03.05 14:29:36 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\smartwebprinting@hp.com: C:\Program Files\HP\Digital Imaging\Smart Web Printing\MozillaAddOn2 [2011.01.06 15:43:02 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 15.0\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2012.08.31 01:20:05 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 15.0\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2012.08.06 16:06:04 | 000,000,000 | ---D | M]
FF - HKEY_CURRENT_USER\software\mozilla\Firefox\Extensions\\smartwebprinting@hp.com: C:\Program Files\HP\Digital Imaging\Smart Web Printing\MozillaAddOn2 [2011.01.06 15:43:02 | 000,000,000 | ---D | M]
FF - HKEY_CURRENT_USER\software\mozilla\Mozilla Firefox 15.0\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2012.08.31 01:20:05 | 000,000,000 | ---D | M]
FF - HKEY_CURRENT_USER\software\mozilla\Mozilla Firefox 15.0\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2012.08.06 16:06:04 | 000,000,000 | ---D | M]
 
[2012.04.18 13:36:54 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Roman\AppData\Roaming\mozilla\Extensions
[2012.08.30 17:06:25 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Roman\AppData\Roaming\mozilla\Firefox\Profiles\m4f927su.default\extensions
[2012.04.18 13:59:15 | 000,000,000 | ---D | M] (German Dictionary) -- C:\Users\Roman\AppData\Roaming\mozilla\Firefox\Profiles\m4f927su.default\extensions\de-DE@dictionaries.addons.mozilla.org
[2012.04.18 13:59:34 | 000,000,000 | ---D | M] (British English Dictionary) -- C:\Users\Roman\AppData\Roaming\mozilla\Firefox\Profiles\m4f927su.default\extensions\en-GB@dictionaries.addons.mozilla.org
[2012.04.18 14:10:35 | 000,001,692 | ---- | M] () -- C:\Users\Roman\AppData\Roaming\Mozilla\Firefox\Profiles\m4f927su.default\searchplugins\alle-preise---guenstigerde.xml
[2012.08.19 20:32:45 | 000,012,703 | ---- | M] () -- C:\Users\Roman\AppData\Roaming\Mozilla\Firefox\Profiles\m4f927su.default\searchplugins\imdb.xml
[2012.04.18 14:06:26 | 000,002,322 | ---- | M] () -- C:\Users\Roman\AppData\Roaming\Mozilla\Firefox\Profiles\m4f927su.default\searchplugins\openthesaurus.xml
[2012.04.18 14:02:19 | 000,002,006 | ---- | M] () -- C:\Users\Roman\AppData\Roaming\Mozilla\Firefox\Profiles\m4f927su.default\searchplugins\urban-dictionary.xml
[2012.04.18 14:02:41 | 000,001,330 | ---- | M] () -- C:\Users\Roman\AppData\Roaming\Mozilla\Firefox\Profiles\m4f927su.default\searchplugins\wikipedia-en.xml
[2012.04.18 14:02:55 | 000,002,446 | ---- | M] () -- C:\Users\Roman\AppData\Roaming\Mozilla\Firefox\Profiles\m4f927su.default\searchplugins\wiktionary-de.xml
[2012.04.18 14:01:58 | 000,001,997 | ---- | M] () -- C:\Users\Roman\AppData\Roaming\Mozilla\Firefox\Profiles\m4f927su.default\searchplugins\wolframalpha.xml
[2012.04.22 21:15:19 | 000,002,057 | ---- | M] () -- C:\Users\Roman\AppData\Roaming\Mozilla\Firefox\Profiles\m4f927su.default\searchplugins\youtube-videosuche.xml
[2012.08.06 16:18:31 | 000,000,000 | ---D | M] (No name found) -- C:\Programme\Mozilla Firefox\extensions
[2012.08.31 01:20:04 | 000,266,720 | ---- | M] (Mozilla Foundation) -- C:\Program Files\mozilla firefox\components\browsercomps.dll
[2012.07.14 02:45:08 | 000,001,392 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\amazondotcom-de.xml
[2012.08.31 01:20:01 | 000,002,465 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\bing.xml
[2012.07.14 02:45:08 | 000,001,153 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\eBay-de.xml
[2012.07.14 02:45:08 | 000,006,805 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\leo_ende_de.xml
[2012.07.14 02:45:08 | 000,001,178 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\wikipedia-de.xml
[2012.07.14 02:45:07 | 000,001,105 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\yahoo-de.xml
 
========== Chrome  ==========
 
CHR - default_search_provider: Google ()
CHR - default_search_provider: search_url = {google:baseURL}search?{google:RLZ}{google:acceptedSuggestion}{google:originalQueryForSuggestion}sourceid=chrome&ie={inputEncoding}&q={searchTerms}
CHR - default_search_provider: suggest_url = {google:baseSuggestURL}search?client=chrome&output=chrome&hl={language}&q={searchTerms}
 
O1 HOSTS File: ([2006.09.18 23:41:30 | 000,000,736 | ---- | M]) - C:\Windows\System32\drivers\etc\hosts
O1 - Hosts: ::1             localhost
O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - No CLSID value found.
O2 - BHO: (Java(tm) Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Programme\Oracle\JavaFX 2.1 Runtime\bin\ssv.dll (Oracle Corporation)
O2 - BHO: (Windows Live ID-Anmelde-Hilfsprogramm) - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Programme\Common Files\microsoft shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corporation)
O2 - BHO: (Java(tm) Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Programme\Oracle\JavaFX 2.1 Runtime\bin\jp2ssv.dll (Oracle Corporation)
O2 - BHO: (Google Gears Helper) - {E0FEFE40-FBF9-42AE-BA58-794CA7E3FB53} - C:\Programme\Google\Google Gears\Internet Explorer\0.5.36.0\gears.dll (Google Inc.)
O4 - HKLM..\Run: []  File not found
O4 - HKLM..\Run: [avgnt] C:\Program Files\Avira\AntiVir Desktop\avgnt.exe (Avira Operations GmbH & Co. KG)
O4 - HKLM..\Run: [HP Health Check Scheduler] c:\Programme\Hewlett-Packard\HP Health Check\HPHC_Scheduler.exe (Hewlett-Packard)
O4 - HKLM..\Run: [Malwarebytes' Anti-Malware] C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe (Malwarebytes Corporation)
O4 - HKLM..\Run: [PTHOSTTR] C:\Program Files\Hewlett-Packard\HP ProtectTools Security Manager\PTHOSTTR.EXE (Hewlett-Packard Development Company, L.P.)
O4 - HKLM..\Run: [Windows Defender] C:\Program Files\Windows Defender\MSASCui.exe (Microsoft Corporation)
O4 - HKLM..\RunOnce: [ST Recovery Launcher] C:\Windows\SMINST\Launcher.exe (soft thinks)
O4 - Startup: C:\Users\Roman\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk = C:\Users\Roman\AppData\Roaming\Dropbox\bin\Dropbox.exe (Dropbox, Inc.)
O8 - Extra context menu item: Add to Google Photos Screensa&ver - C:\Windows\System32\GPhotos.scr (Google Inc.)
O8 - Extra context menu item: Bild an &Bluetooth-Gerät senden... - C:\Programme\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm ()
O8 - Extra context menu item: Nach Microsoft E&xel exportieren - C:\Programme\Microsoft Office\Office12\EXCEL.EXE (Microsoft Corporation)
O8 - Extra context menu item: Seite an &Bluetooth-Gerät senden... - C:\Programme\WIDCOMM\Bluetooth Software\btsendto_ie.htm ()
O9 - Extra 'Tools' menuitem : &Gears-Einstellungen - {09C04DA7-5B76-4EBC-BBEE-B25EAC5965F5} - C:\Programme\Google\Google Gears\Internet Explorer\0.5.36.0\gears.dll (Google Inc.)
O9 - Extra Button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\Programme\Microsoft Office\Office12\REFIEBAR.DLL (Microsoft Corporation)
O9 - Extra Button: @btrez.dll,-4015 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Programme\WIDCOMM\Bluetooth Software\btsendto_ie.htm ()
O9 - Extra 'Tools' menuitem : @btrez.dll,-12650 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Programme\WIDCOMM\Bluetooth Software\btsendto_ie.htm ()
O13 - gopher Prefix: missing
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.7.0/jinstall-1_7_0_05-windows-i586.cab (Java Plug-in 10.5.1)
O16 - DPF: {CAFEEFAC-0017-0000-0005-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.7.0/jinstall-1_7_0_05-windows-i586.cab (Java Plug-in 1.7.0_05)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.7.0/jinstall-1_7_0_05-windows-i586.cab (Java Plug-in 1.7.0_05)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{1AE68D5B-3AD6-42B3-A1A7-304EE002046D}: DhcpNameServer = 193.189.244.225 193.189.244.206
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{3992FE55-F80B-4794-AA86-7FF9206DA54C}: DhcpNameServer = 192.168.1.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{62E1A4B8-18E1-400D-85B6-74F40BA9D696}: DhcpNameServer = 192.168.1.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{B6863DED-BCB9-4047-820F-43F1C596DE39}: DhcpNameServer = 193.189.244.225 193.189.244.206
O18 - Protocol\Handler\livecall {828030A1-22C1-4009-854F-8E305202313F} - C:\Programme\Windows Live\Messenger\msgrapp.14.0.8117.0416.dll (Microsoft Corporation)
O18 - Protocol\Handler\ms-help {314111c7-a502-11d2-bbca-00c04f8ec294} - C:\Programme\Common Files\microsoft shared\Help\hxds.dll (Microsoft Corporation)
O18 - Protocol\Handler\msnim {828030A1-22C1-4009-854F-8E305202313F} - C:\Programme\Windows Live\Messenger\msgrapp.14.0.8117.0416.dll (Microsoft Corporation)
O18 - Protocol\Handler\mso-offdap11 {32505114-5902-49B2-880A-1F7738E5A384} - C:\Programme\Common Files\microsoft shared\Web Components\11\OWC11.DLL (Microsoft Corporation)
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Programme\Common Files\Skype\Skype4COM.dll (Skype Technologies)
O18 - Protocol\Filter\text/xml {807563E5-5146-11D5-A672-00B0D022E945} - C:\Programme\Common Files\microsoft shared\OFFICE12\MSOXMLMF.DLL (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\System32\userinit.exe (Microsoft Corporation)
O20 - Winlogon\Notify\DeviceNP: DllName - (DeviceNP.dll) - C:\Windows\System32\DeviceNP.dll (Hewlett-Packard Limited)
O24 - Desktop WallPaper: 
O24 - Desktop BackupWallPaper: 
O32 - HKLM CDRom: AutoRun - 1
O32 - Unable to obtain root file information for disk F:\
O33 - MountPoints2\{034c157c-b0f4-11de-9a1b-001f2991aeb0}\Shell\AutoRun\command - "" = H:\SamsungSoftware\APPInst.exe
O33 - MountPoints2\{4ab35dfd-fcaf-11e0-ac37-001f3c5d8866}\Shell - "" = AutoRun
O33 - MountPoints2\{4ab35dfd-fcaf-11e0-ac37-001f3c5d8866}\Shell\AutoRun\command - "" = G:\AutoRun.exe
O33 - MountPoints2\{4ab35e48-fcaf-11e0-ac37-001e101f2b52}\Shell - "" = AutoRun
O33 - MountPoints2\{4ab35e48-fcaf-11e0-ac37-001e101f2b52}\Shell\AutoRun\command - "" = G:\AutoRun.exe
O33 - MountPoints2\{67af874b-956d-11de-800b-001f2991aeb0}\Shell - "" = AutoRun
O33 - MountPoints2\{67af874b-956d-11de-800b-001f2991aeb0}\Shell\AutoRun\command - "" = G:\StartVMCLite.exe
O33 - MountPoints2\{67af876d-956d-11de-800b-001f2991aeb0}\Shell - "" = AutoRun
O33 - MountPoints2\{67af876d-956d-11de-800b-001f2991aeb0}\Shell\AutoRun\command - "" = G:\StartVMCLite.exe
O33 - MountPoints2\{94a89076-a150-11de-851b-001f2991aeb0}\Shell\AutoRun\command - "" = ps.bat
O33 - MountPoints2\{94a89076-a150-11de-851b-001f2991aeb0}\Shell\explore\Command - "" = ps.bat
O33 - MountPoints2\{94a89076-a150-11de-851b-001f2991aeb0}\Shell\open\Command - "" = ps.bat
O33 - MountPoints2\{98fda891-21ae-11e1-a3ff-001e101f50a4}\Shell - "" = AutoRun
O33 - MountPoints2\{98fda891-21ae-11e1-a3ff-001e101f50a4}\Shell\AutoRun\command - "" = G:\AutoRun.exe
O33 - MountPoints2\{f530994e-ce03-11de-99bc-001f2991aeb0}\Shell\AutoRun\command - "" = G:\avira.exe
O34 - HKLM BootExecute: (autocheck autochk *)
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)
 
========== Files/Folders - Created Within 30 Days ==========
 
[2012.08.31 00:11:00 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes' Anti-Malware
[2012.08.31 00:10:58 | 000,022,344 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbam.sys
[2012.08.31 00:10:58 | 000,000,000 | ---D | C] -- C:\Program Files\Malwarebytes' Anti-Malware
[2012.08.08 23:11:18 | 000,000,000 | ---D | C] -- C:\Users\Roman\Documents\EndNote
[2012.08.08 21:44:27 | 000,000,000 | ---D | C] -- C:\Users\Roman\AppData\Roaming\EndNote
[2012.08.08 21:43:47 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Risxtd
[2012.08.08 21:43:38 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\ResearchSoft
[2012.08.08 21:43:30 | 000,000,000 | ---D | C] -- C:\Users\Public\Documents\EndNote
[2012.08.08 21:43:30 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\EndNote
[2012.08.08 21:34:50 | 000,000,000 | ---D | C] -- C:\Program Files\EndNote X2
[2012.08.08 21:33:29 | 000,000,000 | ---D | C] -- C:\ProgramData\Thomson.ResearchSoft.Installers
[2012.08.06 16:27:06 | 000,000,000 | ---D | C] -- C:\Users\Roman\AppData\Roaming\vlc
[2012.08.06 16:26:54 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\VideoLAN
[2012.08.06 16:16:32 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Java
[2012.08.06 16:15:16 | 000,000,000 | ---D | C] -- C:\Program Files\Oracle
[2012.08.02 14:11:58 | 000,000,000 | -H-D | C] -- C:\Program Files\InstallJammer Registry
[2012.08.02 13:53:48 | 000,000,000 | ---D | C] -- C:\Program Files\Mozilla Maintenance Service
 
========== Files - Modified Within 30 Days ==========
 
[2012.08.31 17:20:14 | 000,001,096 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
[2012.08.31 17:19:01 | 000,001,120 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-3045474442-3283016014-914664241-1006UA.job
[2012.08.31 17:13:00 | 000,000,884 | ---- | M] () -- C:\Windows\tasks\Adobe Flash Player Updater.job
[2012.08.31 15:53:50 | 000,001,092 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
[2012.08.31 15:49:32 | 000,003,168 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0
[2012.08.31 15:49:30 | 000,003,168 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0
[2012.08.31 15:49:21 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2012.08.31 15:49:14 | 2138,365,952 | -HS- | M] () -- C:\hiberfil.sys
[2012.08.31 10:24:10 | 000,000,012 | ---- | M] () -- C:\Windows\bthservsdp.dat
[2012.08.31 08:52:15 | 000,001,068 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-3045474442-3283016014-914664241-1006Core.job
[2012.08.30 23:36:26 | 000,475,136 | ---- | M] () -- C:\Users\Roman\AppData\Local\_prdvjrqga.exe
[2012.08.15 21:40:54 | 000,000,322 | ---- | M] () -- C:\Windows\tasks\HPCeeScheduleForRoman.job
[2012.08.15 18:21:03 | 000,053,163 | ---- | M] () -- C:\Users\Roman\Documents\Schuhe_saintcrispins_shoecare.pdf
[2012.08.15 08:36:57 | 000,535,336 | ---- | M] () -- C:\Windows\System32\FNTCACHE.DAT
[2012.08.11 16:10:08 | 000,695,968 | ---- | M] () -- C:\Windows\System32\perfh007.dat
[2012.08.11 16:10:08 | 000,651,282 | ---- | M] () -- C:\Windows\System32\perfh009.dat
[2012.08.11 16:10:08 | 000,154,444 | ---- | M] () -- C:\Windows\System32\perfc007.dat
[2012.08.11 16:10:08 | 000,125,532 | ---- | M] () -- C:\Windows\System32\perfc009.dat
[2012.08.02 14:19:21 | 000,000,218 | ---- | M] () -- C:\Users\Roman\.recently-used.xbel
[2012.08.02 14:19:18 | 000,000,314 | ---- | M] () -- C:\Users\Roman\AppData\Roaming\psppirerc
[2012.08.02 13:51:05 | 000,720,515 | ---- | M] () -- C:\Users\Roman\Desktop\bookmarks-2012-08-02.json
 
========== Files Created - No Company Name ==========
 
[2012.08.30 23:36:26 | 000,475,136 | ---- | C] () -- C:\Users\Roman\AppData\Local\_prdvjrqga.exe
[2012.08.15 18:21:03 | 000,053,163 | ---- | C] () -- C:\Users\Roman\Documents\Schuhe_saintcrispins_shoecare.pdf
[2012.08.02 14:19:21 | 000,000,218 | ---- | C] () -- C:\Users\Roman\.recently-used.xbel
[2012.08.02 14:19:18 | 000,000,314 | ---- | C] () -- C:\Users\Roman\AppData\Roaming\psppirerc
[2012.08.02 13:51:04 | 000,720,515 | ---- | C] () -- C:\Users\Roman\Desktop\bookmarks-2012-08-02.json
[2012.03.26 23:22:05 | 000,000,093 | ---- | C] () -- C:\Users\Roman\AppData\Local\fusioncache.dat
[2012.03.26 23:22:00 | 000,138,752 | ---- | C] () -- C:\Windows\System32\MASE32.DLL
[2012.03.26 23:22:00 | 000,057,856 | ---- | C] () -- C:\Windows\System32\MASD32.DLL
[2012.03.26 23:21:59 | 000,196,096 | ---- | C] () -- C:\Windows\System32\MACD32.DLL
[2012.03.26 23:21:59 | 000,136,192 | ---- | C] () -- C:\Windows\System32\MAMC32.DLL
[2012.03.26 23:21:59 | 000,027,648 | ---- | C] () -- C:\Windows\System32\MA32.DLL
[2011.11.06 22:08:42 | 000,278,386 | ---- | C] () -- C:\Users\Roman\AppData\Local\census.cache
[2011.11.06 22:08:14 | 000,201,735 | ---- | C] () -- C:\Users\Roman\AppData\Local\ars.cache
[2011.11.06 21:57:45 | 000,000,036 | ---- | C] () -- C:\Users\Roman\AppData\Local\housecall.guid.cache
[2011.10.18 21:19:07 | 000,116,224 | ---- | C] () -- C:\Windows\System32\pdfcmnnt.dll
[2011.01.06 22:59:20 | 000,078,210 | ---- | C] () -- C:\Windows\hpqins05.dat
[2011.01.06 15:15:07 | 000,214,743 | ---- | C] () -- C:\Windows\hpwins23.dat
[2010.01.18 21:49:03 | 000,024,206 | ---- | C] () -- C:\Users\Roman\AppData\Roaming\UserTile.png
[2009.12.29 14:42:28 | 000,000,056 | -H-- | C] () -- C:\ProgramData\ezsidmv.dat
[2008.12.18 16:56:53 | 000,000,680 | ---- | C] () -- C:\Users\Roman\AppData\Local\d3d9caps.dat
[2008.08.31 23:15:11 | 000,038,442 | ---- | C] () -- C:\Users\Roman\AppData\Roaming\Tabulatorgetrennte Werte (Windows).ADR
[2008.08.31 21:23:24 | 000,038,437 | ---- | C] () -- C:\Users\Roman\AppData\Roaming\Kommagetrennte Werte (Windows).ADR
[2008.08.28 20:20:29 | 000,000,466 | RHS- | C] () -- C:\ProgramData\ntuser.pol
[2008.08.27 20:07:43 | 000,211,968 | ---- | C] () -- C:\Users\Roman\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2008.08.25 22:13:44 | 000,001,074 | RH-- | C] () -- C:\Users\Roman\XrxWm.ini
[2008.08.25 22:13:44 | 000,000,522 | RH-- | C] () -- C:\Users\Roman\xw45cpdy.dyc
 
========== LOP Check ==========
 
[2012.08.31 16:03:42 | 000,000,000 | ---D | M] -- C:\Users\Roman\AppData\Roaming\Dropbox
[2012.08.20 13:28:29 | 000,000,000 | ---D | M] -- C:\Users\Roman\AppData\Roaming\EndNote
[2011.06.09 09:56:20 | 000,000,000 | ---D | M] -- C:\Users\Roman\AppData\Roaming\FileZilla
[2011.10.18 21:23:34 | 000,000,000 | ---D | M] -- C:\Users\Roman\AppData\Roaming\FreePDF
[2011.09.30 15:30:04 | 000,000,000 | ---D | M] -- C:\Users\Roman\AppData\Roaming\gtk-2.0
[2008.08.22 13:30:21 | 000,000,000 | ---D | M] -- C:\Users\Roman\AppData\Roaming\Hewlett Packard
[2011.02.01 13:46:20 | 000,000,000 | ---D | M] -- C:\Users\Roman\AppData\Roaming\ICAClient
[2009.02.25 00:03:04 | 000,000,000 | ---D | M] -- C:\Users\Roman\AppData\Roaming\InterVideo
[2009.03.17 21:23:37 | 000,000,000 | ---D | M] -- C:\Users\Roman\AppData\Roaming\Leadertech
[2010.12.29 23:04:49 | 000,000,000 | ---D | M] -- C:\Users\Roman\AppData\Roaming\Local
[2010.04.13 11:17:59 | 000,000,000 | ---D | M] -- C:\Users\Roman\AppData\Roaming\M-HTOEFL
[2008.08.31 19:10:27 | 000,000,000 | ---D | M] -- C:\Users\Roman\AppData\Roaming\Nokia
[2008.08.31 19:10:29 | 000,000,000 | ---D | M] -- C:\Users\Roman\AppData\Roaming\PC Suite
[2011.10.18 21:19:11 | 000,000,000 | ---D | M] -- C:\Users\Roman\AppData\Roaming\pdfforge
[2010.01.18 21:49:03 | 000,000,000 | ---D | M] -- C:\Users\Roman\AppData\Roaming\PeerNetworking
[2012.03.26 23:23:23 | 000,000,000 | ---D | M] -- C:\Users\Roman\AppData\Roaming\Pinnacle
[2011.03.28 13:02:02 | 000,000,000 | ---D | M] -- C:\Users\Roman\AppData\Roaming\QuickScan
[2008.08.27 07:03:52 | 000,000,000 | ---D | M] -- C:\Users\Roman\AppData\Roaming\SampleView
[2011.03.14 23:25:41 | 000,000,000 | ---D | M] -- C:\Users\Roman\AppData\Roaming\TeamViewer
[2010.03.01 13:35:34 | 000,000,000 | ---D | M] -- C:\Users\Roman\AppData\Roaming\Vensim
[2009.11.19 01:09:39 | 000,000,000 | ---D | M] -- C:\Users\Roman\AppData\Roaming\Vensim Demo
[2012.08.31 10:24:11 | 000,032,534 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT
[2011.11.07 01:29:12 | 000,000,418 | -H-- | M] () -- C:\Windows\Tasks\User_Feed_Synchronization-{CC3E9DAD-3CAE-4881-A6FF-68E7ACDA3A43}.job
 
========== Purity Check ==========
 
 

< End of report >

Code:
ATTFilter
OTL Extras logfile created on: 31.08.2012 17:12:22 - Run 1
OTL by OldTimer - Version 3.2.59.1     Folder = C:\Users\Roman\Downloads
Windows Vista Business Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.19298)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
 
1,99 Gb Total Physical Memory | 1,21 Gb Available Physical Memory | 60,97% Memory free
4,22 Gb Paging File | 2,95 Gb Available in Paging File | 69,99% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 102,28 Gb Total Space | 23,72 Gb Free Space | 23,19% Space Free | Partition Type: NTFS
Drive E: | 1,55 Gb Total Space | 1,32 Gb Free Space | 84,89% Space Free | Partition Type: NTFS
Drive F: | 7,95 Gb Total Space | 0,98 Gb Free Space | 12,34% Space Free | Partition Type: NTFS
 
Computer Name: 6720S-RV | User Name: Roman | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days
 
========== Extra Registry (SafeList) ==========
 
 
========== File Associations ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- C:\Windows\System32\control.exe (Microsoft Corporation)
.hlp [@ = hlpfile] -- C:\Windows\winhlp32.exe (Microsoft Corporation)
.html [@ = Reg Error: Value error.] -- Reg Error: Key error. File not found
 
[HKEY_CURRENT_USER\SOFTWARE\Classes\<extension>]
.html [@ = FirefoxHTML] -- C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation)
 
========== Shell Spawning ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
hlpfile [open] -- %SystemRoot%\winhlp32.exe %1 (Microsoft Corporation)
http [open] -- "C:\Program Files\Mozilla Firefox 4.0 Beta 11\firefox.exe" -requestPending -osint -url "%1"
https [open] -- "C:\Program Files\Mozilla Firefox 4.0 Beta 11\firefox.exe" -requestPending -osint -url "%1"
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [AddToPlaylistVLC] -- "C:\Program Files\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" ()
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [PlayWithVLC] -- "C:\Program Files\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" ()
Folder [open] -- %SystemRoot%\Explorer.exe /separate,/idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /separate,/e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
 
========== Security Center Settings ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
"DisableMonitoring" = 1
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus]
"DisableMonitoring" = 1
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall]
"DisableMonitoring" = 1
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0
"VistaSp1" = Reg Error: Unknown registry data type -- File not found
"VistaSp2" = Reg Error: Unknown registry data type -- File not found
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]
 
========== Firewall Settings ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
 
========== Authorized Applications List ==========
 
 
========== Vista Active Open Ports Exception List ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{8F4F52FF-3093-4358-85AD-724A3C0AB119}" = lport=2869 | protocol=6 | dir=in | app=system | 
"{99D86F92-4F7A-4C25-B3CB-80680E32709E}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=c:\windows\system32\svchost.exe | 
"{C7C03B89-7D9A-48E9-AA16-58FA22653DB8}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=svchost.exe | 
 
========== Vista Active Application Exception List ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{04939669-DE76-4FF0-8A42-96A0950067B5}" = protocol=17 | dir=in | app=c:\program files\teamviewer\version7\teamviewer.exe | 
"{13F776AF-69D4-4FD5-AEC4-3BFFA9671BE0}" = dir=in | app=c:\program files\windows live\messenger\msnmsgr.exe | 
"{1BF1167E-45D1-4B24-B863-7E28A32AAAC1}" = protocol=6 | dir=in | app=c:\program files\teamviewer\version7\teamviewer.exe | 
"{1DE7B619-EABE-41FD-89F8-3BE09C01D241}" = protocol=17 | dir=in | app=c:\program files\common files\pctv systems\pvr\videocontrol.exe | 
"{22277809-FF2D-4F5E-AD39-A005244DA514}" = protocol=17 | dir=in | app=c:\users\roman\appdata\roaming\dropbox\bin\dropbox.exe | 
"{302E0631-B60B-4476-A4B6-0D78435AC204}" = protocol=17 | dir=in | app=c:\program files\common files\pctv systems\streamingserver\strmserver.exe | 
"{40D7055C-02D7-4631-85EA-1E344D3C74D1}" = protocol=6 | dir=in | app=c:\program files\teamviewer\version7\teamviewer_service.exe | 
"{552E8512-ECD3-4D28-B95B-AA82092039D1}" = protocol=17 | dir=in | app=c:\program files\pctv systems\tvcenter\tvcenter.exe | 
"{563B7434-EB06-4CB1-A655-B5411A438DF7}" = dir=in | app=c:\program files\hp\digital imaging\bin\hpqste08.exe | 
"{56C22636-D3BD-4D4F-875F-2A565F979B6B}" = dir=in | app=c:\program files\hp\digital imaging\bin\hpqkygrp.exe | 
"{5F1AF8F3-177F-46F0-A06B-A188E47D6F05}" = dir=in | app=c:\program files\hp\digital imaging\bin\hposid01.exe | 
"{65DCF77F-702C-4A23-8DE7-2078169AD70C}" = protocol=6 | dir=in | app=c:\users\roman\appdata\roaming\dropbox\bin\dropbox.exe | 
"{6B831AFC-C738-4C8A-8281-1113EFC04DA2}" = protocol=6 | dir=in | app=c:\program files\common files\pctv systems\pvr\videocontrol.exe | 
"{809CA8E9-178C-43DB-BCF2-DCB502315D9F}" = protocol=17 | dir=in | app=c:\users\roman\appdata\local\google\google talk plugin\googletalkplugin.exe | 
"{905692D8-9911-4C41-ACDD-A9AA6DAAD16F}" = protocol=6 | dir=in | app=c:\program files\pctv systems\tvcenter\tvcenter.exe | 
"{929C1408-DBE7-4115-ADC5-4D24B548656E}" = dir=in | app=c:\program files\hp\digital imaging\bin\hpzwiz01.exe | 
"{AFF2BFC3-617C-4096-8AC0-EBD5D3FE5627}" = protocol=6 | dir=in | app=c:\users\roman\appdata\local\google\google talk plugin\googletalkplugin.exe | 
"{CC15CC6C-1EE9-4220-87A5-AE380122FF9E}" = protocol=6 | dir=in | app=c:\program files\common files\pctv systems\streamingserver\strmserver.exe | 
"{D934DAD7-1D80-4642-A859-7F350059256B}" = dir=in | app=c:\program files\hp\digital imaging\bin\hposfx08.exe | 
"{E5B357DB-2B67-45C7-A613-07668DB42FD4}" = dir=in | app=c:\program files\skype\phone\skype.exe | 
"{E8EFA40B-FFB4-4D41-A235-7E078ACB9D6E}" = dir=in | app=c:\program files\hp\digital imaging\bin\hpofxm08.exe | 
"{F5BE4B69-E063-4F8F-9EB9-336E2A1BFB6F}" = protocol=17 | dir=in | app=c:\program files\teamviewer\version7\teamviewer_service.exe | 
"{FBE82719-A7A9-4742-BD60-70C54CE08D46}" = dir=in | app=c:\program files\hp\digital imaging\bin\hpqtra08.exe | 
"TCP Query User{0F4D6C5A-4D5C-41C9-B524-FCDF345C1631}C:\users\roman\temp\teamviewer\version4\teamviewer.exe" = protocol=6 | dir=in | app=c:\users\roman\temp\teamviewer\version4\teamviewer.exe | 
"TCP Query User{0F9784A5-1878-476C-91B0-D9F8893E9103}C:\program files\google\google earth\plugin\geplugin.exe" = protocol=6 | dir=in | app=c:\program files\google\google earth\plugin\geplugin.exe | 
"TCP Query User{299E857F-4BEC-415E-B752-D16907E47113}C:\program files\videolan\vlc\vlc.exe" = protocol=6 | dir=in | app=c:\program files\videolan\vlc\vlc.exe | 
"TCP Query User{9599364A-BBC6-4DA8-AC27-2C520F860A5E}C:\program files\mozilla firefox 4.0 beta 11\plugin-container.exe" = protocol=6 | dir=in | app=c:\program files\mozilla firefox 4.0 beta 11\plugin-container.exe | 
"TCP Query User{D782EA2E-5A0E-4B3E-88AB-7F5EE0CEED5D}C:\program files\java\jre6\bin\javaw.exe" = protocol=6 | dir=in | app=c:\program files\java\jre6\bin\javaw.exe | 
"UDP Query User{14FC6D54-6AB6-473C-BA2C-1064B55DDB27}C:\program files\google\google earth\plugin\geplugin.exe" = protocol=17 | dir=in | app=c:\program files\google\google earth\plugin\geplugin.exe | 
"UDP Query User{3C0E0DE7-B346-4BA3-AE06-54B80D5EB4C4}C:\users\roman\temp\teamviewer\version4\teamviewer.exe" = protocol=17 | dir=in | app=c:\users\roman\temp\teamviewer\version4\teamviewer.exe | 
"UDP Query User{488B2714-A19C-44E2-BC2B-5D5172705A7C}C:\program files\java\jre6\bin\javaw.exe" = protocol=17 | dir=in | app=c:\program files\java\jre6\bin\javaw.exe | 
"UDP Query User{540A7CFF-585C-4AEE-A640-907F9F2B8324}C:\program files\videolan\vlc\vlc.exe" = protocol=17 | dir=in | app=c:\program files\videolan\vlc\vlc.exe | 
"UDP Query User{9DEF03F1-3941-43E8-8F9F-D5F774F2D5EB}C:\program files\mozilla firefox 4.0 beta 11\plugin-container.exe" = protocol=17 | dir=in | app=c:\program files\mozilla firefox 4.0 beta 11\plugin-container.exe | 
 
========== HKEY_LOCAL_MACHINE Uninstall List ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{0001B4FD-9EA3-4D90-A79E-FD14BA3AB01D}" = PDFCreator
"{002B1E90-3241-4D45-8831-E89020F8E7E6}" = EndNote X2
"{002D9D5E-29BA-3E6D-9BC4-3D7D6DBC735C}" = Microsoft Visual C++ 2008 ATL Update kb973924 - x86 9.0.30729.4148
"{028ED9C4-25EE-4DEE-9CF4-91034BC89B18}" = Microsoft SQL Server 2005 Express Edition (MSSMLBIZ)
"{0394CDC8-FABD-4ED8-B104-03393876DFDF}" = Roxio Creator Tools
"{03A7C57A-B2C8-409b-92E5-524A0DFD0DD3}" = Status
"{03D1988F-469F-4843-8E6E-E5FE9D17889D}" = HP Integrated Module with Bluetooth wireless technology 6.0.1.4900
"{052FDD78-A6EA-3187-8386-C82F4CA3A929}" = Microsoft .NET Framework 3.5 Language Pack SP1 - deu
"{07629207-FAA0-4F1A-8092-BF5085BE511F}" = Unterstützungsdateien für das Microsoft SQL Server-Setup (Englisch)
"{082702D5-5DD8-4600-BCE5-48B15174687F}" = HP Doc Viewer
"{0840B4D6-7DD1-4187-8523-E6FC0007EFB7}" = Windows Live ID-Anmelde-Assistent
"{087A66B8-1F0F-4a8d-A649-0CFE276AA7C0}" = WebReg
"{0D397393-9B50-4C52-84D5-77E344289F87}" = Roxio Creator Data
"{1111706F-666A-4037-7777-211328764D10}" = JavaFX 2.1.1
"{18D10072035C4515918F7E37EAFAACFC}" = AutoUpdate
"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
"{205C6BDD-7B73-42DE-8505-9A093F35A238}" = Windows Live-Uploadtool
"{228C6B46-64E2-404E-898A-EF0830603EF4}" = HPNetworkAssistant
"{22B775E7-6C42-4FC5-8E10-9A5E3257BD94}" = MSVCRT
"{254C37AA-6B72-4300-84F6-98A82419187E}" = ActiveCheck component for HP Active Support Library
"{26A24AE4-039D-4CA4-87B4-2F83217005FF}" = Java(TM) 7 Update 5
"{2934DCB0-F8EE-11E0-A4A5-B8AC6F97B88E}" = Google Earth Plug-in
"{2A329FB6-389D-4396-A974-29656D6864AE}" = MarketResearch
"{2DB165DC-DDB4-403F-B985-19F3EC7D0357}" = HP ProtectTools Security Manager
"{2EEA7AA4-C203-4b90-A34F-19FB7EF1C81C}" = BufferChm
"{2FA41EBB-3F5A-35C3-85D6-51EC72A11FBD}" = Google Gears
"{30465B6C-B53F-49A1-9EBA-A3F187AD502E}" = Roxio Update Manager
"{3175E049-F9A9-4A3D-8F19-AC9FB04514D1}" = Windows Live Communications Platform
"{33C65B6A-5D73-4E3E-A1F9-127C27BD3F72}" = Roxio MyDVD Basic v9
"{34D2AB40-150D-475D-AE32-BD23FB5EE355}" = HP Quick Launch Buttons 6.40 B2
"{35E1EC43-D4FC-4E4A-AAB3-20DDA27E8BB0}" = Roxio Activation Module
"{3700194C-C5DD-439A-BE06-A66960CA4C70}" = MSVCSetup
"{38DAE5F5-EC70-4aa5-801B-D11CA0A33B41}" = BPDSoftware
"{3912A629-0020-0005-3131-2FBA74D4DF0A}" = InterVideo WinDVD
"{3C3901C5-3455-3E0A-A214-0B093A5070A6}" = Microsoft .NET Framework 4 Client Profile
"{3F9F7336-6DF8-476F-ABF6-C70A17FAF619}" = ST Wiederherstellungs- & Sicherungsprogramme
"{41977E38-C671-4383-96F2-D2C83A815EB4}" = Vista Default Settings
"{47ECCB1F-2811-49C0-B6A7-26778639ABA0}" = 32 Bit HP CIO Components Installer
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{4A70EF07-7F88-4434-BB61-D1DE8AE93DD4}" = SolutionCenter
"{4cb9f93c-9edc-4be9-ae61-af128ddbecfa}" = Business Contact Manager für Outlook 2007 SP2
"{4D304678-738E-42a0-931A-2B022F49DEB8}" = TrayApp
"{4E7C28C7-D5DA-4E9F-A1CA-60490B54AE35}" = UnloadSupport
"{50120000-1105-0000-0000-0000000FF1CE}" = Microsoft Office 2007 Primary Interop Assemblies
"{521F72F4-FFE4-4959-AA88-EED06125211F}" = HP Notebook Accessories Product Tour
"{55B52830-024A-443E-AF61-61E1E71AFA1B}" = Device Access Manager for HP ProtectTools
"{57F60D52-630B-43C5-BD20-176F5CD4EED6}" = bpd_scan
"{5D97A4A7-C274-4B63-86D9-07A33435F505}" = InterVideo DVD Check
"{613AA85A-DB0D-4F51-907A-ED95678A617D}" = KPMGs_IFRS_Trainer
"{619CDD8A-14B6-43A1-AB6C-0F4EE48CE048}" = Roxio Creator Copy
"{63FF21C9-A810-464F-B60A-3111747B1A6D}" = GPBaseService2
"{65DA2EC9-0642-47E9-AAE2-B5267AA14D75}" = Activation Assistant for the 2007 Microsoft Office suites
"{6675CA7F-E51B-4F6A-99D4-F8F0124C6EAA}" = Roxio Express Labeler 3
"{669D4A35-146B-4314-89F1-1AC3D7B88367}" = HPAsset component for HP Active Support Library
"{676981B7-A2D9-49D0-9F4C-03018F131DA9}" = DocProc
"{69333A04-5134-40A5-A055-9166A7AA1EC8}" = 
"{69FDFBB6-351D-4B8C-89D8-867DC9D0A2A4}" = Windows Media Player Firefox Plugin
"{6A1ACC15-7632-45ba-A3AB-0250EBD4B7DD}" = 6500_E709a
"{6CC080F1-2E00-41D5-BE47-A3BC784E9DFB}" = BPDSoftware_Ini
"{6D3DB611-D5E8-4E4B-8952-0D3F549F9CC6}" = HP Active Support Library 32 bit components
"{6EED4269-588D-45b8-A80C-26A9CA62EE4E}" = HPSSupply
"{70CEFEBA-F757-4DBE-8A21-027C326137CE}" = Application Installer 4.00.B14
"{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}" = Microsoft Visual C++ 2005 Redistributable
"{716E0306-8318-4364-8B8F-0CC4E9376BAC}" = MSXML 4.0 SP2 Parser and SDK
"{767CC44C-9BBC-438D-BAD3-FD4595DD148B}" = VC80CRTRedist - 8.0.50727.762
"{7B63B2922B174135AFC0E1377DD81EC2}" = DivX Codec
"{7CA4EF4B-DB5A-4E2F-81CC-6EE33FC9EF1E}" = HP User Guides 0084
"{800E784D-53E3-4948-B491-9E7FA5EACBDC}" = SmartWebPrinting
"{83FFCFC7-88C6-41C6-8752-958A45325C82}" = Roxio Creator Audio
"{86CE85E6-DBAC-3FFD-B977-E4B79F83C909}" = Microsoft Visual C++ 2008 Redistributable - KB2467174 - x86 9.0.30729.5570
"{87A9A9A9-FAB7-4224-9328-0FA2058C0FD5}" = Network
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{8D337F77-BE7F-41A2-A7CB-D5A63FD7049B}" = Sonic CinePlayer Decoder Pack
"{8DCD7A9A-8B0B-4184-A5D7-C4BDAA31C750}" = Microsoft Office Live Add-in Patches
"{90120000-0015-0407-0000-0000000FF1CE}" = Microsoft Office Access MUI (German) 2007
"{90120000-0015-0407-0000-0000000FF1CE}_PROHYBRIDR_{DB2ACBD1-65B1-4FC5-881E-4E75C668E7E2}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-0015-0407-0000-0000000FF1CE}_PROPLUSR_{DB2ACBD1-65B1-4FC5-881E-4E75C668E7E2}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-0016-0407-0000-0000000FF1CE}" = Microsoft Office Excel MUI (German) 2007
"{90120000-0016-0407-0000-0000000FF1CE}_PROHYBRIDR_{DB2ACBD1-65B1-4FC5-881E-4E75C668E7E2}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-0016-0407-0000-0000000FF1CE}_PROPLUSR_{DB2ACBD1-65B1-4FC5-881E-4E75C668E7E2}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-0018-0407-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (German) 2007
"{90120000-0018-0407-0000-0000000FF1CE}_PROHYBRIDR_{DB2ACBD1-65B1-4FC5-881E-4E75C668E7E2}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-0018-0407-0000-0000000FF1CE}_PROPLUSR_{DB2ACBD1-65B1-4FC5-881E-4E75C668E7E2}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-0019-0407-0000-0000000FF1CE}" = Microsoft Office Publisher MUI (German) 2007
"{90120000-0019-0407-0000-0000000FF1CE}_PROHYBRIDR_{DB2ACBD1-65B1-4FC5-881E-4E75C668E7E2}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-0019-0407-0000-0000000FF1CE}_PROPLUSR_{DB2ACBD1-65B1-4FC5-881E-4E75C668E7E2}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-001A-0407-0000-0000000FF1CE}" = Microsoft Office Outlook MUI (German) 2007
"{90120000-001A-0407-0000-0000000FF1CE}_PROHYBRIDR_{DB2ACBD1-65B1-4FC5-881E-4E75C668E7E2}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-001A-0407-0000-0000000FF1CE}_PROPLUSR_{DB2ACBD1-65B1-4FC5-881E-4E75C668E7E2}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-001B-0407-0000-0000000FF1CE}" = Microsoft Office Word MUI (German) 2007
"{90120000-001B-0407-0000-0000000FF1CE}_PROHYBRIDR_{DB2ACBD1-65B1-4FC5-881E-4E75C668E7E2}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-001B-0407-0000-0000000FF1CE}_PROPLUSR_{DB2ACBD1-65B1-4FC5-881E-4E75C668E7E2}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-001F-0407-0000-0000000FF1CE}" = Microsoft Office Proof (German) 2007
"{90120000-001F-0407-0000-0000000FF1CE}_PROHYBRIDR_{928D7B99-2BEA-49F9-83B8-20FA57860643}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
"{90120000-001F-0407-0000-0000000FF1CE}_PROPLUSR_{928D7B99-2BEA-49F9-83B8-20FA57860643}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
"{90120000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2007
"{90120000-001F-0409-0000-0000000FF1CE}_PROHYBRIDR_{1FF96026-A04A-4C3E-B50A-BB7022654D0F}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
"{90120000-001F-0409-0000-0000000FF1CE}_PROPLUSR_{1FF96026-A04A-4C3E-B50A-BB7022654D0F}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
"{90120000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2007
"{90120000-001F-040C-0000-0000000FF1CE}_PROHYBRIDR_{71F055E8-E2C6-4214-BB3D-BFE03561B89E}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
"{90120000-001F-040C-0000-0000000FF1CE}_PROPLUSR_{71F055E8-E2C6-4214-BB3D-BFE03561B89E}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
"{90120000-001F-0410-0000-0000000FF1CE}" = Microsoft Office Proof (Italian) 2007
"{90120000-001F-0410-0000-0000000FF1CE}_PROHYBRIDR_{A23BFC95-4A73-410F-9248-4C2B48E38C49}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
"{90120000-001F-0410-0000-0000000FF1CE}_PROPLUSR_{A23BFC95-4A73-410F-9248-4C2B48E38C49}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
"{90120000-002C-0407-0000-0000000FF1CE}" = Microsoft Office Proofing (German) 2007
"{90120000-0044-0407-0000-0000000FF1CE}" = Microsoft Office InfoPath MUI (German) 2007
"{90120000-0044-0407-0000-0000000FF1CE}_PROPLUSR_{DB2ACBD1-65B1-4FC5-881E-4E75C668E7E2}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-006E-0407-0000-0000000FF1CE}" = Microsoft Office Shared MUI (German) 2007
"{90120000-006E-0407-0000-0000000FF1CE}_PROHYBRIDR_{A6353E8F-5B8D-47CC-8737-DFF032ED3973}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-006E-0407-0000-0000000FF1CE}_PROPLUSR_{A6353E8F-5B8D-47CC-8737-DFF032ED3973}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90140000-2005-0000-0000-0000000FF1CE}" = Microsoft Office File Validation Add-In
"{90A40407-6000-11D3-8CFE-0150048383C9}" = Microsoft Office 2003 Web Components
"{91120000-0011-0000-0000-0000000FF1CE}" = Microsoft Office Professional Plus 2007
"{91120000-0011-0000-0000-0000000FF1CE}_PROPLUSR_{6E107EB7-8B55-48BF-ACCB-199F86A2CD93}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{91120000-0031-0000-0000-0000000FF1CE}" = Microsoft Office Professional Hybrid 2007
"{91120000-0031-0000-0000-0000000FF1CE}_PROHYBRIDR_{6E107EB7-8B55-48BF-ACCB-199F86A2CD93}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{9129B46A-51F0-431b-9838-DF7272F3204E}" = ProductContext
"{91810AFC-A4F8-4EBA-A5AA-B198BBC81144}" = InterVideo WinDVD
"{95120000-00B9-0409-0000-0000000FF1CE}" = Microsoft Application Error Reporting
"{96334581-5554-3E5F-8BC9-924C3C3AC5BE}" = Google Talk Plugin
"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
"{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
"{9CCCFD9C-248F-47FE-9496-1680E3E5C163}" = Scan
"{A12EA295-32EA-42BB-8442-2C2BE852D4AA}" = inSSIDer 2.0
"{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper
"{A939D341-5A04-4E0A-BB55-3E65B386432D}" = Microsoft Office Small Business Connectivity Components
"{AB5E289E-76BF-4251-9F3F-9B763F681AE0}" = HP Customer Experience Enhancements
"{AC13BA3A-336B-45a4-B3FE-2D3058A7B533}" = Toolbox
"{AC76BA86-7AD7-1031-7B44-AA1000000001}" = Adobe Reader X (10.1.3) - Deutsch
"{AC76BA86-7AD7-2448-0000-900000000003}" = Chinese Traditional Fonts Support For Adobe Reader 9
"{AC76BA86-7AD7-5464-3428-900000000004}" = Spelling Dictionaries Support For Adobe Reader 9
"{AED2DD42-9853-407E-A6BC-8A1D6B715909}" = Windows Live Messenger
"{B2544A03-10D0-4E5E-BA69-0362FFC20D18}" = OGA Notifier 2.0.0048.0
"{B7050CBDB2504B34BC2A9CA0A692CC29}" = DivX Web Player
"{BBE5C83E-4DC5-494F-8A23-3AAE242E94C2}" = HP Easy Setup - Frontend
"{BC35397E-6A05-4E93-8418-1BA7CD2B7AAB}" = BIOS Configuration for HP ProtectTools
"{BFE903DE-4845-4387-9C6C-98B21B8445A3}" = GMATPrep(TM)
"{C29C1940-CB85-4F3B-906C-33FEE0E67103}" = DocMgr
"{C43326F5-F135-4551-8270-7F7ABA0462E1}" = HPProductAssistant
"{C49067A8-8212-4A82-A4D9-1519701644F0}" = Citrix Presentation Server Client - Nur Web
"{C8B0680B-CDAE-4809-9F91-387B6DE00F7C}" = Roxio Creator Basic v9
"{CAFA57E8-8927-4912-AFCF-B0AA3837E989}" = Windows Live Essentials
"{CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}" = Microsoft .NET Framework 1.1
"{CBAE4F50-9FC9-4557-AB36-9826DF3C103C}" = HP Wireless Assistant
"{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1
"{CE7E3BE0-2DD3-4416-A690-F9E4A99A8CFF}" = HP Active Support Library
"{D2041A37-5FEC-49F0-AE5C-3F2FFDFAA4F4}" = Windows Live Call
"{D98B6344-98EC-4196-9D61-DB0E8420C7C8}" = ESU for Microsoft Vista
"{D9B4D7EE-481C-4C36-86AB-A8F7417725FF}" = LightScribe  1.6.43.1
"{DDD5104F-1C44-49EB-9E6B-29EC5D27658B}" = HP Update
"{DE13432E-F0C1-4842-A5BA-CC997DA72A70}" = 6500_E709_eDocs
"{DFAA3D2B-7087-464E-823B-738A23C29C27}" = Microsoft Visual J# 2.0 Redistributable Package - SE
"{E333CA5F-00ED-4EEF-90E5-6A33A8FE969F}" = HP Help and Support
"{E78BFA60-5393-4C38-82AB-E8019E464EB4}" = Microsoft .NET Framework 1.1 German Language Pack
"{EE7257A2-39A2-4D2F-9DAC-F9F25B8AE1D8}" = Skype™ 5.10
"{EEEB604C-C1A7-4f8c-B03F-56F9C1C9C45F}" = Fax
"{EF9E56EE-0243-4BAD-88F4-5E7508AA7D96}" = Destination Component
"{F0A37341-D692-11D4-A984-009027EC0A9C}" = SoundMAX
"{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}" = Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219
"{F0E12BBA-AD66-4022-A453-A1C8A0C4D570}" = Microsoft Choice Guard
"{F185B35D-38E5-4D88-B275-15C8C7FC4357}" = 6500_E709_Help
"{F18DB86D-BC16-4E01-BCCE-63F62B931D82}" = InterVideo Register Manager
"{F40BBEC7-C2A4-4A00-9B24-7A055A2C5262}" = Microsoft Office Live Add-in 1.5
"{F46E21DF-5BE1-48E2-8390-5EEA8B25E36A}" = Microsoft SQL Server Native Client
"{F769B78E-FF0E-4db5-95E2-9F4C8D6352FE}" = DeviceDiscovery
"{FA0F0A01-4631-4161-A6C2-948BF694382E}" = HP Officejet 6500 E709 Series
"{FDE96E86-7780-431C-92F7-679C6A7CEC51}" = Microsoft SQL Server VSS Writer
"7-Zip" = 7-Zip 9.20
"Activation Assistant for the 2007 Microsoft Office suites" = Activation Assistant for the 2007 Microsoft Office suites
"Adobe Flash Player ActiveX" = Adobe Flash Player 11 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 11 Plugin
"Agere Systems Soft Modem" = Agere Systems HDA Modem
"Avira AntiVir Desktop" = Avira Free Antivirus
"Broadcom 802.11b Network Adapter" = Broadcom 802.11 Wireless LAN Adapter
"Business Contact Manager" = Business Contact Manager für Outlook 2007 SP2
"CCleaner" = CCleaner
"FileZilla Client" = FileZilla Client 3.2.6.1
"GPL Ghostscript 9.04" = GPL Ghostscript
"GRE POWERPREP" = GRE POWERPREP
"HDMI" = Intel(R) Graphics Media Accelerator Driver
"HP Document Manager" = HP Document Manager 2.0
"HP Imaging Device Functions" = HP Imaging Device Functions 12.0
"HP Smart Web Printing" = HP Smart Web Printing
"HP Solution Center & Imaging Support Tools" = HP Solution Center 13.0
"HPExtendedCapabilities" = HP Customer Participation Program 12.0
"HPOCR" = OCR Software by I.R.I.S. 12.0
"ISI ResearchSoft - Export Helper" = ISI ResearchSoft - Export Helper
"KaloMa_is1" = KaloMa 4.93
"Kyocera FS-1100 / FS-1300D Printer Library" = Kyocera FS-1100 / FS-1300D Printer Library
"Malwarebytes' Anti-Malware_is1" = Malwarebytes Anti-Malware Version 1.62.0.1300
"Microsoft .NET Framework 1.1  (1033)" = Microsoft .NET Framework 1.1
"Microsoft .NET Framework 3.5 Language Pack SP1 - deu" = Microsoft .NET Framework 3.5 Language Pack SP1 - DEU
"Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1
"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile
"Microsoft SQL Server 2005" = Microsoft SQL Server 2005
"Microsoft Visual J# 2.0 Redistributable Package - SE" = Microsoft Visual J# 2.0 Redistributable Package - SE
"Mobile Partner" = Mobile Partner
"Mozilla Firefox 15.0 (x86 de)" = Mozilla Firefox 15.0 (x86 de)
"MozillaMaintenanceService" = Mozilla Maintenance Service
"Picasa 3" = Picasa 3
"PROHYBRIDR" = 2007 Microsoft Office system
"PROPLUSR" = Microsoft Office Professional Plus 2007
"PROSet" = Intel(R) Network Connections Drivers
"Redirection Port Monitor" = RedMon - Redirection Port Monitor
"Shop for HP Supplies" = Shop for HP Supplies
"SynTPDeinstKey" = Synaptics Pointing Device Driver
"TeamViewer 7" = TeamViewer 7
"TOEFL Official Guide" = TOEFL Official Guide 2.05.0021
"Vensim Demonstration" = Vensim Demonstration
"Vensim PLE" = Vensim PLE
"VLC media player" = VLC media player 2.0.3
"WinGimp-2.0_is1" = GIMP 2.6.7
"WinLiveSuite_Wave3" = Windows Live Essentials
 
========== HKEY_CURRENT_USER Uninstall List ==========
 
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{F38ADCA4-AF7C-4C73-9021-6F1EA15D15EA}" = Pinnacle TVCenter Pro
"Dropbox" = Dropbox
"The MIT Beer Game" = The MIT Beer Game
 
========== Last 20 Event Log Errors ==========
 
[ Application Events ]
Error - 23.08.2012 12:33:21 | Computer Name = 6720s-RV | Source = Perflib | ID = 1008
Description = 
 
Error - 26.08.2012 07:36:03 | Computer Name = 6720s-RV | Source = Perflib | ID = 1010
Description = 
 
Error - 26.08.2012 07:36:06 | Computer Name = 6720s-RV | Source = Perflib | ID = 1008
Description = 
 
Error - 30.08.2012 11:08:39 | Computer Name = 6720s-RV | Source = Perflib | ID = 1010
Description = 
 
Error - 30.08.2012 11:08:50 | Computer Name = 6720s-RV | Source = Perflib | ID = 1008
Description = 
 
Error - 30.08.2012 11:20:13 | Computer Name = 6720s-RV | Source = VSS | ID = 12289
Description = 
 
Error - 30.08.2012 12:01:53 | Computer Name = 6720s-RV | Source = VSS | ID = 12310
Description = 
 
Error - 30.08.2012 12:01:53 | Computer Name = 6720s-RV | Source = VSS | ID = 12298
Description = 
 
Error - 30.08.2012 17:50:52 | Computer Name = 6720s-RV | Source = VSS | ID = 8194
Description = 
 
Error - 30.08.2012 21:22:46 | Computer Name = 6720s-RV | Source = Application Error | ID = 1000
Description = Fehlerhafte Anwendung taskeng.exe, Version 6.0.6002.18342, Zeitstempel
 0x4cd2e07b, fehlerhaftes Modul unknown, Version 0.0.0.0, Zeitstempel 0x00000000,
 Ausnahmecode 0xc0000005, Fehleroffset 0x74000400,  Prozess-ID 0xa60, Anwendungsstartzeit
 01cd86fb8c5bb2a7.
 
[ OSession Events ]
Error - 07.04.2011 04:06:32 | Computer Name = 6720s-RV | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 0, Application Name: Microsoft Office Word, Application Version:
 12.0.6545.5000, Microsoft Office Version: 12.0.6425.1000. This session lasted 4
 seconds with 0 seconds of active time.  This session ended with a crash.
 
Error - 21.05.2011 05:45:22 | Computer Name = 6720s-RV | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 0, Application Name: Microsoft Office Word, Application Version:
 12.0.6545.5000, Microsoft Office Version: 12.0.6425.1000. This session lasted 3
 seconds with 0 seconds of active time.  This session ended with a crash.
 
Error - 02.06.2011 13:49:06 | Computer Name = 6720s-RV | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 0, Application Name: Microsoft Office Word, Application Version:
 12.0.6545.5000, Microsoft Office Version: 12.0.6425.1000. This session lasted 6
 seconds with 0 seconds of active time.  This session ended with a crash.
 
Error - 02.06.2011 13:51:03 | Computer Name = 6720s-RV | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 0, Application Name: Microsoft Office Word, Application Version:
 12.0.6545.5000, Microsoft Office Version: 12.0.6425.1000. This session lasted 13
 seconds with 0 seconds of active time.  This session ended with a crash.
 
Error - 02.06.2011 16:07:29 | Computer Name = 6720s-RV | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 0, Application Name: Microsoft Office Word, Application Version:
 12.0.6545.5000, Microsoft Office Version: 12.0.6425.1000. This session lasted 6
 seconds with 0 seconds of active time.  This session ended with a crash.
 
Error - 02.06.2011 16:07:48 | Computer Name = 6720s-RV | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 0, Application Name: Microsoft Office Word, Application Version:
 12.0.6545.5000, Microsoft Office Version: 12.0.6425.1000. This session lasted 5
 seconds with 0 seconds of active time.  This session ended with a crash.
 
Error - 02.06.2011 16:08:03 | Computer Name = 6720s-RV | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 0, Application Name: Microsoft Office Word, Application Version:
 12.0.6545.5000, Microsoft Office Version: 12.0.6425.1000. This session lasted 4
 seconds with 0 seconds of active time.  This session ended with a crash.
 
Error - 02.06.2011 16:08:45 | Computer Name = 6720s-RV | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 0, Application Name: Microsoft Office Word, Application Version:
 12.0.6545.5000, Microsoft Office Version: 12.0.6425.1000. This session lasted 18
 seconds with 0 seconds of active time.  This session ended with a crash.
 
Error - 02.06.2011 16:17:08 | Computer Name = 6720s-RV | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 0, Application Name: Microsoft Office Word, Application Version:
 12.0.6545.5000, Microsoft Office Version: 12.0.6425.1000. This session lasted 15
 seconds with 0 seconds of active time.  This session ended with a crash.
 
Error - 13.12.2011 08:38:17 | Computer Name = 6720s-RV | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 0, Application Name: Microsoft Office Word, Application Version:
 12.0.6545.5000, Microsoft Office Version: 12.0.6425.1000. This session lasted 12
 seconds with 0 seconds of active time.  This session ended with a crash.
 
[ System Events ]
Error - 10.08.2012 05:41:22 | Computer Name = 6720s-RV | Source = Dhcp | ID = 1002
Description = Die IP-Adresslease 192.168.1.5 für die Netzwerkkarte mit der Netzwerkadresse
 001F3C5D8866 wurde durch den DHCP-Server 0.0.0.0 abgelehnt (der DHCP-Server hat
 eine DHCPNACK-Meldung gesendet).
 
Error - 11.08.2012 06:31:40 | Computer Name = 6720s-RV | Source = Dhcp | ID = 1002
Description = Die IP-Adresslease 192.168.2.109 für die Netzwerkkarte mit der Netzwerkadresse
 001F3C5D8866 wurde durch den DHCP-Server 192.168.1.1 abgelehnt (der DHCP-Server
 hat eine DHCPNACK-Meldung gesendet).
 
Error - 11.08.2012 09:44:25 | Computer Name = 6720s-RV | Source = Dhcp | ID = 1002
Description = Die IP-Adresslease 192.168.1.37 für die Netzwerkkarte mit der Netzwerkadresse
 001F3C5D8866 wurde durch den DHCP-Server 0.0.0.0 abgelehnt (der DHCP-Server hat
 eine DHCPNACK-Meldung gesendet).
 
Error - 13.08.2012 04:56:42 | Computer Name = 6720s-RV | Source = Dhcp | ID = 1002
Description = Die IP-Adresslease 192.168.2.109 für die Netzwerkkarte mit der Netzwerkadresse
 001F3C5D8866 wurde durch den DHCP-Server 192.168.1.1 abgelehnt (der DHCP-Server
 hat eine DHCPNACK-Meldung gesendet).
 
Error - 15.08.2012 03:52:04 | Computer Name = 6720s-RV | Source = iaStor | ID = 262153
Description = Das Gerät \Device\Ide\iaStor0 hat innerhalb der Fehlerwartezeit nicht
 geantwortet.
 
Error - 24.08.2012 08:52:02 | Computer Name = 6720s-RV | Source = DCOM | ID = 10010
Description = 
 
Error - 25.08.2012 20:08:41 | Computer Name = 6720s-RV | Source = DCOM | ID = 10010
Description = 
 
Error - 30.08.2012 17:51:12 | Computer Name = 6720s-RV | Source = DCOM | ID = 10010
Description = 
 
Error - 30.08.2012 18:03:59 | Computer Name = 6720s-RV | Source = DCOM | ID = 10010
Description = 
 
Error - 31.08.2012 02:52:44 | Computer Name = 6720s-RV | Source = DCOM | ID = 10010
Description = 
 
 
< End of report >

Was kann ich nun tun? Die umbenannte Datei löschen? Irgendwelche anderen Scans machen? Malwarebytes hat ja nichts mehr gefunden... Ich habe nun die Angst, dass irgendwo ein Rootkit installiert ist, bzw. mein PC befallen ist.

Bin für jede Hilfe dankbar!!!


Beste Grüße
Roman

 

Themen zu Security Shield Befall
32 bit, 7-zip, antivir, aufrufe, autorun, avg, avira, bho, desktop, error, firefox, flash player, format, ftp, google, google earth, install.exe, launch, logfile, löschen?, microsoft office 2003, mozilla, office 2007, officejet, plug-in, registry, rootkit, rundll, scan, security, server, software, svchost.exe, udp, vista


« Rechnung von 1und1 Telecom mit PDF Anhang | 7 Infizierte Registrierungsschlüssel (Trojan.BHO) nach Malwarebytes Anti-Malware Scan »


Ähnliche Themen: Security Shield Befall


  1. Security Shield
    Log-Analyse und Auswertung - 07.11.2012 (23)
  2. Security Shield
    Plagegeister aller Art und deren Bekämpfung - 01.08.2012 (11)
  3. Security Shield
    Plagegeister aller Art und deren Bekämpfung - 25.07.2012 (15)
  4. My Security Shield
    Plagegeister aller Art und deren Bekämpfung - 17.07.2012 (34)
  5. My Security Shield
    Log-Analyse und Auswertung - 12.07.2012 (14)
  6. Security Shield auf dem PC
    Plagegeister aller Art und deren Bekämpfung - 08.07.2012 (7)
  7. Security Shield
    Log-Analyse und Auswertung - 04.07.2012 (1)
  8. Security Shield
    Plagegeister aller Art und deren Bekämpfung - 01.07.2012 (1)
  9. Security Shield -Was nun?-
    Log-Analyse und Auswertung - 29.06.2012 (1)
  10. my security shield
    Plagegeister aller Art und deren Bekämpfung - 28.06.2012 (1)
  11. Security Shield
    Log-Analyse und Auswertung - 28.06.2012 (5)
  12. security shield
    Plagegeister aller Art und deren Bekämpfung - 29.05.2012 (1)
  13. Nach Security Shield - Scan sind Kopien meiner Dateien da verursacht von Sec.Shield - Was tun ?
    Log-Analyse und Auswertung - 13.04.2012 (57)
  14. Security Shield ?
    Plagegeister aller Art und deren Bekämpfung - 25.03.2012 (17)
  15. Security shield
    Plagegeister aller Art und deren Bekämpfung - 19.03.2012 (15)
  16. Production Security Services- Problem nach Security Shield Attacke
    Plagegeister aller Art und deren Bekämpfung - 18.03.2012 (14)
  17. Security Shield
    Plagegeister aller Art und deren Bekämpfung - 27.05.2011 (1)
Anleitungen und Tipps

- Für alle Hilfesuchenden! Was beachten?

- Anleitung: MyStartSearch.com entfernen

- Anleitung: WebSearches löschen

- Hilfe: iStartSurf entfernen – so gehts!

- Anleitung: Omiga Plus richtig entfernen

- Browser Viren entfernen


Zum Thema Security Shield Befall - Hallo zusammen, ich habe mir wohl gestern Abend, durch einen Klick auf einen Suchvorschlag von Google, "My Security Shield" via Drive-by-Installation eingefangen. Zumindest glichen die Symptome den hier ( http://www.trojaner-board.de/119340-...d-inaktiv.html - Security Shield Befall...
Archiv
Du betrachtest: Security Shield Befall auf Trojaner-Board

Search Engine Optimization by vBSEO ©2011, Crawlability, Inc.

1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32 33 34 35 36 37 38 39 40 41 42 43 44 45 46 47 48 49 50 51 52 53 54 55 56 57 58 59 60 61 62 63 64 65 66 67 68 69 70 71 72 73 74 75 76 77 78 79 80 81 82 83 84 85 86 87 88 89 90 91 92 93 94 95 96 97 98 99 100 101 102 103 104 105 106 107 108 109 110 111 112 113 114 115 116 117 118 119 120 121 122 123 124 125 126 127 128 129 130 131